sctp_input.c (168124) | sctp_input.c (168299) |
---|---|
1/*- 2 * Copyright (c) 2001-2007, Cisco Systems, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * a) Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. --- 17 unchanged lines hidden (view full) --- 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 28 * THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31/* $KAME: sctp_input.c,v 1.27 2005/03/06 16:04:17 itojun Exp $ */ 32 33#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2001-2007, Cisco Systems, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * a) Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. --- 17 unchanged lines hidden (view full) --- 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 28 * THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31/* $KAME: sctp_input.c,v 1.27 2005/03/06 16:04:17 itojun Exp $ */ 32 33#include <sys/cdefs.h> |
34__FBSDID("$FreeBSD: head/sys/netinet/sctp_input.c 168124 2007-03-31 11:47:30Z rrs $"); | 34__FBSDID("$FreeBSD: head/sys/netinet/sctp_input.c 168299 2007-04-03 11:15:32Z rrs $"); |
35 36#include <netinet/sctp_os.h> 37#include <netinet/sctp_var.h> 38#include <netinet/sctp_sysctl.h> 39#include <netinet/sctp_pcb.h> 40#include <netinet/sctp_header.h> 41#include <netinet/sctputil.h> 42#include <netinet/sctp_output.h> --- 30 unchanged lines hidden (view full) --- 73 } 74 } 75} 76 77/* INIT handler */ 78static void 79sctp_handle_init(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh, 80 struct sctp_init_chunk *cp, struct sctp_inpcb *inp, struct sctp_tcb *stcb, | 35 36#include <netinet/sctp_os.h> 37#include <netinet/sctp_var.h> 38#include <netinet/sctp_sysctl.h> 39#include <netinet/sctp_pcb.h> 40#include <netinet/sctp_header.h> 41#include <netinet/sctputil.h> 42#include <netinet/sctp_output.h> --- 30 unchanged lines hidden (view full) --- 73 } 74 } 75} 76 77/* INIT handler */ 78static void 79sctp_handle_init(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh, 80 struct sctp_init_chunk *cp, struct sctp_inpcb *inp, struct sctp_tcb *stcb, |
81 struct sctp_nets *net) | 81 struct sctp_nets *net, int *abort_no_unlock) |
82{ 83 struct sctp_init *init; 84 struct mbuf *op_err; 85 uint32_t init_limit; 86 87#ifdef SCTP_DEBUG 88 if (sctp_debug_on & SCTP_DEBUG_INPUT2) { 89 printf("sctp_handle_init: handling INIT tcb:%p\n", stcb); --- 8 unchanged lines hidden (view full) --- 98 printf("sctp_handle_init: Abort, so_qlimit:%d\n", inp->sctp_socket->so_qlimit); 99 } 100#endif 101 /* 102 * FIX ME ?? What about TCP model and we have a 103 * match/restart case? 104 */ 105 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err); | 82{ 83 struct sctp_init *init; 84 struct mbuf *op_err; 85 uint32_t init_limit; 86 87#ifdef SCTP_DEBUG 88 if (sctp_debug_on & SCTP_DEBUG_INPUT2) { 89 printf("sctp_handle_init: handling INIT tcb:%p\n", stcb); --- 8 unchanged lines hidden (view full) --- 98 printf("sctp_handle_init: Abort, so_qlimit:%d\n", inp->sctp_socket->so_qlimit); 99 } 100#endif 101 /* 102 * FIX ME ?? What about TCP model and we have a 103 * match/restart case? 104 */ 105 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err); |
106 if (stcb) 107 *abort_no_unlock = 1; |
|
106 return; 107 } 108 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) { 109 /* Invalid length */ 110 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 111 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err); | 108 return; 109 } 110 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) { 111 /* Invalid length */ 112 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 113 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err); |
114 if (stcb) 115 *abort_no_unlock = 1; |
|
112 return; 113 } 114 /* validate parameters */ 115 if (init->initiate_tag == 0) { 116 /* protocol error... send abort */ 117 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 118 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err); | 116 return; 117 } 118 /* validate parameters */ 119 if (init->initiate_tag == 0) { 120 /* protocol error... send abort */ 121 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 122 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err); |
123 if (stcb) 124 *abort_no_unlock = 1; |
|
119 return; 120 } 121 if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) { 122 /* invalid parameter... send abort */ 123 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 124 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err); 125 return; 126 } 127 if (init->num_inbound_streams == 0) { 128 /* protocol error... send abort */ 129 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 130 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err); | 125 return; 126 } 127 if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) { 128 /* invalid parameter... send abort */ 129 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 130 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err); 131 return; 132 } 133 if (init->num_inbound_streams == 0) { 134 /* protocol error... send abort */ 135 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 136 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err); |
137 if (stcb) 138 *abort_no_unlock = 1; |
|
131 return; 132 } 133 if (init->num_outbound_streams == 0) { 134 /* protocol error... send abort */ 135 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 136 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err); | 139 return; 140 } 141 if (init->num_outbound_streams == 0) { 142 /* protocol error... send abort */ 143 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 144 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err); |
145 if (stcb) 146 *abort_no_unlock = 1; |
|
137 return; 138 } 139 init_limit = offset + ntohs(cp->ch.chunk_length); 140 if (sctp_validate_init_auth_params(m, offset + sizeof(*cp), 141 init_limit)) { 142 /* auth parameter(s) error... send abort */ 143 sctp_abort_association(inp, stcb, m, iphlen, sh, NULL); | 147 return; 148 } 149 init_limit = offset + ntohs(cp->ch.chunk_length); 150 if (sctp_validate_init_auth_params(m, offset + sizeof(*cp), 151 init_limit)) { 152 /* auth parameter(s) error... send abort */ 153 sctp_abort_association(inp, stcb, m, iphlen, sh, NULL); |
154 if (stcb) 155 *abort_no_unlock = 1; |
|
144 return; 145 } 146 /* send an INIT-ACK w/cookie */ 147#ifdef SCTP_DEBUG 148 if (sctp_debug_on & SCTP_DEBUG_INPUT3) { 149 printf("sctp_handle_init: sending INIT-ACK\n"); 150 } 151#endif --- 144 unchanged lines hidden (view full) --- 296} 297 298/* 299 * INIT-ACK message processing/consumption returns value < 0 on error 300 */ 301static int 302sctp_process_init_ack(struct mbuf *m, int iphlen, int offset, 303 struct sctphdr *sh, struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb, | 156 return; 157 } 158 /* send an INIT-ACK w/cookie */ 159#ifdef SCTP_DEBUG 160 if (sctp_debug_on & SCTP_DEBUG_INPUT3) { 161 printf("sctp_handle_init: sending INIT-ACK\n"); 162 } 163#endif --- 144 unchanged lines hidden (view full) --- 308} 309 310/* 311 * INIT-ACK message processing/consumption returns value < 0 on error 312 */ 313static int 314sctp_process_init_ack(struct mbuf *m, int iphlen, int offset, 315 struct sctphdr *sh, struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb, |
304 struct sctp_nets *net) | 316 struct sctp_nets *net, int *abort_no_unlock) |
305{ 306 struct sctp_association *asoc; 307 struct mbuf *op_err; 308 int retval, abort_flag; 309 uint32_t initack_limit; 310 311 /* First verify that we have no illegal param's */ 312 abort_flag = 0; --- 12 unchanged lines hidden (view full) --- 325 * abort). 326 */ 327 sctp_abort_notification(stcb, 0); 328 /* 329 * No sense in further INIT's since we will get the 330 * same param back 331 */ 332 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3); | 317{ 318 struct sctp_association *asoc; 319 struct mbuf *op_err; 320 int retval, abort_flag; 321 uint32_t initack_limit; 322 323 /* First verify that we have no illegal param's */ 324 abort_flag = 0; --- 12 unchanged lines hidden (view full) --- 337 * abort). 338 */ 339 sctp_abort_notification(stcb, 0); 340 /* 341 * No sense in further INIT's since we will get the 342 * same param back 343 */ 344 sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3); |
345 *abort_no_unlock = 1; |
|
333 } 334 return (-1); 335 } 336 asoc = &stcb->asoc; 337 /* process the peer's parameters in the INIT-ACK */ 338 retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb, net); 339 if (retval < 0) { 340 return (retval); --- 6 unchanged lines hidden (view full) --- 347 /* Huh, we should abort */ 348#ifdef SCTP_DEBUG 349 if (sctp_debug_on & SCTP_DEBUG_INPUT1) { 350 printf("Load addresses from INIT causes an abort %d\n", retval); 351 } 352#endif 353 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 354 NULL); | 346 } 347 return (-1); 348 } 349 asoc = &stcb->asoc; 350 /* process the peer's parameters in the INIT-ACK */ 351 retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb, net); 352 if (retval < 0) { 353 return (retval); --- 6 unchanged lines hidden (view full) --- 360 /* Huh, we should abort */ 361#ifdef SCTP_DEBUG 362 if (sctp_debug_on & SCTP_DEBUG_INPUT1) { 363 printf("Load addresses from INIT causes an abort %d\n", retval); 364 } 365#endif 366 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 367 NULL); |
368 *abort_no_unlock = 1; |
|
355 return (-1); 356 } 357 stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs, 358 stcb->asoc.local_hmacs); 359 if (op_err) { 360 sctp_queue_op_err(stcb, op_err); 361 /* queuing will steal away the mbuf chain to the out queue */ 362 op_err = NULL; --- 42 unchanged lines hidden (view full) --- 405 mp->length = 406 htons(sizeof(struct sctp_inv_mandatory_param) - 2); 407 mp->num_param = htonl(1); 408 mp->param = htons(SCTP_STATE_COOKIE); 409 mp->resv = 0; 410 } 411 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, 412 sh, op_err); | 369 return (-1); 370 } 371 stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs, 372 stcb->asoc.local_hmacs); 373 if (op_err) { 374 sctp_queue_op_err(stcb, op_err); 375 /* queuing will steal away the mbuf chain to the out queue */ 376 op_err = NULL; --- 42 unchanged lines hidden (view full) --- 419 mp->length = 420 htons(sizeof(struct sctp_inv_mandatory_param) - 2); 421 mp->num_param = htonl(1); 422 mp->param = htons(SCTP_STATE_COOKIE); 423 mp->resv = 0; 424 } 425 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, 426 sh, op_err); |
427 *abort_no_unlock = 1; |
|
413 } 414 return (retval); 415 } 416 return (0); 417} 418 419static void 420sctp_handle_heartbeat_ack(struct sctp_heartbeat_chunk *cp, --- 484 unchanged lines hidden (view full) --- 905 phdr = (struct sctp_paramhdr *)((caddr_t)phdr + adjust); 906 } 907 return (0); 908} 909 910static int 911sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh, 912 struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb, | 428 } 429 return (retval); 430 } 431 return (0); 432} 433 434static void 435sctp_handle_heartbeat_ack(struct sctp_heartbeat_chunk *cp, --- 484 unchanged lines hidden (view full) --- 920 phdr = (struct sctp_paramhdr *)((caddr_t)phdr + adjust); 921 } 922 return (0); 923} 924 925static int 926sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, struct sctphdr *sh, 927 struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb, |
913 struct sctp_nets *net) | 928 struct sctp_nets *net, int *abort_no_unlock) |
914{ 915 struct sctp_init_ack *init_ack; 916 int *state; 917 struct mbuf *op_err; 918 919#ifdef SCTP_DEBUG 920 if (sctp_debug_on & SCTP_DEBUG_INPUT2) { 921 printf("sctp_handle_init_ack: handling INIT-ACK\n"); --- 7 unchanged lines hidden (view full) --- 929#endif 930 return (-1); 931 } 932 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) { 933 /* Invalid length */ 934 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 935 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 936 op_err); | 929{ 930 struct sctp_init_ack *init_ack; 931 int *state; 932 struct mbuf *op_err; 933 934#ifdef SCTP_DEBUG 935 if (sctp_debug_on & SCTP_DEBUG_INPUT2) { 936 printf("sctp_handle_init_ack: handling INIT-ACK\n"); --- 7 unchanged lines hidden (view full) --- 944#endif 945 return (-1); 946 } 947 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) { 948 /* Invalid length */ 949 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 950 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 951 op_err); |
952 *abort_no_unlock = 1; |
|
937 return (-1); 938 } 939 init_ack = &cp->init; 940 /* validate parameters */ 941 if (init_ack->initiate_tag == 0) { 942 /* protocol error... send an abort */ 943 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 944 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 945 op_err); | 953 return (-1); 954 } 955 init_ack = &cp->init; 956 /* validate parameters */ 957 if (init_ack->initiate_tag == 0) { 958 /* protocol error... send an abort */ 959 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 960 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 961 op_err); |
962 *abort_no_unlock = 1; |
|
946 return (-1); 947 } 948 if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) { 949 /* protocol error... send an abort */ 950 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 951 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 952 op_err); | 963 return (-1); 964 } 965 if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) { 966 /* protocol error... send an abort */ 967 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 968 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 969 op_err); |
970 *abort_no_unlock = 1; |
|
953 return (-1); 954 } 955 if (init_ack->num_inbound_streams == 0) { 956 /* protocol error... send an abort */ 957 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 958 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 959 op_err); | 971 return (-1); 972 } 973 if (init_ack->num_inbound_streams == 0) { 974 /* protocol error... send an abort */ 975 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 976 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 977 op_err); |
978 *abort_no_unlock = 1; |
|
960 return (-1); 961 } 962 if (init_ack->num_outbound_streams == 0) { 963 /* protocol error... send an abort */ 964 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 965 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 966 op_err); | 979 return (-1); 980 } 981 if (init_ack->num_outbound_streams == 0) { 982 /* protocol error... send an abort */ 983 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 984 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 985 op_err); |
986 *abort_no_unlock = 1; |
|
967 return (-1); 968 } 969 /* process according to association state... */ 970 state = &stcb->asoc.state; 971 switch (*state & SCTP_STATE_MASK) { 972 case SCTP_STATE_COOKIE_WAIT: 973 /* this is the expected state for this chunk */ 974 /* process the INIT-ACK parameters */ --- 5 unchanged lines hidden (view full) --- 980 * returned. Do this before we load addresses 981 * though. 982 */ 983 stcb->asoc.primary_destination->dest_state &= 984 ~SCTP_ADDR_UNCONFIRMED; 985 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, 986 stcb, 0, (void *)stcb->asoc.primary_destination); 987 } | 987 return (-1); 988 } 989 /* process according to association state... */ 990 state = &stcb->asoc.state; 991 switch (*state & SCTP_STATE_MASK) { 992 case SCTP_STATE_COOKIE_WAIT: 993 /* this is the expected state for this chunk */ 994 /* process the INIT-ACK parameters */ --- 5 unchanged lines hidden (view full) --- 1000 * returned. Do this before we load addresses 1001 * though. 1002 */ 1003 stcb->asoc.primary_destination->dest_state &= 1004 ~SCTP_ADDR_UNCONFIRMED; 1005 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, 1006 stcb, 0, (void *)stcb->asoc.primary_destination); 1007 } |
988 if (sctp_process_init_ack(m, iphlen, offset, sh, cp, stcb, net 989 ) < 0) { | 1008 if (sctp_process_init_ack(m, iphlen, offset, sh, cp, stcb, net, 1009 abort_no_unlock) < 0) { |
990 /* error in parsing parameters */ 991 return (-1); 992 } 993 /* update our state */ 994#ifdef SCTP_DEBUG 995 if (sctp_debug_on & SCTP_DEBUG_INPUT2) { 996 printf("moving to COOKIE-ECHOED state\n"); 997 } --- 533 unchanged lines hidden (view full) --- 1531 struct sctp_tcb *stcb; 1532 struct sctp_init_chunk *init_cp, init_buf; 1533 struct sctp_init_ack_chunk *initack_cp, initack_buf; 1534 struct sockaddr_storage sa_store; 1535 struct sockaddr *initack_src = (struct sockaddr *)&sa_store; 1536 struct sockaddr_in *sin; 1537 struct sockaddr_in6 *sin6; 1538 struct sctp_association *asoc; | 1010 /* error in parsing parameters */ 1011 return (-1); 1012 } 1013 /* update our state */ 1014#ifdef SCTP_DEBUG 1015 if (sctp_debug_on & SCTP_DEBUG_INPUT2) { 1016 printf("moving to COOKIE-ECHOED state\n"); 1017 } --- 533 unchanged lines hidden (view full) --- 1551 struct sctp_tcb *stcb; 1552 struct sctp_init_chunk *init_cp, init_buf; 1553 struct sctp_init_ack_chunk *initack_cp, initack_buf; 1554 struct sockaddr_storage sa_store; 1555 struct sockaddr *initack_src = (struct sockaddr *)&sa_store; 1556 struct sockaddr_in *sin; 1557 struct sockaddr_in6 *sin6; 1558 struct sctp_association *asoc; |
1539 uint32_t vrf; | 1559 uint32_t vrf_id; |
1540 int chk_length; 1541 int init_offset, initack_offset, initack_limit; 1542 int retval; 1543 int error = 0; 1544 uint32_t old_tag; 1545 uint8_t auth_chunk_buf[SCTP_PARAM_BUFFER_SIZE]; 1546 | 1560 int chk_length; 1561 int init_offset, initack_offset, initack_limit; 1562 int retval; 1563 int error = 0; 1564 uint32_t old_tag; 1565 uint8_t auth_chunk_buf[SCTP_PARAM_BUFFER_SIZE]; 1566 |
1547 vrf = SCTP_DEFAULT_VRFID; | 1567 vrf_id = inp->def_vrf_id; |
1548 1549 /* 1550 * find and validate the INIT chunk in the cookie (peer's info) the 1551 * INIT should start after the cookie-echo header struct (chunk 1552 * header, state cookie header struct) 1553 */ 1554 init_offset = offset + sizeof(struct sctp_cookie_echo_chunk); 1555 init_cp = (struct sctp_init_chunk *) --- 46 unchanged lines hidden (view full) --- 1602 */ 1603 initack_limit = offset + cookie_len; 1604 1605 /* 1606 * now that we know the INIT/INIT-ACK are in place, create a new TCB 1607 * and popluate 1608 */ 1609 stcb = sctp_aloc_assoc(inp, init_src, 0, &error, | 1568 1569 /* 1570 * find and validate the INIT chunk in the cookie (peer's info) the 1571 * INIT should start after the cookie-echo header struct (chunk 1572 * header, state cookie header struct) 1573 */ 1574 init_offset = offset + sizeof(struct sctp_cookie_echo_chunk); 1575 init_cp = (struct sctp_init_chunk *) --- 46 unchanged lines hidden (view full) --- 1622 */ 1623 initack_limit = offset + cookie_len; 1624 1625 /* 1626 * now that we know the INIT/INIT-ACK are in place, create a new TCB 1627 * and popluate 1628 */ 1629 stcb = sctp_aloc_assoc(inp, init_src, 0, &error, |
1610 ntohl(initack_cp->init.initiate_tag), vrf); | 1630 ntohl(initack_cp->init.initiate_tag), vrf_id); |
1611 if (stcb == NULL) { 1612 struct mbuf *op_err; 1613 1614 /* memory problem? */ 1615#ifdef SCTP_DEBUG 1616 if (sctp_debug_on & SCTP_DEBUG_INPUT1) { 1617 printf("process_cookie_new: no room for another TCB!\n"); 1618 } --- 1903 unchanged lines hidden (view full) --- 3522 struct sctphdr *sh, struct sctp_chunkhdr *ch, struct sctp_inpcb *inp, 3523 struct sctp_tcb *stcb, struct sctp_nets **netp, int *fwd_tsn_seen) 3524{ 3525 struct sctp_association *asoc; 3526 uint32_t vtag_in; 3527 int num_chunks = 0; /* number of control chunks processed */ 3528 int chk_length; 3529 int ret; | 1631 if (stcb == NULL) { 1632 struct mbuf *op_err; 1633 1634 /* memory problem? */ 1635#ifdef SCTP_DEBUG 1636 if (sctp_debug_on & SCTP_DEBUG_INPUT1) { 1637 printf("process_cookie_new: no room for another TCB!\n"); 1638 } --- 1903 unchanged lines hidden (view full) --- 3542 struct sctphdr *sh, struct sctp_chunkhdr *ch, struct sctp_inpcb *inp, 3543 struct sctp_tcb *stcb, struct sctp_nets **netp, int *fwd_tsn_seen) 3544{ 3545 struct sctp_association *asoc; 3546 uint32_t vtag_in; 3547 int num_chunks = 0; /* number of control chunks processed */ 3548 int chk_length; 3549 int ret; |
3550 int abort_no_unlock = 0; |
|
3530 3531 /* 3532 * How big should this be, and should it be alloc'd? Lets try the 3533 * d-mtu-ceiling for now (2k) and that should hopefully work ... 3534 * until we get into jumbo grams and such.. 3535 */ 3536 uint8_t chunk_buf[SCTP_CHUNK_BUFFER_SIZE]; 3537 struct sctp_tcb *locked_tcb = stcb; --- 286 unchanged lines hidden (view full) --- 3824 stcb->asoc.primary_destination); 3825 *offset = length; 3826 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC); 3827 if (locked_tcb) 3828 SCTP_TCB_UNLOCK(locked_tcb); 3829 return (NULL); 3830 } 3831 sctp_handle_init(m, iphlen, *offset, sh, | 3551 3552 /* 3553 * How big should this be, and should it be alloc'd? Lets try the 3554 * d-mtu-ceiling for now (2k) and that should hopefully work ... 3555 * until we get into jumbo grams and such.. 3556 */ 3557 uint8_t chunk_buf[SCTP_CHUNK_BUFFER_SIZE]; 3558 struct sctp_tcb *locked_tcb = stcb; --- 286 unchanged lines hidden (view full) --- 3845 stcb->asoc.primary_destination); 3846 *offset = length; 3847 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC); 3848 if (locked_tcb) 3849 SCTP_TCB_UNLOCK(locked_tcb); 3850 return (NULL); 3851 } 3852 sctp_handle_init(m, iphlen, *offset, sh, |
3832 (struct sctp_init_chunk *)ch, inp, stcb, *netp); | 3853 (struct sctp_init_chunk *)ch, inp, stcb, *netp, &abort_no_unlock); 3854 if (abort_no_unlock) 3855 return (NULL); 3856 |
3833 *offset = length; 3834 if (locked_tcb) 3835 SCTP_TCB_UNLOCK(locked_tcb); 3836 return (NULL); 3837 break; 3838 case SCTP_INITIATION_ACK: 3839 /* must be first and only chunk */ 3840#ifdef SCTP_DEBUG --- 18 unchanged lines hidden (view full) --- 3859 if ((num_chunks > 1) || 3860 (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) { 3861 *offset = length; 3862 if (locked_tcb) 3863 SCTP_TCB_UNLOCK(locked_tcb); 3864 return (NULL); 3865 } 3866 ret = sctp_handle_init_ack(m, iphlen, *offset, sh, | 3857 *offset = length; 3858 if (locked_tcb) 3859 SCTP_TCB_UNLOCK(locked_tcb); 3860 return (NULL); 3861 break; 3862 case SCTP_INITIATION_ACK: 3863 /* must be first and only chunk */ 3864#ifdef SCTP_DEBUG --- 18 unchanged lines hidden (view full) --- 3883 if ((num_chunks > 1) || 3884 (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) { 3885 *offset = length; 3886 if (locked_tcb) 3887 SCTP_TCB_UNLOCK(locked_tcb); 3888 return (NULL); 3889 } 3890 ret = sctp_handle_init_ack(m, iphlen, *offset, sh, |
3867 (struct sctp_init_ack_chunk *)ch, stcb, *netp); | 3891 (struct sctp_init_ack_chunk *)ch, stcb, *netp, &abort_no_unlock); |
3868 /* 3869 * Special case, I must call the output routine to 3870 * get the cookie echoed 3871 */ | 3892 /* 3893 * Special case, I must call the output routine to 3894 * get the cookie echoed 3895 */ |
3896 if (abort_no_unlock) 3897 return (NULL); 3898 |
|
3872 if ((stcb) && ret == 0) 3873 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC); 3874 *offset = length; 3875 if (locked_tcb) 3876 SCTP_TCB_UNLOCK(locked_tcb); 3877 return (NULL); 3878 break; 3879 case SCTP_SELECTIVE_ACK: --- 798 unchanged lines hidden (view full) --- 4678 4679{ 4680#ifdef SCTP_MBUF_LOGGING 4681 struct mbuf *mat; 4682 4683#endif 4684 struct mbuf *m; 4685 int iphlen; | 3899 if ((stcb) && ret == 0) 3900 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC); 3901 *offset = length; 3902 if (locked_tcb) 3903 SCTP_TCB_UNLOCK(locked_tcb); 3904 return (NULL); 3905 break; 3906 case SCTP_SELECTIVE_ACK: --- 798 unchanged lines hidden (view full) --- 4705 4706{ 4707#ifdef SCTP_MBUF_LOGGING 4708 struct mbuf *mat; 4709 4710#endif 4711 struct mbuf *m; 4712 int iphlen; |
4713 uint32_t vrf_id; |
|
4686 uint8_t ecn_bits; 4687 struct ip *ip; 4688 struct sctphdr *sh; 4689 struct sctp_inpcb *inp = NULL; 4690 4691 uint32_t check, calc_check; 4692 struct sctp_nets *net; 4693 struct sctp_tcb *stcb = NULL; 4694 struct sctp_chunkhdr *ch; 4695 int refcount_up = 0; 4696 int length, mlen, offset; 4697 | 4714 uint8_t ecn_bits; 4715 struct ip *ip; 4716 struct sctphdr *sh; 4717 struct sctp_inpcb *inp = NULL; 4718 4719 uint32_t check, calc_check; 4720 struct sctp_nets *net; 4721 struct sctp_tcb *stcb = NULL; 4722 struct sctp_chunkhdr *ch; 4723 int refcount_up = 0; 4724 int length, mlen, offset; 4725 |
4698 | 4726 vrf_id = SCTP_DEFAULT_VRFID; 4727 mlen = SCTP_HEADER_LEN(i_pak); |
4699 iphlen = off; 4700 m = SCTP_HEADER_TO_CHAIN(i_pak); 4701 net = NULL; 4702 SCTP_STAT_INCR(sctps_recvpackets); 4703 SCTP_STAT_INCR_COUNTER64(sctps_inpackets); 4704 4705#ifdef SCTP_MBUF_LOGGING 4706 /* Log in any input mbufs */ --- 55 unchanged lines hidden (view full) --- 4762 if (sctp_debug_on & SCTP_DEBUG_INPUT1) { 4763 printf("Bad CSUM on SCTP packet calc_check:%x check:%x m:%p mlen:%d iphlen:%d\n", 4764 calc_check, check, m, mlen, iphlen); 4765 } 4766#endif 4767 4768 stcb = sctp_findassociation_addr(m, iphlen, 4769 offset - sizeof(*ch), | 4728 iphlen = off; 4729 m = SCTP_HEADER_TO_CHAIN(i_pak); 4730 net = NULL; 4731 SCTP_STAT_INCR(sctps_recvpackets); 4732 SCTP_STAT_INCR_COUNTER64(sctps_inpackets); 4733 4734#ifdef SCTP_MBUF_LOGGING 4735 /* Log in any input mbufs */ --- 55 unchanged lines hidden (view full) --- 4791 if (sctp_debug_on & SCTP_DEBUG_INPUT1) { 4792 printf("Bad CSUM on SCTP packet calc_check:%x check:%x m:%p mlen:%d iphlen:%d\n", 4793 calc_check, check, m, mlen, iphlen); 4794 } 4795#endif 4796 4797 stcb = sctp_findassociation_addr(m, iphlen, 4798 offset - sizeof(*ch), |
4770 sh, ch, &inp, &net); | 4799 sh, ch, &inp, &net, vrf_id); |
4771 if ((inp) && (stcb)) { 4772 sctp_send_packet_dropped(stcb, net, m, iphlen, 1); 4773 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR); 4774 } else if ((inp != NULL) && (stcb == NULL)) { 4775 refcount_up = 1; 4776 } 4777 SCTP_STAT_INCR(sctps_badsum); 4778 SCTP_STAT_INCR_COUNTER32(sctps_checksumerrors); 4779 goto bad; 4780 } 4781 sh->checksum = calc_check; | 4800 if ((inp) && (stcb)) { 4801 sctp_send_packet_dropped(stcb, net, m, iphlen, 1); 4802 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR); 4803 } else if ((inp != NULL) && (stcb == NULL)) { 4804 refcount_up = 1; 4805 } 4806 SCTP_STAT_INCR(sctps_badsum); 4807 SCTP_STAT_INCR_COUNTER32(sctps_checksumerrors); 4808 goto bad; 4809 } 4810 sh->checksum = calc_check; |
4782 } else { 4783sctp_skip_csum_4: 4784 mlen = SCTP_HEADER_LEN(m); | |
4785 } | 4811 } |
4786 | 4812sctp_skip_csum_4: |
4787 /* destination port of 0 is illegal, based on RFC2960. */ 4788 if (sh->dest_port == 0) { 4789 SCTP_STAT_INCR(sctps_hdrops); 4790 goto bad; 4791 } 4792 /* validate mbuf chain length with IP payload length */ 4793 if (mlen < (ip->ip_len - iphlen)) { 4794 SCTP_STAT_INCR(sctps_hdrops); 4795 goto bad; 4796 } 4797 /* 4798 * Locate pcb and tcb for datagram sctp_findassociation_addr() wants 4799 * IP/SCTP/first chunk header... 4800 */ 4801 stcb = sctp_findassociation_addr(m, iphlen, offset - sizeof(*ch), | 4813 /* destination port of 0 is illegal, based on RFC2960. */ 4814 if (sh->dest_port == 0) { 4815 SCTP_STAT_INCR(sctps_hdrops); 4816 goto bad; 4817 } 4818 /* validate mbuf chain length with IP payload length */ 4819 if (mlen < (ip->ip_len - iphlen)) { 4820 SCTP_STAT_INCR(sctps_hdrops); 4821 goto bad; 4822 } 4823 /* 4824 * Locate pcb and tcb for datagram sctp_findassociation_addr() wants 4825 * IP/SCTP/first chunk header... 4826 */ 4827 stcb = sctp_findassociation_addr(m, iphlen, offset - sizeof(*ch), |
4802 sh, ch, &inp, &net); | 4828 sh, ch, &inp, &net, vrf_id); |
4803 /* inp's ref-count increased && stcb locked */ 4804 if (inp == NULL) { 4805 struct sctp_init_chunk *init_chk, chunk_buf; 4806 4807 SCTP_STAT_INCR(sctps_noport); 4808#ifdef ICMP_BANDLIM 4809 /* 4810 * we use the bandwidth limiting to protect against sending --- 87 unchanged lines hidden --- | 4829 /* inp's ref-count increased && stcb locked */ 4830 if (inp == NULL) { 4831 struct sctp_init_chunk *init_chk, chunk_buf; 4832 4833 SCTP_STAT_INCR(sctps_noport); 4834#ifdef ICMP_BANDLIM 4835 /* 4836 * we use the bandwidth limiting to protect against sending --- 87 unchanged lines hidden --- |