Cross Reference: /freebsd-10.3-release/sys/netinet/sctp

Deleted Added

sdiff udiff text old ( 236956 ) new ( 237049 )

full compact

sctp_input.c (236956)	sctp_input.c (237049)
1/- 2 Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * --- 17 unchanged lines hidden (view full) --- 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 30 * THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33#include <sys/cdefs.h>	1/- 2 Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * --- 17 unchanged lines hidden (view full) --- 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 30 * THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33#include <sys/cdefs.h>
34__FBSDID("$FreeBSD: head/sys/netinet/sctp_input.c 236956 2012-06-12 13:15:27Z tuexen $");	34__FBSDID("$FreeBSD: head/sys/netinet/sctp_input.c 237049 2012-06-14 06:54:48Z tuexen $");
35 36#include <netinet/sctp_os.h> 37#include <netinet/sctp_var.h> 38#include <netinet/sctp_sysctl.h> 39#include <netinet/sctp_pcb.h> 40#include <netinet/sctp_header.h> 41#include <netinet/sctputil.h> 42#include <netinet/sctp_output.h> --- 33 unchanged lines hidden (view full) --- 76 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_2); 77 } 78 } 79} 80 81/* INIT handler / 82static void 83sctp_handle_init(struct mbuf m, int iphlen, int offset, struct sctphdr *sh,	35 36#include <netinet/sctp_os.h> 37#include <netinet/sctp_var.h> 38#include <netinet/sctp_sysctl.h> 39#include <netinet/sctp_pcb.h> 40#include <netinet/sctp_header.h> 41#include <netinet/sctputil.h> 42#include <netinet/sctp_output.h> --- 33 unchanged lines hidden (view full) --- 76 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_2); 77 } 78 } 79} 80 81/* INIT handler / 82static void 83sctp_handle_init(struct mbuf m, int iphlen, int offset, struct sctphdr *sh,
84 struct sctp_init_chunk cp, struct sctp_inpcb inp, struct sctp_tcb stcb, 85 int abort_no_unlock, uint32_t vrf_id, uint16_t port)	84 struct sctp_init_chunk cp, struct sctp_inpcb inp, 85 struct sctp_tcb stcb, int abort_no_unlock, 86 uint8_t use_mflowid, uint32_t mflowid, 87 uint32_t vrf_id, uint16_t port)
86{ 87 struct sctp_init init; 88 struct mbuf op_err; 89 90 SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_init: handling INIT tcb:%p\n", 91 stcb); 92 if (stcb == NULL) { 93 SCTP_INP_RLOCK(inp); 94 } 95 /* validate length */ 96 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) { 97 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 98 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,	88{ 89 struct sctp_init init; 90 struct mbuf op_err; 91 92 SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_init: handling INIT tcb:%p\n", 93 stcb); 94 if (stcb == NULL) { 95 SCTP_INP_RLOCK(inp); 96 } 97 /* validate length / 98 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) { 99 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 100* sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
	101 use_mflowid, mflowid,
99 vrf_id, port); 100 if (stcb) 101 abort_no_unlock = 1; 102* goto outnow; 103 } 104 /* validate parameters / 105* init = &cp->init; 106 if (init->initiate_tag == 0) { 107 /* protocol error... send abort / 108* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 109 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,	102 vrf_id, port); 103 if (stcb) 104 abort_no_unlock = 1; 105* goto outnow; 106 } 107 /* validate parameters / 108* init = &cp->init; 109 if (init->initiate_tag == 0) { 110 /* protocol error... send abort / 111* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 112 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
	113 use_mflowid, mflowid,
110 vrf_id, port); 111 if (stcb) 112 abort_no_unlock = 1; 113* goto outnow; 114 } 115 if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) { 116 /* invalid parameter... send abort / 117* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 118 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,	114 vrf_id, port); 115 if (stcb) 116 abort_no_unlock = 1; 117* goto outnow; 118 } 119 if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) { 120 /* invalid parameter... send abort / 121* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 122 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
	123 use_mflowid, mflowid,
119 vrf_id, port); 120 if (stcb) 121 abort_no_unlock = 1; 122* goto outnow; 123 } 124 if (init->num_inbound_streams == 0) { 125 /* protocol error... send abort / 126* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 127 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,	124 vrf_id, port); 125 if (stcb) 126 abort_no_unlock = 1; 127* goto outnow; 128 } 129 if (init->num_inbound_streams == 0) { 130 /* protocol error... send abort / 131* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 132 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
	133 use_mflowid, mflowid,
128 vrf_id, port); 129 if (stcb) 130 abort_no_unlock = 1; 131* goto outnow; 132 } 133 if (init->num_outbound_streams == 0) { 134 /* protocol error... send abort / 135* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 136 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,	134 vrf_id, port); 135 if (stcb) 136 abort_no_unlock = 1; 137* goto outnow; 138 } 139 if (init->num_outbound_streams == 0) { 140 /* protocol error... send abort / 141* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 142 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
	143 use_mflowid, mflowid,
137 vrf_id, port); 138 if (stcb) 139 abort_no_unlock = 1; 140* goto outnow; 141 } 142 if (sctp_validate_init_auth_params(m, offset + sizeof(cp), 143* offset + ntohs(cp->ch.chunk_length))) { 144 /* auth parameter(s) error... send abort */	144 vrf_id, port); 145 if (stcb) 146 abort_no_unlock = 1; 147* goto outnow; 148 } 149 if (sctp_validate_init_auth_params(m, offset + sizeof(cp), 150* offset + ntohs(cp->ch.chunk_length))) { 151 /* auth parameter(s) error... send abort */
145 sctp_abort_association(inp, stcb, m, iphlen, sh, NULL, vrf_id, port);	152 sctp_abort_association(inp, stcb, m, iphlen, sh, NULL, 153 use_mflowid, mflowid, 154 vrf_id, port);
146 if (stcb) 147 abort_no_unlock = 1; 148* goto outnow; 149 } 150 /* 151 * We are only accepting if we have a socket with positive 152 * so_qlimit. 153 / --- 10 unchanged lines hidden* (view full) --- 164 * just send back the INIT-ACK and hope that the app did 165 * accept()'s by the time the COOKIE was sent. But there is 166 * a price to pay for COOKIE generation and I don't want to 167 * pay it on the chance that the app will actually do some 168 * accepts(). The App just looses and should NOT be in this 169 * state :-) 170 / 171* if (SCTP_BASE_SYSCTL(sctp_blackhole) == 0) {	155 if (stcb) 156 abort_no_unlock = 1; 157* goto outnow; 158 } 159 /* 160 * We are only accepting if we have a socket with positive 161 * so_qlimit. 162 / --- 10 unchanged lines hidden* (view full) --- 173 * just send back the INIT-ACK and hope that the app did 174 * accept()'s by the time the COOKIE was sent. But there is 175 * a price to pay for COOKIE generation and I don't want to 176 * pay it on the chance that the app will actually do some 177 * accepts(). The App just looses and should NOT be in this 178 * state :-) 179 / 180* if (SCTP_BASE_SYSCTL(sctp_blackhole) == 0) {
172 sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);	181 sctp_send_abort(m, iphlen, sh, 0, NULL, 182 use_mflowid, mflowid, 183 vrf_id, port);
173 } 174 goto outnow; 175 } 176 if ((stcb != NULL) && 177 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT)) { 178 SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending SHUTDOWN-ACK\n"); 179 sctp_send_shutdown_ack(stcb, NULL); 180 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED); 181 } else { 182 SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending INIT-ACK\n");	184 } 185 goto outnow; 186 } 187 if ((stcb != NULL) && 188 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT)) { 189 SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending SHUTDOWN-ACK\n"); 190 sctp_send_shutdown_ack(stcb, NULL); 191 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED); 192 } else { 193 SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending INIT-ACK\n");
183 sctp_send_initiate_ack(inp, stcb, m, iphlen, offset, sh, cp, vrf_id, port,	194 sctp_send_initiate_ack(inp, stcb, m, iphlen, offset, sh, cp, 195 use_mflowid, mflowid, 196 vrf_id, port,
184 ((stcb == NULL) ? SCTP_HOLDS_LOCK : SCTP_NOT_LOCKED)); 185 } 186outnow: 187 if (stcb == NULL) { 188 SCTP_INP_RUNLOCK(inp); 189 } 190} 191 --- 209 unchanged lines hidden (view full) --- 401 /* sa_ignore MEMLEAK / 402* return (0); 403} 404 405/* 406 * INIT-ACK message processing/consumption returns value < 0 on error 407 / 408*static int	197 ((stcb == NULL) ? SCTP_HOLDS_LOCK : SCTP_NOT_LOCKED)); 198 } 199outnow: 200 if (stcb == NULL) { 201 SCTP_INP_RUNLOCK(inp); 202 } 203} 204 --- 209 unchanged lines hidden (view full) --- 414 /* sa_ignore MEMLEAK / 415* return (0); 416} 417 418/* 419 * INIT-ACK message processing/consumption returns value < 0 on error 420 / 421*static int
409sctp_process_init_ack(struct mbuf m, int iphlen, int offset, 410* struct sctphdr sh, struct sctp_init_ack_chunk cp, struct sctp_tcb stcb, 411* struct sctp_nets net, int abort_no_unlock, uint32_t vrf_id)	422sctp_process_init_ack(struct mbuf m, int iphlen, int offset, struct sctphdr sh, 423 struct sctp_init_ack_chunk cp, struct sctp_tcb stcb, 424 struct sctp_nets net, int abort_no_unlock, 425 uint8_t use_mflowid, uint32_t mflowid, 426 uint32_t vrf_id)
412{ 413 struct sctp_association asoc; 414* struct mbuf op_err; 415* int retval, abort_flag; 416 uint32_t initack_limit; 417 int nat_friendly = 0; 418 419 /* First verify that we have no illegal param's / --- 20 unchanged lines hidden* (view full) --- 440 /* load all addresses / 441* if ((retval = sctp_load_addresses_from_init(stcb, m, 442 (offset + sizeof(struct sctp_init_chunk)), initack_limit, sh, 443 NULL))) { 444 /* Huh, we should abort / 445* SCTPDBG(SCTP_DEBUG_INPUT1, 446 "Load addresses from INIT causes an abort %d\n", 447 retval);	427{ 428 struct sctp_association asoc; 429* struct mbuf op_err; 430* int retval, abort_flag; 431 uint32_t initack_limit; 432 int nat_friendly = 0; 433 434 /* First verify that we have no illegal param's / --- 20 unchanged lines hidden* (view full) --- 455 /* load all addresses / 456* if ((retval = sctp_load_addresses_from_init(stcb, m, 457 (offset + sizeof(struct sctp_init_chunk)), initack_limit, sh, 458 NULL))) { 459 /* Huh, we should abort / 460* SCTPDBG(SCTP_DEBUG_INPUT1, 461 "Load addresses from INIT causes an abort %d\n", 462 retval);
448 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 449 NULL, 0, net->port);	463 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, NULL, 464 use_mflowid, mflowid, 465 vrf_id, net->port);
450 abort_no_unlock = 1; 451* return (-1); 452 } 453 /* if the peer doesn't support asconf, flush the asconf queue / 454* if (asoc->peer_supports_asconf == 0) { 455 struct sctp_asconf_addr param, nparam; 456 457 TAILQ_FOREACH_SAFE(param, &asoc->asconf_queue, next, nparam) { --- 57 unchanged lines hidden (view full) --- 515 /* Subtract the reserved param / 516* mp->length = 517 htons(sizeof(struct sctp_inv_mandatory_param) - 2); 518 mp->num_param = htonl(1); 519 mp->param = htons(SCTP_STATE_COOKIE); 520 mp->resv = 0; 521 } 522 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,	466 abort_no_unlock = 1; 467* return (-1); 468 } 469 /* if the peer doesn't support asconf, flush the asconf queue / 470* if (asoc->peer_supports_asconf == 0) { 471 struct sctp_asconf_addr param, nparam; 472 473 TAILQ_FOREACH_SAFE(param, &asoc->asconf_queue, next, nparam) { --- 57 unchanged lines hidden (view full) --- 531 /* Subtract the reserved param / 532* mp->length = 533 htons(sizeof(struct sctp_inv_mandatory_param) - 2); 534 mp->num_param = htonl(1); 535 mp->param = htons(SCTP_STATE_COOKIE); 536 mp->resv = 0; 537 } 538 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
523 sh, op_err, vrf_id, net->port);	539 sh, op_err, 540 use_mflowid, mflowid, 541 vrf_id, net->port);
524 abort_no_unlock = 1; 525* } 526 return (retval); 527 } 528 return (0); 529} 530 531static void --- 723 unchanged lines hidden (view full) --- 1255 chklen -= adjust; 1256 phdr = (struct sctp_paramhdr )((caddr_t)phdr + adjust); 1257* } 1258 sctp_ulp_notify(SCTP_NOTIFY_REMOTE_ERROR, stcb, error, ch, SCTP_SO_NOT_LOCKED); 1259 return (0); 1260} 1261 1262static int	542 abort_no_unlock = 1; 543* } 544 return (retval); 545 } 546 return (0); 547} 548 549static void --- 723 unchanged lines hidden (view full) --- 1273 chklen -= adjust; 1274 phdr = (struct sctp_paramhdr )((caddr_t)phdr + adjust); 1275* } 1276 sctp_ulp_notify(SCTP_NOTIFY_REMOTE_ERROR, stcb, error, ch, SCTP_SO_NOT_LOCKED); 1277 return (0); 1278} 1279 1280static int
1263sctp_handle_init_ack(struct mbuf m, int iphlen, int offset, 1264* struct sctphdr sh, struct sctp_init_ack_chunk cp, struct sctp_tcb stcb, 1265* struct sctp_nets net, int abort_no_unlock, uint32_t vrf_id)	1281sctp_handle_init_ack(struct mbuf m, int iphlen, int offset, struct sctphdr sh, 1282 struct sctp_init_ack_chunk cp, struct sctp_tcb stcb, 1283 struct sctp_nets net, int abort_no_unlock, 1284 uint8_t use_mflowid, uint32_t mflowid, 1285 uint32_t vrf_id)
1266{ 1267 struct sctp_init_ack init_ack; 1268* struct mbuf op_err; 1269* 1270 SCTPDBG(SCTP_DEBUG_INPUT2, 1271 "sctp_handle_init_ack: handling INIT-ACK\n"); 1272 1273 if (stcb == NULL) { 1274 SCTPDBG(SCTP_DEBUG_INPUT2, 1275 "sctp_handle_init_ack: TCB is null\n"); 1276 return (-1); 1277 } 1278 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) { 1279 /* Invalid length / 1280* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1281 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,	1286{ 1287 struct sctp_init_ack init_ack; 1288* struct mbuf op_err; 1289* 1290 SCTPDBG(SCTP_DEBUG_INPUT2, 1291 "sctp_handle_init_ack: handling INIT-ACK\n"); 1292 1293 if (stcb == NULL) { 1294 SCTPDBG(SCTP_DEBUG_INPUT2, 1295 "sctp_handle_init_ack: TCB is null\n"); 1296 return (-1); 1297 } 1298 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) { 1299 /* Invalid length / 1300* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1301 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1282 op_err, 0, net->port);	1302 op_err, 1303 use_mflowid, mflowid, 1304 vrf_id, net->port);
1283 abort_no_unlock = 1; 1284* return (-1); 1285 } 1286 init_ack = &cp->init; 1287 /* validate parameters / 1288* if (init_ack->initiate_tag == 0) { 1289 /* protocol error... send an abort / 1290* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1291 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,	1305 abort_no_unlock = 1; 1306* return (-1); 1307 } 1308 init_ack = &cp->init; 1309 /* validate parameters / 1310* if (init_ack->initiate_tag == 0) { 1311 /* protocol error... send an abort / 1312* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1313 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1292 op_err, 0, net->port);	1314 op_err, 1315 use_mflowid, mflowid, 1316 vrf_id, net->port);
1293 abort_no_unlock = 1; 1294* return (-1); 1295 } 1296 if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) { 1297 /* protocol error... send an abort / 1298* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1299 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,	1317 abort_no_unlock = 1; 1318* return (-1); 1319 } 1320 if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) { 1321 /* protocol error... send an abort / 1322* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1323 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1300 op_err, 0, net->port);	1324 op_err, 1325 use_mflowid, mflowid, 1326 vrf_id, net->port);
1301 abort_no_unlock = 1; 1302* return (-1); 1303 } 1304 if (init_ack->num_inbound_streams == 0) { 1305 /* protocol error... send an abort / 1306* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1307 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,	1327 abort_no_unlock = 1; 1328* return (-1); 1329 } 1330 if (init_ack->num_inbound_streams == 0) { 1331 /* protocol error... send an abort / 1332* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1333 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1308 op_err, 0, net->port);	1334 op_err, 1335 use_mflowid, mflowid, 1336 vrf_id, net->port);
1309 abort_no_unlock = 1; 1310* return (-1); 1311 } 1312 if (init_ack->num_outbound_streams == 0) { 1313 /* protocol error... send an abort / 1314* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1315 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,	1337 abort_no_unlock = 1; 1338* return (-1); 1339 } 1340 if (init_ack->num_outbound_streams == 0) { 1341 /* protocol error... send an abort / 1342* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1343 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1316 op_err, 0, net->port);	1344 op_err, 1345 use_mflowid, mflowid, 1346 vrf_id, net->port);
1317 abort_no_unlock = 1; 1318* return (-1); 1319 } 1320 /* process according to association state... / 1321* switch (stcb->asoc.state & SCTP_STATE_MASK) { 1322 case SCTP_STATE_COOKIE_WAIT: 1323 /* this is the expected state for this chunk / 1324* /* process the INIT-ACK parameters / --- 6 unchanged lines hidden* (view full) --- 1331 * though. 1332 / 1333* stcb->asoc.primary_destination->dest_state &= 1334 ~SCTP_ADDR_UNCONFIRMED; 1335 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, 1336 stcb, 0, (void )stcb->asoc.primary_destination, SCTP_SO_NOT_LOCKED); 1337* } 1338 if (sctp_process_init_ack(m, iphlen, offset, sh, cp, stcb,	1347 abort_no_unlock = 1; 1348* return (-1); 1349 } 1350 /* process according to association state... / 1351* switch (stcb->asoc.state & SCTP_STATE_MASK) { 1352 case SCTP_STATE_COOKIE_WAIT: 1353 /* this is the expected state for this chunk / 1354* /* process the INIT-ACK parameters / --- 6 unchanged lines hidden* (view full) --- 1361 * though. 1362 / 1363* stcb->asoc.primary_destination->dest_state &= 1364 ~SCTP_ADDR_UNCONFIRMED; 1365 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, 1366 stcb, 0, (void )stcb->asoc.primary_destination, SCTP_SO_NOT_LOCKED); 1367* } 1368 if (sctp_process_init_ack(m, iphlen, offset, sh, cp, stcb,
1339 net, abort_no_unlock, vrf_id) < 0) {	1369 net, abort_no_unlock, 1370 use_mflowid, mflowid, 1371 vrf_id) < 0) {
1340 /* error in parsing parameters / 1341* return (-1); 1342 } 1343 /* update our state / 1344* SCTPDBG(SCTP_DEBUG_INPUT2, "moving to COOKIE-ECHOED state\n"); 1345 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_ECHOED); 1346 1347 /* reset the RTO calc / --- 38 unchanged lines hidden* (view full) --- 1386} 1387 1388static struct sctp_tcb * 1389sctp_process_cookie_new(struct mbuf m, int iphlen, int offset, 1390* struct sctphdr sh, struct sctp_state_cookie cookie, int cookie_len, 1391 struct sctp_inpcb inp, struct sctp_nets netp, 1392* struct sockaddr init_src, int notification, 1393 int auth_skipped, uint32_t auth_offset, uint32_t auth_len,	1372 /* error in parsing parameters / 1373* return (-1); 1374 } 1375 /* update our state / 1376* SCTPDBG(SCTP_DEBUG_INPUT2, "moving to COOKIE-ECHOED state\n"); 1377 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_ECHOED); 1378 1379 /* reset the RTO calc / --- 38 unchanged lines hidden* (view full) --- 1418} 1419 1420static struct sctp_tcb * 1421sctp_process_cookie_new(struct mbuf m, int iphlen, int offset, 1422* struct sctphdr sh, struct sctp_state_cookie cookie, int cookie_len, 1423 struct sctp_inpcb inp, struct sctp_nets netp, 1424* struct sockaddr init_src, int notification, 1425 int auth_skipped, uint32_t auth_offset, uint32_t auth_len,
	1426 uint8_t use_mflowid, uint32_t mflowid,
1394 uint32_t vrf_id, uint16_t port); 1395 1396 1397/* 1398 * handle a state cookie for an existing association m: input packet mbuf 1399 * chain-- assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a 1400 * "split" mbuf and the cookie signature does not exist offset: offset into 1401 * mbuf to the cookie-echo chunk 1402 / 1403static struct sctp_tcb 1404sctp_process_cookie_existing(struct mbuf m, int iphlen, int offset, 1405* struct sctphdr sh, struct sctp_state_cookie cookie, int cookie_len, 1406 struct sctp_inpcb inp, struct sctp_tcb stcb, struct sctp_nets *netp, 1407* struct sockaddr init_src, int notification,	1427 uint32_t vrf_id, uint16_t port); 1428 1429 1430/* 1431 * handle a state cookie for an existing association m: input packet mbuf 1432 * chain-- assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a 1433 * "split" mbuf and the cookie signature does not exist offset: offset into 1434 * mbuf to the cookie-echo chunk 1435 / 1436static struct sctp_tcb 1437sctp_process_cookie_existing(struct mbuf m, int iphlen, int offset, 1438* struct sctphdr sh, struct sctp_state_cookie cookie, int cookie_len, 1439 struct sctp_inpcb inp, struct sctp_tcb stcb, struct sctp_nets *netp, 1440* struct sockaddr init_src, int notification,
1408 uint32_t vrf_id, int auth_skipped, uint32_t auth_offset, uint32_t auth_len, uint16_t port)	1441 int auth_skipped, uint32_t auth_offset, uint32_t auth_len, 1442 uint8_t use_mflowid, uint32_t mflowid, 1443 uint32_t vrf_id, uint16_t port)
1409{ 1410 struct sctp_association asoc; 1411* struct sctp_init_chunk init_cp, init_buf; 1412* struct sctp_init_ack_chunk initack_cp, initack_buf; 1413* struct sctp_nets net; 1414* struct mbuf op_err; 1415* struct sctp_paramhdr ph; 1416* int init_offset, initack_offset, i; --- 21 unchanged lines hidden (view full) --- 1438 return (NULL); 1439 } 1440 /* Set the len / 1441* SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr); 1442 ph = mtod(op_err, struct sctp_paramhdr ); 1443* ph->param_type = htons(SCTP_CAUSE_COOKIE_IN_SHUTDOWN); 1444 ph->param_length = htons(sizeof(struct sctp_paramhdr)); 1445 sctp_send_operr_to(m, sh, cookie->peers_vtag, op_err,	1444{ 1445 struct sctp_association asoc; 1446* struct sctp_init_chunk init_cp, init_buf; 1447* struct sctp_init_ack_chunk initack_cp, initack_buf; 1448* struct sctp_nets net; 1449* struct mbuf op_err; 1450* struct sctp_paramhdr ph; 1451* int init_offset, initack_offset, i; --- 21 unchanged lines hidden (view full) --- 1473 return (NULL); 1474 } 1475 /* Set the len / 1476* SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr); 1477 ph = mtod(op_err, struct sctp_paramhdr ); 1478* ph->param_type = htons(SCTP_CAUSE_COOKIE_IN_SHUTDOWN); 1479 ph->param_length = htons(sizeof(struct sctp_paramhdr)); 1480 sctp_send_operr_to(m, sh, cookie->peers_vtag, op_err,
	1481 use_mflowid, mflowid,
1446 vrf_id, net->port); 1447 if (how_indx < sizeof(asoc->cookie_how)) 1448 asoc->cookie_how[how_indx] = 2; 1449 return (NULL); 1450 } 1451 /* 1452 * find and validate the INIT chunk in the cookie (peer's info) the 1453 * INIT should start after the cookie-echo header struct (chunk --- 208 unchanged lines hidden (view full) --- 1662#endif 1663 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 1664 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 1665 /* Set the len / 1666* SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr); 1667 ph = mtod(op_err, struct sctp_paramhdr ); 1668* ph->param_type = htons(SCTP_CAUSE_NAT_COLLIDING_STATE); 1669 ph->param_length = htons(sizeof(struct sctp_paramhdr));	1482 vrf_id, net->port); 1483 if (how_indx < sizeof(asoc->cookie_how)) 1484 asoc->cookie_how[how_indx] = 2; 1485 return (NULL); 1486 } 1487 /* 1488 * find and validate the INIT chunk in the cookie (peer's info) the 1489 * INIT should start after the cookie-echo header struct (chunk --- 208 unchanged lines hidden (view full) --- 1698#endif 1699 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 1700 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 1701 /* Set the len / 1702* SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr); 1703 ph = mtod(op_err, struct sctp_paramhdr ); 1704* ph->param_type = htons(SCTP_CAUSE_NAT_COLLIDING_STATE); 1705 ph->param_length = htons(sizeof(struct sctp_paramhdr));
1670 sctp_send_abort(m, iphlen, sh, 0, op_err, vrf_id, port);	1706 sctp_send_abort(m, iphlen, sh, 0, op_err, 1707 use_mflowid, mflowid, 1708 vrf_id, port);
1671 return (NULL); 1672 } 1673 if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) && 1674 ((ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) \|\| 1675 (asoc->peer_vtag == 0))) { 1676 /* 1677 * case B in Section 5.2.4 Table 2: MXAA or MOAA my info 1678 * should be ok, re-accept peer info --- 148 unchanged lines hidden (view full) --- 1827 /* 1828 * This is a gross gross hack. just call the 1829 * cookie_new code since we are allowing a duplicate 1830 * association. I hope this works... 1831 / 1832* return (sctp_process_cookie_new(m, iphlen, offset, sh, cookie, cookie_len, 1833 inp, netp, init_src, notification, 1834 auth_skipped, auth_offset, auth_len,	1709 return (NULL); 1710 } 1711 if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) && 1712 ((ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) \|\| 1713 (asoc->peer_vtag == 0))) { 1714 /* 1715 * case B in Section 5.2.4 Table 2: MXAA or MOAA my info 1716 * should be ok, re-accept peer info --- 148 unchanged lines hidden (view full) --- 1865 /* 1866 * This is a gross gross hack. just call the 1867 * cookie_new code since we are allowing a duplicate 1868 * association. I hope this works... 1869 / 1870* return (sctp_process_cookie_new(m, iphlen, offset, sh, cookie, cookie_len, 1871 inp, netp, init_src, notification, 1872 auth_skipped, auth_offset, auth_len,
	1873 use_mflowid, mflowid,
1835 vrf_id, port)); 1836 } 1837 /* 1838 * case A in Section 5.2.4 Table 2: XXMM (peer restarted) 1839 / 1840* /* temp code / 1841* if (how_indx < sizeof(asoc->cookie_how)) 1842 asoc->cookie_how[how_indx] = 12; --- 114 unchanged lines hidden (view full) --- 1957 1958/* 1959 * handle a state cookie for a new association m: input packet mbuf chain-- 1960 * assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a "split" mbuf 1961 * and the cookie signature does not exist offset: offset into mbuf to the 1962 * cookie-echo chunk length: length of the cookie chunk to: where the init 1963 * was from returns a new TCB 1964 */	1874 vrf_id, port)); 1875 } 1876 /* 1877 * case A in Section 5.2.4 Table 2: XXMM (peer restarted) 1878 / 1879* /* temp code / 1880* if (how_indx < sizeof(asoc->cookie_how)) 1881 asoc->cookie_how[how_indx] = 12; --- 114 unchanged lines hidden (view full) --- 1996 1997/* 1998 * handle a state cookie for a new association m: input packet mbuf chain-- 1999 * assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a "split" mbuf 2000 * and the cookie signature does not exist offset: offset into mbuf to the 2001 * cookie-echo chunk length: length of the cookie chunk to: where the init 2002 * was from returns a new TCB 2003 */
1965struct sctp_tcb *	2004static struct sctp_tcb *
1966sctp_process_cookie_new(struct mbuf m, int iphlen, int offset, 1967* struct sctphdr sh, struct sctp_state_cookie cookie, int cookie_len, 1968 struct sctp_inpcb inp, struct sctp_nets netp, 1969* struct sockaddr init_src, int notification, 1970 int auth_skipped, uint32_t auth_offset, uint32_t auth_len,	2005sctp_process_cookie_new(struct mbuf m, int iphlen, int offset, 2006* struct sctphdr sh, struct sctp_state_cookie cookie, int cookie_len, 2007 struct sctp_inpcb inp, struct sctp_nets netp, 2008* struct sockaddr init_src, int notification, 2009 int auth_skipped, uint32_t auth_offset, uint32_t auth_len,
	2010 uint8_t use_mflowid, uint32_t mflowid,
1971 uint32_t vrf_id, uint16_t port) 1972{ 1973 struct sctp_tcb stcb; 1974* struct sctp_init_chunk init_cp, init_buf; 1975* struct sctp_init_ack_chunk initack_cp, initack_buf; 1976* struct sockaddr_storage sa_store; 1977 struct sockaddr initack_src = (struct sockaddr )&sa_store; 1978 struct sctp_association asoc; --- 78 unchanged lines hidden* (view full) --- 2057 struct mbuf op_err; 2058* 2059 /* memory problem? / 2060* SCTPDBG(SCTP_DEBUG_INPUT1, 2061 "process_cookie_new: no room for another TCB!\n"); 2062 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 2063 2064 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,	2011 uint32_t vrf_id, uint16_t port) 2012{ 2013 struct sctp_tcb stcb; 2014* struct sctp_init_chunk init_cp, init_buf; 2015* struct sctp_init_ack_chunk initack_cp, initack_buf; 2016* struct sockaddr_storage sa_store; 2017 struct sockaddr initack_src = (struct sockaddr )&sa_store; 2018 struct sctp_association asoc; --- 78 unchanged lines hidden* (view full) --- 2097 struct mbuf op_err; 2098* 2099 /* memory problem? / 2100* SCTPDBG(SCTP_DEBUG_INPUT1, 2101 "process_cookie_new: no room for another TCB!\n"); 2102 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 2103 2104 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
2065 sh, op_err, vrf_id, port);	2105 sh, op_err, 2106 use_mflowid, mflowid, 2107 vrf_id, port);
2066 return (NULL); 2067 } 2068 /* get the correct sctp_nets / 2069* if (netp) 2070 netp = sctp_findnet(stcb, init_src); 2071* 2072 asoc = &stcb->asoc; 2073 /* get scope variables out of cookie / --- 9 unchanged lines hidden* (view full) --- 2083 /* 2084 * Houston we have a problem. The EP changed while the 2085 * cookie was in flight. Only recourse is to abort the 2086 * association. 2087 / 2088* atomic_add_int(&stcb->asoc.refcnt, 1); 2089 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 2090 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,	2108 return (NULL); 2109 } 2110 /* get the correct sctp_nets / 2111* if (netp) 2112 netp = sctp_findnet(stcb, init_src); 2113* 2114 asoc = &stcb->asoc; 2115 /* get scope variables out of cookie / --- 9 unchanged lines hidden* (view full) --- 2125 /* 2126 * Houston we have a problem. The EP changed while the 2127 * cookie was in flight. Only recourse is to abort the 2128 * association. 2129 / 2130* atomic_add_int(&stcb->asoc.refcnt, 1); 2131 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 2132 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
2091 sh, op_err, vrf_id, port);	2133 sh, op_err, 2134 use_mflowid, mflowid, 2135 vrf_id, port);
2092#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) 2093 SCTP_TCB_UNLOCK(stcb); 2094 SCTP_SOCKET_LOCK(so, 1); 2095 SCTP_TCB_LOCK(stcb); 2096#endif 2097 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 2098 SCTP_FROM_SCTP_INPUT + SCTP_LOC_16); 2099#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) --- 230 unchanged lines hidden (view full) --- 2330 * handles a COOKIE-ECHO message stcb: modified to either a new or left as 2331 * existing (non-NULL) TCB 2332 / 2333static struct mbuf 2334sctp_handle_cookie_echo(struct mbuf m, int iphlen, int offset, 2335* struct sctphdr sh, struct sctp_cookie_echo_chunk cp, 2336 struct sctp_inpcb inp_p, struct sctp_tcb stcb, struct sctp_nets *netp, 2337* int auth_skipped, uint32_t auth_offset, uint32_t auth_len,	2136#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) 2137 SCTP_TCB_UNLOCK(stcb); 2138 SCTP_SOCKET_LOCK(so, 1); 2139 SCTP_TCB_LOCK(stcb); 2140#endif 2141 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 2142 SCTP_FROM_SCTP_INPUT + SCTP_LOC_16); 2143#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) --- 230 unchanged lines hidden (view full) --- 2374 * handles a COOKIE-ECHO message stcb: modified to either a new or left as 2375 * existing (non-NULL) TCB 2376 / 2377static struct mbuf 2378sctp_handle_cookie_echo(struct mbuf m, int iphlen, int offset, 2379* struct sctphdr sh, struct sctp_cookie_echo_chunk cp, 2380 struct sctp_inpcb inp_p, struct sctp_tcb stcb, struct sctp_nets *netp, 2381* int auth_skipped, uint32_t auth_offset, uint32_t auth_len,
2338 struct sctp_tcb **locked_tcb, uint32_t vrf_id, uint16_t port)	2382 struct sctp_tcb *locked_tcb, 2383* uint8_t use_mflowid, uint32_t mflowid, 2384 uint32_t vrf_id, uint16_t port)
2339{ 2340 struct sctp_state_cookie cookie; 2341* struct sctp_tcb l_stcb = stcb; 2342 struct sctp_inpcb l_inp; 2343* struct sockaddr to; 2344* struct sctp_pcb ep; 2345* struct mbuf m_sig; 2346* uint8_t calc_sig[SCTP_SIGNATURE_SIZE], tmp_sig[SCTP_SIGNATURE_SIZE]; --- 219 unchanged lines hidden (view full) --- 2566 (sizeof(uint32_t)))); 2567 /* seconds to usec / 2568* tim = (now.tv_sec - time_expires.tv_sec) * 1000000; 2569 /* add in usec / 2570* if (tim == 0) 2571 tim = now.tv_usec - cookie->time_entered.tv_usec; 2572 scm->time_usec = htonl(tim); 2573 sctp_send_operr_to(m, sh, cookie->peers_vtag, op_err,	2385{ 2386 struct sctp_state_cookie cookie; 2387* struct sctp_tcb l_stcb = stcb; 2388 struct sctp_inpcb l_inp; 2389* struct sockaddr to; 2390* struct sctp_pcb ep; 2391* struct mbuf m_sig; 2392* uint8_t calc_sig[SCTP_SIGNATURE_SIZE], tmp_sig[SCTP_SIGNATURE_SIZE]; --- 219 unchanged lines hidden (view full) --- 2612 (sizeof(uint32_t)))); 2613 /* seconds to usec / 2614* tim = (now.tv_sec - time_expires.tv_sec) * 1000000; 2615 /* add in usec / 2616* if (tim == 0) 2617 tim = now.tv_usec - cookie->time_entered.tv_usec; 2618 scm->time_usec = htonl(tim); 2619 sctp_send_operr_to(m, sh, cookie->peers_vtag, op_err,
	2620 use_mflowid, mflowid,
2574 vrf_id, port); 2575 return (NULL); 2576 } 2577 /* 2578 * Now we must see with the lookup address if we have an existing 2579 * asoc. This will only happen if we were in the COOKIE-WAIT state 2580 * and a INIT collided with us and somewhere the peer sent the 2581 * cookie on another address besides the single address our assoc --- 71 unchanged lines hidden (view full) --- 2653 if (to == NULL) { 2654 return (NULL); 2655 } 2656 cookie_len -= SCTP_SIGNATURE_SIZE; 2657 if (stcb == NULL) { 2658* /* this is the "normal" case... get a new TCB / 2659* stcb = sctp_process_cookie_new(m, iphlen, offset, sh, cookie, 2660* cookie_len, *inp_p, netp, to, &notification,	2621 vrf_id, port); 2622 return (NULL); 2623 } 2624 /* 2625 * Now we must see with the lookup address if we have an existing 2626 * asoc. This will only happen if we were in the COOKIE-WAIT state 2627 * and a INIT collided with us and somewhere the peer sent the 2628 * cookie on another address besides the single address our assoc --- 71 unchanged lines hidden (view full) --- 2700 if (to == NULL) { 2701 return (NULL); 2702 } 2703 cookie_len -= SCTP_SIGNATURE_SIZE; 2704 if (stcb == NULL) { 2705* /* this is the "normal" case... get a new TCB / 2706* stcb = sctp_process_cookie_new(m, iphlen, offset, sh, cookie, 2707* cookie_len, *inp_p, netp, to, &notification,
2661 auth_skipped, auth_offset, auth_len, vrf_id, port);	2708 auth_skipped, auth_offset, auth_len, 2709 use_mflowid, mflowid, 2710 vrf_id, port);
2662 } else { 2663 /* this is abnormal... cookie-echo on existing TCB / 2664* had_a_existing_tcb = 1; 2665 stcb = sctp_process_cookie_existing(m, iphlen, offset, sh, 2666* cookie, cookie_len, inp_p, stcb, netp, to,	2711 } else { 2712 /* this is abnormal... cookie-echo on existing TCB / 2713* had_a_existing_tcb = 1; 2714 stcb = sctp_process_cookie_existing(m, iphlen, offset, sh, 2715* cookie, cookie_len, inp_p, stcb, netp, to,
2667 &notification, vrf_id, auth_skipped, auth_offset, auth_len, port);	2716 &notification, auth_skipped, auth_offset, auth_len, 2717 use_mflowid, mflowid, 2718 vrf_id, port);
2668 } 2669 2670 if (stcb == NULL) { 2671* /* still no TCB... must be bad cookie-echo / 2672* return (NULL); 2673 }	2719 } 2720 2721 if (stcb == NULL) { 2722* /* still no TCB... must be bad cookie-echo / 2723* return (NULL); 2724 }
2674 if ((netp != NULL) && (m->m_flags & M_FLOWID)) { 2675* (*netp)->flowid = m->m_pkthdr.flowid;	2725 if ((netp != NULL) && (use_mflowid != 0)) { 2726* (*netp)->flowid = mflowid;
2676#ifdef INVARIANTS 2677 (netp)->flowidset = 1; 2678#endif 2679* } 2680 /* 2681 * Ok, we built an association so confirm the address we sent the 2682 * INIT-ACK to. 2683 / --- 56 unchanged lines hidden* (view full) --- 2740#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) 2741 struct socket pcb_so; 2742* 2743#endif 2744 /* Too many sockets / 2745* SCTPDBG(SCTP_DEBUG_INPUT1, "process_cookie_new: no room for another socket!\n"); 2746 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 2747 sctp_abort_association(*inp_p, NULL, m, iphlen,	2727#ifdef INVARIANTS 2728 (netp)->flowidset = 1; 2729#endif 2730* } 2731 /* 2732 * Ok, we built an association so confirm the address we sent the 2733 * INIT-ACK to. 2734 / --- 56 unchanged lines hidden* (view full) --- 2791#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) 2792 struct socket pcb_so; 2793* 2794#endif 2795 /* Too many sockets / 2796* SCTPDBG(SCTP_DEBUG_INPUT1, "process_cookie_new: no room for another socket!\n"); 2797 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 2798 sctp_abort_association(*inp_p, NULL, m, iphlen,
2748 sh, op_err, vrf_id, port);	2799 sh, op_err, 2800 use_mflowid, mflowid, 2801 vrf_id, port);
2749#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) 2750 pcb_so = SCTP_INP_SO(inp_p); 2751* atomic_add_int(&(stcb)->asoc.refcnt, 1); 2752* SCTP_TCB_UNLOCK((stcb)); 2753* SCTP_SOCKET_LOCK(pcb_so, 1); 2754 SCTP_TCB_LOCK((stcb)); 2755* atomic_subtract_int(&(stcb)->asoc.refcnt, 1); 2756#endif --- 1599 unchanged lines hidden* (view full) --- 4356 / 4357#ifdef __GNUC__ 4358__attribute__((noinline)) 4359#endif 4360* static struct sctp_tcb * 4361 sctp_process_control(struct mbuf m, int iphlen, int offset, int length, 4362 struct sctphdr sh, struct sctp_chunkhdr ch, struct sctp_inpcb inp, 4363* struct sctp_tcb stcb, struct sctp_nets netp, int fwd_tsn_seen,	2802#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) 2803 pcb_so = SCTP_INP_SO(inp_p); 2804* atomic_add_int(&(stcb)->asoc.refcnt, 1); 2805* SCTP_TCB_UNLOCK((stcb)); 2806* SCTP_SOCKET_LOCK(pcb_so, 1); 2807 SCTP_TCB_LOCK((stcb)); 2808* atomic_subtract_int(&(stcb)->asoc.refcnt, 1); 2809#endif --- 1599 unchanged lines hidden* (view full) --- 4409 / 4410#ifdef __GNUC__ 4411__attribute__((noinline)) 4412#endif 4413* static struct sctp_tcb * 4414 sctp_process_control(struct mbuf m, int iphlen, int offset, int length, 4415 struct sctphdr sh, struct sctp_chunkhdr ch, struct sctp_inpcb inp, 4416* struct sctp_tcb stcb, struct sctp_nets netp, int fwd_tsn_seen,
	4417 uint8_t use_mflowid, uint32_t mflowid,
4364 uint32_t vrf_id, uint16_t port) 4365{ 4366 struct sctp_association asoc; 4367* uint32_t vtag_in; 4368 int num_chunks = 0; /* number of control chunks processed / 4369* uint32_t chk_length; 4370 int ret; 4371 int abort_no_unlock = 0; --- 140 unchanged lines hidden (view full) --- 4512 /* remaining chunks are HMAC checked / 4513* stcb->asoc.authenticated = 1; 4514 } 4515 } 4516 } 4517 if (stcb == NULL) { 4518 /* no association, so it's out of the blue... / 4519* sctp_handle_ootb(m, iphlen, *offset, sh, inp,	4418 uint32_t vrf_id, uint16_t port) 4419{ 4420 struct sctp_association asoc; 4421* uint32_t vtag_in; 4422 int num_chunks = 0; /* number of control chunks processed / 4423* uint32_t chk_length; 4424 int ret; 4425 int abort_no_unlock = 0; --- 140 unchanged lines hidden (view full) --- 4566 /* remaining chunks are HMAC checked / 4567* stcb->asoc.authenticated = 1; 4568 } 4569 } 4570 } 4571 if (stcb == NULL) { 4572 /* no association, so it's out of the blue... / 4573* sctp_handle_ootb(m, iphlen, *offset, sh, inp,
	4574 use_mflowid, mflowid,
4520 vrf_id, port); 4521 offset = length; 4522* if (locked_tcb) { 4523 SCTP_TCB_UNLOCK(locked_tcb); 4524 } 4525 return (NULL); 4526 } 4527 asoc = &stcb->asoc; --- 21 unchanged lines hidden (view full) --- 4549 * is still hung; we have started a new asoc 4550 * but it won't complete until the shutdown 4551 * is completed 4552 / 4553* if (locked_tcb) { 4554 SCTP_TCB_UNLOCK(locked_tcb); 4555 } 4556 sctp_handle_ootb(m, iphlen, *offset, sh, inp,	4575 vrf_id, port); 4576 offset = length; 4577* if (locked_tcb) { 4578 SCTP_TCB_UNLOCK(locked_tcb); 4579 } 4580 return (NULL); 4581 } 4582 asoc = &stcb->asoc; --- 21 unchanged lines hidden (view full) --- 4604 * is still hung; we have started a new asoc 4605 * but it won't complete until the shutdown 4606 * is completed 4607 / 4608* if (locked_tcb) { 4609 SCTP_TCB_UNLOCK(locked_tcb); 4610 } 4611 sctp_handle_ootb(m, iphlen, *offset, sh, inp,
	4612 use_mflowid, mflowid,
4557 vrf_id, port); 4558 return (NULL); 4559 } 4560 } else { 4561 /* for all other chunks, vtag must match / 4562* if (vtag_in != asoc->my_vtag) { 4563 /* invalid vtag... / 4564* SCTPDBG(SCTP_DEBUG_INPUT3, --- 125 unchanged lines hidden (view full) --- 4690 } 4691 switch (ch->chunk_type) { 4692 case SCTP_INITIATION: 4693 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_INIT\n"); 4694 /* The INIT chunk must be the only chunk. / 4695* if ((num_chunks > 1) \|\| 4696 (length - offset > (int)SCTP_SIZE32(chk_length))) { 4697* sctp_abort_association(inp, stcb, m,	4613 vrf_id, port); 4614 return (NULL); 4615 } 4616 } else { 4617 /* for all other chunks, vtag must match / 4618* if (vtag_in != asoc->my_vtag) { 4619 /* invalid vtag... / 4620* SCTPDBG(SCTP_DEBUG_INPUT3, --- 125 unchanged lines hidden (view full) --- 4746 } 4747 switch (ch->chunk_type) { 4748 case SCTP_INITIATION: 4749 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_INIT\n"); 4750 /* The INIT chunk must be the only chunk. / 4751* if ((num_chunks > 1) \|\| 4752 (length - offset > (int)SCTP_SIZE32(chk_length))) { 4753* sctp_abort_association(inp, stcb, m,
4698 iphlen, sh, NULL, vrf_id, port);	4754 iphlen, sh, NULL, 4755 use_mflowid, mflowid, 4756 vrf_id, port);
4699 offset = length; 4700* return (NULL); 4701 } 4702 /* Honor our resource limit. / 4703* if (chk_length > SCTP_LARGEST_INIT_ACCEPTED) { 4704 struct mbuf op_err; 4705* 4706 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 4707 sctp_abort_association(inp, stcb, m,	4757 offset = length; 4758* return (NULL); 4759 } 4760 /* Honor our resource limit. / 4761* if (chk_length > SCTP_LARGEST_INIT_ACCEPTED) { 4762 struct mbuf op_err; 4763* 4764 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 4765 sctp_abort_association(inp, stcb, m,
4708 iphlen, sh, op_err, vrf_id, port);	4766 iphlen, sh, op_err, 4767 use_mflowid, mflowid, 4768 vrf_id, port);
4709 offset = length; 4710* return (NULL); 4711 } 4712 sctp_handle_init(m, iphlen, offset, sh, 4713* (struct sctp_init_chunk *)ch, inp,	4769 offset = length; 4770* return (NULL); 4771 } 4772 sctp_handle_init(m, iphlen, offset, sh, 4773* (struct sctp_init_chunk *)ch, inp,
4714 stcb, &abort_no_unlock, vrf_id, port);	4774 stcb, &abort_no_unlock, 4775 use_mflowid, mflowid, 4776 vrf_id, port);
4715 offset = length; 4716* if ((!abort_no_unlock) && (locked_tcb)) { 4717 SCTP_TCB_UNLOCK(locked_tcb); 4718 } 4719 return (NULL); 4720 break; 4721 case SCTP_PAD_CHUNK: 4722 break; --- 32 unchanged lines hidden (view full) --- 4755 offset = length; 4756* if (locked_tcb) { 4757 SCTP_TCB_UNLOCK(locked_tcb); 4758 } 4759 return (NULL); 4760 } 4761 if ((netp) && (netp)) { 4762* ret = sctp_handle_init_ack(m, iphlen, *offset, sh,	4777 offset = length; 4778* if ((!abort_no_unlock) && (locked_tcb)) { 4779 SCTP_TCB_UNLOCK(locked_tcb); 4780 } 4781 return (NULL); 4782 break; 4783 case SCTP_PAD_CHUNK: 4784 break; --- 32 unchanged lines hidden (view full) --- 4817 offset = length; 4818* if (locked_tcb) { 4819 SCTP_TCB_UNLOCK(locked_tcb); 4820 } 4821 return (NULL); 4822 } 4823 if ((netp) && (netp)) { 4824* ret = sctp_handle_init_ack(m, iphlen, *offset, sh,
4763 (struct sctp_init_ack_chunk )ch, stcb, netp, &abort_no_unlock, vrf_id);	4825 (struct sctp_init_ack_chunk )ch, 4826* stcb, netp, 4827* &abort_no_unlock, 4828 use_mflowid, mflowid, 4829 vrf_id);
4764 } else { 4765 ret = -1; 4766 } 4767 offset = length; 4768* if (abort_no_unlock) { 4769 return (NULL); 4770 } 4771 /* --- 289 unchanged lines hidden (view full) --- 5061 5062 if ((stcb == NULL) && (inp->sctp_socket->so_qlen >= inp->sctp_socket->so_qlimit)) { 5063 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 5064 (SCTP_BASE_SYSCTL(sctp_abort_if_one_2_one_hits_limit))) { 5065 struct mbuf op_err; 5066* 5067 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 5068 sctp_abort_association(inp, stcb, m,	4830 } else { 4831 ret = -1; 4832 } 4833 offset = length; 4834* if (abort_no_unlock) { 4835 return (NULL); 4836 } 4837 /* --- 289 unchanged lines hidden (view full) --- 5127 5128 if ((stcb == NULL) && (inp->sctp_socket->so_qlen >= inp->sctp_socket->so_qlimit)) { 5129 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 5130 (SCTP_BASE_SYSCTL(sctp_abort_if_one_2_one_hits_limit))) { 5131 struct mbuf op_err; 5132* 5133 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 5134 sctp_abort_association(inp, stcb, m,
5069 iphlen, sh, op_err, vrf_id, port);	5135 iphlen, sh, op_err, 5136 use_mflowid, mflowid, 5137 vrf_id, port);
5070 } 5071 offset = length; 5072* return (NULL); 5073 } else { 5074 struct mbuf ret_buf; 5075* struct sctp_inpcb linp; 5076* 5077 if (stcb) { --- 15 unchanged lines hidden (view full) --- 5093 sctp_handle_cookie_echo(m, iphlen, 5094 offset, sh, 5095* (struct sctp_cookie_echo_chunk )ch, 5096* &inp, &stcb, netp, 5097 auth_skipped, 5098 auth_offset, 5099 auth_len, 5100 &locked_tcb,	5138 } 5139 offset = length; 5140* return (NULL); 5141 } else { 5142 struct mbuf ret_buf; 5143* struct sctp_inpcb linp; 5144* 5145 if (stcb) { --- 15 unchanged lines hidden (view full) --- 5161 sctp_handle_cookie_echo(m, iphlen, 5162 offset, sh, 5163* (struct sctp_cookie_echo_chunk )ch, 5164* &inp, &stcb, netp, 5165 auth_skipped, 5166 auth_offset, 5167 auth_len, 5168 &locked_tcb,
	5169 use_mflowid, 5170 mflowid,
5101 vrf_id, 5102 port); 5103 } else { 5104 ret_buf = NULL; 5105 } 5106 if (linp) { 5107 SCTP_ASOC_CREATE_UNLOCK(linp); 5108 } --- 436 unchanged lines hidden (view full) --- 5545#endif 5546 5547/* 5548 * common input chunk processing (v4 and v6) 5549 / 5550void 5551sctp_common_input_processing(struct mbuf mm, int iphlen, int offset, 5552* int length, struct sctphdr sh, struct sctp_chunkhdr ch,	5171 vrf_id, 5172 port); 5173 } else { 5174 ret_buf = NULL; 5175 } 5176 if (linp) { 5177 SCTP_ASOC_CREATE_UNLOCK(linp); 5178 } --- 436 unchanged lines hidden (view full) --- 5615#endif 5616 5617/* 5618 * common input chunk processing (v4 and v6) 5619 / 5620void 5621sctp_common_input_processing(struct mbuf mm, int iphlen, int offset, 5622* int length, struct sctphdr sh, struct sctp_chunkhdr ch,
5553 struct sctp_inpcb inp, struct sctp_tcb stcb, struct sctp_nets net, 5554* uint8_t ecn_bits, uint32_t vrf_id, uint16_t port)	5623 struct sctp_inpcb inp, struct sctp_tcb stcb, 5624 struct sctp_nets net, uint8_t ecn_bits, 5625* uint8_t use_mflowid, uint32_t mflowid, 5626 uint32_t vrf_id, uint16_t port)
5555{ 5556 /* 5557 * Control chunk processing 5558 / 5559* uint32_t high_tsn; 5560 int fwd_tsn_seen = 0, data_processed = 0; 5561 struct mbuf m = mm; 5562 int un_sent; --- 19 unchanged lines hidden (view full) --- 5582 /- 5583* * If we hit here, we had a ref count 5584 * up when the assoc was aborted and the 5585 * timer is clearing out the assoc, we should 5586 * NOT respond to any packet.. its OOTB. 5587 / 5588* SCTP_TCB_UNLOCK(stcb); 5589 sctp_handle_ootb(m, iphlen, offset, sh, inp,	5627{ 5628 /* 5629 * Control chunk processing 5630 / 5631* uint32_t high_tsn; 5632 int fwd_tsn_seen = 0, data_processed = 0; 5633 struct mbuf m = mm; 5634 int un_sent; --- 19 unchanged lines hidden (view full) --- 5654 /- 5655* * If we hit here, we had a ref count 5656 * up when the assoc was aborted and the 5657 * timer is clearing out the assoc, we should 5658 * NOT respond to any packet.. its OOTB. 5659 / 5660* SCTP_TCB_UNLOCK(stcb); 5661 sctp_handle_ootb(m, iphlen, offset, sh, inp,
	5662 use_mflowid, mflowid,
5590 vrf_id, port); 5591 goto out_now; 5592 } 5593 } 5594 if (IS_SCTP_CONTROL(ch)) { 5595 /* process the control portion of the SCTP packet / 5596* /* sa_ignore NO_NULL_CHK / 5597* stcb = sctp_process_control(m, iphlen, &offset, length, sh, ch,	5663 vrf_id, port); 5664 goto out_now; 5665 } 5666 } 5667 if (IS_SCTP_CONTROL(ch)) { 5668 /* process the control portion of the SCTP packet / 5669* /* sa_ignore NO_NULL_CHK / 5670* stcb = sctp_process_control(m, iphlen, &offset, length, sh, ch,
5598 inp, stcb, &net, &fwd_tsn_seen, vrf_id, port);	5671 inp, stcb, &net, &fwd_tsn_seen, 5672 use_mflowid, mflowid, 5673 vrf_id, port);
5599 if (stcb) { 5600 /* 5601 * This covers us if the cookie-echo was there and 5602 * it changes our INP. 5603 / 5604* inp = stcb->sctp_ep; 5605 if ((net) && (port)) { 5606 if (net->port == 0) { --- 19 unchanged lines hidden (view full) --- 5626 /* "silently" ignore / 5627* SCTP_STAT_INCR(sctps_recvauthmissing); 5628 SCTP_TCB_UNLOCK(stcb); 5629 goto out_now; 5630 } 5631 if (stcb == NULL) { 5632 /* out of the blue DATA chunk / 5633* sctp_handle_ootb(m, iphlen, offset, sh, inp,	5674 if (stcb) { 5675 /* 5676 * This covers us if the cookie-echo was there and 5677 * it changes our INP. 5678 / 5679* inp = stcb->sctp_ep; 5680 if ((net) && (port)) { 5681 if (net->port == 0) { --- 19 unchanged lines hidden (view full) --- 5701 /* "silently" ignore / 5702* SCTP_STAT_INCR(sctps_recvauthmissing); 5703 SCTP_TCB_UNLOCK(stcb); 5704 goto out_now; 5705 } 5706 if (stcb == NULL) { 5707 /* out of the blue DATA chunk / 5708* sctp_handle_ootb(m, iphlen, offset, sh, inp,
	5709 use_mflowid, mflowid,
5634 vrf_id, port); 5635 goto out_now; 5636 } 5637 if (stcb->asoc.my_vtag != ntohl(sh->v_tag)) { 5638 /* v_tag mismatch! / 5639* SCTP_STAT_INCR(sctps_badvtag); 5640 SCTP_TCB_UNLOCK(stcb); 5641 goto out_now; --- 53 unchanged lines hidden (view full) --- 5695 stcb->asoc.overall_error_count = 0; 5696 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk )ch, stcb, net); 5697* break; 5698 case SCTP_STATE_COOKIE_WAIT: 5699 /* 5700 * We consider OOTB any data sent during asoc setup. 5701 / 5702* sctp_handle_ootb(m, iphlen, offset, sh, inp,	5710 vrf_id, port); 5711 goto out_now; 5712 } 5713 if (stcb->asoc.my_vtag != ntohl(sh->v_tag)) { 5714 /* v_tag mismatch! / 5715* SCTP_STAT_INCR(sctps_badvtag); 5716 SCTP_TCB_UNLOCK(stcb); 5717 goto out_now; --- 53 unchanged lines hidden (view full) --- 5771 stcb->asoc.overall_error_count = 0; 5772 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk )ch, stcb, net); 5773* break; 5774 case SCTP_STATE_COOKIE_WAIT: 5775 /* 5776 * We consider OOTB any data sent during asoc setup. 5777 / 5778* sctp_handle_ootb(m, iphlen, offset, sh, inp,
	5779 use_mflowid, mflowid,
5703 vrf_id, port); 5704 SCTP_TCB_UNLOCK(stcb); 5705 goto out_now; 5706 /* sa_ignore NOTREACHED / 5707* break; 5708 case SCTP_STATE_EMPTY: /* should not happen / 5709* case SCTP_STATE_INUSE: /* should not happen / 5710* case SCTP_STATE_SHUTDOWN_RECEIVED: /* This is a peer error / --- 4 unchanged lines hidden* (view full) --- 5715 /* sa_ignore NOTREACHED / 5716* break; 5717 case SCTP_STATE_OPEN: 5718 case SCTP_STATE_SHUTDOWN_SENT: 5719 break; 5720 } 5721 /* plow through the data chunks while length > offset / 5722* retval = sctp_process_data(mm, iphlen, &offset, length, sh,	5780 vrf_id, port); 5781 SCTP_TCB_UNLOCK(stcb); 5782 goto out_now; 5783 /* sa_ignore NOTREACHED / 5784* break; 5785 case SCTP_STATE_EMPTY: /* should not happen / 5786* case SCTP_STATE_INUSE: /* should not happen / 5787* case SCTP_STATE_SHUTDOWN_RECEIVED: /* This is a peer error / --- 4 unchanged lines hidden* (view full) --- 5792 /* sa_ignore NOTREACHED / 5793* break; 5794 case SCTP_STATE_OPEN: 5795 case SCTP_STATE_SHUTDOWN_SENT: 5796 break; 5797 } 5798 /* plow through the data chunks while length > offset / 5799* retval = sctp_process_data(mm, iphlen, &offset, length, sh,
5723 inp, stcb, net, &high_tsn);	5800 inp, stcb, net, &high_tsn, 5801 use_mflowid, mflowid, 5802 vrf_id, port);
5724 if (retval == 2) { 5725 /* 5726 * The association aborted, NO UNLOCK needed since 5727 * the association is destroyed. 5728 / 5729* goto out_now; 5730 } 5731 data_processed = 1; --- 83 unchanged lines hidden (view full) --- 5815 struct ip ip; 5816* struct sctphdr sh; 5817* struct sctp_inpcb inp = NULL; 5818* struct sctp_nets net; 5819* struct sctp_tcb stcb = NULL; 5820* struct sctp_chunkhdr ch; 5821* int refcount_up = 0; 5822 int length, mlen, offset;	5803 if (retval == 2) { 5804 /* 5805 * The association aborted, NO UNLOCK needed since 5806 * the association is destroyed. 5807 / 5808* goto out_now; 5809 } 5810 data_processed = 1; --- 83 unchanged lines hidden (view full) --- 5894 struct ip ip; 5895* struct sctphdr sh; 5896* struct sctp_inpcb inp = NULL; 5897* struct sctp_nets net; 5898* struct sctp_tcb stcb = NULL; 5899* struct sctp_chunkhdr ch; 5900* int refcount_up = 0; 5901 int length, mlen, offset;
	5902 uint32_t mflowid; 5903 uint8_t use_mflowid;
5823 5824#if !defined(SCTP_WITH_NO_CSUM) 5825 uint32_t check, calc_check; 5826 5827#endif 5828 5829 if (SCTP_GET_PKT_VRFID(i_pak, vrf_id)) { 5830 SCTP_RELEASE_PKT(i_pak); --- 19 unchanged lines hidden (view full) --- 5850 } 5851 } 5852 } 5853#endif 5854#ifdef SCTP_PACKET_LOGGING 5855 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 5856 sctp_packet_log(m, mlen); 5857#endif	5904 5905#if !defined(SCTP_WITH_NO_CSUM) 5906 uint32_t check, calc_check; 5907 5908#endif 5909 5910 if (SCTP_GET_PKT_VRFID(i_pak, vrf_id)) { 5911 SCTP_RELEASE_PKT(i_pak); --- 19 unchanged lines hidden (view full) --- 5931 } 5932 } 5933 } 5934#endif 5935#ifdef SCTP_PACKET_LOGGING 5936 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 5937 sctp_packet_log(m, mlen); 5938#endif
	5939 if (m->m_flags & M_FLOWID) { 5940 mflowid = m->m_pkthdr.flowid; 5941 use_mflowid = 1; 5942 } else { 5943 mflowid = 0; 5944 use_mflowid = 0; 5945 }
5858 /* 5859 * Must take out the iphlen, since mlen expects this (only effect lb 5860 * case) 5861 / 5862* mlen -= iphlen; 5863 5864 /* 5865 * Get IP, SCTP, and first chunk header together in first mbuf. --- 55 unchanged lines hidden (view full) --- 5921 sh, ch, &inp, &net, 5922 vrf_id); 5923 if ((net) && (port)) { 5924 if (net->port == 0) { 5925 sctp_pathmtu_adjustment(stcb, net->mtu - sizeof(struct udphdr)); 5926 } 5927 net->port = port; 5928 }	5946 /* 5947 * Must take out the iphlen, since mlen expects this (only effect lb 5948 * case) 5949 / 5950* mlen -= iphlen; 5951 5952 /* 5953 * Get IP, SCTP, and first chunk header together in first mbuf. --- 55 unchanged lines hidden (view full) --- 6009 sh, ch, &inp, &net, 6010 vrf_id); 6011 if ((net) && (port)) { 6012 if (net->port == 0) { 6013 sctp_pathmtu_adjustment(stcb, net->mtu - sizeof(struct udphdr)); 6014 } 6015 net->port = port; 6016 }
5929 if ((net != NULL) && (m->m_flags & M_FLOWID)) { 5930 net->flowid = m->m_pkthdr.flowid;	6017 if ((net != NULL) && (use_mflowid != 0)) { 6018 net->flowid = mflowid;
5931#ifdef INVARIANTS 5932 net->flowidset = 1; 5933#endif 5934 } 5935 if ((inp) && (stcb)) { 5936 sctp_send_packet_dropped(stcb, net, m, iphlen, 1); 5937 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR, SCTP_SO_NOT_LOCKED); 5938 } else if ((inp != NULL) && (stcb == NULL)) { --- 17 unchanged lines hidden (view full) --- 5956 stcb = sctp_findassociation_addr(m, offset - sizeof(ch), 5957* sh, ch, &inp, &net, vrf_id); 5958 if ((net) && (port)) { 5959 if (net->port == 0) { 5960 sctp_pathmtu_adjustment(stcb, net->mtu - sizeof(struct udphdr)); 5961 } 5962 net->port = port; 5963 }	6019#ifdef INVARIANTS 6020 net->flowidset = 1; 6021#endif 6022 } 6023 if ((inp) && (stcb)) { 6024 sctp_send_packet_dropped(stcb, net, m, iphlen, 1); 6025 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR, SCTP_SO_NOT_LOCKED); 6026 } else if ((inp != NULL) && (stcb == NULL)) { --- 17 unchanged lines hidden (view full) --- 6044 stcb = sctp_findassociation_addr(m, offset - sizeof(ch), 6045* sh, ch, &inp, &net, vrf_id); 6046 if ((net) && (port)) { 6047 if (net->port == 0) { 6048 sctp_pathmtu_adjustment(stcb, net->mtu - sizeof(struct udphdr)); 6049 } 6050 net->port = port; 6051 }
5964 if ((net != NULL) && (m->m_flags & M_FLOWID)) { 5965 net->flowid = m->m_pkthdr.flowid;	6052 if ((net != NULL) && (use_mflowid != 0)) { 6053 net->flowid = mflowid;
5966#ifdef INVARIANTS 5967 net->flowidset = 1; 5968#endif 5969 } 5970 /* inp's ref-count increased && stcb locked / 5971* if (inp == NULL) { 5972 struct sctp_init_chunk init_chk, chunk_buf; 5973* --- 17 unchanged lines hidden (view full) --- 5991 / 5992* init_chk = (struct sctp_init_chunk )sctp_m_getptr(m, 5993* iphlen + sizeof(sh), sizeof(init_chk), 5994 (uint8_t ) & chunk_buf); 5995* if (init_chk != NULL) 5996 sh->v_tag = init_chk->init.initiate_tag; 5997 } 5998 if (ch->chunk_type == SCTP_SHUTDOWN_ACK) {	6054#ifdef INVARIANTS 6055 net->flowidset = 1; 6056#endif 6057 } 6058 /* inp's ref-count increased && stcb locked / 6059* if (inp == NULL) { 6060 struct sctp_init_chunk init_chk, chunk_buf; 6061* --- 17 unchanged lines hidden (view full) --- 6079 / 6080* init_chk = (struct sctp_init_chunk )sctp_m_getptr(m, 6081* iphlen + sizeof(sh), sizeof(init_chk), 6082 (uint8_t ) & chunk_buf); 6083* if (init_chk != NULL) 6084 sh->v_tag = init_chk->init.initiate_tag; 6085 } 6086 if (ch->chunk_type == SCTP_SHUTDOWN_ACK) {
5999 sctp_send_shutdown_complete2(m, sh, vrf_id, port);	6087 sctp_send_shutdown_complete2(m, sh, 6088 use_mflowid, mflowid, 6089 vrf_id, port);
6000 goto bad; 6001 } 6002 if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) { 6003 goto bad; 6004 } 6005 if (ch->chunk_type != SCTP_ABORT_ASSOCIATION) { 6006 if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) \|\| 6007 ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) && 6008 (ch->chunk_type != SCTP_INIT))) {	6090 goto bad; 6091 } 6092 if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) { 6093 goto bad; 6094 } 6095 if (ch->chunk_type != SCTP_ABORT_ASSOCIATION) { 6096 if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) \|\| 6097 ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) && 6098 (ch->chunk_type != SCTP_INIT))) {
6009 sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);	6099 sctp_send_abort(m, iphlen, sh, 0, NULL, 6100 use_mflowid, mflowid, 6101 vrf_id, port);
6010 } 6011 } 6012 goto bad; 6013 } else if (stcb == NULL) { 6014 refcount_up = 1; 6015 } 6016#ifdef IPSEC 6017 /* --- 12 unchanged lines hidden (view full) --- 6030 / 6031* length = ip->ip_len + iphlen; 6032 offset -= sizeof(struct sctp_chunkhdr); 6033 6034 ecn_bits = ip->ip_tos; 6035 6036 /* sa_ignore NO_NULL_CHK / 6037* sctp_common_input_processing(&m, iphlen, offset, length, sh, ch,	6102 } 6103 } 6104 goto bad; 6105 } else if (stcb == NULL) { 6106 refcount_up = 1; 6107 } 6108#ifdef IPSEC 6109 /* --- 12 unchanged lines hidden (view full) --- 6122 / 6123* length = ip->ip_len + iphlen; 6124 offset -= sizeof(struct sctp_chunkhdr); 6125 6126 ecn_bits = ip->ip_tos; 6127 6128 /* sa_ignore NO_NULL_CHK / 6129* sctp_common_input_processing(&m, iphlen, offset, length, sh, ch,
6038 inp, stcb, net, ecn_bits, vrf_id, port);	6130 inp, stcb, net, ecn_bits, 6131 use_mflowid, mflowid, 6132 vrf_id, port);
6039 /* inp's ref-count reduced && stcb unlocked / 6040* if (m) { 6041 sctp_m_freem(m); 6042 } 6043 if ((inp) && (refcount_up)) { 6044 /* reduce ref-count / 6045* SCTP_INP_DECR_REF(inp); 6046 } --- 62 unchanged lines hidden ---	6133 /* inp's ref-count reduced && stcb unlocked / 6134* if (m) { 6135 sctp_m_freem(m); 6136 } 6137 if ((inp) && (refcount_up)) { 6138 /* reduce ref-count / 6139* SCTP_INP_DECR_REF(inp); 6140 } --- 62 unchanged lines hidden ---

sctp_input.c (236956)	sctp_input.c (237049)
1/- 2 Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * --- 17 unchanged lines hidden (view full) --- 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 30 * THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33#include <sys/cdefs.h>	1/- 2 Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * --- 17 unchanged lines hidden (view full) --- 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 30 * THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33#include <sys/cdefs.h>
34__FBSDID("$FreeBSD: head/sys/netinet/sctp_input.c 236956 2012-06-12 13:15:27Z tuexen $");	34__FBSDID("$FreeBSD: head/sys/netinet/sctp_input.c 237049 2012-06-14 06:54:48Z tuexen $");
35 36#include <netinet/sctp_os.h> 37#include <netinet/sctp_var.h> 38#include <netinet/sctp_sysctl.h> 39#include <netinet/sctp_pcb.h> 40#include <netinet/sctp_header.h> 41#include <netinet/sctputil.h> 42#include <netinet/sctp_output.h> --- 33 unchanged lines hidden (view full) --- 76 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_2); 77 } 78 } 79} 80 81/* INIT handler / 82static void 83sctp_handle_init(struct mbuf m, int iphlen, int offset, struct sctphdr *sh,	35 36#include <netinet/sctp_os.h> 37#include <netinet/sctp_var.h> 38#include <netinet/sctp_sysctl.h> 39#include <netinet/sctp_pcb.h> 40#include <netinet/sctp_header.h> 41#include <netinet/sctputil.h> 42#include <netinet/sctp_output.h> --- 33 unchanged lines hidden (view full) --- 76 net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_2); 77 } 78 } 79} 80 81/* INIT handler / 82static void 83sctp_handle_init(struct mbuf m, int iphlen, int offset, struct sctphdr *sh,
84 struct sctp_init_chunk cp, struct sctp_inpcb inp, struct sctp_tcb stcb, 85 int abort_no_unlock, uint32_t vrf_id, uint16_t port)	84 struct sctp_init_chunk cp, struct sctp_inpcb inp, 85 struct sctp_tcb stcb, int abort_no_unlock, 86 uint8_t use_mflowid, uint32_t mflowid, 87 uint32_t vrf_id, uint16_t port)
86{ 87 struct sctp_init init; 88 struct mbuf op_err; 89 90 SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_init: handling INIT tcb:%p\n", 91 stcb); 92 if (stcb == NULL) { 93 SCTP_INP_RLOCK(inp); 94 } 95 /* validate length */ 96 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) { 97 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 98 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,	88{ 89 struct sctp_init init; 90 struct mbuf op_err; 91 92 SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_init: handling INIT tcb:%p\n", 93 stcb); 94 if (stcb == NULL) { 95 SCTP_INP_RLOCK(inp); 96 } 97 /* validate length / 98 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) { 99 op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 100* sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
	101 use_mflowid, mflowid,
99 vrf_id, port); 100 if (stcb) 101 abort_no_unlock = 1; 102* goto outnow; 103 } 104 /* validate parameters / 105* init = &cp->init; 106 if (init->initiate_tag == 0) { 107 /* protocol error... send abort / 108* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 109 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,	102 vrf_id, port); 103 if (stcb) 104 abort_no_unlock = 1; 105* goto outnow; 106 } 107 /* validate parameters / 108* init = &cp->init; 109 if (init->initiate_tag == 0) { 110 /* protocol error... send abort / 111* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 112 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
	113 use_mflowid, mflowid,
110 vrf_id, port); 111 if (stcb) 112 abort_no_unlock = 1; 113* goto outnow; 114 } 115 if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) { 116 /* invalid parameter... send abort / 117* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 118 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,	114 vrf_id, port); 115 if (stcb) 116 abort_no_unlock = 1; 117* goto outnow; 118 } 119 if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) { 120 /* invalid parameter... send abort / 121* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 122 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
	123 use_mflowid, mflowid,
119 vrf_id, port); 120 if (stcb) 121 abort_no_unlock = 1; 122* goto outnow; 123 } 124 if (init->num_inbound_streams == 0) { 125 /* protocol error... send abort / 126* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 127 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,	124 vrf_id, port); 125 if (stcb) 126 abort_no_unlock = 1; 127* goto outnow; 128 } 129 if (init->num_inbound_streams == 0) { 130 /* protocol error... send abort / 131* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 132 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
	133 use_mflowid, mflowid,
128 vrf_id, port); 129 if (stcb) 130 abort_no_unlock = 1; 131* goto outnow; 132 } 133 if (init->num_outbound_streams == 0) { 134 /* protocol error... send abort / 135* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 136 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,	134 vrf_id, port); 135 if (stcb) 136 abort_no_unlock = 1; 137* goto outnow; 138 } 139 if (init->num_outbound_streams == 0) { 140 /* protocol error... send abort / 141* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 142 sctp_abort_association(inp, stcb, m, iphlen, sh, op_err,
	143 use_mflowid, mflowid,
137 vrf_id, port); 138 if (stcb) 139 abort_no_unlock = 1; 140* goto outnow; 141 } 142 if (sctp_validate_init_auth_params(m, offset + sizeof(cp), 143* offset + ntohs(cp->ch.chunk_length))) { 144 /* auth parameter(s) error... send abort */	144 vrf_id, port); 145 if (stcb) 146 abort_no_unlock = 1; 147* goto outnow; 148 } 149 if (sctp_validate_init_auth_params(m, offset + sizeof(cp), 150* offset + ntohs(cp->ch.chunk_length))) { 151 /* auth parameter(s) error... send abort */
145 sctp_abort_association(inp, stcb, m, iphlen, sh, NULL, vrf_id, port);	152 sctp_abort_association(inp, stcb, m, iphlen, sh, NULL, 153 use_mflowid, mflowid, 154 vrf_id, port);
146 if (stcb) 147 abort_no_unlock = 1; 148* goto outnow; 149 } 150 /* 151 * We are only accepting if we have a socket with positive 152 * so_qlimit. 153 / --- 10 unchanged lines hidden* (view full) --- 164 * just send back the INIT-ACK and hope that the app did 165 * accept()'s by the time the COOKIE was sent. But there is 166 * a price to pay for COOKIE generation and I don't want to 167 * pay it on the chance that the app will actually do some 168 * accepts(). The App just looses and should NOT be in this 169 * state :-) 170 / 171* if (SCTP_BASE_SYSCTL(sctp_blackhole) == 0) {	155 if (stcb) 156 abort_no_unlock = 1; 157* goto outnow; 158 } 159 /* 160 * We are only accepting if we have a socket with positive 161 * so_qlimit. 162 / --- 10 unchanged lines hidden* (view full) --- 173 * just send back the INIT-ACK and hope that the app did 174 * accept()'s by the time the COOKIE was sent. But there is 175 * a price to pay for COOKIE generation and I don't want to 176 * pay it on the chance that the app will actually do some 177 * accepts(). The App just looses and should NOT be in this 178 * state :-) 179 / 180* if (SCTP_BASE_SYSCTL(sctp_blackhole) == 0) {
172 sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);	181 sctp_send_abort(m, iphlen, sh, 0, NULL, 182 use_mflowid, mflowid, 183 vrf_id, port);
173 } 174 goto outnow; 175 } 176 if ((stcb != NULL) && 177 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT)) { 178 SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending SHUTDOWN-ACK\n"); 179 sctp_send_shutdown_ack(stcb, NULL); 180 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED); 181 } else { 182 SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending INIT-ACK\n");	184 } 185 goto outnow; 186 } 187 if ((stcb != NULL) && 188 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT)) { 189 SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending SHUTDOWN-ACK\n"); 190 sctp_send_shutdown_ack(stcb, NULL); 191 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED); 192 } else { 193 SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending INIT-ACK\n");
183 sctp_send_initiate_ack(inp, stcb, m, iphlen, offset, sh, cp, vrf_id, port,	194 sctp_send_initiate_ack(inp, stcb, m, iphlen, offset, sh, cp, 195 use_mflowid, mflowid, 196 vrf_id, port,
184 ((stcb == NULL) ? SCTP_HOLDS_LOCK : SCTP_NOT_LOCKED)); 185 } 186outnow: 187 if (stcb == NULL) { 188 SCTP_INP_RUNLOCK(inp); 189 } 190} 191 --- 209 unchanged lines hidden (view full) --- 401 /* sa_ignore MEMLEAK / 402* return (0); 403} 404 405/* 406 * INIT-ACK message processing/consumption returns value < 0 on error 407 / 408*static int	197 ((stcb == NULL) ? SCTP_HOLDS_LOCK : SCTP_NOT_LOCKED)); 198 } 199outnow: 200 if (stcb == NULL) { 201 SCTP_INP_RUNLOCK(inp); 202 } 203} 204 --- 209 unchanged lines hidden (view full) --- 414 /* sa_ignore MEMLEAK / 415* return (0); 416} 417 418/* 419 * INIT-ACK message processing/consumption returns value < 0 on error 420 / 421*static int
409sctp_process_init_ack(struct mbuf m, int iphlen, int offset, 410* struct sctphdr sh, struct sctp_init_ack_chunk cp, struct sctp_tcb stcb, 411* struct sctp_nets net, int abort_no_unlock, uint32_t vrf_id)	422sctp_process_init_ack(struct mbuf m, int iphlen, int offset, struct sctphdr sh, 423 struct sctp_init_ack_chunk cp, struct sctp_tcb stcb, 424 struct sctp_nets net, int abort_no_unlock, 425 uint8_t use_mflowid, uint32_t mflowid, 426 uint32_t vrf_id)
412{ 413 struct sctp_association asoc; 414* struct mbuf op_err; 415* int retval, abort_flag; 416 uint32_t initack_limit; 417 int nat_friendly = 0; 418 419 /* First verify that we have no illegal param's / --- 20 unchanged lines hidden* (view full) --- 440 /* load all addresses / 441* if ((retval = sctp_load_addresses_from_init(stcb, m, 442 (offset + sizeof(struct sctp_init_chunk)), initack_limit, sh, 443 NULL))) { 444 /* Huh, we should abort / 445* SCTPDBG(SCTP_DEBUG_INPUT1, 446 "Load addresses from INIT causes an abort %d\n", 447 retval);	427{ 428 struct sctp_association asoc; 429* struct mbuf op_err; 430* int retval, abort_flag; 431 uint32_t initack_limit; 432 int nat_friendly = 0; 433 434 /* First verify that we have no illegal param's / --- 20 unchanged lines hidden* (view full) --- 455 /* load all addresses / 456* if ((retval = sctp_load_addresses_from_init(stcb, m, 457 (offset + sizeof(struct sctp_init_chunk)), initack_limit, sh, 458 NULL))) { 459 /* Huh, we should abort / 460* SCTPDBG(SCTP_DEBUG_INPUT1, 461 "Load addresses from INIT causes an abort %d\n", 462 retval);
448 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, 449 NULL, 0, net->port);	463 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh, NULL, 464 use_mflowid, mflowid, 465 vrf_id, net->port);
450 abort_no_unlock = 1; 451* return (-1); 452 } 453 /* if the peer doesn't support asconf, flush the asconf queue / 454* if (asoc->peer_supports_asconf == 0) { 455 struct sctp_asconf_addr param, nparam; 456 457 TAILQ_FOREACH_SAFE(param, &asoc->asconf_queue, next, nparam) { --- 57 unchanged lines hidden (view full) --- 515 /* Subtract the reserved param / 516* mp->length = 517 htons(sizeof(struct sctp_inv_mandatory_param) - 2); 518 mp->num_param = htonl(1); 519 mp->param = htons(SCTP_STATE_COOKIE); 520 mp->resv = 0; 521 } 522 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,	466 abort_no_unlock = 1; 467* return (-1); 468 } 469 /* if the peer doesn't support asconf, flush the asconf queue / 470* if (asoc->peer_supports_asconf == 0) { 471 struct sctp_asconf_addr param, nparam; 472 473 TAILQ_FOREACH_SAFE(param, &asoc->asconf_queue, next, nparam) { --- 57 unchanged lines hidden (view full) --- 531 /* Subtract the reserved param / 532* mp->length = 533 htons(sizeof(struct sctp_inv_mandatory_param) - 2); 534 mp->num_param = htonl(1); 535 mp->param = htons(SCTP_STATE_COOKIE); 536 mp->resv = 0; 537 } 538 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
523 sh, op_err, vrf_id, net->port);	539 sh, op_err, 540 use_mflowid, mflowid, 541 vrf_id, net->port);
524 abort_no_unlock = 1; 525* } 526 return (retval); 527 } 528 return (0); 529} 530 531static void --- 723 unchanged lines hidden (view full) --- 1255 chklen -= adjust; 1256 phdr = (struct sctp_paramhdr )((caddr_t)phdr + adjust); 1257* } 1258 sctp_ulp_notify(SCTP_NOTIFY_REMOTE_ERROR, stcb, error, ch, SCTP_SO_NOT_LOCKED); 1259 return (0); 1260} 1261 1262static int	542 abort_no_unlock = 1; 543* } 544 return (retval); 545 } 546 return (0); 547} 548 549static void --- 723 unchanged lines hidden (view full) --- 1273 chklen -= adjust; 1274 phdr = (struct sctp_paramhdr )((caddr_t)phdr + adjust); 1275* } 1276 sctp_ulp_notify(SCTP_NOTIFY_REMOTE_ERROR, stcb, error, ch, SCTP_SO_NOT_LOCKED); 1277 return (0); 1278} 1279 1280static int
1263sctp_handle_init_ack(struct mbuf m, int iphlen, int offset, 1264* struct sctphdr sh, struct sctp_init_ack_chunk cp, struct sctp_tcb stcb, 1265* struct sctp_nets net, int abort_no_unlock, uint32_t vrf_id)	1281sctp_handle_init_ack(struct mbuf m, int iphlen, int offset, struct sctphdr sh, 1282 struct sctp_init_ack_chunk cp, struct sctp_tcb stcb, 1283 struct sctp_nets net, int abort_no_unlock, 1284 uint8_t use_mflowid, uint32_t mflowid, 1285 uint32_t vrf_id)
1266{ 1267 struct sctp_init_ack init_ack; 1268* struct mbuf op_err; 1269* 1270 SCTPDBG(SCTP_DEBUG_INPUT2, 1271 "sctp_handle_init_ack: handling INIT-ACK\n"); 1272 1273 if (stcb == NULL) { 1274 SCTPDBG(SCTP_DEBUG_INPUT2, 1275 "sctp_handle_init_ack: TCB is null\n"); 1276 return (-1); 1277 } 1278 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) { 1279 /* Invalid length / 1280* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1281 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,	1286{ 1287 struct sctp_init_ack init_ack; 1288* struct mbuf op_err; 1289* 1290 SCTPDBG(SCTP_DEBUG_INPUT2, 1291 "sctp_handle_init_ack: handling INIT-ACK\n"); 1292 1293 if (stcb == NULL) { 1294 SCTPDBG(SCTP_DEBUG_INPUT2, 1295 "sctp_handle_init_ack: TCB is null\n"); 1296 return (-1); 1297 } 1298 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) { 1299 /* Invalid length / 1300* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1301 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1282 op_err, 0, net->port);	1302 op_err, 1303 use_mflowid, mflowid, 1304 vrf_id, net->port);
1283 abort_no_unlock = 1; 1284* return (-1); 1285 } 1286 init_ack = &cp->init; 1287 /* validate parameters / 1288* if (init_ack->initiate_tag == 0) { 1289 /* protocol error... send an abort / 1290* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1291 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,	1305 abort_no_unlock = 1; 1306* return (-1); 1307 } 1308 init_ack = &cp->init; 1309 /* validate parameters / 1310* if (init_ack->initiate_tag == 0) { 1311 /* protocol error... send an abort / 1312* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1313 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1292 op_err, 0, net->port);	1314 op_err, 1315 use_mflowid, mflowid, 1316 vrf_id, net->port);
1293 abort_no_unlock = 1; 1294* return (-1); 1295 } 1296 if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) { 1297 /* protocol error... send an abort / 1298* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1299 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,	1317 abort_no_unlock = 1; 1318* return (-1); 1319 } 1320 if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) { 1321 /* protocol error... send an abort / 1322* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1323 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1300 op_err, 0, net->port);	1324 op_err, 1325 use_mflowid, mflowid, 1326 vrf_id, net->port);
1301 abort_no_unlock = 1; 1302* return (-1); 1303 } 1304 if (init_ack->num_inbound_streams == 0) { 1305 /* protocol error... send an abort / 1306* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1307 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,	1327 abort_no_unlock = 1; 1328* return (-1); 1329 } 1330 if (init_ack->num_inbound_streams == 0) { 1331 /* protocol error... send an abort / 1332* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1333 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1308 op_err, 0, net->port);	1334 op_err, 1335 use_mflowid, mflowid, 1336 vrf_id, net->port);
1309 abort_no_unlock = 1; 1310* return (-1); 1311 } 1312 if (init_ack->num_outbound_streams == 0) { 1313 /* protocol error... send an abort / 1314* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1315 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,	1337 abort_no_unlock = 1; 1338* return (-1); 1339 } 1340 if (init_ack->num_outbound_streams == 0) { 1341 /* protocol error... send an abort / 1342* op_err = sctp_generate_invmanparam(SCTP_CAUSE_INVALID_PARAM); 1343 sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, sh,
1316 op_err, 0, net->port);	1344 op_err, 1345 use_mflowid, mflowid, 1346 vrf_id, net->port);
1317 abort_no_unlock = 1; 1318* return (-1); 1319 } 1320 /* process according to association state... / 1321* switch (stcb->asoc.state & SCTP_STATE_MASK) { 1322 case SCTP_STATE_COOKIE_WAIT: 1323 /* this is the expected state for this chunk / 1324* /* process the INIT-ACK parameters / --- 6 unchanged lines hidden* (view full) --- 1331 * though. 1332 / 1333* stcb->asoc.primary_destination->dest_state &= 1334 ~SCTP_ADDR_UNCONFIRMED; 1335 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, 1336 stcb, 0, (void )stcb->asoc.primary_destination, SCTP_SO_NOT_LOCKED); 1337* } 1338 if (sctp_process_init_ack(m, iphlen, offset, sh, cp, stcb,	1347 abort_no_unlock = 1; 1348* return (-1); 1349 } 1350 /* process according to association state... / 1351* switch (stcb->asoc.state & SCTP_STATE_MASK) { 1352 case SCTP_STATE_COOKIE_WAIT: 1353 /* this is the expected state for this chunk / 1354* /* process the INIT-ACK parameters / --- 6 unchanged lines hidden* (view full) --- 1361 * though. 1362 / 1363* stcb->asoc.primary_destination->dest_state &= 1364 ~SCTP_ADDR_UNCONFIRMED; 1365 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, 1366 stcb, 0, (void )stcb->asoc.primary_destination, SCTP_SO_NOT_LOCKED); 1367* } 1368 if (sctp_process_init_ack(m, iphlen, offset, sh, cp, stcb,
1339 net, abort_no_unlock, vrf_id) < 0) {	1369 net, abort_no_unlock, 1370 use_mflowid, mflowid, 1371 vrf_id) < 0) {
1340 /* error in parsing parameters / 1341* return (-1); 1342 } 1343 /* update our state / 1344* SCTPDBG(SCTP_DEBUG_INPUT2, "moving to COOKIE-ECHOED state\n"); 1345 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_ECHOED); 1346 1347 /* reset the RTO calc / --- 38 unchanged lines hidden* (view full) --- 1386} 1387 1388static struct sctp_tcb * 1389sctp_process_cookie_new(struct mbuf m, int iphlen, int offset, 1390* struct sctphdr sh, struct sctp_state_cookie cookie, int cookie_len, 1391 struct sctp_inpcb inp, struct sctp_nets netp, 1392* struct sockaddr init_src, int notification, 1393 int auth_skipped, uint32_t auth_offset, uint32_t auth_len,	1372 /* error in parsing parameters / 1373* return (-1); 1374 } 1375 /* update our state / 1376* SCTPDBG(SCTP_DEBUG_INPUT2, "moving to COOKIE-ECHOED state\n"); 1377 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_ECHOED); 1378 1379 /* reset the RTO calc / --- 38 unchanged lines hidden* (view full) --- 1418} 1419 1420static struct sctp_tcb * 1421sctp_process_cookie_new(struct mbuf m, int iphlen, int offset, 1422* struct sctphdr sh, struct sctp_state_cookie cookie, int cookie_len, 1423 struct sctp_inpcb inp, struct sctp_nets netp, 1424* struct sockaddr init_src, int notification, 1425 int auth_skipped, uint32_t auth_offset, uint32_t auth_len,
	1426 uint8_t use_mflowid, uint32_t mflowid,
1394 uint32_t vrf_id, uint16_t port); 1395 1396 1397/* 1398 * handle a state cookie for an existing association m: input packet mbuf 1399 * chain-- assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a 1400 * "split" mbuf and the cookie signature does not exist offset: offset into 1401 * mbuf to the cookie-echo chunk 1402 / 1403static struct sctp_tcb 1404sctp_process_cookie_existing(struct mbuf m, int iphlen, int offset, 1405* struct sctphdr sh, struct sctp_state_cookie cookie, int cookie_len, 1406 struct sctp_inpcb inp, struct sctp_tcb stcb, struct sctp_nets *netp, 1407* struct sockaddr init_src, int notification,	1427 uint32_t vrf_id, uint16_t port); 1428 1429 1430/* 1431 * handle a state cookie for an existing association m: input packet mbuf 1432 * chain-- assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a 1433 * "split" mbuf and the cookie signature does not exist offset: offset into 1434 * mbuf to the cookie-echo chunk 1435 / 1436static struct sctp_tcb 1437sctp_process_cookie_existing(struct mbuf m, int iphlen, int offset, 1438* struct sctphdr sh, struct sctp_state_cookie cookie, int cookie_len, 1439 struct sctp_inpcb inp, struct sctp_tcb stcb, struct sctp_nets *netp, 1440* struct sockaddr init_src, int notification,
1408 uint32_t vrf_id, int auth_skipped, uint32_t auth_offset, uint32_t auth_len, uint16_t port)	1441 int auth_skipped, uint32_t auth_offset, uint32_t auth_len, 1442 uint8_t use_mflowid, uint32_t mflowid, 1443 uint32_t vrf_id, uint16_t port)
1409{ 1410 struct sctp_association asoc; 1411* struct sctp_init_chunk init_cp, init_buf; 1412* struct sctp_init_ack_chunk initack_cp, initack_buf; 1413* struct sctp_nets net; 1414* struct mbuf op_err; 1415* struct sctp_paramhdr ph; 1416* int init_offset, initack_offset, i; --- 21 unchanged lines hidden (view full) --- 1438 return (NULL); 1439 } 1440 /* Set the len / 1441* SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr); 1442 ph = mtod(op_err, struct sctp_paramhdr ); 1443* ph->param_type = htons(SCTP_CAUSE_COOKIE_IN_SHUTDOWN); 1444 ph->param_length = htons(sizeof(struct sctp_paramhdr)); 1445 sctp_send_operr_to(m, sh, cookie->peers_vtag, op_err,	1444{ 1445 struct sctp_association asoc; 1446* struct sctp_init_chunk init_cp, init_buf; 1447* struct sctp_init_ack_chunk initack_cp, initack_buf; 1448* struct sctp_nets net; 1449* struct mbuf op_err; 1450* struct sctp_paramhdr ph; 1451* int init_offset, initack_offset, i; --- 21 unchanged lines hidden (view full) --- 1473 return (NULL); 1474 } 1475 /* Set the len / 1476* SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr); 1477 ph = mtod(op_err, struct sctp_paramhdr ); 1478* ph->param_type = htons(SCTP_CAUSE_COOKIE_IN_SHUTDOWN); 1479 ph->param_length = htons(sizeof(struct sctp_paramhdr)); 1480 sctp_send_operr_to(m, sh, cookie->peers_vtag, op_err,
	1481 use_mflowid, mflowid,
1446 vrf_id, net->port); 1447 if (how_indx < sizeof(asoc->cookie_how)) 1448 asoc->cookie_how[how_indx] = 2; 1449 return (NULL); 1450 } 1451 /* 1452 * find and validate the INIT chunk in the cookie (peer's info) the 1453 * INIT should start after the cookie-echo header struct (chunk --- 208 unchanged lines hidden (view full) --- 1662#endif 1663 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 1664 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 1665 /* Set the len / 1666* SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr); 1667 ph = mtod(op_err, struct sctp_paramhdr ); 1668* ph->param_type = htons(SCTP_CAUSE_NAT_COLLIDING_STATE); 1669 ph->param_length = htons(sizeof(struct sctp_paramhdr));	1482 vrf_id, net->port); 1483 if (how_indx < sizeof(asoc->cookie_how)) 1484 asoc->cookie_how[how_indx] = 2; 1485 return (NULL); 1486 } 1487 /* 1488 * find and validate the INIT chunk in the cookie (peer's info) the 1489 * INIT should start after the cookie-echo header struct (chunk --- 208 unchanged lines hidden (view full) --- 1698#endif 1699 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 1700 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 1701 /* Set the len / 1702* SCTP_BUF_LEN(op_err) = sizeof(struct sctp_paramhdr); 1703 ph = mtod(op_err, struct sctp_paramhdr ); 1704* ph->param_type = htons(SCTP_CAUSE_NAT_COLLIDING_STATE); 1705 ph->param_length = htons(sizeof(struct sctp_paramhdr));
1670 sctp_send_abort(m, iphlen, sh, 0, op_err, vrf_id, port);	1706 sctp_send_abort(m, iphlen, sh, 0, op_err, 1707 use_mflowid, mflowid, 1708 vrf_id, port);
1671 return (NULL); 1672 } 1673 if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) && 1674 ((ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) \|\| 1675 (asoc->peer_vtag == 0))) { 1676 /* 1677 * case B in Section 5.2.4 Table 2: MXAA or MOAA my info 1678 * should be ok, re-accept peer info --- 148 unchanged lines hidden (view full) --- 1827 /* 1828 * This is a gross gross hack. just call the 1829 * cookie_new code since we are allowing a duplicate 1830 * association. I hope this works... 1831 / 1832* return (sctp_process_cookie_new(m, iphlen, offset, sh, cookie, cookie_len, 1833 inp, netp, init_src, notification, 1834 auth_skipped, auth_offset, auth_len,	1709 return (NULL); 1710 } 1711 if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) && 1712 ((ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) \|\| 1713 (asoc->peer_vtag == 0))) { 1714 /* 1715 * case B in Section 5.2.4 Table 2: MXAA or MOAA my info 1716 * should be ok, re-accept peer info --- 148 unchanged lines hidden (view full) --- 1865 /* 1866 * This is a gross gross hack. just call the 1867 * cookie_new code since we are allowing a duplicate 1868 * association. I hope this works... 1869 / 1870* return (sctp_process_cookie_new(m, iphlen, offset, sh, cookie, cookie_len, 1871 inp, netp, init_src, notification, 1872 auth_skipped, auth_offset, auth_len,
	1873 use_mflowid, mflowid,
1835 vrf_id, port)); 1836 } 1837 /* 1838 * case A in Section 5.2.4 Table 2: XXMM (peer restarted) 1839 / 1840* /* temp code / 1841* if (how_indx < sizeof(asoc->cookie_how)) 1842 asoc->cookie_how[how_indx] = 12; --- 114 unchanged lines hidden (view full) --- 1957 1958/* 1959 * handle a state cookie for a new association m: input packet mbuf chain-- 1960 * assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a "split" mbuf 1961 * and the cookie signature does not exist offset: offset into mbuf to the 1962 * cookie-echo chunk length: length of the cookie chunk to: where the init 1963 * was from returns a new TCB 1964 */	1874 vrf_id, port)); 1875 } 1876 /* 1877 * case A in Section 5.2.4 Table 2: XXMM (peer restarted) 1878 / 1879* /* temp code / 1880* if (how_indx < sizeof(asoc->cookie_how)) 1881 asoc->cookie_how[how_indx] = 12; --- 114 unchanged lines hidden (view full) --- 1996 1997/* 1998 * handle a state cookie for a new association m: input packet mbuf chain-- 1999 * assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a "split" mbuf 2000 * and the cookie signature does not exist offset: offset into mbuf to the 2001 * cookie-echo chunk length: length of the cookie chunk to: where the init 2002 * was from returns a new TCB 2003 */
1965struct sctp_tcb *	2004static struct sctp_tcb *
1966sctp_process_cookie_new(struct mbuf m, int iphlen, int offset, 1967* struct sctphdr sh, struct sctp_state_cookie cookie, int cookie_len, 1968 struct sctp_inpcb inp, struct sctp_nets netp, 1969* struct sockaddr init_src, int notification, 1970 int auth_skipped, uint32_t auth_offset, uint32_t auth_len,	2005sctp_process_cookie_new(struct mbuf m, int iphlen, int offset, 2006* struct sctphdr sh, struct sctp_state_cookie cookie, int cookie_len, 2007 struct sctp_inpcb inp, struct sctp_nets netp, 2008* struct sockaddr init_src, int notification, 2009 int auth_skipped, uint32_t auth_offset, uint32_t auth_len,
	2010 uint8_t use_mflowid, uint32_t mflowid,
1971 uint32_t vrf_id, uint16_t port) 1972{ 1973 struct sctp_tcb stcb; 1974* struct sctp_init_chunk init_cp, init_buf; 1975* struct sctp_init_ack_chunk initack_cp, initack_buf; 1976* struct sockaddr_storage sa_store; 1977 struct sockaddr initack_src = (struct sockaddr )&sa_store; 1978 struct sctp_association asoc; --- 78 unchanged lines hidden* (view full) --- 2057 struct mbuf op_err; 2058* 2059 /* memory problem? / 2060* SCTPDBG(SCTP_DEBUG_INPUT1, 2061 "process_cookie_new: no room for another TCB!\n"); 2062 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 2063 2064 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,	2011 uint32_t vrf_id, uint16_t port) 2012{ 2013 struct sctp_tcb stcb; 2014* struct sctp_init_chunk init_cp, init_buf; 2015* struct sctp_init_ack_chunk initack_cp, initack_buf; 2016* struct sockaddr_storage sa_store; 2017 struct sockaddr initack_src = (struct sockaddr )&sa_store; 2018 struct sctp_association asoc; --- 78 unchanged lines hidden* (view full) --- 2097 struct mbuf op_err; 2098* 2099 /* memory problem? / 2100* SCTPDBG(SCTP_DEBUG_INPUT1, 2101 "process_cookie_new: no room for another TCB!\n"); 2102 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 2103 2104 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
2065 sh, op_err, vrf_id, port);	2105 sh, op_err, 2106 use_mflowid, mflowid, 2107 vrf_id, port);
2066 return (NULL); 2067 } 2068 /* get the correct sctp_nets / 2069* if (netp) 2070 netp = sctp_findnet(stcb, init_src); 2071* 2072 asoc = &stcb->asoc; 2073 /* get scope variables out of cookie / --- 9 unchanged lines hidden* (view full) --- 2083 /* 2084 * Houston we have a problem. The EP changed while the 2085 * cookie was in flight. Only recourse is to abort the 2086 * association. 2087 / 2088* atomic_add_int(&stcb->asoc.refcnt, 1); 2089 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 2090 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,	2108 return (NULL); 2109 } 2110 /* get the correct sctp_nets / 2111* if (netp) 2112 netp = sctp_findnet(stcb, init_src); 2113* 2114 asoc = &stcb->asoc; 2115 /* get scope variables out of cookie / --- 9 unchanged lines hidden* (view full) --- 2125 /* 2126 * Houston we have a problem. The EP changed while the 2127 * cookie was in flight. Only recourse is to abort the 2128 * association. 2129 / 2130* atomic_add_int(&stcb->asoc.refcnt, 1); 2131 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 2132 sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
2091 sh, op_err, vrf_id, port);	2133 sh, op_err, 2134 use_mflowid, mflowid, 2135 vrf_id, port);
2092#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) 2093 SCTP_TCB_UNLOCK(stcb); 2094 SCTP_SOCKET_LOCK(so, 1); 2095 SCTP_TCB_LOCK(stcb); 2096#endif 2097 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 2098 SCTP_FROM_SCTP_INPUT + SCTP_LOC_16); 2099#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) --- 230 unchanged lines hidden (view full) --- 2330 * handles a COOKIE-ECHO message stcb: modified to either a new or left as 2331 * existing (non-NULL) TCB 2332 / 2333static struct mbuf 2334sctp_handle_cookie_echo(struct mbuf m, int iphlen, int offset, 2335* struct sctphdr sh, struct sctp_cookie_echo_chunk cp, 2336 struct sctp_inpcb inp_p, struct sctp_tcb stcb, struct sctp_nets *netp, 2337* int auth_skipped, uint32_t auth_offset, uint32_t auth_len,	2136#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) 2137 SCTP_TCB_UNLOCK(stcb); 2138 SCTP_SOCKET_LOCK(so, 1); 2139 SCTP_TCB_LOCK(stcb); 2140#endif 2141 (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, 2142 SCTP_FROM_SCTP_INPUT + SCTP_LOC_16); 2143#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) --- 230 unchanged lines hidden (view full) --- 2374 * handles a COOKIE-ECHO message stcb: modified to either a new or left as 2375 * existing (non-NULL) TCB 2376 / 2377static struct mbuf 2378sctp_handle_cookie_echo(struct mbuf m, int iphlen, int offset, 2379* struct sctphdr sh, struct sctp_cookie_echo_chunk cp, 2380 struct sctp_inpcb inp_p, struct sctp_tcb stcb, struct sctp_nets *netp, 2381* int auth_skipped, uint32_t auth_offset, uint32_t auth_len,
2338 struct sctp_tcb **locked_tcb, uint32_t vrf_id, uint16_t port)	2382 struct sctp_tcb *locked_tcb, 2383* uint8_t use_mflowid, uint32_t mflowid, 2384 uint32_t vrf_id, uint16_t port)
2339{ 2340 struct sctp_state_cookie cookie; 2341* struct sctp_tcb l_stcb = stcb; 2342 struct sctp_inpcb l_inp; 2343* struct sockaddr to; 2344* struct sctp_pcb ep; 2345* struct mbuf m_sig; 2346* uint8_t calc_sig[SCTP_SIGNATURE_SIZE], tmp_sig[SCTP_SIGNATURE_SIZE]; --- 219 unchanged lines hidden (view full) --- 2566 (sizeof(uint32_t)))); 2567 /* seconds to usec / 2568* tim = (now.tv_sec - time_expires.tv_sec) * 1000000; 2569 /* add in usec / 2570* if (tim == 0) 2571 tim = now.tv_usec - cookie->time_entered.tv_usec; 2572 scm->time_usec = htonl(tim); 2573 sctp_send_operr_to(m, sh, cookie->peers_vtag, op_err,	2385{ 2386 struct sctp_state_cookie cookie; 2387* struct sctp_tcb l_stcb = stcb; 2388 struct sctp_inpcb l_inp; 2389* struct sockaddr to; 2390* struct sctp_pcb ep; 2391* struct mbuf m_sig; 2392* uint8_t calc_sig[SCTP_SIGNATURE_SIZE], tmp_sig[SCTP_SIGNATURE_SIZE]; --- 219 unchanged lines hidden (view full) --- 2612 (sizeof(uint32_t)))); 2613 /* seconds to usec / 2614* tim = (now.tv_sec - time_expires.tv_sec) * 1000000; 2615 /* add in usec / 2616* if (tim == 0) 2617 tim = now.tv_usec - cookie->time_entered.tv_usec; 2618 scm->time_usec = htonl(tim); 2619 sctp_send_operr_to(m, sh, cookie->peers_vtag, op_err,
	2620 use_mflowid, mflowid,
2574 vrf_id, port); 2575 return (NULL); 2576 } 2577 /* 2578 * Now we must see with the lookup address if we have an existing 2579 * asoc. This will only happen if we were in the COOKIE-WAIT state 2580 * and a INIT collided with us and somewhere the peer sent the 2581 * cookie on another address besides the single address our assoc --- 71 unchanged lines hidden (view full) --- 2653 if (to == NULL) { 2654 return (NULL); 2655 } 2656 cookie_len -= SCTP_SIGNATURE_SIZE; 2657 if (stcb == NULL) { 2658* /* this is the "normal" case... get a new TCB / 2659* stcb = sctp_process_cookie_new(m, iphlen, offset, sh, cookie, 2660* cookie_len, *inp_p, netp, to, &notification,	2621 vrf_id, port); 2622 return (NULL); 2623 } 2624 /* 2625 * Now we must see with the lookup address if we have an existing 2626 * asoc. This will only happen if we were in the COOKIE-WAIT state 2627 * and a INIT collided with us and somewhere the peer sent the 2628 * cookie on another address besides the single address our assoc --- 71 unchanged lines hidden (view full) --- 2700 if (to == NULL) { 2701 return (NULL); 2702 } 2703 cookie_len -= SCTP_SIGNATURE_SIZE; 2704 if (stcb == NULL) { 2705* /* this is the "normal" case... get a new TCB / 2706* stcb = sctp_process_cookie_new(m, iphlen, offset, sh, cookie, 2707* cookie_len, *inp_p, netp, to, &notification,
2661 auth_skipped, auth_offset, auth_len, vrf_id, port);	2708 auth_skipped, auth_offset, auth_len, 2709 use_mflowid, mflowid, 2710 vrf_id, port);
2662 } else { 2663 /* this is abnormal... cookie-echo on existing TCB / 2664* had_a_existing_tcb = 1; 2665 stcb = sctp_process_cookie_existing(m, iphlen, offset, sh, 2666* cookie, cookie_len, inp_p, stcb, netp, to,	2711 } else { 2712 /* this is abnormal... cookie-echo on existing TCB / 2713* had_a_existing_tcb = 1; 2714 stcb = sctp_process_cookie_existing(m, iphlen, offset, sh, 2715* cookie, cookie_len, inp_p, stcb, netp, to,
2667 &notification, vrf_id, auth_skipped, auth_offset, auth_len, port);	2716 &notification, auth_skipped, auth_offset, auth_len, 2717 use_mflowid, mflowid, 2718 vrf_id, port);
2668 } 2669 2670 if (stcb == NULL) { 2671* /* still no TCB... must be bad cookie-echo / 2672* return (NULL); 2673 }	2719 } 2720 2721 if (stcb == NULL) { 2722* /* still no TCB... must be bad cookie-echo / 2723* return (NULL); 2724 }
2674 if ((netp != NULL) && (m->m_flags & M_FLOWID)) { 2675* (*netp)->flowid = m->m_pkthdr.flowid;	2725 if ((netp != NULL) && (use_mflowid != 0)) { 2726* (*netp)->flowid = mflowid;
2676#ifdef INVARIANTS 2677 (netp)->flowidset = 1; 2678#endif 2679* } 2680 /* 2681 * Ok, we built an association so confirm the address we sent the 2682 * INIT-ACK to. 2683 / --- 56 unchanged lines hidden* (view full) --- 2740#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) 2741 struct socket pcb_so; 2742* 2743#endif 2744 /* Too many sockets / 2745* SCTPDBG(SCTP_DEBUG_INPUT1, "process_cookie_new: no room for another socket!\n"); 2746 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 2747 sctp_abort_association(*inp_p, NULL, m, iphlen,	2727#ifdef INVARIANTS 2728 (netp)->flowidset = 1; 2729#endif 2730* } 2731 /* 2732 * Ok, we built an association so confirm the address we sent the 2733 * INIT-ACK to. 2734 / --- 56 unchanged lines hidden* (view full) --- 2791#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) 2792 struct socket pcb_so; 2793* 2794#endif 2795 /* Too many sockets / 2796* SCTPDBG(SCTP_DEBUG_INPUT1, "process_cookie_new: no room for another socket!\n"); 2797 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 2798 sctp_abort_association(*inp_p, NULL, m, iphlen,
2748 sh, op_err, vrf_id, port);	2799 sh, op_err, 2800 use_mflowid, mflowid, 2801 vrf_id, port);
2749#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) 2750 pcb_so = SCTP_INP_SO(inp_p); 2751* atomic_add_int(&(stcb)->asoc.refcnt, 1); 2752* SCTP_TCB_UNLOCK((stcb)); 2753* SCTP_SOCKET_LOCK(pcb_so, 1); 2754 SCTP_TCB_LOCK((stcb)); 2755* atomic_subtract_int(&(stcb)->asoc.refcnt, 1); 2756#endif --- 1599 unchanged lines hidden* (view full) --- 4356 / 4357#ifdef __GNUC__ 4358__attribute__((noinline)) 4359#endif 4360* static struct sctp_tcb * 4361 sctp_process_control(struct mbuf m, int iphlen, int offset, int length, 4362 struct sctphdr sh, struct sctp_chunkhdr ch, struct sctp_inpcb inp, 4363* struct sctp_tcb stcb, struct sctp_nets netp, int fwd_tsn_seen,	2802#if defined (__APPLE__) \|\| defined(SCTP_SO_LOCK_TESTING) 2803 pcb_so = SCTP_INP_SO(inp_p); 2804* atomic_add_int(&(stcb)->asoc.refcnt, 1); 2805* SCTP_TCB_UNLOCK((stcb)); 2806* SCTP_SOCKET_LOCK(pcb_so, 1); 2807 SCTP_TCB_LOCK((stcb)); 2808* atomic_subtract_int(&(stcb)->asoc.refcnt, 1); 2809#endif --- 1599 unchanged lines hidden* (view full) --- 4409 / 4410#ifdef __GNUC__ 4411__attribute__((noinline)) 4412#endif 4413* static struct sctp_tcb * 4414 sctp_process_control(struct mbuf m, int iphlen, int offset, int length, 4415 struct sctphdr sh, struct sctp_chunkhdr ch, struct sctp_inpcb inp, 4416* struct sctp_tcb stcb, struct sctp_nets netp, int fwd_tsn_seen,
	4417 uint8_t use_mflowid, uint32_t mflowid,
4364 uint32_t vrf_id, uint16_t port) 4365{ 4366 struct sctp_association asoc; 4367* uint32_t vtag_in; 4368 int num_chunks = 0; /* number of control chunks processed / 4369* uint32_t chk_length; 4370 int ret; 4371 int abort_no_unlock = 0; --- 140 unchanged lines hidden (view full) --- 4512 /* remaining chunks are HMAC checked / 4513* stcb->asoc.authenticated = 1; 4514 } 4515 } 4516 } 4517 if (stcb == NULL) { 4518 /* no association, so it's out of the blue... / 4519* sctp_handle_ootb(m, iphlen, *offset, sh, inp,	4418 uint32_t vrf_id, uint16_t port) 4419{ 4420 struct sctp_association asoc; 4421* uint32_t vtag_in; 4422 int num_chunks = 0; /* number of control chunks processed / 4423* uint32_t chk_length; 4424 int ret; 4425 int abort_no_unlock = 0; --- 140 unchanged lines hidden (view full) --- 4566 /* remaining chunks are HMAC checked / 4567* stcb->asoc.authenticated = 1; 4568 } 4569 } 4570 } 4571 if (stcb == NULL) { 4572 /* no association, so it's out of the blue... / 4573* sctp_handle_ootb(m, iphlen, *offset, sh, inp,
	4574 use_mflowid, mflowid,
4520 vrf_id, port); 4521 offset = length; 4522* if (locked_tcb) { 4523 SCTP_TCB_UNLOCK(locked_tcb); 4524 } 4525 return (NULL); 4526 } 4527 asoc = &stcb->asoc; --- 21 unchanged lines hidden (view full) --- 4549 * is still hung; we have started a new asoc 4550 * but it won't complete until the shutdown 4551 * is completed 4552 / 4553* if (locked_tcb) { 4554 SCTP_TCB_UNLOCK(locked_tcb); 4555 } 4556 sctp_handle_ootb(m, iphlen, *offset, sh, inp,	4575 vrf_id, port); 4576 offset = length; 4577* if (locked_tcb) { 4578 SCTP_TCB_UNLOCK(locked_tcb); 4579 } 4580 return (NULL); 4581 } 4582 asoc = &stcb->asoc; --- 21 unchanged lines hidden (view full) --- 4604 * is still hung; we have started a new asoc 4605 * but it won't complete until the shutdown 4606 * is completed 4607 / 4608* if (locked_tcb) { 4609 SCTP_TCB_UNLOCK(locked_tcb); 4610 } 4611 sctp_handle_ootb(m, iphlen, *offset, sh, inp,
	4612 use_mflowid, mflowid,
4557 vrf_id, port); 4558 return (NULL); 4559 } 4560 } else { 4561 /* for all other chunks, vtag must match / 4562* if (vtag_in != asoc->my_vtag) { 4563 /* invalid vtag... / 4564* SCTPDBG(SCTP_DEBUG_INPUT3, --- 125 unchanged lines hidden (view full) --- 4690 } 4691 switch (ch->chunk_type) { 4692 case SCTP_INITIATION: 4693 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_INIT\n"); 4694 /* The INIT chunk must be the only chunk. / 4695* if ((num_chunks > 1) \|\| 4696 (length - offset > (int)SCTP_SIZE32(chk_length))) { 4697* sctp_abort_association(inp, stcb, m,	4613 vrf_id, port); 4614 return (NULL); 4615 } 4616 } else { 4617 /* for all other chunks, vtag must match / 4618* if (vtag_in != asoc->my_vtag) { 4619 /* invalid vtag... / 4620* SCTPDBG(SCTP_DEBUG_INPUT3, --- 125 unchanged lines hidden (view full) --- 4746 } 4747 switch (ch->chunk_type) { 4748 case SCTP_INITIATION: 4749 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_INIT\n"); 4750 /* The INIT chunk must be the only chunk. / 4751* if ((num_chunks > 1) \|\| 4752 (length - offset > (int)SCTP_SIZE32(chk_length))) { 4753* sctp_abort_association(inp, stcb, m,
4698 iphlen, sh, NULL, vrf_id, port);	4754 iphlen, sh, NULL, 4755 use_mflowid, mflowid, 4756 vrf_id, port);
4699 offset = length; 4700* return (NULL); 4701 } 4702 /* Honor our resource limit. / 4703* if (chk_length > SCTP_LARGEST_INIT_ACCEPTED) { 4704 struct mbuf op_err; 4705* 4706 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 4707 sctp_abort_association(inp, stcb, m,	4757 offset = length; 4758* return (NULL); 4759 } 4760 /* Honor our resource limit. / 4761* if (chk_length > SCTP_LARGEST_INIT_ACCEPTED) { 4762 struct mbuf op_err; 4763* 4764 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 4765 sctp_abort_association(inp, stcb, m,
4708 iphlen, sh, op_err, vrf_id, port);	4766 iphlen, sh, op_err, 4767 use_mflowid, mflowid, 4768 vrf_id, port);
4709 offset = length; 4710* return (NULL); 4711 } 4712 sctp_handle_init(m, iphlen, offset, sh, 4713* (struct sctp_init_chunk *)ch, inp,	4769 offset = length; 4770* return (NULL); 4771 } 4772 sctp_handle_init(m, iphlen, offset, sh, 4773* (struct sctp_init_chunk *)ch, inp,
4714 stcb, &abort_no_unlock, vrf_id, port);	4774 stcb, &abort_no_unlock, 4775 use_mflowid, mflowid, 4776 vrf_id, port);
4715 offset = length; 4716* if ((!abort_no_unlock) && (locked_tcb)) { 4717 SCTP_TCB_UNLOCK(locked_tcb); 4718 } 4719 return (NULL); 4720 break; 4721 case SCTP_PAD_CHUNK: 4722 break; --- 32 unchanged lines hidden (view full) --- 4755 offset = length; 4756* if (locked_tcb) { 4757 SCTP_TCB_UNLOCK(locked_tcb); 4758 } 4759 return (NULL); 4760 } 4761 if ((netp) && (netp)) { 4762* ret = sctp_handle_init_ack(m, iphlen, *offset, sh,	4777 offset = length; 4778* if ((!abort_no_unlock) && (locked_tcb)) { 4779 SCTP_TCB_UNLOCK(locked_tcb); 4780 } 4781 return (NULL); 4782 break; 4783 case SCTP_PAD_CHUNK: 4784 break; --- 32 unchanged lines hidden (view full) --- 4817 offset = length; 4818* if (locked_tcb) { 4819 SCTP_TCB_UNLOCK(locked_tcb); 4820 } 4821 return (NULL); 4822 } 4823 if ((netp) && (netp)) { 4824* ret = sctp_handle_init_ack(m, iphlen, *offset, sh,
4763 (struct sctp_init_ack_chunk )ch, stcb, netp, &abort_no_unlock, vrf_id);	4825 (struct sctp_init_ack_chunk )ch, 4826* stcb, netp, 4827* &abort_no_unlock, 4828 use_mflowid, mflowid, 4829 vrf_id);
4764 } else { 4765 ret = -1; 4766 } 4767 offset = length; 4768* if (abort_no_unlock) { 4769 return (NULL); 4770 } 4771 /* --- 289 unchanged lines hidden (view full) --- 5061 5062 if ((stcb == NULL) && (inp->sctp_socket->so_qlen >= inp->sctp_socket->so_qlimit)) { 5063 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 5064 (SCTP_BASE_SYSCTL(sctp_abort_if_one_2_one_hits_limit))) { 5065 struct mbuf op_err; 5066* 5067 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 5068 sctp_abort_association(inp, stcb, m,	4830 } else { 4831 ret = -1; 4832 } 4833 offset = length; 4834* if (abort_no_unlock) { 4835 return (NULL); 4836 } 4837 /* --- 289 unchanged lines hidden (view full) --- 5127 5128 if ((stcb == NULL) && (inp->sctp_socket->so_qlen >= inp->sctp_socket->so_qlimit)) { 5129 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 5130 (SCTP_BASE_SYSCTL(sctp_abort_if_one_2_one_hits_limit))) { 5131 struct mbuf op_err; 5132* 5133 op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); 5134 sctp_abort_association(inp, stcb, m,
5069 iphlen, sh, op_err, vrf_id, port);	5135 iphlen, sh, op_err, 5136 use_mflowid, mflowid, 5137 vrf_id, port);
5070 } 5071 offset = length; 5072* return (NULL); 5073 } else { 5074 struct mbuf ret_buf; 5075* struct sctp_inpcb linp; 5076* 5077 if (stcb) { --- 15 unchanged lines hidden (view full) --- 5093 sctp_handle_cookie_echo(m, iphlen, 5094 offset, sh, 5095* (struct sctp_cookie_echo_chunk )ch, 5096* &inp, &stcb, netp, 5097 auth_skipped, 5098 auth_offset, 5099 auth_len, 5100 &locked_tcb,	5138 } 5139 offset = length; 5140* return (NULL); 5141 } else { 5142 struct mbuf ret_buf; 5143* struct sctp_inpcb linp; 5144* 5145 if (stcb) { --- 15 unchanged lines hidden (view full) --- 5161 sctp_handle_cookie_echo(m, iphlen, 5162 offset, sh, 5163* (struct sctp_cookie_echo_chunk )ch, 5164* &inp, &stcb, netp, 5165 auth_skipped, 5166 auth_offset, 5167 auth_len, 5168 &locked_tcb,
	5169 use_mflowid, 5170 mflowid,
5101 vrf_id, 5102 port); 5103 } else { 5104 ret_buf = NULL; 5105 } 5106 if (linp) { 5107 SCTP_ASOC_CREATE_UNLOCK(linp); 5108 } --- 436 unchanged lines hidden (view full) --- 5545#endif 5546 5547/* 5548 * common input chunk processing (v4 and v6) 5549 / 5550void 5551sctp_common_input_processing(struct mbuf mm, int iphlen, int offset, 5552* int length, struct sctphdr sh, struct sctp_chunkhdr ch,	5171 vrf_id, 5172 port); 5173 } else { 5174 ret_buf = NULL; 5175 } 5176 if (linp) { 5177 SCTP_ASOC_CREATE_UNLOCK(linp); 5178 } --- 436 unchanged lines hidden (view full) --- 5615#endif 5616 5617/* 5618 * common input chunk processing (v4 and v6) 5619 / 5620void 5621sctp_common_input_processing(struct mbuf mm, int iphlen, int offset, 5622* int length, struct sctphdr sh, struct sctp_chunkhdr ch,
5553 struct sctp_inpcb inp, struct sctp_tcb stcb, struct sctp_nets net, 5554* uint8_t ecn_bits, uint32_t vrf_id, uint16_t port)	5623 struct sctp_inpcb inp, struct sctp_tcb stcb, 5624 struct sctp_nets net, uint8_t ecn_bits, 5625* uint8_t use_mflowid, uint32_t mflowid, 5626 uint32_t vrf_id, uint16_t port)
5555{ 5556 /* 5557 * Control chunk processing 5558 / 5559* uint32_t high_tsn; 5560 int fwd_tsn_seen = 0, data_processed = 0; 5561 struct mbuf m = mm; 5562 int un_sent; --- 19 unchanged lines hidden (view full) --- 5582 /- 5583* * If we hit here, we had a ref count 5584 * up when the assoc was aborted and the 5585 * timer is clearing out the assoc, we should 5586 * NOT respond to any packet.. its OOTB. 5587 / 5588* SCTP_TCB_UNLOCK(stcb); 5589 sctp_handle_ootb(m, iphlen, offset, sh, inp,	5627{ 5628 /* 5629 * Control chunk processing 5630 / 5631* uint32_t high_tsn; 5632 int fwd_tsn_seen = 0, data_processed = 0; 5633 struct mbuf m = mm; 5634 int un_sent; --- 19 unchanged lines hidden (view full) --- 5654 /- 5655* * If we hit here, we had a ref count 5656 * up when the assoc was aborted and the 5657 * timer is clearing out the assoc, we should 5658 * NOT respond to any packet.. its OOTB. 5659 / 5660* SCTP_TCB_UNLOCK(stcb); 5661 sctp_handle_ootb(m, iphlen, offset, sh, inp,
	5662 use_mflowid, mflowid,
5590 vrf_id, port); 5591 goto out_now; 5592 } 5593 } 5594 if (IS_SCTP_CONTROL(ch)) { 5595 /* process the control portion of the SCTP packet / 5596* /* sa_ignore NO_NULL_CHK / 5597* stcb = sctp_process_control(m, iphlen, &offset, length, sh, ch,	5663 vrf_id, port); 5664 goto out_now; 5665 } 5666 } 5667 if (IS_SCTP_CONTROL(ch)) { 5668 /* process the control portion of the SCTP packet / 5669* /* sa_ignore NO_NULL_CHK / 5670* stcb = sctp_process_control(m, iphlen, &offset, length, sh, ch,
5598 inp, stcb, &net, &fwd_tsn_seen, vrf_id, port);	5671 inp, stcb, &net, &fwd_tsn_seen, 5672 use_mflowid, mflowid, 5673 vrf_id, port);
5599 if (stcb) { 5600 /* 5601 * This covers us if the cookie-echo was there and 5602 * it changes our INP. 5603 / 5604* inp = stcb->sctp_ep; 5605 if ((net) && (port)) { 5606 if (net->port == 0) { --- 19 unchanged lines hidden (view full) --- 5626 /* "silently" ignore / 5627* SCTP_STAT_INCR(sctps_recvauthmissing); 5628 SCTP_TCB_UNLOCK(stcb); 5629 goto out_now; 5630 } 5631 if (stcb == NULL) { 5632 /* out of the blue DATA chunk / 5633* sctp_handle_ootb(m, iphlen, offset, sh, inp,	5674 if (stcb) { 5675 /* 5676 * This covers us if the cookie-echo was there and 5677 * it changes our INP. 5678 / 5679* inp = stcb->sctp_ep; 5680 if ((net) && (port)) { 5681 if (net->port == 0) { --- 19 unchanged lines hidden (view full) --- 5701 /* "silently" ignore / 5702* SCTP_STAT_INCR(sctps_recvauthmissing); 5703 SCTP_TCB_UNLOCK(stcb); 5704 goto out_now; 5705 } 5706 if (stcb == NULL) { 5707 /* out of the blue DATA chunk / 5708* sctp_handle_ootb(m, iphlen, offset, sh, inp,
	5709 use_mflowid, mflowid,
5634 vrf_id, port); 5635 goto out_now; 5636 } 5637 if (stcb->asoc.my_vtag != ntohl(sh->v_tag)) { 5638 /* v_tag mismatch! / 5639* SCTP_STAT_INCR(sctps_badvtag); 5640 SCTP_TCB_UNLOCK(stcb); 5641 goto out_now; --- 53 unchanged lines hidden (view full) --- 5695 stcb->asoc.overall_error_count = 0; 5696 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk )ch, stcb, net); 5697* break; 5698 case SCTP_STATE_COOKIE_WAIT: 5699 /* 5700 * We consider OOTB any data sent during asoc setup. 5701 / 5702* sctp_handle_ootb(m, iphlen, offset, sh, inp,	5710 vrf_id, port); 5711 goto out_now; 5712 } 5713 if (stcb->asoc.my_vtag != ntohl(sh->v_tag)) { 5714 /* v_tag mismatch! / 5715* SCTP_STAT_INCR(sctps_badvtag); 5716 SCTP_TCB_UNLOCK(stcb); 5717 goto out_now; --- 53 unchanged lines hidden (view full) --- 5771 stcb->asoc.overall_error_count = 0; 5772 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk )ch, stcb, net); 5773* break; 5774 case SCTP_STATE_COOKIE_WAIT: 5775 /* 5776 * We consider OOTB any data sent during asoc setup. 5777 / 5778* sctp_handle_ootb(m, iphlen, offset, sh, inp,
	5779 use_mflowid, mflowid,
5703 vrf_id, port); 5704 SCTP_TCB_UNLOCK(stcb); 5705 goto out_now; 5706 /* sa_ignore NOTREACHED / 5707* break; 5708 case SCTP_STATE_EMPTY: /* should not happen / 5709* case SCTP_STATE_INUSE: /* should not happen / 5710* case SCTP_STATE_SHUTDOWN_RECEIVED: /* This is a peer error / --- 4 unchanged lines hidden* (view full) --- 5715 /* sa_ignore NOTREACHED / 5716* break; 5717 case SCTP_STATE_OPEN: 5718 case SCTP_STATE_SHUTDOWN_SENT: 5719 break; 5720 } 5721 /* plow through the data chunks while length > offset / 5722* retval = sctp_process_data(mm, iphlen, &offset, length, sh,	5780 vrf_id, port); 5781 SCTP_TCB_UNLOCK(stcb); 5782 goto out_now; 5783 /* sa_ignore NOTREACHED / 5784* break; 5785 case SCTP_STATE_EMPTY: /* should not happen / 5786* case SCTP_STATE_INUSE: /* should not happen / 5787* case SCTP_STATE_SHUTDOWN_RECEIVED: /* This is a peer error / --- 4 unchanged lines hidden* (view full) --- 5792 /* sa_ignore NOTREACHED / 5793* break; 5794 case SCTP_STATE_OPEN: 5795 case SCTP_STATE_SHUTDOWN_SENT: 5796 break; 5797 } 5798 /* plow through the data chunks while length > offset / 5799* retval = sctp_process_data(mm, iphlen, &offset, length, sh,
5723 inp, stcb, net, &high_tsn);	5800 inp, stcb, net, &high_tsn, 5801 use_mflowid, mflowid, 5802 vrf_id, port);
5724 if (retval == 2) { 5725 /* 5726 * The association aborted, NO UNLOCK needed since 5727 * the association is destroyed. 5728 / 5729* goto out_now; 5730 } 5731 data_processed = 1; --- 83 unchanged lines hidden (view full) --- 5815 struct ip ip; 5816* struct sctphdr sh; 5817* struct sctp_inpcb inp = NULL; 5818* struct sctp_nets net; 5819* struct sctp_tcb stcb = NULL; 5820* struct sctp_chunkhdr ch; 5821* int refcount_up = 0; 5822 int length, mlen, offset;	5803 if (retval == 2) { 5804 /* 5805 * The association aborted, NO UNLOCK needed since 5806 * the association is destroyed. 5807 / 5808* goto out_now; 5809 } 5810 data_processed = 1; --- 83 unchanged lines hidden (view full) --- 5894 struct ip ip; 5895* struct sctphdr sh; 5896* struct sctp_inpcb inp = NULL; 5897* struct sctp_nets net; 5898* struct sctp_tcb stcb = NULL; 5899* struct sctp_chunkhdr ch; 5900* int refcount_up = 0; 5901 int length, mlen, offset;
	5902 uint32_t mflowid; 5903 uint8_t use_mflowid;
5823 5824#if !defined(SCTP_WITH_NO_CSUM) 5825 uint32_t check, calc_check; 5826 5827#endif 5828 5829 if (SCTP_GET_PKT_VRFID(i_pak, vrf_id)) { 5830 SCTP_RELEASE_PKT(i_pak); --- 19 unchanged lines hidden (view full) --- 5850 } 5851 } 5852 } 5853#endif 5854#ifdef SCTP_PACKET_LOGGING 5855 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 5856 sctp_packet_log(m, mlen); 5857#endif	5904 5905#if !defined(SCTP_WITH_NO_CSUM) 5906 uint32_t check, calc_check; 5907 5908#endif 5909 5910 if (SCTP_GET_PKT_VRFID(i_pak, vrf_id)) { 5911 SCTP_RELEASE_PKT(i_pak); --- 19 unchanged lines hidden (view full) --- 5931 } 5932 } 5933 } 5934#endif 5935#ifdef SCTP_PACKET_LOGGING 5936 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 5937 sctp_packet_log(m, mlen); 5938#endif
	5939 if (m->m_flags & M_FLOWID) { 5940 mflowid = m->m_pkthdr.flowid; 5941 use_mflowid = 1; 5942 } else { 5943 mflowid = 0; 5944 use_mflowid = 0; 5945 }
5858 /* 5859 * Must take out the iphlen, since mlen expects this (only effect lb 5860 * case) 5861 / 5862* mlen -= iphlen; 5863 5864 /* 5865 * Get IP, SCTP, and first chunk header together in first mbuf. --- 55 unchanged lines hidden (view full) --- 5921 sh, ch, &inp, &net, 5922 vrf_id); 5923 if ((net) && (port)) { 5924 if (net->port == 0) { 5925 sctp_pathmtu_adjustment(stcb, net->mtu - sizeof(struct udphdr)); 5926 } 5927 net->port = port; 5928 }	5946 /* 5947 * Must take out the iphlen, since mlen expects this (only effect lb 5948 * case) 5949 / 5950* mlen -= iphlen; 5951 5952 /* 5953 * Get IP, SCTP, and first chunk header together in first mbuf. --- 55 unchanged lines hidden (view full) --- 6009 sh, ch, &inp, &net, 6010 vrf_id); 6011 if ((net) && (port)) { 6012 if (net->port == 0) { 6013 sctp_pathmtu_adjustment(stcb, net->mtu - sizeof(struct udphdr)); 6014 } 6015 net->port = port; 6016 }
5929 if ((net != NULL) && (m->m_flags & M_FLOWID)) { 5930 net->flowid = m->m_pkthdr.flowid;	6017 if ((net != NULL) && (use_mflowid != 0)) { 6018 net->flowid = mflowid;
5931#ifdef INVARIANTS 5932 net->flowidset = 1; 5933#endif 5934 } 5935 if ((inp) && (stcb)) { 5936 sctp_send_packet_dropped(stcb, net, m, iphlen, 1); 5937 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR, SCTP_SO_NOT_LOCKED); 5938 } else if ((inp != NULL) && (stcb == NULL)) { --- 17 unchanged lines hidden (view full) --- 5956 stcb = sctp_findassociation_addr(m, offset - sizeof(ch), 5957* sh, ch, &inp, &net, vrf_id); 5958 if ((net) && (port)) { 5959 if (net->port == 0) { 5960 sctp_pathmtu_adjustment(stcb, net->mtu - sizeof(struct udphdr)); 5961 } 5962 net->port = port; 5963 }	6019#ifdef INVARIANTS 6020 net->flowidset = 1; 6021#endif 6022 } 6023 if ((inp) && (stcb)) { 6024 sctp_send_packet_dropped(stcb, net, m, iphlen, 1); 6025 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR, SCTP_SO_NOT_LOCKED); 6026 } else if ((inp != NULL) && (stcb == NULL)) { --- 17 unchanged lines hidden (view full) --- 6044 stcb = sctp_findassociation_addr(m, offset - sizeof(ch), 6045* sh, ch, &inp, &net, vrf_id); 6046 if ((net) && (port)) { 6047 if (net->port == 0) { 6048 sctp_pathmtu_adjustment(stcb, net->mtu - sizeof(struct udphdr)); 6049 } 6050 net->port = port; 6051 }
5964 if ((net != NULL) && (m->m_flags & M_FLOWID)) { 5965 net->flowid = m->m_pkthdr.flowid;	6052 if ((net != NULL) && (use_mflowid != 0)) { 6053 net->flowid = mflowid;
5966#ifdef INVARIANTS 5967 net->flowidset = 1; 5968#endif 5969 } 5970 /* inp's ref-count increased && stcb locked / 5971* if (inp == NULL) { 5972 struct sctp_init_chunk init_chk, chunk_buf; 5973* --- 17 unchanged lines hidden (view full) --- 5991 / 5992* init_chk = (struct sctp_init_chunk )sctp_m_getptr(m, 5993* iphlen + sizeof(sh), sizeof(init_chk), 5994 (uint8_t ) & chunk_buf); 5995* if (init_chk != NULL) 5996 sh->v_tag = init_chk->init.initiate_tag; 5997 } 5998 if (ch->chunk_type == SCTP_SHUTDOWN_ACK) {	6054#ifdef INVARIANTS 6055 net->flowidset = 1; 6056#endif 6057 } 6058 /* inp's ref-count increased && stcb locked / 6059* if (inp == NULL) { 6060 struct sctp_init_chunk init_chk, chunk_buf; 6061* --- 17 unchanged lines hidden (view full) --- 6079 / 6080* init_chk = (struct sctp_init_chunk )sctp_m_getptr(m, 6081* iphlen + sizeof(sh), sizeof(init_chk), 6082 (uint8_t ) & chunk_buf); 6083* if (init_chk != NULL) 6084 sh->v_tag = init_chk->init.initiate_tag; 6085 } 6086 if (ch->chunk_type == SCTP_SHUTDOWN_ACK) {
5999 sctp_send_shutdown_complete2(m, sh, vrf_id, port);	6087 sctp_send_shutdown_complete2(m, sh, 6088 use_mflowid, mflowid, 6089 vrf_id, port);
6000 goto bad; 6001 } 6002 if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) { 6003 goto bad; 6004 } 6005 if (ch->chunk_type != SCTP_ABORT_ASSOCIATION) { 6006 if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) \|\| 6007 ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) && 6008 (ch->chunk_type != SCTP_INIT))) {	6090 goto bad; 6091 } 6092 if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) { 6093 goto bad; 6094 } 6095 if (ch->chunk_type != SCTP_ABORT_ASSOCIATION) { 6096 if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) \|\| 6097 ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) && 6098 (ch->chunk_type != SCTP_INIT))) {
6009 sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);	6099 sctp_send_abort(m, iphlen, sh, 0, NULL, 6100 use_mflowid, mflowid, 6101 vrf_id, port);
6010 } 6011 } 6012 goto bad; 6013 } else if (stcb == NULL) { 6014 refcount_up = 1; 6015 } 6016#ifdef IPSEC 6017 /* --- 12 unchanged lines hidden (view full) --- 6030 / 6031* length = ip->ip_len + iphlen; 6032 offset -= sizeof(struct sctp_chunkhdr); 6033 6034 ecn_bits = ip->ip_tos; 6035 6036 /* sa_ignore NO_NULL_CHK / 6037* sctp_common_input_processing(&m, iphlen, offset, length, sh, ch,	6102 } 6103 } 6104 goto bad; 6105 } else if (stcb == NULL) { 6106 refcount_up = 1; 6107 } 6108#ifdef IPSEC 6109 /* --- 12 unchanged lines hidden (view full) --- 6122 / 6123* length = ip->ip_len + iphlen; 6124 offset -= sizeof(struct sctp_chunkhdr); 6125 6126 ecn_bits = ip->ip_tos; 6127 6128 /* sa_ignore NO_NULL_CHK / 6129* sctp_common_input_processing(&m, iphlen, offset, length, sh, ch,
6038 inp, stcb, net, ecn_bits, vrf_id, port);	6130 inp, stcb, net, ecn_bits, 6131 use_mflowid, mflowid, 6132 vrf_id, port);
6039 /* inp's ref-count reduced && stcb unlocked / 6040* if (m) { 6041 sctp_m_freem(m); 6042 } 6043 if ((inp) && (refcount_up)) { 6044 /* reduce ref-count / 6045* SCTP_INP_DECR_REF(inp); 6046 } --- 62 unchanged lines hidden ---	6133 /* inp's ref-count reduced && stcb unlocked / 6134* if (m) { 6135 sctp_m_freem(m); 6136 } 6137 if ((inp) && (refcount_up)) { 6138 /* reduce ref-count / 6139* SCTP_INP_DECR_REF(inp); 6140 } --- 62 unchanged lines hidden ---