1/*-
2 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * a) Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
--- 17 unchanged lines hidden (view full) ---
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
28 * THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31/* $KAME: sctp_input.c,v 1.27 2005/03/06 16:04:17 itojun Exp $ */
32
33#include <sys/cdefs.h>
34__FBSDID("$FreeBSD: head/sys/netinet/sctp_input.c 179783 2008-06-14 07:58:05Z rrs $");
35
36#include <netinet/sctp_os.h>
37#include <netinet/sctp_var.h>
38#include <netinet/sctp_sysctl.h>
39#include <netinet/sctp_pcb.h>
40#include <netinet/sctp_header.h>
41#include <netinet/sctputil.h>
42#include <netinet/sctp_output.h>
--- 219 unchanged lines hidden (view full) ---
262 /* save off parameters */
263 asoc->peer_vtag = ntohl(init->initiate_tag);
264 asoc->peers_rwnd = ntohl(init->a_rwnd);
265 if (TAILQ_FIRST(&asoc->nets)) {
266 /* update any ssthresh's that may have a default */
267 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) {
268 lnet->ssthresh = asoc->peers_rwnd;
269
270 if (SCTP_BASE_SYSCTL(sctp_logging_level) & (SCTP_CWND_MONITOR_ENABLE | SCTP_CWND_LOGGING_ENABLE)) {
271 sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_INITIALIZATION);
272 }
273 }
274 }
275 SCTP_TCB_SEND_LOCK(stcb);
276 if (asoc->pre_open_streams > ntohs(init->num_inbound_streams)) {
277 unsigned int newcnt;
278 struct sctp_stream_out *outs;
--- 32 unchanged lines hidden (view full) ---
311 }
312 /* cut back the count and abandon the upper streams */
313 asoc->pre_open_streams = newcnt;
314 }
315 SCTP_TCB_SEND_UNLOCK(stcb);
316 asoc->streamoutcnt = asoc->pre_open_streams;
317 /* init tsn's */
318 asoc->highest_tsn_inside_map = asoc->asconf_seq_in = ntohl(init->initial_tsn) - 1;
319 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
320 sctp_log_map(0, 5, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
321 }
322 /* This is the next one we expect */
323 asoc->str_reset_seq_in = asoc->asconf_seq_in + 1;
324
325 asoc->mapping_array_base_tsn = ntohl(init->initial_tsn);
326 asoc->cumulative_tsn = asoc->asconf_seq_in;
327 asoc->last_echo_tsn = asoc->asconf_seq_in;
--- 113 unchanged lines hidden (view full) ---
441 stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs,
442 stcb->asoc.local_hmacs);
443 if (op_err) {
444 sctp_queue_op_err(stcb, op_err);
445 /* queuing will steal away the mbuf chain to the out queue */
446 op_err = NULL;
447 }
448 /* extract the cookie and queue it to "echo" it back... */
449 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
450 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
451 stcb->asoc.overall_error_count,
452 0,
453 SCTP_FROM_SCTP_INPUT,
454 __LINE__);
455 }
456 stcb->asoc.overall_error_count = 0;
457 net->error_count = 0;
--- 133 unchanged lines hidden (view full) ---
591 }
592 /*
593 * JRS 5/14/07 - If CMT PF is on and the destination is in PF state,
594 * set the destination to active state and set the cwnd to one or
595 * two MTU's based on whether PF1 or PF2 is being used. If a T3
596 * timer is running, for the destination, stop the timer because a
597 * PF-heartbeat was received.
598 */
599 if (SCTP_BASE_SYSCTL(sctp_cmt_on_off) &&
600 SCTP_BASE_SYSCTL(sctp_cmt_pf) &&
601 (net->dest_state & SCTP_ADDR_PF) == SCTP_ADDR_PF) {
602 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
603 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
604 stcb, net,
605 SCTP_FROM_SCTP_INPUT + SCTP_LOC_5);
606 }
607 net->dest_state &= ~SCTP_ADDR_PF;
608 net->cwnd = net->mtu * SCTP_BASE_SYSCTL(sctp_cmt_pf);
609 SCTPDBG(SCTP_DEBUG_INPUT1, "Destination %p moved from PF to reachable with cwnd %d.\n",
610 net, net->cwnd);
611 }
612 /* Now lets do a RTO with this */
613 r_net->RTO = sctp_calculate_rto(stcb, &stcb->asoc, r_net, &tv, sctp_align_safe_nocopy);
614 /* Mobility adaptation */
615 if (req_prim) {
616 if ((sctp_is_mobility_feature_on(stcb->sctp_ep,
--- 551 unchanged lines hidden (view full) ---
1168 /* error in parsing parameters */
1169 return (-1);
1170 }
1171 /* update our state */
1172 SCTPDBG(SCTP_DEBUG_INPUT2, "moving to COOKIE-ECHOED state\n");
1173 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_ECHOED);
1174
1175 /* reset the RTO calc */
1176 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
1177 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
1178 stcb->asoc.overall_error_count,
1179 0,
1180 SCTP_FROM_SCTP_INPUT,
1181 __LINE__);
1182 }
1183 stcb->asoc.overall_error_count = 0;
1184 (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered);
--- 491 unchanged lines hidden (view full) ---
1676 }
1677 /* process the INIT-ACK info (my info) */
1678 asoc->my_vtag = ntohl(initack_cp->init.initiate_tag);
1679 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1680
1681 /* pull from vtag hash */
1682 LIST_REMOVE(stcb, sctp_asocs);
1683 /* re-insert to new vtag position */
1684 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag,
1685 SCTP_BASE_INFO(hashasocmark))];
1686 /*
1687 * put it in the bucket in the vtag hash of assoc's for the
1688 * system
1689 */
1690 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
1691
1692 /* Is this the first restart? */
1693 if (stcb->asoc.in_restart_hash == 0) {
1694 /* Ok add it to assoc_id vtag hash */
1695 head = &SCTP_BASE_INFO(sctp_restarthash)[SCTP_PCBHASH_ASOC(stcb->asoc.assoc_id,
1696 SCTP_BASE_INFO(hashrestartmark))];
1697 LIST_INSERT_HEAD(head, stcb, sctp_tcbrestarhash);
1698 stcb->asoc.in_restart_hash = 1;
1699 }
1700 /* process the INIT info (peer's info) */
1701 SCTP_TCB_SEND_UNLOCK(stcb);
1702 SCTP_INP_WUNLOCK(stcb->sctp_ep);
1703 SCTP_INP_INFO_WUNLOCK();
1704
--- 498 unchanged lines hidden (view full) ---
2203 return (NULL);
2204 }
2205 m_sig = m_split(m, sig_offset, M_DONTWAIT);
2206 if (m_sig == NULL) {
2207 /* out of memory or ?? */
2208 return (NULL);
2209 }
2210#ifdef SCTP_MBUF_LOGGING
2211 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
2212 struct mbuf *mat;
2213
2214 mat = m_sig;
2215 while (mat) {
2216 if (SCTP_BUF_IS_EXTENDED(mat)) {
2217 sctp_log_mb(mat, SCTP_MBUF_SPLIT);
2218 }
2219 mat = SCTP_BUF_NEXT(mat);
--- 743 unchanged lines hidden (view full) ---
2963
2964 /* restart the timer */
2965 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2966 stcb, tp1->whoTo, SCTP_FROM_SCTP_INPUT + SCTP_LOC_24);
2967 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2968 stcb, tp1->whoTo);
2969
2970 /* fix counts and things */
2971 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
2972 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_PDRP,
2973 tp1->whoTo->flight_size,
2974 tp1->book_size,
2975 (uintptr_t) stcb,
2976 tp1->rec.data.TSN_seq);
2977 }
2978 sctp_flight_size_decrease(tp1);
2979 sctp_total_flight_decrease(stcb, tp1);
--- 301 unchanged lines hidden (view full) ---
3281 fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk));
3282 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
3283 fwdtsn.new_cumulative_tsn = htonl(ntohl(resp->senders_next_tsn) - 1);
3284 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag, NULL, 0);
3285 if (abort_flag) {
3286 return (1);
3287 }
3288 stcb->asoc.highest_tsn_inside_map = (ntohl(resp->senders_next_tsn) - 1);
3289 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
3290 sctp_log_map(0, 7, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
3291 }
3292 stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
3293 stcb->asoc.mapping_array_base_tsn = ntohl(resp->senders_next_tsn);
3294 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
3295 stcb->asoc.sending_seq = ntohl(resp->receivers_next_tsn);
3296 stcb->asoc.last_acked_seq = stcb->asoc.cumulative_tsn;
3297
3298 sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL);
3299 sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL);
--- 87 unchanged lines hidden (view full) ---
3387 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
3388 fwdtsn.ch.chunk_flags = 0;
3389 fwdtsn.new_cumulative_tsn = htonl(stcb->asoc.highest_tsn_inside_map + 1);
3390 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag, NULL, 0);
3391 if (abort_flag) {
3392 return (1);
3393 }
3394 stcb->asoc.highest_tsn_inside_map += SCTP_STREAM_RESET_TSN_DELTA;
3395 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
3396 sctp_log_map(0, 10, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
3397 }
3398 stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
3399 stcb->asoc.mapping_array_base_tsn = stcb->asoc.highest_tsn_inside_map + 1;
3400 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
3401 atomic_add_int(&stcb->asoc.sending_seq, 1);
3402 /* save off historical data for retrans */
3403 stcb->asoc.last_sending_seq[1] = stcb->asoc.last_sending_seq[0];
3404 stcb->asoc.last_sending_seq[0] = stcb->asoc.sending_seq;
3405 stcb->asoc.last_base_tsnsent[1] = stcb->asoc.last_base_tsnsent[0];
--- 477 unchanged lines hidden (view full) ---
3883 }
3884 } else if (ch->chunk_type != SCTP_COOKIE_ECHO) {
3885 /*
3886 * If there is no stcb, skip the AUTH chunk and process
3887 * later after a stcb is found (to validate the lookup was
3888 * valid.
3889 */
3890 if ((ch->chunk_type == SCTP_AUTHENTICATION) &&
3891 (stcb == NULL) &&
3892 !SCTP_BASE_SYSCTL(sctp_auth_disable)) {
3893 /* save this chunk for later processing */
3894 auth_skipped = 1;
3895 auth_offset = *offset;
3896 auth_len = ntohs(ch->chunk_length);
3897
3898 /* (temporarily) move past this chunk */
3899 *offset += SCTP_SIZE32(auth_len);
3900 if (*offset >= length) {
--- 136 unchanged lines hidden (view full) ---
4037 } /* end if !SCTP_COOKIE_ECHO */
4038 /*
4039 * process all control chunks...
4040 */
4041 if (((ch->chunk_type == SCTP_SELECTIVE_ACK) ||
4042 (ch->chunk_type == SCTP_HEARTBEAT_REQUEST)) &&
4043 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED)) {
4044 /* implied cookie-ack.. we must have lost the ack */
4045 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4046 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4047 stcb->asoc.overall_error_count,
4048 0,
4049 SCTP_FROM_SCTP_INPUT,
4050 __LINE__);
4051 }
4052 stcb->asoc.overall_error_count = 0;
4053 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb,
--- 82 unchanged lines hidden (view full) ---
4136 stcb->asoc.last_control_chunk_from = *netp;
4137 }
4138 }
4139#ifdef SCTP_AUDITING_ENABLED
4140 sctp_audit_log(0xB0, ch->chunk_type);
4141#endif
4142
4143 /* check to see if this chunk required auth, but isn't */
4144 if ((stcb != NULL) &&
4145 !SCTP_BASE_SYSCTL(sctp_auth_disable) &&
4146 sctp_auth_is_required_chunk(ch->chunk_type, stcb->asoc.local_auth_chunks) &&
4147 !stcb->asoc.authenticated) {
4148 /* "silently" ignore */
4149 SCTP_STAT_INCR(sctps_recvauthmissing);
4150 goto next_chunk;
4151 }
4152 switch (ch->chunk_type) {
4153 case SCTP_INITIATION:
4154 /* must be first and only chunk */
--- 11 unchanged lines hidden (view full) ---
4166 SCTP_TCB_UNLOCK(locked_tcb);
4167 }
4168 *offset = length;
4169 return (NULL);
4170 }
4171 }
4172 if ((chk_length > SCTP_LARGEST_INIT_ACCEPTED) ||
4173 (num_chunks > 1) ||
4174 (SCTP_BASE_SYSCTL(sctp_strict_init) && (length - *offset > (int)SCTP_SIZE32(chk_length)))) {
4175 *offset = length;
4176 if (locked_tcb) {
4177 SCTP_TCB_UNLOCK(locked_tcb);
4178 }
4179 return (NULL);
4180 }
4181 if ((stcb != NULL) &&
4182 (SCTP_GET_STATE(&stcb->asoc) ==
--- 48 unchanged lines hidden (view full) ---
4231#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4232 SCTP_SOCKET_UNLOCK(so, 1);
4233#endif
4234 }
4235 return (NULL);
4236 }
4237 }
4238 if ((num_chunks > 1) ||
4239 (SCTP_BASE_SYSCTL(sctp_strict_init) && (length - *offset > (int)SCTP_SIZE32(chk_length)))) {
4240 *offset = length;
4241 if (locked_tcb) {
4242 SCTP_TCB_UNLOCK(locked_tcb);
4243 }
4244 return (NULL);
4245 }
4246 if ((netp) && (*netp)) {
4247 ret = sctp_handle_init_ack(m, iphlen, *offset, sh,
--- 87 unchanged lines hidden (view full) ---
4335 case SCTP_HEARTBEAT_REQUEST:
4336 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_HEARTBEAT\n");
4337 if ((stcb) && netp && *netp) {
4338 SCTP_STAT_INCR(sctps_recvheartbeat);
4339 sctp_send_heartbeat_ack(stcb, m, *offset,
4340 chk_length, *netp);
4341
4342 /* He's alive so give him credit */
4343 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4344 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4345 stcb->asoc.overall_error_count,
4346 0,
4347 SCTP_FROM_SCTP_INPUT,
4348 __LINE__);
4349 }
4350 stcb->asoc.overall_error_count = 0;
4351 }
--- 4 unchanged lines hidden (view full) ---
4356 /* Its not ours */
4357 *offset = length;
4358 if (locked_tcb) {
4359 SCTP_TCB_UNLOCK(locked_tcb);
4360 }
4361 return (NULL);
4362 }
4363 /* He's alive so give him credit */
4364 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4365 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4366 stcb->asoc.overall_error_count,
4367 0,
4368 SCTP_FROM_SCTP_INPUT,
4369 __LINE__);
4370 }
4371 stcb->asoc.overall_error_count = 0;
4372 SCTP_STAT_INCR(sctps_recvheartbeatack);
--- 64 unchanged lines hidden (view full) ---
4437 * sincen it is possible that a previous endpoint
4438 * WAS listening responded to a INIT-ACK and then
4439 * closed. We opened and bound.. and are now no
4440 * longer listening.
4441 */
4442
4443 if ((stcb == NULL) && (inp->sctp_socket->so_qlen >= inp->sctp_socket->so_qlimit)) {
4444 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
4445 (SCTP_BASE_SYSCTL(sctp_abort_if_one_2_one_hits_limit))) {
4446 struct mbuf *oper;
4447 struct sctp_paramhdr *phdr;
4448
4449 oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
4450 0, M_DONTWAIT, 1, MT_DATA);
4451 if (oper) {
4452 SCTP_BUF_LEN(oper) =
4453 sizeof(struct sctp_paramhdr);
--- 97 unchanged lines hidden (view full) ---
4551 SCTP_SOCKET_UNLOCK(so, 1);
4552#endif
4553 *offset = length;
4554 return (NULL);
4555 }
4556 }
4557 /* He's alive so give him credit */
4558 if ((stcb) && netp && *netp) {
4559 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4560 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4561 stcb->asoc.overall_error_count,
4562 0,
4563 SCTP_FROM_SCTP_INPUT,
4564 __LINE__);
4565 }
4566 stcb->asoc.overall_error_count = 0;
4567 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, *netp);
--- 6 unchanged lines hidden (view full) ---
4574 /* Its not ours */
4575 if (locked_tcb) {
4576 SCTP_TCB_UNLOCK(locked_tcb);
4577 }
4578 *offset = length;
4579 return (NULL);
4580 }
4581 if (stcb) {
4582 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4583 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4584 stcb->asoc.overall_error_count,
4585 0,
4586 SCTP_FROM_SCTP_INPUT,
4587 __LINE__);
4588 }
4589 stcb->asoc.overall_error_count = 0;
4590 sctp_handle_ecn_echo((struct sctp_ecne_chunk *)ch,
--- 7 unchanged lines hidden (view full) ---
4598 /* Its not ours */
4599 if (locked_tcb) {
4600 SCTP_TCB_UNLOCK(locked_tcb);
4601 }
4602 *offset = length;
4603 return (NULL);
4604 }
4605 if (stcb) {
4606 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4607 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4608 stcb->asoc.overall_error_count,
4609 0,
4610 SCTP_FROM_SCTP_INPUT,
4611 __LINE__);
4612 }
4613 stcb->asoc.overall_error_count = 0;
4614 sctp_handle_ecn_cwr((struct sctp_cwr_chunk *)ch, stcb);
--- 16 unchanged lines hidden (view full) ---
4631 }
4632 *offset = length;
4633 return (NULL);
4634 break;
4635 case SCTP_ASCONF:
4636 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ASCONF\n");
4637 /* He's alive so give him credit */
4638 if (stcb) {
4639 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4640 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4641 stcb->asoc.overall_error_count,
4642 0,
4643 SCTP_FROM_SCTP_INPUT,
4644 __LINE__);
4645 }
4646 stcb->asoc.overall_error_count = 0;
4647 sctp_handle_asconf(m, *offset,
--- 8 unchanged lines hidden (view full) ---
4656 if (locked_tcb) {
4657 SCTP_TCB_UNLOCK(locked_tcb);
4658 }
4659 *offset = length;
4660 return (NULL);
4661 }
4662 if ((stcb) && netp && *netp) {
4663 /* He's alive so give him credit */
4664 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4665 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4666 stcb->asoc.overall_error_count,
4667 0,
4668 SCTP_FROM_SCTP_INPUT,
4669 __LINE__);
4670 }
4671 stcb->asoc.overall_error_count = 0;
4672 sctp_handle_asconf_ack(m, *offset,
--- 12 unchanged lines hidden (view full) ---
4685 *offset = length;
4686 return (NULL);
4687 }
4688 /* He's alive so give him credit */
4689 if (stcb) {
4690 int abort_flag = 0;
4691
4692 stcb->asoc.overall_error_count = 0;
4693 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4694 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4695 stcb->asoc.overall_error_count,
4696 0,
4697 SCTP_FROM_SCTP_INPUT,
4698 __LINE__);
4699 }
4700 *fwd_tsn_seen = 1;
4701 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
--- 14 unchanged lines hidden (view full) ---
4716 return (NULL);
4717 }
4718 sctp_handle_forward_tsn(stcb,
4719 (struct sctp_forward_tsn_chunk *)ch, &abort_flag, m, *offset);
4720 if (abort_flag) {
4721 *offset = length;
4722 return (NULL);
4723 } else {
4724 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4725 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4726 stcb->asoc.overall_error_count,
4727 0,
4728 SCTP_FROM_SCTP_INPUT,
4729 __LINE__);
4730 }
4731 stcb->asoc.overall_error_count = 0;
4732 }
--- 57 unchanged lines hidden (view full) ---
4790 stcb, *netp,
4791 min(chk_length, (sizeof(chunk_buf) - 4)));
4792
4793 }
4794 break;
4795
4796 case SCTP_AUTHENTICATION:
4797 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_AUTHENTICATION\n");
4798 if (SCTP_BASE_SYSCTL(sctp_auth_disable))
4799 goto unknown_chunk;
4800
4801 if (stcb == NULL) {
4802 /* save the first AUTH for later processing */
4803 if (auth_skipped == 0) {
4804 auth_offset = *offset;
4805 auth_len = chk_length;
4806 auth_skipped = 1;
--- 47 unchanged lines hidden (view full) ---
4854 */
4855 phd->param_type = htons(SCTP_CAUSE_UNRECOG_CHUNK);
4856 phd->param_length = htons(chk_length + sizeof(*phd));
4857 SCTP_BUF_LEN(mm) = sizeof(*phd);
4858 SCTP_BUF_NEXT(mm) = SCTP_M_COPYM(m, *offset, SCTP_SIZE32(chk_length),
4859 M_DONTWAIT);
4860 if (SCTP_BUF_NEXT(mm)) {
4861#ifdef SCTP_MBUF_LOGGING
4862 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
4863 struct mbuf *mat;
4864
4865 mat = SCTP_BUF_NEXT(mm);
4866 while (mat) {
4867 if (SCTP_BUF_IS_EXTENDED(mat)) {
4868 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
4869 }
4870 mat = SCTP_BUF_NEXT(mat);
--- 137 unchanged lines hidden (view full) ---
5008 int un_sent;
5009
5010 SCTP_STAT_INCR(sctps_recvdatagrams);
5011#ifdef SCTP_AUDITING_ENABLED
5012 sctp_audit_log(0xE0, 1);
5013 sctp_auditing(0, inp, stcb, net);
5014#endif
5015
5016 SCTPDBG(SCTP_DEBUG_INPUT1, "Ok, Common input processing called, m:%p iphlen:%d offset:%d length:%d stcb:%p\n",
5017 m, iphlen, offset, length, stcb);
5018 if (stcb) {
5019 /* always clear this before beginning a packet */
5020 stcb->asoc.authenticated = 0;
5021 stcb->asoc.seen_a_sack_this_pkt = 0;
5022 SCTPDBG(SCTP_DEBUG_INPUT1, "stcb:%p state:%x\n",
5023 stcb, stcb->asoc.state);
5024
5025 if ((stcb->asoc.state & SCTP_STATE_WAS_ABORTED) ||
--- 16 unchanged lines hidden (view full) ---
5042 stcb = sctp_process_control(m, iphlen, &offset, length, sh, ch,
5043 inp, stcb, &net, &fwd_tsn_seen, vrf_id, port);
5044 if (stcb) {
5045 /*
5046 * This covers us if the cookie-echo was there and
5047 * it changes our INP.
5048 */
5049 inp = stcb->sctp_ep;
5050 if ((net) && (port)) {
5051 if (net->port == 0) {
5052 sctp_pathmtu_adjustment(inp, stcb, net, net->mtu - sizeof(struct udphdr));
5053 }
5054 net->port = port;
5055 }
5056 }
5057 } else {
5058 /*
5059 * no control chunks, so pre-process DATA chunks (these
5060 * checks are taken care of by control processing)
5061 */
5062
5063 /*
5064 * if DATA only packet, and auth is required, then punt...
5065 * can't have authenticated without any AUTH (control)
5066 * chunks
5067 */
5068 if ((stcb != NULL) &&
5069 !SCTP_BASE_SYSCTL(sctp_auth_disable) &&
5070 sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks)) {
5071 /* "silently" ignore */
5072 SCTP_STAT_INCR(sctps_recvauthmissing);
5073 SCTP_TCB_UNLOCK(stcb);
5074 goto out_now;
5075 }
5076 if (stcb == NULL) {
5077 /* out of the blue DATA chunk */
5078 sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL,
--- 20 unchanged lines hidden (view full) ---
5099 * DATA chunk processing
5100 */
5101 /* plow through the data chunks while length > offset */
5102
5103 /*
5104 * Rest should be DATA only. Check authentication state if AUTH for
5105 * DATA is required.
5106 */
5107 if ((length > offset) &&
5108 (stcb != NULL) &&
5109 !SCTP_BASE_SYSCTL(sctp_auth_disable) &&
5110 sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks) &&
5111 !stcb->asoc.authenticated) {
5112 /* "silently" ignore */
5113 SCTP_STAT_INCR(sctps_recvauthmissing);
5114 SCTPDBG(SCTP_DEBUG_AUTH1,
5115 "Data chunk requires AUTH, skipped\n");
5116 goto trigger_send;
5117 }
5118 if (length > offset) {
--- 6 unchanged lines hidden (view full) ---
5125 */
5126 switch (SCTP_GET_STATE(&stcb->asoc)) {
5127 case SCTP_STATE_COOKIE_ECHOED:
5128 /*
5129 * we consider data with valid tags in this state
5130 * shows us the cookie-ack was lost. Imply it was
5131 * there.
5132 */
5133 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
5134 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
5135 stcb->asoc.overall_error_count,
5136 0,
5137 SCTP_FROM_SCTP_INPUT,
5138 __LINE__);
5139 }
5140 stcb->asoc.overall_error_count = 0;
5141 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, net);
--- 134 unchanged lines hidden (view full) ---
5276
5277 net = NULL;
5278 SCTP_STAT_INCR(sctps_recvpackets);
5279 SCTP_STAT_INCR_COUNTER64(sctps_inpackets);
5280
5281
5282#ifdef SCTP_MBUF_LOGGING
5283 /* Log in any input mbufs */
5284 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
5285 mat = m;
5286 while (mat) {
5287 if (SCTP_BUF_IS_EXTENDED(mat)) {
5288 sctp_log_mb(mat, SCTP_MBUF_INPUT);
5289 }
5290 mat = SCTP_BUF_NEXT(mat);
5291 }
5292 }
5293#endif
5294#ifdef SCTP_PACKET_LOGGING
5295 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
5296 sctp_packet_log(m, mlen);
5297#endif
5298 /*
5299 * Must take out the iphlen, since mlen expects this (only effect lb
5300 * case)
5301 */
5302 mlen -= iphlen;
5303
--- 22 unchanged lines hidden (view full) ---
5326 /*
5327 * We only look at broadcast if its a front state, All
5328 * others we will not have a tcb for anyway.
5329 */
5330 goto bad;
5331 }
5332 /* validate SCTP checksum */
5333 check = sh->checksum; /* save incoming checksum */
5334 if ((check == 0) && (SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback)) &&
5335 ((ip->ip_src.s_addr == ip->ip_dst.s_addr) ||
5336 (SCTP_IS_IT_LOOPBACK(m)))
5337 ) {
5338 goto sctp_skip_csum_4;
5339 }
5340 sh->checksum = 0; /* prepare for calc */
5341 calc_check = sctp_calculate_sum(m, &mlen, iphlen);
5342 if (calc_check != check) {
--- 140 unchanged lines hidden ---
2 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * a) Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
--- 17 unchanged lines hidden (view full) ---
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
28 * THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31/* $KAME: sctp_input.c,v 1.27 2005/03/06 16:04:17 itojun Exp $ */
32
33#include <sys/cdefs.h>
34__FBSDID("$FreeBSD: head/sys/netinet/sctp_input.c 179783 2008-06-14 07:58:05Z rrs $");
35
36#include <netinet/sctp_os.h>
37#include <netinet/sctp_var.h>
38#include <netinet/sctp_sysctl.h>
39#include <netinet/sctp_pcb.h>
40#include <netinet/sctp_header.h>
41#include <netinet/sctputil.h>
42#include <netinet/sctp_output.h>
--- 219 unchanged lines hidden (view full) ---
262 /* save off parameters */
263 asoc->peer_vtag = ntohl(init->initiate_tag);
264 asoc->peers_rwnd = ntohl(init->a_rwnd);
265 if (TAILQ_FIRST(&asoc->nets)) {
266 /* update any ssthresh's that may have a default */
267 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) {
268 lnet->ssthresh = asoc->peers_rwnd;
269
270 if (SCTP_BASE_SYSCTL(sctp_logging_level) & (SCTP_CWND_MONITOR_ENABLE | SCTP_CWND_LOGGING_ENABLE)) {
271 sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_INITIALIZATION);
272 }
273 }
274 }
275 SCTP_TCB_SEND_LOCK(stcb);
276 if (asoc->pre_open_streams > ntohs(init->num_inbound_streams)) {
277 unsigned int newcnt;
278 struct sctp_stream_out *outs;
--- 32 unchanged lines hidden (view full) ---
311 }
312 /* cut back the count and abandon the upper streams */
313 asoc->pre_open_streams = newcnt;
314 }
315 SCTP_TCB_SEND_UNLOCK(stcb);
316 asoc->streamoutcnt = asoc->pre_open_streams;
317 /* init tsn's */
318 asoc->highest_tsn_inside_map = asoc->asconf_seq_in = ntohl(init->initial_tsn) - 1;
319 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
320 sctp_log_map(0, 5, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
321 }
322 /* This is the next one we expect */
323 asoc->str_reset_seq_in = asoc->asconf_seq_in + 1;
324
325 asoc->mapping_array_base_tsn = ntohl(init->initial_tsn);
326 asoc->cumulative_tsn = asoc->asconf_seq_in;
327 asoc->last_echo_tsn = asoc->asconf_seq_in;
--- 113 unchanged lines hidden (view full) ---
441 stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs,
442 stcb->asoc.local_hmacs);
443 if (op_err) {
444 sctp_queue_op_err(stcb, op_err);
445 /* queuing will steal away the mbuf chain to the out queue */
446 op_err = NULL;
447 }
448 /* extract the cookie and queue it to "echo" it back... */
449 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
450 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
451 stcb->asoc.overall_error_count,
452 0,
453 SCTP_FROM_SCTP_INPUT,
454 __LINE__);
455 }
456 stcb->asoc.overall_error_count = 0;
457 net->error_count = 0;
--- 133 unchanged lines hidden (view full) ---
591 }
592 /*
593 * JRS 5/14/07 - If CMT PF is on and the destination is in PF state,
594 * set the destination to active state and set the cwnd to one or
595 * two MTU's based on whether PF1 or PF2 is being used. If a T3
596 * timer is running, for the destination, stop the timer because a
597 * PF-heartbeat was received.
598 */
599 if (SCTP_BASE_SYSCTL(sctp_cmt_on_off) &&
600 SCTP_BASE_SYSCTL(sctp_cmt_pf) &&
601 (net->dest_state & SCTP_ADDR_PF) == SCTP_ADDR_PF) {
602 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
603 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
604 stcb, net,
605 SCTP_FROM_SCTP_INPUT + SCTP_LOC_5);
606 }
607 net->dest_state &= ~SCTP_ADDR_PF;
608 net->cwnd = net->mtu * SCTP_BASE_SYSCTL(sctp_cmt_pf);
609 SCTPDBG(SCTP_DEBUG_INPUT1, "Destination %p moved from PF to reachable with cwnd %d.\n",
610 net, net->cwnd);
611 }
612 /* Now lets do a RTO with this */
613 r_net->RTO = sctp_calculate_rto(stcb, &stcb->asoc, r_net, &tv, sctp_align_safe_nocopy);
614 /* Mobility adaptation */
615 if (req_prim) {
616 if ((sctp_is_mobility_feature_on(stcb->sctp_ep,
--- 551 unchanged lines hidden (view full) ---
1168 /* error in parsing parameters */
1169 return (-1);
1170 }
1171 /* update our state */
1172 SCTPDBG(SCTP_DEBUG_INPUT2, "moving to COOKIE-ECHOED state\n");
1173 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_ECHOED);
1174
1175 /* reset the RTO calc */
1176 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
1177 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
1178 stcb->asoc.overall_error_count,
1179 0,
1180 SCTP_FROM_SCTP_INPUT,
1181 __LINE__);
1182 }
1183 stcb->asoc.overall_error_count = 0;
1184 (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered);
--- 491 unchanged lines hidden (view full) ---
1676 }
1677 /* process the INIT-ACK info (my info) */
1678 asoc->my_vtag = ntohl(initack_cp->init.initiate_tag);
1679 asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd);
1680
1681 /* pull from vtag hash */
1682 LIST_REMOVE(stcb, sctp_asocs);
1683 /* re-insert to new vtag position */
1684 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag,
1685 SCTP_BASE_INFO(hashasocmark))];
1686 /*
1687 * put it in the bucket in the vtag hash of assoc's for the
1688 * system
1689 */
1690 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
1691
1692 /* Is this the first restart? */
1693 if (stcb->asoc.in_restart_hash == 0) {
1694 /* Ok add it to assoc_id vtag hash */
1695 head = &SCTP_BASE_INFO(sctp_restarthash)[SCTP_PCBHASH_ASOC(stcb->asoc.assoc_id,
1696 SCTP_BASE_INFO(hashrestartmark))];
1697 LIST_INSERT_HEAD(head, stcb, sctp_tcbrestarhash);
1698 stcb->asoc.in_restart_hash = 1;
1699 }
1700 /* process the INIT info (peer's info) */
1701 SCTP_TCB_SEND_UNLOCK(stcb);
1702 SCTP_INP_WUNLOCK(stcb->sctp_ep);
1703 SCTP_INP_INFO_WUNLOCK();
1704
--- 498 unchanged lines hidden (view full) ---
2203 return (NULL);
2204 }
2205 m_sig = m_split(m, sig_offset, M_DONTWAIT);
2206 if (m_sig == NULL) {
2207 /* out of memory or ?? */
2208 return (NULL);
2209 }
2210#ifdef SCTP_MBUF_LOGGING
2211 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
2212 struct mbuf *mat;
2213
2214 mat = m_sig;
2215 while (mat) {
2216 if (SCTP_BUF_IS_EXTENDED(mat)) {
2217 sctp_log_mb(mat, SCTP_MBUF_SPLIT);
2218 }
2219 mat = SCTP_BUF_NEXT(mat);
--- 743 unchanged lines hidden (view full) ---
2963
2964 /* restart the timer */
2965 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2966 stcb, tp1->whoTo, SCTP_FROM_SCTP_INPUT + SCTP_LOC_24);
2967 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep,
2968 stcb, tp1->whoTo);
2969
2970 /* fix counts and things */
2971 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
2972 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_PDRP,
2973 tp1->whoTo->flight_size,
2974 tp1->book_size,
2975 (uintptr_t) stcb,
2976 tp1->rec.data.TSN_seq);
2977 }
2978 sctp_flight_size_decrease(tp1);
2979 sctp_total_flight_decrease(stcb, tp1);
--- 301 unchanged lines hidden (view full) ---
3281 fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk));
3282 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
3283 fwdtsn.new_cumulative_tsn = htonl(ntohl(resp->senders_next_tsn) - 1);
3284 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag, NULL, 0);
3285 if (abort_flag) {
3286 return (1);
3287 }
3288 stcb->asoc.highest_tsn_inside_map = (ntohl(resp->senders_next_tsn) - 1);
3289 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
3290 sctp_log_map(0, 7, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
3291 }
3292 stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
3293 stcb->asoc.mapping_array_base_tsn = ntohl(resp->senders_next_tsn);
3294 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
3295 stcb->asoc.sending_seq = ntohl(resp->receivers_next_tsn);
3296 stcb->asoc.last_acked_seq = stcb->asoc.cumulative_tsn;
3297
3298 sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL);
3299 sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL);
--- 87 unchanged lines hidden (view full) ---
3387 fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN;
3388 fwdtsn.ch.chunk_flags = 0;
3389 fwdtsn.new_cumulative_tsn = htonl(stcb->asoc.highest_tsn_inside_map + 1);
3390 sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag, NULL, 0);
3391 if (abort_flag) {
3392 return (1);
3393 }
3394 stcb->asoc.highest_tsn_inside_map += SCTP_STREAM_RESET_TSN_DELTA;
3395 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) {
3396 sctp_log_map(0, 10, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT);
3397 }
3398 stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map;
3399 stcb->asoc.mapping_array_base_tsn = stcb->asoc.highest_tsn_inside_map + 1;
3400 memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size);
3401 atomic_add_int(&stcb->asoc.sending_seq, 1);
3402 /* save off historical data for retrans */
3403 stcb->asoc.last_sending_seq[1] = stcb->asoc.last_sending_seq[0];
3404 stcb->asoc.last_sending_seq[0] = stcb->asoc.sending_seq;
3405 stcb->asoc.last_base_tsnsent[1] = stcb->asoc.last_base_tsnsent[0];
--- 477 unchanged lines hidden (view full) ---
3883 }
3884 } else if (ch->chunk_type != SCTP_COOKIE_ECHO) {
3885 /*
3886 * If there is no stcb, skip the AUTH chunk and process
3887 * later after a stcb is found (to validate the lookup was
3888 * valid.
3889 */
3890 if ((ch->chunk_type == SCTP_AUTHENTICATION) &&
3891 (stcb == NULL) &&
3892 !SCTP_BASE_SYSCTL(sctp_auth_disable)) {
3893 /* save this chunk for later processing */
3894 auth_skipped = 1;
3895 auth_offset = *offset;
3896 auth_len = ntohs(ch->chunk_length);
3897
3898 /* (temporarily) move past this chunk */
3899 *offset += SCTP_SIZE32(auth_len);
3900 if (*offset >= length) {
--- 136 unchanged lines hidden (view full) ---
4037 } /* end if !SCTP_COOKIE_ECHO */
4038 /*
4039 * process all control chunks...
4040 */
4041 if (((ch->chunk_type == SCTP_SELECTIVE_ACK) ||
4042 (ch->chunk_type == SCTP_HEARTBEAT_REQUEST)) &&
4043 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_COOKIE_ECHOED)) {
4044 /* implied cookie-ack.. we must have lost the ack */
4045 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4046 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4047 stcb->asoc.overall_error_count,
4048 0,
4049 SCTP_FROM_SCTP_INPUT,
4050 __LINE__);
4051 }
4052 stcb->asoc.overall_error_count = 0;
4053 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb,
--- 82 unchanged lines hidden (view full) ---
4136 stcb->asoc.last_control_chunk_from = *netp;
4137 }
4138 }
4139#ifdef SCTP_AUDITING_ENABLED
4140 sctp_audit_log(0xB0, ch->chunk_type);
4141#endif
4142
4143 /* check to see if this chunk required auth, but isn't */
4144 if ((stcb != NULL) &&
4145 !SCTP_BASE_SYSCTL(sctp_auth_disable) &&
4146 sctp_auth_is_required_chunk(ch->chunk_type, stcb->asoc.local_auth_chunks) &&
4147 !stcb->asoc.authenticated) {
4148 /* "silently" ignore */
4149 SCTP_STAT_INCR(sctps_recvauthmissing);
4150 goto next_chunk;
4151 }
4152 switch (ch->chunk_type) {
4153 case SCTP_INITIATION:
4154 /* must be first and only chunk */
--- 11 unchanged lines hidden (view full) ---
4166 SCTP_TCB_UNLOCK(locked_tcb);
4167 }
4168 *offset = length;
4169 return (NULL);
4170 }
4171 }
4172 if ((chk_length > SCTP_LARGEST_INIT_ACCEPTED) ||
4173 (num_chunks > 1) ||
4174 (SCTP_BASE_SYSCTL(sctp_strict_init) && (length - *offset > (int)SCTP_SIZE32(chk_length)))) {
4175 *offset = length;
4176 if (locked_tcb) {
4177 SCTP_TCB_UNLOCK(locked_tcb);
4178 }
4179 return (NULL);
4180 }
4181 if ((stcb != NULL) &&
4182 (SCTP_GET_STATE(&stcb->asoc) ==
--- 48 unchanged lines hidden (view full) ---
4231#if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
4232 SCTP_SOCKET_UNLOCK(so, 1);
4233#endif
4234 }
4235 return (NULL);
4236 }
4237 }
4238 if ((num_chunks > 1) ||
4239 (SCTP_BASE_SYSCTL(sctp_strict_init) && (length - *offset > (int)SCTP_SIZE32(chk_length)))) {
4240 *offset = length;
4241 if (locked_tcb) {
4242 SCTP_TCB_UNLOCK(locked_tcb);
4243 }
4244 return (NULL);
4245 }
4246 if ((netp) && (*netp)) {
4247 ret = sctp_handle_init_ack(m, iphlen, *offset, sh,
--- 87 unchanged lines hidden (view full) ---
4335 case SCTP_HEARTBEAT_REQUEST:
4336 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_HEARTBEAT\n");
4337 if ((stcb) && netp && *netp) {
4338 SCTP_STAT_INCR(sctps_recvheartbeat);
4339 sctp_send_heartbeat_ack(stcb, m, *offset,
4340 chk_length, *netp);
4341
4342 /* He's alive so give him credit */
4343 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4344 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4345 stcb->asoc.overall_error_count,
4346 0,
4347 SCTP_FROM_SCTP_INPUT,
4348 __LINE__);
4349 }
4350 stcb->asoc.overall_error_count = 0;
4351 }
--- 4 unchanged lines hidden (view full) ---
4356 /* Its not ours */
4357 *offset = length;
4358 if (locked_tcb) {
4359 SCTP_TCB_UNLOCK(locked_tcb);
4360 }
4361 return (NULL);
4362 }
4363 /* He's alive so give him credit */
4364 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4365 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4366 stcb->asoc.overall_error_count,
4367 0,
4368 SCTP_FROM_SCTP_INPUT,
4369 __LINE__);
4370 }
4371 stcb->asoc.overall_error_count = 0;
4372 SCTP_STAT_INCR(sctps_recvheartbeatack);
--- 64 unchanged lines hidden (view full) ---
4437 * sincen it is possible that a previous endpoint
4438 * WAS listening responded to a INIT-ACK and then
4439 * closed. We opened and bound.. and are now no
4440 * longer listening.
4441 */
4442
4443 if ((stcb == NULL) && (inp->sctp_socket->so_qlen >= inp->sctp_socket->so_qlimit)) {
4444 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
4445 (SCTP_BASE_SYSCTL(sctp_abort_if_one_2_one_hits_limit))) {
4446 struct mbuf *oper;
4447 struct sctp_paramhdr *phdr;
4448
4449 oper = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
4450 0, M_DONTWAIT, 1, MT_DATA);
4451 if (oper) {
4452 SCTP_BUF_LEN(oper) =
4453 sizeof(struct sctp_paramhdr);
--- 97 unchanged lines hidden (view full) ---
4551 SCTP_SOCKET_UNLOCK(so, 1);
4552#endif
4553 *offset = length;
4554 return (NULL);
4555 }
4556 }
4557 /* He's alive so give him credit */
4558 if ((stcb) && netp && *netp) {
4559 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4560 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4561 stcb->asoc.overall_error_count,
4562 0,
4563 SCTP_FROM_SCTP_INPUT,
4564 __LINE__);
4565 }
4566 stcb->asoc.overall_error_count = 0;
4567 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, *netp);
--- 6 unchanged lines hidden (view full) ---
4574 /* Its not ours */
4575 if (locked_tcb) {
4576 SCTP_TCB_UNLOCK(locked_tcb);
4577 }
4578 *offset = length;
4579 return (NULL);
4580 }
4581 if (stcb) {
4582 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4583 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4584 stcb->asoc.overall_error_count,
4585 0,
4586 SCTP_FROM_SCTP_INPUT,
4587 __LINE__);
4588 }
4589 stcb->asoc.overall_error_count = 0;
4590 sctp_handle_ecn_echo((struct sctp_ecne_chunk *)ch,
--- 7 unchanged lines hidden (view full) ---
4598 /* Its not ours */
4599 if (locked_tcb) {
4600 SCTP_TCB_UNLOCK(locked_tcb);
4601 }
4602 *offset = length;
4603 return (NULL);
4604 }
4605 if (stcb) {
4606 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4607 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4608 stcb->asoc.overall_error_count,
4609 0,
4610 SCTP_FROM_SCTP_INPUT,
4611 __LINE__);
4612 }
4613 stcb->asoc.overall_error_count = 0;
4614 sctp_handle_ecn_cwr((struct sctp_cwr_chunk *)ch, stcb);
--- 16 unchanged lines hidden (view full) ---
4631 }
4632 *offset = length;
4633 return (NULL);
4634 break;
4635 case SCTP_ASCONF:
4636 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ASCONF\n");
4637 /* He's alive so give him credit */
4638 if (stcb) {
4639 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4640 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4641 stcb->asoc.overall_error_count,
4642 0,
4643 SCTP_FROM_SCTP_INPUT,
4644 __LINE__);
4645 }
4646 stcb->asoc.overall_error_count = 0;
4647 sctp_handle_asconf(m, *offset,
--- 8 unchanged lines hidden (view full) ---
4656 if (locked_tcb) {
4657 SCTP_TCB_UNLOCK(locked_tcb);
4658 }
4659 *offset = length;
4660 return (NULL);
4661 }
4662 if ((stcb) && netp && *netp) {
4663 /* He's alive so give him credit */
4664 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4665 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4666 stcb->asoc.overall_error_count,
4667 0,
4668 SCTP_FROM_SCTP_INPUT,
4669 __LINE__);
4670 }
4671 stcb->asoc.overall_error_count = 0;
4672 sctp_handle_asconf_ack(m, *offset,
--- 12 unchanged lines hidden (view full) ---
4685 *offset = length;
4686 return (NULL);
4687 }
4688 /* He's alive so give him credit */
4689 if (stcb) {
4690 int abort_flag = 0;
4691
4692 stcb->asoc.overall_error_count = 0;
4693 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4694 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4695 stcb->asoc.overall_error_count,
4696 0,
4697 SCTP_FROM_SCTP_INPUT,
4698 __LINE__);
4699 }
4700 *fwd_tsn_seen = 1;
4701 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
--- 14 unchanged lines hidden (view full) ---
4716 return (NULL);
4717 }
4718 sctp_handle_forward_tsn(stcb,
4719 (struct sctp_forward_tsn_chunk *)ch, &abort_flag, m, *offset);
4720 if (abort_flag) {
4721 *offset = length;
4722 return (NULL);
4723 } else {
4724 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
4725 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
4726 stcb->asoc.overall_error_count,
4727 0,
4728 SCTP_FROM_SCTP_INPUT,
4729 __LINE__);
4730 }
4731 stcb->asoc.overall_error_count = 0;
4732 }
--- 57 unchanged lines hidden (view full) ---
4790 stcb, *netp,
4791 min(chk_length, (sizeof(chunk_buf) - 4)));
4792
4793 }
4794 break;
4795
4796 case SCTP_AUTHENTICATION:
4797 SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_AUTHENTICATION\n");
4798 if (SCTP_BASE_SYSCTL(sctp_auth_disable))
4799 goto unknown_chunk;
4800
4801 if (stcb == NULL) {
4802 /* save the first AUTH for later processing */
4803 if (auth_skipped == 0) {
4804 auth_offset = *offset;
4805 auth_len = chk_length;
4806 auth_skipped = 1;
--- 47 unchanged lines hidden (view full) ---
4854 */
4855 phd->param_type = htons(SCTP_CAUSE_UNRECOG_CHUNK);
4856 phd->param_length = htons(chk_length + sizeof(*phd));
4857 SCTP_BUF_LEN(mm) = sizeof(*phd);
4858 SCTP_BUF_NEXT(mm) = SCTP_M_COPYM(m, *offset, SCTP_SIZE32(chk_length),
4859 M_DONTWAIT);
4860 if (SCTP_BUF_NEXT(mm)) {
4861#ifdef SCTP_MBUF_LOGGING
4862 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
4863 struct mbuf *mat;
4864
4865 mat = SCTP_BUF_NEXT(mm);
4866 while (mat) {
4867 if (SCTP_BUF_IS_EXTENDED(mat)) {
4868 sctp_log_mb(mat, SCTP_MBUF_ICOPY);
4869 }
4870 mat = SCTP_BUF_NEXT(mat);
--- 137 unchanged lines hidden (view full) ---
5008 int un_sent;
5009
5010 SCTP_STAT_INCR(sctps_recvdatagrams);
5011#ifdef SCTP_AUDITING_ENABLED
5012 sctp_audit_log(0xE0, 1);
5013 sctp_auditing(0, inp, stcb, net);
5014#endif
5015
5016 SCTPDBG(SCTP_DEBUG_INPUT1, "Ok, Common input processing called, m:%p iphlen:%d offset:%d length:%d stcb:%p\n",
5017 m, iphlen, offset, length, stcb);
5018 if (stcb) {
5019 /* always clear this before beginning a packet */
5020 stcb->asoc.authenticated = 0;
5021 stcb->asoc.seen_a_sack_this_pkt = 0;
5022 SCTPDBG(SCTP_DEBUG_INPUT1, "stcb:%p state:%x\n",
5023 stcb, stcb->asoc.state);
5024
5025 if ((stcb->asoc.state & SCTP_STATE_WAS_ABORTED) ||
--- 16 unchanged lines hidden (view full) ---
5042 stcb = sctp_process_control(m, iphlen, &offset, length, sh, ch,
5043 inp, stcb, &net, &fwd_tsn_seen, vrf_id, port);
5044 if (stcb) {
5045 /*
5046 * This covers us if the cookie-echo was there and
5047 * it changes our INP.
5048 */
5049 inp = stcb->sctp_ep;
5050 if ((net) && (port)) {
5051 if (net->port == 0) {
5052 sctp_pathmtu_adjustment(inp, stcb, net, net->mtu - sizeof(struct udphdr));
5053 }
5054 net->port = port;
5055 }
5056 }
5057 } else {
5058 /*
5059 * no control chunks, so pre-process DATA chunks (these
5060 * checks are taken care of by control processing)
5061 */
5062
5063 /*
5064 * if DATA only packet, and auth is required, then punt...
5065 * can't have authenticated without any AUTH (control)
5066 * chunks
5067 */
5068 if ((stcb != NULL) &&
5069 !SCTP_BASE_SYSCTL(sctp_auth_disable) &&
5070 sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks)) {
5071 /* "silently" ignore */
5072 SCTP_STAT_INCR(sctps_recvauthmissing);
5073 SCTP_TCB_UNLOCK(stcb);
5074 goto out_now;
5075 }
5076 if (stcb == NULL) {
5077 /* out of the blue DATA chunk */
5078 sctp_handle_ootb(m, iphlen, offset, sh, inp, NULL,
--- 20 unchanged lines hidden (view full) ---
5099 * DATA chunk processing
5100 */
5101 /* plow through the data chunks while length > offset */
5102
5103 /*
5104 * Rest should be DATA only. Check authentication state if AUTH for
5105 * DATA is required.
5106 */
5107 if ((length > offset) &&
5108 (stcb != NULL) &&
5109 !SCTP_BASE_SYSCTL(sctp_auth_disable) &&
5110 sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks) &&
5111 !stcb->asoc.authenticated) {
5112 /* "silently" ignore */
5113 SCTP_STAT_INCR(sctps_recvauthmissing);
5114 SCTPDBG(SCTP_DEBUG_AUTH1,
5115 "Data chunk requires AUTH, skipped\n");
5116 goto trigger_send;
5117 }
5118 if (length > offset) {
--- 6 unchanged lines hidden (view full) ---
5125 */
5126 switch (SCTP_GET_STATE(&stcb->asoc)) {
5127 case SCTP_STATE_COOKIE_ECHOED:
5128 /*
5129 * we consider data with valid tags in this state
5130 * shows us the cookie-ack was lost. Imply it was
5131 * there.
5132 */
5133 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
5134 sctp_misc_ints(SCTP_THRESHOLD_CLEAR,
5135 stcb->asoc.overall_error_count,
5136 0,
5137 SCTP_FROM_SCTP_INPUT,
5138 __LINE__);
5139 }
5140 stcb->asoc.overall_error_count = 0;
5141 sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, net);
--- 134 unchanged lines hidden (view full) ---
5276
5277 net = NULL;
5278 SCTP_STAT_INCR(sctps_recvpackets);
5279 SCTP_STAT_INCR_COUNTER64(sctps_inpackets);
5280
5281
5282#ifdef SCTP_MBUF_LOGGING
5283 /* Log in any input mbufs */
5284 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
5285 mat = m;
5286 while (mat) {
5287 if (SCTP_BUF_IS_EXTENDED(mat)) {
5288 sctp_log_mb(mat, SCTP_MBUF_INPUT);
5289 }
5290 mat = SCTP_BUF_NEXT(mat);
5291 }
5292 }
5293#endif
5294#ifdef SCTP_PACKET_LOGGING
5295 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
5296 sctp_packet_log(m, mlen);
5297#endif
5298 /*
5299 * Must take out the iphlen, since mlen expects this (only effect lb
5300 * case)
5301 */
5302 mlen -= iphlen;
5303
--- 22 unchanged lines hidden (view full) ---
5326 /*
5327 * We only look at broadcast if its a front state, All
5328 * others we will not have a tcb for anyway.
5329 */
5330 goto bad;
5331 }
5332 /* validate SCTP checksum */
5333 check = sh->checksum; /* save incoming checksum */
5334 if ((check == 0) && (SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback)) &&
5335 ((ip->ip_src.s_addr == ip->ip_dst.s_addr) ||
5336 (SCTP_IS_IT_LOOPBACK(m)))
5337 ) {
5338 goto sctp_skip_csum_4;
5339 }
5340 sh->checksum = 0; /* prepare for calc */
5341 calc_check = sctp_calculate_sum(m, &mlen, iphlen);
5342 if (calc_check != check) {
--- 140 unchanged lines hidden ---