#
360731 |
|
07-May-2020 |
tuexen |
MFC r351654: Improve handling of cookie parameters in INIT-ACK chunks
Improve the handling of state cookie parameters in INIT-ACK chunks. This fixes problem with parameters indicating a zero length or partial parameters after an unknown parameter indicating to stop processing. It also fixes a problem with state cookie parameters after unknown parametes indicating to stop porcessing. Thanks to Mark Wodrich from Google for finding two of these issues by fuzz testing the userland stack and reporting them in https://github.com/sctplab/usrsctp/issues/355 and https://github.com/sctplab/usrsctp/issues/352
|
#
347154 |
|
05-May-2019 |
tuexen |
MFC r336511: Whitespace changes due to changes in ident.
|
#
332201 |
|
07-Apr-2018 |
tuexen |
MFC r323861:
Code cleanup, no functional change.
|
#
332169 |
|
07-Apr-2018 |
tuexen |
MFC r321034:
Fix the handling of Explicit EOR mode.
While there, appropriately handle the overhead depending on the usage of DATA or I-DATA chunks. Take the overhead only into account, when required.
Joint work with rrs@
|
#
331722 |
|
29-Mar-2018 |
eadler |
Revert r330897:
This was intended to be a non-functional change. It wasn't. The commit message was thus wrong. In addition it broke arm, and merged crypto related code.
Revert with prejudice.
This revert skips files touched in r316370 since that commit was since MFCed. This revert also skips files that require $FreeBSD$ property changes.
Thank you to those who helped me get out of this mess including but not limited to gonzo, kevans, rgrimes.
Requested by: gjb (re)
|
#
330897 |
|
14-Mar-2018 |
eadler |
Partial merge of the SPDX changes
These changes are incomplete but are making it difficult to determine what other changes can/should be merged.
No objections from: pfg
|
#
310773 |
|
29-Dec-2016 |
tuexen |
MFC r310590:
Whitespace changes.
The toolchain for processing the sources has been updated. No functional change.
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
295072 |
|
30-Jan-2016 |
tuexen |
Don't allow a remote encapsulation port change during the SCTP restart procedure.
MFC after: 3 days
|
#
285837 |
|
24-Jul-2015 |
rrs |
Fix an issue with MAC OS locking and also optimize the case where we are sending back a stream-reset and a sack timer is running, in that case we should just send the SACK.
MFC after: 3 weeks
|
#
285792 |
|
22-Jul-2015 |
rrs |
Fix several problems with Stream Reset. 1) We were not handling (or sending) the IN_PROGRESS case if the other side (or our side) was not able to reset (awaiting more data). 2) We would improperly send a stream-reset when we should not. Not waiting until the TSN had been assigned when data was inqueue.
Reviewed by: tuexen
|
#
284515 |
|
17-Jun-2015 |
tuexen |
Add FIB support for SCTP. This fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200379
MFC after: 3 days
|
#
272751 |
|
08-Oct-2014 |
tuexen |
Ensure that the list of streams sent in a stream reset parameter fits in an mbuf-cluster. Thanks to Peter Bostroem for drawing my attention to this part of the code.
|
#
246595 |
|
09-Feb-2013 |
tuexen |
Cleanup the handling of address scopes. Announce in the INIT/INIT-ACK only the supported address types. While there, do some whitespace cleanups.
MFC after: 1 week
|
#
244021 |
|
08-Dec-2012 |
tuexen |
Ensure that the padding of the last parameter of an INIT chunk is not included in the chunk length as required by RFC 4960. While there, cleanup sctp_send_initiate().
MFC after: 2 weeks
|
#
240826 |
|
22-Sep-2012 |
tuexen |
Small cleanups. No functional change.
MFC after: 10 days
|
#
237715 |
|
28-Jun-2012 |
tuexen |
Pass the src and dst address of a received packet explicitly around.
MFC after: 3 days
|
#
237542 |
|
24-Jun-2012 |
tuexen |
Pass the packet length explicitly around.
MFC after: 3 days
|
#
237049 |
|
14-Jun-2012 |
tuexen |
Pass flowid explicitly through the stack instead of taking it from the mbuf chain at different places. While there: Fix several bugs related to VRFs.
MFC after: 3 days
|
#
236956 |
|
12-Jun-2012 |
tuexen |
Unify the sending of ABORT, SHUTDOWN-COMPLETE and ERROR chunks. While there: Fix also some minor bugs and prepare for SCTP/DTLS.
MFC after: 3 days
|
#
235828 |
|
23-May-2012 |
tuexen |
Use consistent text at the begining of the files.
MFC after: 3 days
|
#
233660 |
|
29-Mar-2012 |
rrs |
Make stream our stream reset implementation compliant to RFC6525.
MFC after: 1 month
|
#
228653 |
|
17-Dec-2011 |
tuexen |
Fix unused parameter warnings. While there, fix some whitespace issues.
MFC after: 3 months.
|
#
224641 |
|
03-Aug-2011 |
tuexen |
The result of a joint work between rrs@ and myself at the IETF: * Decouple the path supervision using a separate HB timer per path. * Add support for potentially failed state. * Bring back RTO.min to 1 second. * Accept packets on IP-addresses already announced via an ASCONF * While there: do some cleanups.
Approved by: re@ MFC after: 2 months.
|
#
221904 |
|
14-May-2011 |
tuexen |
Fix the source address selection for boundall sockets when sending INITs to a global IPv4 address having only private IPv4 address. Allow the usage of a private address and make sure that no other private address will be used by the association. Initial work was done by rrs@.
MFC after: 1 week.
|
#
221627 |
|
08-May-2011 |
tuexen |
Fix a locking issue showing up on Mac OS X when subscribing to authentication events. DTLS/SCTP renegotiations trigger the bug.
MFC after: 2 weeks.
|
#
218319 |
|
05-Feb-2011 |
rrs |
1) Typo correction in comments and one spacing change. 2) Mass update to all copyrights. MFC after: 3 Months
|
#
218072 |
|
29-Jan-2011 |
rrs |
Fixes to ECN in SCTP. 1) ECN was on an association basis, this is incorrect and will not work with CMT or for that matter if the user is sending to multiple addresses. This commit makes ECN on a per path basis. 2) Adopt the new format for the ECN internet draft. This also maintains compatability with old format chunks as well. 3) Keep track of the real time of a RTT down to micro seconds. For some future conditional features (for like a data center this is good information to have). MFC after: 1 month
|
#
217760 |
|
23-Jan-2011 |
tuexen |
Add stream scheduling support. This work is based on a patch received from Robin Seggelmann.
MFC after: 3 months.
|
#
212712 |
|
15-Sep-2010 |
tuexen |
Delay the assignment of a path for DATA chunk until they hit the sent_queue. Honor a given path when the SCTP_ADDR_OVER flag is set.
MFC after: 2 weeks.
|
#
206137 |
|
03-Apr-2010 |
tuexen |
* Fix some race condition in SACK/NR-SACK processing. * Fix handling of mapping arrays when draining mbufs or processing FORWARD-TSN chunks. * Cleanup code (no duplicate code anymore for SACKs and NR-SACKs). Part of this code was developed together with rrs. MFC after: 2 weeks.
|
#
204141 |
|
20-Feb-2010 |
tuexen |
Fix handling of SHUTDOWN-ACK chunk in COOKIE_WAIT and COOKIE_ECHOED.
MFC after: 1 week
|
#
189121 |
|
27-Feb-2009 |
rrs |
Fix the add stream feature of strm-reset to really work: - Fix the copy, we can't do a blind copy but must transfer the data from the old to the new. - Fix the ACK processing so we properly stop retransmitting the thing. - Fix it so if we get a retran we will properly reply with the saved response without doing anything.
MFC after: 1 month
|
#
188854 |
|
20-Feb-2009 |
rrs |
Add the add-stream capability. Still needs more testing..
MFC after: 1 month
|
#
185694 |
|
06-Dec-2008 |
rrs |
Code from the hack-session known as the IETF (and a bit of debugging afterwards): - Fix protection code for notification generation. - Decouple associd from vtag - Allow vtags to have less strigent requirements in non-uniqueness. o don't pre-hash them when you issue one in a cookie. o Allow duplicates and use addresses and ports to discriminate amongst the duplicates during lookup. - Add support for the NAT draft draft-ietf-behave-sctpnat-00, this is still experimental and needs more extensive testing with the Jason Butt ipfw changes. - Support for the SENDER_DRY event to get DTLS in OpenSSL working with a set of patches from Michael Tuexen (hopefully heading to OpenSSL soon). - Update the support of SCTP-AUTH by Peter Lei. - Use macros for refcounting. - Fix MTU for UDP encapsulation. - Fix reporting back of unsent data. - Update assoc send counter handling to be consistent with endpoint sent counter. - Fix a bug in PR-SCTP. - Fix so we only send another FWD-TSN when a SACK arrives IF and only if the adv-peer-ack point progressed. However we still make sure a timer is running if we do have an adv_peer_ack point. - Fix PR-SCTP bug where chunks were retransmitted if they are sent unreliable but not abandoned yet.
With the help of: Michael Teuxen and Peter Lei :-) MFC after: 4 weeks
|
#
180387 |
|
09-Jul-2008 |
rrs |
1) Adds the rest of the VIMAGE change macros 2) Adds some __UserSpace__ on some of the common defines that the user space code needs 3) Fixes a bug when we send up data to a user that failed. We need to a) trim off the data chunk headers, if present, and b) make sure the frag bit is communicated properly for the msgs coming off the stream queues... i.e. we see if some of the msg has been taken.
Obtained from: jeli contributed the VIMAGE changes on this pass Thanks Julain!
|
#
179157 |
|
20-May-2008 |
rrs |
- Adds support for the multi-asconf (From Kozuka-san) - Adds some prepwork (Not all yet) for vimage in particular support the delete the sctppcbinfo.xx structs. There is still a leak in here if it were to be called plus we stil need the regrouping (From Me and Michael Tuexen) - Adds support for UDP tunneling. For BSD there is no socket yet setup so its disabled, but major argument changes are in here to emcompass the passing of the port number (zero when you don't have a udp tunnel, the default for BSD). Will add some hooks in UDP here shortly (discussed with Robert) that will allow easy tunneling. (Mainly from Peter Lei and Michael Tuexen with some BSD work from me :-D) - Some ease for windows, evidently leave is reserved by their compile move label leave: -> out:
MFC after: 1 week
|
#
172396 |
|
01-Oct-2007 |
rrs |
- Bug fix managing congestion parameter on immediate retransmittion by handover event (fast mobility code) - Fixed problem of mobility code which is caused by remaining parameters in the deleted primary destination. - Add a missing lock. When a peer sends an INIT, and while we are processing it to send an INIT-ACK the socket is closed, we did not hold a lock to keep the socket from going away. Add protection for this case. - Fix so that arwnd is alway uses the minimal rwnd if the user has set the socket buffer smaller. Found this when the test org decided to see what happens when you set in a rwnd of 10 bytes (which is not allowed per RFC .. 4k is minimum). - Fixes so a cookie-echo ootb will NOT cause an abort to be sent. This was happening in a MPI collision case. - Examined all panics and unless there was no recovery, moved any that were not already to INVARANTS.
Approved by: re@freebsd.org (gnn)
|
#
172190 |
|
15-Sep-2007 |
rrs |
- Get rid of unsused constants for sysctl variables. - Fix panic from mutex unlock on freed lock when ASCONF-ACK aborts an assoc - Fix panic from addr lock recursion when ASCONFs are queued in the front states - ASCONFs "queued" in the front states should really be bundled after the COOKIE-ACK, not in front of it - Fix issue with addresses deleted in the front states from being sent with ASCONF(DELETE)-- replaced sctp_asconf_queue_add_sa() with delete specific function - Comment change in sctp.h the drafts are now RFC's Approved by: re@freebsd.org (B Mah)
|
#
172090 |
|
08-Sep-2007 |
rrs |
- Locking compatiability changes. This involves adding additional flags to many function calls. The flags only get used in BSD when we compile with lock testing. These flags allow apple to escape the "giant" lock it holds on the socket and have more fine-grained locking in the NKE. It also allows us to test (with witness) the locking used by apple via a compile switch (manually applied).
Approved by: re@freebsd.org(B Mah)
|
#
171990 |
|
27-Aug-2007 |
rrs |
- During shutdown pending, when the last sack came in and the last message on the send stream was "null" but still there, a state we allow, we could get hung and not clean it up and wait for the shutdown guard timer to clear the association without a graceful close. Fix this so that that we properly clean up. - Added support for Multiple ASCONF per new RFC. We only (so far) accept input of these and cannot yet generate a multi-asconf. - Sysctl'd support for experimental Fast Handover feature. Always disabled unless sysctl or socket option changes to enable. - Error case in add-ip where the peer supports AUTH and ADD-IP but does NOT require AUTH of ASCONF/ASCONF-ACK. We need to ABORT in this case. - According to the Kyoto summit of socket api developers (Solaris, Linux, BSD). We need to have: o non-eeor mode messages be atomic - Fixed o Allow implicit setup of an assoc in 1-2-1 model if using the sctp_**() send calls - Fixed o Get rid of HAVE_XXX declarations - Done o add a sctp_pr_policy in hole in sndrcvinfo structure - Done o add a PR_SCTP_POLICY_VALID type flag - yet to-do in a future patch! - Optimize sctp6 calls to reuse code in sctp_usrreq. Also optimize when we close sending out the data and disabling Nagle. - Change key concatenation order to match the auth RFC - When sending OOTB shutdown_complete always do csum. - Don't send PKT-DROP to a PKT-DROP - For abort chunks just always checksums same for shutdown-complete. - inpcb_free front state had a bug where in queue data could wedge an assoc. We need to just abandon ones in front states (free_assoc). - If a peer sends us a 64k abort, we would try to assemble a response packet which may be larger than 64k. This then would be dropped by IP. Instead make a "minimum" size for us 64k-2k (we want at least 2k for our initack). If we receive such an init discard it early without all the processing. - When we peel off we must increment the tcb ref count to keep it from being freed from underneath us. - handling fwd-tsn had bugs that caused memory overwrites when given faulty data, fixed so can't happen and we also stop at the first bad stream no. - Fixed so comm-up generates the adaption indication. - peeloff did not get the hmac params copied. - fix it so we lock the addr list when doing src-addr selection (in future we need to use a multi-reader/one writer lock here) - During lowlevel output, we could end up with a _l_addr set to null if the iterator is calling the output routine. This means we would possibly crash when we gather the MTU info. Fix so we only do the gather where we have a src address cached. - we need to be sure to set abort flag on conn state when we receive an abort. - peeloff could leak a socket. Moved code so the close will find the socket if the peeloff fails (uipc_syscalls.c)
Approved by: re@freebsd.org(Ken Smith)
|
#
170181 |
|
01-Jun-2007 |
rrs |
- Take out the broken table-id concept. Panda Routers have a M-VRF concept that is NOT well thought out for a multi-homed transport protocol. So the useless table-id entries passed around need to be removed. - Add a event timer for the zero copy api. - Fix a bug in sctp_timer.c when searching for an alternate with the largest ssthresh (the compare was wrong).
|
#
169382 |
|
08-May-2007 |
rrs |
- Copyright change, cisco's silly tool wants it to say: "Copyright (c) 2001-2007, by Cisco Systems," instead of *Copyright (c) 2001-2007, Cisco Systems,"
- Also fix a few straglers that were still in 2006.
|
#
169378 |
|
08-May-2007 |
rrs |
- Static analyisis fixes for cisco's commit (this is equivilant to the coverity tool.. may even be the same one.. not sure). - A bug in the way sctp_abort() and friends were setting the IP_CLOSE flag.. and NOT passing the last argument as a (,1)... so that things would get freed..
|
#
169352 |
|
07-May-2007 |
rrs |
- More macros for OS compatabilty - PR-SCTP would ignore FWD-TSN's above a rwnd's worth of TSN's (1 byte msgs).. this left the peer hopelessly out of sync.. or an attacker. So now we abort the assoc. - New IFN hash, also rename hashes to match addr/ifn now that the vrf has multiple. - Do not enable SCTP_PCB_FLAGS_RECVDATAIOEVNT per default as defined in the Socket API ID. - Export MTU information via sysctl. - Vrf's need table id's. This is default for BSD, but may be other things later when BSD fully supports VRFs. - Additional stream reset bug (caught by cisco dev-test). - Additional validations for the address in sending a message (socket api). -------- and ----- - Fix association notifications not to give the active open side false notifications. - Fix so sendfile and SENDALL will work properly (missing flag to say socket sender is done). - Fix Bug that prevented COOKIES from being retransmitted. - Break out connectx into helper sub-models so that iox routines can reuse the helpers. - When an address is added during system init (non-dynamic mode) make sure that the "defer use" flag is not set. ** its compiling on XR now :-D **
Reviewed by: gnn
|
#
169208 |
|
02-May-2007 |
rrs |
- Somehow the disable fragment option got lost. We could set/clear it but would not do it. Now we will. - Moved to latest socket api for extended sndrcv info struct. - Moved to support all new levels of fragment interleave (0-2). - Codenomicon security test updates - length checks and such. - Bug in stream reset (2 actually). - setpeerprimary could unlock a null pointer, fixed. - Added a flag in the pcb so netstat can see if we are listening easier.
Obtained from: (some of the Listen changes from Weongyo Jeong)
|
#
168299 |
|
03-Apr-2007 |
rrs |
- fixed several places where we did not release INP locks. - fixed a refcount bug in the new ifa structures. - use vrf's from default stcb or inp whenever possible. - Address limits raised to account for a full IP fragmented packet (1000 addresses). - flight size correcting updated to include one message only and to handle case where the peer does not cumack the next segment aka lists 1/1 in sack blocks.. - Various bad init/init-ack handling could cause a panic since we tried to unlock the destroyed mutex. Fixes so we properly exit when we need to destroy an assoc. (Found by Cisco DevTest team :D) - name rename in src-addr-selection from pass to sifa. - route structure typedef'd to allow different platforms and updated into sctp_os_bsd file. - Max retransmissions a chunk can be made added. Reviewed by: gnn
|
#
167598 |
|
15-Mar-2007 |
rrs |
- Sysctl's move to seperate file - moved away from ifn/ifa access to sctp_ifa/sctp_ifn built and managed by the add-ip code. - cleaned up add-ip code to use the iterator - made iterator be a thread, which enables auto-asconf now. - rewrote and cleaned up source address selection (also made it use new structures). - Fixed a couple of memory leaks. - DACK now settable as to how many packets to delay as well as time. - connectx() to latest socket API, new associd arg. - Fixed issue with revoking and loosing potential to send when we inflate the flight size. We now inflate the cwnd too and deflate it later when the revoked chunk is sent or acked. - Got rid of some temp debug code - src addr selection moved to a common file (sctp_output.c) - Support for simple VRF's (we have support for multi-vfr via compile switch that is scrubbed from BSD but we won't need multi-vrf until we first get VRF :-D) - Rest of mib work for address information now done - Limit number of addresses in INIT/INIT-ACK to a #def (30).
Reviewed by: gnn
|
#
166086 |
|
18-Jan-2007 |
rrs |
- most all includes (#include <>) migrate to the sctp_os_bsd.h file - Finally all splxx() are removed - Count error fixed in mapping array which might cause a wrong cumack generation. - Invariants around panic for case D + printf when no invariants. - one-to-one model race condition fixed by using a pre-formed connection and then completing the work so accept won't happen on a non-formed association. - Some additional paranoia checks in sctp_output. - Locks that were missing in the accept code.
Approved by: gnn
|
#
163953 |
|
03-Nov-2006 |
rrs |
Ok, here it is, we finally add SCTP to current. Note that this work is not just mine, but it is also the works of Peter Lei and Michael Tuexen. They both are my two key other developers working on the project.. and they need ata-boy's too: **** peterlei@cisco.com tuexen@fh-muenster.de **** I did do a make sysent which updated the syscall's and sysproto.. I hope that is correct... without it you don't build since we have new syscalls for SCTP :-0
So go out and look at the NOTES, add option SCTP (make sure inet and inet6 are present too) and play with SCTP.
I will see about comitting some test tools I have after I figure out where I should place them. I also have a lib (libsctp.a) that adds some of the missing socketapi functions that I need to put into lib's.. I will talk to George about this :-)
There may still be some 64 bit issues in here, none of us have a 64 bit processor to test with yet.. Michael may have a MAC but thats another beast too..
If you have a mac and want to use SCTP contact Michael he maintains a web site with a loadable module with this code :-)
Reviewed by: gnn Approved by: gnn
|