sctp: store heartbeat creation time as time_t
Reported by: Coverity Scan
CID: 1493087
MFC after: 3 days

sctp: fix sctp_sendall() when an mbuf chain is provided

In this case uio is NULL, which needs to be checked and m must
be copied into the sctp_copy_all structure.
Reported by: Coverity Scan
CID: 1400449
MFC after: 3 days

sctp: add missing check

If memory allocation fails, m is NULL. Since this is possible,
check for it.
Reported by: Coverity Scan
CID: 1086866
MFC after: 3 days

sctp: improve sending of packets containing an INIT ACK chunk

If the peer announced support of zero checksums, do so when sending
packets containing an INIT ACK chunk.

MFC after: 1 week

sctp: improve consistency

MFC after: 1 week

sctp: cleanup cdefs.h include

sys: Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

sctp: keep sb_acc and sb_ccc in sync

PR: 260116
MFC after: 1 week

sctp: update zero checksum support

Implement support for the error detection method identifier.
MFC after: 2 weeks

Update various sys/netinet source files to conform with the style(9)
guide on how to label FALLTHOUGH in switch statements.

No functional chance.

Reviewed By: tuexen, cc, #transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D40622

sctp: only start shutdown guard timer when sending SHUTDOWN chunk

The intention is to protect a malicious peer not following the
shutdown procedures.

MFC after: 1 week

sctp: fix typo in assignment

sctp: improve negotiation of zero checksum feature

Enforce consistency between announcing 0-cksum support and actually
using it in the association. The value from the inp when the
INIT ACK is sent must be used, not the one from the inp when the
cookie is received.

sctp: initial implementation of draft-tuexen-tsvwg-sctp-zero-checksum

sctp: improve handling of send() calls with no user data`

In particular, don't report EAGAIN on send() calls with no user
data, which might trigger a KASSERT in asyc IO.

Reported by: syzbot+3b4dc5d1d63e9bd01eda@syzkaller.appspotmail.com
MFC after: 1 week

Fix unused variable warning in sctp_output.c

With clang 15, the following -Werror warning is produced:

sys/netinet/sctp_output.c:9367:33: error: variable 'cnt_thru' set but not used [-Werror,-Wunused-but-set-variable]
int no_fragmentflg, bundle_at, cnt_thru;
^

The 'cnt_thru' variable was in sctp_output.c when it was first added,
but appears to have been a debugging aid that has never been used, so
remove it.

MFC after: 3 days

sctp: remove book keeping not needed anymore

MFC after: 3 days

sctp: cleanup, no functional change

MFC after: 3 days

sctp: use a consistent view of the send parameters

Reported by: syzbot+e26628a755f78bacff16@syzkaller.appspotmail.com
MFC after: 3 days

sctp: ignore SCTP_SENDALL flag on 1-to-1 style sockets

MFC after: 3 days

sctp: improve handling of send() when association is shutdown

Accept send() calls only when the association is not being
shut down or the expicit message EOR mode is used and the
application provides follow-up data.

Reported by: syzbot+341e9ebd9d24ca7dc62a@syzkaller.appspotmail.com
MFC after: 3 days

sctp: cleanup of error paths

MFC after: 3 days

sctp: cleanup, no functional change except on error paths

MFC after: 3 days

sctp: use sb_avail() when accessing sb_acc for reading

This is a cleanup to simplify a patch for PR 260116.

PR: 260116
MFC after: 3 days

sctp: improve consistency

No functional change intended.

MFC after: 3 days

sockets: use socket buffer mutexes in struct socket directly

Since c67f3b8b78e the sockbuf mutexes belong to the containing socket,
and socket buffers just point to it. In 74a68313b50 macros that access
this mutex directly were added. Go over the core socket code and
eliminate code that reaches the mutex by dereferencing the sockbuf
compatibility pointer.

This change requires a KPI change, as some functions were given the
sockbuf pointer only without any hint if it is a receive or send buffer.

This change doesn't cover the whole kernel, many protocols still use
compatibility pointers internally. However, it allows operation of a
protocol that doesn't use them.

Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D35152

sctp: don't refer to a potentially outdated stream

Reported by: syzbot+1593381019112e5bb35c@syzkaller.appspotmail.com
MFC after: 3 days

sctp: cleanup, no functional change

MFC after: 3 days

sctp: remove a test, which isn't safe

We can't ensure the stcb is still around. This issue was found
by syzkaller.

MFC after: 3 days

Revert "sctp: remove a test, which isn't safe"

It included unrelated changes still under review.
This reverts commit b1fe92b28ba2e77395598db1c2ff1976b55c86ab.

sctp: remove a test, which isn't safe

We can't ensure the stcb is still around. This issue was found
by syzkaller.

MFC after: 3 days

sctp: clear pointer to stack when returning from function.

Reported by: syzbot+04cee5d8805dfbb63c06@syzkaller.appspotmail.com
Reported by: syzbot+71e7e33dfc3cc39a6bd0@syzkaller.appspotmail.com
Reported by: syzbot+6c36fc3c1bd03ed96107@syzkaller.appspotmail.com
Reported by: syzbot+198b3751c158181c47de@syzkaller.appspotmail.com

sctp: fix typos

Thanks to David Sanders for fixing the typos in the userland stack.

MFC after: 3 days

sctp: don't lock an already locked stcb.

Reported by: syzbot+e8dca84da3b4b82f4400@syzkaller.appspotmail.com
MFC after: 3 days

sctp: get rid of stcb send lock

Just use the stcb lock instead to simplify locking.

Reported by: syzbot+d00b202063150f85b110@syzkaller.appspotmail.com
Reported by: syzbot+87f268a0a6d2d6383306@syzkaller.appspotmail.com
MFC after: 3 days

sctp: remove KASSERT() which not always holds

Reported by: syzbot+c907045aed2043011f3c@syzkaller.appspotmail.com
MFC after: 3 days

sctp: make sure new locking requirements are satisfied.

Reported by: syzbot+cd3c1dd64861b8c200bd@syzkaller.appspotmail.com
MFC after: 3 days

sctp: don't hold the assoc create lock longer than needed

Reported by: syzbot+c738e3df67cf425c49a2@syzkaller.appspotmail.com
MFC after: 3 days

sctp: cleanup sctp_lower_sosend

This is a preparation for retiring the tcp send lock in the
next step.

MFC after: 3 days

sctp(4): Fix a typo in an INVARIANTS panic message

- s/failes/fails/

MFC after: 1 week

sctp: retire sctp_mtu_size_reset()

Thanks to Timo Voelker for making me aware that sctp_mtu_size_reset()
is very similar to sctp_pathmtu_adjustment().

MFC after: 3 days

sctp: minor improvements in sctp_get_frag_point
MFC after: 3 days

sctp: check that the computed frag point is a multiple of 4

Reported by: syzbot+5da189fc1fe80b31f5bd@syzkaller.appspotmail.com
MFC after: 3 days

sctp: cleanup the SCTP_MAXSEG socket option.

This patch makes the handling of the SCTP_MAXSEG socket option
compliant with RFC 6458 (SCTP socket API) and fixes an issue
found by syzkaller.

Reported by: syzbot+a2791b89ab99121e3333@syzkaller.appspotmail.com
MFC after: 3 days

sctp: use the correct traffic class when sending SCTP/IPv6 packets

When sending packets the stcb was used to access the inp and then
access the endpoint specific IPv6 level options. This fails when
there exists an inp, but no stcb yet. This is the case for sending
an INIT-ACK in response to an INIT when no association already
exists. Fix this by just providing the inp instead of the stcb.

PR: 260120
MFC after: 1 week

sctp: improve consistency, no functional change intended

sctp: fix usage of stream scheduler functions

sctp_ss_scheduled() should only be called for streams that are
scheduled. So call sctp_ss_remove_from_stream() before it.
This bug was uncovered by the earlier cleanup.

Reported by: syzbot+bbf739922346659df4b2@syzkaller.appspotmail.com
Reported by: syzbot+0a0857458f4a7b0507c8@syzkaller.appspotmail.com
Reported by: syzbot+a0b62c6107b34a04e54d@syzkaller.appspotmail.com
Reported by: syzbot+0aa0d676429ebcd53299@syzkaller.appspotmail.com
Reported by: syzbot+104cc0c1d3ccf2921c1d@syzkaller.appspotmail.com
MFC after: 1 week

sctp: Cleanup stream schedulers.

No functional change intended.

MFC after: 1 week

sctp: Simplify stream scheduler usage

Callers are getting the stcb send lock, so just KASSERT that.
No need to signal this when calling stream scheduler functions.
No functional change intended.

MFC after: 1 week

sctp: improve consistency when calling stream scheduler

Hold always the stcb send lock when calling sctp_ss_init() and
sctp_ss_remove_from_stream().

MFC after: 1 week

sctp: use a valid outstream when adding it to the scheduler

Without holding the stcb send lock, the outstreams might get
reallocated if the number of streams are increased.

Reported by: syzbot+4a5431d7caa666f2c19c@syzkaller.appspotmail.com
Reported by: syzbot+aa2e3b013a48870e193d@syzkaller.appspotmail.com
Reported by: syzbot+e4368c3bde07cd2fb29f@syzkaller.appspotmail.com
Reported by: syzbot+fe2f110e34811ea91690@syzkaller.appspotmail.com
Reported by: syzbot+ed6e8de942351d0309f4@syzkaller.appspotmail.com
MFC after: 1 week

sctp: Tighten up locking around sctp_aloc_assoc()

All callers of sctp_aloc_assoc() mark the PCB as connected after a
successful call (for one-to-one-style sockets). In all cases this is
done without the PCB lock, so the PCB's flags can be corrupted. We also
do not atomically check whether a one-to-one-style socket is a listening
socket, which violates various assumptions in solisten_proto().

We need to hold the PCB lock across all of sctp_aloc_assoc() to fix
this. In order to do that without introducing lock order reversals, we
have to hold the global info lock as well.

So:
- Convert sctp_aloc_assoc() so that the inp and info locks are
consistently held. It returns with the association lock held, as
before.
- Fix an apparent bug where we failed to remove an association from a
global hash if sctp_add_remote_addr() fails.
- sctp_select_a_tag() is called when initializing an association, and it
acquires the global info lock. To avoid lock recursion, push locking
into its callers.
- Introduce sctp_aloc_assoc_connected(), which atomically checks for a
listening socket and sets SCTP_PCB_FLAGS_CONNECTED.

There is still one edge case in sctp_process_cookie_new() where we do
not update PCB/socket state correctly.

Reviewed by: tuexen
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31908

sctp: use appropriate argument when freeing association

Reported by: syzbot+7fe26e26911344e7211d@syzkaller.appspotmail.com
MFC after: 3 days

sctp: minor cleanups, no functional change intended

sctp: Fix iterator synchronization in sctp_sendall()

- The SCTP_PCB_FLAGS_SND_ITERATOR_UP check was racy, since two threads
could observe that the flag is not set and then both set it. I'm not
sure if this is actually a problem in practice, i.e., maybe there's no
problem having multiple sends for a single PCB in the iterator list?
- sctp_sendall() was modifying sctp_flags without the inp lock held.

The change simply acquires the PCB write lock before toggling the flag,
fixing both problems.

Reviewed by: tuexen
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31813

Fix a common typo in source code comments

- s/existant/existent/

MFC after: 3 days

sctp: remove some set, but unused variables

Thanks to pkasting for submitting the patch for the userland stack.

MFC after: 3 days

sctp: improve input validation of mapped addresses in send()
Reported by: syzbot+35528f275f2eea6317cc@syzkaller.appspotmail.com
Reported by: syzbot+ac29916d5f16d241553d@syzkaller.appspotmail.com
MFC after: 3 days

sctp: Fix errno in case of association setup failures

Do not report always ETIMEDOUT, but only when appropriate. In
other cases report ECONNABORTED.

MFC after: 3 days

sctp: initialize sequence numbers for ECN correctly

MFC after: 3 days
Reported by: Junseok Yang (for the userland stack)

sctp: improve input validation

Improve the handling of INIT chunks in specific szenarios and
report and appropriate error cause.
Thanks to Anatoly Korniltsev for reporting the issue for the
userland stack.

MFC after: 3 days

sctp: fix PR-SCTP stats when adding addtional streams

MFC after: 1 week

sctp: improve consistency

No functional change intended.

MFC: 1 week

sctp: improve handling of aborted associations

Don't clear a flag, when the structure already has been freed.
Reported by: syzbot+07667d16c96779c737b4@syzkaller.appspotmail.com

Improve the handling of cookie life times.
The staleness reported in an error cause is in us, not ms.
Enforce limits on the life time via sysct; and socket options
consistently. Update the description of the sysctl variable to
use the right unit. Also do some minor cleanups.
This also fixes an interger overflow issue if the peer can
modify the cookie. This was reported by Felix Weinrank by fuzz testing
the userland stack and in
https://oss-fuzz.com/testcase-detail/4800394024452096

MFC after: 3 days

Minor cleanups.

MFC after: 3 days

Remove dead stores reported by clang static code analysis

MFC after: 3 days

Whitespace changes.

MFC after: 3 days

net: clean up empty lines in .c and .h files

Fix a regression with the explicit EOR mode I introduced in r364268.
A short MFC time as discussed with the secteam.

Reported by: Taylor Brandstetter
MFC after: 1 day

Improve the handling of concurrent send() calls for SCTP sockets,
especially when having the explicit EOR mode enabled.

Reported by: Megan2013678@protonmail.com
Reported by: syzbot+bc02585076c3cc977f9b@syzkaller.appspotmail.com
MFC after: 3 days

Allocate the mbuf for the signature in the COOKIE or the correct size.
While there, do also do some cleanups.

MFC after: 1 week

Cleanups, no functional change.

MFC after: 1 week

Non-functional changes due to upstream cleanup.

MFC after: 1 week

Retire SCTP_SO_LOCK_TESTING.

This was intended to test the locking used in the MacOS X kernel on a
FreeBSD system, to make use of WITNESS and other debugging infrastructure.
This hasn't been used for ages, to take it out to reduce the #ifdef
complexity.

MFC after: 1 week

Non-functional changes due to cleanup (upstream removing of Panda support)
of the code

MFC after: 1 week

Replace snprintf() by SCTP_SNPRINTF() and let SCTP_SNPRINTF() map
to snprintf() on FreeBSD. This allows to check for failures of snprintf()
on platforms other than FreeBSD kernel.

Revert r361209:

cem noted that on FreeBSD snprintf() can not fail and code should not
check for that.

A followup commit will replace the usage of snprintf() in the SCTP
sources with a variadic macro SCTP_SNPRINTF, which will simply map to
snprintf() on FreeBSD and do a checking similar to r361209 on
other platforms.

Handle failures of snprintf().

MFC after: 3 days

Non-functional changes, cleanups.

MFC after: 3 days

Only drop DATA chunk with lower priorities as specified in RFC 7496.
This issue was found by looking at a reproducer generated by syzkaller.

MFC after: 3 days

Avoid underflowing a variable, which would result in taking more
data from the stream queues then needed.

Thanks to Timo Voelker for finding this bug and providing a fix.

MFC after: 3 days

Fix the computation of the numbers of entries of the mapping array to
look at when generating a SACK. This was wrong in case of sequence
numbers wrap arounds.

Thanks to Gwenael FOURRE for reporting the issue for the userland stack:
https://github.com/sctplab/usrsctp/issues/462
MFC after: 3 days

Fix LINT build #2 after r360292.

Pointyhat to: melifaro

Convert route caching to nexthop caching.

This change is build on top of nexthop objects introduced in r359823.

Nexthops are separate datastructures, containing all necessary information
to perform packet forwarding such as gateway interface and mtu. Nexthops
are shared among the routes, providing more pre-computed cache-efficient
data while requiring less memory. Splitting the LPM code and the attached
data solves multiple long-standing problems in the routing layer,
drastically reduces the coupling with outher parts of the stack and allows
to transparently introduce faster lookup algorithms.

Route caching was (re)introduced to minimise (slow) routing lookups, allowing
for notably better performance for large TCP senders. Caching works by
acquiring rtentry reference, which is protected by per-rtentry mutex.
If the routing table is changed (checked by comparing the rtable generation id)
or link goes down, cache record gets withdrawn.

Nexthops have the same reference counting interface, backed by refcount(9).
This change merely replaces rtentry with the actual forwarding nextop as a
cached object, which is mostly mechanical. Other moving parts like cache
cleanup on rtable change remains the same.

Differential Revision: https://reviews.freebsd.org/D24340

Revert https://svnweb.freebsd.org/changeset/base/359809

The intended change was
sp->next.tqe_next = NULL;
sp->next.tqe_prev = NULL;
which doesn't fix the issue I'm seeing and the committed fix is
not the intended fix due to copy-and-paste.

Thanks a lot to Conrad Meyer for making me aware of the problem.

Reported by: cem

Zero out pointers for consistency.

This was found by running syzkaller on an INVARIANTS kernel.

MFC after: 3 days

A a missing NET_EPOCH_ENTER/NET_EPOCH_EXIT pair. This was affecting
implicit connection setups via sendmsg().

Reported by: syzbot+febbe3383a0e9b700c1b@syzkaller.appspotmail.com
Reported by: syzbot+dca98631455d790223ca@syzkaller.appspotmail.com
Reported by: syzbot+5a71a7760d6bcf11b8cd@syzkaller.appspotmail.com
Reported by: syzbot+da64217e140444c49f00@syzkaller.appspotmail.com

Consistently provide arguments for timer start and stop routines.
This is another step in cleaning up timer handling.
MFC after: 1 week

Epochify SCTP.

Cleanup timer handling.

Submitted by: Taylor Brandstetter
MFC after: 1 week

Fix build issues for the userland stack on 32-bit platforms.

Reported by: Felix Weinrank
MFC after: 1 week

Don't make the sendall iterator as being up if it could not be started.

MFC after: 1 week

Make the message size limit used for SCTP_SENDALL configurable via
a sysctl variable instead of a compiled in constant.

This is based on a patch provided by nwhitehorn@.

Separate out SCTP related dtrace code.
This is based on work done by markj@.

Discussed with: markj@
MFC after: 3 days

Ensure that local variables are reset to their initial value when
dealing with error cases in a loop over all remote addresses.
This issue was found and reported by OSS_Fuzz in:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18080
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18086
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18121
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18163

MFC after: 3 days

Fix the adding of padding to COOKIE-ECHO chunks.

Thanks to Mark Wodrich who found this issue while fuzz testing the
usrsctp stack and reported the issue in
https://github.com/sctplab/usrsctp/issues/382

MFC after: 3 days

Improve the handling of state cookie parameters in INIT-ACK chunks.
This fixes problem with parameters indicating a zero length or partial
parameters after an unknown parameter indicating to stop processing. It
also fixes a problem with state cookie parameters after unknown
parametes indicating to stop porcessing.
Thanks to Mark Wodrich from Google for finding two of these issues
by fuzz testing the userland stack and reporting them in
https://github.com/sctplab/usrsctp/issues/355
and
https://github.com/sctplab/usrsctp/issues/352

MFC after: 3 days

Fix build issues for the userland stack on Raspbian.

IPv6 cleanup: kernel

Finish what was started a few years ago and harmonize IPv6 and IPv4
kernel names. We are down to very few places now that it is feasible
to do the change for everything remaining with causing too much disturbance.

Remove "aliases" for IPv6 names which confusingly could indicate
that we are talking about a different data structure or field or
have two fields, one for each address family.
Try to follow common conventions used in FreeBSD.

* Rename sin6p to sin6 as that is how it is spelt in most places.
* Remove "aliases" (#defines) for:
- in6pcb which really is an inpcb and nothing separate
- sotoin6pcb which is sotoinpcb (as per above)
- in6p_sp which is inp_sp
- in6p_flowinfo which is inp_flow
* Try to use ia6 for in6_addr rather than in6p.
* With all these gone also rename the in6p variables to inp as
that is what we call it in most of the network stack including
parts of netinet6.

The reasons behind this cleanup are that we try to further
unify netinet and netinet6 code where possible and that people
will less ignore one or the other protocol family when doing
code changes as they may not have spotted places due to different
names for the same thing.

No functional changes.

Discussed with: tuexen (SCTP changes)
MFC after: 3 months
Sponsored by: Netflix

Fix the reporting of multiple unknown parameters in an received INIT
chunk. This also plugs an potential mbuf leak.
Thanks to Felix Weinrank for reporting this issue found by fuzz-testing
the userland stack.

MFC after: 3 days

When responding with an ABORT to an INIT chunk containing a
HOSTNAME parameter or a parameter with an illegal length, only
include an error cause indicating why the ABORT was sent.
This also fixes an mbuf leak which could occur.

MFC after: 3 days

Small cleanup, no functional change intended.

MFC after: 3 days

Consistently cleanup mbufs in case of other memory errors.

MFC after: 3 days

Don't hold a mutex while calling sbwait. This was found by syzkaller.

Submitted by: rrs@
Reported by: markj@
MFC after: 1 week

Add support for MSG_EOR and MSG_EOF in sendmsg() for SCTP.

This is an FreeBSD extension, not covered by Posix.

This issue was found by running syzkaller.

MFC after: 1 week

When calling sctp_initialize_auth_params(), the inp must have at
least a read lock. To avoid more complex locking dances, just
call it in sctp_aloc_assoc() when the write lock is still held.

Reported by: syzbot+08a486f7e6966f1c3cfb@syzkaller.appspotmail.com
MFC after: 1 week

Fix build issue for the userland stack.
Joint work with rrs@.

MFC after: 1 week

Fox more signed unsigned issues. This time on the send path.
This is joint work with rrs@ and was found by running syzkaller.

MFC after: 1 week

Limit the size of messages sent on 1-to-many style SCTP sockets with the
SCTP_SENDALL flag. Allow also only one operation per SCTP endpoint.

This fixes an issue found by running syzkaller and is joint work with rrs@.

MFC after: 1 week

Limit the number of bytes which can be queued for SCTP sockets.
This is joint work with rrs@.
Reported by: syzbot+307f167f9bc214f095bc@syzkaller.appspotmail.com
MFC after: 1 week

Only reduce the PMTU after the send call. The only way to increase it, is
via PMTUD.

This fixes an MTU issue reported by Timo Voelker.

MFC after: 3 days

Support MSG_DONTWAIT in send*(2).

As it does for recv*(2), MSG_DONTWAIT indicates that the call should
not block, returning EAGAIN instead. Linux and OpenBSD both implement
this, so the change makes porting easier, especially since we do not
return EINVAL or so when unrecognized flags are specified.

Submitted by: Greg V <greg@unrelenting.technology>
Reviewed by: tuexen
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D18728

Don't use a function when neither INET nor INET6 are defined.
This is a valid case for the userland stack, where this fixes
two set-but-not-used warnings in this case.

Thanks to Christian Wright for reporting the issue.

Avoid truncating unrecognised parameters when reporting them.
This resulted in sending malformed packets.

Approved by: re (kib@)
MFC after: 1 week

After allocating chunks set the fields in a consistent way.
This removes two assignments for the flags field being done
twice and adds one, which was missing.
Thanks to Felix Weinrank for reporting the issue he found
by using fuzz testing of the userland stack.

Approved by: re (kib@)
MFC after: 1 week

Plug mbuf leaks in the SCTP output path in error cases.

Approved by: re (kib@)
MFC after: 1 week
CID: 1395307

Fix the handling of ancillary data for SCTP socket. Implement
sctp_process_cmsgs_for_init() and sctp_findassociation_cmsgs()
similar to sctp_find_cmsg() to improve consistency and avoid
the signed/unsigned issues in sctp_process_cmsgs_for_init()
and sctp_findassociation_cmsgs().

Thanks to andrew@ for reporting the problem he found using
syzcaller.

Approved by: re (kib@)
MFC after: 1 week

Increment the corresponding UDP stats counter (udps_opackets) when
sending UDP encapsulated SCTP packets.
This is consistent with the behaviour that when such packets are received,
the corresponding UDP stats counter (udps_ipackets) is incremented.
Thanks to Peter Lei for making me aware of this inconsistency.

Approved by: re (kib@)
MFC after: 1 week

Fix typo in comment.

Reported by: @danfe
Approved by: re (kib@)
MFC after: 1 week
X-MFC: r338941

Whitespace changes and fixing a typo. No functional change.

Approved by: re (kib@)
MFC after: 1 week

Add support for send, receive and state-change DTrace providers for
SCTP. They are based on what is specified in the Solaris DTrace manual
for Solaris 11.4.

Reviewed by: 0mp, dteske, markj
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D16839

Refactor the SHUTDOWN_PENDING state handling.

This is not a functional change but a preperation for the upcoming
DTrace support. It is necessary to change the state in one
logical operation, even if it involves clearing the sub state
SHUTDOWN_PENDING.

MFC after: 1 month

Use the stacb instead of the asoc in state macros.

This is not a functional change. Just a preparation for upcoming
dtrace state change provider support.

Use consistently the macors to modify the assoc state.

No functional change.

Add explicit cast to silence a warning for the userland stack.

Thanks to Felix Weinrank for providing the patch.

Revert https://svnweb.freebsd.org/changeset/base/336503
since I also ran the export script with different parameters.

Whitespace changes due to change if ident.

Provide the ip6_plen in network byte order when calling ip6_output().

This is not strictly required by ip6_output(), since it overrides it,
but it is needed for upcoming dtrace support.

Whitespace changes.

Do the appropriate accounting when ip_output() fails.

netinet silence warnings

sctp_get_mbuf_for_msg() should honor the allinone parameter.

When it is not required that the buffer is not a chain, return
a chain. This is based on a patch provided by Irene Ruengeler.

Cleaup, no functional change.

Retire SCTP_WITH_NO_CSUM option.

This option was used in the early days to allow performance measurements
extrapolating the use of SCTP checksum offloading. Since this feature
is now available, get rid of this option.
This also un-breaks the LINT kernel. Thanks to markj@ for making me
aware of the problem.

sys: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.

Allow the setting of the MTU for future paths using an SCTP socket option.
This functionality was missing.

MFC after: 1 week

Fix parsing error when processing cmsg in SCTP send calls. Thei bug is
related to a signed/unsigned mismatch.
This should most likely fix the issue in sctp_sosend reported by
Dmitry Vyukov on the freebsd-hackers mailing list and found by
running syzkaller.

Code cleanup, not functional change.

This avoids taking a pointer of a packed structure which allows simpler
compilation of the userland stack.

MFC after: 1 week

Code cleanup, no functional change.

MFC after: 1 week

Fix MTU computation. Coverity scanning usrsctp pointed to this code...

MFC after: 3 days

Use memset/memcpy instead of bzero/bcopy.

Just use one variant instead of both. Use the memset/memcpy
ones since they cause less problems in crossplatform deployment.

MFC after: 1 week

Fix the handling of Explicit EOR mode.

While there, appropriately handle the overhead depending on
the usage of DATA or I-DATA chunks. Take the overhead only
into account, when required.

Joint work with rrs@
MFC after: 1 week

Handle sctp_get_next_param() in a consistent way.

This addresses an issue found by Felix Weinrank using libfuzz.
While there, use also consistent nameing.

MFC after: 3 days

Use the SCTP_PCB_FLAGS_ACCEPTING flags to check for listeners.

While there, use a macro for checking the listen state to allow for
easier changes if required.

This done to help glebius@ with his listen changes.

Set the DF bit for responses to out-of-the-blue packets.

MFC after: 1 week

Ensure that the variable bail is always initialized before used.

MFC after: 1 week

Fix a bug where the overhead of the I-DATA chunk was not considered.

MFC after: 1 week

Consistent handling of errors reported from the lower layer.

MFC after: 3 days

Whitespace changes.

The toolchain for processing the sources has been updated. No functional
change.

MFC after: 3 days

Don't send multiple SHUTDOWN chunks in a single packet.

Thanks to Felix Weinrank for making me aware of this issue.

MFC after: 1 week

Silence a warning produced by newer versions of gcc.

MFC after: 1 week

Cleanup the names of SSN, SID, TSN, FSN, PPID and MID.

This made a couple of bugs visible in handling SSN wrap-arounds
when using DATA chunks. Now bulk transfer seems to work fine...
This fixes the issue reported in
https://github.com/sctplab/usrsctp/issues/111

MFC after: 1 week

No functional changes, mostly getting the whitespace changes resulting
from an updated formatting tool chain.

MFC after: 1 month

Lock the ND prefix list and add refcounting for prefixes.

This change extends the nd6 lock to protect the ND prefix list as well
as the list of advertising routers associated with each prefix. To handle
cases where the nd6 lock must be dropped while iterating over either the
prefix or default router lists, a generation counter is used to track
modifications to the lists. Additionally, a new mutex is used to serialize
prefix on-link/off-link transitions. This mutex must be acquired before
the nd6 lock and is held while updating the routing table in
nd6_prefix_onlink() and nd6_prefix_offlink().

Reviewed by: ae, tuexen (SCTP bits)
Tested by: Jason Wolfe <jason@llnw.com>,
Larry Rosenman <ler@lerctr.org>
MFC after: 2 months
Differential Revision: https://reviews.freebsd.org/D8125

Improve the locking when sending user messages.

First, keep a ref count on the stcb after looking it up, as
done in the other lookup cases.
Second, before looking again at sp, ensure that it is not
freed, because the assoc is about to be freed.

MFC after: 3 days

Fix the sending of FORWARD-TSN and I-FORWARD-TSN chunks. The
last SID/SSN pair wasn't filled in.
Thanks to Julian Cordes for providing a packetdrill script
triggering the issue and making me aware of the bug.

MFC after: 3 days

Consistently check for unsent data on the stream queues.

MFC after: 3 days

Remove stream queue entry consistently from wheel.
While there, improve the handling of drain.

MFC after: 3 days

Fix various bugs in relation to the I-DATA chunk support

This is joint work with rrs.

MFC after: 3 days

Fix a bug in deferred stream reset processing which results
in using a length field before it is set.

Thanks to Taylor Brandstetter for reporting the issue and
providing a fix.

MFC after: 3 days

Fix the PR-SCTP behaviour.
This is done by rrs@.

MFC after: 3 days

This patch fixes two bugs related to the setting of the I-Bit
for SCTP DATA and I-DATA chunks.
* For fragmented user messages, set the I-Bit only on the last
fragment.
* When using explicit EOR mode, set the I-Bit on the last
fragment, whenever SCTP_SACK_IMMEDIATELY was set in snd_flags
for any of the send() calls.

Approved by: re (hrs)
MFC after: 1 week

This patch fixes a locking bug when a send() call blocks
on an SCTP socket and the association is aborted by the
peer.

Approved by: re (kib)
MFC after: 1 week

Use a separate MID counter for ordered und unordered messages for each
outgoing stream.

Thanks to Jens Hoelscher for reporting the issue.

MFC after: 1 week

Store the peers vtag in host byte order in the cookie, since all
consumers expect it that way.
This fixes the vtag when sending en ERROR chunk.

MFC after: 1 week

Fix a byte order issue for the scope stored in the SCTP cookie.

MFC after: 1 week

netinet/sctp*: minor spelling fixes in comments.

No functional change.

Reviewed by: tuexen

When a client uses UDP encapsulation and lists IP addresses in the INIT
chunk, enable UDP encapsulation for all those addresses.
This helps clients using a userland stack to support multihoming if
they are not behind a NAT.

MFC after: 1 week

Add the UDP encaps port as a parameter to sctp_add_remote_addr().

This is currently only a code change without any functional
change. But this allows to set the remote encapsulation port
in a more detailed way, which will be provided in a follow-up
commit.

MFC after: 1 week

Fix signed/unsigned warnings.

Don't use anonymous unions.

A couple of minor changes that I missed that Michael had done, most noted
in these is the change to non-strict ordering for incoming data (this will
make pkt-drill test 14 fail but its expected).

This is work done by Michael Tuexen and myself at the IETF. This
adds the new I-Data (Interleaved Data) message. This allows a user
to be able to have complete freedom from Head Of Line blocking that
was previously there due to the in-ability to send multiple large
messages without the TSN's being in sequence. The code as been
tested with Michaels various packet drill scripts as well as
inter-networking between the IETF's location in Argentina and Germany.

Set the chunk id for ERROR chunks.
This is work with rrs@.
MFC after: 1 week

Improve compilation on windows 64-bit (for the userland stack).

MFC after: 1 week

Add const to several constants. Thanks to Nicholas Nethercote for
providing the patch via
https://bugzilla.mozilla.org/show_bug.cgi?id=1255655

MFC after: 1 week

Add protection code.

MFC after: 3 days
CID: 748858

Address a warning reported by D5245 / PVS.

MFC after: 3 days

Don't allow a remote encapsulation port change during the
SCTP restart procedure.

MFC after: 3 days

Ignore peer addresses in a consistent way also when checking for
new addresses during restart. If this is not done, restart doesn't
work when the local socket is IPv4 only and the peer uses
IPv4 and IPv6 addresses.

MFC after: 3 days.

Don't implicitly terminate a user message when moving it to the
send_queue and the socket is closed. This results in strange
race conditions for the application.
While there, remove a stray character.

MFC after: 3 days

Retire sctp_validate_no_locks().

This routine checks that there are no locks held for an inp,
without having any lock on the inp. This breaks if the inp
goes away when it is called. This happens on stress tests
on a RPi B+.

MFC after: 3 days

Fix the allocation of outgoing streams:
* When processing a cookie, use the number of
streams announced in the INIT-ACK.
* When sending an INIT-ACK for an existing
association, use the value from the association,
not from the end-point.

MFC after: 1 week

Ensure that outgoing streams get reset when they run dry.

MFC after: 1 week

Minor cleanup. No functional change.

MFC after: 1 week

Take also the send queue and sent queue into account when triggering
the sending of outgoing stream reset requests.

MFC after: 3 days

Use __func__ instead of __FUNCTION__.

This allows to compile the userland stack without errors using gcc5.
Thanks to saghul for makeing me aware and providing the patch.

MFC after: 1 week

Ensure that ERROR chunks are always padded by implementing this
in the routine, which queues an ERROR chunk, instead on relyinh
on the callers to do so. Since one caller missed this, this actially
fixes a bug.

MFC after: 1 week

Don't leak memory in an error case.

MFC after: 1 week

Provide consistent error causes whenever an ABORT chunk is sent.

MFC after: 1 week

Fix an issue with MAC OS locking and also optimize the case
where we are sending back a stream-reset and a sack timer is running, in
that case we should just send the SACK.

MFC after: 3 weeks

Fix several problems with Stream Reset.
1) We were not handling (or sending) the IN_PROGRESS case if
the other side (or our side) was not able to reset (awaiting more data).
2) We would improperly send a stream-reset when we should not. Not
waiting until the TSN had been assigned when data was inqueue.

Reviewed by: tuexen

Add FIB support for SCTP.
This fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200379

MFC after: 3 days

Code cleanup.

MFC after: 3 days

In case of an output error, continue with the next net, don't try to
continue sending on the same net.

This fixes a bug where an invalid mbuf chain was constructed, if a
full size frame of control chunks should be sent and there is a
output error.

Based on a discussion with rrs@, change move to the next net. This fixes
the bug and improves the behaviour.

Thanks to Irene Ruengeler for spending a lot of time in narrowing this
problem down.
MFC after: 3 days

Remove printf() noise...

MFC after: 3 days

Take source and destination address into account when determining
the scope.
This fixes a problem when a client with a global address
connects to a server with a private address.
Thanks to Irene Ruengeler in helping me to find the issue.

MFC after: 3 days

Retire SCTP_DONT_DO_PRIVADDR_SCOPE which was never defined.

MFC after: 3 days

Fix a bug where messages would not be sent in SHUTDOWN_RECEIVED state.
This problem was reported by Mark Bonnekessel and Markus Boese.
Thanks to Irene Ruengeler for helping me to fix the cause of
the problem. It can be tested with the following packetdrill script:

+0.0 socket(..., SOCK_STREAM, IPPROTO_SCTP) = 3
+0.0 fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
+0.0 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
// Check the handshake with an empty(!) cookie
+0.1 connect(3, ..., ...) = -1 EINPROGRESS (Operation now in progress)
+0.0 > sctp: INIT[flgs=0, tag=1, a_rwnd=..., os=..., is=..., tsn=0, ...]
+0.1 < sctp: INIT_ACK[flgs=0, tag=2, a_rwnd=10000, os=1, is=1, tsn=0, STATE_COOKIE[len=4, val=...]]
+0.0 > sctp: COOKIE_ECHO[flgs=0, len=4, val=...]
+0.1 < sctp: COOKIE_ACK[flgs=0]
+0.0 getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
+0.0 write(3, ..., 1024) = 1024
+0.0 > sctp: DATA[flgs=BE, len=1040, tsn=0, sid=0, ssn=0, ppid=0]
+0.0 write(3, ..., 1024) = 1024 // Pending due to Nagle
+0.0 < sctp: SHUTDOWN[flgs=0, cum_tsn=0]
+0.0 > sctp: DATA[flgs=BE, len=1040, tsn=1, sid=0, ssn=1, ppid=0]
+0.0 < sctp: SACK[flgs=0, cum_tsn=1, a_rwnd=10000, gaps=[], dups=[]] // Do we need another SHUTDOWN here?
+0.0 > sctp: SHUTDOWN_ACK[flgs=0]
+0.0 < sctp: SHUTDOWN_COMPLETE[flgs=0]
+0.0 close(3) = 0

MFC after: 3 days

Use macros for overhead in a consistent way. No functional change.
Thanks to Irene Ruengeler for suggesting the change.

MFC after: 3 days

Fix and cleanup the debug information. This has no user-visible changes.
Thanks to Irene Ruengeler for proving a patch.

MFC after: 3 days

Address some compiler warnings. No functional change.

MFC after: 3 days

o Use new function ip_fillid() in all places throughout the kernel,
where we want to create a new IP datagram.
o Add support for RFC6864, which allows to set IP ID for atomic IP
datagrams to any value, to improve performance. The behaviour is
controlled by net.inet.ip.rfc6864 sysctl knob, which is enabled by
default.
o In case if we generate IP ID, use counter(9) to improve performance.
o Gather all code related to IP ID into ip_id.c.

Differential Revision: https://reviews.freebsd.org/D2177
Reviewed by: adrian, cy, rpaulo
Tested by: Emeric POUPON <emeric.poupon stormshield.eu>
Sponsored by: Netflix
Sponsored by: Nginx, Inc.
Relnotes: yes

Improve the selection of the destination address of SACK chunks.
This fixes
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196755
and is joint work with rrs@.

MFC after: 1 week

Remove a useless assignment.

MFC after: 1 week

Fix a bug which only shows up when an mbuf allocation failed.
Therefore chances are low that we hit this.

Reported by: Coverity
CID: 1018886
MFC after: 1 week

Do not go one layer down to check ifqueue length. First, not all drivers
use ifqueue at all. Second, there is no point in this lockless check.
Either positive or negative result of the check could be incorrect after
a tick.

Reviewed by: tuexen
Sponsored by: Nginx, Inc.

Remove dead code.

Reported by: Coverity
CID: 748664
MFC after: 1 week

Minimize the usage of SCTP_BUF_IS_EXTENDED.
This should help Robert...

This is the SCTP specific companion of
https://svnweb.freebsd.org/changeset/base/275358
which was provided by Hans Petter Selasky.

Do the renaming of sb_cc to sb_ccc in a way with less code changes by
using a macro.
This is an alternate approach to
https://svnweb.freebsd.org/changeset/base/275326
which is easier to handle upstream.

Discussed with: rrs, glebius

Merge from projects/sendfile:

o Introduce a notion of "not ready" mbufs in socket buffers. These
mbufs are now being populated by some I/O in background and are
referenced outside. This forces following implications:
- An mbuf which is "not ready" can't be taken out of the buffer.
- An mbuf that is behind a "not ready" in the queue neither.
- If sockbet buffer is flushed, then "not ready" mbufs shouln't be
freed.

o In struct sockbuf the sb_cc field is split into sb_ccc and sb_acc.
The sb_ccc stands for ""claimed character count", or "committed
character count". And the sb_acc is "available character count".
Consumers of socket buffer API shouldn't already access them directly,
but use sbused() and sbavail() respectively.
o Not ready mbufs are marked with M_NOTREADY, and ready but blocked ones
with M_BLOCKED.
o New field sb_fnrdy points to the first not ready mbuf, to avoid linear
search.
o New function sbready() is provided to activate certain amount of mbufs
in a socket buffer.

A special note on SCTP:
SCTP has its own sockbufs. Unfortunately, FreeBSD stack doesn't yet
allow protocol specific sockbufs. Thus, SCTP does some hacks to make
itself compatible with FreeBSD: it manages sockbufs on its own, but keeps
sb_cc updated to inform the stack of amount of data in them. The new
notion of "not ready" data isn't supported by SCTP. Instead, only a
mechanical substitute is done: s/sb_cc/sb_ccc/.
A proper solution would be to take away struct sockbuf from struct
socket and allow protocols to implement their own socket buffers, like
SCTP already does. This was discussed with rrs@.

Sponsored by: Netflix
Sponsored by: Nginx, Inc.

Fix a use of an uninitialized variable by makeing sure
that sctp_med_chunk_output() always initialized the reason_code
instead of relying on the caller.
The variable is only used for debugging purpose.
This issue was reported by Peter Bostroem from Google.

MFC after: 3 days

Ensure that the flags field of sctp_tmit_chunks is initialized.
Thanks to Peter Bostroem from Google for reporting the issue.

MFC after: 3 days

Ensure that the list of streams sent in a stream reset parameter fits
in an mbuf-cluster.
Thanks to Peter Bostroem for drawing my attention to this part of the code.

Remove unused MC_ALIGN macro as suggested by Robert.

MFC after: 1 week

Make a type conversion explicit. When compiling this code on
Windows as part of the SCTP userland stack, this fixes a
warning reported by Peter Kasting from Google.

MFC after: 3 days

Address warnings generated by the clang analyzer.

MFC after: 1 week

Use union sctp_sockstore instead of struct sockaddr_storage. This
eliminiates some warnings when building in userland.
Thanks to Patrick Laimbock for reporting this issue.
Remove also some unnecessary casts.
There should be no functional change.

MFC after: 1 week

Add support for the SCTP_PR_STREAM_STATUS and SCTP_PR_ASSOC_STATUS
socket options. This includes managing the correspoing stat counters.
Add the SCTP_DETAILED_STR_STATS kernel option to control per policy
counters on every stream. The default is off and only an aggregated
counter is available. This is sufficient for the RTCWeb usecase.

MFC after: 1 week

Add support for the SCTP_AUTH_SUPPORTED and SCTP_ASCONF_SUPPORTED
socket options. Add also a sysctl to control the support of ASCONF.

MFC after: 1 week

Add support for the SCTP_RECONFIG_SUPPORTED and the corresponding
sysctl controlling the negotiation of the RE-CONFIG extension.

MFC after: 3 days

Add support for the SCTP_PKTDROP_SUPPORTED socket option and
the corresponding sysctl variable.
The default is off, since the specification is not an RFC yet.

MFC after: 1 week

Add SCTP socket option SCTP_NRSACK_SUPPORTED to control the
NRSACK extension. The default will still be off, since it
it not an RFC (yet).
Changing the sysctl name will be in a separate commit.

MFC after: 1 week

Add support for the SCTP_PR_SUPPORTED socket option as specified in
http://tools.ietf.org/html/draft-ietf-tsvwg-sctp-prpolicies
Add also a sysctl controlling the default of the end-points.

MFC after: 1 week

Cleanup the ECN configuration handling and provide an SCTP socket
option for controlling ECN on future associations and get the
status on current associations.
A simialar pattern will be used for controlling SCTP extensions in
upcoming commits.

Cleanup sctp_send_initiate() and sctp_send_initiate_ack() to be
in sync as much as possible. This simplifies upcoming changes.

Integrate upstream changes.

MFC after: 1 week

Honor jails for unbound SCTP sockets when selecting source addresses,
reporting IP-addresses to the peer during the handshake, adding
addresses to the host, reporting the addresses via the sysctl
interface (used by netstat, for example) and reporting the
addresses to the application via socket options.
This issue was reported by Bernd Walter.

MFC after: 3 days

Use ENOBUFS instead of ENOMEM in error situations related to m_uiotombuf().
This was suggested by kevlo@.

MFC after: 3 days

Increment the SSN only after processing the last fragment of an
ordered user message.

MFC after: 3 days

* Provide information in error causes in ASCII instead of
proprietary binary format.
* Add support for a diagnostic information error cause.
The code is sysctlable and the default is 0, which
means it is not sent.

This is joint work with rrs@.

MFC after: 1 week

Put the offset of the CRC32C in csum_data instead of 0.
The virtio driver needs the offset to be stored in csum_data,
like in the case for UDP and TCP.

The virtio problem was reported by
Niu Zhixiong <kaiaixi@gmail.com>, who helped in debugging
and testing the patch.

MFC after: 3 days

Remove redundant code and fix a style error.

MFC after: 3 days

Use SCTP_PR_SCTP_TTL when the user provides a positive
timetolive in sctp_sendmsg().

MFC after: 3 days

Changes from upstream to improve compilation when INET or INET6
or none of them is defined.

MFC after: 3 days

Fix the aborting of association with the iterator using an empty
user initiated error cause (using SCTP_ABORT|SCTP_SENDALL).

Approved by: re (delphij)
MFC after: 1 week

Remove redundant field pr_sctp_on.

MFC after: 1 week

Use uint16_t instead of in_port_t for consistency with the SCTP code.

MFC after: 1 week

Don't send uninitialized memory (two instances of 4 bytes) in
every cookie on the wire. This bug was reported in
https://bugzilla.mozilla.org/show_bug.cgi?id=905080

MFC after: 3 days

Make the features a 64-bit value instead of 32-bit.
This will allow an easier integration of the support
for NDATA.
While there, do also some minor cleanups.
Obtained from: rrs@
MFC after: 2 weeks

Get the code compiling without INET and INET6 being defined.
This is not possible in FreeBSD, but in the upstream code.

MFC after: 2 weeks

Don't send an ABORT chunk with verification 0.

MFC after: 1 week

Send the adaptation layer indication only if set by the user.

MFC after: 3 days
Discussed with: rrs

Don't send kernel provided information in the User Initiated
ABORT cause, since the user can also provide this kind of
information. So the receiver doesn't know who provided the
information.
While there: Fix a bug where the stack would send a malformed
ABORT chunk when using a send() call with SCTP_ABORT|SCT_SENDALL
flags.

MFC after: 3 days

Cleanup the handling of address scopes. Announce in the INIT/INIT-ACK
only the supported address types. While there, do some whitespace
cleanups.

MFC after: 1 week

Fix a bug where HEARTBEATs were still sent in SHUTDOWN_SENT or
SHUTDOWN_ACK_SENT state. While there, make the corresponding
code consistent.

MFC after: 1 week

Get it compiling without INET and INET6 support (mainly userland stack).

MFC after: 2 weeks

Use correct padding of the ABORT chunk in case of an user initiated
abort cause is used.

MFC after: 2 weeks

Ensure that the padding of the last parameter of an INIT chunk
is not included in the chunk length as required by RFC 4960.
While there, cleanup sctp_send_initiate().

MFC after: 2 weeks

Mechanically substitute flags from historic mbuf allocator with
malloc(9) flags within sys.

Exceptions:

- sys/contrib not touched
- sys/mbuf.h edited manually

Get the accounting working. We now have counters how many
chunks for each SCTP outgoing stream are in the send and
sent queue.
While there, improve the naming of NR-SACK related constants
recently introduced.

MFC after: 1 week

Add some missing changes missed in the last commit.

MFC after: 1 week
X-MFC with: 242708

Move from early SSN assignment to late SSN assignment.
This doesn't change functionality, but makes upcoming change
much easier.
Developed with rrs@ at the IETF 85.

MFC after: 1 week

Add braces (as used elsewhere in the SCTP code).

Switch the entire IPv4 stack to keep the IP packet header
in network byte order. Any host byte order processing is
done in local variables and host byte order values are
never[1] written to a packet.

After this change a packet processed by the stack isn't
modified at all[2] except for TTL.

After this change a network stack hacker doesn't need to
scratch his head trying to figure out what is the byte order
at the given place in the stack.

[1] One exception still remains. The raw sockets convert host
byte order before pass a packet to an application. Probably
this would remain for ages for compatibility.

[2] The ip_input() still subtructs header len from ip->ip_len,
but this is planned to be fixed soon.

Reviewed by: luigi, Maxim Dounin <mdounin mdounin.ru>
Tested by: ray, Olivier Cochard-Labbe <olivier cochard.me>

Declare a static function as such.

MFC after: 3 days

Small cleanups. No functional change.

MFC after: 10 days

Using %p in a format string requires a void *.

MFC after: 10 days

Use the consistenly the size of a variable. This helps to keep the code
simpler for the userland implementation.

MFC after: 3 days

Changes which improve compilation if neither INET nor INET6 is defined.

MFC after: 3 days

#ifdef INET and INET6 consistently. This also fixes a bug, where
it was done wrong.

MFC after: 3 days

Fix a bug introduced in r237715.

MFC after:i 3 days.

Use consistent method to determine IPV4_OUTPUT/IPV6_OUTPUT.

MFC after: 3 days

Use CSUM_SCTP_IPV6 for IPv6.

MFC after: 3 days

When ip_output()/ip6_output() is supplied a struct route *ro argument,
it skips FLOWTABLE lookup. However, the non-NULL ro has dual meaning
here: it may be supplied to provide route, and it may be supplied to
store and return to caller the route that ip_output()/ip6_output()
finds. In the latter case skipping FLOWTABLE lookup is pessimisation.

The difference between struct route filled by FLOWTABLE and filled
by rtalloc() family is that the former doesn't hold a reference on
its rtentry. Reference is hold by flow entry, and it is about to
be released in future. Thus, route filled by FLOWTABLE shouldn't
be passed to RTFREE() macro.

- Introduce new flag for struct route/route_in6, that marks route
not holding a reference on rtentry.
- Introduce new macro RO_RTFREE() that cleans up a struct route
depending on its kind.
- All callers to ip_output()/ip6_output() that do supply non-NULL
but empty route should use RO_RTFREE() to free results of
lookup.
- ip_output()/ip6_output() now do FLOWTABLE lookup always when
ro->ro_rt == NULL.

Tested by: tuexen (SCTP part)

Remove dead code (on FreeBSD) as suggested by glebius@.

MFC after: 3 days

Pass the src and dst address of a received packet explicitly around.

MFC after: 3 days

Whitespace cleanup.

MFC after: 3 days

Pass the packet length explicitly around.

MFC after: 3 days

Do packet logging in a consistent way.

MFC after: 3 days

Pass flowid explicitly through the stack instead of taking it from
the mbuf chain at different places.
While there: Fix several bugs related to VRFs.

MFC after: 3 days

Unify the sending of ABORT, SHUTDOWN-COMPLETE and ERROR chunks.
While there: Fix also some minor bugs and prepare for SCTP/DTLS.

MFC after: 3 days

Honor sysctl for TTL.

MFC after: 3 days

Don't request data from the IPv6 layer, which is not used.

MFC after: 3 days

Seperate SCTP checksum offloading for IPv4 and IPv6.
While there: remove some trainling whitespaces.

MFC after: 3 days
X-MFC with: 236170

Get rid of SCTP specific code to avoid CRC32C computations on loopback.
Just just offloading.
MFC after: 3 days

Use consistent text at the begining of the files.

MFC after: 3 days

Support SCTP_EOF also for 1-to-1 style sockets.

MFC after: 3 days

Provide in the SCTP_SEND_FAILED and SCTP_SEND_FAILED_EVENT notifications
the correct ssf_error or ssfe_error as required by RFC 6458.

MFC after: 3 days

Provide the error code in SCTP_PEER_ADDR_CHANGE notifications as
specified in RFC 6458.

MFC after: 3 days

Provide in the association change notification the received ABORT chunk
if case of SCTP_COMM_LOST or SCTP_CANT_STR_ASSOC as required by RFC 6458.

MFC after: 3 days

Use SCTP_PRINTF() instead of printf() in all SCTP sources.

MFC after: 3 days

Fix another RFC 6458 issue. Spotted by Irene Ruengeler.

MFC after: 3 days

Use the same pattern for mbuf logging everywhere.

MFC after: 3 days

Make stream our stream reset implementation
compliant to RFC6525.

MFC after: 1 month

Honor the net.inet.udp.checksum sysctl when using SCTP/UDP/IPv4
encapsulation.
MFCing requires MFCing http://svn.freebsd.org/changeset/base/233554
MFC after: 2 weeks

Fix a bug where the wrong protocol overhead was used. This can lead
to a deadlock of an association when an IPv6 socket was used to
communcate with IPv4 and an ICMPv4 fragmentation needed message
was received.
While there, simplify the code a bit.

MFC after: 3 days.

Two cleanups. No functional change.

Use queue(3) macros instead of home-rolled versions in several places in
the INET6 code. This includes retiring the 'ndpr_next' and 'pfr_next'
macros.

Submitted by: pluknet (earlier version)
Reviewed by: pluknet

Address issues found by clang. While there, fix also some style
issues.

MFC after: 3 months.

Fix unused parameter warnings.
While there, fix some whitespace issues.

MFC after: 3 months.

Fix a warning reported by arundel@.
Fix a bug where the parameter length of a supported address types
parameter is set to a wrong value if the kernel is built with
with either INET or INET6, but not both.

MFC after: 3 days.

Add support for the SCTP_REMOTE_UDP_ENCAPS_PORT socket option.
Retire the the now unused sctp_udp_tunneling_for_client_enable
sysctl variable.

MFC after: 3 months.

Initialize all components of the sent COOKIE.

MFC after: 3 days.

Send out control chunks which have no specific destination.

MFC after: 3 days.

Make sure that SCTP rejects broadcast, multicast and wildcard addresses
as remote addresses.

Approved by: re
MFC after: 1 month.

Ensure that 1-to-1 style SCTP sockets can only be connected once.
Allow implicit setup also for 1-to-1 style sockets as described
in the latest version of the socket API ID.

Approved by: re
MFC after: 1 month

Fix the handling of the flowlabel and DSCP value in the SCTP_PEER_ADDR_PARAMS
socket option.
Honor the net.inet6.ip6.auto_flowlabel sysctl setting.

Approved by: re (bz)
MFC after: 1 month.

Improve implementation of the Nagle algorithm for SCTP:
Don't delay the final fragment of a fragmented user message.

Approved by: re
MFC after: 4 weeks

Add support for the spp_dscp field in the SCTP_PEER_ADDR_PARAMS
socket option. Backwards compatibility is provided by still
supporting the spp_ipv4_tos field.

Approved by: re@
MFC after: 2 months.

The result of a joint work between rrs@ and myself at the IETF:
* Decouple the path supervision using a separate HB timer per path.
* Add support for potentially failed state.
* Bring back RTO.min to 1 second.
* Accept packets on IP-addresses already announced via an ASCONF
* While there: do some cleanups.

Approved by: re@
MFC after: 2 months.

Add support for the newly added SCTP API.
In particular add support for:
* SCTP_SNDINFO, SCTP_PRINFO, SCTP_AUTHINFO, SCTP_DSTADDRV4, and
SCTP_DSTADDRV6 cmsgs.
* SCTP_NXTINFO and SCTP_RCVINFO cmgs.
* SCTP_EVENT, SCTP_RECVRCVINFO, SCTP_RECVNXTINFO and SCTP_DEFAULT_SNDINFO
socket option.
* Special association ids (SCTP_FUTURE_ASSOC, ...)
* sctp_recvv() and sctp_sendv() functions.

MFC after: 1 month.

Unbreak INET-less build.
Reported by bz@
MFC after: 1 week

Fix whitespacing.
Reported by scf@

MFC after: 1 week.

Fix the source address selection for boundall sockets
when sending INITs to a global IPv4 address having
only private IPv4 address.
Allow the usage of a private address and make sure
that no other private address will be used by the
association.
Initial work was done by rrs@.

MFC after: 1 week.

Fix a locking issue showing up on Mac OS X when subscribing to
authentication events. DTLS/SCTP renegotiations trigger the bug.

MFC after: 2 weeks.

Improve compilation of SCTP code without INET support.
Some bugs where fixed while doing this:
* ASCONF-ACK messages might use wrong port number when using
IPv6.
* Checking for additional addresses takes the correct address
into account and also does not do more comparisons than
necessary.

This patch is based on one received from bz@ who was
sponsored by The FreeBSD Foundation and iXsystems.

MFC after: 1 week

Tunes and fixes the new DC-CC to seem to hit the
right mix. Still may need some tweaks but it
appears to almost not give away too much to an
RFC2581 flow, but can really minimize the amount of
buffers used in the net.

MFC after: 3 months

Improvements to CC modules:
1) Add four new points that allow you to get more information
to cc algo's
2) Fix the case where user changes module on a existing TCB, in
such a case, the initialization module needs to be called on all nets.
3) Move htcp_cc structure to a union that other modules can use.
4) Add 5th point for get/set socket options for cc_module specific options

MFC after: 2 months

Fix bugs related to M_FLOWID:
* Store the flowid when receiving an SCTP/IPv6 packet.
* Store the flowid when receiving an SCTP packet with wrong CRC.
* Initilize flowid correctly.
* Put test code under INVARIANTS.
MFC after: 3 months.

If not set (due to some error Michael is working on
fixing) set it for the net.

MFC after: 3 months

Add support for M_FLOWID.

1) Typo correction in comments and one spacing change.
2) Mass update to all copyrights.
MFC after: 3 Months

Fix several bugs in the stream schedulers.
From Robin Seggelmann.

MFC after: 3 months.

Make sure that changing the ECN sysctl does not affect
exisiting associations and endpoints.

MFC after: 3 months.

1) Move per John Baldwin to mp_maxid
2) Some signed/unsigned errors found by Mac OS compiler (from Michael)
3) a couple of copyright updates on the effected files.

MFC after: 3 months

1) Allow a chunk to track the cwnd it was at when sent.
2) Add separate max-bursts for retransmit and hb. These
are set to sysctlable values but not settable via the
socket api. This makes sure we don't blast out HB's or
fast-retransmits.
3) Determine on the first data transmission on a net if
its local-lan (by being under or over a RTT). This
can later be used to think about different algorithms
based on locallan vs big-i (experimental)
4) The cwnd should NOT be allowed to grow when an ECNEcho
is seen (TCP has this same bug). We fix this in SCTP
so an ECNe being seen prevents an advance of cwnd.
5) CWR's should not be sent multiple times to the
same network, instead just updating the TSN being
transmitted if needed.

MFC after: 1 Month

More ECN fixes:
1) We now remove ECN-Nonce since it will no longer continue as a I-D
2) Eliminate last_tsn_echo, this tied us to an assoc not the net
and thus we were not doing m-homing on the ECN-Echo senders side right.
3) Increment the count going out even if the TSN in lower in the pending
ECN-Echo, this way the receiver knows exactly how many packets were
marked even with network re-ordering
4) Fix so we DO NOT stop doing delayed sack if a ECN Echo is in queue
MFC after: 1 month

Fixes to ECN in SCTP.
1) ECN was on an association basis, this is incorrect and
will not work with CMT or for that matter if the user
is sending to multiple addresses. This commit makes
ECN on a per path basis.
2) Adopt the new format for the ECN internet draft. This also
maintains compatability with old format chunks as well.
3) Keep track of the real time of a RTT down to micro seconds.
For some future conditional features (for like a data center
this is good information to have).
MFC after: 1 month

Fix a bug in the way ECN-Echo chunk
sends were being accounted for. The
counting was such that we counted only
when we queued a chunk, not when we sent it.
Now keep an additional counter for queuing and
one for sending.

MFC after: 1 week

Change infrastructure for SCTP_MAX_BURST to allow compliance
with the latest socket API ID. Especially it can be disabled.

Full compliance needs changing the structure used in the
socket option. Since this breaks the API, it will be a
seperate commit which will not be MFCed to stable/8.

MFC after: 3 months.

Add stream scheduling support.
This work is based on a patch received from Robin Seggelmann.

MFC after: 3 months.

Define and use SCTP_SSN_GE, SCTP_SSN_GT, SCTP_TSN_GE, SCTP_TSN_GT macros
and use them instead of the generic compare_with_wrap.
Retire compare_with_wrap.

MFC after: 3 months.

Code cleanup: Use LIST_FOREACH, LIST_FOREACH_SAFE, TAILQ_FOREACH,
TAILQ_FOREACH_SAFE where appropriate.
No functional change.

MFC after: 3 months.

Fix three bugs related to the sequence number wrap-around affecting
the processing of ECNE and ASCONF chunks.

Reviewed by: rrs
MFC after: 3 days.

Improve plausibility check in sctp_handle_sack().
Allow cmt_on_off to support values 0 (no CMT), 1 (CMT), and 2 (CMT/RP).

MFC after: 3 months.

Take out special code for disable CRC computations on
the loopback interface for IPv6. It will be handled
by the loopback interface.

Fix more issues with the SACK/NR-SACK generation code.

MFC after: 3 days.

Fix the SACK/NR-SACK generation code.

MFC after: 3 days.

* Fix an accounting bug regarding SACK/NR-SACK chunks.
* Fix the generation of the SACK/NR-SACK gap lists.

MFC after: 3 days.

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Fix a bug where the wrong PR-SCTP policy was considered.
While there, use always the same code for the check of
TTL expiration.

MFC after: 2 weeks.

* Implement initial version of send buffer splitting.
* Make send/recv buffer splitting switchable via sysctl.
* While there: Fix some comments.

Remove old debug code.

MFC after: 2 weeks.

Delay the assignment of a path for DATA chunk until they hit
the sent_queue. Honor a given path when the SCTP_ADDR_OVER
flag is set.

MFC after: 2 weeks.

* Remove code which has no effect.
* Clean up the handling in sctp_lower_sosend().

MFC after: 3 weeks.

Implement correct handling of address parameter and
sendinfo for SCTP send calls.

MFC after: 4 weeks.

Fix some CLANG warnings. One clang warning is left
due to the fact that its bogus.. nam->sa_family will
not change from AF_INET6 to AF_INET (but clang
thinks it does ;-D)

Fix the the SCTP_WITH_NO_CSUM option when used in combination with
interface supporting CRC offload. While at it, make use of the
feature that the loopback interface provides CRC offloading.

MFC after: 4 weeks

Bugfix: Do not send a packet drop report in response to a received
INIT-ACK with incorrect CRC.

Fix the switching on/off of CMT using sysctl and socket option.
Fix the switching on/off of PF and NR-SACKs using sysctl.
Add minor improvement in handling malloc failures.
Improve the address checks when sending.

MFC after: 4 weeks

Fix a bug where endpoints bound to wildcard addresses where
using addresses not announced to the peer due to address
scoping.

MFC after: 3 weeks

Cleanup code.

MFC after: 2 weeks

Fix the comment block that has the nice
table to really have the nice table :-)

MFC after: 1 month

PR SCTP Bugs. Basically a full sized frame of
PR SCTP FWD-TSN's would not be sent and thus
cause a stalled connection. Also the rwnd
Calculation was also off on the receiver side for
PR-SCTP.
MFC after: 1 month

Fix a bug where the length of a FORWARD-TSN chunk was set incorrectly in
the chunk. This resulted in malformed frames.
Remove a duplicate assignment.

MFC after: 2 weeks

MFC:
Fix a number of bugs and race conditions.
r208160: Bring back of the iterator thread. It now properly handles VNETS
having only one thread. The old timer based code was full of
LOR's and other issues.

r208852: Cleanup bug. Basically when an un-accepted socket was hanging on a
closed listener, we would leak the inp never cleaning it up

r208853: Enhance the use under invarients of the audit for locks function
and fix a bug where a close collision with a cookie being processed
would cause a crash.

r208854: Use the proper increment macros when working with the
sent_queue_retran_cnt

r208855: Align comments properly, Fix a bug where we were NOT looking at the
resend markings for control chunks and also not decrementing the
retran count which caused extra calls to retransmission. Alos add
a valid no locks call to the output routine.

r208856: Spacing issues in auth/bsd addr.

r208857: Get rid of a windows ifdef that somehow leaked in

r208863: Missing error leg returns in some failure cases

r208864: LOR fix between the iterator and sctp_inpcb_close

r208874: Don't call the sctp_inpcb_free from abort an association since you
don't know what locks you hold and a timer will take care of the
situation when the gone flag is set

r208875: sctp_inpcb_free bug - a socket under the right situation could get
stuck (from the accept queue) and never start the proper cleanup
timer)

r208876: Further enhance invariant lock validation, Fix a bug where a closed
socket and a INIT-ACK could collide and cause a crash

r208878: Clear up another bug in sctp_inpcb_free where we would end up due
to a race in freeing hit a destroy of a contended lock.

r208879: Optimize the cleanup and make some additional fixes in the sysctl
code so that it won't reference a GONE INP and crash us

r208883 & r208891: Fix so we don't open a hole between a sock lock and a call
to socantrcvmore.. we could before hit a race that would kill the
socket underneath us leading to a crash

r208897: CUM-ACK calculation was messed up. So basically large message got
broken from the original NR_sack integration.

r208902: Make sure that we don't move a bit to the NR array that is behind
the cum-ack

r208952: Use both bit maps to calculte the cum-ack.

r208953: Fix bug having to do with freeing an sctp_inpcb_free().
1) make sure not to remove the flag until you get the lock again.
2) make sure all log_closing calls hold the lock.
3) Release all the locks when everthing is done and call callout_drain
not callout_stop..

r208970: Fix some places on user allocation of a new sctp_inpcb where we run
out of resource that we make sure to NULL the so_pcb pointer.
Approved by: re - (bz@freebsd.org)

This change does the following:
1) Fix the alignment of a comment.
2) Fix a BUG where we were NOT paying attention
to the RESEND marking on retransmitting control
chunks.. and worse we were not decrementing the
retran count that could cause us to loop forever.
3) Add in the valdiate_no_lock function on invariants
so that we will really check all ways out to be sure
a lock does not slip out locked.

MFC after: 1 week.

MFC 207985

Fix an old long time bug in generating a
fwd-tsn. This would appear when greater than
the size of mbuf TSN's would need to be skipped.

MFC 207983

More PR-SCTP bugs:
- Make sure that when you kick the streams you add correctly
using a 16 bit unsigned.
- Make sure when sending out you allow FWD-TSN to skip over
and list the ACKED chunks in the stream/seq list (so the
rcv will kick the stream)

Fix an old long time bug in generating a
fwd-tsn. This would appear when greater than
the size of mbuf TSN's would need to be skipped.

MFC after: 3 days

More PR-SCTP bugs:
- Make sure that when you kick the streams you add correctly
using a 16 bit unsigned.
- Make sure when sending out you allow FWD-TSN to skip over
and list the ACKED chunks in the stream/seq list (so the
rcv will kick the stream)
MFC after: 3 days

MFC 206758, 206840, 206891, 206892, 207099, 207191, 207197
* Fix a bug where SACKs are not sent when they should.
* Get delayed SACK working again.
* Really print the nr_mapping array when it should be printed.
* Update highest_tsn variables when sliding mapping arrays.
* Sending a FWDTSN chunk should not affect the retran count.
* Cleanups.

Sending a FWDTSN chunk should not affect the retran count.

MFC after: 3 days.

MFC of 206151

MFC of 206137

This is Part III of the great IETF hack-a-thon to fix
the NR-Sack code. (the last one on the cpu options
was a lull.. i.e MFC 205629).. still 2 more to go.

MFC of 205627

Part II (more to follow) of the great IETF hack-a-thon to
fix the NR-Sack code.

MFC of 204141

Cleans up so we can have a vtag reflected argument.
One of Michaels fixes ;-)

MFC of 202526

The first round of some of Michael's changes to
get the sack processing in better shape.

MFC of 202517

Again gets rid of some rather strange ifdef's for
APPLE/USERSPACE that drifted in through our scrubber
programs.

Use also SCTP/IPv6 checksum offloading in special cases.

MFC after: 2 weeks

* Fix some race condition in SACK/NR-SACK processing.
* Fix handling of mapping arrays when draining mbufs or processing
FORWARD-TSN chunks.
* Cleanup code (no duplicate code anymore for SACKs and NR-SACKs).
Part of this code was developed together with rrs.
MFC after: 2 weeks.

Fix for NR-Sack code. The code was NOT working properly when
enabled. Basically most of the operations were incorrect causing
bad sacks when you enabled nr-sack. The fixes range across
4 files and unifiy most of the processing so that we only test
nr_sack flags to decide which type of sack to generate.

Optimization left for this is to combine the sack generation
code and make it capable of generating either sack thus shrinking
out a routine.

Reviewed by: tuexen@freebsd.org

Fix handling of SHUTDOWN-ACK chunk in COOKIE_WAIT and COOKIE_ECHOED.

MFC after: 1 week

MFC 202449:

Get rid of support of an old version of the SCTP-AUTH draft.
Get rid of unused MD5 code.

Get rid of a lot of duplicated code for NR-SACK handle.
Generalize the SACK to code handle also NR-SACKs.

Remove another set of "leaked" ifdefs that somehow found
their way into FreeBSD.

MFC 199459

Get rid of unused fields addr_over which is never really used,
only copied around.

MFC 199374

Fix a bug where queued ASCONF messags are not sent out.
From Irene Ruengeler.

MFC 198621

Improve round robin stream scheduler and cleanup some code.

MFC 197341

Fix errnos.

MFC 198499

Improve the round robin stream scheduler.

Get rid of support of an old version of the SCTP-AUTH draft.
Get rid of unused MD5 code.

MFC after: 1 week

MFC 197288,197326,197327,197328,197342,197914,197929,
197955,199365,199370,199371,199373,199866
This MFCs all SCTP/VNET relevant fixes from head.

Approved by: rrs (mentor)

Get rid of unused fields addr_over which is never really used,
only copied around.

Approved by: rrs (mentor)

Fix a bug where queued ASCONF messags are not sent out.

Approved by: rrs (mentor)
Obtained from: Irene Ruengeler
MFC after: 1 month

Improve round robin stream scheduler and cleanup some code.

Approved by: rrs (mentor)
MFC after: 3 days

Improve the round robin stream scheduler.

Approved by: rrs (mentor)
MFC after: 3 days

MFC r197868.
Use correct arguments when calling SCTP_RTALLOC().
Approved by: re, rrs (mentor)

Use correct arguments when calling SCTP_RTALLOC().

Approved by: rrs (mentor)
MFC after: 0 days

Fix so that round robing stream scheduling works as advertised

MFC after: 0 days

MFC r197341.
Fix errnos.

Approved by: re (bz), rrs (mentor)

Fix errnos.

Approved by: rrs(mentor)
MFC after: 3 days.

Support for VNET in SCTP (hopefully)

Fix a panic when using one-to-one style sockets in non-blocking
mode and there is no listening server.
PR: 137795
Approved by: re, rrs (mentor)

Fix a crash when using one-to-one stlye socket in non-blocking
mode and there is no listening server.
PR: 137795
Approved by: re, rrs (mentor)
MFC after:immediately.

MFC r196260.
* Fix a bug where PR-SCTP settings are ignore when using implicit
association setup.
* Fix a bug where message with illegal stream ids are not deleted.
* Fix a crash when reporting back unsent messages from the send_queue.
* Fix a bug related to INIT retransmission when the socket is already
closed.
* Fix a bug where associations were stalled when partial delivery API
was enabled.
* Fix a bug where the receive buffer size was smaller than the
partial_delivery_point.

Approved by: re, rrs (mentor)

* Fix a bug where PR-SCTP settings are ignore when using implicit
association setup.
* Fix a bug where message with illegal stream ids are not deleted.
* Fix a crash when reporting back unsent messages from the send_queue.
* Fix a bug related to INIT retransmission when the socket is already
closed.
* Fix a bug where associations were stalled when partial delivery API
was enabled.
* Fix a bug where the receive buffer size was smaller than the
partial_delivery_point.

Approved by: re, rrs (mentor)
MFC after: One day.

Changes to the NR-Sack code so that:
1) All bit disappears
2) The two sets of gaps (nr and non-nr) are
disjointed, you don't have gaps struck in
both places.

This adjusts us to coorespond to the new draft. Still
to-do, cleanup the code so that there are only one set
of sack routines (original NR-Sack done by E cloned all
sack code).

Many bug fixes (from the IETF hack-fest):
- PR-SCTP had major issues when skipping through a multi-part message.
o Did not look at socket buffer.
o Did not properly handle the reassmebly queue.
o The MARKED segments could interfere and un-skip a chunk causing
a problem with the proper FWD-TSN.
o No FR of FWD-TSN's was being done.
- NR-Sack code was basically disabled. It needed fixes that
never got into the real code.
- CMT code had issues when the two paths were NOT the same b/w. We
found a few small bugs, but also the critcal one here was not
dividing the rwnd amongst the paths.

Obtained from: Michael Tuexen and myself at the IETF hack-fest ;-)

Fixes several PR-SCTP releated bugs.
- When sending large PR-SCTP messages over a
lossy link we would incorrectly calculate the fwd-tsn
- When receiving large multipart pr-sctp packets we would
incorrectly send back a SACK that would renege improperly
on already received packets thus causing unneeded retransmissions.

Fixes for window probes:
1) WP should never be marked unless flight size is 0
2) When recovering from wp if the peer ack's it we don't mark for retran
3) When recovering, we must assure a timer is still running.

Fix the add stream feature of strm-reset to really work:
- Fix the copy, we can't do a blind copy but must transfer
the data from the old to the new.
- Fix the ACK processing so we properly stop retransmitting
the thing.
- Fix it so if we get a retran we will properly reply with
the saved response without doing anything.

MFC after: 1 month

Add the add-stream capability. Still needs more
testing..

MFC after: 1 month

Fix a bug. The sending was being restricted improperly by
the max_burst. It should only be gated by cwnd in the
lower level send.

Obtained from: Michael Tuexen
MFC after: 1 week.

- Cleanup checksum code.
- Prepare for CRC offloading, add MIB counters (RS/MT).
- Bugfix: Disable CRC computation for IPv6 addresses with local scope (MT).
- Bugfix: Handle close() with SO_LINGER correctly when notifications
are generated during the close() call(MT).
- Bugfix: Generate DRY event when sender is dry during subscription.
Only for 1-to-1 style sockets (RS/MT)
- Bugfix: Put vtags for the correct amount of time into time-wait (MT).
- Bugfix: Clear vtag entries correctly on expiration (MT).
- Bugfix: shutdown() indicates ENOTCONN when called for unconnected
1-to-1 style sockets (MT).
- Bugfix: In sctp Auth code (PL).
- Add support for devices that support SCTP csum offload (igb).
- Add missing sctp_associd to mib sysctl xsctp_tcb structure (RS)
Obtained from: With help from Peter Lei and Michael Tuexen

Code from the hack-session known as the IETF (and a
bit of debugging afterwards):
- Fix protection code for notification generation.
- Decouple associd from vtag
- Allow vtags to have less strigent requirements in non-uniqueness.
o don't pre-hash them when you issue one in a cookie.
o Allow duplicates and use addresses and ports to
discriminate amongst the duplicates during lookup.
- Add support for the NAT draft draft-ietf-behave-sctpnat-00, this
is still experimental and needs more extensive testing with the
Jason Butt ipfw changes.
- Support for the SENDER_DRY event to get DTLS in OpenSSL working
with a set of patches from Michael Tuexen (hopefully heading to OpenSSL soon).
- Update the support of SCTP-AUTH by Peter Lei.
- Use macros for refcounting.
- Fix MTU for UDP encapsulation.
- Fix reporting back of unsent data.
- Update assoc send counter handling to be consistent with endpoint sent counter.
- Fix a bug in PR-SCTP.
- Fix so we only send another FWD-TSN when a SACK arrives IF and only
if the adv-peer-ack point progressed. However we still make sure
a timer is running if we do have an adv_peer_ack point.
- Fix PR-SCTP bug where chunks were retransmitted if they are sent
unreliable but not abandoned yet.

With the help of: Michael Teuxen and Peter Lei :-)
MFC after: 4 weeks

More issues with pre-blocking:
a) Need for EEOR mode to take the min of the socket buffer size and the
add more threshold, otherwise if you are so silly as to set a send
buf size less than the add-more you could block forever in eeor mode.

b) We were incorrectly using the sysctl vs the calculated value. This
causes us to block forever if the addmore theshold is larger than
then the socket buffer size.

Two inter-related bugs.
- If we send EXACTLY the size left in the send buffer
and then send again, we end up with exactly 0 bytes and
don't hit the pre-block code to wait for more space.
- If we fall into the loop with our max_len == 0 (the bug
above) we then call in to copy out the data, setup the length
of the waiting to transmit data to 0 and call the mbuf copy routine
which 0 indicates copy all the data to the mbuf chain.. which it
does. This then leaves a "stuck" message on the stream queue with
its size exactly 0 bytes but all the data there and thus nothing
left in the uio structure. We then reach a stuck forever state
never being able to send data.

- Import the HEAD csup code which is the basis for the cvsmode work.

- Adapt layer indication was always being given (it should only
be given when the user has enabled it). (Michael Tuexen)
- Sack Immediately was not being set properly on the actual chunk, it
was only put in the rcvd_flags which is incorrect. (Michael Tuexen)
- added an ifndef userspace to one of the already present macro's for
inet (Brad Penoff)
Obtained from: Michael Tuexen and Brad Penoff
MFC after: 4 weeks

- Make strict-sacks be the default.
- Change it so that without INVARIANTs there are
no panics in SCTP.
- sctp_timer changes so that we have a recovery mechanism
when the sent list is out of order.