sctp_output.c revision 294216
1/*- 2 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * a) Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * 12 * b) Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the distribution. 15 * 16 * c) Neither the name of Cisco Systems, Inc. nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 30 * THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33#include <sys/cdefs.h> 34__FBSDID("$FreeBSD: stable/10/sys/netinet/sctp_output.c 294216 2016-01-17 12:18:01Z tuexen $"); 35 36#include <netinet/sctp_os.h> 37#include <sys/proc.h> 38#include <netinet/sctp_var.h> 39#include <netinet/sctp_sysctl.h> 40#include <netinet/sctp_header.h> 41#include <netinet/sctp_pcb.h> 42#include <netinet/sctputil.h> 43#include <netinet/sctp_output.h> 44#include <netinet/sctp_uio.h> 45#include <netinet/sctputil.h> 46#include <netinet/sctp_auth.h> 47#include <netinet/sctp_timer.h> 48#include <netinet/sctp_asconf.h> 49#include <netinet/sctp_indata.h> 50#include <netinet/sctp_bsd_addr.h> 51#include <netinet/sctp_input.h> 52#include <netinet/sctp_crc32.h> 53#if defined(INET) || defined(INET6) 54#include <netinet/udp.h> 55#endif 56#include <netinet/udp_var.h> 57#include <machine/in_cksum.h> 58 59 60 61#define SCTP_MAX_GAPS_INARRAY 4 62struct sack_track { 63 uint8_t right_edge; /* mergable on the right edge */ 64 uint8_t left_edge; /* mergable on the left edge */ 65 uint8_t num_entries; 66 uint8_t spare; 67 struct sctp_gap_ack_block gaps[SCTP_MAX_GAPS_INARRAY]; 68}; 69 70struct sack_track sack_array[256] = { 71 {0, 0, 0, 0, /* 0x00 */ 72 {{0, 0}, 73 {0, 0}, 74 {0, 0}, 75 {0, 0} 76 } 77 }, 78 {1, 0, 1, 0, /* 0x01 */ 79 {{0, 0}, 80 {0, 0}, 81 {0, 0}, 82 {0, 0} 83 } 84 }, 85 {0, 0, 1, 0, /* 0x02 */ 86 {{1, 1}, 87 {0, 0}, 88 {0, 0}, 89 {0, 0} 90 } 91 }, 92 {1, 0, 1, 0, /* 0x03 */ 93 {{0, 1}, 94 {0, 0}, 95 {0, 0}, 96 {0, 0} 97 } 98 }, 99 {0, 0, 1, 0, /* 0x04 */ 100 {{2, 2}, 101 {0, 0}, 102 {0, 0}, 103 {0, 0} 104 } 105 }, 106 {1, 0, 2, 0, /* 0x05 */ 107 {{0, 0}, 108 {2, 2}, 109 {0, 0}, 110 {0, 0} 111 } 112 }, 113 {0, 0, 1, 0, /* 0x06 */ 114 {{1, 2}, 115 {0, 0}, 116 {0, 0}, 117 {0, 0} 118 } 119 }, 120 {1, 0, 1, 0, /* 0x07 */ 121 {{0, 2}, 122 {0, 0}, 123 {0, 0}, 124 {0, 0} 125 } 126 }, 127 {0, 0, 1, 0, /* 0x08 */ 128 {{3, 3}, 129 {0, 0}, 130 {0, 0}, 131 {0, 0} 132 } 133 }, 134 {1, 0, 2, 0, /* 0x09 */ 135 {{0, 0}, 136 {3, 3}, 137 {0, 0}, 138 {0, 0} 139 } 140 }, 141 {0, 0, 2, 0, /* 0x0a */ 142 {{1, 1}, 143 {3, 3}, 144 {0, 0}, 145 {0, 0} 146 } 147 }, 148 {1, 0, 2, 0, /* 0x0b */ 149 {{0, 1}, 150 {3, 3}, 151 {0, 0}, 152 {0, 0} 153 } 154 }, 155 {0, 0, 1, 0, /* 0x0c */ 156 {{2, 3}, 157 {0, 0}, 158 {0, 0}, 159 {0, 0} 160 } 161 }, 162 {1, 0, 2, 0, /* 0x0d */ 163 {{0, 0}, 164 {2, 3}, 165 {0, 0}, 166 {0, 0} 167 } 168 }, 169 {0, 0, 1, 0, /* 0x0e */ 170 {{1, 3}, 171 {0, 0}, 172 {0, 0}, 173 {0, 0} 174 } 175 }, 176 {1, 0, 1, 0, /* 0x0f */ 177 {{0, 3}, 178 {0, 0}, 179 {0, 0}, 180 {0, 0} 181 } 182 }, 183 {0, 0, 1, 0, /* 0x10 */ 184 {{4, 4}, 185 {0, 0}, 186 {0, 0}, 187 {0, 0} 188 } 189 }, 190 {1, 0, 2, 0, /* 0x11 */ 191 {{0, 0}, 192 {4, 4}, 193 {0, 0}, 194 {0, 0} 195 } 196 }, 197 {0, 0, 2, 0, /* 0x12 */ 198 {{1, 1}, 199 {4, 4}, 200 {0, 0}, 201 {0, 0} 202 } 203 }, 204 {1, 0, 2, 0, /* 0x13 */ 205 {{0, 1}, 206 {4, 4}, 207 {0, 0}, 208 {0, 0} 209 } 210 }, 211 {0, 0, 2, 0, /* 0x14 */ 212 {{2, 2}, 213 {4, 4}, 214 {0, 0}, 215 {0, 0} 216 } 217 }, 218 {1, 0, 3, 0, /* 0x15 */ 219 {{0, 0}, 220 {2, 2}, 221 {4, 4}, 222 {0, 0} 223 } 224 }, 225 {0, 0, 2, 0, /* 0x16 */ 226 {{1, 2}, 227 {4, 4}, 228 {0, 0}, 229 {0, 0} 230 } 231 }, 232 {1, 0, 2, 0, /* 0x17 */ 233 {{0, 2}, 234 {4, 4}, 235 {0, 0}, 236 {0, 0} 237 } 238 }, 239 {0, 0, 1, 0, /* 0x18 */ 240 {{3, 4}, 241 {0, 0}, 242 {0, 0}, 243 {0, 0} 244 } 245 }, 246 {1, 0, 2, 0, /* 0x19 */ 247 {{0, 0}, 248 {3, 4}, 249 {0, 0}, 250 {0, 0} 251 } 252 }, 253 {0, 0, 2, 0, /* 0x1a */ 254 {{1, 1}, 255 {3, 4}, 256 {0, 0}, 257 {0, 0} 258 } 259 }, 260 {1, 0, 2, 0, /* 0x1b */ 261 {{0, 1}, 262 {3, 4}, 263 {0, 0}, 264 {0, 0} 265 } 266 }, 267 {0, 0, 1, 0, /* 0x1c */ 268 {{2, 4}, 269 {0, 0}, 270 {0, 0}, 271 {0, 0} 272 } 273 }, 274 {1, 0, 2, 0, /* 0x1d */ 275 {{0, 0}, 276 {2, 4}, 277 {0, 0}, 278 {0, 0} 279 } 280 }, 281 {0, 0, 1, 0, /* 0x1e */ 282 {{1, 4}, 283 {0, 0}, 284 {0, 0}, 285 {0, 0} 286 } 287 }, 288 {1, 0, 1, 0, /* 0x1f */ 289 {{0, 4}, 290 {0, 0}, 291 {0, 0}, 292 {0, 0} 293 } 294 }, 295 {0, 0, 1, 0, /* 0x20 */ 296 {{5, 5}, 297 {0, 0}, 298 {0, 0}, 299 {0, 0} 300 } 301 }, 302 {1, 0, 2, 0, /* 0x21 */ 303 {{0, 0}, 304 {5, 5}, 305 {0, 0}, 306 {0, 0} 307 } 308 }, 309 {0, 0, 2, 0, /* 0x22 */ 310 {{1, 1}, 311 {5, 5}, 312 {0, 0}, 313 {0, 0} 314 } 315 }, 316 {1, 0, 2, 0, /* 0x23 */ 317 {{0, 1}, 318 {5, 5}, 319 {0, 0}, 320 {0, 0} 321 } 322 }, 323 {0, 0, 2, 0, /* 0x24 */ 324 {{2, 2}, 325 {5, 5}, 326 {0, 0}, 327 {0, 0} 328 } 329 }, 330 {1, 0, 3, 0, /* 0x25 */ 331 {{0, 0}, 332 {2, 2}, 333 {5, 5}, 334 {0, 0} 335 } 336 }, 337 {0, 0, 2, 0, /* 0x26 */ 338 {{1, 2}, 339 {5, 5}, 340 {0, 0}, 341 {0, 0} 342 } 343 }, 344 {1, 0, 2, 0, /* 0x27 */ 345 {{0, 2}, 346 {5, 5}, 347 {0, 0}, 348 {0, 0} 349 } 350 }, 351 {0, 0, 2, 0, /* 0x28 */ 352 {{3, 3}, 353 {5, 5}, 354 {0, 0}, 355 {0, 0} 356 } 357 }, 358 {1, 0, 3, 0, /* 0x29 */ 359 {{0, 0}, 360 {3, 3}, 361 {5, 5}, 362 {0, 0} 363 } 364 }, 365 {0, 0, 3, 0, /* 0x2a */ 366 {{1, 1}, 367 {3, 3}, 368 {5, 5}, 369 {0, 0} 370 } 371 }, 372 {1, 0, 3, 0, /* 0x2b */ 373 {{0, 1}, 374 {3, 3}, 375 {5, 5}, 376 {0, 0} 377 } 378 }, 379 {0, 0, 2, 0, /* 0x2c */ 380 {{2, 3}, 381 {5, 5}, 382 {0, 0}, 383 {0, 0} 384 } 385 }, 386 {1, 0, 3, 0, /* 0x2d */ 387 {{0, 0}, 388 {2, 3}, 389 {5, 5}, 390 {0, 0} 391 } 392 }, 393 {0, 0, 2, 0, /* 0x2e */ 394 {{1, 3}, 395 {5, 5}, 396 {0, 0}, 397 {0, 0} 398 } 399 }, 400 {1, 0, 2, 0, /* 0x2f */ 401 {{0, 3}, 402 {5, 5}, 403 {0, 0}, 404 {0, 0} 405 } 406 }, 407 {0, 0, 1, 0, /* 0x30 */ 408 {{4, 5}, 409 {0, 0}, 410 {0, 0}, 411 {0, 0} 412 } 413 }, 414 {1, 0, 2, 0, /* 0x31 */ 415 {{0, 0}, 416 {4, 5}, 417 {0, 0}, 418 {0, 0} 419 } 420 }, 421 {0, 0, 2, 0, /* 0x32 */ 422 {{1, 1}, 423 {4, 5}, 424 {0, 0}, 425 {0, 0} 426 } 427 }, 428 {1, 0, 2, 0, /* 0x33 */ 429 {{0, 1}, 430 {4, 5}, 431 {0, 0}, 432 {0, 0} 433 } 434 }, 435 {0, 0, 2, 0, /* 0x34 */ 436 {{2, 2}, 437 {4, 5}, 438 {0, 0}, 439 {0, 0} 440 } 441 }, 442 {1, 0, 3, 0, /* 0x35 */ 443 {{0, 0}, 444 {2, 2}, 445 {4, 5}, 446 {0, 0} 447 } 448 }, 449 {0, 0, 2, 0, /* 0x36 */ 450 {{1, 2}, 451 {4, 5}, 452 {0, 0}, 453 {0, 0} 454 } 455 }, 456 {1, 0, 2, 0, /* 0x37 */ 457 {{0, 2}, 458 {4, 5}, 459 {0, 0}, 460 {0, 0} 461 } 462 }, 463 {0, 0, 1, 0, /* 0x38 */ 464 {{3, 5}, 465 {0, 0}, 466 {0, 0}, 467 {0, 0} 468 } 469 }, 470 {1, 0, 2, 0, /* 0x39 */ 471 {{0, 0}, 472 {3, 5}, 473 {0, 0}, 474 {0, 0} 475 } 476 }, 477 {0, 0, 2, 0, /* 0x3a */ 478 {{1, 1}, 479 {3, 5}, 480 {0, 0}, 481 {0, 0} 482 } 483 }, 484 {1, 0, 2, 0, /* 0x3b */ 485 {{0, 1}, 486 {3, 5}, 487 {0, 0}, 488 {0, 0} 489 } 490 }, 491 {0, 0, 1, 0, /* 0x3c */ 492 {{2, 5}, 493 {0, 0}, 494 {0, 0}, 495 {0, 0} 496 } 497 }, 498 {1, 0, 2, 0, /* 0x3d */ 499 {{0, 0}, 500 {2, 5}, 501 {0, 0}, 502 {0, 0} 503 } 504 }, 505 {0, 0, 1, 0, /* 0x3e */ 506 {{1, 5}, 507 {0, 0}, 508 {0, 0}, 509 {0, 0} 510 } 511 }, 512 {1, 0, 1, 0, /* 0x3f */ 513 {{0, 5}, 514 {0, 0}, 515 {0, 0}, 516 {0, 0} 517 } 518 }, 519 {0, 0, 1, 0, /* 0x40 */ 520 {{6, 6}, 521 {0, 0}, 522 {0, 0}, 523 {0, 0} 524 } 525 }, 526 {1, 0, 2, 0, /* 0x41 */ 527 {{0, 0}, 528 {6, 6}, 529 {0, 0}, 530 {0, 0} 531 } 532 }, 533 {0, 0, 2, 0, /* 0x42 */ 534 {{1, 1}, 535 {6, 6}, 536 {0, 0}, 537 {0, 0} 538 } 539 }, 540 {1, 0, 2, 0, /* 0x43 */ 541 {{0, 1}, 542 {6, 6}, 543 {0, 0}, 544 {0, 0} 545 } 546 }, 547 {0, 0, 2, 0, /* 0x44 */ 548 {{2, 2}, 549 {6, 6}, 550 {0, 0}, 551 {0, 0} 552 } 553 }, 554 {1, 0, 3, 0, /* 0x45 */ 555 {{0, 0}, 556 {2, 2}, 557 {6, 6}, 558 {0, 0} 559 } 560 }, 561 {0, 0, 2, 0, /* 0x46 */ 562 {{1, 2}, 563 {6, 6}, 564 {0, 0}, 565 {0, 0} 566 } 567 }, 568 {1, 0, 2, 0, /* 0x47 */ 569 {{0, 2}, 570 {6, 6}, 571 {0, 0}, 572 {0, 0} 573 } 574 }, 575 {0, 0, 2, 0, /* 0x48 */ 576 {{3, 3}, 577 {6, 6}, 578 {0, 0}, 579 {0, 0} 580 } 581 }, 582 {1, 0, 3, 0, /* 0x49 */ 583 {{0, 0}, 584 {3, 3}, 585 {6, 6}, 586 {0, 0} 587 } 588 }, 589 {0, 0, 3, 0, /* 0x4a */ 590 {{1, 1}, 591 {3, 3}, 592 {6, 6}, 593 {0, 0} 594 } 595 }, 596 {1, 0, 3, 0, /* 0x4b */ 597 {{0, 1}, 598 {3, 3}, 599 {6, 6}, 600 {0, 0} 601 } 602 }, 603 {0, 0, 2, 0, /* 0x4c */ 604 {{2, 3}, 605 {6, 6}, 606 {0, 0}, 607 {0, 0} 608 } 609 }, 610 {1, 0, 3, 0, /* 0x4d */ 611 {{0, 0}, 612 {2, 3}, 613 {6, 6}, 614 {0, 0} 615 } 616 }, 617 {0, 0, 2, 0, /* 0x4e */ 618 {{1, 3}, 619 {6, 6}, 620 {0, 0}, 621 {0, 0} 622 } 623 }, 624 {1, 0, 2, 0, /* 0x4f */ 625 {{0, 3}, 626 {6, 6}, 627 {0, 0}, 628 {0, 0} 629 } 630 }, 631 {0, 0, 2, 0, /* 0x50 */ 632 {{4, 4}, 633 {6, 6}, 634 {0, 0}, 635 {0, 0} 636 } 637 }, 638 {1, 0, 3, 0, /* 0x51 */ 639 {{0, 0}, 640 {4, 4}, 641 {6, 6}, 642 {0, 0} 643 } 644 }, 645 {0, 0, 3, 0, /* 0x52 */ 646 {{1, 1}, 647 {4, 4}, 648 {6, 6}, 649 {0, 0} 650 } 651 }, 652 {1, 0, 3, 0, /* 0x53 */ 653 {{0, 1}, 654 {4, 4}, 655 {6, 6}, 656 {0, 0} 657 } 658 }, 659 {0, 0, 3, 0, /* 0x54 */ 660 {{2, 2}, 661 {4, 4}, 662 {6, 6}, 663 {0, 0} 664 } 665 }, 666 {1, 0, 4, 0, /* 0x55 */ 667 {{0, 0}, 668 {2, 2}, 669 {4, 4}, 670 {6, 6} 671 } 672 }, 673 {0, 0, 3, 0, /* 0x56 */ 674 {{1, 2}, 675 {4, 4}, 676 {6, 6}, 677 {0, 0} 678 } 679 }, 680 {1, 0, 3, 0, /* 0x57 */ 681 {{0, 2}, 682 {4, 4}, 683 {6, 6}, 684 {0, 0} 685 } 686 }, 687 {0, 0, 2, 0, /* 0x58 */ 688 {{3, 4}, 689 {6, 6}, 690 {0, 0}, 691 {0, 0} 692 } 693 }, 694 {1, 0, 3, 0, /* 0x59 */ 695 {{0, 0}, 696 {3, 4}, 697 {6, 6}, 698 {0, 0} 699 } 700 }, 701 {0, 0, 3, 0, /* 0x5a */ 702 {{1, 1}, 703 {3, 4}, 704 {6, 6}, 705 {0, 0} 706 } 707 }, 708 {1, 0, 3, 0, /* 0x5b */ 709 {{0, 1}, 710 {3, 4}, 711 {6, 6}, 712 {0, 0} 713 } 714 }, 715 {0, 0, 2, 0, /* 0x5c */ 716 {{2, 4}, 717 {6, 6}, 718 {0, 0}, 719 {0, 0} 720 } 721 }, 722 {1, 0, 3, 0, /* 0x5d */ 723 {{0, 0}, 724 {2, 4}, 725 {6, 6}, 726 {0, 0} 727 } 728 }, 729 {0, 0, 2, 0, /* 0x5e */ 730 {{1, 4}, 731 {6, 6}, 732 {0, 0}, 733 {0, 0} 734 } 735 }, 736 {1, 0, 2, 0, /* 0x5f */ 737 {{0, 4}, 738 {6, 6}, 739 {0, 0}, 740 {0, 0} 741 } 742 }, 743 {0, 0, 1, 0, /* 0x60 */ 744 {{5, 6}, 745 {0, 0}, 746 {0, 0}, 747 {0, 0} 748 } 749 }, 750 {1, 0, 2, 0, /* 0x61 */ 751 {{0, 0}, 752 {5, 6}, 753 {0, 0}, 754 {0, 0} 755 } 756 }, 757 {0, 0, 2, 0, /* 0x62 */ 758 {{1, 1}, 759 {5, 6}, 760 {0, 0}, 761 {0, 0} 762 } 763 }, 764 {1, 0, 2, 0, /* 0x63 */ 765 {{0, 1}, 766 {5, 6}, 767 {0, 0}, 768 {0, 0} 769 } 770 }, 771 {0, 0, 2, 0, /* 0x64 */ 772 {{2, 2}, 773 {5, 6}, 774 {0, 0}, 775 {0, 0} 776 } 777 }, 778 {1, 0, 3, 0, /* 0x65 */ 779 {{0, 0}, 780 {2, 2}, 781 {5, 6}, 782 {0, 0} 783 } 784 }, 785 {0, 0, 2, 0, /* 0x66 */ 786 {{1, 2}, 787 {5, 6}, 788 {0, 0}, 789 {0, 0} 790 } 791 }, 792 {1, 0, 2, 0, /* 0x67 */ 793 {{0, 2}, 794 {5, 6}, 795 {0, 0}, 796 {0, 0} 797 } 798 }, 799 {0, 0, 2, 0, /* 0x68 */ 800 {{3, 3}, 801 {5, 6}, 802 {0, 0}, 803 {0, 0} 804 } 805 }, 806 {1, 0, 3, 0, /* 0x69 */ 807 {{0, 0}, 808 {3, 3}, 809 {5, 6}, 810 {0, 0} 811 } 812 }, 813 {0, 0, 3, 0, /* 0x6a */ 814 {{1, 1}, 815 {3, 3}, 816 {5, 6}, 817 {0, 0} 818 } 819 }, 820 {1, 0, 3, 0, /* 0x6b */ 821 {{0, 1}, 822 {3, 3}, 823 {5, 6}, 824 {0, 0} 825 } 826 }, 827 {0, 0, 2, 0, /* 0x6c */ 828 {{2, 3}, 829 {5, 6}, 830 {0, 0}, 831 {0, 0} 832 } 833 }, 834 {1, 0, 3, 0, /* 0x6d */ 835 {{0, 0}, 836 {2, 3}, 837 {5, 6}, 838 {0, 0} 839 } 840 }, 841 {0, 0, 2, 0, /* 0x6e */ 842 {{1, 3}, 843 {5, 6}, 844 {0, 0}, 845 {0, 0} 846 } 847 }, 848 {1, 0, 2, 0, /* 0x6f */ 849 {{0, 3}, 850 {5, 6}, 851 {0, 0}, 852 {0, 0} 853 } 854 }, 855 {0, 0, 1, 0, /* 0x70 */ 856 {{4, 6}, 857 {0, 0}, 858 {0, 0}, 859 {0, 0} 860 } 861 }, 862 {1, 0, 2, 0, /* 0x71 */ 863 {{0, 0}, 864 {4, 6}, 865 {0, 0}, 866 {0, 0} 867 } 868 }, 869 {0, 0, 2, 0, /* 0x72 */ 870 {{1, 1}, 871 {4, 6}, 872 {0, 0}, 873 {0, 0} 874 } 875 }, 876 {1, 0, 2, 0, /* 0x73 */ 877 {{0, 1}, 878 {4, 6}, 879 {0, 0}, 880 {0, 0} 881 } 882 }, 883 {0, 0, 2, 0, /* 0x74 */ 884 {{2, 2}, 885 {4, 6}, 886 {0, 0}, 887 {0, 0} 888 } 889 }, 890 {1, 0, 3, 0, /* 0x75 */ 891 {{0, 0}, 892 {2, 2}, 893 {4, 6}, 894 {0, 0} 895 } 896 }, 897 {0, 0, 2, 0, /* 0x76 */ 898 {{1, 2}, 899 {4, 6}, 900 {0, 0}, 901 {0, 0} 902 } 903 }, 904 {1, 0, 2, 0, /* 0x77 */ 905 {{0, 2}, 906 {4, 6}, 907 {0, 0}, 908 {0, 0} 909 } 910 }, 911 {0, 0, 1, 0, /* 0x78 */ 912 {{3, 6}, 913 {0, 0}, 914 {0, 0}, 915 {0, 0} 916 } 917 }, 918 {1, 0, 2, 0, /* 0x79 */ 919 {{0, 0}, 920 {3, 6}, 921 {0, 0}, 922 {0, 0} 923 } 924 }, 925 {0, 0, 2, 0, /* 0x7a */ 926 {{1, 1}, 927 {3, 6}, 928 {0, 0}, 929 {0, 0} 930 } 931 }, 932 {1, 0, 2, 0, /* 0x7b */ 933 {{0, 1}, 934 {3, 6}, 935 {0, 0}, 936 {0, 0} 937 } 938 }, 939 {0, 0, 1, 0, /* 0x7c */ 940 {{2, 6}, 941 {0, 0}, 942 {0, 0}, 943 {0, 0} 944 } 945 }, 946 {1, 0, 2, 0, /* 0x7d */ 947 {{0, 0}, 948 {2, 6}, 949 {0, 0}, 950 {0, 0} 951 } 952 }, 953 {0, 0, 1, 0, /* 0x7e */ 954 {{1, 6}, 955 {0, 0}, 956 {0, 0}, 957 {0, 0} 958 } 959 }, 960 {1, 0, 1, 0, /* 0x7f */ 961 {{0, 6}, 962 {0, 0}, 963 {0, 0}, 964 {0, 0} 965 } 966 }, 967 {0, 1, 1, 0, /* 0x80 */ 968 {{7, 7}, 969 {0, 0}, 970 {0, 0}, 971 {0, 0} 972 } 973 }, 974 {1, 1, 2, 0, /* 0x81 */ 975 {{0, 0}, 976 {7, 7}, 977 {0, 0}, 978 {0, 0} 979 } 980 }, 981 {0, 1, 2, 0, /* 0x82 */ 982 {{1, 1}, 983 {7, 7}, 984 {0, 0}, 985 {0, 0} 986 } 987 }, 988 {1, 1, 2, 0, /* 0x83 */ 989 {{0, 1}, 990 {7, 7}, 991 {0, 0}, 992 {0, 0} 993 } 994 }, 995 {0, 1, 2, 0, /* 0x84 */ 996 {{2, 2}, 997 {7, 7}, 998 {0, 0}, 999 {0, 0} 1000 } 1001 }, 1002 {1, 1, 3, 0, /* 0x85 */ 1003 {{0, 0}, 1004 {2, 2}, 1005 {7, 7}, 1006 {0, 0} 1007 } 1008 }, 1009 {0, 1, 2, 0, /* 0x86 */ 1010 {{1, 2}, 1011 {7, 7}, 1012 {0, 0}, 1013 {0, 0} 1014 } 1015 }, 1016 {1, 1, 2, 0, /* 0x87 */ 1017 {{0, 2}, 1018 {7, 7}, 1019 {0, 0}, 1020 {0, 0} 1021 } 1022 }, 1023 {0, 1, 2, 0, /* 0x88 */ 1024 {{3, 3}, 1025 {7, 7}, 1026 {0, 0}, 1027 {0, 0} 1028 } 1029 }, 1030 {1, 1, 3, 0, /* 0x89 */ 1031 {{0, 0}, 1032 {3, 3}, 1033 {7, 7}, 1034 {0, 0} 1035 } 1036 }, 1037 {0, 1, 3, 0, /* 0x8a */ 1038 {{1, 1}, 1039 {3, 3}, 1040 {7, 7}, 1041 {0, 0} 1042 } 1043 }, 1044 {1, 1, 3, 0, /* 0x8b */ 1045 {{0, 1}, 1046 {3, 3}, 1047 {7, 7}, 1048 {0, 0} 1049 } 1050 }, 1051 {0, 1, 2, 0, /* 0x8c */ 1052 {{2, 3}, 1053 {7, 7}, 1054 {0, 0}, 1055 {0, 0} 1056 } 1057 }, 1058 {1, 1, 3, 0, /* 0x8d */ 1059 {{0, 0}, 1060 {2, 3}, 1061 {7, 7}, 1062 {0, 0} 1063 } 1064 }, 1065 {0, 1, 2, 0, /* 0x8e */ 1066 {{1, 3}, 1067 {7, 7}, 1068 {0, 0}, 1069 {0, 0} 1070 } 1071 }, 1072 {1, 1, 2, 0, /* 0x8f */ 1073 {{0, 3}, 1074 {7, 7}, 1075 {0, 0}, 1076 {0, 0} 1077 } 1078 }, 1079 {0, 1, 2, 0, /* 0x90 */ 1080 {{4, 4}, 1081 {7, 7}, 1082 {0, 0}, 1083 {0, 0} 1084 } 1085 }, 1086 {1, 1, 3, 0, /* 0x91 */ 1087 {{0, 0}, 1088 {4, 4}, 1089 {7, 7}, 1090 {0, 0} 1091 } 1092 }, 1093 {0, 1, 3, 0, /* 0x92 */ 1094 {{1, 1}, 1095 {4, 4}, 1096 {7, 7}, 1097 {0, 0} 1098 } 1099 }, 1100 {1, 1, 3, 0, /* 0x93 */ 1101 {{0, 1}, 1102 {4, 4}, 1103 {7, 7}, 1104 {0, 0} 1105 } 1106 }, 1107 {0, 1, 3, 0, /* 0x94 */ 1108 {{2, 2}, 1109 {4, 4}, 1110 {7, 7}, 1111 {0, 0} 1112 } 1113 }, 1114 {1, 1, 4, 0, /* 0x95 */ 1115 {{0, 0}, 1116 {2, 2}, 1117 {4, 4}, 1118 {7, 7} 1119 } 1120 }, 1121 {0, 1, 3, 0, /* 0x96 */ 1122 {{1, 2}, 1123 {4, 4}, 1124 {7, 7}, 1125 {0, 0} 1126 } 1127 }, 1128 {1, 1, 3, 0, /* 0x97 */ 1129 {{0, 2}, 1130 {4, 4}, 1131 {7, 7}, 1132 {0, 0} 1133 } 1134 }, 1135 {0, 1, 2, 0, /* 0x98 */ 1136 {{3, 4}, 1137 {7, 7}, 1138 {0, 0}, 1139 {0, 0} 1140 } 1141 }, 1142 {1, 1, 3, 0, /* 0x99 */ 1143 {{0, 0}, 1144 {3, 4}, 1145 {7, 7}, 1146 {0, 0} 1147 } 1148 }, 1149 {0, 1, 3, 0, /* 0x9a */ 1150 {{1, 1}, 1151 {3, 4}, 1152 {7, 7}, 1153 {0, 0} 1154 } 1155 }, 1156 {1, 1, 3, 0, /* 0x9b */ 1157 {{0, 1}, 1158 {3, 4}, 1159 {7, 7}, 1160 {0, 0} 1161 } 1162 }, 1163 {0, 1, 2, 0, /* 0x9c */ 1164 {{2, 4}, 1165 {7, 7}, 1166 {0, 0}, 1167 {0, 0} 1168 } 1169 }, 1170 {1, 1, 3, 0, /* 0x9d */ 1171 {{0, 0}, 1172 {2, 4}, 1173 {7, 7}, 1174 {0, 0} 1175 } 1176 }, 1177 {0, 1, 2, 0, /* 0x9e */ 1178 {{1, 4}, 1179 {7, 7}, 1180 {0, 0}, 1181 {0, 0} 1182 } 1183 }, 1184 {1, 1, 2, 0, /* 0x9f */ 1185 {{0, 4}, 1186 {7, 7}, 1187 {0, 0}, 1188 {0, 0} 1189 } 1190 }, 1191 {0, 1, 2, 0, /* 0xa0 */ 1192 {{5, 5}, 1193 {7, 7}, 1194 {0, 0}, 1195 {0, 0} 1196 } 1197 }, 1198 {1, 1, 3, 0, /* 0xa1 */ 1199 {{0, 0}, 1200 {5, 5}, 1201 {7, 7}, 1202 {0, 0} 1203 } 1204 }, 1205 {0, 1, 3, 0, /* 0xa2 */ 1206 {{1, 1}, 1207 {5, 5}, 1208 {7, 7}, 1209 {0, 0} 1210 } 1211 }, 1212 {1, 1, 3, 0, /* 0xa3 */ 1213 {{0, 1}, 1214 {5, 5}, 1215 {7, 7}, 1216 {0, 0} 1217 } 1218 }, 1219 {0, 1, 3, 0, /* 0xa4 */ 1220 {{2, 2}, 1221 {5, 5}, 1222 {7, 7}, 1223 {0, 0} 1224 } 1225 }, 1226 {1, 1, 4, 0, /* 0xa5 */ 1227 {{0, 0}, 1228 {2, 2}, 1229 {5, 5}, 1230 {7, 7} 1231 } 1232 }, 1233 {0, 1, 3, 0, /* 0xa6 */ 1234 {{1, 2}, 1235 {5, 5}, 1236 {7, 7}, 1237 {0, 0} 1238 } 1239 }, 1240 {1, 1, 3, 0, /* 0xa7 */ 1241 {{0, 2}, 1242 {5, 5}, 1243 {7, 7}, 1244 {0, 0} 1245 } 1246 }, 1247 {0, 1, 3, 0, /* 0xa8 */ 1248 {{3, 3}, 1249 {5, 5}, 1250 {7, 7}, 1251 {0, 0} 1252 } 1253 }, 1254 {1, 1, 4, 0, /* 0xa9 */ 1255 {{0, 0}, 1256 {3, 3}, 1257 {5, 5}, 1258 {7, 7} 1259 } 1260 }, 1261 {0, 1, 4, 0, /* 0xaa */ 1262 {{1, 1}, 1263 {3, 3}, 1264 {5, 5}, 1265 {7, 7} 1266 } 1267 }, 1268 {1, 1, 4, 0, /* 0xab */ 1269 {{0, 1}, 1270 {3, 3}, 1271 {5, 5}, 1272 {7, 7} 1273 } 1274 }, 1275 {0, 1, 3, 0, /* 0xac */ 1276 {{2, 3}, 1277 {5, 5}, 1278 {7, 7}, 1279 {0, 0} 1280 } 1281 }, 1282 {1, 1, 4, 0, /* 0xad */ 1283 {{0, 0}, 1284 {2, 3}, 1285 {5, 5}, 1286 {7, 7} 1287 } 1288 }, 1289 {0, 1, 3, 0, /* 0xae */ 1290 {{1, 3}, 1291 {5, 5}, 1292 {7, 7}, 1293 {0, 0} 1294 } 1295 }, 1296 {1, 1, 3, 0, /* 0xaf */ 1297 {{0, 3}, 1298 {5, 5}, 1299 {7, 7}, 1300 {0, 0} 1301 } 1302 }, 1303 {0, 1, 2, 0, /* 0xb0 */ 1304 {{4, 5}, 1305 {7, 7}, 1306 {0, 0}, 1307 {0, 0} 1308 } 1309 }, 1310 {1, 1, 3, 0, /* 0xb1 */ 1311 {{0, 0}, 1312 {4, 5}, 1313 {7, 7}, 1314 {0, 0} 1315 } 1316 }, 1317 {0, 1, 3, 0, /* 0xb2 */ 1318 {{1, 1}, 1319 {4, 5}, 1320 {7, 7}, 1321 {0, 0} 1322 } 1323 }, 1324 {1, 1, 3, 0, /* 0xb3 */ 1325 {{0, 1}, 1326 {4, 5}, 1327 {7, 7}, 1328 {0, 0} 1329 } 1330 }, 1331 {0, 1, 3, 0, /* 0xb4 */ 1332 {{2, 2}, 1333 {4, 5}, 1334 {7, 7}, 1335 {0, 0} 1336 } 1337 }, 1338 {1, 1, 4, 0, /* 0xb5 */ 1339 {{0, 0}, 1340 {2, 2}, 1341 {4, 5}, 1342 {7, 7} 1343 } 1344 }, 1345 {0, 1, 3, 0, /* 0xb6 */ 1346 {{1, 2}, 1347 {4, 5}, 1348 {7, 7}, 1349 {0, 0} 1350 } 1351 }, 1352 {1, 1, 3, 0, /* 0xb7 */ 1353 {{0, 2}, 1354 {4, 5}, 1355 {7, 7}, 1356 {0, 0} 1357 } 1358 }, 1359 {0, 1, 2, 0, /* 0xb8 */ 1360 {{3, 5}, 1361 {7, 7}, 1362 {0, 0}, 1363 {0, 0} 1364 } 1365 }, 1366 {1, 1, 3, 0, /* 0xb9 */ 1367 {{0, 0}, 1368 {3, 5}, 1369 {7, 7}, 1370 {0, 0} 1371 } 1372 }, 1373 {0, 1, 3, 0, /* 0xba */ 1374 {{1, 1}, 1375 {3, 5}, 1376 {7, 7}, 1377 {0, 0} 1378 } 1379 }, 1380 {1, 1, 3, 0, /* 0xbb */ 1381 {{0, 1}, 1382 {3, 5}, 1383 {7, 7}, 1384 {0, 0} 1385 } 1386 }, 1387 {0, 1, 2, 0, /* 0xbc */ 1388 {{2, 5}, 1389 {7, 7}, 1390 {0, 0}, 1391 {0, 0} 1392 } 1393 }, 1394 {1, 1, 3, 0, /* 0xbd */ 1395 {{0, 0}, 1396 {2, 5}, 1397 {7, 7}, 1398 {0, 0} 1399 } 1400 }, 1401 {0, 1, 2, 0, /* 0xbe */ 1402 {{1, 5}, 1403 {7, 7}, 1404 {0, 0}, 1405 {0, 0} 1406 } 1407 }, 1408 {1, 1, 2, 0, /* 0xbf */ 1409 {{0, 5}, 1410 {7, 7}, 1411 {0, 0}, 1412 {0, 0} 1413 } 1414 }, 1415 {0, 1, 1, 0, /* 0xc0 */ 1416 {{6, 7}, 1417 {0, 0}, 1418 {0, 0}, 1419 {0, 0} 1420 } 1421 }, 1422 {1, 1, 2, 0, /* 0xc1 */ 1423 {{0, 0}, 1424 {6, 7}, 1425 {0, 0}, 1426 {0, 0} 1427 } 1428 }, 1429 {0, 1, 2, 0, /* 0xc2 */ 1430 {{1, 1}, 1431 {6, 7}, 1432 {0, 0}, 1433 {0, 0} 1434 } 1435 }, 1436 {1, 1, 2, 0, /* 0xc3 */ 1437 {{0, 1}, 1438 {6, 7}, 1439 {0, 0}, 1440 {0, 0} 1441 } 1442 }, 1443 {0, 1, 2, 0, /* 0xc4 */ 1444 {{2, 2}, 1445 {6, 7}, 1446 {0, 0}, 1447 {0, 0} 1448 } 1449 }, 1450 {1, 1, 3, 0, /* 0xc5 */ 1451 {{0, 0}, 1452 {2, 2}, 1453 {6, 7}, 1454 {0, 0} 1455 } 1456 }, 1457 {0, 1, 2, 0, /* 0xc6 */ 1458 {{1, 2}, 1459 {6, 7}, 1460 {0, 0}, 1461 {0, 0} 1462 } 1463 }, 1464 {1, 1, 2, 0, /* 0xc7 */ 1465 {{0, 2}, 1466 {6, 7}, 1467 {0, 0}, 1468 {0, 0} 1469 } 1470 }, 1471 {0, 1, 2, 0, /* 0xc8 */ 1472 {{3, 3}, 1473 {6, 7}, 1474 {0, 0}, 1475 {0, 0} 1476 } 1477 }, 1478 {1, 1, 3, 0, /* 0xc9 */ 1479 {{0, 0}, 1480 {3, 3}, 1481 {6, 7}, 1482 {0, 0} 1483 } 1484 }, 1485 {0, 1, 3, 0, /* 0xca */ 1486 {{1, 1}, 1487 {3, 3}, 1488 {6, 7}, 1489 {0, 0} 1490 } 1491 }, 1492 {1, 1, 3, 0, /* 0xcb */ 1493 {{0, 1}, 1494 {3, 3}, 1495 {6, 7}, 1496 {0, 0} 1497 } 1498 }, 1499 {0, 1, 2, 0, /* 0xcc */ 1500 {{2, 3}, 1501 {6, 7}, 1502 {0, 0}, 1503 {0, 0} 1504 } 1505 }, 1506 {1, 1, 3, 0, /* 0xcd */ 1507 {{0, 0}, 1508 {2, 3}, 1509 {6, 7}, 1510 {0, 0} 1511 } 1512 }, 1513 {0, 1, 2, 0, /* 0xce */ 1514 {{1, 3}, 1515 {6, 7}, 1516 {0, 0}, 1517 {0, 0} 1518 } 1519 }, 1520 {1, 1, 2, 0, /* 0xcf */ 1521 {{0, 3}, 1522 {6, 7}, 1523 {0, 0}, 1524 {0, 0} 1525 } 1526 }, 1527 {0, 1, 2, 0, /* 0xd0 */ 1528 {{4, 4}, 1529 {6, 7}, 1530 {0, 0}, 1531 {0, 0} 1532 } 1533 }, 1534 {1, 1, 3, 0, /* 0xd1 */ 1535 {{0, 0}, 1536 {4, 4}, 1537 {6, 7}, 1538 {0, 0} 1539 } 1540 }, 1541 {0, 1, 3, 0, /* 0xd2 */ 1542 {{1, 1}, 1543 {4, 4}, 1544 {6, 7}, 1545 {0, 0} 1546 } 1547 }, 1548 {1, 1, 3, 0, /* 0xd3 */ 1549 {{0, 1}, 1550 {4, 4}, 1551 {6, 7}, 1552 {0, 0} 1553 } 1554 }, 1555 {0, 1, 3, 0, /* 0xd4 */ 1556 {{2, 2}, 1557 {4, 4}, 1558 {6, 7}, 1559 {0, 0} 1560 } 1561 }, 1562 {1, 1, 4, 0, /* 0xd5 */ 1563 {{0, 0}, 1564 {2, 2}, 1565 {4, 4}, 1566 {6, 7} 1567 } 1568 }, 1569 {0, 1, 3, 0, /* 0xd6 */ 1570 {{1, 2}, 1571 {4, 4}, 1572 {6, 7}, 1573 {0, 0} 1574 } 1575 }, 1576 {1, 1, 3, 0, /* 0xd7 */ 1577 {{0, 2}, 1578 {4, 4}, 1579 {6, 7}, 1580 {0, 0} 1581 } 1582 }, 1583 {0, 1, 2, 0, /* 0xd8 */ 1584 {{3, 4}, 1585 {6, 7}, 1586 {0, 0}, 1587 {0, 0} 1588 } 1589 }, 1590 {1, 1, 3, 0, /* 0xd9 */ 1591 {{0, 0}, 1592 {3, 4}, 1593 {6, 7}, 1594 {0, 0} 1595 } 1596 }, 1597 {0, 1, 3, 0, /* 0xda */ 1598 {{1, 1}, 1599 {3, 4}, 1600 {6, 7}, 1601 {0, 0} 1602 } 1603 }, 1604 {1, 1, 3, 0, /* 0xdb */ 1605 {{0, 1}, 1606 {3, 4}, 1607 {6, 7}, 1608 {0, 0} 1609 } 1610 }, 1611 {0, 1, 2, 0, /* 0xdc */ 1612 {{2, 4}, 1613 {6, 7}, 1614 {0, 0}, 1615 {0, 0} 1616 } 1617 }, 1618 {1, 1, 3, 0, /* 0xdd */ 1619 {{0, 0}, 1620 {2, 4}, 1621 {6, 7}, 1622 {0, 0} 1623 } 1624 }, 1625 {0, 1, 2, 0, /* 0xde */ 1626 {{1, 4}, 1627 {6, 7}, 1628 {0, 0}, 1629 {0, 0} 1630 } 1631 }, 1632 {1, 1, 2, 0, /* 0xdf */ 1633 {{0, 4}, 1634 {6, 7}, 1635 {0, 0}, 1636 {0, 0} 1637 } 1638 }, 1639 {0, 1, 1, 0, /* 0xe0 */ 1640 {{5, 7}, 1641 {0, 0}, 1642 {0, 0}, 1643 {0, 0} 1644 } 1645 }, 1646 {1, 1, 2, 0, /* 0xe1 */ 1647 {{0, 0}, 1648 {5, 7}, 1649 {0, 0}, 1650 {0, 0} 1651 } 1652 }, 1653 {0, 1, 2, 0, /* 0xe2 */ 1654 {{1, 1}, 1655 {5, 7}, 1656 {0, 0}, 1657 {0, 0} 1658 } 1659 }, 1660 {1, 1, 2, 0, /* 0xe3 */ 1661 {{0, 1}, 1662 {5, 7}, 1663 {0, 0}, 1664 {0, 0} 1665 } 1666 }, 1667 {0, 1, 2, 0, /* 0xe4 */ 1668 {{2, 2}, 1669 {5, 7}, 1670 {0, 0}, 1671 {0, 0} 1672 } 1673 }, 1674 {1, 1, 3, 0, /* 0xe5 */ 1675 {{0, 0}, 1676 {2, 2}, 1677 {5, 7}, 1678 {0, 0} 1679 } 1680 }, 1681 {0, 1, 2, 0, /* 0xe6 */ 1682 {{1, 2}, 1683 {5, 7}, 1684 {0, 0}, 1685 {0, 0} 1686 } 1687 }, 1688 {1, 1, 2, 0, /* 0xe7 */ 1689 {{0, 2}, 1690 {5, 7}, 1691 {0, 0}, 1692 {0, 0} 1693 } 1694 }, 1695 {0, 1, 2, 0, /* 0xe8 */ 1696 {{3, 3}, 1697 {5, 7}, 1698 {0, 0}, 1699 {0, 0} 1700 } 1701 }, 1702 {1, 1, 3, 0, /* 0xe9 */ 1703 {{0, 0}, 1704 {3, 3}, 1705 {5, 7}, 1706 {0, 0} 1707 } 1708 }, 1709 {0, 1, 3, 0, /* 0xea */ 1710 {{1, 1}, 1711 {3, 3}, 1712 {5, 7}, 1713 {0, 0} 1714 } 1715 }, 1716 {1, 1, 3, 0, /* 0xeb */ 1717 {{0, 1}, 1718 {3, 3}, 1719 {5, 7}, 1720 {0, 0} 1721 } 1722 }, 1723 {0, 1, 2, 0, /* 0xec */ 1724 {{2, 3}, 1725 {5, 7}, 1726 {0, 0}, 1727 {0, 0} 1728 } 1729 }, 1730 {1, 1, 3, 0, /* 0xed */ 1731 {{0, 0}, 1732 {2, 3}, 1733 {5, 7}, 1734 {0, 0} 1735 } 1736 }, 1737 {0, 1, 2, 0, /* 0xee */ 1738 {{1, 3}, 1739 {5, 7}, 1740 {0, 0}, 1741 {0, 0} 1742 } 1743 }, 1744 {1, 1, 2, 0, /* 0xef */ 1745 {{0, 3}, 1746 {5, 7}, 1747 {0, 0}, 1748 {0, 0} 1749 } 1750 }, 1751 {0, 1, 1, 0, /* 0xf0 */ 1752 {{4, 7}, 1753 {0, 0}, 1754 {0, 0}, 1755 {0, 0} 1756 } 1757 }, 1758 {1, 1, 2, 0, /* 0xf1 */ 1759 {{0, 0}, 1760 {4, 7}, 1761 {0, 0}, 1762 {0, 0} 1763 } 1764 }, 1765 {0, 1, 2, 0, /* 0xf2 */ 1766 {{1, 1}, 1767 {4, 7}, 1768 {0, 0}, 1769 {0, 0} 1770 } 1771 }, 1772 {1, 1, 2, 0, /* 0xf3 */ 1773 {{0, 1}, 1774 {4, 7}, 1775 {0, 0}, 1776 {0, 0} 1777 } 1778 }, 1779 {0, 1, 2, 0, /* 0xf4 */ 1780 {{2, 2}, 1781 {4, 7}, 1782 {0, 0}, 1783 {0, 0} 1784 } 1785 }, 1786 {1, 1, 3, 0, /* 0xf5 */ 1787 {{0, 0}, 1788 {2, 2}, 1789 {4, 7}, 1790 {0, 0} 1791 } 1792 }, 1793 {0, 1, 2, 0, /* 0xf6 */ 1794 {{1, 2}, 1795 {4, 7}, 1796 {0, 0}, 1797 {0, 0} 1798 } 1799 }, 1800 {1, 1, 2, 0, /* 0xf7 */ 1801 {{0, 2}, 1802 {4, 7}, 1803 {0, 0}, 1804 {0, 0} 1805 } 1806 }, 1807 {0, 1, 1, 0, /* 0xf8 */ 1808 {{3, 7}, 1809 {0, 0}, 1810 {0, 0}, 1811 {0, 0} 1812 } 1813 }, 1814 {1, 1, 2, 0, /* 0xf9 */ 1815 {{0, 0}, 1816 {3, 7}, 1817 {0, 0}, 1818 {0, 0} 1819 } 1820 }, 1821 {0, 1, 2, 0, /* 0xfa */ 1822 {{1, 1}, 1823 {3, 7}, 1824 {0, 0}, 1825 {0, 0} 1826 } 1827 }, 1828 {1, 1, 2, 0, /* 0xfb */ 1829 {{0, 1}, 1830 {3, 7}, 1831 {0, 0}, 1832 {0, 0} 1833 } 1834 }, 1835 {0, 1, 1, 0, /* 0xfc */ 1836 {{2, 7}, 1837 {0, 0}, 1838 {0, 0}, 1839 {0, 0} 1840 } 1841 }, 1842 {1, 1, 2, 0, /* 0xfd */ 1843 {{0, 0}, 1844 {2, 7}, 1845 {0, 0}, 1846 {0, 0} 1847 } 1848 }, 1849 {0, 1, 1, 0, /* 0xfe */ 1850 {{1, 7}, 1851 {0, 0}, 1852 {0, 0}, 1853 {0, 0} 1854 } 1855 }, 1856 {1, 1, 1, 0, /* 0xff */ 1857 {{0, 7}, 1858 {0, 0}, 1859 {0, 0}, 1860 {0, 0} 1861 } 1862 } 1863}; 1864 1865 1866int 1867sctp_is_address_in_scope(struct sctp_ifa *ifa, 1868 struct sctp_scoping *scope, 1869 int do_update) 1870{ 1871 if ((scope->loopback_scope == 0) && 1872 (ifa->ifn_p) && SCTP_IFN_IS_IFT_LOOP(ifa->ifn_p)) { 1873 /* 1874 * skip loopback if not in scope * 1875 */ 1876 return (0); 1877 } 1878 switch (ifa->address.sa.sa_family) { 1879#ifdef INET 1880 case AF_INET: 1881 if (scope->ipv4_addr_legal) { 1882 struct sockaddr_in *sin; 1883 1884 sin = &ifa->address.sin; 1885 if (sin->sin_addr.s_addr == 0) { 1886 /* not in scope , unspecified */ 1887 return (0); 1888 } 1889 if ((scope->ipv4_local_scope == 0) && 1890 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 1891 /* private address not in scope */ 1892 return (0); 1893 } 1894 } else { 1895 return (0); 1896 } 1897 break; 1898#endif 1899#ifdef INET6 1900 case AF_INET6: 1901 if (scope->ipv6_addr_legal) { 1902 struct sockaddr_in6 *sin6; 1903 1904 /* 1905 * Must update the flags, bummer, which means any 1906 * IFA locks must now be applied HERE <-> 1907 */ 1908 if (do_update) { 1909 sctp_gather_internal_ifa_flags(ifa); 1910 } 1911 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 1912 return (0); 1913 } 1914 /* ok to use deprecated addresses? */ 1915 sin6 = &ifa->address.sin6; 1916 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1917 /* skip unspecifed addresses */ 1918 return (0); 1919 } 1920 if ( /* (local_scope == 0) && */ 1921 (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) { 1922 return (0); 1923 } 1924 if ((scope->site_scope == 0) && 1925 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 1926 return (0); 1927 } 1928 } else { 1929 return (0); 1930 } 1931 break; 1932#endif 1933 default: 1934 return (0); 1935 } 1936 return (1); 1937} 1938 1939static struct mbuf * 1940sctp_add_addr_to_mbuf(struct mbuf *m, struct sctp_ifa *ifa, uint16_t * len) 1941{ 1942#if defined(INET) || defined(INET6) 1943 struct sctp_paramhdr *parmh; 1944 struct mbuf *mret; 1945 uint16_t plen; 1946 1947#endif 1948 1949 switch (ifa->address.sa.sa_family) { 1950#ifdef INET 1951 case AF_INET: 1952 plen = (uint16_t) sizeof(struct sctp_ipv4addr_param); 1953 break; 1954#endif 1955#ifdef INET6 1956 case AF_INET6: 1957 plen = (uint16_t) sizeof(struct sctp_ipv6addr_param); 1958 break; 1959#endif 1960 default: 1961 return (m); 1962 } 1963#if defined(INET) || defined(INET6) 1964 if (M_TRAILINGSPACE(m) >= plen) { 1965 /* easy side we just drop it on the end */ 1966 parmh = (struct sctp_paramhdr *)(SCTP_BUF_AT(m, SCTP_BUF_LEN(m))); 1967 mret = m; 1968 } else { 1969 /* Need more space */ 1970 mret = m; 1971 while (SCTP_BUF_NEXT(mret) != NULL) { 1972 mret = SCTP_BUF_NEXT(mret); 1973 } 1974 SCTP_BUF_NEXT(mret) = sctp_get_mbuf_for_msg(plen, 0, M_NOWAIT, 1, MT_DATA); 1975 if (SCTP_BUF_NEXT(mret) == NULL) { 1976 /* We are hosed, can't add more addresses */ 1977 return (m); 1978 } 1979 mret = SCTP_BUF_NEXT(mret); 1980 parmh = mtod(mret, struct sctp_paramhdr *); 1981 } 1982 /* now add the parameter */ 1983 switch (ifa->address.sa.sa_family) { 1984#ifdef INET 1985 case AF_INET: 1986 { 1987 struct sctp_ipv4addr_param *ipv4p; 1988 struct sockaddr_in *sin; 1989 1990 sin = &ifa->address.sin; 1991 ipv4p = (struct sctp_ipv4addr_param *)parmh; 1992 parmh->param_type = htons(SCTP_IPV4_ADDRESS); 1993 parmh->param_length = htons(plen); 1994 ipv4p->addr = sin->sin_addr.s_addr; 1995 SCTP_BUF_LEN(mret) += plen; 1996 break; 1997 } 1998#endif 1999#ifdef INET6 2000 case AF_INET6: 2001 { 2002 struct sctp_ipv6addr_param *ipv6p; 2003 struct sockaddr_in6 *sin6; 2004 2005 sin6 = &ifa->address.sin6; 2006 ipv6p = (struct sctp_ipv6addr_param *)parmh; 2007 parmh->param_type = htons(SCTP_IPV6_ADDRESS); 2008 parmh->param_length = htons(plen); 2009 memcpy(ipv6p->addr, &sin6->sin6_addr, 2010 sizeof(ipv6p->addr)); 2011 /* clear embedded scope in the address */ 2012 in6_clearscope((struct in6_addr *)ipv6p->addr); 2013 SCTP_BUF_LEN(mret) += plen; 2014 break; 2015 } 2016#endif 2017 default: 2018 return (m); 2019 } 2020 if (len != NULL) { 2021 *len += plen; 2022 } 2023 return (mret); 2024#endif 2025} 2026 2027 2028struct mbuf * 2029sctp_add_addresses_to_i_ia(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 2030 struct sctp_scoping *scope, 2031 struct mbuf *m_at, int cnt_inits_to, 2032 uint16_t * padding_len, uint16_t * chunk_len) 2033{ 2034 struct sctp_vrf *vrf = NULL; 2035 int cnt, limit_out = 0, total_count; 2036 uint32_t vrf_id; 2037 2038 vrf_id = inp->def_vrf_id; 2039 SCTP_IPI_ADDR_RLOCK(); 2040 vrf = sctp_find_vrf(vrf_id); 2041 if (vrf == NULL) { 2042 SCTP_IPI_ADDR_RUNLOCK(); 2043 return (m_at); 2044 } 2045 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 2046 struct sctp_ifa *sctp_ifap; 2047 struct sctp_ifn *sctp_ifnp; 2048 2049 cnt = cnt_inits_to; 2050 if (vrf->total_ifa_count > SCTP_COUNT_LIMIT) { 2051 limit_out = 1; 2052 cnt = SCTP_ADDRESS_LIMIT; 2053 goto skip_count; 2054 } 2055 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 2056 if ((scope->loopback_scope == 0) && 2057 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) { 2058 /* 2059 * Skip loopback devices if loopback_scope 2060 * not set 2061 */ 2062 continue; 2063 } 2064 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 2065#ifdef INET 2066 if ((sctp_ifap->address.sa.sa_family == AF_INET) && 2067 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2068 &sctp_ifap->address.sin.sin_addr) != 0)) { 2069 continue; 2070 } 2071#endif 2072#ifdef INET6 2073 if ((sctp_ifap->address.sa.sa_family == AF_INET6) && 2074 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2075 &sctp_ifap->address.sin6.sin6_addr) != 0)) { 2076 continue; 2077 } 2078#endif 2079 if (sctp_is_addr_restricted(stcb, sctp_ifap)) { 2080 continue; 2081 } 2082 if (sctp_is_address_in_scope(sctp_ifap, scope, 1) == 0) { 2083 continue; 2084 } 2085 cnt++; 2086 if (cnt > SCTP_ADDRESS_LIMIT) { 2087 break; 2088 } 2089 } 2090 if (cnt > SCTP_ADDRESS_LIMIT) { 2091 break; 2092 } 2093 } 2094skip_count: 2095 if (cnt > 1) { 2096 total_count = 0; 2097 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 2098 cnt = 0; 2099 if ((scope->loopback_scope == 0) && 2100 SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) { 2101 /* 2102 * Skip loopback devices if 2103 * loopback_scope not set 2104 */ 2105 continue; 2106 } 2107 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 2108#ifdef INET 2109 if ((sctp_ifap->address.sa.sa_family == AF_INET) && 2110 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2111 &sctp_ifap->address.sin.sin_addr) != 0)) { 2112 continue; 2113 } 2114#endif 2115#ifdef INET6 2116 if ((sctp_ifap->address.sa.sa_family == AF_INET6) && 2117 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2118 &sctp_ifap->address.sin6.sin6_addr) != 0)) { 2119 continue; 2120 } 2121#endif 2122 if (sctp_is_addr_restricted(stcb, sctp_ifap)) { 2123 continue; 2124 } 2125 if (sctp_is_address_in_scope(sctp_ifap, 2126 scope, 0) == 0) { 2127 continue; 2128 } 2129 if ((chunk_len != NULL) && 2130 (padding_len != NULL) && 2131 (*padding_len > 0)) { 2132 memset(mtod(m_at, caddr_t)+*chunk_len, 0, *padding_len); 2133 SCTP_BUF_LEN(m_at) += *padding_len; 2134 *chunk_len += *padding_len; 2135 *padding_len = 0; 2136 } 2137 m_at = sctp_add_addr_to_mbuf(m_at, sctp_ifap, chunk_len); 2138 if (limit_out) { 2139 cnt++; 2140 total_count++; 2141 if (cnt >= 2) { 2142 /* 2143 * two from each 2144 * address 2145 */ 2146 break; 2147 } 2148 if (total_count > SCTP_ADDRESS_LIMIT) { 2149 /* No more addresses */ 2150 break; 2151 } 2152 } 2153 } 2154 } 2155 } 2156 } else { 2157 struct sctp_laddr *laddr; 2158 2159 cnt = cnt_inits_to; 2160 /* First, how many ? */ 2161 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2162 if (laddr->ifa == NULL) { 2163 continue; 2164 } 2165 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) 2166 /* 2167 * Address being deleted by the system, dont 2168 * list. 2169 */ 2170 continue; 2171 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2172 /* 2173 * Address being deleted on this ep don't 2174 * list. 2175 */ 2176 continue; 2177 } 2178 if (sctp_is_address_in_scope(laddr->ifa, 2179 scope, 1) == 0) { 2180 continue; 2181 } 2182 cnt++; 2183 } 2184 /* 2185 * To get through a NAT we only list addresses if we have 2186 * more than one. That way if you just bind a single address 2187 * we let the source of the init dictate our address. 2188 */ 2189 if (cnt > 1) { 2190 cnt = cnt_inits_to; 2191 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2192 if (laddr->ifa == NULL) { 2193 continue; 2194 } 2195 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) { 2196 continue; 2197 } 2198 if (sctp_is_address_in_scope(laddr->ifa, 2199 scope, 0) == 0) { 2200 continue; 2201 } 2202 if ((chunk_len != NULL) && 2203 (padding_len != NULL) && 2204 (*padding_len > 0)) { 2205 memset(mtod(m_at, caddr_t)+*chunk_len, 0, *padding_len); 2206 SCTP_BUF_LEN(m_at) += *padding_len; 2207 *chunk_len += *padding_len; 2208 *padding_len = 0; 2209 } 2210 m_at = sctp_add_addr_to_mbuf(m_at, laddr->ifa, chunk_len); 2211 cnt++; 2212 if (cnt >= SCTP_ADDRESS_LIMIT) { 2213 break; 2214 } 2215 } 2216 } 2217 } 2218 SCTP_IPI_ADDR_RUNLOCK(); 2219 return (m_at); 2220} 2221 2222static struct sctp_ifa * 2223sctp_is_ifa_addr_preferred(struct sctp_ifa *ifa, 2224 uint8_t dest_is_loop, 2225 uint8_t dest_is_priv, 2226 sa_family_t fam) 2227{ 2228 uint8_t dest_is_global = 0; 2229 2230 /* dest_is_priv is true if destination is a private address */ 2231 /* dest_is_loop is true if destination is a loopback addresses */ 2232 2233 /** 2234 * Here we determine if its a preferred address. A preferred address 2235 * means it is the same scope or higher scope then the destination. 2236 * L = loopback, P = private, G = global 2237 * ----------------------------------------- 2238 * src | dest | result 2239 * ---------------------------------------- 2240 * L | L | yes 2241 * ----------------------------------------- 2242 * P | L | yes-v4 no-v6 2243 * ----------------------------------------- 2244 * G | L | yes-v4 no-v6 2245 * ----------------------------------------- 2246 * L | P | no 2247 * ----------------------------------------- 2248 * P | P | yes 2249 * ----------------------------------------- 2250 * G | P | no 2251 * ----------------------------------------- 2252 * L | G | no 2253 * ----------------------------------------- 2254 * P | G | no 2255 * ----------------------------------------- 2256 * G | G | yes 2257 * ----------------------------------------- 2258 */ 2259 2260 if (ifa->address.sa.sa_family != fam) { 2261 /* forget mis-matched family */ 2262 return (NULL); 2263 } 2264 if ((dest_is_priv == 0) && (dest_is_loop == 0)) { 2265 dest_is_global = 1; 2266 } 2267 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Is destination preferred:"); 2268 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &ifa->address.sa); 2269 /* Ok the address may be ok */ 2270#ifdef INET6 2271 if (fam == AF_INET6) { 2272 /* ok to use deprecated addresses? no lets not! */ 2273 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2274 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:1\n"); 2275 return (NULL); 2276 } 2277 if (ifa->src_is_priv && !ifa->src_is_loop) { 2278 if (dest_is_loop) { 2279 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:2\n"); 2280 return (NULL); 2281 } 2282 } 2283 if (ifa->src_is_glob) { 2284 if (dest_is_loop) { 2285 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:3\n"); 2286 return (NULL); 2287 } 2288 } 2289 } 2290#endif 2291 /* 2292 * Now that we know what is what, implement or table this could in 2293 * theory be done slicker (it used to be), but this is 2294 * straightforward and easier to validate :-) 2295 */ 2296 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src_loop:%d src_priv:%d src_glob:%d\n", 2297 ifa->src_is_loop, ifa->src_is_priv, ifa->src_is_glob); 2298 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dest_loop:%d dest_priv:%d dest_glob:%d\n", 2299 dest_is_loop, dest_is_priv, dest_is_global); 2300 2301 if ((ifa->src_is_loop) && (dest_is_priv)) { 2302 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:4\n"); 2303 return (NULL); 2304 } 2305 if ((ifa->src_is_glob) && (dest_is_priv)) { 2306 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:5\n"); 2307 return (NULL); 2308 } 2309 if ((ifa->src_is_loop) && (dest_is_global)) { 2310 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:6\n"); 2311 return (NULL); 2312 } 2313 if ((ifa->src_is_priv) && (dest_is_global)) { 2314 SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:7\n"); 2315 return (NULL); 2316 } 2317 SCTPDBG(SCTP_DEBUG_OUTPUT3, "YES\n"); 2318 /* its a preferred address */ 2319 return (ifa); 2320} 2321 2322static struct sctp_ifa * 2323sctp_is_ifa_addr_acceptable(struct sctp_ifa *ifa, 2324 uint8_t dest_is_loop, 2325 uint8_t dest_is_priv, 2326 sa_family_t fam) 2327{ 2328 uint8_t dest_is_global = 0; 2329 2330 /** 2331 * Here we determine if its a acceptable address. A acceptable 2332 * address means it is the same scope or higher scope but we can 2333 * allow for NAT which means its ok to have a global dest and a 2334 * private src. 2335 * 2336 * L = loopback, P = private, G = global 2337 * ----------------------------------------- 2338 * src | dest | result 2339 * ----------------------------------------- 2340 * L | L | yes 2341 * ----------------------------------------- 2342 * P | L | yes-v4 no-v6 2343 * ----------------------------------------- 2344 * G | L | yes 2345 * ----------------------------------------- 2346 * L | P | no 2347 * ----------------------------------------- 2348 * P | P | yes 2349 * ----------------------------------------- 2350 * G | P | yes - May not work 2351 * ----------------------------------------- 2352 * L | G | no 2353 * ----------------------------------------- 2354 * P | G | yes - May not work 2355 * ----------------------------------------- 2356 * G | G | yes 2357 * ----------------------------------------- 2358 */ 2359 2360 if (ifa->address.sa.sa_family != fam) { 2361 /* forget non matching family */ 2362 SCTPDBG(SCTP_DEBUG_OUTPUT3, "ifa_fam:%d fam:%d\n", 2363 ifa->address.sa.sa_family, fam); 2364 return (NULL); 2365 } 2366 /* Ok the address may be ok */ 2367 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, &ifa->address.sa); 2368 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dst_is_loop:%d dest_is_priv:%d\n", 2369 dest_is_loop, dest_is_priv); 2370 if ((dest_is_loop == 0) && (dest_is_priv == 0)) { 2371 dest_is_global = 1; 2372 } 2373#ifdef INET6 2374 if (fam == AF_INET6) { 2375 /* ok to use deprecated addresses? */ 2376 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2377 return (NULL); 2378 } 2379 if (ifa->src_is_priv) { 2380 /* Special case, linklocal to loop */ 2381 if (dest_is_loop) 2382 return (NULL); 2383 } 2384 } 2385#endif 2386 /* 2387 * Now that we know what is what, implement our table. This could in 2388 * theory be done slicker (it used to be), but this is 2389 * straightforward and easier to validate :-) 2390 */ 2391 SCTPDBG(SCTP_DEBUG_OUTPUT3, "ifa->src_is_loop:%d dest_is_priv:%d\n", 2392 ifa->src_is_loop, 2393 dest_is_priv); 2394 if ((ifa->src_is_loop == 1) && (dest_is_priv)) { 2395 return (NULL); 2396 } 2397 SCTPDBG(SCTP_DEBUG_OUTPUT3, "ifa->src_is_loop:%d dest_is_glob:%d\n", 2398 ifa->src_is_loop, 2399 dest_is_global); 2400 if ((ifa->src_is_loop == 1) && (dest_is_global)) { 2401 return (NULL); 2402 } 2403 SCTPDBG(SCTP_DEBUG_OUTPUT3, "address is acceptable\n"); 2404 /* its an acceptable address */ 2405 return (ifa); 2406} 2407 2408int 2409sctp_is_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa) 2410{ 2411 struct sctp_laddr *laddr; 2412 2413 if (stcb == NULL) { 2414 /* There are no restrictions, no TCB :-) */ 2415 return (0); 2416 } 2417 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) { 2418 if (laddr->ifa == NULL) { 2419 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n", 2420 __func__); 2421 continue; 2422 } 2423 if (laddr->ifa == ifa) { 2424 /* Yes it is on the list */ 2425 return (1); 2426 } 2427 } 2428 return (0); 2429} 2430 2431 2432int 2433sctp_is_addr_in_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa) 2434{ 2435 struct sctp_laddr *laddr; 2436 2437 if (ifa == NULL) 2438 return (0); 2439 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2440 if (laddr->ifa == NULL) { 2441 SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n", 2442 __func__); 2443 continue; 2444 } 2445 if ((laddr->ifa == ifa) && laddr->action == 0) 2446 /* same pointer */ 2447 return (1); 2448 } 2449 return (0); 2450} 2451 2452 2453 2454static struct sctp_ifa * 2455sctp_choose_boundspecific_inp(struct sctp_inpcb *inp, 2456 sctp_route_t * ro, 2457 uint32_t vrf_id, 2458 int non_asoc_addr_ok, 2459 uint8_t dest_is_priv, 2460 uint8_t dest_is_loop, 2461 sa_family_t fam) 2462{ 2463 struct sctp_laddr *laddr, *starting_point; 2464 void *ifn; 2465 int resettotop = 0; 2466 struct sctp_ifn *sctp_ifn; 2467 struct sctp_ifa *sctp_ifa, *sifa; 2468 struct sctp_vrf *vrf; 2469 uint32_t ifn_index; 2470 2471 vrf = sctp_find_vrf(vrf_id); 2472 if (vrf == NULL) 2473 return (NULL); 2474 2475 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2476 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2477 sctp_ifn = sctp_find_ifn(ifn, ifn_index); 2478 /* 2479 * first question, is the ifn we will emit on in our list, if so, we 2480 * want such an address. Note that we first looked for a preferred 2481 * address. 2482 */ 2483 if (sctp_ifn) { 2484 /* is a preferred one on the interface we route out? */ 2485 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2486#ifdef INET 2487 if ((sctp_ifa->address.sa.sa_family == AF_INET) && 2488 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2489 &sctp_ifa->address.sin.sin_addr) != 0)) { 2490 continue; 2491 } 2492#endif 2493#ifdef INET6 2494 if ((sctp_ifa->address.sa.sa_family == AF_INET6) && 2495 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2496 &sctp_ifa->address.sin6.sin6_addr) != 0)) { 2497 continue; 2498 } 2499#endif 2500 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2501 (non_asoc_addr_ok == 0)) 2502 continue; 2503 sifa = sctp_is_ifa_addr_preferred(sctp_ifa, 2504 dest_is_loop, 2505 dest_is_priv, fam); 2506 if (sifa == NULL) 2507 continue; 2508 if (sctp_is_addr_in_ep(inp, sifa)) { 2509 atomic_add_int(&sifa->refcount, 1); 2510 return (sifa); 2511 } 2512 } 2513 } 2514 /* 2515 * ok, now we now need to find one on the list of the addresses. We 2516 * can't get one on the emitting interface so let's find first a 2517 * preferred one. If not that an acceptable one otherwise... we 2518 * return NULL. 2519 */ 2520 starting_point = inp->next_addr_touse; 2521once_again: 2522 if (inp->next_addr_touse == NULL) { 2523 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list); 2524 resettotop = 1; 2525 } 2526 for (laddr = inp->next_addr_touse; laddr; 2527 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2528 if (laddr->ifa == NULL) { 2529 /* address has been removed */ 2530 continue; 2531 } 2532 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2533 /* address is being deleted */ 2534 continue; 2535 } 2536 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, 2537 dest_is_priv, fam); 2538 if (sifa == NULL) 2539 continue; 2540 atomic_add_int(&sifa->refcount, 1); 2541 return (sifa); 2542 } 2543 if (resettotop == 0) { 2544 inp->next_addr_touse = NULL; 2545 goto once_again; 2546 } 2547 inp->next_addr_touse = starting_point; 2548 resettotop = 0; 2549once_again_too: 2550 if (inp->next_addr_touse == NULL) { 2551 inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list); 2552 resettotop = 1; 2553 } 2554 /* ok, what about an acceptable address in the inp */ 2555 for (laddr = inp->next_addr_touse; laddr; 2556 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2557 if (laddr->ifa == NULL) { 2558 /* address has been removed */ 2559 continue; 2560 } 2561 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2562 /* address is being deleted */ 2563 continue; 2564 } 2565 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop, 2566 dest_is_priv, fam); 2567 if (sifa == NULL) 2568 continue; 2569 atomic_add_int(&sifa->refcount, 1); 2570 return (sifa); 2571 } 2572 if (resettotop == 0) { 2573 inp->next_addr_touse = NULL; 2574 goto once_again_too; 2575 } 2576 /* 2577 * no address bound can be a source for the destination we are in 2578 * trouble 2579 */ 2580 return (NULL); 2581} 2582 2583 2584 2585static struct sctp_ifa * 2586sctp_choose_boundspecific_stcb(struct sctp_inpcb *inp, 2587 struct sctp_tcb *stcb, 2588 sctp_route_t * ro, 2589 uint32_t vrf_id, 2590 uint8_t dest_is_priv, 2591 uint8_t dest_is_loop, 2592 int non_asoc_addr_ok, 2593 sa_family_t fam) 2594{ 2595 struct sctp_laddr *laddr, *starting_point; 2596 void *ifn; 2597 struct sctp_ifn *sctp_ifn; 2598 struct sctp_ifa *sctp_ifa, *sifa; 2599 uint8_t start_at_beginning = 0; 2600 struct sctp_vrf *vrf; 2601 uint32_t ifn_index; 2602 2603 /* 2604 * first question, is the ifn we will emit on in our list, if so, we 2605 * want that one. 2606 */ 2607 vrf = sctp_find_vrf(vrf_id); 2608 if (vrf == NULL) 2609 return (NULL); 2610 2611 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2612 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2613 sctp_ifn = sctp_find_ifn(ifn, ifn_index); 2614 2615 /* 2616 * first question, is the ifn we will emit on in our list? If so, 2617 * we want that one. First we look for a preferred. Second, we go 2618 * for an acceptable. 2619 */ 2620 if (sctp_ifn) { 2621 /* first try for a preferred address on the ep */ 2622 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2623#ifdef INET 2624 if ((sctp_ifa->address.sa.sa_family == AF_INET) && 2625 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2626 &sctp_ifa->address.sin.sin_addr) != 0)) { 2627 continue; 2628 } 2629#endif 2630#ifdef INET6 2631 if ((sctp_ifa->address.sa.sa_family == AF_INET6) && 2632 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2633 &sctp_ifa->address.sin6.sin6_addr) != 0)) { 2634 continue; 2635 } 2636#endif 2637 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2638 continue; 2639 if (sctp_is_addr_in_ep(inp, sctp_ifa)) { 2640 sifa = sctp_is_ifa_addr_preferred(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2641 if (sifa == NULL) 2642 continue; 2643 if (((non_asoc_addr_ok == 0) && 2644 (sctp_is_addr_restricted(stcb, sifa))) || 2645 (non_asoc_addr_ok && 2646 (sctp_is_addr_restricted(stcb, sifa)) && 2647 (!sctp_is_addr_pending(stcb, sifa)))) { 2648 /* on the no-no list */ 2649 continue; 2650 } 2651 atomic_add_int(&sifa->refcount, 1); 2652 return (sifa); 2653 } 2654 } 2655 /* next try for an acceptable address on the ep */ 2656 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2657#ifdef INET 2658 if ((sctp_ifa->address.sa.sa_family == AF_INET) && 2659 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2660 &sctp_ifa->address.sin.sin_addr) != 0)) { 2661 continue; 2662 } 2663#endif 2664#ifdef INET6 2665 if ((sctp_ifa->address.sa.sa_family == AF_INET6) && 2666 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2667 &sctp_ifa->address.sin6.sin6_addr) != 0)) { 2668 continue; 2669 } 2670#endif 2671 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) 2672 continue; 2673 if (sctp_is_addr_in_ep(inp, sctp_ifa)) { 2674 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, dest_is_priv, fam); 2675 if (sifa == NULL) 2676 continue; 2677 if (((non_asoc_addr_ok == 0) && 2678 (sctp_is_addr_restricted(stcb, sifa))) || 2679 (non_asoc_addr_ok && 2680 (sctp_is_addr_restricted(stcb, sifa)) && 2681 (!sctp_is_addr_pending(stcb, sifa)))) { 2682 /* on the no-no list */ 2683 continue; 2684 } 2685 atomic_add_int(&sifa->refcount, 1); 2686 return (sifa); 2687 } 2688 } 2689 2690 } 2691 /* 2692 * if we can't find one like that then we must look at all addresses 2693 * bound to pick one at first preferable then secondly acceptable. 2694 */ 2695 starting_point = stcb->asoc.last_used_address; 2696sctp_from_the_top: 2697 if (stcb->asoc.last_used_address == NULL) { 2698 start_at_beginning = 1; 2699 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 2700 } 2701 /* search beginning with the last used address */ 2702 for (laddr = stcb->asoc.last_used_address; laddr; 2703 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2704 if (laddr->ifa == NULL) { 2705 /* address has been removed */ 2706 continue; 2707 } 2708 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2709 /* address is being deleted */ 2710 continue; 2711 } 2712 sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, dest_is_priv, fam); 2713 if (sifa == NULL) 2714 continue; 2715 if (((non_asoc_addr_ok == 0) && 2716 (sctp_is_addr_restricted(stcb, sifa))) || 2717 (non_asoc_addr_ok && 2718 (sctp_is_addr_restricted(stcb, sifa)) && 2719 (!sctp_is_addr_pending(stcb, sifa)))) { 2720 /* on the no-no list */ 2721 continue; 2722 } 2723 stcb->asoc.last_used_address = laddr; 2724 atomic_add_int(&sifa->refcount, 1); 2725 return (sifa); 2726 } 2727 if (start_at_beginning == 0) { 2728 stcb->asoc.last_used_address = NULL; 2729 goto sctp_from_the_top; 2730 } 2731 /* now try for any higher scope than the destination */ 2732 stcb->asoc.last_used_address = starting_point; 2733 start_at_beginning = 0; 2734sctp_from_the_top2: 2735 if (stcb->asoc.last_used_address == NULL) { 2736 start_at_beginning = 1; 2737 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 2738 } 2739 /* search beginning with the last used address */ 2740 for (laddr = stcb->asoc.last_used_address; laddr; 2741 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 2742 if (laddr->ifa == NULL) { 2743 /* address has been removed */ 2744 continue; 2745 } 2746 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 2747 /* address is being deleted */ 2748 continue; 2749 } 2750 sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop, 2751 dest_is_priv, fam); 2752 if (sifa == NULL) 2753 continue; 2754 if (((non_asoc_addr_ok == 0) && 2755 (sctp_is_addr_restricted(stcb, sifa))) || 2756 (non_asoc_addr_ok && 2757 (sctp_is_addr_restricted(stcb, sifa)) && 2758 (!sctp_is_addr_pending(stcb, sifa)))) { 2759 /* on the no-no list */ 2760 continue; 2761 } 2762 stcb->asoc.last_used_address = laddr; 2763 atomic_add_int(&sifa->refcount, 1); 2764 return (sifa); 2765 } 2766 if (start_at_beginning == 0) { 2767 stcb->asoc.last_used_address = NULL; 2768 goto sctp_from_the_top2; 2769 } 2770 return (NULL); 2771} 2772 2773static struct sctp_ifa * 2774sctp_select_nth_preferred_addr_from_ifn_boundall(struct sctp_ifn *ifn, 2775 struct sctp_inpcb *inp, 2776 struct sctp_tcb *stcb, 2777 int non_asoc_addr_ok, 2778 uint8_t dest_is_loop, 2779 uint8_t dest_is_priv, 2780 int addr_wanted, 2781 sa_family_t fam, 2782 sctp_route_t * ro 2783) 2784{ 2785 struct sctp_ifa *ifa, *sifa; 2786 int num_eligible_addr = 0; 2787 2788#ifdef INET6 2789 struct sockaddr_in6 sin6, lsa6; 2790 2791 if (fam == AF_INET6) { 2792 memcpy(&sin6, &ro->ro_dst, sizeof(struct sockaddr_in6)); 2793 (void)sa6_recoverscope(&sin6); 2794 } 2795#endif /* INET6 */ 2796 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { 2797#ifdef INET 2798 if ((ifa->address.sa.sa_family == AF_INET) && 2799 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2800 &ifa->address.sin.sin_addr) != 0)) { 2801 continue; 2802 } 2803#endif 2804#ifdef INET6 2805 if ((ifa->address.sa.sa_family == AF_INET6) && 2806 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2807 &ifa->address.sin6.sin6_addr) != 0)) { 2808 continue; 2809 } 2810#endif 2811 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2812 (non_asoc_addr_ok == 0)) 2813 continue; 2814 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop, 2815 dest_is_priv, fam); 2816 if (sifa == NULL) 2817 continue; 2818#ifdef INET6 2819 if (fam == AF_INET6 && 2820 dest_is_loop && 2821 sifa->src_is_loop && sifa->src_is_priv) { 2822 /* 2823 * don't allow fe80::1 to be a src on loop ::1, we 2824 * don't list it to the peer so we will get an 2825 * abort. 2826 */ 2827 continue; 2828 } 2829 if (fam == AF_INET6 && 2830 IN6_IS_ADDR_LINKLOCAL(&sifa->address.sin6.sin6_addr) && 2831 IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) { 2832 /* 2833 * link-local <-> link-local must belong to the same 2834 * scope. 2835 */ 2836 memcpy(&lsa6, &sifa->address.sin6, sizeof(struct sockaddr_in6)); 2837 (void)sa6_recoverscope(&lsa6); 2838 if (sin6.sin6_scope_id != lsa6.sin6_scope_id) { 2839 continue; 2840 } 2841 } 2842#endif /* INET6 */ 2843 2844 /* 2845 * Check if the IPv6 address matches to next-hop. In the 2846 * mobile case, old IPv6 address may be not deleted from the 2847 * interface. Then, the interface has previous and new 2848 * addresses. We should use one corresponding to the 2849 * next-hop. (by micchie) 2850 */ 2851#ifdef INET6 2852 if (stcb && fam == AF_INET6 && 2853 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) { 2854 if (sctp_v6src_match_nexthop(&sifa->address.sin6, ro) 2855 == 0) { 2856 continue; 2857 } 2858 } 2859#endif 2860#ifdef INET 2861 /* Avoid topologically incorrect IPv4 address */ 2862 if (stcb && fam == AF_INET && 2863 sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) { 2864 if (sctp_v4src_match_nexthop(sifa, ro) == 0) { 2865 continue; 2866 } 2867 } 2868#endif 2869 if (stcb) { 2870 if (sctp_is_address_in_scope(ifa, &stcb->asoc.scope, 0) == 0) { 2871 continue; 2872 } 2873 if (((non_asoc_addr_ok == 0) && 2874 (sctp_is_addr_restricted(stcb, sifa))) || 2875 (non_asoc_addr_ok && 2876 (sctp_is_addr_restricted(stcb, sifa)) && 2877 (!sctp_is_addr_pending(stcb, sifa)))) { 2878 /* 2879 * It is restricted for some reason.. 2880 * probably not yet added. 2881 */ 2882 continue; 2883 } 2884 } 2885 if (num_eligible_addr >= addr_wanted) { 2886 return (sifa); 2887 } 2888 num_eligible_addr++; 2889 } 2890 return (NULL); 2891} 2892 2893 2894static int 2895sctp_count_num_preferred_boundall(struct sctp_ifn *ifn, 2896 struct sctp_inpcb *inp, 2897 struct sctp_tcb *stcb, 2898 int non_asoc_addr_ok, 2899 uint8_t dest_is_loop, 2900 uint8_t dest_is_priv, 2901 sa_family_t fam) 2902{ 2903 struct sctp_ifa *ifa, *sifa; 2904 int num_eligible_addr = 0; 2905 2906 LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { 2907#ifdef INET 2908 if ((ifa->address.sa.sa_family == AF_INET) && 2909 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2910 &ifa->address.sin.sin_addr) != 0)) { 2911 continue; 2912 } 2913#endif 2914#ifdef INET6 2915 if ((ifa->address.sa.sa_family == AF_INET6) && 2916 (stcb != NULL) && 2917 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2918 &ifa->address.sin6.sin6_addr) != 0)) { 2919 continue; 2920 } 2921#endif 2922 if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 2923 (non_asoc_addr_ok == 0)) { 2924 continue; 2925 } 2926 sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop, 2927 dest_is_priv, fam); 2928 if (sifa == NULL) { 2929 continue; 2930 } 2931 if (stcb) { 2932 if (sctp_is_address_in_scope(ifa, &stcb->asoc.scope, 0) == 0) { 2933 continue; 2934 } 2935 if (((non_asoc_addr_ok == 0) && 2936 (sctp_is_addr_restricted(stcb, sifa))) || 2937 (non_asoc_addr_ok && 2938 (sctp_is_addr_restricted(stcb, sifa)) && 2939 (!sctp_is_addr_pending(stcb, sifa)))) { 2940 /* 2941 * It is restricted for some reason.. 2942 * probably not yet added. 2943 */ 2944 continue; 2945 } 2946 } 2947 num_eligible_addr++; 2948 } 2949 return (num_eligible_addr); 2950} 2951 2952static struct sctp_ifa * 2953sctp_choose_boundall(struct sctp_inpcb *inp, 2954 struct sctp_tcb *stcb, 2955 struct sctp_nets *net, 2956 sctp_route_t * ro, 2957 uint32_t vrf_id, 2958 uint8_t dest_is_priv, 2959 uint8_t dest_is_loop, 2960 int non_asoc_addr_ok, 2961 sa_family_t fam) 2962{ 2963 int cur_addr_num = 0, num_preferred = 0; 2964 void *ifn; 2965 struct sctp_ifn *sctp_ifn, *looked_at = NULL, *emit_ifn; 2966 struct sctp_ifa *sctp_ifa, *sifa; 2967 uint32_t ifn_index; 2968 struct sctp_vrf *vrf; 2969 2970#ifdef INET 2971 int retried = 0; 2972 2973#endif 2974 2975 /*- 2976 * For boundall we can use any address in the association. 2977 * If non_asoc_addr_ok is set we can use any address (at least in 2978 * theory). So we look for preferred addresses first. If we find one, 2979 * we use it. Otherwise we next try to get an address on the 2980 * interface, which we should be able to do (unless non_asoc_addr_ok 2981 * is false and we are routed out that way). In these cases where we 2982 * can't use the address of the interface we go through all the 2983 * ifn's looking for an address we can use and fill that in. Punting 2984 * means we send back address 0, which will probably cause problems 2985 * actually since then IP will fill in the address of the route ifn, 2986 * which means we probably already rejected it.. i.e. here comes an 2987 * abort :-<. 2988 */ 2989 vrf = sctp_find_vrf(vrf_id); 2990 if (vrf == NULL) 2991 return (NULL); 2992 2993 ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 2994 ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro); 2995 SCTPDBG(SCTP_DEBUG_OUTPUT2, "ifn from route:%p ifn_index:%d\n", ifn, ifn_index); 2996 emit_ifn = looked_at = sctp_ifn = sctp_find_ifn(ifn, ifn_index); 2997 if (sctp_ifn == NULL) { 2998 /* ?? We don't have this guy ?? */ 2999 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No ifn emit interface?\n"); 3000 goto bound_all_plan_b; 3001 } 3002 SCTPDBG(SCTP_DEBUG_OUTPUT2, "ifn_index:%d name:%s is emit interface\n", 3003 ifn_index, sctp_ifn->ifn_name); 3004 3005 if (net) { 3006 cur_addr_num = net->indx_of_eligible_next_to_use; 3007 } 3008 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, 3009 inp, stcb, 3010 non_asoc_addr_ok, 3011 dest_is_loop, 3012 dest_is_priv, fam); 3013 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Found %d preferred source addresses for intf:%s\n", 3014 num_preferred, sctp_ifn->ifn_name); 3015 if (num_preferred == 0) { 3016 /* 3017 * no eligible addresses, we must use some other interface 3018 * address if we can find one. 3019 */ 3020 goto bound_all_plan_b; 3021 } 3022 /* 3023 * Ok we have num_eligible_addr set with how many we can use, this 3024 * may vary from call to call due to addresses being deprecated 3025 * etc.. 3026 */ 3027 if (cur_addr_num >= num_preferred) { 3028 cur_addr_num = 0; 3029 } 3030 /* 3031 * select the nth address from the list (where cur_addr_num is the 3032 * nth) and 0 is the first one, 1 is the second one etc... 3033 */ 3034 SCTPDBG(SCTP_DEBUG_OUTPUT2, "cur_addr_num:%d\n", cur_addr_num); 3035 3036 sctp_ifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok, dest_is_loop, 3037 dest_is_priv, cur_addr_num, fam, ro); 3038 3039 /* if sctp_ifa is NULL something changed??, fall to plan b. */ 3040 if (sctp_ifa) { 3041 atomic_add_int(&sctp_ifa->refcount, 1); 3042 if (net) { 3043 /* save off where the next one we will want */ 3044 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 3045 } 3046 return (sctp_ifa); 3047 } 3048 /* 3049 * plan_b: Look at all interfaces and find a preferred address. If 3050 * no preferred fall through to plan_c. 3051 */ 3052bound_all_plan_b: 3053 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan B\n"); 3054 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 3055 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Examine interface %s\n", 3056 sctp_ifn->ifn_name); 3057 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 3058 /* wrong base scope */ 3059 SCTPDBG(SCTP_DEBUG_OUTPUT2, "skip\n"); 3060 continue; 3061 } 3062 if ((sctp_ifn == looked_at) && looked_at) { 3063 /* already looked at this guy */ 3064 SCTPDBG(SCTP_DEBUG_OUTPUT2, "already seen\n"); 3065 continue; 3066 } 3067 num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok, 3068 dest_is_loop, dest_is_priv, fam); 3069 SCTPDBG(SCTP_DEBUG_OUTPUT2, 3070 "Found ifn:%p %d preferred source addresses\n", 3071 ifn, num_preferred); 3072 if (num_preferred == 0) { 3073 /* None on this interface. */ 3074 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefered -- skipping to next\n"); 3075 continue; 3076 } 3077 SCTPDBG(SCTP_DEBUG_OUTPUT2, 3078 "num preferred:%d on interface:%p cur_addr_num:%d\n", 3079 num_preferred, (void *)sctp_ifn, cur_addr_num); 3080 3081 /* 3082 * Ok we have num_eligible_addr set with how many we can 3083 * use, this may vary from call to call due to addresses 3084 * being deprecated etc.. 3085 */ 3086 if (cur_addr_num >= num_preferred) { 3087 cur_addr_num = 0; 3088 } 3089 sifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok, dest_is_loop, 3090 dest_is_priv, cur_addr_num, fam, ro); 3091 if (sifa == NULL) 3092 continue; 3093 if (net) { 3094 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 3095 SCTPDBG(SCTP_DEBUG_OUTPUT2, "we selected %d\n", 3096 cur_addr_num); 3097 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Source:"); 3098 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa); 3099 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Dest:"); 3100 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &net->ro._l_addr.sa); 3101 } 3102 atomic_add_int(&sifa->refcount, 1); 3103 return (sifa); 3104 } 3105#ifdef INET 3106again_with_private_addresses_allowed: 3107#endif 3108 /* plan_c: do we have an acceptable address on the emit interface */ 3109 sifa = NULL; 3110 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan C: find acceptable on interface\n"); 3111 if (emit_ifn == NULL) { 3112 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Jump to Plan D - no emit_ifn\n"); 3113 goto plan_d; 3114 } 3115 LIST_FOREACH(sctp_ifa, &emit_ifn->ifalist, next_ifa) { 3116 SCTPDBG(SCTP_DEBUG_OUTPUT2, "ifa:%p\n", (void *)sctp_ifa); 3117#ifdef INET 3118 if ((sctp_ifa->address.sa.sa_family == AF_INET) && 3119 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 3120 &sctp_ifa->address.sin.sin_addr) != 0)) { 3121 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Jailed\n"); 3122 continue; 3123 } 3124#endif 3125#ifdef INET6 3126 if ((sctp_ifa->address.sa.sa_family == AF_INET6) && 3127 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 3128 &sctp_ifa->address.sin6.sin6_addr) != 0)) { 3129 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Jailed\n"); 3130 continue; 3131 } 3132#endif 3133 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 3134 (non_asoc_addr_ok == 0)) { 3135 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Defer\n"); 3136 continue; 3137 } 3138 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, 3139 dest_is_priv, fam); 3140 if (sifa == NULL) { 3141 SCTPDBG(SCTP_DEBUG_OUTPUT2, "IFA not acceptable\n"); 3142 continue; 3143 } 3144 if (stcb) { 3145 if (sctp_is_address_in_scope(sifa, &stcb->asoc.scope, 0) == 0) { 3146 SCTPDBG(SCTP_DEBUG_OUTPUT2, "NOT in scope\n"); 3147 sifa = NULL; 3148 continue; 3149 } 3150 if (((non_asoc_addr_ok == 0) && 3151 (sctp_is_addr_restricted(stcb, sifa))) || 3152 (non_asoc_addr_ok && 3153 (sctp_is_addr_restricted(stcb, sifa)) && 3154 (!sctp_is_addr_pending(stcb, sifa)))) { 3155 /* 3156 * It is restricted for some reason.. 3157 * probably not yet added. 3158 */ 3159 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Its resticted\n"); 3160 sifa = NULL; 3161 continue; 3162 } 3163 } 3164 atomic_add_int(&sifa->refcount, 1); 3165 goto out; 3166 } 3167plan_d: 3168 /* 3169 * plan_d: We are in trouble. No preferred address on the emit 3170 * interface. And not even a preferred address on all interfaces. Go 3171 * out and see if we can find an acceptable address somewhere 3172 * amongst all interfaces. 3173 */ 3174 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan D looked_at is %p\n", (void *)looked_at); 3175 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 3176 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 3177 /* wrong base scope */ 3178 continue; 3179 } 3180 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 3181#ifdef INET 3182 if ((sctp_ifa->address.sa.sa_family == AF_INET) && 3183 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 3184 &sctp_ifa->address.sin.sin_addr) != 0)) { 3185 continue; 3186 } 3187#endif 3188#ifdef INET6 3189 if ((sctp_ifa->address.sa.sa_family == AF_INET6) && 3190 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 3191 &sctp_ifa->address.sin6.sin6_addr) != 0)) { 3192 continue; 3193 } 3194#endif 3195 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 3196 (non_asoc_addr_ok == 0)) 3197 continue; 3198 sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, 3199 dest_is_loop, 3200 dest_is_priv, fam); 3201 if (sifa == NULL) 3202 continue; 3203 if (stcb) { 3204 if (sctp_is_address_in_scope(sifa, &stcb->asoc.scope, 0) == 0) { 3205 sifa = NULL; 3206 continue; 3207 } 3208 if (((non_asoc_addr_ok == 0) && 3209 (sctp_is_addr_restricted(stcb, sifa))) || 3210 (non_asoc_addr_ok && 3211 (sctp_is_addr_restricted(stcb, sifa)) && 3212 (!sctp_is_addr_pending(stcb, sifa)))) { 3213 /* 3214 * It is restricted for some 3215 * reason.. probably not yet added. 3216 */ 3217 sifa = NULL; 3218 continue; 3219 } 3220 } 3221 goto out; 3222 } 3223 } 3224#ifdef INET 3225 if ((retried == 0) && (stcb->asoc.scope.ipv4_local_scope == 0)) { 3226 stcb->asoc.scope.ipv4_local_scope = 1; 3227 retried = 1; 3228 goto again_with_private_addresses_allowed; 3229 } else if (retried == 1) { 3230 stcb->asoc.scope.ipv4_local_scope = 0; 3231 } 3232#endif 3233out: 3234#ifdef INET 3235 if (sifa) { 3236 if (retried == 1) { 3237 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 3238 if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 3239 /* wrong base scope */ 3240 continue; 3241 } 3242 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 3243 struct sctp_ifa *tmp_sifa; 3244 3245#ifdef INET 3246 if ((sctp_ifa->address.sa.sa_family == AF_INET) && 3247 (prison_check_ip4(inp->ip_inp.inp.inp_cred, 3248 &sctp_ifa->address.sin.sin_addr) != 0)) { 3249 continue; 3250 } 3251#endif 3252#ifdef INET6 3253 if ((sctp_ifa->address.sa.sa_family == AF_INET6) && 3254 (prison_check_ip6(inp->ip_inp.inp.inp_cred, 3255 &sctp_ifa->address.sin6.sin6_addr) != 0)) { 3256 continue; 3257 } 3258#endif 3259 if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && 3260 (non_asoc_addr_ok == 0)) 3261 continue; 3262 tmp_sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, 3263 dest_is_loop, 3264 dest_is_priv, fam); 3265 if (tmp_sifa == NULL) { 3266 continue; 3267 } 3268 if (tmp_sifa == sifa) { 3269 continue; 3270 } 3271 if (stcb) { 3272 if (sctp_is_address_in_scope(tmp_sifa, 3273 &stcb->asoc.scope, 0) == 0) { 3274 continue; 3275 } 3276 if (((non_asoc_addr_ok == 0) && 3277 (sctp_is_addr_restricted(stcb, tmp_sifa))) || 3278 (non_asoc_addr_ok && 3279 (sctp_is_addr_restricted(stcb, tmp_sifa)) && 3280 (!sctp_is_addr_pending(stcb, tmp_sifa)))) { 3281 /* 3282 * It is restricted 3283 * for some reason.. 3284 * probably not yet 3285 * added. 3286 */ 3287 continue; 3288 } 3289 } 3290 if ((tmp_sifa->address.sin.sin_family == AF_INET) && 3291 (IN4_ISPRIVATE_ADDRESS(&(tmp_sifa->address.sin.sin_addr)))) { 3292 sctp_add_local_addr_restricted(stcb, tmp_sifa); 3293 } 3294 } 3295 } 3296 } 3297 atomic_add_int(&sifa->refcount, 1); 3298 } 3299#endif 3300 return (sifa); 3301} 3302 3303 3304 3305/* tcb may be NULL */ 3306struct sctp_ifa * 3307sctp_source_address_selection(struct sctp_inpcb *inp, 3308 struct sctp_tcb *stcb, 3309 sctp_route_t * ro, 3310 struct sctp_nets *net, 3311 int non_asoc_addr_ok, uint32_t vrf_id) 3312{ 3313 struct sctp_ifa *answer; 3314 uint8_t dest_is_priv, dest_is_loop; 3315 sa_family_t fam; 3316 3317#ifdef INET 3318 struct sockaddr_in *to = (struct sockaddr_in *)&ro->ro_dst; 3319 3320#endif 3321#ifdef INET6 3322 struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&ro->ro_dst; 3323 3324#endif 3325 3326 /** 3327 * Rules: - Find the route if needed, cache if I can. - Look at 3328 * interface address in route, Is it in the bound list. If so we 3329 * have the best source. - If not we must rotate amongst the 3330 * addresses. 3331 * 3332 * Cavets and issues 3333 * 3334 * Do we need to pay attention to scope. We can have a private address 3335 * or a global address we are sourcing or sending to. So if we draw 3336 * it out 3337 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3338 * For V4 3339 * ------------------------------------------ 3340 * source * dest * result 3341 * ----------------------------------------- 3342 * <a> Private * Global * NAT 3343 * ----------------------------------------- 3344 * <b> Private * Private * No problem 3345 * ----------------------------------------- 3346 * <c> Global * Private * Huh, How will this work? 3347 * ----------------------------------------- 3348 * <d> Global * Global * No Problem 3349 *------------------------------------------ 3350 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3351 * For V6 3352 *------------------------------------------ 3353 * source * dest * result 3354 * ----------------------------------------- 3355 * <a> Linklocal * Global * 3356 * ----------------------------------------- 3357 * <b> Linklocal * Linklocal * No problem 3358 * ----------------------------------------- 3359 * <c> Global * Linklocal * Huh, How will this work? 3360 * ----------------------------------------- 3361 * <d> Global * Global * No Problem 3362 *------------------------------------------ 3363 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz 3364 * 3365 * And then we add to that what happens if there are multiple addresses 3366 * assigned to an interface. Remember the ifa on a ifn is a linked 3367 * list of addresses. So one interface can have more than one IP 3368 * address. What happens if we have both a private and a global 3369 * address? Do we then use context of destination to sort out which 3370 * one is best? And what about NAT's sending P->G may get you a NAT 3371 * translation, or should you select the G thats on the interface in 3372 * preference. 3373 * 3374 * Decisions: 3375 * 3376 * - count the number of addresses on the interface. 3377 * - if it is one, no problem except case <c>. 3378 * For <a> we will assume a NAT out there. 3379 * - if there are more than one, then we need to worry about scope P 3380 * or G. We should prefer G -> G and P -> P if possible. 3381 * Then as a secondary fall back to mixed types G->P being a last 3382 * ditch one. 3383 * - The above all works for bound all, but bound specific we need to 3384 * use the same concept but instead only consider the bound 3385 * addresses. If the bound set is NOT assigned to the interface then 3386 * we must use rotation amongst the bound addresses.. 3387 */ 3388 if (ro->ro_rt == NULL) { 3389 /* 3390 * Need a route to cache. 3391 */ 3392 SCTP_RTALLOC(ro, vrf_id, inp->fibnum); 3393 } 3394 if (ro->ro_rt == NULL) { 3395 return (NULL); 3396 } 3397 fam = ro->ro_dst.sa_family; 3398 dest_is_priv = dest_is_loop = 0; 3399 /* Setup our scopes for the destination */ 3400 switch (fam) { 3401#ifdef INET 3402 case AF_INET: 3403 /* Scope based on outbound address */ 3404 if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 3405 dest_is_loop = 1; 3406 if (net != NULL) { 3407 /* mark it as local */ 3408 net->addr_is_local = 1; 3409 } 3410 } else if ((IN4_ISPRIVATE_ADDRESS(&to->sin_addr))) { 3411 dest_is_priv = 1; 3412 } 3413 break; 3414#endif 3415#ifdef INET6 3416 case AF_INET6: 3417 /* Scope based on outbound address */ 3418 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr) || 3419 SCTP_ROUTE_IS_REAL_LOOP(ro)) { 3420 /* 3421 * If the address is a loopback address, which 3422 * consists of "::1" OR "fe80::1%lo0", we are 3423 * loopback scope. But we don't use dest_is_priv 3424 * (link local addresses). 3425 */ 3426 dest_is_loop = 1; 3427 if (net != NULL) { 3428 /* mark it as local */ 3429 net->addr_is_local = 1; 3430 } 3431 } else if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) { 3432 dest_is_priv = 1; 3433 } 3434 break; 3435#endif 3436 } 3437 SCTPDBG(SCTP_DEBUG_OUTPUT2, "Select source addr for:"); 3438 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)&ro->ro_dst); 3439 SCTP_IPI_ADDR_RLOCK(); 3440 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3441 /* 3442 * Bound all case 3443 */ 3444 answer = sctp_choose_boundall(inp, stcb, net, ro, vrf_id, 3445 dest_is_priv, dest_is_loop, 3446 non_asoc_addr_ok, fam); 3447 SCTP_IPI_ADDR_RUNLOCK(); 3448 return (answer); 3449 } 3450 /* 3451 * Subset bound case 3452 */ 3453 if (stcb) { 3454 answer = sctp_choose_boundspecific_stcb(inp, stcb, ro, 3455 vrf_id, dest_is_priv, 3456 dest_is_loop, 3457 non_asoc_addr_ok, fam); 3458 } else { 3459 answer = sctp_choose_boundspecific_inp(inp, ro, vrf_id, 3460 non_asoc_addr_ok, 3461 dest_is_priv, 3462 dest_is_loop, fam); 3463 } 3464 SCTP_IPI_ADDR_RUNLOCK(); 3465 return (answer); 3466} 3467 3468static int 3469sctp_find_cmsg(int c_type, void *data, struct mbuf *control, size_t cpsize) 3470{ 3471 struct cmsghdr cmh; 3472 int tlen, at, found; 3473 struct sctp_sndinfo sndinfo; 3474 struct sctp_prinfo prinfo; 3475 struct sctp_authinfo authinfo; 3476 3477 tlen = SCTP_BUF_LEN(control); 3478 at = 0; 3479 found = 0; 3480 /* 3481 * Independent of how many mbufs, find the c_type inside the control 3482 * structure and copy out the data. 3483 */ 3484 while (at < tlen) { 3485 if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) { 3486 /* There is not enough room for one more. */ 3487 return (found); 3488 } 3489 m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh); 3490 if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) { 3491 /* We dont't have a complete CMSG header. */ 3492 return (found); 3493 } 3494 if (((int)cmh.cmsg_len + at) > tlen) { 3495 /* We don't have the complete CMSG. */ 3496 return (found); 3497 } 3498 if ((cmh.cmsg_level == IPPROTO_SCTP) && 3499 ((c_type == cmh.cmsg_type) || 3500 ((c_type == SCTP_SNDRCV) && 3501 ((cmh.cmsg_type == SCTP_SNDINFO) || 3502 (cmh.cmsg_type == SCTP_PRINFO) || 3503 (cmh.cmsg_type == SCTP_AUTHINFO))))) { 3504 if (c_type == cmh.cmsg_type) { 3505 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < cpsize) { 3506 return (found); 3507 } 3508 /* It is exactly what we want. Copy it out. */ 3509 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), cpsize, (caddr_t)data); 3510 return (1); 3511 } else { 3512 struct sctp_sndrcvinfo *sndrcvinfo; 3513 3514 sndrcvinfo = (struct sctp_sndrcvinfo *)data; 3515 if (found == 0) { 3516 if (cpsize < sizeof(struct sctp_sndrcvinfo)) { 3517 return (found); 3518 } 3519 memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo)); 3520 } 3521 switch (cmh.cmsg_type) { 3522 case SCTP_SNDINFO: 3523 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct sctp_sndinfo)) { 3524 return (found); 3525 } 3526 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct sctp_sndinfo), (caddr_t)&sndinfo); 3527 sndrcvinfo->sinfo_stream = sndinfo.snd_sid; 3528 sndrcvinfo->sinfo_flags = sndinfo.snd_flags; 3529 sndrcvinfo->sinfo_ppid = sndinfo.snd_ppid; 3530 sndrcvinfo->sinfo_context = sndinfo.snd_context; 3531 sndrcvinfo->sinfo_assoc_id = sndinfo.snd_assoc_id; 3532 break; 3533 case SCTP_PRINFO: 3534 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct sctp_prinfo)) { 3535 return (found); 3536 } 3537 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct sctp_prinfo), (caddr_t)&prinfo); 3538 if (prinfo.pr_policy != SCTP_PR_SCTP_NONE) { 3539 sndrcvinfo->sinfo_timetolive = prinfo.pr_value; 3540 } else { 3541 sndrcvinfo->sinfo_timetolive = 0; 3542 } 3543 sndrcvinfo->sinfo_flags |= prinfo.pr_policy; 3544 break; 3545 case SCTP_AUTHINFO: 3546 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct sctp_authinfo)) { 3547 return (found); 3548 } 3549 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct sctp_authinfo), (caddr_t)&authinfo); 3550 sndrcvinfo->sinfo_keynumber_valid = 1; 3551 sndrcvinfo->sinfo_keynumber = authinfo.auth_keynumber; 3552 break; 3553 default: 3554 return (found); 3555 } 3556 found = 1; 3557 } 3558 } 3559 at += CMSG_ALIGN(cmh.cmsg_len); 3560 } 3561 return (found); 3562} 3563 3564static int 3565sctp_process_cmsgs_for_init(struct sctp_tcb *stcb, struct mbuf *control, int *error) 3566{ 3567 struct cmsghdr cmh; 3568 int tlen, at; 3569 struct sctp_initmsg initmsg; 3570 3571#ifdef INET 3572 struct sockaddr_in sin; 3573 3574#endif 3575#ifdef INET6 3576 struct sockaddr_in6 sin6; 3577 3578#endif 3579 3580 tlen = SCTP_BUF_LEN(control); 3581 at = 0; 3582 while (at < tlen) { 3583 if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) { 3584 /* There is not enough room for one more. */ 3585 *error = EINVAL; 3586 return (1); 3587 } 3588 m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh); 3589 if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) { 3590 /* We dont't have a complete CMSG header. */ 3591 *error = EINVAL; 3592 return (1); 3593 } 3594 if (((int)cmh.cmsg_len + at) > tlen) { 3595 /* We don't have the complete CMSG. */ 3596 *error = EINVAL; 3597 return (1); 3598 } 3599 if (cmh.cmsg_level == IPPROTO_SCTP) { 3600 switch (cmh.cmsg_type) { 3601 case SCTP_INIT: 3602 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct sctp_initmsg)) { 3603 *error = EINVAL; 3604 return (1); 3605 } 3606 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct sctp_initmsg), (caddr_t)&initmsg); 3607 if (initmsg.sinit_max_attempts) 3608 stcb->asoc.max_init_times = initmsg.sinit_max_attempts; 3609 if (initmsg.sinit_num_ostreams) 3610 stcb->asoc.pre_open_streams = initmsg.sinit_num_ostreams; 3611 if (initmsg.sinit_max_instreams) 3612 stcb->asoc.max_inbound_streams = initmsg.sinit_max_instreams; 3613 if (initmsg.sinit_max_init_timeo) 3614 stcb->asoc.initial_init_rto_max = initmsg.sinit_max_init_timeo; 3615 if (stcb->asoc.streamoutcnt < stcb->asoc.pre_open_streams) { 3616 struct sctp_stream_out *tmp_str; 3617 unsigned int i; 3618 3619#if defined(SCTP_DETAILED_STR_STATS) 3620 int j; 3621 3622#endif 3623 3624 /* Default is NOT correct */ 3625 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Ok, default:%d pre_open:%d\n", 3626 stcb->asoc.streamoutcnt, stcb->asoc.pre_open_streams); 3627 SCTP_TCB_UNLOCK(stcb); 3628 SCTP_MALLOC(tmp_str, 3629 struct sctp_stream_out *, 3630 (stcb->asoc.pre_open_streams * sizeof(struct sctp_stream_out)), 3631 SCTP_M_STRMO); 3632 SCTP_TCB_LOCK(stcb); 3633 if (tmp_str != NULL) { 3634 SCTP_FREE(stcb->asoc.strmout, SCTP_M_STRMO); 3635 stcb->asoc.strmout = tmp_str; 3636 stcb->asoc.strm_realoutsize = stcb->asoc.streamoutcnt = stcb->asoc.pre_open_streams; 3637 } else { 3638 stcb->asoc.pre_open_streams = stcb->asoc.streamoutcnt; 3639 } 3640 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 3641 TAILQ_INIT(&stcb->asoc.strmout[i].outqueue); 3642 stcb->asoc.strmout[i].chunks_on_queues = 0; 3643 stcb->asoc.strmout[i].next_sequence_send = 0; 3644#if defined(SCTP_DETAILED_STR_STATS) 3645 for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) { 3646 stcb->asoc.strmout[i].abandoned_sent[j] = 0; 3647 stcb->asoc.strmout[i].abandoned_unsent[j] = 0; 3648 } 3649#else 3650 stcb->asoc.strmout[i].abandoned_sent[0] = 0; 3651 stcb->asoc.strmout[i].abandoned_unsent[0] = 0; 3652#endif 3653 stcb->asoc.strmout[i].stream_no = i; 3654 stcb->asoc.strmout[i].last_msg_incomplete = 0; 3655 stcb->asoc.strmout[i].state = SCTP_STREAM_OPENING; 3656 stcb->asoc.ss_functions.sctp_ss_init_stream(&stcb->asoc.strmout[i], NULL); 3657 } 3658 } 3659 break; 3660#ifdef INET 3661 case SCTP_DSTADDRV4: 3662 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct in_addr)) { 3663 *error = EINVAL; 3664 return (1); 3665 } 3666 memset(&sin, 0, sizeof(struct sockaddr_in)); 3667 sin.sin_family = AF_INET; 3668 sin.sin_len = sizeof(struct sockaddr_in); 3669 sin.sin_port = stcb->rport; 3670 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct in_addr), (caddr_t)&sin.sin_addr); 3671 if ((sin.sin_addr.s_addr == INADDR_ANY) || 3672 (sin.sin_addr.s_addr == INADDR_BROADCAST) || 3673 IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) { 3674 *error = EINVAL; 3675 return (1); 3676 } 3677 if (sctp_add_remote_addr(stcb, (struct sockaddr *)&sin, NULL, 3678 SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) { 3679 *error = ENOBUFS; 3680 return (1); 3681 } 3682 break; 3683#endif 3684#ifdef INET6 3685 case SCTP_DSTADDRV6: 3686 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct in6_addr)) { 3687 *error = EINVAL; 3688 return (1); 3689 } 3690 memset(&sin6, 0, sizeof(struct sockaddr_in6)); 3691 sin6.sin6_family = AF_INET6; 3692 sin6.sin6_len = sizeof(struct sockaddr_in6); 3693 sin6.sin6_port = stcb->rport; 3694 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct in6_addr), (caddr_t)&sin6.sin6_addr); 3695 if (IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr) || 3696 IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) { 3697 *error = EINVAL; 3698 return (1); 3699 } 3700#ifdef INET 3701 if (IN6_IS_ADDR_V4MAPPED(&sin6.sin6_addr)) { 3702 in6_sin6_2_sin(&sin, &sin6); 3703 if ((sin.sin_addr.s_addr == INADDR_ANY) || 3704 (sin.sin_addr.s_addr == INADDR_BROADCAST) || 3705 IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) { 3706 *error = EINVAL; 3707 return (1); 3708 } 3709 if (sctp_add_remote_addr(stcb, (struct sockaddr *)&sin, NULL, 3710 SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) { 3711 *error = ENOBUFS; 3712 return (1); 3713 } 3714 } else 3715#endif 3716 if (sctp_add_remote_addr(stcb, (struct sockaddr *)&sin6, NULL, 3717 SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) { 3718 *error = ENOBUFS; 3719 return (1); 3720 } 3721 break; 3722#endif 3723 default: 3724 break; 3725 } 3726 } 3727 at += CMSG_ALIGN(cmh.cmsg_len); 3728 } 3729 return (0); 3730} 3731 3732static struct sctp_tcb * 3733sctp_findassociation_cmsgs(struct sctp_inpcb **inp_p, 3734 uint16_t port, 3735 struct mbuf *control, 3736 struct sctp_nets **net_p, 3737 int *error) 3738{ 3739 struct cmsghdr cmh; 3740 int tlen, at; 3741 struct sctp_tcb *stcb; 3742 struct sockaddr *addr; 3743 3744#ifdef INET 3745 struct sockaddr_in sin; 3746 3747#endif 3748#ifdef INET6 3749 struct sockaddr_in6 sin6; 3750 3751#endif 3752 3753 tlen = SCTP_BUF_LEN(control); 3754 at = 0; 3755 while (at < tlen) { 3756 if ((tlen - at) < (int)CMSG_ALIGN(sizeof(cmh))) { 3757 /* There is not enough room for one more. */ 3758 *error = EINVAL; 3759 return (NULL); 3760 } 3761 m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh); 3762 if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) { 3763 /* We dont't have a complete CMSG header. */ 3764 *error = EINVAL; 3765 return (NULL); 3766 } 3767 if (((int)cmh.cmsg_len + at) > tlen) { 3768 /* We don't have the complete CMSG. */ 3769 *error = EINVAL; 3770 return (NULL); 3771 } 3772 if (cmh.cmsg_level == IPPROTO_SCTP) { 3773 switch (cmh.cmsg_type) { 3774#ifdef INET 3775 case SCTP_DSTADDRV4: 3776 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct in_addr)) { 3777 *error = EINVAL; 3778 return (NULL); 3779 } 3780 memset(&sin, 0, sizeof(struct sockaddr_in)); 3781 sin.sin_family = AF_INET; 3782 sin.sin_len = sizeof(struct sockaddr_in); 3783 sin.sin_port = port; 3784 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct in_addr), (caddr_t)&sin.sin_addr); 3785 addr = (struct sockaddr *)&sin; 3786 break; 3787#endif 3788#ifdef INET6 3789 case SCTP_DSTADDRV6: 3790 if ((size_t)(cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh))) < sizeof(struct in6_addr)) { 3791 *error = EINVAL; 3792 return (NULL); 3793 } 3794 memset(&sin6, 0, sizeof(struct sockaddr_in6)); 3795 sin6.sin6_family = AF_INET6; 3796 sin6.sin6_len = sizeof(struct sockaddr_in6); 3797 sin6.sin6_port = port; 3798 m_copydata(control, at + CMSG_ALIGN(sizeof(cmh)), sizeof(struct in6_addr), (caddr_t)&sin6.sin6_addr); 3799#ifdef INET 3800 if (IN6_IS_ADDR_V4MAPPED(&sin6.sin6_addr)) { 3801 in6_sin6_2_sin(&sin, &sin6); 3802 addr = (struct sockaddr *)&sin; 3803 } else 3804#endif 3805 addr = (struct sockaddr *)&sin6; 3806 break; 3807#endif 3808 default: 3809 addr = NULL; 3810 break; 3811 } 3812 if (addr) { 3813 stcb = sctp_findassociation_ep_addr(inp_p, addr, net_p, NULL, NULL); 3814 if (stcb != NULL) { 3815 return (stcb); 3816 } 3817 } 3818 } 3819 at += CMSG_ALIGN(cmh.cmsg_len); 3820 } 3821 return (NULL); 3822} 3823 3824static struct mbuf * 3825sctp_add_cookie(struct mbuf *init, int init_offset, 3826 struct mbuf *initack, int initack_offset, struct sctp_state_cookie *stc_in, uint8_t ** signature) 3827{ 3828 struct mbuf *copy_init, *copy_initack, *m_at, *sig, *mret; 3829 struct sctp_state_cookie *stc; 3830 struct sctp_paramhdr *ph; 3831 uint8_t *foo; 3832 int sig_offset; 3833 uint16_t cookie_sz; 3834 3835 mret = sctp_get_mbuf_for_msg((sizeof(struct sctp_state_cookie) + 3836 sizeof(struct sctp_paramhdr)), 0, 3837 M_NOWAIT, 1, MT_DATA); 3838 if (mret == NULL) { 3839 return (NULL); 3840 } 3841 copy_init = SCTP_M_COPYM(init, init_offset, M_COPYALL, M_NOWAIT); 3842 if (copy_init == NULL) { 3843 sctp_m_freem(mret); 3844 return (NULL); 3845 } 3846#ifdef SCTP_MBUF_LOGGING 3847 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 3848 sctp_log_mbc(copy_init, SCTP_MBUF_ICOPY); 3849 } 3850#endif 3851 copy_initack = SCTP_M_COPYM(initack, initack_offset, M_COPYALL, 3852 M_NOWAIT); 3853 if (copy_initack == NULL) { 3854 sctp_m_freem(mret); 3855 sctp_m_freem(copy_init); 3856 return (NULL); 3857 } 3858#ifdef SCTP_MBUF_LOGGING 3859 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 3860 sctp_log_mbc(copy_initack, SCTP_MBUF_ICOPY); 3861 } 3862#endif 3863 /* easy side we just drop it on the end */ 3864 ph = mtod(mret, struct sctp_paramhdr *); 3865 SCTP_BUF_LEN(mret) = sizeof(struct sctp_state_cookie) + 3866 sizeof(struct sctp_paramhdr); 3867 stc = (struct sctp_state_cookie *)((caddr_t)ph + 3868 sizeof(struct sctp_paramhdr)); 3869 ph->param_type = htons(SCTP_STATE_COOKIE); 3870 ph->param_length = 0; /* fill in at the end */ 3871 /* Fill in the stc cookie data */ 3872 memcpy(stc, stc_in, sizeof(struct sctp_state_cookie)); 3873 3874 /* tack the INIT and then the INIT-ACK onto the chain */ 3875 cookie_sz = 0; 3876 for (m_at = mret; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3877 cookie_sz += SCTP_BUF_LEN(m_at); 3878 if (SCTP_BUF_NEXT(m_at) == NULL) { 3879 SCTP_BUF_NEXT(m_at) = copy_init; 3880 break; 3881 } 3882 } 3883 for (m_at = copy_init; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3884 cookie_sz += SCTP_BUF_LEN(m_at); 3885 if (SCTP_BUF_NEXT(m_at) == NULL) { 3886 SCTP_BUF_NEXT(m_at) = copy_initack; 3887 break; 3888 } 3889 } 3890 for (m_at = copy_initack; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 3891 cookie_sz += SCTP_BUF_LEN(m_at); 3892 if (SCTP_BUF_NEXT(m_at) == NULL) { 3893 break; 3894 } 3895 } 3896 sig = sctp_get_mbuf_for_msg(SCTP_SECRET_SIZE, 0, M_NOWAIT, 1, MT_DATA); 3897 if (sig == NULL) { 3898 /* no space, so free the entire chain */ 3899 sctp_m_freem(mret); 3900 return (NULL); 3901 } 3902 SCTP_BUF_LEN(sig) = 0; 3903 SCTP_BUF_NEXT(m_at) = sig; 3904 sig_offset = 0; 3905 foo = (uint8_t *) (mtod(sig, caddr_t)+sig_offset); 3906 memset(foo, 0, SCTP_SIGNATURE_SIZE); 3907 *signature = foo; 3908 SCTP_BUF_LEN(sig) += SCTP_SIGNATURE_SIZE; 3909 cookie_sz += SCTP_SIGNATURE_SIZE; 3910 ph->param_length = htons(cookie_sz); 3911 return (mret); 3912} 3913 3914 3915static uint8_t 3916sctp_get_ect(struct sctp_tcb *stcb) 3917{ 3918 if ((stcb != NULL) && (stcb->asoc.ecn_supported == 1)) { 3919 return (SCTP_ECT0_BIT); 3920 } else { 3921 return (0); 3922 } 3923} 3924 3925#if defined(INET) || defined(INET6) 3926static void 3927sctp_handle_no_route(struct sctp_tcb *stcb, 3928 struct sctp_nets *net, 3929 int so_locked) 3930{ 3931 SCTPDBG(SCTP_DEBUG_OUTPUT1, "dropped packet - no valid source addr\n"); 3932 3933 if (net) { 3934 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Destination was "); 3935 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT1, &net->ro._l_addr.sa); 3936 if (net->dest_state & SCTP_ADDR_CONFIRMED) { 3937 if ((net->dest_state & SCTP_ADDR_REACHABLE) && stcb) { 3938 SCTPDBG(SCTP_DEBUG_OUTPUT1, "no route takes interface %p down\n", (void *)net); 3939 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN, 3940 stcb, 0, 3941 (void *)net, 3942 so_locked); 3943 net->dest_state &= ~SCTP_ADDR_REACHABLE; 3944 net->dest_state &= ~SCTP_ADDR_PF; 3945 } 3946 } 3947 if (stcb) { 3948 if (net == stcb->asoc.primary_destination) { 3949 /* need a new primary */ 3950 struct sctp_nets *alt; 3951 3952 alt = sctp_find_alternate_net(stcb, net, 0); 3953 if (alt != net) { 3954 if (stcb->asoc.alternate) { 3955 sctp_free_remote_addr(stcb->asoc.alternate); 3956 } 3957 stcb->asoc.alternate = alt; 3958 atomic_add_int(&stcb->asoc.alternate->ref_count, 1); 3959 if (net->ro._s_addr) { 3960 sctp_free_ifa(net->ro._s_addr); 3961 net->ro._s_addr = NULL; 3962 } 3963 net->src_addr_selected = 0; 3964 } 3965 } 3966 } 3967 } 3968} 3969 3970#endif 3971 3972static int 3973sctp_lowlevel_chunk_output(struct sctp_inpcb *inp, 3974 struct sctp_tcb *stcb, /* may be NULL */ 3975 struct sctp_nets *net, 3976 struct sockaddr *to, 3977 struct mbuf *m, 3978 uint32_t auth_offset, 3979 struct sctp_auth_chunk *auth, 3980 uint16_t auth_keyid, 3981 int nofragment_flag, 3982 int ecn_ok, 3983 int out_of_asoc_ok, 3984 uint16_t src_port, 3985 uint16_t dest_port, 3986 uint32_t v_tag, 3987 uint16_t port, 3988 union sctp_sockstore *over_addr, 3989 uint8_t mflowtype, uint32_t mflowid, 3990#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 3991 int so_locked SCTP_UNUSED 3992#else 3993 int so_locked 3994#endif 3995) 3996/* nofragment_flag to tell if IP_DF should be set (IPv4 only) */ 3997{ 3998 /** 3999 * Given a mbuf chain (via SCTP_BUF_NEXT()) that holds a packet header 4000 * WITH an SCTPHDR but no IP header, endpoint inp and sa structure: 4001 * - fill in the HMAC digest of any AUTH chunk in the packet. 4002 * - calculate and fill in the SCTP checksum. 4003 * - prepend an IP address header. 4004 * - if boundall use INADDR_ANY. 4005 * - if boundspecific do source address selection. 4006 * - set fragmentation option for ipV4. 4007 * - On return from IP output, check/adjust mtu size of output 4008 * interface and smallest_mtu size as well. 4009 */ 4010 /* Will need ifdefs around this */ 4011 struct mbuf *newm; 4012 struct sctphdr *sctphdr; 4013 int packet_length; 4014 int ret; 4015 4016#if defined(INET) || defined(INET6) 4017 uint32_t vrf_id; 4018 4019#endif 4020#if defined(INET) || defined(INET6) 4021 struct mbuf *o_pak; 4022 sctp_route_t *ro = NULL; 4023 struct udphdr *udp = NULL; 4024 4025#endif 4026 uint8_t tos_value; 4027 4028#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4029 struct socket *so = NULL; 4030 4031#endif 4032 4033 if ((net) && (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE)) { 4034 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 4035 sctp_m_freem(m); 4036 return (EFAULT); 4037 } 4038#if defined(INET) || defined(INET6) 4039 if (stcb) { 4040 vrf_id = stcb->asoc.vrf_id; 4041 } else { 4042 vrf_id = inp->def_vrf_id; 4043 } 4044#endif 4045 /* fill in the HMAC digest for any AUTH chunk in the packet */ 4046 if ((auth != NULL) && (stcb != NULL)) { 4047 sctp_fill_hmac_digest_m(m, auth_offset, auth, stcb, auth_keyid); 4048 } 4049 if (net) { 4050 tos_value = net->dscp; 4051 } else if (stcb) { 4052 tos_value = stcb->asoc.default_dscp; 4053 } else { 4054 tos_value = inp->sctp_ep.default_dscp; 4055 } 4056 4057 switch (to->sa_family) { 4058#ifdef INET 4059 case AF_INET: 4060 { 4061 struct ip *ip = NULL; 4062 sctp_route_t iproute; 4063 int len; 4064 4065 len = SCTP_MIN_V4_OVERHEAD; 4066 if (port) { 4067 len += sizeof(struct udphdr); 4068 } 4069 newm = sctp_get_mbuf_for_msg(len, 1, M_NOWAIT, 1, MT_DATA); 4070 if (newm == NULL) { 4071 sctp_m_freem(m); 4072 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 4073 return (ENOMEM); 4074 } 4075 SCTP_ALIGN_TO_END(newm, len); 4076 SCTP_BUF_LEN(newm) = len; 4077 SCTP_BUF_NEXT(newm) = m; 4078 m = newm; 4079 if (net != NULL) { 4080 m->m_pkthdr.flowid = net->flowid; 4081 M_HASHTYPE_SET(m, net->flowtype); 4082 } else { 4083 m->m_pkthdr.flowid = mflowid; 4084 M_HASHTYPE_SET(m, mflowtype); 4085 } 4086 packet_length = sctp_calculate_len(m); 4087 ip = mtod(m, struct ip *); 4088 ip->ip_v = IPVERSION; 4089 ip->ip_hl = (sizeof(struct ip) >> 2); 4090 if (tos_value == 0) { 4091 /* 4092 * This means especially, that it is not set 4093 * at the SCTP layer. So use the value from 4094 * the IP layer. 4095 */ 4096 tos_value = inp->ip_inp.inp.inp_ip_tos; 4097 } 4098 tos_value &= 0xfc; 4099 if (ecn_ok) { 4100 tos_value |= sctp_get_ect(stcb); 4101 } 4102 if ((nofragment_flag) && (port == 0)) { 4103 ip->ip_off = htons(IP_DF); 4104 } else { 4105 ip->ip_off = htons(0); 4106 } 4107 /* FreeBSD has a function for ip_id's */ 4108 ip->ip_id = ip_newid(); 4109 4110 ip->ip_ttl = inp->ip_inp.inp.inp_ip_ttl; 4111 ip->ip_len = htons(packet_length); 4112 ip->ip_tos = tos_value; 4113 if (port) { 4114 ip->ip_p = IPPROTO_UDP; 4115 } else { 4116 ip->ip_p = IPPROTO_SCTP; 4117 } 4118 ip->ip_sum = 0; 4119 if (net == NULL) { 4120 ro = &iproute; 4121 memset(&iproute, 0, sizeof(iproute)); 4122 memcpy(&ro->ro_dst, to, to->sa_len); 4123 } else { 4124 ro = (sctp_route_t *) & net->ro; 4125 } 4126 /* Now the address selection part */ 4127 ip->ip_dst.s_addr = ((struct sockaddr_in *)to)->sin_addr.s_addr; 4128 4129 /* call the routine to select the src address */ 4130 if (net && out_of_asoc_ok == 0) { 4131 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED | SCTP_ADDR_IFA_UNUSEABLE))) { 4132 sctp_free_ifa(net->ro._s_addr); 4133 net->ro._s_addr = NULL; 4134 net->src_addr_selected = 0; 4135 if (ro->ro_rt) { 4136 RTFREE(ro->ro_rt); 4137 ro->ro_rt = NULL; 4138 } 4139 } 4140 if (net->src_addr_selected == 0) { 4141 /* Cache the source address */ 4142 net->ro._s_addr = sctp_source_address_selection(inp, stcb, 4143 ro, net, 0, 4144 vrf_id); 4145 net->src_addr_selected = 1; 4146 } 4147 if (net->ro._s_addr == NULL) { 4148 /* No route to host */ 4149 net->src_addr_selected = 0; 4150 sctp_handle_no_route(stcb, net, so_locked); 4151 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4152 sctp_m_freem(m); 4153 return (EHOSTUNREACH); 4154 } 4155 ip->ip_src = net->ro._s_addr->address.sin.sin_addr; 4156 } else { 4157 if (over_addr == NULL) { 4158 struct sctp_ifa *_lsrc; 4159 4160 _lsrc = sctp_source_address_selection(inp, stcb, ro, 4161 net, 4162 out_of_asoc_ok, 4163 vrf_id); 4164 if (_lsrc == NULL) { 4165 sctp_handle_no_route(stcb, net, so_locked); 4166 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4167 sctp_m_freem(m); 4168 return (EHOSTUNREACH); 4169 } 4170 ip->ip_src = _lsrc->address.sin.sin_addr; 4171 sctp_free_ifa(_lsrc); 4172 } else { 4173 ip->ip_src = over_addr->sin.sin_addr; 4174 SCTP_RTALLOC(ro, vrf_id, inp->fibnum); 4175 } 4176 } 4177 if (port) { 4178 if (htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)) == 0) { 4179 sctp_handle_no_route(stcb, net, so_locked); 4180 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4181 sctp_m_freem(m); 4182 return (EHOSTUNREACH); 4183 } 4184 udp = (struct udphdr *)((caddr_t)ip + sizeof(struct ip)); 4185 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 4186 udp->uh_dport = port; 4187 udp->uh_ulen = htons(packet_length - sizeof(struct ip)); 4188 if (V_udp_cksum) { 4189 udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 4190 } else { 4191 udp->uh_sum = 0; 4192 } 4193 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr)); 4194 } else { 4195 sctphdr = (struct sctphdr *)((caddr_t)ip + sizeof(struct ip)); 4196 } 4197 4198 sctphdr->src_port = src_port; 4199 sctphdr->dest_port = dest_port; 4200 sctphdr->v_tag = v_tag; 4201 sctphdr->checksum = 0; 4202 4203 /* 4204 * If source address selection fails and we find no 4205 * route then the ip_output should fail as well with 4206 * a NO_ROUTE_TO_HOST type error. We probably should 4207 * catch that somewhere and abort the association 4208 * right away (assuming this is an INIT being sent). 4209 */ 4210 if (ro->ro_rt == NULL) { 4211 /* 4212 * src addr selection failed to find a route 4213 * (or valid source addr), so we can't get 4214 * there from here (yet)! 4215 */ 4216 sctp_handle_no_route(stcb, net, so_locked); 4217 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4218 sctp_m_freem(m); 4219 return (EHOSTUNREACH); 4220 } 4221 if (ro != &iproute) { 4222 memcpy(&iproute, ro, sizeof(*ro)); 4223 } 4224 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv4 output routine from low level src addr:%x\n", 4225 (uint32_t) (ntohl(ip->ip_src.s_addr))); 4226 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Destination is %x\n", 4227 (uint32_t) (ntohl(ip->ip_dst.s_addr))); 4228 SCTPDBG(SCTP_DEBUG_OUTPUT3, "RTP route is %p through\n", 4229 (void *)ro->ro_rt); 4230 4231 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 4232 /* failed to prepend data, give up */ 4233 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 4234 sctp_m_freem(m); 4235 return (ENOMEM); 4236 } 4237 SCTP_ATTACH_CHAIN(o_pak, m, packet_length); 4238 if (port) { 4239#if defined(SCTP_WITH_NO_CSUM) 4240 SCTP_STAT_INCR(sctps_sendnocrc); 4241#else 4242 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip) + sizeof(struct udphdr)); 4243 SCTP_STAT_INCR(sctps_sendswcrc); 4244#endif 4245 if (V_udp_cksum) { 4246 SCTP_ENABLE_UDP_CSUM(o_pak); 4247 } 4248 } else { 4249#if defined(SCTP_WITH_NO_CSUM) 4250 SCTP_STAT_INCR(sctps_sendnocrc); 4251#else 4252 m->m_pkthdr.csum_flags = CSUM_SCTP; 4253 m->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum); 4254 SCTP_STAT_INCR(sctps_sendhwcrc); 4255#endif 4256 } 4257#ifdef SCTP_PACKET_LOGGING 4258 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 4259 sctp_packet_log(o_pak); 4260#endif 4261 /* send it out. table id is taken from stcb */ 4262#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4263 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4264 so = SCTP_INP_SO(inp); 4265 SCTP_SOCKET_UNLOCK(so, 0); 4266 } 4267#endif 4268 SCTP_IP_OUTPUT(ret, o_pak, ro, stcb, vrf_id); 4269#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4270 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4271 atomic_add_int(&stcb->asoc.refcnt, 1); 4272 SCTP_TCB_UNLOCK(stcb); 4273 SCTP_SOCKET_LOCK(so, 0); 4274 SCTP_TCB_LOCK(stcb); 4275 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4276 } 4277#endif 4278 SCTP_STAT_INCR(sctps_sendpackets); 4279 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 4280 if (ret) 4281 SCTP_STAT_INCR(sctps_senderrors); 4282 4283 SCTPDBG(SCTP_DEBUG_OUTPUT3, "IP output returns %d\n", ret); 4284 if (net == NULL) { 4285 /* free tempy routes */ 4286 RO_RTFREE(ro); 4287 } else { 4288 /* 4289 * PMTU check versus smallest asoc MTU goes 4290 * here 4291 */ 4292 if ((ro->ro_rt != NULL) && 4293 (net->ro._s_addr)) { 4294 uint32_t mtu; 4295 4296 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt); 4297 if (net->port) { 4298 mtu -= sizeof(struct udphdr); 4299 } 4300 if (mtu && (stcb->asoc.smallest_mtu > mtu)) { 4301 sctp_mtu_size_reset(inp, &stcb->asoc, mtu); 4302 net->mtu = mtu; 4303 } 4304 } else if (ro->ro_rt == NULL) { 4305 /* route was freed */ 4306 if (net->ro._s_addr && 4307 net->src_addr_selected) { 4308 sctp_free_ifa(net->ro._s_addr); 4309 net->ro._s_addr = NULL; 4310 } 4311 net->src_addr_selected = 0; 4312 } 4313 } 4314 return (ret); 4315 } 4316#endif 4317#ifdef INET6 4318 case AF_INET6: 4319 { 4320 uint32_t flowlabel, flowinfo; 4321 struct ip6_hdr *ip6h; 4322 struct route_in6 ip6route; 4323 struct ifnet *ifp; 4324 struct sockaddr_in6 *sin6, tmp, *lsa6, lsa6_tmp; 4325 int prev_scope = 0; 4326 struct sockaddr_in6 lsa6_storage; 4327 int error; 4328 u_short prev_port = 0; 4329 int len; 4330 4331 if (net) { 4332 flowlabel = net->flowlabel; 4333 } else if (stcb) { 4334 flowlabel = stcb->asoc.default_flowlabel; 4335 } else { 4336 flowlabel = inp->sctp_ep.default_flowlabel; 4337 } 4338 if (flowlabel == 0) { 4339 /* 4340 * This means especially, that it is not set 4341 * at the SCTP layer. So use the value from 4342 * the IP layer. 4343 */ 4344 flowlabel = ntohl(((struct in6pcb *)inp)->in6p_flowinfo); 4345 } 4346 flowlabel &= 0x000fffff; 4347 len = SCTP_MIN_OVERHEAD; 4348 if (port) { 4349 len += sizeof(struct udphdr); 4350 } 4351 newm = sctp_get_mbuf_for_msg(len, 1, M_NOWAIT, 1, MT_DATA); 4352 if (newm == NULL) { 4353 sctp_m_freem(m); 4354 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 4355 return (ENOMEM); 4356 } 4357 SCTP_ALIGN_TO_END(newm, len); 4358 SCTP_BUF_LEN(newm) = len; 4359 SCTP_BUF_NEXT(newm) = m; 4360 m = newm; 4361 if (net != NULL) { 4362 m->m_pkthdr.flowid = net->flowid; 4363 M_HASHTYPE_SET(m, net->flowtype); 4364 } else { 4365 m->m_pkthdr.flowid = mflowid; 4366 M_HASHTYPE_SET(m, mflowtype); 4367 } 4368 packet_length = sctp_calculate_len(m); 4369 4370 ip6h = mtod(m, struct ip6_hdr *); 4371 /* protect *sin6 from overwrite */ 4372 sin6 = (struct sockaddr_in6 *)to; 4373 tmp = *sin6; 4374 sin6 = &tmp; 4375 4376 /* KAME hack: embed scopeid */ 4377 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 4378 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 4379 return (EINVAL); 4380 } 4381 if (net == NULL) { 4382 memset(&ip6route, 0, sizeof(ip6route)); 4383 ro = (sctp_route_t *) & ip6route; 4384 memcpy(&ro->ro_dst, sin6, sin6->sin6_len); 4385 } else { 4386 ro = (sctp_route_t *) & net->ro; 4387 } 4388 /* 4389 * We assume here that inp_flow is in host byte 4390 * order within the TCB! 4391 */ 4392 if (tos_value == 0) { 4393 /* 4394 * This means especially, that it is not set 4395 * at the SCTP layer. So use the value from 4396 * the IP layer. 4397 */ 4398 tos_value = (ntohl(((struct in6pcb *)inp)->in6p_flowinfo) >> 20) & 0xff; 4399 } 4400 tos_value &= 0xfc; 4401 if (ecn_ok) { 4402 tos_value |= sctp_get_ect(stcb); 4403 } 4404 flowinfo = 0x06; 4405 flowinfo <<= 8; 4406 flowinfo |= tos_value; 4407 flowinfo <<= 20; 4408 flowinfo |= flowlabel; 4409 ip6h->ip6_flow = htonl(flowinfo); 4410 if (port) { 4411 ip6h->ip6_nxt = IPPROTO_UDP; 4412 } else { 4413 ip6h->ip6_nxt = IPPROTO_SCTP; 4414 } 4415 ip6h->ip6_plen = (packet_length - sizeof(struct ip6_hdr)); 4416 ip6h->ip6_dst = sin6->sin6_addr; 4417 4418 /* 4419 * Add SRC address selection here: we can only reuse 4420 * to a limited degree the kame src-addr-sel, since 4421 * we can try their selection but it may not be 4422 * bound. 4423 */ 4424 bzero(&lsa6_tmp, sizeof(lsa6_tmp)); 4425 lsa6_tmp.sin6_family = AF_INET6; 4426 lsa6_tmp.sin6_len = sizeof(lsa6_tmp); 4427 lsa6 = &lsa6_tmp; 4428 if (net && out_of_asoc_ok == 0) { 4429 if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED | SCTP_ADDR_IFA_UNUSEABLE))) { 4430 sctp_free_ifa(net->ro._s_addr); 4431 net->ro._s_addr = NULL; 4432 net->src_addr_selected = 0; 4433 if (ro->ro_rt) { 4434 RTFREE(ro->ro_rt); 4435 ro->ro_rt = NULL; 4436 } 4437 } 4438 if (net->src_addr_selected == 0) { 4439 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 4440 /* KAME hack: embed scopeid */ 4441 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 4442 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 4443 return (EINVAL); 4444 } 4445 /* Cache the source address */ 4446 net->ro._s_addr = sctp_source_address_selection(inp, 4447 stcb, 4448 ro, 4449 net, 4450 0, 4451 vrf_id); 4452 (void)sa6_recoverscope(sin6); 4453 net->src_addr_selected = 1; 4454 } 4455 if (net->ro._s_addr == NULL) { 4456 SCTPDBG(SCTP_DEBUG_OUTPUT3, "V6:No route to host\n"); 4457 net->src_addr_selected = 0; 4458 sctp_handle_no_route(stcb, net, so_locked); 4459 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4460 sctp_m_freem(m); 4461 return (EHOSTUNREACH); 4462 } 4463 lsa6->sin6_addr = net->ro._s_addr->address.sin6.sin6_addr; 4464 } else { 4465 sin6 = (struct sockaddr_in6 *)&ro->ro_dst; 4466 /* KAME hack: embed scopeid */ 4467 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 4468 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 4469 return (EINVAL); 4470 } 4471 if (over_addr == NULL) { 4472 struct sctp_ifa *_lsrc; 4473 4474 _lsrc = sctp_source_address_selection(inp, stcb, ro, 4475 net, 4476 out_of_asoc_ok, 4477 vrf_id); 4478 if (_lsrc == NULL) { 4479 sctp_handle_no_route(stcb, net, so_locked); 4480 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4481 sctp_m_freem(m); 4482 return (EHOSTUNREACH); 4483 } 4484 lsa6->sin6_addr = _lsrc->address.sin6.sin6_addr; 4485 sctp_free_ifa(_lsrc); 4486 } else { 4487 lsa6->sin6_addr = over_addr->sin6.sin6_addr; 4488 SCTP_RTALLOC(ro, vrf_id, inp->fibnum); 4489 } 4490 (void)sa6_recoverscope(sin6); 4491 } 4492 lsa6->sin6_port = inp->sctp_lport; 4493 4494 if (ro->ro_rt == NULL) { 4495 /* 4496 * src addr selection failed to find a route 4497 * (or valid source addr), so we can't get 4498 * there from here! 4499 */ 4500 sctp_handle_no_route(stcb, net, so_locked); 4501 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4502 sctp_m_freem(m); 4503 return (EHOSTUNREACH); 4504 } 4505 /* 4506 * XXX: sa6 may not have a valid sin6_scope_id in 4507 * the non-SCOPEDROUTING case. 4508 */ 4509 bzero(&lsa6_storage, sizeof(lsa6_storage)); 4510 lsa6_storage.sin6_family = AF_INET6; 4511 lsa6_storage.sin6_len = sizeof(lsa6_storage); 4512 lsa6_storage.sin6_addr = lsa6->sin6_addr; 4513 if ((error = sa6_recoverscope(&lsa6_storage)) != 0) { 4514 SCTPDBG(SCTP_DEBUG_OUTPUT3, "recover scope fails error %d\n", error); 4515 sctp_m_freem(m); 4516 return (error); 4517 } 4518 /* XXX */ 4519 lsa6_storage.sin6_addr = lsa6->sin6_addr; 4520 lsa6_storage.sin6_port = inp->sctp_lport; 4521 lsa6 = &lsa6_storage; 4522 ip6h->ip6_src = lsa6->sin6_addr; 4523 4524 if (port) { 4525 if (htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)) == 0) { 4526 sctp_handle_no_route(stcb, net, so_locked); 4527 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH); 4528 sctp_m_freem(m); 4529 return (EHOSTUNREACH); 4530 } 4531 udp = (struct udphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr)); 4532 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 4533 udp->uh_dport = port; 4534 udp->uh_ulen = htons(packet_length - sizeof(struct ip6_hdr)); 4535 udp->uh_sum = 0; 4536 sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr)); 4537 } else { 4538 sctphdr = (struct sctphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr)); 4539 } 4540 4541 sctphdr->src_port = src_port; 4542 sctphdr->dest_port = dest_port; 4543 sctphdr->v_tag = v_tag; 4544 sctphdr->checksum = 0; 4545 4546 /* 4547 * We set the hop limit now since there is a good 4548 * chance that our ro pointer is now filled 4549 */ 4550 ip6h->ip6_hlim = SCTP_GET_HLIM(inp, ro); 4551 ifp = SCTP_GET_IFN_VOID_FROM_ROUTE(ro); 4552 4553#ifdef SCTP_DEBUG 4554 /* Copy to be sure something bad is not happening */ 4555 sin6->sin6_addr = ip6h->ip6_dst; 4556 lsa6->sin6_addr = ip6h->ip6_src; 4557#endif 4558 4559 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv6 output routine from low level\n"); 4560 SCTPDBG(SCTP_DEBUG_OUTPUT3, "src: "); 4561 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)lsa6); 4562 SCTPDBG(SCTP_DEBUG_OUTPUT3, "dst: "); 4563 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)sin6); 4564 if (net) { 4565 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 4566 /* 4567 * preserve the port and scope for link 4568 * local send 4569 */ 4570 prev_scope = sin6->sin6_scope_id; 4571 prev_port = sin6->sin6_port; 4572 } 4573 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 4574 /* failed to prepend data, give up */ 4575 sctp_m_freem(m); 4576 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 4577 return (ENOMEM); 4578 } 4579 SCTP_ATTACH_CHAIN(o_pak, m, packet_length); 4580 if (port) { 4581#if defined(SCTP_WITH_NO_CSUM) 4582 SCTP_STAT_INCR(sctps_sendnocrc); 4583#else 4584 sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 4585 SCTP_STAT_INCR(sctps_sendswcrc); 4586#endif 4587 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), packet_length - sizeof(struct ip6_hdr))) == 0) { 4588 udp->uh_sum = 0xffff; 4589 } 4590 } else { 4591#if defined(SCTP_WITH_NO_CSUM) 4592 SCTP_STAT_INCR(sctps_sendnocrc); 4593#else 4594 m->m_pkthdr.csum_flags = CSUM_SCTP_IPV6; 4595 m->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum); 4596 SCTP_STAT_INCR(sctps_sendhwcrc); 4597#endif 4598 } 4599 /* send it out. table id is taken from stcb */ 4600#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4601 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4602 so = SCTP_INP_SO(inp); 4603 SCTP_SOCKET_UNLOCK(so, 0); 4604 } 4605#endif 4606#ifdef SCTP_PACKET_LOGGING 4607 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) 4608 sctp_packet_log(o_pak); 4609#endif 4610 SCTP_IP6_OUTPUT(ret, o_pak, (struct route_in6 *)ro, &ifp, stcb, vrf_id); 4611#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) 4612 if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) { 4613 atomic_add_int(&stcb->asoc.refcnt, 1); 4614 SCTP_TCB_UNLOCK(stcb); 4615 SCTP_SOCKET_LOCK(so, 0); 4616 SCTP_TCB_LOCK(stcb); 4617 atomic_subtract_int(&stcb->asoc.refcnt, 1); 4618 } 4619#endif 4620 if (net) { 4621 /* for link local this must be done */ 4622 sin6->sin6_scope_id = prev_scope; 4623 sin6->sin6_port = prev_port; 4624 } 4625 SCTPDBG(SCTP_DEBUG_OUTPUT3, "return from send is %d\n", ret); 4626 SCTP_STAT_INCR(sctps_sendpackets); 4627 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 4628 if (ret) { 4629 SCTP_STAT_INCR(sctps_senderrors); 4630 } 4631 if (net == NULL) { 4632 /* Now if we had a temp route free it */ 4633 RO_RTFREE(ro); 4634 } else { 4635 /* 4636 * PMTU check versus smallest asoc MTU goes 4637 * here 4638 */ 4639 if (ro->ro_rt == NULL) { 4640 /* Route was freed */ 4641 if (net->ro._s_addr && 4642 net->src_addr_selected) { 4643 sctp_free_ifa(net->ro._s_addr); 4644 net->ro._s_addr = NULL; 4645 } 4646 net->src_addr_selected = 0; 4647 } 4648 if ((ro->ro_rt != NULL) && 4649 (net->ro._s_addr)) { 4650 uint32_t mtu; 4651 4652 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt); 4653 if (mtu && 4654 (stcb->asoc.smallest_mtu > mtu)) { 4655 sctp_mtu_size_reset(inp, &stcb->asoc, mtu); 4656 net->mtu = mtu; 4657 if (net->port) { 4658 net->mtu -= sizeof(struct udphdr); 4659 } 4660 } 4661 } else if (ifp) { 4662 if (ND_IFINFO(ifp)->linkmtu && 4663 (stcb->asoc.smallest_mtu > ND_IFINFO(ifp)->linkmtu)) { 4664 sctp_mtu_size_reset(inp, 4665 &stcb->asoc, 4666 ND_IFINFO(ifp)->linkmtu); 4667 } 4668 } 4669 } 4670 return (ret); 4671 } 4672#endif 4673 default: 4674 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Unknown protocol (TSNH) type %d\n", 4675 ((struct sockaddr *)to)->sa_family); 4676 sctp_m_freem(m); 4677 SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 4678 return (EFAULT); 4679 } 4680} 4681 4682 4683void 4684sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int so_locked 4685#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 4686 SCTP_UNUSED 4687#endif 4688) 4689{ 4690 struct mbuf *m, *m_last; 4691 struct sctp_nets *net; 4692 struct sctp_init_chunk *init; 4693 struct sctp_supported_addr_param *sup_addr; 4694 struct sctp_adaptation_layer_indication *ali; 4695 struct sctp_supported_chunk_types_param *pr_supported; 4696 struct sctp_paramhdr *ph; 4697 int cnt_inits_to = 0; 4698 int ret; 4699 uint16_t num_ext, chunk_len, padding_len, parameter_len; 4700 4701 /* INIT's always go to the primary (and usually ONLY address) */ 4702 net = stcb->asoc.primary_destination; 4703 if (net == NULL) { 4704 net = TAILQ_FIRST(&stcb->asoc.nets); 4705 if (net == NULL) { 4706 /* TSNH */ 4707 return; 4708 } 4709 /* we confirm any address we send an INIT to */ 4710 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 4711 (void)sctp_set_primary_addr(stcb, NULL, net); 4712 } else { 4713 /* we confirm any address we send an INIT to */ 4714 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 4715 } 4716 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT\n"); 4717#ifdef INET6 4718 if (net->ro._l_addr.sa.sa_family == AF_INET6) { 4719 /* 4720 * special hook, if we are sending to link local it will not 4721 * show up in our private address count. 4722 */ 4723 if (IN6_IS_ADDR_LINKLOCAL(&net->ro._l_addr.sin6.sin6_addr)) 4724 cnt_inits_to = 1; 4725 } 4726#endif 4727 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 4728 /* This case should not happen */ 4729 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - failed timer?\n"); 4730 return; 4731 } 4732 /* start the INIT timer */ 4733 sctp_timer_start(SCTP_TIMER_TYPE_INIT, inp, stcb, net); 4734 4735 m = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_NOWAIT, 1, MT_DATA); 4736 if (m == NULL) { 4737 /* No memory, INIT timer will re-attempt. */ 4738 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - mbuf?\n"); 4739 return; 4740 } 4741 chunk_len = (uint16_t) sizeof(struct sctp_init_chunk); 4742 padding_len = 0; 4743 /* Now lets put the chunk header in place */ 4744 init = mtod(m, struct sctp_init_chunk *); 4745 /* now the chunk header */ 4746 init->ch.chunk_type = SCTP_INITIATION; 4747 init->ch.chunk_flags = 0; 4748 /* fill in later from mbuf we build */ 4749 init->ch.chunk_length = 0; 4750 /* place in my tag */ 4751 init->init.initiate_tag = htonl(stcb->asoc.my_vtag); 4752 /* set up some of the credits. */ 4753 init->init.a_rwnd = htonl(max(inp->sctp_socket ? SCTP_SB_LIMIT_RCV(inp->sctp_socket) : 0, 4754 SCTP_MINIMAL_RWND)); 4755 init->init.num_outbound_streams = htons(stcb->asoc.pre_open_streams); 4756 init->init.num_inbound_streams = htons(stcb->asoc.max_inbound_streams); 4757 init->init.initial_tsn = htonl(stcb->asoc.init_seq_number); 4758 4759 /* Adaptation layer indication parameter */ 4760 if (inp->sctp_ep.adaptation_layer_indicator_provided) { 4761 parameter_len = (uint16_t) sizeof(struct sctp_adaptation_layer_indication); 4762 ali = (struct sctp_adaptation_layer_indication *)(mtod(m, caddr_t)+chunk_len); 4763 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION); 4764 ali->ph.param_length = htons(parameter_len); 4765 ali->indication = htonl(inp->sctp_ep.adaptation_layer_indicator); 4766 chunk_len += parameter_len; 4767 } 4768 /* ECN parameter */ 4769 if (stcb->asoc.ecn_supported == 1) { 4770 parameter_len = (uint16_t) sizeof(struct sctp_paramhdr); 4771 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+chunk_len); 4772 ph->param_type = htons(SCTP_ECN_CAPABLE); 4773 ph->param_length = htons(parameter_len); 4774 chunk_len += parameter_len; 4775 } 4776 /* PR-SCTP supported parameter */ 4777 if (stcb->asoc.prsctp_supported == 1) { 4778 parameter_len = (uint16_t) sizeof(struct sctp_paramhdr); 4779 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+chunk_len); 4780 ph->param_type = htons(SCTP_PRSCTP_SUPPORTED); 4781 ph->param_length = htons(parameter_len); 4782 chunk_len += parameter_len; 4783 } 4784 /* Add NAT friendly parameter. */ 4785 if (SCTP_BASE_SYSCTL(sctp_inits_include_nat_friendly)) { 4786 parameter_len = (uint16_t) sizeof(struct sctp_paramhdr); 4787 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+chunk_len); 4788 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT); 4789 ph->param_length = htons(parameter_len); 4790 chunk_len += parameter_len; 4791 } 4792 /* And now tell the peer which extensions we support */ 4793 num_ext = 0; 4794 pr_supported = (struct sctp_supported_chunk_types_param *)(mtod(m, caddr_t)+chunk_len); 4795 if (stcb->asoc.prsctp_supported == 1) { 4796 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; 4797 } 4798 if (stcb->asoc.auth_supported == 1) { 4799 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION; 4800 } 4801 if (stcb->asoc.asconf_supported == 1) { 4802 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF; 4803 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK; 4804 } 4805 if (stcb->asoc.reconfig_supported == 1) { 4806 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; 4807 } 4808 if (stcb->asoc.nrsack_supported == 1) { 4809 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK; 4810 } 4811 if (stcb->asoc.pktdrop_supported == 1) { 4812 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED; 4813 } 4814 if (num_ext > 0) { 4815 parameter_len = (uint16_t) sizeof(struct sctp_supported_chunk_types_param) + num_ext; 4816 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 4817 pr_supported->ph.param_length = htons(parameter_len); 4818 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 4819 chunk_len += parameter_len; 4820 } 4821 /* add authentication parameters */ 4822 if (stcb->asoc.auth_supported) { 4823 /* attach RANDOM parameter, if available */ 4824 if (stcb->asoc.authinfo.random != NULL) { 4825 struct sctp_auth_random *randp; 4826 4827 if (padding_len > 0) { 4828 memset(mtod(m, caddr_t)+chunk_len, 0, padding_len); 4829 chunk_len += padding_len; 4830 padding_len = 0; 4831 } 4832 randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+chunk_len); 4833 parameter_len = (uint16_t) sizeof(struct sctp_auth_random) + stcb->asoc.authinfo.random_len; 4834 /* random key already contains the header */ 4835 memcpy(randp, stcb->asoc.authinfo.random->key, parameter_len); 4836 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 4837 chunk_len += parameter_len; 4838 } 4839 /* add HMAC_ALGO parameter */ 4840 if (stcb->asoc.local_hmacs != NULL) { 4841 struct sctp_auth_hmac_algo *hmacs; 4842 4843 if (padding_len > 0) { 4844 memset(mtod(m, caddr_t)+chunk_len, 0, padding_len); 4845 chunk_len += padding_len; 4846 padding_len = 0; 4847 } 4848 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+chunk_len); 4849 parameter_len = (uint16_t) (sizeof(struct sctp_auth_hmac_algo) + 4850 stcb->asoc.local_hmacs->num_algo * sizeof(uint16_t)); 4851 hmacs->ph.param_type = htons(SCTP_HMAC_LIST); 4852 hmacs->ph.param_length = htons(parameter_len); 4853 sctp_serialize_hmaclist(stcb->asoc.local_hmacs, (uint8_t *) hmacs->hmac_ids); 4854 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 4855 chunk_len += parameter_len; 4856 } 4857 /* add CHUNKS parameter */ 4858 if (stcb->asoc.local_auth_chunks != NULL) { 4859 struct sctp_auth_chunk_list *chunks; 4860 4861 if (padding_len > 0) { 4862 memset(mtod(m, caddr_t)+chunk_len, 0, padding_len); 4863 chunk_len += padding_len; 4864 padding_len = 0; 4865 } 4866 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+chunk_len); 4867 parameter_len = (uint16_t) (sizeof(struct sctp_auth_chunk_list) + 4868 sctp_auth_get_chklist_size(stcb->asoc.local_auth_chunks)); 4869 chunks->ph.param_type = htons(SCTP_CHUNK_LIST); 4870 chunks->ph.param_length = htons(parameter_len); 4871 sctp_serialize_auth_chunks(stcb->asoc.local_auth_chunks, chunks->chunk_types); 4872 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 4873 chunk_len += parameter_len; 4874 } 4875 } 4876 /* now any cookie time extensions */ 4877 if (stcb->asoc.cookie_preserve_req) { 4878 struct sctp_cookie_perserve_param *cookie_preserve; 4879 4880 if (padding_len > 0) { 4881 memset(mtod(m, caddr_t)+chunk_len, 0, padding_len); 4882 chunk_len += padding_len; 4883 padding_len = 0; 4884 } 4885 parameter_len = (uint16_t) sizeof(struct sctp_cookie_perserve_param); 4886 cookie_preserve = (struct sctp_cookie_perserve_param *)(mtod(m, caddr_t)+chunk_len); 4887 cookie_preserve->ph.param_type = htons(SCTP_COOKIE_PRESERVE); 4888 cookie_preserve->ph.param_length = htons(parameter_len); 4889 cookie_preserve->time = htonl(stcb->asoc.cookie_preserve_req); 4890 stcb->asoc.cookie_preserve_req = 0; 4891 chunk_len += parameter_len; 4892 } 4893 if (stcb->asoc.scope.ipv4_addr_legal || stcb->asoc.scope.ipv6_addr_legal) { 4894 uint8_t i; 4895 4896 if (padding_len > 0) { 4897 memset(mtod(m, caddr_t)+chunk_len, 0, padding_len); 4898 chunk_len += padding_len; 4899 padding_len = 0; 4900 } 4901 parameter_len = (uint16_t) sizeof(struct sctp_paramhdr); 4902 if (stcb->asoc.scope.ipv4_addr_legal) { 4903 parameter_len += (uint16_t) sizeof(uint16_t); 4904 } 4905 if (stcb->asoc.scope.ipv6_addr_legal) { 4906 parameter_len += (uint16_t) sizeof(uint16_t); 4907 } 4908 sup_addr = (struct sctp_supported_addr_param *)(mtod(m, caddr_t)+chunk_len); 4909 sup_addr->ph.param_type = htons(SCTP_SUPPORTED_ADDRTYPE); 4910 sup_addr->ph.param_length = htons(parameter_len); 4911 i = 0; 4912 if (stcb->asoc.scope.ipv4_addr_legal) { 4913 sup_addr->addr_type[i++] = htons(SCTP_IPV4_ADDRESS); 4914 } 4915 if (stcb->asoc.scope.ipv6_addr_legal) { 4916 sup_addr->addr_type[i++] = htons(SCTP_IPV6_ADDRESS); 4917 } 4918 padding_len = 4 - 2 * i; 4919 chunk_len += parameter_len; 4920 } 4921 SCTP_BUF_LEN(m) = chunk_len; 4922 /* now the addresses */ 4923 /* 4924 * To optimize this we could put the scoping stuff into a structure 4925 * and remove the individual uint8's from the assoc structure. Then 4926 * we could just sifa in the address within the stcb. But for now 4927 * this is a quick hack to get the address stuff teased apart. 4928 */ 4929 m_last = sctp_add_addresses_to_i_ia(inp, stcb, &stcb->asoc.scope, 4930 m, cnt_inits_to, 4931 &padding_len, &chunk_len); 4932 4933 init->ch.chunk_length = htons(chunk_len); 4934 if (padding_len > 0) { 4935 if (sctp_add_pad_tombuf(m_last, padding_len) == NULL) { 4936 sctp_m_freem(m); 4937 return; 4938 } 4939 } 4940 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - calls lowlevel_output\n"); 4941 ret = sctp_lowlevel_chunk_output(inp, stcb, net, 4942 (struct sockaddr *)&net->ro._l_addr, 4943 m, 0, NULL, 0, 0, 0, 0, 4944 inp->sctp_lport, stcb->rport, htonl(0), 4945 net->port, NULL, 4946 0, 0, 4947 so_locked); 4948 SCTPDBG(SCTP_DEBUG_OUTPUT4, "lowlevel_output - %d\n", ret); 4949 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 4950 (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 4951} 4952 4953struct mbuf * 4954sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt, 4955 int param_offset, int *abort_processing, struct sctp_chunkhdr *cp, int *nat_friendly) 4956{ 4957 /* 4958 * Given a mbuf containing an INIT or INIT-ACK with the param_offset 4959 * being equal to the beginning of the params i.e. (iphlen + 4960 * sizeof(struct sctp_init_msg) parse through the parameters to the 4961 * end of the mbuf verifying that all parameters are known. 4962 * 4963 * For unknown parameters build and return a mbuf with 4964 * UNRECOGNIZED_PARAMETER errors. If the flags indicate to stop 4965 * processing this chunk stop, and set *abort_processing to 1. 4966 * 4967 * By having param_offset be pre-set to where parameters begin it is 4968 * hoped that this routine may be reused in the future by new 4969 * features. 4970 */ 4971 struct sctp_paramhdr *phdr, params; 4972 4973 struct mbuf *mat, *op_err; 4974 char tempbuf[SCTP_PARAM_BUFFER_SIZE]; 4975 int at, limit, pad_needed; 4976 uint16_t ptype, plen, padded_size; 4977 int err_at; 4978 4979 *abort_processing = 0; 4980 mat = in_initpkt; 4981 err_at = 0; 4982 limit = ntohs(cp->chunk_length) - sizeof(struct sctp_init_chunk); 4983 at = param_offset; 4984 op_err = NULL; 4985 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Check for unrecognized param's\n"); 4986 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 4987 while ((phdr != NULL) && ((size_t)limit >= sizeof(struct sctp_paramhdr))) { 4988 ptype = ntohs(phdr->param_type); 4989 plen = ntohs(phdr->param_length); 4990 if ((plen > limit) || (plen < sizeof(struct sctp_paramhdr))) { 4991 /* wacked parameter */ 4992 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error %d\n", plen); 4993 goto invalid_size; 4994 } 4995 limit -= SCTP_SIZE32(plen); 4996 /*- 4997 * All parameters for all chunks that we know/understand are 4998 * listed here. We process them other places and make 4999 * appropriate stop actions per the upper bits. However this 5000 * is the generic routine processor's can call to get back 5001 * an operr.. to either incorporate (init-ack) or send. 5002 */ 5003 padded_size = SCTP_SIZE32(plen); 5004 switch (ptype) { 5005 /* Param's with variable size */ 5006 case SCTP_HEARTBEAT_INFO: 5007 case SCTP_STATE_COOKIE: 5008 case SCTP_UNRECOG_PARAM: 5009 case SCTP_ERROR_CAUSE_IND: 5010 /* ok skip fwd */ 5011 at += padded_size; 5012 break; 5013 /* Param's with variable size within a range */ 5014 case SCTP_CHUNK_LIST: 5015 case SCTP_SUPPORTED_CHUNK_EXT: 5016 if (padded_size > (sizeof(struct sctp_supported_chunk_types_param) + (sizeof(uint8_t) * SCTP_MAX_SUPPORTED_EXT))) { 5017 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error chklist %d\n", plen); 5018 goto invalid_size; 5019 } 5020 at += padded_size; 5021 break; 5022 case SCTP_SUPPORTED_ADDRTYPE: 5023 if (padded_size > SCTP_MAX_ADDR_PARAMS_SIZE) { 5024 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error supaddrtype %d\n", plen); 5025 goto invalid_size; 5026 } 5027 at += padded_size; 5028 break; 5029 case SCTP_RANDOM: 5030 if (padded_size > (sizeof(struct sctp_auth_random) + SCTP_RANDOM_MAX_SIZE)) { 5031 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error random %d\n", plen); 5032 goto invalid_size; 5033 } 5034 at += padded_size; 5035 break; 5036 case SCTP_SET_PRIM_ADDR: 5037 case SCTP_DEL_IP_ADDRESS: 5038 case SCTP_ADD_IP_ADDRESS: 5039 if ((padded_size != sizeof(struct sctp_asconf_addrv4_param)) && 5040 (padded_size != sizeof(struct sctp_asconf_addr_param))) { 5041 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error setprim %d\n", plen); 5042 goto invalid_size; 5043 } 5044 at += padded_size; 5045 break; 5046 /* Param's with a fixed size */ 5047 case SCTP_IPV4_ADDRESS: 5048 if (padded_size != sizeof(struct sctp_ipv4addr_param)) { 5049 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv4 addr %d\n", plen); 5050 goto invalid_size; 5051 } 5052 at += padded_size; 5053 break; 5054 case SCTP_IPV6_ADDRESS: 5055 if (padded_size != sizeof(struct sctp_ipv6addr_param)) { 5056 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv6 addr %d\n", plen); 5057 goto invalid_size; 5058 } 5059 at += padded_size; 5060 break; 5061 case SCTP_COOKIE_PRESERVE: 5062 if (padded_size != sizeof(struct sctp_cookie_perserve_param)) { 5063 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error cookie-preserve %d\n", plen); 5064 goto invalid_size; 5065 } 5066 at += padded_size; 5067 break; 5068 case SCTP_HAS_NAT_SUPPORT: 5069 *nat_friendly = 1; 5070 /* fall through */ 5071 case SCTP_PRSCTP_SUPPORTED: 5072 if (padded_size != sizeof(struct sctp_paramhdr)) { 5073 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error prsctp/nat support %d\n", plen); 5074 goto invalid_size; 5075 } 5076 at += padded_size; 5077 break; 5078 case SCTP_ECN_CAPABLE: 5079 if (padded_size != sizeof(struct sctp_paramhdr)) { 5080 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ecn %d\n", plen); 5081 goto invalid_size; 5082 } 5083 at += padded_size; 5084 break; 5085 case SCTP_ULP_ADAPTATION: 5086 if (padded_size != sizeof(struct sctp_adaptation_layer_indication)) { 5087 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error adapatation %d\n", plen); 5088 goto invalid_size; 5089 } 5090 at += padded_size; 5091 break; 5092 case SCTP_SUCCESS_REPORT: 5093 if (padded_size != sizeof(struct sctp_asconf_paramhdr)) { 5094 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error success %d\n", plen); 5095 goto invalid_size; 5096 } 5097 at += padded_size; 5098 break; 5099 case SCTP_HOSTNAME_ADDRESS: 5100 { 5101 /* We can NOT handle HOST NAME addresses!! */ 5102 int l_len; 5103 5104 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Can't handle hostname addresses.. abort processing\n"); 5105 *abort_processing = 1; 5106 if (op_err == NULL) { 5107 /* Ok need to try to get a mbuf */ 5108#ifdef INET6 5109 l_len = SCTP_MIN_OVERHEAD; 5110#else 5111 l_len = SCTP_MIN_V4_OVERHEAD; 5112#endif 5113 l_len += sizeof(struct sctp_chunkhdr); 5114 l_len += plen; 5115 l_len += sizeof(struct sctp_paramhdr); 5116 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA); 5117 if (op_err) { 5118 SCTP_BUF_LEN(op_err) = 0; 5119 /* 5120 * pre-reserve space for ip 5121 * and sctp header and 5122 * chunk hdr 5123 */ 5124#ifdef INET6 5125 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 5126#else 5127 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 5128#endif 5129 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 5130 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 5131 } 5132 } 5133 if (op_err) { 5134 /* If we have space */ 5135 struct sctp_paramhdr s; 5136 5137 if (err_at % 4) { 5138 uint32_t cpthis = 0; 5139 5140 pad_needed = 4 - (err_at % 4); 5141 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 5142 err_at += pad_needed; 5143 } 5144 s.param_type = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR); 5145 s.param_length = htons(sizeof(s) + plen); 5146 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 5147 err_at += sizeof(s); 5148 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf), plen)); 5149 if (phdr == NULL) { 5150 sctp_m_freem(op_err); 5151 /* 5152 * we are out of memory but 5153 * we still need to have a 5154 * look at what to do (the 5155 * system is in trouble 5156 * though). 5157 */ 5158 return (NULL); 5159 } 5160 m_copyback(op_err, err_at, plen, (caddr_t)phdr); 5161 } 5162 return (op_err); 5163 break; 5164 } 5165 default: 5166 /* 5167 * we do not recognize the parameter figure out what 5168 * we do. 5169 */ 5170 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Hit default param %x\n", ptype); 5171 if ((ptype & 0x4000) == 0x4000) { 5172 /* Report bit is set?? */ 5173 SCTPDBG(SCTP_DEBUG_OUTPUT1, "report op err\n"); 5174 if (op_err == NULL) { 5175 int l_len; 5176 5177 /* Ok need to try to get an mbuf */ 5178#ifdef INET6 5179 l_len = SCTP_MIN_OVERHEAD; 5180#else 5181 l_len = SCTP_MIN_V4_OVERHEAD; 5182#endif 5183 l_len += sizeof(struct sctp_chunkhdr); 5184 l_len += plen; 5185 l_len += sizeof(struct sctp_paramhdr); 5186 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA); 5187 if (op_err) { 5188 SCTP_BUF_LEN(op_err) = 0; 5189#ifdef INET6 5190 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 5191#else 5192 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 5193#endif 5194 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 5195 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 5196 } 5197 } 5198 if (op_err) { 5199 /* If we have space */ 5200 struct sctp_paramhdr s; 5201 5202 if (err_at % 4) { 5203 uint32_t cpthis = 0; 5204 5205 pad_needed = 4 - (err_at % 4); 5206 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 5207 err_at += pad_needed; 5208 } 5209 s.param_type = htons(SCTP_UNRECOG_PARAM); 5210 s.param_length = htons(sizeof(s) + plen); 5211 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 5212 err_at += sizeof(s); 5213 if (plen > sizeof(tempbuf)) { 5214 plen = sizeof(tempbuf); 5215 } 5216 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, min(sizeof(tempbuf), plen)); 5217 if (phdr == NULL) { 5218 sctp_m_freem(op_err); 5219 /* 5220 * we are out of memory but 5221 * we still need to have a 5222 * look at what to do (the 5223 * system is in trouble 5224 * though). 5225 */ 5226 op_err = NULL; 5227 goto more_processing; 5228 } 5229 m_copyback(op_err, err_at, plen, (caddr_t)phdr); 5230 err_at += plen; 5231 } 5232 } 5233 more_processing: 5234 if ((ptype & 0x8000) == 0x0000) { 5235 SCTPDBG(SCTP_DEBUG_OUTPUT1, "stop proc\n"); 5236 return (op_err); 5237 } else { 5238 /* skip this chunk and continue processing */ 5239 SCTPDBG(SCTP_DEBUG_OUTPUT1, "move on\n"); 5240 at += SCTP_SIZE32(plen); 5241 } 5242 break; 5243 5244 } 5245 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 5246 } 5247 return (op_err); 5248invalid_size: 5249 SCTPDBG(SCTP_DEBUG_OUTPUT1, "abort flag set\n"); 5250 *abort_processing = 1; 5251 if ((op_err == NULL) && phdr) { 5252 int l_len; 5253 5254#ifdef INET6 5255 l_len = SCTP_MIN_OVERHEAD; 5256#else 5257 l_len = SCTP_MIN_V4_OVERHEAD; 5258#endif 5259 l_len += sizeof(struct sctp_chunkhdr); 5260 l_len += (2 * sizeof(struct sctp_paramhdr)); 5261 op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA); 5262 if (op_err) { 5263 SCTP_BUF_LEN(op_err) = 0; 5264#ifdef INET6 5265 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); 5266#else 5267 SCTP_BUF_RESV_UF(op_err, sizeof(struct ip)); 5268#endif 5269 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); 5270 SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); 5271 } 5272 } 5273 if ((op_err) && phdr) { 5274 struct sctp_paramhdr s; 5275 5276 if (err_at % 4) { 5277 uint32_t cpthis = 0; 5278 5279 pad_needed = 4 - (err_at % 4); 5280 m_copyback(op_err, err_at, pad_needed, (caddr_t)&cpthis); 5281 err_at += pad_needed; 5282 } 5283 s.param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION); 5284 s.param_length = htons(sizeof(s) + sizeof(struct sctp_paramhdr)); 5285 m_copyback(op_err, err_at, sizeof(s), (caddr_t)&s); 5286 err_at += sizeof(s); 5287 /* Only copy back the p-hdr that caused the issue */ 5288 m_copyback(op_err, err_at, sizeof(struct sctp_paramhdr), (caddr_t)phdr); 5289 } 5290 return (op_err); 5291} 5292 5293static int 5294sctp_are_there_new_addresses(struct sctp_association *asoc, 5295 struct mbuf *in_initpkt, int offset, struct sockaddr *src) 5296{ 5297 /* 5298 * Given a INIT packet, look through the packet to verify that there 5299 * are NO new addresses. As we go through the parameters add reports 5300 * of any un-understood parameters that require an error. Also we 5301 * must return (1) to drop the packet if we see a un-understood 5302 * parameter that tells us to drop the chunk. 5303 */ 5304 struct sockaddr *sa_touse; 5305 struct sockaddr *sa; 5306 struct sctp_paramhdr *phdr, params; 5307 uint16_t ptype, plen; 5308 uint8_t fnd; 5309 struct sctp_nets *net; 5310 5311#ifdef INET 5312 struct sockaddr_in sin4, *sa4; 5313 5314#endif 5315#ifdef INET6 5316 struct sockaddr_in6 sin6, *sa6; 5317 5318#endif 5319 5320#ifdef INET 5321 memset(&sin4, 0, sizeof(sin4)); 5322 sin4.sin_family = AF_INET; 5323 sin4.sin_len = sizeof(sin4); 5324#endif 5325#ifdef INET6 5326 memset(&sin6, 0, sizeof(sin6)); 5327 sin6.sin6_family = AF_INET6; 5328 sin6.sin6_len = sizeof(sin6); 5329#endif 5330 /* First what about the src address of the pkt ? */ 5331 fnd = 0; 5332 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 5333 sa = (struct sockaddr *)&net->ro._l_addr; 5334 if (sa->sa_family == src->sa_family) { 5335#ifdef INET 5336 if (sa->sa_family == AF_INET) { 5337 struct sockaddr_in *src4; 5338 5339 sa4 = (struct sockaddr_in *)sa; 5340 src4 = (struct sockaddr_in *)src; 5341 if (sa4->sin_addr.s_addr == src4->sin_addr.s_addr) { 5342 fnd = 1; 5343 break; 5344 } 5345 } 5346#endif 5347#ifdef INET6 5348 if (sa->sa_family == AF_INET6) { 5349 struct sockaddr_in6 *src6; 5350 5351 sa6 = (struct sockaddr_in6 *)sa; 5352 src6 = (struct sockaddr_in6 *)src; 5353 if (SCTP6_ARE_ADDR_EQUAL(sa6, src6)) { 5354 fnd = 1; 5355 break; 5356 } 5357 } 5358#endif 5359 } 5360 } 5361 if (fnd == 0) { 5362 /* New address added! no need to look futher. */ 5363 return (1); 5364 } 5365 /* Ok so far lets munge through the rest of the packet */ 5366 offset += sizeof(struct sctp_init_chunk); 5367 phdr = sctp_get_next_param(in_initpkt, offset, ¶ms, sizeof(params)); 5368 while (phdr) { 5369 sa_touse = NULL; 5370 ptype = ntohs(phdr->param_type); 5371 plen = ntohs(phdr->param_length); 5372 switch (ptype) { 5373#ifdef INET 5374 case SCTP_IPV4_ADDRESS: 5375 { 5376 struct sctp_ipv4addr_param *p4, p4_buf; 5377 5378 phdr = sctp_get_next_param(in_initpkt, offset, 5379 (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf)); 5380 if (plen != sizeof(struct sctp_ipv4addr_param) || 5381 phdr == NULL) { 5382 return (1); 5383 } 5384 p4 = (struct sctp_ipv4addr_param *)phdr; 5385 sin4.sin_addr.s_addr = p4->addr; 5386 sa_touse = (struct sockaddr *)&sin4; 5387 break; 5388 } 5389#endif 5390#ifdef INET6 5391 case SCTP_IPV6_ADDRESS: 5392 { 5393 struct sctp_ipv6addr_param *p6, p6_buf; 5394 5395 phdr = sctp_get_next_param(in_initpkt, offset, 5396 (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf)); 5397 if (plen != sizeof(struct sctp_ipv6addr_param) || 5398 phdr == NULL) { 5399 return (1); 5400 } 5401 p6 = (struct sctp_ipv6addr_param *)phdr; 5402 memcpy((caddr_t)&sin6.sin6_addr, p6->addr, 5403 sizeof(p6->addr)); 5404 sa_touse = (struct sockaddr *)&sin6; 5405 break; 5406 } 5407#endif 5408 default: 5409 sa_touse = NULL; 5410 break; 5411 } 5412 if (sa_touse) { 5413 /* ok, sa_touse points to one to check */ 5414 fnd = 0; 5415 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 5416 sa = (struct sockaddr *)&net->ro._l_addr; 5417 if (sa->sa_family != sa_touse->sa_family) { 5418 continue; 5419 } 5420#ifdef INET 5421 if (sa->sa_family == AF_INET) { 5422 sa4 = (struct sockaddr_in *)sa; 5423 if (sa4->sin_addr.s_addr == 5424 sin4.sin_addr.s_addr) { 5425 fnd = 1; 5426 break; 5427 } 5428 } 5429#endif 5430#ifdef INET6 5431 if (sa->sa_family == AF_INET6) { 5432 sa6 = (struct sockaddr_in6 *)sa; 5433 if (SCTP6_ARE_ADDR_EQUAL( 5434 sa6, &sin6)) { 5435 fnd = 1; 5436 break; 5437 } 5438 } 5439#endif 5440 } 5441 if (!fnd) { 5442 /* New addr added! no need to look further */ 5443 return (1); 5444 } 5445 } 5446 offset += SCTP_SIZE32(plen); 5447 phdr = sctp_get_next_param(in_initpkt, offset, ¶ms, sizeof(params)); 5448 } 5449 return (0); 5450} 5451 5452/* 5453 * Given a MBUF chain that was sent into us containing an INIT. Build a 5454 * INIT-ACK with COOKIE and send back. We assume that the in_initpkt has done 5455 * a pullup to include IPv6/4header, SCTP header and initial part of INIT 5456 * message (i.e. the struct sctp_init_msg). 5457 */ 5458void 5459sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 5460 struct mbuf *init_pkt, int iphlen, int offset, 5461 struct sockaddr *src, struct sockaddr *dst, 5462 struct sctphdr *sh, struct sctp_init_chunk *init_chk, 5463 uint8_t mflowtype, uint32_t mflowid, 5464 uint32_t vrf_id, uint16_t port, int hold_inp_lock) 5465{ 5466 struct sctp_association *asoc; 5467 struct mbuf *m, *m_tmp, *m_last, *m_cookie, *op_err; 5468 struct sctp_init_ack_chunk *initack; 5469 struct sctp_adaptation_layer_indication *ali; 5470 struct sctp_supported_chunk_types_param *pr_supported; 5471 struct sctp_paramhdr *ph; 5472 union sctp_sockstore *over_addr; 5473 struct sctp_scoping scp; 5474 5475#ifdef INET 5476 struct sockaddr_in *dst4 = (struct sockaddr_in *)dst; 5477 struct sockaddr_in *src4 = (struct sockaddr_in *)src; 5478 struct sockaddr_in *sin; 5479 5480#endif 5481#ifdef INET6 5482 struct sockaddr_in6 *dst6 = (struct sockaddr_in6 *)dst; 5483 struct sockaddr_in6 *src6 = (struct sockaddr_in6 *)src; 5484 struct sockaddr_in6 *sin6; 5485 5486#endif 5487 struct sockaddr *to; 5488 struct sctp_state_cookie stc; 5489 struct sctp_nets *net = NULL; 5490 uint8_t *signature = NULL; 5491 int cnt_inits_to = 0; 5492 uint16_t his_limit, i_want; 5493 int abort_flag; 5494 int nat_friendly = 0; 5495 struct socket *so; 5496 uint16_t num_ext, chunk_len, padding_len, parameter_len; 5497 5498 if (stcb) { 5499 asoc = &stcb->asoc; 5500 } else { 5501 asoc = NULL; 5502 } 5503 if ((asoc != NULL) && 5504 (SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_WAIT) && 5505 (sctp_are_there_new_addresses(asoc, init_pkt, offset, src))) { 5506 /* new addresses, out of here in non-cookie-wait states */ 5507 /* 5508 * Send a ABORT, we don't add the new address error clause 5509 * though we even set the T bit and copy in the 0 tag.. this 5510 * looks no different than if no listener was present. 5511 */ 5512 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 5513 "Address added"); 5514 sctp_send_abort(init_pkt, iphlen, src, dst, sh, 0, op_err, 5515 mflowtype, mflowid, inp->fibnum, 5516 vrf_id, port); 5517 return; 5518 } 5519 abort_flag = 0; 5520 op_err = sctp_arethere_unrecognized_parameters(init_pkt, 5521 (offset + sizeof(struct sctp_init_chunk)), 5522 &abort_flag, (struct sctp_chunkhdr *)init_chk, &nat_friendly); 5523 if (abort_flag) { 5524do_a_abort: 5525 if (op_err == NULL) { 5526 char msg[SCTP_DIAG_INFO_LEN]; 5527 5528 snprintf(msg, sizeof(msg), "%s:%d at %s", __FILE__, __LINE__, __func__); 5529 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 5530 msg); 5531 } 5532 sctp_send_abort(init_pkt, iphlen, src, dst, sh, 5533 init_chk->init.initiate_tag, op_err, 5534 mflowtype, mflowid, inp->fibnum, 5535 vrf_id, port); 5536 return; 5537 } 5538 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 5539 if (m == NULL) { 5540 /* No memory, INIT timer will re-attempt. */ 5541 if (op_err) 5542 sctp_m_freem(op_err); 5543 return; 5544 } 5545 chunk_len = (uint16_t) sizeof(struct sctp_init_ack_chunk); 5546 padding_len = 0; 5547 5548 /* 5549 * We might not overwrite the identification[] completely and on 5550 * some platforms time_entered will contain some padding. Therefore 5551 * zero out the cookie to avoid putting uninitialized memory on the 5552 * wire. 5553 */ 5554 memset(&stc, 0, sizeof(struct sctp_state_cookie)); 5555 5556 /* the time I built cookie */ 5557 (void)SCTP_GETTIME_TIMEVAL(&stc.time_entered); 5558 5559 /* populate any tie tags */ 5560 if (asoc != NULL) { 5561 /* unlock before tag selections */ 5562 stc.tie_tag_my_vtag = asoc->my_vtag_nonce; 5563 stc.tie_tag_peer_vtag = asoc->peer_vtag_nonce; 5564 stc.cookie_life = asoc->cookie_life; 5565 net = asoc->primary_destination; 5566 } else { 5567 stc.tie_tag_my_vtag = 0; 5568 stc.tie_tag_peer_vtag = 0; 5569 /* life I will award this cookie */ 5570 stc.cookie_life = inp->sctp_ep.def_cookie_life; 5571 } 5572 5573 /* copy in the ports for later check */ 5574 stc.myport = sh->dest_port; 5575 stc.peerport = sh->src_port; 5576 5577 /* 5578 * If we wanted to honor cookie life extentions, we would add to 5579 * stc.cookie_life. For now we should NOT honor any extension 5580 */ 5581 stc.site_scope = stc.local_scope = stc.loopback_scope = 0; 5582 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 5583 stc.ipv6_addr_legal = 1; 5584 if (SCTP_IPV6_V6ONLY(inp)) { 5585 stc.ipv4_addr_legal = 0; 5586 } else { 5587 stc.ipv4_addr_legal = 1; 5588 } 5589 } else { 5590 stc.ipv6_addr_legal = 0; 5591 stc.ipv4_addr_legal = 1; 5592 } 5593 stc.ipv4_scope = 0; 5594 if (net == NULL) { 5595 to = src; 5596 switch (dst->sa_family) { 5597#ifdef INET 5598 case AF_INET: 5599 { 5600 /* lookup address */ 5601 stc.address[0] = src4->sin_addr.s_addr; 5602 stc.address[1] = 0; 5603 stc.address[2] = 0; 5604 stc.address[3] = 0; 5605 stc.addr_type = SCTP_IPV4_ADDRESS; 5606 /* local from address */ 5607 stc.laddress[0] = dst4->sin_addr.s_addr; 5608 stc.laddress[1] = 0; 5609 stc.laddress[2] = 0; 5610 stc.laddress[3] = 0; 5611 stc.laddr_type = SCTP_IPV4_ADDRESS; 5612 /* scope_id is only for v6 */ 5613 stc.scope_id = 0; 5614 if ((IN4_ISPRIVATE_ADDRESS(&src4->sin_addr)) || 5615 (IN4_ISPRIVATE_ADDRESS(&dst4->sin_addr))) { 5616 stc.ipv4_scope = 1; 5617 } 5618 /* Must use the address in this case */ 5619 if (sctp_is_address_on_local_host(src, vrf_id)) { 5620 stc.loopback_scope = 1; 5621 stc.ipv4_scope = 1; 5622 stc.site_scope = 1; 5623 stc.local_scope = 0; 5624 } 5625 break; 5626 } 5627#endif 5628#ifdef INET6 5629 case AF_INET6: 5630 { 5631 stc.addr_type = SCTP_IPV6_ADDRESS; 5632 memcpy(&stc.address, &src6->sin6_addr, sizeof(struct in6_addr)); 5633 stc.scope_id = in6_getscope(&src6->sin6_addr); 5634 if (sctp_is_address_on_local_host(src, vrf_id)) { 5635 stc.loopback_scope = 1; 5636 stc.local_scope = 0; 5637 stc.site_scope = 1; 5638 stc.ipv4_scope = 1; 5639 } else if (IN6_IS_ADDR_LINKLOCAL(&src6->sin6_addr) || 5640 IN6_IS_ADDR_LINKLOCAL(&dst6->sin6_addr)) { 5641 /* 5642 * If the new destination or source 5643 * is a LINK_LOCAL we must have 5644 * common both site and local scope. 5645 * Don't set local scope though 5646 * since we must depend on the 5647 * source to be added implicitly. We 5648 * cannot assure just because we 5649 * share one link that all links are 5650 * common. 5651 */ 5652 stc.local_scope = 0; 5653 stc.site_scope = 1; 5654 stc.ipv4_scope = 1; 5655 /* 5656 * we start counting for the private 5657 * address stuff at 1. since the 5658 * link local we source from won't 5659 * show up in our scoped count. 5660 */ 5661 cnt_inits_to = 1; 5662 /* 5663 * pull out the scope_id from 5664 * incoming pkt 5665 */ 5666 } else if (IN6_IS_ADDR_SITELOCAL(&src6->sin6_addr) || 5667 IN6_IS_ADDR_SITELOCAL(&dst6->sin6_addr)) { 5668 /* 5669 * If the new destination or source 5670 * is SITE_LOCAL then we must have 5671 * site scope in common. 5672 */ 5673 stc.site_scope = 1; 5674 } 5675 memcpy(&stc.laddress, &dst6->sin6_addr, sizeof(struct in6_addr)); 5676 stc.laddr_type = SCTP_IPV6_ADDRESS; 5677 break; 5678 } 5679#endif 5680 default: 5681 /* TSNH */ 5682 goto do_a_abort; 5683 break; 5684 } 5685 } else { 5686 /* set the scope per the existing tcb */ 5687 5688#ifdef INET6 5689 struct sctp_nets *lnet; 5690 5691#endif 5692 5693 stc.loopback_scope = asoc->scope.loopback_scope; 5694 stc.ipv4_scope = asoc->scope.ipv4_local_scope; 5695 stc.site_scope = asoc->scope.site_scope; 5696 stc.local_scope = asoc->scope.local_scope; 5697#ifdef INET6 5698 /* Why do we not consider IPv4 LL addresses? */ 5699 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) { 5700 if (lnet->ro._l_addr.sin6.sin6_family == AF_INET6) { 5701 if (IN6_IS_ADDR_LINKLOCAL(&lnet->ro._l_addr.sin6.sin6_addr)) { 5702 /* 5703 * if we have a LL address, start 5704 * counting at 1. 5705 */ 5706 cnt_inits_to = 1; 5707 } 5708 } 5709 } 5710#endif 5711 /* use the net pointer */ 5712 to = (struct sockaddr *)&net->ro._l_addr; 5713 switch (to->sa_family) { 5714#ifdef INET 5715 case AF_INET: 5716 sin = (struct sockaddr_in *)to; 5717 stc.address[0] = sin->sin_addr.s_addr; 5718 stc.address[1] = 0; 5719 stc.address[2] = 0; 5720 stc.address[3] = 0; 5721 stc.addr_type = SCTP_IPV4_ADDRESS; 5722 if (net->src_addr_selected == 0) { 5723 /* 5724 * strange case here, the INIT should have 5725 * did the selection. 5726 */ 5727 net->ro._s_addr = sctp_source_address_selection(inp, 5728 stcb, (sctp_route_t *) & net->ro, 5729 net, 0, vrf_id); 5730 if (net->ro._s_addr == NULL) 5731 return; 5732 5733 net->src_addr_selected = 1; 5734 5735 } 5736 stc.laddress[0] = net->ro._s_addr->address.sin.sin_addr.s_addr; 5737 stc.laddress[1] = 0; 5738 stc.laddress[2] = 0; 5739 stc.laddress[3] = 0; 5740 stc.laddr_type = SCTP_IPV4_ADDRESS; 5741 /* scope_id is only for v6 */ 5742 stc.scope_id = 0; 5743 break; 5744#endif 5745#ifdef INET6 5746 case AF_INET6: 5747 sin6 = (struct sockaddr_in6 *)to; 5748 memcpy(&stc.address, &sin6->sin6_addr, 5749 sizeof(struct in6_addr)); 5750 stc.addr_type = SCTP_IPV6_ADDRESS; 5751 stc.scope_id = sin6->sin6_scope_id; 5752 if (net->src_addr_selected == 0) { 5753 /* 5754 * strange case here, the INIT should have 5755 * done the selection. 5756 */ 5757 net->ro._s_addr = sctp_source_address_selection(inp, 5758 stcb, (sctp_route_t *) & net->ro, 5759 net, 0, vrf_id); 5760 if (net->ro._s_addr == NULL) 5761 return; 5762 5763 net->src_addr_selected = 1; 5764 } 5765 memcpy(&stc.laddress, &net->ro._s_addr->address.sin6.sin6_addr, 5766 sizeof(struct in6_addr)); 5767 stc.laddr_type = SCTP_IPV6_ADDRESS; 5768 break; 5769#endif 5770 } 5771 } 5772 /* Now lets put the SCTP header in place */ 5773 initack = mtod(m, struct sctp_init_ack_chunk *); 5774 /* Save it off for quick ref */ 5775 stc.peers_vtag = init_chk->init.initiate_tag; 5776 /* who are we */ 5777 memcpy(stc.identification, SCTP_VERSION_STRING, 5778 min(strlen(SCTP_VERSION_STRING), sizeof(stc.identification))); 5779 memset(stc.reserved, 0, SCTP_RESERVE_SPACE); 5780 /* now the chunk header */ 5781 initack->ch.chunk_type = SCTP_INITIATION_ACK; 5782 initack->ch.chunk_flags = 0; 5783 /* fill in later from mbuf we build */ 5784 initack->ch.chunk_length = 0; 5785 /* place in my tag */ 5786 if ((asoc != NULL) && 5787 ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 5788 (SCTP_GET_STATE(asoc) == SCTP_STATE_INUSE) || 5789 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED))) { 5790 /* re-use the v-tags and init-seq here */ 5791 initack->init.initiate_tag = htonl(asoc->my_vtag); 5792 initack->init.initial_tsn = htonl(asoc->init_seq_number); 5793 } else { 5794 uint32_t vtag, itsn; 5795 5796 if (hold_inp_lock) { 5797 SCTP_INP_INCR_REF(inp); 5798 SCTP_INP_RUNLOCK(inp); 5799 } 5800 if (asoc) { 5801 atomic_add_int(&asoc->refcnt, 1); 5802 SCTP_TCB_UNLOCK(stcb); 5803 new_tag: 5804 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1); 5805 if ((asoc->peer_supports_nat) && (vtag == asoc->my_vtag)) { 5806 /* 5807 * Got a duplicate vtag on some guy behind a 5808 * nat make sure we don't use it. 5809 */ 5810 goto new_tag; 5811 } 5812 initack->init.initiate_tag = htonl(vtag); 5813 /* get a TSN to use too */ 5814 itsn = sctp_select_initial_TSN(&inp->sctp_ep); 5815 initack->init.initial_tsn = htonl(itsn); 5816 SCTP_TCB_LOCK(stcb); 5817 atomic_add_int(&asoc->refcnt, -1); 5818 } else { 5819 vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1); 5820 initack->init.initiate_tag = htonl(vtag); 5821 /* get a TSN to use too */ 5822 initack->init.initial_tsn = htonl(sctp_select_initial_TSN(&inp->sctp_ep)); 5823 } 5824 if (hold_inp_lock) { 5825 SCTP_INP_RLOCK(inp); 5826 SCTP_INP_DECR_REF(inp); 5827 } 5828 } 5829 /* save away my tag to */ 5830 stc.my_vtag = initack->init.initiate_tag; 5831 5832 /* set up some of the credits. */ 5833 so = inp->sctp_socket; 5834 if (so == NULL) { 5835 /* memory problem */ 5836 sctp_m_freem(m); 5837 return; 5838 } else { 5839 initack->init.a_rwnd = htonl(max(SCTP_SB_LIMIT_RCV(so), SCTP_MINIMAL_RWND)); 5840 } 5841 /* set what I want */ 5842 his_limit = ntohs(init_chk->init.num_inbound_streams); 5843 /* choose what I want */ 5844 if (asoc != NULL) { 5845 if (asoc->streamoutcnt > asoc->pre_open_streams) { 5846 i_want = asoc->streamoutcnt; 5847 } else { 5848 i_want = asoc->pre_open_streams; 5849 } 5850 } else { 5851 i_want = inp->sctp_ep.pre_open_stream_count; 5852 } 5853 if (his_limit < i_want) { 5854 /* I Want more :< */ 5855 initack->init.num_outbound_streams = init_chk->init.num_inbound_streams; 5856 } else { 5857 /* I can have what I want :> */ 5858 initack->init.num_outbound_streams = htons(i_want); 5859 } 5860 /* tell him his limit. */ 5861 initack->init.num_inbound_streams = 5862 htons(inp->sctp_ep.max_open_streams_intome); 5863 5864 /* adaptation layer indication parameter */ 5865 if (inp->sctp_ep.adaptation_layer_indicator_provided) { 5866 parameter_len = (uint16_t) sizeof(struct sctp_adaptation_layer_indication); 5867 ali = (struct sctp_adaptation_layer_indication *)(mtod(m, caddr_t)+chunk_len); 5868 ali->ph.param_type = htons(SCTP_ULP_ADAPTATION); 5869 ali->ph.param_length = htons(parameter_len); 5870 ali->indication = htonl(inp->sctp_ep.adaptation_layer_indicator); 5871 chunk_len += parameter_len; 5872 } 5873 /* ECN parameter */ 5874 if (((asoc != NULL) && (asoc->ecn_supported == 1)) || 5875 ((asoc == NULL) && (inp->ecn_supported == 1))) { 5876 parameter_len = (uint16_t) sizeof(struct sctp_paramhdr); 5877 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+chunk_len); 5878 ph->param_type = htons(SCTP_ECN_CAPABLE); 5879 ph->param_length = htons(parameter_len); 5880 chunk_len += parameter_len; 5881 } 5882 /* PR-SCTP supported parameter */ 5883 if (((asoc != NULL) && (asoc->prsctp_supported == 1)) || 5884 ((asoc == NULL) && (inp->prsctp_supported == 1))) { 5885 parameter_len = (uint16_t) sizeof(struct sctp_paramhdr); 5886 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+chunk_len); 5887 ph->param_type = htons(SCTP_PRSCTP_SUPPORTED); 5888 ph->param_length = htons(parameter_len); 5889 chunk_len += parameter_len; 5890 } 5891 /* Add NAT friendly parameter */ 5892 if (nat_friendly) { 5893 parameter_len = (uint16_t) sizeof(struct sctp_paramhdr); 5894 ph = (struct sctp_paramhdr *)(mtod(m, caddr_t)+chunk_len); 5895 ph->param_type = htons(SCTP_HAS_NAT_SUPPORT); 5896 ph->param_length = htons(parameter_len); 5897 chunk_len += parameter_len; 5898 } 5899 /* And now tell the peer which extensions we support */ 5900 num_ext = 0; 5901 pr_supported = (struct sctp_supported_chunk_types_param *)(mtod(m, caddr_t)+chunk_len); 5902 if (((asoc != NULL) && (asoc->prsctp_supported == 1)) || 5903 ((asoc == NULL) && (inp->prsctp_supported == 1))) { 5904 pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; 5905 } 5906 if (((asoc != NULL) && (asoc->auth_supported == 1)) || 5907 ((asoc == NULL) && (inp->auth_supported == 1))) { 5908 pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION; 5909 } 5910 if (((asoc != NULL) && (asoc->asconf_supported == 1)) || 5911 ((asoc == NULL) && (inp->asconf_supported == 1))) { 5912 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF; 5913 pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK; 5914 } 5915 if (((asoc != NULL) && (asoc->reconfig_supported == 1)) || 5916 ((asoc == NULL) && (inp->reconfig_supported == 1))) { 5917 pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; 5918 } 5919 if (((asoc != NULL) && (asoc->nrsack_supported == 1)) || 5920 ((asoc == NULL) && (inp->nrsack_supported == 1))) { 5921 pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK; 5922 } 5923 if (((asoc != NULL) && (asoc->pktdrop_supported == 1)) || 5924 ((asoc == NULL) && (inp->pktdrop_supported == 1))) { 5925 pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED; 5926 } 5927 if (num_ext > 0) { 5928 parameter_len = (uint16_t) sizeof(struct sctp_supported_chunk_types_param) + num_ext; 5929 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 5930 pr_supported->ph.param_length = htons(parameter_len); 5931 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 5932 chunk_len += parameter_len; 5933 } 5934 /* add authentication parameters */ 5935 if (((asoc != NULL) && (asoc->auth_supported == 1)) || 5936 ((asoc == NULL) && (inp->auth_supported == 1))) { 5937 struct sctp_auth_random *randp; 5938 struct sctp_auth_hmac_algo *hmacs; 5939 struct sctp_auth_chunk_list *chunks; 5940 5941 if (padding_len > 0) { 5942 memset(mtod(m, caddr_t)+chunk_len, 0, padding_len); 5943 chunk_len += padding_len; 5944 padding_len = 0; 5945 } 5946 /* generate and add RANDOM parameter */ 5947 randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+chunk_len); 5948 parameter_len = (uint16_t) sizeof(struct sctp_auth_random) + 5949 SCTP_AUTH_RANDOM_SIZE_DEFAULT; 5950 randp->ph.param_type = htons(SCTP_RANDOM); 5951 randp->ph.param_length = htons(parameter_len); 5952 SCTP_READ_RANDOM(randp->random_data, SCTP_AUTH_RANDOM_SIZE_DEFAULT); 5953 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 5954 chunk_len += parameter_len; 5955 5956 if (padding_len > 0) { 5957 memset(mtod(m, caddr_t)+chunk_len, 0, padding_len); 5958 chunk_len += padding_len; 5959 padding_len = 0; 5960 } 5961 /* add HMAC_ALGO parameter */ 5962 hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t)+chunk_len); 5963 parameter_len = (uint16_t) sizeof(struct sctp_auth_hmac_algo) + 5964 sctp_serialize_hmaclist(inp->sctp_ep.local_hmacs, 5965 (uint8_t *) hmacs->hmac_ids); 5966 hmacs->ph.param_type = htons(SCTP_HMAC_LIST); 5967 hmacs->ph.param_length = htons(parameter_len); 5968 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 5969 chunk_len += parameter_len; 5970 5971 if (padding_len > 0) { 5972 memset(mtod(m, caddr_t)+chunk_len, 0, padding_len); 5973 chunk_len += padding_len; 5974 padding_len = 0; 5975 } 5976 /* add CHUNKS parameter */ 5977 chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t)+chunk_len); 5978 parameter_len = (uint16_t) sizeof(struct sctp_auth_chunk_list) + 5979 sctp_serialize_auth_chunks(inp->sctp_ep.local_auth_chunks, 5980 chunks->chunk_types); 5981 chunks->ph.param_type = htons(SCTP_CHUNK_LIST); 5982 chunks->ph.param_length = htons(parameter_len); 5983 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 5984 chunk_len += parameter_len; 5985 } 5986 SCTP_BUF_LEN(m) = chunk_len; 5987 m_last = m; 5988 /* now the addresses */ 5989 /* 5990 * To optimize this we could put the scoping stuff into a structure 5991 * and remove the individual uint8's from the stc structure. Then we 5992 * could just sifa in the address within the stc.. but for now this 5993 * is a quick hack to get the address stuff teased apart. 5994 */ 5995 scp.ipv4_addr_legal = stc.ipv4_addr_legal; 5996 scp.ipv6_addr_legal = stc.ipv6_addr_legal; 5997 scp.loopback_scope = stc.loopback_scope; 5998 scp.ipv4_local_scope = stc.ipv4_scope; 5999 scp.local_scope = stc.local_scope; 6000 scp.site_scope = stc.site_scope; 6001 m_last = sctp_add_addresses_to_i_ia(inp, stcb, &scp, m_last, 6002 cnt_inits_to, 6003 &padding_len, &chunk_len); 6004 /* padding_len can only be positive, if no addresses have been added */ 6005 if (padding_len > 0) { 6006 memset(mtod(m, caddr_t)+chunk_len, 0, padding_len); 6007 chunk_len += padding_len; 6008 SCTP_BUF_LEN(m) += padding_len; 6009 padding_len = 0; 6010 } 6011 /* tack on the operational error if present */ 6012 if (op_err) { 6013 parameter_len = 0; 6014 for (m_tmp = op_err; m_tmp != NULL; m_tmp = SCTP_BUF_NEXT(m_tmp)) { 6015 parameter_len += SCTP_BUF_LEN(m_tmp); 6016 } 6017 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 6018 SCTP_BUF_NEXT(m_last) = op_err; 6019 while (SCTP_BUF_NEXT(m_last) != NULL) { 6020 m_last = SCTP_BUF_NEXT(m_last); 6021 } 6022 chunk_len += parameter_len; 6023 } 6024 if (padding_len > 0) { 6025 m_last = sctp_add_pad_tombuf(m_last, padding_len); 6026 if (m_last == NULL) { 6027 /* Houston we have a problem, no space */ 6028 sctp_m_freem(m); 6029 return; 6030 } 6031 chunk_len += padding_len; 6032 padding_len = 0; 6033 } 6034 /* Now we must build a cookie */ 6035 m_cookie = sctp_add_cookie(init_pkt, offset, m, 0, &stc, &signature); 6036 if (m_cookie == NULL) { 6037 /* memory problem */ 6038 sctp_m_freem(m); 6039 return; 6040 } 6041 /* Now append the cookie to the end and update the space/size */ 6042 SCTP_BUF_NEXT(m_last) = m_cookie; 6043 parameter_len = 0; 6044 for (m_tmp = m_cookie; m_tmp != NULL; m_tmp = SCTP_BUF_NEXT(m_tmp)) { 6045 parameter_len += SCTP_BUF_LEN(m_tmp); 6046 if (SCTP_BUF_NEXT(m_tmp) == NULL) { 6047 m_last = m_tmp; 6048 } 6049 } 6050 padding_len = SCTP_SIZE32(parameter_len) - parameter_len; 6051 chunk_len += parameter_len; 6052 6053 /* 6054 * Place in the size, but we don't include the last pad (if any) in 6055 * the INIT-ACK. 6056 */ 6057 initack->ch.chunk_length = htons(chunk_len); 6058 6059 /* 6060 * Time to sign the cookie, we don't sign over the cookie signature 6061 * though thus we set trailer. 6062 */ 6063 (void)sctp_hmac_m(SCTP_HMAC, 6064 (uint8_t *) inp->sctp_ep.secret_key[(int)(inp->sctp_ep.current_secret_number)], 6065 SCTP_SECRET_SIZE, m_cookie, sizeof(struct sctp_paramhdr), 6066 (uint8_t *) signature, SCTP_SIGNATURE_SIZE); 6067 /* 6068 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return 6069 * here since the timer will drive a retranmission. 6070 */ 6071 if (padding_len > 0) { 6072 if (sctp_add_pad_tombuf(m_last, padding_len) == NULL) { 6073 sctp_m_freem(m); 6074 return; 6075 } 6076 } 6077 if (stc.loopback_scope) { 6078 over_addr = (union sctp_sockstore *)dst; 6079 } else { 6080 over_addr = NULL; 6081 } 6082 6083 (void)sctp_lowlevel_chunk_output(inp, NULL, NULL, to, m, 0, NULL, 0, 0, 6084 0, 0, 6085 inp->sctp_lport, sh->src_port, init_chk->init.initiate_tag, 6086 port, over_addr, 6087 mflowtype, mflowid, 6088 SCTP_SO_NOT_LOCKED); 6089 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 6090} 6091 6092 6093static void 6094sctp_prune_prsctp(struct sctp_tcb *stcb, 6095 struct sctp_association *asoc, 6096 struct sctp_sndrcvinfo *srcv, 6097 int dataout) 6098{ 6099 int freed_spc = 0; 6100 struct sctp_tmit_chunk *chk, *nchk; 6101 6102 SCTP_TCB_LOCK_ASSERT(stcb); 6103 if ((asoc->prsctp_supported) && 6104 (asoc->sent_queue_cnt_removeable > 0)) { 6105 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 6106 /* 6107 * Look for chunks marked with the PR_SCTP flag AND 6108 * the buffer space flag. If the one being sent is 6109 * equal or greater priority then purge the old one 6110 * and free some space. 6111 */ 6112 if (PR_SCTP_BUF_ENABLED(chk->flags)) { 6113 /* 6114 * This one is PR-SCTP AND buffer space 6115 * limited type 6116 */ 6117 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 6118 /* 6119 * Lower numbers equates to higher 6120 * priority so if the one we are 6121 * looking at has a larger or equal 6122 * priority we want to drop the data 6123 * and NOT retransmit it. 6124 */ 6125 if (chk->data) { 6126 /* 6127 * We release the book_size 6128 * if the mbuf is here 6129 */ 6130 int ret_spc; 6131 uint8_t sent; 6132 6133 if (chk->sent > SCTP_DATAGRAM_UNSENT) 6134 sent = 1; 6135 else 6136 sent = 0; 6137 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 6138 sent, 6139 SCTP_SO_LOCKED); 6140 freed_spc += ret_spc; 6141 if (freed_spc >= dataout) { 6142 return; 6143 } 6144 } /* if chunk was present */ 6145 } /* if of sufficent priority */ 6146 } /* if chunk has enabled */ 6147 } /* tailqforeach */ 6148 6149 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { 6150 /* Here we must move to the sent queue and mark */ 6151 if (PR_SCTP_BUF_ENABLED(chk->flags)) { 6152 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 6153 if (chk->data) { 6154 /* 6155 * We release the book_size 6156 * if the mbuf is here 6157 */ 6158 int ret_spc; 6159 6160 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 6161 0, SCTP_SO_LOCKED); 6162 6163 freed_spc += ret_spc; 6164 if (freed_spc >= dataout) { 6165 return; 6166 } 6167 } /* end if chk->data */ 6168 } /* end if right class */ 6169 } /* end if chk pr-sctp */ 6170 } /* tailqforeachsafe (chk) */ 6171 } /* if enabled in asoc */ 6172} 6173 6174int 6175sctp_get_frag_point(struct sctp_tcb *stcb, 6176 struct sctp_association *asoc) 6177{ 6178 int siz, ovh; 6179 6180 /* 6181 * For endpoints that have both v6 and v4 addresses we must reserve 6182 * room for the ipv6 header, for those that are only dealing with V4 6183 * we use a larger frag point. 6184 */ 6185 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 6186 ovh = SCTP_MED_OVERHEAD; 6187 } else { 6188 ovh = SCTP_MED_V4_OVERHEAD; 6189 } 6190 6191 if (stcb->asoc.sctp_frag_point > asoc->smallest_mtu) 6192 siz = asoc->smallest_mtu - ovh; 6193 else 6194 siz = (stcb->asoc.sctp_frag_point - ovh); 6195 /* 6196 * if (siz > (MCLBYTES-sizeof(struct sctp_data_chunk))) { 6197 */ 6198 /* A data chunk MUST fit in a cluster */ 6199 /* siz = (MCLBYTES - sizeof(struct sctp_data_chunk)); */ 6200 /* } */ 6201 6202 /* adjust for an AUTH chunk if DATA requires auth */ 6203 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) 6204 siz -= sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 6205 6206 if (siz % 4) { 6207 /* make it an even word boundary please */ 6208 siz -= (siz % 4); 6209 } 6210 return (siz); 6211} 6212 6213static void 6214sctp_set_prsctp_policy(struct sctp_stream_queue_pending *sp) 6215{ 6216 /* 6217 * We assume that the user wants PR_SCTP_TTL if the user provides a 6218 * positive lifetime but does not specify any PR_SCTP policy. 6219 */ 6220 if (PR_SCTP_ENABLED(sp->sinfo_flags)) { 6221 sp->act_flags |= PR_SCTP_POLICY(sp->sinfo_flags); 6222 } else if (sp->timetolive > 0) { 6223 sp->sinfo_flags |= SCTP_PR_SCTP_TTL; 6224 sp->act_flags |= PR_SCTP_POLICY(sp->sinfo_flags); 6225 } else { 6226 return; 6227 } 6228 switch (PR_SCTP_POLICY(sp->sinfo_flags)) { 6229 case CHUNK_FLAGS_PR_SCTP_BUF: 6230 /* 6231 * Time to live is a priority stored in tv_sec when doing 6232 * the buffer drop thing. 6233 */ 6234 sp->ts.tv_sec = sp->timetolive; 6235 sp->ts.tv_usec = 0; 6236 break; 6237 case CHUNK_FLAGS_PR_SCTP_TTL: 6238 { 6239 struct timeval tv; 6240 6241 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 6242 tv.tv_sec = sp->timetolive / 1000; 6243 tv.tv_usec = (sp->timetolive * 1000) % 1000000; 6244 /* 6245 * TODO sctp_constants.h needs alternative time 6246 * macros when _KERNEL is undefined. 6247 */ 6248 timevaladd(&sp->ts, &tv); 6249 } 6250 break; 6251 case CHUNK_FLAGS_PR_SCTP_RTX: 6252 /* 6253 * Time to live is a the number or retransmissions stored in 6254 * tv_sec. 6255 */ 6256 sp->ts.tv_sec = sp->timetolive; 6257 sp->ts.tv_usec = 0; 6258 break; 6259 default: 6260 SCTPDBG(SCTP_DEBUG_USRREQ1, 6261 "Unknown PR_SCTP policy %u.\n", 6262 PR_SCTP_POLICY(sp->sinfo_flags)); 6263 break; 6264 } 6265} 6266 6267static int 6268sctp_msg_append(struct sctp_tcb *stcb, 6269 struct sctp_nets *net, 6270 struct mbuf *m, 6271 struct sctp_sndrcvinfo *srcv, int hold_stcb_lock) 6272{ 6273 int error = 0; 6274 struct mbuf *at; 6275 struct sctp_stream_queue_pending *sp = NULL; 6276 struct sctp_stream_out *strm; 6277 6278 /* 6279 * Given an mbuf chain, put it into the association send queue and 6280 * place it on the wheel 6281 */ 6282 if (srcv->sinfo_stream >= stcb->asoc.streamoutcnt) { 6283 /* Invalid stream number */ 6284 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 6285 error = EINVAL; 6286 goto out_now; 6287 } 6288 if ((stcb->asoc.stream_locked) && 6289 (stcb->asoc.stream_locked_on != srcv->sinfo_stream)) { 6290 SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 6291 error = EINVAL; 6292 goto out_now; 6293 } 6294 strm = &stcb->asoc.strmout[srcv->sinfo_stream]; 6295 /* Now can we send this? */ 6296 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_SENT) || 6297 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 6298 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 6299 (stcb->asoc.state & SCTP_STATE_SHUTDOWN_PENDING)) { 6300 /* got data while shutting down */ 6301 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 6302 error = ECONNRESET; 6303 goto out_now; 6304 } 6305 sctp_alloc_a_strmoq(stcb, sp); 6306 if (sp == NULL) { 6307 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 6308 error = ENOMEM; 6309 goto out_now; 6310 } 6311 sp->sinfo_flags = srcv->sinfo_flags; 6312 sp->timetolive = srcv->sinfo_timetolive; 6313 sp->ppid = srcv->sinfo_ppid; 6314 sp->context = srcv->sinfo_context; 6315 if (sp->sinfo_flags & SCTP_ADDR_OVER) { 6316 sp->net = net; 6317 atomic_add_int(&sp->net->ref_count, 1); 6318 } else { 6319 sp->net = NULL; 6320 } 6321 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 6322 sp->stream = srcv->sinfo_stream; 6323 sp->msg_is_complete = 1; 6324 sp->sender_all_done = 1; 6325 sp->some_taken = 0; 6326 sp->data = m; 6327 sp->tail_mbuf = NULL; 6328 sctp_set_prsctp_policy(sp); 6329 /* 6330 * We could in theory (for sendall) sifa the length in, but we would 6331 * still have to hunt through the chain since we need to setup the 6332 * tail_mbuf 6333 */ 6334 sp->length = 0; 6335 for (at = m; at; at = SCTP_BUF_NEXT(at)) { 6336 if (SCTP_BUF_NEXT(at) == NULL) 6337 sp->tail_mbuf = at; 6338 sp->length += SCTP_BUF_LEN(at); 6339 } 6340 if (srcv->sinfo_keynumber_valid) { 6341 sp->auth_keyid = srcv->sinfo_keynumber; 6342 } else { 6343 sp->auth_keyid = stcb->asoc.authinfo.active_keyid; 6344 } 6345 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) { 6346 sctp_auth_key_acquire(stcb, sp->auth_keyid); 6347 sp->holds_key_ref = 1; 6348 } 6349 if (hold_stcb_lock == 0) { 6350 SCTP_TCB_SEND_LOCK(stcb); 6351 } 6352 sctp_snd_sb_alloc(stcb, sp->length); 6353 atomic_add_int(&stcb->asoc.stream_queue_cnt, 1); 6354 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); 6355 stcb->asoc.ss_functions.sctp_ss_add_to_stream(stcb, &stcb->asoc, strm, sp, 1); 6356 m = NULL; 6357 if (hold_stcb_lock == 0) { 6358 SCTP_TCB_SEND_UNLOCK(stcb); 6359 } 6360out_now: 6361 if (m) { 6362 sctp_m_freem(m); 6363 } 6364 return (error); 6365} 6366 6367 6368static struct mbuf * 6369sctp_copy_mbufchain(struct mbuf *clonechain, 6370 struct mbuf *outchain, 6371 struct mbuf **endofchain, 6372 int can_take_mbuf, 6373 int sizeofcpy, 6374 uint8_t copy_by_ref) 6375{ 6376 struct mbuf *m; 6377 struct mbuf *appendchain; 6378 caddr_t cp; 6379 int len; 6380 6381 if (endofchain == NULL) { 6382 /* error */ 6383error_out: 6384 if (outchain) 6385 sctp_m_freem(outchain); 6386 return (NULL); 6387 } 6388 if (can_take_mbuf) { 6389 appendchain = clonechain; 6390 } else { 6391 if (!copy_by_ref && 6392 (sizeofcpy <= (int)((((SCTP_BASE_SYSCTL(sctp_mbuf_threshold_count) - 1) * MLEN) + MHLEN))) 6393 ) { 6394 /* Its not in a cluster */ 6395 if (*endofchain == NULL) { 6396 /* lets get a mbuf cluster */ 6397 if (outchain == NULL) { 6398 /* This is the general case */ 6399 new_mbuf: 6400 outchain = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_HEADER); 6401 if (outchain == NULL) { 6402 goto error_out; 6403 } 6404 SCTP_BUF_LEN(outchain) = 0; 6405 *endofchain = outchain; 6406 /* get the prepend space */ 6407 SCTP_BUF_RESV_UF(outchain, (SCTP_FIRST_MBUF_RESV + 4)); 6408 } else { 6409 /* 6410 * We really should not get a NULL 6411 * in endofchain 6412 */ 6413 /* find end */ 6414 m = outchain; 6415 while (m) { 6416 if (SCTP_BUF_NEXT(m) == NULL) { 6417 *endofchain = m; 6418 break; 6419 } 6420 m = SCTP_BUF_NEXT(m); 6421 } 6422 /* sanity */ 6423 if (*endofchain == NULL) { 6424 /* 6425 * huh, TSNH XXX maybe we 6426 * should panic 6427 */ 6428 sctp_m_freem(outchain); 6429 goto new_mbuf; 6430 } 6431 } 6432 /* get the new end of length */ 6433 len = M_TRAILINGSPACE(*endofchain); 6434 } else { 6435 /* how much is left at the end? */ 6436 len = M_TRAILINGSPACE(*endofchain); 6437 } 6438 /* Find the end of the data, for appending */ 6439 cp = (mtod((*endofchain), caddr_t)+SCTP_BUF_LEN((*endofchain))); 6440 6441 /* Now lets copy it out */ 6442 if (len >= sizeofcpy) { 6443 /* It all fits, copy it in */ 6444 m_copydata(clonechain, 0, sizeofcpy, cp); 6445 SCTP_BUF_LEN((*endofchain)) += sizeofcpy; 6446 } else { 6447 /* fill up the end of the chain */ 6448 if (len > 0) { 6449 m_copydata(clonechain, 0, len, cp); 6450 SCTP_BUF_LEN((*endofchain)) += len; 6451 /* now we need another one */ 6452 sizeofcpy -= len; 6453 } 6454 m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_HEADER); 6455 if (m == NULL) { 6456 /* We failed */ 6457 goto error_out; 6458 } 6459 SCTP_BUF_NEXT((*endofchain)) = m; 6460 *endofchain = m; 6461 cp = mtod((*endofchain), caddr_t); 6462 m_copydata(clonechain, len, sizeofcpy, cp); 6463 SCTP_BUF_LEN((*endofchain)) += sizeofcpy; 6464 } 6465 return (outchain); 6466 } else { 6467 /* copy the old fashion way */ 6468 appendchain = SCTP_M_COPYM(clonechain, 0, M_COPYALL, M_NOWAIT); 6469#ifdef SCTP_MBUF_LOGGING 6470 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6471 sctp_log_mbc(appendchain, SCTP_MBUF_ICOPY); 6472 } 6473#endif 6474 } 6475 } 6476 if (appendchain == NULL) { 6477 /* error */ 6478 if (outchain) 6479 sctp_m_freem(outchain); 6480 return (NULL); 6481 } 6482 if (outchain) { 6483 /* tack on to the end */ 6484 if (*endofchain != NULL) { 6485 SCTP_BUF_NEXT(((*endofchain))) = appendchain; 6486 } else { 6487 m = outchain; 6488 while (m) { 6489 if (SCTP_BUF_NEXT(m) == NULL) { 6490 SCTP_BUF_NEXT(m) = appendchain; 6491 break; 6492 } 6493 m = SCTP_BUF_NEXT(m); 6494 } 6495 } 6496 /* 6497 * save off the end and update the end-chain postion 6498 */ 6499 m = appendchain; 6500 while (m) { 6501 if (SCTP_BUF_NEXT(m) == NULL) { 6502 *endofchain = m; 6503 break; 6504 } 6505 m = SCTP_BUF_NEXT(m); 6506 } 6507 return (outchain); 6508 } else { 6509 /* save off the end and update the end-chain postion */ 6510 m = appendchain; 6511 while (m) { 6512 if (SCTP_BUF_NEXT(m) == NULL) { 6513 *endofchain = m; 6514 break; 6515 } 6516 m = SCTP_BUF_NEXT(m); 6517 } 6518 return (appendchain); 6519 } 6520} 6521 6522static int 6523sctp_med_chunk_output(struct sctp_inpcb *inp, 6524 struct sctp_tcb *stcb, 6525 struct sctp_association *asoc, 6526 int *num_out, 6527 int *reason_code, 6528 int control_only, int from_where, 6529 struct timeval *now, int *now_filled, int frag_point, int so_locked 6530#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 6531 SCTP_UNUSED 6532#endif 6533); 6534 6535static void 6536sctp_sendall_iterator(struct sctp_inpcb *inp, struct sctp_tcb *stcb, void *ptr, 6537 uint32_t val SCTP_UNUSED) 6538{ 6539 struct sctp_copy_all *ca; 6540 struct mbuf *m; 6541 int ret = 0; 6542 int added_control = 0; 6543 int un_sent, do_chunk_output = 1; 6544 struct sctp_association *asoc; 6545 struct sctp_nets *net; 6546 6547 ca = (struct sctp_copy_all *)ptr; 6548 if (ca->m == NULL) { 6549 return; 6550 } 6551 if (ca->inp != inp) { 6552 /* TSNH */ 6553 return; 6554 } 6555 if (ca->sndlen > 0) { 6556 m = SCTP_M_COPYM(ca->m, 0, M_COPYALL, M_NOWAIT); 6557 if (m == NULL) { 6558 /* can't copy so we are done */ 6559 ca->cnt_failed++; 6560 return; 6561 } 6562#ifdef SCTP_MBUF_LOGGING 6563 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 6564 sctp_log_mbc(m, SCTP_MBUF_ICOPY); 6565 } 6566#endif 6567 } else { 6568 m = NULL; 6569 } 6570 SCTP_TCB_LOCK_ASSERT(stcb); 6571 if (stcb->asoc.alternate) { 6572 net = stcb->asoc.alternate; 6573 } else { 6574 net = stcb->asoc.primary_destination; 6575 } 6576 if (ca->sndrcv.sinfo_flags & SCTP_ABORT) { 6577 /* Abort this assoc with m as the user defined reason */ 6578 if (m != NULL) { 6579 SCTP_BUF_PREPEND(m, sizeof(struct sctp_paramhdr), M_NOWAIT); 6580 } else { 6581 m = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), 6582 0, M_NOWAIT, 1, MT_DATA); 6583 SCTP_BUF_LEN(m) = sizeof(struct sctp_paramhdr); 6584 } 6585 if (m != NULL) { 6586 struct sctp_paramhdr *ph; 6587 6588 ph = mtod(m, struct sctp_paramhdr *); 6589 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 6590 ph->param_length = htons(sizeof(struct sctp_paramhdr) + ca->sndlen); 6591 } 6592 /* 6593 * We add one here to keep the assoc from dis-appearing on 6594 * us. 6595 */ 6596 atomic_add_int(&stcb->asoc.refcnt, 1); 6597 sctp_abort_an_association(inp, stcb, m, SCTP_SO_NOT_LOCKED); 6598 /* 6599 * sctp_abort_an_association calls sctp_free_asoc() free 6600 * association will NOT free it since we incremented the 6601 * refcnt .. we do this to prevent it being freed and things 6602 * getting tricky since we could end up (from free_asoc) 6603 * calling inpcb_free which would get a recursive lock call 6604 * to the iterator lock.. But as a consequence of that the 6605 * stcb will return to us un-locked.. since free_asoc 6606 * returns with either no TCB or the TCB unlocked, we must 6607 * relock.. to unlock in the iterator timer :-0 6608 */ 6609 SCTP_TCB_LOCK(stcb); 6610 atomic_add_int(&stcb->asoc.refcnt, -1); 6611 goto no_chunk_output; 6612 } else { 6613 if (m) { 6614 ret = sctp_msg_append(stcb, net, m, 6615 &ca->sndrcv, 1); 6616 } 6617 asoc = &stcb->asoc; 6618 if (ca->sndrcv.sinfo_flags & SCTP_EOF) { 6619 /* shutdown this assoc */ 6620 int cnt; 6621 6622 cnt = sctp_is_there_unsent_data(stcb, SCTP_SO_NOT_LOCKED); 6623 6624 if (TAILQ_EMPTY(&asoc->send_queue) && 6625 TAILQ_EMPTY(&asoc->sent_queue) && 6626 (cnt == 0)) { 6627 if (asoc->locked_on_sending) { 6628 goto abort_anyway; 6629 } 6630 /* 6631 * there is nothing queued to send, so I'm 6632 * done... 6633 */ 6634 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 6635 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 6636 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 6637 /* 6638 * only send SHUTDOWN the first time 6639 * through 6640 */ 6641 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) { 6642 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 6643 } 6644 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT); 6645 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING); 6646 sctp_stop_timers_for_shutdown(stcb); 6647 sctp_send_shutdown(stcb, net); 6648 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 6649 net); 6650 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 6651 asoc->primary_destination); 6652 added_control = 1; 6653 do_chunk_output = 0; 6654 } 6655 } else { 6656 /* 6657 * we still got (or just got) data to send, 6658 * so set SHUTDOWN_PENDING 6659 */ 6660 /* 6661 * XXX sockets draft says that SCTP_EOF 6662 * should be sent with no data. currently, 6663 * we will allow user data to be sent first 6664 * and move to SHUTDOWN-PENDING 6665 */ 6666 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 6667 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 6668 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 6669 if (asoc->locked_on_sending) { 6670 /* 6671 * Locked to send out the 6672 * data 6673 */ 6674 struct sctp_stream_queue_pending *sp; 6675 6676 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead); 6677 if (sp) { 6678 if ((sp->length == 0) && (sp->msg_is_complete == 0)) 6679 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT; 6680 } 6681 } 6682 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 6683 if (TAILQ_EMPTY(&asoc->send_queue) && 6684 TAILQ_EMPTY(&asoc->sent_queue) && 6685 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 6686 struct mbuf *op_err; 6687 char msg[SCTP_DIAG_INFO_LEN]; 6688 6689 abort_anyway: 6690 snprintf(msg, sizeof(msg), 6691 "%s:%d at %s", __FILE__, __LINE__, __func__); 6692 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 6693 msg); 6694 atomic_add_int(&stcb->asoc.refcnt, 1); 6695 sctp_abort_an_association(stcb->sctp_ep, stcb, 6696 op_err, SCTP_SO_NOT_LOCKED); 6697 atomic_add_int(&stcb->asoc.refcnt, -1); 6698 goto no_chunk_output; 6699 } 6700 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 6701 asoc->primary_destination); 6702 } 6703 } 6704 6705 } 6706 } 6707 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 6708 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 6709 6710 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 6711 (stcb->asoc.total_flight > 0) && 6712 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) { 6713 do_chunk_output = 0; 6714 } 6715 if (do_chunk_output) 6716 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_NOT_LOCKED); 6717 else if (added_control) { 6718 int num_out, reason, now_filled = 0; 6719 struct timeval now; 6720 int frag_point; 6721 6722 frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 6723 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, 6724 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_NOT_LOCKED); 6725 } 6726no_chunk_output: 6727 if (ret) { 6728 ca->cnt_failed++; 6729 } else { 6730 ca->cnt_sent++; 6731 } 6732} 6733 6734static void 6735sctp_sendall_completes(void *ptr, uint32_t val SCTP_UNUSED) 6736{ 6737 struct sctp_copy_all *ca; 6738 6739 ca = (struct sctp_copy_all *)ptr; 6740 /* 6741 * Do a notify here? Kacheong suggests that the notify be done at 6742 * the send time.. so you would push up a notification if any send 6743 * failed. Don't know if this is feasable since the only failures we 6744 * have is "memory" related and if you cannot get an mbuf to send 6745 * the data you surely can't get an mbuf to send up to notify the 6746 * user you can't send the data :-> 6747 */ 6748 6749 /* now free everything */ 6750 sctp_m_freem(ca->m); 6751 SCTP_FREE(ca, SCTP_M_COPYAL); 6752} 6753 6754static struct mbuf * 6755sctp_copy_out_all(struct uio *uio, int len) 6756{ 6757 struct mbuf *ret, *at; 6758 int left, willcpy, cancpy, error; 6759 6760 ret = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_WAITOK, 1, MT_DATA); 6761 if (ret == NULL) { 6762 /* TSNH */ 6763 return (NULL); 6764 } 6765 left = len; 6766 SCTP_BUF_LEN(ret) = 0; 6767 /* save space for the data chunk header */ 6768 cancpy = M_TRAILINGSPACE(ret); 6769 willcpy = min(cancpy, left); 6770 at = ret; 6771 while (left > 0) { 6772 /* Align data to the end */ 6773 error = uiomove(mtod(at, caddr_t), willcpy, uio); 6774 if (error) { 6775 err_out_now: 6776 sctp_m_freem(at); 6777 return (NULL); 6778 } 6779 SCTP_BUF_LEN(at) = willcpy; 6780 SCTP_BUF_NEXT_PKT(at) = SCTP_BUF_NEXT(at) = 0; 6781 left -= willcpy; 6782 if (left > 0) { 6783 SCTP_BUF_NEXT(at) = sctp_get_mbuf_for_msg(left, 0, M_WAITOK, 1, MT_DATA); 6784 if (SCTP_BUF_NEXT(at) == NULL) { 6785 goto err_out_now; 6786 } 6787 at = SCTP_BUF_NEXT(at); 6788 SCTP_BUF_LEN(at) = 0; 6789 cancpy = M_TRAILINGSPACE(at); 6790 willcpy = min(cancpy, left); 6791 } 6792 } 6793 return (ret); 6794} 6795 6796static int 6797sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m, 6798 struct sctp_sndrcvinfo *srcv) 6799{ 6800 int ret; 6801 struct sctp_copy_all *ca; 6802 6803 SCTP_MALLOC(ca, struct sctp_copy_all *, sizeof(struct sctp_copy_all), 6804 SCTP_M_COPYAL); 6805 if (ca == NULL) { 6806 sctp_m_freem(m); 6807 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 6808 return (ENOMEM); 6809 } 6810 memset(ca, 0, sizeof(struct sctp_copy_all)); 6811 6812 ca->inp = inp; 6813 if (srcv) { 6814 memcpy(&ca->sndrcv, srcv, sizeof(struct sctp_nonpad_sndrcvinfo)); 6815 } 6816 /* 6817 * take off the sendall flag, it would be bad if we failed to do 6818 * this :-0 6819 */ 6820 ca->sndrcv.sinfo_flags &= ~SCTP_SENDALL; 6821 /* get length and mbuf chain */ 6822 if (uio) { 6823 ca->sndlen = uio->uio_resid; 6824 ca->m = sctp_copy_out_all(uio, ca->sndlen); 6825 if (ca->m == NULL) { 6826 SCTP_FREE(ca, SCTP_M_COPYAL); 6827 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 6828 return (ENOMEM); 6829 } 6830 } else { 6831 /* Gather the length of the send */ 6832 struct mbuf *mat; 6833 6834 ca->sndlen = 0; 6835 for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) { 6836 ca->sndlen += SCTP_BUF_LEN(mat); 6837 } 6838 } 6839 ret = sctp_initiate_iterator(NULL, sctp_sendall_iterator, NULL, 6840 SCTP_PCB_ANY_FLAGS, SCTP_PCB_ANY_FEATURES, 6841 SCTP_ASOC_ANY_STATE, 6842 (void *)ca, 0, 6843 sctp_sendall_completes, inp, 1); 6844 if (ret) { 6845 SCTP_PRINTF("Failed to initiate iterator for sendall\n"); 6846 SCTP_FREE(ca, SCTP_M_COPYAL); 6847 SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT); 6848 return (EFAULT); 6849 } 6850 return (0); 6851} 6852 6853 6854void 6855sctp_toss_old_cookies(struct sctp_tcb *stcb, struct sctp_association *asoc) 6856{ 6857 struct sctp_tmit_chunk *chk, *nchk; 6858 6859 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) { 6860 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 6861 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 6862 if (chk->data) { 6863 sctp_m_freem(chk->data); 6864 chk->data = NULL; 6865 } 6866 asoc->ctrl_queue_cnt--; 6867 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 6868 } 6869 } 6870} 6871 6872void 6873sctp_toss_old_asconf(struct sctp_tcb *stcb) 6874{ 6875 struct sctp_association *asoc; 6876 struct sctp_tmit_chunk *chk, *nchk; 6877 struct sctp_asconf_chunk *acp; 6878 6879 asoc = &stcb->asoc; 6880 TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) { 6881 /* find SCTP_ASCONF chunk in queue */ 6882 if (chk->rec.chunk_id.id == SCTP_ASCONF) { 6883 if (chk->data) { 6884 acp = mtod(chk->data, struct sctp_asconf_chunk *); 6885 if (SCTP_TSN_GT(ntohl(acp->serial_number), asoc->asconf_seq_out_acked)) { 6886 /* Not Acked yet */ 6887 break; 6888 } 6889 } 6890 TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next); 6891 if (chk->data) { 6892 sctp_m_freem(chk->data); 6893 chk->data = NULL; 6894 } 6895 asoc->ctrl_queue_cnt--; 6896 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 6897 } 6898 } 6899} 6900 6901 6902static void 6903sctp_clean_up_datalist(struct sctp_tcb *stcb, 6904 struct sctp_association *asoc, 6905 struct sctp_tmit_chunk **data_list, 6906 int bundle_at, 6907 struct sctp_nets *net) 6908{ 6909 int i; 6910 struct sctp_tmit_chunk *tp1; 6911 6912 for (i = 0; i < bundle_at; i++) { 6913 /* off of the send queue */ 6914 TAILQ_REMOVE(&asoc->send_queue, data_list[i], sctp_next); 6915 asoc->send_queue_cnt--; 6916 if (i > 0) { 6917 /* 6918 * Any chunk NOT 0 you zap the time chunk 0 gets 6919 * zapped or set based on if a RTO measurment is 6920 * needed. 6921 */ 6922 data_list[i]->do_rtt = 0; 6923 } 6924 /* record time */ 6925 data_list[i]->sent_rcv_time = net->last_sent_time; 6926 data_list[i]->rec.data.cwnd_at_send = net->cwnd; 6927 data_list[i]->rec.data.fast_retran_tsn = data_list[i]->rec.data.TSN_seq; 6928 if (data_list[i]->whoTo == NULL) { 6929 data_list[i]->whoTo = net; 6930 atomic_add_int(&net->ref_count, 1); 6931 } 6932 /* on to the sent queue */ 6933 tp1 = TAILQ_LAST(&asoc->sent_queue, sctpchunk_listhead); 6934 if ((tp1) && SCTP_TSN_GT(tp1->rec.data.TSN_seq, data_list[i]->rec.data.TSN_seq)) { 6935 struct sctp_tmit_chunk *tpp; 6936 6937 /* need to move back */ 6938 back_up_more: 6939 tpp = TAILQ_PREV(tp1, sctpchunk_listhead, sctp_next); 6940 if (tpp == NULL) { 6941 TAILQ_INSERT_BEFORE(tp1, data_list[i], sctp_next); 6942 goto all_done; 6943 } 6944 tp1 = tpp; 6945 if (SCTP_TSN_GT(tp1->rec.data.TSN_seq, data_list[i]->rec.data.TSN_seq)) { 6946 goto back_up_more; 6947 } 6948 TAILQ_INSERT_AFTER(&asoc->sent_queue, tp1, data_list[i], sctp_next); 6949 } else { 6950 TAILQ_INSERT_TAIL(&asoc->sent_queue, 6951 data_list[i], 6952 sctp_next); 6953 } 6954all_done: 6955 /* This does not lower until the cum-ack passes it */ 6956 asoc->sent_queue_cnt++; 6957 if ((asoc->peers_rwnd <= 0) && 6958 (asoc->total_flight == 0) && 6959 (bundle_at == 1)) { 6960 /* Mark the chunk as being a window probe */ 6961 SCTP_STAT_INCR(sctps_windowprobed); 6962 } 6963#ifdef SCTP_AUDITING_ENABLED 6964 sctp_audit_log(0xC2, 3); 6965#endif 6966 data_list[i]->sent = SCTP_DATAGRAM_SENT; 6967 data_list[i]->snd_count = 1; 6968 data_list[i]->rec.data.chunk_was_revoked = 0; 6969 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) { 6970 sctp_misc_ints(SCTP_FLIGHT_LOG_UP, 6971 data_list[i]->whoTo->flight_size, 6972 data_list[i]->book_size, 6973 (uintptr_t) data_list[i]->whoTo, 6974 data_list[i]->rec.data.TSN_seq); 6975 } 6976 sctp_flight_size_increase(data_list[i]); 6977 sctp_total_flight_increase(stcb, data_list[i]); 6978 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) { 6979 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND, 6980 asoc->peers_rwnd, data_list[i]->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)); 6981 } 6982 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd, 6983 (uint32_t) (data_list[i]->send_size + SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))); 6984 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) { 6985 /* SWS sender side engages */ 6986 asoc->peers_rwnd = 0; 6987 } 6988 } 6989 if (asoc->cc_functions.sctp_cwnd_update_packet_transmitted) { 6990 (*asoc->cc_functions.sctp_cwnd_update_packet_transmitted) (stcb, net); 6991 } 6992} 6993 6994static void 6995sctp_clean_up_ctl(struct sctp_tcb *stcb, struct sctp_association *asoc, int so_locked 6996#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 6997 SCTP_UNUSED 6998#endif 6999) 7000{ 7001 struct sctp_tmit_chunk *chk, *nchk; 7002 7003 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) { 7004 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 7005 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK) || /* EY */ 7006 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) || 7007 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) || 7008 (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) || 7009 (chk->rec.chunk_id.id == SCTP_SHUTDOWN) || 7010 (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) || 7011 (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) || 7012 (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) || 7013 (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) || 7014 (chk->rec.chunk_id.id == SCTP_ECN_CWR) || 7015 (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) { 7016 /* Stray chunks must be cleaned up */ 7017 clean_up_anyway: 7018 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 7019 if (chk->data) { 7020 sctp_m_freem(chk->data); 7021 chk->data = NULL; 7022 } 7023 asoc->ctrl_queue_cnt--; 7024 if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) 7025 asoc->fwd_tsn_cnt--; 7026 sctp_free_a_chunk(stcb, chk, so_locked); 7027 } else if (chk->rec.chunk_id.id == SCTP_STREAM_RESET) { 7028 /* special handling, we must look into the param */ 7029 if (chk != asoc->str_reset) { 7030 goto clean_up_anyway; 7031 } 7032 } 7033 } 7034} 7035 7036 7037static int 7038sctp_can_we_split_this(struct sctp_tcb *stcb, 7039 uint32_t length, 7040 uint32_t goal_mtu, uint32_t frag_point, int eeor_on) 7041{ 7042 /* 7043 * Make a decision on if I should split a msg into multiple parts. 7044 * This is only asked of incomplete messages. 7045 */ 7046 if (eeor_on) { 7047 /* 7048 * If we are doing EEOR we need to always send it if its the 7049 * entire thing, since it might be all the guy is putting in 7050 * the hopper. 7051 */ 7052 if (goal_mtu >= length) { 7053 /*- 7054 * If we have data outstanding, 7055 * we get another chance when the sack 7056 * arrives to transmit - wait for more data 7057 */ 7058 if (stcb->asoc.total_flight == 0) { 7059 /* 7060 * If nothing is in flight, we zero the 7061 * packet counter. 7062 */ 7063 return (length); 7064 } 7065 return (0); 7066 7067 } else { 7068 /* You can fill the rest */ 7069 return (goal_mtu); 7070 } 7071 } 7072 /*- 7073 * For those strange folk that make the send buffer 7074 * smaller than our fragmentation point, we can't 7075 * get a full msg in so we have to allow splitting. 7076 */ 7077 if (SCTP_SB_LIMIT_SND(stcb->sctp_socket) < frag_point) { 7078 return (length); 7079 } 7080 if ((length <= goal_mtu) || 7081 ((length - goal_mtu) < SCTP_BASE_SYSCTL(sctp_min_residual))) { 7082 /* Sub-optimial residual don't split in non-eeor mode. */ 7083 return (0); 7084 } 7085 /* 7086 * If we reach here length is larger than the goal_mtu. Do we wish 7087 * to split it for the sake of packet putting together? 7088 */ 7089 if (goal_mtu >= min(SCTP_BASE_SYSCTL(sctp_min_split_point), frag_point)) { 7090 /* Its ok to split it */ 7091 return (min(goal_mtu, frag_point)); 7092 } 7093 /* Nope, can't split */ 7094 return (0); 7095 7096} 7097 7098static uint32_t 7099sctp_move_to_outqueue(struct sctp_tcb *stcb, 7100 struct sctp_stream_out *strq, 7101 uint32_t goal_mtu, 7102 uint32_t frag_point, 7103 int *locked, 7104 int *giveup, 7105 int eeor_mode, 7106 int *bail, 7107 int so_locked 7108#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 7109 SCTP_UNUSED 7110#endif 7111) 7112{ 7113 /* Move from the stream to the send_queue keeping track of the total */ 7114 struct sctp_association *asoc; 7115 struct sctp_stream_queue_pending *sp; 7116 struct sctp_tmit_chunk *chk; 7117 struct sctp_data_chunk *dchkh; 7118 uint32_t to_move, length; 7119 uint8_t rcv_flags = 0; 7120 uint8_t some_taken; 7121 uint8_t send_lock_up = 0; 7122 7123 SCTP_TCB_LOCK_ASSERT(stcb); 7124 asoc = &stcb->asoc; 7125one_more_time: 7126 /* sa_ignore FREED_MEMORY */ 7127 sp = TAILQ_FIRST(&strq->outqueue); 7128 if (sp == NULL) { 7129 *locked = 0; 7130 if (send_lock_up == 0) { 7131 SCTP_TCB_SEND_LOCK(stcb); 7132 send_lock_up = 1; 7133 } 7134 sp = TAILQ_FIRST(&strq->outqueue); 7135 if (sp) { 7136 goto one_more_time; 7137 } 7138 if (strq->last_msg_incomplete) { 7139 SCTP_PRINTF("Huh? Stream:%d lm_in_c=%d but queue is NULL\n", 7140 strq->stream_no, 7141 strq->last_msg_incomplete); 7142 strq->last_msg_incomplete = 0; 7143 } 7144 to_move = 0; 7145 if (send_lock_up) { 7146 SCTP_TCB_SEND_UNLOCK(stcb); 7147 send_lock_up = 0; 7148 } 7149 goto out_of; 7150 } 7151 if ((sp->msg_is_complete) && (sp->length == 0)) { 7152 if (sp->sender_all_done) { 7153 /* 7154 * We are doing differed cleanup. Last time through 7155 * when we took all the data the sender_all_done was 7156 * not set. 7157 */ 7158 if ((sp->put_last_out == 0) && (sp->discard_rest == 0)) { 7159 SCTP_PRINTF("Gak, put out entire msg with NO end!-1\n"); 7160 SCTP_PRINTF("sender_done:%d len:%d msg_comp:%d put_last_out:%d send_lock:%d\n", 7161 sp->sender_all_done, 7162 sp->length, 7163 sp->msg_is_complete, 7164 sp->put_last_out, 7165 send_lock_up); 7166 } 7167 if ((TAILQ_NEXT(sp, next) == NULL) && (send_lock_up == 0)) { 7168 SCTP_TCB_SEND_LOCK(stcb); 7169 send_lock_up = 1; 7170 } 7171 atomic_subtract_int(&asoc->stream_queue_cnt, 1); 7172 TAILQ_REMOVE(&strq->outqueue, sp, next); 7173 if ((strq->state == SCTP_STREAM_RESET_PENDING) && 7174 (strq->chunks_on_queues == 0) && 7175 TAILQ_EMPTY(&strq->outqueue)) { 7176 stcb->asoc.trigger_reset = 1; 7177 } 7178 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, strq, sp, send_lock_up); 7179 if (sp->net) { 7180 sctp_free_remote_addr(sp->net); 7181 sp->net = NULL; 7182 } 7183 if (sp->data) { 7184 sctp_m_freem(sp->data); 7185 sp->data = NULL; 7186 } 7187 sctp_free_a_strmoq(stcb, sp, so_locked); 7188 /* we can't be locked to it */ 7189 *locked = 0; 7190 stcb->asoc.locked_on_sending = NULL; 7191 if (send_lock_up) { 7192 SCTP_TCB_SEND_UNLOCK(stcb); 7193 send_lock_up = 0; 7194 } 7195 /* back to get the next msg */ 7196 goto one_more_time; 7197 } else { 7198 /* 7199 * sender just finished this but still holds a 7200 * reference 7201 */ 7202 *locked = 1; 7203 *giveup = 1; 7204 to_move = 0; 7205 goto out_of; 7206 } 7207 } else { 7208 /* is there some to get */ 7209 if (sp->length == 0) { 7210 /* no */ 7211 *locked = 1; 7212 *giveup = 1; 7213 to_move = 0; 7214 goto out_of; 7215 } else if (sp->discard_rest) { 7216 if (send_lock_up == 0) { 7217 SCTP_TCB_SEND_LOCK(stcb); 7218 send_lock_up = 1; 7219 } 7220 /* Whack down the size */ 7221 atomic_subtract_int(&stcb->asoc.total_output_queue_size, sp->length); 7222 if ((stcb->sctp_socket != NULL) && \ 7223 ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 7224 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) { 7225 atomic_subtract_int(&stcb->sctp_socket->so_snd.sb_cc, sp->length); 7226 } 7227 if (sp->data) { 7228 sctp_m_freem(sp->data); 7229 sp->data = NULL; 7230 sp->tail_mbuf = NULL; 7231 } 7232 sp->length = 0; 7233 sp->some_taken = 1; 7234 *locked = 1; 7235 *giveup = 1; 7236 to_move = 0; 7237 goto out_of; 7238 } 7239 } 7240 some_taken = sp->some_taken; 7241 if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { 7242 sp->msg_is_complete = 1; 7243 } 7244re_look: 7245 length = sp->length; 7246 if (sp->msg_is_complete) { 7247 /* The message is complete */ 7248 to_move = min(length, frag_point); 7249 if (to_move == length) { 7250 /* All of it fits in the MTU */ 7251 if (sp->some_taken) { 7252 rcv_flags |= SCTP_DATA_LAST_FRAG; 7253 sp->put_last_out = 1; 7254 } else { 7255 rcv_flags |= SCTP_DATA_NOT_FRAG; 7256 sp->put_last_out = 1; 7257 } 7258 } else { 7259 /* Not all of it fits, we fragment */ 7260 if (sp->some_taken == 0) { 7261 rcv_flags |= SCTP_DATA_FIRST_FRAG; 7262 } 7263 sp->some_taken = 1; 7264 } 7265 } else { 7266 to_move = sctp_can_we_split_this(stcb, length, goal_mtu, frag_point, eeor_mode); 7267 if (to_move) { 7268 /*- 7269 * We use a snapshot of length in case it 7270 * is expanding during the compare. 7271 */ 7272 uint32_t llen; 7273 7274 llen = length; 7275 if (to_move >= llen) { 7276 to_move = llen; 7277 if (send_lock_up == 0) { 7278 /*- 7279 * We are taking all of an incomplete msg 7280 * thus we need a send lock. 7281 */ 7282 SCTP_TCB_SEND_LOCK(stcb); 7283 send_lock_up = 1; 7284 if (sp->msg_is_complete) { 7285 /* 7286 * the sender finished the 7287 * msg 7288 */ 7289 goto re_look; 7290 } 7291 } 7292 } 7293 if (sp->some_taken == 0) { 7294 rcv_flags |= SCTP_DATA_FIRST_FRAG; 7295 sp->some_taken = 1; 7296 } 7297 } else { 7298 /* Nothing to take. */ 7299 if (sp->some_taken) { 7300 *locked = 1; 7301 } 7302 *giveup = 1; 7303 to_move = 0; 7304 goto out_of; 7305 } 7306 } 7307 7308 /* If we reach here, we can copy out a chunk */ 7309 sctp_alloc_a_chunk(stcb, chk); 7310 if (chk == NULL) { 7311 /* No chunk memory */ 7312 *giveup = 1; 7313 to_move = 0; 7314 goto out_of; 7315 } 7316 /* 7317 * Setup for unordered if needed by looking at the user sent info 7318 * flags. 7319 */ 7320 if (sp->sinfo_flags & SCTP_UNORDERED) { 7321 rcv_flags |= SCTP_DATA_UNORDERED; 7322 } 7323 if ((SCTP_BASE_SYSCTL(sctp_enable_sack_immediately) && ((sp->sinfo_flags & SCTP_EOF) == SCTP_EOF)) || 7324 ((sp->sinfo_flags & SCTP_SACK_IMMEDIATELY) == SCTP_SACK_IMMEDIATELY)) { 7325 rcv_flags |= SCTP_DATA_SACK_IMMEDIATELY; 7326 } 7327 /* clear out the chunk before setting up */ 7328 memset(chk, 0, sizeof(*chk)); 7329 chk->rec.data.rcv_flags = rcv_flags; 7330 7331 if (to_move >= length) { 7332 /* we think we can steal the whole thing */ 7333 if ((sp->sender_all_done == 0) && (send_lock_up == 0)) { 7334 SCTP_TCB_SEND_LOCK(stcb); 7335 send_lock_up = 1; 7336 } 7337 if (to_move < sp->length) { 7338 /* bail, it changed */ 7339 goto dont_do_it; 7340 } 7341 chk->data = sp->data; 7342 chk->last_mbuf = sp->tail_mbuf; 7343 /* register the stealing */ 7344 sp->data = sp->tail_mbuf = NULL; 7345 } else { 7346 struct mbuf *m; 7347 7348dont_do_it: 7349 chk->data = SCTP_M_COPYM(sp->data, 0, to_move, M_NOWAIT); 7350 chk->last_mbuf = NULL; 7351 if (chk->data == NULL) { 7352 sp->some_taken = some_taken; 7353 sctp_free_a_chunk(stcb, chk, so_locked); 7354 *bail = 1; 7355 to_move = 0; 7356 goto out_of; 7357 } 7358#ifdef SCTP_MBUF_LOGGING 7359 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 7360 sctp_log_mbc(chk->data, SCTP_MBUF_ICOPY); 7361 } 7362#endif 7363 /* Pull off the data */ 7364 m_adj(sp->data, to_move); 7365 /* Now lets work our way down and compact it */ 7366 m = sp->data; 7367 while (m && (SCTP_BUF_LEN(m) == 0)) { 7368 sp->data = SCTP_BUF_NEXT(m); 7369 SCTP_BUF_NEXT(m) = NULL; 7370 if (sp->tail_mbuf == m) { 7371 /*- 7372 * Freeing tail? TSNH since 7373 * we supposedly were taking less 7374 * than the sp->length. 7375 */ 7376#ifdef INVARIANTS 7377 panic("Huh, freing tail? - TSNH"); 7378#else 7379 SCTP_PRINTF("Huh, freeing tail? - TSNH\n"); 7380 sp->tail_mbuf = sp->data = NULL; 7381 sp->length = 0; 7382#endif 7383 7384 } 7385 sctp_m_free(m); 7386 m = sp->data; 7387 } 7388 } 7389 if (SCTP_BUF_IS_EXTENDED(chk->data)) { 7390 chk->copy_by_ref = 1; 7391 } else { 7392 chk->copy_by_ref = 0; 7393 } 7394 /* 7395 * get last_mbuf and counts of mb useage This is ugly but hopefully 7396 * its only one mbuf. 7397 */ 7398 if (chk->last_mbuf == NULL) { 7399 chk->last_mbuf = chk->data; 7400 while (SCTP_BUF_NEXT(chk->last_mbuf) != NULL) { 7401 chk->last_mbuf = SCTP_BUF_NEXT(chk->last_mbuf); 7402 } 7403 } 7404 if (to_move > length) { 7405 /*- This should not happen either 7406 * since we always lower to_move to the size 7407 * of sp->length if its larger. 7408 */ 7409#ifdef INVARIANTS 7410 panic("Huh, how can to_move be larger?"); 7411#else 7412 SCTP_PRINTF("Huh, how can to_move be larger?\n"); 7413 sp->length = 0; 7414#endif 7415 } else { 7416 atomic_subtract_int(&sp->length, to_move); 7417 } 7418 if (M_LEADINGSPACE(chk->data) < (int)sizeof(struct sctp_data_chunk)) { 7419 /* Not enough room for a chunk header, get some */ 7420 struct mbuf *m; 7421 7422 m = sctp_get_mbuf_for_msg(1, 0, M_NOWAIT, 0, MT_DATA); 7423 if (m == NULL) { 7424 /* 7425 * we're in trouble here. _PREPEND below will free 7426 * all the data if there is no leading space, so we 7427 * must put the data back and restore. 7428 */ 7429 if (send_lock_up == 0) { 7430 SCTP_TCB_SEND_LOCK(stcb); 7431 send_lock_up = 1; 7432 } 7433 if (sp->data == NULL) { 7434 /* unsteal the data */ 7435 sp->data = chk->data; 7436 sp->tail_mbuf = chk->last_mbuf; 7437 } else { 7438 struct mbuf *m_tmp; 7439 7440 /* reassemble the data */ 7441 m_tmp = sp->data; 7442 sp->data = chk->data; 7443 SCTP_BUF_NEXT(chk->last_mbuf) = m_tmp; 7444 } 7445 sp->some_taken = some_taken; 7446 atomic_add_int(&sp->length, to_move); 7447 chk->data = NULL; 7448 *bail = 1; 7449 sctp_free_a_chunk(stcb, chk, so_locked); 7450 to_move = 0; 7451 goto out_of; 7452 } else { 7453 SCTP_BUF_LEN(m) = 0; 7454 SCTP_BUF_NEXT(m) = chk->data; 7455 chk->data = m; 7456 M_ALIGN(chk->data, 4); 7457 } 7458 } 7459 SCTP_BUF_PREPEND(chk->data, sizeof(struct sctp_data_chunk), M_NOWAIT); 7460 if (chk->data == NULL) { 7461 /* HELP, TSNH since we assured it would not above? */ 7462#ifdef INVARIANTS 7463 panic("prepend failes HELP?"); 7464#else 7465 SCTP_PRINTF("prepend fails HELP?\n"); 7466 sctp_free_a_chunk(stcb, chk, so_locked); 7467#endif 7468 *bail = 1; 7469 to_move = 0; 7470 goto out_of; 7471 } 7472 sctp_snd_sb_alloc(stcb, sizeof(struct sctp_data_chunk)); 7473 chk->book_size = chk->send_size = (to_move + sizeof(struct sctp_data_chunk)); 7474 chk->book_size_scale = 0; 7475 chk->sent = SCTP_DATAGRAM_UNSENT; 7476 7477 chk->flags = 0; 7478 chk->asoc = &stcb->asoc; 7479 chk->pad_inplace = 0; 7480 chk->no_fr_allowed = 0; 7481 chk->rec.data.stream_seq = strq->next_sequence_send; 7482 if ((rcv_flags & SCTP_DATA_LAST_FRAG) && 7483 !(rcv_flags & SCTP_DATA_UNORDERED)) { 7484 strq->next_sequence_send++; 7485 } 7486 chk->rec.data.stream_number = sp->stream; 7487 chk->rec.data.payloadtype = sp->ppid; 7488 chk->rec.data.context = sp->context; 7489 chk->rec.data.doing_fast_retransmit = 0; 7490 7491 chk->rec.data.timetodrop = sp->ts; 7492 chk->flags = sp->act_flags; 7493 7494 if (sp->net) { 7495 chk->whoTo = sp->net; 7496 atomic_add_int(&chk->whoTo->ref_count, 1); 7497 } else 7498 chk->whoTo = NULL; 7499 7500 if (sp->holds_key_ref) { 7501 chk->auth_keyid = sp->auth_keyid; 7502 sctp_auth_key_acquire(stcb, chk->auth_keyid); 7503 chk->holds_key_ref = 1; 7504 } 7505 chk->rec.data.TSN_seq = atomic_fetchadd_int(&asoc->sending_seq, 1); 7506 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_AT_SEND_2_OUTQ) { 7507 sctp_misc_ints(SCTP_STRMOUT_LOG_SEND, 7508 (uintptr_t) stcb, sp->length, 7509 (uint32_t) ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq), 7510 chk->rec.data.TSN_seq); 7511 } 7512 dchkh = mtod(chk->data, struct sctp_data_chunk *); 7513 /* 7514 * Put the rest of the things in place now. Size was done earlier in 7515 * previous loop prior to padding. 7516 */ 7517 7518#ifdef SCTP_ASOCLOG_OF_TSNS 7519 SCTP_TCB_LOCK_ASSERT(stcb); 7520 if (asoc->tsn_out_at >= SCTP_TSN_LOG_SIZE) { 7521 asoc->tsn_out_at = 0; 7522 asoc->tsn_out_wrapped = 1; 7523 } 7524 asoc->out_tsnlog[asoc->tsn_out_at].tsn = chk->rec.data.TSN_seq; 7525 asoc->out_tsnlog[asoc->tsn_out_at].strm = chk->rec.data.stream_number; 7526 asoc->out_tsnlog[asoc->tsn_out_at].seq = chk->rec.data.stream_seq; 7527 asoc->out_tsnlog[asoc->tsn_out_at].sz = chk->send_size; 7528 asoc->out_tsnlog[asoc->tsn_out_at].flgs = chk->rec.data.rcv_flags; 7529 asoc->out_tsnlog[asoc->tsn_out_at].stcb = (void *)stcb; 7530 asoc->out_tsnlog[asoc->tsn_out_at].in_pos = asoc->tsn_out_at; 7531 asoc->out_tsnlog[asoc->tsn_out_at].in_out = 2; 7532 asoc->tsn_out_at++; 7533#endif 7534 7535 dchkh->ch.chunk_type = SCTP_DATA; 7536 dchkh->ch.chunk_flags = chk->rec.data.rcv_flags; 7537 dchkh->dp.tsn = htonl(chk->rec.data.TSN_seq); 7538 dchkh->dp.stream_id = htons(strq->stream_no); 7539 dchkh->dp.stream_sequence = htons(chk->rec.data.stream_seq); 7540 dchkh->dp.protocol_id = chk->rec.data.payloadtype; 7541 dchkh->ch.chunk_length = htons(chk->send_size); 7542 /* Now advance the chk->send_size by the actual pad needed. */ 7543 if (chk->send_size < SCTP_SIZE32(chk->book_size)) { 7544 /* need a pad */ 7545 struct mbuf *lm; 7546 int pads; 7547 7548 pads = SCTP_SIZE32(chk->book_size) - chk->send_size; 7549 lm = sctp_pad_lastmbuf(chk->data, pads, chk->last_mbuf); 7550 if (lm != NULL) { 7551 chk->last_mbuf = lm; 7552 chk->pad_inplace = 1; 7553 } 7554 chk->send_size += pads; 7555 } 7556 if (PR_SCTP_ENABLED(chk->flags)) { 7557 asoc->pr_sctp_cnt++; 7558 } 7559 if (sp->msg_is_complete && (sp->length == 0) && (sp->sender_all_done)) { 7560 /* All done pull and kill the message */ 7561 atomic_subtract_int(&asoc->stream_queue_cnt, 1); 7562 if (sp->put_last_out == 0) { 7563 SCTP_PRINTF("Gak, put out entire msg with NO end!-2\n"); 7564 SCTP_PRINTF("sender_done:%d len:%d msg_comp:%d put_last_out:%d send_lock:%d\n", 7565 sp->sender_all_done, 7566 sp->length, 7567 sp->msg_is_complete, 7568 sp->put_last_out, 7569 send_lock_up); 7570 } 7571 if ((send_lock_up == 0) && (TAILQ_NEXT(sp, next) == NULL)) { 7572 SCTP_TCB_SEND_LOCK(stcb); 7573 send_lock_up = 1; 7574 } 7575 TAILQ_REMOVE(&strq->outqueue, sp, next); 7576 if ((strq->state == SCTP_STREAM_RESET_PENDING) && 7577 (strq->chunks_on_queues == 0) && 7578 TAILQ_EMPTY(&strq->outqueue)) { 7579 stcb->asoc.trigger_reset = 1; 7580 } 7581 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, strq, sp, send_lock_up); 7582 if (sp->net) { 7583 sctp_free_remote_addr(sp->net); 7584 sp->net = NULL; 7585 } 7586 if (sp->data) { 7587 sctp_m_freem(sp->data); 7588 sp->data = NULL; 7589 } 7590 sctp_free_a_strmoq(stcb, sp, so_locked); 7591 7592 /* we can't be locked to it */ 7593 *locked = 0; 7594 stcb->asoc.locked_on_sending = NULL; 7595 } else { 7596 /* more to go, we are locked */ 7597 *locked = 1; 7598 } 7599 asoc->chunks_on_out_queue++; 7600 strq->chunks_on_queues++; 7601 TAILQ_INSERT_TAIL(&asoc->send_queue, chk, sctp_next); 7602 asoc->send_queue_cnt++; 7603out_of: 7604 if (send_lock_up) { 7605 SCTP_TCB_SEND_UNLOCK(stcb); 7606 } 7607 return (to_move); 7608} 7609 7610 7611static void 7612sctp_fill_outqueue(struct sctp_tcb *stcb, 7613 struct sctp_nets *net, int frag_point, int eeor_mode, int *quit_now, int so_locked 7614#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 7615 SCTP_UNUSED 7616#endif 7617) 7618{ 7619 struct sctp_association *asoc; 7620 struct sctp_stream_out *strq; 7621 int goal_mtu, moved_how_much, total_moved = 0, bail = 0; 7622 int locked, giveup; 7623 7624 SCTP_TCB_LOCK_ASSERT(stcb); 7625 asoc = &stcb->asoc; 7626 switch (net->ro._l_addr.sa.sa_family) { 7627#ifdef INET 7628 case AF_INET: 7629 goal_mtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 7630 break; 7631#endif 7632#ifdef INET6 7633 case AF_INET6: 7634 goal_mtu = net->mtu - SCTP_MIN_OVERHEAD; 7635 break; 7636#endif 7637 default: 7638 /* TSNH */ 7639 goal_mtu = net->mtu; 7640 break; 7641 } 7642 /* Need an allowance for the data chunk header too */ 7643 goal_mtu -= sizeof(struct sctp_data_chunk); 7644 7645 /* must make even word boundary */ 7646 goal_mtu &= 0xfffffffc; 7647 if (asoc->locked_on_sending) { 7648 /* We are stuck on one stream until the message completes. */ 7649 strq = asoc->locked_on_sending; 7650 locked = 1; 7651 } else { 7652 strq = stcb->asoc.ss_functions.sctp_ss_select_stream(stcb, net, asoc); 7653 locked = 0; 7654 } 7655 while ((goal_mtu > 0) && strq) { 7656 giveup = 0; 7657 bail = 0; 7658 moved_how_much = sctp_move_to_outqueue(stcb, strq, goal_mtu, frag_point, &locked, 7659 &giveup, eeor_mode, &bail, so_locked); 7660 if (moved_how_much) 7661 stcb->asoc.ss_functions.sctp_ss_scheduled(stcb, net, asoc, strq, moved_how_much); 7662 7663 if (locked) { 7664 asoc->locked_on_sending = strq; 7665 if ((moved_how_much == 0) || (giveup) || bail) 7666 /* no more to move for now */ 7667 break; 7668 } else { 7669 asoc->locked_on_sending = NULL; 7670 if ((giveup) || bail) { 7671 break; 7672 } 7673 strq = stcb->asoc.ss_functions.sctp_ss_select_stream(stcb, net, asoc); 7674 if (strq == NULL) { 7675 break; 7676 } 7677 } 7678 total_moved += moved_how_much; 7679 goal_mtu -= (moved_how_much + sizeof(struct sctp_data_chunk)); 7680 goal_mtu &= 0xfffffffc; 7681 } 7682 if (bail) 7683 *quit_now = 1; 7684 7685 stcb->asoc.ss_functions.sctp_ss_packet_done(stcb, net, asoc); 7686 7687 if (total_moved == 0) { 7688 if ((stcb->asoc.sctp_cmt_on_off == 0) && 7689 (net == stcb->asoc.primary_destination)) { 7690 /* ran dry for primary network net */ 7691 SCTP_STAT_INCR(sctps_primary_randry); 7692 } else if (stcb->asoc.sctp_cmt_on_off > 0) { 7693 /* ran dry with CMT on */ 7694 SCTP_STAT_INCR(sctps_cmt_randry); 7695 } 7696 } 7697} 7698 7699void 7700sctp_fix_ecn_echo(struct sctp_association *asoc) 7701{ 7702 struct sctp_tmit_chunk *chk; 7703 7704 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 7705 if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) { 7706 chk->sent = SCTP_DATAGRAM_UNSENT; 7707 } 7708 } 7709} 7710 7711void 7712sctp_move_chunks_from_net(struct sctp_tcb *stcb, struct sctp_nets *net) 7713{ 7714 struct sctp_association *asoc; 7715 struct sctp_tmit_chunk *chk; 7716 struct sctp_stream_queue_pending *sp; 7717 unsigned int i; 7718 7719 if (net == NULL) { 7720 return; 7721 } 7722 asoc = &stcb->asoc; 7723 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 7724 TAILQ_FOREACH(sp, &stcb->asoc.strmout[i].outqueue, next) { 7725 if (sp->net == net) { 7726 sctp_free_remote_addr(sp->net); 7727 sp->net = NULL; 7728 } 7729 } 7730 } 7731 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 7732 if (chk->whoTo == net) { 7733 sctp_free_remote_addr(chk->whoTo); 7734 chk->whoTo = NULL; 7735 } 7736 } 7737} 7738 7739int 7740sctp_med_chunk_output(struct sctp_inpcb *inp, 7741 struct sctp_tcb *stcb, 7742 struct sctp_association *asoc, 7743 int *num_out, 7744 int *reason_code, 7745 int control_only, int from_where, 7746 struct timeval *now, int *now_filled, int frag_point, int so_locked 7747#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 7748 SCTP_UNUSED 7749#endif 7750) 7751{ 7752 /** 7753 * Ok this is the generic chunk service queue. we must do the 7754 * following: - Service the stream queue that is next, moving any 7755 * message (note I must get a complete message i.e. FIRST/MIDDLE and 7756 * LAST to the out queue in one pass) and assigning TSN's - Check to 7757 * see if the cwnd/rwnd allows any output, if so we go ahead and 7758 * fomulate and send the low level chunks. Making sure to combine 7759 * any control in the control chunk queue also. 7760 */ 7761 struct sctp_nets *net, *start_at, *sack_goes_to = NULL, *old_start_at = NULL; 7762 struct mbuf *outchain, *endoutchain; 7763 struct sctp_tmit_chunk *chk, *nchk; 7764 7765 /* temp arrays for unlinking */ 7766 struct sctp_tmit_chunk *data_list[SCTP_MAX_DATA_BUNDLING]; 7767 int no_fragmentflg, error; 7768 unsigned int max_rwnd_per_dest, max_send_per_dest; 7769 int one_chunk, hbflag, skip_data_for_this_net; 7770 int asconf, cookie, no_out_cnt; 7771 int bundle_at, ctl_cnt, no_data_chunks, eeor_mode; 7772 unsigned int mtu, r_mtu, omtu, mx_mtu, to_out; 7773 int tsns_sent = 0; 7774 uint32_t auth_offset = 0; 7775 struct sctp_auth_chunk *auth = NULL; 7776 uint16_t auth_keyid; 7777 int override_ok = 1; 7778 int skip_fill_up = 0; 7779 int data_auth_reqd = 0; 7780 7781 /* 7782 * JRS 5/14/07 - Add flag for whether a heartbeat is sent to the 7783 * destination. 7784 */ 7785 int quit_now = 0; 7786 7787 *num_out = 0; 7788 *reason_code = 0; 7789 auth_keyid = stcb->asoc.authinfo.active_keyid; 7790 if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) || 7791 (asoc->state & SCTP_STATE_SHUTDOWN_RECEIVED) || 7792 (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR))) { 7793 eeor_mode = 1; 7794 } else { 7795 eeor_mode = 0; 7796 } 7797 ctl_cnt = no_out_cnt = asconf = cookie = 0; 7798 /* 7799 * First lets prime the pump. For each destination, if there is room 7800 * in the flight size, attempt to pull an MTU's worth out of the 7801 * stream queues into the general send_queue 7802 */ 7803#ifdef SCTP_AUDITING_ENABLED 7804 sctp_audit_log(0xC2, 2); 7805#endif 7806 SCTP_TCB_LOCK_ASSERT(stcb); 7807 hbflag = 0; 7808 if (control_only) 7809 no_data_chunks = 1; 7810 else 7811 no_data_chunks = 0; 7812 7813 /* Nothing to possible to send? */ 7814 if ((TAILQ_EMPTY(&asoc->control_send_queue) || 7815 (asoc->ctrl_queue_cnt == stcb->asoc.ecn_echo_cnt_onq)) && 7816 TAILQ_EMPTY(&asoc->asconf_send_queue) && 7817 TAILQ_EMPTY(&asoc->send_queue) && 7818 stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc)) { 7819nothing_to_send: 7820 *reason_code = 9; 7821 return (0); 7822 } 7823 if (asoc->peers_rwnd == 0) { 7824 /* No room in peers rwnd */ 7825 *reason_code = 1; 7826 if (asoc->total_flight > 0) { 7827 /* we are allowed one chunk in flight */ 7828 no_data_chunks = 1; 7829 } 7830 } 7831 if (stcb->asoc.ecn_echo_cnt_onq) { 7832 /* Record where a sack goes, if any */ 7833 if (no_data_chunks && 7834 (asoc->ctrl_queue_cnt == stcb->asoc.ecn_echo_cnt_onq)) { 7835 /* Nothing but ECNe to send - we don't do that */ 7836 goto nothing_to_send; 7837 } 7838 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 7839 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 7840 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK)) { 7841 sack_goes_to = chk->whoTo; 7842 break; 7843 } 7844 } 7845 } 7846 max_rwnd_per_dest = ((asoc->peers_rwnd + asoc->total_flight) / asoc->numnets); 7847 if (stcb->sctp_socket) 7848 max_send_per_dest = SCTP_SB_LIMIT_SND(stcb->sctp_socket) / asoc->numnets; 7849 else 7850 max_send_per_dest = 0; 7851 if (no_data_chunks == 0) { 7852 /* How many non-directed chunks are there? */ 7853 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 7854 if (chk->whoTo == NULL) { 7855 /* 7856 * We already have non-directed chunks on 7857 * the queue, no need to do a fill-up. 7858 */ 7859 skip_fill_up = 1; 7860 break; 7861 } 7862 } 7863 7864 } 7865 if ((no_data_chunks == 0) && 7866 (skip_fill_up == 0) && 7867 (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc))) { 7868 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 7869 /* 7870 * This for loop we are in takes in each net, if 7871 * its's got space in cwnd and has data sent to it 7872 * (when CMT is off) then it calls 7873 * sctp_fill_outqueue for the net. This gets data on 7874 * the send queue for that network. 7875 * 7876 * In sctp_fill_outqueue TSN's are assigned and data is 7877 * copied out of the stream buffers. Note mostly 7878 * copy by reference (we hope). 7879 */ 7880 net->window_probe = 0; 7881 if ((net != stcb->asoc.alternate) && 7882 ((net->dest_state & SCTP_ADDR_PF) || 7883 (!(net->dest_state & SCTP_ADDR_REACHABLE)) || 7884 (net->dest_state & SCTP_ADDR_UNCONFIRMED))) { 7885 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 7886 sctp_log_cwnd(stcb, net, 1, 7887 SCTP_CWND_LOG_FILL_OUTQ_CALLED); 7888 } 7889 continue; 7890 } 7891 if ((stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) && 7892 (net->flight_size == 0)) { 7893 (*stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) (stcb, net); 7894 } 7895 if (net->flight_size >= net->cwnd) { 7896 /* skip this network, no room - can't fill */ 7897 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 7898 sctp_log_cwnd(stcb, net, 3, 7899 SCTP_CWND_LOG_FILL_OUTQ_CALLED); 7900 } 7901 continue; 7902 } 7903 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 7904 sctp_log_cwnd(stcb, net, 4, SCTP_CWND_LOG_FILL_OUTQ_CALLED); 7905 } 7906 sctp_fill_outqueue(stcb, net, frag_point, eeor_mode, &quit_now, so_locked); 7907 if (quit_now) { 7908 /* memory alloc failure */ 7909 no_data_chunks = 1; 7910 break; 7911 } 7912 } 7913 } 7914 /* now service each destination and send out what we can for it */ 7915 /* Nothing to send? */ 7916 if (TAILQ_EMPTY(&asoc->control_send_queue) && 7917 TAILQ_EMPTY(&asoc->asconf_send_queue) && 7918 TAILQ_EMPTY(&asoc->send_queue)) { 7919 *reason_code = 8; 7920 return (0); 7921 } 7922 if (asoc->sctp_cmt_on_off > 0) { 7923 /* get the last start point */ 7924 start_at = asoc->last_net_cmt_send_started; 7925 if (start_at == NULL) { 7926 /* null so to beginning */ 7927 start_at = TAILQ_FIRST(&asoc->nets); 7928 } else { 7929 start_at = TAILQ_NEXT(asoc->last_net_cmt_send_started, sctp_next); 7930 if (start_at == NULL) { 7931 start_at = TAILQ_FIRST(&asoc->nets); 7932 } 7933 } 7934 asoc->last_net_cmt_send_started = start_at; 7935 } else { 7936 start_at = TAILQ_FIRST(&asoc->nets); 7937 } 7938 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 7939 if (chk->whoTo == NULL) { 7940 if (asoc->alternate) { 7941 chk->whoTo = asoc->alternate; 7942 } else { 7943 chk->whoTo = asoc->primary_destination; 7944 } 7945 atomic_add_int(&chk->whoTo->ref_count, 1); 7946 } 7947 } 7948 old_start_at = NULL; 7949again_one_more_time: 7950 for (net = start_at; net != NULL; net = TAILQ_NEXT(net, sctp_next)) { 7951 /* how much can we send? */ 7952 /* SCTPDBG("Examine for sending net:%x\n", (uint32_t)net); */ 7953 if (old_start_at && (old_start_at == net)) { 7954 /* through list ocmpletely. */ 7955 break; 7956 } 7957 tsns_sent = 0xa; 7958 if (TAILQ_EMPTY(&asoc->control_send_queue) && 7959 TAILQ_EMPTY(&asoc->asconf_send_queue) && 7960 (net->flight_size >= net->cwnd)) { 7961 /* 7962 * Nothing on control or asconf and flight is full, 7963 * we can skip even in the CMT case. 7964 */ 7965 continue; 7966 } 7967 bundle_at = 0; 7968 endoutchain = outchain = NULL; 7969 no_fragmentflg = 1; 7970 one_chunk = 0; 7971 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 7972 skip_data_for_this_net = 1; 7973 } else { 7974 skip_data_for_this_net = 0; 7975 } 7976 if ((net->ro.ro_rt) && (net->ro.ro_rt->rt_ifp)) { 7977 /* 7978 * if we have a route and an ifp check to see if we 7979 * have room to send to this guy 7980 */ 7981 struct ifnet *ifp; 7982 7983 ifp = net->ro.ro_rt->rt_ifp; 7984 if ((ifp->if_snd.ifq_len + 2) >= ifp->if_snd.ifq_maxlen) { 7985 SCTP_STAT_INCR(sctps_ifnomemqueued); 7986 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) { 7987 sctp_log_maxburst(stcb, net, ifp->if_snd.ifq_len, ifp->if_snd.ifq_maxlen, SCTP_MAX_IFP_APPLIED); 7988 } 7989 continue; 7990 } 7991 } 7992 switch (((struct sockaddr *)&net->ro._l_addr)->sa_family) { 7993#ifdef INET 7994 case AF_INET: 7995 mtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 7996 break; 7997#endif 7998#ifdef INET6 7999 case AF_INET6: 8000 mtu = net->mtu - SCTP_MIN_OVERHEAD; 8001 break; 8002#endif 8003 default: 8004 /* TSNH */ 8005 mtu = net->mtu; 8006 break; 8007 } 8008 mx_mtu = mtu; 8009 to_out = 0; 8010 if (mtu > asoc->peers_rwnd) { 8011 if (asoc->total_flight > 0) { 8012 /* We have a packet in flight somewhere */ 8013 r_mtu = asoc->peers_rwnd; 8014 } else { 8015 /* We are always allowed to send one MTU out */ 8016 one_chunk = 1; 8017 r_mtu = mtu; 8018 } 8019 } else { 8020 r_mtu = mtu; 8021 } 8022 error = 0; 8023 /************************/ 8024 /* ASCONF transmission */ 8025 /************************/ 8026 /* Now first lets go through the asconf queue */ 8027 TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) { 8028 if (chk->rec.chunk_id.id != SCTP_ASCONF) { 8029 continue; 8030 } 8031 if (chk->whoTo == NULL) { 8032 if (asoc->alternate == NULL) { 8033 if (asoc->primary_destination != net) { 8034 break; 8035 } 8036 } else { 8037 if (asoc->alternate != net) { 8038 break; 8039 } 8040 } 8041 } else { 8042 if (chk->whoTo != net) { 8043 break; 8044 } 8045 } 8046 if (chk->data == NULL) { 8047 break; 8048 } 8049 if (chk->sent != SCTP_DATAGRAM_UNSENT && 8050 chk->sent != SCTP_DATAGRAM_RESEND) { 8051 break; 8052 } 8053 /* 8054 * if no AUTH is yet included and this chunk 8055 * requires it, make sure to account for it. We 8056 * don't apply the size until the AUTH chunk is 8057 * actually added below in case there is no room for 8058 * this chunk. NOTE: we overload the use of "omtu" 8059 * here 8060 */ 8061 if ((auth == NULL) && 8062 sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 8063 stcb->asoc.peer_auth_chunks)) { 8064 omtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 8065 } else 8066 omtu = 0; 8067 /* Here we do NOT factor the r_mtu */ 8068 if ((chk->send_size < (int)(mtu - omtu)) || 8069 (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) { 8070 /* 8071 * We probably should glom the mbuf chain 8072 * from the chk->data for control but the 8073 * problem is it becomes yet one more level 8074 * of tracking to do if for some reason 8075 * output fails. Then I have got to 8076 * reconstruct the merged control chain.. el 8077 * yucko.. for now we take the easy way and 8078 * do the copy 8079 */ 8080 /* 8081 * Add an AUTH chunk, if chunk requires it 8082 * save the offset into the chain for AUTH 8083 */ 8084 if ((auth == NULL) && 8085 (sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 8086 stcb->asoc.peer_auth_chunks))) { 8087 outchain = sctp_add_auth_chunk(outchain, 8088 &endoutchain, 8089 &auth, 8090 &auth_offset, 8091 stcb, 8092 chk->rec.chunk_id.id); 8093 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 8094 } 8095 outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain, 8096 (int)chk->rec.chunk_id.can_take_data, 8097 chk->send_size, chk->copy_by_ref); 8098 if (outchain == NULL) { 8099 *reason_code = 8; 8100 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 8101 return (ENOMEM); 8102 } 8103 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 8104 /* update our MTU size */ 8105 if (mtu > (chk->send_size + omtu)) 8106 mtu -= (chk->send_size + omtu); 8107 else 8108 mtu = 0; 8109 to_out += (chk->send_size + omtu); 8110 /* Do clear IP_DF ? */ 8111 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 8112 no_fragmentflg = 0; 8113 } 8114 if (chk->rec.chunk_id.can_take_data) 8115 chk->data = NULL; 8116 /* 8117 * set hb flag since we can use these for 8118 * RTO 8119 */ 8120 hbflag = 1; 8121 asconf = 1; 8122 /* 8123 * should sysctl this: don't bundle data 8124 * with ASCONF since it requires AUTH 8125 */ 8126 no_data_chunks = 1; 8127 chk->sent = SCTP_DATAGRAM_SENT; 8128 if (chk->whoTo == NULL) { 8129 chk->whoTo = net; 8130 atomic_add_int(&net->ref_count, 1); 8131 } 8132 chk->snd_count++; 8133 if (mtu == 0) { 8134 /* 8135 * Ok we are out of room but we can 8136 * output without effecting the 8137 * flight size since this little guy 8138 * is a control only packet. 8139 */ 8140 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, net); 8141 /* 8142 * do NOT clear the asconf flag as 8143 * it is used to do appropriate 8144 * source address selection. 8145 */ 8146 if (*now_filled == 0) { 8147 (void)SCTP_GETTIME_TIMEVAL(now); 8148 *now_filled = 1; 8149 } 8150 net->last_sent_time = *now; 8151 hbflag = 0; 8152 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 8153 (struct sockaddr *)&net->ro._l_addr, 8154 outchain, auth_offset, auth, 8155 stcb->asoc.authinfo.active_keyid, 8156 no_fragmentflg, 0, asconf, 8157 inp->sctp_lport, stcb->rport, 8158 htonl(stcb->asoc.peer_vtag), 8159 net->port, NULL, 8160 0, 0, 8161 so_locked))) { 8162 /* 8163 * error, we could not 8164 * output 8165 */ 8166 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Gak send error %d\n", error); 8167 if (from_where == 0) { 8168 SCTP_STAT_INCR(sctps_lowlevelerrusr); 8169 } 8170 if (error == ENOBUFS) { 8171 asoc->ifp_had_enobuf = 1; 8172 SCTP_STAT_INCR(sctps_lowlevelerr); 8173 } 8174 /* error, could not output */ 8175 if (error == EHOSTUNREACH) { 8176 /* 8177 * Destination went 8178 * unreachable 8179 * during this send 8180 */ 8181 sctp_move_chunks_from_net(stcb, net); 8182 } 8183 *reason_code = 7; 8184 break; 8185 } else { 8186 asoc->ifp_had_enobuf = 0; 8187 } 8188 /* 8189 * increase the number we sent, if a 8190 * cookie is sent we don't tell them 8191 * any was sent out. 8192 */ 8193 outchain = endoutchain = NULL; 8194 auth = NULL; 8195 auth_offset = 0; 8196 if (!no_out_cnt) 8197 *num_out += ctl_cnt; 8198 /* recalc a clean slate and setup */ 8199 switch (net->ro._l_addr.sa.sa_family) { 8200#ifdef INET 8201 case AF_INET: 8202 mtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 8203 break; 8204#endif 8205#ifdef INET6 8206 case AF_INET6: 8207 mtu = net->mtu - SCTP_MIN_OVERHEAD; 8208 break; 8209#endif 8210 default: 8211 /* TSNH */ 8212 mtu = net->mtu; 8213 break; 8214 } 8215 to_out = 0; 8216 no_fragmentflg = 1; 8217 } 8218 } 8219 } 8220 if (error != 0) { 8221 /* try next net */ 8222 continue; 8223 } 8224 /************************/ 8225 /* Control transmission */ 8226 /************************/ 8227 /* Now first lets go through the control queue */ 8228 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) { 8229 if ((sack_goes_to) && 8230 (chk->rec.chunk_id.id == SCTP_ECN_ECHO) && 8231 (chk->whoTo != sack_goes_to)) { 8232 /* 8233 * if we have a sack in queue, and we are 8234 * looking at an ecn echo that is NOT queued 8235 * to where the sack is going.. 8236 */ 8237 if (chk->whoTo == net) { 8238 /* 8239 * Don't transmit it to where its 8240 * going (current net) 8241 */ 8242 continue; 8243 } else if (sack_goes_to == net) { 8244 /* 8245 * But do transmit it to this 8246 * address 8247 */ 8248 goto skip_net_check; 8249 } 8250 } 8251 if (chk->whoTo == NULL) { 8252 if (asoc->alternate == NULL) { 8253 if (asoc->primary_destination != net) { 8254 continue; 8255 } 8256 } else { 8257 if (asoc->alternate != net) { 8258 continue; 8259 } 8260 } 8261 } else { 8262 if (chk->whoTo != net) { 8263 continue; 8264 } 8265 } 8266 skip_net_check: 8267 if (chk->data == NULL) { 8268 continue; 8269 } 8270 if (chk->sent != SCTP_DATAGRAM_UNSENT) { 8271 /* 8272 * It must be unsent. Cookies and ASCONF's 8273 * hang around but there timers will force 8274 * when marked for resend. 8275 */ 8276 continue; 8277 } 8278 /* 8279 * if no AUTH is yet included and this chunk 8280 * requires it, make sure to account for it. We 8281 * don't apply the size until the AUTH chunk is 8282 * actually added below in case there is no room for 8283 * this chunk. NOTE: we overload the use of "omtu" 8284 * here 8285 */ 8286 if ((auth == NULL) && 8287 sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 8288 stcb->asoc.peer_auth_chunks)) { 8289 omtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 8290 } else 8291 omtu = 0; 8292 /* Here we do NOT factor the r_mtu */ 8293 if ((chk->send_size <= (int)(mtu - omtu)) || 8294 (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) { 8295 /* 8296 * We probably should glom the mbuf chain 8297 * from the chk->data for control but the 8298 * problem is it becomes yet one more level 8299 * of tracking to do if for some reason 8300 * output fails. Then I have got to 8301 * reconstruct the merged control chain.. el 8302 * yucko.. for now we take the easy way and 8303 * do the copy 8304 */ 8305 /* 8306 * Add an AUTH chunk, if chunk requires it 8307 * save the offset into the chain for AUTH 8308 */ 8309 if ((auth == NULL) && 8310 (sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 8311 stcb->asoc.peer_auth_chunks))) { 8312 outchain = sctp_add_auth_chunk(outchain, 8313 &endoutchain, 8314 &auth, 8315 &auth_offset, 8316 stcb, 8317 chk->rec.chunk_id.id); 8318 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 8319 } 8320 outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain, 8321 (int)chk->rec.chunk_id.can_take_data, 8322 chk->send_size, chk->copy_by_ref); 8323 if (outchain == NULL) { 8324 *reason_code = 8; 8325 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 8326 return (ENOMEM); 8327 } 8328 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 8329 /* update our MTU size */ 8330 if (mtu > (chk->send_size + omtu)) 8331 mtu -= (chk->send_size + omtu); 8332 else 8333 mtu = 0; 8334 to_out += (chk->send_size + omtu); 8335 /* Do clear IP_DF ? */ 8336 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 8337 no_fragmentflg = 0; 8338 } 8339 if (chk->rec.chunk_id.can_take_data) 8340 chk->data = NULL; 8341 /* Mark things to be removed, if needed */ 8342 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 8343 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK) || /* EY */ 8344 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) || 8345 (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) || 8346 (chk->rec.chunk_id.id == SCTP_SHUTDOWN) || 8347 (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) || 8348 (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) || 8349 (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) || 8350 (chk->rec.chunk_id.id == SCTP_ECN_CWR) || 8351 (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) || 8352 (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) { 8353 if (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) { 8354 hbflag = 1; 8355 } 8356 /* remove these chunks at the end */ 8357 if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) || 8358 (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK)) { 8359 /* turn off the timer */ 8360 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) { 8361 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 8362 inp, stcb, net, 8363 SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_1); 8364 } 8365 } 8366 ctl_cnt++; 8367 } else { 8368 /* 8369 * Other chunks, since they have 8370 * timers running (i.e. COOKIE) we 8371 * just "trust" that it gets sent or 8372 * retransmitted. 8373 */ 8374 ctl_cnt++; 8375 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 8376 cookie = 1; 8377 no_out_cnt = 1; 8378 } else if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) { 8379 /* 8380 * Increment ecne send count 8381 * here this means we may be 8382 * over-zealous in our 8383 * counting if the send 8384 * fails, but its the best 8385 * place to do it (we used 8386 * to do it in the queue of 8387 * the chunk, but that did 8388 * not tell how many times 8389 * it was sent. 8390 */ 8391 SCTP_STAT_INCR(sctps_sendecne); 8392 } 8393 chk->sent = SCTP_DATAGRAM_SENT; 8394 if (chk->whoTo == NULL) { 8395 chk->whoTo = net; 8396 atomic_add_int(&net->ref_count, 1); 8397 } 8398 chk->snd_count++; 8399 } 8400 if (mtu == 0) { 8401 /* 8402 * Ok we are out of room but we can 8403 * output without effecting the 8404 * flight size since this little guy 8405 * is a control only packet. 8406 */ 8407 if (asconf) { 8408 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, net); 8409 /* 8410 * do NOT clear the asconf 8411 * flag as it is used to do 8412 * appropriate source 8413 * address selection. 8414 */ 8415 } 8416 if (cookie) { 8417 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net); 8418 cookie = 0; 8419 } 8420 /* Only HB or ASCONF advances time */ 8421 if (hbflag) { 8422 if (*now_filled == 0) { 8423 (void)SCTP_GETTIME_TIMEVAL(now); 8424 *now_filled = 1; 8425 } 8426 net->last_sent_time = *now; 8427 hbflag = 0; 8428 } 8429 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 8430 (struct sockaddr *)&net->ro._l_addr, 8431 outchain, 8432 auth_offset, auth, 8433 stcb->asoc.authinfo.active_keyid, 8434 no_fragmentflg, 0, asconf, 8435 inp->sctp_lport, stcb->rport, 8436 htonl(stcb->asoc.peer_vtag), 8437 net->port, NULL, 8438 0, 0, 8439 so_locked))) { 8440 /* 8441 * error, we could not 8442 * output 8443 */ 8444 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Gak send error %d\n", error); 8445 if (from_where == 0) { 8446 SCTP_STAT_INCR(sctps_lowlevelerrusr); 8447 } 8448 if (error == ENOBUFS) { 8449 asoc->ifp_had_enobuf = 1; 8450 SCTP_STAT_INCR(sctps_lowlevelerr); 8451 } 8452 if (error == EHOSTUNREACH) { 8453 /* 8454 * Destination went 8455 * unreachable 8456 * during this send 8457 */ 8458 sctp_move_chunks_from_net(stcb, net); 8459 } 8460 *reason_code = 7; 8461 break; 8462 } else { 8463 asoc->ifp_had_enobuf = 0; 8464 } 8465 /* 8466 * increase the number we sent, if a 8467 * cookie is sent we don't tell them 8468 * any was sent out. 8469 */ 8470 outchain = endoutchain = NULL; 8471 auth = NULL; 8472 auth_offset = 0; 8473 if (!no_out_cnt) 8474 *num_out += ctl_cnt; 8475 /* recalc a clean slate and setup */ 8476 switch (net->ro._l_addr.sa.sa_family) { 8477#ifdef INET 8478 case AF_INET: 8479 mtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 8480 break; 8481#endif 8482#ifdef INET6 8483 case AF_INET6: 8484 mtu = net->mtu - SCTP_MIN_OVERHEAD; 8485 break; 8486#endif 8487 default: 8488 /* TSNH */ 8489 mtu = net->mtu; 8490 break; 8491 } 8492 to_out = 0; 8493 no_fragmentflg = 1; 8494 } 8495 } 8496 } 8497 if (error != 0) { 8498 /* try next net */ 8499 continue; 8500 } 8501 /* JRI: if dest is in PF state, do not send data to it */ 8502 if ((asoc->sctp_cmt_on_off > 0) && 8503 (net != stcb->asoc.alternate) && 8504 (net->dest_state & SCTP_ADDR_PF)) { 8505 goto no_data_fill; 8506 } 8507 if (net->flight_size >= net->cwnd) { 8508 goto no_data_fill; 8509 } 8510 if ((asoc->sctp_cmt_on_off > 0) && 8511 (SCTP_BASE_SYSCTL(sctp_buffer_splitting) & SCTP_RECV_BUFFER_SPLITTING) && 8512 (net->flight_size > max_rwnd_per_dest)) { 8513 goto no_data_fill; 8514 } 8515 /* 8516 * We need a specific accounting for the usage of the send 8517 * buffer. We also need to check the number of messages per 8518 * net. For now, this is better than nothing and it disabled 8519 * by default... 8520 */ 8521 if ((asoc->sctp_cmt_on_off > 0) && 8522 (SCTP_BASE_SYSCTL(sctp_buffer_splitting) & SCTP_SEND_BUFFER_SPLITTING) && 8523 (max_send_per_dest > 0) && 8524 (net->flight_size > max_send_per_dest)) { 8525 goto no_data_fill; 8526 } 8527 /*********************/ 8528 /* Data transmission */ 8529 /*********************/ 8530 /* 8531 * if AUTH for DATA is required and no AUTH has been added 8532 * yet, account for this in the mtu now... if no data can be 8533 * bundled, this adjustment won't matter anyways since the 8534 * packet will be going out... 8535 */ 8536 data_auth_reqd = sctp_auth_is_required_chunk(SCTP_DATA, 8537 stcb->asoc.peer_auth_chunks); 8538 if (data_auth_reqd && (auth == NULL)) { 8539 mtu -= sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 8540 } 8541 /* now lets add any data within the MTU constraints */ 8542 switch (((struct sockaddr *)&net->ro._l_addr)->sa_family) { 8543#ifdef INET 8544 case AF_INET: 8545 if (net->mtu > SCTP_MIN_V4_OVERHEAD) 8546 omtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 8547 else 8548 omtu = 0; 8549 break; 8550#endif 8551#ifdef INET6 8552 case AF_INET6: 8553 if (net->mtu > SCTP_MIN_OVERHEAD) 8554 omtu = net->mtu - SCTP_MIN_OVERHEAD; 8555 else 8556 omtu = 0; 8557 break; 8558#endif 8559 default: 8560 /* TSNH */ 8561 omtu = 0; 8562 break; 8563 } 8564 if ((((SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) || 8565 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) && 8566 (skip_data_for_this_net == 0)) || 8567 (cookie)) { 8568 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { 8569 if (no_data_chunks) { 8570 /* let only control go out */ 8571 *reason_code = 1; 8572 break; 8573 } 8574 if (net->flight_size >= net->cwnd) { 8575 /* skip this net, no room for data */ 8576 *reason_code = 2; 8577 break; 8578 } 8579 if ((chk->whoTo != NULL) && 8580 (chk->whoTo != net)) { 8581 /* Don't send the chunk on this net */ 8582 continue; 8583 } 8584 if (asoc->sctp_cmt_on_off == 0) { 8585 if ((asoc->alternate) && 8586 (asoc->alternate != net) && 8587 (chk->whoTo == NULL)) { 8588 continue; 8589 } else if ((net != asoc->primary_destination) && 8590 (asoc->alternate == NULL) && 8591 (chk->whoTo == NULL)) { 8592 continue; 8593 } 8594 } 8595 if ((chk->send_size > omtu) && ((chk->flags & CHUNK_FLAGS_FRAGMENT_OK) == 0)) { 8596 /*- 8597 * strange, we have a chunk that is 8598 * to big for its destination and 8599 * yet no fragment ok flag. 8600 * Something went wrong when the 8601 * PMTU changed...we did not mark 8602 * this chunk for some reason?? I 8603 * will fix it here by letting IP 8604 * fragment it for now and printing 8605 * a warning. This really should not 8606 * happen ... 8607 */ 8608 SCTP_PRINTF("Warning chunk of %d bytes > mtu:%d and yet PMTU disc missed\n", 8609 chk->send_size, mtu); 8610 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 8611 } 8612 if (SCTP_BASE_SYSCTL(sctp_enable_sack_immediately) && 8613 ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) == SCTP_STATE_SHUTDOWN_PENDING)) { 8614 struct sctp_data_chunk *dchkh; 8615 8616 dchkh = mtod(chk->data, struct sctp_data_chunk *); 8617 dchkh->ch.chunk_flags |= SCTP_DATA_SACK_IMMEDIATELY; 8618 } 8619 if (((chk->send_size <= mtu) && (chk->send_size <= r_mtu)) || 8620 ((chk->flags & CHUNK_FLAGS_FRAGMENT_OK) && (chk->send_size <= asoc->peers_rwnd))) { 8621 /* ok we will add this one */ 8622 8623 /* 8624 * Add an AUTH chunk, if chunk 8625 * requires it, save the offset into 8626 * the chain for AUTH 8627 */ 8628 if (data_auth_reqd) { 8629 if (auth == NULL) { 8630 outchain = sctp_add_auth_chunk(outchain, 8631 &endoutchain, 8632 &auth, 8633 &auth_offset, 8634 stcb, 8635 SCTP_DATA); 8636 auth_keyid = chk->auth_keyid; 8637 override_ok = 0; 8638 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 8639 } else if (override_ok) { 8640 /* 8641 * use this data's 8642 * keyid 8643 */ 8644 auth_keyid = chk->auth_keyid; 8645 override_ok = 0; 8646 } else if (auth_keyid != chk->auth_keyid) { 8647 /* 8648 * different keyid, 8649 * so done bundling 8650 */ 8651 break; 8652 } 8653 } 8654 outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain, 0, 8655 chk->send_size, chk->copy_by_ref); 8656 if (outchain == NULL) { 8657 SCTPDBG(SCTP_DEBUG_OUTPUT3, "No memory?\n"); 8658 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 8659 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 8660 } 8661 *reason_code = 3; 8662 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 8663 return (ENOMEM); 8664 } 8665 /* upate our MTU size */ 8666 /* Do clear IP_DF ? */ 8667 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 8668 no_fragmentflg = 0; 8669 } 8670 /* unsigned subtraction of mtu */ 8671 if (mtu > chk->send_size) 8672 mtu -= chk->send_size; 8673 else 8674 mtu = 0; 8675 /* unsigned subtraction of r_mtu */ 8676 if (r_mtu > chk->send_size) 8677 r_mtu -= chk->send_size; 8678 else 8679 r_mtu = 0; 8680 8681 to_out += chk->send_size; 8682 if ((to_out > mx_mtu) && no_fragmentflg) { 8683#ifdef INVARIANTS 8684 panic("Exceeding mtu of %d out size is %d", mx_mtu, to_out); 8685#else 8686 SCTP_PRINTF("Exceeding mtu of %d out size is %d\n", 8687 mx_mtu, to_out); 8688#endif 8689 } 8690 chk->window_probe = 0; 8691 data_list[bundle_at++] = chk; 8692 if (bundle_at >= SCTP_MAX_DATA_BUNDLING) { 8693 break; 8694 } 8695 if (chk->sent == SCTP_DATAGRAM_UNSENT) { 8696 if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) { 8697 SCTP_STAT_INCR_COUNTER64(sctps_outorderchunks); 8698 } else { 8699 SCTP_STAT_INCR_COUNTER64(sctps_outunorderchunks); 8700 } 8701 if (((chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) == SCTP_DATA_LAST_FRAG) && 8702 ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0)) 8703 /* 8704 * Count number of 8705 * user msg's that 8706 * were fragmented 8707 * we do this by 8708 * counting when we 8709 * see a LAST 8710 * fragment only. 8711 */ 8712 SCTP_STAT_INCR_COUNTER64(sctps_fragusrmsgs); 8713 } 8714 if ((mtu == 0) || (r_mtu == 0) || (one_chunk)) { 8715 if ((one_chunk) && (stcb->asoc.total_flight == 0)) { 8716 data_list[0]->window_probe = 1; 8717 net->window_probe = 1; 8718 } 8719 break; 8720 } 8721 } else { 8722 /* 8723 * Must be sent in order of the 8724 * TSN's (on a network) 8725 */ 8726 break; 8727 } 8728 } /* for (chunk gather loop for this net) */ 8729 } /* if asoc.state OPEN */ 8730no_data_fill: 8731 /* Is there something to send for this destination? */ 8732 if (outchain) { 8733 /* We may need to start a control timer or two */ 8734 if (asconf) { 8735 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, 8736 stcb, net); 8737 /* 8738 * do NOT clear the asconf flag as it is 8739 * used to do appropriate source address 8740 * selection. 8741 */ 8742 } 8743 if (cookie) { 8744 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net); 8745 cookie = 0; 8746 } 8747 /* must start a send timer if data is being sent */ 8748 if (bundle_at && (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer))) { 8749 /* 8750 * no timer running on this destination 8751 * restart it. 8752 */ 8753 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 8754 } 8755 if (bundle_at || hbflag) { 8756 /* For data/asconf and hb set time */ 8757 if (*now_filled == 0) { 8758 (void)SCTP_GETTIME_TIMEVAL(now); 8759 *now_filled = 1; 8760 } 8761 net->last_sent_time = *now; 8762 } 8763 /* Now send it, if there is anything to send :> */ 8764 if ((error = sctp_lowlevel_chunk_output(inp, 8765 stcb, 8766 net, 8767 (struct sockaddr *)&net->ro._l_addr, 8768 outchain, 8769 auth_offset, 8770 auth, 8771 auth_keyid, 8772 no_fragmentflg, 8773 bundle_at, 8774 asconf, 8775 inp->sctp_lport, stcb->rport, 8776 htonl(stcb->asoc.peer_vtag), 8777 net->port, NULL, 8778 0, 0, 8779 so_locked))) { 8780 /* error, we could not output */ 8781 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Gak send error %d\n", error); 8782 if (from_where == 0) { 8783 SCTP_STAT_INCR(sctps_lowlevelerrusr); 8784 } 8785 if (error == ENOBUFS) { 8786 SCTP_STAT_INCR(sctps_lowlevelerr); 8787 asoc->ifp_had_enobuf = 1; 8788 } 8789 if (error == EHOSTUNREACH) { 8790 /* 8791 * Destination went unreachable 8792 * during this send 8793 */ 8794 sctp_move_chunks_from_net(stcb, net); 8795 } 8796 *reason_code = 6; 8797 /*- 8798 * I add this line to be paranoid. As far as 8799 * I can tell the continue, takes us back to 8800 * the top of the for, but just to make sure 8801 * I will reset these again here. 8802 */ 8803 ctl_cnt = bundle_at = 0; 8804 continue; /* This takes us back to the 8805 * for() for the nets. */ 8806 } else { 8807 asoc->ifp_had_enobuf = 0; 8808 } 8809 endoutchain = NULL; 8810 auth = NULL; 8811 auth_offset = 0; 8812 if (!no_out_cnt) { 8813 *num_out += (ctl_cnt + bundle_at); 8814 } 8815 if (bundle_at) { 8816 /* setup for a RTO measurement */ 8817 tsns_sent = data_list[0]->rec.data.TSN_seq; 8818 /* fill time if not already filled */ 8819 if (*now_filled == 0) { 8820 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_last_sent); 8821 *now_filled = 1; 8822 *now = asoc->time_last_sent; 8823 } else { 8824 asoc->time_last_sent = *now; 8825 } 8826 if (net->rto_needed) { 8827 data_list[0]->do_rtt = 1; 8828 net->rto_needed = 0; 8829 } 8830 SCTP_STAT_INCR_BY(sctps_senddata, bundle_at); 8831 sctp_clean_up_datalist(stcb, asoc, data_list, bundle_at, net); 8832 } 8833 if (one_chunk) { 8834 break; 8835 } 8836 } 8837 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 8838 sctp_log_cwnd(stcb, net, tsns_sent, SCTP_CWND_LOG_FROM_SEND); 8839 } 8840 } 8841 if (old_start_at == NULL) { 8842 old_start_at = start_at; 8843 start_at = TAILQ_FIRST(&asoc->nets); 8844 if (old_start_at) 8845 goto again_one_more_time; 8846 } 8847 /* 8848 * At the end there should be no NON timed chunks hanging on this 8849 * queue. 8850 */ 8851 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 8852 sctp_log_cwnd(stcb, net, *num_out, SCTP_CWND_LOG_FROM_SEND); 8853 } 8854 if ((*num_out == 0) && (*reason_code == 0)) { 8855 *reason_code = 4; 8856 } else { 8857 *reason_code = 5; 8858 } 8859 sctp_clean_up_ctl(stcb, asoc, so_locked); 8860 return (0); 8861} 8862 8863void 8864sctp_queue_op_err(struct sctp_tcb *stcb, struct mbuf *op_err) 8865{ 8866 /*- 8867 * Prepend a OPERATIONAL_ERROR chunk header and put on the end of 8868 * the control chunk queue. 8869 */ 8870 struct sctp_chunkhdr *hdr; 8871 struct sctp_tmit_chunk *chk; 8872 struct mbuf *mat, *last_mbuf; 8873 uint32_t chunk_length; 8874 uint16_t padding_length; 8875 8876 SCTP_TCB_LOCK_ASSERT(stcb); 8877 SCTP_BUF_PREPEND(op_err, sizeof(struct sctp_chunkhdr), M_NOWAIT); 8878 if (op_err == NULL) { 8879 return; 8880 } 8881 last_mbuf = NULL; 8882 chunk_length = 0; 8883 for (mat = op_err; mat != NULL; mat = SCTP_BUF_NEXT(mat)) { 8884 chunk_length += SCTP_BUF_LEN(mat); 8885 if (SCTP_BUF_NEXT(mat) == NULL) { 8886 last_mbuf = mat; 8887 } 8888 } 8889 if (chunk_length > SCTP_MAX_CHUNK_LENGTH) { 8890 sctp_m_freem(op_err); 8891 return; 8892 } 8893 padding_length = chunk_length % 4; 8894 if (padding_length != 0) { 8895 padding_length = 4 - padding_length; 8896 } 8897 if (padding_length != 0) { 8898 if (sctp_add_pad_tombuf(last_mbuf, padding_length) == NULL) { 8899 sctp_m_freem(op_err); 8900 return; 8901 } 8902 } 8903 sctp_alloc_a_chunk(stcb, chk); 8904 if (chk == NULL) { 8905 /* no memory */ 8906 sctp_m_freem(op_err); 8907 return; 8908 } 8909 chk->copy_by_ref = 0; 8910 chk->send_size = (uint16_t) chunk_length; 8911 chk->sent = SCTP_DATAGRAM_UNSENT; 8912 chk->snd_count = 0; 8913 chk->asoc = &stcb->asoc; 8914 chk->data = op_err; 8915 chk->whoTo = NULL; 8916 hdr = mtod(op_err, struct sctp_chunkhdr *); 8917 hdr->chunk_type = SCTP_OPERATION_ERROR; 8918 hdr->chunk_flags = 0; 8919 hdr->chunk_length = htons(chk->send_size); 8920 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 8921 chk->asoc->ctrl_queue_cnt++; 8922} 8923 8924int 8925sctp_send_cookie_echo(struct mbuf *m, 8926 int offset, 8927 struct sctp_tcb *stcb, 8928 struct sctp_nets *net) 8929{ 8930 /*- 8931 * pull out the cookie and put it at the front of the control chunk 8932 * queue. 8933 */ 8934 int at; 8935 struct mbuf *cookie; 8936 struct sctp_paramhdr parm, *phdr; 8937 struct sctp_chunkhdr *hdr; 8938 struct sctp_tmit_chunk *chk; 8939 uint16_t ptype, plen; 8940 8941 SCTP_TCB_LOCK_ASSERT(stcb); 8942 /* First find the cookie in the param area */ 8943 cookie = NULL; 8944 at = offset + sizeof(struct sctp_init_chunk); 8945 for (;;) { 8946 phdr = sctp_get_next_param(m, at, &parm, sizeof(parm)); 8947 if (phdr == NULL) { 8948 return (-3); 8949 } 8950 ptype = ntohs(phdr->param_type); 8951 plen = ntohs(phdr->param_length); 8952 if (ptype == SCTP_STATE_COOKIE) { 8953 int pad; 8954 8955 /* found the cookie */ 8956 if ((pad = (plen % 4))) { 8957 plen += 4 - pad; 8958 } 8959 cookie = SCTP_M_COPYM(m, at, plen, M_NOWAIT); 8960 if (cookie == NULL) { 8961 /* No memory */ 8962 return (-2); 8963 } 8964#ifdef SCTP_MBUF_LOGGING 8965 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 8966 sctp_log_mbc(cookie, SCTP_MBUF_ICOPY); 8967 } 8968#endif 8969 break; 8970 } 8971 at += SCTP_SIZE32(plen); 8972 } 8973 /* ok, we got the cookie lets change it into a cookie echo chunk */ 8974 /* first the change from param to cookie */ 8975 hdr = mtod(cookie, struct sctp_chunkhdr *); 8976 hdr->chunk_type = SCTP_COOKIE_ECHO; 8977 hdr->chunk_flags = 0; 8978 /* get the chunk stuff now and place it in the FRONT of the queue */ 8979 sctp_alloc_a_chunk(stcb, chk); 8980 if (chk == NULL) { 8981 /* no memory */ 8982 sctp_m_freem(cookie); 8983 return (-5); 8984 } 8985 chk->copy_by_ref = 0; 8986 chk->rec.chunk_id.id = SCTP_COOKIE_ECHO; 8987 chk->rec.chunk_id.can_take_data = 0; 8988 chk->flags = CHUNK_FLAGS_FRAGMENT_OK; 8989 chk->send_size = plen; 8990 chk->sent = SCTP_DATAGRAM_UNSENT; 8991 chk->snd_count = 0; 8992 chk->asoc = &stcb->asoc; 8993 chk->data = cookie; 8994 chk->whoTo = net; 8995 atomic_add_int(&chk->whoTo->ref_count, 1); 8996 TAILQ_INSERT_HEAD(&chk->asoc->control_send_queue, chk, sctp_next); 8997 chk->asoc->ctrl_queue_cnt++; 8998 return (0); 8999} 9000 9001void 9002sctp_send_heartbeat_ack(struct sctp_tcb *stcb, 9003 struct mbuf *m, 9004 int offset, 9005 int chk_length, 9006 struct sctp_nets *net) 9007{ 9008 /* 9009 * take a HB request and make it into a HB ack and send it. 9010 */ 9011 struct mbuf *outchain; 9012 struct sctp_chunkhdr *chdr; 9013 struct sctp_tmit_chunk *chk; 9014 9015 9016 if (net == NULL) 9017 /* must have a net pointer */ 9018 return; 9019 9020 outchain = SCTP_M_COPYM(m, offset, chk_length, M_NOWAIT); 9021 if (outchain == NULL) { 9022 /* gak out of memory */ 9023 return; 9024 } 9025#ifdef SCTP_MBUF_LOGGING 9026 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 9027 sctp_log_mbc(outchain, SCTP_MBUF_ICOPY); 9028 } 9029#endif 9030 chdr = mtod(outchain, struct sctp_chunkhdr *); 9031 chdr->chunk_type = SCTP_HEARTBEAT_ACK; 9032 chdr->chunk_flags = 0; 9033 if (chk_length % 4) { 9034 /* need pad */ 9035 uint32_t cpthis = 0; 9036 int padlen; 9037 9038 padlen = 4 - (chk_length % 4); 9039 m_copyback(outchain, chk_length, padlen, (caddr_t)&cpthis); 9040 } 9041 sctp_alloc_a_chunk(stcb, chk); 9042 if (chk == NULL) { 9043 /* no memory */ 9044 sctp_m_freem(outchain); 9045 return; 9046 } 9047 chk->copy_by_ref = 0; 9048 chk->rec.chunk_id.id = SCTP_HEARTBEAT_ACK; 9049 chk->rec.chunk_id.can_take_data = 1; 9050 chk->flags = 0; 9051 chk->send_size = chk_length; 9052 chk->sent = SCTP_DATAGRAM_UNSENT; 9053 chk->snd_count = 0; 9054 chk->asoc = &stcb->asoc; 9055 chk->data = outchain; 9056 chk->whoTo = net; 9057 atomic_add_int(&chk->whoTo->ref_count, 1); 9058 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 9059 chk->asoc->ctrl_queue_cnt++; 9060} 9061 9062void 9063sctp_send_cookie_ack(struct sctp_tcb *stcb) 9064{ 9065 /* formulate and queue a cookie-ack back to sender */ 9066 struct mbuf *cookie_ack; 9067 struct sctp_chunkhdr *hdr; 9068 struct sctp_tmit_chunk *chk; 9069 9070 SCTP_TCB_LOCK_ASSERT(stcb); 9071 9072 cookie_ack = sctp_get_mbuf_for_msg(sizeof(struct sctp_chunkhdr), 0, M_NOWAIT, 1, MT_HEADER); 9073 if (cookie_ack == NULL) { 9074 /* no mbuf's */ 9075 return; 9076 } 9077 SCTP_BUF_RESV_UF(cookie_ack, SCTP_MIN_OVERHEAD); 9078 sctp_alloc_a_chunk(stcb, chk); 9079 if (chk == NULL) { 9080 /* no memory */ 9081 sctp_m_freem(cookie_ack); 9082 return; 9083 } 9084 chk->copy_by_ref = 0; 9085 chk->rec.chunk_id.id = SCTP_COOKIE_ACK; 9086 chk->rec.chunk_id.can_take_data = 1; 9087 chk->flags = 0; 9088 chk->send_size = sizeof(struct sctp_chunkhdr); 9089 chk->sent = SCTP_DATAGRAM_UNSENT; 9090 chk->snd_count = 0; 9091 chk->asoc = &stcb->asoc; 9092 chk->data = cookie_ack; 9093 if (chk->asoc->last_control_chunk_from != NULL) { 9094 chk->whoTo = chk->asoc->last_control_chunk_from; 9095 atomic_add_int(&chk->whoTo->ref_count, 1); 9096 } else { 9097 chk->whoTo = NULL; 9098 } 9099 hdr = mtod(cookie_ack, struct sctp_chunkhdr *); 9100 hdr->chunk_type = SCTP_COOKIE_ACK; 9101 hdr->chunk_flags = 0; 9102 hdr->chunk_length = htons(chk->send_size); 9103 SCTP_BUF_LEN(cookie_ack) = chk->send_size; 9104 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 9105 chk->asoc->ctrl_queue_cnt++; 9106 return; 9107} 9108 9109 9110void 9111sctp_send_shutdown_ack(struct sctp_tcb *stcb, struct sctp_nets *net) 9112{ 9113 /* formulate and queue a SHUTDOWN-ACK back to the sender */ 9114 struct mbuf *m_shutdown_ack; 9115 struct sctp_shutdown_ack_chunk *ack_cp; 9116 struct sctp_tmit_chunk *chk; 9117 9118 m_shutdown_ack = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_ack_chunk), 0, M_NOWAIT, 1, MT_HEADER); 9119 if (m_shutdown_ack == NULL) { 9120 /* no mbuf's */ 9121 return; 9122 } 9123 SCTP_BUF_RESV_UF(m_shutdown_ack, SCTP_MIN_OVERHEAD); 9124 sctp_alloc_a_chunk(stcb, chk); 9125 if (chk == NULL) { 9126 /* no memory */ 9127 sctp_m_freem(m_shutdown_ack); 9128 return; 9129 } 9130 chk->copy_by_ref = 0; 9131 chk->rec.chunk_id.id = SCTP_SHUTDOWN_ACK; 9132 chk->rec.chunk_id.can_take_data = 1; 9133 chk->flags = 0; 9134 chk->send_size = sizeof(struct sctp_chunkhdr); 9135 chk->sent = SCTP_DATAGRAM_UNSENT; 9136 chk->snd_count = 0; 9137 chk->flags = 0; 9138 chk->asoc = &stcb->asoc; 9139 chk->data = m_shutdown_ack; 9140 chk->whoTo = net; 9141 if (chk->whoTo) { 9142 atomic_add_int(&chk->whoTo->ref_count, 1); 9143 } 9144 ack_cp = mtod(m_shutdown_ack, struct sctp_shutdown_ack_chunk *); 9145 ack_cp->ch.chunk_type = SCTP_SHUTDOWN_ACK; 9146 ack_cp->ch.chunk_flags = 0; 9147 ack_cp->ch.chunk_length = htons(chk->send_size); 9148 SCTP_BUF_LEN(m_shutdown_ack) = chk->send_size; 9149 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 9150 chk->asoc->ctrl_queue_cnt++; 9151 return; 9152} 9153 9154void 9155sctp_send_shutdown(struct sctp_tcb *stcb, struct sctp_nets *net) 9156{ 9157 /* formulate and queue a SHUTDOWN to the sender */ 9158 struct mbuf *m_shutdown; 9159 struct sctp_shutdown_chunk *shutdown_cp; 9160 struct sctp_tmit_chunk *chk; 9161 9162 m_shutdown = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_chunk), 0, M_NOWAIT, 1, MT_HEADER); 9163 if (m_shutdown == NULL) { 9164 /* no mbuf's */ 9165 return; 9166 } 9167 SCTP_BUF_RESV_UF(m_shutdown, SCTP_MIN_OVERHEAD); 9168 sctp_alloc_a_chunk(stcb, chk); 9169 if (chk == NULL) { 9170 /* no memory */ 9171 sctp_m_freem(m_shutdown); 9172 return; 9173 } 9174 chk->copy_by_ref = 0; 9175 chk->rec.chunk_id.id = SCTP_SHUTDOWN; 9176 chk->rec.chunk_id.can_take_data = 1; 9177 chk->flags = 0; 9178 chk->send_size = sizeof(struct sctp_shutdown_chunk); 9179 chk->sent = SCTP_DATAGRAM_UNSENT; 9180 chk->snd_count = 0; 9181 chk->flags = 0; 9182 chk->asoc = &stcb->asoc; 9183 chk->data = m_shutdown; 9184 chk->whoTo = net; 9185 if (chk->whoTo) { 9186 atomic_add_int(&chk->whoTo->ref_count, 1); 9187 } 9188 shutdown_cp = mtod(m_shutdown, struct sctp_shutdown_chunk *); 9189 shutdown_cp->ch.chunk_type = SCTP_SHUTDOWN; 9190 shutdown_cp->ch.chunk_flags = 0; 9191 shutdown_cp->ch.chunk_length = htons(chk->send_size); 9192 shutdown_cp->cumulative_tsn_ack = htonl(stcb->asoc.cumulative_tsn); 9193 SCTP_BUF_LEN(m_shutdown) = chk->send_size; 9194 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 9195 chk->asoc->ctrl_queue_cnt++; 9196 return; 9197} 9198 9199void 9200sctp_send_asconf(struct sctp_tcb *stcb, struct sctp_nets *net, int addr_locked) 9201{ 9202 /* 9203 * formulate and queue an ASCONF to the peer. ASCONF parameters 9204 * should be queued on the assoc queue. 9205 */ 9206 struct sctp_tmit_chunk *chk; 9207 struct mbuf *m_asconf; 9208 int len; 9209 9210 SCTP_TCB_LOCK_ASSERT(stcb); 9211 9212 if ((!TAILQ_EMPTY(&stcb->asoc.asconf_send_queue)) && 9213 (!sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS))) { 9214 /* can't send a new one if there is one in flight already */ 9215 return; 9216 } 9217 /* compose an ASCONF chunk, maximum length is PMTU */ 9218 m_asconf = sctp_compose_asconf(stcb, &len, addr_locked); 9219 if (m_asconf == NULL) { 9220 return; 9221 } 9222 sctp_alloc_a_chunk(stcb, chk); 9223 if (chk == NULL) { 9224 /* no memory */ 9225 sctp_m_freem(m_asconf); 9226 return; 9227 } 9228 chk->copy_by_ref = 0; 9229 chk->rec.chunk_id.id = SCTP_ASCONF; 9230 chk->rec.chunk_id.can_take_data = 0; 9231 chk->flags = CHUNK_FLAGS_FRAGMENT_OK; 9232 chk->data = m_asconf; 9233 chk->send_size = len; 9234 chk->sent = SCTP_DATAGRAM_UNSENT; 9235 chk->snd_count = 0; 9236 chk->asoc = &stcb->asoc; 9237 chk->whoTo = net; 9238 if (chk->whoTo) { 9239 atomic_add_int(&chk->whoTo->ref_count, 1); 9240 } 9241 TAILQ_INSERT_TAIL(&chk->asoc->asconf_send_queue, chk, sctp_next); 9242 chk->asoc->ctrl_queue_cnt++; 9243 return; 9244} 9245 9246void 9247sctp_send_asconf_ack(struct sctp_tcb *stcb) 9248{ 9249 /* 9250 * formulate and queue a asconf-ack back to sender. the asconf-ack 9251 * must be stored in the tcb. 9252 */ 9253 struct sctp_tmit_chunk *chk; 9254 struct sctp_asconf_ack *ack, *latest_ack; 9255 struct mbuf *m_ack; 9256 struct sctp_nets *net = NULL; 9257 9258 SCTP_TCB_LOCK_ASSERT(stcb); 9259 /* Get the latest ASCONF-ACK */ 9260 latest_ack = TAILQ_LAST(&stcb->asoc.asconf_ack_sent, sctp_asconf_ackhead); 9261 if (latest_ack == NULL) { 9262 return; 9263 } 9264 if (latest_ack->last_sent_to != NULL && 9265 latest_ack->last_sent_to == stcb->asoc.last_control_chunk_from) { 9266 /* we're doing a retransmission */ 9267 net = sctp_find_alternate_net(stcb, stcb->asoc.last_control_chunk_from, 0); 9268 if (net == NULL) { 9269 /* no alternate */ 9270 if (stcb->asoc.last_control_chunk_from == NULL) { 9271 if (stcb->asoc.alternate) { 9272 net = stcb->asoc.alternate; 9273 } else { 9274 net = stcb->asoc.primary_destination; 9275 } 9276 } else { 9277 net = stcb->asoc.last_control_chunk_from; 9278 } 9279 } 9280 } else { 9281 /* normal case */ 9282 if (stcb->asoc.last_control_chunk_from == NULL) { 9283 if (stcb->asoc.alternate) { 9284 net = stcb->asoc.alternate; 9285 } else { 9286 net = stcb->asoc.primary_destination; 9287 } 9288 } else { 9289 net = stcb->asoc.last_control_chunk_from; 9290 } 9291 } 9292 latest_ack->last_sent_to = net; 9293 9294 TAILQ_FOREACH(ack, &stcb->asoc.asconf_ack_sent, next) { 9295 if (ack->data == NULL) { 9296 continue; 9297 } 9298 /* copy the asconf_ack */ 9299 m_ack = SCTP_M_COPYM(ack->data, 0, M_COPYALL, M_NOWAIT); 9300 if (m_ack == NULL) { 9301 /* couldn't copy it */ 9302 return; 9303 } 9304#ifdef SCTP_MBUF_LOGGING 9305 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { 9306 sctp_log_mbc(m_ack, SCTP_MBUF_ICOPY); 9307 } 9308#endif 9309 9310 sctp_alloc_a_chunk(stcb, chk); 9311 if (chk == NULL) { 9312 /* no memory */ 9313 if (m_ack) 9314 sctp_m_freem(m_ack); 9315 return; 9316 } 9317 chk->copy_by_ref = 0; 9318 chk->rec.chunk_id.id = SCTP_ASCONF_ACK; 9319 chk->rec.chunk_id.can_take_data = 1; 9320 chk->flags = CHUNK_FLAGS_FRAGMENT_OK; 9321 chk->whoTo = net; 9322 if (chk->whoTo) { 9323 atomic_add_int(&chk->whoTo->ref_count, 1); 9324 } 9325 chk->data = m_ack; 9326 chk->send_size = ack->len; 9327 chk->sent = SCTP_DATAGRAM_UNSENT; 9328 chk->snd_count = 0; 9329 chk->asoc = &stcb->asoc; 9330 9331 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 9332 chk->asoc->ctrl_queue_cnt++; 9333 } 9334 return; 9335} 9336 9337 9338static int 9339sctp_chunk_retransmission(struct sctp_inpcb *inp, 9340 struct sctp_tcb *stcb, 9341 struct sctp_association *asoc, 9342 int *cnt_out, struct timeval *now, int *now_filled, int *fr_done, int so_locked 9343#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 9344 SCTP_UNUSED 9345#endif 9346) 9347{ 9348 /*- 9349 * send out one MTU of retransmission. If fast_retransmit is 9350 * happening we ignore the cwnd. Otherwise we obey the cwnd and 9351 * rwnd. For a Cookie or Asconf in the control chunk queue we 9352 * retransmit them by themselves. 9353 * 9354 * For data chunks we will pick out the lowest TSN's in the sent_queue 9355 * marked for resend and bundle them all together (up to a MTU of 9356 * destination). The address to send to should have been 9357 * selected/changed where the retransmission was marked (i.e. in FR 9358 * or t3-timeout routines). 9359 */ 9360 struct sctp_tmit_chunk *data_list[SCTP_MAX_DATA_BUNDLING]; 9361 struct sctp_tmit_chunk *chk, *fwd; 9362 struct mbuf *m, *endofchain; 9363 struct sctp_nets *net = NULL; 9364 uint32_t tsns_sent = 0; 9365 int no_fragmentflg, bundle_at, cnt_thru; 9366 unsigned int mtu; 9367 int error, i, one_chunk, fwd_tsn, ctl_cnt, tmr_started; 9368 struct sctp_auth_chunk *auth = NULL; 9369 uint32_t auth_offset = 0; 9370 uint16_t auth_keyid; 9371 int override_ok = 1; 9372 int data_auth_reqd = 0; 9373 uint32_t dmtu = 0; 9374 9375 SCTP_TCB_LOCK_ASSERT(stcb); 9376 tmr_started = ctl_cnt = bundle_at = error = 0; 9377 no_fragmentflg = 1; 9378 fwd_tsn = 0; 9379 *cnt_out = 0; 9380 fwd = NULL; 9381 endofchain = m = NULL; 9382 auth_keyid = stcb->asoc.authinfo.active_keyid; 9383#ifdef SCTP_AUDITING_ENABLED 9384 sctp_audit_log(0xC3, 1); 9385#endif 9386 if ((TAILQ_EMPTY(&asoc->sent_queue)) && 9387 (TAILQ_EMPTY(&asoc->control_send_queue))) { 9388 SCTPDBG(SCTP_DEBUG_OUTPUT1, "SCTP hits empty queue with cnt set to %d?\n", 9389 asoc->sent_queue_retran_cnt); 9390 asoc->sent_queue_cnt = 0; 9391 asoc->sent_queue_cnt_removeable = 0; 9392 /* send back 0/0 so we enter normal transmission */ 9393 *cnt_out = 0; 9394 return (0); 9395 } 9396 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 9397 if ((chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) || 9398 (chk->rec.chunk_id.id == SCTP_STREAM_RESET) || 9399 (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN)) { 9400 if (chk->sent != SCTP_DATAGRAM_RESEND) { 9401 continue; 9402 } 9403 if (chk->rec.chunk_id.id == SCTP_STREAM_RESET) { 9404 if (chk != asoc->str_reset) { 9405 /* 9406 * not eligible for retran if its 9407 * not ours 9408 */ 9409 continue; 9410 } 9411 } 9412 ctl_cnt++; 9413 if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) { 9414 fwd_tsn = 1; 9415 } 9416 /* 9417 * Add an AUTH chunk, if chunk requires it save the 9418 * offset into the chain for AUTH 9419 */ 9420 if ((auth == NULL) && 9421 (sctp_auth_is_required_chunk(chk->rec.chunk_id.id, 9422 stcb->asoc.peer_auth_chunks))) { 9423 m = sctp_add_auth_chunk(m, &endofchain, 9424 &auth, &auth_offset, 9425 stcb, 9426 chk->rec.chunk_id.id); 9427 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 9428 } 9429 m = sctp_copy_mbufchain(chk->data, m, &endofchain, 0, chk->send_size, chk->copy_by_ref); 9430 break; 9431 } 9432 } 9433 one_chunk = 0; 9434 cnt_thru = 0; 9435 /* do we have control chunks to retransmit? */ 9436 if (m != NULL) { 9437 /* Start a timer no matter if we suceed or fail */ 9438 if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) { 9439 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, chk->whoTo); 9440 } else if (chk->rec.chunk_id.id == SCTP_ASCONF) 9441 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, chk->whoTo); 9442 chk->snd_count++; /* update our count */ 9443 if ((error = sctp_lowlevel_chunk_output(inp, stcb, chk->whoTo, 9444 (struct sockaddr *)&chk->whoTo->ro._l_addr, m, 9445 auth_offset, auth, stcb->asoc.authinfo.active_keyid, 9446 no_fragmentflg, 0, 0, 9447 inp->sctp_lport, stcb->rport, htonl(stcb->asoc.peer_vtag), 9448 chk->whoTo->port, NULL, 9449 0, 0, 9450 so_locked))) { 9451 SCTP_STAT_INCR(sctps_lowlevelerr); 9452 return (error); 9453 } 9454 endofchain = NULL; 9455 auth = NULL; 9456 auth_offset = 0; 9457 /* 9458 * We don't want to mark the net->sent time here since this 9459 * we use this for HB and retrans cannot measure RTT 9460 */ 9461 /* (void)SCTP_GETTIME_TIMEVAL(&chk->whoTo->last_sent_time); */ 9462 *cnt_out += 1; 9463 chk->sent = SCTP_DATAGRAM_SENT; 9464 sctp_ucount_decr(stcb->asoc.sent_queue_retran_cnt); 9465 if (fwd_tsn == 0) { 9466 return (0); 9467 } else { 9468 /* Clean up the fwd-tsn list */ 9469 sctp_clean_up_ctl(stcb, asoc, so_locked); 9470 return (0); 9471 } 9472 } 9473 /* 9474 * Ok, it is just data retransmission we need to do or that and a 9475 * fwd-tsn with it all. 9476 */ 9477 if (TAILQ_EMPTY(&asoc->sent_queue)) { 9478 return (SCTP_RETRAN_DONE); 9479 } 9480 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) || 9481 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT)) { 9482 /* not yet open, resend the cookie and that is it */ 9483 return (1); 9484 } 9485#ifdef SCTP_AUDITING_ENABLED 9486 sctp_auditing(20, inp, stcb, NULL); 9487#endif 9488 data_auth_reqd = sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks); 9489 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 9490 if (chk->sent != SCTP_DATAGRAM_RESEND) { 9491 /* No, not sent to this net or not ready for rtx */ 9492 continue; 9493 } 9494 if (chk->data == NULL) { 9495 SCTP_PRINTF("TSN:%x chk->snd_count:%d chk->sent:%d can't retran - no data\n", 9496 chk->rec.data.TSN_seq, chk->snd_count, chk->sent); 9497 continue; 9498 } 9499 if ((SCTP_BASE_SYSCTL(sctp_max_retran_chunk)) && 9500 (chk->snd_count >= SCTP_BASE_SYSCTL(sctp_max_retran_chunk))) { 9501 struct mbuf *op_err; 9502 char msg[SCTP_DIAG_INFO_LEN]; 9503 9504 snprintf(msg, sizeof(msg), "TSN %8.8x retransmitted %d times, giving up", 9505 chk->rec.data.TSN_seq, chk->snd_count); 9506 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 9507 msg); 9508 atomic_add_int(&stcb->asoc.refcnt, 1); 9509 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, 9510 so_locked); 9511 SCTP_TCB_LOCK(stcb); 9512 atomic_subtract_int(&stcb->asoc.refcnt, 1); 9513 return (SCTP_RETRAN_EXIT); 9514 } 9515 /* pick up the net */ 9516 net = chk->whoTo; 9517 switch (net->ro._l_addr.sa.sa_family) { 9518#ifdef INET 9519 case AF_INET: 9520 mtu = net->mtu - SCTP_MIN_V4_OVERHEAD; 9521 break; 9522#endif 9523#ifdef INET6 9524 case AF_INET6: 9525 mtu = net->mtu - SCTP_MIN_OVERHEAD; 9526 break; 9527#endif 9528 default: 9529 /* TSNH */ 9530 mtu = net->mtu; 9531 break; 9532 } 9533 9534 if ((asoc->peers_rwnd < mtu) && (asoc->total_flight > 0)) { 9535 /* No room in peers rwnd */ 9536 uint32_t tsn; 9537 9538 tsn = asoc->last_acked_seq + 1; 9539 if (tsn == chk->rec.data.TSN_seq) { 9540 /* 9541 * we make a special exception for this 9542 * case. The peer has no rwnd but is missing 9543 * the lowest chunk.. which is probably what 9544 * is holding up the rwnd. 9545 */ 9546 goto one_chunk_around; 9547 } 9548 return (1); 9549 } 9550one_chunk_around: 9551 if (asoc->peers_rwnd < mtu) { 9552 one_chunk = 1; 9553 if ((asoc->peers_rwnd == 0) && 9554 (asoc->total_flight == 0)) { 9555 chk->window_probe = 1; 9556 chk->whoTo->window_probe = 1; 9557 } 9558 } 9559#ifdef SCTP_AUDITING_ENABLED 9560 sctp_audit_log(0xC3, 2); 9561#endif 9562 bundle_at = 0; 9563 m = NULL; 9564 net->fast_retran_ip = 0; 9565 if (chk->rec.data.doing_fast_retransmit == 0) { 9566 /* 9567 * if no FR in progress skip destination that have 9568 * flight_size > cwnd. 9569 */ 9570 if (net->flight_size >= net->cwnd) { 9571 continue; 9572 } 9573 } else { 9574 /* 9575 * Mark the destination net to have FR recovery 9576 * limits put on it. 9577 */ 9578 *fr_done = 1; 9579 net->fast_retran_ip = 1; 9580 } 9581 9582 /* 9583 * if no AUTH is yet included and this chunk requires it, 9584 * make sure to account for it. We don't apply the size 9585 * until the AUTH chunk is actually added below in case 9586 * there is no room for this chunk. 9587 */ 9588 if (data_auth_reqd && (auth == NULL)) { 9589 dmtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 9590 } else 9591 dmtu = 0; 9592 9593 if ((chk->send_size <= (mtu - dmtu)) || 9594 (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) { 9595 /* ok we will add this one */ 9596 if (data_auth_reqd) { 9597 if (auth == NULL) { 9598 m = sctp_add_auth_chunk(m, 9599 &endofchain, 9600 &auth, 9601 &auth_offset, 9602 stcb, 9603 SCTP_DATA); 9604 auth_keyid = chk->auth_keyid; 9605 override_ok = 0; 9606 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 9607 } else if (override_ok) { 9608 auth_keyid = chk->auth_keyid; 9609 override_ok = 0; 9610 } else if (chk->auth_keyid != auth_keyid) { 9611 /* different keyid, so done bundling */ 9612 break; 9613 } 9614 } 9615 m = sctp_copy_mbufchain(chk->data, m, &endofchain, 0, chk->send_size, chk->copy_by_ref); 9616 if (m == NULL) { 9617 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 9618 return (ENOMEM); 9619 } 9620 /* Do clear IP_DF ? */ 9621 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 9622 no_fragmentflg = 0; 9623 } 9624 /* upate our MTU size */ 9625 if (mtu > (chk->send_size + dmtu)) 9626 mtu -= (chk->send_size + dmtu); 9627 else 9628 mtu = 0; 9629 data_list[bundle_at++] = chk; 9630 if (one_chunk && (asoc->total_flight <= 0)) { 9631 SCTP_STAT_INCR(sctps_windowprobed); 9632 } 9633 } 9634 if (one_chunk == 0) { 9635 /* 9636 * now are there anymore forward from chk to pick 9637 * up? 9638 */ 9639 for (fwd = TAILQ_NEXT(chk, sctp_next); fwd != NULL; fwd = TAILQ_NEXT(fwd, sctp_next)) { 9640 if (fwd->sent != SCTP_DATAGRAM_RESEND) { 9641 /* Nope, not for retran */ 9642 continue; 9643 } 9644 if (fwd->whoTo != net) { 9645 /* Nope, not the net in question */ 9646 continue; 9647 } 9648 if (data_auth_reqd && (auth == NULL)) { 9649 dmtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 9650 } else 9651 dmtu = 0; 9652 if (fwd->send_size <= (mtu - dmtu)) { 9653 if (data_auth_reqd) { 9654 if (auth == NULL) { 9655 m = sctp_add_auth_chunk(m, 9656 &endofchain, 9657 &auth, 9658 &auth_offset, 9659 stcb, 9660 SCTP_DATA); 9661 auth_keyid = fwd->auth_keyid; 9662 override_ok = 0; 9663 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 9664 } else if (override_ok) { 9665 auth_keyid = fwd->auth_keyid; 9666 override_ok = 0; 9667 } else if (fwd->auth_keyid != auth_keyid) { 9668 /* 9669 * different keyid, 9670 * so done bundling 9671 */ 9672 break; 9673 } 9674 } 9675 m = sctp_copy_mbufchain(fwd->data, m, &endofchain, 0, fwd->send_size, fwd->copy_by_ref); 9676 if (m == NULL) { 9677 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 9678 return (ENOMEM); 9679 } 9680 /* Do clear IP_DF ? */ 9681 if (fwd->flags & CHUNK_FLAGS_FRAGMENT_OK) { 9682 no_fragmentflg = 0; 9683 } 9684 /* upate our MTU size */ 9685 if (mtu > (fwd->send_size + dmtu)) 9686 mtu -= (fwd->send_size + dmtu); 9687 else 9688 mtu = 0; 9689 data_list[bundle_at++] = fwd; 9690 if (bundle_at >= SCTP_MAX_DATA_BUNDLING) { 9691 break; 9692 } 9693 } else { 9694 /* can't fit so we are done */ 9695 break; 9696 } 9697 } 9698 } 9699 /* Is there something to send for this destination? */ 9700 if (m) { 9701 /* 9702 * No matter if we fail/or suceed we should start a 9703 * timer. A failure is like a lost IP packet :-) 9704 */ 9705 if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 9706 /* 9707 * no timer running on this destination 9708 * restart it. 9709 */ 9710 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 9711 tmr_started = 1; 9712 } 9713 /* Now lets send it, if there is anything to send :> */ 9714 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 9715 (struct sockaddr *)&net->ro._l_addr, m, 9716 auth_offset, auth, auth_keyid, 9717 no_fragmentflg, 0, 0, 9718 inp->sctp_lport, stcb->rport, htonl(stcb->asoc.peer_vtag), 9719 net->port, NULL, 9720 0, 0, 9721 so_locked))) { 9722 /* error, we could not output */ 9723 SCTP_STAT_INCR(sctps_lowlevelerr); 9724 return (error); 9725 } 9726 endofchain = NULL; 9727 auth = NULL; 9728 auth_offset = 0; 9729 /* For HB's */ 9730 /* 9731 * We don't want to mark the net->sent time here 9732 * since this we use this for HB and retrans cannot 9733 * measure RTT 9734 */ 9735 /* (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); */ 9736 9737 /* For auto-close */ 9738 cnt_thru++; 9739 if (*now_filled == 0) { 9740 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_last_sent); 9741 *now = asoc->time_last_sent; 9742 *now_filled = 1; 9743 } else { 9744 asoc->time_last_sent = *now; 9745 } 9746 *cnt_out += bundle_at; 9747#ifdef SCTP_AUDITING_ENABLED 9748 sctp_audit_log(0xC4, bundle_at); 9749#endif 9750 if (bundle_at) { 9751 tsns_sent = data_list[0]->rec.data.TSN_seq; 9752 } 9753 for (i = 0; i < bundle_at; i++) { 9754 SCTP_STAT_INCR(sctps_sendretransdata); 9755 data_list[i]->sent = SCTP_DATAGRAM_SENT; 9756 /* 9757 * When we have a revoked data, and we 9758 * retransmit it, then we clear the revoked 9759 * flag since this flag dictates if we 9760 * subtracted from the fs 9761 */ 9762 if (data_list[i]->rec.data.chunk_was_revoked) { 9763 /* Deflate the cwnd */ 9764 data_list[i]->whoTo->cwnd -= data_list[i]->book_size; 9765 data_list[i]->rec.data.chunk_was_revoked = 0; 9766 } 9767 data_list[i]->snd_count++; 9768 sctp_ucount_decr(asoc->sent_queue_retran_cnt); 9769 /* record the time */ 9770 data_list[i]->sent_rcv_time = asoc->time_last_sent; 9771 if (data_list[i]->book_size_scale) { 9772 /* 9773 * need to double the book size on 9774 * this one 9775 */ 9776 data_list[i]->book_size_scale = 0; 9777 /* 9778 * Since we double the booksize, we 9779 * must also double the output queue 9780 * size, since this get shrunk when 9781 * we free by this amount. 9782 */ 9783 atomic_add_int(&((asoc)->total_output_queue_size), data_list[i]->book_size); 9784 data_list[i]->book_size *= 2; 9785 9786 9787 } else { 9788 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) { 9789 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND, 9790 asoc->peers_rwnd, data_list[i]->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)); 9791 } 9792 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd, 9793 (uint32_t) (data_list[i]->send_size + 9794 SCTP_BASE_SYSCTL(sctp_peer_chunk_oh))); 9795 } 9796 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) { 9797 sctp_misc_ints(SCTP_FLIGHT_LOG_UP_RSND, 9798 data_list[i]->whoTo->flight_size, 9799 data_list[i]->book_size, 9800 (uintptr_t) data_list[i]->whoTo, 9801 data_list[i]->rec.data.TSN_seq); 9802 } 9803 sctp_flight_size_increase(data_list[i]); 9804 sctp_total_flight_increase(stcb, data_list[i]); 9805 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) { 9806 /* SWS sender side engages */ 9807 asoc->peers_rwnd = 0; 9808 } 9809 if ((i == 0) && 9810 (data_list[i]->rec.data.doing_fast_retransmit)) { 9811 SCTP_STAT_INCR(sctps_sendfastretrans); 9812 if ((data_list[i] == TAILQ_FIRST(&asoc->sent_queue)) && 9813 (tmr_started == 0)) { 9814 /*- 9815 * ok we just fast-retrans'd 9816 * the lowest TSN, i.e the 9817 * first on the list. In 9818 * this case we want to give 9819 * some more time to get a 9820 * SACK back without a 9821 * t3-expiring. 9822 */ 9823 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, inp, stcb, net, 9824 SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_2); 9825 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 9826 } 9827 } 9828 } 9829 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 9830 sctp_log_cwnd(stcb, net, tsns_sent, SCTP_CWND_LOG_FROM_RESEND); 9831 } 9832#ifdef SCTP_AUDITING_ENABLED 9833 sctp_auditing(21, inp, stcb, NULL); 9834#endif 9835 } else { 9836 /* None will fit */ 9837 return (1); 9838 } 9839 if (asoc->sent_queue_retran_cnt <= 0) { 9840 /* all done we have no more to retran */ 9841 asoc->sent_queue_retran_cnt = 0; 9842 break; 9843 } 9844 if (one_chunk) { 9845 /* No more room in rwnd */ 9846 return (1); 9847 } 9848 /* stop the for loop here. we sent out a packet */ 9849 break; 9850 } 9851 return (0); 9852} 9853 9854static void 9855sctp_timer_validation(struct sctp_inpcb *inp, 9856 struct sctp_tcb *stcb, 9857 struct sctp_association *asoc) 9858{ 9859 struct sctp_nets *net; 9860 9861 /* Validate that a timer is running somewhere */ 9862 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 9863 if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { 9864 /* Here is a timer */ 9865 return; 9866 } 9867 } 9868 SCTP_TCB_LOCK_ASSERT(stcb); 9869 /* Gak, we did not have a timer somewhere */ 9870 SCTPDBG(SCTP_DEBUG_OUTPUT3, "Deadlock avoided starting timer on a dest at retran\n"); 9871 if (asoc->alternate) { 9872 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, asoc->alternate); 9873 } else { 9874 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, asoc->primary_destination); 9875 } 9876 return; 9877} 9878 9879void 9880sctp_chunk_output(struct sctp_inpcb *inp, 9881 struct sctp_tcb *stcb, 9882 int from_where, 9883 int so_locked 9884#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 9885 SCTP_UNUSED 9886#endif 9887) 9888{ 9889 /*- 9890 * Ok this is the generic chunk service queue. we must do the 9891 * following: 9892 * - See if there are retransmits pending, if so we must 9893 * do these first. 9894 * - Service the stream queue that is next, moving any 9895 * message (note I must get a complete message i.e. 9896 * FIRST/MIDDLE and LAST to the out queue in one pass) and assigning 9897 * TSN's 9898 * - Check to see if the cwnd/rwnd allows any output, if so we 9899 * go ahead and fomulate and send the low level chunks. Making sure 9900 * to combine any control in the control chunk queue also. 9901 */ 9902 struct sctp_association *asoc; 9903 struct sctp_nets *net; 9904 int error = 0, num_out, tot_out = 0, ret = 0, reason_code; 9905 unsigned int burst_cnt = 0; 9906 struct timeval now; 9907 int now_filled = 0; 9908 int nagle_on; 9909 int frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 9910 int un_sent = 0; 9911 int fr_done; 9912 unsigned int tot_frs = 0; 9913 9914 asoc = &stcb->asoc; 9915do_it_again: 9916 /* The Nagle algorithm is only applied when handling a send call. */ 9917 if (from_where == SCTP_OUTPUT_FROM_USR_SEND) { 9918 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NODELAY)) { 9919 nagle_on = 0; 9920 } else { 9921 nagle_on = 1; 9922 } 9923 } else { 9924 nagle_on = 0; 9925 } 9926 SCTP_TCB_LOCK_ASSERT(stcb); 9927 9928 un_sent = (stcb->asoc.total_output_queue_size - stcb->asoc.total_flight); 9929 9930 if ((un_sent <= 0) && 9931 (TAILQ_EMPTY(&asoc->control_send_queue)) && 9932 (TAILQ_EMPTY(&asoc->asconf_send_queue)) && 9933 (asoc->sent_queue_retran_cnt == 0) && 9934 (asoc->trigger_reset == 0)) { 9935 /* Nothing to do unless there is something to be sent left */ 9936 return; 9937 } 9938 /* 9939 * Do we have something to send, data or control AND a sack timer 9940 * running, if so piggy-back the sack. 9941 */ 9942 if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) { 9943 sctp_send_sack(stcb, so_locked); 9944 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer); 9945 } 9946 while (asoc->sent_queue_retran_cnt) { 9947 /*- 9948 * Ok, it is retransmission time only, we send out only ONE 9949 * packet with a single call off to the retran code. 9950 */ 9951 if (from_where == SCTP_OUTPUT_FROM_COOKIE_ACK) { 9952 /*- 9953 * Special hook for handling cookiess discarded 9954 * by peer that carried data. Send cookie-ack only 9955 * and then the next call with get the retran's. 9956 */ 9957 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, 9958 from_where, 9959 &now, &now_filled, frag_point, so_locked); 9960 return; 9961 } else if (from_where != SCTP_OUTPUT_FROM_HB_TMR) { 9962 /* if its not from a HB then do it */ 9963 fr_done = 0; 9964 ret = sctp_chunk_retransmission(inp, stcb, asoc, &num_out, &now, &now_filled, &fr_done, so_locked); 9965 if (fr_done) { 9966 tot_frs++; 9967 } 9968 } else { 9969 /* 9970 * its from any other place, we don't allow retran 9971 * output (only control) 9972 */ 9973 ret = 1; 9974 } 9975 if (ret > 0) { 9976 /* Can't send anymore */ 9977 /*- 9978 * now lets push out control by calling med-level 9979 * output once. this assures that we WILL send HB's 9980 * if queued too. 9981 */ 9982 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, 9983 from_where, 9984 &now, &now_filled, frag_point, so_locked); 9985#ifdef SCTP_AUDITING_ENABLED 9986 sctp_auditing(8, inp, stcb, NULL); 9987#endif 9988 sctp_timer_validation(inp, stcb, asoc); 9989 return; 9990 } 9991 if (ret < 0) { 9992 /*- 9993 * The count was off.. retran is not happening so do 9994 * the normal retransmission. 9995 */ 9996#ifdef SCTP_AUDITING_ENABLED 9997 sctp_auditing(9, inp, stcb, NULL); 9998#endif 9999 if (ret == SCTP_RETRAN_EXIT) { 10000 return; 10001 } 10002 break; 10003 } 10004 if (from_where == SCTP_OUTPUT_FROM_T3) { 10005 /* Only one transmission allowed out of a timeout */ 10006#ifdef SCTP_AUDITING_ENABLED 10007 sctp_auditing(10, inp, stcb, NULL); 10008#endif 10009 /* Push out any control */ 10010 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, from_where, 10011 &now, &now_filled, frag_point, so_locked); 10012 return; 10013 } 10014 if ((asoc->fr_max_burst > 0) && (tot_frs >= asoc->fr_max_burst)) { 10015 /* Hit FR burst limit */ 10016 return; 10017 } 10018 if ((num_out == 0) && (ret == 0)) { 10019 /* No more retrans to send */ 10020 break; 10021 } 10022 } 10023#ifdef SCTP_AUDITING_ENABLED 10024 sctp_auditing(12, inp, stcb, NULL); 10025#endif 10026 /* Check for bad destinations, if they exist move chunks around. */ 10027 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 10028 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) { 10029 /*- 10030 * if possible move things off of this address we 10031 * still may send below due to the dormant state but 10032 * we try to find an alternate address to send to 10033 * and if we have one we move all queued data on the 10034 * out wheel to this alternate address. 10035 */ 10036 if (net->ref_count > 1) 10037 sctp_move_chunks_from_net(stcb, net); 10038 } else { 10039 /*- 10040 * if ((asoc->sat_network) || (net->addr_is_local)) 10041 * { burst_limit = asoc->max_burst * 10042 * SCTP_SAT_NETWORK_BURST_INCR; } 10043 */ 10044 if (asoc->max_burst > 0) { 10045 if (SCTP_BASE_SYSCTL(sctp_use_cwnd_based_maxburst)) { 10046 if ((net->flight_size + (asoc->max_burst * net->mtu)) < net->cwnd) { 10047 /* 10048 * JRS - Use the congestion 10049 * control given in the 10050 * congestion control module 10051 */ 10052 asoc->cc_functions.sctp_cwnd_update_after_output(stcb, net, asoc->max_burst); 10053 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) { 10054 sctp_log_maxburst(stcb, net, 0, asoc->max_burst, SCTP_MAX_BURST_APPLIED); 10055 } 10056 SCTP_STAT_INCR(sctps_maxburstqueued); 10057 } 10058 net->fast_retran_ip = 0; 10059 } else { 10060 if (net->flight_size == 0) { 10061 /* 10062 * Should be decaying the 10063 * cwnd here 10064 */ 10065 ; 10066 } 10067 } 10068 } 10069 } 10070 10071 } 10072 burst_cnt = 0; 10073 do { 10074 error = sctp_med_chunk_output(inp, stcb, asoc, &num_out, 10075 &reason_code, 0, from_where, 10076 &now, &now_filled, frag_point, so_locked); 10077 if (error) { 10078 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Error %d was returned from med-c-op\n", error); 10079 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) { 10080 sctp_log_maxburst(stcb, asoc->primary_destination, error, burst_cnt, SCTP_MAX_BURST_ERROR_STOP); 10081 } 10082 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 10083 sctp_log_cwnd(stcb, NULL, error, SCTP_SEND_NOW_COMPLETES); 10084 sctp_log_cwnd(stcb, NULL, 0xdeadbeef, SCTP_SEND_NOW_COMPLETES); 10085 } 10086 break; 10087 } 10088 SCTPDBG(SCTP_DEBUG_OUTPUT3, "m-c-o put out %d\n", num_out); 10089 10090 tot_out += num_out; 10091 burst_cnt++; 10092 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 10093 sctp_log_cwnd(stcb, NULL, num_out, SCTP_SEND_NOW_COMPLETES); 10094 if (num_out == 0) { 10095 sctp_log_cwnd(stcb, NULL, reason_code, SCTP_SEND_NOW_COMPLETES); 10096 } 10097 } 10098 if (nagle_on) { 10099 /* 10100 * When the Nagle algorithm is used, look at how 10101 * much is unsent, then if its smaller than an MTU 10102 * and we have data in flight we stop, except if we 10103 * are handling a fragmented user message. 10104 */ 10105 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 10106 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 10107 if ((un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD)) && 10108 (stcb->asoc.total_flight > 0) && 10109 ((stcb->asoc.locked_on_sending == NULL) || 10110 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR))) { 10111 break; 10112 } 10113 } 10114 if (TAILQ_EMPTY(&asoc->control_send_queue) && 10115 TAILQ_EMPTY(&asoc->send_queue) && 10116 stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc)) { 10117 /* Nothing left to send */ 10118 break; 10119 } 10120 if ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) <= 0) { 10121 /* Nothing left to send */ 10122 break; 10123 } 10124 } while (num_out && 10125 ((asoc->max_burst == 0) || 10126 SCTP_BASE_SYSCTL(sctp_use_cwnd_based_maxburst) || 10127 (burst_cnt < asoc->max_burst))); 10128 10129 if (SCTP_BASE_SYSCTL(sctp_use_cwnd_based_maxburst) == 0) { 10130 if ((asoc->max_burst > 0) && (burst_cnt >= asoc->max_burst)) { 10131 SCTP_STAT_INCR(sctps_maxburstqueued); 10132 asoc->burst_limit_applied = 1; 10133 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) { 10134 sctp_log_maxburst(stcb, asoc->primary_destination, 0, burst_cnt, SCTP_MAX_BURST_APPLIED); 10135 } 10136 } else { 10137 asoc->burst_limit_applied = 0; 10138 } 10139 } 10140 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) { 10141 sctp_log_cwnd(stcb, NULL, tot_out, SCTP_SEND_NOW_COMPLETES); 10142 } 10143 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Ok, we have put out %d chunks\n", 10144 tot_out); 10145 10146 /*- 10147 * Now we need to clean up the control chunk chain if a ECNE is on 10148 * it. It must be marked as UNSENT again so next call will continue 10149 * to send it until such time that we get a CWR, to remove it. 10150 */ 10151 if (stcb->asoc.ecn_echo_cnt_onq) 10152 sctp_fix_ecn_echo(asoc); 10153 10154 if (stcb->asoc.trigger_reset) { 10155 if (sctp_send_stream_reset_out_if_possible(stcb, so_locked) == 0) { 10156 goto do_it_again; 10157 } 10158 } 10159 return; 10160} 10161 10162 10163int 10164sctp_output( 10165 struct sctp_inpcb *inp, 10166 struct mbuf *m, 10167 struct sockaddr *addr, 10168 struct mbuf *control, 10169 struct thread *p, 10170 int flags) 10171{ 10172 if (inp == NULL) { 10173 SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 10174 return (EINVAL); 10175 } 10176 if (inp->sctp_socket == NULL) { 10177 SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 10178 return (EINVAL); 10179 } 10180 return (sctp_sosend(inp->sctp_socket, 10181 addr, 10182 (struct uio *)NULL, 10183 m, 10184 control, 10185 flags, p 10186 )); 10187} 10188 10189void 10190send_forward_tsn(struct sctp_tcb *stcb, 10191 struct sctp_association *asoc) 10192{ 10193 struct sctp_tmit_chunk *chk; 10194 struct sctp_forward_tsn_chunk *fwdtsn; 10195 uint32_t advance_peer_ack_point; 10196 10197 SCTP_TCB_LOCK_ASSERT(stcb); 10198 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 10199 if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) { 10200 /* mark it to unsent */ 10201 chk->sent = SCTP_DATAGRAM_UNSENT; 10202 chk->snd_count = 0; 10203 /* Do we correct its output location? */ 10204 if (chk->whoTo) { 10205 sctp_free_remote_addr(chk->whoTo); 10206 chk->whoTo = NULL; 10207 } 10208 goto sctp_fill_in_rest; 10209 } 10210 } 10211 /* Ok if we reach here we must build one */ 10212 sctp_alloc_a_chunk(stcb, chk); 10213 if (chk == NULL) { 10214 return; 10215 } 10216 asoc->fwd_tsn_cnt++; 10217 chk->copy_by_ref = 0; 10218 chk->rec.chunk_id.id = SCTP_FORWARD_CUM_TSN; 10219 chk->rec.chunk_id.can_take_data = 0; 10220 chk->flags = 0; 10221 chk->asoc = asoc; 10222 chk->whoTo = NULL; 10223 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 10224 if (chk->data == NULL) { 10225 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 10226 return; 10227 } 10228 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 10229 chk->sent = SCTP_DATAGRAM_UNSENT; 10230 chk->snd_count = 0; 10231 TAILQ_INSERT_TAIL(&asoc->control_send_queue, chk, sctp_next); 10232 asoc->ctrl_queue_cnt++; 10233sctp_fill_in_rest: 10234 /*- 10235 * Here we go through and fill out the part that deals with 10236 * stream/seq of the ones we skip. 10237 */ 10238 SCTP_BUF_LEN(chk->data) = 0; 10239 { 10240 struct sctp_tmit_chunk *at, *tp1, *last; 10241 struct sctp_strseq *strseq; 10242 unsigned int cnt_of_space, i, ovh; 10243 unsigned int space_needed; 10244 unsigned int cnt_of_skipped = 0; 10245 10246 TAILQ_FOREACH(at, &asoc->sent_queue, sctp_next) { 10247 if ((at->sent != SCTP_FORWARD_TSN_SKIP) && 10248 (at->sent != SCTP_DATAGRAM_NR_ACKED)) { 10249 /* no more to look at */ 10250 break; 10251 } 10252 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 10253 /* We don't report these */ 10254 continue; 10255 } 10256 cnt_of_skipped++; 10257 } 10258 space_needed = (sizeof(struct sctp_forward_tsn_chunk) + 10259 (cnt_of_skipped * sizeof(struct sctp_strseq))); 10260 10261 cnt_of_space = M_TRAILINGSPACE(chk->data); 10262 10263 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 10264 ovh = SCTP_MIN_OVERHEAD; 10265 } else { 10266 ovh = SCTP_MIN_V4_OVERHEAD; 10267 } 10268 if (cnt_of_space > (asoc->smallest_mtu - ovh)) { 10269 /* trim to a mtu size */ 10270 cnt_of_space = asoc->smallest_mtu - ovh; 10271 } 10272 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 10273 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 10274 0xff, 0, cnt_of_skipped, 10275 asoc->advanced_peer_ack_point); 10276 10277 } 10278 advance_peer_ack_point = asoc->advanced_peer_ack_point; 10279 if (cnt_of_space < space_needed) { 10280 /*- 10281 * ok we must trim down the chunk by lowering the 10282 * advance peer ack point. 10283 */ 10284 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 10285 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 10286 0xff, 0xff, cnt_of_space, 10287 space_needed); 10288 } 10289 cnt_of_skipped = cnt_of_space - sizeof(struct sctp_forward_tsn_chunk); 10290 cnt_of_skipped /= sizeof(struct sctp_strseq); 10291 /*- 10292 * Go through and find the TSN that will be the one 10293 * we report. 10294 */ 10295 at = TAILQ_FIRST(&asoc->sent_queue); 10296 if (at != NULL) { 10297 for (i = 0; i < cnt_of_skipped; i++) { 10298 tp1 = TAILQ_NEXT(at, sctp_next); 10299 if (tp1 == NULL) { 10300 break; 10301 } 10302 at = tp1; 10303 } 10304 } 10305 if (at && SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) { 10306 sctp_misc_ints(SCTP_FWD_TSN_CHECK, 10307 0xff, cnt_of_skipped, at->rec.data.TSN_seq, 10308 asoc->advanced_peer_ack_point); 10309 } 10310 last = at; 10311 /*- 10312 * last now points to last one I can report, update 10313 * peer ack point 10314 */ 10315 if (last) 10316 advance_peer_ack_point = last->rec.data.TSN_seq; 10317 space_needed = sizeof(struct sctp_forward_tsn_chunk) + 10318 cnt_of_skipped * sizeof(struct sctp_strseq); 10319 } 10320 chk->send_size = space_needed; 10321 /* Setup the chunk */ 10322 fwdtsn = mtod(chk->data, struct sctp_forward_tsn_chunk *); 10323 fwdtsn->ch.chunk_length = htons(chk->send_size); 10324 fwdtsn->ch.chunk_flags = 0; 10325 fwdtsn->ch.chunk_type = SCTP_FORWARD_CUM_TSN; 10326 fwdtsn->new_cumulative_tsn = htonl(advance_peer_ack_point); 10327 SCTP_BUF_LEN(chk->data) = chk->send_size; 10328 fwdtsn++; 10329 /*- 10330 * Move pointer to after the fwdtsn and transfer to the 10331 * strseq pointer. 10332 */ 10333 strseq = (struct sctp_strseq *)fwdtsn; 10334 /*- 10335 * Now populate the strseq list. This is done blindly 10336 * without pulling out duplicate stream info. This is 10337 * inefficent but won't harm the process since the peer will 10338 * look at these in sequence and will thus release anything. 10339 * It could mean we exceed the PMTU and chop off some that 10340 * we could have included.. but this is unlikely (aka 1432/4 10341 * would mean 300+ stream seq's would have to be reported in 10342 * one FWD-TSN. With a bit of work we can later FIX this to 10343 * optimize and pull out duplcates.. but it does add more 10344 * overhead. So for now... not! 10345 */ 10346 at = TAILQ_FIRST(&asoc->sent_queue); 10347 for (i = 0; i < cnt_of_skipped; i++) { 10348 tp1 = TAILQ_NEXT(at, sctp_next); 10349 if (tp1 == NULL) 10350 break; 10351 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 10352 /* We don't report these */ 10353 i--; 10354 at = tp1; 10355 continue; 10356 } 10357 if (at->rec.data.TSN_seq == advance_peer_ack_point) { 10358 at->rec.data.fwd_tsn_cnt = 0; 10359 } 10360 strseq->stream = ntohs(at->rec.data.stream_number); 10361 strseq->sequence = ntohs(at->rec.data.stream_seq); 10362 strseq++; 10363 at = tp1; 10364 } 10365 } 10366 return; 10367} 10368 10369void 10370sctp_send_sack(struct sctp_tcb *stcb, int so_locked 10371#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 10372 SCTP_UNUSED 10373#endif 10374) 10375{ 10376 /*- 10377 * Queue up a SACK or NR-SACK in the control queue. 10378 * We must first check to see if a SACK or NR-SACK is 10379 * somehow on the control queue. 10380 * If so, we will take and and remove the old one. 10381 */ 10382 struct sctp_association *asoc; 10383 struct sctp_tmit_chunk *chk, *a_chk; 10384 struct sctp_sack_chunk *sack; 10385 struct sctp_nr_sack_chunk *nr_sack; 10386 struct sctp_gap_ack_block *gap_descriptor; 10387 struct sack_track *selector; 10388 int mergeable = 0; 10389 int offset; 10390 caddr_t limit; 10391 uint32_t *dup; 10392 int limit_reached = 0; 10393 unsigned int i, siz, j; 10394 unsigned int num_gap_blocks = 0, num_nr_gap_blocks = 0, space; 10395 int num_dups = 0; 10396 int space_req; 10397 uint32_t highest_tsn; 10398 uint8_t flags; 10399 uint8_t type; 10400 uint8_t tsn_map; 10401 10402 if (stcb->asoc.nrsack_supported == 1) { 10403 type = SCTP_NR_SELECTIVE_ACK; 10404 } else { 10405 type = SCTP_SELECTIVE_ACK; 10406 } 10407 a_chk = NULL; 10408 asoc = &stcb->asoc; 10409 SCTP_TCB_LOCK_ASSERT(stcb); 10410 if (asoc->last_data_chunk_from == NULL) { 10411 /* Hmm we never received anything */ 10412 return; 10413 } 10414 sctp_slide_mapping_arrays(stcb); 10415 sctp_set_rwnd(stcb, asoc); 10416 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 10417 if (chk->rec.chunk_id.id == type) { 10418 /* Hmm, found a sack already on queue, remove it */ 10419 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 10420 asoc->ctrl_queue_cnt--; 10421 a_chk = chk; 10422 if (a_chk->data) { 10423 sctp_m_freem(a_chk->data); 10424 a_chk->data = NULL; 10425 } 10426 if (a_chk->whoTo) { 10427 sctp_free_remote_addr(a_chk->whoTo); 10428 a_chk->whoTo = NULL; 10429 } 10430 break; 10431 } 10432 } 10433 if (a_chk == NULL) { 10434 sctp_alloc_a_chunk(stcb, a_chk); 10435 if (a_chk == NULL) { 10436 /* No memory so we drop the idea, and set a timer */ 10437 if (stcb->asoc.delayed_ack) { 10438 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 10439 stcb->sctp_ep, stcb, NULL, 10440 SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_3); 10441 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 10442 stcb->sctp_ep, stcb, NULL); 10443 } else { 10444 stcb->asoc.send_sack = 1; 10445 } 10446 return; 10447 } 10448 a_chk->copy_by_ref = 0; 10449 a_chk->rec.chunk_id.id = type; 10450 a_chk->rec.chunk_id.can_take_data = 1; 10451 } 10452 /* Clear our pkt counts */ 10453 asoc->data_pkts_seen = 0; 10454 10455 a_chk->flags = 0; 10456 a_chk->asoc = asoc; 10457 a_chk->snd_count = 0; 10458 a_chk->send_size = 0; /* fill in later */ 10459 a_chk->sent = SCTP_DATAGRAM_UNSENT; 10460 a_chk->whoTo = NULL; 10461 10462 if (!(asoc->last_data_chunk_from->dest_state & SCTP_ADDR_REACHABLE)) { 10463 /*- 10464 * Ok, the destination for the SACK is unreachable, lets see if 10465 * we can select an alternate to asoc->last_data_chunk_from 10466 */ 10467 a_chk->whoTo = sctp_find_alternate_net(stcb, asoc->last_data_chunk_from, 0); 10468 if (a_chk->whoTo == NULL) { 10469 /* Nope, no alternate */ 10470 a_chk->whoTo = asoc->last_data_chunk_from; 10471 } 10472 } else { 10473 a_chk->whoTo = asoc->last_data_chunk_from; 10474 } 10475 if (a_chk->whoTo) { 10476 atomic_add_int(&a_chk->whoTo->ref_count, 1); 10477 } 10478 if (SCTP_TSN_GT(asoc->highest_tsn_inside_map, asoc->highest_tsn_inside_nr_map)) { 10479 highest_tsn = asoc->highest_tsn_inside_map; 10480 } else { 10481 highest_tsn = asoc->highest_tsn_inside_nr_map; 10482 } 10483 if (highest_tsn == asoc->cumulative_tsn) { 10484 /* no gaps */ 10485 if (type == SCTP_SELECTIVE_ACK) { 10486 space_req = sizeof(struct sctp_sack_chunk); 10487 } else { 10488 space_req = sizeof(struct sctp_nr_sack_chunk); 10489 } 10490 } else { 10491 /* gaps get a cluster */ 10492 space_req = MCLBYTES; 10493 } 10494 /* Ok now lets formulate a MBUF with our sack */ 10495 a_chk->data = sctp_get_mbuf_for_msg(space_req, 0, M_NOWAIT, 1, MT_DATA); 10496 if ((a_chk->data == NULL) || 10497 (a_chk->whoTo == NULL)) { 10498 /* rats, no mbuf memory */ 10499 if (a_chk->data) { 10500 /* was a problem with the destination */ 10501 sctp_m_freem(a_chk->data); 10502 a_chk->data = NULL; 10503 } 10504 sctp_free_a_chunk(stcb, a_chk, so_locked); 10505 /* sa_ignore NO_NULL_CHK */ 10506 if (stcb->asoc.delayed_ack) { 10507 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 10508 stcb->sctp_ep, stcb, NULL, 10509 SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_4); 10510 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 10511 stcb->sctp_ep, stcb, NULL); 10512 } else { 10513 stcb->asoc.send_sack = 1; 10514 } 10515 return; 10516 } 10517 /* ok, lets go through and fill it in */ 10518 SCTP_BUF_RESV_UF(a_chk->data, SCTP_MIN_OVERHEAD); 10519 space = M_TRAILINGSPACE(a_chk->data); 10520 if (space > (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD)) { 10521 space = (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD); 10522 } 10523 limit = mtod(a_chk->data, caddr_t); 10524 limit += space; 10525 10526 flags = 0; 10527 10528 if ((asoc->sctp_cmt_on_off > 0) && 10529 SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) { 10530 /*- 10531 * CMT DAC algorithm: If 2 (i.e., 0x10) packets have been 10532 * received, then set high bit to 1, else 0. Reset 10533 * pkts_rcvd. 10534 */ 10535 flags |= (asoc->cmt_dac_pkts_rcvd << 6); 10536 asoc->cmt_dac_pkts_rcvd = 0; 10537 } 10538#ifdef SCTP_ASOCLOG_OF_TSNS 10539 stcb->asoc.cumack_logsnt[stcb->asoc.cumack_log_atsnt] = asoc->cumulative_tsn; 10540 stcb->asoc.cumack_log_atsnt++; 10541 if (stcb->asoc.cumack_log_atsnt >= SCTP_TSN_LOG_SIZE) { 10542 stcb->asoc.cumack_log_atsnt = 0; 10543 } 10544#endif 10545 /* reset the readers interpretation */ 10546 stcb->freed_by_sorcv_sincelast = 0; 10547 10548 if (type == SCTP_SELECTIVE_ACK) { 10549 sack = mtod(a_chk->data, struct sctp_sack_chunk *); 10550 nr_sack = NULL; 10551 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)sack + sizeof(struct sctp_sack_chunk)); 10552 if (highest_tsn > asoc->mapping_array_base_tsn) { 10553 siz = (((highest_tsn - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 10554 } else { 10555 siz = (((MAX_TSN - highest_tsn) + 1) + highest_tsn + 7) / 8; 10556 } 10557 } else { 10558 sack = NULL; 10559 nr_sack = mtod(a_chk->data, struct sctp_nr_sack_chunk *); 10560 gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)nr_sack + sizeof(struct sctp_nr_sack_chunk)); 10561 if (asoc->highest_tsn_inside_map > asoc->mapping_array_base_tsn) { 10562 siz = (((asoc->highest_tsn_inside_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 10563 } else { 10564 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_map + 7) / 8; 10565 } 10566 } 10567 10568 if (SCTP_TSN_GT(asoc->mapping_array_base_tsn, asoc->cumulative_tsn)) { 10569 offset = 1; 10570 } else { 10571 offset = asoc->mapping_array_base_tsn - asoc->cumulative_tsn; 10572 } 10573 if (((type == SCTP_SELECTIVE_ACK) && 10574 SCTP_TSN_GT(highest_tsn, asoc->cumulative_tsn)) || 10575 ((type == SCTP_NR_SELECTIVE_ACK) && 10576 SCTP_TSN_GT(asoc->highest_tsn_inside_map, asoc->cumulative_tsn))) { 10577 /* we have a gap .. maybe */ 10578 for (i = 0; i < siz; i++) { 10579 tsn_map = asoc->mapping_array[i]; 10580 if (type == SCTP_SELECTIVE_ACK) { 10581 tsn_map |= asoc->nr_mapping_array[i]; 10582 } 10583 if (i == 0) { 10584 /* 10585 * Clear all bits corresponding to TSNs 10586 * smaller or equal to the cumulative TSN. 10587 */ 10588 tsn_map &= (~0 << (1 - offset)); 10589 } 10590 selector = &sack_array[tsn_map]; 10591 if (mergeable && selector->right_edge) { 10592 /* 10593 * Backup, left and right edges were ok to 10594 * merge. 10595 */ 10596 num_gap_blocks--; 10597 gap_descriptor--; 10598 } 10599 if (selector->num_entries == 0) 10600 mergeable = 0; 10601 else { 10602 for (j = 0; j < selector->num_entries; j++) { 10603 if (mergeable && selector->right_edge) { 10604 /* 10605 * do a merge by NOT setting 10606 * the left side 10607 */ 10608 mergeable = 0; 10609 } else { 10610 /* 10611 * no merge, set the left 10612 * side 10613 */ 10614 mergeable = 0; 10615 gap_descriptor->start = htons((selector->gaps[j].start + offset)); 10616 } 10617 gap_descriptor->end = htons((selector->gaps[j].end + offset)); 10618 num_gap_blocks++; 10619 gap_descriptor++; 10620 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) { 10621 /* no more room */ 10622 limit_reached = 1; 10623 break; 10624 } 10625 } 10626 if (selector->left_edge) { 10627 mergeable = 1; 10628 } 10629 } 10630 if (limit_reached) { 10631 /* Reached the limit stop */ 10632 break; 10633 } 10634 offset += 8; 10635 } 10636 } 10637 if ((type == SCTP_NR_SELECTIVE_ACK) && 10638 (limit_reached == 0)) { 10639 10640 mergeable = 0; 10641 10642 if (asoc->highest_tsn_inside_nr_map > asoc->mapping_array_base_tsn) { 10643 siz = (((asoc->highest_tsn_inside_nr_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8; 10644 } else { 10645 siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_nr_map + 7) / 8; 10646 } 10647 10648 if (SCTP_TSN_GT(asoc->mapping_array_base_tsn, asoc->cumulative_tsn)) { 10649 offset = 1; 10650 } else { 10651 offset = asoc->mapping_array_base_tsn - asoc->cumulative_tsn; 10652 } 10653 if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->cumulative_tsn)) { 10654 /* we have a gap .. maybe */ 10655 for (i = 0; i < siz; i++) { 10656 tsn_map = asoc->nr_mapping_array[i]; 10657 if (i == 0) { 10658 /* 10659 * Clear all bits corresponding to 10660 * TSNs smaller or equal to the 10661 * cumulative TSN. 10662 */ 10663 tsn_map &= (~0 << (1 - offset)); 10664 } 10665 selector = &sack_array[tsn_map]; 10666 if (mergeable && selector->right_edge) { 10667 /* 10668 * Backup, left and right edges were 10669 * ok to merge. 10670 */ 10671 num_nr_gap_blocks--; 10672 gap_descriptor--; 10673 } 10674 if (selector->num_entries == 0) 10675 mergeable = 0; 10676 else { 10677 for (j = 0; j < selector->num_entries; j++) { 10678 if (mergeable && selector->right_edge) { 10679 /* 10680 * do a merge by NOT 10681 * setting the left 10682 * side 10683 */ 10684 mergeable = 0; 10685 } else { 10686 /* 10687 * no merge, set the 10688 * left side 10689 */ 10690 mergeable = 0; 10691 gap_descriptor->start = htons((selector->gaps[j].start + offset)); 10692 } 10693 gap_descriptor->end = htons((selector->gaps[j].end + offset)); 10694 num_nr_gap_blocks++; 10695 gap_descriptor++; 10696 if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) { 10697 /* no more room */ 10698 limit_reached = 1; 10699 break; 10700 } 10701 } 10702 if (selector->left_edge) { 10703 mergeable = 1; 10704 } 10705 } 10706 if (limit_reached) { 10707 /* Reached the limit stop */ 10708 break; 10709 } 10710 offset += 8; 10711 } 10712 } 10713 } 10714 /* now we must add any dups we are going to report. */ 10715 if ((limit_reached == 0) && (asoc->numduptsns)) { 10716 dup = (uint32_t *) gap_descriptor; 10717 for (i = 0; i < asoc->numduptsns; i++) { 10718 *dup = htonl(asoc->dup_tsns[i]); 10719 dup++; 10720 num_dups++; 10721 if (((caddr_t)dup + sizeof(uint32_t)) > limit) { 10722 /* no more room */ 10723 break; 10724 } 10725 } 10726 asoc->numduptsns = 0; 10727 } 10728 /* 10729 * now that the chunk is prepared queue it to the control chunk 10730 * queue. 10731 */ 10732 if (type == SCTP_SELECTIVE_ACK) { 10733 a_chk->send_size = sizeof(struct sctp_sack_chunk) + 10734 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) + 10735 num_dups * sizeof(int32_t); 10736 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size; 10737 sack->sack.cum_tsn_ack = htonl(asoc->cumulative_tsn); 10738 sack->sack.a_rwnd = htonl(asoc->my_rwnd); 10739 sack->sack.num_gap_ack_blks = htons(num_gap_blocks); 10740 sack->sack.num_dup_tsns = htons(num_dups); 10741 sack->ch.chunk_type = type; 10742 sack->ch.chunk_flags = flags; 10743 sack->ch.chunk_length = htons(a_chk->send_size); 10744 } else { 10745 a_chk->send_size = sizeof(struct sctp_nr_sack_chunk) + 10746 (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) + 10747 num_dups * sizeof(int32_t); 10748 SCTP_BUF_LEN(a_chk->data) = a_chk->send_size; 10749 nr_sack->nr_sack.cum_tsn_ack = htonl(asoc->cumulative_tsn); 10750 nr_sack->nr_sack.a_rwnd = htonl(asoc->my_rwnd); 10751 nr_sack->nr_sack.num_gap_ack_blks = htons(num_gap_blocks); 10752 nr_sack->nr_sack.num_nr_gap_ack_blks = htons(num_nr_gap_blocks); 10753 nr_sack->nr_sack.num_dup_tsns = htons(num_dups); 10754 nr_sack->nr_sack.reserved = 0; 10755 nr_sack->ch.chunk_type = type; 10756 nr_sack->ch.chunk_flags = flags; 10757 nr_sack->ch.chunk_length = htons(a_chk->send_size); 10758 } 10759 TAILQ_INSERT_TAIL(&asoc->control_send_queue, a_chk, sctp_next); 10760 asoc->my_last_reported_rwnd = asoc->my_rwnd; 10761 asoc->ctrl_queue_cnt++; 10762 asoc->send_sack = 0; 10763 SCTP_STAT_INCR(sctps_sendsacks); 10764 return; 10765} 10766 10767void 10768sctp_send_abort_tcb(struct sctp_tcb *stcb, struct mbuf *operr, int so_locked 10769#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 10770 SCTP_UNUSED 10771#endif 10772) 10773{ 10774 struct mbuf *m_abort, *m, *m_last; 10775 struct mbuf *m_out, *m_end = NULL; 10776 struct sctp_abort_chunk *abort; 10777 struct sctp_auth_chunk *auth = NULL; 10778 struct sctp_nets *net; 10779 uint32_t vtag; 10780 uint32_t auth_offset = 0; 10781 uint16_t cause_len, chunk_len, padding_len; 10782 10783 SCTP_TCB_LOCK_ASSERT(stcb); 10784 /*- 10785 * Add an AUTH chunk, if chunk requires it and save the offset into 10786 * the chain for AUTH 10787 */ 10788 if (sctp_auth_is_required_chunk(SCTP_ABORT_ASSOCIATION, 10789 stcb->asoc.peer_auth_chunks)) { 10790 m_out = sctp_add_auth_chunk(NULL, &m_end, &auth, &auth_offset, 10791 stcb, SCTP_ABORT_ASSOCIATION); 10792 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10793 } else { 10794 m_out = NULL; 10795 } 10796 m_abort = sctp_get_mbuf_for_msg(sizeof(struct sctp_abort_chunk), 0, M_NOWAIT, 1, MT_HEADER); 10797 if (m_abort == NULL) { 10798 if (m_out) { 10799 sctp_m_freem(m_out); 10800 } 10801 if (operr) { 10802 sctp_m_freem(operr); 10803 } 10804 return; 10805 } 10806 /* link in any error */ 10807 SCTP_BUF_NEXT(m_abort) = operr; 10808 cause_len = 0; 10809 m_last = NULL; 10810 for (m = operr; m; m = SCTP_BUF_NEXT(m)) { 10811 cause_len += (uint16_t) SCTP_BUF_LEN(m); 10812 if (SCTP_BUF_NEXT(m) == NULL) { 10813 m_last = m; 10814 } 10815 } 10816 SCTP_BUF_LEN(m_abort) = sizeof(struct sctp_abort_chunk); 10817 chunk_len = (uint16_t) sizeof(struct sctp_abort_chunk) + cause_len; 10818 padding_len = SCTP_SIZE32(chunk_len) - chunk_len; 10819 if (m_out == NULL) { 10820 /* NO Auth chunk prepended, so reserve space in front */ 10821 SCTP_BUF_RESV_UF(m_abort, SCTP_MIN_OVERHEAD); 10822 m_out = m_abort; 10823 } else { 10824 /* Put AUTH chunk at the front of the chain */ 10825 SCTP_BUF_NEXT(m_end) = m_abort; 10826 } 10827 if (stcb->asoc.alternate) { 10828 net = stcb->asoc.alternate; 10829 } else { 10830 net = stcb->asoc.primary_destination; 10831 } 10832 /* Fill in the ABORT chunk header. */ 10833 abort = mtod(m_abort, struct sctp_abort_chunk *); 10834 abort->ch.chunk_type = SCTP_ABORT_ASSOCIATION; 10835 if (stcb->asoc.peer_vtag == 0) { 10836 /* This happens iff the assoc is in COOKIE-WAIT state. */ 10837 vtag = stcb->asoc.my_vtag; 10838 abort->ch.chunk_flags = SCTP_HAD_NO_TCB; 10839 } else { 10840 vtag = stcb->asoc.peer_vtag; 10841 abort->ch.chunk_flags = 0; 10842 } 10843 abort->ch.chunk_length = htons(chunk_len); 10844 /* Add padding, if necessary. */ 10845 if (padding_len > 0) { 10846 if ((m_last == NULL) || 10847 (sctp_add_pad_tombuf(m_last, padding_len) == NULL)) { 10848 sctp_m_freem(m_out); 10849 return; 10850 } 10851 } 10852 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, net, 10853 (struct sockaddr *)&net->ro._l_addr, 10854 m_out, auth_offset, auth, stcb->asoc.authinfo.active_keyid, 1, 0, 0, 10855 stcb->sctp_ep->sctp_lport, stcb->rport, htonl(vtag), 10856 stcb->asoc.primary_destination->port, NULL, 10857 0, 0, 10858 so_locked); 10859 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10860} 10861 10862void 10863sctp_send_shutdown_complete(struct sctp_tcb *stcb, 10864 struct sctp_nets *net, 10865 int reflect_vtag) 10866{ 10867 /* formulate and SEND a SHUTDOWN-COMPLETE */ 10868 struct mbuf *m_shutdown_comp; 10869 struct sctp_shutdown_complete_chunk *shutdown_complete; 10870 uint32_t vtag; 10871 uint8_t flags; 10872 10873 m_shutdown_comp = sctp_get_mbuf_for_msg(sizeof(struct sctp_chunkhdr), 0, M_NOWAIT, 1, MT_HEADER); 10874 if (m_shutdown_comp == NULL) { 10875 /* no mbuf's */ 10876 return; 10877 } 10878 if (reflect_vtag) { 10879 flags = SCTP_HAD_NO_TCB; 10880 vtag = stcb->asoc.my_vtag; 10881 } else { 10882 flags = 0; 10883 vtag = stcb->asoc.peer_vtag; 10884 } 10885 shutdown_complete = mtod(m_shutdown_comp, struct sctp_shutdown_complete_chunk *); 10886 shutdown_complete->ch.chunk_type = SCTP_SHUTDOWN_COMPLETE; 10887 shutdown_complete->ch.chunk_flags = flags; 10888 shutdown_complete->ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk)); 10889 SCTP_BUF_LEN(m_shutdown_comp) = sizeof(struct sctp_shutdown_complete_chunk); 10890 (void)sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, net, 10891 (struct sockaddr *)&net->ro._l_addr, 10892 m_shutdown_comp, 0, NULL, 0, 1, 0, 0, 10893 stcb->sctp_ep->sctp_lport, stcb->rport, 10894 htonl(vtag), 10895 net->port, NULL, 10896 0, 0, 10897 SCTP_SO_NOT_LOCKED); 10898 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 10899 return; 10900} 10901 10902static void 10903sctp_send_resp_msg(struct sockaddr *src, struct sockaddr *dst, 10904 struct sctphdr *sh, uint32_t vtag, 10905 uint8_t type, struct mbuf *cause, 10906 uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum, 10907 uint32_t vrf_id, uint16_t port) 10908{ 10909 struct mbuf *o_pak; 10910 struct mbuf *mout; 10911 struct sctphdr *shout; 10912 struct sctp_chunkhdr *ch; 10913 10914#if defined(INET) || defined(INET6) 10915 struct udphdr *udp; 10916 int ret; 10917 10918#endif 10919 int len, cause_len, padding_len; 10920 10921#ifdef INET 10922 struct sockaddr_in *src_sin, *dst_sin; 10923 struct ip *ip; 10924 10925#endif 10926#ifdef INET6 10927 struct sockaddr_in6 *src_sin6, *dst_sin6; 10928 struct ip6_hdr *ip6; 10929 10930#endif 10931 10932 /* Compute the length of the cause and add final padding. */ 10933 cause_len = 0; 10934 if (cause != NULL) { 10935 struct mbuf *m_at, *m_last = NULL; 10936 10937 for (m_at = cause; m_at; m_at = SCTP_BUF_NEXT(m_at)) { 10938 if (SCTP_BUF_NEXT(m_at) == NULL) 10939 m_last = m_at; 10940 cause_len += SCTP_BUF_LEN(m_at); 10941 } 10942 padding_len = cause_len % 4; 10943 if (padding_len != 0) { 10944 padding_len = 4 - padding_len; 10945 } 10946 if (padding_len != 0) { 10947 if (sctp_add_pad_tombuf(m_last, padding_len) == NULL) { 10948 sctp_m_freem(cause); 10949 return; 10950 } 10951 } 10952 } else { 10953 padding_len = 0; 10954 } 10955 /* Get an mbuf for the header. */ 10956 len = sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); 10957 switch (dst->sa_family) { 10958#ifdef INET 10959 case AF_INET: 10960 len += sizeof(struct ip); 10961 break; 10962#endif 10963#ifdef INET6 10964 case AF_INET6: 10965 len += sizeof(struct ip6_hdr); 10966 break; 10967#endif 10968 default: 10969 break; 10970 } 10971#if defined(INET) || defined(INET6) 10972 if (port) { 10973 len += sizeof(struct udphdr); 10974 } 10975#endif 10976 mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_NOWAIT, 1, MT_DATA); 10977 if (mout == NULL) { 10978 if (cause) { 10979 sctp_m_freem(cause); 10980 } 10981 return; 10982 } 10983 SCTP_BUF_RESV_UF(mout, max_linkhdr); 10984 SCTP_BUF_LEN(mout) = len; 10985 SCTP_BUF_NEXT(mout) = cause; 10986 M_SETFIB(mout, fibnum); 10987 mout->m_pkthdr.flowid = mflowid; 10988 M_HASHTYPE_SET(mout, mflowtype); 10989#ifdef INET 10990 ip = NULL; 10991#endif 10992#ifdef INET6 10993 ip6 = NULL; 10994#endif 10995 switch (dst->sa_family) { 10996#ifdef INET 10997 case AF_INET: 10998 src_sin = (struct sockaddr_in *)src; 10999 dst_sin = (struct sockaddr_in *)dst; 11000 ip = mtod(mout, struct ip *); 11001 ip->ip_v = IPVERSION; 11002 ip->ip_hl = (sizeof(struct ip) >> 2); 11003 ip->ip_tos = 0; 11004 ip->ip_id = ip_newid(); 11005 ip->ip_off = 0; 11006 ip->ip_ttl = MODULE_GLOBAL(ip_defttl); 11007 if (port) { 11008 ip->ip_p = IPPROTO_UDP; 11009 } else { 11010 ip->ip_p = IPPROTO_SCTP; 11011 } 11012 ip->ip_src.s_addr = dst_sin->sin_addr.s_addr; 11013 ip->ip_dst.s_addr = src_sin->sin_addr.s_addr; 11014 ip->ip_sum = 0; 11015 len = sizeof(struct ip); 11016 shout = (struct sctphdr *)((caddr_t)ip + len); 11017 break; 11018#endif 11019#ifdef INET6 11020 case AF_INET6: 11021 src_sin6 = (struct sockaddr_in6 *)src; 11022 dst_sin6 = (struct sockaddr_in6 *)dst; 11023 ip6 = mtod(mout, struct ip6_hdr *); 11024 ip6->ip6_flow = htonl(0x60000000); 11025 if (V_ip6_auto_flowlabel) { 11026 ip6->ip6_flow |= (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK); 11027 } 11028 ip6->ip6_hlim = MODULE_GLOBAL(ip6_defhlim); 11029 if (port) { 11030 ip6->ip6_nxt = IPPROTO_UDP; 11031 } else { 11032 ip6->ip6_nxt = IPPROTO_SCTP; 11033 } 11034 ip6->ip6_src = dst_sin6->sin6_addr; 11035 ip6->ip6_dst = src_sin6->sin6_addr; 11036 len = sizeof(struct ip6_hdr); 11037 shout = (struct sctphdr *)((caddr_t)ip6 + len); 11038 break; 11039#endif 11040 default: 11041 len = 0; 11042 shout = mtod(mout, struct sctphdr *); 11043 break; 11044 } 11045#if defined(INET) || defined(INET6) 11046 if (port) { 11047 if (htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)) == 0) { 11048 sctp_m_freem(mout); 11049 return; 11050 } 11051 udp = (struct udphdr *)shout; 11052 udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)); 11053 udp->uh_dport = port; 11054 udp->uh_sum = 0; 11055 udp->uh_ulen = htons(sizeof(struct udphdr) + 11056 sizeof(struct sctphdr) + 11057 sizeof(struct sctp_chunkhdr) + 11058 cause_len + padding_len); 11059 len += sizeof(struct udphdr); 11060 shout = (struct sctphdr *)((caddr_t)shout + sizeof(struct udphdr)); 11061 } else { 11062 udp = NULL; 11063 } 11064#endif 11065 shout->src_port = sh->dest_port; 11066 shout->dest_port = sh->src_port; 11067 shout->checksum = 0; 11068 if (vtag) { 11069 shout->v_tag = htonl(vtag); 11070 } else { 11071 shout->v_tag = sh->v_tag; 11072 } 11073 len += sizeof(struct sctphdr); 11074 ch = (struct sctp_chunkhdr *)((caddr_t)shout + sizeof(struct sctphdr)); 11075 ch->chunk_type = type; 11076 if (vtag) { 11077 ch->chunk_flags = 0; 11078 } else { 11079 ch->chunk_flags = SCTP_HAD_NO_TCB; 11080 } 11081 ch->chunk_length = htons(sizeof(struct sctp_chunkhdr) + cause_len); 11082 len += sizeof(struct sctp_chunkhdr); 11083 len += cause_len + padding_len; 11084 11085 if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) { 11086 sctp_m_freem(mout); 11087 return; 11088 } 11089 SCTP_ATTACH_CHAIN(o_pak, mout, len); 11090 switch (dst->sa_family) { 11091#ifdef INET 11092 case AF_INET: 11093 if (port) { 11094 if (V_udp_cksum) { 11095 udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP)); 11096 } else { 11097 udp->uh_sum = 0; 11098 } 11099 } 11100 ip->ip_len = htons(len); 11101 if (port) { 11102#if defined(SCTP_WITH_NO_CSUM) 11103 SCTP_STAT_INCR(sctps_sendnocrc); 11104#else 11105 shout->checksum = sctp_calculate_cksum(mout, sizeof(struct ip) + sizeof(struct udphdr)); 11106 SCTP_STAT_INCR(sctps_sendswcrc); 11107#endif 11108 if (V_udp_cksum) { 11109 SCTP_ENABLE_UDP_CSUM(o_pak); 11110 } 11111 } else { 11112#if defined(SCTP_WITH_NO_CSUM) 11113 SCTP_STAT_INCR(sctps_sendnocrc); 11114#else 11115 mout->m_pkthdr.csum_flags = CSUM_SCTP; 11116 mout->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum); 11117 SCTP_STAT_INCR(sctps_sendhwcrc); 11118#endif 11119 } 11120#ifdef SCTP_PACKET_LOGGING 11121 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) { 11122 sctp_packet_log(o_pak); 11123 } 11124#endif 11125 SCTP_IP_OUTPUT(ret, o_pak, NULL, NULL, vrf_id); 11126 break; 11127#endif 11128#ifdef INET6 11129 case AF_INET6: 11130 ip6->ip6_plen = len - sizeof(struct ip6_hdr); 11131 if (port) { 11132#if defined(SCTP_WITH_NO_CSUM) 11133 SCTP_STAT_INCR(sctps_sendnocrc); 11134#else 11135 shout->checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr)); 11136 SCTP_STAT_INCR(sctps_sendswcrc); 11137#endif 11138 if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), len - sizeof(struct ip6_hdr))) == 0) { 11139 udp->uh_sum = 0xffff; 11140 } 11141 } else { 11142#if defined(SCTP_WITH_NO_CSUM) 11143 SCTP_STAT_INCR(sctps_sendnocrc); 11144#else 11145 mout->m_pkthdr.csum_flags = CSUM_SCTP_IPV6; 11146 mout->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum); 11147 SCTP_STAT_INCR(sctps_sendhwcrc); 11148#endif 11149 } 11150#ifdef SCTP_PACKET_LOGGING 11151 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) { 11152 sctp_packet_log(o_pak); 11153 } 11154#endif 11155 SCTP_IP6_OUTPUT(ret, o_pak, NULL, NULL, NULL, vrf_id); 11156 break; 11157#endif 11158 default: 11159 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Unknown protocol (TSNH) type %d\n", 11160 dst->sa_family); 11161 sctp_m_freem(mout); 11162 SCTP_LTRACE_ERR_RET_PKT(mout, NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT); 11163 return; 11164 } 11165 SCTP_STAT_INCR(sctps_sendpackets); 11166 SCTP_STAT_INCR_COUNTER64(sctps_outpackets); 11167 SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks); 11168 return; 11169} 11170 11171void 11172sctp_send_shutdown_complete2(struct sockaddr *src, struct sockaddr *dst, 11173 struct sctphdr *sh, 11174 uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum, 11175 uint32_t vrf_id, uint16_t port) 11176{ 11177 sctp_send_resp_msg(src, dst, sh, 0, SCTP_SHUTDOWN_COMPLETE, NULL, 11178 mflowtype, mflowid, fibnum, 11179 vrf_id, port); 11180} 11181 11182void 11183sctp_send_hb(struct sctp_tcb *stcb, struct sctp_nets *net, int so_locked 11184#if !defined(__APPLE__) && !defined(SCTP_SO_LOCK_TESTING) 11185 SCTP_UNUSED 11186#endif 11187) 11188{ 11189 struct sctp_tmit_chunk *chk; 11190 struct sctp_heartbeat_chunk *hb; 11191 struct timeval now; 11192 11193 SCTP_TCB_LOCK_ASSERT(stcb); 11194 if (net == NULL) { 11195 return; 11196 } 11197 (void)SCTP_GETTIME_TIMEVAL(&now); 11198 switch (net->ro._l_addr.sa.sa_family) { 11199#ifdef INET 11200 case AF_INET: 11201 break; 11202#endif 11203#ifdef INET6 11204 case AF_INET6: 11205 break; 11206#endif 11207 default: 11208 return; 11209 } 11210 sctp_alloc_a_chunk(stcb, chk); 11211 if (chk == NULL) { 11212 SCTPDBG(SCTP_DEBUG_OUTPUT4, "Gak, can't get a chunk for hb\n"); 11213 return; 11214 } 11215 chk->copy_by_ref = 0; 11216 chk->rec.chunk_id.id = SCTP_HEARTBEAT_REQUEST; 11217 chk->rec.chunk_id.can_take_data = 1; 11218 chk->flags = 0; 11219 chk->asoc = &stcb->asoc; 11220 chk->send_size = sizeof(struct sctp_heartbeat_chunk); 11221 11222 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_NOWAIT, 1, MT_HEADER); 11223 if (chk->data == NULL) { 11224 sctp_free_a_chunk(stcb, chk, so_locked); 11225 return; 11226 } 11227 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 11228 SCTP_BUF_LEN(chk->data) = chk->send_size; 11229 chk->sent = SCTP_DATAGRAM_UNSENT; 11230 chk->snd_count = 0; 11231 chk->whoTo = net; 11232 atomic_add_int(&chk->whoTo->ref_count, 1); 11233 /* Now we have a mbuf that we can fill in with the details */ 11234 hb = mtod(chk->data, struct sctp_heartbeat_chunk *); 11235 memset(hb, 0, sizeof(struct sctp_heartbeat_chunk)); 11236 /* fill out chunk header */ 11237 hb->ch.chunk_type = SCTP_HEARTBEAT_REQUEST; 11238 hb->ch.chunk_flags = 0; 11239 hb->ch.chunk_length = htons(chk->send_size); 11240 /* Fill out hb parameter */ 11241 hb->heartbeat.hb_info.ph.param_type = htons(SCTP_HEARTBEAT_INFO); 11242 hb->heartbeat.hb_info.ph.param_length = htons(sizeof(struct sctp_heartbeat_info_param)); 11243 hb->heartbeat.hb_info.time_value_1 = now.tv_sec; 11244 hb->heartbeat.hb_info.time_value_2 = now.tv_usec; 11245 /* Did our user request this one, put it in */ 11246 hb->heartbeat.hb_info.addr_family = (uint8_t) net->ro._l_addr.sa.sa_family; 11247 hb->heartbeat.hb_info.addr_len = net->ro._l_addr.sa.sa_len; 11248 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 11249 /* 11250 * we only take from the entropy pool if the address is not 11251 * confirmed. 11252 */ 11253 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 11254 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 11255 } else { 11256 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = 0; 11257 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = 0; 11258 } 11259 switch (net->ro._l_addr.sa.sa_family) { 11260#ifdef INET 11261 case AF_INET: 11262 memcpy(hb->heartbeat.hb_info.address, 11263 &net->ro._l_addr.sin.sin_addr, 11264 sizeof(net->ro._l_addr.sin.sin_addr)); 11265 break; 11266#endif 11267#ifdef INET6 11268 case AF_INET6: 11269 memcpy(hb->heartbeat.hb_info.address, 11270 &net->ro._l_addr.sin6.sin6_addr, 11271 sizeof(net->ro._l_addr.sin6.sin6_addr)); 11272 break; 11273#endif 11274 default: 11275 if (chk->data) { 11276 sctp_m_freem(chk->data); 11277 chk->data = NULL; 11278 } 11279 sctp_free_a_chunk(stcb, chk, so_locked); 11280 return; 11281 break; 11282 } 11283 net->hb_responded = 0; 11284 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 11285 stcb->asoc.ctrl_queue_cnt++; 11286 SCTP_STAT_INCR(sctps_sendheartbeat); 11287 return; 11288} 11289 11290void 11291sctp_send_ecn_echo(struct sctp_tcb *stcb, struct sctp_nets *net, 11292 uint32_t high_tsn) 11293{ 11294 struct sctp_association *asoc; 11295 struct sctp_ecne_chunk *ecne; 11296 struct sctp_tmit_chunk *chk; 11297 11298 if (net == NULL) { 11299 return; 11300 } 11301 asoc = &stcb->asoc; 11302 SCTP_TCB_LOCK_ASSERT(stcb); 11303 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 11304 if ((chk->rec.chunk_id.id == SCTP_ECN_ECHO) && (net == chk->whoTo)) { 11305 /* found a previous ECN_ECHO update it if needed */ 11306 uint32_t cnt, ctsn; 11307 11308 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 11309 ctsn = ntohl(ecne->tsn); 11310 if (SCTP_TSN_GT(high_tsn, ctsn)) { 11311 ecne->tsn = htonl(high_tsn); 11312 SCTP_STAT_INCR(sctps_queue_upd_ecne); 11313 } 11314 cnt = ntohl(ecne->num_pkts_since_cwr); 11315 cnt++; 11316 ecne->num_pkts_since_cwr = htonl(cnt); 11317 return; 11318 } 11319 } 11320 /* nope could not find one to update so we must build one */ 11321 sctp_alloc_a_chunk(stcb, chk); 11322 if (chk == NULL) { 11323 return; 11324 } 11325 SCTP_STAT_INCR(sctps_queue_upd_ecne); 11326 chk->copy_by_ref = 0; 11327 chk->rec.chunk_id.id = SCTP_ECN_ECHO; 11328 chk->rec.chunk_id.can_take_data = 0; 11329 chk->flags = 0; 11330 chk->asoc = &stcb->asoc; 11331 chk->send_size = sizeof(struct sctp_ecne_chunk); 11332 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_NOWAIT, 1, MT_HEADER); 11333 if (chk->data == NULL) { 11334 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 11335 return; 11336 } 11337 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 11338 SCTP_BUF_LEN(chk->data) = chk->send_size; 11339 chk->sent = SCTP_DATAGRAM_UNSENT; 11340 chk->snd_count = 0; 11341 chk->whoTo = net; 11342 atomic_add_int(&chk->whoTo->ref_count, 1); 11343 11344 stcb->asoc.ecn_echo_cnt_onq++; 11345 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 11346 ecne->ch.chunk_type = SCTP_ECN_ECHO; 11347 ecne->ch.chunk_flags = 0; 11348 ecne->ch.chunk_length = htons(sizeof(struct sctp_ecne_chunk)); 11349 ecne->tsn = htonl(high_tsn); 11350 ecne->num_pkts_since_cwr = htonl(1); 11351 TAILQ_INSERT_HEAD(&stcb->asoc.control_send_queue, chk, sctp_next); 11352 asoc->ctrl_queue_cnt++; 11353} 11354 11355void 11356sctp_send_packet_dropped(struct sctp_tcb *stcb, struct sctp_nets *net, 11357 struct mbuf *m, int len, int iphlen, int bad_crc) 11358{ 11359 struct sctp_association *asoc; 11360 struct sctp_pktdrop_chunk *drp; 11361 struct sctp_tmit_chunk *chk; 11362 uint8_t *datap; 11363 int was_trunc = 0; 11364 int fullsz = 0; 11365 long spc; 11366 int offset; 11367 struct sctp_chunkhdr *ch, chunk_buf; 11368 unsigned int chk_length; 11369 11370 if (!stcb) { 11371 return; 11372 } 11373 asoc = &stcb->asoc; 11374 SCTP_TCB_LOCK_ASSERT(stcb); 11375 if (asoc->pktdrop_supported == 0) { 11376 /*- 11377 * peer must declare support before I send one. 11378 */ 11379 return; 11380 } 11381 if (stcb->sctp_socket == NULL) { 11382 return; 11383 } 11384 sctp_alloc_a_chunk(stcb, chk); 11385 if (chk == NULL) { 11386 return; 11387 } 11388 chk->copy_by_ref = 0; 11389 chk->rec.chunk_id.id = SCTP_PACKET_DROPPED; 11390 chk->rec.chunk_id.can_take_data = 1; 11391 chk->flags = 0; 11392 len -= iphlen; 11393 chk->send_size = len; 11394 /* Validate that we do not have an ABORT in here. */ 11395 offset = iphlen + sizeof(struct sctphdr); 11396 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 11397 sizeof(*ch), (uint8_t *) & chunk_buf); 11398 while (ch != NULL) { 11399 chk_length = ntohs(ch->chunk_length); 11400 if (chk_length < sizeof(*ch)) { 11401 /* break to abort land */ 11402 break; 11403 } 11404 switch (ch->chunk_type) { 11405 case SCTP_PACKET_DROPPED: 11406 case SCTP_ABORT_ASSOCIATION: 11407 case SCTP_INITIATION_ACK: 11408 /** 11409 * We don't respond with an PKT-DROP to an ABORT 11410 * or PKT-DROP. We also do not respond to an 11411 * INIT-ACK, because we can't know if the initiation 11412 * tag is correct or not. 11413 */ 11414 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 11415 return; 11416 default: 11417 break; 11418 } 11419 offset += SCTP_SIZE32(chk_length); 11420 ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset, 11421 sizeof(*ch), (uint8_t *) & chunk_buf); 11422 } 11423 11424 if ((len + SCTP_MAX_OVERHEAD + sizeof(struct sctp_pktdrop_chunk)) > 11425 min(stcb->asoc.smallest_mtu, MCLBYTES)) { 11426 /* 11427 * only send 1 mtu worth, trim off the excess on the end. 11428 */ 11429 fullsz = len; 11430 len = min(stcb->asoc.smallest_mtu, MCLBYTES) - SCTP_MAX_OVERHEAD; 11431 was_trunc = 1; 11432 } 11433 chk->asoc = &stcb->asoc; 11434 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 11435 if (chk->data == NULL) { 11436jump_out: 11437 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 11438 return; 11439 } 11440 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 11441 drp = mtod(chk->data, struct sctp_pktdrop_chunk *); 11442 if (drp == NULL) { 11443 sctp_m_freem(chk->data); 11444 chk->data = NULL; 11445 goto jump_out; 11446 } 11447 chk->book_size = SCTP_SIZE32((chk->send_size + sizeof(struct sctp_pktdrop_chunk) + 11448 sizeof(struct sctphdr) + SCTP_MED_OVERHEAD)); 11449 chk->book_size_scale = 0; 11450 if (was_trunc) { 11451 drp->ch.chunk_flags = SCTP_PACKET_TRUNCATED; 11452 drp->trunc_len = htons(fullsz); 11453 /* 11454 * Len is already adjusted to size minus overhead above take 11455 * out the pkt_drop chunk itself from it. 11456 */ 11457 chk->send_size = len - sizeof(struct sctp_pktdrop_chunk); 11458 len = chk->send_size; 11459 } else { 11460 /* no truncation needed */ 11461 drp->ch.chunk_flags = 0; 11462 drp->trunc_len = htons(0); 11463 } 11464 if (bad_crc) { 11465 drp->ch.chunk_flags |= SCTP_BADCRC; 11466 } 11467 chk->send_size += sizeof(struct sctp_pktdrop_chunk); 11468 SCTP_BUF_LEN(chk->data) = chk->send_size; 11469 chk->sent = SCTP_DATAGRAM_UNSENT; 11470 chk->snd_count = 0; 11471 if (net) { 11472 /* we should hit here */ 11473 chk->whoTo = net; 11474 atomic_add_int(&chk->whoTo->ref_count, 1); 11475 } else { 11476 chk->whoTo = NULL; 11477 } 11478 drp->ch.chunk_type = SCTP_PACKET_DROPPED; 11479 drp->ch.chunk_length = htons(chk->send_size); 11480 spc = SCTP_SB_LIMIT_RCV(stcb->sctp_socket); 11481 if (spc < 0) { 11482 spc = 0; 11483 } 11484 drp->bottle_bw = htonl(spc); 11485 if (asoc->my_rwnd) { 11486 drp->current_onq = htonl(asoc->size_on_reasm_queue + 11487 asoc->size_on_all_streams + 11488 asoc->my_rwnd_control_len + 11489 stcb->sctp_socket->so_rcv.sb_cc); 11490 } else { 11491 /*- 11492 * If my rwnd is 0, possibly from mbuf depletion as well as 11493 * space used, tell the peer there is NO space aka onq == bw 11494 */ 11495 drp->current_onq = htonl(spc); 11496 } 11497 drp->reserved = 0; 11498 datap = drp->data; 11499 m_copydata(m, iphlen, len, (caddr_t)datap); 11500 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 11501 asoc->ctrl_queue_cnt++; 11502} 11503 11504void 11505sctp_send_cwr(struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t high_tsn, uint8_t override) 11506{ 11507 struct sctp_association *asoc; 11508 struct sctp_cwr_chunk *cwr; 11509 struct sctp_tmit_chunk *chk; 11510 11511 SCTP_TCB_LOCK_ASSERT(stcb); 11512 if (net == NULL) { 11513 return; 11514 } 11515 asoc = &stcb->asoc; 11516 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 11517 if ((chk->rec.chunk_id.id == SCTP_ECN_CWR) && (net == chk->whoTo)) { 11518 /* 11519 * found a previous CWR queued to same destination 11520 * update it if needed 11521 */ 11522 uint32_t ctsn; 11523 11524 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 11525 ctsn = ntohl(cwr->tsn); 11526 if (SCTP_TSN_GT(high_tsn, ctsn)) { 11527 cwr->tsn = htonl(high_tsn); 11528 } 11529 if (override & SCTP_CWR_REDUCE_OVERRIDE) { 11530 /* Make sure override is carried */ 11531 cwr->ch.chunk_flags |= SCTP_CWR_REDUCE_OVERRIDE; 11532 } 11533 return; 11534 } 11535 } 11536 sctp_alloc_a_chunk(stcb, chk); 11537 if (chk == NULL) { 11538 return; 11539 } 11540 chk->copy_by_ref = 0; 11541 chk->rec.chunk_id.id = SCTP_ECN_CWR; 11542 chk->rec.chunk_id.can_take_data = 1; 11543 chk->flags = 0; 11544 chk->asoc = &stcb->asoc; 11545 chk->send_size = sizeof(struct sctp_cwr_chunk); 11546 chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_NOWAIT, 1, MT_HEADER); 11547 if (chk->data == NULL) { 11548 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 11549 return; 11550 } 11551 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 11552 SCTP_BUF_LEN(chk->data) = chk->send_size; 11553 chk->sent = SCTP_DATAGRAM_UNSENT; 11554 chk->snd_count = 0; 11555 chk->whoTo = net; 11556 atomic_add_int(&chk->whoTo->ref_count, 1); 11557 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 11558 cwr->ch.chunk_type = SCTP_ECN_CWR; 11559 cwr->ch.chunk_flags = override; 11560 cwr->ch.chunk_length = htons(sizeof(struct sctp_cwr_chunk)); 11561 cwr->tsn = htonl(high_tsn); 11562 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 11563 asoc->ctrl_queue_cnt++; 11564} 11565 11566static int 11567sctp_add_stream_reset_out(struct sctp_tcb *stcb, struct sctp_tmit_chunk *chk, 11568 uint32_t seq, uint32_t resp_seq, uint32_t last_sent) 11569{ 11570 uint16_t len, old_len, i; 11571 struct sctp_stream_reset_out_request *req_out; 11572 struct sctp_chunkhdr *ch; 11573 int at; 11574 int number_entries = 0; 11575 11576 ch = mtod(chk->data, struct sctp_chunkhdr *); 11577 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11578 /* get to new offset for the param. */ 11579 req_out = (struct sctp_stream_reset_out_request *)((caddr_t)ch + len); 11580 /* now how long will this param be? */ 11581 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 11582 if ((stcb->asoc.strmout[i].state == SCTP_STREAM_RESET_PENDING) && 11583 (stcb->asoc.strmout[i].chunks_on_queues == 0) && 11584 TAILQ_EMPTY(&stcb->asoc.strmout[i].outqueue)) { 11585 number_entries++; 11586 } 11587 } 11588 if (number_entries == 0) { 11589 return (0); 11590 } 11591 if (number_entries == stcb->asoc.streamoutcnt) { 11592 number_entries = 0; 11593 } 11594 if (number_entries > SCTP_MAX_STREAMS_AT_ONCE_RESET) { 11595 number_entries = SCTP_MAX_STREAMS_AT_ONCE_RESET; 11596 } 11597 len = (sizeof(struct sctp_stream_reset_out_request) + (sizeof(uint16_t) * number_entries)); 11598 req_out->ph.param_type = htons(SCTP_STR_RESET_OUT_REQUEST); 11599 req_out->ph.param_length = htons(len); 11600 req_out->request_seq = htonl(seq); 11601 req_out->response_seq = htonl(resp_seq); 11602 req_out->send_reset_at_tsn = htonl(last_sent); 11603 at = 0; 11604 if (number_entries) { 11605 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 11606 if ((stcb->asoc.strmout[i].state == SCTP_STREAM_RESET_PENDING) && 11607 (stcb->asoc.strmout[i].chunks_on_queues == 0) && 11608 TAILQ_EMPTY(&stcb->asoc.strmout[i].outqueue)) { 11609 req_out->list_of_streams[at] = htons(i); 11610 at++; 11611 stcb->asoc.strmout[i].state = SCTP_STREAM_RESET_IN_FLIGHT; 11612 if (at >= number_entries) { 11613 break; 11614 } 11615 } 11616 } 11617 } else { 11618 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 11619 stcb->asoc.strmout[i].state = SCTP_STREAM_RESET_IN_FLIGHT; 11620 } 11621 } 11622 if (SCTP_SIZE32(len) > len) { 11623 /*- 11624 * Need to worry about the pad we may end up adding to the 11625 * end. This is easy since the struct is either aligned to 4 11626 * bytes or 2 bytes off. 11627 */ 11628 req_out->list_of_streams[number_entries] = 0; 11629 } 11630 /* now fix the chunk length */ 11631 ch->chunk_length = htons(len + old_len); 11632 chk->book_size = len + old_len; 11633 chk->book_size_scale = 0; 11634 chk->send_size = SCTP_SIZE32(chk->book_size); 11635 SCTP_BUF_LEN(chk->data) = chk->send_size; 11636 return (1); 11637} 11638 11639static void 11640sctp_add_stream_reset_in(struct sctp_tmit_chunk *chk, 11641 int number_entries, uint16_t * list, 11642 uint32_t seq) 11643{ 11644 uint16_t len, old_len, i; 11645 struct sctp_stream_reset_in_request *req_in; 11646 struct sctp_chunkhdr *ch; 11647 11648 ch = mtod(chk->data, struct sctp_chunkhdr *); 11649 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11650 11651 /* get to new offset for the param. */ 11652 req_in = (struct sctp_stream_reset_in_request *)((caddr_t)ch + len); 11653 /* now how long will this param be? */ 11654 len = (sizeof(struct sctp_stream_reset_in_request) + (sizeof(uint16_t) * number_entries)); 11655 req_in->ph.param_type = htons(SCTP_STR_RESET_IN_REQUEST); 11656 req_in->ph.param_length = htons(len); 11657 req_in->request_seq = htonl(seq); 11658 if (number_entries) { 11659 for (i = 0; i < number_entries; i++) { 11660 req_in->list_of_streams[i] = htons(list[i]); 11661 } 11662 } 11663 if (SCTP_SIZE32(len) > len) { 11664 /*- 11665 * Need to worry about the pad we may end up adding to the 11666 * end. This is easy since the struct is either aligned to 4 11667 * bytes or 2 bytes off. 11668 */ 11669 req_in->list_of_streams[number_entries] = 0; 11670 } 11671 /* now fix the chunk length */ 11672 ch->chunk_length = htons(len + old_len); 11673 chk->book_size = len + old_len; 11674 chk->book_size_scale = 0; 11675 chk->send_size = SCTP_SIZE32(chk->book_size); 11676 SCTP_BUF_LEN(chk->data) = chk->send_size; 11677 return; 11678} 11679 11680static void 11681sctp_add_stream_reset_tsn(struct sctp_tmit_chunk *chk, 11682 uint32_t seq) 11683{ 11684 uint16_t len, old_len; 11685 struct sctp_stream_reset_tsn_request *req_tsn; 11686 struct sctp_chunkhdr *ch; 11687 11688 ch = mtod(chk->data, struct sctp_chunkhdr *); 11689 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11690 11691 /* get to new offset for the param. */ 11692 req_tsn = (struct sctp_stream_reset_tsn_request *)((caddr_t)ch + len); 11693 /* now how long will this param be? */ 11694 len = sizeof(struct sctp_stream_reset_tsn_request); 11695 req_tsn->ph.param_type = htons(SCTP_STR_RESET_TSN_REQUEST); 11696 req_tsn->ph.param_length = htons(len); 11697 req_tsn->request_seq = htonl(seq); 11698 11699 /* now fix the chunk length */ 11700 ch->chunk_length = htons(len + old_len); 11701 chk->send_size = len + old_len; 11702 chk->book_size = SCTP_SIZE32(chk->send_size); 11703 chk->book_size_scale = 0; 11704 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); 11705 return; 11706} 11707 11708void 11709sctp_add_stream_reset_result(struct sctp_tmit_chunk *chk, 11710 uint32_t resp_seq, uint32_t result) 11711{ 11712 uint16_t len, old_len; 11713 struct sctp_stream_reset_response *resp; 11714 struct sctp_chunkhdr *ch; 11715 11716 ch = mtod(chk->data, struct sctp_chunkhdr *); 11717 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11718 11719 /* get to new offset for the param. */ 11720 resp = (struct sctp_stream_reset_response *)((caddr_t)ch + len); 11721 /* now how long will this param be? */ 11722 len = sizeof(struct sctp_stream_reset_response); 11723 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE); 11724 resp->ph.param_length = htons(len); 11725 resp->response_seq = htonl(resp_seq); 11726 resp->result = ntohl(result); 11727 11728 /* now fix the chunk length */ 11729 ch->chunk_length = htons(len + old_len); 11730 chk->book_size = len + old_len; 11731 chk->book_size_scale = 0; 11732 chk->send_size = SCTP_SIZE32(chk->book_size); 11733 SCTP_BUF_LEN(chk->data) = chk->send_size; 11734 return; 11735} 11736 11737void 11738sctp_send_deferred_reset_response(struct sctp_tcb *stcb, 11739 struct sctp_stream_reset_list *ent, 11740 int response) 11741{ 11742 struct sctp_association *asoc; 11743 struct sctp_tmit_chunk *chk; 11744 struct sctp_chunkhdr *ch; 11745 11746 asoc = &stcb->asoc; 11747 11748 /* 11749 * Reset our last reset action to the new one IP -> response 11750 * (PERFORMED probably). This assures that if we fail to send, a 11751 * retran from the peer will get the new response. 11752 */ 11753 asoc->last_reset_action[0] = response; 11754 if (asoc->stream_reset_outstanding) { 11755 return; 11756 } 11757 sctp_alloc_a_chunk(stcb, chk); 11758 if (chk == NULL) { 11759 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11760 return; 11761 } 11762 chk->copy_by_ref = 0; 11763 chk->rec.chunk_id.id = SCTP_STREAM_RESET; 11764 chk->rec.chunk_id.can_take_data = 0; 11765 chk->flags = 0; 11766 chk->asoc = &stcb->asoc; 11767 chk->book_size = sizeof(struct sctp_chunkhdr); 11768 chk->send_size = SCTP_SIZE32(chk->book_size); 11769 chk->book_size_scale = 0; 11770 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 11771 if (chk->data == NULL) { 11772 sctp_free_a_chunk(stcb, chk, SCTP_SO_LOCKED); 11773 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11774 return; 11775 } 11776 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 11777 sctp_add_stream_reset_result(chk, ent->seq, response); 11778 /* setup chunk parameters */ 11779 chk->sent = SCTP_DATAGRAM_UNSENT; 11780 chk->snd_count = 0; 11781 if (stcb->asoc.alternate) { 11782 chk->whoTo = stcb->asoc.alternate; 11783 } else { 11784 chk->whoTo = stcb->asoc.primary_destination; 11785 } 11786 ch = mtod(chk->data, struct sctp_chunkhdr *); 11787 ch->chunk_type = SCTP_STREAM_RESET; 11788 ch->chunk_flags = 0; 11789 ch->chunk_length = htons(chk->book_size); 11790 atomic_add_int(&chk->whoTo->ref_count, 1); 11791 SCTP_BUF_LEN(chk->data) = chk->send_size; 11792 /* insert the chunk for sending */ 11793 TAILQ_INSERT_TAIL(&asoc->control_send_queue, 11794 chk, 11795 sctp_next); 11796 asoc->ctrl_queue_cnt++; 11797} 11798 11799void 11800sctp_add_stream_reset_result_tsn(struct sctp_tmit_chunk *chk, 11801 uint32_t resp_seq, uint32_t result, 11802 uint32_t send_una, uint32_t recv_next) 11803{ 11804 uint16_t len, old_len; 11805 struct sctp_stream_reset_response_tsn *resp; 11806 struct sctp_chunkhdr *ch; 11807 11808 ch = mtod(chk->data, struct sctp_chunkhdr *); 11809 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11810 11811 /* get to new offset for the param. */ 11812 resp = (struct sctp_stream_reset_response_tsn *)((caddr_t)ch + len); 11813 /* now how long will this param be? */ 11814 len = sizeof(struct sctp_stream_reset_response_tsn); 11815 resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE); 11816 resp->ph.param_length = htons(len); 11817 resp->response_seq = htonl(resp_seq); 11818 resp->result = htonl(result); 11819 resp->senders_next_tsn = htonl(send_una); 11820 resp->receivers_next_tsn = htonl(recv_next); 11821 11822 /* now fix the chunk length */ 11823 ch->chunk_length = htons(len + old_len); 11824 chk->book_size = len + old_len; 11825 chk->send_size = SCTP_SIZE32(chk->book_size); 11826 chk->book_size_scale = 0; 11827 SCTP_BUF_LEN(chk->data) = chk->send_size; 11828 return; 11829} 11830 11831static void 11832sctp_add_an_out_stream(struct sctp_tmit_chunk *chk, 11833 uint32_t seq, 11834 uint16_t adding) 11835{ 11836 uint16_t len, old_len; 11837 struct sctp_chunkhdr *ch; 11838 struct sctp_stream_reset_add_strm *addstr; 11839 11840 ch = mtod(chk->data, struct sctp_chunkhdr *); 11841 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11842 11843 /* get to new offset for the param. */ 11844 addstr = (struct sctp_stream_reset_add_strm *)((caddr_t)ch + len); 11845 /* now how long will this param be? */ 11846 len = sizeof(struct sctp_stream_reset_add_strm); 11847 11848 /* Fill it out. */ 11849 addstr->ph.param_type = htons(SCTP_STR_RESET_ADD_OUT_STREAMS); 11850 addstr->ph.param_length = htons(len); 11851 addstr->request_seq = htonl(seq); 11852 addstr->number_of_streams = htons(adding); 11853 addstr->reserved = 0; 11854 11855 /* now fix the chunk length */ 11856 ch->chunk_length = htons(len + old_len); 11857 chk->send_size = len + old_len; 11858 chk->book_size = SCTP_SIZE32(chk->send_size); 11859 chk->book_size_scale = 0; 11860 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); 11861 return; 11862} 11863 11864static void 11865sctp_add_an_in_stream(struct sctp_tmit_chunk *chk, 11866 uint32_t seq, 11867 uint16_t adding) 11868{ 11869 uint16_t len, old_len; 11870 struct sctp_chunkhdr *ch; 11871 struct sctp_stream_reset_add_strm *addstr; 11872 11873 ch = mtod(chk->data, struct sctp_chunkhdr *); 11874 old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length)); 11875 11876 /* get to new offset for the param. */ 11877 addstr = (struct sctp_stream_reset_add_strm *)((caddr_t)ch + len); 11878 /* now how long will this param be? */ 11879 len = sizeof(struct sctp_stream_reset_add_strm); 11880 /* Fill it out. */ 11881 addstr->ph.param_type = htons(SCTP_STR_RESET_ADD_IN_STREAMS); 11882 addstr->ph.param_length = htons(len); 11883 addstr->request_seq = htonl(seq); 11884 addstr->number_of_streams = htons(adding); 11885 addstr->reserved = 0; 11886 11887 /* now fix the chunk length */ 11888 ch->chunk_length = htons(len + old_len); 11889 chk->send_size = len + old_len; 11890 chk->book_size = SCTP_SIZE32(chk->send_size); 11891 chk->book_size_scale = 0; 11892 SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); 11893 return; 11894} 11895 11896int 11897sctp_send_stream_reset_out_if_possible(struct sctp_tcb *stcb, int so_locked) 11898{ 11899 struct sctp_association *asoc; 11900 struct sctp_tmit_chunk *chk; 11901 struct sctp_chunkhdr *ch; 11902 uint32_t seq; 11903 11904 asoc = &stcb->asoc; 11905 asoc->trigger_reset = 0; 11906 if (asoc->stream_reset_outstanding) { 11907 return (EALREADY); 11908 } 11909 sctp_alloc_a_chunk(stcb, chk); 11910 if (chk == NULL) { 11911 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11912 return (ENOMEM); 11913 } 11914 chk->copy_by_ref = 0; 11915 chk->rec.chunk_id.id = SCTP_STREAM_RESET; 11916 chk->rec.chunk_id.can_take_data = 0; 11917 chk->flags = 0; 11918 chk->asoc = &stcb->asoc; 11919 chk->book_size = sizeof(struct sctp_chunkhdr); 11920 chk->send_size = SCTP_SIZE32(chk->book_size); 11921 chk->book_size_scale = 0; 11922 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 11923 if (chk->data == NULL) { 11924 sctp_free_a_chunk(stcb, chk, so_locked); 11925 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 11926 return (ENOMEM); 11927 } 11928 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 11929 11930 /* setup chunk parameters */ 11931 chk->sent = SCTP_DATAGRAM_UNSENT; 11932 chk->snd_count = 0; 11933 if (stcb->asoc.alternate) { 11934 chk->whoTo = stcb->asoc.alternate; 11935 } else { 11936 chk->whoTo = stcb->asoc.primary_destination; 11937 } 11938 ch = mtod(chk->data, struct sctp_chunkhdr *); 11939 ch->chunk_type = SCTP_STREAM_RESET; 11940 ch->chunk_flags = 0; 11941 ch->chunk_length = htons(chk->book_size); 11942 atomic_add_int(&chk->whoTo->ref_count, 1); 11943 SCTP_BUF_LEN(chk->data) = chk->send_size; 11944 seq = stcb->asoc.str_reset_seq_out; 11945 if (sctp_add_stream_reset_out(stcb, chk, seq, (stcb->asoc.str_reset_seq_in - 1), (stcb->asoc.sending_seq - 1))) { 11946 seq++; 11947 asoc->stream_reset_outstanding++; 11948 } else { 11949 m_freem(chk->data); 11950 chk->data = NULL; 11951 sctp_free_a_chunk(stcb, chk, so_locked); 11952 return (ENOENT); 11953 } 11954 asoc->str_reset = chk; 11955 /* insert the chunk for sending */ 11956 TAILQ_INSERT_TAIL(&asoc->control_send_queue, 11957 chk, 11958 sctp_next); 11959 asoc->ctrl_queue_cnt++; 11960 11961 if (stcb->asoc.send_sack) { 11962 sctp_send_sack(stcb, so_locked); 11963 } 11964 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo); 11965 return (0); 11966} 11967 11968int 11969sctp_send_str_reset_req(struct sctp_tcb *stcb, 11970 uint16_t number_entries, uint16_t * list, 11971 uint8_t send_in_req, 11972 uint8_t send_tsn_req, 11973 uint8_t add_stream, 11974 uint16_t adding_o, 11975 uint16_t adding_i, uint8_t peer_asked) 11976{ 11977 struct sctp_association *asoc; 11978 struct sctp_tmit_chunk *chk; 11979 struct sctp_chunkhdr *ch; 11980 int can_send_out_req = 0; 11981 uint32_t seq; 11982 11983 asoc = &stcb->asoc; 11984 if (asoc->stream_reset_outstanding) { 11985 /*- 11986 * Already one pending, must get ACK back to clear the flag. 11987 */ 11988 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EBUSY); 11989 return (EBUSY); 11990 } 11991 if ((send_in_req == 0) && (send_tsn_req == 0) && 11992 (add_stream == 0)) { 11993 /* nothing to do */ 11994 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 11995 return (EINVAL); 11996 } 11997 if (send_tsn_req && send_in_req) { 11998 /* error, can't do that */ 11999 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12000 return (EINVAL); 12001 } else if (send_in_req) { 12002 can_send_out_req = 1; 12003 } 12004 if (number_entries > (MCLBYTES - 12005 SCTP_MIN_OVERHEAD - 12006 sizeof(struct sctp_chunkhdr) - 12007 sizeof(struct sctp_stream_reset_out_request)) / 12008 sizeof(uint16_t)) { 12009 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 12010 return (ENOMEM); 12011 } 12012 sctp_alloc_a_chunk(stcb, chk); 12013 if (chk == NULL) { 12014 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 12015 return (ENOMEM); 12016 } 12017 chk->copy_by_ref = 0; 12018 chk->rec.chunk_id.id = SCTP_STREAM_RESET; 12019 chk->rec.chunk_id.can_take_data = 0; 12020 chk->flags = 0; 12021 chk->asoc = &stcb->asoc; 12022 chk->book_size = sizeof(struct sctp_chunkhdr); 12023 chk->send_size = SCTP_SIZE32(chk->book_size); 12024 chk->book_size_scale = 0; 12025 12026 chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 12027 if (chk->data == NULL) { 12028 sctp_free_a_chunk(stcb, chk, SCTP_SO_LOCKED); 12029 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 12030 return (ENOMEM); 12031 } 12032 SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); 12033 12034 /* setup chunk parameters */ 12035 chk->sent = SCTP_DATAGRAM_UNSENT; 12036 chk->snd_count = 0; 12037 if (stcb->asoc.alternate) { 12038 chk->whoTo = stcb->asoc.alternate; 12039 } else { 12040 chk->whoTo = stcb->asoc.primary_destination; 12041 } 12042 atomic_add_int(&chk->whoTo->ref_count, 1); 12043 ch = mtod(chk->data, struct sctp_chunkhdr *); 12044 ch->chunk_type = SCTP_STREAM_RESET; 12045 ch->chunk_flags = 0; 12046 ch->chunk_length = htons(chk->book_size); 12047 SCTP_BUF_LEN(chk->data) = chk->send_size; 12048 12049 seq = stcb->asoc.str_reset_seq_out; 12050 if (can_send_out_req) { 12051 int ret; 12052 12053 ret = sctp_add_stream_reset_out(stcb, chk, seq, (stcb->asoc.str_reset_seq_in - 1), (stcb->asoc.sending_seq - 1)); 12054 if (ret) { 12055 seq++; 12056 asoc->stream_reset_outstanding++; 12057 } 12058 } 12059 if ((add_stream & 1) && 12060 ((stcb->asoc.strm_realoutsize - stcb->asoc.streamoutcnt) < adding_o)) { 12061 /* Need to allocate more */ 12062 struct sctp_stream_out *oldstream; 12063 struct sctp_stream_queue_pending *sp, *nsp; 12064 int i; 12065 12066#if defined(SCTP_DETAILED_STR_STATS) 12067 int j; 12068 12069#endif 12070 12071 oldstream = stcb->asoc.strmout; 12072 /* get some more */ 12073 SCTP_MALLOC(stcb->asoc.strmout, struct sctp_stream_out *, 12074 (stcb->asoc.streamoutcnt + adding_o) * sizeof(struct sctp_stream_out), 12075 SCTP_M_STRMO); 12076 if (stcb->asoc.strmout == NULL) { 12077 uint8_t x; 12078 12079 stcb->asoc.strmout = oldstream; 12080 /* Turn off the bit */ 12081 x = add_stream & 0xfe; 12082 add_stream = x; 12083 goto skip_stuff; 12084 } 12085 /* 12086 * Ok now we proceed with copying the old out stuff and 12087 * initializing the new stuff. 12088 */ 12089 SCTP_TCB_SEND_LOCK(stcb); 12090 stcb->asoc.ss_functions.sctp_ss_clear(stcb, &stcb->asoc, 0, 1); 12091 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 12092 TAILQ_INIT(&stcb->asoc.strmout[i].outqueue); 12093 stcb->asoc.strmout[i].chunks_on_queues = oldstream[i].chunks_on_queues; 12094 stcb->asoc.strmout[i].next_sequence_send = oldstream[i].next_sequence_send; 12095 stcb->asoc.strmout[i].last_msg_incomplete = oldstream[i].last_msg_incomplete; 12096 stcb->asoc.strmout[i].stream_no = i; 12097 stcb->asoc.strmout[i].state = oldstream[i].state; 12098 stcb->asoc.ss_functions.sctp_ss_init_stream(&stcb->asoc.strmout[i], &oldstream[i]); 12099 /* now anything on those queues? */ 12100 TAILQ_FOREACH_SAFE(sp, &oldstream[i].outqueue, next, nsp) { 12101 TAILQ_REMOVE(&oldstream[i].outqueue, sp, next); 12102 TAILQ_INSERT_TAIL(&stcb->asoc.strmout[i].outqueue, sp, next); 12103 } 12104 /* Now move assoc pointers too */ 12105 if (stcb->asoc.last_out_stream == &oldstream[i]) { 12106 stcb->asoc.last_out_stream = &stcb->asoc.strmout[i]; 12107 } 12108 if (stcb->asoc.locked_on_sending == &oldstream[i]) { 12109 stcb->asoc.locked_on_sending = &stcb->asoc.strmout[i]; 12110 } 12111 } 12112 /* now the new streams */ 12113 stcb->asoc.ss_functions.sctp_ss_init(stcb, &stcb->asoc, 1); 12114 for (i = stcb->asoc.streamoutcnt; i < (stcb->asoc.streamoutcnt + adding_o); i++) { 12115 TAILQ_INIT(&stcb->asoc.strmout[i].outqueue); 12116 stcb->asoc.strmout[i].chunks_on_queues = 0; 12117#if defined(SCTP_DETAILED_STR_STATS) 12118 for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) { 12119 stcb->asoc.strmout[i].abandoned_sent[j] = 0; 12120 stcb->asoc.strmout[i].abandoned_unsent[j] = 0; 12121 } 12122#else 12123 stcb->asoc.strmout[i].abandoned_sent[0] = 0; 12124 stcb->asoc.strmout[i].abandoned_unsent[0] = 0; 12125#endif 12126 stcb->asoc.strmout[i].next_sequence_send = 0x0; 12127 stcb->asoc.strmout[i].stream_no = i; 12128 stcb->asoc.strmout[i].last_msg_incomplete = 0; 12129 stcb->asoc.ss_functions.sctp_ss_init_stream(&stcb->asoc.strmout[i], NULL); 12130 stcb->asoc.strmout[i].state = SCTP_STREAM_CLOSED; 12131 } 12132 stcb->asoc.strm_realoutsize = stcb->asoc.streamoutcnt + adding_o; 12133 SCTP_FREE(oldstream, SCTP_M_STRMO); 12134 SCTP_TCB_SEND_UNLOCK(stcb); 12135 } 12136skip_stuff: 12137 if ((add_stream & 1) && (adding_o > 0)) { 12138 asoc->strm_pending_add_size = adding_o; 12139 asoc->peer_req_out = peer_asked; 12140 sctp_add_an_out_stream(chk, seq, adding_o); 12141 seq++; 12142 asoc->stream_reset_outstanding++; 12143 } 12144 if ((add_stream & 2) && (adding_i > 0)) { 12145 sctp_add_an_in_stream(chk, seq, adding_i); 12146 seq++; 12147 asoc->stream_reset_outstanding++; 12148 } 12149 if (send_in_req) { 12150 sctp_add_stream_reset_in(chk, number_entries, list, seq); 12151 seq++; 12152 asoc->stream_reset_outstanding++; 12153 } 12154 if (send_tsn_req) { 12155 sctp_add_stream_reset_tsn(chk, seq); 12156 asoc->stream_reset_outstanding++; 12157 } 12158 asoc->str_reset = chk; 12159 /* insert the chunk for sending */ 12160 TAILQ_INSERT_TAIL(&asoc->control_send_queue, 12161 chk, 12162 sctp_next); 12163 asoc->ctrl_queue_cnt++; 12164 if (stcb->asoc.send_sack) { 12165 sctp_send_sack(stcb, SCTP_SO_LOCKED); 12166 } 12167 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo); 12168 return (0); 12169} 12170 12171void 12172sctp_send_abort(struct mbuf *m, int iphlen, struct sockaddr *src, struct sockaddr *dst, 12173 struct sctphdr *sh, uint32_t vtag, struct mbuf *cause, 12174 uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum, 12175 uint32_t vrf_id, uint16_t port) 12176{ 12177 /* Don't respond to an ABORT with an ABORT. */ 12178 if (sctp_is_there_an_abort_here(m, iphlen, &vtag)) { 12179 if (cause) 12180 sctp_m_freem(cause); 12181 return; 12182 } 12183 sctp_send_resp_msg(src, dst, sh, vtag, SCTP_ABORT_ASSOCIATION, cause, 12184 mflowtype, mflowid, fibnum, 12185 vrf_id, port); 12186 return; 12187} 12188 12189void 12190sctp_send_operr_to(struct sockaddr *src, struct sockaddr *dst, 12191 struct sctphdr *sh, uint32_t vtag, struct mbuf *cause, 12192 uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum, 12193 uint32_t vrf_id, uint16_t port) 12194{ 12195 sctp_send_resp_msg(src, dst, sh, vtag, SCTP_OPERATION_ERROR, cause, 12196 mflowtype, mflowid, fibnum, 12197 vrf_id, port); 12198 return; 12199} 12200 12201static struct mbuf * 12202sctp_copy_resume(struct uio *uio, 12203 int max_send_len, 12204 int user_marks_eor, 12205 int *error, 12206 uint32_t * sndout, 12207 struct mbuf **new_tail) 12208{ 12209 struct mbuf *m; 12210 12211 m = m_uiotombuf(uio, M_WAITOK, max_send_len, 0, 12212 (M_PKTHDR | (user_marks_eor ? M_EOR : 0))); 12213 if (m == NULL) { 12214 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS); 12215 *error = ENOBUFS; 12216 } else { 12217 *sndout = m_length(m, NULL); 12218 *new_tail = m_last(m); 12219 } 12220 return (m); 12221} 12222 12223static int 12224sctp_copy_one(struct sctp_stream_queue_pending *sp, 12225 struct uio *uio, 12226 int resv_upfront) 12227{ 12228 sp->data = m_uiotombuf(uio, M_WAITOK, sp->length, 12229 resv_upfront, 0); 12230 if (sp->data == NULL) { 12231 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS); 12232 return (ENOBUFS); 12233 } 12234 sp->tail_mbuf = m_last(sp->data); 12235 return (0); 12236} 12237 12238 12239 12240static struct sctp_stream_queue_pending * 12241sctp_copy_it_in(struct sctp_tcb *stcb, 12242 struct sctp_association *asoc, 12243 struct sctp_sndrcvinfo *srcv, 12244 struct uio *uio, 12245 struct sctp_nets *net, 12246 int max_send_len, 12247 int user_marks_eor, 12248 int *error) 12249{ 12250 /*- 12251 * This routine must be very careful in its work. Protocol 12252 * processing is up and running so care must be taken to spl...() 12253 * when you need to do something that may effect the stcb/asoc. The 12254 * sb is locked however. When data is copied the protocol processing 12255 * should be enabled since this is a slower operation... 12256 */ 12257 struct sctp_stream_queue_pending *sp = NULL; 12258 int resv_in_first; 12259 12260 *error = 0; 12261 /* Now can we send this? */ 12262 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 12263 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 12264 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 12265 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 12266 /* got data while shutting down */ 12267 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 12268 *error = ECONNRESET; 12269 goto out_now; 12270 } 12271 sctp_alloc_a_strmoq(stcb, sp); 12272 if (sp == NULL) { 12273 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 12274 *error = ENOMEM; 12275 goto out_now; 12276 } 12277 sp->act_flags = 0; 12278 sp->sender_all_done = 0; 12279 sp->sinfo_flags = srcv->sinfo_flags; 12280 sp->timetolive = srcv->sinfo_timetolive; 12281 sp->ppid = srcv->sinfo_ppid; 12282 sp->context = srcv->sinfo_context; 12283 (void)SCTP_GETTIME_TIMEVAL(&sp->ts); 12284 12285 sp->stream = srcv->sinfo_stream; 12286 sp->length = min(uio->uio_resid, max_send_len); 12287 if ((sp->length == (uint32_t) uio->uio_resid) && 12288 ((user_marks_eor == 0) || 12289 (srcv->sinfo_flags & SCTP_EOF) || 12290 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) { 12291 sp->msg_is_complete = 1; 12292 } else { 12293 sp->msg_is_complete = 0; 12294 } 12295 sp->sender_all_done = 0; 12296 sp->some_taken = 0; 12297 sp->put_last_out = 0; 12298 resv_in_first = sizeof(struct sctp_data_chunk); 12299 sp->data = sp->tail_mbuf = NULL; 12300 if (sp->length == 0) { 12301 *error = 0; 12302 goto skip_copy; 12303 } 12304 if (srcv->sinfo_keynumber_valid) { 12305 sp->auth_keyid = srcv->sinfo_keynumber; 12306 } else { 12307 sp->auth_keyid = stcb->asoc.authinfo.active_keyid; 12308 } 12309 if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) { 12310 sctp_auth_key_acquire(stcb, sp->auth_keyid); 12311 sp->holds_key_ref = 1; 12312 } 12313 *error = sctp_copy_one(sp, uio, resv_in_first); 12314skip_copy: 12315 if (*error) { 12316 sctp_free_a_strmoq(stcb, sp, SCTP_SO_LOCKED); 12317 sp = NULL; 12318 } else { 12319 if (sp->sinfo_flags & SCTP_ADDR_OVER) { 12320 sp->net = net; 12321 atomic_add_int(&sp->net->ref_count, 1); 12322 } else { 12323 sp->net = NULL; 12324 } 12325 sctp_set_prsctp_policy(sp); 12326 } 12327out_now: 12328 return (sp); 12329} 12330 12331 12332int 12333sctp_sosend(struct socket *so, 12334 struct sockaddr *addr, 12335 struct uio *uio, 12336 struct mbuf *top, 12337 struct mbuf *control, 12338 int flags, 12339 struct thread *p 12340) 12341{ 12342 int error, use_sndinfo = 0; 12343 struct sctp_sndrcvinfo sndrcvninfo; 12344 struct sockaddr *addr_to_use; 12345 12346#if defined(INET) && defined(INET6) 12347 struct sockaddr_in sin; 12348 12349#endif 12350 12351 if (control) { 12352 /* process cmsg snd/rcv info (maybe a assoc-id) */ 12353 if (sctp_find_cmsg(SCTP_SNDRCV, (void *)&sndrcvninfo, control, 12354 sizeof(sndrcvninfo))) { 12355 /* got one */ 12356 use_sndinfo = 1; 12357 } 12358 } 12359 addr_to_use = addr; 12360#if defined(INET) && defined(INET6) 12361 if ((addr) && (addr->sa_family == AF_INET6)) { 12362 struct sockaddr_in6 *sin6; 12363 12364 sin6 = (struct sockaddr_in6 *)addr; 12365 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 12366 in6_sin6_2_sin(&sin, sin6); 12367 addr_to_use = (struct sockaddr *)&sin; 12368 } 12369 } 12370#endif 12371 error = sctp_lower_sosend(so, addr_to_use, uio, top, 12372 control, 12373 flags, 12374 use_sndinfo ? &sndrcvninfo : NULL 12375 ,p 12376 ); 12377 return (error); 12378} 12379 12380 12381int 12382sctp_lower_sosend(struct socket *so, 12383 struct sockaddr *addr, 12384 struct uio *uio, 12385 struct mbuf *i_pak, 12386 struct mbuf *control, 12387 int flags, 12388 struct sctp_sndrcvinfo *srcv 12389 , 12390 struct thread *p 12391) 12392{ 12393 unsigned int sndlen = 0, max_len; 12394 int error, len; 12395 struct mbuf *top = NULL; 12396 int queue_only = 0, queue_only_for_init = 0; 12397 int free_cnt_applied = 0; 12398 int un_sent; 12399 int now_filled = 0; 12400 unsigned int inqueue_bytes = 0; 12401 struct sctp_block_entry be; 12402 struct sctp_inpcb *inp; 12403 struct sctp_tcb *stcb = NULL; 12404 struct timeval now; 12405 struct sctp_nets *net; 12406 struct sctp_association *asoc; 12407 struct sctp_inpcb *t_inp; 12408 int user_marks_eor; 12409 int create_lock_applied = 0; 12410 int nagle_applies = 0; 12411 int some_on_control = 0; 12412 int got_all_of_the_send = 0; 12413 int hold_tcblock = 0; 12414 int non_blocking = 0; 12415 uint32_t local_add_more, local_soresv = 0; 12416 uint16_t port; 12417 uint16_t sinfo_flags; 12418 sctp_assoc_t sinfo_assoc_id; 12419 12420 error = 0; 12421 net = NULL; 12422 stcb = NULL; 12423 asoc = NULL; 12424 12425 t_inp = inp = (struct sctp_inpcb *)so->so_pcb; 12426 if (inp == NULL) { 12427 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12428 error = EINVAL; 12429 if (i_pak) { 12430 SCTP_RELEASE_PKT(i_pak); 12431 } 12432 return (error); 12433 } 12434 if ((uio == NULL) && (i_pak == NULL)) { 12435 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12436 return (EINVAL); 12437 } 12438 user_marks_eor = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR); 12439 atomic_add_int(&inp->total_sends, 1); 12440 if (uio) { 12441 if (uio->uio_resid < 0) { 12442 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12443 return (EINVAL); 12444 } 12445 sndlen = uio->uio_resid; 12446 } else { 12447 top = SCTP_HEADER_TO_CHAIN(i_pak); 12448 sndlen = SCTP_HEADER_LEN(i_pak); 12449 } 12450 SCTPDBG(SCTP_DEBUG_OUTPUT1, "Send called addr:%p send length %d\n", 12451 (void *)addr, 12452 sndlen); 12453 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 12454 (inp->sctp_socket->so_qlimit)) { 12455 /* The listener can NOT send */ 12456 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12457 error = ENOTCONN; 12458 goto out_unlocked; 12459 } 12460 /** 12461 * Pre-screen address, if one is given the sin-len 12462 * must be set correctly! 12463 */ 12464 if (addr) { 12465 union sctp_sockstore *raddr = (union sctp_sockstore *)addr; 12466 12467 switch (raddr->sa.sa_family) { 12468#ifdef INET 12469 case AF_INET: 12470 if (raddr->sin.sin_len != sizeof(struct sockaddr_in)) { 12471 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12472 error = EINVAL; 12473 goto out_unlocked; 12474 } 12475 port = raddr->sin.sin_port; 12476 break; 12477#endif 12478#ifdef INET6 12479 case AF_INET6: 12480 if (raddr->sin6.sin6_len != sizeof(struct sockaddr_in6)) { 12481 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12482 error = EINVAL; 12483 goto out_unlocked; 12484 } 12485 port = raddr->sin6.sin6_port; 12486 break; 12487#endif 12488 default: 12489 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EAFNOSUPPORT); 12490 error = EAFNOSUPPORT; 12491 goto out_unlocked; 12492 } 12493 } else 12494 port = 0; 12495 12496 if (srcv) { 12497 sinfo_flags = srcv->sinfo_flags; 12498 sinfo_assoc_id = srcv->sinfo_assoc_id; 12499 if (INVALID_SINFO_FLAG(sinfo_flags) || 12500 PR_SCTP_INVALID_POLICY(sinfo_flags)) { 12501 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12502 error = EINVAL; 12503 goto out_unlocked; 12504 } 12505 if (srcv->sinfo_flags) 12506 SCTP_STAT_INCR(sctps_sends_with_flags); 12507 } else { 12508 sinfo_flags = inp->def_send.sinfo_flags; 12509 sinfo_assoc_id = inp->def_send.sinfo_assoc_id; 12510 } 12511 if (sinfo_flags & SCTP_SENDALL) { 12512 /* its a sendall */ 12513 error = sctp_sendall(inp, uio, top, srcv); 12514 top = NULL; 12515 goto out_unlocked; 12516 } 12517 if ((sinfo_flags & SCTP_ADDR_OVER) && (addr == NULL)) { 12518 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12519 error = EINVAL; 12520 goto out_unlocked; 12521 } 12522 /* now we must find the assoc */ 12523 if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) || 12524 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 12525 SCTP_INP_RLOCK(inp); 12526 stcb = LIST_FIRST(&inp->sctp_asoc_list); 12527 if (stcb) { 12528 SCTP_TCB_LOCK(stcb); 12529 hold_tcblock = 1; 12530 } 12531 SCTP_INP_RUNLOCK(inp); 12532 } else if (sinfo_assoc_id) { 12533 stcb = sctp_findassociation_ep_asocid(inp, sinfo_assoc_id, 0); 12534 } else if (addr) { 12535 /*- 12536 * Since we did not use findep we must 12537 * increment it, and if we don't find a tcb 12538 * decrement it. 12539 */ 12540 SCTP_INP_WLOCK(inp); 12541 SCTP_INP_INCR_REF(inp); 12542 SCTP_INP_WUNLOCK(inp); 12543 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 12544 if (stcb == NULL) { 12545 SCTP_INP_WLOCK(inp); 12546 SCTP_INP_DECR_REF(inp); 12547 SCTP_INP_WUNLOCK(inp); 12548 } else { 12549 hold_tcblock = 1; 12550 } 12551 } 12552 if ((stcb == NULL) && (addr)) { 12553 /* Possible implicit send? */ 12554 SCTP_ASOC_CREATE_LOCK(inp); 12555 create_lock_applied = 1; 12556 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 12557 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 12558 /* Should I really unlock ? */ 12559 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12560 error = EINVAL; 12561 goto out_unlocked; 12562 12563 } 12564 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) && 12565 (addr->sa_family == AF_INET6)) { 12566 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12567 error = EINVAL; 12568 goto out_unlocked; 12569 } 12570 SCTP_INP_WLOCK(inp); 12571 SCTP_INP_INCR_REF(inp); 12572 SCTP_INP_WUNLOCK(inp); 12573 /* With the lock applied look again */ 12574 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 12575 if ((stcb == NULL) && (control != NULL) && (port > 0)) { 12576 stcb = sctp_findassociation_cmsgs(&t_inp, port, control, &net, &error); 12577 } 12578 if (stcb == NULL) { 12579 SCTP_INP_WLOCK(inp); 12580 SCTP_INP_DECR_REF(inp); 12581 SCTP_INP_WUNLOCK(inp); 12582 } else { 12583 hold_tcblock = 1; 12584 } 12585 if (error) { 12586 goto out_unlocked; 12587 } 12588 if (t_inp != inp) { 12589 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOTCONN); 12590 error = ENOTCONN; 12591 goto out_unlocked; 12592 } 12593 } 12594 if (stcb == NULL) { 12595 if (addr == NULL) { 12596 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT); 12597 error = ENOENT; 12598 goto out_unlocked; 12599 } else { 12600 /* We must go ahead and start the INIT process */ 12601 uint32_t vrf_id; 12602 12603 if ((sinfo_flags & SCTP_ABORT) || 12604 ((sinfo_flags & SCTP_EOF) && (sndlen == 0))) { 12605 /*- 12606 * User asks to abort a non-existant assoc, 12607 * or EOF a non-existant assoc with no data 12608 */ 12609 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOENT); 12610 error = ENOENT; 12611 goto out_unlocked; 12612 } 12613 /* get an asoc/stcb struct */ 12614 vrf_id = inp->def_vrf_id; 12615#ifdef INVARIANTS 12616 if (create_lock_applied == 0) { 12617 panic("Error, should hold create lock and I don't?"); 12618 } 12619#endif 12620 stcb = sctp_aloc_assoc(inp, addr, &error, 0, vrf_id, 12621 inp->sctp_ep.pre_open_stream_count, 12622 p 12623 ); 12624 if (stcb == NULL) { 12625 /* Error is setup for us in the call */ 12626 goto out_unlocked; 12627 } 12628 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) { 12629 stcb->sctp_ep->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED; 12630 /* 12631 * Set the connected flag so we can queue 12632 * data 12633 */ 12634 soisconnecting(so); 12635 } 12636 hold_tcblock = 1; 12637 if (create_lock_applied) { 12638 SCTP_ASOC_CREATE_UNLOCK(inp); 12639 create_lock_applied = 0; 12640 } else { 12641 SCTP_PRINTF("Huh-3? create lock should have been on??\n"); 12642 } 12643 /* 12644 * Turn on queue only flag to prevent data from 12645 * being sent 12646 */ 12647 queue_only = 1; 12648 asoc = &stcb->asoc; 12649 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT); 12650 (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered); 12651 12652 /* initialize authentication params for the assoc */ 12653 sctp_initialize_auth_params(inp, stcb); 12654 12655 if (control) { 12656 if (sctp_process_cmsgs_for_init(stcb, control, &error)) { 12657 sctp_free_assoc(inp, stcb, SCTP_PCBFREE_FORCE, 12658 SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_5); 12659 hold_tcblock = 0; 12660 stcb = NULL; 12661 goto out_unlocked; 12662 } 12663 } 12664 /* out with the INIT */ 12665 queue_only_for_init = 1; 12666 /*- 12667 * we may want to dig in after this call and adjust the MTU 12668 * value. It defaulted to 1500 (constant) but the ro 12669 * structure may now have an update and thus we may need to 12670 * change it BEFORE we append the message. 12671 */ 12672 } 12673 } else 12674 asoc = &stcb->asoc; 12675 if (srcv == NULL) 12676 srcv = (struct sctp_sndrcvinfo *)&asoc->def_send; 12677 if (srcv->sinfo_flags & SCTP_ADDR_OVER) { 12678 if (addr) 12679 net = sctp_findnet(stcb, addr); 12680 else 12681 net = NULL; 12682 if ((net == NULL) || 12683 ((port != 0) && (port != stcb->rport))) { 12684 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12685 error = EINVAL; 12686 goto out_unlocked; 12687 } 12688 } else { 12689 if (stcb->asoc.alternate) { 12690 net = stcb->asoc.alternate; 12691 } else { 12692 net = stcb->asoc.primary_destination; 12693 } 12694 } 12695 atomic_add_int(&stcb->total_sends, 1); 12696 /* Keep the stcb from being freed under our feet */ 12697 atomic_add_int(&asoc->refcnt, 1); 12698 free_cnt_applied = 1; 12699 12700 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NO_FRAGMENT)) { 12701 if (sndlen > asoc->smallest_mtu) { 12702 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 12703 error = EMSGSIZE; 12704 goto out_unlocked; 12705 } 12706 } 12707 if (SCTP_SO_IS_NBIO(so) 12708 || (flags & MSG_NBIO) 12709 ) { 12710 non_blocking = 1; 12711 } 12712 /* would we block? */ 12713 if (non_blocking) { 12714 if (hold_tcblock == 0) { 12715 SCTP_TCB_LOCK(stcb); 12716 hold_tcblock = 1; 12717 } 12718 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12719 if ((SCTP_SB_LIMIT_SND(so) < (sndlen + inqueue_bytes + stcb->asoc.sb_send_resv)) || 12720 (stcb->asoc.chunks_on_out_queue >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 12721 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EWOULDBLOCK); 12722 if (sndlen > SCTP_SB_LIMIT_SND(so)) 12723 error = EMSGSIZE; 12724 else 12725 error = EWOULDBLOCK; 12726 goto out_unlocked; 12727 } 12728 stcb->asoc.sb_send_resv += sndlen; 12729 SCTP_TCB_UNLOCK(stcb); 12730 hold_tcblock = 0; 12731 } else { 12732 atomic_add_int(&stcb->asoc.sb_send_resv, sndlen); 12733 } 12734 local_soresv = sndlen; 12735 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12736 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 12737 error = ECONNRESET; 12738 goto out_unlocked; 12739 } 12740 if (create_lock_applied) { 12741 SCTP_ASOC_CREATE_UNLOCK(inp); 12742 create_lock_applied = 0; 12743 } 12744 /* Is the stream no. valid? */ 12745 if (srcv->sinfo_stream >= asoc->streamoutcnt) { 12746 /* Invalid stream number */ 12747 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12748 error = EINVAL; 12749 goto out_unlocked; 12750 } 12751 if ((asoc->strmout[srcv->sinfo_stream].state != SCTP_STREAM_OPEN) && 12752 (asoc->strmout[srcv->sinfo_stream].state != SCTP_STREAM_OPENING)) { 12753 /* 12754 * Can't queue any data while stream reset is underway. 12755 */ 12756 if (asoc->strmout[srcv->sinfo_stream].state > SCTP_STREAM_OPEN) { 12757 error = EAGAIN; 12758 } else { 12759 error = EINVAL; 12760 } 12761 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, error); 12762 goto out_unlocked; 12763 } 12764 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 12765 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 12766 queue_only = 1; 12767 } 12768 /* we are now done with all control */ 12769 if (control) { 12770 sctp_m_freem(control); 12771 control = NULL; 12772 } 12773 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 12774 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 12775 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 12776 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 12777 if (srcv->sinfo_flags & SCTP_ABORT) { 12778 ; 12779 } else { 12780 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 12781 error = ECONNRESET; 12782 goto out_unlocked; 12783 } 12784 } 12785 /* Ok, we will attempt a msgsnd :> */ 12786 if (p) { 12787 p->td_ru.ru_msgsnd++; 12788 } 12789 /* Are we aborting? */ 12790 if (srcv->sinfo_flags & SCTP_ABORT) { 12791 struct mbuf *mm; 12792 int tot_demand, tot_out = 0, max_out; 12793 12794 SCTP_STAT_INCR(sctps_sends_with_abort); 12795 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 12796 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 12797 /* It has to be up before we abort */ 12798 /* how big is the user initiated abort? */ 12799 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12800 error = EINVAL; 12801 goto out; 12802 } 12803 if (hold_tcblock) { 12804 SCTP_TCB_UNLOCK(stcb); 12805 hold_tcblock = 0; 12806 } 12807 if (top) { 12808 struct mbuf *cntm = NULL; 12809 12810 mm = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), 0, M_WAITOK, 1, MT_DATA); 12811 if (sndlen != 0) { 12812 for (cntm = top; cntm; cntm = SCTP_BUF_NEXT(cntm)) { 12813 tot_out += SCTP_BUF_LEN(cntm); 12814 } 12815 } 12816 } else { 12817 /* Must fit in a MTU */ 12818 tot_out = sndlen; 12819 tot_demand = (tot_out + sizeof(struct sctp_paramhdr)); 12820 if (tot_demand > SCTP_DEFAULT_ADD_MORE) { 12821 /* To big */ 12822 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 12823 error = EMSGSIZE; 12824 goto out; 12825 } 12826 mm = sctp_get_mbuf_for_msg(tot_demand, 0, M_WAITOK, 1, MT_DATA); 12827 } 12828 if (mm == NULL) { 12829 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM); 12830 error = ENOMEM; 12831 goto out; 12832 } 12833 max_out = asoc->smallest_mtu - sizeof(struct sctp_paramhdr); 12834 max_out -= sizeof(struct sctp_abort_msg); 12835 if (tot_out > max_out) { 12836 tot_out = max_out; 12837 } 12838 if (mm) { 12839 struct sctp_paramhdr *ph; 12840 12841 /* now move forward the data pointer */ 12842 ph = mtod(mm, struct sctp_paramhdr *); 12843 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 12844 ph->param_length = htons(sizeof(struct sctp_paramhdr) + tot_out); 12845 ph++; 12846 SCTP_BUF_LEN(mm) = tot_out + sizeof(struct sctp_paramhdr); 12847 if (top == NULL) { 12848 error = uiomove((caddr_t)ph, (int)tot_out, uio); 12849 if (error) { 12850 /*- 12851 * Here if we can't get his data we 12852 * still abort we just don't get to 12853 * send the users note :-0 12854 */ 12855 sctp_m_freem(mm); 12856 mm = NULL; 12857 } 12858 } else { 12859 if (sndlen != 0) { 12860 SCTP_BUF_NEXT(mm) = top; 12861 } 12862 } 12863 } 12864 if (hold_tcblock == 0) { 12865 SCTP_TCB_LOCK(stcb); 12866 } 12867 atomic_add_int(&stcb->asoc.refcnt, -1); 12868 free_cnt_applied = 0; 12869 /* release this lock, otherwise we hang on ourselves */ 12870 sctp_abort_an_association(stcb->sctp_ep, stcb, mm, SCTP_SO_LOCKED); 12871 /* now relock the stcb so everything is sane */ 12872 hold_tcblock = 0; 12873 stcb = NULL; 12874 /* 12875 * In this case top is already chained to mm avoid double 12876 * free, since we free it below if top != NULL and driver 12877 * would free it after sending the packet out 12878 */ 12879 if (sndlen != 0) { 12880 top = NULL; 12881 } 12882 goto out_unlocked; 12883 } 12884 /* Calculate the maximum we can send */ 12885 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12886 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) { 12887 if (non_blocking) { 12888 /* we already checked for non-blocking above. */ 12889 max_len = sndlen; 12890 } else { 12891 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 12892 } 12893 } else { 12894 max_len = 0; 12895 } 12896 if (hold_tcblock) { 12897 SCTP_TCB_UNLOCK(stcb); 12898 hold_tcblock = 0; 12899 } 12900 if (asoc->strmout == NULL) { 12901 /* huh? software error */ 12902 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT); 12903 error = EFAULT; 12904 goto out_unlocked; 12905 } 12906 /* Unless E_EOR mode is on, we must make a send FIT in one call. */ 12907 if ((user_marks_eor == 0) && 12908 (sndlen > SCTP_SB_LIMIT_SND(stcb->sctp_socket))) { 12909 /* It will NEVER fit */ 12910 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); 12911 error = EMSGSIZE; 12912 goto out_unlocked; 12913 } 12914 if ((uio == NULL) && user_marks_eor) { 12915 /*- 12916 * We do not support eeor mode for 12917 * sending with mbuf chains (like sendfile). 12918 */ 12919 SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 12920 error = EINVAL; 12921 goto out_unlocked; 12922 } 12923 if (user_marks_eor) { 12924 local_add_more = min(SCTP_SB_LIMIT_SND(so), SCTP_BASE_SYSCTL(sctp_add_more_threshold)); 12925 } else { 12926 /*- 12927 * For non-eeor the whole message must fit in 12928 * the socket send buffer. 12929 */ 12930 local_add_more = sndlen; 12931 } 12932 len = 0; 12933 if (non_blocking) { 12934 goto skip_preblock; 12935 } 12936 if (((max_len <= local_add_more) && 12937 (SCTP_SB_LIMIT_SND(so) >= local_add_more)) || 12938 (max_len == 0) || 12939 ((stcb->asoc.chunks_on_out_queue + stcb->asoc.stream_queue_cnt) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 12940 /* No room right now ! */ 12941 SOCKBUF_LOCK(&so->so_snd); 12942 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12943 while ((SCTP_SB_LIMIT_SND(so) < (inqueue_bytes + local_add_more)) || 12944 ((stcb->asoc.stream_queue_cnt + stcb->asoc.chunks_on_out_queue) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { 12945 SCTPDBG(SCTP_DEBUG_OUTPUT1, "pre_block limit:%u <(inq:%d + %d) || (%d+%d > %d)\n", 12946 (unsigned int)SCTP_SB_LIMIT_SND(so), 12947 inqueue_bytes, 12948 local_add_more, 12949 stcb->asoc.stream_queue_cnt, 12950 stcb->asoc.chunks_on_out_queue, 12951 SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)); 12952 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 12953 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLKA, asoc, sndlen); 12954 } 12955 be.error = 0; 12956 stcb->block_entry = &be; 12957 error = sbwait(&so->so_snd); 12958 stcb->block_entry = NULL; 12959 if (error || so->so_error || be.error) { 12960 if (error == 0) { 12961 if (so->so_error) 12962 error = so->so_error; 12963 if (be.error) { 12964 error = be.error; 12965 } 12966 } 12967 SOCKBUF_UNLOCK(&so->so_snd); 12968 goto out_unlocked; 12969 } 12970 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 12971 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, 12972 asoc, stcb->asoc.total_output_queue_size); 12973 } 12974 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12975 goto out_unlocked; 12976 } 12977 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 12978 } 12979 if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) { 12980 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 12981 } else { 12982 max_len = 0; 12983 } 12984 SOCKBUF_UNLOCK(&so->so_snd); 12985 } 12986skip_preblock: 12987 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 12988 goto out_unlocked; 12989 } 12990 /* 12991 * sndlen covers for mbuf case uio_resid covers for the non-mbuf 12992 * case NOTE: uio will be null when top/mbuf is passed 12993 */ 12994 if (sndlen == 0) { 12995 if (srcv->sinfo_flags & SCTP_EOF) { 12996 got_all_of_the_send = 1; 12997 goto dataless_eof; 12998 } else { 12999 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13000 error = EINVAL; 13001 goto out; 13002 } 13003 } 13004 if (top == NULL) { 13005 struct sctp_stream_queue_pending *sp; 13006 struct sctp_stream_out *strm; 13007 uint32_t sndout; 13008 13009 SCTP_TCB_SEND_LOCK(stcb); 13010 if ((asoc->stream_locked) && 13011 (asoc->stream_locked_on != srcv->sinfo_stream)) { 13012 SCTP_TCB_SEND_UNLOCK(stcb); 13013 SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); 13014 error = EINVAL; 13015 goto out; 13016 } 13017 SCTP_TCB_SEND_UNLOCK(stcb); 13018 13019 strm = &stcb->asoc.strmout[srcv->sinfo_stream]; 13020 if (strm->last_msg_incomplete == 0) { 13021 do_a_copy_in: 13022 sp = sctp_copy_it_in(stcb, asoc, srcv, uio, net, max_len, user_marks_eor, &error); 13023 if ((sp == NULL) || (error)) { 13024 goto out; 13025 } 13026 SCTP_TCB_SEND_LOCK(stcb); 13027 if (sp->msg_is_complete) { 13028 strm->last_msg_incomplete = 0; 13029 asoc->stream_locked = 0; 13030 } else { 13031 /* 13032 * Just got locked to this guy in case of an 13033 * interrupt. 13034 */ 13035 strm->last_msg_incomplete = 1; 13036 asoc->stream_locked = 1; 13037 asoc->stream_locked_on = srcv->sinfo_stream; 13038 sp->sender_all_done = 0; 13039 } 13040 sctp_snd_sb_alloc(stcb, sp->length); 13041 atomic_add_int(&asoc->stream_queue_cnt, 1); 13042 if (srcv->sinfo_flags & SCTP_UNORDERED) { 13043 SCTP_STAT_INCR(sctps_sends_with_unord); 13044 } 13045 TAILQ_INSERT_TAIL(&strm->outqueue, sp, next); 13046 stcb->asoc.ss_functions.sctp_ss_add_to_stream(stcb, asoc, strm, sp, 1); 13047 SCTP_TCB_SEND_UNLOCK(stcb); 13048 } else { 13049 SCTP_TCB_SEND_LOCK(stcb); 13050 sp = TAILQ_LAST(&strm->outqueue, sctp_streamhead); 13051 SCTP_TCB_SEND_UNLOCK(stcb); 13052 if (sp == NULL) { 13053 /* ???? Huh ??? last msg is gone */ 13054#ifdef INVARIANTS 13055 panic("Warning: Last msg marked incomplete, yet nothing left?"); 13056#else 13057 SCTP_PRINTF("Warning: Last msg marked incomplete, yet nothing left?\n"); 13058 strm->last_msg_incomplete = 0; 13059#endif 13060 goto do_a_copy_in; 13061 13062 } 13063 } 13064 while (uio->uio_resid > 0) { 13065 /* How much room do we have? */ 13066 struct mbuf *new_tail, *mm; 13067 13068 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) 13069 max_len = SCTP_SB_LIMIT_SND(so) - stcb->asoc.total_output_queue_size; 13070 else 13071 max_len = 0; 13072 13073 if ((max_len > SCTP_BASE_SYSCTL(sctp_add_more_threshold)) || 13074 (max_len && (SCTP_SB_LIMIT_SND(so) < SCTP_BASE_SYSCTL(sctp_add_more_threshold))) || 13075 (uio->uio_resid && (uio->uio_resid <= (int)max_len))) { 13076 sndout = 0; 13077 new_tail = NULL; 13078 if (hold_tcblock) { 13079 SCTP_TCB_UNLOCK(stcb); 13080 hold_tcblock = 0; 13081 } 13082 mm = sctp_copy_resume(uio, max_len, user_marks_eor, &error, &sndout, &new_tail); 13083 if ((mm == NULL) || error) { 13084 if (mm) { 13085 sctp_m_freem(mm); 13086 } 13087 goto out; 13088 } 13089 /* Update the mbuf and count */ 13090 SCTP_TCB_SEND_LOCK(stcb); 13091 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 13092 /* 13093 * we need to get out. Peer probably 13094 * aborted. 13095 */ 13096 sctp_m_freem(mm); 13097 if (stcb->asoc.state & SCTP_PCB_FLAGS_WAS_ABORTED) { 13098 SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET); 13099 error = ECONNRESET; 13100 } 13101 SCTP_TCB_SEND_UNLOCK(stcb); 13102 goto out; 13103 } 13104 if (sp->tail_mbuf) { 13105 /* tack it to the end */ 13106 SCTP_BUF_NEXT(sp->tail_mbuf) = mm; 13107 sp->tail_mbuf = new_tail; 13108 } else { 13109 /* A stolen mbuf */ 13110 sp->data = mm; 13111 sp->tail_mbuf = new_tail; 13112 } 13113 sctp_snd_sb_alloc(stcb, sndout); 13114 atomic_add_int(&sp->length, sndout); 13115 len += sndout; 13116 13117 /* Did we reach EOR? */ 13118 if ((uio->uio_resid == 0) && 13119 ((user_marks_eor == 0) || 13120 (srcv->sinfo_flags & SCTP_EOF) || 13121 (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) { 13122 sp->msg_is_complete = 1; 13123 } else { 13124 sp->msg_is_complete = 0; 13125 } 13126 SCTP_TCB_SEND_UNLOCK(stcb); 13127 } 13128 if (uio->uio_resid == 0) { 13129 /* got it all? */ 13130 continue; 13131 } 13132 /* PR-SCTP? */ 13133 if ((asoc->prsctp_supported) && (asoc->sent_queue_cnt_removeable > 0)) { 13134 /* 13135 * This is ugly but we must assure locking 13136 * order 13137 */ 13138 if (hold_tcblock == 0) { 13139 SCTP_TCB_LOCK(stcb); 13140 hold_tcblock = 1; 13141 } 13142 sctp_prune_prsctp(stcb, asoc, srcv, sndlen); 13143 inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); 13144 if (SCTP_SB_LIMIT_SND(so) > stcb->asoc.total_output_queue_size) 13145 max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes; 13146 else 13147 max_len = 0; 13148 if (max_len > 0) { 13149 continue; 13150 } 13151 SCTP_TCB_UNLOCK(stcb); 13152 hold_tcblock = 0; 13153 } 13154 /* wait for space now */ 13155 if (non_blocking) { 13156 /* Non-blocking io in place out */ 13157 goto skip_out_eof; 13158 } 13159 /* What about the INIT, send it maybe */ 13160 if (queue_only_for_init) { 13161 if (hold_tcblock == 0) { 13162 SCTP_TCB_LOCK(stcb); 13163 hold_tcblock = 1; 13164 } 13165 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) { 13166 /* a collision took us forward? */ 13167 queue_only = 0; 13168 } else { 13169 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED); 13170 SCTP_SET_STATE(asoc, SCTP_STATE_COOKIE_WAIT); 13171 queue_only = 1; 13172 } 13173 } 13174 if ((net->flight_size > net->cwnd) && 13175 (asoc->sctp_cmt_on_off == 0)) { 13176 SCTP_STAT_INCR(sctps_send_cwnd_avoid); 13177 queue_only = 1; 13178 } else if (asoc->ifp_had_enobuf) { 13179 SCTP_STAT_INCR(sctps_ifnomemqueued); 13180 if (net->flight_size > (2 * net->mtu)) { 13181 queue_only = 1; 13182 } 13183 asoc->ifp_had_enobuf = 0; 13184 } 13185 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 13186 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 13187 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 13188 (stcb->asoc.total_flight > 0) && 13189 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) && 13190 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) { 13191 13192 /*- 13193 * Ok, Nagle is set on and we have data outstanding. 13194 * Don't send anything and let SACKs drive out the 13195 * data unless we have a "full" segment to send. 13196 */ 13197 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13198 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED); 13199 } 13200 SCTP_STAT_INCR(sctps_naglequeued); 13201 nagle_applies = 1; 13202 } else { 13203 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13204 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) 13205 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED); 13206 } 13207 SCTP_STAT_INCR(sctps_naglesent); 13208 nagle_applies = 0; 13209 } 13210 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13211 13212 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, queue_only_for_init, queue_only, 13213 nagle_applies, un_sent); 13214 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, stcb->asoc.total_output_queue_size, 13215 stcb->asoc.total_flight, 13216 stcb->asoc.chunks_on_out_queue, stcb->asoc.total_flight_count); 13217 } 13218 if (queue_only_for_init) 13219 queue_only_for_init = 0; 13220 if ((queue_only == 0) && (nagle_applies == 0)) { 13221 /*- 13222 * need to start chunk output 13223 * before blocking.. note that if 13224 * a lock is already applied, then 13225 * the input via the net is happening 13226 * and I don't need to start output :-D 13227 */ 13228 if (hold_tcblock == 0) { 13229 if (SCTP_TCB_TRYLOCK(stcb)) { 13230 hold_tcblock = 1; 13231 sctp_chunk_output(inp, 13232 stcb, 13233 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13234 } 13235 } else { 13236 sctp_chunk_output(inp, 13237 stcb, 13238 SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13239 } 13240 if (hold_tcblock == 1) { 13241 SCTP_TCB_UNLOCK(stcb); 13242 hold_tcblock = 0; 13243 } 13244 } 13245 SOCKBUF_LOCK(&so->so_snd); 13246 /*- 13247 * This is a bit strange, but I think it will 13248 * work. The total_output_queue_size is locked and 13249 * protected by the TCB_LOCK, which we just released. 13250 * There is a race that can occur between releasing it 13251 * above, and me getting the socket lock, where sacks 13252 * come in but we have not put the SB_WAIT on the 13253 * so_snd buffer to get the wakeup. After the LOCK 13254 * is applied the sack_processing will also need to 13255 * LOCK the so->so_snd to do the actual sowwakeup(). So 13256 * once we have the socket buffer lock if we recheck the 13257 * size we KNOW we will get to sleep safely with the 13258 * wakeup flag in place. 13259 */ 13260 if (SCTP_SB_LIMIT_SND(so) <= (stcb->asoc.total_output_queue_size + 13261 min(SCTP_BASE_SYSCTL(sctp_add_more_threshold), SCTP_SB_LIMIT_SND(so)))) { 13262 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13263 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK, 13264 asoc, uio->uio_resid); 13265 } 13266 be.error = 0; 13267 stcb->block_entry = &be; 13268 error = sbwait(&so->so_snd); 13269 stcb->block_entry = NULL; 13270 13271 if (error || so->so_error || be.error) { 13272 if (error == 0) { 13273 if (so->so_error) 13274 error = so->so_error; 13275 if (be.error) { 13276 error = be.error; 13277 } 13278 } 13279 SOCKBUF_UNLOCK(&so->so_snd); 13280 goto out_unlocked; 13281 } 13282 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13283 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, 13284 asoc, stcb->asoc.total_output_queue_size); 13285 } 13286 } 13287 SOCKBUF_UNLOCK(&so->so_snd); 13288 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 13289 goto out_unlocked; 13290 } 13291 } 13292 SCTP_TCB_SEND_LOCK(stcb); 13293 if (sp) { 13294 if (sp->msg_is_complete == 0) { 13295 strm->last_msg_incomplete = 1; 13296 asoc->stream_locked = 1; 13297 asoc->stream_locked_on = srcv->sinfo_stream; 13298 } else { 13299 sp->sender_all_done = 1; 13300 strm->last_msg_incomplete = 0; 13301 asoc->stream_locked = 0; 13302 } 13303 } else { 13304 SCTP_PRINTF("Huh no sp TSNH?\n"); 13305 strm->last_msg_incomplete = 0; 13306 asoc->stream_locked = 0; 13307 } 13308 SCTP_TCB_SEND_UNLOCK(stcb); 13309 if (uio->uio_resid == 0) { 13310 got_all_of_the_send = 1; 13311 } 13312 } else { 13313 /* We send in a 0, since we do NOT have any locks */ 13314 error = sctp_msg_append(stcb, net, top, srcv, 0); 13315 top = NULL; 13316 if (srcv->sinfo_flags & SCTP_EOF) { 13317 /* 13318 * This should only happen for Panda for the mbuf 13319 * send case, which does NOT yet support EEOR mode. 13320 * Thus, we can just set this flag to do the proper 13321 * EOF handling. 13322 */ 13323 got_all_of_the_send = 1; 13324 } 13325 } 13326 if (error) { 13327 goto out; 13328 } 13329dataless_eof: 13330 /* EOF thing ? */ 13331 if ((srcv->sinfo_flags & SCTP_EOF) && 13332 (got_all_of_the_send == 1)) { 13333 int cnt; 13334 13335 SCTP_STAT_INCR(sctps_sends_with_eof); 13336 error = 0; 13337 if (hold_tcblock == 0) { 13338 SCTP_TCB_LOCK(stcb); 13339 hold_tcblock = 1; 13340 } 13341 cnt = sctp_is_there_unsent_data(stcb, SCTP_SO_LOCKED); 13342 if (TAILQ_EMPTY(&asoc->send_queue) && 13343 TAILQ_EMPTY(&asoc->sent_queue) && 13344 (cnt == 0)) { 13345 if (asoc->locked_on_sending) { 13346 goto abort_anyway; 13347 } 13348 /* there is nothing queued to send, so I'm done... */ 13349 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 13350 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 13351 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 13352 struct sctp_nets *netp; 13353 13354 /* only send SHUTDOWN the first time through */ 13355 if (SCTP_GET_STATE(asoc) == SCTP_STATE_OPEN) { 13356 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 13357 } 13358 SCTP_SET_STATE(asoc, SCTP_STATE_SHUTDOWN_SENT); 13359 SCTP_CLEAR_SUBSTATE(asoc, SCTP_STATE_SHUTDOWN_PENDING); 13360 sctp_stop_timers_for_shutdown(stcb); 13361 if (stcb->asoc.alternate) { 13362 netp = stcb->asoc.alternate; 13363 } else { 13364 netp = stcb->asoc.primary_destination; 13365 } 13366 sctp_send_shutdown(stcb, netp); 13367 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 13368 netp); 13369 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 13370 asoc->primary_destination); 13371 } 13372 } else { 13373 /*- 13374 * we still got (or just got) data to send, so set 13375 * SHUTDOWN_PENDING 13376 */ 13377 /*- 13378 * XXX sockets draft says that SCTP_EOF should be 13379 * sent with no data. currently, we will allow user 13380 * data to be sent first and move to 13381 * SHUTDOWN-PENDING 13382 */ 13383 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 13384 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_RECEIVED) && 13385 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 13386 if (hold_tcblock == 0) { 13387 SCTP_TCB_LOCK(stcb); 13388 hold_tcblock = 1; 13389 } 13390 if (asoc->locked_on_sending) { 13391 /* Locked to send out the data */ 13392 struct sctp_stream_queue_pending *sp; 13393 13394 sp = TAILQ_LAST(&asoc->locked_on_sending->outqueue, sctp_streamhead); 13395 if (sp) { 13396 if ((sp->length == 0) && (sp->msg_is_complete == 0)) 13397 asoc->state |= SCTP_STATE_PARTIAL_MSG_LEFT; 13398 } 13399 } 13400 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 13401 if (TAILQ_EMPTY(&asoc->send_queue) && 13402 TAILQ_EMPTY(&asoc->sent_queue) && 13403 (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 13404 struct mbuf *op_err; 13405 char msg[SCTP_DIAG_INFO_LEN]; 13406 13407 abort_anyway: 13408 if (free_cnt_applied) { 13409 atomic_add_int(&stcb->asoc.refcnt, -1); 13410 free_cnt_applied = 0; 13411 } 13412 snprintf(msg, sizeof(msg), 13413 "%s:%d at %s", __FILE__, __LINE__, __func__); 13414 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 13415 msg); 13416 sctp_abort_an_association(stcb->sctp_ep, stcb, 13417 op_err, SCTP_SO_LOCKED); 13418 /* 13419 * now relock the stcb so everything 13420 * is sane 13421 */ 13422 hold_tcblock = 0; 13423 stcb = NULL; 13424 goto out; 13425 } 13426 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 13427 asoc->primary_destination); 13428 sctp_feature_off(inp, SCTP_PCB_FLAGS_NODELAY); 13429 } 13430 } 13431 } 13432skip_out_eof: 13433 if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue)) { 13434 some_on_control = 1; 13435 } 13436 if (queue_only_for_init) { 13437 if (hold_tcblock == 0) { 13438 SCTP_TCB_LOCK(stcb); 13439 hold_tcblock = 1; 13440 } 13441 if (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) { 13442 /* a collision took us forward? */ 13443 queue_only = 0; 13444 } else { 13445 sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED); 13446 SCTP_SET_STATE(&stcb->asoc, SCTP_STATE_COOKIE_WAIT); 13447 queue_only = 1; 13448 } 13449 } 13450 if ((net->flight_size > net->cwnd) && 13451 (stcb->asoc.sctp_cmt_on_off == 0)) { 13452 SCTP_STAT_INCR(sctps_send_cwnd_avoid); 13453 queue_only = 1; 13454 } else if (asoc->ifp_had_enobuf) { 13455 SCTP_STAT_INCR(sctps_ifnomemqueued); 13456 if (net->flight_size > (2 * net->mtu)) { 13457 queue_only = 1; 13458 } 13459 asoc->ifp_had_enobuf = 0; 13460 } 13461 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 13462 (stcb->asoc.stream_queue_cnt * sizeof(struct sctp_data_chunk))); 13463 if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) && 13464 (stcb->asoc.total_flight > 0) && 13465 (stcb->asoc.stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) && 13466 (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) { 13467 /*- 13468 * Ok, Nagle is set on and we have data outstanding. 13469 * Don't send anything and let SACKs drive out the 13470 * data unless wen have a "full" segment to send. 13471 */ 13472 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13473 sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED); 13474 } 13475 SCTP_STAT_INCR(sctps_naglequeued); 13476 nagle_applies = 1; 13477 } else { 13478 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) { 13479 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) 13480 sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED); 13481 } 13482 SCTP_STAT_INCR(sctps_naglesent); 13483 nagle_applies = 0; 13484 } 13485 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { 13486 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, queue_only_for_init, queue_only, 13487 nagle_applies, un_sent); 13488 sctp_misc_ints(SCTP_CWNDLOG_PRESEND, stcb->asoc.total_output_queue_size, 13489 stcb->asoc.total_flight, 13490 stcb->asoc.chunks_on_out_queue, stcb->asoc.total_flight_count); 13491 } 13492 if ((queue_only == 0) && (nagle_applies == 0) && (stcb->asoc.peers_rwnd && un_sent)) { 13493 /* we can attempt to send too. */ 13494 if (hold_tcblock == 0) { 13495 /* 13496 * If there is activity recv'ing sacks no need to 13497 * send 13498 */ 13499 if (SCTP_TCB_TRYLOCK(stcb)) { 13500 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13501 hold_tcblock = 1; 13502 } 13503 } else { 13504 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13505 } 13506 } else if ((queue_only == 0) && 13507 (stcb->asoc.peers_rwnd == 0) && 13508 (stcb->asoc.total_flight == 0)) { 13509 /* We get to have a probe outstanding */ 13510 if (hold_tcblock == 0) { 13511 hold_tcblock = 1; 13512 SCTP_TCB_LOCK(stcb); 13513 } 13514 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); 13515 } else if (some_on_control) { 13516 int num_out, reason, frag_point; 13517 13518 /* Here we do control only */ 13519 if (hold_tcblock == 0) { 13520 hold_tcblock = 1; 13521 SCTP_TCB_LOCK(stcb); 13522 } 13523 frag_point = sctp_get_frag_point(stcb, &stcb->asoc); 13524 (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, 13525 &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_LOCKED); 13526 } 13527 SCTPDBG(SCTP_DEBUG_OUTPUT1, "USR Send complete qo:%d prw:%d unsent:%d tf:%d cooq:%d toqs:%d err:%d\n", 13528 queue_only, stcb->asoc.peers_rwnd, un_sent, 13529 stcb->asoc.total_flight, stcb->asoc.chunks_on_out_queue, 13530 stcb->asoc.total_output_queue_size, error); 13531 13532out: 13533out_unlocked: 13534 13535 if (local_soresv && stcb) { 13536 atomic_subtract_int(&stcb->asoc.sb_send_resv, sndlen); 13537 } 13538 if (create_lock_applied) { 13539 SCTP_ASOC_CREATE_UNLOCK(inp); 13540 } 13541 if ((stcb) && hold_tcblock) { 13542 SCTP_TCB_UNLOCK(stcb); 13543 } 13544 if (stcb && free_cnt_applied) { 13545 atomic_add_int(&stcb->asoc.refcnt, -1); 13546 } 13547#ifdef INVARIANTS 13548 if (stcb) { 13549 if (mtx_owned(&stcb->tcb_mtx)) { 13550 panic("Leaving with tcb mtx owned?"); 13551 } 13552 if (mtx_owned(&stcb->tcb_send_mtx)) { 13553 panic("Leaving with tcb send mtx owned?"); 13554 } 13555 } 13556#endif 13557 if (top) { 13558 sctp_m_freem(top); 13559 } 13560 if (control) { 13561 sctp_m_freem(control); 13562 } 13563 return (error); 13564} 13565 13566 13567/* 13568 * generate an AUTHentication chunk, if required 13569 */ 13570struct mbuf * 13571sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end, 13572 struct sctp_auth_chunk **auth_ret, uint32_t * offset, 13573 struct sctp_tcb *stcb, uint8_t chunk) 13574{ 13575 struct mbuf *m_auth; 13576 struct sctp_auth_chunk *auth; 13577 int chunk_len; 13578 struct mbuf *cn; 13579 13580 if ((m_end == NULL) || (auth_ret == NULL) || (offset == NULL) || 13581 (stcb == NULL)) 13582 return (m); 13583 13584 if (stcb->asoc.auth_supported == 0) { 13585 return (m); 13586 } 13587 /* does the requested chunk require auth? */ 13588 if (!sctp_auth_is_required_chunk(chunk, stcb->asoc.peer_auth_chunks)) { 13589 return (m); 13590 } 13591 m_auth = sctp_get_mbuf_for_msg(sizeof(*auth), 0, M_NOWAIT, 1, MT_HEADER); 13592 if (m_auth == NULL) { 13593 /* no mbuf's */ 13594 return (m); 13595 } 13596 /* reserve some space if this will be the first mbuf */ 13597 if (m == NULL) 13598 SCTP_BUF_RESV_UF(m_auth, SCTP_MIN_OVERHEAD); 13599 /* fill in the AUTH chunk details */ 13600 auth = mtod(m_auth, struct sctp_auth_chunk *); 13601 bzero(auth, sizeof(*auth)); 13602 auth->ch.chunk_type = SCTP_AUTHENTICATION; 13603 auth->ch.chunk_flags = 0; 13604 chunk_len = sizeof(*auth) + 13605 sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id); 13606 auth->ch.chunk_length = htons(chunk_len); 13607 auth->hmac_id = htons(stcb->asoc.peer_hmac_id); 13608 /* key id and hmac digest will be computed and filled in upon send */ 13609 13610 /* save the offset where the auth was inserted into the chain */ 13611 *offset = 0; 13612 for (cn = m; cn; cn = SCTP_BUF_NEXT(cn)) { 13613 *offset += SCTP_BUF_LEN(cn); 13614 } 13615 13616 /* update length and return pointer to the auth chunk */ 13617 SCTP_BUF_LEN(m_auth) = chunk_len; 13618 m = sctp_copy_mbufchain(m_auth, m, m_end, 1, chunk_len, 0); 13619 if (auth_ret != NULL) 13620 *auth_ret = auth; 13621 13622 return (m); 13623} 13624 13625#ifdef INET6 13626int 13627sctp_v6src_match_nexthop(struct sockaddr_in6 *src6, sctp_route_t * ro) 13628{ 13629 struct nd_prefix *pfx = NULL; 13630 struct nd_pfxrouter *pfxrtr = NULL; 13631 struct sockaddr_in6 gw6; 13632 13633 if (ro == NULL || ro->ro_rt == NULL || src6->sin6_family != AF_INET6) 13634 return (0); 13635 13636 /* get prefix entry of address */ 13637 LIST_FOREACH(pfx, &MODULE_GLOBAL(nd_prefix), ndpr_entry) { 13638 if (pfx->ndpr_stateflags & NDPRF_DETACHED) 13639 continue; 13640 if (IN6_ARE_MASKED_ADDR_EQUAL(&pfx->ndpr_prefix.sin6_addr, 13641 &src6->sin6_addr, &pfx->ndpr_mask)) 13642 break; 13643 } 13644 /* no prefix entry in the prefix list */ 13645 if (pfx == NULL) { 13646 SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefix entry for "); 13647 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6); 13648 return (0); 13649 } 13650 SCTPDBG(SCTP_DEBUG_OUTPUT2, "v6src_match_nexthop(), Prefix entry is "); 13651 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6); 13652 13653 /* search installed gateway from prefix entry */ 13654 LIST_FOREACH(pfxrtr, &pfx->ndpr_advrtrs, pfr_entry) { 13655 memset(&gw6, 0, sizeof(struct sockaddr_in6)); 13656 gw6.sin6_family = AF_INET6; 13657 gw6.sin6_len = sizeof(struct sockaddr_in6); 13658 memcpy(&gw6.sin6_addr, &pfxrtr->router->rtaddr, 13659 sizeof(struct in6_addr)); 13660 SCTPDBG(SCTP_DEBUG_OUTPUT2, "prefix router is "); 13661 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)&gw6); 13662 SCTPDBG(SCTP_DEBUG_OUTPUT2, "installed router is "); 13663 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway); 13664 if (sctp_cmpaddr((struct sockaddr *)&gw6, 13665 ro->ro_rt->rt_gateway)) { 13666 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is installed\n"); 13667 return (1); 13668 } 13669 } 13670 SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is not installed\n"); 13671 return (0); 13672} 13673 13674#endif 13675 13676int 13677sctp_v4src_match_nexthop(struct sctp_ifa *sifa, sctp_route_t * ro) 13678{ 13679#ifdef INET 13680 struct sockaddr_in *sin, *mask; 13681 struct ifaddr *ifa; 13682 struct in_addr srcnetaddr, gwnetaddr; 13683 13684 if (ro == NULL || ro->ro_rt == NULL || 13685 sifa->address.sa.sa_family != AF_INET) { 13686 return (0); 13687 } 13688 ifa = (struct ifaddr *)sifa->ifa; 13689 mask = (struct sockaddr_in *)(ifa->ifa_netmask); 13690 sin = &sifa->address.sin; 13691 srcnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr); 13692 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: src address is "); 13693 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa); 13694 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", srcnetaddr.s_addr); 13695 13696 sin = (struct sockaddr_in *)ro->ro_rt->rt_gateway; 13697 gwnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr); 13698 SCTPDBG(SCTP_DEBUG_OUTPUT1, "match_nexthop4: nexthop is "); 13699 SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway); 13700 SCTPDBG(SCTP_DEBUG_OUTPUT1, "network address is %x\n", gwnetaddr.s_addr); 13701 if (srcnetaddr.s_addr == gwnetaddr.s_addr) { 13702 return (1); 13703 } 13704#endif 13705 return (0); 13706} 13707