1 /* $NetBSD: sctp_output.c,v 1.7 2016/07/07 09:32:02 ozaki-r Exp $ */ 2 /* $KAME: sctp_output.c,v 1.48 2005/06/16 18:29:24 jinmei Exp $ */ 3 4 /* 5 * Copyright (C) 2002, 2003, 2004 Cisco Systems Inc, 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 #include <sys/cdefs.h> 33 __KERNEL_RCSID(0, "$NetBSD: sctp_output.c,v 1.7 2016/07/07 09:32:02 ozaki-r Exp $"); 34 35 #ifdef _KERNEL_OPT 36 #include "opt_ipsec.h" 37 #include "opt_inet.h" 38 #include "opt_sctp.h" 39 #endif /* _KERNEL_OPT */ 40 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/malloc.h> 44 #include <sys/mbuf.h> 45 #include <sys/domain.h> 46 #include <sys/protosw.h> 47 #include <sys/socket.h> 48 #include <sys/socketvar.h> 49 #include <sys/proc.h> 50 #include <sys/kernel.h> 51 #include <sys/sysctl.h> 52 #include <sys/resourcevar.h> 53 #include <sys/uio.h> 54 #ifdef INET6 55 #include <sys/domain.h> 56 #endif 57 58 #include <machine/limits.h> 59 #include <machine/cpu.h> 60 61 #include <net/if.h> 62 #include <net/if_types.h> 63 64 #include <net/route.h> 65 66 #include <netinet/in.h> 67 #include <netinet/in_systm.h> 68 #include <netinet/ip.h> 69 #include <netinet/in_pcb.h> 70 #include <netinet/in_var.h> 71 #include <netinet/ip_var.h> 72 73 #ifdef INET6 74 #include <netinet/ip6.h> 75 #include <netinet6/ip6_var.h> 76 #include <netinet6/scope6_var.h> 77 #include <netinet6/nd6.h> 78 79 #include <netinet6/in6_pcb.h> 80 81 #include <netinet/icmp6.h> 82 83 #endif /* INET6 */ 84 85 #include <net/net_osdep.h> 86 87 #if defined(HAVE_NRL_INPCB) || defined(__FreeBSD__) 88 #ifndef in6pcb 89 #define in6pcb inpcb 90 #endif 91 #endif 92 93 #include <netinet/sctp_pcb.h> 94 95 #ifdef IPSEC 96 #include <netipsec/ipsec.h> 97 #include <netipsec/key.h> 98 #endif /* IPSEC */ 99 100 #include <netinet/sctp_var.h> 101 #include <netinet/sctp_header.h> 102 #include <netinet/sctputil.h> 103 #include <netinet/sctp_pcb.h> 104 #include <netinet/sctp_output.h> 105 #include <netinet/sctp_uio.h> 106 #include <netinet/sctputil.h> 107 #include <netinet/sctp_hashdriver.h> 108 #include <netinet/sctp_timer.h> 109 #include <netinet/sctp_asconf.h> 110 #include <netinet/sctp_indata.h> 111 112 #ifdef SCTP_DEBUG 113 extern uint32_t sctp_debug_on; 114 #endif 115 116 extern int sctp_peer_chunk_oh; 117 118 static int 119 sctp_find_cmsg(int c_type, void *data, struct mbuf *control, int cpsize) 120 { 121 struct cmsghdr cmh; 122 int tlen, at; 123 124 tlen = control->m_len; 125 at = 0; 126 /* 127 * Independent of how many mbufs, find the c_type inside the control 128 * structure and copy out the data. 129 */ 130 while (at < tlen) { 131 if ((tlen-at) < (int)CMSG_ALIGN(sizeof(cmh))) { 132 /* not enough room for one more we are done. */ 133 return (0); 134 } 135 m_copydata(control, at, sizeof(cmh), (void *)&cmh); 136 if ((cmh.cmsg_len + at) > tlen) { 137 /* 138 * this is real messed up since there is not enough 139 * data here to cover the cmsg header. We are done. 140 */ 141 return (0); 142 } 143 if ((cmh.cmsg_level == IPPROTO_SCTP) && 144 (c_type == cmh.cmsg_type)) { 145 /* found the one we want, copy it out */ 146 at += CMSG_ALIGN(sizeof(struct cmsghdr)); 147 if ((int)(cmh.cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr))) < cpsize) { 148 /* 149 * space of cmsg_len after header not 150 * big enough 151 */ 152 return (0); 153 } 154 m_copydata(control, at, cpsize, data); 155 return (1); 156 } else { 157 at += CMSG_ALIGN(cmh.cmsg_len); 158 if (cmh.cmsg_len == 0) { 159 break; 160 } 161 } 162 } 163 /* not found */ 164 return (0); 165 } 166 167 static struct mbuf * 168 sctp_add_addr_to_mbuf(struct mbuf *m, struct ifaddr *ifa) 169 { 170 struct sctp_paramhdr *parmh; 171 struct mbuf *mret; 172 int len; 173 if (ifa->ifa_addr->sa_family == AF_INET) { 174 len = sizeof(struct sctp_ipv4addr_param); 175 } else if (ifa->ifa_addr->sa_family == AF_INET6) { 176 len = sizeof(struct sctp_ipv6addr_param); 177 } else { 178 /* unknown type */ 179 return (m); 180 } 181 182 if (M_TRAILINGSPACE(m) >= len) { 183 /* easy side we just drop it on the end */ 184 parmh = (struct sctp_paramhdr *)(m->m_data + m->m_len); 185 mret = m; 186 } else { 187 /* Need more space */ 188 mret = m; 189 while (mret->m_next != NULL) { 190 mret = mret->m_next; 191 } 192 MGET(mret->m_next, M_DONTWAIT, MT_DATA); 193 if (mret->m_next == NULL) { 194 /* We are hosed, can't add more addresses */ 195 return (m); 196 } 197 mret = mret->m_next; 198 parmh = mtod(mret, struct sctp_paramhdr *); 199 } 200 /* now add the parameter */ 201 if (ifa->ifa_addr->sa_family == AF_INET) { 202 struct sctp_ipv4addr_param *ipv4p; 203 struct sockaddr_in *sin; 204 sin = (struct sockaddr_in *)ifa->ifa_addr; 205 ipv4p = (struct sctp_ipv4addr_param *)parmh; 206 parmh->param_type = htons(SCTP_IPV4_ADDRESS); 207 parmh->param_length = htons(len); 208 ipv4p->addr = sin->sin_addr.s_addr; 209 mret->m_len += len; 210 } else if (ifa->ifa_addr->sa_family == AF_INET6) { 211 struct sctp_ipv6addr_param *ipv6p; 212 struct sockaddr_in6 *sin6; 213 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 214 ipv6p = (struct sctp_ipv6addr_param *)parmh; 215 parmh->param_type = htons(SCTP_IPV6_ADDRESS); 216 parmh->param_length = htons(len); 217 memcpy(ipv6p->addr, &sin6->sin6_addr, 218 sizeof(ipv6p->addr)); 219 /* clear embedded scope in the address */ 220 in6_clearscope((struct in6_addr *)ipv6p->addr); 221 mret->m_len += len; 222 } else { 223 return (m); 224 } 225 return (mret); 226 } 227 228 229 230 static struct mbuf * 231 sctp_add_cookie(struct sctp_inpcb *inp, struct mbuf *init, int init_offset, 232 struct mbuf *initack, int initack_offset, struct sctp_state_cookie *stc_in) 233 { 234 struct mbuf *copy_init, *copy_initack, *m_at, *sig, *mret; 235 struct sctp_state_cookie *stc; 236 struct sctp_paramhdr *ph; 237 uint8_t *signature; 238 int sig_offset; 239 uint16_t cookie_sz; 240 241 mret = NULL; 242 243 MGET(mret, M_DONTWAIT, MT_DATA); 244 if (mret == NULL) { 245 return (NULL); 246 } 247 copy_init = sctp_m_copym(init, init_offset, M_COPYALL, M_DONTWAIT); 248 if (copy_init == NULL) { 249 sctp_m_freem(mret); 250 return (NULL); 251 } 252 copy_initack = sctp_m_copym(initack, initack_offset, M_COPYALL, 253 M_DONTWAIT); 254 if (copy_initack == NULL) { 255 sctp_m_freem(mret); 256 sctp_m_freem(copy_init); 257 return (NULL); 258 } 259 /* easy side we just drop it on the end */ 260 ph = mtod(mret, struct sctp_paramhdr *); 261 mret->m_len = sizeof(struct sctp_state_cookie) + 262 sizeof(struct sctp_paramhdr); 263 stc = (struct sctp_state_cookie *)((vaddr_t)ph + 264 sizeof(struct sctp_paramhdr)); 265 ph->param_type = htons(SCTP_STATE_COOKIE); 266 ph->param_length = 0; /* fill in at the end */ 267 /* Fill in the stc cookie data */ 268 *stc = *stc_in; 269 270 /* tack the INIT and then the INIT-ACK onto the chain */ 271 cookie_sz = 0; 272 m_at = mret; 273 for (m_at = mret; m_at; m_at = m_at->m_next) { 274 cookie_sz += m_at->m_len; 275 if (m_at->m_next == NULL) { 276 m_at->m_next = copy_init; 277 break; 278 } 279 } 280 281 for (m_at = copy_init; m_at; m_at = m_at->m_next) { 282 cookie_sz += m_at->m_len; 283 if (m_at->m_next == NULL) { 284 m_at->m_next = copy_initack; 285 break; 286 } 287 } 288 289 for (m_at = copy_initack; m_at; m_at = m_at->m_next) { 290 cookie_sz += m_at->m_len; 291 if (m_at->m_next == NULL) { 292 break; 293 } 294 } 295 MGET(sig, M_DONTWAIT, MT_DATA); 296 if (sig == NULL) { 297 /* no space */ 298 sctp_m_freem(mret); 299 sctp_m_freem(copy_init); 300 sctp_m_freem(copy_initack); 301 return (NULL); 302 } 303 sig->m_len = 0; 304 m_at->m_next = sig; 305 sig_offset = 0; 306 signature = (uint8_t *)(mtod(sig, vaddr_t) + sig_offset); 307 /* Time to sign the cookie */ 308 sctp_hash_digest_m((char *)inp->sctp_ep.secret_key[ 309 (int)(inp->sctp_ep.current_secret_number)], 310 SCTP_SECRET_SIZE, mret, sizeof(struct sctp_paramhdr), 311 (uint8_t *)signature); 312 sig->m_len += SCTP_SIGNATURE_SIZE; 313 cookie_sz += SCTP_SIGNATURE_SIZE; 314 315 ph->param_length = htons(cookie_sz); 316 return (mret); 317 } 318 319 320 static struct sockaddr_in * 321 sctp_is_v4_ifa_addr_prefered (struct ifaddr *ifa, uint8_t loopscope, uint8_t ipv4_scope, uint8_t *sin_loop, uint8_t *sin_local) 322 { 323 struct sockaddr_in *sin; 324 /* 325 * Here we determine if its a prefered address. A 326 * prefered address means it is the same scope or 327 * higher scope then the destination. 328 * L = loopback, P = private, G = global 329 * ----------------------------------------- 330 * src | dest | result 331 *----------------------------------------- 332 * L | L | yes 333 *----------------------------------------- 334 * P | L | yes 335 *----------------------------------------- 336 * G | L | yes 337 *----------------------------------------- 338 * L | P | no 339 *----------------------------------------- 340 * P | P | yes 341 *----------------------------------------- 342 * G | P | no 343 *----------------------------------------- 344 * L | G | no 345 *----------------------------------------- 346 * P | G | no 347 *----------------------------------------- 348 * G | G | yes 349 *----------------------------------------- 350 */ 351 352 if (ifa->ifa_addr->sa_family != AF_INET) { 353 /* forget non-v4 */ 354 return (NULL); 355 } 356 /* Ok the address may be ok */ 357 sin = (struct sockaddr_in *)ifa->ifa_addr; 358 if (sin->sin_addr.s_addr == 0) { 359 return (NULL); 360 } 361 *sin_local = *sin_loop = 0; 362 if ((ifa->ifa_ifp->if_type == IFT_LOOP) || 363 (IN4_ISLOOPBACK_ADDRESS(&sin->sin_addr))) { 364 *sin_loop = 1; 365 *sin_local = 1; 366 } 367 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 368 *sin_local = 1; 369 } 370 if (!loopscope && *sin_loop) { 371 /* Its a loopback address and we don't have loop scope */ 372 return (NULL); 373 } 374 if (!ipv4_scope && *sin_local) { 375 /* Its a private address, and we don't have private address scope */ 376 return (NULL); 377 } 378 if (((ipv4_scope == 0) && (loopscope == 0)) && (*sin_local)) { 379 /* its a global src and a private dest */ 380 return (NULL); 381 } 382 /* its a prefered address */ 383 return (sin); 384 } 385 386 static struct sockaddr_in * 387 sctp_is_v4_ifa_addr_acceptable (struct ifaddr *ifa, uint8_t loopscope, uint8_t ipv4_scope, uint8_t *sin_loop, uint8_t *sin_local) 388 { 389 struct sockaddr_in *sin; 390 /* 391 * Here we determine if its a acceptable address. A 392 * acceptable address means it is the same scope or 393 * higher scope but we can allow for NAT which means 394 * its ok to have a global dest and a private src. 395 * 396 * L = loopback, P = private, G = global 397 * ----------------------------------------- 398 * src | dest | result 399 *----------------------------------------- 400 * L | L | yes 401 *----------------------------------------- 402 * P | L | yes 403 *----------------------------------------- 404 * G | L | yes 405 *----------------------------------------- 406 * L | P | no 407 *----------------------------------------- 408 * P | P | yes 409 *----------------------------------------- 410 * G | P | yes - probably this won't work. 411 *----------------------------------------- 412 * L | G | no 413 *----------------------------------------- 414 * P | G | yes 415 *----------------------------------------- 416 * G | G | yes 417 *----------------------------------------- 418 */ 419 420 if (ifa->ifa_addr->sa_family != AF_INET) { 421 /* forget non-v4 */ 422 return (NULL); 423 } 424 /* Ok the address may be ok */ 425 sin = (struct sockaddr_in *)ifa->ifa_addr; 426 if (sin->sin_addr.s_addr == 0) { 427 return (NULL); 428 } 429 *sin_local = *sin_loop = 0; 430 if ((ifa->ifa_ifp->if_type == IFT_LOOP) || 431 (IN4_ISLOOPBACK_ADDRESS(&sin->sin_addr))) { 432 *sin_loop = 1; 433 *sin_local = 1; 434 } 435 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 436 *sin_local = 1; 437 } 438 if (!loopscope && *sin_loop) { 439 /* Its a loopback address and we don't have loop scope */ 440 return (NULL); 441 } 442 /* its an acceptable address */ 443 return (sin); 444 } 445 446 /* 447 * This treats the address list on the ep as a restricted list 448 * (negative list). If a the passed address is listed, then 449 * the address is NOT allowed on the association. 450 */ 451 int 452 sctp_is_addr_restricted(struct sctp_tcb *stcb, struct sockaddr *addr) 453 { 454 struct sctp_laddr *laddr; 455 #ifdef SCTP_DEBUG 456 int cnt=0; 457 #endif 458 if (stcb == NULL) { 459 /* There are no restrictions, no TCB :-) */ 460 return (0); 461 } 462 #ifdef SCTP_DEBUG 463 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, sctp_nxt_addr) { 464 cnt++; 465 } 466 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 467 printf("There are %d addresses on the restricted list\n", cnt); 468 } 469 cnt = 0; 470 #endif 471 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, sctp_nxt_addr) { 472 if (laddr->ifa == NULL) { 473 #ifdef SCTP_DEBUG 474 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 475 printf("Help I have fallen and I can't get up!\n"); 476 } 477 #endif 478 continue; 479 } 480 #ifdef SCTP_DEBUG 481 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 482 cnt++; 483 printf("Restricted address[%d]:", cnt); 484 sctp_print_address(laddr->ifa->ifa_addr); 485 } 486 #endif 487 if (sctp_cmpaddr(addr, laddr->ifa->ifa_addr) == 1) { 488 /* Yes it is on the list */ 489 return (1); 490 } 491 } 492 return (0); 493 } 494 495 static int 496 sctp_is_addr_in_ep(struct sctp_inpcb *inp, struct ifaddr *ifa) 497 { 498 struct sctp_laddr *laddr; 499 500 if (ifa == NULL) 501 return (0); 502 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 503 if (laddr->ifa == NULL) { 504 #ifdef SCTP_DEBUG 505 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 506 printf("Help I have fallen and I can't get up!\n"); 507 } 508 #endif 509 continue; 510 } 511 if (laddr->ifa->ifa_addr == NULL) 512 continue; 513 if (laddr->ifa == ifa) 514 /* same pointer */ 515 return (1); 516 if (laddr->ifa->ifa_addr->sa_family != ifa->ifa_addr->sa_family) { 517 /* skip non compatible address comparison */ 518 continue; 519 } 520 if (sctp_cmpaddr(ifa->ifa_addr, laddr->ifa->ifa_addr) == 1) { 521 /* Yes it is restricted */ 522 return (1); 523 } 524 } 525 return (0); 526 } 527 528 529 530 static struct in_addr 531 sctp_choose_v4_boundspecific_inp(struct sctp_inpcb *inp, 532 struct rtentry *rt, 533 uint8_t ipv4_scope, 534 uint8_t loopscope) 535 { 536 struct in_addr ans; 537 struct sctp_laddr *laddr; 538 struct sockaddr_in *sin; 539 struct ifnet *ifn; 540 struct ifaddr *ifa; 541 uint8_t sin_loop, sin_local; 542 543 /* first question, is the ifn we will emit on 544 * in our list, if so, we want that one. 545 */ 546 ifn = rt->rt_ifp; 547 if (ifn) { 548 /* is a prefered one on the interface we route out? */ 549 IFADDR_READER_FOREACH(ifa, ifn) { 550 sin = sctp_is_v4_ifa_addr_prefered (ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 551 if (sin == NULL) 552 continue; 553 if (sctp_is_addr_in_ep(inp, ifa)) { 554 return (sin->sin_addr); 555 } 556 } 557 /* is an acceptable one on the interface we route out? */ 558 IFADDR_READER_FOREACH(ifa, ifn) { 559 sin = sctp_is_v4_ifa_addr_acceptable (ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 560 if (sin == NULL) 561 continue; 562 if (sctp_is_addr_in_ep(inp, ifa)) { 563 return (sin->sin_addr); 564 } 565 } 566 } 567 /* ok, what about a prefered address in the inp */ 568 for (laddr = LIST_FIRST(&inp->sctp_addr_list); 569 laddr && (laddr != inp->next_addr_touse); 570 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 571 if (laddr->ifa == NULL) { 572 /* address has been removed */ 573 continue; 574 } 575 sin = sctp_is_v4_ifa_addr_prefered (laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 576 if (sin == NULL) 577 continue; 578 return (sin->sin_addr); 579 580 } 581 /* ok, what about an acceptable address in the inp */ 582 for (laddr = LIST_FIRST(&inp->sctp_addr_list); 583 laddr && (laddr != inp->next_addr_touse); 584 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 585 if (laddr->ifa == NULL) { 586 /* address has been removed */ 587 continue; 588 } 589 sin = sctp_is_v4_ifa_addr_acceptable (laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 590 if (sin == NULL) 591 continue; 592 return (sin->sin_addr); 593 594 } 595 596 /* no address bound can be a source for the destination we are in trouble */ 597 #ifdef SCTP_DEBUG 598 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 599 printf("Src address selection for EP, no acceptable src address found for address\n"); 600 } 601 #endif 602 memset(&ans, 0, sizeof(ans)); 603 return (ans); 604 } 605 606 607 608 static struct in_addr 609 sctp_choose_v4_boundspecific_stcb(struct sctp_inpcb *inp, 610 struct sctp_tcb *stcb, 611 struct sctp_nets *net, 612 struct rtentry *rt, 613 uint8_t ipv4_scope, 614 uint8_t loopscope, 615 int non_asoc_addr_ok) 616 { 617 /* 618 * Here we have two cases, bound all asconf 619 * allowed. bound all asconf not allowed. 620 * 621 */ 622 struct sctp_laddr *laddr, *starting_point; 623 struct in_addr ans; 624 struct ifnet *ifn; 625 struct ifaddr *ifa; 626 uint8_t sin_loop, sin_local, start_at_beginning=0; 627 struct sockaddr_in *sin; 628 629 /* first question, is the ifn we will emit on 630 * in our list, if so, we want that one. 631 */ 632 ifn = rt->rt_ifp; 633 634 if (inp->sctp_flags & SCTP_PCB_FLAGS_DO_ASCONF) { 635 /* 636 * Here we use the list of addresses on the endpoint. Then 637 * the addresses listed on the "restricted" list is just that, 638 * address that have not been added and can't be used (unless 639 * the non_asoc_addr_ok is set). 640 */ 641 #ifdef SCTP_DEBUG 642 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 643 printf("Have a STCB - asconf allowed, not bound all have a netgative list\n"); 644 } 645 #endif 646 /* first question, is the ifn we will emit on 647 * in our list, if so, we want that one. 648 */ 649 if (ifn) { 650 /* first try for an prefered address on the ep */ 651 IFADDR_READER_FOREACH(ifa, ifn) { 652 if (sctp_is_addr_in_ep(inp, ifa)) { 653 sin = sctp_is_v4_ifa_addr_prefered (ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 654 if (sin == NULL) 655 continue; 656 if ((non_asoc_addr_ok == 0) && 657 (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin))) { 658 /* on the no-no list */ 659 continue; 660 } 661 return (sin->sin_addr); 662 } 663 } 664 /* next try for an acceptable address on the ep */ 665 IFADDR_READER_FOREACH(ifa, ifn) { 666 if (sctp_is_addr_in_ep(inp, ifa)) { 667 sin = sctp_is_v4_ifa_addr_acceptable (ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 668 if (sin == NULL) 669 continue; 670 if ((non_asoc_addr_ok == 0) && 671 (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin))) { 672 /* on the no-no list */ 673 continue; 674 } 675 return (sin->sin_addr); 676 } 677 } 678 679 } 680 /* if we can't find one like that then we must 681 * look at all addresses bound to pick one at 682 * first prefereable then secondly acceptable. 683 */ 684 starting_point = stcb->asoc.last_used_address; 685 sctpv4_from_the_top: 686 if (stcb->asoc.last_used_address == NULL) { 687 start_at_beginning=1; 688 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 689 } 690 /* search beginning with the last used address */ 691 for (laddr = stcb->asoc.last_used_address; laddr; 692 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 693 if (laddr->ifa == NULL) { 694 /* address has been removed */ 695 continue; 696 } 697 sin = sctp_is_v4_ifa_addr_prefered (laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 698 if (sin == NULL) 699 continue; 700 if ((non_asoc_addr_ok == 0) && 701 (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin))) { 702 /* on the no-no list */ 703 continue; 704 } 705 return (sin->sin_addr); 706 707 } 708 if (start_at_beginning == 0) { 709 stcb->asoc.last_used_address = NULL; 710 goto sctpv4_from_the_top; 711 } 712 /* now try for any higher scope than the destination */ 713 stcb->asoc.last_used_address = starting_point; 714 start_at_beginning = 0; 715 sctpv4_from_the_top2: 716 if (stcb->asoc.last_used_address == NULL) { 717 start_at_beginning=1; 718 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 719 } 720 /* search beginning with the last used address */ 721 for (laddr = stcb->asoc.last_used_address; laddr; 722 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 723 if (laddr->ifa == NULL) { 724 /* address has been removed */ 725 continue; 726 } 727 sin = sctp_is_v4_ifa_addr_acceptable (laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 728 if (sin == NULL) 729 continue; 730 if ((non_asoc_addr_ok == 0) && 731 (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin))) { 732 /* on the no-no list */ 733 continue; 734 } 735 return (sin->sin_addr); 736 } 737 if (start_at_beginning == 0) { 738 stcb->asoc.last_used_address = NULL; 739 goto sctpv4_from_the_top2; 740 } 741 } else { 742 /* 743 * Here we have an address list on the association, thats the 744 * only valid source addresses that we can use. 745 */ 746 #ifdef SCTP_DEBUG 747 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 748 printf("Have a STCB - no asconf allowed, not bound all have a postive list\n"); 749 } 750 #endif 751 /* First look at all addresses for one that is on 752 * the interface we route out 753 */ 754 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 755 sctp_nxt_addr) { 756 if (laddr->ifa == NULL) { 757 /* address has been removed */ 758 continue; 759 } 760 sin = sctp_is_v4_ifa_addr_prefered (laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 761 if (sin == NULL) 762 continue; 763 /* first question, is laddr->ifa an address associated with the emit interface */ 764 if (ifn) { 765 IFADDR_READER_FOREACH(ifa, ifn) { 766 if (laddr->ifa == ifa) { 767 sin = (struct sockaddr_in *)laddr->ifa->ifa_addr; 768 return (sin->sin_addr); 769 } 770 if (sctp_cmpaddr(ifa->ifa_addr, laddr->ifa->ifa_addr) == 1) { 771 sin = (struct sockaddr_in *)laddr->ifa->ifa_addr; 772 return (sin->sin_addr); 773 } 774 } 775 } 776 } 777 /* what about an acceptable one on the interface? */ 778 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 779 sctp_nxt_addr) { 780 if (laddr->ifa == NULL) { 781 /* address has been removed */ 782 continue; 783 } 784 sin = sctp_is_v4_ifa_addr_acceptable (laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 785 if (sin == NULL) 786 continue; 787 /* first question, is laddr->ifa an address associated with the emit interface */ 788 if (ifn) { 789 IFADDR_READER_FOREACH(ifa, ifn) { 790 if (laddr->ifa == ifa) { 791 sin = (struct sockaddr_in *)laddr->ifa->ifa_addr; 792 return (sin->sin_addr); 793 } 794 if (sctp_cmpaddr(ifa->ifa_addr, laddr->ifa->ifa_addr) == 1) { 795 sin = (struct sockaddr_in *)laddr->ifa->ifa_addr; 796 return (sin->sin_addr); 797 } 798 } 799 } 800 } 801 /* ok, next one that is preferable in general */ 802 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 803 sctp_nxt_addr) { 804 if (laddr->ifa == NULL) { 805 /* address has been removed */ 806 continue; 807 } 808 sin = sctp_is_v4_ifa_addr_prefered (laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 809 if (sin == NULL) 810 continue; 811 return (sin->sin_addr); 812 } 813 814 /* last, what about one that is acceptable */ 815 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 816 sctp_nxt_addr) { 817 if (laddr->ifa == NULL) { 818 /* address has been removed */ 819 continue; 820 } 821 sin = sctp_is_v4_ifa_addr_acceptable (laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 822 if (sin == NULL) 823 continue; 824 return (sin->sin_addr); 825 } 826 } 827 memset(&ans, 0, sizeof(ans)); 828 return (ans); 829 } 830 831 static struct sockaddr_in * 832 sctp_select_v4_nth_prefered_addr_from_ifn_boundall (struct ifnet *ifn, struct sctp_tcb *stcb, int non_asoc_addr_ok, 833 uint8_t loopscope, uint8_t ipv4_scope, int cur_addr_num) 834 { 835 struct ifaddr *ifa; 836 struct sockaddr_in *sin; 837 uint8_t sin_loop, sin_local; 838 int num_eligible_addr = 0; 839 IFADDR_READER_FOREACH(ifa, ifn) { 840 sin = sctp_is_v4_ifa_addr_prefered (ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 841 if (sin == NULL) 842 continue; 843 if (stcb) { 844 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, (struct sockaddr *)sin)) { 845 /* It is restricted for some reason.. probably 846 * not yet added. 847 */ 848 continue; 849 } 850 } 851 if (cur_addr_num == num_eligible_addr) { 852 return (sin); 853 } 854 } 855 return (NULL); 856 } 857 858 859 static int 860 sctp_count_v4_num_prefered_boundall (struct ifnet *ifn, struct sctp_tcb *stcb, int non_asoc_addr_ok, 861 uint8_t loopscope, uint8_t ipv4_scope, uint8_t *sin_loop, uint8_t *sin_local) 862 { 863 struct ifaddr *ifa; 864 struct sockaddr_in *sin; 865 int num_eligible_addr = 0; 866 867 IFADDR_READER_FOREACH(ifa, ifn) { 868 sin = sctp_is_v4_ifa_addr_prefered (ifa, loopscope, ipv4_scope, sin_loop, sin_local); 869 if (sin == NULL) 870 continue; 871 if (stcb) { 872 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, (struct sockaddr *)sin)) { 873 /* It is restricted for some reason.. probably 874 * not yet added. 875 */ 876 continue; 877 } 878 } 879 num_eligible_addr++; 880 } 881 return (num_eligible_addr); 882 883 } 884 885 static struct in_addr 886 sctp_choose_v4_boundall(struct sctp_inpcb *inp, 887 struct sctp_tcb *stcb, 888 struct sctp_nets *net, 889 struct rtentry *rt, 890 uint8_t ipv4_scope, 891 uint8_t loopscope, 892 int non_asoc_addr_ok) 893 { 894 int cur_addr_num=0, num_prefered=0; 895 uint8_t sin_loop, sin_local; 896 struct ifnet *ifn; 897 struct sockaddr_in *sin; 898 struct in_addr ans; 899 struct ifaddr *ifa; 900 int s; 901 /* 902 * For v4 we can use (in boundall) any address in the association. If 903 * non_asoc_addr_ok is set we can use any address (at least in theory). 904 * So we look for prefered addresses first. If we find one, we use it. 905 * Otherwise we next try to get an address on the interface, which we 906 * should be able to do (unless non_asoc_addr_ok is false and we are 907 * routed out that way). In these cases where we can't use the address 908 * of the interface we go through all the ifn's looking for an address 909 * we can use and fill that in. Punting means we send back address 910 * 0, which will probably cause problems actually since then IP will 911 * fill in the address of the route ifn, which means we probably already 912 * rejected it.. i.e. here comes an abort :-<. 913 */ 914 ifn = rt->rt_ifp; 915 if (net) { 916 cur_addr_num = net->indx_of_eligible_next_to_use; 917 } 918 if (ifn == NULL) { 919 goto bound_all_v4_plan_c; 920 } 921 num_prefered = sctp_count_v4_num_prefered_boundall (ifn, stcb, non_asoc_addr_ok, loopscope, ipv4_scope, &sin_loop, &sin_local); 922 #ifdef SCTP_DEBUG 923 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 924 printf("Found %d prefered source addresses\n", num_prefered); 925 } 926 #endif 927 if (num_prefered == 0) { 928 /* no eligible addresses, we must use some other 929 * interface address if we can find one. 930 */ 931 goto bound_all_v4_plan_b; 932 } 933 /* Ok we have num_eligible_addr set with how many we can use, 934 * this may vary from call to call due to addresses being deprecated etc.. 935 */ 936 if (cur_addr_num >= num_prefered) { 937 cur_addr_num = 0; 938 } 939 /* select the nth address from the list (where cur_addr_num is the nth) and 940 * 0 is the first one, 1 is the second one etc... 941 */ 942 #ifdef SCTP_DEBUG 943 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 944 printf("cur_addr_num:%d\n", cur_addr_num); 945 } 946 #endif 947 sin = sctp_select_v4_nth_prefered_addr_from_ifn_boundall (ifn, stcb, non_asoc_addr_ok, loopscope, 948 ipv4_scope, cur_addr_num); 949 950 /* if sin is NULL something changed??, plan_a now */ 951 if (sin) { 952 return (sin->sin_addr); 953 } 954 955 /* 956 * plan_b: Look at the interface that we emit on 957 * and see if we can find an acceptable address. 958 */ 959 bound_all_v4_plan_b: 960 IFADDR_READER_FOREACH(ifa, ifn) { 961 sin = sctp_is_v4_ifa_addr_acceptable (ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 962 if (sin == NULL) 963 continue; 964 if (stcb) { 965 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, (struct sockaddr *)sin)) { 966 /* It is restricted for some reason.. probably 967 * not yet added. 968 */ 969 continue; 970 } 971 } 972 return (sin->sin_addr); 973 } 974 /* 975 * plan_c: Look at all interfaces and find a prefered 976 * address. If we reache here we are in trouble I think. 977 */ 978 bound_all_v4_plan_c: 979 s = pserialize_read_enter(); 980 IFNET_READER_FOREACH(ifn) { 981 if (ifn == inp->next_ifn_touse) 982 break; 983 if (loopscope == 0 && ifn->if_type == IFT_LOOP) { 984 /* wrong base scope */ 985 continue; 986 } 987 if (ifn == rt->rt_ifp) 988 /* already looked at this guy */ 989 continue; 990 num_prefered = sctp_count_v4_num_prefered_boundall (ifn, stcb, non_asoc_addr_ok, 991 loopscope, ipv4_scope, &sin_loop, &sin_local); 992 #ifdef SCTP_DEBUG 993 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 994 printf("Found ifn:%p %d prefered source addresses\n", ifn, num_prefered); 995 } 996 #endif 997 if (num_prefered == 0) { 998 /* 999 * None on this interface. 1000 */ 1001 continue; 1002 } 1003 /* Ok we have num_eligible_addr set with how many we can use, 1004 * this may vary from call to call due to addresses being deprecated etc.. 1005 */ 1006 if (cur_addr_num >= num_prefered) { 1007 cur_addr_num = 0; 1008 } 1009 sin = sctp_select_v4_nth_prefered_addr_from_ifn_boundall (ifn, stcb, non_asoc_addr_ok, loopscope, 1010 ipv4_scope, cur_addr_num); 1011 if (sin == NULL) 1012 continue; 1013 pserialize_read_exit(s); 1014 return (sin->sin_addr); 1015 1016 } 1017 pserialize_read_exit(s); 1018 1019 /* 1020 * plan_d: We are in deep trouble. No prefered address on 1021 * any interface. And the emit interface does not 1022 * even have an acceptable address. Take anything 1023 * we can get! If this does not work we are 1024 * probably going to emit a packet that will 1025 * illicit an ABORT, falling through. 1026 */ 1027 1028 s = pserialize_read_enter(); 1029 IFNET_READER_FOREACH(ifn) { 1030 if (ifn == inp->next_ifn_touse) 1031 break; 1032 if (loopscope == 0 && ifn->if_type == IFT_LOOP) { 1033 /* wrong base scope */ 1034 continue; 1035 } 1036 if (ifn == rt->rt_ifp) 1037 /* already looked at this guy */ 1038 continue; 1039 1040 IFADDR_READER_FOREACH(ifa, ifn) { 1041 sin = sctp_is_v4_ifa_addr_acceptable (ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 1042 if (sin == NULL) 1043 continue; 1044 if (stcb) { 1045 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, (struct sockaddr *)sin)) { 1046 /* It is restricted for some reason.. probably 1047 * not yet added. 1048 */ 1049 continue; 1050 } 1051 } 1052 pserialize_read_exit(s); 1053 return (sin->sin_addr); 1054 } 1055 } 1056 pserialize_read_exit(s); 1057 /* 1058 * Ok we can find NO address to source from that is 1059 * not on our negative list. It is either the special 1060 * ASCONF case where we are sourceing from a intf that 1061 * has been ifconfig'd to a different address (i.e. 1062 * it holds a ADD/DEL/SET-PRIM and the proper lookup 1063 * address. OR we are hosed, and this baby is going 1064 * to abort the association. 1065 */ 1066 if (non_asoc_addr_ok) { 1067 return (((struct sockaddr_in *)(rt->rt_ifa->ifa_addr))->sin_addr); 1068 } else { 1069 memset(&ans, 0, sizeof(ans)); 1070 return (ans); 1071 } 1072 } 1073 1074 1075 1076 /* tcb may be NULL */ 1077 struct in_addr 1078 sctp_ipv4_source_address_selection(struct sctp_inpcb *inp, 1079 struct sctp_tcb *stcb, struct route *ro, struct sctp_nets *net, 1080 int non_asoc_addr_ok) 1081 { 1082 struct in_addr ans; 1083 const struct sockaddr_in *to; 1084 struct rtentry *rt; 1085 uint8_t ipv4_scope, loopscope; 1086 /* 1087 * Rules: 1088 * - Find the route if needed, cache if I can. 1089 * - Look at interface address in route, Is it 1090 * in the bound list. If so we have the best source. 1091 * - If not we must rotate amongst the addresses. 1092 * 1093 * Cavets and issues 1094 * 1095 * Do we need to pay attention to scope. We can have 1096 * a private address or a global address we are sourcing 1097 * or sending to. So if we draw it out 1098 * source * dest * result 1099 * ------------------------------------------ 1100 * a Private * Global * NAT? 1101 * ------------------------------------------ 1102 * b Private * Private * No problem 1103 * ------------------------------------------ 1104 * c Global * Private * Huh, How will this work? 1105 * ------------------------------------------ 1106 * d Global * Global * No Problem 1107 * ------------------------------------------ 1108 * 1109 * And then we add to that what happens if there are multiple 1110 * addresses assigned to an interface. Remember the ifa on a 1111 * ifn is a linked list of addresses. So one interface can 1112 * have more than one IPv4 address. What happens if we 1113 * have both a private and a global address? Do we then 1114 * use context of destination to sort out which one is 1115 * best? And what about NAT's sending P->G may get you 1116 * a NAT translation, or should you select the G thats 1117 * on the interface in preference. 1118 * 1119 * Decisions: 1120 * 1121 * - count the number of addresses on the interface. 1122 * - if its one, no problem except case <c>. For <a> 1123 * we will assume a NAT out there. 1124 * - if there are more than one, then we need to worry 1125 * about scope P or G. We should prefer G -> G and 1126 * P -> P if possible. Then as a secondary fall back 1127 * to mixed types G->P being a last ditch one. 1128 * - The above all works for bound all, but bound 1129 * specific we need to use the same concept but instead 1130 * only consider the bound addresses. If the bound set 1131 * is NOT assigned to the interface then we must use 1132 * rotation amongst them. 1133 * 1134 * Notes: For v4, we can always punt and let ip_output 1135 * decide by sending back a source of 0.0.0.0 1136 */ 1137 1138 /* 1139 * Need a route to cache. 1140 * 1141 */ 1142 rt = rtcache_validate(ro); 1143 if (rt == NULL) { 1144 /* No route to host .. punt */ 1145 memset(&ans, 0, sizeof(ans)); 1146 return (ans); 1147 } else { 1148 to = satocsin(rtcache_getdst(ro)); 1149 } 1150 /* Setup our scopes */ 1151 if (stcb) { 1152 ipv4_scope = stcb->asoc.ipv4_local_scope; 1153 loopscope = stcb->asoc.loopback_scope; 1154 } else { 1155 /* Scope based on outbound address */ 1156 if ((IN4_ISPRIVATE_ADDRESS(&to->sin_addr))) { 1157 ipv4_scope = 1; 1158 loopscope = 0; 1159 } else if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 1160 ipv4_scope = 1; 1161 loopscope = 1; 1162 } else { 1163 ipv4_scope = 0; 1164 loopscope = 0; 1165 } 1166 } 1167 #ifdef SCTP_DEBUG 1168 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1169 printf("Scope setup loop:%d ipv4_scope:%d\n", 1170 loopscope, ipv4_scope); 1171 } 1172 #endif 1173 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 1174 /* 1175 * When bound to all if the address list is set 1176 * it is a negative list. Addresses being added 1177 * by asconf. 1178 */ 1179 return (sctp_choose_v4_boundall(inp, stcb, net, rt, 1180 ipv4_scope, loopscope, non_asoc_addr_ok)); 1181 } 1182 /* 1183 * Three possiblities here: 1184 * 1185 * a) stcb is NULL, which means we operate only from 1186 * the list of addresses (ifa's) bound to the assoc and 1187 * we care not about the list. 1188 * b) stcb is NOT-NULL, which means we have an assoc structure and 1189 * auto-asconf is on. This means that the list of addresses is 1190 * a NOT list. We use the list from the inp, but any listed address 1191 * in our list is NOT yet added. However if the non_asoc_addr_ok is 1192 * set we CAN use an address NOT available (i.e. being added). Its 1193 * a negative list. 1194 * c) stcb is NOT-NULL, which means we have an assoc structure and 1195 * auto-asconf is off. This means that the list of addresses is 1196 * the ONLY addresses I can use.. its positive. 1197 * 1198 * Note we collapse b & c into the same function just like in 1199 * the v6 address selection. 1200 */ 1201 if (stcb) { 1202 return (sctp_choose_v4_boundspecific_stcb(inp, stcb, net, 1203 rt, ipv4_scope, loopscope, non_asoc_addr_ok)); 1204 } else { 1205 return (sctp_choose_v4_boundspecific_inp(inp, rt, 1206 ipv4_scope, loopscope)); 1207 } 1208 /* this should not be reached */ 1209 memset(&ans, 0, sizeof(ans)); 1210 return (ans); 1211 } 1212 1213 1214 1215 static struct sockaddr_in6 * 1216 sctp_is_v6_ifa_addr_acceptable (struct ifaddr *ifa, int loopscope, int loc_scope, int *sin_loop, int *sin_local) 1217 { 1218 struct in6_ifaddr *ifa6; 1219 struct sockaddr_in6 *sin6; 1220 1221 if (ifa->ifa_addr->sa_family != AF_INET6) { 1222 /* forget non-v6 */ 1223 return (NULL); 1224 } 1225 ifa6 = (struct in6_ifaddr *)ifa; 1226 /* ok to use deprecated addresses? */ 1227 if (!ip6_use_deprecated) { 1228 if (IFA6_IS_DEPRECATED(ifa6)) { 1229 /* can't use this type */ 1230 return (NULL); 1231 } 1232 } 1233 /* are we ok, with the current state of this address? */ 1234 if (ifa6->ia6_flags & 1235 (IN6_IFF_DETACHED | IN6_IFF_NOTREADY | IN6_IFF_ANYCAST)) { 1236 /* Can't use these types */ 1237 return (NULL); 1238 } 1239 /* Ok the address may be ok */ 1240 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 1241 *sin_local = *sin_loop = 0; 1242 if ((ifa->ifa_ifp->if_type == IFT_LOOP) || 1243 (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))) { 1244 *sin_loop = 1; 1245 } 1246 if (!loopscope && *sin_loop) { 1247 /* Its a loopback address and we don't have loop scope */ 1248 return (NULL); 1249 } 1250 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1251 /* we skip unspecifed addresses */ 1252 return (NULL); 1253 } 1254 1255 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 1256 *sin_local = 1; 1257 } 1258 if (!loc_scope && *sin_local) { 1259 /* Its a link local address, and we don't have link local scope */ 1260 return (NULL); 1261 } 1262 return (sin6); 1263 } 1264 1265 1266 static struct sockaddr_in6 * 1267 sctp_choose_v6_boundspecific_stcb(struct sctp_inpcb *inp, 1268 struct sctp_tcb *stcb, 1269 struct sctp_nets *net, 1270 struct rtentry *rt, 1271 uint8_t loc_scope, 1272 uint8_t loopscope, 1273 int non_asoc_addr_ok) 1274 { 1275 /* 1276 * Each endpoint has a list of local addresses associated 1277 * with it. The address list is either a "negative list" i.e. 1278 * those addresses that are NOT allowed to be used as a source OR 1279 * a "postive list" i.e. those addresses that CAN be used. 1280 * 1281 * Its a negative list if asconf is allowed. What we do 1282 * in this case is use the ep address list BUT we have 1283 * to cross check it against the negative list. 1284 * 1285 * In the case where NO asconf is allowed, we have just 1286 * a straight association level list that we must use to 1287 * find a source address. 1288 */ 1289 struct sctp_laddr *laddr, *starting_point; 1290 struct sockaddr_in6 *sin6; 1291 int sin_loop, sin_local; 1292 int start_at_beginning=0; 1293 struct ifnet *ifn; 1294 struct ifaddr *ifa; 1295 1296 ifn = rt->rt_ifp; 1297 if (inp->sctp_flags & SCTP_PCB_FLAGS_DO_ASCONF) { 1298 #ifdef SCTP_DEBUG 1299 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1300 printf("Have a STCB - asconf allowed, not bound all have a netgative list\n"); 1301 } 1302 #endif 1303 /* first question, is the ifn we will emit on 1304 * in our list, if so, we want that one. 1305 */ 1306 if (ifn) { 1307 IFADDR_READER_FOREACH(ifa, ifn) { 1308 if (sctp_is_addr_in_ep(inp, ifa)) { 1309 sin6 = sctp_is_v6_ifa_addr_acceptable (ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1310 if (sin6 == NULL) 1311 continue; 1312 if ((non_asoc_addr_ok == 0) && 1313 (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin6))) { 1314 /* on the no-no list */ 1315 continue; 1316 } 1317 return (sin6); 1318 } 1319 } 1320 } 1321 starting_point = stcb->asoc.last_used_address; 1322 /* First try for matching scope */ 1323 sctp_from_the_top: 1324 if (stcb->asoc.last_used_address == NULL) { 1325 start_at_beginning=1; 1326 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 1327 } 1328 /* search beginning with the last used address */ 1329 for (laddr = stcb->asoc.last_used_address; laddr; 1330 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 1331 if (laddr->ifa == NULL) { 1332 /* address has been removed */ 1333 continue; 1334 } 1335 sin6 = sctp_is_v6_ifa_addr_acceptable (laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1336 if (sin6 == NULL) 1337 continue; 1338 if ((non_asoc_addr_ok == 0) && (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin6))) { 1339 /* on the no-no list */ 1340 continue; 1341 } 1342 /* is it of matching scope ? */ 1343 if ((loopscope == 0) && 1344 (loc_scope == 0) && 1345 (sin_loop == 0) && 1346 (sin_local == 0)) { 1347 /* all of global scope we are ok with it */ 1348 return (sin6); 1349 } 1350 if (loopscope && sin_loop) 1351 /* both on the loopback, thats ok */ 1352 return (sin6); 1353 if (loc_scope && sin_local) 1354 /* both local scope */ 1355 return (sin6); 1356 1357 } 1358 if (start_at_beginning == 0) { 1359 stcb->asoc.last_used_address = NULL; 1360 goto sctp_from_the_top; 1361 } 1362 /* now try for any higher scope than the destination */ 1363 stcb->asoc.last_used_address = starting_point; 1364 start_at_beginning = 0; 1365 sctp_from_the_top2: 1366 if (stcb->asoc.last_used_address == NULL) { 1367 start_at_beginning=1; 1368 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 1369 } 1370 /* search beginning with the last used address */ 1371 for (laddr = stcb->asoc.last_used_address; laddr; 1372 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 1373 if (laddr->ifa == NULL) { 1374 /* address has been removed */ 1375 continue; 1376 } 1377 sin6 = sctp_is_v6_ifa_addr_acceptable (laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1378 if (sin6 == NULL) 1379 continue; 1380 if ((non_asoc_addr_ok == 0) && (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin6))) { 1381 /* on the no-no list */ 1382 continue; 1383 } 1384 return (sin6); 1385 } 1386 if (start_at_beginning == 0) { 1387 stcb->asoc.last_used_address = NULL; 1388 goto sctp_from_the_top2; 1389 } 1390 } else { 1391 #ifdef SCTP_DEBUG 1392 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1393 printf("Have a STCB - no asconf allowed, not bound all have a postive list\n"); 1394 } 1395 #endif 1396 /* First try for interface output match */ 1397 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 1398 sctp_nxt_addr) { 1399 if (laddr->ifa == NULL) { 1400 /* address has been removed */ 1401 continue; 1402 } 1403 sin6 = sctp_is_v6_ifa_addr_acceptable (laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1404 if (sin6 == NULL) 1405 continue; 1406 /* first question, is laddr->ifa an address associated with the emit interface */ 1407 if (ifn) { 1408 IFADDR_READER_FOREACH(ifa, ifn) { 1409 if (laddr->ifa == ifa) { 1410 sin6 = (struct sockaddr_in6 *)laddr->ifa->ifa_addr; 1411 return (sin6); 1412 } 1413 if (sctp_cmpaddr(ifa->ifa_addr, laddr->ifa->ifa_addr) == 1) { 1414 sin6 = (struct sockaddr_in6 *)laddr->ifa->ifa_addr; 1415 return (sin6); 1416 } 1417 } 1418 } 1419 } 1420 /* Next try for matching scope */ 1421 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 1422 sctp_nxt_addr) { 1423 if (laddr->ifa == NULL) { 1424 /* address has been removed */ 1425 continue; 1426 } 1427 sin6 = sctp_is_v6_ifa_addr_acceptable (laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1428 if (sin6 == NULL) 1429 continue; 1430 1431 if ((loopscope == 0) && 1432 (loc_scope == 0) && 1433 (sin_loop == 0) && 1434 (sin_local == 0)) { 1435 /* all of global scope we are ok with it */ 1436 return (sin6); 1437 } 1438 if (loopscope && sin_loop) 1439 /* both on the loopback, thats ok */ 1440 return (sin6); 1441 if (loc_scope && sin_local) 1442 /* both local scope */ 1443 return (sin6); 1444 } 1445 /* ok, now try for a higher scope in the source address */ 1446 /* First try for matching scope */ 1447 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 1448 sctp_nxt_addr) { 1449 if (laddr->ifa == NULL) { 1450 /* address has been removed */ 1451 continue; 1452 } 1453 sin6 = sctp_is_v6_ifa_addr_acceptable (laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1454 if (sin6 == NULL) 1455 continue; 1456 return (sin6); 1457 } 1458 } 1459 return (NULL); 1460 } 1461 1462 static struct sockaddr_in6 * 1463 sctp_choose_v6_boundspecific_inp(struct sctp_inpcb *inp, 1464 struct rtentry *rt, 1465 uint8_t loc_scope, 1466 uint8_t loopscope) 1467 { 1468 /* 1469 * Here we are bound specific and have only 1470 * an inp. We must find an address that is bound 1471 * that we can give out as a src address. We 1472 * prefer two addresses of same scope if we can 1473 * find them that way. 1474 */ 1475 struct sctp_laddr *laddr; 1476 struct sockaddr_in6 *sin6; 1477 struct ifnet *ifn; 1478 struct ifaddr *ifa; 1479 int sin_loop, sin_local; 1480 1481 /* first question, is the ifn we will emit on 1482 * in our list, if so, we want that one. 1483 */ 1484 1485 ifn = rt->rt_ifp; 1486 if (ifn) { 1487 IFADDR_READER_FOREACH(ifa, ifn) { 1488 sin6 = sctp_is_v6_ifa_addr_acceptable (ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1489 if (sin6 == NULL) 1490 continue; 1491 if (sctp_is_addr_in_ep(inp, ifa)) { 1492 return (sin6); 1493 } 1494 } 1495 } 1496 for (laddr = LIST_FIRST(&inp->sctp_addr_list); 1497 laddr && (laddr != inp->next_addr_touse); 1498 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 1499 if (laddr->ifa == NULL) { 1500 /* address has been removed */ 1501 continue; 1502 } 1503 sin6 = sctp_is_v6_ifa_addr_acceptable (laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1504 if (sin6 == NULL) 1505 continue; 1506 1507 if ((loopscope == 0) && 1508 (loc_scope == 0) && 1509 (sin_loop == 0) && 1510 (sin_local == 0)) { 1511 /* all of global scope we are ok with it */ 1512 return (sin6); 1513 } 1514 if (loopscope && sin_loop) 1515 /* both on the loopback, thats ok */ 1516 return (sin6); 1517 if (loc_scope && sin_local) 1518 /* both local scope */ 1519 return (sin6); 1520 1521 } 1522 /* if we reach here, we could not find two addresses 1523 * of the same scope to give out. Lets look for any higher level 1524 * scope for a source address. 1525 */ 1526 for (laddr = LIST_FIRST(&inp->sctp_addr_list); 1527 laddr && (laddr != inp->next_addr_touse); 1528 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 1529 if (laddr->ifa == NULL) { 1530 /* address has been removed */ 1531 continue; 1532 } 1533 sin6 = sctp_is_v6_ifa_addr_acceptable (laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1534 if (sin6 == NULL) 1535 continue; 1536 return (sin6); 1537 } 1538 /* no address bound can be a source for the destination */ 1539 #ifdef SCTP_DEBUG 1540 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1541 printf("Src address selection for EP, no acceptable src address found for address\n"); 1542 } 1543 #endif 1544 return (NULL); 1545 } 1546 1547 1548 static struct sockaddr_in6 * 1549 sctp_select_v6_nth_addr_from_ifn_boundall (struct ifnet *ifn, struct sctp_tcb *stcb, int non_asoc_addr_ok, uint8_t loopscope, 1550 uint8_t loc_scope, int cur_addr_num, int match_scope) 1551 { 1552 struct ifaddr *ifa; 1553 struct sockaddr_in6 *sin6; 1554 int sin_loop, sin_local; 1555 int num_eligible_addr = 0; 1556 1557 IFADDR_READER_FOREACH(ifa, ifn) { 1558 sin6 = sctp_is_v6_ifa_addr_acceptable (ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1559 if (sin6 == NULL) 1560 continue; 1561 if (stcb) { 1562 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, (struct sockaddr *)sin6)) { 1563 /* It is restricted for some reason.. probably 1564 * not yet added. 1565 */ 1566 continue; 1567 } 1568 } 1569 if (match_scope) { 1570 /* Here we are asked to match scope if possible */ 1571 if (loopscope && sin_loop) 1572 /* src and destination are loopback scope */ 1573 return (sin6); 1574 if (loc_scope && sin_local) 1575 /* src and destination are local scope */ 1576 return (sin6); 1577 if ((loopscope == 0) && 1578 (loc_scope == 0) && 1579 (sin_loop == 0) && 1580 (sin_local == 0)) { 1581 /* src and destination are global scope */ 1582 return (sin6); 1583 } 1584 continue; 1585 } 1586 if (num_eligible_addr == cur_addr_num) { 1587 /* this is it */ 1588 return (sin6); 1589 } 1590 num_eligible_addr++; 1591 } 1592 return (NULL); 1593 } 1594 1595 1596 static int 1597 sctp_count_v6_num_eligible_boundall (struct ifnet *ifn, struct sctp_tcb *stcb, 1598 int non_asoc_addr_ok, uint8_t loopscope, uint8_t loc_scope) 1599 { 1600 struct ifaddr *ifa; 1601 struct sockaddr_in6 *sin6; 1602 int num_eligible_addr = 0; 1603 int sin_loop, sin_local; 1604 1605 IFADDR_READER_FOREACH(ifa, ifn) { 1606 sin6 = sctp_is_v6_ifa_addr_acceptable (ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1607 if (sin6 == NULL) 1608 continue; 1609 if (stcb) { 1610 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, (struct sockaddr *)sin6)) { 1611 /* It is restricted for some reason.. probably 1612 * not yet added. 1613 */ 1614 continue; 1615 } 1616 } 1617 num_eligible_addr++; 1618 } 1619 return (num_eligible_addr); 1620 } 1621 1622 1623 static struct sockaddr_in6 * 1624 sctp_choose_v6_boundall(struct sctp_inpcb *inp, 1625 struct sctp_tcb *stcb, 1626 struct sctp_nets *net, 1627 struct rtentry *rt, 1628 uint8_t loc_scope, 1629 uint8_t loopscope, 1630 int non_asoc_addr_ok) 1631 { 1632 /* Ok, we are bound all SO any address 1633 * is ok to use as long as it is NOT in the negative 1634 * list. 1635 */ 1636 int num_eligible_addr; 1637 int cur_addr_num=0; 1638 int started_at_beginning=0; 1639 int match_scope_prefered; 1640 /* first question is, how many eligible addresses are 1641 * there for the destination ifn that we are using that 1642 * are within the proper scope? 1643 */ 1644 struct ifnet *ifn; 1645 struct sockaddr_in6 *sin6; 1646 int s; 1647 1648 ifn = rt->rt_ifp; 1649 if (net) { 1650 cur_addr_num = net->indx_of_eligible_next_to_use; 1651 } 1652 if (cur_addr_num == 0) { 1653 match_scope_prefered = 1; 1654 } else { 1655 match_scope_prefered = 0; 1656 } 1657 num_eligible_addr = sctp_count_v6_num_eligible_boundall (ifn, stcb, non_asoc_addr_ok, loopscope, loc_scope); 1658 #ifdef SCTP_DEBUG 1659 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1660 printf("Found %d eligible source addresses\n", num_eligible_addr); 1661 } 1662 #endif 1663 if (num_eligible_addr == 0) { 1664 /* no eligible addresses, we must use some other 1665 * interface address if we can find one. 1666 */ 1667 goto bound_all_v6_plan_b; 1668 } 1669 /* Ok we have num_eligible_addr set with how many we can use, 1670 * this may vary from call to call due to addresses being deprecated etc.. 1671 */ 1672 if (cur_addr_num >= num_eligible_addr) { 1673 cur_addr_num = 0; 1674 } 1675 /* select the nth address from the list (where cur_addr_num is the nth) and 1676 * 0 is the first one, 1 is the second one etc... 1677 */ 1678 #ifdef SCTP_DEBUG 1679 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1680 printf("cur_addr_num:%d match_scope_prefered:%d select it\n", 1681 cur_addr_num, match_scope_prefered); 1682 } 1683 #endif 1684 sin6 = sctp_select_v6_nth_addr_from_ifn_boundall (ifn, stcb, non_asoc_addr_ok, loopscope, 1685 loc_scope, cur_addr_num, match_scope_prefered); 1686 if (match_scope_prefered && (sin6 == NULL)) { 1687 /* retry without the preference for matching scope */ 1688 #ifdef SCTP_DEBUG 1689 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1690 printf("retry with no match_scope_prefered\n"); 1691 } 1692 #endif 1693 sin6 = sctp_select_v6_nth_addr_from_ifn_boundall (ifn, stcb, non_asoc_addr_ok, loopscope, 1694 loc_scope, cur_addr_num, 0); 1695 } 1696 if (sin6) { 1697 #ifdef SCTP_DEBUG 1698 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1699 printf("Selected address %d ifn:%p for the route\n", cur_addr_num, ifn); 1700 } 1701 #endif 1702 if (net) { 1703 /* store so we get the next one */ 1704 if (cur_addr_num < 255) 1705 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 1706 else 1707 net->indx_of_eligible_next_to_use = 0; 1708 } 1709 return (sin6); 1710 } 1711 num_eligible_addr = 0; 1712 bound_all_v6_plan_b: 1713 /* ok, if we reach here we either fell through 1714 * due to something changing during an interupt (unlikely) 1715 * or we have NO eligible source addresses for the ifn 1716 * of the route (most likely). We must look at all the other 1717 * interfaces EXCEPT rt->rt_ifp and do the same game. 1718 */ 1719 #ifdef SCTP_DEBUG 1720 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1721 printf("bound-all Plan B\n"); 1722 } 1723 #endif 1724 if (inp->next_ifn_touse == NULL) { 1725 started_at_beginning=1; 1726 inp->next_ifn_touse = IFNET_READER_FIRST(); 1727 #ifdef SCTP_DEBUG 1728 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1729 printf("Start at first IFN:%p\n", inp->next_ifn_touse); 1730 } 1731 #endif 1732 } else { 1733 inp->next_ifn_touse = IFNET_READER_NEXT(inp->next_ifn_touse); 1734 #ifdef SCTP_DEBUG 1735 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1736 printf("Resume at IFN:%p\n", inp->next_ifn_touse); 1737 } 1738 #endif 1739 if (inp->next_ifn_touse == NULL) { 1740 #ifdef SCTP_DEBUG 1741 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1742 printf("IFN Resets\n"); 1743 } 1744 #endif 1745 started_at_beginning=1; 1746 inp->next_ifn_touse = IFNET_READER_FIRST(); 1747 } 1748 } 1749 1750 s = pserialize_read_enter(); 1751 IFNET_READER_FOREACH(ifn) { 1752 if (loopscope == 0 && ifn->if_type == IFT_LOOP) { 1753 /* wrong base scope */ 1754 continue; 1755 } 1756 if (loc_scope && (ifn->if_index != loc_scope)) { 1757 /* by definition the scope (from to->sin6_scopeid) 1758 * must match that of the interface. If not then 1759 * we could pick a wrong scope for the address. 1760 * Ususally we don't hit plan-b since the route 1761 * handles this. However we can hit plan-b when 1762 * we send to local-host so the route is the 1763 * loopback interface, but the destination is a 1764 * link local. 1765 */ 1766 continue; 1767 } 1768 if (ifn == rt->rt_ifp) { 1769 /* already looked at this guy */ 1770 continue; 1771 } 1772 /* Address rotation will only work when we are not 1773 * rotating sourced interfaces and are using the interface 1774 * of the route. We would need to have a per interface index 1775 * in order to do proper rotation. 1776 */ 1777 num_eligible_addr = sctp_count_v6_num_eligible_boundall (ifn, stcb, non_asoc_addr_ok, loopscope, loc_scope); 1778 #ifdef SCTP_DEBUG 1779 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1780 printf("IFN:%p has %d eligible\n", ifn, num_eligible_addr); 1781 } 1782 #endif 1783 if (num_eligible_addr == 0) { 1784 /* none we can use */ 1785 continue; 1786 } 1787 /* Ok we have num_eligible_addr set with how many we can use, 1788 * this may vary from call to call due to addresses being deprecated etc.. 1789 */ 1790 inp->next_ifn_touse = ifn; 1791 1792 /* select the first one we can find with perference for matching scope. 1793 */ 1794 sin6 = sctp_select_v6_nth_addr_from_ifn_boundall (ifn, stcb, non_asoc_addr_ok, loopscope, loc_scope, 0, 1); 1795 if (sin6 == NULL) { 1796 /* can't find one with matching scope how about a source with higher 1797 * scope 1798 */ 1799 sin6 = sctp_select_v6_nth_addr_from_ifn_boundall (ifn, stcb, non_asoc_addr_ok, loopscope, loc_scope, 0, 0); 1800 if (sin6 == NULL) 1801 /* Hmm, can't find one in the interface now */ 1802 continue; 1803 } 1804 #ifdef SCTP_DEBUG 1805 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1806 printf("Selected the %d'th address of ifn:%p\n", 1807 cur_addr_num, ifn); 1808 } 1809 #endif 1810 pserialize_read_exit(s); 1811 return (sin6); 1812 } 1813 pserialize_read_exit(s); 1814 1815 if (started_at_beginning == 0) { 1816 /* we have not been through all of them yet, force 1817 * us to go through them all. 1818 */ 1819 #ifdef SCTP_DEBUG 1820 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1821 printf("Force a recycle\n"); 1822 } 1823 #endif 1824 inp->next_ifn_touse = NULL; 1825 goto bound_all_v6_plan_b; 1826 } 1827 return (NULL); 1828 1829 } 1830 1831 /* stcb and net may be NULL */ 1832 struct in6_addr 1833 sctp_ipv6_source_address_selection(struct sctp_inpcb *inp, 1834 struct sctp_tcb *stcb, struct route *ro, struct sctp_nets *net, 1835 int non_asoc_addr_ok) 1836 { 1837 struct in6_addr ans; 1838 struct sockaddr_in6 *rt_addr; 1839 uint8_t loc_scope, loopscope; 1840 struct sockaddr_in6 to; 1841 struct rtentry *rt; 1842 1843 /* 1844 * This routine is tricky standard v6 src address 1845 * selection cannot take into account what we have 1846 * bound etc, so we can't use it. 1847 * 1848 * Instead here is what we must do: 1849 * 1) Make sure we have a route, if we 1850 * don't have a route we can never reach the peer. 1851 * 2) Once we have a route, determine the scope of the 1852 * route. Link local, loopback or global. 1853 * 3) Next we divide into three types. Either we 1854 * are bound all.. which means we want to use 1855 * one of the addresses of the interface we are 1856 * going out. <or> 1857 * 4a) We have not stcb, which means we are using the 1858 * specific addresses bound on an inp, in this 1859 * case we are similar to the stcb case (4b below) 1860 * accept the list is always a positive list.<or> 1861 * 4b) We are bound specific with a stcb, which means we have a 1862 * list of bound addresses and we must see if the 1863 * ifn of the route is actually one of the bound addresses. 1864 * If not, then we must rotate addresses amongst properly 1865 * scoped bound addresses, if so we use the address 1866 * of the interface. 1867 * 5) Always, no matter which path we take through the above 1868 * we must be sure the source address we use is allowed to 1869 * be used. I.e. IN6_IFF_DETACHED, IN6_IFF_NOTREADY, and IN6_IFF_ANYCAST 1870 * addresses cannot be used. 1871 * 6) Addresses that are deprecated MAY be used 1872 * if (!ip6_use_deprecated) { 1873 * if (IFA6_IS_DEPRECATED(ifa6)) { 1874 * skip the address 1875 * } 1876 * } 1877 */ 1878 1879 /*** 1> determine route, if not already done */ 1880 rt = rtcache_validate(ro); 1881 if (rt == NULL) { 1882 /* 1883 * Need a route to cache. 1884 */ 1885 int scope_save; 1886 1887 memcpy(&to, rtcache_getdst(ro), sizeof(struct sockaddr)); 1888 scope_save = to.sin6_scope_id; 1889 to.sin6_scope_id = 0; 1890 1891 rt = rtcache_lookup(ro, (struct sockaddr *)&to); 1892 to.sin6_scope_id = scope_save; 1893 } 1894 if (rt == NULL) { 1895 /* 1896 * no route to host. this packet is going no-where. 1897 * We probably should make sure we arrange to send back 1898 * an error. 1899 */ 1900 #ifdef SCTP_DEBUG 1901 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1902 printf("No route to host, this packet cannot be sent!\n"); 1903 } 1904 #endif 1905 memset(&ans, 0, sizeof(ans)); 1906 return (ans); 1907 } 1908 1909 /*** 2a> determine scope for outbound address/route */ 1910 loc_scope = loopscope = 0; 1911 /* 1912 * We base our scope on the outbound packet scope and route, 1913 * NOT the TCB (if there is one). This way in local scope we will only 1914 * use a local scope src address when we send to a local address. 1915 */ 1916 1917 if (IN6_IS_ADDR_LOOPBACK(&to.sin6_addr)) { 1918 /* If the route goes to the loopback address OR 1919 * the address is a loopback address, we are loopback 1920 * scope. 1921 */ 1922 #ifdef SCTP_DEBUG 1923 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1924 printf("Loopback scope is set\n"); 1925 } 1926 #endif 1927 loc_scope = 0; 1928 loopscope = 1; 1929 if (net != NULL) { 1930 /* mark it as local */ 1931 net->addr_is_local = 1; 1932 } 1933 1934 } else if (IN6_IS_ADDR_LINKLOCAL(&to.sin6_addr)) { 1935 #ifdef SCTP_DEBUG 1936 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1937 printf("Link local scope is set, id:%d\n", to.sin6_scope_id); 1938 } 1939 #endif 1940 if (to.sin6_scope_id) 1941 loc_scope = to.sin6_scope_id; 1942 else { 1943 loc_scope = 1; 1944 } 1945 loopscope = 0; 1946 } else { 1947 #ifdef SCTP_DEBUG 1948 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1949 printf("Global scope is set\n"); 1950 } 1951 #endif 1952 } 1953 1954 /* now, depending on which way we are bound we call the appropriate 1955 * routine to do steps 3-6 1956 */ 1957 #ifdef SCTP_DEBUG 1958 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1959 printf("Destination address:"); 1960 sctp_print_address((struct sockaddr *)&to); 1961 } 1962 #endif 1963 1964 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 1965 #ifdef SCTP_DEBUG 1966 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1967 printf("Calling bound-all src addr selection for v6\n"); 1968 } 1969 #endif 1970 rt_addr = sctp_choose_v6_boundall(inp, stcb, net, rt, loc_scope, loopscope, non_asoc_addr_ok); 1971 } else { 1972 #ifdef SCTP_DEBUG 1973 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1974 printf("Calling bound-specific src addr selection for v6\n"); 1975 } 1976 #endif 1977 if (stcb) 1978 rt_addr = sctp_choose_v6_boundspecific_stcb(inp, stcb, net, rt, loc_scope, loopscope, non_asoc_addr_ok); 1979 else 1980 /* we can't have a non-asoc address since we have no association */ 1981 rt_addr = sctp_choose_v6_boundspecific_inp(inp, rt, loc_scope, loopscope); 1982 } 1983 if (rt_addr == NULL) { 1984 /* no suitable address? */ 1985 struct in6_addr in6; 1986 #ifdef SCTP_DEBUG 1987 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1988 printf("V6 packet will reach dead-end no suitable src address\n"); 1989 } 1990 #endif 1991 memset(&in6, 0, sizeof(in6)); 1992 return (in6); 1993 } 1994 #ifdef SCTP_DEBUG 1995 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1996 printf("Source address selected is:"); 1997 sctp_print_address((struct sockaddr *)rt_addr); 1998 } 1999 #endif 2000 return (rt_addr->sin6_addr); 2001 } 2002 2003 static uint8_t 2004 sctp_get_ect(struct sctp_tcb *stcb, 2005 struct sctp_tmit_chunk *chk) 2006 { 2007 uint8_t this_random; 2008 2009 /* Huh? */ 2010 if (sctp_ecn == 0) 2011 return (0); 2012 2013 if (sctp_ecn_nonce == 0) 2014 /* no nonce, always return ECT0 */ 2015 return (SCTP_ECT0_BIT); 2016 2017 if (stcb->asoc.peer_supports_ecn_nonce == 0) { 2018 /* Peer does NOT support it, so we send a ECT0 only */ 2019 return (SCTP_ECT0_BIT); 2020 } 2021 2022 if (chk == NULL) 2023 return (SCTP_ECT0_BIT); 2024 2025 if (((stcb->asoc.hb_random_idx == 3) && 2026 (stcb->asoc.hb_ect_randombit > 7)) || 2027 (stcb->asoc.hb_random_idx > 3)) { 2028 uint32_t rndval; 2029 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 2030 memcpy(stcb->asoc.hb_random_values, &rndval, 2031 sizeof(stcb->asoc.hb_random_values)); 2032 this_random = stcb->asoc.hb_random_values[0]; 2033 stcb->asoc.hb_random_idx = 0; 2034 stcb->asoc.hb_ect_randombit = 0; 2035 } else { 2036 if (stcb->asoc.hb_ect_randombit > 7) { 2037 stcb->asoc.hb_ect_randombit = 0; 2038 stcb->asoc.hb_random_idx++; 2039 } 2040 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx]; 2041 } 2042 if ((this_random >> stcb->asoc.hb_ect_randombit) & 0x01) { 2043 if (chk != NULL) 2044 /* ECN Nonce stuff */ 2045 chk->rec.data.ect_nonce = SCTP_ECT1_BIT; 2046 stcb->asoc.hb_ect_randombit++; 2047 return (SCTP_ECT1_BIT); 2048 } else { 2049 stcb->asoc.hb_ect_randombit++; 2050 return (SCTP_ECT0_BIT); 2051 } 2052 } 2053 2054 extern int sctp_no_csum_on_loopback; 2055 2056 static int 2057 sctp_lowlevel_chunk_output(struct sctp_inpcb *inp, 2058 struct sctp_tcb *stcb, /* may be NULL */ 2059 struct sctp_nets *net, 2060 const struct sockaddr *to, 2061 struct mbuf *m, 2062 int nofragment_flag, 2063 int ecn_ok, 2064 struct sctp_tmit_chunk *chk, 2065 int out_of_asoc_ok) 2066 /* nofragment_flag to tell if IP_DF should be set (IPv4 only) */ 2067 { 2068 /* 2069 * Given a mbuf chain (via m_next) that holds a packet header 2070 * WITH a SCTPHDR but no IP header, endpoint inp and sa structure. 2071 * - calculate SCTP checksum and fill in 2072 * - prepend a IP address header 2073 * - if boundall use INADDR_ANY 2074 * - if boundspecific do source address selection 2075 * - set fragmentation option for ipV4 2076 * - On return from IP output, check/adjust mtu size 2077 * - of output interface and smallest_mtu size as well. 2078 */ 2079 struct sctphdr *sctphdr; 2080 int o_flgs; 2081 uint32_t csum; 2082 int ret; 2083 unsigned int have_mtu; 2084 struct route *ro; 2085 struct rtentry *rt; 2086 2087 if ((net) && (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE)) { 2088 sctp_m_freem(m); 2089 return (EFAULT); 2090 } 2091 if ((m->m_flags & M_PKTHDR) == 0) { 2092 #ifdef SCTP_DEBUG 2093 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 2094 printf("Software error: sctp_lowlevel_chunk_output() called with non pkthdr!\n"); 2095 } 2096 #endif 2097 sctp_m_freem(m); 2098 return (EFAULT); 2099 } 2100 /* Calculate the csum and fill in the length of the packet */ 2101 sctphdr = mtod(m, struct sctphdr *); 2102 have_mtu = 0; 2103 if (sctp_no_csum_on_loopback && 2104 (stcb) && 2105 (stcb->asoc.loopback_scope)) { 2106 sctphdr->checksum = 0; 2107 m->m_pkthdr.len = sctp_calculate_len(m); 2108 } else { 2109 sctphdr->checksum = 0; 2110 csum = sctp_calculate_sum(m, &m->m_pkthdr.len, 0); 2111 sctphdr->checksum = csum; 2112 } 2113 if (to->sa_family == AF_INET) { 2114 struct ip *ip; 2115 static struct route iproute; 2116 M_PREPEND(m, sizeof(struct ip), M_DONTWAIT); 2117 if (m == NULL) { 2118 /* failed to prepend data, give up */ 2119 return (ENOMEM); 2120 } 2121 ip = mtod(m, struct ip *); 2122 ip->ip_v = IPVERSION; 2123 ip->ip_hl = (sizeof(struct ip) >> 2); 2124 if (nofragment_flag) { 2125 ip->ip_off = htons(IP_DF); 2126 } else 2127 ip->ip_off = 0; 2128 2129 ip->ip_id = htons(ip_newid(NULL)); 2130 ip->ip_ttl = inp->inp_ip_ttl; 2131 ip->ip_len = htons(m->m_pkthdr.len); 2132 if (stcb) { 2133 if ((stcb->asoc.ecn_allowed) && ecn_ok) { 2134 /* Enable ECN */ 2135 ip->ip_tos = (u_char)((inp->ip_inp.inp.inp_ip.ip_tos & 0x000000fc) | 2136 sctp_get_ect(stcb, chk)); 2137 } else { 2138 /* No ECN */ 2139 ip->ip_tos = inp->ip_inp.inp.inp_ip.ip_tos; 2140 } 2141 } else { 2142 /* no association at all */ 2143 ip->ip_tos = inp->inp_ip_tos; 2144 } 2145 ip->ip_p = IPPROTO_SCTP; 2146 ip->ip_sum = 0; 2147 #ifdef SCTP_DEBUG 2148 printf("chunk_output: net %p\n", net); 2149 #endif 2150 if (net == NULL) { 2151 ro = &iproute; 2152 memset(&iproute, 0, sizeof(iproute)); 2153 rtcache_lookup(ro, to); 2154 } else { 2155 ro = (struct route *)&net->ro; 2156 } 2157 /* Now the address selection part */ 2158 ip->ip_dst.s_addr = satocsin(to)->sin_addr.s_addr; 2159 2160 /* call the routine to select the src address */ 2161 if (net) { 2162 if (net->src_addr_selected == 0) { 2163 /* Cache the source address */ 2164 ((struct sockaddr_in *)&net->_s_addr)->sin_addr = sctp_ipv4_source_address_selection(inp, 2165 stcb, 2166 ro, net, out_of_asoc_ok); 2167 if (rtcache_validate(ro)) { 2168 net->src_addr_selected = 1; 2169 } 2170 } 2171 ip->ip_src = ((struct sockaddr_in *)&net->_s_addr)->sin_addr; 2172 } else { 2173 ip->ip_src = sctp_ipv4_source_address_selection(inp, 2174 stcb, ro, net, out_of_asoc_ok); 2175 } 2176 #ifdef SCTP_DEBUG 2177 printf("src addr %x\n", ip->ip_src.s_addr); 2178 #endif 2179 /* 2180 * If source address selection fails and we find no route then 2181 * the ip_ouput should fail as well with a NO_ROUTE_TO_HOST 2182 * type error. We probably should catch that somewhere and 2183 * abort the association right away (assuming this is an INIT 2184 * being sent). 2185 */ 2186 rt = rtcache_validate(ro); 2187 if ((rt == NULL)) { 2188 /* 2189 * src addr selection failed to find a route (or valid 2190 * source addr), so we can't get there from here! 2191 */ 2192 #ifdef SCTP_DEBUG 2193 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 2194 printf("low_level_output: dropped v4 packet- no valid source addr\n"); 2195 printf("Destination was %x\n", (u_int)(ntohl(ip->ip_dst.s_addr))); 2196 } 2197 #endif /* SCTP_DEBUG */ 2198 if (net) { 2199 if ((net->dest_state & SCTP_ADDR_REACHABLE) && stcb) 2200 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN, 2201 stcb, 2202 SCTP_FAILED_THRESHOLD, 2203 (void *)net); 2204 net->dest_state &= ~SCTP_ADDR_REACHABLE; 2205 net->dest_state |= SCTP_ADDR_NOT_REACHABLE; 2206 if (stcb) { 2207 if (net == stcb->asoc.primary_destination) { 2208 /* need a new primary */ 2209 struct sctp_nets *alt; 2210 alt = sctp_find_alternate_net(stcb, net); 2211 if (alt != net) { 2212 if (sctp_set_primary_addr(stcb, 2213 (struct sockaddr *)NULL, 2214 alt) == 0) { 2215 net->dest_state |= SCTP_ADDR_WAS_PRIMARY; 2216 net->src_addr_selected = 0; 2217 } 2218 } 2219 } 2220 } 2221 } 2222 sctp_m_freem(m); 2223 return (EHOSTUNREACH); 2224 } else { 2225 have_mtu = rt->rt_ifp->if_mtu; 2226 } 2227 2228 o_flgs = (IP_RAWOUTPUT | (inp->sctp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST))); 2229 #ifdef SCTP_DEBUG 2230 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 2231 printf("Calling ipv4 output routine from low level src addr:%x\n", 2232 (u_int)(ntohl(ip->ip_src.s_addr))); 2233 printf("Destination is %x\n", (u_int)(ntohl(ip->ip_dst.s_addr))); 2234 printf("RTP route is %p through\n", rt); 2235 printf("length %d\n", ip->ip_len); 2236 } 2237 #endif 2238 if ((have_mtu) && (net) && (have_mtu > net->mtu)) { 2239 rt->rt_ifp->if_mtu = net->mtu; 2240 } 2241 ret = ip_output(m, inp->ip_inp.inp.inp_options, 2242 ro, o_flgs, inp->ip_inp.inp.inp_moptions, 2243 (struct socket *)inp->sctp_socket); 2244 if ((rt) && (have_mtu) && (net) && (have_mtu > net->mtu)) { 2245 rt->rt_ifp->if_mtu = have_mtu; 2246 } 2247 sctp_pegs[SCTP_DATAGRAMS_SENT]++; 2248 #ifdef SCTP_DEBUG 2249 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 2250 printf("Ip output returns %d\n", ret); 2251 } 2252 #endif 2253 if (net == NULL) { 2254 } else { 2255 /* PMTU check versus smallest asoc MTU goes here */ 2256 if (rt != NULL) { 2257 if (rt->rt_rmx.rmx_mtu && 2258 (stcb->asoc.smallest_mtu > rt->rt_rmx.rmx_mtu)) { 2259 sctp_mtu_size_reset(inp, &stcb->asoc, 2260 rt->rt_rmx.rmx_mtu); 2261 } 2262 } else { 2263 /* route was freed */ 2264 net->src_addr_selected = 0; 2265 } 2266 } 2267 return (ret); 2268 } 2269 #ifdef INET6 2270 else if (to->sa_family == AF_INET6) { 2271 struct ip6_hdr *ip6h; 2272 static struct route ip6route; 2273 struct ifnet *ifp; 2274 u_char flowTop; 2275 uint16_t flowBottom; 2276 u_char tosBottom, tosTop; 2277 struct sockaddr_in6 *sin6, tmp, *lsa6, lsa6_tmp; 2278 int prev_scope=0; 2279 u_short prev_port=0; 2280 2281 M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); 2282 if (m == NULL) { 2283 /* failed to prepend data, give up */ 2284 return (ENOMEM); 2285 } 2286 ip6h = mtod(m, struct ip6_hdr *); 2287 2288 /* 2289 * We assume here that inp_flow is in host byte order within 2290 * the TCB! 2291 */ 2292 flowBottom = ((struct in6pcb *)inp)->in6p_flowinfo & 0x0000ffff; 2293 flowTop = ((((struct in6pcb *)inp)->in6p_flowinfo & 0x000f0000) >> 16); 2294 2295 tosTop = (((((struct in6pcb *)inp)->in6p_flowinfo & 0xf0) >> 4) | IPV6_VERSION); 2296 2297 /* protect *sin6 from overwrite */ 2298 memcpy(&tmp, to, sizeof(struct sockaddr_in6)); 2299 sin6 = &tmp; 2300 2301 /* KAME hack: embed scopeid */ 2302 #if defined(SCTP_BASE_FREEBSD) || defined(__APPLE__) 2303 if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL) != 0) 2304 #else 2305 /* 2306 * XXX: appropriate scope zone must be provided or otherwise 2307 * ip6_use_defzone must be 1. 2308 */ 2309 if (sa6_embedscope(sin6, ip6_use_defzone) != 0) 2310 #endif 2311 return (EINVAL); 2312 if (net == NULL) { 2313 memset(&ip6route, 0, sizeof(ip6route)); 2314 ro = (struct route *)&ip6route; 2315 rtcache_lookup(ro, (struct sockaddr *) sin6); 2316 } else { 2317 ro = (struct route *)&net->ro; 2318 } 2319 if (stcb != NULL) { 2320 if ((stcb->asoc.ecn_allowed) && ecn_ok) { 2321 /* Enable ECN */ 2322 tosBottom = (((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) | sctp_get_ect(stcb, chk)) << 4); 2323 } else { 2324 /* No ECN */ 2325 tosBottom = ((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) << 4); 2326 } 2327 } else { 2328 /* we could get no asoc if it is a O-O-T-B packet */ 2329 tosBottom = ((((struct in6pcb *)inp)->in6p_flowinfo & 0x0c) << 4); 2330 } 2331 ip6h->ip6_flow = htonl(((tosTop << 24) | ((tosBottom|flowTop) << 16) | flowBottom)); 2332 ip6h->ip6_nxt = IPPROTO_SCTP; 2333 ip6h->ip6_plen = m->m_pkthdr.len; 2334 ip6h->ip6_dst = sin6->sin6_addr; 2335 2336 /* 2337 * Add SRC address selection here: 2338 * we can only reuse to a limited degree the kame src-addr-sel, 2339 * since we can try their selection but it may not be bound. 2340 */ 2341 memset(&lsa6_tmp, 0, sizeof(lsa6_tmp)); 2342 lsa6_tmp.sin6_family = AF_INET6; 2343 lsa6_tmp.sin6_len = sizeof(lsa6_tmp); 2344 lsa6 = &lsa6_tmp; 2345 rt = rtcache_validate(ro); 2346 if (net) { 2347 if (net->src_addr_selected == 0) { 2348 /* Cache the source address */ 2349 ((struct sockaddr_in6 *)&net->_s_addr)->sin6_addr = sctp_ipv6_source_address_selection(inp, 2350 stcb, ro, net, out_of_asoc_ok); 2351 2352 if (rt != NULL) { 2353 net->src_addr_selected = 1; 2354 } 2355 } 2356 lsa6->sin6_addr = ((struct sockaddr_in6 *)&net->_s_addr)->sin6_addr; 2357 } else { 2358 lsa6->sin6_addr = sctp_ipv6_source_address_selection( 2359 inp, stcb, ro, net, out_of_asoc_ok); 2360 } 2361 lsa6->sin6_port = inp->sctp_lport; 2362 2363 if ((rt == NULL)) { 2364 /* 2365 * src addr selection failed to find a route (or valid 2366 * source addr), so we can't get there from here! 2367 */ 2368 #ifdef SCTP_DEBUG 2369 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 2370 printf("low_level_output: dropped v6 pkt- no valid source addr\n"); 2371 } 2372 #endif 2373 sctp_m_freem(m); 2374 if (net) { 2375 if ((net->dest_state & SCTP_ADDR_REACHABLE) && stcb) 2376 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN, 2377 stcb, 2378 SCTP_FAILED_THRESHOLD, 2379 (void *)net); 2380 net->dest_state &= ~SCTP_ADDR_REACHABLE; 2381 net->dest_state |= SCTP_ADDR_NOT_REACHABLE; 2382 if (stcb) { 2383 if (net == stcb->asoc.primary_destination) { 2384 /* need a new primary */ 2385 struct sctp_nets *alt; 2386 alt = sctp_find_alternate_net(stcb, net); 2387 if (alt != net) { 2388 if (sctp_set_primary_addr(stcb, 2389 (struct sockaddr *)NULL, 2390 alt) == 0) { 2391 net->dest_state |= SCTP_ADDR_WAS_PRIMARY; 2392 net->src_addr_selected = 0; 2393 } 2394 } 2395 } 2396 } 2397 } 2398 return (EHOSTUNREACH); 2399 } 2400 2401 ip6h->ip6_src = lsa6->sin6_addr; 2402 2403 /* 2404 * We set the hop limit now since there is a good chance that 2405 * our ro pointer is now filled 2406 */ 2407 ip6h->ip6_hlim = in6_selecthlim((struct in6pcb *)&inp->ip_inp.inp, 2408 (ro ? 2409 (rt ? (rt->rt_ifp) : (NULL)) : 2410 (NULL))); 2411 o_flgs = 0; 2412 ifp = rt->rt_ifp; 2413 #ifdef SCTP_DEBUG 2414 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 2415 /* Copy to be sure something bad is not happening */ 2416 sin6->sin6_addr = ip6h->ip6_dst; 2417 lsa6->sin6_addr = ip6h->ip6_src; 2418 2419 printf("Calling ipv6 output routine from low level\n"); 2420 printf("src: "); 2421 sctp_print_address((struct sockaddr *)lsa6); 2422 printf("dst: "); 2423 sctp_print_address((struct sockaddr *)sin6); 2424 } 2425 #endif /* SCTP_DEBUG */ 2426 if (net) { 2427 sin6 = (struct sockaddr_in6 *)&net->ro.ro_sa; 2428 /* preserve the port and scope for link local send */ 2429 prev_scope = sin6->sin6_scope_id; 2430 prev_port = sin6->sin6_port; 2431 } 2432 ret = ip6_output(m, ((struct in6pcb *)inp)->in6p_outputopts, 2433 ro, 2434 o_flgs, 2435 ((struct in6pcb *)inp)->in6p_moptions, 2436 (struct socket *)inp->sctp_socket, 2437 &ifp); 2438 if (net) { 2439 /* for link local this must be done */ 2440 sin6->sin6_scope_id = prev_scope; 2441 sin6->sin6_port = prev_port; 2442 } 2443 #ifdef SCTP_DEBUG 2444 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 2445 printf("return from send is %d\n", ret); 2446 } 2447 #endif /* SCTP_DEBUG_OUTPUT */ 2448 sctp_pegs[SCTP_DATAGRAMS_SENT]++; 2449 if (net) { 2450 /* PMTU check versus smallest asoc MTU goes here */ 2451 rt = rtcache_validate(ro); 2452 if (rt == NULL) { 2453 /* Route was freed */ 2454 net->src_addr_selected = 0; 2455 } 2456 if (rt != NULL) { 2457 if (rt->rt_rmx.rmx_mtu && 2458 (stcb->asoc.smallest_mtu > rt->rt_rmx.rmx_mtu)) { 2459 sctp_mtu_size_reset(inp, 2460 &stcb->asoc, 2461 rt->rt_rmx.rmx_mtu); 2462 } 2463 } else if (ifp) { 2464 if (ND_IFINFO(ifp)->linkmtu && 2465 (stcb->asoc.smallest_mtu > ND_IFINFO(ifp)->linkmtu)) { 2466 sctp_mtu_size_reset(inp, 2467 &stcb->asoc, 2468 ND_IFINFO(ifp)->linkmtu); 2469 } 2470 } 2471 } 2472 return (ret); 2473 } 2474 #endif 2475 else { 2476 #ifdef SCTP_DEBUG 2477 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 2478 printf("Unknown protocol (TSNH) type %d\n", ((const struct sockaddr *)to)->sa_family); 2479 } 2480 #endif 2481 sctp_m_freem(m); 2482 return (EFAULT); 2483 } 2484 } 2485 2486 static 2487 int sctp_is_address_in_scope(struct ifaddr *ifa, 2488 int ipv4_addr_legal, 2489 int ipv6_addr_legal, 2490 int loopback_scope, 2491 int ipv4_local_scope, 2492 int local_scope, 2493 int site_scope) 2494 { 2495 if ((loopback_scope == 0) && 2496 (ifa->ifa_ifp) && 2497 (ifa->ifa_ifp->if_type == IFT_LOOP)) { 2498 /* skip loopback if not in scope * 2499 */ 2500 return (0); 2501 } 2502 if ((ifa->ifa_addr->sa_family == AF_INET) && ipv4_addr_legal) { 2503 struct sockaddr_in *sin; 2504 sin = (struct sockaddr_in *)ifa->ifa_addr; 2505 if (sin->sin_addr.s_addr == 0) { 2506 /* not in scope , unspecified */ 2507 return (0); 2508 } 2509 if ((ipv4_local_scope == 0) && 2510 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 2511 /* private address not in scope */ 2512 return (0); 2513 } 2514 } else if ((ifa->ifa_addr->sa_family == AF_INET6) && ipv6_addr_legal) { 2515 struct sockaddr_in6 *sin6; 2516 struct in6_ifaddr *ifa6; 2517 2518 ifa6 = (struct in6_ifaddr *)ifa; 2519 /* ok to use deprecated addresses? */ 2520 if (!ip6_use_deprecated) { 2521 if (ifa6->ia6_flags & 2522 IN6_IFF_DEPRECATED) { 2523 return (0); 2524 } 2525 } 2526 if (ifa6->ia6_flags & 2527 (IN6_IFF_DETACHED | 2528 IN6_IFF_ANYCAST | 2529 IN6_IFF_NOTREADY)) { 2530 return (0); 2531 } 2532 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 2533 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 2534 /* skip unspecifed addresses */ 2535 return (0); 2536 } 2537 if (/*(local_scope == 0) && */ 2538 (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) { 2539 return (0); 2540 } 2541 if ((site_scope == 0) && 2542 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 2543 return (0); 2544 } 2545 } else { 2546 return (0); 2547 } 2548 return (1); 2549 } 2550 2551 2552 void 2553 sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb) 2554 { 2555 struct mbuf *m, *m_at, *m_last; 2556 struct sctp_nets *net; 2557 struct sctp_init_msg *initm; 2558 struct sctp_supported_addr_param *sup_addr; 2559 struct sctp_ecn_supported_param *ecn; 2560 struct sctp_prsctp_supported_param *prsctp; 2561 struct sctp_ecn_nonce_supported_param *ecn_nonce; 2562 struct sctp_supported_chunk_types_param *pr_supported; 2563 int cnt_inits_to=0; 2564 int padval, ret; 2565 2566 /* INIT's always go to the primary (and usually ONLY address) */ 2567 m_last = NULL; 2568 net = stcb->asoc.primary_destination; 2569 if (net == NULL) { 2570 net = TAILQ_FIRST(&stcb->asoc.nets); 2571 if (net == NULL) { 2572 /* TSNH */ 2573 return; 2574 } 2575 /* we confirm any address we send an INIT to */ 2576 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 2577 sctp_set_primary_addr(stcb, NULL, net); 2578 } else { 2579 /* we confirm any address we send an INIT to */ 2580 net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; 2581 } 2582 #ifdef SCTP_DEBUG 2583 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 2584 printf("Sending INIT to "); 2585 sctp_print_address (rtcache_getdst(&net->ro)); 2586 } 2587 #endif 2588 if (rtcache_getdst(&net->ro)->sa_family == AF_INET6) { 2589 /* special hook, if we are sending to link local 2590 * it will not show up in our private address count. 2591 */ 2592 if (IN6_IS_ADDR_LINKLOCAL((const struct in6_addr *) rtcache_getdst(&net->ro)->sa_data)) 2593 cnt_inits_to = 1; 2594 } 2595 if (callout_pending(&net->rxt_timer.timer)) { 2596 /* This case should not happen */ 2597 return; 2598 } 2599 /* start the INIT timer */ 2600 if (sctp_timer_start(SCTP_TIMER_TYPE_INIT, inp, stcb, net)) { 2601 /* we are hosed since I can't start the INIT timer? */ 2602 return; 2603 } 2604 MGETHDR(m, M_DONTWAIT, MT_HEADER); 2605 if (m == NULL) { 2606 /* No memory, INIT timer will re-attempt. */ 2607 return; 2608 } 2609 /* make it into a M_EXT */ 2610 MCLGET(m, M_DONTWAIT); 2611 if ((m->m_flags & M_EXT) != M_EXT) { 2612 /* Failed to get cluster buffer */ 2613 sctp_m_freem(m); 2614 return; 2615 } 2616 m->m_data += SCTP_MIN_OVERHEAD; 2617 m->m_len = sizeof(struct sctp_init_msg); 2618 /* Now lets put the SCTP header in place */ 2619 initm = mtod(m, struct sctp_init_msg *); 2620 initm->sh.src_port = inp->sctp_lport; 2621 initm->sh.dest_port = stcb->rport; 2622 initm->sh.v_tag = 0; 2623 initm->sh.checksum = 0; /* calculate later */ 2624 /* now the chunk header */ 2625 initm->msg.ch.chunk_type = SCTP_INITIATION; 2626 initm->msg.ch.chunk_flags = 0; 2627 /* fill in later from mbuf we build */ 2628 initm->msg.ch.chunk_length = 0; 2629 /* place in my tag */ 2630 initm->msg.init.initiate_tag = htonl(stcb->asoc.my_vtag); 2631 /* set up some of the credits. */ 2632 initm->msg.init.a_rwnd = htonl(max(inp->sctp_socket->so_rcv.sb_hiwat, 2633 SCTP_MINIMAL_RWND)); 2634 2635 initm->msg.init.num_outbound_streams = htons(stcb->asoc.pre_open_streams); 2636 initm->msg.init.num_inbound_streams = htons(stcb->asoc.max_inbound_streams); 2637 initm->msg.init.initial_tsn = htonl(stcb->asoc.init_seq_number); 2638 /* now the address restriction */ 2639 sup_addr = (struct sctp_supported_addr_param *)((vaddr_t)initm + 2640 sizeof(*initm)); 2641 sup_addr->ph.param_type = htons(SCTP_SUPPORTED_ADDRTYPE); 2642 /* we support 2 types IPv6/IPv4 */ 2643 sup_addr->ph.param_length = htons(sizeof(*sup_addr) + 2644 sizeof(uint16_t)); 2645 sup_addr->addr_type[0] = htons(SCTP_IPV4_ADDRESS); 2646 sup_addr->addr_type[1] = htons(SCTP_IPV6_ADDRESS); 2647 m->m_len += sizeof(*sup_addr) + sizeof(uint16_t); 2648 2649 /* if (inp->sctp_flags & SCTP_PCB_FLAGS_ADAPTIONEVNT) {*/ 2650 if (inp->sctp_ep.adaption_layer_indicator) { 2651 struct sctp_adaption_layer_indication *ali; 2652 ali = (struct sctp_adaption_layer_indication *)( 2653 (vaddr_t)sup_addr + sizeof(*sup_addr) + sizeof(uint16_t)); 2654 ali->ph.param_type = htons(SCTP_ULP_ADAPTION); 2655 ali->ph.param_length = htons(sizeof(*ali)); 2656 ali->indication = ntohl(inp->sctp_ep.adaption_layer_indicator); 2657 m->m_len += sizeof(*ali); 2658 ecn = (struct sctp_ecn_supported_param *)((vaddr_t)ali + 2659 sizeof(*ali)); 2660 } else { 2661 ecn = (struct sctp_ecn_supported_param *)((vaddr_t)sup_addr + 2662 sizeof(*sup_addr) + sizeof(uint16_t)); 2663 } 2664 2665 /* now any cookie time extensions */ 2666 if (stcb->asoc.cookie_preserve_req) { 2667 struct sctp_cookie_perserve_param *cookie_preserve; 2668 cookie_preserve = (struct sctp_cookie_perserve_param *)(ecn); 2669 cookie_preserve->ph.param_type = htons(SCTP_COOKIE_PRESERVE); 2670 cookie_preserve->ph.param_length = htons( 2671 sizeof(*cookie_preserve)); 2672 cookie_preserve->time = htonl(stcb->asoc.cookie_preserve_req); 2673 m->m_len += sizeof(*cookie_preserve); 2674 ecn = (struct sctp_ecn_supported_param *)( 2675 (vaddr_t)cookie_preserve + sizeof(*cookie_preserve)); 2676 stcb->asoc.cookie_preserve_req = 0; 2677 } 2678 2679 /* ECN parameter */ 2680 if (sctp_ecn == 1) { 2681 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE); 2682 ecn->ph.param_length = htons(sizeof(*ecn)); 2683 m->m_len += sizeof(*ecn); 2684 prsctp = (struct sctp_prsctp_supported_param *)((vaddr_t)ecn + 2685 sizeof(*ecn)); 2686 } else { 2687 prsctp = (struct sctp_prsctp_supported_param *)((vaddr_t)ecn); 2688 } 2689 /* And now tell the peer we do pr-sctp */ 2690 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED); 2691 prsctp->ph.param_length = htons(sizeof(*prsctp)); 2692 m->m_len += sizeof(*prsctp); 2693 2694 2695 /* And now tell the peer we do all the extensions */ 2696 pr_supported = (struct sctp_supported_chunk_types_param *)((vaddr_t)prsctp + 2697 sizeof(*prsctp)); 2698 2699 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 2700 pr_supported->ph.param_length = htons(sizeof(*pr_supported) + SCTP_EXT_COUNT); 2701 pr_supported->chunk_types[0] = SCTP_ASCONF; 2702 pr_supported->chunk_types[1] = SCTP_ASCONF_ACK; 2703 pr_supported->chunk_types[2] = SCTP_FORWARD_CUM_TSN; 2704 pr_supported->chunk_types[3] = SCTP_PACKET_DROPPED; 2705 pr_supported->chunk_types[4] = SCTP_STREAM_RESET; 2706 pr_supported->chunk_types[5] = 0; /* pad */ 2707 pr_supported->chunk_types[6] = 0; /* pad */ 2708 pr_supported->chunk_types[7] = 0; /* pad */ 2709 2710 m->m_len += (sizeof(*pr_supported) + SCTP_EXT_COUNT + SCTP_PAD_EXT_COUNT); 2711 /* ECN nonce: And now tell the peer we support ECN nonce */ 2712 2713 if (sctp_ecn_nonce) { 2714 ecn_nonce = (struct sctp_ecn_nonce_supported_param *)((vaddr_t)pr_supported + 2715 sizeof(*pr_supported) + SCTP_EXT_COUNT + SCTP_PAD_EXT_COUNT); 2716 ecn_nonce->ph.param_type = htons(SCTP_ECN_NONCE_SUPPORTED); 2717 ecn_nonce->ph.param_length = htons(sizeof(*ecn_nonce)); 2718 m->m_len += sizeof(*ecn_nonce); 2719 } 2720 2721 m_at = m; 2722 /* now the addresses */ 2723 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 2724 struct ifnet *ifn; 2725 struct ifaddr *ifa; 2726 int cnt; 2727 int s; 2728 2729 cnt = cnt_inits_to; 2730 s = pserialize_read_enter(); 2731 IFNET_READER_FOREACH(ifn) { 2732 if ((stcb->asoc.loopback_scope == 0) && 2733 (ifn->if_type == IFT_LOOP)) { 2734 /* 2735 * Skip loopback devices if loopback_scope 2736 * not set 2737 */ 2738 continue; 2739 } 2740 IFADDR_READER_FOREACH(ifa, ifn) { 2741 if (sctp_is_address_in_scope(ifa, 2742 stcb->asoc.ipv4_addr_legal, 2743 stcb->asoc.ipv6_addr_legal, 2744 stcb->asoc.loopback_scope, 2745 stcb->asoc.ipv4_local_scope, 2746 stcb->asoc.local_scope, 2747 stcb->asoc.site_scope) == 0) { 2748 continue; 2749 } 2750 cnt++; 2751 } 2752 } 2753 pserialize_read_exit(s); 2754 2755 if (cnt > 1) { 2756 s = pserialize_read_enter(); 2757 IFNET_READER_FOREACH(ifn) { 2758 if ((stcb->asoc.loopback_scope == 0) && 2759 (ifn->if_type == IFT_LOOP)) { 2760 /* 2761 * Skip loopback devices if loopback_scope 2762 * not set 2763 */ 2764 continue; 2765 } 2766 IFADDR_READER_FOREACH(ifa, ifn) { 2767 if (sctp_is_address_in_scope(ifa, 2768 stcb->asoc.ipv4_addr_legal, 2769 stcb->asoc.ipv6_addr_legal, 2770 stcb->asoc.loopback_scope, 2771 stcb->asoc.ipv4_local_scope, 2772 stcb->asoc.local_scope, 2773 stcb->asoc.site_scope) == 0) { 2774 continue; 2775 } 2776 m_at = sctp_add_addr_to_mbuf(m_at, ifa); 2777 } 2778 } 2779 pserialize_read_exit(s); 2780 } 2781 } else { 2782 struct sctp_laddr *laddr; 2783 int cnt; 2784 cnt = cnt_inits_to; 2785 /* First, how many ? */ 2786 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2787 if (laddr->ifa == NULL) { 2788 continue; 2789 } 2790 if (laddr->ifa->ifa_addr == NULL) 2791 continue; 2792 if (sctp_is_address_in_scope(laddr->ifa, 2793 stcb->asoc.ipv4_addr_legal, 2794 stcb->asoc.ipv6_addr_legal, 2795 stcb->asoc.loopback_scope, 2796 stcb->asoc.ipv4_local_scope, 2797 stcb->asoc.local_scope, 2798 stcb->asoc.site_scope) == 0) { 2799 continue; 2800 } 2801 cnt++; 2802 } 2803 /* To get through a NAT we only list addresses if 2804 * we have more than one. That way if you just 2805 * bind a single address we let the source of the init 2806 * dictate our address. 2807 */ 2808 if (cnt > 1) { 2809 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2810 if (laddr->ifa == NULL) { 2811 continue; 2812 } 2813 if (laddr->ifa->ifa_addr == NULL) { 2814 continue; 2815 } 2816 2817 if (sctp_is_address_in_scope(laddr->ifa, 2818 stcb->asoc.ipv4_addr_legal, 2819 stcb->asoc.ipv6_addr_legal, 2820 stcb->asoc.loopback_scope, 2821 stcb->asoc.ipv4_local_scope, 2822 stcb->asoc.local_scope, 2823 stcb->asoc.site_scope) == 0) { 2824 continue; 2825 } 2826 m_at = sctp_add_addr_to_mbuf(m_at, laddr->ifa); 2827 } 2828 } 2829 } 2830 /* calulate the size and update pkt header and chunk header */ 2831 m->m_pkthdr.len = 0; 2832 for (m_at = m; m_at; m_at = m_at->m_next) { 2833 if (m_at->m_next == NULL) 2834 m_last = m_at; 2835 m->m_pkthdr.len += m_at->m_len; 2836 } 2837 initm->msg.ch.chunk_length = htons((m->m_pkthdr.len - 2838 sizeof(struct sctphdr))); 2839 #ifdef SCTP_DEBUG 2840 printf("chunk_length %d\n", ntohs(initm->msg.ch.chunk_length)); 2841 #endif 2842 /* We pass 0 here to NOT set IP_DF if its IPv4, we 2843 * ignore the return here since the timer will drive 2844 * a retranmission. 2845 */ 2846 2847 /* I don't expect this to execute but we will be safe here */ 2848 padval = m->m_pkthdr.len % 4; 2849 if ((padval) && (m_last)) { 2850 /* The compiler worries that m_last may not be 2851 * set even though I think it is impossible :-> 2852 * however we add m_last here just in case. 2853 */ 2854 ret = sctp_add_pad_tombuf(m_last, (4-padval)); 2855 if (ret) { 2856 /* Houston we have a problem, no space */ 2857 sctp_m_freem(m); 2858 return; 2859 } 2860 m->m_pkthdr.len += padval; 2861 } 2862 #ifdef SCTP_DEBUG 2863 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 2864 printf("Calling lowlevel output stcb:%p net:%p\n", 2865 stcb, net); 2866 } 2867 #endif 2868 ret = sctp_lowlevel_chunk_output(inp, stcb, net, 2869 rtcache_getdst(&net->ro), m, 0, 0, NULL, 0); 2870 #ifdef SCTP_DEBUG 2871 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 2872 printf("Low level output returns %d\n", ret); 2873 } 2874 #endif 2875 sctp_timer_start(SCTP_TIMER_TYPE_INIT, inp, stcb, net); 2876 SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 2877 } 2878 2879 struct mbuf * 2880 sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt, 2881 int param_offset, int *abort_processing, struct sctp_chunkhdr *cp) 2882 { 2883 /* Given a mbuf containing an INIT or INIT-ACK 2884 * with the param_offset being equal to the 2885 * beginning of the params i.e. (iphlen + sizeof(struct sctp_init_msg) 2886 * parse through the parameters to the end of the mbuf verifying 2887 * that all parameters are known. 2888 * 2889 * For unknown parameters build and return a mbuf with 2890 * UNRECOGNIZED_PARAMETER errors. If the flags indicate 2891 * to stop processing this chunk stop, and set *abort_processing 2892 * to 1. 2893 * 2894 * By having param_offset be pre-set to where parameters begin 2895 * it is hoped that this routine may be reused in the future 2896 * by new features. 2897 */ 2898 struct sctp_paramhdr *phdr, params; 2899 2900 struct mbuf *mat, *op_err; 2901 char tempbuf[2048]; 2902 int at, limit, pad_needed; 2903 uint16_t ptype, plen; 2904 int err_at; 2905 2906 *abort_processing = 0; 2907 mat = in_initpkt; 2908 err_at = 0; 2909 limit = ntohs(cp->chunk_length) - sizeof(struct sctp_init_chunk); 2910 #ifdef SCTP_DEBUG 2911 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 2912 printf("Limit is %d bytes\n", limit); 2913 } 2914 #endif 2915 at = param_offset; 2916 op_err = NULL; 2917 2918 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 2919 while ((phdr != NULL) && ((size_t)limit >= sizeof(struct sctp_paramhdr))) { 2920 ptype = ntohs(phdr->param_type); 2921 plen = ntohs(phdr->param_length); 2922 limit -= SCTP_SIZE32(plen); 2923 if (plen < sizeof(struct sctp_paramhdr)) { 2924 #ifdef SCTP_DEBUG 2925 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 2926 printf("sctp_output.c:Impossible length in parameter < %d\n", plen); 2927 } 2928 #endif 2929 *abort_processing = 1; 2930 break; 2931 } 2932 /* All parameters for all chunks that we 2933 * know/understand are listed here. We process 2934 * them other places and make appropriate 2935 * stop actions per the upper bits. However 2936 * this is the generic routine processor's can 2937 * call to get back an operr.. to either incorporate (init-ack) 2938 * or send. 2939 */ 2940 if ((ptype == SCTP_HEARTBEAT_INFO) || 2941 (ptype == SCTP_IPV4_ADDRESS) || 2942 (ptype == SCTP_IPV6_ADDRESS) || 2943 (ptype == SCTP_STATE_COOKIE) || 2944 (ptype == SCTP_UNRECOG_PARAM) || 2945 (ptype == SCTP_COOKIE_PRESERVE) || 2946 (ptype == SCTP_SUPPORTED_ADDRTYPE) || 2947 (ptype == SCTP_PRSCTP_SUPPORTED) || 2948 (ptype == SCTP_ADD_IP_ADDRESS) || 2949 (ptype == SCTP_DEL_IP_ADDRESS) || 2950 (ptype == SCTP_ECN_CAPABLE) || 2951 (ptype == SCTP_ULP_ADAPTION) || 2952 (ptype == SCTP_ERROR_CAUSE_IND) || 2953 (ptype == SCTP_SET_PRIM_ADDR) || 2954 (ptype == SCTP_SUCCESS_REPORT) || 2955 (ptype == SCTP_ULP_ADAPTION) || 2956 (ptype == SCTP_SUPPORTED_CHUNK_EXT) || 2957 (ptype == SCTP_ECN_NONCE_SUPPORTED) 2958 ) { 2959 /* no skip it */ 2960 at += SCTP_SIZE32(plen); 2961 } else if (ptype == SCTP_HOSTNAME_ADDRESS) { 2962 /* We can NOT handle HOST NAME addresses!! */ 2963 #ifdef SCTP_DEBUG 2964 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 2965 printf("Can't handle hostname addresses.. abort processing\n"); 2966 } 2967 #endif 2968 *abort_processing = 1; 2969 if (op_err == NULL) { 2970 /* Ok need to try to get a mbuf */ 2971 MGETHDR(op_err, M_DONTWAIT, MT_DATA); 2972 if (op_err) { 2973 op_err->m_len = 0; 2974 op_err->m_pkthdr.len = 0; 2975 /* pre-reserve space for ip and sctp header and chunk hdr*/ 2976 op_err->m_data += sizeof(struct ip6_hdr); 2977 op_err->m_data += sizeof(struct sctphdr); 2978 op_err->m_data += sizeof(struct sctp_chunkhdr); 2979 } 2980 } 2981 if (op_err) { 2982 /* If we have space */ 2983 struct sctp_paramhdr s; 2984 if (err_at % 4) { 2985 u_int32_t cpthis=0; 2986 pad_needed = 4 - (err_at % 4); 2987 m_copyback(op_err, err_at, pad_needed, (void *)&cpthis); 2988 err_at += pad_needed; 2989 } 2990 s.param_type = htons(SCTP_CAUSE_UNRESOLV_ADDR); 2991 s.param_length = htons(sizeof(s) + plen); 2992 m_copyback(op_err, err_at, sizeof(s), (void *)&s); 2993 err_at += sizeof(s); 2994 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, plen); 2995 if (phdr == NULL) { 2996 sctp_m_freem(op_err); 2997 /* we are out of memory but we 2998 * still need to have a look at what to 2999 * do (the system is in trouble though). 3000 */ 3001 return (NULL); 3002 } 3003 m_copyback(op_err, err_at, plen, (void *)phdr); 3004 err_at += plen; 3005 } 3006 return (op_err); 3007 } else { 3008 /* we do not recognize the parameter 3009 * figure out what we do. 3010 */ 3011 #ifdef SCTP_DEBUG 3012 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 3013 printf("Got parameter type %x - unknown\n", 3014 (u_int)ptype); 3015 } 3016 #endif 3017 if ((ptype & 0x4000) == 0x4000) { 3018 /* Report bit is set?? */ 3019 #ifdef SCTP_DEBUG 3020 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 3021 printf("Report bit is set\n"); 3022 } 3023 #endif 3024 if (op_err == NULL) { 3025 /* Ok need to try to get an mbuf */ 3026 MGETHDR(op_err, M_DONTWAIT, MT_DATA); 3027 if (op_err) { 3028 op_err->m_len = 0; 3029 op_err->m_pkthdr.len = 0; 3030 op_err->m_data += sizeof(struct ip6_hdr); 3031 op_err->m_data += sizeof(struct sctphdr); 3032 op_err->m_data += sizeof(struct sctp_chunkhdr); 3033 } 3034 } 3035 if (op_err) { 3036 /* If we have space */ 3037 struct sctp_paramhdr s; 3038 if (err_at % 4) { 3039 u_int32_t cpthis=0; 3040 pad_needed = 4 - (err_at % 4); 3041 m_copyback(op_err, err_at, pad_needed, (void *)&cpthis); 3042 err_at += pad_needed; 3043 } 3044 s.param_type = htons(SCTP_UNRECOG_PARAM); 3045 s.param_length = htons(sizeof(s) + plen); 3046 m_copyback(op_err, err_at, sizeof(s), (void *)&s); 3047 err_at += sizeof(s); 3048 if (plen > sizeof(tempbuf)) { 3049 plen = sizeof(tempbuf); 3050 } 3051 phdr = sctp_get_next_param(mat, at, (struct sctp_paramhdr *)tempbuf, plen); 3052 if (phdr == NULL) { 3053 sctp_m_freem(op_err); 3054 /* we are out of memory but we 3055 * still need to have a look at what to 3056 * do (the system is in trouble though). 3057 */ 3058 goto more_processing; 3059 } 3060 m_copyback(op_err, err_at, plen, (void *)phdr); 3061 err_at += plen; 3062 } 3063 } 3064 more_processing: 3065 if ((ptype & 0x8000) == 0x0000) { 3066 #ifdef SCTP_DEBUG 3067 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 3068 printf("Abort bit is now setting1\n"); 3069 } 3070 #endif 3071 return (op_err); 3072 } else { 3073 /* skip this chunk and continue processing */ 3074 at += SCTP_SIZE32(plen); 3075 } 3076 3077 } 3078 phdr = sctp_get_next_param(mat, at, ¶ms, sizeof(params)); 3079 } 3080 return (op_err); 3081 } 3082 3083 static int 3084 sctp_are_there_new_addresses(struct sctp_association *asoc, 3085 struct mbuf *in_initpkt, int iphlen, int offset) 3086 { 3087 /* 3088 * Given a INIT packet, look through the packet to verify that 3089 * there are NO new addresses. As we go through the parameters 3090 * add reports of any un-understood parameters that require an 3091 * error. Also we must return (1) to drop the packet if we see 3092 * a un-understood parameter that tells us to drop the chunk. 3093 */ 3094 struct sockaddr_in sin4, *sa4; 3095 struct sockaddr_in6 sin6, *sa6; 3096 struct sockaddr *sa_touse; 3097 struct sockaddr *sa; 3098 struct sctp_paramhdr *phdr, params; 3099 struct ip *iph; 3100 struct mbuf *mat; 3101 uint16_t ptype, plen; 3102 uint8_t fnd; 3103 struct sctp_nets *net; 3104 3105 memset(&sin4, 0, sizeof(sin4)); 3106 memset(&sin6, 0, sizeof(sin6)); 3107 sin4.sin_family = AF_INET; 3108 sin4.sin_len = sizeof(sin4); 3109 sin6.sin6_family = AF_INET6; 3110 sin6.sin6_len = sizeof(sin6); 3111 3112 sa_touse = NULL; 3113 /* First what about the src address of the pkt ? */ 3114 iph = mtod(in_initpkt, struct ip *); 3115 if (iph->ip_v == IPVERSION) { 3116 /* source addr is IPv4 */ 3117 sin4.sin_addr = iph->ip_src; 3118 sa_touse = (struct sockaddr *)&sin4; 3119 } else if (iph->ip_v == (IPV6_VERSION >> 4)) { 3120 /* source addr is IPv6 */ 3121 struct ip6_hdr *ip6h; 3122 ip6h = mtod(in_initpkt, struct ip6_hdr *); 3123 sin6.sin6_addr = ip6h->ip6_src; 3124 sa_touse = (struct sockaddr *)&sin6; 3125 } else { 3126 return (1); 3127 } 3128 3129 fnd = 0; 3130 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 3131 sa = (struct sockaddr *)&net->ro.ro_sa; 3132 if (sa->sa_family == sa_touse->sa_family) { 3133 if (sa->sa_family == AF_INET) { 3134 sa4 = (struct sockaddr_in *)sa; 3135 if (sa4->sin_addr.s_addr == 3136 sin4.sin_addr.s_addr) { 3137 fnd = 1; 3138 break; 3139 } 3140 } else if (sa->sa_family == AF_INET6) { 3141 sa6 = (struct sockaddr_in6 *)sa; 3142 if (SCTP6_ARE_ADDR_EQUAL(&sa6->sin6_addr, 3143 &sin6.sin6_addr)) { 3144 fnd = 1; 3145 break; 3146 } 3147 } 3148 } 3149 } 3150 if (fnd == 0) { 3151 /* New address added! no need to look futher. */ 3152 return (1); 3153 } 3154 /* Ok so far lets munge through the rest of the packet */ 3155 mat = in_initpkt; 3156 sa_touse = NULL; 3157 offset += sizeof(struct sctp_init_chunk); 3158 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params)); 3159 while (phdr) { 3160 ptype = ntohs(phdr->param_type); 3161 plen = ntohs(phdr->param_length); 3162 if (ptype == SCTP_IPV4_ADDRESS) { 3163 struct sctp_ipv4addr_param *p4, p4_buf; 3164 3165 phdr = sctp_get_next_param(mat, offset, 3166 (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf)); 3167 if (plen != sizeof(struct sctp_ipv4addr_param) || 3168 phdr == NULL) { 3169 return (1); 3170 } 3171 p4 = (struct sctp_ipv4addr_param *)phdr; 3172 sin4.sin_addr.s_addr = p4->addr; 3173 sa_touse = (struct sockaddr *)&sin4; 3174 } else if (ptype == SCTP_IPV6_ADDRESS) { 3175 struct sctp_ipv6addr_param *p6, p6_buf; 3176 3177 phdr = sctp_get_next_param(mat, offset, 3178 (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf)); 3179 if (plen != sizeof(struct sctp_ipv6addr_param) || 3180 phdr == NULL) { 3181 return (1); 3182 } 3183 p6 = (struct sctp_ipv6addr_param *)phdr; 3184 memcpy((void *)&sin6.sin6_addr, p6->addr, 3185 sizeof(p6->addr)); 3186 sa_touse = (struct sockaddr *)&sin4; 3187 } 3188 3189 if (sa_touse) { 3190 /* ok, sa_touse points to one to check */ 3191 fnd = 0; 3192 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 3193 sa = (struct sockaddr *)&net->ro.ro_sa; 3194 if (sa->sa_family != sa_touse->sa_family) { 3195 continue; 3196 } 3197 if (sa->sa_family == AF_INET) { 3198 sa4 = (struct sockaddr_in *)sa; 3199 if (sa4->sin_addr.s_addr == 3200 sin4.sin_addr.s_addr) { 3201 fnd = 1; 3202 break; 3203 } 3204 } else if (sa->sa_family == AF_INET6) { 3205 sa6 = (struct sockaddr_in6 *)sa; 3206 if (SCTP6_ARE_ADDR_EQUAL( 3207 &sa6->sin6_addr, &sin6.sin6_addr)) { 3208 fnd = 1; 3209 break; 3210 } 3211 } 3212 } 3213 if (!fnd) { 3214 /* New addr added! no need to look further */ 3215 return (1); 3216 } 3217 } 3218 offset += SCTP_SIZE32(plen); 3219 phdr = sctp_get_next_param(mat, offset, ¶ms, sizeof(params)); 3220 } 3221 return (0); 3222 } 3223 3224 /* 3225 * Given a MBUF chain that was sent into us containing an 3226 * INIT. Build a INIT-ACK with COOKIE and send back. 3227 * We assume that the in_initpkt has done a pullup to 3228 * include IPv6/4header, SCTP header and initial part of 3229 * INIT message (i.e. the struct sctp_init_msg). 3230 */ 3231 void 3232 sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 3233 struct mbuf *init_pkt, int iphlen, int offset, struct sctphdr *sh, 3234 struct sctp_init_chunk *init_chk) 3235 { 3236 struct sctp_association *asoc; 3237 struct mbuf *m, *m_at, *m_tmp, *m_cookie, *op_err, *m_last; 3238 struct sctp_init_msg *initackm_out; 3239 struct sctp_ecn_supported_param *ecn; 3240 struct sctp_prsctp_supported_param *prsctp; 3241 struct sctp_ecn_nonce_supported_param *ecn_nonce; 3242 struct sctp_supported_chunk_types_param *pr_supported; 3243 struct sockaddr_storage store; 3244 struct sockaddr_in *sin; 3245 struct sockaddr_in6 *sin6; 3246 struct route *ro; 3247 struct ip *iph; 3248 struct ip6_hdr *ip6; 3249 const struct sockaddr *to; 3250 struct sctp_state_cookie stc; 3251 struct sctp_nets *net=NULL; 3252 int cnt_inits_to=0; 3253 uint16_t his_limit, i_want; 3254 int abort_flag, padval, sz_of; 3255 3256 if (stcb) { 3257 asoc = &stcb->asoc; 3258 } else { 3259 asoc = NULL; 3260 } 3261 m_last = NULL; 3262 if ((asoc != NULL) && 3263 (SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_WAIT) && 3264 (sctp_are_there_new_addresses(asoc, init_pkt, iphlen, offset))) { 3265 /* new addresses, out of here in non-cookie-wait states */ 3266 /* 3267 * Send a ABORT, we don't add the new address error clause though 3268 * we even set the T bit and copy in the 0 tag.. this looks no 3269 * different than if no listner was present. 3270 */ 3271 sctp_send_abort(init_pkt, iphlen, sh, 0, NULL); 3272 return; 3273 } 3274 abort_flag = 0; 3275 op_err = sctp_arethere_unrecognized_parameters(init_pkt, 3276 (offset+sizeof(struct sctp_init_chunk)), 3277 &abort_flag, (struct sctp_chunkhdr *)init_chk); 3278 if (abort_flag) { 3279 sctp_send_abort(init_pkt, iphlen, sh, init_chk->init.initiate_tag, op_err); 3280 return; 3281 } 3282 MGETHDR(m, M_DONTWAIT, MT_HEADER); 3283 if (m == NULL) { 3284 /* No memory, INIT timer will re-attempt. */ 3285 if (op_err) 3286 sctp_m_freem(op_err); 3287 return; 3288 } 3289 MCLGET(m, M_DONTWAIT); 3290 if ((m->m_flags & M_EXT) != M_EXT) { 3291 /* Failed to get cluster buffer */ 3292 if (op_err) 3293 sctp_m_freem(op_err); 3294 sctp_m_freem(m); 3295 return; 3296 } 3297 m->m_data += SCTP_MIN_OVERHEAD; 3298 m_reset_rcvif(m); 3299 m->m_len = sizeof(struct sctp_init_msg); 3300 3301 /* the time I built cookie */ 3302 SCTP_GETTIME_TIMEVAL(&stc.time_entered); 3303 3304 /* populate any tie tags */ 3305 if (asoc != NULL) { 3306 /* unlock before tag selections */ 3307 SCTP_TCB_UNLOCK(stcb); 3308 if (asoc->my_vtag_nonce == 0) 3309 asoc->my_vtag_nonce = sctp_select_a_tag(inp); 3310 stc.tie_tag_my_vtag = asoc->my_vtag_nonce; 3311 3312 if (asoc->peer_vtag_nonce == 0) 3313 asoc->peer_vtag_nonce = sctp_select_a_tag(inp); 3314 stc.tie_tag_peer_vtag = asoc->peer_vtag_nonce; 3315 3316 stc.cookie_life = asoc->cookie_life; 3317 net = asoc->primary_destination; 3318 /* now we must relock */ 3319 SCTP_INP_RLOCK(inp); 3320 /* we may be in trouble here if the inp got freed 3321 * most likely this set of tests will protect 3322 * us but there is a chance not. 3323 */ 3324 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 3325 if (op_err) 3326 sctp_m_freem(op_err); 3327 sctp_m_freem(m); 3328 sctp_send_abort(init_pkt, iphlen, sh, 0, NULL); 3329 return; 3330 } 3331 SCTP_TCB_LOCK(stcb); 3332 SCTP_INP_RUNLOCK(stcb->sctp_ep); 3333 } else { 3334 stc.tie_tag_my_vtag = 0; 3335 stc.tie_tag_peer_vtag = 0; 3336 /* life I will award this cookie */ 3337 stc.cookie_life = inp->sctp_ep.def_cookie_life; 3338 } 3339 3340 /* copy in the ports for later check */ 3341 stc.myport = sh->dest_port; 3342 stc.peerport = sh->src_port; 3343 3344 /* 3345 * If we wanted to honor cookie life extentions, we would add 3346 * to stc.cookie_life. For now we should NOT honor any extension 3347 */ 3348 stc.site_scope = stc.local_scope = stc.loopback_scope = 0; 3349 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 3350 struct inpcb *in_inp; 3351 /* Its a V6 socket */ 3352 in_inp = (struct inpcb *)inp; 3353 stc.ipv6_addr_legal = 1; 3354 /* Now look at the binding flag to see if V4 will be legal */ 3355 if ( 3356 #if defined(__FreeBSD__) || defined(__APPLE__) 3357 (in_inp->inp_flags & IN6P_IPV6_V6ONLY) 3358 #elif defined(__OpenBSD__) 3359 (0) /* For openbsd we do dual bind only */ 3360 #else 3361 (((struct in6pcb *)in_inp)->in6p_flags & IN6P_IPV6_V6ONLY) 3362 #endif 3363 == 0) { 3364 stc.ipv4_addr_legal = 1; 3365 } else { 3366 /* V4 addresses are NOT legal on the association */ 3367 stc.ipv4_addr_legal = 0; 3368 } 3369 } else { 3370 /* Its a V4 socket, no - V6 */ 3371 stc.ipv4_addr_legal = 1; 3372 stc.ipv6_addr_legal = 0; 3373 } 3374 3375 #ifdef SCTP_DONT_DO_PRIVADDR_SCOPE 3376 stc.ipv4_scope = 1; 3377 #else 3378 stc.ipv4_scope = 0; 3379 #endif 3380 /* now for scope setup */ 3381 memset((void *)&store, 0, sizeof(store)); 3382 sin = (struct sockaddr_in *)&store; 3383 sin6 = (struct sockaddr_in6 *)&store; 3384 if (net == NULL) { 3385 to = (struct sockaddr *)&store; 3386 iph = mtod(init_pkt, struct ip *); 3387 if (iph->ip_v == IPVERSION) { 3388 struct in_addr addr; 3389 static struct route iproute; 3390 3391 sin->sin_family = AF_INET; 3392 sin->sin_len = sizeof(struct sockaddr_in); 3393 sin->sin_port = sh->src_port; 3394 sin->sin_addr = iph->ip_src; 3395 /* lookup address */ 3396 stc.address[0] = sin->sin_addr.s_addr; 3397 stc.address[1] = 0; 3398 stc.address[2] = 0; 3399 stc.address[3] = 0; 3400 stc.addr_type = SCTP_IPV4_ADDRESS; 3401 /* local from address */ 3402 memset(&iproute, 0, sizeof(iproute)); 3403 ro = &iproute; 3404 3405 rtcache_lookup(ro, (struct sockaddr *) sin); 3406 addr = sctp_ipv4_source_address_selection(inp, NULL, 3407 ro, NULL, 0); 3408 stc.laddress[0] = addr.s_addr; 3409 stc.laddress[1] = 0; 3410 stc.laddress[2] = 0; 3411 stc.laddress[3] = 0; 3412 stc.laddr_type = SCTP_IPV4_ADDRESS; 3413 /* scope_id is only for v6 */ 3414 stc.scope_id = 0; 3415 #ifndef SCTP_DONT_DO_PRIVADDR_SCOPE 3416 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 3417 stc.ipv4_scope = 1; 3418 } 3419 #else 3420 stc.ipv4_scope = 1; 3421 #endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */ 3422 /* Must use the address in this case */ 3423 if (sctp_is_address_on_local_host((struct sockaddr *)sin)) { 3424 stc.loopback_scope = 1; 3425 stc.ipv4_scope = 1; 3426 stc.site_scope = 1; 3427 stc.local_scope = 1; 3428 } 3429 } else if (iph->ip_v == (IPV6_VERSION >> 4)) { 3430 struct in6_addr addr; 3431 static struct route iproute6; 3432 ip6 = mtod(init_pkt, struct ip6_hdr *); 3433 sin6->sin6_family = AF_INET6; 3434 sin6->sin6_len = sizeof(struct sockaddr_in6); 3435 sin6->sin6_port = sh->src_port; 3436 sin6->sin6_addr = ip6->ip6_src; 3437 /* lookup address */ 3438 memcpy(&stc.address, &sin6->sin6_addr, 3439 sizeof(struct in6_addr)); 3440 sin6->sin6_scope_id = 0; 3441 stc.addr_type = SCTP_IPV6_ADDRESS; 3442 stc.scope_id = 0; 3443 if (sctp_is_address_on_local_host((struct sockaddr *)sin6)) { 3444 stc.loopback_scope = 1; 3445 stc.local_scope = 1; 3446 stc.site_scope = 1; 3447 stc.ipv4_scope = 1; 3448 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 3449 /* 3450 * If the new destination is a LINK_LOCAL 3451 * we must have common both site and local 3452 * scope. Don't set local scope though since 3453 * we must depend on the source to be added 3454 * implicitly. We cannot assure just because 3455 * we share one link that all links are common. 3456 * 3457 * XXX: never treat link-local case explicitly. 3458 * Use general routines defined in scope6.c. 3459 * (jinmei@kame) 3460 */ 3461 stc.local_scope = 0; 3462 stc.site_scope = 1; 3463 stc.ipv4_scope = 1; 3464 /* we start counting for the private 3465 * address stuff at 1. since the link 3466 * local we source from won't show 3467 * up in our scoped count. 3468 */ 3469 cnt_inits_to=1; 3470 /* pull out the scope_id from incoming pkt */ 3471 #if defined(SCTP_BASE_FREEBSD) || defined(__APPLE__) 3472 (void)in6_recoverscope(sin6, &in6_src, 3473 m_get_rcvif_NOMPSAFE(init_pkt)); 3474 in6_embedscope(&sin6->sin6_addr, sin6, NULL, 3475 NULL); 3476 #else 3477 (void)sa6_recoverscope(sin6); 3478 #endif 3479 stc.scope_id = sin6->sin6_scope_id; 3480 3481 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { 3482 /* 3483 * If the new destination is SITE_LOCAL 3484 * then we must have site scope in common. 3485 */ 3486 stc.site_scope = 1; 3487 } 3488 /* local from address */ 3489 memset(&iproute6, 0, sizeof(iproute6)); 3490 ro = (struct route *)&iproute6; 3491 rtcache_lookup(ro, (struct sockaddr *) sin6); 3492 addr = sctp_ipv6_source_address_selection(inp, NULL, 3493 ro, NULL, 0); 3494 memcpy(&stc.laddress, &addr, sizeof(struct in6_addr)); 3495 stc.laddr_type = SCTP_IPV6_ADDRESS; 3496 } 3497 } else { 3498 /* set the scope per the existing tcb */ 3499 struct sctp_nets *lnet; 3500 3501 stc.loopback_scope = asoc->loopback_scope; 3502 stc.ipv4_scope = asoc->ipv4_local_scope; 3503 stc.site_scope = asoc->site_scope; 3504 stc.local_scope = asoc->local_scope; 3505 TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) { 3506 if (rtcache_getdst(&lnet->ro)->sa_family == AF_INET6) { 3507 if (IN6_IS_ADDR_LINKLOCAL((const struct in6_addr *) rtcache_getdst(&lnet->ro)->sa_data)) { 3508 /* if we have a LL address, start counting 3509 * at 1. 3510 */ 3511 cnt_inits_to = 1; 3512 } 3513 } 3514 } 3515 3516 /* use the net pointer */ 3517 to = rtcache_getdst(&net->ro); 3518 if (to->sa_family == AF_INET) { 3519 memcpy(&stc.address[0], to, sizeof(struct in_addr)); 3520 stc.address[1] = 0; 3521 stc.address[2] = 0; 3522 stc.address[3] = 0; 3523 stc.addr_type = SCTP_IPV4_ADDRESS; 3524 if (net->src_addr_selected == 0) { 3525 /* strange case here, the INIT 3526 * should have did the selection. 3527 */ 3528 net->_s_addr.sin.sin_addr = 3529 sctp_ipv4_source_address_selection(inp, 3530 stcb, &net->ro, net, 0); 3531 net->src_addr_selected = 1; 3532 3533 } 3534 3535 stc.laddress[0] = net->_s_addr.sin.sin_addr.s_addr; 3536 stc.laddress[1] = 0; 3537 stc.laddress[2] = 0; 3538 stc.laddress[3] = 0; 3539 stc.laddr_type = SCTP_IPV4_ADDRESS; 3540 } else if (to->sa_family == AF_INET6) { 3541 memcpy(&stc.address, &to->sa_data, 3542 sizeof(struct in6_addr)); 3543 stc.addr_type = SCTP_IPV6_ADDRESS; 3544 if (net->src_addr_selected == 0) { 3545 /* strange case here, the INIT 3546 * should have did the selection. 3547 */ 3548 net->_s_addr.sin6.sin6_addr = 3549 sctp_ipv6_source_address_selection(inp, 3550 stcb, &net->ro, net, 0); 3551 net->src_addr_selected = 1; 3552 } 3553 memcpy(&stc.laddress, &net->_s_addr.sin6.sin6_addr, 3554 sizeof(struct in6_addr)); 3555 stc.laddr_type = SCTP_IPV6_ADDRESS; 3556 } 3557 } 3558 /* Now lets put the SCTP header in place */ 3559 initackm_out = mtod(m, struct sctp_init_msg *); 3560 initackm_out->sh.src_port = inp->sctp_lport; 3561 initackm_out->sh.dest_port = sh->src_port; 3562 initackm_out->sh.v_tag = init_chk->init.initiate_tag; 3563 /* Save it off for quick ref */ 3564 stc.peers_vtag = init_chk->init.initiate_tag; 3565 initackm_out->sh.checksum = 0; /* calculate later */ 3566 /* who are we */ 3567 strncpy(stc.identification, SCTP_VERSION_STRING, 3568 min(strlen(SCTP_VERSION_STRING), sizeof(stc.identification))); 3569 /* now the chunk header */ 3570 initackm_out->msg.ch.chunk_type = SCTP_INITIATION_ACK; 3571 initackm_out->msg.ch.chunk_flags = 0; 3572 /* fill in later from mbuf we build */ 3573 initackm_out->msg.ch.chunk_length = 0; 3574 /* place in my tag */ 3575 if ((asoc != NULL) && 3576 ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 3577 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED))) { 3578 /* re-use the v-tags and init-seq here */ 3579 initackm_out->msg.init.initiate_tag = htonl(asoc->my_vtag); 3580 initackm_out->msg.init.initial_tsn = htonl(asoc->init_seq_number); 3581 } else { 3582 initackm_out->msg.init.initiate_tag = htonl(sctp_select_a_tag(inp)); 3583 /* get a TSN to use too */ 3584 initackm_out->msg.init.initial_tsn = htonl(sctp_select_initial_TSN(&inp->sctp_ep)); 3585 } 3586 /* save away my tag to */ 3587 stc.my_vtag = initackm_out->msg.init.initiate_tag; 3588 3589 /* set up some of the credits. */ 3590 initackm_out->msg.init.a_rwnd = htonl(max(inp->sctp_socket->so_rcv.sb_hiwat, SCTP_MINIMAL_RWND)); 3591 /* set what I want */ 3592 his_limit = ntohs(init_chk->init.num_inbound_streams); 3593 /* choose what I want */ 3594 if (asoc != NULL) { 3595 if (asoc->streamoutcnt > inp->sctp_ep.pre_open_stream_count) { 3596 i_want = asoc->streamoutcnt; 3597 } else { 3598 i_want = inp->sctp_ep.pre_open_stream_count; 3599 } 3600 } else { 3601 i_want = inp->sctp_ep.pre_open_stream_count; 3602 } 3603 if (his_limit < i_want) { 3604 /* I Want more :< */ 3605 initackm_out->msg.init.num_outbound_streams = init_chk->init.num_inbound_streams; 3606 } else { 3607 /* I can have what I want :> */ 3608 initackm_out->msg.init.num_outbound_streams = htons(i_want); 3609 } 3610 /* tell him his limt. */ 3611 initackm_out->msg.init.num_inbound_streams = 3612 htons(inp->sctp_ep.max_open_streams_intome); 3613 /* setup the ECN pointer */ 3614 3615 /* if (inp->sctp_flags & SCTP_PCB_FLAGS_ADAPTIONEVNT) {*/ 3616 if (inp->sctp_ep.adaption_layer_indicator) { 3617 struct sctp_adaption_layer_indication *ali; 3618 ali = (struct sctp_adaption_layer_indication *)( 3619 (vaddr_t)initackm_out + sizeof(*initackm_out)); 3620 ali->ph.param_type = htons(SCTP_ULP_ADAPTION); 3621 ali->ph.param_length = htons(sizeof(*ali)); 3622 ali->indication = ntohl(inp->sctp_ep.adaption_layer_indicator); 3623 m->m_len += sizeof(*ali); 3624 ecn = (struct sctp_ecn_supported_param *)((vaddr_t)ali + 3625 sizeof(*ali)); 3626 } else { 3627 ecn = (struct sctp_ecn_supported_param*)( 3628 (vaddr_t)initackm_out + sizeof(*initackm_out)); 3629 } 3630 3631 /* ECN parameter */ 3632 if (sctp_ecn == 1) { 3633 ecn->ph.param_type = htons(SCTP_ECN_CAPABLE); 3634 ecn->ph.param_length = htons(sizeof(*ecn)); 3635 m->m_len += sizeof(*ecn); 3636 3637 prsctp = (struct sctp_prsctp_supported_param *)((vaddr_t)ecn + 3638 sizeof(*ecn)); 3639 } else { 3640 prsctp = (struct sctp_prsctp_supported_param *)((vaddr_t)ecn); 3641 } 3642 /* And now tell the peer we do pr-sctp */ 3643 prsctp->ph.param_type = htons(SCTP_PRSCTP_SUPPORTED); 3644 prsctp->ph.param_length = htons(sizeof(*prsctp)); 3645 m->m_len += sizeof(*prsctp); 3646 3647 3648 /* And now tell the peer we do all the extensions */ 3649 pr_supported = (struct sctp_supported_chunk_types_param *)((vaddr_t)prsctp + 3650 sizeof(*prsctp)); 3651 3652 pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT); 3653 pr_supported->ph.param_length = htons(sizeof(*pr_supported) + SCTP_EXT_COUNT); 3654 pr_supported->chunk_types[0] = SCTP_ASCONF; 3655 pr_supported->chunk_types[1] = SCTP_ASCONF_ACK; 3656 pr_supported->chunk_types[2] = SCTP_FORWARD_CUM_TSN; 3657 pr_supported->chunk_types[3] = SCTP_PACKET_DROPPED; 3658 pr_supported->chunk_types[4] = SCTP_STREAM_RESET; 3659 pr_supported->chunk_types[5] = 0; /* pad */ 3660 pr_supported->chunk_types[6] = 0; /* pad */ 3661 pr_supported->chunk_types[7] = 0; /* pad */ 3662 3663 m->m_len += (sizeof(*pr_supported) + SCTP_EXT_COUNT + SCTP_PAD_EXT_COUNT); 3664 if (sctp_ecn_nonce) { 3665 /* ECN nonce: And now tell the peer we support ECN nonce */ 3666 ecn_nonce = (struct sctp_ecn_nonce_supported_param *)((vaddr_t)pr_supported + 3667 sizeof(*pr_supported) + SCTP_EXT_COUNT + SCTP_PAD_EXT_COUNT); 3668 ecn_nonce->ph.param_type = htons(SCTP_ECN_NONCE_SUPPORTED); 3669 ecn_nonce->ph.param_length = htons(sizeof(*ecn_nonce)); 3670 m->m_len += sizeof(*ecn_nonce); 3671 } 3672 3673 m_at = m; 3674 /* now the addresses */ 3675 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3676 struct ifnet *ifn; 3677 struct ifaddr *ifa; 3678 int cnt = cnt_inits_to; 3679 int s; 3680 3681 s = pserialize_read_enter(); 3682 IFNET_READER_FOREACH(ifn) { 3683 if ((stc.loopback_scope == 0) && 3684 (ifn->if_type == IFT_LOOP)) { 3685 /* 3686 * Skip loopback devices if loopback_scope 3687 * not set 3688 */ 3689 continue; 3690 } 3691 IFADDR_READER_FOREACH(ifa, ifn) { 3692 if (sctp_is_address_in_scope(ifa, 3693 stc.ipv4_addr_legal, stc.ipv6_addr_legal, 3694 stc.loopback_scope, stc.ipv4_scope, 3695 stc.local_scope, stc.site_scope) == 0) { 3696 continue; 3697 } 3698 cnt++; 3699 } 3700 } 3701 pserialize_read_exit(s); 3702 3703 if (cnt > 1) { 3704 s = pserialize_read_enter(); 3705 IFNET_READER_FOREACH(ifn) { 3706 if ((stc.loopback_scope == 0) && 3707 (ifn->if_type == IFT_LOOP)) { 3708 /* 3709 * Skip loopback devices if 3710 * loopback_scope not set 3711 */ 3712 continue; 3713 } 3714 IFADDR_READER_FOREACH(ifa, ifn) { 3715 if (sctp_is_address_in_scope(ifa, 3716 stc.ipv4_addr_legal, 3717 stc.ipv6_addr_legal, 3718 stc.loopback_scope, stc.ipv4_scope, 3719 stc.local_scope, stc.site_scope) == 0) { 3720 continue; 3721 } 3722 m_at = sctp_add_addr_to_mbuf(m_at, ifa); 3723 } 3724 } 3725 pserialize_read_exit(s); 3726 } 3727 } else { 3728 struct sctp_laddr *laddr; 3729 int cnt; 3730 cnt = cnt_inits_to; 3731 /* First, how many ? */ 3732 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 3733 if (laddr->ifa == NULL) { 3734 continue; 3735 } 3736 if (laddr->ifa->ifa_addr == NULL) 3737 continue; 3738 if (sctp_is_address_in_scope(laddr->ifa, 3739 stc.ipv4_addr_legal, stc.ipv6_addr_legal, 3740 stc.loopback_scope, stc.ipv4_scope, 3741 stc.local_scope, stc.site_scope) == 0) { 3742 continue; 3743 } 3744 cnt++; 3745 } 3746 /* If we bind a single address only we won't list 3747 * any. This way you can get through a NAT 3748 */ 3749 if (cnt > 1) { 3750 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 3751 if (laddr->ifa == NULL) { 3752 #ifdef SCTP_DEBUG 3753 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 3754 printf("Help I have fallen and I can't get up!\n"); 3755 } 3756 #endif 3757 continue; 3758 } 3759 if (laddr->ifa->ifa_addr == NULL) 3760 continue; 3761 if (sctp_is_address_in_scope(laddr->ifa, 3762 stc.ipv4_addr_legal, stc.ipv6_addr_legal, 3763 stc.loopback_scope, stc.ipv4_scope, 3764 stc.local_scope, stc.site_scope) == 0) { 3765 continue; 3766 } 3767 m_at = sctp_add_addr_to_mbuf(m_at, laddr->ifa); 3768 } 3769 } 3770 } 3771 3772 /* tack on the operational error if present */ 3773 if (op_err) { 3774 if (op_err->m_pkthdr.len % 4) { 3775 /* must add a pad to the param */ 3776 u_int32_t cpthis=0; 3777 int padlen; 3778 padlen = 4 - (op_err->m_pkthdr.len % 4); 3779 m_copyback(op_err, op_err->m_pkthdr.len, padlen, (void *)&cpthis); 3780 } 3781 while (m_at->m_next != NULL) { 3782 m_at = m_at->m_next; 3783 } 3784 m_at->m_next = op_err; 3785 while (m_at->m_next != NULL) { 3786 m_at = m_at->m_next; 3787 } 3788 } 3789 /* Get total size of init packet */ 3790 sz_of = SCTP_SIZE32(ntohs(init_chk->ch.chunk_length)); 3791 /* pre-calulate the size and update pkt header and chunk header */ 3792 m->m_pkthdr.len = 0; 3793 for (m_tmp = m; m_tmp; m_tmp = m_tmp->m_next) { 3794 m->m_pkthdr.len += m_tmp->m_len; 3795 if (m_tmp->m_next == NULL) { 3796 /* m_tmp should now point to last one */ 3797 break; 3798 } 3799 } 3800 /* 3801 * Figure now the size of the cookie. We know the size of the 3802 * INIT-ACK. The Cookie is going to be the size of INIT, INIT-ACK, 3803 * COOKIE-STRUCTURE and SIGNATURE. 3804 */ 3805 3806 /* 3807 * take our earlier INIT calc and add in the sz we just calculated 3808 * minus the size of the sctphdr (its not included in chunk size 3809 */ 3810 3811 /* add once for the INIT-ACK */ 3812 sz_of += (m->m_pkthdr.len - sizeof(struct sctphdr)); 3813 3814 /* add a second time for the INIT-ACK in the cookie */ 3815 sz_of += (m->m_pkthdr.len - sizeof(struct sctphdr)); 3816 3817 /* Now add the cookie header and cookie message struct */ 3818 sz_of += sizeof(struct sctp_state_cookie_param); 3819 /* ...and add the size of our signature */ 3820 sz_of += SCTP_SIGNATURE_SIZE; 3821 initackm_out->msg.ch.chunk_length = htons(sz_of); 3822 3823 /* Now we must build a cookie */ 3824 m_cookie = sctp_add_cookie(inp, init_pkt, offset, m, 3825 sizeof(struct sctphdr), &stc); 3826 if (m_cookie == NULL) { 3827 /* memory problem */ 3828 sctp_m_freem(m); 3829 return; 3830 } 3831 /* Now append the cookie to the end and update the space/size */ 3832 m_tmp->m_next = m_cookie; 3833 3834 /* 3835 * We pass 0 here to NOT set IP_DF if its IPv4, we ignore the 3836 * return here since the timer will drive a retranmission. 3837 */ 3838 padval = m->m_pkthdr.len % 4; 3839 if ((padval) && (m_last)) { 3840 /* see my previous comments on m_last */ 3841 int ret; 3842 ret = sctp_add_pad_tombuf(m_last, (4-padval)); 3843 if (ret) { 3844 /* Houston we have a problem, no space */ 3845 sctp_m_freem(m); 3846 return; 3847 } 3848 m->m_pkthdr.len += padval; 3849 } 3850 sctp_lowlevel_chunk_output(inp, NULL, NULL, to, m, 0, 0, NULL, 0); 3851 } 3852 3853 3854 static void 3855 sctp_insert_on_wheel(struct sctp_association *asoc, 3856 struct sctp_stream_out *strq) 3857 { 3858 struct sctp_stream_out *stre, *strn; 3859 stre = TAILQ_FIRST(&asoc->out_wheel); 3860 if (stre == NULL) { 3861 /* only one on wheel */ 3862 TAILQ_INSERT_HEAD(&asoc->out_wheel, strq, next_spoke); 3863 return; 3864 } 3865 for (; stre; stre = strn) { 3866 strn = TAILQ_NEXT(stre, next_spoke); 3867 if (stre->stream_no > strq->stream_no) { 3868 TAILQ_INSERT_BEFORE(stre, strq, next_spoke); 3869 return; 3870 } else if (stre->stream_no == strq->stream_no) { 3871 /* huh, should not happen */ 3872 return; 3873 } else if (strn == NULL) { 3874 /* next one is null */ 3875 TAILQ_INSERT_AFTER(&asoc->out_wheel, stre, strq, 3876 next_spoke); 3877 } 3878 } 3879 } 3880 3881 static void 3882 sctp_remove_from_wheel(struct sctp_association *asoc, 3883 struct sctp_stream_out *strq) 3884 { 3885 /* take off and then setup so we know it is not on the wheel */ 3886 TAILQ_REMOVE(&asoc->out_wheel, strq, next_spoke); 3887 strq->next_spoke.tqe_next = NULL; 3888 strq->next_spoke.tqe_prev = NULL; 3889 } 3890 3891 3892 static void 3893 sctp_prune_prsctp(struct sctp_tcb *stcb, 3894 struct sctp_association *asoc, 3895 struct sctp_sndrcvinfo *srcv, 3896 int dataout 3897 ) 3898 { 3899 int freed_spc=0; 3900 struct sctp_tmit_chunk *chk, *nchk; 3901 if ((asoc->peer_supports_prsctp) && (asoc->sent_queue_cnt_removeable > 0)) { 3902 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 3903 /* 3904 * Look for chunks marked with the PR_SCTP 3905 * flag AND the buffer space flag. If the one 3906 * being sent is equal or greater priority then 3907 * purge the old one and free some space. 3908 */ 3909 if ((chk->flags & (SCTP_PR_SCTP_ENABLED | 3910 SCTP_PR_SCTP_BUFFER)) == 3911 (SCTP_PR_SCTP_ENABLED|SCTP_PR_SCTP_BUFFER)) { 3912 /* 3913 * This one is PR-SCTP AND buffer space 3914 * limited type 3915 */ 3916 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 3917 /* Lower numbers equates to 3918 * higher priority so if the 3919 * one we are looking at has a 3920 * larger or equal priority we 3921 * want to drop the data and 3922 * NOT retransmit it. 3923 */ 3924 if (chk->data) { 3925 /* We release the 3926 * book_size if the 3927 * mbuf is here 3928 */ 3929 int ret_spc; 3930 int cause; 3931 if (chk->sent > SCTP_DATAGRAM_UNSENT) 3932 cause = SCTP_RESPONSE_TO_USER_REQ|SCTP_NOTIFY_DATAGRAM_SENT; 3933 else 3934 cause = SCTP_RESPONSE_TO_USER_REQ|SCTP_NOTIFY_DATAGRAM_UNSENT; 3935 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 3936 cause, 3937 &asoc->sent_queue); 3938 freed_spc += ret_spc; 3939 if (freed_spc >= dataout) { 3940 return; 3941 } 3942 } /* if chunk was present */ 3943 } /* if of sufficent priority */ 3944 } /* if chunk has enabled */ 3945 } /* tailqforeach */ 3946 3947 chk = TAILQ_FIRST(&asoc->send_queue); 3948 while (chk) { 3949 nchk = TAILQ_NEXT(chk, sctp_next); 3950 /* Here we must move to the sent queue and mark */ 3951 if ((chk->flags & (SCTP_PR_SCTP_ENABLED | 3952 SCTP_PR_SCTP_BUFFER)) == 3953 (SCTP_PR_SCTP_ENABLED|SCTP_PR_SCTP_BUFFER)) { 3954 if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { 3955 if (chk->data) { 3956 /* We release the 3957 * book_size if the 3958 * mbuf is here 3959 */ 3960 int ret_spc; 3961 ret_spc = sctp_release_pr_sctp_chunk(stcb, chk, 3962 SCTP_RESPONSE_TO_USER_REQ|SCTP_NOTIFY_DATAGRAM_UNSENT, 3963 &asoc->send_queue); 3964 3965 freed_spc += ret_spc; 3966 if (freed_spc >= dataout) { 3967 return; 3968 } 3969 } /* end if chk->data */ 3970 } /* end if right class */ 3971 } /* end if chk pr-sctp */ 3972 chk = nchk; 3973 } /* end while (chk) */ 3974 } /* if enabled in asoc */ 3975 } 3976 3977 static void 3978 sctp_prepare_chunk(struct sctp_tmit_chunk *template, 3979 struct sctp_tcb *stcb, 3980 struct sctp_sndrcvinfo *srcv, 3981 struct sctp_stream_out *strq, 3982 struct sctp_nets *net) 3983 { 3984 memset(template, 0, sizeof(struct sctp_tmit_chunk)); 3985 template->sent = SCTP_DATAGRAM_UNSENT; 3986 if ((stcb->asoc.peer_supports_prsctp) && 3987 (srcv->sinfo_flags & (MSG_PR_SCTP_TTL|MSG_PR_SCTP_BUF)) && 3988 (srcv->sinfo_timetolive > 0) 3989 ) { 3990 /* If: 3991 * Peer supports PR-SCTP 3992 * The flags is set against this send for PR-SCTP 3993 * And timetolive is a postive value, zero is reserved 3994 * to mean a reliable send for both buffer/time 3995 * related one. 3996 */ 3997 if (srcv->sinfo_flags & MSG_PR_SCTP_BUF) { 3998 /* 3999 * Time to live is a priority stored in tv_sec 4000 * when doing the buffer drop thing. 4001 */ 4002 template->rec.data.timetodrop.tv_sec = srcv->sinfo_timetolive; 4003 } else { 4004 struct timeval tv; 4005 4006 SCTP_GETTIME_TIMEVAL(&template->rec.data.timetodrop); 4007 tv.tv_sec = srcv->sinfo_timetolive / 1000; 4008 tv.tv_usec = (srcv->sinfo_timetolive * 1000) % 1000000; 4009 #ifndef __FreeBSD__ 4010 timeradd(&template->rec.data.timetodrop, &tv, 4011 &template->rec.data.timetodrop); 4012 #else 4013 timevaladd(&template->rec.data.timetodrop, &tv); 4014 #endif 4015 } 4016 } 4017 if ((srcv->sinfo_flags & MSG_UNORDERED) == 0) { 4018 template->rec.data.stream_seq = strq->next_sequence_sent; 4019 } else { 4020 template->rec.data.stream_seq = 0; 4021 } 4022 template->rec.data.TSN_seq = 0; /* not yet assigned */ 4023 4024 template->rec.data.stream_number = srcv->sinfo_stream; 4025 template->rec.data.payloadtype = srcv->sinfo_ppid; 4026 template->rec.data.context = srcv->sinfo_context; 4027 template->rec.data.doing_fast_retransmit = 0; 4028 template->rec.data.ect_nonce = 0; /* ECN Nonce */ 4029 4030 if (srcv->sinfo_flags & MSG_ADDR_OVER) { 4031 template->whoTo = net; 4032 } else { 4033 if (stcb->asoc.primary_destination) 4034 template->whoTo = stcb->asoc.primary_destination; 4035 else { 4036 /* TSNH */ 4037 template->whoTo = net; 4038 } 4039 } 4040 /* the actual chunk flags */ 4041 if (srcv->sinfo_flags & MSG_UNORDERED) { 4042 template->rec.data.rcv_flags = SCTP_DATA_UNORDERED; 4043 } else { 4044 template->rec.data.rcv_flags = 0; 4045 } 4046 /* no flags yet, FRAGMENT_OK goes here */ 4047 template->flags = 0; 4048 /* PR sctp flags */ 4049 if (stcb->asoc.peer_supports_prsctp) { 4050 if (srcv->sinfo_timetolive > 0) { 4051 /* 4052 * We only set the flag if timetolive (or 4053 * priority) was set to a positive number. 4054 * Zero is reserved specifically to be 4055 * EXCLUDED and sent reliable. 4056 */ 4057 if (srcv->sinfo_flags & MSG_PR_SCTP_TTL) { 4058 template->flags |= SCTP_PR_SCTP_ENABLED; 4059 } 4060 if (srcv->sinfo_flags & MSG_PR_SCTP_BUF) { 4061 template->flags |= SCTP_PR_SCTP_BUFFER; 4062 } 4063 } 4064 } 4065 template->asoc = &stcb->asoc; 4066 } 4067 4068 4069 int 4070 sctp_get_frag_point(struct sctp_tcb *stcb, 4071 struct sctp_association *asoc) 4072 { 4073 int siz, ovh; 4074 4075 /* For endpoints that have both 6 and 4 addresses 4076 * we must reserver room for the 6 ip header, for 4077 * those that are only dealing with V4 we use 4078 * a larger frag point. 4079 */ 4080 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 4081 ovh = SCTP_MED_OVERHEAD; 4082 } else { 4083 ovh = SCTP_MED_V4_OVERHEAD; 4084 } 4085 4086 if (stcb->sctp_ep->sctp_frag_point > asoc->smallest_mtu) 4087 siz = asoc->smallest_mtu - ovh; 4088 else 4089 siz = (stcb->sctp_ep->sctp_frag_point - ovh); 4090 /* 4091 if (siz > (MCLBYTES-sizeof(struct sctp_data_chunk))) { */ 4092 /* A data chunk MUST fit in a cluster */ 4093 /* siz = (MCLBYTES - sizeof(struct sctp_data_chunk));*/ 4094 /* }*/ 4095 4096 if (siz % 4) { 4097 /* make it an even word boundary please */ 4098 siz -= (siz % 4); 4099 } 4100 return (siz); 4101 } 4102 extern unsigned int sctp_max_chunks_on_queue; 4103 4104 #define SBLOCKWAIT(f) (((f)&MSG_DONTWAIT) ? M_NOWAIT : M_WAITOK) 4105 4106 static int 4107 sctp_msg_append(struct sctp_tcb *stcb, 4108 struct sctp_nets *net, 4109 struct mbuf *m, 4110 struct sctp_sndrcvinfo *srcv, 4111 int flags) 4112 { 4113 struct socket *so; 4114 struct sctp_association *asoc; 4115 struct sctp_stream_out *strq; 4116 struct sctp_tmit_chunk *chk; 4117 struct sctpchunk_listhead tmp; 4118 struct sctp_tmit_chunk template; 4119 struct mbuf *n, *mnext; 4120 struct mbuf *mm; 4121 unsigned int dataout, siz; 4122 int mbcnt = 0; 4123 int mbcnt_e = 0; 4124 int error = 0; 4125 4126 if ((stcb == NULL) || (net == NULL) || (m == NULL) || (srcv == NULL)) { 4127 /* Software fault, you blew it on the call */ 4128 #ifdef SCTP_DEBUG 4129 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 4130 printf("software error in sctp_msg_append:1\n"); 4131 printf("stcb:%p net:%p m:%p srcv:%p\n", 4132 stcb, net, m, srcv); 4133 } 4134 #endif 4135 if (m) 4136 sctp_m_freem(m); 4137 return (EFAULT); 4138 } 4139 so = stcb->sctp_socket; 4140 asoc = &stcb->asoc; 4141 if (srcv->sinfo_flags & MSG_ABORT) { 4142 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_WAIT) && 4143 (SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_ECHOED)) { 4144 /* It has to be up before we abort */ 4145 /* how big is the user initiated abort? */ 4146 if ((m->m_flags & M_PKTHDR) && (m->m_pkthdr.len)) { 4147 dataout = m->m_pkthdr.len; 4148 } else { 4149 /* we must count */ 4150 dataout = 0; 4151 for (n = m; n; n = n->m_next) { 4152 dataout += n->m_len; 4153 } 4154 } 4155 M_PREPEND(m, sizeof(struct sctp_paramhdr), M_DONTWAIT); 4156 if (m) { 4157 struct sctp_paramhdr *ph; 4158 m->m_len = sizeof(struct sctp_paramhdr) + dataout; 4159 ph = mtod(m, struct sctp_paramhdr *); 4160 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 4161 ph->param_length = htons(m->m_len); 4162 } 4163 sctp_abort_an_association(stcb->sctp_ep, stcb, SCTP_RESPONSE_TO_USER_REQ, m); 4164 m = NULL; 4165 } else { 4166 /* Only free if we don't send an abort */ 4167 ; 4168 } 4169 goto out; 4170 } 4171 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 4172 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 4173 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 4174 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 4175 /* got data while shutting down */ 4176 error = ECONNRESET; 4177 goto out; 4178 } 4179 4180 if (srcv->sinfo_stream >= asoc->streamoutcnt) { 4181 /* Invalid stream number */ 4182 error = EINVAL; 4183 goto out; 4184 } 4185 if (asoc->strmout == NULL) { 4186 /* huh? software error */ 4187 #ifdef SCTP_DEBUG 4188 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 4189 printf("software error in sctp_msg_append:2\n"); 4190 } 4191 #endif 4192 error = EFAULT; 4193 goto out; 4194 } 4195 strq = &asoc->strmout[srcv->sinfo_stream]; 4196 /* how big is it ? */ 4197 if ((m->m_flags & M_PKTHDR) && (m->m_pkthdr.len)) { 4198 dataout = m->m_pkthdr.len; 4199 } else { 4200 /* we must count */ 4201 dataout = 0; 4202 for (n = m; n; n = n->m_next) { 4203 dataout += n->m_len; 4204 } 4205 } 4206 #ifdef SCTP_DEBUG 4207 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 4208 printf("Attempt to send out %d bytes\n", 4209 dataout); 4210 } 4211 #endif 4212 4213 /* lock the socket buf */ 4214 error = sblock(&so->so_snd, SBLOCKWAIT(flags)); 4215 if (error) 4216 goto out_locked; 4217 4218 if (dataout > so->so_snd.sb_hiwat) { 4219 /* It will NEVER fit */ 4220 error = EMSGSIZE; 4221 goto release; 4222 } 4223 if ((srcv->sinfo_flags & MSG_EOF) && 4224 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) && 4225 (dataout == 0) 4226 ) { 4227 goto zap_by_it_all; 4228 } 4229 if ((so->so_snd.sb_hiwat < 4230 (dataout + asoc->total_output_queue_size)) || 4231 (asoc->chunks_on_out_queue > sctp_max_chunks_on_queue) || 4232 (asoc->total_output_mbuf_queue_size > 4233 so->so_snd.sb_mbmax) 4234 ) { 4235 /* XXX Buffer space hunt for data to skip */ 4236 if (asoc->peer_supports_prsctp) { 4237 sctp_prune_prsctp(stcb, asoc, srcv, dataout); 4238 } 4239 while ((so->so_snd.sb_hiwat < 4240 (dataout + asoc->total_output_queue_size)) || 4241 (asoc->chunks_on_out_queue > sctp_max_chunks_on_queue) || 4242 (asoc->total_output_mbuf_queue_size > 4243 so->so_snd.sb_mbmax)) { 4244 struct sctp_inpcb *inp; 4245 /* Now did we free up enough room? */ 4246 if (so->so_state & SS_NBIO) { 4247 /* Non-blocking io in place */ 4248 error = EWOULDBLOCK; 4249 goto release; 4250 } 4251 /* 4252 * We store off a pointer to the endpoint. 4253 * Since on return from this we must check to 4254 * see if an so_error is set. If so we may have 4255 * been reset and our stcb destroyed. Returning 4256 * an error will cause the correct error return 4257 * through and fix this all. 4258 */ 4259 inp = stcb->sctp_ep; 4260 /* 4261 * Not sure how else to do this since 4262 * the level we suspended at is not 4263 * known deep down where we are. I will 4264 * drop to spl0() so that others can 4265 * get in. 4266 */ 4267 4268 inp->sctp_tcb_at_block = (void *)stcb; 4269 inp->error_on_block = 0; 4270 sbunlock(&so->so_snd); 4271 error = sbwait(&so->so_snd); 4272 /* 4273 * XXX: This is ugly but I have 4274 * recreated most of what goes on to 4275 * block in the sb. UGHH 4276 * May want to add the bit about being 4277 * no longer connected.. but this then 4278 * further dooms the UDP model NOT to 4279 * allow this. 4280 */ 4281 inp->sctp_tcb_at_block = 0; 4282 if (inp->error_on_block) 4283 error = inp->error_on_block; 4284 if (so->so_error) 4285 error = so->so_error; 4286 if (error) { 4287 goto out_locked; 4288 } 4289 error = sblock(&so->so_snd, M_WAITOK); 4290 if (error) 4291 goto out_locked; 4292 /* Otherwise we cycle back and recheck 4293 * the space 4294 */ 4295 #if defined(__FreeBSD__) && __FreeBSD_version >= 502115 4296 if (so->so_rcv.sb_state & SBS_CANTSENDMORE) { 4297 #else 4298 if (so->so_state & SS_CANTSENDMORE) { 4299 #endif 4300 error = EPIPE; 4301 goto release; 4302 } 4303 if (so->so_error) { 4304 error = so->so_error; 4305 goto release; 4306 } 4307 } 4308 } 4309 /* If we have a packet header fix it if it was broke */ 4310 if (m->m_flags & M_PKTHDR) { 4311 m->m_pkthdr.len = dataout; 4312 } 4313 /* use the smallest one, user set value or 4314 * smallest mtu of the asoc 4315 */ 4316 siz = sctp_get_frag_point(stcb, asoc); 4317 if ((dataout) && (dataout <= siz)) { 4318 /* Fast path */ 4319 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 4320 if (chk == NULL) { 4321 error = ENOMEM; 4322 goto release; 4323 } 4324 sctp_prepare_chunk(chk, stcb, srcv, strq, net); 4325 chk->whoTo->ref_count++; 4326 chk->rec.data.rcv_flags |= SCTP_DATA_NOT_FRAG; 4327 4328 /* no flags yet, FRAGMENT_OK goes here */ 4329 sctppcbinfo.ipi_count_chunk++; 4330 sctppcbinfo.ipi_gencnt_chunk++; 4331 asoc->chunks_on_out_queue++; 4332 chk->data = m; 4333 m = NULL; 4334 /* Total in the MSIZE */ 4335 for (mm = chk->data; mm; mm = mm->m_next) { 4336 mbcnt += MSIZE; 4337 if (mm->m_flags & M_EXT) { 4338 mbcnt += chk->data->m_ext.ext_size; 4339 } 4340 } 4341 /* fix up the send_size if it is not present */ 4342 chk->send_size = dataout; 4343 chk->book_size = chk->send_size; 4344 chk->mbcnt = mbcnt; 4345 /* ok, we are commited */ 4346 if ((srcv->sinfo_flags & MSG_UNORDERED) == 0) { 4347 /* bump the ssn if we are unordered. */ 4348 strq->next_sequence_sent++; 4349 } 4350 chk->data->m_nextpkt = 0; 4351 asoc->stream_queue_cnt++; 4352 TAILQ_INSERT_TAIL(&strq->outqueue, chk, sctp_next); 4353 /* now check if this stream is on the wheel */ 4354 if ((strq->next_spoke.tqe_next == NULL) && 4355 (strq->next_spoke.tqe_prev == NULL)) { 4356 /* Insert it on the wheel since it is not 4357 * on it currently 4358 */ 4359 sctp_insert_on_wheel(asoc, strq); 4360 } 4361 } else if ((dataout) && (dataout > siz)) { 4362 /* Slow path */ 4363 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_NO_FRAGMENT) && 4364 (dataout > siz)) { 4365 error = EMSGSIZE; 4366 goto release; 4367 } 4368 /* setup the template */ 4369 sctp_prepare_chunk(&template, stcb, srcv, strq, net); 4370 4371 n = m; 4372 while (dataout > siz) { 4373 /* 4374 * We can wait since this is called from the user 4375 * send side 4376 */ 4377 n->m_nextpkt = m_split(n, siz, M_WAIT); 4378 if (n->m_nextpkt == NULL) { 4379 error = EFAULT; 4380 goto release; 4381 } 4382 dataout -= siz; 4383 n = n->m_nextpkt; 4384 } 4385 /* 4386 * ok, now we have a chain on m where m->m_nextpkt points to 4387 * the next chunk and m/m->m_next chain is the piece to send. 4388 * We must go through the chains and thread them on to 4389 * sctp_tmit_chunk chains and place them all on the stream 4390 * queue, breaking the m->m_nextpkt pointers as we go. 4391 */ 4392 n = m; 4393 TAILQ_INIT(&tmp); 4394 while (n) { 4395 /* 4396 * first go through and allocate a sctp_tmit chunk 4397 * for each chunk piece 4398 */ 4399 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 4400 if (chk == NULL) { 4401 /* 4402 * ok we must spin through and dump anything 4403 * we have allocated and then jump to the 4404 * no_membad 4405 */ 4406 chk = TAILQ_FIRST(&tmp); 4407 while (chk) { 4408 TAILQ_REMOVE(&tmp, chk, sctp_next); 4409 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 4410 sctppcbinfo.ipi_count_chunk--; 4411 asoc->chunks_on_out_queue--; 4412 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 4413 panic("Chunk count is negative"); 4414 } 4415 sctppcbinfo.ipi_gencnt_chunk++; 4416 chk = TAILQ_FIRST(&tmp); 4417 } 4418 error = ENOMEM; 4419 goto release; 4420 } 4421 sctppcbinfo.ipi_count_chunk++; 4422 asoc->chunks_on_out_queue++; 4423 4424 sctppcbinfo.ipi_gencnt_chunk++; 4425 *chk = template; 4426 chk->whoTo->ref_count++; 4427 chk->data = n; 4428 /* Total in the MSIZE */ 4429 mbcnt_e = 0; 4430 for (mm = chk->data; mm; mm = mm->m_next) { 4431 mbcnt_e += MSIZE; 4432 if (mm->m_flags & M_EXT) { 4433 mbcnt_e += chk->data->m_ext.ext_size; 4434 } 4435 } 4436 /* now fix the chk->send_size */ 4437 if (chk->data->m_flags & M_PKTHDR) { 4438 chk->send_size = chk->data->m_pkthdr.len; 4439 } else { 4440 struct mbuf *nn; 4441 chk->send_size = 0; 4442 for (nn = chk->data; nn; nn = nn->m_next) { 4443 chk->send_size += nn->m_len; 4444 } 4445 } 4446 chk->book_size = chk->send_size; 4447 chk->mbcnt = mbcnt_e; 4448 mbcnt += mbcnt_e; 4449 if (chk->flags & SCTP_PR_SCTP_BUFFER) { 4450 asoc->sent_queue_cnt_removeable++; 4451 } 4452 n = n->m_nextpkt; 4453 TAILQ_INSERT_TAIL(&tmp, chk, sctp_next); 4454 } 4455 m = NULL; 4456 /* now that we have enough space for all de-couple the 4457 * chain of mbufs by going through our temp array 4458 * and breaking the pointers. 4459 */ 4460 /* ok, we are commited */ 4461 if ((srcv->sinfo_flags & MSG_UNORDERED) == 0) { 4462 /* bump the ssn if we are unordered. */ 4463 strq->next_sequence_sent++; 4464 } 4465 /* Mark the first/last flags. This will 4466 * result int a 3 for a single item on the list 4467 */ 4468 chk = TAILQ_FIRST(&tmp); 4469 chk->rec.data.rcv_flags |= SCTP_DATA_FIRST_FRAG; 4470 chk = TAILQ_LAST(&tmp, sctpchunk_listhead); 4471 chk->rec.data.rcv_flags |= SCTP_DATA_LAST_FRAG; 4472 /* now break any chains on the queue and 4473 * move it to the streams actual queue. 4474 */ 4475 chk = TAILQ_FIRST(&tmp); 4476 while (chk) { 4477 chk->data->m_nextpkt = 0; 4478 TAILQ_REMOVE(&tmp, chk, sctp_next); 4479 asoc->stream_queue_cnt++; 4480 TAILQ_INSERT_TAIL(&strq->outqueue, chk, sctp_next); 4481 chk = TAILQ_FIRST(&tmp); 4482 } 4483 /* now check if this stream is on the wheel */ 4484 if ((strq->next_spoke.tqe_next == NULL) && 4485 (strq->next_spoke.tqe_prev == NULL)) { 4486 /* Insert it on the wheel since it is not 4487 * on it currently 4488 */ 4489 sctp_insert_on_wheel(asoc, strq); 4490 } 4491 } 4492 /* has a SHUTDOWN been (also) requested by the user on this asoc? */ 4493 zap_by_it_all: 4494 4495 if ((srcv->sinfo_flags & MSG_EOF) && 4496 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)) { 4497 4498 int some_on_streamwheel = 0; 4499 4500 if (!TAILQ_EMPTY(&asoc->out_wheel)) { 4501 /* Check to see if some data queued */ 4502 struct sctp_stream_out *outs; 4503 TAILQ_FOREACH(outs, &asoc->out_wheel, next_spoke) { 4504 if (!TAILQ_EMPTY(&outs->outqueue)) { 4505 some_on_streamwheel = 1; 4506 break; 4507 } 4508 } 4509 } 4510 4511 if (TAILQ_EMPTY(&asoc->send_queue) && 4512 TAILQ_EMPTY(&asoc->sent_queue) && 4513 (some_on_streamwheel == 0)) { 4514 /* there is nothing queued to send, so I'm done... */ 4515 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 4516 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 4517 /* only send SHUTDOWN the first time through */ 4518 #ifdef SCTP_DEBUG 4519 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 4520 printf("%s:%d sends a shutdown\n", 4521 __FILE__, 4522 __LINE__ 4523 ); 4524 } 4525 #endif 4526 sctp_send_shutdown(stcb, stcb->asoc.primary_destination); 4527 asoc->state = SCTP_STATE_SHUTDOWN_SENT; 4528 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 4529 asoc->primary_destination); 4530 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 4531 asoc->primary_destination); 4532 } 4533 } else { 4534 /* 4535 * we still got (or just got) data to send, so set 4536 * SHUTDOWN_PENDING 4537 */ 4538 /* 4539 * XXX sockets draft says that MSG_EOF should be sent 4540 * with no data. currently, we will allow user data 4541 * to be sent first and move to SHUTDOWN-PENDING 4542 */ 4543 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 4544 } 4545 } 4546 #ifdef SCTP_MBCNT_LOGGING 4547 sctp_log_mbcnt(SCTP_LOG_MBCNT_INCREASE, 4548 asoc->total_output_queue_size, 4549 dataout, 4550 asoc->total_output_mbuf_queue_size, 4551 mbcnt); 4552 #endif 4553 asoc->total_output_queue_size += dataout; 4554 asoc->total_output_mbuf_queue_size += mbcnt; 4555 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 4556 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 4557 so->so_snd.sb_cc += dataout; 4558 so->so_snd.sb_mbcnt += mbcnt; 4559 } 4560 4561 #ifdef SCTP_DEBUG 4562 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 4563 printf("++total out:%d total_mbuf_out:%d\n", 4564 (int)asoc->total_output_queue_size, 4565 (int)asoc->total_output_mbuf_queue_size); 4566 } 4567 #endif 4568 4569 release: 4570 sbunlock(&so->so_snd); 4571 out_locked: 4572 4573 out: 4574 if (m && m->m_nextpkt) { 4575 n = m; 4576 while (n) { 4577 mnext = n->m_nextpkt; 4578 n->m_nextpkt = NULL; 4579 sctp_m_freem(n); 4580 n = mnext; 4581 } 4582 } else if (m) 4583 sctp_m_freem(m); 4584 4585 return (error); 4586 } 4587 4588 static struct mbuf * 4589 sctp_copy_mbufchain(struct mbuf *clonechain, 4590 struct mbuf *outchain) 4591 { 4592 struct mbuf *appendchain; 4593 #if defined(__FreeBSD__) || defined(__NetBSD__) 4594 /* Supposedly m_copypacket is an optimization, use it if we can */ 4595 if (clonechain->m_flags & M_PKTHDR) { 4596 appendchain = m_copypacket(clonechain, M_DONTWAIT); 4597 sctp_pegs[SCTP_CACHED_SRC]++; 4598 } else 4599 appendchain = m_copy(clonechain, 0, M_COPYALL); 4600 #elif defined(__APPLE__) 4601 appendchain = sctp_m_copym(clonechain, 0, M_COPYALL, M_DONTWAIT); 4602 #else 4603 appendchain = m_copy(clonechain, 0, M_COPYALL); 4604 #endif 4605 4606 if (appendchain == NULL) { 4607 /* error */ 4608 if (outchain) 4609 sctp_m_freem(outchain); 4610 return (NULL); 4611 } 4612 if (outchain) { 4613 /* tack on to the end */ 4614 struct mbuf *m; 4615 m = outchain; 4616 while (m) { 4617 if (m->m_next == NULL) { 4618 m->m_next = appendchain; 4619 break; 4620 } 4621 m = m->m_next; 4622 } 4623 if (outchain->m_flags & M_PKTHDR) { 4624 int append_tot; 4625 struct mbuf *t; 4626 t = appendchain; 4627 append_tot = 0; 4628 while (t) { 4629 append_tot += t->m_len; 4630 t = t->m_next; 4631 } 4632 outchain->m_pkthdr.len += append_tot; 4633 } 4634 return (outchain); 4635 } else { 4636 return (appendchain); 4637 } 4638 } 4639 4640 static void 4641 sctp_sendall_iterator(struct sctp_inpcb *inp, struct sctp_tcb *stcb, void *ptr, u_int32_t val) 4642 { 4643 struct sctp_copy_all *ca; 4644 struct mbuf *m; 4645 int turned_on_nonblock=0, ret; 4646 4647 ca = (struct sctp_copy_all *)ptr; 4648 if (ca->m == NULL) { 4649 return; 4650 } 4651 if (ca->inp != inp) { 4652 /* TSNH */ 4653 return; 4654 } 4655 m = sctp_copy_mbufchain(ca->m, NULL); 4656 if (m == NULL) { 4657 /* can't copy so we are done */ 4658 ca->cnt_failed++; 4659 return; 4660 } 4661 if ((stcb->sctp_socket->so_state & SS_NBIO) == 0) { 4662 /* we have to do this non-blocking */ 4663 turned_on_nonblock = 1; 4664 stcb->sctp_socket->so_state |= SS_NBIO; 4665 } 4666 ret = sctp_msg_append(stcb, stcb->asoc.primary_destination, m, &ca->sndrcv, 0); 4667 if (turned_on_nonblock) { 4668 /* we turned on non-blocking so turn it off */ 4669 stcb->sctp_socket->so_state &= ~SS_NBIO; 4670 } 4671 if (ret) { 4672 ca->cnt_failed++; 4673 } else { 4674 ca->cnt_sent++; 4675 } 4676 } 4677 4678 static void 4679 sctp_sendall_completes(void *ptr, u_int32_t val) 4680 { 4681 struct sctp_copy_all *ca; 4682 ca = (struct sctp_copy_all *)ptr; 4683 /* Do a notify here? 4684 * Kacheong suggests that the notify 4685 * be done at the send time.. so you would 4686 * push up a notification if any send failed. 4687 * Don't know if this is feasable since the 4688 * only failures we have is "memory" related and 4689 * if you cannot get an mbuf to send the data 4690 * you surely can't get an mbuf to send up 4691 * to notify the user you can't send the data :-> 4692 */ 4693 4694 /* now free everything */ 4695 m_freem(ca->m); 4696 free(ca, M_PCB); 4697 } 4698 4699 4700 #define MC_ALIGN(m, len) do { \ 4701 (m)->m_data += (MCLBYTES - (len)) & ~(sizeof(long) - 1); \ 4702 } while (0) 4703 4704 4705 4706 static struct mbuf * 4707 sctp_copy_out_all(struct uio *uio, int len) 4708 { 4709 struct mbuf *ret, *at; 4710 int left, willcpy, cancpy, error; 4711 4712 MGETHDR(ret, M_WAIT, MT_HEADER); 4713 if (ret == NULL) { 4714 /* TSNH */ 4715 return (NULL); 4716 } 4717 left = len; 4718 ret->m_len = 0; 4719 ret->m_pkthdr.len = len; 4720 MCLGET(ret, M_WAIT); 4721 if (ret == NULL) { 4722 return (NULL); 4723 } 4724 if ((ret->m_flags & M_EXT) == 0) { 4725 m_freem (ret); 4726 return (NULL); 4727 } 4728 cancpy = M_TRAILINGSPACE(ret); 4729 willcpy = min(cancpy, left); 4730 at = ret; 4731 while (left > 0) { 4732 /* Align data to the end */ 4733 MC_ALIGN(at, willcpy); 4734 error = uiomove(mtod(at, void *), willcpy, uio); 4735 if (error) { 4736 err_out_now: 4737 m_freem(ret); 4738 return (NULL); 4739 } 4740 at->m_len = willcpy; 4741 at->m_nextpkt = at->m_next = 0; 4742 left -= willcpy; 4743 if (left > 0) { 4744 MGET(at->m_next, M_WAIT, MT_DATA); 4745 if (at->m_next == NULL) { 4746 goto err_out_now; 4747 } 4748 at = at->m_next; 4749 at->m_len = 0; 4750 MCLGET(at, M_WAIT); 4751 if (at == NULL) { 4752 goto err_out_now; 4753 } 4754 if ((at->m_flags & M_EXT) == 0) { 4755 goto err_out_now; 4756 } 4757 cancpy = M_TRAILINGSPACE(at); 4758 willcpy = min(cancpy, left); 4759 } 4760 } 4761 return (ret); 4762 } 4763 4764 static int 4765 sctp_sendall (struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m, struct sctp_sndrcvinfo *srcv) 4766 { 4767 int ret; 4768 struct sctp_copy_all *ca; 4769 ca = malloc(sizeof(struct sctp_copy_all), M_PCB, M_WAIT); 4770 if (ca == NULL) { 4771 m_freem(m); 4772 return (ENOMEM); 4773 } 4774 memset (ca, 0, sizeof(struct sctp_copy_all)); 4775 4776 ca->inp = inp; 4777 ca->sndrcv = *srcv; 4778 /* take off the sendall flag, it would 4779 * be bad if we failed to do this :-0 4780 */ 4781 ca->sndrcv.sinfo_flags &= ~MSG_SENDALL; 4782 4783 /* get length and mbuf chain */ 4784 if (uio) { 4785 ca->sndlen = uio->uio_resid; 4786 ca->m = sctp_copy_out_all(uio, ca->sndlen); 4787 if (ca->m == NULL) { 4788 free(ca, M_PCB); 4789 return (ENOMEM); 4790 } 4791 } else { 4792 if ((m->m_flags & M_PKTHDR) == 0) { 4793 ca->sndlen = 0; 4794 while(m) { 4795 ca->sndlen += m->m_len; 4796 m = m->m_next; 4797 } 4798 } else { 4799 ca->sndlen = m->m_pkthdr.len; 4800 } 4801 ca->m = m; 4802 } 4803 4804 ret = sctp_initiate_iterator(sctp_sendall_iterator, SCTP_PCB_ANY_FLAGS, SCTP_ASOC_ANY_STATE, 4805 (void *)ca, 0, sctp_sendall_completes, inp); 4806 if (ret) { 4807 #ifdef SCTP_DEBUG 4808 printf("Failed to initate iterator to takeover associations\n"); 4809 #endif 4810 free(ca, M_PCB); 4811 return (EFAULT); 4812 4813 } 4814 return (0); 4815 } 4816 4817 4818 void 4819 sctp_toss_old_cookies(struct sctp_association *asoc) 4820 { 4821 struct sctp_tmit_chunk *chk, *nchk; 4822 chk = TAILQ_FIRST(&asoc->control_send_queue); 4823 while (chk) { 4824 nchk = TAILQ_NEXT(chk, sctp_next); 4825 if (chk->rec.chunk_id == SCTP_COOKIE_ECHO) { 4826 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 4827 if (chk->data) { 4828 sctp_m_freem(chk->data); 4829 chk->data = NULL; 4830 } 4831 asoc->ctrl_queue_cnt--; 4832 if (chk->whoTo) 4833 sctp_free_remote_addr(chk->whoTo); 4834 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 4835 sctppcbinfo.ipi_count_chunk--; 4836 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 4837 panic("Chunk count is negative"); 4838 } 4839 sctppcbinfo.ipi_gencnt_chunk++; 4840 } 4841 chk = nchk; 4842 } 4843 } 4844 4845 void 4846 sctp_toss_old_asconf(struct sctp_tcb *stcb) 4847 { 4848 struct sctp_association *asoc; 4849 struct sctp_tmit_chunk *chk, *chk_tmp; 4850 4851 asoc = &stcb->asoc; 4852 for (chk = TAILQ_FIRST(&asoc->control_send_queue); chk != NULL; 4853 chk = chk_tmp) { 4854 /* get next chk */ 4855 chk_tmp = TAILQ_NEXT(chk, sctp_next); 4856 /* find SCTP_ASCONF chunk in queue (only one ever in queue) */ 4857 if (chk->rec.chunk_id == SCTP_ASCONF) { 4858 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 4859 if (chk->data) { 4860 sctp_m_freem(chk->data); 4861 chk->data = NULL; 4862 } 4863 asoc->ctrl_queue_cnt--; 4864 if (chk->whoTo) 4865 sctp_free_remote_addr(chk->whoTo); 4866 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 4867 sctppcbinfo.ipi_count_chunk--; 4868 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 4869 panic("Chunk count is negative"); 4870 } 4871 sctppcbinfo.ipi_gencnt_chunk++; 4872 } 4873 } 4874 } 4875 4876 4877 static void 4878 sctp_clean_up_datalist(struct sctp_tcb *stcb, 4879 struct sctp_association *asoc, 4880 struct sctp_tmit_chunk **data_list, 4881 int bundle_at, 4882 struct sctp_nets *net) 4883 { 4884 int i; 4885 for (i = 0; i < bundle_at; i++) { 4886 /* off of the send queue */ 4887 if (i) { 4888 /* Any chunk NOT 0 you zap the time 4889 * chunk 0 gets zapped or set based on 4890 * if a RTO measurment is needed. 4891 */ 4892 data_list[i]->do_rtt = 0; 4893 } 4894 /* record time */ 4895 data_list[i]->sent_rcv_time = net->last_sent_time; 4896 TAILQ_REMOVE(&asoc->send_queue, 4897 data_list[i], 4898 sctp_next); 4899 /* on to the sent queue */ 4900 TAILQ_INSERT_TAIL(&asoc->sent_queue, 4901 data_list[i], 4902 sctp_next); 4903 /* This does not lower until the cum-ack passes it */ 4904 asoc->sent_queue_cnt++; 4905 asoc->send_queue_cnt--; 4906 if ((asoc->peers_rwnd <= 0) && 4907 (asoc->total_flight == 0) && 4908 (bundle_at == 1)) { 4909 /* Mark the chunk as being a window probe */ 4910 #ifdef SCTP_DEBUG 4911 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 4912 printf("WINDOW PROBE SET\n"); 4913 } 4914 #endif 4915 sctp_pegs[SCTP_WINDOW_PROBES]++; 4916 data_list[i]->rec.data.state_flags |= SCTP_WINDOW_PROBE; 4917 } else { 4918 data_list[i]->rec.data.state_flags &= ~SCTP_WINDOW_PROBE; 4919 } 4920 #ifdef SCTP_AUDITING_ENABLED 4921 sctp_audit_log(0xC2, 3); 4922 #endif 4923 data_list[i]->sent = SCTP_DATAGRAM_SENT; 4924 data_list[i]->snd_count = 1; 4925 net->flight_size += data_list[i]->book_size; 4926 asoc->total_flight += data_list[i]->book_size; 4927 asoc->total_flight_count++; 4928 #ifdef SCTP_LOG_RWND 4929 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND, 4930 asoc->peers_rwnd , data_list[i]->send_size, sctp_peer_chunk_oh); 4931 #endif 4932 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd, 4933 (u_int32_t)(data_list[i]->send_size + sctp_peer_chunk_oh)); 4934 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) { 4935 /* SWS sender side engages */ 4936 asoc->peers_rwnd = 0; 4937 } 4938 } 4939 } 4940 4941 static void 4942 sctp_clean_up_ctl(struct sctp_association *asoc) 4943 { 4944 struct sctp_tmit_chunk *chk, *nchk; 4945 for (chk = TAILQ_FIRST(&asoc->control_send_queue); 4946 chk; chk = nchk) { 4947 nchk = TAILQ_NEXT(chk, sctp_next); 4948 if ((chk->rec.chunk_id == SCTP_SELECTIVE_ACK) || 4949 (chk->rec.chunk_id == SCTP_HEARTBEAT_REQUEST) || 4950 (chk->rec.chunk_id == SCTP_HEARTBEAT_ACK) || 4951 (chk->rec.chunk_id == SCTP_SHUTDOWN) || 4952 (chk->rec.chunk_id == SCTP_SHUTDOWN_ACK) || 4953 (chk->rec.chunk_id == SCTP_OPERATION_ERROR) || 4954 (chk->rec.chunk_id == SCTP_PACKET_DROPPED) || 4955 (chk->rec.chunk_id == SCTP_COOKIE_ACK) || 4956 (chk->rec.chunk_id == SCTP_ECN_CWR) || 4957 (chk->rec.chunk_id == SCTP_ASCONF_ACK)) { 4958 /* Stray chunks must be cleaned up */ 4959 clean_up_anyway: 4960 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 4961 if (chk->data) { 4962 sctp_m_freem(chk->data); 4963 chk->data = NULL; 4964 } 4965 asoc->ctrl_queue_cnt--; 4966 sctp_free_remote_addr(chk->whoTo); 4967 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 4968 sctppcbinfo.ipi_count_chunk--; 4969 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 4970 panic("Chunk count is negative"); 4971 } 4972 sctppcbinfo.ipi_gencnt_chunk++; 4973 } else if (chk->rec.chunk_id == SCTP_STREAM_RESET) { 4974 struct sctp_stream_reset_req *strreq; 4975 /* special handling, we must look into the param */ 4976 strreq = mtod(chk->data, struct sctp_stream_reset_req *); 4977 if (strreq->sr_req.ph.param_type == ntohs(SCTP_STR_RESET_RESPONSE)) { 4978 goto clean_up_anyway; 4979 } 4980 } 4981 } 4982 } 4983 4984 static int 4985 sctp_move_to_outqueue(struct sctp_tcb *stcb, 4986 struct sctp_stream_out *strq) 4987 { 4988 /* Move from the stream to the send_queue keeping track of the total */ 4989 struct sctp_association *asoc; 4990 int tot_moved = 0; 4991 int failed = 0; 4992 int padval; 4993 struct sctp_tmit_chunk *chk, *nchk; 4994 struct sctp_data_chunk *dchkh; 4995 struct sctpchunk_listhead tmp; 4996 struct mbuf *orig; 4997 4998 asoc = &stcb->asoc; 4999 TAILQ_INIT(&tmp); 5000 chk = TAILQ_FIRST(&strq->outqueue); 5001 while (chk) { 5002 nchk = TAILQ_NEXT(chk, sctp_next); 5003 /* now put in the chunk header */ 5004 orig = chk->data; 5005 M_PREPEND(chk->data, sizeof(struct sctp_data_chunk), M_DONTWAIT); 5006 if (chk->data == NULL) { 5007 /* HELP */ 5008 failed++; 5009 break; 5010 } 5011 if (orig != chk->data) { 5012 /* A new mbuf was added, account for it */ 5013 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 5014 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 5015 stcb->sctp_socket->so_snd.sb_mbcnt += MSIZE; 5016 } 5017 #ifdef SCTP_MBCNT_LOGGING 5018 sctp_log_mbcnt(SCTP_LOG_MBCNT_INCREASE, 5019 asoc->total_output_queue_size, 5020 0, 5021 asoc->total_output_mbuf_queue_size, 5022 MSIZE); 5023 #endif 5024 stcb->asoc.total_output_mbuf_queue_size += MSIZE; 5025 chk->mbcnt += MSIZE; 5026 } 5027 chk->send_size += sizeof(struct sctp_data_chunk); 5028 /* This should NOT have to do anything, but 5029 * I would rather be cautious 5030 */ 5031 if (!failed && ((size_t)chk->data->m_len < sizeof(struct sctp_data_chunk))) { 5032 m_pullup(chk->data, sizeof(struct sctp_data_chunk)); 5033 if (chk->data == NULL) { 5034 failed++; 5035 break; 5036 } 5037 } 5038 dchkh = mtod(chk->data, struct sctp_data_chunk *); 5039 dchkh->ch.chunk_length = htons(chk->send_size); 5040 /* Chunks must be padded to even word boundary */ 5041 padval = chk->send_size % 4; 5042 if (padval) { 5043 /* For fragmented messages this should not 5044 * run except possibly on the last chunk 5045 */ 5046 if (sctp_pad_lastmbuf(chk->data, (4 - padval))) { 5047 /* we are in big big trouble no mbufs :< */ 5048 failed++; 5049 break; 5050 } 5051 chk->send_size += (4 - padval); 5052 } 5053 /* pull from stream queue */ 5054 TAILQ_REMOVE(&strq->outqueue, chk, sctp_next); 5055 asoc->stream_queue_cnt--; 5056 TAILQ_INSERT_TAIL(&tmp, chk, sctp_next); 5057 /* add it in to the size of moved chunks */ 5058 if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { 5059 /* we pull only one message */ 5060 break; 5061 } 5062 chk = nchk; 5063 } 5064 if (failed) { 5065 /* Gak, we just lost the user message */ 5066 chk = TAILQ_FIRST(&tmp); 5067 while (chk) { 5068 nchk = TAILQ_NEXT(chk, sctp_next); 5069 TAILQ_REMOVE(&tmp, chk, sctp_next); 5070 5071 sctp_ulp_notify(SCTP_NOTIFY_DG_FAIL, stcb, 5072 (SCTP_NOTIFY_DATAGRAM_UNSENT|SCTP_INTERNAL_ERROR), 5073 chk); 5074 5075 if (chk->data) { 5076 sctp_m_freem(chk->data); 5077 chk->data = NULL; 5078 } 5079 if (chk->whoTo) { 5080 sctp_free_remote_addr(chk->whoTo); 5081 chk->whoTo = NULL; 5082 } 5083 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 5084 sctppcbinfo.ipi_count_chunk--; 5085 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 5086 panic("Chunk count is negative"); 5087 } 5088 sctppcbinfo.ipi_gencnt_chunk++; 5089 chk = nchk; 5090 } 5091 return (0); 5092 } 5093 /* now pull them off of temp wheel */ 5094 chk = TAILQ_FIRST(&tmp); 5095 while (chk) { 5096 nchk = TAILQ_NEXT(chk, sctp_next); 5097 /* insert on send_queue */ 5098 TAILQ_REMOVE(&tmp, chk, sctp_next); 5099 TAILQ_INSERT_TAIL(&asoc->send_queue, chk, sctp_next); 5100 asoc->send_queue_cnt++; 5101 /* assign TSN */ 5102 chk->rec.data.TSN_seq = asoc->sending_seq++; 5103 5104 dchkh = mtod(chk->data, struct sctp_data_chunk *); 5105 /* Put the rest of the things in place now. Size 5106 * was done earlier in previous loop prior to 5107 * padding. 5108 */ 5109 dchkh->ch.chunk_type = SCTP_DATA; 5110 dchkh->ch.chunk_flags = chk->rec.data.rcv_flags; 5111 dchkh->dp.tsn = htonl(chk->rec.data.TSN_seq); 5112 dchkh->dp.stream_id = htons(strq->stream_no); 5113 dchkh->dp.stream_sequence = htons(chk->rec.data.stream_seq); 5114 dchkh->dp.protocol_id = chk->rec.data.payloadtype; 5115 /* total count moved */ 5116 tot_moved += chk->send_size; 5117 chk = nchk; 5118 } 5119 return (tot_moved); 5120 } 5121 5122 static void 5123 sctp_fill_outqueue(struct sctp_tcb *stcb, 5124 struct sctp_nets *net) 5125 { 5126 struct sctp_association *asoc; 5127 struct sctp_tmit_chunk *chk; 5128 struct sctp_stream_out *strq, *strqn; 5129 int mtu_fromwheel, goal_mtu; 5130 unsigned int moved, seenend, cnt_mvd=0; 5131 5132 asoc = &stcb->asoc; 5133 /* Attempt to move at least 1 MTU's worth 5134 * onto the wheel for each destination address 5135 */ 5136 goal_mtu = net->cwnd - net->flight_size; 5137 if ((unsigned int)goal_mtu < net->mtu) { 5138 goal_mtu = net->mtu; 5139 } 5140 if (sctp_pegs[SCTP_MOVED_MTU] < (unsigned int)goal_mtu) { 5141 sctp_pegs[SCTP_MOVED_MTU] = goal_mtu; 5142 } 5143 seenend = moved = mtu_fromwheel = 0; 5144 if (asoc->last_out_stream == NULL) { 5145 strq = asoc->last_out_stream = TAILQ_FIRST(&asoc->out_wheel); 5146 if (asoc->last_out_stream == NULL) { 5147 /* huh nothing on the wheel, TSNH */ 5148 return; 5149 } 5150 goto done_it; 5151 } 5152 strq = TAILQ_NEXT(asoc->last_out_stream, next_spoke); 5153 done_it: 5154 if (strq == NULL) { 5155 asoc->last_out_stream = TAILQ_FIRST(&asoc->out_wheel); 5156 } 5157 while (mtu_fromwheel < goal_mtu) { 5158 if (strq == NULL) { 5159 if (seenend == 0) { 5160 seenend = 1; 5161 strq = TAILQ_FIRST(&asoc->out_wheel); 5162 } else if ((moved == 0) && (seenend)) { 5163 /* none left on the wheel */ 5164 sctp_pegs[SCTP_MOVED_NLEF]++; 5165 return; 5166 } else if (moved) { 5167 /* 5168 * clear the flags and rotate back through 5169 * again 5170 */ 5171 moved = 0; 5172 seenend = 0; 5173 strq = TAILQ_FIRST(&asoc->out_wheel); 5174 } 5175 if (strq == NULL) 5176 break; 5177 continue; 5178 } 5179 strqn = TAILQ_NEXT(strq, next_spoke); 5180 if ((chk = TAILQ_FIRST(&strq->outqueue)) == NULL) { 5181 /* none left on this queue, prune a spoke? */ 5182 sctp_remove_from_wheel(asoc, strq); 5183 if (strq == asoc->last_out_stream) { 5184 /* the last one we used went off the wheel */ 5185 asoc->last_out_stream = NULL; 5186 } 5187 strq = strqn; 5188 continue; 5189 } 5190 if (chk->whoTo != net) { 5191 /* Skip this stream, first one on stream 5192 * does not head to our current destination. 5193 */ 5194 strq = strqn; 5195 continue; 5196 } 5197 mtu_fromwheel += sctp_move_to_outqueue(stcb, strq); 5198 cnt_mvd++; 5199 moved++; 5200 asoc->last_out_stream = strq; 5201 strq = strqn; 5202 } 5203 sctp_pegs[SCTP_MOVED_MAX]++; 5204 #ifdef SCTP_DEBUG 5205 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5206 printf("Ok we moved %d chunks to send queue\n", 5207 moved); 5208 } 5209 #endif 5210 if (sctp_pegs[SCTP_MOVED_QMAX] < cnt_mvd) { 5211 sctp_pegs[SCTP_MOVED_QMAX] = cnt_mvd; 5212 } 5213 } 5214 5215 void 5216 sctp_fix_ecn_echo(struct sctp_association *asoc) 5217 { 5218 struct sctp_tmit_chunk *chk; 5219 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 5220 if (chk->rec.chunk_id == SCTP_ECN_ECHO) { 5221 chk->sent = SCTP_DATAGRAM_UNSENT; 5222 } 5223 } 5224 } 5225 5226 static void 5227 sctp_move_to_an_alt(struct sctp_tcb *stcb, 5228 struct sctp_association *asoc, 5229 struct sctp_nets *net) 5230 { 5231 struct sctp_tmit_chunk *chk; 5232 struct sctp_nets *a_net; 5233 a_net = sctp_find_alternate_net(stcb, net); 5234 if ((a_net != net) && 5235 ((a_net->dest_state & SCTP_ADDR_REACHABLE) == SCTP_ADDR_REACHABLE)) { 5236 /* 5237 * We only proceed if a valid alternate is found that is 5238 * not this one and is reachable. Here we must move all 5239 * chunks queued in the send queue off of the destination 5240 * address to our alternate. 5241 */ 5242 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 5243 if (chk->whoTo == net) { 5244 /* Move the chunk to our alternate */ 5245 sctp_free_remote_addr(chk->whoTo); 5246 chk->whoTo = a_net; 5247 a_net->ref_count++; 5248 } 5249 } 5250 } 5251 } 5252 5253 static int sctp_from_user_send=0; 5254 5255 static int 5256 sctp_med_chunk_output(struct sctp_inpcb *inp, 5257 struct sctp_tcb *stcb, 5258 struct sctp_association *asoc, 5259 int *num_out, 5260 int *reason_code, 5261 int control_only, int *cwnd_full, int from_where, 5262 struct timeval *now, int *now_filled) 5263 { 5264 /* 5265 * Ok this is the generic chunk service queue. 5266 * we must do the following: 5267 * - Service the stream queue that is next, moving any message 5268 * (note I must get a complete message i.e. FIRST/MIDDLE and 5269 * LAST to the out queue in one pass) and assigning TSN's 5270 * - Check to see if the cwnd/rwnd allows any output, if so we 5271 * go ahead and fomulate and send the low level chunks. Making 5272 * sure to combine any control in the control chunk queue also. 5273 */ 5274 struct sctp_nets *net; 5275 struct mbuf *outchain; 5276 struct sctp_tmit_chunk *chk, *nchk; 5277 struct sctphdr *shdr; 5278 /* temp arrays for unlinking */ 5279 struct sctp_tmit_chunk *data_list[SCTP_MAX_DATA_BUNDLING]; 5280 int no_fragmentflg, error; 5281 int one_chunk, hbflag; 5282 int asconf, cookie, no_out_cnt; 5283 int bundle_at, ctl_cnt, no_data_chunks, cwnd_full_ind; 5284 unsigned int mtu, r_mtu, omtu; 5285 *num_out = 0; 5286 cwnd_full_ind = 0; 5287 ctl_cnt = no_out_cnt = asconf = cookie = 0; 5288 /* 5289 * First lets prime the pump. For each destination, if there 5290 * is room in the flight size, attempt to pull an MTU's worth 5291 * out of the stream queues into the general send_queue 5292 */ 5293 #ifdef SCTP_AUDITING_ENABLED 5294 sctp_audit_log(0xC2, 2); 5295 #endif 5296 #ifdef SCTP_DEBUG 5297 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5298 printf("***********************\n"); 5299 } 5300 #endif 5301 hbflag = 0; 5302 if (control_only) 5303 no_data_chunks = 1; 5304 else 5305 no_data_chunks = 0; 5306 5307 /* Nothing to possible to send? */ 5308 if (TAILQ_EMPTY(&asoc->control_send_queue) && 5309 TAILQ_EMPTY(&asoc->send_queue) && 5310 TAILQ_EMPTY(&asoc->out_wheel)) { 5311 #ifdef SCTP_DEBUG 5312 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5313 printf("All wheels empty\n"); 5314 } 5315 #endif 5316 return (0); 5317 } 5318 if (asoc->peers_rwnd <= 0) { 5319 /* No room in peers rwnd */ 5320 *cwnd_full = 1; 5321 *reason_code = 1; 5322 if (asoc->total_flight > 0) { 5323 /* we are allowed one chunk in flight */ 5324 no_data_chunks = 1; 5325 sctp_pegs[SCTP_RWND_BLOCKED]++; 5326 } 5327 } 5328 #ifdef SCTP_DEBUG 5329 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5330 printf("Ok we have done the fillup no_data_chunk=%d tf=%d prw:%d\n", 5331 (int)no_data_chunks, 5332 (int)asoc->total_flight, (int)asoc->peers_rwnd); 5333 } 5334 #endif 5335 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 5336 #ifdef SCTP_DEBUG 5337 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5338 printf("net:%p fs:%d cwnd:%d\n", 5339 net, net->flight_size, net->cwnd); 5340 } 5341 #endif 5342 if (net->flight_size >= net->cwnd) { 5343 /* skip this network, no room */ 5344 cwnd_full_ind++; 5345 #ifdef SCTP_DEBUG 5346 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5347 printf("Ok skip fillup->fs:%d > cwnd:%d\n", 5348 net->flight_size, 5349 net->cwnd); 5350 } 5351 #endif 5352 sctp_pegs[SCTP_CWND_NOFILL]++; 5353 continue; 5354 } 5355 /* 5356 * spin through the stream queues moving one message and 5357 * assign TSN's as appropriate. 5358 */ 5359 sctp_fill_outqueue(stcb, net); 5360 } 5361 *cwnd_full = cwnd_full_ind; 5362 /* now service each destination and send out what we can for it */ 5363 #ifdef SCTP_DEBUG 5364 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5365 int chk_cnt = 0; 5366 TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) { 5367 chk_cnt++; 5368 } 5369 printf("We have %d chunks on the send_queue\n", chk_cnt); 5370 chk_cnt = 0; 5371 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 5372 chk_cnt++; 5373 } 5374 printf("We have %d chunks on the sent_queue\n", chk_cnt); 5375 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 5376 chk_cnt++; 5377 } 5378 printf("We have %d chunks on the control_queue\n", chk_cnt); 5379 } 5380 #endif 5381 /* If we have data to send, and DSACK is running, stop it 5382 * and build a SACK to dump on to bundle with output. This 5383 * actually MAY make it so the bundling does not occur if 5384 * the SACK is big but I think this is ok because basic SACK 5385 * space is pre-reserved in our fragmentation size choice. 5386 */ 5387 if ((TAILQ_FIRST(&asoc->send_queue) != NULL) && 5388 (no_data_chunks == 0)) { 5389 /* We will be sending something */ 5390 if (callout_pending(&stcb->asoc.dack_timer.timer)) { 5391 /* Yep a callout is pending */ 5392 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 5393 stcb->sctp_ep, 5394 stcb, NULL); 5395 sctp_send_sack(stcb); 5396 } 5397 } 5398 /* Nothing to send? */ 5399 if ((TAILQ_FIRST(&asoc->control_send_queue) == NULL) && 5400 (TAILQ_FIRST(&asoc->send_queue) == NULL)) { 5401 return (0); 5402 } 5403 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 5404 /* how much can we send? */ 5405 if (net->ref_count < 2) { 5406 /* Ref-count of 1 so we cannot have data or control 5407 * queued to this address. Skip it. 5408 */ 5409 continue; 5410 } 5411 ctl_cnt = bundle_at = 0; 5412 outchain = NULL; 5413 no_fragmentflg = 1; 5414 one_chunk = 0; 5415 5416 if (rtcache_validate(&net->ro)) { 5417 /* if we have a route and an ifp 5418 * check to see if we have room to 5419 * send to this guy 5420 */ 5421 struct ifnet *ifp; 5422 ifp = net->ro._ro_rt->rt_ifp; 5423 if ((ifp->if_snd.ifq_len + 2) >= ifp->if_snd.ifq_maxlen) { 5424 sctp_pegs[SCTP_IFP_QUEUE_FULL]++; 5425 #ifdef SCTP_LOG_MAXBURST 5426 sctp_log_maxburst(net, ifp->if_snd.ifq_len, ifp->if_snd.ifq_maxlen, SCTP_MAX_IFP_APPLIED); 5427 #endif 5428 continue; 5429 } 5430 } 5431 if (((struct sockaddr *)&net->ro.ro_sa)->sa_family == AF_INET) { 5432 mtu = net->mtu - (sizeof(struct ip) + sizeof(struct sctphdr)); 5433 } else { 5434 mtu = net->mtu - (sizeof(struct ip6_hdr) + sizeof(struct sctphdr)); 5435 } 5436 if (mtu > asoc->peers_rwnd) { 5437 if (asoc->total_flight > 0) { 5438 /* We have a packet in flight somewhere */ 5439 r_mtu = asoc->peers_rwnd; 5440 } else { 5441 /* We are always allowed to send one MTU out */ 5442 one_chunk = 1; 5443 r_mtu = mtu; 5444 } 5445 } else { 5446 r_mtu = mtu; 5447 } 5448 #ifdef SCTP_DEBUG 5449 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5450 printf("Ok r_mtu is %d mtu is %d for this net:%p one_chunk:%d\n", 5451 r_mtu, mtu, net, one_chunk); 5452 } 5453 #endif 5454 /************************/ 5455 /* Control transmission */ 5456 /************************/ 5457 /* Now first lets go through the control queue */ 5458 for (chk = TAILQ_FIRST(&asoc->control_send_queue); 5459 chk; chk = nchk) { 5460 nchk = TAILQ_NEXT(chk, sctp_next); 5461 if (chk->whoTo != net) { 5462 /* 5463 * No, not sent to the network we are 5464 * looking at 5465 */ 5466 continue; 5467 } 5468 if (chk->data == NULL) { 5469 continue; 5470 } 5471 if ((chk->data->m_flags & M_PKTHDR) == 0) { 5472 /* 5473 * NOTE: the chk queue MUST have the PKTHDR 5474 * flag set on it with a total in the 5475 * m_pkthdr.len field!! else the chunk will 5476 * ALWAYS be skipped 5477 */ 5478 continue; 5479 } 5480 if (chk->sent != SCTP_DATAGRAM_UNSENT) { 5481 /* 5482 * It must be unsent. Cookies and ASCONF's 5483 * hang around but there timers will force 5484 * when marked for resend. 5485 */ 5486 continue; 5487 } 5488 /* Here we do NOT factor the r_mtu */ 5489 if ((chk->data->m_pkthdr.len < (int)mtu) || 5490 (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) { 5491 /* 5492 * We probably should glom the mbuf chain from 5493 * the chk->data for control but the problem 5494 * is it becomes yet one more level of 5495 * tracking to do if for some reason output 5496 * fails. Then I have got to reconstruct the 5497 * merged control chain.. el yucko.. for now 5498 * we take the easy way and do the copy 5499 */ 5500 outchain = sctp_copy_mbufchain(chk->data, 5501 outchain); 5502 if (outchain == NULL) { 5503 return (ENOMEM); 5504 } 5505 /* update our MTU size */ 5506 if (mtu > chk->data->m_pkthdr.len) 5507 mtu -= chk->data->m_pkthdr.len; 5508 else 5509 mtu = 0; 5510 /* Do clear IP_DF ? */ 5511 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 5512 no_fragmentflg = 0; 5513 } 5514 /* Mark things to be removed, if needed */ 5515 if ((chk->rec.chunk_id == SCTP_SELECTIVE_ACK) || 5516 (chk->rec.chunk_id == SCTP_HEARTBEAT_REQUEST) || 5517 (chk->rec.chunk_id == SCTP_HEARTBEAT_ACK) || 5518 (chk->rec.chunk_id == SCTP_SHUTDOWN) || 5519 (chk->rec.chunk_id == SCTP_SHUTDOWN_ACK) || 5520 (chk->rec.chunk_id == SCTP_OPERATION_ERROR) || 5521 (chk->rec.chunk_id == SCTP_COOKIE_ACK) || 5522 (chk->rec.chunk_id == SCTP_ECN_CWR) || 5523 (chk->rec.chunk_id == SCTP_PACKET_DROPPED) || 5524 (chk->rec.chunk_id == SCTP_ASCONF_ACK)) { 5525 5526 if (chk->rec.chunk_id == SCTP_HEARTBEAT_REQUEST) 5527 hbflag = 1; 5528 /* remove these chunks at the end */ 5529 if (chk->rec.chunk_id == SCTP_SELECTIVE_ACK) { 5530 /* turn off the timer */ 5531 if (callout_pending(&stcb->asoc.dack_timer.timer)) { 5532 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 5533 inp, stcb, net); 5534 } 5535 } 5536 ctl_cnt++; 5537 } else { 5538 /* 5539 * Other chunks, since they have 5540 * timers running (i.e. COOKIE or 5541 * ASCONF) we just "trust" that it 5542 * gets sent or retransmitted. 5543 */ 5544 ctl_cnt++; 5545 if (chk->rec.chunk_id == SCTP_COOKIE_ECHO) { 5546 cookie = 1; 5547 no_out_cnt = 1; 5548 } else if (chk->rec.chunk_id == SCTP_ASCONF) { 5549 /* 5550 * set hb flag since we can use 5551 * these for RTO 5552 */ 5553 hbflag = 1; 5554 asconf = 1; 5555 } 5556 chk->sent = SCTP_DATAGRAM_SENT; 5557 chk->snd_count++; 5558 } 5559 if (mtu == 0) { 5560 /* 5561 * Ok we are out of room but we can 5562 * output without effecting the flight 5563 * size since this little guy is a 5564 * control only packet. 5565 */ 5566 if (asconf) { 5567 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, net); 5568 asconf = 0; 5569 } 5570 if (cookie) { 5571 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net); 5572 cookie = 0; 5573 } 5574 if (outchain->m_len == 0) { 5575 /* 5576 * Special case for when you 5577 * get a 0 len mbuf at the 5578 * head due to the lack of a 5579 * MHDR at the beginning. 5580 */ 5581 outchain->m_len = sizeof(struct sctphdr); 5582 } else { 5583 M_PREPEND(outchain, sizeof(struct sctphdr), M_DONTWAIT); 5584 if (outchain == NULL) { 5585 /* no memory */ 5586 error = ENOBUFS; 5587 goto error_out_again; 5588 } 5589 } 5590 shdr = mtod(outchain, struct sctphdr *); 5591 shdr->src_port = inp->sctp_lport; 5592 shdr->dest_port = stcb->rport; 5593 shdr->v_tag = htonl(stcb->asoc.peer_vtag); 5594 shdr->checksum = 0; 5595 5596 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 5597 rtcache_getdst(&net->ro), 5598 outchain, 5599 no_fragmentflg, 0, NULL, asconf))) { 5600 if (error == ENOBUFS) { 5601 asoc->ifp_had_enobuf = 1; 5602 } 5603 sctp_pegs[SCTP_DATA_OUT_ERR]++; 5604 if (from_where == 0) { 5605 sctp_pegs[SCTP_ERROUT_FRM_USR]++; 5606 } 5607 error_out_again: 5608 #ifdef SCTP_DEBUG 5609 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 5610 printf("Gak got ctrl error %d\n", error); 5611 } 5612 #endif 5613 /* error, could not output */ 5614 if (hbflag) { 5615 #ifdef SCTP_DEBUG 5616 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5617 printf("Update HB anyway\n"); 5618 } 5619 #endif 5620 if (*now_filled == 0) { 5621 SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 5622 *now_filled = 1; 5623 *now = net->last_sent_time; 5624 } else { 5625 net->last_sent_time = *now; 5626 } 5627 hbflag = 0; 5628 } 5629 if (error == EHOSTUNREACH) { 5630 /* 5631 * Destination went 5632 * unreachable during 5633 * this send 5634 */ 5635 #ifdef SCTP_DEBUG 5636 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5637 printf("Moving data to an alterante\n"); 5638 } 5639 #endif 5640 sctp_move_to_an_alt(stcb, asoc, net); 5641 } 5642 sctp_clean_up_ctl (asoc); 5643 return (error); 5644 } else 5645 asoc->ifp_had_enobuf = 0; 5646 /* Only HB or ASCONF advances time */ 5647 if (hbflag) { 5648 if (*now_filled == 0) { 5649 SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 5650 *now_filled = 1; 5651 *now = net->last_sent_time; 5652 } else { 5653 net->last_sent_time = *now; 5654 } 5655 hbflag = 0; 5656 } 5657 /* 5658 * increase the number we sent, if a 5659 * cookie is sent we don't tell them 5660 * any was sent out. 5661 */ 5662 if (!no_out_cnt) 5663 *num_out += ctl_cnt; 5664 /* recalc a clean slate and setup */ 5665 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 5666 mtu = (net->mtu - SCTP_MIN_OVERHEAD); 5667 } else { 5668 mtu = (net->mtu - SCTP_MIN_V4_OVERHEAD); 5669 } 5670 no_fragmentflg = 1; 5671 } 5672 } 5673 } 5674 /*********************/ 5675 /* Data transmission */ 5676 /*********************/ 5677 /* now lets add any data within the MTU constraints */ 5678 if (((struct sockaddr *)&net->ro.ro_sa)->sa_family == AF_INET) { 5679 omtu = net->mtu - (sizeof(struct ip) + sizeof(struct sctphdr)); 5680 } else { 5681 omtu = net->mtu - (sizeof(struct ip6_hdr) + sizeof(struct sctphdr)); 5682 } 5683 5684 #ifdef SCTP_DEBUG 5685 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5686 printf("Now to data transmission\n"); 5687 } 5688 #endif 5689 5690 if (((asoc->state & SCTP_STATE_OPEN) == SCTP_STATE_OPEN) || 5691 (cookie)) { 5692 for (chk = TAILQ_FIRST(&asoc->send_queue); chk; chk = nchk) { 5693 if (no_data_chunks) { 5694 /* let only control go out */ 5695 #ifdef SCTP_DEBUG 5696 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5697 printf("Either nothing to send or we are full\n"); 5698 } 5699 #endif 5700 break; 5701 } 5702 if (net->flight_size >= net->cwnd) { 5703 /* skip this net, no room for data */ 5704 #ifdef SCTP_DEBUG 5705 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5706 printf("fs:%d > cwnd:%d\n", 5707 net->flight_size, net->cwnd); 5708 } 5709 #endif 5710 sctp_pegs[SCTP_CWND_BLOCKED]++; 5711 *reason_code = 2; 5712 break; 5713 } 5714 nchk = TAILQ_NEXT(chk, sctp_next); 5715 if (chk->whoTo != net) { 5716 /* No, not sent to this net */ 5717 #ifdef SCTP_DEBUG 5718 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5719 printf("chk->whoTo:%p not %p\n", 5720 chk->whoTo, net); 5721 5722 } 5723 #endif 5724 continue; 5725 } 5726 #ifdef SCTP_DEBUG 5727 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5728 printf("Can we pick up a chunk?\n"); 5729 } 5730 #endif 5731 if ((chk->send_size > omtu) && ((chk->flags & CHUNK_FLAGS_FRAGMENT_OK) == 0)) { 5732 /* strange, we have a chunk that is to bit 5733 * for its destination and yet no fragment ok flag. 5734 * Something went wrong when the PMTU changed...we did 5735 * not mark this chunk for some reason?? I will 5736 * fix it here by letting IP fragment it for now and 5737 * printing a warning. This really should not happen ... 5738 */ 5739 /*#ifdef SCTP_DEBUG*/ 5740 printf("Warning chunk of %d bytes > mtu:%d and yet PMTU disc missed\n", 5741 chk->send_size, mtu); 5742 /*#endif*/ 5743 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK; 5744 } 5745 5746 if (((chk->send_size <= mtu) && (chk->send_size <= r_mtu)) || 5747 ((chk->flags & CHUNK_FLAGS_FRAGMENT_OK) && (chk->send_size <= asoc->peers_rwnd))) { 5748 /* ok we will add this one */ 5749 #ifdef SCTP_DEBUG 5750 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5751 printf("Picking up the chunk\n"); 5752 } 5753 #endif 5754 outchain = sctp_copy_mbufchain(chk->data, outchain); 5755 if (outchain == NULL) { 5756 #ifdef SCTP_DEBUG 5757 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5758 printf("Gakk no memory\n"); 5759 } 5760 #endif 5761 if (!callout_pending(&net->rxt_timer.timer)) { 5762 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 5763 } 5764 return (ENOMEM); 5765 } 5766 /* upate our MTU size */ 5767 /* Do clear IP_DF ? */ 5768 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 5769 no_fragmentflg = 0; 5770 } 5771 mtu -= chk->send_size; 5772 r_mtu -= chk->send_size; 5773 data_list[bundle_at++] = chk; 5774 if (bundle_at >= SCTP_MAX_DATA_BUNDLING) { 5775 mtu = 0; 5776 break; 5777 } 5778 if (mtu <= 0) { 5779 mtu = 0; 5780 break; 5781 } 5782 if ((r_mtu <= 0) || one_chunk) { 5783 r_mtu = 0; 5784 break; 5785 } 5786 } else { 5787 /* 5788 * Must be sent in order of the TSN's 5789 * (on a network) 5790 */ 5791 #ifdef SCTP_DEBUG 5792 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5793 printf("ok no more chk:%d > mtu:%d || < r_mtu:%d\n", 5794 chk->send_size, mtu, r_mtu); 5795 } 5796 #endif 5797 5798 break; 5799 } 5800 }/* for () */ 5801 } /* if asoc.state OPEN */ 5802 /* Is there something to send for this destination? */ 5803 #ifdef SCTP_DEBUG 5804 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5805 printf("ok now is chain assembled? %p\n", 5806 outchain); 5807 } 5808 #endif 5809 5810 if (outchain) { 5811 /* We may need to start a control timer or two */ 5812 if (asconf) { 5813 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, net); 5814 asconf = 0; 5815 } 5816 if (cookie) { 5817 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net); 5818 cookie = 0; 5819 } 5820 /* must start a send timer if data is being sent */ 5821 if (bundle_at && (!callout_pending(&net->rxt_timer.timer))) { 5822 /* no timer running on this destination 5823 * restart it. 5824 */ 5825 #ifdef SCTP_DEBUG 5826 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5827 printf("ok lets start a send timer .. we will transmit %p\n", 5828 outchain); 5829 } 5830 #endif 5831 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 5832 } 5833 /* Now send it, if there is anything to send :> */ 5834 if ((outchain->m_flags & M_PKTHDR) == 0) { 5835 struct mbuf *t; 5836 5837 MGETHDR(t, M_DONTWAIT, MT_HEADER); 5838 if (t == NULL) { 5839 sctp_m_freem(outchain); 5840 return (ENOMEM); 5841 } 5842 t->m_next = outchain; 5843 t->m_pkthdr.len = 0; 5844 m_reset_rcvif(t); 5845 t->m_len = 0; 5846 5847 outchain = t; 5848 while (t) { 5849 outchain->m_pkthdr.len += t->m_len; 5850 t = t->m_next; 5851 } 5852 } 5853 if (outchain->m_len == 0) { 5854 /* Special case for when you get a 0 len 5855 * mbuf at the head due to the lack 5856 * of a MHDR at the beginning. 5857 */ 5858 MH_ALIGN(outchain, sizeof(struct sctphdr)); 5859 outchain->m_len = sizeof(struct sctphdr); 5860 } else { 5861 M_PREPEND(outchain, sizeof(struct sctphdr), M_DONTWAIT); 5862 if (outchain == NULL) { 5863 /* out of mbufs */ 5864 error = ENOBUFS; 5865 goto errored_send; 5866 } 5867 } 5868 shdr = mtod(outchain, struct sctphdr *); 5869 shdr->src_port = inp->sctp_lport; 5870 shdr->dest_port = stcb->rport; 5871 shdr->v_tag = htonl(stcb->asoc.peer_vtag); 5872 shdr->checksum = 0; 5873 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 5874 rtcache_getdst(&net->ro), 5875 outchain, 5876 no_fragmentflg, bundle_at, data_list[0], asconf))) { 5877 /* error, we could not output */ 5878 if (error == ENOBUFS) { 5879 asoc->ifp_had_enobuf = 1; 5880 } 5881 sctp_pegs[SCTP_DATA_OUT_ERR]++; 5882 if (from_where == 0) { 5883 sctp_pegs[SCTP_ERROUT_FRM_USR]++; 5884 } 5885 5886 errored_send: 5887 #ifdef SCTP_DEBUG 5888 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5889 printf("Gak send error %d\n", error); 5890 } 5891 #endif 5892 if (hbflag) { 5893 #ifdef SCTP_DEBUG 5894 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5895 printf("Update HB time anyway\n"); 5896 } 5897 #endif 5898 if (*now_filled == 0) { 5899 SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 5900 *now_filled = 1; 5901 *now = net->last_sent_time; 5902 } else { 5903 net->last_sent_time = *now; 5904 } 5905 hbflag = 0; 5906 } 5907 if (error == EHOSTUNREACH) { 5908 /* 5909 * Destination went unreachable during 5910 * this send 5911 */ 5912 #ifdef SCTP_DEBUG 5913 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 5914 printf("Calling the movement routine\n"); 5915 } 5916 #endif 5917 sctp_move_to_an_alt(stcb, asoc, net); 5918 } 5919 sctp_clean_up_ctl (asoc); 5920 return (error); 5921 } else { 5922 asoc->ifp_had_enobuf = 0; 5923 } 5924 if (bundle_at || hbflag) { 5925 /* For data/asconf and hb set time */ 5926 if (*now_filled == 0) { 5927 SCTP_GETTIME_TIMEVAL(&net->last_sent_time); 5928 *now_filled = 1; 5929 *now = net->last_sent_time; 5930 } else { 5931 net->last_sent_time = *now; 5932 } 5933 } 5934 5935 if (!no_out_cnt) { 5936 *num_out += (ctl_cnt + bundle_at); 5937 } 5938 if (bundle_at) { 5939 if (!net->rto_pending) { 5940 /* setup for a RTO measurement */ 5941 net->rto_pending = 1; 5942 data_list[0]->do_rtt = 1; 5943 } else { 5944 data_list[0]->do_rtt = 0; 5945 } 5946 sctp_pegs[SCTP_PEG_TSNS_SENT] += bundle_at; 5947 sctp_clean_up_datalist(stcb, asoc, data_list, bundle_at, net); 5948 } 5949 if (one_chunk) { 5950 break; 5951 } 5952 } 5953 } 5954 /* At the end there should be no NON timed 5955 * chunks hanging on this queue. 5956 */ 5957 if ((*num_out == 0) && (*reason_code == 0)) { 5958 *reason_code = 3; 5959 } 5960 sctp_clean_up_ctl (asoc); 5961 return (0); 5962 } 5963 5964 void 5965 sctp_queue_op_err(struct sctp_tcb *stcb, struct mbuf *op_err) 5966 { 5967 /* Prepend a OPERATIONAL_ERROR chunk header 5968 * and put on the end of the control chunk queue. 5969 */ 5970 /* Sender had better have gotten a MGETHDR or else 5971 * the control chunk will be forever skipped 5972 */ 5973 struct sctp_chunkhdr *hdr; 5974 struct sctp_tmit_chunk *chk; 5975 struct mbuf *mat; 5976 5977 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 5978 if (chk == NULL) { 5979 /* no memory */ 5980 sctp_m_freem(op_err); 5981 return; 5982 } 5983 sctppcbinfo.ipi_count_chunk++; 5984 sctppcbinfo.ipi_gencnt_chunk++; 5985 M_PREPEND(op_err, sizeof(struct sctp_chunkhdr), M_DONTWAIT); 5986 if (op_err == NULL) { 5987 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 5988 sctppcbinfo.ipi_count_chunk--; 5989 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 5990 panic("Chunk count is negative"); 5991 } 5992 sctppcbinfo.ipi_gencnt_chunk++; 5993 return; 5994 } 5995 chk->send_size = 0; 5996 mat = op_err; 5997 while (mat != NULL) { 5998 chk->send_size += mat->m_len; 5999 mat = mat->m_next; 6000 } 6001 chk->rec.chunk_id = SCTP_OPERATION_ERROR; 6002 chk->sent = SCTP_DATAGRAM_UNSENT; 6003 chk->snd_count = 0; 6004 chk->flags = 0; 6005 chk->asoc = &stcb->asoc; 6006 chk->data = op_err; 6007 chk->whoTo = chk->asoc->primary_destination; 6008 chk->whoTo->ref_count++; 6009 hdr = mtod(op_err, struct sctp_chunkhdr *); 6010 hdr->chunk_type = SCTP_OPERATION_ERROR; 6011 hdr->chunk_flags = 0; 6012 hdr->chunk_length = htons(chk->send_size); 6013 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, 6014 chk, 6015 sctp_next); 6016 chk->asoc->ctrl_queue_cnt++; 6017 } 6018 6019 int 6020 sctp_send_cookie_echo(struct mbuf *m, 6021 int offset, 6022 struct sctp_tcb *stcb, 6023 struct sctp_nets *net) 6024 { 6025 /* 6026 * pull out the cookie and put it at the front of the control 6027 * chunk queue. 6028 */ 6029 int at; 6030 struct mbuf *cookie, *mat; 6031 struct sctp_paramhdr parm, *phdr; 6032 struct sctp_chunkhdr *hdr; 6033 struct sctp_tmit_chunk *chk; 6034 uint16_t ptype, plen; 6035 /* First find the cookie in the param area */ 6036 cookie = NULL; 6037 at = offset + sizeof(struct sctp_init_chunk); 6038 6039 do { 6040 phdr = sctp_get_next_param(m, at, &parm, sizeof(parm)); 6041 if (phdr == NULL) { 6042 return (-3); 6043 } 6044 ptype = ntohs(phdr->param_type); 6045 plen = ntohs(phdr->param_length); 6046 if (ptype == SCTP_STATE_COOKIE) { 6047 int pad; 6048 /* found the cookie */ 6049 if ((pad = (plen % 4))) { 6050 plen += 4 - pad; 6051 } 6052 cookie = sctp_m_copym(m, at, plen, M_DONTWAIT); 6053 if (cookie == NULL) { 6054 /* No memory */ 6055 return (-2); 6056 } 6057 break; 6058 } 6059 at += SCTP_SIZE32(plen); 6060 } while (phdr); 6061 if (cookie == NULL) { 6062 /* Did not find the cookie */ 6063 return (-3); 6064 } 6065 /* ok, we got the cookie lets change it into a cookie echo chunk */ 6066 6067 /* first the change from param to cookie */ 6068 hdr = mtod(cookie, struct sctp_chunkhdr *); 6069 hdr->chunk_type = SCTP_COOKIE_ECHO; 6070 hdr->chunk_flags = 0; 6071 /* now we MUST have a PKTHDR on it */ 6072 if ((cookie->m_flags & M_PKTHDR) != M_PKTHDR) { 6073 /* we hope this happens rarely */ 6074 MGETHDR(mat, M_DONTWAIT, MT_HEADER); 6075 if (mat == NULL) { 6076 sctp_m_freem(cookie); 6077 return (-4); 6078 } 6079 mat->m_len = 0; 6080 m_reset_rcvif(mat); 6081 mat->m_next = cookie; 6082 cookie = mat; 6083 } 6084 cookie->m_pkthdr.len = plen; 6085 /* get the chunk stuff now and place it in the FRONT of the queue */ 6086 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 6087 if (chk == NULL) { 6088 /* no memory */ 6089 sctp_m_freem(cookie); 6090 return (-5); 6091 } 6092 sctppcbinfo.ipi_count_chunk++; 6093 sctppcbinfo.ipi_gencnt_chunk++; 6094 chk->send_size = cookie->m_pkthdr.len; 6095 chk->rec.chunk_id = SCTP_COOKIE_ECHO; 6096 chk->sent = SCTP_DATAGRAM_UNSENT; 6097 chk->snd_count = 0; 6098 chk->flags = 0; 6099 chk->asoc = &stcb->asoc; 6100 chk->data = cookie; 6101 chk->whoTo = chk->asoc->primary_destination; 6102 chk->whoTo->ref_count++; 6103 TAILQ_INSERT_HEAD(&chk->asoc->control_send_queue, chk, sctp_next); 6104 chk->asoc->ctrl_queue_cnt++; 6105 return (0); 6106 } 6107 6108 void 6109 sctp_send_heartbeat_ack(struct sctp_tcb *stcb, 6110 struct mbuf *m, 6111 int offset, 6112 int chk_length, 6113 struct sctp_nets *net) 6114 { 6115 /* take a HB request and make it into a 6116 * HB ack and send it. 6117 */ 6118 struct mbuf *outchain; 6119 struct sctp_chunkhdr *chdr; 6120 struct sctp_tmit_chunk *chk; 6121 6122 6123 if (net == NULL) 6124 /* must have a net pointer */ 6125 return; 6126 6127 outchain = sctp_m_copym(m, offset, chk_length, M_DONTWAIT); 6128 if (outchain == NULL) { 6129 /* gak out of memory */ 6130 return; 6131 } 6132 chdr = mtod(outchain, struct sctp_chunkhdr *); 6133 chdr->chunk_type = SCTP_HEARTBEAT_ACK; 6134 chdr->chunk_flags = 0; 6135 if ((outchain->m_flags & M_PKTHDR) != M_PKTHDR) { 6136 /* should not happen but we are cautious. */ 6137 struct mbuf *tmp; 6138 MGETHDR(tmp, M_DONTWAIT, MT_HEADER); 6139 if (tmp == NULL) { 6140 return; 6141 } 6142 tmp->m_len = 0; 6143 m_reset_rcvif(tmp); 6144 tmp->m_next = outchain; 6145 outchain = tmp; 6146 } 6147 outchain->m_pkthdr.len = chk_length; 6148 if (chk_length % 4) { 6149 /* need pad */ 6150 u_int32_t cpthis=0; 6151 int padlen; 6152 padlen = 4 - (outchain->m_pkthdr.len % 4); 6153 m_copyback(outchain, outchain->m_pkthdr.len, padlen, (void *)&cpthis); 6154 } 6155 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 6156 if (chk == NULL) { 6157 /* no memory */ 6158 sctp_m_freem(outchain); 6159 return ; 6160 } 6161 sctppcbinfo.ipi_count_chunk++; 6162 sctppcbinfo.ipi_gencnt_chunk++; 6163 6164 chk->send_size = chk_length; 6165 chk->rec.chunk_id = SCTP_HEARTBEAT_ACK; 6166 chk->sent = SCTP_DATAGRAM_UNSENT; 6167 chk->snd_count = 0; 6168 chk->flags = 0; 6169 chk->asoc = &stcb->asoc; 6170 chk->data = outchain; 6171 chk->whoTo = net; 6172 chk->whoTo->ref_count++; 6173 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 6174 chk->asoc->ctrl_queue_cnt++; 6175 } 6176 6177 int 6178 sctp_send_cookie_ack(struct sctp_tcb *stcb) { 6179 /* formulate and queue a cookie-ack back to sender */ 6180 struct mbuf *cookie_ack; 6181 struct sctp_chunkhdr *hdr; 6182 struct sctp_tmit_chunk *chk; 6183 6184 cookie_ack = NULL; 6185 MGETHDR(cookie_ack, M_DONTWAIT, MT_HEADER); 6186 if (cookie_ack == NULL) { 6187 /* no mbuf's */ 6188 return (-1); 6189 } 6190 cookie_ack->m_data += SCTP_MIN_OVERHEAD; 6191 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 6192 if (chk == NULL) { 6193 /* no memory */ 6194 sctp_m_freem(cookie_ack); 6195 return (-1); 6196 } 6197 sctppcbinfo.ipi_count_chunk++; 6198 sctppcbinfo.ipi_gencnt_chunk++; 6199 6200 chk->send_size = sizeof(struct sctp_chunkhdr); 6201 chk->rec.chunk_id = SCTP_COOKIE_ACK; 6202 chk->sent = SCTP_DATAGRAM_UNSENT; 6203 chk->snd_count = 0; 6204 chk->flags = 0; 6205 chk->asoc = &stcb->asoc; 6206 chk->data = cookie_ack; 6207 if (chk->asoc->last_control_chunk_from != NULL) { 6208 chk->whoTo = chk->asoc->last_control_chunk_from; 6209 } else { 6210 chk->whoTo = chk->asoc->primary_destination; 6211 } 6212 chk->whoTo->ref_count++; 6213 hdr = mtod(cookie_ack, struct sctp_chunkhdr *); 6214 hdr->chunk_type = SCTP_COOKIE_ACK; 6215 hdr->chunk_flags = 0; 6216 hdr->chunk_length = htons(chk->send_size); 6217 cookie_ack->m_pkthdr.len = cookie_ack->m_len = chk->send_size; 6218 m_reset_rcvif(cookie_ack); 6219 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 6220 chk->asoc->ctrl_queue_cnt++; 6221 return (0); 6222 } 6223 6224 6225 int 6226 sctp_send_shutdown_ack(struct sctp_tcb *stcb, struct sctp_nets *net) 6227 { 6228 /* formulate and queue a SHUTDOWN-ACK back to the sender */ 6229 struct mbuf *m_shutdown_ack; 6230 struct sctp_shutdown_ack_chunk *ack_cp; 6231 struct sctp_tmit_chunk *chk; 6232 6233 m_shutdown_ack = NULL; 6234 MGETHDR(m_shutdown_ack, M_DONTWAIT, MT_HEADER); 6235 if (m_shutdown_ack == NULL) { 6236 /* no mbuf's */ 6237 return (-1); 6238 } 6239 m_shutdown_ack->m_data += SCTP_MIN_OVERHEAD; 6240 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 6241 if (chk == NULL) { 6242 /* no memory */ 6243 sctp_m_freem(m_shutdown_ack); 6244 return (-1); 6245 } 6246 sctppcbinfo.ipi_count_chunk++; 6247 sctppcbinfo.ipi_gencnt_chunk++; 6248 6249 chk->send_size = sizeof(struct sctp_chunkhdr); 6250 chk->rec.chunk_id = SCTP_SHUTDOWN_ACK; 6251 chk->sent = SCTP_DATAGRAM_UNSENT; 6252 chk->snd_count = 0; 6253 chk->flags = 0; 6254 chk->asoc = &stcb->asoc; 6255 chk->data = m_shutdown_ack; 6256 chk->whoTo = net; 6257 net->ref_count++; 6258 6259 ack_cp = mtod(m_shutdown_ack, struct sctp_shutdown_ack_chunk *); 6260 ack_cp->ch.chunk_type = SCTP_SHUTDOWN_ACK; 6261 ack_cp->ch.chunk_flags = 0; 6262 ack_cp->ch.chunk_length = htons(chk->send_size); 6263 m_shutdown_ack->m_pkthdr.len = m_shutdown_ack->m_len = chk->send_size; 6264 m_reset_rcvif(m_shutdown_ack); 6265 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 6266 chk->asoc->ctrl_queue_cnt++; 6267 return (0); 6268 } 6269 6270 int 6271 sctp_send_shutdown(struct sctp_tcb *stcb, struct sctp_nets *net) 6272 { 6273 /* formulate and queue a SHUTDOWN to the sender */ 6274 struct mbuf *m_shutdown; 6275 struct sctp_shutdown_chunk *shutdown_cp; 6276 struct sctp_tmit_chunk *chk; 6277 6278 m_shutdown = NULL; 6279 MGETHDR(m_shutdown, M_DONTWAIT, MT_HEADER); 6280 if (m_shutdown == NULL) { 6281 /* no mbuf's */ 6282 return (-1); 6283 } 6284 m_shutdown->m_data += SCTP_MIN_OVERHEAD; 6285 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 6286 if (chk == NULL) { 6287 /* no memory */ 6288 sctp_m_freem(m_shutdown); 6289 return (-1); 6290 } 6291 sctppcbinfo.ipi_count_chunk++; 6292 sctppcbinfo.ipi_gencnt_chunk++; 6293 6294 chk->send_size = sizeof(struct sctp_shutdown_chunk); 6295 chk->rec.chunk_id = SCTP_SHUTDOWN; 6296 chk->sent = SCTP_DATAGRAM_UNSENT; 6297 chk->snd_count = 0; 6298 chk->flags = 0; 6299 chk->asoc = &stcb->asoc; 6300 chk->data = m_shutdown; 6301 chk->whoTo = net; 6302 net->ref_count++; 6303 6304 shutdown_cp = mtod(m_shutdown, struct sctp_shutdown_chunk *); 6305 shutdown_cp->ch.chunk_type = SCTP_SHUTDOWN; 6306 shutdown_cp->ch.chunk_flags = 0; 6307 shutdown_cp->ch.chunk_length = htons(chk->send_size); 6308 shutdown_cp->cumulative_tsn_ack = htonl(stcb->asoc.cumulative_tsn); 6309 m_shutdown->m_pkthdr.len = m_shutdown->m_len = chk->send_size; 6310 m_reset_rcvif(m_shutdown); 6311 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 6312 chk->asoc->ctrl_queue_cnt++; 6313 6314 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 6315 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 6316 stcb->sctp_ep->sctp_socket->so_snd.sb_cc = 0; 6317 soisdisconnecting(stcb->sctp_ep->sctp_socket); 6318 } 6319 return (0); 6320 } 6321 6322 int 6323 sctp_send_asconf(struct sctp_tcb *stcb, struct sctp_nets *net) 6324 { 6325 /* 6326 * formulate and queue an ASCONF to the peer 6327 * ASCONF parameters should be queued on the assoc queue 6328 */ 6329 struct sctp_tmit_chunk *chk; 6330 struct mbuf *m_asconf; 6331 6332 /* compose an ASCONF chunk, maximum length is PMTU */ 6333 m_asconf = sctp_compose_asconf(stcb); 6334 if (m_asconf == NULL) { 6335 return (-1); 6336 } 6337 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 6338 if (chk == NULL) { 6339 /* no memory */ 6340 sctp_m_freem(m_asconf); 6341 return (-1); 6342 } 6343 sctppcbinfo.ipi_count_chunk++; 6344 sctppcbinfo.ipi_gencnt_chunk++; 6345 6346 chk->data = m_asconf; 6347 chk->send_size = m_asconf->m_pkthdr.len; 6348 chk->rec.chunk_id = SCTP_ASCONF; 6349 chk->sent = SCTP_DATAGRAM_UNSENT; 6350 chk->snd_count = 0; 6351 chk->flags = 0; 6352 chk->asoc = &stcb->asoc; 6353 chk->whoTo = chk->asoc->primary_destination; 6354 chk->whoTo->ref_count++; 6355 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 6356 chk->asoc->ctrl_queue_cnt++; 6357 return (0); 6358 } 6359 6360 int 6361 sctp_send_asconf_ack(struct sctp_tcb *stcb, uint32_t retrans) 6362 { 6363 /* 6364 * formulate and queue a asconf-ack back to sender 6365 * the asconf-ack must be stored in the tcb 6366 */ 6367 struct sctp_tmit_chunk *chk; 6368 struct mbuf *m_ack; 6369 6370 /* is there a asconf-ack mbuf chain to send? */ 6371 if (stcb->asoc.last_asconf_ack_sent == NULL) { 6372 return (-1); 6373 } 6374 6375 /* copy the asconf_ack */ 6376 #if defined(__FreeBSD__) || defined(__NetBSD__) 6377 /* Supposedly the m_copypacket is a optimzation, 6378 * use it if we can. 6379 */ 6380 if (stcb->asoc.last_asconf_ack_sent->m_flags & M_PKTHDR) { 6381 m_ack = m_copypacket(stcb->asoc.last_asconf_ack_sent, M_DONTWAIT); 6382 sctp_pegs[SCTP_CACHED_SRC]++; 6383 } else 6384 m_ack = m_copy(stcb->asoc.last_asconf_ack_sent, 0, M_COPYALL); 6385 #else 6386 m_ack = m_copy(stcb->asoc.last_asconf_ack_sent, 0, M_COPYALL); 6387 #endif 6388 if (m_ack == NULL) { 6389 /* couldn't copy it */ 6390 6391 return (-1); 6392 } 6393 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 6394 if (chk == NULL) { 6395 /* no memory */ 6396 if (m_ack) 6397 sctp_m_freem(m_ack); 6398 return (-1); 6399 } 6400 sctppcbinfo.ipi_count_chunk++; 6401 sctppcbinfo.ipi_gencnt_chunk++; 6402 6403 /* figure out where it goes to */ 6404 if (retrans) { 6405 /* we're doing a retransmission */ 6406 if (stcb->asoc.used_alt_asconfack > 2) { 6407 /* tried alternate nets already, go back */ 6408 chk->whoTo = NULL; 6409 } else { 6410 /* need to try and alternate net */ 6411 chk->whoTo = sctp_find_alternate_net(stcb, stcb->asoc.last_control_chunk_from); 6412 stcb->asoc.used_alt_asconfack++; 6413 } 6414 if (chk->whoTo == NULL) { 6415 /* no alternate */ 6416 if (stcb->asoc.last_control_chunk_from == NULL) 6417 chk->whoTo = stcb->asoc.primary_destination; 6418 else 6419 chk->whoTo = stcb->asoc.last_control_chunk_from; 6420 stcb->asoc.used_alt_asconfack = 0; 6421 } 6422 } else { 6423 /* normal case */ 6424 if (stcb->asoc.last_control_chunk_from == NULL) 6425 chk->whoTo = stcb->asoc.primary_destination; 6426 else 6427 chk->whoTo = stcb->asoc.last_control_chunk_from; 6428 stcb->asoc.used_alt_asconfack = 0; 6429 } 6430 chk->data = m_ack; 6431 chk->send_size = m_ack->m_pkthdr.len; 6432 chk->rec.chunk_id = SCTP_ASCONF_ACK; 6433 chk->sent = SCTP_DATAGRAM_UNSENT; 6434 chk->snd_count = 0; 6435 chk->flags = 0; 6436 chk->asoc = &stcb->asoc; 6437 chk->whoTo->ref_count++; 6438 TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next); 6439 chk->asoc->ctrl_queue_cnt++; 6440 return (0); 6441 } 6442 6443 6444 static int 6445 sctp_chunk_retransmission(struct sctp_inpcb *inp, 6446 struct sctp_tcb *stcb, 6447 struct sctp_association *asoc, 6448 int *cnt_out, struct timeval *now, int *now_filled) 6449 { 6450 /* 6451 * send out one MTU of retransmission. 6452 * If fast_retransmit is happening we ignore the cwnd. 6453 * Otherwise we obey the cwnd and rwnd. 6454 * For a Cookie or Asconf in the control chunk queue we retransmit 6455 * them by themselves. 6456 * 6457 * For data chunks we will pick out the lowest TSN's in the 6458 * sent_queue marked for resend and bundle them all together 6459 * (up to a MTU of destination). The address to send to should 6460 * have been selected/changed where the retransmission was 6461 * marked (i.e. in FR or t3-timeout routines). 6462 */ 6463 struct sctp_tmit_chunk *data_list[SCTP_MAX_DATA_BUNDLING]; 6464 struct sctp_tmit_chunk *chk, *fwd; 6465 struct mbuf *m; 6466 struct sctphdr *shdr; 6467 int asconf; 6468 struct sctp_nets *net; 6469 int no_fragmentflg, bundle_at, cnt_thru; 6470 unsigned int mtu; 6471 int error, i, one_chunk, fwd_tsn, ctl_cnt, tmr_started; 6472 6473 tmr_started = ctl_cnt = bundle_at = error = 0; 6474 no_fragmentflg = 1; 6475 asconf = 0; 6476 fwd_tsn = 0; 6477 *cnt_out = 0; 6478 fwd = NULL; 6479 m = NULL; 6480 #ifdef SCTP_AUDITING_ENABLED 6481 sctp_audit_log(0xC3, 1); 6482 #endif 6483 if (TAILQ_EMPTY(&asoc->sent_queue)) { 6484 #ifdef SCTP_DEBUG 6485 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 6486 printf("SCTP hits empty queue with cnt set to %d?\n", 6487 asoc->sent_queue_retran_cnt); 6488 } 6489 #endif 6490 asoc->sent_queue_cnt = 0; 6491 asoc->sent_queue_cnt_removeable = 0; 6492 } 6493 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 6494 if (chk->sent != SCTP_DATAGRAM_RESEND) { 6495 /* we only worry about things marked for resend */ 6496 continue; 6497 } 6498 if ((chk->rec.chunk_id == SCTP_COOKIE_ECHO) || 6499 (chk->rec.chunk_id == SCTP_ASCONF) || 6500 (chk->rec.chunk_id == SCTP_STREAM_RESET) || 6501 (chk->rec.chunk_id == SCTP_FORWARD_CUM_TSN)) { 6502 if (chk->rec.chunk_id == SCTP_STREAM_RESET) { 6503 /* For stream reset we only retran the request 6504 * not the response. 6505 */ 6506 struct sctp_stream_reset_req *strreq; 6507 strreq = mtod(chk->data, struct sctp_stream_reset_req *); 6508 if (strreq->sr_req.ph.param_type != ntohs(SCTP_STR_RESET_REQUEST)) { 6509 continue; 6510 } 6511 } 6512 ctl_cnt++; 6513 if (chk->rec.chunk_id == SCTP_ASCONF) { 6514 no_fragmentflg = 1; 6515 asconf = 1; 6516 } 6517 if (chk->rec.chunk_id == SCTP_FORWARD_CUM_TSN) { 6518 fwd_tsn = 1; 6519 fwd = chk; 6520 } 6521 m = sctp_copy_mbufchain(chk->data, m); 6522 break; 6523 } 6524 } 6525 one_chunk = 0; 6526 cnt_thru = 0; 6527 /* do we have control chunks to retransmit? */ 6528 if (m != NULL) { 6529 /* Start a timer no matter if we suceed or fail */ 6530 if (chk->rec.chunk_id == SCTP_COOKIE_ECHO) { 6531 sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, chk->whoTo); 6532 } else if (chk->rec.chunk_id == SCTP_ASCONF) 6533 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, chk->whoTo); 6534 6535 if (m->m_len == 0) { 6536 /* Special case for when you get a 0 len 6537 * mbuf at the head due to the lack 6538 * of a MHDR at the beginning. 6539 */ 6540 m->m_len = sizeof(struct sctphdr); 6541 } else { 6542 M_PREPEND(m, sizeof(struct sctphdr), M_DONTWAIT); 6543 if (m == NULL) { 6544 return (ENOBUFS); 6545 } 6546 } 6547 shdr = mtod(m, struct sctphdr *); 6548 shdr->src_port = inp->sctp_lport; 6549 shdr->dest_port = stcb->rport; 6550 shdr->v_tag = htonl(stcb->asoc.peer_vtag); 6551 shdr->checksum = 0; 6552 chk->snd_count++; /* update our count */ 6553 6554 if ((error = sctp_lowlevel_chunk_output(inp, stcb, chk->whoTo, 6555 rtcache_getdst(&chk->whoTo->ro), m, 6556 no_fragmentflg, 0, NULL, asconf))) { 6557 sctp_pegs[SCTP_DATA_OUT_ERR]++; 6558 return (error); 6559 } 6560 /* 6561 *We don't want to mark the net->sent time here since this 6562 * we use this for HB and retrans cannot measure RTT 6563 */ 6564 /* SCTP_GETTIME_TIMEVAL(&chk->whoTo->last_sent_time);*/ 6565 *cnt_out += 1; 6566 chk->sent = SCTP_DATAGRAM_SENT; 6567 sctp_ucount_decr(asoc->sent_queue_retran_cnt); 6568 if (fwd_tsn == 0) { 6569 return (0); 6570 } else { 6571 /* Clean up the fwd-tsn list */ 6572 sctp_clean_up_ctl (asoc); 6573 return (0); 6574 } 6575 } 6576 /* Ok, it is just data retransmission we need to do or 6577 * that and a fwd-tsn with it all. 6578 */ 6579 if (TAILQ_EMPTY(&asoc->sent_queue)) { 6580 return (-1); 6581 } 6582 #ifdef SCTP_DEBUG 6583 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 6584 printf("Normal chunk retransmission cnt:%d\n", 6585 asoc->sent_queue_retran_cnt); 6586 } 6587 #endif 6588 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED) || 6589 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT)) { 6590 /* not yet open, resend the cookie and that is it */ 6591 return (1); 6592 } 6593 6594 6595 #ifdef SCTP_AUDITING_ENABLED 6596 sctp_auditing(20, inp, stcb, NULL); 6597 #endif 6598 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { 6599 if (chk->sent != SCTP_DATAGRAM_RESEND) { 6600 /* No, not sent to this net or not ready for rtx */ 6601 continue; 6602 6603 } 6604 /* pick up the net */ 6605 net = chk->whoTo; 6606 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 6607 mtu = (net->mtu - SCTP_MIN_OVERHEAD); 6608 } else { 6609 mtu = net->mtu- SCTP_MIN_V4_OVERHEAD; 6610 } 6611 6612 if ((asoc->peers_rwnd < mtu) && (asoc->total_flight > 0)) { 6613 /* No room in peers rwnd */ 6614 uint32_t tsn; 6615 tsn = asoc->last_acked_seq + 1; 6616 if (tsn == chk->rec.data.TSN_seq) { 6617 /* we make a special exception for this case. 6618 * The peer has no rwnd but is missing the 6619 * lowest chunk.. which is probably what is 6620 * holding up the rwnd. 6621 */ 6622 goto one_chunk_around; 6623 } 6624 #ifdef SCTP_DEBUG 6625 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 6626 printf("blocked-peers_rwnd:%d tf:%d\n", 6627 (int)asoc->peers_rwnd, 6628 (int)asoc->total_flight); 6629 } 6630 #endif 6631 sctp_pegs[SCTP_RWND_BLOCKED]++; 6632 return (1); 6633 } 6634 one_chunk_around: 6635 if (asoc->peers_rwnd < mtu) { 6636 one_chunk = 1; 6637 } 6638 #ifdef SCTP_AUDITING_ENABLED 6639 sctp_audit_log(0xC3, 2); 6640 #endif 6641 bundle_at = 0; 6642 m = NULL; 6643 net->fast_retran_ip = 0; 6644 if (chk->rec.data.doing_fast_retransmit == 0) { 6645 /* if no FR in progress skip destination that 6646 * have flight_size > cwnd. 6647 */ 6648 if (net->flight_size >= net->cwnd) { 6649 sctp_pegs[SCTP_CWND_BLOCKED]++; 6650 continue; 6651 } 6652 } else { 6653 /* Mark the destination net to have FR recovery 6654 * limits put on it. 6655 */ 6656 net->fast_retran_ip = 1; 6657 } 6658 6659 if ((chk->send_size <= mtu) || (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) { 6660 /* ok we will add this one */ 6661 m = sctp_copy_mbufchain(chk->data, m); 6662 if (m == NULL) { 6663 return (ENOMEM); 6664 } 6665 /* upate our MTU size */ 6666 /* Do clear IP_DF ? */ 6667 if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) { 6668 no_fragmentflg = 0; 6669 } 6670 mtu -= chk->send_size; 6671 data_list[bundle_at++] = chk; 6672 if (one_chunk && (asoc->total_flight <= 0)) { 6673 sctp_pegs[SCTP_WINDOW_PROBES]++; 6674 chk->rec.data.state_flags |= SCTP_WINDOW_PROBE; 6675 } 6676 } 6677 if (one_chunk == 0) { 6678 /* now are there anymore forward from chk to pick up?*/ 6679 fwd = TAILQ_NEXT(chk, sctp_next); 6680 while (fwd) { 6681 if (fwd->sent != SCTP_DATAGRAM_RESEND) { 6682 /* Nope, not for retran */ 6683 fwd = TAILQ_NEXT(fwd, sctp_next); 6684 continue; 6685 } 6686 if (fwd->whoTo != net) { 6687 /* Nope, not the net in question */ 6688 fwd = TAILQ_NEXT(fwd, sctp_next); 6689 continue; 6690 } 6691 if (fwd->send_size <= mtu) { 6692 m = sctp_copy_mbufchain(fwd->data, m); 6693 if (m == NULL) { 6694 return (ENOMEM); 6695 } 6696 /* upate our MTU size */ 6697 /* Do clear IP_DF ? */ 6698 if (fwd->flags & CHUNK_FLAGS_FRAGMENT_OK) { 6699 no_fragmentflg = 0; 6700 } 6701 mtu -= fwd->send_size; 6702 data_list[bundle_at++] = fwd; 6703 if (bundle_at >= SCTP_MAX_DATA_BUNDLING) { 6704 break; 6705 } 6706 fwd = TAILQ_NEXT(fwd, sctp_next); 6707 } else { 6708 /* can't fit so we are done */ 6709 break; 6710 } 6711 } 6712 } 6713 /* Is there something to send for this destination? */ 6714 if (m) { 6715 /* No matter if we fail/or suceed we should 6716 * start a timer. A failure is like a lost 6717 * IP packet :-) 6718 */ 6719 if (!callout_pending(&net->rxt_timer.timer)) { 6720 /* no timer running on this destination 6721 * restart it. 6722 */ 6723 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 6724 tmr_started = 1; 6725 } 6726 if (m->m_len == 0) { 6727 /* Special case for when you get a 0 len 6728 * mbuf at the head due to the lack 6729 * of a MHDR at the beginning. 6730 */ 6731 m->m_len = sizeof(struct sctphdr); 6732 } else { 6733 M_PREPEND(m, sizeof(struct sctphdr), M_DONTWAIT); 6734 if (m == NULL) { 6735 return (ENOBUFS); 6736 } 6737 } 6738 shdr = mtod(m, struct sctphdr *); 6739 shdr->src_port = inp->sctp_lport; 6740 shdr->dest_port = stcb->rport; 6741 shdr->v_tag = htonl(stcb->asoc.peer_vtag); 6742 shdr->checksum = 0; 6743 6744 /* Now lets send it, if there is anything to send :> */ 6745 if ((error = sctp_lowlevel_chunk_output(inp, stcb, net, 6746 rtcache_getdst(&net->ro), 6747 m, 6748 no_fragmentflg, 0, NULL, asconf))) { 6749 /* error, we could not output */ 6750 sctp_pegs[SCTP_DATA_OUT_ERR]++; 6751 return (error); 6752 } 6753 /* For HB's */ 6754 /* 6755 * We don't want to mark the net->sent time here since 6756 * this we use this for HB and retrans cannot measure 6757 * RTT 6758 */ 6759 /* SCTP_GETTIME_TIMEVAL(&net->last_sent_time);*/ 6760 6761 /* For auto-close */ 6762 cnt_thru++; 6763 if (*now_filled == 0) { 6764 SCTP_GETTIME_TIMEVAL(&asoc->time_last_sent); 6765 *now = asoc->time_last_sent; 6766 *now_filled = 1; 6767 } else { 6768 asoc->time_last_sent = *now; 6769 } 6770 *cnt_out += bundle_at; 6771 #ifdef SCTP_AUDITING_ENABLED 6772 sctp_audit_log(0xC4, bundle_at); 6773 #endif 6774 for (i = 0; i < bundle_at; i++) { 6775 sctp_pegs[SCTP_RETRANTSN_SENT]++; 6776 data_list[i]->sent = SCTP_DATAGRAM_SENT; 6777 data_list[i]->snd_count++; 6778 sctp_ucount_decr(asoc->sent_queue_retran_cnt); 6779 /* record the time */ 6780 data_list[i]->sent_rcv_time = asoc->time_last_sent; 6781 net->flight_size += data_list[i]->book_size; 6782 asoc->total_flight += data_list[i]->book_size; 6783 asoc->total_flight_count++; 6784 6785 #ifdef SCTP_LOG_RWND 6786 sctp_log_rwnd(SCTP_DECREASE_PEER_RWND, 6787 asoc->peers_rwnd , data_list[i]->send_size, sctp_peer_chunk_oh); 6788 #endif 6789 asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd, 6790 (u_int32_t)(data_list[i]->send_size + sctp_peer_chunk_oh)); 6791 if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) { 6792 /* SWS sender side engages */ 6793 asoc->peers_rwnd = 0; 6794 } 6795 6796 if ((i == 0) && 6797 (data_list[i]->rec.data.doing_fast_retransmit)) { 6798 sctp_pegs[SCTP_FAST_RETRAN]++; 6799 if ((data_list[i] == TAILQ_FIRST(&asoc->sent_queue)) && 6800 (tmr_started == 0)) { 6801 /* 6802 * ok we just fast-retrans'd 6803 * the lowest TSN, i.e the 6804 * first on the list. In this 6805 * case we want to give some 6806 * more time to get a SACK 6807 * back without a t3-expiring. 6808 */ 6809 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 6810 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net); 6811 } 6812 } 6813 } 6814 #ifdef SCTP_AUDITING_ENABLED 6815 sctp_auditing(21, inp, stcb, NULL); 6816 #endif 6817 } else { 6818 /* None will fit */ 6819 return (1); 6820 } 6821 if (asoc->sent_queue_retran_cnt <= 0) { 6822 /* all done we have no more to retran */ 6823 asoc->sent_queue_retran_cnt = 0; 6824 break; 6825 } 6826 if (one_chunk) { 6827 /* No more room in rwnd */ 6828 return (1); 6829 } 6830 /* stop the for loop here. we sent out a packet */ 6831 break; 6832 } 6833 return (0); 6834 } 6835 6836 6837 static int 6838 sctp_timer_validation(struct sctp_inpcb *inp, 6839 struct sctp_tcb *stcb, 6840 struct sctp_association *asoc, 6841 int ret) 6842 { 6843 struct sctp_nets *net; 6844 /* Validate that a timer is running somewhere */ 6845 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 6846 if (callout_pending(&net->rxt_timer.timer)) { 6847 /* Here is a timer */ 6848 return (ret); 6849 } 6850 } 6851 /* Gak, we did not have a timer somewhere */ 6852 #ifdef SCTP_DEBUG 6853 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 6854 printf("Deadlock avoided starting timer on a dest at retran\n"); 6855 } 6856 #endif 6857 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, asoc->primary_destination); 6858 return (ret); 6859 } 6860 6861 int 6862 sctp_chunk_output(struct sctp_inpcb *inp, 6863 struct sctp_tcb *stcb, 6864 int from_where) 6865 { 6866 /* Ok this is the generic chunk service queue. 6867 * we must do the following: 6868 * - See if there are retransmits pending, if so we 6869 * must do these first and return. 6870 * - Service the stream queue that is next, 6871 * moving any message (note I must get a complete 6872 * message i.e. FIRST/MIDDLE and LAST to the out 6873 * queue in one pass) and assigning TSN's 6874 * - Check to see if the cwnd/rwnd allows any output, if 6875 * so we go ahead and fomulate and send the low level 6876 * chunks. Making sure to combine any control in the 6877 * control chunk queue also. 6878 */ 6879 struct sctp_association *asoc; 6880 struct sctp_nets *net; 6881 int error, num_out, tot_out, ret, reason_code, burst_cnt, burst_limit; 6882 struct timeval now; 6883 int now_filled=0; 6884 int cwnd_full=0; 6885 asoc = &stcb->asoc; 6886 tot_out = 0; 6887 num_out = 0; 6888 reason_code = 0; 6889 sctp_pegs[SCTP_CALLS_TO_CO]++; 6890 #ifdef SCTP_DEBUG 6891 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 6892 printf("in co - retran count:%d\n", asoc->sent_queue_retran_cnt); 6893 } 6894 #endif 6895 while (asoc->sent_queue_retran_cnt) { 6896 /* Ok, it is retransmission time only, we send out only ONE 6897 * packet with a single call off to the retran code. 6898 */ 6899 ret = sctp_chunk_retransmission(inp, stcb, asoc, &num_out, &now, &now_filled); 6900 if (ret > 0) { 6901 /* Can't send anymore */ 6902 #ifdef SCTP_DEBUG 6903 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 6904 printf("retransmission ret:%d -- full\n", ret); 6905 } 6906 #endif 6907 /* 6908 * now lets push out control by calling med-level 6909 * output once. this assures that we WILL send HB's 6910 * if queued too. 6911 */ 6912 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, 6913 &cwnd_full, from_where, 6914 &now, &now_filled); 6915 #ifdef SCTP_DEBUG 6916 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 6917 printf("Control send outputs:%d@full\n", num_out); 6918 } 6919 #endif 6920 #ifdef SCTP_AUDITING_ENABLED 6921 sctp_auditing(8, inp, stcb, NULL); 6922 #endif 6923 return (sctp_timer_validation(inp, stcb, asoc, ret)); 6924 } 6925 if (ret < 0) { 6926 /* 6927 * The count was off.. retran is not happening so do 6928 * the normal retransmission. 6929 */ 6930 #ifdef SCTP_DEBUG 6931 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 6932 printf("Done with retrans, none left fill up window\n"); 6933 } 6934 #endif 6935 #ifdef SCTP_AUDITING_ENABLED 6936 sctp_auditing(9, inp, stcb, NULL); 6937 #endif 6938 break; 6939 } 6940 if (from_where == 1) { 6941 /* Only one transmission allowed out of a timeout */ 6942 #ifdef SCTP_DEBUG 6943 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 6944 printf("Only one packet allowed out\n"); 6945 } 6946 #endif 6947 #ifdef SCTP_AUDITING_ENABLED 6948 sctp_auditing(10, inp, stcb, NULL); 6949 #endif 6950 /* Push out any control */ 6951 (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, &cwnd_full, from_where, 6952 &now, &now_filled); 6953 return (ret); 6954 } 6955 if ((num_out == 0) && (ret == 0)) { 6956 /* No more retrans to send */ 6957 break; 6958 } 6959 } 6960 #ifdef SCTP_AUDITING_ENABLED 6961 sctp_auditing(12, inp, stcb, NULL); 6962 #endif 6963 /* Check for bad destinations, if they exist move chunks around. */ 6964 burst_limit = asoc->max_burst; 6965 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 6966 if ((net->dest_state & SCTP_ADDR_NOT_REACHABLE) == 6967 SCTP_ADDR_NOT_REACHABLE) { 6968 /* 6969 * if possible move things off of this address 6970 * we still may send below due to the dormant state 6971 * but we try to find an alternate address to send 6972 * to and if we have one we move all queued data on 6973 * the out wheel to this alternate address. 6974 */ 6975 sctp_move_to_an_alt(stcb, asoc, net); 6976 } else { 6977 /* 6978 if ((asoc->sat_network) || (net->addr_is_local)) { 6979 burst_limit = asoc->max_burst * SCTP_SAT_NETWORK_BURST_INCR; 6980 } 6981 */ 6982 #ifdef SCTP_DEBUG 6983 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 6984 printf("examined net:%p burst limit:%d\n", net, asoc->max_burst); 6985 } 6986 #endif 6987 6988 #ifdef SCTP_USE_ALLMAN_BURST 6989 if ((net->flight_size+(burst_limit*net->mtu)) < net->cwnd) { 6990 if (net->ssthresh < net->cwnd) 6991 net->ssthresh = net->cwnd; 6992 net->cwnd = (net->flight_size+(burst_limit*net->mtu)); 6993 #ifdef SCTP_LOG_MAXBURST 6994 sctp_log_maxburst(net, 0, burst_limit, SCTP_MAX_BURST_APPLIED); 6995 #endif 6996 sctp_pegs[SCTP_MAX_BURST_APL]++; 6997 } 6998 net->fast_retran_ip = 0; 6999 #endif 7000 } 7001 7002 } 7003 /* Fill up what we can to the destination */ 7004 burst_cnt = 0; 7005 cwnd_full = 0; 7006 do { 7007 #ifdef SCTP_DEBUG 7008 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 7009 printf("Burst count:%d - call m-c-o\n", burst_cnt); 7010 } 7011 #endif 7012 error = sctp_med_chunk_output(inp, stcb, asoc, &num_out, 7013 &reason_code, 0, &cwnd_full, from_where, 7014 &now, &now_filled); 7015 if (error) { 7016 #ifdef SCTP_DEBUG 7017 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 7018 printf("Error %d was returned from med-c-op\n", error); 7019 } 7020 #endif 7021 #ifdef SCTP_LOG_MAXBURST 7022 sctp_log_maxburst(asoc->primary_destination, error , burst_cnt, SCTP_MAX_BURST_ERROR_STOP); 7023 #endif 7024 break; 7025 } 7026 #ifdef SCTP_DEBUG 7027 if (sctp_debug_on & SCTP_DEBUG_OUTPUT3) { 7028 printf("m-c-o put out %d\n", num_out); 7029 } 7030 #endif 7031 tot_out += num_out; 7032 burst_cnt++; 7033 } while (num_out 7034 #ifndef SCTP_USE_ALLMAN_BURST 7035 && (burst_cnt < burst_limit) 7036 #endif 7037 ); 7038 #ifndef SCTP_USE_ALLMAN_BURST 7039 if (burst_cnt >= burst_limit) { 7040 sctp_pegs[SCTP_MAX_BURST_APL]++; 7041 asoc->burst_limit_applied = 1; 7042 #ifdef SCTP_LOG_MAXBURST 7043 sctp_log_maxburst(asoc->primary_destination, 0 , burst_cnt, SCTP_MAX_BURST_APPLIED); 7044 #endif 7045 } else { 7046 asoc->burst_limit_applied = 0; 7047 } 7048 #endif 7049 7050 #ifdef SCTP_DEBUG 7051 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 7052 printf("Ok, we have put out %d chunks\n", tot_out); 7053 } 7054 #endif 7055 if (tot_out == 0) { 7056 sctp_pegs[SCTP_CO_NODATASNT]++; 7057 if (asoc->stream_queue_cnt > 0) { 7058 sctp_pegs[SCTP_SOS_NOSNT]++; 7059 } else { 7060 sctp_pegs[SCTP_NOS_NOSNT]++; 7061 } 7062 if (asoc->send_queue_cnt > 0) { 7063 sctp_pegs[SCTP_SOSE_NOSNT]++; 7064 } else { 7065 sctp_pegs[SCTP_NOSE_NOSNT]++; 7066 } 7067 } 7068 /* Now we need to clean up the control chunk chain if 7069 * a ECNE is on it. It must be marked as UNSENT again 7070 * so next call will continue to send it until 7071 * such time that we get a CWR, to remove it. 7072 */ 7073 sctp_fix_ecn_echo(asoc); 7074 return (error); 7075 } 7076 7077 7078 int 7079 sctp_output(struct sctp_inpcb *inp, struct mbuf *m, 7080 struct sockaddr *addr, struct mbuf *control, struct lwp *l, int flags) 7081 { 7082 struct sctp_inpcb *t_inp; 7083 struct sctp_tcb *stcb; 7084 struct sctp_nets *net; 7085 struct sctp_association *asoc; 7086 int create_lock_applied = 0; 7087 int queue_only, error = 0; 7088 struct sctp_sndrcvinfo srcv; 7089 int un_sent = 0; 7090 int use_rcvinfo = 0; 7091 t_inp = inp; 7092 /* struct route ro;*/ 7093 7094 queue_only = 0; 7095 stcb = NULL; 7096 asoc = NULL; 7097 net = NULL; 7098 7099 #ifdef SCTP_DEBUG 7100 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 7101 printf("USR Send BEGINS\n"); 7102 } 7103 #endif 7104 7105 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 7106 (inp->sctp_flags & SCTP_PCB_FLAGS_ACCEPTING)) { 7107 /* The listner can NOT send */ 7108 if (control) { 7109 sctppcbinfo.mbuf_track--; 7110 sctp_m_freem(control); 7111 control = NULL; 7112 } 7113 sctp_m_freem(m); 7114 return (EFAULT); 7115 } 7116 /* Can't allow a V6 address on a non-v6 socket */ 7117 if (addr) { 7118 SCTP_ASOC_CREATE_LOCK(inp); 7119 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 7120 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { 7121 /* Should I really unlock ? */ 7122 SCTP_ASOC_CREATE_UNLOCK(inp); 7123 if (control) { 7124 sctppcbinfo.mbuf_track--; 7125 sctp_m_freem(control); 7126 control = NULL; 7127 } 7128 sctp_m_freem(m); 7129 return (EFAULT); 7130 } 7131 create_lock_applied = 1; 7132 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) && 7133 (addr->sa_family == AF_INET6)) { 7134 SCTP_ASOC_CREATE_UNLOCK(inp); 7135 if (control) { 7136 sctppcbinfo.mbuf_track--; 7137 sctp_m_freem(control); 7138 control = NULL; 7139 } 7140 sctp_m_freem(m); 7141 return (EINVAL); 7142 } 7143 } 7144 if (control) { 7145 sctppcbinfo.mbuf_track++; 7146 if (sctp_find_cmsg(SCTP_SNDRCV, (void *)&srcv, control, 7147 sizeof(srcv))) { 7148 if (srcv.sinfo_flags & MSG_SENDALL) { 7149 /* its a sendall */ 7150 sctppcbinfo.mbuf_track--; 7151 sctp_m_freem(control); 7152 if (create_lock_applied) { 7153 SCTP_ASOC_CREATE_UNLOCK(inp); 7154 create_lock_applied = 0; 7155 } 7156 return (sctp_sendall(inp, NULL, m, &srcv)); 7157 } 7158 if (srcv.sinfo_assoc_id) { 7159 if (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) { 7160 SCTP_INP_RLOCK(inp); 7161 stcb = LIST_FIRST(&inp->sctp_asoc_list); 7162 if (stcb) { 7163 SCTP_TCB_LOCK(stcb); 7164 } 7165 SCTP_INP_RUNLOCK(inp); 7166 7167 if (stcb == NULL) { 7168 if (create_lock_applied) { 7169 SCTP_ASOC_CREATE_UNLOCK(inp); 7170 create_lock_applied = 0; 7171 } 7172 sctppcbinfo.mbuf_track--; 7173 sctp_m_freem(control); 7174 sctp_m_freem(m); 7175 return (ENOTCONN); 7176 } 7177 net = stcb->asoc.primary_destination; 7178 } else { 7179 stcb = sctp_findassociation_ep_asocid(inp, srcv.sinfo_assoc_id); 7180 } 7181 /* 7182 * Question: Should I error here if the 7183 7184 * assoc_id is no longer valid? 7185 * i.e. I can't find it? 7186 */ 7187 if ((stcb) && 7188 (addr != NULL)) { 7189 /* Must locate the net structure */ 7190 if (addr) 7191 net = sctp_findnet(stcb, addr); 7192 } 7193 if (net == NULL) 7194 net = stcb->asoc.primary_destination; 7195 } 7196 use_rcvinfo = 1; 7197 } 7198 } 7199 if (stcb == NULL) { 7200 if (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) { 7201 SCTP_INP_RLOCK(inp); 7202 stcb = LIST_FIRST(&inp->sctp_asoc_list); 7203 if (stcb) { 7204 SCTP_TCB_LOCK(stcb); 7205 } 7206 SCTP_INP_RUNLOCK(inp); 7207 if (stcb == NULL) { 7208 if (create_lock_applied) { 7209 SCTP_ASOC_CREATE_UNLOCK(inp); 7210 create_lock_applied = 0; 7211 } 7212 if (control) { 7213 sctppcbinfo.mbuf_track--; 7214 sctp_m_freem(control); 7215 control = NULL; 7216 } 7217 sctp_m_freem(m); 7218 return (ENOTCONN); 7219 } 7220 if (addr == NULL) { 7221 net = stcb->asoc.primary_destination; 7222 } else { 7223 net = sctp_findnet(stcb, addr); 7224 if (net == NULL) { 7225 net = stcb->asoc.primary_destination; 7226 } 7227 } 7228 } else { 7229 if (addr != NULL) { 7230 SCTP_INP_WLOCK(inp); 7231 SCTP_INP_INCR_REF(inp); 7232 SCTP_INP_WUNLOCK(inp); 7233 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 7234 if (stcb == NULL) { 7235 SCTP_INP_WLOCK(inp); 7236 SCTP_INP_DECR_REF(inp); 7237 SCTP_INP_WUNLOCK(inp); 7238 } 7239 } 7240 } 7241 } 7242 if ((stcb == NULL) && 7243 (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)) { 7244 if (control) { 7245 sctppcbinfo.mbuf_track--; 7246 sctp_m_freem(control); 7247 control = NULL; 7248 } 7249 if (create_lock_applied) { 7250 SCTP_ASOC_CREATE_UNLOCK(inp); 7251 create_lock_applied = 0; 7252 } 7253 sctp_m_freem(m); 7254 return (ENOTCONN); 7255 } else if ((stcb == NULL) && 7256 (addr == NULL)) { 7257 if (control) { 7258 sctppcbinfo.mbuf_track--; 7259 sctp_m_freem(control); 7260 control = NULL; 7261 } 7262 if (create_lock_applied) { 7263 SCTP_ASOC_CREATE_UNLOCK(inp); 7264 create_lock_applied = 0; 7265 } 7266 sctp_m_freem(m); 7267 return (ENOENT); 7268 } else if (stcb == NULL) { 7269 /* UDP mode, we must go ahead and start the INIT process */ 7270 if ((use_rcvinfo) && (srcv.sinfo_flags & MSG_ABORT)) { 7271 /* Strange user to do this */ 7272 if (control) { 7273 sctppcbinfo.mbuf_track--; 7274 sctp_m_freem(control); 7275 control = NULL; 7276 } 7277 if (create_lock_applied) { 7278 SCTP_ASOC_CREATE_UNLOCK(inp); 7279 create_lock_applied = 0; 7280 } 7281 sctp_m_freem(m); 7282 return (ENOENT); 7283 } 7284 stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0); 7285 if (stcb == NULL) { 7286 if (control) { 7287 sctppcbinfo.mbuf_track--; 7288 sctp_m_freem(control); 7289 control = NULL; 7290 } 7291 if (create_lock_applied) { 7292 SCTP_ASOC_CREATE_UNLOCK(inp); 7293 create_lock_applied = 0; 7294 } 7295 sctp_m_freem(m); 7296 return (error); 7297 } 7298 if (create_lock_applied) { 7299 SCTP_ASOC_CREATE_UNLOCK(inp); 7300 create_lock_applied = 0; 7301 } else { 7302 printf("Huh-1, create lock should have been applied!\n"); 7303 } 7304 queue_only = 1; 7305 asoc = &stcb->asoc; 7306 asoc->state = SCTP_STATE_COOKIE_WAIT; 7307 SCTP_GETTIME_TIMEVAL(&asoc->time_entered); 7308 if (control) { 7309 /* see if a init structure exists in cmsg headers */ 7310 struct sctp_initmsg initm; 7311 int i; 7312 if (sctp_find_cmsg(SCTP_INIT, (void *)&initm, control, 7313 sizeof(initm))) { 7314 /* we have an INIT override of the default */ 7315 if (initm.sinit_max_attempts) 7316 asoc->max_init_times = initm.sinit_max_attempts; 7317 if (initm.sinit_num_ostreams) 7318 asoc->pre_open_streams = initm.sinit_num_ostreams; 7319 if (initm.sinit_max_instreams) 7320 asoc->max_inbound_streams = initm.sinit_max_instreams; 7321 if (initm.sinit_max_init_timeo) 7322 asoc->initial_init_rto_max = initm.sinit_max_init_timeo; 7323 } 7324 if (asoc->streamoutcnt < asoc->pre_open_streams) { 7325 /* Default is NOT correct */ 7326 #ifdef SCTP_DEBUG 7327 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 7328 printf("Ok, defout:%d pre_open:%d\n", 7329 asoc->streamoutcnt, asoc->pre_open_streams); 7330 } 7331 #endif 7332 free(asoc->strmout, M_PCB); 7333 asoc->strmout = NULL; 7334 asoc->streamoutcnt = asoc->pre_open_streams; 7335 asoc->strmout = malloc(asoc->streamoutcnt * 7336 sizeof(struct sctp_stream_out), M_PCB, 7337 M_WAIT); 7338 for (i = 0; i < asoc->streamoutcnt; i++) { 7339 /* 7340 * inbound side must be set to 0xffff, 7341 * also NOTE when we get the INIT-ACK 7342 * back (for INIT sender) we MUST 7343 * reduce the count (streamoutcnt) but 7344 * first check if we sent to any of the 7345 * upper streams that were dropped (if 7346 * some were). Those that were dropped 7347 * must be notified to the upper layer 7348 * as failed to send. 7349 */ 7350 asoc->strmout[i].next_sequence_sent = 0x0; 7351 TAILQ_INIT(&asoc->strmout[i].outqueue); 7352 asoc->strmout[i].stream_no = i; 7353 asoc->strmout[i].next_spoke.tqe_next = 0; 7354 asoc->strmout[i].next_spoke.tqe_prev = 0; 7355 } 7356 } 7357 } 7358 sctp_send_initiate(inp, stcb); 7359 /* 7360 * we may want to dig in after this call and adjust the MTU 7361 * value. It defaulted to 1500 (constant) but the ro structure 7362 * may now have an update and thus we may need to change it 7363 * BEFORE we append the message. 7364 */ 7365 net = stcb->asoc.primary_destination; 7366 } else { 7367 if (create_lock_applied) { 7368 SCTP_ASOC_CREATE_UNLOCK(inp); 7369 create_lock_applied = 0; 7370 } 7371 asoc = &stcb->asoc; 7372 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 7373 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 7374 queue_only = 1; 7375 } 7376 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 7377 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 7378 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 7379 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 7380 if (control) { 7381 sctppcbinfo.mbuf_track--; 7382 sctp_m_freem(control); 7383 control = NULL; 7384 } 7385 if ((use_rcvinfo) && 7386 (srcv.sinfo_flags & MSG_ABORT)) { 7387 sctp_msg_append(stcb, net, m, &srcv, flags); 7388 error = 0; 7389 } else { 7390 if (m) 7391 sctp_m_freem(m); 7392 error = ECONNRESET; 7393 } 7394 SCTP_TCB_UNLOCK(stcb); 7395 return (error); 7396 } 7397 } 7398 if (create_lock_applied) { 7399 /* we should never hit here with the create lock applied 7400 * 7401 */ 7402 SCTP_ASOC_CREATE_UNLOCK(inp); 7403 create_lock_applied = 0; 7404 } 7405 7406 7407 if (use_rcvinfo == 0) { 7408 srcv = stcb->asoc.def_send; 7409 } 7410 #ifdef SCTP_DEBUG 7411 else { 7412 if (sctp_debug_on & SCTP_DEBUG_OUTPUT5) { 7413 printf("stream:%d\n", srcv.sinfo_stream); 7414 printf("flags:%x\n", (u_int)srcv.sinfo_flags); 7415 printf("ppid:%d\n", srcv.sinfo_ppid); 7416 printf("context:%d\n", srcv.sinfo_context); 7417 } 7418 } 7419 #endif 7420 if (control) { 7421 sctppcbinfo.mbuf_track--; 7422 sctp_m_freem(control); 7423 control = NULL; 7424 } 7425 if (net && ((srcv.sinfo_flags & MSG_ADDR_OVER))) { 7426 /* we take the override or the unconfirmed */ 7427 ; 7428 } else { 7429 net = stcb->asoc.primary_destination; 7430 } 7431 if ((error = sctp_msg_append(stcb, net, m, &srcv, flags))) { 7432 SCTP_TCB_UNLOCK(stcb); 7433 return (error); 7434 } 7435 if (net->flight_size > net->cwnd) { 7436 sctp_pegs[SCTP_SENDTO_FULL_CWND]++; 7437 queue_only = 1; 7438 } else if (asoc->ifp_had_enobuf) { 7439 sctp_pegs[SCTP_QUEONLY_BURSTLMT]++; 7440 queue_only = 1; 7441 } else { 7442 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 7443 ((stcb->asoc.chunks_on_out_queue - stcb->asoc.total_flight_count) * sizeof(struct sctp_data_chunk)) + 7444 SCTP_MED_OVERHEAD); 7445 7446 if (((inp->sctp_flags & SCTP_PCB_FLAGS_NODELAY) == 0) && 7447 (stcb->asoc.total_flight > 0) && 7448 (un_sent < (int)stcb->asoc.smallest_mtu) 7449 ) { 7450 7451 /* Ok, Nagle is set on and we have 7452 * data outstanding. Don't send anything 7453 * and let the SACK drive out the data. 7454 */ 7455 sctp_pegs[SCTP_NAGLE_NOQ]++; 7456 queue_only = 1; 7457 } else { 7458 sctp_pegs[SCTP_NAGLE_OFF]++; 7459 } 7460 } 7461 if ((queue_only == 0) && stcb->asoc.peers_rwnd) { 7462 /* we can attempt to send too.*/ 7463 #ifdef SCTP_DEBUG 7464 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 7465 printf("USR Send calls sctp_chunk_output\n"); 7466 } 7467 #endif 7468 #ifdef SCTP_AUDITING_ENABLED 7469 sctp_audit_log(0xC0, 1); 7470 sctp_auditing(6, inp, stcb, net); 7471 #endif 7472 sctp_pegs[SCTP_OUTPUT_FRM_SND]++; 7473 sctp_chunk_output(inp, stcb, 0); 7474 #ifdef SCTP_AUDITING_ENABLED 7475 sctp_audit_log(0xC0, 2); 7476 sctp_auditing(7, inp, stcb, net); 7477 #endif 7478 7479 } 7480 #ifdef SCTP_DEBUG 7481 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 7482 printf("USR Send complete qo:%d prw:%d\n", queue_only, stcb->asoc.peers_rwnd); 7483 } 7484 #endif 7485 SCTP_TCB_UNLOCK(stcb); 7486 return (0); 7487 } 7488 7489 void 7490 send_forward_tsn(struct sctp_tcb *stcb, 7491 struct sctp_association *asoc) 7492 { 7493 struct sctp_tmit_chunk *chk; 7494 struct sctp_forward_tsn_chunk *fwdtsn; 7495 7496 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 7497 if (chk->rec.chunk_id == SCTP_FORWARD_CUM_TSN) { 7498 /* mark it to unsent */ 7499 chk->sent = SCTP_DATAGRAM_UNSENT; 7500 chk->snd_count = 0; 7501 /* Do we correct its output location? */ 7502 if (chk->whoTo != asoc->primary_destination) { 7503 sctp_free_remote_addr(chk->whoTo); 7504 chk->whoTo = asoc->primary_destination; 7505 chk->whoTo->ref_count++; 7506 } 7507 goto sctp_fill_in_rest; 7508 } 7509 } 7510 /* Ok if we reach here we must build one */ 7511 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 7512 if (chk == NULL) { 7513 return; 7514 } 7515 sctppcbinfo.ipi_count_chunk++; 7516 sctppcbinfo.ipi_gencnt_chunk++; 7517 chk->rec.chunk_id = SCTP_FORWARD_CUM_TSN; 7518 chk->asoc = asoc; 7519 MGETHDR(chk->data, M_DONTWAIT, MT_DATA); 7520 if (chk->data == NULL) { 7521 chk->whoTo->ref_count--; 7522 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 7523 sctppcbinfo.ipi_count_chunk--; 7524 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 7525 panic("Chunk count is negative"); 7526 } 7527 sctppcbinfo.ipi_gencnt_chunk++; 7528 return; 7529 } 7530 chk->data->m_data += SCTP_MIN_OVERHEAD; 7531 chk->sent = SCTP_DATAGRAM_UNSENT; 7532 chk->snd_count = 0; 7533 chk->whoTo = asoc->primary_destination; 7534 chk->whoTo->ref_count++; 7535 TAILQ_INSERT_TAIL(&asoc->control_send_queue, chk, sctp_next); 7536 asoc->ctrl_queue_cnt++; 7537 sctp_fill_in_rest: 7538 /* Here we go through and fill out the part that 7539 * deals with stream/seq of the ones we skip. 7540 */ 7541 chk->data->m_pkthdr.len = chk->data->m_len = 0; 7542 { 7543 struct sctp_tmit_chunk *at, *tp1, *last; 7544 struct sctp_strseq *strseq; 7545 unsigned int cnt_of_space, i, ovh; 7546 unsigned int space_needed; 7547 unsigned int cnt_of_skipped = 0; 7548 TAILQ_FOREACH(at, &asoc->sent_queue, sctp_next) { 7549 if (at->sent != SCTP_FORWARD_TSN_SKIP) { 7550 /* no more to look at */ 7551 break; 7552 } 7553 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 7554 /* We don't report these */ 7555 continue; 7556 } 7557 cnt_of_skipped++; 7558 } 7559 space_needed = (sizeof(struct sctp_forward_tsn_chunk) + 7560 (cnt_of_skipped * sizeof(struct sctp_strseq))); 7561 if ((M_TRAILINGSPACE(chk->data) < (int)space_needed) && 7562 ((chk->data->m_flags & M_EXT) == 0)) { 7563 /* Need a M_EXT, get one and move 7564 * fwdtsn to data area. 7565 */ 7566 MCLGET(chk->data, M_DONTWAIT); 7567 } 7568 cnt_of_space = M_TRAILINGSPACE(chk->data); 7569 7570 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 7571 ovh = SCTP_MIN_OVERHEAD; 7572 } else { 7573 ovh = SCTP_MIN_V4_OVERHEAD; 7574 } 7575 if (cnt_of_space > (asoc->smallest_mtu-ovh)) { 7576 /* trim to a mtu size */ 7577 cnt_of_space = asoc->smallest_mtu - ovh; 7578 } 7579 if (cnt_of_space < space_needed) { 7580 /* ok we must trim down the chunk by lowering 7581 * the advance peer ack point. 7582 */ 7583 cnt_of_skipped = (cnt_of_space- 7584 ((sizeof(struct sctp_forward_tsn_chunk))/ 7585 sizeof(struct sctp_strseq))); 7586 /* Go through and find the TSN that 7587 * will be the one we report. 7588 */ 7589 at = TAILQ_FIRST(&asoc->sent_queue); 7590 for (i = 0; i < cnt_of_skipped; i++) { 7591 tp1 = TAILQ_NEXT(at, sctp_next); 7592 at = tp1; 7593 } 7594 last = at; 7595 /* last now points to last one I can report, update peer ack point */ 7596 asoc->advanced_peer_ack_point = last->rec.data.TSN_seq; 7597 space_needed -= (cnt_of_skipped * sizeof(struct sctp_strseq)); 7598 } 7599 chk->send_size = space_needed; 7600 /* Setup the chunk */ 7601 fwdtsn = mtod(chk->data, struct sctp_forward_tsn_chunk *); 7602 fwdtsn->ch.chunk_length = htons(chk->send_size); 7603 fwdtsn->ch.chunk_flags = 0; 7604 fwdtsn->ch.chunk_type = SCTP_FORWARD_CUM_TSN; 7605 fwdtsn->new_cumulative_tsn = htonl(asoc->advanced_peer_ack_point); 7606 chk->send_size = (sizeof(struct sctp_forward_tsn_chunk) + 7607 (cnt_of_skipped * sizeof(struct sctp_strseq))); 7608 chk->data->m_pkthdr.len = chk->data->m_len = chk->send_size; 7609 fwdtsn++; 7610 /* Move pointer to after the fwdtsn and transfer to 7611 * the strseq pointer. 7612 */ 7613 strseq = (struct sctp_strseq *)fwdtsn; 7614 /* 7615 * Now populate the strseq list. This is done blindly 7616 * without pulling out duplicate stream info. This is 7617 * inefficent but won't harm the process since the peer 7618 * will look at these in sequence and will thus release 7619 * anything. It could mean we exceed the PMTU and chop 7620 * off some that we could have included.. but this is 7621 * unlikely (aka 1432/4 would mean 300+ stream seq's would 7622 * have to be reported in one FWD-TSN. With a bit of work 7623 * we can later FIX this to optimize and pull out duplcates.. 7624 * but it does add more overhead. So for now... not! 7625 */ 7626 at = TAILQ_FIRST(&asoc->sent_queue); 7627 for (i = 0; i < cnt_of_skipped; i++) { 7628 tp1 = TAILQ_NEXT(at, sctp_next); 7629 if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) { 7630 /* We don't report these */ 7631 i--; 7632 at = tp1; 7633 continue; 7634 } 7635 strseq->stream = ntohs(at->rec.data.stream_number); 7636 strseq->sequence = ntohs(at->rec.data.stream_seq); 7637 strseq++; 7638 at = tp1; 7639 } 7640 } 7641 return; 7642 7643 } 7644 7645 void 7646 sctp_send_sack(struct sctp_tcb *stcb) 7647 { 7648 /* 7649 * Queue up a SACK in the control queue. We must first check to 7650 * see if a SACK is somehow on the control queue. If so, we will 7651 * take and and remove the old one. 7652 */ 7653 struct sctp_association *asoc; 7654 struct sctp_tmit_chunk *chk, *a_chk; 7655 struct sctp_sack_chunk *sack; 7656 struct sctp_gap_ack_block *gap_descriptor; 7657 uint32_t *dup; 7658 int start; 7659 unsigned int i, maxi, seeing_ones, m_size; 7660 unsigned int num_gap_blocks, space; 7661 7662 start = maxi = 0; 7663 seeing_ones = 1; 7664 a_chk = NULL; 7665 asoc = &stcb->asoc; 7666 if (asoc->last_data_chunk_from == NULL) { 7667 /* Hmm we never received anything */ 7668 return; 7669 } 7670 sctp_set_rwnd(stcb, asoc); 7671 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 7672 if (chk->rec.chunk_id == SCTP_SELECTIVE_ACK) { 7673 /* Hmm, found a sack already on queue, remove it */ 7674 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 7675 asoc->ctrl_queue_cnt++; 7676 a_chk = chk; 7677 if (a_chk->data) 7678 sctp_m_freem(a_chk->data); 7679 a_chk->data = NULL; 7680 sctp_free_remote_addr(a_chk->whoTo); 7681 a_chk->whoTo = NULL; 7682 break; 7683 } 7684 } 7685 if (a_chk == NULL) { 7686 a_chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 7687 if (a_chk == NULL) { 7688 /* No memory so we drop the idea, and set a timer */ 7689 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 7690 stcb->sctp_ep, stcb, NULL); 7691 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 7692 stcb->sctp_ep, stcb, NULL); 7693 return; 7694 } 7695 sctppcbinfo.ipi_count_chunk++; 7696 sctppcbinfo.ipi_gencnt_chunk++; 7697 a_chk->rec.chunk_id = SCTP_SELECTIVE_ACK; 7698 } 7699 a_chk->asoc = asoc; 7700 a_chk->snd_count = 0; 7701 a_chk->send_size = 0; /* fill in later */ 7702 a_chk->sent = SCTP_DATAGRAM_UNSENT; 7703 m_size = (asoc->mapping_array_size << 3); 7704 7705 if ((asoc->numduptsns) || 7706 (asoc->last_data_chunk_from->dest_state & SCTP_ADDR_NOT_REACHABLE) 7707 ) { 7708 /* Ok, we have some duplicates or the destination for the 7709 * sack is unreachable, lets see if we can select an alternate 7710 * than asoc->last_data_chunk_from 7711 */ 7712 if ((!(asoc->last_data_chunk_from->dest_state & 7713 SCTP_ADDR_NOT_REACHABLE)) && 7714 (asoc->used_alt_onsack > 2)) { 7715 /* We used an alt last time, don't this time */ 7716 a_chk->whoTo = NULL; 7717 } else { 7718 asoc->used_alt_onsack++; 7719 a_chk->whoTo = sctp_find_alternate_net(stcb, asoc->last_data_chunk_from); 7720 } 7721 if (a_chk->whoTo == NULL) { 7722 /* Nope, no alternate */ 7723 a_chk->whoTo = asoc->last_data_chunk_from; 7724 asoc->used_alt_onsack = 0; 7725 } 7726 } else { 7727 /* No duplicates so we use the last 7728 * place we received data from. 7729 */ 7730 #ifdef SCTP_DEBUG 7731 if (asoc->last_data_chunk_from == NULL) { 7732 printf("Huh, last_data_chunk_from is null when we want to sack??\n"); 7733 } 7734 #endif 7735 asoc->used_alt_onsack = 0; 7736 a_chk->whoTo = asoc->last_data_chunk_from; 7737 } 7738 if (a_chk->whoTo) 7739 a_chk->whoTo->ref_count++; 7740 7741 /* Ok now lets formulate a MBUF with our sack */ 7742 MGETHDR(a_chk->data, M_DONTWAIT, MT_DATA); 7743 if ((a_chk->data == NULL) || 7744 (a_chk->whoTo == NULL)) { 7745 /* rats, no mbuf memory */ 7746 if (a_chk->data) { 7747 /* was a problem with the destination */ 7748 sctp_m_freem(a_chk->data); 7749 a_chk->data = NULL; 7750 } 7751 a_chk->whoTo->ref_count--; 7752 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, a_chk); 7753 sctppcbinfo.ipi_count_chunk--; 7754 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 7755 panic("Chunk count is negative"); 7756 } 7757 sctppcbinfo.ipi_gencnt_chunk++; 7758 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 7759 stcb->sctp_ep, stcb, NULL); 7760 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 7761 stcb->sctp_ep, stcb, NULL); 7762 return; 7763 } 7764 /* First count the number of gap ack blocks we need */ 7765 if (asoc->highest_tsn_inside_map == asoc->cumulative_tsn) { 7766 /* We know if there are none above the cum-ack we 7767 * have everything with NO gaps 7768 */ 7769 num_gap_blocks = 0; 7770 } else { 7771 /* Ok we must count how many gaps we 7772 * have. 7773 */ 7774 num_gap_blocks = 0; 7775 if (asoc->highest_tsn_inside_map >= asoc->mapping_array_base_tsn) { 7776 maxi = (asoc->highest_tsn_inside_map - asoc->mapping_array_base_tsn); 7777 } else { 7778 maxi = (asoc->highest_tsn_inside_map + (MAX_TSN - asoc->mapping_array_base_tsn) + 1); 7779 } 7780 if (maxi > m_size) { 7781 /* impossible but who knows, someone is playing with us :> */ 7782 #ifdef SCTP_DEBUG 7783 printf("GAK maxi:%d > m_size:%d came out higher than allowed htsn:%u base:%u cumack:%u\n", 7784 maxi, 7785 m_size, 7786 asoc->highest_tsn_inside_map, 7787 asoc->mapping_array_base_tsn, 7788 asoc->cumulative_tsn 7789 ); 7790 #endif 7791 num_gap_blocks = 0; 7792 goto no_gaps_now; 7793 } 7794 if (asoc->cumulative_tsn >= asoc->mapping_array_base_tsn) { 7795 start = (asoc->cumulative_tsn - asoc->mapping_array_base_tsn); 7796 } else { 7797 /* Set it so we start at 0 */ 7798 start = -1; 7799 } 7800 /* Ok move start up one to look at the NEXT past the cum-ack */ 7801 start++; 7802 for (i = start; i <= maxi; i++) { 7803 if (seeing_ones) { 7804 /* while seeing ones I must 7805 * transition back to 0 before 7806 * finding the next gap and 7807 * counting the segment. 7808 */ 7809 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, i) == 0) { 7810 seeing_ones = 0; 7811 } 7812 } else { 7813 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, i)) { 7814 seeing_ones = 1; 7815 num_gap_blocks++; 7816 } 7817 } 7818 } 7819 no_gaps_now: 7820 if (num_gap_blocks == 0) { 7821 /* 7822 * Traveled all of the bits and NO one, 7823 * must have reneged 7824 */ 7825 if (compare_with_wrap(asoc->cumulative_tsn, asoc->highest_tsn_inside_map, MAX_TSN)) { 7826 asoc->highest_tsn_inside_map = asoc->cumulative_tsn; 7827 #ifdef SCTP_MAP_LOGGING 7828 sctp_log_map(0, 4, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT); 7829 #endif 7830 } 7831 } 7832 } 7833 7834 /* Now calculate the space needed */ 7835 space = (sizeof(struct sctp_sack_chunk) + 7836 (num_gap_blocks * sizeof(struct sctp_gap_ack_block)) + 7837 (asoc->numduptsns * sizeof(int32_t)) 7838 ); 7839 if (space > (asoc->smallest_mtu-SCTP_MAX_OVERHEAD)) { 7840 /* Reduce the size of the sack to fit */ 7841 int calc, fit; 7842 calc = (asoc->smallest_mtu - SCTP_MAX_OVERHEAD); 7843 calc -= sizeof(struct sctp_gap_ack_block); 7844 fit = calc/sizeof(struct sctp_gap_ack_block); 7845 if (fit > (int)num_gap_blocks) { 7846 /* discard some dups */ 7847 asoc->numduptsns = (fit - num_gap_blocks); 7848 } else { 7849 /* discard all dups and some gaps */ 7850 num_gap_blocks = fit; 7851 asoc->numduptsns = 0; 7852 } 7853 /* recalc space */ 7854 space = (sizeof(struct sctp_sack_chunk) + 7855 (num_gap_blocks * sizeof(struct sctp_gap_ack_block)) + 7856 (asoc->numduptsns * sizeof(int32_t)) 7857 ); 7858 7859 } 7860 7861 if ((space+SCTP_MIN_OVERHEAD) > MHLEN) { 7862 /* We need a cluster */ 7863 MCLGET(a_chk->data, M_DONTWAIT); 7864 if ((a_chk->data->m_flags & M_EXT) != M_EXT) { 7865 /* can't get a cluster 7866 * give up and try later. 7867 */ 7868 if (a_chk->data) 7869 sctp_m_freem(a_chk->data); 7870 a_chk->data = NULL; 7871 a_chk->whoTo->ref_count--; 7872 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, a_chk); 7873 sctppcbinfo.ipi_count_chunk--; 7874 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 7875 panic("Chunk count is negative"); 7876 } 7877 sctppcbinfo.ipi_gencnt_chunk++; 7878 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, 7879 stcb->sctp_ep, stcb, NULL); 7880 sctp_timer_start(SCTP_TIMER_TYPE_RECV, 7881 stcb->sctp_ep, stcb, NULL); 7882 return; 7883 } 7884 } 7885 7886 /* ok, lets go through and fill it in */ 7887 a_chk->data->m_data += SCTP_MIN_OVERHEAD; 7888 sack = mtod(a_chk->data, struct sctp_sack_chunk *); 7889 sack->ch.chunk_type = SCTP_SELECTIVE_ACK; 7890 sack->ch.chunk_flags = asoc->receiver_nonce_sum & SCTP_SACK_NONCE_SUM; 7891 sack->sack.cum_tsn_ack = htonl(asoc->cumulative_tsn); 7892 sack->sack.a_rwnd = htonl(asoc->my_rwnd); 7893 asoc->my_last_reported_rwnd = asoc->my_rwnd; 7894 sack->sack.num_gap_ack_blks = htons(num_gap_blocks); 7895 sack->sack.num_dup_tsns = htons(asoc->numduptsns); 7896 7897 a_chk->send_size = (sizeof(struct sctp_sack_chunk) + 7898 (num_gap_blocks * sizeof(struct sctp_gap_ack_block)) + 7899 (asoc->numduptsns * sizeof(int32_t))); 7900 a_chk->data->m_pkthdr.len = a_chk->data->m_len = a_chk->send_size; 7901 sack->ch.chunk_length = htons(a_chk->send_size); 7902 7903 gap_descriptor = (struct sctp_gap_ack_block *)((vaddr_t)sack + sizeof(struct sctp_sack_chunk)); 7904 seeing_ones = 0; 7905 for (i = start; i <= maxi; i++) { 7906 if (num_gap_blocks == 0) { 7907 break; 7908 } 7909 if (seeing_ones) { 7910 /* while seeing Ones I must 7911 * transition back to 0 before 7912 * finding the next gap 7913 */ 7914 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, i) == 0) { 7915 gap_descriptor->end = htons(((uint16_t)(i-start))); 7916 gap_descriptor++; 7917 seeing_ones = 0; 7918 num_gap_blocks--; 7919 } 7920 } else { 7921 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, i)) { 7922 gap_descriptor->start = htons(((uint16_t)(i+1-start))); 7923 /* advance struct to next pointer */ 7924 seeing_ones = 1; 7925 } 7926 } 7927 } 7928 if (num_gap_blocks) { 7929 /* special case where the array is all 1's 7930 * to the end of the array. 7931 */ 7932 gap_descriptor->end = htons(((uint16_t)((i-start)))); 7933 gap_descriptor++; 7934 } 7935 /* now we must add any dups we are going to report. */ 7936 if (asoc->numduptsns) { 7937 dup = (uint32_t *)gap_descriptor; 7938 for (i = 0; i < asoc->numduptsns; i++) { 7939 *dup = htonl(asoc->dup_tsns[i]); 7940 dup++; 7941 } 7942 asoc->numduptsns = 0; 7943 } 7944 /* now that the chunk is prepared queue it to the control 7945 * chunk queue. 7946 */ 7947 TAILQ_INSERT_TAIL(&asoc->control_send_queue, a_chk, sctp_next); 7948 asoc->ctrl_queue_cnt++; 7949 sctp_pegs[SCTP_PEG_SACKS_SENT]++; 7950 return; 7951 } 7952 7953 void 7954 sctp_send_abort_tcb(struct sctp_tcb *stcb, struct mbuf *operr) 7955 { 7956 struct mbuf *m_abort; 7957 struct sctp_abort_msg *abort_m; 7958 int sz; 7959 abort_m = NULL; 7960 MGETHDR(m_abort, M_DONTWAIT, MT_HEADER); 7961 if (m_abort == NULL) { 7962 /* no mbuf's */ 7963 return; 7964 } 7965 m_abort->m_data += SCTP_MIN_OVERHEAD; 7966 abort_m = mtod(m_abort, struct sctp_abort_msg *); 7967 m_abort->m_len = sizeof(struct sctp_abort_msg); 7968 m_abort->m_next = operr; 7969 sz = 0; 7970 if (operr) { 7971 struct mbuf *n; 7972 n = operr; 7973 while (n) { 7974 sz += n->m_len; 7975 n = n->m_next; 7976 } 7977 } 7978 abort_m->msg.ch.chunk_type = SCTP_ABORT_ASSOCIATION; 7979 abort_m->msg.ch.chunk_flags = 0; 7980 abort_m->msg.ch.chunk_length = htons(sizeof(struct sctp_abort_chunk) + 7981 sz); 7982 abort_m->sh.src_port = stcb->sctp_ep->sctp_lport; 7983 abort_m->sh.dest_port = stcb->rport; 7984 abort_m->sh.v_tag = htonl(stcb->asoc.peer_vtag); 7985 abort_m->sh.checksum = 0; 7986 m_abort->m_pkthdr.len = m_abort->m_len + sz; 7987 m_reset_rcvif(m_abort); 7988 sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, 7989 stcb->asoc.primary_destination, 7990 rtcache_getdst(&stcb->asoc.primary_destination->ro), 7991 m_abort, 1, 0, NULL, 0); 7992 } 7993 7994 int 7995 sctp_send_shutdown_complete(struct sctp_tcb *stcb, 7996 struct sctp_nets *net) 7997 7998 { 7999 /* formulate and SEND a SHUTDOWN-COMPLETE */ 8000 struct mbuf *m_shutdown_comp; 8001 struct sctp_shutdown_complete_msg *comp_cp; 8002 8003 m_shutdown_comp = NULL; 8004 MGETHDR(m_shutdown_comp, M_DONTWAIT, MT_HEADER); 8005 if (m_shutdown_comp == NULL) { 8006 /* no mbuf's */ 8007 return (-1); 8008 } 8009 m_shutdown_comp->m_data += sizeof(struct ip6_hdr); 8010 comp_cp = mtod(m_shutdown_comp, struct sctp_shutdown_complete_msg *); 8011 comp_cp->shut_cmp.ch.chunk_type = SCTP_SHUTDOWN_COMPLETE; 8012 comp_cp->shut_cmp.ch.chunk_flags = 0; 8013 comp_cp->shut_cmp.ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk)); 8014 comp_cp->sh.src_port = stcb->sctp_ep->sctp_lport; 8015 comp_cp->sh.dest_port = stcb->rport; 8016 comp_cp->sh.v_tag = htonl(stcb->asoc.peer_vtag); 8017 comp_cp->sh.checksum = 0; 8018 8019 m_shutdown_comp->m_pkthdr.len = m_shutdown_comp->m_len = sizeof(struct sctp_shutdown_complete_msg); 8020 m_reset_rcvif(m_shutdown_comp); 8021 sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, net, 8022 rtcache_getdst(&net->ro), m_shutdown_comp, 8023 1, 0, NULL, 0); 8024 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 8025 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 8026 stcb->sctp_ep->sctp_flags &= ~SCTP_PCB_FLAGS_CONNECTED; 8027 stcb->sctp_ep->sctp_socket->so_snd.sb_cc = 0; 8028 soisdisconnected(stcb->sctp_ep->sctp_socket); 8029 } 8030 return (0); 8031 } 8032 8033 int 8034 sctp_send_shutdown_complete2(struct mbuf *m, int iphlen, struct sctphdr *sh) 8035 { 8036 /* formulate and SEND a SHUTDOWN-COMPLETE */ 8037 struct mbuf *mout; 8038 struct ip *iph, *iph_out; 8039 struct ip6_hdr *ip6, *ip6_out; 8040 int offset_out; 8041 struct sctp_shutdown_complete_msg *comp_cp; 8042 8043 MGETHDR(mout, M_DONTWAIT, MT_HEADER); 8044 if (mout == NULL) { 8045 /* no mbuf's */ 8046 return (-1); 8047 } 8048 iph = mtod(m, struct ip *); 8049 iph_out = NULL; 8050 ip6_out = NULL; 8051 offset_out = 0; 8052 if (iph->ip_v == IPVERSION) { 8053 mout->m_len = sizeof(struct ip) + 8054 sizeof(struct sctp_shutdown_complete_msg); 8055 mout->m_next = NULL; 8056 iph_out = mtod(mout, struct ip *); 8057 8058 /* Fill in the IP header for the ABORT */ 8059 iph_out->ip_v = IPVERSION; 8060 iph_out->ip_hl = (sizeof(struct ip)/4); 8061 iph_out->ip_tos = (u_char)0; 8062 iph_out->ip_id = 0; 8063 iph_out->ip_off = 0; 8064 iph_out->ip_ttl = MAXTTL; 8065 iph_out->ip_p = IPPROTO_SCTP; 8066 iph_out->ip_src.s_addr = iph->ip_dst.s_addr; 8067 iph_out->ip_dst.s_addr = iph->ip_src.s_addr; 8068 8069 /* let IP layer calculate this */ 8070 iph_out->ip_sum = 0; 8071 offset_out += sizeof(*iph_out); 8072 comp_cp = (struct sctp_shutdown_complete_msg *)( 8073 (vaddr_t)iph_out + offset_out); 8074 } else if (iph->ip_v == (IPV6_VERSION >> 4)) { 8075 ip6 = (struct ip6_hdr *)iph; 8076 mout->m_len = sizeof(struct ip6_hdr) + 8077 sizeof(struct sctp_shutdown_complete_msg); 8078 mout->m_next = NULL; 8079 ip6_out = mtod(mout, struct ip6_hdr *); 8080 8081 /* Fill in the IPv6 header for the ABORT */ 8082 ip6_out->ip6_flow = ip6->ip6_flow; 8083 ip6_out->ip6_hlim = ip6_defhlim; 8084 ip6_out->ip6_nxt = IPPROTO_SCTP; 8085 ip6_out->ip6_src = ip6->ip6_dst; 8086 ip6_out->ip6_dst = ip6->ip6_src; 8087 ip6_out->ip6_plen = mout->m_len; 8088 offset_out += sizeof(*ip6_out); 8089 comp_cp = (struct sctp_shutdown_complete_msg *)( 8090 (vaddr_t)ip6_out + offset_out); 8091 } else { 8092 /* Currently not supported. */ 8093 return (-1); 8094 } 8095 8096 /* Now copy in and fill in the ABORT tags etc. */ 8097 comp_cp->sh.src_port = sh->dest_port; 8098 comp_cp->sh.dest_port = sh->src_port; 8099 comp_cp->sh.checksum = 0; 8100 comp_cp->sh.v_tag = sh->v_tag; 8101 comp_cp->shut_cmp.ch.chunk_flags = SCTP_HAD_NO_TCB; 8102 comp_cp->shut_cmp.ch.chunk_type = SCTP_SHUTDOWN_COMPLETE; 8103 comp_cp->shut_cmp.ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk)); 8104 8105 mout->m_pkthdr.len = mout->m_len; 8106 /* add checksum */ 8107 if ((sctp_no_csum_on_loopback) && m_get_rcvif_NOMPSAFE(m) != NULL && 8108 m_get_rcvif_NOMPSAFE(m)->if_type == IFT_LOOP) { 8109 comp_cp->sh.checksum = 0; 8110 } else { 8111 comp_cp->sh.checksum = sctp_calculate_sum(mout, NULL, offset_out); 8112 } 8113 8114 /* zap the rcvif, it should be null */ 8115 m_reset_rcvif(mout); 8116 /* zap the stack pointer to the route */ 8117 if (iph_out != NULL) { 8118 struct route ro; 8119 8120 memset(&ro, 0, sizeof ro); 8121 #ifdef SCTP_DEBUG 8122 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 8123 printf("sctp_shutdown_complete2 calling ip_output:\n"); 8124 sctp_print_address_pkt(iph_out, &comp_cp->sh); 8125 } 8126 #endif 8127 /* set IPv4 length */ 8128 iph_out->ip_len = htons(mout->m_pkthdr.len); 8129 /* out it goes */ 8130 ip_output(mout, 0, &ro, IP_RAWOUTPUT, NULL, NULL); 8131 } else if (ip6_out != NULL) { 8132 struct route ro; 8133 8134 memset(&ro, 0, sizeof(ro)); 8135 #ifdef SCTP_DEBUG 8136 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 8137 printf("sctp_shutdown_complete2 calling ip6_output:\n"); 8138 sctp_print_address_pkt((struct ip *)ip6_out, 8139 &comp_cp->sh); 8140 } 8141 #endif 8142 ip6_output(mout, NULL, &ro, 0, NULL, NULL, NULL); 8143 } 8144 sctp_pegs[SCTP_DATAGRAMS_SENT]++; 8145 return (0); 8146 } 8147 8148 static struct sctp_nets * 8149 sctp_select_hb_destination(struct sctp_tcb *stcb, struct timeval *now) 8150 { 8151 struct sctp_nets *net, *hnet; 8152 int ms_goneby, highest_ms, state_overide=0; 8153 8154 SCTP_GETTIME_TIMEVAL(now); 8155 highest_ms = 0; 8156 hnet = NULL; 8157 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 8158 if ( 8159 ((net->dest_state & SCTP_ADDR_NOHB) && ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) || 8160 (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE) 8161 ) { 8162 /* Skip this guy from consideration if HB is off AND its confirmed*/ 8163 #ifdef SCTP_DEBUG 8164 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 8165 printf("Skipping net:%p state:%d nohb/out-of-scope\n", 8166 net, net->dest_state); 8167 } 8168 #endif 8169 continue; 8170 } 8171 if (sctp_destination_is_reachable(stcb, (struct sockaddr *)&net->ro.ro_sa) == 0) { 8172 /* skip this dest net from consideration */ 8173 #ifdef SCTP_DEBUG 8174 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 8175 printf("Skipping net:%p reachable NOT\n", 8176 net); 8177 } 8178 #endif 8179 continue; 8180 } 8181 if (net->last_sent_time.tv_sec) { 8182 /* Sent to so we subtract */ 8183 ms_goneby = (now->tv_sec - net->last_sent_time.tv_sec) * 1000; 8184 } else 8185 /* Never been sent to */ 8186 ms_goneby = 0x7fffffff; 8187 #ifdef SCTP_DEBUG 8188 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 8189 printf("net:%p ms_goneby:%d\n", 8190 net, ms_goneby); 8191 } 8192 #endif 8193 /* When the address state is unconfirmed but still considered reachable, we 8194 * HB at a higher rate. Once it goes confirmed OR reaches the "unreachable" 8195 * state, thenw we cut it back to HB at a more normal pace. 8196 */ 8197 if ((net->dest_state & (SCTP_ADDR_UNCONFIRMED|SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED) { 8198 state_overide = 1; 8199 } else { 8200 state_overide = 0; 8201 } 8202 8203 if ((((unsigned int)ms_goneby >= net->RTO) || (state_overide)) && 8204 (ms_goneby > highest_ms)) { 8205 highest_ms = ms_goneby; 8206 hnet = net; 8207 #ifdef SCTP_DEBUG 8208 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 8209 printf("net:%p is the new high\n", 8210 net); 8211 } 8212 #endif 8213 } 8214 } 8215 if (hnet && 8216 ((hnet->dest_state & (SCTP_ADDR_UNCONFIRMED|SCTP_ADDR_NOT_REACHABLE)) == SCTP_ADDR_UNCONFIRMED)) { 8217 state_overide = 1; 8218 } else { 8219 state_overide = 0; 8220 } 8221 8222 if (highest_ms && (((unsigned int)highest_ms >= hnet->RTO) || state_overide)) { 8223 /* Found the one with longest delay bounds 8224 * OR it is unconfirmed and still not marked 8225 * unreachable. 8226 */ 8227 #ifdef SCTP_DEBUG 8228 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 8229 printf("net:%p is the hb winner -", 8230 hnet); 8231 if (hnet) 8232 sctp_print_address((struct sockaddr *)&hnet->ro.ro_sa); 8233 else 8234 printf(" none\n"); 8235 } 8236 #endif 8237 /* update the timer now */ 8238 hnet->last_sent_time = *now; 8239 return (hnet); 8240 } 8241 /* Nothing to HB */ 8242 return (NULL); 8243 } 8244 8245 int 8246 sctp_send_hb(struct sctp_tcb *stcb, int user_req, struct sctp_nets *u_net) 8247 { 8248 struct sctp_tmit_chunk *chk; 8249 struct sctp_nets *net; 8250 struct sctp_heartbeat_chunk *hb; 8251 struct timeval now; 8252 struct sockaddr_in *sin; 8253 struct sockaddr_in6 *sin6; 8254 8255 if (user_req == 0) { 8256 net = sctp_select_hb_destination(stcb, &now); 8257 if (net == NULL) { 8258 /* All our busy none to send to, just 8259 * start the timer again. 8260 */ 8261 if (stcb->asoc.state == 0) { 8262 return (0); 8263 } 8264 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, 8265 stcb->sctp_ep, 8266 stcb, 8267 net); 8268 return (0); 8269 } 8270 #ifndef SCTP_USE_ALLMAN_BURST 8271 else { 8272 /* found one idle.. decay cwnd on this one 8273 * by 1/2 if none outstanding. 8274 */ 8275 8276 if (net->flight_size == 0) { 8277 net->cwnd /= 2; 8278 if (net->addr_is_local) { 8279 if (net->cwnd < (net->mtu *4)) { 8280 net->cwnd = net->mtu * 4; 8281 } 8282 } else { 8283 if (net->cwnd < (net->mtu * 2)) { 8284 net->cwnd = net->mtu * 2; 8285 } 8286 } 8287 8288 } 8289 8290 } 8291 #endif 8292 } else { 8293 net = u_net; 8294 if (net == NULL) { 8295 return (0); 8296 } 8297 SCTP_GETTIME_TIMEVAL(&now); 8298 } 8299 sin = (struct sockaddr_in *)&net->ro.ro_sa; 8300 if (sin->sin_family != AF_INET) { 8301 if (sin->sin_family != AF_INET6) { 8302 /* huh */ 8303 return (0); 8304 } 8305 } 8306 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 8307 if (chk == NULL) { 8308 #ifdef SCTP_DEBUG 8309 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 8310 printf("Gak, can't get a chunk for hb\n"); 8311 } 8312 #endif 8313 return (0); 8314 } 8315 sctppcbinfo.ipi_gencnt_chunk++; 8316 sctppcbinfo.ipi_count_chunk++; 8317 chk->rec.chunk_id = SCTP_HEARTBEAT_REQUEST; 8318 chk->asoc = &stcb->asoc; 8319 chk->send_size = sizeof(struct sctp_heartbeat_chunk); 8320 MGETHDR(chk->data, M_DONTWAIT, MT_DATA); 8321 if (chk->data == NULL) { 8322 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 8323 sctppcbinfo.ipi_count_chunk--; 8324 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 8325 panic("Chunk count is negative"); 8326 } 8327 sctppcbinfo.ipi_gencnt_chunk++; 8328 return (0); 8329 } 8330 chk->data->m_data += SCTP_MIN_OVERHEAD; 8331 chk->data->m_pkthdr.len = chk->data->m_len = chk->send_size; 8332 chk->sent = SCTP_DATAGRAM_UNSENT; 8333 chk->snd_count = 0; 8334 chk->whoTo = net; 8335 chk->whoTo->ref_count++; 8336 /* Now we have a mbuf that we can fill in with the details */ 8337 hb = mtod(chk->data, struct sctp_heartbeat_chunk *); 8338 8339 /* fill out chunk header */ 8340 hb->ch.chunk_type = SCTP_HEARTBEAT_REQUEST; 8341 hb->ch.chunk_flags = 0; 8342 hb->ch.chunk_length = htons(chk->send_size); 8343 /* Fill out hb parameter */ 8344 hb->heartbeat.hb_info.ph.param_type = htons(SCTP_HEARTBEAT_INFO); 8345 hb->heartbeat.hb_info.ph.param_length = htons(sizeof(struct sctp_heartbeat_info_param)); 8346 hb->heartbeat.hb_info.time_value_1 = now.tv_sec; 8347 hb->heartbeat.hb_info.time_value_2 = now.tv_usec; 8348 /* Did our user request this one, put it in */ 8349 hb->heartbeat.hb_info.user_req = user_req; 8350 hb->heartbeat.hb_info.addr_family = sin->sin_family; 8351 hb->heartbeat.hb_info.addr_len = sin->sin_len; 8352 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 8353 /* we only take from the entropy pool if the address is 8354 * not confirmed. 8355 */ 8356 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 8357 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep); 8358 } else { 8359 net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = 0; 8360 net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = 0; 8361 } 8362 if (sin->sin_family == AF_INET) { 8363 memcpy(hb->heartbeat.hb_info.address, &sin->sin_addr, sizeof(sin->sin_addr)); 8364 } else if (sin->sin_family == AF_INET6) { 8365 /* We leave the scope the way it is in our lookup table. */ 8366 sin6 = (struct sockaddr_in6 *)&net->ro.ro_sa; 8367 memcpy(hb->heartbeat.hb_info.address, &sin6->sin6_addr, sizeof(sin6->sin6_addr)); 8368 } else { 8369 /* huh compiler bug */ 8370 #ifdef SCTP_DEBUG 8371 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 8372 printf("Compiler bug bleeds a mbuf and a chunk\n"); 8373 } 8374 #endif 8375 return (0); 8376 } 8377 /* ok we have a destination that needs a beat */ 8378 /* lets do the theshold management Qiaobing style */ 8379 if (user_req == 0) { 8380 if (sctp_threshold_management(stcb->sctp_ep, stcb, net, 8381 stcb->asoc.max_send_times)) { 8382 /* we have lost the association, in a way this 8383 * is quite bad since we really are one less time 8384 * since we really did not send yet. This is the 8385 * down side to the Q's style as defined in the RFC 8386 * and not my alternate style defined in the RFC. 8387 */ 8388 if (chk->data != NULL) { 8389 sctp_m_freem(chk->data); 8390 chk->data = NULL; 8391 } 8392 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 8393 sctppcbinfo.ipi_count_chunk--; 8394 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 8395 panic("Chunk count is negative"); 8396 } 8397 sctppcbinfo.ipi_gencnt_chunk++; 8398 return (-1); 8399 } 8400 } 8401 net->hb_responded = 0; 8402 #ifdef SCTP_DEBUG 8403 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 8404 printf("Inserting chunk for HB\n"); 8405 } 8406 #endif 8407 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 8408 stcb->asoc.ctrl_queue_cnt++; 8409 sctp_pegs[SCTP_HB_SENT]++; 8410 /* 8411 * Call directly med level routine to put out the chunk. It will 8412 * always tumble out control chunks aka HB but it may even tumble 8413 * out data too. 8414 */ 8415 if (user_req == 0) { 8416 /* Ok now lets start the HB timer if it is NOT a user req */ 8417 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, 8418 stcb, net); 8419 } 8420 return (1); 8421 } 8422 8423 void 8424 sctp_send_ecn_echo(struct sctp_tcb *stcb, struct sctp_nets *net, 8425 uint32_t high_tsn) 8426 { 8427 struct sctp_association *asoc; 8428 struct sctp_ecne_chunk *ecne; 8429 struct sctp_tmit_chunk *chk; 8430 asoc = &stcb->asoc; 8431 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 8432 if (chk->rec.chunk_id == SCTP_ECN_ECHO) { 8433 /* found a previous ECN_ECHO update it if needed */ 8434 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 8435 ecne->tsn = htonl(high_tsn); 8436 return; 8437 } 8438 } 8439 /* nope could not find one to update so we must build one */ 8440 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 8441 if (chk == NULL) { 8442 return; 8443 } 8444 sctp_pegs[SCTP_ECNE_SENT]++; 8445 sctppcbinfo.ipi_count_chunk++; 8446 sctppcbinfo.ipi_gencnt_chunk++; 8447 chk->rec.chunk_id = SCTP_ECN_ECHO; 8448 chk->asoc = &stcb->asoc; 8449 chk->send_size = sizeof(struct sctp_ecne_chunk); 8450 MGETHDR(chk->data, M_DONTWAIT, MT_DATA); 8451 if (chk->data == NULL) { 8452 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 8453 sctppcbinfo.ipi_count_chunk--; 8454 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 8455 panic("Chunk count is negative"); 8456 } 8457 sctppcbinfo.ipi_gencnt_chunk++; 8458 return; 8459 } 8460 chk->data->m_data += SCTP_MIN_OVERHEAD; 8461 chk->data->m_pkthdr.len = chk->data->m_len = chk->send_size; 8462 chk->sent = SCTP_DATAGRAM_UNSENT; 8463 chk->snd_count = 0; 8464 chk->whoTo = net; 8465 chk->whoTo->ref_count++; 8466 ecne = mtod(chk->data, struct sctp_ecne_chunk *); 8467 ecne->ch.chunk_type = SCTP_ECN_ECHO; 8468 ecne->ch.chunk_flags = 0; 8469 ecne->ch.chunk_length = htons(sizeof(struct sctp_ecne_chunk)); 8470 ecne->tsn = htonl(high_tsn); 8471 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 8472 asoc->ctrl_queue_cnt++; 8473 } 8474 8475 void 8476 sctp_send_packet_dropped(struct sctp_tcb *stcb, struct sctp_nets *net, 8477 struct mbuf *m, int iphlen, int bad_crc) 8478 { 8479 struct sctp_association *asoc; 8480 struct sctp_pktdrop_chunk *drp; 8481 struct sctp_tmit_chunk *chk; 8482 uint8_t *datap; 8483 int len; 8484 unsigned int small_one; 8485 struct ip *iph; 8486 8487 long spc; 8488 asoc = &stcb->asoc; 8489 if (asoc->peer_supports_pktdrop == 0) { 8490 /* peer must declare support before I 8491 * send one. 8492 */ 8493 return; 8494 } 8495 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 8496 if (chk == NULL) { 8497 return; 8498 } 8499 sctppcbinfo.ipi_count_chunk++; 8500 sctppcbinfo.ipi_gencnt_chunk++; 8501 8502 iph = mtod(m, struct ip *); 8503 if (iph == NULL) { 8504 return; 8505 } 8506 if (iph->ip_v == IPVERSION) { 8507 /* IPv4 */ 8508 #if defined(__FreeBSD__) 8509 len = chk->send_size = iph->ip_len; 8510 #else 8511 len = chk->send_size = (iph->ip_len - iphlen); 8512 #endif 8513 } else { 8514 struct ip6_hdr *ip6h; 8515 /* IPv6 */ 8516 ip6h = mtod(m, struct ip6_hdr *); 8517 len = chk->send_size = htons(ip6h->ip6_plen); 8518 } 8519 if ((len+iphlen) > m->m_pkthdr.len) { 8520 /* huh */ 8521 chk->send_size = len = m->m_pkthdr.len - iphlen; 8522 } 8523 chk->asoc = &stcb->asoc; 8524 MGETHDR(chk->data, M_DONTWAIT, MT_DATA); 8525 if (chk->data == NULL) { 8526 jump_out: 8527 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 8528 sctppcbinfo.ipi_count_chunk--; 8529 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 8530 panic("Chunk count is negative"); 8531 } 8532 sctppcbinfo.ipi_gencnt_chunk++; 8533 return; 8534 } 8535 if ((chk->send_size+sizeof(struct sctp_pktdrop_chunk)+SCTP_MIN_OVERHEAD) > MHLEN) { 8536 MCLGET(chk->data, M_DONTWAIT); 8537 if ((chk->data->m_flags & M_EXT) == 0) { 8538 /* Give up */ 8539 sctp_m_freem(chk->data); 8540 chk->data = NULL; 8541 goto jump_out; 8542 } 8543 } 8544 chk->data->m_data += SCTP_MIN_OVERHEAD; 8545 drp = mtod(chk->data, struct sctp_pktdrop_chunk *); 8546 if (drp == NULL) { 8547 sctp_m_freem(chk->data); 8548 chk->data = NULL; 8549 goto jump_out; 8550 } 8551 small_one = asoc->smallest_mtu; 8552 if (small_one > MCLBYTES) { 8553 /* Only one cluster worth of data MAX */ 8554 small_one = MCLBYTES; 8555 } 8556 chk->book_size = (chk->send_size + sizeof(struct sctp_pktdrop_chunk) + 8557 sizeof(struct sctphdr) + SCTP_MED_OVERHEAD); 8558 if (chk->book_size > small_one) { 8559 drp->ch.chunk_flags = SCTP_PACKET_TRUNCATED; 8560 drp->trunc_len = htons(chk->send_size); 8561 chk->send_size = small_one - (SCTP_MED_OVERHEAD + 8562 sizeof(struct sctp_pktdrop_chunk) + 8563 sizeof(struct sctphdr)); 8564 len = chk->send_size; 8565 } else { 8566 /* no truncation needed */ 8567 drp->ch.chunk_flags = 0; 8568 drp->trunc_len = htons(0); 8569 } 8570 if (bad_crc) { 8571 drp->ch.chunk_flags |= SCTP_BADCRC; 8572 } 8573 chk->send_size += sizeof(struct sctp_pktdrop_chunk); 8574 chk->data->m_pkthdr.len = chk->data->m_len = chk->send_size; 8575 chk->sent = SCTP_DATAGRAM_UNSENT; 8576 chk->snd_count = 0; 8577 if (net) { 8578 /* we should hit here */ 8579 chk->whoTo = net; 8580 } else { 8581 chk->whoTo = asoc->primary_destination; 8582 } 8583 chk->whoTo->ref_count++; 8584 chk->rec.chunk_id = SCTP_PACKET_DROPPED; 8585 drp->ch.chunk_type = SCTP_PACKET_DROPPED; 8586 drp->ch.chunk_length = htons(chk->send_size); 8587 spc = stcb->sctp_socket->so_rcv.sb_hiwat; 8588 if (spc < 0) { 8589 spc = 0; 8590 } 8591 drp->bottle_bw = htonl(spc); 8592 drp->current_onq = htonl(asoc->size_on_delivery_queue + 8593 asoc->size_on_reasm_queue + 8594 asoc->size_on_all_streams + 8595 asoc->my_rwnd_control_len + 8596 stcb->sctp_socket->so_rcv.sb_cc); 8597 drp->reserved = 0; 8598 datap = drp->data; 8599 m_copydata(m, iphlen, len, datap); 8600 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 8601 asoc->ctrl_queue_cnt++; 8602 } 8603 8604 void 8605 sctp_send_cwr(struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t high_tsn) 8606 { 8607 struct sctp_association *asoc; 8608 struct sctp_cwr_chunk *cwr; 8609 struct sctp_tmit_chunk *chk; 8610 8611 asoc = &stcb->asoc; 8612 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { 8613 if (chk->rec.chunk_id == SCTP_ECN_CWR) { 8614 /* found a previous ECN_CWR update it if needed */ 8615 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 8616 if (compare_with_wrap(high_tsn, ntohl(cwr->tsn), 8617 MAX_TSN)) { 8618 cwr->tsn = htonl(high_tsn); 8619 } 8620 return; 8621 } 8622 } 8623 /* nope could not find one to update so we must build one */ 8624 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 8625 if (chk == NULL) { 8626 return; 8627 } 8628 sctppcbinfo.ipi_count_chunk++; 8629 sctppcbinfo.ipi_gencnt_chunk++; 8630 chk->rec.chunk_id = SCTP_ECN_CWR; 8631 chk->asoc = &stcb->asoc; 8632 chk->send_size = sizeof(struct sctp_cwr_chunk); 8633 MGETHDR(chk->data, M_DONTWAIT, MT_DATA); 8634 if (chk->data == NULL) { 8635 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 8636 sctppcbinfo.ipi_count_chunk--; 8637 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 8638 panic("Chunk count is negative"); 8639 } 8640 sctppcbinfo.ipi_gencnt_chunk++; 8641 return; 8642 } 8643 chk->data->m_data += SCTP_MIN_OVERHEAD; 8644 chk->data->m_pkthdr.len = chk->data->m_len = chk->send_size; 8645 chk->sent = SCTP_DATAGRAM_UNSENT; 8646 chk->snd_count = 0; 8647 chk->whoTo = net; 8648 chk->whoTo->ref_count++; 8649 cwr = mtod(chk->data, struct sctp_cwr_chunk *); 8650 cwr->ch.chunk_type = SCTP_ECN_CWR; 8651 cwr->ch.chunk_flags = 0; 8652 cwr->ch.chunk_length = htons(sizeof(struct sctp_cwr_chunk)); 8653 cwr->tsn = htonl(high_tsn); 8654 TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next); 8655 asoc->ctrl_queue_cnt++; 8656 } 8657 static void 8658 sctp_reset_the_streams(struct sctp_tcb *stcb, 8659 struct sctp_stream_reset_request *req, int number_entries, uint16_t *list) 8660 { 8661 int i; 8662 8663 if (req->reset_flags & SCTP_RESET_ALL) { 8664 for (i=0; i<stcb->asoc.streamoutcnt; i++) { 8665 stcb->asoc.strmout[i].next_sequence_sent = 0; 8666 } 8667 } else if (number_entries) { 8668 for (i=0; i<number_entries; i++) { 8669 if (list[i] >= stcb->asoc.streamoutcnt) { 8670 /* no such stream */ 8671 continue; 8672 } 8673 stcb->asoc.strmout[(list[i])].next_sequence_sent = 0; 8674 } 8675 } 8676 sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_SEND, stcb, number_entries, (void *)list); 8677 } 8678 8679 void 8680 sctp_send_str_reset_ack(struct sctp_tcb *stcb, 8681 struct sctp_stream_reset_request *req) 8682 { 8683 struct sctp_association *asoc; 8684 struct sctp_stream_reset_resp *strack; 8685 struct sctp_tmit_chunk *chk; 8686 uint32_t seq; 8687 int number_entries, i; 8688 uint8_t two_way=0, not_peer=0; 8689 uint16_t *list=NULL; 8690 8691 asoc = &stcb->asoc; 8692 if (req->reset_flags & SCTP_RESET_ALL) 8693 number_entries = 0; 8694 else 8695 number_entries = (ntohs(req->ph.param_length) - sizeof(struct sctp_stream_reset_request)) / sizeof(uint16_t); 8696 8697 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 8698 if (chk == NULL) { 8699 return; 8700 } 8701 sctppcbinfo.ipi_count_chunk++; 8702 sctppcbinfo.ipi_gencnt_chunk++; 8703 chk->rec.chunk_id = SCTP_STREAM_RESET; 8704 chk->asoc = &stcb->asoc; 8705 chk->send_size = sizeof(struct sctp_stream_reset_resp) + (number_entries * sizeof(uint16_t)); 8706 MGETHDR(chk->data, M_DONTWAIT, MT_DATA); 8707 if (chk->data == NULL) { 8708 strresp_jump_out: 8709 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 8710 sctppcbinfo.ipi_count_chunk--; 8711 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 8712 panic("Chunk count is negative"); 8713 } 8714 sctppcbinfo.ipi_gencnt_chunk++; 8715 return; 8716 } 8717 chk->data->m_data += SCTP_MIN_OVERHEAD; 8718 chk->data->m_pkthdr.len = chk->data->m_len = SCTP_SIZE32(chk->send_size); 8719 if (M_TRAILINGSPACE(chk->data) < (int)SCTP_SIZE32(chk->send_size)) { 8720 MCLGET(chk->data, M_DONTWAIT); 8721 if ((chk->data->m_flags & M_EXT) == 0) { 8722 /* Give up */ 8723 sctp_m_freem(chk->data); 8724 chk->data = NULL; 8725 goto strresp_jump_out; 8726 } 8727 chk->data->m_data += SCTP_MIN_OVERHEAD; 8728 } 8729 if (M_TRAILINGSPACE(chk->data) < (int)SCTP_SIZE32(chk->send_size)) { 8730 /* can't do it, no room */ 8731 /* Give up */ 8732 sctp_m_freem(chk->data); 8733 chk->data = NULL; 8734 goto strresp_jump_out; 8735 8736 } 8737 chk->sent = SCTP_DATAGRAM_UNSENT; 8738 chk->snd_count = 0; 8739 chk->whoTo = asoc->primary_destination; 8740 chk->whoTo->ref_count++; 8741 strack = mtod(chk->data, struct sctp_stream_reset_resp *); 8742 8743 strack->ch.chunk_type = SCTP_STREAM_RESET; 8744 strack->ch.chunk_flags = 0; 8745 strack->ch.chunk_length = htons(chk->send_size); 8746 8747 memset(strack->sr_resp.reset_pad, 0, sizeof(strack->sr_resp.reset_pad)); 8748 8749 strack->sr_resp.ph.param_type = ntohs(SCTP_STR_RESET_RESPONSE); 8750 strack->sr_resp.ph.param_length = htons((chk->send_size - sizeof(struct sctp_chunkhdr))); 8751 8752 8753 8754 if (chk->send_size % 4) { 8755 /* need a padding for the end */ 8756 int pad; 8757 uint8_t *end; 8758 end = (uint8_t *)((vaddr_t)strack + chk->send_size); 8759 pad = chk->send_size % 4; 8760 for (i = 0; i < pad; i++) { 8761 end[i] = 0; 8762 } 8763 chk->send_size += pad; 8764 } 8765 8766 /* actual response */ 8767 if (req->reset_flags & SCTP_RESET_YOUR) { 8768 strack->sr_resp.reset_flags = SCTP_RESET_PERFORMED; 8769 } else { 8770 strack->sr_resp.reset_flags = 0; 8771 } 8772 8773 /* copied from reset request */ 8774 strack->sr_resp.reset_req_seq_resp = req->reset_req_seq; 8775 seq = ntohl(req->reset_req_seq); 8776 8777 list = req->list_of_streams; 8778 /* copy the un-converted network byte order streams */ 8779 for (i=0; i<number_entries; i++) { 8780 strack->sr_resp.list_of_streams[i] = list[i]; 8781 } 8782 if (asoc->str_reset_seq_in == seq) { 8783 /* is it the next expected? */ 8784 asoc->str_reset_seq_in++; 8785 strack->sr_resp.reset_at_tsn = htonl(asoc->sending_seq); 8786 asoc->str_reset_sending_seq = asoc->sending_seq; 8787 if (number_entries) { 8788 uint16_t temp; 8789 /* convert them to host byte order */ 8790 for (i=0 ; i<number_entries; i++) { 8791 temp = ntohs(list[i]); 8792 list[i] = temp; 8793 } 8794 } 8795 if (req->reset_flags & SCTP_RESET_YOUR) { 8796 /* reset my outbound streams */ 8797 sctp_reset_the_streams(stcb, req , number_entries, list); 8798 } 8799 if (req->reset_flags & SCTP_RECIPRICAL) { 8800 /* reset peer too */ 8801 sctp_send_str_reset_req(stcb, number_entries, list, two_way, not_peer); 8802 } 8803 8804 } else { 8805 /* no its a retran so I must just ack and do nothing */ 8806 strack->sr_resp.reset_at_tsn = htonl(asoc->str_reset_sending_seq); 8807 } 8808 strack->sr_resp.cumulative_tsn = htonl(asoc->cumulative_tsn); 8809 TAILQ_INSERT_TAIL(&asoc->control_send_queue, 8810 chk, 8811 sctp_next); 8812 asoc->ctrl_queue_cnt++; 8813 } 8814 8815 8816 void 8817 sctp_send_str_reset_req(struct sctp_tcb *stcb, 8818 int number_entrys, uint16_t *list, uint8_t two_way, uint8_t not_peer) 8819 { 8820 /* Send a stream reset request. The number_entrys may be 0 and list NULL 8821 * if the request is to reset all streams. If two_way is true then we 8822 * not only request a RESET of the received streams but we also 8823 * request the peer to send a reset req to us too. 8824 * Flag combinations in table: 8825 * 8826 * two_way | not_peer | = | Flags 8827 * ------------------------------ 8828 * 0 | 0 | = | SCTP_RESET_YOUR (just the peer) 8829 * 1 | 0 | = | SCTP_RESET_YOUR | SCTP_RECIPRICAL (both sides) 8830 * 0 | 1 | = | Not a Valid Request (not anyone) 8831 * 1 | 1 | = | SCTP_RESET_RECIPRICAL (Just local host) 8832 */ 8833 struct sctp_association *asoc; 8834 struct sctp_stream_reset_req *strreq; 8835 struct sctp_tmit_chunk *chk; 8836 8837 8838 asoc = &stcb->asoc; 8839 if (asoc->stream_reset_outstanding) { 8840 /* Already one pending, must get ACK back 8841 * to clear the flag. 8842 */ 8843 return; 8844 } 8845 8846 if ((two_way == 0) && (not_peer == 1)) { 8847 /* not a valid request */ 8848 return; 8849 } 8850 8851 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 8852 if (chk == NULL) { 8853 return; 8854 } 8855 sctppcbinfo.ipi_count_chunk++; 8856 sctppcbinfo.ipi_gencnt_chunk++; 8857 chk->rec.chunk_id = SCTP_STREAM_RESET; 8858 chk->asoc = &stcb->asoc; 8859 chk->send_size = sizeof(struct sctp_stream_reset_req) + (number_entrys * sizeof(uint16_t)); 8860 MGETHDR(chk->data, M_DONTWAIT, MT_DATA); 8861 if (chk->data == NULL) { 8862 strreq_jump_out: 8863 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 8864 sctppcbinfo.ipi_count_chunk--; 8865 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 8866 panic("Chunk count is negative"); 8867 } 8868 sctppcbinfo.ipi_gencnt_chunk++; 8869 return; 8870 } 8871 chk->data->m_data += SCTP_MIN_OVERHEAD; 8872 chk->data->m_pkthdr.len = chk->data->m_len = SCTP_SIZE32(chk->send_size); 8873 if (M_TRAILINGSPACE(chk->data) < (int)SCTP_SIZE32(chk->send_size)) { 8874 MCLGET(chk->data, M_DONTWAIT); 8875 if ((chk->data->m_flags & M_EXT) == 0) { 8876 /* Give up */ 8877 sctp_m_freem(chk->data); 8878 chk->data = NULL; 8879 goto strreq_jump_out; 8880 } 8881 chk->data->m_data += SCTP_MIN_OVERHEAD; 8882 } 8883 if (M_TRAILINGSPACE(chk->data) < (int)SCTP_SIZE32(chk->send_size)) { 8884 /* can't do it, no room */ 8885 /* Give up */ 8886 sctp_m_freem(chk->data); 8887 chk->data = NULL; 8888 goto strreq_jump_out; 8889 } 8890 chk->sent = SCTP_DATAGRAM_UNSENT; 8891 chk->snd_count = 0; 8892 chk->whoTo = asoc->primary_destination; 8893 chk->whoTo->ref_count++; 8894 8895 strreq = mtod(chk->data, struct sctp_stream_reset_req *); 8896 strreq->ch.chunk_type = SCTP_STREAM_RESET; 8897 strreq->ch.chunk_flags = 0; 8898 strreq->ch.chunk_length = htons(chk->send_size); 8899 8900 strreq->sr_req.ph.param_type = ntohs(SCTP_STR_RESET_REQUEST); 8901 strreq->sr_req.ph.param_length = htons((chk->send_size - sizeof(struct sctp_chunkhdr))); 8902 8903 if (chk->send_size % 4) { 8904 /* need a padding for the end */ 8905 int pad, i; 8906 uint8_t *end; 8907 end = (uint8_t *)((vaddr_t)strreq + chk->send_size); 8908 pad = chk->send_size % 4; 8909 for (i=0; i<pad; i++) { 8910 end[i] = 0; 8911 } 8912 chk->send_size += pad; 8913 } 8914 8915 strreq->sr_req.reset_flags = 0; 8916 if (number_entrys == 0) { 8917 strreq->sr_req.reset_flags |= SCTP_RESET_ALL; 8918 } 8919 if (two_way == 0) { 8920 strreq->sr_req.reset_flags |= SCTP_RESET_YOUR; 8921 } else { 8922 if (not_peer == 0) { 8923 strreq->sr_req.reset_flags |= SCTP_RECIPRICAL | SCTP_RESET_YOUR; 8924 } else { 8925 strreq->sr_req.reset_flags |= SCTP_RECIPRICAL; 8926 } 8927 } 8928 memset(strreq->sr_req.reset_pad, 0, sizeof(strreq->sr_req.reset_pad)); 8929 strreq->sr_req.reset_req_seq = htonl(asoc->str_reset_seq_out); 8930 if (number_entrys) { 8931 /* populate the specific entry's */ 8932 int i; 8933 for (i=0; i < number_entrys; i++) { 8934 strreq->sr_req.list_of_streams[i] = htons(list[i]); 8935 } 8936 } 8937 TAILQ_INSERT_TAIL(&asoc->control_send_queue, 8938 chk, 8939 sctp_next); 8940 asoc->ctrl_queue_cnt++; 8941 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo); 8942 asoc->stream_reset_outstanding = 1; 8943 } 8944 8945 void 8946 sctp_send_abort(struct mbuf *m, int iphlen, struct sctphdr *sh, uint32_t vtag, 8947 struct mbuf *err_cause) 8948 { 8949 /* 8950 * Formulate the abort message, and send it back down. 8951 */ 8952 struct mbuf *mout; 8953 struct sctp_abort_msg *abm; 8954 struct ip *iph, *iph_out; 8955 struct ip6_hdr *ip6, *ip6_out; 8956 int iphlen_out; 8957 8958 /* don't respond to ABORT with ABORT */ 8959 if (sctp_is_there_an_abort_here(m, iphlen, &vtag)) { 8960 if (err_cause) 8961 sctp_m_freem(err_cause); 8962 return; 8963 } 8964 MGETHDR(mout, M_DONTWAIT, MT_HEADER); 8965 if (mout == NULL) { 8966 if (err_cause) 8967 sctp_m_freem(err_cause); 8968 return; 8969 } 8970 iph = mtod(m, struct ip *); 8971 iph_out = NULL; 8972 ip6_out = NULL; 8973 if (iph->ip_v == IPVERSION) { 8974 iph_out = mtod(mout, struct ip *); 8975 mout->m_len = sizeof(*iph_out) + sizeof(*abm); 8976 mout->m_next = err_cause; 8977 8978 /* Fill in the IP header for the ABORT */ 8979 iph_out->ip_v = IPVERSION; 8980 iph_out->ip_hl = (sizeof(struct ip) / 4); 8981 iph_out->ip_tos = (u_char)0; 8982 iph_out->ip_id = 0; 8983 iph_out->ip_off = 0; 8984 iph_out->ip_ttl = MAXTTL; 8985 iph_out->ip_p = IPPROTO_SCTP; 8986 iph_out->ip_src.s_addr = iph->ip_dst.s_addr; 8987 iph_out->ip_dst.s_addr = iph->ip_src.s_addr; 8988 /* let IP layer calculate this */ 8989 iph_out->ip_sum = 0; 8990 8991 iphlen_out = sizeof(*iph_out); 8992 abm = (struct sctp_abort_msg *)((vaddr_t)iph_out + iphlen_out); 8993 } else if (iph->ip_v == (IPV6_VERSION >> 4)) { 8994 ip6 = (struct ip6_hdr *)iph; 8995 ip6_out = mtod(mout, struct ip6_hdr *); 8996 mout->m_len = sizeof(*ip6_out) + sizeof(*abm); 8997 mout->m_next = err_cause; 8998 8999 /* Fill in the IP6 header for the ABORT */ 9000 ip6_out->ip6_flow = ip6->ip6_flow; 9001 ip6_out->ip6_hlim = ip6_defhlim; 9002 ip6_out->ip6_nxt = IPPROTO_SCTP; 9003 ip6_out->ip6_src = ip6->ip6_dst; 9004 ip6_out->ip6_dst = ip6->ip6_src; 9005 9006 iphlen_out = sizeof(*ip6_out); 9007 abm = (struct sctp_abort_msg *)((vaddr_t)ip6_out + iphlen_out); 9008 } else { 9009 /* Currently not supported */ 9010 return; 9011 } 9012 9013 abm->sh.src_port = sh->dest_port; 9014 abm->sh.dest_port = sh->src_port; 9015 abm->sh.checksum = 0; 9016 if (vtag == 0) { 9017 abm->sh.v_tag = sh->v_tag; 9018 abm->msg.ch.chunk_flags = SCTP_HAD_NO_TCB; 9019 } else { 9020 abm->sh.v_tag = htonl(vtag); 9021 abm->msg.ch.chunk_flags = 0; 9022 } 9023 abm->msg.ch.chunk_type = SCTP_ABORT_ASSOCIATION; 9024 9025 if (err_cause) { 9026 struct mbuf *m_tmp = err_cause; 9027 int err_len = 0; 9028 /* get length of the err_cause chain */ 9029 while (m_tmp != NULL) { 9030 err_len += m_tmp->m_len; 9031 m_tmp = m_tmp->m_next; 9032 } 9033 mout->m_pkthdr.len = mout->m_len + err_len; 9034 if (err_len % 4) { 9035 /* need pad at end of chunk */ 9036 u_int32_t cpthis=0; 9037 int padlen; 9038 padlen = 4 - (mout->m_pkthdr.len % 4); 9039 m_copyback(mout, mout->m_pkthdr.len, padlen, (void *)&cpthis); 9040 } 9041 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch) + err_len); 9042 } else { 9043 mout->m_pkthdr.len = mout->m_len; 9044 abm->msg.ch.chunk_length = htons(sizeof(abm->msg.ch)); 9045 } 9046 9047 /* add checksum */ 9048 if ((sctp_no_csum_on_loopback) && m_get_rcvif_NOMPSAFE(m) != NULL && 9049 m_get_rcvif_NOMPSAFE(m)->if_type == IFT_LOOP) { 9050 abm->sh.checksum = 0; 9051 } else { 9052 abm->sh.checksum = sctp_calculate_sum(mout, NULL, iphlen_out); 9053 } 9054 9055 /* zap the rcvif, it should be null */ 9056 m_reset_rcvif(mout); 9057 if (iph_out != NULL) { 9058 struct route ro; 9059 9060 /* zap the stack pointer to the route */ 9061 memset(&ro, 0, sizeof ro); 9062 #ifdef SCTP_DEBUG 9063 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 9064 printf("sctp_send_abort calling ip_output:\n"); 9065 sctp_print_address_pkt(iph_out, &abm->sh); 9066 } 9067 #endif 9068 /* set IPv4 length */ 9069 iph_out->ip_len = htons(mout->m_pkthdr.len); 9070 /* out it goes */ 9071 (void)ip_output(mout, 0, &ro, IP_RAWOUTPUT, NULL, NULL); 9072 } else if (ip6_out != NULL) { 9073 struct route ro; 9074 9075 /* zap the stack pointer to the route */ 9076 memset(&ro, 0, sizeof(ro)); 9077 #ifdef SCTP_DEBUG 9078 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 9079 printf("sctp_send_abort calling ip6_output:\n"); 9080 sctp_print_address_pkt((struct ip *)ip6_out, &abm->sh); 9081 } 9082 #endif 9083 ip6_output(mout, NULL, &ro, 0, NULL, NULL, NULL); 9084 } 9085 sctp_pegs[SCTP_DATAGRAMS_SENT]++; 9086 } 9087 9088 void 9089 sctp_send_operr_to(struct mbuf *m, int iphlen, 9090 struct mbuf *scm, 9091 uint32_t vtag) 9092 { 9093 struct sctphdr *ihdr; 9094 struct sctphdr *ohdr; 9095 struct sctp_chunkhdr *ophdr; 9096 9097 struct ip *iph; 9098 #ifdef SCTP_DEBUG 9099 struct sockaddr_in6 lsa6, fsa6; 9100 #endif 9101 uint32_t val; 9102 iph = mtod(m, struct ip *); 9103 ihdr = (struct sctphdr *)((vaddr_t)iph + iphlen); 9104 if (!(scm->m_flags & M_PKTHDR)) { 9105 /* must be a pkthdr */ 9106 printf("Huh, not a packet header in send_operr\n"); 9107 m_freem(scm); 9108 return; 9109 } 9110 M_PREPEND(scm, (sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr)), M_DONTWAIT); 9111 if (scm == NULL) { 9112 /* can't send because we can't add a mbuf */ 9113 return; 9114 } 9115 ohdr = mtod(scm, struct sctphdr *); 9116 ohdr->src_port = ihdr->dest_port; 9117 ohdr->dest_port = ihdr->src_port; 9118 ohdr->v_tag = vtag; 9119 ohdr->checksum = 0; 9120 ophdr = (struct sctp_chunkhdr *)(ohdr + 1); 9121 ophdr->chunk_type = SCTP_OPERATION_ERROR; 9122 ophdr->chunk_flags = 0; 9123 ophdr->chunk_length = htons(scm->m_pkthdr.len - sizeof(struct sctphdr)); 9124 if (scm->m_pkthdr.len % 4) { 9125 /* need padding */ 9126 u_int32_t cpthis=0; 9127 int padlen; 9128 padlen = 4 - (scm->m_pkthdr.len % 4); 9129 m_copyback(scm, scm->m_pkthdr.len, padlen, (void *)&cpthis); 9130 } 9131 if ((sctp_no_csum_on_loopback) && m_get_rcvif_NOMPSAFE(m) != NULL && 9132 m_get_rcvif_NOMPSAFE(m)->if_type == IFT_LOOP) { 9133 val = 0; 9134 } else { 9135 val = sctp_calculate_sum(scm, NULL, 0); 9136 } 9137 ohdr->checksum = val; 9138 if (iph->ip_v == IPVERSION) { 9139 /* V4 */ 9140 struct ip *out; 9141 struct route ro; 9142 M_PREPEND(scm, sizeof(struct ip), M_DONTWAIT); 9143 if (scm == NULL) 9144 return; 9145 memset(&ro, 0, sizeof ro); 9146 out = mtod(scm, struct ip *); 9147 out->ip_v = iph->ip_v; 9148 out->ip_hl = (sizeof(struct ip)/4); 9149 out->ip_tos = iph->ip_tos; 9150 out->ip_id = iph->ip_id; 9151 out->ip_off = 0; 9152 out->ip_ttl = MAXTTL; 9153 out->ip_p = IPPROTO_SCTP; 9154 out->ip_sum = 0; 9155 out->ip_src = iph->ip_dst; 9156 out->ip_dst = iph->ip_src; 9157 out->ip_len = htons(scm->m_pkthdr.len); 9158 ip_output(scm, 0, &ro, IP_RAWOUTPUT, NULL, NULL); 9159 sctp_pegs[SCTP_DATAGRAMS_SENT]++; 9160 } else { 9161 /* V6 */ 9162 struct route ro; 9163 struct ip6_hdr *out6, *in6; 9164 9165 M_PREPEND(scm, sizeof(struct ip6_hdr), M_DONTWAIT); 9166 if (scm == NULL) 9167 return; 9168 memset(&ro, 0, sizeof ro); 9169 in6 = mtod(m, struct ip6_hdr *); 9170 out6 = mtod(scm, struct ip6_hdr *); 9171 out6->ip6_flow = in6->ip6_flow; 9172 out6->ip6_hlim = ip6_defhlim; 9173 out6->ip6_nxt = IPPROTO_SCTP; 9174 out6->ip6_src = in6->ip6_dst; 9175 out6->ip6_dst = in6->ip6_src; 9176 9177 #ifdef SCTP_DEBUG 9178 memset(&lsa6, 0, sizeof(lsa6)); 9179 lsa6.sin6_len = sizeof(lsa6); 9180 lsa6.sin6_family = AF_INET6; 9181 lsa6.sin6_addr = out6->ip6_src; 9182 memset(&fsa6, 0, sizeof(fsa6)); 9183 fsa6.sin6_len = sizeof(fsa6); 9184 fsa6.sin6_family = AF_INET6; 9185 fsa6.sin6_addr = out6->ip6_dst; 9186 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 9187 printf("sctp_operr_to calling ipv6 output:\n"); 9188 printf("src: "); 9189 sctp_print_address((struct sockaddr *)&lsa6); 9190 printf("dst "); 9191 sctp_print_address((struct sockaddr *)&fsa6); 9192 } 9193 #endif /* SCTP_DEBUG */ 9194 ip6_output(scm, NULL, &ro, 0, NULL, NULL, NULL); 9195 sctp_pegs[SCTP_DATAGRAMS_SENT]++; 9196 } 9197 } 9198 9199 static int 9200 sctp_copy_one(struct mbuf *m, struct uio *uio, int cpsz, int resv_upfront, int *mbcnt) 9201 { 9202 int left, cancpy, willcpy, error; 9203 left = cpsz; 9204 9205 if (m == NULL) { 9206 /* TSNH */ 9207 *mbcnt = 0; 9208 return (ENOMEM); 9209 } 9210 m->m_len = 0; 9211 if ((left+resv_upfront) > (int)MHLEN) { 9212 MCLGET(m, M_WAIT); 9213 if (m == NULL) { 9214 *mbcnt = 0; 9215 return (ENOMEM); 9216 } 9217 if ((m->m_flags & M_EXT) == 0) { 9218 *mbcnt = 0; 9219 return (ENOMEM); 9220 } 9221 *mbcnt += m->m_ext.ext_size; 9222 } 9223 *mbcnt += MSIZE; 9224 cancpy = M_TRAILINGSPACE(m); 9225 willcpy = min(cancpy, left); 9226 if ((willcpy + resv_upfront) > cancpy) { 9227 willcpy -= resv_upfront; 9228 } 9229 while (left > 0) { 9230 /* Align data to the end */ 9231 if ((m->m_flags & M_EXT) == 0) { 9232 if (m->m_flags & M_PKTHDR) { 9233 MH_ALIGN(m, willcpy); 9234 } else { 9235 M_ALIGN(m, willcpy); 9236 } 9237 } else { 9238 MC_ALIGN(m, willcpy); 9239 } 9240 error = uiomove(mtod(m, void *), willcpy, uio); 9241 if (error) { 9242 return (error); 9243 } 9244 m->m_len = willcpy; 9245 m->m_nextpkt = 0; 9246 left -= willcpy; 9247 if (left > 0) { 9248 MGET(m->m_next, M_WAIT, MT_DATA); 9249 if (m->m_next == NULL) { 9250 *mbcnt = 0; 9251 return (ENOMEM); 9252 } 9253 m = m->m_next; 9254 m->m_len = 0; 9255 *mbcnt += MSIZE; 9256 if (left > (int)MHLEN) { 9257 MCLGET(m, M_WAIT); 9258 if (m == NULL) { 9259 *mbcnt = 0; 9260 return (ENOMEM); 9261 } 9262 if ((m->m_flags & M_EXT) == 0) { 9263 *mbcnt = 0; 9264 return (ENOMEM); 9265 } 9266 *mbcnt += m->m_ext.ext_size; 9267 } 9268 cancpy = M_TRAILINGSPACE(m); 9269 willcpy = min(cancpy, left); 9270 } 9271 } 9272 return (0); 9273 } 9274 9275 static int 9276 sctp_copy_it_in(struct sctp_inpcb *inp, 9277 struct sctp_tcb *stcb, 9278 struct sctp_association *asoc, 9279 struct sctp_nets *net, 9280 struct sctp_sndrcvinfo *srcv, 9281 struct uio *uio, 9282 int flags) 9283 { 9284 /* This routine must be very careful in 9285 * its work. Protocol processing is 9286 * up and running so care must be taken to 9287 * spl...() when you need to do something 9288 * that may effect the stcb/asoc. The sb is 9289 * locked however. When data is copied the 9290 * protocol processing should be enabled since 9291 * this is a slower operation... 9292 */ 9293 struct socket *so; 9294 int error = 0; 9295 int frag_size, mbcnt = 0, mbcnt_e = 0; 9296 unsigned int sndlen; 9297 unsigned int tot_demand; 9298 int tot_out, dataout; 9299 struct sctp_tmit_chunk *chk; 9300 struct mbuf *mm; 9301 struct sctp_stream_out *strq; 9302 uint32_t my_vtag; 9303 int resv_in_first; 9304 9305 so = stcb->sctp_socket; 9306 solock(so); 9307 chk = NULL; 9308 mm = NULL; 9309 9310 sndlen = uio->uio_resid; 9311 /* lock the socket buf */ 9312 error = sblock(&so->so_snd, SBLOCKWAIT(flags)); 9313 if (error) 9314 goto out_locked; 9315 9316 #ifdef SCTP_DEBUG 9317 printf("sctp_copy_it_in: %d\n", sndlen); 9318 #endif 9319 /* will it ever fit ? */ 9320 if (sndlen > so->so_snd.sb_hiwat) { 9321 /* It will NEVER fit */ 9322 error = EMSGSIZE; 9323 goto release; 9324 } 9325 /* Do I need to block? */ 9326 if ((so->so_snd.sb_hiwat < 9327 (sndlen + asoc->total_output_queue_size)) || 9328 (asoc->chunks_on_out_queue > sctp_max_chunks_on_queue) || 9329 (asoc->total_output_mbuf_queue_size > 9330 so->so_snd.sb_mbmax) 9331 ) { 9332 /* prune any prsctp bufs out */ 9333 if (asoc->peer_supports_prsctp) { 9334 sctp_prune_prsctp(stcb, asoc, srcv, sndlen); 9335 } 9336 /* 9337 * We store off a pointer to the endpoint. 9338 * Since on return from this we must check to 9339 * see if an so_error is set. If so we may have 9340 * been reset and our stcb destroyed. Returning 9341 * an error will flow back to the user... 9342 */ 9343 while ((so->so_snd.sb_hiwat < 9344 (sndlen + asoc->total_output_queue_size)) || 9345 (asoc->chunks_on_out_queue > 9346 sctp_max_chunks_on_queue) || 9347 (asoc->total_output_mbuf_queue_size > 9348 so->so_snd.sb_mbmax) 9349 ) { 9350 if ((so->so_state & SS_NBIO) 9351 #if defined(__FreeBSD__) && __FreeBSD_version >= 500000 9352 || (flags & MSG_NBIO) 9353 #endif 9354 ) { 9355 /* Non-blocking io in place */ 9356 error = EWOULDBLOCK; 9357 goto release; 9358 } 9359 inp->sctp_tcb_at_block = (void *)stcb; 9360 inp->error_on_block = 0; 9361 #ifdef SCTP_BLK_LOGGING 9362 sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK, 9363 so, asoc); 9364 #endif 9365 sbunlock(&so->so_snd); 9366 SCTP_TCB_UNLOCK(stcb); 9367 error = sbwait(&so->so_snd); 9368 SCTP_INP_RLOCK(inp); 9369 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 9370 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { 9371 /* Should I really unlock ? */ 9372 SCTP_INP_RUNLOCK(inp); 9373 error = EFAULT; 9374 goto out_locked; 9375 } 9376 SCTP_TCB_LOCK(stcb); 9377 SCTP_INP_RUNLOCK(inp); 9378 9379 inp->sctp_tcb_at_block = 0; 9380 #ifdef SCTP_BLK_LOGGING 9381 sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, 9382 so, asoc); 9383 #endif 9384 if (inp->error_on_block) { 9385 /* 9386 * if our asoc was killed, the free code 9387 * (in sctp_pcb.c) will save a error in 9388 * here for us 9389 */ 9390 error = inp->error_on_block; 9391 goto out_locked; 9392 } 9393 if (error) { 9394 goto out_locked; 9395 } 9396 /* did we encounter a socket error? */ 9397 if (so->so_error) { 9398 error = so->so_error; 9399 goto out_locked; 9400 } 9401 error = sblock(&so->so_snd, M_WAITOK); 9402 if (error) { 9403 /* Can't aquire the lock */ 9404 goto out_locked; 9405 } 9406 #if defined(__FreeBSD__) && __FreeBSD_version >= 502115 9407 if (so->so_rcv.sb_state & SBS_CANTSENDMORE) { 9408 #else 9409 if (so->so_state & SS_CANTSENDMORE) { 9410 #endif 9411 /* The socket is now set not to sendmore.. its gone */ 9412 error = EPIPE; 9413 goto release; 9414 } 9415 if (so->so_error) { 9416 error = so->so_error; 9417 goto release; 9418 } 9419 if (asoc->peer_supports_prsctp) { 9420 sctp_prune_prsctp(stcb, asoc, srcv, sndlen); 9421 } 9422 } 9423 } 9424 dataout = tot_out = uio->uio_resid; 9425 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 9426 resv_in_first = SCTP_MED_OVERHEAD; 9427 } else { 9428 resv_in_first = SCTP_MED_V4_OVERHEAD; 9429 } 9430 9431 /* Are we aborting? */ 9432 if (srcv->sinfo_flags & MSG_ABORT) { 9433 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_WAIT) && 9434 (SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_ECHOED)) { 9435 /* It has to be up before we abort */ 9436 /* how big is the user initiated abort? */ 9437 9438 /* I wonder about doing a MGET without a splnet set. 9439 * it is done that way in the sosend code so I guess 9440 * it is ok :-0 9441 */ 9442 MGETHDR(mm, M_WAIT, MT_DATA); 9443 if (mm) { 9444 struct sctp_paramhdr *ph; 9445 9446 tot_demand = (tot_out + sizeof(struct sctp_paramhdr)); 9447 if (tot_demand > MHLEN) { 9448 if (tot_demand > MCLBYTES) { 9449 /* truncate user data */ 9450 tot_demand = MCLBYTES; 9451 tot_out = tot_demand - sizeof(struct sctp_paramhdr); 9452 } 9453 MCLGET(mm, M_WAIT); 9454 if ((mm->m_flags & M_EXT) == 0) { 9455 /* truncate further */ 9456 tot_demand = MHLEN; 9457 tot_out = tot_demand - sizeof(struct sctp_paramhdr); 9458 } 9459 } 9460 /* now move forward the data pointer */ 9461 ph = mtod(mm, struct sctp_paramhdr *); 9462 ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT); 9463 ph->param_length = htons((sizeof(struct sctp_paramhdr) + tot_out)); 9464 ph++; 9465 mm->m_pkthdr.len = tot_out + sizeof(struct sctp_paramhdr); 9466 mm->m_len = mm->m_pkthdr.len; 9467 error = uiomove((void *)ph, (int)tot_out, uio); 9468 if (error) { 9469 /* 9470 * Here if we can't get his data we 9471 * still abort we just don't get to 9472 * send the users note :-0 9473 */ 9474 sctp_m_freem(mm); 9475 mm = NULL; 9476 } 9477 } 9478 sbunlock(&so->so_snd); 9479 sctp_abort_an_association(stcb->sctp_ep, stcb, 9480 SCTP_RESPONSE_TO_USER_REQ, 9481 mm); 9482 mm = NULL; 9483 goto out_locked; 9484 } 9485 goto release; 9486 } 9487 9488 /* Now can we send this? */ 9489 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 9490 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 9491 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 9492 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 9493 /* got data while shutting down */ 9494 error = ECONNRESET; 9495 goto release; 9496 } 9497 /* Is the stream no. valid? */ 9498 if (srcv->sinfo_stream >= asoc->streamoutcnt) { 9499 /* Invalid stream number */ 9500 error = EINVAL; 9501 goto release; 9502 } 9503 if (asoc->strmout == NULL) { 9504 /* huh? software error */ 9505 #ifdef SCTP_DEBUG 9506 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 9507 printf("software error in sctp_copy_it_in\n"); 9508 } 9509 #endif 9510 error = EFAULT; 9511 goto release; 9512 } 9513 if ((srcv->sinfo_flags & MSG_EOF) && 9514 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) && 9515 (tot_out == 0)) { 9516 sounlock(so); 9517 goto zap_by_it_now; 9518 } 9519 if (tot_out == 0) { 9520 /* not allowed */ 9521 error = EMSGSIZE; 9522 goto release; 9523 } 9524 /* save off the tag */ 9525 my_vtag = asoc->my_vtag; 9526 strq = &asoc->strmout[srcv->sinfo_stream]; 9527 /* First lets figure out the "chunking" point */ 9528 frag_size = sctp_get_frag_point(stcb, asoc); 9529 9530 /* two choices here, it all fits in one chunk or 9531 * we need multiple chunks. 9532 */ 9533 sounlock(so); 9534 if (tot_out <= frag_size) { 9535 /* no need to setup a template */ 9536 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 9537 if (chk == NULL) { 9538 error = ENOMEM; 9539 goto release; 9540 } 9541 sctppcbinfo.ipi_count_chunk++; 9542 sctppcbinfo.ipi_gencnt_chunk++; 9543 asoc->chunks_on_out_queue++; 9544 MGETHDR(mm, M_WAIT, MT_DATA); 9545 if (mm == NULL) { 9546 error = ENOMEM; 9547 goto clean_up; 9548 } 9549 error = sctp_copy_one(mm, uio, tot_out, resv_in_first, &mbcnt_e); 9550 if (error) 9551 goto clean_up; 9552 sctp_prepare_chunk(chk, stcb, srcv, strq, net); 9553 chk->mbcnt = mbcnt_e; 9554 mbcnt += mbcnt_e; 9555 mbcnt_e = 0; 9556 mm->m_pkthdr.len = tot_out; 9557 chk->data = mm; 9558 mm = NULL; 9559 9560 /* the actual chunk flags */ 9561 chk->rec.data.rcv_flags |= SCTP_DATA_NOT_FRAG; 9562 chk->whoTo->ref_count++; 9563 9564 /* fix up the send_size if it is not present */ 9565 chk->send_size = tot_out; 9566 chk->book_size = chk->send_size; 9567 /* ok, we are commited */ 9568 if ((srcv->sinfo_flags & MSG_UNORDERED) == 0) { 9569 /* bump the ssn if we are unordered. */ 9570 strq->next_sequence_sent++; 9571 } 9572 if (chk->flags & SCTP_PR_SCTP_BUFFER) { 9573 asoc->sent_queue_cnt_removeable++; 9574 } 9575 solock(so); 9576 if ((asoc->state == 0) || 9577 (my_vtag != asoc->my_vtag) || 9578 (so != inp->sctp_socket) || 9579 (inp->sctp_socket == 0)) { 9580 /* connection was aborted */ 9581 sounlock(so); 9582 error = ECONNRESET; 9583 goto clean_up; 9584 } 9585 asoc->stream_queue_cnt++; 9586 TAILQ_INSERT_TAIL(&strq->outqueue, chk, sctp_next); 9587 /* now check if this stream is on the wheel */ 9588 if ((strq->next_spoke.tqe_next == NULL) && 9589 (strq->next_spoke.tqe_prev == NULL)) { 9590 /* Insert it on the wheel since it is not 9591 * on it currently 9592 */ 9593 sctp_insert_on_wheel(asoc, strq); 9594 } 9595 sounlock(so); 9596 clean_up: 9597 if (error) { 9598 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 9599 sctppcbinfo.ipi_count_chunk--; 9600 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 9601 panic("Chunk count is negative"); 9602 } 9603 goto release; 9604 } 9605 } else { 9606 /* we need to setup a template */ 9607 struct sctp_tmit_chunk template; 9608 struct sctpchunk_listhead tmp; 9609 9610 /* setup the template */ 9611 sctp_prepare_chunk(&template, stcb, srcv, strq, net); 9612 9613 /* Prepare the temp list */ 9614 TAILQ_INIT(&tmp); 9615 9616 /* Template is complete, now time for the work */ 9617 while (tot_out > 0) { 9618 /* Get a chunk */ 9619 chk = (struct sctp_tmit_chunk *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_chunk); 9620 if (chk == NULL) { 9621 /* 9622 * ok we must spin through and dump anything 9623 * we have allocated and then jump to the 9624 * no_membad 9625 */ 9626 error = ENOMEM; 9627 } 9628 sctppcbinfo.ipi_count_chunk++; 9629 asoc->chunks_on_out_queue++; 9630 9631 sctppcbinfo.ipi_gencnt_chunk++; 9632 *chk = template; 9633 chk->whoTo->ref_count++; 9634 MGETHDR(chk->data, M_WAIT, MT_DATA); 9635 if (chk->data == NULL) { 9636 error = ENOMEM; 9637 goto temp_clean_up; 9638 } 9639 tot_demand = min(tot_out, frag_size); 9640 error = sctp_copy_one(chk->data, uio, tot_demand , resv_in_first, &mbcnt_e); 9641 if (error) 9642 goto temp_clean_up; 9643 /* now fix the chk->send_size */ 9644 chk->mbcnt = mbcnt_e; 9645 mbcnt += mbcnt_e; 9646 mbcnt_e = 0; 9647 chk->send_size = tot_demand; 9648 chk->data->m_pkthdr.len = tot_demand; 9649 chk->book_size = chk->send_size; 9650 if (chk->flags & SCTP_PR_SCTP_BUFFER) { 9651 asoc->sent_queue_cnt_removeable++; 9652 } 9653 TAILQ_INSERT_TAIL(&tmp, chk, sctp_next); 9654 tot_out -= tot_demand; 9655 } 9656 /* Now the tmp list holds all chunks and data */ 9657 if ((srcv->sinfo_flags & MSG_UNORDERED) == 0) { 9658 /* bump the ssn if we are unordered. */ 9659 strq->next_sequence_sent++; 9660 } 9661 /* Mark the first/last flags. This will 9662 * result int a 3 for a single item on the list 9663 */ 9664 chk = TAILQ_FIRST(&tmp); 9665 chk->rec.data.rcv_flags |= SCTP_DATA_FIRST_FRAG; 9666 chk = TAILQ_LAST(&tmp, sctpchunk_listhead); 9667 chk->rec.data.rcv_flags |= SCTP_DATA_LAST_FRAG; 9668 9669 /* now move it to the streams actual queue */ 9670 /* first stop protocol processing */ 9671 mutex_enter(softnet_lock); 9672 if ((asoc->state == 0) || 9673 (my_vtag != asoc->my_vtag) || 9674 (so != inp->sctp_socket) || 9675 (inp->sctp_socket == 0)) { 9676 /* connection was aborted */ 9677 mutex_exit(softnet_lock); 9678 error = ECONNRESET; 9679 goto temp_clean_up; 9680 } 9681 chk = TAILQ_FIRST(&tmp); 9682 while (chk) { 9683 chk->data->m_nextpkt = 0; 9684 TAILQ_REMOVE(&tmp, chk, sctp_next); 9685 asoc->stream_queue_cnt++; 9686 TAILQ_INSERT_TAIL(&strq->outqueue, chk, sctp_next); 9687 chk = TAILQ_FIRST(&tmp); 9688 } 9689 /* now check if this stream is on the wheel */ 9690 if ((strq->next_spoke.tqe_next == NULL) && 9691 (strq->next_spoke.tqe_prev == NULL)) { 9692 /* Insert it on the wheel since it is not 9693 * on it currently 9694 */ 9695 sctp_insert_on_wheel(asoc, strq); 9696 } 9697 /* Ok now we can allow pping */ 9698 mutex_exit(softnet_lock); 9699 temp_clean_up: 9700 if (error) { 9701 chk = TAILQ_FIRST(&tmp); 9702 while (chk) { 9703 if (chk->data) { 9704 sctp_m_freem(chk->data); 9705 chk->data = NULL; 9706 } 9707 TAILQ_REMOVE(&tmp, chk, sctp_next); 9708 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 9709 sctppcbinfo.ipi_count_chunk--; 9710 asoc->chunks_on_out_queue--; 9711 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 9712 panic("Chunk count is negative"); 9713 } 9714 sctppcbinfo.ipi_gencnt_chunk++; 9715 chk = TAILQ_FIRST(&tmp); 9716 } 9717 goto release; 9718 } 9719 } 9720 zap_by_it_now: 9721 #ifdef SCTP_MBCNT_LOGGING 9722 sctp_log_mbcnt(SCTP_LOG_MBCNT_INCREASE, 9723 asoc->total_output_queue_size, 9724 dataout, 9725 asoc->total_output_mbuf_queue_size, 9726 mbcnt); 9727 #endif 9728 solock(so); 9729 asoc->total_output_queue_size += dataout; 9730 asoc->total_output_mbuf_queue_size += mbcnt; 9731 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 9732 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 9733 so->so_snd.sb_cc += dataout; 9734 so->so_snd.sb_mbcnt += mbcnt; 9735 } 9736 if ((srcv->sinfo_flags & MSG_EOF) && 9737 (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) 9738 ) { 9739 int some_on_streamwheel = 0; 9740 error = 0; 9741 if (!TAILQ_EMPTY(&asoc->out_wheel)) { 9742 /* Check to see if some data queued */ 9743 struct sctp_stream_out *outs; 9744 TAILQ_FOREACH(outs, &asoc->out_wheel, next_spoke) { 9745 if (!TAILQ_EMPTY(&outs->outqueue)) { 9746 some_on_streamwheel = 1; 9747 break; 9748 } 9749 } 9750 } 9751 if (TAILQ_EMPTY(&asoc->send_queue) && 9752 TAILQ_EMPTY(&asoc->sent_queue) && 9753 (some_on_streamwheel == 0)) { 9754 /* there is nothing queued to send, so I'm done... */ 9755 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_SENT) && 9756 (SCTP_GET_STATE(asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 9757 /* only send SHUTDOWN the first time through */ 9758 #ifdef SCTP_DEBUG 9759 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 9760 printf("%s:%d sends a shutdown\n", 9761 __FILE__, 9762 __LINE__ 9763 ); 9764 } 9765 #endif 9766 sctp_send_shutdown(stcb, stcb->asoc.primary_destination); 9767 asoc->state = SCTP_STATE_SHUTDOWN_SENT; 9768 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, 9769 asoc->primary_destination); 9770 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, 9771 asoc->primary_destination); 9772 } 9773 } else { 9774 /* 9775 * we still got (or just got) data to send, so set 9776 * SHUTDOWN_PENDING 9777 */ 9778 /* 9779 * XXX sockets draft says that MSG_EOF should be sent 9780 * with no data. currently, we will allow user data 9781 * to be sent first and move to SHUTDOWN-PENDING 9782 */ 9783 asoc->state |= SCTP_STATE_SHUTDOWN_PENDING; 9784 } 9785 } 9786 #ifdef SCTP_DEBUG 9787 if (sctp_debug_on & SCTP_DEBUG_OUTPUT2) { 9788 printf("++total out:%d total_mbuf_out:%d\n", 9789 (int)asoc->total_output_queue_size, 9790 (int)asoc->total_output_mbuf_queue_size); 9791 } 9792 #endif 9793 9794 release: 9795 sbunlock(&so->so_snd); 9796 out_locked: 9797 sounlock(so); 9798 9799 if (mm) 9800 sctp_m_freem(mm); 9801 return (error); 9802 } 9803 9804 9805 int 9806 sctp_sosend(struct socket *so, struct sockaddr *addr, struct uio *uio, 9807 struct mbuf *top, struct mbuf *control, int flags, struct lwp *p) 9808 { 9809 int error, use_rcvinfo; 9810 int queue_only = 0, queue_only_for_init=0; 9811 int un_sent = 0; 9812 int now_filled=0; 9813 struct sctp_inpcb *inp; 9814 struct sctp_tcb *stcb=NULL; 9815 struct sctp_sndrcvinfo srcv; 9816 struct timeval now; 9817 struct sctp_nets *net; 9818 struct sctp_association *asoc; 9819 struct sctp_inpcb *t_inp; 9820 int create_lock_applied = 0; 9821 9822 error = use_rcvinfo = 0; 9823 net = NULL; 9824 stcb = NULL; 9825 asoc = NULL; 9826 t_inp = inp = (struct sctp_inpcb *)so->so_pcb; 9827 9828 solock(so); 9829 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && 9830 (inp->sctp_flags & SCTP_PCB_FLAGS_ACCEPTING)) { 9831 /* The listner can NOT send */ 9832 error = EFAULT; 9833 sounlock(so); 9834 goto out; 9835 } 9836 if (addr) { 9837 SCTP_ASOC_CREATE_LOCK(inp); 9838 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || 9839 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { 9840 /* Should I really unlock ? */ 9841 error = EFAULT; 9842 sounlock(so); 9843 goto out; 9844 9845 } 9846 create_lock_applied = 1; 9847 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) && 9848 (addr->sa_family == AF_INET6)) { 9849 error = EINVAL; 9850 sounlock(so); 9851 goto out; 9852 } 9853 } 9854 /* now we must find the assoc */ 9855 if (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) { 9856 SCTP_INP_RLOCK(inp); 9857 stcb = LIST_FIRST(&inp->sctp_asoc_list); 9858 if (stcb == NULL) { 9859 SCTP_INP_RUNLOCK(inp); 9860 error = ENOTCONN; 9861 sounlock(so); 9862 goto out; 9863 } 9864 SCTP_TCB_LOCK(stcb); 9865 SCTP_INP_RUNLOCK(inp); 9866 net = stcb->asoc.primary_destination; 9867 } 9868 #ifdef SCTP_DEBUG 9869 printf("sctp_sosend: get control\n"); 9870 #endif 9871 /* get control */ 9872 if (control) { 9873 /* process cmsg snd/rcv info (maybe a assoc-id) */ 9874 if (sctp_find_cmsg(SCTP_SNDRCV, (void *)&srcv, control, 9875 sizeof(srcv))) { 9876 /* got one */ 9877 if (srcv.sinfo_flags & MSG_SENDALL) { 9878 /* its a sendall */ 9879 sctppcbinfo.mbuf_track--; 9880 sctp_m_freem(control); 9881 9882 if (create_lock_applied) { 9883 SCTP_ASOC_CREATE_UNLOCK(inp); 9884 create_lock_applied = 0; 9885 } 9886 return (sctp_sendall(inp, uio, top, &srcv)); 9887 } 9888 use_rcvinfo = 1; 9889 } 9890 } 9891 #ifdef SCTP_DEBUG 9892 printf("sctp_sosend: doing lookup\n"); 9893 #endif 9894 if (stcb == NULL) { 9895 /* Need to do a lookup */ 9896 if (use_rcvinfo && srcv.sinfo_assoc_id) { 9897 stcb = sctp_findassociation_ep_asocid(inp, srcv.sinfo_assoc_id); 9898 /* 9899 * Question: Should I error here if the assoc_id is 9900 * no longer valid? i.e. I can't find it? 9901 */ 9902 if ((stcb) && 9903 (addr != NULL)) { 9904 /* Must locate the net structure */ 9905 net = sctp_findnet(stcb, addr); 9906 } 9907 } 9908 if (stcb == NULL) { 9909 if (addr != NULL) { 9910 /* Since we did not use findep we must 9911 * increment it, and if we don't find a 9912 * tcb decrement it. 9913 */ 9914 SCTP_INP_WLOCK(inp); 9915 SCTP_INP_INCR_REF(inp); 9916 SCTP_INP_WUNLOCK(inp); 9917 stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL); 9918 if (stcb == NULL) { 9919 SCTP_INP_WLOCK(inp); 9920 SCTP_INP_DECR_REF(inp); 9921 SCTP_INP_WUNLOCK(inp); 9922 } 9923 } 9924 } 9925 } 9926 if ((stcb == NULL) && 9927 (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)) { 9928 error = ENOTCONN; 9929 sounlock(so); 9930 goto out; 9931 } else if ((stcb == NULL) && (addr == NULL)) { 9932 error = ENOENT; 9933 sounlock(so); 9934 goto out; 9935 } else if (stcb == NULL) { 9936 /* UDP style, we must go ahead and start the INIT process */ 9937 if ((use_rcvinfo) && 9938 (srcv.sinfo_flags & MSG_ABORT)) { 9939 /* User asks to abort a non-existant asoc */ 9940 error = ENOENT; 9941 sounlock(so); 9942 goto out; 9943 } 9944 /* get an asoc/stcb struct */ 9945 stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0); 9946 if (stcb == NULL) { 9947 /* Error is setup for us in the call */ 9948 sounlock(so); 9949 goto out; 9950 } 9951 if (create_lock_applied) { 9952 SCTP_ASOC_CREATE_UNLOCK(inp); 9953 create_lock_applied = 0; 9954 } else { 9955 printf("Huh-3? create lock should have been on??\n"); 9956 } 9957 /* Turn on queue only flag to prevent data from being sent */ 9958 queue_only = 1; 9959 asoc = &stcb->asoc; 9960 asoc->state = SCTP_STATE_COOKIE_WAIT; 9961 SCTP_GETTIME_TIMEVAL(&asoc->time_entered); 9962 if (control) { 9963 /* see if a init structure exists in cmsg headers */ 9964 struct sctp_initmsg initm; 9965 int i; 9966 if (sctp_find_cmsg(SCTP_INIT, (void *)&initm, control, sizeof(initm))) { 9967 /* we have an INIT override of the default */ 9968 if (initm.sinit_max_attempts) 9969 asoc->max_init_times = initm.sinit_max_attempts; 9970 if (initm.sinit_num_ostreams) 9971 asoc->pre_open_streams = initm.sinit_num_ostreams; 9972 if (initm.sinit_max_instreams) 9973 asoc->max_inbound_streams = initm.sinit_max_instreams; 9974 if (initm.sinit_max_init_timeo) 9975 asoc->initial_init_rto_max = initm.sinit_max_init_timeo; 9976 if (asoc->streamoutcnt < asoc->pre_open_streams) { 9977 /* Default is NOT correct */ 9978 #ifdef SCTP_DEBUG 9979 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 9980 printf("Ok, defout:%d pre_open:%d\n", 9981 asoc->streamoutcnt, asoc->pre_open_streams); 9982 } 9983 #endif 9984 free(asoc->strmout, M_PCB); 9985 asoc->strmout = NULL; 9986 asoc->streamoutcnt = asoc->pre_open_streams; 9987 9988 /* What happesn if this fails? .. we panic ...*/ 9989 asoc->strmout = malloc( 9990 asoc->streamoutcnt * 9991 sizeof(struct sctp_stream_out), 9992 M_PCB, M_WAIT); 9993 for (i = 0; i < asoc->streamoutcnt; i++) { 9994 /* 9995 * inbound side must be set to 0xffff, 9996 * also NOTE when we get the INIT-ACK 9997 * back (for INIT sender) we MUST 9998 * reduce the count (streamoutcnt) but 9999 * first check if we sent to any of the 10000 * upper streams that were dropped (if 10001 * some were). Those that were dropped 10002 * must be notified to the upper layer 10003 * as failed to send. 10004 */ 10005 asoc->strmout[i].next_sequence_sent = 0x0; 10006 TAILQ_INIT(&asoc->strmout[i].outqueue); 10007 asoc->strmout[i].stream_no = i; 10008 asoc->strmout[i].next_spoke.tqe_next = 0; 10009 asoc->strmout[i].next_spoke.tqe_prev = 0; 10010 } 10011 } 10012 } 10013 10014 } 10015 /* out with the INIT */ 10016 queue_only_for_init = 1; 10017 sctp_send_initiate(inp, stcb); 10018 /* 10019 * we may want to dig in after this call and adjust the MTU 10020 * value. It defaulted to 1500 (constant) but the ro structure 10021 * may now have an update and thus we may need to change it 10022 * BEFORE we append the message. 10023 */ 10024 net = stcb->asoc.primary_destination; 10025 asoc = &stcb->asoc; 10026 } else { 10027 asoc = &stcb->asoc; 10028 } 10029 if (create_lock_applied) { 10030 SCTP_ASOC_CREATE_UNLOCK(inp); 10031 create_lock_applied = 0; 10032 } 10033 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || 10034 (SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_ECHOED)) { 10035 queue_only = 1; 10036 } 10037 if (use_rcvinfo == 0) { 10038 /* Grab the default stuff from the asoc */ 10039 srcv = stcb->asoc.def_send; 10040 } 10041 /* we are now done with all control */ 10042 if (control) { 10043 sctp_m_freem(control); 10044 control = NULL; 10045 } 10046 10047 if ((SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) || 10048 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_RECEIVED) || 10049 (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_ACK_SENT) || 10050 (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) { 10051 if ((use_rcvinfo) && 10052 (srcv.sinfo_flags & MSG_ABORT)) { 10053 ; 10054 } else { 10055 error = ECONNRESET; 10056 sounlock(so); 10057 goto out; 10058 } 10059 } 10060 /* Ok, we will attempt a msgsnd :> */ 10061 #if 0 /* XXX */ 10062 if (p) 10063 p->p_stats->p_ru.ru_msgsnd++; 10064 #endif 10065 10066 if (stcb) { 10067 if (net && ((srcv.sinfo_flags & MSG_ADDR_OVER))) { 10068 /* we take the override or the unconfirmed */ 10069 ; 10070 } else { 10071 net = stcb->asoc.primary_destination; 10072 } 10073 } 10074 10075 #ifdef SCTP_DEBUG 10076 printf("sctp_sosend: before copying in %p\n", top); 10077 #endif 10078 if (top == NULL) { 10079 /* Must copy it all in from user land. The 10080 * socket buf is locked but we don't suspend 10081 * protocol processing until we are ready to 10082 * send/queue it. 10083 */ 10084 sounlock(so); 10085 #ifdef SCTP_DEBUG 10086 printf("sctp_sosend: before cii\n"); 10087 #endif 10088 error = sctp_copy_it_in(inp, stcb, asoc, net, &srcv, uio, flags); 10089 #ifdef SCTP_DEBUG 10090 printf("sctp_sosend: after cii\n"); 10091 #endif 10092 if (error) 10093 goto out; 10094 } else { 10095 /* Here we must either pull in the user data to chunk 10096 * buffers, or use top to do a msg_append. 10097 */ 10098 error = sctp_msg_append(stcb, net, top, &srcv, flags); 10099 sounlock(so); 10100 if (error) 10101 goto out; 10102 /* zap the top since it is now being used */ 10103 top = 0; 10104 } 10105 #ifdef SCTP_DEBUG 10106 printf("sctp_sosend: after copying in\n"); 10107 #endif 10108 if (net->flight_size > net->cwnd) { 10109 sctp_pegs[SCTP_SENDTO_FULL_CWND]++; 10110 queue_only = 1; 10111 10112 } else if (asoc->ifp_had_enobuf) { 10113 sctp_pegs[SCTP_QUEONLY_BURSTLMT]++; 10114 queue_only = 1; 10115 } else { 10116 un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) + 10117 ((stcb->asoc.chunks_on_out_queue - stcb->asoc.total_flight_count) * sizeof(struct sctp_data_chunk)) + 10118 SCTP_MED_OVERHEAD); 10119 10120 if (((inp->sctp_flags & SCTP_PCB_FLAGS_NODELAY) == 0) && 10121 (stcb->asoc.total_flight > 0) && 10122 (un_sent < (int)stcb->asoc.smallest_mtu)) { 10123 10124 /* Ok, Nagle is set on and we have data outstanding. Don't 10125 * send anything and let SACKs drive out the data unless we 10126 * have a "full" segment to send. 10127 */ 10128 sctp_pegs[SCTP_NAGLE_NOQ]++; 10129 queue_only = 1; 10130 } else { 10131 sctp_pegs[SCTP_NAGLE_OFF]++; 10132 } 10133 } 10134 if (queue_only_for_init) { 10135 /* It is possible to have a turn around of the 10136 * INIT/INIT-ACK/COOKIE before I have a chance to 10137 * copy in the data. In such a case I DO want to 10138 * send it out by reversing the queue only flag. 10139 */ 10140 if ((SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_WAIT) || 10141 (SCTP_GET_STATE(asoc) != SCTP_STATE_COOKIE_ECHOED)) { 10142 /* yep, reverse it */ 10143 queue_only = 0; 10144 } 10145 } 10146 10147 #ifdef SCTP_DEBUG 10148 printf("sctp_sosend: before sending chunk\n"); 10149 #endif 10150 if ((queue_only == 0) && (stcb->asoc.peers_rwnd && un_sent)) { 10151 /* we can attempt to send too.*/ 10152 #ifdef SCTP_DEBUG 10153 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 10154 printf("USR Send calls sctp_chunk_output\n"); 10155 } 10156 #endif 10157 solock(so); 10158 sctp_pegs[SCTP_OUTPUT_FRM_SND]++; 10159 sctp_chunk_output(inp, stcb, 0); 10160 sounlock(so); 10161 } else if ((queue_only == 0) && 10162 (stcb->asoc.peers_rwnd == 0) && 10163 (stcb->asoc.total_flight == 0)) { 10164 /* We get to have a probe outstanding */ 10165 solock(so); 10166 sctp_from_user_send = 1; 10167 sctp_chunk_output(inp, stcb, 0); 10168 sctp_from_user_send = 0; 10169 sounlock(so); 10170 10171 } else if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue)) { 10172 int num_out, reason, cwnd_full; 10173 /* Here we do control only */ 10174 solock(so); 10175 sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, 10176 &reason, 1, &cwnd_full, 1, &now, &now_filled); 10177 sounlock(so); 10178 } 10179 #ifdef SCTP_DEBUG 10180 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 10181 printf("USR Send complete qo:%d prw:%d unsent:%d tf:%d cooq:%d toqs:%d \n", 10182 queue_only, stcb->asoc.peers_rwnd, un_sent, 10183 stcb->asoc.total_flight, stcb->asoc.chunks_on_out_queue, 10184 stcb->asoc.total_output_queue_size); 10185 } 10186 #endif 10187 out: 10188 if (create_lock_applied) { 10189 SCTP_ASOC_CREATE_UNLOCK(inp); 10190 create_lock_applied = 0; 10191 } 10192 if (stcb) { 10193 SCTP_TCB_UNLOCK(stcb); 10194 } 10195 if (top) 10196 sctp_m_freem(top); 10197 if (control) 10198 sctp_m_freem(control); 10199 return (error); 10200 } 10201