xref: /onnv-gate/usr/src/uts/common/inet/sctp/sctp_shutdown.c (revision 11042)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#include <sys/types.h>
#include <sys/systm.h>
#include <sys/stream.h>
#include <sys/ddi.h>
#include <sys/sunddi.h>
#include <sys/strsubr.h>
#include <sys/strsun.h>

#include <netinet/in.h>
#include <netinet/ip6.h>

#include <inet/ipsec_impl.h>
#include <inet/common.h>
#include <inet/ip.h>
#include <inet/ip6.h>
#include <inet/mib2.h>
#include <inet/nd.h>
#include <inet/optcom.h>
#include <inet/sctp_ip.h>
#include <inet/ipclassifier.h>
#include "sctp_impl.h"

void
sctp_send_shutdown(sctp_t *sctp, int rexmit)
{
	mblk_t *smp;
	mblk_t *sendmp;
	sctp_chunk_hdr_t *sch;
	uint32_t *ctsn;
	sctp_faddr_t *fp;
	sctp_stack_t	*sctps = sctp->sctp_sctps;

	if (sctp->sctp_state != SCTPS_ESTABLISHED &&
	    sctp->sctp_state != SCTPS_SHUTDOWN_PENDING &&
	    sctp->sctp_state != SCTPS_SHUTDOWN_SENT) {
		return;
	}

	if (sctp->sctp_state == SCTPS_ESTABLISHED) {
		sctp->sctp_state = SCTPS_SHUTDOWN_PENDING;
		/*
		 * We set an upper bound on how long we will
		 * wait for a shutdown-ack from the peer. This
		 * is to prevent the receiver from attempting
		 * to create a half-closed state indefinately.
		 * See archive from IETF TSVWG mailing list
		 * for June 2001 for more information.
		 * Since we will not be calculating RTTs after
		 * sending the shutdown, we can overload out_time
		 * to track how long we have waited.
		 */
		sctp->sctp_out_time = lbolt64;
	}

	/*
	 * If there is unsent (or unacked) data, wait for it to get ack'd
	 */
	if (sctp->sctp_xmit_head != NULL || sctp->sctp_xmit_unsent != NULL) {
		return;
	}

	/* rotate faddrs if we are retransmitting */
	if (!rexmit) {
		fp = sctp->sctp_current;
	} else {
		fp = sctp_rotate_faddr(sctp, sctp->sctp_shutdown_faddr);
	}

	sctp->sctp_shutdown_faddr = fp;

	/* Link in a SACK if resending the shutdown */
	if (sctp->sctp_state > SCTPS_SHUTDOWN_PENDING &&
	    (sendmp = sctp_make_sack(sctp, fp, NULL)) != NULL) {

		smp = allocb(sizeof (*sch) + sizeof (*ctsn), BPRI_MED);
		if (smp == NULL) {
			freemsg(sendmp);
			goto done;
		}
		linkb(sendmp, smp);

		sch = (sctp_chunk_hdr_t *)smp->b_rptr;
		smp->b_wptr = smp->b_rptr + sizeof (*sch) + sizeof (*ctsn);
	} else {
		sendmp = sctp_make_mp(sctp, fp,
		    sizeof (*sch) + sizeof (*ctsn));
		if (sendmp == NULL) {
			SCTP_KSTAT(sctps, sctp_send_shutdown_failed);
			goto done;
		}
		sch = (sctp_chunk_hdr_t *)sendmp->b_wptr;
		sendmp->b_wptr += sizeof (*sch) + sizeof (*ctsn);

		/* shutdown w/o sack, update lastacked */
		sctp->sctp_lastacked = sctp->sctp_ftsn - 1;
	}

	sch->sch_id = CHUNK_SHUTDOWN;
	sch->sch_flags = 0;
	sch->sch_len = htons(sizeof (*sch) + sizeof (*ctsn));

	ctsn = (uint32_t *)(sch + 1);
	*ctsn = htonl(sctp->sctp_lastacked);

	/* Link the shutdown chunk in after the IP/SCTP header */

	BUMP_LOCAL(sctp->sctp_obchunks);

	/* Send the shutdown and restart the timer */
	sctp_set_iplen(sctp, sendmp, fp->ixa);
	(void) conn_ip_output(sendmp, fp->ixa);
	BUMP_LOCAL(sctp->sctp_opkts);

done:
	sctp->sctp_state = SCTPS_SHUTDOWN_SENT;
	SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current,
	    sctp->sctp_current->rto);
}

int
sctp_shutdown_received(sctp_t *sctp, sctp_chunk_hdr_t *sch, boolean_t crwsd,
    boolean_t rexmit, sctp_faddr_t *fp)
{
	mblk_t *samp;
	sctp_chunk_hdr_t *sach;
	uint32_t *tsn;
	int trysend = 0;
	sctp_stack_t	*sctps = sctp->sctp_sctps;

	if (sctp->sctp_state != SCTPS_SHUTDOWN_ACK_SENT)
		sctp->sctp_state = SCTPS_SHUTDOWN_RECEIVED;

	/* Extract and process the TSN in the shutdown chunk */
	if (sch != NULL) {
		tsn = (uint32_t *)(sch + 1);
		trysend = sctp_cumack(sctp, ntohl(*tsn), &samp);
	}

	/* Don't allow sending new data */
	if (!SCTP_IS_DETACHED(sctp) && !sctp->sctp_ulp_discon_done) {
		sctp->sctp_ulp_opctl(sctp->sctp_ulpd, SOCK_OPCTL_SHUT_SEND, 0);
		sctp->sctp_ulp_discon_done = B_TRUE;
	}

	/*
	 * If there is unsent or unacked data, try sending them out now.
	 * The other side should acknowledge them.  After we have flushed
	 * the transmit queue, we can complete the shutdown sequence.
	 */
	if (sctp->sctp_xmit_head != NULL || sctp->sctp_xmit_unsent != NULL)
		return (1);

	if (fp == NULL) {
		/* rotate faddrs if we are retransmitting */
		if (!rexmit)
			fp = sctp->sctp_current;
		else
			fp = sctp_rotate_faddr(sctp, sctp->sctp_shutdown_faddr);
	}
	sctp->sctp_shutdown_faddr = fp;

	samp = sctp_make_mp(sctp, fp, sizeof (*sach));
	if (samp == NULL) {
		SCTP_KSTAT(sctps, sctp_send_shutdown_ack_failed);
		goto dotimer;
	}

	sach = (sctp_chunk_hdr_t *)samp->b_wptr;
	sach->sch_id = CHUNK_SHUTDOWN_ACK;
	sach->sch_flags = 0;
	sach->sch_len = htons(sizeof (*sach));

	samp->b_wptr += sizeof (*sach);

	/*
	 * bundle a "cookie received while shutting down" error if
	 * the caller asks for it.
	 */
	if (crwsd) {
		mblk_t *errmp;

		errmp = sctp_make_err(sctp, SCTP_ERR_COOKIE_SHUT, NULL, 0);
		if (errmp != NULL) {
			linkb(samp, errmp);
			BUMP_LOCAL(sctp->sctp_obchunks);
		}
	}

	BUMP_LOCAL(sctp->sctp_obchunks);

	sctp_set_iplen(sctp, samp, fp->ixa);
	(void) conn_ip_output(samp, fp->ixa);
	BUMP_LOCAL(sctp->sctp_opkts);

dotimer:
	sctp->sctp_state = SCTPS_SHUTDOWN_ACK_SENT;
	SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current,
	    sctp->sctp_current->rto);

	return (trysend);
}

void
sctp_shutdown_complete(sctp_t *sctp)
{
	mblk_t *scmp;
	sctp_chunk_hdr_t *scch;
	sctp_stack_t	*sctps = sctp->sctp_sctps;

	scmp = sctp_make_mp(sctp, sctp->sctp_current, sizeof (*scch));
	if (scmp == NULL) {
		/* XXX use timer approach */
		SCTP_KSTAT(sctps, sctp_send_shutdown_comp_failed);
		return;
	}

	scch = (sctp_chunk_hdr_t *)scmp->b_wptr;
	scch->sch_id = CHUNK_SHUTDOWN_COMPLETE;
	scch->sch_flags = 0;
	scch->sch_len = htons(sizeof (*scch));

	scmp->b_wptr += sizeof (*scch);

	BUMP_LOCAL(sctp->sctp_obchunks);

	sctp_set_iplen(sctp, scmp, sctp->sctp_current->ixa);
	(void) conn_ip_output(scmp, sctp->sctp_current->ixa);
	BUMP_LOCAL(sctp->sctp_opkts);
}

/*
 * Similar to sctp_shutdown_complete(), except that since this
 * is out-of-the-blue, we can't use an sctp's association information,
 * and instead must draw all necessary info from the incoming packet.
 */
void
sctp_ootb_shutdown_ack(mblk_t *mp, uint_t ip_hdr_len, ip_recv_attr_t *ira,
    ip_stack_t *ipst)
{
	boolean_t		isv4;
	ipha_t			*ipha = NULL;
	ip6_t			*ip6h = NULL;
	sctp_hdr_t		*insctph;
	sctp_chunk_hdr_t	*scch;
	int			i;
	uint16_t		port;
	mblk_t			*mp1;
	netstack_t		*ns = ipst->ips_netstack;
	sctp_stack_t		*sctps = ns->netstack_sctp;
	ip_xmit_attr_t		ixas;

	bzero(&ixas, sizeof (ixas));

	isv4 = (IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION);

	ASSERT(MBLKL(mp) >= sizeof (*insctph) + sizeof (*scch) +
	    (isv4 ? sizeof (ipha_t) : sizeof (ip6_t)));

	/*
	 * Check to see if we can reuse the incoming mblk.  There should
	 * not be other reference. Since this packet comes from below,
	 * there should be enough header space to fill in what the lower
	 * layers want to add.
	 */
	if (DB_REF(mp) != 1) {
		mp1 = allocb(MBLKL(mp) + sctps->sctps_wroff_xtra, BPRI_MED);
		if (mp1 == NULL) {
			freeb(mp);
			return;
		}
		mp1->b_rptr += sctps->sctps_wroff_xtra;
		mp1->b_wptr = mp1->b_rptr + MBLKL(mp);
		bcopy(mp->b_rptr, mp1->b_rptr, MBLKL(mp));
		freeb(mp);
		mp = mp1;
	} else {
		DB_CKSUMFLAGS(mp) = 0;
	}

	ixas.ixa_pktlen = ip_hdr_len + sizeof (*insctph) + sizeof (*scch);
	ixas.ixa_ip_hdr_length = ip_hdr_len;
	/*
	 * We follow the logic in tcp_xmit_early_reset() in that we skip
	 * reversing source route (i.e. replace all IP options with EOL).
	 */
	if (isv4) {
		ipaddr_t	v4addr;

		ipha = (ipha_t *)mp->b_rptr;
		for (i = IP_SIMPLE_HDR_LENGTH; i < (int)ip_hdr_len; i++)
			mp->b_rptr[i] = IPOPT_EOL;
		/* Swap addresses */
		ipha->ipha_length = htons(ixas.ixa_pktlen);
		v4addr = ipha->ipha_src;
		ipha->ipha_src = ipha->ipha_dst;
		ipha->ipha_dst = v4addr;
		ipha->ipha_ident = 0;
		ipha->ipha_ttl = (uchar_t)sctps->sctps_ipv4_ttl;

		ixas.ixa_flags = IXAF_BASIC_SIMPLE_V4;
	} else {
		in6_addr_t	v6addr;

		ip6h = (ip6_t *)mp->b_rptr;
		/* Remove any extension headers assuming partial overlay */
		if (ip_hdr_len > IPV6_HDR_LEN) {
			uint8_t	*to;

			to = mp->b_rptr + ip_hdr_len - IPV6_HDR_LEN;
			ovbcopy(ip6h, to, IPV6_HDR_LEN);
			mp->b_rptr += ip_hdr_len - IPV6_HDR_LEN;
			ip_hdr_len = IPV6_HDR_LEN;
			ip6h = (ip6_t *)mp->b_rptr;
			ip6h->ip6_nxt = IPPROTO_SCTP;
		}
		ip6h->ip6_plen = htons(ixas.ixa_pktlen - IPV6_HDR_LEN);
		v6addr = ip6h->ip6_src;
		ip6h->ip6_src = ip6h->ip6_dst;
		ip6h->ip6_dst = v6addr;
		ip6h->ip6_hops = (uchar_t)sctps->sctps_ipv6_hoplimit;

		ixas.ixa_flags = IXAF_BASIC_SIMPLE_V6;
		if (IN6_IS_ADDR_LINKSCOPE(&ip6h->ip6_dst)) {
			ixas.ixa_flags |= IXAF_SCOPEID_SET;
			ixas.ixa_scopeid = ira->ira_ruifindex;
		}
	}

	insctph = (sctp_hdr_t *)(mp->b_rptr + ip_hdr_len);

	/* Swap ports.  Verification tag is reused. */
	port = insctph->sh_sport;
	insctph->sh_sport = insctph->sh_dport;
	insctph->sh_dport = port;

	/* Lay in the shutdown complete chunk */
	scch = (sctp_chunk_hdr_t *)(insctph + 1);
	scch->sch_id = CHUNK_SHUTDOWN_COMPLETE;
	scch->sch_len = htons(sizeof (*scch));
	scch->sch_flags = 0;

	/* Set the T-bit */
	SCTP_SET_TBIT(scch);

	ixas.ixa_protocol = IPPROTO_SCTP;
	ixas.ixa_zoneid = ira->ira_zoneid;
	ixas.ixa_ipst = ipst;
	ixas.ixa_ifindex = 0;

	if (ira->ira_flags & IRAF_IPSEC_SECURE) {
		/*
		 * Apply IPsec based on how IPsec was applied to
		 * the packet that was out of the blue.
		 */
		if (!ipsec_in_to_out(ira, &ixas, mp, ipha, ip6h)) {
			BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
			/* Note: mp already consumed and ip_drop_packet done */
			return;
		}
	} else {
		/*
		 * This is in clear. The message we are building
		 * here should go out in clear, independent of our policy.
		 */
		ixas.ixa_flags |= IXAF_NO_IPSEC;
	}

	(void) ip_output_simple(mp, &ixas);
	ixa_cleanup(&ixas);
}