History log of /freebsd-head/sys/netinet6/sctp6_usrreq.c
Revision Date Author Comments
3150f61ee2838f5a2af5ea57259a7720452bd5fa 24-Feb-2020 kaktus <kaktus@FreeBSD.org> Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (14 of many)

r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marked).
Use it in preparation for a general review of all nodes.

This is non-functional change that adds annotations to SYSCTL_NODE and
SYSCTL_PROC nodes using one of the soon-to-be-required flags.

Approved by: kib (mentor, blanket)
Differential Revision: https://reviews.freebsd.org/D23639
4e7f425fc9957becb7f3db56f0d7be9455d0c54f 19-Feb-2020 dim <dim@FreeBSD.org> Merge ^/head r358075 through r358130.
7673f8d2b770ed80dc931d3506aa143d279a3b17 18-Feb-2020 tuexen <tuexen@FreeBSD.org> Epochify SCTP.
a972ee3626487694ea77d8f7f6cac2fa284286f5 01-Dec-2019 tuexen <tuexen@FreeBSD.org> Update the hostcache also for PTB messages received for SCTP/IPv6.
The corresponding code for SCTP/IPv4 was introduced in

Submitted by: Julius Flohr
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D22605
c14bf147f477a616a42f067250f5057c96a20d03 01-Dec-2019 bz <bz@FreeBSD.org> Fix m_pullup() problem after removing PULLDOWN_TESTs and KAME EXT_*macros.

r354748-354750 replaced the KAME macros with m_pulldown() calls.
Contrary to the rest of the network stack m_len checks before m_pulldown()
were not put in placed (see r354748).
Put these m_len checks in place for now (to go along with the style of the
network stack since the initial commits). These are not put in for
performance but to avoid an error scenario (even though it also will help
performance at the moment as it avoid allocating an extra mbuf; not because
of the unconditional function call).

The observed error case went like this:
(1) an mbuf with M_EXT arrives and we call m_pullup() unconditionally on it.
(2) m_pullup() will call m_get() unless the requested length is larger than
MHLEN (in which case it'll m_freem() the perfectly fine mbuf) and migrate the
requested length of data and pkthdr into the new mbuf.
(3) If m_get() succeeds, a further m_pullup() call going over MHLEN will fail.
This was observed with failing auto-configuration as an RA packet of
200 bytes exceeded MHLEN and the m_pullup() called from nd6_ra_input()
dropped the mbuf.
(Re-)adding the m_len checks before m_pullup() calls avoids this problems
with mbufs using external storage for now.

MFC after: 3 weeks
Sponsored by: Netflix
1feeff48a55e509c470ba536dbe41046e7e9681b 15-Nov-2019 bz <bz@FreeBSD.org> netinet*: replace IP6_EXTHDR_GET()

In a few places we have IP6_EXTHDR_GET() left in upper layer protocols.
The IP6_EXTHDR_GET() macro might perform an m_pulldown() in case the data
fragment is not contiguous.

Convert these last remaining instances into m_pullup()s instead.
In CARP, for example, we will a few lines later call m_pullup() anyway,
the IPsec code coming from OpenBSD would otherwise have done the m_pullup()
and are copying the data a bit later anyway, so pulling it in seems no
better or worse.

Note: this leaves very few m_pulldown() cases behind in the tree and we
might want to consider removing them as well to make mbuf management
easier again on a path to variable size mbufs, especially given
m_pulldown() still has an issue not re-checking M_WRITEABLE().

Reviewed by: gallatin
MFC after: 8 weeks
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D22335
56626fc5ade27fce46beac7c0baccb52e44b43fa 24-Oct-2019 tuexen <tuexen@FreeBSD.org> Ensure that the flags indicating IPv4/IPv6 are not changed by failing
bind() calls. This would lead to inconsistent state resulting in a panic.
A fix for stable/11 was committed in
An accelerated MFC is planned as discussed with emaste@.

Reported by: syzbot+2609a378d89264ff5a42@syzkaller.appspotmail.com
Obtained from: jtl@
MFC after: 1 day
Sponsored by: Netflix, Inc.
164e0334a407d75a610ec158be8d459d2ecd84b7 13-Oct-2019 tuexen <tuexen@FreeBSD.org> Remove line not needed.

Submitted by: markj@
MFC after: 3 days
d76ac3bf32273c77db7777f784ed668a9bb796fb 05-Aug-2019 tuexen <tuexen@FreeBSD.org> Improve consistency. No functional change.

MFC after: 3 days
f66d5bcdd266eb22421e6f81a8f4530d1627b4a8 02-Aug-2019 bz <bz@FreeBSD.org> IPv6 cleanup: kernel

Finish what was started a few years ago and harmonize IPv6 and IPv4
kernel names. We are down to very few places now that it is feasible
to do the change for everything remaining with causing too much disturbance.

Remove "aliases" for IPv6 names which confusingly could indicate
that we are talking about a different data structure or field or
have two fields, one for each address family.
Try to follow common conventions used in FreeBSD.

* Rename sin6p to sin6 as that is how it is spelt in most places.
* Remove "aliases" (#defines) for:
- in6pcb which really is an inpcb and nothing separate
- sotoin6pcb which is sotoinpcb (as per above)
- in6p_sp which is inp_sp
- in6p_flowinfo which is inp_flow
* Try to use ia6 for in6_addr rather than in6p.
* With all these gone also rename the in6p variables to inp as
that is what we call it in most of the network stack including
parts of netinet6.

The reasons behind this cleanup are that we try to further
unify netinet and netinet6 code where possible and that people
will less ignore one or the other protocol family when doing
code changes as they may not have spotted places due to different
names for the same thing.

No functional changes.

Discussed with: tuexen (SCTP changes)
MFC after: 3 months
Sponsored by: Netflix
eabf786dc9c015d4ee05338eb165c81f518e9074 14-Jul-2019 tuexen <tuexen@FreeBSD.org> When calling sctp_initialize_auth_params(), the inp must have at
least a read lock. To avoid more complex locking dances, just
call it in sctp_aloc_assoc() when the write lock is still held.

Reported by: syzbot+08a486f7e6966f1c3cfb@syzkaller.appspotmail.com
MFC after: 1 week
f64223beb5df8aca8309ecfac18995a8e8e73682 14-Aug-2018 tuexen <tuexen@FreeBSD.org> Use a macro to set the assoc state. I missed this in r337706.
9bf2bb1b21ce47c75e9d5363e47feb086b792f68 19-Jul-2018 tuexen <tuexen@FreeBSD.org> Whitespace changes due to changes in ident.
14de4a3d5b5754bcef67f9b0392b39f91f8a5adc 19-Jul-2018 tuexen <tuexen@FreeBSD.org> Revert https://svnweb.freebsd.org/changeset/base/336503
since I also ran the export script with different parameters.
58102436318f7b0fd8d0019d8caefdf54ab2de96 19-Jul-2018 tuexen <tuexen@FreeBSD.org> Whitespace changes due to change if ident.
c3e1813aee52a6548a0f2fa9df6ffd61f928bdb9 08-Apr-2018 tuexen <tuexen@FreeBSD.org> Fix a logical inversion bug.

Thanks to Irene Ruengeler for finding and reporting this bug.

MFC after: 3 days
dbe62654cb35026bca19bfe5da55358fa11f55ab 07-Dec-2017 tuexen <tuexen@FreeBSD.org> Retire SCTP_WITH_NO_CSUM option.

This option was used in the early days to allow performance measurements
extrapolating the use of SCTP checksum offloading. Since this feature
is now available, get rid of this option.
This also un-breaks the LINT kernel. Thanks to markj@ for making me
aware of the problem.
4736ccfd9c3411d50371d7f21f9450a47c19047e 20-Nov-2017 pfg <pfg@FreeBSD.org> sys: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2731e7ec9f95ffafc904756f96899c417e0dca74 03-Nov-2017 tuexen <tuexen@FreeBSD.org> Allow the setting of the MTU for future paths using an SCTP socket option.
This functionality was missing.

MFC after: 1 week
4708667a1c35eb1fedd7f1099f966e08b06113dc 09-Sep-2017 tuexen <tuexen@FreeBSD.org> Fix a locking issue found by Coverity scanning the usrsctp library.

MFC after: 3 days
425c1c5a8c4064a1c2b2d10e8a2a0e5bfd7c1eb4 19-Jul-2017 tuexen <tuexen@FreeBSD.org> Use memset/memcpy instead of bzero/bcopy.

Just use one variant instead of both. Use the memset/memcpy
ones since they cause less problems in crossplatform deployment.

MFC after: 1 week
72585cfb69e9d3d7c921d32c7e20f1edcce7a043 26-Apr-2017 tuexen <tuexen@FreeBSD.org> Fix an issue with MTU calculation if an ICMP messaeg is received
for an SCTP/UDP packet.

MFC after: 1 week
fcb532bf043f98f75489d24210c536f4897c32e1 26-Apr-2017 tuexen <tuexen@FreeBSD.org> Use consistently uint32_t for mtu values.

This does not change functionality, but this cleanup is need for further
improvements of ICMP handling.

MFC after: 1 week
5a443cfa6c94b132c1d7f182acb26bd278d7f6ee 13-Feb-2017 ae <ae@FreeBSD.org> Remove IPsec related PCB code from SCTP.

The inpcb structure has inp_sp pointer that is initialized by
ipsec_init_pcbpolicy() function. This pointer keeps strorage for IPsec
security policies associated with a specific socket.
An application can use IP_IPSEC_POLICY and IPV6_IPSEC_POLICY socket
options to configure these security policies. Then ip[6]_output()
uses inpcb pointer to specify that an outgoing packet is associated
with some socket. And IPSEC_OUTPUT() method can use a security policy
stored in the inp_sp. For inbound packet the protocol-specific input
routine uses IPSEC_CHECK_POLICY() method to check that a packet conforms
to inbound security policy configured in the inpcb.

SCTP protocol doesn't specify inpcb for ip[6]_output() when it sends
packets. Thus IPSEC_OUTPUT() method does not consider such packets as
associated with some socket and can not apply security policies
from inpcb, even if they are configured. Since IPSEC_CHECK_POLICY()
method is called from protocol-specific input routine, it can specify
inpcb pointer and associated with socket inbound policy will be
checked. But there are two problems:
1. Such check is asymmetric, becasue we can not apply security policy
from inpcb for outgoing packet.
2. IPSEC_CHECK_POLICY() expects that caller holds INPCB lock and
access to inp_sp is protected. But for SCTP this is not correct,
becasue SCTP uses own locks to protect inpcb.

To fix these problems remove IPsec related PCB code from SCTP.
This imply that IP_IPSEC_POLICY and IPV6_IPSEC_POLICY socket options
will be not applicable to SCTP sockets. To be able correctly check
inbound security policies for SCTP, mark its protocol header with
the PR_LASTHDR flag.

Reported by: tuexen
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D9538
0fb6ad528e5c3b098a7410f8f804d39fcd21ee10 06-Feb-2017 ae <ae@FreeBSD.org> Merge projects/ipsec into head/.

Small summary

o Almost all IPsec releated code was moved into sys/netipsec.
o New kernel modules added: ipsec.ko and tcpmd5.ko. New kernel
option IPSEC_SUPPORT added. It enables support for loading
and unloading of ipsec.ko and tcpmd5.ko kernel modules.
o IPSEC_NAT_T option was removed. Now NAT-T support is enabled by
default. The UDP_ENCAP_ESPINUDP_NON_IKE encapsulation type
support was removed. Added TCP/UDP checksum handling for
inbound packets that were decapsulated by transport mode SAs.
setkey(8) modified to show run-time NAT-T configuration of SA.
o New network pseudo interface if_ipsec(4) added. For now it is
build as part of ipsec.ko module (or with IPSEC kernel).
It implements IPsec virtual tunnels to create route-based VPNs.
o The network stack now invokes IPsec functions using special
methods. The only one header file <netipsec/ipsec_support.h>
should be included to declare all the needed things to work
with IPsec.
o All IPsec protocols handlers (ESP/AH/IPCOMP protosw) were removed.
Now these protocols are handled directly via IPsec methods.
o TCP_SIGNATURE support was reworked to be more close to RFC.
o PF_KEY SADB was reworked:
- now all security associations stored in the single SPI namespace,
and all SAs MUST have unique SPI.
- several hash tables added to speed up lookups in SADB.
- SADB now uses rmlock to protect access, and concurrent threads
can do SA lookups in the same time.
- many PF_KEY message handlers were reworked to reflect changes
in SADB.
- SADB_UPDATE message was extended to support new PF_KEY headers:
can be used by IKE daemon to change SA addresses.
o ipsecrequest and secpolicy structures were cardinally changed to
avoid locking protection for ipsecrequest. Now we support
only limited number (4) of bundled SAs, but they are supported
for both INET and INET6.
o INPCB security policy cache was introduced. Each PCB now caches
used security policies to avoid SP lookup for each packet.
o For inbound security policies added the mode, when the kernel does
check for full history of applied IPsec transforms.
o References counting rules for security policies and security
associations were changed. The proper SA locking added into xform
o xform code was also changed. Now it is possible to unregister xforms.
tdb_xxx structures were changed and renamed to reflect changes in
SADB/SPDB, and changed rules for locking and refcounting.

Reviewed by: gnn, wblock
Obtained from: Yandex LLC
Relnotes: yes
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D9352
6266aedc706d1573a20543c3f1fec59b07619689 26-Dec-2016 tuexen <tuexen@FreeBSD.org> Whitespace changes.

The toolchain for processing the sources has been updated. No functional

MFC after: 3 days
ae1856036a92c5d5652434b4aadcb2971ab88df4 06-Dec-2016 tuexen <tuexen@FreeBSD.org> Whitespace changes.

The tools using to generate the sources has been updated and produces
different whitespaces. Commit this seperately to avoid intermixing
these with real code changes.

MFC after: 3 days
c2c8b26056f49e8e24af3791edca02ef39e09166 23-Jun-2016 tuexen <tuexen@FreeBSD.org> Don't consider the socket when processing an incoming ICMP/ICMP6 packet,
which was triggered by an SCTP packet. Whether a socket exists, is just
not relevant.

Approved by: re (kib)
MFC after: 1 week
00d578928eca75be320b36d37543a7e2a4f9fbdb 27-May-2016 grehan <grehan@FreeBSD.org> Create branch for bhyve graphics import.
a750782f5b6e0266c1cd886730eb92ecc2d3d6a7 01-May-2016 tuexen <tuexen@FreeBSD.org> When a client uses UDP encapsulation and lists IP addresses in the INIT
chunk, enable UDP encapsulation for all those addresses.
This helps clients using a userland stack to support multihoming if
they are not behind a NAT.

MFC after: 1 week
f78898772ae074bd56c82e718089c92d7c835dc9 18-Apr-2016 tuexen <tuexen@FreeBSD.org> Address issues found by the XCode code analyzer.
42159e8af3a54df2c554353ac5f65d5daed29406 16-Apr-2016 tuexen <tuexen@FreeBSD.org> Fix the ICMP6 handling for SCTP.
Keep the IPv4 code in sync.

MFC after: 1 week
42508cdc2ec9b9ca4ecf78078fe291cce7d3f131 25-Feb-2016 tuexen <tuexen@FreeBSD.org> MFC r295549:
Loopback addresses are, not

MFC r295668:
Improve the teardown of the SCTP stack.

MFC r295670:
Whitespace changes.

MFC r295708:
Address a warning reported by D5245 / PVS.

MFC r295709:
Code cleanup which will silence a warning in PVS / D5245.

MFC r295710:
Add protection code for issues reported by PVS / D5245.

MFC r295771:
Fix reporting of mapped addressed in getpeername() and getsockname() for
IPv6 SCTP sockets.
This bugs were found because of an issue reported by PVS / D5245.

MFC r295772:
Add some protection code.

MFC r295773:
Add protection code.

MFC r295805:
Use the SCTP level pointer, not the interface level.

MFC r295929:
Don't leak an address in an error path.

Approved by: re (marius)
63d9199ac684a4ec295d9512910bac7287ba2b1a 23-Feb-2016 tuexen <tuexen@FreeBSD.org> Don't leak an address in an error path.

CID: 1351729
MFC after: 3 days
3c0af2354081a263340b5455480460477505b337 18-Feb-2016 tuexen <tuexen@FreeBSD.org> Fix reporting of mapped addressed in getpeername() and getsockname() for
IPv6 SCTP sockets.
This bugs were found because of an issue reported by PVS / D5245.
70ab0ed557e2bfba1ee7f7e04ef56422a59c1d78 17-Jan-2016 tuexen <tuexen@FreeBSD.org> MFC r291904:
Fix the allocation of outgoing streams:
* When processing a cookie, use the number of
streams announced in the INIT-ACK.
* When sending an INIT-ACK for an existing
association, use the value from the association,
not from the end-point.
a07b11560ae176eb2f46c8e1b54671fd46fc9457 16-Jan-2016 tuexen <tuexen@FreeBSD.org> MFC r285877:
Move including netinet/icmp6.h around to avoid a problem when including
netinet/icmp6.h and net/netmap.h. Both use ni_flags...
This allows to build multistack with SCTP support.
51f55053b6565d2fe9b61f63460dddc23284a103 14-Jan-2016 glebius <glebius@FreeBSD.org> Verify the packet length in sctp6_input().

The sctp6_ctlinput() function does not properly check the length of the packet
it receives from the ICMP6 input routine. This means that an attacker can craft
a packet that will cause a kernel panic.

When the kernel receives an ICMP6 error message with one of the types/codes
it handles, it calls icmp6_notify_error() to deliver it to the upper-level
protocol. icmp6_notify_error() cycles through the extension headers (if any)
to find the protocol number of the first non-extension header. It does NOT
verify the length of the non-extension header.

It passes information about the packet (including the actual packet) to the
upper-level protocol's pr_ctlinput function. In the case of SCTP for IPv6,
icmp6_notify_error() calls sctp6_ctlinput().

sctp6_ctlinput() assumes that the incoming packet contains a sufficiently-long
SCTP header and calls m_copydata() to extract a copy of that header. In turn,
m_copydata() assumes that the caller has already verified that the offset and
length parameters are correct. If they are incorrect, it will dereference a
NULL pointer and cause a kernel panic.

In short, no one is sufficiently verifying the input, and the result is a
kernel panic.

Submitted by: jtl
Security: SA-16:01.sctp
924e9fd65e75f0b1f25b22443f905c323a489c11 14-Jan-2016 glebius <glebius@FreeBSD.org> o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp]
o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux]
o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux]
o Fix TCP MD5 signature denial of service. [SA-16:05.tcp]
o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd]

Security: FreeBSD-SA-16:01.sctp, CVE-2016-1879
Security: FreeBSD-SA-16:03.linux, CVE-2016-1880
Security: FreeBSD-SA-16:04.linux, CVE-2016-1881
Security: FreeBSD-SA-16:05.tcp, CVE-2016-1882
Security: FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677
23770ab9427614306517b5c1475be90157731cef 06-Dec-2015 tuexen <tuexen@FreeBSD.org> Fix the allocation of outgoing streams:
* When processing a cookie, use the number of
streams announced in the INIT-ACK.
* When sending an INIT-ACK for an existing
association, use the value from the association,
not from the end-point.

MFC after: 1 week
c0e1a0d3a97499489347e17cdc2282028765442b 25-Jul-2015 tuexen <tuexen@FreeBSD.org> Move including netinet/icmp6.h around to avoid a problem when including
netinet/icmp6.h and net/netmap.h. Both use ni_flags...
This allows to build multistack with SCTP support.

MFC after: 1 week
103d48d60e51144677efde9f37ee95451df279b3 20-Jun-2015 tuexen <tuexen@FreeBSD.org> MFC r284515:
Add FIB support for SCTP.
This fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200379

PR: 200379
2af840e2acaee319f0c2468a09fbbad3d1542d12 17-Jun-2015 tuexen <tuexen@FreeBSD.org> Add FIB support for SCTP.
This fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200379

MFC after: 3 days
beb47cc587b26276255649645ab5b87fa39ffd23 31-May-2015 tuexen <tuexen@FreeBSD.org> MFC r283650:

Fix and cleanup the debug information. This has no user-visible changes.
Thanks to Irene Ruengeler for proving a patch.
369d8e1e6804241ccbfbbdfef6485fc03171a6be 29-May-2015 tuexen <tuexen@FreeBSD.org> MFC r276914:

Minimize the usage of SCTP_BUF_IS_EXTENDED.
This should help Robert...
551a3dd3e4681c055c9c2088984999a8dfe55801 29-May-2015 tuexen <tuexen@FreeBSD.org> MFC r275868:

Plug a memory leak in an error code path.

Reported by: Coverity
CID: 1018936
a82f33e60c7dfa71ecd32bfbaf1a5f930fcecb96 28-May-2015 tuexen <tuexen@FreeBSD.org> Fix and cleanup the debug information. This has no user-visible changes.
Thanks to Irene Ruengeler for proving a patch.

MFC after: 3 days
b09afc6f3f088fa610e8e85066b0efc23f29fee1 24-Apr-2015 hiren <hiren@FreeBSD.org> MFC r275358 r275483 r276982 - Removing M_FLOWID by hps@

Start process of removing the use of the deprecated "M_FLOWID" flag
from the FreeBSD network code. The flag is still kept around in the
"sys/mbuf.h" header file, but does no longer have any users. Instead
the "m_pkthdr.rsstype" field in the mbuf structure is now used to
decide the meaning of the "m_pkthdr.flowid" field. To modify the
"m_pkthdr.rsstype" field please use the existing "M_HASHTYPE_XXX"
macros as defined in the "sys/mbuf.h" header file.

This patch introduces new behaviour in the transmit direction.
Previously network drivers checked if "M_FLOWID" was set in "m_flags"
before using the "m_pkthdr.flowid" field. This check has now now been
replaced by checking if "M_HASHTYPE_GET(m)" is different from
"M_HASHTYPE_NONE". In the future more hashtypes will be added, for
example hashtypes for hardware dedicated flows.

"M_HASHTYPE_OPAQUE" indicates that the "m_pkthdr.flowid" value is
valid and has no particular type. This change removes the need for an
"if" statement in TCP transmit code checking for the presence of a
valid flowid value. The "if" statement mentioned above is now a direct
variable assignment which is then later checked by the respective
network drivers like before.

Remove M_FLOWID from SCTP code.

Remove no longer used "M_FLOWID" flag from mbuf.h and update the netisr

Note: The FreeBSD version has been bumped.

Reviewed by: hps, tuexen
Sponsored by: Limelight Networks
c118a100d9383e87b2ea94cdc492d8dd41ce1e25 10-Jan-2015 tuexen <tuexen@FreeBSD.org> Minimize the usage of SCTP_BUF_IS_EXTENDED.
This should help Robert...
2d11eaedd121521cbd979c947a2164976f17b36a 17-Dec-2014 tuexen <tuexen@FreeBSD.org> Plug a memory leak in an error code path.

Reported by: Coverity
CID: 1018936
MFC after: 3 days
48d05792eefd33c1a5930869f2b1879b93285f0a 04-Dec-2014 tuexen <tuexen@FreeBSD.org> This is the SCTP specific companion of
which was provided by Hans Petter Selasky.
b5d711d3a6940afdd3615f7ffc2dcfa3faacd446 09-Nov-2014 melifaro <melifaro@FreeBSD.org> Renove faith(4) and faithd(8) from base. It looks like industry
have chosen different (and more traditional) stateless/statuful
NAT64 as translation mechanism. Last non-trivial commits to both
faith(4) and faithd(8) happened more than 12 years ago, so I assume
it is time to drop RFC3142 in FreeBSD.

No objections from: net@
1a3a68be7ff5adc1189ddd10e93af0cab3a5e51c 18-Sep-2014 tuexen <tuexen@FreeBSD.org> MFC r270673:
Announce SCTP support in the kern.features sysctl variables.

MFC r270859:
Enable SCTP support. It runs perfectly fine on a Wandboard quad.

MFC r271204 with manual intervention:
Fix the handling of sysctl variables when used with VIMAGE.
While there do some cleanup of the code.

MFC r271209:
Fix a leak of an address, if the address is scheduled for removal
and the stack is torn down.
Thanks to Peter Bostroem and Jiayang Liu from Google for reporting the

MFC r271219:
Suggested by: glebius@

MFC r271221:
Use union sctp_sockstore instead of struct sockaddr_storage. This
eliminates some warnings when building in userland.
Thanks to Patrick Laimbock for reporting this issue.
Remove also some unnecessary casts.
There should be no functional change.

MFC r271228:
Address another warnings reported by Patrick Laimbock when compiling
in userspace. While there, improve consistency.

MFC r271230:
Address warnings generated by the clang analyzer.

Approved by: re (kib)
a20e3eb5069a2b0b9f9c7c6b0966dcca45890249 07-Sep-2014 tuexen <tuexen@FreeBSD.org> Use union sctp_sockstore instead of struct sockaddr_storage. This
eliminiates some warnings when building in userland.
Thanks to Patrick Laimbock for reporting this issue.
Remove also some unnecessary casts.
There should be no functional change.

MFC after: 1 week
eb1a5f8de9f7ea602c373a710f531abbf81141c4 21-Feb-2014 gjb <gjb@FreeBSD.org> Move ^/user/gjb/hacking/release-embedded up one directory, and remove
^/user/gjb/hacking since this is likely to be merged to head/ soon.

Sponsored by: The FreeBSD Foundation
6b01bbf146ab195243a8e7d43bb11f8835c76af8 27-Dec-2013 gjb <gjb@FreeBSD.org> Copy head@r259933 -> user/gjb/hacking/release-embedded for initial
inclusion of (at least) arm builds with the release.

Sponsored by: The FreeBSD Foundation
877516e51a1928de8c1d9f1cd1c3e3bf0260e124 21-Nov-2013 tuexen <tuexen@FreeBSD.org> MFC r256556:
Remove a buggy comparision when setting manually the path MTU.
After fixing, the comparision would have become redundant.
Thanks to Andrew Galante for reporting the issue.

MFC r257272:
Fix compilation if SCTP_DONT_DO_PRIVADDR_SCOPE is defined.
The issue was reported by Andrew Galante.

MFC r257274:
Fix the value of *optlen when calling getsockopt() for
This issue was reported by Andrew Galante.

MFC r257359:
Terminate a debug output with a \n.

MFC r257555:
Changes from upstream to improve compilation when INET or INET6
or none of them is defined.

MFC r257574:
Unlock the lock before destroying it.
This issue was reported by Andrew Galante.

MFC r257800:
Use htons()/ntohs() appropriately.
These issues were reported by Andrew Galante.

MFC r257803:
Make sure that we don't try to build an ASCONF-ACK chunk
larger than what fits in the the mbuf cluster.
This issue was reported by Andrew Galante.

MFC r257804:
Get rid of the artification limitation enforced by
This was suggested by Andrew Galante.

MFC r258221:
Cleanups which result in fixes which have been made upstream
and where partially suggested by Andrew Galante.
There is no functional change in FreeBSD.

MFC r258224:
When determining if an address belongs to an stcb, take the address family
into account for wildcard bound endpoints.

MFC r258228:
Remove a stray write operation.

MFC r258235:
Use SCTP_PR_SCTP_TTL when the user provides a positive
timetolive in sctp_sendmsg().

Approved by: re@
d30ae7faf709d97ed1f4df0ecdbdb707efe055b4 02-Nov-2013 tuexen <tuexen@FreeBSD.org> Changes from upstream to improve compilation when INET or INET6
or none of them is defined.

MFC after: 3 days
3869cd403d488d32ae1c8ec7fc404d68eb6f99cd 25-Aug-2013 tuexen <tuexen@FreeBSD.org> Provide human readable debug output.
10b033d327c36903628969f13cfdf968bd104aae 25-Aug-2013 andre <andre@FreeBSD.org> For now limit printf(9) %x of the 64bit pkthdr.csum_flags field to 32bits.
The upper 32bits are not occupied for now.

Sponsored by: The FreeBSD Foundation
6ea39edf934cff6ee443d1e0447b0081574612e5 10-May-2013 tuexen <tuexen@FreeBSD.org> Honor the net.inet6.ip6.v6only sysctl variable and the IPV6_V6ONLY
socket option for SCTP sockets in the same way as for UDP or TCP

MFC after: 2 weeks
9a8531105a4561079ee099a51460bb789ef9cfd1 17-Nov-2012 tuexen <tuexen@FreeBSD.org> Add support for SCTP/UDP/IPV6.
This completes the support of

MFC after: 1 week
2357a49326f12023cbed9f16a7a74841c1e49b97 15-Jul-2012 tuexen <tuexen@FreeBSD.org> Changes which improve compilation if neither INET nor INET6 is defined.

MFC after: 3 days
5895ece053a21721a1371e3a69f09495923140c7 15-Jul-2012 tuexen <tuexen@FreeBSD.org> #ifdef INET and INET6 consistently. This also fixes a bug, where
it was done wrong.

MFC after: 3 days
26a057bce7069299f5055f592e9331e48318f5df 02-Jul-2012 tuexen <tuexen@FreeBSD.org> Move common code parts to sctp_common_input_processing().

MFC after: 3 days
d2f6540a5c0fdb316dfcf20d06919bc46746ce1d 28-Jun-2012 tuexen <tuexen@FreeBSD.org> Pass the src and dst address of a received packet explicitly around.

MFC after: 3 days
108138a99779b4a03621cfa0cb0f187b1ac0b90d 25-Jun-2012 tuexen <tuexen@FreeBSD.org> Unify sctp_input() and sctp6_input().

MFC after: 3 days
6e403ce2d907067180ae6b1a60796853eaf24a34 25-Jun-2012 tuexen <tuexen@FreeBSD.org> Whitespace cleanup.

MFC after: 3 days
c8e30b0c20e501277e9d5e69016ae6f171f1d149 24-Jun-2012 tuexen <tuexen@FreeBSD.org> Pass the packet length explicitly around.

MFC after: 3 days
9f34b53f7b1bf10d6ace1822b7c65622d28d1032 24-Jun-2012 tuexen <tuexen@FreeBSD.org> Do packet logging in a consistent way.

MFC after: 3 days
e8af2861381f0efb48f7fbe22c15024d2f0cbe0d 14-Jun-2012 tuexen <tuexen@FreeBSD.org> Pass flowid explicitly through the stack instead of taking it from
the mbuf chain at different places.
While there: Fix several bugs related to VRFs.

MFC after: 3 days
520d26f3510f067751884cbed2119886a87524f2 26-May-2012 tuexen <tuexen@FreeBSD.org> Get rid of SCTP specific code to avoid CRC32C computations on loopback.
Just just offloading.
MFC after: 3 days
25827ad38231373971b6f50b964c0996497ad3b3 23-May-2012 tuexen <tuexen@FreeBSD.org> Use consistent text at the begining of the files.

MFC after: 3 days
442f3db61555b7388fbeb0b97d82546223679ef8 13-May-2012 tuexen <tuexen@FreeBSD.org> Missed to commit this in r235414.

MFC after: 3 days
abe6735879be578b6996b2fc0ead2dac663118ad 13-May-2012 tuexen <tuexen@FreeBSD.org> Use ECONNABORTED in cases where the ABORT was sent to the peer.

MFC after: 3 days
b3431e25a4b0ce6aa77223ffbcea2ed5d24fa1d6 12-May-2012 tuexen <tuexen@FreeBSD.org> Provide in the association change notification the received ABORT chunk
if case of SCTP_COMM_LOST or SCTP_CANT_STR_ASSOC as required by RFC 6458.

MFC after: 3 days
52199a8cf4cce1391dabf92c2ba55880502d6abe 15-Mar-2012 tuexen <tuexen@FreeBSD.org> Clean up, no functional change.

MFC after: 3 days.
01e294b2fd2f1b4692971fdf73b774bf49e5a3cd 18-Feb-2012 tuexen <tuexen@FreeBSD.org> Remove two clang warnings.

MFC after: 1 month.
ebc0602463d35d7c9e3a52f25d6f9e806d5120dc 08-Jan-2012 tuexen <tuexen@FreeBSD.org> Add an SCTP sysctl "blackhole", similar to the one for TCP.
If set to 1, no ABORT is sent back in response to an incoming
INIT. If set to 2, no ABORT is sent back in response to
an out of the blue packet. If set to 0 (the default), ABORTs
are sent.
Discussed with rrs@.

MFC after: 1 month.
b9ef107414848cd42bfb431cc80e5187bdfb53fa 27-Dec-2011 tuexen <tuexen@FreeBSD.org> Address issues found by clang. While there, fix also some style

MFC after: 3 months.
3a4d069b2199e006b818f29a19b3e36a6621f88a 17-Dec-2011 tuexen <tuexen@FreeBSD.org> Fix unused parameter warnings.
While there, fix some whitespace issues.

MFC after: 3 months.
f47c615e88590b29d88403fce2ef7e0e28e8ecb3 03-Aug-2011 tuexen <tuexen@FreeBSD.org> The result of a joint work between rrs@ and myself at the IETF:
* Decouple the path supervision using a separate HB timer per path.
* Add support for potentially failed state.
* Bring back RTO.min to 1 second.
* Accept packets on IP-addresses already announced via an ASCONF
* While there: do some cleanups.

Approved by: re@
MFC after: 2 months.
a51881ba59b64a8ecc1f846d8b7abcbec1c25a36 03-May-2011 tuexen <tuexen@FreeBSD.org> Remove code with any effect.
ad795d2c5d13224f9b5bfefa5f6896ff66db16a0 30-Apr-2011 tuexen <tuexen@FreeBSD.org> Improve compilation of SCTP code without INET support.
Some bugs where fixed while doing this:
* ASCONF-ACK messages might use wrong port number when using
* Checking for additional addresses takes the correct address
into account and also does not do more comparisons than

This patch is based on one received from bz@ who was
sponsored by The FreeBSD Foundation and iXsystems.

MFC after: 1 week
9ccaf288c9178d6dbdbb001ffec81fa6f7139f57 07-Feb-2011 tuexen <tuexen@FreeBSD.org> Fix bugs related to M_FLOWID:
* Store the flowid when receiving an SCTP/IPv6 packet.
* Store the flowid when receiving an SCTP packet with wrong CRC.
* Initilize flowid correctly.
* Put test code under INVARIANTS.
MFC after: 3 months.
fa5090f1ddeff2b8b1efa2d3c21c5ba6b70e8fba 05-Feb-2011 rrs <rrs@FreeBSD.org> 1) Typo correction in comments and one spacing change.
2) Mass update to all copyrights.
MFC after: 3 Months
c17bd2abe06cae94dd7c76d82b5484b79b746af2 22-Dec-2010 tuexen <tuexen@FreeBSD.org> Improve plausibility check in sctp_handle_sack().
Allow cmt_on_off to support values 0 (no CMT), 1 (CMT), and 2 (CMT/RP).

MFC after: 3 months.
09f9c897d33c41618ada06fbbcf1a9b3812dee53 19-Oct-2010 jamie <jamie@FreeBSD.org> A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.
3f139046bf00a56f3228ed3782e84c36f7cc6e44 15-Sep-2010 tuexen <tuexen@FreeBSD.org> Remove unused variables.

MFC after: 2 weeks.
ff0f13be619dafe05ca0a216f79368d4c793a420 29-Aug-2010 tuexen <tuexen@FreeBSD.org> Fix the the SCTP_WITH_NO_CSUM option when used in combination with
interface supporting CRC offload. While at it, make use of the
feature that the loopback interface provides CRC offloading.

MFC after: 4 weeks
8d90bd696f6ffe32185cc58c210e1cb2b6b40466 28-Aug-2010 tuexen <tuexen@FreeBSD.org> Fix the switching on/off of CMT using sysctl and socket option.
Fix the switching on/off of PF and NR-SACKs using sysctl.
Add minor improvement in handling malloc failures.
Improve the address checks when sending.

MFC after: 4 weeks
2e1be86332f9b403ae1868377134a13a6c9ac8d6 17-Apr-2010 rrs <rrs@FreeBSD.org> MFC of 206137

This is Part III of the great IETF hack-a-thon to fix
the NR-Sack code. (the last one on the cpu options
was a lull.. i.e MFC 205629).. still 2 more to go.
238a37de82c68689f86b353ea628510ea7de86fb 03-Apr-2010 tuexen <tuexen@FreeBSD.org> * Fix some race condition in SACK/NR-SACK processing.
* Fix handling of mapping arrays when draining mbufs or processing
* Cleanup code (no duplicate code anymore for SACKs and NR-SACKs).
Part of this code was developed together with rrs.
MFC after: 2 weeks.
f1216d1f0ade038907195fc114b7e630623b402c 19-Mar-2010 delphij <delphij@FreeBSD.org> Create a custom branch where I will be able to do the merge.
cfdd1d020fb0311f1ce5293dd2feadd185991d1f 07-Dec-2009 tuexen <tuexen@FreeBSD.org> MFC 197288,197326,197327,197328,197342,197914,197929,
This MFCs all SCTP/VNET relevant fixes from head.

Approved by: rrs (mentor)
141877184752e3e13e04478a2f644eb3c8cf861e 17-Sep-2009 rrs <rrs@FreeBSD.org> Support for VNET in SCTP (hopefully)
520c389cb4f290b2acdcff4ed123d33cca39e0d8 03-Feb-2009 rrs <rrs@FreeBSD.org> - Cleanup checksum code.
- Prepare for CRC offloading, add MIB counters (RS/MT).
- Bugfix: Disable CRC computation for IPv6 addresses with local scope (MT).
- Bugfix: Handle close() with SO_LINGER correctly when notifications
are generated during the close() call(MT).
- Bugfix: Generate DRY event when sender is dry during subscription.
Only for 1-to-1 style sockets (RS/MT)
- Bugfix: Put vtags for the correct amount of time into time-wait (MT).
- Bugfix: Clear vtag entries correctly on expiration (MT).
- Bugfix: shutdown() indicates ENOTCONN when called for unconnected
1-to-1 style sockets (MT).
- Bugfix: In sctp Auth code (PL).
- Add support for devices that support SCTP csum offload (igb).
- Add missing sctp_associd to mib sysctl xsctp_tcb structure (RS)
Obtained from: With help from Peter Lei and Michael Tuexen
0f2b9dafa358fb3b64efed4842cd31650ceea672 06-Dec-2008 rrs <rrs@FreeBSD.org> Code from the hack-session known as the IETF (and a
bit of debugging afterwards):
- Fix protection code for notification generation.
- Decouple associd from vtag
- Allow vtags to have less strigent requirements in non-uniqueness.
o don't pre-hash them when you issue one in a cookie.
o Allow duplicates and use addresses and ports to
discriminate amongst the duplicates during lookup.
- Add support for the NAT draft draft-ietf-behave-sctpnat-00, this
is still experimental and needs more extensive testing with the
Jason Butt ipfw changes.
- Support for the SENDER_DRY event to get DTLS in OpenSSL working
with a set of patches from Michael Tuexen (hopefully heading to OpenSSL soon).
- Update the support of SCTP-AUTH by Peter Lei.
- Use macros for refcounting.
- Fix MTU for UDP encapsulation.
- Fix reporting back of unsent data.
- Update assoc send counter handling to be consistent with endpoint sent counter.
- Fix a bug in PR-SCTP.
- Fix so we only send another FWD-TSN when a SACK arrives IF and only
if the adv-peer-ack point progressed. However we still make sure
a timer is running if we do have an adv_peer_ack point.
- Fix PR-SCTP bug where chunks were retransmitted if they are sent
unreliable but not abandoned yet.

With the help of: Michael Teuxen and Peter Lei :-)
MFC after: 4 weeks
cf5320822f93810742e3d4a1ac8202db8482e633 19-Oct-2008 lulf <lulf@FreeBSD.org> - Import the HEAD csup code which is the basis for the cvsmode work.
514ed29cc16f2eec87fbe25719e68d40730c429d 01-Sep-2008 obrien <obrien@FreeBSD.org> MFC: r174510: Clean up VCS Ids.
1626f83289f3a62514e6779f170959dd757dc619 27-Aug-2008 rrs <rrs@FreeBSD.org> *****MFC of r180387
1) Adds the rest of the VIMAGE change macros
2) Adds some __UserSpace__ on some of the common defines that
the user space code needs
3) Fixes a bug when we send up data to a user that failed. We
need to a) trim off the data chunk headers, if present, and
b) make sure the frag bit is communicated properly for the
msgs coming off the stream queues... i.e. we see if some
of the msg has been taken.

Obtained from: jeli contributed the VIMAGE changes on this pass Thanks Julain!
93f244f9a7465413ca999f6b6253a68fa1762e0b 27-Aug-2008 rrs <rrs@FreeBSD.org> ****MFC r179783, r179786 and r179803
- Macro-izes the packed declaration in all headers.
- Vimage prep - these are major restructures to move
all global variables to be accessed via a macro or two.
The variables all go into a single structure.
- Asconf address addition tweaks (add_or_del Interfaces)
- Fix rwnd calcualtion to be more conservative.
- Support SACK_IMMEDIATE flag to skip delayed sack
by demand of peer.
- Comment updates in the sack mapping calculations
- Invarients panic added.
- Pre-support for UDP tunneling (we can do this on
MAC but will need added support from UDP to
get a "pipe" of UDP packets in.
- clear trace buffer sysctl added when local tracing on.
- Fixes foobar on my part. Some missing virtualization macros from
specific logging cases.
From r179803
- only one functino to destroy an SCTP stack sctp_finish()
- Make it so this function also arranges for any threads
created by the image to do a kthread_exit()
e61174aba2d2e207015bebc9a815b52b5361b287 27-Aug-2008 rrs <rrs@FreeBSD.org> *****MFC of r179157
- Adds support for the multi-asconf (From Kozuka-san)
- Adds some prepwork (Not all yet) for vimage in particular
support the delete the sctppcbinfo.xx structs. There is
still a leak in here if it were to be called plus we stil
need the regrouping (From Me and Michael Tuexen)
- Adds support for UDP tunneling. For BSD there is no
socket yet setup so its disabled, but major argument
changes are in here to emcompass the passing of the port
number (zero when you don't have a udp tunnel, the default
for BSD). Will add some hooks in UDP here shortly (discussed
with Robert) that will allow easy tunneling. (Mainly from
Peter Lei and Michael Tuexen with some BSD work from me :-D)
- Some ease for windows, evidently leave is reserved by their
compile move label leave: -> out:
a51aa927fad5ab9ebbb294340935d462f68ee19b 09-Jul-2008 rrs <rrs@FreeBSD.org> 1) Adds the rest of the VIMAGE change macros
2) Adds some __UserSpace__ on some of the common defines that
the user space code needs
3) Fixes a bug when we send up data to a user that failed. We
need to a) trim off the data chunk headers, if present, and
b) make sure the frag bit is communicated properly for the
msgs coming off the stream queues... i.e. we see if some
of the msg has been taken.

Obtained from: jeli contributed the VIMAGE changes on this pass Thanks Julain!
7782c49376b2a6dea979e4c270f324a1771d1a7a 14-Jun-2008 rrs <rrs@FreeBSD.org> - Macro-izes the packed declaration in all headers.
- Vimage prep - these are major restructures to move
all global variables to be accessed via a macro or two.
The variables all go into a single structure.
- Asconf address addition tweaks (add_or_del Interfaces)
- Fix rwnd calcualtion to be more conservative.
- Support SACK_IMMEDIATE flag to skip delayed sack
by demand of peer.
- Comment updates in the sack mapping calculations
- Invarients panic added.
- Pre-support for UDP tunneling (we can do this on
MAC but will need added support from UDP to
get a "pipe" of UDP packets in.
- clear trace buffer sysctl added when local tracing on.

Note the majority of this huge patch is all the vimage prep stuff :-)
8a663465644dd0d19159348afb69bb2462822ed1 20-May-2008 rrs <rrs@FreeBSD.org> - Adds support for the multi-asconf (From Kozuka-san)
- Adds some prepwork (Not all yet) for vimage in particular
support the delete the sctppcbinfo.xx structs. There is
still a leak in here if it were to be called plus we stil
need the regrouping (From Me and Michael Tuexen)
- Adds support for UDP tunneling. For BSD there is no
socket yet setup so its disabled, but major argument
changes are in here to emcompass the passing of the port
number (zero when you don't have a udp tunnel, the default
for BSD). Will add some hooks in UDP here shortly (discussed
with Robert) that will allow easy tunneling. (Mainly from
Peter Lei and Michael Tuexen with some BSD work from me :-D)
- Some ease for windows, evidently leave is reserved by their
compile move label leave: -> out:

MFC after: 1 week
17e7894aa7dbe42edf71156f155d3611a2fce063 29-Apr-2008 rrs <rrs@FreeBSD.org> - Have SCTP use the new pru_flush functionality
0eceb328eea3665628359423418f275a6d1f0006 14-Apr-2008 rrs <rrs@FreeBSD.org> - Have SCTP use the new pru_flush functionality

PR: 122710
MFC after: 1 week
0d684d927bf42ec9c53b0f921e6aaa42e7236cd7 10-Dec-2007 obrien <obrien@FreeBSD.org> Clean up VCS Ids.
73fcd49c8635599cba72011c539ea9f781c1da23 13-Sep-2007 rrs <rrs@FreeBSD.org> - Incorrect error EAGAIN returned for invalid send on a locked
stream (using EEOR mode). Changed to EINVAL (in sctp_output.c)
- Static analysis comments added
- fix in mobility code to return a value (static analysis found).
- sctp6_notify function made visible instead of
static (this is needed for Panda).

Approved by: re@freebsd.org (B Mah)
e1de0a1edadaa9d67f677c0aa3a582c9bcc34b9c 08-Sep-2007 rrs <rrs@FreeBSD.org> - send call has a reference to uio->uio_resid in
the recent send code, but uio may be NULL on sendfile
calls. Change to use sndlen variable.
- EMSGSIZE is not being returned in non-blocking mode
and needs a small tweak to look if the msg would
ever fit when returning EWOULDBLOCK.
- FWD-TSN has a bug in stream processing which could
cause a panic. This is a follow on to the codenomicon
- PDAPI level 1 and 2 do not work unless the reader
gets his returned buffer full. Fix so we can break
out when at level 1 or 2.
- Fix fast-handoff features to copy across properly on
accepted sockets
- Fix sctp_peeloff() system call when no true system call
exists to screen arguments for errors. In cases where a
real system call exists the system call itself does this.
- Fix raddr leak in recent add-ip code change for bundled
asconfs (even when non-bundled asconfs are received)
- Make sure ipi_addr lock is held when walking global addr
list. Need to change this lock type to a rwlock().
- Add don't wake flag on both input and output when the
socket is closing.
- When deleting an address verify the interface is correct
before allowing the delete to process. This protects panda
and unnumbered.
- Clean up old sysctl stuff and get rid of the old Open/Net
BSD structures.
- Add a function to watch the ranges in the sysctl sets.
- When appending in the reassembly queue, validate that
the assoc has not gone to about to be freed. If so
(in the middle) abort out. Note this especially effects
MAC I think due to the lock/unlock they do (or with
LOCK testing in place).
- Netstat patch to get rid of warnings.
- Make sure that no data gets queued to inactive/unconfirmed
destinations. This especially effect CMT but also makes a
impact on regular SCTP as well.
- During init collision when we detect seq number out
of sync we need to treat it like Case C and discard
the cookie (no invarient needed here).
- Atomic access to the random store.
- When we declare a vtag good, we need to shove it
into the time wait hash to prevent further use. When
the tag is put into the assoc hash, we need to remove it
from the twait hash (where it will surely be). This prevents
duplicate tag assignments.
- Move decr-ref count to better protect sysctl out of
- ltrace error corrections in sctp6_usrreq.c
- Add hook for interface up/down to be sent to us.
- Make sysctl() exported structures independent of processor
- Fix route and src addr cache clearing for delete address case.
- Make sure address marked SCTP_DEL_IP_ADDRESS is never selected
as src addr.
- in icmp handling fixed so we actually look at the icmp codes
to figure out what to do.
- Modified mobility code.
Reception of DELETE IP ADDRESS for a primary destination and
SET PRIMARY for a new primary destination is used for
retransmission trigger to the new primary destination.
Also, in this case, destination of chunks in send_queue are
changed to the new primary destination.
- Fix so that we disallow sending by mbuf to ever have EEOR
mode set upon it.

Approved by: re@freebsd.org (B Mah)
4dd82bd675126ae3087b47d4425b57c8c44aa790 08-Sep-2007 rrs <rrs@FreeBSD.org> - Locking compatiability changes. This involves adding
additional flags to many function calls. The flags only
get used in BSD when we compile with lock testing. These
flags allow apple to escape the "giant" lock it holds on
the socket and have more fine-grained locking in the NKE.
It also allows us to test (with witness) the locking used
by apple via a compile switch (manually applied).

Approved by: re@freebsd.org(B Mah)
e335457f91efbba1e9ccc24574c0ffc73235bd94 27-Aug-2007 rrs <rrs@FreeBSD.org> - During shutdown pending, when the last sack came in and
the last message on the send stream was "null" but still
there, a state we allow, we could get hung and not clean
it up and wait for the shutdown guard timer to clear the
association without a graceful close. Fix this so that
that we properly clean up.
- Added support for Multiple ASCONF per new RFC. We only
(so far) accept input of these and cannot yet generate
a multi-asconf.
- Sysctl'd support for experimental Fast Handover feature. Always
disabled unless sysctl or socket option changes to enable.
- Error case in add-ip where the peer supports AUTH and ADD-IP
but does NOT require AUTH of ASCONF/ASCONF-ACK. We need to
ABORT in this case.
- According to the Kyoto summit of socket api developers
(Solaris, Linux, BSD). We need to have:
o non-eeor mode messages be atomic - Fixed
o Allow implicit setup of an assoc in 1-2-1 model if
using the sctp_**() send calls - Fixed
o Get rid of HAVE_XXX declarations - Done
o add a sctp_pr_policy in hole in sndrcvinfo structure - Done
o add a PR_SCTP_POLICY_VALID type flag - yet to-do in a future patch!
- Optimize sctp6 calls to reuse code in sctp_usrreq. Also optimize
when we close sending out the data and disabling Nagle.
- Change key concatenation order to match the auth RFC
- When sending OOTB shutdown_complete always do csum.
- Don't send PKT-DROP to a PKT-DROP
- For abort chunks just always checksums same for
- inpcb_free front state had a bug where in queue
data could wedge an assoc. We need to just abandon
ones in front states (free_assoc).
- If a peer sends us a 64k abort, we would try to
assemble a response packet which may be larger than
64k. This then would be dropped by IP. Instead make
a "minimum" size for us 64k-2k (we want at least
2k for our initack). If we receive such an init
discard it early without all the processing.
- When we peel off we must increment the tcb ref count
to keep it from being freed from underneath us.
- handling fwd-tsn had bugs that caused memory overwrites
when given faulty data, fixed so can't happen and we
also stop at the first bad stream no.
- Fixed so comm-up generates the adaption indication.
- peeloff did not get the hmac params copied.
- fix it so we lock the addr list when doing src-addr selection
(in future we need to use a multi-reader/one writer lock here)
- During lowlevel output, we could end up with a _l_addr set
to null if the iterator is calling the output routine. This
means we would possibly crash when we gather the MTU info.
Fix so we only do the gather where we have a src address
- we need to be sure to set abort flag on conn state when
we receive an abort.
- peeloff could leak a socket. Moved code so the close will
find the socket if the peeloff fails (uipc_syscalls.c)

Approved by: re@freebsd.org(Ken Smith)
1d0af67d1affeebe2b3f9ddd01a55aa656b374cd 24-Aug-2007 rrs <rrs@FreeBSD.org> - Fix address add handling to clear cached routes and source addresses
when peer acks the add in case the routing table changes.
- Fix sctp_lower_sosend to send shutdown chunk for mbuf send
case when sndlen = 0 and sinfoflag = SCTP_EOF
- Fix sctp_lower_sosend for SCTP_ABORT mbuf send case with null data,
So that it does not send the "null" data mbuf out and cause
it to get freed twice.
- Fix so auto-asconf sysctl actually effect the socket's asconf state.
- Do not allow SCTP_AUTO_ASCONF option to be used on subset bound sockets.
- Memset bug in sctp_output.c (arguments were reversed) submitted
found and reported by Dave Jones (davej@codemonkey.org.uk).
- PD-API point needs to be invoked >= not just > to conform to socket api
draft this fixes sctp_indata.c in the two places need to be >=.
- move M_NOTIFICATION to use M_PROTO5.
- PEER_ADDR_PARAMS did not fail properly if you specify an address
that is not in the association with a valid assoc_id. This meant
you got or set the stcb level values instead of the destination
you thought you were going to get/set. Now validate if the
stcb is non-null and the net is NULL that the sa_family is
set and the address is unspecified otherwise return an error.
- The thread based iterator could crash if associations were freed
at the exact time it was running. rework the worker thread to
use the increment/decrement to prevent this and no longer use
the markers that the timer based iterator uses.
- Fix the memleak in sctp_add_addr_to_vrf() for the case when it is
detected that ifa is already pointing to a ifn.
- Fix it so that if someone is so insane that they drop the
send window below the minimal add mark, they still can send.
- Changed all state for associations to use mask safe macro.
- During front states in association freeing in sctp_inpcbfree, we
had a locking problem where locks were not in place where they
should have been.
- Free association calls were not testing the return value in
sctp_inpcb_free() properly... others should be cast void returns
where we don't care about the return value.
- If a reference count is held on an assoc, even from the "force free"
we should not do the actual free.. but instead let the timer
free it.
- When we enter sctp_input(), if the SCTP_ASOC_ABOUT_TO_BE_FREED
flag is set, we must NOT process the packet but handle it like
ootb. This is because while freeing an assoc we release the
locks to get all the higher order locks so we can purge all
the hash tables. This leaves a hole if a packet comes in
just at that point. Now sctp_common_input_processing() will
call the ootb code in such a case.
- Change MBUF M_NOTIFICATION to use M_PROTO5 (per Sam L). This makes
it so we don't have a conflict (I think this is a covertity change).
We made this change AFTER some conversation and looking to make sure
that M_PROTO5 does not have a problem between SCTP and the 802.11
stuff (which is the only other place its used).
- Fixed lock order reversal and missing atomic protection around
locked_tcb during association lookup and the 1-2-1 model.
- Added debug to source address selection.
- V6 output must always do checksum even for loopback.
- Remove more locks around inp that are not needed for an atomically
added/subtracted ref count.
- slight optimization in the way we zero the array in sctp_sack_check()
- It was possible to respond to a ABORT() with bad checksum with
a PKT-DROP. This lead to a PKT-DROP/ABORT war. Add code to NOT
send a PKT-DROP to any ABORT().
- Add an option for local logging (useful for macintosh or when
you need better performing during debugging). Note no commands
are here to get the log info, you must just use kgdb.
- The timer code needs to be aware of if it needs to call
sctp_sack_check() to slide the maps and adjust the cum-ack.
This is because it may be out of sync cum-ack wise.
- Added threshold managment logging.
- If the user picked just the right size, that just filled the send
window minus one mtu, we would enter a forever loop not copying and
at the same time not blocking. Change from < to <= solves this.
- Sysctl added to control the fragment interleave level which defaults
to 1.
- My rwnd control was not being used to control the rwnd properly (we
did not add and subtract to it :-() this is now fixed so we handle
small messages (1 byte etc) better to bring our rwnd down more

Approved by: re@freebsd.org (Bruce Mah)
1db8ba247453b3da31775f1a39199179ca75bfb7 24-Jul-2007 rrs <rrs@FreeBSD.org> - take out a needless panic under invariants for sctp_output.c
- Fix addrs's error checking of sctp_sendx(3) when addrcnt is less than
- re-add back inpcb_bind local address check bypass capability
- Fix it so sctp_opt_info is independant of assoc_id postion.
- Fix cookie life set to use MSEC_TO_TICKS() macro.
- asconf changes
o More comment changes/clarifications related to the old local address
"not" list which is now an explicit restricted list.

o Rename some functions for clarity:
- sctp_add/del_local_addr_assoc to xxx_local_addr_restricted()
- asconf related iterator functions to sctp_asconf_iterator_xxx()

o Fix bug when the same address is deleted and added (and removed from
the asconf queue) where the ifa is "freed" twice refcount wise,
possibly freeing it completely.

o Fix bug in output where the first ASCONF would not go out after the
last address is changed (e.g. only goes out when retransmitted).

o Fix bug where multiple ASCONFs can be bundled in the same packet with
the and with the same serial numbers.

o Fix asconf stcb iterator to not send ASCONF until after all work
queue entries have been processed.

o Change behavior so that when the last address is deleted (auto asconf
on a bound all endpoint) no action is taken until an address is
added; at that time, an ASCONF add+delete is sent (if the assoc
is still up).

o Fix local address counting so that address scoping is taken into

o #ifdef SCTP_TIMER_BASED_ASCONF the old timer triggered sending
of ASCONF (after an RTO). The default now is to send
ASCONF immediately (except for the case of changing/deleting the
last usable address).
Approved by: re(ken smith)@freebsd.org
1918b8aea1b783fd107c45b78b7634bc87e85b0d 21-Jul-2007 rrs <rrs@FreeBSD.org> - remove duplicate code from sctp_asconf.c
- remove duplicate #include <sys/priv.h> that is not under
#ifdef FreeBSD version to allow compile on 6.1
- static analysis changes per the cisco SA tool including:
o some SA_IGNORE comments
o some checks for NULL before unlock.
o type corrections int -> size_t
- Fix it so sctp_alloc_asoc takes a thread/proc argument. Without this
we pass a NULL in to bind on implicit assoc setup and crash :-(
Approved by: re@freebsd.org(Ken Smith)
baae800484b92bf7eee24218fdc96dca410b1846 17-Jul-2007 rrs <rrs@FreeBSD.org> - added pre-checks to the bindx call.
- use proper tick gathering macro instead of ticks directly.
- Placed reasonable boundaries on sets that a user can do
that are converted to ticks from ms.
- Fix CMT_PF to always check to be sure CMT is on.
- Fix ticks use of CMT_PF.
- put back code to allow asconfs to be queued while INITs are in flight
and before the assoc is established.
- During window probes, an ack'd packet might be left with the window
probe mark on it causing it to be retransmitted. Change so that
the flight decrease macro clears the window_probe mark.
- Additional logging flight size/reading and ASOC LOG. This
is only enabled if you manually insert things into opt_sctp.h
since its a set of debug code only.
- Found an interesting SMP race in the way data was appended which
could cause a reader to lose a part of a message, had to
reorder when we marked the message was complete to after
the data was appended.
- bug in ADD-IP for the subset bound socket case when the peer has only
one address
- fix ASCONF implicit success/error handling case
- proper support of jails in Freebsd 6>
- copy out the timeval for the 64 bit sparc world on cookie-echo
alignment error crashes without this).
Approved by: re(Ken Smith)
1e9af2c480a638933876e637c1f3b9f1b7bad3e9 14-Jul-2007 rrs <rrs@FreeBSD.org> - Modular congestion control, with RFC2581 being the default.
- CMT_PF states added (w/sysctl to turn the PF version on)
- sctp_input.c had a missing incr of cookie case when the
auth was bad. This meant a free was called without an
increment to refcnt, added increment like rest of code.
- There was a case, unlikely, when the scope of the destination
changed (this is a TSNH case). In that case, it would not free
the alloc'ed asoc (in sctp_input.c).
- When listed addresses found a colliding cookie/Init, then
the collided upon tcb was not unlocked in sctp_pcb.c
- Add error checking on arguments of sctp_sendx(3) to prevent it from
referencing a NULL pointer.
- Fix an error return of sctp_sendx(3), it was returing
ENOMEM not -1.
- Get assoc id was changed to use the sanctified socket api
method for getting a assoc id (PEER_ADDR_INFO instead of
- Fix it so a peeled off socket will get a proper error return
if it trys to send to a different address then it is connected to.
- Fix so that select_a_stream can avoid an endless loop that
could hang a caller.
- time_entered (state set time) was not being set in all cases
to the time we went established.
Approved by: re(ken smith)
e6f8b0995d59e493018009921005c7f50759dc53 05-Jul-2007 delphij <delphij@FreeBSD.org> ANSIfy[1] plus some style cleanup nearby.

Discussed with: gnn, rwatson
Submitted by: Karl Sj?dahl - dunceor <dunceor gmail com> [1]
Approved by: re (rwatson)
aeca69ded51d6233029432f2819670cdedc399fa 03-Jul-2007 gnn <gnn@FreeBSD.org> Commit the change from FAST_IPSEC to IPSEC. The FAST_IPSEC
option is now deprecated, as well as the KAME IPsec code.
What was FAST_IPSEC is now IPSEC.

Approved by: re
Sponsored by: Secure Computing
0cd74db89b7c7ca5bface8b05ae8263c0a54217b 01-Jul-2007 gnn <gnn@FreeBSD.org> Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes only the kernel files, the rest of the files
will follow in a second commit.

Reviewed by: bz
Approved by: re
Supported by: Secure Computing
a50eb788faabaf4a93e82cc35cc09d3db96c9539 17-Jun-2007 rrs <rrs@FreeBSD.org> - For sctp_input/sctp6_input add announcment when a packet arrives (debug)
- re-factor the packet drop in sctp_output a bit more, we don't need the
trim after all, but the size calc is now corrected.
- When a assoc is in the COOKIE-ECHO/COOKIE-WAIT state and the user
closes, it should not matter if data is queued, the assoc should be
- In error leg a missing free_chunk when iph comes in NULL (should not
happen but just in case).
5db775aaced05bbda585e596739fe8150a74d68d 14-Jun-2007 rrs <rrs@FreeBSD.org> - Fix so ifn's are properly deleted when the ref count goes to 0.
- Fix so VRF's will clean themselves up when no references are around.
- Allow sctp_ifa to be passed into inpcb_bind, addr_mgmt_ep_sa to bypass
normal validation checks.
- turn auto-asconf off for subset bound sockets
- Moves all logging to use KTR. This gets rid of most
of the logging #ifdef's with a few exceptions reducing
the number of config options for SCTP.
00b02345d424dac8a490ff28ff75fd9386196583 12-Jun-2007 rwatson <rwatson@FreeBSD.org> Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in
some cases, move to priv_check() if it was an operation on a thread and
no other flags were present.

Eliminate caller-side jail exception checking (also now-unused); jail
privilege exception code now goes solely in kern_jail.c.

We can't yet eliminate suser() due to some cases in the KAME code where
a privilege check is performed and then used in many different deferred
paths. Do, however, move those prototypes to priv.h.

Reviewed by: csjp
Obtained from: TrustedBSD Project
18555b3d48ec06d96b44fa98539c6db54196054e 02-Jun-2007 rrs <rrs@FreeBSD.org> - fix initial pcb vrf setting when the initial vrf is not the
- Missing lock/unlock of inp added as well in the v6 side.
- IFN hash table moves to sctppcbinfo since indexes are
unique across systems (including different VRFs) this makes it easier
to do ifn lookups.
f978918265146648d92dec52ff74fbf46eb3f5f9 01-Jun-2007 rrs <rrs@FreeBSD.org> - Take out the broken table-id concept. Panda Routers have a M-VRF
concept that is NOT well thought out for a multi-homed transport
protocol. So the useless table-id entries passed around need to
be removed.
- Add a event timer for the zero copy api.
- Fix a bug in sctp_timer.c when searching for an alternate
with the largest ssthresh (the compare was wrong).
f827c93ac67113093cd06e755372cf7cd9302d8f 29-May-2007 rrs <rrs@FreeBSD.org> - Fixes so we won't try to start a timer when we
hold a wq lock for the iterator. Panda uses a
silly recursive lock they hold through the timer.
- Add poor mans wireshark compile option..
- Allocate and start using SCTP_M_XXX for all SCTP_MALLOC() calls.
- sysctl now will get back the refcnt for viewing by onlookers.

Reviewed by: gnn
953518c197f1cb83f3542e5632414645fa326689 28-May-2007 rrs <rrs@FreeBSD.org> - fixed autclose to not allow setting on 1-2-1 model.
- bounded cookie-life to 1 second minimum in socket option set.
- Delayed_ack_time becomes delayed_ack per new socket api document.
- Improve port number selection, we now use low/high bounds and
no chance of a endless loop. Only one call to random per bind
as well.
- fixes so set_peer_primary pre-screens addresses to be
valid to this host.
- maxseg did not allow setting on an assoc basis. We needed
to thus track and use an association value instead of a inp value.
- Fixed ep get of HB status to report back properly.
- use settings flag to tell if assoc level hb is on off not
the timer.. since the timer may still run if unconf address
are present.
- check for crazy ENABLE/DISABLE conditions.
- set and get of pmtud (fixed path mtu) not always taking into account ovh.
- Getting PMTU info on stcb only needs to return PMTUD_ENABLED if
any net is doing PMTU discovery.
- Panic or warning fixed to not do so when a valid ip frag is
taking place.
- sndrcvinfo appearing in both inp and stcb was full size, instead
of the non-pad version. This saves about 92 bytes from each struct
by carefully converting to use the smaller version.
- one-2-one model get(maxseg) would always get ep value, never the
tcb's value.
- The delayed ack time could be under a tick, this fixes so
it bounds it to at least 1 tick for platforms whos tick
is more than a ms.
- Fragment interleave level set to wrong default value.
- Fragment interleave could not set level 0.
- Defered stream reset was broken due to a guard check and ntohl issue.
- Found two lock order reversals and fixed.
- Tighten up address checking, if the user gives an address the sa_len
had better be set properly.
- Get asoc by assoc-id would return a locked tcb when it was asked
not to if the tcb was in the restart hash.
- sysctl to dig down and get more association details

Reviewed by: gnn
f03ff79b8eb759f4448ea239b33f54a4de64e72b 17-May-2007 rrs <rrs@FreeBSD.org> - Fixed 1-2-1 model to not worry about associd in sockopts
- Fixed RTOinfo for bounding.
- Fixed connect() to return ECONNREFUSED when an ABORT is received.
- Added comments to direct Static Analysis not to look at some things
it does not understand (comments are /* sa_ignore XXXXX */)
- Bind when colliding was broken, missing not_found = 1 before
checking to see if the port was in use caused endless bind loop.
- Cookie life needs to be in milliseconds to conform to socket api.
- Cookie life is not supposed to change if its 0, On the assoc
level set we changed it to 0 opps.
- Two more static analysis issues identified by the cisco
tool. Null checks needed.
- An issue for sendfile(). Need to validate the correct
input argument.
- When sending failed due to a no route to host, we leaked
the mbuf chain failing to call m_freem().
- Fix #ifdef issue for getting hash block len when HAVE_SHA2 is NOT defined
Reviewed by: gnn
8531fb6bb28e0296c5987623d099b38a08ba798a 09-May-2007 rrs <rrs@FreeBSD.org> Two major items here:
- All printf that was surrounded by #ifdef SCTP_DEBUG moves to
a macro that does all of this. This removes all printfs from
the code and makes the code more portable and easier to
- Static Analysis (cisco) - found a few bugs, but mostly we
add checks for NULL pointers and such to make the tool
happy. We now pass the Cisco SA tools checks except for
where it does not understand tailq/lists. We still need
to look at the coverity tools output too (this is like
the cisco SA tool) and see if it wants us to fix any other
items. Hopefully this will be the last major churn in the
code other than bug fixes.
ffa53534cf6e2aeba7a7d7282d5f70d1cbff4b58 08-May-2007 rrs <rrs@FreeBSD.org> - Copyright change, cisco's silly tool wants it to say:
"Copyright (c) 2001-2007, by Cisco Systems,"
instead of
*Copyright (c) 2001-2007, Cisco Systems,"

- Also fix a few straglers that were still in 2006.
8b8ad155c530dd9a4bac8ade13e4c32936248c56 08-May-2007 rrs <rrs@FreeBSD.org> - Get rid of the sctp_inpcb_free() "magic numbers", now they
are sensible defines that tell what you are directing
the function to do.
494599278742a1165b67db90d09111a09b94fdde 08-May-2007 rrs <rrs@FreeBSD.org> - Static analyisis fixes for cisco's commit (this is equivilant
to the coverity tool.. may even be the same one.. not sure).
- A bug in the way sctp_abort() and friends were
setting the IP_CLOSE flag.. and NOT passing the
last argument as a (,1)... so that things would
get freed..
532412f6c49a9077f90f5cd40b66c87a16efe085 08-May-2007 rrs <rrs@FreeBSD.org> - More macros for OS compatabilty
- PR-SCTP would ignore FWD-TSN's above a rwnd's worth
of TSN's (1 byte msgs).. this left the peer hopelessly
out of sync.. or an attacker. So now we abort the assoc.
- New IFN hash, also rename hashes to match addr/ifn now
that the vrf has multiple.
- Do not enable SCTP_PCB_FLAGS_RECVDATAIOEVNT per default
as defined in the Socket API ID.
- Export MTU information via sysctl.
- Vrf's need table id's. This is default for
BSD, but may be other things later when BSD
fully supports VRFs.
- Additional stream reset bug (caught by cisco dev-test).
- Additional validations for the address in sending a message (socket api).
-------- and -----
- Fix association notifications not to give the active open
side false notifications.
- Fix so sendfile and SENDALL will work properly (missing
flag to say socket sender is done).
- Fix Bug that prevented COOKIES from being retransmitted.
- Break out connectx into helper sub-models so that iox routines can
reuse the helpers.
- When an address is added during system init (non-dynamic mode) make
sure that the "defer use" flag is not set.
** its compiling on XR now :-D **

Reviewed by: gnn
803b9be8be0827d6f2fde839f6dcd9225a2609be 02-May-2007 rrs <rrs@FreeBSD.org> - Somehow the disable fragment option got lost. We could
set/clear it but would not do it. Now we will.
- Moved to latest socket api for extended sndrcv info struct.
- Moved to support all new levels of fragment interleave (0-2).
- Codenomicon security test updates - length checks and such.
- Bug in stream reset (2 actually).
- setpeerprimary could unlock a null pointer, fixed.
- Added a flag in the pcb so netstat can see if we are listening easier.

Obtained from: (some of the Listen changes from Weongyo Jeong)
fb6f6fd9a183da8573afa302e42cdf7684785a7d 14-Apr-2007 rrs <rrs@FreeBSD.org> - fix source address selection when picking an acceptable address
- name change of prefered -> preferred
- CMT fast recover code added.
- Comment fixes in CMT.
- We were not giving a reason of cant_start_asoc per socket api
if we failed to get init/or/cookie to bring up an assoc. Change
so we don't just give a generic "comm lost" but look at actual
states of dying assoc.
- change "crc32" arguments to "crc32c" to silence strict/noisy
compiler warnings when crc32() is also declared
- A few minor tweaks to get the portable stuff truely portable
for sctp6_usrreq.c :-D
- one-2-one style vrf match problem.
- window recovery would leave chks marked for retran
during window probes on the sent queue. This would then
cause an out-of-order problem and assure that the flight
size "problem" would occur.
- Solves a flight size logging issue that caused rwnd
overruns, flight size off as well as false retransmissions.g
- Macroize the up and down of flight size.
- Fix a ECNE bug in its counting.
- The strict_sacks options was causing aborts when window probing
was active, fix to make strict sacks a bit smarter about what
the next unsent TSN is.
- Fixes a one-2-one wakeup bug found by Martin Kulas.
- If-defed out form, Andre's copy routines pending his
commit of at least m_last().. need to adjust for 6.2 as
well.. since m_last won't exist.
Reviewed by: gnn
ad3d5670174784e5b920754b5b0f8f9902669d09 03-Apr-2007 rrs <rrs@FreeBSD.org> - fixed several places where we did not release INP locks.
- fixed a refcount bug in the new ifa structures.
- use vrf's from default stcb or inp whenever possible.
- Address limits raised to account for a full IP fragmented
packet (1000 addresses).
- flight size correcting updated to include one message only
and to handle case where the peer does not cumack the
next segment aka lists 1/1 in sack blocks..
- Various bad init/init-ack handling could cause a panic
since we tried to unlock the destroyed mutex. Fixes
so we properly exit when we need to destroy an assoc.
(Found by Cisco DevTest team :D)
- name rename in src-addr-selection from pass to sifa.
- route structure typedef'd to allow different platforms
and updated into sctp_os_bsd file.
- Max retransmissions a chunk can be made added.
Reviewed by: gnn
9afebb96fc58efdcb69e55a2863d17e89d803dbe 31-Mar-2007 rrs <rrs@FreeBSD.org> - Found bug in min split point bundling which caused
incorrect, non-bundlable fragmentation.
- Added min residual to better control split points for
both how big a msg must be as well as how much needs
to be left over.
- With our new algo in place, we need to implicitly
set "end of msg" on the sp-> structure otherwise we
end up with "hung" associations.
- Room reserved up front in IP header by pushing IP
header to back of mbuf.
- Fix so FR's peg count of retransmissions needed.
- Fix so an unlucky chunk that never gets across
will kill the assoc via the kill timer and send an
abort too.
- Fix bug in sctp_input which can result in a crash.
- Do not strip off IP options anymore.
- Clean up sctp_calculate_rto().
- Get rid of unused sysctl.
- Fixed so we discard all M-Cast
- Fixed so port check done AFTER checksum
- Fixed bug in fragmentation code that prevented
us from fragmenting a small complete message when
we needed to.
- Window probes were not marked back to unsent and
flight adjusted when a sack came in with no
window change or accepting of the probe data.
We now fix this with having a mark on the net and
the chunk so we can clear it out when the sack arrives
forcing it to retran just like it was "new" this
improves the handling of window probes, which were
dropped by the receiver.
- Tighten AUTH protocol error checks during INIT/INIT-ACK exchange
af970e3016805a81bd955a154f67086cd68daaa0 19-Mar-2007 rrs <rrs@FreeBSD.org> - errno -> becomes error in sctp_output.c and sctputil.c
- SB_CLEAR macro defined and used for sb clearing.
- Fix for CMT express_sack_handling did not do proper
pseudo-cumack updates.
- Get rid of extraneous function that was never used ip_2_ip6_hdr()
- Fixed source address selection bug (initialization problem).
- Source address selection debug added.
bd8786ed778eb3e2e64f4bc1078d8653aa1a6d54 15-Mar-2007 rrs <rrs@FreeBSD.org> - Sysctl's move to seperate file
- moved away from ifn/ifa access to sctp_ifa/sctp_ifn
built and managed by the add-ip code.
- cleaned up add-ip code to use the iterator
- made iterator be a thread, which enables auto-asconf now.
- rewrote and cleaned up source address selection (also
made it use new structures).
- Fixed a couple of memory leaks.
- DACK now settable as to how many packets to delay as
well as time.
- connectx() to latest socket API, new associd arg.
- Fixed issue with revoking and loosing potential to
send when we inflate the flight size. We now inflate
the cwnd too and deflate it later when the revoked
chunk is sent or acked.
- Got rid of some temp debug code
- src addr selection moved to a common file (sctp_output.c)
- Support for simple VRF's (we have support for multi-vfr
via compile switch that is scrubbed from BSD but we won't
need multi-vrf until we first get VRF :-D)
- Rest of mib work for address information now done
- Limit number of addresses in INIT/INIT-ACK to
a #def (30).

Reviewed by: gnn
e176cc33f53a2dee7896aec59f970825b57845b8 12-Feb-2007 rrs <rrs@FreeBSD.org> - Copyright updates (aka 2007)
- ZONE get now also take a type cast so it does the
cast like mtod does.
- New macro SCTP_LIST_EMPTY, which in bsd is just
- Removal of const in some of the static hmac functions
(not needed)
- Store length changes to allow for new fields in auth
- Auth code updated to current draft (this should be the
RFC version we think).
- use uint8_t instead of u_char in LOOPBACK address comparison
- Some u_int32_t converted to uint32_t (in crc code)
- A bug was found in the mib counts for ordered/unordered
count, this was fixed (was referencing a freed mbuf).
- SCTP_ASOCLOG_OF_TSNS added (code will probably disappear
after my testing completes. It allows us to keep a
small log on each assoc of the last 40 TSN's in/out and
stream assignment. It is NOT in options and so is only
good for private builds.
- Some CMT changes in prep for Jana fixing his problem
with reneging when CMT is enabled (Concurrent Multipath
Transfer = CMT).
- Some missing mib stats added.
- Correction to number of open assoc's count in mib
- Correction to os_bsd.h to get right sha2 macros
- Add of special AUTH_04 flags so you can compile the code
with the old format (in case the peer does not yet support
the latest auth code).
- Nonce sum was incorrectly being set in when ecn_nonce was
NOT on.
- LOR in listen with implicit bind found and fixed.
- Moved away from using mbuf's for socket options to using
just data pointers. The mbufs were used to harmonize
NetBSD code since both Net and Open used this method. We
have decided to move away from that and more conform to
FreeBSD style (which makes more sense).
- Very very nasty bug found in some of my "debug" code. The
cookie_how collision case tracking had an endless loop in
it if you got a second retransmission of a cookie collision
case. This would lock up a CPU .. ugly..
- auth function goes to using size_t instead of int which
conforms to socketapi better
- Found the nasty bug that happens after 9 days of testing.. you
get the data chunk, deliver it and due to the reference to a ch->
that every now and then has been deleted (depending on the postion
in the mbuf) you have an invalid ch->ch.flags.. and thus you don't
advance the stream sequence number.. so you block the stream
permanently. The fix is to make local variables of these guys
and set them up before you have any chance of trimming the
- style fix in sctp_util.h, not sure how this got bad maybe in
the last patch? (aka it may not be in the real source).
- Found interesting bug when using the extended snd/rcv info where
we would get an error on receiving with this. Thats because
it was NOT padded to the same size as the snd_rcv info. We
increase (add the pad) so the two structs are the same size
in sctp_uio.h
- In sctp_usrreq.c one of the most common things we did for
socket options was to cast the pointer and validate the size.
This as been macro-ized to help make the code more readable.
- in sctputil.c two things, the socketapi class found a missing
flag type (the next msg is a notification) and a missing
scope recovery was also fixed.

Reviewed by: gnn
1b181171ae63e565fff3af7d33d65d39a0d9e4cf 18-Jan-2007 rrs <rrs@FreeBSD.org> - most all includes (#include <>) migrate to the sctp_os_bsd.h file
- Finally all splxx() are removed
- Count error fixed in mapping array which might
cause a wrong cumack generation.
- Invariants around panic for case D + printf when no invariants.
- one-to-one model race condition fixed by using
a pre-formed connection and then completing the
work so accept won't happen on a non-formed
- Some additional paranoia checks in sctp_output.
- Locks that were missing in the accept code.

Approved by: gnn
094d70fac7c91a2d4fa26601007f25c9d46b058e 15-Jan-2007 rrs <rrs@FreeBSD.org> - Macroizes the V6ONLY flag check.
- Added a short time wait (not used yet) constant
- Corrected the type of the crc32c table (it was
unsigned long and really is a uint32_t
- Got rid of the user of MHeaders until they
are truely needed by lower layers.
- Fixed an initialization problem in the readq structure
(ordering was off).
- Found yet another collision bug when the random number
generator returns two numbers on one side (during a collision)
that are the same. Also added some tracking of cookies
that will go away when we know that we have the last collision
bug gone.
- Fixed an init bug for book_size_scale, that was causing
Early FR code to run when it should not.
- Fixed a flight size tracking bug that was associated with
Early FR but due to above bug also effected all FR's
- Fixed it so Max Burst also will apply to Fast Retransmit.
- Fixed a bug in the temporary logging code that allowed a
static log array overflow
- hashinit_flags is now used.
- Two last mcopym's were converted to the macro sctp_m_copym that
has always been used by all other places
- macro sctp_m_copym was converted to upper case.
- We now validate sinfo_flags on input (we did not before).
- Fixed a bug that prevented a user from sending data and immediately
shuting down with one send operation.
- Moved to use hashdestroy instead of free() in our macros.
- Fixed an init problem in our timed_wait vtag where we
did not fully initialize our time-wait blocks.
- Timer stops were re-positioned.
- A pcb cleanup method was added, however this probably will
not be used in BSD.. unless we make module loadable protocols
- I think this fixes the mysterious timer bug.. it was a
ordering of locks problem in the way we did timers. It
now conforms to the timeout(9) manual (except for the
_drain part, we had to do this a different way due
to locks).
- Fixed error return code so we get either CONNREUSED or CONNRESET
depending on where one is in progression
- Purged an unused clone macro.
- Fixed a read erro code issue where we were NOT getting the proper
error when the connection was reset.
- Purged an unused clone macro.
- Fixed a read erro code issue where we were NOT getting the proper
error when the connection was reset.
Approved by: gnn
d392a291a28a8cbedf2cc9398d4a03c8467d8c3d 29-Dec-2006 rrs <rrs@FreeBSD.org> a) macro-ization of all mbuf and random number
access plus timers. This makes the code
more portable and able to change out the
mbuf or timer system used more easily ;-)
b) removal of all use of pkt-hdr's until only
the places we need them (before ip_output routines).
c) remove a bunch of code not needed due to <b> aka
worrying about pkthdr's :-)
d) There was one last reorder problem it looks where
if a restart occur's and we release and relock (at
the point where we setup our alias vtag) we would
end up possibly getting the wrong TSN in place. The
code that fixed the TSN's just needed to be shifted
around BEFORE the release of the lock.. also code that
set the state (since this also could contribute).
Approved by: gnn
3de80805ffbf0e87c0ff547698814193edb8bd14 14-Dec-2006 rrs <rrs@FreeBSD.org> 1) Fixes on a number of different collision case LOR's.
2) Fix all "magic numbers" to be constants.
3) A collision case that would generate two associations to
the same peer due to a missing lock is fixed.
4) Added tracking of where timers are stopped.
Approved by: gnn
1bedc49b68670bf727f50429a15911323ca540e3 08-Nov-2006 rrs <rrs@FreeBSD.org> -Fixes first of all the getcred on IPv6 and V4. The
copy's were incorrect and so was the locking.
-A bug was also found that would create a race and
panic when an abort arrived on a socket being read
-Also fix the reader to get MSG_TRUNC when a partial
delivery is aborted.
-Also addresses a couple of coverity caught error path
memory leaks and a couple of other valid complaints
Approved by: gnn
572da55a432cfcabe19b41502ef867e59edea8f6 06-Nov-2006 rwatson <rwatson@FreeBSD.org> Convert three new suser(9) calls introduced between when the priv(9)
patch was prepared and committed to priv(9) calls. Add XXX comments
as, in each case, the semantics appear to differ from the TCP/UDP
versions of the calls with respect to jail, and because cr_canseecred()
is not used to validate the query.

Obtained from: TrustedBSD Project
20dc61d3a46238522e738dd8dde26965d5ce46dd 05-Nov-2006 rrs <rrs@FreeBSD.org> Tons of fixes to get all the 64bit issues removed.
This also moves two 16 bit int's to become 32 bit
values so we do not have to use atomic_add_16.
Most of the changes are %p, casts and other various
nasty's that were in the orignal code base. With this
commit my machine will now do a build universe.. however
I as yet have not tested on a 64bit machine .. it may not work :-(
d203a1d908310a7d01b7c307026594bc1f46aa05 03-Nov-2006 rrs <rrs@FreeBSD.org> Opps... in my fix up of all the $FreeBSD:$-> $FreeBSD$ I
inserted a few to the new files.. but I falied to
add the #include <sys/cdef.h>

Which causes a compile error.. sorry about that... got it
now :-)

Approved by:gnn
3d3e3f2242423b47549f89486754bc40030fbe9f 03-Nov-2006 rrs <rrs@FreeBSD.org> Ok, here it is, we finally add SCTP to current. Note that this
work is not just mine, but it is also the works of Peter Lei
and Michael Tuexen. They both are my two key other developers
working on the project.. and they need ata-boy's too:
I did do a make sysent which updated the
syscall's and sysproto.. I hope that is correct... without
it you don't build since we have new syscalls for SCTP :-0

So go out and look at the NOTES, add
option SCTP (make sure inet and inet6 are present too)
and play with SCTP.

I will see about comitting some test tools I have after I
figure out where I should place them. I also have a
lib (libsctp.a) that adds some of the missing socketapi
functions that I need to put into lib's.. I will talk
to George about this :-)

There may still be some 64 bit issues in here, none of
us have a 64 bit processor to test with yet.. Michael
may have a MAC but thats another beast too..

If you have a mac and want to use SCTP contact Michael
he maintains a web site with a loadable module with
this code :-)

Reviewed by: gnn
Approved by: gnn