1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 #include <sys/types.h>
27 #include <sys/systm.h>
28 #include <sys/stream.h>
29 #include <sys/cmn_err.h>
30 #include <sys/kmem.h>
31 #define _SUN_TPI_VERSION 2
32 #include <sys/tihdr.h>
33 #include <sys/socket.h>
34 #include <sys/strsun.h>
35 #include <sys/strsubr.h>
36
37 #include <netinet/in.h>
38 #include <netinet/ip6.h>
39 #include <netinet/tcp_seq.h>
40 #include <netinet/sctp.h>
41
42 #include <inet/common.h>
43 #include <inet/ip.h>
44 #include <inet/ip_if.h>
45 #include <inet/ip6.h>
46 #include <inet/mib2.h>
47 #include <inet/ipclassifier.h>
48 #include <inet/ipp_common.h>
49 #include <inet/ipsec_impl.h>
50 #include <inet/sctp_ip.h>
51
52 #include "sctp_impl.h"
53 #include "sctp_asconf.h"
54 #include "sctp_addr.h"
55
56 static struct kmem_cache *sctp_kmem_set_cache;
57
58 /*
59 * PR-SCTP comments.
60 *
61 * When we get a valid Forward TSN chunk, we check the fragment list for this
62 * SSN and preceeding SSNs free all them. Further, if this Forward TSN causes
63 * the next expected SSN to be present in the stream queue, we deliver any
64 * such stranded messages upstream. We also update the SACK info. appropriately.
65 * When checking for advancing the cumulative ack (in sctp_cumack()) we must
66 * check for abandoned chunks and messages. While traversing the tramsmit
67 * list if we come across an abandoned chunk, we can skip the message (i.e.
68 * take it out of the (re)transmit list) since this message, and hence this
69 * chunk, has been marked abandoned by sctp_rexmit(). If we come across an
70 * unsent chunk for a message this now abandoned we need to check if a
71 * Forward TSN needs to be sent, this could be a case where we deferred sending
72 * a Forward TSN in sctp_get_msg_to_send(). Further, after processing a
73 * SACK we check if the Advanced peer ack point can be moved ahead, i.e.
74 * if we can send a Forward TSN via sctp_check_abandoned_data().
75 */
76 void
sctp_free_set(sctp_set_t * s)77 sctp_free_set(sctp_set_t *s)
78 {
79 sctp_set_t *p;
80
81 while (s) {
82 p = s->next;
83 kmem_cache_free(sctp_kmem_set_cache, s);
84 s = p;
85 }
86 }
87
88 static void
sctp_ack_add(sctp_set_t ** head,uint32_t tsn,int * num)89 sctp_ack_add(sctp_set_t **head, uint32_t tsn, int *num)
90 {
91 sctp_set_t *p, *t;
92
93 if (head == NULL || num == NULL)
94 return;
95
96 ASSERT(*num >= 0);
97 ASSERT((*num == 0 && *head == NULL) || (*num > 0 && *head != NULL));
98
99 if (*head == NULL) {
100 *head = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP);
101 if (*head == NULL)
102 return;
103 (*head)->prev = (*head)->next = NULL;
104 (*head)->begin = tsn;
105 (*head)->end = tsn;
106 *num = 1;
107 return;
108 }
109
110 ASSERT((*head)->prev == NULL);
111
112 /*
113 * Handle this special case here so we don't have to check
114 * for it each time in the loop.
115 */
116 if (SEQ_LT(tsn + 1, (*head)->begin)) {
117 /* add a new set, and move the head pointer */
118 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP);
119 if (t == NULL)
120 return;
121 t->next = *head;
122 t->prev = NULL;
123 (*head)->prev = t;
124 t->begin = tsn;
125 t->end = tsn;
126 (*num)++;
127 *head = t;
128 return;
129 }
130
131 /*
132 * We need to handle the following cases, where p points to
133 * the current set (as we walk through the loop):
134 *
135 * 1. tsn is entirely less than p; create a new set before p.
136 * 2. tsn borders p from less; coalesce p with tsn.
137 * 3. tsn is withing p; do nothing.
138 * 4. tsn borders p from greater; coalesce p with tsn.
139 * 4a. p may now border p->next from less; if so, coalesce those
140 * two sets.
141 * 5. tsn is entirely greater then all sets; add a new set at
142 * the end.
143 */
144 for (p = *head; ; p = p->next) {
145 if (SEQ_LT(tsn + 1, p->begin)) {
146 /* 1: add a new set before p. */
147 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP);
148 if (t == NULL)
149 return;
150 t->next = p;
151 t->prev = NULL;
152 t->begin = tsn;
153 t->end = tsn;
154 if (p->prev) {
155 t->prev = p->prev;
156 p->prev->next = t;
157 }
158 p->prev = t;
159 (*num)++;
160 return;
161 }
162
163 if ((tsn + 1) == p->begin) {
164 /* 2: adjust p->begin */
165 p->begin = tsn;
166 return;
167 }
168
169 if (SEQ_GEQ(tsn, p->begin) && SEQ_LEQ(tsn, p->end)) {
170 /* 3; do nothing */
171 return;
172 }
173
174 if ((p->end + 1) == tsn) {
175 /* 4; adjust p->end */
176 p->end = tsn;
177
178 if (p->next != NULL && (tsn + 1) == p->next->begin) {
179 /* 4a: coalesce p and p->next */
180 t = p->next;
181 p->end = t->end;
182 p->next = t->next;
183 if (t->next != NULL)
184 t->next->prev = p;
185 kmem_cache_free(sctp_kmem_set_cache, t);
186 (*num)--;
187 }
188 return;
189 }
190
191 if (p->next == NULL) {
192 /* 5: add new set at the end */
193 t = kmem_cache_alloc(sctp_kmem_set_cache, KM_NOSLEEP);
194 if (t == NULL)
195 return;
196 t->next = NULL;
197 t->prev = p;
198 t->begin = tsn;
199 t->end = tsn;
200 p->next = t;
201 (*num)++;
202 return;
203 }
204
205 if (SEQ_GT(tsn, p->end + 1))
206 continue;
207 }
208 }
209
210 static void
sctp_ack_rem(sctp_set_t ** head,uint32_t end,int * num)211 sctp_ack_rem(sctp_set_t **head, uint32_t end, int *num)
212 {
213 sctp_set_t *p, *t;
214
215 if (head == NULL || *head == NULL || num == NULL)
216 return;
217
218 /* Nothing to remove */
219 if (SEQ_LT(end, (*head)->begin))
220 return;
221
222 /* Find out where to start removing sets */
223 for (p = *head; p->next; p = p->next) {
224 if (SEQ_LEQ(end, p->end))
225 break;
226 }
227
228 if (SEQ_LT(end, p->end) && SEQ_GEQ(end, p->begin)) {
229 /* adjust p */
230 p->begin = end + 1;
231 /* all done */
232 if (p == *head)
233 return;
234 } else if (SEQ_GEQ(end, p->end)) {
235 /* remove this set too */
236 p = p->next;
237 }
238
239 /* unlink everything before this set */
240 t = *head;
241 *head = p;
242 if (p != NULL && p->prev != NULL) {
243 p->prev->next = NULL;
244 p->prev = NULL;
245 }
246
247 sctp_free_set(t);
248
249 /* recount the number of sets */
250 *num = 0;
251
252 for (p = *head; p != NULL; p = p->next)
253 (*num)++;
254 }
255
256 void
sctp_sets_init()257 sctp_sets_init()
258 {
259 sctp_kmem_set_cache = kmem_cache_create("sctp_set_cache",
260 sizeof (sctp_set_t), 0, NULL, NULL, NULL, NULL,
261 NULL, 0);
262 }
263
264 void
sctp_sets_fini()265 sctp_sets_fini()
266 {
267 kmem_cache_destroy(sctp_kmem_set_cache);
268 }
269
270 sctp_chunk_hdr_t *
sctp_first_chunk(uchar_t * rptr,ssize_t remaining)271 sctp_first_chunk(uchar_t *rptr, ssize_t remaining)
272 {
273 sctp_chunk_hdr_t *ch;
274 uint16_t ch_len;
275
276 if (remaining < sizeof (*ch)) {
277 return (NULL);
278 }
279
280 ch = (sctp_chunk_hdr_t *)rptr;
281 ch_len = ntohs(ch->sch_len);
282
283 if (ch_len < sizeof (*ch) || remaining < ch_len) {
284 return (NULL);
285 }
286
287 return (ch);
288 }
289
290 sctp_chunk_hdr_t *
sctp_next_chunk(sctp_chunk_hdr_t * ch,ssize_t * remaining)291 sctp_next_chunk(sctp_chunk_hdr_t *ch, ssize_t *remaining)
292 {
293 int pad;
294 uint16_t ch_len;
295
296 if (!ch) {
297 return (NULL);
298 }
299
300 ch_len = ntohs(ch->sch_len);
301
302 if ((pad = ch_len & (SCTP_ALIGN - 1)) != 0) {
303 pad = SCTP_ALIGN - pad;
304 }
305
306 *remaining -= (ch_len + pad);
307 ch = (sctp_chunk_hdr_t *)((char *)ch + ch_len + pad);
308
309 return (sctp_first_chunk((uchar_t *)ch, *remaining));
310 }
311
312 /*
313 * Attach ancillary data to a received SCTP segments.
314 * If the source address (fp) is not the primary, send up a
315 * unitdata_ind so recvfrom() can populate the msg_name field.
316 * If ancillary data is also requested, we append it to the
317 * unitdata_req. Otherwise, we just send up an optdata_ind.
318 */
319 static int
sctp_input_add_ancillary(sctp_t * sctp,mblk_t ** mp,sctp_data_hdr_t * dcp,sctp_faddr_t * fp,ip_pkt_t * ipp,ip_recv_attr_t * ira)320 sctp_input_add_ancillary(sctp_t *sctp, mblk_t **mp, sctp_data_hdr_t *dcp,
321 sctp_faddr_t *fp, ip_pkt_t *ipp, ip_recv_attr_t *ira)
322 {
323 struct T_unitdata_ind *tudi;
324 int optlen;
325 int hdrlen;
326 uchar_t *optptr;
327 struct cmsghdr *cmsg;
328 mblk_t *mp1;
329 struct sockaddr_in6 sin_buf[1];
330 struct sockaddr_in6 *sin6;
331 struct sockaddr_in *sin4;
332 crb_t addflag; /* Which pieces to add */
333 conn_t *connp = sctp->sctp_connp;
334
335 sin4 = NULL;
336 sin6 = NULL;
337
338 optlen = hdrlen = 0;
339 addflag.crb_all = 0;
340
341 /* Figure out address size */
342 if (connp->conn_family == AF_INET) {
343 sin4 = (struct sockaddr_in *)sin_buf;
344 sin4->sin_family = AF_INET;
345 sin4->sin_port = connp->conn_fport;
346 IN6_V4MAPPED_TO_IPADDR(&fp->sf_faddr, sin4->sin_addr.s_addr);
347 hdrlen = sizeof (*tudi) + sizeof (*sin4);
348 } else {
349 sin6 = sin_buf;
350 sin6->sin6_family = AF_INET6;
351 sin6->sin6_port = connp->conn_fport;
352 sin6->sin6_addr = fp->sf_faddr;
353 hdrlen = sizeof (*tudi) + sizeof (*sin6);
354 }
355 /* If app asked to receive send / recv info */
356 if (sctp->sctp_recvsndrcvinfo)
357 optlen += sizeof (*cmsg) + sizeof (struct sctp_sndrcvinfo);
358
359 if (connp->conn_recv_ancillary.crb_all == 0)
360 goto noancillary;
361
362 if (connp->conn_recv_ancillary.crb_ip_recvpktinfo &&
363 ira->ira_ruifindex != sctp->sctp_recvifindex) {
364 optlen += sizeof (*cmsg) + sizeof (struct in6_pktinfo);
365 if (hdrlen == 0)
366 hdrlen = sizeof (struct T_unitdata_ind);
367 addflag.crb_ip_recvpktinfo = 1;
368 }
369 /* If app asked for hoplimit and it has changed ... */
370 if (connp->conn_recv_ancillary.crb_ipv6_recvhoplimit &&
371 ipp->ipp_hoplimit != sctp->sctp_recvhops) {
372 optlen += sizeof (*cmsg) + sizeof (uint_t);
373 if (hdrlen == 0)
374 hdrlen = sizeof (struct T_unitdata_ind);
375 addflag.crb_ipv6_recvhoplimit = 1;
376 }
377 /* If app asked for tclass and it has changed ... */
378 if (connp->conn_recv_ancillary.crb_ipv6_recvtclass &&
379 ipp->ipp_tclass != sctp->sctp_recvtclass) {
380 optlen += sizeof (struct T_opthdr) + sizeof (uint_t);
381 if (hdrlen == 0)
382 hdrlen = sizeof (struct T_unitdata_ind);
383 addflag.crb_ipv6_recvtclass = 1;
384 }
385 /* If app asked for hopbyhop headers and it has changed ... */
386 if (connp->conn_recv_ancillary.crb_ipv6_recvhopopts &&
387 ip_cmpbuf(sctp->sctp_hopopts, sctp->sctp_hopoptslen,
388 (ipp->ipp_fields & IPPF_HOPOPTS),
389 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) {
390 optlen += sizeof (*cmsg) + ipp->ipp_hopoptslen -
391 sctp->sctp_v6label_len;
392 if (hdrlen == 0)
393 hdrlen = sizeof (struct T_unitdata_ind);
394 addflag.crb_ipv6_recvhopopts = 1;
395 if (!ip_allocbuf((void **)&sctp->sctp_hopopts,
396 &sctp->sctp_hopoptslen,
397 (ipp->ipp_fields & IPPF_HOPOPTS),
398 ipp->ipp_hopopts, ipp->ipp_hopoptslen))
399 return (-1);
400 }
401 /* If app asked for dst headers before routing headers ... */
402 if (connp->conn_recv_ancillary.crb_ipv6_recvrthdrdstopts &&
403 ip_cmpbuf(sctp->sctp_rthdrdstopts, sctp->sctp_rthdrdstoptslen,
404 (ipp->ipp_fields & IPPF_RTHDRDSTOPTS),
405 ipp->ipp_rthdrdstopts, ipp->ipp_rthdrdstoptslen)) {
406 optlen += sizeof (*cmsg) + ipp->ipp_rthdrdstoptslen;
407 if (hdrlen == 0)
408 hdrlen = sizeof (struct T_unitdata_ind);
409 addflag.crb_ipv6_recvrthdrdstopts = 1;
410 if (!ip_allocbuf((void **)&sctp->sctp_rthdrdstopts,
411 &sctp->sctp_rthdrdstoptslen,
412 (ipp->ipp_fields & IPPF_RTHDRDSTOPTS),
413 ipp->ipp_rthdrdstopts, ipp->ipp_rthdrdstoptslen))
414 return (-1);
415 }
416 /* If app asked for routing headers and it has changed ... */
417 if (connp->conn_recv_ancillary.crb_ipv6_recvrthdr &&
418 ip_cmpbuf(sctp->sctp_rthdr, sctp->sctp_rthdrlen,
419 (ipp->ipp_fields & IPPF_RTHDR),
420 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) {
421 optlen += sizeof (*cmsg) + ipp->ipp_rthdrlen;
422 if (hdrlen == 0)
423 hdrlen = sizeof (struct T_unitdata_ind);
424 addflag.crb_ipv6_recvrthdr = 1;
425 if (!ip_allocbuf((void **)&sctp->sctp_rthdr,
426 &sctp->sctp_rthdrlen,
427 (ipp->ipp_fields & IPPF_RTHDR),
428 ipp->ipp_rthdr, ipp->ipp_rthdrlen))
429 return (-1);
430 }
431 /* If app asked for dest headers and it has changed ... */
432 if (connp->conn_recv_ancillary.crb_ipv6_recvdstopts &&
433 ip_cmpbuf(sctp->sctp_dstopts, sctp->sctp_dstoptslen,
434 (ipp->ipp_fields & IPPF_DSTOPTS),
435 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) {
436 optlen += sizeof (*cmsg) + ipp->ipp_dstoptslen;
437 if (hdrlen == 0)
438 hdrlen = sizeof (struct T_unitdata_ind);
439 addflag.crb_ipv6_recvdstopts = 1;
440 if (!ip_allocbuf((void **)&sctp->sctp_dstopts,
441 &sctp->sctp_dstoptslen,
442 (ipp->ipp_fields & IPPF_DSTOPTS),
443 ipp->ipp_dstopts, ipp->ipp_dstoptslen))
444 return (-1);
445 }
446 noancillary:
447 /* Nothing to add */
448 if (hdrlen == 0)
449 return (-1);
450
451 mp1 = allocb(hdrlen + optlen + sizeof (void *), BPRI_MED);
452 if (mp1 == NULL)
453 return (-1);
454 mp1->b_cont = *mp;
455 *mp = mp1;
456 mp1->b_rptr += sizeof (void *); /* pointer worth of padding */
457 mp1->b_wptr = mp1->b_rptr + hdrlen + optlen;
458 DB_TYPE(mp1) = M_PROTO;
459 tudi = (struct T_unitdata_ind *)mp1->b_rptr;
460 tudi->PRIM_type = T_UNITDATA_IND;
461 tudi->SRC_length = sin4 ? sizeof (*sin4) : sizeof (*sin6);
462 tudi->SRC_offset = sizeof (*tudi);
463 tudi->OPT_offset = sizeof (*tudi) + tudi->SRC_length;
464 tudi->OPT_length = optlen;
465 if (sin4) {
466 bcopy(sin4, tudi + 1, sizeof (*sin4));
467 } else {
468 bcopy(sin6, tudi + 1, sizeof (*sin6));
469 }
470 optptr = (uchar_t *)tudi + tudi->OPT_offset;
471
472 if (sctp->sctp_recvsndrcvinfo) {
473 /* XXX need backout method if memory allocation fails. */
474 struct sctp_sndrcvinfo *sri;
475
476 cmsg = (struct cmsghdr *)optptr;
477 cmsg->cmsg_level = IPPROTO_SCTP;
478 cmsg->cmsg_type = SCTP_SNDRCV;
479 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*sri);
480 optptr += sizeof (*cmsg);
481
482 sri = (struct sctp_sndrcvinfo *)(cmsg + 1);
483 ASSERT(OK_32PTR(sri));
484 sri->sinfo_stream = ntohs(dcp->sdh_sid);
485 sri->sinfo_ssn = ntohs(dcp->sdh_ssn);
486 if (SCTP_DATA_GET_UBIT(dcp)) {
487 sri->sinfo_flags = MSG_UNORDERED;
488 } else {
489 sri->sinfo_flags = 0;
490 }
491 sri->sinfo_ppid = dcp->sdh_payload_id;
492 sri->sinfo_context = 0;
493 sri->sinfo_timetolive = 0;
494 sri->sinfo_tsn = ntohl(dcp->sdh_tsn);
495 sri->sinfo_cumtsn = sctp->sctp_ftsn;
496 sri->sinfo_assoc_id = 0;
497
498 optptr += sizeof (*sri);
499 }
500
501 /*
502 * If app asked for pktinfo and the index has changed ...
503 * Note that the local address never changes for the connection.
504 */
505 if (addflag.crb_ip_recvpktinfo) {
506 struct in6_pktinfo *pkti;
507 uint_t ifindex;
508
509 ifindex = ira->ira_ruifindex;
510 cmsg = (struct cmsghdr *)optptr;
511 cmsg->cmsg_level = IPPROTO_IPV6;
512 cmsg->cmsg_type = IPV6_PKTINFO;
513 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (*pkti);
514 optptr += sizeof (*cmsg);
515
516 pkti = (struct in6_pktinfo *)optptr;
517 if (connp->conn_family == AF_INET6)
518 pkti->ipi6_addr = sctp->sctp_ip6h->ip6_src;
519 else
520 IN6_IPADDR_TO_V4MAPPED(sctp->sctp_ipha->ipha_src,
521 &pkti->ipi6_addr);
522
523 pkti->ipi6_ifindex = ifindex;
524 optptr += sizeof (*pkti);
525 ASSERT(OK_32PTR(optptr));
526 /* Save as "last" value */
527 sctp->sctp_recvifindex = ifindex;
528 }
529 /* If app asked for hoplimit and it has changed ... */
530 if (addflag.crb_ipv6_recvhoplimit) {
531 cmsg = (struct cmsghdr *)optptr;
532 cmsg->cmsg_level = IPPROTO_IPV6;
533 cmsg->cmsg_type = IPV6_HOPLIMIT;
534 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (uint_t);
535 optptr += sizeof (*cmsg);
536
537 *(uint_t *)optptr = ipp->ipp_hoplimit;
538 optptr += sizeof (uint_t);
539 ASSERT(OK_32PTR(optptr));
540 /* Save as "last" value */
541 sctp->sctp_recvhops = ipp->ipp_hoplimit;
542 }
543 /* If app asked for tclass and it has changed ... */
544 if (addflag.crb_ipv6_recvtclass) {
545 cmsg = (struct cmsghdr *)optptr;
546 cmsg->cmsg_level = IPPROTO_IPV6;
547 cmsg->cmsg_type = IPV6_TCLASS;
548 cmsg->cmsg_len = sizeof (*cmsg) + sizeof (uint_t);
549 optptr += sizeof (*cmsg);
550
551 *(uint_t *)optptr = ipp->ipp_tclass;
552 optptr += sizeof (uint_t);
553 ASSERT(OK_32PTR(optptr));
554 /* Save as "last" value */
555 sctp->sctp_recvtclass = ipp->ipp_tclass;
556 }
557 if (addflag.crb_ipv6_recvhopopts) {
558 cmsg = (struct cmsghdr *)optptr;
559 cmsg->cmsg_level = IPPROTO_IPV6;
560 cmsg->cmsg_type = IPV6_HOPOPTS;
561 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_hopoptslen;
562 optptr += sizeof (*cmsg);
563
564 bcopy(ipp->ipp_hopopts, optptr, ipp->ipp_hopoptslen);
565 optptr += ipp->ipp_hopoptslen;
566 ASSERT(OK_32PTR(optptr));
567 /* Save as last value */
568 ip_savebuf((void **)&sctp->sctp_hopopts,
569 &sctp->sctp_hopoptslen,
570 (ipp->ipp_fields & IPPF_HOPOPTS),
571 ipp->ipp_hopopts, ipp->ipp_hopoptslen);
572 }
573 if (addflag.crb_ipv6_recvrthdrdstopts) {
574 cmsg = (struct cmsghdr *)optptr;
575 cmsg->cmsg_level = IPPROTO_IPV6;
576 cmsg->cmsg_type = IPV6_RTHDRDSTOPTS;
577 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rthdrdstoptslen;
578 optptr += sizeof (*cmsg);
579
580 bcopy(ipp->ipp_rthdrdstopts, optptr, ipp->ipp_rthdrdstoptslen);
581 optptr += ipp->ipp_rthdrdstoptslen;
582 ASSERT(OK_32PTR(optptr));
583 /* Save as last value */
584 ip_savebuf((void **)&sctp->sctp_rthdrdstopts,
585 &sctp->sctp_rthdrdstoptslen,
586 (ipp->ipp_fields & IPPF_RTHDRDSTOPTS),
587 ipp->ipp_rthdrdstopts, ipp->ipp_rthdrdstoptslen);
588 }
589 if (addflag.crb_ipv6_recvrthdr) {
590 cmsg = (struct cmsghdr *)optptr;
591 cmsg->cmsg_level = IPPROTO_IPV6;
592 cmsg->cmsg_type = IPV6_RTHDR;
593 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_rthdrlen;
594 optptr += sizeof (*cmsg);
595
596 bcopy(ipp->ipp_rthdr, optptr, ipp->ipp_rthdrlen);
597 optptr += ipp->ipp_rthdrlen;
598 ASSERT(OK_32PTR(optptr));
599 /* Save as last value */
600 ip_savebuf((void **)&sctp->sctp_rthdr,
601 &sctp->sctp_rthdrlen,
602 (ipp->ipp_fields & IPPF_RTHDR),
603 ipp->ipp_rthdr, ipp->ipp_rthdrlen);
604 }
605 if (addflag.crb_ipv6_recvdstopts) {
606 cmsg = (struct cmsghdr *)optptr;
607 cmsg->cmsg_level = IPPROTO_IPV6;
608 cmsg->cmsg_type = IPV6_DSTOPTS;
609 cmsg->cmsg_len = sizeof (*cmsg) + ipp->ipp_dstoptslen;
610 optptr += sizeof (*cmsg);
611
612 bcopy(ipp->ipp_dstopts, optptr, ipp->ipp_dstoptslen);
613 optptr += ipp->ipp_dstoptslen;
614 ASSERT(OK_32PTR(optptr));
615 /* Save as last value */
616 ip_savebuf((void **)&sctp->sctp_dstopts,
617 &sctp->sctp_dstoptslen,
618 (ipp->ipp_fields & IPPF_DSTOPTS),
619 ipp->ipp_dstopts, ipp->ipp_dstoptslen);
620 }
621
622 ASSERT(optptr == mp1->b_wptr);
623
624 return (0);
625 }
626
627 void
sctp_free_reass(sctp_instr_t * sip)628 sctp_free_reass(sctp_instr_t *sip)
629 {
630 mblk_t *mp, *mpnext, *mctl;
631 #ifdef DEBUG
632 sctp_reass_t *srp;
633 #endif
634
635 for (mp = sip->istr_reass; mp != NULL; mp = mpnext) {
636 mpnext = mp->b_next;
637 mp->b_next = NULL;
638 mp->b_prev = NULL;
639 if (DB_TYPE(mp) == M_CTL) {
640 mctl = mp;
641 #ifdef DEBUG
642 srp = (sctp_reass_t *)DB_BASE(mctl);
643 /* Partial delivery can leave empty srp */
644 ASSERT(mp->b_cont != NULL || srp->sr_got == 0);
645 #endif
646 mp = mp->b_cont;
647 mctl->b_cont = NULL;
648 freeb(mctl);
649 }
650 freemsg(mp);
651 }
652 sip->istr_reass = NULL;
653 }
654
655 /*
656 * If the series of data fragments of which dmp is a part is successfully
657 * reassembled, the first mblk in the series is returned. dc is adjusted
658 * to point at the data chunk in the lead mblk, and b_rptr also points to
659 * the data chunk; the following mblk's b_rptr's point at the actual payload.
660 *
661 * If the series is not yet reassembled, NULL is returned. dc is not changed.
662 * XXX should probably move this up into the state machine.
663 */
664
665 /* Fragment list for un-ordered messages. Partial delivery is not supported */
666 static mblk_t *
sctp_uodata_frag(sctp_t * sctp,mblk_t * dmp,sctp_data_hdr_t ** dc)667 sctp_uodata_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc)
668 {
669 mblk_t *hmp;
670 mblk_t *begin = NULL;
671 mblk_t *end = NULL;
672 sctp_data_hdr_t *qdc;
673 uint32_t ntsn;
674 uint32_t tsn = ntohl((*dc)->sdh_tsn);
675 #ifdef DEBUG
676 mblk_t *mp1;
677 #endif
678
679 /* First frag. */
680 if (sctp->sctp_uo_frags == NULL) {
681 sctp->sctp_uo_frags = dmp;
682 return (NULL);
683 }
684 hmp = sctp->sctp_uo_frags;
685 /*
686 * Insert the segment according to the TSN, fragmented unordered
687 * chunks are sequenced by TSN.
688 */
689 while (hmp != NULL) {
690 qdc = (sctp_data_hdr_t *)hmp->b_rptr;
691 ntsn = ntohl(qdc->sdh_tsn);
692 if (SEQ_GT(ntsn, tsn)) {
693 if (hmp->b_prev == NULL) {
694 dmp->b_next = hmp;
695 hmp->b_prev = dmp;
696 sctp->sctp_uo_frags = dmp;
697 } else {
698 dmp->b_next = hmp;
699 dmp->b_prev = hmp->b_prev;
700 hmp->b_prev->b_next = dmp;
701 hmp->b_prev = dmp;
702 }
703 break;
704 }
705 if (hmp->b_next == NULL) {
706 hmp->b_next = dmp;
707 dmp->b_prev = hmp;
708 break;
709 }
710 hmp = hmp->b_next;
711 }
712 /* check if we completed a msg */
713 if (SCTP_DATA_GET_BBIT(*dc)) {
714 begin = dmp;
715 } else if (SCTP_DATA_GET_EBIT(*dc)) {
716 end = dmp;
717 }
718 /*
719 * We walk consecutive TSNs backwards till we get a seg. with
720 * the B bit
721 */
722 if (begin == NULL) {
723 for (hmp = dmp->b_prev; hmp != NULL; hmp = hmp->b_prev) {
724 qdc = (sctp_data_hdr_t *)hmp->b_rptr;
725 ntsn = ntohl(qdc->sdh_tsn);
726 if ((int32_t)(tsn - ntsn) > 1) {
727 return (NULL);
728 }
729 if (SCTP_DATA_GET_BBIT(qdc)) {
730 begin = hmp;
731 break;
732 }
733 tsn = ntsn;
734 }
735 }
736 tsn = ntohl((*dc)->sdh_tsn);
737 /*
738 * We walk consecutive TSNs till we get a seg. with the E bit
739 */
740 if (end == NULL) {
741 for (hmp = dmp->b_next; hmp != NULL; hmp = hmp->b_next) {
742 qdc = (sctp_data_hdr_t *)hmp->b_rptr;
743 ntsn = ntohl(qdc->sdh_tsn);
744 if ((int32_t)(ntsn - tsn) > 1) {
745 return (NULL);
746 }
747 if (SCTP_DATA_GET_EBIT(qdc)) {
748 end = hmp;
749 break;
750 }
751 tsn = ntsn;
752 }
753 }
754 if (begin == NULL || end == NULL) {
755 return (NULL);
756 }
757 /* Got one!, Remove the msg from the list */
758 if (sctp->sctp_uo_frags == begin) {
759 ASSERT(begin->b_prev == NULL);
760 sctp->sctp_uo_frags = end->b_next;
761 if (end->b_next != NULL)
762 end->b_next->b_prev = NULL;
763 } else {
764 begin->b_prev->b_next = end->b_next;
765 if (end->b_next != NULL)
766 end->b_next->b_prev = begin->b_prev;
767 }
768 begin->b_prev = NULL;
769 end->b_next = NULL;
770
771 /*
772 * Null out b_next and b_prev and chain using b_cont.
773 */
774 dmp = end = begin;
775 hmp = begin->b_next;
776 *dc = (sctp_data_hdr_t *)begin->b_rptr;
777 begin->b_next = NULL;
778 while (hmp != NULL) {
779 qdc = (sctp_data_hdr_t *)hmp->b_rptr;
780 hmp->b_rptr = (uchar_t *)(qdc + 1);
781 end = hmp->b_next;
782 dmp->b_cont = hmp;
783 dmp = hmp;
784
785 if (end != NULL)
786 hmp->b_next = NULL;
787 hmp->b_prev = NULL;
788 hmp = end;
789 }
790 BUMP_LOCAL(sctp->sctp_reassmsgs);
791 #ifdef DEBUG
792 mp1 = begin;
793 while (mp1 != NULL) {
794 ASSERT(mp1->b_next == NULL);
795 ASSERT(mp1->b_prev == NULL);
796 mp1 = mp1->b_cont;
797 }
798 #endif
799 return (begin);
800 }
801
802 /*
803 * Try partial delivery.
804 */
805 static mblk_t *
sctp_try_partial_delivery(sctp_t * sctp,mblk_t * hmp,sctp_reass_t * srp,sctp_data_hdr_t ** dc)806 sctp_try_partial_delivery(sctp_t *sctp, mblk_t *hmp, sctp_reass_t *srp,
807 sctp_data_hdr_t **dc)
808 {
809 mblk_t *mp;
810 mblk_t *dmp;
811 mblk_t *qmp;
812 mblk_t *prev;
813 sctp_data_hdr_t *qdc;
814 uint32_t tsn;
815
816 ASSERT(DB_TYPE(hmp) == M_CTL);
817
818 dprint(4, ("trypartial: got=%d, needed=%d\n",
819 (int)(srp->sr_got), (int)(srp->sr_needed)));
820
821 mp = hmp->b_cont;
822 qdc = (sctp_data_hdr_t *)mp->b_rptr;
823
824 ASSERT(SCTP_DATA_GET_BBIT(qdc) && srp->sr_hasBchunk);
825
826 tsn = ntohl(qdc->sdh_tsn) + 1;
827
828 /*
829 * This loop has two exit conditions: the
830 * end of received chunks has been reached, or
831 * there is a break in the sequence. We want
832 * to chop the reassembly list as follows (the
833 * numbers are TSNs):
834 * 10 -> 11 -> (end of chunks)
835 * 10 -> 11 -> | 13 (break in sequence)
836 */
837 prev = mp;
838 mp = mp->b_cont;
839 while (mp != NULL) {
840 qdc = (sctp_data_hdr_t *)mp->b_rptr;
841 if (ntohl(qdc->sdh_tsn) != tsn)
842 break;
843 prev = mp;
844 mp = mp->b_cont;
845 tsn++;
846 }
847 /*
848 * We are sending all the fragments upstream, we have to retain
849 * the srp info for further fragments.
850 */
851 if (mp == NULL) {
852 dmp = hmp->b_cont;
853 hmp->b_cont = NULL;
854 srp->sr_nexttsn = tsn;
855 srp->sr_msglen = 0;
856 srp->sr_needed = 0;
857 srp->sr_got = 0;
858 srp->sr_tail = NULL;
859 } else {
860 /*
861 * There is a gap then some ordered frags which are not
862 * the next deliverable tsn. When the next deliverable
863 * frag arrives it will be set as the new list head in
864 * sctp_data_frag() by setting the B bit.
865 */
866 dmp = hmp->b_cont;
867 hmp->b_cont = mp;
868 }
869 srp->sr_hasBchunk = B_FALSE;
870 /*
871 * mp now points at the last chunk in the sequence,
872 * and prev points to mp's previous in the list.
873 * We chop the list at prev. Subsequent fragment
874 * deliveries will follow the normal reassembly
875 * path unless they too exceed the sctp_pd_point.
876 */
877 prev->b_cont = NULL;
878 srp->sr_partial_delivered = B_TRUE;
879
880 dprint(4, ("trypartial: got some, got=%d, needed=%d\n",
881 (int)(srp->sr_got), (int)(srp->sr_needed)));
882
883 /*
884 * Adjust all mblk's except the lead so their rptr's point to the
885 * payload. sctp_data_chunk() will need to process the lead's
886 * data chunk section, so leave it's rptr pointing at the data chunk.
887 */
888 *dc = (sctp_data_hdr_t *)dmp->b_rptr;
889 if (srp->sr_tail != NULL) {
890 srp->sr_got--;
891 ASSERT(srp->sr_got != 0);
892 if (srp->sr_needed != 0) {
893 srp->sr_needed--;
894 ASSERT(srp->sr_needed != 0);
895 }
896 srp->sr_msglen -= ntohs((*dc)->sdh_len);
897 }
898 for (qmp = dmp->b_cont; qmp != NULL; qmp = qmp->b_cont) {
899 qdc = (sctp_data_hdr_t *)qmp->b_rptr;
900 qmp->b_rptr = (uchar_t *)(qdc + 1);
901
902 /*
903 * Deduct the balance from got and needed here, now that
904 * we know we are actually delivering these data.
905 */
906 if (srp->sr_tail != NULL) {
907 srp->sr_got--;
908 ASSERT(srp->sr_got != 0);
909 if (srp->sr_needed != 0) {
910 srp->sr_needed--;
911 ASSERT(srp->sr_needed != 0);
912 }
913 srp->sr_msglen -= ntohs(qdc->sdh_len);
914 }
915 }
916 ASSERT(srp->sr_msglen == 0);
917 BUMP_LOCAL(sctp->sctp_reassmsgs);
918
919 return (dmp);
920 }
921
922 /*
923 * Handle received fragments for ordered delivery to upper layer protocol.
924 * Manage the per message reassembly queue and if this fragment completes
925 * reassembly of the message, or qualifies the already reassembled data
926 * for partial delivery, prepare the message for delivery upstream.
927 *
928 * tpfinished in the caller remains set only when the incoming fragment
929 * has completed the reassembly of the message associated with its ssn.
930 */
931 static mblk_t *
sctp_data_frag(sctp_t * sctp,mblk_t * dmp,sctp_data_hdr_t ** dc,int * error,sctp_instr_t * sip,boolean_t * tpfinished)932 sctp_data_frag(sctp_t *sctp, mblk_t *dmp, sctp_data_hdr_t **dc, int *error,
933 sctp_instr_t *sip, boolean_t *tpfinished)
934 {
935 mblk_t *reassq_curr, *reassq_next, *reassq_prev;
936 mblk_t *new_reassq;
937 mblk_t *qmp;
938 mblk_t *first_mp;
939 sctp_reass_t *srp;
940 sctp_data_hdr_t *qdc;
941 sctp_data_hdr_t *bdc;
942 sctp_data_hdr_t *edc;
943 uint32_t tsn;
944 uint16_t fraglen = 0;
945
946 reassq_curr = NULL;
947 *error = 0;
948
949 /*
950 * Find the reassembly queue for this data chunk, if none
951 * yet exists, a new per message queue will be created and
952 * appended to the end of the list of per message queues.
953 *
954 * sip points on sctp_instr_t representing instream messages
955 * as yet undelivered for this stream (sid) of the association.
956 */
957 reassq_next = reassq_prev = sip->istr_reass;
958 for (; reassq_next != NULL; reassq_next = reassq_next->b_next) {
959 srp = (sctp_reass_t *)DB_BASE(reassq_next);
960 if (ntohs((*dc)->sdh_ssn) == srp->sr_ssn) {
961 reassq_curr = reassq_next;
962 goto foundit;
963 } else if (SSN_GT(srp->sr_ssn, ntohs((*dc)->sdh_ssn)))
964 break;
965 reassq_prev = reassq_next;
966 }
967
968 /*
969 * First fragment of this message received, allocate a M_CTL that
970 * will head the reassembly queue for this message. The message
971 * and all its fragments are identified by having the same ssn.
972 *
973 * Arriving fragments will be inserted in tsn order on the
974 * reassembly queue for this message (ssn), linked by b_cont.
975 */
976 if ((new_reassq = allocb(sizeof (*srp), BPRI_MED)) == NULL) {
977 *error = ENOMEM;
978 return (NULL);
979 }
980 DB_TYPE(new_reassq) = M_CTL;
981 srp = (sctp_reass_t *)DB_BASE(new_reassq);
982 new_reassq->b_cont = dmp;
983
984 /*
985 * All per ssn reassembly queues, (one for each message) on
986 * this stream are doubly linked by b_next/b_prev back to the
987 * instr_reass of the instream structure associated with this
988 * stream id, (sip is initialized as sctp->sctp_instr[sid]).
989 * Insert the new reassembly queue in the correct (ssn) order.
990 */
991 if (reassq_next != NULL) {
992 if (sip->istr_reass == reassq_next) {
993 /* head insertion */
994 sip->istr_reass = new_reassq;
995 new_reassq->b_next = reassq_next;
996 new_reassq->b_prev = NULL;
997 reassq_next->b_prev = new_reassq;
998 } else {
999 /* mid queue insertion */
1000 reassq_prev->b_next = new_reassq;
1001 new_reassq->b_prev = reassq_prev;
1002 new_reassq->b_next = reassq_next;
1003 reassq_next->b_prev = new_reassq;
1004 }
1005 } else {
1006 /* place new reassembly queue at the end */
1007 if (sip->istr_reass == NULL) {
1008 sip->istr_reass = new_reassq;
1009 new_reassq->b_prev = NULL;
1010 } else {
1011 reassq_prev->b_next = new_reassq;
1012 new_reassq->b_prev = reassq_prev;
1013 }
1014 new_reassq->b_next = NULL;
1015 }
1016 srp->sr_partial_delivered = B_FALSE;
1017 srp->sr_ssn = ntohs((*dc)->sdh_ssn);
1018 srp->sr_hasBchunk = B_FALSE;
1019 empty_srp:
1020 srp->sr_needed = 0;
1021 srp->sr_got = 1;
1022 /* tail always the highest tsn on the reassembly queue for this ssn */
1023 srp->sr_tail = dmp;
1024 if (SCTP_DATA_GET_BBIT(*dc)) {
1025 /* Incoming frag is flagged as the beginning of message */
1026 srp->sr_msglen = ntohs((*dc)->sdh_len);
1027 srp->sr_nexttsn = ntohl((*dc)->sdh_tsn) + 1;
1028 srp->sr_hasBchunk = B_TRUE;
1029 } else if (srp->sr_partial_delivered &&
1030 srp->sr_nexttsn == ntohl((*dc)->sdh_tsn)) {
1031 /*
1032 * The real beginning fragment of the message was already
1033 * delivered upward, so this is the earliest frag expected.
1034 * Fake the B-bit then see if this frag also completes the
1035 * message.
1036 */
1037 SCTP_DATA_SET_BBIT(*dc);
1038 srp->sr_hasBchunk = B_TRUE;
1039 srp->sr_msglen = ntohs((*dc)->sdh_len);
1040 if (SCTP_DATA_GET_EBIT(*dc)) {
1041 /* This frag is marked as the end of message */
1042 srp->sr_needed = 1;
1043 /* Got all fragments of this message now */
1044 goto frag_done;
1045 }
1046 srp->sr_nexttsn++;
1047 }
1048
1049 /* The only fragment of this message currently queued */
1050 *tpfinished = B_FALSE;
1051 return (NULL);
1052 foundit:
1053 /*
1054 * This message already has a reassembly queue. Insert the new frag
1055 * in the reassembly queue. Try the tail first, on the assumption
1056 * that the fragments are arriving in order.
1057 */
1058 qmp = srp->sr_tail;
1059
1060 /*
1061 * A NULL tail means all existing fragments of the message have
1062 * been entirely consumed during a partially delivery.
1063 */
1064 if (qmp == NULL) {
1065 ASSERT(srp->sr_got == 0 && srp->sr_needed == 0 &&
1066 srp->sr_partial_delivered);
1067 ASSERT(reassq_curr->b_cont == NULL);
1068 reassq_curr->b_cont = dmp;
1069 goto empty_srp;
1070 } else {
1071 /*
1072 * If partial delivery did take place but the next arriving
1073 * fragment was not the next to be delivered, or partial
1074 * delivery broke off due to a gap, fragments remain on the
1075 * tail. The next fragment due to be delivered still has to
1076 * be set as the new head of list upon arrival. Fake B-bit
1077 * on that frag then see if it also completes the message.
1078 */
1079 if (srp->sr_partial_delivered &&
1080 srp->sr_nexttsn == ntohl((*dc)->sdh_tsn)) {
1081 SCTP_DATA_SET_BBIT(*dc);
1082 srp->sr_hasBchunk = B_TRUE;
1083 if (SCTP_DATA_GET_EBIT(*dc)) {
1084 /* Got all fragments of this message now */
1085 goto frag_done;
1086 }
1087 }
1088 }
1089
1090 /* grab the frag header of already queued tail frag for comparison */
1091 qdc = (sctp_data_hdr_t *)qmp->b_rptr;
1092 ASSERT(qmp->b_cont == NULL);
1093
1094 /* check if the frag goes on the tail in order */
1095 if (SEQ_GT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) {
1096 qmp->b_cont = dmp;
1097 srp->sr_tail = dmp;
1098 dmp->b_cont = NULL;
1099 if (srp->sr_hasBchunk && srp->sr_nexttsn ==
1100 ntohl((*dc)->sdh_tsn)) {
1101 srp->sr_msglen += ntohs((*dc)->sdh_len);
1102 srp->sr_nexttsn++;
1103 }
1104 goto inserted;
1105 }
1106
1107 /* Next check if we should insert this frag at the beginning */
1108 qmp = reassq_curr->b_cont;
1109 qdc = (sctp_data_hdr_t *)qmp->b_rptr;
1110 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) {
1111 dmp->b_cont = qmp;
1112 reassq_curr->b_cont = dmp;
1113 if (SCTP_DATA_GET_BBIT(*dc)) {
1114 srp->sr_hasBchunk = B_TRUE;
1115 srp->sr_nexttsn = ntohl((*dc)->sdh_tsn);
1116 }
1117 goto preinserted;
1118 }
1119
1120 /* Insert this frag in it's correct order in the middle */
1121 for (;;) {
1122 /* Tail check above should have caught this */
1123 ASSERT(qmp->b_cont != NULL);
1124
1125 qdc = (sctp_data_hdr_t *)qmp->b_cont->b_rptr;
1126 if (SEQ_LT(ntohl((*dc)->sdh_tsn), ntohl(qdc->sdh_tsn))) {
1127 /* insert here */
1128 dmp->b_cont = qmp->b_cont;
1129 qmp->b_cont = dmp;
1130 break;
1131 }
1132 qmp = qmp->b_cont;
1133 }
1134 preinserted:
1135 /*
1136 * Need head of message and to be due to deliver, otherwise skip
1137 * the recalculation of the message length below.
1138 */
1139 if (!srp->sr_hasBchunk || ntohl((*dc)->sdh_tsn) != srp->sr_nexttsn)
1140 goto inserted;
1141 /*
1142 * fraglen contains the length of consecutive chunks of fragments.
1143 * starting from the chunk we just inserted.
1144 */
1145 tsn = srp->sr_nexttsn;
1146 for (qmp = dmp; qmp != NULL; qmp = qmp->b_cont) {
1147 qdc = (sctp_data_hdr_t *)qmp->b_rptr;
1148 if (tsn != ntohl(qdc->sdh_tsn))
1149 break;
1150 fraglen += ntohs(qdc->sdh_len);
1151 tsn++;
1152 }
1153 srp->sr_nexttsn = tsn;
1154 srp->sr_msglen += fraglen;
1155 inserted:
1156 srp->sr_got++;
1157 first_mp = reassq_curr->b_cont;
1158 /* Prior to this frag either the beginning or end frag was missing */
1159 if (srp->sr_needed == 0) {
1160 /* used to check if we have the first and last fragments */
1161 bdc = (sctp_data_hdr_t *)first_mp->b_rptr;
1162 edc = (sctp_data_hdr_t *)srp->sr_tail->b_rptr;
1163
1164 /*
1165 * If we now have both the beginning and the end of the message,
1166 * calculate how many fragments in the complete message.
1167 */
1168 if (SCTP_DATA_GET_BBIT(bdc) && SCTP_DATA_GET_EBIT(edc)) {
1169 srp->sr_needed = ntohl(edc->sdh_tsn) -
1170 ntohl(bdc->sdh_tsn) + 1;
1171 }
1172 }
1173
1174 /*
1175 * Try partial delivery if the message length has exceeded the
1176 * partial delivery point. Only do this if we can immediately
1177 * deliver the partially assembled message, and only partially
1178 * deliver one message at a time (i.e. messages cannot be
1179 * intermixed arriving at the upper layer).
1180 * sctp_try_partial_delivery() will return a message consisting
1181 * of only consecutive fragments.
1182 */
1183 if (srp->sr_needed != srp->sr_got) {
1184 /* we don't have the full message yet */
1185 dmp = NULL;
1186 if (ntohl((*dc)->sdh_tsn) <= sctp->sctp_ftsn &&
1187 srp->sr_msglen >= sctp->sctp_pd_point &&
1188 srp->sr_ssn == sip->nextseq) {
1189 dmp = sctp_try_partial_delivery(sctp, reassq_curr,
1190 srp, dc);
1191 }
1192 *tpfinished = B_FALSE;
1193 /*
1194 * NULL unless a segment of the message now qualified for
1195 * partial_delivery and has been prepared for delivery by
1196 * sctp_try_partial_delivery().
1197 */
1198 return (dmp);
1199 }
1200 frag_done:
1201 /*
1202 * Reassembly complete for this message, prepare the data for delivery.
1203 * First unlink the reassembly queue for this ssn from the list of
1204 * messages in reassembly.
1205 */
1206 if (sip->istr_reass == reassq_curr) {
1207 sip->istr_reass = reassq_curr->b_next;
1208 if (reassq_curr->b_next)
1209 reassq_curr->b_next->b_prev = NULL;
1210 } else {
1211 ASSERT(reassq_curr->b_prev != NULL);
1212 reassq_curr->b_prev->b_next = reassq_curr->b_next;
1213 if (reassq_curr->b_next)
1214 reassq_curr->b_next->b_prev = reassq_curr->b_prev;
1215 }
1216
1217 /*
1218 * Need to clean up b_prev and b_next as freeb() will
1219 * ASSERT that they are unused.
1220 */
1221 reassq_curr->b_next = NULL;
1222 reassq_curr->b_prev = NULL;
1223
1224 dmp = reassq_curr;
1225 /* point to the head of the reassembled data message */
1226 dmp = dmp->b_cont;
1227 reassq_curr->b_cont = NULL;
1228 freeb(reassq_curr);
1229 /* Tell our caller that we are returning a complete message. */
1230 *tpfinished = B_TRUE;
1231
1232 /*
1233 * Adjust all mblk's except the lead so their rptr's point to the
1234 * payload. sctp_data_chunk() will need to process the lead's data
1235 * data chunk section, so leave its rptr pointing at the data chunk
1236 * header.
1237 */
1238 *dc = (sctp_data_hdr_t *)dmp->b_rptr;
1239 for (qmp = dmp->b_cont; qmp != NULL; qmp = qmp->b_cont) {
1240 qdc = (sctp_data_hdr_t *)qmp->b_rptr;
1241 qmp->b_rptr = (uchar_t *)(qdc + 1);
1242 }
1243 BUMP_LOCAL(sctp->sctp_reassmsgs);
1244
1245 return (dmp);
1246 }
1247
1248 static void
sctp_add_dup(uint32_t tsn,mblk_t ** dups)1249 sctp_add_dup(uint32_t tsn, mblk_t **dups)
1250 {
1251 mblk_t *mp;
1252 size_t bsize = SCTP_DUP_MBLK_SZ * sizeof (tsn);
1253
1254 if (dups == NULL) {
1255 return;
1256 }
1257
1258 /* first time? */
1259 if (*dups == NULL) {
1260 *dups = allocb(bsize, BPRI_MED);
1261 if (*dups == NULL) {
1262 return;
1263 }
1264 }
1265
1266 mp = *dups;
1267 if ((mp->b_wptr - mp->b_rptr) >= bsize) {
1268 /* maximum reached */
1269 return;
1270 }
1271
1272 /* add the duplicate tsn */
1273 bcopy(&tsn, mp->b_wptr, sizeof (tsn));
1274 mp->b_wptr += sizeof (tsn);
1275 ASSERT((mp->b_wptr - mp->b_rptr) <= bsize);
1276 }
1277
1278 /*
1279 * All incoming sctp data, complete messages and fragments are handled by
1280 * this function. Unless the U-bit is set in the data chunk it will be
1281 * delivered in order or queued until an in-order delivery can be made.
1282 */
1283 static void
sctp_data_chunk(sctp_t * sctp,sctp_chunk_hdr_t * ch,mblk_t * mp,mblk_t ** dups,sctp_faddr_t * fp,ip_pkt_t * ipp,ip_recv_attr_t * ira)1284 sctp_data_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, mblk_t *mp, mblk_t **dups,
1285 sctp_faddr_t *fp, ip_pkt_t *ipp, ip_recv_attr_t *ira)
1286 {
1287 sctp_data_hdr_t *dc;
1288 mblk_t *dmp, *pmp;
1289 sctp_instr_t *instr;
1290 int ubit;
1291 int sid;
1292 int isfrag;
1293 uint16_t ssn;
1294 uint32_t oftsn;
1295 boolean_t can_deliver = B_TRUE;
1296 uint32_t tsn;
1297 int dlen;
1298 boolean_t tpfinished = B_TRUE;
1299 sctp_stack_t *sctps = sctp->sctp_sctps;
1300 int error;
1301
1302 /* The following are used multiple times, so we inline them */
1303 #define SCTP_ACK_IT(sctp, tsn) \
1304 if (tsn == sctp->sctp_ftsn) { \
1305 dprint(2, ("data_chunk: acking next %x\n", tsn)); \
1306 (sctp)->sctp_ftsn++; \
1307 if ((sctp)->sctp_sack_gaps > 0) \
1308 (sctp)->sctp_force_sack = 1; \
1309 } else if (SEQ_GT(tsn, sctp->sctp_ftsn)) { \
1310 /* Got a gap; record it */ \
1311 BUMP_LOCAL(sctp->sctp_outseqtsns); \
1312 dprint(2, ("data_chunk: acking gap %x\n", tsn)); \
1313 sctp_ack_add(&sctp->sctp_sack_info, tsn, \
1314 &sctp->sctp_sack_gaps); \
1315 sctp->sctp_force_sack = 1; \
1316 }
1317
1318 dmp = NULL;
1319
1320 dc = (sctp_data_hdr_t *)ch;
1321 tsn = ntohl(dc->sdh_tsn);
1322
1323 dprint(3, ("sctp_data_chunk: mp=%p tsn=%x\n", (void *)mp, tsn));
1324
1325 /* Check for duplicates */
1326 if (SEQ_LT(tsn, sctp->sctp_ftsn)) {
1327 dprint(4, ("sctp_data_chunk: dropping duplicate\n"));
1328 BUMP_LOCAL(sctp->sctp_idupchunks);
1329 sctp->sctp_force_sack = 1;
1330 sctp_add_dup(dc->sdh_tsn, dups);
1331 return;
1332 }
1333
1334 /* Check for dups of sack'ed data */
1335 if (sctp->sctp_sack_info != NULL) {
1336 sctp_set_t *sp;
1337
1338 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) {
1339 if (SEQ_GEQ(tsn, sp->begin) && SEQ_LEQ(tsn, sp->end)) {
1340 dprint(4,
1341 ("sctp_data_chunk: dropping dup > "
1342 "cumtsn\n"));
1343 BUMP_LOCAL(sctp->sctp_idupchunks);
1344 sctp->sctp_force_sack = 1;
1345 sctp_add_dup(dc->sdh_tsn, dups);
1346 return;
1347 }
1348 }
1349 }
1350
1351 /* We can no longer deliver anything up, but still need to handle it. */
1352 if (SCTP_IS_DETACHED(sctp)) {
1353 SCTPS_BUMP_MIB(sctps, sctpInClosed);
1354 can_deliver = B_FALSE;
1355 }
1356
1357 dlen = ntohs(dc->sdh_len) - sizeof (*dc);
1358
1359 /*
1360 * Check for buffer space. Note if this is the next expected TSN
1361 * we have to take it to avoid deadlock because we cannot deliver
1362 * later queued TSNs and thus clear buffer space without it.
1363 * We drop anything that is purely zero window probe data here.
1364 */
1365 if ((sctp->sctp_rwnd - sctp->sctp_rxqueued < dlen) &&
1366 (tsn != sctp->sctp_ftsn || sctp->sctp_rwnd == 0)) {
1367 /* Drop and SACK, but don't advance the cumulative TSN. */
1368 sctp->sctp_force_sack = 1;
1369 dprint(0, ("sctp_data_chunk: exceed rwnd %d rxqueued %d "
1370 "dlen %d ssn %d tsn %x\n", sctp->sctp_rwnd,
1371 sctp->sctp_rxqueued, dlen, ntohs(dc->sdh_ssn),
1372 ntohl(dc->sdh_tsn)));
1373 return;
1374 }
1375
1376 sid = ntohs(dc->sdh_sid);
1377
1378 /* Data received for a stream not negotiated for this association */
1379 if (sid >= sctp->sctp_num_istr) {
1380 sctp_bsc_t inval_parm;
1381
1382 /* Will populate the CAUSE block in the ERROR chunk. */
1383 inval_parm.bsc_sid = dc->sdh_sid;
1384 /* RESERVED, ignored at the receiving end */
1385 inval_parm.bsc_pad = 0;
1386
1387 /* ack and drop it */
1388 sctp_add_err(sctp, SCTP_ERR_BAD_SID, (void *)&inval_parm,
1389 sizeof (sctp_bsc_t), fp);
1390 SCTP_ACK_IT(sctp, tsn);
1391 return;
1392 }
1393
1394 /* unordered delivery OK for this data if ubit set */
1395 ubit = SCTP_DATA_GET_UBIT(dc);
1396 ASSERT(sctp->sctp_instr != NULL);
1397
1398 /* select per stream structure for this stream from the array */
1399 instr = &sctp->sctp_instr[sid];
1400 /* Initialize the stream, if not yet used */
1401 if (instr->sctp == NULL)
1402 instr->sctp = sctp;
1403
1404 /* Begin and End bit set would mean a complete message */
1405 isfrag = !(SCTP_DATA_GET_BBIT(dc) && SCTP_DATA_GET_EBIT(dc));
1406
1407 /* The ssn of this sctp message and of any fragments in it */
1408 ssn = ntohs(dc->sdh_ssn);
1409
1410 dmp = dupb(mp);
1411 if (dmp == NULL) {
1412 /* drop it and don't ack, let the peer retransmit */
1413 return;
1414 }
1415 /*
1416 * Past header and payload, note: the underlying buffer may
1417 * contain further chunks from the same incoming IP packet,
1418 * if so db_ref will be greater than one.
1419 */
1420 dmp->b_wptr = (uchar_t *)ch + ntohs(ch->sch_len);
1421
1422 sctp->sctp_rxqueued += dlen;
1423
1424 oftsn = sctp->sctp_ftsn;
1425
1426 if (isfrag) {
1427
1428 error = 0;
1429 /* fragmented data chunk */
1430 dmp->b_rptr = (uchar_t *)dc;
1431 if (ubit) {
1432 /* prepare data for unordered delivery */
1433 dmp = sctp_uodata_frag(sctp, dmp, &dc);
1434 #if DEBUG
1435 if (dmp != NULL) {
1436 ASSERT(instr ==
1437 &sctp->sctp_instr[sid]);
1438 }
1439 #endif
1440 } else {
1441 /*
1442 * Assemble fragments and queue for ordered delivery,
1443 * dmp returned is NULL or the head of a complete or
1444 * "partial delivery" message. Any returned message
1445 * and all its fragments will have the same ssn as the
1446 * input fragment currently being handled.
1447 */
1448 dmp = sctp_data_frag(sctp, dmp, &dc, &error, instr,
1449 &tpfinished);
1450 }
1451 if (error == ENOMEM) {
1452 /* back out the adjustment made earlier */
1453 sctp->sctp_rxqueued -= dlen;
1454 /*
1455 * Don't ack the segment,
1456 * the peer will retransmit.
1457 */
1458 return;
1459 }
1460
1461 if (dmp == NULL) {
1462 /*
1463 * The frag has been queued for later in-order delivery,
1464 * but the cumulative TSN may need to advance, so also
1465 * need to perform the gap ack checks at the done label.
1466 */
1467 SCTP_ACK_IT(sctp, tsn);
1468 DTRACE_PROBE4(sctp_data_frag_queued, sctp_t *, sctp,
1469 int, sid, int, tsn, uint16_t, ssn);
1470 goto done;
1471 }
1472 }
1473
1474 /*
1475 * Unless message is the next for delivery to the ulp, queue complete
1476 * message in the correct order for ordered delivery.
1477 * Note: tpfinished is true when the incoming chunk contains a complete
1478 * message or is the final missing fragment which completed a message.
1479 */
1480 if (!ubit && tpfinished && ssn != instr->nextseq) {
1481 /* Adjust rptr to point at the data chunk for compares */
1482 dmp->b_rptr = (uchar_t *)dc;
1483
1484 dprint(2,
1485 ("data_chunk: inserted %x in pq (ssn %d expected %d)\n",
1486 ntohl(dc->sdh_tsn), (int)(ssn), (int)(instr->nextseq)));
1487
1488 if (instr->istr_msgs == NULL) {
1489 instr->istr_msgs = dmp;
1490 ASSERT(dmp->b_prev == NULL && dmp->b_next == NULL);
1491 } else {
1492 mblk_t *imblk = instr->istr_msgs;
1493 sctp_data_hdr_t *idc;
1494
1495 /*
1496 * XXXNeed to take sequence wraps into account,
1497 * ... and a more efficient insertion algo.
1498 */
1499 for (;;) {
1500 idc = (sctp_data_hdr_t *)imblk->b_rptr;
1501 if (SSN_GT(ntohs(idc->sdh_ssn),
1502 ntohs(dc->sdh_ssn))) {
1503 if (instr->istr_msgs == imblk) {
1504 instr->istr_msgs = dmp;
1505 dmp->b_next = imblk;
1506 imblk->b_prev = dmp;
1507 } else {
1508 ASSERT(imblk->b_prev != NULL);
1509 imblk->b_prev->b_next = dmp;
1510 dmp->b_prev = imblk->b_prev;
1511 imblk->b_prev = dmp;
1512 dmp->b_next = imblk;
1513 }
1514 break;
1515 }
1516 if (imblk->b_next == NULL) {
1517 imblk->b_next = dmp;
1518 dmp->b_prev = imblk;
1519 break;
1520 }
1521 imblk = imblk->b_next;
1522 }
1523 }
1524 (instr->istr_nmsgs)++;
1525 (sctp->sctp_istr_nmsgs)++;
1526 SCTP_ACK_IT(sctp, tsn);
1527 DTRACE_PROBE4(sctp_pqueue_completemsg, sctp_t *, sctp,
1528 int, sid, int, tsn, uint16_t, ssn);
1529 return;
1530 }
1531
1532 /*
1533 * Deliver the data directly. Recalculate dlen now since
1534 * we may have just reassembled this data.
1535 */
1536 dlen = dmp->b_wptr - (uchar_t *)dc - sizeof (*dc);
1537 for (pmp = dmp->b_cont; pmp != NULL; pmp = pmp->b_cont)
1538 dlen += MBLKL(pmp);
1539 ASSERT(sctp->sctp_rxqueued >= dlen);
1540
1541 /* Deliver the message. */
1542 sctp->sctp_rxqueued -= dlen;
1543
1544 if (can_deliver) {
1545 /* step past header to the payload */
1546 dmp->b_rptr = (uchar_t *)(dc + 1);
1547 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp,
1548 ipp, ira) == 0) {
1549 dprint(1, ("sctp_data_chunk: delivering %lu bytes\n",
1550 msgdsize(dmp)));
1551 /*
1552 * We overload the meaning of b_flag for SCTP sockfs
1553 * internal use, to advise sockfs of partial delivery
1554 * semantics.
1555 */
1556 dmp->b_flag = tpfinished ? 0 : SCTP_PARTIAL_DATA;
1557 if (sctp->sctp_flowctrld) {
1558 sctp->sctp_rwnd -= dlen;
1559 if (sctp->sctp_rwnd < 0)
1560 sctp->sctp_rwnd = 0;
1561 }
1562 if (sctp->sctp_ulp_recv(sctp->sctp_ulpd, dmp,
1563 msgdsize(dmp), 0, &error, NULL) <= 0) {
1564 sctp->sctp_flowctrld = B_TRUE;
1565 }
1566 SCTP_ACK_IT(sctp, tsn);
1567 } else {
1568 /* No memory don't ack, the peer will retransmit. */
1569 freemsg(dmp);
1570 return;
1571 }
1572 } else {
1573 /* Closed above, ack to peer and free the data */
1574 freemsg(dmp);
1575 SCTP_ACK_IT(sctp, tsn);
1576 }
1577
1578 /*
1579 * Data now enqueued, may already have been processed and free'd
1580 * by the ULP (or we may have just freed it above, if we could not
1581 * deliver), so we must not reference it (this is why we saved the
1582 * ssn and ubit earlier).
1583 */
1584 if (ubit != 0) {
1585 BUMP_LOCAL(sctp->sctp_iudchunks);
1586 goto done;
1587 }
1588 BUMP_LOCAL(sctp->sctp_idchunks);
1589
1590 /*
1591 * There was a partial delivery and it has not finished,
1592 * don't pull anything from the pqueues or increment the
1593 * nextseq. This msg must complete before starting on
1594 * the next ssn and the partial message must have the
1595 * same ssn as the next expected message..
1596 */
1597 if (!tpfinished) {
1598 DTRACE_PROBE4(sctp_partial_delivery, sctp_t *, sctp,
1599 int, sid, int, tsn, uint16_t, ssn);
1600 /*
1601 * Verify the partial delivery is part of the
1602 * message expected for ordered delivery.
1603 */
1604 if (ssn != instr->nextseq) {
1605 DTRACE_PROBE4(sctp_partial_delivery_error,
1606 sctp_t *, sctp, int, sid, int, tsn,
1607 uint16_t, ssn);
1608 cmn_err(CE_WARN, "sctp partial"
1609 " delivery error, sctp 0x%p"
1610 " sid = 0x%x ssn != nextseq"
1611 " tsn 0x%x ftsn 0x%x"
1612 " ssn 0x%x nextseq 0x%x",
1613 (void *)sctp, sid,
1614 tsn, sctp->sctp_ftsn, ssn,
1615 instr->nextseq);
1616 }
1617
1618 ASSERT(ssn == instr->nextseq);
1619 goto done;
1620 }
1621
1622 if (ssn != instr->nextseq) {
1623 DTRACE_PROBE4(sctp_inorder_delivery_error,
1624 sctp_t *, sctp, int, sid, int, tsn,
1625 uint16_t, ssn);
1626 cmn_err(CE_WARN, "sctp in-order delivery error, sctp 0x%p "
1627 "sid = 0x%x ssn != nextseq ssn 0x%x nextseq 0x%x",
1628 (void *)sctp, sid, ssn, instr->nextseq);
1629 }
1630
1631 ASSERT(ssn == instr->nextseq);
1632
1633 DTRACE_PROBE4(sctp_deliver_completemsg, sctp_t *, sctp, int, sid,
1634 int, tsn, uint16_t, ssn);
1635
1636 instr->nextseq = ssn + 1;
1637
1638 /*
1639 * Deliver any successive data chunks waiting in the instr pqueue
1640 * for the data just sent up.
1641 */
1642 while (instr->istr_nmsgs > 0) {
1643 dmp = (mblk_t *)instr->istr_msgs;
1644 dc = (sctp_data_hdr_t *)dmp->b_rptr;
1645 ssn = ntohs(dc->sdh_ssn);
1646 tsn = ntohl(dc->sdh_tsn);
1647 /* Stop at the first gap in the sequence */
1648 if (ssn != instr->nextseq)
1649 break;
1650
1651 DTRACE_PROBE4(sctp_deliver_pqueuedmsg, sctp_t *, sctp,
1652 int, sid, int, tsn, uint16_t, ssn);
1653 /*
1654 * Ready to deliver all data before the gap
1655 * to the upper layer.
1656 */
1657 (instr->istr_nmsgs)--;
1658 (instr->nextseq)++;
1659 (sctp->sctp_istr_nmsgs)--;
1660
1661 instr->istr_msgs = instr->istr_msgs->b_next;
1662 if (instr->istr_msgs != NULL)
1663 instr->istr_msgs->b_prev = NULL;
1664 dmp->b_next = dmp->b_prev = NULL;
1665
1666 dprint(2, ("data_chunk: pulling %x from pq (ssn %d)\n",
1667 ntohl(dc->sdh_tsn), (int)ssn));
1668
1669 /*
1670 * Composite messages indicate this chunk was reassembled,
1671 * each b_cont represents another TSN; Follow the chain to
1672 * reach the frag with the last tsn in order to advance ftsn
1673 * shortly by calling SCTP_ACK_IT().
1674 */
1675 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc);
1676 for (pmp = dmp->b_cont; pmp; pmp = pmp->b_cont)
1677 dlen += MBLKL(pmp);
1678
1679 ASSERT(sctp->sctp_rxqueued >= dlen);
1680
1681 sctp->sctp_rxqueued -= dlen;
1682 if (can_deliver) {
1683 dmp->b_rptr = (uchar_t *)(dc + 1);
1684 if (sctp_input_add_ancillary(sctp, &dmp, dc, fp,
1685 ipp, ira) == 0) {
1686 dprint(1, ("sctp_data_chunk: delivering %lu "
1687 "bytes\n", msgdsize(dmp)));
1688 /*
1689 * Meaning of b_flag overloaded for SCTP sockfs
1690 * internal use, advise sockfs of partial
1691 * delivery semantics.
1692 */
1693 dmp->b_flag = tpfinished ?
1694 0 : SCTP_PARTIAL_DATA;
1695 if (sctp->sctp_flowctrld) {
1696 sctp->sctp_rwnd -= dlen;
1697 if (sctp->sctp_rwnd < 0)
1698 sctp->sctp_rwnd = 0;
1699 }
1700 if (sctp->sctp_ulp_recv(sctp->sctp_ulpd, dmp,
1701 msgdsize(dmp), 0, &error, NULL) <= 0) {
1702 sctp->sctp_flowctrld = B_TRUE;
1703 }
1704 SCTP_ACK_IT(sctp, tsn);
1705 } else {
1706 /* don't ack, the peer will retransmit */
1707 freemsg(dmp);
1708 return;
1709 }
1710 } else {
1711 /* Closed above, ack and free the data */
1712 freemsg(dmp);
1713 SCTP_ACK_IT(sctp, tsn);
1714 }
1715 }
1716
1717 done:
1718
1719 /*
1720 * If there are gap reports pending, check if advancing
1721 * the ftsn here closes a gap. If so, we can advance
1722 * ftsn to the end of the set.
1723 */
1724 if (sctp->sctp_sack_info != NULL &&
1725 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) {
1726 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1;
1727 }
1728 /*
1729 * If ftsn has moved forward, maybe we can remove gap reports.
1730 * NB: dmp may now be NULL, so don't dereference it here.
1731 */
1732 if (oftsn != sctp->sctp_ftsn && sctp->sctp_sack_info != NULL) {
1733 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1,
1734 &sctp->sctp_sack_gaps);
1735 dprint(2, ("data_chunk: removed acks before %x (num=%d)\n",
1736 sctp->sctp_ftsn - 1, sctp->sctp_sack_gaps));
1737 }
1738
1739 #ifdef DEBUG
1740 if (sctp->sctp_sack_info != NULL) {
1741 ASSERT(sctp->sctp_ftsn != sctp->sctp_sack_info->begin);
1742 }
1743 #endif
1744
1745 #undef SCTP_ACK_IT
1746 }
1747
1748 void
sctp_fill_sack(sctp_t * sctp,unsigned char * dst,int sacklen)1749 sctp_fill_sack(sctp_t *sctp, unsigned char *dst, int sacklen)
1750 {
1751 sctp_chunk_hdr_t *sch;
1752 sctp_sack_chunk_t *sc;
1753 sctp_sack_frag_t *sf;
1754 uint16_t num_gaps = sctp->sctp_sack_gaps;
1755 sctp_set_t *sp;
1756
1757 /* Chunk hdr */
1758 sch = (sctp_chunk_hdr_t *)dst;
1759 sch->sch_id = CHUNK_SACK;
1760 sch->sch_flags = 0;
1761 sch->sch_len = htons(sacklen);
1762
1763 /* SACK chunk */
1764 sctp->sctp_lastacked = sctp->sctp_ftsn - 1;
1765
1766 sc = (sctp_sack_chunk_t *)(sch + 1);
1767 sc->ssc_cumtsn = htonl(sctp->sctp_lastacked);
1768 if (sctp->sctp_rxqueued < sctp->sctp_rwnd) {
1769 sc->ssc_a_rwnd = htonl(sctp->sctp_rwnd - sctp->sctp_rxqueued);
1770 } else {
1771 sc->ssc_a_rwnd = 0;
1772 }
1773 /* Remember the last window sent to peer. */
1774 sctp->sctp_arwnd = sc->ssc_a_rwnd;
1775 sc->ssc_numfrags = htons(num_gaps);
1776 sc->ssc_numdups = 0;
1777
1778 /* lay in gap reports */
1779 sf = (sctp_sack_frag_t *)(sc + 1);
1780 for (sp = sctp->sctp_sack_info; sp; sp = sp->next) {
1781 uint16_t offset;
1782
1783 /* start */
1784 if (sp->begin > sctp->sctp_lastacked) {
1785 offset = (uint16_t)(sp->begin - sctp->sctp_lastacked);
1786 } else {
1787 /* sequence number wrap */
1788 offset = (uint16_t)(UINT32_MAX - sctp->sctp_lastacked +
1789 sp->begin);
1790 }
1791 sf->ssf_start = htons(offset);
1792
1793 /* end */
1794 if (sp->end >= sp->begin) {
1795 offset += (uint16_t)(sp->end - sp->begin);
1796 } else {
1797 /* sequence number wrap */
1798 offset += (uint16_t)(UINT32_MAX - sp->begin + sp->end);
1799 }
1800 sf->ssf_end = htons(offset);
1801
1802 sf++;
1803 /* This is just for debugging (a la the following assertion) */
1804 num_gaps--;
1805 }
1806
1807 ASSERT(num_gaps == 0);
1808
1809 /* If the SACK timer is running, stop it */
1810 if (sctp->sctp_ack_timer_running) {
1811 sctp_timer_stop(sctp->sctp_ack_mp);
1812 sctp->sctp_ack_timer_running = B_FALSE;
1813 }
1814
1815 BUMP_LOCAL(sctp->sctp_obchunks);
1816 BUMP_LOCAL(sctp->sctp_osacks);
1817 }
1818
1819 mblk_t *
sctp_make_sack(sctp_t * sctp,sctp_faddr_t * sendto,mblk_t * dups)1820 sctp_make_sack(sctp_t *sctp, sctp_faddr_t *sendto, mblk_t *dups)
1821 {
1822 mblk_t *smp;
1823 size_t slen;
1824 sctp_chunk_hdr_t *sch;
1825 sctp_sack_chunk_t *sc;
1826 int32_t acks_max;
1827 sctp_stack_t *sctps = sctp->sctp_sctps;
1828 uint32_t dups_len;
1829 sctp_faddr_t *fp;
1830
1831 ASSERT(sendto != NULL);
1832
1833 if (sctp->sctp_force_sack) {
1834 sctp->sctp_force_sack = 0;
1835 goto checks_done;
1836 }
1837
1838 acks_max = sctps->sctps_deferred_acks_max;
1839 if (sctp->sctp_state == SCTPS_ESTABLISHED) {
1840 if (sctp->sctp_sack_toggle < acks_max) {
1841 /* no need to SACK right now */
1842 dprint(2, ("sctp_make_sack: %p no sack (toggle)\n",
1843 (void *)sctp));
1844 return (NULL);
1845 } else if (sctp->sctp_sack_toggle >= acks_max) {
1846 sctp->sctp_sack_toggle = 0;
1847 }
1848 }
1849
1850 if (sctp->sctp_ftsn == sctp->sctp_lastacked + 1) {
1851 dprint(2, ("sctp_make_sack: %p no sack (already)\n",
1852 (void *)sctp));
1853 return (NULL);
1854 }
1855
1856 checks_done:
1857 dprint(2, ("sctp_make_sack: acking %x\n", sctp->sctp_ftsn - 1));
1858
1859 if (dups != NULL)
1860 dups_len = MBLKL(dups);
1861 else
1862 dups_len = 0;
1863 slen = sizeof (*sch) + sizeof (*sc) +
1864 (sizeof (sctp_sack_frag_t) * sctp->sctp_sack_gaps);
1865
1866 /*
1867 * If there are error chunks, check and see if we can send the
1868 * SACK chunk and error chunks together in one packet. If not,
1869 * send the error chunks out now.
1870 */
1871 if (sctp->sctp_err_chunks != NULL) {
1872 fp = SCTP_CHUNK_DEST(sctp->sctp_err_chunks);
1873 if (sctp->sctp_err_len + slen + dups_len > fp->sf_pmss) {
1874 if ((smp = sctp_make_mp(sctp, fp, 0)) == NULL) {
1875 SCTP_KSTAT(sctps, sctp_send_err_failed);
1876 SCTP_KSTAT(sctps, sctp_send_sack_failed);
1877 freemsg(sctp->sctp_err_chunks);
1878 sctp->sctp_err_chunks = NULL;
1879 sctp->sctp_err_len = 0;
1880 return (NULL);
1881 }
1882 smp->b_cont = sctp->sctp_err_chunks;
1883 sctp_set_iplen(sctp, smp, fp->sf_ixa);
1884 (void) conn_ip_output(smp, fp->sf_ixa);
1885 BUMP_LOCAL(sctp->sctp_opkts);
1886 sctp->sctp_err_chunks = NULL;
1887 sctp->sctp_err_len = 0;
1888 }
1889 }
1890 smp = sctp_make_mp(sctp, sendto, slen);
1891 if (smp == NULL) {
1892 SCTP_KSTAT(sctps, sctp_send_sack_failed);
1893 return (NULL);
1894 }
1895 sch = (sctp_chunk_hdr_t *)smp->b_wptr;
1896
1897 sctp_fill_sack(sctp, smp->b_wptr, slen);
1898 smp->b_wptr += slen;
1899 if (dups != NULL) {
1900 sc = (sctp_sack_chunk_t *)(sch + 1);
1901 sc->ssc_numdups = htons(MBLKL(dups) / sizeof (uint32_t));
1902 sch->sch_len = htons(slen + dups_len);
1903 smp->b_cont = dups;
1904 }
1905
1906 if (sctp->sctp_err_chunks != NULL) {
1907 linkb(smp, sctp->sctp_err_chunks);
1908 sctp->sctp_err_chunks = NULL;
1909 sctp->sctp_err_len = 0;
1910 }
1911 return (smp);
1912 }
1913
1914 /*
1915 * Check and see if we need to send a SACK chunk. If it is needed,
1916 * send it out. Return true if a SACK chunk is sent, false otherwise.
1917 */
1918 boolean_t
sctp_sack(sctp_t * sctp,mblk_t * dups)1919 sctp_sack(sctp_t *sctp, mblk_t *dups)
1920 {
1921 mblk_t *smp;
1922 sctp_stack_t *sctps = sctp->sctp_sctps;
1923
1924 /* If we are shutting down, let send_shutdown() bundle the SACK */
1925 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) {
1926 sctp_send_shutdown(sctp, 0);
1927 }
1928
1929 ASSERT(sctp->sctp_lastdata != NULL);
1930
1931 if ((smp = sctp_make_sack(sctp, sctp->sctp_lastdata, dups)) == NULL) {
1932 /* The caller of sctp_sack() will not free the dups mblk. */
1933 if (dups != NULL)
1934 freeb(dups);
1935 return (B_FALSE);
1936 }
1937 dprint(2, ("sctp_sack: sending to %p %x:%x:%x:%x\n",
1938 (void *)sctp->sctp_lastdata,
1939 SCTP_PRINTADDR(sctp->sctp_lastdata->sf_faddr)));
1940
1941 sctp->sctp_active = LBOLT_FASTPATH64;
1942
1943 SCTPS_BUMP_MIB(sctps, sctpOutAck);
1944
1945 sctp_set_iplen(sctp, smp, sctp->sctp_lastdata->sf_ixa);
1946 (void) conn_ip_output(smp, sctp->sctp_lastdata->sf_ixa);
1947 BUMP_LOCAL(sctp->sctp_opkts);
1948 return (B_TRUE);
1949 }
1950
1951 /*
1952 * This is called if we have a message that was partially sent and is
1953 * abandoned. The cum TSN will be the last chunk sent for this message,
1954 * subsequent chunks will be marked ABANDONED. We send a Forward TSN
1955 * chunk in this case with the TSN of the last sent chunk so that the
1956 * peer can clean up its fragment list for this message. This message
1957 * will be removed from the transmit list when the peer sends a SACK
1958 * back.
1959 */
1960 int
sctp_check_abandoned_msg(sctp_t * sctp,mblk_t * meta)1961 sctp_check_abandoned_msg(sctp_t *sctp, mblk_t *meta)
1962 {
1963 sctp_data_hdr_t *dh;
1964 mblk_t *nmp;
1965 mblk_t *head;
1966 int32_t unsent = 0;
1967 mblk_t *mp1 = meta->b_cont;
1968 uint32_t adv_pap = sctp->sctp_adv_pap;
1969 sctp_faddr_t *fp = sctp->sctp_current;
1970 sctp_stack_t *sctps = sctp->sctp_sctps;
1971
1972 dh = (sctp_data_hdr_t *)mp1->b_rptr;
1973 if (SEQ_GEQ(sctp->sctp_lastack_rxd, ntohl(dh->sdh_tsn))) {
1974 sctp_ftsn_set_t *sets = NULL;
1975 uint_t nsets = 0;
1976 uint32_t seglen = sizeof (uint32_t);
1977 boolean_t ubit = SCTP_DATA_GET_UBIT(dh);
1978
1979 while (mp1->b_next != NULL && SCTP_CHUNK_ISSENT(mp1->b_next))
1980 mp1 = mp1->b_next;
1981 dh = (sctp_data_hdr_t *)mp1->b_rptr;
1982 sctp->sctp_adv_pap = ntohl(dh->sdh_tsn);
1983 if (!ubit &&
1984 !sctp_add_ftsn_set(&sets, fp, meta, &nsets, &seglen)) {
1985 sctp->sctp_adv_pap = adv_pap;
1986 return (ENOMEM);
1987 }
1988 nmp = sctp_make_ftsn_chunk(sctp, fp, sets, nsets, seglen);
1989 sctp_free_ftsn_set(sets);
1990 if (nmp == NULL) {
1991 sctp->sctp_adv_pap = adv_pap;
1992 return (ENOMEM);
1993 }
1994 head = sctp_add_proto_hdr(sctp, fp, nmp, 0, NULL);
1995 if (head == NULL) {
1996 sctp->sctp_adv_pap = adv_pap;
1997 freemsg(nmp);
1998 SCTP_KSTAT(sctps, sctp_send_ftsn_failed);
1999 return (ENOMEM);
2000 }
2001 SCTP_MSG_SET_ABANDONED(meta);
2002 sctp_set_iplen(sctp, head, fp->sf_ixa);
2003 (void) conn_ip_output(head, fp->sf_ixa);
2004 BUMP_LOCAL(sctp->sctp_opkts);
2005 if (!fp->sf_timer_running)
2006 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->sf_rto);
2007 mp1 = mp1->b_next;
2008 while (mp1 != NULL) {
2009 ASSERT(!SCTP_CHUNK_ISSENT(mp1));
2010 ASSERT(!SCTP_CHUNK_ABANDONED(mp1));
2011 SCTP_ABANDON_CHUNK(mp1);
2012 dh = (sctp_data_hdr_t *)mp1->b_rptr;
2013 unsent += ntohs(dh->sdh_len) - sizeof (*dh);
2014 mp1 = mp1->b_next;
2015 }
2016 ASSERT(sctp->sctp_unsent >= unsent);
2017 sctp->sctp_unsent -= unsent;
2018 /*
2019 * Update ULP the amount of queued data, which is
2020 * sent-unack'ed + unsent.
2021 */
2022 if (!SCTP_IS_DETACHED(sctp))
2023 SCTP_TXQ_UPDATE(sctp);
2024 return (0);
2025 }
2026 return (-1);
2027 }
2028
2029 uint32_t
sctp_cumack(sctp_t * sctp,uint32_t tsn,mblk_t ** first_unacked)2030 sctp_cumack(sctp_t *sctp, uint32_t tsn, mblk_t **first_unacked)
2031 {
2032 mblk_t *ump, *nump, *mp = NULL;
2033 uint16_t chunklen;
2034 uint32_t xtsn;
2035 sctp_faddr_t *fp;
2036 sctp_data_hdr_t *sdc;
2037 uint32_t cumack_forward = 0;
2038 sctp_msg_hdr_t *mhdr;
2039 sctp_stack_t *sctps = sctp->sctp_sctps;
2040
2041 ump = sctp->sctp_xmit_head;
2042
2043 /*
2044 * Free messages only when they're completely acked.
2045 */
2046 while (ump != NULL) {
2047 mhdr = (sctp_msg_hdr_t *)ump->b_rptr;
2048 for (mp = ump->b_cont; mp != NULL; mp = mp->b_next) {
2049 if (SCTP_CHUNK_ABANDONED(mp)) {
2050 ASSERT(SCTP_IS_MSG_ABANDONED(ump));
2051 mp = NULL;
2052 break;
2053 }
2054 /*
2055 * We check for abandoned message if we are PR-SCTP
2056 * aware, if this is not the first chunk in the
2057 * message (b_cont) and if the message is marked
2058 * abandoned.
2059 */
2060 if (!SCTP_CHUNK_ISSENT(mp)) {
2061 if (sctp->sctp_prsctp_aware &&
2062 mp != ump->b_cont &&
2063 (SCTP_IS_MSG_ABANDONED(ump) ||
2064 SCTP_MSG_TO_BE_ABANDONED(ump, mhdr,
2065 sctp))) {
2066 (void) sctp_check_abandoned_msg(sctp,
2067 ump);
2068 }
2069 goto cum_ack_done;
2070 }
2071 sdc = (sctp_data_hdr_t *)mp->b_rptr;
2072 xtsn = ntohl(sdc->sdh_tsn);
2073 if (SEQ_GEQ(sctp->sctp_lastack_rxd, xtsn))
2074 continue;
2075 if (SEQ_GEQ(tsn, xtsn)) {
2076 fp = SCTP_CHUNK_DEST(mp);
2077 chunklen = ntohs(sdc->sdh_len);
2078
2079 if (sctp->sctp_out_time != 0 &&
2080 xtsn == sctp->sctp_rtt_tsn) {
2081 /* Got a new RTT measurement */
2082 sctp_update_rtt(sctp, fp,
2083 ddi_get_lbolt64() -
2084 sctp->sctp_out_time);
2085 sctp->sctp_out_time = 0;
2086 }
2087 if (SCTP_CHUNK_ISACKED(mp))
2088 continue;
2089 SCTP_CHUNK_SET_SACKCNT(mp, 0);
2090 SCTP_CHUNK_ACKED(mp);
2091 ASSERT(fp->sf_suna >= chunklen);
2092 fp->sf_suna -= chunklen;
2093 fp->sf_acked += chunklen;
2094 cumack_forward += chunklen;
2095 ASSERT(sctp->sctp_unacked >=
2096 (chunklen - sizeof (*sdc)));
2097 sctp->sctp_unacked -=
2098 (chunklen - sizeof (*sdc));
2099 if (fp->sf_suna == 0) {
2100 /* all outstanding data acked */
2101 fp->sf_pba = 0;
2102 SCTP_FADDR_TIMER_STOP(fp);
2103 } else {
2104 SCTP_FADDR_TIMER_RESTART(sctp, fp,
2105 fp->sf_rto);
2106 }
2107 } else {
2108 goto cum_ack_done;
2109 }
2110 }
2111 nump = ump->b_next;
2112 if (nump != NULL)
2113 nump->b_prev = NULL;
2114 if (ump == sctp->sctp_xmit_tail)
2115 sctp->sctp_xmit_tail = nump;
2116 if (SCTP_IS_MSG_ABANDONED(ump)) {
2117 BUMP_LOCAL(sctp->sctp_prsctpdrop);
2118 ump->b_next = NULL;
2119 sctp_sendfail_event(sctp, ump, 0, B_TRUE);
2120 } else {
2121 sctp_free_msg(ump);
2122 }
2123 sctp->sctp_xmit_head = ump = nump;
2124 }
2125 cum_ack_done:
2126 *first_unacked = mp;
2127 if (cumack_forward > 0) {
2128 SCTPS_BUMP_MIB(sctps, sctpInAck);
2129 if (SEQ_GT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn)) {
2130 sctp->sctp_recovery_tsn = sctp->sctp_lastack_rxd;
2131 }
2132
2133 /*
2134 * Update ULP the amount of queued data, which is
2135 * sent-unack'ed + unsent.
2136 */
2137 if (!SCTP_IS_DETACHED(sctp))
2138 SCTP_TXQ_UPDATE(sctp);
2139
2140 /* Time to send a shutdown? */
2141 if (sctp->sctp_state == SCTPS_SHUTDOWN_PENDING) {
2142 sctp_send_shutdown(sctp, 0);
2143 }
2144 sctp->sctp_xmit_unacked = mp;
2145 } else {
2146 /* dup ack */
2147 SCTPS_BUMP_MIB(sctps, sctpInDupAck);
2148 }
2149 sctp->sctp_lastack_rxd = tsn;
2150 if (SEQ_LT(sctp->sctp_adv_pap, sctp->sctp_lastack_rxd))
2151 sctp->sctp_adv_pap = sctp->sctp_lastack_rxd;
2152 ASSERT(sctp->sctp_xmit_head || sctp->sctp_unacked == 0);
2153
2154 return (cumack_forward);
2155 }
2156
2157 static int
sctp_set_frwnd(sctp_t * sctp,uint32_t frwnd)2158 sctp_set_frwnd(sctp_t *sctp, uint32_t frwnd)
2159 {
2160 uint32_t orwnd;
2161
2162 if (sctp->sctp_unacked > frwnd) {
2163 sctp->sctp_frwnd = 0;
2164 return (0);
2165 }
2166 orwnd = sctp->sctp_frwnd;
2167 sctp->sctp_frwnd = frwnd - sctp->sctp_unacked;
2168 if (orwnd < sctp->sctp_frwnd) {
2169 return (1);
2170 } else {
2171 return (0);
2172 }
2173 }
2174
2175 /*
2176 * For un-ordered messages.
2177 * Walk the sctp->sctp_uo_frag list and remove any fragments with TSN
2178 * less than/equal to ftsn. Fragments for un-ordered messages are
2179 * strictly in sequence (w.r.t TSN).
2180 */
2181 static int
sctp_ftsn_check_uo_frag(sctp_t * sctp,uint32_t ftsn)2182 sctp_ftsn_check_uo_frag(sctp_t *sctp, uint32_t ftsn)
2183 {
2184 mblk_t *hmp;
2185 mblk_t *hmp_next;
2186 sctp_data_hdr_t *dc;
2187 int dlen = 0;
2188
2189 hmp = sctp->sctp_uo_frags;
2190 while (hmp != NULL) {
2191 hmp_next = hmp->b_next;
2192 dc = (sctp_data_hdr_t *)hmp->b_rptr;
2193 if (SEQ_GT(ntohl(dc->sdh_tsn), ftsn))
2194 return (dlen);
2195 sctp->sctp_uo_frags = hmp_next;
2196 if (hmp_next != NULL)
2197 hmp_next->b_prev = NULL;
2198 hmp->b_next = NULL;
2199 dlen += ntohs(dc->sdh_len) - sizeof (*dc);
2200 freeb(hmp);
2201 hmp = hmp_next;
2202 }
2203 return (dlen);
2204 }
2205
2206 /*
2207 * For ordered messages.
2208 * Check for existing fragments for an sid-ssn pair reported as abandoned,
2209 * hence will not receive, in the Forward TSN. If there are fragments, then
2210 * we just nuke them. If and when Partial Delivery API is supported, we
2211 * would need to send a notification to the upper layer about this.
2212 */
2213 static int
sctp_ftsn_check_frag(sctp_t * sctp,uint16_t ssn,sctp_instr_t * sip)2214 sctp_ftsn_check_frag(sctp_t *sctp, uint16_t ssn, sctp_instr_t *sip)
2215 {
2216 sctp_reass_t *srp;
2217 mblk_t *hmp;
2218 mblk_t *dmp;
2219 mblk_t *hmp_next;
2220 sctp_data_hdr_t *dc;
2221 int dlen = 0;
2222
2223 hmp = sip->istr_reass;
2224 while (hmp != NULL) {
2225 hmp_next = hmp->b_next;
2226 srp = (sctp_reass_t *)DB_BASE(hmp);
2227 if (SSN_GT(srp->sr_ssn, ssn))
2228 return (dlen);
2229 /*
2230 * If we had sent part of this message up, send a partial
2231 * delivery event. Since this is ordered delivery, we should
2232 * have sent partial message only for the next in sequence,
2233 * hence the ASSERT. See comments in sctp_data_chunk() for
2234 * trypartial.
2235 */
2236 if (srp->sr_partial_delivered) {
2237 if (srp->sr_ssn != sip->nextseq)
2238 cmn_err(CE_WARN, "sctp partial"
2239 " delivery notify, sctp 0x%p"
2240 " sip = 0x%p ssn != nextseq"
2241 " ssn 0x%x nextseq 0x%x",
2242 (void *)sctp, (void *)sip,
2243 srp->sr_ssn, sip->nextseq);
2244 ASSERT(sip->nextseq == srp->sr_ssn);
2245 sctp_partial_delivery_event(sctp);
2246 }
2247 /* Take it out of the reass queue */
2248 sip->istr_reass = hmp_next;
2249 if (hmp_next != NULL)
2250 hmp_next->b_prev = NULL;
2251 hmp->b_next = NULL;
2252 ASSERT(hmp->b_prev == NULL);
2253 dmp = hmp;
2254 ASSERT(DB_TYPE(hmp) == M_CTL);
2255 dmp = hmp->b_cont;
2256 hmp->b_cont = NULL;
2257 freeb(hmp);
2258 hmp = dmp;
2259 while (dmp != NULL) {
2260 dc = (sctp_data_hdr_t *)dmp->b_rptr;
2261 dlen += ntohs(dc->sdh_len) - sizeof (*dc);
2262 dmp = dmp->b_cont;
2263 }
2264 freemsg(hmp);
2265 hmp = hmp_next;
2266 }
2267 return (dlen);
2268 }
2269
2270 /*
2271 * Update sctp_ftsn to the cumulative TSN from the Forward TSN chunk. Remove
2272 * any SACK gaps less than the newly updated sctp_ftsn. Walk through the
2273 * sid-ssn pair in the Forward TSN and for each, clean the fragment list
2274 * for this pair, if needed, and check if we can deliver subsequent
2275 * messages, if any, from the instream queue (that were waiting for this
2276 * sid-ssn message to show up). Once we are done try to update the SACK
2277 * info. We could get a duplicate Forward TSN, in which case just send
2278 * a SACK. If any of the sid values in the Forward TSN is invalid,
2279 * send back an "Invalid Stream Identifier" error and continue processing
2280 * the rest.
2281 */
2282 static void
sctp_process_forward_tsn(sctp_t * sctp,sctp_chunk_hdr_t * ch,sctp_faddr_t * fp,ip_pkt_t * ipp,ip_recv_attr_t * ira)2283 sctp_process_forward_tsn(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp,
2284 ip_pkt_t *ipp, ip_recv_attr_t *ira)
2285 {
2286 uint32_t *ftsn = (uint32_t *)(ch + 1);
2287 ftsn_entry_t *ftsn_entry;
2288 sctp_instr_t *instr;
2289 boolean_t can_deliver = B_TRUE;
2290 size_t dlen;
2291 int flen;
2292 mblk_t *dmp;
2293 mblk_t *pmp;
2294 sctp_data_hdr_t *dc;
2295 ssize_t remaining;
2296 sctp_stack_t *sctps = sctp->sctp_sctps;
2297
2298 *ftsn = ntohl(*ftsn);
2299 remaining = ntohs(ch->sch_len) - sizeof (*ch) - sizeof (*ftsn);
2300
2301 if (SCTP_IS_DETACHED(sctp)) {
2302 SCTPS_BUMP_MIB(sctps, sctpInClosed);
2303 can_deliver = B_FALSE;
2304 }
2305 /*
2306 * un-ordered messages don't have SID-SSN pair entries, we check
2307 * for any fragments (for un-ordered message) to be discarded using
2308 * the cumulative FTSN.
2309 */
2310 flen = sctp_ftsn_check_uo_frag(sctp, *ftsn);
2311 if (flen > 0) {
2312 ASSERT(sctp->sctp_rxqueued >= flen);
2313 sctp->sctp_rxqueued -= flen;
2314 }
2315 ftsn_entry = (ftsn_entry_t *)(ftsn + 1);
2316 while (remaining >= sizeof (*ftsn_entry)) {
2317 ftsn_entry->ftsn_sid = ntohs(ftsn_entry->ftsn_sid);
2318 ftsn_entry->ftsn_ssn = ntohs(ftsn_entry->ftsn_ssn);
2319 if (ftsn_entry->ftsn_sid >= sctp->sctp_num_istr) {
2320 sctp_bsc_t inval_parm;
2321
2322 /* Will populate the CAUSE block in the ERROR chunk. */
2323 inval_parm.bsc_sid = htons(ftsn_entry->ftsn_sid);
2324 /* RESERVED, ignored at the receiving end */
2325 inval_parm.bsc_pad = 0;
2326
2327 sctp_add_err(sctp, SCTP_ERR_BAD_SID,
2328 (void *)&inval_parm, sizeof (sctp_bsc_t), fp);
2329 ftsn_entry++;
2330 remaining -= sizeof (*ftsn_entry);
2331 continue;
2332 }
2333 instr = &sctp->sctp_instr[ftsn_entry->ftsn_sid];
2334 flen = sctp_ftsn_check_frag(sctp, ftsn_entry->ftsn_ssn, instr);
2335 /* Indicates frags were nuked, update rxqueued */
2336 if (flen > 0) {
2337 ASSERT(sctp->sctp_rxqueued >= flen);
2338 sctp->sctp_rxqueued -= flen;
2339 }
2340 /*
2341 * It is possible to receive an FTSN chunk with SSN smaller
2342 * than then nextseq if this chunk is a retransmission because
2343 * of incomplete processing when it was first processed.
2344 */
2345 if (SSN_GE(ftsn_entry->ftsn_ssn, instr->nextseq))
2346 instr->nextseq = ftsn_entry->ftsn_ssn + 1;
2347 while (instr->istr_nmsgs > 0) {
2348 mblk_t *next;
2349
2350 dmp = (mblk_t *)instr->istr_msgs;
2351 dc = (sctp_data_hdr_t *)dmp->b_rptr;
2352 if (ntohs(dc->sdh_ssn) != instr->nextseq)
2353 break;
2354
2355 next = dmp->b_next;
2356 dlen = dmp->b_wptr - dmp->b_rptr - sizeof (*dc);
2357 for (pmp = dmp->b_cont; pmp != NULL;
2358 pmp = pmp->b_cont) {
2359 dlen += MBLKL(pmp);
2360 }
2361 if (can_deliver) {
2362 int error;
2363
2364 dmp->b_rptr = (uchar_t *)(dc + 1);
2365 dmp->b_next = NULL;
2366 ASSERT(dmp->b_prev == NULL);
2367 if (sctp_input_add_ancillary(sctp,
2368 &dmp, dc, fp, ipp, ira) == 0) {
2369 sctp->sctp_rxqueued -= dlen;
2370 /*
2371 * Override b_flag for SCTP sockfs
2372 * internal use
2373 */
2374
2375 dmp->b_flag = 0;
2376 if (sctp->sctp_flowctrld) {
2377 sctp->sctp_rwnd -= dlen;
2378 if (sctp->sctp_rwnd < 0)
2379 sctp->sctp_rwnd = 0;
2380 }
2381 if (sctp->sctp_ulp_recv(
2382 sctp->sctp_ulpd, dmp, msgdsize(dmp),
2383 0, &error, NULL) <= 0) {
2384 sctp->sctp_flowctrld = B_TRUE;
2385 }
2386 } else {
2387 /*
2388 * We will resume processing when
2389 * the FTSN chunk is re-xmitted.
2390 */
2391 dmp->b_rptr = (uchar_t *)dc;
2392 dmp->b_next = next;
2393 dprint(0,
2394 ("FTSN dequeuing %u failed\n",
2395 ntohs(dc->sdh_ssn)));
2396 return;
2397 }
2398 } else {
2399 sctp->sctp_rxqueued -= dlen;
2400 ASSERT(dmp->b_prev == NULL);
2401 dmp->b_next = NULL;
2402 freemsg(dmp);
2403 }
2404 instr->istr_nmsgs--;
2405 instr->nextseq++;
2406 sctp->sctp_istr_nmsgs--;
2407 if (next != NULL)
2408 next->b_prev = NULL;
2409 instr->istr_msgs = next;
2410 }
2411 ftsn_entry++;
2412 remaining -= sizeof (*ftsn_entry);
2413 }
2414 /* Duplicate FTSN */
2415 if (*ftsn <= (sctp->sctp_ftsn - 1)) {
2416 sctp->sctp_force_sack = 1;
2417 return;
2418 }
2419 /* Advance cum TSN to that reported in the Forward TSN chunk */
2420 sctp->sctp_ftsn = *ftsn + 1;
2421
2422 /* Remove all the SACK gaps before the new cum TSN */
2423 if (sctp->sctp_sack_info != NULL) {
2424 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1,
2425 &sctp->sctp_sack_gaps);
2426 }
2427 /*
2428 * If there are gap reports pending, check if advancing
2429 * the ftsn here closes a gap. If so, we can advance
2430 * ftsn to the end of the set.
2431 * If ftsn has moved forward, maybe we can remove gap reports.
2432 */
2433 if (sctp->sctp_sack_info != NULL &&
2434 sctp->sctp_ftsn == sctp->sctp_sack_info->begin) {
2435 sctp->sctp_ftsn = sctp->sctp_sack_info->end + 1;
2436 sctp_ack_rem(&sctp->sctp_sack_info, sctp->sctp_ftsn - 1,
2437 &sctp->sctp_sack_gaps);
2438 }
2439 }
2440
2441 /*
2442 * When we have processed a SACK we check to see if we can advance the
2443 * cumulative TSN if there are abandoned chunks immediately following
2444 * the updated cumulative TSN. If there are, we attempt to send a
2445 * Forward TSN chunk.
2446 */
2447 static void
sctp_check_abandoned_data(sctp_t * sctp,sctp_faddr_t * fp)2448 sctp_check_abandoned_data(sctp_t *sctp, sctp_faddr_t *fp)
2449 {
2450 mblk_t *meta = sctp->sctp_xmit_head;
2451 mblk_t *mp;
2452 mblk_t *nmp;
2453 uint32_t seglen;
2454 uint32_t adv_pap = sctp->sctp_adv_pap;
2455
2456 /*
2457 * We only check in the first meta since otherwise we can't
2458 * advance the cumulative ack point. We just look for chunks
2459 * marked for retransmission, else we might prematurely
2460 * send an FTSN for a sent, but unacked, chunk.
2461 */
2462 for (mp = meta->b_cont; mp != NULL; mp = mp->b_next) {
2463 if (!SCTP_CHUNK_ISSENT(mp))
2464 return;
2465 if (SCTP_CHUNK_WANT_REXMIT(mp))
2466 break;
2467 }
2468 if (mp == NULL)
2469 return;
2470 sctp_check_adv_ack_pt(sctp, meta, mp);
2471 if (SEQ_GT(sctp->sctp_adv_pap, adv_pap)) {
2472 sctp_make_ftsns(sctp, meta, mp, &nmp, fp, &seglen);
2473 if (nmp == NULL) {
2474 sctp->sctp_adv_pap = adv_pap;
2475 if (!fp->sf_timer_running)
2476 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->sf_rto);
2477 return;
2478 }
2479 sctp_set_iplen(sctp, nmp, fp->sf_ixa);
2480 (void) conn_ip_output(nmp, fp->sf_ixa);
2481 BUMP_LOCAL(sctp->sctp_opkts);
2482 if (!fp->sf_timer_running)
2483 SCTP_FADDR_TIMER_RESTART(sctp, fp, fp->sf_rto);
2484 }
2485 }
2486
2487 /*
2488 * The processing here follows the same logic in sctp_got_sack(), the reason
2489 * we do this separately is because, usually, gap blocks are ordered and
2490 * we can process it in sctp_got_sack(). However if they aren't we would
2491 * need to do some additional non-optimal stuff when we start processing the
2492 * unordered gaps. To that effect sctp_got_sack() does the processing in the
2493 * simple case and this does the same in the more involved case.
2494 */
2495 static uint32_t
sctp_process_uo_gaps(sctp_t * sctp,uint32_t ctsn,sctp_sack_frag_t * ssf,int num_gaps,mblk_t * umphead,mblk_t * mphead,int * trysend,boolean_t * fast_recovery,uint32_t fr_xtsn)2496 sctp_process_uo_gaps(sctp_t *sctp, uint32_t ctsn, sctp_sack_frag_t *ssf,
2497 int num_gaps, mblk_t *umphead, mblk_t *mphead, int *trysend,
2498 boolean_t *fast_recovery, uint32_t fr_xtsn)
2499 {
2500 uint32_t xtsn;
2501 uint32_t gapstart = 0;
2502 uint32_t gapend = 0;
2503 int gapcnt;
2504 uint16_t chunklen;
2505 sctp_data_hdr_t *sdc;
2506 int gstart;
2507 mblk_t *ump = umphead;
2508 mblk_t *mp = mphead;
2509 sctp_faddr_t *fp;
2510 uint32_t acked = 0;
2511 sctp_stack_t *sctps = sctp->sctp_sctps;
2512
2513 /*
2514 * gstart tracks the last (in the order of TSN) gapstart that
2515 * we process in this SACK gaps walk.
2516 */
2517 gstart = ctsn;
2518
2519 sdc = (sctp_data_hdr_t *)mp->b_rptr;
2520 xtsn = ntohl(sdc->sdh_tsn);
2521 for (gapcnt = 0; gapcnt < num_gaps; gapcnt++, ssf++) {
2522 if (gapstart != 0) {
2523 /*
2524 * If we have reached the end of the transmit list or
2525 * hit an unsent chunk or encountered an unordered gap
2526 * block start from the ctsn again.
2527 */
2528 if (ump == NULL || !SCTP_CHUNK_ISSENT(mp) ||
2529 SEQ_LT(ctsn + ntohs(ssf->ssf_start), xtsn)) {
2530 ump = umphead;
2531 mp = mphead;
2532 sdc = (sctp_data_hdr_t *)mp->b_rptr;
2533 xtsn = ntohl(sdc->sdh_tsn);
2534 }
2535 }
2536
2537 gapstart = ctsn + ntohs(ssf->ssf_start);
2538 gapend = ctsn + ntohs(ssf->ssf_end);
2539
2540 /*
2541 * Sanity checks:
2542 *
2543 * 1. SACK for TSN we have not sent - ABORT
2544 * 2. Invalid or spurious gaps, ignore all gaps
2545 */
2546 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) ||
2547 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) {
2548 SCTPS_BUMP_MIB(sctps, sctpInAckUnsent);
2549 *trysend = -1;
2550 return (acked);
2551 } else if (SEQ_LT(gapend, gapstart) ||
2552 SEQ_LEQ(gapstart, ctsn)) {
2553 break;
2554 }
2555 /*
2556 * The xtsn can be the TSN processed for the last gap
2557 * (gapend) or it could be the cumulative TSN. We continue
2558 * with the last xtsn as long as the gaps are ordered, when
2559 * we hit an unordered gap, we re-start from the cumulative
2560 * TSN. For the first gap it is always the cumulative TSN.
2561 */
2562 while (xtsn != gapstart) {
2563 /*
2564 * We can't reliably check for reneged chunks
2565 * when walking the unordered list, so we don't.
2566 * In case the peer reneges then we will end up
2567 * sending the reneged chunk via timeout.
2568 */
2569 mp = mp->b_next;
2570 if (mp == NULL) {
2571 ump = ump->b_next;
2572 /*
2573 * ump can't be NULL because of the sanity
2574 * check above.
2575 */
2576 ASSERT(ump != NULL);
2577 mp = ump->b_cont;
2578 }
2579 /*
2580 * mp can't be unsent because of the sanity check
2581 * above.
2582 */
2583 ASSERT(SCTP_CHUNK_ISSENT(mp));
2584 sdc = (sctp_data_hdr_t *)mp->b_rptr;
2585 xtsn = ntohl(sdc->sdh_tsn);
2586 }
2587 /*
2588 * Now that we have found the chunk with TSN == 'gapstart',
2589 * let's walk till we hit the chunk with TSN == 'gapend'.
2590 * All intermediate chunks will be marked ACKED, if they
2591 * haven't already been.
2592 */
2593 while (SEQ_LEQ(xtsn, gapend)) {
2594 /*
2595 * SACKed
2596 */
2597 SCTP_CHUNK_SET_SACKCNT(mp, 0);
2598 if (!SCTP_CHUNK_ISACKED(mp)) {
2599 SCTP_CHUNK_ACKED(mp);
2600
2601 fp = SCTP_CHUNK_DEST(mp);
2602 chunklen = ntohs(sdc->sdh_len);
2603 ASSERT(fp->sf_suna >= chunklen);
2604 fp->sf_suna -= chunklen;
2605 if (fp->sf_suna == 0) {
2606 /* All outstanding data acked. */
2607 fp->sf_pba = 0;
2608 SCTP_FADDR_TIMER_STOP(fp);
2609 }
2610 fp->sf_acked += chunklen;
2611 acked += chunklen;
2612 sctp->sctp_unacked -= chunklen - sizeof (*sdc);
2613 ASSERT(sctp->sctp_unacked >= 0);
2614 }
2615 /*
2616 * Move to the next message in the transmit list
2617 * if we are done with all the chunks from the current
2618 * message. Note, it is possible to hit the end of the
2619 * transmit list here, i.e. if we have already completed
2620 * processing the gap block.
2621 */
2622 mp = mp->b_next;
2623 if (mp == NULL) {
2624 ump = ump->b_next;
2625 if (ump == NULL) {
2626 ASSERT(xtsn == gapend);
2627 break;
2628 }
2629 mp = ump->b_cont;
2630 }
2631 /*
2632 * Likewise, we can hit an unsent chunk once we have
2633 * completed processing the gap block.
2634 */
2635 if (!SCTP_CHUNK_ISSENT(mp)) {
2636 ASSERT(xtsn == gapend);
2637 break;
2638 }
2639 sdc = (sctp_data_hdr_t *)mp->b_rptr;
2640 xtsn = ntohl(sdc->sdh_tsn);
2641 }
2642 /*
2643 * We keep track of the last gap we successfully processed
2644 * so that we can terminate the walk below for incrementing
2645 * the SACK count.
2646 */
2647 if (SEQ_LT(gstart, gapstart))
2648 gstart = gapstart;
2649 }
2650 /*
2651 * Check if have incremented the SACK count for all unacked TSNs in
2652 * sctp_got_sack(), if so we are done.
2653 */
2654 if (SEQ_LEQ(gstart, fr_xtsn))
2655 return (acked);
2656
2657 ump = umphead;
2658 mp = mphead;
2659 sdc = (sctp_data_hdr_t *)mp->b_rptr;
2660 xtsn = ntohl(sdc->sdh_tsn);
2661 while (SEQ_LT(xtsn, gstart)) {
2662 /*
2663 * We have incremented SACK count for TSNs less than fr_tsn
2664 * in sctp_got_sack(), so don't increment them again here.
2665 */
2666 if (SEQ_GT(xtsn, fr_xtsn) && !SCTP_CHUNK_ISACKED(mp)) {
2667 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1);
2668 if (SCTP_CHUNK_SACKCNT(mp) ==
2669 sctps->sctps_fast_rxt_thresh) {
2670 SCTP_CHUNK_REXMIT(sctp, mp);
2671 sctp->sctp_chk_fast_rexmit = B_TRUE;
2672 *trysend = 1;
2673 if (!*fast_recovery) {
2674 /*
2675 * Entering fast recovery.
2676 */
2677 fp = SCTP_CHUNK_DEST(mp);
2678 fp->sf_ssthresh = fp->sf_cwnd / 2;
2679 if (fp->sf_ssthresh < 2 * fp->sf_pmss) {
2680 fp->sf_ssthresh =
2681 2 * fp->sf_pmss;
2682 }
2683 fp->sf_cwnd = fp->sf_ssthresh;
2684 fp->sf_pba = 0;
2685 sctp->sctp_recovery_tsn =
2686 sctp->sctp_ltsn - 1;
2687 *fast_recovery = B_TRUE;
2688 }
2689 }
2690 }
2691 mp = mp->b_next;
2692 if (mp == NULL) {
2693 ump = ump->b_next;
2694 /* We can't get to the end of the transmit list here */
2695 ASSERT(ump != NULL);
2696 mp = ump->b_cont;
2697 }
2698 /* We can't hit an unsent chunk here */
2699 ASSERT(SCTP_CHUNK_ISSENT(mp));
2700 sdc = (sctp_data_hdr_t *)mp->b_rptr;
2701 xtsn = ntohl(sdc->sdh_tsn);
2702 }
2703 return (acked);
2704 }
2705
2706 static int
sctp_got_sack(sctp_t * sctp,sctp_chunk_hdr_t * sch)2707 sctp_got_sack(sctp_t *sctp, sctp_chunk_hdr_t *sch)
2708 {
2709 sctp_sack_chunk_t *sc;
2710 sctp_data_hdr_t *sdc;
2711 sctp_sack_frag_t *ssf;
2712 mblk_t *ump;
2713 mblk_t *mp;
2714 mblk_t *mp1;
2715 uint32_t cumtsn;
2716 uint32_t xtsn;
2717 uint32_t gapstart = 0;
2718 uint32_t gapend = 0;
2719 uint32_t acked = 0;
2720 uint16_t chunklen;
2721 sctp_faddr_t *fp;
2722 int num_gaps;
2723 int trysend = 0;
2724 int i;
2725 boolean_t fast_recovery = B_FALSE;
2726 boolean_t cumack_forward = B_FALSE;
2727 boolean_t fwd_tsn = B_FALSE;
2728 sctp_stack_t *sctps = sctp->sctp_sctps;
2729
2730 BUMP_LOCAL(sctp->sctp_ibchunks);
2731 BUMP_LOCAL(sctp->sctp_isacks);
2732 chunklen = ntohs(sch->sch_len);
2733 if (chunklen < (sizeof (*sch) + sizeof (*sc)))
2734 return (0);
2735
2736 sc = (sctp_sack_chunk_t *)(sch + 1);
2737 cumtsn = ntohl(sc->ssc_cumtsn);
2738
2739 dprint(2, ("got sack cumtsn %x -> %x\n", sctp->sctp_lastack_rxd,
2740 cumtsn));
2741
2742 /* out of order */
2743 if (SEQ_LT(cumtsn, sctp->sctp_lastack_rxd))
2744 return (0);
2745
2746 if (SEQ_GT(cumtsn, sctp->sctp_ltsn - 1)) {
2747 SCTPS_BUMP_MIB(sctps, sctpInAckUnsent);
2748 /* Send an ABORT */
2749 return (-1);
2750 }
2751
2752 /*
2753 * Cwnd only done when not in fast recovery mode.
2754 */
2755 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_recovery_tsn))
2756 fast_recovery = B_TRUE;
2757
2758 /*
2759 * .. and if the cum TSN is not moving ahead on account Forward TSN
2760 */
2761 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_adv_pap))
2762 fwd_tsn = B_TRUE;
2763
2764 if (cumtsn == sctp->sctp_lastack_rxd &&
2765 (sctp->sctp_xmit_unacked == NULL ||
2766 !SCTP_CHUNK_ABANDONED(sctp->sctp_xmit_unacked))) {
2767 if (sctp->sctp_xmit_unacked != NULL)
2768 mp = sctp->sctp_xmit_unacked;
2769 else if (sctp->sctp_xmit_head != NULL)
2770 mp = sctp->sctp_xmit_head->b_cont;
2771 else
2772 mp = NULL;
2773 SCTPS_BUMP_MIB(sctps, sctpInDupAck);
2774 /*
2775 * If we were doing a zero win probe and the win
2776 * has now opened to at least MSS, re-transmit the
2777 * zero win probe via sctp_rexmit_packet().
2778 */
2779 if (mp != NULL && sctp->sctp_zero_win_probe &&
2780 ntohl(sc->ssc_a_rwnd) >= sctp->sctp_current->sf_pmss) {
2781 mblk_t *pkt;
2782 uint_t pkt_len;
2783 mblk_t *mp1 = mp;
2784 mblk_t *meta = sctp->sctp_xmit_head;
2785
2786 /*
2787 * Reset the RTO since we have been backing-off
2788 * to send the ZWP.
2789 */
2790 fp = sctp->sctp_current;
2791 fp->sf_rto = fp->sf_srtt + 4 * fp->sf_rttvar;
2792 SCTP_MAX_RTO(sctp, fp);
2793 /* Resend the ZWP */
2794 pkt = sctp_rexmit_packet(sctp, &meta, &mp1, fp,
2795 &pkt_len);
2796 if (pkt == NULL) {
2797 SCTP_KSTAT(sctps, sctp_ss_rexmit_failed);
2798 return (0);
2799 }
2800 ASSERT(pkt_len <= fp->sf_pmss);
2801 sctp->sctp_zero_win_probe = B_FALSE;
2802 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn;
2803 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn;
2804 sctp_set_iplen(sctp, pkt, fp->sf_ixa);
2805 (void) conn_ip_output(pkt, fp->sf_ixa);
2806 BUMP_LOCAL(sctp->sctp_opkts);
2807 }
2808 } else {
2809 if (sctp->sctp_zero_win_probe) {
2810 /*
2811 * Reset the RTO since we have been backing-off
2812 * to send the ZWP.
2813 */
2814 fp = sctp->sctp_current;
2815 fp->sf_rto = fp->sf_srtt + 4 * fp->sf_rttvar;
2816 SCTP_MAX_RTO(sctp, fp);
2817 sctp->sctp_zero_win_probe = B_FALSE;
2818 /* This is probably not required */
2819 if (!sctp->sctp_rexmitting) {
2820 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn;
2821 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn;
2822 }
2823 }
2824 acked = sctp_cumack(sctp, cumtsn, &mp);
2825 sctp->sctp_xmit_unacked = mp;
2826 if (acked > 0) {
2827 trysend = 1;
2828 cumack_forward = B_TRUE;
2829 if (fwd_tsn && SEQ_GEQ(sctp->sctp_lastack_rxd,
2830 sctp->sctp_adv_pap)) {
2831 cumack_forward = B_FALSE;
2832 }
2833 }
2834 }
2835 num_gaps = ntohs(sc->ssc_numfrags);
2836 UPDATE_LOCAL(sctp->sctp_gapcnt, num_gaps);
2837 if (num_gaps == 0 || mp == NULL || !SCTP_CHUNK_ISSENT(mp) ||
2838 chunklen < (sizeof (*sch) + sizeof (*sc) +
2839 num_gaps * sizeof (*ssf))) {
2840 goto ret;
2841 }
2842 #ifdef DEBUG
2843 /*
2844 * Since we delete any message that has been acked completely,
2845 * the unacked chunk must belong to sctp_xmit_head (as
2846 * we don't have a back pointer from the mp to the meta data
2847 * we do this).
2848 */
2849 {
2850 mblk_t *mp2 = sctp->sctp_xmit_head->b_cont;
2851
2852 while (mp2 != NULL) {
2853 if (mp2 == mp)
2854 break;
2855 mp2 = mp2->b_next;
2856 }
2857 ASSERT(mp2 != NULL);
2858 }
2859 #endif
2860 ump = sctp->sctp_xmit_head;
2861
2862 /*
2863 * Just remember where we started from, in case we need to call
2864 * sctp_process_uo_gaps() if the gap blocks are unordered.
2865 */
2866 mp1 = mp;
2867
2868 sdc = (sctp_data_hdr_t *)mp->b_rptr;
2869 xtsn = ntohl(sdc->sdh_tsn);
2870 ASSERT(xtsn == cumtsn + 1);
2871
2872 /*
2873 * Go through SACK gaps. They are ordered based on start TSN.
2874 */
2875 ssf = (sctp_sack_frag_t *)(sc + 1);
2876 for (i = 0; i < num_gaps; i++, ssf++) {
2877 if (gapstart != 0) {
2878 /* check for unordered gap */
2879 if (SEQ_LEQ(cumtsn + ntohs(ssf->ssf_start), gapstart)) {
2880 acked += sctp_process_uo_gaps(sctp,
2881 cumtsn, ssf, num_gaps - i,
2882 sctp->sctp_xmit_head, mp1,
2883 &trysend, &fast_recovery, gapstart);
2884 if (trysend < 0) {
2885 SCTPS_BUMP_MIB(sctps, sctpInAckUnsent);
2886 return (-1);
2887 }
2888 break;
2889 }
2890 }
2891 gapstart = cumtsn + ntohs(ssf->ssf_start);
2892 gapend = cumtsn + ntohs(ssf->ssf_end);
2893
2894 /*
2895 * Sanity checks:
2896 *
2897 * 1. SACK for TSN we have not sent - ABORT
2898 * 2. Invalid or spurious gaps, ignore all gaps
2899 */
2900 if (SEQ_GT(gapstart, sctp->sctp_ltsn - 1) ||
2901 SEQ_GT(gapend, sctp->sctp_ltsn - 1)) {
2902 SCTPS_BUMP_MIB(sctps, sctpInAckUnsent);
2903 return (-1);
2904 } else if (SEQ_LT(gapend, gapstart) ||
2905 SEQ_LEQ(gapstart, cumtsn)) {
2906 break;
2907 }
2908 /*
2909 * Let's start at the current TSN (for the 1st gap we start
2910 * from the cumulative TSN, for subsequent ones we start from
2911 * where the previous gapend was found - second while loop
2912 * below) and walk the transmit list till we find the TSN
2913 * corresponding to gapstart. All the unacked chunks till we
2914 * get to the chunk with TSN == gapstart will have their
2915 * SACKCNT incremented by 1. Note since the gap blocks are
2916 * ordered, we won't be incrementing the SACKCNT for an
2917 * unacked chunk by more than one while processing the gap
2918 * blocks. If the SACKCNT for any unacked chunk exceeds
2919 * the fast retransmit threshold, we will fast retransmit
2920 * after processing all the gap blocks.
2921 */
2922 ASSERT(SEQ_LEQ(xtsn, gapstart));
2923 while (xtsn != gapstart) {
2924 SCTP_CHUNK_SET_SACKCNT(mp, SCTP_CHUNK_SACKCNT(mp) + 1);
2925 if (SCTP_CHUNK_SACKCNT(mp) ==
2926 sctps->sctps_fast_rxt_thresh) {
2927 SCTP_CHUNK_REXMIT(sctp, mp);
2928 sctp->sctp_chk_fast_rexmit = B_TRUE;
2929 trysend = 1;
2930 if (!fast_recovery) {
2931 /*
2932 * Entering fast recovery.
2933 */
2934 fp = SCTP_CHUNK_DEST(mp);
2935 fp->sf_ssthresh = fp->sf_cwnd / 2;
2936 if (fp->sf_ssthresh < 2 * fp->sf_pmss) {
2937 fp->sf_ssthresh =
2938 2 * fp->sf_pmss;
2939 }
2940 fp->sf_cwnd = fp->sf_ssthresh;
2941 fp->sf_pba = 0;
2942 sctp->sctp_recovery_tsn =
2943 sctp->sctp_ltsn - 1;
2944 fast_recovery = B_TRUE;
2945 }
2946 }
2947
2948 /*
2949 * Peer may have reneged on this chunk, so un-sack
2950 * it now. If the peer did renege, we need to
2951 * readjust unacked.
2952 */
2953 if (SCTP_CHUNK_ISACKED(mp)) {
2954 chunklen = ntohs(sdc->sdh_len);
2955 fp = SCTP_CHUNK_DEST(mp);
2956 fp->sf_suna += chunklen;
2957 sctp->sctp_unacked += chunklen - sizeof (*sdc);
2958 SCTP_CHUNK_CLEAR_ACKED(sctp, mp);
2959 if (!fp->sf_timer_running) {
2960 SCTP_FADDR_TIMER_RESTART(sctp, fp,
2961 fp->sf_rto);
2962 }
2963 }
2964
2965 mp = mp->b_next;
2966 if (mp == NULL) {
2967 ump = ump->b_next;
2968 /*
2969 * ump can't be NULL given the sanity check
2970 * above. But if it is NULL, it means that
2971 * there is a data corruption. We'd better
2972 * panic.
2973 */
2974 if (ump == NULL) {
2975 panic("Memory corruption detected: gap "
2976 "start TSN 0x%x missing from the "
2977 "xmit list: %p", gapstart,
2978 (void *)sctp);
2979 }
2980 mp = ump->b_cont;
2981 }
2982 /*
2983 * mp can't be unsent given the sanity check above.
2984 */
2985 ASSERT(SCTP_CHUNK_ISSENT(mp));
2986 sdc = (sctp_data_hdr_t *)mp->b_rptr;
2987 xtsn = ntohl(sdc->sdh_tsn);
2988 }
2989 /*
2990 * Now that we have found the chunk with TSN == 'gapstart',
2991 * let's walk till we hit the chunk with TSN == 'gapend'.
2992 * All intermediate chunks will be marked ACKED, if they
2993 * haven't already been.
2994 */
2995 while (SEQ_LEQ(xtsn, gapend)) {
2996 /*
2997 * SACKed
2998 */
2999 SCTP_CHUNK_SET_SACKCNT(mp, 0);
3000 if (!SCTP_CHUNK_ISACKED(mp)) {
3001 SCTP_CHUNK_ACKED(mp);
3002
3003 fp = SCTP_CHUNK_DEST(mp);
3004 chunklen = ntohs(sdc->sdh_len);
3005 ASSERT(fp->sf_suna >= chunklen);
3006 fp->sf_suna -= chunklen;
3007 if (fp->sf_suna == 0) {
3008 /* All outstanding data acked. */
3009 fp->sf_pba = 0;
3010 SCTP_FADDR_TIMER_STOP(fp);
3011 }
3012 fp->sf_acked += chunklen;
3013 acked += chunklen;
3014 sctp->sctp_unacked -= chunklen - sizeof (*sdc);
3015 ASSERT(sctp->sctp_unacked >= 0);
3016 }
3017 /* Go to the next chunk of the current message */
3018 mp = mp->b_next;
3019 /*
3020 * Move to the next message in the transmit list
3021 * if we are done with all the chunks from the current
3022 * message. Note, it is possible to hit the end of the
3023 * transmit list here, i.e. if we have already completed
3024 * processing the gap block. But the TSN must be equal
3025 * to the gapend because of the above sanity check.
3026 * If it is not equal, it means that some data is
3027 * missing.
3028 * Also, note that we break here, which means we
3029 * continue processing gap blocks, if any. In case of
3030 * ordered gap blocks there can't be any following
3031 * this (if there is it will fail the sanity check
3032 * above). In case of un-ordered gap blocks we will
3033 * switch to sctp_process_uo_gaps(). In either case
3034 * it should be fine to continue with NULL ump/mp,
3035 * but we just reset it to xmit_head.
3036 */
3037 if (mp == NULL) {
3038 ump = ump->b_next;
3039 if (ump == NULL) {
3040 if (xtsn != gapend) {
3041 panic("Memory corruption "
3042 "detected: gap end TSN "
3043 "0x%x missing from the "
3044 "xmit list: %p", gapend,
3045 (void *)sctp);
3046 }
3047 ump = sctp->sctp_xmit_head;
3048 mp = mp1;
3049 sdc = (sctp_data_hdr_t *)mp->b_rptr;
3050 xtsn = ntohl(sdc->sdh_tsn);
3051 break;
3052 }
3053 mp = ump->b_cont;
3054 }
3055 /*
3056 * Likewise, we could hit an unsent chunk once we have
3057 * completed processing the gap block. Again, it is
3058 * fine to continue processing gap blocks with mp
3059 * pointing to the unsent chunk, because if there
3060 * are more ordered gap blocks, they will fail the
3061 * sanity check, and if there are un-ordered gap blocks,
3062 * we will continue processing in sctp_process_uo_gaps()
3063 * We just reset the mp to the one we started with.
3064 */
3065 if (!SCTP_CHUNK_ISSENT(mp)) {
3066 ASSERT(xtsn == gapend);
3067 ump = sctp->sctp_xmit_head;
3068 mp = mp1;
3069 sdc = (sctp_data_hdr_t *)mp->b_rptr;
3070 xtsn = ntohl(sdc->sdh_tsn);
3071 break;
3072 }
3073 sdc = (sctp_data_hdr_t *)mp->b_rptr;
3074 xtsn = ntohl(sdc->sdh_tsn);
3075 }
3076 }
3077 if (sctp->sctp_prsctp_aware)
3078 sctp_check_abandoned_data(sctp, sctp->sctp_current);
3079 if (sctp->sctp_chk_fast_rexmit)
3080 sctp_fast_rexmit(sctp);
3081 ret:
3082 trysend += sctp_set_frwnd(sctp, ntohl(sc->ssc_a_rwnd));
3083
3084 /*
3085 * If receive window is closed while there is unsent data,
3086 * set a timer for doing zero window probes.
3087 */
3088 if (sctp->sctp_frwnd == 0 && sctp->sctp_unacked == 0 &&
3089 sctp->sctp_unsent != 0) {
3090 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current,
3091 sctp->sctp_current->sf_rto);
3092 }
3093
3094 /*
3095 * Set cwnd for all destinations.
3096 * Congestion window gets increased only when cumulative
3097 * TSN moves forward, we're not in fast recovery, and
3098 * cwnd has been fully utilized (almost fully, need to allow
3099 * some leeway due to non-MSS sized messages).
3100 */
3101 if (sctp->sctp_current->sf_acked == acked) {
3102 /*
3103 * Fast-path, only data sent to sctp_current got acked.
3104 */
3105 fp = sctp->sctp_current;
3106 if (cumack_forward && !fast_recovery &&
3107 (fp->sf_acked + fp->sf_suna > fp->sf_cwnd - fp->sf_pmss)) {
3108 if (fp->sf_cwnd < fp->sf_ssthresh) {
3109 /*
3110 * Slow start
3111 */
3112 if (fp->sf_acked > fp->sf_pmss) {
3113 fp->sf_cwnd += fp->sf_pmss;
3114 } else {
3115 fp->sf_cwnd += fp->sf_acked;
3116 }
3117 fp->sf_cwnd = MIN(fp->sf_cwnd,
3118 sctp->sctp_cwnd_max);
3119 } else {
3120 /*
3121 * Congestion avoidance
3122 */
3123 fp->sf_pba += fp->sf_acked;
3124 if (fp->sf_pba >= fp->sf_cwnd) {
3125 fp->sf_pba -= fp->sf_cwnd;
3126 fp->sf_cwnd += fp->sf_pmss;
3127 fp->sf_cwnd = MIN(fp->sf_cwnd,
3128 sctp->sctp_cwnd_max);
3129 }
3130 }
3131 }
3132 /*
3133 * Limit the burst of transmitted data segments.
3134 */
3135 if (fp->sf_suna + sctps->sctps_maxburst * fp->sf_pmss <
3136 fp->sf_cwnd) {
3137 fp->sf_cwnd = fp->sf_suna + sctps->sctps_maxburst *
3138 fp->sf_pmss;
3139 }
3140 fp->sf_acked = 0;
3141 goto check_ss_rxmit;
3142 }
3143 for (fp = sctp->sctp_faddrs; fp != NULL; fp = fp->sf_next) {
3144 if (cumack_forward && fp->sf_acked && !fast_recovery &&
3145 (fp->sf_acked + fp->sf_suna > fp->sf_cwnd - fp->sf_pmss)) {
3146 if (fp->sf_cwnd < fp->sf_ssthresh) {
3147 if (fp->sf_acked > fp->sf_pmss) {
3148 fp->sf_cwnd += fp->sf_pmss;
3149 } else {
3150 fp->sf_cwnd += fp->sf_acked;
3151 }
3152 fp->sf_cwnd = MIN(fp->sf_cwnd,
3153 sctp->sctp_cwnd_max);
3154 } else {
3155 fp->sf_pba += fp->sf_acked;
3156 if (fp->sf_pba >= fp->sf_cwnd) {
3157 fp->sf_pba -= fp->sf_cwnd;
3158 fp->sf_cwnd += fp->sf_pmss;
3159 fp->sf_cwnd = MIN(fp->sf_cwnd,
3160 sctp->sctp_cwnd_max);
3161 }
3162 }
3163 }
3164 if (fp->sf_suna + sctps->sctps_maxburst * fp->sf_pmss <
3165 fp->sf_cwnd) {
3166 fp->sf_cwnd = fp->sf_suna + sctps->sctps_maxburst *
3167 fp->sf_pmss;
3168 }
3169 fp->sf_acked = 0;
3170 }
3171 fp = sctp->sctp_current;
3172 check_ss_rxmit:
3173 /*
3174 * If this is a SACK following a timeout, check if there are
3175 * still unacked chunks (sent before the timeout) that we can
3176 * send.
3177 */
3178 if (sctp->sctp_rexmitting) {
3179 if (SEQ_LT(sctp->sctp_lastack_rxd, sctp->sctp_rxt_maxtsn)) {
3180 /*
3181 * As we are in retransmission phase, we may get a
3182 * SACK which indicates some new chunks are received
3183 * but cum_tsn does not advance. During this
3184 * phase, the other side advances cum_tsn only because
3185 * it receives our retransmitted chunks. Only
3186 * this signals that some chunks are still
3187 * missing.
3188 */
3189 if (cumack_forward) {
3190 fp->sf_rxt_unacked -= acked;
3191 sctp_ss_rexmit(sctp);
3192 }
3193 } else {
3194 sctp->sctp_rexmitting = B_FALSE;
3195 sctp->sctp_rxt_nxttsn = sctp->sctp_ltsn;
3196 sctp->sctp_rxt_maxtsn = sctp->sctp_ltsn;
3197 fp->sf_rxt_unacked = 0;
3198 }
3199 }
3200 return (trysend);
3201 }
3202
3203 /*
3204 * Returns 0 if the caller should stop processing any more chunks,
3205 * 1 if the caller should skip this chunk and continue processing.
3206 */
3207 static int
sctp_strange_chunk(sctp_t * sctp,sctp_chunk_hdr_t * ch,sctp_faddr_t * fp)3208 sctp_strange_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp)
3209 {
3210 size_t len;
3211
3212 BUMP_LOCAL(sctp->sctp_ibchunks);
3213 /* check top two bits for action required */
3214 if (ch->sch_id & 0x40) { /* also matches 0xc0 */
3215 len = ntohs(ch->sch_len);
3216 sctp_add_err(sctp, SCTP_ERR_UNREC_CHUNK, ch, len, fp);
3217
3218 if ((ch->sch_id & 0xc0) == 0xc0) {
3219 /* skip and continue */
3220 return (1);
3221 } else {
3222 /* stop processing */
3223 return (0);
3224 }
3225 }
3226 if (ch->sch_id & 0x80) {
3227 /* skip and continue, no error */
3228 return (1);
3229 }
3230 /* top two bits are clear; stop processing and no error */
3231 return (0);
3232 }
3233
3234 /*
3235 * Basic sanity checks on all input chunks and parameters: they must
3236 * be of legitimate size for their purported type, and must follow
3237 * ordering conventions as defined in rfc2960.
3238 *
3239 * Returns 1 if the chunk and all encloded params are legitimate,
3240 * 0 otherwise.
3241 */
3242 /*ARGSUSED*/
3243 static int
sctp_check_input(sctp_t * sctp,sctp_chunk_hdr_t * ch,ssize_t len,int first)3244 sctp_check_input(sctp_t *sctp, sctp_chunk_hdr_t *ch, ssize_t len, int first)
3245 {
3246 sctp_parm_hdr_t *ph;
3247 void *p = NULL;
3248 ssize_t clen;
3249 uint16_t ch_len;
3250
3251 ch_len = ntohs(ch->sch_len);
3252 if (ch_len > len) {
3253 return (0);
3254 }
3255
3256 switch (ch->sch_id) {
3257 case CHUNK_DATA:
3258 if (ch_len < sizeof (sctp_data_hdr_t)) {
3259 return (0);
3260 }
3261 return (1);
3262 case CHUNK_INIT:
3263 case CHUNK_INIT_ACK:
3264 {
3265 ssize_t remlen = len;
3266
3267 /*
3268 * INIT and INIT-ACK chunks must not be bundled with
3269 * any other.
3270 */
3271 if (!first || sctp_next_chunk(ch, &remlen) != NULL ||
3272 (ch_len < (sizeof (*ch) +
3273 sizeof (sctp_init_chunk_t)))) {
3274 return (0);
3275 }
3276 /* may have params that need checking */
3277 p = (char *)(ch + 1) + sizeof (sctp_init_chunk_t);
3278 clen = ch_len - (sizeof (*ch) +
3279 sizeof (sctp_init_chunk_t));
3280 }
3281 break;
3282 case CHUNK_SACK:
3283 if (ch_len < (sizeof (*ch) + sizeof (sctp_sack_chunk_t))) {
3284 return (0);
3285 }
3286 /* dup and gap reports checked by got_sack() */
3287 return (1);
3288 case CHUNK_SHUTDOWN:
3289 if (ch_len < (sizeof (*ch) + sizeof (uint32_t))) {
3290 return (0);
3291 }
3292 return (1);
3293 case CHUNK_ABORT:
3294 case CHUNK_ERROR:
3295 if (ch_len < sizeof (*ch)) {
3296 return (0);
3297 }
3298 /* may have params that need checking */
3299 p = ch + 1;
3300 clen = ch_len - sizeof (*ch);
3301 break;
3302 case CHUNK_ECNE:
3303 case CHUNK_CWR:
3304 case CHUNK_HEARTBEAT:
3305 case CHUNK_HEARTBEAT_ACK:
3306 /* Full ASCONF chunk and parameter checks are in asconf.c */
3307 case CHUNK_ASCONF:
3308 case CHUNK_ASCONF_ACK:
3309 if (ch_len < sizeof (*ch)) {
3310 return (0);
3311 }
3312 /* heartbeat data checked by process_heartbeat() */
3313 return (1);
3314 case CHUNK_SHUTDOWN_COMPLETE:
3315 {
3316 ssize_t remlen = len;
3317
3318 /*
3319 * SHUTDOWN-COMPLETE chunk must not be bundled with any
3320 * other
3321 */
3322 if (!first || sctp_next_chunk(ch, &remlen) != NULL ||
3323 ch_len < sizeof (*ch)) {
3324 return (0);
3325 }
3326 }
3327 return (1);
3328 case CHUNK_COOKIE:
3329 case CHUNK_COOKIE_ACK:
3330 case CHUNK_SHUTDOWN_ACK:
3331 if (ch_len < sizeof (*ch) || !first) {
3332 return (0);
3333 }
3334 return (1);
3335 case CHUNK_FORWARD_TSN:
3336 if (ch_len < (sizeof (*ch) + sizeof (uint32_t)))
3337 return (0);
3338 return (1);
3339 default:
3340 return (1); /* handled by strange_chunk() */
3341 }
3342
3343 /* check and byteorder parameters */
3344 if (clen <= 0) {
3345 return (1);
3346 }
3347 ASSERT(p != NULL);
3348
3349 ph = p;
3350 while (ph != NULL && clen > 0) {
3351 ch_len = ntohs(ph->sph_len);
3352 if (ch_len > len || ch_len < sizeof (*ph)) {
3353 return (0);
3354 }
3355 ph = sctp_next_parm(ph, &clen);
3356 }
3357
3358 /* All OK */
3359 return (1);
3360 }
3361
3362 static mblk_t *
sctp_check_in_policy(mblk_t * mp,ip_recv_attr_t * ira,ip_stack_t * ipst)3363 sctp_check_in_policy(mblk_t *mp, ip_recv_attr_t *ira, ip_stack_t *ipst)
3364 {
3365 boolean_t policy_present;
3366 ipha_t *ipha;
3367 ip6_t *ip6h;
3368 netstack_t *ns = ipst->ips_netstack;
3369 ipsec_stack_t *ipss = ns->netstack_ipsec;
3370
3371 if (IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION) {
3372 policy_present = ipss->ipsec_inbound_v4_policy_present;
3373 ipha = (ipha_t *)mp->b_rptr;
3374 ip6h = NULL;
3375 } else {
3376 policy_present = ipss->ipsec_inbound_v6_policy_present;
3377 ipha = NULL;
3378 ip6h = (ip6_t *)mp->b_rptr;
3379 }
3380
3381 if (policy_present) {
3382 /*
3383 * The conn_t parameter is NULL because we already know
3384 * nobody's home.
3385 */
3386 mp = ipsec_check_global_policy(mp, (conn_t *)NULL,
3387 ipha, ip6h, ira, ns);
3388 if (mp == NULL)
3389 return (NULL);
3390 }
3391 return (mp);
3392 }
3393
3394 /* Handle out-of-the-blue packets */
3395 void
sctp_ootb_input(mblk_t * mp,ip_recv_attr_t * ira,ip_stack_t * ipst)3396 sctp_ootb_input(mblk_t *mp, ip_recv_attr_t *ira, ip_stack_t *ipst)
3397 {
3398 sctp_t *sctp;
3399 sctp_chunk_hdr_t *ch;
3400 sctp_hdr_t *sctph;
3401 in6_addr_t src, dst;
3402 uint_t ip_hdr_len = ira->ira_ip_hdr_length;
3403 ssize_t mlen;
3404 sctp_stack_t *sctps;
3405 boolean_t secure;
3406 zoneid_t zoneid = ira->ira_zoneid;
3407 uchar_t *rptr;
3408
3409 ASSERT(ira->ira_ill == NULL);
3410
3411 secure = ira->ira_flags & IRAF_IPSEC_SECURE;
3412
3413 sctps = ipst->ips_netstack->netstack_sctp;
3414
3415 SCTPS_BUMP_MIB(sctps, sctpOutOfBlue);
3416 SCTPS_BUMP_MIB(sctps, sctpInSCTPPkts);
3417
3418 if (mp->b_cont != NULL) {
3419 /*
3420 * All subsequent code is vastly simplified if it can
3421 * assume a single contiguous chunk of data.
3422 */
3423 if (pullupmsg(mp, -1) == 0) {
3424 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards);
3425 ip_drop_input("ipIfStatsInDiscards", mp, NULL);
3426 freemsg(mp);
3427 return;
3428 }
3429 }
3430
3431 rptr = mp->b_rptr;
3432 sctph = ((sctp_hdr_t *)&rptr[ip_hdr_len]);
3433 if (ira->ira_flags & IRAF_IS_IPV4) {
3434 ipha_t *ipha;
3435
3436 ipha = (ipha_t *)rptr;
3437 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_src, &src);
3438 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_dst, &dst);
3439 } else {
3440 ip6_t *ip6h;
3441
3442 ip6h = (ip6_t *)rptr;
3443 src = ip6h->ip6_src;
3444 dst = ip6h->ip6_dst;
3445 }
3446
3447 mlen = mp->b_wptr - (uchar_t *)(sctph + 1);
3448 if ((ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen)) == NULL) {
3449 dprint(3, ("sctp_ootb_input: invalid packet\n"));
3450 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards);
3451 ip_drop_input("ipIfStatsInDiscards", mp, NULL);
3452 freemsg(mp);
3453 return;
3454 }
3455
3456 switch (ch->sch_id) {
3457 case CHUNK_INIT:
3458 /* no listener; send abort */
3459 if (secure && sctp_check_in_policy(mp, ira, ipst) == NULL)
3460 return;
3461 sctp_ootb_send_abort(sctp_init2vtag(ch), 0,
3462 NULL, 0, mp, 0, B_TRUE, ira, ipst);
3463 break;
3464 case CHUNK_INIT_ACK:
3465 /* check for changed src addr */
3466 sctp = sctp_addrlist2sctp(mp, sctph, ch, zoneid, sctps);
3467 if (sctp != NULL) {
3468 /* success; proceed to normal path */
3469 mutex_enter(&sctp->sctp_lock);
3470 if (sctp->sctp_running) {
3471 sctp_add_recvq(sctp, mp, B_FALSE, ira);
3472 mutex_exit(&sctp->sctp_lock);
3473 } else {
3474 /*
3475 * If the source address is changed, we
3476 * don't need to worry too much about
3477 * out of order processing. So we don't
3478 * check if the recvq is empty or not here.
3479 */
3480 sctp->sctp_running = B_TRUE;
3481 mutex_exit(&sctp->sctp_lock);
3482 sctp_input_data(sctp, mp, ira);
3483 WAKE_SCTP(sctp);
3484 }
3485 SCTP_REFRELE(sctp);
3486 return;
3487 }
3488 /* else bogus init ack; drop it */
3489 break;
3490 case CHUNK_SHUTDOWN_ACK:
3491 if (secure && sctp_check_in_policy(mp, ira, ipst) == NULL)
3492 return;
3493 sctp_ootb_shutdown_ack(mp, ip_hdr_len, ira, ipst);
3494 return;
3495 case CHUNK_ERROR:
3496 case CHUNK_ABORT:
3497 case CHUNK_COOKIE_ACK:
3498 case CHUNK_SHUTDOWN_COMPLETE:
3499 break;
3500 default:
3501 if (secure && sctp_check_in_policy(mp, ira, ipst) == NULL)
3502 return;
3503 sctp_ootb_send_abort(sctph->sh_verf, 0,
3504 NULL, 0, mp, 0, B_TRUE, ira, ipst);
3505 break;
3506 }
3507 freemsg(mp);
3508 }
3509
3510 /*
3511 * Handle sctp packets.
3512 * Note that we rele the sctp_t (the caller got a reference on it).
3513 */
3514 void
sctp_input(conn_t * connp,ipha_t * ipha,ip6_t * ip6h,mblk_t * mp,ip_recv_attr_t * ira)3515 sctp_input(conn_t *connp, ipha_t *ipha, ip6_t *ip6h, mblk_t *mp,
3516 ip_recv_attr_t *ira)
3517 {
3518 sctp_t *sctp = CONN2SCTP(connp);
3519 boolean_t secure;
3520 ill_t *ill = ira->ira_ill;
3521 ip_stack_t *ipst = ill->ill_ipst;
3522 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec;
3523 iaflags_t iraflags = ira->ira_flags;
3524 ill_t *rill = ira->ira_rill;
3525
3526 secure = iraflags & IRAF_IPSEC_SECURE;
3527
3528 /*
3529 * We check some fields in conn_t without holding a lock.
3530 * This should be fine.
3531 */
3532 if (((iraflags & IRAF_IS_IPV4) ?
3533 CONN_INBOUND_POLICY_PRESENT(connp, ipss) :
3534 CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss)) ||
3535 secure) {
3536 mp = ipsec_check_inbound_policy(mp, connp, ipha,
3537 ip6h, ira);
3538 if (mp == NULL) {
3539 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
3540 /* Note that mp is NULL */
3541 ip_drop_input("ipIfStatsInDiscards", mp, ill);
3542 SCTP_REFRELE(sctp);
3543 return;
3544 }
3545 }
3546
3547 ira->ira_ill = ira->ira_rill = NULL;
3548
3549 mutex_enter(&sctp->sctp_lock);
3550 if (sctp->sctp_running) {
3551 sctp_add_recvq(sctp, mp, B_FALSE, ira);
3552 mutex_exit(&sctp->sctp_lock);
3553 goto done;
3554 } else {
3555 sctp->sctp_running = B_TRUE;
3556 mutex_exit(&sctp->sctp_lock);
3557
3558 mutex_enter(&sctp->sctp_recvq_lock);
3559 if (sctp->sctp_recvq != NULL) {
3560 sctp_add_recvq(sctp, mp, B_TRUE, ira);
3561 mutex_exit(&sctp->sctp_recvq_lock);
3562 WAKE_SCTP(sctp);
3563 goto done;
3564 }
3565 }
3566 mutex_exit(&sctp->sctp_recvq_lock);
3567 if (ira->ira_flags & IRAF_ICMP_ERROR)
3568 sctp_icmp_error(sctp, mp);
3569 else
3570 sctp_input_data(sctp, mp, ira);
3571 WAKE_SCTP(sctp);
3572
3573 done:
3574 SCTP_REFRELE(sctp);
3575 ira->ira_ill = ill;
3576 ira->ira_rill = rill;
3577 }
3578
3579 static void
sctp_process_abort(sctp_t * sctp,sctp_chunk_hdr_t * ch,int err)3580 sctp_process_abort(sctp_t *sctp, sctp_chunk_hdr_t *ch, int err)
3581 {
3582 sctp_stack_t *sctps = sctp->sctp_sctps;
3583
3584 SCTPS_BUMP_MIB(sctps, sctpAborted);
3585 BUMP_LOCAL(sctp->sctp_ibchunks);
3586
3587 /*
3588 * SCTP_COMM_LOST is only sent up if the association is
3589 * established (sctp_state >= SCTPS_ESTABLISHED).
3590 */
3591 if (sctp->sctp_state >= SCTPS_ESTABLISHED) {
3592 sctp_assoc_event(sctp, SCTP_COMM_LOST,
3593 ntohs(((sctp_parm_hdr_t *)(ch + 1))->sph_type), ch);
3594 }
3595
3596 sctp_clean_death(sctp, err);
3597 }
3598
3599 void
sctp_input_data(sctp_t * sctp,mblk_t * mp,ip_recv_attr_t * ira)3600 sctp_input_data(sctp_t *sctp, mblk_t *mp, ip_recv_attr_t *ira)
3601 {
3602 sctp_chunk_hdr_t *ch;
3603 ssize_t mlen;
3604 int gotdata;
3605 int trysend;
3606 sctp_faddr_t *fp;
3607 sctp_init_chunk_t *iack;
3608 uint32_t tsn;
3609 sctp_data_hdr_t *sdc;
3610 ip_pkt_t ipp;
3611 in6_addr_t src;
3612 in6_addr_t dst;
3613 uint_t ifindex;
3614 sctp_hdr_t *sctph;
3615 uint_t ip_hdr_len = ira->ira_ip_hdr_length;
3616 mblk_t *dups = NULL;
3617 int recv_adaptation;
3618 boolean_t wake_eager = B_FALSE;
3619 in6_addr_t peer_src;
3620 int64_t now;
3621 sctp_stack_t *sctps = sctp->sctp_sctps;
3622 ip_stack_t *ipst = sctps->sctps_netstack->netstack_ip;
3623 boolean_t hb_already = B_FALSE;
3624 cred_t *cr;
3625 pid_t cpid;
3626 uchar_t *rptr;
3627 conn_t *connp = sctp->sctp_connp;
3628 boolean_t shutdown_ack_needed = B_FALSE;
3629
3630 ASSERT(DB_TYPE(mp) == M_DATA);
3631 ASSERT(ira->ira_ill == NULL);
3632
3633 if (mp->b_cont != NULL) {
3634 /*
3635 * All subsequent code is vastly simplified if it can
3636 * assume a single contiguous chunk of data.
3637 */
3638 if (pullupmsg(mp, -1) == 0) {
3639 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards);
3640 ip_drop_input("ipIfStatsInDiscards", mp, NULL);
3641 freemsg(mp);
3642 return;
3643 }
3644 }
3645
3646 BUMP_LOCAL(sctp->sctp_ipkts);
3647 ifindex = ira->ira_ruifindex;
3648
3649 rptr = mp->b_rptr;
3650
3651 ipp.ipp_fields = 0;
3652 if (connp->conn_recv_ancillary.crb_all != 0) {
3653 /*
3654 * Record packet information in the ip_pkt_t
3655 */
3656 if (ira->ira_flags & IRAF_IS_IPV4) {
3657 (void) ip_find_hdr_v4((ipha_t *)rptr, &ipp,
3658 B_FALSE);
3659 } else {
3660 uint8_t nexthdrp;
3661
3662 /*
3663 * IPv6 packets can only be received by applications
3664 * that are prepared to receive IPv6 addresses.
3665 * The IP fanout must ensure this.
3666 */
3667 ASSERT(connp->conn_family == AF_INET6);
3668
3669 (void) ip_find_hdr_v6(mp, (ip6_t *)rptr, B_TRUE, &ipp,
3670 &nexthdrp);
3671 ASSERT(nexthdrp == IPPROTO_SCTP);
3672
3673 /* Could have caused a pullup? */
3674 rptr = mp->b_rptr;
3675 }
3676 }
3677
3678 sctph = ((sctp_hdr_t *)&rptr[ip_hdr_len]);
3679
3680 if (ira->ira_flags & IRAF_IS_IPV4) {
3681 ipha_t *ipha;
3682
3683 ipha = (ipha_t *)rptr;
3684 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_src, &src);
3685 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_dst, &dst);
3686 } else {
3687 ip6_t *ip6h;
3688
3689 ip6h = (ip6_t *)rptr;
3690 src = ip6h->ip6_src;
3691 dst = ip6h->ip6_dst;
3692 }
3693
3694 mlen = mp->b_wptr - (uchar_t *)(sctph + 1);
3695 ch = sctp_first_chunk((uchar_t *)(sctph + 1), mlen);
3696 if (ch == NULL) {
3697 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards);
3698 ip_drop_input("ipIfStatsInDiscards", mp, NULL);
3699 freemsg(mp);
3700 return;
3701 }
3702
3703 if (!sctp_check_input(sctp, ch, mlen, 1)) {
3704 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards);
3705 ip_drop_input("ipIfStatsInDiscards", mp, NULL);
3706 goto done;
3707 }
3708 /*
3709 * Check verfication tag (special handling for INIT,
3710 * COOKIE, SHUTDOWN_COMPLETE and SHUTDOWN_ACK chunks).
3711 * ABORTs are handled in the chunk processing loop, since
3712 * may not appear first. All other checked chunks must
3713 * appear first, or will have been dropped by check_input().
3714 */
3715 switch (ch->sch_id) {
3716 case CHUNK_INIT:
3717 if (sctph->sh_verf != 0) {
3718 /* drop it */
3719 goto done;
3720 }
3721 break;
3722 case CHUNK_SHUTDOWN_COMPLETE:
3723 if (sctph->sh_verf == sctp->sctp_lvtag)
3724 break;
3725 if (sctph->sh_verf == sctp->sctp_fvtag &&
3726 SCTP_GET_TBIT(ch)) {
3727 break;
3728 }
3729 /* else drop it */
3730 goto done;
3731 case CHUNK_ABORT:
3732 case CHUNK_COOKIE:
3733 /* handled below */
3734 break;
3735 case CHUNK_SHUTDOWN_ACK:
3736 if (sctp->sctp_state > SCTPS_BOUND &&
3737 sctp->sctp_state < SCTPS_ESTABLISHED) {
3738 /* treat as OOTB */
3739 sctp_ootb_shutdown_ack(mp, ip_hdr_len, ira, ipst);
3740 return;
3741 }
3742 /* else fallthru */
3743 default:
3744 /*
3745 * All other packets must have a valid
3746 * verification tag, however if this is a
3747 * listener, we use a refined version of
3748 * out-of-the-blue logic.
3749 */
3750 if (sctph->sh_verf != sctp->sctp_lvtag &&
3751 sctp->sctp_state != SCTPS_LISTEN) {
3752 /* drop it */
3753 goto done;
3754 }
3755 break;
3756 }
3757
3758 /* Have a valid sctp for this packet */
3759 fp = sctp_lookup_faddr(sctp, &src);
3760 dprint(2, ("sctp_dispatch_rput: mp=%p fp=%p sctp=%p\n", (void *)mp,
3761 (void *)fp, (void *)sctp));
3762
3763 gotdata = 0;
3764 trysend = 0;
3765
3766 now = LBOLT_FASTPATH64;
3767 /* Process the chunks */
3768 do {
3769 dprint(3, ("sctp_dispatch_rput: state=%d, chunk id=%d\n",
3770 sctp->sctp_state, (int)(ch->sch_id)));
3771
3772 if (ch->sch_id == CHUNK_ABORT) {
3773 if (sctph->sh_verf != sctp->sctp_lvtag &&
3774 sctph->sh_verf != sctp->sctp_fvtag) {
3775 /* drop it */
3776 goto done;
3777 }
3778 }
3779
3780 switch (sctp->sctp_state) {
3781
3782 case SCTPS_ESTABLISHED:
3783 case SCTPS_SHUTDOWN_PENDING:
3784 case SCTPS_SHUTDOWN_SENT:
3785 switch (ch->sch_id) {
3786 case CHUNK_DATA:
3787 /* 0-length data chunks are not allowed */
3788 if (ntohs(ch->sch_len) == sizeof (*sdc)) {
3789 sdc = (sctp_data_hdr_t *)ch;
3790 tsn = sdc->sdh_tsn;
3791 sctp_send_abort(sctp, sctp->sctp_fvtag,
3792 SCTP_ERR_NO_USR_DATA, (char *)&tsn,
3793 sizeof (tsn), mp, 0, B_FALSE, ira);
3794 sctp_assoc_event(sctp, SCTP_COMM_LOST,
3795 0, NULL);
3796 sctp_clean_death(sctp, ECONNABORTED);
3797 goto done;
3798 }
3799
3800 ASSERT(fp != NULL);
3801 sctp->sctp_lastdata = fp;
3802 sctp_data_chunk(sctp, ch, mp, &dups, fp,
3803 &ipp, ira);
3804 gotdata = 1;
3805 /* Restart shutdown timer if shutting down */
3806 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) {
3807 /*
3808 * If we have exceeded our max
3809 * wait bound for waiting for a
3810 * shutdown ack from the peer,
3811 * abort the association.
3812 */
3813 if (sctps->sctps_shutack_wait_bound !=
3814 0 &&
3815 TICK_TO_MSEC(now -
3816 sctp->sctp_out_time) >
3817 sctps->sctps_shutack_wait_bound) {
3818 sctp_send_abort(sctp,
3819 sctp->sctp_fvtag, 0, NULL,
3820 0, mp, 0, B_FALSE, ira);
3821 sctp_assoc_event(sctp,
3822 SCTP_COMM_LOST, 0, NULL);
3823 sctp_clean_death(sctp,
3824 ECONNABORTED);
3825 goto done;
3826 }
3827 SCTP_FADDR_TIMER_RESTART(sctp, fp,
3828 fp->sf_rto);
3829 }
3830 break;
3831 case CHUNK_SACK:
3832 ASSERT(fp != NULL);
3833 /*
3834 * Peer is real and alive if it can ack our
3835 * data.
3836 */
3837 sctp_faddr_alive(sctp, fp);
3838 trysend = sctp_got_sack(sctp, ch);
3839 if (trysend < 0) {
3840 sctp_send_abort(sctp, sctph->sh_verf,
3841 0, NULL, 0, mp, 0, B_FALSE, ira);
3842 sctp_assoc_event(sctp,
3843 SCTP_COMM_LOST, 0, NULL);
3844 sctp_clean_death(sctp,
3845 ECONNABORTED);
3846 goto done;
3847 }
3848 break;
3849 case CHUNK_HEARTBEAT:
3850 if (!hb_already) {
3851 /*
3852 * In any one packet, there should
3853 * only be one heartbeat chunk. So
3854 * we should not process more than
3855 * once.
3856 */
3857 sctp_return_heartbeat(sctp, ch, mp);
3858 hb_already = B_TRUE;
3859 }
3860 break;
3861 case CHUNK_HEARTBEAT_ACK:
3862 sctp_process_heartbeat(sctp, ch);
3863 break;
3864 case CHUNK_SHUTDOWN:
3865 sctp_shutdown_event(sctp);
3866 trysend = sctp_shutdown_received(sctp, ch,
3867 B_FALSE, B_FALSE, fp);
3868 BUMP_LOCAL(sctp->sctp_ibchunks);
3869 break;
3870 case CHUNK_SHUTDOWN_ACK:
3871 BUMP_LOCAL(sctp->sctp_ibchunks);
3872 if (sctp->sctp_state == SCTPS_SHUTDOWN_SENT) {
3873 sctp_shutdown_complete(sctp);
3874 SCTPS_BUMP_MIB(sctps, sctpShutdowns);
3875 sctp_assoc_event(sctp,
3876 SCTP_SHUTDOWN_COMP, 0, NULL);
3877 sctp_clean_death(sctp, 0);
3878 goto done;
3879 }
3880 break;
3881 case CHUNK_ABORT: {
3882 sctp_saddr_ipif_t *sp;
3883
3884 /* Ignore if delete pending */
3885 sp = sctp_saddr_lookup(sctp, &dst, 0);
3886 ASSERT(sp != NULL);
3887 if (sp->saddr_ipif_delete_pending) {
3888 BUMP_LOCAL(sctp->sctp_ibchunks);
3889 break;
3890 }
3891
3892 sctp_process_abort(sctp, ch, ECONNRESET);
3893 goto done;
3894 }
3895 case CHUNK_INIT:
3896 sctp_send_initack(sctp, sctph, ch, mp, ira);
3897 break;
3898 case CHUNK_COOKIE:
3899 if (sctp_process_cookie(sctp, ch, mp, &iack,
3900 sctph, &recv_adaptation, NULL, ira) != -1) {
3901 sctp_send_cookie_ack(sctp);
3902 sctp_assoc_event(sctp, SCTP_RESTART,
3903 0, NULL);
3904 if (recv_adaptation) {
3905 sctp->sctp_recv_adaptation = 1;
3906 sctp_adaptation_event(sctp);
3907 }
3908 } else {
3909 SCTPS_BUMP_MIB(sctps,
3910 sctpInInvalidCookie);
3911 }
3912 break;
3913 case CHUNK_ERROR: {
3914 int error;
3915
3916 BUMP_LOCAL(sctp->sctp_ibchunks);
3917 error = sctp_handle_error(sctp, sctph, ch, mp,
3918 ira);
3919 if (error != 0) {
3920 sctp_assoc_event(sctp, SCTP_COMM_LOST,
3921 0, NULL);
3922 sctp_clean_death(sctp, error);
3923 goto done;
3924 }
3925 break;
3926 }
3927 case CHUNK_ASCONF:
3928 ASSERT(fp != NULL);
3929 sctp_input_asconf(sctp, ch, fp);
3930 BUMP_LOCAL(sctp->sctp_ibchunks);
3931 break;
3932 case CHUNK_ASCONF_ACK:
3933 ASSERT(fp != NULL);
3934 sctp_faddr_alive(sctp, fp);
3935 sctp_input_asconf_ack(sctp, ch, fp);
3936 BUMP_LOCAL(sctp->sctp_ibchunks);
3937 break;
3938 case CHUNK_FORWARD_TSN:
3939 ASSERT(fp != NULL);
3940 sctp->sctp_lastdata = fp;
3941 sctp_process_forward_tsn(sctp, ch, fp,
3942 &ipp, ira);
3943 gotdata = 1;
3944 BUMP_LOCAL(sctp->sctp_ibchunks);
3945 break;
3946 default:
3947 if (sctp_strange_chunk(sctp, ch, fp) == 0) {
3948 goto nomorechunks;
3949 } /* else skip and continue processing */
3950 break;
3951 }
3952 break;
3953
3954 case SCTPS_LISTEN:
3955 switch (ch->sch_id) {
3956 case CHUNK_INIT:
3957 sctp_send_initack(sctp, sctph, ch, mp, ira);
3958 break;
3959 case CHUNK_COOKIE: {
3960 sctp_t *eager;
3961
3962 if (sctp_process_cookie(sctp, ch, mp, &iack,
3963 sctph, &recv_adaptation, &peer_src,
3964 ira) == -1) {
3965 SCTPS_BUMP_MIB(sctps,
3966 sctpInInvalidCookie);
3967 goto done;
3968 }
3969
3970 /*
3971 * The cookie is good; ensure that
3972 * the peer used the verification
3973 * tag from the init ack in the header.
3974 */
3975 if (iack->sic_inittag != sctph->sh_verf)
3976 goto done;
3977
3978 eager = sctp_conn_request(sctp, mp, ifindex,
3979 ip_hdr_len, iack, ira);
3980 if (eager == NULL) {
3981 sctp_send_abort(sctp, sctph->sh_verf,
3982 SCTP_ERR_NO_RESOURCES, NULL, 0, mp,
3983 0, B_FALSE, ira);
3984 goto done;
3985 }
3986
3987 /*
3988 * If there were extra chunks
3989 * bundled with the cookie,
3990 * they must be processed
3991 * on the eager's queue. We
3992 * accomplish this by refeeding
3993 * the whole packet into the
3994 * state machine on the right
3995 * q. The packet (mp) gets
3996 * there via the eager's
3997 * cookie_mp field (overloaded
3998 * with the active open role).
3999 * This is picked up when
4000 * processing the null bind
4001 * request put on the eager's
4002 * q by sctp_accept(). We must
4003 * first revert the cookie
4004 * chunk's length field to network
4005 * byteorder so it can be
4006 * properly reprocessed on the
4007 * eager's queue.
4008 */
4009 SCTPS_BUMP_MIB(sctps, sctpPassiveEstab);
4010 if (mlen > ntohs(ch->sch_len)) {
4011 eager->sctp_cookie_mp = dupb(mp);
4012 /*
4013 * If no mem, just let
4014 * the peer retransmit.
4015 */
4016 }
4017 sctp_assoc_event(eager, SCTP_COMM_UP, 0, NULL);
4018 if (recv_adaptation) {
4019 eager->sctp_recv_adaptation = 1;
4020 eager->sctp_rx_adaptation_code =
4021 sctp->sctp_rx_adaptation_code;
4022 sctp_adaptation_event(eager);
4023 }
4024
4025 eager->sctp_active = now;
4026 sctp_send_cookie_ack(eager);
4027
4028 wake_eager = B_TRUE;
4029
4030 /*
4031 * Process rest of the chunks with eager.
4032 */
4033 sctp = eager;
4034 fp = sctp_lookup_faddr(sctp, &peer_src);
4035 /*
4036 * Confirm peer's original source. fp can
4037 * only be NULL if peer does not use the
4038 * original source as one of its addresses...
4039 */
4040 if (fp == NULL)
4041 fp = sctp_lookup_faddr(sctp, &src);
4042 else
4043 sctp_faddr_alive(sctp, fp);
4044
4045 /*
4046 * Validate the peer addresses. It also starts
4047 * the heartbeat timer.
4048 */
4049 sctp_validate_peer(sctp);
4050 break;
4051 }
4052 /* Anything else is considered out-of-the-blue */
4053 case CHUNK_ERROR:
4054 case CHUNK_ABORT:
4055 case CHUNK_COOKIE_ACK:
4056 case CHUNK_SHUTDOWN_COMPLETE:
4057 BUMP_LOCAL(sctp->sctp_ibchunks);
4058 goto done;
4059 default:
4060 BUMP_LOCAL(sctp->sctp_ibchunks);
4061 sctp_send_abort(sctp, sctph->sh_verf, 0, NULL,
4062 0, mp, 0, B_TRUE, ira);
4063 goto done;
4064 }
4065 break;
4066
4067 case SCTPS_COOKIE_WAIT:
4068 switch (ch->sch_id) {
4069 case CHUNK_INIT_ACK:
4070 sctp_stop_faddr_timers(sctp);
4071 sctp_faddr_alive(sctp, sctp->sctp_current);
4072 sctp_send_cookie_echo(sctp, ch, mp, ira);
4073 BUMP_LOCAL(sctp->sctp_ibchunks);
4074 break;
4075 case CHUNK_ABORT:
4076 sctp_process_abort(sctp, ch, ECONNREFUSED);
4077 goto done;
4078 case CHUNK_INIT:
4079 sctp_send_initack(sctp, sctph, ch, mp, ira);
4080 break;
4081 case CHUNK_COOKIE:
4082 cr = ira->ira_cred;
4083 cpid = ira->ira_cpid;
4084
4085 if (sctp_process_cookie(sctp, ch, mp, &iack,
4086 sctph, &recv_adaptation, NULL, ira) == -1) {
4087 SCTPS_BUMP_MIB(sctps,
4088 sctpInInvalidCookie);
4089 break;
4090 }
4091 sctp_send_cookie_ack(sctp);
4092 sctp_stop_faddr_timers(sctp);
4093 if (!SCTP_IS_DETACHED(sctp)) {
4094 sctp->sctp_ulp_connected(
4095 sctp->sctp_ulpd, 0, cr, cpid);
4096 sctp_set_ulp_prop(sctp);
4097
4098 }
4099 SCTP_ASSOC_EST(sctps, sctp);
4100 SCTPS_BUMP_MIB(sctps, sctpActiveEstab);
4101 if (sctp->sctp_cookie_mp) {
4102 freemsg(sctp->sctp_cookie_mp);
4103 sctp->sctp_cookie_mp = NULL;
4104 }
4105
4106 /* Validate the peer addresses. */
4107 sctp->sctp_active = now;
4108 sctp_validate_peer(sctp);
4109
4110 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL);
4111 if (recv_adaptation) {
4112 sctp->sctp_recv_adaptation = 1;
4113 sctp_adaptation_event(sctp);
4114 }
4115 /* Try sending queued data, or ASCONFs */
4116 trysend = 1;
4117 break;
4118 default:
4119 if (sctp_strange_chunk(sctp, ch, fp) == 0) {
4120 goto nomorechunks;
4121 } /* else skip and continue processing */
4122 break;
4123 }
4124 break;
4125
4126 case SCTPS_COOKIE_ECHOED:
4127 switch (ch->sch_id) {
4128 case CHUNK_COOKIE_ACK:
4129 cr = ira->ira_cred;
4130 cpid = ira->ira_cpid;
4131
4132 if (!SCTP_IS_DETACHED(sctp)) {
4133 sctp->sctp_ulp_connected(
4134 sctp->sctp_ulpd, 0, cr, cpid);
4135 sctp_set_ulp_prop(sctp);
4136 }
4137 if (sctp->sctp_unacked == 0)
4138 sctp_stop_faddr_timers(sctp);
4139 SCTP_ASSOC_EST(sctps, sctp);
4140 SCTPS_BUMP_MIB(sctps, sctpActiveEstab);
4141 BUMP_LOCAL(sctp->sctp_ibchunks);
4142 if (sctp->sctp_cookie_mp) {
4143 freemsg(sctp->sctp_cookie_mp);
4144 sctp->sctp_cookie_mp = NULL;
4145 }
4146 sctp_faddr_alive(sctp, fp);
4147 /* Validate the peer addresses. */
4148 sctp->sctp_active = now;
4149 sctp_validate_peer(sctp);
4150
4151 /* Try sending queued data, or ASCONFs */
4152 trysend = 1;
4153 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL);
4154 sctp_adaptation_event(sctp);
4155 break;
4156 case CHUNK_ABORT:
4157 sctp_process_abort(sctp, ch, ECONNREFUSED);
4158 goto done;
4159 case CHUNK_COOKIE:
4160 cr = ira->ira_cred;
4161 cpid = ira->ira_cpid;
4162
4163 if (sctp_process_cookie(sctp, ch, mp, &iack,
4164 sctph, &recv_adaptation, NULL, ira) == -1) {
4165 SCTPS_BUMP_MIB(sctps,
4166 sctpInInvalidCookie);
4167 break;
4168 }
4169 sctp_send_cookie_ack(sctp);
4170
4171 if (!SCTP_IS_DETACHED(sctp)) {
4172 sctp->sctp_ulp_connected(
4173 sctp->sctp_ulpd, 0, cr, cpid);
4174 sctp_set_ulp_prop(sctp);
4175
4176 }
4177 if (sctp->sctp_unacked == 0)
4178 sctp_stop_faddr_timers(sctp);
4179 SCTP_ASSOC_EST(sctps, sctp);
4180 SCTPS_BUMP_MIB(sctps, sctpActiveEstab);
4181 if (sctp->sctp_cookie_mp) {
4182 freemsg(sctp->sctp_cookie_mp);
4183 sctp->sctp_cookie_mp = NULL;
4184 }
4185 /* Validate the peer addresses. */
4186 sctp->sctp_active = now;
4187 sctp_validate_peer(sctp);
4188
4189 sctp_assoc_event(sctp, SCTP_COMM_UP, 0, NULL);
4190 if (recv_adaptation) {
4191 sctp->sctp_recv_adaptation = 1;
4192 sctp_adaptation_event(sctp);
4193 }
4194 /* Try sending queued data, or ASCONFs */
4195 trysend = 1;
4196 break;
4197 case CHUNK_INIT:
4198 sctp_send_initack(sctp, sctph, ch, mp, ira);
4199 break;
4200 case CHUNK_ERROR: {
4201 sctp_parm_hdr_t *p;
4202
4203 BUMP_LOCAL(sctp->sctp_ibchunks);
4204 /* check for a stale cookie */
4205 if (ntohs(ch->sch_len) >=
4206 (sizeof (*p) + sizeof (*ch)) +
4207 sizeof (uint32_t)) {
4208
4209 p = (sctp_parm_hdr_t *)(ch + 1);
4210 if (p->sph_type ==
4211 htons(SCTP_ERR_STALE_COOKIE)) {
4212 SCTPS_BUMP_MIB(sctps,
4213 sctpAborted);
4214 sctp_error_event(sctp,
4215 ch, B_FALSE);
4216 sctp_assoc_event(sctp,
4217 SCTP_COMM_LOST, 0, NULL);
4218 sctp_clean_death(sctp,
4219 ECONNREFUSED);
4220 goto done;
4221 }
4222 }
4223 break;
4224 }
4225 case CHUNK_HEARTBEAT:
4226 if (!hb_already) {
4227 sctp_return_heartbeat(sctp, ch, mp);
4228 hb_already = B_TRUE;
4229 }
4230 break;
4231 default:
4232 if (sctp_strange_chunk(sctp, ch, fp) == 0) {
4233 goto nomorechunks;
4234 } /* else skip and continue processing */
4235 } /* switch (ch->sch_id) */
4236 break;
4237
4238 case SCTPS_SHUTDOWN_ACK_SENT:
4239 switch (ch->sch_id) {
4240 case CHUNK_ABORT:
4241 /* Pass gathered wisdom to IP for keeping */
4242 sctp_update_dce(sctp);
4243 sctp_process_abort(sctp, ch, 0);
4244 goto done;
4245 case CHUNK_SHUTDOWN_COMPLETE:
4246 BUMP_LOCAL(sctp->sctp_ibchunks);
4247 SCTPS_BUMP_MIB(sctps, sctpShutdowns);
4248 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0,
4249 NULL);
4250
4251 /* Pass gathered wisdom to IP for keeping */
4252 sctp_update_dce(sctp);
4253 sctp_clean_death(sctp, 0);
4254 goto done;
4255 case CHUNK_SHUTDOWN_ACK:
4256 sctp_shutdown_complete(sctp);
4257 BUMP_LOCAL(sctp->sctp_ibchunks);
4258 SCTPS_BUMP_MIB(sctps, sctpShutdowns);
4259 sctp_assoc_event(sctp, SCTP_SHUTDOWN_COMP, 0,
4260 NULL);
4261 sctp_clean_death(sctp, 0);
4262 goto done;
4263 case CHUNK_COOKIE:
4264 (void) sctp_shutdown_received(sctp, NULL,
4265 B_TRUE, B_FALSE, fp);
4266 BUMP_LOCAL(sctp->sctp_ibchunks);
4267 break;
4268 case CHUNK_HEARTBEAT:
4269 if (!hb_already) {
4270 sctp_return_heartbeat(sctp, ch, mp);
4271 hb_already = B_TRUE;
4272 }
4273 break;
4274 default:
4275 if (sctp_strange_chunk(sctp, ch, fp) == 0) {
4276 goto nomorechunks;
4277 } /* else skip and continue processing */
4278 break;
4279 }
4280 break;
4281
4282 case SCTPS_SHUTDOWN_RECEIVED:
4283 switch (ch->sch_id) {
4284 case CHUNK_SHUTDOWN:
4285 trysend = sctp_shutdown_received(sctp, ch,
4286 B_FALSE, B_FALSE, fp);
4287 /*
4288 * shutdown_ack_needed may have been set as
4289 * mentioned in the case CHUNK_SACK below.
4290 * If sctp_shutdown_received() above found
4291 * the xmit queue empty the SHUTDOWN ACK chunk
4292 * has already been sent (or scheduled to be
4293 * sent on the timer) and the SCTP state
4294 * changed, so reset shutdown_ack_needed.
4295 */
4296 if (shutdown_ack_needed && (sctp->sctp_state ==
4297 SCTPS_SHUTDOWN_ACK_SENT))
4298 shutdown_ack_needed = B_FALSE;
4299 break;
4300 case CHUNK_SACK:
4301 trysend = sctp_got_sack(sctp, ch);
4302 if (trysend < 0) {
4303 sctp_send_abort(sctp, sctph->sh_verf,
4304 0, NULL, 0, mp, 0, B_FALSE, ira);
4305 sctp_assoc_event(sctp,
4306 SCTP_COMM_LOST, 0, NULL);
4307 sctp_clean_death(sctp,
4308 ECONNABORTED);
4309 goto done;
4310 }
4311
4312 /*
4313 * All data acknowledgement after a shutdown
4314 * should be done with SHUTDOWN chunk.
4315 * However some peer SCTP do not conform with
4316 * this and can unexpectedly send a SACK chunk.
4317 * If all data are acknowledged, set
4318 * shutdown_ack_needed here indicating that
4319 * SHUTDOWN ACK needs to be sent later by
4320 * sctp_send_shutdown_ack().
4321 */
4322 if ((sctp->sctp_xmit_head == NULL) &&
4323 (sctp->sctp_xmit_unsent == NULL))
4324 shutdown_ack_needed = B_TRUE;
4325 break;
4326 case CHUNK_ABORT:
4327 sctp_process_abort(sctp, ch, ECONNRESET);
4328 goto done;
4329 case CHUNK_HEARTBEAT:
4330 if (!hb_already) {
4331 sctp_return_heartbeat(sctp, ch, mp);
4332 hb_already = B_TRUE;
4333 }
4334 break;
4335 default:
4336 if (sctp_strange_chunk(sctp, ch, fp) == 0) {
4337 goto nomorechunks;
4338 } /* else skip and continue processing */
4339 break;
4340 }
4341 break;
4342
4343 default:
4344 /*
4345 * The only remaining states are SCTPS_IDLE and
4346 * SCTPS_BOUND, and we should not be getting here
4347 * for these.
4348 */
4349 ASSERT(0);
4350 } /* switch (sctp->sctp_state) */
4351
4352 ch = sctp_next_chunk(ch, &mlen);
4353 if (ch != NULL && !sctp_check_input(sctp, ch, mlen, 0))
4354 goto done;
4355 } while (ch != NULL);
4356
4357 /* Finished processing all chunks in packet */
4358
4359 nomorechunks:
4360
4361 if (shutdown_ack_needed)
4362 sctp_send_shutdown_ack(sctp, fp, B_FALSE);
4363
4364 /* SACK if necessary */
4365 if (gotdata) {
4366 boolean_t sack_sent;
4367
4368 (sctp->sctp_sack_toggle)++;
4369 sack_sent = sctp_sack(sctp, dups);
4370 dups = NULL;
4371
4372 /* If a SACK is sent, no need to restart the timer. */
4373 if (!sack_sent && !sctp->sctp_ack_timer_running) {
4374 sctp->sctp_ack_timer_running = B_TRUE;
4375 sctp_timer(sctp, sctp->sctp_ack_mp,
4376 MSEC_TO_TICK(sctps->sctps_deferred_ack_interval));
4377 }
4378 }
4379
4380 if (trysend) {
4381 sctp_output(sctp, UINT_MAX);
4382 if (sctp->sctp_cxmit_list != NULL)
4383 sctp_wput_asconf(sctp, NULL);
4384 }
4385 /*
4386 * If there is unsent data, make sure a timer is running, check
4387 * timer_mp, if sctp_closei_local() ran the timers may be free.
4388 */
4389 if (sctp->sctp_unsent > 0 && !sctp->sctp_current->sf_timer_running &&
4390 sctp->sctp_current->sf_timer_mp != NULL) {
4391 SCTP_FADDR_TIMER_RESTART(sctp, sctp->sctp_current,
4392 sctp->sctp_current->sf_rto);
4393 }
4394
4395 done:
4396 if (dups != NULL)
4397 freeb(dups);
4398 freemsg(mp);
4399
4400 if (sctp->sctp_err_chunks != NULL)
4401 sctp_process_err(sctp);
4402
4403 if (wake_eager) {
4404 /*
4405 * sctp points to newly created control block, need to
4406 * release it before exiting.
4407 */
4408 WAKE_SCTP(sctp);
4409 }
4410 }
4411
4412 /*
4413 * Some amount of data got removed from ULP's receive queue and we can
4414 * push messages up if we are flow controlled before. Reset the receive
4415 * window to full capacity (conn_rcvbuf) and check if we should send a
4416 * window update.
4417 */
4418 void
sctp_recvd(sctp_t * sctp,int len)4419 sctp_recvd(sctp_t *sctp, int len)
4420 {
4421 sctp_stack_t *sctps = sctp->sctp_sctps;
4422 conn_t *connp = sctp->sctp_connp;
4423 boolean_t send_sack = B_FALSE;
4424
4425 ASSERT(sctp != NULL);
4426 RUN_SCTP(sctp);
4427
4428 sctp->sctp_flowctrld = B_FALSE;
4429 /* This is the amount of data queued in ULP. */
4430 sctp->sctp_ulp_rxqueued = connp->conn_rcvbuf - len;
4431
4432 if (connp->conn_rcvbuf - sctp->sctp_arwnd >= sctp->sctp_mss)
4433 send_sack = B_TRUE;
4434 sctp->sctp_rwnd = connp->conn_rcvbuf;
4435
4436 if (sctp->sctp_state >= SCTPS_ESTABLISHED && send_sack) {
4437 sctp->sctp_force_sack = 1;
4438 SCTPS_BUMP_MIB(sctps, sctpOutWinUpdate);
4439 (void) sctp_sack(sctp, NULL);
4440 }
4441 WAKE_SCTP(sctp);
4442 }
4443