/src/usrsctp/usrsctplib/netinet/sctp_input.c
Line | Count | Source |
1 | | /*- |
2 | | * SPDX-License-Identifier: BSD-3-Clause |
3 | | * |
4 | | * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. |
5 | | * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. |
6 | | * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. |
7 | | * |
8 | | * Redistribution and use in source and binary forms, with or without |
9 | | * modification, are permitted provided that the following conditions are met: |
10 | | * |
11 | | * a) Redistributions of source code must retain the above copyright notice, |
12 | | * this list of conditions and the following disclaimer. |
13 | | * |
14 | | * b) Redistributions in binary form must reproduce the above copyright |
15 | | * notice, this list of conditions and the following disclaimer in |
16 | | * the documentation and/or other materials provided with the distribution. |
17 | | * |
18 | | * c) Neither the name of Cisco Systems, Inc. nor the names of its |
19 | | * contributors may be used to endorse or promote products derived |
20 | | * from this software without specific prior written permission. |
21 | | * |
22 | | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
23 | | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, |
24 | | * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
25 | | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE |
26 | | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
27 | | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
28 | | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
29 | | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
30 | | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
31 | | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF |
32 | | * THE POSSIBILITY OF SUCH DAMAGE. |
33 | | */ |
34 | | |
35 | | #include <netinet/sctp_os.h> |
36 | | #include <netinet/sctp_var.h> |
37 | | #include <netinet/sctp_sysctl.h> |
38 | | #include <netinet/sctp_pcb.h> |
39 | | #include <netinet/sctp_header.h> |
40 | | #include <netinet/sctputil.h> |
41 | | #include <netinet/sctp_output.h> |
42 | | #include <netinet/sctp_input.h> |
43 | | #include <netinet/sctp_auth.h> |
44 | | #include <netinet/sctp_indata.h> |
45 | | #include <netinet/sctp_asconf.h> |
46 | | #include <netinet/sctp_bsd_addr.h> |
47 | | #include <netinet/sctp_timer.h> |
48 | | #include <netinet/sctp_crc32.h> |
49 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
50 | | #include <netinet/sctp_kdtrace.h> |
51 | | #endif |
52 | | #if defined(INET) || defined(INET6) |
53 | | #if !defined(_WIN32) |
54 | | #include <netinet/udp.h> |
55 | | #endif |
56 | | #endif |
57 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
58 | | #include <sys/smp.h> |
59 | | #endif |
60 | | |
61 | | static void |
62 | | sctp_stop_all_cookie_timers(struct sctp_tcb *stcb) |
63 | 1.59k | { |
64 | 1.59k | struct sctp_nets *net; |
65 | | |
66 | | /* This now not only stops all cookie timers |
67 | | * it also stops any INIT timers as well. This |
68 | | * will make sure that the timers are stopped in |
69 | | * all collision cases. |
70 | | */ |
71 | 1.59k | SCTP_TCB_LOCK_ASSERT(stcb); |
72 | 1.59k | TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { |
73 | 1.59k | if (net->rxt_timer.type == SCTP_TIMER_TYPE_COOKIE) { |
74 | 1.59k | sctp_timer_stop(SCTP_TIMER_TYPE_COOKIE, |
75 | 1.59k | stcb->sctp_ep, |
76 | 1.59k | stcb, |
77 | 1.59k | net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_1); |
78 | 1.59k | } else if (net->rxt_timer.type == SCTP_TIMER_TYPE_INIT) { |
79 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_INIT, |
80 | 0 | stcb->sctp_ep, |
81 | 0 | stcb, |
82 | 0 | net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_2); |
83 | 0 | } |
84 | 1.59k | } |
85 | 1.59k | } |
86 | | |
87 | | /* INIT handler */ |
88 | | static void |
89 | | sctp_handle_init(struct mbuf *m, int iphlen, int offset, |
90 | | struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, |
91 | | struct sctp_init_chunk *cp, struct sctp_inpcb *inp, |
92 | | struct sctp_tcb *stcb, struct sctp_nets *net, |
93 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
94 | | uint8_t mflowtype, uint32_t mflowid, |
95 | | #endif |
96 | | uint32_t vrf_id, uint16_t port) |
97 | 0 | { |
98 | 0 | struct sctp_init *init; |
99 | 0 | struct mbuf *op_err; |
100 | |
|
101 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_init: handling INIT tcb:%p\n", |
102 | 0 | (void *)stcb); |
103 | 0 | if (stcb == NULL) { |
104 | 0 | SCTP_INP_RLOCK(inp); |
105 | 0 | } |
106 | | /* Validate parameters */ |
107 | 0 | init = &cp->init; |
108 | 0 | if (ntohl(init->initiate_tag) == 0) { |
109 | 0 | goto outnow; |
110 | 0 | } |
111 | 0 | if ((ntohl(init->a_rwnd) < SCTP_MIN_RWND) || |
112 | 0 | (ntohs(init->num_inbound_streams) == 0) || |
113 | 0 | (ntohs(init->num_outbound_streams) == 0)) { |
114 | | /* protocol error... send abort */ |
115 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); |
116 | 0 | sctp_send_abort(m, iphlen, src, dst, sh, init->initiate_tag, op_err, |
117 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
118 | | mflowtype, mflowid, inp->fibnum, |
119 | | #endif |
120 | 0 | vrf_id, port); |
121 | 0 | goto outnow; |
122 | 0 | } |
123 | 0 | if (sctp_validate_init_auth_params(m, offset + sizeof(*cp), |
124 | 0 | offset + ntohs(cp->ch.chunk_length))) { |
125 | | /* auth parameter(s) error... send abort */ |
126 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
127 | 0 | "Problem with AUTH parameters"); |
128 | 0 | sctp_send_abort(m, iphlen, src, dst, sh, init->initiate_tag, op_err, |
129 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
130 | | mflowtype, mflowid, inp->fibnum, |
131 | | #endif |
132 | 0 | vrf_id, port); |
133 | 0 | goto outnow; |
134 | 0 | } |
135 | | /* We are only accepting if we have a listening socket.*/ |
136 | 0 | if ((stcb == NULL) && |
137 | 0 | ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || |
138 | 0 | (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || |
139 | 0 | (!SCTP_IS_LISTENING(inp)))) { |
140 | | /* |
141 | | * FIX ME ?? What about TCP model and we have a |
142 | | * match/restart case? Actually no fix is needed. |
143 | | * the lookup will always find the existing assoc so stcb |
144 | | * would not be NULL. It may be questionable to do this |
145 | | * since we COULD just send back the INIT-ACK and hope that |
146 | | * the app did accept()'s by the time the COOKIE was sent. But |
147 | | * there is a price to pay for COOKIE generation and I don't |
148 | | * want to pay it on the chance that the app will actually do |
149 | | * some accepts(). The App just looses and should NOT be in |
150 | | * this state :-) |
151 | | */ |
152 | 0 | if (SCTP_BASE_SYSCTL(sctp_blackhole) == 0) { |
153 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
154 | 0 | "No listener"); |
155 | 0 | sctp_send_abort(m, iphlen, src, dst, sh, 0, op_err, |
156 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
157 | | mflowtype, mflowid, inp->fibnum, |
158 | | #endif |
159 | 0 | vrf_id, port); |
160 | 0 | } |
161 | 0 | goto outnow; |
162 | 0 | } |
163 | 0 | if ((stcb != NULL) && |
164 | 0 | (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT)) { |
165 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending SHUTDOWN-ACK\n"); |
166 | 0 | sctp_send_shutdown_ack(stcb, NULL); |
167 | 0 | sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED); |
168 | 0 | } else { |
169 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending INIT-ACK\n"); |
170 | 0 | sctp_send_initiate_ack(inp, stcb, net, m, iphlen, offset, |
171 | 0 | src, dst, sh, cp, |
172 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
173 | | mflowtype, mflowid, |
174 | | #endif |
175 | 0 | vrf_id, port); |
176 | 0 | } |
177 | 0 | outnow: |
178 | 0 | if (stcb == NULL) { |
179 | 0 | SCTP_INP_RUNLOCK(inp); |
180 | 0 | } |
181 | 0 | } |
182 | | |
183 | | /* |
184 | | * process peer "INIT/INIT-ACK" chunk returns value < 0 on error |
185 | | */ |
186 | | |
187 | | int |
188 | | sctp_is_there_unsent_data(struct sctp_tcb *stcb, int so_locked) |
189 | 44.9k | { |
190 | 44.9k | int unsent_data; |
191 | 44.9k | unsigned int i; |
192 | 44.9k | struct sctp_stream_queue_pending *sp; |
193 | 44.9k | struct sctp_association *asoc; |
194 | | |
195 | 44.9k | SCTP_TCB_LOCK_ASSERT(stcb); |
196 | | |
197 | | /* This function returns if any stream has true unsent data on it. |
198 | | * Note that as it looks through it will clean up any places that |
199 | | * have old data that has been sent but left at top of stream queue. |
200 | | */ |
201 | 44.9k | asoc = &stcb->asoc; |
202 | 44.9k | unsent_data = 0; |
203 | 44.9k | if (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc)) { |
204 | | /* Check to see if some data queued */ |
205 | 44.9k | for (i = 0; i < stcb->asoc.streamoutcnt; i++) { |
206 | | /*sa_ignore FREED_MEMORY*/ |
207 | 44.9k | sp = TAILQ_FIRST(&stcb->asoc.strmout[i].outqueue); |
208 | 44.9k | if (sp == NULL) { |
209 | 0 | continue; |
210 | 0 | } |
211 | 44.9k | if ((sp->msg_is_complete) && |
212 | 44.9k | (sp->length == 0) && |
213 | 0 | (sp->sender_all_done)) { |
214 | | /* We are doing differed cleanup. Last |
215 | | * time through when we took all the data |
216 | | * the sender_all_done was not set. |
217 | | */ |
218 | 0 | if (sp->put_last_out == 0) { |
219 | 0 | SCTP_PRINTF("Gak, put out entire msg with NO end!-1\n"); |
220 | 0 | SCTP_PRINTF("sender_done:%d len:%d msg_comp:%d put_last_out:%d\n", |
221 | 0 | sp->sender_all_done, |
222 | 0 | sp->length, |
223 | 0 | sp->msg_is_complete, |
224 | 0 | sp->put_last_out); |
225 | 0 | } |
226 | 0 | atomic_subtract_int(&stcb->asoc.stream_queue_cnt, 1); |
227 | 0 | TAILQ_REMOVE(&stcb->asoc.strmout[i].outqueue, sp, next); |
228 | 0 | stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, &asoc->strmout[i], sp); |
229 | 0 | if (sp->net) { |
230 | 0 | sctp_free_remote_addr(sp->net); |
231 | 0 | sp->net = NULL; |
232 | 0 | } |
233 | 0 | if (sp->data) { |
234 | 0 | sctp_m_freem(sp->data); |
235 | 0 | sp->data = NULL; |
236 | 0 | } |
237 | 0 | sctp_free_a_strmoq(stcb, sp, so_locked); |
238 | 0 | if (!TAILQ_EMPTY(&stcb->asoc.strmout[i].outqueue)) { |
239 | 0 | unsent_data++; |
240 | 0 | } |
241 | 44.9k | } else { |
242 | 44.9k | unsent_data++; |
243 | 44.9k | } |
244 | 44.9k | if (unsent_data > 0) { |
245 | 44.9k | break; |
246 | 44.9k | } |
247 | 44.9k | } |
248 | 44.9k | } |
249 | 44.9k | return (unsent_data); |
250 | 44.9k | } |
251 | | |
252 | | static int |
253 | | sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb) |
254 | 1.59k | { |
255 | 1.59k | struct sctp_init *init; |
256 | 1.59k | struct sctp_association *asoc; |
257 | 1.59k | struct sctp_nets *lnet; |
258 | 1.59k | unsigned int i; |
259 | | |
260 | 1.59k | SCTP_TCB_LOCK_ASSERT(stcb); |
261 | | |
262 | 1.59k | init = &cp->init; |
263 | 1.59k | asoc = &stcb->asoc; |
264 | | /* save off parameters */ |
265 | 1.59k | asoc->peer_vtag = ntohl(init->initiate_tag); |
266 | 1.59k | asoc->peers_rwnd = ntohl(init->a_rwnd); |
267 | | /* init tsn's */ |
268 | 1.59k | asoc->highest_tsn_inside_map = asoc->asconf_seq_in = ntohl(init->initial_tsn) - 1; |
269 | | |
270 | 1.59k | if (!TAILQ_EMPTY(&asoc->nets)) { |
271 | | /* update any ssthresh's that may have a default */ |
272 | 1.59k | TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) { |
273 | 1.59k | lnet->ssthresh = asoc->peers_rwnd; |
274 | 1.59k | if (SCTP_BASE_SYSCTL(sctp_logging_level) & (SCTP_CWND_MONITOR_ENABLE|SCTP_CWND_LOGGING_ENABLE)) { |
275 | 0 | sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_INITIALIZATION); |
276 | 0 | } |
277 | 1.59k | } |
278 | 1.59k | } |
279 | 1.59k | if (asoc->pre_open_streams > ntohs(init->num_inbound_streams)) { |
280 | 0 | unsigned int newcnt; |
281 | 0 | struct sctp_stream_out *outs; |
282 | 0 | struct sctp_stream_queue_pending *sp, *nsp; |
283 | 0 | struct sctp_tmit_chunk *chk, *nchk; |
284 | | |
285 | | /* abandon the upper streams */ |
286 | 0 | newcnt = ntohs(init->num_inbound_streams); |
287 | 0 | TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { |
288 | 0 | if (chk->rec.data.sid >= newcnt) { |
289 | 0 | TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); |
290 | 0 | asoc->send_queue_cnt--; |
291 | 0 | if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { |
292 | 0 | asoc->strmout[chk->rec.data.sid].chunks_on_queues--; |
293 | 0 | #ifdef INVARIANTS |
294 | 0 | } else { |
295 | 0 | panic("No chunks on the queues for sid %u.", chk->rec.data.sid); |
296 | 0 | #endif |
297 | 0 | } |
298 | 0 | if (chk->data != NULL) { |
299 | 0 | sctp_free_bufspace(stcb, asoc, chk, 1); |
300 | 0 | sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, |
301 | 0 | 0, chk, SCTP_SO_NOT_LOCKED); |
302 | 0 | if (chk->data) { |
303 | 0 | sctp_m_freem(chk->data); |
304 | 0 | chk->data = NULL; |
305 | 0 | } |
306 | 0 | } |
307 | 0 | sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); |
308 | | /*sa_ignore FREED_MEMORY*/ |
309 | 0 | } |
310 | 0 | } |
311 | 0 | if (asoc->strmout) { |
312 | 0 | for (i = newcnt; i < asoc->pre_open_streams; i++) { |
313 | 0 | outs = &asoc->strmout[i]; |
314 | 0 | TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) { |
315 | 0 | atomic_subtract_int(&stcb->asoc.stream_queue_cnt, 1); |
316 | 0 | TAILQ_REMOVE(&outs->outqueue, sp, next); |
317 | 0 | stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, outs, sp); |
318 | 0 | sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, |
319 | 0 | stcb, 0, sp, SCTP_SO_NOT_LOCKED); |
320 | 0 | if (sp->data) { |
321 | 0 | sctp_m_freem(sp->data); |
322 | 0 | sp->data = NULL; |
323 | 0 | } |
324 | 0 | if (sp->net) { |
325 | 0 | sctp_free_remote_addr(sp->net); |
326 | 0 | sp->net = NULL; |
327 | 0 | } |
328 | | /* Free the chunk */ |
329 | 0 | sctp_free_a_strmoq(stcb, sp, SCTP_SO_NOT_LOCKED); |
330 | | /*sa_ignore FREED_MEMORY*/ |
331 | 0 | } |
332 | 0 | outs->state = SCTP_STREAM_CLOSED; |
333 | 0 | } |
334 | 0 | } |
335 | | /* cut back the count */ |
336 | 0 | asoc->pre_open_streams = newcnt; |
337 | 0 | } |
338 | 1.59k | asoc->streamoutcnt = asoc->pre_open_streams; |
339 | 1.59k | if (asoc->strmout) { |
340 | 410k | for (i = 0; i < asoc->streamoutcnt; i++) { |
341 | 409k | asoc->strmout[i].state = SCTP_STREAM_OPEN; |
342 | 409k | } |
343 | 1.59k | } |
344 | | /* EY - nr_sack: initialize highest tsn in nr_mapping_array */ |
345 | 1.59k | asoc->highest_tsn_inside_nr_map = asoc->highest_tsn_inside_map; |
346 | 1.59k | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) { |
347 | 0 | sctp_log_map(0, 5, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT); |
348 | 0 | } |
349 | | /* This is the next one we expect */ |
350 | 1.59k | asoc->str_reset_seq_in = asoc->asconf_seq_in + 1; |
351 | | |
352 | 1.59k | asoc->mapping_array_base_tsn = ntohl(init->initial_tsn); |
353 | 1.59k | asoc->tsn_last_delivered = asoc->cumulative_tsn = asoc->asconf_seq_in; |
354 | | |
355 | 1.59k | asoc->advanced_peer_ack_point = asoc->last_acked_seq; |
356 | | /* open the requested streams */ |
357 | | |
358 | 1.59k | if (asoc->strmin != NULL) { |
359 | | /* Free the old ones */ |
360 | 0 | for (i = 0; i < asoc->streamincnt; i++) { |
361 | 0 | sctp_clean_up_stream(stcb, &asoc->strmin[i].inqueue); |
362 | 0 | sctp_clean_up_stream(stcb, &asoc->strmin[i].uno_inqueue); |
363 | 0 | } |
364 | 0 | SCTP_FREE(asoc->strmin, SCTP_M_STRMI); |
365 | 0 | } |
366 | 1.59k | if (asoc->max_inbound_streams > ntohs(init->num_outbound_streams)) { |
367 | 0 | asoc->streamincnt = ntohs(init->num_outbound_streams); |
368 | 1.59k | } else { |
369 | 1.59k | asoc->streamincnt = asoc->max_inbound_streams; |
370 | 1.59k | } |
371 | 1.59k | SCTP_MALLOC(asoc->strmin, struct sctp_stream_in *, asoc->streamincnt * |
372 | 1.59k | sizeof(struct sctp_stream_in), SCTP_M_STRMI); |
373 | 1.59k | if (asoc->strmin == NULL) { |
374 | | /* we didn't get memory for the streams! */ |
375 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "process_init: couldn't get memory for the streams!\n"); |
376 | 0 | return (-1); |
377 | 0 | } |
378 | 410k | for (i = 0; i < asoc->streamincnt; i++) { |
379 | 409k | asoc->strmin[i].sid = i; |
380 | 409k | asoc->strmin[i].last_mid_delivered = 0xffffffff; |
381 | 409k | TAILQ_INIT(&asoc->strmin[i].inqueue); |
382 | 409k | TAILQ_INIT(&asoc->strmin[i].uno_inqueue); |
383 | 409k | asoc->strmin[i].pd_api_started = 0; |
384 | 409k | asoc->strmin[i].delivery_started = 0; |
385 | 409k | } |
386 | | /* |
387 | | * load_address_from_init will put the addresses into the |
388 | | * association when the COOKIE is processed or the INIT-ACK is |
389 | | * processed. Both types of COOKIE's existing and new call this |
390 | | * routine. It will remove addresses that are no longer in the |
391 | | * association (for the restarting case where addresses are |
392 | | * removed). Up front when the INIT arrives we will discard it if it |
393 | | * is a restart and new addresses have been added. |
394 | | */ |
395 | | /* sa_ignore MEMLEAK */ |
396 | 1.59k | return (0); |
397 | 1.59k | } |
398 | | |
399 | | /* |
400 | | * INIT-ACK message processing/consumption returns value < 0 on error |
401 | | */ |
402 | | static int |
403 | | sctp_process_init_ack(struct mbuf *m, int iphlen, int offset, |
404 | | struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, |
405 | | struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb, |
406 | | struct sctp_nets *net, int *abort_no_unlock, |
407 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
408 | | uint8_t mflowtype, uint32_t mflowid, |
409 | | #endif |
410 | | uint32_t vrf_id) |
411 | 1.59k | { |
412 | 1.59k | struct sctp_association *asoc; |
413 | 1.59k | struct mbuf *op_err; |
414 | 1.59k | int retval, abort_flag, cookie_found; |
415 | 1.59k | int initack_limit; |
416 | 1.59k | int nat_friendly = 0; |
417 | | |
418 | | /* First verify that we have no illegal param's */ |
419 | 1.59k | abort_flag = 0; |
420 | 1.59k | cookie_found = 0; |
421 | | |
422 | 1.59k | op_err = sctp_arethere_unrecognized_parameters(m, |
423 | 1.59k | (offset + sizeof(struct sctp_init_chunk)), |
424 | 1.59k | &abort_flag, (struct sctp_chunkhdr *)cp, |
425 | 1.59k | &nat_friendly, &cookie_found, NULL); |
426 | 1.59k | if (abort_flag) { |
427 | | /* Send an abort and notify peer */ |
428 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
429 | 0 | src, dst, sh, op_err, |
430 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
431 | | mflowtype, mflowid, |
432 | | #endif |
433 | 0 | vrf_id, net->port); |
434 | 0 | *abort_no_unlock = 1; |
435 | 0 | return (-1); |
436 | 0 | } |
437 | 1.59k | if (!cookie_found) { |
438 | 0 | uint16_t len; |
439 | | |
440 | | /* Only report the missing cookie parameter */ |
441 | 0 | if (op_err != NULL) { |
442 | 0 | sctp_m_freem(op_err); |
443 | 0 | } |
444 | 0 | len = (uint16_t)(sizeof(struct sctp_error_missing_param) + sizeof(uint16_t)); |
445 | | /* We abort with an error of missing mandatory param */ |
446 | 0 | op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); |
447 | 0 | if (op_err != NULL) { |
448 | 0 | struct sctp_error_missing_param *cause; |
449 | |
|
450 | 0 | SCTP_BUF_LEN(op_err) = len; |
451 | 0 | cause = mtod(op_err, struct sctp_error_missing_param *); |
452 | | /* Subtract the reserved param */ |
453 | 0 | cause->cause.code = htons(SCTP_CAUSE_MISSING_PARAM); |
454 | 0 | cause->cause.length = htons(len); |
455 | 0 | cause->num_missing_params = htonl(1); |
456 | 0 | cause->type[0] = htons(SCTP_STATE_COOKIE); |
457 | 0 | } |
458 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
459 | 0 | src, dst, sh, op_err, |
460 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
461 | | mflowtype, mflowid, |
462 | | #endif |
463 | 0 | vrf_id, net->port); |
464 | 0 | *abort_no_unlock = 1; |
465 | 0 | return (-3); |
466 | 0 | } |
467 | 1.59k | asoc = &stcb->asoc; |
468 | 1.59k | asoc->peer_supports_nat = (uint8_t)nat_friendly; |
469 | | /* process the peer's parameters in the INIT-ACK */ |
470 | 1.59k | if (sctp_process_init((struct sctp_init_chunk *)cp, stcb) < 0) { |
471 | 0 | if (op_err != NULL) { |
472 | 0 | sctp_m_freem(op_err); |
473 | 0 | } |
474 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
475 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_process_init() failed\n"); |
476 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
477 | 0 | src, dst, sh, op_err, |
478 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
479 | | mflowtype, mflowid, |
480 | | #endif |
481 | 0 | vrf_id, net->port); |
482 | 0 | *abort_no_unlock = 1; |
483 | 0 | return (-1); |
484 | 0 | } |
485 | 1.59k | initack_limit = offset + ntohs(cp->ch.chunk_length); |
486 | | /* load all addresses */ |
487 | 1.59k | if ((retval = sctp_load_addresses_from_init(stcb, m, |
488 | 1.59k | offset + sizeof(struct sctp_init_chunk), |
489 | 1.59k | initack_limit, src, dst, NULL, stcb->asoc.port)) < 0) { |
490 | 0 | if (op_err != NULL) { |
491 | 0 | sctp_m_freem(op_err); |
492 | 0 | } |
493 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
494 | 0 | "Problem with address parameters"); |
495 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, |
496 | 0 | "Load addresses from INIT causes an abort %d\n", |
497 | 0 | retval); |
498 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
499 | 0 | src, dst, sh, op_err, |
500 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
501 | | mflowtype, mflowid, |
502 | | #endif |
503 | 0 | vrf_id, net->port); |
504 | 0 | *abort_no_unlock = 1; |
505 | 0 | return (-1); |
506 | 0 | } |
507 | | /* if the peer doesn't support asconf, flush the asconf queue */ |
508 | 1.59k | if (asoc->asconf_supported == 0) { |
509 | 0 | struct sctp_asconf_addr *param, *nparam; |
510 | |
|
511 | 0 | TAILQ_FOREACH_SAFE(param, &asoc->asconf_queue, next, nparam) { |
512 | 0 | TAILQ_REMOVE(&asoc->asconf_queue, param, next); |
513 | 0 | SCTP_FREE(param, SCTP_M_ASC_ADDR); |
514 | 0 | } |
515 | 0 | } |
516 | | |
517 | 1.59k | stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs, |
518 | 1.59k | stcb->asoc.local_hmacs); |
519 | 1.59k | if (op_err) { |
520 | 0 | sctp_queue_op_err(stcb, op_err); |
521 | | /* queuing will steal away the mbuf chain to the out queue */ |
522 | 0 | op_err = NULL; |
523 | 0 | } |
524 | | /* extract the cookie and queue it to "echo" it back... */ |
525 | 1.59k | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) { |
526 | 0 | sctp_misc_ints(SCTP_THRESHOLD_CLEAR, |
527 | 0 | stcb->asoc.overall_error_count, |
528 | 0 | 0, |
529 | 0 | SCTP_FROM_SCTP_INPUT, |
530 | 0 | __LINE__); |
531 | 0 | } |
532 | | |
533 | | /* |
534 | | * Cancel the INIT timer, We do this first before queueing the |
535 | | * cookie. We always cancel at the primary to assume that we are |
536 | | * canceling the timer started by the INIT which always goes to the |
537 | | * primary. |
538 | | */ |
539 | 1.59k | sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep, stcb, |
540 | 1.59k | asoc->primary_destination, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3); |
541 | | |
542 | | /* calculate the RTO */ |
543 | 1.59k | if (asoc->overall_error_count == 0) { |
544 | 1.59k | sctp_calculate_rto(stcb, asoc, net, &asoc->time_entered, |
545 | 1.59k | SCTP_RTT_FROM_NON_DATA); |
546 | 1.59k | } |
547 | 1.59k | stcb->asoc.overall_error_count = 0; |
548 | 1.59k | net->error_count = 0; |
549 | 1.59k | #if defined(__Userspace__) |
550 | 1.59k | if (stcb->sctp_ep->recv_callback) { |
551 | 0 | if (stcb->sctp_socket) { |
552 | 0 | uint32_t inqueue_bytes, sb_free_now; |
553 | 0 | struct sctp_inpcb *inp; |
554 | |
|
555 | 0 | inp = stcb->sctp_ep; |
556 | 0 | inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); |
557 | 0 | sb_free_now = SCTP_SB_LIMIT_SND(stcb->sctp_socket) - (inqueue_bytes + stcb->asoc.sb_send_resv); |
558 | | |
559 | | /* check if the amount free in the send socket buffer crossed the threshold */ |
560 | 0 | if (inp->send_callback && |
561 | 0 | (((inp->send_sb_threshold > 0) && |
562 | 0 | (sb_free_now >= inp->send_sb_threshold) && |
563 | 0 | (stcb->asoc.chunks_on_out_queue <= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) || |
564 | 0 | (inp->send_sb_threshold == 0))) { |
565 | 0 | atomic_add_int(&stcb->asoc.refcnt, 1); |
566 | 0 | SCTP_TCB_UNLOCK(stcb); |
567 | 0 | inp->send_callback(stcb->sctp_socket, sb_free_now, inp->ulp_info); |
568 | 0 | SCTP_TCB_LOCK(stcb); |
569 | 0 | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
570 | 0 | } |
571 | 0 | } |
572 | 0 | } |
573 | 1.59k | #endif |
574 | 1.59k | retval = sctp_send_cookie_echo(m, offset, initack_limit, stcb, net); |
575 | 1.59k | return (retval); |
576 | 1.59k | } |
577 | | |
578 | | static void |
579 | | sctp_handle_heartbeat_ack(struct sctp_heartbeat_chunk *cp, |
580 | | struct sctp_tcb *stcb, struct sctp_nets *net) |
581 | 0 | { |
582 | 0 | union sctp_sockstore store; |
583 | 0 | struct sctp_nets *r_net, *f_net; |
584 | 0 | struct timeval tv; |
585 | 0 | int req_prim = 0; |
586 | 0 | uint16_t old_error_counter; |
587 | |
|
588 | 0 | if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_heartbeat_chunk)) { |
589 | | /* Invalid length */ |
590 | 0 | return; |
591 | 0 | } |
592 | | |
593 | 0 | memset(&store, 0, sizeof(store)); |
594 | 0 | switch (cp->heartbeat.hb_info.addr_family) { |
595 | 0 | #ifdef INET |
596 | 0 | case AF_INET: |
597 | 0 | if (cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in)) { |
598 | 0 | store.sin.sin_family = cp->heartbeat.hb_info.addr_family; |
599 | | #ifdef HAVE_SIN_LEN |
600 | | store.sin.sin_len = cp->heartbeat.hb_info.addr_len; |
601 | | #endif |
602 | 0 | store.sin.sin_port = stcb->rport; |
603 | 0 | memcpy(&store.sin.sin_addr, cp->heartbeat.hb_info.address, |
604 | 0 | sizeof(store.sin.sin_addr)); |
605 | 0 | } else { |
606 | 0 | return; |
607 | 0 | } |
608 | 0 | break; |
609 | 0 | #endif |
610 | 0 | #ifdef INET6 |
611 | 0 | case AF_INET6: |
612 | 0 | if (cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in6)) { |
613 | 0 | store.sin6.sin6_family = cp->heartbeat.hb_info.addr_family; |
614 | | #ifdef HAVE_SIN6_LEN |
615 | | store.sin6.sin6_len = cp->heartbeat.hb_info.addr_len; |
616 | | #endif |
617 | 0 | store.sin6.sin6_port = stcb->rport; |
618 | 0 | memcpy(&store.sin6.sin6_addr, cp->heartbeat.hb_info.address, sizeof(struct in6_addr)); |
619 | 0 | } else { |
620 | 0 | return; |
621 | 0 | } |
622 | 0 | break; |
623 | 0 | #endif |
624 | 0 | #if defined(__Userspace__) |
625 | 0 | case AF_CONN: |
626 | 0 | if (cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_conn)) { |
627 | 0 | store.sconn.sconn_family = cp->heartbeat.hb_info.addr_family; |
628 | | #ifdef HAVE_SCONN_LEN |
629 | | store.sconn.sconn_len = cp->heartbeat.hb_info.addr_len; |
630 | | #endif |
631 | 0 | store.sconn.sconn_port = stcb->rport; |
632 | 0 | memcpy(&store.sconn.sconn_addr, cp->heartbeat.hb_info.address, sizeof(void *)); |
633 | 0 | } else { |
634 | 0 | return; |
635 | 0 | } |
636 | 0 | break; |
637 | 0 | #endif |
638 | 0 | default: |
639 | 0 | return; |
640 | 0 | } |
641 | 0 | r_net = sctp_findnet(stcb, &store.sa); |
642 | 0 | if (r_net == NULL) { |
643 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "Huh? I can't find the address I sent it to, discard\n"); |
644 | 0 | return; |
645 | 0 | } |
646 | 0 | if ((r_net && (r_net->dest_state & SCTP_ADDR_UNCONFIRMED)) && |
647 | 0 | (r_net->heartbeat_random1 == cp->heartbeat.hb_info.random_value1) && |
648 | 0 | (r_net->heartbeat_random2 == cp->heartbeat.hb_info.random_value2)) { |
649 | | /* |
650 | | * If the its a HB and it's random value is correct when can |
651 | | * confirm the destination. |
652 | | */ |
653 | 0 | r_net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; |
654 | 0 | if (r_net->dest_state & SCTP_ADDR_REQ_PRIMARY) { |
655 | 0 | stcb->asoc.primary_destination = r_net; |
656 | 0 | r_net->dest_state &= ~SCTP_ADDR_REQ_PRIMARY; |
657 | 0 | f_net = TAILQ_FIRST(&stcb->asoc.nets); |
658 | 0 | if (f_net != r_net) { |
659 | | /* first one on the list is NOT the primary |
660 | | * sctp_cmpaddr() is much more efficient if |
661 | | * the primary is the first on the list, make it |
662 | | * so. |
663 | | */ |
664 | 0 | TAILQ_REMOVE(&stcb->asoc.nets, r_net, sctp_next); |
665 | 0 | TAILQ_INSERT_HEAD(&stcb->asoc.nets, r_net, sctp_next); |
666 | 0 | } |
667 | 0 | req_prim = 1; |
668 | 0 | } |
669 | 0 | sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, |
670 | 0 | stcb, 0, (void *)r_net, SCTP_SO_NOT_LOCKED); |
671 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, |
672 | 0 | r_net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_4); |
673 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, r_net); |
674 | 0 | } |
675 | 0 | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) { |
676 | 0 | sctp_misc_ints(SCTP_THRESHOLD_CLEAR, |
677 | 0 | stcb->asoc.overall_error_count, |
678 | 0 | 0, |
679 | 0 | SCTP_FROM_SCTP_INPUT, |
680 | 0 | __LINE__); |
681 | 0 | } |
682 | 0 | stcb->asoc.overall_error_count = 0; |
683 | 0 | old_error_counter = r_net->error_count; |
684 | 0 | r_net->error_count = 0; |
685 | 0 | r_net->hb_responded = 1; |
686 | 0 | tv.tv_sec = cp->heartbeat.hb_info.time_value_1; |
687 | 0 | tv.tv_usec = cp->heartbeat.hb_info.time_value_2; |
688 | | /* Now lets do a RTO with this */ |
689 | 0 | sctp_calculate_rto(stcb, &stcb->asoc, r_net, &tv, |
690 | 0 | SCTP_RTT_FROM_NON_DATA); |
691 | 0 | if ((r_net->dest_state & SCTP_ADDR_REACHABLE) == 0) { |
692 | 0 | r_net->dest_state |= SCTP_ADDR_REACHABLE; |
693 | 0 | sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb, |
694 | 0 | 0, (void *)r_net, SCTP_SO_NOT_LOCKED); |
695 | 0 | } |
696 | 0 | if (r_net->dest_state & SCTP_ADDR_PF) { |
697 | 0 | r_net->dest_state &= ~SCTP_ADDR_PF; |
698 | 0 | stcb->asoc.cc_functions.sctp_cwnd_update_exit_pf(stcb, net); |
699 | 0 | } |
700 | 0 | if (old_error_counter > 0) { |
701 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, |
702 | 0 | stcb, r_net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_5); |
703 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, r_net); |
704 | 0 | } |
705 | 0 | if (r_net == stcb->asoc.primary_destination) { |
706 | 0 | if (stcb->asoc.alternate) { |
707 | | /* release the alternate, primary is good */ |
708 | 0 | sctp_free_remote_addr(stcb->asoc.alternate); |
709 | 0 | stcb->asoc.alternate = NULL; |
710 | 0 | } |
711 | 0 | } |
712 | | /* Mobility adaptation */ |
713 | 0 | if (req_prim) { |
714 | 0 | if ((sctp_is_mobility_feature_on(stcb->sctp_ep, |
715 | 0 | SCTP_MOBILITY_BASE) || |
716 | 0 | sctp_is_mobility_feature_on(stcb->sctp_ep, |
717 | 0 | SCTP_MOBILITY_FASTHANDOFF)) && |
718 | 0 | sctp_is_mobility_feature_on(stcb->sctp_ep, |
719 | 0 | SCTP_MOBILITY_PRIM_DELETED)) { |
720 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_PRIM_DELETED, |
721 | 0 | stcb->sctp_ep, stcb, NULL, |
722 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_6); |
723 | 0 | if (sctp_is_mobility_feature_on(stcb->sctp_ep, |
724 | 0 | SCTP_MOBILITY_FASTHANDOFF)) { |
725 | 0 | sctp_assoc_immediate_retrans(stcb, |
726 | 0 | stcb->asoc.primary_destination); |
727 | 0 | } |
728 | 0 | if (sctp_is_mobility_feature_on(stcb->sctp_ep, |
729 | 0 | SCTP_MOBILITY_BASE)) { |
730 | 0 | sctp_move_chunks_from_net(stcb, |
731 | 0 | stcb->asoc.deleted_primary); |
732 | 0 | } |
733 | 0 | sctp_delete_prim_timer(stcb->sctp_ep, stcb); |
734 | 0 | } |
735 | 0 | } |
736 | 0 | } |
737 | | |
738 | | static int |
739 | | sctp_handle_nat_colliding_state(struct sctp_tcb *stcb) |
740 | 0 | { |
741 | | /* |
742 | | * Return 0 means we want you to proceed with the abort |
743 | | * non-zero means no abort processing. |
744 | | */ |
745 | 0 | uint32_t new_vtag; |
746 | 0 | struct sctpasochead *head; |
747 | |
|
748 | 0 | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || |
749 | 0 | (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { |
750 | 0 | atomic_add_int(&stcb->asoc.refcnt, 1); |
751 | 0 | SCTP_TCB_UNLOCK(stcb); |
752 | 0 | SCTP_INP_INFO_WLOCK(); |
753 | 0 | SCTP_TCB_LOCK(stcb); |
754 | 0 | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
755 | 0 | } else { |
756 | 0 | return (0); |
757 | 0 | } |
758 | 0 | new_vtag = sctp_select_a_tag(stcb->sctp_ep, stcb->sctp_ep->sctp_lport, stcb->rport, 1); |
759 | 0 | if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) { |
760 | | /* generate a new vtag and send init */ |
761 | 0 | LIST_REMOVE(stcb, sctp_asocs); |
762 | 0 | stcb->asoc.my_vtag = new_vtag; |
763 | 0 | head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))]; |
764 | | /* put it in the bucket in the vtag hash of assoc's for the system */ |
765 | 0 | LIST_INSERT_HEAD(head, stcb, sctp_asocs); |
766 | 0 | SCTP_INP_INFO_WUNLOCK(); |
767 | 0 | sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); |
768 | 0 | return (1); |
769 | 0 | } else { |
770 | | /* treat like a case where the cookie expired i.e.: |
771 | | * - dump current cookie. |
772 | | * - generate a new vtag. |
773 | | * - resend init. |
774 | | */ |
775 | | /* generate a new vtag and send init */ |
776 | 0 | LIST_REMOVE(stcb, sctp_asocs); |
777 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_WAIT); |
778 | 0 | sctp_stop_all_cookie_timers(stcb); |
779 | 0 | sctp_toss_old_cookies(stcb, &stcb->asoc); |
780 | 0 | stcb->asoc.my_vtag = new_vtag; |
781 | 0 | head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))]; |
782 | | /* put it in the bucket in the vtag hash of assoc's for the system */ |
783 | 0 | LIST_INSERT_HEAD(head, stcb, sctp_asocs); |
784 | 0 | SCTP_INP_INFO_WUNLOCK(); |
785 | 0 | sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); |
786 | 0 | return (1); |
787 | 0 | } |
788 | 0 | return (0); |
789 | 0 | } |
790 | | |
791 | | static int |
792 | | sctp_handle_nat_missing_state(struct sctp_tcb *stcb, |
793 | | struct sctp_nets *net) |
794 | 0 | { |
795 | | /* return 0 means we want you to proceed with the abort |
796 | | * non-zero means no abort processing |
797 | | */ |
798 | 0 | if (stcb->asoc.auth_supported == 0) { |
799 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_nat_missing_state: Peer does not support AUTH, cannot send an asconf\n"); |
800 | 0 | return (0); |
801 | 0 | } |
802 | 0 | sctp_asconf_send_nat_state_update(stcb, net); |
803 | 0 | return (1); |
804 | 0 | } |
805 | | |
806 | | /* Returns 1 if the stcb was aborted, 0 otherwise */ |
807 | | static int |
808 | | sctp_handle_abort(struct sctp_abort_chunk *abort, |
809 | | struct sctp_tcb *stcb, struct sctp_nets *net) |
810 | 0 | { |
811 | | #if defined(__APPLE__) && !defined(__Userspace__) |
812 | | struct socket *so; |
813 | | #endif |
814 | 0 | uint16_t len; |
815 | 0 | uint16_t error; |
816 | |
|
817 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_abort: handling ABORT\n"); |
818 | 0 | if (stcb == NULL) |
819 | 0 | return (0); |
820 | | |
821 | 0 | len = ntohs(abort->ch.chunk_length); |
822 | 0 | if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_error_cause)) { |
823 | | /* Need to check the cause codes for our |
824 | | * two magic nat aborts which don't kill the assoc |
825 | | * necessarily. |
826 | | */ |
827 | 0 | struct sctp_error_cause *cause; |
828 | |
|
829 | 0 | cause = (struct sctp_error_cause *)(abort + 1); |
830 | 0 | error = ntohs(cause->code); |
831 | 0 | if (error == SCTP_CAUSE_NAT_COLLIDING_STATE) { |
832 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "Received Colliding state, ABORT flags:%x\n", |
833 | 0 | abort->ch.chunk_flags); |
834 | 0 | if (sctp_handle_nat_colliding_state(stcb)) { |
835 | 0 | return (0); |
836 | 0 | } |
837 | 0 | } else if (error == SCTP_CAUSE_NAT_MISSING_STATE) { |
838 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "Received missing state, ABORT flags:%x\n", |
839 | 0 | abort->ch.chunk_flags); |
840 | 0 | if (sctp_handle_nat_missing_state(stcb, net)) { |
841 | 0 | return (0); |
842 | 0 | } |
843 | 0 | } |
844 | 0 | } else { |
845 | 0 | error = 0; |
846 | 0 | } |
847 | | /* stop any receive timers */ |
848 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, |
849 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_7); |
850 | | /* notify user of the abort and clean up... */ |
851 | 0 | sctp_abort_notification(stcb, true, false, error, abort, SCTP_SO_NOT_LOCKED); |
852 | | /* free the tcb */ |
853 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_aborted); |
854 | 0 | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || |
855 | 0 | (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { |
856 | 0 | SCTP_STAT_DECR_GAUGE32(sctps_currestab); |
857 | 0 | } |
858 | | #ifdef SCTP_ASOCLOG_OF_TSNS |
859 | | sctp_print_out_track_log(stcb); |
860 | | #endif |
861 | | #if defined(__APPLE__) && !defined(__Userspace__) |
862 | | so = SCTP_INP_SO(stcb->sctp_ep); |
863 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
864 | | SCTP_TCB_UNLOCK(stcb); |
865 | | SCTP_SOCKET_LOCK(so, 1); |
866 | | SCTP_TCB_LOCK(stcb); |
867 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
868 | | #endif |
869 | 0 | (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, |
870 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_8); |
871 | | #if defined(__APPLE__) && !defined(__Userspace__) |
872 | | SCTP_SOCKET_UNLOCK(so, 1); |
873 | | #endif |
874 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_abort: finished\n"); |
875 | 0 | return (1); |
876 | 0 | } |
877 | | |
878 | | static void |
879 | | sctp_start_net_timers(struct sctp_tcb *stcb) |
880 | 1.59k | { |
881 | 1.59k | uint32_t cnt_hb_sent; |
882 | 1.59k | struct sctp_nets *net; |
883 | | |
884 | 1.59k | cnt_hb_sent = 0; |
885 | 1.59k | TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { |
886 | | /* For each network start: |
887 | | * 1) A pmtu timer. |
888 | | * 2) A HB timer |
889 | | * 3) If the dest in unconfirmed send |
890 | | * a hb as well if under max_hb_burst have |
891 | | * been sent. |
892 | | */ |
893 | 1.59k | sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb, net); |
894 | 1.59k | sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net); |
895 | 1.59k | if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) && |
896 | 0 | (cnt_hb_sent < SCTP_BASE_SYSCTL(sctp_hb_maxburst))) { |
897 | 0 | sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED); |
898 | 0 | cnt_hb_sent++; |
899 | 0 | } |
900 | 1.59k | } |
901 | 1.59k | if (cnt_hb_sent) { |
902 | 0 | sctp_chunk_output(stcb->sctp_ep, stcb, |
903 | 0 | SCTP_OUTPUT_FROM_COOKIE_ACK, |
904 | 0 | SCTP_SO_NOT_LOCKED); |
905 | 0 | } |
906 | 1.59k | } |
907 | | |
908 | | static void |
909 | | sctp_check_data_from_peer(struct sctp_tcb *stcb, int *abort_flag) |
910 | 0 | { |
911 | 0 | char msg[SCTP_DIAG_INFO_LEN]; |
912 | 0 | struct sctp_association *asoc; |
913 | 0 | struct mbuf *op_err; |
914 | 0 | unsigned int i; |
915 | |
|
916 | 0 | *abort_flag = 0; |
917 | 0 | asoc = &stcb->asoc; |
918 | 0 | if (SCTP_TSN_GT(asoc->highest_tsn_inside_map, asoc->cumulative_tsn) || |
919 | 0 | SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->cumulative_tsn)) { |
920 | 0 | SCTP_SNPRINTF(msg, sizeof(msg), "Missing TSN"); |
921 | 0 | *abort_flag = 1; |
922 | 0 | } |
923 | 0 | if (!*abort_flag) { |
924 | 0 | for (i = 0; i < asoc->streamincnt; i++) { |
925 | 0 | if (!TAILQ_EMPTY(&asoc->strmin[i].inqueue) || |
926 | 0 | !TAILQ_EMPTY(&asoc->strmin[i].uno_inqueue)) { |
927 | 0 | SCTP_SNPRINTF(msg, sizeof(msg), "Missing user data"); |
928 | 0 | *abort_flag = 1; |
929 | 0 | break; |
930 | 0 | } |
931 | 0 | } |
932 | 0 | } |
933 | 0 | if (*abort_flag) { |
934 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); |
935 | 0 | stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INPUT + SCTP_LOC_9; |
936 | 0 | sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, false, SCTP_SO_NOT_LOCKED); |
937 | 0 | } |
938 | 0 | } |
939 | | |
940 | | static void |
941 | | sctp_handle_shutdown(struct sctp_shutdown_chunk *cp, |
942 | | struct sctp_tcb *stcb, struct sctp_nets *net, int *abort_flag) |
943 | 0 | { |
944 | 0 | int some_on_streamwheel; |
945 | 0 | int old_state; |
946 | | #if defined(__APPLE__) && !defined(__Userspace__) |
947 | | struct socket *so; |
948 | | #endif |
949 | |
|
950 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_shutdown: handling SHUTDOWN\n"); |
951 | 0 | if (stcb == NULL) |
952 | 0 | return; |
953 | 0 | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || |
954 | 0 | (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { |
955 | 0 | return; |
956 | 0 | } |
957 | 0 | if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_shutdown_chunk)) { |
958 | | /* Shutdown NOT the expected size */ |
959 | 0 | return; |
960 | 0 | } |
961 | 0 | old_state = SCTP_GET_STATE(stcb); |
962 | 0 | sctp_update_acked(stcb, cp, abort_flag); |
963 | 0 | if (*abort_flag) { |
964 | 0 | return; |
965 | 0 | } |
966 | 0 | sctp_check_data_from_peer(stcb, abort_flag); |
967 | 0 | if (*abort_flag) { |
968 | 0 | return; |
969 | 0 | } |
970 | 0 | if (stcb->sctp_socket) { |
971 | 0 | if ((SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_RECEIVED) && |
972 | 0 | (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_ACK_SENT) && |
973 | 0 | (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT)) { |
974 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_RECEIVED); |
975 | | /* notify upper layer that peer has initiated a shutdown */ |
976 | 0 | sctp_ulp_notify(SCTP_NOTIFY_PEER_SHUTDOWN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
977 | | |
978 | | /* reset time */ |
979 | 0 | (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered); |
980 | 0 | } |
981 | 0 | } |
982 | 0 | if (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_SENT) { |
983 | | /* |
984 | | * stop the shutdown timer, since we WILL move to |
985 | | * SHUTDOWN-ACK-SENT. |
986 | | */ |
987 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, |
988 | 0 | net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_9); |
989 | 0 | } |
990 | | /* Now is there unsent data on a stream somewhere? */ |
991 | 0 | some_on_streamwheel = sctp_is_there_unsent_data(stcb, SCTP_SO_NOT_LOCKED); |
992 | |
|
993 | 0 | if (!TAILQ_EMPTY(&stcb->asoc.send_queue) || |
994 | 0 | !TAILQ_EMPTY(&stcb->asoc.sent_queue) || |
995 | 0 | some_on_streamwheel) { |
996 | | /* By returning we will push more data out */ |
997 | 0 | return; |
998 | 0 | } else { |
999 | | /* no outstanding data to send, so move on... */ |
1000 | | /* send SHUTDOWN-ACK */ |
1001 | | /* move to SHUTDOWN-ACK-SENT state */ |
1002 | 0 | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || |
1003 | 0 | (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { |
1004 | 0 | SCTP_STAT_DECR_GAUGE32(sctps_currestab); |
1005 | 0 | } |
1006 | 0 | if (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_ACK_SENT) { |
1007 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_ACK_SENT); |
1008 | 0 | sctp_stop_timers_for_shutdown(stcb); |
1009 | 0 | sctp_send_shutdown_ack(stcb, net); |
1010 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, |
1011 | 0 | stcb->sctp_ep, stcb, net); |
1012 | 0 | } else if (old_state == SCTP_STATE_SHUTDOWN_ACK_SENT) { |
1013 | 0 | sctp_send_shutdown_ack(stcb, net); |
1014 | 0 | } |
1015 | 0 | } |
1016 | 0 | } |
1017 | | |
1018 | | static void |
1019 | | sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp SCTP_UNUSED, |
1020 | | struct sctp_tcb *stcb, |
1021 | | struct sctp_nets *net) |
1022 | 0 | { |
1023 | 0 | int abort_flag; |
1024 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1025 | | struct socket *so; |
1026 | | |
1027 | | so = SCTP_INP_SO(stcb->sctp_ep); |
1028 | | #endif |
1029 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, |
1030 | 0 | "sctp_handle_shutdown_ack: handling SHUTDOWN ACK\n"); |
1031 | 0 | if (stcb == NULL) { |
1032 | 0 | return; |
1033 | 0 | } |
1034 | | |
1035 | | /* process according to association state */ |
1036 | 0 | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || |
1037 | 0 | (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { |
1038 | | /* unexpected SHUTDOWN-ACK... do OOTB handling... */ |
1039 | 0 | sctp_send_shutdown_complete(stcb, net, 1); |
1040 | 0 | SCTP_TCB_UNLOCK(stcb); |
1041 | 0 | return; |
1042 | 0 | } |
1043 | 0 | if ((SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) && |
1044 | 0 | (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { |
1045 | | /* unexpected SHUTDOWN-ACK... so ignore... */ |
1046 | 0 | SCTP_TCB_UNLOCK(stcb); |
1047 | 0 | return; |
1048 | 0 | } |
1049 | 0 | sctp_check_data_from_peer(stcb, &abort_flag); |
1050 | 0 | if (abort_flag) { |
1051 | 0 | return; |
1052 | 0 | } |
1053 | 0 | #ifdef INVARIANTS |
1054 | 0 | if (!TAILQ_EMPTY(&stcb->asoc.send_queue) || |
1055 | 0 | !TAILQ_EMPTY(&stcb->asoc.sent_queue) || |
1056 | 0 | sctp_is_there_unsent_data(stcb, SCTP_SO_NOT_LOCKED)) { |
1057 | 0 | panic("Queues are not empty when handling SHUTDOWN-ACK"); |
1058 | 0 | } |
1059 | 0 | #endif |
1060 | | /* stop the timer */ |
1061 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, |
1062 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_10); |
1063 | | /* send SHUTDOWN-COMPLETE */ |
1064 | 0 | sctp_send_shutdown_complete(stcb, net, 0); |
1065 | | /* notify upper layer protocol */ |
1066 | 0 | if (stcb->sctp_socket) { |
1067 | 0 | if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || |
1068 | 0 | (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { |
1069 | 0 | SCTP_SB_CLEAR(stcb->sctp_socket->so_snd); |
1070 | 0 | } |
1071 | 0 | sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
1072 | 0 | } |
1073 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_shutdown); |
1074 | | /* free the TCB but first save off the ep */ |
1075 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1076 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
1077 | | SCTP_TCB_UNLOCK(stcb); |
1078 | | SCTP_SOCKET_LOCK(so, 1); |
1079 | | SCTP_TCB_LOCK(stcb); |
1080 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
1081 | | #endif |
1082 | 0 | (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, |
1083 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_11); |
1084 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1085 | | SCTP_SOCKET_UNLOCK(so, 1); |
1086 | | #endif |
1087 | 0 | } |
1088 | | |
1089 | | static void |
1090 | | sctp_process_unrecog_chunk(struct sctp_tcb *stcb, uint8_t chunk_type) |
1091 | 0 | { |
1092 | 0 | switch (chunk_type) { |
1093 | 0 | case SCTP_ASCONF_ACK: |
1094 | 0 | case SCTP_ASCONF: |
1095 | 0 | sctp_asconf_cleanup(stcb); |
1096 | 0 | break; |
1097 | 0 | case SCTP_IFORWARD_CUM_TSN: |
1098 | 0 | case SCTP_FORWARD_CUM_TSN: |
1099 | 0 | stcb->asoc.prsctp_supported = 0; |
1100 | 0 | break; |
1101 | 0 | default: |
1102 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, |
1103 | 0 | "Peer does not support chunk type %d (0x%x).\n", |
1104 | 0 | chunk_type, chunk_type); |
1105 | 0 | break; |
1106 | 0 | } |
1107 | 0 | } |
1108 | | |
1109 | | /* |
1110 | | * Skip past the param header and then we will find the param that caused the |
1111 | | * problem. There are a number of param's in a ASCONF OR the prsctp param |
1112 | | * these will turn of specific features. |
1113 | | * XXX: Is this the right thing to do? |
1114 | | */ |
1115 | | static void |
1116 | | sctp_process_unrecog_param(struct sctp_tcb *stcb, uint16_t parameter_type) |
1117 | 0 | { |
1118 | 0 | switch (parameter_type) { |
1119 | | /* pr-sctp draft */ |
1120 | 0 | case SCTP_PRSCTP_SUPPORTED: |
1121 | 0 | stcb->asoc.prsctp_supported = 0; |
1122 | 0 | break; |
1123 | 0 | case SCTP_SUPPORTED_CHUNK_EXT: |
1124 | 0 | break; |
1125 | | /* draft-ietf-tsvwg-addip-sctp */ |
1126 | 0 | case SCTP_HAS_NAT_SUPPORT: |
1127 | 0 | stcb->asoc.peer_supports_nat = 0; |
1128 | 0 | break; |
1129 | 0 | case SCTP_ADD_IP_ADDRESS: |
1130 | 0 | case SCTP_DEL_IP_ADDRESS: |
1131 | 0 | case SCTP_SET_PRIM_ADDR: |
1132 | 0 | stcb->asoc.asconf_supported = 0; |
1133 | 0 | break; |
1134 | 0 | case SCTP_SUCCESS_REPORT: |
1135 | 0 | case SCTP_ERROR_CAUSE_IND: |
1136 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "Huh, the peer does not support success? or error cause?\n"); |
1137 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, |
1138 | 0 | "Turning off ASCONF to this strange peer\n"); |
1139 | 0 | stcb->asoc.asconf_supported = 0; |
1140 | 0 | break; |
1141 | 0 | default: |
1142 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, |
1143 | 0 | "Peer does not support param type %d (0x%x)??\n", |
1144 | 0 | parameter_type, parameter_type); |
1145 | 0 | break; |
1146 | 0 | } |
1147 | 0 | } |
1148 | | |
1149 | | static int |
1150 | | sctp_handle_error(struct sctp_chunkhdr *ch, |
1151 | | struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t limit) |
1152 | 0 | { |
1153 | 0 | struct sctp_error_cause *cause; |
1154 | 0 | struct sctp_association *asoc; |
1155 | 0 | uint32_t remaining_length, adjust; |
1156 | 0 | uint16_t code, cause_code, cause_length; |
1157 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1158 | | struct socket *so; |
1159 | | #endif |
1160 | | |
1161 | | /* parse through all of the errors and process */ |
1162 | 0 | asoc = &stcb->asoc; |
1163 | 0 | cause = (struct sctp_error_cause *)((caddr_t)ch + |
1164 | 0 | sizeof(struct sctp_chunkhdr)); |
1165 | 0 | remaining_length = ntohs(ch->chunk_length); |
1166 | 0 | if (remaining_length > limit) { |
1167 | 0 | remaining_length = limit; |
1168 | 0 | } |
1169 | 0 | if (remaining_length >= sizeof(struct sctp_chunkhdr)) { |
1170 | 0 | remaining_length -= sizeof(struct sctp_chunkhdr); |
1171 | 0 | } else { |
1172 | 0 | remaining_length = 0; |
1173 | 0 | } |
1174 | 0 | code = 0; |
1175 | 0 | while (remaining_length >= sizeof(struct sctp_error_cause)) { |
1176 | | /* Process an Error Cause */ |
1177 | 0 | cause_code = ntohs(cause->code); |
1178 | 0 | cause_length = ntohs(cause->length); |
1179 | 0 | if ((cause_length > remaining_length) || (cause_length == 0)) { |
1180 | | /* Invalid cause length, possibly due to truncation. */ |
1181 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "Bogus length in cause - bytes left: %u cause length: %u\n", |
1182 | 0 | remaining_length, cause_length); |
1183 | 0 | return (0); |
1184 | 0 | } |
1185 | 0 | if (code == 0) { |
1186 | | /* report the first error cause */ |
1187 | 0 | code = cause_code; |
1188 | 0 | } |
1189 | 0 | switch (cause_code) { |
1190 | 0 | case SCTP_CAUSE_INVALID_STREAM: |
1191 | 0 | case SCTP_CAUSE_MISSING_PARAM: |
1192 | 0 | case SCTP_CAUSE_INVALID_PARAM: |
1193 | 0 | case SCTP_CAUSE_NO_USER_DATA: |
1194 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "Software error we got a %u back? We have a bug :/ (or do they?)\n", |
1195 | 0 | cause_code); |
1196 | 0 | break; |
1197 | 0 | case SCTP_CAUSE_NAT_COLLIDING_STATE: |
1198 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "Received Colliding state, ERROR flags: %x\n", |
1199 | 0 | ch->chunk_flags); |
1200 | 0 | if (sctp_handle_nat_colliding_state(stcb)) { |
1201 | 0 | return (0); |
1202 | 0 | } |
1203 | 0 | break; |
1204 | 0 | case SCTP_CAUSE_NAT_MISSING_STATE: |
1205 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "Received missing state, ERROR flags: %x\n", |
1206 | 0 | ch->chunk_flags); |
1207 | 0 | if (sctp_handle_nat_missing_state(stcb, net)) { |
1208 | 0 | return (0); |
1209 | 0 | } |
1210 | 0 | break; |
1211 | 0 | case SCTP_CAUSE_STALE_COOKIE: |
1212 | | /* |
1213 | | * We only act if we have echoed a cookie and are |
1214 | | * waiting. |
1215 | | */ |
1216 | 0 | if ((cause_length >= sizeof(struct sctp_error_stale_cookie)) && |
1217 | 0 | (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { |
1218 | 0 | struct timeval now; |
1219 | 0 | struct sctp_error_stale_cookie *stale_cookie; |
1220 | 0 | uint64_t stale_time; |
1221 | |
|
1222 | 0 | asoc->stale_cookie_count++; |
1223 | 0 | if (asoc->stale_cookie_count > asoc->max_init_times) { |
1224 | 0 | sctp_abort_notification(stcb, false, true, 0, NULL, SCTP_SO_NOT_LOCKED); |
1225 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1226 | | so = SCTP_INP_SO(stcb->sctp_ep); |
1227 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
1228 | | SCTP_TCB_UNLOCK(stcb); |
1229 | | SCTP_SOCKET_LOCK(so, 1); |
1230 | | SCTP_TCB_LOCK(stcb); |
1231 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
1232 | | #endif |
1233 | 0 | (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, |
1234 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_12); |
1235 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1236 | | SCTP_SOCKET_UNLOCK(so, 1); |
1237 | | #endif |
1238 | 0 | return (-1); |
1239 | 0 | } |
1240 | 0 | stale_cookie = (struct sctp_error_stale_cookie *)cause; |
1241 | 0 | stale_time = ntohl(stale_cookie->stale_time); |
1242 | 0 | if (stale_time == 0) { |
1243 | | /* Use an RTT as an approximation. */ |
1244 | 0 | (void)SCTP_GETTIME_TIMEVAL(&now); |
1245 | 0 | timevalsub(&now, &asoc->time_entered); |
1246 | 0 | stale_time = (uint64_t)1000000 * (uint64_t)now.tv_sec + (uint64_t)now.tv_usec; |
1247 | 0 | if (stale_time == 0) { |
1248 | 0 | stale_time = 1; |
1249 | 0 | } |
1250 | 0 | } |
1251 | | /* |
1252 | | * stale_time is in usec, convert it to msec. |
1253 | | * Round upwards, to ensure that it is non-zero. |
1254 | | */ |
1255 | 0 | stale_time = (stale_time + 999) / 1000; |
1256 | | /* Double it, to be more robust on RTX. */ |
1257 | 0 | stale_time = 2 * stale_time; |
1258 | 0 | asoc->cookie_preserve_req = (uint32_t)stale_time; |
1259 | 0 | if (asoc->overall_error_count == 0) { |
1260 | 0 | sctp_calculate_rto(stcb, asoc, net, &asoc->time_entered, |
1261 | 0 | SCTP_RTT_FROM_NON_DATA); |
1262 | 0 | } |
1263 | 0 | asoc->overall_error_count = 0; |
1264 | | /* Blast back to INIT state */ |
1265 | 0 | sctp_toss_old_cookies(stcb, &stcb->asoc); |
1266 | 0 | sctp_stop_all_cookie_timers(stcb); |
1267 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_WAIT); |
1268 | 0 | (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered); |
1269 | 0 | sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); |
1270 | 0 | } |
1271 | 0 | break; |
1272 | 0 | case SCTP_CAUSE_UNRESOLVABLE_ADDR: |
1273 | | /* |
1274 | | * Nothing we can do here, we don't do hostname |
1275 | | * addresses so if the peer does not like my IPv6 |
1276 | | * (or IPv4 for that matter) it does not matter. If |
1277 | | * they don't support that type of address, they can |
1278 | | * NOT possibly get that packet type... i.e. with no |
1279 | | * IPv6 you can't receive a IPv6 packet. so we can |
1280 | | * safely ignore this one. If we ever added support |
1281 | | * for HOSTNAME Addresses, then we would need to do |
1282 | | * something here. |
1283 | | */ |
1284 | 0 | break; |
1285 | 0 | case SCTP_CAUSE_UNRECOG_CHUNK: |
1286 | 0 | if (cause_length >= sizeof(struct sctp_error_unrecognized_chunk)) { |
1287 | 0 | struct sctp_error_unrecognized_chunk *unrec_chunk; |
1288 | |
|
1289 | 0 | unrec_chunk = (struct sctp_error_unrecognized_chunk *)cause; |
1290 | 0 | sctp_process_unrecog_chunk(stcb, unrec_chunk->ch.chunk_type); |
1291 | 0 | } |
1292 | 0 | break; |
1293 | 0 | case SCTP_CAUSE_UNRECOG_PARAM: |
1294 | | /* XXX: We only consider the first parameter */ |
1295 | 0 | if (cause_length >= sizeof(struct sctp_error_cause) + sizeof(struct sctp_paramhdr)) { |
1296 | 0 | struct sctp_paramhdr *unrec_parameter; |
1297 | |
|
1298 | 0 | unrec_parameter = (struct sctp_paramhdr *)(cause + 1); |
1299 | 0 | sctp_process_unrecog_param(stcb, ntohs(unrec_parameter->param_type)); |
1300 | 0 | } |
1301 | 0 | break; |
1302 | 0 | case SCTP_CAUSE_COOKIE_IN_SHUTDOWN: |
1303 | | /* |
1304 | | * We ignore this since the timer will drive out a |
1305 | | * new cookie anyway and there timer will drive us |
1306 | | * to send a SHUTDOWN_COMPLETE. We can't send one |
1307 | | * here since we don't have their tag. |
1308 | | */ |
1309 | 0 | break; |
1310 | 0 | case SCTP_CAUSE_DELETING_LAST_ADDR: |
1311 | 0 | case SCTP_CAUSE_RESOURCE_SHORTAGE: |
1312 | 0 | case SCTP_CAUSE_DELETING_SRC_ADDR: |
1313 | | /* |
1314 | | * We should NOT get these here, but in a |
1315 | | * ASCONF-ACK. |
1316 | | */ |
1317 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "Peer sends ASCONF errors in a error cause with code %u.\n", |
1318 | 0 | cause_code); |
1319 | 0 | break; |
1320 | 0 | case SCTP_CAUSE_OUT_OF_RESC: |
1321 | | /* |
1322 | | * And what, pray tell do we do with the fact that |
1323 | | * the peer is out of resources? Not really sure we |
1324 | | * could do anything but abort. I suspect this |
1325 | | * should have came WITH an abort instead of in a |
1326 | | * OP-ERROR. |
1327 | | */ |
1328 | 0 | break; |
1329 | 0 | default: |
1330 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_handle_error: unknown code 0x%x\n", |
1331 | 0 | cause_code); |
1332 | 0 | break; |
1333 | 0 | } |
1334 | 0 | adjust = SCTP_SIZE32(cause_length); |
1335 | 0 | if (remaining_length >= adjust) { |
1336 | 0 | remaining_length -= adjust; |
1337 | 0 | } else { |
1338 | 0 | remaining_length = 0; |
1339 | 0 | } |
1340 | 0 | cause = (struct sctp_error_cause *)((caddr_t)cause + adjust); |
1341 | 0 | } |
1342 | 0 | sctp_ulp_notify(SCTP_NOTIFY_REMOTE_ERROR, stcb, code, ch, SCTP_SO_NOT_LOCKED); |
1343 | 0 | return (0); |
1344 | 0 | } |
1345 | | |
1346 | | static int |
1347 | | sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, |
1348 | | struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, |
1349 | | struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb, |
1350 | | struct sctp_nets *net, int *abort_no_unlock, |
1351 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1352 | | uint8_t mflowtype, uint32_t mflowid, |
1353 | | #endif |
1354 | | uint32_t vrf_id) |
1355 | 1.59k | { |
1356 | 1.59k | struct sctp_init_ack *init_ack; |
1357 | 1.59k | struct mbuf *op_err; |
1358 | | |
1359 | 1.59k | SCTPDBG(SCTP_DEBUG_INPUT2, |
1360 | 1.59k | "sctp_handle_init_ack: handling INIT-ACK\n"); |
1361 | | |
1362 | 1.59k | if (stcb == NULL) { |
1363 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, |
1364 | 0 | "sctp_handle_init_ack: TCB is null\n"); |
1365 | 0 | return (-1); |
1366 | 0 | } |
1367 | | /* Only process the INIT-ACK chunk in COOKIE WAIT state.*/ |
1368 | 1.59k | if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) { |
1369 | 1.59k | init_ack = &cp->init; |
1370 | | /* Validate parameters. */ |
1371 | 1.59k | if ((ntohl(init_ack->initiate_tag) == 0) || |
1372 | 1.59k | (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) || |
1373 | 1.59k | (ntohs(init_ack->num_inbound_streams) == 0) || |
1374 | 1.59k | (ntohs(init_ack->num_outbound_streams) == 0)) { |
1375 | | /* One of the mandatory parameters is illegal. */ |
1376 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); |
1377 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
1378 | 0 | src, dst, sh, op_err, |
1379 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1380 | | mflowtype, mflowid, |
1381 | | #endif |
1382 | 0 | vrf_id, net->port); |
1383 | 0 | *abort_no_unlock = 1; |
1384 | 0 | return (-1); |
1385 | 0 | } |
1386 | 1.59k | if (stcb->asoc.primary_destination->dest_state & |
1387 | 1.59k | SCTP_ADDR_UNCONFIRMED) { |
1388 | | /* |
1389 | | * The primary is where we sent the INIT, we can |
1390 | | * always consider it confirmed when the INIT-ACK is |
1391 | | * returned. Do this before we load addresses |
1392 | | * though. |
1393 | | */ |
1394 | 0 | stcb->asoc.primary_destination->dest_state &= |
1395 | 0 | ~SCTP_ADDR_UNCONFIRMED; |
1396 | 0 | sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, |
1397 | 0 | stcb, 0, (void *)stcb->asoc.primary_destination, SCTP_SO_NOT_LOCKED); |
1398 | 0 | } |
1399 | 1.59k | if (sctp_process_init_ack(m, iphlen, offset, src, dst, sh, cp, stcb, |
1400 | 1.59k | net, abort_no_unlock, |
1401 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1402 | | mflowtype, mflowid, |
1403 | | #endif |
1404 | 1.59k | vrf_id) < 0) { |
1405 | | /* error in parsing parameters */ |
1406 | 0 | return (-1); |
1407 | 0 | } |
1408 | | /* Update our state. */ |
1409 | 1.59k | SCTPDBG(SCTP_DEBUG_INPUT2, "moving to COOKIE-ECHOED state\n"); |
1410 | 1.59k | SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_ECHOED); |
1411 | | |
1412 | | /* Reset the RTO calculation. */ |
1413 | 1.59k | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) { |
1414 | 0 | sctp_misc_ints(SCTP_THRESHOLD_CLEAR, |
1415 | 0 | stcb->asoc.overall_error_count, |
1416 | 0 | 0, |
1417 | 0 | SCTP_FROM_SCTP_INPUT, |
1418 | 0 | __LINE__); |
1419 | 0 | } |
1420 | 1.59k | stcb->asoc.overall_error_count = 0; |
1421 | 1.59k | (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered); |
1422 | | /* |
1423 | | * Collapse the init timer back in case of a exponential |
1424 | | * backoff. |
1425 | | */ |
1426 | 1.59k | sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, stcb->sctp_ep, |
1427 | 1.59k | stcb, net); |
1428 | | /* |
1429 | | * The output routine at the end of the inbound data processing |
1430 | | * will cause the cookie to be sent. |
1431 | | */ |
1432 | 1.59k | SCTPDBG(SCTP_DEBUG_INPUT1, "Leaving handle-init-ack end\n"); |
1433 | 1.59k | return (0); |
1434 | 1.59k | } else { |
1435 | 0 | return (-1); |
1436 | 0 | } |
1437 | 1.59k | } |
1438 | | |
1439 | | static struct sctp_tcb * |
1440 | | sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, |
1441 | | struct sockaddr *src, struct sockaddr *dst, |
1442 | | struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len, |
1443 | | struct sctp_inpcb *inp, struct sctp_nets **netp, |
1444 | | struct sockaddr *init_src, int *notification, |
1445 | | int auth_skipped, uint32_t auth_offset, uint32_t auth_len, |
1446 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1447 | | uint8_t mflowtype, uint32_t mflowid, |
1448 | | #endif |
1449 | | uint32_t vrf_id, uint16_t port); |
1450 | | |
1451 | | /* |
1452 | | * handle a state cookie for an existing association m: input packet mbuf |
1453 | | * chain-- assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a |
1454 | | * "split" mbuf and the cookie signature does not exist offset: offset into |
1455 | | * mbuf to the cookie-echo chunk |
1456 | | */ |
1457 | | static struct sctp_tcb * |
1458 | | sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, |
1459 | | struct sockaddr *src, struct sockaddr *dst, |
1460 | | struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len, |
1461 | | struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets **netp, |
1462 | | struct sockaddr *init_src, int *notification, |
1463 | | int auth_skipped, uint32_t auth_offset, uint32_t auth_len, |
1464 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1465 | | uint8_t mflowtype, uint32_t mflowid, |
1466 | | #endif |
1467 | | uint32_t vrf_id, uint16_t port) |
1468 | 0 | { |
1469 | 0 | struct sctp_association *asoc; |
1470 | 0 | struct sctp_init_chunk *init_cp, init_buf; |
1471 | 0 | struct sctp_init_ack_chunk *initack_cp, initack_buf; |
1472 | 0 | struct sctp_asconf_addr *aparam, *naparam; |
1473 | 0 | struct sctp_asconf_ack *aack, *naack; |
1474 | 0 | struct sctp_tmit_chunk *chk, *nchk; |
1475 | 0 | struct sctp_stream_reset_list *strrst, *nstrrst; |
1476 | 0 | struct sctp_queued_to_read *sq, *nsq; |
1477 | 0 | struct sctp_nets *net; |
1478 | 0 | struct mbuf *op_err; |
1479 | 0 | int init_offset, initack_offset, i; |
1480 | 0 | int retval; |
1481 | 0 | int spec_flag = 0; |
1482 | 0 | uint32_t how_indx; |
1483 | | #if defined(SCTP_DETAILED_STR_STATS) |
1484 | | int j; |
1485 | | #endif |
1486 | |
|
1487 | 0 | net = *netp; |
1488 | | /* I know that the TCB is non-NULL from the caller */ |
1489 | 0 | asoc = &stcb->asoc; |
1490 | 0 | for (how_indx = 0; how_indx < sizeof(asoc->cookie_how); how_indx++) { |
1491 | 0 | if (asoc->cookie_how[how_indx] == 0) |
1492 | 0 | break; |
1493 | 0 | } |
1494 | 0 | if (how_indx < sizeof(asoc->cookie_how)) { |
1495 | 0 | asoc->cookie_how[how_indx] = 1; |
1496 | 0 | } |
1497 | 0 | if (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) { |
1498 | | /* SHUTDOWN came in after sending INIT-ACK */ |
1499 | 0 | sctp_send_shutdown_ack(stcb, stcb->asoc.primary_destination); |
1500 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_COOKIE_IN_SHUTDOWN, ""); |
1501 | 0 | sctp_send_operr_to(src, dst, sh, cookie->peers_vtag, op_err, |
1502 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1503 | | mflowtype, mflowid, inp->fibnum, |
1504 | | #endif |
1505 | 0 | vrf_id, net->port); |
1506 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1507 | 0 | asoc->cookie_how[how_indx] = 2; |
1508 | 0 | SCTP_TCB_UNLOCK(stcb); |
1509 | 0 | return (NULL); |
1510 | 0 | } |
1511 | | /* |
1512 | | * find and validate the INIT chunk in the cookie (peer's info) the |
1513 | | * INIT should start after the cookie-echo header struct (chunk |
1514 | | * header, state cookie header struct) |
1515 | | */ |
1516 | 0 | init_offset = offset += sizeof(struct sctp_cookie_echo_chunk); |
1517 | |
|
1518 | 0 | init_cp = (struct sctp_init_chunk *) |
1519 | 0 | sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk), |
1520 | 0 | (uint8_t *) & init_buf); |
1521 | 0 | if (init_cp == NULL) { |
1522 | | /* could not pull a INIT chunk in cookie */ |
1523 | 0 | SCTP_TCB_UNLOCK(stcb); |
1524 | 0 | return (NULL); |
1525 | 0 | } |
1526 | 0 | if (init_cp->ch.chunk_type != SCTP_INITIATION) { |
1527 | 0 | SCTP_TCB_UNLOCK(stcb); |
1528 | 0 | return (NULL); |
1529 | 0 | } |
1530 | | /* |
1531 | | * find and validate the INIT-ACK chunk in the cookie (my info) the |
1532 | | * INIT-ACK follows the INIT chunk |
1533 | | */ |
1534 | 0 | initack_offset = init_offset + SCTP_SIZE32(ntohs(init_cp->ch.chunk_length)); |
1535 | 0 | initack_cp = (struct sctp_init_ack_chunk *) |
1536 | 0 | sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk), |
1537 | 0 | (uint8_t *) & initack_buf); |
1538 | 0 | if (initack_cp == NULL) { |
1539 | | /* could not pull INIT-ACK chunk in cookie */ |
1540 | 0 | SCTP_TCB_UNLOCK(stcb); |
1541 | 0 | return (NULL); |
1542 | 0 | } |
1543 | 0 | if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) { |
1544 | 0 | SCTP_TCB_UNLOCK(stcb); |
1545 | 0 | return (NULL); |
1546 | 0 | } |
1547 | 0 | if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) && |
1548 | 0 | (ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag)) { |
1549 | | /* |
1550 | | * case D in Section 5.2.4 Table 2: MMAA process accordingly |
1551 | | * to get into the OPEN state |
1552 | | */ |
1553 | 0 | if (ntohl(initack_cp->init.initial_tsn) != asoc->init_seq_number) { |
1554 | | /*- |
1555 | | * Opps, this means that we somehow generated two vtag's |
1556 | | * the same. I.e. we did: |
1557 | | * Us Peer |
1558 | | * <---INIT(tag=a)------ |
1559 | | * ----INIT-ACK(tag=t)--> |
1560 | | * ----INIT(tag=t)------> *1 |
1561 | | * <---INIT-ACK(tag=a)--- |
1562 | | * <----CE(tag=t)------------- *2 |
1563 | | * |
1564 | | * At point *1 we should be generating a different |
1565 | | * tag t'. Which means we would throw away the CE and send |
1566 | | * ours instead. Basically this is case C (throw away side). |
1567 | | */ |
1568 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1569 | 0 | asoc->cookie_how[how_indx] = 17; |
1570 | 0 | SCTP_TCB_UNLOCK(stcb); |
1571 | 0 | return (NULL); |
1572 | 0 | } |
1573 | 0 | switch (SCTP_GET_STATE(stcb)) { |
1574 | 0 | case SCTP_STATE_COOKIE_WAIT: |
1575 | 0 | case SCTP_STATE_COOKIE_ECHOED: |
1576 | | /* |
1577 | | * INIT was sent but got a COOKIE_ECHO with the |
1578 | | * correct tags... just accept it...but we must |
1579 | | * process the init so that we can make sure we |
1580 | | * have the right seq no's. |
1581 | | */ |
1582 | | /* First we must process the INIT !! */ |
1583 | 0 | if (sctp_process_init(init_cp, stcb) < 0) { |
1584 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1585 | 0 | asoc->cookie_how[how_indx] = 3; |
1586 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
1587 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_process_init() failed\n"); |
1588 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
1589 | 0 | src, dst, sh, op_err, |
1590 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1591 | | mflowtype, mflowid, |
1592 | | #endif |
1593 | 0 | vrf_id, net->port); |
1594 | 0 | return (NULL); |
1595 | 0 | } |
1596 | | /* we have already processed the INIT so no problem */ |
1597 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, |
1598 | 0 | stcb, net, |
1599 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_13); |
1600 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, |
1601 | 0 | stcb, net, |
1602 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_14); |
1603 | | /* update current state */ |
1604 | 0 | if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) |
1605 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_activeestab); |
1606 | 0 | else |
1607 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_collisionestab); |
1608 | |
|
1609 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_OPEN); |
1610 | 0 | SCTP_STAT_INCR_GAUGE32(sctps_currestab); |
1611 | 0 | sctp_stop_all_cookie_timers(stcb); |
1612 | 0 | if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || |
1613 | 0 | (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && |
1614 | 0 | (!SCTP_IS_LISTENING(inp))) { |
1615 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1616 | | struct socket *so; |
1617 | | #endif |
1618 | | /* |
1619 | | * Here is where collision would go if we |
1620 | | * did a connect() and instead got a |
1621 | | * init/init-ack/cookie done before the |
1622 | | * init-ack came back.. |
1623 | | */ |
1624 | 0 | sctp_pcb_add_flags(stcb->sctp_ep, SCTP_PCB_FLAGS_CONNECTED); |
1625 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1626 | | so = SCTP_INP_SO(stcb->sctp_ep); |
1627 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
1628 | | SCTP_TCB_UNLOCK(stcb); |
1629 | | SCTP_SOCKET_LOCK(so, 1); |
1630 | | SCTP_TCB_LOCK(stcb); |
1631 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
1632 | | if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { |
1633 | | SCTP_TCB_UNLOCK(stcb); |
1634 | | SCTP_SOCKET_UNLOCK(so, 1); |
1635 | | return (NULL); |
1636 | | } |
1637 | | #endif |
1638 | 0 | soisconnected(stcb->sctp_socket); |
1639 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1640 | | SCTP_SOCKET_UNLOCK(so, 1); |
1641 | | #endif |
1642 | 0 | } |
1643 | | /* notify upper layer */ |
1644 | 0 | *notification = SCTP_NOTIFY_ASSOC_UP; |
1645 | 0 | net->hb_responded = 1; |
1646 | 0 | if (stcb->asoc.sctp_autoclose_ticks && |
1647 | 0 | (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE))) { |
1648 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, |
1649 | 0 | inp, stcb, NULL); |
1650 | 0 | } |
1651 | 0 | break; |
1652 | 0 | default: |
1653 | | /* |
1654 | | * we're in the OPEN state (or beyond), so |
1655 | | * peer must have simply lost the COOKIE-ACK |
1656 | | */ |
1657 | 0 | break; |
1658 | 0 | } /* end switch */ |
1659 | 0 | sctp_stop_all_cookie_timers(stcb); |
1660 | 0 | if ((retval = sctp_load_addresses_from_init(stcb, m, |
1661 | 0 | init_offset + sizeof(struct sctp_init_chunk), |
1662 | 0 | initack_offset, src, dst, init_src, stcb->asoc.port)) < 0) { |
1663 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1664 | 0 | asoc->cookie_how[how_indx] = 4; |
1665 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
1666 | 0 | "Problem with address parameters"); |
1667 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, |
1668 | 0 | "Load addresses from INIT causes an abort %d\n", |
1669 | 0 | retval); |
1670 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
1671 | 0 | src, dst, sh, op_err, |
1672 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1673 | | mflowtype, mflowid, |
1674 | | #endif |
1675 | 0 | vrf_id, net->port); |
1676 | 0 | return (NULL); |
1677 | 0 | } |
1678 | | /* respond with a COOKIE-ACK */ |
1679 | 0 | sctp_toss_old_cookies(stcb, asoc); |
1680 | 0 | sctp_send_cookie_ack(stcb); |
1681 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1682 | 0 | asoc->cookie_how[how_indx] = 5; |
1683 | 0 | return (stcb); |
1684 | 0 | } |
1685 | | |
1686 | 0 | if (ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag && |
1687 | 0 | ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag && |
1688 | 0 | cookie->tie_tag_my_vtag == 0 && |
1689 | 0 | cookie->tie_tag_peer_vtag == 0) { |
1690 | | /* |
1691 | | * case C in Section 5.2.4 Table 2: XMOO silently discard |
1692 | | */ |
1693 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1694 | 0 | asoc->cookie_how[how_indx] = 6; |
1695 | 0 | SCTP_TCB_UNLOCK(stcb); |
1696 | 0 | return (NULL); |
1697 | 0 | } |
1698 | | /* If nat support, and the below and stcb is established, |
1699 | | * send back a ABORT(colliding state) if we are established. |
1700 | | */ |
1701 | 0 | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) && |
1702 | 0 | (asoc->peer_supports_nat) && |
1703 | 0 | ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) && |
1704 | 0 | ((ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) || |
1705 | 0 | (asoc->peer_vtag == 0)))) { |
1706 | | /* Special case - Peer's support nat. We may have |
1707 | | * two init's that we gave out the same tag on since |
1708 | | * one was not established.. i.e. we get INIT from host-1 |
1709 | | * behind the nat and we respond tag-a, we get a INIT from |
1710 | | * host-2 behind the nat and we get tag-a again. Then we |
1711 | | * bring up host-1 (or 2's) assoc, Then comes the cookie |
1712 | | * from hsot-2 (or 1). Now we have colliding state. We must |
1713 | | * send an abort here with colliding state indication. |
1714 | | */ |
1715 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_NAT_COLLIDING_STATE, ""); |
1716 | 0 | sctp_send_abort(m, iphlen, src, dst, sh, 0, op_err, |
1717 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1718 | | mflowtype, mflowid, inp->fibnum, |
1719 | | #endif |
1720 | 0 | vrf_id, port); |
1721 | 0 | SCTP_TCB_UNLOCK(stcb); |
1722 | 0 | return (NULL); |
1723 | 0 | } |
1724 | 0 | if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) && |
1725 | 0 | ((ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) || |
1726 | 0 | (asoc->peer_vtag == 0))) { |
1727 | | /* |
1728 | | * case B in Section 5.2.4 Table 2: MXAA or MOAA my info |
1729 | | * should be ok, re-accept peer info |
1730 | | */ |
1731 | 0 | if (ntohl(initack_cp->init.initial_tsn) != asoc->init_seq_number) { |
1732 | | /* Extension of case C. |
1733 | | * If we hit this, then the random number |
1734 | | * generator returned the same vtag when we |
1735 | | * first sent our INIT-ACK and when we later sent |
1736 | | * our INIT. The side with the seq numbers that are |
1737 | | * different will be the one that normally would |
1738 | | * have hit case C. This in effect "extends" our vtags |
1739 | | * in this collision case to be 64 bits. The same collision |
1740 | | * could occur aka you get both vtag and seq number the |
1741 | | * same twice in a row.. but is much less likely. If it |
1742 | | * did happen then we would proceed through and bring |
1743 | | * up the assoc.. we may end up with the wrong stream |
1744 | | * setup however.. which would be bad.. but there is |
1745 | | * no way to tell.. until we send on a stream that does |
1746 | | * not exist :-) |
1747 | | */ |
1748 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1749 | 0 | asoc->cookie_how[how_indx] = 7; |
1750 | |
|
1751 | 0 | SCTP_TCB_UNLOCK(stcb); |
1752 | 0 | return (NULL); |
1753 | 0 | } |
1754 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1755 | 0 | asoc->cookie_how[how_indx] = 8; |
1756 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, |
1757 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_15); |
1758 | 0 | sctp_stop_all_cookie_timers(stcb); |
1759 | | /* |
1760 | | * since we did not send a HB make sure we don't double |
1761 | | * things |
1762 | | */ |
1763 | 0 | net->hb_responded = 1; |
1764 | 0 | if (stcb->asoc.sctp_autoclose_ticks && |
1765 | 0 | sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) { |
1766 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, |
1767 | 0 | NULL); |
1768 | 0 | } |
1769 | 0 | asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd); |
1770 | 0 | if (asoc->pre_open_streams < asoc->streamoutcnt) { |
1771 | 0 | asoc->pre_open_streams = asoc->streamoutcnt; |
1772 | 0 | } |
1773 | |
|
1774 | 0 | if (ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) { |
1775 | | /* Ok the peer probably discarded our |
1776 | | * data (if we echoed a cookie+data). So anything |
1777 | | * on the sent_queue should be marked for |
1778 | | * retransmit, we may not get something to |
1779 | | * kick us so it COULD still take a timeout |
1780 | | * to move these.. but it can't hurt to mark them. |
1781 | | */ |
1782 | |
|
1783 | 0 | TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { |
1784 | 0 | if (chk->sent < SCTP_DATAGRAM_RESEND) { |
1785 | 0 | chk->sent = SCTP_DATAGRAM_RESEND; |
1786 | 0 | sctp_flight_size_decrease(chk); |
1787 | 0 | sctp_total_flight_decrease(stcb, chk); |
1788 | 0 | sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt); |
1789 | 0 | spec_flag++; |
1790 | 0 | } |
1791 | 0 | } |
1792 | 0 | } |
1793 | | /* process the INIT info (peer's info) */ |
1794 | 0 | if (sctp_process_init(init_cp, stcb) < 0) { |
1795 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1796 | 0 | asoc->cookie_how[how_indx] = 9; |
1797 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
1798 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_process_init() failed\n"); |
1799 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
1800 | 0 | src, dst, sh, op_err, |
1801 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1802 | | mflowtype, mflowid, |
1803 | | #endif |
1804 | 0 | vrf_id, net->port); |
1805 | 0 | return (NULL); |
1806 | 0 | } |
1807 | 0 | if ((retval = sctp_load_addresses_from_init(stcb, m, |
1808 | 0 | init_offset + sizeof(struct sctp_init_chunk), |
1809 | 0 | initack_offset, src, dst, init_src, stcb->asoc.port)) < 0) { |
1810 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1811 | 0 | asoc->cookie_how[how_indx] = 10; |
1812 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
1813 | 0 | "Problem with address parameters"); |
1814 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, |
1815 | 0 | "Load addresses from INIT causes an abort %d\n", |
1816 | 0 | retval); |
1817 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
1818 | 0 | src, dst, sh, op_err, |
1819 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1820 | | mflowtype, mflowid, |
1821 | | #endif |
1822 | 0 | vrf_id, net->port); |
1823 | 0 | return (NULL); |
1824 | 0 | } |
1825 | 0 | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || |
1826 | 0 | (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { |
1827 | 0 | *notification = SCTP_NOTIFY_ASSOC_UP; |
1828 | |
|
1829 | 0 | if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || |
1830 | 0 | (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && |
1831 | 0 | (!SCTP_IS_LISTENING(inp))) { |
1832 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1833 | | struct socket *so; |
1834 | | #endif |
1835 | 0 | sctp_pcb_add_flags(stcb->sctp_ep, SCTP_PCB_FLAGS_CONNECTED); |
1836 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1837 | | so = SCTP_INP_SO(stcb->sctp_ep); |
1838 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
1839 | | SCTP_TCB_UNLOCK(stcb); |
1840 | | SCTP_SOCKET_LOCK(so, 1); |
1841 | | SCTP_TCB_LOCK(stcb); |
1842 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
1843 | | if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { |
1844 | | SCTP_TCB_UNLOCK(stcb); |
1845 | | SCTP_SOCKET_UNLOCK(so, 1); |
1846 | | return (NULL); |
1847 | | } |
1848 | | #endif |
1849 | 0 | soisconnected(stcb->sctp_socket); |
1850 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1851 | | SCTP_SOCKET_UNLOCK(so, 1); |
1852 | | #endif |
1853 | 0 | } |
1854 | 0 | if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) |
1855 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_activeestab); |
1856 | 0 | else |
1857 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_collisionestab); |
1858 | 0 | SCTP_STAT_INCR_GAUGE32(sctps_currestab); |
1859 | 0 | } else if (SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) { |
1860 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_restartestab); |
1861 | 0 | } else { |
1862 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_collisionestab); |
1863 | 0 | } |
1864 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_OPEN); |
1865 | 0 | sctp_stop_all_cookie_timers(stcb); |
1866 | 0 | sctp_toss_old_cookies(stcb, asoc); |
1867 | 0 | sctp_send_cookie_ack(stcb); |
1868 | 0 | if (spec_flag) { |
1869 | | /* only if we have retrans set do we do this. What |
1870 | | * this call does is get only the COOKIE-ACK out |
1871 | | * and then when we return the normal call to |
1872 | | * sctp_chunk_output will get the retrans out |
1873 | | * behind this. |
1874 | | */ |
1875 | 0 | sctp_chunk_output(inp,stcb, SCTP_OUTPUT_FROM_COOKIE_ACK, SCTP_SO_NOT_LOCKED); |
1876 | 0 | } |
1877 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1878 | 0 | asoc->cookie_how[how_indx] = 11; |
1879 | |
|
1880 | 0 | return (stcb); |
1881 | 0 | } |
1882 | 0 | if ((ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag && |
1883 | 0 | ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) && |
1884 | 0 | cookie->tie_tag_my_vtag == asoc->my_vtag_nonce && |
1885 | 0 | cookie->tie_tag_peer_vtag == asoc->peer_vtag_nonce && |
1886 | 0 | cookie->tie_tag_peer_vtag != 0) { |
1887 | 0 | struct sctpasochead *head; |
1888 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1889 | | struct socket *so; |
1890 | | #endif |
1891 | |
|
1892 | 0 | if (asoc->peer_supports_nat) { |
1893 | 0 | struct sctp_tcb *local_stcb; |
1894 | | |
1895 | | /* This is a gross gross hack. |
1896 | | * Just call the cookie_new code since we |
1897 | | * are allowing a duplicate association. |
1898 | | * I hope this works... |
1899 | | */ |
1900 | 0 | local_stcb = sctp_process_cookie_new(m, iphlen, offset, src, dst, |
1901 | 0 | sh, cookie, cookie_len, |
1902 | 0 | inp, netp, init_src,notification, |
1903 | 0 | auth_skipped, auth_offset, auth_len, |
1904 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1905 | | mflowtype, mflowid, |
1906 | | #endif |
1907 | 0 | vrf_id, port); |
1908 | 0 | if (local_stcb == NULL) { |
1909 | 0 | SCTP_TCB_UNLOCK(stcb); |
1910 | 0 | } |
1911 | 0 | return (local_stcb); |
1912 | 0 | } |
1913 | | /* |
1914 | | * case A in Section 5.2.4 Table 2: XXMM (peer restarted) |
1915 | | */ |
1916 | | /* temp code */ |
1917 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1918 | 0 | asoc->cookie_how[how_indx] = 12; |
1919 | 0 | sctp_stop_association_timers(stcb, false); |
1920 | | /* notify upper layer */ |
1921 | 0 | *notification = SCTP_NOTIFY_ASSOC_RESTART; |
1922 | 0 | atomic_add_int(&stcb->asoc.refcnt, 1); |
1923 | 0 | if ((SCTP_GET_STATE(stcb) != SCTP_STATE_OPEN) && |
1924 | 0 | (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_RECEIVED) && |
1925 | 0 | (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT)) { |
1926 | 0 | SCTP_STAT_INCR_GAUGE32(sctps_currestab); |
1927 | 0 | } |
1928 | 0 | if (SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) { |
1929 | 0 | SCTP_STAT_INCR_GAUGE32(sctps_restartestab); |
1930 | 0 | } else if (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) { |
1931 | 0 | SCTP_STAT_INCR_GAUGE32(sctps_collisionestab); |
1932 | 0 | } |
1933 | 0 | if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) { |
1934 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_OPEN); |
1935 | |
|
1936 | 0 | } else if (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) { |
1937 | | /* move to OPEN state, if not in SHUTDOWN_SENT */ |
1938 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_OPEN); |
1939 | 0 | } |
1940 | 0 | if (asoc->pre_open_streams < asoc->streamoutcnt) { |
1941 | 0 | asoc->pre_open_streams = asoc->streamoutcnt; |
1942 | 0 | } |
1943 | 0 | asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn); |
1944 | 0 | asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number; |
1945 | 0 | asoc->asconf_seq_out_acked = asoc->asconf_seq_out - 1; |
1946 | 0 | asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1; |
1947 | 0 | asoc->str_reset_seq_in = asoc->init_seq_number; |
1948 | 0 | asoc->advanced_peer_ack_point = asoc->last_acked_seq; |
1949 | 0 | asoc->send_sack = 1; |
1950 | 0 | asoc->data_pkts_seen = 0; |
1951 | 0 | asoc->last_data_chunk_from = NULL; |
1952 | 0 | asoc->last_control_chunk_from = NULL; |
1953 | 0 | asoc->last_net_cmt_send_started = NULL; |
1954 | 0 | if (asoc->mapping_array) { |
1955 | 0 | memset(asoc->mapping_array, 0, |
1956 | 0 | asoc->mapping_array_size); |
1957 | 0 | } |
1958 | 0 | if (asoc->nr_mapping_array) { |
1959 | 0 | memset(asoc->nr_mapping_array, 0, |
1960 | 0 | asoc->mapping_array_size); |
1961 | 0 | } |
1962 | 0 | SCTP_TCB_UNLOCK(stcb); |
1963 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1964 | | so = SCTP_INP_SO(stcb->sctp_ep); |
1965 | | SCTP_SOCKET_LOCK(so, 1); |
1966 | | #endif |
1967 | 0 | SCTP_INP_INFO_WLOCK(); |
1968 | 0 | SCTP_INP_WLOCK(stcb->sctp_ep); |
1969 | 0 | SCTP_TCB_LOCK(stcb); |
1970 | 0 | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
1971 | | /* send up all the data */ |
1972 | 0 | sctp_report_all_outbound(stcb, 0, SCTP_SO_LOCKED); |
1973 | 0 | for (i = 0; i < stcb->asoc.streamoutcnt; i++) { |
1974 | 0 | stcb->asoc.strmout[i].chunks_on_queues = 0; |
1975 | | #if defined(SCTP_DETAILED_STR_STATS) |
1976 | | for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) { |
1977 | | asoc->strmout[i].abandoned_sent[j] = 0; |
1978 | | asoc->strmout[i].abandoned_unsent[j] = 0; |
1979 | | } |
1980 | | #else |
1981 | 0 | asoc->strmout[i].abandoned_sent[0] = 0; |
1982 | 0 | asoc->strmout[i].abandoned_unsent[0] = 0; |
1983 | 0 | #endif |
1984 | 0 | stcb->asoc.strmout[i].next_mid_ordered = 0; |
1985 | 0 | stcb->asoc.strmout[i].next_mid_unordered = 0; |
1986 | 0 | stcb->asoc.strmout[i].sid = i; |
1987 | 0 | stcb->asoc.strmout[i].last_msg_incomplete = 0; |
1988 | 0 | } |
1989 | 0 | TAILQ_FOREACH_SAFE(strrst, &asoc->resetHead, next_resp, nstrrst) { |
1990 | 0 | TAILQ_REMOVE(&asoc->resetHead, strrst, next_resp); |
1991 | 0 | SCTP_FREE(strrst, SCTP_M_STRESET); |
1992 | 0 | } |
1993 | 0 | TAILQ_FOREACH_SAFE(sq, &asoc->pending_reply_queue, next, nsq) { |
1994 | 0 | TAILQ_REMOVE(&asoc->pending_reply_queue, sq, next); |
1995 | 0 | if (sq->data) { |
1996 | 0 | sctp_m_freem(sq->data); |
1997 | 0 | sq->data = NULL; |
1998 | 0 | } |
1999 | 0 | sctp_free_remote_addr(sq->whoFrom); |
2000 | 0 | sq->whoFrom = NULL; |
2001 | 0 | sq->stcb = NULL; |
2002 | 0 | sctp_free_a_readq(stcb, sq); |
2003 | 0 | } |
2004 | 0 | TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) { |
2005 | 0 | TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); |
2006 | 0 | if (chk->data) { |
2007 | 0 | sctp_m_freem(chk->data); |
2008 | 0 | chk->data = NULL; |
2009 | 0 | } |
2010 | 0 | if (chk->holds_key_ref) |
2011 | 0 | sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); |
2012 | 0 | sctp_free_remote_addr(chk->whoTo); |
2013 | 0 | SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); |
2014 | 0 | SCTP_DECR_CHK_COUNT(); |
2015 | 0 | } |
2016 | 0 | asoc->ctrl_queue_cnt = 0; |
2017 | 0 | asoc->str_reset = NULL; |
2018 | 0 | asoc->stream_reset_outstanding = 0; |
2019 | 0 | TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) { |
2020 | 0 | TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next); |
2021 | 0 | if (chk->data) { |
2022 | 0 | sctp_m_freem(chk->data); |
2023 | 0 | chk->data = NULL; |
2024 | 0 | } |
2025 | 0 | if (chk->holds_key_ref) |
2026 | 0 | sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); |
2027 | 0 | sctp_free_remote_addr(chk->whoTo); |
2028 | 0 | SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); |
2029 | 0 | SCTP_DECR_CHK_COUNT(); |
2030 | 0 | } |
2031 | 0 | TAILQ_FOREACH_SAFE(aparam, &asoc->asconf_queue, next, naparam) { |
2032 | 0 | TAILQ_REMOVE(&asoc->asconf_queue, aparam, next); |
2033 | 0 | SCTP_FREE(aparam,SCTP_M_ASC_ADDR); |
2034 | 0 | } |
2035 | 0 | TAILQ_FOREACH_SAFE(aack, &asoc->asconf_ack_sent, next, naack) { |
2036 | 0 | TAILQ_REMOVE(&asoc->asconf_ack_sent, aack, next); |
2037 | 0 | if (aack->data != NULL) { |
2038 | 0 | sctp_m_freem(aack->data); |
2039 | 0 | } |
2040 | 0 | SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asconf_ack), aack); |
2041 | 0 | } |
2042 | 0 | asoc->rcv_edmid = cookie->rcv_edmid; |
2043 | | |
2044 | | /* process the INIT-ACK info (my info) */ |
2045 | 0 | asoc->my_vtag = ntohl(initack_cp->init.initiate_tag); |
2046 | 0 | asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd); |
2047 | | |
2048 | | /* pull from vtag hash */ |
2049 | 0 | LIST_REMOVE(stcb, sctp_asocs); |
2050 | | /* re-insert to new vtag position */ |
2051 | 0 | head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, |
2052 | 0 | SCTP_BASE_INFO(hashasocmark))]; |
2053 | | /* |
2054 | | * put it in the bucket in the vtag hash of assoc's for the |
2055 | | * system |
2056 | | */ |
2057 | 0 | LIST_INSERT_HEAD(head, stcb, sctp_asocs); |
2058 | |
|
2059 | 0 | SCTP_INP_WUNLOCK(stcb->sctp_ep); |
2060 | 0 | SCTP_INP_INFO_WUNLOCK(); |
2061 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2062 | | SCTP_SOCKET_UNLOCK(so, 1); |
2063 | | #endif |
2064 | 0 | asoc->total_flight = 0; |
2065 | 0 | asoc->total_flight_count = 0; |
2066 | | /* process the INIT info (peer's info) */ |
2067 | 0 | if (sctp_process_init(init_cp, stcb) < 0) { |
2068 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
2069 | 0 | asoc->cookie_how[how_indx] = 13; |
2070 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
2071 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_process_init() failed\n"); |
2072 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
2073 | 0 | src, dst, sh, op_err, |
2074 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2075 | | mflowtype, mflowid, |
2076 | | #endif |
2077 | 0 | vrf_id, net->port); |
2078 | 0 | return (NULL); |
2079 | 0 | } |
2080 | | /* |
2081 | | * since we did not send a HB make sure we don't double |
2082 | | * things |
2083 | | */ |
2084 | 0 | net->hb_responded = 1; |
2085 | |
|
2086 | 0 | if ((retval = sctp_load_addresses_from_init(stcb, m, |
2087 | 0 | init_offset + sizeof(struct sctp_init_chunk), |
2088 | 0 | initack_offset, src, dst, init_src, stcb->asoc.port)) < 0) { |
2089 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
2090 | 0 | asoc->cookie_how[how_indx] = 14; |
2091 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
2092 | 0 | "Problem with address parameters"); |
2093 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, |
2094 | 0 | "Load addresses from INIT causes an abort %d\n", |
2095 | 0 | retval); |
2096 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
2097 | 0 | src, dst, sh, op_err, |
2098 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2099 | | mflowtype, mflowid, |
2100 | | #endif |
2101 | 0 | vrf_id, net->port); |
2102 | 0 | return (NULL); |
2103 | 0 | } |
2104 | | /* respond with a COOKIE-ACK */ |
2105 | 0 | sctp_send_cookie_ack(stcb); |
2106 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
2107 | 0 | asoc->cookie_how[how_indx] = 15; |
2108 | 0 | if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE) && |
2109 | 0 | (asoc->sctp_autoclose_ticks > 0)) { |
2110 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL); |
2111 | 0 | } |
2112 | 0 | return (stcb); |
2113 | 0 | } |
2114 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
2115 | 0 | asoc->cookie_how[how_indx] = 16; |
2116 | | /* all other cases... */ |
2117 | 0 | SCTP_TCB_UNLOCK(stcb); |
2118 | 0 | return (NULL); |
2119 | 0 | } |
2120 | | |
2121 | | /* |
2122 | | * handle a state cookie for a new association m: input packet mbuf chain-- |
2123 | | * assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a "split" mbuf |
2124 | | * and the cookie signature does not exist offset: offset into mbuf to the |
2125 | | * cookie-echo chunk length: length of the cookie chunk to: where the init |
2126 | | * was from returns a new TCB |
2127 | | */ |
2128 | | static struct sctp_tcb * |
2129 | | sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, |
2130 | | struct sockaddr *src, struct sockaddr *dst, |
2131 | | struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len, |
2132 | | struct sctp_inpcb *inp, struct sctp_nets **netp, |
2133 | | struct sockaddr *init_src, int *notification, |
2134 | | int auth_skipped, uint32_t auth_offset, uint32_t auth_len, |
2135 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2136 | | uint8_t mflowtype, uint32_t mflowid, |
2137 | | #endif |
2138 | | uint32_t vrf_id, uint16_t port) |
2139 | 0 | { |
2140 | 0 | struct sctp_tcb *stcb; |
2141 | 0 | struct sctp_init_chunk *init_cp, init_buf; |
2142 | 0 | struct sctp_init_ack_chunk *initack_cp, initack_buf; |
2143 | 0 | union sctp_sockstore store; |
2144 | 0 | struct sctp_association *asoc; |
2145 | 0 | int init_offset, initack_offset, initack_limit; |
2146 | 0 | int error = 0; |
2147 | 0 | uint8_t auth_chunk_buf[SCTP_CHUNK_BUFFER_SIZE]; |
2148 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2149 | | struct socket *so; |
2150 | | |
2151 | | so = SCTP_INP_SO(inp); |
2152 | | #endif |
2153 | | |
2154 | | /* |
2155 | | * find and validate the INIT chunk in the cookie (peer's info) the |
2156 | | * INIT should start after the cookie-echo header struct (chunk |
2157 | | * header, state cookie header struct) |
2158 | | */ |
2159 | 0 | init_offset = offset + sizeof(struct sctp_cookie_echo_chunk); |
2160 | 0 | init_cp = (struct sctp_init_chunk *) |
2161 | 0 | sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk), |
2162 | 0 | (uint8_t *) & init_buf); |
2163 | 0 | if (init_cp == NULL) { |
2164 | | /* could not pull a INIT chunk in cookie */ |
2165 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, |
2166 | 0 | "process_cookie_new: could not pull INIT chunk hdr\n"); |
2167 | 0 | return (NULL); |
2168 | 0 | } |
2169 | 0 | if (init_cp->ch.chunk_type != SCTP_INITIATION) { |
2170 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "HUH? process_cookie_new: could not find INIT chunk!\n"); |
2171 | 0 | return (NULL); |
2172 | 0 | } |
2173 | 0 | initack_offset = init_offset + SCTP_SIZE32(ntohs(init_cp->ch.chunk_length)); |
2174 | | /* |
2175 | | * find and validate the INIT-ACK chunk in the cookie (my info) the |
2176 | | * INIT-ACK follows the INIT chunk |
2177 | | */ |
2178 | 0 | initack_cp = (struct sctp_init_ack_chunk *) |
2179 | 0 | sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk), |
2180 | 0 | (uint8_t *) & initack_buf); |
2181 | 0 | if (initack_cp == NULL) { |
2182 | | /* could not pull INIT-ACK chunk in cookie */ |
2183 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "process_cookie_new: could not pull INIT-ACK chunk hdr\n"); |
2184 | 0 | return (NULL); |
2185 | 0 | } |
2186 | 0 | if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) { |
2187 | 0 | return (NULL); |
2188 | 0 | } |
2189 | | /* |
2190 | | * NOTE: We can't use the INIT_ACK's chk_length to determine the |
2191 | | * "initack_limit" value. This is because the chk_length field |
2192 | | * includes the length of the cookie, but the cookie is omitted when |
2193 | | * the INIT and INIT_ACK are tacked onto the cookie... |
2194 | | */ |
2195 | 0 | initack_limit = offset + cookie_len; |
2196 | | |
2197 | | /* |
2198 | | * now that we know the INIT/INIT-ACK are in place, create a new TCB |
2199 | | * and populate |
2200 | | */ |
2201 | | |
2202 | | /* |
2203 | | * Here we do a trick, we set in NULL for the proc/thread argument. We |
2204 | | * do this since in effect we only use the p argument when |
2205 | | * the socket is unbound and we must do an implicit bind. |
2206 | | * Since we are getting a cookie, we cannot be unbound. |
2207 | | */ |
2208 | 0 | stcb = sctp_aloc_assoc(inp, init_src, &error, |
2209 | 0 | ntohl(initack_cp->init.initiate_tag), |
2210 | 0 | ntohl(initack_cp->init.initial_tsn), vrf_id, |
2211 | 0 | ntohs(initack_cp->init.num_outbound_streams), |
2212 | 0 | port, |
2213 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2214 | | (struct thread *)NULL, |
2215 | | #elif defined(_WIN32) && !defined(__Userspace__) |
2216 | | (PKTHREAD)NULL, |
2217 | | #else |
2218 | 0 | (struct proc *)NULL, |
2219 | 0 | #endif |
2220 | 0 | SCTP_DONT_INITIALIZE_AUTH_PARAMS); |
2221 | 0 | if (stcb == NULL) { |
2222 | 0 | struct mbuf *op_err; |
2223 | | |
2224 | | /* memory problem? */ |
2225 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, |
2226 | 0 | "process_cookie_new: no room for another TCB!\n"); |
2227 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
2228 | 0 | sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen, |
2229 | 0 | src, dst, sh, op_err, |
2230 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2231 | | mflowtype, mflowid, |
2232 | | #endif |
2233 | 0 | vrf_id, port); |
2234 | 0 | return (NULL); |
2235 | 0 | } |
2236 | 0 | asoc = &stcb->asoc; |
2237 | | /* get scope variables out of cookie */ |
2238 | 0 | asoc->scope.ipv4_local_scope = cookie->ipv4_scope; |
2239 | 0 | asoc->scope.site_scope = cookie->site_scope; |
2240 | 0 | asoc->scope.local_scope = cookie->local_scope; |
2241 | 0 | asoc->scope.loopback_scope = cookie->loopback_scope; |
2242 | |
|
2243 | 0 | #if defined(__Userspace__) |
2244 | 0 | if ((asoc->scope.ipv4_addr_legal != cookie->ipv4_addr_legal) || |
2245 | 0 | (asoc->scope.ipv6_addr_legal != cookie->ipv6_addr_legal) || |
2246 | 0 | (asoc->scope.conn_addr_legal != cookie->conn_addr_legal)) { |
2247 | | #else |
2248 | | if ((asoc->scope.ipv4_addr_legal != cookie->ipv4_addr_legal) || |
2249 | | (asoc->scope.ipv6_addr_legal != cookie->ipv6_addr_legal)) { |
2250 | | #endif |
2251 | 0 | struct mbuf *op_err; |
2252 | | |
2253 | | /* |
2254 | | * Houston we have a problem. The EP changed while the |
2255 | | * cookie was in flight. Only recourse is to abort the |
2256 | | * association. |
2257 | | */ |
2258 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
2259 | 0 | sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen, |
2260 | 0 | src, dst, sh, op_err, |
2261 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2262 | | mflowtype, mflowid, |
2263 | | #endif |
2264 | 0 | vrf_id, port); |
2265 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2266 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
2267 | | SCTP_TCB_UNLOCK(stcb); |
2268 | | SCTP_SOCKET_LOCK(so, 1); |
2269 | | SCTP_TCB_LOCK(stcb); |
2270 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
2271 | | #endif |
2272 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
2273 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_18); |
2274 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2275 | | SCTP_SOCKET_UNLOCK(so, 1); |
2276 | | #endif |
2277 | 0 | return (NULL); |
2278 | 0 | } |
2279 | 0 | asoc->rcv_edmid = cookie->rcv_edmid; |
2280 | | /* process the INIT-ACK info (my info) */ |
2281 | 0 | asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd); |
2282 | | |
2283 | | /* process the INIT info (peer's info) */ |
2284 | 0 | if (sctp_process_init(init_cp, stcb) < 0) { |
2285 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2286 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
2287 | | SCTP_TCB_UNLOCK(stcb); |
2288 | | SCTP_SOCKET_LOCK(so, 1); |
2289 | | SCTP_TCB_LOCK(stcb); |
2290 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
2291 | | #endif |
2292 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
2293 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_19); |
2294 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2295 | | SCTP_SOCKET_UNLOCK(so, 1); |
2296 | | #endif |
2297 | 0 | return (NULL); |
2298 | 0 | } |
2299 | | /* load all addresses */ |
2300 | 0 | if (sctp_load_addresses_from_init(stcb, m, |
2301 | 0 | init_offset + sizeof(struct sctp_init_chunk), |
2302 | 0 | initack_offset, src, dst, init_src, port) < 0) { |
2303 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2304 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
2305 | | SCTP_TCB_UNLOCK(stcb); |
2306 | | SCTP_SOCKET_LOCK(so, 1); |
2307 | | SCTP_TCB_LOCK(stcb); |
2308 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
2309 | | #endif |
2310 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
2311 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_20); |
2312 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2313 | | SCTP_SOCKET_UNLOCK(so, 1); |
2314 | | #endif |
2315 | 0 | return (NULL); |
2316 | 0 | } |
2317 | | /* |
2318 | | * verify any preceding AUTH chunk that was skipped |
2319 | | */ |
2320 | | /* pull the local authentication parameters from the cookie/init-ack */ |
2321 | 0 | sctp_auth_get_cookie_params(stcb, m, |
2322 | 0 | initack_offset + sizeof(struct sctp_init_ack_chunk), |
2323 | 0 | initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk))); |
2324 | 0 | if (auth_skipped) { |
2325 | 0 | struct sctp_auth_chunk *auth; |
2326 | |
|
2327 | 0 | if (auth_len <= SCTP_CHUNK_BUFFER_SIZE) { |
2328 | 0 | auth = (struct sctp_auth_chunk *)sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf); |
2329 | 0 | } else { |
2330 | 0 | auth = NULL; |
2331 | 0 | } |
2332 | 0 | if ((auth == NULL) || sctp_handle_auth(stcb, auth, m, auth_offset)) { |
2333 | | /* auth HMAC failed, dump the assoc and packet */ |
2334 | 0 | SCTPDBG(SCTP_DEBUG_AUTH1, |
2335 | 0 | "COOKIE-ECHO: AUTH failed\n"); |
2336 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2337 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
2338 | | SCTP_TCB_UNLOCK(stcb); |
2339 | | SCTP_SOCKET_LOCK(so, 1); |
2340 | | SCTP_TCB_LOCK(stcb); |
2341 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
2342 | | #endif |
2343 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
2344 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_21); |
2345 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2346 | | SCTP_SOCKET_UNLOCK(so, 1); |
2347 | | #endif |
2348 | 0 | return (NULL); |
2349 | 0 | } else { |
2350 | | /* remaining chunks checked... good to go */ |
2351 | 0 | stcb->asoc.authenticated = 1; |
2352 | 0 | } |
2353 | 0 | } |
2354 | | |
2355 | | /* |
2356 | | * if we're doing ASCONFs, check to see if we have any new local |
2357 | | * addresses that need to get added to the peer (eg. addresses |
2358 | | * changed while cookie echo in flight). This needs to be done |
2359 | | * after we go to the OPEN state to do the correct asconf |
2360 | | * processing. else, make sure we have the correct addresses in our |
2361 | | * lists |
2362 | | */ |
2363 | | |
2364 | | /* warning, we re-use sin, sin6, sa_store here! */ |
2365 | | /* pull in local_address (our "from" address) */ |
2366 | 0 | switch (cookie->laddr_type) { |
2367 | 0 | #ifdef INET |
2368 | 0 | case SCTP_IPV4_ADDRESS: |
2369 | | /* source addr is IPv4 */ |
2370 | 0 | memset(&store.sin, 0, sizeof(struct sockaddr_in)); |
2371 | 0 | store.sin.sin_family = AF_INET; |
2372 | | #ifdef HAVE_SIN_LEN |
2373 | | store.sin.sin_len = sizeof(struct sockaddr_in); |
2374 | | #endif |
2375 | 0 | store.sin.sin_addr.s_addr = cookie->laddress[0]; |
2376 | 0 | break; |
2377 | 0 | #endif |
2378 | 0 | #ifdef INET6 |
2379 | 0 | case SCTP_IPV6_ADDRESS: |
2380 | | /* source addr is IPv6 */ |
2381 | 0 | memset(&store.sin6, 0, sizeof(struct sockaddr_in6)); |
2382 | 0 | store.sin6.sin6_family = AF_INET6; |
2383 | | #ifdef HAVE_SIN6_LEN |
2384 | | store.sin6.sin6_len = sizeof(struct sockaddr_in6); |
2385 | | #endif |
2386 | 0 | store.sin6.sin6_scope_id = cookie->scope_id; |
2387 | 0 | memcpy(&store.sin6.sin6_addr, cookie->laddress, sizeof(struct in6_addr)); |
2388 | 0 | break; |
2389 | 0 | #endif |
2390 | 0 | #if defined(__Userspace__) |
2391 | 0 | case SCTP_CONN_ADDRESS: |
2392 | | /* source addr is conn */ |
2393 | 0 | memset(&store.sconn, 0, sizeof(struct sockaddr_conn)); |
2394 | 0 | store.sconn.sconn_family = AF_CONN; |
2395 | | #ifdef HAVE_SCONN_LEN |
2396 | | store.sconn.sconn_len = sizeof(struct sockaddr_conn); |
2397 | | #endif |
2398 | 0 | memcpy(&store.sconn.sconn_addr, cookie->laddress, sizeof(void *)); |
2399 | 0 | break; |
2400 | 0 | #endif |
2401 | 0 | default: |
2402 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2403 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
2404 | | SCTP_TCB_UNLOCK(stcb); |
2405 | | SCTP_SOCKET_LOCK(so, 1); |
2406 | | SCTP_TCB_LOCK(stcb); |
2407 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
2408 | | #endif |
2409 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
2410 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_22); |
2411 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2412 | | SCTP_SOCKET_UNLOCK(so, 1); |
2413 | | #endif |
2414 | 0 | return (NULL); |
2415 | 0 | } |
2416 | | |
2417 | | /* update current state */ |
2418 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "moving to OPEN state\n"); |
2419 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_OPEN); |
2420 | 0 | sctp_stop_all_cookie_timers(stcb); |
2421 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_passiveestab); |
2422 | 0 | SCTP_STAT_INCR_GAUGE32(sctps_currestab); |
2423 | | |
2424 | | /* set up to notify upper layer */ |
2425 | 0 | *notification = SCTP_NOTIFY_ASSOC_UP; |
2426 | 0 | if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || |
2427 | 0 | (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && |
2428 | 0 | (!SCTP_IS_LISTENING(inp))) { |
2429 | | /* |
2430 | | * This is an endpoint that called connect() how it got a |
2431 | | * cookie that is NEW is a bit of a mystery. It must be that |
2432 | | * the INIT was sent, but before it got there.. a complete |
2433 | | * INIT/INIT-ACK/COOKIE arrived. But of course then it |
2434 | | * should have went to the other code.. not here.. oh well.. |
2435 | | * a bit of protection is worth having.. |
2436 | | * |
2437 | | * XXXMJ unlocked |
2438 | | */ |
2439 | 0 | sctp_pcb_add_flags(stcb->sctp_ep, SCTP_PCB_FLAGS_CONNECTED); |
2440 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2441 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
2442 | | SCTP_TCB_UNLOCK(stcb); |
2443 | | SCTP_SOCKET_LOCK(so, 1); |
2444 | | SCTP_TCB_LOCK(stcb); |
2445 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
2446 | | if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { |
2447 | | SCTP_SOCKET_UNLOCK(so, 1); |
2448 | | return (NULL); |
2449 | | } |
2450 | | #endif |
2451 | 0 | soisconnected(stcb->sctp_socket); |
2452 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2453 | | SCTP_SOCKET_UNLOCK(so, 1); |
2454 | | #endif |
2455 | 0 | } else if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && |
2456 | 0 | (SCTP_IS_LISTENING(inp))) { |
2457 | | /* |
2458 | | * We don't want to do anything with this one. Since it is |
2459 | | * the listening guy. The timer will get started for |
2460 | | * accepted connections in the caller. |
2461 | | */ |
2462 | 0 | ; |
2463 | 0 | } |
2464 | 0 | if (stcb->asoc.sctp_autoclose_ticks && |
2465 | 0 | sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) { |
2466 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL); |
2467 | 0 | } |
2468 | 0 | (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered); |
2469 | 0 | *netp = sctp_findnet(stcb, init_src); |
2470 | 0 | if (*netp != NULL) { |
2471 | | /* |
2472 | | * Since we did not send a HB, make sure we don't double |
2473 | | * things. |
2474 | | */ |
2475 | 0 | (*netp)->hb_responded = 1; |
2476 | 0 | } |
2477 | | /* respond with a COOKIE-ACK */ |
2478 | 0 | sctp_send_cookie_ack(stcb); |
2479 | | |
2480 | | /* |
2481 | | * check the address lists for any ASCONFs that need to be sent |
2482 | | * AFTER the cookie-ack is sent |
2483 | | */ |
2484 | 0 | sctp_check_address_list(stcb, m, |
2485 | 0 | initack_offset + sizeof(struct sctp_init_ack_chunk), |
2486 | 0 | initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk)), |
2487 | 0 | &store.sa, cookie->local_scope, cookie->site_scope, |
2488 | 0 | cookie->ipv4_scope, cookie->loopback_scope); |
2489 | |
|
2490 | 0 | return (stcb); |
2491 | 0 | } |
2492 | | |
2493 | | /* |
2494 | | * CODE LIKE THIS NEEDS TO RUN IF the peer supports the NAT extension, i.e |
2495 | | * we NEED to make sure we are not already using the vtag. If so we |
2496 | | * need to send back an ABORT-TRY-AGAIN-WITH-NEW-TAG No middle box bit! |
2497 | | head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(tag, |
2498 | | SCTP_BASE_INFO(hashasocmark))]; |
2499 | | LIST_FOREACH(stcb, head, sctp_asocs) { |
2500 | | if ((stcb->asoc.my_vtag == tag) && (stcb->rport == rport) && (inp == stcb->sctp_ep)) { |
2501 | | -- SEND ABORT - TRY AGAIN -- |
2502 | | } |
2503 | | } |
2504 | | */ |
2505 | | |
2506 | | /* |
2507 | | * handles a COOKIE-ECHO message stcb: modified to either a new or left as |
2508 | | * existing (non-NULL) TCB |
2509 | | */ |
2510 | | static struct mbuf * |
2511 | | sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, |
2512 | | struct sockaddr *src, struct sockaddr *dst, |
2513 | | struct sctphdr *sh, struct sctp_cookie_echo_chunk *cp, |
2514 | | struct sctp_inpcb **inp_p, struct sctp_tcb **stcb, struct sctp_nets **netp, |
2515 | | int auth_skipped, uint32_t auth_offset, uint32_t auth_len, |
2516 | | struct sctp_tcb **locked_tcb, |
2517 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2518 | | uint8_t mflowtype, uint32_t mflowid, |
2519 | | #endif |
2520 | | uint32_t vrf_id, uint16_t port) |
2521 | 20.9k | { |
2522 | 20.9k | struct sctp_state_cookie *cookie; |
2523 | 20.9k | struct sctp_tcb *l_stcb = *stcb; |
2524 | 20.9k | struct sctp_inpcb *l_inp; |
2525 | 20.9k | struct sockaddr *to; |
2526 | 20.9k | struct sctp_pcb *ep; |
2527 | 20.9k | struct mbuf *m_sig; |
2528 | 20.9k | uint8_t calc_sig[SCTP_SIGNATURE_SIZE], tmp_sig[SCTP_SIGNATURE_SIZE]; |
2529 | 20.9k | uint8_t *sig; |
2530 | 20.9k | #if defined(__Userspace__) && defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) |
2531 | 20.9k | uint8_t cookie_ok = 1; |
2532 | | #else |
2533 | | uint8_t cookie_ok = 0; |
2534 | | #endif |
2535 | 20.9k | unsigned int sig_offset, cookie_offset; |
2536 | 20.9k | unsigned int cookie_len; |
2537 | 20.9k | struct timeval now; |
2538 | 20.9k | struct timeval time_entered, time_expires; |
2539 | 20.9k | int notification = 0; |
2540 | 20.9k | struct sctp_nets *netl; |
2541 | 20.9k | int had_a_existing_tcb = 0; |
2542 | 20.9k | int send_int_conf = 0; |
2543 | 20.9k | #ifdef INET |
2544 | 20.9k | struct sockaddr_in sin; |
2545 | 20.9k | #endif |
2546 | 20.9k | #ifdef INET6 |
2547 | 20.9k | struct sockaddr_in6 sin6; |
2548 | 20.9k | #endif |
2549 | 20.9k | #if defined(__Userspace__) |
2550 | 20.9k | struct sockaddr_conn sconn; |
2551 | 20.9k | #endif |
2552 | | |
2553 | 20.9k | SCTPDBG(SCTP_DEBUG_INPUT2, |
2554 | 20.9k | "sctp_handle_cookie: handling COOKIE-ECHO\n"); |
2555 | | |
2556 | 20.9k | if (inp_p == NULL) { |
2557 | 0 | return (NULL); |
2558 | 0 | } |
2559 | 20.9k | cookie = &cp->cookie; |
2560 | 20.9k | cookie_offset = offset + sizeof(struct sctp_chunkhdr); |
2561 | 20.9k | cookie_len = ntohs(cp->ch.chunk_length); |
2562 | | |
2563 | 20.9k | if (cookie_len < sizeof(struct sctp_cookie_echo_chunk) + |
2564 | 20.9k | sizeof(struct sctp_init_chunk) + |
2565 | 20.9k | sizeof(struct sctp_init_ack_chunk) + SCTP_SIGNATURE_SIZE) { |
2566 | | /* cookie too small */ |
2567 | 5.36k | return (NULL); |
2568 | 5.36k | } |
2569 | 15.5k | if ((cookie->peerport != sh->src_port) || |
2570 | 14.8k | (cookie->myport != sh->dest_port) || |
2571 | 14.4k | (cookie->my_vtag != sh->v_tag)) { |
2572 | | /* |
2573 | | * invalid ports or bad tag. Note that we always leave the |
2574 | | * v_tag in the header in network order and when we stored |
2575 | | * it in the my_vtag slot we also left it in network order. |
2576 | | * This maintains the match even though it may be in the |
2577 | | * opposite byte order of the machine :-> |
2578 | | */ |
2579 | 1.65k | return (NULL); |
2580 | 1.65k | } |
2581 | 13.9k | #if defined(__Userspace__) |
2582 | | /* |
2583 | | * Recover the AF_CONN addresses within the cookie. |
2584 | | * This needs to be done in the buffer provided for later processing |
2585 | | * of the cookie and in the mbuf chain for HMAC validation. |
2586 | | */ |
2587 | 13.9k | if ((cookie->addr_type == SCTP_CONN_ADDRESS) && (src->sa_family == AF_CONN)) { |
2588 | 1.03k | struct sockaddr_conn *sconnp = (struct sockaddr_conn *)src; |
2589 | | |
2590 | 1.03k | memcpy(cookie->address, &sconnp->sconn_addr , sizeof(void *)); |
2591 | 1.03k | m_copyback(m, cookie_offset + offsetof(struct sctp_state_cookie, address), |
2592 | 1.03k | (int)sizeof(void *), (caddr_t)&sconnp->sconn_addr); |
2593 | 1.03k | } |
2594 | 13.9k | if ((cookie->laddr_type == SCTP_CONN_ADDRESS) && (dst->sa_family == AF_CONN)) { |
2595 | 1.01k | struct sockaddr_conn *sconnp = (struct sockaddr_conn *)dst; |
2596 | | |
2597 | 1.01k | memcpy(cookie->laddress, &sconnp->sconn_addr , sizeof(void *)); |
2598 | 1.01k | m_copyback(m, cookie_offset + offsetof(struct sctp_state_cookie, laddress), |
2599 | 1.01k | (int)sizeof(void *), (caddr_t)&sconnp->sconn_addr); |
2600 | 1.01k | } |
2601 | 13.9k | #endif |
2602 | | /* |
2603 | | * split off the signature into its own mbuf (since it should not be |
2604 | | * calculated in the sctp_hmac_m() call). |
2605 | | */ |
2606 | 13.9k | sig_offset = offset + cookie_len - SCTP_SIGNATURE_SIZE; |
2607 | 13.9k | m_sig = m_split(m, sig_offset, M_NOWAIT); |
2608 | 13.9k | if (m_sig == NULL) { |
2609 | | /* out of memory or ?? */ |
2610 | 0 | return (NULL); |
2611 | 0 | } |
2612 | | #ifdef SCTP_MBUF_LOGGING |
2613 | | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { |
2614 | | sctp_log_mbc(m_sig, SCTP_MBUF_SPLIT); |
2615 | | } |
2616 | | #endif |
2617 | | |
2618 | | /* |
2619 | | * compute the signature/digest for the cookie |
2620 | | */ |
2621 | 13.9k | if (l_stcb != NULL) { |
2622 | 13.9k | atomic_add_int(&l_stcb->asoc.refcnt, 1); |
2623 | 13.9k | SCTP_TCB_UNLOCK(l_stcb); |
2624 | 13.9k | } |
2625 | 13.9k | l_inp = *inp_p; |
2626 | 13.9k | SCTP_INP_RLOCK(l_inp); |
2627 | 13.9k | if (l_stcb != NULL) { |
2628 | 13.9k | SCTP_TCB_LOCK(l_stcb); |
2629 | 13.9k | atomic_subtract_int(&l_stcb->asoc.refcnt, 1); |
2630 | 13.9k | } |
2631 | 13.9k | if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { |
2632 | 0 | SCTP_INP_RUNLOCK(l_inp); |
2633 | 0 | sctp_m_freem(m_sig); |
2634 | 0 | return (NULL); |
2635 | 0 | } |
2636 | 13.9k | ep = &(*inp_p)->sctp_ep; |
2637 | | /* which cookie is it? */ |
2638 | 13.9k | if ((cookie->time_entered.tv_sec < ep->time_of_secret_change) && |
2639 | 11.6k | (ep->current_secret_number != ep->last_secret_number)) { |
2640 | | /* it's the old cookie */ |
2641 | 0 | (void)sctp_hmac_m(SCTP_HMAC, |
2642 | 0 | (uint8_t *)ep->secret_key[(int)ep->last_secret_number], |
2643 | 0 | SCTP_SECRET_SIZE, m, cookie_offset, calc_sig, 0); |
2644 | 13.9k | } else { |
2645 | | /* it's the current cookie */ |
2646 | 13.9k | (void)sctp_hmac_m(SCTP_HMAC, |
2647 | 13.9k | (uint8_t *)ep->secret_key[(int)ep->current_secret_number], |
2648 | 13.9k | SCTP_SECRET_SIZE, m, cookie_offset, calc_sig, 0); |
2649 | 13.9k | } |
2650 | | /* get the signature */ |
2651 | 13.9k | SCTP_INP_RUNLOCK(l_inp); |
2652 | 13.9k | sig = (uint8_t *) sctp_m_getptr(m_sig, 0, SCTP_SIGNATURE_SIZE, (uint8_t *) & tmp_sig); |
2653 | 13.9k | if (sig == NULL) { |
2654 | | /* couldn't find signature */ |
2655 | 0 | sctp_m_freem(m_sig); |
2656 | 0 | return (NULL); |
2657 | 0 | } |
2658 | | /* compare the received digest with the computed digest */ |
2659 | 13.9k | if (timingsafe_bcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) { |
2660 | | /* try the old cookie? */ |
2661 | 13.9k | if ((cookie->time_entered.tv_sec == ep->time_of_secret_change) && |
2662 | 0 | (ep->current_secret_number != ep->last_secret_number)) { |
2663 | | /* compute digest with old */ |
2664 | 0 | (void)sctp_hmac_m(SCTP_HMAC, |
2665 | 0 | (uint8_t *)ep->secret_key[(int)ep->last_secret_number], |
2666 | 0 | SCTP_SECRET_SIZE, m, cookie_offset, calc_sig, 0); |
2667 | | /* compare */ |
2668 | 0 | if (timingsafe_bcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0) |
2669 | 0 | cookie_ok = 1; |
2670 | 0 | } |
2671 | 13.9k | } else { |
2672 | 0 | cookie_ok = 1; |
2673 | 0 | } |
2674 | | |
2675 | | /* |
2676 | | * Now before we continue we must reconstruct our mbuf so that |
2677 | | * normal processing of any other chunks will work. |
2678 | | */ |
2679 | 13.9k | { |
2680 | 13.9k | struct mbuf *m_at; |
2681 | | |
2682 | 13.9k | m_at = m; |
2683 | 16.7k | while (SCTP_BUF_NEXT(m_at) != NULL) { |
2684 | 2.78k | m_at = SCTP_BUF_NEXT(m_at); |
2685 | 2.78k | } |
2686 | 13.9k | SCTP_BUF_NEXT(m_at) = m_sig; |
2687 | 13.9k | } |
2688 | | |
2689 | 13.9k | if (cookie_ok == 0) { |
2690 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "handle_cookie_echo: cookie signature validation failed!\n"); |
2691 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, |
2692 | 0 | "offset = %u, cookie_offset = %u, sig_offset = %u\n", |
2693 | 0 | (uint32_t) offset, cookie_offset, sig_offset); |
2694 | 0 | return (NULL); |
2695 | 0 | } |
2696 | | |
2697 | 13.9k | if (sctp_ticks_to_msecs(cookie->cookie_life) > SCTP_MAX_COOKIE_LIFE) { |
2698 | 3.16k | SCTPDBG(SCTP_DEBUG_INPUT2, "handle_cookie_echo: Invalid cookie lifetime\n"); |
2699 | 3.16k | return (NULL); |
2700 | 3.16k | } |
2701 | 10.7k | time_entered.tv_sec = cookie->time_entered.tv_sec; |
2702 | 10.7k | time_entered.tv_usec = cookie->time_entered.tv_usec; |
2703 | 10.7k | if ((time_entered.tv_sec < 0) || |
2704 | 10.2k | (time_entered.tv_usec < 0) || |
2705 | 9.88k | (time_entered.tv_usec >= 1000000)) { |
2706 | | /* Invalid time stamp. Cookie must have been modified. */ |
2707 | 1.84k | SCTPDBG(SCTP_DEBUG_INPUT2, "handle_cookie_echo: Invalid time stamp\n"); |
2708 | 1.84k | return (NULL); |
2709 | 1.84k | } |
2710 | 8.90k | (void)SCTP_GETTIME_TIMEVAL(&now); |
2711 | 8.90k | #if !(defined(__FreeBSD__) && !defined(__Userspace__)) |
2712 | 8.90k | if (timercmp(&now, &time_entered, <)) { |
2713 | | #else |
2714 | | if (timevalcmp(&now, &time_entered, <)) { |
2715 | | #endif |
2716 | 735 | SCTPDBG(SCTP_DEBUG_INPUT2, "handle_cookie_echo: cookie generated in the future!\n"); |
2717 | 735 | return (NULL); |
2718 | 735 | } |
2719 | | /* |
2720 | | * Check the cookie timestamps to be sure it's not stale. |
2721 | | * cookie_life is in ticks, so we convert to seconds. |
2722 | | */ |
2723 | 8.16k | time_expires.tv_sec = time_entered.tv_sec + sctp_ticks_to_secs(cookie->cookie_life); |
2724 | 8.16k | time_expires.tv_usec = time_entered.tv_usec; |
2725 | 8.16k | #if !(defined(__FreeBSD__) && !defined(__Userspace__)) |
2726 | 8.16k | if (timercmp(&now, &time_expires, >)) |
2727 | | #else |
2728 | | if (timevalcmp(&now, &time_expires, >)) |
2729 | | #endif |
2730 | 8.16k | { |
2731 | | /* cookie is stale! */ |
2732 | 8.16k | struct mbuf *op_err; |
2733 | 8.16k | struct sctp_error_stale_cookie *cause; |
2734 | 8.16k | struct timeval diff; |
2735 | 8.16k | uint32_t staleness; |
2736 | | |
2737 | 8.16k | op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_error_stale_cookie), |
2738 | 8.16k | 0, M_NOWAIT, 1, MT_DATA); |
2739 | 8.16k | if (op_err == NULL) { |
2740 | | /* FOOBAR */ |
2741 | 0 | return (NULL); |
2742 | 0 | } |
2743 | | /* Set the len */ |
2744 | 8.16k | SCTP_BUF_LEN(op_err) = sizeof(struct sctp_error_stale_cookie); |
2745 | 8.16k | cause = mtod(op_err, struct sctp_error_stale_cookie *); |
2746 | 8.16k | cause->cause.code = htons(SCTP_CAUSE_STALE_COOKIE); |
2747 | 8.16k | cause->cause.length = htons(sizeof(struct sctp_error_stale_cookie)); |
2748 | 8.16k | #if !(defined(__FreeBSD__) && !defined(__Userspace__)) |
2749 | 8.16k | timersub(&now, &time_expires, &diff); |
2750 | | #else |
2751 | | diff = now; |
2752 | | timevalsub(&diff, &time_expires); |
2753 | | #endif |
2754 | 8.16k | if ((uint32_t)diff.tv_sec > UINT32_MAX / 1000000) { |
2755 | 8.16k | staleness = UINT32_MAX; |
2756 | 8.16k | } else { |
2757 | 0 | staleness = (uint32_t)diff.tv_sec * 1000000; |
2758 | 0 | } |
2759 | 8.16k | if (UINT32_MAX - staleness >= (uint32_t)diff.tv_usec) { |
2760 | 0 | staleness += (uint32_t)diff.tv_usec; |
2761 | 8.16k | } else { |
2762 | 8.16k | staleness = UINT32_MAX; |
2763 | 8.16k | } |
2764 | 8.16k | cause->stale_time = htonl(staleness); |
2765 | 8.16k | sctp_send_operr_to(src, dst, sh, cookie->peers_vtag, op_err, |
2766 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2767 | | mflowtype, mflowid, l_inp->fibnum, |
2768 | | #endif |
2769 | 8.16k | vrf_id, port); |
2770 | 8.16k | return (NULL); |
2771 | 8.16k | } |
2772 | | /* |
2773 | | * Now we must see with the lookup address if we have an existing |
2774 | | * asoc. This will only happen if we were in the COOKIE-WAIT state |
2775 | | * and a INIT collided with us and somewhere the peer sent the |
2776 | | * cookie on another address besides the single address our assoc |
2777 | | * had for him. In this case we will have one of the tie-tags set at |
2778 | | * least AND the address field in the cookie can be used to look it |
2779 | | * up. |
2780 | | */ |
2781 | 0 | to = NULL; |
2782 | 0 | switch (cookie->addr_type) { |
2783 | 0 | #ifdef INET6 |
2784 | 0 | case SCTP_IPV6_ADDRESS: |
2785 | 0 | memset(&sin6, 0, sizeof(sin6)); |
2786 | 0 | sin6.sin6_family = AF_INET6; |
2787 | | #ifdef HAVE_SIN6_LEN |
2788 | | sin6.sin6_len = sizeof(sin6); |
2789 | | #endif |
2790 | 0 | sin6.sin6_port = sh->src_port; |
2791 | 0 | sin6.sin6_scope_id = cookie->scope_id; |
2792 | 0 | memcpy(&sin6.sin6_addr.s6_addr, cookie->address, |
2793 | 0 | sizeof(sin6.sin6_addr.s6_addr)); |
2794 | 0 | to = (struct sockaddr *)&sin6; |
2795 | 0 | break; |
2796 | 0 | #endif |
2797 | 0 | #ifdef INET |
2798 | 0 | case SCTP_IPV4_ADDRESS: |
2799 | 0 | memset(&sin, 0, sizeof(sin)); |
2800 | 0 | sin.sin_family = AF_INET; |
2801 | | #ifdef HAVE_SIN_LEN |
2802 | | sin.sin_len = sizeof(sin); |
2803 | | #endif |
2804 | 0 | sin.sin_port = sh->src_port; |
2805 | 0 | sin.sin_addr.s_addr = cookie->address[0]; |
2806 | 0 | to = (struct sockaddr *)&sin; |
2807 | 0 | break; |
2808 | 0 | #endif |
2809 | 0 | #if defined(__Userspace__) |
2810 | 0 | case SCTP_CONN_ADDRESS: |
2811 | 0 | memset(&sconn, 0, sizeof(struct sockaddr_conn)); |
2812 | 0 | sconn.sconn_family = AF_CONN; |
2813 | | #ifdef HAVE_SCONN_LEN |
2814 | | sconn.sconn_len = sizeof(struct sockaddr_conn); |
2815 | | #endif |
2816 | 0 | sconn.sconn_port = sh->src_port; |
2817 | 0 | memcpy(&sconn.sconn_addr, cookie->address, sizeof(void *)); |
2818 | 0 | to = (struct sockaddr *)&sconn; |
2819 | 0 | break; |
2820 | 0 | #endif |
2821 | 0 | default: |
2822 | | /* This should not happen */ |
2823 | 0 | return (NULL); |
2824 | 0 | } |
2825 | 0 | if (*stcb == NULL) { |
2826 | | /* Yep, lets check */ |
2827 | 0 | *stcb = sctp_findassociation_ep_addr(inp_p, to, netp, dst, NULL); |
2828 | 0 | if (*stcb == NULL) { |
2829 | | /* |
2830 | | * We should have only got back the same inp. If we |
2831 | | * got back a different ep we have a problem. The |
2832 | | * original findep got back l_inp and now |
2833 | | */ |
2834 | 0 | if (l_inp != *inp_p) { |
2835 | 0 | SCTP_PRINTF("Bad problem find_ep got a diff inp then special_locate?\n"); |
2836 | 0 | } |
2837 | 0 | } else { |
2838 | 0 | if (*locked_tcb == NULL) { |
2839 | | /* In this case we found the assoc only |
2840 | | * after we locked the create lock. This means |
2841 | | * we are in a colliding case and we must make |
2842 | | * sure that we unlock the tcb if its one of the |
2843 | | * cases where we throw away the incoming packets. |
2844 | | */ |
2845 | 0 | *locked_tcb = *stcb; |
2846 | | |
2847 | | /* We must also increment the inp ref count |
2848 | | * since the ref_count flags was set when we |
2849 | | * did not find the TCB, now we found it which |
2850 | | * reduces the refcount.. we must raise it back |
2851 | | * out to balance it all :-) |
2852 | | */ |
2853 | 0 | SCTP_INP_INCR_REF((*stcb)->sctp_ep); |
2854 | 0 | if ((*stcb)->sctp_ep != l_inp) { |
2855 | 0 | SCTP_PRINTF("Huh? ep:%p diff then l_inp:%p?\n", |
2856 | 0 | (void *)(*stcb)->sctp_ep, (void *)l_inp); |
2857 | 0 | } |
2858 | 0 | } |
2859 | 0 | } |
2860 | 0 | } |
2861 | |
|
2862 | 0 | cookie_len -= SCTP_SIGNATURE_SIZE; |
2863 | 0 | if (*stcb == NULL) { |
2864 | | /* this is the "normal" case... get a new TCB */ |
2865 | 0 | *stcb = sctp_process_cookie_new(m, iphlen, offset, src, dst, sh, |
2866 | 0 | cookie, cookie_len, *inp_p, |
2867 | 0 | netp, to, ¬ification, |
2868 | 0 | auth_skipped, auth_offset, auth_len, |
2869 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2870 | | mflowtype, mflowid, |
2871 | | #endif |
2872 | 0 | vrf_id, port); |
2873 | 0 | } else { |
2874 | | /* this is abnormal... cookie-echo on existing TCB */ |
2875 | 0 | had_a_existing_tcb = 1; |
2876 | 0 | *stcb = sctp_process_cookie_existing(m, iphlen, offset, |
2877 | 0 | src, dst, sh, |
2878 | 0 | cookie, cookie_len, *inp_p, *stcb, netp, to, |
2879 | 0 | ¬ification, auth_skipped, auth_offset, auth_len, |
2880 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2881 | | mflowtype, mflowid, |
2882 | | #endif |
2883 | 0 | vrf_id, port); |
2884 | 0 | if (*stcb == NULL) { |
2885 | 0 | *locked_tcb = NULL; |
2886 | 0 | } |
2887 | 0 | } |
2888 | |
|
2889 | 0 | if (*stcb == NULL) { |
2890 | | /* still no TCB... must be bad cookie-echo */ |
2891 | 0 | return (NULL); |
2892 | 0 | } |
2893 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2894 | | if (*netp != NULL) { |
2895 | | (*netp)->flowtype = mflowtype; |
2896 | | (*netp)->flowid = mflowid; |
2897 | | } |
2898 | | #endif |
2899 | | /* |
2900 | | * Ok, we built an association so confirm the address we sent the |
2901 | | * INIT-ACK to. |
2902 | | */ |
2903 | 0 | netl = sctp_findnet(*stcb, to); |
2904 | | /* |
2905 | | * This code should in theory NOT run but |
2906 | | */ |
2907 | 0 | if (netl == NULL) { |
2908 | | /* TSNH! Huh, why do I need to add this address here? */ |
2909 | 0 | if (sctp_add_remote_addr(*stcb, to, NULL, port, |
2910 | 0 | SCTP_DONOT_SETSCOPE, SCTP_IN_COOKIE_PROC)) { |
2911 | 0 | return (NULL); |
2912 | 0 | } |
2913 | 0 | netl = sctp_findnet(*stcb, to); |
2914 | 0 | } |
2915 | 0 | if (netl) { |
2916 | 0 | if (netl->dest_state & SCTP_ADDR_UNCONFIRMED) { |
2917 | 0 | netl->dest_state &= ~SCTP_ADDR_UNCONFIRMED; |
2918 | 0 | (void)sctp_set_primary_addr((*stcb), (struct sockaddr *)NULL, |
2919 | 0 | netl); |
2920 | 0 | send_int_conf = 1; |
2921 | 0 | } |
2922 | 0 | } |
2923 | 0 | sctp_start_net_timers(*stcb); |
2924 | 0 | if ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) { |
2925 | 0 | if (!had_a_existing_tcb || |
2926 | 0 | (((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0)) { |
2927 | | /* |
2928 | | * If we have a NEW cookie or the connect never |
2929 | | * reached the connected state during collision we |
2930 | | * must do the TCP accept thing. |
2931 | | */ |
2932 | 0 | struct socket *so, *oso; |
2933 | 0 | struct sctp_inpcb *inp; |
2934 | |
|
2935 | 0 | if (notification == SCTP_NOTIFY_ASSOC_RESTART) { |
2936 | | /* |
2937 | | * For a restart we will keep the same |
2938 | | * socket, no need to do anything. I THINK!! |
2939 | | */ |
2940 | 0 | sctp_ulp_notify(notification, *stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
2941 | 0 | if (send_int_conf) { |
2942 | 0 | sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, |
2943 | 0 | (*stcb), 0, (void *)netl, SCTP_SO_NOT_LOCKED); |
2944 | 0 | } |
2945 | 0 | return (m); |
2946 | 0 | } |
2947 | 0 | oso = (*inp_p)->sctp_socket; |
2948 | 0 | atomic_add_int(&(*stcb)->asoc.refcnt, 1); |
2949 | 0 | SCTP_TCB_UNLOCK((*stcb)); |
2950 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2951 | | CURVNET_SET(oso->so_vnet); |
2952 | | #endif |
2953 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2954 | | SCTP_SOCKET_LOCK(oso, 1); |
2955 | | #endif |
2956 | 0 | so = sonewconn(oso, 0 |
2957 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2958 | | ,NULL |
2959 | | #endif |
2960 | 0 | ); |
2961 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2962 | | SCTP_SOCKET_UNLOCK(oso, 1); |
2963 | | #endif |
2964 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2965 | | CURVNET_RESTORE(); |
2966 | | #endif |
2967 | 0 | SCTP_TCB_LOCK((*stcb)); |
2968 | 0 | atomic_subtract_int(&(*stcb)->asoc.refcnt, 1); |
2969 | |
|
2970 | 0 | if (so == NULL) { |
2971 | 0 | struct mbuf *op_err; |
2972 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2973 | | struct socket *pcb_so; |
2974 | | #endif |
2975 | | /* Too many sockets */ |
2976 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "process_cookie_new: no room for another socket!\n"); |
2977 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
2978 | 0 | sctp_abort_association(*inp_p, NULL, m, iphlen, |
2979 | 0 | src, dst, sh, op_err, |
2980 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2981 | | mflowtype, mflowid, |
2982 | | #endif |
2983 | 0 | vrf_id, port); |
2984 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2985 | | pcb_so = SCTP_INP_SO(*inp_p); |
2986 | | atomic_add_int(&(*stcb)->asoc.refcnt, 1); |
2987 | | SCTP_TCB_UNLOCK((*stcb)); |
2988 | | SCTP_SOCKET_LOCK(pcb_so, 1); |
2989 | | SCTP_TCB_LOCK((*stcb)); |
2990 | | atomic_subtract_int(&(*stcb)->asoc.refcnt, 1); |
2991 | | #endif |
2992 | 0 | (void)sctp_free_assoc(*inp_p, *stcb, SCTP_NORMAL_PROC, |
2993 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_23); |
2994 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2995 | | SCTP_SOCKET_UNLOCK(pcb_so, 1); |
2996 | | #endif |
2997 | 0 | return (NULL); |
2998 | 0 | } |
2999 | 0 | inp = (struct sctp_inpcb *)so->so_pcb; |
3000 | 0 | SCTP_INP_INCR_REF(inp); |
3001 | | /* |
3002 | | * We add the unbound flag here so that |
3003 | | * if we get an soabort() before we get the |
3004 | | * move_pcb done, we will properly cleanup. |
3005 | | */ |
3006 | 0 | inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE | |
3007 | 0 | SCTP_PCB_FLAGS_CONNECTED | |
3008 | 0 | SCTP_PCB_FLAGS_IN_TCPPOOL | |
3009 | 0 | SCTP_PCB_FLAGS_UNBOUND | |
3010 | 0 | (SCTP_PCB_COPY_FLAGS & (*inp_p)->sctp_flags) | |
3011 | 0 | SCTP_PCB_FLAGS_DONT_WAKE); |
3012 | 0 | inp->sctp_features = (*inp_p)->sctp_features; |
3013 | 0 | inp->sctp_mobility_features = (*inp_p)->sctp_mobility_features; |
3014 | 0 | inp->sctp_socket = so; |
3015 | 0 | inp->sctp_frag_point = (*inp_p)->sctp_frag_point; |
3016 | 0 | inp->max_cwnd = (*inp_p)->max_cwnd; |
3017 | 0 | inp->sctp_cmt_on_off = (*inp_p)->sctp_cmt_on_off; |
3018 | 0 | inp->ecn_supported = (*inp_p)->ecn_supported; |
3019 | 0 | inp->prsctp_supported = (*inp_p)->prsctp_supported; |
3020 | 0 | inp->auth_supported = (*inp_p)->auth_supported; |
3021 | 0 | inp->asconf_supported = (*inp_p)->asconf_supported; |
3022 | 0 | inp->reconfig_supported = (*inp_p)->reconfig_supported; |
3023 | 0 | inp->nrsack_supported = (*inp_p)->nrsack_supported; |
3024 | 0 | inp->pktdrop_supported = (*inp_p)->pktdrop_supported; |
3025 | 0 | inp->partial_delivery_point = (*inp_p)->partial_delivery_point; |
3026 | 0 | inp->sctp_context = (*inp_p)->sctp_context; |
3027 | 0 | inp->local_strreset_support = (*inp_p)->local_strreset_support; |
3028 | 0 | inp->fibnum = (*inp_p)->fibnum; |
3029 | 0 | #if defined(__Userspace__) |
3030 | 0 | inp->ulp_info = (*inp_p)->ulp_info; |
3031 | 0 | inp->recv_callback = (*inp_p)->recv_callback; |
3032 | 0 | inp->send_callback = (*inp_p)->send_callback; |
3033 | 0 | inp->send_sb_threshold = (*inp_p)->send_sb_threshold; |
3034 | 0 | #endif |
3035 | | /* |
3036 | | * copy in the authentication parameters from the |
3037 | | * original endpoint |
3038 | | */ |
3039 | 0 | if (inp->sctp_ep.local_hmacs) |
3040 | 0 | sctp_free_hmaclist(inp->sctp_ep.local_hmacs); |
3041 | 0 | inp->sctp_ep.local_hmacs = |
3042 | 0 | sctp_copy_hmaclist((*inp_p)->sctp_ep.local_hmacs); |
3043 | 0 | if (inp->sctp_ep.local_auth_chunks) |
3044 | 0 | sctp_free_chunklist(inp->sctp_ep.local_auth_chunks); |
3045 | 0 | inp->sctp_ep.local_auth_chunks = |
3046 | 0 | sctp_copy_chunklist((*inp_p)->sctp_ep.local_auth_chunks); |
3047 | | |
3048 | | /* |
3049 | | * Now we must move it from one hash table to |
3050 | | * another and get the tcb in the right place. |
3051 | | */ |
3052 | | |
3053 | | /* This is where the one-2-one socket is put into |
3054 | | * the accept state waiting for the accept! |
3055 | | */ |
3056 | 0 | if (*stcb) { |
3057 | 0 | SCTP_ADD_SUBSTATE(*stcb, SCTP_STATE_IN_ACCEPT_QUEUE); |
3058 | 0 | } |
3059 | 0 | sctp_move_pcb_and_assoc(*inp_p, inp, *stcb); |
3060 | |
|
3061 | 0 | atomic_add_int(&(*stcb)->asoc.refcnt, 1); |
3062 | 0 | SCTP_TCB_UNLOCK((*stcb)); |
3063 | | |
3064 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
3065 | | sctp_pull_off_control_to_new_inp((*inp_p), inp, *stcb, |
3066 | | 0); |
3067 | | #else |
3068 | 0 | sctp_pull_off_control_to_new_inp((*inp_p), inp, *stcb, M_NOWAIT); |
3069 | 0 | #endif |
3070 | 0 | SCTP_TCB_LOCK((*stcb)); |
3071 | 0 | atomic_subtract_int(&(*stcb)->asoc.refcnt, 1); |
3072 | | |
3073 | | /* now we must check to see if we were aborted while |
3074 | | * the move was going on and the lock/unlock happened. |
3075 | | */ |
3076 | 0 | if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { |
3077 | | /* yep it was, we leave the |
3078 | | * assoc attached to the socket since |
3079 | | * the sctp_inpcb_free() call will send |
3080 | | * an abort for us. |
3081 | | */ |
3082 | 0 | SCTP_INP_DECR_REF(inp); |
3083 | 0 | return (NULL); |
3084 | 0 | } |
3085 | 0 | SCTP_INP_DECR_REF(inp); |
3086 | | /* Switch over to the new guy */ |
3087 | 0 | *inp_p = inp; |
3088 | 0 | sctp_ulp_notify(notification, *stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
3089 | 0 | if (send_int_conf) { |
3090 | 0 | sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, |
3091 | 0 | (*stcb), 0, (void *)netl, SCTP_SO_NOT_LOCKED); |
3092 | 0 | } |
3093 | | |
3094 | | /* Pull it from the incomplete queue and wake the guy */ |
3095 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3096 | | atomic_add_int(&(*stcb)->asoc.refcnt, 1); |
3097 | | SCTP_TCB_UNLOCK((*stcb)); |
3098 | | SCTP_SOCKET_LOCK(so, 1); |
3099 | | #endif |
3100 | 0 | soisconnected(so); |
3101 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3102 | | SCTP_TCB_LOCK((*stcb)); |
3103 | | atomic_subtract_int(&(*stcb)->asoc.refcnt, 1); |
3104 | | SCTP_SOCKET_UNLOCK(so, 1); |
3105 | | #endif |
3106 | 0 | return (m); |
3107 | 0 | } |
3108 | 0 | } |
3109 | 0 | if (notification) { |
3110 | 0 | sctp_ulp_notify(notification, *stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
3111 | 0 | } |
3112 | 0 | if (send_int_conf) { |
3113 | 0 | sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, |
3114 | 0 | (*stcb), 0, (void *)netl, SCTP_SO_NOT_LOCKED); |
3115 | 0 | } |
3116 | 0 | return (m); |
3117 | 0 | } |
3118 | | |
3119 | | static void |
3120 | | sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk *cp SCTP_UNUSED, |
3121 | | struct sctp_tcb *stcb, struct sctp_nets *net) |
3122 | 1.59k | { |
3123 | | /* cp must not be used, others call this without a c-ack :-) */ |
3124 | 1.59k | struct sctp_association *asoc; |
3125 | 1.59k | struct sctp_tmit_chunk *chk; |
3126 | | |
3127 | 1.59k | SCTPDBG(SCTP_DEBUG_INPUT2, |
3128 | 1.59k | "sctp_handle_cookie_ack: handling COOKIE-ACK\n"); |
3129 | 1.59k | if ((stcb == NULL) || (net == NULL)) { |
3130 | 0 | return; |
3131 | 0 | } |
3132 | | |
3133 | 1.59k | asoc = &stcb->asoc; |
3134 | 1.59k | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) { |
3135 | 0 | sctp_misc_ints(SCTP_THRESHOLD_CLEAR, |
3136 | 0 | asoc->overall_error_count, |
3137 | 0 | 0, |
3138 | 0 | SCTP_FROM_SCTP_INPUT, |
3139 | 0 | __LINE__); |
3140 | 0 | } |
3141 | 1.59k | sctp_stop_all_cookie_timers(stcb); |
3142 | 1.59k | sctp_toss_old_cookies(stcb, asoc); |
3143 | | /* process according to association state */ |
3144 | 1.59k | if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) { |
3145 | | /* state change only needed when I am in right state */ |
3146 | 1.59k | SCTPDBG(SCTP_DEBUG_INPUT2, "moving to OPEN state\n"); |
3147 | 1.59k | SCTP_SET_STATE(stcb, SCTP_STATE_OPEN); |
3148 | 1.59k | sctp_start_net_timers(stcb); |
3149 | | /* update RTO */ |
3150 | 1.59k | SCTP_STAT_INCR_COUNTER32(sctps_activeestab); |
3151 | 1.59k | SCTP_STAT_INCR_GAUGE32(sctps_currestab); |
3152 | 1.59k | if (asoc->overall_error_count == 0) { |
3153 | 1.59k | sctp_calculate_rto(stcb, asoc, net, &asoc->time_entered, |
3154 | 1.59k | SCTP_RTT_FROM_NON_DATA); |
3155 | 1.59k | } |
3156 | | /* |
3157 | | * Since we did not send a HB make sure we don't double |
3158 | | * things. |
3159 | | */ |
3160 | 1.59k | asoc->overall_error_count = 0; |
3161 | 1.59k | net->hb_responded = 1; |
3162 | 1.59k | (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered); |
3163 | 1.59k | sctp_ulp_notify(SCTP_NOTIFY_ASSOC_UP, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
3164 | 1.59k | if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || |
3165 | 1.59k | (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { |
3166 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3167 | | struct socket *so; |
3168 | | |
3169 | | #endif |
3170 | 1.59k | sctp_pcb_add_flags(stcb->sctp_ep, SCTP_PCB_FLAGS_CONNECTED); |
3171 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3172 | | so = SCTP_INP_SO(stcb->sctp_ep); |
3173 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
3174 | | SCTP_TCB_UNLOCK(stcb); |
3175 | | SCTP_SOCKET_LOCK(so, 1); |
3176 | | SCTP_TCB_LOCK(stcb); |
3177 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
3178 | | #endif |
3179 | 1.59k | if ((stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) == 0) { |
3180 | 1.59k | soisconnected(stcb->sctp_socket); |
3181 | 1.59k | } |
3182 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3183 | | SCTP_SOCKET_UNLOCK(so, 1); |
3184 | | #endif |
3185 | 1.59k | } |
3186 | | |
3187 | 1.59k | if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) && |
3188 | 1.59k | TAILQ_EMPTY(&asoc->send_queue) && |
3189 | 1.59k | TAILQ_EMPTY(&asoc->sent_queue) && |
3190 | 0 | (asoc->stream_queue_cnt == 0)) { |
3191 | 0 | SCTP_STAT_DECR_GAUGE32(sctps_currestab); |
3192 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_SENT); |
3193 | 0 | sctp_stop_timers_for_shutdown(stcb); |
3194 | 0 | sctp_send_shutdown(stcb, net); |
3195 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, |
3196 | 0 | stcb->sctp_ep, stcb, net); |
3197 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, |
3198 | 0 | stcb->sctp_ep, stcb, NULL); |
3199 | 0 | sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_LOCKED); |
3200 | 0 | } |
3201 | | |
3202 | 1.59k | if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { |
3203 | | /* We don't need to do the asconf thing, |
3204 | | * nor hb or autoclose if the socket is closed. |
3205 | | */ |
3206 | 0 | goto closed_socket; |
3207 | 0 | } |
3208 | | |
3209 | 1.59k | sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, |
3210 | 1.59k | stcb, net); |
3211 | | |
3212 | 1.59k | if (stcb->asoc.sctp_autoclose_ticks && |
3213 | 0 | sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTOCLOSE)) { |
3214 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, |
3215 | 0 | stcb->sctp_ep, stcb, NULL); |
3216 | 0 | } |
3217 | | /* |
3218 | | * send ASCONF if parameters are pending and ASCONFs are |
3219 | | * allowed (eg. addresses changed when init/cookie echo were |
3220 | | * in flight) |
3221 | | */ |
3222 | 1.59k | if ((sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_DO_ASCONF)) && |
3223 | 1.59k | (stcb->asoc.asconf_supported == 1) && |
3224 | 1.59k | (!TAILQ_EMPTY(&stcb->asoc.asconf_queue))) { |
3225 | | #ifdef SCTP_TIMER_BASED_ASCONF |
3226 | | sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, |
3227 | | stcb->sctp_ep, stcb, |
3228 | | stcb->asoc.primary_destination); |
3229 | | #else |
3230 | 0 | sctp_send_asconf(stcb, stcb->asoc.primary_destination, |
3231 | 0 | SCTP_ADDR_NOT_LOCKED); |
3232 | 0 | #endif |
3233 | 0 | } |
3234 | 1.59k | } |
3235 | 1.59k | closed_socket: |
3236 | | /* Restart the timer if we have pending data */ |
3237 | 1.59k | TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { |
3238 | 0 | if (chk->whoTo != NULL) { |
3239 | 0 | break; |
3240 | 0 | } |
3241 | 0 | } |
3242 | 1.59k | if (chk != NULL) { |
3243 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, chk->whoTo); |
3244 | 0 | } |
3245 | 1.59k | } |
3246 | | |
3247 | | static void |
3248 | | sctp_handle_ecn_echo(struct sctp_ecne_chunk *cp, |
3249 | | struct sctp_tcb *stcb) |
3250 | 0 | { |
3251 | 0 | struct sctp_nets *net; |
3252 | 0 | struct sctp_tmit_chunk *lchk; |
3253 | 0 | struct sctp_ecne_chunk bkup; |
3254 | 0 | uint8_t override_bit; |
3255 | 0 | uint32_t tsn, window_data_tsn; |
3256 | 0 | int len; |
3257 | 0 | unsigned int pkt_cnt; |
3258 | |
|
3259 | 0 | len = ntohs(cp->ch.chunk_length); |
3260 | 0 | if (len == sizeof(struct old_sctp_ecne_chunk)) { |
3261 | | /* Its the old format */ |
3262 | 0 | memcpy(&bkup, cp, sizeof(struct old_sctp_ecne_chunk)); |
3263 | 0 | bkup.num_pkts_since_cwr = htonl(1); |
3264 | 0 | cp = &bkup; |
3265 | 0 | } |
3266 | 0 | SCTP_STAT_INCR(sctps_recvecne); |
3267 | 0 | tsn = ntohl(cp->tsn); |
3268 | 0 | pkt_cnt = ntohl(cp->num_pkts_since_cwr); |
3269 | 0 | lchk = TAILQ_LAST(&stcb->asoc.send_queue, sctpchunk_listhead); |
3270 | 0 | if (lchk == NULL) { |
3271 | 0 | window_data_tsn = stcb->asoc.sending_seq - 1; |
3272 | 0 | } else { |
3273 | 0 | window_data_tsn = lchk->rec.data.tsn; |
3274 | 0 | } |
3275 | | |
3276 | | /* Find where it was sent to if possible. */ |
3277 | 0 | net = NULL; |
3278 | 0 | TAILQ_FOREACH(lchk, &stcb->asoc.sent_queue, sctp_next) { |
3279 | 0 | if (lchk->rec.data.tsn == tsn) { |
3280 | 0 | net = lchk->whoTo; |
3281 | 0 | net->ecn_prev_cwnd = lchk->rec.data.cwnd_at_send; |
3282 | 0 | break; |
3283 | 0 | } |
3284 | 0 | if (SCTP_TSN_GT(lchk->rec.data.tsn, tsn)) { |
3285 | 0 | break; |
3286 | 0 | } |
3287 | 0 | } |
3288 | 0 | if (net == NULL) { |
3289 | | /* |
3290 | | * What to do. A previous send of a |
3291 | | * CWR was possibly lost. See how old it is, we |
3292 | | * may have it marked on the actual net. |
3293 | | */ |
3294 | 0 | TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { |
3295 | 0 | if (tsn == net->last_cwr_tsn) { |
3296 | | /* Found him, send it off */ |
3297 | 0 | break; |
3298 | 0 | } |
3299 | 0 | } |
3300 | 0 | if (net == NULL) { |
3301 | | /* |
3302 | | * If we reach here, we need to send a special |
3303 | | * CWR that says hey, we did this a long time |
3304 | | * ago and you lost the response. |
3305 | | */ |
3306 | 0 | net = TAILQ_FIRST(&stcb->asoc.nets); |
3307 | 0 | if (net == NULL) { |
3308 | | /* TSNH */ |
3309 | 0 | return; |
3310 | 0 | } |
3311 | 0 | override_bit = SCTP_CWR_REDUCE_OVERRIDE; |
3312 | 0 | } else { |
3313 | 0 | override_bit = 0; |
3314 | 0 | } |
3315 | 0 | } else { |
3316 | 0 | override_bit = 0; |
3317 | 0 | } |
3318 | 0 | if (SCTP_TSN_GT(tsn, net->cwr_window_tsn) && |
3319 | 0 | ((override_bit&SCTP_CWR_REDUCE_OVERRIDE) == 0)) { |
3320 | | /* JRS - Use the congestion control given in the pluggable CC module */ |
3321 | 0 | stcb->asoc.cc_functions.sctp_cwnd_update_after_ecn_echo(stcb, net, 0, pkt_cnt); |
3322 | | /* |
3323 | | * We reduce once every RTT. So we will only lower cwnd at |
3324 | | * the next sending seq i.e. the window_data_tsn |
3325 | | */ |
3326 | 0 | net->cwr_window_tsn = window_data_tsn; |
3327 | 0 | net->ecn_ce_pkt_cnt += pkt_cnt; |
3328 | 0 | net->lost_cnt = pkt_cnt; |
3329 | 0 | net->last_cwr_tsn = tsn; |
3330 | 0 | } else { |
3331 | 0 | override_bit |= SCTP_CWR_IN_SAME_WINDOW; |
3332 | 0 | if (SCTP_TSN_GT(tsn, net->last_cwr_tsn) && |
3333 | 0 | ((override_bit&SCTP_CWR_REDUCE_OVERRIDE) == 0)) { |
3334 | | /* |
3335 | | * Another loss in the same window update how |
3336 | | * many marks/packets lost we have had. |
3337 | | */ |
3338 | 0 | int cnt = 1; |
3339 | 0 | if (pkt_cnt > net->lost_cnt) { |
3340 | | /* Should be the case */ |
3341 | 0 | cnt = (pkt_cnt - net->lost_cnt); |
3342 | 0 | net->ecn_ce_pkt_cnt += cnt; |
3343 | 0 | } |
3344 | 0 | net->lost_cnt = pkt_cnt; |
3345 | 0 | net->last_cwr_tsn = tsn; |
3346 | | /* |
3347 | | * Most CC functions will ignore this call, since we are in-window |
3348 | | * yet of the initial CE the peer saw. |
3349 | | */ |
3350 | 0 | stcb->asoc.cc_functions.sctp_cwnd_update_after_ecn_echo(stcb, net, 1, cnt); |
3351 | 0 | } |
3352 | 0 | } |
3353 | | /* |
3354 | | * We always send a CWR this way if our previous one was lost our |
3355 | | * peer will get an update, or if it is not time again to reduce we |
3356 | | * still get the cwr to the peer. Note we set the override when we |
3357 | | * could not find the TSN on the chunk or the destination network. |
3358 | | */ |
3359 | 0 | sctp_send_cwr(stcb, net, net->last_cwr_tsn, override_bit); |
3360 | 0 | } |
3361 | | |
3362 | | static void |
3363 | | sctp_handle_ecn_cwr(struct sctp_cwr_chunk *cp, struct sctp_tcb *stcb, struct sctp_nets *net) |
3364 | 0 | { |
3365 | | /* |
3366 | | * Here we get a CWR from the peer. We must look in the outqueue and |
3367 | | * make sure that we have a covered ECNE in the control chunk part. |
3368 | | * If so remove it. |
3369 | | */ |
3370 | 0 | struct sctp_tmit_chunk *chk, *nchk; |
3371 | 0 | struct sctp_ecne_chunk *ecne; |
3372 | 0 | int override; |
3373 | 0 | uint32_t cwr_tsn; |
3374 | |
|
3375 | 0 | cwr_tsn = ntohl(cp->tsn); |
3376 | 0 | override = cp->ch.chunk_flags & SCTP_CWR_REDUCE_OVERRIDE; |
3377 | 0 | TAILQ_FOREACH_SAFE(chk, &stcb->asoc.control_send_queue, sctp_next, nchk) { |
3378 | 0 | if (chk->rec.chunk_id.id != SCTP_ECN_ECHO) { |
3379 | 0 | continue; |
3380 | 0 | } |
3381 | 0 | if ((override == 0) && (chk->whoTo != net)) { |
3382 | | /* Must be from the right src unless override is set */ |
3383 | 0 | continue; |
3384 | 0 | } |
3385 | 0 | ecne = mtod(chk->data, struct sctp_ecne_chunk *); |
3386 | 0 | if (SCTP_TSN_GE(cwr_tsn, ntohl(ecne->tsn))) { |
3387 | | /* this covers this ECNE, we can remove it */ |
3388 | 0 | stcb->asoc.ecn_echo_cnt_onq--; |
3389 | 0 | TAILQ_REMOVE(&stcb->asoc.control_send_queue, chk, |
3390 | 0 | sctp_next); |
3391 | 0 | stcb->asoc.ctrl_queue_cnt--; |
3392 | 0 | sctp_m_freem(chk->data); |
3393 | 0 | chk->data = NULL; |
3394 | 0 | sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); |
3395 | 0 | if (override == 0) { |
3396 | 0 | break; |
3397 | 0 | } |
3398 | 0 | } |
3399 | 0 | } |
3400 | 0 | } |
3401 | | |
3402 | | static void |
3403 | | sctp_handle_shutdown_complete(struct sctp_shutdown_complete_chunk *cp SCTP_UNUSED, |
3404 | | struct sctp_tcb *stcb, struct sctp_nets *net) |
3405 | 0 | { |
3406 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3407 | | struct socket *so; |
3408 | | #endif |
3409 | |
|
3410 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, |
3411 | 0 | "sctp_handle_shutdown_complete: handling SHUTDOWN-COMPLETE\n"); |
3412 | 0 | if (stcb == NULL) |
3413 | 0 | return; |
3414 | | |
3415 | | /* process according to association state */ |
3416 | 0 | if (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_ACK_SENT) { |
3417 | | /* unexpected SHUTDOWN-COMPLETE... so ignore... */ |
3418 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, |
3419 | 0 | "sctp_handle_shutdown_complete: not in SCTP_STATE_SHUTDOWN_ACK_SENT --- ignore\n"); |
3420 | 0 | SCTP_TCB_UNLOCK(stcb); |
3421 | 0 | return; |
3422 | 0 | } |
3423 | | /* notify upper layer protocol */ |
3424 | 0 | if (stcb->sctp_socket) { |
3425 | 0 | sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
3426 | 0 | } |
3427 | 0 | #ifdef INVARIANTS |
3428 | 0 | if (!TAILQ_EMPTY(&stcb->asoc.send_queue) || |
3429 | 0 | !TAILQ_EMPTY(&stcb->asoc.sent_queue) || |
3430 | 0 | sctp_is_there_unsent_data(stcb, SCTP_SO_NOT_LOCKED)) { |
3431 | 0 | panic("Queues are not empty when handling SHUTDOWN-COMPLETE"); |
3432 | 0 | } |
3433 | 0 | #endif |
3434 | | /* stop the timer */ |
3435 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWNACK, stcb->sctp_ep, stcb, net, |
3436 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_24); |
3437 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_shutdown); |
3438 | | /* free the TCB */ |
3439 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, |
3440 | 0 | "sctp_handle_shutdown_complete: calls free-asoc\n"); |
3441 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3442 | | so = SCTP_INP_SO(stcb->sctp_ep); |
3443 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
3444 | | SCTP_TCB_UNLOCK(stcb); |
3445 | | SCTP_SOCKET_LOCK(so, 1); |
3446 | | SCTP_TCB_LOCK(stcb); |
3447 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
3448 | | #endif |
3449 | 0 | (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, |
3450 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_25); |
3451 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3452 | | SCTP_SOCKET_UNLOCK(so, 1); |
3453 | | #endif |
3454 | 0 | return; |
3455 | 0 | } |
3456 | | |
3457 | | static int |
3458 | | process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc, |
3459 | | struct sctp_nets *net, uint8_t flg) |
3460 | 0 | { |
3461 | 0 | switch (desc->chunk_type) { |
3462 | 0 | case SCTP_DATA: |
3463 | 0 | case SCTP_IDATA: |
3464 | | /* find the tsn to resend (possibly) */ |
3465 | 0 | { |
3466 | 0 | uint32_t tsn; |
3467 | 0 | struct sctp_tmit_chunk *tp1; |
3468 | |
|
3469 | 0 | tsn = ntohl(desc->tsn_ifany); |
3470 | 0 | TAILQ_FOREACH(tp1, &stcb->asoc.sent_queue, sctp_next) { |
3471 | 0 | if (tp1->rec.data.tsn == tsn) { |
3472 | | /* found it */ |
3473 | 0 | break; |
3474 | 0 | } |
3475 | 0 | if (SCTP_TSN_GT(tp1->rec.data.tsn, tsn)) { |
3476 | | /* not found */ |
3477 | 0 | tp1 = NULL; |
3478 | 0 | break; |
3479 | 0 | } |
3480 | 0 | } |
3481 | 0 | if (tp1 == NULL) { |
3482 | | /* |
3483 | | * Do it the other way , aka without paying |
3484 | | * attention to queue seq order. |
3485 | | */ |
3486 | 0 | SCTP_STAT_INCR(sctps_pdrpdnfnd); |
3487 | 0 | TAILQ_FOREACH(tp1, &stcb->asoc.sent_queue, sctp_next) { |
3488 | 0 | if (tp1->rec.data.tsn == tsn) { |
3489 | | /* found it */ |
3490 | 0 | break; |
3491 | 0 | } |
3492 | 0 | } |
3493 | 0 | } |
3494 | 0 | if (tp1 == NULL) { |
3495 | 0 | SCTP_STAT_INCR(sctps_pdrptsnnf); |
3496 | 0 | } |
3497 | 0 | if ((tp1) && (tp1->sent < SCTP_DATAGRAM_ACKED)) { |
3498 | 0 | if (((flg & SCTP_BADCRC) == 0) && |
3499 | 0 | ((flg & SCTP_FROM_MIDDLE_BOX) == 0)) { |
3500 | 0 | return (0); |
3501 | 0 | } |
3502 | 0 | if ((stcb->asoc.peers_rwnd == 0) && |
3503 | 0 | ((flg & SCTP_FROM_MIDDLE_BOX) == 0)) { |
3504 | 0 | SCTP_STAT_INCR(sctps_pdrpdiwnp); |
3505 | 0 | return (0); |
3506 | 0 | } |
3507 | 0 | if (stcb->asoc.peers_rwnd == 0 && |
3508 | 0 | (flg & SCTP_FROM_MIDDLE_BOX)) { |
3509 | 0 | SCTP_STAT_INCR(sctps_pdrpdizrw); |
3510 | 0 | return (0); |
3511 | 0 | } |
3512 | 0 | if ((uint32_t)SCTP_BUF_LEN(tp1->data) < |
3513 | 0 | SCTP_DATA_CHUNK_OVERHEAD(stcb) + SCTP_NUM_DB_TO_VERIFY) { |
3514 | | /* Payload not matching. */ |
3515 | 0 | SCTP_STAT_INCR(sctps_pdrpbadd); |
3516 | 0 | return (-1); |
3517 | 0 | } |
3518 | 0 | if (memcmp(mtod(tp1->data, caddr_t) + SCTP_DATA_CHUNK_OVERHEAD(stcb), |
3519 | 0 | desc->data_bytes, SCTP_NUM_DB_TO_VERIFY) != 0) { |
3520 | | /* Payload not matching. */ |
3521 | 0 | SCTP_STAT_INCR(sctps_pdrpbadd); |
3522 | 0 | return (-1); |
3523 | 0 | } |
3524 | 0 | if (tp1->do_rtt) { |
3525 | | /* |
3526 | | * this guy had a RTO calculation |
3527 | | * pending on it, cancel it |
3528 | | */ |
3529 | 0 | if (tp1->whoTo->rto_needed == 0) { |
3530 | 0 | tp1->whoTo->rto_needed = 1; |
3531 | 0 | } |
3532 | 0 | tp1->do_rtt = 0; |
3533 | 0 | } |
3534 | 0 | SCTP_STAT_INCR(sctps_pdrpmark); |
3535 | 0 | if (tp1->sent != SCTP_DATAGRAM_RESEND) |
3536 | 0 | sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt); |
3537 | | /* |
3538 | | * mark it as if we were doing a FR, since |
3539 | | * we will be getting gap ack reports behind |
3540 | | * the info from the router. |
3541 | | */ |
3542 | 0 | tp1->rec.data.doing_fast_retransmit = 1; |
3543 | | /* |
3544 | | * mark the tsn with what sequences can |
3545 | | * cause a new FR. |
3546 | | */ |
3547 | 0 | if (TAILQ_EMPTY(&stcb->asoc.send_queue)) { |
3548 | 0 | tp1->rec.data.fast_retran_tsn = stcb->asoc.sending_seq; |
3549 | 0 | } else { |
3550 | 0 | tp1->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.tsn; |
3551 | 0 | } |
3552 | | |
3553 | | /* restart the timer */ |
3554 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, |
3555 | 0 | stcb, tp1->whoTo, |
3556 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_26); |
3557 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, |
3558 | 0 | stcb, tp1->whoTo); |
3559 | | |
3560 | | /* fix counts and things */ |
3561 | 0 | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) { |
3562 | 0 | sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_PDRP, |
3563 | 0 | tp1->whoTo->flight_size, |
3564 | 0 | tp1->book_size, |
3565 | 0 | (uint32_t)(uintptr_t)stcb, |
3566 | 0 | tp1->rec.data.tsn); |
3567 | 0 | } |
3568 | 0 | if (tp1->sent < SCTP_DATAGRAM_RESEND) { |
3569 | 0 | sctp_flight_size_decrease(tp1); |
3570 | 0 | sctp_total_flight_decrease(stcb, tp1); |
3571 | 0 | } |
3572 | 0 | tp1->sent = SCTP_DATAGRAM_RESEND; |
3573 | 0 | } { |
3574 | | /* audit code */ |
3575 | 0 | unsigned int audit; |
3576 | |
|
3577 | 0 | audit = 0; |
3578 | 0 | TAILQ_FOREACH(tp1, &stcb->asoc.sent_queue, sctp_next) { |
3579 | 0 | if (tp1->sent == SCTP_DATAGRAM_RESEND) |
3580 | 0 | audit++; |
3581 | 0 | } |
3582 | 0 | TAILQ_FOREACH(tp1, &stcb->asoc.control_send_queue, |
3583 | 0 | sctp_next) { |
3584 | 0 | if (tp1->sent == SCTP_DATAGRAM_RESEND) |
3585 | 0 | audit++; |
3586 | 0 | } |
3587 | 0 | if (audit != stcb->asoc.sent_queue_retran_cnt) { |
3588 | 0 | SCTP_PRINTF("**Local Audit finds cnt:%d asoc cnt:%d\n", |
3589 | 0 | audit, stcb->asoc.sent_queue_retran_cnt); |
3590 | 0 | #ifndef SCTP_AUDITING_ENABLED |
3591 | 0 | stcb->asoc.sent_queue_retran_cnt = audit; |
3592 | 0 | #endif |
3593 | 0 | } |
3594 | 0 | } |
3595 | 0 | } |
3596 | 0 | break; |
3597 | 0 | case SCTP_ASCONF: |
3598 | 0 | { |
3599 | 0 | struct sctp_tmit_chunk *asconf; |
3600 | |
|
3601 | 0 | TAILQ_FOREACH(asconf, &stcb->asoc.control_send_queue, |
3602 | 0 | sctp_next) { |
3603 | 0 | if (asconf->rec.chunk_id.id == SCTP_ASCONF) { |
3604 | 0 | break; |
3605 | 0 | } |
3606 | 0 | } |
3607 | 0 | if (asconf) { |
3608 | 0 | if (asconf->sent != SCTP_DATAGRAM_RESEND) |
3609 | 0 | sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt); |
3610 | 0 | asconf->sent = SCTP_DATAGRAM_RESEND; |
3611 | 0 | asconf->snd_count--; |
3612 | 0 | } |
3613 | 0 | } |
3614 | 0 | break; |
3615 | 0 | case SCTP_INITIATION: |
3616 | | /* resend the INIT */ |
3617 | 0 | stcb->asoc.dropped_special_cnt++; |
3618 | 0 | if (stcb->asoc.dropped_special_cnt < SCTP_RETRY_DROPPED_THRESH) { |
3619 | | /* |
3620 | | * If we can get it in, in a few attempts we do |
3621 | | * this, otherwise we let the timer fire. |
3622 | | */ |
3623 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep, |
3624 | 0 | stcb, net, |
3625 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_27); |
3626 | 0 | sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); |
3627 | 0 | } |
3628 | 0 | break; |
3629 | 0 | case SCTP_SELECTIVE_ACK: |
3630 | 0 | case SCTP_NR_SELECTIVE_ACK: |
3631 | | /* resend the sack */ |
3632 | 0 | sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED); |
3633 | 0 | break; |
3634 | 0 | case SCTP_HEARTBEAT_REQUEST: |
3635 | | /* resend a demand HB */ |
3636 | 0 | if ((stcb->asoc.overall_error_count + 3) < stcb->asoc.max_send_times) { |
3637 | | /* Only retransmit if we KNOW we wont destroy the tcb */ |
3638 | 0 | sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED); |
3639 | 0 | } |
3640 | 0 | break; |
3641 | 0 | case SCTP_SHUTDOWN: |
3642 | 0 | sctp_send_shutdown(stcb, net); |
3643 | 0 | break; |
3644 | 0 | case SCTP_SHUTDOWN_ACK: |
3645 | 0 | sctp_send_shutdown_ack(stcb, net); |
3646 | 0 | break; |
3647 | 0 | case SCTP_COOKIE_ECHO: |
3648 | 0 | { |
3649 | 0 | struct sctp_tmit_chunk *cookie; |
3650 | |
|
3651 | 0 | cookie = NULL; |
3652 | 0 | TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue, |
3653 | 0 | sctp_next) { |
3654 | 0 | if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) { |
3655 | 0 | break; |
3656 | 0 | } |
3657 | 0 | } |
3658 | 0 | if (cookie) { |
3659 | 0 | if (cookie->sent != SCTP_DATAGRAM_RESEND) |
3660 | 0 | sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt); |
3661 | 0 | cookie->sent = SCTP_DATAGRAM_RESEND; |
3662 | 0 | sctp_stop_all_cookie_timers(stcb); |
3663 | 0 | } |
3664 | 0 | } |
3665 | 0 | break; |
3666 | 0 | case SCTP_COOKIE_ACK: |
3667 | 0 | sctp_send_cookie_ack(stcb); |
3668 | 0 | break; |
3669 | 0 | case SCTP_ASCONF_ACK: |
3670 | | /* resend last asconf ack */ |
3671 | 0 | sctp_send_asconf_ack(stcb); |
3672 | 0 | break; |
3673 | 0 | case SCTP_IFORWARD_CUM_TSN: |
3674 | 0 | case SCTP_FORWARD_CUM_TSN: |
3675 | 0 | send_forward_tsn(stcb, &stcb->asoc); |
3676 | 0 | break; |
3677 | | /* can't do anything with these */ |
3678 | 0 | case SCTP_PACKET_DROPPED: |
3679 | 0 | case SCTP_INITIATION_ACK: /* this should not happen */ |
3680 | 0 | case SCTP_HEARTBEAT_ACK: |
3681 | 0 | case SCTP_ABORT_ASSOCIATION: |
3682 | 0 | case SCTP_OPERATION_ERROR: |
3683 | 0 | case SCTP_SHUTDOWN_COMPLETE: |
3684 | 0 | case SCTP_ECN_ECHO: |
3685 | 0 | case SCTP_ECN_CWR: |
3686 | 0 | default: |
3687 | 0 | break; |
3688 | 0 | } |
3689 | 0 | return (0); |
3690 | 0 | } |
3691 | | |
3692 | | void |
3693 | | sctp_reset_in_stream(struct sctp_tcb *stcb, uint32_t number_entries, uint16_t *list) |
3694 | 0 | { |
3695 | 0 | uint32_t i; |
3696 | 0 | uint16_t temp; |
3697 | | |
3698 | | /* |
3699 | | * We set things to 0xffffffff since this is the last delivered sequence |
3700 | | * and we will be sending in 0 after the reset. |
3701 | | */ |
3702 | |
|
3703 | 0 | if (number_entries) { |
3704 | 0 | for (i = 0; i < number_entries; i++) { |
3705 | 0 | temp = ntohs(list[i]); |
3706 | 0 | if (temp >= stcb->asoc.streamincnt) { |
3707 | 0 | continue; |
3708 | 0 | } |
3709 | 0 | stcb->asoc.strmin[temp].last_mid_delivered = 0xffffffff; |
3710 | 0 | } |
3711 | 0 | } else { |
3712 | 0 | list = NULL; |
3713 | 0 | for (i = 0; i < stcb->asoc.streamincnt; i++) { |
3714 | 0 | stcb->asoc.strmin[i].last_mid_delivered = 0xffffffff; |
3715 | 0 | } |
3716 | 0 | } |
3717 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_RECV, stcb, number_entries, (void *)list, SCTP_SO_NOT_LOCKED); |
3718 | 0 | } |
3719 | | |
3720 | | static void |
3721 | | sctp_reset_out_streams(struct sctp_tcb *stcb, uint32_t number_entries, uint16_t *list) |
3722 | 0 | { |
3723 | 0 | uint32_t i; |
3724 | 0 | uint16_t temp; |
3725 | |
|
3726 | 0 | if (number_entries > 0) { |
3727 | 0 | for (i = 0; i < number_entries; i++) { |
3728 | 0 | temp = ntohs(list[i]); |
3729 | 0 | if (temp >= stcb->asoc.streamoutcnt) { |
3730 | | /* no such stream */ |
3731 | 0 | continue; |
3732 | 0 | } |
3733 | 0 | stcb->asoc.strmout[temp].next_mid_ordered = 0; |
3734 | 0 | stcb->asoc.strmout[temp].next_mid_unordered = 0; |
3735 | 0 | } |
3736 | 0 | } else { |
3737 | 0 | for (i = 0; i < stcb->asoc.streamoutcnt; i++) { |
3738 | 0 | stcb->asoc.strmout[i].next_mid_ordered = 0; |
3739 | 0 | stcb->asoc.strmout[i].next_mid_unordered = 0; |
3740 | 0 | } |
3741 | 0 | } |
3742 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_SEND, stcb, number_entries, (void *)list, SCTP_SO_NOT_LOCKED); |
3743 | 0 | } |
3744 | | |
3745 | | static void |
3746 | | sctp_reset_clear_pending(struct sctp_tcb *stcb, uint32_t number_entries, uint16_t *list) |
3747 | 0 | { |
3748 | 0 | uint32_t i; |
3749 | 0 | uint16_t temp; |
3750 | |
|
3751 | 0 | if (number_entries > 0) { |
3752 | 0 | for (i = 0; i < number_entries; i++) { |
3753 | 0 | temp = ntohs(list[i]); |
3754 | 0 | if (temp >= stcb->asoc.streamoutcnt) { |
3755 | | /* no such stream */ |
3756 | 0 | continue; |
3757 | 0 | } |
3758 | 0 | stcb->asoc.strmout[temp].state = SCTP_STREAM_OPEN; |
3759 | 0 | } |
3760 | 0 | } else { |
3761 | 0 | for (i = 0; i < stcb->asoc.streamoutcnt; i++) { |
3762 | 0 | stcb->asoc.strmout[i].state = SCTP_STREAM_OPEN; |
3763 | 0 | } |
3764 | 0 | } |
3765 | 0 | } |
3766 | | |
3767 | | struct sctp_stream_reset_request * |
3768 | | sctp_find_stream_reset(struct sctp_tcb *stcb, uint32_t seq, struct sctp_tmit_chunk **bchk) |
3769 | 0 | { |
3770 | 0 | struct sctp_association *asoc; |
3771 | 0 | struct sctp_chunkhdr *ch; |
3772 | 0 | struct sctp_stream_reset_request *r; |
3773 | 0 | struct sctp_tmit_chunk *chk; |
3774 | 0 | int len, clen; |
3775 | |
|
3776 | 0 | asoc = &stcb->asoc; |
3777 | 0 | chk = asoc->str_reset; |
3778 | 0 | if (TAILQ_EMPTY(&asoc->control_send_queue) || |
3779 | 0 | (chk == NULL)) { |
3780 | 0 | asoc->stream_reset_outstanding = 0; |
3781 | 0 | return (NULL); |
3782 | 0 | } |
3783 | 0 | if (chk->data == NULL) { |
3784 | 0 | return (NULL); |
3785 | 0 | } |
3786 | 0 | if (bchk != NULL) { |
3787 | | /* he wants a copy of the chk pointer */ |
3788 | 0 | *bchk = chk; |
3789 | 0 | } |
3790 | 0 | clen = chk->send_size; |
3791 | 0 | ch = mtod(chk->data, struct sctp_chunkhdr *); |
3792 | 0 | r = (struct sctp_stream_reset_request *)(ch + 1); |
3793 | 0 | if (ntohl(r->request_seq) == seq) { |
3794 | | /* found it */ |
3795 | 0 | return (r); |
3796 | 0 | } |
3797 | 0 | len = SCTP_SIZE32(ntohs(r->ph.param_length)); |
3798 | 0 | if (clen > (len + (int)sizeof(struct sctp_chunkhdr))) { |
3799 | | /* move to the next one, there can only be a max of two */ |
3800 | 0 | r = (struct sctp_stream_reset_request *)((caddr_t)r + len); |
3801 | 0 | if (ntohl(r->request_seq) == seq) { |
3802 | 0 | return (r); |
3803 | 0 | } |
3804 | 0 | } |
3805 | | /* that seq is not here */ |
3806 | 0 | return (NULL); |
3807 | 0 | } |
3808 | | |
3809 | | static void |
3810 | | sctp_clean_up_stream_reset(struct sctp_tcb *stcb) |
3811 | 0 | { |
3812 | 0 | struct sctp_association *asoc; |
3813 | 0 | struct sctp_tmit_chunk *chk; |
3814 | |
|
3815 | 0 | asoc = &stcb->asoc; |
3816 | 0 | chk = asoc->str_reset; |
3817 | 0 | if (chk == NULL) { |
3818 | 0 | return; |
3819 | 0 | } |
3820 | 0 | asoc->str_reset = NULL; |
3821 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, |
3822 | 0 | NULL, SCTP_FROM_SCTP_INPUT + SCTP_LOC_28); |
3823 | 0 | TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); |
3824 | 0 | asoc->ctrl_queue_cnt--; |
3825 | 0 | if (chk->data) { |
3826 | 0 | sctp_m_freem(chk->data); |
3827 | 0 | chk->data = NULL; |
3828 | 0 | } |
3829 | 0 | sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); |
3830 | 0 | } |
3831 | | |
3832 | | static int |
3833 | | sctp_handle_stream_reset_response(struct sctp_tcb *stcb, |
3834 | | uint32_t seq, uint32_t action, |
3835 | | struct sctp_stream_reset_response *respin) |
3836 | 0 | { |
3837 | 0 | uint16_t type; |
3838 | 0 | int lparam_len; |
3839 | 0 | struct sctp_association *asoc = &stcb->asoc; |
3840 | 0 | struct sctp_tmit_chunk *chk; |
3841 | 0 | struct sctp_stream_reset_request *req_param; |
3842 | 0 | struct sctp_stream_reset_out_request *req_out_param; |
3843 | 0 | struct sctp_stream_reset_in_request *req_in_param; |
3844 | 0 | uint32_t number_entries; |
3845 | |
|
3846 | 0 | if (asoc->stream_reset_outstanding == 0) { |
3847 | | /* duplicate */ |
3848 | 0 | return (0); |
3849 | 0 | } |
3850 | 0 | if (seq == stcb->asoc.str_reset_seq_out) { |
3851 | 0 | req_param = sctp_find_stream_reset(stcb, seq, &chk); |
3852 | 0 | if (req_param != NULL) { |
3853 | 0 | stcb->asoc.str_reset_seq_out++; |
3854 | 0 | type = ntohs(req_param->ph.param_type); |
3855 | 0 | lparam_len = ntohs(req_param->ph.param_length); |
3856 | 0 | if (type == SCTP_STR_RESET_OUT_REQUEST) { |
3857 | 0 | int no_clear = 0; |
3858 | |
|
3859 | 0 | req_out_param = (struct sctp_stream_reset_out_request *)req_param; |
3860 | 0 | number_entries = (lparam_len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t); |
3861 | 0 | asoc->stream_reset_out_is_outstanding = 0; |
3862 | 0 | if (asoc->stream_reset_outstanding) |
3863 | 0 | asoc->stream_reset_outstanding--; |
3864 | 0 | if (action == SCTP_STREAM_RESET_RESULT_PERFORMED) { |
3865 | | /* do it */ |
3866 | 0 | sctp_reset_out_streams(stcb, number_entries, req_out_param->list_of_streams); |
3867 | 0 | } else if (action == SCTP_STREAM_RESET_RESULT_DENIED) { |
3868 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_DENIED_OUT, stcb, number_entries, req_out_param->list_of_streams, SCTP_SO_NOT_LOCKED); |
3869 | 0 | } else if (action == SCTP_STREAM_RESET_RESULT_IN_PROGRESS) { |
3870 | | /* Set it up so we don't stop retransmitting */ |
3871 | 0 | asoc->stream_reset_outstanding++; |
3872 | 0 | stcb->asoc.str_reset_seq_out--; |
3873 | 0 | asoc->stream_reset_out_is_outstanding = 1; |
3874 | 0 | no_clear = 1; |
3875 | 0 | } else { |
3876 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_OUT, stcb, number_entries, req_out_param->list_of_streams, SCTP_SO_NOT_LOCKED); |
3877 | 0 | } |
3878 | 0 | if (no_clear == 0) { |
3879 | 0 | sctp_reset_clear_pending(stcb, number_entries, req_out_param->list_of_streams); |
3880 | 0 | } |
3881 | 0 | } else if (type == SCTP_STR_RESET_IN_REQUEST) { |
3882 | 0 | req_in_param = (struct sctp_stream_reset_in_request *)req_param; |
3883 | 0 | number_entries = (lparam_len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t); |
3884 | 0 | if (asoc->stream_reset_outstanding) |
3885 | 0 | asoc->stream_reset_outstanding--; |
3886 | 0 | if (action == SCTP_STREAM_RESET_RESULT_DENIED) { |
3887 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_DENIED_IN, stcb, |
3888 | 0 | number_entries, req_in_param->list_of_streams, SCTP_SO_NOT_LOCKED); |
3889 | 0 | } else if (action != SCTP_STREAM_RESET_RESULT_PERFORMED) { |
3890 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_IN, stcb, |
3891 | 0 | number_entries, req_in_param->list_of_streams, SCTP_SO_NOT_LOCKED); |
3892 | 0 | } |
3893 | 0 | } else if (type == SCTP_STR_RESET_ADD_OUT_STREAMS) { |
3894 | | /* Ok we now may have more streams */ |
3895 | 0 | int num_stream; |
3896 | |
|
3897 | 0 | num_stream = stcb->asoc.strm_pending_add_size; |
3898 | 0 | if (num_stream > (stcb->asoc.strm_realoutsize - stcb->asoc.streamoutcnt)) { |
3899 | | /* TSNH */ |
3900 | 0 | num_stream = stcb->asoc.strm_realoutsize - stcb->asoc.streamoutcnt; |
3901 | 0 | } |
3902 | 0 | stcb->asoc.strm_pending_add_size = 0; |
3903 | 0 | if (asoc->stream_reset_outstanding) |
3904 | 0 | asoc->stream_reset_outstanding--; |
3905 | 0 | if (action == SCTP_STREAM_RESET_RESULT_PERFORMED) { |
3906 | | /* Put the new streams into effect */ |
3907 | 0 | int i; |
3908 | 0 | for (i = asoc->streamoutcnt; i < (asoc->streamoutcnt + num_stream); i++) { |
3909 | 0 | asoc->strmout[i].state = SCTP_STREAM_OPEN; |
3910 | 0 | } |
3911 | 0 | asoc->streamoutcnt += num_stream; |
3912 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
3913 | 0 | } else if (action == SCTP_STREAM_RESET_RESULT_DENIED) { |
3914 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD, stcb, SCTP_STREAM_CHANGE_DENIED, NULL, SCTP_SO_NOT_LOCKED); |
3915 | 0 | } else { |
3916 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD, stcb, SCTP_STREAM_CHANGE_FAILED, NULL, SCTP_SO_NOT_LOCKED); |
3917 | 0 | } |
3918 | 0 | } else if (type == SCTP_STR_RESET_ADD_IN_STREAMS) { |
3919 | 0 | if (asoc->stream_reset_outstanding) |
3920 | 0 | asoc->stream_reset_outstanding--; |
3921 | 0 | if (action == SCTP_STREAM_RESET_RESULT_DENIED) { |
3922 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD, stcb, SCTP_STREAM_CHANGE_DENIED, NULL, SCTP_SO_NOT_LOCKED); |
3923 | 0 | } else if (action != SCTP_STREAM_RESET_RESULT_PERFORMED) { |
3924 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD, stcb, SCTP_STREAM_CHANGE_DENIED, NULL, SCTP_SO_NOT_LOCKED); |
3925 | 0 | } |
3926 | 0 | } else if (type == SCTP_STR_RESET_TSN_REQUEST) { |
3927 | | /** |
3928 | | * a) Adopt the new in tsn. |
3929 | | * b) reset the map |
3930 | | * c) Adopt the new out-tsn |
3931 | | */ |
3932 | 0 | struct sctp_stream_reset_response_tsn *resp; |
3933 | 0 | struct sctp_forward_tsn_chunk fwdtsn; |
3934 | 0 | int abort_flag = 0; |
3935 | 0 | if (respin == NULL) { |
3936 | | /* huh ? */ |
3937 | 0 | return (0); |
3938 | 0 | } |
3939 | 0 | if (ntohs(respin->ph.param_length) < sizeof(struct sctp_stream_reset_response_tsn)) { |
3940 | 0 | return (0); |
3941 | 0 | } |
3942 | 0 | if (action == SCTP_STREAM_RESET_RESULT_PERFORMED) { |
3943 | 0 | resp = (struct sctp_stream_reset_response_tsn *)respin; |
3944 | 0 | asoc->stream_reset_outstanding--; |
3945 | 0 | fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk)); |
3946 | 0 | fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN; |
3947 | 0 | fwdtsn.new_cumulative_tsn = htonl(ntohl(resp->senders_next_tsn) - 1); |
3948 | 0 | sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag, NULL, 0); |
3949 | 0 | if (abort_flag) { |
3950 | 0 | return (1); |
3951 | 0 | } |
3952 | 0 | stcb->asoc.highest_tsn_inside_map = (ntohl(resp->senders_next_tsn) - 1); |
3953 | 0 | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) { |
3954 | 0 | sctp_log_map(0, 7, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT); |
3955 | 0 | } |
3956 | |
|
3957 | 0 | stcb->asoc.tsn_last_delivered = stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map; |
3958 | 0 | stcb->asoc.mapping_array_base_tsn = ntohl(resp->senders_next_tsn); |
3959 | 0 | memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size); |
3960 | |
|
3961 | 0 | stcb->asoc.highest_tsn_inside_nr_map = stcb->asoc.highest_tsn_inside_map; |
3962 | 0 | memset(stcb->asoc.nr_mapping_array, 0, stcb->asoc.mapping_array_size); |
3963 | |
|
3964 | 0 | stcb->asoc.sending_seq = ntohl(resp->receivers_next_tsn); |
3965 | 0 | stcb->asoc.last_acked_seq = stcb->asoc.cumulative_tsn; |
3966 | |
|
3967 | 0 | sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL); |
3968 | 0 | sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL); |
3969 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_TSN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
3970 | 0 | } else if (action == SCTP_STREAM_RESET_RESULT_DENIED) { |
3971 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_TSN, stcb, SCTP_ASSOC_RESET_DENIED, NULL, SCTP_SO_NOT_LOCKED); |
3972 | 0 | } else { |
3973 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_TSN, stcb, SCTP_ASSOC_RESET_FAILED, NULL, SCTP_SO_NOT_LOCKED); |
3974 | 0 | } |
3975 | 0 | } |
3976 | | /* get rid of the request and get the request flags */ |
3977 | 0 | if (asoc->stream_reset_outstanding == 0) { |
3978 | 0 | sctp_clean_up_stream_reset(stcb); |
3979 | 0 | } |
3980 | 0 | } |
3981 | 0 | } |
3982 | 0 | if (asoc->stream_reset_outstanding == 0) { |
3983 | 0 | sctp_send_stream_reset_out_if_possible(stcb, SCTP_SO_NOT_LOCKED); |
3984 | 0 | } |
3985 | 0 | return (0); |
3986 | 0 | } |
3987 | | |
3988 | | static void |
3989 | | sctp_handle_str_reset_request_in(struct sctp_tcb *stcb, |
3990 | | struct sctp_tmit_chunk *chk, |
3991 | | struct sctp_stream_reset_in_request *req, int trunc) |
3992 | 0 | { |
3993 | 0 | uint32_t seq; |
3994 | 0 | int len, i; |
3995 | 0 | int number_entries; |
3996 | 0 | uint16_t temp; |
3997 | | |
3998 | | /* |
3999 | | * peer wants me to send a str-reset to him for my outgoing seq's if |
4000 | | * seq_in is right. |
4001 | | */ |
4002 | 0 | struct sctp_association *asoc = &stcb->asoc; |
4003 | |
|
4004 | 0 | seq = ntohl(req->request_seq); |
4005 | 0 | if (asoc->str_reset_seq_in == seq) { |
4006 | 0 | asoc->last_reset_action[1] = asoc->last_reset_action[0]; |
4007 | 0 | if ((asoc->local_strreset_support & SCTP_ENABLE_RESET_STREAM_REQ) == 0) { |
4008 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4009 | 0 | } else if (trunc) { |
4010 | | /* Can't do it, since they exceeded our buffer size */ |
4011 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4012 | 0 | } else if (stcb->asoc.stream_reset_out_is_outstanding == 0) { |
4013 | 0 | len = ntohs(req->ph.param_length); |
4014 | 0 | number_entries = ((len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t)); |
4015 | 0 | if (number_entries) { |
4016 | 0 | for (i = 0; i < number_entries; i++) { |
4017 | 0 | temp = ntohs(req->list_of_streams[i]); |
4018 | 0 | if (temp >= stcb->asoc.streamoutcnt) { |
4019 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4020 | 0 | goto bad_boy; |
4021 | 0 | } |
4022 | 0 | req->list_of_streams[i] = temp; |
4023 | 0 | } |
4024 | 0 | for (i = 0; i < number_entries; i++) { |
4025 | 0 | if (stcb->asoc.strmout[req->list_of_streams[i]].state == SCTP_STREAM_OPEN) { |
4026 | 0 | stcb->asoc.strmout[req->list_of_streams[i]].state = SCTP_STREAM_RESET_PENDING; |
4027 | 0 | } |
4028 | 0 | } |
4029 | 0 | } else { |
4030 | | /* Its all */ |
4031 | 0 | for (i = 0; i < stcb->asoc.streamoutcnt; i++) { |
4032 | 0 | if (stcb->asoc.strmout[i].state == SCTP_STREAM_OPEN) |
4033 | 0 | stcb->asoc.strmout[i].state = SCTP_STREAM_RESET_PENDING; |
4034 | 0 | } |
4035 | 0 | } |
4036 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; |
4037 | 0 | } else { |
4038 | | /* Can't do it, since we have sent one out */ |
4039 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_ERR_IN_PROGRESS; |
4040 | 0 | } |
4041 | 0 | bad_boy: |
4042 | 0 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4043 | 0 | asoc->str_reset_seq_in++; |
4044 | 0 | } else if (asoc->str_reset_seq_in - 1 == seq) { |
4045 | 0 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4046 | 0 | } else if (asoc->str_reset_seq_in - 2 == seq) { |
4047 | 0 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]); |
4048 | 0 | } else { |
4049 | 0 | sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); |
4050 | 0 | } |
4051 | 0 | sctp_send_stream_reset_out_if_possible(stcb, SCTP_SO_NOT_LOCKED); |
4052 | 0 | } |
4053 | | |
4054 | | static int |
4055 | | sctp_handle_str_reset_request_tsn(struct sctp_tcb *stcb, |
4056 | | struct sctp_tmit_chunk *chk, |
4057 | | struct sctp_stream_reset_tsn_request *req) |
4058 | 0 | { |
4059 | | /* reset all in and out and update the tsn */ |
4060 | | /* |
4061 | | * A) reset my str-seq's on in and out. B) Select a receive next, |
4062 | | * and set cum-ack to it. Also process this selected number as a |
4063 | | * fwd-tsn as well. C) set in the response my next sending seq. |
4064 | | */ |
4065 | 0 | struct sctp_forward_tsn_chunk fwdtsn; |
4066 | 0 | struct sctp_association *asoc = &stcb->asoc; |
4067 | 0 | int abort_flag = 0; |
4068 | 0 | uint32_t seq; |
4069 | |
|
4070 | 0 | seq = ntohl(req->request_seq); |
4071 | 0 | if (asoc->str_reset_seq_in == seq) { |
4072 | 0 | asoc->last_reset_action[1] = stcb->asoc.last_reset_action[0]; |
4073 | 0 | if ((asoc->local_strreset_support & SCTP_ENABLE_CHANGE_ASSOC_REQ) == 0) { |
4074 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4075 | 0 | } else { |
4076 | 0 | fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk)); |
4077 | 0 | fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN; |
4078 | 0 | fwdtsn.ch.chunk_flags = 0; |
4079 | 0 | fwdtsn.new_cumulative_tsn = htonl(stcb->asoc.highest_tsn_inside_map + 1); |
4080 | 0 | sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag, NULL, 0); |
4081 | 0 | if (abort_flag) { |
4082 | 0 | return (1); |
4083 | 0 | } |
4084 | 0 | asoc->highest_tsn_inside_map += SCTP_STREAM_RESET_TSN_DELTA; |
4085 | 0 | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) { |
4086 | 0 | sctp_log_map(0, 10, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT); |
4087 | 0 | } |
4088 | 0 | asoc->tsn_last_delivered = asoc->cumulative_tsn = asoc->highest_tsn_inside_map; |
4089 | 0 | asoc->mapping_array_base_tsn = asoc->highest_tsn_inside_map + 1; |
4090 | 0 | memset(asoc->mapping_array, 0, asoc->mapping_array_size); |
4091 | 0 | asoc->highest_tsn_inside_nr_map = asoc->highest_tsn_inside_map; |
4092 | 0 | memset(asoc->nr_mapping_array, 0, asoc->mapping_array_size); |
4093 | 0 | atomic_add_int(&asoc->sending_seq, 1); |
4094 | | /* save off historical data for retrans */ |
4095 | 0 | asoc->last_sending_seq[1] = asoc->last_sending_seq[0]; |
4096 | 0 | asoc->last_sending_seq[0] = asoc->sending_seq; |
4097 | 0 | asoc->last_base_tsnsent[1] = asoc->last_base_tsnsent[0]; |
4098 | 0 | asoc->last_base_tsnsent[0] = asoc->mapping_array_base_tsn; |
4099 | 0 | sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL); |
4100 | 0 | sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL); |
4101 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; |
4102 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_TSN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
4103 | 0 | } |
4104 | 0 | sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[0], |
4105 | 0 | asoc->last_sending_seq[0], asoc->last_base_tsnsent[0]); |
4106 | 0 | asoc->str_reset_seq_in++; |
4107 | 0 | } else if (asoc->str_reset_seq_in - 1 == seq) { |
4108 | 0 | sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[0], |
4109 | 0 | asoc->last_sending_seq[0], asoc->last_base_tsnsent[0]); |
4110 | 0 | } else if (asoc->str_reset_seq_in - 2 == seq) { |
4111 | 0 | sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[1], |
4112 | 0 | asoc->last_sending_seq[1], asoc->last_base_tsnsent[1]); |
4113 | 0 | } else { |
4114 | 0 | sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); |
4115 | 0 | } |
4116 | 0 | return (0); |
4117 | 0 | } |
4118 | | |
4119 | | static void |
4120 | | sctp_handle_str_reset_request_out(struct sctp_tcb *stcb, |
4121 | | struct sctp_tmit_chunk *chk, |
4122 | | struct sctp_stream_reset_out_request *req, int trunc) |
4123 | 0 | { |
4124 | 0 | uint32_t seq, tsn; |
4125 | 0 | int number_entries, len; |
4126 | 0 | struct sctp_association *asoc = &stcb->asoc; |
4127 | |
|
4128 | 0 | seq = ntohl(req->request_seq); |
4129 | | |
4130 | | /* now if its not a duplicate we process it */ |
4131 | 0 | if (asoc->str_reset_seq_in == seq) { |
4132 | 0 | len = ntohs(req->ph.param_length); |
4133 | 0 | number_entries = ((len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t)); |
4134 | | /* |
4135 | | * the sender is resetting, handle the list issue.. we must |
4136 | | * a) verify if we can do the reset, if so no problem b) If |
4137 | | * we can't do the reset we must copy the request. c) queue |
4138 | | * it, and setup the data in processor to trigger it off |
4139 | | * when needed and dequeue all the queued data. |
4140 | | */ |
4141 | 0 | tsn = ntohl(req->send_reset_at_tsn); |
4142 | | |
4143 | | /* move the reset action back one */ |
4144 | 0 | asoc->last_reset_action[1] = asoc->last_reset_action[0]; |
4145 | 0 | if ((asoc->local_strreset_support & SCTP_ENABLE_RESET_STREAM_REQ) == 0) { |
4146 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4147 | 0 | } else if (trunc) { |
4148 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4149 | 0 | } else if (SCTP_TSN_GE(asoc->cumulative_tsn, tsn)) { |
4150 | | /* we can do it now */ |
4151 | 0 | sctp_reset_in_stream(stcb, number_entries, req->list_of_streams); |
4152 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; |
4153 | 0 | } else { |
4154 | | /* |
4155 | | * we must queue it up and thus wait for the TSN's |
4156 | | * to arrive that are at or before tsn |
4157 | | */ |
4158 | 0 | struct sctp_stream_reset_list *liste; |
4159 | 0 | int siz; |
4160 | |
|
4161 | 0 | siz = sizeof(struct sctp_stream_reset_list) + (number_entries * sizeof(uint16_t)); |
4162 | 0 | SCTP_MALLOC(liste, struct sctp_stream_reset_list *, |
4163 | 0 | siz, SCTP_M_STRESET); |
4164 | 0 | if (liste == NULL) { |
4165 | | /* gak out of memory */ |
4166 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4167 | 0 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4168 | 0 | return; |
4169 | 0 | } |
4170 | 0 | liste->seq = seq; |
4171 | 0 | liste->tsn = tsn; |
4172 | 0 | liste->number_entries = number_entries; |
4173 | 0 | memcpy(&liste->list_of_streams, req->list_of_streams, number_entries * sizeof(uint16_t)); |
4174 | 0 | TAILQ_INSERT_TAIL(&asoc->resetHead, liste, next_resp); |
4175 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_IN_PROGRESS; |
4176 | 0 | } |
4177 | 0 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4178 | 0 | asoc->str_reset_seq_in++; |
4179 | 0 | } else if ((asoc->str_reset_seq_in - 1) == seq) { |
4180 | | /* |
4181 | | * one seq back, just echo back last action since my |
4182 | | * response was lost. |
4183 | | */ |
4184 | 0 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4185 | 0 | } else if ((asoc->str_reset_seq_in - 2) == seq) { |
4186 | | /* |
4187 | | * two seq back, just echo back last action since my |
4188 | | * response was lost. |
4189 | | */ |
4190 | 0 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]); |
4191 | 0 | } else { |
4192 | 0 | sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); |
4193 | 0 | } |
4194 | 0 | } |
4195 | | |
4196 | | static void |
4197 | | sctp_handle_str_reset_add_strm(struct sctp_tcb *stcb, struct sctp_tmit_chunk *chk, |
4198 | | struct sctp_stream_reset_add_strm *str_add) |
4199 | 0 | { |
4200 | | /* |
4201 | | * Peer is requesting to add more streams. |
4202 | | * If its within our max-streams we will |
4203 | | * allow it. |
4204 | | */ |
4205 | 0 | uint32_t num_stream, i; |
4206 | 0 | uint32_t seq; |
4207 | 0 | struct sctp_association *asoc = &stcb->asoc; |
4208 | 0 | struct sctp_queued_to_read *ctl, *nctl; |
4209 | | |
4210 | | /* Get the number. */ |
4211 | 0 | seq = ntohl(str_add->request_seq); |
4212 | 0 | num_stream = ntohs(str_add->number_of_streams); |
4213 | | /* Now what would be the new total? */ |
4214 | 0 | if (asoc->str_reset_seq_in == seq) { |
4215 | 0 | num_stream += stcb->asoc.streamincnt; |
4216 | 0 | stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0]; |
4217 | 0 | if ((asoc->local_strreset_support & SCTP_ENABLE_CHANGE_ASSOC_REQ) == 0) { |
4218 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4219 | 0 | } else if ((num_stream > stcb->asoc.max_inbound_streams) || |
4220 | 0 | (num_stream > 0xffff)) { |
4221 | | /* We must reject it they ask for to many */ |
4222 | 0 | denied: |
4223 | 0 | stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4224 | 0 | } else { |
4225 | | /* Ok, we can do that :-) */ |
4226 | 0 | struct sctp_stream_in *oldstrm; |
4227 | | |
4228 | | /* save off the old */ |
4229 | 0 | oldstrm = stcb->asoc.strmin; |
4230 | 0 | SCTP_MALLOC(stcb->asoc.strmin, struct sctp_stream_in *, |
4231 | 0 | (num_stream * sizeof(struct sctp_stream_in)), |
4232 | 0 | SCTP_M_STRMI); |
4233 | 0 | if (stcb->asoc.strmin == NULL) { |
4234 | 0 | stcb->asoc.strmin = oldstrm; |
4235 | 0 | goto denied; |
4236 | 0 | } |
4237 | | /* copy off the old data */ |
4238 | 0 | for (i = 0; i < stcb->asoc.streamincnt; i++) { |
4239 | 0 | TAILQ_INIT(&stcb->asoc.strmin[i].inqueue); |
4240 | 0 | TAILQ_INIT(&stcb->asoc.strmin[i].uno_inqueue); |
4241 | 0 | stcb->asoc.strmin[i].sid = i; |
4242 | 0 | stcb->asoc.strmin[i].last_mid_delivered = oldstrm[i].last_mid_delivered; |
4243 | 0 | stcb->asoc.strmin[i].delivery_started = oldstrm[i].delivery_started; |
4244 | 0 | stcb->asoc.strmin[i].pd_api_started = oldstrm[i].pd_api_started; |
4245 | | /* now anything on those queues? */ |
4246 | 0 | TAILQ_FOREACH_SAFE(ctl, &oldstrm[i].inqueue, next_instrm, nctl) { |
4247 | 0 | TAILQ_REMOVE(&oldstrm[i].inqueue, ctl, next_instrm); |
4248 | 0 | TAILQ_INSERT_TAIL(&stcb->asoc.strmin[i].inqueue, ctl, next_instrm); |
4249 | 0 | } |
4250 | 0 | TAILQ_FOREACH_SAFE(ctl, &oldstrm[i].uno_inqueue, next_instrm, nctl) { |
4251 | 0 | TAILQ_REMOVE(&oldstrm[i].uno_inqueue, ctl, next_instrm); |
4252 | 0 | TAILQ_INSERT_TAIL(&stcb->asoc.strmin[i].uno_inqueue, ctl, next_instrm); |
4253 | 0 | } |
4254 | 0 | } |
4255 | | /* Init the new streams */ |
4256 | 0 | for (i = stcb->asoc.streamincnt; i < num_stream; i++) { |
4257 | 0 | TAILQ_INIT(&stcb->asoc.strmin[i].inqueue); |
4258 | 0 | TAILQ_INIT(&stcb->asoc.strmin[i].uno_inqueue); |
4259 | 0 | stcb->asoc.strmin[i].sid = i; |
4260 | 0 | stcb->asoc.strmin[i].last_mid_delivered = 0xffffffff; |
4261 | 0 | stcb->asoc.strmin[i].pd_api_started = 0; |
4262 | 0 | stcb->asoc.strmin[i].delivery_started = 0; |
4263 | 0 | } |
4264 | 0 | SCTP_FREE(oldstrm, SCTP_M_STRMI); |
4265 | | /* update the size */ |
4266 | 0 | stcb->asoc.streamincnt = num_stream; |
4267 | 0 | stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; |
4268 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
4269 | 0 | } |
4270 | 0 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4271 | 0 | asoc->str_reset_seq_in++; |
4272 | 0 | } else if ((asoc->str_reset_seq_in - 1) == seq) { |
4273 | | /* |
4274 | | * one seq back, just echo back last action since my |
4275 | | * response was lost. |
4276 | | */ |
4277 | 0 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4278 | 0 | } else if ((asoc->str_reset_seq_in - 2) == seq) { |
4279 | | /* |
4280 | | * two seq back, just echo back last action since my |
4281 | | * response was lost. |
4282 | | */ |
4283 | 0 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]); |
4284 | 0 | } else { |
4285 | 0 | sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); |
4286 | 0 | } |
4287 | 0 | } |
4288 | | |
4289 | | static void |
4290 | | sctp_handle_str_reset_add_out_strm(struct sctp_tcb *stcb, struct sctp_tmit_chunk *chk, |
4291 | | struct sctp_stream_reset_add_strm *str_add) |
4292 | 0 | { |
4293 | | /* |
4294 | | * Peer is requesting to add more streams. |
4295 | | * If its within our max-streams we will |
4296 | | * allow it. |
4297 | | */ |
4298 | 0 | uint16_t num_stream; |
4299 | 0 | uint32_t seq; |
4300 | 0 | struct sctp_association *asoc = &stcb->asoc; |
4301 | | |
4302 | | /* Get the number. */ |
4303 | 0 | seq = ntohl(str_add->request_seq); |
4304 | 0 | num_stream = ntohs(str_add->number_of_streams); |
4305 | | /* Now what would be the new total? */ |
4306 | 0 | if (asoc->str_reset_seq_in == seq) { |
4307 | 0 | stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0]; |
4308 | 0 | if ((asoc->local_strreset_support & SCTP_ENABLE_CHANGE_ASSOC_REQ) == 0) { |
4309 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4310 | 0 | } else if (stcb->asoc.stream_reset_outstanding) { |
4311 | | /* We must reject it we have something pending */ |
4312 | 0 | stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_ERR_IN_PROGRESS; |
4313 | 0 | } else { |
4314 | | /* Ok, we can do that :-) */ |
4315 | 0 | int mychk; |
4316 | 0 | mychk = stcb->asoc.streamoutcnt; |
4317 | 0 | mychk += num_stream; |
4318 | 0 | if (mychk < 0x10000) { |
4319 | 0 | stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; |
4320 | 0 | if (sctp_send_str_reset_req(stcb, 0, NULL, 0, 0, 1, num_stream, 0, 1)) { |
4321 | 0 | stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4322 | 0 | } |
4323 | 0 | } else { |
4324 | 0 | stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4325 | 0 | } |
4326 | 0 | } |
4327 | 0 | sctp_add_stream_reset_result(chk, seq, stcb->asoc.last_reset_action[0]); |
4328 | 0 | asoc->str_reset_seq_in++; |
4329 | 0 | } else if ((asoc->str_reset_seq_in - 1) == seq) { |
4330 | | /* |
4331 | | * one seq back, just echo back last action since my |
4332 | | * response was lost. |
4333 | | */ |
4334 | 0 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4335 | 0 | } else if ((asoc->str_reset_seq_in - 2) == seq) { |
4336 | | /* |
4337 | | * two seq back, just echo back last action since my |
4338 | | * response was lost. |
4339 | | */ |
4340 | 0 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]); |
4341 | 0 | } else { |
4342 | 0 | sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); |
4343 | 0 | } |
4344 | 0 | } |
4345 | | |
4346 | | #ifdef __GNUC__ |
4347 | | __attribute__ ((noinline)) |
4348 | | #endif |
4349 | | static int |
4350 | | sctp_handle_stream_reset(struct sctp_tcb *stcb, struct mbuf *m, int offset, |
4351 | | struct sctp_chunkhdr *ch_req) |
4352 | 0 | { |
4353 | 0 | uint16_t remaining_length, param_len, ptype; |
4354 | 0 | struct sctp_paramhdr pstore; |
4355 | 0 | uint8_t cstore[SCTP_CHUNK_BUFFER_SIZE]; |
4356 | 0 | uint32_t seq = 0; |
4357 | 0 | int num_req = 0; |
4358 | 0 | int trunc = 0; |
4359 | 0 | struct sctp_tmit_chunk *chk; |
4360 | 0 | struct sctp_chunkhdr *ch; |
4361 | 0 | struct sctp_paramhdr *ph; |
4362 | 0 | int ret_code = 0; |
4363 | 0 | int num_param = 0; |
4364 | | |
4365 | | /* now it may be a reset or a reset-response */ |
4366 | 0 | remaining_length = ntohs(ch_req->chunk_length) - sizeof(struct sctp_chunkhdr); |
4367 | | |
4368 | | /* setup for adding the response */ |
4369 | 0 | sctp_alloc_a_chunk(stcb, chk); |
4370 | 0 | if (chk == NULL) { |
4371 | 0 | return (ret_code); |
4372 | 0 | } |
4373 | 0 | chk->copy_by_ref = 0; |
4374 | 0 | chk->rec.chunk_id.id = SCTP_STREAM_RESET; |
4375 | 0 | chk->rec.chunk_id.can_take_data = 0; |
4376 | 0 | chk->flags = 0; |
4377 | 0 | chk->asoc = &stcb->asoc; |
4378 | 0 | chk->no_fr_allowed = 0; |
4379 | 0 | chk->book_size = chk->send_size = sizeof(struct sctp_chunkhdr); |
4380 | 0 | chk->book_size_scale = 0; |
4381 | 0 | chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); |
4382 | 0 | if (chk->data == NULL) { |
4383 | 0 | strres_nochunk: |
4384 | 0 | if (chk->data) { |
4385 | 0 | sctp_m_freem(chk->data); |
4386 | 0 | chk->data = NULL; |
4387 | 0 | } |
4388 | 0 | sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); |
4389 | 0 | return (ret_code); |
4390 | 0 | } |
4391 | 0 | SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); |
4392 | | |
4393 | | /* setup chunk parameters */ |
4394 | 0 | chk->sent = SCTP_DATAGRAM_UNSENT; |
4395 | 0 | chk->snd_count = 0; |
4396 | 0 | chk->whoTo = NULL; |
4397 | |
|
4398 | 0 | ch = mtod(chk->data, struct sctp_chunkhdr *); |
4399 | 0 | ch->chunk_type = SCTP_STREAM_RESET; |
4400 | 0 | ch->chunk_flags = 0; |
4401 | 0 | ch->chunk_length = htons(chk->send_size); |
4402 | 0 | SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); |
4403 | 0 | offset += sizeof(struct sctp_chunkhdr); |
4404 | 0 | while (remaining_length >= sizeof(struct sctp_paramhdr)) { |
4405 | 0 | ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, sizeof(pstore), (uint8_t *)&pstore); |
4406 | 0 | if (ph == NULL) { |
4407 | | /* TSNH */ |
4408 | 0 | break; |
4409 | 0 | } |
4410 | 0 | param_len = ntohs(ph->param_length); |
4411 | 0 | if ((param_len > remaining_length) || |
4412 | 0 | (param_len < (sizeof(struct sctp_paramhdr) + sizeof(uint32_t)))) { |
4413 | | /* bad parameter length */ |
4414 | 0 | break; |
4415 | 0 | } |
4416 | 0 | ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, min(param_len, sizeof(cstore)), |
4417 | 0 | (uint8_t *)&cstore); |
4418 | 0 | if (ph == NULL) { |
4419 | | /* TSNH */ |
4420 | 0 | break; |
4421 | 0 | } |
4422 | 0 | ptype = ntohs(ph->param_type); |
4423 | 0 | num_param++; |
4424 | 0 | if (param_len > sizeof(cstore)) { |
4425 | 0 | trunc = 1; |
4426 | 0 | } else { |
4427 | 0 | trunc = 0; |
4428 | 0 | } |
4429 | 0 | if (num_param > SCTP_MAX_RESET_PARAMS) { |
4430 | | /* hit the max of parameters already sorry.. */ |
4431 | 0 | break; |
4432 | 0 | } |
4433 | 0 | if (ptype == SCTP_STR_RESET_OUT_REQUEST) { |
4434 | 0 | struct sctp_stream_reset_out_request *req_out; |
4435 | |
|
4436 | 0 | if (param_len < sizeof(struct sctp_stream_reset_out_request)) { |
4437 | 0 | break; |
4438 | 0 | } |
4439 | 0 | req_out = (struct sctp_stream_reset_out_request *)ph; |
4440 | 0 | num_req++; |
4441 | 0 | if (stcb->asoc.stream_reset_outstanding) { |
4442 | 0 | seq = ntohl(req_out->response_seq); |
4443 | 0 | if (seq == stcb->asoc.str_reset_seq_out) { |
4444 | | /* implicit ack */ |
4445 | 0 | (void)sctp_handle_stream_reset_response(stcb, seq, SCTP_STREAM_RESET_RESULT_PERFORMED, NULL); |
4446 | 0 | } |
4447 | 0 | } |
4448 | 0 | sctp_handle_str_reset_request_out(stcb, chk, req_out, trunc); |
4449 | 0 | } else if (ptype == SCTP_STR_RESET_ADD_OUT_STREAMS) { |
4450 | 0 | struct sctp_stream_reset_add_strm *str_add; |
4451 | |
|
4452 | 0 | if (param_len < sizeof(struct sctp_stream_reset_add_strm)) { |
4453 | 0 | break; |
4454 | 0 | } |
4455 | 0 | str_add = (struct sctp_stream_reset_add_strm *)ph; |
4456 | 0 | num_req++; |
4457 | 0 | sctp_handle_str_reset_add_strm(stcb, chk, str_add); |
4458 | 0 | } else if (ptype == SCTP_STR_RESET_ADD_IN_STREAMS) { |
4459 | 0 | struct sctp_stream_reset_add_strm *str_add; |
4460 | |
|
4461 | 0 | if (param_len < sizeof(struct sctp_stream_reset_add_strm)) { |
4462 | 0 | break; |
4463 | 0 | } |
4464 | 0 | str_add = (struct sctp_stream_reset_add_strm *)ph; |
4465 | 0 | num_req++; |
4466 | 0 | sctp_handle_str_reset_add_out_strm(stcb, chk, str_add); |
4467 | 0 | } else if (ptype == SCTP_STR_RESET_IN_REQUEST) { |
4468 | 0 | struct sctp_stream_reset_in_request *req_in; |
4469 | |
|
4470 | 0 | num_req++; |
4471 | 0 | req_in = (struct sctp_stream_reset_in_request *)ph; |
4472 | 0 | sctp_handle_str_reset_request_in(stcb, chk, req_in, trunc); |
4473 | 0 | } else if (ptype == SCTP_STR_RESET_TSN_REQUEST) { |
4474 | 0 | struct sctp_stream_reset_tsn_request *req_tsn; |
4475 | |
|
4476 | 0 | num_req++; |
4477 | 0 | req_tsn = (struct sctp_stream_reset_tsn_request *)ph; |
4478 | 0 | if (sctp_handle_str_reset_request_tsn(stcb, chk, req_tsn)) { |
4479 | 0 | ret_code = 1; |
4480 | 0 | goto strres_nochunk; |
4481 | 0 | } |
4482 | | /* no more */ |
4483 | 0 | break; |
4484 | 0 | } else if (ptype == SCTP_STR_RESET_RESPONSE) { |
4485 | 0 | struct sctp_stream_reset_response *resp; |
4486 | 0 | uint32_t result; |
4487 | |
|
4488 | 0 | if (param_len < sizeof(struct sctp_stream_reset_response)) { |
4489 | 0 | break; |
4490 | 0 | } |
4491 | 0 | resp = (struct sctp_stream_reset_response *)ph; |
4492 | 0 | seq = ntohl(resp->response_seq); |
4493 | 0 | result = ntohl(resp->result); |
4494 | 0 | if (sctp_handle_stream_reset_response(stcb, seq, result, resp)) { |
4495 | 0 | ret_code = 1; |
4496 | 0 | goto strres_nochunk; |
4497 | 0 | } |
4498 | 0 | } else { |
4499 | 0 | break; |
4500 | 0 | } |
4501 | 0 | offset += SCTP_SIZE32(param_len); |
4502 | 0 | if (remaining_length >= SCTP_SIZE32(param_len)) { |
4503 | 0 | remaining_length -= SCTP_SIZE32(param_len); |
4504 | 0 | } else { |
4505 | 0 | remaining_length = 0; |
4506 | 0 | } |
4507 | 0 | } |
4508 | 0 | if (num_req == 0) { |
4509 | | /* we have no response free the stuff */ |
4510 | 0 | goto strres_nochunk; |
4511 | 0 | } |
4512 | | /* ok we have a chunk to link in */ |
4513 | 0 | TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, |
4514 | 0 | chk, |
4515 | 0 | sctp_next); |
4516 | 0 | stcb->asoc.ctrl_queue_cnt++; |
4517 | 0 | return (ret_code); |
4518 | 0 | } |
4519 | | |
4520 | | /* |
4521 | | * Handle a router or endpoints report of a packet loss, there are two ways |
4522 | | * to handle this, either we get the whole packet and must disect it |
4523 | | * ourselves (possibly with truncation and or corruption) or it is a summary |
4524 | | * from a middle box that did the disecting for us. |
4525 | | */ |
4526 | | static void |
4527 | | sctp_handle_packet_dropped(struct sctp_pktdrop_chunk *cp, |
4528 | | struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t limit) |
4529 | 0 | { |
4530 | 0 | struct sctp_chunk_desc desc; |
4531 | 0 | struct sctp_chunkhdr *chk_hdr; |
4532 | 0 | struct sctp_data_chunk *data_chunk; |
4533 | 0 | struct sctp_idata_chunk *idata_chunk; |
4534 | 0 | uint32_t bottle_bw, on_queue; |
4535 | 0 | uint32_t offset, chk_len; |
4536 | 0 | uint16_t pktdrp_len; |
4537 | 0 | uint8_t pktdrp_flags; |
4538 | |
|
4539 | 0 | KASSERT(sizeof(struct sctp_pktdrop_chunk) <= limit, |
4540 | 0 | ("PKTDROP chunk too small")); |
4541 | 0 | pktdrp_flags = cp->ch.chunk_flags; |
4542 | 0 | pktdrp_len = ntohs(cp->ch.chunk_length); |
4543 | 0 | KASSERT(limit <= pktdrp_len, ("Inconsistent limit")); |
4544 | 0 | if (pktdrp_flags & SCTP_PACKET_TRUNCATED) { |
4545 | 0 | if (ntohs(cp->trunc_len) <= pktdrp_len - sizeof(struct sctp_pktdrop_chunk)) { |
4546 | | /* The peer plays games with us. */ |
4547 | 0 | return; |
4548 | 0 | } |
4549 | 0 | } |
4550 | 0 | limit -= sizeof(struct sctp_pktdrop_chunk); |
4551 | 0 | offset = 0; |
4552 | 0 | if (offset == limit) { |
4553 | 0 | if (pktdrp_flags & SCTP_FROM_MIDDLE_BOX) { |
4554 | 0 | SCTP_STAT_INCR(sctps_pdrpbwrpt); |
4555 | 0 | } |
4556 | 0 | } else if (offset + sizeof(struct sctphdr) > limit) { |
4557 | | /* Only a partial SCTP common header. */ |
4558 | 0 | SCTP_STAT_INCR(sctps_pdrpcrupt); |
4559 | 0 | offset = limit; |
4560 | 0 | } else { |
4561 | | /* XXX: Check embedded SCTP common header. */ |
4562 | 0 | offset += sizeof(struct sctphdr); |
4563 | 0 | } |
4564 | | /* Now parse through the chunks themselves. */ |
4565 | 0 | while (offset < limit) { |
4566 | 0 | if (offset + sizeof(struct sctp_chunkhdr) > limit) { |
4567 | 0 | SCTP_STAT_INCR(sctps_pdrpcrupt); |
4568 | 0 | break; |
4569 | 0 | } |
4570 | 0 | chk_hdr = (struct sctp_chunkhdr *)(cp->data + offset); |
4571 | 0 | desc.chunk_type = chk_hdr->chunk_type; |
4572 | | /* get amount we need to move */ |
4573 | 0 | chk_len = (uint32_t)ntohs(chk_hdr->chunk_length); |
4574 | 0 | if (chk_len < sizeof(struct sctp_chunkhdr)) { |
4575 | | /* Someone is lying... */ |
4576 | 0 | break; |
4577 | 0 | } |
4578 | 0 | if (desc.chunk_type == SCTP_DATA) { |
4579 | 0 | if (stcb->asoc.idata_supported) { |
4580 | | /* Some is playing games with us. */ |
4581 | 0 | break; |
4582 | 0 | } |
4583 | 0 | if (chk_len <= sizeof(struct sctp_data_chunk)) { |
4584 | | /* Some is playing games with us. */ |
4585 | 0 | break; |
4586 | 0 | } |
4587 | 0 | if (chk_len < sizeof(struct sctp_data_chunk) + SCTP_NUM_DB_TO_VERIFY) { |
4588 | | /* Not enough data bytes available in the chunk. */ |
4589 | 0 | SCTP_STAT_INCR(sctps_pdrpnedat); |
4590 | 0 | goto next_chunk; |
4591 | 0 | } |
4592 | 0 | if (offset + sizeof(struct sctp_data_chunk) + SCTP_NUM_DB_TO_VERIFY > limit) { |
4593 | | /* Not enough data in buffer. */ |
4594 | 0 | break; |
4595 | 0 | } |
4596 | 0 | data_chunk = (struct sctp_data_chunk *)(cp->data + offset); |
4597 | 0 | memcpy(desc.data_bytes, data_chunk + 1, SCTP_NUM_DB_TO_VERIFY); |
4598 | 0 | desc.tsn_ifany = data_chunk->dp.tsn; |
4599 | 0 | if (pktdrp_flags & SCTP_FROM_MIDDLE_BOX) { |
4600 | 0 | SCTP_STAT_INCR(sctps_pdrpmbda); |
4601 | 0 | } |
4602 | 0 | } else if (desc.chunk_type == SCTP_IDATA) { |
4603 | 0 | if (!stcb->asoc.idata_supported) { |
4604 | | /* Some is playing games with us. */ |
4605 | 0 | break; |
4606 | 0 | } |
4607 | 0 | if (chk_len <= sizeof(struct sctp_idata_chunk)) { |
4608 | | /* Some is playing games with us. */ |
4609 | 0 | break; |
4610 | 0 | } |
4611 | 0 | if (chk_len < sizeof(struct sctp_idata_chunk) + SCTP_NUM_DB_TO_VERIFY) { |
4612 | | /* Not enough data bytes available in the chunk. */ |
4613 | 0 | SCTP_STAT_INCR(sctps_pdrpnedat); |
4614 | 0 | goto next_chunk; |
4615 | 0 | } |
4616 | 0 | if (offset + sizeof(struct sctp_idata_chunk) + SCTP_NUM_DB_TO_VERIFY > limit) { |
4617 | | /* Not enough data in buffer. */ |
4618 | 0 | break; |
4619 | 0 | } |
4620 | 0 | idata_chunk = (struct sctp_idata_chunk *)(cp->data + offset); |
4621 | 0 | memcpy(desc.data_bytes, idata_chunk + 1, SCTP_NUM_DB_TO_VERIFY); |
4622 | 0 | desc.tsn_ifany = idata_chunk->dp.tsn; |
4623 | 0 | if (pktdrp_flags & SCTP_FROM_MIDDLE_BOX) { |
4624 | 0 | SCTP_STAT_INCR(sctps_pdrpmbda); |
4625 | 0 | } |
4626 | 0 | } else { |
4627 | 0 | desc.tsn_ifany = htonl(0); |
4628 | 0 | memset(desc.data_bytes, 0, SCTP_NUM_DB_TO_VERIFY); |
4629 | 0 | if (pktdrp_flags & SCTP_FROM_MIDDLE_BOX) { |
4630 | 0 | SCTP_STAT_INCR(sctps_pdrpmbct); |
4631 | 0 | } |
4632 | 0 | } |
4633 | 0 | if (process_chunk_drop(stcb, &desc, net, pktdrp_flags)) { |
4634 | 0 | SCTP_STAT_INCR(sctps_pdrppdbrk); |
4635 | 0 | break; |
4636 | 0 | } |
4637 | 0 | next_chunk: |
4638 | 0 | offset += SCTP_SIZE32(chk_len); |
4639 | 0 | } |
4640 | | /* Now update any rwnd --- possibly */ |
4641 | 0 | if ((pktdrp_flags & SCTP_FROM_MIDDLE_BOX) == 0) { |
4642 | | /* From a peer, we get a rwnd report */ |
4643 | 0 | uint32_t a_rwnd; |
4644 | |
|
4645 | 0 | SCTP_STAT_INCR(sctps_pdrpfehos); |
4646 | |
|
4647 | 0 | bottle_bw = ntohl(cp->bottle_bw); |
4648 | 0 | on_queue = ntohl(cp->current_onq); |
4649 | 0 | if (bottle_bw && on_queue) { |
4650 | | /* a rwnd report is in here */ |
4651 | 0 | if (bottle_bw > on_queue) |
4652 | 0 | a_rwnd = bottle_bw - on_queue; |
4653 | 0 | else |
4654 | 0 | a_rwnd = 0; |
4655 | |
|
4656 | 0 | if (a_rwnd == 0) |
4657 | 0 | stcb->asoc.peers_rwnd = 0; |
4658 | 0 | else { |
4659 | 0 | if (a_rwnd > stcb->asoc.total_flight) { |
4660 | 0 | stcb->asoc.peers_rwnd = |
4661 | 0 | a_rwnd - stcb->asoc.total_flight; |
4662 | 0 | } else { |
4663 | 0 | stcb->asoc.peers_rwnd = 0; |
4664 | 0 | } |
4665 | 0 | if (stcb->asoc.peers_rwnd < |
4666 | 0 | stcb->sctp_ep->sctp_ep.sctp_sws_sender) { |
4667 | | /* SWS sender side engages */ |
4668 | 0 | stcb->asoc.peers_rwnd = 0; |
4669 | 0 | } |
4670 | 0 | } |
4671 | 0 | } |
4672 | 0 | } else { |
4673 | 0 | SCTP_STAT_INCR(sctps_pdrpfmbox); |
4674 | 0 | } |
4675 | | |
4676 | | /* now middle boxes in sat networks get a cwnd bump */ |
4677 | 0 | if ((pktdrp_flags & SCTP_FROM_MIDDLE_BOX) && |
4678 | 0 | (stcb->asoc.sat_t3_loss_recovery == 0) && |
4679 | 0 | (stcb->asoc.sat_network)) { |
4680 | | /* |
4681 | | * This is debatable but for sat networks it makes sense |
4682 | | * Note if a T3 timer has went off, we will prohibit any |
4683 | | * changes to cwnd until we exit the t3 loss recovery. |
4684 | | */ |
4685 | 0 | stcb->asoc.cc_functions.sctp_cwnd_update_after_packet_dropped(stcb, |
4686 | 0 | net, cp, &bottle_bw, &on_queue); |
4687 | 0 | } |
4688 | 0 | } |
4689 | | |
4690 | | /* |
4691 | | * handles all control chunks in a packet inputs: - m: mbuf chain, assumed to |
4692 | | * still contain IP/SCTP header - stcb: is the tcb found for this packet - |
4693 | | * offset: offset into the mbuf chain to first chunkhdr - length: is the |
4694 | | * length of the complete packet outputs: - length: modified to remaining |
4695 | | * length after control processing - netp: modified to new sctp_nets after |
4696 | | * cookie-echo processing - return NULL to discard the packet (ie. no asoc, |
4697 | | * bad packet,...) otherwise return the tcb for this packet |
4698 | | */ |
4699 | | #ifdef __GNUC__ |
4700 | | __attribute__ ((noinline)) |
4701 | | #endif |
4702 | | static struct sctp_tcb * |
4703 | | sctp_process_control(struct mbuf *m, int iphlen, int *offset, int length, |
4704 | | struct sockaddr *src, struct sockaddr *dst, |
4705 | | struct sctphdr *sh, struct sctp_chunkhdr *ch, struct sctp_inpcb *inp, |
4706 | | struct sctp_tcb *stcb, struct sctp_nets **netp, int *fwd_tsn_seen, |
4707 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
4708 | | uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum, |
4709 | | #endif |
4710 | | uint32_t vrf_id, uint16_t port) |
4711 | 279k | { |
4712 | 279k | struct sctp_association *asoc; |
4713 | 279k | struct mbuf *op_err; |
4714 | 279k | char msg[SCTP_DIAG_INFO_LEN]; |
4715 | 279k | uint32_t vtag_in; |
4716 | 279k | int num_chunks = 0; /* number of control chunks processed */ |
4717 | 279k | uint32_t chk_length, contiguous; |
4718 | 279k | int ret; |
4719 | 279k | int abort_no_unlock = 0; |
4720 | 279k | int ecne_seen = 0; |
4721 | 279k | int abort_flag; |
4722 | | /* |
4723 | | * How big should this be, and should it be alloc'd? Lets try the |
4724 | | * d-mtu-ceiling for now (2k) and that should hopefully work ... |
4725 | | * until we get into jumbo grams and such.. |
4726 | | */ |
4727 | 279k | uint8_t chunk_buf[SCTP_CHUNK_BUFFER_SIZE]; |
4728 | 279k | int got_auth = 0; |
4729 | 279k | uint32_t auth_offset = 0, auth_len = 0; |
4730 | 279k | int auth_skipped = 0; |
4731 | 279k | int asconf_cnt = 0; |
4732 | | #if defined(__APPLE__) && !defined(__Userspace__) |
4733 | | struct socket *so; |
4734 | | #endif |
4735 | | |
4736 | 279k | SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_process_control: iphlen=%u, offset=%u, length=%u stcb:%p\n", |
4737 | 279k | iphlen, *offset, length, (void *)stcb); |
4738 | | |
4739 | 279k | if (stcb) { |
4740 | 279k | SCTP_TCB_LOCK_ASSERT(stcb); |
4741 | 279k | } |
4742 | | /* validate chunk header length... */ |
4743 | 279k | if (ntohs(ch->chunk_length) < sizeof(*ch)) { |
4744 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "Invalid header length %d\n", |
4745 | 0 | ntohs(ch->chunk_length)); |
4746 | 0 | *offset = length; |
4747 | 0 | return (stcb); |
4748 | 0 | } |
4749 | | /* |
4750 | | * validate the verification tag |
4751 | | */ |
4752 | 279k | vtag_in = ntohl(sh->v_tag); |
4753 | | |
4754 | 279k | if (ch->chunk_type == SCTP_INITIATION) { |
4755 | 489 | SCTPDBG(SCTP_DEBUG_INPUT1, "Its an INIT of len:%d vtag:%x\n", |
4756 | 489 | ntohs(ch->chunk_length), vtag_in); |
4757 | 489 | if (vtag_in != 0) { |
4758 | | /* protocol error- silently discard... */ |
4759 | 489 | SCTP_STAT_INCR(sctps_badvtag); |
4760 | 489 | if (stcb != NULL) { |
4761 | 489 | SCTP_TCB_UNLOCK(stcb); |
4762 | 489 | } |
4763 | 489 | return (NULL); |
4764 | 489 | } |
4765 | 278k | } else if (ch->chunk_type != SCTP_COOKIE_ECHO) { |
4766 | | /* |
4767 | | * If there is no stcb, skip the AUTH chunk and process |
4768 | | * later after a stcb is found (to validate the lookup was |
4769 | | * valid. |
4770 | | */ |
4771 | 257k | if ((ch->chunk_type == SCTP_AUTHENTICATION) && |
4772 | 3.87k | (stcb == NULL) && |
4773 | 0 | (inp->auth_supported == 1)) { |
4774 | | /* save this chunk for later processing */ |
4775 | 0 | auth_skipped = 1; |
4776 | 0 | auth_offset = *offset; |
4777 | 0 | auth_len = ntohs(ch->chunk_length); |
4778 | | |
4779 | | /* (temporarily) move past this chunk */ |
4780 | 0 | *offset += SCTP_SIZE32(auth_len); |
4781 | 0 | if (*offset >= length) { |
4782 | | /* no more data left in the mbuf chain */ |
4783 | 0 | *offset = length; |
4784 | 0 | return (NULL); |
4785 | 0 | } |
4786 | 0 | ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset, |
4787 | 0 | sizeof(struct sctp_chunkhdr), chunk_buf); |
4788 | 0 | } |
4789 | 257k | if (ch == NULL) { |
4790 | | /* Help */ |
4791 | 0 | *offset = length; |
4792 | 0 | return (stcb); |
4793 | 0 | } |
4794 | 257k | if (ch->chunk_type == SCTP_COOKIE_ECHO) { |
4795 | 0 | goto process_control_chunks; |
4796 | 0 | } |
4797 | | /* |
4798 | | * first check if it's an ASCONF with an unknown src addr we |
4799 | | * need to look inside to find the association |
4800 | | */ |
4801 | 257k | if (ch->chunk_type == SCTP_ASCONF && stcb == NULL) { |
4802 | 0 | struct sctp_chunkhdr *asconf_ch = ch; |
4803 | 0 | uint32_t asconf_offset = 0, asconf_len = 0; |
4804 | | |
4805 | | /* inp's refcount may be reduced */ |
4806 | 0 | SCTP_INP_INCR_REF(inp); |
4807 | |
|
4808 | 0 | asconf_offset = *offset; |
4809 | 0 | do { |
4810 | 0 | asconf_len = ntohs(asconf_ch->chunk_length); |
4811 | 0 | if (asconf_len < sizeof(struct sctp_asconf_paramhdr)) |
4812 | 0 | break; |
4813 | 0 | stcb = sctp_findassociation_ep_asconf(m, |
4814 | 0 | *offset, |
4815 | 0 | dst, |
4816 | 0 | sh, &inp, netp, vrf_id); |
4817 | 0 | if (stcb != NULL) |
4818 | 0 | break; |
4819 | 0 | asconf_offset += SCTP_SIZE32(asconf_len); |
4820 | 0 | asconf_ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, asconf_offset, |
4821 | 0 | sizeof(struct sctp_chunkhdr), chunk_buf); |
4822 | 0 | } while (asconf_ch != NULL && asconf_ch->chunk_type == SCTP_ASCONF); |
4823 | 0 | if (stcb == NULL) { |
4824 | | /* |
4825 | | * reduce inp's refcount if not reduced in |
4826 | | * sctp_findassociation_ep_asconf(). |
4827 | | */ |
4828 | 0 | SCTP_INP_DECR_REF(inp); |
4829 | 0 | } |
4830 | | |
4831 | | /* now go back and verify any auth chunk to be sure */ |
4832 | 0 | if (auth_skipped && (stcb != NULL)) { |
4833 | 0 | struct sctp_auth_chunk *auth; |
4834 | |
|
4835 | 0 | if (auth_len <= SCTP_CHUNK_BUFFER_SIZE) { |
4836 | 0 | auth = (struct sctp_auth_chunk *)sctp_m_getptr(m, auth_offset, auth_len, chunk_buf); |
4837 | 0 | got_auth = 1; |
4838 | 0 | auth_skipped = 0; |
4839 | 0 | } else { |
4840 | 0 | auth = NULL; |
4841 | 0 | } |
4842 | 0 | if ((auth == NULL) || sctp_handle_auth(stcb, auth, m, |
4843 | 0 | auth_offset)) { |
4844 | | /* auth HMAC failed so dump it */ |
4845 | 0 | *offset = length; |
4846 | 0 | return (stcb); |
4847 | 0 | } else { |
4848 | | /* remaining chunks are HMAC checked */ |
4849 | 0 | stcb->asoc.authenticated = 1; |
4850 | 0 | } |
4851 | 0 | } |
4852 | 0 | } |
4853 | 257k | if (stcb == NULL) { |
4854 | 0 | SCTP_SNPRINTF(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); |
4855 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
4856 | 0 | msg); |
4857 | | /* no association, so it's out of the blue... */ |
4858 | 0 | sctp_handle_ootb(m, iphlen, *offset, src, dst, sh, inp, op_err, |
4859 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
4860 | | mflowtype, mflowid, inp->fibnum, |
4861 | | #endif |
4862 | 0 | vrf_id, port); |
4863 | 0 | *offset = length; |
4864 | 0 | return (NULL); |
4865 | 0 | } |
4866 | 257k | asoc = &stcb->asoc; |
4867 | | /* ABORT and SHUTDOWN can use either v_tag... */ |
4868 | 257k | if ((ch->chunk_type == SCTP_ABORT_ASSOCIATION) || |
4869 | 255k | (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) || |
4870 | 247k | (ch->chunk_type == SCTP_PACKET_DROPPED)) { |
4871 | | /* Take the T-bit always into account. */ |
4872 | 10.3k | if ((((ch->chunk_flags & SCTP_HAD_NO_TCB) == 0) && |
4873 | 8.43k | (vtag_in == asoc->my_vtag)) || |
4874 | 10.3k | (((ch->chunk_flags & SCTP_HAD_NO_TCB) == SCTP_HAD_NO_TCB) && |
4875 | 1.95k | (asoc->peer_vtag != htonl(0)) && |
4876 | 1.95k | (vtag_in == asoc->peer_vtag))) { |
4877 | | /* this is valid */ |
4878 | 10.3k | } else { |
4879 | | /* drop this packet... */ |
4880 | 10.3k | SCTP_STAT_INCR(sctps_badvtag); |
4881 | 10.3k | if (stcb != NULL) { |
4882 | 10.3k | SCTP_TCB_UNLOCK(stcb); |
4883 | 10.3k | } |
4884 | 10.3k | return (NULL); |
4885 | 10.3k | } |
4886 | 247k | } else { |
4887 | | /* for all other chunks, vtag must match */ |
4888 | 247k | if (vtag_in != asoc->my_vtag) { |
4889 | | /* invalid vtag... */ |
4890 | 243k | SCTPDBG(SCTP_DEBUG_INPUT3, |
4891 | 243k | "invalid vtag: %xh, expect %xh\n", |
4892 | 243k | vtag_in, asoc->my_vtag); |
4893 | 243k | SCTP_STAT_INCR(sctps_badvtag); |
4894 | 243k | if (stcb != NULL) { |
4895 | 243k | SCTP_TCB_UNLOCK(stcb); |
4896 | 243k | } |
4897 | 243k | *offset = length; |
4898 | 243k | return (NULL); |
4899 | 243k | } |
4900 | 247k | } |
4901 | 257k | } /* end if !SCTP_COOKIE_ECHO */ |
4902 | | /* |
4903 | | * process all control chunks... |
4904 | | */ |
4905 | 24.3k | if (((ch->chunk_type == SCTP_SELECTIVE_ACK) || |
4906 | 24.3k | (ch->chunk_type == SCTP_NR_SELECTIVE_ACK) || |
4907 | 24.3k | (ch->chunk_type == SCTP_HEARTBEAT_REQUEST)) && |
4908 | 0 | (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { |
4909 | | /* implied cookie-ack.. we must have lost the ack */ |
4910 | 0 | sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, |
4911 | 0 | *netp); |
4912 | 0 | } |
4913 | | |
4914 | 24.3k | process_control_chunks: |
4915 | 24.3k | while (IS_SCTP_CONTROL(ch)) { |
4916 | | /* validate chunk length */ |
4917 | 24.3k | chk_length = ntohs(ch->chunk_length); |
4918 | 24.3k | SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_process_control: processing a chunk type=%u, len=%u\n", |
4919 | 24.3k | ch->chunk_type, chk_length); |
4920 | 24.3k | SCTP_LTRACE_CHK(inp, stcb, ch->chunk_type, chk_length); |
4921 | 24.3k | if (chk_length < sizeof(*ch) || |
4922 | 24.3k | (*offset + (int)chk_length) > length) { |
4923 | 186 | *offset = length; |
4924 | 186 | return (stcb); |
4925 | 186 | } |
4926 | 24.1k | SCTP_STAT_INCR_COUNTER64(sctps_incontrolchunks); |
4927 | | /* |
4928 | | * INIT and INIT-ACK only gets the init ack "header" portion |
4929 | | * only because we don't have to process the peer's COOKIE. |
4930 | | * All others get a complete chunk. |
4931 | | */ |
4932 | 24.1k | switch (ch->chunk_type) { |
4933 | 0 | case SCTP_INITIATION: |
4934 | 0 | contiguous = sizeof(struct sctp_init_chunk); |
4935 | 0 | break; |
4936 | 1.59k | case SCTP_INITIATION_ACK: |
4937 | 1.59k | contiguous = sizeof(struct sctp_init_ack_chunk); |
4938 | 1.59k | break; |
4939 | 22.5k | default: |
4940 | 22.5k | contiguous = min(chk_length, sizeof(chunk_buf)); |
4941 | 22.5k | break; |
4942 | 24.1k | } |
4943 | 24.1k | ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset, |
4944 | 24.1k | contiguous, |
4945 | 24.1k | chunk_buf); |
4946 | 24.1k | if (ch == NULL) { |
4947 | 0 | *offset = length; |
4948 | 0 | return (stcb); |
4949 | 0 | } |
4950 | | |
4951 | 24.1k | num_chunks++; |
4952 | | /* Save off the last place we got a control from */ |
4953 | 24.1k | if (stcb != NULL) { |
4954 | 24.1k | if (((netp != NULL) && (*netp != NULL)) || (ch->chunk_type == SCTP_ASCONF)) { |
4955 | | /* |
4956 | | * allow last_control to be NULL if |
4957 | | * ASCONF... ASCONF processing will find the |
4958 | | * right net later |
4959 | | */ |
4960 | 24.1k | if ((netp != NULL) && (*netp != NULL)) |
4961 | 24.1k | stcb->asoc.last_control_chunk_from = *netp; |
4962 | 24.1k | } |
4963 | 24.1k | } |
4964 | | #ifdef SCTP_AUDITING_ENABLED |
4965 | | sctp_audit_log(0xB0, ch->chunk_type); |
4966 | | #endif |
4967 | | |
4968 | | /* check to see if this chunk required auth, but isn't */ |
4969 | 24.1k | if ((stcb != NULL) && |
4970 | 24.1k | sctp_auth_is_required_chunk(ch->chunk_type, stcb->asoc.local_auth_chunks) && |
4971 | 0 | !stcb->asoc.authenticated) { |
4972 | | /* "silently" ignore */ |
4973 | 0 | SCTP_STAT_INCR(sctps_recvauthmissing); |
4974 | 0 | goto next_chunk; |
4975 | 0 | } |
4976 | 24.1k | switch (ch->chunk_type) { |
4977 | 0 | case SCTP_INITIATION: |
4978 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_INIT\n"); |
4979 | | /* The INIT chunk must be the only chunk. */ |
4980 | 0 | if ((num_chunks > 1) || |
4981 | 0 | (length - *offset > (int)SCTP_SIZE32(chk_length))) { |
4982 | | /* |
4983 | | * RFC 4960bis requires stopping the |
4984 | | * processing of the packet. |
4985 | | */ |
4986 | 0 | *offset = length; |
4987 | 0 | return (stcb); |
4988 | 0 | } |
4989 | | /* Honor our resource limit. */ |
4990 | 0 | if (chk_length > SCTP_LARGEST_INIT_ACCEPTED) { |
4991 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
4992 | 0 | sctp_send_abort(m, iphlen, src, dst, sh, 0, op_err, |
4993 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
4994 | | mflowtype, mflowid, inp->fibnum, |
4995 | | #endif |
4996 | 0 | vrf_id, port); |
4997 | 0 | *offset = length; |
4998 | 0 | if (stcb != NULL) { |
4999 | 0 | SCTP_TCB_UNLOCK(stcb); |
5000 | 0 | } |
5001 | 0 | return (NULL); |
5002 | 0 | } |
5003 | 0 | sctp_handle_init(m, iphlen, *offset, src, dst, sh, |
5004 | 0 | (struct sctp_init_chunk *)ch, inp, |
5005 | 0 | stcb, *netp, |
5006 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5007 | | mflowtype, mflowid, |
5008 | | #endif |
5009 | 0 | vrf_id, port); |
5010 | 0 | *offset = length; |
5011 | 0 | if (stcb != NULL) { |
5012 | 0 | SCTP_TCB_UNLOCK(stcb); |
5013 | 0 | } |
5014 | 0 | return (NULL); |
5015 | 0 | break; |
5016 | 0 | case SCTP_PAD_CHUNK: |
5017 | 0 | break; |
5018 | 1.59k | case SCTP_INITIATION_ACK: |
5019 | 1.59k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_INIT_ACK\n"); |
5020 | 1.59k | if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { |
5021 | | /* We are not interested anymore */ |
5022 | 0 | if ((stcb != NULL) && (stcb->asoc.total_output_queue_size)) { |
5023 | 0 | ; |
5024 | 0 | } else { |
5025 | 0 | *offset = length; |
5026 | 0 | if (stcb != NULL) { |
5027 | | #if defined(__APPLE__) && !defined(__Userspace__) |
5028 | | so = SCTP_INP_SO(inp); |
5029 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
5030 | | SCTP_TCB_UNLOCK(stcb); |
5031 | | SCTP_SOCKET_LOCK(so, 1); |
5032 | | SCTP_TCB_LOCK(stcb); |
5033 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
5034 | | #endif |
5035 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
5036 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_29); |
5037 | | #if defined(__APPLE__) && !defined(__Userspace__) |
5038 | | SCTP_SOCKET_UNLOCK(so, 1); |
5039 | | #endif |
5040 | 0 | } |
5041 | 0 | return (NULL); |
5042 | 0 | } |
5043 | 0 | } |
5044 | | /* The INIT-ACK chunk must be the only chunk. */ |
5045 | 1.59k | if ((num_chunks > 1) || |
5046 | 1.59k | (length - *offset > (int)SCTP_SIZE32(chk_length))) { |
5047 | 0 | *offset = length; |
5048 | 0 | return (stcb); |
5049 | 0 | } |
5050 | 1.59k | if ((netp != NULL) && (*netp != NULL)) { |
5051 | 1.59k | ret = sctp_handle_init_ack(m, iphlen, *offset, |
5052 | 1.59k | src, dst, sh, |
5053 | 1.59k | (struct sctp_init_ack_chunk *)ch, |
5054 | 1.59k | stcb, *netp, |
5055 | 1.59k | &abort_no_unlock, |
5056 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5057 | | mflowtype, mflowid, |
5058 | | #endif |
5059 | 1.59k | vrf_id); |
5060 | 1.59k | } else { |
5061 | 0 | ret = -1; |
5062 | 0 | } |
5063 | 1.59k | *offset = length; |
5064 | 1.59k | if (abort_no_unlock) { |
5065 | 0 | return (NULL); |
5066 | 0 | } |
5067 | | /* |
5068 | | * Special case, I must call the output routine to |
5069 | | * get the cookie echoed |
5070 | | */ |
5071 | 1.59k | if ((stcb != NULL) && (ret == 0)) { |
5072 | 1.59k | sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED); |
5073 | 1.59k | } |
5074 | 1.59k | return (stcb); |
5075 | 0 | break; |
5076 | 0 | case SCTP_SELECTIVE_ACK: |
5077 | 0 | case SCTP_NR_SELECTIVE_ACK: |
5078 | 0 | { |
5079 | 0 | int abort_now = 0; |
5080 | 0 | uint32_t a_rwnd, cum_ack; |
5081 | 0 | uint16_t num_seg, num_nr_seg, num_dup; |
5082 | 0 | uint8_t flags; |
5083 | 0 | int offset_seg, offset_dup; |
5084 | |
|
5085 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "%s\n", |
5086 | 0 | ch->chunk_type == SCTP_SELECTIVE_ACK ? "SCTP_SACK" : "SCTP_NR_SACK"); |
5087 | 0 | SCTP_STAT_INCR(sctps_recvsacks); |
5088 | 0 | if (stcb == NULL) { |
5089 | 0 | SCTPDBG(SCTP_DEBUG_INDATA1, "No stcb when processing %s chunk\n", |
5090 | 0 | (ch->chunk_type == SCTP_SELECTIVE_ACK) ? "SCTP_SACK" : "SCTP_NR_SACK"); |
5091 | 0 | break; |
5092 | 0 | } |
5093 | 0 | if (ch->chunk_type == SCTP_SELECTIVE_ACK) { |
5094 | 0 | if (chk_length < sizeof(struct sctp_sack_chunk)) { |
5095 | 0 | SCTPDBG(SCTP_DEBUG_INDATA1, "Bad size on SACK chunk, too small\n"); |
5096 | 0 | break; |
5097 | 0 | } |
5098 | 0 | } else { |
5099 | 0 | if (stcb->asoc.nrsack_supported == 0) { |
5100 | 0 | goto unknown_chunk; |
5101 | 0 | } |
5102 | 0 | if (chk_length < sizeof(struct sctp_nr_sack_chunk)) { |
5103 | 0 | SCTPDBG(SCTP_DEBUG_INDATA1, "Bad size on NR_SACK chunk, too small\n"); |
5104 | 0 | break; |
5105 | 0 | } |
5106 | 0 | } |
5107 | 0 | if (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) { |
5108 | | /*- |
5109 | | * If we have sent a shutdown-ack, we will pay no |
5110 | | * attention to a sack sent in to us since |
5111 | | * we don't care anymore. |
5112 | | */ |
5113 | 0 | break; |
5114 | 0 | } |
5115 | 0 | flags = ch->chunk_flags; |
5116 | 0 | if (ch->chunk_type == SCTP_SELECTIVE_ACK) { |
5117 | 0 | struct sctp_sack_chunk *sack; |
5118 | |
|
5119 | 0 | sack = (struct sctp_sack_chunk *)ch; |
5120 | 0 | cum_ack = ntohl(sack->sack.cum_tsn_ack); |
5121 | 0 | num_seg = ntohs(sack->sack.num_gap_ack_blks); |
5122 | 0 | num_nr_seg = 0; |
5123 | 0 | num_dup = ntohs(sack->sack.num_dup_tsns); |
5124 | 0 | a_rwnd = ntohl(sack->sack.a_rwnd); |
5125 | 0 | if (sizeof(struct sctp_sack_chunk) + |
5126 | 0 | num_seg * sizeof(struct sctp_gap_ack_block) + |
5127 | 0 | num_dup * sizeof(uint32_t) != chk_length) { |
5128 | 0 | SCTPDBG(SCTP_DEBUG_INDATA1, "Bad size of SACK chunk\n"); |
5129 | 0 | break; |
5130 | 0 | } |
5131 | 0 | offset_seg = *offset + sizeof(struct sctp_sack_chunk); |
5132 | 0 | offset_dup = offset_seg + num_seg * sizeof(struct sctp_gap_ack_block); |
5133 | 0 | } else { |
5134 | 0 | struct sctp_nr_sack_chunk *nr_sack; |
5135 | |
|
5136 | 0 | nr_sack = (struct sctp_nr_sack_chunk *)ch; |
5137 | 0 | cum_ack = ntohl(nr_sack->nr_sack.cum_tsn_ack); |
5138 | 0 | num_seg = ntohs(nr_sack->nr_sack.num_gap_ack_blks); |
5139 | 0 | num_nr_seg = ntohs(nr_sack->nr_sack.num_nr_gap_ack_blks); |
5140 | 0 | num_dup = ntohs(nr_sack->nr_sack.num_dup_tsns); |
5141 | 0 | a_rwnd = ntohl(nr_sack->nr_sack.a_rwnd); |
5142 | 0 | if (sizeof(struct sctp_nr_sack_chunk) + |
5143 | 0 | (num_seg + num_nr_seg) * sizeof(struct sctp_gap_ack_block) + |
5144 | 0 | num_dup * sizeof(uint32_t) != chk_length) { |
5145 | 0 | SCTPDBG(SCTP_DEBUG_INDATA1, "Bad size of NR_SACK chunk\n"); |
5146 | 0 | break; |
5147 | 0 | } |
5148 | 0 | offset_seg = *offset + sizeof(struct sctp_nr_sack_chunk); |
5149 | 0 | offset_dup = offset_seg + (num_seg + num_nr_seg) * sizeof(struct sctp_gap_ack_block); |
5150 | 0 | } |
5151 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "%s process cum_ack:%x num_seg:%d a_rwnd:%d\n", |
5152 | 0 | (ch->chunk_type == SCTP_SELECTIVE_ACK) ? "SCTP_SACK" : "SCTP_NR_SACK", |
5153 | 0 | cum_ack, num_seg, a_rwnd); |
5154 | 0 | stcb->asoc.seen_a_sack_this_pkt = 1; |
5155 | 0 | if ((stcb->asoc.pr_sctp_cnt == 0) && |
5156 | 0 | (num_seg == 0) && (num_nr_seg == 0) && |
5157 | 0 | SCTP_TSN_GE(cum_ack, stcb->asoc.last_acked_seq) && |
5158 | 0 | (stcb->asoc.saw_sack_with_frags == 0) && |
5159 | 0 | (stcb->asoc.saw_sack_with_nr_frags == 0) && |
5160 | 0 | (!TAILQ_EMPTY(&stcb->asoc.sent_queue))) { |
5161 | | /* |
5162 | | * We have a SIMPLE sack having no |
5163 | | * prior segments and data on sent |
5164 | | * queue to be acked. Use the |
5165 | | * faster path sack processing. We |
5166 | | * also allow window update sacks |
5167 | | * with no missing segments to go |
5168 | | * this way too. |
5169 | | */ |
5170 | 0 | sctp_express_handle_sack(stcb, cum_ack, a_rwnd, |
5171 | 0 | &abort_now, ecne_seen); |
5172 | 0 | } else { |
5173 | 0 | if ((netp != NULL) && (*netp != NULL)) { |
5174 | 0 | sctp_handle_sack(m, offset_seg, offset_dup, stcb, |
5175 | 0 | num_seg, num_nr_seg, num_dup, &abort_now, flags, |
5176 | 0 | cum_ack, a_rwnd, ecne_seen); |
5177 | 0 | } |
5178 | 0 | } |
5179 | 0 | if (abort_now) { |
5180 | | /* ABORT signal from sack processing */ |
5181 | 0 | *offset = length; |
5182 | 0 | return (NULL); |
5183 | 0 | } |
5184 | 0 | if (TAILQ_EMPTY(&stcb->asoc.send_queue) && |
5185 | 0 | TAILQ_EMPTY(&stcb->asoc.sent_queue) && |
5186 | 0 | (stcb->asoc.stream_queue_cnt == 0)) { |
5187 | 0 | sctp_ulp_notify(SCTP_NOTIFY_SENDER_DRY, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
5188 | 0 | } |
5189 | 0 | break; |
5190 | 0 | } |
5191 | 0 | case SCTP_HEARTBEAT_REQUEST: |
5192 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_HEARTBEAT\n"); |
5193 | 0 | if ((stcb != NULL) && (netp != NULL) && (*netp != NULL)) { |
5194 | 0 | SCTP_STAT_INCR(sctps_recvheartbeat); |
5195 | 0 | sctp_send_heartbeat_ack(stcb, m, *offset, |
5196 | 0 | chk_length, *netp); |
5197 | 0 | } |
5198 | 0 | break; |
5199 | 0 | case SCTP_HEARTBEAT_ACK: |
5200 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_HEARTBEAT_ACK\n"); |
5201 | 0 | if ((stcb == NULL) || (chk_length != sizeof(struct sctp_heartbeat_chunk))) { |
5202 | | /* Its not ours */ |
5203 | 0 | break; |
5204 | 0 | } |
5205 | 0 | SCTP_STAT_INCR(sctps_recvheartbeatack); |
5206 | 0 | if ((netp != NULL) && (*netp != NULL)) { |
5207 | 0 | sctp_handle_heartbeat_ack((struct sctp_heartbeat_chunk *)ch, |
5208 | 0 | stcb, *netp); |
5209 | 0 | } |
5210 | 0 | break; |
5211 | 0 | case SCTP_ABORT_ASSOCIATION: |
5212 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ABORT, stcb %p\n", |
5213 | 0 | (void *)stcb); |
5214 | 0 | *offset = length; |
5215 | 0 | if ((stcb != NULL) && (netp != NULL) && (*netp != NULL)) { |
5216 | 0 | if (sctp_handle_abort((struct sctp_abort_chunk *)ch, stcb, *netp)) { |
5217 | 0 | return (NULL); |
5218 | 0 | } else { |
5219 | 0 | return (stcb); |
5220 | 0 | } |
5221 | 0 | } else { |
5222 | 0 | return (NULL); |
5223 | 0 | } |
5224 | 0 | break; |
5225 | 0 | case SCTP_SHUTDOWN: |
5226 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN, stcb %p\n", |
5227 | 0 | (void *)stcb); |
5228 | 0 | if ((stcb == NULL) || (chk_length != sizeof(struct sctp_shutdown_chunk))) { |
5229 | 0 | break; |
5230 | 0 | } |
5231 | 0 | if ((netp != NULL) && (*netp != NULL)) { |
5232 | 0 | abort_flag = 0; |
5233 | 0 | sctp_handle_shutdown((struct sctp_shutdown_chunk *)ch, |
5234 | 0 | stcb, *netp, &abort_flag); |
5235 | 0 | if (abort_flag) { |
5236 | 0 | *offset = length; |
5237 | 0 | return (NULL); |
5238 | 0 | } |
5239 | 0 | } |
5240 | 0 | break; |
5241 | 0 | case SCTP_SHUTDOWN_ACK: |
5242 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN_ACK, stcb %p\n", (void *)stcb); |
5243 | 0 | if ((chk_length == sizeof(struct sctp_shutdown_ack_chunk)) && |
5244 | 0 | (stcb != NULL) && (netp != NULL) && (*netp != NULL)) { |
5245 | 0 | sctp_handle_shutdown_ack((struct sctp_shutdown_ack_chunk *)ch, stcb, *netp); |
5246 | 0 | *offset = length; |
5247 | 0 | return (NULL); |
5248 | 0 | } |
5249 | 0 | break; |
5250 | 0 | case SCTP_OPERATION_ERROR: |
5251 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_OP_ERR\n"); |
5252 | 0 | if ((stcb != NULL) && (netp != NULL) && (*netp != NULL) && |
5253 | 0 | sctp_handle_error(ch, stcb, *netp, contiguous) < 0) { |
5254 | 0 | *offset = length; |
5255 | 0 | return (NULL); |
5256 | 0 | } |
5257 | 0 | break; |
5258 | 20.9k | case SCTP_COOKIE_ECHO: |
5259 | 20.9k | SCTPDBG(SCTP_DEBUG_INPUT3, |
5260 | 20.9k | "SCTP_COOKIE_ECHO, stcb %p\n", (void *)stcb); |
5261 | 20.9k | if ((stcb != NULL) && (stcb->asoc.total_output_queue_size > 0)) { |
5262 | 20.9k | ; |
5263 | 20.9k | } else { |
5264 | 0 | if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { |
5265 | | /* We are not interested anymore */ |
5266 | 0 | abend: |
5267 | 0 | if (stcb != NULL) { |
5268 | 0 | SCTP_TCB_UNLOCK(stcb); |
5269 | 0 | } |
5270 | 0 | *offset = length; |
5271 | 0 | return (NULL); |
5272 | 0 | } |
5273 | 0 | } |
5274 | | /*- |
5275 | | * First are we accepting? We do this again here |
5276 | | * since it is possible that a previous endpoint WAS |
5277 | | * listening responded to a INIT-ACK and then |
5278 | | * closed. We opened and bound.. and are now no |
5279 | | * longer listening. |
5280 | | * |
5281 | | * XXXGL: notes on checking listen queue length. |
5282 | | * 1) SCTP_IS_LISTENING() doesn't necessarily mean |
5283 | | * SOLISTENING(), because a listening "UDP type" |
5284 | | * socket isn't listening in terms of the socket |
5285 | | * layer. It is a normal data flow socket, that |
5286 | | * can fork off new connections. Thus, we should |
5287 | | * look into sol_qlen only in case we are !UDP. |
5288 | | * 2) Checking sol_qlen in general requires locking |
5289 | | * the socket, and this code lacks that. |
5290 | | */ |
5291 | 20.9k | if ((stcb == NULL) && |
5292 | 0 | (!SCTP_IS_LISTENING(inp) || |
5293 | 0 | (((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) == 0) && |
5294 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5295 | | inp->sctp_socket->sol_qlen >= inp->sctp_socket->sol_qlimit))) { |
5296 | | #else |
5297 | 0 | inp->sctp_socket->so_qlen >= inp->sctp_socket->so_qlimit))) { |
5298 | 0 | #endif |
5299 | 0 | if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && |
5300 | 0 | (SCTP_BASE_SYSCTL(sctp_abort_if_one_2_one_hits_limit))) { |
5301 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
5302 | 0 | sctp_abort_association(inp, stcb, m, iphlen, |
5303 | 0 | src, dst, sh, op_err, |
5304 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5305 | | mflowtype, mflowid, |
5306 | | #endif |
5307 | 0 | vrf_id, port); |
5308 | 0 | } |
5309 | 0 | *offset = length; |
5310 | 0 | return (NULL); |
5311 | 20.9k | } else { |
5312 | 20.9k | struct mbuf *ret_buf; |
5313 | 20.9k | struct sctp_inpcb *linp; |
5314 | 20.9k | struct sctp_tmit_chunk *chk; |
5315 | | |
5316 | 20.9k | if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | |
5317 | 20.9k | SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { |
5318 | 0 | goto abend; |
5319 | 0 | } |
5320 | | |
5321 | 20.9k | if (stcb) { |
5322 | 20.9k | linp = NULL; |
5323 | 20.9k | } else { |
5324 | 0 | linp = inp; |
5325 | 0 | } |
5326 | | |
5327 | 20.9k | if (linp != NULL) { |
5328 | 0 | SCTP_ASOC_CREATE_LOCK(linp); |
5329 | 0 | } |
5330 | | |
5331 | 20.9k | if (netp != NULL) { |
5332 | 20.9k | struct sctp_tcb *locked_stcb; |
5333 | | |
5334 | 20.9k | locked_stcb = stcb; |
5335 | 20.9k | ret_buf = |
5336 | 20.9k | sctp_handle_cookie_echo(m, iphlen, |
5337 | 20.9k | *offset, |
5338 | 20.9k | src, dst, |
5339 | 20.9k | sh, |
5340 | 20.9k | (struct sctp_cookie_echo_chunk *)ch, |
5341 | 20.9k | &inp, &stcb, netp, |
5342 | 20.9k | auth_skipped, |
5343 | 20.9k | auth_offset, |
5344 | 20.9k | auth_len, |
5345 | 20.9k | &locked_stcb, |
5346 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5347 | | mflowtype, |
5348 | | mflowid, |
5349 | | #endif |
5350 | 20.9k | vrf_id, |
5351 | 20.9k | port); |
5352 | 20.9k | if ((locked_stcb != NULL) && (locked_stcb != stcb)) { |
5353 | 0 | SCTP_TCB_UNLOCK(locked_stcb); |
5354 | 0 | } |
5355 | 20.9k | if (stcb != NULL) { |
5356 | 20.9k | SCTP_TCB_LOCK_ASSERT(stcb); |
5357 | 20.9k | } |
5358 | 20.9k | } else { |
5359 | 0 | ret_buf = NULL; |
5360 | 0 | } |
5361 | 20.9k | if (linp != NULL) { |
5362 | 0 | SCTP_ASOC_CREATE_UNLOCK(linp); |
5363 | 0 | } |
5364 | 20.9k | if (ret_buf == NULL) { |
5365 | 20.9k | if (stcb != NULL) { |
5366 | 20.9k | SCTP_TCB_UNLOCK(stcb); |
5367 | 20.9k | } |
5368 | 20.9k | SCTPDBG(SCTP_DEBUG_INPUT3, |
5369 | 20.9k | "GAK, null buffer\n"); |
5370 | 20.9k | *offset = length; |
5371 | 20.9k | return (NULL); |
5372 | 20.9k | } |
5373 | | /* if AUTH skipped, see if it verified... */ |
5374 | 0 | if (auth_skipped) { |
5375 | 0 | got_auth = 1; |
5376 | 0 | auth_skipped = 0; |
5377 | 0 | } |
5378 | | /* Restart the timer if we have pending data */ |
5379 | 0 | TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { |
5380 | 0 | if (chk->whoTo != NULL) { |
5381 | 0 | break; |
5382 | 0 | } |
5383 | 0 | } |
5384 | 0 | if (chk != NULL) { |
5385 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, chk->whoTo); |
5386 | 0 | } |
5387 | 0 | } |
5388 | 0 | break; |
5389 | 1.59k | case SCTP_COOKIE_ACK: |
5390 | 1.59k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_COOKIE_ACK, stcb %p\n", (void *)stcb); |
5391 | 1.59k | if ((stcb == NULL) || chk_length != sizeof(struct sctp_cookie_ack_chunk)) { |
5392 | 0 | break; |
5393 | 0 | } |
5394 | 1.59k | if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { |
5395 | | /* We are not interested anymore */ |
5396 | 0 | if ((stcb) && (stcb->asoc.total_output_queue_size)) { |
5397 | 0 | ; |
5398 | 0 | } else if (stcb) { |
5399 | | #if defined(__APPLE__) && !defined(__Userspace__) |
5400 | | so = SCTP_INP_SO(inp); |
5401 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
5402 | | SCTP_TCB_UNLOCK(stcb); |
5403 | | SCTP_SOCKET_LOCK(so, 1); |
5404 | | SCTP_TCB_LOCK(stcb); |
5405 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
5406 | | #endif |
5407 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
5408 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_30); |
5409 | | #if defined(__APPLE__) && !defined(__Userspace__) |
5410 | | SCTP_SOCKET_UNLOCK(so, 1); |
5411 | | #endif |
5412 | 0 | *offset = length; |
5413 | 0 | return (NULL); |
5414 | 0 | } |
5415 | 0 | } |
5416 | 1.59k | if ((netp != NULL) && (*netp != NULL)) { |
5417 | 1.59k | sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, *netp); |
5418 | 1.59k | } |
5419 | 1.59k | break; |
5420 | 0 | case SCTP_ECN_ECHO: |
5421 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ECN_ECHO\n"); |
5422 | 0 | if (stcb == NULL) { |
5423 | 0 | break; |
5424 | 0 | } |
5425 | 0 | if (stcb->asoc.ecn_supported == 0) { |
5426 | 0 | goto unknown_chunk; |
5427 | 0 | } |
5428 | 0 | if ((chk_length != sizeof(struct sctp_ecne_chunk)) && |
5429 | 0 | (chk_length != sizeof(struct old_sctp_ecne_chunk))) { |
5430 | 0 | break; |
5431 | 0 | } |
5432 | 0 | sctp_handle_ecn_echo((struct sctp_ecne_chunk *)ch, stcb); |
5433 | 0 | ecne_seen = 1; |
5434 | 0 | break; |
5435 | 0 | case SCTP_ECN_CWR: |
5436 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ECN_CWR\n"); |
5437 | 0 | if (stcb == NULL) { |
5438 | 0 | break; |
5439 | 0 | } |
5440 | 0 | if (stcb->asoc.ecn_supported == 0) { |
5441 | 0 | goto unknown_chunk; |
5442 | 0 | } |
5443 | 0 | if (chk_length != sizeof(struct sctp_cwr_chunk)) { |
5444 | 0 | break; |
5445 | 0 | } |
5446 | 0 | sctp_handle_ecn_cwr((struct sctp_cwr_chunk *)ch, stcb, *netp); |
5447 | 0 | break; |
5448 | 0 | case SCTP_SHUTDOWN_COMPLETE: |
5449 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN_COMPLETE, stcb %p\n", (void *)stcb); |
5450 | | /* must be first and only chunk */ |
5451 | 0 | if ((num_chunks > 1) || |
5452 | 0 | (length - *offset > (int)SCTP_SIZE32(chk_length))) { |
5453 | 0 | *offset = length; |
5454 | 0 | return (stcb); |
5455 | 0 | } |
5456 | 0 | if ((chk_length == sizeof(struct sctp_shutdown_complete_chunk)) && |
5457 | 0 | (stcb != NULL) && (netp != NULL) && (*netp != NULL)) { |
5458 | 0 | sctp_handle_shutdown_complete((struct sctp_shutdown_complete_chunk *)ch, |
5459 | 0 | stcb, *netp); |
5460 | 0 | *offset = length; |
5461 | 0 | return (NULL); |
5462 | 0 | } |
5463 | 0 | break; |
5464 | 0 | case SCTP_ASCONF: |
5465 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ASCONF\n"); |
5466 | 0 | if (stcb != NULL) { |
5467 | 0 | if (stcb->asoc.asconf_supported == 0) { |
5468 | 0 | goto unknown_chunk; |
5469 | 0 | } |
5470 | 0 | sctp_handle_asconf(m, *offset, src, |
5471 | 0 | (struct sctp_asconf_chunk *)ch, stcb, asconf_cnt == 0); |
5472 | 0 | asconf_cnt++; |
5473 | 0 | } |
5474 | 0 | break; |
5475 | 0 | case SCTP_ASCONF_ACK: |
5476 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ASCONF_ACK\n"); |
5477 | 0 | if (stcb == NULL) { |
5478 | 0 | break; |
5479 | 0 | } |
5480 | 0 | if (stcb->asoc.asconf_supported == 0) { |
5481 | 0 | goto unknown_chunk; |
5482 | 0 | } |
5483 | 0 | if (chk_length < sizeof(struct sctp_asconf_ack_chunk)) { |
5484 | 0 | break; |
5485 | 0 | } |
5486 | 0 | if ((netp != NULL) && (*netp != NULL)) { |
5487 | | /* He's alive so give him credit */ |
5488 | 0 | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) { |
5489 | 0 | sctp_misc_ints(SCTP_THRESHOLD_CLEAR, |
5490 | 0 | stcb->asoc.overall_error_count, |
5491 | 0 | 0, |
5492 | 0 | SCTP_FROM_SCTP_INPUT, |
5493 | 0 | __LINE__); |
5494 | 0 | } |
5495 | 0 | stcb->asoc.overall_error_count = 0; |
5496 | 0 | sctp_handle_asconf_ack(m, *offset, |
5497 | 0 | (struct sctp_asconf_ack_chunk *)ch, stcb, *netp, &abort_no_unlock); |
5498 | 0 | if (abort_no_unlock) |
5499 | 0 | return (NULL); |
5500 | 0 | } |
5501 | 0 | break; |
5502 | 0 | case SCTP_FORWARD_CUM_TSN: |
5503 | 0 | case SCTP_IFORWARD_CUM_TSN: |
5504 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "%s\n", |
5505 | 0 | ch->chunk_type == SCTP_FORWARD_CUM_TSN ? "FORWARD_TSN" : "I_FORWARD_TSN"); |
5506 | 0 | if (stcb == NULL) { |
5507 | 0 | break; |
5508 | 0 | } |
5509 | 0 | if (stcb->asoc.prsctp_supported == 0) { |
5510 | 0 | goto unknown_chunk; |
5511 | 0 | } |
5512 | 0 | if (chk_length < sizeof(struct sctp_forward_tsn_chunk)) { |
5513 | 0 | break; |
5514 | 0 | } |
5515 | 0 | if (((stcb->asoc.idata_supported == 1) && (ch->chunk_type == SCTP_FORWARD_CUM_TSN)) || |
5516 | 0 | ((stcb->asoc.idata_supported == 0) && (ch->chunk_type == SCTP_IFORWARD_CUM_TSN))) { |
5517 | 0 | if (ch->chunk_type == SCTP_FORWARD_CUM_TSN) { |
5518 | 0 | SCTP_SNPRINTF(msg, sizeof(msg), "%s", "FORWARD-TSN chunk received when I-FORWARD-TSN was negotiated"); |
5519 | 0 | } else { |
5520 | 0 | SCTP_SNPRINTF(msg, sizeof(msg), "%s", "I-FORWARD-TSN chunk received when FORWARD-TSN was negotiated"); |
5521 | 0 | } |
5522 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); |
5523 | 0 | sctp_abort_an_association(inp, stcb, op_err, false, SCTP_SO_NOT_LOCKED); |
5524 | 0 | *offset = length; |
5525 | 0 | return (NULL); |
5526 | 0 | } |
5527 | 0 | *fwd_tsn_seen = 1; |
5528 | 0 | if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { |
5529 | | /* We are not interested anymore */ |
5530 | | #if defined(__APPLE__) && !defined(__Userspace__) |
5531 | | so = SCTP_INP_SO(inp); |
5532 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
5533 | | SCTP_TCB_UNLOCK(stcb); |
5534 | | SCTP_SOCKET_LOCK(so, 1); |
5535 | | SCTP_TCB_LOCK(stcb); |
5536 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
5537 | | #endif |
5538 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
5539 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_31); |
5540 | | #if defined(__APPLE__) && !defined(__Userspace__) |
5541 | | SCTP_SOCKET_UNLOCK(so, 1); |
5542 | | #endif |
5543 | 0 | *offset = length; |
5544 | 0 | return (NULL); |
5545 | 0 | } |
5546 | | /* |
5547 | | * For sending a SACK this looks like DATA |
5548 | | * chunks. |
5549 | | */ |
5550 | 0 | stcb->asoc.last_data_chunk_from = stcb->asoc.last_control_chunk_from; |
5551 | 0 | abort_flag = 0; |
5552 | 0 | sctp_handle_forward_tsn(stcb, |
5553 | 0 | (struct sctp_forward_tsn_chunk *)ch, &abort_flag, m, *offset); |
5554 | 0 | if (abort_flag) { |
5555 | 0 | *offset = length; |
5556 | 0 | return (NULL); |
5557 | 0 | } |
5558 | 0 | break; |
5559 | 0 | case SCTP_STREAM_RESET: |
5560 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_STREAM_RESET\n"); |
5561 | 0 | if (stcb == NULL) { |
5562 | 0 | break; |
5563 | 0 | } |
5564 | 0 | if (stcb->asoc.reconfig_supported == 0) { |
5565 | 0 | goto unknown_chunk; |
5566 | 0 | } |
5567 | 0 | if (chk_length < sizeof(struct sctp_stream_reset_tsn_req)) { |
5568 | 0 | break; |
5569 | 0 | } |
5570 | 0 | if (sctp_handle_stream_reset(stcb, m, *offset, ch)) { |
5571 | | /* stop processing */ |
5572 | 0 | *offset = length; |
5573 | 0 | return (NULL); |
5574 | 0 | } |
5575 | 0 | break; |
5576 | 0 | case SCTP_PACKET_DROPPED: |
5577 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_PACKET_DROPPED\n"); |
5578 | 0 | if (stcb == NULL) { |
5579 | 0 | break; |
5580 | 0 | } |
5581 | 0 | if (stcb->asoc.pktdrop_supported == 0) { |
5582 | 0 | goto unknown_chunk; |
5583 | 0 | } |
5584 | 0 | if (chk_length < sizeof(struct sctp_pktdrop_chunk)) { |
5585 | 0 | break; |
5586 | 0 | } |
5587 | 0 | if ((netp != NULL) && (*netp != NULL)) { |
5588 | 0 | sctp_handle_packet_dropped((struct sctp_pktdrop_chunk *)ch, |
5589 | 0 | stcb, *netp, |
5590 | 0 | min(chk_length, contiguous)); |
5591 | 0 | } |
5592 | 0 | break; |
5593 | 0 | case SCTP_AUTHENTICATION: |
5594 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_AUTHENTICATION\n"); |
5595 | 0 | if (stcb == NULL) { |
5596 | | /* save the first AUTH for later processing */ |
5597 | 0 | if (auth_skipped == 0) { |
5598 | 0 | auth_offset = *offset; |
5599 | 0 | auth_len = chk_length; |
5600 | 0 | auth_skipped = 1; |
5601 | 0 | } |
5602 | | /* skip this chunk (temporarily) */ |
5603 | 0 | break; |
5604 | 0 | } |
5605 | 0 | if (stcb->asoc.auth_supported == 0) { |
5606 | 0 | goto unknown_chunk; |
5607 | 0 | } |
5608 | 0 | if ((chk_length < (sizeof(struct sctp_auth_chunk))) || |
5609 | 0 | (chk_length > (sizeof(struct sctp_auth_chunk) + |
5610 | 0 | SCTP_AUTH_DIGEST_LEN_MAX))) { |
5611 | | /* Its not ours */ |
5612 | 0 | *offset = length; |
5613 | 0 | return (stcb); |
5614 | 0 | } |
5615 | 0 | if (got_auth == 1) { |
5616 | | /* skip this chunk... it's already auth'd */ |
5617 | 0 | break; |
5618 | 0 | } |
5619 | 0 | got_auth = 1; |
5620 | 0 | if (sctp_handle_auth(stcb, (struct sctp_auth_chunk *)ch, m, *offset)) { |
5621 | | /* auth HMAC failed so dump the packet */ |
5622 | 0 | *offset = length; |
5623 | 0 | return (stcb); |
5624 | 0 | } else { |
5625 | | /* remaining chunks are HMAC checked */ |
5626 | 0 | stcb->asoc.authenticated = 1; |
5627 | 0 | } |
5628 | 0 | break; |
5629 | | |
5630 | 0 | default: |
5631 | 0 | unknown_chunk: |
5632 | | /* it's an unknown chunk! */ |
5633 | 0 | if ((ch->chunk_type & 0x40) && |
5634 | 0 | (stcb != NULL) && |
5635 | 0 | (SCTP_GET_STATE(stcb) != SCTP_STATE_EMPTY) && |
5636 | 0 | (SCTP_GET_STATE(stcb) != SCTP_STATE_INUSE) && |
5637 | 0 | (SCTP_GET_STATE(stcb) != SCTP_STATE_COOKIE_WAIT)) { |
5638 | 0 | struct sctp_gen_error_cause *cause; |
5639 | 0 | int len; |
5640 | |
|
5641 | 0 | op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_gen_error_cause), |
5642 | 0 | 0, M_NOWAIT, 1, MT_DATA); |
5643 | 0 | if (op_err != NULL) { |
5644 | 0 | len = min(SCTP_SIZE32(chk_length), (uint32_t)(length - *offset)); |
5645 | 0 | cause = mtod(op_err, struct sctp_gen_error_cause *); |
5646 | 0 | cause->code = htons(SCTP_CAUSE_UNRECOG_CHUNK); |
5647 | 0 | cause->length = htons((uint16_t)(len + sizeof(struct sctp_gen_error_cause))); |
5648 | 0 | SCTP_BUF_LEN(op_err) = sizeof(struct sctp_gen_error_cause); |
5649 | 0 | SCTP_BUF_NEXT(op_err) = SCTP_M_COPYM(m, *offset, len, M_NOWAIT); |
5650 | 0 | if (SCTP_BUF_NEXT(op_err) != NULL) { |
5651 | | #ifdef SCTP_MBUF_LOGGING |
5652 | | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { |
5653 | | sctp_log_mbc(SCTP_BUF_NEXT(op_err), SCTP_MBUF_ICOPY); |
5654 | | } |
5655 | | #endif |
5656 | 0 | sctp_queue_op_err(stcb, op_err); |
5657 | 0 | } else { |
5658 | 0 | sctp_m_freem(op_err); |
5659 | 0 | } |
5660 | 0 | } |
5661 | 0 | } |
5662 | 0 | if ((ch->chunk_type & 0x80) == 0) { |
5663 | | /* discard this packet */ |
5664 | 0 | *offset = length; |
5665 | 0 | return (stcb); |
5666 | 0 | } /* else skip this bad chunk and continue... */ |
5667 | 0 | break; |
5668 | 24.1k | } /* switch (ch->chunk_type) */ |
5669 | | |
5670 | 1.59k | next_chunk: |
5671 | | /* get the next chunk */ |
5672 | 1.59k | *offset += SCTP_SIZE32(chk_length); |
5673 | 1.59k | if (*offset >= length) { |
5674 | | /* no more data left in the mbuf chain */ |
5675 | 1.59k | break; |
5676 | 1.59k | } |
5677 | 0 | ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset, |
5678 | 0 | sizeof(struct sctp_chunkhdr), chunk_buf); |
5679 | 0 | if (ch == NULL) { |
5680 | 0 | *offset = length; |
5681 | 0 | return (stcb); |
5682 | 0 | } |
5683 | 0 | } /* while */ |
5684 | | |
5685 | 1.59k | if ((asconf_cnt > 0) && (stcb != NULL)) { |
5686 | 0 | sctp_send_asconf_ack(stcb); |
5687 | 0 | } |
5688 | 1.59k | return (stcb); |
5689 | 24.3k | } |
5690 | | |
5691 | | /* |
5692 | | * common input chunk processing (v4 and v6) |
5693 | | */ |
5694 | | void |
5695 | | sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int length, |
5696 | | struct sockaddr *src, struct sockaddr *dst, |
5697 | | struct sctphdr *sh, struct sctp_chunkhdr *ch, |
5698 | | uint8_t compute_crc, |
5699 | | uint8_t ecn_bits, |
5700 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5701 | | uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum, |
5702 | | #endif |
5703 | | uint32_t vrf_id, uint16_t port) |
5704 | 286k | { |
5705 | 286k | char msg[SCTP_DIAG_INFO_LEN]; |
5706 | 286k | struct mbuf *m = *mm, *op_err; |
5707 | 286k | struct sctp_inpcb *inp = NULL, *inp_decr = NULL; |
5708 | 286k | struct sctp_tcb *stcb = NULL; |
5709 | 286k | struct sctp_nets *net = NULL; |
5710 | 286k | #if defined(__Userspace__) |
5711 | 286k | struct socket *upcall_socket = NULL; |
5712 | 286k | #endif |
5713 | 286k | uint32_t high_tsn; |
5714 | 286k | uint32_t cksum_in_hdr; |
5715 | 286k | int un_sent; |
5716 | 286k | int cnt_ctrl_ready = 0; |
5717 | 286k | int fwd_tsn_seen = 0, data_processed = 0; |
5718 | 286k | bool cksum_validated, stcb_looked_up; |
5719 | | |
5720 | 286k | SCTP_STAT_INCR(sctps_recvdatagrams); |
5721 | | #ifdef SCTP_AUDITING_ENABLED |
5722 | | sctp_audit_log(0xE0, 1); |
5723 | | sctp_auditing(0, inp, stcb, net); |
5724 | | #endif |
5725 | | |
5726 | 286k | stcb_looked_up = false; |
5727 | 286k | if (compute_crc != 0) { |
5728 | 0 | cksum_validated = false; |
5729 | 0 | cksum_in_hdr = sh->checksum; |
5730 | 0 | if (cksum_in_hdr != htonl(0)) { |
5731 | 0 | uint32_t cksum_calculated; |
5732 | |
|
5733 | 0 | validate_cksum: |
5734 | 0 | sh->checksum = 0; |
5735 | 0 | cksum_calculated = sctp_calculate_cksum(m, iphlen); |
5736 | 0 | sh->checksum = cksum_in_hdr; |
5737 | 0 | if (cksum_calculated != cksum_in_hdr) { |
5738 | 0 | if (stcb_looked_up) { |
5739 | | /* |
5740 | | * The packet has a zero checksum, which |
5741 | | * is not the correct CRC, no stcb has |
5742 | | * been found or an stcb has been found |
5743 | | * but an incorrect zero checksum is not |
5744 | | * acceptable. |
5745 | | */ |
5746 | 0 | KASSERT(cksum_in_hdr == htonl(0), |
5747 | 0 | ("cksum in header not zero: %x", |
5748 | 0 | ntohl(cksum_in_hdr))); |
5749 | 0 | if ((inp == NULL) && |
5750 | 0 | (SCTP_BASE_SYSCTL(sctp_ootb_with_zero_cksum) == 1)) { |
5751 | | /* |
5752 | | * This is an OOTB packet, |
5753 | | * depending on the sysctl |
5754 | | * variable, pretend that the |
5755 | | * checksum is acceptable, |
5756 | | * to allow an appropriate |
5757 | | * response (ABORT, for examlpe) |
5758 | | * to be sent. |
5759 | | */ |
5760 | 0 | KASSERT(stcb == NULL, |
5761 | 0 | ("stcb is %p", stcb)); |
5762 | 0 | SCTP_STAT_INCR(sctps_recvzerocrc); |
5763 | 0 | goto cksum_validated; |
5764 | 0 | } |
5765 | 0 | } else { |
5766 | 0 | stcb = sctp_findassociation_addr(m, offset, src, dst, |
5767 | 0 | sh, ch, &inp, &net, vrf_id); |
5768 | 0 | } |
5769 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "Bad cksum in SCTP packet:%x calculated:%x m:%p mlen:%d iphlen:%d\n", |
5770 | 0 | ntohl(cksum_in_hdr), ntohl(cksum_calculated), (void *)m, length, iphlen); |
5771 | 0 | #if defined(INET) || defined(INET6) |
5772 | 0 | if ((ch->chunk_type != SCTP_INITIATION) && |
5773 | 0 | (net != NULL) && (net->port != port)) { |
5774 | 0 | if (net->port == 0) { |
5775 | | /* UDP encapsulation turned on. */ |
5776 | 0 | net->mtu -= sizeof(struct udphdr); |
5777 | 0 | if (stcb->asoc.smallest_mtu > net->mtu) { |
5778 | 0 | sctp_pathmtu_adjustment(stcb, net->mtu, true); |
5779 | 0 | } |
5780 | 0 | } else if (port == 0) { |
5781 | | /* UDP encapsulation turned off. */ |
5782 | 0 | net->mtu += sizeof(struct udphdr); |
5783 | | /* XXX Update smallest_mtu */ |
5784 | 0 | } |
5785 | 0 | net->port = port; |
5786 | 0 | } |
5787 | 0 | #endif |
5788 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5789 | | if (net != NULL) { |
5790 | | net->flowtype = mflowtype; |
5791 | | net->flowid = mflowid; |
5792 | | } |
5793 | | SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); |
5794 | | #endif |
5795 | 0 | if ((inp != NULL) && (stcb != NULL)) { |
5796 | 0 | if (stcb->asoc.pktdrop_supported) { |
5797 | 0 | sctp_send_packet_dropped(stcb, net, m, length, iphlen, 1); |
5798 | 0 | sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR, SCTP_SO_NOT_LOCKED); |
5799 | 0 | } |
5800 | 0 | } else if ((inp != NULL) && (stcb == NULL)) { |
5801 | 0 | inp_decr = inp; |
5802 | 0 | } |
5803 | 0 | SCTP_STAT_INCR(sctps_badsum); |
5804 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_checksumerrors); |
5805 | 0 | goto out; |
5806 | 0 | } else { |
5807 | 0 | cksum_validated = true; |
5808 | 0 | } |
5809 | 0 | } |
5810 | 0 | KASSERT(cksum_validated || cksum_in_hdr == htonl(0), |
5811 | 0 | ("cksum 0x%08x not zero and not validated", ntohl(cksum_in_hdr))); |
5812 | 0 | if (!cksum_validated) { |
5813 | 0 | stcb = sctp_findassociation_addr(m, offset, src, dst, |
5814 | 0 | sh, ch, &inp, &net, vrf_id); |
5815 | 0 | stcb_looked_up = true; |
5816 | 0 | if (stcb == NULL) { |
5817 | 0 | goto validate_cksum; |
5818 | 0 | } |
5819 | 0 | if (stcb->asoc.rcv_edmid == SCTP_EDMID_NONE) { |
5820 | 0 | goto validate_cksum; |
5821 | 0 | } |
5822 | 0 | KASSERT(stcb->asoc.rcv_edmid == SCTP_EDMID_LOWER_LAYER_DTLS, |
5823 | 0 | ("Unexpected EDMID %u", stcb->asoc.rcv_edmid)); |
5824 | 0 | SCTP_STAT_INCR(sctps_recvzerocrc); |
5825 | 0 | } |
5826 | 0 | } |
5827 | 286k | cksum_validated: |
5828 | | /* Destination port of 0 is illegal, based on RFC4960. */ |
5829 | 286k | if (sh->dest_port == htons(0)) { |
5830 | 0 | SCTP_STAT_INCR(sctps_hdrops); |
5831 | 0 | if ((stcb == NULL) && (inp != NULL)) { |
5832 | 0 | inp_decr = inp; |
5833 | 0 | } |
5834 | 0 | goto out; |
5835 | 0 | } |
5836 | 286k | if (!stcb_looked_up) { |
5837 | 286k | stcb = sctp_findassociation_addr(m, offset, src, dst, |
5838 | 286k | sh, ch, &inp, &net, vrf_id); |
5839 | 286k | } |
5840 | 286k | #if defined(INET) || defined(INET6) |
5841 | 286k | if ((ch->chunk_type != SCTP_INITIATION) && |
5842 | 286k | (net != NULL) && (net->port != port)) { |
5843 | 0 | if (net->port == 0) { |
5844 | | /* UDP encapsulation turned on. */ |
5845 | 0 | net->mtu -= sizeof(struct udphdr); |
5846 | 0 | if (stcb->asoc.smallest_mtu > net->mtu) { |
5847 | 0 | sctp_pathmtu_adjustment(stcb, net->mtu, true); |
5848 | 0 | } |
5849 | 0 | } else if (port == 0) { |
5850 | | /* UDP encapsulation turned off. */ |
5851 | 0 | net->mtu += sizeof(struct udphdr); |
5852 | | /* XXX Update smallest_mtu */ |
5853 | 0 | } |
5854 | 0 | net->port = port; |
5855 | 0 | } |
5856 | 286k | #endif |
5857 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5858 | | if (net != NULL) { |
5859 | | net->flowtype = mflowtype; |
5860 | | net->flowid = mflowid; |
5861 | | } |
5862 | | #endif |
5863 | 286k | if (inp == NULL) { |
5864 | 0 | SCTP_STAT_INCR(sctps_noport); |
5865 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5866 | | SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); |
5867 | | if (badport_bandlim(BANDLIM_SCTP_OOTB) < 0) { |
5868 | | goto out; |
5869 | | } |
5870 | | #endif |
5871 | 0 | if (ch->chunk_type == SCTP_SHUTDOWN_ACK) { |
5872 | 0 | SCTP_STAT_INCR_COUNTER64(sctps_incontrolchunks); |
5873 | 0 | sctp_send_shutdown_complete2(src, dst, sh, |
5874 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5875 | | mflowtype, mflowid, fibnum, |
5876 | | #endif |
5877 | 0 | vrf_id, port); |
5878 | 0 | goto out; |
5879 | 0 | } |
5880 | 0 | if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) { |
5881 | 0 | SCTP_STAT_INCR_COUNTER64(sctps_incontrolchunks); |
5882 | 0 | goto out; |
5883 | 0 | } |
5884 | 0 | if (ch->chunk_type != SCTP_ABORT_ASSOCIATION) { |
5885 | 0 | if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) || |
5886 | 0 | ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) && |
5887 | 0 | (ch->chunk_type != SCTP_INIT))) { |
5888 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
5889 | 0 | "Out of the blue"); |
5890 | 0 | sctp_send_abort(m, iphlen, src, dst, |
5891 | 0 | sh, 0, op_err, |
5892 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5893 | | mflowtype, mflowid, fibnum, |
5894 | | #endif |
5895 | 0 | vrf_id, port); |
5896 | 0 | } |
5897 | 0 | } |
5898 | 0 | goto out; |
5899 | 286k | } else if (stcb == NULL) { |
5900 | 0 | inp_decr = inp; |
5901 | 0 | } |
5902 | 286k | SCTPDBG(SCTP_DEBUG_INPUT1, "Ok, Common input processing called, m:%p iphlen:%d offset:%d length:%d stcb:%p\n", |
5903 | 286k | (void *)m, iphlen, offset, length, (void *)stcb); |
5904 | 286k | if (stcb) { |
5905 | | /* always clear this before beginning a packet */ |
5906 | 286k | stcb->asoc.authenticated = 0; |
5907 | 286k | stcb->asoc.seen_a_sack_this_pkt = 0; |
5908 | 286k | SCTPDBG(SCTP_DEBUG_INPUT1, "stcb:%p state:%x\n", |
5909 | 286k | (void *)stcb, stcb->asoc.state); |
5910 | | |
5911 | 286k | if ((stcb->asoc.state & SCTP_STATE_WAS_ABORTED) || |
5912 | 286k | (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED)) { |
5913 | | /*- |
5914 | | * If we hit here, we had a ref count |
5915 | | * up when the assoc was aborted and the |
5916 | | * timer is clearing out the assoc, we should |
5917 | | * NOT respond to any packet.. its OOTB. |
5918 | | */ |
5919 | 0 | SCTP_TCB_UNLOCK(stcb); |
5920 | 0 | stcb = NULL; |
5921 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5922 | | SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); |
5923 | | #endif |
5924 | 0 | SCTP_SNPRINTF(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); |
5925 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
5926 | 0 | msg); |
5927 | 0 | sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, |
5928 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5929 | | mflowtype, mflowid, inp->fibnum, |
5930 | | #endif |
5931 | 0 | vrf_id, port); |
5932 | 0 | goto out; |
5933 | 0 | } |
5934 | 286k | } |
5935 | 286k | #if defined(__Userspace__) |
5936 | 286k | if ((stcb != NULL) && |
5937 | 286k | ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) && |
5938 | 286k | (stcb->sctp_socket != NULL)) { |
5939 | 286k | if (stcb->sctp_socket->so_head != NULL) { |
5940 | 0 | upcall_socket = stcb->sctp_socket->so_head; |
5941 | 286k | } else { |
5942 | 286k | upcall_socket = stcb->sctp_socket; |
5943 | 286k | } |
5944 | 286k | SOCK_LOCK(upcall_socket); |
5945 | 286k | soref(upcall_socket); |
5946 | 286k | SOCK_UNLOCK(upcall_socket); |
5947 | 286k | } |
5948 | 286k | #endif |
5949 | 286k | if (IS_SCTP_CONTROL(ch)) { |
5950 | | /* process the control portion of the SCTP packet */ |
5951 | | /* sa_ignore NO_NULL_CHK */ |
5952 | 279k | stcb = sctp_process_control(m, iphlen, &offset, length, |
5953 | 279k | src, dst, sh, ch, |
5954 | 279k | inp, stcb, &net, &fwd_tsn_seen, |
5955 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5956 | | mflowtype, mflowid, fibnum, |
5957 | | #endif |
5958 | 279k | vrf_id, port); |
5959 | 279k | if (stcb) { |
5960 | | /* This covers us if the cookie-echo was there |
5961 | | * and it changes our INP. |
5962 | | */ |
5963 | 3.37k | inp = stcb->sctp_ep; |
5964 | 3.37k | #if defined(INET) || defined(INET6) |
5965 | 3.37k | if ((ch->chunk_type != SCTP_INITIATION) && |
5966 | 3.37k | (net != NULL) && (net->port != port)) { |
5967 | 0 | if (net->port == 0) { |
5968 | | /* UDP encapsulation turned on. */ |
5969 | 0 | net->mtu -= sizeof(struct udphdr); |
5970 | 0 | if (stcb->asoc.smallest_mtu > net->mtu) { |
5971 | 0 | sctp_pathmtu_adjustment(stcb, net->mtu, true); |
5972 | 0 | } |
5973 | 0 | } else if (port == 0) { |
5974 | | /* UDP encapsulation turned off. */ |
5975 | 0 | net->mtu += sizeof(struct udphdr); |
5976 | | /* XXX Update smallest_mtu */ |
5977 | 0 | } |
5978 | 0 | net->port = port; |
5979 | 0 | } |
5980 | 3.37k | #endif |
5981 | 3.37k | } |
5982 | 279k | } else { |
5983 | | /* |
5984 | | * no control chunks, so pre-process DATA chunks (these |
5985 | | * checks are taken care of by control processing) |
5986 | | */ |
5987 | | |
5988 | | /* |
5989 | | * if DATA only packet, and auth is required, then punt... |
5990 | | * can't have authenticated without any AUTH (control) |
5991 | | * chunks |
5992 | | */ |
5993 | 7.86k | if ((stcb != NULL) && |
5994 | 7.86k | sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks)) { |
5995 | | /* "silently" ignore */ |
5996 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5997 | | SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); |
5998 | | #endif |
5999 | 0 | SCTP_STAT_INCR(sctps_recvauthmissing); |
6000 | 0 | goto out; |
6001 | 0 | } |
6002 | 7.86k | if (stcb == NULL) { |
6003 | | /* out of the blue DATA chunk */ |
6004 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6005 | | SCTP_PROBE5(receive, NULL, NULL, m, NULL, sh); |
6006 | | #endif |
6007 | 0 | SCTP_SNPRINTF(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); |
6008 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
6009 | 0 | msg); |
6010 | 0 | sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, |
6011 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6012 | | mflowtype, mflowid, fibnum, |
6013 | | #endif |
6014 | 0 | vrf_id, port); |
6015 | 0 | goto out; |
6016 | 0 | } |
6017 | 7.86k | if (stcb->asoc.my_vtag != ntohl(sh->v_tag)) { |
6018 | | /* v_tag mismatch! */ |
6019 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6020 | | SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); |
6021 | | #endif |
6022 | 7.86k | SCTP_STAT_INCR(sctps_badvtag); |
6023 | 7.86k | goto out; |
6024 | 7.86k | } |
6025 | 7.86k | } |
6026 | | |
6027 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6028 | | SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); |
6029 | | #endif |
6030 | 279k | if (stcb == NULL) { |
6031 | | /* |
6032 | | * no valid TCB for this packet, or we found it's a bad |
6033 | | * packet while processing control, or we're done with this |
6034 | | * packet (done or skip rest of data), so we drop it... |
6035 | | */ |
6036 | 275k | goto out; |
6037 | 275k | } |
6038 | 3.37k | #if defined(__Userspace__) |
6039 | 3.37k | if ((upcall_socket == NULL) && |
6040 | 0 | ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) && |
6041 | 0 | (stcb->sctp_socket != NULL)) { |
6042 | 0 | if (stcb->sctp_socket->so_head != NULL) { |
6043 | 0 | upcall_socket = stcb->sctp_socket->so_head; |
6044 | 0 | } else { |
6045 | 0 | upcall_socket = stcb->sctp_socket; |
6046 | 0 | } |
6047 | 0 | SOCK_LOCK(upcall_socket); |
6048 | 0 | soref(upcall_socket); |
6049 | 0 | SOCK_UNLOCK(upcall_socket); |
6050 | 0 | } |
6051 | 3.37k | #endif |
6052 | | |
6053 | | /* |
6054 | | * DATA chunk processing |
6055 | | */ |
6056 | | /* plow through the data chunks while length > offset */ |
6057 | | |
6058 | | /* |
6059 | | * Rest should be DATA only. Check authentication state if AUTH for |
6060 | | * DATA is required. |
6061 | | */ |
6062 | 3.37k | if ((length > offset) && |
6063 | 0 | (stcb != NULL) && |
6064 | 0 | sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks) && |
6065 | 0 | !stcb->asoc.authenticated) { |
6066 | | /* "silently" ignore */ |
6067 | 0 | SCTP_STAT_INCR(sctps_recvauthmissing); |
6068 | 0 | SCTPDBG(SCTP_DEBUG_AUTH1, |
6069 | 0 | "Data chunk requires AUTH, skipped\n"); |
6070 | 0 | goto trigger_send; |
6071 | 0 | } |
6072 | 3.37k | if (length > offset) { |
6073 | 0 | int retval; |
6074 | | |
6075 | | /* |
6076 | | * First check to make sure our state is correct. We would |
6077 | | * not get here unless we really did have a tag, so we don't |
6078 | | * abort if this happens, just dump the chunk silently. |
6079 | | */ |
6080 | 0 | switch (SCTP_GET_STATE(stcb)) { |
6081 | 0 | case SCTP_STATE_COOKIE_ECHOED: |
6082 | | /* |
6083 | | * we consider data with valid tags in this state |
6084 | | * shows us the cookie-ack was lost. Imply it was |
6085 | | * there. |
6086 | | */ |
6087 | 0 | sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, net); |
6088 | 0 | break; |
6089 | 0 | case SCTP_STATE_COOKIE_WAIT: |
6090 | | /* |
6091 | | * We consider OOTB any data sent during asoc setup. |
6092 | | */ |
6093 | 0 | SCTP_SNPRINTF(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); |
6094 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
6095 | 0 | msg); |
6096 | 0 | sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, |
6097 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6098 | | mflowtype, mflowid, inp->fibnum, |
6099 | | #endif |
6100 | 0 | vrf_id, port); |
6101 | 0 | goto out; |
6102 | | /*sa_ignore NOTREACHED*/ |
6103 | 0 | break; |
6104 | 0 | case SCTP_STATE_EMPTY: /* should not happen */ |
6105 | 0 | case SCTP_STATE_INUSE: /* should not happen */ |
6106 | 0 | case SCTP_STATE_SHUTDOWN_RECEIVED: /* This is a peer error */ |
6107 | 0 | case SCTP_STATE_SHUTDOWN_ACK_SENT: |
6108 | 0 | default: |
6109 | 0 | goto out; |
6110 | | /*sa_ignore NOTREACHED*/ |
6111 | 0 | break; |
6112 | 0 | case SCTP_STATE_OPEN: |
6113 | 0 | case SCTP_STATE_SHUTDOWN_SENT: |
6114 | 0 | break; |
6115 | 0 | } |
6116 | | /* plow through the data chunks while length > offset */ |
6117 | 0 | retval = sctp_process_data(mm, iphlen, &offset, length, |
6118 | 0 | inp, stcb, net, &high_tsn); |
6119 | 0 | if (retval == 2) { |
6120 | | /* |
6121 | | * The association aborted, NO UNLOCK needed since |
6122 | | * the association is destroyed. |
6123 | | */ |
6124 | 0 | stcb = NULL; |
6125 | 0 | goto out; |
6126 | 0 | } |
6127 | 0 | if (retval == 0) { |
6128 | 0 | data_processed = 1; |
6129 | 0 | } |
6130 | | /* |
6131 | | * Anything important needs to have been m_copy'ed in |
6132 | | * process_data |
6133 | | */ |
6134 | 0 | } |
6135 | | |
6136 | | /* take care of ecn */ |
6137 | 3.37k | if ((data_processed == 1) && |
6138 | 0 | (stcb->asoc.ecn_supported == 1) && |
6139 | 0 | ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS)) { |
6140 | | /* Yep, we need to add a ECNE */ |
6141 | 0 | sctp_send_ecn_echo(stcb, net, high_tsn); |
6142 | 0 | } |
6143 | | |
6144 | 3.37k | if ((data_processed == 0) && (fwd_tsn_seen)) { |
6145 | 0 | int was_a_gap; |
6146 | 0 | uint32_t highest_tsn; |
6147 | |
|
6148 | 0 | if (SCTP_TSN_GT(stcb->asoc.highest_tsn_inside_nr_map, stcb->asoc.highest_tsn_inside_map)) { |
6149 | 0 | highest_tsn = stcb->asoc.highest_tsn_inside_nr_map; |
6150 | 0 | } else { |
6151 | 0 | highest_tsn = stcb->asoc.highest_tsn_inside_map; |
6152 | 0 | } |
6153 | 0 | was_a_gap = SCTP_TSN_GT(highest_tsn, stcb->asoc.cumulative_tsn); |
6154 | 0 | stcb->asoc.send_sack = 1; |
6155 | 0 | sctp_sack_check(stcb, was_a_gap); |
6156 | 3.37k | } else if (fwd_tsn_seen) { |
6157 | 0 | stcb->asoc.send_sack = 1; |
6158 | 0 | } |
6159 | | /* trigger send of any chunks in queue... */ |
6160 | 3.37k | trigger_send: |
6161 | | #ifdef SCTP_AUDITING_ENABLED |
6162 | | sctp_audit_log(0xE0, 2); |
6163 | | sctp_auditing(1, inp, stcb, net); |
6164 | | #endif |
6165 | 3.37k | SCTPDBG(SCTP_DEBUG_INPUT1, |
6166 | 3.37k | "Check for chunk output prw:%d tqe:%d tf=%d\n", |
6167 | 3.37k | stcb->asoc.peers_rwnd, |
6168 | 3.37k | TAILQ_EMPTY(&stcb->asoc.control_send_queue), |
6169 | 3.37k | stcb->asoc.total_flight); |
6170 | 3.37k | un_sent = (stcb->asoc.total_output_queue_size - stcb->asoc.total_flight); |
6171 | 3.37k | if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue)) { |
6172 | 1.59k | cnt_ctrl_ready = stcb->asoc.ctrl_queue_cnt - stcb->asoc.ecn_echo_cnt_onq; |
6173 | 1.59k | } |
6174 | 3.37k | if (!TAILQ_EMPTY(&stcb->asoc.asconf_send_queue) || |
6175 | 3.37k | cnt_ctrl_ready || |
6176 | 1.77k | stcb->asoc.trigger_reset || |
6177 | 1.77k | ((un_sent > 0) && |
6178 | 1.77k | (stcb->asoc.peers_rwnd > 0 || stcb->asoc.total_flight == 0))) { |
6179 | 1.77k | SCTPDBG(SCTP_DEBUG_INPUT3, "Calling chunk OUTPUT\n"); |
6180 | 1.77k | sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED); |
6181 | 1.77k | SCTPDBG(SCTP_DEBUG_INPUT3, "chunk OUTPUT returns\n"); |
6182 | 1.77k | } |
6183 | | #ifdef SCTP_AUDITING_ENABLED |
6184 | | sctp_audit_log(0xE0, 3); |
6185 | | sctp_auditing(2, inp, stcb, net); |
6186 | | #endif |
6187 | 286k | out: |
6188 | 286k | if (stcb != NULL) { |
6189 | 11.2k | SCTP_TCB_UNLOCK(stcb); |
6190 | 11.2k | } |
6191 | 286k | #if defined(__Userspace__) |
6192 | 286k | if (upcall_socket != NULL) { |
6193 | 286k | if (upcall_socket->so_upcall != NULL) { |
6194 | 286k | if (soreadable(upcall_socket) || |
6195 | 285k | sowriteable(upcall_socket) || |
6196 | 270k | upcall_socket->so_error) { |
6197 | 15.9k | (*upcall_socket->so_upcall)(upcall_socket, upcall_socket->so_upcallarg, M_NOWAIT); |
6198 | 15.9k | } |
6199 | 286k | } |
6200 | 286k | ACCEPT_LOCK(); |
6201 | 286k | SOCK_LOCK(upcall_socket); |
6202 | 286k | sorele(upcall_socket); |
6203 | 286k | } |
6204 | 286k | #endif |
6205 | 286k | if (inp_decr != NULL) { |
6206 | | /* reduce ref-count */ |
6207 | 0 | SCTP_INP_WLOCK(inp_decr); |
6208 | 0 | SCTP_INP_DECR_REF(inp_decr); |
6209 | 0 | SCTP_INP_WUNLOCK(inp_decr); |
6210 | 0 | } |
6211 | 286k | return; |
6212 | 286k | } |
6213 | | |
6214 | | #ifdef INET |
6215 | | #if !defined(__Userspace__) |
6216 | | void |
6217 | | sctp_input_with_port(struct mbuf *i_pak, int off, uint16_t port) |
6218 | | { |
6219 | | struct mbuf *m; |
6220 | | int iphlen; |
6221 | | uint32_t vrf_id = 0; |
6222 | | uint8_t ecn_bits; |
6223 | | struct sockaddr_in src, dst; |
6224 | | struct ip *ip; |
6225 | | struct sctphdr *sh; |
6226 | | struct sctp_chunkhdr *ch; |
6227 | | int length, offset; |
6228 | | uint8_t compute_crc; |
6229 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6230 | | uint32_t mflowid; |
6231 | | uint8_t mflowtype; |
6232 | | uint16_t fibnum; |
6233 | | #endif |
6234 | | #if defined(__Userspace__) |
6235 | | uint16_t port = 0; |
6236 | | #endif |
6237 | | |
6238 | | iphlen = off; |
6239 | | if (SCTP_GET_PKT_VRFID(i_pak, vrf_id)) { |
6240 | | SCTP_RELEASE_PKT(i_pak); |
6241 | | return; |
6242 | | } |
6243 | | m = SCTP_HEADER_TO_CHAIN(i_pak); |
6244 | | #ifdef SCTP_MBUF_LOGGING |
6245 | | /* Log in any input mbufs */ |
6246 | | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { |
6247 | | sctp_log_mbc(m, SCTP_MBUF_INPUT); |
6248 | | } |
6249 | | #endif |
6250 | | #ifdef SCTP_PACKET_LOGGING |
6251 | | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) { |
6252 | | sctp_packet_log(m); |
6253 | | } |
6254 | | #endif |
6255 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6256 | | SCTPDBG(SCTP_DEBUG_CRCOFFLOAD, |
6257 | | "sctp_input(): Packet of length %d received on %s with csum_flags 0x%b.\n", |
6258 | | m->m_pkthdr.len, |
6259 | | if_name(m->m_pkthdr.rcvif), |
6260 | | (int)m->m_pkthdr.csum_flags, CSUM_BITS); |
6261 | | #endif |
6262 | | #if defined(__APPLE__) && !defined(__Userspace__) |
6263 | | SCTPDBG(SCTP_DEBUG_CRCOFFLOAD, |
6264 | | "sctp_input(): Packet of length %d received on %s%d with csum_flags 0x%x.\n", |
6265 | | m->m_pkthdr.len, |
6266 | | m->m_pkthdr.rcvif->if_name, |
6267 | | m->m_pkthdr.rcvif->if_unit, |
6268 | | m->m_pkthdr.csum_flags); |
6269 | | #endif |
6270 | | #if defined(_WIN32) && !defined(__Userspace__) |
6271 | | SCTPDBG(SCTP_DEBUG_CRCOFFLOAD, |
6272 | | "sctp_input(): Packet of length %d received on %s with csum_flags 0x%x.\n", |
6273 | | m->m_pkthdr.len, |
6274 | | m->m_pkthdr.rcvif->if_xname, |
6275 | | m->m_pkthdr.csum_flags); |
6276 | | #endif |
6277 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6278 | | mflowid = m->m_pkthdr.flowid; |
6279 | | mflowtype = M_HASHTYPE_GET(m); |
6280 | | fibnum = M_GETFIB(m); |
6281 | | #endif |
6282 | | SCTP_STAT_INCR(sctps_recvpackets); |
6283 | | SCTP_STAT_INCR_COUNTER64(sctps_inpackets); |
6284 | | /* Get IP, SCTP, and first chunk header together in the first mbuf. */ |
6285 | | offset = iphlen + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); |
6286 | | if (SCTP_BUF_LEN(m) < offset) { |
6287 | | if ((m = m_pullup(m, offset)) == NULL) { |
6288 | | SCTP_STAT_INCR(sctps_hdrops); |
6289 | | return; |
6290 | | } |
6291 | | } |
6292 | | ip = mtod(m, struct ip *); |
6293 | | sh = (struct sctphdr *)((caddr_t)ip + iphlen); |
6294 | | ch = (struct sctp_chunkhdr *)((caddr_t)sh + sizeof(struct sctphdr)); |
6295 | | offset -= sizeof(struct sctp_chunkhdr); |
6296 | | memset(&src, 0, sizeof(struct sockaddr_in)); |
6297 | | src.sin_family = AF_INET; |
6298 | | #ifdef HAVE_SIN_LEN |
6299 | | src.sin_len = sizeof(struct sockaddr_in); |
6300 | | #endif |
6301 | | src.sin_port = sh->src_port; |
6302 | | src.sin_addr = ip->ip_src; |
6303 | | memset(&dst, 0, sizeof(struct sockaddr_in)); |
6304 | | dst.sin_family = AF_INET; |
6305 | | #ifdef HAVE_SIN_LEN |
6306 | | dst.sin_len = sizeof(struct sockaddr_in); |
6307 | | #endif |
6308 | | dst.sin_port = sh->dest_port; |
6309 | | dst.sin_addr = ip->ip_dst; |
6310 | | #if defined(_WIN32) && !defined(__Userspace__) |
6311 | | NTOHS(ip->ip_len); |
6312 | | #endif |
6313 | | #if defined(__linux__) || (defined(_WIN32) && defined(__Userspace__)) |
6314 | | ip->ip_len = ntohs(ip->ip_len); |
6315 | | #endif |
6316 | | #if defined(__Userspace__) |
6317 | | #if defined(__linux__) || defined(_WIN32) |
6318 | | length = ip->ip_len; |
6319 | | #else |
6320 | | length = ip->ip_len + iphlen; |
6321 | | #endif |
6322 | | #elif defined(__FreeBSD__) |
6323 | | length = ntohs(ip->ip_len); |
6324 | | #elif defined(__APPLE__) |
6325 | | length = ip->ip_len + iphlen; |
6326 | | #else |
6327 | | length = ip->ip_len; |
6328 | | #endif |
6329 | | /* Validate mbuf chain length with IP payload length. */ |
6330 | | if (SCTP_HEADER_LEN(m) != length) { |
6331 | | SCTPDBG(SCTP_DEBUG_INPUT1, |
6332 | | "sctp_input() length:%d reported length:%d\n", length, SCTP_HEADER_LEN(m)); |
6333 | | SCTP_STAT_INCR(sctps_hdrops); |
6334 | | goto out; |
6335 | | } |
6336 | | /* SCTP does not allow broadcasts or multicasts */ |
6337 | | if (IN_MULTICAST(ntohl(dst.sin_addr.s_addr))) { |
6338 | | goto out; |
6339 | | } |
6340 | | if (SCTP_IS_IT_BROADCAST(dst.sin_addr, m)) { |
6341 | | goto out; |
6342 | | } |
6343 | | ecn_bits = ip->ip_tos; |
6344 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6345 | | if (m->m_pkthdr.csum_flags & (CSUM_SCTP_VALID | CSUM_IP_SCTP)) { |
6346 | | /* |
6347 | | * Packet with CSUM_IP_SCTP were sent from local host using |
6348 | | * checksum offloading. Checksum not required. |
6349 | | */ |
6350 | | SCTP_STAT_INCR(sctps_recvhwcrc); |
6351 | | compute_crc = 0; |
6352 | | } else { |
6353 | | #else |
6354 | | if (SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && |
6355 | | ((src.sin_addr.s_addr == dst.sin_addr.s_addr) || |
6356 | | (SCTP_IS_IT_LOOPBACK(m)))) { |
6357 | | SCTP_STAT_INCR(sctps_recvhwcrc); |
6358 | | compute_crc = 0; |
6359 | | } else { |
6360 | | #endif |
6361 | | SCTP_STAT_INCR(sctps_recvswcrc); |
6362 | | compute_crc = 1; |
6363 | | } |
6364 | | sctp_common_input_processing(&m, iphlen, offset, length, |
6365 | | (struct sockaddr *)&src, |
6366 | | (struct sockaddr *)&dst, |
6367 | | sh, ch, |
6368 | | compute_crc, |
6369 | | ecn_bits, |
6370 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6371 | | mflowtype, mflowid, fibnum, |
6372 | | #endif |
6373 | | vrf_id, port); |
6374 | | out: |
6375 | | if (m) { |
6376 | | sctp_m_freem(m); |
6377 | | } |
6378 | | return; |
6379 | | } |
6380 | | |
6381 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6382 | | #if defined(SCTP_MCORE_INPUT) && defined(SMP) |
6383 | | extern int *sctp_cpuarry; |
6384 | | #endif |
6385 | | #endif |
6386 | | |
6387 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6388 | | int |
6389 | | sctp_input(struct mbuf **mp, int *offp, int proto SCTP_UNUSED) |
6390 | | { |
6391 | | struct mbuf *m; |
6392 | | int off; |
6393 | | |
6394 | | m = *mp; |
6395 | | off = *offp; |
6396 | | #else |
6397 | | void |
6398 | | sctp_input(struct mbuf *m, int off) |
6399 | | { |
6400 | | #endif |
6401 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6402 | | #if defined(SCTP_MCORE_INPUT) && defined(SMP) |
6403 | | if (mp_ncpus > 1) { |
6404 | | struct ip *ip; |
6405 | | struct sctphdr *sh; |
6406 | | int offset; |
6407 | | int cpu_to_use; |
6408 | | uint32_t flowid, tag; |
6409 | | |
6410 | | if (M_HASHTYPE_GET(m) != M_HASHTYPE_NONE) { |
6411 | | flowid = m->m_pkthdr.flowid; |
6412 | | } else { |
6413 | | /* No flow id built by lower layers |
6414 | | * fix it so we create one. |
6415 | | */ |
6416 | | offset = off + sizeof(struct sctphdr); |
6417 | | if (SCTP_BUF_LEN(m) < offset) { |
6418 | | if ((m = m_pullup(m, offset)) == NULL) { |
6419 | | SCTP_STAT_INCR(sctps_hdrops); |
6420 | | return (IPPROTO_DONE); |
6421 | | } |
6422 | | } |
6423 | | ip = mtod(m, struct ip *); |
6424 | | sh = (struct sctphdr *)((caddr_t)ip + off); |
6425 | | tag = htonl(sh->v_tag); |
6426 | | flowid = tag ^ ntohs(sh->dest_port) ^ ntohs(sh->src_port); |
6427 | | m->m_pkthdr.flowid = flowid; |
6428 | | M_HASHTYPE_SET(m, M_HASHTYPE_OPAQUE_HASH); |
6429 | | } |
6430 | | cpu_to_use = sctp_cpuarry[flowid % mp_ncpus]; |
6431 | | sctp_queue_to_mcore(m, off, cpu_to_use); |
6432 | | return (IPPROTO_DONE); |
6433 | | } |
6434 | | #endif |
6435 | | #endif |
6436 | | sctp_input_with_port(m, off, 0); |
6437 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6438 | | return (IPPROTO_DONE); |
6439 | | #endif |
6440 | | } |
6441 | | #endif |
6442 | | #endif |