/src/usrsctp/usrsctplib/netinet/sctp_input.c
Line | Count | Source |
1 | | /*- |
2 | | * SPDX-License-Identifier: BSD-3-Clause |
3 | | * |
4 | | * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. |
5 | | * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. |
6 | | * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. |
7 | | * |
8 | | * Redistribution and use in source and binary forms, with or without |
9 | | * modification, are permitted provided that the following conditions are met: |
10 | | * |
11 | | * a) Redistributions of source code must retain the above copyright notice, |
12 | | * this list of conditions and the following disclaimer. |
13 | | * |
14 | | * b) Redistributions in binary form must reproduce the above copyright |
15 | | * notice, this list of conditions and the following disclaimer in |
16 | | * the documentation and/or other materials provided with the distribution. |
17 | | * |
18 | | * c) Neither the name of Cisco Systems, Inc. nor the names of its |
19 | | * contributors may be used to endorse or promote products derived |
20 | | * from this software without specific prior written permission. |
21 | | * |
22 | | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
23 | | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, |
24 | | * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
25 | | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE |
26 | | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
27 | | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
28 | | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
29 | | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
30 | | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
31 | | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF |
32 | | * THE POSSIBILITY OF SUCH DAMAGE. |
33 | | */ |
34 | | |
35 | | #include <netinet/sctp_os.h> |
36 | | #include <netinet/sctp_var.h> |
37 | | #include <netinet/sctp_sysctl.h> |
38 | | #include <netinet/sctp_pcb.h> |
39 | | #include <netinet/sctp_header.h> |
40 | | #include <netinet/sctputil.h> |
41 | | #include <netinet/sctp_output.h> |
42 | | #include <netinet/sctp_input.h> |
43 | | #include <netinet/sctp_auth.h> |
44 | | #include <netinet/sctp_indata.h> |
45 | | #include <netinet/sctp_asconf.h> |
46 | | #include <netinet/sctp_bsd_addr.h> |
47 | | #include <netinet/sctp_timer.h> |
48 | | #include <netinet/sctp_crc32.h> |
49 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
50 | | #include <netinet/sctp_kdtrace.h> |
51 | | #endif |
52 | | #if defined(INET) || defined(INET6) |
53 | | #if !defined(_WIN32) |
54 | | #include <netinet/udp.h> |
55 | | #endif |
56 | | #endif |
57 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
58 | | #include <sys/smp.h> |
59 | | #endif |
60 | | #if defined(_WIN32) && defined(__MINGW32__) |
61 | | #include <minmax.h> |
62 | | #endif |
63 | | |
64 | | static void |
65 | | sctp_stop_all_cookie_timers(struct sctp_tcb *stcb) |
66 | 35.8k | { |
67 | 35.8k | struct sctp_nets *net; |
68 | | |
69 | | /* This now not only stops all cookie timers |
70 | | * it also stops any INIT timers as well. This |
71 | | * will make sure that the timers are stopped in |
72 | | * all collision cases. |
73 | | */ |
74 | 35.8k | SCTP_TCB_LOCK_ASSERT(stcb); |
75 | 65.7k | TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { |
76 | 65.7k | if (net->rxt_timer.type == SCTP_TIMER_TYPE_COOKIE) { |
77 | 12.3k | sctp_timer_stop(SCTP_TIMER_TYPE_COOKIE, |
78 | 12.3k | stcb->sctp_ep, |
79 | 12.3k | stcb, |
80 | 12.3k | net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_1); |
81 | 53.4k | } else if (net->rxt_timer.type == SCTP_TIMER_TYPE_INIT) { |
82 | 24.6k | sctp_timer_stop(SCTP_TIMER_TYPE_INIT, |
83 | 24.6k | stcb->sctp_ep, |
84 | 24.6k | stcb, |
85 | 24.6k | net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_2); |
86 | 24.6k | } |
87 | 65.7k | } |
88 | 35.8k | } |
89 | | |
90 | | /* INIT handler */ |
91 | | static void |
92 | | sctp_handle_init(struct mbuf *m, int iphlen, int offset, |
93 | | struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, |
94 | | struct sctp_init_chunk *cp, struct sctp_inpcb *inp, |
95 | | struct sctp_tcb *stcb, struct sctp_nets *net, |
96 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
97 | | uint8_t mflowtype, uint32_t mflowid, |
98 | | #endif |
99 | | uint32_t vrf_id, uint16_t port) |
100 | 0 | { |
101 | 0 | struct sctp_init *init; |
102 | 0 | struct mbuf *op_err; |
103 | |
|
104 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_init: handling INIT tcb:%p\n", |
105 | 0 | (void *)stcb); |
106 | 0 | if (stcb == NULL) { |
107 | 0 | SCTP_INP_RLOCK(inp); |
108 | 0 | } |
109 | | /* Validate parameters */ |
110 | 0 | init = &cp->init; |
111 | 0 | if (ntohl(init->initiate_tag) == 0) { |
112 | 0 | goto outnow; |
113 | 0 | } |
114 | 0 | if ((ntohl(init->a_rwnd) < SCTP_MIN_RWND) || |
115 | 0 | (ntohs(init->num_inbound_streams) == 0) || |
116 | 0 | (ntohs(init->num_outbound_streams) == 0)) { |
117 | | /* protocol error... send abort */ |
118 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); |
119 | 0 | sctp_send_abort(m, iphlen, src, dst, sh, init->initiate_tag, op_err, |
120 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
121 | | mflowtype, mflowid, inp->fibnum, |
122 | | #endif |
123 | 0 | vrf_id, port); |
124 | 0 | goto outnow; |
125 | 0 | } |
126 | 0 | if (sctp_validate_init_auth_params(m, offset + sizeof(*cp), |
127 | 0 | offset + ntohs(cp->ch.chunk_length))) { |
128 | | /* auth parameter(s) error... send abort */ |
129 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
130 | 0 | "Problem with AUTH parameters"); |
131 | 0 | sctp_send_abort(m, iphlen, src, dst, sh, init->initiate_tag, op_err, |
132 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
133 | | mflowtype, mflowid, inp->fibnum, |
134 | | #endif |
135 | 0 | vrf_id, port); |
136 | 0 | goto outnow; |
137 | 0 | } |
138 | | /* We are only accepting if we have a listening socket.*/ |
139 | 0 | if ((stcb == NULL) && |
140 | 0 | ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || |
141 | 0 | (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || |
142 | 0 | (!SCTP_IS_LISTENING(inp)))) { |
143 | | /* |
144 | | * FIX ME ?? What about TCP model and we have a |
145 | | * match/restart case? Actually no fix is needed. |
146 | | * the lookup will always find the existing assoc so stcb |
147 | | * would not be NULL. It may be questionable to do this |
148 | | * since we COULD just send back the INIT-ACK and hope that |
149 | | * the app did accept()'s by the time the COOKIE was sent. But |
150 | | * there is a price to pay for COOKIE generation and I don't |
151 | | * want to pay it on the chance that the app will actually do |
152 | | * some accepts(). The App just looses and should NOT be in |
153 | | * this state :-) |
154 | | */ |
155 | 0 | if (SCTP_BASE_SYSCTL(sctp_blackhole) == 0) { |
156 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
157 | 0 | "No listener"); |
158 | 0 | sctp_send_abort(m, iphlen, src, dst, sh, 0, op_err, |
159 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
160 | | mflowtype, mflowid, inp->fibnum, |
161 | | #endif |
162 | 0 | vrf_id, port); |
163 | 0 | } |
164 | 0 | goto outnow; |
165 | 0 | } |
166 | 0 | if ((stcb != NULL) && |
167 | 0 | (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT)) { |
168 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending SHUTDOWN-ACK\n"); |
169 | 0 | sctp_send_shutdown_ack(stcb, NULL); |
170 | 0 | sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED); |
171 | 0 | } else { |
172 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, "sctp_handle_init: sending INIT-ACK\n"); |
173 | 0 | sctp_send_initiate_ack(inp, stcb, net, m, iphlen, offset, |
174 | 0 | src, dst, sh, cp, |
175 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
176 | | mflowtype, mflowid, |
177 | | #endif |
178 | 0 | vrf_id, port); |
179 | 0 | } |
180 | 0 | outnow: |
181 | 0 | if (stcb == NULL) { |
182 | 0 | SCTP_INP_RUNLOCK(inp); |
183 | 0 | } |
184 | 0 | } |
185 | | |
186 | | /* |
187 | | * process peer "INIT/INIT-ACK" chunk returns value < 0 on error |
188 | | */ |
189 | | |
190 | | int |
191 | | sctp_is_there_unsent_data(struct sctp_tcb *stcb, int so_locked) |
192 | 8.71k | { |
193 | 8.71k | int unsent_data; |
194 | 8.71k | unsigned int i; |
195 | 8.71k | struct sctp_stream_queue_pending *sp; |
196 | 8.71k | struct sctp_association *asoc; |
197 | | |
198 | 8.71k | SCTP_TCB_LOCK_ASSERT(stcb); |
199 | | |
200 | | /* This function returns if any stream has true unsent data on it. |
201 | | * Note that as it looks through it will clean up any places that |
202 | | * have old data that has been sent but left at top of stream queue. |
203 | | */ |
204 | 8.71k | asoc = &stcb->asoc; |
205 | 8.71k | unsent_data = 0; |
206 | 8.71k | if (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc)) { |
207 | | /* Check to see if some data queued */ |
208 | 2.39k | for (i = 0; i < stcb->asoc.streamoutcnt; i++) { |
209 | | /*sa_ignore FREED_MEMORY*/ |
210 | 2.39k | sp = TAILQ_FIRST(&stcb->asoc.strmout[i].outqueue); |
211 | 2.39k | if (sp == NULL) { |
212 | 0 | continue; |
213 | 0 | } |
214 | 2.39k | if ((sp->msg_is_complete) && |
215 | 2.39k | (sp->length == 0) && |
216 | 0 | (sp->sender_all_done)) { |
217 | | /* We are doing differed cleanup. Last |
218 | | * time through when we took all the data |
219 | | * the sender_all_done was not set. |
220 | | */ |
221 | 0 | if (sp->put_last_out == 0) { |
222 | 0 | SCTP_PRINTF("Gak, put out entire msg with NO end!-1\n"); |
223 | 0 | SCTP_PRINTF("sender_done:%d len:%d msg_comp:%d put_last_out:%d\n", |
224 | 0 | sp->sender_all_done, |
225 | 0 | sp->length, |
226 | 0 | sp->msg_is_complete, |
227 | 0 | sp->put_last_out); |
228 | 0 | } |
229 | 0 | atomic_subtract_int(&stcb->asoc.stream_queue_cnt, 1); |
230 | 0 | TAILQ_REMOVE(&stcb->asoc.strmout[i].outqueue, sp, next); |
231 | 0 | stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, &asoc->strmout[i], sp); |
232 | 0 | if (sp->net) { |
233 | 0 | sctp_free_remote_addr(sp->net); |
234 | 0 | sp->net = NULL; |
235 | 0 | } |
236 | 0 | if (sp->data) { |
237 | 0 | sctp_m_freem(sp->data); |
238 | 0 | sp->data = NULL; |
239 | 0 | } |
240 | 0 | sctp_free_a_strmoq(stcb, sp, so_locked); |
241 | 0 | if (!TAILQ_EMPTY(&stcb->asoc.strmout[i].outqueue)) { |
242 | 0 | unsent_data++; |
243 | 0 | } |
244 | 2.39k | } else { |
245 | 2.39k | unsent_data++; |
246 | 2.39k | } |
247 | 2.39k | if (unsent_data > 0) { |
248 | 2.39k | break; |
249 | 2.39k | } |
250 | 2.39k | } |
251 | 2.39k | } |
252 | 8.71k | return (unsent_data); |
253 | 8.71k | } |
254 | | |
255 | | static int |
256 | | sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb) |
257 | 8.20k | { |
258 | 8.20k | struct sctp_init *init; |
259 | 8.20k | struct sctp_association *asoc; |
260 | 8.20k | struct sctp_nets *lnet; |
261 | 8.20k | unsigned int i; |
262 | | |
263 | 8.20k | SCTP_TCB_LOCK_ASSERT(stcb); |
264 | | |
265 | 8.20k | init = &cp->init; |
266 | 8.20k | asoc = &stcb->asoc; |
267 | | /* save off parameters */ |
268 | 8.20k | asoc->peer_vtag = ntohl(init->initiate_tag); |
269 | 8.20k | asoc->peers_rwnd = ntohl(init->a_rwnd); |
270 | | /* init tsn's */ |
271 | 8.20k | asoc->highest_tsn_inside_map = asoc->asconf_seq_in = ntohl(init->initial_tsn) - 1; |
272 | | |
273 | 8.20k | if (!TAILQ_EMPTY(&asoc->nets)) { |
274 | | /* update any ssthresh's that may have a default */ |
275 | 8.20k | TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) { |
276 | 8.20k | lnet->ssthresh = asoc->peers_rwnd; |
277 | 8.20k | if (SCTP_BASE_SYSCTL(sctp_logging_level) & (SCTP_CWND_MONITOR_ENABLE|SCTP_CWND_LOGGING_ENABLE)) { |
278 | 0 | sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_INITIALIZATION); |
279 | 0 | } |
280 | 8.20k | } |
281 | 8.20k | } |
282 | 8.20k | if (asoc->pre_open_streams > ntohs(init->num_inbound_streams)) { |
283 | 481 | unsigned int newcnt; |
284 | 481 | struct sctp_stream_out *outs; |
285 | 481 | struct sctp_stream_queue_pending *sp, *nsp; |
286 | 481 | struct sctp_tmit_chunk *chk, *nchk; |
287 | | |
288 | | /* abandon the upper streams */ |
289 | 481 | newcnt = ntohs(init->num_inbound_streams); |
290 | 481 | TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { |
291 | 0 | if (chk->rec.data.sid >= newcnt) { |
292 | 0 | TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); |
293 | 0 | asoc->send_queue_cnt--; |
294 | 0 | if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { |
295 | 0 | asoc->strmout[chk->rec.data.sid].chunks_on_queues--; |
296 | 0 | #ifdef INVARIANTS |
297 | 0 | } else { |
298 | 0 | panic("No chunks on the queues for sid %u.", chk->rec.data.sid); |
299 | 0 | #endif |
300 | 0 | } |
301 | 0 | if (chk->data != NULL) { |
302 | 0 | sctp_free_bufspace(stcb, asoc, chk, 1); |
303 | 0 | sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, |
304 | 0 | 0, chk, SCTP_SO_NOT_LOCKED); |
305 | 0 | if (chk->data) { |
306 | 0 | sctp_m_freem(chk->data); |
307 | 0 | chk->data = NULL; |
308 | 0 | } |
309 | 0 | } |
310 | 0 | sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); |
311 | | /*sa_ignore FREED_MEMORY*/ |
312 | 0 | } |
313 | 0 | } |
314 | 481 | if (asoc->strmout) { |
315 | 75.0k | for (i = newcnt; i < asoc->pre_open_streams; i++) { |
316 | 74.6k | outs = &asoc->strmout[i]; |
317 | 74.6k | TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) { |
318 | 0 | atomic_subtract_int(&stcb->asoc.stream_queue_cnt, 1); |
319 | 0 | TAILQ_REMOVE(&outs->outqueue, sp, next); |
320 | 0 | stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, outs, sp); |
321 | 0 | sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, |
322 | 0 | stcb, 0, sp, SCTP_SO_NOT_LOCKED); |
323 | 0 | if (sp->data) { |
324 | 0 | sctp_m_freem(sp->data); |
325 | 0 | sp->data = NULL; |
326 | 0 | } |
327 | 0 | if (sp->net) { |
328 | 0 | sctp_free_remote_addr(sp->net); |
329 | 0 | sp->net = NULL; |
330 | 0 | } |
331 | | /* Free the chunk */ |
332 | 0 | sctp_free_a_strmoq(stcb, sp, SCTP_SO_NOT_LOCKED); |
333 | | /*sa_ignore FREED_MEMORY*/ |
334 | 0 | } |
335 | 74.6k | outs->state = SCTP_STREAM_CLOSED; |
336 | 74.6k | } |
337 | 481 | } |
338 | | /* cut back the count */ |
339 | 481 | asoc->pre_open_streams = newcnt; |
340 | 481 | } |
341 | 8.20k | asoc->streamoutcnt = asoc->pre_open_streams; |
342 | 8.20k | if (asoc->strmout) { |
343 | 2.04M | for (i = 0; i < asoc->streamoutcnt; i++) { |
344 | 2.03M | asoc->strmout[i].state = SCTP_STREAM_OPEN; |
345 | 2.03M | } |
346 | 8.20k | } |
347 | | /* EY - nr_sack: initialize highest tsn in nr_mapping_array */ |
348 | 8.20k | asoc->highest_tsn_inside_nr_map = asoc->highest_tsn_inside_map; |
349 | 8.20k | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) { |
350 | 0 | sctp_log_map(0, 5, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT); |
351 | 0 | } |
352 | | /* This is the next one we expect */ |
353 | 8.20k | asoc->str_reset_seq_in = asoc->asconf_seq_in + 1; |
354 | | |
355 | 8.20k | asoc->mapping_array_base_tsn = ntohl(init->initial_tsn); |
356 | 8.20k | asoc->tsn_last_delivered = asoc->cumulative_tsn = asoc->asconf_seq_in; |
357 | | |
358 | 8.20k | asoc->advanced_peer_ack_point = asoc->last_acked_seq; |
359 | | /* open the requested streams */ |
360 | | |
361 | 8.20k | if (asoc->strmin != NULL) { |
362 | | /* Free the old ones */ |
363 | 0 | for (i = 0; i < asoc->streamincnt; i++) { |
364 | 0 | sctp_clean_up_stream(stcb, &asoc->strmin[i].inqueue); |
365 | 0 | sctp_clean_up_stream(stcb, &asoc->strmin[i].uno_inqueue); |
366 | 0 | } |
367 | 0 | SCTP_FREE(asoc->strmin, SCTP_M_STRMI); |
368 | 0 | } |
369 | 8.20k | if (asoc->max_inbound_streams > ntohs(init->num_outbound_streams)) { |
370 | 332 | asoc->streamincnt = ntohs(init->num_outbound_streams); |
371 | 7.87k | } else { |
372 | 7.87k | asoc->streamincnt = asoc->max_inbound_streams; |
373 | 7.87k | } |
374 | 8.20k | SCTP_MALLOC(asoc->strmin, struct sctp_stream_in *, asoc->streamincnt * |
375 | 8.20k | sizeof(struct sctp_stream_in), SCTP_M_STRMI); |
376 | 8.20k | if (asoc->strmin == NULL) { |
377 | | /* we didn't get memory for the streams! */ |
378 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "process_init: couldn't get memory for the streams!\n"); |
379 | 0 | return (-1); |
380 | 0 | } |
381 | 2.05M | for (i = 0; i < asoc->streamincnt; i++) { |
382 | 2.04M | asoc->strmin[i].sid = i; |
383 | 2.04M | asoc->strmin[i].last_mid_delivered = 0xffffffff; |
384 | 2.04M | TAILQ_INIT(&asoc->strmin[i].inqueue); |
385 | 2.04M | TAILQ_INIT(&asoc->strmin[i].uno_inqueue); |
386 | 2.04M | asoc->strmin[i].pd_api_started = 0; |
387 | 2.04M | asoc->strmin[i].delivery_started = 0; |
388 | 2.04M | } |
389 | | /* |
390 | | * load_address_from_init will put the addresses into the |
391 | | * association when the COOKIE is processed or the INIT-ACK is |
392 | | * processed. Both types of COOKIE's existing and new call this |
393 | | * routine. It will remove addresses that are no longer in the |
394 | | * association (for the restarting case where addresses are |
395 | | * removed). Up front when the INIT arrives we will discard it if it |
396 | | * is a restart and new addresses have been added. |
397 | | */ |
398 | | /* sa_ignore MEMLEAK */ |
399 | 8.20k | return (0); |
400 | 8.20k | } |
401 | | |
402 | | /* |
403 | | * INIT-ACK message processing/consumption returns value < 0 on error |
404 | | */ |
405 | | static int |
406 | | sctp_process_init_ack(struct mbuf *m, int iphlen, int offset, |
407 | | struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, |
408 | | struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb, |
409 | | struct sctp_nets *net, int *abort_no_unlock, |
410 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
411 | | uint8_t mflowtype, uint32_t mflowid, |
412 | | #endif |
413 | | uint32_t vrf_id) |
414 | 8.45k | { |
415 | 8.45k | struct sctp_association *asoc; |
416 | 8.45k | struct mbuf *op_err; |
417 | 8.45k | int retval, abort_flag, cookie_found; |
418 | 8.45k | int initack_limit; |
419 | 8.45k | int nat_friendly = 0; |
420 | | |
421 | | /* First verify that we have no illegal param's */ |
422 | 8.45k | abort_flag = 0; |
423 | 8.45k | cookie_found = 0; |
424 | | |
425 | 8.45k | op_err = sctp_arethere_unrecognized_parameters(m, |
426 | 8.45k | (offset + sizeof(struct sctp_init_chunk)), |
427 | 8.45k | &abort_flag, (struct sctp_chunkhdr *)cp, |
428 | 8.45k | &nat_friendly, &cookie_found, NULL); |
429 | 8.45k | if (abort_flag) { |
430 | | /* Send an abort and notify peer */ |
431 | 86 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
432 | 86 | src, dst, sh, op_err, |
433 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
434 | | mflowtype, mflowid, |
435 | | #endif |
436 | 86 | vrf_id, net->port); |
437 | 86 | *abort_no_unlock = 1; |
438 | 86 | return (-1); |
439 | 86 | } |
440 | 8.37k | if (!cookie_found) { |
441 | 164 | uint16_t len; |
442 | | |
443 | | /* Only report the missing cookie parameter */ |
444 | 164 | if (op_err != NULL) { |
445 | 47 | sctp_m_freem(op_err); |
446 | 47 | } |
447 | 164 | len = (uint16_t)(sizeof(struct sctp_error_missing_param) + sizeof(uint16_t)); |
448 | | /* We abort with an error of missing mandatory param */ |
449 | 164 | op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); |
450 | 164 | if (op_err != NULL) { |
451 | 164 | struct sctp_error_missing_param *cause; |
452 | | |
453 | 164 | SCTP_BUF_LEN(op_err) = len; |
454 | 164 | cause = mtod(op_err, struct sctp_error_missing_param *); |
455 | | /* Subtract the reserved param */ |
456 | 164 | cause->cause.code = htons(SCTP_CAUSE_MISSING_PARAM); |
457 | 164 | cause->cause.length = htons(len); |
458 | 164 | cause->num_missing_params = htonl(1); |
459 | 164 | cause->type[0] = htons(SCTP_STATE_COOKIE); |
460 | 164 | } |
461 | 164 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
462 | 164 | src, dst, sh, op_err, |
463 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
464 | | mflowtype, mflowid, |
465 | | #endif |
466 | 164 | vrf_id, net->port); |
467 | 164 | *abort_no_unlock = 1; |
468 | 164 | return (-3); |
469 | 164 | } |
470 | 8.20k | asoc = &stcb->asoc; |
471 | 8.20k | asoc->peer_supports_nat = (uint8_t)nat_friendly; |
472 | | /* process the peer's parameters in the INIT-ACK */ |
473 | 8.20k | if (sctp_process_init((struct sctp_init_chunk *)cp, stcb) < 0) { |
474 | 0 | if (op_err != NULL) { |
475 | 0 | sctp_m_freem(op_err); |
476 | 0 | } |
477 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
478 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_process_init() failed\n"); |
479 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
480 | 0 | src, dst, sh, op_err, |
481 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
482 | | mflowtype, mflowid, |
483 | | #endif |
484 | 0 | vrf_id, net->port); |
485 | 0 | *abort_no_unlock = 1; |
486 | 0 | return (-1); |
487 | 0 | } |
488 | 8.20k | initack_limit = offset + ntohs(cp->ch.chunk_length); |
489 | | /* load all addresses */ |
490 | 8.20k | if ((retval = sctp_load_addresses_from_init(stcb, m, |
491 | 8.20k | offset + sizeof(struct sctp_init_chunk), |
492 | 8.20k | initack_limit, src, dst, NULL, stcb->asoc.port)) < 0) { |
493 | 193 | if (op_err != NULL) { |
494 | 70 | sctp_m_freem(op_err); |
495 | 70 | } |
496 | 193 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
497 | 193 | "Problem with address parameters"); |
498 | 193 | SCTPDBG(SCTP_DEBUG_INPUT1, |
499 | 193 | "Load addresses from INIT causes an abort %d\n", |
500 | 193 | retval); |
501 | 193 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
502 | 193 | src, dst, sh, op_err, |
503 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
504 | | mflowtype, mflowid, |
505 | | #endif |
506 | 193 | vrf_id, net->port); |
507 | 193 | *abort_no_unlock = 1; |
508 | 193 | return (-1); |
509 | 193 | } |
510 | | /* if the peer doesn't support asconf, flush the asconf queue */ |
511 | 8.01k | if (asoc->asconf_supported == 0) { |
512 | 561 | struct sctp_asconf_addr *param, *nparam; |
513 | | |
514 | 561 | TAILQ_FOREACH_SAFE(param, &asoc->asconf_queue, next, nparam) { |
515 | 0 | TAILQ_REMOVE(&asoc->asconf_queue, param, next); |
516 | 0 | SCTP_FREE(param, SCTP_M_ASC_ADDR); |
517 | 0 | } |
518 | 561 | } |
519 | | |
520 | 8.01k | stcb->asoc.peer_hmac_id = sctp_negotiate_hmacid(stcb->asoc.peer_hmacs, |
521 | 8.01k | stcb->asoc.local_hmacs); |
522 | 8.01k | if (op_err) { |
523 | 208 | sctp_queue_op_err(stcb, op_err); |
524 | | /* queuing will steal away the mbuf chain to the out queue */ |
525 | 208 | op_err = NULL; |
526 | 208 | } |
527 | | /* extract the cookie and queue it to "echo" it back... */ |
528 | 8.01k | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) { |
529 | 0 | sctp_misc_ints(SCTP_THRESHOLD_CLEAR, |
530 | 0 | stcb->asoc.overall_error_count, |
531 | 0 | 0, |
532 | 0 | SCTP_FROM_SCTP_INPUT, |
533 | 0 | __LINE__); |
534 | 0 | } |
535 | | |
536 | | /* |
537 | | * Cancel the INIT timer, We do this first before queueing the |
538 | | * cookie. We always cancel at the primary to assume that we are |
539 | | * canceling the timer started by the INIT which always goes to the |
540 | | * primary. |
541 | | */ |
542 | 8.01k | sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep, stcb, |
543 | 8.01k | asoc->primary_destination, SCTP_FROM_SCTP_INPUT + SCTP_LOC_3); |
544 | | |
545 | | /* calculate the RTO */ |
546 | 8.01k | if (asoc->overall_error_count == 0) { |
547 | 8.01k | sctp_calculate_rto(stcb, asoc, net, &asoc->time_entered, |
548 | 8.01k | SCTP_RTT_FROM_NON_DATA); |
549 | 8.01k | } |
550 | 8.01k | stcb->asoc.overall_error_count = 0; |
551 | 8.01k | net->error_count = 0; |
552 | 8.01k | #if defined(__Userspace__) |
553 | 8.01k | if (stcb->sctp_ep->recv_callback) { |
554 | 0 | if (stcb->sctp_socket) { |
555 | 0 | uint32_t inqueue_bytes, sb_free_now; |
556 | 0 | struct sctp_inpcb *inp; |
557 | |
|
558 | 0 | inp = stcb->sctp_ep; |
559 | 0 | inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * sizeof(struct sctp_data_chunk)); |
560 | 0 | sb_free_now = SCTP_SB_LIMIT_SND(stcb->sctp_socket) - (inqueue_bytes + stcb->asoc.sb_send_resv); |
561 | | |
562 | | /* check if the amount free in the send socket buffer crossed the threshold */ |
563 | 0 | if (inp->send_callback && |
564 | 0 | (((inp->send_sb_threshold > 0) && |
565 | 0 | (sb_free_now >= inp->send_sb_threshold) && |
566 | 0 | (stcb->asoc.chunks_on_out_queue <= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) || |
567 | 0 | (inp->send_sb_threshold == 0))) { |
568 | 0 | atomic_add_int(&stcb->asoc.refcnt, 1); |
569 | 0 | SCTP_TCB_UNLOCK(stcb); |
570 | 0 | inp->send_callback(stcb->sctp_socket, sb_free_now, inp->ulp_info); |
571 | 0 | SCTP_TCB_LOCK(stcb); |
572 | 0 | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
573 | 0 | } |
574 | 0 | } |
575 | 0 | } |
576 | 8.01k | #endif |
577 | 8.01k | retval = sctp_send_cookie_echo(m, offset, initack_limit, stcb, net); |
578 | 8.01k | return (retval); |
579 | 8.01k | } |
580 | | |
581 | | static void |
582 | | sctp_handle_heartbeat_ack(struct sctp_heartbeat_chunk *cp, |
583 | | struct sctp_tcb *stcb, struct sctp_nets *net) |
584 | 4.38k | { |
585 | 4.38k | union sctp_sockstore store; |
586 | 4.38k | struct sctp_nets *r_net, *f_net; |
587 | 4.38k | struct timeval tv; |
588 | 4.38k | int req_prim = 0; |
589 | 4.38k | uint16_t old_error_counter; |
590 | | |
591 | 4.38k | if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_heartbeat_chunk)) { |
592 | | /* Invalid length */ |
593 | 0 | return; |
594 | 0 | } |
595 | | |
596 | 4.38k | memset(&store, 0, sizeof(store)); |
597 | 4.38k | switch (cp->heartbeat.hb_info.addr_family) { |
598 | 0 | #ifdef INET |
599 | 1.61k | case AF_INET: |
600 | 1.61k | if (cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in)) { |
601 | 1.55k | store.sin.sin_family = cp->heartbeat.hb_info.addr_family; |
602 | | #ifdef HAVE_SIN_LEN |
603 | | store.sin.sin_len = cp->heartbeat.hb_info.addr_len; |
604 | | #endif |
605 | 1.55k | store.sin.sin_port = stcb->rport; |
606 | 1.55k | memcpy(&store.sin.sin_addr, cp->heartbeat.hb_info.address, |
607 | 1.55k | sizeof(store.sin.sin_addr)); |
608 | 1.55k | } else { |
609 | 57 | return; |
610 | 57 | } |
611 | 1.55k | break; |
612 | 1.55k | #endif |
613 | 1.55k | #ifdef INET6 |
614 | 1.55k | case AF_INET6: |
615 | 295 | if (cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_in6)) { |
616 | 34 | store.sin6.sin6_family = cp->heartbeat.hb_info.addr_family; |
617 | | #ifdef HAVE_SIN6_LEN |
618 | | store.sin6.sin6_len = cp->heartbeat.hb_info.addr_len; |
619 | | #endif |
620 | 34 | store.sin6.sin6_port = stcb->rport; |
621 | 34 | memcpy(&store.sin6.sin6_addr, cp->heartbeat.hb_info.address, sizeof(struct in6_addr)); |
622 | 261 | } else { |
623 | 261 | return; |
624 | 261 | } |
625 | 34 | break; |
626 | 34 | #endif |
627 | 34 | #if defined(__Userspace__) |
628 | 1.92k | case AF_CONN: |
629 | 1.92k | if (cp->heartbeat.hb_info.addr_len == sizeof(struct sockaddr_conn)) { |
630 | 1.84k | store.sconn.sconn_family = cp->heartbeat.hb_info.addr_family; |
631 | | #ifdef HAVE_SCONN_LEN |
632 | | store.sconn.sconn_len = cp->heartbeat.hb_info.addr_len; |
633 | | #endif |
634 | 1.84k | store.sconn.sconn_port = stcb->rport; |
635 | 1.84k | memcpy(&store.sconn.sconn_addr, cp->heartbeat.hb_info.address, sizeof(void *)); |
636 | 1.84k | } else { |
637 | 72 | return; |
638 | 72 | } |
639 | 1.84k | break; |
640 | 1.84k | #endif |
641 | 1.84k | default: |
642 | 555 | return; |
643 | 4.38k | } |
644 | 3.43k | r_net = sctp_findnet(stcb, &store.sa); |
645 | 3.43k | if (r_net == NULL) { |
646 | 642 | SCTPDBG(SCTP_DEBUG_INPUT1, "Huh? I can't find the address I sent it to, discard\n"); |
647 | 642 | return; |
648 | 642 | } |
649 | 2.79k | if ((r_net && (r_net->dest_state & SCTP_ADDR_UNCONFIRMED)) && |
650 | 540 | (r_net->heartbeat_random1 == cp->heartbeat.hb_info.random_value1) && |
651 | 202 | (r_net->heartbeat_random2 == cp->heartbeat.hb_info.random_value2)) { |
652 | | /* |
653 | | * If the its a HB and it's random value is correct when can |
654 | | * confirm the destination. |
655 | | */ |
656 | 46 | r_net->dest_state &= ~SCTP_ADDR_UNCONFIRMED; |
657 | 46 | if (r_net->dest_state & SCTP_ADDR_REQ_PRIMARY) { |
658 | 0 | stcb->asoc.primary_destination = r_net; |
659 | 0 | r_net->dest_state &= ~SCTP_ADDR_REQ_PRIMARY; |
660 | 0 | f_net = TAILQ_FIRST(&stcb->asoc.nets); |
661 | 0 | if (f_net != r_net) { |
662 | | /* first one on the list is NOT the primary |
663 | | * sctp_cmpaddr() is much more efficient if |
664 | | * the primary is the first on the list, make it |
665 | | * so. |
666 | | */ |
667 | 0 | TAILQ_REMOVE(&stcb->asoc.nets, r_net, sctp_next); |
668 | 0 | TAILQ_INSERT_HEAD(&stcb->asoc.nets, r_net, sctp_next); |
669 | 0 | } |
670 | 0 | req_prim = 1; |
671 | 0 | } |
672 | 46 | sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, |
673 | 46 | stcb, 0, (void *)r_net, SCTP_SO_NOT_LOCKED); |
674 | 46 | sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, |
675 | 46 | r_net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_4); |
676 | 46 | sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, r_net); |
677 | 46 | } |
678 | 2.79k | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) { |
679 | 0 | sctp_misc_ints(SCTP_THRESHOLD_CLEAR, |
680 | 0 | stcb->asoc.overall_error_count, |
681 | 0 | 0, |
682 | 0 | SCTP_FROM_SCTP_INPUT, |
683 | 0 | __LINE__); |
684 | 0 | } |
685 | 2.79k | stcb->asoc.overall_error_count = 0; |
686 | 2.79k | old_error_counter = r_net->error_count; |
687 | 2.79k | r_net->error_count = 0; |
688 | 2.79k | r_net->hb_responded = 1; |
689 | 2.79k | tv.tv_sec = cp->heartbeat.hb_info.time_value_1; |
690 | 2.79k | tv.tv_usec = cp->heartbeat.hb_info.time_value_2; |
691 | | /* Now lets do a RTO with this */ |
692 | 2.79k | sctp_calculate_rto(stcb, &stcb->asoc, r_net, &tv, |
693 | 2.79k | SCTP_RTT_FROM_NON_DATA); |
694 | 2.79k | if ((r_net->dest_state & SCTP_ADDR_REACHABLE) == 0) { |
695 | 0 | r_net->dest_state |= SCTP_ADDR_REACHABLE; |
696 | 0 | sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_UP, stcb, |
697 | 0 | 0, (void *)r_net, SCTP_SO_NOT_LOCKED); |
698 | 0 | } |
699 | 2.79k | if (r_net->dest_state & SCTP_ADDR_PF) { |
700 | 0 | r_net->dest_state &= ~SCTP_ADDR_PF; |
701 | 0 | stcb->asoc.cc_functions.sctp_cwnd_update_exit_pf(stcb, net); |
702 | 0 | } |
703 | 2.79k | if (old_error_counter > 0) { |
704 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, |
705 | 0 | stcb, r_net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_5); |
706 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, r_net); |
707 | 0 | } |
708 | 2.79k | if (r_net == stcb->asoc.primary_destination) { |
709 | 2.01k | if (stcb->asoc.alternate) { |
710 | | /* release the alternate, primary is good */ |
711 | 440 | sctp_free_remote_addr(stcb->asoc.alternate); |
712 | 440 | stcb->asoc.alternate = NULL; |
713 | 440 | } |
714 | 2.01k | } |
715 | | /* Mobility adaptation */ |
716 | 2.79k | if (req_prim) { |
717 | 0 | if ((sctp_is_mobility_feature_on(stcb->sctp_ep, |
718 | 0 | SCTP_MOBILITY_BASE) || |
719 | 0 | sctp_is_mobility_feature_on(stcb->sctp_ep, |
720 | 0 | SCTP_MOBILITY_FASTHANDOFF)) && |
721 | 0 | sctp_is_mobility_feature_on(stcb->sctp_ep, |
722 | 0 | SCTP_MOBILITY_PRIM_DELETED)) { |
723 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_PRIM_DELETED, |
724 | 0 | stcb->sctp_ep, stcb, NULL, |
725 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_6); |
726 | 0 | if (sctp_is_mobility_feature_on(stcb->sctp_ep, |
727 | 0 | SCTP_MOBILITY_FASTHANDOFF)) { |
728 | 0 | sctp_assoc_immediate_retrans(stcb, |
729 | 0 | stcb->asoc.primary_destination); |
730 | 0 | } |
731 | 0 | if (sctp_is_mobility_feature_on(stcb->sctp_ep, |
732 | 0 | SCTP_MOBILITY_BASE)) { |
733 | 0 | sctp_move_chunks_from_net(stcb, |
734 | 0 | stcb->asoc.deleted_primary); |
735 | 0 | } |
736 | 0 | sctp_delete_prim_timer(stcb->sctp_ep, stcb); |
737 | 0 | } |
738 | 0 | } |
739 | 2.79k | } |
740 | | |
741 | | static int |
742 | | sctp_handle_nat_colliding_state(struct sctp_tcb *stcb) |
743 | 19.6k | { |
744 | | /* |
745 | | * Return 0 means we want you to proceed with the abort |
746 | | * non-zero means no abort processing. |
747 | | */ |
748 | 19.6k | uint32_t new_vtag; |
749 | 19.6k | struct sctpasochead *head; |
750 | | |
751 | 19.6k | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || |
752 | 17.6k | (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { |
753 | 17.6k | atomic_add_int(&stcb->asoc.refcnt, 1); |
754 | 17.6k | SCTP_TCB_UNLOCK(stcb); |
755 | 17.6k | SCTP_INP_INFO_WLOCK(); |
756 | 17.6k | SCTP_TCB_LOCK(stcb); |
757 | 17.6k | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
758 | 17.6k | } else { |
759 | 1.92k | return (0); |
760 | 1.92k | } |
761 | 17.6k | new_vtag = sctp_select_a_tag(stcb->sctp_ep, stcb->sctp_ep->sctp_lport, stcb->rport, 1); |
762 | 17.6k | if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) { |
763 | | /* generate a new vtag and send init */ |
764 | 17.4k | LIST_REMOVE(stcb, sctp_asocs); |
765 | 17.4k | stcb->asoc.my_vtag = new_vtag; |
766 | 17.4k | head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))]; |
767 | | /* put it in the bucket in the vtag hash of assoc's for the system */ |
768 | 17.4k | LIST_INSERT_HEAD(head, stcb, sctp_asocs); |
769 | 17.4k | SCTP_INP_INFO_WUNLOCK(); |
770 | 17.4k | sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); |
771 | 17.4k | return (1); |
772 | 17.4k | } else { |
773 | | /* treat like a case where the cookie expired i.e.: |
774 | | * - dump current cookie. |
775 | | * - generate a new vtag. |
776 | | * - resend init. |
777 | | */ |
778 | | /* generate a new vtag and send init */ |
779 | 185 | LIST_REMOVE(stcb, sctp_asocs); |
780 | 185 | SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_WAIT); |
781 | 185 | sctp_stop_all_cookie_timers(stcb); |
782 | 185 | sctp_toss_old_cookies(stcb, &stcb->asoc); |
783 | 185 | stcb->asoc.my_vtag = new_vtag; |
784 | 185 | head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))]; |
785 | | /* put it in the bucket in the vtag hash of assoc's for the system */ |
786 | 185 | LIST_INSERT_HEAD(head, stcb, sctp_asocs); |
787 | 185 | SCTP_INP_INFO_WUNLOCK(); |
788 | 185 | sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); |
789 | 185 | return (1); |
790 | 185 | } |
791 | 0 | return (0); |
792 | 17.6k | } |
793 | | |
794 | | static int |
795 | | sctp_handle_nat_missing_state(struct sctp_tcb *stcb, |
796 | | struct sctp_nets *net) |
797 | 583 | { |
798 | | /* return 0 means we want you to proceed with the abort |
799 | | * non-zero means no abort processing |
800 | | */ |
801 | 583 | if (stcb->asoc.auth_supported == 0) { |
802 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_nat_missing_state: Peer does not support AUTH, cannot send an asconf\n"); |
803 | 0 | return (0); |
804 | 0 | } |
805 | 583 | sctp_asconf_send_nat_state_update(stcb, net); |
806 | 583 | return (1); |
807 | 583 | } |
808 | | |
809 | | /* Returns 1 if the stcb was aborted, 0 otherwise */ |
810 | | static int |
811 | | sctp_handle_abort(struct sctp_abort_chunk *abort, |
812 | | struct sctp_tcb *stcb, struct sctp_nets *net) |
813 | 90 | { |
814 | | #if defined(__APPLE__) && !defined(__Userspace__) |
815 | | struct socket *so; |
816 | | #endif |
817 | 90 | uint16_t len; |
818 | 90 | uint16_t error; |
819 | | |
820 | 90 | SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_abort: handling ABORT\n"); |
821 | 90 | if (stcb == NULL) |
822 | 0 | return (0); |
823 | | |
824 | 90 | len = ntohs(abort->ch.chunk_length); |
825 | 90 | if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_error_cause)) { |
826 | | /* Need to check the cause codes for our |
827 | | * two magic nat aborts which don't kill the assoc |
828 | | * necessarily. |
829 | | */ |
830 | 63 | struct sctp_error_cause *cause; |
831 | | |
832 | 63 | cause = (struct sctp_error_cause *)(abort + 1); |
833 | 63 | error = ntohs(cause->code); |
834 | 63 | if (error == SCTP_CAUSE_NAT_COLLIDING_STATE) { |
835 | 7 | SCTPDBG(SCTP_DEBUG_INPUT2, "Received Colliding state, ABORT flags:%x\n", |
836 | 7 | abort->ch.chunk_flags); |
837 | 7 | if (sctp_handle_nat_colliding_state(stcb)) { |
838 | 6 | return (0); |
839 | 6 | } |
840 | 56 | } else if (error == SCTP_CAUSE_NAT_MISSING_STATE) { |
841 | 1 | SCTPDBG(SCTP_DEBUG_INPUT2, "Received missing state, ABORT flags:%x\n", |
842 | 1 | abort->ch.chunk_flags); |
843 | 1 | if (sctp_handle_nat_missing_state(stcb, net)) { |
844 | 1 | return (0); |
845 | 1 | } |
846 | 1 | } |
847 | 63 | } else { |
848 | 27 | error = 0; |
849 | 27 | } |
850 | | /* stop any receive timers */ |
851 | 83 | sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, |
852 | 83 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_7); |
853 | | /* notify user of the abort and clean up... */ |
854 | 83 | sctp_abort_notification(stcb, true, false, error, abort, SCTP_SO_NOT_LOCKED); |
855 | | /* free the tcb */ |
856 | 83 | SCTP_STAT_INCR_COUNTER32(sctps_aborted); |
857 | 83 | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || |
858 | 65 | (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { |
859 | 18 | SCTP_STAT_DECR_GAUGE32(sctps_currestab); |
860 | 18 | } |
861 | | #ifdef SCTP_ASOCLOG_OF_TSNS |
862 | | sctp_print_out_track_log(stcb); |
863 | | #endif |
864 | | #if defined(__APPLE__) && !defined(__Userspace__) |
865 | | so = SCTP_INP_SO(stcb->sctp_ep); |
866 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
867 | | SCTP_TCB_UNLOCK(stcb); |
868 | | SCTP_SOCKET_LOCK(so, 1); |
869 | | SCTP_TCB_LOCK(stcb); |
870 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
871 | | #endif |
872 | 83 | (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, |
873 | 83 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_8); |
874 | | #if defined(__APPLE__) && !defined(__Userspace__) |
875 | | SCTP_SOCKET_UNLOCK(so, 1); |
876 | | #endif |
877 | 83 | SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_abort: finished\n"); |
878 | 83 | return (1); |
879 | 90 | } |
880 | | |
881 | | static void |
882 | | sctp_start_net_timers(struct sctp_tcb *stcb) |
883 | 4.96k | { |
884 | 4.96k | uint32_t cnt_hb_sent; |
885 | 4.96k | struct sctp_nets *net; |
886 | | |
887 | 4.96k | cnt_hb_sent = 0; |
888 | 7.04k | TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { |
889 | | /* For each network start: |
890 | | * 1) A pmtu timer. |
891 | | * 2) A HB timer |
892 | | * 3) If the dest in unconfirmed send |
893 | | * a hb as well if under max_hb_burst have |
894 | | * been sent. |
895 | | */ |
896 | 7.04k | sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb, net); |
897 | 7.04k | sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net); |
898 | 7.04k | if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) && |
899 | 1.57k | (cnt_hb_sent < SCTP_BASE_SYSCTL(sctp_hb_maxburst))) { |
900 | 824 | sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED); |
901 | 824 | cnt_hb_sent++; |
902 | 824 | } |
903 | 7.04k | } |
904 | 4.96k | if (cnt_hb_sent) { |
905 | 355 | sctp_chunk_output(stcb->sctp_ep, stcb, |
906 | 355 | SCTP_OUTPUT_FROM_COOKIE_ACK, |
907 | 355 | SCTP_SO_NOT_LOCKED); |
908 | 355 | } |
909 | 4.96k | } |
910 | | |
911 | | static void |
912 | | sctp_check_data_from_peer(struct sctp_tcb *stcb, int *abort_flag) |
913 | 600 | { |
914 | 600 | char msg[SCTP_DIAG_INFO_LEN]; |
915 | 600 | struct sctp_association *asoc; |
916 | 600 | struct mbuf *op_err; |
917 | 600 | unsigned int i; |
918 | | |
919 | 600 | *abort_flag = 0; |
920 | 600 | asoc = &stcb->asoc; |
921 | 600 | if (SCTP_TSN_GT(asoc->highest_tsn_inside_map, asoc->cumulative_tsn) || |
922 | 600 | SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->cumulative_tsn)) { |
923 | 0 | SCTP_SNPRINTF(msg, sizeof(msg), "Missing TSN"); |
924 | 0 | *abort_flag = 1; |
925 | 0 | } |
926 | 600 | if (!*abort_flag) { |
927 | 154k | for (i = 0; i < asoc->streamincnt; i++) { |
928 | 154k | if (!TAILQ_EMPTY(&asoc->strmin[i].inqueue) || |
929 | 154k | !TAILQ_EMPTY(&asoc->strmin[i].uno_inqueue)) { |
930 | 0 | SCTP_SNPRINTF(msg, sizeof(msg), "Missing user data"); |
931 | 0 | *abort_flag = 1; |
932 | 0 | break; |
933 | 0 | } |
934 | 154k | } |
935 | 600 | } |
936 | 600 | if (*abort_flag) { |
937 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); |
938 | 0 | stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INPUT + SCTP_LOC_9; |
939 | 0 | sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, false, SCTP_SO_NOT_LOCKED); |
940 | 0 | } |
941 | 600 | } |
942 | | |
943 | | static void |
944 | | sctp_handle_shutdown(struct sctp_shutdown_chunk *cp, |
945 | | struct sctp_tcb *stcb, struct sctp_nets *net, int *abort_flag) |
946 | 5.34k | { |
947 | 5.34k | int some_on_streamwheel; |
948 | 5.34k | int old_state; |
949 | | #if defined(__APPLE__) && !defined(__Userspace__) |
950 | | struct socket *so; |
951 | | #endif |
952 | | |
953 | 5.34k | SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_handle_shutdown: handling SHUTDOWN\n"); |
954 | 5.34k | if (stcb == NULL) |
955 | 0 | return; |
956 | 5.34k | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || |
957 | 4.62k | (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { |
958 | 4.62k | return; |
959 | 4.62k | } |
960 | 723 | if (ntohs(cp->ch.chunk_length) != sizeof(struct sctp_shutdown_chunk)) { |
961 | | /* Shutdown NOT the expected size */ |
962 | 0 | return; |
963 | 0 | } |
964 | 723 | old_state = SCTP_GET_STATE(stcb); |
965 | 723 | sctp_update_acked(stcb, cp, abort_flag); |
966 | 723 | if (*abort_flag) { |
967 | 124 | return; |
968 | 124 | } |
969 | 599 | sctp_check_data_from_peer(stcb, abort_flag); |
970 | 599 | if (*abort_flag) { |
971 | 0 | return; |
972 | 0 | } |
973 | 599 | if (stcb->sctp_socket) { |
974 | 599 | if ((SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_RECEIVED) && |
975 | 382 | (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_ACK_SENT) && |
976 | 85 | (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT)) { |
977 | 85 | SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_RECEIVED); |
978 | | /* notify upper layer that peer has initiated a shutdown */ |
979 | 85 | sctp_ulp_notify(SCTP_NOTIFY_PEER_SHUTDOWN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
980 | | |
981 | | /* reset time */ |
982 | 85 | (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered); |
983 | 85 | } |
984 | 599 | } |
985 | 599 | if (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_SENT) { |
986 | | /* |
987 | | * stop the shutdown timer, since we WILL move to |
988 | | * SHUTDOWN-ACK-SENT. |
989 | | */ |
990 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, |
991 | 0 | net, SCTP_FROM_SCTP_INPUT + SCTP_LOC_9); |
992 | 0 | } |
993 | | /* Now is there unsent data on a stream somewhere? */ |
994 | 599 | some_on_streamwheel = sctp_is_there_unsent_data(stcb, SCTP_SO_NOT_LOCKED); |
995 | | |
996 | 599 | if (!TAILQ_EMPTY(&stcb->asoc.send_queue) || |
997 | 582 | !TAILQ_EMPTY(&stcb->asoc.sent_queue) || |
998 | 393 | some_on_streamwheel) { |
999 | | /* By returning we will push more data out */ |
1000 | 256 | return; |
1001 | 343 | } else { |
1002 | | /* no outstanding data to send, so move on... */ |
1003 | | /* send SHUTDOWN-ACK */ |
1004 | | /* move to SHUTDOWN-ACK-SENT state */ |
1005 | 343 | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || |
1006 | 343 | (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { |
1007 | 46 | SCTP_STAT_DECR_GAUGE32(sctps_currestab); |
1008 | 46 | } |
1009 | 343 | if (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_ACK_SENT) { |
1010 | 46 | SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_ACK_SENT); |
1011 | 46 | sctp_stop_timers_for_shutdown(stcb); |
1012 | 46 | sctp_send_shutdown_ack(stcb, net); |
1013 | 46 | sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, |
1014 | 46 | stcb->sctp_ep, stcb, net); |
1015 | 297 | } else if (old_state == SCTP_STATE_SHUTDOWN_ACK_SENT) { |
1016 | 297 | sctp_send_shutdown_ack(stcb, net); |
1017 | 297 | } |
1018 | 343 | } |
1019 | 599 | } |
1020 | | |
1021 | | static void |
1022 | | sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp SCTP_UNUSED, |
1023 | | struct sctp_tcb *stcb, |
1024 | | struct sctp_nets *net) |
1025 | 12 | { |
1026 | 12 | int abort_flag; |
1027 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1028 | | struct socket *so; |
1029 | | |
1030 | | so = SCTP_INP_SO(stcb->sctp_ep); |
1031 | | #endif |
1032 | 12 | SCTPDBG(SCTP_DEBUG_INPUT2, |
1033 | 12 | "sctp_handle_shutdown_ack: handling SHUTDOWN ACK\n"); |
1034 | 12 | if (stcb == NULL) { |
1035 | 0 | return; |
1036 | 0 | } |
1037 | | |
1038 | | /* process according to association state */ |
1039 | 12 | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || |
1040 | 7 | (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { |
1041 | | /* unexpected SHUTDOWN-ACK... do OOTB handling... */ |
1042 | 7 | sctp_send_shutdown_complete(stcb, net, 1); |
1043 | 7 | SCTP_TCB_UNLOCK(stcb); |
1044 | 7 | return; |
1045 | 7 | } |
1046 | 5 | if ((SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) && |
1047 | 5 | (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { |
1048 | | /* unexpected SHUTDOWN-ACK... so ignore... */ |
1049 | 4 | SCTP_TCB_UNLOCK(stcb); |
1050 | 4 | return; |
1051 | 4 | } |
1052 | 1 | sctp_check_data_from_peer(stcb, &abort_flag); |
1053 | 1 | if (abort_flag) { |
1054 | 0 | return; |
1055 | 0 | } |
1056 | 1 | #ifdef INVARIANTS |
1057 | 1 | if (!TAILQ_EMPTY(&stcb->asoc.send_queue) || |
1058 | 1 | !TAILQ_EMPTY(&stcb->asoc.sent_queue) || |
1059 | 1 | sctp_is_there_unsent_data(stcb, SCTP_SO_NOT_LOCKED)) { |
1060 | 0 | panic("Queues are not empty when handling SHUTDOWN-ACK"); |
1061 | 0 | } |
1062 | 1 | #endif |
1063 | | /* stop the timer */ |
1064 | 1 | sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb, net, |
1065 | 1 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_10); |
1066 | | /* send SHUTDOWN-COMPLETE */ |
1067 | 1 | sctp_send_shutdown_complete(stcb, net, 0); |
1068 | | /* notify upper layer protocol */ |
1069 | 1 | if (stcb->sctp_socket) { |
1070 | 1 | if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || |
1071 | 1 | (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { |
1072 | 1 | SCTP_SB_CLEAR(stcb->sctp_socket->so_snd); |
1073 | 1 | } |
1074 | 1 | sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
1075 | 1 | } |
1076 | 1 | SCTP_STAT_INCR_COUNTER32(sctps_shutdown); |
1077 | | /* free the TCB but first save off the ep */ |
1078 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1079 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
1080 | | SCTP_TCB_UNLOCK(stcb); |
1081 | | SCTP_SOCKET_LOCK(so, 1); |
1082 | | SCTP_TCB_LOCK(stcb); |
1083 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
1084 | | #endif |
1085 | 1 | (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, |
1086 | 1 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_11); |
1087 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1088 | | SCTP_SOCKET_UNLOCK(so, 1); |
1089 | | #endif |
1090 | 1 | } |
1091 | | |
1092 | | static void |
1093 | | sctp_process_unrecog_chunk(struct sctp_tcb *stcb, uint8_t chunk_type) |
1094 | 1.89k | { |
1095 | 1.89k | switch (chunk_type) { |
1096 | 88 | case SCTP_ASCONF_ACK: |
1097 | 192 | case SCTP_ASCONF: |
1098 | 192 | sctp_asconf_cleanup(stcb); |
1099 | 192 | break; |
1100 | 544 | case SCTP_IFORWARD_CUM_TSN: |
1101 | 1.09k | case SCTP_FORWARD_CUM_TSN: |
1102 | 1.09k | stcb->asoc.prsctp_supported = 0; |
1103 | 1.09k | break; |
1104 | 603 | default: |
1105 | 603 | SCTPDBG(SCTP_DEBUG_INPUT2, |
1106 | 603 | "Peer does not support chunk type %d (0x%x).\n", |
1107 | 603 | chunk_type, chunk_type); |
1108 | 603 | break; |
1109 | 1.89k | } |
1110 | 1.89k | } |
1111 | | |
1112 | | /* |
1113 | | * Skip past the param header and then we will find the param that caused the |
1114 | | * problem. There are a number of param's in a ASCONF OR the prsctp param |
1115 | | * these will turn of specific features. |
1116 | | * XXX: Is this the right thing to do? |
1117 | | */ |
1118 | | static void |
1119 | | sctp_process_unrecog_param(struct sctp_tcb *stcb, uint16_t parameter_type) |
1120 | 3.91k | { |
1121 | 3.91k | switch (parameter_type) { |
1122 | | /* pr-sctp draft */ |
1123 | 1.32k | case SCTP_PRSCTP_SUPPORTED: |
1124 | 1.32k | stcb->asoc.prsctp_supported = 0; |
1125 | 1.32k | break; |
1126 | 0 | case SCTP_SUPPORTED_CHUNK_EXT: |
1127 | 0 | break; |
1128 | | /* draft-ietf-tsvwg-addip-sctp */ |
1129 | 389 | case SCTP_HAS_NAT_SUPPORT: |
1130 | 389 | stcb->asoc.peer_supports_nat = 0; |
1131 | 389 | break; |
1132 | 522 | case SCTP_ADD_IP_ADDRESS: |
1133 | 823 | case SCTP_DEL_IP_ADDRESS: |
1134 | 961 | case SCTP_SET_PRIM_ADDR: |
1135 | 961 | stcb->asoc.asconf_supported = 0; |
1136 | 961 | break; |
1137 | 139 | case SCTP_SUCCESS_REPORT: |
1138 | 589 | case SCTP_ERROR_CAUSE_IND: |
1139 | 589 | SCTPDBG(SCTP_DEBUG_INPUT2, "Huh, the peer does not support success? or error cause?\n"); |
1140 | 589 | SCTPDBG(SCTP_DEBUG_INPUT2, |
1141 | 589 | "Turning off ASCONF to this strange peer\n"); |
1142 | 589 | stcb->asoc.asconf_supported = 0; |
1143 | 589 | break; |
1144 | 647 | default: |
1145 | 647 | SCTPDBG(SCTP_DEBUG_INPUT2, |
1146 | 647 | "Peer does not support param type %d (0x%x)??\n", |
1147 | 647 | parameter_type, parameter_type); |
1148 | 647 | break; |
1149 | 3.91k | } |
1150 | 3.91k | } |
1151 | | |
1152 | | static int |
1153 | | sctp_handle_error(struct sctp_chunkhdr *ch, |
1154 | | struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t limit) |
1155 | 513k | { |
1156 | 513k | struct sctp_error_cause *cause; |
1157 | 513k | struct sctp_association *asoc; |
1158 | 513k | uint32_t remaining_length, adjust; |
1159 | 513k | uint16_t code, cause_code, cause_length; |
1160 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1161 | | struct socket *so; |
1162 | | #endif |
1163 | | |
1164 | | /* parse through all of the errors and process */ |
1165 | 513k | asoc = &stcb->asoc; |
1166 | 513k | cause = (struct sctp_error_cause *)((caddr_t)ch + |
1167 | 513k | sizeof(struct sctp_chunkhdr)); |
1168 | 513k | remaining_length = ntohs(ch->chunk_length); |
1169 | 513k | if (remaining_length > limit) { |
1170 | 383 | remaining_length = limit; |
1171 | 383 | } |
1172 | 513k | if (remaining_length >= sizeof(struct sctp_chunkhdr)) { |
1173 | 513k | remaining_length -= sizeof(struct sctp_chunkhdr); |
1174 | 513k | } else { |
1175 | 0 | remaining_length = 0; |
1176 | 0 | } |
1177 | 513k | code = 0; |
1178 | 575k | while (remaining_length >= sizeof(struct sctp_error_cause)) { |
1179 | | /* Process an Error Cause */ |
1180 | 86.4k | cause_code = ntohs(cause->code); |
1181 | 86.4k | cause_length = ntohs(cause->length); |
1182 | 86.4k | if ((cause_length > remaining_length) || (cause_length == 0)) { |
1183 | | /* Invalid cause length, possibly due to truncation. */ |
1184 | 6.13k | SCTPDBG(SCTP_DEBUG_INPUT1, "Bogus length in cause - bytes left: %u cause length: %u\n", |
1185 | 6.13k | remaining_length, cause_length); |
1186 | 6.13k | return (0); |
1187 | 6.13k | } |
1188 | 80.3k | if (code == 0) { |
1189 | | /* report the first error cause */ |
1190 | 30.9k | code = cause_code; |
1191 | 30.9k | } |
1192 | 80.3k | switch (cause_code) { |
1193 | 18 | case SCTP_CAUSE_INVALID_STREAM: |
1194 | 19 | case SCTP_CAUSE_MISSING_PARAM: |
1195 | 27 | case SCTP_CAUSE_INVALID_PARAM: |
1196 | 33 | case SCTP_CAUSE_NO_USER_DATA: |
1197 | 33 | SCTPDBG(SCTP_DEBUG_INPUT1, "Software error we got a %u back? We have a bug :/ (or do they?)\n", |
1198 | 33 | cause_code); |
1199 | 33 | break; |
1200 | 19.5k | case SCTP_CAUSE_NAT_COLLIDING_STATE: |
1201 | 19.5k | SCTPDBG(SCTP_DEBUG_INPUT2, "Received Colliding state, ERROR flags: %x\n", |
1202 | 19.5k | ch->chunk_flags); |
1203 | 19.5k | if (sctp_handle_nat_colliding_state(stcb)) { |
1204 | 17.6k | return (0); |
1205 | 17.6k | } |
1206 | 1.92k | break; |
1207 | 1.92k | case SCTP_CAUSE_NAT_MISSING_STATE: |
1208 | 582 | SCTPDBG(SCTP_DEBUG_INPUT2, "Received missing state, ERROR flags: %x\n", |
1209 | 582 | ch->chunk_flags); |
1210 | 582 | if (sctp_handle_nat_missing_state(stcb, net)) { |
1211 | 582 | return (0); |
1212 | 582 | } |
1213 | 0 | break; |
1214 | 498 | case SCTP_CAUSE_STALE_COOKIE: |
1215 | | /* |
1216 | | * We only act if we have echoed a cookie and are |
1217 | | * waiting. |
1218 | | */ |
1219 | 498 | if ((cause_length >= sizeof(struct sctp_error_stale_cookie)) && |
1220 | 163 | (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { |
1221 | 66 | struct timeval now; |
1222 | 66 | struct sctp_error_stale_cookie *stale_cookie; |
1223 | 66 | uint64_t stale_time; |
1224 | | |
1225 | 66 | asoc->stale_cookie_count++; |
1226 | 66 | if (asoc->stale_cookie_count > asoc->max_init_times) { |
1227 | 0 | sctp_abort_notification(stcb, false, true, 0, NULL, SCTP_SO_NOT_LOCKED); |
1228 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1229 | | so = SCTP_INP_SO(stcb->sctp_ep); |
1230 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
1231 | | SCTP_TCB_UNLOCK(stcb); |
1232 | | SCTP_SOCKET_LOCK(so, 1); |
1233 | | SCTP_TCB_LOCK(stcb); |
1234 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
1235 | | #endif |
1236 | 0 | (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, |
1237 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_12); |
1238 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1239 | | SCTP_SOCKET_UNLOCK(so, 1); |
1240 | | #endif |
1241 | 0 | return (-1); |
1242 | 0 | } |
1243 | 66 | stale_cookie = (struct sctp_error_stale_cookie *)cause; |
1244 | 66 | stale_time = ntohl(stale_cookie->stale_time); |
1245 | 66 | if (stale_time == 0) { |
1246 | | /* Use an RTT as an approximation. */ |
1247 | 8 | (void)SCTP_GETTIME_TIMEVAL(&now); |
1248 | 8 | timevalsub(&now, &asoc->time_entered); |
1249 | 8 | stale_time = (uint64_t)1000000 * (uint64_t)now.tv_sec + (uint64_t)now.tv_usec; |
1250 | 8 | if (stale_time == 0) { |
1251 | 0 | stale_time = 1; |
1252 | 0 | } |
1253 | 8 | } |
1254 | | /* |
1255 | | * stale_time is in usec, convert it to msec. |
1256 | | * Round upwards, to ensure that it is non-zero. |
1257 | | */ |
1258 | 66 | stale_time = (stale_time + 999) / 1000; |
1259 | | /* Double it, to be more robust on RTX. */ |
1260 | 66 | stale_time = 2 * stale_time; |
1261 | 66 | asoc->cookie_preserve_req = (uint32_t)stale_time; |
1262 | 66 | if (asoc->overall_error_count == 0) { |
1263 | 66 | sctp_calculate_rto(stcb, asoc, net, &asoc->time_entered, |
1264 | 66 | SCTP_RTT_FROM_NON_DATA); |
1265 | 66 | } |
1266 | 66 | asoc->overall_error_count = 0; |
1267 | | /* Blast back to INIT state */ |
1268 | 66 | sctp_toss_old_cookies(stcb, &stcb->asoc); |
1269 | 66 | sctp_stop_all_cookie_timers(stcb); |
1270 | 66 | SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_WAIT); |
1271 | 66 | (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered); |
1272 | 66 | sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); |
1273 | 66 | } |
1274 | 498 | break; |
1275 | 498 | case SCTP_CAUSE_UNRESOLVABLE_ADDR: |
1276 | | /* |
1277 | | * Nothing we can do here, we don't do hostname |
1278 | | * addresses so if the peer does not like my IPv6 |
1279 | | * (or IPv4 for that matter) it does not matter. If |
1280 | | * they don't support that type of address, they can |
1281 | | * NOT possibly get that packet type... i.e. with no |
1282 | | * IPv6 you can't receive a IPv6 packet. so we can |
1283 | | * safely ignore this one. If we ever added support |
1284 | | * for HOSTNAME Addresses, then we would need to do |
1285 | | * something here. |
1286 | | */ |
1287 | 4 | break; |
1288 | 2.34k | case SCTP_CAUSE_UNRECOG_CHUNK: |
1289 | 2.34k | if (cause_length >= sizeof(struct sctp_error_unrecognized_chunk)) { |
1290 | 1.89k | struct sctp_error_unrecognized_chunk *unrec_chunk; |
1291 | | |
1292 | 1.89k | unrec_chunk = (struct sctp_error_unrecognized_chunk *)cause; |
1293 | 1.89k | sctp_process_unrecog_chunk(stcb, unrec_chunk->ch.chunk_type); |
1294 | 1.89k | } |
1295 | 2.34k | break; |
1296 | 4.52k | case SCTP_CAUSE_UNRECOG_PARAM: |
1297 | | /* XXX: We only consider the first parameter */ |
1298 | 4.52k | if (cause_length >= sizeof(struct sctp_error_cause) + sizeof(struct sctp_paramhdr)) { |
1299 | 3.91k | struct sctp_paramhdr *unrec_parameter; |
1300 | | |
1301 | 3.91k | unrec_parameter = (struct sctp_paramhdr *)(cause + 1); |
1302 | 3.91k | sctp_process_unrecog_param(stcb, ntohs(unrec_parameter->param_type)); |
1303 | 3.91k | } |
1304 | 4.52k | break; |
1305 | 5 | case SCTP_CAUSE_COOKIE_IN_SHUTDOWN: |
1306 | | /* |
1307 | | * We ignore this since the timer will drive out a |
1308 | | * new cookie anyway and there timer will drive us |
1309 | | * to send a SHUTDOWN_COMPLETE. We can't send one |
1310 | | * here since we don't have their tag. |
1311 | | */ |
1312 | 5 | break; |
1313 | 10 | case SCTP_CAUSE_DELETING_LAST_ADDR: |
1314 | 11 | case SCTP_CAUSE_RESOURCE_SHORTAGE: |
1315 | 11 | case SCTP_CAUSE_DELETING_SRC_ADDR: |
1316 | | /* |
1317 | | * We should NOT get these here, but in a |
1318 | | * ASCONF-ACK. |
1319 | | */ |
1320 | 11 | SCTPDBG(SCTP_DEBUG_INPUT2, "Peer sends ASCONF errors in a error cause with code %u.\n", |
1321 | 11 | cause_code); |
1322 | 11 | break; |
1323 | 12 | case SCTP_CAUSE_OUT_OF_RESC: |
1324 | | /* |
1325 | | * And what, pray tell do we do with the fact that |
1326 | | * the peer is out of resources? Not really sure we |
1327 | | * could do anything but abort. I suspect this |
1328 | | * should have came WITH an abort instead of in a |
1329 | | * OP-ERROR. |
1330 | | */ |
1331 | 12 | break; |
1332 | 52.7k | default: |
1333 | 52.7k | SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_handle_error: unknown code 0x%x\n", |
1334 | 52.7k | cause_code); |
1335 | 52.7k | break; |
1336 | 80.3k | } |
1337 | 62.0k | adjust = SCTP_SIZE32(cause_length); |
1338 | 62.0k | if (remaining_length >= adjust) { |
1339 | 61.6k | remaining_length -= adjust; |
1340 | 61.6k | } else { |
1341 | 468 | remaining_length = 0; |
1342 | 468 | } |
1343 | 62.0k | cause = (struct sctp_error_cause *)((caddr_t)cause + adjust); |
1344 | 62.0k | } |
1345 | 488k | sctp_ulp_notify(SCTP_NOTIFY_REMOTE_ERROR, stcb, code, ch, SCTP_SO_NOT_LOCKED); |
1346 | 488k | return (0); |
1347 | 513k | } |
1348 | | |
1349 | | static int |
1350 | | sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, |
1351 | | struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, |
1352 | | struct sctp_init_ack_chunk *cp, struct sctp_tcb *stcb, |
1353 | | struct sctp_nets *net, int *abort_no_unlock, |
1354 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1355 | | uint8_t mflowtype, uint32_t mflowid, |
1356 | | #endif |
1357 | | uint32_t vrf_id) |
1358 | 8.48k | { |
1359 | 8.48k | struct sctp_init_ack *init_ack; |
1360 | 8.48k | struct mbuf *op_err; |
1361 | | |
1362 | 8.48k | SCTPDBG(SCTP_DEBUG_INPUT2, |
1363 | 8.48k | "sctp_handle_init_ack: handling INIT-ACK\n"); |
1364 | | |
1365 | 8.48k | if (stcb == NULL) { |
1366 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, |
1367 | 0 | "sctp_handle_init_ack: TCB is null\n"); |
1368 | 0 | return (-1); |
1369 | 0 | } |
1370 | | /* Only process the INIT-ACK chunk in COOKIE WAIT state.*/ |
1371 | 8.48k | if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) { |
1372 | 8.48k | init_ack = &cp->init; |
1373 | | /* Validate parameters. */ |
1374 | 8.48k | if ((ntohl(init_ack->initiate_tag) == 0) || |
1375 | 8.48k | (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) || |
1376 | 8.47k | (ntohs(init_ack->num_inbound_streams) == 0) || |
1377 | 8.46k | (ntohs(init_ack->num_outbound_streams) == 0)) { |
1378 | | /* One of the mandatory parameters is illegal. */ |
1379 | 25 | op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); |
1380 | 25 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
1381 | 25 | src, dst, sh, op_err, |
1382 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1383 | | mflowtype, mflowid, |
1384 | | #endif |
1385 | 25 | vrf_id, net->port); |
1386 | 25 | *abort_no_unlock = 1; |
1387 | 25 | return (-1); |
1388 | 25 | } |
1389 | 8.45k | if (stcb->asoc.primary_destination->dest_state & |
1390 | 8.45k | SCTP_ADDR_UNCONFIRMED) { |
1391 | | /* |
1392 | | * The primary is where we sent the INIT, we can |
1393 | | * always consider it confirmed when the INIT-ACK is |
1394 | | * returned. Do this before we load addresses |
1395 | | * though. |
1396 | | */ |
1397 | 0 | stcb->asoc.primary_destination->dest_state &= |
1398 | 0 | ~SCTP_ADDR_UNCONFIRMED; |
1399 | 0 | sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, |
1400 | 0 | stcb, 0, (void *)stcb->asoc.primary_destination, SCTP_SO_NOT_LOCKED); |
1401 | 0 | } |
1402 | 8.45k | if (sctp_process_init_ack(m, iphlen, offset, src, dst, sh, cp, stcb, |
1403 | 8.45k | net, abort_no_unlock, |
1404 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1405 | | mflowtype, mflowid, |
1406 | | #endif |
1407 | 8.45k | vrf_id) < 0) { |
1408 | | /* error in parsing parameters */ |
1409 | 443 | return (-1); |
1410 | 443 | } |
1411 | | /* Update our state. */ |
1412 | 8.01k | SCTPDBG(SCTP_DEBUG_INPUT2, "moving to COOKIE-ECHOED state\n"); |
1413 | 8.01k | SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_ECHOED); |
1414 | | |
1415 | | /* Reset the RTO calculation. */ |
1416 | 8.01k | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) { |
1417 | 0 | sctp_misc_ints(SCTP_THRESHOLD_CLEAR, |
1418 | 0 | stcb->asoc.overall_error_count, |
1419 | 0 | 0, |
1420 | 0 | SCTP_FROM_SCTP_INPUT, |
1421 | 0 | __LINE__); |
1422 | 0 | } |
1423 | 8.01k | stcb->asoc.overall_error_count = 0; |
1424 | 8.01k | (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered); |
1425 | | /* |
1426 | | * Collapse the init timer back in case of a exponential |
1427 | | * backoff. |
1428 | | */ |
1429 | 8.01k | sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, stcb->sctp_ep, |
1430 | 8.01k | stcb, net); |
1431 | | /* |
1432 | | * The output routine at the end of the inbound data processing |
1433 | | * will cause the cookie to be sent. |
1434 | | */ |
1435 | 8.01k | SCTPDBG(SCTP_DEBUG_INPUT1, "Leaving handle-init-ack end\n"); |
1436 | 8.01k | return (0); |
1437 | 8.45k | } else { |
1438 | 1 | return (-1); |
1439 | 1 | } |
1440 | 8.48k | } |
1441 | | |
1442 | | static struct sctp_tcb * |
1443 | | sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, |
1444 | | struct sockaddr *src, struct sockaddr *dst, |
1445 | | struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len, |
1446 | | struct sctp_inpcb *inp, struct sctp_nets **netp, |
1447 | | struct sockaddr *init_src, int *notification, |
1448 | | int auth_skipped, uint32_t auth_offset, uint32_t auth_len, |
1449 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1450 | | uint8_t mflowtype, uint32_t mflowid, |
1451 | | #endif |
1452 | | uint32_t vrf_id, uint16_t port); |
1453 | | |
1454 | | /* |
1455 | | * handle a state cookie for an existing association m: input packet mbuf |
1456 | | * chain-- assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a |
1457 | | * "split" mbuf and the cookie signature does not exist offset: offset into |
1458 | | * mbuf to the cookie-echo chunk |
1459 | | */ |
1460 | | static struct sctp_tcb * |
1461 | | sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, |
1462 | | struct sockaddr *src, struct sockaddr *dst, |
1463 | | struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len, |
1464 | | struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets **netp, |
1465 | | struct sockaddr *init_src, int *notification, |
1466 | | int auth_skipped, uint32_t auth_offset, uint32_t auth_len, |
1467 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1468 | | uint8_t mflowtype, uint32_t mflowid, |
1469 | | #endif |
1470 | | uint32_t vrf_id, uint16_t port) |
1471 | 0 | { |
1472 | 0 | struct sctp_association *asoc; |
1473 | 0 | struct sctp_init_chunk *init_cp, init_buf; |
1474 | 0 | struct sctp_init_ack_chunk *initack_cp, initack_buf; |
1475 | 0 | struct sctp_asconf_addr *aparam, *naparam; |
1476 | 0 | struct sctp_asconf_ack *aack, *naack; |
1477 | 0 | struct sctp_tmit_chunk *chk, *nchk; |
1478 | 0 | struct sctp_stream_reset_list *strrst, *nstrrst; |
1479 | 0 | struct sctp_queued_to_read *sq, *nsq; |
1480 | 0 | struct sctp_nets *net; |
1481 | 0 | struct mbuf *op_err; |
1482 | 0 | int init_offset, initack_offset, i; |
1483 | 0 | int retval; |
1484 | 0 | int spec_flag = 0; |
1485 | 0 | uint32_t how_indx; |
1486 | | #if defined(SCTP_DETAILED_STR_STATS) |
1487 | | int j; |
1488 | | #endif |
1489 | |
|
1490 | 0 | net = *netp; |
1491 | | /* I know that the TCB is non-NULL from the caller */ |
1492 | 0 | asoc = &stcb->asoc; |
1493 | 0 | for (how_indx = 0; how_indx < sizeof(asoc->cookie_how); how_indx++) { |
1494 | 0 | if (asoc->cookie_how[how_indx] == 0) |
1495 | 0 | break; |
1496 | 0 | } |
1497 | 0 | if (how_indx < sizeof(asoc->cookie_how)) { |
1498 | 0 | asoc->cookie_how[how_indx] = 1; |
1499 | 0 | } |
1500 | 0 | if (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) { |
1501 | | /* SHUTDOWN came in after sending INIT-ACK */ |
1502 | 0 | sctp_send_shutdown_ack(stcb, stcb->asoc.primary_destination); |
1503 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_COOKIE_IN_SHUTDOWN, ""); |
1504 | 0 | sctp_send_operr_to(src, dst, sh, cookie->peers_vtag, op_err, |
1505 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1506 | | mflowtype, mflowid, inp->fibnum, |
1507 | | #endif |
1508 | 0 | vrf_id, net->port); |
1509 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1510 | 0 | asoc->cookie_how[how_indx] = 2; |
1511 | 0 | SCTP_TCB_UNLOCK(stcb); |
1512 | 0 | return (NULL); |
1513 | 0 | } |
1514 | | /* |
1515 | | * find and validate the INIT chunk in the cookie (peer's info) the |
1516 | | * INIT should start after the cookie-echo header struct (chunk |
1517 | | * header, state cookie header struct) |
1518 | | */ |
1519 | 0 | init_offset = offset += sizeof(struct sctp_cookie_echo_chunk); |
1520 | |
|
1521 | 0 | init_cp = (struct sctp_init_chunk *) |
1522 | 0 | sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk), |
1523 | 0 | (uint8_t *) & init_buf); |
1524 | 0 | if (init_cp == NULL) { |
1525 | | /* could not pull a INIT chunk in cookie */ |
1526 | 0 | SCTP_TCB_UNLOCK(stcb); |
1527 | 0 | return (NULL); |
1528 | 0 | } |
1529 | 0 | if (init_cp->ch.chunk_type != SCTP_INITIATION) { |
1530 | 0 | SCTP_TCB_UNLOCK(stcb); |
1531 | 0 | return (NULL); |
1532 | 0 | } |
1533 | | /* |
1534 | | * find and validate the INIT-ACK chunk in the cookie (my info) the |
1535 | | * INIT-ACK follows the INIT chunk |
1536 | | */ |
1537 | 0 | initack_offset = init_offset + SCTP_SIZE32(ntohs(init_cp->ch.chunk_length)); |
1538 | 0 | initack_cp = (struct sctp_init_ack_chunk *) |
1539 | 0 | sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk), |
1540 | 0 | (uint8_t *) & initack_buf); |
1541 | 0 | if (initack_cp == NULL) { |
1542 | | /* could not pull INIT-ACK chunk in cookie */ |
1543 | 0 | SCTP_TCB_UNLOCK(stcb); |
1544 | 0 | return (NULL); |
1545 | 0 | } |
1546 | 0 | if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) { |
1547 | 0 | SCTP_TCB_UNLOCK(stcb); |
1548 | 0 | return (NULL); |
1549 | 0 | } |
1550 | 0 | if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) && |
1551 | 0 | (ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag)) { |
1552 | | /* |
1553 | | * case D in Section 5.2.4 Table 2: MMAA process accordingly |
1554 | | * to get into the OPEN state |
1555 | | */ |
1556 | 0 | if (ntohl(initack_cp->init.initial_tsn) != asoc->init_seq_number) { |
1557 | | /*- |
1558 | | * Opps, this means that we somehow generated two vtag's |
1559 | | * the same. I.e. we did: |
1560 | | * Us Peer |
1561 | | * <---INIT(tag=a)------ |
1562 | | * ----INIT-ACK(tag=t)--> |
1563 | | * ----INIT(tag=t)------> *1 |
1564 | | * <---INIT-ACK(tag=a)--- |
1565 | | * <----CE(tag=t)------------- *2 |
1566 | | * |
1567 | | * At point *1 we should be generating a different |
1568 | | * tag t'. Which means we would throw away the CE and send |
1569 | | * ours instead. Basically this is case C (throw away side). |
1570 | | */ |
1571 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1572 | 0 | asoc->cookie_how[how_indx] = 17; |
1573 | 0 | SCTP_TCB_UNLOCK(stcb); |
1574 | 0 | return (NULL); |
1575 | 0 | } |
1576 | 0 | switch (SCTP_GET_STATE(stcb)) { |
1577 | 0 | case SCTP_STATE_COOKIE_WAIT: |
1578 | 0 | case SCTP_STATE_COOKIE_ECHOED: |
1579 | | /* |
1580 | | * INIT was sent but got a COOKIE_ECHO with the |
1581 | | * correct tags... just accept it...but we must |
1582 | | * process the init so that we can make sure we |
1583 | | * have the right seq no's. |
1584 | | */ |
1585 | | /* First we must process the INIT !! */ |
1586 | 0 | if (sctp_process_init(init_cp, stcb) < 0) { |
1587 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1588 | 0 | asoc->cookie_how[how_indx] = 3; |
1589 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
1590 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_process_init() failed\n"); |
1591 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
1592 | 0 | src, dst, sh, op_err, |
1593 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1594 | | mflowtype, mflowid, |
1595 | | #endif |
1596 | 0 | vrf_id, net->port); |
1597 | 0 | return (NULL); |
1598 | 0 | } |
1599 | | /* we have already processed the INIT so no problem */ |
1600 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, |
1601 | 0 | stcb, net, |
1602 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_13); |
1603 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_INIT, inp, |
1604 | 0 | stcb, net, |
1605 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_14); |
1606 | | /* update current state */ |
1607 | 0 | if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) |
1608 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_activeestab); |
1609 | 0 | else |
1610 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_collisionestab); |
1611 | |
|
1612 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_OPEN); |
1613 | 0 | SCTP_STAT_INCR_GAUGE32(sctps_currestab); |
1614 | 0 | sctp_stop_all_cookie_timers(stcb); |
1615 | 0 | if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || |
1616 | 0 | (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && |
1617 | 0 | (!SCTP_IS_LISTENING(inp))) { |
1618 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1619 | | struct socket *so; |
1620 | | #endif |
1621 | | /* |
1622 | | * Here is where collision would go if we |
1623 | | * did a connect() and instead got a |
1624 | | * init/init-ack/cookie done before the |
1625 | | * init-ack came back.. |
1626 | | */ |
1627 | 0 | sctp_pcb_add_flags(stcb->sctp_ep, SCTP_PCB_FLAGS_CONNECTED); |
1628 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1629 | | so = SCTP_INP_SO(stcb->sctp_ep); |
1630 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
1631 | | SCTP_TCB_UNLOCK(stcb); |
1632 | | SCTP_SOCKET_LOCK(so, 1); |
1633 | | SCTP_TCB_LOCK(stcb); |
1634 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
1635 | | if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { |
1636 | | SCTP_TCB_UNLOCK(stcb); |
1637 | | SCTP_SOCKET_UNLOCK(so, 1); |
1638 | | return (NULL); |
1639 | | } |
1640 | | #endif |
1641 | 0 | soisconnected(stcb->sctp_socket); |
1642 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1643 | | SCTP_SOCKET_UNLOCK(so, 1); |
1644 | | #endif |
1645 | 0 | } |
1646 | | /* notify upper layer */ |
1647 | 0 | *notification = SCTP_NOTIFY_ASSOC_UP; |
1648 | 0 | net->hb_responded = 1; |
1649 | 0 | if (stcb->asoc.sctp_autoclose_ticks && |
1650 | 0 | (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE))) { |
1651 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, |
1652 | 0 | inp, stcb, NULL); |
1653 | 0 | } |
1654 | 0 | break; |
1655 | 0 | default: |
1656 | | /* |
1657 | | * we're in the OPEN state (or beyond), so |
1658 | | * peer must have simply lost the COOKIE-ACK |
1659 | | */ |
1660 | 0 | break; |
1661 | 0 | } /* end switch */ |
1662 | 0 | sctp_stop_all_cookie_timers(stcb); |
1663 | 0 | if ((retval = sctp_load_addresses_from_init(stcb, m, |
1664 | 0 | init_offset + sizeof(struct sctp_init_chunk), |
1665 | 0 | initack_offset, src, dst, init_src, stcb->asoc.port)) < 0) { |
1666 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1667 | 0 | asoc->cookie_how[how_indx] = 4; |
1668 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
1669 | 0 | "Problem with address parameters"); |
1670 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, |
1671 | 0 | "Load addresses from INIT causes an abort %d\n", |
1672 | 0 | retval); |
1673 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
1674 | 0 | src, dst, sh, op_err, |
1675 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1676 | | mflowtype, mflowid, |
1677 | | #endif |
1678 | 0 | vrf_id, net->port); |
1679 | 0 | return (NULL); |
1680 | 0 | } |
1681 | | /* respond with a COOKIE-ACK */ |
1682 | 0 | sctp_toss_old_cookies(stcb, asoc); |
1683 | 0 | sctp_send_cookie_ack(stcb); |
1684 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1685 | 0 | asoc->cookie_how[how_indx] = 5; |
1686 | 0 | return (stcb); |
1687 | 0 | } |
1688 | | |
1689 | 0 | if (ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag && |
1690 | 0 | ntohl(init_cp->init.initiate_tag) == asoc->peer_vtag && |
1691 | 0 | cookie->tie_tag_my_vtag == 0 && |
1692 | 0 | cookie->tie_tag_peer_vtag == 0) { |
1693 | | /* |
1694 | | * case C in Section 5.2.4 Table 2: XMOO silently discard |
1695 | | */ |
1696 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1697 | 0 | asoc->cookie_how[how_indx] = 6; |
1698 | 0 | SCTP_TCB_UNLOCK(stcb); |
1699 | 0 | return (NULL); |
1700 | 0 | } |
1701 | | /* If nat support, and the below and stcb is established, |
1702 | | * send back a ABORT(colliding state) if we are established. |
1703 | | */ |
1704 | 0 | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) && |
1705 | 0 | (asoc->peer_supports_nat) && |
1706 | 0 | ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) && |
1707 | 0 | ((ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) || |
1708 | 0 | (asoc->peer_vtag == 0)))) { |
1709 | | /* Special case - Peer's support nat. We may have |
1710 | | * two init's that we gave out the same tag on since |
1711 | | * one was not established.. i.e. we get INIT from host-1 |
1712 | | * behind the nat and we respond tag-a, we get a INIT from |
1713 | | * host-2 behind the nat and we get tag-a again. Then we |
1714 | | * bring up host-1 (or 2's) assoc, Then comes the cookie |
1715 | | * from hsot-2 (or 1). Now we have colliding state. We must |
1716 | | * send an abort here with colliding state indication. |
1717 | | */ |
1718 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_NAT_COLLIDING_STATE, ""); |
1719 | 0 | sctp_send_abort(m, iphlen, src, dst, sh, 0, op_err, |
1720 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1721 | | mflowtype, mflowid, inp->fibnum, |
1722 | | #endif |
1723 | 0 | vrf_id, port); |
1724 | 0 | SCTP_TCB_UNLOCK(stcb); |
1725 | 0 | return (NULL); |
1726 | 0 | } |
1727 | 0 | if ((ntohl(initack_cp->init.initiate_tag) == asoc->my_vtag) && |
1728 | 0 | ((ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) || |
1729 | 0 | (asoc->peer_vtag == 0))) { |
1730 | | /* |
1731 | | * case B in Section 5.2.4 Table 2: MXAA or MOAA my info |
1732 | | * should be ok, re-accept peer info |
1733 | | */ |
1734 | 0 | if (ntohl(initack_cp->init.initial_tsn) != asoc->init_seq_number) { |
1735 | | /* Extension of case C. |
1736 | | * If we hit this, then the random number |
1737 | | * generator returned the same vtag when we |
1738 | | * first sent our INIT-ACK and when we later sent |
1739 | | * our INIT. The side with the seq numbers that are |
1740 | | * different will be the one that normally would |
1741 | | * have hit case C. This in effect "extends" our vtags |
1742 | | * in this collision case to be 64 bits. The same collision |
1743 | | * could occur aka you get both vtag and seq number the |
1744 | | * same twice in a row.. but is much less likely. If it |
1745 | | * did happen then we would proceed through and bring |
1746 | | * up the assoc.. we may end up with the wrong stream |
1747 | | * setup however.. which would be bad.. but there is |
1748 | | * no way to tell.. until we send on a stream that does |
1749 | | * not exist :-) |
1750 | | */ |
1751 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1752 | 0 | asoc->cookie_how[how_indx] = 7; |
1753 | |
|
1754 | 0 | SCTP_TCB_UNLOCK(stcb); |
1755 | 0 | return (NULL); |
1756 | 0 | } |
1757 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1758 | 0 | asoc->cookie_how[how_indx] = 8; |
1759 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net, |
1760 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_15); |
1761 | 0 | sctp_stop_all_cookie_timers(stcb); |
1762 | | /* |
1763 | | * since we did not send a HB make sure we don't double |
1764 | | * things |
1765 | | */ |
1766 | 0 | net->hb_responded = 1; |
1767 | 0 | if (stcb->asoc.sctp_autoclose_ticks && |
1768 | 0 | sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) { |
1769 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, |
1770 | 0 | NULL); |
1771 | 0 | } |
1772 | 0 | asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd); |
1773 | 0 | if (asoc->pre_open_streams < asoc->streamoutcnt) { |
1774 | 0 | asoc->pre_open_streams = asoc->streamoutcnt; |
1775 | 0 | } |
1776 | |
|
1777 | 0 | if (ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) { |
1778 | | /* Ok the peer probably discarded our |
1779 | | * data (if we echoed a cookie+data). So anything |
1780 | | * on the sent_queue should be marked for |
1781 | | * retransmit, we may not get something to |
1782 | | * kick us so it COULD still take a timeout |
1783 | | * to move these.. but it can't hurt to mark them. |
1784 | | */ |
1785 | |
|
1786 | 0 | TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { |
1787 | 0 | if (chk->sent < SCTP_DATAGRAM_RESEND) { |
1788 | 0 | chk->sent = SCTP_DATAGRAM_RESEND; |
1789 | 0 | sctp_flight_size_decrease(chk); |
1790 | 0 | sctp_total_flight_decrease(stcb, chk); |
1791 | 0 | sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt); |
1792 | 0 | spec_flag++; |
1793 | 0 | } |
1794 | 0 | } |
1795 | 0 | } |
1796 | | /* process the INIT info (peer's info) */ |
1797 | 0 | if (sctp_process_init(init_cp, stcb) < 0) { |
1798 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1799 | 0 | asoc->cookie_how[how_indx] = 9; |
1800 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
1801 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_process_init() failed\n"); |
1802 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
1803 | 0 | src, dst, sh, op_err, |
1804 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1805 | | mflowtype, mflowid, |
1806 | | #endif |
1807 | 0 | vrf_id, net->port); |
1808 | 0 | return (NULL); |
1809 | 0 | } |
1810 | 0 | if ((retval = sctp_load_addresses_from_init(stcb, m, |
1811 | 0 | init_offset + sizeof(struct sctp_init_chunk), |
1812 | 0 | initack_offset, src, dst, init_src, stcb->asoc.port)) < 0) { |
1813 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1814 | 0 | asoc->cookie_how[how_indx] = 10; |
1815 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
1816 | 0 | "Problem with address parameters"); |
1817 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, |
1818 | 0 | "Load addresses from INIT causes an abort %d\n", |
1819 | 0 | retval); |
1820 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
1821 | 0 | src, dst, sh, op_err, |
1822 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1823 | | mflowtype, mflowid, |
1824 | | #endif |
1825 | 0 | vrf_id, net->port); |
1826 | 0 | return (NULL); |
1827 | 0 | } |
1828 | 0 | if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) || |
1829 | 0 | (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { |
1830 | 0 | *notification = SCTP_NOTIFY_ASSOC_UP; |
1831 | |
|
1832 | 0 | if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || |
1833 | 0 | (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && |
1834 | 0 | (!SCTP_IS_LISTENING(inp))) { |
1835 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1836 | | struct socket *so; |
1837 | | #endif |
1838 | 0 | sctp_pcb_add_flags(stcb->sctp_ep, SCTP_PCB_FLAGS_CONNECTED); |
1839 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1840 | | so = SCTP_INP_SO(stcb->sctp_ep); |
1841 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
1842 | | SCTP_TCB_UNLOCK(stcb); |
1843 | | SCTP_SOCKET_LOCK(so, 1); |
1844 | | SCTP_TCB_LOCK(stcb); |
1845 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
1846 | | if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { |
1847 | | SCTP_TCB_UNLOCK(stcb); |
1848 | | SCTP_SOCKET_UNLOCK(so, 1); |
1849 | | return (NULL); |
1850 | | } |
1851 | | #endif |
1852 | 0 | soisconnected(stcb->sctp_socket); |
1853 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1854 | | SCTP_SOCKET_UNLOCK(so, 1); |
1855 | | #endif |
1856 | 0 | } |
1857 | 0 | if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) |
1858 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_activeestab); |
1859 | 0 | else |
1860 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_collisionestab); |
1861 | 0 | SCTP_STAT_INCR_GAUGE32(sctps_currestab); |
1862 | 0 | } else if (SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) { |
1863 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_restartestab); |
1864 | 0 | } else { |
1865 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_collisionestab); |
1866 | 0 | } |
1867 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_OPEN); |
1868 | 0 | sctp_stop_all_cookie_timers(stcb); |
1869 | 0 | sctp_toss_old_cookies(stcb, asoc); |
1870 | 0 | sctp_send_cookie_ack(stcb); |
1871 | 0 | if (spec_flag) { |
1872 | | /* only if we have retrans set do we do this. What |
1873 | | * this call does is get only the COOKIE-ACK out |
1874 | | * and then when we return the normal call to |
1875 | | * sctp_chunk_output will get the retrans out |
1876 | | * behind this. |
1877 | | */ |
1878 | 0 | sctp_chunk_output(inp,stcb, SCTP_OUTPUT_FROM_COOKIE_ACK, SCTP_SO_NOT_LOCKED); |
1879 | 0 | } |
1880 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1881 | 0 | asoc->cookie_how[how_indx] = 11; |
1882 | |
|
1883 | 0 | return (stcb); |
1884 | 0 | } |
1885 | 0 | if ((ntohl(initack_cp->init.initiate_tag) != asoc->my_vtag && |
1886 | 0 | ntohl(init_cp->init.initiate_tag) != asoc->peer_vtag) && |
1887 | 0 | cookie->tie_tag_my_vtag == asoc->my_vtag_nonce && |
1888 | 0 | cookie->tie_tag_peer_vtag == asoc->peer_vtag_nonce && |
1889 | 0 | cookie->tie_tag_peer_vtag != 0) { |
1890 | 0 | struct sctpasochead *head; |
1891 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1892 | | struct socket *so; |
1893 | | #endif |
1894 | |
|
1895 | 0 | if (asoc->peer_supports_nat) { |
1896 | 0 | struct sctp_tcb *local_stcb; |
1897 | | |
1898 | | /* This is a gross gross hack. |
1899 | | * Just call the cookie_new code since we |
1900 | | * are allowing a duplicate association. |
1901 | | * I hope this works... |
1902 | | */ |
1903 | 0 | local_stcb = sctp_process_cookie_new(m, iphlen, offset, src, dst, |
1904 | 0 | sh, cookie, cookie_len, |
1905 | 0 | inp, netp, init_src,notification, |
1906 | 0 | auth_skipped, auth_offset, auth_len, |
1907 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
1908 | | mflowtype, mflowid, |
1909 | | #endif |
1910 | 0 | vrf_id, port); |
1911 | 0 | if (local_stcb == NULL) { |
1912 | 0 | SCTP_TCB_UNLOCK(stcb); |
1913 | 0 | } |
1914 | 0 | return (local_stcb); |
1915 | 0 | } |
1916 | | /* |
1917 | | * case A in Section 5.2.4 Table 2: XXMM (peer restarted) |
1918 | | */ |
1919 | | /* temp code */ |
1920 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
1921 | 0 | asoc->cookie_how[how_indx] = 12; |
1922 | 0 | sctp_stop_association_timers(stcb, false); |
1923 | | /* notify upper layer */ |
1924 | 0 | *notification = SCTP_NOTIFY_ASSOC_RESTART; |
1925 | 0 | atomic_add_int(&stcb->asoc.refcnt, 1); |
1926 | 0 | if ((SCTP_GET_STATE(stcb) != SCTP_STATE_OPEN) && |
1927 | 0 | (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_RECEIVED) && |
1928 | 0 | (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT)) { |
1929 | 0 | SCTP_STAT_INCR_GAUGE32(sctps_currestab); |
1930 | 0 | } |
1931 | 0 | if (SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) { |
1932 | 0 | SCTP_STAT_INCR_GAUGE32(sctps_restartestab); |
1933 | 0 | } else if (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) { |
1934 | 0 | SCTP_STAT_INCR_GAUGE32(sctps_collisionestab); |
1935 | 0 | } |
1936 | 0 | if (asoc->state & SCTP_STATE_SHUTDOWN_PENDING) { |
1937 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_OPEN); |
1938 | |
|
1939 | 0 | } else if (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) { |
1940 | | /* move to OPEN state, if not in SHUTDOWN_SENT */ |
1941 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_OPEN); |
1942 | 0 | } |
1943 | 0 | if (asoc->pre_open_streams < asoc->streamoutcnt) { |
1944 | 0 | asoc->pre_open_streams = asoc->streamoutcnt; |
1945 | 0 | } |
1946 | 0 | asoc->init_seq_number = ntohl(initack_cp->init.initial_tsn); |
1947 | 0 | asoc->sending_seq = asoc->asconf_seq_out = asoc->str_reset_seq_out = asoc->init_seq_number; |
1948 | 0 | asoc->asconf_seq_out_acked = asoc->asconf_seq_out - 1; |
1949 | 0 | asoc->asconf_seq_in = asoc->last_acked_seq = asoc->init_seq_number - 1; |
1950 | 0 | asoc->str_reset_seq_in = asoc->init_seq_number; |
1951 | 0 | asoc->advanced_peer_ack_point = asoc->last_acked_seq; |
1952 | 0 | asoc->send_sack = 1; |
1953 | 0 | asoc->data_pkts_seen = 0; |
1954 | 0 | asoc->last_data_chunk_from = NULL; |
1955 | 0 | asoc->last_control_chunk_from = NULL; |
1956 | 0 | asoc->last_net_cmt_send_started = NULL; |
1957 | 0 | if (asoc->mapping_array) { |
1958 | 0 | memset(asoc->mapping_array, 0, |
1959 | 0 | asoc->mapping_array_size); |
1960 | 0 | } |
1961 | 0 | if (asoc->nr_mapping_array) { |
1962 | 0 | memset(asoc->nr_mapping_array, 0, |
1963 | 0 | asoc->mapping_array_size); |
1964 | 0 | } |
1965 | 0 | SCTP_TCB_UNLOCK(stcb); |
1966 | | #if defined(__APPLE__) && !defined(__Userspace__) |
1967 | | so = SCTP_INP_SO(stcb->sctp_ep); |
1968 | | SCTP_SOCKET_LOCK(so, 1); |
1969 | | #endif |
1970 | 0 | SCTP_INP_INFO_WLOCK(); |
1971 | 0 | SCTP_INP_WLOCK(stcb->sctp_ep); |
1972 | 0 | SCTP_TCB_LOCK(stcb); |
1973 | 0 | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
1974 | | /* send up all the data */ |
1975 | 0 | sctp_report_all_outbound(stcb, 0, SCTP_SO_LOCKED); |
1976 | 0 | for (i = 0; i < stcb->asoc.streamoutcnt; i++) { |
1977 | 0 | stcb->asoc.strmout[i].chunks_on_queues = 0; |
1978 | | #if defined(SCTP_DETAILED_STR_STATS) |
1979 | | for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) { |
1980 | | asoc->strmout[i].abandoned_sent[j] = 0; |
1981 | | asoc->strmout[i].abandoned_unsent[j] = 0; |
1982 | | } |
1983 | | #else |
1984 | 0 | asoc->strmout[i].abandoned_sent[0] = 0; |
1985 | 0 | asoc->strmout[i].abandoned_unsent[0] = 0; |
1986 | 0 | #endif |
1987 | 0 | stcb->asoc.strmout[i].next_mid_ordered = 0; |
1988 | 0 | stcb->asoc.strmout[i].next_mid_unordered = 0; |
1989 | 0 | stcb->asoc.strmout[i].sid = i; |
1990 | 0 | stcb->asoc.strmout[i].last_msg_incomplete = 0; |
1991 | 0 | } |
1992 | 0 | TAILQ_FOREACH_SAFE(strrst, &asoc->resetHead, next_resp, nstrrst) { |
1993 | 0 | TAILQ_REMOVE(&asoc->resetHead, strrst, next_resp); |
1994 | 0 | SCTP_FREE(strrst, SCTP_M_STRESET); |
1995 | 0 | } |
1996 | 0 | TAILQ_FOREACH_SAFE(sq, &asoc->pending_reply_queue, next, nsq) { |
1997 | 0 | TAILQ_REMOVE(&asoc->pending_reply_queue, sq, next); |
1998 | 0 | if (sq->data) { |
1999 | 0 | sctp_m_freem(sq->data); |
2000 | 0 | sq->data = NULL; |
2001 | 0 | } |
2002 | 0 | sctp_free_remote_addr(sq->whoFrom); |
2003 | 0 | sq->whoFrom = NULL; |
2004 | 0 | sq->stcb = NULL; |
2005 | 0 | sctp_free_a_readq(stcb, sq); |
2006 | 0 | } |
2007 | 0 | TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) { |
2008 | 0 | TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); |
2009 | 0 | if (chk->data) { |
2010 | 0 | sctp_m_freem(chk->data); |
2011 | 0 | chk->data = NULL; |
2012 | 0 | } |
2013 | 0 | if (chk->holds_key_ref) |
2014 | 0 | sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); |
2015 | 0 | sctp_free_remote_addr(chk->whoTo); |
2016 | 0 | SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); |
2017 | 0 | SCTP_DECR_CHK_COUNT(); |
2018 | 0 | } |
2019 | 0 | asoc->ctrl_queue_cnt = 0; |
2020 | 0 | asoc->str_reset = NULL; |
2021 | 0 | asoc->stream_reset_outstanding = 0; |
2022 | 0 | TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) { |
2023 | 0 | TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next); |
2024 | 0 | if (chk->data) { |
2025 | 0 | sctp_m_freem(chk->data); |
2026 | 0 | chk->data = NULL; |
2027 | 0 | } |
2028 | 0 | if (chk->holds_key_ref) |
2029 | 0 | sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); |
2030 | 0 | sctp_free_remote_addr(chk->whoTo); |
2031 | 0 | SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); |
2032 | 0 | SCTP_DECR_CHK_COUNT(); |
2033 | 0 | } |
2034 | 0 | TAILQ_FOREACH_SAFE(aparam, &asoc->asconf_queue, next, naparam) { |
2035 | 0 | TAILQ_REMOVE(&asoc->asconf_queue, aparam, next); |
2036 | 0 | SCTP_FREE(aparam,SCTP_M_ASC_ADDR); |
2037 | 0 | } |
2038 | 0 | TAILQ_FOREACH_SAFE(aack, &asoc->asconf_ack_sent, next, naack) { |
2039 | 0 | TAILQ_REMOVE(&asoc->asconf_ack_sent, aack, next); |
2040 | 0 | if (aack->data != NULL) { |
2041 | 0 | sctp_m_freem(aack->data); |
2042 | 0 | } |
2043 | 0 | SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asconf_ack), aack); |
2044 | 0 | } |
2045 | 0 | asoc->rcv_edmid = cookie->rcv_edmid; |
2046 | | |
2047 | | /* process the INIT-ACK info (my info) */ |
2048 | 0 | asoc->my_vtag = ntohl(initack_cp->init.initiate_tag); |
2049 | 0 | asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd); |
2050 | | |
2051 | | /* pull from vtag hash */ |
2052 | 0 | LIST_REMOVE(stcb, sctp_asocs); |
2053 | | /* re-insert to new vtag position */ |
2054 | 0 | head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, |
2055 | 0 | SCTP_BASE_INFO(hashasocmark))]; |
2056 | | /* |
2057 | | * put it in the bucket in the vtag hash of assoc's for the |
2058 | | * system |
2059 | | */ |
2060 | 0 | LIST_INSERT_HEAD(head, stcb, sctp_asocs); |
2061 | |
|
2062 | 0 | SCTP_INP_WUNLOCK(stcb->sctp_ep); |
2063 | 0 | SCTP_INP_INFO_WUNLOCK(); |
2064 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2065 | | SCTP_SOCKET_UNLOCK(so, 1); |
2066 | | #endif |
2067 | 0 | asoc->total_flight = 0; |
2068 | 0 | asoc->total_flight_count = 0; |
2069 | | /* process the INIT info (peer's info) */ |
2070 | 0 | if (sctp_process_init(init_cp, stcb) < 0) { |
2071 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
2072 | 0 | asoc->cookie_how[how_indx] = 13; |
2073 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
2074 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_process_init() failed\n"); |
2075 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
2076 | 0 | src, dst, sh, op_err, |
2077 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2078 | | mflowtype, mflowid, |
2079 | | #endif |
2080 | 0 | vrf_id, net->port); |
2081 | 0 | return (NULL); |
2082 | 0 | } |
2083 | | /* |
2084 | | * since we did not send a HB make sure we don't double |
2085 | | * things |
2086 | | */ |
2087 | 0 | net->hb_responded = 1; |
2088 | |
|
2089 | 0 | if ((retval = sctp_load_addresses_from_init(stcb, m, |
2090 | 0 | init_offset + sizeof(struct sctp_init_chunk), |
2091 | 0 | initack_offset, src, dst, init_src, stcb->asoc.port)) < 0) { |
2092 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
2093 | 0 | asoc->cookie_how[how_indx] = 14; |
2094 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
2095 | 0 | "Problem with address parameters"); |
2096 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, |
2097 | 0 | "Load addresses from INIT causes an abort %d\n", |
2098 | 0 | retval); |
2099 | 0 | sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, |
2100 | 0 | src, dst, sh, op_err, |
2101 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2102 | | mflowtype, mflowid, |
2103 | | #endif |
2104 | 0 | vrf_id, net->port); |
2105 | 0 | return (NULL); |
2106 | 0 | } |
2107 | | /* respond with a COOKIE-ACK */ |
2108 | 0 | sctp_send_cookie_ack(stcb); |
2109 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
2110 | 0 | asoc->cookie_how[how_indx] = 15; |
2111 | 0 | if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE) && |
2112 | 0 | (asoc->sctp_autoclose_ticks > 0)) { |
2113 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL); |
2114 | 0 | } |
2115 | 0 | return (stcb); |
2116 | 0 | } |
2117 | 0 | if (how_indx < sizeof(asoc->cookie_how)) |
2118 | 0 | asoc->cookie_how[how_indx] = 16; |
2119 | | /* all other cases... */ |
2120 | 0 | SCTP_TCB_UNLOCK(stcb); |
2121 | 0 | return (NULL); |
2122 | 0 | } |
2123 | | |
2124 | | /* |
2125 | | * handle a state cookie for a new association m: input packet mbuf chain-- |
2126 | | * assumes a pullup on IP/SCTP/COOKIE-ECHO chunk note: this is a "split" mbuf |
2127 | | * and the cookie signature does not exist offset: offset into mbuf to the |
2128 | | * cookie-echo chunk length: length of the cookie chunk to: where the init |
2129 | | * was from returns a new TCB |
2130 | | */ |
2131 | | static struct sctp_tcb * |
2132 | | sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, |
2133 | | struct sockaddr *src, struct sockaddr *dst, |
2134 | | struct sctphdr *sh, struct sctp_state_cookie *cookie, int cookie_len, |
2135 | | struct sctp_inpcb *inp, struct sctp_nets **netp, |
2136 | | struct sockaddr *init_src, int *notification, |
2137 | | int auth_skipped, uint32_t auth_offset, uint32_t auth_len, |
2138 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2139 | | uint8_t mflowtype, uint32_t mflowid, |
2140 | | #endif |
2141 | | uint32_t vrf_id, uint16_t port) |
2142 | 0 | { |
2143 | 0 | struct sctp_tcb *stcb; |
2144 | 0 | struct sctp_init_chunk *init_cp, init_buf; |
2145 | 0 | struct sctp_init_ack_chunk *initack_cp, initack_buf; |
2146 | 0 | union sctp_sockstore store; |
2147 | 0 | struct sctp_association *asoc; |
2148 | 0 | int init_offset, initack_offset, initack_limit; |
2149 | 0 | int error = 0; |
2150 | 0 | uint8_t auth_chunk_buf[SCTP_CHUNK_BUFFER_SIZE]; |
2151 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2152 | | struct socket *so; |
2153 | | |
2154 | | so = SCTP_INP_SO(inp); |
2155 | | #endif |
2156 | | |
2157 | | /* |
2158 | | * find and validate the INIT chunk in the cookie (peer's info) the |
2159 | | * INIT should start after the cookie-echo header struct (chunk |
2160 | | * header, state cookie header struct) |
2161 | | */ |
2162 | 0 | init_offset = offset + sizeof(struct sctp_cookie_echo_chunk); |
2163 | 0 | init_cp = (struct sctp_init_chunk *) |
2164 | 0 | sctp_m_getptr(m, init_offset, sizeof(struct sctp_init_chunk), |
2165 | 0 | (uint8_t *) & init_buf); |
2166 | 0 | if (init_cp == NULL) { |
2167 | | /* could not pull a INIT chunk in cookie */ |
2168 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, |
2169 | 0 | "process_cookie_new: could not pull INIT chunk hdr\n"); |
2170 | 0 | return (NULL); |
2171 | 0 | } |
2172 | 0 | if (init_cp->ch.chunk_type != SCTP_INITIATION) { |
2173 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "HUH? process_cookie_new: could not find INIT chunk!\n"); |
2174 | 0 | return (NULL); |
2175 | 0 | } |
2176 | 0 | initack_offset = init_offset + SCTP_SIZE32(ntohs(init_cp->ch.chunk_length)); |
2177 | | /* |
2178 | | * find and validate the INIT-ACK chunk in the cookie (my info) the |
2179 | | * INIT-ACK follows the INIT chunk |
2180 | | */ |
2181 | 0 | initack_cp = (struct sctp_init_ack_chunk *) |
2182 | 0 | sctp_m_getptr(m, initack_offset, sizeof(struct sctp_init_ack_chunk), |
2183 | 0 | (uint8_t *) & initack_buf); |
2184 | 0 | if (initack_cp == NULL) { |
2185 | | /* could not pull INIT-ACK chunk in cookie */ |
2186 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "process_cookie_new: could not pull INIT-ACK chunk hdr\n"); |
2187 | 0 | return (NULL); |
2188 | 0 | } |
2189 | 0 | if (initack_cp->ch.chunk_type != SCTP_INITIATION_ACK) { |
2190 | 0 | return (NULL); |
2191 | 0 | } |
2192 | | /* |
2193 | | * NOTE: We can't use the INIT_ACK's chk_length to determine the |
2194 | | * "initack_limit" value. This is because the chk_length field |
2195 | | * includes the length of the cookie, but the cookie is omitted when |
2196 | | * the INIT and INIT_ACK are tacked onto the cookie... |
2197 | | */ |
2198 | 0 | initack_limit = offset + cookie_len; |
2199 | | |
2200 | | /* |
2201 | | * now that we know the INIT/INIT-ACK are in place, create a new TCB |
2202 | | * and populate |
2203 | | */ |
2204 | | |
2205 | | /* |
2206 | | * Here we do a trick, we set in NULL for the proc/thread argument. We |
2207 | | * do this since in effect we only use the p argument when |
2208 | | * the socket is unbound and we must do an implicit bind. |
2209 | | * Since we are getting a cookie, we cannot be unbound. |
2210 | | */ |
2211 | 0 | stcb = sctp_aloc_assoc(inp, init_src, &error, |
2212 | 0 | ntohl(initack_cp->init.initiate_tag), |
2213 | 0 | ntohl(initack_cp->init.initial_tsn), vrf_id, |
2214 | 0 | ntohs(initack_cp->init.num_outbound_streams), |
2215 | 0 | port, |
2216 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2217 | | (struct thread *)NULL, |
2218 | | #elif defined(_WIN32) && !defined(__Userspace__) |
2219 | | (PKTHREAD)NULL, |
2220 | | #else |
2221 | 0 | (struct proc *)NULL, |
2222 | 0 | #endif |
2223 | 0 | SCTP_DONT_INITIALIZE_AUTH_PARAMS); |
2224 | 0 | if (stcb == NULL) { |
2225 | 0 | struct mbuf *op_err; |
2226 | | |
2227 | | /* memory problem? */ |
2228 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, |
2229 | 0 | "process_cookie_new: no room for another TCB!\n"); |
2230 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
2231 | 0 | sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen, |
2232 | 0 | src, dst, sh, op_err, |
2233 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2234 | | mflowtype, mflowid, |
2235 | | #endif |
2236 | 0 | vrf_id, port); |
2237 | 0 | return (NULL); |
2238 | 0 | } |
2239 | 0 | asoc = &stcb->asoc; |
2240 | | /* get scope variables out of cookie */ |
2241 | 0 | asoc->scope.ipv4_local_scope = cookie->ipv4_scope; |
2242 | 0 | asoc->scope.site_scope = cookie->site_scope; |
2243 | 0 | asoc->scope.local_scope = cookie->local_scope; |
2244 | 0 | asoc->scope.loopback_scope = cookie->loopback_scope; |
2245 | |
|
2246 | 0 | #if defined(__Userspace__) |
2247 | 0 | if ((asoc->scope.ipv4_addr_legal != cookie->ipv4_addr_legal) || |
2248 | 0 | (asoc->scope.ipv6_addr_legal != cookie->ipv6_addr_legal) || |
2249 | 0 | (asoc->scope.conn_addr_legal != cookie->conn_addr_legal)) { |
2250 | | #else |
2251 | | if ((asoc->scope.ipv4_addr_legal != cookie->ipv4_addr_legal) || |
2252 | | (asoc->scope.ipv6_addr_legal != cookie->ipv6_addr_legal)) { |
2253 | | #endif |
2254 | 0 | struct mbuf *op_err; |
2255 | | |
2256 | | /* |
2257 | | * Houston we have a problem. The EP changed while the |
2258 | | * cookie was in flight. Only recourse is to abort the |
2259 | | * association. |
2260 | | */ |
2261 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
2262 | 0 | sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen, |
2263 | 0 | src, dst, sh, op_err, |
2264 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2265 | | mflowtype, mflowid, |
2266 | | #endif |
2267 | 0 | vrf_id, port); |
2268 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2269 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
2270 | | SCTP_TCB_UNLOCK(stcb); |
2271 | | SCTP_SOCKET_LOCK(so, 1); |
2272 | | SCTP_TCB_LOCK(stcb); |
2273 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
2274 | | #endif |
2275 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
2276 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_18); |
2277 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2278 | | SCTP_SOCKET_UNLOCK(so, 1); |
2279 | | #endif |
2280 | 0 | return (NULL); |
2281 | 0 | } |
2282 | 0 | asoc->rcv_edmid = cookie->rcv_edmid; |
2283 | | /* process the INIT-ACK info (my info) */ |
2284 | 0 | asoc->my_rwnd = ntohl(initack_cp->init.a_rwnd); |
2285 | | |
2286 | | /* process the INIT info (peer's info) */ |
2287 | 0 | if (sctp_process_init(init_cp, stcb) < 0) { |
2288 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2289 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
2290 | | SCTP_TCB_UNLOCK(stcb); |
2291 | | SCTP_SOCKET_LOCK(so, 1); |
2292 | | SCTP_TCB_LOCK(stcb); |
2293 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
2294 | | #endif |
2295 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
2296 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_19); |
2297 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2298 | | SCTP_SOCKET_UNLOCK(so, 1); |
2299 | | #endif |
2300 | 0 | return (NULL); |
2301 | 0 | } |
2302 | | /* load all addresses */ |
2303 | 0 | if (sctp_load_addresses_from_init(stcb, m, |
2304 | 0 | init_offset + sizeof(struct sctp_init_chunk), |
2305 | 0 | initack_offset, src, dst, init_src, port) < 0) { |
2306 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2307 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
2308 | | SCTP_TCB_UNLOCK(stcb); |
2309 | | SCTP_SOCKET_LOCK(so, 1); |
2310 | | SCTP_TCB_LOCK(stcb); |
2311 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
2312 | | #endif |
2313 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
2314 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_20); |
2315 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2316 | | SCTP_SOCKET_UNLOCK(so, 1); |
2317 | | #endif |
2318 | 0 | return (NULL); |
2319 | 0 | } |
2320 | | /* |
2321 | | * verify any preceding AUTH chunk that was skipped |
2322 | | */ |
2323 | | /* pull the local authentication parameters from the cookie/init-ack */ |
2324 | 0 | sctp_auth_get_cookie_params(stcb, m, |
2325 | 0 | initack_offset + sizeof(struct sctp_init_ack_chunk), |
2326 | 0 | initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk))); |
2327 | 0 | if (auth_skipped) { |
2328 | 0 | struct sctp_auth_chunk *auth; |
2329 | |
|
2330 | 0 | if (auth_len <= SCTP_CHUNK_BUFFER_SIZE) { |
2331 | 0 | auth = (struct sctp_auth_chunk *)sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf); |
2332 | 0 | } else { |
2333 | 0 | auth = NULL; |
2334 | 0 | } |
2335 | 0 | if ((auth == NULL) || sctp_handle_auth(stcb, auth, m, auth_offset)) { |
2336 | | /* auth HMAC failed, dump the assoc and packet */ |
2337 | 0 | SCTPDBG(SCTP_DEBUG_AUTH1, |
2338 | 0 | "COOKIE-ECHO: AUTH failed\n"); |
2339 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2340 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
2341 | | SCTP_TCB_UNLOCK(stcb); |
2342 | | SCTP_SOCKET_LOCK(so, 1); |
2343 | | SCTP_TCB_LOCK(stcb); |
2344 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
2345 | | #endif |
2346 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
2347 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_21); |
2348 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2349 | | SCTP_SOCKET_UNLOCK(so, 1); |
2350 | | #endif |
2351 | 0 | return (NULL); |
2352 | 0 | } else { |
2353 | | /* remaining chunks checked... good to go */ |
2354 | 0 | stcb->asoc.authenticated = 1; |
2355 | 0 | } |
2356 | 0 | } |
2357 | | |
2358 | | /* |
2359 | | * if we're doing ASCONFs, check to see if we have any new local |
2360 | | * addresses that need to get added to the peer (eg. addresses |
2361 | | * changed while cookie echo in flight). This needs to be done |
2362 | | * after we go to the OPEN state to do the correct asconf |
2363 | | * processing. else, make sure we have the correct addresses in our |
2364 | | * lists |
2365 | | */ |
2366 | | |
2367 | | /* warning, we re-use sin, sin6, sa_store here! */ |
2368 | | /* pull in local_address (our "from" address) */ |
2369 | 0 | switch (cookie->laddr_type) { |
2370 | 0 | #ifdef INET |
2371 | 0 | case SCTP_IPV4_ADDRESS: |
2372 | | /* source addr is IPv4 */ |
2373 | 0 | memset(&store.sin, 0, sizeof(struct sockaddr_in)); |
2374 | 0 | store.sin.sin_family = AF_INET; |
2375 | | #ifdef HAVE_SIN_LEN |
2376 | | store.sin.sin_len = sizeof(struct sockaddr_in); |
2377 | | #endif |
2378 | 0 | store.sin.sin_addr.s_addr = cookie->laddress[0]; |
2379 | 0 | break; |
2380 | 0 | #endif |
2381 | 0 | #ifdef INET6 |
2382 | 0 | case SCTP_IPV6_ADDRESS: |
2383 | | /* source addr is IPv6 */ |
2384 | 0 | memset(&store.sin6, 0, sizeof(struct sockaddr_in6)); |
2385 | 0 | store.sin6.sin6_family = AF_INET6; |
2386 | | #ifdef HAVE_SIN6_LEN |
2387 | | store.sin6.sin6_len = sizeof(struct sockaddr_in6); |
2388 | | #endif |
2389 | 0 | store.sin6.sin6_scope_id = cookie->scope_id; |
2390 | 0 | memcpy(&store.sin6.sin6_addr, cookie->laddress, sizeof(struct in6_addr)); |
2391 | 0 | break; |
2392 | 0 | #endif |
2393 | 0 | #if defined(__Userspace__) |
2394 | 0 | case SCTP_CONN_ADDRESS: |
2395 | | /* source addr is conn */ |
2396 | 0 | memset(&store.sconn, 0, sizeof(struct sockaddr_conn)); |
2397 | 0 | store.sconn.sconn_family = AF_CONN; |
2398 | | #ifdef HAVE_SCONN_LEN |
2399 | | store.sconn.sconn_len = sizeof(struct sockaddr_conn); |
2400 | | #endif |
2401 | 0 | memcpy(&store.sconn.sconn_addr, cookie->laddress, sizeof(void *)); |
2402 | 0 | break; |
2403 | 0 | #endif |
2404 | 0 | default: |
2405 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2406 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
2407 | | SCTP_TCB_UNLOCK(stcb); |
2408 | | SCTP_SOCKET_LOCK(so, 1); |
2409 | | SCTP_TCB_LOCK(stcb); |
2410 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
2411 | | #endif |
2412 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
2413 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_22); |
2414 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2415 | | SCTP_SOCKET_UNLOCK(so, 1); |
2416 | | #endif |
2417 | 0 | return (NULL); |
2418 | 0 | } |
2419 | | |
2420 | | /* update current state */ |
2421 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "moving to OPEN state\n"); |
2422 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_OPEN); |
2423 | 0 | sctp_stop_all_cookie_timers(stcb); |
2424 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_passiveestab); |
2425 | 0 | SCTP_STAT_INCR_GAUGE32(sctps_currestab); |
2426 | | |
2427 | | /* set up to notify upper layer */ |
2428 | 0 | *notification = SCTP_NOTIFY_ASSOC_UP; |
2429 | 0 | if (((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || |
2430 | 0 | (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) && |
2431 | 0 | (!SCTP_IS_LISTENING(inp))) { |
2432 | | /* |
2433 | | * This is an endpoint that called connect() how it got a |
2434 | | * cookie that is NEW is a bit of a mystery. It must be that |
2435 | | * the INIT was sent, but before it got there.. a complete |
2436 | | * INIT/INIT-ACK/COOKIE arrived. But of course then it |
2437 | | * should have went to the other code.. not here.. oh well.. |
2438 | | * a bit of protection is worth having.. |
2439 | | * |
2440 | | * XXXMJ unlocked |
2441 | | */ |
2442 | 0 | sctp_pcb_add_flags(stcb->sctp_ep, SCTP_PCB_FLAGS_CONNECTED); |
2443 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2444 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
2445 | | SCTP_TCB_UNLOCK(stcb); |
2446 | | SCTP_SOCKET_LOCK(so, 1); |
2447 | | SCTP_TCB_LOCK(stcb); |
2448 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
2449 | | if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { |
2450 | | SCTP_SOCKET_UNLOCK(so, 1); |
2451 | | return (NULL); |
2452 | | } |
2453 | | #endif |
2454 | 0 | soisconnected(stcb->sctp_socket); |
2455 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2456 | | SCTP_SOCKET_UNLOCK(so, 1); |
2457 | | #endif |
2458 | 0 | } else if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && |
2459 | 0 | (SCTP_IS_LISTENING(inp))) { |
2460 | | /* |
2461 | | * We don't want to do anything with this one. Since it is |
2462 | | * the listening guy. The timer will get started for |
2463 | | * accepted connections in the caller. |
2464 | | */ |
2465 | 0 | ; |
2466 | 0 | } |
2467 | 0 | if (stcb->asoc.sctp_autoclose_ticks && |
2468 | 0 | sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) { |
2469 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL); |
2470 | 0 | } |
2471 | 0 | (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered); |
2472 | 0 | *netp = sctp_findnet(stcb, init_src); |
2473 | 0 | if (*netp != NULL) { |
2474 | | /* |
2475 | | * Since we did not send a HB, make sure we don't double |
2476 | | * things. |
2477 | | */ |
2478 | 0 | (*netp)->hb_responded = 1; |
2479 | 0 | } |
2480 | | /* respond with a COOKIE-ACK */ |
2481 | 0 | sctp_send_cookie_ack(stcb); |
2482 | | |
2483 | | /* |
2484 | | * check the address lists for any ASCONFs that need to be sent |
2485 | | * AFTER the cookie-ack is sent |
2486 | | */ |
2487 | 0 | sctp_check_address_list(stcb, m, |
2488 | 0 | initack_offset + sizeof(struct sctp_init_ack_chunk), |
2489 | 0 | initack_limit - (initack_offset + sizeof(struct sctp_init_ack_chunk)), |
2490 | 0 | &store.sa, cookie->local_scope, cookie->site_scope, |
2491 | 0 | cookie->ipv4_scope, cookie->loopback_scope); |
2492 | |
|
2493 | 0 | return (stcb); |
2494 | 0 | } |
2495 | | |
2496 | | /* |
2497 | | * CODE LIKE THIS NEEDS TO RUN IF the peer supports the NAT extension, i.e |
2498 | | * we NEED to make sure we are not already using the vtag. If so we |
2499 | | * need to send back an ABORT-TRY-AGAIN-WITH-NEW-TAG No middle box bit! |
2500 | | head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(tag, |
2501 | | SCTP_BASE_INFO(hashasocmark))]; |
2502 | | LIST_FOREACH(stcb, head, sctp_asocs) { |
2503 | | if ((stcb->asoc.my_vtag == tag) && (stcb->rport == rport) && (inp == stcb->sctp_ep)) { |
2504 | | -- SEND ABORT - TRY AGAIN -- |
2505 | | } |
2506 | | } |
2507 | | */ |
2508 | | |
2509 | | /* |
2510 | | * handles a COOKIE-ECHO message stcb: modified to either a new or left as |
2511 | | * existing (non-NULL) TCB |
2512 | | */ |
2513 | | static struct mbuf * |
2514 | | sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, |
2515 | | struct sockaddr *src, struct sockaddr *dst, |
2516 | | struct sctphdr *sh, struct sctp_cookie_echo_chunk *cp, |
2517 | | struct sctp_inpcb **inp_p, struct sctp_tcb **stcb, struct sctp_nets **netp, |
2518 | | int auth_skipped, uint32_t auth_offset, uint32_t auth_len, |
2519 | | struct sctp_tcb **locked_tcb, |
2520 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2521 | | uint8_t mflowtype, uint32_t mflowid, |
2522 | | #endif |
2523 | | uint32_t vrf_id, uint16_t port) |
2524 | 38 | { |
2525 | 38 | struct sctp_state_cookie *cookie; |
2526 | 38 | struct sctp_tcb *l_stcb = *stcb; |
2527 | 38 | struct sctp_inpcb *l_inp; |
2528 | 38 | struct sockaddr *to; |
2529 | 38 | struct sctp_pcb *ep; |
2530 | 38 | struct mbuf *m_sig; |
2531 | 38 | uint8_t calc_sig[SCTP_SIGNATURE_SIZE], tmp_sig[SCTP_SIGNATURE_SIZE]; |
2532 | 38 | uint8_t *sig; |
2533 | 38 | #if defined(__Userspace__) && defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) |
2534 | 38 | uint8_t cookie_ok = 1; |
2535 | | #else |
2536 | | uint8_t cookie_ok = 0; |
2537 | | #endif |
2538 | 38 | unsigned int sig_offset, cookie_offset; |
2539 | 38 | unsigned int cookie_len; |
2540 | 38 | struct timeval now; |
2541 | 38 | struct timeval time_entered, time_expires; |
2542 | 38 | int notification = 0; |
2543 | 38 | struct sctp_nets *netl; |
2544 | 38 | int had_a_existing_tcb = 0; |
2545 | 38 | int send_int_conf = 0; |
2546 | 38 | #ifdef INET |
2547 | 38 | struct sockaddr_in sin; |
2548 | 38 | #endif |
2549 | 38 | #ifdef INET6 |
2550 | 38 | struct sockaddr_in6 sin6; |
2551 | 38 | #endif |
2552 | 38 | #if defined(__Userspace__) |
2553 | 38 | struct sockaddr_conn sconn; |
2554 | 38 | #endif |
2555 | | |
2556 | 38 | SCTPDBG(SCTP_DEBUG_INPUT2, |
2557 | 38 | "sctp_handle_cookie: handling COOKIE-ECHO\n"); |
2558 | | |
2559 | 38 | if (inp_p == NULL) { |
2560 | 0 | return (NULL); |
2561 | 0 | } |
2562 | 38 | cookie = &cp->cookie; |
2563 | 38 | cookie_offset = offset + sizeof(struct sctp_chunkhdr); |
2564 | 38 | cookie_len = ntohs(cp->ch.chunk_length); |
2565 | | |
2566 | 38 | if (cookie_len < sizeof(struct sctp_cookie_echo_chunk) + |
2567 | 38 | sizeof(struct sctp_init_chunk) + |
2568 | 38 | sizeof(struct sctp_init_ack_chunk) + SCTP_SIGNATURE_SIZE) { |
2569 | | /* cookie too small */ |
2570 | 12 | return (NULL); |
2571 | 12 | } |
2572 | 26 | if ((cookie->peerport != sh->src_port) || |
2573 | 20 | (cookie->myport != sh->dest_port) || |
2574 | 26 | (cookie->my_vtag != sh->v_tag)) { |
2575 | | /* |
2576 | | * invalid ports or bad tag. Note that we always leave the |
2577 | | * v_tag in the header in network order and when we stored |
2578 | | * it in the my_vtag slot we also left it in network order. |
2579 | | * This maintains the match even though it may be in the |
2580 | | * opposite byte order of the machine :-> |
2581 | | */ |
2582 | 26 | return (NULL); |
2583 | 26 | } |
2584 | 0 | #if defined(__Userspace__) |
2585 | | /* |
2586 | | * Recover the AF_CONN addresses within the cookie. |
2587 | | * This needs to be done in the buffer provided for later processing |
2588 | | * of the cookie and in the mbuf chain for HMAC validation. |
2589 | | */ |
2590 | 0 | if ((cookie->addr_type == SCTP_CONN_ADDRESS) && (src->sa_family == AF_CONN)) { |
2591 | 0 | struct sockaddr_conn *sconnp = (struct sockaddr_conn *)src; |
2592 | |
|
2593 | 0 | memcpy(cookie->address, &sconnp->sconn_addr , sizeof(void *)); |
2594 | 0 | m_copyback(m, cookie_offset + offsetof(struct sctp_state_cookie, address), |
2595 | 0 | (int)sizeof(void *), (caddr_t)&sconnp->sconn_addr); |
2596 | 0 | } |
2597 | 0 | if ((cookie->laddr_type == SCTP_CONN_ADDRESS) && (dst->sa_family == AF_CONN)) { |
2598 | 0 | struct sockaddr_conn *sconnp = (struct sockaddr_conn *)dst; |
2599 | |
|
2600 | 0 | memcpy(cookie->laddress, &sconnp->sconn_addr , sizeof(void *)); |
2601 | 0 | m_copyback(m, cookie_offset + offsetof(struct sctp_state_cookie, laddress), |
2602 | 0 | (int)sizeof(void *), (caddr_t)&sconnp->sconn_addr); |
2603 | 0 | } |
2604 | 0 | #endif |
2605 | | /* |
2606 | | * split off the signature into its own mbuf (since it should not be |
2607 | | * calculated in the sctp_hmac_m() call). |
2608 | | */ |
2609 | 0 | sig_offset = offset + cookie_len - SCTP_SIGNATURE_SIZE; |
2610 | 0 | m_sig = m_split(m, sig_offset, M_NOWAIT); |
2611 | 0 | if (m_sig == NULL) { |
2612 | | /* out of memory or ?? */ |
2613 | 0 | return (NULL); |
2614 | 0 | } |
2615 | | #ifdef SCTP_MBUF_LOGGING |
2616 | | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { |
2617 | | sctp_log_mbc(m_sig, SCTP_MBUF_SPLIT); |
2618 | | } |
2619 | | #endif |
2620 | | |
2621 | | /* |
2622 | | * compute the signature/digest for the cookie |
2623 | | */ |
2624 | 0 | if (l_stcb != NULL) { |
2625 | 0 | atomic_add_int(&l_stcb->asoc.refcnt, 1); |
2626 | 0 | SCTP_TCB_UNLOCK(l_stcb); |
2627 | 0 | } |
2628 | 0 | l_inp = *inp_p; |
2629 | 0 | SCTP_INP_RLOCK(l_inp); |
2630 | 0 | if (l_stcb != NULL) { |
2631 | 0 | SCTP_TCB_LOCK(l_stcb); |
2632 | 0 | atomic_subtract_int(&l_stcb->asoc.refcnt, 1); |
2633 | 0 | } |
2634 | 0 | if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { |
2635 | 0 | SCTP_INP_RUNLOCK(l_inp); |
2636 | 0 | sctp_m_freem(m_sig); |
2637 | 0 | return (NULL); |
2638 | 0 | } |
2639 | 0 | ep = &(*inp_p)->sctp_ep; |
2640 | | /* which cookie is it? */ |
2641 | 0 | if ((cookie->time_entered.tv_sec < ep->time_of_secret_change) && |
2642 | 0 | (ep->current_secret_number != ep->last_secret_number)) { |
2643 | | /* it's the old cookie */ |
2644 | 0 | (void)sctp_hmac_m(SCTP_HMAC, |
2645 | 0 | (uint8_t *)ep->secret_key[(int)ep->last_secret_number], |
2646 | 0 | SCTP_SECRET_SIZE, m, cookie_offset, calc_sig, 0); |
2647 | 0 | } else { |
2648 | | /* it's the current cookie */ |
2649 | 0 | (void)sctp_hmac_m(SCTP_HMAC, |
2650 | 0 | (uint8_t *)ep->secret_key[(int)ep->current_secret_number], |
2651 | 0 | SCTP_SECRET_SIZE, m, cookie_offset, calc_sig, 0); |
2652 | 0 | } |
2653 | | /* get the signature */ |
2654 | 0 | SCTP_INP_RUNLOCK(l_inp); |
2655 | 0 | sig = (uint8_t *) sctp_m_getptr(m_sig, 0, SCTP_SIGNATURE_SIZE, (uint8_t *) & tmp_sig); |
2656 | 0 | if (sig == NULL) { |
2657 | | /* couldn't find signature */ |
2658 | 0 | sctp_m_freem(m_sig); |
2659 | 0 | return (NULL); |
2660 | 0 | } |
2661 | | /* compare the received digest with the computed digest */ |
2662 | 0 | if (timingsafe_bcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) != 0) { |
2663 | | /* try the old cookie? */ |
2664 | 0 | if ((cookie->time_entered.tv_sec == ep->time_of_secret_change) && |
2665 | 0 | (ep->current_secret_number != ep->last_secret_number)) { |
2666 | | /* compute digest with old */ |
2667 | 0 | (void)sctp_hmac_m(SCTP_HMAC, |
2668 | 0 | (uint8_t *)ep->secret_key[(int)ep->last_secret_number], |
2669 | 0 | SCTP_SECRET_SIZE, m, cookie_offset, calc_sig, 0); |
2670 | | /* compare */ |
2671 | 0 | if (timingsafe_bcmp(calc_sig, sig, SCTP_SIGNATURE_SIZE) == 0) |
2672 | 0 | cookie_ok = 1; |
2673 | 0 | } |
2674 | 0 | } else { |
2675 | 0 | cookie_ok = 1; |
2676 | 0 | } |
2677 | | |
2678 | | /* |
2679 | | * Now before we continue we must reconstruct our mbuf so that |
2680 | | * normal processing of any other chunks will work. |
2681 | | */ |
2682 | 0 | { |
2683 | 0 | struct mbuf *m_at; |
2684 | |
|
2685 | 0 | m_at = m; |
2686 | 0 | while (SCTP_BUF_NEXT(m_at) != NULL) { |
2687 | 0 | m_at = SCTP_BUF_NEXT(m_at); |
2688 | 0 | } |
2689 | 0 | SCTP_BUF_NEXT(m_at) = m_sig; |
2690 | 0 | } |
2691 | |
|
2692 | 0 | if (cookie_ok == 0) { |
2693 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "handle_cookie_echo: cookie signature validation failed!\n"); |
2694 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, |
2695 | 0 | "offset = %u, cookie_offset = %u, sig_offset = %u\n", |
2696 | 0 | (uint32_t) offset, cookie_offset, sig_offset); |
2697 | 0 | return (NULL); |
2698 | 0 | } |
2699 | | |
2700 | 0 | if (sctp_ticks_to_msecs(cookie->cookie_life) > SCTP_MAX_COOKIE_LIFE) { |
2701 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "handle_cookie_echo: Invalid cookie lifetime\n"); |
2702 | 0 | return (NULL); |
2703 | 0 | } |
2704 | 0 | time_entered.tv_sec = cookie->time_entered.tv_sec; |
2705 | 0 | time_entered.tv_usec = cookie->time_entered.tv_usec; |
2706 | 0 | if ((time_entered.tv_sec < 0) || |
2707 | 0 | (time_entered.tv_usec < 0) || |
2708 | 0 | (time_entered.tv_usec >= 1000000)) { |
2709 | | /* Invalid time stamp. Cookie must have been modified. */ |
2710 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "handle_cookie_echo: Invalid time stamp\n"); |
2711 | 0 | return (NULL); |
2712 | 0 | } |
2713 | 0 | (void)SCTP_GETTIME_TIMEVAL(&now); |
2714 | 0 | #if !(defined(__FreeBSD__) && !defined(__Userspace__)) |
2715 | 0 | if (timercmp(&now, &time_entered, <)) { |
2716 | | #else |
2717 | | if (timevalcmp(&now, &time_entered, <)) { |
2718 | | #endif |
2719 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, "handle_cookie_echo: cookie generated in the future!\n"); |
2720 | 0 | return (NULL); |
2721 | 0 | } |
2722 | | /* |
2723 | | * Check the cookie timestamps to be sure it's not stale. |
2724 | | * cookie_life is in ticks, so we convert to seconds. |
2725 | | */ |
2726 | 0 | time_expires.tv_sec = time_entered.tv_sec + sctp_ticks_to_secs(cookie->cookie_life); |
2727 | 0 | time_expires.tv_usec = time_entered.tv_usec; |
2728 | 0 | #if !(defined(__FreeBSD__) && !defined(__Userspace__)) |
2729 | 0 | if (timercmp(&now, &time_expires, >)) |
2730 | | #else |
2731 | | if (timevalcmp(&now, &time_expires, >)) |
2732 | | #endif |
2733 | 0 | { |
2734 | | /* cookie is stale! */ |
2735 | 0 | struct mbuf *op_err; |
2736 | 0 | struct sctp_error_stale_cookie *cause; |
2737 | 0 | struct timeval diff; |
2738 | 0 | uint32_t staleness; |
2739 | |
|
2740 | 0 | op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_error_stale_cookie), |
2741 | 0 | 0, M_NOWAIT, 1, MT_DATA); |
2742 | 0 | if (op_err == NULL) { |
2743 | | /* FOOBAR */ |
2744 | 0 | return (NULL); |
2745 | 0 | } |
2746 | | /* Set the len */ |
2747 | 0 | SCTP_BUF_LEN(op_err) = sizeof(struct sctp_error_stale_cookie); |
2748 | 0 | cause = mtod(op_err, struct sctp_error_stale_cookie *); |
2749 | 0 | cause->cause.code = htons(SCTP_CAUSE_STALE_COOKIE); |
2750 | 0 | cause->cause.length = htons(sizeof(struct sctp_error_stale_cookie)); |
2751 | 0 | #if !(defined(__FreeBSD__) && !defined(__Userspace__)) |
2752 | 0 | timersub(&now, &time_expires, &diff); |
2753 | | #else |
2754 | | diff = now; |
2755 | | timevalsub(&diff, &time_expires); |
2756 | | #endif |
2757 | 0 | if ((uint32_t)diff.tv_sec > UINT32_MAX / 1000000) { |
2758 | 0 | staleness = UINT32_MAX; |
2759 | 0 | } else { |
2760 | 0 | staleness = (uint32_t)diff.tv_sec * 1000000; |
2761 | 0 | } |
2762 | 0 | if (UINT32_MAX - staleness >= (uint32_t)diff.tv_usec) { |
2763 | 0 | staleness += (uint32_t)diff.tv_usec; |
2764 | 0 | } else { |
2765 | 0 | staleness = UINT32_MAX; |
2766 | 0 | } |
2767 | 0 | cause->stale_time = htonl(staleness); |
2768 | 0 | sctp_send_operr_to(src, dst, sh, cookie->peers_vtag, op_err, |
2769 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2770 | | mflowtype, mflowid, l_inp->fibnum, |
2771 | | #endif |
2772 | 0 | vrf_id, port); |
2773 | 0 | return (NULL); |
2774 | 0 | } |
2775 | | /* |
2776 | | * Now we must see with the lookup address if we have an existing |
2777 | | * asoc. This will only happen if we were in the COOKIE-WAIT state |
2778 | | * and a INIT collided with us and somewhere the peer sent the |
2779 | | * cookie on another address besides the single address our assoc |
2780 | | * had for him. In this case we will have one of the tie-tags set at |
2781 | | * least AND the address field in the cookie can be used to look it |
2782 | | * up. |
2783 | | */ |
2784 | 0 | to = NULL; |
2785 | 0 | switch (cookie->addr_type) { |
2786 | 0 | #ifdef INET6 |
2787 | 0 | case SCTP_IPV6_ADDRESS: |
2788 | 0 | memset(&sin6, 0, sizeof(sin6)); |
2789 | 0 | sin6.sin6_family = AF_INET6; |
2790 | | #ifdef HAVE_SIN6_LEN |
2791 | | sin6.sin6_len = sizeof(sin6); |
2792 | | #endif |
2793 | 0 | sin6.sin6_port = sh->src_port; |
2794 | 0 | sin6.sin6_scope_id = cookie->scope_id; |
2795 | 0 | memcpy(&sin6.sin6_addr.s6_addr, cookie->address, |
2796 | 0 | sizeof(sin6.sin6_addr.s6_addr)); |
2797 | 0 | to = (struct sockaddr *)&sin6; |
2798 | 0 | break; |
2799 | 0 | #endif |
2800 | 0 | #ifdef INET |
2801 | 0 | case SCTP_IPV4_ADDRESS: |
2802 | 0 | memset(&sin, 0, sizeof(sin)); |
2803 | 0 | sin.sin_family = AF_INET; |
2804 | | #ifdef HAVE_SIN_LEN |
2805 | | sin.sin_len = sizeof(sin); |
2806 | | #endif |
2807 | 0 | sin.sin_port = sh->src_port; |
2808 | 0 | sin.sin_addr.s_addr = cookie->address[0]; |
2809 | 0 | to = (struct sockaddr *)&sin; |
2810 | 0 | break; |
2811 | 0 | #endif |
2812 | 0 | #if defined(__Userspace__) |
2813 | 0 | case SCTP_CONN_ADDRESS: |
2814 | 0 | memset(&sconn, 0, sizeof(struct sockaddr_conn)); |
2815 | 0 | sconn.sconn_family = AF_CONN; |
2816 | | #ifdef HAVE_SCONN_LEN |
2817 | | sconn.sconn_len = sizeof(struct sockaddr_conn); |
2818 | | #endif |
2819 | 0 | sconn.sconn_port = sh->src_port; |
2820 | 0 | memcpy(&sconn.sconn_addr, cookie->address, sizeof(void *)); |
2821 | 0 | to = (struct sockaddr *)&sconn; |
2822 | 0 | break; |
2823 | 0 | #endif |
2824 | 0 | default: |
2825 | | /* This should not happen */ |
2826 | 0 | return (NULL); |
2827 | 0 | } |
2828 | 0 | if (*stcb == NULL) { |
2829 | | /* Yep, lets check */ |
2830 | 0 | *stcb = sctp_findassociation_ep_addr(inp_p, to, netp, dst, NULL); |
2831 | 0 | if (*stcb == NULL) { |
2832 | | /* |
2833 | | * We should have only got back the same inp. If we |
2834 | | * got back a different ep we have a problem. The |
2835 | | * original findep got back l_inp and now |
2836 | | */ |
2837 | 0 | if (l_inp != *inp_p) { |
2838 | 0 | SCTP_PRINTF("Bad problem find_ep got a diff inp then special_locate?\n"); |
2839 | 0 | } |
2840 | 0 | } else { |
2841 | 0 | if (*locked_tcb == NULL) { |
2842 | | /* In this case we found the assoc only |
2843 | | * after we locked the create lock. This means |
2844 | | * we are in a colliding case and we must make |
2845 | | * sure that we unlock the tcb if its one of the |
2846 | | * cases where we throw away the incoming packets. |
2847 | | */ |
2848 | 0 | *locked_tcb = *stcb; |
2849 | | |
2850 | | /* We must also increment the inp ref count |
2851 | | * since the ref_count flags was set when we |
2852 | | * did not find the TCB, now we found it which |
2853 | | * reduces the refcount.. we must raise it back |
2854 | | * out to balance it all :-) |
2855 | | */ |
2856 | 0 | SCTP_INP_INCR_REF((*stcb)->sctp_ep); |
2857 | 0 | if ((*stcb)->sctp_ep != l_inp) { |
2858 | 0 | SCTP_PRINTF("Huh? ep:%p diff then l_inp:%p?\n", |
2859 | 0 | (void *)(*stcb)->sctp_ep, (void *)l_inp); |
2860 | 0 | } |
2861 | 0 | } |
2862 | 0 | } |
2863 | 0 | } |
2864 | |
|
2865 | 0 | cookie_len -= SCTP_SIGNATURE_SIZE; |
2866 | 0 | if (*stcb == NULL) { |
2867 | | /* this is the "normal" case... get a new TCB */ |
2868 | 0 | *stcb = sctp_process_cookie_new(m, iphlen, offset, src, dst, sh, |
2869 | 0 | cookie, cookie_len, *inp_p, |
2870 | 0 | netp, to, ¬ification, |
2871 | 0 | auth_skipped, auth_offset, auth_len, |
2872 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2873 | | mflowtype, mflowid, |
2874 | | #endif |
2875 | 0 | vrf_id, port); |
2876 | 0 | } else { |
2877 | | /* this is abnormal... cookie-echo on existing TCB */ |
2878 | 0 | had_a_existing_tcb = 1; |
2879 | 0 | *stcb = sctp_process_cookie_existing(m, iphlen, offset, |
2880 | 0 | src, dst, sh, |
2881 | 0 | cookie, cookie_len, *inp_p, *stcb, netp, to, |
2882 | 0 | ¬ification, auth_skipped, auth_offset, auth_len, |
2883 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2884 | | mflowtype, mflowid, |
2885 | | #endif |
2886 | 0 | vrf_id, port); |
2887 | 0 | if (*stcb == NULL) { |
2888 | 0 | *locked_tcb = NULL; |
2889 | 0 | } |
2890 | 0 | } |
2891 | |
|
2892 | 0 | if (*stcb == NULL) { |
2893 | | /* still no TCB... must be bad cookie-echo */ |
2894 | 0 | return (NULL); |
2895 | 0 | } |
2896 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2897 | | if (*netp != NULL) { |
2898 | | (*netp)->flowtype = mflowtype; |
2899 | | (*netp)->flowid = mflowid; |
2900 | | } |
2901 | | #endif |
2902 | | /* |
2903 | | * Ok, we built an association so confirm the address we sent the |
2904 | | * INIT-ACK to. |
2905 | | */ |
2906 | 0 | netl = sctp_findnet(*stcb, to); |
2907 | | /* |
2908 | | * This code should in theory NOT run but |
2909 | | */ |
2910 | 0 | if (netl == NULL) { |
2911 | | /* TSNH! Huh, why do I need to add this address here? */ |
2912 | 0 | if (sctp_add_remote_addr(*stcb, to, NULL, port, |
2913 | 0 | SCTP_DONOT_SETSCOPE, SCTP_IN_COOKIE_PROC)) { |
2914 | 0 | return (NULL); |
2915 | 0 | } |
2916 | 0 | netl = sctp_findnet(*stcb, to); |
2917 | 0 | } |
2918 | 0 | if (netl) { |
2919 | 0 | if (netl->dest_state & SCTP_ADDR_UNCONFIRMED) { |
2920 | 0 | netl->dest_state &= ~SCTP_ADDR_UNCONFIRMED; |
2921 | 0 | (void)sctp_set_primary_addr((*stcb), (struct sockaddr *)NULL, |
2922 | 0 | netl); |
2923 | 0 | send_int_conf = 1; |
2924 | 0 | } |
2925 | 0 | } |
2926 | 0 | sctp_start_net_timers(*stcb); |
2927 | 0 | if ((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) { |
2928 | 0 | if (!had_a_existing_tcb || |
2929 | 0 | (((*inp_p)->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) == 0)) { |
2930 | | /* |
2931 | | * If we have a NEW cookie or the connect never |
2932 | | * reached the connected state during collision we |
2933 | | * must do the TCP accept thing. |
2934 | | */ |
2935 | 0 | struct socket *so, *oso; |
2936 | 0 | struct sctp_inpcb *inp; |
2937 | |
|
2938 | 0 | if (notification == SCTP_NOTIFY_ASSOC_RESTART) { |
2939 | | /* |
2940 | | * For a restart we will keep the same |
2941 | | * socket, no need to do anything. I THINK!! |
2942 | | */ |
2943 | 0 | sctp_ulp_notify(notification, *stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
2944 | 0 | if (send_int_conf) { |
2945 | 0 | sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, |
2946 | 0 | (*stcb), 0, (void *)netl, SCTP_SO_NOT_LOCKED); |
2947 | 0 | } |
2948 | 0 | return (m); |
2949 | 0 | } |
2950 | 0 | oso = (*inp_p)->sctp_socket; |
2951 | 0 | atomic_add_int(&(*stcb)->asoc.refcnt, 1); |
2952 | 0 | SCTP_TCB_UNLOCK((*stcb)); |
2953 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2954 | | CURVNET_SET(oso->so_vnet); |
2955 | | #endif |
2956 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2957 | | SCTP_SOCKET_LOCK(oso, 1); |
2958 | | #endif |
2959 | 0 | so = sonewconn(oso, 0 |
2960 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2961 | | ,NULL |
2962 | | #endif |
2963 | 0 | ); |
2964 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2965 | | SCTP_SOCKET_UNLOCK(oso, 1); |
2966 | | #endif |
2967 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2968 | | CURVNET_RESTORE(); |
2969 | | #endif |
2970 | 0 | SCTP_TCB_LOCK((*stcb)); |
2971 | 0 | atomic_subtract_int(&(*stcb)->asoc.refcnt, 1); |
2972 | |
|
2973 | 0 | if (so == NULL) { |
2974 | 0 | struct mbuf *op_err; |
2975 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2976 | | struct socket *pcb_so; |
2977 | | #endif |
2978 | | /* Too many sockets */ |
2979 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "process_cookie_new: no room for another socket!\n"); |
2980 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
2981 | 0 | sctp_abort_association(*inp_p, NULL, m, iphlen, |
2982 | 0 | src, dst, sh, op_err, |
2983 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
2984 | | mflowtype, mflowid, |
2985 | | #endif |
2986 | 0 | vrf_id, port); |
2987 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2988 | | pcb_so = SCTP_INP_SO(*inp_p); |
2989 | | atomic_add_int(&(*stcb)->asoc.refcnt, 1); |
2990 | | SCTP_TCB_UNLOCK((*stcb)); |
2991 | | SCTP_SOCKET_LOCK(pcb_so, 1); |
2992 | | SCTP_TCB_LOCK((*stcb)); |
2993 | | atomic_subtract_int(&(*stcb)->asoc.refcnt, 1); |
2994 | | #endif |
2995 | 0 | (void)sctp_free_assoc(*inp_p, *stcb, SCTP_NORMAL_PROC, |
2996 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_23); |
2997 | | #if defined(__APPLE__) && !defined(__Userspace__) |
2998 | | SCTP_SOCKET_UNLOCK(pcb_so, 1); |
2999 | | #endif |
3000 | 0 | return (NULL); |
3001 | 0 | } |
3002 | 0 | inp = (struct sctp_inpcb *)so->so_pcb; |
3003 | 0 | SCTP_INP_INCR_REF(inp); |
3004 | | /* |
3005 | | * We add the unbound flag here so that |
3006 | | * if we get an soabort() before we get the |
3007 | | * move_pcb done, we will properly cleanup. |
3008 | | */ |
3009 | 0 | inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE | |
3010 | 0 | SCTP_PCB_FLAGS_CONNECTED | |
3011 | 0 | SCTP_PCB_FLAGS_IN_TCPPOOL | |
3012 | 0 | SCTP_PCB_FLAGS_UNBOUND | |
3013 | 0 | (SCTP_PCB_COPY_FLAGS & (*inp_p)->sctp_flags) | |
3014 | 0 | SCTP_PCB_FLAGS_DONT_WAKE); |
3015 | 0 | inp->sctp_features = (*inp_p)->sctp_features; |
3016 | 0 | inp->sctp_mobility_features = (*inp_p)->sctp_mobility_features; |
3017 | 0 | inp->sctp_socket = so; |
3018 | 0 | inp->sctp_frag_point = (*inp_p)->sctp_frag_point; |
3019 | 0 | inp->max_cwnd = (*inp_p)->max_cwnd; |
3020 | 0 | inp->sctp_cmt_on_off = (*inp_p)->sctp_cmt_on_off; |
3021 | 0 | inp->ecn_supported = (*inp_p)->ecn_supported; |
3022 | 0 | inp->prsctp_supported = (*inp_p)->prsctp_supported; |
3023 | 0 | inp->auth_supported = (*inp_p)->auth_supported; |
3024 | 0 | inp->asconf_supported = (*inp_p)->asconf_supported; |
3025 | 0 | inp->reconfig_supported = (*inp_p)->reconfig_supported; |
3026 | 0 | inp->nrsack_supported = (*inp_p)->nrsack_supported; |
3027 | 0 | inp->pktdrop_supported = (*inp_p)->pktdrop_supported; |
3028 | 0 | inp->partial_delivery_point = (*inp_p)->partial_delivery_point; |
3029 | 0 | inp->sctp_context = (*inp_p)->sctp_context; |
3030 | 0 | inp->local_strreset_support = (*inp_p)->local_strreset_support; |
3031 | 0 | inp->fibnum = (*inp_p)->fibnum; |
3032 | 0 | #if defined(__Userspace__) |
3033 | 0 | inp->ulp_info = (*inp_p)->ulp_info; |
3034 | 0 | inp->recv_callback = (*inp_p)->recv_callback; |
3035 | 0 | inp->send_callback = (*inp_p)->send_callback; |
3036 | 0 | inp->send_sb_threshold = (*inp_p)->send_sb_threshold; |
3037 | 0 | #endif |
3038 | | /* |
3039 | | * copy in the authentication parameters from the |
3040 | | * original endpoint |
3041 | | */ |
3042 | 0 | if (inp->sctp_ep.local_hmacs) |
3043 | 0 | sctp_free_hmaclist(inp->sctp_ep.local_hmacs); |
3044 | 0 | inp->sctp_ep.local_hmacs = |
3045 | 0 | sctp_copy_hmaclist((*inp_p)->sctp_ep.local_hmacs); |
3046 | 0 | if (inp->sctp_ep.local_auth_chunks) |
3047 | 0 | sctp_free_chunklist(inp->sctp_ep.local_auth_chunks); |
3048 | 0 | inp->sctp_ep.local_auth_chunks = |
3049 | 0 | sctp_copy_chunklist((*inp_p)->sctp_ep.local_auth_chunks); |
3050 | | |
3051 | | /* |
3052 | | * Now we must move it from one hash table to |
3053 | | * another and get the tcb in the right place. |
3054 | | */ |
3055 | | |
3056 | | /* This is where the one-2-one socket is put into |
3057 | | * the accept state waiting for the accept! |
3058 | | */ |
3059 | 0 | if (*stcb) { |
3060 | 0 | SCTP_ADD_SUBSTATE(*stcb, SCTP_STATE_IN_ACCEPT_QUEUE); |
3061 | 0 | } |
3062 | 0 | sctp_move_pcb_and_assoc(*inp_p, inp, *stcb); |
3063 | |
|
3064 | 0 | atomic_add_int(&(*stcb)->asoc.refcnt, 1); |
3065 | 0 | SCTP_TCB_UNLOCK((*stcb)); |
3066 | | |
3067 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
3068 | | sctp_pull_off_control_to_new_inp((*inp_p), inp, *stcb, |
3069 | | 0); |
3070 | | #else |
3071 | 0 | sctp_pull_off_control_to_new_inp((*inp_p), inp, *stcb, M_NOWAIT); |
3072 | 0 | #endif |
3073 | 0 | SCTP_TCB_LOCK((*stcb)); |
3074 | 0 | atomic_subtract_int(&(*stcb)->asoc.refcnt, 1); |
3075 | | |
3076 | | /* now we must check to see if we were aborted while |
3077 | | * the move was going on and the lock/unlock happened. |
3078 | | */ |
3079 | 0 | if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { |
3080 | | /* yep it was, we leave the |
3081 | | * assoc attached to the socket since |
3082 | | * the sctp_inpcb_free() call will send |
3083 | | * an abort for us. |
3084 | | */ |
3085 | 0 | SCTP_INP_DECR_REF(inp); |
3086 | 0 | return (NULL); |
3087 | 0 | } |
3088 | 0 | SCTP_INP_DECR_REF(inp); |
3089 | | /* Switch over to the new guy */ |
3090 | 0 | *inp_p = inp; |
3091 | 0 | sctp_ulp_notify(notification, *stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
3092 | 0 | if (send_int_conf) { |
3093 | 0 | sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, |
3094 | 0 | (*stcb), 0, (void *)netl, SCTP_SO_NOT_LOCKED); |
3095 | 0 | } |
3096 | | |
3097 | | /* Pull it from the incomplete queue and wake the guy */ |
3098 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3099 | | atomic_add_int(&(*stcb)->asoc.refcnt, 1); |
3100 | | SCTP_TCB_UNLOCK((*stcb)); |
3101 | | SCTP_SOCKET_LOCK(so, 1); |
3102 | | #endif |
3103 | 0 | soisconnected(so); |
3104 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3105 | | SCTP_TCB_LOCK((*stcb)); |
3106 | | atomic_subtract_int(&(*stcb)->asoc.refcnt, 1); |
3107 | | SCTP_SOCKET_UNLOCK(so, 1); |
3108 | | #endif |
3109 | 0 | return (m); |
3110 | 0 | } |
3111 | 0 | } |
3112 | 0 | if (notification) { |
3113 | 0 | sctp_ulp_notify(notification, *stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
3114 | 0 | } |
3115 | 0 | if (send_int_conf) { |
3116 | 0 | sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_CONFIRMED, |
3117 | 0 | (*stcb), 0, (void *)netl, SCTP_SO_NOT_LOCKED); |
3118 | 0 | } |
3119 | 0 | return (m); |
3120 | 0 | } |
3121 | | |
3122 | | static void |
3123 | | sctp_handle_cookie_ack(struct sctp_cookie_ack_chunk *cp SCTP_UNUSED, |
3124 | | struct sctp_tcb *stcb, struct sctp_nets *net) |
3125 | 35.5k | { |
3126 | | /* cp must not be used, others call this without a c-ack :-) */ |
3127 | 35.5k | struct sctp_association *asoc; |
3128 | 35.5k | struct sctp_tmit_chunk *chk; |
3129 | | |
3130 | 35.5k | SCTPDBG(SCTP_DEBUG_INPUT2, |
3131 | 35.5k | "sctp_handle_cookie_ack: handling COOKIE-ACK\n"); |
3132 | 35.5k | if ((stcb == NULL) || (net == NULL)) { |
3133 | 0 | return; |
3134 | 0 | } |
3135 | | |
3136 | 35.5k | asoc = &stcb->asoc; |
3137 | 35.5k | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) { |
3138 | 0 | sctp_misc_ints(SCTP_THRESHOLD_CLEAR, |
3139 | 0 | asoc->overall_error_count, |
3140 | 0 | 0, |
3141 | 0 | SCTP_FROM_SCTP_INPUT, |
3142 | 0 | __LINE__); |
3143 | 0 | } |
3144 | 35.5k | sctp_stop_all_cookie_timers(stcb); |
3145 | 35.5k | sctp_toss_old_cookies(stcb, asoc); |
3146 | | /* process according to association state */ |
3147 | 35.5k | if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) { |
3148 | | /* state change only needed when I am in right state */ |
3149 | 4.96k | SCTPDBG(SCTP_DEBUG_INPUT2, "moving to OPEN state\n"); |
3150 | 4.96k | SCTP_SET_STATE(stcb, SCTP_STATE_OPEN); |
3151 | 4.96k | sctp_start_net_timers(stcb); |
3152 | | /* update RTO */ |
3153 | 4.96k | SCTP_STAT_INCR_COUNTER32(sctps_activeestab); |
3154 | 4.96k | SCTP_STAT_INCR_GAUGE32(sctps_currestab); |
3155 | 4.96k | if (asoc->overall_error_count == 0) { |
3156 | 4.96k | sctp_calculate_rto(stcb, asoc, net, &asoc->time_entered, |
3157 | 4.96k | SCTP_RTT_FROM_NON_DATA); |
3158 | 4.96k | } |
3159 | | /* |
3160 | | * Since we did not send a HB make sure we don't double |
3161 | | * things. |
3162 | | */ |
3163 | 4.96k | asoc->overall_error_count = 0; |
3164 | 4.96k | net->hb_responded = 1; |
3165 | 4.96k | (void)SCTP_GETTIME_TIMEVAL(&asoc->time_entered); |
3166 | 4.96k | sctp_ulp_notify(SCTP_NOTIFY_ASSOC_UP, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
3167 | 4.96k | if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || |
3168 | 4.96k | (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { |
3169 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3170 | | struct socket *so; |
3171 | | |
3172 | | #endif |
3173 | 4.96k | sctp_pcb_add_flags(stcb->sctp_ep, SCTP_PCB_FLAGS_CONNECTED); |
3174 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3175 | | so = SCTP_INP_SO(stcb->sctp_ep); |
3176 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
3177 | | SCTP_TCB_UNLOCK(stcb); |
3178 | | SCTP_SOCKET_LOCK(so, 1); |
3179 | | SCTP_TCB_LOCK(stcb); |
3180 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
3181 | | #endif |
3182 | 4.96k | if ((stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) == 0) { |
3183 | 4.96k | soisconnected(stcb->sctp_socket); |
3184 | 4.96k | } |
3185 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3186 | | SCTP_SOCKET_UNLOCK(so, 1); |
3187 | | #endif |
3188 | 4.96k | } |
3189 | | |
3190 | 4.96k | if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) && |
3191 | 4.96k | TAILQ_EMPTY(&asoc->send_queue) && |
3192 | 4.96k | TAILQ_EMPTY(&asoc->sent_queue) && |
3193 | 0 | (asoc->stream_queue_cnt == 0)) { |
3194 | 0 | SCTP_STAT_DECR_GAUGE32(sctps_currestab); |
3195 | 0 | SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_SENT); |
3196 | 0 | sctp_stop_timers_for_shutdown(stcb); |
3197 | 0 | sctp_send_shutdown(stcb, net); |
3198 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, |
3199 | 0 | stcb->sctp_ep, stcb, net); |
3200 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, |
3201 | 0 | stcb->sctp_ep, stcb, NULL); |
3202 | 0 | sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_LOCKED); |
3203 | 0 | } |
3204 | | |
3205 | 4.96k | if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { |
3206 | | /* We don't need to do the asconf thing, |
3207 | | * nor hb or autoclose if the socket is closed. |
3208 | | */ |
3209 | 0 | goto closed_socket; |
3210 | 0 | } |
3211 | | |
3212 | 4.96k | sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, |
3213 | 4.96k | stcb, net); |
3214 | | |
3215 | 4.96k | if (stcb->asoc.sctp_autoclose_ticks && |
3216 | 0 | sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTOCLOSE)) { |
3217 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, |
3218 | 0 | stcb->sctp_ep, stcb, NULL); |
3219 | 0 | } |
3220 | | /* |
3221 | | * send ASCONF if parameters are pending and ASCONFs are |
3222 | | * allowed (eg. addresses changed when init/cookie echo were |
3223 | | * in flight) |
3224 | | */ |
3225 | 4.96k | if ((sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_DO_ASCONF)) && |
3226 | 4.96k | (stcb->asoc.asconf_supported == 1) && |
3227 | 4.94k | (!TAILQ_EMPTY(&stcb->asoc.asconf_queue))) { |
3228 | | #ifdef SCTP_TIMER_BASED_ASCONF |
3229 | | sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, |
3230 | | stcb->sctp_ep, stcb, |
3231 | | stcb->asoc.primary_destination); |
3232 | | #else |
3233 | 0 | sctp_send_asconf(stcb, stcb->asoc.primary_destination, |
3234 | 0 | SCTP_ADDR_NOT_LOCKED); |
3235 | 0 | #endif |
3236 | 0 | } |
3237 | 4.96k | } |
3238 | 35.5k | closed_socket: |
3239 | | /* Restart the timer if we have pending data */ |
3240 | 35.5k | TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) { |
3241 | 3.92k | if (chk->whoTo != NULL) { |
3242 | 3.92k | break; |
3243 | 3.92k | } |
3244 | 3.92k | } |
3245 | 35.5k | if (chk != NULL) { |
3246 | 3.92k | sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, chk->whoTo); |
3247 | 3.92k | } |
3248 | 35.5k | } |
3249 | | |
3250 | | static void |
3251 | | sctp_handle_ecn_echo(struct sctp_ecne_chunk *cp, |
3252 | | struct sctp_tcb *stcb) |
3253 | 6.15k | { |
3254 | 6.15k | struct sctp_nets *net; |
3255 | 6.15k | struct sctp_tmit_chunk *lchk; |
3256 | 6.15k | struct sctp_ecne_chunk bkup; |
3257 | 6.15k | uint8_t override_bit; |
3258 | 6.15k | uint32_t tsn, window_data_tsn; |
3259 | 6.15k | int len; |
3260 | 6.15k | unsigned int pkt_cnt; |
3261 | | |
3262 | 6.15k | len = ntohs(cp->ch.chunk_length); |
3263 | 6.15k | if (len == sizeof(struct old_sctp_ecne_chunk)) { |
3264 | | /* Its the old format */ |
3265 | 5.35k | memcpy(&bkup, cp, sizeof(struct old_sctp_ecne_chunk)); |
3266 | 5.35k | bkup.num_pkts_since_cwr = htonl(1); |
3267 | 5.35k | cp = &bkup; |
3268 | 5.35k | } |
3269 | 6.15k | SCTP_STAT_INCR(sctps_recvecne); |
3270 | 6.15k | tsn = ntohl(cp->tsn); |
3271 | 6.15k | pkt_cnt = ntohl(cp->num_pkts_since_cwr); |
3272 | 6.15k | lchk = TAILQ_LAST(&stcb->asoc.send_queue, sctpchunk_listhead); |
3273 | 6.15k | if (lchk == NULL) { |
3274 | 5.86k | window_data_tsn = stcb->asoc.sending_seq - 1; |
3275 | 5.86k | } else { |
3276 | 291 | window_data_tsn = lchk->rec.data.tsn; |
3277 | 291 | } |
3278 | | |
3279 | | /* Find where it was sent to if possible. */ |
3280 | 6.15k | net = NULL; |
3281 | 6.15k | TAILQ_FOREACH(lchk, &stcb->asoc.sent_queue, sctp_next) { |
3282 | 3.72k | if (lchk->rec.data.tsn == tsn) { |
3283 | 0 | net = lchk->whoTo; |
3284 | 0 | net->ecn_prev_cwnd = lchk->rec.data.cwnd_at_send; |
3285 | 0 | break; |
3286 | 0 | } |
3287 | 3.72k | if (SCTP_TSN_GT(lchk->rec.data.tsn, tsn)) { |
3288 | 1.21k | break; |
3289 | 1.21k | } |
3290 | 3.72k | } |
3291 | 6.15k | if (net == NULL) { |
3292 | | /* |
3293 | | * What to do. A previous send of a |
3294 | | * CWR was possibly lost. See how old it is, we |
3295 | | * may have it marked on the actual net. |
3296 | | */ |
3297 | 9.98k | TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { |
3298 | 9.98k | if (tsn == net->last_cwr_tsn) { |
3299 | | /* Found him, send it off */ |
3300 | 0 | break; |
3301 | 0 | } |
3302 | 9.98k | } |
3303 | 6.15k | if (net == NULL) { |
3304 | | /* |
3305 | | * If we reach here, we need to send a special |
3306 | | * CWR that says hey, we did this a long time |
3307 | | * ago and you lost the response. |
3308 | | */ |
3309 | 6.15k | net = TAILQ_FIRST(&stcb->asoc.nets); |
3310 | 6.15k | if (net == NULL) { |
3311 | | /* TSNH */ |
3312 | 0 | return; |
3313 | 0 | } |
3314 | 6.15k | override_bit = SCTP_CWR_REDUCE_OVERRIDE; |
3315 | 6.15k | } else { |
3316 | 0 | override_bit = 0; |
3317 | 0 | } |
3318 | 6.15k | } else { |
3319 | 0 | override_bit = 0; |
3320 | 0 | } |
3321 | 6.15k | if (SCTP_TSN_GT(tsn, net->cwr_window_tsn) && |
3322 | 3.70k | ((override_bit&SCTP_CWR_REDUCE_OVERRIDE) == 0)) { |
3323 | | /* JRS - Use the congestion control given in the pluggable CC module */ |
3324 | 0 | stcb->asoc.cc_functions.sctp_cwnd_update_after_ecn_echo(stcb, net, 0, pkt_cnt); |
3325 | | /* |
3326 | | * We reduce once every RTT. So we will only lower cwnd at |
3327 | | * the next sending seq i.e. the window_data_tsn |
3328 | | */ |
3329 | 0 | net->cwr_window_tsn = window_data_tsn; |
3330 | 0 | net->ecn_ce_pkt_cnt += pkt_cnt; |
3331 | 0 | net->lost_cnt = pkt_cnt; |
3332 | 0 | net->last_cwr_tsn = tsn; |
3333 | 6.15k | } else { |
3334 | 6.15k | override_bit |= SCTP_CWR_IN_SAME_WINDOW; |
3335 | 6.15k | if (SCTP_TSN_GT(tsn, net->last_cwr_tsn) && |
3336 | 3.70k | ((override_bit&SCTP_CWR_REDUCE_OVERRIDE) == 0)) { |
3337 | | /* |
3338 | | * Another loss in the same window update how |
3339 | | * many marks/packets lost we have had. |
3340 | | */ |
3341 | 0 | int cnt = 1; |
3342 | 0 | if (pkt_cnt > net->lost_cnt) { |
3343 | | /* Should be the case */ |
3344 | 0 | cnt = (pkt_cnt - net->lost_cnt); |
3345 | 0 | net->ecn_ce_pkt_cnt += cnt; |
3346 | 0 | } |
3347 | 0 | net->lost_cnt = pkt_cnt; |
3348 | 0 | net->last_cwr_tsn = tsn; |
3349 | | /* |
3350 | | * Most CC functions will ignore this call, since we are in-window |
3351 | | * yet of the initial CE the peer saw. |
3352 | | */ |
3353 | 0 | stcb->asoc.cc_functions.sctp_cwnd_update_after_ecn_echo(stcb, net, 1, cnt); |
3354 | 0 | } |
3355 | 6.15k | } |
3356 | | /* |
3357 | | * We always send a CWR this way if our previous one was lost our |
3358 | | * peer will get an update, or if it is not time again to reduce we |
3359 | | * still get the cwr to the peer. Note we set the override when we |
3360 | | * could not find the TSN on the chunk or the destination network. |
3361 | | */ |
3362 | 6.15k | sctp_send_cwr(stcb, net, net->last_cwr_tsn, override_bit); |
3363 | 6.15k | } |
3364 | | |
3365 | | static void |
3366 | | sctp_handle_ecn_cwr(struct sctp_cwr_chunk *cp, struct sctp_tcb *stcb, struct sctp_nets *net) |
3367 | 402 | { |
3368 | | /* |
3369 | | * Here we get a CWR from the peer. We must look in the outqueue and |
3370 | | * make sure that we have a covered ECNE in the control chunk part. |
3371 | | * If so remove it. |
3372 | | */ |
3373 | 402 | struct sctp_tmit_chunk *chk, *nchk; |
3374 | 402 | struct sctp_ecne_chunk *ecne; |
3375 | 402 | int override; |
3376 | 402 | uint32_t cwr_tsn; |
3377 | | |
3378 | 402 | cwr_tsn = ntohl(cp->tsn); |
3379 | 402 | override = cp->ch.chunk_flags & SCTP_CWR_REDUCE_OVERRIDE; |
3380 | 12.7k | TAILQ_FOREACH_SAFE(chk, &stcb->asoc.control_send_queue, sctp_next, nchk) { |
3381 | 12.7k | if (chk->rec.chunk_id.id != SCTP_ECN_ECHO) { |
3382 | 12.7k | continue; |
3383 | 12.7k | } |
3384 | 0 | if ((override == 0) && (chk->whoTo != net)) { |
3385 | | /* Must be from the right src unless override is set */ |
3386 | 0 | continue; |
3387 | 0 | } |
3388 | 0 | ecne = mtod(chk->data, struct sctp_ecne_chunk *); |
3389 | 0 | if (SCTP_TSN_GE(cwr_tsn, ntohl(ecne->tsn))) { |
3390 | | /* this covers this ECNE, we can remove it */ |
3391 | 0 | stcb->asoc.ecn_echo_cnt_onq--; |
3392 | 0 | TAILQ_REMOVE(&stcb->asoc.control_send_queue, chk, |
3393 | 0 | sctp_next); |
3394 | 0 | stcb->asoc.ctrl_queue_cnt--; |
3395 | 0 | sctp_m_freem(chk->data); |
3396 | 0 | chk->data = NULL; |
3397 | 0 | sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); |
3398 | 0 | if (override == 0) { |
3399 | 0 | break; |
3400 | 0 | } |
3401 | 0 | } |
3402 | 0 | } |
3403 | 402 | } |
3404 | | |
3405 | | static void |
3406 | | sctp_handle_shutdown_complete(struct sctp_shutdown_complete_chunk *cp SCTP_UNUSED, |
3407 | | struct sctp_tcb *stcb, struct sctp_nets *net) |
3408 | 2 | { |
3409 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3410 | | struct socket *so; |
3411 | | #endif |
3412 | | |
3413 | 2 | SCTPDBG(SCTP_DEBUG_INPUT2, |
3414 | 2 | "sctp_handle_shutdown_complete: handling SHUTDOWN-COMPLETE\n"); |
3415 | 2 | if (stcb == NULL) |
3416 | 0 | return; |
3417 | | |
3418 | | /* process according to association state */ |
3419 | 2 | if (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_ACK_SENT) { |
3420 | | /* unexpected SHUTDOWN-COMPLETE... so ignore... */ |
3421 | 2 | SCTPDBG(SCTP_DEBUG_INPUT2, |
3422 | 2 | "sctp_handle_shutdown_complete: not in SCTP_STATE_SHUTDOWN_ACK_SENT --- ignore\n"); |
3423 | 2 | SCTP_TCB_UNLOCK(stcb); |
3424 | 2 | return; |
3425 | 2 | } |
3426 | | /* notify upper layer protocol */ |
3427 | 0 | if (stcb->sctp_socket) { |
3428 | 0 | sctp_ulp_notify(SCTP_NOTIFY_ASSOC_DOWN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
3429 | 0 | } |
3430 | 0 | #ifdef INVARIANTS |
3431 | 0 | if (!TAILQ_EMPTY(&stcb->asoc.send_queue) || |
3432 | 0 | !TAILQ_EMPTY(&stcb->asoc.sent_queue) || |
3433 | 0 | sctp_is_there_unsent_data(stcb, SCTP_SO_NOT_LOCKED)) { |
3434 | 0 | panic("Queues are not empty when handling SHUTDOWN-COMPLETE"); |
3435 | 0 | } |
3436 | 0 | #endif |
3437 | | /* stop the timer */ |
3438 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_SHUTDOWNACK, stcb->sctp_ep, stcb, net, |
3439 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_24); |
3440 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_shutdown); |
3441 | | /* free the TCB */ |
3442 | 0 | SCTPDBG(SCTP_DEBUG_INPUT2, |
3443 | 0 | "sctp_handle_shutdown_complete: calls free-asoc\n"); |
3444 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3445 | | so = SCTP_INP_SO(stcb->sctp_ep); |
3446 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
3447 | | SCTP_TCB_UNLOCK(stcb); |
3448 | | SCTP_SOCKET_LOCK(so, 1); |
3449 | | SCTP_TCB_LOCK(stcb); |
3450 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
3451 | | #endif |
3452 | 0 | (void)sctp_free_assoc(stcb->sctp_ep, stcb, SCTP_NORMAL_PROC, |
3453 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_25); |
3454 | | #if defined(__APPLE__) && !defined(__Userspace__) |
3455 | | SCTP_SOCKET_UNLOCK(so, 1); |
3456 | | #endif |
3457 | 0 | return; |
3458 | 0 | } |
3459 | | |
3460 | | static int |
3461 | | process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc, |
3462 | | struct sctp_nets *net, uint8_t flg) |
3463 | 50.3k | { |
3464 | 50.3k | switch (desc->chunk_type) { |
3465 | 285 | case SCTP_DATA: |
3466 | 993 | case SCTP_IDATA: |
3467 | | /* find the tsn to resend (possibly) */ |
3468 | 993 | { |
3469 | 993 | uint32_t tsn; |
3470 | 993 | struct sctp_tmit_chunk *tp1; |
3471 | | |
3472 | 993 | tsn = ntohl(desc->tsn_ifany); |
3473 | 993 | TAILQ_FOREACH(tp1, &stcb->asoc.sent_queue, sctp_next) { |
3474 | 0 | if (tp1->rec.data.tsn == tsn) { |
3475 | | /* found it */ |
3476 | 0 | break; |
3477 | 0 | } |
3478 | 0 | if (SCTP_TSN_GT(tp1->rec.data.tsn, tsn)) { |
3479 | | /* not found */ |
3480 | 0 | tp1 = NULL; |
3481 | 0 | break; |
3482 | 0 | } |
3483 | 0 | } |
3484 | 993 | if (tp1 == NULL) { |
3485 | | /* |
3486 | | * Do it the other way , aka without paying |
3487 | | * attention to queue seq order. |
3488 | | */ |
3489 | 993 | SCTP_STAT_INCR(sctps_pdrpdnfnd); |
3490 | 993 | TAILQ_FOREACH(tp1, &stcb->asoc.sent_queue, sctp_next) { |
3491 | 0 | if (tp1->rec.data.tsn == tsn) { |
3492 | | /* found it */ |
3493 | 0 | break; |
3494 | 0 | } |
3495 | 0 | } |
3496 | 993 | } |
3497 | 993 | if (tp1 == NULL) { |
3498 | 993 | SCTP_STAT_INCR(sctps_pdrptsnnf); |
3499 | 993 | } |
3500 | 993 | if ((tp1) && (tp1->sent < SCTP_DATAGRAM_ACKED)) { |
3501 | 0 | if (((flg & SCTP_BADCRC) == 0) && |
3502 | 0 | ((flg & SCTP_FROM_MIDDLE_BOX) == 0)) { |
3503 | 0 | return (0); |
3504 | 0 | } |
3505 | 0 | if ((stcb->asoc.peers_rwnd == 0) && |
3506 | 0 | ((flg & SCTP_FROM_MIDDLE_BOX) == 0)) { |
3507 | 0 | SCTP_STAT_INCR(sctps_pdrpdiwnp); |
3508 | 0 | return (0); |
3509 | 0 | } |
3510 | 0 | if (stcb->asoc.peers_rwnd == 0 && |
3511 | 0 | (flg & SCTP_FROM_MIDDLE_BOX)) { |
3512 | 0 | SCTP_STAT_INCR(sctps_pdrpdizrw); |
3513 | 0 | return (0); |
3514 | 0 | } |
3515 | 0 | if ((uint32_t)SCTP_BUF_LEN(tp1->data) < |
3516 | 0 | SCTP_DATA_CHUNK_OVERHEAD(stcb) + SCTP_NUM_DB_TO_VERIFY) { |
3517 | | /* Payload not matching. */ |
3518 | 0 | SCTP_STAT_INCR(sctps_pdrpbadd); |
3519 | 0 | return (-1); |
3520 | 0 | } |
3521 | 0 | if (memcmp(mtod(tp1->data, caddr_t) + SCTP_DATA_CHUNK_OVERHEAD(stcb), |
3522 | 0 | desc->data_bytes, SCTP_NUM_DB_TO_VERIFY) != 0) { |
3523 | | /* Payload not matching. */ |
3524 | 0 | SCTP_STAT_INCR(sctps_pdrpbadd); |
3525 | 0 | return (-1); |
3526 | 0 | } |
3527 | 0 | if (tp1->do_rtt) { |
3528 | | /* |
3529 | | * this guy had a RTO calculation |
3530 | | * pending on it, cancel it |
3531 | | */ |
3532 | 0 | if (tp1->whoTo->rto_needed == 0) { |
3533 | 0 | tp1->whoTo->rto_needed = 1; |
3534 | 0 | } |
3535 | 0 | tp1->do_rtt = 0; |
3536 | 0 | } |
3537 | 0 | SCTP_STAT_INCR(sctps_pdrpmark); |
3538 | 0 | if (tp1->sent != SCTP_DATAGRAM_RESEND) |
3539 | 0 | sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt); |
3540 | | /* |
3541 | | * mark it as if we were doing a FR, since |
3542 | | * we will be getting gap ack reports behind |
3543 | | * the info from the router. |
3544 | | */ |
3545 | 0 | tp1->rec.data.doing_fast_retransmit = 1; |
3546 | | /* |
3547 | | * mark the tsn with what sequences can |
3548 | | * cause a new FR. |
3549 | | */ |
3550 | 0 | if (TAILQ_EMPTY(&stcb->asoc.send_queue)) { |
3551 | 0 | tp1->rec.data.fast_retran_tsn = stcb->asoc.sending_seq; |
3552 | 0 | } else { |
3553 | 0 | tp1->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.tsn; |
3554 | 0 | } |
3555 | | |
3556 | | /* restart the timer */ |
3557 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, |
3558 | 0 | stcb, tp1->whoTo, |
3559 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_26); |
3560 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, |
3561 | 0 | stcb, tp1->whoTo); |
3562 | | |
3563 | | /* fix counts and things */ |
3564 | 0 | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) { |
3565 | 0 | sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_PDRP, |
3566 | 0 | tp1->whoTo->flight_size, |
3567 | 0 | tp1->book_size, |
3568 | 0 | (uint32_t)(uintptr_t)stcb, |
3569 | 0 | tp1->rec.data.tsn); |
3570 | 0 | } |
3571 | 0 | if (tp1->sent < SCTP_DATAGRAM_RESEND) { |
3572 | 0 | sctp_flight_size_decrease(tp1); |
3573 | 0 | sctp_total_flight_decrease(stcb, tp1); |
3574 | 0 | } |
3575 | 0 | tp1->sent = SCTP_DATAGRAM_RESEND; |
3576 | 993 | } { |
3577 | | /* audit code */ |
3578 | 993 | unsigned int audit; |
3579 | | |
3580 | 993 | audit = 0; |
3581 | 993 | TAILQ_FOREACH(tp1, &stcb->asoc.sent_queue, sctp_next) { |
3582 | 0 | if (tp1->sent == SCTP_DATAGRAM_RESEND) |
3583 | 0 | audit++; |
3584 | 0 | } |
3585 | 993 | TAILQ_FOREACH(tp1, &stcb->asoc.control_send_queue, |
3586 | 15.4k | sctp_next) { |
3587 | 15.4k | if (tp1->sent == SCTP_DATAGRAM_RESEND) |
3588 | 0 | audit++; |
3589 | 15.4k | } |
3590 | 993 | if (audit != stcb->asoc.sent_queue_retran_cnt) { |
3591 | 0 | SCTP_PRINTF("**Local Audit finds cnt:%d asoc cnt:%d\n", |
3592 | 0 | audit, stcb->asoc.sent_queue_retran_cnt); |
3593 | 0 | #ifndef SCTP_AUDITING_ENABLED |
3594 | 0 | stcb->asoc.sent_queue_retran_cnt = audit; |
3595 | 0 | #endif |
3596 | 0 | } |
3597 | 993 | } |
3598 | 993 | } |
3599 | 0 | break; |
3600 | 1.08k | case SCTP_ASCONF: |
3601 | 1.08k | { |
3602 | 1.08k | struct sctp_tmit_chunk *asconf; |
3603 | | |
3604 | 1.08k | TAILQ_FOREACH(asconf, &stcb->asoc.control_send_queue, |
3605 | 46.1k | sctp_next) { |
3606 | 46.1k | if (asconf->rec.chunk_id.id == SCTP_ASCONF) { |
3607 | 0 | break; |
3608 | 0 | } |
3609 | 46.1k | } |
3610 | 1.08k | if (asconf) { |
3611 | 0 | if (asconf->sent != SCTP_DATAGRAM_RESEND) |
3612 | 0 | sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt); |
3613 | 0 | asconf->sent = SCTP_DATAGRAM_RESEND; |
3614 | 0 | asconf->snd_count--; |
3615 | 0 | } |
3616 | 1.08k | } |
3617 | 1.08k | break; |
3618 | 4.69k | case SCTP_INITIATION: |
3619 | | /* resend the INIT */ |
3620 | 4.69k | stcb->asoc.dropped_special_cnt++; |
3621 | 4.69k | if (stcb->asoc.dropped_special_cnt < SCTP_RETRY_DROPPED_THRESH) { |
3622 | | /* |
3623 | | * If we can get it in, in a few attempts we do |
3624 | | * this, otherwise we let the timer fire. |
3625 | | */ |
3626 | 172 | sctp_timer_stop(SCTP_TIMER_TYPE_INIT, stcb->sctp_ep, |
3627 | 172 | stcb, net, |
3628 | 172 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_27); |
3629 | 172 | sctp_send_initiate(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED); |
3630 | 172 | } |
3631 | 4.69k | break; |
3632 | 2.79k | case SCTP_SELECTIVE_ACK: |
3633 | 4.58k | case SCTP_NR_SELECTIVE_ACK: |
3634 | | /* resend the sack */ |
3635 | 4.58k | sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED); |
3636 | 4.58k | break; |
3637 | 22.0k | case SCTP_HEARTBEAT_REQUEST: |
3638 | | /* resend a demand HB */ |
3639 | 22.0k | if ((stcb->asoc.overall_error_count + 3) < stcb->asoc.max_send_times) { |
3640 | | /* Only retransmit if we KNOW we wont destroy the tcb */ |
3641 | 22.0k | sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED); |
3642 | 22.0k | } |
3643 | 22.0k | break; |
3644 | 2.38k | case SCTP_SHUTDOWN: |
3645 | 2.38k | sctp_send_shutdown(stcb, net); |
3646 | 2.38k | break; |
3647 | 650 | case SCTP_SHUTDOWN_ACK: |
3648 | 650 | sctp_send_shutdown_ack(stcb, net); |
3649 | 650 | break; |
3650 | 2.40k | case SCTP_COOKIE_ECHO: |
3651 | 2.40k | { |
3652 | 2.40k | struct sctp_tmit_chunk *cookie; |
3653 | | |
3654 | 2.40k | cookie = NULL; |
3655 | 2.40k | TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue, |
3656 | 31.4k | sctp_next) { |
3657 | 31.4k | if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) { |
3658 | 0 | break; |
3659 | 0 | } |
3660 | 31.4k | } |
3661 | 2.40k | if (cookie) { |
3662 | 0 | if (cookie->sent != SCTP_DATAGRAM_RESEND) |
3663 | 0 | sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt); |
3664 | 0 | cookie->sent = SCTP_DATAGRAM_RESEND; |
3665 | 0 | sctp_stop_all_cookie_timers(stcb); |
3666 | 0 | } |
3667 | 2.40k | } |
3668 | 2.40k | break; |
3669 | 1.69k | case SCTP_COOKIE_ACK: |
3670 | 1.69k | sctp_send_cookie_ack(stcb); |
3671 | 1.69k | break; |
3672 | 599 | case SCTP_ASCONF_ACK: |
3673 | | /* resend last asconf ack */ |
3674 | 599 | sctp_send_asconf_ack(stcb); |
3675 | 599 | break; |
3676 | 252 | case SCTP_IFORWARD_CUM_TSN: |
3677 | 1.33k | case SCTP_FORWARD_CUM_TSN: |
3678 | 1.33k | send_forward_tsn(stcb, &stcb->asoc); |
3679 | 1.33k | break; |
3680 | | /* can't do anything with these */ |
3681 | 588 | case SCTP_PACKET_DROPPED: |
3682 | 602 | case SCTP_INITIATION_ACK: /* this should not happen */ |
3683 | 701 | case SCTP_HEARTBEAT_ACK: |
3684 | 706 | case SCTP_ABORT_ASSOCIATION: |
3685 | 5.08k | case SCTP_OPERATION_ERROR: |
3686 | 5.09k | case SCTP_SHUTDOWN_COMPLETE: |
3687 | 5.22k | case SCTP_ECN_ECHO: |
3688 | 5.30k | case SCTP_ECN_CWR: |
3689 | 7.83k | default: |
3690 | 7.83k | break; |
3691 | 50.3k | } |
3692 | 50.3k | return (0); |
3693 | 50.3k | } |
3694 | | |
3695 | | void |
3696 | | sctp_reset_in_stream(struct sctp_tcb *stcb, uint32_t number_entries, uint16_t *list) |
3697 | 446 | { |
3698 | 446 | uint32_t i; |
3699 | 446 | uint16_t temp; |
3700 | | |
3701 | | /* |
3702 | | * We set things to 0xffffffff since this is the last delivered sequence |
3703 | | * and we will be sending in 0 after the reset. |
3704 | | */ |
3705 | | |
3706 | 446 | if (number_entries) { |
3707 | 4.95k | for (i = 0; i < number_entries; i++) { |
3708 | 4.79k | temp = ntohs(list[i]); |
3709 | 4.79k | if (temp >= stcb->asoc.streamincnt) { |
3710 | 2.89k | continue; |
3711 | 2.89k | } |
3712 | 1.89k | stcb->asoc.strmin[temp].last_mid_delivered = 0xffffffff; |
3713 | 1.89k | } |
3714 | 279 | } else { |
3715 | 279 | list = NULL; |
3716 | 71.9k | for (i = 0; i < stcb->asoc.streamincnt; i++) { |
3717 | 71.7k | stcb->asoc.strmin[i].last_mid_delivered = 0xffffffff; |
3718 | 71.7k | } |
3719 | 279 | } |
3720 | 446 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_RECV, stcb, number_entries, (void *)list, SCTP_SO_NOT_LOCKED); |
3721 | 446 | } |
3722 | | |
3723 | | static void |
3724 | | sctp_reset_out_streams(struct sctp_tcb *stcb, uint32_t number_entries, uint16_t *list) |
3725 | 65 | { |
3726 | 65 | uint32_t i; |
3727 | 65 | uint16_t temp; |
3728 | | |
3729 | 65 | if (number_entries > 0) { |
3730 | 0 | for (i = 0; i < number_entries; i++) { |
3731 | 0 | temp = ntohs(list[i]); |
3732 | 0 | if (temp >= stcb->asoc.streamoutcnt) { |
3733 | | /* no such stream */ |
3734 | 0 | continue; |
3735 | 0 | } |
3736 | 0 | stcb->asoc.strmout[temp].next_mid_ordered = 0; |
3737 | 0 | stcb->asoc.strmout[temp].next_mid_unordered = 0; |
3738 | 0 | } |
3739 | 65 | } else { |
3740 | 16.7k | for (i = 0; i < stcb->asoc.streamoutcnt; i++) { |
3741 | 16.7k | stcb->asoc.strmout[i].next_mid_ordered = 0; |
3742 | 16.7k | stcb->asoc.strmout[i].next_mid_unordered = 0; |
3743 | 16.7k | } |
3744 | 65 | } |
3745 | 65 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_SEND, stcb, number_entries, (void *)list, SCTP_SO_NOT_LOCKED); |
3746 | 65 | } |
3747 | | |
3748 | | static void |
3749 | | sctp_reset_clear_pending(struct sctp_tcb *stcb, uint32_t number_entries, uint16_t *list) |
3750 | 0 | { |
3751 | 0 | uint32_t i; |
3752 | 0 | uint16_t temp; |
3753 | |
|
3754 | 0 | if (number_entries > 0) { |
3755 | 0 | for (i = 0; i < number_entries; i++) { |
3756 | 0 | temp = ntohs(list[i]); |
3757 | 0 | if (temp >= stcb->asoc.streamoutcnt) { |
3758 | | /* no such stream */ |
3759 | 0 | continue; |
3760 | 0 | } |
3761 | 0 | stcb->asoc.strmout[temp].state = SCTP_STREAM_OPEN; |
3762 | 0 | } |
3763 | 0 | } else { |
3764 | 0 | for (i = 0; i < stcb->asoc.streamoutcnt; i++) { |
3765 | 0 | stcb->asoc.strmout[i].state = SCTP_STREAM_OPEN; |
3766 | 0 | } |
3767 | 0 | } |
3768 | 0 | } |
3769 | | |
3770 | | struct sctp_stream_reset_request * |
3771 | | sctp_find_stream_reset(struct sctp_tcb *stcb, uint32_t seq, struct sctp_tmit_chunk **bchk) |
3772 | 0 | { |
3773 | 0 | struct sctp_association *asoc; |
3774 | 0 | struct sctp_chunkhdr *ch; |
3775 | 0 | struct sctp_stream_reset_request *r; |
3776 | 0 | struct sctp_tmit_chunk *chk; |
3777 | 0 | int len, clen; |
3778 | |
|
3779 | 0 | asoc = &stcb->asoc; |
3780 | 0 | chk = asoc->str_reset; |
3781 | 0 | if (TAILQ_EMPTY(&asoc->control_send_queue) || |
3782 | 0 | (chk == NULL)) { |
3783 | 0 | asoc->stream_reset_outstanding = 0; |
3784 | 0 | return (NULL); |
3785 | 0 | } |
3786 | 0 | if (chk->data == NULL) { |
3787 | 0 | return (NULL); |
3788 | 0 | } |
3789 | 0 | if (bchk != NULL) { |
3790 | | /* he wants a copy of the chk pointer */ |
3791 | 0 | *bchk = chk; |
3792 | 0 | } |
3793 | 0 | clen = chk->send_size; |
3794 | 0 | ch = mtod(chk->data, struct sctp_chunkhdr *); |
3795 | 0 | r = (struct sctp_stream_reset_request *)(ch + 1); |
3796 | 0 | if (ntohl(r->request_seq) == seq) { |
3797 | | /* found it */ |
3798 | 0 | return (r); |
3799 | 0 | } |
3800 | 0 | len = SCTP_SIZE32(ntohs(r->ph.param_length)); |
3801 | 0 | if (clen > (len + (int)sizeof(struct sctp_chunkhdr))) { |
3802 | | /* move to the next one, there can only be a max of two */ |
3803 | 0 | r = (struct sctp_stream_reset_request *)((caddr_t)r + len); |
3804 | 0 | if (ntohl(r->request_seq) == seq) { |
3805 | 0 | return (r); |
3806 | 0 | } |
3807 | 0 | } |
3808 | | /* that seq is not here */ |
3809 | 0 | return (NULL); |
3810 | 0 | } |
3811 | | |
3812 | | static void |
3813 | | sctp_clean_up_stream_reset(struct sctp_tcb *stcb) |
3814 | 0 | { |
3815 | 0 | struct sctp_association *asoc; |
3816 | 0 | struct sctp_tmit_chunk *chk; |
3817 | |
|
3818 | 0 | asoc = &stcb->asoc; |
3819 | 0 | chk = asoc->str_reset; |
3820 | 0 | if (chk == NULL) { |
3821 | 0 | return; |
3822 | 0 | } |
3823 | 0 | asoc->str_reset = NULL; |
3824 | 0 | sctp_timer_stop(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, |
3825 | 0 | NULL, SCTP_FROM_SCTP_INPUT + SCTP_LOC_28); |
3826 | 0 | TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); |
3827 | 0 | asoc->ctrl_queue_cnt--; |
3828 | 0 | if (chk->data) { |
3829 | 0 | sctp_m_freem(chk->data); |
3830 | 0 | chk->data = NULL; |
3831 | 0 | } |
3832 | 0 | sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); |
3833 | 0 | } |
3834 | | |
3835 | | static int |
3836 | | sctp_handle_stream_reset_response(struct sctp_tcb *stcb, |
3837 | | uint32_t seq, uint32_t action, |
3838 | | struct sctp_stream_reset_response *respin) |
3839 | 396 | { |
3840 | 396 | uint16_t type; |
3841 | 396 | int lparam_len; |
3842 | 396 | struct sctp_association *asoc = &stcb->asoc; |
3843 | 396 | struct sctp_tmit_chunk *chk; |
3844 | 396 | struct sctp_stream_reset_request *req_param; |
3845 | 396 | struct sctp_stream_reset_out_request *req_out_param; |
3846 | 396 | struct sctp_stream_reset_in_request *req_in_param; |
3847 | 396 | uint32_t number_entries; |
3848 | | |
3849 | 396 | if (asoc->stream_reset_outstanding == 0) { |
3850 | | /* duplicate */ |
3851 | 284 | return (0); |
3852 | 284 | } |
3853 | 112 | if (seq == stcb->asoc.str_reset_seq_out) { |
3854 | 0 | req_param = sctp_find_stream_reset(stcb, seq, &chk); |
3855 | 0 | if (req_param != NULL) { |
3856 | 0 | stcb->asoc.str_reset_seq_out++; |
3857 | 0 | type = ntohs(req_param->ph.param_type); |
3858 | 0 | lparam_len = ntohs(req_param->ph.param_length); |
3859 | 0 | if (type == SCTP_STR_RESET_OUT_REQUEST) { |
3860 | 0 | int no_clear = 0; |
3861 | |
|
3862 | 0 | req_out_param = (struct sctp_stream_reset_out_request *)req_param; |
3863 | 0 | number_entries = (lparam_len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t); |
3864 | 0 | asoc->stream_reset_out_is_outstanding = 0; |
3865 | 0 | if (asoc->stream_reset_outstanding) |
3866 | 0 | asoc->stream_reset_outstanding--; |
3867 | 0 | if (action == SCTP_STREAM_RESET_RESULT_PERFORMED) { |
3868 | | /* do it */ |
3869 | 0 | sctp_reset_out_streams(stcb, number_entries, req_out_param->list_of_streams); |
3870 | 0 | } else if (action == SCTP_STREAM_RESET_RESULT_DENIED) { |
3871 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_DENIED_OUT, stcb, number_entries, req_out_param->list_of_streams, SCTP_SO_NOT_LOCKED); |
3872 | 0 | } else if (action == SCTP_STREAM_RESET_RESULT_IN_PROGRESS) { |
3873 | | /* Set it up so we don't stop retransmitting */ |
3874 | 0 | asoc->stream_reset_outstanding++; |
3875 | 0 | stcb->asoc.str_reset_seq_out--; |
3876 | 0 | asoc->stream_reset_out_is_outstanding = 1; |
3877 | 0 | no_clear = 1; |
3878 | 0 | } else { |
3879 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_OUT, stcb, number_entries, req_out_param->list_of_streams, SCTP_SO_NOT_LOCKED); |
3880 | 0 | } |
3881 | 0 | if (no_clear == 0) { |
3882 | 0 | sctp_reset_clear_pending(stcb, number_entries, req_out_param->list_of_streams); |
3883 | 0 | } |
3884 | 0 | } else if (type == SCTP_STR_RESET_IN_REQUEST) { |
3885 | 0 | req_in_param = (struct sctp_stream_reset_in_request *)req_param; |
3886 | 0 | number_entries = (lparam_len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t); |
3887 | 0 | if (asoc->stream_reset_outstanding) |
3888 | 0 | asoc->stream_reset_outstanding--; |
3889 | 0 | if (action == SCTP_STREAM_RESET_RESULT_DENIED) { |
3890 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_DENIED_IN, stcb, |
3891 | 0 | number_entries, req_in_param->list_of_streams, SCTP_SO_NOT_LOCKED); |
3892 | 0 | } else if (action != SCTP_STREAM_RESET_RESULT_PERFORMED) { |
3893 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_FAILED_IN, stcb, |
3894 | 0 | number_entries, req_in_param->list_of_streams, SCTP_SO_NOT_LOCKED); |
3895 | 0 | } |
3896 | 0 | } else if (type == SCTP_STR_RESET_ADD_OUT_STREAMS) { |
3897 | | /* Ok we now may have more streams */ |
3898 | 0 | int num_stream; |
3899 | |
|
3900 | 0 | num_stream = stcb->asoc.strm_pending_add_size; |
3901 | 0 | if (num_stream > (stcb->asoc.strm_realoutsize - stcb->asoc.streamoutcnt)) { |
3902 | | /* TSNH */ |
3903 | 0 | num_stream = stcb->asoc.strm_realoutsize - stcb->asoc.streamoutcnt; |
3904 | 0 | } |
3905 | 0 | stcb->asoc.strm_pending_add_size = 0; |
3906 | 0 | if (asoc->stream_reset_outstanding) |
3907 | 0 | asoc->stream_reset_outstanding--; |
3908 | 0 | if (action == SCTP_STREAM_RESET_RESULT_PERFORMED) { |
3909 | | /* Put the new streams into effect */ |
3910 | 0 | int i; |
3911 | 0 | for (i = asoc->streamoutcnt; i < (asoc->streamoutcnt + num_stream); i++) { |
3912 | 0 | asoc->strmout[i].state = SCTP_STREAM_OPEN; |
3913 | 0 | } |
3914 | 0 | asoc->streamoutcnt += num_stream; |
3915 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
3916 | 0 | } else if (action == SCTP_STREAM_RESET_RESULT_DENIED) { |
3917 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD, stcb, SCTP_STREAM_CHANGE_DENIED, NULL, SCTP_SO_NOT_LOCKED); |
3918 | 0 | } else { |
3919 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD, stcb, SCTP_STREAM_CHANGE_FAILED, NULL, SCTP_SO_NOT_LOCKED); |
3920 | 0 | } |
3921 | 0 | } else if (type == SCTP_STR_RESET_ADD_IN_STREAMS) { |
3922 | 0 | if (asoc->stream_reset_outstanding) |
3923 | 0 | asoc->stream_reset_outstanding--; |
3924 | 0 | if (action == SCTP_STREAM_RESET_RESULT_DENIED) { |
3925 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD, stcb, SCTP_STREAM_CHANGE_DENIED, NULL, SCTP_SO_NOT_LOCKED); |
3926 | 0 | } else if (action != SCTP_STREAM_RESET_RESULT_PERFORMED) { |
3927 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD, stcb, SCTP_STREAM_CHANGE_DENIED, NULL, SCTP_SO_NOT_LOCKED); |
3928 | 0 | } |
3929 | 0 | } else if (type == SCTP_STR_RESET_TSN_REQUEST) { |
3930 | | /** |
3931 | | * a) Adopt the new in tsn. |
3932 | | * b) reset the map |
3933 | | * c) Adopt the new out-tsn |
3934 | | */ |
3935 | 0 | struct sctp_stream_reset_response_tsn *resp; |
3936 | 0 | struct sctp_forward_tsn_chunk fwdtsn; |
3937 | 0 | int abort_flag = 0; |
3938 | 0 | if (respin == NULL) { |
3939 | | /* huh ? */ |
3940 | 0 | return (0); |
3941 | 0 | } |
3942 | 0 | if (ntohs(respin->ph.param_length) < sizeof(struct sctp_stream_reset_response_tsn)) { |
3943 | 0 | return (0); |
3944 | 0 | } |
3945 | 0 | if (action == SCTP_STREAM_RESET_RESULT_PERFORMED) { |
3946 | 0 | resp = (struct sctp_stream_reset_response_tsn *)respin; |
3947 | 0 | asoc->stream_reset_outstanding--; |
3948 | 0 | fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk)); |
3949 | 0 | fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN; |
3950 | 0 | fwdtsn.new_cumulative_tsn = htonl(ntohl(resp->senders_next_tsn) - 1); |
3951 | 0 | sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag, NULL, 0); |
3952 | 0 | if (abort_flag) { |
3953 | 0 | return (1); |
3954 | 0 | } |
3955 | 0 | stcb->asoc.highest_tsn_inside_map = (ntohl(resp->senders_next_tsn) - 1); |
3956 | 0 | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) { |
3957 | 0 | sctp_log_map(0, 7, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT); |
3958 | 0 | } |
3959 | |
|
3960 | 0 | stcb->asoc.tsn_last_delivered = stcb->asoc.cumulative_tsn = stcb->asoc.highest_tsn_inside_map; |
3961 | 0 | stcb->asoc.mapping_array_base_tsn = ntohl(resp->senders_next_tsn); |
3962 | 0 | memset(stcb->asoc.mapping_array, 0, stcb->asoc.mapping_array_size); |
3963 | |
|
3964 | 0 | stcb->asoc.highest_tsn_inside_nr_map = stcb->asoc.highest_tsn_inside_map; |
3965 | 0 | memset(stcb->asoc.nr_mapping_array, 0, stcb->asoc.mapping_array_size); |
3966 | |
|
3967 | 0 | stcb->asoc.sending_seq = ntohl(resp->receivers_next_tsn); |
3968 | 0 | stcb->asoc.last_acked_seq = stcb->asoc.cumulative_tsn; |
3969 | |
|
3970 | 0 | sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL); |
3971 | 0 | sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL); |
3972 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_TSN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
3973 | 0 | } else if (action == SCTP_STREAM_RESET_RESULT_DENIED) { |
3974 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_TSN, stcb, SCTP_ASSOC_RESET_DENIED, NULL, SCTP_SO_NOT_LOCKED); |
3975 | 0 | } else { |
3976 | 0 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_TSN, stcb, SCTP_ASSOC_RESET_FAILED, NULL, SCTP_SO_NOT_LOCKED); |
3977 | 0 | } |
3978 | 0 | } |
3979 | | /* get rid of the request and get the request flags */ |
3980 | 0 | if (asoc->stream_reset_outstanding == 0) { |
3981 | 0 | sctp_clean_up_stream_reset(stcb); |
3982 | 0 | } |
3983 | 0 | } |
3984 | 0 | } |
3985 | 112 | if (asoc->stream_reset_outstanding == 0) { |
3986 | 0 | sctp_send_stream_reset_out_if_possible(stcb, SCTP_SO_NOT_LOCKED); |
3987 | 0 | } |
3988 | 112 | return (0); |
3989 | 112 | } |
3990 | | |
3991 | | static void |
3992 | | sctp_handle_str_reset_request_in(struct sctp_tcb *stcb, |
3993 | | struct sctp_tmit_chunk *chk, |
3994 | | struct sctp_stream_reset_in_request *req, int trunc) |
3995 | 7.74k | { |
3996 | 7.74k | uint32_t seq; |
3997 | 7.74k | int len, i; |
3998 | 7.74k | int number_entries; |
3999 | 7.74k | uint16_t temp; |
4000 | | |
4001 | | /* |
4002 | | * peer wants me to send a str-reset to him for my outgoing seq's if |
4003 | | * seq_in is right. |
4004 | | */ |
4005 | 7.74k | struct sctp_association *asoc = &stcb->asoc; |
4006 | | |
4007 | 7.74k | seq = ntohl(req->request_seq); |
4008 | 7.74k | if (asoc->str_reset_seq_in == seq) { |
4009 | 278 | asoc->last_reset_action[1] = asoc->last_reset_action[0]; |
4010 | 278 | if ((asoc->local_strreset_support & SCTP_ENABLE_RESET_STREAM_REQ) == 0) { |
4011 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4012 | 278 | } else if (trunc) { |
4013 | | /* Can't do it, since they exceeded our buffer size */ |
4014 | 1 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4015 | 277 | } else if (stcb->asoc.stream_reset_out_is_outstanding == 0) { |
4016 | 277 | len = ntohs(req->ph.param_length); |
4017 | 277 | number_entries = ((len - sizeof(struct sctp_stream_reset_in_request)) / sizeof(uint16_t)); |
4018 | 277 | if (number_entries) { |
4019 | 1.33k | for (i = 0; i < number_entries; i++) { |
4020 | 1.17k | temp = ntohs(req->list_of_streams[i]); |
4021 | 1.17k | if (temp >= stcb->asoc.streamoutcnt) { |
4022 | 38 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4023 | 38 | goto bad_boy; |
4024 | 38 | } |
4025 | 1.13k | req->list_of_streams[i] = temp; |
4026 | 1.13k | } |
4027 | 1.20k | for (i = 0; i < number_entries; i++) { |
4028 | 1.04k | if (stcb->asoc.strmout[req->list_of_streams[i]].state == SCTP_STREAM_OPEN) { |
4029 | 618 | stcb->asoc.strmout[req->list_of_streams[i]].state = SCTP_STREAM_RESET_PENDING; |
4030 | 618 | } |
4031 | 1.04k | } |
4032 | 161 | } else { |
4033 | | /* Its all */ |
4034 | 20.1k | for (i = 0; i < stcb->asoc.streamoutcnt; i++) { |
4035 | 20.0k | if (stcb->asoc.strmout[i].state == SCTP_STREAM_OPEN) |
4036 | 18.1k | stcb->asoc.strmout[i].state = SCTP_STREAM_RESET_PENDING; |
4037 | 20.0k | } |
4038 | 78 | } |
4039 | 239 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; |
4040 | 239 | } else { |
4041 | | /* Can't do it, since we have sent one out */ |
4042 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_ERR_IN_PROGRESS; |
4043 | 0 | } |
4044 | 278 | bad_boy: |
4045 | 278 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4046 | 278 | asoc->str_reset_seq_in++; |
4047 | 7.47k | } else if (asoc->str_reset_seq_in - 1 == seq) { |
4048 | 578 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4049 | 6.89k | } else if (asoc->str_reset_seq_in - 2 == seq) { |
4050 | 1.21k | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]); |
4051 | 5.67k | } else { |
4052 | 5.67k | sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); |
4053 | 5.67k | } |
4054 | 7.74k | sctp_send_stream_reset_out_if_possible(stcb, SCTP_SO_NOT_LOCKED); |
4055 | 7.74k | } |
4056 | | |
4057 | | static int |
4058 | | sctp_handle_str_reset_request_tsn(struct sctp_tcb *stcb, |
4059 | | struct sctp_tmit_chunk *chk, |
4060 | | struct sctp_stream_reset_tsn_request *req) |
4061 | 1.86k | { |
4062 | | /* reset all in and out and update the tsn */ |
4063 | | /* |
4064 | | * A) reset my str-seq's on in and out. B) Select a receive next, |
4065 | | * and set cum-ack to it. Also process this selected number as a |
4066 | | * fwd-tsn as well. C) set in the response my next sending seq. |
4067 | | */ |
4068 | 1.86k | struct sctp_forward_tsn_chunk fwdtsn; |
4069 | 1.86k | struct sctp_association *asoc = &stcb->asoc; |
4070 | 1.86k | int abort_flag = 0; |
4071 | 1.86k | uint32_t seq; |
4072 | | |
4073 | 1.86k | seq = ntohl(req->request_seq); |
4074 | 1.86k | if (asoc->str_reset_seq_in == seq) { |
4075 | 65 | asoc->last_reset_action[1] = stcb->asoc.last_reset_action[0]; |
4076 | 65 | if ((asoc->local_strreset_support & SCTP_ENABLE_CHANGE_ASSOC_REQ) == 0) { |
4077 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4078 | 65 | } else { |
4079 | 65 | fwdtsn.ch.chunk_length = htons(sizeof(struct sctp_forward_tsn_chunk)); |
4080 | 65 | fwdtsn.ch.chunk_type = SCTP_FORWARD_CUM_TSN; |
4081 | 65 | fwdtsn.ch.chunk_flags = 0; |
4082 | 65 | fwdtsn.new_cumulative_tsn = htonl(stcb->asoc.highest_tsn_inside_map + 1); |
4083 | 65 | sctp_handle_forward_tsn(stcb, &fwdtsn, &abort_flag, NULL, 0); |
4084 | 65 | if (abort_flag) { |
4085 | 0 | return (1); |
4086 | 0 | } |
4087 | 65 | asoc->highest_tsn_inside_map += SCTP_STREAM_RESET_TSN_DELTA; |
4088 | 65 | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) { |
4089 | 0 | sctp_log_map(0, 10, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT); |
4090 | 0 | } |
4091 | 65 | asoc->tsn_last_delivered = asoc->cumulative_tsn = asoc->highest_tsn_inside_map; |
4092 | 65 | asoc->mapping_array_base_tsn = asoc->highest_tsn_inside_map + 1; |
4093 | 65 | memset(asoc->mapping_array, 0, asoc->mapping_array_size); |
4094 | 65 | asoc->highest_tsn_inside_nr_map = asoc->highest_tsn_inside_map; |
4095 | 65 | memset(asoc->nr_mapping_array, 0, asoc->mapping_array_size); |
4096 | 65 | atomic_add_int(&asoc->sending_seq, 1); |
4097 | | /* save off historical data for retrans */ |
4098 | 65 | asoc->last_sending_seq[1] = asoc->last_sending_seq[0]; |
4099 | 65 | asoc->last_sending_seq[0] = asoc->sending_seq; |
4100 | 65 | asoc->last_base_tsnsent[1] = asoc->last_base_tsnsent[0]; |
4101 | 65 | asoc->last_base_tsnsent[0] = asoc->mapping_array_base_tsn; |
4102 | 65 | sctp_reset_out_streams(stcb, 0, (uint16_t *) NULL); |
4103 | 65 | sctp_reset_in_stream(stcb, 0, (uint16_t *) NULL); |
4104 | 65 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; |
4105 | 65 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_TSN, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
4106 | 65 | } |
4107 | 65 | sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[0], |
4108 | 65 | asoc->last_sending_seq[0], asoc->last_base_tsnsent[0]); |
4109 | 65 | asoc->str_reset_seq_in++; |
4110 | 1.80k | } else if (asoc->str_reset_seq_in - 1 == seq) { |
4111 | 303 | sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[0], |
4112 | 303 | asoc->last_sending_seq[0], asoc->last_base_tsnsent[0]); |
4113 | 1.49k | } else if (asoc->str_reset_seq_in - 2 == seq) { |
4114 | 818 | sctp_add_stream_reset_result_tsn(chk, seq, asoc->last_reset_action[1], |
4115 | 818 | asoc->last_sending_seq[1], asoc->last_base_tsnsent[1]); |
4116 | 818 | } else { |
4117 | 680 | sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); |
4118 | 680 | } |
4119 | 1.86k | return (0); |
4120 | 1.86k | } |
4121 | | |
4122 | | static void |
4123 | | sctp_handle_str_reset_request_out(struct sctp_tcb *stcb, |
4124 | | struct sctp_tmit_chunk *chk, |
4125 | | struct sctp_stream_reset_out_request *req, int trunc) |
4126 | 2.28k | { |
4127 | 2.28k | uint32_t seq, tsn; |
4128 | 2.28k | int number_entries, len; |
4129 | 2.28k | struct sctp_association *asoc = &stcb->asoc; |
4130 | | |
4131 | 2.28k | seq = ntohl(req->request_seq); |
4132 | | |
4133 | | /* now if its not a duplicate we process it */ |
4134 | 2.28k | if (asoc->str_reset_seq_in == seq) { |
4135 | 801 | len = ntohs(req->ph.param_length); |
4136 | 801 | number_entries = ((len - sizeof(struct sctp_stream_reset_out_request)) / sizeof(uint16_t)); |
4137 | | /* |
4138 | | * the sender is resetting, handle the list issue.. we must |
4139 | | * a) verify if we can do the reset, if so no problem b) If |
4140 | | * we can't do the reset we must copy the request. c) queue |
4141 | | * it, and setup the data in processor to trigger it off |
4142 | | * when needed and dequeue all the queued data. |
4143 | | */ |
4144 | 801 | tsn = ntohl(req->send_reset_at_tsn); |
4145 | | |
4146 | | /* move the reset action back one */ |
4147 | 801 | asoc->last_reset_action[1] = asoc->last_reset_action[0]; |
4148 | 801 | if ((asoc->local_strreset_support & SCTP_ENABLE_RESET_STREAM_REQ) == 0) { |
4149 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4150 | 801 | } else if (trunc) { |
4151 | 2 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4152 | 799 | } else if (SCTP_TSN_GE(asoc->cumulative_tsn, tsn)) { |
4153 | | /* we can do it now */ |
4154 | 220 | sctp_reset_in_stream(stcb, number_entries, req->list_of_streams); |
4155 | 220 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; |
4156 | 579 | } else { |
4157 | | /* |
4158 | | * we must queue it up and thus wait for the TSN's |
4159 | | * to arrive that are at or before tsn |
4160 | | */ |
4161 | 579 | struct sctp_stream_reset_list *liste; |
4162 | 579 | int siz; |
4163 | | |
4164 | 579 | siz = sizeof(struct sctp_stream_reset_list) + (number_entries * sizeof(uint16_t)); |
4165 | 579 | SCTP_MALLOC(liste, struct sctp_stream_reset_list *, |
4166 | 579 | siz, SCTP_M_STRESET); |
4167 | 579 | if (liste == NULL) { |
4168 | | /* gak out of memory */ |
4169 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4170 | 0 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4171 | 0 | return; |
4172 | 0 | } |
4173 | 579 | liste->seq = seq; |
4174 | 579 | liste->tsn = tsn; |
4175 | 579 | liste->number_entries = number_entries; |
4176 | 579 | memcpy(&liste->list_of_streams, req->list_of_streams, number_entries * sizeof(uint16_t)); |
4177 | 579 | TAILQ_INSERT_TAIL(&asoc->resetHead, liste, next_resp); |
4178 | 579 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_IN_PROGRESS; |
4179 | 579 | } |
4180 | 801 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4181 | 801 | asoc->str_reset_seq_in++; |
4182 | 1.48k | } else if ((asoc->str_reset_seq_in - 1) == seq) { |
4183 | | /* |
4184 | | * one seq back, just echo back last action since my |
4185 | | * response was lost. |
4186 | | */ |
4187 | 336 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4188 | 1.15k | } else if ((asoc->str_reset_seq_in - 2) == seq) { |
4189 | | /* |
4190 | | * two seq back, just echo back last action since my |
4191 | | * response was lost. |
4192 | | */ |
4193 | 431 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]); |
4194 | 720 | } else { |
4195 | 720 | sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); |
4196 | 720 | } |
4197 | 2.28k | } |
4198 | | |
4199 | | static void |
4200 | | sctp_handle_str_reset_add_strm(struct sctp_tcb *stcb, struct sctp_tmit_chunk *chk, |
4201 | | struct sctp_stream_reset_add_strm *str_add) |
4202 | 1.84k | { |
4203 | | /* |
4204 | | * Peer is requesting to add more streams. |
4205 | | * If its within our max-streams we will |
4206 | | * allow it. |
4207 | | */ |
4208 | 1.84k | uint32_t num_stream, i; |
4209 | 1.84k | uint32_t seq; |
4210 | 1.84k | struct sctp_association *asoc = &stcb->asoc; |
4211 | 1.84k | struct sctp_queued_to_read *ctl, *nctl; |
4212 | | |
4213 | | /* Get the number. */ |
4214 | 1.84k | seq = ntohl(str_add->request_seq); |
4215 | 1.84k | num_stream = ntohs(str_add->number_of_streams); |
4216 | | /* Now what would be the new total? */ |
4217 | 1.84k | if (asoc->str_reset_seq_in == seq) { |
4218 | 67 | num_stream += stcb->asoc.streamincnt; |
4219 | 67 | stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0]; |
4220 | 67 | if ((asoc->local_strreset_support & SCTP_ENABLE_CHANGE_ASSOC_REQ) == 0) { |
4221 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4222 | 67 | } else if ((num_stream > stcb->asoc.max_inbound_streams) || |
4223 | 43 | (num_stream > 0xffff)) { |
4224 | | /* We must reject it they ask for to many */ |
4225 | 24 | denied: |
4226 | 24 | stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4227 | 43 | } else { |
4228 | | /* Ok, we can do that :-) */ |
4229 | 43 | struct sctp_stream_in *oldstrm; |
4230 | | |
4231 | | /* save off the old */ |
4232 | 43 | oldstrm = stcb->asoc.strmin; |
4233 | 43 | SCTP_MALLOC(stcb->asoc.strmin, struct sctp_stream_in *, |
4234 | 43 | (num_stream * sizeof(struct sctp_stream_in)), |
4235 | 43 | SCTP_M_STRMI); |
4236 | 43 | if (stcb->asoc.strmin == NULL) { |
4237 | 0 | stcb->asoc.strmin = oldstrm; |
4238 | 0 | goto denied; |
4239 | 0 | } |
4240 | | /* copy off the old data */ |
4241 | 11.0k | for (i = 0; i < stcb->asoc.streamincnt; i++) { |
4242 | 11.0k | TAILQ_INIT(&stcb->asoc.strmin[i].inqueue); |
4243 | 11.0k | TAILQ_INIT(&stcb->asoc.strmin[i].uno_inqueue); |
4244 | 11.0k | stcb->asoc.strmin[i].sid = i; |
4245 | 11.0k | stcb->asoc.strmin[i].last_mid_delivered = oldstrm[i].last_mid_delivered; |
4246 | 11.0k | stcb->asoc.strmin[i].delivery_started = oldstrm[i].delivery_started; |
4247 | 11.0k | stcb->asoc.strmin[i].pd_api_started = oldstrm[i].pd_api_started; |
4248 | | /* now anything on those queues? */ |
4249 | 11.0k | TAILQ_FOREACH_SAFE(ctl, &oldstrm[i].inqueue, next_instrm, nctl) { |
4250 | 0 | TAILQ_REMOVE(&oldstrm[i].inqueue, ctl, next_instrm); |
4251 | 0 | TAILQ_INSERT_TAIL(&stcb->asoc.strmin[i].inqueue, ctl, next_instrm); |
4252 | 0 | } |
4253 | 11.0k | TAILQ_FOREACH_SAFE(ctl, &oldstrm[i].uno_inqueue, next_instrm, nctl) { |
4254 | 0 | TAILQ_REMOVE(&oldstrm[i].uno_inqueue, ctl, next_instrm); |
4255 | 0 | TAILQ_INSERT_TAIL(&stcb->asoc.strmin[i].uno_inqueue, ctl, next_instrm); |
4256 | 0 | } |
4257 | 11.0k | } |
4258 | | /* Init the new streams */ |
4259 | 43 | for (i = stcb->asoc.streamincnt; i < num_stream; i++) { |
4260 | 0 | TAILQ_INIT(&stcb->asoc.strmin[i].inqueue); |
4261 | 0 | TAILQ_INIT(&stcb->asoc.strmin[i].uno_inqueue); |
4262 | 0 | stcb->asoc.strmin[i].sid = i; |
4263 | 0 | stcb->asoc.strmin[i].last_mid_delivered = 0xffffffff; |
4264 | 0 | stcb->asoc.strmin[i].pd_api_started = 0; |
4265 | 0 | stcb->asoc.strmin[i].delivery_started = 0; |
4266 | 0 | } |
4267 | 43 | SCTP_FREE(oldstrm, SCTP_M_STRMI); |
4268 | | /* update the size */ |
4269 | 43 | stcb->asoc.streamincnt = num_stream; |
4270 | 43 | stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; |
4271 | 43 | sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_ADD, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
4272 | 43 | } |
4273 | 67 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4274 | 67 | asoc->str_reset_seq_in++; |
4275 | 1.78k | } else if ((asoc->str_reset_seq_in - 1) == seq) { |
4276 | | /* |
4277 | | * one seq back, just echo back last action since my |
4278 | | * response was lost. |
4279 | | */ |
4280 | 1.12k | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4281 | 1.12k | } else if ((asoc->str_reset_seq_in - 2) == seq) { |
4282 | | /* |
4283 | | * two seq back, just echo back last action since my |
4284 | | * response was lost. |
4285 | | */ |
4286 | 202 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]); |
4287 | 456 | } else { |
4288 | 456 | sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); |
4289 | 456 | } |
4290 | 1.84k | } |
4291 | | |
4292 | | static void |
4293 | | sctp_handle_str_reset_add_out_strm(struct sctp_tcb *stcb, struct sctp_tmit_chunk *chk, |
4294 | | struct sctp_stream_reset_add_strm *str_add) |
4295 | 706 | { |
4296 | | /* |
4297 | | * Peer is requesting to add more streams. |
4298 | | * If its within our max-streams we will |
4299 | | * allow it. |
4300 | | */ |
4301 | 706 | uint16_t num_stream; |
4302 | 706 | uint32_t seq; |
4303 | 706 | struct sctp_association *asoc = &stcb->asoc; |
4304 | | |
4305 | | /* Get the number. */ |
4306 | 706 | seq = ntohl(str_add->request_seq); |
4307 | 706 | num_stream = ntohs(str_add->number_of_streams); |
4308 | | /* Now what would be the new total? */ |
4309 | 706 | if (asoc->str_reset_seq_in == seq) { |
4310 | 105 | stcb->asoc.last_reset_action[1] = stcb->asoc.last_reset_action[0]; |
4311 | 105 | if ((asoc->local_strreset_support & SCTP_ENABLE_CHANGE_ASSOC_REQ) == 0) { |
4312 | 0 | asoc->last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4313 | 105 | } else if (stcb->asoc.stream_reset_outstanding) { |
4314 | | /* We must reject it we have something pending */ |
4315 | 13 | stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_ERR_IN_PROGRESS; |
4316 | 92 | } else { |
4317 | | /* Ok, we can do that :-) */ |
4318 | 92 | int mychk; |
4319 | 92 | mychk = stcb->asoc.streamoutcnt; |
4320 | 92 | mychk += num_stream; |
4321 | 92 | if (mychk < 0x10000) { |
4322 | 85 | stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_PERFORMED; |
4323 | 85 | if (sctp_send_str_reset_req(stcb, 0, NULL, 0, 0, 1, num_stream, 0, 1)) { |
4324 | 0 | stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4325 | 0 | } |
4326 | 85 | } else { |
4327 | 7 | stcb->asoc.last_reset_action[0] = SCTP_STREAM_RESET_RESULT_DENIED; |
4328 | 7 | } |
4329 | 92 | } |
4330 | 105 | sctp_add_stream_reset_result(chk, seq, stcb->asoc.last_reset_action[0]); |
4331 | 105 | asoc->str_reset_seq_in++; |
4332 | 601 | } else if ((asoc->str_reset_seq_in - 1) == seq) { |
4333 | | /* |
4334 | | * one seq back, just echo back last action since my |
4335 | | * response was lost. |
4336 | | */ |
4337 | 41 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[0]); |
4338 | 560 | } else if ((asoc->str_reset_seq_in - 2) == seq) { |
4339 | | /* |
4340 | | * two seq back, just echo back last action since my |
4341 | | * response was lost. |
4342 | | */ |
4343 | 70 | sctp_add_stream_reset_result(chk, seq, asoc->last_reset_action[1]); |
4344 | 490 | } else { |
4345 | 490 | sctp_add_stream_reset_result(chk, seq, SCTP_STREAM_RESET_RESULT_ERR_BAD_SEQNO); |
4346 | 490 | } |
4347 | 706 | } |
4348 | | |
4349 | | #ifdef __GNUC__ |
4350 | | __attribute__ ((noinline)) |
4351 | | #endif |
4352 | | static int |
4353 | | sctp_handle_stream_reset(struct sctp_tcb *stcb, struct mbuf *m, int offset, |
4354 | | struct sctp_chunkhdr *ch_req) |
4355 | 20.6k | { |
4356 | 20.6k | uint16_t remaining_length, param_len, ptype; |
4357 | 20.6k | struct sctp_paramhdr pstore; |
4358 | 20.6k | uint8_t cstore[SCTP_CHUNK_BUFFER_SIZE]; |
4359 | 20.6k | uint32_t seq = 0; |
4360 | 20.6k | int num_req = 0; |
4361 | 20.6k | int trunc = 0; |
4362 | 20.6k | struct sctp_tmit_chunk *chk; |
4363 | 20.6k | struct sctp_chunkhdr *ch; |
4364 | 20.6k | struct sctp_paramhdr *ph; |
4365 | 20.6k | int ret_code = 0; |
4366 | 20.6k | int num_param = 0; |
4367 | | |
4368 | | /* now it may be a reset or a reset-response */ |
4369 | 20.6k | remaining_length = ntohs(ch_req->chunk_length) - sizeof(struct sctp_chunkhdr); |
4370 | | |
4371 | | /* setup for adding the response */ |
4372 | 20.6k | sctp_alloc_a_chunk(stcb, chk); |
4373 | 20.6k | if (chk == NULL) { |
4374 | 0 | return (ret_code); |
4375 | 0 | } |
4376 | 20.6k | chk->copy_by_ref = 0; |
4377 | 20.6k | chk->rec.chunk_id.id = SCTP_STREAM_RESET; |
4378 | 20.6k | chk->rec.chunk_id.can_take_data = 0; |
4379 | 20.6k | chk->flags = 0; |
4380 | 20.6k | chk->asoc = &stcb->asoc; |
4381 | 20.6k | chk->no_fr_allowed = 0; |
4382 | 20.6k | chk->book_size = chk->send_size = sizeof(struct sctp_chunkhdr); |
4383 | 20.6k | chk->book_size_scale = 0; |
4384 | 20.6k | chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); |
4385 | 20.6k | if (chk->data == NULL) { |
4386 | 8.07k | strres_nochunk: |
4387 | 8.07k | if (chk->data) { |
4388 | 8.07k | sctp_m_freem(chk->data); |
4389 | 8.07k | chk->data = NULL; |
4390 | 8.07k | } |
4391 | 8.07k | sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); |
4392 | 8.07k | return (ret_code); |
4393 | 8.07k | } |
4394 | 20.6k | SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD); |
4395 | | |
4396 | | /* setup chunk parameters */ |
4397 | 20.6k | chk->sent = SCTP_DATAGRAM_UNSENT; |
4398 | 20.6k | chk->snd_count = 0; |
4399 | 20.6k | chk->whoTo = NULL; |
4400 | | |
4401 | 20.6k | ch = mtod(chk->data, struct sctp_chunkhdr *); |
4402 | 20.6k | ch->chunk_type = SCTP_STREAM_RESET; |
4403 | 20.6k | ch->chunk_flags = 0; |
4404 | 20.6k | ch->chunk_length = htons(chk->send_size); |
4405 | 20.6k | SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size); |
4406 | 20.6k | offset += sizeof(struct sctp_chunkhdr); |
4407 | 33.5k | while (remaining_length >= sizeof(struct sctp_paramhdr)) { |
4408 | 24.2k | ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, sizeof(pstore), (uint8_t *)&pstore); |
4409 | 24.2k | if (ph == NULL) { |
4410 | | /* TSNH */ |
4411 | 0 | break; |
4412 | 0 | } |
4413 | 24.2k | param_len = ntohs(ph->param_length); |
4414 | 24.2k | if ((param_len > remaining_length) || |
4415 | 21.1k | (param_len < (sizeof(struct sctp_paramhdr) + sizeof(uint32_t)))) { |
4416 | | /* bad parameter length */ |
4417 | 3.78k | break; |
4418 | 3.78k | } |
4419 | 20.4k | ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, min(param_len, sizeof(cstore)), |
4420 | 20.4k | (uint8_t *)&cstore); |
4421 | 20.4k | if (ph == NULL) { |
4422 | | /* TSNH */ |
4423 | 0 | break; |
4424 | 0 | } |
4425 | 20.4k | ptype = ntohs(ph->param_type); |
4426 | 20.4k | num_param++; |
4427 | 20.4k | if (param_len > sizeof(cstore)) { |
4428 | 44 | trunc = 1; |
4429 | 20.3k | } else { |
4430 | 20.3k | trunc = 0; |
4431 | 20.3k | } |
4432 | 20.4k | if (num_param > SCTP_MAX_RESET_PARAMS) { |
4433 | | /* hit the max of parameters already sorry.. */ |
4434 | 10 | break; |
4435 | 10 | } |
4436 | 20.4k | if (ptype == SCTP_STR_RESET_OUT_REQUEST) { |
4437 | 2.50k | struct sctp_stream_reset_out_request *req_out; |
4438 | | |
4439 | 2.50k | if (param_len < sizeof(struct sctp_stream_reset_out_request)) { |
4440 | 220 | break; |
4441 | 220 | } |
4442 | 2.28k | req_out = (struct sctp_stream_reset_out_request *)ph; |
4443 | 2.28k | num_req++; |
4444 | 2.28k | if (stcb->asoc.stream_reset_outstanding) { |
4445 | 1.05k | seq = ntohl(req_out->response_seq); |
4446 | 1.05k | if (seq == stcb->asoc.str_reset_seq_out) { |
4447 | | /* implicit ack */ |
4448 | 0 | (void)sctp_handle_stream_reset_response(stcb, seq, SCTP_STREAM_RESET_RESULT_PERFORMED, NULL); |
4449 | 0 | } |
4450 | 1.05k | } |
4451 | 2.28k | sctp_handle_str_reset_request_out(stcb, chk, req_out, trunc); |
4452 | 17.9k | } else if (ptype == SCTP_STR_RESET_ADD_OUT_STREAMS) { |
4453 | 2.37k | struct sctp_stream_reset_add_strm *str_add; |
4454 | | |
4455 | 2.37k | if (param_len < sizeof(struct sctp_stream_reset_add_strm)) { |
4456 | 525 | break; |
4457 | 525 | } |
4458 | 1.84k | str_add = (struct sctp_stream_reset_add_strm *)ph; |
4459 | 1.84k | num_req++; |
4460 | 1.84k | sctp_handle_str_reset_add_strm(stcb, chk, str_add); |
4461 | 15.5k | } else if (ptype == SCTP_STR_RESET_ADD_IN_STREAMS) { |
4462 | 1.15k | struct sctp_stream_reset_add_strm *str_add; |
4463 | | |
4464 | 1.15k | if (param_len < sizeof(struct sctp_stream_reset_add_strm)) { |
4465 | 449 | break; |
4466 | 449 | } |
4467 | 706 | str_add = (struct sctp_stream_reset_add_strm *)ph; |
4468 | 706 | num_req++; |
4469 | 706 | sctp_handle_str_reset_add_out_strm(stcb, chk, str_add); |
4470 | 14.3k | } else if (ptype == SCTP_STR_RESET_IN_REQUEST) { |
4471 | 7.74k | struct sctp_stream_reset_in_request *req_in; |
4472 | | |
4473 | 7.74k | num_req++; |
4474 | 7.74k | req_in = (struct sctp_stream_reset_in_request *)ph; |
4475 | 7.74k | sctp_handle_str_reset_request_in(stcb, chk, req_in, trunc); |
4476 | 7.74k | } else if (ptype == SCTP_STR_RESET_TSN_REQUEST) { |
4477 | 1.86k | struct sctp_stream_reset_tsn_request *req_tsn; |
4478 | | |
4479 | 1.86k | num_req++; |
4480 | 1.86k | req_tsn = (struct sctp_stream_reset_tsn_request *)ph; |
4481 | 1.86k | if (sctp_handle_str_reset_request_tsn(stcb, chk, req_tsn)) { |
4482 | 0 | ret_code = 1; |
4483 | 0 | goto strres_nochunk; |
4484 | 0 | } |
4485 | | /* no more */ |
4486 | 1.86k | break; |
4487 | 4.77k | } else if (ptype == SCTP_STR_RESET_RESPONSE) { |
4488 | 554 | struct sctp_stream_reset_response *resp; |
4489 | 554 | uint32_t result; |
4490 | | |
4491 | 554 | if (param_len < sizeof(struct sctp_stream_reset_response)) { |
4492 | 158 | break; |
4493 | 158 | } |
4494 | 396 | resp = (struct sctp_stream_reset_response *)ph; |
4495 | 396 | seq = ntohl(resp->response_seq); |
4496 | 396 | result = ntohl(resp->result); |
4497 | 396 | if (sctp_handle_stream_reset_response(stcb, seq, result, resp)) { |
4498 | 0 | ret_code = 1; |
4499 | 0 | goto strres_nochunk; |
4500 | 0 | } |
4501 | 4.22k | } else { |
4502 | 4.22k | break; |
4503 | 4.22k | } |
4504 | 12.9k | offset += SCTP_SIZE32(param_len); |
4505 | 12.9k | if (remaining_length >= SCTP_SIZE32(param_len)) { |
4506 | 12.0k | remaining_length -= SCTP_SIZE32(param_len); |
4507 | 12.0k | } else { |
4508 | 890 | remaining_length = 0; |
4509 | 890 | } |
4510 | 12.9k | } |
4511 | 20.6k | if (num_req == 0) { |
4512 | | /* we have no response free the stuff */ |
4513 | 8.07k | goto strres_nochunk; |
4514 | 8.07k | } |
4515 | | /* ok we have a chunk to link in */ |
4516 | 20.6k | TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, |
4517 | 12.5k | chk, |
4518 | 12.5k | sctp_next); |
4519 | 12.5k | stcb->asoc.ctrl_queue_cnt++; |
4520 | 12.5k | return (ret_code); |
4521 | 20.6k | } |
4522 | | |
4523 | | /* |
4524 | | * Handle a router or endpoints report of a packet loss, there are two ways |
4525 | | * to handle this, either we get the whole packet and must disect it |
4526 | | * ourselves (possibly with truncation and or corruption) or it is a summary |
4527 | | * from a middle box that did the disecting for us. |
4528 | | */ |
4529 | | static void |
4530 | | sctp_handle_packet_dropped(struct sctp_pktdrop_chunk *cp, |
4531 | | struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t limit) |
4532 | 9.83k | { |
4533 | 9.83k | struct sctp_chunk_desc desc; |
4534 | 9.83k | struct sctp_chunkhdr *chk_hdr; |
4535 | 9.83k | struct sctp_data_chunk *data_chunk; |
4536 | 9.83k | struct sctp_idata_chunk *idata_chunk; |
4537 | 9.83k | uint32_t bottle_bw, on_queue; |
4538 | 9.83k | uint32_t offset, chk_len; |
4539 | 9.83k | uint16_t pktdrp_len; |
4540 | 9.83k | uint8_t pktdrp_flags; |
4541 | | |
4542 | 9.83k | KASSERT(sizeof(struct sctp_pktdrop_chunk) <= limit, |
4543 | 9.83k | ("PKTDROP chunk too small")); |
4544 | 9.83k | pktdrp_flags = cp->ch.chunk_flags; |
4545 | 9.83k | pktdrp_len = ntohs(cp->ch.chunk_length); |
4546 | 9.83k | KASSERT(limit <= pktdrp_len, ("Inconsistent limit")); |
4547 | 9.83k | if (pktdrp_flags & SCTP_PACKET_TRUNCATED) { |
4548 | 7.61k | if (ntohs(cp->trunc_len) <= pktdrp_len - sizeof(struct sctp_pktdrop_chunk)) { |
4549 | | /* The peer plays games with us. */ |
4550 | 595 | return; |
4551 | 595 | } |
4552 | 7.61k | } |
4553 | 9.24k | limit -= sizeof(struct sctp_pktdrop_chunk); |
4554 | 9.24k | offset = 0; |
4555 | 9.24k | if (offset == limit) { |
4556 | 388 | if (pktdrp_flags & SCTP_FROM_MIDDLE_BOX) { |
4557 | 81 | SCTP_STAT_INCR(sctps_pdrpbwrpt); |
4558 | 81 | } |
4559 | 8.85k | } else if (offset + sizeof(struct sctphdr) > limit) { |
4560 | | /* Only a partial SCTP common header. */ |
4561 | 664 | SCTP_STAT_INCR(sctps_pdrpcrupt); |
4562 | 664 | offset = limit; |
4563 | 8.19k | } else { |
4564 | | /* XXX: Check embedded SCTP common header. */ |
4565 | 8.19k | offset += sizeof(struct sctphdr); |
4566 | 8.19k | } |
4567 | | /* Now parse through the chunks themselves. */ |
4568 | 59.7k | while (offset < limit) { |
4569 | 52.5k | if (offset + sizeof(struct sctp_chunkhdr) > limit) { |
4570 | 411 | SCTP_STAT_INCR(sctps_pdrpcrupt); |
4571 | 411 | break; |
4572 | 411 | } |
4573 | 52.1k | chk_hdr = (struct sctp_chunkhdr *)(cp->data + offset); |
4574 | 52.1k | desc.chunk_type = chk_hdr->chunk_type; |
4575 | | /* get amount we need to move */ |
4576 | 52.1k | chk_len = (uint32_t)ntohs(chk_hdr->chunk_length); |
4577 | 52.1k | if (chk_len < sizeof(struct sctp_chunkhdr)) { |
4578 | | /* Someone is lying... */ |
4579 | 340 | break; |
4580 | 340 | } |
4581 | 51.8k | if (desc.chunk_type == SCTP_DATA) { |
4582 | 1.51k | if (stcb->asoc.idata_supported) { |
4583 | | /* Some is playing games with us. */ |
4584 | 496 | break; |
4585 | 496 | } |
4586 | 1.01k | if (chk_len <= sizeof(struct sctp_data_chunk)) { |
4587 | | /* Some is playing games with us. */ |
4588 | 92 | break; |
4589 | 92 | } |
4590 | 922 | if (chk_len < sizeof(struct sctp_data_chunk) + SCTP_NUM_DB_TO_VERIFY) { |
4591 | | /* Not enough data bytes available in the chunk. */ |
4592 | 77 | SCTP_STAT_INCR(sctps_pdrpnedat); |
4593 | 77 | goto next_chunk; |
4594 | 77 | } |
4595 | 845 | if (offset + sizeof(struct sctp_data_chunk) + SCTP_NUM_DB_TO_VERIFY > limit) { |
4596 | | /* Not enough data in buffer. */ |
4597 | 560 | break; |
4598 | 560 | } |
4599 | 285 | data_chunk = (struct sctp_data_chunk *)(cp->data + offset); |
4600 | 285 | memcpy(desc.data_bytes, data_chunk + 1, SCTP_NUM_DB_TO_VERIFY); |
4601 | 285 | desc.tsn_ifany = data_chunk->dp.tsn; |
4602 | 285 | if (pktdrp_flags & SCTP_FROM_MIDDLE_BOX) { |
4603 | 198 | SCTP_STAT_INCR(sctps_pdrpmbda); |
4604 | 198 | } |
4605 | 50.3k | } else if (desc.chunk_type == SCTP_IDATA) { |
4606 | 974 | if (!stcb->asoc.idata_supported) { |
4607 | | /* Some is playing games with us. */ |
4608 | 100 | break; |
4609 | 100 | } |
4610 | 874 | if (chk_len <= sizeof(struct sctp_idata_chunk)) { |
4611 | | /* Some is playing games with us. */ |
4612 | 22 | break; |
4613 | 22 | } |
4614 | 852 | if (chk_len < sizeof(struct sctp_idata_chunk) + SCTP_NUM_DB_TO_VERIFY) { |
4615 | | /* Not enough data bytes available in the chunk. */ |
4616 | 87 | SCTP_STAT_INCR(sctps_pdrpnedat); |
4617 | 87 | goto next_chunk; |
4618 | 87 | } |
4619 | 765 | if (offset + sizeof(struct sctp_idata_chunk) + SCTP_NUM_DB_TO_VERIFY > limit) { |
4620 | | /* Not enough data in buffer. */ |
4621 | 57 | break; |
4622 | 57 | } |
4623 | 708 | idata_chunk = (struct sctp_idata_chunk *)(cp->data + offset); |
4624 | 708 | memcpy(desc.data_bytes, idata_chunk + 1, SCTP_NUM_DB_TO_VERIFY); |
4625 | 708 | desc.tsn_ifany = idata_chunk->dp.tsn; |
4626 | 708 | if (pktdrp_flags & SCTP_FROM_MIDDLE_BOX) { |
4627 | 257 | SCTP_STAT_INCR(sctps_pdrpmbda); |
4628 | 257 | } |
4629 | 49.3k | } else { |
4630 | 49.3k | desc.tsn_ifany = htonl(0); |
4631 | 49.3k | memset(desc.data_bytes, 0, SCTP_NUM_DB_TO_VERIFY); |
4632 | 49.3k | if (pktdrp_flags & SCTP_FROM_MIDDLE_BOX) { |
4633 | 35.3k | SCTP_STAT_INCR(sctps_pdrpmbct); |
4634 | 35.3k | } |
4635 | 49.3k | } |
4636 | 50.3k | if (process_chunk_drop(stcb, &desc, net, pktdrp_flags)) { |
4637 | 0 | SCTP_STAT_INCR(sctps_pdrppdbrk); |
4638 | 0 | break; |
4639 | 0 | } |
4640 | 50.4k | next_chunk: |
4641 | 50.4k | offset += SCTP_SIZE32(chk_len); |
4642 | 50.4k | } |
4643 | | /* Now update any rwnd --- possibly */ |
4644 | 9.24k | if ((pktdrp_flags & SCTP_FROM_MIDDLE_BOX) == 0) { |
4645 | | /* From a peer, we get a rwnd report */ |
4646 | 5.75k | uint32_t a_rwnd; |
4647 | | |
4648 | 5.75k | SCTP_STAT_INCR(sctps_pdrpfehos); |
4649 | | |
4650 | 5.75k | bottle_bw = ntohl(cp->bottle_bw); |
4651 | 5.75k | on_queue = ntohl(cp->current_onq); |
4652 | 5.75k | if (bottle_bw && on_queue) { |
4653 | | /* a rwnd report is in here */ |
4654 | 4.62k | if (bottle_bw > on_queue) |
4655 | 2.68k | a_rwnd = bottle_bw - on_queue; |
4656 | 1.93k | else |
4657 | 1.93k | a_rwnd = 0; |
4658 | | |
4659 | 4.62k | if (a_rwnd == 0) |
4660 | 1.93k | stcb->asoc.peers_rwnd = 0; |
4661 | 2.68k | else { |
4662 | 2.68k | if (a_rwnd > stcb->asoc.total_flight) { |
4663 | 2.68k | stcb->asoc.peers_rwnd = |
4664 | 2.68k | a_rwnd - stcb->asoc.total_flight; |
4665 | 2.68k | } else { |
4666 | 0 | stcb->asoc.peers_rwnd = 0; |
4667 | 0 | } |
4668 | 2.68k | if (stcb->asoc.peers_rwnd < |
4669 | 2.68k | stcb->sctp_ep->sctp_ep.sctp_sws_sender) { |
4670 | | /* SWS sender side engages */ |
4671 | 689 | stcb->asoc.peers_rwnd = 0; |
4672 | 689 | } |
4673 | 2.68k | } |
4674 | 4.62k | } |
4675 | 5.75k | } else { |
4676 | 3.48k | SCTP_STAT_INCR(sctps_pdrpfmbox); |
4677 | 3.48k | } |
4678 | | |
4679 | | /* now middle boxes in sat networks get a cwnd bump */ |
4680 | 9.24k | if ((pktdrp_flags & SCTP_FROM_MIDDLE_BOX) && |
4681 | 3.48k | (stcb->asoc.sat_t3_loss_recovery == 0) && |
4682 | 3.48k | (stcb->asoc.sat_network)) { |
4683 | | /* |
4684 | | * This is debatable but for sat networks it makes sense |
4685 | | * Note if a T3 timer has went off, we will prohibit any |
4686 | | * changes to cwnd until we exit the t3 loss recovery. |
4687 | | */ |
4688 | 0 | stcb->asoc.cc_functions.sctp_cwnd_update_after_packet_dropped(stcb, |
4689 | 0 | net, cp, &bottle_bw, &on_queue); |
4690 | 0 | } |
4691 | 9.24k | } |
4692 | | |
4693 | | /* |
4694 | | * handles all control chunks in a packet inputs: - m: mbuf chain, assumed to |
4695 | | * still contain IP/SCTP header - stcb: is the tcb found for this packet - |
4696 | | * offset: offset into the mbuf chain to first chunkhdr - length: is the |
4697 | | * length of the complete packet outputs: - length: modified to remaining |
4698 | | * length after control processing - netp: modified to new sctp_nets after |
4699 | | * cookie-echo processing - return NULL to discard the packet (ie. no asoc, |
4700 | | * bad packet,...) otherwise return the tcb for this packet |
4701 | | */ |
4702 | | #ifdef __GNUC__ |
4703 | | __attribute__ ((noinline)) |
4704 | | #endif |
4705 | | static struct sctp_tcb * |
4706 | | sctp_process_control(struct mbuf *m, int iphlen, int *offset, int length, |
4707 | | struct sockaddr *src, struct sockaddr *dst, |
4708 | | struct sctphdr *sh, struct sctp_chunkhdr *ch, struct sctp_inpcb *inp, |
4709 | | struct sctp_tcb *stcb, struct sctp_nets **netp, int *fwd_tsn_seen, |
4710 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
4711 | | uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum, |
4712 | | #endif |
4713 | | uint32_t vrf_id, uint16_t port) |
4714 | 20.3k | { |
4715 | 20.3k | struct sctp_association *asoc; |
4716 | 20.3k | struct mbuf *op_err; |
4717 | 20.3k | char msg[SCTP_DIAG_INFO_LEN]; |
4718 | 20.3k | uint32_t vtag_in; |
4719 | 20.3k | int num_chunks = 0; /* number of control chunks processed */ |
4720 | 20.3k | uint32_t chk_length, contiguous; |
4721 | 20.3k | int ret; |
4722 | 20.3k | int abort_no_unlock = 0; |
4723 | 20.3k | int ecne_seen = 0; |
4724 | 20.3k | int abort_flag; |
4725 | | /* |
4726 | | * How big should this be, and should it be alloc'd? Lets try the |
4727 | | * d-mtu-ceiling for now (2k) and that should hopefully work ... |
4728 | | * until we get into jumbo grams and such.. |
4729 | | */ |
4730 | 20.3k | uint8_t chunk_buf[SCTP_CHUNK_BUFFER_SIZE]; |
4731 | 20.3k | int got_auth = 0; |
4732 | 20.3k | uint32_t auth_offset = 0, auth_len = 0; |
4733 | 20.3k | int auth_skipped = 0; |
4734 | 20.3k | int asconf_cnt = 0; |
4735 | | #if defined(__APPLE__) && !defined(__Userspace__) |
4736 | | struct socket *so; |
4737 | | #endif |
4738 | | |
4739 | 20.3k | SCTPDBG(SCTP_DEBUG_INPUT1, "sctp_process_control: iphlen=%u, offset=%u, length=%u stcb:%p\n", |
4740 | 20.3k | iphlen, *offset, length, (void *)stcb); |
4741 | | |
4742 | 20.3k | if (stcb) { |
4743 | 20.3k | SCTP_TCB_LOCK_ASSERT(stcb); |
4744 | 20.3k | } |
4745 | | /* validate chunk header length... */ |
4746 | 20.3k | if (ntohs(ch->chunk_length) < sizeof(*ch)) { |
4747 | 9 | SCTPDBG(SCTP_DEBUG_INPUT1, "Invalid header length %d\n", |
4748 | 9 | ntohs(ch->chunk_length)); |
4749 | 9 | *offset = length; |
4750 | 9 | return (stcb); |
4751 | 9 | } |
4752 | | /* |
4753 | | * validate the verification tag |
4754 | | */ |
4755 | 20.3k | vtag_in = ntohl(sh->v_tag); |
4756 | | |
4757 | 20.3k | if (ch->chunk_type == SCTP_INITIATION) { |
4758 | 15 | SCTPDBG(SCTP_DEBUG_INPUT1, "Its an INIT of len:%d vtag:%x\n", |
4759 | 15 | ntohs(ch->chunk_length), vtag_in); |
4760 | 15 | if (vtag_in != 0) { |
4761 | | /* protocol error- silently discard... */ |
4762 | 15 | SCTP_STAT_INCR(sctps_badvtag); |
4763 | 15 | if (stcb != NULL) { |
4764 | 15 | SCTP_TCB_UNLOCK(stcb); |
4765 | 15 | } |
4766 | 15 | return (NULL); |
4767 | 15 | } |
4768 | 20.3k | } else if (ch->chunk_type != SCTP_COOKIE_ECHO) { |
4769 | | /* |
4770 | | * If there is no stcb, skip the AUTH chunk and process |
4771 | | * later after a stcb is found (to validate the lookup was |
4772 | | * valid. |
4773 | | */ |
4774 | 20.3k | if ((ch->chunk_type == SCTP_AUTHENTICATION) && |
4775 | 2.32k | (stcb == NULL) && |
4776 | 0 | (inp->auth_supported == 1)) { |
4777 | | /* save this chunk for later processing */ |
4778 | 0 | auth_skipped = 1; |
4779 | 0 | auth_offset = *offset; |
4780 | 0 | auth_len = ntohs(ch->chunk_length); |
4781 | | |
4782 | | /* (temporarily) move past this chunk */ |
4783 | 0 | *offset += SCTP_SIZE32(auth_len); |
4784 | 0 | if (*offset >= length) { |
4785 | | /* no more data left in the mbuf chain */ |
4786 | 0 | *offset = length; |
4787 | 0 | return (NULL); |
4788 | 0 | } |
4789 | 0 | ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset, |
4790 | 0 | sizeof(struct sctp_chunkhdr), chunk_buf); |
4791 | 0 | } |
4792 | 20.3k | if (ch == NULL) { |
4793 | | /* Help */ |
4794 | 0 | *offset = length; |
4795 | 0 | return (stcb); |
4796 | 0 | } |
4797 | 20.3k | if (ch->chunk_type == SCTP_COOKIE_ECHO) { |
4798 | 0 | goto process_control_chunks; |
4799 | 0 | } |
4800 | | /* |
4801 | | * first check if it's an ASCONF with an unknown src addr we |
4802 | | * need to look inside to find the association |
4803 | | */ |
4804 | 20.3k | if (ch->chunk_type == SCTP_ASCONF && stcb == NULL) { |
4805 | 0 | struct sctp_chunkhdr *asconf_ch = ch; |
4806 | 0 | uint32_t asconf_offset = 0, asconf_len = 0; |
4807 | | |
4808 | | /* inp's refcount may be reduced */ |
4809 | 0 | SCTP_INP_INCR_REF(inp); |
4810 | |
|
4811 | 0 | asconf_offset = *offset; |
4812 | 0 | do { |
4813 | 0 | asconf_len = ntohs(asconf_ch->chunk_length); |
4814 | 0 | if (asconf_len < sizeof(struct sctp_asconf_paramhdr)) |
4815 | 0 | break; |
4816 | 0 | stcb = sctp_findassociation_ep_asconf(m, |
4817 | 0 | *offset, |
4818 | 0 | dst, |
4819 | 0 | sh, &inp, netp, vrf_id); |
4820 | 0 | if (stcb != NULL) |
4821 | 0 | break; |
4822 | 0 | asconf_offset += SCTP_SIZE32(asconf_len); |
4823 | 0 | asconf_ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, asconf_offset, |
4824 | 0 | sizeof(struct sctp_chunkhdr), chunk_buf); |
4825 | 0 | } while (asconf_ch != NULL && asconf_ch->chunk_type == SCTP_ASCONF); |
4826 | 0 | if (stcb == NULL) { |
4827 | | /* |
4828 | | * reduce inp's refcount if not reduced in |
4829 | | * sctp_findassociation_ep_asconf(). |
4830 | | */ |
4831 | 0 | SCTP_INP_DECR_REF(inp); |
4832 | 0 | } |
4833 | | |
4834 | | /* now go back and verify any auth chunk to be sure */ |
4835 | 0 | if (auth_skipped && (stcb != NULL)) { |
4836 | 0 | struct sctp_auth_chunk *auth; |
4837 | |
|
4838 | 0 | if (auth_len <= SCTP_CHUNK_BUFFER_SIZE) { |
4839 | 0 | auth = (struct sctp_auth_chunk *)sctp_m_getptr(m, auth_offset, auth_len, chunk_buf); |
4840 | 0 | got_auth = 1; |
4841 | 0 | auth_skipped = 0; |
4842 | 0 | } else { |
4843 | 0 | auth = NULL; |
4844 | 0 | } |
4845 | 0 | if ((auth == NULL) || sctp_handle_auth(stcb, auth, m, |
4846 | 0 | auth_offset)) { |
4847 | | /* auth HMAC failed so dump it */ |
4848 | 0 | *offset = length; |
4849 | 0 | return (stcb); |
4850 | 0 | } else { |
4851 | | /* remaining chunks are HMAC checked */ |
4852 | 0 | stcb->asoc.authenticated = 1; |
4853 | 0 | } |
4854 | 0 | } |
4855 | 0 | } |
4856 | 20.3k | if (stcb == NULL) { |
4857 | 0 | SCTP_SNPRINTF(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); |
4858 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
4859 | 0 | msg); |
4860 | | /* no association, so it's out of the blue... */ |
4861 | 0 | sctp_handle_ootb(m, iphlen, *offset, src, dst, sh, inp, op_err, |
4862 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
4863 | | mflowtype, mflowid, inp->fibnum, |
4864 | | #endif |
4865 | 0 | vrf_id, port); |
4866 | 0 | *offset = length; |
4867 | 0 | return (NULL); |
4868 | 0 | } |
4869 | 20.3k | asoc = &stcb->asoc; |
4870 | | /* ABORT and SHUTDOWN can use either v_tag... */ |
4871 | 20.3k | if ((ch->chunk_type == SCTP_ABORT_ASSOCIATION) || |
4872 | 20.2k | (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) || |
4873 | 20.2k | (ch->chunk_type == SCTP_PACKET_DROPPED)) { |
4874 | | /* Take the T-bit always into account. */ |
4875 | 579 | if ((((ch->chunk_flags & SCTP_HAD_NO_TCB) == 0) && |
4876 | 563 | (vtag_in == asoc->my_vtag)) || |
4877 | 16 | (((ch->chunk_flags & SCTP_HAD_NO_TCB) == SCTP_HAD_NO_TCB) && |
4878 | 16 | (asoc->peer_vtag != htonl(0)) && |
4879 | 563 | (vtag_in == asoc->peer_vtag))) { |
4880 | | /* this is valid */ |
4881 | 563 | } else { |
4882 | | /* drop this packet... */ |
4883 | 16 | SCTP_STAT_INCR(sctps_badvtag); |
4884 | 16 | if (stcb != NULL) { |
4885 | 16 | SCTP_TCB_UNLOCK(stcb); |
4886 | 16 | } |
4887 | 16 | return (NULL); |
4888 | 16 | } |
4889 | 19.7k | } else { |
4890 | | /* for all other chunks, vtag must match */ |
4891 | 19.7k | if (vtag_in != asoc->my_vtag) { |
4892 | | /* invalid vtag... */ |
4893 | 0 | SCTPDBG(SCTP_DEBUG_INPUT3, |
4894 | 0 | "invalid vtag: %xh, expect %xh\n", |
4895 | 0 | vtag_in, asoc->my_vtag); |
4896 | 0 | SCTP_STAT_INCR(sctps_badvtag); |
4897 | 0 | if (stcb != NULL) { |
4898 | 0 | SCTP_TCB_UNLOCK(stcb); |
4899 | 0 | } |
4900 | 0 | *offset = length; |
4901 | 0 | return (NULL); |
4902 | 0 | } |
4903 | 19.7k | } |
4904 | 20.3k | } /* end if !SCTP_COOKIE_ECHO */ |
4905 | | /* |
4906 | | * process all control chunks... |
4907 | | */ |
4908 | 20.3k | if (((ch->chunk_type == SCTP_SELECTIVE_ACK) || |
4909 | 20.2k | (ch->chunk_type == SCTP_NR_SELECTIVE_ACK) || |
4910 | 20.1k | (ch->chunk_type == SCTP_HEARTBEAT_REQUEST)) && |
4911 | 314 | (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) { |
4912 | | /* implied cookie-ack.. we must have lost the ack */ |
4913 | 76 | sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, |
4914 | 76 | *netp); |
4915 | 76 | } |
4916 | | |
4917 | 20.3k | process_control_chunks: |
4918 | 829k | while (IS_SCTP_CONTROL(ch)) { |
4919 | | /* validate chunk length */ |
4920 | 828k | chk_length = ntohs(ch->chunk_length); |
4921 | 828k | SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_process_control: processing a chunk type=%u, len=%u\n", |
4922 | 828k | ch->chunk_type, chk_length); |
4923 | 828k | SCTP_LTRACE_CHK(inp, stcb, ch->chunk_type, chk_length); |
4924 | 828k | if (chk_length < sizeof(*ch) || |
4925 | 827k | (*offset + (int)chk_length) > length) { |
4926 | 1.34k | *offset = length; |
4927 | 1.34k | return (stcb); |
4928 | 1.34k | } |
4929 | 826k | SCTP_STAT_INCR_COUNTER64(sctps_incontrolchunks); |
4930 | | /* |
4931 | | * INIT and INIT-ACK only gets the init ack "header" portion |
4932 | | * only because we don't have to process the peer's COOKIE. |
4933 | | * All others get a complete chunk. |
4934 | | */ |
4935 | 826k | switch (ch->chunk_type) { |
4936 | 11 | case SCTP_INITIATION: |
4937 | 11 | contiguous = sizeof(struct sctp_init_chunk); |
4938 | 11 | break; |
4939 | 8.51k | case SCTP_INITIATION_ACK: |
4940 | 8.51k | contiguous = sizeof(struct sctp_init_ack_chunk); |
4941 | 8.51k | break; |
4942 | 818k | default: |
4943 | 818k | contiguous = min(chk_length, sizeof(chunk_buf)); |
4944 | 818k | break; |
4945 | 826k | } |
4946 | 826k | ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset, |
4947 | 826k | contiguous, |
4948 | 826k | chunk_buf); |
4949 | 826k | if (ch == NULL) { |
4950 | 5 | *offset = length; |
4951 | 5 | return (stcb); |
4952 | 5 | } |
4953 | | |
4954 | 826k | num_chunks++; |
4955 | | /* Save off the last place we got a control from */ |
4956 | 826k | if (stcb != NULL) { |
4957 | 826k | if (((netp != NULL) && (*netp != NULL)) || (ch->chunk_type == SCTP_ASCONF)) { |
4958 | | /* |
4959 | | * allow last_control to be NULL if |
4960 | | * ASCONF... ASCONF processing will find the |
4961 | | * right net later |
4962 | | */ |
4963 | 826k | if ((netp != NULL) && (*netp != NULL)) |
4964 | 826k | stcb->asoc.last_control_chunk_from = *netp; |
4965 | 826k | } |
4966 | 826k | } |
4967 | | #ifdef SCTP_AUDITING_ENABLED |
4968 | | sctp_audit_log(0xB0, ch->chunk_type); |
4969 | | #endif |
4970 | | |
4971 | | /* check to see if this chunk required auth, but isn't */ |
4972 | 826k | if ((stcb != NULL) && |
4973 | 826k | sctp_auth_is_required_chunk(ch->chunk_type, stcb->asoc.local_auth_chunks) && |
4974 | 18.5k | !stcb->asoc.authenticated) { |
4975 | | /* "silently" ignore */ |
4976 | 2.23k | SCTP_STAT_INCR(sctps_recvauthmissing); |
4977 | 2.23k | goto next_chunk; |
4978 | 2.23k | } |
4979 | 824k | switch (ch->chunk_type) { |
4980 | 10 | case SCTP_INITIATION: |
4981 | 10 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_INIT\n"); |
4982 | | /* The INIT chunk must be the only chunk. */ |
4983 | 10 | if ((num_chunks > 1) || |
4984 | 10 | (length - *offset > (int)SCTP_SIZE32(chk_length))) { |
4985 | | /* |
4986 | | * RFC 4960bis requires stopping the |
4987 | | * processing of the packet. |
4988 | | */ |
4989 | 10 | *offset = length; |
4990 | 10 | return (stcb); |
4991 | 10 | } |
4992 | | /* Honor our resource limit. */ |
4993 | 0 | if (chk_length > SCTP_LARGEST_INIT_ACCEPTED) { |
4994 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
4995 | 0 | sctp_send_abort(m, iphlen, src, dst, sh, 0, op_err, |
4996 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
4997 | | mflowtype, mflowid, inp->fibnum, |
4998 | | #endif |
4999 | 0 | vrf_id, port); |
5000 | 0 | *offset = length; |
5001 | 0 | if (stcb != NULL) { |
5002 | 0 | SCTP_TCB_UNLOCK(stcb); |
5003 | 0 | } |
5004 | 0 | return (NULL); |
5005 | 0 | } |
5006 | 0 | sctp_handle_init(m, iphlen, *offset, src, dst, sh, |
5007 | 0 | (struct sctp_init_chunk *)ch, inp, |
5008 | 0 | stcb, *netp, |
5009 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5010 | | mflowtype, mflowid, |
5011 | | #endif |
5012 | 0 | vrf_id, port); |
5013 | 0 | *offset = length; |
5014 | 0 | if (stcb != NULL) { |
5015 | 0 | SCTP_TCB_UNLOCK(stcb); |
5016 | 0 | } |
5017 | 0 | return (NULL); |
5018 | 0 | break; |
5019 | 328 | case SCTP_PAD_CHUNK: |
5020 | 328 | break; |
5021 | 8.51k | case SCTP_INITIATION_ACK: |
5022 | 8.51k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_INIT_ACK\n"); |
5023 | 8.51k | if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { |
5024 | | /* We are not interested anymore */ |
5025 | 0 | if ((stcb != NULL) && (stcb->asoc.total_output_queue_size)) { |
5026 | 0 | ; |
5027 | 0 | } else { |
5028 | 0 | *offset = length; |
5029 | 0 | if (stcb != NULL) { |
5030 | | #if defined(__APPLE__) && !defined(__Userspace__) |
5031 | | so = SCTP_INP_SO(inp); |
5032 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
5033 | | SCTP_TCB_UNLOCK(stcb); |
5034 | | SCTP_SOCKET_LOCK(so, 1); |
5035 | | SCTP_TCB_LOCK(stcb); |
5036 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
5037 | | #endif |
5038 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
5039 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_29); |
5040 | | #if defined(__APPLE__) && !defined(__Userspace__) |
5041 | | SCTP_SOCKET_UNLOCK(so, 1); |
5042 | | #endif |
5043 | 0 | } |
5044 | 0 | return (NULL); |
5045 | 0 | } |
5046 | 0 | } |
5047 | | /* The INIT-ACK chunk must be the only chunk. */ |
5048 | 8.51k | if ((num_chunks > 1) || |
5049 | 8.50k | (length - *offset > (int)SCTP_SIZE32(chk_length))) { |
5050 | 31 | *offset = length; |
5051 | 31 | return (stcb); |
5052 | 31 | } |
5053 | 8.48k | if ((netp != NULL) && (*netp != NULL)) { |
5054 | 8.48k | ret = sctp_handle_init_ack(m, iphlen, *offset, |
5055 | 8.48k | src, dst, sh, |
5056 | 8.48k | (struct sctp_init_ack_chunk *)ch, |
5057 | 8.48k | stcb, *netp, |
5058 | 8.48k | &abort_no_unlock, |
5059 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5060 | | mflowtype, mflowid, |
5061 | | #endif |
5062 | 8.48k | vrf_id); |
5063 | 8.48k | } else { |
5064 | 0 | ret = -1; |
5065 | 0 | } |
5066 | 8.48k | *offset = length; |
5067 | 8.48k | if (abort_no_unlock) { |
5068 | 468 | return (NULL); |
5069 | 468 | } |
5070 | | /* |
5071 | | * Special case, I must call the output routine to |
5072 | | * get the cookie echoed |
5073 | | */ |
5074 | 8.01k | if ((stcb != NULL) && (ret == 0)) { |
5075 | 8.01k | sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED); |
5076 | 8.01k | } |
5077 | 8.01k | return (stcb); |
5078 | 0 | break; |
5079 | 3.51k | case SCTP_SELECTIVE_ACK: |
5080 | 4.48k | case SCTP_NR_SELECTIVE_ACK: |
5081 | 4.48k | { |
5082 | 4.48k | int abort_now = 0; |
5083 | 4.48k | uint32_t a_rwnd, cum_ack; |
5084 | 4.48k | uint16_t num_seg, num_nr_seg, num_dup; |
5085 | 4.48k | uint8_t flags; |
5086 | 4.48k | int offset_seg, offset_dup; |
5087 | | |
5088 | 4.48k | SCTPDBG(SCTP_DEBUG_INPUT3, "%s\n", |
5089 | 4.48k | ch->chunk_type == SCTP_SELECTIVE_ACK ? "SCTP_SACK" : "SCTP_NR_SACK"); |
5090 | 4.48k | SCTP_STAT_INCR(sctps_recvsacks); |
5091 | 4.48k | if (stcb == NULL) { |
5092 | 0 | SCTPDBG(SCTP_DEBUG_INDATA1, "No stcb when processing %s chunk\n", |
5093 | 0 | (ch->chunk_type == SCTP_SELECTIVE_ACK) ? "SCTP_SACK" : "SCTP_NR_SACK"); |
5094 | 0 | break; |
5095 | 0 | } |
5096 | 4.48k | if (ch->chunk_type == SCTP_SELECTIVE_ACK) { |
5097 | 3.51k | if (chk_length < sizeof(struct sctp_sack_chunk)) { |
5098 | 2.70k | SCTPDBG(SCTP_DEBUG_INDATA1, "Bad size on SACK chunk, too small\n"); |
5099 | 2.70k | break; |
5100 | 2.70k | } |
5101 | 3.51k | } else { |
5102 | 969 | if (stcb->asoc.nrsack_supported == 0) { |
5103 | 1 | goto unknown_chunk; |
5104 | 1 | } |
5105 | 968 | if (chk_length < sizeof(struct sctp_nr_sack_chunk)) { |
5106 | 742 | SCTPDBG(SCTP_DEBUG_INDATA1, "Bad size on NR_SACK chunk, too small\n"); |
5107 | 742 | break; |
5108 | 742 | } |
5109 | 968 | } |
5110 | 1.04k | if (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) { |
5111 | | /*- |
5112 | | * If we have sent a shutdown-ack, we will pay no |
5113 | | * attention to a sack sent in to us since |
5114 | | * we don't care anymore. |
5115 | | */ |
5116 | 144 | break; |
5117 | 144 | } |
5118 | 899 | flags = ch->chunk_flags; |
5119 | 899 | if (ch->chunk_type == SCTP_SELECTIVE_ACK) { |
5120 | 673 | struct sctp_sack_chunk *sack; |
5121 | | |
5122 | 673 | sack = (struct sctp_sack_chunk *)ch; |
5123 | 673 | cum_ack = ntohl(sack->sack.cum_tsn_ack); |
5124 | 673 | num_seg = ntohs(sack->sack.num_gap_ack_blks); |
5125 | 673 | num_nr_seg = 0; |
5126 | 673 | num_dup = ntohs(sack->sack.num_dup_tsns); |
5127 | 673 | a_rwnd = ntohl(sack->sack.a_rwnd); |
5128 | 673 | if (sizeof(struct sctp_sack_chunk) + |
5129 | 673 | num_seg * sizeof(struct sctp_gap_ack_block) + |
5130 | 673 | num_dup * sizeof(uint32_t) != chk_length) { |
5131 | 259 | SCTPDBG(SCTP_DEBUG_INDATA1, "Bad size of SACK chunk\n"); |
5132 | 259 | break; |
5133 | 259 | } |
5134 | 414 | offset_seg = *offset + sizeof(struct sctp_sack_chunk); |
5135 | 414 | offset_dup = offset_seg + num_seg * sizeof(struct sctp_gap_ack_block); |
5136 | 414 | } else { |
5137 | 226 | struct sctp_nr_sack_chunk *nr_sack; |
5138 | | |
5139 | 226 | nr_sack = (struct sctp_nr_sack_chunk *)ch; |
5140 | 226 | cum_ack = ntohl(nr_sack->nr_sack.cum_tsn_ack); |
5141 | 226 | num_seg = ntohs(nr_sack->nr_sack.num_gap_ack_blks); |
5142 | 226 | num_nr_seg = ntohs(nr_sack->nr_sack.num_nr_gap_ack_blks); |
5143 | 226 | num_dup = ntohs(nr_sack->nr_sack.num_dup_tsns); |
5144 | 226 | a_rwnd = ntohl(nr_sack->nr_sack.a_rwnd); |
5145 | 226 | if (sizeof(struct sctp_nr_sack_chunk) + |
5146 | 226 | (num_seg + num_nr_seg) * sizeof(struct sctp_gap_ack_block) + |
5147 | 226 | num_dup * sizeof(uint32_t) != chk_length) { |
5148 | 146 | SCTPDBG(SCTP_DEBUG_INDATA1, "Bad size of NR_SACK chunk\n"); |
5149 | 146 | break; |
5150 | 146 | } |
5151 | 80 | offset_seg = *offset + sizeof(struct sctp_nr_sack_chunk); |
5152 | 80 | offset_dup = offset_seg + (num_seg + num_nr_seg) * sizeof(struct sctp_gap_ack_block); |
5153 | 80 | } |
5154 | 494 | SCTPDBG(SCTP_DEBUG_INPUT3, "%s process cum_ack:%x num_seg:%d a_rwnd:%d\n", |
5155 | 494 | (ch->chunk_type == SCTP_SELECTIVE_ACK) ? "SCTP_SACK" : "SCTP_NR_SACK", |
5156 | 494 | cum_ack, num_seg, a_rwnd); |
5157 | 494 | stcb->asoc.seen_a_sack_this_pkt = 1; |
5158 | 494 | if ((stcb->asoc.pr_sctp_cnt == 0) && |
5159 | 494 | (num_seg == 0) && (num_nr_seg == 0) && |
5160 | 494 | SCTP_TSN_GE(cum_ack, stcb->asoc.last_acked_seq) && |
5161 | 48 | (stcb->asoc.saw_sack_with_frags == 0) && |
5162 | 48 | (stcb->asoc.saw_sack_with_nr_frags == 0) && |
5163 | 48 | (!TAILQ_EMPTY(&stcb->asoc.sent_queue))) { |
5164 | | /* |
5165 | | * We have a SIMPLE sack having no |
5166 | | * prior segments and data on sent |
5167 | | * queue to be acked. Use the |
5168 | | * faster path sack processing. We |
5169 | | * also allow window update sacks |
5170 | | * with no missing segments to go |
5171 | | * this way too. |
5172 | | */ |
5173 | 18 | sctp_express_handle_sack(stcb, cum_ack, a_rwnd, |
5174 | 18 | &abort_now, ecne_seen); |
5175 | 476 | } else { |
5176 | 476 | if ((netp != NULL) && (*netp != NULL)) { |
5177 | 476 | sctp_handle_sack(m, offset_seg, offset_dup, stcb, |
5178 | 476 | num_seg, num_nr_seg, num_dup, &abort_now, flags, |
5179 | 476 | cum_ack, a_rwnd, ecne_seen); |
5180 | 476 | } |
5181 | 476 | } |
5182 | 494 | if (abort_now) { |
5183 | | /* ABORT signal from sack processing */ |
5184 | 61 | *offset = length; |
5185 | 61 | return (NULL); |
5186 | 61 | } |
5187 | 433 | if (TAILQ_EMPTY(&stcb->asoc.send_queue) && |
5188 | 433 | TAILQ_EMPTY(&stcb->asoc.sent_queue) && |
5189 | 351 | (stcb->asoc.stream_queue_cnt == 0)) { |
5190 | 131 | sctp_ulp_notify(SCTP_NOTIFY_SENDER_DRY, stcb, 0, NULL, SCTP_SO_NOT_LOCKED); |
5191 | 131 | } |
5192 | 433 | break; |
5193 | 494 | } |
5194 | 24.5k | case SCTP_HEARTBEAT_REQUEST: |
5195 | 24.5k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_HEARTBEAT\n"); |
5196 | 24.5k | if ((stcb != NULL) && (netp != NULL) && (*netp != NULL)) { |
5197 | 24.5k | SCTP_STAT_INCR(sctps_recvheartbeat); |
5198 | 24.5k | sctp_send_heartbeat_ack(stcb, m, *offset, |
5199 | 24.5k | chk_length, *netp); |
5200 | 24.5k | } |
5201 | 24.5k | break; |
5202 | 7.83k | case SCTP_HEARTBEAT_ACK: |
5203 | 7.83k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_HEARTBEAT_ACK\n"); |
5204 | 7.83k | if ((stcb == NULL) || (chk_length != sizeof(struct sctp_heartbeat_chunk))) { |
5205 | | /* Its not ours */ |
5206 | 3.45k | break; |
5207 | 3.45k | } |
5208 | 4.38k | SCTP_STAT_INCR(sctps_recvheartbeatack); |
5209 | 4.38k | if ((netp != NULL) && (*netp != NULL)) { |
5210 | 4.38k | sctp_handle_heartbeat_ack((struct sctp_heartbeat_chunk *)ch, |
5211 | 4.38k | stcb, *netp); |
5212 | 4.38k | } |
5213 | 4.38k | break; |
5214 | 90 | case SCTP_ABORT_ASSOCIATION: |
5215 | 90 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ABORT, stcb %p\n", |
5216 | 90 | (void *)stcb); |
5217 | 90 | *offset = length; |
5218 | 90 | if ((stcb != NULL) && (netp != NULL) && (*netp != NULL)) { |
5219 | 90 | if (sctp_handle_abort((struct sctp_abort_chunk *)ch, stcb, *netp)) { |
5220 | 83 | return (NULL); |
5221 | 83 | } else { |
5222 | 7 | return (stcb); |
5223 | 7 | } |
5224 | 90 | } else { |
5225 | 0 | return (NULL); |
5226 | 0 | } |
5227 | 0 | break; |
5228 | 9.38k | case SCTP_SHUTDOWN: |
5229 | 9.38k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN, stcb %p\n", |
5230 | 9.38k | (void *)stcb); |
5231 | 9.38k | if ((stcb == NULL) || (chk_length != sizeof(struct sctp_shutdown_chunk))) { |
5232 | 4.04k | break; |
5233 | 4.04k | } |
5234 | 5.34k | if ((netp != NULL) && (*netp != NULL)) { |
5235 | 5.34k | abort_flag = 0; |
5236 | 5.34k | sctp_handle_shutdown((struct sctp_shutdown_chunk *)ch, |
5237 | 5.34k | stcb, *netp, &abort_flag); |
5238 | 5.34k | if (abort_flag) { |
5239 | 124 | *offset = length; |
5240 | 124 | return (NULL); |
5241 | 124 | } |
5242 | 5.34k | } |
5243 | 5.22k | break; |
5244 | 5.22k | case SCTP_SHUTDOWN_ACK: |
5245 | 1.68k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN_ACK, stcb %p\n", (void *)stcb); |
5246 | 1.68k | if ((chk_length == sizeof(struct sctp_shutdown_ack_chunk)) && |
5247 | 12 | (stcb != NULL) && (netp != NULL) && (*netp != NULL)) { |
5248 | 12 | sctp_handle_shutdown_ack((struct sctp_shutdown_ack_chunk *)ch, stcb, *netp); |
5249 | 12 | *offset = length; |
5250 | 12 | return (NULL); |
5251 | 12 | } |
5252 | 1.67k | break; |
5253 | 513k | case SCTP_OPERATION_ERROR: |
5254 | 513k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_OP_ERR\n"); |
5255 | 513k | if ((stcb != NULL) && (netp != NULL) && (*netp != NULL) && |
5256 | 513k | sctp_handle_error(ch, stcb, *netp, contiguous) < 0) { |
5257 | 0 | *offset = length; |
5258 | 0 | return (NULL); |
5259 | 0 | } |
5260 | 513k | break; |
5261 | 513k | case SCTP_COOKIE_ECHO: |
5262 | 38 | SCTPDBG(SCTP_DEBUG_INPUT3, |
5263 | 38 | "SCTP_COOKIE_ECHO, stcb %p\n", (void *)stcb); |
5264 | 38 | if ((stcb != NULL) && (stcb->asoc.total_output_queue_size > 0)) { |
5265 | 32 | ; |
5266 | 32 | } else { |
5267 | 6 | if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { |
5268 | | /* We are not interested anymore */ |
5269 | 0 | abend: |
5270 | 0 | if (stcb != NULL) { |
5271 | 0 | SCTP_TCB_UNLOCK(stcb); |
5272 | 0 | } |
5273 | 0 | *offset = length; |
5274 | 0 | return (NULL); |
5275 | 0 | } |
5276 | 6 | } |
5277 | | /*- |
5278 | | * First are we accepting? We do this again here |
5279 | | * since it is possible that a previous endpoint WAS |
5280 | | * listening responded to a INIT-ACK and then |
5281 | | * closed. We opened and bound.. and are now no |
5282 | | * longer listening. |
5283 | | * |
5284 | | * XXXGL: notes on checking listen queue length. |
5285 | | * 1) SCTP_IS_LISTENING() doesn't necessarily mean |
5286 | | * SOLISTENING(), because a listening "UDP type" |
5287 | | * socket isn't listening in terms of the socket |
5288 | | * layer. It is a normal data flow socket, that |
5289 | | * can fork off new connections. Thus, we should |
5290 | | * look into sol_qlen only in case we are !UDP. |
5291 | | * 2) Checking sol_qlen in general requires locking |
5292 | | * the socket, and this code lacks that. |
5293 | | */ |
5294 | 38 | if ((stcb == NULL) && |
5295 | 0 | (!SCTP_IS_LISTENING(inp) || |
5296 | 0 | (((inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) == 0) && |
5297 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5298 | | inp->sctp_socket->sol_qlen >= inp->sctp_socket->sol_qlimit))) { |
5299 | | #else |
5300 | 0 | inp->sctp_socket->so_qlen >= inp->sctp_socket->so_qlimit))) { |
5301 | 0 | #endif |
5302 | 0 | if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) && |
5303 | 0 | (SCTP_BASE_SYSCTL(sctp_abort_if_one_2_one_hits_limit))) { |
5304 | 0 | op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); |
5305 | 0 | sctp_abort_association(inp, stcb, m, iphlen, |
5306 | 0 | src, dst, sh, op_err, |
5307 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5308 | | mflowtype, mflowid, |
5309 | | #endif |
5310 | 0 | vrf_id, port); |
5311 | 0 | } |
5312 | 0 | *offset = length; |
5313 | 0 | return (NULL); |
5314 | 38 | } else { |
5315 | 38 | struct mbuf *ret_buf; |
5316 | 38 | struct sctp_inpcb *linp; |
5317 | 38 | struct sctp_tmit_chunk *chk; |
5318 | | |
5319 | 38 | if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | |
5320 | 38 | SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { |
5321 | 0 | goto abend; |
5322 | 0 | } |
5323 | | |
5324 | 38 | if (stcb) { |
5325 | 38 | linp = NULL; |
5326 | 38 | } else { |
5327 | 0 | linp = inp; |
5328 | 0 | } |
5329 | | |
5330 | 38 | if (linp != NULL) { |
5331 | 0 | SCTP_ASOC_CREATE_LOCK(linp); |
5332 | 0 | } |
5333 | | |
5334 | 38 | if (netp != NULL) { |
5335 | 38 | struct sctp_tcb *locked_stcb; |
5336 | | |
5337 | 38 | locked_stcb = stcb; |
5338 | 38 | ret_buf = |
5339 | 38 | sctp_handle_cookie_echo(m, iphlen, |
5340 | 38 | *offset, |
5341 | 38 | src, dst, |
5342 | 38 | sh, |
5343 | 38 | (struct sctp_cookie_echo_chunk *)ch, |
5344 | 38 | &inp, &stcb, netp, |
5345 | 38 | auth_skipped, |
5346 | 38 | auth_offset, |
5347 | 38 | auth_len, |
5348 | 38 | &locked_stcb, |
5349 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5350 | | mflowtype, |
5351 | | mflowid, |
5352 | | #endif |
5353 | 38 | vrf_id, |
5354 | 38 | port); |
5355 | 38 | if ((locked_stcb != NULL) && (locked_stcb != stcb)) { |
5356 | 0 | SCTP_TCB_UNLOCK(locked_stcb); |
5357 | 0 | } |
5358 | 38 | if (stcb != NULL) { |
5359 | 38 | SCTP_TCB_LOCK_ASSERT(stcb); |
5360 | 38 | } |
5361 | 38 | } else { |
5362 | 0 | ret_buf = NULL; |
5363 | 0 | } |
5364 | 38 | if (linp != NULL) { |
5365 | 0 | SCTP_ASOC_CREATE_UNLOCK(linp); |
5366 | 0 | } |
5367 | 38 | if (ret_buf == NULL) { |
5368 | 38 | if (stcb != NULL) { |
5369 | 38 | SCTP_TCB_UNLOCK(stcb); |
5370 | 38 | } |
5371 | 38 | SCTPDBG(SCTP_DEBUG_INPUT3, |
5372 | 38 | "GAK, null buffer\n"); |
5373 | 38 | *offset = length; |
5374 | 38 | return (NULL); |
5375 | 38 | } |
5376 | | /* if AUTH skipped, see if it verified... */ |
5377 | 0 | if (auth_skipped) { |
5378 | 0 | got_auth = 1; |
5379 | 0 | auth_skipped = 0; |
5380 | 0 | } |
5381 | | /* Restart the timer if we have pending data */ |
5382 | 0 | TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { |
5383 | 0 | if (chk->whoTo != NULL) { |
5384 | 0 | break; |
5385 | 0 | } |
5386 | 0 | } |
5387 | 0 | if (chk != NULL) { |
5388 | 0 | sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, chk->whoTo); |
5389 | 0 | } |
5390 | 0 | } |
5391 | 0 | break; |
5392 | 38.1k | case SCTP_COOKIE_ACK: |
5393 | 38.1k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_COOKIE_ACK, stcb %p\n", (void *)stcb); |
5394 | 38.1k | if ((stcb == NULL) || chk_length != sizeof(struct sctp_cookie_ack_chunk)) { |
5395 | 4.38k | break; |
5396 | 4.38k | } |
5397 | 33.8k | if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { |
5398 | | /* We are not interested anymore */ |
5399 | 0 | if ((stcb) && (stcb->asoc.total_output_queue_size)) { |
5400 | 0 | ; |
5401 | 0 | } else if (stcb) { |
5402 | | #if defined(__APPLE__) && !defined(__Userspace__) |
5403 | | so = SCTP_INP_SO(inp); |
5404 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
5405 | | SCTP_TCB_UNLOCK(stcb); |
5406 | | SCTP_SOCKET_LOCK(so, 1); |
5407 | | SCTP_TCB_LOCK(stcb); |
5408 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
5409 | | #endif |
5410 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
5411 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_30); |
5412 | | #if defined(__APPLE__) && !defined(__Userspace__) |
5413 | | SCTP_SOCKET_UNLOCK(so, 1); |
5414 | | #endif |
5415 | 0 | *offset = length; |
5416 | 0 | return (NULL); |
5417 | 0 | } |
5418 | 0 | } |
5419 | 33.8k | if ((netp != NULL) && (*netp != NULL)) { |
5420 | 33.8k | sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, *netp); |
5421 | 33.8k | } |
5422 | 33.8k | break; |
5423 | 8.11k | case SCTP_ECN_ECHO: |
5424 | 8.11k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ECN_ECHO\n"); |
5425 | 8.11k | if (stcb == NULL) { |
5426 | 0 | break; |
5427 | 0 | } |
5428 | 8.11k | if (stcb->asoc.ecn_supported == 0) { |
5429 | 0 | goto unknown_chunk; |
5430 | 0 | } |
5431 | 8.11k | if ((chk_length != sizeof(struct sctp_ecne_chunk)) && |
5432 | 7.31k | (chk_length != sizeof(struct old_sctp_ecne_chunk))) { |
5433 | 1.96k | break; |
5434 | 1.96k | } |
5435 | 6.15k | sctp_handle_ecn_echo((struct sctp_ecne_chunk *)ch, stcb); |
5436 | 6.15k | ecne_seen = 1; |
5437 | 6.15k | break; |
5438 | 609 | case SCTP_ECN_CWR: |
5439 | 609 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ECN_CWR\n"); |
5440 | 609 | if (stcb == NULL) { |
5441 | 0 | break; |
5442 | 0 | } |
5443 | 609 | if (stcb->asoc.ecn_supported == 0) { |
5444 | 0 | goto unknown_chunk; |
5445 | 0 | } |
5446 | 609 | if (chk_length != sizeof(struct sctp_cwr_chunk)) { |
5447 | 207 | break; |
5448 | 207 | } |
5449 | 402 | sctp_handle_ecn_cwr((struct sctp_cwr_chunk *)ch, stcb, *netp); |
5450 | 402 | break; |
5451 | 26 | case SCTP_SHUTDOWN_COMPLETE: |
5452 | 26 | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN_COMPLETE, stcb %p\n", (void *)stcb); |
5453 | | /* must be first and only chunk */ |
5454 | 26 | if ((num_chunks > 1) || |
5455 | 16 | (length - *offset > (int)SCTP_SIZE32(chk_length))) { |
5456 | 16 | *offset = length; |
5457 | 16 | return (stcb); |
5458 | 16 | } |
5459 | 10 | if ((chk_length == sizeof(struct sctp_shutdown_complete_chunk)) && |
5460 | 2 | (stcb != NULL) && (netp != NULL) && (*netp != NULL)) { |
5461 | 2 | sctp_handle_shutdown_complete((struct sctp_shutdown_complete_chunk *)ch, |
5462 | 2 | stcb, *netp); |
5463 | 2 | *offset = length; |
5464 | 2 | return (NULL); |
5465 | 2 | } |
5466 | 8 | break; |
5467 | 14.7k | case SCTP_ASCONF: |
5468 | 14.7k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ASCONF\n"); |
5469 | 14.7k | if (stcb != NULL) { |
5470 | 14.7k | if (stcb->asoc.asconf_supported == 0) { |
5471 | 280 | goto unknown_chunk; |
5472 | 280 | } |
5473 | 14.4k | sctp_handle_asconf(m, *offset, src, |
5474 | 14.4k | (struct sctp_asconf_chunk *)ch, stcb, asconf_cnt == 0); |
5475 | 14.4k | asconf_cnt++; |
5476 | 14.4k | } |
5477 | 14.4k | break; |
5478 | 14.4k | case SCTP_ASCONF_ACK: |
5479 | 1.55k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ASCONF_ACK\n"); |
5480 | 1.55k | if (stcb == NULL) { |
5481 | 0 | break; |
5482 | 0 | } |
5483 | 1.55k | if (stcb->asoc.asconf_supported == 0) { |
5484 | 213 | goto unknown_chunk; |
5485 | 213 | } |
5486 | 1.34k | if (chk_length < sizeof(struct sctp_asconf_ack_chunk)) { |
5487 | 806 | break; |
5488 | 806 | } |
5489 | 538 | if ((netp != NULL) && (*netp != NULL)) { |
5490 | | /* He's alive so give him credit */ |
5491 | 538 | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) { |
5492 | 0 | sctp_misc_ints(SCTP_THRESHOLD_CLEAR, |
5493 | 0 | stcb->asoc.overall_error_count, |
5494 | 0 | 0, |
5495 | 0 | SCTP_FROM_SCTP_INPUT, |
5496 | 0 | __LINE__); |
5497 | 0 | } |
5498 | 538 | stcb->asoc.overall_error_count = 0; |
5499 | 538 | sctp_handle_asconf_ack(m, *offset, |
5500 | 538 | (struct sctp_asconf_ack_chunk *)ch, stcb, *netp, &abort_no_unlock); |
5501 | 538 | if (abort_no_unlock) |
5502 | 0 | return (NULL); |
5503 | 538 | } |
5504 | 538 | break; |
5505 | 4.53k | case SCTP_FORWARD_CUM_TSN: |
5506 | 7.44k | case SCTP_IFORWARD_CUM_TSN: |
5507 | 7.44k | SCTPDBG(SCTP_DEBUG_INPUT3, "%s\n", |
5508 | 7.44k | ch->chunk_type == SCTP_FORWARD_CUM_TSN ? "FORWARD_TSN" : "I_FORWARD_TSN"); |
5509 | 7.44k | if (stcb == NULL) { |
5510 | 0 | break; |
5511 | 0 | } |
5512 | 7.44k | if (stcb->asoc.prsctp_supported == 0) { |
5513 | 1.08k | goto unknown_chunk; |
5514 | 1.08k | } |
5515 | 6.35k | if (chk_length < sizeof(struct sctp_forward_tsn_chunk)) { |
5516 | 2.02k | break; |
5517 | 2.02k | } |
5518 | 4.32k | if (((stcb->asoc.idata_supported == 1) && (ch->chunk_type == SCTP_FORWARD_CUM_TSN)) || |
5519 | 4.30k | ((stcb->asoc.idata_supported == 0) && (ch->chunk_type == SCTP_IFORWARD_CUM_TSN))) { |
5520 | 22 | if (ch->chunk_type == SCTP_FORWARD_CUM_TSN) { |
5521 | 20 | SCTP_SNPRINTF(msg, sizeof(msg), "%s", "FORWARD-TSN chunk received when I-FORWARD-TSN was negotiated"); |
5522 | 20 | } else { |
5523 | 2 | SCTP_SNPRINTF(msg, sizeof(msg), "%s", "I-FORWARD-TSN chunk received when FORWARD-TSN was negotiated"); |
5524 | 2 | } |
5525 | 22 | op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); |
5526 | 22 | sctp_abort_an_association(inp, stcb, op_err, false, SCTP_SO_NOT_LOCKED); |
5527 | 22 | *offset = length; |
5528 | 22 | return (NULL); |
5529 | 22 | } |
5530 | 4.30k | *fwd_tsn_seen = 1; |
5531 | 4.30k | if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { |
5532 | | /* We are not interested anymore */ |
5533 | | #if defined(__APPLE__) && !defined(__Userspace__) |
5534 | | so = SCTP_INP_SO(inp); |
5535 | | atomic_add_int(&stcb->asoc.refcnt, 1); |
5536 | | SCTP_TCB_UNLOCK(stcb); |
5537 | | SCTP_SOCKET_LOCK(so, 1); |
5538 | | SCTP_TCB_LOCK(stcb); |
5539 | | atomic_subtract_int(&stcb->asoc.refcnt, 1); |
5540 | | #endif |
5541 | 0 | (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, |
5542 | 0 | SCTP_FROM_SCTP_INPUT + SCTP_LOC_31); |
5543 | | #if defined(__APPLE__) && !defined(__Userspace__) |
5544 | | SCTP_SOCKET_UNLOCK(so, 1); |
5545 | | #endif |
5546 | 0 | *offset = length; |
5547 | 0 | return (NULL); |
5548 | 0 | } |
5549 | | /* |
5550 | | * For sending a SACK this looks like DATA |
5551 | | * chunks. |
5552 | | */ |
5553 | 4.30k | stcb->asoc.last_data_chunk_from = stcb->asoc.last_control_chunk_from; |
5554 | 4.30k | abort_flag = 0; |
5555 | 4.30k | sctp_handle_forward_tsn(stcb, |
5556 | 4.30k | (struct sctp_forward_tsn_chunk *)ch, &abort_flag, m, *offset); |
5557 | 4.30k | if (abort_flag) { |
5558 | 97 | *offset = length; |
5559 | 97 | return (NULL); |
5560 | 97 | } |
5561 | 4.20k | break; |
5562 | 22.3k | case SCTP_STREAM_RESET: |
5563 | 22.3k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_STREAM_RESET\n"); |
5564 | 22.3k | if (stcb == NULL) { |
5565 | 0 | break; |
5566 | 0 | } |
5567 | 22.3k | if (stcb->asoc.reconfig_supported == 0) { |
5568 | 0 | goto unknown_chunk; |
5569 | 0 | } |
5570 | 22.3k | if (chk_length < sizeof(struct sctp_stream_reset_tsn_req)) { |
5571 | 1.75k | break; |
5572 | 1.75k | } |
5573 | 20.6k | if (sctp_handle_stream_reset(stcb, m, *offset, ch)) { |
5574 | | /* stop processing */ |
5575 | 0 | *offset = length; |
5576 | 0 | return (NULL); |
5577 | 0 | } |
5578 | 20.6k | break; |
5579 | 20.6k | case SCTP_PACKET_DROPPED: |
5580 | 12.0k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_PACKET_DROPPED\n"); |
5581 | 12.0k | if (stcb == NULL) { |
5582 | 0 | break; |
5583 | 0 | } |
5584 | 12.0k | if (stcb->asoc.pktdrop_supported == 0) { |
5585 | 1.07k | goto unknown_chunk; |
5586 | 1.07k | } |
5587 | 10.9k | if (chk_length < sizeof(struct sctp_pktdrop_chunk)) { |
5588 | 1.10k | break; |
5589 | 1.10k | } |
5590 | 9.83k | if ((netp != NULL) && (*netp != NULL)) { |
5591 | 9.83k | sctp_handle_packet_dropped((struct sctp_pktdrop_chunk *)ch, |
5592 | 9.83k | stcb, *netp, |
5593 | 9.83k | min(chk_length, contiguous)); |
5594 | 9.83k | } |
5595 | 9.83k | break; |
5596 | 4.81k | case SCTP_AUTHENTICATION: |
5597 | 4.81k | SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_AUTHENTICATION\n"); |
5598 | 4.81k | if (stcb == NULL) { |
5599 | | /* save the first AUTH for later processing */ |
5600 | 0 | if (auth_skipped == 0) { |
5601 | 0 | auth_offset = *offset; |
5602 | 0 | auth_len = chk_length; |
5603 | 0 | auth_skipped = 1; |
5604 | 0 | } |
5605 | | /* skip this chunk (temporarily) */ |
5606 | 0 | break; |
5607 | 0 | } |
5608 | 4.81k | if (stcb->asoc.auth_supported == 0) { |
5609 | 0 | goto unknown_chunk; |
5610 | 0 | } |
5611 | 4.81k | if ((chk_length < (sizeof(struct sctp_auth_chunk))) || |
5612 | 4.80k | (chk_length > (sizeof(struct sctp_auth_chunk) + |
5613 | 4.80k | SCTP_AUTH_DIGEST_LEN_MAX))) { |
5614 | | /* Its not ours */ |
5615 | 8 | *offset = length; |
5616 | 8 | return (stcb); |
5617 | 8 | } |
5618 | 4.80k | if (got_auth == 1) { |
5619 | | /* skip this chunk... it's already auth'd */ |
5620 | 2.30k | break; |
5621 | 2.30k | } |
5622 | 2.49k | got_auth = 1; |
5623 | 2.49k | if (sctp_handle_auth(stcb, (struct sctp_auth_chunk *)ch, m, *offset)) { |
5624 | | /* auth HMAC failed so dump the packet */ |
5625 | 0 | *offset = length; |
5626 | 0 | return (stcb); |
5627 | 2.49k | } else { |
5628 | | /* remaining chunks are HMAC checked */ |
5629 | 2.49k | stcb->asoc.authenticated = 1; |
5630 | 2.49k | } |
5631 | 2.49k | break; |
5632 | | |
5633 | 144k | default: |
5634 | 147k | unknown_chunk: |
5635 | | /* it's an unknown chunk! */ |
5636 | 147k | if ((ch->chunk_type & 0x40) && |
5637 | 139k | (stcb != NULL) && |
5638 | 139k | (SCTP_GET_STATE(stcb) != SCTP_STATE_EMPTY) && |
5639 | 139k | (SCTP_GET_STATE(stcb) != SCTP_STATE_INUSE) && |
5640 | 139k | (SCTP_GET_STATE(stcb) != SCTP_STATE_COOKIE_WAIT)) { |
5641 | 132k | struct sctp_gen_error_cause *cause; |
5642 | 132k | int len; |
5643 | | |
5644 | 132k | op_err = sctp_get_mbuf_for_msg(sizeof(struct sctp_gen_error_cause), |
5645 | 132k | 0, M_NOWAIT, 1, MT_DATA); |
5646 | 132k | if (op_err != NULL) { |
5647 | 132k | len = min(SCTP_SIZE32(chk_length), (uint32_t)(length - *offset)); |
5648 | 132k | cause = mtod(op_err, struct sctp_gen_error_cause *); |
5649 | 132k | cause->code = htons(SCTP_CAUSE_UNRECOG_CHUNK); |
5650 | 132k | cause->length = htons((uint16_t)(len + sizeof(struct sctp_gen_error_cause))); |
5651 | 132k | SCTP_BUF_LEN(op_err) = sizeof(struct sctp_gen_error_cause); |
5652 | 132k | SCTP_BUF_NEXT(op_err) = SCTP_M_COPYM(m, *offset, len, M_NOWAIT); |
5653 | 132k | if (SCTP_BUF_NEXT(op_err) != NULL) { |
5654 | | #ifdef SCTP_MBUF_LOGGING |
5655 | | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { |
5656 | | sctp_log_mbc(SCTP_BUF_NEXT(op_err), SCTP_MBUF_ICOPY); |
5657 | | } |
5658 | | #endif |
5659 | 132k | sctp_queue_op_err(stcb, op_err); |
5660 | 132k | } else { |
5661 | 0 | sctp_m_freem(op_err); |
5662 | 0 | } |
5663 | 132k | } |
5664 | 132k | } |
5665 | 147k | if ((ch->chunk_type & 0x80) == 0) { |
5666 | | /* discard this packet */ |
5667 | 52 | *offset = length; |
5668 | 52 | return (stcb); |
5669 | 52 | } /* else skip this bad chunk and continue... */ |
5670 | 147k | break; |
5671 | 824k | } /* switch (ch->chunk_type) */ |
5672 | | |
5673 | 817k | next_chunk: |
5674 | | /* get the next chunk */ |
5675 | 817k | *offset += SCTP_SIZE32(chk_length); |
5676 | 817k | if (*offset >= length) { |
5677 | | /* no more data left in the mbuf chain */ |
5678 | 7.33k | break; |
5679 | 7.33k | } |
5680 | 810k | ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset, |
5681 | 810k | sizeof(struct sctp_chunkhdr), chunk_buf); |
5682 | 810k | if (ch == NULL) { |
5683 | 900 | *offset = length; |
5684 | 900 | return (stcb); |
5685 | 900 | } |
5686 | 810k | } /* while */ |
5687 | | |
5688 | 9.02k | if ((asconf_cnt > 0) && (stcb != NULL)) { |
5689 | 1.21k | sctp_send_asconf_ack(stcb); |
5690 | 1.21k | } |
5691 | 9.02k | return (stcb); |
5692 | 20.3k | } |
5693 | | |
5694 | | /* |
5695 | | * common input chunk processing (v4 and v6) |
5696 | | */ |
5697 | | void |
5698 | | sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int length, |
5699 | | struct sockaddr *src, struct sockaddr *dst, |
5700 | | struct sctphdr *sh, struct sctp_chunkhdr *ch, |
5701 | | uint8_t compute_crc, |
5702 | | uint8_t ecn_bits, |
5703 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5704 | | uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum, |
5705 | | #endif |
5706 | | uint32_t vrf_id, uint16_t port) |
5707 | 24.0k | { |
5708 | 24.0k | char msg[SCTP_DIAG_INFO_LEN]; |
5709 | 24.0k | struct mbuf *m = *mm, *op_err; |
5710 | 24.0k | struct sctp_inpcb *inp = NULL, *inp_decr = NULL; |
5711 | 24.0k | struct sctp_tcb *stcb = NULL; |
5712 | 24.0k | struct sctp_nets *net = NULL; |
5713 | 24.0k | #if defined(__Userspace__) |
5714 | 24.0k | struct socket *upcall_socket = NULL; |
5715 | 24.0k | #endif |
5716 | 24.0k | uint32_t high_tsn; |
5717 | 24.0k | uint32_t cksum_in_hdr; |
5718 | 24.0k | int un_sent; |
5719 | 24.0k | int cnt_ctrl_ready = 0; |
5720 | 24.0k | int fwd_tsn_seen = 0, data_processed = 0; |
5721 | 24.0k | bool cksum_validated, stcb_looked_up; |
5722 | | |
5723 | 24.0k | SCTP_STAT_INCR(sctps_recvdatagrams); |
5724 | | #ifdef SCTP_AUDITING_ENABLED |
5725 | | sctp_audit_log(0xE0, 1); |
5726 | | sctp_auditing(0, inp, stcb, net); |
5727 | | #endif |
5728 | | |
5729 | 24.0k | stcb_looked_up = false; |
5730 | 24.0k | if (compute_crc != 0) { |
5731 | 0 | cksum_validated = false; |
5732 | 0 | cksum_in_hdr = sh->checksum; |
5733 | 0 | if (cksum_in_hdr != htonl(0)) { |
5734 | 0 | uint32_t cksum_calculated; |
5735 | |
|
5736 | 0 | validate_cksum: |
5737 | 0 | sh->checksum = 0; |
5738 | 0 | cksum_calculated = sctp_calculate_cksum(m, iphlen); |
5739 | 0 | sh->checksum = cksum_in_hdr; |
5740 | 0 | if (cksum_calculated != cksum_in_hdr) { |
5741 | 0 | if (stcb_looked_up) { |
5742 | | /* |
5743 | | * The packet has a zero checksum, which |
5744 | | * is not the correct CRC, no stcb has |
5745 | | * been found or an stcb has been found |
5746 | | * but an incorrect zero checksum is not |
5747 | | * acceptable. |
5748 | | */ |
5749 | 0 | KASSERT(cksum_in_hdr == htonl(0), |
5750 | 0 | ("cksum in header not zero: %x", |
5751 | 0 | ntohl(cksum_in_hdr))); |
5752 | 0 | if ((inp == NULL) && |
5753 | 0 | (SCTP_BASE_SYSCTL(sctp_ootb_with_zero_cksum) == 1)) { |
5754 | | /* |
5755 | | * This is an OOTB packet, |
5756 | | * depending on the sysctl |
5757 | | * variable, pretend that the |
5758 | | * checksum is acceptable, |
5759 | | * to allow an appropriate |
5760 | | * response (ABORT, for examlpe) |
5761 | | * to be sent. |
5762 | | */ |
5763 | 0 | KASSERT(stcb == NULL, |
5764 | 0 | ("stcb is %p", stcb)); |
5765 | 0 | SCTP_STAT_INCR(sctps_recvzerocrc); |
5766 | 0 | goto cksum_validated; |
5767 | 0 | } |
5768 | 0 | } else { |
5769 | 0 | stcb = sctp_findassociation_addr(m, offset, src, dst, |
5770 | 0 | sh, ch, &inp, &net, vrf_id); |
5771 | 0 | } |
5772 | 0 | SCTPDBG(SCTP_DEBUG_INPUT1, "Bad cksum in SCTP packet:%x calculated:%x m:%p mlen:%d iphlen:%d\n", |
5773 | 0 | ntohl(cksum_in_hdr), ntohl(cksum_calculated), (void *)m, length, iphlen); |
5774 | 0 | #if defined(INET) || defined(INET6) |
5775 | 0 | if ((ch->chunk_type != SCTP_INITIATION) && |
5776 | 0 | (net != NULL) && (net->port != port)) { |
5777 | 0 | if (net->port == 0) { |
5778 | | /* UDP encapsulation turned on. */ |
5779 | 0 | net->mtu -= sizeof(struct udphdr); |
5780 | 0 | if (stcb->asoc.smallest_mtu > net->mtu) { |
5781 | 0 | sctp_pathmtu_adjustment(stcb, net->mtu, true); |
5782 | 0 | } |
5783 | 0 | } else if (port == 0) { |
5784 | | /* UDP encapsulation turned off. */ |
5785 | 0 | net->mtu += sizeof(struct udphdr); |
5786 | | /* XXX Update smallest_mtu */ |
5787 | 0 | } |
5788 | 0 | net->port = port; |
5789 | 0 | } |
5790 | 0 | #endif |
5791 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5792 | | if (net != NULL) { |
5793 | | net->flowtype = mflowtype; |
5794 | | net->flowid = mflowid; |
5795 | | } |
5796 | | SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); |
5797 | | #endif |
5798 | 0 | if ((inp != NULL) && (stcb != NULL)) { |
5799 | 0 | if (stcb->asoc.pktdrop_supported) { |
5800 | 0 | sctp_send_packet_dropped(stcb, net, m, length, iphlen, 1); |
5801 | 0 | sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_INPUT_ERROR, SCTP_SO_NOT_LOCKED); |
5802 | 0 | } |
5803 | 0 | } else if ((inp != NULL) && (stcb == NULL)) { |
5804 | 0 | inp_decr = inp; |
5805 | 0 | } |
5806 | 0 | SCTP_STAT_INCR(sctps_badsum); |
5807 | 0 | SCTP_STAT_INCR_COUNTER32(sctps_checksumerrors); |
5808 | 0 | goto out; |
5809 | 0 | } else { |
5810 | 0 | cksum_validated = true; |
5811 | 0 | } |
5812 | 0 | } |
5813 | 0 | KASSERT(cksum_validated || cksum_in_hdr == htonl(0), |
5814 | 0 | ("cksum 0x%08x not zero and not validated", ntohl(cksum_in_hdr))); |
5815 | 0 | if (!cksum_validated) { |
5816 | 0 | stcb = sctp_findassociation_addr(m, offset, src, dst, |
5817 | 0 | sh, ch, &inp, &net, vrf_id); |
5818 | 0 | stcb_looked_up = true; |
5819 | 0 | if (stcb == NULL) { |
5820 | 0 | goto validate_cksum; |
5821 | 0 | } |
5822 | 0 | if (stcb->asoc.rcv_edmid == SCTP_EDMID_NONE) { |
5823 | 0 | goto validate_cksum; |
5824 | 0 | } |
5825 | 0 | KASSERT(stcb->asoc.rcv_edmid == SCTP_EDMID_LOWER_LAYER_DTLS, |
5826 | 0 | ("Unexpected EDMID %u", stcb->asoc.rcv_edmid)); |
5827 | 0 | SCTP_STAT_INCR(sctps_recvzerocrc); |
5828 | 0 | } |
5829 | 0 | } |
5830 | 24.0k | cksum_validated: |
5831 | | /* Destination port of 0 is illegal, based on RFC4960. */ |
5832 | 24.0k | if (sh->dest_port == htons(0)) { |
5833 | 0 | SCTP_STAT_INCR(sctps_hdrops); |
5834 | 0 | if ((stcb == NULL) && (inp != NULL)) { |
5835 | 0 | inp_decr = inp; |
5836 | 0 | } |
5837 | 0 | goto out; |
5838 | 0 | } |
5839 | 24.0k | if (!stcb_looked_up) { |
5840 | 24.0k | stcb = sctp_findassociation_addr(m, offset, src, dst, |
5841 | 24.0k | sh, ch, &inp, &net, vrf_id); |
5842 | 24.0k | } |
5843 | 24.0k | #if defined(INET) || defined(INET6) |
5844 | 24.0k | if ((ch->chunk_type != SCTP_INITIATION) && |
5845 | 24.0k | (net != NULL) && (net->port != port)) { |
5846 | 0 | if (net->port == 0) { |
5847 | | /* UDP encapsulation turned on. */ |
5848 | 0 | net->mtu -= sizeof(struct udphdr); |
5849 | 0 | if (stcb->asoc.smallest_mtu > net->mtu) { |
5850 | 0 | sctp_pathmtu_adjustment(stcb, net->mtu, true); |
5851 | 0 | } |
5852 | 0 | } else if (port == 0) { |
5853 | | /* UDP encapsulation turned off. */ |
5854 | 0 | net->mtu += sizeof(struct udphdr); |
5855 | | /* XXX Update smallest_mtu */ |
5856 | 0 | } |
5857 | 0 | net->port = port; |
5858 | 0 | } |
5859 | 24.0k | #endif |
5860 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5861 | | if (net != NULL) { |
5862 | | net->flowtype = mflowtype; |
5863 | | net->flowid = mflowid; |
5864 | | } |
5865 | | #endif |
5866 | 24.0k | if (inp == NULL) { |
5867 | 0 | SCTP_STAT_INCR(sctps_noport); |
5868 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5869 | | SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); |
5870 | | if (badport_bandlim(BANDLIM_SCTP_OOTB) < 0) { |
5871 | | goto out; |
5872 | | } |
5873 | | #endif |
5874 | 0 | if (ch->chunk_type == SCTP_SHUTDOWN_ACK) { |
5875 | 0 | SCTP_STAT_INCR_COUNTER64(sctps_incontrolchunks); |
5876 | 0 | sctp_send_shutdown_complete2(src, dst, sh, |
5877 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5878 | | mflowtype, mflowid, fibnum, |
5879 | | #endif |
5880 | 0 | vrf_id, port); |
5881 | 0 | goto out; |
5882 | 0 | } |
5883 | 0 | if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) { |
5884 | 0 | SCTP_STAT_INCR_COUNTER64(sctps_incontrolchunks); |
5885 | 0 | goto out; |
5886 | 0 | } |
5887 | 0 | if (ch->chunk_type != SCTP_ABORT_ASSOCIATION) { |
5888 | 0 | if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) || |
5889 | 0 | ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) && |
5890 | 0 | (ch->chunk_type != SCTP_INIT))) { |
5891 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
5892 | 0 | "Out of the blue"); |
5893 | 0 | sctp_send_abort(m, iphlen, src, dst, |
5894 | 0 | sh, 0, op_err, |
5895 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5896 | | mflowtype, mflowid, fibnum, |
5897 | | #endif |
5898 | 0 | vrf_id, port); |
5899 | 0 | } |
5900 | 0 | } |
5901 | 0 | goto out; |
5902 | 24.0k | } else if (stcb == NULL) { |
5903 | 0 | inp_decr = inp; |
5904 | 0 | } |
5905 | 24.0k | SCTPDBG(SCTP_DEBUG_INPUT1, "Ok, Common input processing called, m:%p iphlen:%d offset:%d length:%d stcb:%p\n", |
5906 | 24.0k | (void *)m, iphlen, offset, length, (void *)stcb); |
5907 | 24.0k | if (stcb) { |
5908 | | /* always clear this before beginning a packet */ |
5909 | 24.0k | stcb->asoc.authenticated = 0; |
5910 | 24.0k | stcb->asoc.seen_a_sack_this_pkt = 0; |
5911 | 24.0k | SCTPDBG(SCTP_DEBUG_INPUT1, "stcb:%p state:%x\n", |
5912 | 24.0k | (void *)stcb, stcb->asoc.state); |
5913 | | |
5914 | 24.0k | if ((stcb->asoc.state & SCTP_STATE_WAS_ABORTED) || |
5915 | 24.0k | (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED)) { |
5916 | | /*- |
5917 | | * If we hit here, we had a ref count |
5918 | | * up when the assoc was aborted and the |
5919 | | * timer is clearing out the assoc, we should |
5920 | | * NOT respond to any packet.. its OOTB. |
5921 | | */ |
5922 | 0 | SCTP_TCB_UNLOCK(stcb); |
5923 | 0 | stcb = NULL; |
5924 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5925 | | SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); |
5926 | | #endif |
5927 | 0 | SCTP_SNPRINTF(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); |
5928 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
5929 | 0 | msg); |
5930 | 0 | sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, |
5931 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5932 | | mflowtype, mflowid, inp->fibnum, |
5933 | | #endif |
5934 | 0 | vrf_id, port); |
5935 | 0 | goto out; |
5936 | 0 | } |
5937 | 24.0k | } |
5938 | 24.0k | #if defined(__Userspace__) |
5939 | 24.0k | if ((stcb != NULL) && |
5940 | 24.0k | ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) && |
5941 | 24.0k | (stcb->sctp_socket != NULL)) { |
5942 | 24.0k | if (stcb->sctp_socket->so_head != NULL) { |
5943 | 0 | upcall_socket = stcb->sctp_socket->so_head; |
5944 | 24.0k | } else { |
5945 | 24.0k | upcall_socket = stcb->sctp_socket; |
5946 | 24.0k | } |
5947 | 24.0k | SOCK_LOCK(upcall_socket); |
5948 | 24.0k | soref(upcall_socket); |
5949 | 24.0k | SOCK_UNLOCK(upcall_socket); |
5950 | 24.0k | } |
5951 | 24.0k | #endif |
5952 | 24.0k | if (IS_SCTP_CONTROL(ch)) { |
5953 | | /* process the control portion of the SCTP packet */ |
5954 | | /* sa_ignore NO_NULL_CHK */ |
5955 | 20.3k | stcb = sctp_process_control(m, iphlen, &offset, length, |
5956 | 20.3k | src, dst, sh, ch, |
5957 | 20.3k | inp, stcb, &net, &fwd_tsn_seen, |
5958 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
5959 | | mflowtype, mflowid, fibnum, |
5960 | | #endif |
5961 | 20.3k | vrf_id, port); |
5962 | 20.3k | if (stcb) { |
5963 | | /* This covers us if the cookie-echo was there |
5964 | | * and it changes our INP. |
5965 | | */ |
5966 | 19.4k | inp = stcb->sctp_ep; |
5967 | 19.4k | #if defined(INET) || defined(INET6) |
5968 | 19.4k | if ((ch->chunk_type != SCTP_INITIATION) && |
5969 | 19.4k | (net != NULL) && (net->port != port)) { |
5970 | 0 | if (net->port == 0) { |
5971 | | /* UDP encapsulation turned on. */ |
5972 | 0 | net->mtu -= sizeof(struct udphdr); |
5973 | 0 | if (stcb->asoc.smallest_mtu > net->mtu) { |
5974 | 0 | sctp_pathmtu_adjustment(stcb, net->mtu, true); |
5975 | 0 | } |
5976 | 0 | } else if (port == 0) { |
5977 | | /* UDP encapsulation turned off. */ |
5978 | 0 | net->mtu += sizeof(struct udphdr); |
5979 | | /* XXX Update smallest_mtu */ |
5980 | 0 | } |
5981 | 0 | net->port = port; |
5982 | 0 | } |
5983 | 19.4k | #endif |
5984 | 19.4k | } |
5985 | 20.3k | } else { |
5986 | | /* |
5987 | | * no control chunks, so pre-process DATA chunks (these |
5988 | | * checks are taken care of by control processing) |
5989 | | */ |
5990 | | |
5991 | | /* |
5992 | | * if DATA only packet, and auth is required, then punt... |
5993 | | * can't have authenticated without any AUTH (control) |
5994 | | * chunks |
5995 | | */ |
5996 | 3.71k | if ((stcb != NULL) && |
5997 | 3.71k | sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks)) { |
5998 | | /* "silently" ignore */ |
5999 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6000 | | SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); |
6001 | | #endif |
6002 | 0 | SCTP_STAT_INCR(sctps_recvauthmissing); |
6003 | 0 | goto out; |
6004 | 0 | } |
6005 | 3.71k | if (stcb == NULL) { |
6006 | | /* out of the blue DATA chunk */ |
6007 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6008 | | SCTP_PROBE5(receive, NULL, NULL, m, NULL, sh); |
6009 | | #endif |
6010 | 0 | SCTP_SNPRINTF(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); |
6011 | 0 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
6012 | 0 | msg); |
6013 | 0 | sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, |
6014 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6015 | | mflowtype, mflowid, fibnum, |
6016 | | #endif |
6017 | 0 | vrf_id, port); |
6018 | 0 | goto out; |
6019 | 0 | } |
6020 | 3.71k | if (stcb->asoc.my_vtag != ntohl(sh->v_tag)) { |
6021 | | /* v_tag mismatch! */ |
6022 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6023 | | SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); |
6024 | | #endif |
6025 | 0 | SCTP_STAT_INCR(sctps_badvtag); |
6026 | 0 | goto out; |
6027 | 0 | } |
6028 | 3.71k | } |
6029 | | |
6030 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6031 | | SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); |
6032 | | #endif |
6033 | 24.0k | if (stcb == NULL) { |
6034 | | /* |
6035 | | * no valid TCB for this packet, or we found it's a bad |
6036 | | * packet while processing control, or we're done with this |
6037 | | * packet (done or skip rest of data), so we drop it... |
6038 | | */ |
6039 | 938 | goto out; |
6040 | 938 | } |
6041 | 23.1k | #if defined(__Userspace__) |
6042 | 23.1k | if ((upcall_socket == NULL) && |
6043 | 0 | ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) && |
6044 | 0 | (stcb->sctp_socket != NULL)) { |
6045 | 0 | if (stcb->sctp_socket->so_head != NULL) { |
6046 | 0 | upcall_socket = stcb->sctp_socket->so_head; |
6047 | 0 | } else { |
6048 | 0 | upcall_socket = stcb->sctp_socket; |
6049 | 0 | } |
6050 | 0 | SOCK_LOCK(upcall_socket); |
6051 | 0 | soref(upcall_socket); |
6052 | 0 | SOCK_UNLOCK(upcall_socket); |
6053 | 0 | } |
6054 | 23.1k | #endif |
6055 | | |
6056 | | /* |
6057 | | * DATA chunk processing |
6058 | | */ |
6059 | | /* plow through the data chunks while length > offset */ |
6060 | | |
6061 | | /* |
6062 | | * Rest should be DATA only. Check authentication state if AUTH for |
6063 | | * DATA is required. |
6064 | | */ |
6065 | 23.1k | if ((length > offset) && |
6066 | 5.40k | (stcb != NULL) && |
6067 | 5.40k | sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.local_auth_chunks) && |
6068 | 0 | !stcb->asoc.authenticated) { |
6069 | | /* "silently" ignore */ |
6070 | 0 | SCTP_STAT_INCR(sctps_recvauthmissing); |
6071 | 0 | SCTPDBG(SCTP_DEBUG_AUTH1, |
6072 | 0 | "Data chunk requires AUTH, skipped\n"); |
6073 | 0 | goto trigger_send; |
6074 | 0 | } |
6075 | 23.1k | if (length > offset) { |
6076 | 5.40k | int retval; |
6077 | | |
6078 | | /* |
6079 | | * First check to make sure our state is correct. We would |
6080 | | * not get here unless we really did have a tag, so we don't |
6081 | | * abort if this happens, just dump the chunk silently. |
6082 | | */ |
6083 | 5.40k | switch (SCTP_GET_STATE(stcb)) { |
6084 | 1.67k | case SCTP_STATE_COOKIE_ECHOED: |
6085 | | /* |
6086 | | * we consider data with valid tags in this state |
6087 | | * shows us the cookie-ack was lost. Imply it was |
6088 | | * there. |
6089 | | */ |
6090 | 1.67k | sctp_handle_cookie_ack((struct sctp_cookie_ack_chunk *)ch, stcb, net); |
6091 | 1.67k | break; |
6092 | 362 | case SCTP_STATE_COOKIE_WAIT: |
6093 | | /* |
6094 | | * We consider OOTB any data sent during asoc setup. |
6095 | | */ |
6096 | 362 | SCTP_SNPRINTF(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); |
6097 | 362 | op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), |
6098 | 362 | msg); |
6099 | 362 | sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, |
6100 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6101 | | mflowtype, mflowid, inp->fibnum, |
6102 | | #endif |
6103 | 362 | vrf_id, port); |
6104 | 362 | goto out; |
6105 | | /*sa_ignore NOTREACHED*/ |
6106 | 0 | break; |
6107 | 0 | case SCTP_STATE_EMPTY: /* should not happen */ |
6108 | 0 | case SCTP_STATE_INUSE: /* should not happen */ |
6109 | 6 | case SCTP_STATE_SHUTDOWN_RECEIVED: /* This is a peer error */ |
6110 | 11 | case SCTP_STATE_SHUTDOWN_ACK_SENT: |
6111 | 11 | default: |
6112 | 11 | goto out; |
6113 | | /*sa_ignore NOTREACHED*/ |
6114 | 11 | break; |
6115 | 3.36k | case SCTP_STATE_OPEN: |
6116 | 3.36k | case SCTP_STATE_SHUTDOWN_SENT: |
6117 | 3.36k | break; |
6118 | 5.40k | } |
6119 | | /* plow through the data chunks while length > offset */ |
6120 | 5.03k | retval = sctp_process_data(mm, iphlen, &offset, length, |
6121 | 5.03k | inp, stcb, net, &high_tsn); |
6122 | 5.03k | if (retval == 2) { |
6123 | | /* |
6124 | | * The association aborted, NO UNLOCK needed since |
6125 | | * the association is destroyed. |
6126 | | */ |
6127 | 814 | stcb = NULL; |
6128 | 814 | goto out; |
6129 | 814 | } |
6130 | 4.21k | if (retval == 0) { |
6131 | 4.21k | data_processed = 1; |
6132 | 4.21k | } |
6133 | | /* |
6134 | | * Anything important needs to have been m_copy'ed in |
6135 | | * process_data |
6136 | | */ |
6137 | 4.21k | } |
6138 | | |
6139 | | /* take care of ecn */ |
6140 | 21.9k | if ((data_processed == 1) && |
6141 | 4.21k | (stcb->asoc.ecn_supported == 1) && |
6142 | 4.21k | ((ecn_bits & SCTP_CE_BITS) == SCTP_CE_BITS)) { |
6143 | | /* Yep, we need to add a ECNE */ |
6144 | 0 | sctp_send_ecn_echo(stcb, net, high_tsn); |
6145 | 0 | } |
6146 | | |
6147 | 21.9k | if ((data_processed == 0) && (fwd_tsn_seen)) { |
6148 | 877 | int was_a_gap; |
6149 | 877 | uint32_t highest_tsn; |
6150 | | |
6151 | 877 | if (SCTP_TSN_GT(stcb->asoc.highest_tsn_inside_nr_map, stcb->asoc.highest_tsn_inside_map)) { |
6152 | 100 | highest_tsn = stcb->asoc.highest_tsn_inside_nr_map; |
6153 | 777 | } else { |
6154 | 777 | highest_tsn = stcb->asoc.highest_tsn_inside_map; |
6155 | 777 | } |
6156 | 877 | was_a_gap = SCTP_TSN_GT(highest_tsn, stcb->asoc.cumulative_tsn); |
6157 | 877 | stcb->asoc.send_sack = 1; |
6158 | 877 | sctp_sack_check(stcb, was_a_gap); |
6159 | 21.0k | } else if (fwd_tsn_seen) { |
6160 | 268 | stcb->asoc.send_sack = 1; |
6161 | 268 | } |
6162 | | /* trigger send of any chunks in queue... */ |
6163 | 21.9k | trigger_send: |
6164 | | #ifdef SCTP_AUDITING_ENABLED |
6165 | | sctp_audit_log(0xE0, 2); |
6166 | | sctp_auditing(1, inp, stcb, net); |
6167 | | #endif |
6168 | 21.9k | SCTPDBG(SCTP_DEBUG_INPUT1, |
6169 | 21.9k | "Check for chunk output prw:%d tqe:%d tf=%d\n", |
6170 | 21.9k | stcb->asoc.peers_rwnd, |
6171 | 21.9k | TAILQ_EMPTY(&stcb->asoc.control_send_queue), |
6172 | 21.9k | stcb->asoc.total_flight); |
6173 | 21.9k | un_sent = (stcb->asoc.total_output_queue_size - stcb->asoc.total_flight); |
6174 | 21.9k | if (!TAILQ_EMPTY(&stcb->asoc.control_send_queue)) { |
6175 | 16.5k | cnt_ctrl_ready = stcb->asoc.ctrl_queue_cnt - stcb->asoc.ecn_echo_cnt_onq; |
6176 | 16.5k | } |
6177 | 21.9k | if (!TAILQ_EMPTY(&stcb->asoc.asconf_send_queue) || |
6178 | 21.9k | cnt_ctrl_ready || |
6179 | 5.41k | stcb->asoc.trigger_reset || |
6180 | 5.41k | ((un_sent > 0) && |
6181 | 16.9k | (stcb->asoc.peers_rwnd > 0 || stcb->asoc.total_flight == 0))) { |
6182 | 16.9k | SCTPDBG(SCTP_DEBUG_INPUT3, "Calling chunk OUTPUT\n"); |
6183 | 16.9k | sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CONTROL_PROC, SCTP_SO_NOT_LOCKED); |
6184 | 16.9k | SCTPDBG(SCTP_DEBUG_INPUT3, "chunk OUTPUT returns\n"); |
6185 | 16.9k | } |
6186 | | #ifdef SCTP_AUDITING_ENABLED |
6187 | | sctp_audit_log(0xE0, 3); |
6188 | | sctp_auditing(2, inp, stcb, net); |
6189 | | #endif |
6190 | 24.0k | out: |
6191 | 24.0k | if (stcb != NULL) { |
6192 | 22.3k | SCTP_TCB_UNLOCK(stcb); |
6193 | 22.3k | } |
6194 | 24.0k | #if defined(__Userspace__) |
6195 | 24.0k | if (upcall_socket != NULL) { |
6196 | 24.0k | if (upcall_socket->so_upcall != NULL) { |
6197 | 24.0k | if (soreadable(upcall_socket) || |
6198 | 15.6k | sowriteable(upcall_socket) || |
6199 | 12.0k | upcall_socket->so_error) { |
6200 | 12.0k | (*upcall_socket->so_upcall)(upcall_socket, upcall_socket->so_upcallarg, M_NOWAIT); |
6201 | 12.0k | } |
6202 | 24.0k | } |
6203 | 24.0k | ACCEPT_LOCK(); |
6204 | 24.0k | SOCK_LOCK(upcall_socket); |
6205 | 24.0k | sorele(upcall_socket); |
6206 | 24.0k | } |
6207 | 24.0k | #endif |
6208 | 24.0k | if (inp_decr != NULL) { |
6209 | | /* reduce ref-count */ |
6210 | 0 | SCTP_INP_WLOCK(inp_decr); |
6211 | 0 | SCTP_INP_DECR_REF(inp_decr); |
6212 | 0 | SCTP_INP_WUNLOCK(inp_decr); |
6213 | 0 | } |
6214 | 24.0k | return; |
6215 | 24.0k | } |
6216 | | |
6217 | | #ifdef INET |
6218 | | #if !defined(__Userspace__) |
6219 | | void |
6220 | | sctp_input_with_port(struct mbuf *i_pak, int off, uint16_t port) |
6221 | | { |
6222 | | struct mbuf *m; |
6223 | | int iphlen; |
6224 | | uint32_t vrf_id = 0; |
6225 | | uint8_t ecn_bits; |
6226 | | struct sockaddr_in src, dst; |
6227 | | struct ip *ip; |
6228 | | struct sctphdr *sh; |
6229 | | struct sctp_chunkhdr *ch; |
6230 | | int length, offset; |
6231 | | uint8_t compute_crc; |
6232 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6233 | | uint32_t mflowid; |
6234 | | uint8_t mflowtype; |
6235 | | uint16_t fibnum; |
6236 | | #endif |
6237 | | #if defined(__Userspace__) |
6238 | | uint16_t port = 0; |
6239 | | #endif |
6240 | | |
6241 | | iphlen = off; |
6242 | | if (SCTP_GET_PKT_VRFID(i_pak, vrf_id)) { |
6243 | | SCTP_RELEASE_PKT(i_pak); |
6244 | | return; |
6245 | | } |
6246 | | m = SCTP_HEADER_TO_CHAIN(i_pak); |
6247 | | #ifdef SCTP_MBUF_LOGGING |
6248 | | /* Log in any input mbufs */ |
6249 | | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { |
6250 | | sctp_log_mbc(m, SCTP_MBUF_INPUT); |
6251 | | } |
6252 | | #endif |
6253 | | #ifdef SCTP_PACKET_LOGGING |
6254 | | if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) { |
6255 | | sctp_packet_log(m); |
6256 | | } |
6257 | | #endif |
6258 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6259 | | SCTPDBG(SCTP_DEBUG_CRCOFFLOAD, |
6260 | | "sctp_input(): Packet of length %d received on %s with csum_flags 0x%b.\n", |
6261 | | m->m_pkthdr.len, |
6262 | | if_name(m->m_pkthdr.rcvif), |
6263 | | (int)m->m_pkthdr.csum_flags, CSUM_BITS); |
6264 | | #endif |
6265 | | #if defined(__APPLE__) && !defined(__Userspace__) |
6266 | | SCTPDBG(SCTP_DEBUG_CRCOFFLOAD, |
6267 | | "sctp_input(): Packet of length %d received on %s%d with csum_flags 0x%x.\n", |
6268 | | m->m_pkthdr.len, |
6269 | | m->m_pkthdr.rcvif->if_name, |
6270 | | m->m_pkthdr.rcvif->if_unit, |
6271 | | m->m_pkthdr.csum_flags); |
6272 | | #endif |
6273 | | #if defined(_WIN32) && !defined(__Userspace__) |
6274 | | SCTPDBG(SCTP_DEBUG_CRCOFFLOAD, |
6275 | | "sctp_input(): Packet of length %d received on %s with csum_flags 0x%x.\n", |
6276 | | m->m_pkthdr.len, |
6277 | | m->m_pkthdr.rcvif->if_xname, |
6278 | | m->m_pkthdr.csum_flags); |
6279 | | #endif |
6280 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6281 | | mflowid = m->m_pkthdr.flowid; |
6282 | | mflowtype = M_HASHTYPE_GET(m); |
6283 | | fibnum = M_GETFIB(m); |
6284 | | #endif |
6285 | | SCTP_STAT_INCR(sctps_recvpackets); |
6286 | | SCTP_STAT_INCR_COUNTER64(sctps_inpackets); |
6287 | | /* Get IP, SCTP, and first chunk header together in the first mbuf. */ |
6288 | | offset = iphlen + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); |
6289 | | if (SCTP_BUF_LEN(m) < offset) { |
6290 | | if ((m = m_pullup(m, offset)) == NULL) { |
6291 | | SCTP_STAT_INCR(sctps_hdrops); |
6292 | | return; |
6293 | | } |
6294 | | } |
6295 | | ip = mtod(m, struct ip *); |
6296 | | sh = (struct sctphdr *)((caddr_t)ip + iphlen); |
6297 | | ch = (struct sctp_chunkhdr *)((caddr_t)sh + sizeof(struct sctphdr)); |
6298 | | offset -= sizeof(struct sctp_chunkhdr); |
6299 | | memset(&src, 0, sizeof(struct sockaddr_in)); |
6300 | | src.sin_family = AF_INET; |
6301 | | #ifdef HAVE_SIN_LEN |
6302 | | src.sin_len = sizeof(struct sockaddr_in); |
6303 | | #endif |
6304 | | src.sin_port = sh->src_port; |
6305 | | src.sin_addr = ip->ip_src; |
6306 | | memset(&dst, 0, sizeof(struct sockaddr_in)); |
6307 | | dst.sin_family = AF_INET; |
6308 | | #ifdef HAVE_SIN_LEN |
6309 | | dst.sin_len = sizeof(struct sockaddr_in); |
6310 | | #endif |
6311 | | dst.sin_port = sh->dest_port; |
6312 | | dst.sin_addr = ip->ip_dst; |
6313 | | #if defined(_WIN32) && !defined(__Userspace__) |
6314 | | NTOHS(ip->ip_len); |
6315 | | #endif |
6316 | | #if defined(__linux__) || (defined(_WIN32) && defined(__Userspace__)) |
6317 | | ip->ip_len = ntohs(ip->ip_len); |
6318 | | #endif |
6319 | | #if defined(__Userspace__) |
6320 | | #if defined(__linux__) || defined(_WIN32) |
6321 | | length = ip->ip_len; |
6322 | | #else |
6323 | | length = ip->ip_len + iphlen; |
6324 | | #endif |
6325 | | #elif defined(__FreeBSD__) |
6326 | | length = ntohs(ip->ip_len); |
6327 | | #elif defined(__APPLE__) |
6328 | | length = ip->ip_len + iphlen; |
6329 | | #else |
6330 | | length = ip->ip_len; |
6331 | | #endif |
6332 | | /* Validate mbuf chain length with IP payload length. */ |
6333 | | if (SCTP_HEADER_LEN(m) != length) { |
6334 | | SCTPDBG(SCTP_DEBUG_INPUT1, |
6335 | | "sctp_input() length:%d reported length:%d\n", length, SCTP_HEADER_LEN(m)); |
6336 | | SCTP_STAT_INCR(sctps_hdrops); |
6337 | | goto out; |
6338 | | } |
6339 | | /* SCTP does not allow broadcasts or multicasts */ |
6340 | | if (IN_MULTICAST(ntohl(dst.sin_addr.s_addr))) { |
6341 | | goto out; |
6342 | | } |
6343 | | if (SCTP_IS_IT_BROADCAST(dst.sin_addr, m)) { |
6344 | | goto out; |
6345 | | } |
6346 | | ecn_bits = ip->ip_tos; |
6347 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6348 | | if (m->m_pkthdr.csum_flags & (CSUM_SCTP_VALID | CSUM_IP_SCTP)) { |
6349 | | /* |
6350 | | * Packet with CSUM_IP_SCTP were sent from local host using |
6351 | | * checksum offloading. Checksum not required. |
6352 | | */ |
6353 | | SCTP_STAT_INCR(sctps_recvhwcrc); |
6354 | | compute_crc = 0; |
6355 | | } else { |
6356 | | #else |
6357 | | if (SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) && |
6358 | | ((src.sin_addr.s_addr == dst.sin_addr.s_addr) || |
6359 | | (SCTP_IS_IT_LOOPBACK(m)))) { |
6360 | | SCTP_STAT_INCR(sctps_recvhwcrc); |
6361 | | compute_crc = 0; |
6362 | | } else { |
6363 | | #endif |
6364 | | SCTP_STAT_INCR(sctps_recvswcrc); |
6365 | | compute_crc = 1; |
6366 | | } |
6367 | | sctp_common_input_processing(&m, iphlen, offset, length, |
6368 | | (struct sockaddr *)&src, |
6369 | | (struct sockaddr *)&dst, |
6370 | | sh, ch, |
6371 | | compute_crc, |
6372 | | ecn_bits, |
6373 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6374 | | mflowtype, mflowid, fibnum, |
6375 | | #endif |
6376 | | vrf_id, port); |
6377 | | out: |
6378 | | if (m) { |
6379 | | sctp_m_freem(m); |
6380 | | } |
6381 | | return; |
6382 | | } |
6383 | | |
6384 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6385 | | #if defined(SCTP_MCORE_INPUT) && defined(SMP) |
6386 | | extern int *sctp_cpuarry; |
6387 | | #endif |
6388 | | #endif |
6389 | | |
6390 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6391 | | int |
6392 | | sctp_input(struct mbuf **mp, int *offp, int proto SCTP_UNUSED) |
6393 | | { |
6394 | | struct mbuf *m; |
6395 | | int off; |
6396 | | |
6397 | | m = *mp; |
6398 | | off = *offp; |
6399 | | #else |
6400 | | void |
6401 | | sctp_input(struct mbuf *m, int off) |
6402 | | { |
6403 | | #endif |
6404 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6405 | | #if defined(SCTP_MCORE_INPUT) && defined(SMP) |
6406 | | if (mp_ncpus > 1) { |
6407 | | struct ip *ip; |
6408 | | struct sctphdr *sh; |
6409 | | int offset; |
6410 | | int cpu_to_use; |
6411 | | uint32_t flowid, tag; |
6412 | | |
6413 | | if (M_HASHTYPE_GET(m) != M_HASHTYPE_NONE) { |
6414 | | flowid = m->m_pkthdr.flowid; |
6415 | | } else { |
6416 | | /* No flow id built by lower layers |
6417 | | * fix it so we create one. |
6418 | | */ |
6419 | | offset = off + sizeof(struct sctphdr); |
6420 | | if (SCTP_BUF_LEN(m) < offset) { |
6421 | | if ((m = m_pullup(m, offset)) == NULL) { |
6422 | | SCTP_STAT_INCR(sctps_hdrops); |
6423 | | return (IPPROTO_DONE); |
6424 | | } |
6425 | | } |
6426 | | ip = mtod(m, struct ip *); |
6427 | | sh = (struct sctphdr *)((caddr_t)ip + off); |
6428 | | tag = htonl(sh->v_tag); |
6429 | | flowid = tag ^ ntohs(sh->dest_port) ^ ntohs(sh->src_port); |
6430 | | m->m_pkthdr.flowid = flowid; |
6431 | | M_HASHTYPE_SET(m, M_HASHTYPE_OPAQUE_HASH); |
6432 | | } |
6433 | | cpu_to_use = sctp_cpuarry[flowid % mp_ncpus]; |
6434 | | sctp_queue_to_mcore(m, off, cpu_to_use); |
6435 | | return (IPPROTO_DONE); |
6436 | | } |
6437 | | #endif |
6438 | | #endif |
6439 | | sctp_input_with_port(m, off, 0); |
6440 | | #if defined(__FreeBSD__) && !defined(__Userspace__) |
6441 | | return (IPPROTO_DONE); |
6442 | | #endif |
6443 | | } |
6444 | | #endif |
6445 | | #endif |