/src/usrsctp/usrsctplib/netinet/sctp_output.c

Source
/*-
 * SPDX-License-Identifier: BSD-3-Clause
 *
 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * a) Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *
 * b) Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the distribution.
 *
 * c) Neither the name of Cisco Systems, Inc. nor the names of its
 *    contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 * THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <netinet/sctp_os.h>
#if defined(__FreeBSD__) && !defined(__Userspace__)
#include <sys/proc.h>
#endif
#include <netinet/sctp_var.h>
#include <netinet/sctp_sysctl.h>
#include <netinet/sctp_header.h>
#include <netinet/sctp_pcb.h>
#include <netinet/sctputil.h>
#include <netinet/sctp_output.h>
#include <netinet/sctp_uio.h>
#include <netinet/sctputil.h>
#include <netinet/sctp_auth.h>
#include <netinet/sctp_timer.h>
#include <netinet/sctp_asconf.h>
#include <netinet/sctp_indata.h>
#include <netinet/sctp_bsd_addr.h>
#include <netinet/sctp_input.h>
#include <netinet/sctp_crc32.h>
#if defined(__FreeBSD__) && !defined(__Userspace__)
#include <netinet/sctp_kdtrace.h>
#endif
#if defined(__linux__)
#define __FAVOR_BSD    /* (on Ubuntu at least) enables UDP header field names like BSD in RFC 768 */
#endif
#if defined(INET) || defined(INET6)
#if !defined(_WIN32)
#include <netinet/udp.h>
#endif
#endif
#if !defined(__Userspace__)
#if defined(__APPLE__)
#include <netinet/in.h>
#endif
#if defined(__FreeBSD__) && !defined(__Userspace__)
#include <netinet/udp_var.h>
#include <machine/in_cksum.h>
#endif
#endif
#if defined(__Userspace__) && defined(INET6)
#include <netinet6/sctp6_var.h>
#endif
#if defined(_WIN32) && defined(__MINGW32__)
#include <minmax.h>
#endif
#if defined(__APPLE__) && !defined(__Userspace__)
#if !(defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD))
#define SCTP_MAX_LINKHDR 16
#endif
#endif

#define SCTP_MAX_GAPS_INARRAY 4
struct sack_track {
  uint8_t right_edge; /* mergable on the right edge */
  uint8_t left_edge;  /* mergable on the left edge */
  uint8_t num_entries;
  uint8_t spare;
  struct sctp_gap_ack_block gaps[SCTP_MAX_GAPS_INARRAY];
};

const struct sack_track sack_array[256] = {
  {0, 0, 0, 0,    /* 0x00 */
    {{0, 0},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 1, 0,    /* 0x01 */
    {{0, 0},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x02 */
    {{1, 1},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 1, 0,    /* 0x03 */
    {{0, 1},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x04 */
    {{2, 2},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x05 */
    {{0, 0},
    {2, 2},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x06 */
    {{1, 2},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 1, 0,    /* 0x07 */
    {{0, 2},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x08 */
    {{3, 3},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x09 */
    {{0, 0},
    {3, 3},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x0a */
    {{1, 1},
    {3, 3},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x0b */
    {{0, 1},
    {3, 3},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x0c */
    {{2, 3},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x0d */
    {{0, 0},
    {2, 3},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x0e */
    {{1, 3},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 1, 0,    /* 0x0f */
    {{0, 3},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x10 */
    {{4, 4},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x11 */
    {{0, 0},
    {4, 4},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x12 */
    {{1, 1},
    {4, 4},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x13 */
    {{0, 1},
    {4, 4},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x14 */
    {{2, 2},
    {4, 4},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x15 */
    {{0, 0},
    {2, 2},
    {4, 4},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x16 */
    {{1, 2},
    {4, 4},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x17 */
    {{0, 2},
    {4, 4},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x18 */
    {{3, 4},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x19 */
    {{0, 0},
    {3, 4},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x1a */
    {{1, 1},
    {3, 4},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x1b */
    {{0, 1},
    {3, 4},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x1c */
    {{2, 4},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x1d */
    {{0, 0},
    {2, 4},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x1e */
    {{1, 4},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 1, 0,    /* 0x1f */
    {{0, 4},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x20 */
    {{5, 5},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x21 */
    {{0, 0},
    {5, 5},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x22 */
    {{1, 1},
    {5, 5},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x23 */
    {{0, 1},
    {5, 5},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x24 */
    {{2, 2},
    {5, 5},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x25 */
    {{0, 0},
    {2, 2},
    {5, 5},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x26 */
    {{1, 2},
    {5, 5},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x27 */
    {{0, 2},
    {5, 5},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x28 */
    {{3, 3},
    {5, 5},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x29 */
    {{0, 0},
    {3, 3},
    {5, 5},
    {0, 0}
    }
  },
  {0, 0, 3, 0,    /* 0x2a */
    {{1, 1},
    {3, 3},
    {5, 5},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x2b */
    {{0, 1},
    {3, 3},
    {5, 5},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x2c */
    {{2, 3},
    {5, 5},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x2d */
    {{0, 0},
    {2, 3},
    {5, 5},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x2e */
    {{1, 3},
    {5, 5},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x2f */
    {{0, 3},
    {5, 5},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x30 */
    {{4, 5},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x31 */
    {{0, 0},
    {4, 5},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x32 */
    {{1, 1},
    {4, 5},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x33 */
    {{0, 1},
    {4, 5},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x34 */
    {{2, 2},
    {4, 5},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x35 */
    {{0, 0},
    {2, 2},
    {4, 5},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x36 */
    {{1, 2},
    {4, 5},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x37 */
    {{0, 2},
    {4, 5},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x38 */
    {{3, 5},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x39 */
    {{0, 0},
    {3, 5},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x3a */
    {{1, 1},
    {3, 5},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x3b */
    {{0, 1},
    {3, 5},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x3c */
    {{2, 5},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x3d */
    {{0, 0},
    {2, 5},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x3e */
    {{1, 5},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 1, 0,    /* 0x3f */
    {{0, 5},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x40 */
    {{6, 6},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x41 */
    {{0, 0},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x42 */
    {{1, 1},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x43 */
    {{0, 1},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x44 */
    {{2, 2},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x45 */
    {{0, 0},
    {2, 2},
    {6, 6},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x46 */
    {{1, 2},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x47 */
    {{0, 2},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x48 */
    {{3, 3},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x49 */
    {{0, 0},
    {3, 3},
    {6, 6},
    {0, 0}
    }
  },
  {0, 0, 3, 0,    /* 0x4a */
    {{1, 1},
    {3, 3},
    {6, 6},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x4b */
    {{0, 1},
    {3, 3},
    {6, 6},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x4c */
    {{2, 3},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x4d */
    {{0, 0},
    {2, 3},
    {6, 6},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x4e */
    {{1, 3},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x4f */
    {{0, 3},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x50 */
    {{4, 4},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x51 */
    {{0, 0},
    {4, 4},
    {6, 6},
    {0, 0}
    }
  },
  {0, 0, 3, 0,    /* 0x52 */
    {{1, 1},
    {4, 4},
    {6, 6},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x53 */
    {{0, 1},
    {4, 4},
    {6, 6},
    {0, 0}
    }
  },
  {0, 0, 3, 0,    /* 0x54 */
    {{2, 2},
    {4, 4},
    {6, 6},
    {0, 0}
    }
  },
  {1, 0, 4, 0,    /* 0x55 */
    {{0, 0},
    {2, 2},
    {4, 4},
    {6, 6}
    }
  },
  {0, 0, 3, 0,    /* 0x56 */
    {{1, 2},
    {4, 4},
    {6, 6},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x57 */
    {{0, 2},
    {4, 4},
    {6, 6},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x58 */
    {{3, 4},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x59 */
    {{0, 0},
    {3, 4},
    {6, 6},
    {0, 0}
    }
  },
  {0, 0, 3, 0,    /* 0x5a */
    {{1, 1},
    {3, 4},
    {6, 6},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x5b */
    {{0, 1},
    {3, 4},
    {6, 6},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x5c */
    {{2, 4},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x5d */
    {{0, 0},
    {2, 4},
    {6, 6},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x5e */
    {{1, 4},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x5f */
    {{0, 4},
    {6, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x60 */
    {{5, 6},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x61 */
    {{0, 0},
    {5, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x62 */
    {{1, 1},
    {5, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x63 */
    {{0, 1},
    {5, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x64 */
    {{2, 2},
    {5, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x65 */
    {{0, 0},
    {2, 2},
    {5, 6},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x66 */
    {{1, 2},
    {5, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x67 */
    {{0, 2},
    {5, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x68 */
    {{3, 3},
    {5, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x69 */
    {{0, 0},
    {3, 3},
    {5, 6},
    {0, 0}
    }
  },
  {0, 0, 3, 0,    /* 0x6a */
    {{1, 1},
    {3, 3},
    {5, 6},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x6b */
    {{0, 1},
    {3, 3},
    {5, 6},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x6c */
    {{2, 3},
    {5, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x6d */
    {{0, 0},
    {2, 3},
    {5, 6},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x6e */
    {{1, 3},
    {5, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x6f */
    {{0, 3},
    {5, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x70 */
    {{4, 6},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x71 */
    {{0, 0},
    {4, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x72 */
    {{1, 1},
    {4, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x73 */
    {{0, 1},
    {4, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x74 */
    {{2, 2},
    {4, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 3, 0,    /* 0x75 */
    {{0, 0},
    {2, 2},
    {4, 6},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x76 */
    {{1, 2},
    {4, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x77 */
    {{0, 2},
    {4, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x78 */
    {{3, 6},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x79 */
    {{0, 0},
    {3, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 2, 0,    /* 0x7a */
    {{1, 1},
    {3, 6},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x7b */
    {{0, 1},
    {3, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x7c */
    {{2, 6},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 2, 0,    /* 0x7d */
    {{0, 0},
    {2, 6},
    {0, 0},
    {0, 0}
    }
  },
  {0, 0, 1, 0,    /* 0x7e */
    {{1, 6},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 0, 1, 0,    /* 0x7f */
    {{0, 6},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 1, 0,    /* 0x80 */
    {{7, 7},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0x81 */
    {{0, 0},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0x82 */
    {{1, 1},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0x83 */
    {{0, 1},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0x84 */
    {{2, 2},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0x85 */
    {{0, 0},
    {2, 2},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0x86 */
    {{1, 2},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0x87 */
    {{0, 2},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0x88 */
    {{3, 3},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0x89 */
    {{0, 0},
    {3, 3},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0x8a */
    {{1, 1},
    {3, 3},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0x8b */
    {{0, 1},
    {3, 3},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0x8c */
    {{2, 3},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0x8d */
    {{0, 0},
    {2, 3},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0x8e */
    {{1, 3},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0x8f */
    {{0, 3},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0x90 */
    {{4, 4},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0x91 */
    {{0, 0},
    {4, 4},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0x92 */
    {{1, 1},
    {4, 4},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0x93 */
    {{0, 1},
    {4, 4},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0x94 */
    {{2, 2},
    {4, 4},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 4, 0,    /* 0x95 */
    {{0, 0},
    {2, 2},
    {4, 4},
    {7, 7}
    }
  },
  {0, 1, 3, 0,    /* 0x96 */
    {{1, 2},
    {4, 4},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0x97 */
    {{0, 2},
    {4, 4},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0x98 */
    {{3, 4},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0x99 */
    {{0, 0},
    {3, 4},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0x9a */
    {{1, 1},
    {3, 4},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0x9b */
    {{0, 1},
    {3, 4},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0x9c */
    {{2, 4},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0x9d */
    {{0, 0},
    {2, 4},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0x9e */
    {{1, 4},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0x9f */
    {{0, 4},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xa0 */
    {{5, 5},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xa1 */
    {{0, 0},
    {5, 5},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0xa2 */
    {{1, 1},
    {5, 5},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xa3 */
    {{0, 1},
    {5, 5},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0xa4 */
    {{2, 2},
    {5, 5},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 4, 0,    /* 0xa5 */
    {{0, 0},
    {2, 2},
    {5, 5},
    {7, 7}
    }
  },
  {0, 1, 3, 0,    /* 0xa6 */
    {{1, 2},
    {5, 5},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xa7 */
    {{0, 2},
    {5, 5},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0xa8 */
    {{3, 3},
    {5, 5},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 4, 0,    /* 0xa9 */
    {{0, 0},
    {3, 3},
    {5, 5},
    {7, 7}
    }
  },
  {0, 1, 4, 0,    /* 0xaa */
    {{1, 1},
    {3, 3},
    {5, 5},
    {7, 7}
    }
  },
  {1, 1, 4, 0,    /* 0xab */
    {{0, 1},
    {3, 3},
    {5, 5},
    {7, 7}
    }
  },
  {0, 1, 3, 0,    /* 0xac */
    {{2, 3},
    {5, 5},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 4, 0,    /* 0xad */
    {{0, 0},
    {2, 3},
    {5, 5},
    {7, 7}
    }
  },
  {0, 1, 3, 0,    /* 0xae */
    {{1, 3},
    {5, 5},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xaf */
    {{0, 3},
    {5, 5},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xb0 */
    {{4, 5},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xb1 */
    {{0, 0},
    {4, 5},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0xb2 */
    {{1, 1},
    {4, 5},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xb3 */
    {{0, 1},
    {4, 5},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0xb4 */
    {{2, 2},
    {4, 5},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 4, 0,    /* 0xb5 */
    {{0, 0},
    {2, 2},
    {4, 5},
    {7, 7}
    }
  },
  {0, 1, 3, 0,    /* 0xb6 */
    {{1, 2},
    {4, 5},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xb7 */
    {{0, 2},
    {4, 5},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xb8 */
    {{3, 5},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xb9 */
    {{0, 0},
    {3, 5},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0xba */
    {{1, 1},
    {3, 5},
    {7, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xbb */
    {{0, 1},
    {3, 5},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xbc */
    {{2, 5},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xbd */
    {{0, 0},
    {2, 5},
    {7, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xbe */
    {{1, 5},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xbf */
    {{0, 5},
    {7, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 1, 0,    /* 0xc0 */
    {{6, 7},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xc1 */
    {{0, 0},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xc2 */
    {{1, 1},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xc3 */
    {{0, 1},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xc4 */
    {{2, 2},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xc5 */
    {{0, 0},
    {2, 2},
    {6, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xc6 */
    {{1, 2},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xc7 */
    {{0, 2},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xc8 */
    {{3, 3},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xc9 */
    {{0, 0},
    {3, 3},
    {6, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0xca */
    {{1, 1},
    {3, 3},
    {6, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xcb */
    {{0, 1},
    {3, 3},
    {6, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xcc */
    {{2, 3},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xcd */
    {{0, 0},
    {2, 3},
    {6, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xce */
    {{1, 3},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xcf */
    {{0, 3},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xd0 */
    {{4, 4},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xd1 */
    {{0, 0},
    {4, 4},
    {6, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0xd2 */
    {{1, 1},
    {4, 4},
    {6, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xd3 */
    {{0, 1},
    {4, 4},
    {6, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0xd4 */
    {{2, 2},
    {4, 4},
    {6, 7},
    {0, 0}
    }
  },
  {1, 1, 4, 0,    /* 0xd5 */
    {{0, 0},
    {2, 2},
    {4, 4},
    {6, 7}
    }
  },
  {0, 1, 3, 0,    /* 0xd6 */
    {{1, 2},
    {4, 4},
    {6, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xd7 */
    {{0, 2},
    {4, 4},
    {6, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xd8 */
    {{3, 4},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xd9 */
    {{0, 0},
    {3, 4},
    {6, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0xda */
    {{1, 1},
    {3, 4},
    {6, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xdb */
    {{0, 1},
    {3, 4},
    {6, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xdc */
    {{2, 4},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xdd */
    {{0, 0},
    {2, 4},
    {6, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xde */
    {{1, 4},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xdf */
    {{0, 4},
    {6, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 1, 0,    /* 0xe0 */
    {{5, 7},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xe1 */
    {{0, 0},
    {5, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xe2 */
    {{1, 1},
    {5, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xe3 */
    {{0, 1},
    {5, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xe4 */
    {{2, 2},
    {5, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xe5 */
    {{0, 0},
    {2, 2},
    {5, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xe6 */
    {{1, 2},
    {5, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xe7 */
    {{0, 2},
    {5, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xe8 */
    {{3, 3},
    {5, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xe9 */
    {{0, 0},
    {3, 3},
    {5, 7},
    {0, 0}
    }
  },
  {0, 1, 3, 0,    /* 0xea */
    {{1, 1},
    {3, 3},
    {5, 7},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xeb */
    {{0, 1},
    {3, 3},
    {5, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xec */
    {{2, 3},
    {5, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xed */
    {{0, 0},
    {2, 3},
    {5, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xee */
    {{1, 3},
    {5, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xef */
    {{0, 3},
    {5, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 1, 0,    /* 0xf0 */
    {{4, 7},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xf1 */
    {{0, 0},
    {4, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xf2 */
    {{1, 1},
    {4, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xf3 */
    {{0, 1},
    {4, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xf4 */
    {{2, 2},
    {4, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 3, 0,    /* 0xf5 */
    {{0, 0},
    {2, 2},
    {4, 7},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xf6 */
    {{1, 2},
    {4, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xf7 */
    {{0, 2},
    {4, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 1, 0,    /* 0xf8 */
    {{3, 7},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xf9 */
    {{0, 0},
    {3, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 2, 0,    /* 0xfa */
    {{1, 1},
    {3, 7},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xfb */
    {{0, 1},
    {3, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 1, 0,    /* 0xfc */
    {{2, 7},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 2, 0,    /* 0xfd */
    {{0, 0},
    {2, 7},
    {0, 0},
    {0, 0}
    }
  },
  {0, 1, 1, 0,    /* 0xfe */
    {{1, 7},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  },
  {1, 1, 1, 0,    /* 0xff */
    {{0, 7},
    {0, 0},
    {0, 0},
    {0, 0}
    }
  }
};

int
sctp_is_address_in_scope(struct sctp_ifa *ifa,
                         struct sctp_scoping *scope,
                         int do_update)
{
  if ((scope->loopback_scope == 0) &&
      (ifa->ifn_p) && SCTP_IFN_IS_IFT_LOOP(ifa->ifn_p)) {
    /*
     * skip loopback if not in scope *
     */
    return (0);
  }
  switch (ifa->address.sa.sa_family) {
#ifdef INET
  case AF_INET:
    if (scope->ipv4_addr_legal) {
      struct sockaddr_in *sin;

      sin = &ifa->address.sin;
      if (sin->sin_addr.s_addr == 0) {
        /* not in scope , unspecified */
        return (0);
      }
      if ((scope->ipv4_local_scope == 0) &&
          (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) {
        /* private address not in scope */
        return (0);
      }
    } else {
      return (0);
    }
    break;
#endif
#ifdef INET6
  case AF_INET6:
    if (scope->ipv6_addr_legal) {
      struct sockaddr_in6 *sin6;

      /* Must update the flags,  bummer, which
       * means any IFA locks must now be applied HERE <->
       */
      if (do_update) {
        sctp_gather_internal_ifa_flags(ifa);
      }
      if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
        return (0);
      }
      /* ok to use deprecated addresses? */
      sin6 = &ifa->address.sin6;
      if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
        /* skip unspecified addresses */
        return (0);
      }
      if (    /* (local_scope == 0) && */
          (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) {
        return (0);
      }
      if ((scope->site_scope == 0) &&
          (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) {
        return (0);
      }
    } else {
      return (0);
    }
    break;
#endif
#if defined(__Userspace__)
  case AF_CONN:
    if (!scope->conn_addr_legal) {
      return (0);
    }
    break;
#endif
  default:
    return (0);
  }
  return (1);
}

static struct mbuf *
sctp_add_addr_to_mbuf(struct mbuf *m, struct sctp_ifa *ifa, uint16_t *len)
{
#if defined(INET) || defined(INET6)
  struct sctp_paramhdr *paramh;
  struct mbuf *mret;
  uint16_t plen;
#endif

  switch (ifa->address.sa.sa_family) {
#ifdef INET
  case AF_INET:
    plen = (uint16_t)sizeof(struct sctp_ipv4addr_param);
    break;
#endif
#ifdef INET6
  case AF_INET6:
    plen = (uint16_t)sizeof(struct sctp_ipv6addr_param);
    break;
#endif
  default:
    return (m);
  }
#if defined(INET) || defined(INET6)
  if (M_TRAILINGSPACE(m) >= plen) {
    /* easy side we just drop it on the end */
    paramh = (struct sctp_paramhdr *)(SCTP_BUF_AT(m, SCTP_BUF_LEN(m)));
    mret = m;
  } else {
    /* Need more space */
    mret = m;
    while (SCTP_BUF_NEXT(mret) != NULL) {
      mret = SCTP_BUF_NEXT(mret);
    }
    SCTP_BUF_NEXT(mret) = sctp_get_mbuf_for_msg(plen, 0, M_NOWAIT, 1, MT_DATA);
    if (SCTP_BUF_NEXT(mret) == NULL) {
      /* We are hosed, can't add more addresses */
      return (m);
    }
    mret = SCTP_BUF_NEXT(mret);
    paramh = mtod(mret, struct sctp_paramhdr *);
  }
  /* now add the parameter */
  switch (ifa->address.sa.sa_family) {
#ifdef INET
  case AF_INET:
  {
    struct sctp_ipv4addr_param *ipv4p;
    struct sockaddr_in *sin;

    sin = &ifa->address.sin;
    ipv4p = (struct sctp_ipv4addr_param *)paramh;
    paramh->param_type = htons(SCTP_IPV4_ADDRESS);
    paramh->param_length = htons(plen);
    ipv4p->addr = sin->sin_addr.s_addr;
    SCTP_BUF_LEN(mret) += plen;
    break;
  }
#endif
#ifdef INET6
  case AF_INET6:
  {
    struct sctp_ipv6addr_param *ipv6p;
    struct sockaddr_in6 *sin6;

    sin6 = &ifa->address.sin6;
    ipv6p = (struct sctp_ipv6addr_param *)paramh;
    paramh->param_type = htons(SCTP_IPV6_ADDRESS);
    paramh->param_length = htons(plen);
    memcpy(ipv6p->addr, &sin6->sin6_addr,
        sizeof(ipv6p->addr));
#if defined(SCTP_EMBEDDED_V6_SCOPE)
    /* clear embedded scope in the address */
    in6_clearscope((struct in6_addr *)ipv6p->addr);
#endif
    SCTP_BUF_LEN(mret) += plen;
    break;
  }
#endif
  default:
    return (m);
  }
  if (len != NULL) {
    *len += plen;
  }
  return (mret);
#endif
}

struct mbuf *
sctp_add_addresses_to_i_ia(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
                           struct sctp_scoping *scope,
         struct mbuf *m_at, int cnt_inits_to,
         uint16_t *padding_len, uint16_t *chunk_len)
{
  struct sctp_vrf *vrf = NULL;
  int cnt, limit_out = 0, total_count;
  uint32_t vrf_id;

  vrf_id = inp->def_vrf_id;
  SCTP_IPI_ADDR_RLOCK();
  vrf = sctp_find_vrf(vrf_id);
  if (vrf == NULL) {
    SCTP_IPI_ADDR_RUNLOCK();
    return (m_at);
  }
  if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
    struct sctp_ifa *sctp_ifap;
    struct sctp_ifn *sctp_ifnp;

    cnt = cnt_inits_to;
    if (vrf->total_ifa_count > SCTP_COUNT_LIMIT) {
      limit_out = 1;
      cnt = SCTP_ADDRESS_LIMIT;
      goto skip_count;
    }
    LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) {
      if ((scope->loopback_scope == 0) &&
          SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) {
        /*
         * Skip loopback devices if loopback_scope
         * not set
         */
        continue;
      }
      LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
        if ((sctp_ifap->address.sa.sa_family == AF_INET) &&
            (prison_check_ip4(inp->ip_inp.inp.inp_cred,
                              &sctp_ifap->address.sin.sin_addr) != 0)) {
          continue;
        }
#endif
#ifdef INET6
        if ((sctp_ifap->address.sa.sa_family == AF_INET6) &&
            (prison_check_ip6(inp->ip_inp.inp.inp_cred,
                              &sctp_ifap->address.sin6.sin6_addr) != 0)) {
          continue;
        }
#endif
#endif
        if (sctp_is_addr_restricted(stcb, sctp_ifap)) {
          continue;
        }
#if defined(__Userspace__)
        if (sctp_ifap->address.sa.sa_family == AF_CONN) {
          continue;
        }
#endif
        if (sctp_is_address_in_scope(sctp_ifap, scope, 1) == 0) {
          continue;
        }
        cnt++;
        if (cnt > SCTP_ADDRESS_LIMIT) {
          break;
        }
      }
      if (cnt > SCTP_ADDRESS_LIMIT) {
        break;
      }
    }
  skip_count:
    if (cnt > 1) {
      total_count = 0;
      LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) {
        cnt = 0;
        if ((scope->loopback_scope == 0) &&
            SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) {
          /*
           * Skip loopback devices if
           * loopback_scope not set
           */
          continue;
        }
        LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
          if ((sctp_ifap->address.sa.sa_family == AF_INET) &&
              (prison_check_ip4(inp->ip_inp.inp.inp_cred,
                                &sctp_ifap->address.sin.sin_addr) != 0)) {
            continue;
          }
#endif
#ifdef INET6
          if ((sctp_ifap->address.sa.sa_family == AF_INET6) &&
              (prison_check_ip6(inp->ip_inp.inp.inp_cred,
                                &sctp_ifap->address.sin6.sin6_addr) != 0)) {
            continue;
          }
#endif
#endif
          if (sctp_is_addr_restricted(stcb, sctp_ifap)) {
            continue;
          }
#if defined(__Userspace__)
          if (sctp_ifap->address.sa.sa_family == AF_CONN) {
            continue;
          }
#endif
          if (sctp_is_address_in_scope(sctp_ifap,
                     scope, 0) == 0) {
            continue;
          }
          if ((chunk_len != NULL) &&
              (padding_len != NULL) &&
              (*padding_len > 0)) {
            memset(mtod(m_at, caddr_t) + *chunk_len, 0, *padding_len);
            SCTP_BUF_LEN(m_at) += *padding_len;
            *chunk_len += *padding_len;
            *padding_len = 0;
          }
          m_at = sctp_add_addr_to_mbuf(m_at, sctp_ifap, chunk_len);
          if (limit_out) {
            cnt++;
            total_count++;
            if (cnt >= 2) {
              /* two from each address */
              break;
            }
            if (total_count > SCTP_ADDRESS_LIMIT) {
              /* No more addresses */
              break;
            }
          }
        }
      }
    }
  } else {
    struct sctp_laddr *laddr;

    cnt = cnt_inits_to;
    /* First, how many ? */
    LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
      if (laddr->ifa == NULL) {
        continue;
      }
      if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED)
        /* Address being deleted by the system, dont
         * list.
         */
        continue;
      if (laddr->action == SCTP_DEL_IP_ADDRESS) {
        /* Address being deleted on this ep
         * don't list.
         */
        continue;
      }
#if defined(__Userspace__)
      if (laddr->ifa->address.sa.sa_family == AF_CONN) {
        continue;
      }
#endif
      if (sctp_is_address_in_scope(laddr->ifa,
                 scope, 1) == 0) {
        continue;
      }
      cnt++;
    }
    /*
     * To get through a NAT we only list addresses if we have
     * more than one. That way if you just bind a single address
     * we let the source of the init dictate our address.
     */
    if (cnt > 1) {
      cnt = cnt_inits_to;
      LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
        if (laddr->ifa == NULL) {
          continue;
        }
        if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
          continue;
        }
#if defined(__Userspace__)
        if (laddr->ifa->address.sa.sa_family == AF_CONN) {
          continue;
        }
#endif
        if (sctp_is_address_in_scope(laddr->ifa,
                   scope, 0) == 0) {
          continue;
        }
        if ((chunk_len != NULL) &&
            (padding_len != NULL) &&
            (*padding_len > 0)) {
          memset(mtod(m_at, caddr_t) + *chunk_len, 0, *padding_len);
          SCTP_BUF_LEN(m_at) += *padding_len;
          *chunk_len += *padding_len;
          *padding_len = 0;
        }
        m_at = sctp_add_addr_to_mbuf(m_at, laddr->ifa, chunk_len);
        cnt++;
        if (cnt >= SCTP_ADDRESS_LIMIT) {
          break;
        }
      }
    }
  }
  SCTP_IPI_ADDR_RUNLOCK();
  return (m_at);
}

static struct sctp_ifa *
sctp_is_ifa_addr_preferred(struct sctp_ifa *ifa,
         uint8_t dest_is_loop,
         uint8_t dest_is_priv,
         sa_family_t fam)
{
  uint8_t dest_is_global = 0;
  /* dest_is_priv is true if destination is a private address */
  /* dest_is_loop is true if destination is a loopback addresses */

  /**
   * Here we determine if its a preferred address. A preferred address
   * means it is the same scope or higher scope then the destination.
   * L = loopback, P = private, G = global
   * -----------------------------------------
   *    src    |  dest | result
   *  ----------------------------------------
   *     L     |    L  |    yes
   *  -----------------------------------------
   *     P     |    L  |    yes-v4 no-v6
   *  -----------------------------------------
   *     G     |    L  |    yes-v4 no-v6
   *  -----------------------------------------
   *     L     |    P  |    no
   *  -----------------------------------------
   *     P     |    P  |    yes
   *  -----------------------------------------
   *     G     |    P  |    no
   *   -----------------------------------------
   *     L     |    G  |    no
   *   -----------------------------------------
   *     P     |    G  |    no
   *    -----------------------------------------
   *     G     |    G  |    yes
   *    -----------------------------------------
   */

  if (ifa->address.sa.sa_family != fam) {
    /* forget mis-matched family */
    return (NULL);
  }
  if ((dest_is_priv == 0) && (dest_is_loop == 0)) {
    dest_is_global = 1;
  }
  SCTPDBG(SCTP_DEBUG_OUTPUT2, "Is destination preferred:");
  SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &ifa->address.sa);
  /* Ok the address may be ok */
#ifdef INET6
  if (fam == AF_INET6) {
    /* ok to use deprecated addresses? no lets not! */
    if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
      SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:1\n");
      return (NULL);
    }
    if (ifa->src_is_priv && !ifa->src_is_loop) {
      if (dest_is_loop) {
        SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:2\n");
        return (NULL);
      }
    }
    if (ifa->src_is_glob) {
      if (dest_is_loop) {
        SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:3\n");
        return (NULL);
      }
    }
  }
#endif
  /* Now that we know what is what, implement or table
   * this could in theory be done slicker (it used to be), but this
   * is straightforward and easier to validate :-)
   */
  SCTPDBG(SCTP_DEBUG_OUTPUT3, "src_loop:%d src_priv:%d src_glob:%d\n",
    ifa->src_is_loop, ifa->src_is_priv, ifa->src_is_glob);
  SCTPDBG(SCTP_DEBUG_OUTPUT3, "dest_loop:%d dest_priv:%d dest_glob:%d\n",
    dest_is_loop, dest_is_priv, dest_is_global);

  if ((ifa->src_is_loop) && (dest_is_priv)) {
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:4\n");
    return (NULL);
  }
  if ((ifa->src_is_glob) && (dest_is_priv)) {
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:5\n");
    return (NULL);
  }
  if ((ifa->src_is_loop) && (dest_is_global)) {
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:6\n");
    return (NULL);
  }
  if ((ifa->src_is_priv) && (dest_is_global)) {
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:7\n");
    return (NULL);
  }
  SCTPDBG(SCTP_DEBUG_OUTPUT3, "YES\n");
  /* its a preferred address */
  return (ifa);
}

static struct sctp_ifa *
sctp_is_ifa_addr_acceptable(struct sctp_ifa *ifa,
          uint8_t dest_is_loop,
          uint8_t dest_is_priv,
          sa_family_t fam)
{
  uint8_t dest_is_global = 0;

  /**
   * Here we determine if its a acceptable address. A acceptable
   * address means it is the same scope or higher scope but we can
   * allow for NAT which means its ok to have a global dest and a
   * private src.
   *
   * L = loopback, P = private, G = global
   * -----------------------------------------
   *  src    |  dest | result
   * -----------------------------------------
   *   L     |   L   |    yes
   *  -----------------------------------------
   *   P     |   L   |    yes-v4 no-v6
   *  -----------------------------------------
   *   G     |   L   |    yes
   * -----------------------------------------
   *   L     |   P   |    no
   * -----------------------------------------
   *   P     |   P   |    yes
   * -----------------------------------------
   *   G     |   P   |    yes - May not work
   * -----------------------------------------
   *   L     |   G   |    no
   * -----------------------------------------
   *   P     |   G   |    yes - May not work
   * -----------------------------------------
   *   G     |   G   |    yes
   * -----------------------------------------
   */

  if (ifa->address.sa.sa_family != fam) {
    /* forget non matching family */
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "ifa_fam:%d fam:%d\n",
      ifa->address.sa.sa_family, fam);
    return (NULL);
  }
  /* Ok the address may be ok */
  SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, &ifa->address.sa);
  SCTPDBG(SCTP_DEBUG_OUTPUT3, "dst_is_loop:%d dest_is_priv:%d\n",
    dest_is_loop, dest_is_priv);
  if ((dest_is_loop == 0) && (dest_is_priv == 0)) {
    dest_is_global = 1;
  }
#ifdef INET6
  if (fam == AF_INET6) {
    /* ok to use deprecated addresses? */
    if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
      return (NULL);
    }
    if (ifa->src_is_priv) {
      /* Special case, linklocal to loop */
      if (dest_is_loop)
        return (NULL);
    }
  }
#endif
  /*
   * Now that we know what is what, implement our table.
   * This could in theory be done slicker (it used to be), but this
   * is straightforward and easier to validate :-)
   */
  SCTPDBG(SCTP_DEBUG_OUTPUT3, "ifa->src_is_loop:%d dest_is_priv:%d\n",
    ifa->src_is_loop,
    dest_is_priv);
  if ((ifa->src_is_loop == 1) && (dest_is_priv)) {
    return (NULL);
  }
  SCTPDBG(SCTP_DEBUG_OUTPUT3, "ifa->src_is_loop:%d dest_is_glob:%d\n",
    ifa->src_is_loop,
    dest_is_global);
  if ((ifa->src_is_loop == 1) && (dest_is_global)) {
    return (NULL);
  }
  SCTPDBG(SCTP_DEBUG_OUTPUT3, "address is acceptable\n");
  /* its an acceptable address */
  return (ifa);
}

int
sctp_is_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa)
{
  struct sctp_laddr *laddr;

  if (stcb == NULL) {
    /* There are no restrictions, no TCB :-) */
    return (0);
  }
  LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) {
    if (laddr->ifa == NULL) {
      SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n",
        __func__);
      continue;
    }
    if (laddr->ifa == ifa) {
      /* Yes it is on the list */
      return (1);
    }
  }
  return (0);
}

int
sctp_is_addr_in_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa)
{
  struct sctp_laddr *laddr;

  if (ifa == NULL)
    return (0);
  LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
    if (laddr->ifa == NULL) {
      SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n",
        __func__);
      continue;
    }
    if ((laddr->ifa == ifa) && laddr->action == 0)
      /* same pointer */
      return (1);
  }
  return (0);
}

static struct sctp_ifa *
sctp_choose_boundspecific_inp(struct sctp_inpcb *inp,
            sctp_route_t *ro,
            uint32_t vrf_id,
            int non_asoc_addr_ok,
            uint8_t dest_is_priv,
            uint8_t dest_is_loop,
            sa_family_t fam)
{
  struct sctp_laddr *laddr, *starting_point;
  void *ifn;
  int resettotop = 0;
  struct sctp_ifn *sctp_ifn;
  struct sctp_ifa *sctp_ifa, *sifa;
  struct sctp_vrf *vrf;
  uint32_t ifn_index;

  vrf = sctp_find_vrf(vrf_id);
  if (vrf == NULL)
    return (NULL);

  ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
  ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro);
  sctp_ifn = sctp_find_ifn(ifn, ifn_index);
  /*
   * first question, is the ifn we will emit on in our list, if so, we
   * want such an address. Note that we first looked for a
   * preferred address.
   */
  if (sctp_ifn) {
    /* is a preferred one on the interface we route out? */
    LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
      if ((sctp_ifa->address.sa.sa_family == AF_INET) &&
          (prison_check_ip4(inp->ip_inp.inp.inp_cred,
                            &sctp_ifa->address.sin.sin_addr) != 0)) {
        continue;
      }
#endif
#ifdef INET6
      if ((sctp_ifa->address.sa.sa_family == AF_INET6) &&
          (prison_check_ip6(inp->ip_inp.inp.inp_cred,
                            &sctp_ifa->address.sin6.sin6_addr) != 0)) {
        continue;
      }
#endif
#endif
      if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
          (non_asoc_addr_ok == 0))
        continue;
      sifa = sctp_is_ifa_addr_preferred(sctp_ifa,
                dest_is_loop,
                dest_is_priv, fam);
      if (sifa == NULL)
        continue;
      if (sctp_is_addr_in_ep(inp, sifa)) {
        atomic_add_int(&sifa->refcount, 1);
        return (sifa);
      }
    }
  }
  /*
   * ok, now we now need to find one on the list of the addresses.
   * We can't get one on the emitting interface so let's find first
   * a preferred one. If not that an acceptable one otherwise...
   * we return NULL.
   */
  starting_point = inp->next_addr_touse;
 once_again:
  if (inp->next_addr_touse == NULL) {
    inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list);
    resettotop = 1;
  }
  for (laddr = inp->next_addr_touse; laddr;
       laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
    if (laddr->ifa == NULL) {
      /* address has been removed */
      continue;
    }
    if (laddr->action == SCTP_DEL_IP_ADDRESS) {
      /* address is being deleted */
      continue;
    }
    sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop,
              dest_is_priv, fam);
    if (sifa == NULL)
      continue;
    atomic_add_int(&sifa->refcount, 1);
    return (sifa);
  }
  if (resettotop == 0) {
    inp->next_addr_touse = NULL;
    goto once_again;
  }

  inp->next_addr_touse = starting_point;
  resettotop = 0;
 once_again_too:
  if (inp->next_addr_touse == NULL) {
    inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list);
    resettotop = 1;
  }

  /* ok, what about an acceptable address in the inp */
  for (laddr = inp->next_addr_touse; laddr;
       laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
    if (laddr->ifa == NULL) {
      /* address has been removed */
      continue;
    }
    if (laddr->action == SCTP_DEL_IP_ADDRESS) {
      /* address is being deleted */
      continue;
    }
    sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop,
               dest_is_priv, fam);
    if (sifa == NULL)
      continue;
    atomic_add_int(&sifa->refcount, 1);
    return (sifa);
  }
  if (resettotop == 0) {
    inp->next_addr_touse = NULL;
    goto once_again_too;
  }

  /*
   * no address bound can be a source for the destination we are in
   * trouble
   */
  return (NULL);
}

static struct sctp_ifa *
sctp_choose_boundspecific_stcb(struct sctp_inpcb *inp,
             struct sctp_tcb *stcb,
             sctp_route_t *ro,
             uint32_t vrf_id,
             uint8_t dest_is_priv,
             uint8_t dest_is_loop,
             int non_asoc_addr_ok,
             sa_family_t fam)
{
  struct sctp_laddr *laddr, *starting_point;
  void *ifn;
  struct sctp_ifn *sctp_ifn;
  struct sctp_ifa *sctp_ifa, *sifa;
  uint8_t start_at_beginning = 0;
  struct sctp_vrf *vrf;
  uint32_t ifn_index;

  /*
   * first question, is the ifn we will emit on in our list, if so, we
   * want that one.
   */
  vrf = sctp_find_vrf(vrf_id);
  if (vrf == NULL)
    return (NULL);

  ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
  ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro);
  sctp_ifn = sctp_find_ifn(ifn, ifn_index);

  /*
   * first question, is the ifn we will emit on in our list?  If so,
   * we want that one. First we look for a preferred. Second, we go
   * for an acceptable.
   */
  if (sctp_ifn) {
    /* first try for a preferred address on the ep */
    LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
      if ((sctp_ifa->address.sa.sa_family == AF_INET) &&
          (prison_check_ip4(inp->ip_inp.inp.inp_cred,
                            &sctp_ifa->address.sin.sin_addr) != 0)) {
        continue;
      }
#endif
#ifdef INET6
      if ((sctp_ifa->address.sa.sa_family == AF_INET6) &&
          (prison_check_ip6(inp->ip_inp.inp.inp_cred,
                            &sctp_ifa->address.sin6.sin6_addr) != 0)) {
        continue;
      }
#endif
#endif
      if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0))
        continue;
      if (sctp_is_addr_in_ep(inp, sctp_ifa)) {
        sifa = sctp_is_ifa_addr_preferred(sctp_ifa, dest_is_loop, dest_is_priv, fam);
        if (sifa == NULL)
          continue;
        if (((non_asoc_addr_ok == 0) &&
             (sctp_is_addr_restricted(stcb, sifa))) ||
            (non_asoc_addr_ok &&
             (sctp_is_addr_restricted(stcb, sifa)) &&
             (!sctp_is_addr_pending(stcb, sifa)))) {
          /* on the no-no list */
          continue;
        }
        atomic_add_int(&sifa->refcount, 1);
        return (sifa);
      }
    }
    /* next try for an acceptable address on the ep */
    LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
      if ((sctp_ifa->address.sa.sa_family == AF_INET) &&
          (prison_check_ip4(inp->ip_inp.inp.inp_cred,
                            &sctp_ifa->address.sin.sin_addr) != 0)) {
        continue;
      }
#endif
#ifdef INET6
      if ((sctp_ifa->address.sa.sa_family == AF_INET6) &&
          (prison_check_ip6(inp->ip_inp.inp.inp_cred,
                            &sctp_ifa->address.sin6.sin6_addr) != 0)) {
        continue;
      }
#endif
#endif
      if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0))
        continue;
      if (sctp_is_addr_in_ep(inp, sctp_ifa)) {
        sifa= sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, dest_is_priv,fam);
        if (sifa == NULL)
          continue;
        if (((non_asoc_addr_ok == 0) &&
             (sctp_is_addr_restricted(stcb, sifa))) ||
            (non_asoc_addr_ok &&
             (sctp_is_addr_restricted(stcb, sifa)) &&
             (!sctp_is_addr_pending(stcb, sifa)))) {
          /* on the no-no list */
          continue;
        }
        atomic_add_int(&sifa->refcount, 1);
        return (sifa);
      }
    }
  }
  /*
   * if we can't find one like that then we must look at all
   * addresses bound to pick one at first preferable then
   * secondly acceptable.
   */
  starting_point = stcb->asoc.last_used_address;
 sctp_from_the_top:
  if (stcb->asoc.last_used_address == NULL) {
    start_at_beginning = 1;
    stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list);
  }
  /* search beginning with the last used address */
  for (laddr = stcb->asoc.last_used_address; laddr;
       laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
    if (laddr->ifa == NULL) {
      /* address has been removed */
      continue;
    }
    if (laddr->action == SCTP_DEL_IP_ADDRESS) {
      /* address is being deleted */
      continue;
    }
    sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, dest_is_priv, fam);
    if (sifa == NULL)
      continue;
    if (((non_asoc_addr_ok == 0) &&
         (sctp_is_addr_restricted(stcb, sifa))) ||
        (non_asoc_addr_ok &&
         (sctp_is_addr_restricted(stcb, sifa)) &&
         (!sctp_is_addr_pending(stcb, sifa)))) {
      /* on the no-no list */
      continue;
    }
    stcb->asoc.last_used_address = laddr;
    atomic_add_int(&sifa->refcount, 1);
    return (sifa);
  }
  if (start_at_beginning == 0) {
    stcb->asoc.last_used_address = NULL;
    goto sctp_from_the_top;
  }
  /* now try for any higher scope than the destination */
  stcb->asoc.last_used_address = starting_point;
  start_at_beginning = 0;
 sctp_from_the_top2:
  if (stcb->asoc.last_used_address == NULL) {
    start_at_beginning = 1;
    stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list);
  }
  /* search beginning with the last used address */
  for (laddr = stcb->asoc.last_used_address; laddr;
       laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
    if (laddr->ifa == NULL) {
      /* address has been removed */
      continue;
    }
    if (laddr->action == SCTP_DEL_IP_ADDRESS) {
      /* address is being deleted */
      continue;
    }
    sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop,
               dest_is_priv, fam);
    if (sifa == NULL)
      continue;
    if (((non_asoc_addr_ok == 0) &&
         (sctp_is_addr_restricted(stcb, sifa))) ||
        (non_asoc_addr_ok &&
         (sctp_is_addr_restricted(stcb, sifa)) &&
         (!sctp_is_addr_pending(stcb, sifa)))) {
      /* on the no-no list */
      continue;
    }
    stcb->asoc.last_used_address = laddr;
    atomic_add_int(&sifa->refcount, 1);
    return (sifa);
  }
  if (start_at_beginning == 0) {
    stcb->asoc.last_used_address = NULL;
    goto sctp_from_the_top2;
  }
  return (NULL);
}

static struct sctp_ifa *
sctp_select_nth_preferred_addr_from_ifn_boundall(struct sctp_ifn *ifn,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                                                 struct sctp_inpcb *inp,
#else
                                                 struct sctp_inpcb *inp SCTP_UNUSED,
#endif
                                                 struct sctp_tcb *stcb,
                                                 int non_asoc_addr_ok,
                                                 uint8_t dest_is_loop,
                                                 uint8_t dest_is_priv,
                                                 int addr_wanted,
                                                 sa_family_t fam,
                                                 sctp_route_t *ro)
{
  struct sctp_ifa *ifa, *sifa;
  int num_eligible_addr = 0;
#ifdef INET6
#ifdef SCTP_EMBEDDED_V6_SCOPE
  struct sockaddr_in6 sin6, lsa6;

  if (fam == AF_INET6) {
    memcpy(&sin6, &ro->ro_dst, sizeof(struct sockaddr_in6));
#ifdef SCTP_KAME
    (void)sa6_recoverscope(&sin6);
#else
    (void)in6_recoverscope(&sin6, &sin6.sin6_addr, NULL);
#endif  /* SCTP_KAME */
  }
#endif  /* SCTP_EMBEDDED_V6_SCOPE */
#endif  /* INET6 */
  LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
    if ((ifa->address.sa.sa_family == AF_INET) &&
        (prison_check_ip4(inp->ip_inp.inp.inp_cred,
                          &ifa->address.sin.sin_addr) != 0)) {
      continue;
    }
#endif
#ifdef INET6
    if ((ifa->address.sa.sa_family == AF_INET6) &&
        (prison_check_ip6(inp->ip_inp.inp.inp_cred,
                          &ifa->address.sin6.sin6_addr) != 0)) {
      continue;
    }
#endif
#endif
    if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
        (non_asoc_addr_ok == 0))
      continue;
    sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop,
              dest_is_priv, fam);
    if (sifa == NULL)
      continue;
#ifdef INET6
    if (fam == AF_INET6 &&
        dest_is_loop &&
        sifa->src_is_loop && sifa->src_is_priv) {
      /* don't allow fe80::1 to be a src on loop ::1, we don't list it
       * to the peer so we will get an abort.
       */
      continue;
    }
#ifdef SCTP_EMBEDDED_V6_SCOPE
    if (fam == AF_INET6 &&
        IN6_IS_ADDR_LINKLOCAL(&sifa->address.sin6.sin6_addr) &&
        IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) {
      /* link-local <-> link-local must belong to the same scope. */
      memcpy(&lsa6, &sifa->address.sin6, sizeof(struct sockaddr_in6));
#ifdef SCTP_KAME
      (void)sa6_recoverscope(&lsa6);
#else
      (void)in6_recoverscope(&lsa6, &lsa6.sin6_addr, NULL);
#endif  /* SCTP_KAME */
      if (sin6.sin6_scope_id != lsa6.sin6_scope_id) {
        continue;
      }
    }
#endif  /* SCTP_EMBEDDED_V6_SCOPE */
#endif  /* INET6 */

#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__Userspace__)
    /* Check if the IPv6 address matches to next-hop.
       In the mobile case, old IPv6 address may be not deleted
       from the interface. Then, the interface has previous and
       new addresses.  We should use one corresponding to the
       next-hop.  (by micchie)
     */
#ifdef INET6
    if (stcb && fam == AF_INET6 &&
        sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) {
      if (sctp_v6src_match_nexthop(&sifa->address.sin6, ro) == 0) {
        continue;
      }
    }
#endif
#ifdef INET
    /* Avoid topologically incorrect IPv4 address */
    if (stcb && fam == AF_INET &&
        sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) {
      if (sctp_v4src_match_nexthop(sifa, ro) == 0) {
        continue;
      }
    }
#endif
#endif
    if (stcb) {
      if (sctp_is_address_in_scope(ifa, &stcb->asoc.scope, 0) == 0) {
        continue;
      }
      if (((non_asoc_addr_ok == 0) &&
           (sctp_is_addr_restricted(stcb, sifa))) ||
          (non_asoc_addr_ok &&
           (sctp_is_addr_restricted(stcb, sifa)) &&
           (!sctp_is_addr_pending(stcb, sifa)))) {
        /*
         * It is restricted for some reason..
         * probably not yet added.
         */
        continue;
      }
    }
    if (num_eligible_addr >= addr_wanted) {
      return (sifa);
    }
    num_eligible_addr++;
  }
  return (NULL);
}

static int
sctp_count_num_preferred_boundall(struct sctp_ifn *ifn,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                                  struct sctp_inpcb *inp,
#else
                                  struct sctp_inpcb *inp SCTP_UNUSED,
#endif
          struct sctp_tcb *stcb,
          int non_asoc_addr_ok,
          uint8_t dest_is_loop,
          uint8_t dest_is_priv,
          sa_family_t fam)
{
  struct sctp_ifa *ifa, *sifa;
  int num_eligible_addr = 0;

  LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
    if ((ifa->address.sa.sa_family == AF_INET) &&
        (prison_check_ip4(inp->ip_inp.inp.inp_cred,
                          &ifa->address.sin.sin_addr) != 0)) {
      continue;
    }
#endif
#ifdef INET6
    if ((ifa->address.sa.sa_family == AF_INET6) &&
        (stcb != NULL) &&
        (prison_check_ip6(inp->ip_inp.inp.inp_cred,
                          &ifa->address.sin6.sin6_addr) != 0)) {
      continue;
    }
#endif
#endif
    if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
        (non_asoc_addr_ok == 0)) {
      continue;
    }
    sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop,
              dest_is_priv, fam);
    if (sifa == NULL) {
      continue;
    }
    if (stcb) {
      if (sctp_is_address_in_scope(ifa, &stcb->asoc.scope, 0) == 0) {
        continue;
      }
      if (((non_asoc_addr_ok == 0) &&
           (sctp_is_addr_restricted(stcb, sifa))) ||
          (non_asoc_addr_ok &&
           (sctp_is_addr_restricted(stcb, sifa)) &&
           (!sctp_is_addr_pending(stcb, sifa)))) {
        /*
         * It is restricted for some reason..
         * probably not yet added.
         */
        continue;
      }
    }
    num_eligible_addr++;
  }
  return (num_eligible_addr);
}

static struct sctp_ifa *
sctp_choose_boundall(struct sctp_inpcb *inp,
                     struct sctp_tcb *stcb,
         struct sctp_nets *net,
         sctp_route_t *ro,
         uint32_t vrf_id,
         uint8_t dest_is_priv,
         uint8_t dest_is_loop,
         int non_asoc_addr_ok,
         sa_family_t fam)
{
  int cur_addr_num = 0, num_preferred = 0;
  void *ifn;
  struct sctp_ifn *sctp_ifn, *looked_at = NULL, *emit_ifn;
  struct sctp_ifa *sctp_ifa, *sifa;
  uint32_t ifn_index;
  struct sctp_vrf *vrf;
#ifdef INET
  int retried = 0;
#endif

  /*-
   * For boundall we can use any address in the association.
   * If non_asoc_addr_ok is set we can use any address (at least in
   * theory). So we look for preferred addresses first. If we find one,
   * we use it. Otherwise we next try to get an address on the
   * interface, which we should be able to do (unless non_asoc_addr_ok
   * is false and we are routed out that way). In these cases where we
   * can't use the address of the interface we go through all the
   * ifn's looking for an address we can use and fill that in. Punting
   * means we send back address 0, which will probably cause problems
   * actually since then IP will fill in the address of the route ifn,
   * which means we probably already rejected it.. i.e. here comes an
   * abort :-<.
   */
  vrf = sctp_find_vrf(vrf_id);
  if (vrf == NULL)
    return (NULL);

  ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
  ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro);
  SCTPDBG(SCTP_DEBUG_OUTPUT2,"ifn from route:%p ifn_index:%d\n", ifn, ifn_index);
  emit_ifn = looked_at = sctp_ifn = sctp_find_ifn(ifn, ifn_index);
  if (sctp_ifn == NULL) {
    /* ?? We don't have this guy ?? */
    SCTPDBG(SCTP_DEBUG_OUTPUT2,"No ifn emit interface?\n");
    goto bound_all_plan_b;
  }
  SCTPDBG(SCTP_DEBUG_OUTPUT2,"ifn_index:%d name:%s is emit interface\n",
    ifn_index, sctp_ifn->ifn_name);

  if (net) {
    cur_addr_num = net->indx_of_eligible_next_to_use;
  }
  num_preferred = sctp_count_num_preferred_boundall(sctp_ifn,
                inp, stcb,
                non_asoc_addr_ok,
                dest_is_loop,
                dest_is_priv, fam);
  SCTPDBG(SCTP_DEBUG_OUTPUT2, "Found %d preferred source addresses for intf:%s\n",
    num_preferred, sctp_ifn->ifn_name);
  if (num_preferred == 0) {
    /*
     * no eligible addresses, we must use some other interface
     * address if we can find one.
     */
    goto bound_all_plan_b;
  }
  /*
   * Ok we have num_eligible_addr set with how many we can use, this
   * may vary from call to call due to addresses being deprecated
   * etc..
   */
  if (cur_addr_num >= num_preferred) {
    cur_addr_num = 0;
  }
  /*
   * select the nth address from the list (where cur_addr_num is the
   * nth) and 0 is the first one, 1 is the second one etc...
   */
  SCTPDBG(SCTP_DEBUG_OUTPUT2, "cur_addr_num:%d\n", cur_addr_num);

  sctp_ifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok, dest_is_loop,
                                                                    dest_is_priv, cur_addr_num, fam, ro);

  /* if sctp_ifa is NULL something changed??, fall to plan b. */
  if (sctp_ifa) {
    atomic_add_int(&sctp_ifa->refcount, 1);
    if (net) {
      /* save off where the next one we will want */
      net->indx_of_eligible_next_to_use = cur_addr_num + 1;
    }
    return (sctp_ifa);
  }
  /*
   * plan_b: Look at all interfaces and find a preferred address. If
   * no preferred fall through to plan_c.
   */
 bound_all_plan_b:
  SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan B\n");
  LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
    SCTPDBG(SCTP_DEBUG_OUTPUT2, "Examine interface %s\n",
      sctp_ifn->ifn_name);
    if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
      /* wrong base scope */
      SCTPDBG(SCTP_DEBUG_OUTPUT2, "skip\n");
      continue;
    }
    if ((sctp_ifn == looked_at) && looked_at) {
      /* already looked at this guy */
      SCTPDBG(SCTP_DEBUG_OUTPUT2, "already seen\n");
      continue;
    }
    num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok,
                                                                  dest_is_loop, dest_is_priv, fam);
    SCTPDBG(SCTP_DEBUG_OUTPUT2,
      "Found ifn:%p %d preferred source addresses\n",
      ifn, num_preferred);
    if (num_preferred == 0) {
      /* None on this interface. */
      SCTPDBG(SCTP_DEBUG_OUTPUT2, "No preferred -- skipping to next\n");
      continue;
    }
    SCTPDBG(SCTP_DEBUG_OUTPUT2,
      "num preferred:%d on interface:%p cur_addr_num:%d\n",
      num_preferred, (void *)sctp_ifn, cur_addr_num);

    /*
     * Ok we have num_eligible_addr set with how many we can
     * use, this may vary from call to call due to addresses
     * being deprecated etc..
     */
    if (cur_addr_num >= num_preferred) {
      cur_addr_num = 0;
    }
    sifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok, dest_is_loop,
                                                                        dest_is_priv, cur_addr_num, fam, ro);
    if (sifa == NULL)
      continue;
    if (net) {
      net->indx_of_eligible_next_to_use = cur_addr_num + 1;
      SCTPDBG(SCTP_DEBUG_OUTPUT2, "we selected %d\n",
        cur_addr_num);
      SCTPDBG(SCTP_DEBUG_OUTPUT2, "Source:");
      SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa);
      SCTPDBG(SCTP_DEBUG_OUTPUT2, "Dest:");
      SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &net->ro._l_addr.sa);
    }
    atomic_add_int(&sifa->refcount, 1);
    return (sifa);
  }
#ifdef INET
again_with_private_addresses_allowed:
#endif
  /* plan_c: do we have an acceptable address on the emit interface */
  sifa = NULL;
  SCTPDBG(SCTP_DEBUG_OUTPUT2,"Trying Plan C: find acceptable on interface\n");
  if (emit_ifn == NULL) {
    SCTPDBG(SCTP_DEBUG_OUTPUT2,"Jump to Plan D - no emit_ifn\n");
    goto plan_d;
  }
  LIST_FOREACH(sctp_ifa, &emit_ifn->ifalist, next_ifa) {
    SCTPDBG(SCTP_DEBUG_OUTPUT2, "ifa:%p\n", (void *)sctp_ifa);
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
    if ((sctp_ifa->address.sa.sa_family == AF_INET) &&
        (prison_check_ip4(inp->ip_inp.inp.inp_cred,
                          &sctp_ifa->address.sin.sin_addr) != 0)) {
      SCTPDBG(SCTP_DEBUG_OUTPUT2,"Jailed\n");
      continue;
    }
#endif
#ifdef INET6
    if ((sctp_ifa->address.sa.sa_family == AF_INET6) &&
        (prison_check_ip6(inp->ip_inp.inp.inp_cred,
                          &sctp_ifa->address.sin6.sin6_addr) != 0)) {
      SCTPDBG(SCTP_DEBUG_OUTPUT2,"Jailed\n");
      continue;
    }
#endif
#endif
    if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
        (non_asoc_addr_ok == 0)) {
      SCTPDBG(SCTP_DEBUG_OUTPUT2,"Defer\n");
      continue;
    }
    sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop,
               dest_is_priv, fam);
    if (sifa == NULL) {
      SCTPDBG(SCTP_DEBUG_OUTPUT2, "IFA not acceptable\n");
      continue;
    }
    if (stcb) {
      if (sctp_is_address_in_scope(sifa, &stcb->asoc.scope, 0) == 0) {
        SCTPDBG(SCTP_DEBUG_OUTPUT2, "NOT in scope\n");
        sifa = NULL;
        continue;
      }
      if (((non_asoc_addr_ok == 0) &&
           (sctp_is_addr_restricted(stcb, sifa))) ||
          (non_asoc_addr_ok &&
           (sctp_is_addr_restricted(stcb, sifa)) &&
           (!sctp_is_addr_pending(stcb, sifa)))) {
        /*
         * It is restricted for some
         * reason.. probably not yet added.
         */
        SCTPDBG(SCTP_DEBUG_OUTPUT2, "Its restricted\n");
        sifa = NULL;
        continue;
      }
    }
    atomic_add_int(&sifa->refcount, 1);
    goto out;
  }
 plan_d:
  /*
   * plan_d: We are in trouble. No preferred address on the emit
   * interface. And not even a preferred address on all interfaces.
   * Go out and see if we can find an acceptable address somewhere
   * amongst all interfaces.
   */
  SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan D looked_at is %p\n", (void *)looked_at);
  LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
    if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
      /* wrong base scope */
      continue;
    }
    LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
      if ((sctp_ifa->address.sa.sa_family == AF_INET) &&
          (prison_check_ip4(inp->ip_inp.inp.inp_cred,
                            &sctp_ifa->address.sin.sin_addr) != 0)) {
        continue;
      }
#endif
#ifdef INET6
      if ((sctp_ifa->address.sa.sa_family == AF_INET6) &&
          (prison_check_ip6(inp->ip_inp.inp.inp_cred,
                            &sctp_ifa->address.sin6.sin6_addr) != 0)) {
        continue;
      }
#endif
#endif
      if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
          (non_asoc_addr_ok == 0))
        continue;
      sifa = sctp_is_ifa_addr_acceptable(sctp_ifa,
                 dest_is_loop,
                 dest_is_priv, fam);
      if (sifa == NULL)
        continue;
      if (stcb) {
        if (sctp_is_address_in_scope(sifa, &stcb->asoc.scope, 0) == 0) {
          sifa = NULL;
          continue;
        }
        if (((non_asoc_addr_ok == 0) &&
             (sctp_is_addr_restricted(stcb, sifa))) ||
            (non_asoc_addr_ok &&
             (sctp_is_addr_restricted(stcb, sifa)) &&
             (!sctp_is_addr_pending(stcb, sifa)))) {
          /*
           * It is restricted for some
           * reason.. probably not yet added.
           */
          sifa = NULL;
          continue;
        }
      }
      goto out;
    }
  }
#ifdef INET
  if (stcb) {
    if ((retried == 0) && (stcb->asoc.scope.ipv4_local_scope == 0)) {
      stcb->asoc.scope.ipv4_local_scope = 1;
      retried = 1;
      goto again_with_private_addresses_allowed;
    } else if (retried == 1) {
      stcb->asoc.scope.ipv4_local_scope = 0;
    }
  }
#endif
out:
#ifdef INET
  if (sifa) {
    if (retried == 1) {
      LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
        if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
          /* wrong base scope */
          continue;
        }
        LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
          struct sctp_ifa *tmp_sifa;

#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
          if ((sctp_ifa->address.sa.sa_family == AF_INET) &&
              (prison_check_ip4(inp->ip_inp.inp.inp_cred,
                                &sctp_ifa->address.sin.sin_addr) != 0)) {
            continue;
          }
#endif
#ifdef INET6
          if ((sctp_ifa->address.sa.sa_family == AF_INET6) &&
              (prison_check_ip6(inp->ip_inp.inp.inp_cred,
                                &sctp_ifa->address.sin6.sin6_addr) != 0)) {
            continue;
          }
#endif
#endif
          if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
              (non_asoc_addr_ok == 0))
            continue;
          tmp_sifa = sctp_is_ifa_addr_acceptable(sctp_ifa,
                                                 dest_is_loop,
                                                 dest_is_priv, fam);
          if (tmp_sifa == NULL) {
            continue;
          }
          if (tmp_sifa == sifa) {
            continue;
          }
          if (stcb) {
            if (sctp_is_address_in_scope(tmp_sifa,
                                         &stcb->asoc.scope, 0) == 0) {
              continue;
            }
            if (((non_asoc_addr_ok == 0) &&
                 (sctp_is_addr_restricted(stcb, tmp_sifa))) ||
                (non_asoc_addr_ok &&
                 (sctp_is_addr_restricted(stcb, tmp_sifa)) &&
                 (!sctp_is_addr_pending(stcb, tmp_sifa)))) {
              /*
               * It is restricted for some
               * reason.. probably not yet added.
               */
              continue;
            }
          }
          if ((tmp_sifa->address.sin.sin_family == AF_INET) &&
              (IN4_ISPRIVATE_ADDRESS(&(tmp_sifa->address.sin.sin_addr)))) {
            sctp_add_local_addr_restricted(stcb, tmp_sifa);
          }
        }
      }
    }
    atomic_add_int(&sifa->refcount, 1);
  }
#endif
  return (sifa);
}

/* tcb may be NULL */
struct sctp_ifa *
sctp_source_address_selection(struct sctp_inpcb *inp,
            struct sctp_tcb *stcb,
            sctp_route_t *ro,
            struct sctp_nets *net,
            int non_asoc_addr_ok, uint32_t vrf_id)
{
  struct sctp_ifa *answer;
  uint8_t dest_is_priv, dest_is_loop;
  sa_family_t fam;
#ifdef INET
  struct sockaddr_in *to = (struct sockaddr_in *)&ro->ro_dst;
#endif
#ifdef INET6
  struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&ro->ro_dst;
#endif

  /**
   * Rules:
   * - Find the route if needed, cache if I can.
   * - Look at interface address in route, Is it in the bound list. If so we
   *   have the best source.
   * - If not we must rotate amongst the addresses.
   *
   * Caveats and issues
   *
   * Do we need to pay attention to scope. We can have a private address
   * or a global address we are sourcing or sending to. So if we draw
   * it out
   * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
   * For V4
   * ------------------------------------------
   *      source     *      dest  *  result
   * -----------------------------------------
   * <a>  Private    *    Global  *  NAT
   * -----------------------------------------
   * <b>  Private    *    Private *  No problem
   * -----------------------------------------
   * <c>  Global     *    Private *  Huh, How will this work?
   * -----------------------------------------
   * <d>  Global     *    Global  *  No Problem
   *------------------------------------------
   * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
   * For V6
   *------------------------------------------
   *      source     *      dest  *  result
   * -----------------------------------------
   * <a>  Linklocal  *    Global  *
   * -----------------------------------------
   * <b>  Linklocal  * Linklocal  *  No problem
   * -----------------------------------------
   * <c>  Global     * Linklocal  *  Huh, How will this work?
   * -----------------------------------------
   * <d>  Global     *    Global  *  No Problem
   *------------------------------------------
   * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
   *
   * And then we add to that what happens if there are multiple addresses
   * assigned to an interface. Remember the ifa on a ifn is a linked
   * list of addresses. So one interface can have more than one IP
   * address. What happens if we have both a private and a global
   * address? Do we then use context of destination to sort out which
   * one is best? And what about NAT's sending P->G may get you a NAT
   * translation, or should you select the G thats on the interface in
   * preference.
   *
   * Decisions:
   *
   * - count the number of addresses on the interface.
   * - if it is one, no problem except case <c>.
   *   For <a> we will assume a NAT out there.
   * - if there are more than one, then we need to worry about scope P
   *   or G. We should prefer G -> G and P -> P if possible.
   *   Then as a secondary fall back to mixed types G->P being a last
   *   ditch one.
   * - The above all works for bound all, but bound specific we need to
   *   use the same concept but instead only consider the bound
   *   addresses. If the bound set is NOT assigned to the interface then
   *   we must use rotation amongst the bound addresses..
   */
#if defined(__FreeBSD__) && !defined(__Userspace__)
  if (ro->ro_nh == NULL) {
#else
  if (ro->ro_rt == NULL) {
#endif
    /*
     * Need a route to cache.
     */
    SCTP_RTALLOC(ro, vrf_id, inp->fibnum);
  }
#if defined(__FreeBSD__) && !defined(__Userspace__)
  if (ro->ro_nh == NULL) {
#else
  if (ro->ro_rt == NULL) {
#endif
    return (NULL);
  }
#if defined(_WIN32)
  /* On Windows the sa_family is U_SHORT or ADDRESS_FAMILY */
  fam = (sa_family_t)ro->ro_dst.sa_family;
#else
  fam = ro->ro_dst.sa_family;
#endif
  dest_is_priv = dest_is_loop = 0;
  /* Setup our scopes for the destination */
  switch (fam) {
#ifdef INET
  case AF_INET:
    /* Scope based on outbound address */
    if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) {
      dest_is_loop = 1;
      if (net != NULL) {
        /* mark it as local */
        net->addr_is_local = 1;
      }
    } else if ((IN4_ISPRIVATE_ADDRESS(&to->sin_addr))) {
      dest_is_priv = 1;
    }
    break;
#endif
#ifdef INET6
  case AF_INET6:
    /* Scope based on outbound address */
#if defined(_WIN32)
    if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr)) {
#else
    if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr) ||
        SCTP_ROUTE_IS_REAL_LOOP(ro)) {
#endif
      /*
       * If the address is a loopback address, which
       * consists of "::1" OR "fe80::1%lo0", we are loopback
       * scope. But we don't use dest_is_priv (link local
       * addresses).
       */
      dest_is_loop = 1;
      if (net != NULL) {
        /* mark it as local */
        net->addr_is_local = 1;
      }
    } else if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) {
      dest_is_priv = 1;
    }
    break;
#endif
  }
  SCTPDBG(SCTP_DEBUG_OUTPUT2, "Select source addr for:");
  SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)&ro->ro_dst);
  SCTP_IPI_ADDR_RLOCK();
  if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
    /*
     * Bound all case
     */
    answer = sctp_choose_boundall(inp, stcb, net, ro, vrf_id,
                dest_is_priv, dest_is_loop,
                non_asoc_addr_ok, fam);
    SCTP_IPI_ADDR_RUNLOCK();
    return (answer);
  }
  /*
   * Subset bound case
   */
  if (stcb) {
    answer = sctp_choose_boundspecific_stcb(inp, stcb, ro,
              vrf_id, dest_is_priv,
              dest_is_loop,
              non_asoc_addr_ok, fam);
  } else {
    answer = sctp_choose_boundspecific_inp(inp, ro, vrf_id,
                   non_asoc_addr_ok,
                   dest_is_priv,
                   dest_is_loop, fam);
  }
  SCTP_IPI_ADDR_RUNLOCK();
  return (answer);
}

static bool
sctp_find_cmsg(int c_type, void *data, struct mbuf *control, size_t cpsize)
{
#if defined(_WIN32)
  WSACMSGHDR cmh;
#else
  struct cmsghdr cmh;
#endif
  struct sctp_sndinfo sndinfo;
  struct sctp_prinfo prinfo;
  struct sctp_authinfo authinfo;
  int tot_len, rem_len, cmsg_data_len, cmsg_data_off, off;
  bool found;

  /*
   * Independent of how many mbufs, find the c_type inside the control
   * structure and copy out the data.
   */
  found = false;
  tot_len = SCTP_BUF_LEN(control);
  for (off = 0; off < tot_len; off += CMSG_ALIGN(cmh.cmsg_len)) {
    rem_len = tot_len - off;
    if (rem_len < (int)CMSG_ALIGN(sizeof(cmh))) {
      /* There is not enough room for one more. */
      return (found);
    }
    m_copydata(control, off, sizeof(cmh), (caddr_t)&cmh);
    if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) {
      /* We dont't have a complete CMSG header. */
      return (found);
    }
    if ((cmh.cmsg_len > INT_MAX) || ((int)cmh.cmsg_len > rem_len)) {
      /* We don't have the complete CMSG. */
      return (found);
    }
    cmsg_data_len = (int)cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh));
    cmsg_data_off = off + CMSG_ALIGN(sizeof(cmh));
    if ((cmh.cmsg_level == IPPROTO_SCTP) &&
        ((c_type == cmh.cmsg_type) ||
         ((c_type == SCTP_SNDRCV) &&
          ((cmh.cmsg_type == SCTP_SNDINFO) ||
           (cmh.cmsg_type == SCTP_PRINFO) ||
           (cmh.cmsg_type == SCTP_AUTHINFO))))) {
      if (c_type == cmh.cmsg_type) {
        if (cpsize > INT_MAX) {
          return (found);
        }
        if (cmsg_data_len < (int)cpsize) {
          return (found);
        }
        /* It is exactly what we want. Copy it out. */
        m_copydata(control, cmsg_data_off, (int)cpsize, (caddr_t)data);
        return (1);
      } else {
        struct sctp_sndrcvinfo *sndrcvinfo;

        sndrcvinfo = (struct sctp_sndrcvinfo *)data;
        if (!found) {
          if (cpsize < sizeof(struct sctp_sndrcvinfo)) {
            return (found);
          }
          memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo));
        }
        switch (cmh.cmsg_type) {
        case SCTP_SNDINFO:
          if (cmsg_data_len < (int)sizeof(struct sctp_sndinfo)) {
            return (found);
          }
          m_copydata(control, cmsg_data_off, sizeof(struct sctp_sndinfo), (caddr_t)&sndinfo);
          sndrcvinfo->sinfo_stream = sndinfo.snd_sid;
          sndrcvinfo->sinfo_flags = sndinfo.snd_flags;
          sndrcvinfo->sinfo_ppid = sndinfo.snd_ppid;
          sndrcvinfo->sinfo_context = sndinfo.snd_context;
          sndrcvinfo->sinfo_assoc_id = sndinfo.snd_assoc_id;
          break;
        case SCTP_PRINFO:
          if (cmsg_data_len < (int)sizeof(struct sctp_prinfo)) {
            return (found);
          }
          m_copydata(control, cmsg_data_off, sizeof(struct sctp_prinfo), (caddr_t)&prinfo);
          if (prinfo.pr_policy != SCTP_PR_SCTP_NONE) {
            sndrcvinfo->sinfo_timetolive = prinfo.pr_value;
          } else {
            sndrcvinfo->sinfo_timetolive = 0;
          }
          sndrcvinfo->sinfo_flags |= prinfo.pr_policy;
          break;
        case SCTP_AUTHINFO:
          if (cmsg_data_len < (int)sizeof(struct sctp_authinfo)) {
            return (found);
          }
          m_copydata(control, cmsg_data_off, sizeof(struct sctp_authinfo), (caddr_t)&authinfo);
          sndrcvinfo->sinfo_keynumber_valid = 1;
          sndrcvinfo->sinfo_keynumber = authinfo.auth_keynumber;
          break;
        default:
          return (found);
        }
        found = true;
      }
    }
  }
  return (found);
}

static int
sctp_process_cmsgs_for_init(struct sctp_tcb *stcb, struct mbuf *control, int *error)
{
#if defined(_WIN32)
  WSACMSGHDR cmh;
#else
  struct cmsghdr cmh;
#endif
  struct sctp_initmsg initmsg;
#ifdef INET
  struct sockaddr_in sin;
#endif
#ifdef INET6
  struct sockaddr_in6 sin6;
#endif
  int tot_len, rem_len, cmsg_data_len, cmsg_data_off, off;

  tot_len = SCTP_BUF_LEN(control);
  for (off = 0; off < tot_len; off += CMSG_ALIGN(cmh.cmsg_len)) {
    rem_len = tot_len - off;
    if (rem_len < (int)CMSG_ALIGN(sizeof(cmh))) {
      /* There is not enough room for one more. */
      *error = EINVAL;
      return (1);
    }
    m_copydata(control, off, sizeof(cmh), (caddr_t)&cmh);
    if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) {
      /* We dont't have a complete CMSG header. */
      *error = EINVAL;
      return (1);
    }
    if ((cmh.cmsg_len > INT_MAX) || ((int)cmh.cmsg_len > rem_len)) {
      /* We don't have the complete CMSG. */
      *error = EINVAL;
      return (1);
    }
    cmsg_data_len = (int)cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh));
    cmsg_data_off = off + CMSG_ALIGN(sizeof(cmh));
    if (cmh.cmsg_level == IPPROTO_SCTP) {
      switch (cmh.cmsg_type) {
      case SCTP_INIT:
        if (cmsg_data_len < (int)sizeof(struct sctp_initmsg)) {
          *error = EINVAL;
          return (1);
        }
        m_copydata(control, cmsg_data_off, sizeof(struct sctp_initmsg), (caddr_t)&initmsg);
        if (initmsg.sinit_max_attempts)
          stcb->asoc.max_init_times = initmsg.sinit_max_attempts;
        if (initmsg.sinit_num_ostreams)
          stcb->asoc.pre_open_streams = initmsg.sinit_num_ostreams;
        if (initmsg.sinit_max_instreams)
          stcb->asoc.max_inbound_streams = initmsg.sinit_max_instreams;
        if (initmsg.sinit_max_init_timeo)
          stcb->asoc.initial_init_rto_max = initmsg.sinit_max_init_timeo;
        if (stcb->asoc.streamoutcnt < stcb->asoc.pre_open_streams) {
          struct sctp_stream_out *tmp_str;
          unsigned int i;
#if defined(SCTP_DETAILED_STR_STATS)
          int j;
#endif

          /* Default is NOT correct */
          SCTPDBG(SCTP_DEBUG_OUTPUT1, "Ok, default:%d pre_open:%d\n",
            stcb->asoc.streamoutcnt, stcb->asoc.pre_open_streams);
          SCTP_TCB_UNLOCK(stcb);
          SCTP_MALLOC(tmp_str,
                      struct sctp_stream_out *,
                      (stcb->asoc.pre_open_streams * sizeof(struct sctp_stream_out)),
                      SCTP_M_STRMO);
          SCTP_TCB_LOCK(stcb);
          if (tmp_str != NULL) {
            SCTP_FREE(stcb->asoc.strmout, SCTP_M_STRMO);
            stcb->asoc.strmout = tmp_str;
            stcb->asoc.strm_realoutsize = stcb->asoc.streamoutcnt = stcb->asoc.pre_open_streams;
          } else {
            stcb->asoc.pre_open_streams = stcb->asoc.streamoutcnt;
          }
          for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
            TAILQ_INIT(&stcb->asoc.strmout[i].outqueue);
            stcb->asoc.ss_functions.sctp_ss_init_stream(stcb, &stcb->asoc.strmout[i], NULL);
            stcb->asoc.strmout[i].chunks_on_queues = 0;
#if defined(SCTP_DETAILED_STR_STATS)
            for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) {
              stcb->asoc.strmout[i].abandoned_sent[j] = 0;
              stcb->asoc.strmout[i].abandoned_unsent[j] = 0;
            }
#else
            stcb->asoc.strmout[i].abandoned_sent[0] = 0;
            stcb->asoc.strmout[i].abandoned_unsent[0] = 0;
#endif
            stcb->asoc.strmout[i].next_mid_ordered = 0;
            stcb->asoc.strmout[i].next_mid_unordered = 0;
            stcb->asoc.strmout[i].sid = i;
            stcb->asoc.strmout[i].last_msg_incomplete = 0;
            stcb->asoc.strmout[i].state = SCTP_STREAM_OPENING;
          }
        }
        break;
#ifdef INET
      case SCTP_DSTADDRV4:
        if (cmsg_data_len < (int)sizeof(struct in_addr)) {
          *error = EINVAL;
          return (1);
        }
        memset(&sin, 0, sizeof(struct sockaddr_in));
        sin.sin_family = AF_INET;
#ifdef HAVE_SIN_LEN
        sin.sin_len = sizeof(struct sockaddr_in);
#endif
        sin.sin_port = stcb->rport;
        m_copydata(control, cmsg_data_off, sizeof(struct in_addr), (caddr_t)&sin.sin_addr);
        if (in_broadcast(sin.sin_addr) ||
            IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) {
          *error = EINVAL;
          return (1);
        }
        if (sctp_add_remote_addr(stcb, (struct sockaddr *)&sin, NULL, stcb->asoc.port,
                                 SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) {
          *error = ENOBUFS;
          return (1);
        }
        break;
#endif
#ifdef INET6
      case SCTP_DSTADDRV6:
        if (cmsg_data_len < (int)sizeof(struct in6_addr)) {
          *error = EINVAL;
          return (1);
        }
        memset(&sin6, 0, sizeof(struct sockaddr_in6));
        sin6.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
        sin6.sin6_len = sizeof(struct sockaddr_in6);
#endif
        sin6.sin6_port = stcb->rport;
        m_copydata(control, cmsg_data_off, sizeof(struct in6_addr), (caddr_t)&sin6.sin6_addr);
        if (IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr) ||
            IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) {
          *error = EINVAL;
          return (1);
        }
#ifdef INET
        if (IN6_IS_ADDR_V4MAPPED(&sin6.sin6_addr)) {
          in6_sin6_2_sin(&sin, &sin6);
          if (in_broadcast(sin.sin_addr) ||
              IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) {
            *error = EINVAL;
            return (1);
          }
          if (sctp_add_remote_addr(stcb, (struct sockaddr *)&sin, NULL, stcb->asoc.port,
                                   SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) {
            *error = ENOBUFS;
            return (1);
          }
        } else
#endif
          if (sctp_add_remote_addr(stcb, (struct sockaddr *)&sin6, NULL, stcb->asoc.port,
                                   SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) {
            *error = ENOBUFS;
            return (1);
          }
        break;
#endif
      default:
        break;
      }
    }
  }
  return (0);
}

#if defined(INET) || defined(INET6)
static struct sctp_tcb *
sctp_findassociation_cmsgs(struct sctp_inpcb **inp_p,
                           uint16_t port,
                           struct mbuf *control,
                           struct sctp_nets **net_p,
                           int *error)
{
#if defined(_WIN32)
  WSACMSGHDR cmh;
#else
  struct cmsghdr cmh;
#endif
  struct sctp_tcb *stcb;
  struct sockaddr *addr;
#ifdef INET
  struct sockaddr_in sin;
#endif
#ifdef INET6
  struct sockaddr_in6 sin6;
#endif
  int tot_len, rem_len, cmsg_data_len, cmsg_data_off, off;

  tot_len = SCTP_BUF_LEN(control);
  for (off = 0; off < tot_len; off += CMSG_ALIGN(cmh.cmsg_len)) {
    rem_len = tot_len - off;
    if (rem_len < (int)CMSG_ALIGN(sizeof(cmh))) {
      /* There is not enough room for one more. */
      *error = EINVAL;
      return (NULL);
    }
    m_copydata(control, off, sizeof(cmh), (caddr_t)&cmh);
    if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) {
      /* We dont't have a complete CMSG header. */
      *error = EINVAL;
      return (NULL);
    }
    if ((cmh.cmsg_len > INT_MAX) || ((int)cmh.cmsg_len > rem_len)) {
      /* We don't have the complete CMSG. */
      *error = EINVAL;
      return (NULL);
    }
    cmsg_data_len = (int)cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh));
    cmsg_data_off = off + CMSG_ALIGN(sizeof(cmh));
    if (cmh.cmsg_level == IPPROTO_SCTP) {
      switch (cmh.cmsg_type) {
#ifdef INET
      case SCTP_DSTADDRV4:
        if (cmsg_data_len < (int)sizeof(struct in_addr)) {
          *error = EINVAL;
          return (NULL);
        }
        memset(&sin, 0, sizeof(struct sockaddr_in));
        sin.sin_family = AF_INET;
#ifdef HAVE_SIN_LEN
        sin.sin_len = sizeof(struct sockaddr_in);
#endif
        sin.sin_port = port;
        m_copydata(control, cmsg_data_off, sizeof(struct in_addr), (caddr_t)&sin.sin_addr);
        addr = (struct sockaddr *)&sin;
        break;
#endif
#ifdef INET6
      case SCTP_DSTADDRV6:
        if (cmsg_data_len < (int)sizeof(struct in6_addr)) {
          *error = EINVAL;
          return (NULL);
        }
        memset(&sin6, 0, sizeof(struct sockaddr_in6));
        sin6.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
        sin6.sin6_len = sizeof(struct sockaddr_in6);
#endif
        sin6.sin6_port = port;
        m_copydata(control, cmsg_data_off, sizeof(struct in6_addr), (caddr_t)&sin6.sin6_addr);
#ifdef INET
        if (IN6_IS_ADDR_V4MAPPED(&sin6.sin6_addr)) {
          in6_sin6_2_sin(&sin, &sin6);
          addr = (struct sockaddr *)&sin;
        } else
#endif
          addr = (struct sockaddr *)&sin6;
        break;
#endif
      default:
        addr = NULL;
        break;
      }
      if (addr) {
        stcb = sctp_findassociation_ep_addr(inp_p, addr, net_p, NULL, NULL);
        if (stcb != NULL) {
          return (stcb);
        }
      }
    }
  }
  return (NULL);
}
#endif

static struct mbuf *
sctp_add_cookie(struct mbuf *init, int init_offset,
    struct mbuf *initack, int initack_offset, struct sctp_state_cookie *stc_in, uint8_t **signature)
{
  struct mbuf *copy_init, *copy_initack, *m_at, *sig, *mret;
  struct sctp_state_cookie *stc;
  struct sctp_paramhdr *ph;
  uint16_t cookie_sz;

  mret = sctp_get_mbuf_for_msg((sizeof(struct sctp_state_cookie) +
              sizeof(struct sctp_paramhdr)), 0,
             M_NOWAIT, 1, MT_DATA);
  if (mret == NULL) {
    return (NULL);
  }
  copy_init = SCTP_M_COPYM(init, init_offset, M_COPYALL, M_NOWAIT);
  if (copy_init == NULL) {
    sctp_m_freem(mret);
    return (NULL);
  }
#ifdef SCTP_MBUF_LOGGING
  if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
    sctp_log_mbc(copy_init, SCTP_MBUF_ICOPY);
  }
#endif
  copy_initack = SCTP_M_COPYM(initack, initack_offset, M_COPYALL,
      M_NOWAIT);
  if (copy_initack == NULL) {
    sctp_m_freem(mret);
    sctp_m_freem(copy_init);
    return (NULL);
  }
#ifdef SCTP_MBUF_LOGGING
  if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
    sctp_log_mbc(copy_initack, SCTP_MBUF_ICOPY);
  }
#endif
  /* easy side we just drop it on the end */
  ph = mtod(mret, struct sctp_paramhdr *);
  SCTP_BUF_LEN(mret) = sizeof(struct sctp_state_cookie) +
      sizeof(struct sctp_paramhdr);
  stc = (struct sctp_state_cookie *)((caddr_t)ph +
      sizeof(struct sctp_paramhdr));
  ph->param_type = htons(SCTP_STATE_COOKIE);
  ph->param_length = 0; /* fill in at the end */
  /* Fill in the stc cookie data */
  memcpy(stc, stc_in, sizeof(struct sctp_state_cookie));

  /* tack the INIT and then the INIT-ACK onto the chain */
  cookie_sz = 0;
  for (m_at = mret; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
    cookie_sz += SCTP_BUF_LEN(m_at);
    if (SCTP_BUF_NEXT(m_at) == NULL) {
      SCTP_BUF_NEXT(m_at) = copy_init;
      break;
    }
  }
  for (m_at = copy_init; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
    cookie_sz += SCTP_BUF_LEN(m_at);
    if (SCTP_BUF_NEXT(m_at) == NULL) {
      SCTP_BUF_NEXT(m_at) = copy_initack;
      break;
    }
  }
  for (m_at = copy_initack; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
    cookie_sz += SCTP_BUF_LEN(m_at);
    if (SCTP_BUF_NEXT(m_at) == NULL) {
      break;
    }
  }
  sig = sctp_get_mbuf_for_msg(SCTP_SIGNATURE_SIZE, 0, M_NOWAIT, 1, MT_DATA);
  if (sig == NULL) {
    /* no space, so free the entire chain */
    sctp_m_freem(mret);
    return (NULL);
  }
  SCTP_BUF_NEXT(m_at) = sig;
  SCTP_BUF_LEN(sig) = SCTP_SIGNATURE_SIZE;
  cookie_sz += SCTP_SIGNATURE_SIZE;
  ph->param_length = htons(cookie_sz);
  *signature = (uint8_t *)mtod(sig, caddr_t);
  memset(*signature, 0, SCTP_SIGNATURE_SIZE);
  return (mret);
}

static uint8_t
sctp_get_ect(struct sctp_tcb *stcb)
{
  if ((stcb != NULL) && (stcb->asoc.ecn_supported == 1)) {
    return (SCTP_ECT0_BIT);
  } else {
    return (0);
  }
}

#if defined(INET) || defined(INET6)
static void
sctp_handle_no_route(struct sctp_tcb *stcb,
                     struct sctp_nets *net,
                     int so_locked)
{
  SCTPDBG(SCTP_DEBUG_OUTPUT1, "dropped packet - no valid source addr\n");

  if (net) {
    SCTPDBG(SCTP_DEBUG_OUTPUT1, "Destination was ");
    SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT1, &net->ro._l_addr.sa);
    if (net->dest_state & SCTP_ADDR_CONFIRMED) {
      if ((net->dest_state & SCTP_ADDR_REACHABLE) && stcb) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "no route takes interface %p down\n", (void *)net);
        sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN,
                              stcb, 0,
                              (void *)net,
                              so_locked);
        net->dest_state &= ~SCTP_ADDR_REACHABLE;
        net->dest_state &= ~SCTP_ADDR_PF;
      }
    }
    if (stcb) {
      if (net == stcb->asoc.primary_destination) {
        /* need a new primary */
        struct sctp_nets *alt;

        alt = sctp_find_alternate_net(stcb, net, 0);
        if (alt != net) {
          if (stcb->asoc.alternate) {
            sctp_free_remote_addr(stcb->asoc.alternate);
          }
          stcb->asoc.alternate = alt;
          atomic_add_int(&stcb->asoc.alternate->ref_count, 1);
          if (net->ro._s_addr) {
            sctp_free_ifa(net->ro._s_addr);
            net->ro._s_addr = NULL;
          }
          net->src_addr_selected = 0;
        }
      }
    }
  }
}
#endif

static int
sctp_lowlevel_chunk_output(struct sctp_inpcb *inp,
    struct sctp_tcb *stcb,  /* may be NULL */
    struct sctp_nets *net,
    struct sockaddr *to,
    struct mbuf *m,
    uint32_t auth_offset,
    struct sctp_auth_chunk *auth,
    uint16_t auth_keyid,
    int nofragment_flag,
    int ecn_ok,
    int out_of_asoc_ok,
    uint16_t src_port,
    uint16_t dest_port,
    uint32_t v_tag,
    uint16_t port,
    union sctp_sockstore *over_addr,
#if defined(__FreeBSD__) && !defined(__Userspace__)
    uint8_t mflowtype, uint32_t mflowid,
#endif
    bool use_zero_crc,
    int so_locked)
/* nofragment_flag to tell if IP_DF should be set (IPv4 only) */
{
  /**
   * Given a mbuf chain (via SCTP_BUF_NEXT()) that holds a packet header
   * WITH an SCTPHDR but no IP header, endpoint inp and sa structure:
   * - fill in the HMAC digest of any AUTH chunk in the packet.
   * - calculate and fill in the SCTP checksum.
   * - prepend an IP address header.
   * - if boundall use INADDR_ANY.
   * - if boundspecific do source address selection.
   * - set fragmentation option for ipV4.
   * - On return from IP output, check/adjust mtu size of output
   *   interface and smallest_mtu size as well.
   */
  /* Will need ifdefs around this */
  struct mbuf *newm;
  struct sctphdr *sctphdr;
  int packet_length;
  int ret;
#if defined(INET) || defined(INET6)
  uint32_t vrf_id;
#endif
#if defined(INET) || defined(INET6)
  struct mbuf *o_pak;
  sctp_route_t *ro = NULL;
  struct udphdr *udp = NULL;
#endif
  uint8_t tos_value;
#if defined(__APPLE__) && !defined(__Userspace__)
  struct socket *so = NULL;
#endif

#if defined(__APPLE__) && !defined(__Userspace__)
  if (so_locked) {
    sctp_lock_assert(SCTP_INP_SO(inp));
    SCTP_TCB_LOCK_ASSERT(stcb);
  } else {
    sctp_unlock_assert(SCTP_INP_SO(inp));
  }
#endif
  if ((net) && (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE)) {
    SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT);
    sctp_m_freem(m);
    return (EFAULT);
  }
#if defined(INET) || defined(INET6)
  if (stcb) {
    vrf_id = stcb->asoc.vrf_id;
  } else {
    vrf_id = inp->def_vrf_id;
  }
#endif
  /* fill in the HMAC digest for any AUTH chunk in the packet */
  if ((auth != NULL) && (stcb != NULL)) {
    sctp_fill_hmac_digest_m(m, auth_offset, auth, stcb, auth_keyid);
  }

  if (net) {
    tos_value = net->dscp;
  } else if (stcb) {
    tos_value = stcb->asoc.default_dscp;
  } else {
    tos_value = inp->sctp_ep.default_dscp;
  }

  switch (to->sa_family) {
#ifdef INET
  case AF_INET:
  {
    struct ip *ip = NULL;
    sctp_route_t iproute;
    int len;

    len = SCTP_MIN_V4_OVERHEAD;
    if (port) {
      len += sizeof(struct udphdr);
    }
    newm = sctp_get_mbuf_for_msg(len, 1, M_NOWAIT, 1, MT_DATA);
    if (newm == NULL) {
      sctp_m_freem(m);
      SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
      return (ENOMEM);
    }
    SCTP_ALIGN_TO_END(newm, len);
    SCTP_BUF_LEN(newm) = len;
    SCTP_BUF_NEXT(newm) = m;
    m = newm;
#if defined(__FreeBSD__) && !defined(__Userspace__)
    if (net != NULL) {
      m->m_pkthdr.flowid = net->flowid;
      M_HASHTYPE_SET(m, net->flowtype);
    } else {
      m->m_pkthdr.flowid = mflowid;
      M_HASHTYPE_SET(m, mflowtype);
    }
#endif
    packet_length = sctp_calculate_len(m);
    ip = mtod(m, struct ip *);
    ip->ip_v = IPVERSION;
    ip->ip_hl = (sizeof(struct ip) >> 2);
    if (tos_value == 0) {
      /*
       * This means especially, that it is not set at the
       * SCTP layer. So use the value from the IP layer.
       */
      tos_value = inp->ip_inp.inp.inp_ip_tos;
    }
    tos_value &= 0xfc;
    if (ecn_ok) {
      tos_value |= sctp_get_ect(stcb);
    }
    if ((nofragment_flag) && (port == 0)) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
      ip->ip_off = htons(IP_DF);
#elif defined(WITH_CONVERT_IP_OFF) || defined(__APPLE__)
      ip->ip_off = IP_DF;
#else
      ip->ip_off = htons(IP_DF);
#endif
    } else {
#if defined(__FreeBSD__) && !defined(__Userspace__)
      ip->ip_off = htons(0);
#else
      ip->ip_off = 0;
#endif
    }
#if defined(__Userspace__)
    ip->ip_id = htons(SCTP_IP_ID(inp)++);
#elif defined(__FreeBSD__)
    /* FreeBSD has a function for ip_id's */
    ip_fillid(ip, V_ip_random_id);
#elif defined(__APPLE__)
#if RANDOM_IP_ID
    ip->ip_id = ip_randomid();
#else
    ip->ip_id = htons(ip_id++);
#endif
#else
    ip->ip_id = SCTP_IP_ID(inp)++;
#endif

    ip->ip_ttl = inp->ip_inp.inp.inp_ip_ttl;
#if defined(__FreeBSD__) && !defined(__Userspace__)
    ip->ip_len = htons(packet_length);
#else
    ip->ip_len = packet_length;
#endif
    ip->ip_tos = tos_value;
    if (port) {
      ip->ip_p = IPPROTO_UDP;
    } else {
      ip->ip_p = IPPROTO_SCTP;
    }
    ip->ip_sum = 0;
    if (net == NULL) {
      ro = &iproute;
      memset(&iproute, 0, sizeof(iproute));
#ifdef HAVE_SA_LEN
      memcpy(&ro->ro_dst, to, to->sa_len);
#else
      memcpy(&ro->ro_dst, to, sizeof(struct sockaddr_in));
#endif
    } else {
      ro = (sctp_route_t *)&net->ro;
    }
    /* Now the address selection part */
    ip->ip_dst.s_addr = ((struct sockaddr_in *)to)->sin_addr.s_addr;

    /* call the routine to select the src address */
    if (net && out_of_asoc_ok == 0) {
      if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED|SCTP_ADDR_IFA_UNUSEABLE))) {
        sctp_free_ifa(net->ro._s_addr);
        net->ro._s_addr = NULL;
        net->src_addr_selected = 0;
#if defined(__FreeBSD__) && !defined(__Userspace__)
        RO_NHFREE(ro);
#else
        if (ro->ro_rt) {
          RTFREE(ro->ro_rt);
          ro->ro_rt = NULL;
        }
#endif
      }
      if (net->src_addr_selected == 0) {
        /* Cache the source address */
        net->ro._s_addr = sctp_source_address_selection(inp,stcb,
                    ro, net, 0,
                    vrf_id);
        net->src_addr_selected = 1;
      }
      if (net->ro._s_addr == NULL) {
        /* No route to host */
        net->src_addr_selected = 0;
        sctp_handle_no_route(stcb, net, so_locked);
        SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
        sctp_m_freem(m);
        return (EHOSTUNREACH);
      }
      ip->ip_src = net->ro._s_addr->address.sin.sin_addr;
    } else {
      if (over_addr == NULL) {
        struct sctp_ifa *_lsrc;

        _lsrc = sctp_source_address_selection(inp, stcb, ro,
                                              net,
                                              out_of_asoc_ok,
                                              vrf_id);
        if (_lsrc == NULL) {
          sctp_handle_no_route(stcb, net, so_locked);
          SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
          sctp_m_freem(m);
          return (EHOSTUNREACH);
        }
        ip->ip_src = _lsrc->address.sin.sin_addr;
        sctp_free_ifa(_lsrc);
      } else {
        ip->ip_src = over_addr->sin.sin_addr;
        SCTP_RTALLOC(ro, vrf_id, inp->fibnum);
      }
    }
    if (port) {
      if (htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)) == 0) {
        sctp_handle_no_route(stcb, net, so_locked);
        SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
        sctp_m_freem(m);
        return (EHOSTUNREACH);
      }
      udp = (struct udphdr *)((caddr_t)ip + sizeof(struct ip));
      udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
      udp->uh_dport = port;
      udp->uh_ulen = htons((uint16_t)(packet_length - sizeof(struct ip)));
#if !defined(__Userspace__)
#if defined(__FreeBSD__)
      if (V_udp_cksum) {
        udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
      } else {
        udp->uh_sum = 0;
      }
#else
      udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
#endif
#else
      udp->uh_sum = 0;
#endif
      sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr));
    } else {
      sctphdr = (struct sctphdr *)((caddr_t)ip + sizeof(struct ip));
    }

    sctphdr->src_port = src_port;
    sctphdr->dest_port = dest_port;
    sctphdr->v_tag = v_tag;
    sctphdr->checksum = 0;

    /*
     * If source address selection fails and we find no route
     * then the ip_output should fail as well with a
     * NO_ROUTE_TO_HOST type error. We probably should catch
     * that somewhere and abort the association right away
     * (assuming this is an INIT being sent).
     */
#if defined(__FreeBSD__) && !defined(__Userspace__)
    if (ro->ro_nh == NULL) {
#else
    if (ro->ro_rt == NULL) {
#endif
      /*
       * src addr selection failed to find a route (or
       * valid source addr), so we can't get there from
       * here (yet)!
       */
      sctp_handle_no_route(stcb, net, so_locked);
      SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
      sctp_m_freem(m);
      return (EHOSTUNREACH);
    }
    if (ro != &iproute) {
      memcpy(&iproute, ro, sizeof(*ro));
    }
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv4 output routine from low level src addr:%x\n",
      (uint32_t) (ntohl(ip->ip_src.s_addr)));
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "Destination is %x\n",
      (uint32_t)(ntohl(ip->ip_dst.s_addr)));
#if defined(__FreeBSD__) && !defined(__Userspace__)
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "RTP route is %p through\n",
      (void *)ro->ro_nh);
#else
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "RTP route is %p through\n",
      (void *)ro->ro_rt);
#endif

    if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
      /* failed to prepend data, give up */
      SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
      sctp_m_freem(m);
      return (ENOMEM);
    }
    SCTP_ATTACH_CHAIN(o_pak, m, packet_length);
    if (port) {
      if (use_zero_crc) {
        SCTP_STAT_INCR(sctps_sendzerocrc);
      } else {
        sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip) + sizeof(struct udphdr));
        SCTP_STAT_INCR(sctps_sendswcrc);
      }
#if !defined(__Userspace__)
#if defined(__FreeBSD__)
      if (V_udp_cksum) {
        SCTP_ENABLE_UDP_CSUM(o_pak);
      }
#else
      SCTP_ENABLE_UDP_CSUM(o_pak);
#endif
#endif
    } else {
      if (use_zero_crc) {
        SCTP_STAT_INCR(sctps_sendzerocrc);
      } else {
#if defined(__FreeBSD__) && !defined(__Userspace__)
        m->m_pkthdr.csum_flags = CSUM_SCTP;
        m->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum);
        SCTP_STAT_INCR(sctps_sendhwcrc);
#else
        if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
              (stcb) && (stcb->asoc.scope.loopback_scope))) {
          sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip));
          SCTP_STAT_INCR(sctps_sendswcrc);
        } else {
          SCTP_STAT_INCR(sctps_sendhwcrc);
        }
#endif
      }
    }
#ifdef SCTP_PACKET_LOGGING
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
      sctp_packet_log(o_pak);
#endif
    /* send it out.  table id is taken from stcb */
#if defined(__APPLE__) && !defined(__Userspace__)
    if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
      so = SCTP_INP_SO(inp);
      SCTP_SOCKET_UNLOCK(so, 0);
    }
#endif
#if defined(__FreeBSD__) && !defined(__Userspace__)
    SCTP_PROBE5(send, NULL, stcb, ip, stcb, sctphdr);
#endif
    SCTP_IP_OUTPUT(ret, o_pak, ro, inp, vrf_id);
#if defined(__APPLE__) && !defined(__Userspace__)
    if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
      atomic_add_int(&stcb->asoc.refcnt, 1);
      SCTP_TCB_UNLOCK(stcb);
      SCTP_SOCKET_LOCK(so, 0);
      SCTP_TCB_LOCK(stcb);
      atomic_subtract_int(&stcb->asoc.refcnt, 1);
    }
#endif
#if defined(__FreeBSD__) && !defined(__Userspace__)
    if (port) {
      UDPSTAT_INC(udps_opackets);
    }
#endif
    SCTP_STAT_INCR(sctps_sendpackets);
    SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
    if (ret)
      SCTP_STAT_INCR(sctps_senderrors);

    SCTPDBG(SCTP_DEBUG_OUTPUT3, "IP output returns %d\n", ret);
    if (net == NULL) {
      /* free tempy routes */
#if defined(__FreeBSD__) && !defined(__Userspace__)
      RO_NHFREE(ro);
#else
      if (ro->ro_rt) {
        RTFREE(ro->ro_rt);
        ro->ro_rt = NULL;
      }
#endif
    } else {
#if defined(__FreeBSD__) && !defined(__Userspace__)
      if ((ro->ro_nh != NULL) && (net->ro._s_addr) &&
#else
      if ((ro->ro_rt != NULL) && (net->ro._s_addr) &&
#endif
          ((net->dest_state & SCTP_ADDR_NO_PMTUD) == 0)) {
        uint32_t mtu;

#if defined(__FreeBSD__) && !defined(__Userspace__)
        mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_nh);
#else
        mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt);
#endif
        if (mtu > 0) {
          if (net->port) {
            mtu -= sizeof(struct udphdr);
          }
          if (mtu < net->mtu) {
            net->mtu = mtu;
            if ((stcb != NULL) && (stcb->asoc.smallest_mtu > mtu)) {
              sctp_pathmtu_adjustment(stcb, mtu, true);
            }
          }
        }
#if defined(__FreeBSD__) && !defined(__Userspace__)
      } else if (ro->ro_nh == NULL) {
#else
      } else if (ro->ro_rt == NULL) {
#endif
        /* route was freed */
        if (net->ro._s_addr &&
            net->src_addr_selected) {
          sctp_free_ifa(net->ro._s_addr);
          net->ro._s_addr = NULL;
        }
        net->src_addr_selected = 0;
      }
    }
    return (ret);
  }
#endif
#ifdef INET6
  case AF_INET6:
  {
    uint32_t flowlabel, flowinfo;
    struct ip6_hdr *ip6h;
    struct route_in6 ip6route;
#if !defined(__Userspace__)
    struct ifnet *ifp;
#endif
    struct sockaddr_in6 *sin6, tmp, *lsa6, lsa6_tmp;
    int prev_scope = 0;
#ifdef SCTP_EMBEDDED_V6_SCOPE
    struct sockaddr_in6 lsa6_storage;
    int error;
#endif
    u_short prev_port = 0;
    int len;

    if (net) {
      flowlabel = net->flowlabel;
    } else if (stcb) {
      flowlabel = stcb->asoc.default_flowlabel;
    } else {
      flowlabel = inp->sctp_ep.default_flowlabel;
    }
    if (flowlabel == 0) {
      /*
       * This means especially, that it is not set at the
       * SCTP layer. So use the value from the IP layer.
       */
#if defined(__APPLE__) && !defined(__Userspace__) && (!defined(APPLE_LEOPARD) && !defined(APPLE_SNOWLEOPARD) && !defined(APPLE_LION) && !defined(APPLE_MOUNTAINLION))
      flowlabel = ntohl(inp->ip_inp.inp.inp_flow);
#else
      flowlabel = ntohl(((struct inpcb *)inp)->inp_flow);
#endif
    }
    flowlabel &= 0x000fffff;
    len = SCTP_MIN_OVERHEAD;
    if (port) {
      len += sizeof(struct udphdr);
    }
    newm = sctp_get_mbuf_for_msg(len, 1, M_NOWAIT, 1, MT_DATA);
    if (newm == NULL) {
      sctp_m_freem(m);
      SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
      return (ENOMEM);
    }
    SCTP_ALIGN_TO_END(newm, len);
    SCTP_BUF_LEN(newm) = len;
    SCTP_BUF_NEXT(newm) = m;
    m = newm;
#if defined(__FreeBSD__) && !defined(__Userspace__)
    if (net != NULL) {
      m->m_pkthdr.flowid = net->flowid;
      M_HASHTYPE_SET(m, net->flowtype);
    } else {
      m->m_pkthdr.flowid = mflowid;
      M_HASHTYPE_SET(m, mflowtype);
    }
#endif
    packet_length = sctp_calculate_len(m);

    ip6h = mtod(m, struct ip6_hdr *);
    /* protect *sin6 from overwrite */
    sin6 = (struct sockaddr_in6 *)to;
    tmp = *sin6;
    sin6 = &tmp;

#ifdef SCTP_EMBEDDED_V6_SCOPE
    /* KAME hack: embed scopeid */
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
    if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL) != 0)
#else
    if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL, NULL) != 0)
#endif
#elif defined(SCTP_KAME)
    if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0)
#else
    if (in6_embedscope(&sin6->sin6_addr, sin6) != 0)
#endif
    {
      SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
      sctp_m_freem(m);
      return (EINVAL);
    }
#endif /* SCTP_EMBEDDED_V6_SCOPE */
    if (net == NULL) {
      memset(&ip6route, 0, sizeof(ip6route));
      ro = (sctp_route_t *)&ip6route;
#ifdef HAVE_SIN6_LEN
      memcpy(&ro->ro_dst, sin6, sin6->sin6_len);
#else
      memcpy(&ro->ro_dst, sin6, sizeof(struct sockaddr_in6));
#endif
    } else {
      ro = (sctp_route_t *)&net->ro;
    }
    /*
     * We assume here that inp_flow is in host byte order within
     * the TCB!
     */
    if (tos_value == 0) {
      /*
       * This means especially, that it is not set at the
       * SCTP layer. So use the value from the IP layer.
       */
#if defined(__APPLE__) && !defined(__Userspace__) && (!defined(APPLE_LEOPARD) && !defined(APPLE_SNOWLEOPARD) && !defined(APPLE_LION) && !defined(APPLE_MOUNTAINLION))
      tos_value = (ntohl(inp->ip_inp.inp.inp_flow) >> 20) & 0xff;
#else
      tos_value = (ntohl(((struct inpcb *)inp)->inp_flow) >> 20) & 0xff;
#endif
    }
    tos_value &= 0xfc;
    if (ecn_ok) {
      tos_value |= sctp_get_ect(stcb);
    }
    flowinfo = 0x06;
    flowinfo <<= 8;
    flowinfo |= tos_value;
    flowinfo <<= 20;
    flowinfo |= flowlabel;
    ip6h->ip6_flow = htonl(flowinfo);
    if (port) {
      ip6h->ip6_nxt = IPPROTO_UDP;
    } else {
      ip6h->ip6_nxt = IPPROTO_SCTP;
    }
    ip6h->ip6_plen = htons((uint16_t)(packet_length - sizeof(struct ip6_hdr)));
    ip6h->ip6_dst = sin6->sin6_addr;

    /*
     * Add SRC address selection here: we can only reuse to a
     * limited degree the kame src-addr-sel, since we can try
     * their selection but it may not be bound.
     */
    memset(&lsa6_tmp, 0, sizeof(lsa6_tmp));
    lsa6_tmp.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
    lsa6_tmp.sin6_len = sizeof(lsa6_tmp);
#endif
    lsa6 = &lsa6_tmp;
    if (net && out_of_asoc_ok == 0) {
      if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED|SCTP_ADDR_IFA_UNUSEABLE))) {
        sctp_free_ifa(net->ro._s_addr);
        net->ro._s_addr = NULL;
        net->src_addr_selected = 0;
#if defined(__FreeBSD__) && !defined(__Userspace__)
        RO_NHFREE(ro);
#else
        if (ro->ro_rt) {
          RTFREE(ro->ro_rt);
          ro->ro_rt = NULL;
        }
#endif
      }
      if (net->src_addr_selected == 0) {
#ifdef SCTP_EMBEDDED_V6_SCOPE
        sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
        /* KAME hack: embed scopeid */
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
        if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL) != 0)
#else
        if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL, NULL) != 0)
#endif
#elif defined(SCTP_KAME)
        if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0)
#else
        if (in6_embedscope(&sin6->sin6_addr, sin6) != 0)
#endif
        {
          SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
          sctp_m_freem(m);
          return (EINVAL);
        }
#endif /* SCTP_EMBEDDED_V6_SCOPE */
        /* Cache the source address */
        net->ro._s_addr = sctp_source_address_selection(inp,
                    stcb,
                    ro,
                    net,
                    0,
                    vrf_id);
#ifdef SCTP_EMBEDDED_V6_SCOPE
#ifdef SCTP_KAME
        (void)sa6_recoverscope(sin6);
#else
        (void)in6_recoverscope(sin6, &sin6->sin6_addr, NULL);
#endif  /* SCTP_KAME */
#endif  /* SCTP_EMBEDDED_V6_SCOPE */
        net->src_addr_selected = 1;
      }
      if (net->ro._s_addr == NULL) {
        SCTPDBG(SCTP_DEBUG_OUTPUT3, "V6:No route to host\n");
        net->src_addr_selected = 0;
        sctp_handle_no_route(stcb, net, so_locked);
        SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
        sctp_m_freem(m);
        return (EHOSTUNREACH);
      }
      lsa6->sin6_addr = net->ro._s_addr->address.sin6.sin6_addr;
    } else {
#ifdef SCTP_EMBEDDED_V6_SCOPE
      sin6 = (struct sockaddr_in6 *)&ro->ro_dst;
      /* KAME hack: embed scopeid */
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
      if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL) != 0)
#else
      if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL, NULL) != 0)
#endif
#elif defined(SCTP_KAME)
      if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0)
#else
      if (in6_embedscope(&sin6->sin6_addr, sin6) != 0)
#endif
        {
        SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
        sctp_m_freem(m);
        return (EINVAL);
        }
#endif /* SCTP_EMBEDDED_V6_SCOPE */
      if (over_addr == NULL) {
        struct sctp_ifa *_lsrc;

        _lsrc = sctp_source_address_selection(inp, stcb, ro,
                                              net,
                                              out_of_asoc_ok,
                                              vrf_id);
        if (_lsrc == NULL) {
          sctp_handle_no_route(stcb, net, so_locked);
          SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
          sctp_m_freem(m);
          return (EHOSTUNREACH);
        }
        lsa6->sin6_addr = _lsrc->address.sin6.sin6_addr;
        sctp_free_ifa(_lsrc);
      } else {
        lsa6->sin6_addr = over_addr->sin6.sin6_addr;
        SCTP_RTALLOC(ro, vrf_id, inp->fibnum);
      }
#ifdef SCTP_EMBEDDED_V6_SCOPE
#ifdef SCTP_KAME
      (void)sa6_recoverscope(sin6);
#else
      (void)in6_recoverscope(sin6, &sin6->sin6_addr, NULL);
#endif  /* SCTP_KAME */
#endif  /* SCTP_EMBEDDED_V6_SCOPE */
    }
    lsa6->sin6_port = inp->sctp_lport;

#if defined(__FreeBSD__) && !defined(__Userspace__)
    if (ro->ro_nh == NULL) {
#else
    if (ro->ro_rt == NULL) {
#endif
      /*
       * src addr selection failed to find a route (or
       * valid source addr), so we can't get there from
       * here!
       */
      sctp_handle_no_route(stcb, net, so_locked);
      SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
      sctp_m_freem(m);
      return (EHOSTUNREACH);
    }
#ifndef SCOPEDROUTING
#ifdef SCTP_EMBEDDED_V6_SCOPE
    /*
     * XXX: sa6 may not have a valid sin6_scope_id in the
     * non-SCOPEDROUTING case.
     */
    memset(&lsa6_storage, 0, sizeof(lsa6_storage));
    lsa6_storage.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
    lsa6_storage.sin6_len = sizeof(lsa6_storage);
#endif
#ifdef SCTP_KAME
    lsa6_storage.sin6_addr = lsa6->sin6_addr;
    if ((error = sa6_recoverscope(&lsa6_storage)) != 0) {
#else
    if ((error = in6_recoverscope(&lsa6_storage, &lsa6->sin6_addr,
        NULL)) != 0) {
#endif        /* SCTP_KAME */
      SCTPDBG(SCTP_DEBUG_OUTPUT3, "recover scope fails error %d\n", error);
      sctp_m_freem(m);
      return (error);
    }
    /* XXX */
    lsa6_storage.sin6_addr = lsa6->sin6_addr;
    lsa6_storage.sin6_port = inp->sctp_lport;
    lsa6 = &lsa6_storage;
#endif /* SCTP_EMBEDDED_V6_SCOPE */
#endif /* SCOPEDROUTING */
    ip6h->ip6_src = lsa6->sin6_addr;

    if (port) {
      if (htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)) == 0) {
        sctp_handle_no_route(stcb, net, so_locked);
        SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
        sctp_m_freem(m);
        return (EHOSTUNREACH);
      }
      udp = (struct udphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr));
      udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
      udp->uh_dport = port;
      udp->uh_ulen = htons((uint16_t)(packet_length - sizeof(struct ip6_hdr)));
      udp->uh_sum = 0;
      sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr));
    } else {
      sctphdr = (struct sctphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr));
    }

    sctphdr->src_port = src_port;
    sctphdr->dest_port = dest_port;
    sctphdr->v_tag = v_tag;
    sctphdr->checksum = 0;

    /*
     * We set the hop limit now since there is a good chance
     * that our ro pointer is now filled
     */
    ip6h->ip6_hlim = SCTP_GET_HLIM(inp, ro);
#if !defined(__Userspace__)
    ifp = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
#endif

#ifdef SCTP_DEBUG
    /* Copy to be sure something bad is not happening */
    sin6->sin6_addr = ip6h->ip6_dst;
    lsa6->sin6_addr = ip6h->ip6_src;
#endif

    SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv6 output routine from low level\n");
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "src: ");
    SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)lsa6);
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "dst: ");
    SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)sin6);
    if (net) {
      sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
      /* preserve the port and scope for link local send */
      prev_scope = sin6->sin6_scope_id;
      prev_port = sin6->sin6_port;
    }

    if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
      /* failed to prepend data, give up */
      sctp_m_freem(m);
      SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
      return (ENOMEM);
    }
    SCTP_ATTACH_CHAIN(o_pak, m, packet_length);
    if (port) {
      sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip6_hdr) + sizeof(struct udphdr));
      SCTP_STAT_INCR(sctps_sendswcrc);
#if !defined(__Userspace__)
#if defined(_WIN32)
      udp->uh_sum = 0;
#else
      if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), packet_length - sizeof(struct ip6_hdr))) == 0) {
        udp->uh_sum = 0xffff;
      }
#endif
#endif
    } else {
#if defined(__FreeBSD__) && !defined(__Userspace__)
      m->m_pkthdr.csum_flags = CSUM_SCTP_IPV6;
      m->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum);
      SCTP_STAT_INCR(sctps_sendhwcrc);
#else
      if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
            (stcb) && (stcb->asoc.scope.loopback_scope))) {
        sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip6_hdr));
        SCTP_STAT_INCR(sctps_sendswcrc);
      } else {
        SCTP_STAT_INCR(sctps_sendhwcrc);
      }
#endif
    }
    /* send it out. table id is taken from stcb */
#if defined(__APPLE__) && !defined(__Userspace__)
    if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
      so = SCTP_INP_SO(inp);
      SCTP_SOCKET_UNLOCK(so, 0);
    }
#endif
#ifdef SCTP_PACKET_LOGGING
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
      sctp_packet_log(o_pak);
#endif
#if !defined(__Userspace__)
#if defined(__FreeBSD__)
    SCTP_PROBE5(send, NULL, stcb, ip6h, stcb, sctphdr);
#endif
    SCTP_IP6_OUTPUT(ret, o_pak, (struct route_in6 *)ro, &ifp, inp, vrf_id);
#else
    SCTP_IP6_OUTPUT(ret, o_pak, (struct route_in6 *)ro, NULL, inp, vrf_id);
#endif
#if defined(__APPLE__) && !defined(__Userspace__)
    if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
      atomic_add_int(&stcb->asoc.refcnt, 1);
      SCTP_TCB_UNLOCK(stcb);
      SCTP_SOCKET_LOCK(so, 0);
      SCTP_TCB_LOCK(stcb);
      atomic_subtract_int(&stcb->asoc.refcnt, 1);
    }
#endif
    if (net) {
      /* for link local this must be done */
      sin6->sin6_scope_id = prev_scope;
      sin6->sin6_port = prev_port;
    }
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "return from send is %d\n", ret);
#if defined(__FreeBSD__) && !defined(__Userspace__)
    if (port) {
      UDPSTAT_INC(udps_opackets);
    }
#endif
    SCTP_STAT_INCR(sctps_sendpackets);
    SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
    if (ret) {
      SCTP_STAT_INCR(sctps_senderrors);
    }
    if (net == NULL) {
      /* Now if we had a temp route free it */
#if defined(__FreeBSD__) && !defined(__Userspace__)
      RO_NHFREE(ro);
#else
      if (ro->ro_rt) {
        RTFREE(ro->ro_rt);
        ro->ro_rt = NULL;
      }
#endif
    } else {
      /* PMTU check versus smallest asoc MTU goes here */
#if defined(__FreeBSD__) && !defined(__Userspace__)
      if (ro->ro_nh == NULL) {
#else
      if (ro->ro_rt == NULL) {
#endif
        /* Route was freed */
        if (net->ro._s_addr &&
            net->src_addr_selected) {
          sctp_free_ifa(net->ro._s_addr);
          net->ro._s_addr = NULL;
        }
        net->src_addr_selected = 0;
      }
#if defined(__FreeBSD__) && !defined(__Userspace__)
      if ((ro->ro_nh != NULL) && (net->ro._s_addr) &&
#else
      if ((ro->ro_rt != NULL) && (net->ro._s_addr) &&
#endif
          ((net->dest_state & SCTP_ADDR_NO_PMTUD) == 0)) {
        uint32_t mtu;

#if defined(__FreeBSD__) && !defined(__Userspace__)
        mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_nh);
#else
        mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt);
#endif
        if (mtu > 0) {
          if (net->port) {
            mtu -= sizeof(struct udphdr);
          }
          if (mtu < net->mtu) {
            net->mtu = mtu;
            if ((stcb != NULL) && (stcb->asoc.smallest_mtu > mtu)) {
              sctp_pathmtu_adjustment(stcb, mtu, false);
            }
          }
        }
      }
#if !defined(__Userspace__)
      else if (ifp != NULL) {
#if defined(_WIN32)
#define ND_IFINFO(ifp)  (ifp)
#define linkmtu   if_mtu
#endif
        if ((ND_IFINFO(ifp)->linkmtu > 0) &&
            (stcb->asoc.smallest_mtu > ND_IFINFO(ifp)->linkmtu)) {
          sctp_pathmtu_adjustment(stcb, ND_IFINFO(ifp)->linkmtu, false);
        }
      }
#endif
    }
    return (ret);
  }
#endif
#if defined(__Userspace__)
  case AF_CONN:
  {
    char *buffer;
    struct sockaddr_conn *sconn;
    int len;

    sconn = (struct sockaddr_conn *)to;
    len = sizeof(struct sctphdr);
    newm = sctp_get_mbuf_for_msg(len, 1, M_NOWAIT, 1, MT_DATA);
    if (newm == NULL) {
      sctp_m_freem(m);
      SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
      return (ENOMEM);
    }
    SCTP_ALIGN_TO_END(newm, len);
    SCTP_BUF_LEN(newm) = len;
    SCTP_BUF_NEXT(newm) = m;
    m = newm;
    packet_length = sctp_calculate_len(m);
    m->m_pkthdr.len = packet_length;
    sctphdr = mtod(m, struct sctphdr *);
    sctphdr->src_port = src_port;
    sctphdr->dest_port = dest_port;
    sctphdr->v_tag = v_tag;
    sctphdr->checksum = 0;
    if (use_zero_crc) {
      SCTP_STAT_INCR(sctps_sendzerocrc);
    } else if (SCTP_BASE_VAR(crc32c_offloaded) == 0) {
      sctphdr->checksum = sctp_calculate_cksum(m, 0);
      SCTP_STAT_INCR(sctps_sendswcrc);
    } else {
      SCTP_STAT_INCR(sctps_sendhwcrc);
    }
    if (tos_value == 0) {
      tos_value = inp->ip_inp.inp.inp_ip_tos;
    }
    tos_value &= 0xfc;
    if (ecn_ok) {
      tos_value |= sctp_get_ect(stcb);
    }
    /* Don't alloc/free for each packet */
    if ((buffer = malloc(packet_length)) != NULL) {
      m_copydata(m, 0, packet_length, buffer);
      ret = SCTP_BASE_VAR(conn_output)(sconn->sconn_addr, buffer, packet_length, tos_value, nofragment_flag);
      free(buffer);
    } else {
      ret = ENOMEM;
    }
    sctp_m_freem(m);
    return (ret);
  }
#endif
  default:
    SCTPDBG(SCTP_DEBUG_OUTPUT1, "Unknown protocol (TSNH) type %d\n",
            ((struct sockaddr *)to)->sa_family);
    sctp_m_freem(m);
    SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT);
    return (EFAULT);
  }
}

void
sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int so_locked)
{
  struct mbuf *m, *m_last;
  struct sctp_nets *net;
  struct sctp_init_chunk *init;
  struct sctp_supported_addr_param *sup_addr;
  struct sctp_adaptation_layer_indication *ali;
  struct sctp_zero_checksum_acceptable *zero_chksum;
  struct sctp_supported_chunk_types_param *pr_supported;
  struct sctp_paramhdr *ph;
  int cnt_inits_to = 0;
  int error;
  uint16_t num_ext, chunk_len, padding_len, parameter_len;

#if defined(__APPLE__) && !defined(__Userspace__)
  if (so_locked) {
    sctp_lock_assert(SCTP_INP_SO(inp));
  } else {
    sctp_unlock_assert(SCTP_INP_SO(inp));
  }
#endif
  /* INIT's always go to the primary (and usually ONLY address) */
  net = stcb->asoc.primary_destination;
  if (net == NULL) {
    net = TAILQ_FIRST(&stcb->asoc.nets);
    if (net == NULL) {
      /* TSNH */
      return;
    }
    /* we confirm any address we send an INIT to */
    net->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
    (void)sctp_set_primary_addr(stcb, NULL, net);
  } else {
    /* we confirm any address we send an INIT to */
    net->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
  }
  SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT\n");
#ifdef INET6
  if (net->ro._l_addr.sa.sa_family == AF_INET6) {
    /*
     * special hook, if we are sending to link local it will not
     * show up in our private address count.
     */
    if (IN6_IS_ADDR_LINKLOCAL(&net->ro._l_addr.sin6.sin6_addr))
      cnt_inits_to = 1;
  }
#endif
  if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
    /* This case should not happen */
    SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - failed timer?\n");
    return;
  }
  /* start the INIT timer */
  sctp_timer_start(SCTP_TIMER_TYPE_INIT, inp, stcb, net);

  m = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_NOWAIT, 1, MT_DATA);
  if (m == NULL) {
    /* No memory, INIT timer will re-attempt. */
    SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - mbuf?\n");
    return;
  }
  chunk_len = (uint16_t)sizeof(struct sctp_init_chunk);
  padding_len = 0;
  /* Now lets put the chunk header in place */
  init = mtod(m, struct sctp_init_chunk *);
  /* now the chunk header */
  init->ch.chunk_type = SCTP_INITIATION;
  init->ch.chunk_flags = 0;
  /* fill in later from mbuf we build */
  init->ch.chunk_length = 0;
  /* place in my tag */
  init->init.initiate_tag = htonl(stcb->asoc.my_vtag);
  /* set up some of the credits. */
  init->init.a_rwnd = htonl(max(inp->sctp_socket?SCTP_SB_LIMIT_RCV(inp->sctp_socket):0,
                                SCTP_MINIMAL_RWND));
  init->init.num_outbound_streams = htons(stcb->asoc.pre_open_streams);
  init->init.num_inbound_streams = htons(stcb->asoc.max_inbound_streams);
  init->init.initial_tsn = htonl(stcb->asoc.init_seq_number);

  /* Adaptation layer indication parameter */
  if (inp->sctp_ep.adaptation_layer_indicator_provided) {
    parameter_len = (uint16_t)sizeof(struct sctp_adaptation_layer_indication);
    ali = (struct sctp_adaptation_layer_indication *)(mtod(m, caddr_t) + chunk_len);
    ali->ph.param_type = htons(SCTP_ULP_ADAPTATION);
    ali->ph.param_length = htons(parameter_len);
    ali->indication = htonl(inp->sctp_ep.adaptation_layer_indicator);
    chunk_len += parameter_len;
  }

  /* ECN parameter */
  if (stcb->asoc.ecn_supported == 1) {
    parameter_len = (uint16_t)sizeof(struct sctp_paramhdr);
    ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len);
    ph->param_type = htons(SCTP_ECN_CAPABLE);
    ph->param_length = htons(parameter_len);
    chunk_len += parameter_len;
  }

  /* PR-SCTP supported parameter */
  if (stcb->asoc.prsctp_supported == 1) {
    parameter_len = (uint16_t)sizeof(struct sctp_paramhdr);
    ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len);
    ph->param_type = htons(SCTP_PRSCTP_SUPPORTED);
    ph->param_length = htons(parameter_len);
    chunk_len += parameter_len;
  }

  /* Zero checksum acceptable parameter */
  if (stcb->asoc.rcv_edmid != SCTP_EDMID_NONE) {
    parameter_len = (uint16_t)sizeof(struct sctp_zero_checksum_acceptable);
    zero_chksum = (struct sctp_zero_checksum_acceptable *)(mtod(m, caddr_t) + chunk_len);
    zero_chksum->ph.param_type = htons(SCTP_ZERO_CHECKSUM_ACCEPTABLE);
    zero_chksum->ph.param_length = htons(parameter_len);
    zero_chksum->edmid = htonl(stcb->asoc.rcv_edmid);
    chunk_len += parameter_len;
  }

  /* Add NAT friendly parameter. */
  if (SCTP_BASE_SYSCTL(sctp_inits_include_nat_friendly)) {
    parameter_len = (uint16_t)sizeof(struct sctp_paramhdr);
    ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len);
    ph->param_type = htons(SCTP_HAS_NAT_SUPPORT);
    ph->param_length = htons(parameter_len);
    chunk_len += parameter_len;
  }

  /* And now tell the peer which extensions we support */
  num_ext = 0;
  pr_supported = (struct sctp_supported_chunk_types_param *)(mtod(m, caddr_t) + chunk_len);
  if (stcb->asoc.prsctp_supported == 1) {
    pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN;
    if (stcb->asoc.idata_supported) {
      pr_supported->chunk_types[num_ext++] = SCTP_IFORWARD_CUM_TSN;
    }
  }
  if (stcb->asoc.auth_supported == 1) {
    pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION;
  }
  if (stcb->asoc.asconf_supported == 1) {
    pr_supported->chunk_types[num_ext++] = SCTP_ASCONF;
    pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK;
  }
  if (stcb->asoc.reconfig_supported == 1) {
    pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET;
  }
  if (stcb->asoc.idata_supported) {
    pr_supported->chunk_types[num_ext++] = SCTP_IDATA;
  }
  if (stcb->asoc.nrsack_supported == 1) {
    pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK;
  }
  if (stcb->asoc.pktdrop_supported == 1) {
    pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED;
  }
  if (num_ext > 0) {
    parameter_len = (uint16_t)sizeof(struct sctp_supported_chunk_types_param) + num_ext;
    pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT);
    pr_supported->ph.param_length = htons(parameter_len);
    padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
    chunk_len += parameter_len;
  }
  /* add authentication parameters */
  if (stcb->asoc.auth_supported) {
    /* attach RANDOM parameter, if available */
    if (stcb->asoc.authinfo.random != NULL) {
      struct sctp_auth_random *randp;

      if (padding_len > 0) {
        memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
        chunk_len += padding_len;
        padding_len = 0;
      }
      randp = (struct sctp_auth_random *)(mtod(m, caddr_t) + chunk_len);
      parameter_len = (uint16_t)sizeof(struct sctp_auth_random) + stcb->asoc.authinfo.random_len;
      /* random key already contains the header */
      memcpy(randp, stcb->asoc.authinfo.random->key, parameter_len);
      padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
      chunk_len += parameter_len;
    }
    /* add HMAC_ALGO parameter */
    if (stcb->asoc.local_hmacs != NULL) {
      struct sctp_auth_hmac_algo *hmacs;

      if (padding_len > 0) {
        memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
        chunk_len += padding_len;
        padding_len = 0;
      }
      hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t) + chunk_len);
      parameter_len = (uint16_t)(sizeof(struct sctp_auth_hmac_algo) +
                                 stcb->asoc.local_hmacs->num_algo * sizeof(uint16_t));
      hmacs->ph.param_type = htons(SCTP_HMAC_LIST);
      hmacs->ph.param_length = htons(parameter_len);
      sctp_serialize_hmaclist(stcb->asoc.local_hmacs, (uint8_t *)hmacs->hmac_ids);
      padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
      chunk_len += parameter_len;
    }
    /* add CHUNKS parameter */
    if (stcb->asoc.local_auth_chunks != NULL) {
      struct sctp_auth_chunk_list *chunks;

      if (padding_len > 0) {
        memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
        chunk_len += padding_len;
        padding_len = 0;
      }
      chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t) + chunk_len);
      parameter_len = (uint16_t)(sizeof(struct sctp_auth_chunk_list) +
                                 sctp_auth_get_chklist_size(stcb->asoc.local_auth_chunks));
      chunks->ph.param_type = htons(SCTP_CHUNK_LIST);
      chunks->ph.param_length = htons(parameter_len);
      sctp_serialize_auth_chunks(stcb->asoc.local_auth_chunks, chunks->chunk_types);
      padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
      chunk_len += parameter_len;
    }
  }

  /* now any cookie time extensions */
  if (stcb->asoc.cookie_preserve_req > 0) {
    struct sctp_cookie_perserve_param *cookie_preserve;

    if (padding_len > 0) {
      memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
      chunk_len += padding_len;
      padding_len = 0;
    }
    parameter_len = (uint16_t)sizeof(struct sctp_cookie_perserve_param);
    cookie_preserve = (struct sctp_cookie_perserve_param *)(mtod(m, caddr_t) + chunk_len);
    cookie_preserve->ph.param_type = htons(SCTP_COOKIE_PRESERVE);
    cookie_preserve->ph.param_length = htons(parameter_len);
    cookie_preserve->time = htonl(stcb->asoc.cookie_preserve_req);
    stcb->asoc.cookie_preserve_req = 0;
    chunk_len += parameter_len;
  }

  if (stcb->asoc.scope.ipv4_addr_legal || stcb->asoc.scope.ipv6_addr_legal) {
    uint8_t i;

    if (padding_len > 0) {
      memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
      chunk_len += padding_len;
      padding_len = 0;
    }
    parameter_len = (uint16_t)sizeof(struct sctp_paramhdr);
    if (stcb->asoc.scope.ipv4_addr_legal) {
      parameter_len += (uint16_t)sizeof(uint16_t);
    }
    if (stcb->asoc.scope.ipv6_addr_legal) {
      parameter_len += (uint16_t)sizeof(uint16_t);
    }
    sup_addr = (struct sctp_supported_addr_param *)(mtod(m, caddr_t) + chunk_len);
    sup_addr->ph.param_type = htons(SCTP_SUPPORTED_ADDRTYPE);
    sup_addr->ph.param_length = htons(parameter_len);
    i = 0;
    if (stcb->asoc.scope.ipv4_addr_legal) {
      sup_addr->addr_type[i++] = htons(SCTP_IPV4_ADDRESS);
    }
    if (stcb->asoc.scope.ipv6_addr_legal) {
      sup_addr->addr_type[i++] = htons(SCTP_IPV6_ADDRESS);
    }
    padding_len = 4 - 2 * i;
    chunk_len += parameter_len;
  }

  SCTP_BUF_LEN(m) = chunk_len;
  /* now the addresses */
  /* To optimize this we could put the scoping stuff
   * into a structure and remove the individual uint8's from
   * the assoc structure. Then we could just sifa in the
   * address within the stcb. But for now this is a quick
   * hack to get the address stuff teased apart.
   */
  m_last = sctp_add_addresses_to_i_ia(inp, stcb, &stcb->asoc.scope,
                                      m, cnt_inits_to,
                                      &padding_len, &chunk_len);

  init->ch.chunk_length = htons(chunk_len);
  if (padding_len > 0) {
    if (sctp_add_pad_tombuf(m_last, padding_len) == NULL) {
      sctp_m_freem(m);
      return;
    }
  }
  SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - calls lowlevel_output\n");
  if ((error = sctp_lowlevel_chunk_output(inp, stcb, net,
                                          (struct sockaddr *)&net->ro._l_addr,
                                          m, 0, NULL, 0, 0, 0, 0,
                                          inp->sctp_lport, stcb->rport, htonl(0),
                                          net->port, NULL,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                                          0, 0,
#endif
                                          false, so_locked))) {
    SCTPDBG(SCTP_DEBUG_OUTPUT4, "Gak send error %d\n", error);
    if (error == ENOBUFS) {
      stcb->asoc.ifp_had_enobuf = 1;
      SCTP_STAT_INCR(sctps_lowlevelerr);
    }
  } else {
    stcb->asoc.ifp_had_enobuf = 0;
  }
  SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
  (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time);
}

struct mbuf *
sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
                                      int param_offset, int *abort_processing,
                                      struct sctp_chunkhdr *cp,
                                      int *nat_friendly,
                                      int *cookie_found,
                                      uint32_t *edmid)
{
  /*
   * Given a mbuf containing an INIT or INIT-ACK with the param_offset
   * being equal to the beginning of the params i.e. (iphlen +
   * sizeof(struct sctp_init_msg) parse through the parameters to the
   * end of the mbuf verifying that all parameters are known.
   *
   * For unknown parameters build and return a mbuf with
   * UNRECOGNIZED_PARAMETER errors. If the flags indicate to stop
   * processing this chunk stop, and set *abort_processing to 1.
   *
   * By having param_offset be pre-set to where parameters begin it is
   * hoped that this routine may be reused in the future by new
   * features.
   */
  struct sctp_zero_checksum_acceptable zero_chksum, *zero_chksum_p;
  struct sctp_paramhdr *phdr, params;
  struct mbuf *mat, *m_tmp, *op_err, *op_err_last;
  int at, limit, pad_needed;
  uint16_t ptype, plen, padded_size;

  *abort_processing = 0;
  if (cookie_found != NULL) {
    *cookie_found = 0;
  }
  if (edmid != NULL) {
    *edmid = SCTP_EDMID_NONE;
  }
  mat = in_initpkt;
  limit = ntohs(cp->chunk_length) - sizeof(struct sctp_init_chunk);
  at = param_offset;
  op_err = NULL;
  op_err_last = NULL;
  pad_needed = 0;
  SCTPDBG(SCTP_DEBUG_OUTPUT1, "Check for unrecognized param's\n");
  phdr = sctp_get_next_param(mat, at, &params, sizeof(params));
  while ((phdr != NULL) && ((size_t)limit >= sizeof(struct sctp_paramhdr))) {
    ptype = ntohs(phdr->param_type);
    plen = ntohs(phdr->param_length);
    if ((plen > limit) || (plen < sizeof(struct sctp_paramhdr))) {
      /* wacked parameter */
      SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error %d\n", plen);
      goto invalid_size;
    }
    limit -= SCTP_SIZE32(plen);
    /*-
     * All parameters for all chunks that we know/understand are
     * listed here. We process them other places and make
     * appropriate stop actions per the upper bits. However this
     * is the generic routine processor's can call to get back
     * an operr.. to either incorporate (init-ack) or send.
     */
    padded_size = SCTP_SIZE32(plen);
    switch (ptype) {
      /* Param's with variable size */
    case SCTP_HEARTBEAT_INFO:
    case SCTP_UNRECOG_PARAM:
    case SCTP_ERROR_CAUSE_IND:
      /* ok skip fwd */
      at += padded_size;
      break;
    case SCTP_STATE_COOKIE:
      if (cookie_found != NULL) {
        *cookie_found = 1;
      }
      at += padded_size;
      break;
      /* Param's with variable size within a range */
    case SCTP_CHUNK_LIST:
    case SCTP_SUPPORTED_CHUNK_EXT:
      if (padded_size > (sizeof(struct sctp_supported_chunk_types_param) + (sizeof(uint8_t) * SCTP_MAX_SUPPORTED_EXT))) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error chklist %d\n", plen);
        goto invalid_size;
      }
      at += padded_size;
      break;
    case SCTP_SUPPORTED_ADDRTYPE:
      if (padded_size > SCTP_MAX_ADDR_PARAMS_SIZE) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error supaddrtype %d\n", plen);
        goto invalid_size;
      }
      at += padded_size;
      break;
    case SCTP_ZERO_CHECKSUM_ACCEPTABLE:
      if (padded_size != sizeof(struct sctp_zero_checksum_acceptable)) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error checksum acceptable %d\n", plen);
        goto invalid_size;
      }
      if (edmid != NULL) {
        phdr = sctp_get_next_param(mat, at,
                                   (struct sctp_paramhdr *)&zero_chksum,
                                   sizeof(struct sctp_zero_checksum_acceptable));
        if (phdr != NULL) {
          zero_chksum_p = (struct sctp_zero_checksum_acceptable *)phdr;
          *edmid = ntohl(zero_chksum_p->edmid);
        }
      }
      at += padded_size;
      break;
    case SCTP_RANDOM:
      if (padded_size > (sizeof(struct sctp_auth_random) + SCTP_RANDOM_MAX_SIZE)) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error random %d\n", plen);
        goto invalid_size;
      }
      at += padded_size;
      break;
    case SCTP_SET_PRIM_ADDR:
    case SCTP_DEL_IP_ADDRESS:
    case SCTP_ADD_IP_ADDRESS:
      if ((padded_size != sizeof(struct sctp_asconf_addrv4_param)) &&
          (padded_size != sizeof(struct sctp_asconf_addr_param))) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error setprim %d\n", plen);
        goto invalid_size;
      }
      at += padded_size;
      break;
      /* Param's with a fixed size */
    case SCTP_IPV4_ADDRESS:
      if (padded_size != sizeof(struct sctp_ipv4addr_param)) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv4 addr %d\n", plen);
        goto invalid_size;
      }
      at += padded_size;
      break;
    case SCTP_IPV6_ADDRESS:
      if (padded_size != sizeof(struct sctp_ipv6addr_param)) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv6 addr %d\n", plen);
        goto invalid_size;
      }
      at += padded_size;
      break;
    case SCTP_COOKIE_PRESERVE:
      if (padded_size != sizeof(struct sctp_cookie_perserve_param)) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error cookie-preserve %d\n", plen);
        goto invalid_size;
      }
      at += padded_size;
      break;
    case SCTP_HAS_NAT_SUPPORT:
      if (padded_size != sizeof(struct sctp_paramhdr)) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error nat support %d\n", plen);
        goto invalid_size;
      }
      *nat_friendly = 1;
      at += padded_size;
      break;
    case SCTP_PRSCTP_SUPPORTED:
      if (padded_size != sizeof(struct sctp_paramhdr)) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error prsctp %d\n", plen);
        goto invalid_size;
      }
      at += padded_size;
      break;
    case SCTP_ECN_CAPABLE:
      if (padded_size != sizeof(struct sctp_paramhdr)) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ecn %d\n", plen);
        goto invalid_size;
      }
      at += padded_size;
      break;
    case SCTP_ULP_ADAPTATION:
      if (padded_size != sizeof(struct sctp_adaptation_layer_indication)) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error adapatation %d\n", plen);
        goto invalid_size;
      }
      at += padded_size;
      break;
    case SCTP_SUCCESS_REPORT:
      if (padded_size != sizeof(struct sctp_asconf_paramhdr)) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error success %d\n", plen);
        goto invalid_size;
      }
      at += padded_size;
      break;
    case SCTP_HOSTNAME_ADDRESS:
    {
      /* Hostname parameters are deprecated. */
      struct sctp_gen_error_cause *cause;
      int l_len;

      SCTPDBG(SCTP_DEBUG_OUTPUT1, "Can't handle hostname addresses.. abort processing\n");
      *abort_processing = 1;
      sctp_m_freem(op_err);
      op_err = NULL;
      op_err_last = NULL;
#ifdef INET6
      l_len = SCTP_MIN_OVERHEAD;
#else
      l_len = SCTP_MIN_V4_OVERHEAD;
#endif
      l_len += sizeof(struct sctp_chunkhdr);
      l_len += sizeof(struct sctp_gen_error_cause);
      op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA);
      if (op_err != NULL) {
        /*
         * Pre-reserve space for IP, SCTP, and
         * chunk header.
         */
#ifdef INET6
        SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
#else
        SCTP_BUF_RESV_UF(op_err, sizeof(struct ip));
#endif
        SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
        SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
        SCTP_BUF_LEN(op_err) = sizeof(struct sctp_gen_error_cause);
        cause = mtod(op_err, struct sctp_gen_error_cause *);
        cause->code = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR);
        cause->length = htons((uint16_t)(sizeof(struct sctp_gen_error_cause) + plen));
        SCTP_BUF_NEXT(op_err) = SCTP_M_COPYM(mat, at, plen, M_NOWAIT);
        if (SCTP_BUF_NEXT(op_err) == NULL) {
          sctp_m_freem(op_err);
          op_err = NULL;
          op_err_last = NULL;
        }
      }
      return (op_err);
    }
    default:
      /*
       * we do not recognize the parameter figure out what
       * we do.
       */
      SCTPDBG(SCTP_DEBUG_OUTPUT1, "Hit default param %x\n", ptype);
      if ((ptype & 0x4000) == 0x4000) {
        /* Report bit is set?? */
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "report op err\n");
        if (op_err == NULL) {
          int l_len;
          /* Ok need to try to get an mbuf */
#ifdef INET6
          l_len = SCTP_MIN_OVERHEAD;
#else
          l_len = SCTP_MIN_V4_OVERHEAD;
#endif
          l_len += sizeof(struct sctp_chunkhdr);
          l_len += sizeof(struct sctp_paramhdr);
          op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA);
          if (op_err) {
            SCTP_BUF_LEN(op_err) = 0;
#ifdef INET6
            SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
#else
            SCTP_BUF_RESV_UF(op_err, sizeof(struct ip));
#endif
            SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
            SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
            op_err_last = op_err;
          }
        }
        if (op_err != NULL) {
          /* If we have space */
          struct sctp_paramhdr *param;

          if (pad_needed > 0) {
            op_err_last = sctp_add_pad_tombuf(op_err_last, pad_needed);
          }
          if (op_err_last == NULL) {
            sctp_m_freem(op_err);
            op_err = NULL;
            op_err_last = NULL;
            goto more_processing;
          }
          if (M_TRAILINGSPACE(op_err_last) < (int)sizeof(struct sctp_paramhdr)) {
            m_tmp = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), 0, M_NOWAIT, 1, MT_DATA);
            if (m_tmp == NULL) {
              sctp_m_freem(op_err);
              op_err = NULL;
              op_err_last = NULL;
              goto more_processing;
            }
            SCTP_BUF_LEN(m_tmp) = 0;
            SCTP_BUF_NEXT(m_tmp) = NULL;
            SCTP_BUF_NEXT(op_err_last) = m_tmp;
            op_err_last = m_tmp;
          }
          param = (struct sctp_paramhdr *)(mtod(op_err_last, caddr_t) + SCTP_BUF_LEN(op_err_last));
          param->param_type = htons(SCTP_UNRECOG_PARAM);
          param->param_length = htons((uint16_t)sizeof(struct sctp_paramhdr) + plen);
          SCTP_BUF_LEN(op_err_last) += sizeof(struct sctp_paramhdr);
          SCTP_BUF_NEXT(op_err_last) = SCTP_M_COPYM(mat, at, plen, M_NOWAIT);
          if (SCTP_BUF_NEXT(op_err_last) == NULL) {
            sctp_m_freem(op_err);
            op_err = NULL;
            op_err_last = NULL;
            goto more_processing;
          } else {
            while (SCTP_BUF_NEXT(op_err_last) != NULL) {
              op_err_last = SCTP_BUF_NEXT(op_err_last);
            }
          }
          if (plen % 4 != 0) {
            pad_needed = 4 - (plen % 4);
          } else {
            pad_needed = 0;
          }
        }
      }
    more_processing:
      if ((ptype & 0x8000) == 0x0000) {
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "stop proc\n");
        return (op_err);
      } else {
        /* skip this chunk and continue processing */
        SCTPDBG(SCTP_DEBUG_OUTPUT1, "move on\n");
        at += SCTP_SIZE32(plen);
      }
      break;
    }
    phdr = sctp_get_next_param(mat, at, &params, sizeof(params));
  }
  return (op_err);
 invalid_size:
  SCTPDBG(SCTP_DEBUG_OUTPUT1, "abort flag set\n");
  *abort_processing = 1;
  sctp_m_freem(op_err);
  op_err = NULL;
  op_err_last = NULL;
  if (phdr != NULL) {
    struct sctp_paramhdr *param;
    int l_len;
#ifdef INET6
    l_len = SCTP_MIN_OVERHEAD;
#else
    l_len = SCTP_MIN_V4_OVERHEAD;
#endif
    l_len += sizeof(struct sctp_chunkhdr);
    l_len += (2 * sizeof(struct sctp_paramhdr));
    op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA);
    if (op_err) {
      SCTP_BUF_LEN(op_err) = 0;
#ifdef INET6
      SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
#else
      SCTP_BUF_RESV_UF(op_err, sizeof(struct ip));
#endif
      SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
      SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
      SCTP_BUF_LEN(op_err) = 2 * sizeof(struct sctp_paramhdr);
      param = mtod(op_err, struct sctp_paramhdr *);
      param->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
      param->param_length = htons(2 * sizeof(struct sctp_paramhdr));
      param++;
      param->param_type = htons(ptype);
      param->param_length = htons(plen);
    }
  }
  return (op_err);
}

/*
 * Given a INIT chunk, look through the parameters to verify that there
 * are no new addresses.
 * Return true, if there is a new address or there is a problem parsing
   the parameters. Provide an optional error cause used when sending an ABORT.
 * Return false, if there are no new addresses and there is no problem in
   parameter processing.
 */
static bool
sctp_are_there_new_addresses(struct sctp_association *asoc,
    struct mbuf *in_initpkt, int offset, int limit, struct sockaddr *src,
    struct mbuf **op_err)
{
  struct sockaddr *sa_touse;
  struct sockaddr *sa;
  struct sctp_paramhdr *phdr, params;
  struct sctp_nets *net;
#ifdef INET
  struct sockaddr_in sin4, *sa4;
#endif
#ifdef INET6
  struct sockaddr_in6 sin6, *sa6;
#endif
#if defined(__Userspace__)
  struct sockaddr_conn *sac;
#endif
  uint16_t ptype, plen;
  bool fnd, check_src;

  *op_err = NULL;
#ifdef INET
  memset(&sin4, 0, sizeof(sin4));
  sin4.sin_family = AF_INET;
#ifdef HAVE_SIN_LEN
  sin4.sin_len = sizeof(sin4);
#endif
#endif
#ifdef INET6
  memset(&sin6, 0, sizeof(sin6));
  sin6.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
  sin6.sin6_len = sizeof(sin6);
#endif
#endif
  /* First what about the src address of the pkt ? */
  check_src = false;
  switch (src->sa_family) {
#ifdef INET
  case AF_INET:
    if (asoc->scope.ipv4_addr_legal) {
      check_src = true;
    }
    break;
#endif
#ifdef INET6
  case AF_INET6:
    if (asoc->scope.ipv6_addr_legal) {
      check_src = true;
    }
    break;
#endif
#if defined(__Userspace__)
  case AF_CONN:
    if (asoc->scope.conn_addr_legal) {
      check_src = true;
    }
    break;
#endif
  default:
    /* TSNH */
    break;
  }
  if (check_src) {
    fnd = false;
    TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
      sa = (struct sockaddr *)&net->ro._l_addr;
      if (sa->sa_family == src->sa_family) {
#ifdef INET
        if (sa->sa_family == AF_INET) {
          struct sockaddr_in *src4;

          sa4 = (struct sockaddr_in *)sa;
          src4 = (struct sockaddr_in *)src;
          if (sa4->sin_addr.s_addr == src4->sin_addr.s_addr) {
            fnd = true;
            break;
          }
        }
#endif
#ifdef INET6
        if (sa->sa_family == AF_INET6) {
          struct sockaddr_in6 *src6;

          sa6 = (struct sockaddr_in6 *)sa;
          src6 = (struct sockaddr_in6 *)src;
          if (SCTP6_ARE_ADDR_EQUAL(sa6, src6)) {
            fnd = true;
            break;
          }
        }
#endif
#if defined(__Userspace__)
        if (sa->sa_family == AF_CONN) {
          struct sockaddr_conn *srcc;

          sac = (struct sockaddr_conn *)sa;
          srcc = (struct sockaddr_conn *)src;
          if (sac->sconn_addr == srcc->sconn_addr) {
            fnd = true;
            break;
          }
        }
#endif
      }
    }
    if (!fnd) {
      /*
       * If sending an ABORT in case of an additional address,
       * don't use the new address error cause.
       * This looks no different than if no listener was
       * present.
       */
      *op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), "Address added");
      return (true);
    }
  }
  /* Ok so far lets munge through the rest of the packet */
  offset += sizeof(struct sctp_init_chunk);
  phdr = sctp_get_next_param(in_initpkt, offset, &params, sizeof(params));
  while (phdr) {
    sa_touse = NULL;
    ptype = ntohs(phdr->param_type);
    plen = ntohs(phdr->param_length);
    if (offset + plen > limit) {
      *op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, "Partial parameter");
      return (true);
    }
    if (plen < sizeof(struct sctp_paramhdr)) {
      *op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, "Parameter length too small");
      return (true);
    }
    switch (ptype) {
#ifdef INET
    case SCTP_IPV4_ADDRESS:
    {
      struct sctp_ipv4addr_param *p4, p4_buf;

      if (plen != sizeof(struct sctp_ipv4addr_param)) {
        *op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, "Parameter length illegal");
        return (true);
      }
      phdr = sctp_get_next_param(in_initpkt, offset,
          (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf));
      if (phdr == NULL) {
        *op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, "");
        return (true);
      }
      if (asoc->scope.ipv4_addr_legal) {
        p4 = (struct sctp_ipv4addr_param *)phdr;
        sin4.sin_addr.s_addr = p4->addr;
        sa_touse = (struct sockaddr *)&sin4;
      }
      break;
    }
#endif
#ifdef INET6
    case SCTP_IPV6_ADDRESS:
    {
      struct sctp_ipv6addr_param *p6, p6_buf;

      if (plen != sizeof(struct sctp_ipv6addr_param)) {
        *op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, "Parameter length illegal");
        return (true);
      }
      phdr = sctp_get_next_param(in_initpkt, offset,
          (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf));
      if (phdr == NULL) {
        *op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, "");
        return (true);
      }
      if (asoc->scope.ipv6_addr_legal) {
        p6 = (struct sctp_ipv6addr_param *)phdr;
        memcpy((caddr_t)&sin6.sin6_addr, p6->addr,
               sizeof(p6->addr));
        sa_touse = (struct sockaddr *)&sin6;
      }
      break;
    }
#endif
    default:
      sa_touse = NULL;
      break;
    }
    if (sa_touse) {
      /* ok, sa_touse points to one to check */
      fnd = false;
      TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
        sa = (struct sockaddr *)&net->ro._l_addr;
        if (sa->sa_family != sa_touse->sa_family) {
          continue;
        }
#ifdef INET
        if (sa->sa_family == AF_INET) {
          sa4 = (struct sockaddr_in *)sa;
          if (sa4->sin_addr.s_addr ==
              sin4.sin_addr.s_addr) {
            fnd = true;
            break;
          }
        }
#endif
#ifdef INET6
        if (sa->sa_family == AF_INET6) {
          sa6 = (struct sockaddr_in6 *)sa;
          if (SCTP6_ARE_ADDR_EQUAL(
              sa6, &sin6)) {
            fnd = true;
            break;
          }
        }
#endif
      }
      if (!fnd) {
        /*
         * If sending an ABORT in case of an additional
         * address, don't use the new address error
         * cause.
         * This looks no different than if no listener
         * was present.
         */
        *op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), "Address added");
        return (true);
      }
    }
    offset += SCTP_SIZE32(plen);
    if (offset >= limit) {
      break;
    }
    phdr = sctp_get_next_param(in_initpkt, offset, &params, sizeof(params));
  }
  return (false);
}

/*
 * Given a MBUF chain that was sent into us containing an INIT. Build a
 * INIT-ACK with COOKIE and send back. We assume that the in_initpkt has done
 * a pullup to include IPv6/4header, SCTP header and initial part of INIT
 * message (i.e. the struct sctp_init_msg).
 */
void
sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
                       struct sctp_nets *src_net, struct mbuf *init_pkt,
                       int iphlen, int offset,
                       struct sockaddr *src, struct sockaddr *dst,
                       struct sctphdr *sh, struct sctp_init_chunk *init_chk,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                       uint8_t mflowtype, uint32_t mflowid,
#endif
                       uint32_t vrf_id, uint16_t port)
{
  struct sctp_association *asoc;
  struct mbuf *m, *m_tmp, *m_last, *m_cookie, *op_err;
  struct sctp_init_ack_chunk *initack;
  struct sctp_adaptation_layer_indication *ali;
  struct sctp_zero_checksum_acceptable *zero_chksum;
  struct sctp_supported_chunk_types_param *pr_supported;
  struct sctp_paramhdr *ph;
  union sctp_sockstore *over_addr;
  struct sctp_scoping scp;
  struct timeval now;
#ifdef INET
  struct sockaddr_in *dst4 = (struct sockaddr_in *)dst;
  struct sockaddr_in *src4 = (struct sockaddr_in *)src;
  struct sockaddr_in *sin;
#endif
#ifdef INET6
  struct sockaddr_in6 *dst6 = (struct sockaddr_in6 *)dst;
  struct sockaddr_in6 *src6 = (struct sockaddr_in6 *)src;
  struct sockaddr_in6 *sin6;
#endif
#if defined(__Userspace__)
  struct sockaddr_conn *dstconn = (struct sockaddr_conn *)dst;
  struct sockaddr_conn *srcconn = (struct sockaddr_conn *)src;
  struct sockaddr_conn *sconn;
#endif
  struct sockaddr *to;
  struct sctp_state_cookie stc;
  struct sctp_nets *net = NULL;
  uint8_t *signature = NULL;
  int cnt_inits_to = 0;
  uint16_t his_limit, i_want;
  int abort_flag;
  int nat_friendly = 0;
  int error;
  struct socket *so;
  uint32_t edmid;
  uint16_t num_ext, chunk_len, padding_len, parameter_len;
  bool use_zero_crc;

  if (stcb) {
    asoc = &stcb->asoc;
  } else {
    asoc = NULL;
  }
  if ((asoc != NULL) &&
      (SCTP_GET_STATE(stcb) != SCTP_STATE_COOKIE_WAIT)) {
    if (sctp_are_there_new_addresses(asoc, init_pkt, offset, offset + ntohs(init_chk->ch.chunk_length), src, &op_err)) {
      /*
       * new addresses, out of here in non-cookie-wait states
       */
      sctp_send_abort(init_pkt, iphlen, src, dst, sh, 0, op_err,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                      mflowtype, mflowid, inp->fibnum,
#endif
                      vrf_id, port);
      return;
    }
    if (src_net != NULL && (src_net->port != port)) {
      /*
       * change of remote encapsulation port, out of here in
       * non-cookie-wait states
       *
       * Send an ABORT, without an specific error cause.
       * This looks no different than if no listener
       * was present.
       */
      op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
                                   "Remote encapsulation port changed");
      sctp_send_abort(init_pkt, iphlen, src, dst, sh, 0, op_err,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                      mflowtype, mflowid, inp->fibnum,
#endif
                      vrf_id, port);
      return;
    }
  }
  abort_flag = 0;
  op_err = sctp_arethere_unrecognized_parameters(init_pkt,
                                                 (offset + sizeof(struct sctp_init_chunk)),
                                                 &abort_flag,
                                                 (struct sctp_chunkhdr *)init_chk,
                                                 &nat_friendly, NULL, &edmid);
  if (abort_flag) {
  do_a_abort:
    if (op_err == NULL) {
      char msg[SCTP_DIAG_INFO_LEN];

      SCTP_SNPRINTF(msg, sizeof(msg), "%s:%d at %s", __FILE__, __LINE__, __func__);
      op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
                                   msg);
    }
    sctp_send_abort(init_pkt, iphlen, src, dst, sh,
        init_chk->init.initiate_tag, op_err,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                    mflowtype, mflowid, inp->fibnum,
#endif
                    vrf_id, port);
    return;
  }
  m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA);
  if (m == NULL) {
    /* No memory, INIT timer will re-attempt. */
    sctp_m_freem(op_err);
    return;
  }
  chunk_len = (uint16_t)sizeof(struct sctp_init_ack_chunk);
  padding_len = 0;

  /*
   * We might not overwrite the identification[] completely and on
   * some platforms time_entered will contain some padding.
   * Therefore zero out the cookie to avoid putting
   * uninitialized memory on the wire.
   */
  memset(&stc, 0, sizeof(struct sctp_state_cookie));

  /* the time I built cookie */
  (void)SCTP_GETTIME_TIMEVAL(&now);
  stc.time_entered.tv_sec = now.tv_sec;
  stc.time_entered.tv_usec = now.tv_usec;

  /* populate any tie tags */
  if (asoc != NULL) {
    /* unlock before tag selections */
    stc.tie_tag_my_vtag = asoc->my_vtag_nonce;
    stc.tie_tag_peer_vtag = asoc->peer_vtag_nonce;
    stc.cookie_life = asoc->cookie_life;
    net = asoc->primary_destination;
  } else {
    stc.tie_tag_my_vtag = 0;
    stc.tie_tag_peer_vtag = 0;
    /* life I will award this cookie */
    stc.cookie_life = inp->sctp_ep.def_cookie_life;
  }

  /* copy in the ports for later check */
  stc.myport = sh->dest_port;
  stc.peerport = sh->src_port;

  /*
   * If we wanted to honor cookie life extensions, we would add to
   * stc.cookie_life. For now we should NOT honor any extension
   */
  stc.site_scope = stc.local_scope = stc.loopback_scope = 0;
  if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
    stc.ipv6_addr_legal = 1;
    if (SCTP_IPV6_V6ONLY(inp)) {
      stc.ipv4_addr_legal = 0;
    } else {
      stc.ipv4_addr_legal = 1;
    }
#if defined(__Userspace__)
    stc.conn_addr_legal = 0;
#endif
  } else {
    stc.ipv6_addr_legal = 0;
#if defined(__Userspace__)
    if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_CONN) {
      stc.conn_addr_legal = 1;
      stc.ipv4_addr_legal = 0;
    } else {
      stc.conn_addr_legal = 0;
      stc.ipv4_addr_legal = 1;
    }
#else
    stc.ipv4_addr_legal = 1;
#endif
  }
  stc.ipv4_scope = 0;
  if (net == NULL) {
    to = src;
    switch (dst->sa_family) {
#ifdef INET
    case AF_INET:
    {
      /* lookup address */
      stc.address[0] = src4->sin_addr.s_addr;
      stc.address[1] = 0;
      stc.address[2] = 0;
      stc.address[3] = 0;
      stc.addr_type = SCTP_IPV4_ADDRESS;
      /* local from address */
      stc.laddress[0] = dst4->sin_addr.s_addr;
      stc.laddress[1] = 0;
      stc.laddress[2] = 0;
      stc.laddress[3] = 0;
      stc.laddr_type = SCTP_IPV4_ADDRESS;
      /* scope_id is only for v6 */
      stc.scope_id = 0;
      if ((IN4_ISPRIVATE_ADDRESS(&src4->sin_addr)) ||
          (IN4_ISPRIVATE_ADDRESS(&dst4->sin_addr))) {
        stc.ipv4_scope = 1;
      }
      /* Must use the address in this case */
      if (sctp_is_address_on_local_host(src, vrf_id)) {
        stc.loopback_scope = 1;
        stc.ipv4_scope = 1;
        stc.site_scope = 1;
        stc.local_scope = 0;
      }
      break;
    }
#endif
#ifdef INET6
    case AF_INET6:
    {
      stc.addr_type = SCTP_IPV6_ADDRESS;
      memcpy(&stc.address, &src6->sin6_addr, sizeof(struct in6_addr));
#if defined(__FreeBSD__) && !defined(__Userspace__)
      stc.scope_id = ntohs(in6_getscope(&src6->sin6_addr));
#else
      stc.scope_id = 0;
#endif
      if (sctp_is_address_on_local_host(src, vrf_id)) {
        stc.loopback_scope = 1;
        stc.local_scope = 0;
        stc.site_scope = 1;
        stc.ipv4_scope = 1;
      } else if (IN6_IS_ADDR_LINKLOCAL(&src6->sin6_addr) ||
                 IN6_IS_ADDR_LINKLOCAL(&dst6->sin6_addr)) {
        /*
         * If the new destination or source is a
         * LINK_LOCAL we must have common both site and
         * local scope. Don't set local scope though
         * since we must depend on the source to be
         * added implicitly. We cannot assure just
         * because we share one link that all links are
         * common.
         */
#if defined(__APPLE__) && !defined(__Userspace__)
        /* Mac OS X currently doesn't have in6_getscope() */
        stc.scope_id = src6->sin6_addr.s6_addr16[1];
#endif
        stc.local_scope = 0;
        stc.site_scope = 1;
        stc.ipv4_scope = 1;
        /*
         * we start counting for the private address
         * stuff at 1. since the link local we
         * source from won't show up in our scoped
         * count.
         */
        cnt_inits_to = 1;
        /* pull out the scope_id from incoming pkt */
      } else if (IN6_IS_ADDR_SITELOCAL(&src6->sin6_addr) ||
                 IN6_IS_ADDR_SITELOCAL(&dst6->sin6_addr)) {
        /*
         * If the new destination or source is
         * SITE_LOCAL then we must have site scope in
         * common.
         */
        stc.site_scope = 1;
      }
      memcpy(&stc.laddress, &dst6->sin6_addr, sizeof(struct in6_addr));
      stc.laddr_type = SCTP_IPV6_ADDRESS;
      break;
    }
#endif
#if defined(__Userspace__)
    case AF_CONN:
    {
      /* lookup address */
      stc.address[0] = 0;
      stc.address[1] = 0;
      stc.address[2] = 0;
      stc.address[3] = 0;
      memcpy(&stc.address, &srcconn->sconn_addr, sizeof(void *));
      stc.addr_type = SCTP_CONN_ADDRESS;
      /* local from address */
      stc.laddress[0] = 0;
      stc.laddress[1] = 0;
      stc.laddress[2] = 0;
      stc.laddress[3] = 0;
      memcpy(&stc.laddress, &dstconn->sconn_addr, sizeof(void *));
      stc.laddr_type = SCTP_CONN_ADDRESS;
      /* scope_id is only for v6 */
      stc.scope_id = 0;
      break;
    }
#endif
    default:
      /* TSNH */
      goto do_a_abort;
      break;
    }
  } else {
    /* set the scope per the existing tcb */

#ifdef INET6
    struct sctp_nets *lnet;
#endif

    stc.loopback_scope = asoc->scope.loopback_scope;
    stc.ipv4_scope = asoc->scope.ipv4_local_scope;
    stc.site_scope = asoc->scope.site_scope;
    stc.local_scope = asoc->scope.local_scope;
#ifdef INET6
    /* Why do we not consider IPv4 LL addresses? */
    TAILQ_FOREACH(lnet, &asoc->nets, sctp_next) {
      if (lnet->ro._l_addr.sin6.sin6_family == AF_INET6) {
        if (IN6_IS_ADDR_LINKLOCAL(&lnet->ro._l_addr.sin6.sin6_addr)) {
          /*
           * if we have a LL address, start
           * counting at 1.
           */
          cnt_inits_to = 1;
        }
      }
    }
#endif
    /* use the net pointer */
    to = (struct sockaddr *)&net->ro._l_addr;
    switch (to->sa_family) {
#ifdef INET
    case AF_INET:
      sin = (struct sockaddr_in *)to;
      stc.address[0] = sin->sin_addr.s_addr;
      stc.address[1] = 0;
      stc.address[2] = 0;
      stc.address[3] = 0;
      stc.addr_type = SCTP_IPV4_ADDRESS;
      if (net->src_addr_selected == 0) {
        /*
         * strange case here, the INIT should have
         * did the selection.
         */
        net->ro._s_addr = sctp_source_address_selection(inp,
                    stcb, (sctp_route_t *)&net->ro,
                    net, 0, vrf_id);
        if (net->ro._s_addr == NULL) {
          sctp_m_freem(op_err);
          sctp_m_freem(m);
          return;
        }

        net->src_addr_selected = 1;
      }
      stc.laddress[0] = net->ro._s_addr->address.sin.sin_addr.s_addr;
      stc.laddress[1] = 0;
      stc.laddress[2] = 0;
      stc.laddress[3] = 0;
      stc.laddr_type = SCTP_IPV4_ADDRESS;
      /* scope_id is only for v6 */
      stc.scope_id = 0;
      break;
#endif
#ifdef INET6
    case AF_INET6:
      sin6 = (struct sockaddr_in6 *)to;
      memcpy(&stc.address, &sin6->sin6_addr,
             sizeof(struct in6_addr));
      stc.addr_type = SCTP_IPV6_ADDRESS;
      stc.scope_id = sin6->sin6_scope_id;
      if (net->src_addr_selected == 0) {
        /*
         * strange case here, the INIT should have
         * done the selection.
         */
        net->ro._s_addr = sctp_source_address_selection(inp,
                    stcb, (sctp_route_t *)&net->ro,
                    net, 0, vrf_id);
        if (net->ro._s_addr == NULL) {
          sctp_m_freem(op_err);
          sctp_m_freem(m);
          return;
        }

        net->src_addr_selected = 1;
      }
      memcpy(&stc.laddress, &net->ro._s_addr->address.sin6.sin6_addr,
             sizeof(struct in6_addr));
      stc.laddr_type = SCTP_IPV6_ADDRESS;
      break;
#endif
#if defined(__Userspace__)
    case AF_CONN:
      sconn = (struct sockaddr_conn *)to;
      stc.address[0] = 0;
      stc.address[1] = 0;
      stc.address[2] = 0;
      stc.address[3] = 0;
      memcpy(&stc.address, &sconn->sconn_addr, sizeof(void *));
      stc.addr_type = SCTP_CONN_ADDRESS;
      stc.laddress[0] = 0;
      stc.laddress[1] = 0;
      stc.laddress[2] = 0;
      stc.laddress[3] = 0;
      memcpy(&stc.laddress, &sconn->sconn_addr, sizeof(void *));
      stc.laddr_type = SCTP_CONN_ADDRESS;
      stc.scope_id = 0;
      break;
#endif
    }
  }
  if (asoc != NULL) {
    stc.rcv_edmid = asoc->rcv_edmid;
  } else {
    stc.rcv_edmid = inp->rcv_edmid;
  }
  /* Now lets put the SCTP header in place */
  initack = mtod(m, struct sctp_init_ack_chunk *);
  /* Save it off for quick ref */
  stc.peers_vtag = ntohl(init_chk->init.initiate_tag);
  /* who are we */
  memcpy(stc.identification, SCTP_VERSION_STRING,
         min(strlen(SCTP_VERSION_STRING), sizeof(stc.identification)));
  memset(stc.reserved, 0, SCTP_RESERVE_SPACE);
  /* now the chunk header */
  initack->ch.chunk_type = SCTP_INITIATION_ACK;
  initack->ch.chunk_flags = 0;
  /* fill in later from mbuf we build */
  initack->ch.chunk_length = 0;
  /* place in my tag */
  if ((asoc != NULL) &&
      ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) ||
       (SCTP_GET_STATE(stcb) == SCTP_STATE_INUSE) ||
       (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED))) {
    /* re-use the v-tags and init-seq here */
    initack->init.initiate_tag = htonl(asoc->my_vtag);
    initack->init.initial_tsn = htonl(asoc->init_seq_number);
  } else {
    uint32_t vtag, itsn;

    if (asoc) {
      atomic_add_int(&asoc->refcnt, 1);
      SCTP_TCB_UNLOCK(stcb);
    new_tag:
      SCTP_INP_INFO_RLOCK();
      vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1);
      SCTP_INP_INFO_RUNLOCK();
      if ((asoc->peer_supports_nat) && (vtag == asoc->my_vtag)) {
        /* Got a duplicate vtag on some guy behind a nat
         * make sure we don't use it.
         */
        goto new_tag;
      }
      initack->init.initiate_tag = htonl(vtag);
      /* get a TSN to use too */
      itsn = sctp_select_initial_TSN(&inp->sctp_ep);
      initack->init.initial_tsn = htonl(itsn);
      SCTP_TCB_LOCK(stcb);
      atomic_subtract_int(&asoc->refcnt, 1);
    } else {
      SCTP_INP_INCR_REF(inp);
      SCTP_INP_RUNLOCK(inp);
      SCTP_INP_INFO_RLOCK();
      vtag = sctp_select_a_tag(inp, inp->sctp_lport, sh->src_port, 1);
      SCTP_INP_INFO_RUNLOCK();
      initack->init.initiate_tag = htonl(vtag);
      /* get a TSN to use too */
      initack->init.initial_tsn = htonl(sctp_select_initial_TSN(&inp->sctp_ep));
      SCTP_INP_RLOCK(inp);
      SCTP_INP_DECR_REF(inp);
    }
  }
  /* save away my tag to */
  stc.my_vtag = initack->init.initiate_tag;

  /* set up some of the credits. */
  so = inp->sctp_socket;
  if (so == NULL) {
    /* memory problem */
    sctp_m_freem(op_err);
    sctp_m_freem(m);
    return;
  } else {
    initack->init.a_rwnd = htonl(max(SCTP_SB_LIMIT_RCV(so), SCTP_MINIMAL_RWND));
  }
  /* set what I want */
  his_limit = ntohs(init_chk->init.num_inbound_streams);
  /* choose what I want */
  if (asoc != NULL) {
    if (asoc->streamoutcnt > asoc->pre_open_streams) {
      i_want = asoc->streamoutcnt;
    } else {
      i_want = asoc->pre_open_streams;
    }
  } else {
    i_want = inp->sctp_ep.pre_open_stream_count;
  }
  if (his_limit < i_want) {
    /* I Want more :< */
    initack->init.num_outbound_streams = init_chk->init.num_inbound_streams;
  } else {
    /* I can have what I want :> */
    initack->init.num_outbound_streams = htons(i_want);
  }
  /* tell him his limit. */
  initack->init.num_inbound_streams =
    htons(inp->sctp_ep.max_open_streams_intome);

  /* adaptation layer indication parameter */
  if (inp->sctp_ep.adaptation_layer_indicator_provided) {
    parameter_len = (uint16_t)sizeof(struct sctp_adaptation_layer_indication);
    ali = (struct sctp_adaptation_layer_indication *)(mtod(m, caddr_t) + chunk_len);
    ali->ph.param_type = htons(SCTP_ULP_ADAPTATION);
    ali->ph.param_length = htons(parameter_len);
    ali->indication = htonl(inp->sctp_ep.adaptation_layer_indicator);
    chunk_len += parameter_len;
  }

  /* ECN parameter */
  if (((asoc != NULL) && (asoc->ecn_supported == 1)) ||
      ((asoc == NULL) && (inp->ecn_supported == 1))) {
    parameter_len = (uint16_t)sizeof(struct sctp_paramhdr);
    ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len);
    ph->param_type = htons(SCTP_ECN_CAPABLE);
    ph->param_length = htons(parameter_len);
    chunk_len += parameter_len;
  }

  /* PR-SCTP supported parameter */
  if (((asoc != NULL) && (asoc->prsctp_supported == 1)) ||
      ((asoc == NULL) && (inp->prsctp_supported == 1))) {
    parameter_len = (uint16_t)sizeof(struct sctp_paramhdr);
    ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len);
    ph->param_type = htons(SCTP_PRSCTP_SUPPORTED);
    ph->param_length = htons(parameter_len);
    chunk_len += parameter_len;
  }

  /* Zero checksum acceptable parameter */
  if (((asoc != NULL) && (asoc->rcv_edmid != SCTP_EDMID_NONE)) ||
      ((asoc == NULL) && (inp->rcv_edmid != SCTP_EDMID_NONE))) {
    parameter_len = (uint16_t)sizeof(struct sctp_zero_checksum_acceptable);
    zero_chksum = (struct sctp_zero_checksum_acceptable *)(mtod(m, caddr_t) + chunk_len);
    zero_chksum->ph.param_type = htons(SCTP_ZERO_CHECKSUM_ACCEPTABLE);
    zero_chksum->ph.param_length = htons(parameter_len);
    if (asoc != NULL) {
      zero_chksum->edmid = htonl(asoc->rcv_edmid);
    } else {
      zero_chksum->edmid = htonl(inp->rcv_edmid);
    }
    chunk_len += parameter_len;
  }

  /* Add NAT friendly parameter */
  if (nat_friendly) {
    parameter_len = (uint16_t)sizeof(struct sctp_paramhdr);
    ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len);
    ph->param_type = htons(SCTP_HAS_NAT_SUPPORT);
    ph->param_length = htons(parameter_len);
    chunk_len += parameter_len;
  }

  /* And now tell the peer which extensions we support */
  num_ext = 0;
  pr_supported = (struct sctp_supported_chunk_types_param *)(mtod(m, caddr_t) + chunk_len);
  if (((asoc != NULL) && (asoc->prsctp_supported == 1)) ||
      ((asoc == NULL) && (inp->prsctp_supported == 1))) {
    pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN;
    if (((asoc != NULL) && (asoc->idata_supported == 1)) ||
        ((asoc == NULL) && (inp->idata_supported == 1))) {
      pr_supported->chunk_types[num_ext++] = SCTP_IFORWARD_CUM_TSN;
    }
  }
  if (((asoc != NULL) && (asoc->auth_supported == 1)) ||
      ((asoc == NULL) && (inp->auth_supported == 1))) {
    pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION;
  }
  if (((asoc != NULL) && (asoc->asconf_supported == 1)) ||
      ((asoc == NULL) && (inp->asconf_supported == 1))) {
    pr_supported->chunk_types[num_ext++] = SCTP_ASCONF;
    pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK;
  }
  if (((asoc != NULL) && (asoc->reconfig_supported == 1)) ||
      ((asoc == NULL) && (inp->reconfig_supported == 1))) {
    pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET;
  }
  if (((asoc != NULL) && (asoc->idata_supported == 1)) ||
      ((asoc == NULL) && (inp->idata_supported == 1))) {
    pr_supported->chunk_types[num_ext++] = SCTP_IDATA;
  }
  if (((asoc != NULL) && (asoc->nrsack_supported == 1)) ||
      ((asoc == NULL) && (inp->nrsack_supported == 1))) {
    pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK;
  }
  if (((asoc != NULL) && (asoc->pktdrop_supported == 1)) ||
      ((asoc == NULL) && (inp->pktdrop_supported == 1))) {
    pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED;
  }
  if (num_ext > 0) {
    parameter_len = (uint16_t)sizeof(struct sctp_supported_chunk_types_param) + num_ext;
    pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT);
    pr_supported->ph.param_length = htons(parameter_len);
    padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
    chunk_len += parameter_len;
  }

  /* add authentication parameters */
  if (((asoc != NULL) && (asoc->auth_supported == 1)) ||
      ((asoc == NULL) && (inp->auth_supported == 1))) {
    struct sctp_auth_random *randp;
    struct sctp_auth_hmac_algo *hmacs;
    struct sctp_auth_chunk_list *chunks;

    if (padding_len > 0) {
      memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
      chunk_len += padding_len;
      padding_len = 0;
    }
    /* generate and add RANDOM parameter */
    randp = (struct sctp_auth_random *)(mtod(m, caddr_t) + chunk_len);
    parameter_len = (uint16_t)sizeof(struct sctp_auth_random) +
                    SCTP_AUTH_RANDOM_SIZE_DEFAULT;
    randp->ph.param_type = htons(SCTP_RANDOM);
    randp->ph.param_length = htons(parameter_len);
    SCTP_READ_RANDOM(randp->random_data, SCTP_AUTH_RANDOM_SIZE_DEFAULT);
    padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
    chunk_len += parameter_len;

    if (padding_len > 0) {
      memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
      chunk_len += padding_len;
      padding_len = 0;
    }
    /* add HMAC_ALGO parameter */
    hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t) + chunk_len);
    parameter_len = (uint16_t)sizeof(struct sctp_auth_hmac_algo) +
                    sctp_serialize_hmaclist(inp->sctp_ep.local_hmacs,
                                            (uint8_t *)hmacs->hmac_ids);
    hmacs->ph.param_type = htons(SCTP_HMAC_LIST);
    hmacs->ph.param_length = htons(parameter_len);
    padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
    chunk_len += parameter_len;

    if (padding_len > 0) {
      memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
      chunk_len += padding_len;
      padding_len = 0;
    }
    /* add CHUNKS parameter */
    chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t) + chunk_len);
    parameter_len = (uint16_t)sizeof(struct sctp_auth_chunk_list) +
                    sctp_serialize_auth_chunks(inp->sctp_ep.local_auth_chunks,
                                               chunks->chunk_types);
    chunks->ph.param_type = htons(SCTP_CHUNK_LIST);
    chunks->ph.param_length = htons(parameter_len);
    padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
    chunk_len += parameter_len;
  }
  SCTP_BUF_LEN(m) = chunk_len;
  m_last = m;
  /* now the addresses */
  /* To optimize this we could put the scoping stuff
   * into a structure and remove the individual uint8's from
   * the stc structure. Then we could just sifa in the
   * address within the stc.. but for now this is a quick
   * hack to get the address stuff teased apart.
   */
  scp.ipv4_addr_legal = stc.ipv4_addr_legal;
  scp.ipv6_addr_legal = stc.ipv6_addr_legal;
#if defined(__Userspace__)
  scp.conn_addr_legal = stc.conn_addr_legal;
#endif
  scp.loopback_scope = stc.loopback_scope;
  scp.ipv4_local_scope = stc.ipv4_scope;
  scp.local_scope = stc.local_scope;
  scp.site_scope = stc.site_scope;
  m_last = sctp_add_addresses_to_i_ia(inp, stcb, &scp, m_last,
                                      cnt_inits_to,
                                      &padding_len, &chunk_len);
  /* padding_len can only be positive, if no addresses have been added */
  if (padding_len > 0) {
    memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
    chunk_len += padding_len;
    SCTP_BUF_LEN(m) += padding_len;
    padding_len = 0;
  }

  /* tack on the operational error if present */
  if (op_err) {
    parameter_len = 0;
    for (m_tmp = op_err; m_tmp != NULL; m_tmp = SCTP_BUF_NEXT(m_tmp)) {
      parameter_len += SCTP_BUF_LEN(m_tmp);
    }
    padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
    SCTP_BUF_NEXT(m_last) = op_err;
    while (SCTP_BUF_NEXT(m_last) != NULL) {
      m_last = SCTP_BUF_NEXT(m_last);
    }
    chunk_len += parameter_len;
  }
  if (padding_len > 0) {
    m_last = sctp_add_pad_tombuf(m_last, padding_len);
    if (m_last == NULL) {
      /* Houston we have a problem, no space */
      sctp_m_freem(m);
      return;
    }
    chunk_len += padding_len;
    padding_len = 0;
  }
  /* Now we must build a cookie */
  m_cookie = sctp_add_cookie(init_pkt, offset, m, 0, &stc, &signature);
  if (m_cookie == NULL) {
    /* memory problem */
    sctp_m_freem(m);
    return;
  }
  /* Now append the cookie to the end and update the space/size */
  SCTP_BUF_NEXT(m_last) = m_cookie;
  parameter_len = 0;
  for (m_tmp = m_cookie; m_tmp != NULL; m_tmp = SCTP_BUF_NEXT(m_tmp)) {
    parameter_len += SCTP_BUF_LEN(m_tmp);
    if (SCTP_BUF_NEXT(m_tmp) == NULL) {
      m_last = m_tmp;
    }
  }
  padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
  chunk_len += parameter_len;

  /* Place in the size, but we don't include
   * the last pad (if any) in the INIT-ACK.
   */
  initack->ch.chunk_length = htons(chunk_len);

  /* Time to sign the cookie, we don't sign over the cookie
   * signature though thus we set trailer.
   */
  (void)sctp_hmac_m(SCTP_HMAC,
        (uint8_t *)inp->sctp_ep.secret_key[(int)(inp->sctp_ep.current_secret_number)],
        SCTP_SECRET_SIZE, m_cookie, sizeof(struct sctp_paramhdr),
        (uint8_t *)signature, SCTP_SIGNATURE_SIZE);
#if defined(__Userspace__)
  /*
   * Don't put AF_CONN addresses on the wire, in case this is critical
   * for the application. However, they are protected by the HMAC and
   * need to be reconstructed before checking the HMAC.
   * Clearing is only done in the mbuf chain, since the local stc is
   * not used anymore.
   */
  if (stc.addr_type == SCTP_CONN_ADDRESS) {
    const void *p = NULL;

    m_copyback(m_cookie, sizeof(struct sctp_paramhdr) + offsetof(struct sctp_state_cookie, address),
               (int)sizeof(void *), (caddr_t)&p);
  }
  if (stc.laddr_type == SCTP_CONN_ADDRESS) {
    const void *p = NULL;

    m_copyback(m_cookie, sizeof(struct sctp_paramhdr) + offsetof(struct sctp_state_cookie, laddress),
               (int)sizeof(void *), (caddr_t)&p);
  }
#endif
  /*
   * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return
   * here since the timer will drive a retranmission.
   */
  if (padding_len > 0) {
    if (sctp_add_pad_tombuf(m_last, padding_len) == NULL) {
      sctp_m_freem(m);
      return;
    }
  }
  if (stc.loopback_scope) {
    over_addr = (union sctp_sockstore *)dst;
  } else {
    over_addr = NULL;
  }

  if (asoc != NULL) {
    use_zero_crc = (asoc->rcv_edmid != SCTP_EDMID_NONE) && (asoc->rcv_edmid == edmid);
  } else {
    use_zero_crc = (inp->rcv_edmid != SCTP_EDMID_NONE) && (inp->rcv_edmid == edmid);
  }

  if ((error = sctp_lowlevel_chunk_output(inp, NULL, NULL, to, m, 0, NULL, 0, 0,
                                          0, 0,
                                          inp->sctp_lport, sh->src_port, init_chk->init.initiate_tag,
                                          port, over_addr,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                                          mflowtype, mflowid,
#endif
                                          use_zero_crc,
                                          SCTP_SO_NOT_LOCKED))) {
    SCTPDBG(SCTP_DEBUG_OUTPUT4, "Gak send error %d\n", error);
    if (error == ENOBUFS) {
      if (asoc != NULL) {
        asoc->ifp_had_enobuf = 1;
      }
      SCTP_STAT_INCR(sctps_lowlevelerr);
    }
  } else {
    if (asoc != NULL) {
      asoc->ifp_had_enobuf = 0;
    }
  }
  SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
}

static void
sctp_prune_prsctp(struct sctp_tcb *stcb,
    struct sctp_association *asoc,
    struct sctp_nonpad_sndrcvinfo *srcv,
    int dataout)
{
  int freed_spc = 0;
  struct sctp_tmit_chunk *chk, *nchk;

  SCTP_TCB_LOCK_ASSERT(stcb);
  if ((asoc->prsctp_supported) &&
      (asoc->sent_queue_cnt_removeable > 0)) {
    TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
      /*
       * Look for chunks marked with the PR_SCTP flag AND
       * the buffer space flag. If the one being sent is
       * equal or greater priority then purge the old one
       * and free some space.
       */
      if (PR_SCTP_BUF_ENABLED(chk->flags)) {
        /*
         * This one is PR-SCTP AND buffer space
         * limited type
         */
        if (chk->rec.data.timetodrop.tv_sec > (long)srcv->sinfo_timetolive) {
          /*
           * Lower numbers equates to higher
           * priority. So if the one we are
           * looking at has a larger priority,
           * we want to drop the data and NOT
           * retransmit it.
           */
          if (chk->data) {
            /*
             * We release the book_size
             * if the mbuf is here
             */
            int ret_spc;
            uint8_t sent;

            if (chk->sent > SCTP_DATAGRAM_UNSENT)
              sent = 1;
            else
              sent = 0;
            ret_spc = sctp_release_pr_sctp_chunk(stcb, chk,
                sent,
                SCTP_SO_LOCKED);
            freed_spc += ret_spc;
            if (freed_spc >= dataout) {
              return;
            }
          } /* if chunk was present */
        } /* if of sufficient priority */
      } /* if chunk has enabled */
    }   /* tailqforeach */

    TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) {
      /* Here we must move to the sent queue and mark */
      if (PR_SCTP_BUF_ENABLED(chk->flags)) {
        if (chk->rec.data.timetodrop.tv_sec > (long)srcv->sinfo_timetolive) {
          if (chk->data) {
            /*
             * We release the book_size
             * if the mbuf is here
             */
            int ret_spc;

            ret_spc = sctp_release_pr_sctp_chunk(stcb, chk,
                0, SCTP_SO_LOCKED);

            freed_spc += ret_spc;
            if (freed_spc >= dataout) {
              return;
            }
          } /* end if chk->data */
        } /* end if right class */
      } /* end if chk pr-sctp */
    }   /* tailqforeachsafe (chk) */
  }     /* if enabled in asoc */
}

uint32_t
sctp_get_frag_point(struct sctp_tcb *stcb)
{
  struct sctp_association *asoc;
  uint32_t frag_point, overhead;

  asoc = &stcb->asoc;
  /* Consider IP header and SCTP common header. */
  if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
    overhead = SCTP_MIN_OVERHEAD;
  } else {
#if defined(__Userspace__)
    if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_CONN) {
      overhead = sizeof(struct sctphdr);
    } else {
      overhead = SCTP_MIN_V4_OVERHEAD;
    }
#else
    overhead = SCTP_MIN_V4_OVERHEAD;
#endif
  }
  /* Consider DATA/IDATA chunk header and AUTH header, if needed. */
  if (asoc->idata_supported) {
    overhead += sizeof(struct sctp_idata_chunk);
    if (sctp_auth_is_required_chunk(SCTP_IDATA, asoc->peer_auth_chunks)) {
      overhead += sctp_get_auth_chunk_len(asoc->peer_hmac_id);
    }
  } else {
    overhead += sizeof(struct sctp_data_chunk);
    if (sctp_auth_is_required_chunk(SCTP_DATA, asoc->peer_auth_chunks)) {
      overhead += sctp_get_auth_chunk_len(asoc->peer_hmac_id);
    }
  }
  KASSERT(overhead % 4 == 0,
          ("overhead (%u) not a multiple of 4", overhead));
  /* Consider padding. */
  if (asoc->smallest_mtu % 4 > 0) {
    overhead += (asoc->smallest_mtu % 4);
  }
  KASSERT(asoc->smallest_mtu > overhead,
          ("Association MTU (%u) too small for overhead (%u)",
           asoc->smallest_mtu, overhead));
  frag_point = asoc->smallest_mtu - overhead;
  KASSERT(frag_point % 4 == 0,
          ("frag_point (%u) not a multiple of 4", frag_point));
  /* Honor MAXSEG socket option. */
  if ((asoc->sctp_frag_point > 0) &&
      (asoc->sctp_frag_point < frag_point)) {
    frag_point = asoc->sctp_frag_point;
  }
  return (frag_point);
}

static void
sctp_set_prsctp_policy(struct sctp_stream_queue_pending *sp)
{
  /*
   * We assume that the user wants PR_SCTP_TTL if the user
   * provides a positive lifetime but does not specify any
   * PR_SCTP policy.
   */
  if (PR_SCTP_ENABLED(sp->sinfo_flags)) {
    sp->act_flags |= PR_SCTP_POLICY(sp->sinfo_flags);
  } else if (sp->timetolive > 0) {
    sp->sinfo_flags |= SCTP_PR_SCTP_TTL;
    sp->act_flags |= PR_SCTP_POLICY(sp->sinfo_flags);
  } else {
    return;
  }
  switch (PR_SCTP_POLICY(sp->sinfo_flags)) {
  case CHUNK_FLAGS_PR_SCTP_BUF:
    /*
     * Time to live is a priority stored in tv_sec when
     * doing the buffer drop thing.
     */
    sp->ts.tv_sec = sp->timetolive;
    sp->ts.tv_usec = 0;
    break;
  case CHUNK_FLAGS_PR_SCTP_TTL:
  {
    struct timeval tv;
    (void)SCTP_GETTIME_TIMEVAL(&sp->ts);
    tv.tv_sec = sp->timetolive / 1000;
    tv.tv_usec = (sp->timetolive * 1000) % 1000000;
    /* TODO sctp_constants.h needs alternative time macros when
     *  _KERNEL is undefined.
     */
#if !(defined(__FreeBSD__) && !defined(__Userspace__))
    timeradd(&sp->ts, &tv, &sp->ts);
#else
    timevaladd(&sp->ts, &tv);
#endif
  }
    break;
  case CHUNK_FLAGS_PR_SCTP_RTX:
    /*
     * Time to live is a the number or retransmissions
     * stored in tv_sec.
     */
    sp->ts.tv_sec = sp->timetolive;
    sp->ts.tv_usec = 0;
    break;
  default:
    SCTPDBG(SCTP_DEBUG_USRREQ1,
      "Unknown PR_SCTP policy %u.\n",
      PR_SCTP_POLICY(sp->sinfo_flags));
    break;
  }
}

static int
sctp_msg_append(struct sctp_tcb *stcb,
    struct sctp_nets *net,
    struct mbuf *m,
    struct sctp_nonpad_sndrcvinfo *srcv)
{
  int error = 0;
  struct mbuf *at;
  struct sctp_stream_queue_pending *sp = NULL;
  struct sctp_stream_out *strm;

  SCTP_TCB_LOCK_ASSERT(stcb);

  /* Given an mbuf chain, put it
   * into the association send queue and
   * place it on the wheel
   */
  if (srcv->sinfo_stream >= stcb->asoc.streamoutcnt) {
    /* Invalid stream number */
    SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
    error = EINVAL;
    goto out_now;
  }
  if ((stcb->asoc.stream_locked) &&
      (stcb->asoc.stream_locked_on != srcv->sinfo_stream)) {
    SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
    error = EINVAL;
    goto out_now;
  }
  if ((stcb->asoc.strmout[srcv->sinfo_stream].state != SCTP_STREAM_OPEN) &&
      (stcb->asoc.strmout[srcv->sinfo_stream].state != SCTP_STREAM_OPENING)) {
    /*
     * Can't queue any data while stream reset is underway.
     */
    if (stcb->asoc.strmout[srcv->sinfo_stream].state > SCTP_STREAM_OPEN) {
      error = EAGAIN;
    } else {
      error = EINVAL;
    }
    goto out_now;
  }
  /* Now can we send this? */
  if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_SENT) ||
      (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
      (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) ||
      (stcb->asoc.state & SCTP_STATE_SHUTDOWN_PENDING)) {
    /* got data while shutting down */
    SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EPIPE);
    error = EPIPE;
    goto out_now;
  }
  sctp_alloc_a_strmoq(stcb, sp);
  if (sp == NULL) {
    SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
    error = ENOMEM;
    goto out_now;
  }
  sp->sinfo_flags = srcv->sinfo_flags;
  sp->timetolive = srcv->sinfo_timetolive;
  sp->ppid = srcv->sinfo_ppid;
  sp->context = srcv->sinfo_context;
  sp->fsn = 0;
  if (sp->sinfo_flags & SCTP_ADDR_OVER) {
    sp->net = net;
    atomic_add_int(&sp->net->ref_count, 1);
  } else {
    sp->net = NULL;
  }
  (void)SCTP_GETTIME_TIMEVAL(&sp->ts);
  sp->sid = srcv->sinfo_stream;
  sp->msg_is_complete = 1;
  sp->sender_all_done = 1;
  sp->some_taken = 0;
  sp->data = m;
  sp->tail_mbuf = NULL;
  sctp_set_prsctp_policy(sp);
  /* We could in theory (for sendall) sifa the length
   * in, but we would still have to hunt through the
   * chain since we need to setup the tail_mbuf
   */
  sp->length = 0;
  for (at = m; at; at = SCTP_BUF_NEXT(at)) {
    if (SCTP_BUF_NEXT(at) == NULL)
      sp->tail_mbuf = at;
    sp->length += SCTP_BUF_LEN(at);
  }
  if (srcv->sinfo_keynumber_valid) {
    sp->auth_keyid = srcv->sinfo_keynumber;
  } else {
    sp->auth_keyid = stcb->asoc.authinfo.active_keyid;
  }
  if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) {
    sctp_auth_key_acquire(stcb, sp->auth_keyid);
    sp->holds_key_ref = 1;
  }
  strm = &stcb->asoc.strmout[srcv->sinfo_stream];
  sctp_snd_sb_alloc(stcb, sp->length);
  atomic_add_int(&stcb->asoc.stream_queue_cnt, 1);
  TAILQ_INSERT_TAIL(&strm->outqueue, sp, next);
  stcb->asoc.ss_functions.sctp_ss_add_to_stream(stcb, &stcb->asoc, strm, sp);
  m = NULL;
out_now:
  if (m) {
    sctp_m_freem(m);
  }
  return (error);
}

static struct mbuf *
sctp_copy_mbufchain(struct mbuf *clonechain,
        struct mbuf *outchain,
        struct mbuf **endofchain,
        int can_take_mbuf,
        int sizeofcpy,
        uint8_t copy_by_ref)
{
  struct mbuf *m;
  struct mbuf *appendchain;
  caddr_t cp;
  int len;

  if (endofchain == NULL) {
    /* error */
  error_out:
    if (outchain)
      sctp_m_freem(outchain);
    return (NULL);
  }
  if (can_take_mbuf) {
    appendchain = clonechain;
  } else {
    if (!copy_by_ref &&
        (sizeofcpy <= (int)((((SCTP_BASE_SYSCTL(sctp_mbuf_threshold_count) - 1) * MLEN) + MHLEN)))) {
      /* Its not in a cluster */
      if (*endofchain == NULL) {
        /* lets get a mbuf cluster */
        if (outchain == NULL) {
          /* This is the general case */
        new_mbuf:
          outchain = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_HEADER);
          if (outchain == NULL) {
            goto error_out;
          }
          SCTP_BUF_LEN(outchain) = 0;
          *endofchain = outchain;
          /* get the prepend space */
          SCTP_BUF_RESV_UF(outchain, (SCTP_FIRST_MBUF_RESV+4));
        } else {
          /* We really should not get a NULL in endofchain */
          /* find end */
          m = outchain;
          while (m) {
            if (SCTP_BUF_NEXT(m) == NULL) {
              *endofchain = m;
              break;
            }
            m = SCTP_BUF_NEXT(m);
          }
          /* sanity */
          if (*endofchain == NULL) {
            /* huh, TSNH XXX maybe we should panic */
            sctp_m_freem(outchain);
            goto new_mbuf;
          }
        }
        /* get the new end of length */
        len = (int)M_TRAILINGSPACE(*endofchain);
      } else {
        /* how much is left at the end? */
        len = (int)M_TRAILINGSPACE(*endofchain);
      }
      /* Find the end of the data, for appending */
      cp = (mtod((*endofchain), caddr_t) + SCTP_BUF_LEN((*endofchain)));

      /* Now lets copy it out */
      if (len >= sizeofcpy) {
        /* It all fits, copy it in */
        m_copydata(clonechain, 0, sizeofcpy, cp);
        SCTP_BUF_LEN((*endofchain)) += sizeofcpy;
      } else {
        /* fill up the end of the chain */
        if (len > 0) {
          m_copydata(clonechain, 0, len, cp);
          SCTP_BUF_LEN((*endofchain)) += len;
          /* now we need another one */
          sizeofcpy -= len;
        }
        m = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_HEADER);
        if (m == NULL) {
          /* We failed */
          goto error_out;
        }
        SCTP_BUF_NEXT((*endofchain)) = m;
        *endofchain = m;
        cp = mtod((*endofchain), caddr_t);
        m_copydata(clonechain, len, sizeofcpy, cp);
        SCTP_BUF_LEN((*endofchain)) += sizeofcpy;
      }
      return (outchain);
    } else {
      /* copy the old fashion way */
      appendchain = SCTP_M_COPYM(clonechain, 0, M_COPYALL, M_NOWAIT);
#ifdef SCTP_MBUF_LOGGING
      if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
        sctp_log_mbc(appendchain, SCTP_MBUF_ICOPY);
      }
#endif
    }
  }
  if (appendchain == NULL) {
    /* error */
    if (outchain)
      sctp_m_freem(outchain);
    return (NULL);
  }
  if (outchain) {
    /* tack on to the end */
    if (*endofchain != NULL) {
      SCTP_BUF_NEXT(((*endofchain))) = appendchain;
    } else {
      m = outchain;
      while (m) {
        if (SCTP_BUF_NEXT(m) == NULL) {
          SCTP_BUF_NEXT(m) = appendchain;
          break;
        }
        m = SCTP_BUF_NEXT(m);
      }
    }
    /*
     * save off the end and update the end-chain
     * position
     */
    m = appendchain;
    while (m) {
      if (SCTP_BUF_NEXT(m) == NULL) {
        *endofchain = m;
        break;
      }
      m = SCTP_BUF_NEXT(m);
    }
    return (outchain);
  } else {
    /* save off the end and update the end-chain position */
    m = appendchain;
    while (m) {
      if (SCTP_BUF_NEXT(m) == NULL) {
        *endofchain = m;
        break;
      }
      m = SCTP_BUF_NEXT(m);
    }
    return (appendchain);
  }
}

static int
sctp_med_chunk_output(struct sctp_inpcb *inp,
          struct sctp_tcb *stcb,
          struct sctp_association *asoc,
          int *num_out,
          int *reason_code,
          int control_only, int from_where,
          struct timeval *now, int *now_filled,
          uint32_t frag_point, int so_locked);

static void
sctp_sendall_iterator(struct sctp_inpcb *inp, struct sctp_tcb *stcb, void *ptr,
    uint32_t val SCTP_UNUSED)
{
  struct sctp_copy_all *ca;
  struct mbuf *m;
  int ret = 0;
  int added_control = 0;
  int un_sent, do_chunk_output = 1;
  struct sctp_association *asoc;
  struct sctp_nets *net;

  ca = (struct sctp_copy_all *)ptr;
  if (ca->m == NULL) {
    return;
  }
  if (ca->inp != inp) {
    /* TSNH */
    return;
  }
  if (ca->sndlen > 0) {
    m = SCTP_M_COPYM(ca->m, 0, M_COPYALL, M_NOWAIT);
    if (m == NULL) {
      /* can't copy so we are done */
      ca->cnt_failed++;
      return;
    }
#ifdef SCTP_MBUF_LOGGING
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
      sctp_log_mbc(m, SCTP_MBUF_ICOPY);
    }
#endif
  } else {
    m = NULL;
  }
  SCTP_TCB_LOCK_ASSERT(stcb);
  if (stcb->asoc.alternate) {
    net = stcb->asoc.alternate;
  } else {
    net = stcb->asoc.primary_destination;
  }
  if (ca->sndrcv.sinfo_flags & SCTP_ABORT) {
    /* Abort this assoc with m as the user defined reason */
    if (m != NULL) {
      SCTP_BUF_PREPEND(m, sizeof(struct sctp_paramhdr), M_NOWAIT);
    } else {
      m = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
                                0, M_NOWAIT, 1, MT_DATA);
      if (m != NULL) {
        SCTP_BUF_LEN(m) = sizeof(struct sctp_paramhdr);
      }
    }
    if (m != NULL) {
      struct sctp_paramhdr *ph;

      ph = mtod(m, struct sctp_paramhdr *);
      ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
      ph->param_length = htons((uint16_t)(sizeof(struct sctp_paramhdr) + ca->sndlen));
    }
    /* We add one here to keep the assoc from
     * dis-appearing on us.
     */
    atomic_add_int(&stcb->asoc.refcnt, 1);
    sctp_abort_an_association(inp, stcb, m, false, SCTP_SO_NOT_LOCKED);
    /* sctp_abort_an_association calls sctp_free_asoc()
     * free association will NOT free it since we
     * incremented the refcnt .. we do this to prevent
     * it being freed and things getting tricky since
     * we could end up (from free_asoc) calling inpcb_free
     * which would get a recursive lock call to the
     * iterator lock.. But as a consequence of that the
     * stcb will return to us un-locked.. since free_asoc
     * returns with either no TCB or the TCB unlocked, we
     * must relock.. to unlock in the iterator timer :-0
     */
    SCTP_TCB_LOCK(stcb);
    atomic_subtract_int(&stcb->asoc.refcnt, 1);
    goto no_chunk_output;
  } else {
    if (m != NULL) {
      ret = sctp_msg_append(stcb, net, m, &ca->sndrcv);
    }
    asoc = &stcb->asoc;
    if (ca->sndrcv.sinfo_flags & SCTP_EOF) {
      /* shutdown this assoc */
      if (TAILQ_EMPTY(&asoc->send_queue) &&
          TAILQ_EMPTY(&asoc->sent_queue) &&
          sctp_is_there_unsent_data(stcb, SCTP_SO_NOT_LOCKED) == 0) {
        if ((*asoc->ss_functions.sctp_ss_is_user_msgs_incomplete)(stcb, asoc)) {
          goto abort_anyway;
        }
        /* there is nothing queued to send, so I'm done... */
        if ((SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) &&
            (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
            (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
          /* only send SHUTDOWN the first time through */
          if (SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) {
            SCTP_STAT_DECR_GAUGE32(sctps_currestab);
          }
          SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_SENT);
          sctp_stop_timers_for_shutdown(stcb);
          sctp_send_shutdown(stcb, net);
          sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb,
                           net);
          sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb,
                           NULL);
          added_control = 1;
          do_chunk_output = 0;
        }
      } else {
        /*
         * we still got (or just got) data to send, so set
         * SHUTDOWN_PENDING
         */
        /*
         * XXX sockets draft says that SCTP_EOF should be
         * sent with no data.  currently, we will allow user
         * data to be sent first and move to
         * SHUTDOWN-PENDING
         */
        if ((SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) &&
            (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
            (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
          if ((*asoc->ss_functions.sctp_ss_is_user_msgs_incomplete)(stcb, asoc)) {
            SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_PARTIAL_MSG_LEFT);
          }
          SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_SHUTDOWN_PENDING);
          if (TAILQ_EMPTY(&asoc->send_queue) &&
              TAILQ_EMPTY(&asoc->sent_queue) &&
              (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) {
            struct mbuf *op_err;
            char msg[SCTP_DIAG_INFO_LEN];

          abort_anyway:
            SCTP_SNPRINTF(msg, sizeof(msg),
                          "%s:%d at %s", __FILE__, __LINE__, __func__);
            op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
                                         msg);
            atomic_add_int(&stcb->asoc.refcnt, 1);
            sctp_abort_an_association(stcb->sctp_ep, stcb,
                                      op_err, false, SCTP_SO_NOT_LOCKED);
            atomic_subtract_int(&stcb->asoc.refcnt, 1);
            goto no_chunk_output;
          }
        }
      }
    }
  }
  un_sent = ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) +
       (stcb->asoc.stream_queue_cnt * SCTP_DATA_CHUNK_OVERHEAD(stcb)));

  if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) &&
      (stcb->asoc.total_flight > 0) &&
      (un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD))) {
    do_chunk_output = 0;
  }
  if (do_chunk_output)
    sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_NOT_LOCKED);
  else if (added_control) {
    struct timeval now;
    int num_out, reason, now_filled = 0;

    (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out,
                                &reason, 1, 1, &now, &now_filled,
                                sctp_get_frag_point(stcb),
                                SCTP_SO_NOT_LOCKED);
  }
 no_chunk_output:
  if (ret) {
    ca->cnt_failed++;
  } else {
    ca->cnt_sent++;
  }
}

static void
sctp_sendall_completes(void *ptr, uint32_t val SCTP_UNUSED)
{
  struct sctp_copy_all *ca;

  ca = (struct sctp_copy_all *)ptr;
  /*
   * Do a notify here? Kacheong suggests that the notify be done at
   * the send time.. so you would push up a notification if any send
   * failed. Don't know if this is feasible since the only failures we
   * have is "memory" related and if you cannot get an mbuf to send
   * the data you surely can't get an mbuf to send up to notify the
   * user you can't send the data :->
   */

  /* now free everything */
  if (ca->inp) {
    /* Lets clear the flag to allow others to run. */
    SCTP_INP_WLOCK(ca->inp);
    ca->inp->sctp_flags &= ~SCTP_PCB_FLAGS_SND_ITERATOR_UP;
    SCTP_INP_WUNLOCK(ca->inp);
  }
  sctp_m_freem(ca->m);
  SCTP_FREE(ca, SCTP_M_COPYAL);
}

static struct mbuf *
sctp_copy_out_all(struct uio *uio, ssize_t len)
{
  struct mbuf *ret, *at;
  ssize_t left, willcpy, cancpy, error;

  ret = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_WAITOK, 1, MT_DATA);
  if (ret == NULL) {
    /* TSNH */
    return (NULL);
  }
  left = len;
  SCTP_BUF_LEN(ret) = 0;
  /* save space for the data chunk header */
  cancpy = (int)M_TRAILINGSPACE(ret);
  willcpy = min(cancpy, left);
  at = ret;
  while (left > 0) {
    /* Align data to the end */
    error = uiomove(mtod(at, caddr_t), (int)willcpy, uio);
    if (error) {
  err_out_now:
      sctp_m_freem(at);
      return (NULL);
    }
    SCTP_BUF_LEN(at) = (int)willcpy;
    SCTP_BUF_NEXT_PKT(at) = SCTP_BUF_NEXT(at) = 0;
    left -= willcpy;
    if (left > 0) {
      SCTP_BUF_NEXT(at) = sctp_get_mbuf_for_msg((unsigned int)left, 0, M_WAITOK, 1, MT_DATA);
      if (SCTP_BUF_NEXT(at) == NULL) {
        goto err_out_now;
      }
      at = SCTP_BUF_NEXT(at);
      SCTP_BUF_LEN(at) = 0;
      cancpy = (int)M_TRAILINGSPACE(at);
      willcpy = min(cancpy, left);
    }
  }
  return (ret);
}

static int
sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m,
    struct sctp_nonpad_sndrcvinfo *srcv)
{
  struct sctp_copy_all *ca;
  struct mbuf *mat;
  ssize_t sndlen;
  int ret;

  if (uio != NULL) {
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD)
    sndlen = uio->uio_resid;
#else
    sndlen = uio_resid(uio);
#endif
#else
    sndlen = uio->uio_resid;
#endif
  } else {
    sndlen = 0;
    for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) {
      sndlen += SCTP_BUF_LEN(mat);
    }
  }
  if (sndlen > (ssize_t)SCTP_BASE_SYSCTL(sctp_sendall_limit)) {
    /* You must not be larger than the limit! */
    return (EMSGSIZE);
  }
  SCTP_MALLOC(ca, struct sctp_copy_all *, sizeof(struct sctp_copy_all),
        SCTP_M_COPYAL);
  if (ca == NULL) {
    sctp_m_freem(m);
    SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
    return (ENOMEM);
  }
  memset(ca, 0, sizeof(struct sctp_copy_all));
  ca->inp = inp;
  if (srcv != NULL) {
    memcpy(&ca->sndrcv, srcv, sizeof(struct sctp_nonpad_sndrcvinfo));
  }
  /* Serialize. */
  SCTP_INP_WLOCK(inp);
  if ((inp->sctp_flags & SCTP_PCB_FLAGS_SND_ITERATOR_UP) != 0) {
    SCTP_INP_WUNLOCK(inp);
    sctp_m_freem(m);
    SCTP_FREE(ca, SCTP_M_COPYAL);
    return (EBUSY);
  }
  inp->sctp_flags |= SCTP_PCB_FLAGS_SND_ITERATOR_UP;
  SCTP_INP_WUNLOCK(inp);
  /*
   * take off the sendall flag, it would be bad if we failed to do
   * this :-0
   */
  ca->sndrcv.sinfo_flags &= ~SCTP_SENDALL;
  /* get length and mbuf chain */
  ca->sndlen = sndlen;
  if (uio != NULL) {
#if defined(__APPLE__) && !defined(__Userspace__)
    SCTP_SOCKET_UNLOCK(SCTP_INP_SO(inp), 0);
#endif
    ca->m = sctp_copy_out_all(uio, ca->sndlen);
#if defined(__APPLE__) && !defined(__Userspace__)
    SCTP_SOCKET_LOCK(SCTP_INP_SO(inp), 0);
#endif
    if (ca->m == NULL) {
      SCTP_FREE(ca, SCTP_M_COPYAL);
      sctp_m_freem(m);
      SCTP_INP_WLOCK(inp);
      inp->sctp_flags &= ~SCTP_PCB_FLAGS_SND_ITERATOR_UP;
      SCTP_INP_WUNLOCK(inp);
      SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
      return (ENOMEM);
    }
  } else {
    ca->m = m;
  }
  ret = sctp_initiate_iterator(NULL, sctp_sendall_iterator, NULL,
                               SCTP_PCB_ANY_FLAGS, SCTP_PCB_ANY_FEATURES,
                               SCTP_ASOC_ANY_STATE,
                               (void *)ca, 0,
                               sctp_sendall_completes, inp, 1);
  if (ret != 0) {
    SCTP_INP_WLOCK(inp);
    inp->sctp_flags &= ~SCTP_PCB_FLAGS_SND_ITERATOR_UP;
    SCTP_INP_WUNLOCK(inp);
    SCTP_FREE(ca, SCTP_M_COPYAL);
    SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT);
    return (EFAULT);
  }
  return (0);
}

void
sctp_toss_old_cookies(struct sctp_tcb *stcb, struct sctp_association *asoc)
{
  struct sctp_tmit_chunk *chk, *nchk;

  TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) {
    if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
      TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
      asoc->ctrl_queue_cnt--;
      if (chk->data) {
        sctp_m_freem(chk->data);
        chk->data = NULL;
      }
      sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
    }
  }
}

void
sctp_toss_old_asconf(struct sctp_tcb *stcb)
{
  struct sctp_association *asoc;
  struct sctp_tmit_chunk *chk, *nchk;
  struct sctp_asconf_chunk *acp;

  asoc = &stcb->asoc;
  TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) {
    /* find SCTP_ASCONF chunk in queue */
    if (chk->rec.chunk_id.id == SCTP_ASCONF) {
      if (chk->data) {
        acp = mtod(chk->data, struct sctp_asconf_chunk *);
        if (SCTP_TSN_GT(ntohl(acp->serial_number), asoc->asconf_seq_out_acked)) {
          /* Not Acked yet */
          break;
        }
      }
      TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next);
      asoc->ctrl_queue_cnt--;
      if (chk->data) {
        sctp_m_freem(chk->data);
        chk->data = NULL;
      }
      sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
    }
  }
}

static void
sctp_clean_up_datalist(struct sctp_tcb *stcb,
    struct sctp_association *asoc,
    struct sctp_tmit_chunk **data_list,
    int bundle_at,
    struct sctp_nets *net)
{
  int i;
  struct sctp_tmit_chunk *tp1;

  for (i = 0; i < bundle_at; i++) {
    /* off of the send queue */
    TAILQ_REMOVE(&asoc->send_queue, data_list[i], sctp_next);
    asoc->send_queue_cnt--;
    if (i > 0) {
      /*
       * Any chunk NOT 0 you zap the time chunk 0 gets
       * zapped or set based on if a RTO measurement is
       * needed.
       */
      data_list[i]->do_rtt = 0;
    }
    /* record time */
    data_list[i]->sent_rcv_time = net->last_sent_time;
    data_list[i]->rec.data.cwnd_at_send = net->cwnd;
    data_list[i]->rec.data.fast_retran_tsn = data_list[i]->rec.data.tsn;
    if (data_list[i]->whoTo == NULL) {
      data_list[i]->whoTo = net;
      atomic_add_int(&net->ref_count, 1);
    }
    /* on to the sent queue */
    tp1 = TAILQ_LAST(&asoc->sent_queue, sctpchunk_listhead);
    if ((tp1) && SCTP_TSN_GT(tp1->rec.data.tsn, data_list[i]->rec.data.tsn)) {
      struct sctp_tmit_chunk *tpp;

      /* need to move back */
    back_up_more:
      tpp = TAILQ_PREV(tp1, sctpchunk_listhead, sctp_next);
      if (tpp == NULL) {
        TAILQ_INSERT_BEFORE(tp1, data_list[i], sctp_next);
        goto all_done;
      }
      tp1 = tpp;
      if (SCTP_TSN_GT(tp1->rec.data.tsn, data_list[i]->rec.data.tsn)) {
        goto back_up_more;
      }
      TAILQ_INSERT_AFTER(&asoc->sent_queue, tp1, data_list[i], sctp_next);
    } else {
      TAILQ_INSERT_TAIL(&asoc->sent_queue,
            data_list[i],
            sctp_next);
    }
  all_done:
    /* This does not lower until the cum-ack passes it */
    asoc->sent_queue_cnt++;
    if ((asoc->peers_rwnd <= 0) &&
        (asoc->total_flight == 0) &&
        (bundle_at == 1)) {
      /* Mark the chunk as being a window probe */
      SCTP_STAT_INCR(sctps_windowprobed);
    }
#ifdef SCTP_AUDITING_ENABLED
    sctp_audit_log(0xC2, 3);
#endif
    data_list[i]->sent = SCTP_DATAGRAM_SENT;
    data_list[i]->snd_count = 1;
    data_list[i]->rec.data.chunk_was_revoked = 0;
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
      sctp_misc_ints(SCTP_FLIGHT_LOG_UP,
               data_list[i]->whoTo->flight_size,
               data_list[i]->book_size,
               (uint32_t)(uintptr_t)data_list[i]->whoTo,
               data_list[i]->rec.data.tsn);
    }
    sctp_flight_size_increase(data_list[i]);
    sctp_total_flight_increase(stcb, data_list[i]);
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
      sctp_log_rwnd(SCTP_DECREASE_PEER_RWND,
            asoc->peers_rwnd, data_list[i]->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh));
    }
    asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd,
                (uint32_t) (data_list[i]->send_size + SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)));
    if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
      /* SWS sender side engages */
      asoc->peers_rwnd = 0;
    }
  }
  if (asoc->cc_functions.sctp_cwnd_update_packet_transmitted) {
    (*asoc->cc_functions.sctp_cwnd_update_packet_transmitted)(stcb, net);
  }
}

static void
sctp_clean_up_ctl(struct sctp_tcb *stcb, struct sctp_association *asoc, int so_locked)
{
  struct sctp_tmit_chunk *chk, *nchk;

  TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) {
    if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) ||
        (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK) || /* EY */
        (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) ||
        (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) ||
        (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) ||
        (chk->rec.chunk_id.id == SCTP_SHUTDOWN) ||
        (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) ||
        (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) ||
        (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) ||
        (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) ||
        (chk->rec.chunk_id.id == SCTP_ECN_CWR) ||
        (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) {
      /* Stray chunks must be cleaned up */
  clean_up_anyway:
      TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
      asoc->ctrl_queue_cnt--;
      if (chk->data) {
        sctp_m_freem(chk->data);
        chk->data = NULL;
      }
      if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) {
        asoc->fwd_tsn_cnt--;
      }
      sctp_free_a_chunk(stcb, chk, so_locked);
    } else if (chk->rec.chunk_id.id == SCTP_STREAM_RESET) {
      /* special handling, we must look into the param */
      if (chk != asoc->str_reset) {
        goto clean_up_anyway;
      }
    }
  }
}

static uint32_t
sctp_can_we_split_this(struct sctp_tcb *stcb, uint32_t length,
                       uint32_t space_left, uint32_t frag_point, int eeor_on)
{
  /* Make a decision on if I should split a
   * msg into multiple parts. This is only asked of
   * incomplete messages.
   */
  if (eeor_on) {
    /* If we are doing EEOR we need to always send
     * it if its the entire thing, since it might
     * be all the guy is putting in the hopper.
     */
    if (space_left >= length) {
      /*-
       * If we have data outstanding,
       * we get another chance when the sack
       * arrives to transmit - wait for more data
       */
      if (stcb->asoc.total_flight == 0) {
        /* If nothing is in flight, we zero
         * the packet counter.
         */
        return (length);
      }
      return (0);

    } else {
      /* You can fill the rest */
      return (space_left);
    }
  }
  /*-
   * For those strange folk that make the send buffer
   * smaller than our fragmentation point, we can't
   * get a full msg in so we have to allow splitting.
   */
  if (SCTP_SB_LIMIT_SND(stcb->sctp_socket) < frag_point) {
    return (length);
  }
  if ((length <= space_left) ||
      ((length - space_left) < SCTP_BASE_SYSCTL(sctp_min_residual))) {
    /* Sub-optimal residual don't split in non-eeor mode. */
    return (0);
  }
  /* If we reach here length is larger
   * than the space_left. Do we wish to split
   * it for the sake of packet putting together?
   */
  if (space_left >= min(SCTP_BASE_SYSCTL(sctp_min_split_point), frag_point)) {
    /* Its ok to split it */
    return (min(space_left, frag_point));
  }
  /* Nope, can't split */
  return (0);
}

static uint32_t
sctp_move_to_outqueue(struct sctp_tcb *stcb,
                      struct sctp_nets *net,
                      struct sctp_stream_out *strq,
                      uint32_t space_left,
                      uint32_t frag_point,
                      int *giveup,
                      int eeor_mode,
                      int *bail,
                      int so_locked)
{
  /* Move from the stream to the send_queue keeping track of the total */
  struct sctp_association *asoc;
  struct sctp_stream_queue_pending *sp;
  struct sctp_tmit_chunk *chk;
  struct sctp_data_chunk *dchkh=NULL;
  struct sctp_idata_chunk *ndchkh=NULL;
  uint32_t to_move, length;
  int leading;
  uint8_t rcv_flags = 0;
  uint8_t some_taken;

  SCTP_TCB_LOCK_ASSERT(stcb);
  asoc = &stcb->asoc;
one_more_time:
  /*sa_ignore FREED_MEMORY*/
  sp = TAILQ_FIRST(&strq->outqueue);
  if (sp == NULL) {
    sp = TAILQ_FIRST(&strq->outqueue);
    if (sp) {
      goto one_more_time;
    }
    if ((sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_EXPLICIT_EOR) == 0) &&
        (stcb->asoc.idata_supported == 0) &&
        (strq->last_msg_incomplete)) {
      SCTP_PRINTF("Huh? Stream:%d lm_in_c=%d but queue is NULL\n",
                  strq->sid,
                  strq->last_msg_incomplete);
      strq->last_msg_incomplete = 0;
    }
    to_move = 0;
    goto out_of;
  }
  if ((sp->msg_is_complete) && (sp->length == 0)) {
    if (sp->sender_all_done) {
      /* We are doing deferred cleanup. Last
       * time through when we took all the data
       * the sender_all_done was not set.
       */
      if ((sp->put_last_out == 0) && (sp->discard_rest == 0)) {
        SCTP_PRINTF("Gak, put out entire msg with NO end!-1\n");
        SCTP_PRINTF("sender_done:%d len:%d msg_comp:%d put_last_out:%d\n",
                    sp->sender_all_done,
                    sp->length,
                    sp->msg_is_complete,
                    sp->put_last_out);
      }
      atomic_subtract_int(&asoc->stream_queue_cnt, 1);
      TAILQ_REMOVE(&strq->outqueue, sp, next);
      stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, strq, sp);
      if ((strq->state == SCTP_STREAM_RESET_PENDING) &&
          (strq->chunks_on_queues == 0) &&
          TAILQ_EMPTY(&strq->outqueue)) {
        stcb->asoc.trigger_reset = 1;
      }
      if (sp->net) {
        sctp_free_remote_addr(sp->net);
        sp->net = NULL;
      }
      if (sp->data) {
        sctp_m_freem(sp->data);
        sp->data = NULL;
      }
      sctp_free_a_strmoq(stcb, sp, so_locked);
      /* back to get the next msg */
      goto one_more_time;
    } else {
      /* sender just finished this but
       * still holds a reference
       */
      *giveup = 1;
      to_move = 0;
      goto out_of;
    }
  } else {
    /* is there some to get */
    if (sp->length == 0) {
      /* no */
      *giveup = 1;
      to_move = 0;
      goto out_of;
    } else if (sp->discard_rest) {
      /* Whack down the size */
      atomic_subtract_int(&stcb->asoc.total_output_queue_size, sp->length);
      if ((stcb->sctp_socket != NULL) &&
          ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
           (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL))) {
        SCTP_SB_DECR(&stcb->sctp_socket->so_snd, sp->length);
      }
      if (sp->data) {
        sctp_m_freem(sp->data);
        sp->data = NULL;
        sp->tail_mbuf = NULL;
      }
      sp->length = 0;
      sp->some_taken = 1;
      *giveup = 1;
      to_move = 0;
      goto out_of;
    }
  }
  some_taken = sp->some_taken;
  length = sp->length;
  if (sp->msg_is_complete) {
    /* The message is complete */
    to_move = min(length, frag_point);
    if (to_move == length) {
      /* All of it fits in the MTU */
      if (sp->some_taken) {
        rcv_flags |= SCTP_DATA_LAST_FRAG;
      } else {
        rcv_flags |= SCTP_DATA_NOT_FRAG;
      }
      sp->put_last_out = 1;
      if (sp->sinfo_flags & SCTP_SACK_IMMEDIATELY) {
        rcv_flags |= SCTP_DATA_SACK_IMMEDIATELY;
      }
    } else {
      /* Not all of it fits, we fragment */
      if (sp->some_taken == 0) {
        rcv_flags |= SCTP_DATA_FIRST_FRAG;
      }
      sp->some_taken = 1;
    }
  } else {
    to_move = sctp_can_we_split_this(stcb, length, space_left, frag_point, eeor_mode);
    if (to_move > 0) {
      if (to_move >= length) {
        to_move = length;
      }
      if (sp->some_taken == 0) {
        rcv_flags |= SCTP_DATA_FIRST_FRAG;
        sp->some_taken = 1;
      }
    } else {
      /* Nothing to take. */
      *giveup = 1;
      to_move = 0;
      goto out_of;
    }
  }

  /* If we reach here, we can copy out a chunk */
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    /* No chunk memory */
    *giveup = 1;
    to_move = 0;
    goto out_of;
  }
  /* Setup for unordered if needed by looking
   * at the user sent info flags.
   */
  if (sp->sinfo_flags & SCTP_UNORDERED) {
    rcv_flags |= SCTP_DATA_UNORDERED;
  }
  if (SCTP_BASE_SYSCTL(sctp_enable_sack_immediately) &&
      (sp->sinfo_flags & SCTP_EOF) == SCTP_EOF) {
    rcv_flags |= SCTP_DATA_SACK_IMMEDIATELY;
  }
  /* clear out the chunk before setting up */
  memset(chk, 0, sizeof(*chk));
  chk->rec.data.rcv_flags = rcv_flags;

  if (to_move >= length) {
    /* we think we can steal the whole thing */
    if (to_move < sp->length) {
      /* bail, it changed */
      goto dont_do_it;
    }
    chk->data = sp->data;
    chk->last_mbuf = sp->tail_mbuf;
    /* register the stealing */
    sp->data = sp->tail_mbuf = NULL;
  } else {
    struct mbuf *m;
  dont_do_it:
    chk->data = SCTP_M_COPYM(sp->data, 0, to_move, M_NOWAIT);
    chk->last_mbuf = NULL;
    if (chk->data == NULL) {
      sp->some_taken = some_taken;
      sctp_free_a_chunk(stcb, chk, so_locked);
      *bail = 1;
      to_move = 0;
      goto out_of;
    }
#ifdef SCTP_MBUF_LOGGING
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
      sctp_log_mbc(chk->data, SCTP_MBUF_ICOPY);
    }
#endif
    /* Pull off the data */
    m_adj(sp->data, to_move);
    /* Now lets work our way down and compact it */
    m = sp->data;
    while (m && (SCTP_BUF_LEN(m) == 0)) {
      sp->data = SCTP_BUF_NEXT(m);
      SCTP_BUF_NEXT(m) = NULL;
      if (sp->tail_mbuf == m) {
        /*-
         * Freeing tail? TSNH since
         * we supposedly were taking less
         * than the sp->length.
         */
#ifdef INVARIANTS
        panic("Huh, freeing tail? - TSNH");
#else
        SCTP_PRINTF("Huh, freeing tail? - TSNH\n");
        sp->tail_mbuf = sp->data = NULL;
        sp->length = 0;
#endif
      }
      sctp_m_free(m);
      m = sp->data;
    }
  }
  if (SCTP_BUF_IS_EXTENDED(chk->data)) {
    chk->copy_by_ref = 1;
  } else {
    chk->copy_by_ref = 0;
  }
  /* get last_mbuf and counts of mb usage
   * This is ugly but hopefully its only one mbuf.
   */
  if (chk->last_mbuf == NULL) {
    chk->last_mbuf = chk->data;
    while (SCTP_BUF_NEXT(chk->last_mbuf) != NULL) {
      chk->last_mbuf = SCTP_BUF_NEXT(chk->last_mbuf);
    }
  }

  if (to_move > length) {
    /*- This should not happen either
     * since we always lower to_move to the size
     * of sp->length if its larger.
     */
#ifdef INVARIANTS
    panic("Huh, how can to_move be larger?");
#else
    SCTP_PRINTF("Huh, how can to_move be larger?\n");
    sp->length = 0;
#endif
  } else {
    atomic_subtract_int(&sp->length, to_move);
  }
  leading = SCTP_DATA_CHUNK_OVERHEAD(stcb);
  if (M_LEADINGSPACE(chk->data) < leading) {
    /* Not enough room for a chunk header, get some */
    struct mbuf *m;

    m = sctp_get_mbuf_for_msg(1, 0, M_NOWAIT, 1, MT_DATA);
    if (m == NULL) {
      /*
       * we're in trouble here. _PREPEND below will free
       * all the data if there is no leading space, so we
       * must put the data back and restore.
       */
      if (sp->data == NULL) {
        /* unsteal the data */
        sp->data = chk->data;
        sp->tail_mbuf = chk->last_mbuf;
      } else {
        struct mbuf *m_tmp;
        /* reassemble the data */
        m_tmp = sp->data;
        sp->data = chk->data;
        SCTP_BUF_NEXT(chk->last_mbuf) = m_tmp;
      }
      sp->some_taken = some_taken;
      atomic_add_int(&sp->length, to_move);
      chk->data = NULL;
      *bail = 1;
      sctp_free_a_chunk(stcb, chk, so_locked);
      to_move = 0;
      goto out_of;
    } else {
      SCTP_BUF_LEN(m) = 0;
      SCTP_BUF_NEXT(m) = chk->data;
      chk->data = m;
      M_ALIGN(chk->data, 4);
    }
  }
  SCTP_BUF_PREPEND(chk->data, SCTP_DATA_CHUNK_OVERHEAD(stcb), M_NOWAIT);
  if (chk->data == NULL) {
    /* HELP, TSNH since we assured it would not above? */
#ifdef INVARIANTS
    panic("prepend fails HELP?");
#else
    SCTP_PRINTF("prepend fails HELP?\n");
    sctp_free_a_chunk(stcb, chk, so_locked);
#endif
    *bail = 1;
    to_move = 0;
    goto out_of;
  }
  sctp_snd_sb_alloc(stcb, SCTP_DATA_CHUNK_OVERHEAD(stcb));
  chk->book_size = chk->send_size = (uint16_t)(to_move + SCTP_DATA_CHUNK_OVERHEAD(stcb));
  chk->book_size_scale = 0;
  chk->sent = SCTP_DATAGRAM_UNSENT;

  chk->flags = 0;
  chk->asoc = &stcb->asoc;
  chk->pad_inplace = 0;
  chk->no_fr_allowed = 0;
  if (stcb->asoc.idata_supported == 0) {
    if (rcv_flags & SCTP_DATA_UNORDERED) {
      /* Just use 0. The receiver ignores the values. */
      chk->rec.data.mid = 0;
    } else {
      chk->rec.data.mid = strq->next_mid_ordered;
      if (rcv_flags & SCTP_DATA_LAST_FRAG) {
        strq->next_mid_ordered++;
      }
    }
  } else {
    if (rcv_flags & SCTP_DATA_UNORDERED) {
      chk->rec.data.mid = strq->next_mid_unordered;
      if (rcv_flags & SCTP_DATA_LAST_FRAG) {
        strq->next_mid_unordered++;
      }
    } else {
      chk->rec.data.mid = strq->next_mid_ordered;
      if (rcv_flags & SCTP_DATA_LAST_FRAG) {
        strq->next_mid_ordered++;
      }
    }
  }
  chk->rec.data.sid = sp->sid;
  chk->rec.data.ppid = sp->ppid;
  chk->rec.data.context = sp->context;
  chk->rec.data.doing_fast_retransmit = 0;

  chk->rec.data.timetodrop = sp->ts;
  chk->flags = sp->act_flags;

  if (sp->net) {
    chk->whoTo = sp->net;
    atomic_add_int(&chk->whoTo->ref_count, 1);
  } else
    chk->whoTo = NULL;

  if (sp->holds_key_ref) {
    chk->auth_keyid = sp->auth_keyid;
    sctp_auth_key_acquire(stcb, chk->auth_keyid);
    chk->holds_key_ref = 1;
  }
  stcb->asoc.ss_functions.sctp_ss_scheduled(stcb, net, asoc, strq, to_move);
#if defined(__FreeBSD__) && !defined(__Userspace__)
  chk->rec.data.tsn = atomic_fetchadd_int(&asoc->sending_seq, 1);
#else
  chk->rec.data.tsn = asoc->sending_seq++;
#endif
  if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_AT_SEND_2_OUTQ) {
    sctp_misc_ints(SCTP_STRMOUT_LOG_SEND,
                   (uint32_t)(uintptr_t)stcb, sp->length,
                   (uint32_t)((chk->rec.data.sid << 16) | (0x0000ffff & chk->rec.data.mid)),
                   chk->rec.data.tsn);
  }
  if (stcb->asoc.idata_supported == 0) {
    dchkh = mtod(chk->data, struct sctp_data_chunk *);
  } else {
    ndchkh = mtod(chk->data, struct sctp_idata_chunk *);
  }
  /*
   * Put the rest of the things in place now. Size was done
   * earlier in previous loop prior to padding.
   */

  SCTP_TCB_LOCK_ASSERT(stcb);
#ifdef SCTP_ASOCLOG_OF_TSNS
  if (asoc->tsn_out_at >= SCTP_TSN_LOG_SIZE) {
    asoc->tsn_out_at = 0;
    asoc->tsn_out_wrapped = 1;
  }
  asoc->out_tsnlog[asoc->tsn_out_at].tsn = chk->rec.data.tsn;
  asoc->out_tsnlog[asoc->tsn_out_at].strm = chk->rec.data.sid;
  asoc->out_tsnlog[asoc->tsn_out_at].seq = chk->rec.data.mid;
  asoc->out_tsnlog[asoc->tsn_out_at].sz = chk->send_size;
  asoc->out_tsnlog[asoc->tsn_out_at].flgs = chk->rec.data.rcv_flags;
  asoc->out_tsnlog[asoc->tsn_out_at].stcb = (void *)stcb;
  asoc->out_tsnlog[asoc->tsn_out_at].in_pos = asoc->tsn_out_at;
  asoc->out_tsnlog[asoc->tsn_out_at].in_out = 2;
  asoc->tsn_out_at++;
#endif
  if (stcb->asoc.idata_supported == 0) {
    dchkh->ch.chunk_type = SCTP_DATA;
    dchkh->ch.chunk_flags = chk->rec.data.rcv_flags;
    dchkh->dp.tsn = htonl(chk->rec.data.tsn);
    dchkh->dp.sid = htons(strq->sid);
    dchkh->dp.ssn = htons((uint16_t)chk->rec.data.mid);
    dchkh->dp.ppid = chk->rec.data.ppid;
    dchkh->ch.chunk_length = htons(chk->send_size);
  } else {
    ndchkh->ch.chunk_type = SCTP_IDATA;
    ndchkh->ch.chunk_flags = chk->rec.data.rcv_flags;
    ndchkh->dp.tsn = htonl(chk->rec.data.tsn);
    ndchkh->dp.sid = htons(strq->sid);
    ndchkh->dp.reserved = htons(0);
    ndchkh->dp.mid = htonl(chk->rec.data.mid);
    if (sp->fsn == 0)
      ndchkh->dp.ppid_fsn.ppid = chk->rec.data.ppid;
    else
      ndchkh->dp.ppid_fsn.fsn = htonl(sp->fsn);
    sp->fsn++;
    ndchkh->ch.chunk_length = htons(chk->send_size);
  }
  /* Now advance the chk->send_size by the actual pad needed. */
  if (chk->send_size < SCTP_SIZE32(chk->book_size)) {
    /* need a pad */
    struct mbuf *lm;
    int pads;

    pads = SCTP_SIZE32(chk->book_size) - chk->send_size;
    lm = sctp_pad_lastmbuf(chk->data, pads, chk->last_mbuf);
    if (lm != NULL) {
      chk->last_mbuf = lm;
      chk->pad_inplace = 1;
    }
    chk->send_size += pads;
  }
  if (PR_SCTP_ENABLED(chk->flags)) {
    asoc->pr_sctp_cnt++;
  }
  if (sp->msg_is_complete && (sp->length == 0) && (sp->sender_all_done)) {
    /* All done pull and kill the message */
    if (sp->put_last_out == 0) {
      SCTP_PRINTF("Gak, put out entire msg with NO end!-2\n");
      SCTP_PRINTF("sender_done:%d len:%d msg_comp:%d put_last_out:%d\n",
                  sp->sender_all_done,
                  sp->length,
                  sp->msg_is_complete,
                  sp->put_last_out);
    }
    atomic_subtract_int(&asoc->stream_queue_cnt, 1);
    TAILQ_REMOVE(&strq->outqueue, sp, next);
    stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, strq, sp);
    if ((strq->state == SCTP_STREAM_RESET_PENDING) &&
        (strq->chunks_on_queues == 0) &&
        TAILQ_EMPTY(&strq->outqueue)) {
      stcb->asoc.trigger_reset = 1;
    }
    if (sp->net) {
      sctp_free_remote_addr(sp->net);
      sp->net = NULL;
    }
    if (sp->data) {
      sctp_m_freem(sp->data);
      sp->data = NULL;
    }
    sctp_free_a_strmoq(stcb, sp, so_locked);
  }
  asoc->chunks_on_out_queue++;
  strq->chunks_on_queues++;
  TAILQ_INSERT_TAIL(&asoc->send_queue, chk, sctp_next);
  asoc->send_queue_cnt++;
out_of:
  return (to_move);
}

static void
sctp_fill_outqueue(struct sctp_tcb *stcb, struct sctp_nets *net,
                   uint32_t frag_point, int eeor_mode, int *quit_now,
                   int so_locked)
{
  struct sctp_association *asoc;
  struct sctp_stream_out *strq;
  uint32_t space_left, moved, total_moved;
  int bail, giveup;

  SCTP_TCB_LOCK_ASSERT(stcb);
  asoc = &stcb->asoc;
  total_moved = 0;
  switch (net->ro._l_addr.sa.sa_family) {
#ifdef INET
    case AF_INET:
      space_left = net->mtu - SCTP_MIN_V4_OVERHEAD;
      break;
#endif
#ifdef INET6
    case AF_INET6:
      space_left = net->mtu - SCTP_MIN_OVERHEAD;
      break;
#endif
#if defined(__Userspace__)
    case AF_CONN:
      space_left = net->mtu - sizeof(struct sctphdr);
      break;
#endif
    default:
      /* TSNH */
      space_left = net->mtu;
      break;
  }
  /* Need an allowance for the data chunk header too */
  space_left -= SCTP_DATA_CHUNK_OVERHEAD(stcb);

  /* must make even word boundary */
  space_left &= 0xfffffffc;
  strq = stcb->asoc.ss_functions.sctp_ss_select_stream(stcb, net, asoc);
  giveup = 0;
  bail = 0;
  while ((space_left > 0) && (strq != NULL)) {
    moved = sctp_move_to_outqueue(stcb, net, strq, space_left,
                                  frag_point, &giveup, eeor_mode,
                                  &bail, so_locked);
    if ((giveup != 0) || (bail != 0)) {
      break;
    }
    strq = stcb->asoc.ss_functions.sctp_ss_select_stream(stcb, net, asoc);
    total_moved += moved;
    if (space_left >= moved) {
      space_left -= moved;
    } else {
      space_left = 0;
    }
    if (space_left >= SCTP_DATA_CHUNK_OVERHEAD(stcb)) {
      space_left -= SCTP_DATA_CHUNK_OVERHEAD(stcb);
    } else {
      space_left = 0;
    }
    space_left &= 0xfffffffc;
  }
  if (bail != 0)
    *quit_now = 1;

  stcb->asoc.ss_functions.sctp_ss_packet_done(stcb, net, asoc);

  if (total_moved == 0) {
    if ((stcb->asoc.sctp_cmt_on_off == 0) &&
        (net == stcb->asoc.primary_destination)) {
      /* ran dry for primary network net */
      SCTP_STAT_INCR(sctps_primary_randry);
    } else if (stcb->asoc.sctp_cmt_on_off > 0) {
      /* ran dry with CMT on */
      SCTP_STAT_INCR(sctps_cmt_randry);
    }
  }
}

void
sctp_fix_ecn_echo(struct sctp_association *asoc)
{
  struct sctp_tmit_chunk *chk;

  TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
    if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) {
      chk->sent = SCTP_DATAGRAM_UNSENT;
    }
  }
}

void
sctp_move_chunks_from_net(struct sctp_tcb *stcb, struct sctp_nets *net)
{
  struct sctp_association *asoc;
  struct sctp_tmit_chunk *chk;
  struct sctp_stream_queue_pending *sp;
  unsigned int i;

  if (net == NULL) {
    return;
  }
  asoc = &stcb->asoc;
  for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
    TAILQ_FOREACH(sp, &stcb->asoc.strmout[i].outqueue, next) {
      if (sp->net == net) {
        sctp_free_remote_addr(sp->net);
        sp->net = NULL;
      }
    }
  }
  TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) {
    if (chk->whoTo == net) {
      sctp_free_remote_addr(chk->whoTo);
      chk->whoTo = NULL;
    }
  }
}

int
sctp_med_chunk_output(struct sctp_inpcb *inp,
                      struct sctp_tcb *stcb,
                      struct sctp_association *asoc,
                      int *num_out,
                      int *reason_code,
                      int control_only, int from_where,
                      struct timeval *now, int *now_filled,
                      uint32_t frag_point, int so_locked)
{
  /**
   * Ok this is the generic chunk service queue. we must do the
   * following:
   * - Service the stream queue that is next, moving any
   *   message (note I must get a complete message i.e. FIRST/MIDDLE and
   *   LAST to the out queue in one pass) and assigning TSN's. This
   *   only applies though if the peer does not support NDATA. For NDATA
   *   chunks its ok to not send the entire message ;-)
   * - Check to see if the cwnd/rwnd allows any output, if so we go ahead and
   *   formulate and send the low level chunks. Making sure to combine
   *   any control in the control chunk queue also.
   */
  struct sctp_nets *net, *start_at, *sack_goes_to = NULL, *old_start_at = NULL;
  struct mbuf *outchain, *endoutchain;
  struct sctp_tmit_chunk *chk, *nchk;

  /* temp arrays for unlinking */
  struct sctp_tmit_chunk *data_list[SCTP_MAX_DATA_BUNDLING];
  int no_fragmentflg, error;
  unsigned int max_rwnd_per_dest, max_send_per_dest;
  int one_chunk, hbflag, skip_data_for_this_net;
  int asconf, cookie, no_out_cnt;
  int bundle_at, ctl_cnt, no_data_chunks, eeor_mode;
  unsigned int mtu, r_mtu, omtu, mx_mtu, to_out;
  int tsns_sent = 0;
  uint32_t auth_offset;
  struct sctp_auth_chunk *auth;
  uint16_t auth_keyid;
  int override_ok = 1;
  int skip_fill_up = 0;
  int data_auth_reqd = 0;
  /* JRS 5/14/07 - Add flag for whether a heartbeat is sent to
     the destination. */
  int quit_now = 0;
  bool use_zero_crc;

#if defined(__APPLE__) && !defined(__Userspace__)
  if (so_locked) {
    sctp_lock_assert(SCTP_INP_SO(inp));
  } else {
    sctp_unlock_assert(SCTP_INP_SO(inp));
  }
#endif
  *num_out = 0;
  *reason_code = 0;
  auth_keyid = stcb->asoc.authinfo.active_keyid;
  if ((asoc->state & SCTP_STATE_SHUTDOWN_PENDING) ||
      (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) ||
      (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR))) {
    eeor_mode = 1;
  } else {
    eeor_mode = 0;
  }
  ctl_cnt = no_out_cnt = asconf = cookie = 0;
  /*
   * First lets prime the pump. For each destination, if there is room
   * in the flight size, attempt to pull an MTU's worth out of the
   * stream queues into the general send_queue
   */
#ifdef SCTP_AUDITING_ENABLED
  sctp_audit_log(0xC2, 2);
#endif
  SCTP_TCB_LOCK_ASSERT(stcb);
  hbflag = 0;
  if (control_only)
    no_data_chunks = 1;
  else
    no_data_chunks = 0;

  /* Nothing to possible to send? */
  if ((TAILQ_EMPTY(&asoc->control_send_queue) ||
       (asoc->ctrl_queue_cnt == stcb->asoc.ecn_echo_cnt_onq)) &&
      TAILQ_EMPTY(&asoc->asconf_send_queue) &&
      TAILQ_EMPTY(&asoc->send_queue) &&
      sctp_is_there_unsent_data(stcb, so_locked) == 0) {
  nothing_to_send:
    *reason_code = 9;
    return (0);
  }
  if (asoc->peers_rwnd == 0) {
    /* No room in peers rwnd */
    *reason_code = 1;
    if (asoc->total_flight > 0) {
      /* we are allowed one chunk in flight */
      no_data_chunks = 1;
    }
  }
  if (stcb->asoc.ecn_echo_cnt_onq) {
    /* Record where a sack goes, if any */
    if (no_data_chunks &&
        (asoc->ctrl_queue_cnt == stcb->asoc.ecn_echo_cnt_onq)) {
      /* Nothing but ECNe to send - we don't do that */
      goto nothing_to_send;
    }
    TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
      if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) ||
          (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK)) {
        sack_goes_to = chk->whoTo;
        break;
      }
    }
  }
  max_rwnd_per_dest = ((asoc->peers_rwnd + asoc->total_flight) / asoc->numnets);
  if (stcb->sctp_socket)
    max_send_per_dest = SCTP_SB_LIMIT_SND(stcb->sctp_socket) / asoc->numnets;
  else
    max_send_per_dest = 0;
  if (no_data_chunks == 0) {
    /* How many non-directed chunks are there? */
    TAILQ_FOREACH(chk, &asoc->send_queue, sctp_next) {
      if (chk->whoTo == NULL) {
        /* We already have non-directed
         * chunks on the queue, no need
         * to do a fill-up.
         */
        skip_fill_up = 1;
        break;
      }
    }
  }
  if ((no_data_chunks == 0) &&
      (skip_fill_up == 0) &&
      (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, asoc))) {
    TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
      /*
       * This for loop we are in takes in
       * each net, if its's got space in cwnd and
       * has data sent to it (when CMT is off) then it
       * calls sctp_fill_outqueue for the net. This gets
       * data on the send queue for that network.
       *
       * In sctp_fill_outqueue TSN's are assigned and
       * data is copied out of the stream buffers. Note
       * mostly copy by reference (we hope).
       */
      net->window_probe = 0;
      if ((net != stcb->asoc.alternate) &&
          ((net->dest_state & SCTP_ADDR_PF) ||
           ((net->dest_state & SCTP_ADDR_REACHABLE) == 0) ||
           (net->dest_state & SCTP_ADDR_UNCONFIRMED))) {
        if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
          sctp_log_cwnd(stcb, net, 1,
                        SCTP_CWND_LOG_FILL_OUTQ_CALLED);
        }
        continue;
      }
      if ((stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) &&
          (net->flight_size == 0)) {
        (*stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins)(stcb, net);
      }
      if (net->flight_size >= net->cwnd) {
        /* skip this network, no room - can't fill */
        if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
          sctp_log_cwnd(stcb, net, 3,
                        SCTP_CWND_LOG_FILL_OUTQ_CALLED);
        }
        continue;
      }
      if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
        sctp_log_cwnd(stcb, net, 4, SCTP_CWND_LOG_FILL_OUTQ_CALLED);
      }
      sctp_fill_outqueue(stcb, net, frag_point, eeor_mode, &quit_now, so_locked);
      if (quit_now) {
        /* memory alloc failure */
        no_data_chunks = 1;
        break;
      }
    }
  }
  /* now service each destination and send out what we can for it */
  /* Nothing to send? */
  if (TAILQ_EMPTY(&asoc->control_send_queue) &&
      TAILQ_EMPTY(&asoc->asconf_send_queue) &&
      TAILQ_EMPTY(&asoc->send_queue)) {
    *reason_code = 8;
    return (0);
  }

  if (asoc->sctp_cmt_on_off > 0) {
    /* get the last start point */
    start_at = asoc->last_net_cmt_send_started;
    if (start_at == NULL) {
      /* null so to beginning */
      start_at = TAILQ_FIRST(&asoc->nets);
    } else {
      start_at = TAILQ_NEXT(asoc->last_net_cmt_send_started, sctp_next);
      if (start_at == NULL) {
        start_at = TAILQ_FIRST(&asoc->nets);
      }
    }
    asoc->last_net_cmt_send_started = start_at;
  } else {
    start_at = TAILQ_FIRST(&asoc->nets);
  }
  TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
    if (chk->whoTo == NULL) {
      if (asoc->alternate) {
        chk->whoTo = asoc->alternate;
      } else {
        chk->whoTo = asoc->primary_destination;
      }
      atomic_add_int(&chk->whoTo->ref_count, 1);
    }
  }
  old_start_at = NULL;
again_one_more_time:
  for (net = start_at; net != NULL; net = TAILQ_NEXT(net, sctp_next)) {
    /* how much can we send? */
    /* SCTPDBG("Examine for sending net:%x\n", (uint32_t)net); */
    if (old_start_at && (old_start_at == net)) {
      /* through list completely. */
      break;
    }
    tsns_sent = 0xa;
    if (TAILQ_EMPTY(&asoc->control_send_queue) &&
        TAILQ_EMPTY(&asoc->asconf_send_queue) &&
        (net->flight_size >= net->cwnd)) {
      /* Nothing on control or asconf and flight is full, we can skip
       * even in the CMT case.
       */
      continue;
    }
    bundle_at = 0;
    endoutchain = outchain = NULL;
    auth = NULL;
    auth_offset = 0;
    no_fragmentflg = 1;
    one_chunk = 0;
    if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
      skip_data_for_this_net = 1;
    } else {
      skip_data_for_this_net = 0;
    }
    switch (((struct sockaddr *)&net->ro._l_addr)->sa_family) {
#ifdef INET
    case AF_INET:
      mtu = net->mtu - SCTP_MIN_V4_OVERHEAD;
      break;
#endif
#ifdef INET6
    case AF_INET6:
      mtu = net->mtu - SCTP_MIN_OVERHEAD;
      break;
#endif
#if defined(__Userspace__)
    case AF_CONN:
      mtu = net->mtu - sizeof(struct sctphdr);
      break;
#endif
    default:
      /* TSNH */
      mtu = net->mtu;
      break;
    }
    mx_mtu = mtu;
    to_out = 0;
    if (mtu > asoc->peers_rwnd) {
      if (asoc->total_flight > 0) {
        /* We have a packet in flight somewhere */
        r_mtu = asoc->peers_rwnd;
      } else {
        /* We are always allowed to send one MTU out */
        one_chunk = 1;
        r_mtu = mtu;
      }
    } else {
      r_mtu = mtu;
    }
    error = 0;
    /************************/
    /* ASCONF transmission */
    /************************/
    /* Now first lets go through the asconf queue */
    TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) {
      if (chk->rec.chunk_id.id != SCTP_ASCONF) {
        continue;
      }
      if (chk->whoTo == NULL) {
        if (asoc->alternate == NULL) {
          if (asoc->primary_destination != net) {
            break;
          }
        } else {
          if (asoc->alternate != net) {
            break;
          }
        }
      } else {
        if (chk->whoTo != net) {
          break;
        }
      }
      if (chk->data == NULL) {
        break;
      }
      if (chk->sent != SCTP_DATAGRAM_UNSENT &&
          chk->sent != SCTP_DATAGRAM_RESEND) {
        break;
      }
      /*
       * if no AUTH is yet included and this chunk
       * requires it, make sure to account for it.  We
       * don't apply the size until the AUTH chunk is
       * actually added below in case there is no room for
       * this chunk. NOTE: we overload the use of "omtu"
       * here
       */
      if ((auth == NULL) &&
          sctp_auth_is_required_chunk(chk->rec.chunk_id.id,
              stcb->asoc.peer_auth_chunks)) {
        omtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id);
      } else
        omtu = 0;
      /* Here we do NOT factor the r_mtu */
      if ((chk->send_size < (int)(mtu - omtu)) ||
          (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) {
        /*
         * We probably should glom the mbuf chain
         * from the chk->data for control but the
         * problem is it becomes yet one more level
         * of tracking to do if for some reason
         * output fails. Then I have got to
         * reconstruct the merged control chain.. el
         * yucko.. for now we take the easy way and
         * do the copy
         */
        /*
         * Add an AUTH chunk, if chunk requires it
         * save the offset into the chain for AUTH
         */
        if ((auth == NULL) &&
            (sctp_auth_is_required_chunk(chk->rec.chunk_id.id,
                 stcb->asoc.peer_auth_chunks))) {
          outchain = sctp_add_auth_chunk(outchain,
                       &endoutchain,
                       &auth,
                       &auth_offset,
                       stcb,
                       chk->rec.chunk_id.id);
          SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
        }
        outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain,
                     (int)chk->rec.chunk_id.can_take_data,
                     chk->send_size, chk->copy_by_ref);
        if (outchain == NULL) {
          *reason_code = 8;
          SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
          return (ENOMEM);
        }
        SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
        /* update our MTU size */
        if (mtu > (chk->send_size + omtu))
          mtu -= (chk->send_size + omtu);
        else
          mtu = 0;
        to_out += (chk->send_size + omtu);
        /* Do clear IP_DF ? */
        if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) {
          no_fragmentflg = 0;
        }
        if (chk->rec.chunk_id.can_take_data)
          chk->data = NULL;
        /*
         * set hb flag since we can
         * use these for RTO
         */
        hbflag = 1;
        asconf = 1;
        /*
         * should sysctl this: don't
         * bundle data with ASCONF
         * since it requires AUTH
         */
        no_data_chunks = 1;
        chk->sent = SCTP_DATAGRAM_SENT;
        if (chk->whoTo == NULL) {
          chk->whoTo = net;
          atomic_add_int(&net->ref_count, 1);
        }
        chk->snd_count++;
        if (mtu == 0) {
          /*
           * Ok we are out of room but we can
           * output without effecting the
           * flight size since this little guy
           * is a control only packet.
           */
          sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, net);
          /*
           * do NOT clear the asconf
           * flag as it is used to do
           * appropriate source address
           * selection.
           */
          if (*now_filled == 0) {
            (void)SCTP_GETTIME_TIMEVAL(now);
            *now_filled = 1;
          }
          net->last_sent_time = *now;
          hbflag = 0;
          if ((error = sctp_lowlevel_chunk_output(inp, stcb, net,
                                                  (struct sockaddr *)&net->ro._l_addr,
                                                  outchain, auth_offset, auth,
                                                  stcb->asoc.authinfo.active_keyid,
                                                  no_fragmentflg, 0, asconf,
                                                  inp->sctp_lport, stcb->rport,
                                                  htonl(stcb->asoc.peer_vtag),
                                                  net->port, NULL,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                                                  0, 0,
#endif
                                                  false, so_locked))) {
            /* error, we could not output */
            SCTPDBG(SCTP_DEBUG_OUTPUT3, "Gak send error %d\n", error);
            if (from_where == 0) {
              SCTP_STAT_INCR(sctps_lowlevelerrusr);
            }
            if (error == ENOBUFS) {
              asoc->ifp_had_enobuf = 1;
              SCTP_STAT_INCR(sctps_lowlevelerr);
            }
            /* error, could not output */
            if (error == EHOSTUNREACH) {
              /*
               * Destination went
               * unreachable
               * during this send
               */
              sctp_move_chunks_from_net(stcb, net);
            }
            asconf = 0;
            *reason_code = 7;
            break;
          } else {
            asoc->ifp_had_enobuf = 0;
          }
          /*
           * increase the number we sent, if a
           * cookie is sent we don't tell them
           * any was sent out.
           */
          outchain = endoutchain = NULL;
          auth = NULL;
          auth_offset = 0;
          asconf = 0;
          if (!no_out_cnt)
            *num_out += ctl_cnt;
          /* recalc a clean slate and setup */
          switch (net->ro._l_addr.sa.sa_family) {
#ifdef INET
            case AF_INET:
              mtu = net->mtu - SCTP_MIN_V4_OVERHEAD;
              break;
#endif
#ifdef INET6
            case AF_INET6:
              mtu = net->mtu - SCTP_MIN_OVERHEAD;
              break;
#endif
#if defined(__Userspace__)
            case AF_CONN:
              mtu = net->mtu - sizeof(struct sctphdr);
              break;
#endif
            default:
              /* TSNH */
              mtu = net->mtu;
              break;
          }
          to_out = 0;
          no_fragmentflg = 1;
        }
      }
    }
    if (error != 0) {
      /* try next net */
      continue;
    }
    /************************/
    /* Control transmission */
    /************************/
    /* Now first lets go through the control queue */
    TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) {
      if ((sack_goes_to) &&
          (chk->rec.chunk_id.id == SCTP_ECN_ECHO) &&
          (chk->whoTo != sack_goes_to)) {
        /*
         * if we have a sack in queue, and we are looking at an
         * ecn echo that is NOT queued to where the sack is going..
         */
        if (chk->whoTo == net) {
          /* Don't transmit it to where its going (current net) */
          continue;
        } else if (sack_goes_to == net) {
          /* But do transmit it to this address */
          goto skip_net_check;
        }
      }
      if (chk->whoTo == NULL) {
        if (asoc->alternate == NULL) {
          if (asoc->primary_destination != net) {
            continue;
          }
        } else {
          if (asoc->alternate != net) {
            continue;
          }
        }
      } else {
        if (chk->whoTo != net) {
          continue;
        }
      }
    skip_net_check:
      if (chk->data == NULL) {
        continue;
      }
      if (chk->sent != SCTP_DATAGRAM_UNSENT) {
        /*
         * It must be unsent. Cookies and ASCONF's
         * hang around but there timers will force
         * when marked for resend.
         */
        continue;
      }
      /*
       * if no AUTH is yet included and this chunk
       * requires it, make sure to account for it.  We
       * don't apply the size until the AUTH chunk is
       * actually added below in case there is no room for
       * this chunk. NOTE: we overload the use of "omtu"
       * here
       */
      if ((auth == NULL) &&
          sctp_auth_is_required_chunk(chk->rec.chunk_id.id,
              stcb->asoc.peer_auth_chunks)) {
        omtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id);
      } else
        omtu = 0;
      /* Here we do NOT factor the r_mtu */
      if ((chk->send_size <= (int)(mtu - omtu)) ||
          (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) {
        /*
         * We probably should glom the mbuf chain
         * from the chk->data for control but the
         * problem is it becomes yet one more level
         * of tracking to do if for some reason
         * output fails. Then I have got to
         * reconstruct the merged control chain.. el
         * yucko.. for now we take the easy way and
         * do the copy
         */
        /*
         * Add an AUTH chunk, if chunk requires it
         * save the offset into the chain for AUTH
         */
        if ((auth == NULL) &&
            (sctp_auth_is_required_chunk(chk->rec.chunk_id.id,
                 stcb->asoc.peer_auth_chunks))) {
          outchain = sctp_add_auth_chunk(outchain,
                       &endoutchain,
                       &auth,
                       &auth_offset,
                       stcb,
                       chk->rec.chunk_id.id);
          SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
        }
        outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain,
                     (int)chk->rec.chunk_id.can_take_data,
                     chk->send_size, chk->copy_by_ref);
        if (outchain == NULL) {
          *reason_code = 8;
          SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
          return (ENOMEM);
        }
        SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
        /* update our MTU size */
        if (mtu > (chk->send_size + omtu))
          mtu -= (chk->send_size + omtu);
        else
          mtu = 0;
        to_out += (chk->send_size + omtu);
        /* Do clear IP_DF ? */
        if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) {
          no_fragmentflg = 0;
        }
        if (chk->rec.chunk_id.can_take_data)
          chk->data = NULL;
        /* Mark things to be removed, if needed */
        if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) ||
            (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK) || /* EY */
            (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) ||
            (chk->rec.chunk_id.id == SCTP_HEARTBEAT_ACK) ||
            (chk->rec.chunk_id.id == SCTP_SHUTDOWN) ||
            (chk->rec.chunk_id.id == SCTP_SHUTDOWN_ACK) ||
            (chk->rec.chunk_id.id == SCTP_OPERATION_ERROR) ||
            (chk->rec.chunk_id.id == SCTP_COOKIE_ACK) ||
            (chk->rec.chunk_id.id == SCTP_ECN_CWR) ||
            (chk->rec.chunk_id.id == SCTP_PACKET_DROPPED) ||
            (chk->rec.chunk_id.id == SCTP_ASCONF_ACK)) {
          if (chk->rec.chunk_id.id == SCTP_HEARTBEAT_REQUEST) {
            hbflag = 1;
          }
          /* remove these chunks at the end */
          if ((chk->rec.chunk_id.id == SCTP_SELECTIVE_ACK) ||
              (chk->rec.chunk_id.id == SCTP_NR_SELECTIVE_ACK)) {
            /* turn off the timer */
            if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
              sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
                              inp, stcb, NULL,
                              SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_1);
            }
          }
          ctl_cnt++;
        } else {
          /*
           * Other chunks, since they have
           * timers running (i.e. COOKIE)
           * we just "trust" that it
           * gets sent or retransmitted.
           */
          ctl_cnt++;
          if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
            cookie = 1;
            no_out_cnt = 1;
          } else if (chk->rec.chunk_id.id == SCTP_ECN_ECHO) {
            /*
             * Increment ecne send count here
             * this means we may be over-zealous in
             * our counting if the send fails, but its
             * the best place to do it (we used to do
             * it in the queue of the chunk, but that did
             * not tell how many times it was sent.
             */
            SCTP_STAT_INCR(sctps_sendecne);
          }
          chk->sent = SCTP_DATAGRAM_SENT;
          if (chk->whoTo == NULL) {
            chk->whoTo = net;
            atomic_add_int(&net->ref_count, 1);
          }
          chk->snd_count++;
        }
        if (mtu == 0) {
          /*
           * Ok we are out of room but we can
           * output without effecting the
           * flight size since this little guy
           * is a control only packet.
           */
          switch (asoc->snd_edmid) {
          case SCTP_EDMID_LOWER_LAYER_DTLS:
            use_zero_crc = true;
            break;
          default:
            use_zero_crc = false;
            break;
          }
          if (asconf) {
            sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, net);
            use_zero_crc = false;
            /*
             * do NOT clear the asconf
             * flag as it is used to do
             * appropriate source address
             * selection.
             */
          }
          if (cookie) {
            sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net);
            use_zero_crc = false;
            cookie = 0;
          }
          /* Only HB or ASCONF advances time */
          if (hbflag) {
            if (*now_filled == 0) {
              (void)SCTP_GETTIME_TIMEVAL(now);
              *now_filled = 1;
            }
            net->last_sent_time = *now;
            hbflag = 0;
          }
          if ((error = sctp_lowlevel_chunk_output(inp, stcb, net,
                                                  (struct sockaddr *)&net->ro._l_addr,
                                                  outchain,
                                                  auth_offset, auth,
                                                  stcb->asoc.authinfo.active_keyid,
                                                  no_fragmentflg, 0, asconf,
                                                  inp->sctp_lport, stcb->rport,
                                                  htonl(stcb->asoc.peer_vtag),
                                                  net->port, NULL,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                                                  0, 0,
#endif
                                                  use_zero_crc, so_locked))) {
            /* error, we could not output */
            SCTPDBG(SCTP_DEBUG_OUTPUT3, "Gak send error %d\n", error);
            if (from_where == 0) {
              SCTP_STAT_INCR(sctps_lowlevelerrusr);
            }
            if (error == ENOBUFS) {
              asoc->ifp_had_enobuf = 1;
              SCTP_STAT_INCR(sctps_lowlevelerr);
            }
            if (error == EHOSTUNREACH) {
              /*
               * Destination went
               * unreachable
               * during this send
               */
              sctp_move_chunks_from_net(stcb, net);
            }
            asconf = 0;
            *reason_code = 7;
            break;
          } else {
            asoc->ifp_had_enobuf = 0;
          }
          /*
           * increase the number we sent, if a
           * cookie is sent we don't tell them
           * any was sent out.
           */
          outchain = endoutchain = NULL;
          auth = NULL;
          auth_offset = 0;
          asconf = 0;
          if (!no_out_cnt)
            *num_out += ctl_cnt;
          /* recalc a clean slate and setup */
          switch (net->ro._l_addr.sa.sa_family) {
#ifdef INET
            case AF_INET:
              mtu = net->mtu - SCTP_MIN_V4_OVERHEAD;
              break;
#endif
#ifdef INET6
            case AF_INET6:
              mtu = net->mtu - SCTP_MIN_OVERHEAD;
              break;
#endif
#if defined(__Userspace__)
            case AF_CONN:
              mtu = net->mtu - sizeof(struct sctphdr);
              break;
#endif
            default:
              /* TSNH */
              mtu = net->mtu;
              break;
          }
          to_out = 0;
          no_fragmentflg = 1;
        }
      }
    }
    if (error != 0) {
      /* try next net */
      continue;
    }
    /* JRI: if dest is in PF state, do not send data to it */
    if ((asoc->sctp_cmt_on_off > 0) &&
        (net != stcb->asoc.alternate) &&
        (net->dest_state & SCTP_ADDR_PF)) {
      goto no_data_fill;
    }
    if (net->flight_size >= net->cwnd) {
      goto no_data_fill;
    }
    if ((asoc->sctp_cmt_on_off > 0) &&
        (SCTP_BASE_SYSCTL(sctp_buffer_splitting) & SCTP_RECV_BUFFER_SPLITTING) &&
        (net->flight_size > max_rwnd_per_dest)) {
      goto no_data_fill;
    }
    /*
     * We need a specific accounting for the usage of the
     * send buffer. We also need to check the number of messages
     * per net. For now, this is better than nothing and it
     * disabled by default...
     */
    if ((asoc->sctp_cmt_on_off > 0) &&
        (SCTP_BASE_SYSCTL(sctp_buffer_splitting) & SCTP_SEND_BUFFER_SPLITTING) &&
        (max_send_per_dest > 0) &&
        (net->flight_size > max_send_per_dest)) {
      goto no_data_fill;
    }
    /*********************/
    /* Data transmission */
    /*********************/
    /*
     * if AUTH for DATA is required and no AUTH has been added
     * yet, account for this in the mtu now... if no data can be
     * bundled, this adjustment won't matter anyways since the
     * packet will be going out...
     */
    data_auth_reqd = sctp_auth_is_required_chunk(SCTP_DATA,
                   stcb->asoc.peer_auth_chunks);
    if (data_auth_reqd && (auth == NULL)) {
      mtu -= sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id);
    }
    /* now lets add any data within the MTU constraints */
    switch (((struct sockaddr *)&net->ro._l_addr)->sa_family) {
#ifdef INET
    case AF_INET:
      if (net->mtu > SCTP_MIN_V4_OVERHEAD)
        omtu = net->mtu - SCTP_MIN_V4_OVERHEAD;
      else
        omtu = 0;
      break;
#endif
#ifdef INET6
    case AF_INET6:
      if (net->mtu > SCTP_MIN_OVERHEAD)
        omtu = net->mtu - SCTP_MIN_OVERHEAD;
      else
        omtu = 0;
      break;
#endif
#if defined(__Userspace__)
    case AF_CONN:
      if (net->mtu > sizeof(struct sctphdr)) {
        omtu = net->mtu - sizeof(struct sctphdr);
      } else {
        omtu = 0;
      }
      break;
#endif
    default:
      /* TSNH */
      omtu = 0;
      break;
    }
    if ((((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) ||
          (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) &&
         (skip_data_for_this_net == 0)) ||
        (cookie)) {
      TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) {
        if (no_data_chunks) {
          /* let only control go out */
          *reason_code = 1;
          break;
        }
        if (net->flight_size >= net->cwnd) {
          /* skip this net, no room for data */
          *reason_code = 2;
          break;
        }
        if ((chk->whoTo != NULL) &&
            (chk->whoTo != net)) {
          /* Don't send the chunk on this net */
          continue;
        }

        if (asoc->sctp_cmt_on_off == 0) {
          if ((asoc->alternate) &&
              (asoc->alternate != net) &&
              (chk->whoTo == NULL)) {
            continue;
          } else if ((net != asoc->primary_destination) &&
               (asoc->alternate == NULL) &&
               (chk->whoTo == NULL)) {
            continue;
          }
        }
        if ((chk->send_size > omtu) && ((chk->flags & CHUNK_FLAGS_FRAGMENT_OK) == 0)) {
          /*-
           * strange, we have a chunk that is
           * to big for its destination and
           * yet no fragment ok flag.
           * Something went wrong when the
           * PMTU changed...we did not mark
           * this chunk for some reason?? I
           * will fix it here by letting IP
           * fragment it for now and printing
           * a warning. This really should not
           * happen ...
           */
          SCTP_PRINTF("Warning chunk of %d bytes > mtu:%d and yet PMTU disc missed\n",
                chk->send_size, mtu);
          chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
        }
        if (SCTP_BASE_SYSCTL(sctp_enable_sack_immediately) &&
            (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) {
          struct sctp_data_chunk *dchkh;

          dchkh = mtod(chk->data, struct sctp_data_chunk *);
          dchkh->ch.chunk_flags |= SCTP_DATA_SACK_IMMEDIATELY;
        }
        if (((chk->send_size <= mtu) && (chk->send_size <= r_mtu)) ||
            ((chk->flags & CHUNK_FLAGS_FRAGMENT_OK) && (chk->send_size <= asoc->peers_rwnd))) {
          /* ok we will add this one */

          /*
           * Add an AUTH chunk, if chunk
           * requires it, save the offset into
           * the chain for AUTH
           */
          if (data_auth_reqd) {
            if (auth == NULL) {
              outchain = sctp_add_auth_chunk(outchain,
                           &endoutchain,
                           &auth,
                           &auth_offset,
                           stcb,
                           SCTP_DATA);
              auth_keyid = chk->auth_keyid;
              override_ok = 0;
              SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
            } else if (override_ok) {
              /* use this data's keyid */
              auth_keyid = chk->auth_keyid;
              override_ok = 0;
            } else if (auth_keyid != chk->auth_keyid) {
              /* different keyid, so done bundling */
              break;
            }
          }
          outchain = sctp_copy_mbufchain(chk->data, outchain, &endoutchain, 0,
                       chk->send_size, chk->copy_by_ref);
          if (outchain == NULL) {
            SCTPDBG(SCTP_DEBUG_OUTPUT3, "No memory?\n");
            if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
              sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net);
            }
            *reason_code = 3;
            SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
            return (ENOMEM);
          }
          /* update our MTU size */
          /* Do clear IP_DF ? */
          if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) {
            no_fragmentflg = 0;
          }
          /* unsigned subtraction of mtu */
          if (mtu > chk->send_size)
            mtu -= chk->send_size;
          else
            mtu = 0;
          /* unsigned subtraction of r_mtu */
          if (r_mtu > chk->send_size)
            r_mtu -= chk->send_size;
          else
            r_mtu = 0;

          to_out += chk->send_size;
          if ((to_out > mx_mtu) && no_fragmentflg) {
#ifdef INVARIANTS
            panic("Exceeding mtu of %d out size is %d", mx_mtu, to_out);
#else
            SCTP_PRINTF("Exceeding mtu of %d out size is %d\n",
                  mx_mtu, to_out);
#endif
          }
          chk->window_probe = 0;
          data_list[bundle_at++] = chk;
          if (bundle_at >= SCTP_MAX_DATA_BUNDLING) {
            break;
          }
          if (chk->sent == SCTP_DATAGRAM_UNSENT) {
            if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) {
              SCTP_STAT_INCR_COUNTER64(sctps_outorderchunks);
            } else {
              SCTP_STAT_INCR_COUNTER64(sctps_outunorderchunks);
            }
            if (((chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) == SCTP_DATA_LAST_FRAG) &&
                ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0))
              /* Count number of user msg's that were fragmented
               * we do this by counting when we see a LAST fragment
               * only.
               */
              SCTP_STAT_INCR_COUNTER64(sctps_fragusrmsgs);
          }
          if ((mtu == 0) || (r_mtu == 0) || (one_chunk)) {
            if ((one_chunk) && (stcb->asoc.total_flight == 0)) {
              data_list[0]->window_probe = 1;
              net->window_probe = 1;
            }
            break;
          }
        } else {
          /*
           * Must be sent in order of the
           * TSN's (on a network)
           */
          break;
        }
      }  /* for (chunk gather loop for this net) */
    }    /* if asoc.state OPEN */
  no_data_fill:
    /* Is there something to send for this destination? */
    if (outchain) {
      switch (asoc->snd_edmid) {
      case SCTP_EDMID_LOWER_LAYER_DTLS:
        use_zero_crc = true;
        break;
      default:
        use_zero_crc = false;
        break;
      }
      /* We may need to start a control timer or two */
      if (asconf) {
        sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp,
             stcb, net);
        use_zero_crc = false;
        /*
         * do NOT clear the asconf flag as it is used
         * to do appropriate source address selection.
         */
      }
      if (cookie) {
        sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, net);
        use_zero_crc = false;
        cookie = 0;
      }
      /* must start a send timer if data is being sent */
      if (bundle_at && (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer))) {
        /*
         * no timer running on this destination
         * restart it.
         */
        sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net);
      }
      if (bundle_at || hbflag) {
        /* For data/asconf and hb set time */
        if (*now_filled == 0) {
          (void)SCTP_GETTIME_TIMEVAL(now);
          *now_filled = 1;
        }
        net->last_sent_time = *now;
      }
      /* Now send it, if there is anything to send :> */
      if ((error = sctp_lowlevel_chunk_output(inp,
                                              stcb,
                                              net,
                                              (struct sockaddr *)&net->ro._l_addr,
                                              outchain,
                                              auth_offset,
                                              auth,
                                              auth_keyid,
                                              no_fragmentflg,
                                              bundle_at,
                                              asconf,
                                              inp->sctp_lport, stcb->rport,
                                              htonl(stcb->asoc.peer_vtag),
                                              net->port, NULL,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                                              0, 0,
#endif
                                              use_zero_crc,
                                              so_locked))) {
        /* error, we could not output */
        SCTPDBG(SCTP_DEBUG_OUTPUT3, "Gak send error %d\n", error);
        if (from_where == 0) {
          SCTP_STAT_INCR(sctps_lowlevelerrusr);
        }
        if (error == ENOBUFS) {
          asoc->ifp_had_enobuf = 1;
          SCTP_STAT_INCR(sctps_lowlevelerr);
        }
        if (error == EHOSTUNREACH) {
          /*
           * Destination went unreachable
           * during this send
           */
          sctp_move_chunks_from_net(stcb, net);
        }
        asconf = 0;
        *reason_code = 6;
        /*-
         * I add this line to be paranoid. As far as
         * I can tell the continue, takes us back to
         * the top of the for, but just to make sure
         * I will reset these again here.
         */
        ctl_cnt = 0;
        continue; /* This takes us back to the for() for the nets. */
      } else {
        asoc->ifp_had_enobuf = 0;
      }
      endoutchain = NULL;
      auth = NULL;
      auth_offset = 0;
      asconf = 0;
      if (!no_out_cnt) {
        *num_out += (ctl_cnt + bundle_at);
      }
      if (bundle_at) {
        /* setup for a RTO measurement */
        tsns_sent = data_list[0]->rec.data.tsn;
        /* fill time if not already filled */
        if (*now_filled == 0) {
          (void)SCTP_GETTIME_TIMEVAL(&asoc->time_last_sent);
          *now_filled = 1;
          *now = asoc->time_last_sent;
        } else {
          asoc->time_last_sent = *now;
        }
        if (net->rto_needed) {
          data_list[0]->do_rtt = 1;
          net->rto_needed = 0;
        }
        SCTP_STAT_INCR_BY(sctps_senddata, bundle_at);
        sctp_clean_up_datalist(stcb, asoc, data_list, bundle_at, net);
      }
      if (one_chunk) {
        break;
      }
    }
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
      sctp_log_cwnd(stcb, net, tsns_sent, SCTP_CWND_LOG_FROM_SEND);
    }
  }
  if (old_start_at == NULL) {
    old_start_at = start_at;
    start_at = TAILQ_FIRST(&asoc->nets);
    if (old_start_at)
      goto again_one_more_time;
  }

  /*
   * At the end there should be no NON timed chunks hanging on this
   * queue.
   */
  if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
    sctp_log_cwnd(stcb, net, *num_out, SCTP_CWND_LOG_FROM_SEND);
  }
  if ((*num_out == 0) && (*reason_code == 0)) {
    *reason_code = 4;
  } else {
    *reason_code = 5;
  }
  sctp_clean_up_ctl(stcb, asoc, so_locked);
  return (0);
}

void
sctp_queue_op_err(struct sctp_tcb *stcb, struct mbuf *op_err)
{
  /*-
   * Prepend a OPERATIONAL_ERROR chunk header and put on the end of
   * the control chunk queue.
   */
  struct sctp_chunkhdr *hdr;
  struct sctp_tmit_chunk *chk;
  struct mbuf *mat, *last_mbuf;
  uint32_t chunk_length;
  uint16_t padding_length;

  SCTP_TCB_LOCK_ASSERT(stcb);
  SCTP_BUF_PREPEND(op_err, sizeof(struct sctp_chunkhdr), M_NOWAIT);
  if (op_err == NULL) {
    return;
  }
  last_mbuf = NULL;
  chunk_length = 0;
  for (mat = op_err; mat != NULL; mat = SCTP_BUF_NEXT(mat)) {
    chunk_length += SCTP_BUF_LEN(mat);
    if (SCTP_BUF_NEXT(mat) == NULL) {
      last_mbuf = mat;
    }
  }
  if (chunk_length > SCTP_MAX_CHUNK_LENGTH) {
    sctp_m_freem(op_err);
    return;
  }
  padding_length = chunk_length % 4;
  if (padding_length != 0) {
    padding_length = 4 - padding_length;
  }
  if (padding_length != 0) {
    if (sctp_add_pad_tombuf(last_mbuf, padding_length) == NULL) {
      sctp_m_freem(op_err);
      return;
    }
  }
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    /* no memory */
    sctp_m_freem(op_err);
    return;
  }
  chk->copy_by_ref = 0;
  chk->rec.chunk_id.id = SCTP_OPERATION_ERROR;
  chk->rec.chunk_id.can_take_data = 0;
  chk->flags = 0;
  chk->send_size = (uint16_t)chunk_length;
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  chk->asoc = &stcb->asoc;
  chk->data = op_err;
  chk->whoTo = NULL;
  hdr = mtod(op_err, struct sctp_chunkhdr *);
  hdr->chunk_type = SCTP_OPERATION_ERROR;
  hdr->chunk_flags = 0;
  hdr->chunk_length = htons(chk->send_size);
  TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next);
  chk->asoc->ctrl_queue_cnt++;
}

int
sctp_send_cookie_echo(struct mbuf *m,
    int offset, int limit,
    struct sctp_tcb *stcb,
    struct sctp_nets *net)
{
  /*-
   * pull out the cookie and put it at the front of the control chunk
   * queue.
   */
  int at;
  struct mbuf *cookie;
  struct sctp_paramhdr param, *phdr;
  struct sctp_chunkhdr *hdr;
  struct sctp_tmit_chunk *chk;
  uint16_t ptype, plen;

  SCTP_TCB_LOCK_ASSERT(stcb);
  /* First find the cookie in the param area */
  cookie = NULL;
  at = offset + sizeof(struct sctp_init_chunk);
  for (;;) {
    phdr = sctp_get_next_param(m, at, &param, sizeof(param));
    if (phdr == NULL) {
      return (-3);
    }
    ptype = ntohs(phdr->param_type);
    plen = ntohs(phdr->param_length);
    if (plen < sizeof(struct sctp_paramhdr)) {
      return (-6);
    }
    if (ptype == SCTP_STATE_COOKIE) {
      int pad;

      /* found the cookie */
      if (at + plen > limit) {
        return (-7);
      }
      cookie = SCTP_M_COPYM(m, at, plen, M_NOWAIT);
      if (cookie == NULL) {
        /* No memory */
        return (-2);
      }
      if ((pad = (plen % 4)) > 0) {
        pad = 4 - pad;
      }
      if (pad > 0) {
        if (sctp_pad_lastmbuf(cookie, pad, NULL) == NULL) {
          return (-8);
        }
      }
#ifdef SCTP_MBUF_LOGGING
      if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
        sctp_log_mbc(cookie, SCTP_MBUF_ICOPY);
      }
#endif
      break;
    }
    at += SCTP_SIZE32(plen);
  }
  /* ok, we got the cookie lets change it into a cookie echo chunk */
  /* first the change from param to cookie */
  hdr = mtod(cookie, struct sctp_chunkhdr *);
  hdr->chunk_type = SCTP_COOKIE_ECHO;
  hdr->chunk_flags = 0;
  /* get the chunk stuff now and place it in the FRONT of the queue */
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    /* no memory */
    sctp_m_freem(cookie);
    return (-5);
  }
  chk->copy_by_ref = 0;
  chk->rec.chunk_id.id = SCTP_COOKIE_ECHO;
  chk->rec.chunk_id.can_take_data = 0;
  chk->flags = CHUNK_FLAGS_FRAGMENT_OK;
  chk->send_size = SCTP_SIZE32(plen);
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  chk->asoc = &stcb->asoc;
  chk->data = cookie;
  chk->whoTo = net;
  atomic_add_int(&chk->whoTo->ref_count, 1);
  TAILQ_INSERT_HEAD(&chk->asoc->control_send_queue, chk, sctp_next);
  chk->asoc->ctrl_queue_cnt++;
  return (0);
}

void
sctp_send_heartbeat_ack(struct sctp_tcb *stcb,
    struct mbuf *m,
    int offset,
    int chk_length,
    struct sctp_nets *net)
{
  /*
   * take a HB request and make it into a HB ack and send it.
   */
  struct mbuf *outchain;
  struct sctp_chunkhdr *chdr;
  struct sctp_tmit_chunk *chk;

  if (net == NULL)
    /* must have a net pointer */
    return;

  outchain = SCTP_M_COPYM(m, offset, chk_length, M_NOWAIT);
  if (outchain == NULL) {
    /* gak out of memory */
    return;
  }
#ifdef SCTP_MBUF_LOGGING
  if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
    sctp_log_mbc(outchain, SCTP_MBUF_ICOPY);
  }
#endif
  chdr = mtod(outchain, struct sctp_chunkhdr *);
  chdr->chunk_type = SCTP_HEARTBEAT_ACK;
  chdr->chunk_flags = 0;
  if (chk_length % 4 != 0) {
    sctp_pad_lastmbuf(outchain, 4 - (chk_length % 4), NULL);
  }
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    /* no memory */
    sctp_m_freem(outchain);
    return;
  }
  chk->copy_by_ref = 0;
  chk->rec.chunk_id.id = SCTP_HEARTBEAT_ACK;
  chk->rec.chunk_id.can_take_data = 1;
  chk->flags = 0;
  chk->send_size = chk_length;
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  chk->asoc = &stcb->asoc;
  chk->data = outchain;
  chk->whoTo = net;
  atomic_add_int(&chk->whoTo->ref_count, 1);
  TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next);
  chk->asoc->ctrl_queue_cnt++;
}

void
sctp_send_cookie_ack(struct sctp_tcb *stcb)
{
  /* formulate and queue a cookie-ack back to sender */
  struct mbuf *cookie_ack;
  struct sctp_chunkhdr *hdr;
  struct sctp_tmit_chunk *chk;

  SCTP_TCB_LOCK_ASSERT(stcb);

  cookie_ack = sctp_get_mbuf_for_msg(sizeof(struct sctp_chunkhdr), 0, M_NOWAIT, 1, MT_HEADER);
  if (cookie_ack == NULL) {
    /* no mbuf's */
    return;
  }
  SCTP_BUF_RESV_UF(cookie_ack, SCTP_MIN_OVERHEAD);
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    /* no memory */
    sctp_m_freem(cookie_ack);
    return;
  }
  chk->copy_by_ref = 0;
  chk->rec.chunk_id.id = SCTP_COOKIE_ACK;
  chk->rec.chunk_id.can_take_data = 1;
  chk->flags = 0;
  chk->send_size = sizeof(struct sctp_chunkhdr);
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  chk->asoc = &stcb->asoc;
  chk->data = cookie_ack;
  if (chk->asoc->last_control_chunk_from != NULL) {
    chk->whoTo = chk->asoc->last_control_chunk_from;
    atomic_add_int(&chk->whoTo->ref_count, 1);
  } else {
    chk->whoTo = NULL;
  }
  hdr = mtod(cookie_ack, struct sctp_chunkhdr *);
  hdr->chunk_type = SCTP_COOKIE_ACK;
  hdr->chunk_flags = 0;
  hdr->chunk_length = htons(chk->send_size);
  SCTP_BUF_LEN(cookie_ack) = chk->send_size;
  TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next);
  chk->asoc->ctrl_queue_cnt++;
  return;
}

void
sctp_send_shutdown_ack(struct sctp_tcb *stcb, struct sctp_nets *net)
{
  /* formulate and queue a SHUTDOWN-ACK back to the sender */
  struct mbuf *m_shutdown_ack;
  struct sctp_shutdown_ack_chunk *ack_cp;
  struct sctp_tmit_chunk *chk;

  m_shutdown_ack = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_ack_chunk), 0, M_NOWAIT, 1, MT_HEADER);
  if (m_shutdown_ack == NULL) {
    /* no mbuf's */
    return;
  }
  SCTP_BUF_RESV_UF(m_shutdown_ack, SCTP_MIN_OVERHEAD);
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    /* no memory */
    sctp_m_freem(m_shutdown_ack);
    return;
  }
  chk->copy_by_ref = 0;
  chk->rec.chunk_id.id = SCTP_SHUTDOWN_ACK;
  chk->rec.chunk_id.can_take_data = 1;
  chk->flags = 0;
  chk->send_size = sizeof(struct sctp_chunkhdr);
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  chk->asoc = &stcb->asoc;
  chk->data = m_shutdown_ack;
  chk->whoTo = net;
  if (chk->whoTo) {
    atomic_add_int(&chk->whoTo->ref_count, 1);
  }
  ack_cp = mtod(m_shutdown_ack, struct sctp_shutdown_ack_chunk *);
  ack_cp->ch.chunk_type = SCTP_SHUTDOWN_ACK;
  ack_cp->ch.chunk_flags = 0;
  ack_cp->ch.chunk_length = htons(chk->send_size);
  SCTP_BUF_LEN(m_shutdown_ack) = chk->send_size;
  TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next);
  chk->asoc->ctrl_queue_cnt++;
  return;
}

void
sctp_send_shutdown(struct sctp_tcb *stcb, struct sctp_nets *net)
{
  /* formulate and queue a SHUTDOWN to the sender */
  struct mbuf *m_shutdown;
  struct sctp_shutdown_chunk *shutdown_cp;
  struct sctp_tmit_chunk *chk;

  TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
    if (chk->rec.chunk_id.id == SCTP_SHUTDOWN) {
      /* We already have a SHUTDOWN queued. Reuse it. */
      if (chk->whoTo) {
        sctp_free_remote_addr(chk->whoTo);
        chk->whoTo = NULL;
      }
      break;
    }
  }
  if (chk == NULL) {
    m_shutdown = sctp_get_mbuf_for_msg(sizeof(struct sctp_shutdown_chunk), 0, M_NOWAIT, 1, MT_HEADER);
    if (m_shutdown == NULL) {
      /* no mbuf's */
      return;
    }
    SCTP_BUF_RESV_UF(m_shutdown, SCTP_MIN_OVERHEAD);
    sctp_alloc_a_chunk(stcb, chk);
    if (chk == NULL) {
      /* no memory */
      sctp_m_freem(m_shutdown);
      return;
    }
    chk->copy_by_ref = 0;
    chk->rec.chunk_id.id = SCTP_SHUTDOWN;
    chk->rec.chunk_id.can_take_data = 1;
    chk->flags = 0;
    chk->send_size = sizeof(struct sctp_shutdown_chunk);
    chk->sent = SCTP_DATAGRAM_UNSENT;
    chk->snd_count = 0;
    chk->asoc = &stcb->asoc;
    chk->data = m_shutdown;
    chk->whoTo = net;
    if (chk->whoTo) {
      atomic_add_int(&chk->whoTo->ref_count, 1);
    }
    shutdown_cp = mtod(m_shutdown, struct sctp_shutdown_chunk *);
    shutdown_cp->ch.chunk_type = SCTP_SHUTDOWN;
    shutdown_cp->ch.chunk_flags = 0;
    shutdown_cp->ch.chunk_length = htons(chk->send_size);
    shutdown_cp->cumulative_tsn_ack = htonl(stcb->asoc.cumulative_tsn);
    SCTP_BUF_LEN(m_shutdown) = chk->send_size;
    TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next);
    chk->asoc->ctrl_queue_cnt++;
  } else {
    TAILQ_REMOVE(&stcb->asoc.control_send_queue, chk, sctp_next);
    chk->whoTo = net;
    if (chk->whoTo) {
      atomic_add_int(&chk->whoTo->ref_count, 1);
    }
    shutdown_cp = mtod(chk->data, struct sctp_shutdown_chunk *);
    shutdown_cp->cumulative_tsn_ack = htonl(stcb->asoc.cumulative_tsn);
    TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next);
  }
  return;
}

void
sctp_send_asconf(struct sctp_tcb *stcb, struct sctp_nets *net, int addr_locked)
{
  /*
   * formulate and queue an ASCONF to the peer.
   * ASCONF parameters should be queued on the assoc queue.
   */
  struct sctp_tmit_chunk *chk;
  struct mbuf *m_asconf;
  int len;

  SCTP_TCB_LOCK_ASSERT(stcb);

  if ((!TAILQ_EMPTY(&stcb->asoc.asconf_send_queue)) &&
      (!sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS))) {
    /* can't send a new one if there is one in flight already */
    return;
  }

  /* compose an ASCONF chunk, maximum length is PMTU */
  m_asconf = sctp_compose_asconf(stcb, &len, addr_locked);
  if (m_asconf == NULL) {
    return;
  }

  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    /* no memory */
    sctp_m_freem(m_asconf);
    return;
  }

  chk->copy_by_ref = 0;
  chk->rec.chunk_id.id = SCTP_ASCONF;
  chk->rec.chunk_id.can_take_data = 0;
  chk->flags = CHUNK_FLAGS_FRAGMENT_OK;
  chk->data = m_asconf;
  chk->send_size = len;
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  chk->asoc = &stcb->asoc;
  chk->whoTo = net;
  if (chk->whoTo) {
    atomic_add_int(&chk->whoTo->ref_count, 1);
  }
  TAILQ_INSERT_TAIL(&chk->asoc->asconf_send_queue, chk, sctp_next);
  chk->asoc->ctrl_queue_cnt++;
  return;
}

void
sctp_send_asconf_ack(struct sctp_tcb *stcb)
{
  /*
   * formulate and queue a asconf-ack back to sender.
   * the asconf-ack must be stored in the tcb.
   */
  struct sctp_tmit_chunk *chk;
  struct sctp_asconf_ack *ack, *latest_ack;
  struct mbuf *m_ack;
  struct sctp_nets *net = NULL;

  SCTP_TCB_LOCK_ASSERT(stcb);
  /* Get the latest ASCONF-ACK */
  latest_ack = TAILQ_LAST(&stcb->asoc.asconf_ack_sent, sctp_asconf_ackhead);
  if (latest_ack == NULL) {
    return;
  }
  if (latest_ack->last_sent_to != NULL &&
      latest_ack->last_sent_to == stcb->asoc.last_control_chunk_from) {
    /* we're doing a retransmission */
    net = sctp_find_alternate_net(stcb, stcb->asoc.last_control_chunk_from, 0);
    if (net == NULL) {
      /* no alternate */
      if (stcb->asoc.last_control_chunk_from == NULL) {
        if (stcb->asoc.alternate) {
          net = stcb->asoc.alternate;
        } else {
          net = stcb->asoc.primary_destination;
        }
      } else {
        net = stcb->asoc.last_control_chunk_from;
      }
    }
  } else {
    /* normal case */
    if (stcb->asoc.last_control_chunk_from == NULL) {
      if (stcb->asoc.alternate) {
        net = stcb->asoc.alternate;
      } else {
        net = stcb->asoc.primary_destination;
      }
    } else {
      net = stcb->asoc.last_control_chunk_from;
    }
  }
  latest_ack->last_sent_to = net;

  TAILQ_FOREACH(ack, &stcb->asoc.asconf_ack_sent, next) {
    if (ack->data == NULL) {
      continue;
    }

    /* copy the asconf_ack */
    m_ack = SCTP_M_COPYM(ack->data, 0, M_COPYALL, M_NOWAIT);
    if (m_ack == NULL) {
      /* couldn't copy it */
      return;
    }
#ifdef SCTP_MBUF_LOGGING
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
      sctp_log_mbc(m_ack, SCTP_MBUF_ICOPY);
    }
#endif

    sctp_alloc_a_chunk(stcb, chk);
    if (chk == NULL) {
      /* no memory */
      if (m_ack)
        sctp_m_freem(m_ack);
      return;
    }
    chk->copy_by_ref = 0;
    chk->rec.chunk_id.id = SCTP_ASCONF_ACK;
    chk->rec.chunk_id.can_take_data = 1;
    chk->flags = CHUNK_FLAGS_FRAGMENT_OK;
    chk->whoTo = net;
    if (chk->whoTo) {
      atomic_add_int(&chk->whoTo->ref_count, 1);
    }
    chk->data = m_ack;
    chk->send_size = ack->len;
    chk->sent = SCTP_DATAGRAM_UNSENT;
    chk->snd_count = 0;
    chk->asoc = &stcb->asoc;

    TAILQ_INSERT_TAIL(&chk->asoc->control_send_queue, chk, sctp_next);
    chk->asoc->ctrl_queue_cnt++;
  }
  return;
}

static int
sctp_chunk_retransmission(struct sctp_inpcb *inp,
    struct sctp_tcb *stcb,
    struct sctp_association *asoc,
    int *cnt_out, struct timeval *now, int *now_filled, int *fr_done, int so_locked)
{
  /*-
   * send out one MTU of retransmission. If fast_retransmit is
   * happening we ignore the cwnd. Otherwise we obey the cwnd and
   * rwnd. For a Cookie or Asconf in the control chunk queue we
   * retransmit them by themselves.
   *
   * For data chunks we will pick out the lowest TSN's in the sent_queue
   * marked for resend and bundle them all together (up to a MTU of
   * destination). The address to send to should have been
   * selected/changed where the retransmission was marked (i.e. in FR
   * or t3-timeout routines).
   */
  struct sctp_tmit_chunk *data_list[SCTP_MAX_DATA_BUNDLING];
  struct sctp_tmit_chunk *chk, *fwd;
  struct mbuf *m, *endofchain;
  struct sctp_nets *net = NULL;
  uint32_t tsns_sent = 0;
  int no_fragmentflg, bundle_at;
  unsigned int mtu;
  int error, i, one_chunk, fwd_tsn, ctl_cnt, tmr_started;
  struct sctp_auth_chunk *auth = NULL;
  uint32_t auth_offset = 0;
  uint16_t auth_keyid;
  int override_ok = 1;
  int data_auth_reqd = 0;
  uint32_t dmtu = 0;
  bool use_zero_crc;

#if defined(__APPLE__) && !defined(__Userspace__)
  if (so_locked) {
    sctp_lock_assert(SCTP_INP_SO(inp));
  } else {
    sctp_unlock_assert(SCTP_INP_SO(inp));
  }
#endif
  SCTP_TCB_LOCK_ASSERT(stcb);
  tmr_started = ctl_cnt = 0;
  no_fragmentflg = 1;
  fwd_tsn = 0;
  *cnt_out = 0;
  fwd = NULL;
  endofchain = m = NULL;
  auth_keyid = stcb->asoc.authinfo.active_keyid;
#ifdef SCTP_AUDITING_ENABLED
  sctp_audit_log(0xC3, 1);
#endif
  if ((TAILQ_EMPTY(&asoc->sent_queue)) &&
      (TAILQ_EMPTY(&asoc->control_send_queue))) {
    SCTPDBG(SCTP_DEBUG_OUTPUT1,"SCTP hits empty queue with cnt set to %d?\n",
      asoc->sent_queue_retran_cnt);
    asoc->sent_queue_cnt = 0;
    asoc->sent_queue_cnt_removeable = 0;
    /* send back 0/0 so we enter normal transmission */
    *cnt_out = 0;
    return (0);
  }
  TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
    if ((chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) ||
        (chk->rec.chunk_id.id == SCTP_STREAM_RESET) ||
        (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN)) {
      if (chk->sent != SCTP_DATAGRAM_RESEND) {
        continue;
      }
      if (chk->rec.chunk_id.id == SCTP_STREAM_RESET) {
        if (chk != asoc->str_reset) {
          /*
           * not eligible for retran if its
           * not ours
           */
          continue;
        }
      }
      ctl_cnt++;
      if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) {
        fwd_tsn = 1;
      }
      /*
       * Add an AUTH chunk, if chunk requires it save the
       * offset into the chain for AUTH
       */
      if ((auth == NULL) &&
          (sctp_auth_is_required_chunk(chk->rec.chunk_id.id,
               stcb->asoc.peer_auth_chunks))) {
        m = sctp_add_auth_chunk(m, &endofchain,
              &auth, &auth_offset,
              stcb,
              chk->rec.chunk_id.id);
        SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
      }
      m = sctp_copy_mbufchain(chk->data, m, &endofchain, 0, chk->send_size, chk->copy_by_ref);
      break;
    }
  }
  one_chunk = 0;
  /* do we have control chunks to retransmit? */
  if (m != NULL) {
    /* Start a timer no matter if we succeed or fail */
    switch (asoc->snd_edmid) {
    case SCTP_EDMID_LOWER_LAYER_DTLS:
      use_zero_crc = true;
      break;
    default:
      use_zero_crc = false;
      break;
    }
    if (chk->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
      sctp_timer_start(SCTP_TIMER_TYPE_COOKIE, inp, stcb, chk->whoTo);
      use_zero_crc = false;
    } else if (chk->rec.chunk_id.id == SCTP_ASCONF) {
      /* XXXMT: Can this happen? */
      sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, stcb, chk->whoTo);
      use_zero_crc = false;
    }
    chk->snd_count++; /* update our count */
    if ((error = sctp_lowlevel_chunk_output(inp, stcb, chk->whoTo,
                                            (struct sockaddr *)&chk->whoTo->ro._l_addr, m,
                                            auth_offset, auth, stcb->asoc.authinfo.active_keyid,
                                            no_fragmentflg, 0, 0,
                                            inp->sctp_lport, stcb->rport, htonl(stcb->asoc.peer_vtag),
                                            chk->whoTo->port, NULL,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                                            0, 0,
#endif
                                            use_zero_crc,
                                            so_locked))) {
      SCTPDBG(SCTP_DEBUG_OUTPUT3, "Gak send error %d\n", error);
      if (error == ENOBUFS) {
        asoc->ifp_had_enobuf = 1;
        SCTP_STAT_INCR(sctps_lowlevelerr);
      }
      return (error);
    } else {
      asoc->ifp_had_enobuf = 0;
    }
    endofchain = NULL;
    auth = NULL;
    auth_offset = 0;
    /*
     * We don't want to mark the net->sent time here since this
     * we use this for HB and retrans cannot measure RTT
     */
    /* (void)SCTP_GETTIME_TIMEVAL(&chk->whoTo->last_sent_time); */
    *cnt_out += 1;
    chk->sent = SCTP_DATAGRAM_SENT;
    sctp_ucount_decr(stcb->asoc.sent_queue_retran_cnt);
    if (fwd_tsn == 0) {
      return (0);
    } else {
      /* Clean up the fwd-tsn list */
      sctp_clean_up_ctl(stcb, asoc, so_locked);
      return (0);
    }
  }
  /*
   * Ok, it is just data retransmission we need to do or that and a
   * fwd-tsn with it all.
   */
  if (TAILQ_EMPTY(&asoc->sent_queue)) {
    return (SCTP_RETRAN_DONE);
  }
  if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) ||
      (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT)) {
    /* not yet open, resend the cookie and that is it */
    return (1);
  }
#ifdef SCTP_AUDITING_ENABLED
  sctp_auditing(20, inp, stcb, NULL);
#endif
  data_auth_reqd = sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks);
  TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
    if (chk->sent != SCTP_DATAGRAM_RESEND) {
      /* No, not sent to this net or not ready for rtx */
      continue;
    }
    if (chk->data == NULL) {
      SCTP_PRINTF("TSN:%x chk->snd_count:%d chk->sent:%d can't retran - no data\n",
                  chk->rec.data.tsn, chk->snd_count, chk->sent);
      continue;
    }
    if ((SCTP_BASE_SYSCTL(sctp_max_retran_chunk)) &&
        (chk->snd_count >= SCTP_BASE_SYSCTL(sctp_max_retran_chunk))) {
      struct mbuf *op_err;
      char msg[SCTP_DIAG_INFO_LEN];

      SCTP_SNPRINTF(msg, sizeof(msg), "TSN %8.8x retransmitted %d times, giving up",
                    chk->rec.data.tsn, chk->snd_count);
      op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
                                   msg);
      atomic_add_int(&stcb->asoc.refcnt, 1);
      sctp_abort_an_association(stcb->sctp_ep, stcb, op_err,
                                false, so_locked);
      SCTP_TCB_LOCK(stcb);
      atomic_subtract_int(&stcb->asoc.refcnt, 1);
      return (SCTP_RETRAN_EXIT);
    }
    /* pick up the net */
    net = chk->whoTo;
    switch (net->ro._l_addr.sa.sa_family) {
#ifdef INET
      case AF_INET:
        mtu = net->mtu - SCTP_MIN_V4_OVERHEAD;
        break;
#endif
#ifdef INET6
      case AF_INET6:
        mtu = net->mtu - SCTP_MIN_OVERHEAD;
        break;
#endif
#if defined(__Userspace__)
      case AF_CONN:
        mtu = net->mtu - sizeof(struct sctphdr);
        break;
#endif
      default:
        /* TSNH */
        mtu = net->mtu;
        break;
    }

    if ((asoc->peers_rwnd < mtu) && (asoc->total_flight > 0)) {
      /* No room in peers rwnd */
      uint32_t tsn;

      tsn = asoc->last_acked_seq + 1;
      if (tsn == chk->rec.data.tsn) {
        /*
         * we make a special exception for this
         * case. The peer has no rwnd but is missing
         * the lowest chunk.. which is probably what
         * is holding up the rwnd.
         */
        goto one_chunk_around;
      }
      return (1);
    }
  one_chunk_around:
    if (asoc->peers_rwnd < mtu) {
      one_chunk = 1;
      if ((asoc->peers_rwnd == 0) &&
          (asoc->total_flight == 0)) {
        chk->window_probe = 1;
        chk->whoTo->window_probe = 1;
      }
    }
#ifdef SCTP_AUDITING_ENABLED
    sctp_audit_log(0xC3, 2);
#endif
    bundle_at = 0;
    m = NULL;
    net->fast_retran_ip = 0;
    if (chk->rec.data.doing_fast_retransmit == 0) {
      /*
       * if no FR in progress skip destination that have
       * flight_size > cwnd.
       */
      if (net->flight_size >= net->cwnd) {
        continue;
      }
    } else {
      /*
       * Mark the destination net to have FR recovery
       * limits put on it.
       */
      *fr_done = 1;
      net->fast_retran_ip = 1;
    }

    /*
     * if no AUTH is yet included and this chunk requires it,
     * make sure to account for it.  We don't apply the size
     * until the AUTH chunk is actually added below in case
     * there is no room for this chunk.
     */
    if (data_auth_reqd && (auth == NULL)) {
      dmtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id);
    } else
      dmtu = 0;

    if ((chk->send_size <= (mtu - dmtu)) ||
        (chk->flags & CHUNK_FLAGS_FRAGMENT_OK)) {
      /* ok we will add this one */
      if (data_auth_reqd) {
        if (auth == NULL) {
          m = sctp_add_auth_chunk(m,
                &endofchain,
                &auth,
                &auth_offset,
                stcb,
                SCTP_DATA);
          auth_keyid = chk->auth_keyid;
          override_ok = 0;
          SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
        } else if (override_ok) {
          auth_keyid = chk->auth_keyid;
          override_ok = 0;
        } else if (chk->auth_keyid != auth_keyid) {
          /* different keyid, so done bundling */
          break;
        }
      }
      m = sctp_copy_mbufchain(chk->data, m, &endofchain, 0, chk->send_size, chk->copy_by_ref);
      if (m == NULL) {
        SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
        return (ENOMEM);
      }
      /* Do clear IP_DF ? */
      if (chk->flags & CHUNK_FLAGS_FRAGMENT_OK) {
        no_fragmentflg = 0;
      }
      /* update our MTU size */
      if (mtu > (chk->send_size + dmtu))
        mtu -= (chk->send_size + dmtu);
      else
        mtu = 0;
      data_list[bundle_at++] = chk;
      if (one_chunk && (asoc->total_flight <= 0)) {
        SCTP_STAT_INCR(sctps_windowprobed);
      }
    }
    if (one_chunk == 0) {
      /*
       * now are there anymore forward from chk to pick
       * up?
       */
      for (fwd = TAILQ_NEXT(chk, sctp_next); fwd != NULL; fwd = TAILQ_NEXT(fwd, sctp_next)) {
        if (fwd->sent != SCTP_DATAGRAM_RESEND) {
          /* Nope, not for retran */
          continue;
        }
        if (fwd->whoTo != net) {
          /* Nope, not the net in question */
          continue;
        }
        if (data_auth_reqd && (auth == NULL)) {
          dmtu = sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id);
        } else
          dmtu = 0;
        if (fwd->send_size <= (mtu - dmtu)) {
          if (data_auth_reqd) {
            if (auth == NULL) {
              m = sctp_add_auth_chunk(m,
                    &endofchain,
                    &auth,
                    &auth_offset,
                    stcb,
                    SCTP_DATA);
              auth_keyid = fwd->auth_keyid;
              override_ok = 0;
              SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
            } else if (override_ok) {
              auth_keyid = fwd->auth_keyid;
              override_ok = 0;
            } else if (fwd->auth_keyid != auth_keyid) {
              /* different keyid, so done bundling */
              break;
            }
          }
          m = sctp_copy_mbufchain(fwd->data, m, &endofchain, 0, fwd->send_size, fwd->copy_by_ref);
          if (m == NULL) {
            SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
            return (ENOMEM);
          }
          /* Do clear IP_DF ? */
          if (fwd->flags & CHUNK_FLAGS_FRAGMENT_OK) {
            no_fragmentflg = 0;
          }
          /* update our MTU size */
          if (mtu > (fwd->send_size + dmtu))
            mtu -= (fwd->send_size + dmtu);
          else
            mtu = 0;
          data_list[bundle_at++] = fwd;
          if (bundle_at >= SCTP_MAX_DATA_BUNDLING) {
            break;
          }
        } else {
          /* can't fit so we are done */
          break;
        }
      }
    }
    /* Is there something to send for this destination? */
    if (m) {
      /*
       * No matter if we fail/or succeed we should start a
       * timer. A failure is like a lost IP packet :-)
       */
      if (!SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
        /*
         * no timer running on this destination
         * restart it.
         */
        sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net);
        tmr_started = 1;
      }
      switch (asoc->snd_edmid) {
      case SCTP_EDMID_LOWER_LAYER_DTLS:
        use_zero_crc = true;
        break;
      default:
        use_zero_crc = false;
        break;
      }
      /* Now lets send it, if there is anything to send :> */
      if ((error = sctp_lowlevel_chunk_output(inp, stcb, net,
                                              (struct sockaddr *)&net->ro._l_addr, m,
                                              auth_offset, auth, auth_keyid,
                                              no_fragmentflg, 0, 0,
                                              inp->sctp_lport, stcb->rport, htonl(stcb->asoc.peer_vtag),
                                              net->port, NULL,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                                              0, 0,
#endif
                                              use_zero_crc,
                                              so_locked))) {
        /* error, we could not output */
        SCTPDBG(SCTP_DEBUG_OUTPUT3, "Gak send error %d\n", error);
        if (error == ENOBUFS) {
          asoc->ifp_had_enobuf = 1;
          SCTP_STAT_INCR(sctps_lowlevelerr);
        }
        return (error);
      } else {
        asoc->ifp_had_enobuf = 0;
      }
      endofchain = NULL;
      auth = NULL;
      auth_offset = 0;
      /* For HB's */
      /*
       * We don't want to mark the net->sent time here
       * since this we use this for HB and retrans cannot
       * measure RTT
       */
      /* (void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time); */

      /* For auto-close */
      if (*now_filled == 0) {
        (void)SCTP_GETTIME_TIMEVAL(&asoc->time_last_sent);
        *now = asoc->time_last_sent;
        *now_filled = 1;
      } else {
        asoc->time_last_sent = *now;
      }
      *cnt_out += bundle_at;
#ifdef SCTP_AUDITING_ENABLED
      sctp_audit_log(0xC4, bundle_at);
#endif
      if (bundle_at) {
        tsns_sent = data_list[0]->rec.data.tsn;
      }
      for (i = 0; i < bundle_at; i++) {
        SCTP_STAT_INCR(sctps_sendretransdata);
        data_list[i]->sent = SCTP_DATAGRAM_SENT;
        /*
         * When we have a revoked data, and we
         * retransmit it, then we clear the revoked
         * flag since this flag dictates if we
         * subtracted from the fs
         */
        if (data_list[i]->rec.data.chunk_was_revoked) {
          /* Deflate the cwnd */
          data_list[i]->whoTo->cwnd -= data_list[i]->book_size;
          data_list[i]->rec.data.chunk_was_revoked = 0;
        }
        data_list[i]->snd_count++;
        sctp_ucount_decr(asoc->sent_queue_retran_cnt);
        /* record the time */
        data_list[i]->sent_rcv_time = asoc->time_last_sent;
        if (data_list[i]->book_size_scale) {
          /*
           * need to double the book size on
           * this one
           */
          data_list[i]->book_size_scale = 0;
          /* Since we double the booksize, we must
           * also double the output queue size, since this
           * get shrunk when we free by this amount.
           */
          atomic_add_int(&((asoc)->total_output_queue_size), data_list[i]->book_size);
          data_list[i]->book_size *= 2;
        } else {
          if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_RWND_ENABLE) {
            sctp_log_rwnd(SCTP_DECREASE_PEER_RWND,
                  asoc->peers_rwnd, data_list[i]->send_size, SCTP_BASE_SYSCTL(sctp_peer_chunk_oh));
          }
          asoc->peers_rwnd = sctp_sbspace_sub(asoc->peers_rwnd,
                      (uint32_t) (data_list[i]->send_size +
                      SCTP_BASE_SYSCTL(sctp_peer_chunk_oh)));
        }
        if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
          sctp_misc_ints(SCTP_FLIGHT_LOG_UP_RSND,
                   data_list[i]->whoTo->flight_size,
                   data_list[i]->book_size,
                   (uint32_t)(uintptr_t)data_list[i]->whoTo,
                   data_list[i]->rec.data.tsn);
        }
        sctp_flight_size_increase(data_list[i]);
        sctp_total_flight_increase(stcb, data_list[i]);
        if (asoc->peers_rwnd < stcb->sctp_ep->sctp_ep.sctp_sws_sender) {
          /* SWS sender side engages */
          asoc->peers_rwnd = 0;
        }
        if ((i == 0) &&
            (data_list[i]->rec.data.doing_fast_retransmit)) {
          SCTP_STAT_INCR(sctps_sendfastretrans);
          if ((data_list[i] == TAILQ_FIRST(&asoc->sent_queue)) &&
              (tmr_started == 0)) {
            /*-
             * ok we just fast-retrans'd
             * the lowest TSN, i.e the
             * first on the list. In
             * this case we want to give
             * some more time to get a
             * SACK back without a
             * t3-expiring.
             */
            sctp_timer_stop(SCTP_TIMER_TYPE_SEND, inp, stcb, net,
                            SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_2);
            sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net);
          }
        }
      }
      if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
        sctp_log_cwnd(stcb, net, tsns_sent, SCTP_CWND_LOG_FROM_RESEND);
      }
#ifdef SCTP_AUDITING_ENABLED
      sctp_auditing(21, inp, stcb, NULL);
#endif
    } else {
      /* None will fit */
      return (1);
    }
    if (asoc->sent_queue_retran_cnt <= 0) {
      /* all done we have no more to retran */
      asoc->sent_queue_retran_cnt = 0;
      break;
    }
    if (one_chunk) {
      /* No more room in rwnd */
      return (1);
    }
    /* stop the for loop here. we sent out a packet */
    break;
  }
  return (0);
}

static void
sctp_timer_validation(struct sctp_inpcb *inp,
    struct sctp_tcb *stcb,
    struct sctp_association *asoc)
{
  struct sctp_nets *net;

  /* Validate that a timer is running somewhere */
  TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
    if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
      /* Here is a timer */
      return;
    }
  }
  SCTP_TCB_LOCK_ASSERT(stcb);
  /* Gak, we did not have a timer somewhere */
  SCTPDBG(SCTP_DEBUG_OUTPUT3, "Deadlock avoided starting timer on a dest at retran\n");
  if (asoc->alternate) {
    sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, asoc->alternate);
  } else {
    sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, asoc->primary_destination);
  }
  return;
}

void
sctp_chunk_output(struct sctp_inpcb *inp,
    struct sctp_tcb *stcb,
    int from_where,
    int so_locked)
{
  /*-
   * Ok this is the generic chunk service queue. we must do the
   * following:
   * - See if there are retransmits pending, if so we must
   *   do these first.
   * - Service the stream queue that is next, moving any
   *   message (note I must get a complete message i.e.
   *   FIRST/MIDDLE and LAST to the out queue in one pass) and assigning
   *   TSN's
   * - Check to see if the cwnd/rwnd allows any output, if so we
   *   go ahead and formulate and send the low level chunks. Making sure
   *   to combine any control in the control chunk queue also.
   */
  struct sctp_association *asoc;
  struct sctp_nets *net;
  int error = 0, num_out, tot_out = 0, ret = 0, reason_code;
  unsigned int burst_cnt = 0;
  struct timeval now;
  int now_filled = 0;
  int nagle_on;
  uint32_t frag_point = sctp_get_frag_point(stcb);
  int un_sent = 0;
  int fr_done;
  unsigned int tot_frs = 0;

#if defined(__APPLE__) && !defined(__Userspace__)
  if (so_locked) {
    sctp_lock_assert(SCTP_INP_SO(inp));
  } else {
    sctp_unlock_assert(SCTP_INP_SO(inp));
  }
#endif
  asoc = &stcb->asoc;
do_it_again:
  /* The Nagle algorithm is only applied when handling a send call. */
  if (from_where == SCTP_OUTPUT_FROM_USR_SEND) {
    if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NODELAY)) {
      nagle_on = 0;
    } else {
      nagle_on = 1;
    }
  } else {
    nagle_on = 0;
  }
  SCTP_TCB_LOCK_ASSERT(stcb);

  un_sent = (stcb->asoc.total_output_queue_size - stcb->asoc.total_flight);

  if ((un_sent <= 0) &&
      (TAILQ_EMPTY(&asoc->control_send_queue)) &&
      (TAILQ_EMPTY(&asoc->asconf_send_queue)) &&
      (asoc->sent_queue_retran_cnt == 0) &&
      (asoc->trigger_reset == 0)) {
    /* Nothing to do unless there is something to be sent left */
    return;
  }
  /* Do we have something to send, data or control AND
   * a sack timer running, if so piggy-back the sack.
   */
  if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) {
    sctp_send_sack(stcb, so_locked);
    sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL,
                    SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_3);
  }
  while (asoc->sent_queue_retran_cnt) {
    /*-
     * Ok, it is retransmission time only, we send out only ONE
     * packet with a single call off to the retran code.
     */
    if (from_where == SCTP_OUTPUT_FROM_COOKIE_ACK) {
      /*-
       * Special hook for handling cookies discarded
       * by peer that carried data. Send cookie-ack only
       * and then the next call with get the retran's.
       */
      (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1,
                                  from_where,
                                  &now, &now_filled, frag_point, so_locked);
      return;
    } else if (from_where != SCTP_OUTPUT_FROM_HB_TMR) {
      /* if its not from a HB then do it */
      fr_done = 0;
      ret = sctp_chunk_retransmission(inp, stcb, asoc, &num_out, &now, &now_filled, &fr_done, so_locked);
      if (fr_done) {
        tot_frs++;
      }
    } else {
      /*
       * its from any other place, we don't allow retran
       * output (only control)
       */
      ret = 1;
    }
    if (ret > 0) {
      /* Can't send anymore */
      /*-
       * now lets push out control by calling med-level
       * output once. this assures that we WILL send HB's
       * if queued too.
       */
      (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1,
                                  from_where,
                                  &now, &now_filled, frag_point, so_locked);
#ifdef SCTP_AUDITING_ENABLED
      sctp_auditing(8, inp, stcb, NULL);
#endif
      sctp_timer_validation(inp, stcb, asoc);
      return;
    }
    if (ret < 0) {
      /*-
       * The count was off.. retran is not happening so do
       * the normal retransmission.
       */
#ifdef SCTP_AUDITING_ENABLED
      sctp_auditing(9, inp, stcb, NULL);
#endif
      if (ret == SCTP_RETRAN_EXIT) {
        return;
      }
      break;
    }
    if (from_where == SCTP_OUTPUT_FROM_T3) {
      /* Only one transmission allowed out of a timeout */
#ifdef SCTP_AUDITING_ENABLED
      sctp_auditing(10, inp, stcb, NULL);
#endif
      /* Push out any control */
      (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out, &reason_code, 1, from_where,
                                  &now, &now_filled, frag_point, so_locked);
      return;
    }
    if ((asoc->fr_max_burst > 0) && (tot_frs >= asoc->fr_max_burst)) {
      /* Hit FR burst limit */
      return;
    }
    if ((num_out == 0) && (ret == 0)) {
      /* No more retrans to send */
      break;
    }
  }
#ifdef SCTP_AUDITING_ENABLED
  sctp_auditing(12, inp, stcb, NULL);
#endif
  /* Check for bad destinations, if they exist move chunks around. */
  TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
    if ((net->dest_state & SCTP_ADDR_REACHABLE) == 0) {
      /*-
       * if possible move things off of this address we
       * still may send below due to the dormant state but
       * we try to find an alternate address to send to
       * and if we have one we move all queued data on the
       * out wheel to this alternate address.
       */
      if (net->ref_count > 1)
        sctp_move_chunks_from_net(stcb, net);
    } else {
      /*-
       * if ((asoc->sat_network) || (net->addr_is_local))
       * { burst_limit = asoc->max_burst *
       * SCTP_SAT_NETWORK_BURST_INCR; }
       */
      if (asoc->max_burst > 0) {
        if (SCTP_BASE_SYSCTL(sctp_use_cwnd_based_maxburst)) {
          if ((net->flight_size + (asoc->max_burst * net->mtu)) < net->cwnd) {
            /* JRS - Use the congestion control given in the congestion control module */
            asoc->cc_functions.sctp_cwnd_update_after_output(stcb, net, asoc->max_burst);
            if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) {
              sctp_log_maxburst(stcb, net, 0, asoc->max_burst, SCTP_MAX_BURST_APPLIED);
            }
            SCTP_STAT_INCR(sctps_maxburstqueued);
          }
          net->fast_retran_ip = 0;
        } else {
          if (net->flight_size == 0) {
            /* Should be decaying the cwnd here */
            ;
          }
        }
      }
    }
  }
  burst_cnt = 0;
  do {
    error = sctp_med_chunk_output(inp, stcb, asoc, &num_out,
                                  &reason_code, 0, from_where,
                                  &now, &now_filled, frag_point, so_locked);
    if (error) {
      SCTPDBG(SCTP_DEBUG_OUTPUT1, "Error %d was returned from med-c-op\n", error);
      if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) {
        sctp_log_maxburst(stcb, asoc->primary_destination, error, burst_cnt, SCTP_MAX_BURST_ERROR_STOP);
      }
      if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
        sctp_log_cwnd(stcb, NULL, error, SCTP_SEND_NOW_COMPLETES);
        sctp_log_cwnd(stcb, NULL, 0xdeadbeef, SCTP_SEND_NOW_COMPLETES);
      }
      break;
    }
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "m-c-o put out %d\n", num_out);

    tot_out += num_out;
    burst_cnt++;
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
      sctp_log_cwnd(stcb, NULL, num_out, SCTP_SEND_NOW_COMPLETES);
      if (num_out == 0) {
        sctp_log_cwnd(stcb, NULL, reason_code, SCTP_SEND_NOW_COMPLETES);
      }
    }
    if (nagle_on) {
      /*
       * When the Nagle algorithm is used, look at how much
       * is unsent, then if its smaller than an MTU and we
       * have data in flight we stop, except if we are
       * handling a fragmented user message.
       */
      un_sent = stcb->asoc.total_output_queue_size - stcb->asoc.total_flight;
      if ((un_sent < (int)(stcb->asoc.smallest_mtu - SCTP_MIN_OVERHEAD)) &&
          (stcb->asoc.total_flight > 0)) {
/*  &&         sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR))) {*/
        break;
      }
    }
    if (TAILQ_EMPTY(&asoc->control_send_queue) &&
        TAILQ_EMPTY(&asoc->send_queue) &&
        sctp_is_there_unsent_data(stcb, so_locked) == 0) {
      /* Nothing left to send */
      break;
    }
    if ((stcb->asoc.total_output_queue_size - stcb->asoc.total_flight) <= 0) {
      /* Nothing left to send */
      break;
    }
  } while (num_out &&
           ((asoc->max_burst == 0) ||
      SCTP_BASE_SYSCTL(sctp_use_cwnd_based_maxburst) ||
      (burst_cnt < asoc->max_burst)));

  if (SCTP_BASE_SYSCTL(sctp_use_cwnd_based_maxburst) == 0) {
    if ((asoc->max_burst > 0) && (burst_cnt >= asoc->max_burst)) {
      SCTP_STAT_INCR(sctps_maxburstqueued);
      asoc->burst_limit_applied = 1;
      if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_MAXBURST_ENABLE) {
        sctp_log_maxburst(stcb, asoc->primary_destination, 0, burst_cnt, SCTP_MAX_BURST_APPLIED);
      }
    } else {
      asoc->burst_limit_applied = 0;
    }
  }
  if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
    sctp_log_cwnd(stcb, NULL, tot_out, SCTP_SEND_NOW_COMPLETES);
  }
  SCTPDBG(SCTP_DEBUG_OUTPUT1, "Ok, we have put out %d chunks\n",
    tot_out);

  /*-
   * Now we need to clean up the control chunk chain if a ECNE is on
   * it. It must be marked as UNSENT again so next call will continue
   * to send it until such time that we get a CWR, to remove it.
   */
  if (stcb->asoc.ecn_echo_cnt_onq)
    sctp_fix_ecn_echo(asoc);

  if (stcb->asoc.trigger_reset) {
    if (sctp_send_stream_reset_out_if_possible(stcb, so_locked) == 0) {
      goto do_it_again;
    }
  }
  return;
}

int
sctp_output(
  struct sctp_inpcb *inp,
  struct mbuf *m,
  struct sockaddr *addr,
  struct mbuf *control,
#if defined(__FreeBSD__) && !defined(__Userspace__)
  struct thread *p,
#elif defined(_WIN32) && !defined(__Userspace__)
  PKTHREAD p,
#else
#if defined(__APPLE__) && !defined(__Userspace__)
  struct proc *p SCTP_UNUSED,
#else
  struct proc *p,
#endif
#endif
  int flags)
{
  if (inp == NULL) {
    SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
    return (EINVAL);
  }

  if (inp->sctp_socket == NULL) {
    SCTP_LTRACE_ERR_RET_PKT(m, inp, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
    return (EINVAL);
  }
  return (sctp_sosend(inp->sctp_socket,
          addr,
          (struct uio *)NULL,
          m,
          control,
#if defined(__APPLE__) && !defined(__Userspace__)
          flags
#else
          flags, p
#endif
      ));
}

void
send_forward_tsn(struct sctp_tcb *stcb,
     struct sctp_association *asoc)
{
  struct sctp_tmit_chunk *chk, *at, *tp1, *last;
  struct sctp_forward_tsn_chunk *fwdtsn;
  struct sctp_strseq *strseq;
  struct sctp_strseq_mid *strseq_m;
  uint32_t advance_peer_ack_point;
  unsigned int cnt_of_space, i, ovh;
  unsigned int space_needed;
  unsigned int cnt_of_skipped = 0;

  SCTP_TCB_LOCK_ASSERT(stcb);
  TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
    if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) {
      /* mark it to unsent */
      chk->sent = SCTP_DATAGRAM_UNSENT;
      chk->snd_count = 0;
      /* Do we correct its output location? */
      if (chk->whoTo) {
        sctp_free_remote_addr(chk->whoTo);
        chk->whoTo = NULL;
      }
      goto sctp_fill_in_rest;
    }
  }
  /* Ok if we reach here we must build one */
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    return;
  }
  asoc->fwd_tsn_cnt++;
  chk->copy_by_ref = 0;
  /*
   * We don't do the old thing here since
   * this is used not for on-wire but to
   * tell if we are sending a fwd-tsn by
   * the stack during output. And if its
   * a IFORWARD or a FORWARD it is a fwd-tsn.
   */
  chk->rec.chunk_id.id = SCTP_FORWARD_CUM_TSN;
  chk->rec.chunk_id.can_take_data = 0;
  chk->flags = 0;
  chk->asoc = asoc;
  chk->whoTo = NULL;
  chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA);
  if (chk->data == NULL) {
    sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
    return;
  }
  SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  TAILQ_INSERT_TAIL(&asoc->control_send_queue, chk, sctp_next);
  asoc->ctrl_queue_cnt++;
sctp_fill_in_rest:
  /*-
   * Here we go through and fill out the part that deals with
   * stream/seq of the ones we skip.
   */
  SCTP_BUF_LEN(chk->data) = 0;
  TAILQ_FOREACH(at, &asoc->sent_queue, sctp_next) {
    if ((at->sent != SCTP_FORWARD_TSN_SKIP) &&
        (at->sent != SCTP_DATAGRAM_NR_ACKED)) {
      /* no more to look at */
      break;
    }
    if (!asoc->idata_supported && (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED)) {
      /* We don't report these */
      continue;
    }
    cnt_of_skipped++;
  }
  if (asoc->idata_supported) {
    space_needed = (sizeof(struct sctp_forward_tsn_chunk) +
                    (cnt_of_skipped * sizeof(struct sctp_strseq_mid)));
  } else {
    space_needed = (sizeof(struct sctp_forward_tsn_chunk) +
                    (cnt_of_skipped * sizeof(struct sctp_strseq)));
  }
  cnt_of_space = (unsigned int)M_TRAILINGSPACE(chk->data);

  if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
    ovh = SCTP_MIN_OVERHEAD;
  } else {
    ovh = SCTP_MIN_V4_OVERHEAD;
  }
  if (cnt_of_space > (asoc->smallest_mtu - ovh)) {
    /* trim to a mtu size */
    cnt_of_space = asoc->smallest_mtu - ovh;
  }
  if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
    sctp_misc_ints(SCTP_FWD_TSN_CHECK,
             0xff, 0, cnt_of_skipped,
             asoc->advanced_peer_ack_point);
  }
  advance_peer_ack_point = asoc->advanced_peer_ack_point;
  if (cnt_of_space < space_needed) {
    /*-
     * ok we must trim down the chunk by lowering the
     * advance peer ack point.
     */
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
      sctp_misc_ints(SCTP_FWD_TSN_CHECK,
               0xff, 0xff, cnt_of_space,
               space_needed);
    }
    cnt_of_skipped = cnt_of_space - sizeof(struct sctp_forward_tsn_chunk);
    if (asoc->idata_supported) {
      cnt_of_skipped /= sizeof(struct sctp_strseq_mid);
    } else {
      cnt_of_skipped /= sizeof(struct sctp_strseq);
    }
    /*-
     * Go through and find the TSN that will be the one
     * we report.
     */
    at = TAILQ_FIRST(&asoc->sent_queue);
    if (at != NULL) {
      for (i = 0; i < cnt_of_skipped; i++) {
        tp1 = TAILQ_NEXT(at, sctp_next);
        if (tp1 == NULL) {
          break;
        }
        at = tp1;
      }
    }
    if (at && SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_TRY_ADVANCE) {
      sctp_misc_ints(SCTP_FWD_TSN_CHECK,
               0xff, cnt_of_skipped, at->rec.data.tsn,
               asoc->advanced_peer_ack_point);
    }
    last = at;
    /*-
     * last now points to last one I can report, update
     * peer ack point
     */
    if (last) {
      advance_peer_ack_point = last->rec.data.tsn;
    }
    if (asoc->idata_supported) {
      space_needed = sizeof(struct sctp_forward_tsn_chunk) +
                     cnt_of_skipped * sizeof(struct sctp_strseq_mid);
    } else {
      space_needed = sizeof(struct sctp_forward_tsn_chunk) +
                     cnt_of_skipped * sizeof(struct sctp_strseq);
    }
  }
  chk->send_size = space_needed;
  /* Setup the chunk */
  fwdtsn = mtod(chk->data, struct sctp_forward_tsn_chunk *);
  fwdtsn->ch.chunk_length = htons(chk->send_size);
  fwdtsn->ch.chunk_flags = 0;
  if (asoc->idata_supported) {
    fwdtsn->ch.chunk_type = SCTP_IFORWARD_CUM_TSN;
  } else {
    fwdtsn->ch.chunk_type = SCTP_FORWARD_CUM_TSN;
  }
  fwdtsn->new_cumulative_tsn = htonl(advance_peer_ack_point);
  SCTP_BUF_LEN(chk->data) = chk->send_size;
  fwdtsn++;
  /*-
   * Move pointer to after the fwdtsn and transfer to the
   * strseq pointer.
   */
  if (asoc->idata_supported) {
    strseq_m = (struct sctp_strseq_mid *)fwdtsn;
    strseq = NULL;
  } else {
    strseq = (struct sctp_strseq *)fwdtsn;
    strseq_m = NULL;
  }
  /*-
   * Now populate the strseq list. This is done blindly
   * without pulling out duplicate stream info. This is
   * inefficient but won't harm the process since the peer will
   * look at these in sequence and will thus release anything.
   * It could mean we exceed the PMTU and chop off some that
   * we could have included.. but this is unlikely (aka 1432/4
   * would mean 300+ stream seq's would have to be reported in
   * one FWD-TSN. With a bit of work we can later FIX this to
   * optimize and pull out duplicates.. but it does add more
   * overhead. So for now... not!
   */
  i = 0;
  TAILQ_FOREACH(at, &asoc->sent_queue, sctp_next) {
    if (i >= cnt_of_skipped) {
      break;
    }
    if (!asoc->idata_supported && (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED)) {
      /* We don't report these */
      continue;
    }
    if (at->rec.data.tsn == advance_peer_ack_point) {
      at->rec.data.fwd_tsn_cnt = 0;
    }
    if (asoc->idata_supported) {
      strseq_m->sid = htons(at->rec.data.sid);
      if (at->rec.data.rcv_flags & SCTP_DATA_UNORDERED) {
        strseq_m->flags = htons(PR_SCTP_UNORDERED_FLAG);
      } else {
        strseq_m->flags = 0;
      }
      strseq_m->mid = htonl(at->rec.data.mid);
      strseq_m++;
    } else {
      strseq->sid = htons(at->rec.data.sid);
      strseq->ssn = htons((uint16_t)at->rec.data.mid);
      strseq++;
    }
    i++;
  }
  return;
}

void
sctp_send_sack(struct sctp_tcb *stcb, int so_locked)
{
  /*-
   * Queue up a SACK or NR-SACK in the control queue.
   * We must first check to see if a SACK or NR-SACK is
   * somehow on the control queue.
   * If so, we will take and and remove the old one.
   */
  struct sctp_association *asoc;
  struct sctp_tmit_chunk *chk, *a_chk;
  struct sctp_sack_chunk *sack;
  struct sctp_nr_sack_chunk *nr_sack;
  struct sctp_gap_ack_block *gap_descriptor;
  const struct sack_track *selector;
  int mergeable = 0;
  int offset;
  caddr_t limit;
  uint32_t *dup;
  int limit_reached = 0;
  unsigned int i, siz, j;
  unsigned int num_gap_blocks = 0, num_nr_gap_blocks = 0, space;
  int num_dups = 0;
  int space_req;
  uint32_t highest_tsn;
  uint8_t flags;
  uint8_t type;
  uint8_t tsn_map;

  if (stcb->asoc.nrsack_supported == 1) {
    type = SCTP_NR_SELECTIVE_ACK;
  } else {
    type = SCTP_SELECTIVE_ACK;
  }
  a_chk = NULL;
  asoc = &stcb->asoc;
  SCTP_TCB_LOCK_ASSERT(stcb);
  if (asoc->last_data_chunk_from == NULL) {
    /* Hmm we never received anything */
    return;
  }
  sctp_slide_mapping_arrays(stcb);
  sctp_set_rwnd(stcb, asoc);
  TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
    if (chk->rec.chunk_id.id == type) {
      /* Hmm, found a sack already on queue, remove it */
      TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
      asoc->ctrl_queue_cnt--;
      a_chk = chk;
      if (a_chk->data) {
        sctp_m_freem(a_chk->data);
        a_chk->data = NULL;
      }
      if (a_chk->whoTo) {
        sctp_free_remote_addr(a_chk->whoTo);
        a_chk->whoTo = NULL;
      }
      break;
    }
  }
  if (a_chk == NULL) {
    sctp_alloc_a_chunk(stcb, a_chk);
    if (a_chk == NULL) {
      /* No memory so we drop the idea, and set a timer */
      if (stcb->asoc.delayed_ack) {
        sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
                        stcb->sctp_ep, stcb, NULL,
                        SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_4);
        sctp_timer_start(SCTP_TIMER_TYPE_RECV,
            stcb->sctp_ep, stcb, NULL);
      } else {
        stcb->asoc.send_sack = 1;
      }
      return;
    }
    a_chk->copy_by_ref = 0;
    a_chk->rec.chunk_id.id = type;
    a_chk->rec.chunk_id.can_take_data = 1;
  }
  /* Clear our pkt counts */
  asoc->data_pkts_seen = 0;

  a_chk->flags = 0;
  a_chk->asoc = asoc;
  a_chk->snd_count = 0;
  a_chk->send_size = 0; /* fill in later */
  a_chk->sent = SCTP_DATAGRAM_UNSENT;
  a_chk->whoTo = NULL;

  if ((asoc->last_data_chunk_from->dest_state & SCTP_ADDR_REACHABLE) == 0) {
    /*-
     * Ok, the destination for the SACK is unreachable, lets see if
     * we can select an alternate to asoc->last_data_chunk_from
     */
    a_chk->whoTo = sctp_find_alternate_net(stcb, asoc->last_data_chunk_from, 0);
    if (a_chk->whoTo == NULL) {
      /* Nope, no alternate */
      a_chk->whoTo = asoc->last_data_chunk_from;
    }
  } else {
    a_chk->whoTo = asoc->last_data_chunk_from;
  }
  if (a_chk->whoTo) {
    atomic_add_int(&a_chk->whoTo->ref_count, 1);
  }
  if (SCTP_TSN_GT(asoc->highest_tsn_inside_map, asoc->highest_tsn_inside_nr_map)) {
    highest_tsn = asoc->highest_tsn_inside_map;
  } else {
    highest_tsn = asoc->highest_tsn_inside_nr_map;
  }
  if (highest_tsn == asoc->cumulative_tsn) {
    /* no gaps */
    if (type == SCTP_SELECTIVE_ACK) {
      space_req = sizeof(struct sctp_sack_chunk);
    } else {
      space_req = sizeof(struct sctp_nr_sack_chunk);
    }
  } else {
    /* gaps get a cluster */
    space_req = MCLBYTES;
  }
  /* Ok now lets formulate a MBUF with our sack */
  a_chk->data = sctp_get_mbuf_for_msg(space_req, 0, M_NOWAIT, 1, MT_DATA);
  if ((a_chk->data == NULL) ||
      (a_chk->whoTo == NULL)) {
    /* rats, no mbuf memory */
    if (a_chk->data) {
      /* was a problem with the destination */
      sctp_m_freem(a_chk->data);
      a_chk->data = NULL;
    }
    sctp_free_a_chunk(stcb, a_chk, so_locked);
    /* sa_ignore NO_NULL_CHK */
    if (stcb->asoc.delayed_ack) {
      sctp_timer_stop(SCTP_TIMER_TYPE_RECV,
                      stcb->sctp_ep, stcb, NULL,
                      SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_5);
      sctp_timer_start(SCTP_TIMER_TYPE_RECV,
          stcb->sctp_ep, stcb, NULL);
    } else {
      stcb->asoc.send_sack = 1;
    }
    return;
  }
  /* ok, lets go through and fill it in */
  SCTP_BUF_RESV_UF(a_chk->data, SCTP_MIN_OVERHEAD);
  space = (unsigned int)M_TRAILINGSPACE(a_chk->data);
  if (space > (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD)) {
    space = (a_chk->whoTo->mtu - SCTP_MIN_OVERHEAD);
  }
  limit = mtod(a_chk->data, caddr_t);
  limit += space;

  flags = 0;

  if ((asoc->sctp_cmt_on_off > 0) &&
      SCTP_BASE_SYSCTL(sctp_cmt_use_dac)) {
    /*-
     * CMT DAC algorithm: If 2 (i.e., 0x10) packets have been
     * received, then set high bit to 1, else 0. Reset
     * pkts_rcvd.
     */
    flags |= (asoc->cmt_dac_pkts_rcvd << 6);
    asoc->cmt_dac_pkts_rcvd = 0;
  }
#ifdef SCTP_ASOCLOG_OF_TSNS
  stcb->asoc.cumack_logsnt[stcb->asoc.cumack_log_atsnt] = asoc->cumulative_tsn;
  stcb->asoc.cumack_log_atsnt++;
  if (stcb->asoc.cumack_log_atsnt >= SCTP_TSN_LOG_SIZE) {
    stcb->asoc.cumack_log_atsnt = 0;
  }
#endif
  /* reset the readers interpretation */
  stcb->freed_by_sorcv_sincelast = 0;

  if (type == SCTP_SELECTIVE_ACK) {
    sack = mtod(a_chk->data, struct sctp_sack_chunk *);
    nr_sack = NULL;
    gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)sack + sizeof(struct sctp_sack_chunk));
    if (highest_tsn > asoc->mapping_array_base_tsn) {
      siz = (((highest_tsn - asoc->mapping_array_base_tsn) + 1) + 7) / 8;
    } else {
      siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + highest_tsn + 7) / 8;
    }
  } else {
    sack = NULL;
    nr_sack = mtod(a_chk->data, struct sctp_nr_sack_chunk *);
    gap_descriptor = (struct sctp_gap_ack_block *)((caddr_t)nr_sack + sizeof(struct sctp_nr_sack_chunk));
    if (asoc->highest_tsn_inside_map > asoc->mapping_array_base_tsn) {
      siz = (((asoc->highest_tsn_inside_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8;
    } else {
      siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_map + 7) / 8;
    }
  }

  if (SCTP_TSN_GT(asoc->mapping_array_base_tsn, asoc->cumulative_tsn)) {
    offset = 1;
  } else {
    offset = asoc->mapping_array_base_tsn - asoc->cumulative_tsn;
  }
  if (((type == SCTP_SELECTIVE_ACK) &&
       SCTP_TSN_GT(highest_tsn, asoc->cumulative_tsn)) ||
      ((type == SCTP_NR_SELECTIVE_ACK) &&
       SCTP_TSN_GT(asoc->highest_tsn_inside_map, asoc->cumulative_tsn))) {
    /* we have a gap .. maybe */
    for (i = 0; i < siz; i++) {
      tsn_map = asoc->mapping_array[i];
      if (type == SCTP_SELECTIVE_ACK) {
        tsn_map |= asoc->nr_mapping_array[i];
      }
      if (i == 0) {
        /*
         * Clear all bits corresponding to TSNs
         * smaller or equal to the cumulative TSN.
         */
        tsn_map &= (~0U << (1 - offset));
      }
      selector = &sack_array[tsn_map];
      if (mergeable && selector->right_edge) {
        /*
         * Backup, left and right edges were ok to
         * merge.
         */
        num_gap_blocks--;
        gap_descriptor--;
      }
      if (selector->num_entries == 0)
        mergeable = 0;
      else {
        for (j = 0; j < selector->num_entries; j++) {
          if (mergeable && selector->right_edge) {
            /*
             * do a merge by NOT setting
             * the left side
             */
            mergeable = 0;
          } else {
            /*
             * no merge, set the left
             * side
             */
            mergeable = 0;
            gap_descriptor->start = htons((selector->gaps[j].start + offset));
          }
          gap_descriptor->end = htons((selector->gaps[j].end + offset));
          num_gap_blocks++;
          gap_descriptor++;
          if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) {
            /* no more room */
            limit_reached = 1;
            break;
          }
        }
        if (selector->left_edge) {
          mergeable = 1;
        }
      }
      if (limit_reached) {
        /* Reached the limit stop */
        break;
      }
      offset += 8;
    }
  }
  if ((type == SCTP_NR_SELECTIVE_ACK) &&
      (limit_reached == 0)) {
    mergeable = 0;

    if (asoc->highest_tsn_inside_nr_map > asoc->mapping_array_base_tsn) {
      siz = (((asoc->highest_tsn_inside_nr_map - asoc->mapping_array_base_tsn) + 1) + 7) / 8;
    } else {
      siz = (((MAX_TSN - asoc->mapping_array_base_tsn) + 1) + asoc->highest_tsn_inside_nr_map + 7) / 8;
    }

    if (SCTP_TSN_GT(asoc->mapping_array_base_tsn, asoc->cumulative_tsn)) {
      offset = 1;
    } else {
      offset = asoc->mapping_array_base_tsn - asoc->cumulative_tsn;
    }
    if (SCTP_TSN_GT(asoc->highest_tsn_inside_nr_map, asoc->cumulative_tsn)) {
      /* we have a gap .. maybe */
      for (i = 0; i < siz; i++) {
        tsn_map = asoc->nr_mapping_array[i];
        if (i == 0) {
          /*
           * Clear all bits corresponding to TSNs
           * smaller or equal to the cumulative TSN.
           */
          tsn_map &= (~0U << (1 - offset));
        }
        selector = &sack_array[tsn_map];
        if (mergeable && selector->right_edge) {
          /*
          * Backup, left and right edges were ok to
          * merge.
          */
          num_nr_gap_blocks--;
          gap_descriptor--;
        }
        if (selector->num_entries == 0)
          mergeable = 0;
        else {
          for (j = 0; j < selector->num_entries; j++) {
            if (mergeable && selector->right_edge) {
              /*
              * do a merge by NOT setting
              * the left side
              */
              mergeable = 0;
            } else {
              /*
              * no merge, set the left
              * side
              */
              mergeable = 0;
              gap_descriptor->start = htons((selector->gaps[j].start + offset));
            }
            gap_descriptor->end = htons((selector->gaps[j].end + offset));
            num_nr_gap_blocks++;
            gap_descriptor++;
            if (((caddr_t)gap_descriptor + sizeof(struct sctp_gap_ack_block)) > limit) {
              /* no more room */
              limit_reached = 1;
              break;
            }
          }
          if (selector->left_edge) {
            mergeable = 1;
          }
        }
        if (limit_reached) {
          /* Reached the limit stop */
          break;
        }
        offset += 8;
      }
    }
  }
  /* now we must add any dups we are going to report. */
  if ((limit_reached == 0) && (asoc->numduptsns)) {
    dup = (uint32_t *) gap_descriptor;
    for (i = 0; i < asoc->numduptsns; i++) {
      *dup = htonl(asoc->dup_tsns[i]);
      dup++;
      num_dups++;
      if (((caddr_t)dup + sizeof(uint32_t)) > limit) {
        /* no more room */
        break;
      }
    }
    asoc->numduptsns = 0;
  }
  /*
   * now that the chunk is prepared queue it to the control chunk
   * queue.
   */
  if (type == SCTP_SELECTIVE_ACK) {
    a_chk->send_size = (uint16_t)(sizeof(struct sctp_sack_chunk) +
                                  (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) +
                                  num_dups * sizeof(int32_t));
    SCTP_BUF_LEN(a_chk->data) = a_chk->send_size;
    sack->sack.cum_tsn_ack = htonl(asoc->cumulative_tsn);
    sack->sack.a_rwnd = htonl(asoc->my_rwnd);
    sack->sack.num_gap_ack_blks = htons(num_gap_blocks);
    sack->sack.num_dup_tsns = htons(num_dups);
    sack->ch.chunk_type = type;
    sack->ch.chunk_flags = flags;
    sack->ch.chunk_length = htons(a_chk->send_size);
  } else {
    a_chk->send_size = (uint16_t)(sizeof(struct sctp_nr_sack_chunk) +
                                  (num_gap_blocks + num_nr_gap_blocks) * sizeof(struct sctp_gap_ack_block) +
                                  num_dups * sizeof(int32_t));
    SCTP_BUF_LEN(a_chk->data) = a_chk->send_size;
    nr_sack->nr_sack.cum_tsn_ack = htonl(asoc->cumulative_tsn);
    nr_sack->nr_sack.a_rwnd = htonl(asoc->my_rwnd);
    nr_sack->nr_sack.num_gap_ack_blks = htons(num_gap_blocks);
    nr_sack->nr_sack.num_nr_gap_ack_blks = htons(num_nr_gap_blocks);
    nr_sack->nr_sack.num_dup_tsns = htons(num_dups);
    nr_sack->nr_sack.reserved = 0;
    nr_sack->ch.chunk_type = type;
    nr_sack->ch.chunk_flags = flags;
    nr_sack->ch.chunk_length = htons(a_chk->send_size);
  }
  TAILQ_INSERT_TAIL(&asoc->control_send_queue, a_chk, sctp_next);
  asoc->my_last_reported_rwnd = asoc->my_rwnd;
  asoc->ctrl_queue_cnt++;
  asoc->send_sack = 0;
  SCTP_STAT_INCR(sctps_sendsacks);
  return;
}

void
sctp_send_abort_tcb(struct sctp_tcb *stcb, struct mbuf *operr, int so_locked)
{
  struct mbuf *m_abort, *m, *m_last;
  struct mbuf *m_out, *m_end = NULL;
  struct sctp_abort_chunk *abort;
  struct sctp_auth_chunk *auth = NULL;
  struct sctp_nets *net;
  uint32_t vtag;
  uint32_t auth_offset = 0;
  int error;
  uint16_t cause_len, chunk_len, padding_len;
  bool use_zero_crc;

#if defined(__APPLE__) && !defined(__Userspace__)
  if (so_locked) {
    sctp_lock_assert(SCTP_INP_SO(stcb->sctp_ep));
  } else {
    sctp_unlock_assert(SCTP_INP_SO(stcb->sctp_ep));
  }
#endif
  SCTP_TCB_LOCK_ASSERT(stcb);
  /*-
   * Add an AUTH chunk, if chunk requires it and save the offset into
   * the chain for AUTH
   */
  if (sctp_auth_is_required_chunk(SCTP_ABORT_ASSOCIATION,
                                  stcb->asoc.peer_auth_chunks)) {
    m_out = sctp_add_auth_chunk(NULL, &m_end, &auth, &auth_offset,
              stcb, SCTP_ABORT_ASSOCIATION);
    SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
  } else {
    m_out = NULL;
  }
  switch (stcb->asoc.snd_edmid) {
  case SCTP_EDMID_LOWER_LAYER_DTLS:
    use_zero_crc = true;
    break;
  default:
    use_zero_crc = false;
    break;
  }
  m_abort = sctp_get_mbuf_for_msg(sizeof(struct sctp_abort_chunk), 0, M_NOWAIT, 1, MT_HEADER);
  if (m_abort == NULL) {
    if (m_out) {
      sctp_m_freem(m_out);
    }
    if (operr) {
      sctp_m_freem(operr);
    }
    return;
  }
  /* link in any error */
  SCTP_BUF_NEXT(m_abort) = operr;
  cause_len = 0;
  m_last = NULL;
  for (m = operr; m; m = SCTP_BUF_NEXT(m)) {
    cause_len += (uint16_t)SCTP_BUF_LEN(m);
    if (SCTP_BUF_NEXT(m) == NULL) {
      m_last = m;
    }
  }
  SCTP_BUF_LEN(m_abort) = sizeof(struct sctp_abort_chunk);
  chunk_len = (uint16_t)sizeof(struct sctp_abort_chunk) + cause_len;
  padding_len = SCTP_SIZE32(chunk_len) - chunk_len;
  if (m_out == NULL) {
    /* NO Auth chunk prepended, so reserve space in front */
    SCTP_BUF_RESV_UF(m_abort, SCTP_MIN_OVERHEAD);
    m_out = m_abort;
  } else {
    /* Put AUTH chunk at the front of the chain */
    SCTP_BUF_NEXT(m_end) = m_abort;
  }
  if (stcb->asoc.alternate) {
    net = stcb->asoc.alternate;
  } else {
    net = stcb->asoc.primary_destination;
  }
  /* Fill in the ABORT chunk header. */
  abort = mtod(m_abort, struct sctp_abort_chunk *);
  abort->ch.chunk_type = SCTP_ABORT_ASSOCIATION;
  if (stcb->asoc.peer_vtag == 0) {
    /* This happens iff the assoc is in COOKIE-WAIT state. */
    vtag = stcb->asoc.my_vtag;
    abort->ch.chunk_flags = SCTP_HAD_NO_TCB;
  } else {
    vtag = stcb->asoc.peer_vtag;
    abort->ch.chunk_flags = 0;
  }
  abort->ch.chunk_length = htons(chunk_len);
  /* Add padding, if necessary. */
  if (padding_len > 0) {
    if ((m_last == NULL) ||
        (sctp_add_pad_tombuf(m_last, padding_len) == NULL)) {
      sctp_m_freem(m_out);
      return;
    }
  }
  if ((error = sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, net,
                                          (struct sockaddr *)&net->ro._l_addr,
                                          m_out, auth_offset, auth, stcb->asoc.authinfo.active_keyid, 1, 0, 0,
                                          stcb->sctp_ep->sctp_lport, stcb->rport, htonl(vtag),
                                          stcb->asoc.primary_destination->port, NULL,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                                          0, 0,
#endif
                                          use_zero_crc,
                                          so_locked))) {
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "Gak send error %d\n", error);
    if (error == ENOBUFS) {
      stcb->asoc.ifp_had_enobuf = 1;
      SCTP_STAT_INCR(sctps_lowlevelerr);
    }
  } else {
    stcb->asoc.ifp_had_enobuf = 0;
  }
  SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
}

void
sctp_send_shutdown_complete(struct sctp_tcb *stcb,
                            struct sctp_nets *net,
                            int reflect_vtag)
{
  /* formulate and SEND a SHUTDOWN-COMPLETE */
  struct mbuf *m_shutdown_comp;
  struct sctp_shutdown_complete_chunk *shutdown_complete;
  uint32_t vtag;
  int error;
  uint8_t flags;
  bool use_zero_crc;

  m_shutdown_comp = sctp_get_mbuf_for_msg(sizeof(struct sctp_chunkhdr), 0, M_NOWAIT, 1, MT_HEADER);
  if (m_shutdown_comp == NULL) {
    /* no mbuf's */
    return;
  }
  if (reflect_vtag) {
    flags = SCTP_HAD_NO_TCB;
    vtag = stcb->asoc.my_vtag;
  } else {
    flags = 0;
    vtag = stcb->asoc.peer_vtag;
  }
  switch (stcb->asoc.snd_edmid) {
  case SCTP_EDMID_LOWER_LAYER_DTLS:
    use_zero_crc = true;
    break;
  default:
    use_zero_crc = false;
    break;
  }
  shutdown_complete = mtod(m_shutdown_comp, struct sctp_shutdown_complete_chunk *);
  shutdown_complete->ch.chunk_type = SCTP_SHUTDOWN_COMPLETE;
  shutdown_complete->ch.chunk_flags = flags;
  shutdown_complete->ch.chunk_length = htons(sizeof(struct sctp_shutdown_complete_chunk));
  SCTP_BUF_LEN(m_shutdown_comp) = sizeof(struct sctp_shutdown_complete_chunk);
  if ((error = sctp_lowlevel_chunk_output(stcb->sctp_ep, stcb, net,
                                          (struct sockaddr *)&net->ro._l_addr,
                                          m_shutdown_comp, 0, NULL, 0, 1, 0, 0,
                                          stcb->sctp_ep->sctp_lport, stcb->rport,
                                          htonl(vtag),
                                          net->port, NULL,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                                          0, 0,
#endif
                                          use_zero_crc,
                                          SCTP_SO_NOT_LOCKED))) {
    SCTPDBG(SCTP_DEBUG_OUTPUT3, "Gak send error %d\n", error);
    if (error == ENOBUFS) {
      stcb->asoc.ifp_had_enobuf = 1;
      SCTP_STAT_INCR(sctps_lowlevelerr);
    }
  } else {
    stcb->asoc.ifp_had_enobuf = 0;
  }
  SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
  return;
}

#if defined(__FreeBSD__) && !defined(__Userspace__)
static void
sctp_send_resp_msg(struct sockaddr *src, struct sockaddr *dst,
                   struct sctphdr *sh, uint32_t vtag,
                   uint8_t type, struct mbuf *cause,
                   uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum,
                   uint32_t vrf_id, uint16_t port)
#else
static void
sctp_send_resp_msg(struct sockaddr *src, struct sockaddr *dst,
                   struct sctphdr *sh, uint32_t vtag,
                   uint8_t type, struct mbuf *cause,
                   uint32_t vrf_id SCTP_UNUSED, uint16_t port)
#endif
{
  struct mbuf *o_pak;
  struct mbuf *mout;
  struct sctphdr *shout;
  struct sctp_chunkhdr *ch;
#if defined(INET) || defined(INET6)
  struct udphdr *udp;
#endif
  int ret, len, cause_len, padding_len;
#ifdef INET
#if defined(__APPLE__) && !defined(__Userspace__)
  sctp_route_t ro;
#endif
  struct sockaddr_in *src_sin, *dst_sin;
  struct ip *ip;
#endif
#ifdef INET6
  struct sockaddr_in6 *src_sin6, *dst_sin6;
  struct ip6_hdr *ip6;
#endif

  /* Compute the length of the cause and add final padding. */
  cause_len = 0;
  if (cause != NULL) {
    struct mbuf *m_at, *m_last = NULL;

    for (m_at = cause; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
      if (SCTP_BUF_NEXT(m_at) == NULL)
        m_last = m_at;
      cause_len += SCTP_BUF_LEN(m_at);
    }
    padding_len = cause_len % 4;
    if (padding_len != 0) {
      padding_len = 4 - padding_len;
    }
    if (padding_len != 0) {
      if (sctp_add_pad_tombuf(m_last, padding_len) == NULL) {
        sctp_m_freem(cause);
        return;
      }
    }
  } else {
    padding_len = 0;
  }
  /* Get an mbuf for the header. */
  len = sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr);
  switch (dst->sa_family) {
#ifdef INET
  case AF_INET:
    len += sizeof(struct ip);
    break;
#endif
#ifdef INET6
  case AF_INET6:
    len += sizeof(struct ip6_hdr);
    break;
#endif
  default:
    break;
  }
#if defined(INET) || defined(INET6)
  if (port) {
    len += sizeof(struct udphdr);
  }
#endif
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
  mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_NOWAIT, 1, MT_DATA);
#else
  mout = sctp_get_mbuf_for_msg(len + SCTP_MAX_LINKHDR, 1, M_NOWAIT, 1, MT_DATA);
#endif
#else
  mout = sctp_get_mbuf_for_msg(len + max_linkhdr, 1, M_NOWAIT, 1, MT_DATA);
#endif
  if (mout == NULL) {
    if (cause) {
      sctp_m_freem(cause);
    }
    return;
  }
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
  SCTP_BUF_RESV_UF(mout, max_linkhdr);
#else
  SCTP_BUF_RESV_UF(mout, SCTP_MAX_LINKHDR);
#endif
#else
  SCTP_BUF_RESV_UF(mout, max_linkhdr);
#endif
  SCTP_BUF_LEN(mout) = len;
  SCTP_BUF_NEXT(mout) = cause;
#if defined(__FreeBSD__) && !defined(__Userspace__)
  M_SETFIB(mout, fibnum);
  mout->m_pkthdr.flowid = mflowid;
  M_HASHTYPE_SET(mout, mflowtype);
#endif
#ifdef INET
  ip = NULL;
#endif
#ifdef INET6
  ip6 = NULL;
#endif
  switch (dst->sa_family) {
#ifdef INET
  case AF_INET:
    src_sin = (struct sockaddr_in *)src;
    dst_sin = (struct sockaddr_in *)dst;
    ip = mtod(mout, struct ip *);
    ip->ip_v = IPVERSION;
    ip->ip_hl = (sizeof(struct ip) >> 2);
    ip->ip_tos = 0;
#if defined(__FreeBSD__) && !defined(__Userspace__)
    ip->ip_off = htons(IP_DF);
#elif defined(WITH_CONVERT_IP_OFF) || defined(__APPLE__)
    ip->ip_off = IP_DF;
#else
    ip->ip_off = htons(IP_DF);
#endif
#if defined(__Userspace__)
    ip->ip_id = htons(ip_id++);
#elif defined(__FreeBSD__)
    ip_fillid(ip, V_ip_random_id);
#elif defined(__APPLE__)
#if RANDOM_IP_ID
    ip->ip_id = ip_randomid();
#else
    ip->ip_id = htons(ip_id++);
#endif
#else
    ip->ip_id = ip_id++;
#endif
    ip->ip_ttl = MODULE_GLOBAL(ip_defttl);
    if (port) {
      ip->ip_p = IPPROTO_UDP;
    } else {
      ip->ip_p = IPPROTO_SCTP;
    }
    ip->ip_src.s_addr = dst_sin->sin_addr.s_addr;
    ip->ip_dst.s_addr = src_sin->sin_addr.s_addr;
    ip->ip_sum = 0;
    len = sizeof(struct ip);
    shout = (struct sctphdr *)((caddr_t)ip + len);
    break;
#endif
#ifdef INET6
  case AF_INET6:
    src_sin6 = (struct sockaddr_in6 *)src;
    dst_sin6 = (struct sockaddr_in6 *)dst;
    ip6 = mtod(mout, struct ip6_hdr *);
    ip6->ip6_flow = htonl(0x60000000);
#if defined(__FreeBSD__) && !defined(__Userspace__)
    if (V_ip6_auto_flowlabel) {
      ip6->ip6_flow |= (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK);
    }
#endif
#if defined(__Userspace__)
    ip6->ip6_hlim = IPv6_HOP_LIMIT;
#else
    ip6->ip6_hlim = MODULE_GLOBAL(ip6_defhlim);
#endif
    if (port) {
      ip6->ip6_nxt = IPPROTO_UDP;
    } else {
      ip6->ip6_nxt = IPPROTO_SCTP;
    }
    ip6->ip6_src = dst_sin6->sin6_addr;
    ip6->ip6_dst = src_sin6->sin6_addr;
    len = sizeof(struct ip6_hdr);
    shout = (struct sctphdr *)((caddr_t)ip6 + len);
    break;
#endif
  default:
    len = 0;
    shout = mtod(mout, struct sctphdr *);
    break;
  }
#if defined(INET) || defined(INET6)
  if (port) {
    if (htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)) == 0) {
      sctp_m_freem(mout);
      return;
    }
    udp = (struct udphdr *)shout;
    udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
    udp->uh_dport = port;
    udp->uh_sum = 0;
    udp->uh_ulen = htons((uint16_t)(sizeof(struct udphdr) +
                                    sizeof(struct sctphdr) +
                                    sizeof(struct sctp_chunkhdr) +
                                    cause_len + padding_len));
    len += sizeof(struct udphdr);
    shout = (struct sctphdr *)((caddr_t)shout + sizeof(struct udphdr));
  } else {
    udp = NULL;
  }
#endif
  shout->src_port = sh->dest_port;
  shout->dest_port = sh->src_port;
  shout->checksum = 0;
  if (vtag) {
    shout->v_tag = htonl(vtag);
  } else {
    shout->v_tag = sh->v_tag;
  }
  len += sizeof(struct sctphdr);
  ch = (struct sctp_chunkhdr *)((caddr_t)shout + sizeof(struct sctphdr));
  ch->chunk_type = type;
  if (vtag) {
    ch->chunk_flags = 0;
  } else {
    ch->chunk_flags = SCTP_HAD_NO_TCB;
  }
  ch->chunk_length = htons((uint16_t)(sizeof(struct sctp_chunkhdr) + cause_len));
  len += sizeof(struct sctp_chunkhdr);
  len += cause_len + padding_len;

  if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
    sctp_m_freem(mout);
    return;
  }
  SCTP_ATTACH_CHAIN(o_pak, mout, len);
  switch (dst->sa_family) {
#ifdef INET
  case AF_INET:
#if defined(__APPLE__) && !defined(__Userspace__)
    /* zap the stack pointer to the route */
    memset(&ro, 0, sizeof(sctp_route_t));
#endif
    if (port) {
#if !defined(_WIN32) && !defined(__Userspace__)
#if defined(__FreeBSD__)
      if (V_udp_cksum) {
        udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
      } else {
        udp->uh_sum = 0;
      }
#else
      udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
#endif
#else
      udp->uh_sum = 0;
#endif
    }
#if defined(__FreeBSD__) && !defined(__Userspace__)
    ip->ip_len = htons(len);
#elif defined(__APPLE__) || defined(__Userspace__)
    ip->ip_len = len;
#else
    ip->ip_len = htons(len);
#endif
    if (port) {
      shout->checksum = sctp_calculate_cksum(mout, sizeof(struct ip) + sizeof(struct udphdr));
      SCTP_STAT_INCR(sctps_sendswcrc);
#if !defined(_WIN32) && !defined(__Userspace__)
#if defined(__FreeBSD__)
      if (V_udp_cksum) {
        SCTP_ENABLE_UDP_CSUM(o_pak);
      }
#else
      SCTP_ENABLE_UDP_CSUM(o_pak);
#endif
#endif
    } else {
#if defined(__FreeBSD__) && !defined(__Userspace__)
      mout->m_pkthdr.csum_flags = CSUM_SCTP;
      mout->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum);
      SCTP_STAT_INCR(sctps_sendhwcrc);
#else
      shout->checksum = sctp_calculate_cksum(mout, sizeof(struct ip));
      SCTP_STAT_INCR(sctps_sendswcrc);
#endif
    }
#ifdef SCTP_PACKET_LOGGING
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) {
      sctp_packet_log(o_pak);
    }
#endif
#if defined(__APPLE__) && !defined(__Userspace__)
    SCTP_IP_OUTPUT(ret, o_pak, &ro, NULL, vrf_id);
    /* Free the route if we got one back */
    if (ro.ro_rt) {
      RTFREE(ro.ro_rt);
      ro.ro_rt = NULL;
    }
#else
#if defined(__FreeBSD__) && !defined(__Userspace__)
    SCTP_PROBE5(send, NULL, NULL, ip, NULL, shout);
#endif
    SCTP_IP_OUTPUT(ret, o_pak, NULL, NULL, vrf_id);
#endif
    break;
#endif
#ifdef INET6
  case AF_INET6:
    ip6->ip6_plen = htons((uint16_t)(len - sizeof(struct ip6_hdr)));
    if (port) {
      shout->checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr) + sizeof(struct udphdr));
      SCTP_STAT_INCR(sctps_sendswcrc);
#if !defined(__Userspace__)
#if defined(_WIN32)
      udp->uh_sum = 0;
#else
      if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), len - sizeof(struct ip6_hdr))) == 0) {
        udp->uh_sum = 0xffff;
      }
#endif
#endif
    } else {
#if defined(__FreeBSD__) && !defined(__Userspace__)
      mout->m_pkthdr.csum_flags = CSUM_SCTP_IPV6;
      mout->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum);
      SCTP_STAT_INCR(sctps_sendhwcrc);
#else
      shout->checksum = sctp_calculate_cksum(mout, sizeof(struct ip6_hdr));
      SCTP_STAT_INCR(sctps_sendswcrc);
#endif
    }
#ifdef SCTP_PACKET_LOGGING
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) {
      sctp_packet_log(o_pak);
    }
#endif
#if defined(__FreeBSD__) && !defined(__Userspace__)
    SCTP_PROBE5(send, NULL, NULL, ip6, NULL, shout);
#endif
    SCTP_IP6_OUTPUT(ret, o_pak, NULL, NULL, NULL, vrf_id);
    break;
#endif
#if defined(__Userspace__)
  case AF_CONN:
  {
    char *buffer;
    struct sockaddr_conn *sconn;

    sconn = (struct sockaddr_conn *)src;
    if (SCTP_BASE_VAR(crc32c_offloaded) == 0) {
      shout->checksum = sctp_calculate_cksum(o_pak, 0);
      SCTP_STAT_INCR(sctps_sendswcrc);
    } else {
      SCTP_STAT_INCR(sctps_sendhwcrc);
    }
#ifdef SCTP_PACKET_LOGGING
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING) {
      sctp_packet_log(mout);
    }
#endif
    /* Don't alloc/free for each packet */
    if ((buffer = malloc(len)) != NULL) {
      m_copydata(o_pak, 0, len, buffer);
      ret = SCTP_BASE_VAR(conn_output)(sconn->sconn_addr, buffer, len, 0, 0);
      free(buffer);
    } else {
      ret = ENOMEM;
    }
    sctp_m_freem(o_pak);
    break;
  }
#endif
  default:
    SCTPDBG(SCTP_DEBUG_OUTPUT1, "Unknown protocol (TSNH) type %d\n",
            dst->sa_family);
    sctp_m_freem(mout);
    SCTP_LTRACE_ERR_RET_PKT(mout, NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT);
    return;
  }
  SCTPDBG(SCTP_DEBUG_OUTPUT3, "return from send is %d\n", ret);
#if defined(__FreeBSD__) && !defined(__Userspace__)
  if (port) {
    UDPSTAT_INC(udps_opackets);
  }
#endif
  SCTP_STAT_INCR(sctps_sendpackets);
  SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
  SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
  if (ret) {
    SCTP_STAT_INCR(sctps_senderrors);
  }
  return;
}

void
sctp_send_shutdown_complete2(struct sockaddr *src, struct sockaddr *dst,
                             struct sctphdr *sh,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                             uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum,
#endif
                             uint32_t vrf_id, uint16_t port)
{
  sctp_send_resp_msg(src, dst, sh, 0, SCTP_SHUTDOWN_COMPLETE, NULL,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                     mflowtype, mflowid, fibnum,
#endif
                     vrf_id, port);
}

void
sctp_send_hb(struct sctp_tcb *stcb, struct sctp_nets *net,int so_locked)
{
  struct sctp_tmit_chunk *chk;
  struct sctp_heartbeat_chunk *hb;
  struct timeval now;

  SCTP_TCB_LOCK_ASSERT(stcb);
  if (net == NULL) {
    return;
  }
  (void)SCTP_GETTIME_TIMEVAL(&now);
  switch (net->ro._l_addr.sa.sa_family) {
#ifdef INET
  case AF_INET:
    break;
#endif
#ifdef INET6
  case AF_INET6:
    break;
#endif
#if defined(__Userspace__)
  case AF_CONN:
    break;
#endif
  default:
    return;
  }
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    SCTPDBG(SCTP_DEBUG_OUTPUT4, "Gak, can't get a chunk for hb\n");
    return;
  }

  chk->copy_by_ref = 0;
  chk->rec.chunk_id.id = SCTP_HEARTBEAT_REQUEST;
  chk->rec.chunk_id.can_take_data = 1;
  chk->flags = 0;
  chk->asoc = &stcb->asoc;
  chk->send_size = sizeof(struct sctp_heartbeat_chunk);

  chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_NOWAIT, 1, MT_HEADER);
  if (chk->data == NULL) {
    sctp_free_a_chunk(stcb, chk, so_locked);
    return;
  }
  SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
  SCTP_BUF_LEN(chk->data) = chk->send_size;
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  chk->whoTo = net;
  atomic_add_int(&chk->whoTo->ref_count, 1);
  /* Now we have a mbuf that we can fill in with the details */
  hb = mtod(chk->data, struct sctp_heartbeat_chunk *);
  memset(hb, 0, sizeof(struct sctp_heartbeat_chunk));
  /* fill out chunk header */
  hb->ch.chunk_type = SCTP_HEARTBEAT_REQUEST;
  hb->ch.chunk_flags = 0;
  hb->ch.chunk_length = htons(chk->send_size);
  /* Fill out hb parameter */
  hb->heartbeat.hb_info.ph.param_type = htons(SCTP_HEARTBEAT_INFO);
  hb->heartbeat.hb_info.ph.param_length = htons(sizeof(struct sctp_heartbeat_info_param));
  hb->heartbeat.hb_info.time_value_1 = now.tv_sec;
  hb->heartbeat.hb_info.time_value_2 = now.tv_usec;
  /* Did our user request this one, put it in */
  hb->heartbeat.hb_info.addr_family = (uint8_t)net->ro._l_addr.sa.sa_family;
#ifdef HAVE_SA_LEN
  hb->heartbeat.hb_info.addr_len = net->ro._l_addr.sa.sa_len;
#else
  switch (net->ro._l_addr.sa.sa_family) {
#ifdef INET
  case AF_INET:
    hb->heartbeat.hb_info.addr_len = sizeof(struct sockaddr_in);
    break;
#endif
#ifdef INET6
  case AF_INET6:
    hb->heartbeat.hb_info.addr_len = sizeof(struct sockaddr_in6);
    break;
#endif
#if defined(__Userspace__)
  case AF_CONN:
    hb->heartbeat.hb_info.addr_len = sizeof(struct sockaddr_conn);
    break;
#endif
  default:
    hb->heartbeat.hb_info.addr_len = 0;
    break;
  }
#endif
  if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
    /*
     * we only take from the entropy pool if the address is not
     * confirmed.
     */
    net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
    net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
  } else {
    net->heartbeat_random1 = hb->heartbeat.hb_info.random_value1 = 0;
    net->heartbeat_random2 = hb->heartbeat.hb_info.random_value2 = 0;
  }
  switch (net->ro._l_addr.sa.sa_family) {
#ifdef INET
  case AF_INET:
    memcpy(hb->heartbeat.hb_info.address,
           &net->ro._l_addr.sin.sin_addr,
           sizeof(net->ro._l_addr.sin.sin_addr));
    break;
#endif
#ifdef INET6
  case AF_INET6:
    memcpy(hb->heartbeat.hb_info.address,
           &net->ro._l_addr.sin6.sin6_addr,
           sizeof(net->ro._l_addr.sin6.sin6_addr));
    break;
#endif
#if defined(__Userspace__)
  case AF_CONN:
    memcpy(hb->heartbeat.hb_info.address,
           &net->ro._l_addr.sconn.sconn_addr,
           sizeof(net->ro._l_addr.sconn.sconn_addr));
    break;
#endif
  default:
    if (chk->data) {
      sctp_m_freem(chk->data);
      chk->data = NULL;
    }
    sctp_free_a_chunk(stcb, chk, so_locked);
    return;
    break;
  }
  net->hb_responded = 0;
  TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next);
  stcb->asoc.ctrl_queue_cnt++;
  SCTP_STAT_INCR(sctps_sendheartbeat);
  return;
}

void
sctp_send_ecn_echo(struct sctp_tcb *stcb, struct sctp_nets *net,
       uint32_t high_tsn)
{
  struct sctp_association *asoc;
  struct sctp_ecne_chunk *ecne;
  struct sctp_tmit_chunk *chk;

  if (net == NULL) {
    return;
  }
  asoc = &stcb->asoc;
  SCTP_TCB_LOCK_ASSERT(stcb);
  TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
    if ((chk->rec.chunk_id.id == SCTP_ECN_ECHO) && (net == chk->whoTo)) {
      /* found a previous ECN_ECHO update it if needed */
      uint32_t cnt, ctsn;
      ecne = mtod(chk->data, struct sctp_ecne_chunk *);
      ctsn = ntohl(ecne->tsn);
      if (SCTP_TSN_GT(high_tsn, ctsn)) {
        ecne->tsn = htonl(high_tsn);
        SCTP_STAT_INCR(sctps_queue_upd_ecne);
      }
      cnt = ntohl(ecne->num_pkts_since_cwr);
      cnt++;
      ecne->num_pkts_since_cwr = htonl(cnt);
      return;
    }
  }
  /* nope could not find one to update so we must build one */
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    return;
  }
  SCTP_STAT_INCR(sctps_queue_upd_ecne);
  chk->copy_by_ref = 0;
  chk->rec.chunk_id.id = SCTP_ECN_ECHO;
  chk->rec.chunk_id.can_take_data = 0;
  chk->flags = 0;
  chk->asoc = &stcb->asoc;
  chk->send_size = sizeof(struct sctp_ecne_chunk);
  chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_NOWAIT, 1, MT_HEADER);
  if (chk->data == NULL) {
    sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
    return;
  }
  SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
  SCTP_BUF_LEN(chk->data) = chk->send_size;
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  chk->whoTo = net;
  atomic_add_int(&chk->whoTo->ref_count, 1);

  stcb->asoc.ecn_echo_cnt_onq++;
  ecne = mtod(chk->data, struct sctp_ecne_chunk *);
  ecne->ch.chunk_type = SCTP_ECN_ECHO;
  ecne->ch.chunk_flags = 0;
  ecne->ch.chunk_length = htons(sizeof(struct sctp_ecne_chunk));
  ecne->tsn = htonl(high_tsn);
  ecne->num_pkts_since_cwr = htonl(1);
  TAILQ_INSERT_HEAD(&stcb->asoc.control_send_queue, chk, sctp_next);
  asoc->ctrl_queue_cnt++;
}

void
sctp_send_packet_dropped(struct sctp_tcb *stcb, struct sctp_nets *net,
    struct mbuf *m, int len, int iphlen, int bad_crc)
{
  struct sctp_association *asoc;
  struct sctp_pktdrop_chunk *drp;
  struct sctp_tmit_chunk *chk;
  uint8_t *datap;
  int was_trunc = 0;
  int fullsz = 0;
  long spc;
  int offset;
  struct sctp_chunkhdr *ch, chunk_buf;
  unsigned int chk_length;

        if (!stcb) {
            return;
        }
  asoc = &stcb->asoc;
  SCTP_TCB_LOCK_ASSERT(stcb);
  if (asoc->pktdrop_supported == 0) {
    /*-
     * peer must declare support before I send one.
     */
    return;
  }
  if (stcb->sctp_socket == NULL) {
    return;
  }
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    return;
  }
  chk->copy_by_ref = 0;
  chk->rec.chunk_id.id = SCTP_PACKET_DROPPED;
  chk->rec.chunk_id.can_take_data = 1;
  chk->flags = 0;
  len -= iphlen;
  chk->send_size = len;
  /* Validate that we do not have an ABORT in here. */
  offset = iphlen + sizeof(struct sctphdr);
  ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset,
               sizeof(*ch), (uint8_t *) & chunk_buf);
  while (ch != NULL) {
    chk_length = ntohs(ch->chunk_length);
    if (chk_length < sizeof(*ch)) {
      /* break to abort land */
      break;
    }
    switch (ch->chunk_type) {
    case SCTP_PACKET_DROPPED:
    case SCTP_ABORT_ASSOCIATION:
    case SCTP_INITIATION_ACK:
      /**
       * We don't respond with an PKT-DROP to an ABORT
       * or PKT-DROP. We also do not respond to an
       * INIT-ACK, because we can't know if the initiation
       * tag is correct or not.
       */
      sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
      return;
    default:
      break;
    }
    offset += SCTP_SIZE32(chk_length);
    ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset,
        sizeof(*ch), (uint8_t *) & chunk_buf);
  }

  if ((len + SCTP_MAX_OVERHEAD + sizeof(struct sctp_pktdrop_chunk)) >
      min(stcb->asoc.smallest_mtu, MCLBYTES)) {
    /* only send 1 mtu worth, trim off the
     * excess on the end.
     */
    fullsz = len;
    len = min(stcb->asoc.smallest_mtu, MCLBYTES) - SCTP_MAX_OVERHEAD;
    was_trunc = 1;
  }
  chk->asoc = &stcb->asoc;
  chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA);
  if (chk->data == NULL) {
jump_out:
    sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
    return;
  }
  SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
  drp = mtod(chk->data, struct sctp_pktdrop_chunk *);
  if (drp == NULL) {
    sctp_m_freem(chk->data);
    chk->data = NULL;
    goto jump_out;
  }
  chk->book_size = SCTP_SIZE32((chk->send_size + sizeof(struct sctp_pktdrop_chunk) +
      sizeof(struct sctphdr) + SCTP_MED_OVERHEAD));
  chk->book_size_scale = 0;
  if (was_trunc) {
    drp->ch.chunk_flags = SCTP_PACKET_TRUNCATED;
    drp->trunc_len = htons(fullsz);
    /* Len is already adjusted to size minus overhead above
     * take out the pkt_drop chunk itself from it.
     */
    chk->send_size = (uint16_t)(len - sizeof(struct sctp_pktdrop_chunk));
    len = chk->send_size;
  } else {
    /* no truncation needed */
    drp->ch.chunk_flags = 0;
    drp->trunc_len = htons(0);
  }
  if (bad_crc) {
    drp->ch.chunk_flags |= SCTP_BADCRC;
  }
  chk->send_size += sizeof(struct sctp_pktdrop_chunk);
  SCTP_BUF_LEN(chk->data) = chk->send_size;
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  if (net) {
    /* we should hit here */
    chk->whoTo = net;
    atomic_add_int(&chk->whoTo->ref_count, 1);
  } else {
    chk->whoTo = NULL;
  }
  drp->ch.chunk_type = SCTP_PACKET_DROPPED;
  drp->ch.chunk_length = htons(chk->send_size);
  spc = SCTP_SB_LIMIT_RCV(stcb->sctp_socket);
  if (spc < 0) {
    spc = 0;
  }
  drp->bottle_bw = htonl(spc);
  if (asoc->my_rwnd) {
    drp->current_onq = htonl(asoc->size_on_reasm_queue +
        asoc->size_on_all_streams +
        asoc->my_rwnd_control_len +
        SCTP_SBAVAIL(&stcb->sctp_socket->so_rcv));
  } else {
    /*-
     * If my rwnd is 0, possibly from mbuf depletion as well as
     * space used, tell the peer there is NO space aka onq == bw
     */
    drp->current_onq = htonl(spc);
  }
  drp->reserved = 0;
  datap = drp->data;
  m_copydata(m, iphlen, len, (caddr_t)datap);
  TAILQ_INSERT_TAIL(&stcb->asoc.control_send_queue, chk, sctp_next);
  asoc->ctrl_queue_cnt++;
}

void
sctp_send_cwr(struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t high_tsn, uint8_t override)
{
  struct sctp_association *asoc;
  struct sctp_cwr_chunk *cwr;
  struct sctp_tmit_chunk *chk;

  SCTP_TCB_LOCK_ASSERT(stcb);
  if (net == NULL) {
    return;
  }
  asoc = &stcb->asoc;
  TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
    if ((chk->rec.chunk_id.id == SCTP_ECN_CWR) && (net == chk->whoTo)) {
      /* found a previous CWR queued to same destination update it if needed */
      uint32_t ctsn;
      cwr = mtod(chk->data, struct sctp_cwr_chunk *);
      ctsn = ntohl(cwr->tsn);
      if (SCTP_TSN_GT(high_tsn, ctsn)) {
        cwr->tsn = htonl(high_tsn);
      }
      if (override & SCTP_CWR_REDUCE_OVERRIDE) {
        /* Make sure override is carried */
        cwr->ch.chunk_flags |= SCTP_CWR_REDUCE_OVERRIDE;
      }
      return;
    }
  }
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    return;
  }
  chk->copy_by_ref = 0;
  chk->rec.chunk_id.id = SCTP_ECN_CWR;
  chk->rec.chunk_id.can_take_data = 1;
  chk->flags = 0;
  chk->asoc = asoc;
  chk->send_size = sizeof(struct sctp_cwr_chunk);
  chk->data = sctp_get_mbuf_for_msg(chk->send_size, 0, M_NOWAIT, 1, MT_HEADER);
  if (chk->data == NULL) {
    sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
    return;
  }
  SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
  SCTP_BUF_LEN(chk->data) = chk->send_size;
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  chk->whoTo = net;
  atomic_add_int(&chk->whoTo->ref_count, 1);
  cwr = mtod(chk->data, struct sctp_cwr_chunk *);
  cwr->ch.chunk_type = SCTP_ECN_CWR;
  cwr->ch.chunk_flags = override;
  cwr->ch.chunk_length = htons(sizeof(struct sctp_cwr_chunk));
  cwr->tsn = htonl(high_tsn);
  TAILQ_INSERT_TAIL(&asoc->control_send_queue, chk, sctp_next);
  asoc->ctrl_queue_cnt++;
}

static int
sctp_add_stream_reset_out(struct sctp_tcb *stcb, struct sctp_tmit_chunk *chk,
                          uint32_t seq, uint32_t resp_seq, uint32_t last_sent)
{
  uint16_t len, old_len, i;
  struct sctp_stream_reset_out_request *req_out;
  struct sctp_chunkhdr *ch;
  int at;
  int number_entries=0;

  ch = mtod(chk->data, struct sctp_chunkhdr *);
  old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));
  /* get to new offset for the param. */
  req_out = (struct sctp_stream_reset_out_request *)((caddr_t)ch + len);
  /* now how long will this param be? */
  for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
    if ((stcb->asoc.strmout[i].state == SCTP_STREAM_RESET_PENDING) &&
        (stcb->asoc.strmout[i].chunks_on_queues == 0) &&
        TAILQ_EMPTY(&stcb->asoc.strmout[i].outqueue)) {
      number_entries++;
    }
  }
  if (number_entries == 0) {
    return (0);
  }
  if (number_entries == stcb->asoc.streamoutcnt) {
    number_entries = 0;
  }
  if (number_entries > SCTP_MAX_STREAMS_AT_ONCE_RESET) {
    number_entries = SCTP_MAX_STREAMS_AT_ONCE_RESET;
  }
  len = (uint16_t)(sizeof(struct sctp_stream_reset_out_request) + (sizeof(uint16_t) * number_entries));
  req_out->ph.param_type = htons(SCTP_STR_RESET_OUT_REQUEST);
  req_out->ph.param_length = htons(len);
  req_out->request_seq = htonl(seq);
  req_out->response_seq = htonl(resp_seq);
  req_out->send_reset_at_tsn = htonl(last_sent);
  at = 0;
  if (number_entries) {
    for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
      if ((stcb->asoc.strmout[i].state == SCTP_STREAM_RESET_PENDING) &&
          (stcb->asoc.strmout[i].chunks_on_queues == 0) &&
          TAILQ_EMPTY(&stcb->asoc.strmout[i].outqueue)) {
        req_out->list_of_streams[at] = htons(i);
        at++;
        stcb->asoc.strmout[i].state = SCTP_STREAM_RESET_IN_FLIGHT;
        if (at >= number_entries) {
          break;
        }
      }
    }
  } else {
    for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
      stcb->asoc.strmout[i].state = SCTP_STREAM_RESET_IN_FLIGHT;
    }
  }
  if (SCTP_SIZE32(len) > len) {
    /*-
     * Need to worry about the pad we may end up adding to the
     * end. This is easy since the struct is either aligned to 4
     * bytes or 2 bytes off.
     */
    req_out->list_of_streams[number_entries] = 0;
  }
  /* now fix the chunk length */
  ch->chunk_length = htons(len + old_len);
  chk->book_size = len + old_len;
  chk->book_size_scale = 0;
  chk->send_size = SCTP_SIZE32(chk->book_size);
  SCTP_BUF_LEN(chk->data) = chk->send_size;
  return (1);
}

static void
sctp_add_stream_reset_in(struct sctp_tmit_chunk *chk,
                         int number_entries, uint16_t *list,
                         uint32_t seq)
{
  uint16_t len, old_len, i;
  struct sctp_stream_reset_in_request *req_in;
  struct sctp_chunkhdr *ch;

  ch = mtod(chk->data, struct sctp_chunkhdr *);
  old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));

  /* get to new offset for the param. */
  req_in = (struct sctp_stream_reset_in_request *)((caddr_t)ch + len);
  /* now how long will this param be? */
  len = (uint16_t)(sizeof(struct sctp_stream_reset_in_request) + (sizeof(uint16_t) * number_entries));
  req_in->ph.param_type = htons(SCTP_STR_RESET_IN_REQUEST);
  req_in->ph.param_length = htons(len);
  req_in->request_seq = htonl(seq);
  if (number_entries) {
    for (i = 0; i < number_entries; i++) {
      req_in->list_of_streams[i] = htons(list[i]);
    }
  }
  if (SCTP_SIZE32(len) > len) {
    /*-
     * Need to worry about the pad we may end up adding to the
     * end. This is easy since the struct is either aligned to 4
     * bytes or 2 bytes off.
     */
    req_in->list_of_streams[number_entries] = 0;
  }
  /* now fix the chunk length */
  ch->chunk_length = htons(len + old_len);
  chk->book_size = len + old_len;
  chk->book_size_scale = 0;
  chk->send_size = SCTP_SIZE32(chk->book_size);
  SCTP_BUF_LEN(chk->data) = chk->send_size;
  return;
}

static void
sctp_add_stream_reset_tsn(struct sctp_tmit_chunk *chk,
                          uint32_t seq)
{
  uint16_t len, old_len;
  struct sctp_stream_reset_tsn_request *req_tsn;
  struct sctp_chunkhdr *ch;

  ch = mtod(chk->data, struct sctp_chunkhdr *);
  old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));

  /* get to new offset for the param. */
  req_tsn = (struct sctp_stream_reset_tsn_request *)((caddr_t)ch + len);
  /* now how long will this param be? */
  len = sizeof(struct sctp_stream_reset_tsn_request);
  req_tsn->ph.param_type = htons(SCTP_STR_RESET_TSN_REQUEST);
  req_tsn->ph.param_length = htons(len);
  req_tsn->request_seq = htonl(seq);

  /* now fix the chunk length */
  ch->chunk_length = htons(len + old_len);
  chk->send_size = len + old_len;
  chk->book_size = SCTP_SIZE32(chk->send_size);
  chk->book_size_scale = 0;
  SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size);
  return;
}

void
sctp_add_stream_reset_result(struct sctp_tmit_chunk *chk,
                             uint32_t resp_seq, uint32_t result)
{
  uint16_t len, old_len;
  struct sctp_stream_reset_response *resp;
  struct sctp_chunkhdr *ch;

  ch = mtod(chk->data, struct sctp_chunkhdr *);
  old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));

  /* get to new offset for the param. */
  resp = (struct sctp_stream_reset_response *)((caddr_t)ch + len);
  /* now how long will this param be? */
  len = sizeof(struct sctp_stream_reset_response);
  resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE);
  resp->ph.param_length = htons(len);
  resp->response_seq = htonl(resp_seq);
  resp->result = ntohl(result);

  /* now fix the chunk length */
  ch->chunk_length = htons(len + old_len);
  chk->book_size = len + old_len;
  chk->book_size_scale = 0;
  chk->send_size = SCTP_SIZE32(chk->book_size);
  SCTP_BUF_LEN(chk->data) = chk->send_size;
  return;
}

void
sctp_send_deferred_reset_response(struct sctp_tcb *stcb,
         struct sctp_stream_reset_list *ent,
         int response)
{
  struct sctp_association *asoc;
  struct sctp_tmit_chunk *chk;
  struct sctp_chunkhdr *ch;

  asoc = &stcb->asoc;

  /*
   * Reset our last reset action to the new one IP -> response
   * (PERFORMED probably). This assures that if we fail to send, a
   * retran from the peer will get the new response.
   */
  asoc->last_reset_action[0] = response;
  if (asoc->stream_reset_outstanding) {
    return;
  }
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
    return;
  }
  chk->copy_by_ref = 0;
  chk->rec.chunk_id.id = SCTP_STREAM_RESET;
  chk->rec.chunk_id.can_take_data = 0;
  chk->flags = 0;
  chk->asoc = &stcb->asoc;
  chk->book_size = sizeof(struct sctp_chunkhdr);
  chk->send_size = SCTP_SIZE32(chk->book_size);
  chk->book_size_scale = 0;
  chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA);
  if (chk->data == NULL) {
    sctp_free_a_chunk(stcb, chk, SCTP_SO_LOCKED);
    SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
    return;
  }
  SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
  /* setup chunk parameters */
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  if (stcb->asoc.alternate) {
    chk->whoTo = stcb->asoc.alternate;
  } else {
    chk->whoTo = stcb->asoc.primary_destination;
  }
  ch = mtod(chk->data, struct sctp_chunkhdr *);
  ch->chunk_type = SCTP_STREAM_RESET;
  ch->chunk_flags = 0;
  ch->chunk_length = htons(chk->book_size);
  atomic_add_int(&chk->whoTo->ref_count, 1);
  SCTP_BUF_LEN(chk->data) = chk->send_size;
  sctp_add_stream_reset_result(chk, ent->seq, response);
  /* insert the chunk for sending */
  TAILQ_INSERT_TAIL(&asoc->control_send_queue,
        chk,
        sctp_next);
  asoc->ctrl_queue_cnt++;
}

void
sctp_add_stream_reset_result_tsn(struct sctp_tmit_chunk *chk,
                                 uint32_t resp_seq, uint32_t result,
                                 uint32_t send_una, uint32_t recv_next)
{
  uint16_t len, old_len;
  struct sctp_stream_reset_response_tsn *resp;
  struct sctp_chunkhdr *ch;

  ch = mtod(chk->data, struct sctp_chunkhdr *);
  old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));

  /* get to new offset for the param. */
  resp = (struct sctp_stream_reset_response_tsn *)((caddr_t)ch + len);
  /* now how long will this param be? */
  len = sizeof(struct sctp_stream_reset_response_tsn);
  resp->ph.param_type = htons(SCTP_STR_RESET_RESPONSE);
  resp->ph.param_length = htons(len);
  resp->response_seq = htonl(resp_seq);
  resp->result = htonl(result);
  resp->senders_next_tsn = htonl(send_una);
  resp->receivers_next_tsn = htonl(recv_next);

  /* now fix the chunk length */
  ch->chunk_length = htons(len + old_len);
  chk->book_size = len + old_len;
  chk->send_size = SCTP_SIZE32(chk->book_size);
  chk->book_size_scale = 0;
  SCTP_BUF_LEN(chk->data) = chk->send_size;
  return;
}

static void
sctp_add_an_out_stream(struct sctp_tmit_chunk *chk,
           uint32_t seq,
           uint16_t adding)
{
  uint16_t len, old_len;
  struct sctp_chunkhdr *ch;
  struct sctp_stream_reset_add_strm *addstr;

  ch = mtod(chk->data, struct sctp_chunkhdr *);
  old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));

  /* get to new offset for the param. */
  addstr = (struct sctp_stream_reset_add_strm *)((caddr_t)ch + len);
  /* now how long will this param be? */
  len = sizeof(struct sctp_stream_reset_add_strm);

  /* Fill it out. */
  addstr->ph.param_type = htons(SCTP_STR_RESET_ADD_OUT_STREAMS);
  addstr->ph.param_length = htons(len);
  addstr->request_seq = htonl(seq);
  addstr->number_of_streams = htons(adding);
  addstr->reserved = 0;

  /* now fix the chunk length */
  ch->chunk_length = htons(len + old_len);
  chk->send_size = len + old_len;
  chk->book_size = SCTP_SIZE32(chk->send_size);
  chk->book_size_scale = 0;
  SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size);
  return;
}

static void
sctp_add_an_in_stream(struct sctp_tmit_chunk *chk,
                      uint32_t seq,
                      uint16_t adding)
{
  uint16_t len, old_len;
  struct sctp_chunkhdr *ch;
  struct sctp_stream_reset_add_strm *addstr;

  ch = mtod(chk->data, struct sctp_chunkhdr *);
  old_len = len = SCTP_SIZE32(ntohs(ch->chunk_length));

  /* get to new offset for the param. */
  addstr = (struct sctp_stream_reset_add_strm *)((caddr_t)ch + len);
  /* now how long will this param be? */
  len = sizeof(struct sctp_stream_reset_add_strm);
  /* Fill it out. */
  addstr->ph.param_type = htons(SCTP_STR_RESET_ADD_IN_STREAMS);
  addstr->ph.param_length = htons(len);
  addstr->request_seq = htonl(seq);
  addstr->number_of_streams = htons(adding);
  addstr->reserved = 0;

  /* now fix the chunk length */
  ch->chunk_length = htons(len + old_len);
  chk->send_size = len + old_len;
  chk->book_size = SCTP_SIZE32(chk->send_size);
  chk->book_size_scale = 0;
  SCTP_BUF_LEN(chk->data) = SCTP_SIZE32(chk->send_size);
  return;
}

int
sctp_send_stream_reset_out_if_possible(struct sctp_tcb *stcb, int so_locked)
{
  struct sctp_association *asoc;
  struct sctp_tmit_chunk *chk;
  struct sctp_chunkhdr *ch;
  uint32_t seq;

  asoc = &stcb->asoc;
  asoc->trigger_reset = 0;
  if (asoc->stream_reset_outstanding) {
    return (EALREADY);
  }
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
    return (ENOMEM);
  }
  chk->copy_by_ref = 0;
  chk->rec.chunk_id.id = SCTP_STREAM_RESET;
  chk->rec.chunk_id.can_take_data = 0;
  chk->flags = 0;
  chk->asoc = &stcb->asoc;
  chk->book_size = sizeof(struct sctp_chunkhdr);
  chk->send_size = SCTP_SIZE32(chk->book_size);
  chk->book_size_scale = 0;
  chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA);
  if (chk->data == NULL) {
    sctp_free_a_chunk(stcb, chk, so_locked);
    SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
    return (ENOMEM);
  }
  SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);

  /* setup chunk parameters */
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  if (stcb->asoc.alternate) {
    chk->whoTo = stcb->asoc.alternate;
  } else {
    chk->whoTo = stcb->asoc.primary_destination;
  }
  ch = mtod(chk->data, struct sctp_chunkhdr *);
  ch->chunk_type = SCTP_STREAM_RESET;
  ch->chunk_flags = 0;
  ch->chunk_length = htons(chk->book_size);
  atomic_add_int(&chk->whoTo->ref_count, 1);
  SCTP_BUF_LEN(chk->data) = chk->send_size;
  seq = stcb->asoc.str_reset_seq_out;
  if (sctp_add_stream_reset_out(stcb, chk, seq, (stcb->asoc.str_reset_seq_in - 1), (stcb->asoc.sending_seq - 1))) {
    seq++;
    asoc->stream_reset_outstanding++;
  } else {
    m_freem(chk->data);
    chk->data = NULL;
    sctp_free_a_chunk(stcb, chk, so_locked);
    return (ENOENT);
  }
  asoc->str_reset = chk;
  /* insert the chunk for sending */
  TAILQ_INSERT_TAIL(&asoc->control_send_queue,
        chk,
        sctp_next);
  asoc->ctrl_queue_cnt++;

  if (stcb->asoc.send_sack) {
    sctp_send_sack(stcb, so_locked);
  }
  sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo);
  return (0);
}

int
sctp_send_str_reset_req(struct sctp_tcb *stcb,
                        uint16_t number_entries, uint16_t *list,
                        uint8_t send_in_req,
                        uint8_t send_tsn_req,
                        uint8_t add_stream,
                        uint16_t adding_o,
                        uint16_t adding_i, uint8_t peer_asked)
{
  struct sctp_association *asoc;
  struct sctp_tmit_chunk *chk;
  struct sctp_chunkhdr *ch;
  int can_send_out_req=0;
  uint32_t seq;

  SCTP_TCB_LOCK_ASSERT(stcb);

  asoc = &stcb->asoc;
  if (asoc->stream_reset_outstanding) {
    /*-
     * Already one pending, must get ACK back to clear the flag.
     */
    SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EBUSY);
    return (EBUSY);
  }
  if ((send_in_req == 0) && (send_tsn_req == 0) &&
      (add_stream == 0)) {
    /* nothing to do */
    SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
    return (EINVAL);
  }
  if (send_tsn_req && send_in_req) {
    /* error, can't do that */
    SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
    return (EINVAL);
  } else if (send_in_req) {
    can_send_out_req = 1;
  }
  if (number_entries > (MCLBYTES -
                        SCTP_MIN_OVERHEAD -
                        sizeof(struct sctp_chunkhdr) -
                        sizeof(struct sctp_stream_reset_out_request)) /
                       sizeof(uint16_t)) {
    SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
    return (ENOMEM);
  }
  sctp_alloc_a_chunk(stcb, chk);
  if (chk == NULL) {
    SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
    return (ENOMEM);
  }
  chk->copy_by_ref = 0;
  chk->rec.chunk_id.id = SCTP_STREAM_RESET;
  chk->rec.chunk_id.can_take_data = 0;
  chk->flags = 0;
  chk->asoc = &stcb->asoc;
  chk->book_size = sizeof(struct sctp_chunkhdr);
  chk->send_size = SCTP_SIZE32(chk->book_size);
  chk->book_size_scale = 0;
  chk->data = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA);
  if (chk->data == NULL) {
    sctp_free_a_chunk(stcb, chk, SCTP_SO_LOCKED);
    SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
    return (ENOMEM);
  }
  SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);

  /* setup chunk parameters */
  chk->sent = SCTP_DATAGRAM_UNSENT;
  chk->snd_count = 0;
  if (stcb->asoc.alternate) {
    chk->whoTo = stcb->asoc.alternate;
  } else {
    chk->whoTo = stcb->asoc.primary_destination;
  }
  atomic_add_int(&chk->whoTo->ref_count, 1);
  ch = mtod(chk->data, struct sctp_chunkhdr *);
  ch->chunk_type = SCTP_STREAM_RESET;
  ch->chunk_flags = 0;
  ch->chunk_length = htons(chk->book_size);
  SCTP_BUF_LEN(chk->data) = chk->send_size;

  seq = stcb->asoc.str_reset_seq_out;
  if (can_send_out_req) {
    int ret;

    ret = sctp_add_stream_reset_out(stcb, chk, seq, (stcb->asoc.str_reset_seq_in - 1), (stcb->asoc.sending_seq - 1));
    if (ret) {
      seq++;
      asoc->stream_reset_outstanding++;
    }
  }
  if ((add_stream & 1) &&
      ((stcb->asoc.strm_realoutsize - stcb->asoc.streamoutcnt) < adding_o)) {
    /* Need to allocate more */
    struct sctp_stream_out *oldstream;
    struct sctp_stream_queue_pending *sp, *nsp;
    int i;
#if defined(SCTP_DETAILED_STR_STATS)
    int j;
#endif

    oldstream = stcb->asoc.strmout;
    /* get some more */
    SCTP_MALLOC(stcb->asoc.strmout, struct sctp_stream_out *,
          (stcb->asoc.streamoutcnt + adding_o) * sizeof(struct sctp_stream_out),
          SCTP_M_STRMO);
    if (stcb->asoc.strmout == NULL) {
      uint8_t x;
      stcb->asoc.strmout = oldstream;
      /* Turn off the bit */
      x = add_stream & 0xfe;
      add_stream = x;
      goto skip_stuff;
    }
    /* Ok now we proceed with copying the old out stuff and
     * initializing the new stuff.
     */
    stcb->asoc.ss_functions.sctp_ss_clear(stcb, &stcb->asoc, false);
    for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
      TAILQ_INIT(&stcb->asoc.strmout[i].outqueue);
      /* FIX ME FIX ME */
      /* This should be a SS_COPY operation FIX ME STREAM SCHEDULER EXPERT */
      stcb->asoc.ss_functions.sctp_ss_init_stream(stcb, &stcb->asoc.strmout[i], &oldstream[i]);
      stcb->asoc.strmout[i].chunks_on_queues = oldstream[i].chunks_on_queues;
#if defined(SCTP_DETAILED_STR_STATS)
      for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) {
        stcb->asoc.strmout[i].abandoned_sent[j] = oldstream[i].abandoned_sent[j];
        stcb->asoc.strmout[i].abandoned_unsent[j] = oldstream[i].abandoned_unsent[j];
      }
#else
      stcb->asoc.strmout[i].abandoned_sent[0] = oldstream[i].abandoned_sent[0];
      stcb->asoc.strmout[i].abandoned_unsent[0] = oldstream[i].abandoned_unsent[0];
#endif
      stcb->asoc.strmout[i].next_mid_ordered = oldstream[i].next_mid_ordered;
      stcb->asoc.strmout[i].next_mid_unordered = oldstream[i].next_mid_unordered;
      stcb->asoc.strmout[i].last_msg_incomplete = oldstream[i].last_msg_incomplete;
      stcb->asoc.strmout[i].sid = i;
      stcb->asoc.strmout[i].state = oldstream[i].state;
      /* now anything on those queues? */
      TAILQ_FOREACH_SAFE(sp, &oldstream[i].outqueue, next, nsp) {
        TAILQ_REMOVE(&oldstream[i].outqueue, sp, next);
        TAILQ_INSERT_TAIL(&stcb->asoc.strmout[i].outqueue, sp, next);
      }
    }
    /* now the new streams */
    stcb->asoc.ss_functions.sctp_ss_init(stcb, &stcb->asoc);
    for (i = stcb->asoc.streamoutcnt; i < (stcb->asoc.streamoutcnt + adding_o); i++) {
      TAILQ_INIT(&stcb->asoc.strmout[i].outqueue);
      stcb->asoc.strmout[i].chunks_on_queues = 0;
#if defined(SCTP_DETAILED_STR_STATS)
      for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) {
        stcb->asoc.strmout[i].abandoned_sent[j] = 0;
        stcb->asoc.strmout[i].abandoned_unsent[j] = 0;
      }
#else
      stcb->asoc.strmout[i].abandoned_sent[0] = 0;
      stcb->asoc.strmout[i].abandoned_unsent[0] = 0;
#endif
      stcb->asoc.strmout[i].next_mid_ordered = 0;
      stcb->asoc.strmout[i].next_mid_unordered = 0;
      stcb->asoc.strmout[i].sid = i;
      stcb->asoc.strmout[i].last_msg_incomplete = 0;
      stcb->asoc.ss_functions.sctp_ss_init_stream(stcb, &stcb->asoc.strmout[i], NULL);
      stcb->asoc.strmout[i].state = SCTP_STREAM_CLOSED;
    }
    stcb->asoc.strm_realoutsize = stcb->asoc.streamoutcnt + adding_o;
    SCTP_FREE(oldstream, SCTP_M_STRMO);
  }
skip_stuff:
  if ((add_stream & 1) && (adding_o > 0)) {
    asoc->strm_pending_add_size = adding_o;
    asoc->peer_req_out = peer_asked;
    sctp_add_an_out_stream(chk, seq, adding_o);
    seq++;
    asoc->stream_reset_outstanding++;
  }
  if ((add_stream & 2) && (adding_i > 0)) {
    sctp_add_an_in_stream(chk, seq, adding_i);
    seq++;
    asoc->stream_reset_outstanding++;
  }
  if (send_in_req) {
    sctp_add_stream_reset_in(chk, number_entries, list, seq);
    seq++;
    asoc->stream_reset_outstanding++;
  }
  if (send_tsn_req) {
    sctp_add_stream_reset_tsn(chk, seq);
    asoc->stream_reset_outstanding++;
  }
  asoc->str_reset = chk;
  /* insert the chunk for sending */
  TAILQ_INSERT_TAIL(&asoc->control_send_queue,
        chk,
        sctp_next);
  asoc->ctrl_queue_cnt++;
  if (stcb->asoc.send_sack) {
    sctp_send_sack(stcb, SCTP_SO_LOCKED);
  }
  sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, stcb->sctp_ep, stcb, chk->whoTo);
  return (0);
}

void
sctp_send_abort(struct mbuf *m, int iphlen, struct sockaddr *src, struct sockaddr *dst,
                struct sctphdr *sh, uint32_t vtag, struct mbuf *cause,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum,
#endif
                uint32_t vrf_id, uint16_t port)
{
  /* Don't respond to an ABORT with an ABORT. */
  if (sctp_is_there_an_abort_here(m, iphlen, &vtag)) {
    if (cause)
      sctp_m_freem(cause);
    return;
  }
  sctp_send_resp_msg(src, dst, sh, vtag, SCTP_ABORT_ASSOCIATION, cause,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                     mflowtype, mflowid, fibnum,
#endif
                     vrf_id, port);
  return;
}

void
sctp_send_operr_to(struct sockaddr *src, struct sockaddr *dst,
                   struct sctphdr *sh, uint32_t vtag, struct mbuf *cause,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                   uint8_t mflowtype, uint32_t mflowid, uint16_t fibnum,
#endif
                   uint32_t vrf_id, uint16_t port)
{
  sctp_send_resp_msg(src, dst, sh, vtag, SCTP_OPERATION_ERROR, cause,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                     mflowtype, mflowid, fibnum,
#endif
                     vrf_id, port);
  return;
}

static struct mbuf *
sctp_copy_resume(struct uio *uio,
     int max_send_len,
#if defined(__FreeBSD__) || defined(__Userspace__)
     int user_marks_eor,
#endif
     int *error,
     uint32_t *sndout,
     struct mbuf **new_tail)
{
#if defined(__FreeBSD__) || defined(__Userspace__)
  struct mbuf *m;

  m = m_uiotombuf(uio, M_WAITOK, max_send_len, 0,
    (M_PKTHDR | (user_marks_eor ? M_EOR : 0)));
  if (m == NULL) {
    /* The only possible error is EFAULT. */
    SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT);
    *error = EFAULT;
  } else {
    *sndout = m_length(m, NULL);
    *new_tail = m_last(m);
  }
  return (m);
#else
  int left, cancpy, willcpy;
  struct mbuf *m, *head;

#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD)
  left = (int)min(uio->uio_resid, max_send_len);
#else
  left = (int)min(uio_resid(uio), max_send_len);
#endif
#else
  left = (int)min(uio->uio_resid, max_send_len);
#endif
  /* Always get a header just in case */
  head = sctp_get_mbuf_for_msg(left, 0, M_WAITOK, 0, MT_DATA);
  if (head == NULL) {
    SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS);
    *error = ENOBUFS;
    return (NULL);
  }
  cancpy = (int)M_TRAILINGSPACE(head);
  willcpy = min(cancpy, left);
  *error = uiomove(mtod(head, caddr_t), willcpy, uio);
  if (*error != 0) {
    sctp_m_freem(head);
    return (NULL);
  }
  *sndout += willcpy;
  left -= willcpy;
  SCTP_BUF_LEN(head) = willcpy;
  m = head;
  *new_tail = head;
  while (left > 0) {
    /* move in user data */
    SCTP_BUF_NEXT(m) = sctp_get_mbuf_for_msg(left, 0, M_WAITOK, 0, MT_DATA);
    if (SCTP_BUF_NEXT(m) == NULL) {
      sctp_m_freem(head);
      *new_tail = NULL;
      SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS);
      *error = ENOBUFS;
      return (NULL);
    }
    m = SCTP_BUF_NEXT(m);
    cancpy = (int)M_TRAILINGSPACE(m);
    willcpy = min(cancpy, left);
    *error = uiomove(mtod(m, caddr_t), willcpy, uio);
    if (*error != 0) {
      sctp_m_freem(head);
      *new_tail = NULL;
      SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, *error);
      return (NULL);
    }
    SCTP_BUF_LEN(m) = willcpy;
    left -= willcpy;
    *sndout += willcpy;
    *new_tail = m;
    if (left == 0) {
      SCTP_BUF_NEXT(m) = NULL;
    }
  }
  return (head);
#endif
}

static int
sctp_copy_one(struct sctp_stream_queue_pending *sp,
              struct uio *uio,
              int resv_upfront)
{
#if defined(__FreeBSD__) || defined(__Userspace__)
  sp->data = m_uiotombuf(uio, M_WAITOK, sp->length, resv_upfront, 0);
  if (sp->data == NULL) {
    /* The only possible error is EFAULT. */
    SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EFAULT);
    return (EFAULT);
  }
  sp->tail_mbuf = m_last(sp->data);
  return (0);
#else
  int left;
  int cancpy, willcpy, error;
  struct mbuf *m, *head;
  int cpsz = 0;

  /* First one gets a header */
  left = sp->length;
  head = m = sctp_get_mbuf_for_msg((left + resv_upfront), 0, M_WAITOK, 0, MT_DATA);
  if (m == NULL) {
    SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS);
    return (ENOBUFS);
  }
  /*-
   * Add this one for m in now, that way if the alloc fails we won't
   * have a bad cnt.
   */
  SCTP_BUF_RESV_UF(m, resv_upfront);
  cancpy = (int)M_TRAILINGSPACE(m);
  willcpy = min(cancpy, left);
  while (left > 0) {
    /* move in user data */
    error = uiomove(mtod(m, caddr_t), willcpy, uio);
    if (error) {
      sctp_m_freem(head);
      return (error);
    }
    SCTP_BUF_LEN(m) = willcpy;
    left -= willcpy;
    cpsz += willcpy;
    if (left > 0) {
      SCTP_BUF_NEXT(m) = sctp_get_mbuf_for_msg(left, 0, M_WAITOK, 0, MT_DATA);
      if (SCTP_BUF_NEXT(m) == NULL) {
        /*
         * the head goes back to caller, he can free
         * the rest
         */
        sctp_m_freem(head);
        SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, ENOBUFS);
        return (ENOBUFS);
      }
      m = SCTP_BUF_NEXT(m);
      cancpy = (int)M_TRAILINGSPACE(m);
      willcpy = min(cancpy, left);
    } else {
      sp->tail_mbuf = m;
      SCTP_BUF_NEXT(m) = NULL;
    }
  }
  sp->data = head;
  sp->length = cpsz;
  return (0);
#endif
}

static struct sctp_stream_queue_pending *
sctp_copy_it_in(struct sctp_tcb *stcb,
    struct sctp_association *asoc,
    struct sctp_nonpad_sndrcvinfo *srcv,
    struct uio *uio,
    struct sctp_nets *net,
    ssize_t max_send_len,
    int user_marks_eor,
    int *error)

{
  /*-
   * This routine must be very careful in its work. Protocol
   * processing is up and running so care must be taken to spl...()
   * when you need to do something that may effect the stcb/asoc. The
   * sb is locked however. When data is copied the protocol processing
   * should be enabled since this is a slower operation...
   */
  struct sctp_stream_queue_pending *sp;
  int resv_in_first;

  *error = 0;
  sctp_alloc_a_strmoq(stcb, sp);
  if (sp == NULL) {
    SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
    *error = ENOMEM;
    goto out_now;
  }
  sp->act_flags = 0;
  sp->sender_all_done = 0;
  sp->sinfo_flags = srcv->sinfo_flags;
  sp->timetolive = srcv->sinfo_timetolive;
  sp->ppid = srcv->sinfo_ppid;
  sp->context = srcv->sinfo_context;
  sp->fsn = 0;
  (void)SCTP_GETTIME_TIMEVAL(&sp->ts);
  sp->sid = srcv->sinfo_stream;
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD)
  sp->length = (uint32_t)min(uio->uio_resid, max_send_len);
#else
  sp->length = (uint32_t)min(uio_resid(uio), max_send_len);
#endif
#else
  sp->length = (uint32_t)min(uio->uio_resid, max_send_len);
#endif
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD)
  if ((sp->length == (uint32_t)uio->uio_resid) &&
#else
  if ((sp->length == (uint32_t)uio_resid(uio)) &&
#endif
#else
  if ((sp->length == (uint32_t)uio->uio_resid) &&
#endif
      ((user_marks_eor == 0) ||
       (srcv->sinfo_flags & SCTP_EOF) ||
       (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) {
    sp->msg_is_complete = 1;
  } else {
    sp->msg_is_complete = 0;
  }
  sp->sender_all_done = 0;
  sp->some_taken = 0;
  sp->put_last_out = 0;
  resv_in_first = SCTP_DATA_CHUNK_OVERHEAD(stcb);
  sp->data = sp->tail_mbuf = NULL;
  if (sp->length == 0) {
    goto skip_copy;
  }
  if (srcv->sinfo_keynumber_valid) {
    sp->auth_keyid = srcv->sinfo_keynumber;
  } else {
    sp->auth_keyid = stcb->asoc.authinfo.active_keyid;
  }
  if (sctp_auth_is_required_chunk(SCTP_DATA, stcb->asoc.peer_auth_chunks)) {
    sctp_auth_key_acquire(stcb, sp->auth_keyid);
    sp->holds_key_ref = 1;
  }
#if defined(__APPLE__) && !defined(__Userspace__)
  SCTP_SOCKET_UNLOCK(SCTP_INP_SO(stcb->sctp_ep), 0);
#endif
  *error = sctp_copy_one(sp, uio, resv_in_first);
#if defined(__APPLE__) && !defined(__Userspace__)
  SCTP_SOCKET_LOCK(SCTP_INP_SO(stcb->sctp_ep), 0);
#endif
 skip_copy:
  if (*error) {
#if defined(__Userspace__)
    SCTP_TCB_LOCK(stcb);
#endif
    sctp_free_a_strmoq(stcb, sp, SCTP_SO_LOCKED);
#if defined(__Userspace__)
    SCTP_TCB_UNLOCK(stcb);
#endif
    sp = NULL;
  } else {
    if (sp->sinfo_flags & SCTP_ADDR_OVER) {
      sp->net = net;
      atomic_add_int(&sp->net->ref_count, 1);
    } else {
      sp->net = NULL;
    }
    sctp_set_prsctp_policy(sp);
  }
out_now:
  return (sp);
}

int
sctp_sosend(struct socket *so,
            struct sockaddr *addr,
            struct uio *uio,
            struct mbuf *top,
            struct mbuf *control,
#if defined(__APPLE__) && !defined(__Userspace__)
            int flags)
#else
            int flags,
#if defined(__FreeBSD__) && !defined(__Userspace__)
            struct thread *p)
#elif defined(_WIN32) && !defined(__Userspace__)
            PKTHREAD p)
#else
#if defined(__Userspace__)
            /*
       * proc is a dummy in __Userspace__ and will not be passed
       * to sctp_lower_sosend
       */
#endif
            struct proc *p)
#endif
#endif
{
  struct sctp_sndrcvinfo sndrcvninfo;
#if defined(INET) && defined(INET6)
  struct sockaddr_in sin;
#endif
  struct sockaddr *addr_to_use;
#if defined(__APPLE__) && !defined(__Userspace__)
  struct proc *p = current_proc();
#endif
  int error;
  bool use_sndinfo;

  if (control != NULL) {
    /* process cmsg snd/rcv info (maybe a assoc-id) */
    use_sndinfo = sctp_find_cmsg(SCTP_SNDRCV, (void *)&sndrcvninfo, control, sizeof(sndrcvninfo));
  } else {
    use_sndinfo = false;
  }
#if defined(INET) && defined(INET6)
  if ((addr != NULL) && (addr->sa_family == AF_INET6)) {
    struct sockaddr_in6 *sin6;

#ifdef HAVE_SA_LEN
    if (addr->sa_len != sizeof(struct sockaddr_in6)) {
      SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
      return (EINVAL);
    }
#endif
    sin6 = (struct sockaddr_in6 *)addr;
    if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
      in6_sin6_2_sin(&sin, sin6);
      addr_to_use = (struct sockaddr *)&sin;
    } else {
      addr_to_use = addr;
    }
  } else {
    addr_to_use = addr;
  }
#else
  addr_to_use = addr;
#endif
#if defined(__APPLE__) && !defined(__Userspace__)
  SCTP_SOCKET_LOCK(so, 1);
#endif
  error = sctp_lower_sosend(so, addr_to_use, uio, top, control, flags,
#if defined(__Userspace__)
                            use_sndinfo ? &sndrcvninfo : NULL);
#else
                            use_sndinfo ? &sndrcvninfo : NULL, p);
#endif
#if defined(__APPLE__) && !defined(__Userspace__)
  SCTP_SOCKET_UNLOCK(so, 1);
#endif
  return (error);
}

int
sctp_lower_sosend(struct socket *so,
                  struct sockaddr *addr,
                  struct uio *uio,
                  struct mbuf *top,
                  struct mbuf *control,
                  int flags,
#if defined(__Userspace__)
                  struct sctp_sndrcvinfo *srcv)
#else
                  struct sctp_sndrcvinfo *srcv,
#if defined(__FreeBSD__)
                  struct thread *p)
#elif defined(_WIN32)
                  PKTHREAD p)
#else
                  struct proc *p)
#endif
#endif
{
  struct sctp_nonpad_sndrcvinfo sndrcvninfo_buf;
#if defined(__FreeBSD__) && !defined(__Userspace__)
  struct epoch_tracker et;
#endif
  struct timeval now;
  struct sctp_block_entry be;
  struct sctp_inpcb *inp;
  struct sctp_tcb *stcb = NULL;
  struct sctp_nets *net;
  struct sctp_association *asoc;
  struct sctp_inpcb *t_inp;
  struct sctp_nonpad_sndrcvinfo *sndrcvninfo;
  ssize_t sndlen = 0, max_len, local_add_more;
  ssize_t local_soresv = 0;
  sctp_assoc_t sinfo_assoc_id;
  int user_marks_eor;
  int nagle_applies = 0;
  int error;
  int queue_only = 0, queue_only_for_init = 0;
  int un_sent;
  int now_filled = 0;
  unsigned int inqueue_bytes = 0;
  uint16_t port;
  uint16_t sinfo_flags;
  uint16_t sinfo_stream;
  bool create_lock_applied = false;
  bool free_cnt_applied = false;
  bool some_on_control;
  bool got_all_of_the_send = false;
  bool non_blocking = false;

  error = 0;
  net = NULL;
  stcb = NULL;

#if defined(__APPLE__) && !defined(__Userspace__)
  sctp_lock_assert(so);
#endif
  if ((uio == NULL) && (top == NULL)) {
    error = EINVAL;
    goto out_unlocked;
  }
  if (addr != NULL) {
    union sctp_sockstore *raddr = (union sctp_sockstore *)addr;

    switch (raddr->sa.sa_family) {
#ifdef INET
    case AF_INET:
#ifdef HAVE_SIN_LEN
      if (raddr->sin.sin_len != sizeof(struct sockaddr_in)) {
        error = EINVAL;
        goto out_unlocked;
      }
#endif
      port = raddr->sin.sin_port;
      break;
#endif
#ifdef INET6
    case AF_INET6:
#ifdef HAVE_SIN6_LEN
      if (raddr->sin6.sin6_len != sizeof(struct sockaddr_in6)) {
        error = EINVAL;
        goto out_unlocked;
      }
#endif
      port = raddr->sin6.sin6_port;
      break;
#endif
#if defined(__Userspace__)
    case AF_CONN:
#ifdef HAVE_SCONN_LEN
      if (raddr->sconn.sconn_len != sizeof(struct sockaddr_conn)) {
        error = EINVAL;
        goto out_unlocked;
      }
#endif
      port = raddr->sconn.sconn_port;
      break;
#endif
    default:
      error = EAFNOSUPPORT;
      goto out_unlocked;
    }
  } else {
    port = 0;
  }
  if (uio != NULL) {
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD)
    if (uio->uio_resid < 0) {
#else
    if (uio_resid(uio) < 0) {
#endif
#else
    if (uio->uio_resid < 0) {
#endif
      error = EINVAL;
      goto out_unlocked;
    }
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD)
    sndlen = uio->uio_resid;
#else
    sndlen = uio_resid(uio);
#endif
#else
    sndlen = uio->uio_resid;
#endif
  } else {
    sndlen = SCTP_HEADER_LEN(top);
  }
  SCTPDBG(SCTP_DEBUG_OUTPUT1, "Send called addr:%p send length %zd\n",
          (void *)addr, sndlen);

  t_inp = inp = (struct sctp_inpcb *)so->so_pcb;
  if (inp == NULL) {
    error = EINVAL;
    goto out_unlocked;
  }
  user_marks_eor = sctp_is_feature_on(inp, SCTP_PCB_FLAGS_EXPLICIT_EOR);
  if ((uio == NULL) && (user_marks_eor != 0)) {
    /*-
     * We do not support eeor mode for
     * sending with mbuf chains (like sendfile).
     */
    error = EINVAL;
    goto out_unlocked;
  }
  if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
      SCTP_IS_LISTENING(inp)) {
    /* The listener can NOT send. */
    error = EINVAL;
    goto out_unlocked;
  }
  atomic_add_int(&inp->total_sends, 1);

  if (srcv != NULL) {
    sndrcvninfo = (struct sctp_nonpad_sndrcvinfo *)srcv;
    sinfo_assoc_id = sndrcvninfo->sinfo_assoc_id;
    sinfo_flags = sndrcvninfo->sinfo_flags;
    if (INVALID_SINFO_FLAG(sinfo_flags) ||
        PR_SCTP_INVALID_POLICY(sinfo_flags)) {
      error = EINVAL;
      goto out_unlocked;
    }
    if (sinfo_flags != 0) {
      SCTP_STAT_INCR(sctps_sends_with_flags);
    }
  } else {
    sndrcvninfo = NULL;
    sinfo_flags = inp->def_send.sinfo_flags;
    sinfo_assoc_id = inp->def_send.sinfo_assoc_id;
  }
#if defined(__FreeBSD__) && !defined(__Userspace__)
  if (flags & MSG_EOR) {
    sinfo_flags |= SCTP_EOR;
  }
  if (flags & MSG_EOF) {
    sinfo_flags |= SCTP_EOF;
  }
#endif
  if ((sinfo_flags & SCTP_ADDR_OVER) && (addr == NULL)) {
    error = EINVAL;
    goto out_unlocked;
  }
  SCTP_INP_RLOCK(inp);
  if ((sinfo_flags & SCTP_SENDALL) &&
      (inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE)) {
    SCTP_INP_RUNLOCK(inp);
    error = sctp_sendall(inp, uio, top, sndrcvninfo);
    top = NULL;
    goto out_unlocked;
  }
  /* Now we must find the association. */
  if ((inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) ||
      (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
    stcb = LIST_FIRST(&inp->sctp_asoc_list);
    if (stcb != NULL) {
      SCTP_TCB_LOCK(stcb);
    }
    SCTP_INP_RUNLOCK(inp);
  } else if (sinfo_assoc_id > SCTP_ALL_ASSOC) {
    stcb = sctp_findasoc_ep_asocid_locked(inp, sinfo_assoc_id, 1);
    SCTP_INP_RUNLOCK(inp);
    if (stcb != NULL) {
      SCTP_TCB_LOCK_ASSERT(stcb);
    }
  } else if (addr != NULL) {
    /*-
     * Since we did not use findep we must
     * increment it, and if we don't find a tcb
     * decrement it.
     */
    SCTP_INP_INCR_REF(inp);
    SCTP_INP_RUNLOCK(inp);
    stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL);
    if (stcb == NULL) {
      SCTP_INP_WLOCK(inp);
      SCTP_INP_DECR_REF(inp);
      SCTP_INP_WUNLOCK(inp);
    } else {
      SCTP_TCB_LOCK_ASSERT(stcb);
    }
  } else {
    SCTP_INP_RUNLOCK(inp);
  }

#ifdef INVARIANTS
  if (stcb != NULL) {
    SCTP_TCB_LOCK_ASSERT(stcb);
  }
#endif

  if ((stcb == NULL) && (addr != NULL)) {
    /* Possible implicit send? */
    SCTP_ASOC_CREATE_LOCK(inp);
    create_lock_applied = true;
    if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
        (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
      error = EINVAL;
      goto out_unlocked;
    }
    if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) &&
        (addr->sa_family == AF_INET6)) {
      error = EINVAL;
      goto out_unlocked;
    }
    SCTP_INP_WLOCK(inp);
    SCTP_INP_INCR_REF(inp);
    SCTP_INP_WUNLOCK(inp);
    /* With the lock applied look again */
    stcb = sctp_findassociation_ep_addr(&t_inp, addr, &net, NULL, NULL);
#if defined(INET) || defined(INET6)
    if ((stcb == NULL) && (control != NULL) && (port > 0)) {
      stcb = sctp_findassociation_cmsgs(&t_inp, port, control, &net, &error);
    }
#endif
    if (stcb == NULL) {
      SCTP_INP_WLOCK(inp);
      SCTP_INP_DECR_REF(inp);
      SCTP_INP_WUNLOCK(inp);
    } else {
      SCTP_TCB_LOCK_ASSERT(stcb);
      SCTP_ASOC_CREATE_UNLOCK(inp);
      create_lock_applied = false;
    }
    if (error != 0) {
      goto out_unlocked;
    }
    if (t_inp != inp) {
      error = ENOTCONN;
      goto out_unlocked;
    }
  }
  if (stcb == NULL) {
    if (addr == NULL) {
      error = ENOENT;
      goto out_unlocked;
    } else {
      /* We must go ahead and start the INIT process */
      uint32_t vrf_id;

      if ((sinfo_flags & SCTP_ABORT) ||
          ((sinfo_flags & SCTP_EOF) && (sndlen == 0))) {
        /*-
         * User asks to abort a non-existent assoc,
         * or EOF a non-existent assoc with no data
         */
        error = ENOENT;
        goto out_unlocked;
      }
      /* get an asoc/stcb struct */
      vrf_id = inp->def_vrf_id;
      KASSERT(create_lock_applied, ("create_lock_applied is false"));
      stcb = sctp_aloc_assoc_connected(inp, addr, &error, 0, 0, vrf_id,
                                       inp->sctp_ep.pre_open_stream_count,
                                       inp->sctp_ep.port,
#if !defined(__Userspace__)
                                       p,
#else
                                       (struct proc *)NULL,
#endif
                                       SCTP_INITIALIZE_AUTH_PARAMS);
      if (stcb == NULL) {
        /* error is setup for us in the call. */
        KASSERT(error != 0, ("error is 0 although stcb is NULL"));
        goto out_unlocked;
      }
      SCTP_TCB_LOCK_ASSERT(stcb);
      SCTP_ASOC_CREATE_UNLOCK(inp);
      create_lock_applied = false;
      /* Turn on queue only flag to prevent data from being sent */
      queue_only = 1;
      SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_WAIT);
      (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered);
      if (control != NULL) {
        if (sctp_process_cmsgs_for_init(stcb, control, &error)) {
          sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC,
                          SCTP_FROM_SCTP_OUTPUT + SCTP_LOC_6);
          stcb = NULL;
          KASSERT(error != 0,
              ("error is 0 although sctp_process_cmsgs_for_init() indicated an error"));
          goto out_unlocked;
        }
      }
      /* out with the INIT */
      queue_only_for_init = 1;
      /*-
       * we may want to dig in after this call and adjust the MTU
       * value. It defaulted to 1500 (constant) but the ro
       * structure may now have an update and thus we may need to
       * change it BEFORE we append the message.
       */
    }
  }

  KASSERT(!create_lock_applied, ("create_lock_applied is true"));
  KASSERT(stcb != NULL, ("stcb is NULL"));
  SCTP_TCB_LOCK_ASSERT(stcb);

  asoc = &stcb->asoc;
  if ((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) ||
      (asoc->state & SCTP_STATE_WAS_ABORTED)) {
    if (asoc->state & SCTP_STATE_WAS_ABORTED) {
      /* XXX: Could also be ECONNABORTED, not enough info. */
      error = ECONNRESET;
    } else {
      error = ENOTCONN;
    }
    goto out_unlocked;
  }
  if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) ||
      (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) {
    queue_only = 1;
  }
  /* Keep the stcb from being freed under our feet. */
  atomic_add_int(&asoc->refcnt, 1);
  free_cnt_applied = true;
  if (sndrcvninfo == NULL) {
    /* Use a local copy to have a consistent view. */
    sndrcvninfo_buf = asoc->def_send;
    sndrcvninfo = &sndrcvninfo_buf;
    sinfo_flags = sndrcvninfo->sinfo_flags;
#if defined(__FreeBSD__) && !defined(__Userspace__)
    if (flags & MSG_EOR) {
      sinfo_flags |= SCTP_EOR;
    }
    if (flags & MSG_EOF) {
      sinfo_flags |= SCTP_EOF;
    }
#endif
  }
  /* Are we aborting? */
  if (sinfo_flags & SCTP_ABORT) {
    struct mbuf *mm;
    struct sctp_paramhdr *ph;
    ssize_t tot_demand, tot_out = 0, max_out;

    SCTP_STAT_INCR(sctps_sends_with_abort);
    if ((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) ||
        (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) {
      /* It has to be up before we abort. */
      error = EINVAL;
      goto out_unlocked;
    }
    /* How big is the user initiated abort? */
    if (top != NULL) {
      struct mbuf *cntm;

      if (sndlen != 0) {
        for (cntm = top; cntm; cntm = SCTP_BUF_NEXT(cntm)) {
          tot_out += SCTP_BUF_LEN(cntm);
        }
      }
      mm = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), 0, M_NOWAIT, 1, MT_DATA);
    } else {
      /* Must fit in a MTU */
      tot_out = sndlen;
      tot_demand = (tot_out + sizeof(struct sctp_paramhdr));
      if (tot_demand > SCTP_DEFAULT_ADD_MORE) {
        error = EMSGSIZE;
        goto out_unlocked;
      }
      mm = sctp_get_mbuf_for_msg((unsigned int)tot_demand, 0, M_NOWAIT, 1, MT_DATA);
    }
    if (mm == NULL) {
      error = ENOMEM;
      goto out_unlocked;
    }
    max_out = asoc->smallest_mtu - sizeof(struct sctp_paramhdr);
    max_out -= sizeof(struct sctp_abort_msg);
    if (tot_out > max_out) {
      tot_out = max_out;
    }
    ph = mtod(mm, struct sctp_paramhdr *);
    ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
    ph->param_length = htons((uint16_t)(sizeof(struct sctp_paramhdr) + tot_out));
    ph++;
    SCTP_BUF_LEN(mm) = (int)(tot_out + sizeof(struct sctp_paramhdr));
    if (top == NULL) {
      SCTP_TCB_UNLOCK(stcb);
#if defined(__APPLE__) && !defined(__Userspace__)
      SCTP_SOCKET_UNLOCK(so, 0);
#endif
      error = uiomove((caddr_t)ph, (int)tot_out, uio);
#if defined(__APPLE__) && !defined(__Userspace__)
      SCTP_SOCKET_LOCK(so, 0);
#endif
      SCTP_TCB_LOCK(stcb);
      if ((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) ||
          (asoc->state & SCTP_STATE_WAS_ABORTED)) {
        sctp_m_freem(mm);
        if (asoc->state & SCTP_STATE_WAS_ABORTED) {
          /* XXX: Could also be ECONNABORTED, not enough info. */
          error = ECONNRESET;
        } else {
          error = ENOTCONN;
        }
        goto out_unlocked;
      }
      if (error != 0) {
        /*-
         * Here if we can't get his data we
         * still abort we just don't get to
         * send the users note :-0
         */
        sctp_m_freem(mm);
        mm = NULL;
        error = 0;
      }
    } else {
      if (sndlen != 0) {
        SCTP_BUF_NEXT(mm) = top;
      }
    }
    atomic_subtract_int(&asoc->refcnt, 1);
    free_cnt_applied = false;
    /* release this lock, otherwise we hang on ourselves */
#if defined(__FreeBSD__) && !defined(__Userspace__)
    NET_EPOCH_ENTER(et);
#endif
    sctp_abort_an_association(stcb->sctp_ep, stcb, mm, false, SCTP_SO_LOCKED);
#if defined(__FreeBSD__) && !defined(__Userspace__)
    NET_EPOCH_EXIT(et);
#endif
    stcb = NULL;
    /* In this case top is already chained to mm
     * avoid double free, since we free it below if
     * top != NULL and driver would free it after sending
     * the packet out
     */
    if (sndlen != 0) {
      top = NULL;
    }
    goto out_unlocked;
  }

  KASSERT(stcb != NULL, ("stcb is NULL"));
  SCTP_TCB_LOCK_ASSERT(stcb);
  KASSERT((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0,
          ("Association about to be freed"));
  KASSERT((asoc->state & SCTP_STATE_WAS_ABORTED) == 0,
          ("Association was aborted"));

  if (sinfo_flags & SCTP_ADDR_OVER) {
    if (addr != NULL) {
      net = sctp_findnet(stcb, addr);
    } else {
      net = NULL;
    }
    if ((net == NULL) ||
        ((port != 0) && (port != stcb->rport))) {
      error = EINVAL;
      goto out_unlocked;
    }
  } else {
    if (asoc->alternate != NULL) {
      net = asoc->alternate;
    } else {
      net = asoc->primary_destination;
    }
  }
  if (sndlen == 0) {
    if (sinfo_flags & SCTP_EOF) {
      got_all_of_the_send = true;
      goto dataless_eof;
    } else {
      error = EINVAL;
      goto out_unlocked;
    }
  }
  if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NO_FRAGMENT)) {
    if (sndlen > (ssize_t)asoc->smallest_mtu) {
      error = EMSGSIZE;
      goto out_unlocked;
    }
  }
  sinfo_stream = sndrcvninfo->sinfo_stream;
  /* Is the stream no. valid? */
  if (sinfo_stream >= asoc->streamoutcnt) {
    /* Invalid stream number */
    error = EINVAL;
    goto out_unlocked;
  }
  if ((asoc->strmout[sinfo_stream].state != SCTP_STREAM_OPEN) &&
      (asoc->strmout[sinfo_stream].state != SCTP_STREAM_OPENING)) {
    /*
     * Can't queue any data while stream reset is underway.
     */
    if (asoc->strmout[sinfo_stream].state > SCTP_STREAM_OPEN) {
      error = EAGAIN;
    } else {
      error = EINVAL;
    }
    goto out_unlocked;
  }
  atomic_add_int(&stcb->total_sends, 1);
#if defined(__Userspace__)
  if (inp->recv_callback != NULL) {
    non_blocking = true;
  }
#endif
#if defined(__FreeBSD__) && !defined(__Userspace__)
  if (SCTP_SO_IS_NBIO(so) || (flags & (MSG_NBIO | MSG_DONTWAIT)) != 0) {
#else
  if (SCTP_SO_IS_NBIO(so)) {
#endif
    non_blocking = true;
  }
  if (non_blocking) {
    ssize_t amount;

    inqueue_bytes = asoc->total_output_queue_size - (asoc->chunks_on_out_queue * SCTP_DATA_CHUNK_OVERHEAD(stcb));
    if (user_marks_eor == 0) {
      amount = sndlen;
    } else {
      amount = 1;
    }
    if ((SCTP_SB_LIMIT_SND(so) < (amount + inqueue_bytes + asoc->sb_send_resv)) ||
        (asoc->chunks_on_out_queue >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) {
      if ((sndlen > (ssize_t)SCTP_SB_LIMIT_SND(so)) &&
          (user_marks_eor == 0)) {
        error = EMSGSIZE;
      } else {
        error = EWOULDBLOCK;
      }
      goto out_unlocked;
    }
  }
  atomic_add_int(&asoc->sb_send_resv, (int)sndlen);
  local_soresv = sndlen;

  KASSERT(stcb != NULL, ("stcb is NULL"));
  SCTP_TCB_LOCK_ASSERT(stcb);
  KASSERT((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0,
          ("Association about to be freed"));
  KASSERT((asoc->state & SCTP_STATE_WAS_ABORTED) == 0,
          ("Association was aborted"));

  /* Ok, we will attempt a msgsnd :> */
#if !(defined(_WIN32) || defined(__Userspace__))
  if (p != NULL) {
#if defined(__FreeBSD__)
    p->td_ru.ru_msgsnd++;
#else
    p->p_stats->p_ru.ru_msgsnd++;
#endif
  }
#endif
  /* Calculate the maximum we can send */
  inqueue_bytes = asoc->total_output_queue_size - (asoc->chunks_on_out_queue * SCTP_DATA_CHUNK_OVERHEAD(stcb));
  if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) {
    max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes;
  } else {
    max_len = 0;
  }
  /* Unless E_EOR mode is on, we must make a send FIT in one call. */
  if ((user_marks_eor == 0) &&
      (sndlen > (ssize_t)SCTP_SB_LIMIT_SND(stcb->sctp_socket))) {
    /* It will NEVER fit. */
    error = EMSGSIZE;
    goto out_unlocked;
  }
  if (user_marks_eor != 0) {
    local_add_more = (ssize_t)min(SCTP_SB_LIMIT_SND(so), SCTP_BASE_SYSCTL(sctp_add_more_threshold));
  } else {
    /*-
     * For non-eeor the whole message must fit in
     * the socket send buffer.
     */
    local_add_more = sndlen;
  }
  if (non_blocking) {
    goto skip_preblock;
  }
  if (((max_len <= local_add_more) && ((ssize_t)SCTP_SB_LIMIT_SND(so) >= local_add_more)) ||
      (max_len == 0) ||
      ((asoc->chunks_on_out_queue + asoc->stream_queue_cnt) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) {
    /* No room right now! */
    inqueue_bytes = asoc->total_output_queue_size - (asoc->chunks_on_out_queue * SCTP_DATA_CHUNK_OVERHEAD(stcb));
    SOCKBUF_LOCK(&so->so_snd);
    while ((SCTP_SB_LIMIT_SND(so) < (inqueue_bytes + local_add_more)) ||
           ((asoc->stream_queue_cnt + asoc->chunks_on_out_queue) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) {
      SCTPDBG(SCTP_DEBUG_OUTPUT1,"pre_block limit:%u <(inq:%d + %zd) || (%d+%d > %d)\n",
              (unsigned int)SCTP_SB_LIMIT_SND(so),
              inqueue_bytes,
              local_add_more,
              asoc->stream_queue_cnt,
              asoc->chunks_on_out_queue,
              SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue));
      if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
        sctp_log_block(SCTP_BLOCK_LOG_INTO_BLKA, asoc, sndlen);
      }
      be.error = 0;
#if !(defined(_WIN32) && !defined(__Userspace__))
      stcb->block_entry = &be;
#endif
      SCTP_TCB_UNLOCK(stcb);
#if defined(__FreeBSD__) && !defined(__Userspace__)
      error = sbwait(so, SO_SND);
#else
      error = sbwait(&so->so_snd);
#endif
      if (error == 0) {
        if (so->so_error != 0) {
          error = so->so_error;
        }
        if (be.error != 0) {
          error = be.error;
        }
      }
      SOCKBUF_UNLOCK(&so->so_snd);
      SCTP_TCB_LOCK(stcb);
      stcb->block_entry = NULL;
      if (error != 0) {
        goto out_unlocked;
      }
      if ((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) ||
          (asoc->state & SCTP_STATE_WAS_ABORTED)) {
        if (asoc->state & SCTP_STATE_WAS_ABORTED) {
          /* XXX: Could also be ECONNABORTED, not enough info. */
          error = ECONNRESET;
        } else {
          error = ENOTCONN;
        }
        goto out_unlocked;
      }
      if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
        sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK,
                       asoc, asoc->total_output_queue_size);
      }
      inqueue_bytes = asoc->total_output_queue_size - (asoc->chunks_on_out_queue * SCTP_DATA_CHUNK_OVERHEAD(stcb));
      SOCKBUF_LOCK(&so->so_snd);
    }
    if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) {
      max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes;
    } else {
      max_len = 0;
    }
    SOCKBUF_UNLOCK(&so->so_snd);
  }

skip_preblock:
  KASSERT(stcb != NULL, ("stcb is NULL"));
  SCTP_TCB_LOCK_ASSERT(stcb);
  KASSERT((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0,
          ("Association about to be freed"));
  KASSERT((asoc->state & SCTP_STATE_WAS_ABORTED) == 0,
          ("Association was aborted"));

#if defined(__APPLE__) && !defined(__Userspace__)
  error = sblock(&so->so_snd, SBLOCKWAIT(flags));
  if (error != 0) {
    goto out_unlocked;
  }
#endif
  /* sndlen covers for mbuf case
   * uio_resid covers for the non-mbuf case
   * NOTE: uio will be null when top/mbuf is passed
   */
  if (top == NULL) {
    struct sctp_stream_queue_pending *sp;
    struct sctp_stream_out *strm;
    uint32_t sndout;

    if ((asoc->stream_locked) &&
        (asoc->stream_locked_on != sinfo_stream)) {
      error = EINVAL;
      goto out;
    }
    strm = &asoc->strmout[sinfo_stream];
    if (strm->last_msg_incomplete == 0) {
    do_a_copy_in:
      SCTP_TCB_UNLOCK(stcb);
      sp = sctp_copy_it_in(stcb, asoc, sndrcvninfo, uio, net, max_len, user_marks_eor, &error);
      SCTP_TCB_LOCK(stcb);
      if ((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) ||
          (asoc->state & SCTP_STATE_WAS_ABORTED)) {
        if (asoc->state & SCTP_STATE_WAS_ABORTED) {
          /* XXX: Could also be ECONNABORTED, not enough info. */
          error = ECONNRESET;
        } else {
          error = ENOTCONN;
        }
        goto out;
      }
      if (error != 0) {
        goto out;
      }
      /*
       * Reject the sending of a new user message, if the
       * association is about to be shut down.
       */
      if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_SENT) ||
          (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED) ||
          (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
          (asoc->state & SCTP_STATE_SHUTDOWN_PENDING)) {
        if (sp->data != 0) {
          sctp_m_freem(sp->data);
          sp->data = NULL;
          sp->tail_mbuf = NULL;
          sp->length = 0;
        }
        if (sp->net != NULL) {
          sctp_free_remote_addr(sp->net);
          sp->net = NULL;
        }
        sctp_free_a_strmoq(stcb, sp, SCTP_SO_LOCKED);
        error = EPIPE;
        goto out_unlocked;
      }
      /* The out streams might be reallocated. */
      strm = &asoc->strmout[sinfo_stream];
      if (sp->msg_is_complete) {
        strm->last_msg_incomplete = 0;
        asoc->stream_locked = 0;
      } else {
        /* Just got locked to this guy in
         * case of an interrupt.
         */
        strm->last_msg_incomplete = 1;
        if (asoc->idata_supported == 0) {
          asoc->stream_locked = 1;
          asoc->stream_locked_on = sinfo_stream;
        }
        sp->sender_all_done = 0;
      }
      sctp_snd_sb_alloc(stcb, sp->length);
      atomic_add_int(&asoc->stream_queue_cnt, 1);
      if (sinfo_flags & SCTP_UNORDERED) {
        SCTP_STAT_INCR(sctps_sends_with_unord);
      }
      sp->processing = 1;
      TAILQ_INSERT_TAIL(&strm->outqueue, sp, next);
      asoc->ss_functions.sctp_ss_add_to_stream(stcb, asoc, strm, sp);
    } else {
      sp = TAILQ_LAST(&strm->outqueue, sctp_streamhead);
      if (sp == NULL) {
        /* ???? Huh ??? last msg is gone */
#ifdef INVARIANTS
        panic("Warning: Last msg marked incomplete, yet nothing left?");
#else
        SCTP_PRINTF("Warning: Last msg marked incomplete, yet nothing left?\n");
        strm->last_msg_incomplete = 0;
#endif
        goto do_a_copy_in;
      }
      if (sp->processing != 0) {
        error = EINVAL;
        goto out;
      } else {
        sp->processing = 1;
      }
    }

    KASSERT(stcb != NULL, ("stcb is NULL"));
    SCTP_TCB_LOCK_ASSERT(stcb);
    KASSERT((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0,
            ("Association about to be freed"));
    KASSERT((asoc->state & SCTP_STATE_WAS_ABORTED) == 0,
            ("Association was aborted"));

#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD)
    while (uio->uio_resid > 0) {
#else
    while (uio_resid(uio) > 0) {
#endif
#else
    while (uio->uio_resid > 0) {
#endif
      /* How much room do we have? */
      struct mbuf *new_tail, *mm;

      inqueue_bytes = asoc->total_output_queue_size - (asoc->chunks_on_out_queue * SCTP_DATA_CHUNK_OVERHEAD(stcb));
      if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes) {
        max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes;
      } else {
        max_len = 0;
      }
      if ((max_len > (ssize_t)SCTP_BASE_SYSCTL(sctp_add_more_threshold)) ||
          ((max_len > 0 ) && (SCTP_SB_LIMIT_SND(so) < SCTP_BASE_SYSCTL(sctp_add_more_threshold))) ||
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD)
          (uio->uio_resid <= max_len)) {
#else
          (uio_resid(uio) <= max_len)) {
#endif
#else
          (uio->uio_resid <= max_len)) {
#endif
        SCTP_TCB_UNLOCK(stcb);
#if defined(__APPLE__) && !defined(__Userspace__)
        SCTP_SOCKET_UNLOCK(so, 0);
#endif
        sndout = 0;
        new_tail = NULL;
#if defined(__FreeBSD__) || defined(__Userspace__)
        mm = sctp_copy_resume(uio, (int)max_len, user_marks_eor, &error, &sndout, &new_tail);
#else
        mm = sctp_copy_resume(uio, (int)max_len, &error, &sndout, &new_tail);
#endif
#if defined(__APPLE__) && !defined(__Userspace__)
        SCTP_SOCKET_LOCK(so, 0);
#endif
        SCTP_TCB_LOCK(stcb);
        if ((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) ||
            (asoc->state & SCTP_STATE_WAS_ABORTED)) {
          /* We need to get out.
           * Peer probably aborted.
           */
          sctp_m_freem(mm);
          if (asoc->state & SCTP_STATE_WAS_ABORTED) {
            /* XXX: Could also be ECONNABORTED, not enough info. */
            error = ECONNRESET;
          } else {
            error = ENOTCONN;
          }
          goto out;
        }
        if ((mm == NULL) || (error != 0)) {
          if (mm != NULL) {
            sctp_m_freem(mm);
          }
          if (sp != NULL) {
            sp->processing = 0;
          }
          goto out;
        }
        /* Update the mbuf and count */
        if (sp->tail_mbuf != NULL) {
          /* Tack it to the end. */
          SCTP_BUF_NEXT(sp->tail_mbuf) = mm;
        } else {
          /* A stolen mbuf. */
          sp->data = mm;
        }
        sp->tail_mbuf = new_tail;
        sctp_snd_sb_alloc(stcb, sndout);
        atomic_add_int(&sp->length, sndout);
        if (sinfo_flags & SCTP_SACK_IMMEDIATELY) {
          sp->sinfo_flags |= SCTP_SACK_IMMEDIATELY;
        }

        /* Did we reach EOR? */
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD)
        if ((uio->uio_resid == 0) &&
#else
        if ((uio_resid(uio) == 0) &&
#endif
#else
        if ((uio->uio_resid == 0) &&
#endif
            ((user_marks_eor == 0) ||
             (sinfo_flags & SCTP_EOF) ||
             (user_marks_eor && (sinfo_flags & SCTP_EOR)))) {
          sp->msg_is_complete = 1;
        } else {
          sp->msg_is_complete = 0;
        }
      }

      KASSERT(stcb != NULL, ("stcb is NULL"));
      SCTP_TCB_LOCK_ASSERT(stcb);
      KASSERT((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0,
              ("Association about to be freed"));
      KASSERT((asoc->state & SCTP_STATE_WAS_ABORTED) == 0,
              ("Association was aborted"));

#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD)
      if (uio->uio_resid == 0) {
#else
      if (uio_resid(uio) == 0) {
#endif
#else
      if (uio->uio_resid == 0) {
#endif
        /* got it all? */
        continue;
      }
      /* PR-SCTP? */
      if ((asoc->prsctp_supported) && (asoc->sent_queue_cnt_removeable > 0)) {
        /* This is ugly but we must assure locking order */
        sctp_prune_prsctp(stcb, asoc, sndrcvninfo, (int)sndlen);
        inqueue_bytes = asoc->total_output_queue_size - (asoc->chunks_on_out_queue * SCTP_DATA_CHUNK_OVERHEAD(stcb));
        if (SCTP_SB_LIMIT_SND(so) > inqueue_bytes)
          max_len = SCTP_SB_LIMIT_SND(so) - inqueue_bytes;
        else
          max_len = 0;
        if (max_len > 0) {
          continue;
        }
      }
      /* wait for space now */
      if (non_blocking) {
        /* Non-blocking io in place out */
        if (sp != NULL) {
          sp->processing = 0;
        }
        goto skip_out_eof;
      }
      /* What about the INIT, send it maybe */
      if (queue_only_for_init) {
        if (SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) {
          /* a collision took us forward? */
          queue_only = 0;
        } else {
#if defined(__FreeBSD__) && !defined(__Userspace__)
          NET_EPOCH_ENTER(et);
#endif
          sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED);
#if defined(__FreeBSD__) && !defined(__Userspace__)
          NET_EPOCH_EXIT(et);
#endif
          SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_WAIT);
          queue_only = 1;
        }
      }
      if ((net->flight_size > net->cwnd) &&
          (asoc->sctp_cmt_on_off == 0)) {
        SCTP_STAT_INCR(sctps_send_cwnd_avoid);
        queue_only = 1;
      } else if (asoc->ifp_had_enobuf) {
        SCTP_STAT_INCR(sctps_ifnomemqueued);
        if (net->flight_size > (2 * net->mtu)) {
          queue_only = 1;
        }
        asoc->ifp_had_enobuf = 0;
      }
      un_sent = asoc->total_output_queue_size - asoc->total_flight;
      if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) &&
          (asoc->total_flight > 0) &&
          (asoc->stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) &&
          (un_sent < (int)(asoc->smallest_mtu - SCTP_MIN_OVERHEAD))) {
        /*-
         * Ok, Nagle is set on and we have data outstanding.
         * Don't send anything and let SACKs drive out the
         * data unless we have a "full" segment to send.
         */
        if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) {
          sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED);
        }
        SCTP_STAT_INCR(sctps_naglequeued);
        nagle_applies = 1;
      } else {
        if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) {
          if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY))
            sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED);
        }
        SCTP_STAT_INCR(sctps_naglesent);
        nagle_applies = 0;
      }
      if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
        sctp_misc_ints(SCTP_CWNDLOG_PRESEND, queue_only_for_init, queue_only,
                       nagle_applies, un_sent);
        sctp_misc_ints(SCTP_CWNDLOG_PRESEND, asoc->total_output_queue_size,
                       asoc->total_flight,
                       asoc->chunks_on_out_queue, asoc->total_flight_count);
      }
      if (queue_only_for_init) {
        queue_only_for_init = 0;
      }
      if ((queue_only == 0) && (nagle_applies == 0)) {
        /*-
         * need to start chunk output
         * before blocking.. note that if
         * a lock is already applied, then
         * the input via the net is happening
         * and I don't need to start output :-D
         */
#if defined(__FreeBSD__) && !defined(__Userspace__)
        NET_EPOCH_ENTER(et);
#endif
        sctp_chunk_output(inp, stcb,
                          SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED);
#if defined(__FreeBSD__) && !defined(__Userspace__)
        NET_EPOCH_EXIT(et);
#endif
      }
      /*-
       * This is a bit strange, but I think it will
       * work. The total_output_queue_size is locked and
       * protected by the TCB_LOCK, which we just released.
       * There is a race that can occur between releasing it
       * above, and me getting the socket lock, where sacks
       * come in but we have not put the SB_WAIT on the
       * so_snd buffer to get the wakeup. After the LOCK
       * is applied the sack_processing will also need to
       * LOCK the so->so_snd to do the actual sowwakeup(). So
       * once we have the socket buffer lock if we recheck the
       * size we KNOW we will get to sleep safely with the
       * wakeup flag in place.
       */
      inqueue_bytes = asoc->total_output_queue_size - (asoc->chunks_on_out_queue * SCTP_DATA_CHUNK_OVERHEAD(stcb));
      SOCKBUF_LOCK(&so->so_snd);
      if (SCTP_SB_LIMIT_SND(so) <= (inqueue_bytes +
                                    min(SCTP_BASE_SYSCTL(sctp_add_more_threshold), SCTP_SB_LIMIT_SND(so)))) {
        if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD)
          sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK,
                         asoc, uio->uio_resid);
#else
          sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK,
                         asoc, uio_resid(uio));
#endif
#else
          sctp_log_block(SCTP_BLOCK_LOG_INTO_BLK,
                         asoc, uio->uio_resid);
#endif
        }
        be.error = 0;
#if !(defined(_WIN32) && !defined(__Userspace__))
        stcb->block_entry = &be;
#endif
        SCTP_TCB_UNLOCK(stcb);
#if defined(__APPLE__) && !defined(__Userspace__)
        sbunlock(&so->so_snd, 1);
#endif
#if defined(__FreeBSD__) && !defined(__Userspace__)
        error = sbwait(so, SO_SND);
#else
        error = sbwait(&so->so_snd);
#endif
        if (error == 0) {
          if (so->so_error != 0)
            error = so->so_error;
          if (be.error != 0) {
            error = be.error;
          }
        }
        SOCKBUF_UNLOCK(&so->so_snd);
        SCTP_TCB_LOCK(stcb);
        stcb->block_entry = NULL;
        if ((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) ||
            (asoc->state & SCTP_STATE_WAS_ABORTED)) {
          if (asoc->state & SCTP_STATE_WAS_ABORTED) {
            /* XXX: Could also be ECONNABORTED, not enough info. */
            error = ECONNRESET;
          } else {
            error = ENOTCONN;
          }
          goto out_unlocked;
        }
        if (error != 0) {
          if (sp != NULL) {
            sp->processing = 0;
          }
          goto out_unlocked;
        }
#if defined(__APPLE__) && !defined(__Userspace__)
        error = sblock(&so->so_snd, SBLOCKWAIT(flags));
        if (error != 0) {
          goto out_unlocked;
        }
#endif
      } else {
        SOCKBUF_UNLOCK(&so->so_snd);
      }
      if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
        sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK,
                       asoc, asoc->total_output_queue_size);
      }
    }

    KASSERT(stcb != NULL, ("stcb is NULL"));
    SCTP_TCB_LOCK_ASSERT(stcb);
    KASSERT((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0,
            ("Association about to be freed"));
    KASSERT((asoc->state & SCTP_STATE_WAS_ABORTED) == 0,
            ("Association was aborted"));

    /* The out streams might be reallocated. */
    strm = &asoc->strmout[sinfo_stream];
    if (sp != NULL) {
      if (sp->msg_is_complete == 0) {
        strm->last_msg_incomplete = 1;
        if (asoc->idata_supported == 0) {
          asoc->stream_locked = 1;
          asoc->stream_locked_on = sinfo_stream;
        }
      } else {
        sp->sender_all_done = 1;
        strm->last_msg_incomplete = 0;
        asoc->stream_locked = 0;
      }
      sp->processing = 0;
    } else {
      SCTP_PRINTF("Huh no sp TSNH?\n");
      strm->last_msg_incomplete = 0;
      asoc->stream_locked = 0;
    }
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD)
    if (uio->uio_resid == 0) {
#else
    if (uio_resid(uio) == 0) {
#endif
#else
    if (uio->uio_resid == 0) {
#endif
      got_all_of_the_send = true;
    }
  } else {
    error = sctp_msg_append(stcb, net, top, sndrcvninfo);
    top = NULL;
    if ((sinfo_flags & SCTP_EOF) != 0) {
      got_all_of_the_send = true;
    }
  }
  if (error != 0) {
    goto out;
  }

dataless_eof:
  KASSERT(stcb != NULL, ("stcb is NULL"));
  SCTP_TCB_LOCK_ASSERT(stcb);
  KASSERT((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0,
          ("Association about to be freed"));
  KASSERT((asoc->state & SCTP_STATE_WAS_ABORTED) == 0,
          ("Association was aborted"));

  /* EOF thing ? */
  if ((sinfo_flags & SCTP_EOF) && got_all_of_the_send) {
    SCTP_STAT_INCR(sctps_sends_with_eof);
    error = 0;
    if (TAILQ_EMPTY(&asoc->send_queue) &&
        TAILQ_EMPTY(&asoc->sent_queue) &&
        sctp_is_there_unsent_data(stcb, SCTP_SO_LOCKED) == 0) {
      if ((*asoc->ss_functions.sctp_ss_is_user_msgs_incomplete)(stcb, asoc)) {
        goto abort_anyway;
      }
      /* there is nothing queued to send, so I'm done... */
      if ((SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) &&
          (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
          (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
        struct sctp_nets *netp;

        /* only send SHUTDOWN the first time through */
        if (SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) {
          SCTP_STAT_DECR_GAUGE32(sctps_currestab);
        }
        SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_SENT);
        sctp_stop_timers_for_shutdown(stcb);
        if (asoc->alternate != NULL) {
          netp = asoc->alternate;
        } else {
          netp = asoc->primary_destination;
        }
        sctp_send_shutdown(stcb, netp);
        sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb,
                         netp);
        sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb,
                         NULL);
      }
    } else {
      /*-
       * we still got (or just got) data to send, so set
       * SHUTDOWN_PENDING
       */
      /*-
       * XXX sockets draft says that SCTP_EOF should be
       * sent with no data.  currently, we will allow user
       * data to be sent first and move to
       * SHUTDOWN-PENDING
       */
      if ((SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) &&
          (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_RECEIVED) &&
          (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
        if ((*asoc->ss_functions.sctp_ss_is_user_msgs_incomplete)(stcb, asoc)) {
          SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_PARTIAL_MSG_LEFT);
        }
        SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_SHUTDOWN_PENDING);
        if (TAILQ_EMPTY(&asoc->send_queue) &&
            TAILQ_EMPTY(&asoc->sent_queue) &&
            (asoc->state & SCTP_STATE_PARTIAL_MSG_LEFT)) {
          struct mbuf *op_err;
          char msg[SCTP_DIAG_INFO_LEN];

        abort_anyway:
          if (free_cnt_applied) {
            atomic_subtract_int(&asoc->refcnt, 1);
            free_cnt_applied = false;
          }
          SCTP_SNPRINTF(msg, sizeof(msg),
                        "%s:%d at %s", __FILE__, __LINE__, __func__);
          op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
                                       msg);
#if defined(__FreeBSD__) && !defined(__Userspace__)
          NET_EPOCH_ENTER(et);
#endif
          sctp_abort_an_association(stcb->sctp_ep, stcb,
                                    op_err, false, SCTP_SO_LOCKED);
#if defined(__FreeBSD__) && !defined(__Userspace__)
          NET_EPOCH_EXIT(et);
#endif
          stcb = NULL;
          error = ECONNABORTED;
          goto out;
        }
        sctp_feature_off(inp, SCTP_PCB_FLAGS_NODELAY);
      }
    }
  }

skip_out_eof:
  KASSERT(stcb != NULL, ("stcb is NULL"));
  SCTP_TCB_LOCK_ASSERT(stcb);
  KASSERT((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0,
          ("Association about to be freed"));
  KASSERT((asoc->state & SCTP_STATE_WAS_ABORTED) == 0,
          ("Association was aborted"));

  some_on_control = !TAILQ_EMPTY(&asoc->control_send_queue);
  if (queue_only_for_init) {
    if (SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) {
      /* a collision took us forward? */
      queue_only = 0;
    } else {
#if defined(__FreeBSD__) && !defined(__Userspace__)
      NET_EPOCH_ENTER(et);
#endif
      sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED);
#if defined(__FreeBSD__) && !defined(__Userspace__)
      NET_EPOCH_EXIT(et);
#endif
      SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_WAIT);
      queue_only = 1;
    }
  }

  KASSERT(stcb != NULL, ("stcb is NULL"));
  SCTP_TCB_LOCK_ASSERT(stcb);
  KASSERT((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0,
          ("Association about to be freed"));
  KASSERT((asoc->state & SCTP_STATE_WAS_ABORTED) == 0,
          ("Association was aborted"));

  if ((net->flight_size > net->cwnd) &&
      (asoc->sctp_cmt_on_off == 0)) {
    SCTP_STAT_INCR(sctps_send_cwnd_avoid);
    queue_only = 1;
  } else if (asoc->ifp_had_enobuf) {
    SCTP_STAT_INCR(sctps_ifnomemqueued);
    if (net->flight_size > (2 * net->mtu)) {
      queue_only = 1;
    }
    asoc->ifp_had_enobuf = 0;
  }
  un_sent = asoc->total_output_queue_size - asoc->total_flight;
  if ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY)) &&
      (asoc->total_flight > 0) &&
      (asoc->stream_queue_cnt < SCTP_MAX_DATA_BUNDLING) &&
      (un_sent < (int)(asoc->smallest_mtu - SCTP_MIN_OVERHEAD))) {
    /*-
     * Ok, Nagle is set on and we have data outstanding.
     * Don't send anything and let SACKs drive out the
     * data unless wen have a "full" segment to send.
     */
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) {
      sctp_log_nagle_event(stcb, SCTP_NAGLE_APPLIED);
    }
    SCTP_STAT_INCR(sctps_naglequeued);
    nagle_applies = 1;
  } else {
    if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_NAGLE_LOGGING_ENABLE) {
      if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_NODELAY))
        sctp_log_nagle_event(stcb, SCTP_NAGLE_SKIPPED);
    }
    SCTP_STAT_INCR(sctps_naglesent);
    nagle_applies = 0;
  }
  if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) {
    sctp_misc_ints(SCTP_CWNDLOG_PRESEND, queue_only_for_init, queue_only,
                   nagle_applies, un_sent);
    sctp_misc_ints(SCTP_CWNDLOG_PRESEND, asoc->total_output_queue_size,
                   asoc->total_flight,
                   asoc->chunks_on_out_queue, asoc->total_flight_count);
  }

  KASSERT(stcb != NULL, ("stcb is NULL"));
  SCTP_TCB_LOCK_ASSERT(stcb);
  KASSERT((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0,
          ("Association about to be freed"));
  KASSERT((asoc->state & SCTP_STATE_WAS_ABORTED) == 0,
          ("Association was aborted"));

#if defined(__FreeBSD__) && !defined(__Userspace__)
  NET_EPOCH_ENTER(et);
#endif
  if ((queue_only == 0) && (nagle_applies == 0) && (asoc->peers_rwnd && un_sent)) {
    sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED);
  } else if ((queue_only == 0) &&
             (asoc->peers_rwnd == 0) &&
             (asoc->total_flight == 0)) {
    /* We get to have a probe outstanding */
    sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED);
  } else if (some_on_control) {
    int num_out, reason;

    /* Here we do control only */
    (void)sctp_med_chunk_output(inp, stcb, asoc, &num_out,
                                &reason, 1, 1, &now, &now_filled,
                                sctp_get_frag_point(stcb),
                                SCTP_SO_LOCKED);
  }
#if defined(__FreeBSD__) && !defined(__Userspace__)
  NET_EPOCH_EXIT(et);
#endif
  SCTPDBG(SCTP_DEBUG_OUTPUT1, "USR Send complete qo:%d prw:%d unsent:%d tf:%d cooq:%d toqs:%d err:%d\n",
          queue_only, asoc->peers_rwnd, un_sent,
          asoc->total_flight, asoc->chunks_on_out_queue,
          asoc->total_output_queue_size, error);

  KASSERT(stcb != NULL, ("stcb is NULL"));
  SCTP_TCB_LOCK_ASSERT(stcb);
  KASSERT((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0,
          ("Association about to be freed"));
  KASSERT((asoc->state & SCTP_STATE_WAS_ABORTED) == 0,
          ("Association was aborted"));

out:
#if defined(__APPLE__) && !defined(__Userspace__)
  sbunlock(&so->so_snd, 1);
#endif
out_unlocked:
  if (create_lock_applied) {
    SCTP_ASOC_CREATE_UNLOCK(inp);
  }
  if (stcb != NULL) {
    if (local_soresv) {
      atomic_subtract_int(&asoc->sb_send_resv, (int)sndlen);
    }
    if (free_cnt_applied) {
      atomic_subtract_int(&asoc->refcnt, 1);
    }
    SCTP_TCB_UNLOCK(stcb);
  }
  if (top != NULL) {
    sctp_m_freem(top);
  }
  if (control != NULL) {
    sctp_m_freem(control);
  }
  SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, error);
  return (error);
}

/*
 * generate an AUTHentication chunk, if required
 */
struct mbuf *
sctp_add_auth_chunk(struct mbuf *m, struct mbuf **m_end,
    struct sctp_auth_chunk **auth_ret, uint32_t * offset,
    struct sctp_tcb *stcb, uint8_t chunk)
{
  struct mbuf *m_auth;
  struct sctp_auth_chunk *auth;
  int chunk_len;
  struct mbuf *cn;

  if ((m_end == NULL) || (auth_ret == NULL) || (offset == NULL) ||
      (stcb == NULL))
    return (m);

  if (stcb->asoc.auth_supported == 0) {
    return (m);
  }
  /* does the requested chunk require auth? */
  if (!sctp_auth_is_required_chunk(chunk, stcb->asoc.peer_auth_chunks)) {
    return (m);
  }
  m_auth = sctp_get_mbuf_for_msg(sizeof(*auth), 0, M_NOWAIT, 1, MT_HEADER);
  if (m_auth == NULL) {
    /* no mbuf's */
    return (m);
  }
  /* reserve some space if this will be the first mbuf */
  if (m == NULL)
    SCTP_BUF_RESV_UF(m_auth, SCTP_MIN_OVERHEAD);
  /* fill in the AUTH chunk details */
  auth = mtod(m_auth, struct sctp_auth_chunk *);
  memset(auth, 0, sizeof(*auth));
  auth->ch.chunk_type = SCTP_AUTHENTICATION;
  auth->ch.chunk_flags = 0;
  chunk_len = sizeof(*auth) +
      sctp_get_hmac_digest_len(stcb->asoc.peer_hmac_id);
  auth->ch.chunk_length = htons(chunk_len);
  auth->hmac_id = htons(stcb->asoc.peer_hmac_id);
  /* key id and hmac digest will be computed and filled in upon send */

  /* save the offset where the auth was inserted into the chain */
  *offset = 0;
  for (cn = m; cn; cn = SCTP_BUF_NEXT(cn)) {
    *offset += SCTP_BUF_LEN(cn);
  }

  /* update length and return pointer to the auth chunk */
  SCTP_BUF_LEN(m_auth) = chunk_len;
  m = sctp_copy_mbufchain(m_auth, m, m_end, 1, chunk_len, 0);
  if (auth_ret != NULL)
    *auth_ret = auth;

  return (m);
}

#if (defined(__FreeBSD__) || defined(__APPLE__)) && !defined(__Userspace__)
#ifdef INET6
int
sctp_v6src_match_nexthop(struct sockaddr_in6 *src6, sctp_route_t *ro)
{
  struct nd_prefix *pfx = NULL;
  struct nd_pfxrouter *pfxrtr = NULL;
  struct sockaddr_in6 gw6;

#if defined(__FreeBSD__)
  if (ro == NULL || ro->ro_nh == NULL || src6->sin6_family != AF_INET6)
#else
  if (ro == NULL || ro->ro_rt == NULL || src6->sin6_family != AF_INET6)
#endif
    return (0);

  /* get prefix entry of address */
#if defined(__FreeBSD__)
  ND6_RLOCK();
#endif
  LIST_FOREACH(pfx, &MODULE_GLOBAL(nd_prefix), ndpr_entry) {
    if (pfx->ndpr_stateflags & NDPRF_DETACHED)
      continue;
    if (IN6_ARE_MASKED_ADDR_EQUAL(&pfx->ndpr_prefix.sin6_addr,
        &src6->sin6_addr, &pfx->ndpr_mask))
      break;
  }
  /* no prefix entry in the prefix list */
  if (pfx == NULL) {
#if defined(__FreeBSD__)
    ND6_RUNLOCK();
#endif
    SCTPDBG(SCTP_DEBUG_OUTPUT2, "No prefix entry for ");
    SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6);
    return (0);
  }

  SCTPDBG(SCTP_DEBUG_OUTPUT2, "v6src_match_nexthop(), Prefix entry is ");
  SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)src6);

  /* search installed gateway from prefix entry */
  LIST_FOREACH(pfxrtr, &pfx->ndpr_advrtrs, pfr_entry) {
    memset(&gw6, 0, sizeof(struct sockaddr_in6));
    gw6.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
    gw6.sin6_len = sizeof(struct sockaddr_in6);
#endif
    memcpy(&gw6.sin6_addr, &pfxrtr->router->rtaddr,
        sizeof(struct in6_addr));
    SCTPDBG(SCTP_DEBUG_OUTPUT2, "prefix router is ");
    SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)&gw6);
    SCTPDBG(SCTP_DEBUG_OUTPUT2, "installed router is ");
#if defined(__FreeBSD__)
    SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &ro->ro_nh->gw_sa);
#else
    SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway);
#endif
#if defined(__FreeBSD__)
    if (sctp_cmpaddr((struct sockaddr *)&gw6, &ro->ro_nh->gw_sa)) {
      ND6_RUNLOCK();
#else
    if (sctp_cmpaddr((struct sockaddr *)&gw6, ro->ro_rt->rt_gateway)) {
#endif
      SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is installed\n");
      return (1);
    }
  }
#if defined(__FreeBSD__)
  ND6_RUNLOCK();
#endif
  SCTPDBG(SCTP_DEBUG_OUTPUT2, "pfxrouter is not installed\n");
  return (0);
}
#endif

int
sctp_v4src_match_nexthop(struct sctp_ifa *sifa, sctp_route_t *ro)
{
#ifdef INET
  struct sockaddr_in *sin, *mask;
  struct ifaddr *ifa;
  struct in_addr srcnetaddr, gwnetaddr;

#if defined(__FreeBSD__)
  if (ro == NULL || ro->ro_nh == NULL ||
#else
  if (ro == NULL || ro->ro_rt == NULL ||
#endif
      sifa->address.sa.sa_family != AF_INET) {
    return (0);
  }
  ifa = (struct ifaddr *)sifa->ifa;
  mask = (struct sockaddr_in *)(ifa->ifa_netmask);
  sin = &sifa->address.sin;
  srcnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr);
  SCTPDBG(SCTP_DEBUG_OUTPUT2, "match_nexthop4: src address is ");
  SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa);
  SCTPDBG(SCTP_DEBUG_OUTPUT2, "network address is %x\n", srcnetaddr.s_addr);

#if defined(__FreeBSD__)
  sin = &ro->ro_nh->gw4_sa;
#else
  sin = (struct sockaddr_in *)ro->ro_rt->rt_gateway;
#endif
  gwnetaddr.s_addr = (sin->sin_addr.s_addr & mask->sin_addr.s_addr);
  SCTPDBG(SCTP_DEBUG_OUTPUT2, "match_nexthop4: nexthop is ");
#if defined(__FreeBSD__)
  SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &ro->ro_nh->gw_sa);
#else
  SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, ro->ro_rt->rt_gateway);
#endif
  SCTPDBG(SCTP_DEBUG_OUTPUT2, "network address is %x\n", gwnetaddr.s_addr);
  if (srcnetaddr.s_addr == gwnetaddr.s_addr) {
    return (1);
  }
#endif
  return (0);
}
#elif defined(__Userspace__)
/* TODO __Userspace__ versions of sctp_vXsrc_match_nexthop(). */
int
sctp_v6src_match_nexthop(struct sockaddr_in6 *src6, sctp_route_t *ro)
{
    return (0);
}
int
sctp_v4src_match_nexthop(struct sctp_ifa *sifa, sctp_route_t *ro)
{
    return (0);
}

#endif

Coverage Report

Created: 2026-02-14 06:43