diff --git a/sys/netinet/sctp.h b/sys/netinet/sctp.h index 784c1d47e9fb..ec42cffaf661 100644 --- a/sys/netinet/sctp.h +++ b/sys/netinet/sctp.h @@ -196,6 +196,9 @@ struct sctp_paramhdr { #define SCTP_SS_VALUE 0x00001204 #define SCTP_CC_OPTION 0x00001205 /* Options for CC * modules */ +/* For I-DATA */ +#define SCTP_INTERLEAVING_SUPPORTED 0x00001206 + /* read only */ #define SCTP_GET_SNDBUF_USE 0x00001101 #define SCTP_GET_STAT_LOG 0x00001103 @@ -452,6 +455,7 @@ struct sctp_error_auth_invalid_hmac { /* EY nr_sack chunk id*/ #define SCTP_NR_SELECTIVE_ACK 0x10 /************0x40 series ***********/ +#define SCTP_IDATA 0x40 /************0x80 series ***********/ /* RFC5061 */ #define SCTP_ASCONF_ACK 0x80 @@ -467,7 +471,7 @@ struct sctp_error_auth_invalid_hmac { #define SCTP_FORWARD_CUM_TSN 0xc0 /* RFC5061 */ #define SCTP_ASCONF 0xc1 - +#define SCTP_IFORWARD_CUM_TSN 0xc2 /* ABORT and SHUTDOWN COMPLETE FLAG */ #define SCTP_HAD_NO_TCB 0x01 diff --git a/sys/netinet/sctp_constants.h b/sys/netinet/sctp_constants.h index 497dde64b1bb..6c1a01437c7e 100644 --- a/sys/netinet/sctp_constants.h +++ b/sys/netinet/sctp_constants.h @@ -386,8 +386,8 @@ __FBSDID("$FreeBSD$"); /* align to 32-bit sizes */ #define SCTP_SIZE32(x) ((((x) + 3) >> 2) << 2) -#define IS_SCTP_CONTROL(a) ((a)->chunk_type != SCTP_DATA) -#define IS_SCTP_DATA(a) ((a)->chunk_type == SCTP_DATA) +#define IS_SCTP_CONTROL(a) (((a)->chunk_type != SCTP_DATA) && ((a)->chunk_type != SCTP_IDATA)) +#define IS_SCTP_DATA(a) (((a)->chunk_type == SCTP_DATA) || ((a)->chunk_type == SCTP_IDATA)) /* SCTP parameter types */ @@ -886,12 +886,19 @@ __FBSDID("$FreeBSD$"); /* modular comparison */ /* See RFC 1982 for details. */ -#define SCTP_SSN_GT(a, b) (((a < b) && ((uint16_t)(b - a) > (1U<<15))) || \ - ((a > b) && ((uint16_t)(a - b) < (1U<<15)))) -#define SCTP_SSN_GE(a, b) (SCTP_SSN_GT(a, b) || (a == b)) -#define SCTP_TSN_GT(a, b) (((a < b) && ((uint32_t)(b - a) > (1U<<31))) || \ - ((a > b) && ((uint32_t)(a - b) < (1U<<31)))) -#define SCTP_TSN_GE(a, b) (SCTP_TSN_GT(a, b) || (a == b)) +#define SCTP_UINT16_GT(a, b) (((a < b) && ((uint16_t)(b - a) > (1U<<15))) || \ + ((a > b) && ((uint16_t)(a - b) < (1U<<15)))) +#define SCTP_UINT16_GE(a, b) (SCTP_UINT16_GT(a, b) || (a == b)) +#define SCTP_UINT32_GT(a, b) (((a < b) && ((uint32_t)(b - a) > (1U<<31))) || \ + ((a > b) && ((uint32_t)(a - b) < (1U<<31)))) +#define SCTP_UINT32_GE(a, b) (SCTP_UINT32_GT(a, b) || (a == b)) + +#define SCTP_SSN_GT(a, b) SCTP_UINT16_GT(a, b) +#define SCTP_SSN_GE(a, b) SCTP_UINT16_GE(a, b) +#define SCTP_TSN_GT(a, b) SCTP_UINT32_GT(a, b) +#define SCTP_TSN_GE(a, b) SCTP_UINT32_GE(a, b) +#define SCTP_MSGID_GT(o, a, b) ((o == 1) ? SCTP_UINT16_GT((uint16_t)a, (uint16_t)b) : SCTP_UINT32_GT(a, b)) +#define SCTP_MSGID_GE(o, a, b) ((o == 1) ? SCTP_UINT16_GE((uint16_t)a, (uint16_t)b) : SCTP_UINT32_GE(a, b)) /* Mapping array manipulation routines */ #define SCTP_IS_TSN_PRESENT(arry, gap) ((arry[(gap >> 3)] >> (gap & 0x07)) & 0x01) diff --git a/sys/netinet/sctp_dtrace_define.h b/sys/netinet/sctp_dtrace_define.h index f34effbddf57..19f44da482e2 100644 --- a/sys/netinet/sctp_dtrace_define.h +++ b/sys/netinet/sctp_dtrace_define.h @@ -45,131 +45,131 @@ SDT_PROVIDER_DEFINE(sctp); /********************************************************/ /* Initial */ SDT_PROBE_DEFINE5(sctp, cwnd, net, init, - "uint32_t", /* The Vtag for this end */ - "uint32_t", /* - * The port number of the local side << 16 | port number - * of remote in network byte order. - */ - "uintptr_t", /* The pointer to the struct sctp_nets * changing */ - "int", /* The old value of the cwnd */ - "int"); /* The new value of the cwnd */ + "uint32_t", /* The Vtag for this end */ + "uint32_t", /* The port number of the local side << 16 | + * port number of remote in network byte + * order. */ + "uintptr_t", /* The pointer to the struct sctp_nets * + * changing */ + "int", /* The old value of the cwnd */ + "int"); /* The new value of the cwnd */ /* ACK-INCREASE */ SDT_PROBE_DEFINE5(sctp, cwnd, net, ack, - "uint32_t", /* The Vtag for this end */ - "uint32_t", /* - * The port number of the local side << 16 | port number - * of remote in network byte order. - */ - "uintptr_t", /* The pointer to the struct sctp_nets * changing */ - "int", /* The old value of the cwnd */ - "int"); /* The new value of the cwnd */ + "uint32_t", /* The Vtag for this end */ + "uint32_t", /* The port number of the local side << 16 | + * port number of remote in network byte + * order. */ + "uintptr_t", /* The pointer to the struct sctp_nets * + * changing */ + "int", /* The old value of the cwnd */ + "int"); /* The new value of the cwnd */ /* ACK-INCREASE */ SDT_PROBE_DEFINE5(sctp, cwnd, net, rttvar, - "uint64_t", /* The Vtag << 32 | localport << 16 | remoteport */ - "uint64_t", /* obw | nbw */ - "uint64_t", /* bwrtt | newrtt */ - "uint64_t", /* flight */ - "uint64_t"); /* (cwnd << 32) | point << 16 | retval(0/1) */ + "uint64_t", /* The Vtag << 32 | localport << 16 | + * remoteport */ + "uint64_t", /* obw | nbw */ + "uint64_t", /* bwrtt | newrtt */ + "uint64_t", /* flight */ + "uint64_t"); /* (cwnd << 32) | point << 16 | retval(0/1) */ SDT_PROBE_DEFINE5(sctp, cwnd, net, rttstep, - "uint64_t", /* The Vtag << 32 | localport << 16 | remoteport */ - "uint64_t", /* obw | nbw */ - "uint64_t", /* bwrtt | newrtt */ - "uint64_t", /* flight */ - "uint64_t"); /* (cwnd << 32) | point << 16 | retval(0/1) */ + "uint64_t", /* The Vtag << 32 | localport << 16 | + * remoteport */ + "uint64_t", /* obw | nbw */ + "uint64_t", /* bwrtt | newrtt */ + "uint64_t", /* flight */ + "uint64_t"); /* (cwnd << 32) | point << 16 | retval(0/1) */ /* FastRetransmit-DECREASE */ SDT_PROBE_DEFINE5(sctp, cwnd, net, fr, - "uint32_t", /* The Vtag for this end */ - "uint32_t", /* - * The port number of the local side << 16 | port number - * of remote in network byte order. - */ - "uintptr_t", /* The pointer to the struct sctp_nets * changing */ - "int", /* The old value of the cwnd */ - "int"); /* The new value of the cwnd */ + "uint32_t", /* The Vtag for this end */ + "uint32_t", /* The port number of the local side << 16 | + * port number of remote in network byte + * order. */ + "uintptr_t", /* The pointer to the struct sctp_nets * + * changing */ + "int", /* The old value of the cwnd */ + "int"); /* The new value of the cwnd */ /* TimeOut-DECREASE */ SDT_PROBE_DEFINE5(sctp, cwnd, net, to, - "uint32_t", /* The Vtag for this end */ - "uint32_t", /* - * The port number of the local side << 16 | port number - * of remote in network byte order. - */ - "uintptr_t", /* The pointer to the struct sctp_nets * changing */ - "int", /* The old value of the cwnd */ - "int"); /* The new value of the cwnd */ + "uint32_t", /* The Vtag for this end */ + "uint32_t", /* The port number of the local side << 16 | + * port number of remote in network byte + * order. */ + "uintptr_t", /* The pointer to the struct sctp_nets * + * changing */ + "int", /* The old value of the cwnd */ + "int"); /* The new value of the cwnd */ /* BurstLimit-DECREASE */ SDT_PROBE_DEFINE5(sctp, cwnd, net, bl, - "uint32_t", /* The Vtag for this end */ - "uint32_t", /* - * The port number of the local side << 16 | port number - * of remote in network byte order. - */ - "uintptr_t", /* The pointer to the struct sctp_nets * changing */ - "int", /* The old value of the cwnd */ - "int"); /* The new value of the cwnd */ + "uint32_t", /* The Vtag for this end */ + "uint32_t", /* The port number of the local side << 16 | + * port number of remote in network byte + * order. */ + "uintptr_t", /* The pointer to the struct sctp_nets * + * changing */ + "int", /* The old value of the cwnd */ + "int"); /* The new value of the cwnd */ /* ECN-DECREASE */ SDT_PROBE_DEFINE5(sctp, cwnd, net, ecn, - "uint32_t", /* The Vtag for this end */ - "uint32_t", /* - * The port number of the local side << 16 | port number - * of remote in network byte order. - */ - "uintptr_t", /* The pointer to the struct sctp_nets * changing */ - "int", /* The old value of the cwnd */ - "int"); /* The new value of the cwnd */ + "uint32_t", /* The Vtag for this end */ + "uint32_t", /* The port number of the local side << 16 | + * port number of remote in network byte + * order. */ + "uintptr_t", /* The pointer to the struct sctp_nets * + * changing */ + "int", /* The old value of the cwnd */ + "int"); /* The new value of the cwnd */ /* PacketDrop-DECREASE */ SDT_PROBE_DEFINE5(sctp, cwnd, net, pd, - "uint32_t", /* The Vtag for this end */ - "uint32_t", /* - * The port number of the local side << 16 | port number - * of remote in network byte order. - */ - "uintptr_t", /* The pointer to the struct sctp_nets * changing */ - "int", /* The old value of the cwnd */ - "int"); /* The new value of the cwnd */ + "uint32_t", /* The Vtag for this end */ + "uint32_t", /* The port number of the local side << 16 | + * port number of remote in network byte + * order. */ + "uintptr_t", /* The pointer to the struct sctp_nets * + * changing */ + "int", /* The old value of the cwnd */ + "int"); /* The new value of the cwnd */ /********************************************************/ /* Rwnd probe - tracks changes in the receiver window for an assoc */ /********************************************************/ SDT_PROBE_DEFINE4(sctp, rwnd, assoc, val, - "uint32_t", /* The Vtag for this end */ - "uint32_t", /* - * The port number of the local side << 16 | port number - * of remote in network byte order. - */ - "int", /* The up/down amount */ - "int"); /* The new value of the cwnd */ + "uint32_t", /* The Vtag for this end */ + "uint32_t", /* The port number of the local side << 16 | + * port number of remote in network byte + * order. */ + "int", /* The up/down amount */ + "int"); /* The new value of the cwnd */ /********************************************************/ /* flight probe - tracks changes in the flight size on a net or assoc */ /********************************************************/ SDT_PROBE_DEFINE5(sctp, flightsize, net, val, - "uint32_t", /* The Vtag for this end */ - "uint32_t", /* - * The port number of the local side << 16 | port number - * of remote in network byte order. - */ - "uintptr_t", /* The pointer to the struct sctp_nets * changing */ - "int", /* The up/down amount */ - "int"); /* The new value of the cwnd */ + "uint32_t", /* The Vtag for this end */ + "uint32_t", /* The port number of the local side << 16 | + * port number of remote in network byte + * order. */ + "uintptr_t", /* The pointer to the struct sctp_nets * + * changing */ + "int", /* The up/down amount */ + "int"); /* The new value of the cwnd */ /********************************************************/ /* The total flight version */ /********************************************************/ SDT_PROBE_DEFINE4(sctp, flightsize, assoc, val, - "uint32_t", /* The Vtag for this end */ - "uint32_t", /* - * The port number of the local side << 16 | port number - * of remote in network byte order. - */ - "int", /* The up/down amount */ - "int"); /* The new value of the cwnd */ + "uint32_t", /* The Vtag for this end */ + "uint32_t", /* The port number of the local side << 16 | + * port number of remote in network byte + * order. */ + "int", /* The up/down amount */ + "int"); /* The new value of the cwnd */ #endif diff --git a/sys/netinet/sctp_header.h b/sys/netinet/sctp_header.h index dc05b3dc0a8d..d38c8375fb32 100644 --- a/sys/netinet/sctp_header.h +++ b/sys/netinet/sctp_header.h @@ -152,6 +152,23 @@ struct sctp_data_chunk { struct sctp_data dp; } SCTP_PACKED; +struct sctp_idata { + uint32_t tsn; + uint16_t stream_id; + uint16_t reserved; /* Where does the SSN go? */ + uint32_t msg_id; + union { + uint32_t protocol_id; + uint32_t fsn; /* Fragment Sequence Number */ + }; + /* user data follows */ +} SCTP_PACKED; + +struct sctp_idata_chunk { + struct sctp_chunkhdr ch; + struct sctp_idata dp; +} SCTP_PACKED; + /* * Structures for the control chunks */ @@ -378,6 +395,12 @@ struct sctp_strseq { uint16_t sequence; } SCTP_PACKED; +struct sctp_strseq_mid { + uint16_t stream; + uint16_t reserved; + uint32_t msg_id; +}; + struct sctp_forward_tsn_msg { struct sctphdr sh; struct sctp_forward_tsn_chunk msg; diff --git a/sys/netinet/sctp_indata.c b/sys/netinet/sctp_indata.c index cbc7fb59b7f3..76f0ad33df78 100644 --- a/sys/netinet/sctp_indata.c +++ b/sys/netinet/sctp_indata.c @@ -34,18 +34,22 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include -#include #include +#include #include #include -#include -#include #include +#include #include - - +#include +#include +#include +#include +#include +#include /* * NOTES: On the outbound side of things I need to check the sack timer to * see if I should generate a sack into the chunk queue (if I have data to @@ -55,6 +59,13 @@ __FBSDID("$FreeBSD$"); * This will cause sctp_service_queues() to get called on the top entry in * the list. */ +static void +sctp_add_chk_to_control(struct sctp_queued_to_read *control, + struct sctp_stream_in *strm, + struct sctp_tcb *stcb, + struct sctp_association *asoc, + struct sctp_tmit_chunk *chk); + void sctp_set_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc) @@ -74,9 +85,9 @@ sctp_calc_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc) * sctp_soreceive then we will fix this so that ONLY this * associations data is taken into account. */ - if (stcb->sctp_socket == NULL) + if (stcb->sctp_socket == NULL) { return (calc); - + } if (stcb->asoc.sb_cc == 0 && asoc->size_on_reasm_queue == 0 && asoc->size_on_all_streams == 0) { @@ -86,7 +97,6 @@ sctp_calc_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc) } /* get actual space */ calc = (uint32_t) sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv); - /* * take out what has NOT been put on socket queue and we yet hold * for putting up. @@ -95,7 +105,6 @@ sctp_calc_rwnd(struct sctp_tcb *stcb, struct sctp_association *asoc) asoc->cnt_on_reasm_queue * MSIZE)); calc = sctp_sbspace_sub(calc, (uint32_t) (asoc->size_on_all_streams + asoc->cnt_on_all_streams * MSIZE)); - if (calc == 0) { /* out of space */ return (calc); @@ -122,7 +131,7 @@ sctp_build_readq_entry(struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t tsn, uint32_t ppid, uint32_t context, uint16_t stream_no, - uint16_t stream_seq, uint8_t flags, + uint32_t stream_seq, uint8_t flags, struct mbuf *dm) { struct sctp_queued_to_read *read_queue_e = NULL; @@ -131,73 +140,26 @@ sctp_build_readq_entry(struct sctp_tcb *stcb, if (read_queue_e == NULL) { goto failed_build; } + memset(read_queue_e, 0, sizeof(struct sctp_queued_to_read)); read_queue_e->sinfo_stream = stream_no; read_queue_e->sinfo_ssn = stream_seq; read_queue_e->sinfo_flags = (flags << 8); read_queue_e->sinfo_ppid = ppid; read_queue_e->sinfo_context = context; - read_queue_e->sinfo_timetolive = 0; read_queue_e->sinfo_tsn = tsn; read_queue_e->sinfo_cumtsn = tsn; read_queue_e->sinfo_assoc_id = sctp_get_associd(stcb); + read_queue_e->top_fsn = read_queue_e->fsn_included = 0xffffffff; + TAILQ_INIT(&read_queue_e->reasm); read_queue_e->whoFrom = net; - read_queue_e->length = 0; atomic_add_int(&net->ref_count, 1); read_queue_e->data = dm; - read_queue_e->spec_flags = 0; - read_queue_e->tail_mbuf = NULL; - read_queue_e->aux_data = NULL; read_queue_e->stcb = stcb; read_queue_e->port_from = stcb->rport; - read_queue_e->do_not_ref_stcb = 0; - read_queue_e->end_added = 0; - read_queue_e->some_taken = 0; - read_queue_e->pdapi_aborted = 0; failed_build: return (read_queue_e); } - -/* - * Build out our readq entry based on the incoming packet. - */ -static struct sctp_queued_to_read * -sctp_build_readq_entry_chk(struct sctp_tcb *stcb, - struct sctp_tmit_chunk *chk) -{ - struct sctp_queued_to_read *read_queue_e = NULL; - - sctp_alloc_a_readq(stcb, read_queue_e); - if (read_queue_e == NULL) { - goto failed_build; - } - read_queue_e->sinfo_stream = chk->rec.data.stream_number; - read_queue_e->sinfo_ssn = chk->rec.data.stream_seq; - read_queue_e->sinfo_flags = (chk->rec.data.rcv_flags << 8); - read_queue_e->sinfo_ppid = chk->rec.data.payloadtype; - read_queue_e->sinfo_context = stcb->asoc.context; - read_queue_e->sinfo_timetolive = 0; - read_queue_e->sinfo_tsn = chk->rec.data.TSN_seq; - read_queue_e->sinfo_cumtsn = chk->rec.data.TSN_seq; - read_queue_e->sinfo_assoc_id = sctp_get_associd(stcb); - read_queue_e->whoFrom = chk->whoTo; - read_queue_e->aux_data = NULL; - read_queue_e->length = 0; - atomic_add_int(&chk->whoTo->ref_count, 1); - read_queue_e->data = chk->data; - read_queue_e->tail_mbuf = NULL; - read_queue_e->stcb = stcb; - read_queue_e->port_from = stcb->rport; - read_queue_e->spec_flags = 0; - read_queue_e->do_not_ref_stcb = 0; - read_queue_e->end_added = 0; - read_queue_e->some_taken = 0; - read_queue_e->pdapi_aborted = 0; -failed_build: - return (read_queue_e); -} - - struct mbuf * sctp_build_ctl_nchunk(struct sctp_inpcb *inp, struct sctp_sndrcvinfo *sinfo) { @@ -317,6 +279,7 @@ sctp_mark_non_revokable(struct sctp_association *asoc, uint32_t tsn) { uint32_t gap, i, cumackp1; int fnd = 0; + int in_r = 0, in_nr = 0; if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) { return; @@ -330,15 +293,20 @@ sctp_mark_non_revokable(struct sctp_association *asoc, uint32_t tsn) return; } SCTP_CALC_TSN_TO_GAP(gap, tsn, asoc->mapping_array_base_tsn); - if (!SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) { + in_r = SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap); + in_nr = SCTP_IS_TSN_PRESENT(asoc->nr_mapping_array, gap); + if ((in_r == 0) && (in_nr == 0)) { +#ifdef INVARIANTS + panic("Things are really messed up now"); +#else SCTP_PRINTF("gap:%x tsn:%x\n", gap, tsn); sctp_print_mapping_array(asoc); -#ifdef INVARIANTS - panic("Things are really messed up now!!"); #endif } - SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap); - SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); + if (in_nr == 0) + SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap); + if (in_r) + SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) { asoc->highest_tsn_inside_nr_map = tsn; } @@ -358,191 +326,157 @@ sctp_mark_non_revokable(struct sctp_association *asoc, uint32_t tsn) } } - -/* - * We are delivering currently from the reassembly queue. We must continue to - * deliver until we either: 1) run out of space. 2) run out of sequential - * TSN's 3) hit the SCTP_DATA_LAST_FRAG flag. - */ -static void -sctp_service_reassembly(struct sctp_tcb *stcb, struct sctp_association *asoc) +static int +sctp_place_control_in_stream(struct sctp_stream_in *strm, + struct sctp_association *asoc, + struct sctp_queued_to_read *control) { - struct sctp_tmit_chunk *chk, *nchk; - uint16_t nxt_todel; - uint16_t stream_no; - int end = 0; - int cntDel; - struct sctp_queued_to_read *control, *ctl, *nctl; + struct sctp_queued_to_read *at; + struct sctp_readhead *q; + uint8_t bits, unordered; - if (stcb == NULL) - return; - - cntDel = stream_no = 0; - if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || - (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) || - (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) { - /* socket above is long gone or going.. */ -abandon: - asoc->fragmented_delivery_inprogress = 0; - TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) { - TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next); - asoc->size_on_reasm_queue -= chk->send_size; - sctp_ucount_decr(asoc->cnt_on_reasm_queue); - /* - * Lose the data pointer, since its in the socket - * buffer - */ - if (chk->data) { - sctp_m_freem(chk->data); - chk->data = NULL; - } - /* Now free the address and data */ - sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); - /* sa_ignore FREED_MEMORY */ - } - return; - } - SCTP_TCB_LOCK_ASSERT(stcb); - TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) { - if (chk->rec.data.TSN_seq != (asoc->tsn_last_delivered + 1)) { - /* Can't deliver more :< */ - return; - } - stream_no = chk->rec.data.stream_number; - nxt_todel = asoc->strmin[stream_no].last_sequence_delivered + 1; - if (nxt_todel != chk->rec.data.stream_seq && - (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) { - /* - * Not the next sequence to deliver in its stream OR - * unordered - */ - return; - } - if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) { - - control = sctp_build_readq_entry_chk(stcb, chk); - if (control == NULL) { - /* out of memory? */ - return; - } - /* save it off for our future deliveries */ - stcb->asoc.control_pdapi = control; - if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) - end = 1; - else - end = 0; - sctp_mark_non_revokable(asoc, chk->rec.data.TSN_seq); - sctp_add_to_readq(stcb->sctp_ep, - stcb, control, &stcb->sctp_socket->so_rcv, end, - SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); - cntDel++; - } else { - if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) - end = 1; - else - end = 0; - sctp_mark_non_revokable(asoc, chk->rec.data.TSN_seq); - if (sctp_append_to_readq(stcb->sctp_ep, stcb, - stcb->asoc.control_pdapi, - chk->data, end, chk->rec.data.TSN_seq, - &stcb->sctp_socket->so_rcv)) { + bits = (control->sinfo_flags >> 8); + unordered = bits & SCTP_DATA_UNORDERED; + if (unordered) { + q = &strm->uno_inqueue; + if (asoc->idata_supported == 0) { + if (!TAILQ_EMPTY(q)) { /* - * something is very wrong, either - * control_pdapi is NULL, or the tail_mbuf - * is corrupt, or there is a EOM already on - * the mbuf chain. + * Only one stream can be here in old style + * -- abort */ - if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { - goto abandon; + return (-1); + } + TAILQ_INSERT_TAIL(q, control, next_instrm); + control->on_strm_q = SCTP_ON_UNORDERED; + return (0); + } + } else { + q = &strm->inqueue; + } + if ((bits & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG) { + control->end_added = control->last_frag_seen = control->first_frag_seen = 1; + } + if (TAILQ_EMPTY(q)) { + /* Empty queue */ + TAILQ_INSERT_HEAD(q, control, next_instrm); + if (unordered) { + control->on_strm_q = SCTP_ON_UNORDERED; + } else { + control->on_strm_q = SCTP_ON_ORDERED; + } + return (0); + } else { + TAILQ_FOREACH(at, q, next_instrm) { + if (SCTP_TSN_GT(at->msg_id, control->msg_id)) { + /* + * one in queue is bigger than the new one, + * insert before this one + */ + TAILQ_INSERT_BEFORE(at, control, next_instrm); + if (unordered) { + control->on_strm_q = SCTP_ON_UNORDERED; } else { -#ifdef INVARIANTS - if ((stcb->asoc.control_pdapi == NULL) || (stcb->asoc.control_pdapi->tail_mbuf == NULL)) { - panic("This should not happen control_pdapi NULL?"); - } - /* if we did not panic, it was a EOM */ - panic("Bad chunking ??"); -#else - if ((stcb->asoc.control_pdapi == NULL) || (stcb->asoc.control_pdapi->tail_mbuf == NULL)) { - SCTP_PRINTF("This should not happen control_pdapi NULL?\n"); - } - SCTP_PRINTF("Bad chunking ??\n"); - SCTP_PRINTF("Dumping re-assembly queue this will probably hose the association\n"); - -#endif - goto abandon; + control->on_strm_q = SCTP_ON_ORDERED; } - } - cntDel++; - } - /* pull it we did it */ - TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next); - if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { - asoc->fragmented_delivery_inprogress = 0; - if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0) { - asoc->strmin[stream_no].last_sequence_delivered++; - } - if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0) { - SCTP_STAT_INCR_COUNTER64(sctps_reasmusrmsgs); - } - } else if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) { - /* - * turn the flag back on since we just delivered - * yet another one. - */ - asoc->fragmented_delivery_inprogress = 1; - } - asoc->tsn_of_pdapi_last_delivered = chk->rec.data.TSN_seq; - asoc->last_flags_delivered = chk->rec.data.rcv_flags; - asoc->last_strm_seq_delivered = chk->rec.data.stream_seq; - asoc->last_strm_no_delivered = chk->rec.data.stream_number; - - asoc->tsn_last_delivered = chk->rec.data.TSN_seq; - asoc->size_on_reasm_queue -= chk->send_size; - sctp_ucount_decr(asoc->cnt_on_reasm_queue); - /* free up the chk */ - chk->data = NULL; - sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); - - if (asoc->fragmented_delivery_inprogress == 0) { - /* - * Now lets see if we can deliver the next one on - * the stream - */ - struct sctp_stream_in *strm; - - strm = &asoc->strmin[stream_no]; - nxt_todel = strm->last_sequence_delivered + 1; - TAILQ_FOREACH_SAFE(ctl, &strm->inqueue, next, nctl) { - /* Deliver more if we can. */ - if (nxt_todel == ctl->sinfo_ssn) { - TAILQ_REMOVE(&strm->inqueue, ctl, next); - asoc->size_on_all_streams -= ctl->length; - sctp_ucount_decr(asoc->cnt_on_all_streams); - strm->last_sequence_delivered++; - sctp_mark_non_revokable(asoc, ctl->sinfo_tsn); - sctp_add_to_readq(stcb->sctp_ep, stcb, - ctl, - &stcb->sctp_socket->so_rcv, 1, - SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); - } else { + break; + } else if (at->msg_id == control->msg_id) { + /* + * Gak, He sent me a duplicate msg id + * number?? return -1 to abort. + */ + return (-1); + } else { + if (TAILQ_NEXT(at, next_instrm) == NULL) { + /* + * We are at the end, insert it + * after this one + */ + if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) { + sctp_log_strm_del(control, at, + SCTP_STR_LOG_FROM_INSERT_TL); + } + TAILQ_INSERT_AFTER(q, + at, control, next_instrm); + if (unordered) { + control->on_strm_q = SCTP_ON_UNORDERED; + } else { + control->on_strm_q = SCTP_ON_ORDERED; + } break; } - nxt_todel = strm->last_sequence_delivered + 1; } - break; } } + return (0); +} + +static void +sctp_abort_in_reasm(struct sctp_tcb *stcb, + struct sctp_stream_in *strm, + struct sctp_queued_to_read *control, + struct sctp_tmit_chunk *chk, + int *abort_flag, int opspot) +{ + char msg[SCTP_DIAG_INFO_LEN]; + struct mbuf *oper; + + if (stcb->asoc.idata_supported) { + snprintf(msg, sizeof(msg), + "Reass %x,CF:%x,TSN=%8.8x,SID=%4.4x,FSN=%8.8x,MID:%8.8x", + opspot, + control->fsn_included, + chk->rec.data.TSN_seq, + chk->rec.data.stream_number, + chk->rec.data.fsn_num, chk->rec.data.stream_seq); + } else { + snprintf(msg, sizeof(msg), + "Reass %x, CI:%x,TSN=%8.8x,SID=%4.4x,FSN=%4.4x, SSN:%4.4x", + opspot, + control->fsn_included, + chk->rec.data.TSN_seq, + chk->rec.data.stream_number, + chk->rec.data.fsn_num, + (uint16_t) chk->rec.data.stream_seq); + } + oper = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); + sctp_m_freem(chk->data); + chk->data = NULL; + sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_1; + sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED); + *abort_flag = 1; +} + +static void +clean_up_control(struct sctp_tcb *stcb, struct sctp_queued_to_read *control) +{ + /* + * The control could not be placed and must be cleaned. + */ + struct sctp_tmit_chunk *chk, *nchk; + + TAILQ_FOREACH_SAFE(chk, &control->reasm, sctp_next, nchk) { + TAILQ_REMOVE(&control->reasm, chk, sctp_next); + if (chk->data) + sctp_m_freem(chk->data); + chk->data = NULL; + sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); + } + sctp_free_a_readq(stcb, control); } /* * Queue the chunk either right into the socket buffer if it is the next one * to go OR put it in the correct place in the delivery queue. If we do - * append to the so_buf, keep doing so until we are out of order. One big - * question still remains, what to do when the socket buffer is FULL?? + * append to the so_buf, keep doing so until we are out of order as + * long as the control's entered are non-fragmented. */ static void -sctp_queue_data_to_stream(struct sctp_tcb *stcb, struct sctp_association *asoc, - struct sctp_queued_to_read *control, int *abort_flag) +sctp_queue_data_to_stream(struct sctp_tcb *stcb, + struct sctp_stream_in *strm, + struct sctp_association *asoc, + struct sctp_queued_to_read *control, int *abort_flag, int *need_reasm) { /* * FIX-ME maybe? What happens when the ssn wraps? If we are getting @@ -562,27 +496,16 @@ sctp_queue_data_to_stream(struct sctp_tcb *stcb, struct sctp_association *asoc, * SSN alone. Maybe a hybred approach is the answer * */ - struct sctp_stream_in *strm; struct sctp_queued_to_read *at; int queue_needed; - uint16_t nxt_todel; + uint32_t nxt_todel; struct mbuf *op_err; char msg[SCTP_DIAG_INFO_LEN]; - queue_needed = 1; - asoc->size_on_all_streams += control->length; - sctp_ucount_incr(asoc->cnt_on_all_streams); - strm = &asoc->strmin[control->sinfo_stream]; - nxt_todel = strm->last_sequence_delivered + 1; if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) { sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_INTO_STRD); } - SCTPDBG(SCTP_DEBUG_INDATA1, - "queue to stream called for sid:%u ssn:%u tsn:%u lastdel:%u nxt:%u\n", - (uint32_t) control->sinfo_stream, (uint32_t) control->sinfo_ssn, - (uint32_t) control->sinfo_tsn, - (uint32_t) strm->last_sequence_delivered, (uint32_t) nxt_todel); - if (SCTP_SSN_GE(strm->last_sequence_delivered, control->sinfo_ssn)) { + if (SCTP_MSGID_GT((!asoc->idata_supported), strm->last_sequence_delivered, control->sinfo_ssn)) { /* The incoming sseq is behind where we last delivered? */ SCTPDBG(SCTP_DEBUG_INDATA1, "Duplicate S-SEQ:%d delivered:%d from peer, Abort association\n", control->sinfo_ssn, strm->last_sequence_delivered); @@ -591,32 +514,39 @@ protocol_error: * throw it in the stream so it gets cleaned up in * association destruction */ - TAILQ_INSERT_HEAD(&strm->inqueue, control, next); + TAILQ_INSERT_HEAD(&strm->inqueue, control, next_instrm); snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", strm->last_sequence_delivered, control->sinfo_tsn, control->sinfo_stream, control->sinfo_ssn); op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_1; + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_2; sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); *abort_flag = 1; return; } -#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) - struct socket *so; - - so = SCTP_INP_SO(stcb->sctp_ep); - atomic_add_int(&stcb->asoc.refcnt, 1); - SCTP_TCB_UNLOCK(stcb); - SCTP_SOCKET_LOCK(so, 1); - SCTP_TCB_LOCK(stcb); - atomic_subtract_int(&stcb->asoc.refcnt, 1); - if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { - SCTP_SOCKET_UNLOCK(so, 1); - return; + if ((SCTP_TSN_GE(asoc->cumulative_tsn, control->sinfo_tsn)) && (asoc->idata_supported == 0)) { + goto protocol_error; } -#endif + queue_needed = 1; + asoc->size_on_all_streams += control->length; + sctp_ucount_incr(asoc->cnt_on_all_streams); + nxt_todel = strm->last_sequence_delivered + 1; if (nxt_todel == control->sinfo_ssn) { +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) + struct socket *so; + + so = SCTP_INP_SO(stcb->sctp_ep); + atomic_add_int(&stcb->asoc.refcnt, 1); + SCTP_TCB_UNLOCK(stcb); + SCTP_SOCKET_LOCK(so, 1); + SCTP_TCB_LOCK(stcb); + atomic_subtract_int(&stcb->asoc.refcnt, 1); + if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { + SCTP_SOCKET_UNLOCK(so, 1); + return; + } +#endif /* can be delivered right away? */ if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) { sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_IMMED_DEL); @@ -626,19 +556,25 @@ protocol_error: asoc->size_on_all_streams -= control->length; sctp_ucount_decr(asoc->cnt_on_all_streams); strm->last_sequence_delivered++; - sctp_mark_non_revokable(asoc, control->sinfo_tsn); sctp_add_to_readq(stcb->sctp_ep, stcb, control, &stcb->sctp_socket->so_rcv, 1, - SCTP_READ_LOCK_NOT_HELD, SCTP_SO_LOCKED); - TAILQ_FOREACH_SAFE(control, &strm->inqueue, next, at) { + SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); + TAILQ_FOREACH_SAFE(control, &strm->inqueue, next_instrm, at) { /* all delivered */ nxt_todel = strm->last_sequence_delivered + 1; - if (nxt_todel == control->sinfo_ssn) { - TAILQ_REMOVE(&strm->inqueue, control, next); + if ((nxt_todel == control->sinfo_ssn) && + (((control->sinfo_flags >> 8) & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG)) { asoc->size_on_all_streams -= control->length; sctp_ucount_decr(asoc->cnt_on_all_streams); + if (control->on_strm_q == SCTP_ON_ORDERED) { + TAILQ_REMOVE(&strm->inqueue, control, next_instrm); + } else { + panic("Huh control:%p is on_strm_q:%d", + control, control->on_strm_q); + } + control->on_strm_q = 0; strm->last_sequence_delivered++; /* * We ignore the return of deliver_data here @@ -655,193 +591,637 @@ protocol_error: control, &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, - SCTP_SO_LOCKED); + SCTP_SO_NOT_LOCKED); continue; + } else if (nxt_todel == control->sinfo_ssn) { + *need_reasm = 1; } break; } +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) + SCTP_SOCKET_UNLOCK(so, 1); +#endif } if (queue_needed) { /* * Ok, we did not deliver this guy, find the correct place * to put it on the queue. */ - if (SCTP_TSN_GE(asoc->cumulative_tsn, control->sinfo_tsn)) { -#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) - SCTP_SOCKET_UNLOCK(so, 1); -#endif - goto protocol_error; - } - if (TAILQ_EMPTY(&strm->inqueue)) { - /* Empty queue */ - if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) { - sctp_log_strm_del(control, NULL, SCTP_STR_LOG_FROM_INSERT_HD); - } - TAILQ_INSERT_HEAD(&strm->inqueue, control, next); - } else { - TAILQ_FOREACH(at, &strm->inqueue, next) { - if (SCTP_SSN_GT(at->sinfo_ssn, control->sinfo_ssn)) { - /* - * one in queue is bigger than the - * new one, insert before this one - */ - if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) { - sctp_log_strm_del(control, at, - SCTP_STR_LOG_FROM_INSERT_MD); - } - TAILQ_INSERT_BEFORE(at, control, next); - break; - } else if (at->sinfo_ssn == control->sinfo_ssn) { - /* - * Gak, He sent me a duplicate str - * seq number - */ - /* - * foo bar, I guess I will just free - * this new guy, should we abort - * too? FIX ME MAYBE? Or it COULD be - * that the SSN's have wrapped. - * Maybe I should compare to TSN - * somehow... sigh for now just blow - * away the chunk! - */ + if (sctp_place_control_in_stream(strm, asoc, control)) { + char msg[SCTP_DIAG_INFO_LEN]; + struct mbuf *oper; - if (control->data) - sctp_m_freem(control->data); - control->data = NULL; - asoc->size_on_all_streams -= control->length; - sctp_ucount_decr(asoc->cnt_on_all_streams); - if (control->whoFrom) { - sctp_free_remote_addr(control->whoFrom); - control->whoFrom = NULL; - } - sctp_free_a_readq(stcb, control); -#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) - SCTP_SOCKET_UNLOCK(so, 1); -#endif - return; - } else { - if (TAILQ_NEXT(at, next) == NULL) { - /* - * We are at the end, insert - * it after this one - */ - if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) { - sctp_log_strm_del(control, at, - SCTP_STR_LOG_FROM_INSERT_TL); - } - TAILQ_INSERT_AFTER(&strm->inqueue, - at, control, next); - break; - } - } - } + snprintf(msg, sizeof(msg), + "Queue to str mid:%d duplicate", + control->msg_id); + clean_up_control(stcb, control); + oper = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_3; + sctp_abort_an_association(stcb->sctp_ep, stcb, oper, SCTP_SO_NOT_LOCKED); + *abort_flag = 1; } } -#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) - SCTP_SOCKET_UNLOCK(so, 1); -#endif } -/* - * Returns two things: You get the total size of the deliverable parts of the - * first fragmented message on the reassembly queue. And you get a 1 back if - * all of the message is ready or a 0 back if the message is still incomplete - */ -static int -sctp_is_all_msg_on_reasm(struct sctp_association *asoc, uint32_t * t_size) -{ - struct sctp_tmit_chunk *chk; - uint32_t tsn; - *t_size = 0; - chk = TAILQ_FIRST(&asoc->reasmqueue); - if (chk == NULL) { - /* nothing on the queue */ - return (0); - } - if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0) { - /* Not a first on the queue */ - return (0); - } - tsn = chk->rec.data.TSN_seq; - TAILQ_FOREACH(chk, &asoc->reasmqueue, sctp_next) { - if (tsn != chk->rec.data.TSN_seq) { - return (0); +static void +sctp_setup_tail_pointer(struct sctp_queued_to_read *control) +{ + struct mbuf *m, *prev = NULL; + struct sctp_tcb *stcb; + + stcb = control->stcb; + control->held_length = 0; + control->length = 0; + m = control->data; + while (m) { + if (SCTP_BUF_LEN(m) == 0) { + /* Skip mbufs with NO length */ + if (prev == NULL) { + /* First one */ + control->data = sctp_m_free(m); + m = control->data; + } else { + SCTP_BUF_NEXT(prev) = sctp_m_free(m); + m = SCTP_BUF_NEXT(prev); + } + if (m == NULL) { + control->tail_mbuf = prev; + } + continue; } - *t_size += chk->send_size; - if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { - return (1); + prev = m; + atomic_add_int(&control->length, SCTP_BUF_LEN(m)); + if (control->on_read_q) { + /* + * On read queue so we must increment the SB stuff, + * we assume caller has done any locks of SB. + */ + sctp_sballoc(stcb, &stcb->sctp_socket->so_rcv, m); } - tsn++; + m = SCTP_BUF_NEXT(m); + } + if (prev) { + control->tail_mbuf = prev; } - return (0); } static void -sctp_deliver_reasm_check(struct sctp_tcb *stcb, struct sctp_association *asoc) +sctp_add_to_tail_pointer(struct sctp_queued_to_read *control, struct mbuf *m) { - struct sctp_tmit_chunk *chk; - uint16_t nxt_todel; - uint32_t tsize, pd_point; + struct mbuf *prev = NULL; + struct sctp_tcb *stcb; -doit_again: - chk = TAILQ_FIRST(&asoc->reasmqueue); - if (chk == NULL) { - /* Huh? */ - asoc->size_on_reasm_queue = 0; - asoc->cnt_on_reasm_queue = 0; + stcb = control->stcb; + if (stcb == NULL) { + panic("Control broken"); + } + if (control->tail_mbuf == NULL) { + /* TSNH */ + control->data = m; + sctp_setup_tail_pointer(control); return; } - if (asoc->fragmented_delivery_inprogress == 0) { - nxt_todel = - asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered + 1; - if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) && - (nxt_todel == chk->rec.data.stream_seq || - (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED))) { - /* - * Yep the first one is here and its ok to deliver - * but should we? - */ - if (stcb->sctp_socket) { - pd_point = min(SCTP_SB_LIMIT_RCV(stcb->sctp_socket) >> SCTP_PARTIAL_DELIVERY_SHIFT, - stcb->sctp_ep->partial_delivery_point); + control->tail_mbuf->m_next = m; + while (m) { + if (SCTP_BUF_LEN(m) == 0) { + /* Skip mbufs with NO length */ + if (prev == NULL) { + /* First one */ + control->tail_mbuf->m_next = sctp_m_free(m); + m = control->tail_mbuf->m_next; } else { - pd_point = stcb->sctp_ep->partial_delivery_point; + SCTP_BUF_NEXT(prev) = sctp_m_free(m); + m = SCTP_BUF_NEXT(prev); } - if (sctp_is_all_msg_on_reasm(asoc, &tsize) || (tsize >= pd_point)) { - /* - * Yes, we setup to start reception, by - * backing down the TSN just in case we - * can't deliver. If we - */ - asoc->fragmented_delivery_inprogress = 1; - asoc->tsn_last_delivered = - chk->rec.data.TSN_seq - 1; - asoc->str_of_pdapi = - chk->rec.data.stream_number; - asoc->ssn_of_pdapi = chk->rec.data.stream_seq; - asoc->pdapi_ppid = chk->rec.data.payloadtype; - asoc->fragment_flags = chk->rec.data.rcv_flags; - sctp_service_reassembly(stcb, asoc); + if (m == NULL) { + control->tail_mbuf = prev; } + continue; } - } else { - /* - * Service re-assembly will deliver stream data queued at - * the end of fragmented delivery.. but it wont know to go - * back and call itself again... we do that here with the - * got doit_again - */ - sctp_service_reassembly(stcb, asoc); - if (asoc->fragmented_delivery_inprogress == 0) { + prev = m; + if (control->on_read_q) { /* - * finished our Fragmented delivery, could be more - * waiting? + * On read queue so we must increment the SB stuff, + * we assume caller has done any locks of SB. */ - goto doit_again; + sctp_sballoc(stcb, &stcb->sctp_socket->so_rcv, m); + } + atomic_add_int(&control->length, SCTP_BUF_LEN(m)); + m = SCTP_BUF_NEXT(m); + } + if (prev) { + control->tail_mbuf = prev; + } +} + +static void +sctp_build_readq_entry_from_ctl(struct sctp_queued_to_read *nc, struct sctp_queued_to_read *control) +{ + memset(nc, 0, sizeof(struct sctp_queued_to_read)); + nc->sinfo_stream = control->sinfo_stream; + nc->sinfo_ssn = control->sinfo_ssn; + TAILQ_INIT(&nc->reasm); + nc->top_fsn = control->top_fsn; + nc->msg_id = control->msg_id; + nc->sinfo_flags = control->sinfo_flags; + nc->sinfo_ppid = control->sinfo_ppid; + nc->sinfo_context = control->sinfo_context; + nc->fsn_included = 0xffffffff; + nc->sinfo_tsn = control->sinfo_tsn; + nc->sinfo_cumtsn = control->sinfo_cumtsn; + nc->sinfo_assoc_id = control->sinfo_assoc_id; + nc->whoFrom = control->whoFrom; + atomic_add_int(&nc->whoFrom->ref_count, 1); + nc->stcb = control->stcb; + nc->port_from = control->port_from; +} + +static int +sctp_handle_old_data(struct sctp_tcb *stcb, struct sctp_association *asoc, struct sctp_stream_in *strm, + struct sctp_queued_to_read *control, uint32_t pd_point) +{ + /* + * Special handling for the old un-ordered data chunk. All the + * chunks/TSN's go to msg_id 0. So we have to do the old style + * watching to see if we have it all. If you return one, no other + * control entries on the un-ordered queue will be looked at. In + * theory there should be no others entries in reality, unless the + * guy is sending both unordered NDATA and unordered DATA... + */ + struct sctp_tmit_chunk *chk, *lchk, *tchk; + uint32_t fsn; + struct sctp_queued_to_read *nc = NULL; + int cnt_added; + + if (control->first_frag_seen == 0) { + /* Nothing we can do, we have not seen the first piece yet */ + return (1); + } + /* Collapse any we can */ + cnt_added = 0; +restart: + fsn = control->fsn_included + 1; + /* Now what can we add? */ + TAILQ_FOREACH_SAFE(chk, &control->reasm, sctp_next, lchk) { + if (chk->rec.data.fsn_num == fsn) { + /* Ok lets add it */ + TAILQ_REMOVE(&control->reasm, chk, sctp_next); + sctp_add_chk_to_control(control, strm, stcb, asoc, chk); + fsn++; + cnt_added++; + chk = NULL; + if (control->end_added) { + /* We are done */ + if (!TAILQ_EMPTY(&control->reasm)) { + /* + * Ok we have to move anything left + * on the control queue to a new + * control. + */ + sctp_alloc_a_readq(stcb, nc); + sctp_build_readq_entry_from_ctl(nc, control); + tchk = TAILQ_FIRST(&control->reasm); + if (tchk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) { + TAILQ_REMOVE(&control->reasm, tchk, sctp_next); + nc->first_frag_seen = 1; + nc->fsn_included = tchk->rec.data.fsn_num; + nc->data = tchk->data; + sctp_mark_non_revokable(asoc, tchk->rec.data.TSN_seq); + tchk->data = NULL; + sctp_free_a_chunk(stcb, tchk, SCTP_SO_NOT_LOCKED); + sctp_setup_tail_pointer(nc); + tchk = TAILQ_FIRST(&control->reasm); + } + /* Spin the rest onto the queue */ + while (tchk) { + TAILQ_REMOVE(&control->reasm, tchk, sctp_next); + TAILQ_INSERT_TAIL(&nc->reasm, tchk, sctp_next); + tchk = TAILQ_FIRST(&control->reasm); + } + /* + * Now lets add it to the queue + * after removing control + */ + TAILQ_INSERT_TAIL(&strm->uno_inqueue, nc, next_instrm); + nc->on_strm_q = SCTP_ON_UNORDERED; + if (control->on_strm_q) { + TAILQ_REMOVE(&strm->uno_inqueue, control, next_instrm); + control->on_strm_q = 0; + } + } + if (control->on_read_q == 0) { + sctp_add_to_readq(stcb->sctp_ep, stcb, control, + &stcb->sctp_socket->so_rcv, control->end_added, + SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); + } + if (control->pdapi_started) { + strm->pd_api_started = 0; + control->pdapi_started = 0; + } + if (control->on_strm_q) { + TAILQ_REMOVE(&strm->uno_inqueue, control, next_instrm); + control->on_strm_q = 0; + } + sctp_wakeup_the_read_socket(stcb->sctp_ep); + if ((nc) && (nc->first_frag_seen)) { + /* + * Switch to the new guy and + * continue + */ + control = nc; + nc = NULL; + goto restart; + } + return (1); + } + } else { + /* Can't add more */ + break; } } + if ((control->length > pd_point) && (strm->pd_api_started == 0)) { + sctp_add_to_readq(stcb->sctp_ep, stcb, control, + &stcb->sctp_socket->so_rcv, control->end_added, + SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); + strm->pd_api_started = 1; + control->pdapi_started = 1; + sctp_wakeup_the_read_socket(stcb->sctp_ep); + return (0); + } else { + return (1); + } +} + +static void +sctp_inject_old_data_unordered(struct sctp_tcb *stcb, struct sctp_association *asoc, + struct sctp_stream_in *strm, + struct sctp_queued_to_read *control, + struct sctp_tmit_chunk *chk, + int *abort_flag) +{ + struct sctp_tmit_chunk *at; + int inserted = 0; + + /* + * Here we need to place the chunk into the control structure sorted + * in the correct order. + */ + if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) { + /* Its the very first one. */ + SCTPDBG(SCTP_DEBUG_XXX, + "chunk is a first fsn:%d becomes fsn_included\n", + chk->rec.data.fsn_num); + if (control->first_frag_seen) { + /* + * In old un-ordered we can reassembly on one + * control multiple messages. As long as the next + * FIRST is greater then the old first (TSN i.e. FSN + * wise) + */ + struct mbuf *tdata; + uint32_t tmp; + + if (SCTP_TSN_GT(chk->rec.data.fsn_num, control->fsn_included)) { + /* + * Easy way the start of a new guy beyond + * the lowest + */ + goto place_chunk; + } + if ((chk->rec.data.fsn_num == control->fsn_included) || + (control->pdapi_started)) { + /* + * Ok this should not happen, if it does we + * started the pd-api on the higher TSN + * (since the equals part is a TSN failure + * it must be that). + * + * We are completly hosed in that case since I + * have no way to recover. This really will + * only happen if we can get more TSN's + * higher before the pd-api-point. + */ + sctp_abort_in_reasm(stcb, strm, control, chk, + abort_flag, + SCTP_FROM_SCTP_INDATA + SCTP_LOC_4); + + return; + } + /* + * Ok we have two firsts and the one we just got is + * smaller than the one we previously placed.. yuck! + * We must swap them out. + */ + /* swap the mbufs */ + tdata = control->data; + control->data = chk->data; + chk->data = tdata; + /* Swap the lengths */ + tmp = control->length; + control->length = chk->send_size; + chk->send_size = tmp; + /* Fix the FSN included */ + tmp = control->fsn_included; + control->fsn_included = chk->rec.data.fsn_num; + chk->rec.data.fsn_num = tmp; + goto place_chunk; + } + control->first_frag_seen = 1; + control->top_fsn = control->fsn_included = chk->rec.data.fsn_num; + control->data = chk->data; + sctp_mark_non_revokable(asoc, chk->rec.data.TSN_seq); + chk->data = NULL; + sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); + sctp_setup_tail_pointer(control); + return; + } +place_chunk: + if (TAILQ_EMPTY(&control->reasm)) { + TAILQ_INSERT_TAIL(&control->reasm, chk, sctp_next); + asoc->size_on_reasm_queue += chk->send_size; + sctp_ucount_incr(asoc->cnt_on_reasm_queue); + return; + } + TAILQ_FOREACH(at, &control->reasm, sctp_next) { + if (SCTP_TSN_GT(at->rec.data.fsn_num, chk->rec.data.fsn_num)) { + /* + * This one in queue is bigger than the new one, + * insert the new one before at. + */ + asoc->size_on_reasm_queue += chk->send_size; + sctp_ucount_incr(asoc->cnt_on_reasm_queue); + inserted = 1; + TAILQ_INSERT_BEFORE(at, chk, sctp_next); + break; + } else if (at->rec.data.fsn_num == chk->rec.data.fsn_num) { + /* + * They sent a duplicate fsn number. This really + * should not happen since the FSN is a TSN and it + * should have been dropped earlier. + */ + if (chk->data) { + sctp_m_freem(chk->data); + chk->data = NULL; + } + sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); + sctp_abort_in_reasm(stcb, strm, control, chk, + abort_flag, + SCTP_FROM_SCTP_INDATA + SCTP_LOC_5); + return; + } + } + if (inserted == 0) { + /* Its at the end */ + asoc->size_on_reasm_queue += chk->send_size; + sctp_ucount_incr(asoc->cnt_on_reasm_queue); + control->top_fsn = chk->rec.data.fsn_num; + TAILQ_INSERT_TAIL(&control->reasm, chk, sctp_next); + } +} + +static int +sctp_deliver_reasm_check(struct sctp_tcb *stcb, struct sctp_association *asoc, struct sctp_stream_in *strm) +{ + /* + * Given a stream, strm, see if any of the SSN's on it that are + * fragmented are ready to deliver. If so go ahead and place them on + * the read queue. In so placing if we have hit the end, then we + * need to remove them from the stream's queue. + */ + struct sctp_queued_to_read *control, *nctl = NULL; + uint32_t next_to_del; + uint32_t pd_point; + int ret = 0; + + if (stcb->sctp_socket) { + pd_point = min(SCTP_SB_LIMIT_RCV(stcb->sctp_socket) >> SCTP_PARTIAL_DELIVERY_SHIFT, + stcb->sctp_ep->partial_delivery_point); + } else { + pd_point = stcb->sctp_ep->partial_delivery_point; + } + control = TAILQ_FIRST(&strm->uno_inqueue); + if ((control) && + (asoc->idata_supported == 0)) { + /* Special handling needed for "old" data format */ + nctl = TAILQ_NEXT(control, next_instrm); + if (sctp_handle_old_data(stcb, asoc, strm, control, pd_point)) { + goto done_un; + } + } + if (strm->pd_api_started) { + /* Can't add more */ + return (0); + } + while (control) { + SCTPDBG(SCTP_DEBUG_XXX, "Looking at control:%p e(%d) ssn:%d top_fsn:%d inc_fsn:%d -uo\n", + control, control->end_added, control->sinfo_ssn, control->top_fsn, control->fsn_included); + nctl = TAILQ_NEXT(control, next_instrm); + if (control->end_added) { + /* We just put the last bit on */ + if (control->on_strm_q) { + if (control->on_strm_q != SCTP_ON_UNORDERED) { + panic("Huh control:%p on_q:%d -- not unordered?", + control, control->on_strm_q); + } + TAILQ_REMOVE(&strm->uno_inqueue, control, next_instrm); + control->on_strm_q = 0; + } + if (control->on_read_q == 0) { + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, control->end_added, + SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); + } + } else { + /* Can we do a PD-API for this un-ordered guy? */ + if ((control->length >= pd_point) && (strm->pd_api_started == 0)) { + strm->pd_api_started = 1; + control->pdapi_started = 1; + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, control->end_added, + SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); + + break; + } + } + control = nctl; + } +done_un: + control = TAILQ_FIRST(&strm->inqueue); + if (strm->pd_api_started) { + /* Can't add more */ + return (0); + } + if (control == NULL) { + return (ret); + } + if (strm->last_sequence_delivered == control->sinfo_ssn) { + /* + * Ok the guy at the top was being partially delivered + * completed, so we remove it. Note the pd_api flag was + * taken off when the chunk was merged on in + * sctp_queue_data_for_reasm below. + */ + nctl = TAILQ_NEXT(control, next_instrm); + SCTPDBG(SCTP_DEBUG_XXX, + "Looking at control:%p e(%d) ssn:%d top_fsn:%d inc_fsn:%d (lastdel:%d)- o\n", + control, control->end_added, control->sinfo_ssn, + control->top_fsn, control->fsn_included, + strm->last_sequence_delivered); + if (control->end_added) { + if (control->on_strm_q) { + if (control->on_strm_q != SCTP_ON_ORDERED) { + panic("Huh control:%p on_q:%d -- not ordered?", + control, control->on_strm_q); + } + TAILQ_REMOVE(&strm->inqueue, control, next_instrm); + control->on_strm_q = 0; + } + if (control->on_read_q == 0) { + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, control->end_added, + SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); + } + if (strm->pd_api_started && control->pdapi_started) { + control->pdapi_started = 0; + strm->pd_api_started = 0; + } + control = nctl; + } + } + if (strm->pd_api_started) { + /* + * Can't add more must have gotten an un-ordered above being + * partially delivered. + */ + return (0); + } +deliver_more: + next_to_del = strm->last_sequence_delivered + 1; + if (control) { + SCTPDBG(SCTP_DEBUG_XXX, + "Looking at control:%p e(%d) ssn:%d top_fsn:%d inc_fsn:%d (nxtdel:%d)- o\n", + control, control->end_added, control->sinfo_ssn, control->top_fsn, control->fsn_included, + next_to_del); + nctl = TAILQ_NEXT(control, next_instrm); + if ((control->sinfo_ssn == next_to_del) && + (control->first_frag_seen)) { + /* Ok we can deliver it onto the stream. */ + if (control->end_added) { + /* We are done with it afterwards */ + if (control->on_strm_q) { + if (control->on_strm_q != SCTP_ON_ORDERED) { + panic("Huh control:%p on_q:%d -- not ordered?", + control, control->on_strm_q); + } + TAILQ_REMOVE(&strm->inqueue, control, next_instrm); + control->on_strm_q = 0; + } + ret++; + } + if (((control->sinfo_flags >> 8) & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG) { + /* + * A singleton now slipping through - mark + * it non-revokable too + */ + sctp_mark_non_revokable(asoc, control->sinfo_tsn); + } else if (control->end_added == 0) { + /* + * Check if we can defer adding until its + * all there + */ + if ((control->length < pd_point) || (strm->pd_api_started)) { + /* + * Don't need it or cannot add more + * (one being delivered that way) + */ + goto out; + } + } + if (control->on_read_q == 0) { + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, control->end_added, + SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); + } + strm->last_sequence_delivered = next_to_del; + if ((control->end_added) && (control->last_frag_seen)) { + control = nctl; + goto deliver_more; + } else { + /* We are now doing PD API */ + strm->pd_api_started = 1; + control->pdapi_started = 1; + } + } + } +out: + return (ret); +} + +void +sctp_add_chk_to_control(struct sctp_queued_to_read *control, + struct sctp_stream_in *strm, + struct sctp_tcb *stcb, struct sctp_association *asoc, + struct sctp_tmit_chunk *chk) +{ + /* + * Given a control and a chunk, merge the data from the chk onto the + * control and free up the chunk resources. + */ + int i_locked = 0; + + if (control->on_read_q) { + /* + * Its being pd-api'd so we must do some locks. + */ + SCTP_INP_READ_LOCK(stcb->sctp_ep); + i_locked = 1; + } + if (control->data == NULL) { + control->data = chk->data; + sctp_setup_tail_pointer(control); + } else { + sctp_add_to_tail_pointer(control, chk->data); + } + control->fsn_included = chk->rec.data.fsn_num; + asoc->size_on_reasm_queue -= chk->send_size; + sctp_ucount_decr(asoc->cnt_on_reasm_queue); + sctp_mark_non_revokable(asoc, chk->rec.data.TSN_seq); + chk->data = NULL; + if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) { + control->first_frag_seen = 1; + } + if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { + /* Its complete */ + if ((control->on_strm_q) && (control->on_read_q)) { + if (control->pdapi_started) { + control->pdapi_started = 0; + strm->pd_api_started = 0; + } + if (control->on_strm_q == SCTP_ON_UNORDERED) { + /* Unordered */ + TAILQ_REMOVE(&strm->uno_inqueue, control, next_instrm); + control->on_strm_q = 0; + } else if (control->on_strm_q == SCTP_ON_ORDERED) { + /* Ordered */ + TAILQ_REMOVE(&strm->inqueue, control, next_instrm); + control->on_strm_q = 0; + } else if (control->on_strm_q) { + panic("Unknown state on ctrl:%p on_strm_q:%d", control, + control->on_strm_q); + } + } + control->end_added = 1; + control->last_frag_seen = 1; + } + if (i_locked) { + SCTP_INP_READ_UNLOCK(stcb->sctp_ep); + } + sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); } /* @@ -852,458 +1232,359 @@ doit_again: */ static void sctp_queue_data_for_reasm(struct sctp_tcb *stcb, struct sctp_association *asoc, - struct sctp_tmit_chunk *chk, int *abort_flag) + struct sctp_stream_in *strm, + struct sctp_queued_to_read *control, + struct sctp_tmit_chunk *chk, + int created_control, + int *abort_flag, uint32_t tsn) { - struct mbuf *op_err; - char msg[SCTP_DIAG_INFO_LEN]; - uint32_t cum_ackp1, prev_tsn, post_tsn; - struct sctp_tmit_chunk *at, *prev, *next; + uint32_t next_fsn; + struct sctp_tmit_chunk *at, *nat; + int cnt_added, unordered; - prev = next = NULL; - cum_ackp1 = asoc->tsn_last_delivered + 1; - if (TAILQ_EMPTY(&asoc->reasmqueue)) { - /* This is the first one on the queue */ - TAILQ_INSERT_HEAD(&asoc->reasmqueue, chk, sctp_next); - /* - * we do not check for delivery of anything when only one - * fragment is here - */ - asoc->size_on_reasm_queue = chk->send_size; - sctp_ucount_incr(asoc->cnt_on_reasm_queue); - if (chk->rec.data.TSN_seq == cum_ackp1) { - if (asoc->fragmented_delivery_inprogress == 0 && - (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) != - SCTP_DATA_FIRST_FRAG) { - /* - * An empty queue, no delivery inprogress, - * we hit the next one and it does NOT have - * a FIRST fragment mark. - */ - SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, its not first, no fragmented delivery in progress\n"); - snprintf(msg, sizeof(msg), - "Expected B-bit for TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - chk->rec.data.TSN_seq, - chk->rec.data.stream_number, - chk->rec.data.stream_seq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_2; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - } else if (asoc->fragmented_delivery_inprogress && - (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == SCTP_DATA_FIRST_FRAG) { - /* - * We are doing a partial delivery and the - * NEXT chunk MUST be either the LAST or - * MIDDLE fragment NOT a FIRST - */ - SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS a first and fragmented delivery in progress\n"); - snprintf(msg, sizeof(msg), - "Didn't expect B-bit for TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - chk->rec.data.TSN_seq, - chk->rec.data.stream_number, - chk->rec.data.stream_seq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_3; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - } else if (asoc->fragmented_delivery_inprogress) { - /* - * Here we are ok with a MIDDLE or LAST - * piece - */ - if (chk->rec.data.stream_number != - asoc->str_of_pdapi) { - /* Got to be the right STR No */ - SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS not same stream number %d vs %d\n", - chk->rec.data.stream_number, - asoc->str_of_pdapi); - snprintf(msg, sizeof(msg), - "Expected SID=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - asoc->str_of_pdapi, - chk->rec.data.TSN_seq, - chk->rec.data.stream_number, - chk->rec.data.stream_seq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_4; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - } else if ((asoc->fragment_flags & SCTP_DATA_UNORDERED) != - SCTP_DATA_UNORDERED && - chk->rec.data.stream_seq != asoc->ssn_of_pdapi) { - /* Got to be the right STR Seq */ - SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it IS not same stream seq %d vs %d\n", - chk->rec.data.stream_seq, - asoc->ssn_of_pdapi); - snprintf(msg, sizeof(msg), - "Expected SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - asoc->ssn_of_pdapi, - chk->rec.data.TSN_seq, - chk->rec.data.stream_number, - chk->rec.data.stream_seq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_5; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - } + /* + * For old un-ordered data chunks. + */ + if ((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) { + unordered = 1; + } else { + unordered = 0; + } + /* Must be added to the stream-in queue */ + if (created_control) { + if (sctp_place_control_in_stream(strm, asoc, control)) { + /* Duplicate SSN? */ + clean_up_control(stcb, control); + sctp_abort_in_reasm(stcb, strm, control, chk, + abort_flag, + SCTP_FROM_SCTP_INDATA + SCTP_LOC_6); + return; + } + if ((tsn == (asoc->cumulative_tsn + 1) && (asoc->idata_supported == 0))) { + /* + * Ok we created this control and now lets validate + * that its legal i.e. there is a B bit set, if not + * and we have up to the cum-ack then its invalid. + */ + if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) == 0) { + sctp_abort_in_reasm(stcb, strm, control, chk, + abort_flag, + SCTP_FROM_SCTP_INDATA + SCTP_LOC_7); + return; } } + } + if ((asoc->idata_supported == 0) && ((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED)) { + sctp_inject_old_data_unordered(stcb, asoc, strm, control, chk, abort_flag); return; } - /* Find its place */ - TAILQ_FOREACH(at, &asoc->reasmqueue, sctp_next) { - if (SCTP_TSN_GT(at->rec.data.TSN_seq, chk->rec.data.TSN_seq)) { + /* + * Ok we must queue the chunk into the reasembly portion: o if its + * the first it goes to the control mbuf. o if its not first but the + * next in sequence it goes to the control, and each succeeding one + * in order also goes. o if its not in order we place it on the list + * in its place. + */ + if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) { + /* Its the very first one. */ + SCTPDBG(SCTP_DEBUG_XXX, + "chunk is a first fsn:%d becomes fsn_included\n", + chk->rec.data.fsn_num); + if (control->first_frag_seen) { /* - * one in queue is bigger than the new one, insert - * before this one + * Error on senders part, they either sent us two + * data chunks with FIRST, or they sent two + * un-ordered chunks that were fragmented at the + * same time in the same stream. */ - /* A check */ - asoc->size_on_reasm_queue += chk->send_size; - sctp_ucount_incr(asoc->cnt_on_reasm_queue); - next = at; - TAILQ_INSERT_BEFORE(at, chk, sctp_next); - break; - } else if (at->rec.data.TSN_seq == chk->rec.data.TSN_seq) { - /* Gak, He sent me a duplicate str seq number */ - /* - * foo bar, I guess I will just free this new guy, - * should we abort too? FIX ME MAYBE? Or it COULD be - * that the SSN's have wrapped. Maybe I should - * compare to TSN somehow... sigh for now just blow - * away the chunk! - */ - if (chk->data) { - sctp_m_freem(chk->data); - chk->data = NULL; - } - sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); + sctp_abort_in_reasm(stcb, strm, control, chk, + abort_flag, + SCTP_FROM_SCTP_INDATA + SCTP_LOC_8); return; - } else { - prev = at; - if (TAILQ_NEXT(at, sctp_next) == NULL) { + } + control->first_frag_seen = 1; + control->fsn_included = chk->rec.data.fsn_num; + control->data = chk->data; + sctp_mark_non_revokable(asoc, chk->rec.data.TSN_seq); + chk->data = NULL; + sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); + sctp_setup_tail_pointer(control); + } else { + /* Place the chunk in our list */ + int inserted = 0; + + if (control->last_frag_seen == 0) { + /* Still willing to raise highest FSN seen */ + if (SCTP_TSN_GT(chk->rec.data.fsn_num, control->top_fsn)) { + SCTPDBG(SCTP_DEBUG_XXX, + "We have a new top_fsn:%d\n", + chk->rec.data.fsn_num); + control->top_fsn = chk->rec.data.fsn_num; + } + if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { + SCTPDBG(SCTP_DEBUG_XXX, + "The last fsn is now in place fsn:%d\n", + chk->rec.data.fsn_num); + control->last_frag_seen = 1; + } + if (asoc->idata_supported || control->first_frag_seen) { /* - * We are at the end, insert it after this - * one + * For IDATA we always check since we know + * that the first fragment is 0. For old + * DATA we have to receive the first before + * we knwo the first FSN (which is the TSN). */ - /* check it first */ + if (SCTP_TSN_GE(control->fsn_included, chk->rec.data.fsn_num)) { + /* + * We have already delivered up to + * this so its a dup + */ + sctp_abort_in_reasm(stcb, strm, control, chk, + abort_flag, + SCTP_FROM_SCTP_INDATA + SCTP_LOC_9); + return; + } + } + } else { + if (chk->rec.data.rcv_flags & SCTP_DATA_LAST_FRAG) { + /* Second last? huh? */ + SCTPDBG(SCTP_DEBUG_XXX, + "Duplicate last fsn:%d (top:%d) -- abort\n", + chk->rec.data.fsn_num, control->top_fsn); + sctp_abort_in_reasm(stcb, strm, control, + chk, abort_flag, + SCTP_FROM_SCTP_INDATA + SCTP_LOC_10); + return; + } + if (asoc->idata_supported || control->first_frag_seen) { + /* + * For IDATA we always check since we know + * that the first fragment is 0. For old + * DATA we have to receive the first before + * we knwo the first FSN (which is the TSN). + */ + + if (SCTP_TSN_GE(control->fsn_included, chk->rec.data.fsn_num)) { + /* + * We have already delivered up to + * this so its a dup + */ + SCTPDBG(SCTP_DEBUG_XXX, + "New fsn:%d is already seen in included_fsn:%d -- abort\n", + chk->rec.data.fsn_num, control->fsn_included); + sctp_abort_in_reasm(stcb, strm, control, chk, + abort_flag, + SCTP_FROM_SCTP_INDATA + SCTP_LOC_11); + return; + } + } + /* + * validate not beyond top FSN if we have seen last + * one + */ + if (SCTP_TSN_GT(chk->rec.data.fsn_num, control->top_fsn)) { + SCTPDBG(SCTP_DEBUG_XXX, + "New fsn:%d is beyond or at top_fsn:%d -- abort\n", + chk->rec.data.fsn_num, + control->top_fsn); + sctp_abort_in_reasm(stcb, strm, control, chk, + abort_flag, + SCTP_FROM_SCTP_INDATA + SCTP_LOC_12); + return; + } + } + /* + * If we reach here, we need to place the new chunk in the + * reassembly for this control. + */ + SCTPDBG(SCTP_DEBUG_XXX, + "chunk is a not first fsn:%d needs to be inserted\n", + chk->rec.data.fsn_num); + TAILQ_FOREACH(at, &control->reasm, sctp_next) { + if (SCTP_TSN_GT(at->rec.data.fsn_num, chk->rec.data.fsn_num)) { + /* + * This one in queue is bigger than the new + * one, insert the new one before at. + */ + SCTPDBG(SCTP_DEBUG_XXX, + "Insert it before fsn:%d\n", + at->rec.data.fsn_num); asoc->size_on_reasm_queue += chk->send_size; sctp_ucount_incr(asoc->cnt_on_reasm_queue); - TAILQ_INSERT_AFTER(&asoc->reasmqueue, at, chk, sctp_next); + TAILQ_INSERT_BEFORE(at, chk, sctp_next); + inserted = 1; + break; + } else if (at->rec.data.fsn_num == chk->rec.data.fsn_num) { + /* + * Gak, He sent me a duplicate str seq + * number + */ + /* + * foo bar, I guess I will just free this + * new guy, should we abort too? FIX ME + * MAYBE? Or it COULD be that the SSN's have + * wrapped. Maybe I should compare to TSN + * somehow... sigh for now just blow away + * the chunk! + */ + SCTPDBG(SCTP_DEBUG_XXX, + "Duplicate to fsn:%d -- abort\n", + at->rec.data.fsn_num); + sctp_abort_in_reasm(stcb, strm, control, + chk, abort_flag, + SCTP_FROM_SCTP_INDATA + SCTP_LOC_13); + return; + } + } + if (inserted == 0) { + /* Goes on the end */ + SCTPDBG(SCTP_DEBUG_XXX, "Inserting at tail of list fsn:%d\n", + chk->rec.data.fsn_num); + asoc->size_on_reasm_queue += chk->send_size; + sctp_ucount_incr(asoc->cnt_on_reasm_queue); + TAILQ_INSERT_TAIL(&control->reasm, chk, sctp_next); + } + } + /* + * Ok lets see if we can suck any up into the control structure that + * are in seq if it makes sense. + */ + cnt_added = 0; + /* + * If the first fragment has not been seen there is no sense in + * looking. + */ + if (control->first_frag_seen) { + next_fsn = control->fsn_included + 1; + TAILQ_FOREACH_SAFE(at, &control->reasm, sctp_next, nat) { + if (at->rec.data.fsn_num == next_fsn) { + /* We can add this one now to the control */ + SCTPDBG(SCTP_DEBUG_XXX, + "Adding more to control:%p at:%p fsn:%d next_fsn:%d included:%d\n", + control, at, + at->rec.data.fsn_num, + next_fsn, control->fsn_included); + TAILQ_REMOVE(&control->reasm, at, sctp_next); + sctp_add_chk_to_control(control, strm, stcb, asoc, at); + cnt_added++; + next_fsn++; + if (control->end_added && control->pdapi_started) { + if (strm->pd_api_started) { + strm->pd_api_started = 0; + control->pdapi_started = 0; + } + if (control->on_read_q == 0) { + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, control->end_added, + SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); + } + break; + } + } else { break; } } } - /* Now the audits */ - if (prev) { - prev_tsn = chk->rec.data.TSN_seq - 1; - if (prev_tsn == prev->rec.data.TSN_seq) { - /* - * Ok the one I am dropping onto the end is the - * NEXT. A bit of valdiation here. - */ - if ((prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) == - SCTP_DATA_FIRST_FRAG || - (prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) == - SCTP_DATA_MIDDLE_FRAG) { - /* - * Insert chk MUST be a MIDDLE or LAST - * fragment - */ - if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) == - SCTP_DATA_FIRST_FRAG) { - SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - It can be a midlle or last but not a first\n"); - SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, it's a FIRST!\n"); - snprintf(msg, sizeof(msg), - "Can't handle B-bit, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - chk->rec.data.TSN_seq, - chk->rec.data.stream_number, - chk->rec.data.stream_seq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_6; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - return; - } - if (chk->rec.data.stream_number != - prev->rec.data.stream_number) { - /* - * Huh, need the correct STR here, - * they must be the same. - */ - SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - Gak, Evil plot, sid:%d not the same as at:%d\n", - chk->rec.data.stream_number, - prev->rec.data.stream_number); - snprintf(msg, sizeof(msg), - "Expect SID=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - prev->rec.data.stream_number, - chk->rec.data.TSN_seq, - chk->rec.data.stream_number, - chk->rec.data.stream_seq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_7; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - return; - } - if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) != - (prev->rec.data.rcv_flags & SCTP_DATA_UNORDERED)) { - /* - * Huh, need the same ordering here, - * they must be the same. - */ - SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - Gak, Evil plot, U-bit not constant\n"); - snprintf(msg, sizeof(msg), - "Expect U-bit=%d for TSN=%8.8x, got U-bit=%d", - (prev->rec.data.rcv_flags & SCTP_DATA_UNORDERED) ? 1 : 0, - chk->rec.data.TSN_seq, - (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) ? 1 : 0); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_8; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - return; - } - if ((prev->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0 && - chk->rec.data.stream_seq != - prev->rec.data.stream_seq) { - /* - * Huh, need the correct STR here, - * they must be the same. - */ - SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - Gak, Evil plot, sseq:%d not the same as at:%d\n", - chk->rec.data.stream_seq, - prev->rec.data.stream_seq); - snprintf(msg, sizeof(msg), - "Expect SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - prev->rec.data.stream_seq, - chk->rec.data.TSN_seq, - chk->rec.data.stream_number, - chk->rec.data.stream_seq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_9; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - return; - } - } else if ((prev->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) == - SCTP_DATA_LAST_FRAG) { - /* Insert chk MUST be a FIRST */ - if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) != - SCTP_DATA_FIRST_FRAG) { - SCTPDBG(SCTP_DEBUG_INDATA1, "Prev check - Gak, evil plot, its not FIRST and it must be!\n"); - snprintf(msg, sizeof(msg), - "Expect B-bit, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - chk->rec.data.TSN_seq, - chk->rec.data.stream_number, - chk->rec.data.stream_seq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_10; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - return; - } - } - } + if ((control->on_read_q) && (cnt_added > 0)) { + /* Need to wakeup the reader */ + sctp_wakeup_the_read_socket(stcb->sctp_ep); } - if (next) { - post_tsn = chk->rec.data.TSN_seq + 1; - if (post_tsn == next->rec.data.TSN_seq) { - /* - * Ok the one I am inserting ahead of is my NEXT - * one. A bit of valdiation here. - */ - if (next->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) { - /* Insert chk MUST be a last fragment */ - if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) - != SCTP_DATA_LAST_FRAG) { - SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Next is FIRST, we must be LAST\n"); - SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, its not a last!\n"); - snprintf(msg, sizeof(msg), - "Expect only E-bit, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - chk->rec.data.TSN_seq, - chk->rec.data.stream_number, - chk->rec.data.stream_seq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_11; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - return; - } - } else if ((next->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) == - SCTP_DATA_MIDDLE_FRAG || - (next->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) == - SCTP_DATA_LAST_FRAG) { - /* - * Insert chk CAN be MIDDLE or FIRST NOT - * LAST - */ - if ((chk->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) == - SCTP_DATA_LAST_FRAG) { - SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Next is a MIDDLE/LAST\n"); - SCTPDBG(SCTP_DEBUG_INDATA1, "Gak, Evil plot, new prev chunk is a LAST\n"); - snprintf(msg, sizeof(msg), - "Didn't expect E-bit, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - chk->rec.data.TSN_seq, - chk->rec.data.stream_number, - chk->rec.data.stream_seq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_12; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - return; - } - if (chk->rec.data.stream_number != - next->rec.data.stream_number) { - /* - * Huh, need the correct STR here, - * they must be the same. - */ - SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Gak, Evil plot, ssn:%d not the same as at:%d\n", - chk->rec.data.stream_number, - next->rec.data.stream_number); - snprintf(msg, sizeof(msg), - "Required SID %4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - next->rec.data.stream_number, - chk->rec.data.TSN_seq, - chk->rec.data.stream_number, - chk->rec.data.stream_seq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_13; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - return; - } - if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) != - (next->rec.data.rcv_flags & SCTP_DATA_UNORDERED)) { - /* - * Huh, need the same ordering here, - * they must be the same. - */ - SCTPDBG(SCTP_DEBUG_INDATA1, "Next check - Gak, Evil plot, U-bit not constant\n"); - snprintf(msg, sizeof(msg), - "Expect U-bit=%d for TSN=%8.8x, got U-bit=%d", - (next->rec.data.rcv_flags & SCTP_DATA_UNORDERED) ? 1 : 0, - chk->rec.data.TSN_seq, - (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) ? 1 : 0); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_14; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - return; - } - if ((next->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == 0 && - chk->rec.data.stream_seq != - next->rec.data.stream_seq) { - /* - * Huh, need the correct STR here, - * they must be the same. - */ - SCTPDBG(SCTP_DEBUG_INDATA1, "Next chk - Gak, Evil plot, sseq:%d not the same as at:%d\n", - chk->rec.data.stream_seq, - next->rec.data.stream_seq); - snprintf(msg, sizeof(msg), - "Required SSN %4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - next->rec.data.stream_seq, - chk->rec.data.TSN_seq, - chk->rec.data.stream_number, - chk->rec.data.stream_seq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_15; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - return; - } - } - } - } - /* Do we need to do some delivery? check */ - sctp_deliver_reasm_check(stcb, asoc); } -/* - * This is an unfortunate routine. It checks to make sure a evil guy is not - * stuffing us full of bad packet fragments. A broken peer could also do this - * but this is doubtful. It is to bad I must worry about evil crackers sigh - * :< more cycles. - */ -static int -sctp_does_tsn_belong_to_reasm(struct sctp_association *asoc, - uint32_t TSN_seq) +static struct sctp_queued_to_read * +find_reasm_entry(struct sctp_stream_in *strm, uint32_t msg_id, int ordered, int old) { - struct sctp_tmit_chunk *at; - uint32_t tsn_est; + struct sctp_queued_to_read *reasm; - TAILQ_FOREACH(at, &asoc->reasmqueue, sctp_next) { - if (SCTP_TSN_GT(TSN_seq, at->rec.data.TSN_seq)) { - /* is it one bigger? */ - tsn_est = at->rec.data.TSN_seq + 1; - if (tsn_est == TSN_seq) { - /* yep. It better be a last then */ - if ((at->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) != - SCTP_DATA_LAST_FRAG) { - /* - * Ok this guy belongs next to a guy - * that is NOT last, it should be a - * middle/last, not a complete - * chunk. - */ - return (1); - } else { - /* - * This guy is ok since its a LAST - * and the new chunk is a fully - * self- contained one. - */ - return (0); - } + if (ordered) { + TAILQ_FOREACH(reasm, &strm->inqueue, next_instrm) { + if (reasm->msg_id == msg_id) { + break; } - } else if (TSN_seq == at->rec.data.TSN_seq) { - /* Software error since I have a dup? */ - return (1); - } else { - /* - * Ok, 'at' is larger than new chunk but does it - * need to be right before it. - */ - tsn_est = TSN_seq + 1; - if (tsn_est == at->rec.data.TSN_seq) { - /* Yep, It better be a first */ - if ((at->rec.data.rcv_flags & SCTP_DATA_FRAG_MASK) != - SCTP_DATA_FIRST_FRAG) { - return (1); - } else { - return (0); - } + } + } else { + if (old) { + reasm = TAILQ_FIRST(&strm->uno_inqueue); + return (reasm); + } + TAILQ_FOREACH(reasm, &strm->uno_inqueue, next_instrm) { + if (reasm->msg_id == msg_id) { + break; } } } - return (0); + return (reasm); } + static int sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, - struct mbuf **m, int offset, struct sctp_data_chunk *ch, int chk_length, + struct mbuf **m, int offset, int chk_length, struct sctp_nets *net, uint32_t * high_tsn, int *abort_flag, - int *break_flag, int last_chunk) + int *break_flag, int last_chunk, uint8_t chtype) { /* Process a data chunk */ /* struct sctp_tmit_chunk *chk; */ + struct sctp_data_chunk *ch; + struct sctp_idata_chunk *nch, chunk_buf; struct sctp_tmit_chunk *chk; - uint32_t tsn, gap; + uint32_t tsn, fsn, gap, msg_id; struct mbuf *dmbuf; int the_len; int need_reasm_check = 0; - uint16_t strmno, strmseq; + uint16_t strmno; struct mbuf *op_err; char msg[SCTP_DIAG_INFO_LEN]; - struct sctp_queued_to_read *control; - int ordered; + struct sctp_queued_to_read *control = NULL; uint32_t protocol_id; uint8_t chunk_flags; struct sctp_stream_reset_list *liste; + struct sctp_stream_in *strm; + int ordered; + size_t clen; + int created_control = 0; + uint8_t old_data; chk = NULL; - tsn = ntohl(ch->dp.tsn); + if (chtype == SCTP_IDATA) { + nch = (struct sctp_idata_chunk *)sctp_m_getptr(*m, offset, + sizeof(struct sctp_idata_chunk), (uint8_t *) & chunk_buf); + + ch = (struct sctp_data_chunk *)nch; + clen = sizeof(struct sctp_idata_chunk); + tsn = ntohl(ch->dp.tsn); + msg_id = ntohl(nch->dp.msg_id); + if (ch->ch.chunk_flags & SCTP_DATA_FIRST_FRAG) + fsn = 0; + else + fsn = ntohl(nch->dp.fsn); + old_data = 0; + } else { + ch = (struct sctp_data_chunk *)sctp_m_getptr(*m, offset, + sizeof(struct sctp_data_chunk), (uint8_t *) & chunk_buf); + + tsn = ntohl(ch->dp.tsn); + clen = sizeof(struct sctp_data_chunk); + fsn = tsn; + msg_id = (uint32_t) (ntohs(ch->dp.stream_sequence)); + nch = NULL; + old_data = 1; + } chunk_flags = ch->ch.chunk_flags; + if ((size_t)chk_length == clen) { + /* + * Need to send an abort since we had a empty data chunk. + */ + struct mbuf *op_err; + + op_err = sctp_generate_no_user_data_cause(ch->dp.tsn); + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_14; + sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); + *abort_flag = 1; + return (0); + } + ordered = ((chunk_flags & SCTP_DATA_UNORDERED) == 0); if ((chunk_flags & SCTP_DATA_SACK_IMMEDIATELY) == SCTP_DATA_SACK_IMMEDIATELY) { asoc->send_sack = 1; } @@ -1377,54 +1658,9 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, * for on a partial delivery API. */ - /* now do the tests */ - if (((asoc->cnt_on_all_streams + - asoc->cnt_on_reasm_queue + - asoc->cnt_msg_on_sb) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)) || - (((int)asoc->my_rwnd) <= 0)) { - /* - * When we have NO room in the rwnd we check to make sure - * the reader is doing its job... - */ - if (stcb->sctp_socket->so_rcv.sb_cc) { - /* some to read, wake-up */ -#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) - struct socket *so; - - so = SCTP_INP_SO(stcb->sctp_ep); - atomic_add_int(&stcb->asoc.refcnt, 1); - SCTP_TCB_UNLOCK(stcb); - SCTP_SOCKET_LOCK(so, 1); - SCTP_TCB_LOCK(stcb); - atomic_subtract_int(&stcb->asoc.refcnt, 1); - if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { - /* assoc was freed while we were unlocked */ - SCTP_SOCKET_UNLOCK(so, 1); - return (0); - } -#endif - sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); -#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) - SCTP_SOCKET_UNLOCK(so, 1); -#endif - } - /* now is it in the mapping array of what we have accepted? */ - if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_map) && - SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) { - /* Nope not in the valid range dump it */ - sctp_set_rwnd(stcb, asoc); - if ((asoc->cnt_on_all_streams + - asoc->cnt_on_reasm_queue + - asoc->cnt_msg_on_sb) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)) { - SCTP_STAT_INCR(sctps_datadropchklmt); - } else { - SCTP_STAT_INCR(sctps_datadroprwnd); - } - *break_flag = 1; - return (0); - } - } + /* Is the stream valid? */ strmno = ntohs(ch->dp.stream_id); + if (strmno >= asoc->streamincnt) { struct sctp_error_invalid_stream *cause; @@ -1458,14 +1694,121 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, } return (0); } + strm = &asoc->strmin[strmno]; /* - * Before we continue lets validate that we are not being fooled by - * an evil attacker. We can only have 4k chunks based on our TSN - * spread allowed by the mapping array 512 * 8 bits, so there is no - * way our stream sequence numbers could have wrapped. We of course - * only validate the FIRST fragment so the bit must be set. + * If its a fragmented message, lets see if we can find the control + * on the reassembly queues. */ - strmseq = ntohs(ch->dp.stream_sequence); + if ((chtype == SCTP_IDATA) && ((chunk_flags & SCTP_DATA_FIRST_FRAG) == 0) && (fsn == 0)) { + /* + * The first *must* be fsn 0, and other (middle/end) pieces + * can *not* be fsn 0. + */ + goto err_out; + } + if ((chunk_flags & SCTP_DATA_NOT_FRAG) != SCTP_DATA_NOT_FRAG) { + /* See if we can find the re-assembly entity */ + control = find_reasm_entry(strm, msg_id, ordered, old_data); + SCTPDBG(SCTP_DEBUG_XXX, "chunk_flags:0x%x look for control on queues %p\n", + chunk_flags, control); + if (control) { + /* We found something, does it belong? */ + if (ordered && (msg_id != control->sinfo_ssn)) { + err_out: + op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_15; + sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); + *abort_flag = 1; + return (0); + } + if (ordered && ((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED)) { + /* + * We can't have a switched order with an + * unordered chunk + */ + goto err_out; + } + if (!ordered && (((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) == 0)) { + /* + * We can't have a switched unordered with a + * ordered chunk + */ + goto err_out; + } + } + } else { + /* + * Its a complete segment. Lets validate we don't have a + * re-assembly going on with the same Stream/Seq (for + * ordered) or in the same Stream for unordered. + */ + SCTPDBG(SCTP_DEBUG_XXX, "chunk_flags:0x%x look for msg in case we have dup\n", + chunk_flags); + if (find_reasm_entry(strm, msg_id, ordered, old_data)) { + SCTPDBG(SCTP_DEBUG_XXX, "chunk_flags:0x%x dup detected on msg_id:%d\n", + chunk_flags, + msg_id); + + goto err_out; + } + } + /* now do the tests */ + if (((asoc->cnt_on_all_streams + + asoc->cnt_on_reasm_queue + + asoc->cnt_msg_on_sb) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)) || + (((int)asoc->my_rwnd) <= 0)) { + /* + * When we have NO room in the rwnd we check to make sure + * the reader is doing its job... + */ + if (stcb->sctp_socket->so_rcv.sb_cc) { + /* some to read, wake-up */ +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) + struct socket *so; + + so = SCTP_INP_SO(stcb->sctp_ep); + atomic_add_int(&stcb->asoc.refcnt, 1); + SCTP_TCB_UNLOCK(stcb); + SCTP_SOCKET_LOCK(so, 1); + SCTP_TCB_LOCK(stcb); + atomic_subtract_int(&stcb->asoc.refcnt, 1); + if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { + /* assoc was freed while we were unlocked */ + SCTP_SOCKET_UNLOCK(so, 1); + return (0); + } +#endif + sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) + SCTP_SOCKET_UNLOCK(so, 1); +#endif + } + /* now is it in the mapping array of what we have accepted? */ + if (nch == NULL) { + if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_map) && + SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) { + /* Nope not in the valid range dump it */ + dump_packet: + sctp_set_rwnd(stcb, asoc); + if ((asoc->cnt_on_all_streams + + asoc->cnt_on_reasm_queue + + asoc->cnt_msg_on_sb) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue)) { + SCTP_STAT_INCR(sctps_datadropchklmt); + } else { + SCTP_STAT_INCR(sctps_datadroprwnd); + } + *break_flag = 1; + return (0); + } + } else { + if (control == NULL) { + goto dump_packet; + } + if (SCTP_TSN_GT(fsn, control->top_fsn)) { + goto dump_packet; + } + } + } #ifdef SCTP_ASOCLOG_OF_TSNS SCTP_TCB_LOCK_ASSERT(stcb); if (asoc->tsn_in_at >= SCTP_TSN_LOG_SIZE) { @@ -1474,7 +1817,7 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, } asoc->in_tsnlog[asoc->tsn_in_at].tsn = tsn; asoc->in_tsnlog[asoc->tsn_in_at].strm = strmno; - asoc->in_tsnlog[asoc->tsn_in_at].seq = strmseq; + asoc->in_tsnlog[asoc->tsn_in_at].seq = msg_id; asoc->in_tsnlog[asoc->tsn_in_at].sz = chk_length; asoc->in_tsnlog[asoc->tsn_in_at].flgs = chunk_flags; asoc->in_tsnlog[asoc->tsn_in_at].stcb = (void *)stcb; @@ -1482,17 +1825,24 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, asoc->in_tsnlog[asoc->tsn_in_at].in_out = 1; asoc->tsn_in_at++; #endif + /* + * Before we continue lets validate that we are not being fooled by + * an evil attacker. We can only have Nk chunks based on our TSN + * spread allowed by the mapping array N * 8 bits, so there is no + * way our stream sequence numbers could have wrapped. We of course + * only validate the FIRST fragment so the bit must be set. + */ if ((chunk_flags & SCTP_DATA_FIRST_FRAG) && (TAILQ_EMPTY(&asoc->resetHead)) && (chunk_flags & SCTP_DATA_UNORDERED) == 0 && - SCTP_SSN_GE(asoc->strmin[strmno].last_sequence_delivered, strmseq)) { + SCTP_MSGID_GE(old_data, asoc->strmin[strmno].last_sequence_delivered, msg_id)) { /* The incoming sseq is behind where we last delivered? */ SCTPDBG(SCTP_DEBUG_INDATA1, "EVIL/Broken-Dup S-SEQ:%d delivered:%d from peer, Abort!\n", - strmseq, asoc->strmin[strmno].last_sequence_delivered); + msg_id, asoc->strmin[strmno].last_sequence_delivered); snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", asoc->strmin[strmno].last_sequence_delivered, - tsn, strmno, strmseq); + tsn, strmno, msg_id); op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_16; sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); @@ -1503,12 +1853,21 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, * From here down we may find ch-> invalid * so its a good idea NOT to use it. *************************************/ - - the_len = (chk_length - sizeof(struct sctp_data_chunk)); + if (nch) { + the_len = (chk_length - sizeof(struct sctp_idata_chunk)); + } else { + the_len = (chk_length - sizeof(struct sctp_data_chunk)); + } if (last_chunk == 0) { - dmbuf = SCTP_M_COPYM(*m, - (offset + sizeof(struct sctp_data_chunk)), - the_len, M_NOWAIT); + if (nch) { + dmbuf = SCTP_M_COPYM(*m, + (offset + sizeof(struct sctp_idata_chunk)), + the_len, M_NOWAIT); + } else { + dmbuf = SCTP_M_COPYM(*m, + (offset + sizeof(struct sctp_data_chunk)), + the_len, M_NOWAIT); + } #ifdef SCTP_MBUF_LOGGING if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) { sctp_log_mbc(dmbuf, SCTP_MBUF_ICOPY); @@ -1520,7 +1879,11 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, dmbuf = *m; /* lop off the top part */ - m_adj(dmbuf, (offset + sizeof(struct sctp_data_chunk))); + if (nch) { + m_adj(dmbuf, (offset + sizeof(struct sctp_idata_chunk))); + } else { + m_adj(dmbuf, (offset + sizeof(struct sctp_data_chunk))); + } if (SCTP_BUF_NEXT(dmbuf) == NULL) { l_len = SCTP_BUF_LEN(dmbuf); } else { @@ -1544,11 +1907,36 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, SCTP_STAT_INCR(sctps_nomem); return (0); } + /* + * Now no matter what we need a control, get one if we don't have + * one (we may have gotten it above when we found the message was + * fragmented + */ + if (control == NULL) { + sctp_alloc_a_readq(stcb, control); + sctp_build_readq_entry_mac(control, stcb, asoc->context, net, tsn, + protocol_id, + strmno, msg_id, + chunk_flags, + NULL, fsn, msg_id); + if (control == NULL) { + SCTP_STAT_INCR(sctps_nomem); + return (0); + } + if ((chunk_flags & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG) { + control->data = dmbuf; + control->tail_mbuf = NULL; + control->end_added = control->last_frag_seen = control->first_frag_seen = 1; + control->top_fsn = control->fsn_included = fsn; + } + created_control = 1; + } + SCTPDBG(SCTP_DEBUG_XXX, "chunk_flags:0x%x ordered:%d msgid:%d control:%p\n", + chunk_flags, ordered, msg_id, control); if ((chunk_flags & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG && - asoc->fragmented_delivery_inprogress == 0 && TAILQ_EMPTY(&asoc->resetHead) && ((ordered == 0) || - ((uint16_t) (asoc->strmin[strmno].last_sequence_delivered + 1) == strmseq && + ((uint16_t) (asoc->strmin[strmno].last_sequence_delivered + 1) == msg_id && TAILQ_EMPTY(&asoc->strmin[strmno].inqueue)))) { /* Candidate for express delivery */ /* @@ -1558,109 +1946,30 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struct sctp_association *asoc, * And there is room for it in the socket buffer. Lets just * stuff it up the buffer.... */ - - /* It would be nice to avoid this copy if we could :< */ - sctp_alloc_a_readq(stcb, control); - sctp_build_readq_entry_mac(control, stcb, asoc->context, net, tsn, - protocol_id, - strmno, strmseq, - chunk_flags, - dmbuf); - if (control == NULL) { - goto failed_express_del; - } SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap); if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) { asoc->highest_tsn_inside_nr_map = tsn; } + SCTPDBG(SCTP_DEBUG_XXX, "Injecting control:%p to be read (mid:%d)\n", + control, msg_id); + sctp_add_to_readq(stcb->sctp_ep, stcb, control, &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); if ((chunk_flags & SCTP_DATA_UNORDERED) == 0) { /* for ordered, bump what we delivered */ - asoc->strmin[strmno].last_sequence_delivered++; + strm->last_sequence_delivered++; } SCTP_STAT_INCR(sctps_recvexpress); if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) { - sctp_log_strm_del_alt(stcb, tsn, strmseq, strmno, + sctp_log_strm_del_alt(stcb, tsn, msg_id, strmno, SCTP_STR_LOG_FROM_EXPRS_DEL); } control = NULL; - goto finish_express_del; } -failed_express_del: - /* If we reach here this is a new chunk */ - chk = NULL; - control = NULL; - /* Express for fragmented delivery? */ - if ((asoc->fragmented_delivery_inprogress) && - (stcb->asoc.control_pdapi) && - (asoc->str_of_pdapi == strmno) && - (asoc->ssn_of_pdapi == strmseq) - ) { - control = stcb->asoc.control_pdapi; - if ((chunk_flags & SCTP_DATA_FIRST_FRAG) == SCTP_DATA_FIRST_FRAG) { - /* Can't be another first? */ - goto failed_pdapi_express_del; - } - if (tsn == (control->sinfo_tsn + 1)) { - /* Yep, we can add it on */ - int end = 0; - - if (chunk_flags & SCTP_DATA_LAST_FRAG) { - end = 1; - } - if (sctp_append_to_readq(stcb->sctp_ep, stcb, control, dmbuf, end, - tsn, - &stcb->sctp_socket->so_rcv)) { - SCTP_PRINTF("Append fails end:%d\n", end); - goto failed_pdapi_express_del; - } - SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap); - if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) { - asoc->highest_tsn_inside_nr_map = tsn; - } - SCTP_STAT_INCR(sctps_recvexpressm); - asoc->tsn_last_delivered = tsn; - asoc->fragment_flags = chunk_flags; - asoc->tsn_of_pdapi_last_delivered = tsn; - asoc->last_flags_delivered = chunk_flags; - asoc->last_strm_seq_delivered = strmseq; - asoc->last_strm_no_delivered = strmno; - if (end) { - /* clean up the flags and such */ - asoc->fragmented_delivery_inprogress = 0; - if ((chunk_flags & SCTP_DATA_UNORDERED) == 0) { - asoc->strmin[strmno].last_sequence_delivered++; - } - stcb->asoc.control_pdapi = NULL; - if (TAILQ_EMPTY(&asoc->reasmqueue) == 0) { - /* - * There could be another message - * ready - */ - need_reasm_check = 1; - } - } - control = NULL; - goto finish_express_del; - } - } -failed_pdapi_express_del: - control = NULL; - if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) { - SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap); - if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) { - asoc->highest_tsn_inside_nr_map = tsn; - } - } else { - SCTP_SET_TSN_PRESENT(asoc->mapping_array, gap); - if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_map)) { - asoc->highest_tsn_inside_map = tsn; - } - } + /* Now will we need a chunk too? */ if ((chunk_flags & SCTP_DATA_NOT_FRAG) != SCTP_DATA_NOT_FRAG) { sctp_alloc_a_chunk(stcb, chk); if (chk == NULL) { @@ -1674,7 +1983,8 @@ failed_pdapi_express_del: } chk->rec.data.TSN_seq = tsn; chk->no_fr_allowed = 0; - chk->rec.data.stream_seq = strmseq; + chk->rec.data.fsn_num = fsn; + chk->rec.data.stream_seq = msg_id; chk->rec.data.stream_number = strmno; chk->rec.data.payloadtype = protocol_id; chk->rec.data.context = stcb->asoc.context; @@ -1683,193 +1993,110 @@ failed_pdapi_express_del: chk->asoc = asoc; chk->send_size = the_len; chk->whoTo = net; + SCTPDBG(SCTP_DEBUG_XXX, "Building ck:%p for control:%p to be read (mid:%d)\n", + chk, + control, msg_id); atomic_add_int(&net->ref_count, 1); chk->data = dmbuf; - } else { - sctp_alloc_a_readq(stcb, control); - sctp_build_readq_entry_mac(control, stcb, asoc->context, net, tsn, - protocol_id, - strmno, strmseq, - chunk_flags, - dmbuf); - if (control == NULL) { - /* No memory so we drop the chunk */ - SCTP_STAT_INCR(sctps_nomem); - if (last_chunk == 0) { - /* we copied it, free the copy */ - sctp_m_freem(dmbuf); - } - return (0); - } - control->length = the_len; } - - /* Mark it as received */ - /* Now queue it where it belongs */ - if (control != NULL) { - /* First a sanity check */ - if (asoc->fragmented_delivery_inprogress) { + /* Set the appropriate TSN mark */ + if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) { + SCTP_SET_TSN_PRESENT(asoc->nr_mapping_array, gap); + if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_nr_map)) { + asoc->highest_tsn_inside_nr_map = tsn; + } + } else { + SCTP_SET_TSN_PRESENT(asoc->mapping_array, gap); + if (SCTP_TSN_GT(tsn, asoc->highest_tsn_inside_map)) { + asoc->highest_tsn_inside_map = tsn; + } + } + /* Now is it complete (i.e. not fragmented)? */ + if ((chunk_flags & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG) { + /* + * Special check for when streams are resetting. We could be + * more smart about this and check the actual stream to see + * if it is not being reset.. that way we would not create a + * HOLB when amongst streams being reset and those not being + * reset. + * + */ + if (((liste = TAILQ_FIRST(&asoc->resetHead)) != NULL) && + SCTP_TSN_GT(tsn, liste->tsn)) { /* - * Ok, we have a fragmented delivery in progress if - * this chunk is next to deliver OR belongs in our - * view to the reassembly, the peer is evil or - * broken. + * yep its past where we need to reset... go ahead + * and queue it. */ - uint32_t estimate_tsn; + if (TAILQ_EMPTY(&asoc->pending_reply_queue)) { + /* first one on */ + TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next); + } else { + struct sctp_queued_to_read *ctlOn, *nctlOn; + unsigned char inserted = 0; - estimate_tsn = asoc->tsn_last_delivered + 1; - if (TAILQ_EMPTY(&asoc->reasmqueue) && - (estimate_tsn == control->sinfo_tsn)) { - /* Evil/Broke peer */ - sctp_m_freem(control->data); - control->data = NULL; - if (control->whoFrom) { - sctp_free_remote_addr(control->whoFrom); - control->whoFrom = NULL; + TAILQ_FOREACH_SAFE(ctlOn, &asoc->pending_reply_queue, next, nctlOn) { + if (SCTP_TSN_GT(control->sinfo_tsn, ctlOn->sinfo_tsn)) { + + continue; + } else { + /* found it */ + TAILQ_INSERT_BEFORE(ctlOn, control, next); + inserted = 1; + break; + } } - sctp_free_a_readq(stcb, control); - snprintf(msg, sizeof(msg), "Reas. queue emtpy, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - tsn, strmno, strmseq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_17; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; + if (inserted == 0) { + /* + * must be put at end, use prevP + * (all setup from loop) to setup + * nextP. + */ + TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next); + } + } + goto finish_express_del; + } + if (chunk_flags & SCTP_DATA_UNORDERED) { + /* queue directly into socket buffer */ + SCTPDBG(SCTP_DEBUG_XXX, "Unordered data to be read control:%p msg_id:%d\n", + control, msg_id); + sctp_mark_non_revokable(asoc, control->sinfo_tsn); + sctp_add_to_readq(stcb->sctp_ep, stcb, + control, + &stcb->sctp_socket->so_rcv, 1, + SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); + + } else { + SCTPDBG(SCTP_DEBUG_XXX, "Queue control:%p for reordering msg_id:%d\n", control, + msg_id); + sctp_queue_data_to_stream(stcb, strm, asoc, control, abort_flag, &need_reasm_check); + if (*abort_flag) { if (last_chunk) { *m = NULL; } return (0); - } else { - if (sctp_does_tsn_belong_to_reasm(asoc, control->sinfo_tsn)) { - sctp_m_freem(control->data); - control->data = NULL; - if (control->whoFrom) { - sctp_free_remote_addr(control->whoFrom); - control->whoFrom = NULL; - } - sctp_free_a_readq(stcb, control); - snprintf(msg, sizeof(msg), "PD ongoing, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - tsn, strmno, strmseq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_18; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - if (last_chunk) { - *m = NULL; - } - return (0); - } - } - } else { - /* No PDAPI running */ - if (!TAILQ_EMPTY(&asoc->reasmqueue)) { - /* - * Reassembly queue is NOT empty validate - * that this tsn does not need to be in - * reasembly queue. If it does then our peer - * is broken or evil. - */ - if (sctp_does_tsn_belong_to_reasm(asoc, control->sinfo_tsn)) { - sctp_m_freem(control->data); - control->data = NULL; - if (control->whoFrom) { - sctp_free_remote_addr(control->whoFrom); - control->whoFrom = NULL; - } - sctp_free_a_readq(stcb, control); - snprintf(msg, sizeof(msg), "No PD ongoing, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", - tsn, strmno, strmseq); - op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_19; - sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); - *abort_flag = 1; - if (last_chunk) { - *m = NULL; - } - return (0); - } } } - /* ok, if we reach here we have passed the sanity checks */ - if (chunk_flags & SCTP_DATA_UNORDERED) { - /* queue directly into socket buffer */ - sctp_mark_non_revokable(asoc, control->sinfo_tsn); - sctp_add_to_readq(stcb->sctp_ep, stcb, - control, - &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED); - } else { - /* - * Special check for when streams are resetting. We - * could be more smart about this and check the - * actual stream to see if it is not being reset.. - * that way we would not create a HOLB when amongst - * streams being reset and those not being reset. - * - * We take complete messages that have a stream reset - * intervening (aka the TSN is after where our - * cum-ack needs to be) off and put them on a - * pending_reply_queue. The reassembly ones we do - * not have to worry about since they are all sorted - * and proceessed by TSN order. It is only the - * singletons I must worry about. - */ - if (((liste = TAILQ_FIRST(&asoc->resetHead)) != NULL) && - SCTP_TSN_GT(tsn, liste->tsn)) { - /* - * yep its past where we need to reset... go - * ahead and queue it. - */ - if (TAILQ_EMPTY(&asoc->pending_reply_queue)) { - /* first one on */ - TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next); - } else { - struct sctp_queued_to_read *ctlOn, - *nctlOn; - unsigned char inserted = 0; - - TAILQ_FOREACH_SAFE(ctlOn, &asoc->pending_reply_queue, next, nctlOn) { - if (SCTP_TSN_GT(control->sinfo_tsn, ctlOn->sinfo_tsn)) { - continue; - } else { - /* found it */ - TAILQ_INSERT_BEFORE(ctlOn, control, next); - inserted = 1; - break; - } - } - if (inserted == 0) { - /* - * must be put at end, use - * prevP (all setup from - * loop) to setup nextP. - */ - TAILQ_INSERT_TAIL(&asoc->pending_reply_queue, control, next); - } - } - } else { - sctp_queue_data_to_stream(stcb, asoc, control, abort_flag); - if (*abort_flag) { - if (last_chunk) { - *m = NULL; - } - return (0); - } - } - } - } else { - /* Into the re-assembly queue */ - sctp_queue_data_for_reasm(stcb, asoc, chk, abort_flag); - if (*abort_flag) { - /* - * the assoc is now gone and chk was put onto the - * reasm queue, which has all been freed. - */ - if (last_chunk) { - *m = NULL; - } - return (0); + goto finish_express_del; + } + /* If we reach here its a reassembly */ + need_reasm_check = 1; + SCTPDBG(SCTP_DEBUG_XXX, + "Queue data to stream for reasm control:%p msg_id:%d\n", + control, msg_id); + sctp_queue_data_for_reasm(stcb, asoc, strm, control, chk, created_control, abort_flag, tsn); + if (*abort_flag) { + /* + * the assoc is now gone and chk was put onto the reasm + * queue, which has all been freed. + */ + if (last_chunk) { + *m = NULL; } + return (0); } finish_express_del: + /* Here we tidy up things */ if (tsn == (asoc->cumulative_tsn + 1)) { /* Update cum-ack */ asoc->cumulative_tsn = tsn; @@ -1885,7 +2112,7 @@ finish_express_del: SCTP_STAT_INCR(sctps_recvdata); /* Set it present please */ if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_STR_LOGGING_ENABLE) { - sctp_log_strm_del_alt(stcb, tsn, strmseq, strmno, SCTP_STR_LOG_FROM_MARK_TSN); + sctp_log_strm_del_alt(stcb, tsn, msg_id, strmno, SCTP_STR_LOG_FROM_MARK_TSN); } if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) { sctp_log_map(asoc->mapping_array_base_tsn, asoc->cumulative_tsn, @@ -1912,7 +2139,7 @@ finish_express_del: /* All can be removed */ TAILQ_FOREACH_SAFE(ctl, &asoc->pending_reply_queue, next, nctl) { TAILQ_REMOVE(&asoc->pending_reply_queue, ctl, next); - sctp_queue_data_to_stream(stcb, asoc, ctl, abort_flag); + sctp_queue_data_to_stream(stcb, strm, asoc, ctl, abort_flag, &need_reasm_check); if (*abort_flag) { return (0); } @@ -1928,7 +2155,7 @@ finish_express_del: * ctl->sinfo_tsn > liste->tsn */ TAILQ_REMOVE(&asoc->pending_reply_queue, ctl, next); - sctp_queue_data_to_stream(stcb, asoc, ctl, abort_flag); + sctp_queue_data_to_stream(stcb, strm, asoc, ctl, abort_flag, &need_reasm_check); if (*abort_flag) { return (0); } @@ -1938,12 +2165,12 @@ finish_express_del: * Now service re-assembly to pick up anything that has been * held on reassembly queue? */ - sctp_deliver_reasm_check(stcb, asoc); + (void)sctp_deliver_reasm_check(stcb, asoc, strm); need_reasm_check = 0; } if (need_reasm_check) { /* Another one waits ? */ - sctp_deliver_reasm_check(stcb, asoc); + (void)sctp_deliver_reasm_check(stcb, asoc, strm); } return (1); } @@ -2179,7 +2406,7 @@ sctp_sack_check(struct sctp_tcb *stcb, int was_a_gap) if (SCTP_OS_TIMER_PENDING(&stcb->asoc.dack_timer.timer)) { sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, - SCTP_FROM_SCTP_INDATA + SCTP_LOC_20); + SCTP_FROM_SCTP_INDATA + SCTP_LOC_17); } sctp_send_shutdown(stcb, ((stcb->asoc.alternate) ? stcb->asoc.alternate : stcb->asoc.primary_destination)); @@ -2244,73 +2471,12 @@ sctp_sack_check(struct sctp_tcb *stcb, int was_a_gap) } } -void -sctp_service_queues(struct sctp_tcb *stcb, struct sctp_association *asoc) -{ - struct sctp_tmit_chunk *chk; - uint32_t tsize, pd_point; - uint16_t nxt_todel; - - if (asoc->fragmented_delivery_inprogress) { - sctp_service_reassembly(stcb, asoc); - } - /* Can we proceed further, i.e. the PD-API is complete */ - if (asoc->fragmented_delivery_inprogress) { - /* no */ - return; - } - /* - * Now is there some other chunk I can deliver from the reassembly - * queue. - */ -doit_again: - chk = TAILQ_FIRST(&asoc->reasmqueue); - if (chk == NULL) { - asoc->size_on_reasm_queue = 0; - asoc->cnt_on_reasm_queue = 0; - return; - } - nxt_todel = asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered + 1; - if ((chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) && - ((nxt_todel == chk->rec.data.stream_seq) || - (chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED))) { - /* - * Yep the first one is here. We setup to start reception, - * by backing down the TSN just in case we can't deliver. - */ - - /* - * Before we start though either all of the message should - * be here or the socket buffer max or nothing on the - * delivery queue and something can be delivered. - */ - if (stcb->sctp_socket) { - pd_point = min(SCTP_SB_LIMIT_RCV(stcb->sctp_socket) >> SCTP_PARTIAL_DELIVERY_SHIFT, - stcb->sctp_ep->partial_delivery_point); - } else { - pd_point = stcb->sctp_ep->partial_delivery_point; - } - if (sctp_is_all_msg_on_reasm(asoc, &tsize) || (tsize >= pd_point)) { - asoc->fragmented_delivery_inprogress = 1; - asoc->tsn_last_delivered = chk->rec.data.TSN_seq - 1; - asoc->str_of_pdapi = chk->rec.data.stream_number; - asoc->ssn_of_pdapi = chk->rec.data.stream_seq; - asoc->pdapi_ppid = chk->rec.data.payloadtype; - asoc->fragment_flags = chk->rec.data.rcv_flags; - sctp_service_reassembly(stcb, asoc); - if (asoc->fragmented_delivery_inprogress == 0) { - goto doit_again; - } - } - } -} - int sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t * high_tsn) { - struct sctp_data_chunk *ch, chunk_buf; + struct sctp_chunkhdr *ch, chunk_buf; struct sctp_association *asoc; int num_chunks = 0; /* number of control chunks processed */ int stop_proc = 0; @@ -2368,8 +2534,8 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, } } /* get pointer to the first chunk header */ - ch = (struct sctp_data_chunk *)sctp_m_getptr(m, *offset, - sizeof(struct sctp_data_chunk), (uint8_t *) & chunk_buf); + ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset, + sizeof(struct sctp_chunkhdr), (uint8_t *) & chunk_buf); if (ch == NULL) { return (1); } @@ -2381,14 +2547,44 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, asoc->data_pkts_seen++; while (stop_proc == 0) { /* validate chunk length */ - chk_length = ntohs(ch->ch.chunk_length); + chk_length = ntohs(ch->chunk_length); if (length - *offset < chk_length) { /* all done, mutulated chunk */ stop_proc = 1; continue; } - if (ch->ch.chunk_type == SCTP_DATA) { - if ((size_t)chk_length < sizeof(struct sctp_data_chunk)) { + if ((asoc->idata_supported == 1) && + (ch->chunk_type == SCTP_DATA)) { + struct mbuf *op_err; + char msg[SCTP_DIAG_INFO_LEN]; + + snprintf(msg, sizeof(msg), "I-DATA chunk received when DATA was negotiated"); + op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_18; + sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); + return (2); + } + if ((asoc->idata_supported == 0) && + (ch->chunk_type == SCTP_IDATA)) { + struct mbuf *op_err; + char msg[SCTP_DIAG_INFO_LEN]; + + snprintf(msg, sizeof(msg), "DATA chunk received when I-DATA was negotiated"); + op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_19; + sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); + return (2); + } + if ((ch->chunk_type == SCTP_DATA) || + (ch->chunk_type == SCTP_IDATA)) { + int clen; + + if (ch->chunk_type == SCTP_DATA) { + clen = sizeof(struct sctp_data_chunk); + } else { + clen = sizeof(struct sctp_idata_chunk); + } + if ((size_t)chk_length < clen) { /* * Need to send an abort since we had a * invalid data chunk. @@ -2399,19 +2595,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, snprintf(msg, sizeof(msg), "DATA chunk of length %d", chk_length); op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_21; - sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); - return (2); - } - if ((size_t)chk_length == sizeof(struct sctp_data_chunk)) { - /* - * Need to send an abort since we had an - * empty data chunk. - */ - struct mbuf *op_err; - - op_err = sctp_generate_no_user_data_cause(ch->dp.tsn); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_22; + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_20; sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); return (2); } @@ -2423,9 +2607,9 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, } else { last_chunk = 0; } - if (sctp_process_a_data_chunk(stcb, asoc, mm, *offset, ch, + if (sctp_process_a_data_chunk(stcb, asoc, mm, *offset, chk_length, net, high_tsn, &abort_flag, &break_flag, - last_chunk)) { + last_chunk, ch->chunk_type)) { num_chunks++; } if (abort_flag) @@ -2441,7 +2625,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, } } else { /* not a data chunk in the data region */ - switch (ch->ch.chunk_type) { + switch (ch->chunk_type) { case SCTP_INITIATION: case SCTP_INITIATION_ACK: case SCTP_SELECTIVE_ACK: @@ -2477,7 +2661,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, char msg[SCTP_DIAG_INFO_LEN]; snprintf(msg, sizeof(msg), "DATA chunk followed by chunk of type %2.2x", - ch->ch.chunk_type); + ch->chunk_type); op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); return (2); @@ -2485,7 +2669,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, break; default: /* unknown chunk type, use bit rules */ - if (ch->ch.chunk_type & 0x40) { + if (ch->chunk_type & 0x40) { /* Add a error report to the queue */ struct mbuf *op_err; struct sctp_gen_error_cause *cause; @@ -2505,7 +2689,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, } } } - if ((ch->ch.chunk_type & 0x80) == 0) { + if ((ch->chunk_type & 0x80) == 0) { /* discard the rest of this packet */ stop_proc = 1; } /* else skip this bad chunk and @@ -2519,8 +2703,8 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, stop_proc = 1; continue; } - ch = (struct sctp_data_chunk *)sctp_m_getptr(m, *offset, - sizeof(struct sctp_data_chunk), (uint8_t *) & chunk_buf); + ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, *offset, + sizeof(struct sctp_chunkhdr), (uint8_t *) & chunk_buf); if (ch == NULL) { *offset = length; stop_proc = 1; @@ -2550,9 +2734,6 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length, (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_last_rcvd); } /* now service all of the reassm queue if needed */ - if (!(TAILQ_EMPTY(&asoc->reasmqueue))) - sctp_service_queues(stcb, asoc); - if (SCTP_GET_STATE(asoc) == SCTP_STATE_SHUTDOWN_SENT) { /* Assure that we ack right away */ stcb->asoc.send_sack = 1; @@ -3629,7 +3810,7 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack, snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x", cumack, send_s); op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_23; + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_21; sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); return; } @@ -3832,7 +4013,7 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack, net->dest_state &= ~SCTP_ADDR_PF; sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net, - SCTP_FROM_SCTP_INDATA + SCTP_LOC_24); + SCTP_FROM_SCTP_INDATA + SCTP_LOC_22); sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net); asoc->cc_functions.sctp_cwnd_update_exit_pf(stcb, net); /* Done with this net */ @@ -3918,7 +4099,7 @@ again: } else if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, net, - SCTP_FROM_SCTP_INDATA + SCTP_LOC_25); + SCTP_FROM_SCTP_INDATA + SCTP_LOC_23); } } } @@ -3992,7 +4173,7 @@ again: *abort_now = 1; /* XXX */ op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, ""); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_26; + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_24; sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); return; } else { @@ -4206,7 +4387,7 @@ sctp_handle_sack(struct mbuf *m, int offset_seg, int offset_dup, snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x", cum_ack, send_s); op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_27; + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_25; sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); return; } @@ -4238,7 +4419,7 @@ sctp_handle_sack(struct mbuf *m, int offset_seg, int offset_dup, /* stop any timers */ TAILQ_FOREACH(net, &asoc->nets, sctp_next) { sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, - stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_28); + stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_26); net->partial_bytes_acked = 0; net->flight_size = 0; } @@ -4443,14 +4624,14 @@ sctp_handle_sack(struct mbuf *m, int offset_seg, int offset_dup, if (net->new_pseudo_cumack) sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, net, - SCTP_FROM_SCTP_INDATA + SCTP_LOC_29); + SCTP_FROM_SCTP_INDATA + SCTP_LOC_27); } } else { if (accum_moved) { TAILQ_FOREACH(net, &asoc->nets, sctp_next) { sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, - stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_30); + stcb, net, SCTP_FROM_SCTP_INDATA + SCTP_LOC_28); } } } @@ -4630,7 +4811,7 @@ sctp_handle_sack(struct mbuf *m, int offset_seg, int offset_dup, net->dest_state &= ~SCTP_ADDR_PF; sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net, - SCTP_FROM_SCTP_INDATA + SCTP_LOC_31); + SCTP_FROM_SCTP_INDATA + SCTP_LOC_29); sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net); asoc->cc_functions.sctp_cwnd_update_exit_pf(stcb, net); /* Done with this net */ @@ -4654,7 +4835,7 @@ sctp_handle_sack(struct mbuf *m, int offset_seg, int offset_dup, /* stop all timers */ sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, net, - SCTP_FROM_SCTP_INDATA + SCTP_LOC_32); + SCTP_FROM_SCTP_INDATA + SCTP_LOC_30); net->flight_size = 0; net->partial_bytes_acked = 0; } @@ -4710,7 +4891,7 @@ sctp_handle_sack(struct mbuf *m, int offset_seg, int offset_dup, *abort_now = 1; /* XXX */ op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, ""); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_33; + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_31; sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); return; } else { @@ -4862,7 +5043,7 @@ again: } else if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) { sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, net, - SCTP_FROM_SCTP_INDATA + SCTP_LOC_34); + SCTP_FROM_SCTP_INDATA + SCTP_LOC_32); } } } @@ -4963,130 +5144,175 @@ sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb, { struct sctp_queued_to_read *ctl, *nctl; struct sctp_association *asoc; - uint16_t tt; + uint32_t tt; + int need_reasm_check = 0, old; asoc = &stcb->asoc; tt = strmin->last_sequence_delivered; + if (asoc->idata_supported) { + old = 0; + } else { + old = 1; + } /* * First deliver anything prior to and including the stream no that - * came in + * came in. */ - TAILQ_FOREACH_SAFE(ctl, &strmin->inqueue, next, nctl) { - if (SCTP_SSN_GE(tt, ctl->sinfo_ssn)) { + TAILQ_FOREACH_SAFE(ctl, &strmin->inqueue, next_instrm, nctl) { + if (SCTP_MSGID_GE(old, tt, ctl->sinfo_ssn)) { /* this is deliverable now */ - TAILQ_REMOVE(&strmin->inqueue, ctl, next); - /* subtract pending on streams */ - asoc->size_on_all_streams -= ctl->length; - sctp_ucount_decr(asoc->cnt_on_all_streams); - /* deliver it to at least the delivery-q */ - if (stcb->sctp_socket) { - sctp_mark_non_revokable(asoc, ctl->sinfo_tsn); - sctp_add_to_readq(stcb->sctp_ep, stcb, - ctl, - &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED); + if (((ctl->sinfo_flags >> 8) & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG) { + if (ctl->on_strm_q) { + if (ctl->on_strm_q == SCTP_ON_ORDERED) { + TAILQ_REMOVE(&strmin->inqueue, ctl, next_instrm); + } else if (ctl->on_strm_q == SCTP_ON_UNORDERED) { + TAILQ_REMOVE(&strmin->uno_inqueue, ctl, next_instrm); + } else { + panic("strmin:%p ctl:%p unknown %d", + strmin, ctl, ctl->on_strm_q); + } + ctl->on_strm_q = 0; + } + /* subtract pending on streams */ + asoc->size_on_all_streams -= ctl->length; + sctp_ucount_decr(asoc->cnt_on_all_streams); + /* deliver it to at least the delivery-q */ + if (stcb->sctp_socket) { + sctp_mark_non_revokable(asoc, ctl->sinfo_tsn); + sctp_add_to_readq(stcb->sctp_ep, stcb, + ctl, + &stcb->sctp_socket->so_rcv, + 1, SCTP_READ_LOCK_HELD, + SCTP_SO_NOT_LOCKED); + } + } else { + /* Its a fragmented message */ + if (ctl->first_frag_seen) { + /* + * Make it so this is next to + * deliver, we restore later + */ + strmin->last_sequence_delivered = ctl->sinfo_ssn - 1; + need_reasm_check = 1; + break; + } } } else { /* no more delivery now. */ break; } } + if (need_reasm_check) { + int ret; + + ret = sctp_deliver_reasm_check(stcb, &stcb->asoc, strmin); + if (SCTP_MSGID_GT(old, tt, strmin->last_sequence_delivered)) { + /* Restore the next to deliver unless we are ahead */ + strmin->last_sequence_delivered = tt; + } + if (ret == 0) { + /* Left the front Partial one on */ + return; + } + need_reasm_check = 0; + } /* * now we must deliver things in queue the normal way if any are * now ready. */ tt = strmin->last_sequence_delivered + 1; - TAILQ_FOREACH_SAFE(ctl, &strmin->inqueue, next, nctl) { + TAILQ_FOREACH_SAFE(ctl, &strmin->inqueue, next_instrm, nctl) { if (tt == ctl->sinfo_ssn) { - /* this is deliverable now */ - TAILQ_REMOVE(&strmin->inqueue, ctl, next); - /* subtract pending on streams */ - asoc->size_on_all_streams -= ctl->length; - sctp_ucount_decr(asoc->cnt_on_all_streams); - /* deliver it to at least the delivery-q */ - strmin->last_sequence_delivered = ctl->sinfo_ssn; - if (stcb->sctp_socket) { - sctp_mark_non_revokable(asoc, ctl->sinfo_tsn); - sctp_add_to_readq(stcb->sctp_ep, stcb, - ctl, - &stcb->sctp_socket->so_rcv, 1, SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED); + if (((ctl->sinfo_flags >> 8) & SCTP_DATA_NOT_FRAG) == SCTP_DATA_NOT_FRAG) { + /* this is deliverable now */ + if (ctl->on_strm_q) { + if (ctl->on_strm_q == SCTP_ON_ORDERED) { + TAILQ_REMOVE(&strmin->inqueue, ctl, next_instrm); + } else if (ctl->on_strm_q == SCTP_ON_UNORDERED) { + TAILQ_REMOVE(&strmin->uno_inqueue, ctl, next_instrm); + } else { + panic("strmin:%p ctl:%p unknown %d", + strmin, ctl, ctl->on_strm_q); + } + ctl->on_strm_q = 0; + } + /* subtract pending on streams */ + asoc->size_on_all_streams -= ctl->length; + sctp_ucount_decr(asoc->cnt_on_all_streams); + /* deliver it to at least the delivery-q */ + strmin->last_sequence_delivered = ctl->sinfo_ssn; + if (stcb->sctp_socket) { + sctp_mark_non_revokable(asoc, ctl->sinfo_tsn); + sctp_add_to_readq(stcb->sctp_ep, stcb, + ctl, + &stcb->sctp_socket->so_rcv, 1, + SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED); + } + tt = strmin->last_sequence_delivered + 1; + } else { + /* Its a fragmented message */ + if (ctl->first_frag_seen) { + /* + * Make it so this is next to + * deliver + */ + strmin->last_sequence_delivered = ctl->sinfo_ssn - 1; + need_reasm_check = 1; + break; + } } - tt = strmin->last_sequence_delivered + 1; } else { break; } } + if (need_reasm_check) { + (void)sctp_deliver_reasm_check(stcb, &stcb->asoc, strmin); + } } static void sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb, struct sctp_association *asoc, - uint16_t stream, uint16_t seq) + uint16_t stream, uint32_t seq) { + struct sctp_queued_to_read *control; + struct sctp_stream_in *strm; struct sctp_tmit_chunk *chk, *nchk; - /* For each one on here see if we need to toss it */ /* - * For now large messages held on the reasmqueue that are complete + * For now large messages held on the stream reasm that are complete * will be tossed too. We could in theory do more work to spin * through and stop after dumping one msg aka seeing the start of a * new msg at the head, and call the delivery function... to see if * it can be delivered... But for now we just dump everything on the * queue. */ - TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) { - /* - * Do not toss it if on a different stream or marked for - * unordered delivery in which case the stream sequence - * number has no meaning. - */ - if ((chk->rec.data.stream_number != stream) || - ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) == SCTP_DATA_UNORDERED)) { - continue; + strm = &asoc->strmin[stream]; + control = find_reasm_entry(strm, (uint32_t) seq, 0, 0); + if (control == NULL) { + /* Not found */ + return; + } + TAILQ_FOREACH_SAFE(chk, &control->reasm, sctp_next, nchk) { + /* Purge hanging chunks */ + TAILQ_REMOVE(&control->reasm, chk, sctp_next); + asoc->size_on_reasm_queue -= chk->send_size; + sctp_ucount_decr(asoc->cnt_on_reasm_queue); + if (chk->data) { + sctp_m_freem(chk->data); + chk->data = NULL; } - if (chk->rec.data.stream_seq == seq) { - /* It needs to be tossed */ - TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next); - if (SCTP_TSN_GT(chk->rec.data.TSN_seq, asoc->tsn_last_delivered)) { - asoc->tsn_last_delivered = chk->rec.data.TSN_seq; - asoc->str_of_pdapi = chk->rec.data.stream_number; - asoc->ssn_of_pdapi = chk->rec.data.stream_seq; - asoc->fragment_flags = chk->rec.data.rcv_flags; - } - asoc->size_on_reasm_queue -= chk->send_size; - sctp_ucount_decr(asoc->cnt_on_reasm_queue); - - /* Clear up any stream problem */ - if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) != SCTP_DATA_UNORDERED && - SCTP_SSN_GT(chk->rec.data.stream_seq, asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered)) { - /* - * We must dump forward this streams - * sequence number if the chunk is not - * unordered that is being skipped. There is - * a chance that if the peer does not - * include the last fragment in its FWD-TSN - * we WILL have a problem here since you - * would have a partial chunk in queue that - * may not be deliverable. Also if a Partial - * delivery API as started the user may get - * a partial chunk. The next read returning - * a new chunk... really ugly but I see no - * way around it! Maybe a notify?? - */ - asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered = chk->rec.data.stream_seq; - } - if (chk->data) { - sctp_m_freem(chk->data); - chk->data = NULL; - } - sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); - } else if (SCTP_SSN_GT(chk->rec.data.stream_seq, seq)) { - /* - * If the stream_seq is > than the purging one, we - * are done - */ - break; + sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); + } + TAILQ_REMOVE(&strm->inqueue, control, next_instrm); + if (control->on_read_q == 0) { + sctp_free_remote_addr(control->whoFrom); + if (control->data) { + sctp_m_freem(control->data); + control->data = NULL; } + sctp_free_a_readq(stcb, control); } } @@ -5113,7 +5339,6 @@ sctp_handle_forward_tsn(struct sctp_tcb *stcb, unsigned int i, fwd_sz, m_size; uint32_t str_seq; struct sctp_stream_in *strm; - struct sctp_tmit_chunk *chk, *nchk; struct sctp_queued_to_read *ctl, *sv; asoc = &stcb->asoc; @@ -5152,7 +5377,7 @@ sctp_handle_forward_tsn(struct sctp_tcb *stcb, "New cum ack %8.8x too high, highest TSN %8.8x", new_cum_tsn, asoc->highest_tsn_inside_map); op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); - stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_35; + stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_33; sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); return; } @@ -5183,67 +5408,9 @@ sctp_handle_forward_tsn(struct sctp_tcb *stcb, /*************************************************************/ /* 2. Clear up re-assembly queue */ /*************************************************************/ - /* - * First service it if pd-api is up, just in case we can progress it - * forward - */ - if (asoc->fragmented_delivery_inprogress) { - sctp_service_reassembly(stcb, asoc); - } - /* For each one on here see if we need to toss it */ - /* - * For now large messages held on the reasmqueue that are complete - * will be tossed too. We could in theory do more work to spin - * through and stop after dumping one msg aka seeing the start of a - * new msg at the head, and call the delivery function... to see if - * it can be delivered... But for now we just dump everything on the - * queue. - */ - TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) { - if (SCTP_TSN_GE(new_cum_tsn, chk->rec.data.TSN_seq)) { - /* It needs to be tossed */ - TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next); - if (SCTP_TSN_GT(chk->rec.data.TSN_seq, asoc->tsn_last_delivered)) { - asoc->tsn_last_delivered = chk->rec.data.TSN_seq; - asoc->str_of_pdapi = chk->rec.data.stream_number; - asoc->ssn_of_pdapi = chk->rec.data.stream_seq; - asoc->fragment_flags = chk->rec.data.rcv_flags; - } - asoc->size_on_reasm_queue -= chk->send_size; - sctp_ucount_decr(asoc->cnt_on_reasm_queue); - /* Clear up any stream problem */ - if ((chk->rec.data.rcv_flags & SCTP_DATA_UNORDERED) != SCTP_DATA_UNORDERED && - SCTP_SSN_GT(chk->rec.data.stream_seq, asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered)) { - /* - * We must dump forward this streams - * sequence number if the chunk is not - * unordered that is being skipped. There is - * a chance that if the peer does not - * include the last fragment in its FWD-TSN - * we WILL have a problem here since you - * would have a partial chunk in queue that - * may not be deliverable. Also if a Partial - * delivery API as started the user may get - * a partial chunk. The next read returning - * a new chunk... really ugly but I see no - * way around it! Maybe a notify?? - */ - asoc->strmin[chk->rec.data.stream_number].last_sequence_delivered = chk->rec.data.stream_seq; - } - if (chk->data) { - sctp_m_freem(chk->data); - chk->data = NULL; - } - sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); - } else { - /* - * Ok we have gone beyond the end of the fwd-tsn's - * mark. - */ - break; - } - } + /* This is now done as part of clearing up the stream/seq */ + /*******************************************************/ /* 3. Update the PR-stream re-ordering queues and fix */ /* delivery issues as needed. */ @@ -5252,27 +5419,45 @@ sctp_handle_forward_tsn(struct sctp_tcb *stcb, if (m && fwd_sz) { /* New method. */ unsigned int num_str; + uint32_t sequence; + uint16_t stream; + int old; struct sctp_strseq *stseq, strseqbuf; + struct sctp_strseq_mid *stseq_m, strseqbuf_m; offset += sizeof(*fwd); SCTP_INP_READ_LOCK(stcb->sctp_ep); - num_str = fwd_sz / sizeof(struct sctp_strseq); + if (asoc->idata_supported) { + num_str = fwd_sz / sizeof(struct sctp_strseq_mid); + old = 0; + } else { + num_str = fwd_sz / sizeof(struct sctp_strseq); + old = 1; + } for (i = 0; i < num_str; i++) { - uint16_t st; - - stseq = (struct sctp_strseq *)sctp_m_getptr(m, offset, - sizeof(struct sctp_strseq), - (uint8_t *) & strseqbuf); - offset += sizeof(struct sctp_strseq); - if (stseq == NULL) { - break; + if (asoc->idata_supported) { + stseq_m = (struct sctp_strseq_mid *)sctp_m_getptr(m, offset, + sizeof(struct sctp_strseq_mid), + (uint8_t *) & strseqbuf_m); + offset += sizeof(struct sctp_strseq_mid); + if (stseq_m == NULL) { + break; + } + stream = ntohs(stseq_m->stream); + sequence = ntohl(stseq_m->msg_id); + } else { + stseq = (struct sctp_strseq *)sctp_m_getptr(m, offset, + sizeof(struct sctp_strseq), + (uint8_t *) & strseqbuf); + offset += sizeof(struct sctp_strseq); + if (stseq == NULL) { + break; + } + stream = ntohs(stseq->stream); + sequence = (uint32_t) ntohs(stseq->sequence); } /* Convert */ - st = ntohs(stseq->stream); - stseq->stream = st; - st = ntohs(stseq->sequence); - stseq->sequence = st; /* now process */ @@ -5281,12 +5466,12 @@ sctp_handle_forward_tsn(struct sctp_tcb *stcb, * queue where its not all delivered. If we find it * we transmute the read entry into a PDI_ABORTED. */ - if (stseq->stream >= asoc->streamincnt) { + if (stream >= asoc->streamincnt) { /* screwed up streams, stop! */ break; } - if ((asoc->str_of_pdapi == stseq->stream) && - (asoc->ssn_of_pdapi == stseq->sequence)) { + if ((asoc->str_of_pdapi == stream) && + (asoc->ssn_of_pdapi == sequence)) { /* * If this is the one we were partially * delivering now then we no longer are. @@ -5295,14 +5480,24 @@ sctp_handle_forward_tsn(struct sctp_tcb *stcb, */ asoc->fragmented_delivery_inprogress = 0; } - sctp_flush_reassm_for_str_seq(stcb, asoc, stseq->stream, stseq->sequence); + strm = &asoc->strmin[stream]; + sctp_flush_reassm_for_str_seq(stcb, asoc, stream, sequence); TAILQ_FOREACH(ctl, &stcb->sctp_ep->read_queue, next) { - if ((ctl->sinfo_stream == stseq->stream) && - (ctl->sinfo_ssn == stseq->sequence)) { - str_seq = (stseq->stream << 16) | stseq->sequence; - ctl->end_added = 1; + if ((ctl->sinfo_stream == stream) && + (ctl->sinfo_ssn == sequence)) { + str_seq = (stream << 16) | (0x0000ffff & sequence); ctl->pdapi_aborted = 1; sv = stcb->asoc.control_pdapi; + ctl->end_added = 1; + if (ctl->on_strm_q == SCTP_ON_ORDERED) { + TAILQ_REMOVE(&strm->inqueue, ctl, next_instrm); + } else if (ctl->on_strm_q == SCTP_ON_UNORDERED) { + TAILQ_REMOVE(&strm->uno_inqueue, ctl, next_instrm); + } else if (ctl->on_strm_q) { + panic("strm:%p ctl:%p unknown %d", + strm, ctl, ctl->on_strm_q); + } + ctl->on_strm_q = 0; stcb->asoc.control_pdapi = ctl; sctp_ulp_notify(SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION, stcb, @@ -5311,16 +5506,15 @@ sctp_handle_forward_tsn(struct sctp_tcb *stcb, SCTP_SO_NOT_LOCKED); stcb->asoc.control_pdapi = sv; break; - } else if ((ctl->sinfo_stream == stseq->stream) && - SCTP_SSN_GT(ctl->sinfo_ssn, stseq->sequence)) { + } else if ((ctl->sinfo_stream == stream) && + SCTP_MSGID_GT(old, ctl->sinfo_ssn, sequence)) { /* We are past our victim SSN */ break; } } - strm = &asoc->strmin[stseq->stream]; - if (SCTP_SSN_GT(stseq->sequence, strm->last_sequence_delivered)) { + if (SCTP_MSGID_GT(old, sequence, strm->last_sequence_delivered)) { /* Update the sequence number */ - strm->last_sequence_delivered = stseq->sequence; + strm->last_sequence_delivered = sequence; } /* now kick the stream the new way */ /* sa_ignore NO_NULL_CHK */ @@ -5332,10 +5526,4 @@ sctp_handle_forward_tsn(struct sctp_tcb *stcb, * Now slide thing forward. */ sctp_slide_mapping_arrays(stcb); - - if (!TAILQ_EMPTY(&asoc->reasmqueue)) { - /* now lets kick out and check for more fragmented delivery */ - /* sa_ignore NO_NULL_CHK */ - sctp_deliver_reasm_check(stcb, &stcb->asoc); - } } diff --git a/sys/netinet/sctp_indata.h b/sys/netinet/sctp_indata.h index 94cd49c6f51b..c95c5b811eba 100644 --- a/sys/netinet/sctp_indata.h +++ b/sys/netinet/sctp_indata.h @@ -43,35 +43,31 @@ sctp_build_readq_entry(struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t tsn, uint32_t ppid, uint32_t context, uint16_t stream_no, - uint16_t stream_seq, uint8_t flags, + uint32_t stream_seq, uint8_t flags, struct mbuf *dm); -#define sctp_build_readq_entry_mac(_ctl, in_it, context, net, tsn, ppid, stream_no, stream_seq, flags, dm) do { \ +#define sctp_build_readq_entry_mac(_ctl, in_it, context, net, tsn, ppid, stream_no, stream_seq, flags, dm, tfsn, msgid) do { \ if (_ctl) { \ atomic_add_int(&((net)->ref_count), 1); \ + memset(_ctl, 0, sizeof(struct sctp_queued_to_read)); \ (_ctl)->sinfo_stream = stream_no; \ (_ctl)->sinfo_ssn = stream_seq; \ + TAILQ_INIT(&_ctl->reasm); \ + (_ctl)->top_fsn = tfsn; \ + (_ctl)->msg_id = msgid; \ (_ctl)->sinfo_flags = (flags << 8); \ (_ctl)->sinfo_ppid = ppid; \ (_ctl)->sinfo_context = context; \ - (_ctl)->sinfo_timetolive = 0; \ + (_ctl)->fsn_included = 0xffffffff; \ + (_ctl)->top_fsn = 0xffffffff; \ (_ctl)->sinfo_tsn = tsn; \ (_ctl)->sinfo_cumtsn = tsn; \ (_ctl)->sinfo_assoc_id = sctp_get_associd((in_it)); \ - (_ctl)->length = 0; \ - (_ctl)->held_length = 0; \ (_ctl)->whoFrom = net; \ (_ctl)->data = dm; \ - (_ctl)->tail_mbuf = NULL; \ - (_ctl)->aux_data = NULL; \ (_ctl)->stcb = (in_it); \ (_ctl)->port_from = (in_it)->rport; \ - (_ctl)->spec_flags = 0; \ - (_ctl)->do_not_ref_stcb = 0; \ - (_ctl)->end_added = 0; \ - (_ctl)->pdapi_aborted = 0; \ - (_ctl)->some_taken = 0; \ } \ } while (0) diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index c555be2d7173..9e4cbd87a51d 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -386,17 +386,9 @@ sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb) if (asoc->strmin != NULL) { /* Free the old ones */ - struct sctp_queued_to_read *ctl, *nctl; - for (i = 0; i < asoc->streamincnt; i++) { - TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[i].inqueue, next, nctl) { - TAILQ_REMOVE(&asoc->strmin[i].inqueue, ctl, next); - sctp_free_remote_addr(ctl->whoFrom); - ctl->whoFrom = NULL; - sctp_m_freem(ctl->data); - ctl->data = NULL; - sctp_free_a_readq(stcb, ctl); - } + sctp_clean_up_stream(stcb, &asoc->strmin[i].inqueue); + sctp_clean_up_stream(stcb, &asoc->strmin[i].uno_inqueue); } SCTP_FREE(asoc->strmin, SCTP_M_STRMI); } @@ -414,8 +406,10 @@ sctp_process_init(struct sctp_init_chunk *cp, struct sctp_tcb *stcb) } for (i = 0; i < asoc->streamincnt; i++) { asoc->strmin[i].stream_no = i; - asoc->strmin[i].last_sequence_delivered = 0xffff; + asoc->strmin[i].last_sequence_delivered = 0xffffffff; TAILQ_INIT(&asoc->strmin[i].inqueue); + TAILQ_INIT(&asoc->strmin[i].uno_inqueue); + asoc->strmin[i].pd_api_started = 0; asoc->strmin[i].delivery_started = 0; } /* @@ -894,6 +888,29 @@ sctp_handle_shutdown(struct sctp_shutdown_chunk *cp, * With a normal shutdown we assume the end of last record. */ SCTP_INP_READ_LOCK(stcb->sctp_ep); + if (asoc->control_pdapi->on_strm_q) { + struct sctp_stream_in *strm; + + strm = &asoc->strmin[asoc->control_pdapi->sinfo_stream]; + if (asoc->control_pdapi->on_strm_q == SCTP_ON_UNORDERED) { + /* Unordered */ + TAILQ_REMOVE(&strm->uno_inqueue, asoc->control_pdapi, next_instrm); + asoc->control_pdapi->on_strm_q = 0; + } else if (asoc->control_pdapi->on_strm_q == SCTP_ON_ORDERED) { + /* Ordered */ + TAILQ_REMOVE(&strm->inqueue, asoc->control_pdapi, next_instrm); + asoc->control_pdapi->on_strm_q = 0; + } else { + panic("Unknown state on ctrl:%p on_strm_q:%d", + asoc->control_pdapi, + asoc->control_pdapi->on_strm_q); + } + } + printf("%s:%d End added to ctl:%p (%d)\n", + __FUNCTION__, + __LINE__, + asoc->control_pdapi, + asoc->control_pdapi->on_strm_q); asoc->control_pdapi->end_added = 1; asoc->control_pdapi->pdapi_aborted = 1; asoc->control_pdapi = NULL; @@ -1009,6 +1026,11 @@ sctp_handle_shutdown_ack(struct sctp_shutdown_ack_chunk *cp SCTP_UNUSED, * With a normal shutdown we assume the end of last record. */ SCTP_INP_READ_LOCK(stcb->sctp_ep); + printf("%s:%d End added to ctl:%p (%d)\n", + __FUNCTION__, + __LINE__, + asoc->control_pdapi, + asoc->control_pdapi->on_strm_q); asoc->control_pdapi->end_added = 1; asoc->control_pdapi->pdapi_aborted = 1; asoc->control_pdapi = NULL; @@ -1083,6 +1105,7 @@ sctp_process_unrecog_chunk(struct sctp_tcb *stcb, struct sctp_paramhdr *phdr, case SCTP_ASCONF: sctp_asconf_cleanup(stcb, net); break; + case SCTP_IFORWARD_CUM_TSN: case SCTP_FORWARD_CUM_TSN: stcb->asoc.prsctp_supported = 0; break; @@ -3450,6 +3473,7 @@ process_chunk_drop(struct sctp_tcb *stcb, struct sctp_chunk_desc *desc, /* resend last asconf ack */ sctp_send_asconf_ack(stcb); break; + case SCTP_IFORWARD_CUM_TSN: case SCTP_FORWARD_CUM_TSN: send_forward_tsn(stcb, &stcb->asoc); break; @@ -3475,8 +3499,8 @@ sctp_reset_in_stream(struct sctp_tcb *stcb, uint32_t number_entries, uint16_t * uint16_t temp; /* - * We set things to 0xffff since this is the last delivered sequence - * and we will be sending in 0 after the reset. + * We set things to 0xffffffff since this is the last delivered + * sequence and we will be sending in 0 after the reset. */ if (number_entries) { @@ -3485,12 +3509,12 @@ sctp_reset_in_stream(struct sctp_tcb *stcb, uint32_t number_entries, uint16_t * if (temp >= stcb->asoc.streamincnt) { continue; } - stcb->asoc.strmin[temp].last_sequence_delivered = 0xffff; + stcb->asoc.strmin[temp].last_sequence_delivered = 0xffffffff; } } else { list = NULL; for (i = 0; i < stcb->asoc.streamincnt; i++) { - stcb->asoc.strmin[i].last_sequence_delivered = 0xffff; + stcb->asoc.strmin[i].last_sequence_delivered = 0xffffffff; } } sctp_ulp_notify(SCTP_NOTIFY_STR_RESET_RECV, stcb, number_entries, (void *)list, SCTP_SO_NOT_LOCKED); @@ -4031,20 +4055,28 @@ sctp_handle_str_reset_add_strm(struct sctp_tcb *stcb, struct sctp_tmit_chunk *ch /* copy off the old data */ for (i = 0; i < stcb->asoc.streamincnt; i++) { TAILQ_INIT(&stcb->asoc.strmin[i].inqueue); + TAILQ_INIT(&stcb->asoc.strmin[i].uno_inqueue); stcb->asoc.strmin[i].stream_no = i; stcb->asoc.strmin[i].last_sequence_delivered = oldstrm[i].last_sequence_delivered; stcb->asoc.strmin[i].delivery_started = oldstrm[i].delivery_started; + stcb->asoc.strmin[i].pd_api_started = oldstrm[i].pd_api_started; /* now anything on those queues? */ - TAILQ_FOREACH_SAFE(ctl, &oldstrm[i].inqueue, next, nctl) { - TAILQ_REMOVE(&oldstrm[i].inqueue, ctl, next); - TAILQ_INSERT_TAIL(&stcb->asoc.strmin[i].inqueue, ctl, next); + TAILQ_FOREACH_SAFE(ctl, &oldstrm[i].inqueue, next_instrm, nctl) { + TAILQ_REMOVE(&oldstrm[i].inqueue, ctl, next_instrm); + TAILQ_INSERT_TAIL(&stcb->asoc.strmin[i].inqueue, ctl, next_instrm); + } + TAILQ_FOREACH_SAFE(ctl, &oldstrm[i].uno_inqueue, next_instrm, nctl) { + TAILQ_REMOVE(&oldstrm[i].uno_inqueue, ctl, next_instrm); + TAILQ_INSERT_TAIL(&stcb->asoc.strmin[i].uno_inqueue, ctl, next_instrm); } } /* Init the new streams */ for (i = stcb->asoc.streamincnt; i < num_stream; i++) { TAILQ_INIT(&stcb->asoc.strmin[i].inqueue); + TAILQ_INIT(&stcb->asoc.strmin[i].uno_inqueue); stcb->asoc.strmin[i].stream_no = i; - stcb->asoc.strmin[i].last_sequence_delivered = 0xffff; + stcb->asoc.strmin[i].last_sequence_delivered = 0xffffffff; + stcb->asoc.strmin[i].pd_api_started = 0; stcb->asoc.strmin[i].delivery_started = 0; } SCTP_FREE(oldstrm, SCTP_M_STRMI); @@ -5441,6 +5473,7 @@ process_control_chunks: } break; case SCTP_FORWARD_CUM_TSN: + case SCTP_IFORWARD_CUM_TSN: SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_FWD-TSN\n"); if (chk_length < sizeof(struct sctp_forward_tsn_chunk)) { /* Its not ours */ diff --git a/sys/netinet/sctp_os_bsd.h b/sys/netinet/sctp_os_bsd.h index 777e0a72e778..90c4ab8c614c 100644 --- a/sys/netinet/sctp_os_bsd.h +++ b/sys/netinet/sctp_os_bsd.h @@ -480,9 +480,9 @@ sctp_get_mbuf_for_msg(unsigned int space_needed, #define SCTP_SAVE_ATOMIC_DECREMENT(addr, val) \ { \ int32_t oldval; \ - oldval = atomic_fetchadd_int(addr, -val); \ + oldval = atomic_fetchadd_int(addr, -val); \ if (oldval < val) { \ - panic("Counter goes negative"); \ + panic("Counter goes negative addr:%p val:%d oldval:%d", addr, val, oldval); \ } \ } #else diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index 8eda473b880f..77d6114735f4 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -3326,10 +3326,11 @@ sctp_source_address_selection(struct sctp_inpcb *inp, #endif /** - * Rules: - Find the route if needed, cache if I can. - Look at - * interface address in route, Is it in the bound list. If so we - * have the best source. - If not we must rotate amongst the - * addresses. + * Rules: + * - Find the route if needed, cache if I can. + * - Look at interface address in route, Is it in the bound list. If so we + * have the best source. + * - If not we must rotate amongst the addresses. * * Cavets and issues * @@ -4796,6 +4797,9 @@ sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int so_locked pr_supported = (struct sctp_supported_chunk_types_param *)(mtod(m, caddr_t)+chunk_len); if (stcb->asoc.prsctp_supported == 1) { pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; + if (stcb->asoc.idata_supported) { + pr_supported->chunk_types[num_ext++] = SCTP_IFORWARD_CUM_TSN; + } } if (stcb->asoc.auth_supported == 1) { pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION; @@ -4807,6 +4811,9 @@ sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int so_locked if (stcb->asoc.reconfig_supported == 1) { pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; } + if (stcb->asoc.idata_supported) { + pr_supported->chunk_types[num_ext++] = SCTP_IDATA; + } if (stcb->asoc.nrsack_supported == 1) { pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK; } @@ -5951,6 +5958,10 @@ do_a_abort: if (((asoc != NULL) && (asoc->prsctp_supported == 1)) || ((asoc == NULL) && (inp->prsctp_supported == 1))) { pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN; + if (((asoc != NULL) && (asoc->idata_supported == 1)) || + ((asoc == NULL) && (inp->idata_supported == 1))) { + pr_supported->chunk_types[num_ext++] = SCTP_IFORWARD_CUM_TSN; + } } if (((asoc != NULL) && (asoc->auth_supported == 1)) || ((asoc == NULL) && (inp->auth_supported == 1))) { @@ -5965,6 +5976,10 @@ do_a_abort: ((asoc == NULL) && (inp->reconfig_supported == 1))) { pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET; } + if (((asoc != NULL) && (asoc->idata_supported == 1)) || + ((asoc == NULL) && (inp->idata_supported == 1))) { + pr_supported->chunk_types[num_ext++] = SCTP_IDATA; + } if (((asoc != NULL) && (asoc->nrsack_supported == 1)) || ((asoc == NULL) && (inp->nrsack_supported == 1))) { pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK; @@ -6232,11 +6247,15 @@ sctp_get_frag_point(struct sctp_tcb *stcb, * we use a larger frag point. */ if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { - ovh = SCTP_MED_OVERHEAD; + ovh = SCTP_MIN_OVERHEAD; } else { - ovh = SCTP_MED_V4_OVERHEAD; + ovh = SCTP_MIN_V4_OVERHEAD; + } + if (stcb->asoc.idata_supported) { + ovh += sizeof(struct sctp_idata_chunk); + } else { + ovh += sizeof(struct sctp_data_chunk); } - if (stcb->asoc.sctp_frag_point > asoc->smallest_mtu) siz = asoc->smallest_mtu - ovh; else @@ -6361,6 +6380,8 @@ sctp_msg_append(struct sctp_tcb *stcb, sp->timetolive = srcv->sinfo_timetolive; sp->ppid = srcv->sinfo_ppid; sp->context = srcv->sinfo_context; + sp->fsn = 0; + sp->msg_id = atomic_fetchadd_int(&stcb->asoc.assoc_msg_id, 1); if (sp->sinfo_flags & SCTP_ADDR_OVER) { sp->net = net; atomic_add_int(&sp->net->ref_count, 1); @@ -7163,8 +7184,9 @@ sctp_move_to_outqueue(struct sctp_tcb *stcb, struct sctp_association *asoc; struct sctp_stream_queue_pending *sp; struct sctp_tmit_chunk *chk; - struct sctp_data_chunk *dchkh; - uint32_t to_move, length; + struct sctp_data_chunk *dchkh = NULL; + struct sctp_idata_chunk *ndchkh = NULL; + uint32_t to_move, length, leading; uint8_t rcv_flags = 0; uint8_t some_taken; uint8_t send_lock_up = 0; @@ -7173,6 +7195,7 @@ sctp_move_to_outqueue(struct sctp_tcb *stcb, asoc = &stcb->asoc; one_more_time: /* sa_ignore FREED_MEMORY */ + *locked = 0; sp = TAILQ_FIRST(&strq->outqueue); if (sp == NULL) { *locked = 0; @@ -7184,7 +7207,9 @@ one_more_time: if (sp) { goto one_more_time; } - if (strq->last_msg_incomplete) { + if ((sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_EXPLICIT_EOR) == 0) && + (stcb->asoc.idata_supported == 0) && + (strq->last_msg_incomplete)) { SCTP_PRINTF("Huh? Stream:%d lm_in_c=%d but queue is NULL\n", strq->stream_no, strq->last_msg_incomplete); @@ -7248,7 +7273,8 @@ one_more_time: * sender just finished this but still holds a * reference */ - *locked = 1; + if (stcb->asoc.idata_supported == 0) + *locked = 1; *giveup = 1; to_move = 0; goto out_of; @@ -7257,7 +7283,8 @@ one_more_time: /* is there some to get */ if (sp->length == 0) { /* no */ - *locked = 1; + if (stcb->asoc.idata_supported == 0) + *locked = 1; *giveup = 1; to_move = 0; goto out_of; @@ -7280,7 +7307,8 @@ one_more_time: } sp->length = 0; sp->some_taken = 1; - *locked = 1; + if (stcb->asoc.idata_supported == 0) + *locked = 1; *giveup = 1; to_move = 0; goto out_of; @@ -7342,7 +7370,8 @@ re_look: } } else { /* Nothing to take. */ - if (sp->some_taken) { + if ((sp->some_taken) && + (stcb->asoc.idata_supported == 0)) { *locked = 1; } *giveup = 1; @@ -7461,7 +7490,12 @@ dont_do_it: } else { atomic_subtract_int(&sp->length, to_move); } - if (M_LEADINGSPACE(chk->data) < (int)sizeof(struct sctp_data_chunk)) { + if (stcb->asoc.idata_supported == 0) { + leading = (int)sizeof(struct sctp_data_chunk); + } else { + leading = (int)sizeof(struct sctp_idata_chunk); + } + if (M_LEADINGSPACE(chk->data) < leading) { /* Not enough room for a chunk header, get some */ struct mbuf *m; @@ -7502,7 +7536,11 @@ dont_do_it: M_ALIGN(chk->data, 4); } } - SCTP_BUF_PREPEND(chk->data, sizeof(struct sctp_data_chunk), M_NOWAIT); + if (stcb->asoc.idata_supported == 0) { + SCTP_BUF_PREPEND(chk->data, sizeof(struct sctp_data_chunk), M_NOWAIT); + } else { + SCTP_BUF_PREPEND(chk->data, sizeof(struct sctp_idata_chunk), M_NOWAIT); + } if (chk->data == NULL) { /* HELP, TSNH since we assured it would not above? */ #ifdef INVARIANTS @@ -7515,8 +7553,13 @@ dont_do_it: to_move = 0; goto out_of; } - sctp_snd_sb_alloc(stcb, sizeof(struct sctp_data_chunk)); - chk->book_size = chk->send_size = (uint16_t) (to_move + sizeof(struct sctp_data_chunk)); + if (stcb->asoc.idata_supported == 0) { + sctp_snd_sb_alloc(stcb, sizeof(struct sctp_data_chunk)); + chk->book_size = chk->send_size = (uint16_t) (to_move + sizeof(struct sctp_data_chunk)); + } else { + sctp_snd_sb_alloc(stcb, sizeof(struct sctp_idata_chunk)); + chk->book_size = chk->send_size = (uint16_t) (to_move + sizeof(struct sctp_idata_chunk)); + } chk->book_size_scale = 0; chk->sent = SCTP_DATAGRAM_UNSENT; @@ -7555,7 +7598,11 @@ dont_do_it: (uint32_t) ((chk->rec.data.stream_number << 16) | chk->rec.data.stream_seq), chk->rec.data.TSN_seq); } - dchkh = mtod(chk->data, struct sctp_data_chunk *); + if (stcb->asoc.idata_supported == 0) { + dchkh = mtod(chk->data, struct sctp_data_chunk *); + } else { + ndchkh = mtod(chk->data, struct sctp_idata_chunk *); + } /* * Put the rest of the things in place now. Size was done earlier in * previous loop prior to padding. @@ -7577,14 +7624,29 @@ dont_do_it: asoc->out_tsnlog[asoc->tsn_out_at].in_out = 2; asoc->tsn_out_at++; #endif - - dchkh->ch.chunk_type = SCTP_DATA; - dchkh->ch.chunk_flags = chk->rec.data.rcv_flags; - dchkh->dp.tsn = htonl(chk->rec.data.TSN_seq); - dchkh->dp.stream_id = htons(strq->stream_no); - dchkh->dp.stream_sequence = htons(chk->rec.data.stream_seq); - dchkh->dp.protocol_id = chk->rec.data.payloadtype; - dchkh->ch.chunk_length = htons(chk->send_size); + if (stcb->asoc.idata_supported == 0) { + dchkh->ch.chunk_type = SCTP_DATA; + dchkh->ch.chunk_flags = chk->rec.data.rcv_flags; + dchkh->dp.tsn = htonl(chk->rec.data.TSN_seq); + dchkh->dp.stream_id = htons((strq->stream_no & 0x0000ffff)); + dchkh->dp.stream_sequence = htons(chk->rec.data.stream_seq); + dchkh->dp.protocol_id = chk->rec.data.payloadtype; + dchkh->ch.chunk_length = htons(chk->send_size); + } else { + ndchkh->ch.chunk_type = SCTP_IDATA; + ndchkh->ch.chunk_flags = chk->rec.data.rcv_flags; + ndchkh->dp.tsn = htonl(chk->rec.data.TSN_seq); + ndchkh->dp.stream_id = htons(strq->stream_no); + /* WHAT DO WE DO HERE??? */ + ndchkh->dp.reserved = htons(0); + ndchkh->dp.msg_id = htonl(sp->msg_id); + if (sp->fsn == 0) + ndchkh->dp.protocol_id = chk->rec.data.payloadtype; + else + ndchkh->dp.fsn = htonl(sp->fsn); + sp->fsn++; + ndchkh->ch.chunk_length = htons(chk->send_size); + } /* Now advance the chk->send_size by the actual pad needed. */ if (chk->send_size < SCTP_SIZE32(chk->book_size)) { /* need a pad */ @@ -7640,7 +7702,8 @@ dont_do_it: stcb->asoc.locked_on_sending = NULL; } else { /* more to go, we are locked */ - *locked = 1; + if (stcb->asoc.idata_supported == 0) + *locked = 1; } asoc->chunks_on_out_queue++; strq->chunks_on_queues++; @@ -7686,7 +7749,11 @@ sctp_fill_outqueue(struct sctp_tcb *stcb, break; } /* Need an allowance for the data chunk header too */ - goal_mtu -= sizeof(struct sctp_data_chunk); + if (stcb->asoc.idata_supported == 0) { + goal_mtu -= sizeof(struct sctp_data_chunk); + } else { + goal_mtu -= sizeof(struct sctp_idata_chunk); + } /* must make even word boundary */ goal_mtu &= 0xfffffffc; @@ -7797,12 +7864,15 @@ sctp_med_chunk_output(struct sctp_inpcb *inp, { /** * Ok this is the generic chunk service queue. we must do the - * following: - Service the stream queue that is next, moving any - * message (note I must get a complete message i.e. FIRST/MIDDLE and - * LAST to the out queue in one pass) and assigning TSN's - Check to - * see if the cwnd/rwnd allows any output, if so we go ahead and - * fomulate and send the low level chunks. Making sure to combine - * any control in the control chunk queue also. + * following: + * - Service the stream queue that is next, moving any + * message (note I must get a complete message i.e. FIRST/MIDDLE and + * LAST to the out queue in one pass) and assigning TSN's. This + * only applys though if the peer does not support NDATA. For NDATA + * chunks its ok to not send the entire message ;-) + * - Check to see if the cwnd/rwnd allows any output, if so we go ahead and + * fomulate and send the low level chunks. Making sure to combine + * any control in the control chunk queue also. */ struct sctp_nets *net, *start_at, *sack_goes_to = NULL, *old_start_at = NULL; struct mbuf *outchain, *endoutchain; @@ -10225,7 +10295,13 @@ send_forward_tsn(struct sctp_tcb *stcb, struct sctp_tmit_chunk *chk; struct sctp_forward_tsn_chunk *fwdtsn; uint32_t advance_peer_ack_point; + int old; + if (asoc->idata_supported) { + old = 0; + } else { + old = 1; + } SCTP_TCB_LOCK_ASSERT(stcb); TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) { if (chk->rec.chunk_id.id == SCTP_FORWARD_CUM_TSN) { @@ -10247,6 +10323,11 @@ send_forward_tsn(struct sctp_tcb *stcb, } asoc->fwd_tsn_cnt++; chk->copy_by_ref = 0; + /* + * We don't do the old thing here since this is used not for on-wire + * but to tell if we are sending a fwd-tsn by the stack during + * output. And if its a IFORWARD or a FORWARD it is a fwd-tsn. + */ chk->rec.chunk_id.id = SCTP_FORWARD_CUM_TSN; chk->rec.chunk_id.can_take_data = 0; chk->flags = 0; @@ -10271,6 +10352,7 @@ sctp_fill_in_rest: { struct sctp_tmit_chunk *at, *tp1, *last; struct sctp_strseq *strseq; + struct sctp_strseq_mid *strseq_m; unsigned int cnt_of_space, i, ovh; unsigned int space_needed; unsigned int cnt_of_skipped = 0; @@ -10287,9 +10369,13 @@ sctp_fill_in_rest: } cnt_of_skipped++; } - space_needed = (sizeof(struct sctp_forward_tsn_chunk) + - (cnt_of_skipped * sizeof(struct sctp_strseq))); - + if (old) { + space_needed = (sizeof(struct sctp_forward_tsn_chunk) + + (cnt_of_skipped * sizeof(struct sctp_strseq))); + } else { + space_needed = (sizeof(struct sctp_forward_tsn_chunk) + + (cnt_of_skipped * sizeof(struct sctp_strseq_mid))); + } cnt_of_space = (unsigned int)M_TRAILINGSPACE(chk->data); if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { @@ -10318,8 +10404,13 @@ sctp_fill_in_rest: 0xff, 0xff, cnt_of_space, space_needed); } - cnt_of_skipped = cnt_of_space - sizeof(struct sctp_forward_tsn_chunk); - cnt_of_skipped /= sizeof(struct sctp_strseq); + if (old) { + cnt_of_skipped = cnt_of_space - sizeof(struct sctp_forward_tsn_chunk); + cnt_of_skipped /= sizeof(struct sctp_strseq); + } else { + cnt_of_skipped = cnt_of_space - sizeof(struct sctp_forward_tsn_chunk); + cnt_of_skipped /= sizeof(struct sctp_strseq_mid); + } /*- * Go through and find the TSN that will be the one * we report. @@ -10346,15 +10437,24 @@ sctp_fill_in_rest: */ if (last) advance_peer_ack_point = last->rec.data.TSN_seq; - space_needed = sizeof(struct sctp_forward_tsn_chunk) + - cnt_of_skipped * sizeof(struct sctp_strseq); + if (old) { + space_needed = sizeof(struct sctp_forward_tsn_chunk) + + cnt_of_skipped * sizeof(struct sctp_strseq); + } else { + space_needed = sizeof(struct sctp_forward_tsn_chunk) + + cnt_of_skipped * sizeof(struct sctp_strseq_mid); + } } chk->send_size = space_needed; /* Setup the chunk */ fwdtsn = mtod(chk->data, struct sctp_forward_tsn_chunk *); fwdtsn->ch.chunk_length = htons(chk->send_size); fwdtsn->ch.chunk_flags = 0; - fwdtsn->ch.chunk_type = SCTP_FORWARD_CUM_TSN; + if (old) { + fwdtsn->ch.chunk_type = SCTP_FORWARD_CUM_TSN; + } else { + fwdtsn->ch.chunk_type = SCTP_IFORWARD_CUM_TSN; + } fwdtsn->new_cumulative_tsn = htonl(advance_peer_ack_point); SCTP_BUF_LEN(chk->data) = chk->send_size; fwdtsn++; @@ -10362,7 +10462,11 @@ sctp_fill_in_rest: * Move pointer to after the fwdtsn and transfer to the * strseq pointer. */ - strseq = (struct sctp_strseq *)fwdtsn; + if (old) { + strseq = (struct sctp_strseq *)fwdtsn; + } else { + strseq_m = (struct sctp_strseq_mid *)fwdtsn; + } /*- * Now populate the strseq list. This is done blindly * without pulling out duplicate stream info. This is @@ -10389,9 +10493,15 @@ sctp_fill_in_rest: if (at->rec.data.TSN_seq == advance_peer_ack_point) { at->rec.data.fwd_tsn_cnt = 0; } - strseq->stream = ntohs(at->rec.data.stream_number); - strseq->sequence = ntohs(at->rec.data.stream_seq); - strseq++; + if (old) { + strseq->stream = ntohs(at->rec.data.stream_number); + strseq->sequence = ntohs(at->rec.data.stream_seq); + strseq++; + } else { + strseq_m->stream = ntohs(at->rec.data.stream_number); + strseq_m->msg_id = ntohl(at->rec.data.stream_seq); + strseq_m++; + } at = tp1; } } @@ -12312,6 +12422,8 @@ sctp_copy_it_in(struct sctp_tcb *stcb, sp->timetolive = srcv->sinfo_timetolive; sp->ppid = srcv->sinfo_ppid; sp->context = srcv->sinfo_context; + sp->fsn = 0; + sp->msg_id = atomic_fetchadd_int(&stcb->asoc.assoc_msg_id, 1); (void)SCTP_GETTIME_TIMEVAL(&sp->ts); sp->stream = srcv->sinfo_stream; @@ -13065,8 +13177,10 @@ skip_preblock: * interrupt. */ strm->last_msg_incomplete = 1; - asoc->stream_locked = 1; - asoc->stream_locked_on = srcv->sinfo_stream; + if (stcb->asoc.idata_supported == 0) { + asoc->stream_locked = 1; + asoc->stream_locked_on = srcv->sinfo_stream; + } sp->sender_all_done = 0; } sctp_snd_sb_alloc(stcb, sp->length); @@ -13325,8 +13439,10 @@ skip_preblock: if (sp) { if (sp->msg_is_complete == 0) { strm->last_msg_incomplete = 1; - asoc->stream_locked = 1; - asoc->stream_locked_on = srcv->sinfo_stream; + if (stcb->asoc.idata_supported == 0) { + asoc->stream_locked = 1; + asoc->stream_locked_on = srcv->sinfo_stream; + } } else { sp->sender_all_done = 1; strm->last_msg_incomplete = 0; diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c index 12aa145aea44..2013fbcd59af 100644 --- a/sys/netinet/sctp_pcb.c +++ b/sys/netinet/sctp_pcb.c @@ -2476,6 +2476,8 @@ sctp_inpcb_alloc(struct socket *so, uint32_t vrf_id) inp->reconfig_supported = (uint8_t) SCTP_BASE_SYSCTL(sctp_reconfig_enable); inp->nrsack_supported = (uint8_t) SCTP_BASE_SYSCTL(sctp_nrsack_enable); inp->pktdrop_supported = (uint8_t) SCTP_BASE_SYSCTL(sctp_pktdrop_enable); + inp->idata_supported = 0; + inp->fibnum = so->so_fibnum; /* init the small hash table we use to track asocid <-> tcb */ inp->sctp_asocidhash = SCTP_HASH_INIT(SCTP_STACK_VTAG_HASH_SIZE, &inp->hashasocidmark); @@ -3660,8 +3662,7 @@ sctp_inpcb_free(struct sctp_inpcb *inp, int immediate, int from) * no need to free the net count, since at this point all * assoc's are gone. */ - SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), sq); - SCTP_DECR_READQ_COUNT(); + sctp_free_a_readq(NULL, sq); } /* Now the sctp_pcb things */ /* @@ -4649,6 +4650,45 @@ sctp_add_vtag_to_timewait(uint32_t tag, uint32_t time, uint16_t lport, uint16_t } } +void +sctp_clean_up_stream(struct sctp_tcb *stcb, struct sctp_readhead *rh) +{ + struct sctp_tmit_chunk *chk, *nchk; + struct sctp_queued_to_read *ctl, *nctl; + + TAILQ_FOREACH_SAFE(ctl, rh, next_instrm, nctl) { + TAILQ_REMOVE(rh, ctl, next_instrm); + ctl->on_strm_q = 0; + if (ctl->on_read_q == 0) { + sctp_free_remote_addr(ctl->whoFrom); + if (ctl->data) { + sctp_m_freem(ctl->data); + ctl->data = NULL; + } + } + /* Reassembly free? */ + TAILQ_FOREACH_SAFE(chk, &ctl->reasm, sctp_next, nchk) { + TAILQ_REMOVE(&ctl->reasm, chk, sctp_next); + if (chk->data) { + sctp_m_freem(chk->data); + chk->data = NULL; + } + if (chk->holds_key_ref) + sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); + sctp_free_remote_addr(chk->whoTo); + SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); + SCTP_DECR_CHK_COUNT(); + /* sa_ignore FREED_MEMORY */ + } + /* + * We don't free the address here since all the net's were + * freed above. + */ + if (ctl->on_read_q == 0) { + sctp_free_a_readq(stcb, ctl); + } + } +} /*- @@ -4986,8 +5026,7 @@ sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int from_inpcbfre sq->whoFrom = NULL; sq->stcb = NULL; /* Free the ctl entry */ - SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), sq); - SCTP_DECR_READQ_COUNT(); + sctp_free_a_readq(stcb, sq); /* sa_ignore FREED_MEMORY */ } TAILQ_FOREACH_SAFE(chk, &asoc->free_chunks, sctp_next, nchk) { @@ -5100,20 +5139,6 @@ sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int from_inpcbfre SCTP_DECR_CHK_COUNT(); /* sa_ignore FREED_MEMORY */ } - TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) { - TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next); - if (chk->data) { - sctp_m_freem(chk->data); - chk->data = NULL; - } - if (chk->holds_key_ref) - sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); - sctp_free_remote_addr(chk->whoTo); - SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); - SCTP_DECR_CHK_COUNT(); - /* sa_ignore FREED_MEMORY */ - } - if (asoc->mapping_array) { SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); asoc->mapping_array = NULL; @@ -5129,23 +5154,9 @@ sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int from_inpcbfre } asoc->strm_realoutsize = asoc->streamoutcnt = 0; if (asoc->strmin) { - struct sctp_queued_to_read *ctl, *nctl; - for (i = 0; i < asoc->streamincnt; i++) { - TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[i].inqueue, next, nctl) { - TAILQ_REMOVE(&asoc->strmin[i].inqueue, ctl, next); - sctp_free_remote_addr(ctl->whoFrom); - if (ctl->data) { - sctp_m_freem(ctl->data); - ctl->data = NULL; - } - /* - * We don't free the address here since all - * the net's were freed above. - */ - SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), ctl); - SCTP_DECR_READQ_COUNT(); - } + sctp_clean_up_stream(stcb, &asoc->strmin[i].inqueue); + sctp_clean_up_stream(stcb, &asoc->strmin[i].uno_inqueue); } SCTP_FREE(asoc->strmin, SCTP_M_STRMI); asoc->strmin = NULL; @@ -6094,6 +6105,7 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m, uint8_t peer_supports_reconfig; uint8_t peer_supports_nrsack; uint8_t peer_supports_pktdrop; + uint8_t peer_supports_idata; #ifdef INET struct sockaddr_in sin; @@ -6122,6 +6134,7 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m, } else { sa = src; } + peer_supports_idata = 0; peer_supports_ecn = 0; peer_supports_prsctp = 0; peer_supports_auth = 0; @@ -6502,6 +6515,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m, case SCTP_AUTHENTICATION: peer_supports_auth = 1; break; + case SCTP_IDATA: + peer_supports_idata = 1; + break; default: /* one I have not learned yet */ break; @@ -6660,6 +6676,10 @@ next_param: (peer_supports_reconfig == 0)) { stcb->asoc.reconfig_supported = 0; } + if ((stcb->asoc.idata_supported == 1) && + (peer_supports_idata == 0)) { + stcb->asoc.idata_supported = 0; + } if ((stcb->asoc.nrsack_supported == 1) && (peer_supports_nrsack == 0)) { stcb->asoc.nrsack_supported = 0; @@ -6851,26 +6871,9 @@ sctp_drain_mbufs(struct sctp_tcb *stcb) SCTP_STAT_INCR(sctps_protocol_drains_done); cumulative_tsn_p1 = asoc->cumulative_tsn + 1; cnt = 0; - /* First look in the re-assembly queue */ - TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) { - if (SCTP_TSN_GT(chk->rec.data.TSN_seq, cumulative_tsn_p1)) { - /* Yep it is above cum-ack */ - cnt++; - SCTP_CALC_TSN_TO_GAP(gap, chk->rec.data.TSN_seq, asoc->mapping_array_base_tsn); - asoc->size_on_reasm_queue = sctp_sbspace_sub(asoc->size_on_reasm_queue, chk->send_size); - sctp_ucount_decr(asoc->cnt_on_reasm_queue); - SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); - TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next); - if (chk->data) { - sctp_m_freem(chk->data); - chk->data = NULL; - } - sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); - } - } /* Ok that was fun, now we will drain all the inbound streams? */ for (strmat = 0; strmat < asoc->streamincnt; strmat++) { - TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[strmat].inqueue, next, nctl) { + TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[strmat].inqueue, next_instrm, nctl) { if (SCTP_TSN_GT(ctl->sinfo_tsn, cumulative_tsn_p1)) { /* Yep it is above cum-ack */ cnt++; @@ -6878,14 +6881,58 @@ sctp_drain_mbufs(struct sctp_tcb *stcb) asoc->size_on_all_streams = sctp_sbspace_sub(asoc->size_on_all_streams, ctl->length); sctp_ucount_decr(asoc->cnt_on_all_streams); SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); - TAILQ_REMOVE(&asoc->strmin[strmat].inqueue, ctl, next); + TAILQ_REMOVE(&asoc->strmin[strmat].inqueue, ctl, next_instrm); if (ctl->data) { sctp_m_freem(ctl->data); ctl->data = NULL; } sctp_free_remote_addr(ctl->whoFrom); - SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), ctl); - SCTP_DECR_READQ_COUNT(); + /* Now its reasm? */ + TAILQ_FOREACH_SAFE(chk, &ctl->reasm, sctp_next, nchk) { + cnt++; + SCTP_CALC_TSN_TO_GAP(gap, chk->rec.data.TSN_seq, asoc->mapping_array_base_tsn); + asoc->size_on_reasm_queue = sctp_sbspace_sub(asoc->size_on_reasm_queue, chk->send_size); + sctp_ucount_decr(asoc->cnt_on_reasm_queue); + SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); + TAILQ_REMOVE(&ctl->reasm, chk, sctp_next); + if (chk->data) { + sctp_m_freem(chk->data); + chk->data = NULL; + } + sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); + } + sctp_free_a_readq(stcb, ctl); + } + } + TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[strmat].uno_inqueue, next_instrm, nctl) { + if (SCTP_TSN_GT(ctl->sinfo_tsn, cumulative_tsn_p1)) { + /* Yep it is above cum-ack */ + cnt++; + SCTP_CALC_TSN_TO_GAP(gap, ctl->sinfo_tsn, asoc->mapping_array_base_tsn); + asoc->size_on_all_streams = sctp_sbspace_sub(asoc->size_on_all_streams, ctl->length); + sctp_ucount_decr(asoc->cnt_on_all_streams); + SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); + TAILQ_REMOVE(&asoc->strmin[strmat].uno_inqueue, ctl, next_instrm); + if (ctl->data) { + sctp_m_freem(ctl->data); + ctl->data = NULL; + } + sctp_free_remote_addr(ctl->whoFrom); + /* Now its reasm? */ + TAILQ_FOREACH_SAFE(chk, &ctl->reasm, sctp_next, nchk) { + cnt++; + SCTP_CALC_TSN_TO_GAP(gap, chk->rec.data.TSN_seq, asoc->mapping_array_base_tsn); + asoc->size_on_reasm_queue = sctp_sbspace_sub(asoc->size_on_reasm_queue, chk->send_size); + sctp_ucount_decr(asoc->cnt_on_reasm_queue); + SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); + TAILQ_REMOVE(&ctl->reasm, chk, sctp_next); + if (chk->data) { + sctp_m_freem(chk->data); + chk->data = NULL; + } + sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); + } + sctp_free_a_readq(stcb, ctl); } } } diff --git a/sys/netinet/sctp_pcb.h b/sys/netinet/sctp_pcb.h index f28016a6277c..a5810a73cd26 100644 --- a/sys/netinet/sctp_pcb.h +++ b/sys/netinet/sctp_pcb.h @@ -410,6 +410,7 @@ struct sctp_inpcb { uint8_t ecn_supported; uint8_t prsctp_supported; uint8_t auth_supported; + uint8_t idata_supported; uint8_t asconf_supported; uint8_t reconfig_supported; uint8_t nrsack_supported; @@ -629,6 +630,8 @@ int sctp_destination_is_reachable(struct sctp_tcb *, struct sockaddr *); int sctp_swap_inpcb_for_listen(struct sctp_inpcb *inp); +void sctp_clean_up_stream(struct sctp_tcb *stcb, struct sctp_readhead *rh); + /*- * Null in last arg inpcb indicate run on ALL ep's. Specific inp in last arg * indicates run on ONLY assoc's of the specified endpoint. diff --git a/sys/netinet/sctp_structs.h b/sys/netinet/sctp_structs.h index 875665023201..87aa05b92b6c 100644 --- a/sys/netinet/sctp_structs.h +++ b/sys/netinet/sctp_structs.h @@ -389,7 +389,7 @@ struct sctp_nets { struct sctp_data_chunkrec { uint32_t TSN_seq; /* the TSN of this transmit */ - uint16_t stream_seq; /* the stream sequence number of this transmit */ + uint32_t stream_seq; /* the stream sequence number of this transmit */ uint16_t stream_number; /* the stream number of this guy */ uint32_t payloadtype; uint32_t context; /* from send */ @@ -400,6 +400,7 @@ struct sctp_data_chunkrec { */ uint32_t fast_retran_tsn; /* sending_seq at the time of FR */ struct timeval timetodrop; /* time we drop it from queue */ + uint32_t fsn_num; /* Fragment Sequence Number */ uint8_t doing_fast_retransmit; uint8_t rcv_flags; /* flags pulled from data chunk on inbound for * outbound holds sending flags for PR-SCTP. */ @@ -458,7 +459,7 @@ struct sctp_tmit_chunk { */ struct sctp_queued_to_read { /* sinfo structure Pluse more */ uint16_t sinfo_stream; /* off the wire */ - uint16_t sinfo_ssn; /* off the wire */ + uint32_t sinfo_ssn; /* off the wire */ uint16_t sinfo_flags; /* SCTP_UNORDERED from wire use SCTP_EOF for * EOR */ uint32_t sinfo_ppid; /* off the wire */ @@ -468,8 +469,11 @@ struct sctp_queued_to_read { /* sinfo structure Pluse more */ uint32_t sinfo_cumtsn; /* Use this in reassembly as last TSN */ sctp_assoc_t sinfo_assoc_id; /* our assoc id */ /* Non sinfo stuff */ + uint32_t msg_id; /* Fragment Index */ uint32_t length; /* length of data */ uint32_t held_length; /* length held in sb */ + uint32_t top_fsn; /* Highest FSN in queue */ + uint32_t fsn_included; /* Highest FSN in *data portion */ struct sctp_nets *whoFrom; /* where it came from */ struct mbuf *data; /* front of the mbuf chain of data with * PKT_HDR */ @@ -478,14 +482,24 @@ struct sctp_queued_to_read { /* sinfo structure Pluse more */ * take it from us */ struct sctp_tcb *stcb; /* assoc, used for window update */ TAILQ_ENTRY(sctp_queued_to_read) next; + TAILQ_ENTRY(sctp_queued_to_read) next_instrm; + struct sctpchunk_listhead reasm; uint16_t port_from; uint16_t spec_flags; /* Flags to hold the notification field */ uint8_t do_not_ref_stcb; uint8_t end_added; uint8_t pdapi_aborted; + uint8_t pdapi_started; uint8_t some_taken; + uint8_t last_frag_seen; + uint8_t first_frag_seen; + uint8_t on_read_q; + uint8_t on_strm_q; }; +#define SCTP_ON_ORDERED 1 +#define SCTP_ON_UNORDERED 2 + /* This data structure will be on the outbound * stream queues. Data will be pulled off from * the front of the mbuf data and chunk-ified @@ -511,6 +525,8 @@ struct sctp_stream_queue_pending { struct sctp_nets *net; TAILQ_ENTRY(sctp_stream_queue_pending) next; TAILQ_ENTRY(sctp_stream_queue_pending) ss_next; + uint32_t fsn; + uint32_t msg_id; uint32_t length; uint32_t timetolive; uint32_t ppid; @@ -534,9 +550,11 @@ struct sctp_stream_queue_pending { TAILQ_HEAD(sctpwheelunrel_listhead, sctp_stream_in); struct sctp_stream_in { struct sctp_readhead inqueue; + struct sctp_readhead uno_inqueue; + uint32_t last_sequence_delivered; /* used for re-order */ uint16_t stream_no; - uint16_t last_sequence_delivered; /* used for re-order */ uint8_t delivery_started; + uint8_t pd_api_started; }; TAILQ_HEAD(sctpwheel_listhead, sctp_stream_out); @@ -605,8 +623,8 @@ struct sctp_stream_out { uint32_t abandoned_unsent[1]; uint32_t abandoned_sent[1]; #endif + uint32_t next_sequence_send; /* next one I expect to send out */ uint16_t stream_no; - uint16_t next_sequence_send; /* next one I expect to send out */ uint8_t last_msg_incomplete; uint8_t state; }; @@ -635,12 +653,13 @@ struct sctp_scoping { struct sctp_tsn_log { void *stcb; uint32_t tsn; + uint32_t seq; uint16_t strm; - uint16_t seq; uint16_t sz; uint16_t flgs; uint16_t in_pos; uint16_t in_out; + uint16_t resv; }; #define SCTP_FS_SPEC_LOG_SIZE 200 @@ -811,9 +830,6 @@ struct sctp_association { struct sctpchunk_listhead sent_queue; struct sctpchunk_listhead send_queue; - /* re-assembly queue for fragmented chunks on the inbound path */ - struct sctpchunk_listhead reasmqueue; - /* Scheduling queues */ union scheduling_data ss_data; @@ -881,7 +897,7 @@ struct sctp_association { uint32_t stream_scheduling_module; uint32_t vrf_id; - + uint32_t assoc_msg_id; uint32_t cookie_preserve_req; /* ASCONF next seq I am sending out, inits at init-tsn */ uint32_t asconf_seq_out; @@ -1177,12 +1193,12 @@ struct sctp_association { uint8_t reconfig_supported; uint8_t nrsack_supported; uint8_t pktdrop_supported; + uint8_t idata_supported; /* Did the peer make the stream config (add out) request */ uint8_t peer_req_out; uint8_t local_strreset_support; - uint8_t peer_supports_nat; struct sctp_scoping scope; diff --git a/sys/netinet/sctp_sysctl.h b/sys/netinet/sctp_sysctl.h index 38494add3d83..7a7ffc709d38 100644 --- a/sys/netinet/sctp_sysctl.h +++ b/sys/netinet/sctp_sysctl.h @@ -432,7 +432,7 @@ struct sctp_sysctl { #define SCTPCTL_STRICT_DATA_ORDER_DESC "Enforce strict data ordering, abort if control inside data" #define SCTPCTL_STRICT_DATA_ORDER_MIN 0 #define SCTPCTL_STRICT_DATA_ORDER_MAX 1 -#define SCTPCTL_STRICT_DATA_ORDER_DEFAULT 0 +#define SCTPCTL_STRICT_DATA_ORDER_DEFAULT 1 /* min_residual: min residual in a data fragment leftover */ #define SCTPCTL_MIN_RESIDUAL_DESC "Minimum residual data chunk in second part of split" diff --git a/sys/netinet/sctp_uio.h b/sys/netinet/sctp_uio.h index 2299f66fa51d..248a25e31642 100644 --- a/sys/netinet/sctp_uio.h +++ b/sys/netinet/sctp_uio.h @@ -318,12 +318,13 @@ struct sctp_assoc_change { #define SCTP_CANT_STR_ASSOC 0x0005 /* sac_info values */ -#define SCTP_ASSOC_SUPPORTS_PR 0x01 -#define SCTP_ASSOC_SUPPORTS_AUTH 0x02 -#define SCTP_ASSOC_SUPPORTS_ASCONF 0x03 -#define SCTP_ASSOC_SUPPORTS_MULTIBUF 0x04 -#define SCTP_ASSOC_SUPPORTS_RE_CONFIG 0x05 -#define SCTP_ASSOC_SUPPORTS_MAX 0x05 +#define SCTP_ASSOC_SUPPORTS_PR 0x01 +#define SCTP_ASSOC_SUPPORTS_AUTH 0x02 +#define SCTP_ASSOC_SUPPORTS_ASCONF 0x03 +#define SCTP_ASSOC_SUPPORTS_MULTIBUF 0x04 +#define SCTP_ASSOC_SUPPORTS_RE_CONFIG 0x05 +#define SCTP_ASSOC_SUPPORTS_INTERLEAVING 0x06 +#define SCTP_ASSOC_SUPPORTS_MAX 0x06 /* * Address event */ diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c index a75f0259f0cb..64d3a2629436 100644 --- a/sys/netinet/sctp_usrreq.c +++ b/sys/netinet/sctp_usrreq.c @@ -1730,6 +1730,37 @@ flags_out: *optsize = sizeof(uint32_t); break; } + case SCTP_INTERLEAVING_SUPPORTED: + { + struct sctp_assoc_value *av; + + SCTP_CHECK_AND_CAST(av, optval, struct sctp_assoc_value, *optsize); + SCTP_FIND_STCB(inp, stcb, av->assoc_id); + + if (stcb) { + av->assoc_value = stcb->asoc.idata_supported; + SCTP_TCB_UNLOCK(stcb); + } else { + if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || + (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || + (av->assoc_id == SCTP_FUTURE_ASSOC)) { + SCTP_INP_RLOCK(inp); + if (inp->idata_supported) { + av->assoc_value = 1; + } else { + av->assoc_value = 0; + } + SCTP_INP_RUNLOCK(inp); + } else { + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); + error = EINVAL; + } + } + if (error == 0) { + *optsize = sizeof(struct sctp_assoc_value); + } + break; + } case SCTP_CMT_ON_OFF: { struct sctp_assoc_value *av; @@ -3904,6 +3935,47 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, } break; } + case SCTP_INTERLEAVING_SUPPORTED: + { + struct sctp_assoc_value *av; + + SCTP_CHECK_AND_CAST(av, optval, struct sctp_assoc_value, optsize); + SCTP_FIND_STCB(inp, stcb, av->assoc_id); + + if (stcb) { + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); + error = EINVAL; + SCTP_TCB_UNLOCK(stcb); + } else { + if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || + (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || + (av->assoc_id == SCTP_FUTURE_ASSOC)) { + SCTP_INP_WLOCK(inp); + if (av->assoc_value == 0) { + inp->idata_supported = 0; + } else { + if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE)) && + (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS))) { + inp->idata_supported = 1; + } else { + /* + * Must have Frag + * interleave and + * stream interleave + * on + */ + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); + error = EINVAL; + } + } + SCTP_INP_WUNLOCK(inp); + } else { + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); + error = EINVAL; + } + } + break; + } case SCTP_CMT_ON_OFF: if (SCTP_BASE_SYSCTL(sctp_cmt_on_off)) { struct sctp_assoc_value *av; diff --git a/sys/netinet/sctp_var.h b/sys/netinet/sctp_var.h index 7213b97684bd..b4656e99f78f 100644 --- a/sys/netinet/sctp_var.h +++ b/sys/netinet/sctp_var.h @@ -97,11 +97,19 @@ extern struct pr_usrreqs sctp_usrreqs; * an mbuf cache as well so it is not really worth doing, at least * right now :-D */ - +#ifdef INVARIANTS +#define sctp_free_a_readq(_stcb, _readq) { \ + if ((_readq)->on_strm_q) \ + panic("On strm q stcb:%p readq:%p", (_stcb), (_readq)); \ + SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), (_readq)); \ + SCTP_DECR_READQ_COUNT(); \ +} +#else #define sctp_free_a_readq(_stcb, _readq) { \ SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), (_readq)); \ SCTP_DECR_READQ_COUNT(); \ } +#endif #define sctp_alloc_a_readq(_stcb, _readq) { \ (_readq) = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_readq), struct sctp_queued_to_read); \ @@ -196,7 +204,7 @@ extern struct pr_usrreqs sctp_usrreqs; } #define sctp_sbfree(ctl, stcb, sb, m) { \ - SCTP_SAVE_ATOMIC_DECREMENT(&(sb)->sb_cc, SCTP_BUF_LEN((m))); \ + SCTP_SAVE_ATOMIC_DECREMENT(&(sb)->sb_cc, SCTP_BUF_LEN((m))); \ SCTP_SAVE_ATOMIC_DECREMENT(&(sb)->sb_mbcnt, MSIZE); \ if (((ctl)->do_not_ref_stcb == 0) && stcb) {\ SCTP_SAVE_ATOMIC_DECREMENT(&(stcb)->asoc.sb_cc, SCTP_BUF_LEN((m))); \ @@ -211,7 +219,7 @@ extern struct pr_usrreqs sctp_usrreqs; atomic_add_int(&(sb)->sb_cc,SCTP_BUF_LEN((m))); \ atomic_add_int(&(sb)->sb_mbcnt, MSIZE); \ if (stcb) { \ - atomic_add_int(&(stcb)->asoc.sb_cc,SCTP_BUF_LEN((m))); \ + atomic_add_int(&(stcb)->asoc.sb_cc, SCTP_BUF_LEN((m))); \ atomic_add_int(&(stcb)->asoc.my_rwnd_control_len, MSIZE); \ } \ if (SCTP_BUF_TYPE(m) != MT_DATA && SCTP_BUF_TYPE(m) != MT_HEADER && \ diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c index 9434f06b146b..87aa5197ff20 100644 --- a/sys/netinet/sctputil.c +++ b/sys/netinet/sctputil.c @@ -970,11 +970,13 @@ sctp_init_asoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, asoc->sctp_cmt_on_off = inp->sctp_cmt_on_off; asoc->ecn_supported = inp->ecn_supported; asoc->prsctp_supported = inp->prsctp_supported; + asoc->idata_supported = inp->idata_supported; asoc->auth_supported = inp->auth_supported; asoc->asconf_supported = inp->asconf_supported; asoc->reconfig_supported = inp->reconfig_supported; asoc->nrsack_supported = inp->nrsack_supported; asoc->pktdrop_supported = inp->pktdrop_supported; + asoc->idata_supported = inp->idata_supported; asoc->sctp_cmt_pf = (uint8_t) 0; asoc->sctp_frag_point = inp->sctp_frag_point; asoc->sctp_features = inp->sctp_features; @@ -1163,7 +1165,6 @@ sctp_init_asoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, TAILQ_INIT(&asoc->asconf_send_queue); TAILQ_INIT(&asoc->send_queue); TAILQ_INIT(&asoc->sent_queue); - TAILQ_INIT(&asoc->reasmqueue); TAILQ_INIT(&asoc->resetHead); asoc->max_inbound_streams = inp->sctp_ep.max_open_streams_intome; TAILQ_INIT(&asoc->asconf_queue); @@ -2736,6 +2737,9 @@ sctp_notify_assoc_change(uint16_t state, struct sctp_tcb *stcb, if (stcb->asoc.asconf_supported == 1) { sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_ASCONF; } + if (stcb->asoc.idata_supported == 1) { + sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_INTERLEAVING; + } sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_MULTIBUF; if (stcb->asoc.reconfig_supported == 1) { sac->sac_info[i++] = SCTP_ASSOC_SUPPORTS_RE_CONFIG; @@ -4449,6 +4453,43 @@ sctp_pull_off_control_to_new_inp(struct sctp_inpcb *old_inp, SCTP_INP_READ_UNLOCK(new_inp); } +void +sctp_wakeup_the_read_socket(struct sctp_inpcb *inp) +{ + if (inp && inp->sctp_socket) { + if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_ZERO_COPY_ACTIVE)) { + SCTP_ZERO_COPY_EVENT(inp, inp->sctp_socket); + } else { +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) + struct socket *so; + + so = SCTP_INP_SO(inp); + if (!so_locked) { + if (stcb) { + atomic_add_int(&stcb->asoc.refcnt, 1); + SCTP_TCB_UNLOCK(stcb); + } + SCTP_SOCKET_LOCK(so, 1); + if (stcb) { + SCTP_TCB_LOCK(stcb); + atomic_subtract_int(&stcb->asoc.refcnt, 1); + } + if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { + SCTP_SOCKET_UNLOCK(so, 1); + return; + } + } +#endif + sctp_sorwakeup(inp, inp->sctp_socket); +#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) + if (!so_locked) { + SCTP_SOCKET_UNLOCK(so, 1); + } +#endif + } + } +} + void sctp_add_to_readq(struct sctp_inpcb *inp, struct sctp_tcb *stcb, @@ -4484,7 +4525,7 @@ sctp_add_to_readq(struct sctp_inpcb *inp, sctp_m_freem(control->data); control->data = NULL; } - SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), control); + sctp_free_a_readq(stcb, control); if (inp_read_lock_held == 0) SCTP_INP_READ_UNLOCK(inp); return; @@ -4530,7 +4571,7 @@ sctp_add_to_readq(struct sctp_inpcb *inp, } else { /* Everything got collapsed out?? */ sctp_free_remote_addr(control->whoFrom); - SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), control); + sctp_free_a_readq(stcb, control); if (inp_read_lock_held == 0) SCTP_INP_READ_UNLOCK(inp); return; @@ -4539,39 +4580,11 @@ sctp_add_to_readq(struct sctp_inpcb *inp, control->end_added = 1; } TAILQ_INSERT_TAIL(&inp->read_queue, control, next); + control->on_read_q = 1; if (inp_read_lock_held == 0) SCTP_INP_READ_UNLOCK(inp); if (inp && inp->sctp_socket) { - if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_ZERO_COPY_ACTIVE)) { - SCTP_ZERO_COPY_EVENT(inp, inp->sctp_socket); - } else { -#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) - struct socket *so; - - so = SCTP_INP_SO(inp); - if (!so_locked) { - if (stcb) { - atomic_add_int(&stcb->asoc.refcnt, 1); - SCTP_TCB_UNLOCK(stcb); - } - SCTP_SOCKET_LOCK(so, 1); - if (stcb) { - SCTP_TCB_LOCK(stcb); - atomic_subtract_int(&stcb->asoc.refcnt, 1); - } - if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { - SCTP_SOCKET_UNLOCK(so, 1); - return; - } - } -#endif - sctp_sorwakeup(inp, inp->sctp_socket); -#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) - if (!so_locked) { - SCTP_SOCKET_UNLOCK(so, 1); - } -#endif - } + sctp_wakeup_the_read_socket(inp); } } @@ -5552,6 +5565,10 @@ restart_nosblocks: sctp_m_free(control->aux_data); control->aux_data = NULL; } + if (control->on_strm_q) { + panic("About to free ctl:%p so:%p and its in %d", + control, so, control->on_strm_q); + } sctp_free_remote_addr(control->whoFrom); sctp_free_a_readq(stcb, control); if (hold_rlock) { @@ -5822,15 +5839,8 @@ get_more_data: /* error we are out of here */ goto release; } - if ((SCTP_BUF_NEXT(m) == NULL) && - (cp_len >= SCTP_BUF_LEN(m)) && - ((control->end_added == 0) || - (control->end_added && - (TAILQ_NEXT(control, next) == NULL))) - ) { - SCTP_INP_READ_LOCK(inp); - hold_rlock = 1; - } + SCTP_INP_READ_LOCK(inp); + hold_rlock = 1; if (cp_len == SCTP_BUF_LEN(m)) { if ((SCTP_BUF_NEXT(m) == NULL) && (control->end_added)) { @@ -5948,19 +5958,9 @@ get_more_data: #endif } done_with_control: - if (TAILQ_NEXT(control, next) == NULL) { - /* - * If we don't have a next we need a - * lock, if there is a next - * interrupt is filling ahead of us - * and we don't need a lock to - * remove this guy (which is the - * head of the queue). - */ - if (hold_rlock == 0) { - SCTP_INP_READ_LOCK(inp); - hold_rlock = 1; - } + if (hold_rlock == 0) { + SCTP_INP_READ_LOCK(inp); + hold_rlock = 1; } TAILQ_REMOVE(&inp->read_queue, control, next); /* Add back any hiddend data */ @@ -5976,6 +5976,10 @@ get_more_data: no_rcv_needed = control->do_not_ref_stcb; sctp_free_remote_addr(control->whoFrom); control->data = NULL; + if (control->on_strm_q) { + panic("About to free ctl:%p so:%p and its in %d", + control, so, control->on_strm_q); + } sctp_free_a_readq(stcb, control); control = NULL; if ((freed_so_far >= rwnd_req) && @@ -6096,7 +6100,7 @@ wait_some_more: * corrupt? */ #ifdef INVARIANTS - panic("Impossible data==NULL length !=0"); + panic("Impossible data==NULL length !=0 control:%p stcb:%p length:%d", control, stcb, control->length); #endif out_flags |= MSG_EOR; out_flags |= MSG_TRUNC; diff --git a/sys/netinet/sctputil.h b/sys/netinet/sctputil.h index 2d3279281e04..f58e17b8b527 100644 --- a/sys/netinet/sctputil.h +++ b/sys/netinet/sctputil.h @@ -107,6 +107,9 @@ int void sctp_mtu_size_reset(struct sctp_inpcb *, struct sctp_association *, uint32_t); +void + sctp_wakeup_the_read_socket(struct sctp_inpcb *inp); + void sctp_add_to_readq(struct sctp_inpcb *inp, struct sctp_tcb *stcb,