1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
10 *
11 * a) Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 *
14 * b) Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the distribution.
17 *
18 * c) Neither the name of Cisco Systems, Inc. nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
32 * THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35 #ifdef __FreeBSD__
36 #include <sys/cdefs.h>
37 __FBSDID("$FreeBSD: head/sys/netinet/sctp_timer.c 360878 2020-05-10 17:19:19Z tuexen $");
38 #endif
39
40 #define _IP_VHL
41 #include <netinet/sctp_os.h>
42 #include <netinet/sctp_pcb.h>
43 #ifdef INET6
44 #if defined(__Userspace_os_FreeBSD)
45 #include <netinet6/sctp6_var.h>
46 #endif
47 #endif
48 #include <netinet/sctp_var.h>
49 #include <netinet/sctp_sysctl.h>
50 #include <netinet/sctp_timer.h>
51 #include <netinet/sctputil.h>
52 #include <netinet/sctp_output.h>
53 #include <netinet/sctp_header.h>
54 #include <netinet/sctp_indata.h>
55 #include <netinet/sctp_asconf.h>
56 #include <netinet/sctp_input.h>
57 #include <netinet/sctp.h>
58 #include <netinet/sctp_uio.h>
59 #if defined(INET) || defined(INET6)
60 #if !defined(__Userspace_os_Windows)
61 #include <netinet/udp.h>
62 #endif
63 #endif
64
65 #if defined(__APPLE__)
66 #define APPLE_FILE_NO 6
67 #endif
68
69 void
sctp_audit_retranmission_queue(struct sctp_association * asoc)70 sctp_audit_retranmission_queue(struct sctp_association *asoc)
71 {
72 struct sctp_tmit_chunk *chk;
73
74 SCTPDBG(SCTP_DEBUG_TIMER4, "Audit invoked on send queue cnt:%d onqueue:%d\n",
75 asoc->sent_queue_retran_cnt,
76 asoc->sent_queue_cnt);
77 asoc->sent_queue_retran_cnt = 0;
78 asoc->sent_queue_cnt = 0;
79 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
80 if (chk->sent == SCTP_DATAGRAM_RESEND) {
81 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
82 }
83 asoc->sent_queue_cnt++;
84 }
85 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
86 if (chk->sent == SCTP_DATAGRAM_RESEND) {
87 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
88 }
89 }
90 TAILQ_FOREACH(chk, &asoc->asconf_send_queue, sctp_next) {
91 if (chk->sent == SCTP_DATAGRAM_RESEND) {
92 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
93 }
94 }
95 SCTPDBG(SCTP_DEBUG_TIMER4, "Audit completes retran:%d onqueue:%d\n",
96 asoc->sent_queue_retran_cnt,
97 asoc->sent_queue_cnt);
98 }
99
100 static int
sctp_threshold_management(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net,uint16_t threshold)101 sctp_threshold_management(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
102 struct sctp_nets *net, uint16_t threshold)
103 {
104 if (net) {
105 net->error_count++;
106 SCTPDBG(SCTP_DEBUG_TIMER4, "Error count for %p now %d thresh:%d\n",
107 (void *)net, net->error_count,
108 net->failure_threshold);
109 if (net->error_count > net->failure_threshold) {
110 /* We had a threshold failure */
111 if (net->dest_state & SCTP_ADDR_REACHABLE) {
112 net->dest_state &= ~SCTP_ADDR_REACHABLE;
113 net->dest_state &= ~SCTP_ADDR_REQ_PRIMARY;
114 net->dest_state &= ~SCTP_ADDR_PF;
115 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN,
116 stcb, 0,
117 (void *)net, SCTP_SO_NOT_LOCKED);
118 }
119 } else if ((net->pf_threshold < net->failure_threshold) &&
120 (net->error_count > net->pf_threshold)) {
121 if (!(net->dest_state & SCTP_ADDR_PF)) {
122 net->dest_state |= SCTP_ADDR_PF;
123 net->last_active = sctp_get_tick_count();
124 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
125 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT,
126 inp, stcb, net,
127 SCTP_FROM_SCTP_TIMER + SCTP_LOC_1);
128 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net);
129 }
130 }
131 }
132 if (stcb == NULL)
133 return (0);
134
135 if (net) {
136 if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0) {
137 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
138 sctp_misc_ints(SCTP_THRESHOLD_INCR,
139 stcb->asoc.overall_error_count,
140 (stcb->asoc.overall_error_count+1),
141 SCTP_FROM_SCTP_TIMER,
142 __LINE__);
143 }
144 stcb->asoc.overall_error_count++;
145 }
146 } else {
147 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
148 sctp_misc_ints(SCTP_THRESHOLD_INCR,
149 stcb->asoc.overall_error_count,
150 (stcb->asoc.overall_error_count+1),
151 SCTP_FROM_SCTP_TIMER,
152 __LINE__);
153 }
154 stcb->asoc.overall_error_count++;
155 }
156 SCTPDBG(SCTP_DEBUG_TIMER4, "Overall error count for %p now %d thresh:%u state:%x\n",
157 (void *)&stcb->asoc, stcb->asoc.overall_error_count,
158 (uint32_t)threshold,
159 ((net == NULL) ? (uint32_t) 0 : (uint32_t) net->dest_state));
160 /*
161 * We specifically do not do >= to give the assoc one more change
162 * before we fail it.
163 */
164 if (stcb->asoc.overall_error_count > threshold) {
165 /* Abort notification sends a ULP notify */
166 struct mbuf *op_err;
167
168 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
169 "Association error counter exceeded");
170 inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_2;
171 sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
172 return (1);
173 }
174 return (0);
175 }
176
177 /*
178 * sctp_find_alternate_net() returns a non-NULL pointer as long
179 * the argument net is non-NULL.
180 */
181 struct sctp_nets *
sctp_find_alternate_net(struct sctp_tcb * stcb,struct sctp_nets * net,int mode)182 sctp_find_alternate_net(struct sctp_tcb *stcb,
183 struct sctp_nets *net,
184 int mode)
185 {
186 /* Find and return an alternate network if possible */
187 struct sctp_nets *alt, *mnet, *min_errors_net = NULL , *max_cwnd_net = NULL;
188 int once;
189 /* JRS 5/14/07 - Initialize min_errors to an impossible value. */
190 int min_errors = -1;
191 uint32_t max_cwnd = 0;
192
193 if (stcb->asoc.numnets == 1) {
194 /* No others but net */
195 return (TAILQ_FIRST(&stcb->asoc.nets));
196 }
197 /*
198 * JRS 5/14/07 - If mode is set to 2, use the CMT PF find alternate net algorithm.
199 * This algorithm chooses the active destination (not in PF state) with the largest
200 * cwnd value. If all destinations are in PF state, unreachable, or unconfirmed, choose
201 * the desination that is in PF state with the lowest error count. In case of a tie,
202 * choose the destination that was most recently active.
203 */
204 if (mode == 2) {
205 TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
206 /* JRS 5/14/07 - If the destination is unreachable or unconfirmed, skip it. */
207 if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
208 (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
209 continue;
210 }
211 /*
212 * JRS 5/14/07 - If the destination is reachable but in PF state, compare
213 * the error count of the destination to the minimum error count seen thus far.
214 * Store the destination with the lower error count. If the error counts are
215 * equal, store the destination that was most recently active.
216 */
217 if (mnet->dest_state & SCTP_ADDR_PF) {
218 /*
219 * JRS 5/14/07 - If the destination under consideration is the current
220 * destination, work as if the error count is one higher. The
221 * actual error count will not be incremented until later in the
222 * t3 handler.
223 */
224 if (mnet == net) {
225 if (min_errors == -1) {
226 min_errors = mnet->error_count + 1;
227 min_errors_net = mnet;
228 } else if (mnet->error_count + 1 < min_errors) {
229 min_errors = mnet->error_count + 1;
230 min_errors_net = mnet;
231 } else if (mnet->error_count + 1 == min_errors
232 && mnet->last_active > min_errors_net->last_active) {
233 min_errors_net = mnet;
234 min_errors = mnet->error_count + 1;
235 }
236 continue;
237 } else {
238 if (min_errors == -1) {
239 min_errors = mnet->error_count;
240 min_errors_net = mnet;
241 } else if (mnet->error_count < min_errors) {
242 min_errors = mnet->error_count;
243 min_errors_net = mnet;
244 } else if (mnet->error_count == min_errors
245 && mnet->last_active > min_errors_net->last_active) {
246 min_errors_net = mnet;
247 min_errors = mnet->error_count;
248 }
249 continue;
250 }
251 }
252 /*
253 * JRS 5/14/07 - If the destination is reachable and not in PF state, compare the
254 * cwnd of the destination to the highest cwnd seen thus far. Store the
255 * destination with the higher cwnd value. If the cwnd values are equal,
256 * randomly choose one of the two destinations.
257 */
258 if (max_cwnd < mnet->cwnd) {
259 max_cwnd_net = mnet;
260 max_cwnd = mnet->cwnd;
261 } else if (max_cwnd == mnet->cwnd) {
262 uint32_t rndval;
263 uint8_t this_random;
264
265 if (stcb->asoc.hb_random_idx > 3) {
266 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
267 memcpy(stcb->asoc.hb_random_values, &rndval, sizeof(stcb->asoc.hb_random_values));
268 this_random = stcb->asoc.hb_random_values[0];
269 stcb->asoc.hb_random_idx++;
270 stcb->asoc.hb_ect_randombit = 0;
271 } else {
272 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
273 stcb->asoc.hb_random_idx++;
274 stcb->asoc.hb_ect_randombit = 0;
275 }
276 if (this_random % 2 == 1) {
277 max_cwnd_net = mnet;
278 max_cwnd = mnet->cwnd; /* Useless? */
279 }
280 }
281 }
282 if (max_cwnd_net == NULL) {
283 if (min_errors_net == NULL) {
284 return (net);
285 }
286 return (min_errors_net);
287 } else {
288 return (max_cwnd_net);
289 }
290 } /* JRS 5/14/07 - If mode is set to 1, use the CMT policy for choosing an alternate net. */
291 else if (mode == 1) {
292 TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
293 if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
294 (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
295 /*
296 * will skip ones that are not-reachable or
297 * unconfirmed
298 */
299 continue;
300 }
301 if (max_cwnd < mnet->cwnd) {
302 max_cwnd_net = mnet;
303 max_cwnd = mnet->cwnd;
304 } else if (max_cwnd == mnet->cwnd) {
305 uint32_t rndval;
306 uint8_t this_random;
307
308 if (stcb->asoc.hb_random_idx > 3) {
309 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
310 memcpy(stcb->asoc.hb_random_values, &rndval,
311 sizeof(stcb->asoc.hb_random_values));
312 this_random = stcb->asoc.hb_random_values[0];
313 stcb->asoc.hb_random_idx = 0;
314 stcb->asoc.hb_ect_randombit = 0;
315 } else {
316 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
317 stcb->asoc.hb_random_idx++;
318 stcb->asoc.hb_ect_randombit = 0;
319 }
320 if (this_random % 2) {
321 max_cwnd_net = mnet;
322 max_cwnd = mnet->cwnd;
323 }
324 }
325 }
326 if (max_cwnd_net) {
327 return (max_cwnd_net);
328 }
329 }
330 mnet = net;
331 once = 0;
332
333 if (mnet == NULL) {
334 mnet = TAILQ_FIRST(&stcb->asoc.nets);
335 if (mnet == NULL) {
336 return (NULL);
337 }
338 }
339 for (;;) {
340 alt = TAILQ_NEXT(mnet, sctp_next);
341 if (alt == NULL) {
342 once++;
343 if (once > 1) {
344 break;
345 }
346 alt = TAILQ_FIRST(&stcb->asoc.nets);
347 if (alt == NULL) {
348 return (NULL);
349 }
350 }
351 #if defined(__FreeBSD__)
352 if (alt->ro.ro_nh == NULL) {
353 #else
354 if (alt->ro.ro_rt == NULL) {
355 #endif
356 if (alt->ro._s_addr) {
357 sctp_free_ifa(alt->ro._s_addr);
358 alt->ro._s_addr = NULL;
359 }
360 alt->src_addr_selected = 0;
361 }
362 if (((alt->dest_state & SCTP_ADDR_REACHABLE) == SCTP_ADDR_REACHABLE) &&
363 #if defined(__FreeBSD__)
364 (alt->ro.ro_nh != NULL) &&
365 #else
366 (alt->ro.ro_rt != NULL) &&
367 #endif
368 (!(alt->dest_state & SCTP_ADDR_UNCONFIRMED))) {
369 /* Found a reachable address */
370 break;
371 }
372 mnet = alt;
373 }
374
375 if (alt == NULL) {
376 /* Case where NO insv network exists (dormant state) */
377 /* we rotate destinations */
378 once = 0;
379 mnet = net;
380 for (;;) {
381 if (mnet == NULL) {
382 return (TAILQ_FIRST(&stcb->asoc.nets));
383 }
384 alt = TAILQ_NEXT(mnet, sctp_next);
385 if (alt == NULL) {
386 once++;
387 if (once > 1) {
388 break;
389 }
390 alt = TAILQ_FIRST(&stcb->asoc.nets);
391 if (alt == NULL) {
392 break;
393 }
394 }
395 if ((!(alt->dest_state & SCTP_ADDR_UNCONFIRMED)) &&
396 (alt != net)) {
397 /* Found an alternate address */
398 break;
399 }
400 mnet = alt;
401 }
402 }
403 if (alt == NULL) {
404 return (net);
405 }
406 return (alt);
407 }
408
409 static void
410 sctp_backoff_on_timeout(struct sctp_tcb *stcb,
411 struct sctp_nets *net,
412 int win_probe,
413 int num_marked, int num_abandoned)
414 {
415 if (net->RTO == 0) {
416 if (net->RTO_measured) {
417 net->RTO = stcb->asoc.minrto;
418 } else {
419 net->RTO = stcb->asoc.initial_rto;
420 }
421 }
422 net->RTO <<= 1;
423 if (net->RTO > stcb->asoc.maxrto) {
424 net->RTO = stcb->asoc.maxrto;
425 }
426 if ((win_probe == 0) && (num_marked || num_abandoned)) {
427 /* We don't apply penalty to window probe scenarios */
428 /* JRS - Use the congestion control given in the CC module */
429 stcb->asoc.cc_functions.sctp_cwnd_update_after_timeout(stcb, net);
430 }
431 }
432
433 #ifndef INVARIANTS
434 static void
435 sctp_recover_sent_list(struct sctp_tcb *stcb)
436 {
437 struct sctp_tmit_chunk *chk, *nchk;
438 struct sctp_association *asoc;
439
440 asoc = &stcb->asoc;
441 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) {
442 if (SCTP_TSN_GE(asoc->last_acked_seq, chk->rec.data.tsn)) {
443 SCTP_PRINTF("Found chk:%p tsn:%x <= last_acked_seq:%x\n",
444 (void *)chk, chk->rec.data.tsn, asoc->last_acked_seq);
445 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) {
446 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) {
447 asoc->strmout[chk->rec.data.sid].chunks_on_queues--;
448 }
449 }
450 if ((asoc->strmout[chk->rec.data.sid].chunks_on_queues == 0) &&
451 (asoc->strmout[chk->rec.data.sid].state == SCTP_STREAM_RESET_PENDING) &&
452 TAILQ_EMPTY(&asoc->strmout[chk->rec.data.sid].outqueue)) {
453 asoc->trigger_reset = 1;
454 }
455 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
456 if (PR_SCTP_ENABLED(chk->flags)) {
457 if (asoc->pr_sctp_cnt != 0)
458 asoc->pr_sctp_cnt--;
459 }
460 if (chk->data) {
461 /*sa_ignore NO_NULL_CHK*/
462 sctp_free_bufspace(stcb, asoc, chk, 1);
463 sctp_m_freem(chk->data);
464 chk->data = NULL;
465 if (asoc->prsctp_supported && PR_SCTP_BUF_ENABLED(chk->flags)) {
466 asoc->sent_queue_cnt_removeable--;
467 }
468 }
469 asoc->sent_queue_cnt--;
470 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
471 }
472 }
473 SCTP_PRINTF("after recover order is as follows\n");
474 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
475 SCTP_PRINTF("chk:%p TSN:%x\n", (void *)chk, chk->rec.data.tsn);
476 }
477 }
478 #endif
479
480 static int
481 sctp_mark_all_for_resend(struct sctp_tcb *stcb,
482 struct sctp_nets *net,
483 struct sctp_nets *alt,
484 int window_probe,
485 int *num_marked,
486 int *num_abandoned)
487 {
488
489 /*
490 * Mark all chunks (well not all) that were sent to *net for
491 * retransmission. Move them to alt for there destination as well...
492 * We only mark chunks that have been outstanding long enough to
493 * have received feed-back.
494 */
495 struct sctp_tmit_chunk *chk, *nchk;
496 struct sctp_nets *lnets;
497 struct timeval now, min_wait, tv;
498 int cur_rto;
499 int cnt_abandoned;
500 int audit_tf, num_mk, fir;
501 unsigned int cnt_mk;
502 uint32_t orig_flight, orig_tf;
503 uint32_t tsnlast, tsnfirst;
504 int recovery_cnt = 0;
505
506
507 /* none in flight now */
508 audit_tf = 0;
509 fir = 0;
510 /*
511 * figure out how long a data chunk must be pending before we can
512 * mark it ..
513 */
514 (void)SCTP_GETTIME_TIMEVAL(&now);
515 /* get cur rto in micro-seconds */
516 cur_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
517 cur_rto *= 1000;
518 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
519 sctp_log_fr(cur_rto,
520 stcb->asoc.peers_rwnd,
521 window_probe,
522 SCTP_FR_T3_MARK_TIME);
523 sctp_log_fr(net->flight_size, 0, 0, SCTP_FR_CWND_REPORT);
524 sctp_log_fr(net->flight_size, net->cwnd, stcb->asoc.total_flight, SCTP_FR_CWND_REPORT);
525 }
526 tv.tv_sec = cur_rto / 1000000;
527 tv.tv_usec = cur_rto % 1000000;
528 #ifndef __FreeBSD__
529 timersub(&now, &tv, &min_wait);
530 #else
531 min_wait = now;
532 timevalsub(&min_wait, &tv);
533 #endif
534 if (min_wait.tv_sec < 0 || min_wait.tv_usec < 0) {
535 /*
536 * if we hit here, we don't have enough seconds on the clock
537 * to account for the RTO. We just let the lower seconds be
538 * the bounds and don't worry about it. This may mean we
539 * will mark a lot more than we should.
540 */
541 min_wait.tv_sec = min_wait.tv_usec = 0;
542 }
543 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
544 sctp_log_fr(cur_rto, now.tv_sec, now.tv_usec, SCTP_FR_T3_MARK_TIME);
545 sctp_log_fr(0, min_wait.tv_sec, min_wait.tv_usec, SCTP_FR_T3_MARK_TIME);
546 }
547 /*
548 * Our rwnd will be incorrect here since we are not adding back the
549 * cnt * mbuf but we will fix that down below.
550 */
551 orig_flight = net->flight_size;
552 orig_tf = stcb->asoc.total_flight;
553
554 net->fast_retran_ip = 0;
555 /* Now on to each chunk */
556 cnt_abandoned = 0;
557 num_mk = cnt_mk = 0;
558 tsnfirst = tsnlast = 0;
559 #ifndef INVARIANTS
560 start_again:
561 #endif
562 TAILQ_FOREACH_SAFE(chk, &stcb->asoc.sent_queue, sctp_next, nchk) {
563 if (SCTP_TSN_GE(stcb->asoc.last_acked_seq, chk->rec.data.tsn)) {
564 /* Strange case our list got out of order? */
565 SCTP_PRINTF("Our list is out of order? last_acked:%x chk:%x\n",
566 (unsigned int)stcb->asoc.last_acked_seq, (unsigned int)chk->rec.data.tsn);
567 recovery_cnt++;
568 #ifdef INVARIANTS
569 panic("last acked >= chk on sent-Q");
570 #else
571 SCTP_PRINTF("Recover attempts a restart cnt:%d\n", recovery_cnt);
572 sctp_recover_sent_list(stcb);
573 if (recovery_cnt < 10) {
574 goto start_again;
575 } else {
576 SCTP_PRINTF("Recovery fails %d times??\n", recovery_cnt);
577 }
578 #endif
579 }
580 if ((chk->whoTo == net) && (chk->sent < SCTP_DATAGRAM_ACKED)) {
581 /*
582 * found one to mark: If it is less than
583 * DATAGRAM_ACKED it MUST not be a skipped or marked
584 * TSN but instead one that is either already set
585 * for retransmission OR one that needs
586 * retransmission.
587 */
588
589 /* validate its been outstanding long enough */
590 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
591 sctp_log_fr(chk->rec.data.tsn,
592 chk->sent_rcv_time.tv_sec,
593 chk->sent_rcv_time.tv_usec,
594 SCTP_FR_T3_MARK_TIME);
595 }
596 if ((chk->sent_rcv_time.tv_sec > min_wait.tv_sec) && (window_probe == 0)) {
597 /*
598 * we have reached a chunk that was sent
599 * some seconds past our min.. forget it we
600 * will find no more to send.
601 */
602 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
603 sctp_log_fr(0,
604 chk->sent_rcv_time.tv_sec,
605 chk->sent_rcv_time.tv_usec,
606 SCTP_FR_T3_STOPPED);
607 }
608 continue;
609 } else if ((chk->sent_rcv_time.tv_sec == min_wait.tv_sec) &&
610 (window_probe == 0)) {
611 /*
612 * we must look at the micro seconds to
613 * know.
614 */
615 if (chk->sent_rcv_time.tv_usec >= min_wait.tv_usec) {
616 /*
617 * ok it was sent after our boundary
618 * time.
619 */
620 continue;
621 }
622 }
623 if (stcb->asoc.prsctp_supported && PR_SCTP_TTL_ENABLED(chk->flags)) {
624 /* Is it expired? */
625 #ifndef __FreeBSD__
626 if (timercmp(&now, &chk->rec.data.timetodrop, >)) {
627 #else
628 if (timevalcmp(&now, &chk->rec.data.timetodrop, >)) {
629 #endif
630 /* Yes so drop it */
631 if (chk->data) {
632 (void)sctp_release_pr_sctp_chunk(stcb,
633 chk,
634 1,
635 SCTP_SO_NOT_LOCKED);
636 cnt_abandoned++;
637 }
638 continue;
639 }
640 }
641 if (stcb->asoc.prsctp_supported && PR_SCTP_RTX_ENABLED(chk->flags)) {
642 /* Has it been retransmitted tv_sec times? */
643 if (chk->snd_count > chk->rec.data.timetodrop.tv_sec) {
644 if (chk->data) {
645 (void)sctp_release_pr_sctp_chunk(stcb,
646 chk,
647 1,
648 SCTP_SO_NOT_LOCKED);
649 cnt_abandoned++;
650 }
651 continue;
652 }
653 }
654 if (chk->sent < SCTP_DATAGRAM_RESEND) {
655 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
656 num_mk++;
657 if (fir == 0) {
658 fir = 1;
659 tsnfirst = chk->rec.data.tsn;
660 }
661 tsnlast = chk->rec.data.tsn;
662 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
663 sctp_log_fr(chk->rec.data.tsn, chk->snd_count,
664 0, SCTP_FR_T3_MARKED);
665 }
666
667 if (chk->rec.data.chunk_was_revoked) {
668 /* deflate the cwnd */
669 chk->whoTo->cwnd -= chk->book_size;
670 chk->rec.data.chunk_was_revoked = 0;
671 }
672 net->marked_retrans++;
673 stcb->asoc.marked_retrans++;
674 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
675 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_RSND_TO,
676 chk->whoTo->flight_size,
677 chk->book_size,
678 (uint32_t)(uintptr_t)chk->whoTo,
679 chk->rec.data.tsn);
680 }
681 sctp_flight_size_decrease(chk);
682 sctp_total_flight_decrease(stcb, chk);
683 stcb->asoc.peers_rwnd += chk->send_size;
684 stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh);
685 }
686 chk->sent = SCTP_DATAGRAM_RESEND;
687 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
688 SCTP_STAT_INCR(sctps_markedretrans);
689
690 /* reset the TSN for striking and other FR stuff */
691 chk->rec.data.doing_fast_retransmit = 0;
692 /* Clear any time so NO RTT is being done */
693
694 if (chk->do_rtt) {
695 if (chk->whoTo->rto_needed == 0) {
696 chk->whoTo->rto_needed = 1;
697 }
698 }
699 chk->do_rtt = 0;
700 if (alt != net) {
701 sctp_free_remote_addr(chk->whoTo);
702 chk->no_fr_allowed = 1;
703 chk->whoTo = alt;
704 atomic_add_int(&alt->ref_count, 1);
705 } else {
706 chk->no_fr_allowed = 0;
707 if (TAILQ_EMPTY(&stcb->asoc.send_queue)) {
708 chk->rec.data.fast_retran_tsn = stcb->asoc.sending_seq;
709 } else {
710 chk->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.tsn;
711 }
712 }
713 /* CMT: Do not allow FRs on retransmitted TSNs.
714 */
715 if (stcb->asoc.sctp_cmt_on_off > 0) {
716 chk->no_fr_allowed = 1;
717 }
718 #ifdef THIS_SHOULD_NOT_BE_DONE
719 } else if (chk->sent == SCTP_DATAGRAM_ACKED) {
720 /* remember highest acked one */
721 could_be_sent = chk;
722 #endif
723 }
724 if (chk->sent == SCTP_DATAGRAM_RESEND) {
725 cnt_mk++;
726 }
727 }
728 if ((orig_flight - net->flight_size) != (orig_tf - stcb->asoc.total_flight)) {
729 /* we did not subtract the same things? */
730 audit_tf = 1;
731 }
732
733 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
734 sctp_log_fr(tsnfirst, tsnlast, num_mk, SCTP_FR_T3_TIMEOUT);
735 }
736 #ifdef SCTP_DEBUG
737 if (num_mk) {
738 SCTPDBG(SCTP_DEBUG_TIMER1, "LAST TSN marked was %x\n",
739 tsnlast);
740 SCTPDBG(SCTP_DEBUG_TIMER1, "Num marked for retransmission was %d peer-rwd:%u\n",
741 num_mk,
742 stcb->asoc.peers_rwnd);
743 }
744 #endif
745 *num_marked = num_mk;
746 *num_abandoned = cnt_abandoned;
747 /* Now check for a ECN Echo that may be stranded And
748 * include the cnt_mk'd to have all resends in the
749 * control queue.
750 */
751 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
752 if (chk->sent == SCTP_DATAGRAM_RESEND) {
753 cnt_mk++;
754 }
755 if ((chk->whoTo == net) &&
756 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
757 sctp_free_remote_addr(chk->whoTo);
758 chk->whoTo = alt;
759 if (chk->sent != SCTP_DATAGRAM_RESEND) {
760 chk->sent = SCTP_DATAGRAM_RESEND;
761 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
762 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
763 cnt_mk++;
764 }
765 atomic_add_int(&alt->ref_count, 1);
766 }
767 }
768 #ifdef THIS_SHOULD_NOT_BE_DONE
769 if ((stcb->asoc.sent_queue_retran_cnt == 0) && (could_be_sent)) {
770 /* fix it so we retransmit the highest acked anyway */
771 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
772 cnt_mk++;
773 could_be_sent->sent = SCTP_DATAGRAM_RESEND;
774 }
775 #endif
776 if (stcb->asoc.sent_queue_retran_cnt != cnt_mk) {
777 #ifdef INVARIANTS
778 SCTP_PRINTF("Local Audit says there are %d for retran asoc cnt:%d we marked:%d this time\n",
779 cnt_mk, stcb->asoc.sent_queue_retran_cnt, num_mk);
780 #endif
781 #ifndef SCTP_AUDITING_ENABLED
782 stcb->asoc.sent_queue_retran_cnt = cnt_mk;
783 #endif
784 }
785 if (audit_tf) {
786 SCTPDBG(SCTP_DEBUG_TIMER4,
787 "Audit total flight due to negative value net:%p\n",
788 (void *)net);
789 stcb->asoc.total_flight = 0;
790 stcb->asoc.total_flight_count = 0;
791 /* Clear all networks flight size */
792 TAILQ_FOREACH(lnets, &stcb->asoc.nets, sctp_next) {
793 lnets->flight_size = 0;
794 SCTPDBG(SCTP_DEBUG_TIMER4,
795 "Net:%p c-f cwnd:%d ssthresh:%d\n",
796 (void *)lnets, lnets->cwnd, lnets->ssthresh);
797 }
798 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
799 if (chk->sent < SCTP_DATAGRAM_RESEND) {
800 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
801 sctp_misc_ints(SCTP_FLIGHT_LOG_UP,
802 chk->whoTo->flight_size,
803 chk->book_size,
804 (uint32_t)(uintptr_t)chk->whoTo,
805 chk->rec.data.tsn);
806 }
807
808 sctp_flight_size_increase(chk);
809 sctp_total_flight_increase(stcb, chk);
810 }
811 }
812 }
813 /* We return 1 if we only have a window probe outstanding */
814 return (0);
815 }
816
817
818 int
819 sctp_t3rxt_timer(struct sctp_inpcb *inp,
820 struct sctp_tcb *stcb,
821 struct sctp_nets *net)
822 {
823 struct sctp_nets *alt;
824 int win_probe, num_mk, num_abandoned;
825
826 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
827 sctp_log_fr(0, 0, 0, SCTP_FR_T3_TIMEOUT);
828 }
829 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
830 struct sctp_nets *lnet;
831
832 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) {
833 if (net == lnet) {
834 sctp_log_cwnd(stcb, lnet, 1, SCTP_CWND_LOG_FROM_T3);
835 } else {
836 sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_LOG_FROM_T3);
837 }
838 }
839 }
840 /* Find an alternate and mark those for retransmission */
841 if ((stcb->asoc.peers_rwnd == 0) &&
842 (stcb->asoc.total_flight < net->mtu)) {
843 SCTP_STAT_INCR(sctps_timowindowprobe);
844 win_probe = 1;
845 } else {
846 win_probe = 0;
847 }
848
849 if (win_probe == 0) {
850 /* We don't do normal threshold management on window probes */
851 if (sctp_threshold_management(inp, stcb, net,
852 stcb->asoc.max_send_times)) {
853 /* Association was destroyed */
854 return (1);
855 } else {
856 if (net != stcb->asoc.primary_destination) {
857 /* send a immediate HB if our RTO is stale */
858 struct timeval now;
859 unsigned int ms_goneby;
860
861 (void)SCTP_GETTIME_TIMEVAL(&now);
862 if (net->last_sent_time.tv_sec) {
863 ms_goneby = (now.tv_sec - net->last_sent_time.tv_sec) * 1000;
864 } else {
865 ms_goneby = 0;
866 }
867 if ((net->dest_state & SCTP_ADDR_PF) == 0) {
868 if ((ms_goneby > net->RTO) || (net->RTO == 0)) {
869 /*
870 * no recent feed back in an RTO or
871 * more, request a RTT update
872 */
873 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
874 }
875 }
876 }
877 }
878 } else {
879 /*
880 * For a window probe we don't penalize the net's but only
881 * the association. This may fail it if SACKs are not coming
882 * back. If sack's are coming with rwnd locked at 0, we will
883 * continue to hold things waiting for rwnd to raise
884 */
885 if (sctp_threshold_management(inp, stcb, NULL,
886 stcb->asoc.max_send_times)) {
887 /* Association was destroyed */
888 return (1);
889 }
890 }
891 if (stcb->asoc.sctp_cmt_on_off > 0) {
892 if (net->pf_threshold < net->failure_threshold) {
893 alt = sctp_find_alternate_net(stcb, net, 2);
894 } else {
895 /*
896 * CMT: Using RTX_SSTHRESH policy for CMT.
897 * If CMT is being used, then pick dest with
898 * largest ssthresh for any retransmission.
899 */
900 alt = sctp_find_alternate_net(stcb, net, 1);
901 /*
902 * CUCv2: If a different dest is picked for
903 * the retransmission, then new
904 * (rtx-)pseudo_cumack needs to be tracked
905 * for orig dest. Let CUCv2 track new (rtx-)
906 * pseudo-cumack always.
907 */
908 net->find_pseudo_cumack = 1;
909 net->find_rtx_pseudo_cumack = 1;
910 }
911 } else {
912 alt = sctp_find_alternate_net(stcb, net, 0);
913 }
914
915 num_mk = 0;
916 num_abandoned = 0;
917 (void)sctp_mark_all_for_resend(stcb, net, alt, win_probe,
918 &num_mk, &num_abandoned);
919 /* FR Loss recovery just ended with the T3. */
920 stcb->asoc.fast_retran_loss_recovery = 0;
921
922 /* CMT FR loss recovery ended with the T3 */
923 net->fast_retran_loss_recovery = 0;
924 if ((stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) &&
925 (net->flight_size == 0)) {
926 (*stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins)(stcb, net);
927 }
928
929 /*
930 * setup the sat loss recovery that prevents satellite cwnd advance.
931 */
932 stcb->asoc.sat_t3_loss_recovery = 1;
933 stcb->asoc.sat_t3_recovery_tsn = stcb->asoc.sending_seq;
934
935 /* Backoff the timer and cwnd */
936 sctp_backoff_on_timeout(stcb, net, win_probe, num_mk, num_abandoned);
937 if ((!(net->dest_state & SCTP_ADDR_REACHABLE)) ||
938 (net->dest_state & SCTP_ADDR_PF)) {
939 /* Move all pending over too */
940 sctp_move_chunks_from_net(stcb, net);
941
942 /* Get the address that failed, to
943 * force a new src address selecton and
944 * a route allocation.
945 */
946 if (net->ro._s_addr) {
947 sctp_free_ifa(net->ro._s_addr);
948 net->ro._s_addr = NULL;
949 }
950 net->src_addr_selected = 0;
951
952 /* Force a route allocation too */
953 #if defined(__FreeBSD__)
954 RO_NHFREE(&net->ro);
955 #else
956 if (net->ro.ro_rt) {
957 RTFREE(net->ro.ro_rt);
958 net->ro.ro_rt = NULL;
959 }
960 #endif
961
962 /* Was it our primary? */
963 if ((stcb->asoc.primary_destination == net) && (alt != net)) {
964 /*
965 * Yes, note it as such and find an alternate note:
966 * this means HB code must use this to resent the
967 * primary if it goes active AND if someone does a
968 * change-primary then this flag must be cleared
969 * from any net structures.
970 */
971 if (stcb->asoc.alternate) {
972 sctp_free_remote_addr(stcb->asoc.alternate);
973 }
974 stcb->asoc.alternate = alt;
975 atomic_add_int(&stcb->asoc.alternate->ref_count, 1);
976 }
977 }
978 /*
979 * Special case for cookie-echo'ed case, we don't do output but must
980 * await the COOKIE-ACK before retransmission
981 */
982 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) {
983 /*
984 * Here we just reset the timer and start again since we
985 * have not established the asoc
986 */
987 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net);
988 return (0);
989 }
990 if (stcb->asoc.prsctp_supported) {
991 struct sctp_tmit_chunk *lchk;
992
993 lchk = sctp_try_advance_peer_ack_point(stcb, &stcb->asoc);
994 /* C3. See if we need to send a Fwd-TSN */
995 if (SCTP_TSN_GT(stcb->asoc.advanced_peer_ack_point, stcb->asoc.last_acked_seq)) {
996 send_forward_tsn(stcb, &stcb->asoc);
997 for (; lchk != NULL; lchk = TAILQ_NEXT(lchk, sctp_next)) {
998 if (lchk->whoTo != NULL) {
999 break;
1000 }
1001 }
1002 if (lchk != NULL) {
1003 /* Assure a timer is up */
1004 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, lchk->whoTo);
1005 }
1006 }
1007 }
1008 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_MONITOR_ENABLE) {
1009 sctp_log_cwnd(stcb, net, net->cwnd, SCTP_CWND_LOG_FROM_RTX);
1010 }
1011 return (0);
1012 }
1013
1014 int
1015 sctp_t1init_timer(struct sctp_inpcb *inp,
1016 struct sctp_tcb *stcb,
1017 struct sctp_nets *net)
1018 {
1019 /* bump the thresholds */
1020 if (stcb->asoc.delayed_connection) {
1021 /*
1022 * special hook for delayed connection. The library did NOT
1023 * complete the rest of its sends.
1024 */
1025 stcb->asoc.delayed_connection = 0;
1026 sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
1027 return (0);
1028 }
1029 if (SCTP_GET_STATE(stcb) != SCTP_STATE_COOKIE_WAIT) {
1030 return (0);
1031 }
1032 if (sctp_threshold_management(inp, stcb, net,
1033 stcb->asoc.max_init_times)) {
1034 /* Association was destroyed */
1035 return (1);
1036 }
1037 stcb->asoc.dropped_special_cnt = 0;
1038 sctp_backoff_on_timeout(stcb, stcb->asoc.primary_destination, 1, 0, 0);
1039 if (stcb->asoc.initial_init_rto_max < net->RTO) {
1040 net->RTO = stcb->asoc.initial_init_rto_max;
1041 }
1042 if (stcb->asoc.numnets > 1) {
1043 /* If we have more than one addr use it */
1044 struct sctp_nets *alt;
1045
1046 alt = sctp_find_alternate_net(stcb, stcb->asoc.primary_destination, 0);
1047 if (alt != stcb->asoc.primary_destination) {
1048 sctp_move_chunks_from_net(stcb, stcb->asoc.primary_destination);
1049 stcb->asoc.primary_destination = alt;
1050 }
1051 }
1052 /* Send out a new init */
1053 sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
1054 return (0);
1055 }
1056
1057 /*
1058 * For cookie and asconf we actually need to find and mark for resend, then
1059 * increment the resend counter (after all the threshold management stuff of
1060 * course).
1061 */
1062 int
1063 sctp_cookie_timer(struct sctp_inpcb *inp,
1064 struct sctp_tcb *stcb,
1065 struct sctp_nets *net SCTP_UNUSED)
1066 {
1067 struct sctp_nets *alt;
1068 struct sctp_tmit_chunk *cookie;
1069
1070 /* first before all else we must find the cookie */
1071 TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue, sctp_next) {
1072 if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
1073 break;
1074 }
1075 }
1076 if (cookie == NULL) {
1077 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) {
1078 /* FOOBAR! */
1079 struct mbuf *op_err;
1080
1081 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
1082 "Cookie timer expired, but no cookie");
1083 inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_3;
1084 sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
1085 } else {
1086 #ifdef INVARIANTS
1087 panic("Cookie timer expires in wrong state?");
1088 #else
1089 SCTP_PRINTF("Strange in state %d not cookie-echoed yet c-e timer expires?\n", SCTP_GET_STATE(stcb));
1090 return (0);
1091 #endif
1092 }
1093 return (0);
1094 }
1095 /* Ok we found the cookie, threshold management next */
1096 if (sctp_threshold_management(inp, stcb, cookie->whoTo,
1097 stcb->asoc.max_init_times)) {
1098 /* Assoc is over */
1099 return (1);
1100 }
1101 /*
1102 * Cleared threshold management, now lets backoff the address
1103 * and select an alternate
1104 */
1105 stcb->asoc.dropped_special_cnt = 0;
1106 sctp_backoff_on_timeout(stcb, cookie->whoTo, 1, 0, 0);
1107 alt = sctp_find_alternate_net(stcb, cookie->whoTo, 0);
1108 if (alt != cookie->whoTo) {
1109 sctp_free_remote_addr(cookie->whoTo);
1110 cookie->whoTo = alt;
1111 atomic_add_int(&alt->ref_count, 1);
1112 }
1113 /* Now mark the retran info */
1114 if (cookie->sent != SCTP_DATAGRAM_RESEND) {
1115 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1116 }
1117 cookie->sent = SCTP_DATAGRAM_RESEND;
1118 cookie->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1119 /*
1120 * Now call the output routine to kick out the cookie again, Note we
1121 * don't mark any chunks for retran so that FR will need to kick in
1122 * to move these (or a send timer).
1123 */
1124 return (0);
1125 }
1126
1127 int
1128 sctp_strreset_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1129 {
1130 struct sctp_nets *alt, *net;
1131 struct sctp_tmit_chunk *strrst = NULL, *chk = NULL;
1132
1133 if (stcb->asoc.stream_reset_outstanding == 0) {
1134 return (0);
1135 }
1136 /* find the existing STRRESET, we use the seq number we sent out on */
1137 (void)sctp_find_stream_reset(stcb, stcb->asoc.str_reset_seq_out, &strrst);
1138 if (strrst == NULL) {
1139 return (0);
1140 }
1141 net = strrst->whoTo;
1142 /* do threshold management */
1143 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1144 /* Assoc is over */
1145 return (1);
1146 }
1147 /*
1148 * Cleared threshold management, now lets backoff the address
1149 * and select an alternate
1150 */
1151 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1152 alt = sctp_find_alternate_net(stcb, net, 0);
1153 strrst->whoTo = alt;
1154 atomic_add_int(&alt->ref_count, 1);
1155
1156 /* See if a ECN Echo is also stranded */
1157 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1158 if ((chk->whoTo == net) &&
1159 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1160 sctp_free_remote_addr(chk->whoTo);
1161 if (chk->sent != SCTP_DATAGRAM_RESEND) {
1162 chk->sent = SCTP_DATAGRAM_RESEND;
1163 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1164 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1165 }
1166 chk->whoTo = alt;
1167 atomic_add_int(&alt->ref_count, 1);
1168 }
1169 }
1170 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
1171 /*
1172 * If the address went un-reachable, we need to move to
1173 * alternates for ALL chk's in queue
1174 */
1175 sctp_move_chunks_from_net(stcb, net);
1176 }
1177 sctp_free_remote_addr(net);
1178
1179 /* mark the retran info */
1180 if (strrst->sent != SCTP_DATAGRAM_RESEND)
1181 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1182 strrst->sent = SCTP_DATAGRAM_RESEND;
1183 strrst->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1184
1185 /* restart the timer */
1186 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, inp, stcb, alt);
1187 return (0);
1188 }
1189
1190 int
1191 sctp_asconf_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1192 struct sctp_nets *net)
1193 {
1194 struct sctp_nets *alt;
1195 struct sctp_tmit_chunk *asconf, *chk;
1196
1197 /* is this a first send, or a retransmission? */
1198 if (TAILQ_EMPTY(&stcb->asoc.asconf_send_queue)) {
1199 /* compose a new ASCONF chunk and send it */
1200 sctp_send_asconf(stcb, net, SCTP_ADDR_NOT_LOCKED);
1201 } else {
1202 /*
1203 * Retransmission of the existing ASCONF is needed
1204 */
1205
1206 /* find the existing ASCONF */
1207 asconf = TAILQ_FIRST(&stcb->asoc.asconf_send_queue);
1208 if (asconf == NULL) {
1209 return (0);
1210 }
1211 net = asconf->whoTo;
1212 /* do threshold management */
1213 if (sctp_threshold_management(inp, stcb, net,
1214 stcb->asoc.max_send_times)) {
1215 /* Assoc is over */
1216 return (1);
1217 }
1218 if (asconf->snd_count > stcb->asoc.max_send_times) {
1219 /*
1220 * Something is rotten: our peer is not responding to
1221 * ASCONFs but apparently is to other chunks. i.e. it
1222 * is not properly handling the chunk type upper bits.
1223 * Mark this peer as ASCONF incapable and cleanup.
1224 */
1225 SCTPDBG(SCTP_DEBUG_TIMER1, "asconf_timer: Peer has not responded to our repeated ASCONFs\n");
1226 sctp_asconf_cleanup(stcb);
1227 return (0);
1228 }
1229 /*
1230 * cleared threshold management, so now backoff the net and
1231 * select an alternate
1232 */
1233 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1234 alt = sctp_find_alternate_net(stcb, net, 0);
1235 if (asconf->whoTo != alt) {
1236 asconf->whoTo = alt;
1237 atomic_add_int(&alt->ref_count, 1);
1238 }
1239
1240 /* See if an ECN Echo is also stranded */
1241 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1242 if ((chk->whoTo == net) &&
1243 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1244 sctp_free_remote_addr(chk->whoTo);
1245 chk->whoTo = alt;
1246 if (chk->sent != SCTP_DATAGRAM_RESEND) {
1247 chk->sent = SCTP_DATAGRAM_RESEND;
1248 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1249 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1250 }
1251 atomic_add_int(&alt->ref_count, 1);
1252 }
1253 }
1254 TAILQ_FOREACH(chk, &stcb->asoc.asconf_send_queue, sctp_next) {
1255 if (chk->whoTo != alt) {
1256 sctp_free_remote_addr(chk->whoTo);
1257 chk->whoTo = alt;
1258 atomic_add_int(&alt->ref_count, 1);
1259 }
1260 if (asconf->sent != SCTP_DATAGRAM_RESEND && chk->sent != SCTP_DATAGRAM_UNSENT)
1261 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1262 chk->sent = SCTP_DATAGRAM_RESEND;
1263 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1264 }
1265 if (!(net->dest_state & SCTP_ADDR_REACHABLE)) {
1266 /*
1267 * If the address went un-reachable, we need to move
1268 * to the alternate for ALL chunks in queue
1269 */
1270 sctp_move_chunks_from_net(stcb, net);
1271 }
1272 sctp_free_remote_addr(net);
1273
1274 /* mark the retran info */
1275 if (asconf->sent != SCTP_DATAGRAM_RESEND)
1276 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1277 asconf->sent = SCTP_DATAGRAM_RESEND;
1278 asconf->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1279
1280 /* send another ASCONF if any and we can do */
1281 sctp_send_asconf(stcb, alt, SCTP_ADDR_NOT_LOCKED);
1282 }
1283 return (0);
1284 }
1285
1286 /* Mobility adaptation */
1287 void
1288 sctp_delete_prim_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1289 {
1290 if (stcb->asoc.deleted_primary == NULL) {
1291 SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: deleted_primary is not stored...\n");
1292 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1293 return;
1294 }
1295 SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: finished to keep deleted primary ");
1296 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.deleted_primary->ro._l_addr.sa);
1297 sctp_free_remote_addr(stcb->asoc.deleted_primary);
1298 stcb->asoc.deleted_primary = NULL;
1299 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1300 return;
1301 }
1302
1303 /*
1304 * For the shutdown and shutdown-ack, we do not keep one around on the
1305 * control queue. This means we must generate a new one and call the general
1306 * chunk output routine, AFTER having done threshold management.
1307 * It is assumed that net is non-NULL.
1308 */
1309 int
1310 sctp_shutdown_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1311 struct sctp_nets *net)
1312 {
1313 struct sctp_nets *alt;
1314
1315 /* first threshold management */
1316 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1317 /* Assoc is over */
1318 return (1);
1319 }
1320 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1321 /* second select an alternative */
1322 alt = sctp_find_alternate_net(stcb, net, 0);
1323
1324 /* third generate a shutdown into the queue for out net */
1325 sctp_send_shutdown(stcb, alt);
1326
1327 /* fourth restart timer */
1328 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, inp, stcb, alt);
1329 return (0);
1330 }
1331
1332 int
1333 sctp_shutdownack_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1334 struct sctp_nets *net)
1335 {
1336 struct sctp_nets *alt;
1337
1338 /* first threshold management */
1339 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1340 /* Assoc is over */
1341 return (1);
1342 }
1343 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1344 /* second select an alternative */
1345 alt = sctp_find_alternate_net(stcb, net, 0);
1346
1347 /* third generate a shutdown into the queue for out net */
1348 sctp_send_shutdown_ack(stcb, alt);
1349
1350 /* fourth restart timer */
1351 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, inp, stcb, alt);
1352 return (0);
1353 }
1354
1355 static void
1356 sctp_audit_stream_queues_for_size(struct sctp_inpcb *inp,
1357 struct sctp_tcb *stcb)
1358 {
1359 struct sctp_stream_queue_pending *sp;
1360 unsigned int i, chks_in_queue = 0;
1361 int being_filled = 0;
1362 /*
1363 * This function is ONLY called when the send/sent queues are empty.
1364 */
1365 if ((stcb == NULL) || (inp == NULL))
1366 return;
1367
1368 if (stcb->asoc.sent_queue_retran_cnt) {
1369 SCTP_PRINTF("Hmm, sent_queue_retran_cnt is non-zero %d\n",
1370 stcb->asoc.sent_queue_retran_cnt);
1371 stcb->asoc.sent_queue_retran_cnt = 0;
1372 }
1373 if (stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1374 /* No stream scheduler information, initialize scheduler */
1375 stcb->asoc.ss_functions.sctp_ss_init(stcb, &stcb->asoc, 0);
1376 if (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1377 /* yep, we lost a stream or two */
1378 SCTP_PRINTF("Found additional streams NOT managed by scheduler, corrected\n");
1379 } else {
1380 /* no streams lost */
1381 stcb->asoc.total_output_queue_size = 0;
1382 }
1383 }
1384 /* Check to see if some data queued, if so report it */
1385 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
1386 if (!TAILQ_EMPTY(&stcb->asoc.strmout[i].outqueue)) {
1387 TAILQ_FOREACH(sp, &stcb->asoc.strmout[i].outqueue, next) {
1388 if (sp->msg_is_complete)
1389 being_filled++;
1390 chks_in_queue++;
1391 }
1392 }
1393 }
1394 if (chks_in_queue != stcb->asoc.stream_queue_cnt) {
1395 SCTP_PRINTF("Hmm, stream queue cnt at %d I counted %d in stream out wheel\n",
1396 stcb->asoc.stream_queue_cnt, chks_in_queue);
1397 }
1398 if (chks_in_queue) {
1399 /* call the output queue function */
1400 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED);
1401 if ((TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1402 (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1403 /*
1404 * Probably should go in and make it go back through
1405 * and add fragments allowed
1406 */
1407 if (being_filled == 0) {
1408 SCTP_PRINTF("Still nothing moved %d chunks are stuck\n",
1409 chks_in_queue);
1410 }
1411 }
1412 } else {
1413 SCTP_PRINTF("Found no chunks on any queue tot:%lu\n",
1414 (u_long)stcb->asoc.total_output_queue_size);
1415 stcb->asoc.total_output_queue_size = 0;
1416 }
1417 }
1418
1419 int
1420 sctp_heartbeat_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1421 struct sctp_nets *net)
1422 {
1423 uint8_t net_was_pf;
1424
1425 if (net->dest_state & SCTP_ADDR_PF) {
1426 net_was_pf = 1;
1427 } else {
1428 net_was_pf = 0;
1429 }
1430 if (net->hb_responded == 0) {
1431 if (net->ro._s_addr) {
1432 /* Invalidate the src address if we did not get
1433 * a response last time.
1434 */
1435 sctp_free_ifa(net->ro._s_addr);
1436 net->ro._s_addr = NULL;
1437 net->src_addr_selected = 0;
1438 }
1439 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1440 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1441 /* Assoc is over */
1442 return (1);
1443 }
1444 }
1445 /* Zero PBA, if it needs it */
1446 if (net->partial_bytes_acked) {
1447 net->partial_bytes_acked = 0;
1448 }
1449 if ((stcb->asoc.total_output_queue_size > 0) &&
1450 (TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1451 (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1452 sctp_audit_stream_queues_for_size(inp, stcb);
1453 }
1454 if (!(net->dest_state & SCTP_ADDR_NOHB) &&
1455 !((net_was_pf == 0) && (net->dest_state & SCTP_ADDR_PF))) {
1456 /* when move to PF during threshold mangement, a HB has been
1457 queued in that routine */
1458 uint32_t ms_gone_by;
1459
1460 if ((net->last_sent_time.tv_sec > 0) ||
1461 (net->last_sent_time.tv_usec > 0)) {
1462 #ifdef __FreeBSD__
1463 struct timeval diff;
1464
1465 SCTP_GETTIME_TIMEVAL(&diff);
1466 timevalsub(&diff, &net->last_sent_time);
1467 #else
1468 struct timeval diff, now;
1469
1470 SCTP_GETTIME_TIMEVAL(&now);
1471 timersub(&now, &net->last_sent_time, &diff);
1472 #endif
1473 ms_gone_by = (uint32_t)(diff.tv_sec * 1000) +
1474 (uint32_t)(diff.tv_usec / 1000);
1475 } else {
1476 ms_gone_by = 0xffffffff;
1477 }
1478 if ((ms_gone_by >= net->heart_beat_delay) ||
1479 (net->dest_state & SCTP_ADDR_PF)) {
1480 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
1481 }
1482 }
1483 return (0);
1484 }
1485
1486 void
1487 sctp_pathmtu_timer(struct sctp_inpcb *inp,
1488 struct sctp_tcb *stcb,
1489 struct sctp_nets *net)
1490 {
1491 uint32_t next_mtu, mtu;
1492
1493 next_mtu = sctp_get_next_mtu(net->mtu);
1494
1495 if ((next_mtu > net->mtu) && (net->port == 0)) {
1496 if ((net->src_addr_selected == 0) ||
1497 (net->ro._s_addr == NULL) ||
1498 (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1499 if ((net->ro._s_addr != NULL) && (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1500 sctp_free_ifa(net->ro._s_addr);
1501 net->ro._s_addr = NULL;
1502 net->src_addr_selected = 0;
1503 } else if (net->ro._s_addr == NULL) {
1504 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1505 if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1506 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1507 /* KAME hack: embed scopeid */
1508 #if defined(__APPLE__)
1509 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
1510 (void)in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL);
1511 #else
1512 (void)in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL, NULL);
1513 #endif
1514 #elif defined(SCTP_KAME)
1515 (void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
1516 #else
1517 (void)in6_embedscope(&sin6->sin6_addr, sin6);
1518 #endif
1519 }
1520 #endif
1521
1522 net->ro._s_addr = sctp_source_address_selection(inp,
1523 stcb,
1524 (sctp_route_t *)&net->ro,
1525 net, 0, stcb->asoc.vrf_id);
1526 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1527 if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1528 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1529 #ifdef SCTP_KAME
1530 (void)sa6_recoverscope(sin6);
1531 #else
1532 (void)in6_recoverscope(sin6, &sin6->sin6_addr, NULL);
1533 #endif /* SCTP_KAME */
1534 }
1535 #endif /* INET6 */
1536 }
1537 if (net->ro._s_addr)
1538 net->src_addr_selected = 1;
1539 }
1540 if (net->ro._s_addr) {
1541 #if defined(__FreeBSD__)
1542 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._s_addr.sa, net->ro.ro_nh);
1543 #else
1544 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._s_addr.sa, net->ro.ro_rt);
1545 #endif
1546 #if defined(INET) || defined(INET6)
1547 if (net->port) {
1548 mtu -= sizeof(struct udphdr);
1549 }
1550 #endif
1551 if (mtu > next_mtu) {
1552 net->mtu = next_mtu;
1553 } else {
1554 net->mtu = mtu;
1555 }
1556 }
1557 }
1558 /* restart the timer */
1559 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net);
1560 }
1561
1562 void
1563 sctp_autoclose_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1564 {
1565 struct timeval tn, *tim_touse;
1566 struct sctp_association *asoc;
1567 uint32_t ticks_gone_by;
1568
1569 (void)SCTP_GETTIME_TIMEVAL(&tn);
1570 if (stcb->asoc.sctp_autoclose_ticks > 0 &&
1571 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1572 /* Auto close is on */
1573 asoc = &stcb->asoc;
1574 /* pick the time to use */
1575 if (asoc->time_last_rcvd.tv_sec >
1576 asoc->time_last_sent.tv_sec) {
1577 tim_touse = &asoc->time_last_rcvd;
1578 } else {
1579 tim_touse = &asoc->time_last_sent;
1580 }
1581 /* Now has long enough transpired to autoclose? */
1582 ticks_gone_by = sctp_secs_to_ticks((uint32_t)(tn.tv_sec - tim_touse->tv_sec));
1583 if (ticks_gone_by >= asoc->sctp_autoclose_ticks) {
1584 /*
1585 * autoclose time has hit, call the output routine,
1586 * which should do nothing just to be SURE we don't
1587 * have hanging data. We can then safely check the
1588 * queues and know that we are clear to send
1589 * shutdown
1590 */
1591 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED);
1592 /* Are we clean? */
1593 if (TAILQ_EMPTY(&asoc->send_queue) &&
1594 TAILQ_EMPTY(&asoc->sent_queue)) {
1595 /*
1596 * there is nothing queued to send, so I'm
1597 * done...
1598 */
1599 if (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) {
1600 /* only send SHUTDOWN 1st time thru */
1601 struct sctp_nets *net;
1602
1603 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) ||
1604 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
1605 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
1606 }
1607 SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_SENT);
1608 sctp_stop_timers_for_shutdown(stcb);
1609 if (stcb->asoc.alternate) {
1610 net = stcb->asoc.alternate;
1611 } else {
1612 net = stcb->asoc.primary_destination;
1613 }
1614 sctp_send_shutdown(stcb, net);
1615 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
1616 stcb->sctp_ep, stcb, net);
1617 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1618 stcb->sctp_ep, stcb, NULL);
1619 }
1620 }
1621 } else {
1622 /*
1623 * No auto close at this time, reset t-o to check
1624 * later
1625 */
1626 uint32_t tmp;
1627
1628 /* fool the timer startup to use the time left */
1629 tmp = asoc->sctp_autoclose_ticks;
1630 asoc->sctp_autoclose_ticks -= ticks_gone_by;
1631 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL);
1632 /* restore the real tick value */
1633 asoc->sctp_autoclose_ticks = tmp;
1634 }
1635 }
1636 }
1637
1638