Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / cp-linux / 7d38e033b98fd00da3a0b3a506c27c772f7167bf / . / net / sctp / sm_sideeffect.c
blob: 6098d4c42fa91287d3cde36ac05d860f76d4fe32 [file] [log] [blame]
Kyle Swenson8d8f6542021-03-15 11:02:55 -0600[diff] [blame]1/* SCTP kernel implementation
2 * (C) Copyright IBM Corp. 2001, 2004
3 * Copyright (c) 1999 Cisco, Inc.
4 * Copyright (c) 1999-2001 Motorola, Inc.
5 *
6 * This file is part of the SCTP kernel implementation
7 *
8 * These functions work with the state functions in sctp_sm_statefuns.c
9 * to implement that state operations. These functions implement the
10 * steps which require modifying existing data structures.
11 *
12 * This SCTP implementation is free software;
13 * you can redistribute it and/or modify it under the terms of
14 * the GNU General Public License as published by
15 * the Free Software Foundation; either version 2, or (at your option)
16 * any later version.
17 *
18 * This SCTP implementation is distributed in the hope that it
19 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
20 * ************************
21 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
22 * See the GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with GNU CC; see the file COPYING. If not, see
26 * <http://www.gnu.org/licenses/>.
27 *
28 * Please send any bug reports or fixes you make to the
29 * email address(es):
30 * lksctp developers <linux-sctp@vger.kernel.org>
31 *
32 * Written or modified by:
33 * La Monte H.P. Yarroll <piggy@acm.org>
34 * Karl Knutson <karl@athena.chicago.il.us>
35 * Jon Grimm <jgrimm@austin.ibm.com>
36 * Hui Huang <hui.huang@nokia.com>
37 * Dajiang Zhang <dajiang.zhang@nokia.com>
38 * Daisy Chang <daisyc@us.ibm.com>
39 * Sridhar Samudrala <sri@us.ibm.com>
40 * Ardelle Fan <ardelle.fan@intel.com>
41 */
42
43#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
44
45#include <linux/skbuff.h>
46#include <linux/types.h>
47#include <linux/socket.h>
48#include <linux/ip.h>
49#include <linux/gfp.h>
50#include <net/sock.h>
51#include <net/sctp/sctp.h>
52#include <net/sctp/sm.h>
53
54static int sctp_cmd_interpreter(sctp_event_t event_type,
55 sctp_subtype_t subtype,
56 sctp_state_t state,
57 struct sctp_endpoint *ep,
58 struct sctp_association *asoc,
59 void *event_arg,
60 sctp_disposition_t status,
61 sctp_cmd_seq_t *commands,
62 gfp_t gfp);
63static int sctp_side_effects(sctp_event_t event_type, sctp_subtype_t subtype,
64 sctp_state_t state,
65 struct sctp_endpoint *ep,
66 struct sctp_association *asoc,
67 void *event_arg,
68 sctp_disposition_t status,
69 sctp_cmd_seq_t *commands,
70 gfp_t gfp);
71
72static void sctp_cmd_hb_timer_update(sctp_cmd_seq_t *cmds,
73 struct sctp_transport *t);
74/********************************************************************
75 * Helper functions
76 ********************************************************************/
77
78/* A helper function for delayed processing of INET ECN CE bit. */
79static void sctp_do_ecn_ce_work(struct sctp_association *asoc,
80 __u32 lowest_tsn)
81{
82 /* Save the TSN away for comparison when we receive CWR */
83
84 asoc->last_ecne_tsn = lowest_tsn;
85 asoc->need_ecne = 1;
86}
87
88/* Helper function for delayed processing of SCTP ECNE chunk. */
89/* RFC 2960 Appendix A
90 *
91 * RFC 2481 details a specific bit for a sender to send in
92 * the header of its next outbound TCP segment to indicate to
93 * its peer that it has reduced its congestion window. This
94 * is termed the CWR bit. For SCTP the same indication is made
95 * by including the CWR chunk. This chunk contains one data
96 * element, i.e. the TSN number that was sent in the ECNE chunk.
97 * This element represents the lowest TSN number in the datagram
98 * that was originally marked with the CE bit.
99 */
100static struct sctp_chunk *sctp_do_ecn_ecne_work(struct sctp_association *asoc,
101 __u32 lowest_tsn,
102 struct sctp_chunk *chunk)
103{
104 struct sctp_chunk *repl;
105
106 /* Our previously transmitted packet ran into some congestion
107 * so we should take action by reducing cwnd and ssthresh
108 * and then ACK our peer that we we've done so by
109 * sending a CWR.
110 */
111
112 /* First, try to determine if we want to actually lower
113 * our cwnd variables. Only lower them if the ECNE looks more
114 * recent than the last response.
115 */
116 if (TSN_lt(asoc->last_cwr_tsn, lowest_tsn)) {
117 struct sctp_transport *transport;
118
119 /* Find which transport's congestion variables
120 * need to be adjusted.
121 */
122 transport = sctp_assoc_lookup_tsn(asoc, lowest_tsn);
123
124 /* Update the congestion variables. */
125 if (transport)
126 sctp_transport_lower_cwnd(transport,
127 SCTP_LOWER_CWND_ECNE);
128 asoc->last_cwr_tsn = lowest_tsn;
129 }
130
131 /* Always try to quiet the other end. In case of lost CWR,
132 * resend last_cwr_tsn.
133 */
134 repl = sctp_make_cwr(asoc, asoc->last_cwr_tsn, chunk);
135
136 /* If we run out of memory, it will look like a lost CWR. We'll
137 * get back in sync eventually.
138 */
139 return repl;
140}
141
142/* Helper function to do delayed processing of ECN CWR chunk. */
143static void sctp_do_ecn_cwr_work(struct sctp_association *asoc,
144 __u32 lowest_tsn)
145{
146 /* Turn off ECNE getting auto-prepended to every outgoing
147 * packet
148 */
149 asoc->need_ecne = 0;
150}
151
152/* Generate SACK if necessary. We call this at the end of a packet. */
153static int sctp_gen_sack(struct sctp_association *asoc, int force,
154 sctp_cmd_seq_t *commands)
155{
156 __u32 ctsn, max_tsn_seen;
157 struct sctp_chunk *sack;
158 struct sctp_transport *trans = asoc->peer.last_data_from;
159 int error = 0;
160
161 if (force ||
162 (!trans && (asoc->param_flags & SPP_SACKDELAY_DISABLE)) ||
163 (trans && (trans->param_flags & SPP_SACKDELAY_DISABLE)))
164 asoc->peer.sack_needed = 1;
165
166 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map);
167 max_tsn_seen = sctp_tsnmap_get_max_tsn_seen(&asoc->peer.tsn_map);
168
169 /* From 12.2 Parameters necessary per association (i.e. the TCB):
170 *
171 * Ack State : This flag indicates if the next received packet
172 * : is to be responded to with a SACK. ...
173 * : When DATA chunks are out of order, SACK's
174 * : are not delayed (see Section 6).
175 *
176 * [This is actually not mentioned in Section 6, but we
177 * implement it here anyway. --piggy]
178 */
179 if (max_tsn_seen != ctsn)
180 asoc->peer.sack_needed = 1;
181
182 /* From 6.2 Acknowledgement on Reception of DATA Chunks:
183 *
184 * Section 4.2 of [RFC2581] SHOULD be followed. Specifically,
185 * an acknowledgement SHOULD be generated for at least every
186 * second packet (not every second DATA chunk) received, and
187 * SHOULD be generated within 200 ms of the arrival of any
188 * unacknowledged DATA chunk. ...
189 */
190 if (!asoc->peer.sack_needed) {
191 asoc->peer.sack_cnt++;
192
193 /* Set the SACK delay timeout based on the
194 * SACK delay for the last transport
195 * data was received from, or the default
196 * for the association.
197 */
198 if (trans) {
199 /* We will need a SACK for the next packet. */
200 if (asoc->peer.sack_cnt >= trans->sackfreq - 1)
201 asoc->peer.sack_needed = 1;
202
203 asoc->timeouts[SCTP_EVENT_TIMEOUT_SACK] =
204 trans->sackdelay;
205 } else {
206 /* We will need a SACK for the next packet. */
207 if (asoc->peer.sack_cnt >= asoc->sackfreq - 1)
208 asoc->peer.sack_needed = 1;
209
210 asoc->timeouts[SCTP_EVENT_TIMEOUT_SACK] =
211 asoc->sackdelay;
212 }
213
214 /* Restart the SACK timer. */
215 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
216 SCTP_TO(SCTP_EVENT_TIMEOUT_SACK));
217 } else {
218 asoc->a_rwnd = asoc->rwnd;
219 sack = sctp_make_sack(asoc);
220 if (!sack)
221 goto nomem;
222
223 asoc->peer.sack_needed = 0;
224 asoc->peer.sack_cnt = 0;
225
226 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(sack));
227
228 /* Stop the SACK timer. */
229 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
230 SCTP_TO(SCTP_EVENT_TIMEOUT_SACK));
231 }
232
233 return error;
234nomem:
235 error = -ENOMEM;
236 return error;
237}
238
239/* When the T3-RTX timer expires, it calls this function to create the
240 * relevant state machine event.
241 */
242void sctp_generate_t3_rtx_event(unsigned long peer)
243{
244 int error;
245 struct sctp_transport *transport = (struct sctp_transport *) peer;
246 struct sctp_association *asoc = transport->asoc;
247 struct sock *sk = asoc->base.sk;
248 struct net *net = sock_net(sk);
249
250 /* Check whether a task is in the sock. */
251
252 bh_lock_sock(sk);
253 if (sock_owned_by_user(sk)) {
254 pr_debug("%s: sock is busy\n", __func__);
255
256 /* Try again later. */
257 if (!mod_timer(&transport->T3_rtx_timer, jiffies + (HZ/20)))
258 sctp_transport_hold(transport);
259 goto out_unlock;
260 }
261
262 /* Is this transport really dead and just waiting around for
263 * the timer to let go of the reference?
264 */
265 if (transport->dead)
266 goto out_unlock;
267
268 /* Run through the state machine. */
269 error = sctp_do_sm(net, SCTP_EVENT_T_TIMEOUT,
270 SCTP_ST_TIMEOUT(SCTP_EVENT_TIMEOUT_T3_RTX),
271 asoc->state,
272 asoc->ep, asoc,
273 transport, GFP_ATOMIC);
274
275 if (error)
276 sk->sk_err = -error;
277
278out_unlock:
279 bh_unlock_sock(sk);
280 sctp_transport_put(transport);
281}
282
283/* This is a sa interface for producing timeout events. It works
284 * for timeouts which use the association as their parameter.
285 */
286static void sctp_generate_timeout_event(struct sctp_association *asoc,
287 sctp_event_timeout_t timeout_type)
288{
289 struct sock *sk = asoc->base.sk;
290 struct net *net = sock_net(sk);
291 int error = 0;
292
293 bh_lock_sock(sk);
294 if (sock_owned_by_user(sk)) {
295 pr_debug("%s: sock is busy: timer %d\n", __func__,
296 timeout_type);
297
298 /* Try again later. */
299 if (!mod_timer(&asoc->timers[timeout_type], jiffies + (HZ/20)))
300 sctp_association_hold(asoc);
301 goto out_unlock;
302 }
303
304 /* Is this association really dead and just waiting around for
305 * the timer to let go of the reference?
306 */
307 if (asoc->base.dead)
308 goto out_unlock;
309
310 /* Run through the state machine. */
311 error = sctp_do_sm(net, SCTP_EVENT_T_TIMEOUT,
312 SCTP_ST_TIMEOUT(timeout_type),
313 asoc->state, asoc->ep, asoc,
314 (void *)timeout_type, GFP_ATOMIC);
315
316 if (error)
317 sk->sk_err = -error;
318
319out_unlock:
320 bh_unlock_sock(sk);
321 sctp_association_put(asoc);
322}
323
324static void sctp_generate_t1_cookie_event(unsigned long data)
325{
326 struct sctp_association *asoc = (struct sctp_association *) data;
327 sctp_generate_timeout_event(asoc, SCTP_EVENT_TIMEOUT_T1_COOKIE);
328}
329
330static void sctp_generate_t1_init_event(unsigned long data)
331{
332 struct sctp_association *asoc = (struct sctp_association *) data;
333 sctp_generate_timeout_event(asoc, SCTP_EVENT_TIMEOUT_T1_INIT);
334}
335
336static void sctp_generate_t2_shutdown_event(unsigned long data)
337{
338 struct sctp_association *asoc = (struct sctp_association *) data;
339 sctp_generate_timeout_event(asoc, SCTP_EVENT_TIMEOUT_T2_SHUTDOWN);
340}
341
342static void sctp_generate_t4_rto_event(unsigned long data)
343{
344 struct sctp_association *asoc = (struct sctp_association *) data;
345 sctp_generate_timeout_event(asoc, SCTP_EVENT_TIMEOUT_T4_RTO);
346}
347
348static void sctp_generate_t5_shutdown_guard_event(unsigned long data)
349{
350 struct sctp_association *asoc = (struct sctp_association *)data;
351 sctp_generate_timeout_event(asoc,
352 SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD);
353
354} /* sctp_generate_t5_shutdown_guard_event() */
355
356static void sctp_generate_autoclose_event(unsigned long data)
357{
358 struct sctp_association *asoc = (struct sctp_association *) data;
359 sctp_generate_timeout_event(asoc, SCTP_EVENT_TIMEOUT_AUTOCLOSE);
360}
361
362/* Generate a heart beat event. If the sock is busy, reschedule. Make
363 * sure that the transport is still valid.
364 */
365void sctp_generate_heartbeat_event(unsigned long data)
366{
367 int error = 0;
368 struct sctp_transport *transport = (struct sctp_transport *) data;
369 struct sctp_association *asoc = transport->asoc;
370 struct sock *sk = asoc->base.sk;
371 struct net *net = sock_net(sk);
372
373 bh_lock_sock(sk);
374 if (sock_owned_by_user(sk)) {
375 pr_debug("%s: sock is busy\n", __func__);
376
377 /* Try again later. */
378 if (!mod_timer(&transport->hb_timer, jiffies + (HZ/20)))
379 sctp_transport_hold(transport);
380 goto out_unlock;
381 }
382
383 /* Is this structure just waiting around for us to actually
384 * get destroyed?
385 */
386 if (transport->dead)
387 goto out_unlock;
388
389 error = sctp_do_sm(net, SCTP_EVENT_T_TIMEOUT,
390 SCTP_ST_TIMEOUT(SCTP_EVENT_TIMEOUT_HEARTBEAT),
391 asoc->state, asoc->ep, asoc,
392 transport, GFP_ATOMIC);
393
394 if (error)
395 sk->sk_err = -error;
396
397out_unlock:
398 bh_unlock_sock(sk);
399 sctp_transport_put(transport);
400}
401
402/* Handle the timeout of the ICMP protocol unreachable timer. Trigger
403 * the correct state machine transition that will close the association.
404 */
405void sctp_generate_proto_unreach_event(unsigned long data)
406{
407 struct sctp_transport *transport = (struct sctp_transport *) data;
408 struct sctp_association *asoc = transport->asoc;
409 struct sock *sk = asoc->base.sk;
410 struct net *net = sock_net(sk);
411
412 bh_lock_sock(sk);
413 if (sock_owned_by_user(sk)) {
414 pr_debug("%s: sock is busy\n", __func__);
415
416 /* Try again later. */
417 if (!mod_timer(&transport->proto_unreach_timer,
418 jiffies + (HZ/20)))
419 sctp_association_hold(asoc);
420 goto out_unlock;
421 }
422
423 /* Is this structure just waiting around for us to actually
424 * get destroyed?
425 */
426 if (asoc->base.dead)
427 goto out_unlock;
428
429 sctp_do_sm(net, SCTP_EVENT_T_OTHER,
430 SCTP_ST_OTHER(SCTP_EVENT_ICMP_PROTO_UNREACH),
431 asoc->state, asoc->ep, asoc, transport, GFP_ATOMIC);
432
433out_unlock:
434 bh_unlock_sock(sk);
435 sctp_association_put(asoc);
436}
437
438
439/* Inject a SACK Timeout event into the state machine. */
440static void sctp_generate_sack_event(unsigned long data)
441{
442 struct sctp_association *asoc = (struct sctp_association *) data;
443 sctp_generate_timeout_event(asoc, SCTP_EVENT_TIMEOUT_SACK);
444}
445
446sctp_timer_event_t *sctp_timer_events[SCTP_NUM_TIMEOUT_TYPES] = {
447 NULL,
448 sctp_generate_t1_cookie_event,
449 sctp_generate_t1_init_event,
450 sctp_generate_t2_shutdown_event,
451 NULL,
452 sctp_generate_t4_rto_event,
453 sctp_generate_t5_shutdown_guard_event,
454 NULL,
455 sctp_generate_sack_event,
456 sctp_generate_autoclose_event,
457};
458
459
460/* RFC 2960 8.2 Path Failure Detection
461 *
462 * When its peer endpoint is multi-homed, an endpoint should keep a
463 * error counter for each of the destination transport addresses of the
464 * peer endpoint.
465 *
466 * Each time the T3-rtx timer expires on any address, or when a
467 * HEARTBEAT sent to an idle address is not acknowledged within a RTO,
468 * the error counter of that destination address will be incremented.
469 * When the value in the error counter exceeds the protocol parameter
470 * 'Path.Max.Retrans' of that destination address, the endpoint should
471 * mark the destination transport address as inactive, and a
472 * notification SHOULD be sent to the upper layer.
473 *
474 */
475static void sctp_do_8_2_transport_strike(sctp_cmd_seq_t *commands,
476 struct sctp_association *asoc,
477 struct sctp_transport *transport,
478 int is_hb)
479{
480 /* The check for association's overall error counter exceeding the
481 * threshold is done in the state function.
482 */
483 /* We are here due to a timer expiration. If the timer was
484 * not a HEARTBEAT, then normal error tracking is done.
485 * If the timer was a heartbeat, we only increment error counts
486 * when we already have an outstanding HEARTBEAT that has not
487 * been acknowledged.
488 * Additionally, some tranport states inhibit error increments.
489 */
490 if (!is_hb) {
491 asoc->overall_error_count++;
492 if (transport->state != SCTP_INACTIVE)
493 transport->error_count++;
494 } else if (transport->hb_sent) {
495 if (transport->state != SCTP_UNCONFIRMED)
496 asoc->overall_error_count++;
497 if (transport->state != SCTP_INACTIVE)
498 transport->error_count++;
499 }
500
501 /* If the transport error count is greater than the pf_retrans
502 * threshold, and less than pathmaxrtx, and if the current state
503 * is SCTP_ACTIVE, then mark this transport as Partially Failed,
504 * see SCTP Quick Failover Draft, section 5.1
505 */
506 if ((transport->state == SCTP_ACTIVE) &&
507 (asoc->pf_retrans < transport->pathmaxrxt) &&
508 (transport->error_count > asoc->pf_retrans)) {
509
510 sctp_assoc_control_transport(asoc, transport,
511 SCTP_TRANSPORT_PF,
512 0);
513
514 /* Update the hb timer to resend a heartbeat every rto */
515 sctp_cmd_hb_timer_update(commands, transport);
516 }
517
518 if (transport->state != SCTP_INACTIVE &&
519 (transport->error_count > transport->pathmaxrxt)) {
520 pr_debug("%s: association:%p transport addr:%pISpc failed\n",
521 __func__, asoc, &transport->ipaddr.sa);
522
523 sctp_assoc_control_transport(asoc, transport,
524 SCTP_TRANSPORT_DOWN,
525 SCTP_FAILED_THRESHOLD);
526 }
527
528 /* E2) For the destination address for which the timer
529 * expires, set RTO <- RTO * 2 ("back off the timer"). The
530 * maximum value discussed in rule C7 above (RTO.max) may be
531 * used to provide an upper bound to this doubling operation.
532 *
533 * Special Case: the first HB doesn't trigger exponential backoff.
534 * The first unacknowledged HB triggers it. We do this with a flag
535 * that indicates that we have an outstanding HB.
536 */
537 if (!is_hb || transport->hb_sent) {
538 transport->rto = min((transport->rto * 2), transport->asoc->rto_max);
539 sctp_max_rto(asoc, transport);
540 }
541}
542
543/* Worker routine to handle INIT command failure. */
544static void sctp_cmd_init_failed(sctp_cmd_seq_t *commands,
545 struct sctp_association *asoc,
546 unsigned int error)
547{
548 struct sctp_ulpevent *event;
549
550 event = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_CANT_STR_ASSOC,
551 (__u16)error, 0, 0, NULL,
552 GFP_ATOMIC);
553
554 if (event)
555 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
556 SCTP_ULPEVENT(event));
557
558 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
559 SCTP_STATE(SCTP_STATE_CLOSED));
560
561 /* SEND_FAILED sent later when cleaning up the association. */
562 asoc->outqueue.error = error;
563 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
564}
565
566/* Worker routine to handle SCTP_CMD_ASSOC_FAILED. */
567static void sctp_cmd_assoc_failed(sctp_cmd_seq_t *commands,
568 struct sctp_association *asoc,
569 sctp_event_t event_type,
570 sctp_subtype_t subtype,
571 struct sctp_chunk *chunk,
572 unsigned int error)
573{
574 struct sctp_ulpevent *event;
575 struct sctp_chunk *abort;
576 /* Cancel any partial delivery in progress. */
577 sctp_ulpq_abort_pd(&asoc->ulpq, GFP_ATOMIC);
578
579 if (event_type == SCTP_EVENT_T_CHUNK && subtype.chunk == SCTP_CID_ABORT)
580 event = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_COMM_LOST,
581 (__u16)error, 0, 0, chunk,
582 GFP_ATOMIC);
583 else
584 event = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_COMM_LOST,
585 (__u16)error, 0, 0, NULL,
586 GFP_ATOMIC);
587 if (event)
588 sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
589 SCTP_ULPEVENT(event));
590
591 if (asoc->overall_error_count >= asoc->max_retrans) {
592 abort = sctp_make_violation_max_retrans(asoc, chunk);
593 if (abort)
594 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
595 SCTP_CHUNK(abort));
596 }
597
598 sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
599 SCTP_STATE(SCTP_STATE_CLOSED));
600
601 /* SEND_FAILED sent later when cleaning up the association. */
602 asoc->outqueue.error = error;
603 sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL());
604}
605
606/* Process an init chunk (may be real INIT/INIT-ACK or an embedded INIT
607 * inside the cookie. In reality, this is only used for INIT-ACK processing
608 * since all other cases use "temporary" associations and can do all
609 * their work in statefuns directly.
610 */
611static int sctp_cmd_process_init(sctp_cmd_seq_t *commands,
612 struct sctp_association *asoc,
613 struct sctp_chunk *chunk,
614 sctp_init_chunk_t *peer_init,
615 gfp_t gfp)
616{
617 int error;
618
619 /* We only process the init as a sideeffect in a single
620 * case. This is when we process the INIT-ACK. If we
621 * fail during INIT processing (due to malloc problems),
622 * just return the error and stop processing the stack.
623 */
624 if (!sctp_process_init(asoc, chunk, sctp_source(chunk), peer_init, gfp))
625 error = -ENOMEM;
626 else
627 error = 0;
628
629 return error;
630}
631
632/* Helper function to break out starting up of heartbeat timers. */
633static void sctp_cmd_hb_timers_start(sctp_cmd_seq_t *cmds,
634 struct sctp_association *asoc)
635{
636 struct sctp_transport *t;
637
638 /* Start a heartbeat timer for each transport on the association.
639 * hold a reference on the transport to make sure none of
640 * the needed data structures go away.
641 */
642 list_for_each_entry(t, &asoc->peer.transport_addr_list, transports) {
643
644 if (!mod_timer(&t->hb_timer, sctp_transport_timeout(t)))
645 sctp_transport_hold(t);
646 }
647}
648
649static void sctp_cmd_hb_timers_stop(sctp_cmd_seq_t *cmds,
650 struct sctp_association *asoc)
651{
652 struct sctp_transport *t;
653
654 /* Stop all heartbeat timers. */
655
656 list_for_each_entry(t, &asoc->peer.transport_addr_list,
657 transports) {
658 if (del_timer(&t->hb_timer))
659 sctp_transport_put(t);
660 }
661}
662
663/* Helper function to stop any pending T3-RTX timers */
664static void sctp_cmd_t3_rtx_timers_stop(sctp_cmd_seq_t *cmds,
665 struct sctp_association *asoc)
666{
667 struct sctp_transport *t;
668
669 list_for_each_entry(t, &asoc->peer.transport_addr_list,
670 transports) {
671 if (del_timer(&t->T3_rtx_timer))
672 sctp_transport_put(t);
673 }
674}
675
676
677/* Helper function to update the heartbeat timer. */
678static void sctp_cmd_hb_timer_update(sctp_cmd_seq_t *cmds,
679 struct sctp_transport *t)
680{
681 /* Update the heartbeat timer. */
682 if (!mod_timer(&t->hb_timer, sctp_transport_timeout(t)))
683 sctp_transport_hold(t);
684}
685
686/* Helper function to handle the reception of an HEARTBEAT ACK. */
687static void sctp_cmd_transport_on(sctp_cmd_seq_t *cmds,
688 struct sctp_association *asoc,
689 struct sctp_transport *t,
690 struct sctp_chunk *chunk)
691{
692 sctp_sender_hb_info_t *hbinfo;
693 int was_unconfirmed = 0;
694
695 /* 8.3 Upon the receipt of the HEARTBEAT ACK, the sender of the
696 * HEARTBEAT should clear the error counter of the destination
697 * transport address to which the HEARTBEAT was sent.
698 */
699 t->error_count = 0;
700
701 /*
702 * Although RFC4960 specifies that the overall error count must
703 * be cleared when a HEARTBEAT ACK is received, we make an
704 * exception while in SHUTDOWN PENDING. If the peer keeps its
705 * window shut forever, we may never be able to transmit our
706 * outstanding data and rely on the retransmission limit be reached
707 * to shutdown the association.
708 */
709 if (t->asoc->state < SCTP_STATE_SHUTDOWN_PENDING)
710 t->asoc->overall_error_count = 0;
711
712 /* Clear the hb_sent flag to signal that we had a good
713 * acknowledgement.
714 */
715 t->hb_sent = 0;
716
717 /* Mark the destination transport address as active if it is not so
718 * marked.
719 */
720 if ((t->state == SCTP_INACTIVE) || (t->state == SCTP_UNCONFIRMED)) {
721 was_unconfirmed = 1;
722 sctp_assoc_control_transport(asoc, t, SCTP_TRANSPORT_UP,
723 SCTP_HEARTBEAT_SUCCESS);
724 }
725
726 if (t->state == SCTP_PF)
727 sctp_assoc_control_transport(asoc, t, SCTP_TRANSPORT_UP,
728 SCTP_HEARTBEAT_SUCCESS);
729
730 /* HB-ACK was received for a the proper HB. Consider this
731 * forward progress.
732 */
733 if (t->dst)
734 dst_confirm(t->dst);
735
736 /* The receiver of the HEARTBEAT ACK should also perform an
737 * RTT measurement for that destination transport address
738 * using the time value carried in the HEARTBEAT ACK chunk.
739 * If the transport's rto_pending variable has been cleared,
740 * it was most likely due to a retransmit. However, we want
741 * to re-enable it to properly update the rto.
742 */
743 if (t->rto_pending == 0)
744 t->rto_pending = 1;
745
746 hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data;
747 sctp_transport_update_rto(t, (jiffies - hbinfo->sent_at));
748
749 /* Update the heartbeat timer. */
750 if (!mod_timer(&t->hb_timer, sctp_transport_timeout(t)))
751 sctp_transport_hold(t);
752
753 if (was_unconfirmed && asoc->peer.transport_count == 1)
754 sctp_transport_immediate_rtx(t);
755}
756
757
758/* Helper function to process the process SACK command. */
759static int sctp_cmd_process_sack(sctp_cmd_seq_t *cmds,
760 struct sctp_association *asoc,
761 struct sctp_chunk *chunk)
762{
763 int err = 0;
764
765 if (sctp_outq_sack(&asoc->outqueue, chunk)) {
766 struct net *net = sock_net(asoc->base.sk);
767
768 /* There are no more TSNs awaiting SACK. */
769 err = sctp_do_sm(net, SCTP_EVENT_T_OTHER,
770 SCTP_ST_OTHER(SCTP_EVENT_NO_PENDING_TSN),
771 asoc->state, asoc->ep, asoc, NULL,
772 GFP_ATOMIC);
773 }
774
775 return err;
776}
777
778/* Helper function to set the timeout value for T2-SHUTDOWN timer and to set
779 * the transport for a shutdown chunk.
780 */
781static void sctp_cmd_setup_t2(sctp_cmd_seq_t *cmds,
782 struct sctp_association *asoc,
783 struct sctp_chunk *chunk)
784{
785 struct sctp_transport *t;
786
787 if (chunk->transport)
788 t = chunk->transport;
789 else {
790 t = sctp_assoc_choose_alter_transport(asoc,
791 asoc->shutdown_last_sent_to);
792 chunk->transport = t;
793 }
794 asoc->shutdown_last_sent_to = t;
795 asoc->timeouts[SCTP_EVENT_TIMEOUT_T2_SHUTDOWN] = t->rto;
796}
797
798/* Helper function to change the state of an association. */
799static void sctp_cmd_new_state(sctp_cmd_seq_t *cmds,
800 struct sctp_association *asoc,
801 sctp_state_t state)
802{
803 struct sock *sk = asoc->base.sk;
804
805 asoc->state = state;
806
807 pr_debug("%s: asoc:%p[%s]\n", __func__, asoc, sctp_state_tbl[state]);
808
809 if (sctp_style(sk, TCP)) {
810 /* Change the sk->sk_state of a TCP-style socket that has
811 * successfully completed a connect() call.
812 */
813 if (sctp_state(asoc, ESTABLISHED) && sctp_sstate(sk, CLOSED))
814 sk->sk_state = SCTP_SS_ESTABLISHED;
815
816 /* Set the RCV_SHUTDOWN flag when a SHUTDOWN is received. */
817 if (sctp_state(asoc, SHUTDOWN_RECEIVED) &&
818 sctp_sstate(sk, ESTABLISHED))
819 sk->sk_shutdown |= RCV_SHUTDOWN;
820 }
821
822 if (sctp_state(asoc, COOKIE_WAIT)) {
823 /* Reset init timeouts since they may have been
824 * increased due to timer expirations.
825 */
826 asoc->timeouts[SCTP_EVENT_TIMEOUT_T1_INIT] =
827 asoc->rto_initial;
828 asoc->timeouts[SCTP_EVENT_TIMEOUT_T1_COOKIE] =
829 asoc->rto_initial;
830 }
831
832 if (sctp_state(asoc, ESTABLISHED) ||
833 sctp_state(asoc, CLOSED) ||
834 sctp_state(asoc, SHUTDOWN_RECEIVED)) {
835 /* Wake up any processes waiting in the asoc's wait queue in
836 * sctp_wait_for_connect() or sctp_wait_for_sndbuf().
837 */
838 if (waitqueue_active(&asoc->wait))
839 wake_up_interruptible(&asoc->wait);
840
841 /* Wake up any processes waiting in the sk's sleep queue of
842 * a TCP-style or UDP-style peeled-off socket in
843 * sctp_wait_for_accept() or sctp_wait_for_packet().
844 * For a UDP-style socket, the waiters are woken up by the
845 * notifications.
846 */
847 if (!sctp_style(sk, UDP))
848 sk->sk_state_change(sk);
849 }
850}
851
852/* Helper function to delete an association. */
853static void sctp_cmd_delete_tcb(sctp_cmd_seq_t *cmds,
854 struct sctp_association *asoc)
855{
856 struct sock *sk = asoc->base.sk;
857
858 /* If it is a non-temporary association belonging to a TCP-style
859 * listening socket that is not closed, do not free it so that accept()
860 * can pick it up later.
861 */
862 if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING) &&
863 (!asoc->temp) && (sk->sk_shutdown != SHUTDOWN_MASK))
864 return;
865
866 sctp_unhash_established(asoc);
867 sctp_association_free(asoc);
868}
869
870/*
871 * ADDIP Section 4.1 ASCONF Chunk Procedures
872 * A4) Start a T-4 RTO timer, using the RTO value of the selected
873 * destination address (we use active path instead of primary path just
874 * because primary path may be inactive.
875 */
876static void sctp_cmd_setup_t4(sctp_cmd_seq_t *cmds,
877 struct sctp_association *asoc,
878 struct sctp_chunk *chunk)
879{
880 struct sctp_transport *t;
881
882 t = sctp_assoc_choose_alter_transport(asoc, chunk->transport);
883 asoc->timeouts[SCTP_EVENT_TIMEOUT_T4_RTO] = t->rto;
884 chunk->transport = t;
885}
886
887/* Process an incoming Operation Error Chunk. */
888static void sctp_cmd_process_operr(sctp_cmd_seq_t *cmds,
889 struct sctp_association *asoc,
890 struct sctp_chunk *chunk)
891{
892 struct sctp_errhdr *err_hdr;
893 struct sctp_ulpevent *ev;
894
895 while (chunk->chunk_end > chunk->skb->data) {
896 err_hdr = (struct sctp_errhdr *)(chunk->skb->data);
897
898 ev = sctp_ulpevent_make_remote_error(asoc, chunk, 0,
899 GFP_ATOMIC);
900 if (!ev)
901 return;
902
903 sctp_ulpq_tail_event(&asoc->ulpq, ev);
904
905 switch (err_hdr->cause) {
906 case SCTP_ERROR_UNKNOWN_CHUNK:
907 {
908 sctp_chunkhdr_t *unk_chunk_hdr;
909
910 unk_chunk_hdr = (sctp_chunkhdr_t *)err_hdr->variable;
911 switch (unk_chunk_hdr->type) {
912 /* ADDIP 4.1 A9) If the peer responds to an ASCONF with
913 * an ERROR chunk reporting that it did not recognized
914 * the ASCONF chunk type, the sender of the ASCONF MUST
915 * NOT send any further ASCONF chunks and MUST stop its
916 * T-4 timer.
917 */
918 case SCTP_CID_ASCONF:
919 if (asoc->peer.asconf_capable == 0)
920 break;
921
922 asoc->peer.asconf_capable = 0;
923 sctp_add_cmd_sf(cmds, SCTP_CMD_TIMER_STOP,
924 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
925 break;
926 default:
927 break;
928 }
929 break;
930 }
931 default:
932 break;
933 }
934 }
935}
936
937/* Process variable FWDTSN chunk information. */
938static void sctp_cmd_process_fwdtsn(struct sctp_ulpq *ulpq,
939 struct sctp_chunk *chunk)
940{
941 struct sctp_fwdtsn_skip *skip;
942 /* Walk through all the skipped SSNs */
943 sctp_walk_fwdtsn(skip, chunk) {
944 sctp_ulpq_skip(ulpq, ntohs(skip->stream), ntohs(skip->ssn));
945 }
946}
947
948/* Helper function to remove the association non-primary peer
949 * transports.
950 */
951static void sctp_cmd_del_non_primary(struct sctp_association *asoc)
952{
953 struct sctp_transport *t;
954 struct list_head *pos;
955 struct list_head *temp;
956
957 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
958 t = list_entry(pos, struct sctp_transport, transports);
959 if (!sctp_cmp_addr_exact(&t->ipaddr,
960 &asoc->peer.primary_addr)) {
961 sctp_assoc_rm_peer(asoc, t);
962 }
963 }
964}
965
966/* Helper function to set sk_err on a 1-1 style socket. */
967static void sctp_cmd_set_sk_err(struct sctp_association *asoc, int error)
968{
969 struct sock *sk = asoc->base.sk;
970
971 if (!sctp_style(sk, UDP))
972 sk->sk_err = error;
973}
974
975/* Helper function to generate an association change event */
976static void sctp_cmd_assoc_change(sctp_cmd_seq_t *commands,
977 struct sctp_association *asoc,
978 u8 state)
979{
980 struct sctp_ulpevent *ev;
981
982 ev = sctp_ulpevent_make_assoc_change(asoc, 0, state, 0,
983 asoc->c.sinit_num_ostreams,
984 asoc->c.sinit_max_instreams,
985 NULL, GFP_ATOMIC);
986 if (ev)
987 sctp_ulpq_tail_event(&asoc->ulpq, ev);
988}
989
990/* Helper function to generate an adaptation indication event */
991static void sctp_cmd_adaptation_ind(sctp_cmd_seq_t *commands,
992 struct sctp_association *asoc)
993{
994 struct sctp_ulpevent *ev;
995
996 ev = sctp_ulpevent_make_adaptation_indication(asoc, GFP_ATOMIC);
997
998 if (ev)
999 sctp_ulpq_tail_event(&asoc->ulpq, ev);
1000}
1001
1002
1003static void sctp_cmd_t1_timer_update(struct sctp_association *asoc,
1004 sctp_event_timeout_t timer,
1005 char *name)
1006{
1007 struct sctp_transport *t;
1008
1009 t = asoc->init_last_sent_to;
1010 asoc->init_err_counter++;
1011
1012 if (t->init_sent_count > (asoc->init_cycle + 1)) {
1013 asoc->timeouts[timer] *= 2;
1014 if (asoc->timeouts[timer] > asoc->max_init_timeo) {
1015 asoc->timeouts[timer] = asoc->max_init_timeo;
1016 }
1017 asoc->init_cycle++;
1018
1019 pr_debug("%s: T1[%s] timeout adjustment init_err_counter:%d"
1020 " cycle:%d timeout:%ld\n", __func__, name,
1021 asoc->init_err_counter, asoc->init_cycle,
1022 asoc->timeouts[timer]);
1023 }
1024
1025}
1026
1027/* Send the whole message, chunk by chunk, to the outqueue.
1028 * This way the whole message is queued up and bundling if
1029 * encouraged for small fragments.
1030 */
1031static int sctp_cmd_send_msg(struct sctp_association *asoc,
1032 struct sctp_datamsg *msg)
1033{
1034 struct sctp_chunk *chunk;
1035 int error = 0;
1036
1037 list_for_each_entry(chunk, &msg->chunks, frag_list) {
1038 error = sctp_outq_tail(&asoc->outqueue, chunk);
1039 if (error)
1040 break;
1041 }
1042
1043 return error;
1044}
1045
1046
1047/* Sent the next ASCONF packet currently stored in the association.
1048 * This happens after the ASCONF_ACK was succeffully processed.
1049 */
1050static void sctp_cmd_send_asconf(struct sctp_association *asoc)
1051{
1052 struct net *net = sock_net(asoc->base.sk);
1053
1054 /* Send the next asconf chunk from the addip chunk
1055 * queue.
1056 */
1057 if (!list_empty(&asoc->addip_chunk_list)) {
1058 struct list_head *entry = asoc->addip_chunk_list.next;
1059 struct sctp_chunk *asconf = list_entry(entry,
1060 struct sctp_chunk, list);
1061 list_del_init(entry);
1062
1063 /* Hold the chunk until an ASCONF_ACK is received. */
1064 sctp_chunk_hold(asconf);
1065 if (sctp_primitive_ASCONF(net, asoc, asconf))
1066 sctp_chunk_free(asconf);
1067 else
1068 asoc->addip_last_asconf = asconf;
1069 }
1070}
1071
1072
1073/* These three macros allow us to pull the debugging code out of the
1074 * main flow of sctp_do_sm() to keep attention focused on the real
1075 * functionality there.
1076 */
1077#define debug_pre_sfn() \
1078 pr_debug("%s[pre-fn]: ep:%p, %s, %s, asoc:%p[%s], %s\n", __func__, \
1079 ep, sctp_evttype_tbl[event_type], (*debug_fn)(subtype), \
1080 asoc, sctp_state_tbl[state], state_fn->name)
1081
1082#define debug_post_sfn() \
1083 pr_debug("%s[post-fn]: asoc:%p, status:%s\n", __func__, asoc, \
1084 sctp_status_tbl[status])
1085
1086#define debug_post_sfx() \
1087 pr_debug("%s[post-sfx]: error:%d, asoc:%p[%s]\n", __func__, error, \
1088 asoc, sctp_state_tbl[(asoc && sctp_id2assoc(ep->base.sk, \
1089 sctp_assoc2id(asoc))) ? asoc->state : SCTP_STATE_CLOSED])
1090
1091/*
1092 * This is the master state machine processing function.
1093 *
1094 * If you want to understand all of lksctp, this is a
1095 * good place to start.
1096 */
1097int sctp_do_sm(struct net *net, sctp_event_t event_type, sctp_subtype_t subtype,
1098 sctp_state_t state,
1099 struct sctp_endpoint *ep,
1100 struct sctp_association *asoc,
1101 void *event_arg,
1102 gfp_t gfp)
1103{
1104 sctp_cmd_seq_t commands;
1105 const sctp_sm_table_entry_t *state_fn;
1106 sctp_disposition_t status;
1107 int error = 0;
1108 typedef const char *(printfn_t)(sctp_subtype_t);
1109 static printfn_t *table[] = {
1110 NULL, sctp_cname, sctp_tname, sctp_oname, sctp_pname,
1111 };
1112 printfn_t *debug_fn __attribute__ ((unused)) = table[event_type];
1113
1114 /* Look up the state function, run it, and then process the
1115 * side effects. These three steps are the heart of lksctp.
1116 */
1117 state_fn = sctp_sm_lookup_event(net, event_type, state, subtype);
1118
1119 sctp_init_cmd_seq(&commands);
1120
1121 debug_pre_sfn();
1122 status = state_fn->fn(net, ep, asoc, subtype, event_arg, &commands);
1123 debug_post_sfn();
1124
1125 error = sctp_side_effects(event_type, subtype, state,
1126 ep, asoc, event_arg, status,
1127 &commands, gfp);
1128 debug_post_sfx();
1129
1130 return error;
1131}
1132
1133/*****************************************************************
1134 * This the master state function side effect processing function.
1135 *****************************************************************/
1136static int sctp_side_effects(sctp_event_t event_type, sctp_subtype_t subtype,
1137 sctp_state_t state,
1138 struct sctp_endpoint *ep,
1139 struct sctp_association *asoc,
1140 void *event_arg,
1141 sctp_disposition_t status,
1142 sctp_cmd_seq_t *commands,
1143 gfp_t gfp)
1144{
1145 int error;
1146
1147 /* FIXME - Most of the dispositions left today would be categorized
1148 * as "exceptional" dispositions. For those dispositions, it
1149 * may not be proper to run through any of the commands at all.
1150 * For example, the command interpreter might be run only with
1151 * disposition SCTP_DISPOSITION_CONSUME.
1152 */
1153 if (0 != (error = sctp_cmd_interpreter(event_type, subtype, state,
1154 ep, asoc,
1155 event_arg, status,
1156 commands, gfp)))
1157 goto bail;
1158
1159 switch (status) {
1160 case SCTP_DISPOSITION_DISCARD:
1161 pr_debug("%s: ignored sctp protocol event - state:%d, "
1162 "event_type:%d, event_id:%d\n", __func__, state,
1163 event_type, subtype.chunk);
1164 break;
1165
1166 case SCTP_DISPOSITION_NOMEM:
1167 /* We ran out of memory, so we need to discard this
1168 * packet.
1169 */
1170 /* BUG--we should now recover some memory, probably by
1171 * reneging...
1172 */
1173 error = -ENOMEM;
1174 break;
1175
1176 case SCTP_DISPOSITION_DELETE_TCB:
1177 /* This should now be a command. */
1178 break;
1179
1180 case SCTP_DISPOSITION_CONSUME:
1181 case SCTP_DISPOSITION_ABORT:
1182 /*
1183 * We should no longer have much work to do here as the
1184 * real work has been done as explicit commands above.
1185 */
1186 break;
1187
1188 case SCTP_DISPOSITION_VIOLATION:
1189 net_err_ratelimited("protocol violation state %d chunkid %d\n",
1190 state, subtype.chunk);
1191 break;
1192
1193 case SCTP_DISPOSITION_NOT_IMPL:
1194 pr_warn("unimplemented feature in state %d, event_type %d, event_id %d\n",
1195 state, event_type, subtype.chunk);
1196 break;
1197
1198 case SCTP_DISPOSITION_BUG:
1199 pr_err("bug in state %d, event_type %d, event_id %d\n",
1200 state, event_type, subtype.chunk);
1201 BUG();
1202 break;
1203
1204 default:
1205 pr_err("impossible disposition %d in state %d, event_type %d, event_id %d\n",
1206 status, state, event_type, subtype.chunk);
1207 BUG();
1208 break;
1209 }
1210
1211bail:
1212 return error;
1213}
1214
1215/********************************************************************
1216 * 2nd Level Abstractions
1217 ********************************************************************/
1218
1219/* This is the side-effect interpreter. */
1220static int sctp_cmd_interpreter(sctp_event_t event_type,
1221 sctp_subtype_t subtype,
1222 sctp_state_t state,
1223 struct sctp_endpoint *ep,
1224 struct sctp_association *asoc,
1225 void *event_arg,
1226 sctp_disposition_t status,
1227 sctp_cmd_seq_t *commands,
1228 gfp_t gfp)
1229{
1230 int error = 0;
1231 int force;
1232 sctp_cmd_t *cmd;
1233 struct sctp_chunk *new_obj;
1234 struct sctp_chunk *chunk = NULL;
1235 struct sctp_packet *packet;
1236 struct timer_list *timer;
1237 unsigned long timeout;
1238 struct sctp_transport *t;
1239 struct sctp_sackhdr sackh;
1240 int local_cork = 0;
1241
1242 if (SCTP_EVENT_T_TIMEOUT != event_type)
1243 chunk = event_arg;
1244
1245 /* Note: This whole file is a huge candidate for rework.
1246 * For example, each command could either have its own handler, so
1247 * the loop would look like:
1248 * while (cmds)
1249 * cmd->handle(x, y, z)
1250 * --jgrimm
1251 */
1252 while (NULL != (cmd = sctp_next_cmd(commands))) {
1253 switch (cmd->verb) {
1254 case SCTP_CMD_NOP:
1255 /* Do nothing. */
1256 break;
1257
1258 case SCTP_CMD_NEW_ASOC:
1259 /* Register a new association. */
1260 if (local_cork) {
1261 sctp_outq_uncork(&asoc->outqueue);
1262 local_cork = 0;
1263 }
1264
1265 /* Register with the endpoint. */
1266 asoc = cmd->obj.asoc;
1267 BUG_ON(asoc->peer.primary_path == NULL);
1268 sctp_endpoint_add_asoc(ep, asoc);
1269 sctp_hash_established(asoc);
1270 break;
1271
1272 case SCTP_CMD_UPDATE_ASSOC:
1273 sctp_assoc_update(asoc, cmd->obj.asoc);
1274 break;
1275
1276 case SCTP_CMD_PURGE_OUTQUEUE:
1277 sctp_outq_teardown(&asoc->outqueue);
1278 break;
1279
1280 case SCTP_CMD_DELETE_TCB:
1281 if (local_cork) {
1282 sctp_outq_uncork(&asoc->outqueue);
1283 local_cork = 0;
1284 }
1285 /* Delete the current association. */
1286 sctp_cmd_delete_tcb(commands, asoc);
1287 asoc = NULL;
1288 break;
1289
1290 case SCTP_CMD_NEW_STATE:
1291 /* Enter a new state. */
1292 sctp_cmd_new_state(commands, asoc, cmd->obj.state);
1293 break;
1294
1295 case SCTP_CMD_REPORT_TSN:
1296 /* Record the arrival of a TSN. */
1297 error = sctp_tsnmap_mark(&asoc->peer.tsn_map,
1298 cmd->obj.u32, NULL);
1299 break;
1300
1301 case SCTP_CMD_REPORT_FWDTSN:
1302 /* Move the Cumulattive TSN Ack ahead. */
1303 sctp_tsnmap_skip(&asoc->peer.tsn_map, cmd->obj.u32);
1304
1305 /* purge the fragmentation queue */
1306 sctp_ulpq_reasm_flushtsn(&asoc->ulpq, cmd->obj.u32);
1307
1308 /* Abort any in progress partial delivery. */
1309 sctp_ulpq_abort_pd(&asoc->ulpq, GFP_ATOMIC);
1310 break;
1311
1312 case SCTP_CMD_PROCESS_FWDTSN:
1313 sctp_cmd_process_fwdtsn(&asoc->ulpq, cmd->obj.chunk);
1314 break;
1315
1316 case SCTP_CMD_GEN_SACK:
1317 /* Generate a Selective ACK.
1318 * The argument tells us whether to just count
1319 * the packet and MAYBE generate a SACK, or
1320 * force a SACK out.
1321 */
1322 force = cmd->obj.i32;
1323 error = sctp_gen_sack(asoc, force, commands);
1324 break;
1325
1326 case SCTP_CMD_PROCESS_SACK:
1327 /* Process an inbound SACK. */
1328 error = sctp_cmd_process_sack(commands, asoc,
1329 cmd->obj.chunk);
1330 break;
1331
1332 case SCTP_CMD_GEN_INIT_ACK:
1333 /* Generate an INIT ACK chunk. */
1334 new_obj = sctp_make_init_ack(asoc, chunk, GFP_ATOMIC,
1335 0);
1336 if (!new_obj)
1337 goto nomem;
1338
1339 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
1340 SCTP_CHUNK(new_obj));
1341 break;
1342
1343 case SCTP_CMD_PEER_INIT:
1344 /* Process a unified INIT from the peer.
1345 * Note: Only used during INIT-ACK processing. If
1346 * there is an error just return to the outter
1347 * layer which will bail.
1348 */
1349 error = sctp_cmd_process_init(commands, asoc, chunk,
1350 cmd->obj.init, gfp);
1351 break;
1352
1353 case SCTP_CMD_GEN_COOKIE_ECHO:
1354 /* Generate a COOKIE ECHO chunk. */
1355 new_obj = sctp_make_cookie_echo(asoc, chunk);
1356 if (!new_obj) {
1357 if (cmd->obj.chunk)
1358 sctp_chunk_free(cmd->obj.chunk);
1359 goto nomem;
1360 }
1361 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
1362 SCTP_CHUNK(new_obj));
1363
1364 /* If there is an ERROR chunk to be sent along with
1365 * the COOKIE_ECHO, send it, too.
1366 */
1367 if (cmd->obj.chunk)
1368 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
1369 SCTP_CHUNK(cmd->obj.chunk));
1370
1371 if (new_obj->transport) {
1372 new_obj->transport->init_sent_count++;
1373 asoc->init_last_sent_to = new_obj->transport;
1374 }
1375
1376 /* FIXME - Eventually come up with a cleaner way to
1377 * enabling COOKIE-ECHO + DATA bundling during
1378 * multihoming stale cookie scenarios, the following
1379 * command plays with asoc->peer.retran_path to
1380 * avoid the problem of sending the COOKIE-ECHO and
1381 * DATA in different paths, which could result
1382 * in the association being ABORTed if the DATA chunk
1383 * is processed first by the server. Checking the
1384 * init error counter simply causes this command
1385 * to be executed only during failed attempts of
1386 * association establishment.
1387 */
1388 if ((asoc->peer.retran_path !=
1389 asoc->peer.primary_path) &&
1390 (asoc->init_err_counter > 0)) {
1391 sctp_add_cmd_sf(commands,
1392 SCTP_CMD_FORCE_PRIM_RETRAN,
1393 SCTP_NULL());
1394 }
1395
1396 break;
1397
1398 case SCTP_CMD_GEN_SHUTDOWN:
1399 /* Generate SHUTDOWN when in SHUTDOWN_SENT state.
1400 * Reset error counts.
1401 */
1402 asoc->overall_error_count = 0;
1403
1404 /* Generate a SHUTDOWN chunk. */
1405 new_obj = sctp_make_shutdown(asoc, chunk);
1406 if (!new_obj)
1407 goto nomem;
1408 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
1409 SCTP_CHUNK(new_obj));
1410 break;
1411
1412 case SCTP_CMD_CHUNK_ULP:
1413 /* Send a chunk to the sockets layer. */
1414 pr_debug("%s: sm_sideff: chunk_up:%p, ulpq:%p\n",
1415 __func__, cmd->obj.chunk, &asoc->ulpq);
1416
1417 sctp_ulpq_tail_data(&asoc->ulpq, cmd->obj.chunk,
1418 GFP_ATOMIC);
1419 break;
1420
1421 case SCTP_CMD_EVENT_ULP:
1422 /* Send a notification to the sockets layer. */
1423 pr_debug("%s: sm_sideff: event_up:%p, ulpq:%p\n",
1424 __func__, cmd->obj.ulpevent, &asoc->ulpq);
1425
1426 sctp_ulpq_tail_event(&asoc->ulpq, cmd->obj.ulpevent);
1427 break;
1428
1429 case SCTP_CMD_REPLY:
1430 /* If an caller has not already corked, do cork. */
1431 if (!asoc->outqueue.cork) {
1432 sctp_outq_cork(&asoc->outqueue);
1433 local_cork = 1;
1434 }
1435 /* Send a chunk to our peer. */
1436 error = sctp_outq_tail(&asoc->outqueue, cmd->obj.chunk);
1437 break;
1438
1439 case SCTP_CMD_SEND_PKT:
1440 /* Send a full packet to our peer. */
1441 packet = cmd->obj.packet;
1442 sctp_packet_transmit(packet);
1443 sctp_ootb_pkt_free(packet);
1444 break;
1445
1446 case SCTP_CMD_T1_RETRAN:
1447 /* Mark a transport for retransmission. */
1448 sctp_retransmit(&asoc->outqueue, cmd->obj.transport,
1449 SCTP_RTXR_T1_RTX);
1450 break;
1451
1452 case SCTP_CMD_RETRAN:
1453 /* Mark a transport for retransmission. */
1454 sctp_retransmit(&asoc->outqueue, cmd->obj.transport,
1455 SCTP_RTXR_T3_RTX);
1456 break;
1457
1458 case SCTP_CMD_ECN_CE:
1459 /* Do delayed CE processing. */
1460 sctp_do_ecn_ce_work(asoc, cmd->obj.u32);
1461 break;
1462
1463 case SCTP_CMD_ECN_ECNE:
1464 /* Do delayed ECNE processing. */
1465 new_obj = sctp_do_ecn_ecne_work(asoc, cmd->obj.u32,
1466 chunk);
1467 if (new_obj)
1468 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY,
1469 SCTP_CHUNK(new_obj));
1470 break;
1471
1472 case SCTP_CMD_ECN_CWR:
1473 /* Do delayed CWR processing. */
1474 sctp_do_ecn_cwr_work(asoc, cmd->obj.u32);
1475 break;
1476
1477 case SCTP_CMD_SETUP_T2:
1478 sctp_cmd_setup_t2(commands, asoc, cmd->obj.chunk);
1479 break;
1480
1481 case SCTP_CMD_TIMER_START_ONCE:
1482 timer = &asoc->timers[cmd->obj.to];
1483
1484 if (timer_pending(timer))
1485 break;
1486 /* fall through */
1487
1488 case SCTP_CMD_TIMER_START:
1489 timer = &asoc->timers[cmd->obj.to];
1490 timeout = asoc->timeouts[cmd->obj.to];
1491 BUG_ON(!timeout);
1492
1493 timer->expires = jiffies + timeout;
1494 sctp_association_hold(asoc);
1495 add_timer(timer);
1496 break;
1497
1498 case SCTP_CMD_TIMER_RESTART:
1499 timer = &asoc->timers[cmd->obj.to];
1500 timeout = asoc->timeouts[cmd->obj.to];
1501 if (!mod_timer(timer, jiffies + timeout))
1502 sctp_association_hold(asoc);
1503 break;
1504
1505 case SCTP_CMD_TIMER_STOP:
1506 timer = &asoc->timers[cmd->obj.to];
1507 if (del_timer(timer))
1508 sctp_association_put(asoc);
1509 break;
1510
1511 case SCTP_CMD_INIT_CHOOSE_TRANSPORT:
1512 chunk = cmd->obj.chunk;
1513 t = sctp_assoc_choose_alter_transport(asoc,
1514 asoc->init_last_sent_to);
1515 asoc->init_last_sent_to = t;
1516 chunk->transport = t;
1517 t->init_sent_count++;
1518 /* Set the new transport as primary */
1519 sctp_assoc_set_primary(asoc, t);
1520 break;
1521
1522 case SCTP_CMD_INIT_RESTART:
1523 /* Do the needed accounting and updates
1524 * associated with restarting an initialization
1525 * timer. Only multiply the timeout by two if
1526 * all transports have been tried at the current
1527 * timeout.
1528 */
1529 sctp_cmd_t1_timer_update(asoc,
1530 SCTP_EVENT_TIMEOUT_T1_INIT,
1531 "INIT");
1532
1533 sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART,
1534 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
1535 break;
1536
1537 case SCTP_CMD_COOKIEECHO_RESTART:
1538 /* Do the needed accounting and updates
1539 * associated with restarting an initialization
1540 * timer. Only multiply the timeout by two if
1541 * all transports have been tried at the current
1542 * timeout.
1543 */
1544 sctp_cmd_t1_timer_update(asoc,
1545 SCTP_EVENT_TIMEOUT_T1_COOKIE,
1546 "COOKIE");
1547
1548 /* If we've sent any data bundled with
1549 * COOKIE-ECHO we need to resend.
1550 */
1551 list_for_each_entry(t, &asoc->peer.transport_addr_list,
1552 transports) {
1553 sctp_retransmit_mark(&asoc->outqueue, t,
1554 SCTP_RTXR_T1_RTX);
1555 }
1556
1557 sctp_add_cmd_sf(commands,
1558 SCTP_CMD_TIMER_RESTART,
1559 SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE));
1560 break;
1561
1562 case SCTP_CMD_INIT_FAILED:
1563 sctp_cmd_init_failed(commands, asoc, cmd->obj.err);
1564 break;
1565
1566 case SCTP_CMD_ASSOC_FAILED:
1567 sctp_cmd_assoc_failed(commands, asoc, event_type,
1568 subtype, chunk, cmd->obj.err);
1569 break;
1570
1571 case SCTP_CMD_INIT_COUNTER_INC:
1572 asoc->init_err_counter++;
1573 break;
1574
1575 case SCTP_CMD_INIT_COUNTER_RESET:
1576 asoc->init_err_counter = 0;
1577 asoc->init_cycle = 0;
1578 list_for_each_entry(t, &asoc->peer.transport_addr_list,
1579 transports) {
1580 t->init_sent_count = 0;
1581 }
1582 break;
1583
1584 case SCTP_CMD_REPORT_DUP:
1585 sctp_tsnmap_mark_dup(&asoc->peer.tsn_map,
1586 cmd->obj.u32);
1587 break;
1588
1589 case SCTP_CMD_REPORT_BAD_TAG:
1590 pr_debug("%s: vtag mismatch!\n", __func__);
1591 break;
1592
1593 case SCTP_CMD_STRIKE:
1594 /* Mark one strike against a transport. */
1595 sctp_do_8_2_transport_strike(commands, asoc,
1596 cmd->obj.transport, 0);
1597 break;
1598
1599 case SCTP_CMD_TRANSPORT_IDLE:
1600 t = cmd->obj.transport;
1601 sctp_transport_lower_cwnd(t, SCTP_LOWER_CWND_INACTIVE);
1602 break;
1603
1604 case SCTP_CMD_TRANSPORT_HB_SENT:
1605 t = cmd->obj.transport;
1606 sctp_do_8_2_transport_strike(commands, asoc,
1607 t, 1);
1608 t->hb_sent = 1;
1609 break;
1610
1611 case SCTP_CMD_TRANSPORT_ON:
1612 t = cmd->obj.transport;
1613 sctp_cmd_transport_on(commands, asoc, t, chunk);
1614 break;
1615
1616 case SCTP_CMD_HB_TIMERS_START:
1617 sctp_cmd_hb_timers_start(commands, asoc);
1618 break;
1619
1620 case SCTP_CMD_HB_TIMER_UPDATE:
1621 t = cmd->obj.transport;
1622 sctp_cmd_hb_timer_update(commands, t);
1623 break;
1624
1625 case SCTP_CMD_HB_TIMERS_STOP:
1626 sctp_cmd_hb_timers_stop(commands, asoc);
1627 break;
1628
1629 case SCTP_CMD_REPORT_ERROR:
1630 error = cmd->obj.error;
1631 break;
1632
1633 case SCTP_CMD_PROCESS_CTSN:
1634 /* Dummy up a SACK for processing. */
1635 sackh.cum_tsn_ack = cmd->obj.be32;
1636 sackh.a_rwnd = asoc->peer.rwnd +
1637 asoc->outqueue.outstanding_bytes;
1638 sackh.num_gap_ack_blocks = 0;
1639 sackh.num_dup_tsns = 0;
1640 chunk->subh.sack_hdr = &sackh;
1641 sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_SACK,
1642 SCTP_CHUNK(chunk));
1643 break;
1644
1645 case SCTP_CMD_DISCARD_PACKET:
1646 /* We need to discard the whole packet.
1647 * Uncork the queue since there might be
1648 * responses pending
1649 */
1650 chunk->pdiscard = 1;
1651 if (asoc) {
1652 sctp_outq_uncork(&asoc->outqueue);
1653 local_cork = 0;
1654 }
1655 break;
1656
1657 case SCTP_CMD_RTO_PENDING:
1658 t = cmd->obj.transport;
1659 t->rto_pending = 1;
1660 break;
1661
1662 case SCTP_CMD_PART_DELIVER:
1663 sctp_ulpq_partial_delivery(&asoc->ulpq, GFP_ATOMIC);
1664 break;
1665
1666 case SCTP_CMD_RENEGE:
1667 sctp_ulpq_renege(&asoc->ulpq, cmd->obj.chunk,
1668 GFP_ATOMIC);
1669 break;
1670
1671 case SCTP_CMD_SETUP_T4:
1672 sctp_cmd_setup_t4(commands, asoc, cmd->obj.chunk);
1673 break;
1674
1675 case SCTP_CMD_PROCESS_OPERR:
1676 sctp_cmd_process_operr(commands, asoc, chunk);
1677 break;
1678 case SCTP_CMD_CLEAR_INIT_TAG:
1679 asoc->peer.i.init_tag = 0;
1680 break;
1681 case SCTP_CMD_DEL_NON_PRIMARY:
1682 sctp_cmd_del_non_primary(asoc);
1683 break;
1684 case SCTP_CMD_T3_RTX_TIMERS_STOP:
1685 sctp_cmd_t3_rtx_timers_stop(commands, asoc);
1686 break;
1687 case SCTP_CMD_FORCE_PRIM_RETRAN:
1688 t = asoc->peer.retran_path;
1689 asoc->peer.retran_path = asoc->peer.primary_path;
1690 error = sctp_outq_uncork(&asoc->outqueue);
1691 local_cork = 0;
1692 asoc->peer.retran_path = t;
1693 break;
1694 case SCTP_CMD_SET_SK_ERR:
1695 sctp_cmd_set_sk_err(asoc, cmd->obj.error);
1696 break;
1697 case SCTP_CMD_ASSOC_CHANGE:
1698 sctp_cmd_assoc_change(commands, asoc,
1699 cmd->obj.u8);
1700 break;
1701 case SCTP_CMD_ADAPTATION_IND:
1702 sctp_cmd_adaptation_ind(commands, asoc);
1703 break;
1704
1705 case SCTP_CMD_ASSOC_SHKEY:
1706 error = sctp_auth_asoc_init_active_key(asoc,
1707 GFP_ATOMIC);
1708 break;
1709 case SCTP_CMD_UPDATE_INITTAG:
1710 asoc->peer.i.init_tag = cmd->obj.u32;
1711 break;
1712 case SCTP_CMD_SEND_MSG:
1713 if (!asoc->outqueue.cork) {
1714 sctp_outq_cork(&asoc->outqueue);
1715 local_cork = 1;
1716 }
1717 error = sctp_cmd_send_msg(asoc, cmd->obj.msg);
1718 break;
1719 case SCTP_CMD_SEND_NEXT_ASCONF:
1720 sctp_cmd_send_asconf(asoc);
1721 break;
1722 case SCTP_CMD_PURGE_ASCONF_QUEUE:
1723 sctp_asconf_queue_teardown(asoc);
1724 break;
1725
1726 case SCTP_CMD_SET_ASOC:
1727 asoc = cmd->obj.asoc;
1728 break;
1729
1730 default:
1731 pr_warn("Impossible command: %u\n",
1732 cmd->verb);
1733 break;
1734 }
1735
1736 if (error)
1737 break;
1738 }
1739
1740out:
1741 /* If this is in response to a received chunk, wait until
1742 * we are done with the packet to open the queue so that we don't
1743 * send multiple packets in response to a single request.
1744 */
1745 if (asoc && SCTP_EVENT_T_CHUNK == event_type && chunk) {
1746 if (chunk->end_of_packet || chunk->singleton)
1747 error = sctp_outq_uncork(&asoc->outqueue);
1748 } else if (local_cork)
1749 error = sctp_outq_uncork(&asoc->outqueue);
1750 return error;
1751nomem:
1752 error = -ENOMEM;
1753 goto out;
1754}
1755