From fd60718d1742ab8c06c196cb15bab59b0e407083 Mon Sep 17 00:00:00 2001
From: Michael Tuexen <tuexen@FreeBSD.org>
Date: Thu, 12 May 2016 16:34:59 +0000
Subject: [PATCH] Retire net.inet.sctp.strict_sacks and
 net.inet.sctp.strict_data_order sysctl's, since they where only there to
 interop with non-conformant implementations. This should not be a problem
 anymore.

---
 sys/netinet/sctp_indata.c | 148 ++++++++++++++++++--------------------
 sys/netinet/sctp_sysctl.c |   4 --
 sys/netinet/sctp_sysctl.h |  14 ----
 3 files changed, 71 insertions(+), 95 deletions(-)

diff --git a/sys/netinet/sctp_indata.c b/sys/netinet/sctp_indata.c
index cc3770604882..088f5cd7152a 100644
--- a/sys/netinet/sctp_indata.c
+++ b/sys/netinet/sctp_indata.c
@@ -2655,16 +2655,18 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length,
 			case SCTP_STREAM_RESET:
 			case SCTP_FORWARD_CUM_TSN:
 			case SCTP_ASCONF:
-				/*
-				 * Now, what do we do with KNOWN chunks that
-				 * are NOT in the right place?
-				 * 
-				 * For now, I do nothing but ignore them. We
-				 * may later want to add sysctl stuff to
-				 * switch out and do either an ABORT() or
-				 * possibly process them.
-				 */
-				if (SCTP_BASE_SYSCTL(sctp_strict_data_order)) {
+				{
+					/*
+					 * Now, what do we do with KNOWN
+					 * chunks that are NOT in the right
+					 * place?
+					 * 
+					 * For now, I do nothing but ignore
+					 * them. We may later want to add
+					 * sysctl stuff to switch out and do
+					 * either an ABORT() or possibly
+					 * process them.
+					 */
 					struct mbuf *op_err;
 					char msg[SCTP_DIAG_INFO_LEN];
 
@@ -2674,7 +2676,6 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length,
 					sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
 					return (2);
 				}
-				break;
 			default:
 				/* unknown chunk type, use bit rules */
 				if (ch->chunk_type & 0x40) {
@@ -3748,6 +3749,7 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack,
 	int win_probe_recovered = 0;
 	int j, done_once = 0;
 	int rto_ok = 1;
+	uint32_t send_s;
 
 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LOG_SACK_ARRIVALS_ENABLE) {
 		sctp_misc_ints(SCTP_SACK_LOG_EXPRESS, cumack,
@@ -3799,29 +3801,25 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack,
 			(*stcb->asoc.cc_functions.sctp_cwnd_prepare_net_for_sack) (stcb, net);
 		}
 	}
-	if (SCTP_BASE_SYSCTL(sctp_strict_sacks)) {
-		uint32_t send_s;
+	if (!TAILQ_EMPTY(&asoc->sent_queue)) {
+		tp1 = TAILQ_LAST(&asoc->sent_queue,
+		    sctpchunk_listhead);
+		send_s = tp1->rec.data.TSN_seq + 1;
+	} else {
+		send_s = asoc->sending_seq;
+	}
+	if (SCTP_TSN_GE(cumack, send_s)) {
+		struct mbuf *op_err;
+		char msg[SCTP_DIAG_INFO_LEN];
 
-		if (!TAILQ_EMPTY(&asoc->sent_queue)) {
-			tp1 = TAILQ_LAST(&asoc->sent_queue,
-			    sctpchunk_listhead);
-			send_s = tp1->rec.data.TSN_seq + 1;
-		} else {
-			send_s = asoc->sending_seq;
-		}
-		if (SCTP_TSN_GE(cumack, send_s)) {
-			struct mbuf *op_err;
-			char msg[SCTP_DIAG_INFO_LEN];
-
-			*abort_now = 1;
-			/* XXX */
-			snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x",
-			    cumack, send_s);
-			op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
-			stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_21;
-			sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
-			return;
-		}
+		*abort_now = 1;
+		/* XXX */
+		snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x",
+		    cumack, send_s);
+		op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
+		stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_21;
+		sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
+		return;
 	}
 	asoc->this_sack_highest_gap = cumack;
 	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
@@ -4365,40 +4363,38 @@ sctp_handle_sack(struct mbuf *m, int offset_seg, int offset_dup,
 			sctp_log_fr(*dupdata, 0, 0, SCTP_FR_DUPED);
 		}
 	}
-	if (SCTP_BASE_SYSCTL(sctp_strict_sacks)) {
-		/* reality check */
-		if (!TAILQ_EMPTY(&asoc->sent_queue)) {
-			tp1 = TAILQ_LAST(&asoc->sent_queue,
-			    sctpchunk_listhead);
-			send_s = tp1->rec.data.TSN_seq + 1;
-		} else {
-			tp1 = NULL;
-			send_s = asoc->sending_seq;
-		}
-		if (SCTP_TSN_GE(cum_ack, send_s)) {
-			struct mbuf *op_err;
-			char msg[SCTP_DIAG_INFO_LEN];
+	/* reality check */
+	if (!TAILQ_EMPTY(&asoc->sent_queue)) {
+		tp1 = TAILQ_LAST(&asoc->sent_queue,
+		    sctpchunk_listhead);
+		send_s = tp1->rec.data.TSN_seq + 1;
+	} else {
+		tp1 = NULL;
+		send_s = asoc->sending_seq;
+	}
+	if (SCTP_TSN_GE(cum_ack, send_s)) {
+		struct mbuf *op_err;
+		char msg[SCTP_DIAG_INFO_LEN];
 
-			/*
-			 * no way, we have not even sent this TSN out yet.
-			 * Peer is hopelessly messed up with us.
-			 */
-			SCTP_PRINTF("NEW cum_ack:%x send_s:%x is smaller or equal\n",
-			    cum_ack, send_s);
-			if (tp1) {
-				SCTP_PRINTF("Got send_s from tsn:%x + 1 of tp1: %p\n",
-				    tp1->rec.data.TSN_seq, (void *)tp1);
-			}
-	hopeless_peer:
-			*abort_now = 1;
-			/* XXX */
-			snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x",
-			    cum_ack, send_s);
-			op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
-			stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_25;
-			sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
-			return;
+		/*
+		 * no way, we have not even sent this TSN out yet. Peer is
+		 * hopelessly messed up with us.
+		 */
+		SCTP_PRINTF("NEW cum_ack:%x send_s:%x is smaller or equal\n",
+		    cum_ack, send_s);
+		if (tp1) {
+			SCTP_PRINTF("Got send_s from tsn:%x + 1 of tp1: %p\n",
+			    tp1->rec.data.TSN_seq, (void *)tp1);
 		}
+hopeless_peer:
+		*abort_now = 1;
+		/* XXX */
+		snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x",
+		    cum_ack, send_s);
+		op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
+		stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_25;
+		sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
+		return;
 	}
 	/**********************/
 	/* 1) check the range */
@@ -4608,20 +4604,18 @@ sctp_handle_sack(struct mbuf *m, int offset_seg, int offset_dup,
 		    num_seg, num_nr_seg, &rto_ok)) {
 			wake_him++;
 		}
-		if (SCTP_BASE_SYSCTL(sctp_strict_sacks)) {
+		/*
+		 * validate the biggest_tsn_acked in the gap acks if strict
+		 * adherence is wanted.
+		 */
+		if (SCTP_TSN_GE(biggest_tsn_acked, send_s)) {
 			/*
-			 * validate the biggest_tsn_acked in the gap acks if
-			 * strict adherence is wanted.
+			 * peer is either confused or we are under attack.
+			 * We must abort.
 			 */
-			if (SCTP_TSN_GE(biggest_tsn_acked, send_s)) {
-				/*
-				 * peer is either confused or we are under
-				 * attack. We must abort.
-				 */
-				SCTP_PRINTF("Hopeless peer! biggest_tsn_acked:%x largest seq:%x\n",
-				    biggest_tsn_acked, send_s);
-				goto hopeless_peer;
-			}
+			SCTP_PRINTF("Hopeless peer! biggest_tsn_acked:%x largest seq:%x\n",
+			    biggest_tsn_acked, send_s);
+			goto hopeless_peer;
 		}
 	}
 	/*******************************************/
diff --git a/sys/netinet/sctp_sysctl.c b/sys/netinet/sctp_sysctl.c
index 7e38b7847842..aeb2e10418bb 100644
--- a/sys/netinet/sctp_sysctl.c
+++ b/sys/netinet/sctp_sysctl.c
@@ -63,7 +63,6 @@ sctp_init_sysctls()
 	SCTP_BASE_SYSCTL(sctp_reconfig_enable) = SCTPCTL_RECONFIG_ENABLE_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_nrsack_enable) = SCTPCTL_NRSACK_ENABLE_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_pktdrop_enable) = SCTPCTL_PKTDROP_ENABLE_DEFAULT;
-	SCTP_BASE_SYSCTL(sctp_strict_sacks) = SCTPCTL_STRICT_SACKS_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_peer_chunk_oh) = SCTPCTL_PEER_CHKOH_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_max_burst_default) = SCTPCTL_MAXBURST_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_fr_max_burst_default) = SCTPCTL_FRMAXBURST_DEFAULT;
@@ -101,7 +100,6 @@ sctp_init_sysctls()
 	SCTP_BASE_SYSCTL(sctp_do_drain) = SCTPCTL_DO_SCTP_DRAIN_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_hb_maxburst) = SCTPCTL_HB_MAX_BURST_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_abort_if_one_2_one_hits_limit) = SCTPCTL_ABORT_AT_LIMIT_DEFAULT;
-	SCTP_BASE_SYSCTL(sctp_strict_data_order) = SCTPCTL_STRICT_DATA_ORDER_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_min_residual) = SCTPCTL_MIN_RESIDUAL_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_max_retran_chunk) = SCTPCTL_MAX_RETRAN_CHUNK_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_logging_level) = SCTPCTL_LOGGING_LEVEL_DEFAULT;
@@ -881,7 +879,6 @@ SYSCTL_PROC(_net_inet_sctp, OID_AUTO, asconf_enable, CTLFLAG_VNET | CTLTYPE_UINT
 SCTP_UINT_SYSCTL(reconfig_enable, sctp_reconfig_enable, SCTPCTL_RECONFIG_ENABLE)
 SCTP_UINT_SYSCTL(nrsack_enable, sctp_nrsack_enable, SCTPCTL_NRSACK_ENABLE)
 SCTP_UINT_SYSCTL(pktdrop_enable, sctp_pktdrop_enable, SCTPCTL_PKTDROP_ENABLE)
-SCTP_UINT_SYSCTL(strict_sacks, sctp_strict_sacks, SCTPCTL_STRICT_SACKS)
 SCTP_UINT_SYSCTL(peer_chkoh, sctp_peer_chunk_oh, SCTPCTL_PEER_CHKOH)
 SCTP_UINT_SYSCTL(maxburst, sctp_max_burst_default, SCTPCTL_MAXBURST)
 SCTP_UINT_SYSCTL(fr_maxburst, sctp_fr_max_burst_default, SCTPCTL_FRMAXBURST)
@@ -919,7 +916,6 @@ SCTP_UINT_SYSCTL(max_chained_mbufs, sctp_mbuf_threshold_count, SCTPCTL_MAX_CHAIN
 SCTP_UINT_SYSCTL(do_sctp_drain, sctp_do_drain, SCTPCTL_DO_SCTP_DRAIN)
 SCTP_UINT_SYSCTL(hb_max_burst, sctp_hb_maxburst, SCTPCTL_HB_MAX_BURST)
 SCTP_UINT_SYSCTL(abort_at_limit, sctp_abort_if_one_2_one_hits_limit, SCTPCTL_ABORT_AT_LIMIT)
-SCTP_UINT_SYSCTL(strict_data_order, sctp_strict_data_order, SCTPCTL_STRICT_DATA_ORDER)
 SCTP_UINT_SYSCTL(min_residual, sctp_min_residual, SCTPCTL_MIN_RESIDUAL)
 SCTP_UINT_SYSCTL(max_retran_chunk, sctp_max_retran_chunk, SCTPCTL_MAX_RETRAN_CHUNK)
 SCTP_UINT_SYSCTL(log_level, sctp_logging_level, SCTPCTL_LOGGING_LEVEL)
diff --git a/sys/netinet/sctp_sysctl.h b/sys/netinet/sctp_sysctl.h
index 4da47dc59643..959bd1e45a99 100644
--- a/sys/netinet/sctp_sysctl.h
+++ b/sys/netinet/sctp_sysctl.h
@@ -52,7 +52,6 @@ struct sctp_sysctl {
 	uint32_t sctp_nrsack_enable;
 	uint32_t sctp_pktdrop_enable;
 	uint32_t sctp_fr_max_burst_default;
-	uint32_t sctp_strict_sacks;
 	uint32_t sctp_peer_chunk_oh;
 	uint32_t sctp_max_burst_default;
 	uint32_t sctp_max_chunks_on_queue;
@@ -89,7 +88,6 @@ struct sctp_sysctl {
 	uint32_t sctp_do_drain;
 	uint32_t sctp_hb_maxburst;
 	uint32_t sctp_abort_if_one_2_one_hits_limit;
-	uint32_t sctp_strict_data_order;
 	uint32_t sctp_min_residual;
 	uint32_t sctp_max_retran_chunk;
 	uint32_t sctp_logging_level;
@@ -193,12 +191,6 @@ struct sctp_sysctl {
 #define SCTPCTL_PKTDROP_ENABLE_MAX	1
 #define SCTPCTL_PKTDROP_ENABLE_DEFAULT	0
 
-/* strict_sacks: Enable SCTP Strict SACK checking */
-#define SCTPCTL_STRICT_SACKS_DESC	"Enable SCTP Strict SACK checking"
-#define SCTPCTL_STRICT_SACKS_MIN	0
-#define SCTPCTL_STRICT_SACKS_MAX	1
-#define SCTPCTL_STRICT_SACKS_DEFAULT	1
-
 /* loopback_nocsum: Enable NO Csum on packets sent on loopback */
 #define SCTPCTL_LOOPBACK_NOCSUM_DESC	"Enable NO Csum on packets sent on loopback"
 #define SCTPCTL_LOOPBACK_NOCSUM_MIN	0
@@ -428,12 +420,6 @@ struct sctp_sysctl {
 #define SCTPCTL_ABORT_AT_LIMIT_MAX	1
 #define SCTPCTL_ABORT_AT_LIMIT_DEFAULT	0
 
-/* strict_data_order: Enforce strict data ordering, abort if control inside data */
-#define SCTPCTL_STRICT_DATA_ORDER_DESC	"Enforce strict data ordering, abort if control inside data"
-#define SCTPCTL_STRICT_DATA_ORDER_MIN	0
-#define SCTPCTL_STRICT_DATA_ORDER_MAX	1
-#define SCTPCTL_STRICT_DATA_ORDER_DEFAULT	0
-
 /* min_residual: min residual in a data fragment leftover */
 #define SCTPCTL_MIN_RESIDUAL_DESC	"Minimum residual data chunk in second part of split"
 #define SCTPCTL_MIN_RESIDUAL_MIN	20