Commit Graph

247 Commits

Author SHA1 Message Date
Michael Tuexen
63d5b56815 Use a separate MID counter for ordered und unordered messages for each
outgoing stream.

Thanks to Jens Hoelscher for reporting the issue.

MFC after: 1 week
2016-06-08 17:57:42 +00:00
Sepherosa Ziehau
36ad8372d4 net: Use M_HASHTYPE_OPAQUE_HASH if the mbuf flowid has hash properties
Reviewed by:	hps, erj, tuexen
Sponsored by:	Microsoft OSTC
Differential Revision:	https://reviews.freebsd.org/D6688
2016-06-07 04:51:50 +00:00
Pedro F. Giffuni
cd0a4ff6a5 netinet/sctp*: minor spelling fixes in comments.
No functional change.

Reviewed by:	tuexen
2016-05-02 20:56:11 +00:00
Michael Tuexen
ec70917ffa When a client uses UDP encapsulation and lists IP addresses in the INIT
chunk, enable UDP encapsulation for all those addresses.
This helps clients using a userland stack to support multihoming if
they are not behind a NAT.

MFC after: 1 week
2016-05-01 21:48:55 +00:00
Michael Tuexen
7154bf4a41 Add the UDP encaps port as a parameter to sctp_add_remote_addr().
This is currently only a code change without any functional
change. But this allows to set the remote encapsulation port
in a more detailed way, which will be provided in a follow-up
commit.

MFC after: 1 week
2016-04-30 14:25:00 +00:00
Michael Tuexen
98d5fd976b Put panic() calls under INVARIANTS. 2016-04-18 09:29:14 +00:00
Michael Tuexen
24a9e1b53b Remove a left-over debug printf(). 2016-04-18 06:32:24 +00:00
Randall Stewart
44249214d3 This is work done by Michael Tuexen and myself at the IETF. This
adds the new I-Data (Interleaved Data) message. This allows a user
to be able to have complete freedom from Head Of Line blocking that
was previously there due to the in-ability to send multiple large
messages without the TSN's being in sequence. The code as been
tested with Michaels various packet drill scripts as well as
inter-networking between the IETF's location in Argentina and Germany.
2016-04-07 09:10:34 +00:00
Michael Tuexen
5114dccbd4 Trigger sending of queued ASCONF chunks if outstanding ones are ACKED.
MFC after:	1 week
2016-03-28 11:32:20 +00:00
Michael Tuexen
9a8e308861 Improve compilation on windows 64-bit (for the userland stack).
MFC after:	1 week
2016-03-27 10:04:25 +00:00
Michael Tuexen
fdc4c9d067 Add some protection code.
CID:		1331893
MFC after:	3 days
2016-02-18 21:21:45 +00:00
Michael Tuexen
828318e155 Add protection code for issues reported by PVS / D5245.
MFC after:	3 days
2016-02-17 18:12:38 +00:00
Michael Tuexen
3cf729a920 Update the path mtu when turning on/off UDP encapsulation for SCTP.
MFC after: 3 days
2016-01-30 16:56:39 +00:00
Michael Tuexen
ca83f93c09 Don't allow a remote encapsulation port change during the
SCTP restart procedure.

MFC after: 3 days
2016-01-30 12:58:38 +00:00
Michael Tuexen
4edd31fc71 Don't change the remote UDP encapsulation port for SCTP packets
containing an INIT chunk.

MFC after: 3 days
2016-01-30 11:10:22 +00:00
Michael Tuexen
a4cab32319 Remove debug output which was committed by accident.
Thanks to Oliver Pinter for reporting.

MFC after: 3 days
X-MFC with: r294995
2016-01-28 23:12:12 +00:00
Michael Tuexen
79b67faaf6 Always look in the TCP pool.
This fixes issues with a restarting peer when the listening
1-to-1 style socket is closed.

MFC after: 3 days
2016-01-28 16:05:46 +00:00
Michael Tuexen
9ee7a93696 Retire sctp_validate_no_locks().
This routine checks that there are no locks held for an inp,
without having any lock on the inp. This breaks if the inp
goes away when it is called. This happens on stress tests
on a RPi B+.

MFC after:	3 days
2015-12-10 11:49:32 +00:00
Michael Tuexen
c979034b18 Fix the allocation of outgoing streams:
* When processing a cookie, use the number of
  streams announced in the INIT-ACK.
* When sending an INIT-ACK for an existing
  association, use the value from the association,
  not from the end-point.

MFC after:	1 week
2015-12-06 16:17:57 +00:00
Michael Tuexen
a4889f2dd0 Fix a bug where a stream reset request wasn't retranmitted when the
peer indicated "In progress".

MFC after:	1 week
2015-12-04 08:49:27 +00:00
Michael Tuexen
d96bef9c77 Ensure that outgoing streams get reset when they run dry.
MFC after:	1 week
2015-12-03 15:19:29 +00:00
Michael Tuexen
60862d8e48 Adjust the MTU when accepting an SCTP association using
UDP encapsulation.

MFC after:	1 week
2015-12-02 16:29:36 +00:00
Michael Tuexen
3db4ea954e When processing a cookie, any mismatch in port numbers or the vtag results
in failing the check.
This fixes https://github.com/nplab/ETSI-SCTP-Conformance-Testsuite/blob/master/sctp-imh-tests/sctp-imh-i-3-3.pkt

MFC after: 1 week
2015-10-26 21:19:49 +00:00
Michael Tuexen
6e9c45e0ee Use __func__ instead of __FUNCTION__.
This allows to compile the userland stack without errors using gcc5.
Thanks to saghul for makeing me aware and providing the patch.

MFC after: 1 week
2015-10-19 11:17:54 +00:00
Michael Tuexen
30811e70d9 Fix compilation issue introduced in r287717.
Thanks to bz@ for making me aware of it.

MFC after:	1 week
2015-09-12 21:23:24 +00:00
Michael Tuexen
6802b0904f Address a compile warning.
MFC after:	1 week
2015-09-12 18:00:06 +00:00
Michael Tuexen
86eda749af Cleanup the handling of error causes for ERROR chunks. This fixes
an inconsistency of the padding handling. The final padding is
now considered to be a chunk padding.

MFC after:	1 week
2015-09-12 17:08:51 +00:00
Michael Tuexen
e629b9fc56 Ensure that ERROR chunks are always padded by implementing this
in the routine, which queues an ERROR chunk, instead on relyinh
on the callers to do so. Since one caller missed this, this actially
fixes a bug.

MFC after:	1 week
2015-09-11 13:54:33 +00:00
Michael Tuexen
0941640f34 RFC 4960 requires that packets containing an INIT chunk bundled with
another chunk are silently discarded. Do so, instead of sending an
ABORT.

MFC after:	1 week
2015-09-07 14:00:38 +00:00
Michael Tuexen
aa1cfca969 Fix a bug where two SHUTDOWN_ACK chunks were sent if a SHUTDOWN chunk was
received acking all outstanding data.
2015-09-03 22:15:56 +00:00
Michael Tuexen
e7e71dd7f3 Don't take the port numbers for packets containing ABORT chunks from
a freed mbuf. Just use them from the stcb.

MFC after: 3 days
2015-08-02 16:07:30 +00:00
Michael Tuexen
267dbe63a1 Provide consistent error causes whenever an ABORT chunk is sent.
MFC after:	1 week
2015-07-27 22:35:54 +00:00
Randall Stewart
5f98acb594 Fix silly syntax error emacs chugged in for me.. gesh.
MFC after:	3 weeks
2015-07-24 14:13:43 +00:00
Randall Stewart
c616859963 Fix an issue with MAC OS locking and also optimize the case
where we are sending back a stream-reset and a sack timer is running, in
that case we should just send the SACK.

MFC after:	3 weeks
2015-07-24 14:09:03 +00:00
Randall Stewart
7cca17758c Fix several problems with Stream Reset.
1) We were not handling (or sending) the IN_PROGRESS case if
    the other side (or our side) was not able to reset (awaiting more data).
 2) We would improperly send a stream-reset when we should not. Not
    waiting until the TSN had been assigned when data was inqueue.

Reviewed by:	tuexen
2015-07-22 11:30:37 +00:00
Michael Tuexen
5fe29cdf20 Fix a bug related to flow assignment I introduce in
https://svnweb.freebsd.org/base?view=revision&revision=275483

MFC after: 3 days
2015-06-17 19:26:23 +00:00
Michael Tuexen
d089f9b915 Add FIB support for SCTP.
This fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200379

MFC after: 3 days
2015-06-17 15:20:14 +00:00
Michael Tuexen
b7d130befc Fix and cleanup the debug information. This has no user-visible changes.
Thanks to Irene Ruengeler for proving a patch.

MFC after: 3 days
2015-05-28 16:00:23 +00:00
Michael Tuexen
fcbbf5af1d Ensure that the COOKIE-ACK can be sent over UDP if the COOKIE-ECHO was
received over UDP.
Thanks to Felix Weinrank for makeing me aware of the problem and to
Irene Ruengeler for providing the fix.

MFC after: 1 week
2015-05-12 08:08:16 +00:00
Michael Tuexen
59b6d5be4e Add a SCTP socket option to limit the cwnd for each path.
MFC after: 1 month
2015-03-10 19:49:25 +00:00
Xin LI
6a58f0e913 Fix SCTP stream reset vulnerability.
We would like to acknowledge Gerasimos Dimitriadis who reported
the issue and Michael Tuexen who analyzed and provided the
fix.

Security:	FreeBSD-SA-15:03.sctp
Security:	CVE-2014-8613
Submitted by:	tuexen
2015-01-27 19:35:38 +00:00
Michael Tuexen
d6165c1fca Remove an unnecessary check.
Reported by:	Coverity
CID:		749576
MFC after:	1 week
2015-01-18 21:16:22 +00:00
Michael Tuexen
f0dc2113ca Remove dead code.
Reported by:	Coverity
CID:		748663
MFC after:	1 week
2015-01-11 22:49:20 +00:00
Michael Tuexen
4be807c4d6 Minimize the usage of SCTP_BUF_IS_EXTENDED.
This should help Robert...
2015-01-10 20:49:57 +00:00
Michael Tuexen
296d0b9495 Retire SCTP_BUF_EXTEND_SIZE. This patch was suggested by
Robert Watson.
2015-01-10 13:56:26 +00:00
Andrey V. Elsukov
44eb8bbe7b Do not count security policy violation twice.
ipsec*_in_reject() do this by their own.

Obtained from:	Yandex LLC
Sponsored by:	Yandex LLC
2014-12-11 19:20:13 +00:00
Michael Tuexen
39cbb549cc Include the received chunk padding when reporting an unknown chunk.
MFC after: 1 week
2014-12-06 22:57:19 +00:00
Michael Tuexen
457b4b8836 This is the SCTP specific companion of
https://svnweb.freebsd.org/changeset/base/275358
which was provided by Hans Petter Selasky.
2014-12-04 21:17:50 +00:00
Michael Tuexen
4e88d37a2a Do the renaming of sb_cc to sb_ccc in a way with less code changes by
using a macro.
This is an alternate approach to
https://svnweb.freebsd.org/changeset/base/275326
which is easier to handle upstream.

Discussed with: rrs, glebius
2014-12-02 20:29:29 +00:00
Gleb Smirnoff
0f9d0a73a4 Merge from projects/sendfile:
o Introduce a notion of "not ready" mbufs in socket buffers.  These
mbufs are now being populated by some I/O in background and are
referenced outside.  This forces following implications:
- An mbuf which is "not ready" can't be taken out of the buffer.
- An mbuf that is behind a "not ready" in the queue neither.
- If sockbet buffer is flushed, then "not ready" mbufs shouln't be
  freed.

o In struct sockbuf the sb_cc field is split into sb_ccc and sb_acc.
  The sb_ccc stands for ""claimed character count", or "committed
  character count".  And the sb_acc is "available character count".
  Consumers of socket buffer API shouldn't already access them directly,
  but use sbused() and sbavail() respectively.
o Not ready mbufs are marked with M_NOTREADY, and ready but blocked ones
  with M_BLOCKED.
o New field sb_fnrdy points to the first not ready mbuf, to avoid linear
  search.
o New function sbready() is provided to activate certain amount of mbufs
  in a socket buffer.

A special note on SCTP:
  SCTP has its own sockbufs.  Unfortunately, FreeBSD stack doesn't yet
allow protocol specific sockbufs.  Thus, SCTP does some hacks to make
itself compatible with FreeBSD: it manages sockbufs on its own, but keeps
sb_cc updated to inform the stack of amount of data in them.  The new
notion of "not ready" data isn't supported by SCTP.  Instead, only a
mechanical substitute is done: s/sb_cc/sb_ccc/.
  A proper solution would be to take away struct sockbuf from struct
socket and allow protocols to implement their own socket buffers, like
SCTP already does.  This was discussed with rrs@.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2014-11-30 12:52:33 +00:00