1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* SCTP kernel implementation
3  * Copyright (c) 1999-2000 Cisco, Inc.
4  * Copyright (c) 1999-2001 Motorola, Inc.
5  * Copyright (c) 2001-2003 International Business Machines Corp.
6  * Copyright (c) 2001 Intel Corp.
7  * Copyright (c) 2001 La Monte H.P. Yarroll
8  *
9  * This file is part of the SCTP kernel implementation
10  *
11  * This module provides the abstraction for an SCTP transport representing
12  * a remote transport address.  For local transport addresses, we just use
13  * union sctp_addr.
14  *
15  * Please send any bug reports or fixes you make to the
16  * email address(es):
17  *    lksctp developers <linux-sctp@vger.kernel.org>
18  *
19  * Written or modified by:
20  *    La Monte H.P. Yarroll <piggy@acm.org>
21  *    Karl Knutson          <karl@athena.chicago.il.us>
22  *    Jon Grimm             <jgrimm@us.ibm.com>
23  *    Xingang Guo           <xingang.guo@intel.com>
24  *    Hui Huang             <hui.huang@nokia.com>
25  *    Sridhar Samudrala	    <sri@us.ibm.com>
26  *    Ardelle Fan	    <ardelle.fan@intel.com>
27  */
28 
29 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
30 
31 #include <linux/slab.h>
32 #include <linux/types.h>
33 #include <linux/random.h>
34 #include <net/sctp/sctp.h>
35 #include <net/sctp/sm.h>
36 
37 /* 1st Level Abstractions.  */
38 
39 /* Initialize a new transport from provided memory.  */
sctp_transport_init(struct net * net,struct sctp_transport * peer,const union sctp_addr * addr,gfp_t gfp)40 static struct sctp_transport *sctp_transport_init(struct net *net,
41 						  struct sctp_transport *peer,
42 						  const union sctp_addr *addr,
43 						  gfp_t gfp)
44 {
45 	/* Copy in the address.  */
46 	peer->af_specific = sctp_get_af_specific(addr->sa.sa_family);
47 	memcpy(&peer->ipaddr, addr, peer->af_specific->sockaddr_len);
48 	memset(&peer->saddr, 0, sizeof(union sctp_addr));
49 
50 	peer->sack_generation = 0;
51 
52 	/* From 6.3.1 RTO Calculation:
53 	 *
54 	 * C1) Until an RTT measurement has been made for a packet sent to the
55 	 * given destination transport address, set RTO to the protocol
56 	 * parameter 'RTO.Initial'.
57 	 */
58 	peer->rto = msecs_to_jiffies(net->sctp.rto_initial);
59 
60 	peer->last_time_heard = 0;
61 	peer->last_time_ecne_reduced = jiffies;
62 
63 	peer->param_flags = SPP_HB_DISABLE |
64 			    SPP_PMTUD_ENABLE |
65 			    SPP_SACKDELAY_ENABLE;
66 
67 	/* Initialize the default path max_retrans.  */
68 	peer->pathmaxrxt  = net->sctp.max_retrans_path;
69 	peer->pf_retrans  = net->sctp.pf_retrans;
70 
71 	INIT_LIST_HEAD(&peer->transmitted);
72 	INIT_LIST_HEAD(&peer->send_ready);
73 	INIT_LIST_HEAD(&peer->transports);
74 
75 	timer_setup(&peer->T3_rtx_timer, sctp_generate_t3_rtx_event, 0);
76 	timer_setup(&peer->hb_timer, sctp_generate_heartbeat_event, 0);
77 	timer_setup(&peer->reconf_timer, sctp_generate_reconf_event, 0);
78 	timer_setup(&peer->probe_timer, sctp_generate_probe_event, 0);
79 	timer_setup(&peer->proto_unreach_timer,
80 		    sctp_generate_proto_unreach_event, 0);
81 
82 	/* Initialize the 64-bit random nonce sent with heartbeat. */
83 	get_random_bytes(&peer->hb_nonce, sizeof(peer->hb_nonce));
84 
85 	refcount_set(&peer->refcnt, 1);
86 
87 	return peer;
88 }
89 
90 /* Allocate and initialize a new transport.  */
sctp_transport_new(struct net * net,const union sctp_addr * addr,gfp_t gfp)91 struct sctp_transport *sctp_transport_new(struct net *net,
92 					  const union sctp_addr *addr,
93 					  gfp_t gfp)
94 {
95 	struct sctp_transport *transport;
96 
97 	transport = kzalloc(sizeof(*transport), gfp);
98 	if (!transport)
99 		goto fail;
100 
101 	if (!sctp_transport_init(net, transport, addr, gfp))
102 		goto fail_init;
103 
104 	SCTP_DBG_OBJCNT_INC(transport);
105 
106 	return transport;
107 
108 fail_init:
109 	kfree(transport);
110 
111 fail:
112 	return NULL;
113 }
114 
115 /* This transport is no longer needed.  Free up if possible, or
116  * delay until it last reference count.
117  */
sctp_transport_free(struct sctp_transport * transport)118 void sctp_transport_free(struct sctp_transport *transport)
119 {
120 	/* Try to delete the heartbeat timer.  */
121 	if (del_timer(&transport->hb_timer))
122 		sctp_transport_put(transport);
123 
124 	/* Delete the T3_rtx timer if it's active.
125 	 * There is no point in not doing this now and letting
126 	 * structure hang around in memory since we know
127 	 * the transport is going away.
128 	 */
129 	if (del_timer(&transport->T3_rtx_timer))
130 		sctp_transport_put(transport);
131 
132 	if (del_timer(&transport->reconf_timer))
133 		sctp_transport_put(transport);
134 
135 	if (del_timer(&transport->probe_timer))
136 		sctp_transport_put(transport);
137 
138 	/* Delete the ICMP proto unreachable timer if it's active. */
139 	if (del_timer(&transport->proto_unreach_timer))
140 		sctp_transport_put(transport);
141 
142 	sctp_transport_put(transport);
143 }
144 
sctp_transport_destroy_rcu(struct rcu_head * head)145 static void sctp_transport_destroy_rcu(struct rcu_head *head)
146 {
147 	struct sctp_transport *transport;
148 
149 	transport = container_of(head, struct sctp_transport, rcu);
150 
151 	dst_release(transport->dst);
152 	kfree(transport);
153 	SCTP_DBG_OBJCNT_DEC(transport);
154 }
155 
156 /* Destroy the transport data structure.
157  * Assumes there are no more users of this structure.
158  */
sctp_transport_destroy(struct sctp_transport * transport)159 static void sctp_transport_destroy(struct sctp_transport *transport)
160 {
161 	if (unlikely(refcount_read(&transport->refcnt))) {
162 		WARN(1, "Attempt to destroy undead transport %p!\n", transport);
163 		return;
164 	}
165 
166 	sctp_packet_free(&transport->packet);
167 
168 	if (transport->asoc)
169 		sctp_association_put(transport->asoc);
170 
171 	call_rcu(&transport->rcu, sctp_transport_destroy_rcu);
172 }
173 
174 /* Start T3_rtx timer if it is not already running and update the heartbeat
175  * timer.  This routine is called every time a DATA chunk is sent.
176  */
sctp_transport_reset_t3_rtx(struct sctp_transport * transport)177 void sctp_transport_reset_t3_rtx(struct sctp_transport *transport)
178 {
179 	/* RFC 2960 6.3.2 Retransmission Timer Rules
180 	 *
181 	 * R1) Every time a DATA chunk is sent to any address(including a
182 	 * retransmission), if the T3-rtx timer of that address is not running
183 	 * start it running so that it will expire after the RTO of that
184 	 * address.
185 	 */
186 
187 	if (!timer_pending(&transport->T3_rtx_timer))
188 		if (!mod_timer(&transport->T3_rtx_timer,
189 			       jiffies + transport->rto))
190 			sctp_transport_hold(transport);
191 }
192 
sctp_transport_reset_hb_timer(struct sctp_transport * transport)193 void sctp_transport_reset_hb_timer(struct sctp_transport *transport)
194 {
195 	unsigned long expires;
196 
197 	/* When a data chunk is sent, reset the heartbeat interval.  */
198 	expires = jiffies + sctp_transport_timeout(transport);
199 	if ((time_before(transport->hb_timer.expires, expires) ||
200 	     !timer_pending(&transport->hb_timer)) &&
201 	    !mod_timer(&transport->hb_timer,
202 		       expires + prandom_u32_max(transport->rto)))
203 		sctp_transport_hold(transport);
204 }
205 
sctp_transport_reset_reconf_timer(struct sctp_transport * transport)206 void sctp_transport_reset_reconf_timer(struct sctp_transport *transport)
207 {
208 	if (!timer_pending(&transport->reconf_timer))
209 		if (!mod_timer(&transport->reconf_timer,
210 			       jiffies + transport->rto))
211 			sctp_transport_hold(transport);
212 }
213 
sctp_transport_reset_probe_timer(struct sctp_transport * transport)214 void sctp_transport_reset_probe_timer(struct sctp_transport *transport)
215 {
216 	if (timer_pending(&transport->probe_timer))
217 		return;
218 	if (!mod_timer(&transport->probe_timer,
219 		       jiffies + transport->probe_interval))
220 		sctp_transport_hold(transport);
221 }
222 
223 /* This transport has been assigned to an association.
224  * Initialize fields from the association or from the sock itself.
225  * Register the reference count in the association.
226  */
sctp_transport_set_owner(struct sctp_transport * transport,struct sctp_association * asoc)227 void sctp_transport_set_owner(struct sctp_transport *transport,
228 			      struct sctp_association *asoc)
229 {
230 	transport->asoc = asoc;
231 	sctp_association_hold(asoc);
232 }
233 
234 /* Initialize the pmtu of a transport. */
sctp_transport_pmtu(struct sctp_transport * transport,struct sock * sk)235 void sctp_transport_pmtu(struct sctp_transport *transport, struct sock *sk)
236 {
237 	/* If we don't have a fresh route, look one up */
238 	if (!transport->dst || transport->dst->obsolete) {
239 		sctp_transport_dst_release(transport);
240 		transport->af_specific->get_dst(transport, &transport->saddr,
241 						&transport->fl, sk);
242 	}
243 
244 	if (transport->param_flags & SPP_PMTUD_DISABLE) {
245 		struct sctp_association *asoc = transport->asoc;
246 
247 		if (!transport->pathmtu && asoc && asoc->pathmtu)
248 			transport->pathmtu = asoc->pathmtu;
249 		if (transport->pathmtu)
250 			return;
251 	}
252 
253 	if (transport->dst)
254 		transport->pathmtu = sctp_dst_mtu(transport->dst);
255 	else
256 		transport->pathmtu = SCTP_DEFAULT_MAXSEGMENT;
257 
258 	sctp_transport_pl_update(transport);
259 }
260 
sctp_transport_pl_send(struct sctp_transport * t)261 bool sctp_transport_pl_send(struct sctp_transport *t)
262 {
263 	if (t->pl.probe_count < SCTP_MAX_PROBES)
264 		goto out;
265 
266 	t->pl.last_rtx_chunks = t->asoc->rtx_data_chunks;
267 	t->pl.probe_count = 0;
268 	if (t->pl.state == SCTP_PL_BASE) {
269 		if (t->pl.probe_size == SCTP_BASE_PLPMTU) { /* BASE_PLPMTU Confirmation Failed */
270 			t->pl.state = SCTP_PL_ERROR; /* Base -> Error */
271 
272 			t->pl.pmtu = SCTP_MIN_PLPMTU;
273 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
274 			sctp_assoc_sync_pmtu(t->asoc);
275 		}
276 	} else if (t->pl.state == SCTP_PL_SEARCH) {
277 		if (t->pl.pmtu == t->pl.probe_size) { /* Black Hole Detected */
278 			t->pl.state = SCTP_PL_BASE;  /* Search -> Base */
279 			t->pl.probe_size = SCTP_BASE_PLPMTU;
280 			t->pl.probe_high = 0;
281 
282 			t->pl.pmtu = SCTP_BASE_PLPMTU;
283 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
284 			sctp_assoc_sync_pmtu(t->asoc);
285 		} else { /* Normal probe failure. */
286 			t->pl.probe_high = t->pl.probe_size;
287 			t->pl.probe_size = t->pl.pmtu;
288 		}
289 	} else if (t->pl.state == SCTP_PL_COMPLETE) {
290 		if (t->pl.pmtu == t->pl.probe_size) { /* Black Hole Detected */
291 			t->pl.state = SCTP_PL_BASE;  /* Search Complete -> Base */
292 			t->pl.probe_size = SCTP_BASE_PLPMTU;
293 
294 			t->pl.pmtu = SCTP_BASE_PLPMTU;
295 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
296 			sctp_assoc_sync_pmtu(t->asoc);
297 		}
298 	}
299 
300 out:
301 	if (t->pl.state == SCTP_PL_COMPLETE && t->pl.raise_count < 30 &&
302 	    !t->pl.probe_count && t->pl.last_rtx_chunks == t->asoc->rtx_data_chunks) {
303 		t->pl.raise_count++;
304 		return false;
305 	}
306 
307 	pr_debug("%s: PLPMTUD: transport: %p, state: %d, pmtu: %d, size: %d, high: %d\n",
308 		 __func__, t, t->pl.state, t->pl.pmtu, t->pl.probe_size, t->pl.probe_high);
309 
310 	t->pl.probe_count++;
311 	return true;
312 }
313 
sctp_transport_pl_recv(struct sctp_transport * t)314 bool sctp_transport_pl_recv(struct sctp_transport *t)
315 {
316 	pr_debug("%s: PLPMTUD: transport: %p, state: %d, pmtu: %d, size: %d, high: %d\n",
317 		 __func__, t, t->pl.state, t->pl.pmtu, t->pl.probe_size, t->pl.probe_high);
318 
319 	t->pl.last_rtx_chunks = t->asoc->rtx_data_chunks;
320 	t->pl.pmtu = t->pl.probe_size;
321 	t->pl.probe_count = 0;
322 	if (t->pl.state == SCTP_PL_BASE) {
323 		t->pl.state = SCTP_PL_SEARCH; /* Base -> Search */
324 		t->pl.probe_size += SCTP_PL_BIG_STEP;
325 	} else if (t->pl.state == SCTP_PL_ERROR) {
326 		t->pl.state = SCTP_PL_SEARCH; /* Error -> Search */
327 
328 		t->pl.pmtu = t->pl.probe_size;
329 		t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
330 		sctp_assoc_sync_pmtu(t->asoc);
331 		t->pl.probe_size += SCTP_PL_BIG_STEP;
332 	} else if (t->pl.state == SCTP_PL_SEARCH) {
333 		if (!t->pl.probe_high) {
334 			t->pl.probe_size = min(t->pl.probe_size + SCTP_PL_BIG_STEP,
335 					       SCTP_MAX_PLPMTU);
336 			return false;
337 		}
338 		t->pl.probe_size += SCTP_PL_MIN_STEP;
339 		if (t->pl.probe_size >= t->pl.probe_high) {
340 			t->pl.probe_high = 0;
341 			t->pl.raise_count = 0;
342 			t->pl.state = SCTP_PL_COMPLETE; /* Search -> Search Complete */
343 
344 			t->pl.probe_size = t->pl.pmtu;
345 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
346 			sctp_assoc_sync_pmtu(t->asoc);
347 		}
348 	} else if (t->pl.state == SCTP_PL_COMPLETE && t->pl.raise_count == 30) {
349 		/* Raise probe_size again after 30 * interval in Search Complete */
350 		t->pl.state = SCTP_PL_SEARCH; /* Search Complete -> Search */
351 		t->pl.probe_size += SCTP_PL_MIN_STEP;
352 	}
353 
354 	return t->pl.state == SCTP_PL_COMPLETE;
355 }
356 
sctp_transport_pl_toobig(struct sctp_transport * t,u32 pmtu)357 static bool sctp_transport_pl_toobig(struct sctp_transport *t, u32 pmtu)
358 {
359 	pr_debug("%s: PLPMTUD: transport: %p, state: %d, pmtu: %d, size: %d, ptb: %d\n",
360 		 __func__, t, t->pl.state, t->pl.pmtu, t->pl.probe_size, pmtu);
361 
362 	if (pmtu < SCTP_MIN_PLPMTU || pmtu >= t->pl.probe_size)
363 		return false;
364 
365 	if (t->pl.state == SCTP_PL_BASE) {
366 		if (pmtu >= SCTP_MIN_PLPMTU && pmtu < SCTP_BASE_PLPMTU) {
367 			t->pl.state = SCTP_PL_ERROR; /* Base -> Error */
368 
369 			t->pl.pmtu = SCTP_MIN_PLPMTU;
370 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
371 		}
372 	} else if (t->pl.state == SCTP_PL_SEARCH) {
373 		if (pmtu >= SCTP_BASE_PLPMTU && pmtu < t->pl.pmtu) {
374 			t->pl.state = SCTP_PL_BASE;  /* Search -> Base */
375 			t->pl.probe_size = SCTP_BASE_PLPMTU;
376 			t->pl.probe_count = 0;
377 
378 			t->pl.probe_high = 0;
379 			t->pl.pmtu = SCTP_BASE_PLPMTU;
380 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
381 		} else if (pmtu > t->pl.pmtu && pmtu < t->pl.probe_size) {
382 			t->pl.probe_size = pmtu;
383 			t->pl.probe_count = 0;
384 
385 			return false;
386 		}
387 	} else if (t->pl.state == SCTP_PL_COMPLETE) {
388 		if (pmtu >= SCTP_BASE_PLPMTU && pmtu < t->pl.pmtu) {
389 			t->pl.state = SCTP_PL_BASE;  /* Complete -> Base */
390 			t->pl.probe_size = SCTP_BASE_PLPMTU;
391 			t->pl.probe_count = 0;
392 
393 			t->pl.probe_high = 0;
394 			t->pl.pmtu = SCTP_BASE_PLPMTU;
395 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
396 		}
397 	}
398 
399 	return true;
400 }
401 
sctp_transport_update_pmtu(struct sctp_transport * t,u32 pmtu)402 bool sctp_transport_update_pmtu(struct sctp_transport *t, u32 pmtu)
403 {
404 	struct sock *sk = t->asoc->base.sk;
405 	struct dst_entry *dst;
406 	bool change = true;
407 
408 	if (unlikely(pmtu < SCTP_DEFAULT_MINSEGMENT)) {
409 		pr_warn_ratelimited("%s: Reported pmtu %d too low, using default minimum of %d\n",
410 				    __func__, pmtu, SCTP_DEFAULT_MINSEGMENT);
411 		/* Use default minimum segment instead */
412 		pmtu = SCTP_DEFAULT_MINSEGMENT;
413 	}
414 	pmtu = SCTP_TRUNC4(pmtu);
415 
416 	if (sctp_transport_pl_enabled(t))
417 		return sctp_transport_pl_toobig(t, pmtu - sctp_transport_pl_hlen(t));
418 
419 	dst = sctp_transport_dst_check(t);
420 	if (dst) {
421 		struct sctp_pf *pf = sctp_get_pf_specific(dst->ops->family);
422 		union sctp_addr addr;
423 
424 		pf->af->from_sk(&addr, sk);
425 		pf->to_sk_daddr(&t->ipaddr, sk);
426 		dst->ops->update_pmtu(dst, sk, NULL, pmtu, true);
427 		pf->to_sk_daddr(&addr, sk);
428 
429 		dst = sctp_transport_dst_check(t);
430 	}
431 
432 	if (!dst) {
433 		t->af_specific->get_dst(t, &t->saddr, &t->fl, sk);
434 		dst = t->dst;
435 	}
436 
437 	if (dst) {
438 		/* Re-fetch, as under layers may have a higher minimum size */
439 		pmtu = sctp_dst_mtu(dst);
440 		change = t->pathmtu != pmtu;
441 	}
442 	t->pathmtu = pmtu;
443 
444 	return change;
445 }
446 
447 /* Caches the dst entry and source address for a transport's destination
448  * address.
449  */
sctp_transport_route(struct sctp_transport * transport,union sctp_addr * saddr,struct sctp_sock * opt)450 void sctp_transport_route(struct sctp_transport *transport,
451 			  union sctp_addr *saddr, struct sctp_sock *opt)
452 {
453 	struct sctp_association *asoc = transport->asoc;
454 	struct sctp_af *af = transport->af_specific;
455 
456 	sctp_transport_dst_release(transport);
457 	af->get_dst(transport, saddr, &transport->fl, sctp_opt2sk(opt));
458 
459 	if (saddr)
460 		memcpy(&transport->saddr, saddr, sizeof(union sctp_addr));
461 	else
462 		af->get_saddr(opt, transport, &transport->fl);
463 
464 	sctp_transport_pmtu(transport, sctp_opt2sk(opt));
465 
466 	/* Initialize sk->sk_rcv_saddr, if the transport is the
467 	 * association's active path for getsockname().
468 	 */
469 	if (transport->dst && asoc &&
470 	    (!asoc->peer.primary_path || transport == asoc->peer.active_path))
471 		opt->pf->to_sk_saddr(&transport->saddr, asoc->base.sk);
472 }
473 
474 /* Hold a reference to a transport.  */
sctp_transport_hold(struct sctp_transport * transport)475 int sctp_transport_hold(struct sctp_transport *transport)
476 {
477 	return refcount_inc_not_zero(&transport->refcnt);
478 }
479 
480 /* Release a reference to a transport and clean up
481  * if there are no more references.
482  */
sctp_transport_put(struct sctp_transport * transport)483 void sctp_transport_put(struct sctp_transport *transport)
484 {
485 	if (refcount_dec_and_test(&transport->refcnt))
486 		sctp_transport_destroy(transport);
487 }
488 
489 /* Update transport's RTO based on the newly calculated RTT. */
sctp_transport_update_rto(struct sctp_transport * tp,__u32 rtt)490 void sctp_transport_update_rto(struct sctp_transport *tp, __u32 rtt)
491 {
492 	if (unlikely(!tp->rto_pending))
493 		/* We should not be doing any RTO updates unless rto_pending is set.  */
494 		pr_debug("%s: rto_pending not set on transport %p!\n", __func__, tp);
495 
496 	if (tp->rttvar || tp->srtt) {
497 		struct net *net = tp->asoc->base.net;
498 		/* 6.3.1 C3) When a new RTT measurement R' is made, set
499 		 * RTTVAR <- (1 - RTO.Beta) * RTTVAR + RTO.Beta * |SRTT - R'|
500 		 * SRTT <- (1 - RTO.Alpha) * SRTT + RTO.Alpha * R'
501 		 */
502 
503 		/* Note:  The above algorithm has been rewritten to
504 		 * express rto_beta and rto_alpha as inverse powers
505 		 * of two.
506 		 * For example, assuming the default value of RTO.Alpha of
507 		 * 1/8, rto_alpha would be expressed as 3.
508 		 */
509 		tp->rttvar = tp->rttvar - (tp->rttvar >> net->sctp.rto_beta)
510 			+ (((__u32)abs((__s64)tp->srtt - (__s64)rtt)) >> net->sctp.rto_beta);
511 		tp->srtt = tp->srtt - (tp->srtt >> net->sctp.rto_alpha)
512 			+ (rtt >> net->sctp.rto_alpha);
513 	} else {
514 		/* 6.3.1 C2) When the first RTT measurement R is made, set
515 		 * SRTT <- R, RTTVAR <- R/2.
516 		 */
517 		tp->srtt = rtt;
518 		tp->rttvar = rtt >> 1;
519 	}
520 
521 	/* 6.3.1 G1) Whenever RTTVAR is computed, if RTTVAR = 0, then
522 	 * adjust RTTVAR <- G, where G is the CLOCK GRANULARITY.
523 	 */
524 	if (tp->rttvar == 0)
525 		tp->rttvar = SCTP_CLOCK_GRANULARITY;
526 
527 	/* 6.3.1 C3) After the computation, update RTO <- SRTT + 4 * RTTVAR. */
528 	tp->rto = tp->srtt + (tp->rttvar << 2);
529 
530 	/* 6.3.1 C6) Whenever RTO is computed, if it is less than RTO.Min
531 	 * seconds then it is rounded up to RTO.Min seconds.
532 	 */
533 	if (tp->rto < tp->asoc->rto_min)
534 		tp->rto = tp->asoc->rto_min;
535 
536 	/* 6.3.1 C7) A maximum value may be placed on RTO provided it is
537 	 * at least RTO.max seconds.
538 	 */
539 	if (tp->rto > tp->asoc->rto_max)
540 		tp->rto = tp->asoc->rto_max;
541 
542 	sctp_max_rto(tp->asoc, tp);
543 	tp->rtt = rtt;
544 
545 	/* Reset rto_pending so that a new RTT measurement is started when a
546 	 * new data chunk is sent.
547 	 */
548 	tp->rto_pending = 0;
549 
550 	pr_debug("%s: transport:%p, rtt:%d, srtt:%d rttvar:%d, rto:%ld\n",
551 		 __func__, tp, rtt, tp->srtt, tp->rttvar, tp->rto);
552 }
553 
554 /* This routine updates the transport's cwnd and partial_bytes_acked
555  * parameters based on the bytes acked in the received SACK.
556  */
sctp_transport_raise_cwnd(struct sctp_transport * transport,__u32 sack_ctsn,__u32 bytes_acked)557 void sctp_transport_raise_cwnd(struct sctp_transport *transport,
558 			       __u32 sack_ctsn, __u32 bytes_acked)
559 {
560 	struct sctp_association *asoc = transport->asoc;
561 	__u32 cwnd, ssthresh, flight_size, pba, pmtu;
562 
563 	cwnd = transport->cwnd;
564 	flight_size = transport->flight_size;
565 
566 	/* See if we need to exit Fast Recovery first */
567 	if (asoc->fast_recovery &&
568 	    TSN_lte(asoc->fast_recovery_exit, sack_ctsn))
569 		asoc->fast_recovery = 0;
570 
571 	ssthresh = transport->ssthresh;
572 	pba = transport->partial_bytes_acked;
573 	pmtu = transport->asoc->pathmtu;
574 
575 	if (cwnd <= ssthresh) {
576 		/* RFC 4960 7.2.1
577 		 * o  When cwnd is less than or equal to ssthresh, an SCTP
578 		 *    endpoint MUST use the slow-start algorithm to increase
579 		 *    cwnd only if the current congestion window is being fully
580 		 *    utilized, an incoming SACK advances the Cumulative TSN
581 		 *    Ack Point, and the data sender is not in Fast Recovery.
582 		 *    Only when these three conditions are met can the cwnd be
583 		 *    increased; otherwise, the cwnd MUST not be increased.
584 		 *    If these conditions are met, then cwnd MUST be increased
585 		 *    by, at most, the lesser of 1) the total size of the
586 		 *    previously outstanding DATA chunk(s) acknowledged, and
587 		 *    2) the destination's path MTU.  This upper bound protects
588 		 *    against the ACK-Splitting attack outlined in [SAVAGE99].
589 		 */
590 		if (asoc->fast_recovery)
591 			return;
592 
593 		/* The appropriate cwnd increase algorithm is performed
594 		 * if, and only if the congestion window is being fully
595 		 * utilized.  Note that RFC4960 Errata 3.22 removed the
596 		 * other condition on ctsn moving.
597 		 */
598 		if (flight_size < cwnd)
599 			return;
600 
601 		if (bytes_acked > pmtu)
602 			cwnd += pmtu;
603 		else
604 			cwnd += bytes_acked;
605 
606 		pr_debug("%s: slow start: transport:%p, bytes_acked:%d, "
607 			 "cwnd:%d, ssthresh:%d, flight_size:%d, pba:%d\n",
608 			 __func__, transport, bytes_acked, cwnd, ssthresh,
609 			 flight_size, pba);
610 	} else {
611 		/* RFC 2960 7.2.2 Whenever cwnd is greater than ssthresh,
612 		 * upon each SACK arrival, increase partial_bytes_acked
613 		 * by the total number of bytes of all new chunks
614 		 * acknowledged in that SACK including chunks
615 		 * acknowledged by the new Cumulative TSN Ack and by Gap
616 		 * Ack Blocks. (updated by RFC4960 Errata 3.22)
617 		 *
618 		 * When partial_bytes_acked is greater than cwnd and
619 		 * before the arrival of the SACK the sender had less
620 		 * bytes of data outstanding than cwnd (i.e., before
621 		 * arrival of the SACK, flightsize was less than cwnd),
622 		 * reset partial_bytes_acked to cwnd. (RFC 4960 Errata
623 		 * 3.26)
624 		 *
625 		 * When partial_bytes_acked is equal to or greater than
626 		 * cwnd and before the arrival of the SACK the sender
627 		 * had cwnd or more bytes of data outstanding (i.e.,
628 		 * before arrival of the SACK, flightsize was greater
629 		 * than or equal to cwnd), partial_bytes_acked is reset
630 		 * to (partial_bytes_acked - cwnd). Next, cwnd is
631 		 * increased by MTU. (RFC 4960 Errata 3.12)
632 		 */
633 		pba += bytes_acked;
634 		if (pba > cwnd && flight_size < cwnd)
635 			pba = cwnd;
636 		if (pba >= cwnd && flight_size >= cwnd) {
637 			pba = pba - cwnd;
638 			cwnd += pmtu;
639 		}
640 
641 		pr_debug("%s: congestion avoidance: transport:%p, "
642 			 "bytes_acked:%d, cwnd:%d, ssthresh:%d, "
643 			 "flight_size:%d, pba:%d\n", __func__,
644 			 transport, bytes_acked, cwnd, ssthresh,
645 			 flight_size, pba);
646 	}
647 
648 	transport->cwnd = cwnd;
649 	transport->partial_bytes_acked = pba;
650 }
651 
652 /* This routine is used to lower the transport's cwnd when congestion is
653  * detected.
654  */
sctp_transport_lower_cwnd(struct sctp_transport * transport,enum sctp_lower_cwnd reason)655 void sctp_transport_lower_cwnd(struct sctp_transport *transport,
656 			       enum sctp_lower_cwnd reason)
657 {
658 	struct sctp_association *asoc = transport->asoc;
659 
660 	switch (reason) {
661 	case SCTP_LOWER_CWND_T3_RTX:
662 		/* RFC 2960 Section 7.2.3, sctpimpguide
663 		 * When the T3-rtx timer expires on an address, SCTP should
664 		 * perform slow start by:
665 		 *      ssthresh = max(cwnd/2, 4*MTU)
666 		 *      cwnd = 1*MTU
667 		 *      partial_bytes_acked = 0
668 		 */
669 		transport->ssthresh = max(transport->cwnd/2,
670 					  4*asoc->pathmtu);
671 		transport->cwnd = asoc->pathmtu;
672 
673 		/* T3-rtx also clears fast recovery */
674 		asoc->fast_recovery = 0;
675 		break;
676 
677 	case SCTP_LOWER_CWND_FAST_RTX:
678 		/* RFC 2960 7.2.4 Adjust the ssthresh and cwnd of the
679 		 * destination address(es) to which the missing DATA chunks
680 		 * were last sent, according to the formula described in
681 		 * Section 7.2.3.
682 		 *
683 		 * RFC 2960 7.2.3, sctpimpguide Upon detection of packet
684 		 * losses from SACK (see Section 7.2.4), An endpoint
685 		 * should do the following:
686 		 *      ssthresh = max(cwnd/2, 4*MTU)
687 		 *      cwnd = ssthresh
688 		 *      partial_bytes_acked = 0
689 		 */
690 		if (asoc->fast_recovery)
691 			return;
692 
693 		/* Mark Fast recovery */
694 		asoc->fast_recovery = 1;
695 		asoc->fast_recovery_exit = asoc->next_tsn - 1;
696 
697 		transport->ssthresh = max(transport->cwnd/2,
698 					  4*asoc->pathmtu);
699 		transport->cwnd = transport->ssthresh;
700 		break;
701 
702 	case SCTP_LOWER_CWND_ECNE:
703 		/* RFC 2481 Section 6.1.2.
704 		 * If the sender receives an ECN-Echo ACK packet
705 		 * then the sender knows that congestion was encountered in the
706 		 * network on the path from the sender to the receiver. The
707 		 * indication of congestion should be treated just as a
708 		 * congestion loss in non-ECN Capable TCP. That is, the TCP
709 		 * source halves the congestion window "cwnd" and reduces the
710 		 * slow start threshold "ssthresh".
711 		 * A critical condition is that TCP does not react to
712 		 * congestion indications more than once every window of
713 		 * data (or more loosely more than once every round-trip time).
714 		 */
715 		if (time_after(jiffies, transport->last_time_ecne_reduced +
716 					transport->rtt)) {
717 			transport->ssthresh = max(transport->cwnd/2,
718 						  4*asoc->pathmtu);
719 			transport->cwnd = transport->ssthresh;
720 			transport->last_time_ecne_reduced = jiffies;
721 		}
722 		break;
723 
724 	case SCTP_LOWER_CWND_INACTIVE:
725 		/* RFC 2960 Section 7.2.1, sctpimpguide
726 		 * When the endpoint does not transmit data on a given
727 		 * transport address, the cwnd of the transport address
728 		 * should be adjusted to max(cwnd/2, 4*MTU) per RTO.
729 		 * NOTE: Although the draft recommends that this check needs
730 		 * to be done every RTO interval, we do it every hearbeat
731 		 * interval.
732 		 */
733 		transport->cwnd = max(transport->cwnd/2,
734 					 4*asoc->pathmtu);
735 		/* RFC 4960 Errata 3.27.2: also adjust sshthresh */
736 		transport->ssthresh = transport->cwnd;
737 		break;
738 	}
739 
740 	transport->partial_bytes_acked = 0;
741 
742 	pr_debug("%s: transport:%p, reason:%d, cwnd:%d, ssthresh:%d\n",
743 		 __func__, transport, reason, transport->cwnd,
744 		 transport->ssthresh);
745 }
746 
747 /* Apply Max.Burst limit to the congestion window:
748  * sctpimpguide-05 2.14.2
749  * D) When the time comes for the sender to
750  * transmit new DATA chunks, the protocol parameter Max.Burst MUST
751  * first be applied to limit how many new DATA chunks may be sent.
752  * The limit is applied by adjusting cwnd as follows:
753  * 	if ((flightsize+ Max.Burst * MTU) < cwnd)
754  * 		cwnd = flightsize + Max.Burst * MTU
755  */
756 
sctp_transport_burst_limited(struct sctp_transport * t)757 void sctp_transport_burst_limited(struct sctp_transport *t)
758 {
759 	struct sctp_association *asoc = t->asoc;
760 	u32 old_cwnd = t->cwnd;
761 	u32 max_burst_bytes;
762 
763 	if (t->burst_limited || asoc->max_burst == 0)
764 		return;
765 
766 	max_burst_bytes = t->flight_size + (asoc->max_burst * asoc->pathmtu);
767 	if (max_burst_bytes < old_cwnd) {
768 		t->cwnd = max_burst_bytes;
769 		t->burst_limited = old_cwnd;
770 	}
771 }
772 
773 /* Restore the old cwnd congestion window, after the burst had it's
774  * desired effect.
775  */
sctp_transport_burst_reset(struct sctp_transport * t)776 void sctp_transport_burst_reset(struct sctp_transport *t)
777 {
778 	if (t->burst_limited) {
779 		t->cwnd = t->burst_limited;
780 		t->burst_limited = 0;
781 	}
782 }
783 
784 /* What is the next timeout value for this transport? */
sctp_transport_timeout(struct sctp_transport * trans)785 unsigned long sctp_transport_timeout(struct sctp_transport *trans)
786 {
787 	/* RTO + timer slack +/- 50% of RTO */
788 	unsigned long timeout = trans->rto >> 1;
789 
790 	if (trans->state != SCTP_UNCONFIRMED &&
791 	    trans->state != SCTP_PF)
792 		timeout += trans->hbinterval;
793 
794 	return max_t(unsigned long, timeout, HZ / 5);
795 }
796 
797 /* Reset transport variables to their initial values */
sctp_transport_reset(struct sctp_transport * t)798 void sctp_transport_reset(struct sctp_transport *t)
799 {
800 	struct sctp_association *asoc = t->asoc;
801 
802 	/* RFC 2960 (bis), Section 5.2.4
803 	 * All the congestion control parameters (e.g., cwnd, ssthresh)
804 	 * related to this peer MUST be reset to their initial values
805 	 * (see Section 6.2.1)
806 	 */
807 	t->cwnd = min(4*asoc->pathmtu, max_t(__u32, 2*asoc->pathmtu, 4380));
808 	t->burst_limited = 0;
809 	t->ssthresh = asoc->peer.i.a_rwnd;
810 	t->rto = asoc->rto_initial;
811 	sctp_max_rto(asoc, t);
812 	t->rtt = 0;
813 	t->srtt = 0;
814 	t->rttvar = 0;
815 
816 	/* Reset these additional variables so that we have a clean slate. */
817 	t->partial_bytes_acked = 0;
818 	t->flight_size = 0;
819 	t->error_count = 0;
820 	t->rto_pending = 0;
821 	t->hb_sent = 0;
822 
823 	/* Initialize the state information for SFR-CACC */
824 	t->cacc.changeover_active = 0;
825 	t->cacc.cycling_changeover = 0;
826 	t->cacc.next_tsn_at_change = 0;
827 	t->cacc.cacc_saw_newack = 0;
828 }
829 
830 /* Schedule retransmission on the given transport */
sctp_transport_immediate_rtx(struct sctp_transport * t)831 void sctp_transport_immediate_rtx(struct sctp_transport *t)
832 {
833 	/* Stop pending T3_rtx_timer */
834 	if (del_timer(&t->T3_rtx_timer))
835 		sctp_transport_put(t);
836 
837 	sctp_retransmit(&t->asoc->outqueue, t, SCTP_RTXR_T3_RTX);
838 	if (!timer_pending(&t->T3_rtx_timer)) {
839 		if (!mod_timer(&t->T3_rtx_timer, jiffies + t->rto))
840 			sctp_transport_hold(t);
841 	}
842 }
843 
844 /* Drop dst */
sctp_transport_dst_release(struct sctp_transport * t)845 void sctp_transport_dst_release(struct sctp_transport *t)
846 {
847 	dst_release(t->dst);
848 	t->dst = NULL;
849 	t->dst_pending_confirm = 0;
850 }
851 
852 /* Schedule neighbour confirm */
sctp_transport_dst_confirm(struct sctp_transport * t)853 void sctp_transport_dst_confirm(struct sctp_transport *t)
854 {
855 	t->dst_pending_confirm = 1;
856 }
857