1 /* SCTP kernel implementation
2 * (C) Copyright IBM Corp. 2001, 2004
3 * Copyright (c) 1999-2000 Cisco, Inc.
4 * Copyright (c) 1999-2001 Motorola, Inc.
5 * Copyright (c) 2001 Intel Corp.
6 * Copyright (c) 2001 Nokia, Inc.
7 * Copyright (c) 2001 La Monte H.P. Yarroll
8 *
9 * This abstraction carries sctp events to the ULP (sockets).
10 *
11 * This SCTP implementation is free software;
12 * you can redistribute it and/or modify it under the terms of
13 * the GNU General Public License as published by
14 * the Free Software Foundation; either version 2, or (at your option)
15 * any later version.
16 *
17 * This SCTP implementation is distributed in the hope that it
18 * will be useful, but WITHOUT ANY WARRANTY; without even the implied
19 * ************************
20 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
21 * See the GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with GNU CC; see the file COPYING. If not, see
25 * <http://www.gnu.org/licenses/>.
26 *
27 * Please send any bug reports or fixes you make to the
28 * email address(es):
29 * lksctp developers <linux-sctp@vger.kernel.org>
30 *
31 * Written or modified by:
32 * Jon Grimm <jgrimm@us.ibm.com>
33 * La Monte H.P. Yarroll <piggy@acm.org>
34 * Sridhar Samudrala <sri@us.ibm.com>
35 */
36
37 #include <linux/slab.h>
38 #include <linux/types.h>
39 #include <linux/skbuff.h>
40 #include <net/sock.h>
41 #include <net/busy_poll.h>
42 #include <net/sctp/structs.h>
43 #include <net/sctp/sctp.h>
44 #include <net/sctp/sm.h>
45
46 /* Forward declarations for internal helpers. */
47 static struct sctp_ulpevent *sctp_ulpq_reasm(struct sctp_ulpq *ulpq,
48 struct sctp_ulpevent *);
49 static struct sctp_ulpevent *sctp_ulpq_order(struct sctp_ulpq *,
50 struct sctp_ulpevent *);
51 static void sctp_ulpq_reasm_drain(struct sctp_ulpq *ulpq);
52
53 /* 1st Level Abstractions */
54
55 /* Initialize a ULP queue from a block of memory. */
sctp_ulpq_init(struct sctp_ulpq * ulpq,struct sctp_association * asoc)56 struct sctp_ulpq *sctp_ulpq_init(struct sctp_ulpq *ulpq,
57 struct sctp_association *asoc)
58 {
59 memset(ulpq, 0, sizeof(struct sctp_ulpq));
60
61 ulpq->asoc = asoc;
62 skb_queue_head_init(&ulpq->reasm);
63 skb_queue_head_init(&ulpq->reasm_uo);
64 skb_queue_head_init(&ulpq->lobby);
65 ulpq->pd_mode = 0;
66
67 return ulpq;
68 }
69
70
71 /* Flush the reassembly and ordering queues. */
sctp_ulpq_flush(struct sctp_ulpq * ulpq)72 void sctp_ulpq_flush(struct sctp_ulpq *ulpq)
73 {
74 struct sk_buff *skb;
75 struct sctp_ulpevent *event;
76
77 while ((skb = __skb_dequeue(&ulpq->lobby)) != NULL) {
78 event = sctp_skb2event(skb);
79 sctp_ulpevent_free(event);
80 }
81
82 while ((skb = __skb_dequeue(&ulpq->reasm)) != NULL) {
83 event = sctp_skb2event(skb);
84 sctp_ulpevent_free(event);
85 }
86
87 while ((skb = __skb_dequeue(&ulpq->reasm_uo)) != NULL) {
88 event = sctp_skb2event(skb);
89 sctp_ulpevent_free(event);
90 }
91 }
92
93 /* Dispose of a ulpqueue. */
sctp_ulpq_free(struct sctp_ulpq * ulpq)94 void sctp_ulpq_free(struct sctp_ulpq *ulpq)
95 {
96 sctp_ulpq_flush(ulpq);
97 }
98
99 /* Process an incoming DATA chunk. */
sctp_ulpq_tail_data(struct sctp_ulpq * ulpq,struct sctp_chunk * chunk,gfp_t gfp)100 int sctp_ulpq_tail_data(struct sctp_ulpq *ulpq, struct sctp_chunk *chunk,
101 gfp_t gfp)
102 {
103 struct sk_buff_head temp;
104 struct sctp_ulpevent *event;
105 int event_eor = 0;
106
107 /* Create an event from the incoming chunk. */
108 event = sctp_ulpevent_make_rcvmsg(chunk->asoc, chunk, gfp);
109 if (!event)
110 return -ENOMEM;
111
112 event->ssn = ntohs(chunk->subh.data_hdr->ssn);
113 event->ppid = chunk->subh.data_hdr->ppid;
114
115 /* Do reassembly if needed. */
116 event = sctp_ulpq_reasm(ulpq, event);
117
118 /* Do ordering if needed. */
119 if ((event) && (event->msg_flags & MSG_EOR)) {
120 /* Create a temporary list to collect chunks on. */
121 skb_queue_head_init(&temp);
122 __skb_queue_tail(&temp, sctp_event2skb(event));
123
124 event = sctp_ulpq_order(ulpq, event);
125 }
126
127 /* Send event to the ULP. 'event' is the sctp_ulpevent for
128 * very first SKB on the 'temp' list.
129 */
130 if (event) {
131 event_eor = (event->msg_flags & MSG_EOR) ? 1 : 0;
132 sctp_ulpq_tail_event(ulpq, event);
133 }
134
135 return event_eor;
136 }
137
138 /* Add a new event for propagation to the ULP. */
139 /* Clear the partial delivery mode for this socket. Note: This
140 * assumes that no association is currently in partial delivery mode.
141 */
sctp_clear_pd(struct sock * sk,struct sctp_association * asoc)142 int sctp_clear_pd(struct sock *sk, struct sctp_association *asoc)
143 {
144 struct sctp_sock *sp = sctp_sk(sk);
145
146 if (atomic_dec_and_test(&sp->pd_mode)) {
147 /* This means there are no other associations in PD, so
148 * we can go ahead and clear out the lobby in one shot
149 */
150 if (!skb_queue_empty(&sp->pd_lobby)) {
151 skb_queue_splice_tail_init(&sp->pd_lobby,
152 &sk->sk_receive_queue);
153 return 1;
154 }
155 } else {
156 /* There are other associations in PD, so we only need to
157 * pull stuff out of the lobby that belongs to the
158 * associations that is exiting PD (all of its notifications
159 * are posted here).
160 */
161 if (!skb_queue_empty(&sp->pd_lobby) && asoc) {
162 struct sk_buff *skb, *tmp;
163 struct sctp_ulpevent *event;
164
165 sctp_skb_for_each(skb, &sp->pd_lobby, tmp) {
166 event = sctp_skb2event(skb);
167 if (event->asoc == asoc) {
168 __skb_unlink(skb, &sp->pd_lobby);
169 __skb_queue_tail(&sk->sk_receive_queue,
170 skb);
171 }
172 }
173 }
174 }
175
176 return 0;
177 }
178
179 /* Set the pd_mode on the socket and ulpq */
sctp_ulpq_set_pd(struct sctp_ulpq * ulpq)180 static void sctp_ulpq_set_pd(struct sctp_ulpq *ulpq)
181 {
182 struct sctp_sock *sp = sctp_sk(ulpq->asoc->base.sk);
183
184 atomic_inc(&sp->pd_mode);
185 ulpq->pd_mode = 1;
186 }
187
188 /* Clear the pd_mode and restart any pending messages waiting for delivery. */
sctp_ulpq_clear_pd(struct sctp_ulpq * ulpq)189 static int sctp_ulpq_clear_pd(struct sctp_ulpq *ulpq)
190 {
191 ulpq->pd_mode = 0;
192 sctp_ulpq_reasm_drain(ulpq);
193 return sctp_clear_pd(ulpq->asoc->base.sk, ulpq->asoc);
194 }
195
196 /* If the SKB of 'event' is on a list, it is the first such member
197 * of that list.
198 */
sctp_ulpq_tail_event(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)199 int sctp_ulpq_tail_event(struct sctp_ulpq *ulpq, struct sctp_ulpevent *event)
200 {
201 struct sock *sk = ulpq->asoc->base.sk;
202 struct sctp_sock *sp = sctp_sk(sk);
203 struct sk_buff_head *queue, *skb_list;
204 struct sk_buff *skb = sctp_event2skb(event);
205 int clear_pd = 0;
206
207 skb_list = (struct sk_buff_head *) skb->prev;
208
209 /* If the socket is just going to throw this away, do not
210 * even try to deliver it.
211 */
212 if (sk->sk_shutdown & RCV_SHUTDOWN &&
213 (sk->sk_shutdown & SEND_SHUTDOWN ||
214 !sctp_ulpevent_is_notification(event)))
215 goto out_free;
216
217 if (!sctp_ulpevent_is_notification(event)) {
218 sk_mark_napi_id(sk, skb);
219 sk_incoming_cpu_update(sk);
220 }
221 /* Check if the user wishes to receive this event. */
222 if (!sctp_ulpevent_is_enabled(event, &sp->subscribe))
223 goto out_free;
224
225 /* If we are in partial delivery mode, post to the lobby until
226 * partial delivery is cleared, unless, of course _this_ is
227 * the association the cause of the partial delivery.
228 */
229
230 if (atomic_read(&sp->pd_mode) == 0) {
231 queue = &sk->sk_receive_queue;
232 } else {
233 if (ulpq->pd_mode) {
234 /* If the association is in partial delivery, we
235 * need to finish delivering the partially processed
236 * packet before passing any other data. This is
237 * because we don't truly support stream interleaving.
238 */
239 if ((event->msg_flags & MSG_NOTIFICATION) ||
240 (SCTP_DATA_NOT_FRAG ==
241 (event->msg_flags & SCTP_DATA_FRAG_MASK)))
242 queue = &sp->pd_lobby;
243 else {
244 clear_pd = event->msg_flags & MSG_EOR;
245 queue = &sk->sk_receive_queue;
246 }
247 } else {
248 /*
249 * If fragment interleave is enabled, we
250 * can queue this to the receive queue instead
251 * of the lobby.
252 */
253 if (sp->frag_interleave)
254 queue = &sk->sk_receive_queue;
255 else
256 queue = &sp->pd_lobby;
257 }
258 }
259
260 /* If we are harvesting multiple skbs they will be
261 * collected on a list.
262 */
263 if (skb_list)
264 skb_queue_splice_tail_init(skb_list, queue);
265 else
266 __skb_queue_tail(queue, skb);
267
268 /* Did we just complete partial delivery and need to get
269 * rolling again? Move pending data to the receive
270 * queue.
271 */
272 if (clear_pd)
273 sctp_ulpq_clear_pd(ulpq);
274
275 if (queue == &sk->sk_receive_queue && !sp->data_ready_signalled) {
276 if (!sock_owned_by_user(sk))
277 sp->data_ready_signalled = 1;
278 sk->sk_data_ready(sk);
279 }
280 return 1;
281
282 out_free:
283 if (skb_list)
284 sctp_queue_purge_ulpevents(skb_list);
285 else
286 sctp_ulpevent_free(event);
287
288 return 0;
289 }
290
291 /* 2nd Level Abstractions */
292
293 /* Helper function to store chunks that need to be reassembled. */
sctp_ulpq_store_reasm(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)294 static void sctp_ulpq_store_reasm(struct sctp_ulpq *ulpq,
295 struct sctp_ulpevent *event)
296 {
297 struct sk_buff *pos;
298 struct sctp_ulpevent *cevent;
299 __u32 tsn, ctsn;
300
301 tsn = event->tsn;
302
303 /* See if it belongs at the end. */
304 pos = skb_peek_tail(&ulpq->reasm);
305 if (!pos) {
306 __skb_queue_tail(&ulpq->reasm, sctp_event2skb(event));
307 return;
308 }
309
310 /* Short circuit just dropping it at the end. */
311 cevent = sctp_skb2event(pos);
312 ctsn = cevent->tsn;
313 if (TSN_lt(ctsn, tsn)) {
314 __skb_queue_tail(&ulpq->reasm, sctp_event2skb(event));
315 return;
316 }
317
318 /* Find the right place in this list. We store them by TSN. */
319 skb_queue_walk(&ulpq->reasm, pos) {
320 cevent = sctp_skb2event(pos);
321 ctsn = cevent->tsn;
322
323 if (TSN_lt(tsn, ctsn))
324 break;
325 }
326
327 /* Insert before pos. */
328 __skb_queue_before(&ulpq->reasm, pos, sctp_event2skb(event));
329
330 }
331
332 /* Helper function to return an event corresponding to the reassembled
333 * datagram.
334 * This routine creates a re-assembled skb given the first and last skb's
335 * as stored in the reassembly queue. The skb's may be non-linear if the sctp
336 * payload was fragmented on the way and ip had to reassemble them.
337 * We add the rest of skb's to the first skb's fraglist.
338 */
sctp_make_reassembled_event(struct net * net,struct sk_buff_head * queue,struct sk_buff * f_frag,struct sk_buff * l_frag)339 struct sctp_ulpevent *sctp_make_reassembled_event(struct net *net,
340 struct sk_buff_head *queue,
341 struct sk_buff *f_frag,
342 struct sk_buff *l_frag)
343 {
344 struct sk_buff *pos;
345 struct sk_buff *new = NULL;
346 struct sctp_ulpevent *event;
347 struct sk_buff *pnext, *last;
348 struct sk_buff *list = skb_shinfo(f_frag)->frag_list;
349
350 /* Store the pointer to the 2nd skb */
351 if (f_frag == l_frag)
352 pos = NULL;
353 else
354 pos = f_frag->next;
355
356 /* Get the last skb in the f_frag's frag_list if present. */
357 for (last = list; list; last = list, list = list->next)
358 ;
359
360 /* Add the list of remaining fragments to the first fragments
361 * frag_list.
362 */
363 if (last)
364 last->next = pos;
365 else {
366 if (skb_cloned(f_frag)) {
367 /* This is a cloned skb, we can't just modify
368 * the frag_list. We need a new skb to do that.
369 * Instead of calling skb_unshare(), we'll do it
370 * ourselves since we need to delay the free.
371 */
372 new = skb_copy(f_frag, GFP_ATOMIC);
373 if (!new)
374 return NULL; /* try again later */
375
376 sctp_skb_set_owner_r(new, f_frag->sk);
377
378 skb_shinfo(new)->frag_list = pos;
379 } else
380 skb_shinfo(f_frag)->frag_list = pos;
381 }
382
383 /* Remove the first fragment from the reassembly queue. */
384 __skb_unlink(f_frag, queue);
385
386 /* if we did unshare, then free the old skb and re-assign */
387 if (new) {
388 kfree_skb(f_frag);
389 f_frag = new;
390 }
391
392 while (pos) {
393
394 pnext = pos->next;
395
396 /* Update the len and data_len fields of the first fragment. */
397 f_frag->len += pos->len;
398 f_frag->data_len += pos->len;
399
400 /* Remove the fragment from the reassembly queue. */
401 __skb_unlink(pos, queue);
402
403 /* Break if we have reached the last fragment. */
404 if (pos == l_frag)
405 break;
406 pos->next = pnext;
407 pos = pnext;
408 }
409
410 event = sctp_skb2event(f_frag);
411 SCTP_INC_STATS(net, SCTP_MIB_REASMUSRMSGS);
412
413 return event;
414 }
415
416
417 /* Helper function to check if an incoming chunk has filled up the last
418 * missing fragment in a SCTP datagram and return the corresponding event.
419 */
sctp_ulpq_retrieve_reassembled(struct sctp_ulpq * ulpq)420 static struct sctp_ulpevent *sctp_ulpq_retrieve_reassembled(struct sctp_ulpq *ulpq)
421 {
422 struct sk_buff *pos;
423 struct sctp_ulpevent *cevent;
424 struct sk_buff *first_frag = NULL;
425 __u32 ctsn, next_tsn;
426 struct sctp_ulpevent *retval = NULL;
427 struct sk_buff *pd_first = NULL;
428 struct sk_buff *pd_last = NULL;
429 size_t pd_len = 0;
430 struct sctp_association *asoc;
431 u32 pd_point;
432
433 /* Initialized to 0 just to avoid compiler warning message. Will
434 * never be used with this value. It is referenced only after it
435 * is set when we find the first fragment of a message.
436 */
437 next_tsn = 0;
438
439 /* The chunks are held in the reasm queue sorted by TSN.
440 * Walk through the queue sequentially and look for a sequence of
441 * fragmented chunks that complete a datagram.
442 * 'first_frag' and next_tsn are reset when we find a chunk which
443 * is the first fragment of a datagram. Once these 2 fields are set
444 * we expect to find the remaining middle fragments and the last
445 * fragment in order. If not, first_frag is reset to NULL and we
446 * start the next pass when we find another first fragment.
447 *
448 * There is a potential to do partial delivery if user sets
449 * SCTP_PARTIAL_DELIVERY_POINT option. Lets count some things here
450 * to see if can do PD.
451 */
452 skb_queue_walk(&ulpq->reasm, pos) {
453 cevent = sctp_skb2event(pos);
454 ctsn = cevent->tsn;
455
456 switch (cevent->msg_flags & SCTP_DATA_FRAG_MASK) {
457 case SCTP_DATA_FIRST_FRAG:
458 /* If this "FIRST_FRAG" is the first
459 * element in the queue, then count it towards
460 * possible PD.
461 */
462 if (pos == ulpq->reasm.next) {
463 pd_first = pos;
464 pd_last = pos;
465 pd_len = pos->len;
466 } else {
467 pd_first = NULL;
468 pd_last = NULL;
469 pd_len = 0;
470 }
471
472 first_frag = pos;
473 next_tsn = ctsn + 1;
474 break;
475
476 case SCTP_DATA_MIDDLE_FRAG:
477 if ((first_frag) && (ctsn == next_tsn)) {
478 next_tsn++;
479 if (pd_first) {
480 pd_last = pos;
481 pd_len += pos->len;
482 }
483 } else
484 first_frag = NULL;
485 break;
486
487 case SCTP_DATA_LAST_FRAG:
488 if (first_frag && (ctsn == next_tsn))
489 goto found;
490 else
491 first_frag = NULL;
492 break;
493 }
494 }
495
496 asoc = ulpq->asoc;
497 if (pd_first) {
498 /* Make sure we can enter partial deliver.
499 * We can trigger partial delivery only if framgent
500 * interleave is set, or the socket is not already
501 * in partial delivery.
502 */
503 if (!sctp_sk(asoc->base.sk)->frag_interleave &&
504 atomic_read(&sctp_sk(asoc->base.sk)->pd_mode))
505 goto done;
506
507 cevent = sctp_skb2event(pd_first);
508 pd_point = sctp_sk(asoc->base.sk)->pd_point;
509 if (pd_point && pd_point <= pd_len) {
510 retval = sctp_make_reassembled_event(sock_net(asoc->base.sk),
511 &ulpq->reasm,
512 pd_first,
513 pd_last);
514 if (retval)
515 sctp_ulpq_set_pd(ulpq);
516 }
517 }
518 done:
519 return retval;
520 found:
521 retval = sctp_make_reassembled_event(sock_net(ulpq->asoc->base.sk),
522 &ulpq->reasm, first_frag, pos);
523 if (retval)
524 retval->msg_flags |= MSG_EOR;
525 goto done;
526 }
527
528 /* Retrieve the next set of fragments of a partial message. */
sctp_ulpq_retrieve_partial(struct sctp_ulpq * ulpq)529 static struct sctp_ulpevent *sctp_ulpq_retrieve_partial(struct sctp_ulpq *ulpq)
530 {
531 struct sk_buff *pos, *last_frag, *first_frag;
532 struct sctp_ulpevent *cevent;
533 __u32 ctsn, next_tsn;
534 int is_last;
535 struct sctp_ulpevent *retval;
536
537 /* The chunks are held in the reasm queue sorted by TSN.
538 * Walk through the queue sequentially and look for the first
539 * sequence of fragmented chunks.
540 */
541
542 if (skb_queue_empty(&ulpq->reasm))
543 return NULL;
544
545 last_frag = first_frag = NULL;
546 retval = NULL;
547 next_tsn = 0;
548 is_last = 0;
549
550 skb_queue_walk(&ulpq->reasm, pos) {
551 cevent = sctp_skb2event(pos);
552 ctsn = cevent->tsn;
553
554 switch (cevent->msg_flags & SCTP_DATA_FRAG_MASK) {
555 case SCTP_DATA_FIRST_FRAG:
556 if (!first_frag)
557 return NULL;
558 goto done;
559 case SCTP_DATA_MIDDLE_FRAG:
560 if (!first_frag) {
561 first_frag = pos;
562 next_tsn = ctsn + 1;
563 last_frag = pos;
564 } else if (next_tsn == ctsn) {
565 next_tsn++;
566 last_frag = pos;
567 } else
568 goto done;
569 break;
570 case SCTP_DATA_LAST_FRAG:
571 if (!first_frag)
572 first_frag = pos;
573 else if (ctsn != next_tsn)
574 goto done;
575 last_frag = pos;
576 is_last = 1;
577 goto done;
578 default:
579 return NULL;
580 }
581 }
582
583 /* We have the reassembled event. There is no need to look
584 * further.
585 */
586 done:
587 retval = sctp_make_reassembled_event(sock_net(ulpq->asoc->base.sk),
588 &ulpq->reasm, first_frag, last_frag);
589 if (retval && is_last)
590 retval->msg_flags |= MSG_EOR;
591
592 return retval;
593 }
594
595
596 /* Helper function to reassemble chunks. Hold chunks on the reasm queue that
597 * need reassembling.
598 */
sctp_ulpq_reasm(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)599 static struct sctp_ulpevent *sctp_ulpq_reasm(struct sctp_ulpq *ulpq,
600 struct sctp_ulpevent *event)
601 {
602 struct sctp_ulpevent *retval = NULL;
603
604 /* Check if this is part of a fragmented message. */
605 if (SCTP_DATA_NOT_FRAG == (event->msg_flags & SCTP_DATA_FRAG_MASK)) {
606 event->msg_flags |= MSG_EOR;
607 return event;
608 }
609
610 sctp_ulpq_store_reasm(ulpq, event);
611 if (!ulpq->pd_mode)
612 retval = sctp_ulpq_retrieve_reassembled(ulpq);
613 else {
614 __u32 ctsn, ctsnap;
615
616 /* Do not even bother unless this is the next tsn to
617 * be delivered.
618 */
619 ctsn = event->tsn;
620 ctsnap = sctp_tsnmap_get_ctsn(&ulpq->asoc->peer.tsn_map);
621 if (TSN_lte(ctsn, ctsnap))
622 retval = sctp_ulpq_retrieve_partial(ulpq);
623 }
624
625 return retval;
626 }
627
628 /* Retrieve the first part (sequential fragments) for partial delivery. */
sctp_ulpq_retrieve_first(struct sctp_ulpq * ulpq)629 static struct sctp_ulpevent *sctp_ulpq_retrieve_first(struct sctp_ulpq *ulpq)
630 {
631 struct sk_buff *pos, *last_frag, *first_frag;
632 struct sctp_ulpevent *cevent;
633 __u32 ctsn, next_tsn;
634 struct sctp_ulpevent *retval;
635
636 /* The chunks are held in the reasm queue sorted by TSN.
637 * Walk through the queue sequentially and look for a sequence of
638 * fragmented chunks that start a datagram.
639 */
640
641 if (skb_queue_empty(&ulpq->reasm))
642 return NULL;
643
644 last_frag = first_frag = NULL;
645 retval = NULL;
646 next_tsn = 0;
647
648 skb_queue_walk(&ulpq->reasm, pos) {
649 cevent = sctp_skb2event(pos);
650 ctsn = cevent->tsn;
651
652 switch (cevent->msg_flags & SCTP_DATA_FRAG_MASK) {
653 case SCTP_DATA_FIRST_FRAG:
654 if (!first_frag) {
655 first_frag = pos;
656 next_tsn = ctsn + 1;
657 last_frag = pos;
658 } else
659 goto done;
660 break;
661
662 case SCTP_DATA_MIDDLE_FRAG:
663 if (!first_frag)
664 return NULL;
665 if (ctsn == next_tsn) {
666 next_tsn++;
667 last_frag = pos;
668 } else
669 goto done;
670 break;
671
672 case SCTP_DATA_LAST_FRAG:
673 if (!first_frag)
674 return NULL;
675 else
676 goto done;
677 break;
678
679 default:
680 return NULL;
681 }
682 }
683
684 /* We have the reassembled event. There is no need to look
685 * further.
686 */
687 done:
688 retval = sctp_make_reassembled_event(sock_net(ulpq->asoc->base.sk),
689 &ulpq->reasm, first_frag, last_frag);
690 return retval;
691 }
692
693 /*
694 * Flush out stale fragments from the reassembly queue when processing
695 * a Forward TSN.
696 *
697 * RFC 3758, Section 3.6
698 *
699 * After receiving and processing a FORWARD TSN, the data receiver MUST
700 * take cautions in updating its re-assembly queue. The receiver MUST
701 * remove any partially reassembled message, which is still missing one
702 * or more TSNs earlier than or equal to the new cumulative TSN point.
703 * In the event that the receiver has invoked the partial delivery API,
704 * a notification SHOULD also be generated to inform the upper layer API
705 * that the message being partially delivered will NOT be completed.
706 */
sctp_ulpq_reasm_flushtsn(struct sctp_ulpq * ulpq,__u32 fwd_tsn)707 void sctp_ulpq_reasm_flushtsn(struct sctp_ulpq *ulpq, __u32 fwd_tsn)
708 {
709 struct sk_buff *pos, *tmp;
710 struct sctp_ulpevent *event;
711 __u32 tsn;
712
713 if (skb_queue_empty(&ulpq->reasm))
714 return;
715
716 skb_queue_walk_safe(&ulpq->reasm, pos, tmp) {
717 event = sctp_skb2event(pos);
718 tsn = event->tsn;
719
720 /* Since the entire message must be abandoned by the
721 * sender (item A3 in Section 3.5, RFC 3758), we can
722 * free all fragments on the list that are less then
723 * or equal to ctsn_point
724 */
725 if (TSN_lte(tsn, fwd_tsn)) {
726 __skb_unlink(pos, &ulpq->reasm);
727 sctp_ulpevent_free(event);
728 } else
729 break;
730 }
731 }
732
733 /*
734 * Drain the reassembly queue. If we just cleared parted delivery, it
735 * is possible that the reassembly queue will contain already reassembled
736 * messages. Retrieve any such messages and give them to the user.
737 */
sctp_ulpq_reasm_drain(struct sctp_ulpq * ulpq)738 static void sctp_ulpq_reasm_drain(struct sctp_ulpq *ulpq)
739 {
740 struct sctp_ulpevent *event = NULL;
741 struct sk_buff_head temp;
742
743 if (skb_queue_empty(&ulpq->reasm))
744 return;
745
746 while ((event = sctp_ulpq_retrieve_reassembled(ulpq)) != NULL) {
747 /* Do ordering if needed. */
748 if ((event) && (event->msg_flags & MSG_EOR)) {
749 skb_queue_head_init(&temp);
750 __skb_queue_tail(&temp, sctp_event2skb(event));
751
752 event = sctp_ulpq_order(ulpq, event);
753 }
754
755 /* Send event to the ULP. 'event' is the
756 * sctp_ulpevent for very first SKB on the temp' list.
757 */
758 if (event)
759 sctp_ulpq_tail_event(ulpq, event);
760 }
761 }
762
763
764 /* Helper function to gather skbs that have possibly become
765 * ordered by an an incoming chunk.
766 */
sctp_ulpq_retrieve_ordered(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)767 static void sctp_ulpq_retrieve_ordered(struct sctp_ulpq *ulpq,
768 struct sctp_ulpevent *event)
769 {
770 struct sk_buff_head *event_list;
771 struct sk_buff *pos, *tmp;
772 struct sctp_ulpevent *cevent;
773 struct sctp_stream *stream;
774 __u16 sid, csid, cssn;
775
776 sid = event->stream;
777 stream = &ulpq->asoc->stream;
778
779 event_list = (struct sk_buff_head *) sctp_event2skb(event)->prev;
780
781 /* We are holding the chunks by stream, by SSN. */
782 sctp_skb_for_each(pos, &ulpq->lobby, tmp) {
783 cevent = (struct sctp_ulpevent *) pos->cb;
784 csid = cevent->stream;
785 cssn = cevent->ssn;
786
787 /* Have we gone too far? */
788 if (csid > sid)
789 break;
790
791 /* Have we not gone far enough? */
792 if (csid < sid)
793 continue;
794
795 if (cssn != sctp_ssn_peek(stream, in, sid))
796 break;
797
798 /* Found it, so mark in the stream. */
799 sctp_ssn_next(stream, in, sid);
800
801 __skb_unlink(pos, &ulpq->lobby);
802
803 /* Attach all gathered skbs to the event. */
804 __skb_queue_tail(event_list, pos);
805 }
806 }
807
808 /* Helper function to store chunks needing ordering. */
sctp_ulpq_store_ordered(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)809 static void sctp_ulpq_store_ordered(struct sctp_ulpq *ulpq,
810 struct sctp_ulpevent *event)
811 {
812 struct sk_buff *pos;
813 struct sctp_ulpevent *cevent;
814 __u16 sid, csid;
815 __u16 ssn, cssn;
816
817 pos = skb_peek_tail(&ulpq->lobby);
818 if (!pos) {
819 __skb_queue_tail(&ulpq->lobby, sctp_event2skb(event));
820 return;
821 }
822
823 sid = event->stream;
824 ssn = event->ssn;
825
826 cevent = (struct sctp_ulpevent *) pos->cb;
827 csid = cevent->stream;
828 cssn = cevent->ssn;
829 if (sid > csid) {
830 __skb_queue_tail(&ulpq->lobby, sctp_event2skb(event));
831 return;
832 }
833
834 if ((sid == csid) && SSN_lt(cssn, ssn)) {
835 __skb_queue_tail(&ulpq->lobby, sctp_event2skb(event));
836 return;
837 }
838
839 /* Find the right place in this list. We store them by
840 * stream ID and then by SSN.
841 */
842 skb_queue_walk(&ulpq->lobby, pos) {
843 cevent = (struct sctp_ulpevent *) pos->cb;
844 csid = cevent->stream;
845 cssn = cevent->ssn;
846
847 if (csid > sid)
848 break;
849 if (csid == sid && SSN_lt(ssn, cssn))
850 break;
851 }
852
853
854 /* Insert before pos. */
855 __skb_queue_before(&ulpq->lobby, pos, sctp_event2skb(event));
856 }
857
sctp_ulpq_order(struct sctp_ulpq * ulpq,struct sctp_ulpevent * event)858 static struct sctp_ulpevent *sctp_ulpq_order(struct sctp_ulpq *ulpq,
859 struct sctp_ulpevent *event)
860 {
861 __u16 sid, ssn;
862 struct sctp_stream *stream;
863
864 /* Check if this message needs ordering. */
865 if (event->msg_flags & SCTP_DATA_UNORDERED)
866 return event;
867
868 /* Note: The stream ID must be verified before this routine. */
869 sid = event->stream;
870 ssn = event->ssn;
871 stream = &ulpq->asoc->stream;
872
873 /* Is this the expected SSN for this stream ID? */
874 if (ssn != sctp_ssn_peek(stream, in, sid)) {
875 /* We've received something out of order, so find where it
876 * needs to be placed. We order by stream and then by SSN.
877 */
878 sctp_ulpq_store_ordered(ulpq, event);
879 return NULL;
880 }
881
882 /* Mark that the next chunk has been found. */
883 sctp_ssn_next(stream, in, sid);
884
885 /* Go find any other chunks that were waiting for
886 * ordering.
887 */
888 sctp_ulpq_retrieve_ordered(ulpq, event);
889
890 return event;
891 }
892
893 /* Helper function to gather skbs that have possibly become
894 * ordered by forward tsn skipping their dependencies.
895 */
sctp_ulpq_reap_ordered(struct sctp_ulpq * ulpq,__u16 sid)896 static void sctp_ulpq_reap_ordered(struct sctp_ulpq *ulpq, __u16 sid)
897 {
898 struct sk_buff *pos, *tmp;
899 struct sctp_ulpevent *cevent;
900 struct sctp_ulpevent *event;
901 struct sctp_stream *stream;
902 struct sk_buff_head temp;
903 struct sk_buff_head *lobby = &ulpq->lobby;
904 __u16 csid, cssn;
905
906 stream = &ulpq->asoc->stream;
907
908 /* We are holding the chunks by stream, by SSN. */
909 skb_queue_head_init(&temp);
910 event = NULL;
911 sctp_skb_for_each(pos, lobby, tmp) {
912 cevent = (struct sctp_ulpevent *) pos->cb;
913 csid = cevent->stream;
914 cssn = cevent->ssn;
915
916 /* Have we gone too far? */
917 if (csid > sid)
918 break;
919
920 /* Have we not gone far enough? */
921 if (csid < sid)
922 continue;
923
924 /* see if this ssn has been marked by skipping */
925 if (!SSN_lt(cssn, sctp_ssn_peek(stream, in, csid)))
926 break;
927
928 __skb_unlink(pos, lobby);
929 if (!event)
930 /* Create a temporary list to collect chunks on. */
931 event = sctp_skb2event(pos);
932
933 /* Attach all gathered skbs to the event. */
934 __skb_queue_tail(&temp, pos);
935 }
936
937 /* If we didn't reap any data, see if the next expected SSN
938 * is next on the queue and if so, use that.
939 */
940 if (event == NULL && pos != (struct sk_buff *)lobby) {
941 cevent = (struct sctp_ulpevent *) pos->cb;
942 csid = cevent->stream;
943 cssn = cevent->ssn;
944
945 if (csid == sid && cssn == sctp_ssn_peek(stream, in, csid)) {
946 sctp_ssn_next(stream, in, csid);
947 __skb_unlink(pos, lobby);
948 __skb_queue_tail(&temp, pos);
949 event = sctp_skb2event(pos);
950 }
951 }
952
953 /* Send event to the ULP. 'event' is the sctp_ulpevent for
954 * very first SKB on the 'temp' list.
955 */
956 if (event) {
957 /* see if we have more ordered that we can deliver */
958 sctp_ulpq_retrieve_ordered(ulpq, event);
959 sctp_ulpq_tail_event(ulpq, event);
960 }
961 }
962
963 /* Skip over an SSN. This is used during the processing of
964 * Forwared TSN chunk to skip over the abandoned ordered data
965 */
sctp_ulpq_skip(struct sctp_ulpq * ulpq,__u16 sid,__u16 ssn)966 void sctp_ulpq_skip(struct sctp_ulpq *ulpq, __u16 sid, __u16 ssn)
967 {
968 struct sctp_stream *stream;
969
970 /* Note: The stream ID must be verified before this routine. */
971 stream = &ulpq->asoc->stream;
972
973 /* Is this an old SSN? If so ignore. */
974 if (SSN_lt(ssn, sctp_ssn_peek(stream, in, sid)))
975 return;
976
977 /* Mark that we are no longer expecting this SSN or lower. */
978 sctp_ssn_skip(stream, in, sid, ssn);
979
980 /* Go find any other chunks that were waiting for
981 * ordering and deliver them if needed.
982 */
983 sctp_ulpq_reap_ordered(ulpq, sid);
984 }
985
sctp_ulpq_renege_list(struct sctp_ulpq * ulpq,struct sk_buff_head * list,__u16 needed)986 __u16 sctp_ulpq_renege_list(struct sctp_ulpq *ulpq, struct sk_buff_head *list,
987 __u16 needed)
988 {
989 __u16 freed = 0;
990 __u32 tsn, last_tsn;
991 struct sk_buff *skb, *flist, *last;
992 struct sctp_ulpevent *event;
993 struct sctp_tsnmap *tsnmap;
994
995 tsnmap = &ulpq->asoc->peer.tsn_map;
996
997 while ((skb = skb_peek_tail(list)) != NULL) {
998 event = sctp_skb2event(skb);
999 tsn = event->tsn;
1000
1001 /* Don't renege below the Cumulative TSN ACK Point. */
1002 if (TSN_lte(tsn, sctp_tsnmap_get_ctsn(tsnmap)))
1003 break;
1004
1005 /* Events in ordering queue may have multiple fragments
1006 * corresponding to additional TSNs. Sum the total
1007 * freed space; find the last TSN.
1008 */
1009 freed += skb_headlen(skb);
1010 flist = skb_shinfo(skb)->frag_list;
1011 for (last = flist; flist; flist = flist->next) {
1012 last = flist;
1013 freed += skb_headlen(last);
1014 }
1015 if (last)
1016 last_tsn = sctp_skb2event(last)->tsn;
1017 else
1018 last_tsn = tsn;
1019
1020 /* Unlink the event, then renege all applicable TSNs. */
1021 __skb_unlink(skb, list);
1022 sctp_ulpevent_free(event);
1023 while (TSN_lte(tsn, last_tsn)) {
1024 sctp_tsnmap_renege(tsnmap, tsn);
1025 tsn++;
1026 }
1027 if (freed >= needed)
1028 return freed;
1029 }
1030
1031 return freed;
1032 }
1033
1034 /* Renege 'needed' bytes from the ordering queue. */
sctp_ulpq_renege_order(struct sctp_ulpq * ulpq,__u16 needed)1035 static __u16 sctp_ulpq_renege_order(struct sctp_ulpq *ulpq, __u16 needed)
1036 {
1037 return sctp_ulpq_renege_list(ulpq, &ulpq->lobby, needed);
1038 }
1039
1040 /* Renege 'needed' bytes from the reassembly queue. */
sctp_ulpq_renege_frags(struct sctp_ulpq * ulpq,__u16 needed)1041 static __u16 sctp_ulpq_renege_frags(struct sctp_ulpq *ulpq, __u16 needed)
1042 {
1043 return sctp_ulpq_renege_list(ulpq, &ulpq->reasm, needed);
1044 }
1045
1046 /* Partial deliver the first message as there is pressure on rwnd. */
sctp_ulpq_partial_delivery(struct sctp_ulpq * ulpq,gfp_t gfp)1047 void sctp_ulpq_partial_delivery(struct sctp_ulpq *ulpq,
1048 gfp_t gfp)
1049 {
1050 struct sctp_ulpevent *event;
1051 struct sctp_association *asoc;
1052 struct sctp_sock *sp;
1053 __u32 ctsn;
1054 struct sk_buff *skb;
1055
1056 asoc = ulpq->asoc;
1057 sp = sctp_sk(asoc->base.sk);
1058
1059 /* If the association is already in Partial Delivery mode
1060 * we have nothing to do.
1061 */
1062 if (ulpq->pd_mode)
1063 return;
1064
1065 /* Data must be at or below the Cumulative TSN ACK Point to
1066 * start partial delivery.
1067 */
1068 skb = skb_peek(&asoc->ulpq.reasm);
1069 if (skb != NULL) {
1070 ctsn = sctp_skb2event(skb)->tsn;
1071 if (!TSN_lte(ctsn, sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map)))
1072 return;
1073 }
1074
1075 /* If the user enabled fragment interleave socket option,
1076 * multiple associations can enter partial delivery.
1077 * Otherwise, we can only enter partial delivery if the
1078 * socket is not in partial deliver mode.
1079 */
1080 if (sp->frag_interleave || atomic_read(&sp->pd_mode) == 0) {
1081 /* Is partial delivery possible? */
1082 event = sctp_ulpq_retrieve_first(ulpq);
1083 /* Send event to the ULP. */
1084 if (event) {
1085 sctp_ulpq_tail_event(ulpq, event);
1086 sctp_ulpq_set_pd(ulpq);
1087 return;
1088 }
1089 }
1090 }
1091
1092 /* Renege some packets to make room for an incoming chunk. */
sctp_ulpq_renege(struct sctp_ulpq * ulpq,struct sctp_chunk * chunk,gfp_t gfp)1093 void sctp_ulpq_renege(struct sctp_ulpq *ulpq, struct sctp_chunk *chunk,
1094 gfp_t gfp)
1095 {
1096 struct sctp_association *asoc = ulpq->asoc;
1097 __u32 freed = 0;
1098 __u16 needed;
1099
1100 needed = ntohs(chunk->chunk_hdr->length) -
1101 sizeof(struct sctp_data_chunk);
1102
1103 if (skb_queue_empty(&asoc->base.sk->sk_receive_queue)) {
1104 freed = sctp_ulpq_renege_order(ulpq, needed);
1105 if (freed < needed)
1106 freed += sctp_ulpq_renege_frags(ulpq, needed - freed);
1107 }
1108 /* If able to free enough room, accept this chunk. */
1109 if (freed >= needed) {
1110 int retval = sctp_ulpq_tail_data(ulpq, chunk, gfp);
1111 /*
1112 * Enter partial delivery if chunk has not been
1113 * delivered; otherwise, drain the reassembly queue.
1114 */
1115 if (retval <= 0)
1116 sctp_ulpq_partial_delivery(ulpq, gfp);
1117 else if (retval == 1)
1118 sctp_ulpq_reasm_drain(ulpq);
1119 }
1120
1121 sk_mem_reclaim(asoc->base.sk);
1122 }
1123
1124
1125
1126 /* Notify the application if an association is aborted and in
1127 * partial delivery mode. Send up any pending received messages.
1128 */
sctp_ulpq_abort_pd(struct sctp_ulpq * ulpq,gfp_t gfp)1129 void sctp_ulpq_abort_pd(struct sctp_ulpq *ulpq, gfp_t gfp)
1130 {
1131 struct sctp_ulpevent *ev = NULL;
1132 struct sock *sk;
1133 struct sctp_sock *sp;
1134
1135 if (!ulpq->pd_mode)
1136 return;
1137
1138 sk = ulpq->asoc->base.sk;
1139 sp = sctp_sk(sk);
1140 if (sctp_ulpevent_type_enabled(SCTP_PARTIAL_DELIVERY_EVENT,
1141 &sctp_sk(sk)->subscribe))
1142 ev = sctp_ulpevent_make_pdapi(ulpq->asoc,
1143 SCTP_PARTIAL_DELIVERY_ABORTED,
1144 0, 0, 0, gfp);
1145 if (ev)
1146 __skb_queue_tail(&sk->sk_receive_queue, sctp_event2skb(ev));
1147
1148 /* If there is data waiting, send it up the socket now. */
1149 if ((sctp_ulpq_clear_pd(ulpq) || ev) && !sp->data_ready_signalled) {
1150 sp->data_ready_signalled = 1;
1151 sk->sk_data_ready(sk);
1152 }
1153 }
1154