diff options
Diffstat (limited to 'src/vnet/sctp/sctp_input.c')
-rw-r--r-- | src/vnet/sctp/sctp_input.c | 2202 |
1 files changed, 2202 insertions, 0 deletions
diff --git a/src/vnet/sctp/sctp_input.c b/src/vnet/sctp/sctp_input.c new file mode 100644 index 00000000000..4e5ea9194e8 --- /dev/null +++ b/src/vnet/sctp/sctp_input.c @@ -0,0 +1,2202 @@ +/* + * Copyright (c) 2017 SUSE LLC. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include <vppinfra/sparse_vec.h> +#include <vnet/sctp/sctp.h> +#include <vnet/sctp/sctp_packet.h> +#include <vnet/sctp/sctp_debug.h> +#include <vnet/session/session.h> +#include <math.h> + +static char *sctp_error_strings[] = { +#define sctp_error(n,s) s, +#include <vnet/sctp/sctp_error.def> +#undef sctp_error +}; + +/* All SCTP nodes have the same outgoing arcs */ +#define foreach_sctp_state_next \ + _ (DROP, "error-drop") \ + _ (SCTP4_OUTPUT, "sctp4-output") \ + _ (SCTP6_OUTPUT, "sctp6-output") + +typedef enum _sctp_established_phase_next +{ +#define _(s,n) SCTP_ESTABLISHED_PHASE_NEXT_##s, + foreach_sctp_state_next +#undef _ + SCTP_ESTABLISHED_PHASE_N_NEXT, +} sctp_established_phase_next_t; + +typedef enum _sctp_rcv_phase_next +{ +#define _(s,n) SCTP_RCV_PHASE_NEXT_##s, + foreach_sctp_state_next +#undef _ + SCTP_RCV_PHASE_N_NEXT, +} sctp_rcv_phase_next_t; + +typedef enum _sctp_listen_phase_next +{ +#define _(s,n) SCTP_LISTEN_PHASE_NEXT_##s, + foreach_sctp_state_next +#undef _ + SCTP_LISTEN_PHASE_N_NEXT, +} sctp_listen_phase_next_t; + +typedef enum _sctp_shutdown_phase_next +{ +#define _(s,n) SCTP_SHUTDOWN_PHASE_NEXT_##s, + foreach_sctp_state_next +#undef _ + SCTP_SHUTDOWN_PHASE_N_NEXT, +} sctp_shutdown_phase_next_t; + +/* Generic, state independent indices */ +typedef enum _sctp_state_next +{ +#define _(s,n) SCTP_NEXT_##s, + foreach_sctp_state_next +#undef _ + SCTP_STATE_N_NEXT, +} sctp_state_next_t; + +typedef enum _sctp_input_next +{ + SCTP_INPUT_NEXT_DROP, + SCTP_INPUT_NEXT_LISTEN_PHASE, + SCTP_INPUT_NEXT_RCV_PHASE, + SCTP_INPUT_NEXT_ESTABLISHED_PHASE, + SCTP_INPUT_NEXT_SHUTDOWN_PHASE, + SCTP_INPUT_NEXT_PUNT_PHASE, + SCTP_INPUT_N_NEXT +} sctp_input_next_t; + +char * +phase_to_string (u8 phase) +{ + switch (phase) + { + case SCTP_INPUT_NEXT_DROP: + return "SCTP_INPUT_NEXT_DROP"; + case SCTP_INPUT_NEXT_LISTEN_PHASE: + return "SCTP_INPUT_NEXT_LISTEN_PHASE"; + case SCTP_INPUT_NEXT_RCV_PHASE: + return "SCTP_INPUT_NEXT_RCV_PHASE"; + case SCTP_INPUT_NEXT_ESTABLISHED_PHASE: + return "SCTP_INPUT_NEXT_ESTABLISHED_PHASE"; + case SCTP_INPUT_NEXT_SHUTDOWN_PHASE: + return "SCTP_INPUT_NEXT_SHUTDOWN_PHASE"; + case SCTP_INPUT_NEXT_PUNT_PHASE: + return "SCTP_INPUT_NEXT_PUNT_PHASE"; + } + return NULL; +} + +#define foreach_sctp4_input_next \ + _ (DROP, "error-drop") \ + _ (RCV_PHASE, "sctp4-rcv") \ + _ (LISTEN_PHASE, "sctp4-listen") \ + _ (ESTABLISHED_PHASE, "sctp4-established") \ + _ (SHUTDOWN_PHASE, "sctp4-shutdown") \ + _ (PUNT_PHASE, "ip4-punt") + + +#define foreach_sctp6_input_next \ + _ (DROP, "error-drop") \ + _ (RCV_PHASE, "sctp6-rcv") \ + _ (LISTEN_PHASE, "sctp6-listen") \ + _ (ESTABLISHED_PHASE, "sctp6-established") \ + _ (SHUTDOWN_PHASE, "sctp6-shutdown") \ + _ (PUNT_PHASE, "ip6-punt") + +static u8 +sctp_lookup_is_valid (transport_connection_t * t_conn, + sctp_header_t * sctp_hdr) +{ + sctp_connection_t *sctp_conn = sctp_get_connection_from_transport (t_conn); + + if (!sctp_conn) + return 1; + + u8 is_valid = (t_conn->lcl_port == sctp_hdr->dst_port + && (sctp_conn->state == SCTP_STATE_CLOSED + || t_conn->rmt_port == sctp_hdr->src_port)); + + return is_valid; +} + +/** + * Lookup transport connection + */ +static sctp_connection_t * +sctp_lookup_connection (u32 fib_index, vlib_buffer_t * b, u8 thread_index, + u8 is_ip4) +{ + sctp_main_t *tm = vnet_get_sctp_main (); + sctp_header_t *sctp_hdr; + transport_connection_t *tconn; + sctp_connection_t *sctp_conn; + u8 is_filtered, i; + if (is_ip4) + { + ip4_header_t *ip4_hdr; + ip4_hdr = vlib_buffer_get_current (b); + sctp_hdr = ip4_next_header (ip4_hdr); + tconn = session_lookup_connection_wt4 (fib_index, + &ip4_hdr->dst_address, + &ip4_hdr->src_address, + sctp_hdr->dst_port, + sctp_hdr->src_port, + TRANSPORT_PROTO_SCTP, + thread_index, &is_filtered); + if (tconn == 0) /* Not primary connection */ + { + for (i = 0; i < MAX_SCTP_CONNECTIONS; i++) + { + if ((tm->connections[thread_index]->sub_conn[i]. + connection.lcl_ip.ip4.as_u32 == + ip4_hdr->dst_address.as_u32) + && (tm->connections[thread_index]->sub_conn[i]. + connection.rmt_ip.ip4.as_u32 == + ip4_hdr->src_address.as_u32)) + { + tconn = + &tm->connections[thread_index]->sub_conn[i].connection; + break; + } + } + } + ASSERT (tconn != 0); + ASSERT (sctp_lookup_is_valid (tconn, sctp_hdr)); + } + else + { + ip6_header_t *ip6_hdr; + ip6_hdr = vlib_buffer_get_current (b); + sctp_hdr = ip6_next_header (ip6_hdr); + tconn = session_lookup_connection_wt6 (fib_index, + &ip6_hdr->dst_address, + &ip6_hdr->src_address, + sctp_hdr->dst_port, + sctp_hdr->src_port, + TRANSPORT_PROTO_SCTP, + thread_index, &is_filtered); + if (tconn == 0) /* Not primary connection */ + { + for (i = 0; i < MAX_SCTP_CONNECTIONS; i++) + { + if ((tm->connections[thread_index]->sub_conn[i]. + connection.lcl_ip.ip6.as_u64[0] == + ip6_hdr->dst_address.as_u64[0] + && tm->connections[thread_index]->sub_conn[i]. + connection.lcl_ip.ip6.as_u64[1] == + ip6_hdr->dst_address.as_u64[1]) + && (tm->connections[thread_index]->sub_conn[i]. + connection.rmt_ip.ip6.as_u64[0] == + ip6_hdr->src_address.as_u64[0] + && tm->connections[thread_index]-> + sub_conn[i].connection.rmt_ip.ip6.as_u64[1] == + ip6_hdr->src_address.as_u64[1])) + { + tconn = + &tm->connections[thread_index]->sub_conn[i].connection; + break; + } + } + } + ASSERT (tconn != 0); + ASSERT (sctp_lookup_is_valid (tconn, sctp_hdr)); + } + sctp_conn = sctp_get_connection_from_transport (tconn); + return sctp_conn; +} + +typedef struct +{ + sctp_header_t sctp_header; + sctp_connection_t sctp_connection; +} sctp_rx_trace_t; + +#define sctp_next_output(is_ip4) (is_ip4 ? SCTP_NEXT_SCTP4_OUTPUT \ + : SCTP_NEXT_SCTP6_OUTPUT) + + +void +sctp_set_rx_trace_data (sctp_rx_trace_t * rx_trace, + sctp_connection_t * sctp_conn, + sctp_header_t * sctp_hdr, vlib_buffer_t * b0, + u8 is_ip4) +{ + if (sctp_conn) + { + clib_memcpy (&rx_trace->sctp_connection, sctp_conn, + sizeof (rx_trace->sctp_connection)); + } + else + { + sctp_hdr = sctp_buffer_hdr (b0); + } + clib_memcpy (&rx_trace->sctp_header, sctp_hdr, + sizeof (rx_trace->sctp_header)); +} + +always_inline u16 +sctp_calculate_implied_length (ip4_header_t * ip4_hdr, ip6_header_t * ip6_hdr, + int is_ip4) +{ + u16 sctp_implied_packet_length = 0; + + if (is_ip4) + sctp_implied_packet_length = + clib_net_to_host_u16 (ip4_hdr->length) - ip4_header_bytes (ip4_hdr); + else + sctp_implied_packet_length = + clib_net_to_host_u16 (ip6_hdr->payload_length) - sizeof (ip6_hdr); + + return sctp_implied_packet_length; +} + +always_inline u8 +sctp_is_bundling (u16 sctp_implied_length, + sctp_chunks_common_hdr_t * sctp_common_hdr) +{ + if (sctp_implied_length != + sizeof (sctp_header_t) + vnet_sctp_get_chunk_length (sctp_common_hdr)) + return 1; + return 0; +} + +always_inline u16 +sctp_handle_init (sctp_header_t * sctp_hdr, + sctp_chunks_common_hdr_t * sctp_chunk_hdr, + sctp_connection_t * sctp_conn, vlib_buffer_t * b0, + u16 sctp_implied_length) +{ + sctp_init_chunk_t *init_chunk = (sctp_init_chunk_t *) (sctp_hdr); + ip4_address_t *ip4_addr = 0; + ip6_address_t *ip6_addr = 0; + char hostname[FQDN_MAX_LENGTH]; + + /* Check the current state of the connection + * + * The logic required by the RFC4960 Section 5.2.2 is already taken care of + * in the code below and by the "sctp_prepare_initack_chunk" function. + * However, for debugging purposes it is nice to have a message printed out + * for these corner-case scenarios. + */ + if (sctp_conn->state != SCTP_STATE_CLOSED) + { /* UNEXPECTED scenario */ + switch (sctp_conn->state) + { + case SCTP_STATE_COOKIE_WAIT: /* TODO */ + SCTP_ADV_DBG ("Received INIT chunk while in COOKIE_WAIT state"); + break; + case SCTP_STATE_COOKIE_ECHOED: /* TODO */ + SCTP_ADV_DBG ("Received INIT chunk while in COOKIE_ECHOED state"); + break; + } + } + + if (sctp_hdr->verification_tag != 0x0) + return SCTP_ERROR_INVALID_TAG_FOR_INIT; + + /* + * It is not possible to bundle any other CHUNK with the INIT chunk + */ + if (sctp_is_bundling (sctp_implied_length, &init_chunk->chunk_hdr)) + return SCTP_ERROR_BUNDLING_VIOLATION; + + /* Save the INITIATE_TAG of the remote peer for this connection: + * it MUST be used for the VERIFICATION_TAG parameter in the SCTP HEADER */ + sctp_conn->remote_tag = init_chunk->initiate_tag; + sctp_conn->snd_opts.a_rwnd = clib_net_to_host_u32 (init_chunk->a_rwnd); + + /* + * If the length specified in the INIT message is bigger than the size in bytes of our structure it means that + * optional parameters have been sent with the INIT chunk and we need to parse them. + */ + u16 length = vnet_sctp_get_chunk_length (sctp_chunk_hdr); + if (length > sizeof (sctp_init_chunk_t)) + { + /* There are optional parameters in the INIT chunk */ + u16 pointer_offset = sizeof (sctp_init_chunk_t); + while (pointer_offset < length) + { + sctp_opt_params_hdr_t *opt_params_hdr = + (sctp_opt_params_hdr_t *) init_chunk + pointer_offset; + + switch (clib_net_to_host_u16 (opt_params_hdr->type)) + { + case SCTP_IPV4_ADDRESS_TYPE: + { + sctp_ipv4_addr_param_t *ipv4 = + (sctp_ipv4_addr_param_t *) opt_params_hdr; + clib_memcpy (ip4_addr, &ipv4->address, + sizeof (ip4_address_t)); + + sctp_sub_connection_add_ip4 (vlib_get_thread_index (), ipv4); + + break; + } + case SCTP_IPV6_ADDRESS_TYPE: + { + sctp_ipv6_addr_param_t *ipv6 = + (sctp_ipv6_addr_param_t *) opt_params_hdr; + clib_memcpy (ip6_addr, &ipv6->address, + sizeof (ip6_address_t)); + + sctp_sub_connection_add_ip6 (vlib_get_thread_index (), ipv6); + + break; + } + case SCTP_COOKIE_PRESERVATIVE_TYPE: + { + sctp_cookie_preservative_param_t *cookie_pres = + (sctp_cookie_preservative_param_t *) opt_params_hdr; + sctp_conn->life_span_inc = cookie_pres->life_span_inc; + break; + } + case SCTP_HOSTNAME_ADDRESS_TYPE: + { + sctp_hostname_param_t *hostname_addr = + (sctp_hostname_param_t *) opt_params_hdr; + clib_memcpy (hostname, hostname_addr->hostname, + FQDN_MAX_LENGTH); + break; + } + case SCTP_SUPPORTED_ADDRESS_TYPES: + { + /* TODO */ + break; + } + } + pointer_offset += clib_net_to_host_u16 (opt_params_hdr->length); + } + } + + /* Reuse buffer to make init-ack and send */ + sctp_prepare_initack_chunk (sctp_conn, b0, ip4_addr, ip6_addr); + return SCTP_ERROR_NONE; +} + +always_inline u16 +sctp_is_valid_init_ack (sctp_header_t * sctp_hdr, + sctp_chunks_common_hdr_t * sctp_chunk_hdr, + sctp_connection_t * sctp_conn, vlib_buffer_t * b0, + u16 sctp_implied_length) +{ + sctp_init_ack_chunk_t *init_ack_chunk = + (sctp_init_ack_chunk_t *) (sctp_hdr); + + /* Check that the LOCALLY generated tag is being used by the REMOTE peer as the verification tag */ + if (sctp_conn->local_tag != init_ack_chunk->sctp_hdr.verification_tag) + { + return SCTP_ERROR_INVALID_TAG; + } + + /* + * It is not possible to bundle any other CHUNK with the INIT_ACK chunk + */ + if (sctp_is_bundling (sctp_implied_length, &init_ack_chunk->chunk_hdr)) + return SCTP_ERROR_BUNDLING_VIOLATION; + + return SCTP_ERROR_NONE; +} + +always_inline u16 +sctp_handle_init_ack (sctp_header_t * sctp_hdr, + sctp_chunks_common_hdr_t * sctp_chunk_hdr, + sctp_connection_t * sctp_conn, vlib_buffer_t * b0, + u16 sctp_implied_length) +{ + sctp_init_ack_chunk_t *init_ack_chunk = + (sctp_init_ack_chunk_t *) (sctp_hdr); + ip4_address_t *ip4_addr = 0; + ip6_address_t *ip6_addr = 0; + sctp_state_cookie_param_t state_cookie; + + char hostname[FQDN_MAX_LENGTH]; + + /* Check that the LOCALLY generated tag is being used by the REMOTE peer as the verification tag */ + if (sctp_conn->local_tag != init_ack_chunk->sctp_hdr.verification_tag) + { + return SCTP_ERROR_INVALID_TAG; + } + + /* + * It is not possible to bundle any other CHUNK with the INIT chunk + */ + if (sctp_is_bundling (sctp_implied_length, &init_ack_chunk->chunk_hdr)) + return SCTP_ERROR_BUNDLING_VIOLATION; + + /* remote_tag to be placed in the VERIFICATION_TAG field of the COOKIE_ECHO chunk */ + sctp_conn->remote_tag = init_ack_chunk->initiate_tag; + sctp_conn->snd_opts.a_rwnd = clib_net_to_host_u32 (init_ack_chunk->a_rwnd); + + u16 length = vnet_sctp_get_chunk_length (sctp_chunk_hdr); + + if (length > sizeof (sctp_init_ack_chunk_t)) + /* + * There are optional parameters in the INIT ACK chunk + */ + { + u16 pointer_offset = sizeof (sctp_init_ack_chunk_t); + + while (pointer_offset < length) + { + sctp_opt_params_hdr_t *opt_params_hdr = + (sctp_opt_params_hdr_t *) ((char *) init_ack_chunk + + pointer_offset); + + switch (clib_net_to_host_u16 (opt_params_hdr->type)) + { + case SCTP_IPV4_ADDRESS_TYPE: + { + sctp_ipv4_addr_param_t *ipv4 = + (sctp_ipv4_addr_param_t *) opt_params_hdr; + clib_memcpy (ip4_addr, &ipv4->address, + sizeof (ip4_address_t)); + + sctp_sub_connection_add_ip4 (vlib_get_thread_index (), ipv4); + + break; + } + case SCTP_IPV6_ADDRESS_TYPE: + { + sctp_ipv6_addr_param_t *ipv6 = + (sctp_ipv6_addr_param_t *) opt_params_hdr; + clib_memcpy (ip6_addr, &ipv6->address, + sizeof (ip6_address_t)); + + sctp_sub_connection_add_ip6 (vlib_get_thread_index (), ipv6); + + break; + } + case SCTP_STATE_COOKIE_TYPE: + { + sctp_state_cookie_param_t *state_cookie_param = + (sctp_state_cookie_param_t *) opt_params_hdr; + + clib_memcpy (&state_cookie, state_cookie_param, + sizeof (sctp_state_cookie_param_t)); + break; + } + case SCTP_HOSTNAME_ADDRESS_TYPE: + { + sctp_hostname_param_t *hostname_addr = + (sctp_hostname_param_t *) opt_params_hdr; + clib_memcpy (hostname, hostname_addr->hostname, + FQDN_MAX_LENGTH); + break; + } + case SCTP_UNRECOGNIZED_TYPE: + { + break; + } + } + u16 increment = clib_net_to_host_u16 (opt_params_hdr->length); + /* This indicates something really bad happened */ + if (increment == 0) + { + return SCTP_ERROR_INVALID_TAG; + } + pointer_offset += increment; + } + } + + sctp_prepare_cookie_echo_chunk (sctp_conn, b0, &state_cookie); + + /* Start the T1_COOKIE timer */ + sctp_timer_set (sctp_conn, sctp_pick_conn_idx_on_chunk (COOKIE_ECHO), + SCTP_TIMER_T1_COOKIE, SCTP_RTO_INIT); + + return SCTP_ERROR_NONE; +} + +/** Enqueue data for delivery to application */ +always_inline int +sctp_session_enqueue_data (sctp_connection_t * tc, vlib_buffer_t * b, + u16 data_len, u8 conn_idx) +{ + int written, error = SCTP_ERROR_ENQUEUED; + + written = + session_enqueue_stream_connection (&tc->sub_conn[conn_idx].connection, b, + 0, 1 /* queue event */ , 1); + + /* Update rcv_nxt */ + if (PREDICT_TRUE (written == data_len)) + { + tc->rcv_nxt += written; + + SCTP_ADV_DBG ("CONN = %u, WRITTEN [%u] == DATA_LEN [%d]", + tc->sub_conn[conn_idx].connection.c_index, + written, data_len); + } + /* If more data written than expected, account for out-of-order bytes. */ + else if (written > data_len) + { + tc->rcv_nxt += written; + + SCTP_ADV_DBG ("CONN = %u, WRITTEN [%u] > DATA_LEN [%d]", + tc->sub_conn[conn_idx].connection.c_index, + written, data_len); + } + else if (written > 0) + { + /* We've written something but FIFO is probably full now */ + tc->rcv_nxt += written; + + error = SCTP_ERROR_PARTIALLY_ENQUEUED; + + SCTP_ADV_DBG + ("CONN = %u, WRITTEN [%u] > 0 (SCTP_ERROR_PARTIALLY_ENQUEUED)", + tc->sub_conn[conn_idx].connection.c_index, written); + } + else + { + SCTP_ADV_DBG ("CONN = %u, WRITTEN == 0 (SCTP_ERROR_FIFO_FULL)", + tc->sub_conn[conn_idx].connection.c_index); + + return SCTP_ERROR_FIFO_FULL; + } + + return error; +} + +always_inline u16 +sctp_handle_data (sctp_payload_data_chunk_t * sctp_data_chunk, + sctp_connection_t * sctp_conn, vlib_buffer_t * b, + u16 * next0) +{ + u32 error = 0, n_data_bytes; + u8 idx = sctp_pick_conn_idx_on_state (sctp_conn->state); + + /* Check that the LOCALLY generated tag is being used by the REMOTE peer as the verification tag */ + if (sctp_conn->local_tag != sctp_data_chunk->sctp_hdr.verification_tag) + { + return SCTP_ERROR_INVALID_TAG; + } + + vnet_buffer (b)->sctp.sid = sctp_data_chunk->stream_id; + vnet_buffer (b)->sctp.ssn = sctp_data_chunk->stream_seq; + vnet_buffer (b)->sctp.tsn = sctp_data_chunk->tsn; + + vlib_buffer_advance (b, vnet_buffer (b)->sctp.data_offset); + n_data_bytes = vnet_buffer (b)->sctp.data_len; + ASSERT (n_data_bytes); + + SCTP_ADV_DBG ("POINTER_WITH_DATA = %p", b->data); + + /* In order data, enqueue. Fifo figures out by itself if any out-of-order + * segments can be enqueued after fifo tail offset changes. */ + error = sctp_session_enqueue_data (sctp_conn, b, n_data_bytes, idx); + + sctp_timer_update (sctp_conn, idx, SCTP_TIMER_T3_RXTX, SCTP_RTO_INIT); + + *next0 = sctp_next_output (sctp_conn->sub_conn[idx].c_is_ip4); + sctp_prepare_sack_chunk (sctp_conn, b); + + return error; +} + +always_inline u16 +sctp_handle_cookie_echo (sctp_header_t * sctp_hdr, + sctp_chunks_common_hdr_t * sctp_chunk_hdr, + sctp_connection_t * sctp_conn, vlib_buffer_t * b0) +{ + + /* Build TCB */ + u8 idx = sctp_pick_conn_idx_on_chunk (COOKIE_ECHO); + + /* Check that the LOCALLY generated tag is being used by the REMOTE peer as the verification tag */ + if (sctp_conn->local_tag != sctp_hdr->verification_tag) + { + return SCTP_ERROR_INVALID_TAG; + } + + sctp_prepare_cookie_ack_chunk (sctp_conn, b0); + + /* Change state */ + sctp_conn->state = SCTP_STATE_ESTABLISHED; + + stream_session_accept_notify (&sctp_conn->sub_conn[idx].connection); + + return SCTP_ERROR_NONE; + +} + +always_inline u16 +sctp_handle_cookie_ack (sctp_header_t * sctp_hdr, + sctp_chunks_common_hdr_t * sctp_chunk_hdr, + sctp_connection_t * sctp_conn, vlib_buffer_t * b0) +{ + + /* Stop T1_COOKIE timer */ + u8 idx = sctp_pick_conn_idx_on_chunk (COOKIE_ACK); + + /* Check that the LOCALLY generated tag is being used by the REMOTE peer as the verification tag */ + if (sctp_conn->local_tag != sctp_hdr->verification_tag) + { + return SCTP_ERROR_INVALID_TAG; + } + + sctp_timer_reset (sctp_conn, idx, SCTP_TIMER_T1_COOKIE); + /* Change state */ + sctp_conn->state = SCTP_STATE_ESTABLISHED; + + stream_session_accept_notify (&sctp_conn->sub_conn[idx].connection); + + sctp_timer_set (sctp_conn, idx, SCTP_TIMER_T3_RXTX, SCTP_RTO_INIT); + + return SCTP_ERROR_NONE; + +} + +always_inline uword +sctp46_rcv_phase_inline (vlib_main_t * vm, vlib_node_runtime_t * node, + vlib_frame_t * from_frame, int is_ip4) +{ + sctp_main_t *tm = vnet_get_sctp_main (); + + u32 n_left_from, next_index, *from, *to_next; + u32 my_thread_index = vm->thread_index; + + from = vlib_frame_vector_args (from_frame); + n_left_from = from_frame->n_vectors; + + next_index = node->cached_next_index; + + while (n_left_from > 0) + { + u32 n_left_to_next; + + vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); + + while (n_left_from > 0 && n_left_to_next > 0) + { + u32 bi0; + vlib_buffer_t *b0; + sctp_header_t *sctp_hdr = 0; + sctp_chunks_common_hdr_t *sctp_chunk_hdr = 0; + ip4_header_t *ip4_hdr = 0; + ip6_header_t *ip6_hdr = 0; + sctp_connection_t *sctp_conn, *new_sctp_conn; + u16 sctp_implied_length = 0; + u16 error0 = SCTP_ERROR_NONE, next0 = SCTP_RCV_PHASE_N_NEXT; + u8 idx; + + bi0 = from[0]; + to_next[0] = bi0; + from += 1; + to_next += 1; + n_left_from -= 1; + n_left_to_next -= 1; + + b0 = vlib_get_buffer (vm, bi0); + + /* If we are in SCTP_COOKIE_WAIT_STATE then the connection + * will come from the half-open connections pool. + */ + sctp_conn = + sctp_half_open_connection_get (vnet_buffer (b0)-> + sctp.connection_index); + + if (PREDICT_FALSE (sctp_conn == 0)) + { + error0 = SCTP_ERROR_INVALID_CONNECTION; + goto drop; + } + + if (PREDICT_FALSE (sctp_conn == 0)) + { + SCTP_ADV_DBG + ("sctp_conn == NULL; return SCTP_ERROR_INVALID_CONNECTION"); + error0 = SCTP_ERROR_INVALID_CONNECTION; + goto drop; + } + if (is_ip4) + { + ip4_hdr = vlib_buffer_get_current (b0); + sctp_hdr = ip4_next_header (ip4_hdr); + } + else + { + ip6_hdr = vlib_buffer_get_current (b0); + sctp_hdr = ip6_next_header (ip6_hdr); + } + idx = sctp_pick_conn_idx_on_state (sctp_conn->state); + + sctp_full_hdr_t *full_hdr = (sctp_full_hdr_t *) sctp_hdr; + + transport_connection_t *t_conn = + &sctp_conn->sub_conn[idx].connection; + + t_conn->lcl_port = sctp_hdr->dst_port; + t_conn->rmt_port = sctp_hdr->src_port; + t_conn->is_ip4 = is_ip4; + + if (is_ip4) + { + t_conn->lcl_ip.ip4.as_u32 = ip4_hdr->dst_address.as_u32; + t_conn->rmt_ip.ip4.as_u32 = ip4_hdr->src_address.as_u32; + } + else + { + clib_memcpy (&t_conn->lcl_ip.ip6, &ip6_hdr->dst_address, + sizeof (ip6_address_t)); + clib_memcpy (&t_conn->rmt_ip.ip6, &ip6_hdr->src_address, + sizeof (ip6_address_t)); + } + + sctp_chunk_hdr = + (sctp_chunks_common_hdr_t *) (&full_hdr->common_hdr); + + sctp_implied_length = + sctp_calculate_implied_length (ip4_hdr, ip6_hdr, is_ip4); + + u8 chunk_type = vnet_sctp_get_chunk_type (&full_hdr->common_hdr); + + switch (chunk_type) + { + case INIT_ACK: + error0 = + sctp_is_valid_init_ack (sctp_hdr, sctp_chunk_hdr, sctp_conn, + b0, sctp_implied_length); + + if (error0 == SCTP_ERROR_NONE) + { + pool_get (tm->connections[my_thread_index], new_sctp_conn); + clib_memcpy (new_sctp_conn, sctp_conn, + sizeof (*new_sctp_conn)); + new_sctp_conn->sub_conn[idx].c_c_index = + new_sctp_conn - tm->connections[my_thread_index]; + new_sctp_conn->sub_conn[idx].c_thread_index = + my_thread_index; + new_sctp_conn->sub_conn[idx].parent = new_sctp_conn; + + if (sctp_half_open_connection_cleanup (sctp_conn)) + { + SCTP_DBG + ("Cannot cleanup half-open connection; not the owning thread"); + } + + sctp_connection_timers_init (new_sctp_conn); + + error0 = + sctp_handle_init_ack (sctp_hdr, sctp_chunk_hdr, + new_sctp_conn, b0, + sctp_implied_length); + + sctp_connection_init_vars (new_sctp_conn); + + if (session_stream_connect_notify + (&new_sctp_conn->sub_conn[idx].connection, 0)) + { + SCTP_DBG + ("conn_index = %u: session_stream_connect_notify error; cleaning up connection", + new_sctp_conn->sub_conn[idx].connection.c_index); + sctp_connection_cleanup (new_sctp_conn); + goto drop; + } + } + next0 = sctp_next_output (is_ip4); + break; + + /* All UNEXPECTED scenarios (wrong chunk received per state-machine) + * are handled by the input-dispatcher function using the table-lookup + * hence we should never get to the "default" case below. + */ + default: + error0 = SCTP_ERROR_UNKOWN_CHUNK; + next0 = SCTP_NEXT_DROP; + goto drop; + } + + if (error0 != SCTP_ERROR_NONE) + { + clib_warning ("error while parsing chunk"); + sctp_connection_cleanup (sctp_conn); + next0 = SCTP_NEXT_DROP; + goto drop; + } + + drop: + b0->error = node->errors[error0]; + if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) + { + sctp_rx_trace_t *t0 = + vlib_add_trace (vm, node, b0, sizeof (*t0)); + sctp_set_rx_trace_data (t0, sctp_conn, sctp_hdr, b0, is_ip4); + } + + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, + n_left_to_next, bi0, next0); + } + + vlib_put_next_frame (vm, node, next_index, n_left_to_next); + } + return from_frame->n_vectors; +} + +static uword +sctp4_rcv_phase (vlib_main_t * vm, vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return sctp46_rcv_phase_inline (vm, node, from_frame, 1 /* is_ip4 */ ); +} + +static uword +sctp6_rcv_phase (vlib_main_t * vm, vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return sctp46_rcv_phase_inline (vm, node, from_frame, 0 /* is_ip4 */ ); +} + +u8 * +format_sctp_rx_trace_short (u8 * s, va_list * args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + sctp_rx_trace_t *t = va_arg (*args, sctp_rx_trace_t *); + + s = format (s, "%d -> %d (%U)", + clib_net_to_host_u16 (t->sctp_header.src_port), + clib_net_to_host_u16 (t->sctp_header.dst_port), + format_sctp_state, t->sctp_connection.state); + + return s; +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (sctp4_rcv_phase_node) = +{ + .function = sctp4_rcv_phase, + .name = "sctp4-rcv", + /* Takes a vector of packets. */ + .vector_size = sizeof (u32), + .n_errors = SCTP_N_ERROR, + .error_strings = sctp_error_strings, + .n_next_nodes = SCTP_RCV_PHASE_N_NEXT, + .next_nodes = + { +#define _(s,n) [SCTP_RCV_PHASE_NEXT_##s] = n, + foreach_sctp_state_next +#undef _ + }, + .format_trace = format_sctp_rx_trace_short, +}; +/* *INDENT-ON* */ + +VLIB_NODE_FUNCTION_MULTIARCH (sctp4_rcv_phase_node, sctp4_rcv_phase); + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (sctp6_init_phase_node) = +{ + .function = sctp6_rcv_phase, + .name = "sctp6-rcv", + /* Takes a vector of packets. */ + .vector_size = sizeof (u32), + .n_errors = SCTP_N_ERROR, + .error_strings = sctp_error_strings, + .n_next_nodes = SCTP_RCV_PHASE_N_NEXT, + .next_nodes = + { +#define _(s,n) [SCTP_RCV_PHASE_NEXT_##s] = n, + foreach_sctp_state_next +#undef _ + }, + .format_trace = format_sctp_rx_trace_short, +}; +/* *INDENT-ON* */ + +VLIB_NODE_FUNCTION_MULTIARCH (sctp6_init_phase_node, sctp6_rcv_phase); + +vlib_node_registration_t sctp4_shutdown_phase_node; +vlib_node_registration_t sctp6_shutdown_phase_node; + +always_inline u16 +sctp_handle_shutdown (sctp_header_t * sctp_hdr, + sctp_chunks_common_hdr_t * sctp_chunk_hdr, + sctp_connection_t * sctp_conn, vlib_buffer_t * b0, + u16 sctp_implied_length) +{ + sctp_shutdown_association_chunk_t *shutdown_chunk = + (sctp_shutdown_association_chunk_t *) (sctp_hdr); + + /* Check that the LOCALLY generated tag is being used by the REMOTE peer as the verification tag */ + if (sctp_conn->local_tag != sctp_hdr->verification_tag) + { + return SCTP_ERROR_INVALID_TAG; + } + + /* + * It is not possible to bundle any other CHUNK with the SHUTDOWN chunk + */ + if (sctp_is_bundling (sctp_implied_length, &shutdown_chunk->chunk_hdr)) + return SCTP_ERROR_BUNDLING_VIOLATION; + + switch (sctp_conn->state) + { + case SCTP_STATE_ESTABLISHED: + if (sctp_check_outstanding_data_chunks (sctp_conn) == 0) + sctp_conn->state = SCTP_STATE_SHUTDOWN_RECEIVED; + break; + + case SCTP_STATE_SHUTDOWN_SENT: + sctp_send_shutdown_ack (sctp_conn); + break; + } + + return SCTP_ERROR_NONE; +} + +always_inline u16 +sctp_handle_shutdown_ack (sctp_header_t * sctp_hdr, + sctp_chunks_common_hdr_t * sctp_chunk_hdr, + sctp_connection_t * sctp_conn, vlib_buffer_t * b0, + u16 sctp_implied_length) +{ + sctp_shutdown_ack_chunk_t *shutdown_ack_chunk = + (sctp_shutdown_ack_chunk_t *) (sctp_hdr); + + /* Check that the LOCALLY generated tag is being used by the REMOTE peer as the verification tag */ + if (sctp_conn->local_tag != sctp_hdr->verification_tag) + { + return SCTP_ERROR_INVALID_TAG; + } + + /* + * It is not possible to bundle any other CHUNK with the SHUTDOWN chunk + */ + if (sctp_is_bundling (sctp_implied_length, &shutdown_ack_chunk->chunk_hdr)) + return SCTP_ERROR_BUNDLING_VIOLATION; + + /* Whether we are in SCTP_STATE_SHUTDOWN_SENT or SCTP_STATE_SHUTDOWN_ACK_SENT + * the reception of a SHUTDOWN_ACK chunk leads to the same actions: + * - STOP T2_SHUTDOWN timer + * - SEND SHUTDOWN_COMPLETE chunk + */ + sctp_timer_reset (sctp_conn, MAIN_SCTP_SUB_CONN_IDX, + SCTP_TIMER_T2_SHUTDOWN); + sctp_send_shutdown_complete (sctp_conn); + + return SCTP_ERROR_NONE; +} + +always_inline u16 +sctp_handle_shutdown_complete (sctp_header_t * sctp_hdr, + sctp_chunks_common_hdr_t * sctp_chunk_hdr, + sctp_connection_t * sctp_conn, + vlib_buffer_t * b0, u16 sctp_implied_length) +{ + sctp_shutdown_complete_chunk_t *shutdown_complete = + (sctp_shutdown_complete_chunk_t *) (sctp_hdr); + + /* Check that the LOCALLY generated tag is being used by the REMOTE peer as the verification tag */ + if (sctp_conn->local_tag != sctp_hdr->verification_tag) + { + return SCTP_ERROR_INVALID_TAG; + } + + /* + * It is not possible to bundle any other CHUNK with the SHUTDOWN chunk + */ + if (sctp_is_bundling (sctp_implied_length, &shutdown_complete->chunk_hdr)) + return SCTP_ERROR_BUNDLING_VIOLATION; + + sctp_timer_reset (sctp_conn, MAIN_SCTP_SUB_CONN_IDX, + SCTP_TIMER_T2_SHUTDOWN); + + sctp_conn->state = SCTP_STATE_CLOSED; + + stream_session_disconnect_notify (&sctp_conn->sub_conn + [MAIN_SCTP_SUB_CONN_IDX].connection); + + return SCTP_ERROR_NONE; +} + +always_inline uword +sctp46_shutdown_phase_inline (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * from_frame, int is_ip4) +{ + u32 n_left_from, next_index, *from, *to_next; + u32 my_thread_index = vm->thread_index; + + from = vlib_frame_vector_args (from_frame); + n_left_from = from_frame->n_vectors; + + next_index = node->cached_next_index; + + while (n_left_from > 0) + { + u32 n_left_to_next; + + vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); + + while (n_left_from > 0 && n_left_to_next > 0) + { + u32 bi0; + vlib_buffer_t *b0; + sctp_rx_trace_t *sctp_trace; + sctp_header_t *sctp_hdr = 0; + sctp_chunks_common_hdr_t *sctp_chunk_hdr = 0; + ip4_header_t *ip4_hdr = 0; + ip6_header_t *ip6_hdr = 0; + sctp_connection_t *sctp_conn; + u16 sctp_implied_length = 0; + u16 error0 = SCTP_ERROR_NONE, next0 = SCTP_RCV_PHASE_N_NEXT; + + bi0 = from[0]; + to_next[0] = bi0; + from += 1; + to_next += 1; + n_left_from -= 1; + n_left_to_next -= 1; + + b0 = vlib_get_buffer (vm, bi0); + sctp_conn = + sctp_connection_get (vnet_buffer (b0)->sctp.connection_index, + my_thread_index); + + if (PREDICT_FALSE (sctp_conn == 0)) + { + SCTP_DBG + ("sctp_conn == NULL; return SCTP_ERROR_INVALID_CONNECTION"); + error0 = SCTP_ERROR_INVALID_CONNECTION; + goto drop; + } + + if (is_ip4) + { + ip4_hdr = vlib_buffer_get_current (b0); + sctp_hdr = ip4_next_header (ip4_hdr); + } + else + { + ip6_hdr = vlib_buffer_get_current (b0); + sctp_hdr = ip6_next_header (ip6_hdr); + } + + sctp_full_hdr_t *full_hdr = (sctp_full_hdr_t *) sctp_hdr; + sctp_chunk_hdr = &full_hdr->common_hdr; + + sctp_implied_length = + sctp_calculate_implied_length (ip4_hdr, ip6_hdr, is_ip4); + + switch (vnet_sctp_get_chunk_type (sctp_chunk_hdr)) + { + case SHUTDOWN: + error0 = + sctp_handle_shutdown (sctp_hdr, sctp_chunk_hdr, sctp_conn, b0, + sctp_implied_length); + next0 = sctp_next_output (is_ip4); + break; + + case SHUTDOWN_ACK: + error0 = + sctp_handle_shutdown_ack (sctp_hdr, sctp_chunk_hdr, sctp_conn, + b0, sctp_implied_length); + next0 = sctp_next_output (is_ip4); + break; + + case SHUTDOWN_COMPLETE: + error0 = + sctp_handle_shutdown_complete (sctp_hdr, sctp_chunk_hdr, + sctp_conn, b0, + sctp_implied_length); + + sctp_connection_cleanup (sctp_conn); + next0 = sctp_next_output (is_ip4); + break; + + /* + * DATA chunks can still be transmitted/received in the SHUTDOWN-PENDING + * and SHUTDOWN-SENT states (as per RFC4960 Section 6) + */ + case DATA: + error0 = + sctp_handle_data ((sctp_payload_data_chunk_t *) sctp_hdr, + sctp_conn, b0, &next0); + next0 = sctp_next_output (is_ip4); + break; + + /* All UNEXPECTED scenarios (wrong chunk received per state-machine) + * are handled by the input-dispatcher function using the table-lookup + * hence we should never get to the "default" case below. + */ + default: + error0 = SCTP_ERROR_UNKOWN_CHUNK; + next0 = SCTP_NEXT_DROP; + goto drop; + } + + if (error0 != SCTP_ERROR_NONE) + { + clib_warning ("error while parsing chunk"); + sctp_connection_cleanup (sctp_conn); + next0 = SCTP_NEXT_DROP; + goto drop; + } + + drop: + if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) + { + sctp_trace = + vlib_add_trace (vm, node, b0, sizeof (*sctp_trace)); + clib_memcpy (&sctp_trace->sctp_header, sctp_hdr, + sizeof (sctp_trace->sctp_header)); + clib_memcpy (&sctp_trace->sctp_connection, sctp_conn, + sizeof (sctp_trace->sctp_connection)); + } + + b0->error = node->errors[error0]; + + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, + n_left_to_next, bi0, next0); + } + + vlib_put_next_frame (vm, node, next_index, n_left_to_next); + } + + return from_frame->n_vectors; + +} + +static uword +sctp4_shutdown_phase (vlib_main_t * vm, vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return sctp46_shutdown_phase_inline (vm, node, from_frame, 1 /* is_ip4 */ ); +} + +static uword +sctp6_shutdown_phase (vlib_main_t * vm, vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return sctp46_shutdown_phase_inline (vm, node, from_frame, 1 /* is_ip4 */ ); +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (sctp4_shutdown_phase_node) = +{ + .function = sctp4_shutdown_phase, + .name = "sctp4-shutdown", + /* Takes a vector of packets. */ + .vector_size = sizeof (u32), + .n_errors = SCTP_N_ERROR, + .error_strings = sctp_error_strings, + .n_next_nodes = SCTP_SHUTDOWN_PHASE_N_NEXT, + .next_nodes = + { +#define _(s,n) [SCTP_SHUTDOWN_PHASE_NEXT_##s] = n, + foreach_sctp_state_next +#undef _ + }, + .format_trace = format_sctp_rx_trace_short, +}; +/* *INDENT-ON* */ + +VLIB_NODE_FUNCTION_MULTIARCH (sctp4_shutdown_phase_node, + sctp4_shutdown_phase); + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (sctp6_shutdown_phase_node) = +{ + .function = sctp6_shutdown_phase, + .name = "sctp6-shutdown", + /* Takes a vector of packets. */ + .vector_size = sizeof (u32), + .n_errors = SCTP_N_ERROR, + .error_strings = sctp_error_strings, + .n_next_nodes = SCTP_SHUTDOWN_PHASE_N_NEXT, + .next_nodes = + { +#define _(s,n) [SCTP_SHUTDOWN_PHASE_NEXT_##s] = n, + foreach_sctp_state_next +#undef _ + }, + .format_trace = format_sctp_rx_trace_short, +}; +/* *INDENT-ON* */ + +VLIB_NODE_FUNCTION_MULTIARCH (sctp6_shutdown_phase_node, + sctp6_shutdown_phase); + +vlib_node_registration_t sctp4_listen_phase_node; +vlib_node_registration_t sctp6_listen_phase_node; + +vlib_node_registration_t sctp4_established_phase_node; +vlib_node_registration_t sctp6_established_phase_node; + +always_inline u16 +sctp_handle_sack (sctp_selective_ack_chunk_t * sack_chunk, + sctp_connection_t * sctp_conn, vlib_buffer_t * b0, + u16 * next0) +{ + *next0 = + sctp_next_output (sctp_conn->sub_conn[MAIN_SCTP_SUB_CONN_IDX]. + connection.is_ip4); + + return SCTP_ERROR_NONE; +} + +always_inline u16 +sctp_handle_heartbeat (sctp_hb_req_chunk_t * sctp_hb_chunk, + sctp_connection_t * sctp_conn, vlib_buffer_t * b0, + u16 * next0) +{ + return SCTP_ERROR_NONE; +} + +always_inline u16 +sctp_handle_heartbeat_ack (sctp_hb_ack_chunk_t * sctp_hb_ack_chunk, + sctp_connection_t * sctp_conn, vlib_buffer_t * b0, + u16 * next0) +{ + return SCTP_ERROR_NONE; +} + +always_inline void +sctp_node_inc_counter (vlib_main_t * vm, u32 tcp4_node, u32 tcp6_node, + u8 is_ip4, u8 evt, u8 val) +{ + if (PREDICT_TRUE (!val)) + return; + + if (is_ip4) + vlib_node_increment_counter (vm, tcp4_node, evt, val); + else + vlib_node_increment_counter (vm, tcp6_node, evt, val); +} + +always_inline uword +sctp46_listen_process_inline (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * from_frame, int is_ip4) +{ + u32 n_left_from, next_index, *from, *to_next; + u32 my_thread_index = vm->thread_index; + + from = vlib_frame_vector_args (from_frame); + n_left_from = from_frame->n_vectors; + + next_index = node->cached_next_index; + + while (n_left_from > 0) + { + u32 n_left_to_next; + + vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); + + while (n_left_from > 0 && n_left_to_next > 0) + { + u32 bi0; + vlib_buffer_t *b0; + sctp_header_t *sctp_hdr = 0; + ip4_header_t *ip4_hdr; + ip6_header_t *ip6_hdr; + sctp_connection_t *child_conn; + sctp_connection_t *sctp_listener; + u16 next0 = SCTP_LISTEN_PHASE_N_NEXT, error0 = SCTP_ERROR_ENQUEUED; + + bi0 = from[0]; + to_next[0] = bi0; + from += 1; + to_next += 1; + n_left_from -= 1; + n_left_to_next -= 1; + + b0 = vlib_get_buffer (vm, bi0); + sctp_listener = + sctp_listener_get (vnet_buffer (b0)->sctp.connection_index); + + if (is_ip4) + { + ip4_hdr = vlib_buffer_get_current (b0); + sctp_hdr = ip4_next_header (ip4_hdr); + } + else + { + ip6_hdr = vlib_buffer_get_current (b0); + sctp_hdr = ip6_next_header (ip6_hdr); + } + + child_conn = + sctp_lookup_connection (sctp_listener->sub_conn + [MAIN_SCTP_SUB_CONN_IDX].c_fib_index, b0, + my_thread_index, is_ip4); + + if (PREDICT_FALSE (child_conn->state != SCTP_STATE_CLOSED)) + { + SCTP_DBG + ("conn_index = %u: child_conn->state != SCTP_STATE_CLOSED.... STATE=%s", + child_conn->sub_conn[MAIN_SCTP_SUB_CONN_IDX]. + connection.c_index, + sctp_state_to_string (child_conn->state)); + error0 = SCTP_ERROR_CREATE_EXISTS; + goto drop; + } + + /* Create child session and send SYN-ACK */ + child_conn = sctp_connection_new (my_thread_index); + child_conn->sub_conn[MAIN_SCTP_SUB_CONN_IDX].parent = child_conn; + child_conn->sub_conn[MAIN_SCTP_SUB_CONN_IDX].c_lcl_port = + sctp_hdr->dst_port; + child_conn->sub_conn[MAIN_SCTP_SUB_CONN_IDX].c_rmt_port = + sctp_hdr->src_port; + child_conn->sub_conn[MAIN_SCTP_SUB_CONN_IDX].c_is_ip4 = is_ip4; + child_conn->sub_conn[MAIN_SCTP_SUB_CONN_IDX].connection.proto = + sctp_listener->sub_conn[MAIN_SCTP_SUB_CONN_IDX].connection.proto; + child_conn->state = SCTP_STATE_CLOSED; + + if (is_ip4) + { + child_conn->sub_conn[MAIN_SCTP_SUB_CONN_IDX].c_lcl_ip4.as_u32 = + ip4_hdr->dst_address.as_u32; + child_conn->sub_conn[MAIN_SCTP_SUB_CONN_IDX].c_rmt_ip4.as_u32 = + ip4_hdr->src_address.as_u32; + } + else + { + clib_memcpy (&child_conn-> + sub_conn[MAIN_SCTP_SUB_CONN_IDX].c_lcl_ip6, + &ip6_hdr->dst_address, sizeof (ip6_address_t)); + clib_memcpy (&child_conn-> + sub_conn[MAIN_SCTP_SUB_CONN_IDX].c_rmt_ip6, + &ip6_hdr->src_address, sizeof (ip6_address_t)); + } + + sctp_full_hdr_t *full_hdr = (sctp_full_hdr_t *) sctp_hdr; + sctp_chunks_common_hdr_t *sctp_chunk_hdr = &full_hdr->common_hdr; + + u8 chunk_type = vnet_sctp_get_chunk_type (sctp_chunk_hdr); + if (chunk_type != INIT) + { + SCTP_DBG + ("conn_index = %u: chunk_type != INIT... chunk_type=%s", + child_conn->sub_conn[MAIN_SCTP_SUB_CONN_IDX]. + connection.c_index, sctp_chunk_to_string (chunk_type)); + + error0 = SCTP_ERROR_UNKOWN_CHUNK; + next0 = SCTP_NEXT_DROP; + goto drop; + } + + u16 sctp_implied_length = + sctp_calculate_implied_length (ip4_hdr, ip6_hdr, is_ip4); + + switch (chunk_type) + { + case INIT: + sctp_connection_timers_init (child_conn); + + error0 = + sctp_handle_init (sctp_hdr, sctp_chunk_hdr, child_conn, b0, + sctp_implied_length); + + sctp_connection_init_vars (child_conn); + + + if (error0 == SCTP_ERROR_NONE) + { + if (stream_session_accept + (&child_conn-> + sub_conn[MAIN_SCTP_SUB_CONN_IDX].connection, + sctp_listener-> + sub_conn[MAIN_SCTP_SUB_CONN_IDX].c_s_index, 0)) + { + clib_warning ("session accept fail"); + sctp_connection_cleanup (child_conn); + error0 = SCTP_ERROR_CREATE_SESSION_FAIL; + goto drop; + } + } + next0 = sctp_next_output (is_ip4); + break; + + /* Reception of a DATA chunk whilst in the CLOSED state is called + * "Out of the Blue" packet and handling of the chunk needs special treatment + * as per RFC4960 section 8.4 + */ + case DATA: + break; + } + + drop: + if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) + { + sctp_rx_trace_t *t0 = + vlib_add_trace (vm, node, b0, sizeof (*t0)); + clib_memcpy (&t0->sctp_header, sctp_hdr, + sizeof (t0->sctp_header)); + clib_memcpy (&t0->sctp_connection, sctp_listener, + sizeof (t0->sctp_connection)); + } + + b0->error = node->errors[error0]; + + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, + n_left_to_next, bi0, next0); + } + vlib_put_next_frame (vm, node, next_index, n_left_to_next); + + } + return from_frame->n_vectors; +} + +static uword +sctp4_listen_phase (vlib_main_t * vm, vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return sctp46_listen_process_inline (vm, node, from_frame, 1 /* is_ip4 */ ); +} + +static uword +sctp6_listen_phase (vlib_main_t * vm, vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return sctp46_listen_process_inline (vm, node, from_frame, 0 /* is_ip4 */ ); +} + +always_inline uword +sctp46_established_phase_inline (vlib_main_t * vm, vlib_node_runtime_t * node, + vlib_frame_t * from_frame, int is_ip4) +{ + u32 n_left_from, next_index, *from, *to_next; + u32 my_thread_index = vm->thread_index, errors = 0; + + from = vlib_frame_vector_args (from_frame); + n_left_from = from_frame->n_vectors; + + next_index = node->cached_next_index; + + while (n_left_from > 0) + { + u32 n_left_to_next; + + vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); + + while (n_left_from > 0 && n_left_to_next > 0) + { + u32 bi0; + vlib_buffer_t *b0; + sctp_header_t *sctp_hdr = 0; + sctp_chunks_common_hdr_t *sctp_chunk_hdr = 0; + ip4_header_t *ip4_hdr = 0; + ip6_header_t *ip6_hdr = 0; + sctp_connection_t *sctp_conn; + u16 error0 = SCTP_ERROR_NONE, next0 = SCTP_ESTABLISHED_PHASE_N_NEXT; + u8 idx; + + bi0 = from[0]; + to_next[0] = bi0; + from += 1; + to_next += 1; + n_left_from -= 1; + n_left_to_next -= 1; + + b0 = vlib_get_buffer (vm, bi0); + sctp_conn = + sctp_connection_get (vnet_buffer (b0)->sctp.connection_index, + my_thread_index); + + if (PREDICT_FALSE (sctp_conn == 0)) + { + SCTP_DBG + ("sctp_conn == NULL; return SCTP_ERROR_INVALID_CONNECTION"); + error0 = SCTP_ERROR_INVALID_CONNECTION; + goto done; + } + if (is_ip4) + { + ip4_hdr = vlib_buffer_get_current (b0); + sctp_hdr = ip4_next_header (ip4_hdr); + } + else + { + ip6_hdr = vlib_buffer_get_current (b0); + sctp_hdr = ip6_next_header (ip6_hdr); + } + + idx = sctp_pick_conn_idx_on_state (sctp_conn->state); + + sctp_full_hdr_t *full_hdr = (sctp_full_hdr_t *) sctp_hdr; + + transport_connection_t *t_conn = + &sctp_conn->sub_conn[idx].connection; + + t_conn->lcl_port = sctp_hdr->dst_port; + t_conn->rmt_port = sctp_hdr->src_port; + t_conn->is_ip4 = is_ip4; + + sctp_conn->sub_conn[idx].parent = sctp_conn; + + if (is_ip4) + { + t_conn->lcl_ip.ip4.as_u32 = ip4_hdr->dst_address.as_u32; + t_conn->rmt_ip.ip4.as_u32 = ip4_hdr->src_address.as_u32; + } + else + { + clib_memcpy (&t_conn->lcl_ip.ip6, &ip6_hdr->dst_address, + sizeof (ip6_address_t)); + clib_memcpy (&t_conn->rmt_ip.ip6, &ip6_hdr->src_address, + sizeof (ip6_address_t)); + } + + sctp_chunk_hdr = + (sctp_chunks_common_hdr_t *) (&full_hdr->common_hdr); + + u8 chunk_type = vnet_sctp_get_chunk_type (&full_hdr->common_hdr); + + switch (chunk_type) + { + case COOKIE_ECHO: + error0 = + sctp_handle_cookie_echo (sctp_hdr, sctp_chunk_hdr, sctp_conn, + b0); + next0 = sctp_next_output (is_ip4); + break; + + case COOKIE_ACK: + error0 = + sctp_handle_cookie_ack (sctp_hdr, sctp_chunk_hdr, sctp_conn, + b0); + next0 = sctp_next_output (is_ip4); + break; + + case SACK: + error0 = + sctp_handle_sack ((sctp_selective_ack_chunk_t *) sctp_hdr, + sctp_conn, b0, &next0); + break; + + case HEARTBEAT: + error0 = + sctp_handle_heartbeat ((sctp_hb_req_chunk_t *) sctp_hdr, + sctp_conn, b0, &next0); + break; + + case HEARTBEAT_ACK: + error0 = + sctp_handle_heartbeat_ack ((sctp_hb_ack_chunk_t *) sctp_hdr, + sctp_conn, b0, &next0); + break; + + case DATA: + error0 = + sctp_handle_data ((sctp_payload_data_chunk_t *) sctp_hdr, + sctp_conn, b0, &next0); + break; + + /* All UNEXPECTED scenarios (wrong chunk received per state-machine) + * are handled by the input-dispatcher function using the table-lookup + * hence we should never get to the "default" case below. + */ + default: + error0 = SCTP_ERROR_UNKOWN_CHUNK; + next0 = SCTP_NEXT_DROP; + goto done; + } + + done: + b0->error = node->errors[error0]; + if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) + { + sctp_rx_trace_t *t0 = + vlib_add_trace (vm, node, b0, sizeof (*t0)); + sctp_set_rx_trace_data (t0, sctp_conn, sctp_hdr, b0, is_ip4); + } + + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, + n_left_to_next, bi0, next0); + } + + vlib_put_next_frame (vm, node, next_index, n_left_to_next); + } + + errors = session_manager_flush_enqueue_events (TRANSPORT_PROTO_SCTP, + my_thread_index); + + sctp_node_inc_counter (vm, is_ip4, sctp4_established_phase_node.index, + sctp6_established_phase_node.index, + SCTP_ERROR_EVENT_FIFO_FULL, errors); + sctp_flush_frame_to_output (vm, my_thread_index, is_ip4); + + return from_frame->n_vectors; +} + +static uword +sctp4_established_phase (vlib_main_t * vm, vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return sctp46_established_phase_inline (vm, node, from_frame, + 1 /* is_ip4 */ ); +} + +static uword +sctp6_established_phase (vlib_main_t * vm, vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return sctp46_established_phase_inline (vm, node, from_frame, + 0 /* is_ip4 */ ); +} + +u8 * +format_sctp_rx_trace (u8 * s, va_list * args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + sctp_rx_trace_t *t = va_arg (*args, sctp_rx_trace_t *); + u32 indent = format_get_indent (s); + + s = format (s, "%U\n%U%U", + format_sctp_header, &t->sctp_header, 128, + format_white_space, indent, + format_sctp_connection, &t->sctp_connection, 1); + + return s; +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (sctp4_listen_phase_node) = +{ + .function = sctp4_listen_phase, + .name = "sctp4-listen", + /* Takes a vector of packets. */ + .vector_size = sizeof (u32), + .n_errors = SCTP_N_ERROR, + .error_strings = sctp_error_strings, + .n_next_nodes = SCTP_LISTEN_PHASE_N_NEXT, + .next_nodes = + { +#define _(s,n) [SCTP_LISTEN_PHASE_NEXT_##s] = n, + foreach_sctp_state_next +#undef _ + }, + .format_trace = format_sctp_rx_trace_short, +}; +/* *INDENT-ON* */ + +VLIB_NODE_FUNCTION_MULTIARCH (sctp4_listen_phase_node, sctp4_listen_phase); + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (sctp6_listen_phase_node) = +{ + .function = sctp6_listen_phase, + .name = "sctp6-listen", + /* Takes a vector of packets. */ + .vector_size = sizeof (u32), + .n_errors = SCTP_N_ERROR, + .error_strings = sctp_error_strings, + .n_next_nodes = SCTP_LISTEN_PHASE_N_NEXT, + .next_nodes = + { +#define _(s,n) [SCTP_LISTEN_PHASE_NEXT_##s] = n, + foreach_sctp_state_next +#undef _ + }, + .format_trace = format_sctp_rx_trace_short, +}; +/* *INDENT-ON* */ + +VLIB_NODE_FUNCTION_MULTIARCH (sctp6_listen_phase_node, sctp6_listen_phase); + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (sctp4_established_phase_node) = +{ + .function = sctp4_established_phase, + .name = "sctp4-established", + /* Takes a vector of packets. */ + .vector_size = sizeof (u32), + .n_errors = SCTP_N_ERROR, + .error_strings = sctp_error_strings, + .n_next_nodes = SCTP_ESTABLISHED_PHASE_N_NEXT, + .next_nodes = + { +#define _(s,n) [SCTP_ESTABLISHED_PHASE_NEXT_##s] = n, + foreach_sctp_state_next +#undef _ + }, + .format_trace = format_sctp_rx_trace_short, +}; +/* *INDENT-ON* */ + +VLIB_NODE_FUNCTION_MULTIARCH (sctp4_established_phase_node, + sctp4_established_phase); + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (sctp6_established_phase_node) = +{ + .function = sctp6_established_phase, + .name = "sctp6-established", + /* Takes a vector of packets. */ + .vector_size = sizeof (u32), + .n_errors = SCTP_N_ERROR, + .error_strings = sctp_error_strings, + .n_next_nodes = SCTP_LISTEN_PHASE_N_NEXT, + .next_nodes = + { +#define _(s,n) [SCTP_LISTEN_PHASE_NEXT_##s] = n, + foreach_sctp_state_next +#undef _ + }, + .format_trace = format_sctp_rx_trace_short, +}; +/* *INDENT-ON* */ + +VLIB_NODE_FUNCTION_MULTIARCH (sctp6_established_phase_node, + sctp6_established_phase); + +/* + * This is the function executed first for the SCTP graph. + * It takes care of doing the initial message parsing and + * dispatch to the specialized function. + */ +always_inline uword +sctp46_input_dispatcher (vlib_main_t * vm, vlib_node_runtime_t * node, + vlib_frame_t * from_frame, int is_ip4) +{ + u32 n_left_from, next_index, *from, *to_next; + u32 my_thread_index = vm->thread_index; + u8 is_filtered; + sctp_main_t *tm = vnet_get_sctp_main (); + + from = vlib_frame_vector_args (from_frame); + n_left_from = from_frame->n_vectors; + next_index = node->cached_next_index; + sctp_set_time_now (my_thread_index); + + while (n_left_from > 0) + { + u32 n_left_to_next; + + vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); + + while (n_left_from > 0 && n_left_to_next > 0) + { + int n_advance_bytes0, n_data_bytes0; + u32 bi0, fib_index0; + vlib_buffer_t *b0; + sctp_header_t *sctp_hdr = 0; + sctp_chunks_common_hdr_t *sctp_chunk_hdr = 0; + sctp_connection_t *sctp_conn; + transport_connection_t *tconn; + ip4_header_t *ip4_hdr; + ip6_header_t *ip6_hdr; + u32 error0 = SCTP_ERROR_NO_LISTENER, next0 = SCTP_INPUT_NEXT_DROP; + + bi0 = from[0]; + to_next[0] = bi0; + from += 1; + to_next += 1; + n_left_from -= 1; + n_left_to_next -= 1; + + b0 = vlib_get_buffer (vm, bi0); + vnet_buffer (b0)->tcp.flags = 0; + fib_index0 = vnet_buffer (b0)->ip.fib_index; + + /* Checksum computed by ipx_local no need to compute again */ + + if (is_ip4) + { + ip4_hdr = vlib_buffer_get_current (b0); + sctp_hdr = ip4_next_header (ip4_hdr); + + sctp_full_hdr_t *full_hdr = (sctp_full_hdr_t *) sctp_hdr; + sctp_chunk_hdr = &full_hdr->common_hdr; + + n_advance_bytes0 = + (ip4_header_bytes (ip4_hdr) + + sizeof (sctp_payload_data_chunk_t)); + n_data_bytes0 = + clib_net_to_host_u16 (ip4_hdr->length) - n_advance_bytes0; + + tconn = session_lookup_connection_wt4 (fib_index0, + &ip4_hdr->dst_address, + &ip4_hdr->src_address, + sctp_hdr->dst_port, + sctp_hdr->src_port, + TRANSPORT_PROTO_SCTP, + my_thread_index, + &is_filtered); + } + else + { + ip6_hdr = vlib_buffer_get_current (b0); + sctp_hdr = ip6_next_header (ip6_hdr); + + sctp_full_hdr_t *full_hdr = (sctp_full_hdr_t *) sctp_hdr; + sctp_chunk_hdr = &full_hdr->common_hdr; + + n_advance_bytes0 = sctp_header_bytes (); + n_data_bytes0 = + clib_net_to_host_u16 (ip6_hdr->payload_length) - + n_advance_bytes0; + n_advance_bytes0 += sizeof (ip6_hdr[0]); + + tconn = session_lookup_connection_wt6 (fib_index0, + &ip6_hdr->dst_address, + &ip6_hdr->src_address, + sctp_hdr->dst_port, + sctp_hdr->src_port, + TRANSPORT_PROTO_SCTP, + my_thread_index, + &is_filtered); + } + + /* Length check */ + if (PREDICT_FALSE (n_advance_bytes0 < 0)) + { + error0 = SCTP_ERROR_LENGTH; + goto done; + } + + sctp_conn = sctp_get_connection_from_transport (tconn); + vnet_sctp_common_hdr_params_net_to_host (sctp_chunk_hdr); + + u8 type = vnet_sctp_get_chunk_type (sctp_chunk_hdr); + +#if SCTP_DEBUG_STATE_MACHINE + u8 idx = sctp_pick_conn_idx_on_state (sctp_conn->state); +#endif + vnet_buffer (b0)->sctp.hdr_offset = + (u8 *) sctp_hdr - (u8 *) vlib_buffer_get_current (b0); + + /* Session exists */ + if (PREDICT_TRUE (0 != sctp_conn)) + { + /* Save connection index */ + vnet_buffer (b0)->sctp.connection_index = tconn->c_index; + vnet_buffer (b0)->sctp.data_offset = n_advance_bytes0; + vnet_buffer (b0)->sctp.data_len = n_data_bytes0; + + next0 = tm->dispatch_table[sctp_conn->state][type].next; + error0 = tm->dispatch_table[sctp_conn->state][type].error; + + SCTP_DBG_STATE_MACHINE ("CONNECTION_INDEX = %u: " + "CURRENT_CONNECTION_STATE = %s," + "CHUNK_TYPE_RECEIVED = %s " + "NEXT_PHASE = %s", + sctp_conn->sub_conn + [idx].connection.c_index, + sctp_state_to_string (sctp_conn->state), + sctp_chunk_to_string (type), + phase_to_string (next0)); + + if (type == DATA) + SCTP_ADV_DBG ("n_advance_bytes0 = %u, n_data_bytes0 = %u", + n_advance_bytes0, n_data_bytes0); + + } + else + { + if (is_filtered) + { + next0 = SCTP_INPUT_NEXT_DROP; + error0 = SCTP_ERROR_FILTERED; + } + else if ((is_ip4 && tm->punt_unknown4) || + (!is_ip4 && tm->punt_unknown6)) + { + next0 = SCTP_INPUT_NEXT_PUNT_PHASE; + error0 = SCTP_ERROR_PUNT; + } + else + { + next0 = SCTP_INPUT_NEXT_DROP; + error0 = SCTP_ERROR_NO_LISTENER; + } + SCTP_DBG_STATE_MACHINE ("sctp_conn == NULL, NEXT_PHASE = %s", + phase_to_string (next0)); + sctp_conn = 0; + } + + done: + b0->error = error0 ? node->errors[error0] : 0; + + if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) + { + sctp_rx_trace_t *t0 = + vlib_add_trace (vm, node, b0, sizeof (*t0)); + sctp_set_rx_trace_data (t0, sctp_conn, sctp_hdr, b0, is_ip4); + } + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, + n_left_to_next, bi0, next0); + } + + vlib_put_next_frame (vm, node, next_index, n_left_to_next); + } + return from_frame->n_vectors; +} + +static uword +sctp4_input_dispatcher (vlib_main_t * vm, vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return sctp46_input_dispatcher (vm, node, from_frame, 1 /* is_ip4 */ ); +} + +static uword +sctp6_input_dispatcher (vlib_main_t * vm, vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return sctp46_input_dispatcher (vm, node, from_frame, 0 /* is_ip4 */ ); +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (sctp4_input_node) = +{ + .function = sctp4_input_dispatcher, + .name = "sctp4-input", + /* Takes a vector of packets. */ + .vector_size = sizeof (u32), + .n_errors = SCTP_N_ERROR, + .error_strings = sctp_error_strings, + .n_next_nodes = SCTP_INPUT_N_NEXT, + .next_nodes = + { +#define _(s,n) [SCTP_INPUT_NEXT_##s] = n, + foreach_sctp4_input_next +#undef _ + }, + .format_buffer = format_sctp_header, + .format_trace = format_sctp_rx_trace, +}; +/* *INDENT-ON* */ + +VLIB_NODE_FUNCTION_MULTIARCH (sctp4_input_node, sctp4_input_dispatcher); + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (sctp6_input_node) = +{ + .function = sctp6_input_dispatcher, + .name = "sctp6-input", + /* Takes a vector of packets. */ + .vector_size = sizeof (u32), + .n_errors = SCTP_N_ERROR, + .error_strings = sctp_error_strings, + .n_next_nodes = SCTP_INPUT_N_NEXT, + .next_nodes = + { +#define _(s,n) [SCTP_INPUT_NEXT_##s] = n, + foreach_sctp6_input_next +#undef _ + }, + .format_buffer = format_sctp_header, + .format_trace = format_sctp_rx_trace, +}; +/* *INDENT-ON* */ + +VLIB_NODE_FUNCTION_MULTIARCH (sctp6_input_node, sctp6_input_dispatcher); + +vlib_node_registration_t sctp4_input_node; +vlib_node_registration_t sctp6_input_node; + +static void +sctp_dispatch_table_init (sctp_main_t * tm) +{ + int i, j; + for (i = 0; i < ARRAY_LEN (tm->dispatch_table); i++) + for (j = 0; j < ARRAY_LEN (tm->dispatch_table[i]); j++) + { + tm->dispatch_table[i][j].next = SCTP_INPUT_NEXT_DROP; + tm->dispatch_table[i][j].error = SCTP_ERROR_DISPATCH; + } + +#define _(t,f,n,e) \ +do { \ + tm->dispatch_table[SCTP_STATE_##t][f].next = (n); \ + tm->dispatch_table[SCTP_STATE_##t][f].error = (e); \ +} while (0) + + /* + * SCTP STATE-MACHINE states: + * + * _(CLOSED, "CLOSED") \ + * _(COOKIE_WAIT, "COOKIE_WAIT") \ + * _(COOKIE_ECHOED, "COOKIE_ECHOED") \ + * _(ESTABLISHED, "ESTABLISHED") \ + * _(SHUTDOWN_PENDING, "SHUTDOWN_PENDING") \ + * _(SHUTDOWN_SENT, "SHUTDOWN_SENT") \ + * _(SHUTDOWN_RECEIVED, "SHUTDOWN_RECEIVED") \ + * _(SHUTDOWN_ACK_SENT, "SHUTDOWN_ACK_SENT") + */ + //_(CLOSED, DATA, SCTP_INPUT_NEXT_LISTEN_PHASE, SCTP_ERROR_NONE); /* UNEXPECTED DATA chunk which requires special handling */ + _(CLOSED, INIT, SCTP_INPUT_NEXT_LISTEN_PHASE, SCTP_ERROR_NONE); + _(CLOSED, INIT_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED INIT_ACK chunk */ + _(CLOSED, SACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SACK_CHUNK_VIOLATION); /* UNEXPECTED SACK chunk */ + _(CLOSED, HEARTBEAT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_HEARTBEAT_CHUNK_VIOLATION); /* UNEXPECTED HEARTBEAT chunk */ + _(CLOSED, HEARTBEAT_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_HEARTBEAT_ACK_CHUNK_VIOLATION); /* UNEXPECTED HEARTBEAT_ACK chunk */ + _(CLOSED, ABORT, SCTP_INPUT_NEXT_RCV_PHASE, SCTP_ERROR_NONE); + _(CLOSED, SHUTDOWN, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN chunk */ + _(CLOSED, SHUTDOWN_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_ACK_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN_ACK chunk */ + _(CLOSED, OPERATION_ERROR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_OPERATION_ERROR_VIOLATION); /* UNEXPECTED OPERATION_ERROR chunk */ + _(CLOSED, COOKIE_ECHO, SCTP_INPUT_NEXT_ESTABLISHED_PHASE, SCTP_ERROR_NONE); + _(CLOSED, COOKIE_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED COOKIE_ACK chunk */ + _(CLOSED, ECNE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ECNE_VIOLATION); /* UNEXPECTED ECNE chunk */ + _(CLOSED, CWR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_CWR_VIOLATION); /* UNEXPECTED CWR chunk */ + _(CLOSED, SHUTDOWN_COMPLETE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_COMPLETE_VIOLATION); /* UNEXPECTED SHUTDOWN_COMPLETE chunk */ + + _(COOKIE_WAIT, DATA, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_NONE); + _(COOKIE_WAIT, INIT, SCTP_INPUT_NEXT_RCV_PHASE, SCTP_ERROR_NONE); /* UNEXPECTED INIT chunk which requires special handling */ + _(COOKIE_WAIT, INIT_ACK, SCTP_INPUT_NEXT_RCV_PHASE, SCTP_ERROR_NONE); + _(COOKIE_WAIT, SACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SACK_CHUNK_VIOLATION); /* UNEXPECTED SACK chunk */ + _(COOKIE_WAIT, HEARTBEAT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_HEARTBEAT_CHUNK_VIOLATION); /* UNEXPECTED HEARTBEAT chunk */ + _(COOKIE_WAIT, HEARTBEAT_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_HEARTBEAT_ACK_CHUNK_VIOLATION); /* UNEXPECTED HEARTBEAT_ACK chunk */ + _(COOKIE_WAIT, ABORT, SCTP_INPUT_NEXT_RCV_PHASE, SCTP_ERROR_NONE); + _(COOKIE_WAIT, SHUTDOWN, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN chunk */ + _(COOKIE_WAIT, SHUTDOWN_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_ACK_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN_ACK chunk */ + _(COOKIE_WAIT, OPERATION_ERROR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_OPERATION_ERROR_VIOLATION); /* UNEXPECTED OPERATION_ERROR chunk */ + _(COOKIE_WAIT, COOKIE_ECHO, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_COOKIE_ECHO_VIOLATION); /* UNEXPECTED COOKIE_ECHO chunk */ + _(COOKIE_WAIT, COOKIE_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED COOKIE_ACK chunk */ + _(COOKIE_WAIT, ECNE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ECNE_VIOLATION); /* UNEXPECTED ECNE chunk */ + _(COOKIE_WAIT, CWR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_CWR_VIOLATION); /* UNEXPECTED CWR chunk */ + _(COOKIE_WAIT, SHUTDOWN_COMPLETE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_COMPLETE_VIOLATION); /* UNEXPECTED SHUTDOWN_COMPLETE chunk */ + + _(COOKIE_ECHOED, DATA, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_NONE); + _(COOKIE_ECHOED, INIT, SCTP_INPUT_NEXT_RCV_PHASE, SCTP_ERROR_NONE); /* UNEXPECTED INIT chunk which requires special handling */ + _(COOKIE_ECHOED, INIT_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED INIT_ACK chunk */ + _(COOKIE_ECHOED, SACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SACK_CHUNK_VIOLATION); /* UNEXPECTED SACK chunk */ + _(COOKIE_ECHOED, HEARTBEAT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_HEARTBEAT_CHUNK_VIOLATION); /* UNEXPECTED HEARTBEAT chunk */ + _(COOKIE_ECHOED, HEARTBEAT_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_HEARTBEAT_ACK_CHUNK_VIOLATION); /* UNEXPECTED HEARTBEAT_ACK chunk */ + _(COOKIE_ECHOED, ABORT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ABORT_CHUNK_VIOLATION); /* UNEXPECTED ABORT chunk */ + _(COOKIE_ECHOED, SHUTDOWN, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN chunk */ + _(COOKIE_ECHOED, SHUTDOWN_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_ACK_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN_ACK chunk */ + _(COOKIE_ECHOED, OPERATION_ERROR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_OPERATION_ERROR_VIOLATION); /* UNEXPECTED OPERATION_ERROR chunk */ + _(COOKIE_ECHOED, COOKIE_ECHO, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_COOKIE_ECHO_VIOLATION); /* UNEXPECTED COOKIE_ECHO chunk */ + _(COOKIE_ECHOED, COOKIE_ACK, SCTP_INPUT_NEXT_ESTABLISHED_PHASE, + SCTP_ERROR_NONE); + _(COOKIE_ECHOED, ECNE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ECNE_VIOLATION); /* UNEXPECTED ECNE chunk */ + _(COOKIE_ECHOED, CWR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_CWR_VIOLATION); /* UNEXPECTED CWR chunk */ + _(COOKIE_ECHOED, SHUTDOWN_COMPLETE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_COMPLETE_VIOLATION); /* UNEXPECTED SHUTDOWN_COMPLETE chunk */ + + _(ESTABLISHED, DATA, SCTP_INPUT_NEXT_ESTABLISHED_PHASE, SCTP_ERROR_NONE); + _(ESTABLISHED, INIT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_INIT_CHUNK_VIOLATION); /* UNEXPECTED INIT chunk */ + _(ESTABLISHED, INIT_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED INIT_ACK chunk */ + _(ESTABLISHED, SACK, SCTP_INPUT_NEXT_ESTABLISHED_PHASE, SCTP_ERROR_NONE); + _(ESTABLISHED, HEARTBEAT, SCTP_INPUT_NEXT_ESTABLISHED_PHASE, + SCTP_ERROR_NONE); + _(ESTABLISHED, HEARTBEAT_ACK, SCTP_INPUT_NEXT_ESTABLISHED_PHASE, + SCTP_ERROR_NONE); + _(ESTABLISHED, ABORT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ABORT_CHUNK_VIOLATION); /* UNEXPECTED ABORT chunk */ + _(ESTABLISHED, SHUTDOWN, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, SCTP_ERROR_NONE); + _(ESTABLISHED, SHUTDOWN_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_ACK_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN_ACK chunk */ + _(ESTABLISHED, OPERATION_ERROR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_OPERATION_ERROR_VIOLATION); /* UNEXPECTED OPERATION_ERROR chunk */ + _(ESTABLISHED, COOKIE_ECHO, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_COOKIE_ECHO_VIOLATION); /* UNEXPECTED COOKIE_ECHO chunk */ + _(ESTABLISHED, COOKIE_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED COOKIE_ACK chunk */ + _(ESTABLISHED, ECNE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ECNE_VIOLATION); /* UNEXPECTED ECNE chunk */ + _(ESTABLISHED, CWR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_CWR_VIOLATION); /* UNEXPECTED CWR chunk */ + _(ESTABLISHED, SHUTDOWN_COMPLETE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_COMPLETE_VIOLATION); /* UNEXPECTED SHUTDOWN_COMPLETE chunk */ + + _(SHUTDOWN_PENDING, DATA, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, SCTP_ERROR_NONE); + _(SHUTDOWN_PENDING, INIT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_INIT_CHUNK_VIOLATION); /* UNEXPECTED INIT chunk */ + _(SHUTDOWN_PENDING, INIT_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED INIT_ACK chunk */ + _(SHUTDOWN_PENDING, SACK, SCTP_INPUT_NEXT_LISTEN_PHASE, SCTP_ERROR_NONE); + _(SHUTDOWN_PENDING, HEARTBEAT, SCTP_INPUT_NEXT_LISTEN_PHASE, + SCTP_ERROR_NONE); + _(SHUTDOWN_PENDING, HEARTBEAT_ACK, SCTP_INPUT_NEXT_LISTEN_PHASE, + SCTP_ERROR_NONE); + _(SHUTDOWN_PENDING, ABORT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ABORT_CHUNK_VIOLATION); /* UNEXPECTED ABORT chunk */ + _(SHUTDOWN_PENDING, SHUTDOWN, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, + SCTP_ERROR_NONE); + _(SHUTDOWN_PENDING, SHUTDOWN_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_ACK_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN_ACK chunk */ + _(SHUTDOWN_PENDING, OPERATION_ERROR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_OPERATION_ERROR_VIOLATION); /* UNEXPECTED OPERATION_ERROR chunk */ + _(SHUTDOWN_PENDING, COOKIE_ECHO, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_COOKIE_ECHO_VIOLATION); /* UNEXPECTED COOKIE_ECHO chunk */ + _(SHUTDOWN_PENDING, COOKIE_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED COOKIE_ACK chunk */ + _(SHUTDOWN_PENDING, ECNE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ECNE_VIOLATION); /* UNEXPECTED ECNE chunk */ + _(SHUTDOWN_PENDING, CWR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_CWR_VIOLATION); /* UNEXPECTED CWR chunk */ + _(SHUTDOWN_PENDING, SHUTDOWN_COMPLETE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_COMPLETE_VIOLATION); /* UNEXPECTED SHUTDOWN_COMPLETE chunk */ + + _(SHUTDOWN_SENT, DATA, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, SCTP_ERROR_NONE); + _(SHUTDOWN_SENT, INIT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_INIT_CHUNK_VIOLATION); /* UNEXPECTED INIT chunk */ + _(SHUTDOWN_SENT, INIT_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED INIT_ACK chunk */ + _(SHUTDOWN_SENT, SACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SACK_CHUNK_VIOLATION); /* UNEXPECTED SACK chunk */ + _(SHUTDOWN_SENT, HEARTBEAT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_HEARTBEAT_CHUNK_VIOLATION); /* UNEXPECTED HEARTBEAT chunk */ + _(SHUTDOWN_SENT, HEARTBEAT_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_HEARTBEAT_ACK_CHUNK_VIOLATION); /* UNEXPECTED HEARTBEAT_ACK chunk */ + _(SHUTDOWN_SENT, ABORT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ABORT_CHUNK_VIOLATION); /* UNEXPECTED ABORT chunk */ + _(SHUTDOWN_SENT, SHUTDOWN, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, SCTP_ERROR_NONE); + _(SHUTDOWN_SENT, SHUTDOWN_ACK, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, + SCTP_ERROR_NONE); + _(SHUTDOWN_SENT, COOKIE_ECHO, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_COOKIE_ECHO_VIOLATION); /* UNEXPECTED COOKIE_ECHO chunk */ + _(SHUTDOWN_SENT, COOKIE_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED COOKIE_ACK chunk */ + _(SHUTDOWN_SENT, ECNE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ECNE_VIOLATION); /* UNEXPECTED ECNE chunk */ + _(SHUTDOWN_SENT, CWR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_CWR_VIOLATION); /* UNEXPECTED CWR chunk */ + _(SHUTDOWN_SENT, SHUTDOWN_COMPLETE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_COMPLETE_VIOLATION); /* UNEXPECTED SHUTDOWN_COMPLETE chunk */ + + _(SHUTDOWN_RECEIVED, DATA, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_DATA_CHUNK_VIOLATION); /* UNEXPECTED DATA chunk */ + _(SHUTDOWN_RECEIVED, INIT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_INIT_CHUNK_VIOLATION); /* UNEXPECTED INIT chunk */ + _(SHUTDOWN_RECEIVED, INIT_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED INIT_ACK chunk */ + _(SHUTDOWN_RECEIVED, SACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SACK_CHUNK_VIOLATION); /* UNEXPECTED INIT chunk */ + _(SHUTDOWN_RECEIVED, HEARTBEAT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_HEARTBEAT_CHUNK_VIOLATION); /* UNEXPECTED HEARTBEAT chunk */ + _(SHUTDOWN_RECEIVED, HEARTBEAT_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_HEARTBEAT_ACK_CHUNK_VIOLATION); /* UNEXPECTED HEARTBEAT_ACK chunk */ + _(SHUTDOWN_RECEIVED, ABORT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ABORT_CHUNK_VIOLATION); /* UNEXPECTED ABORT chunk */ + _(SHUTDOWN_RECEIVED, SHUTDOWN, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN chunk */ + _(SHUTDOWN_RECEIVED, SHUTDOWN_ACK, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, + SCTP_ERROR_NONE); + _(SHUTDOWN_RECEIVED, COOKIE_ECHO, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_COOKIE_ECHO_VIOLATION); /* UNEXPECTED COOKIE_ECHO chunk */ + _(SHUTDOWN_RECEIVED, COOKIE_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED COOKIE_ACK chunk */ + _(SHUTDOWN_RECEIVED, ECNE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ECNE_VIOLATION); /* UNEXPECTED ECNE chunk */ + _(SHUTDOWN_RECEIVED, CWR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_CWR_VIOLATION); /* UNEXPECTED CWR chunk */ + _(SHUTDOWN_RECEIVED, SHUTDOWN_COMPLETE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_COMPLETE_VIOLATION); /* UNEXPECTED SHUTDOWN_COMPLETE chunk */ + + _(SHUTDOWN_ACK_SENT, DATA, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_DATA_CHUNK_VIOLATION); /* UNEXPECTED DATA chunk */ + _(SHUTDOWN_ACK_SENT, INIT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_INIT_CHUNK_VIOLATION); /* UNEXPECTED INIT chunk */ + _(SHUTDOWN_ACK_SENT, INIT_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED INIT_ACK chunk */ + _(SHUTDOWN_ACK_SENT, SACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SACK_CHUNK_VIOLATION); /* UNEXPECTED INIT chunk */ + _(SHUTDOWN_ACK_SENT, HEARTBEAT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_HEARTBEAT_CHUNK_VIOLATION); /* UNEXPECTED HEARTBEAT chunk */ + _(SHUTDOWN_ACK_SENT, HEARTBEAT_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_HEARTBEAT_ACK_CHUNK_VIOLATION); /* UNEXPECTED HEARTBEAT_ACK chunk */ + _(SHUTDOWN_ACK_SENT, ABORT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ABORT_CHUNK_VIOLATION); /* UNEXPECTED ABORT chunk */ + _(SHUTDOWN_ACK_SENT, SHUTDOWN, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN chunk */ + _(SHUTDOWN_ACK_SENT, SHUTDOWN_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_ACK_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN_ACK chunk */ + _(SHUTDOWN_ACK_SENT, COOKIE_ECHO, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_COOKIE_ECHO_VIOLATION); /* UNEXPECTED COOKIE_ECHO chunk */ + _(SHUTDOWN_ACK_SENT, COOKIE_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED COOKIE_ACK chunk */ + _(SHUTDOWN_ACK_SENT, ECNE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ECNE_VIOLATION); /* UNEXPECTED ECNE chunk */ + _(SHUTDOWN_ACK_SENT, CWR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_CWR_VIOLATION); /* UNEXPECTED CWR chunk */ + _(SHUTDOWN_ACK_SENT, SHUTDOWN_COMPLETE, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, + SCTP_ERROR_NONE); + + /* TODO: Handle COOKIE ECHO when a TCB Exists */ + +#undef _ +} + +clib_error_t * +sctp_input_init (vlib_main_t * vm) +{ + clib_error_t *error = 0; + sctp_main_t *tm = vnet_get_sctp_main (); + + if ((error = vlib_call_init_function (vm, sctp_init))) + return error; + + /* Initialize dispatch table. */ + sctp_dispatch_table_init (tm); + + return error; +} + +VLIB_INIT_FUNCTION (sctp_input_init); + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ |