1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* SCTP kernel implementation 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2003 International Business Machines Corp. 6 * Copyright (c) 2001 Intel Corp. 7 * Copyright (c) 2001 La Monte H.P. Yarroll 8 * 9 * This file is part of the SCTP kernel implementation 10 * 11 * This module provides the abstraction for an SCTP transport representing 12 * a remote transport address. For local transport addresses, we just use 13 * union sctp_addr. 14 * 15 * Please send any bug reports or fixes you make to the 16 * email address(es): 17 * lksctp developers <linux-sctp@vger.kernel.org> 18 * 19 * Written or modified by: 20 * La Monte H.P. Yarroll <piggy@acm.org> 21 * Karl Knutson <karl@athena.chicago.il.us> 22 * Jon Grimm <jgrimm@us.ibm.com> 23 * Xingang Guo <xingang.guo@intel.com> 24 * Hui Huang <hui.huang@nokia.com> 25 * Sridhar Samudrala <sri@us.ibm.com> 26 * Ardelle Fan <ardelle.fan@intel.com> 27 */ 28 29 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 30 31 #include <linux/slab.h> 32 #include <linux/types.h> 33 #include <linux/random.h> 34 #include <net/sctp/sctp.h> 35 #include <net/sctp/sm.h> 36 37 /* 1st Level Abstractions. */ 38 39 /* Initialize a new transport from provided memory. */ 40 static struct sctp_transport *sctp_transport_init(struct net *net, 41 struct sctp_transport *peer, 42 const union sctp_addr *addr, 43 gfp_t gfp) 44 { 45 /* Copy in the address. */ 46 peer->af_specific = sctp_get_af_specific(addr->sa.sa_family); 47 memcpy(&peer->ipaddr, addr, peer->af_specific->sockaddr_len); 48 memset(&peer->saddr, 0, sizeof(union sctp_addr)); 49 50 peer->sack_generation = 0; 51 52 /* From 6.3.1 RTO Calculation: 53 * 54 * C1) Until an RTT measurement has been made for a packet sent to the 55 * given destination transport address, set RTO to the protocol 56 * parameter 'RTO.Initial'. 57 */ 58 peer->rto = msecs_to_jiffies(net->sctp.rto_initial); 59 60 peer->last_time_heard = 0; 61 peer->last_time_ecne_reduced = jiffies; 62 63 peer->param_flags = SPP_HB_DISABLE | 64 SPP_PMTUD_ENABLE | 65 SPP_SACKDELAY_ENABLE; 66 67 /* Initialize the default path max_retrans. */ 68 peer->pathmaxrxt = net->sctp.max_retrans_path; 69 peer->pf_retrans = net->sctp.pf_retrans; 70 71 INIT_LIST_HEAD(&peer->transmitted); 72 INIT_LIST_HEAD(&peer->send_ready); 73 INIT_LIST_HEAD(&peer->transports); 74 75 timer_setup(&peer->T3_rtx_timer, sctp_generate_t3_rtx_event, 0); 76 timer_setup(&peer->hb_timer, sctp_generate_heartbeat_event, 0); 77 timer_setup(&peer->reconf_timer, sctp_generate_reconf_event, 0); 78 timer_setup(&peer->probe_timer, sctp_generate_probe_event, 0); 79 timer_setup(&peer->proto_unreach_timer, 80 sctp_generate_proto_unreach_event, 0); 81 82 /* Initialize the 64-bit random nonce sent with heartbeat. */ 83 get_random_bytes(&peer->hb_nonce, sizeof(peer->hb_nonce)); 84 85 refcount_set(&peer->refcnt, 1); 86 87 return peer; 88 } 89 90 /* Allocate and initialize a new transport. */ 91 struct sctp_transport *sctp_transport_new(struct net *net, 92 const union sctp_addr *addr, 93 gfp_t gfp) 94 { 95 struct sctp_transport *transport; 96 97 transport = kzalloc(sizeof(*transport), gfp); 98 if (!transport) 99 goto fail; 100 101 if (!sctp_transport_init(net, transport, addr, gfp)) 102 goto fail_init; 103 104 SCTP_DBG_OBJCNT_INC(transport); 105 106 return transport; 107 108 fail_init: 109 kfree(transport); 110 111 fail: 112 return NULL; 113 } 114 115 /* This transport is no longer needed. Free up if possible, or 116 * delay until it last reference count. 117 */ 118 void sctp_transport_free(struct sctp_transport *transport) 119 { 120 /* Try to delete the heartbeat timer. */ 121 if (del_timer(&transport->hb_timer)) 122 sctp_transport_put(transport); 123 124 /* Delete the T3_rtx timer if it's active. 125 * There is no point in not doing this now and letting 126 * structure hang around in memory since we know 127 * the transport is going away. 128 */ 129 if (del_timer(&transport->T3_rtx_timer)) 130 sctp_transport_put(transport); 131 132 if (del_timer(&transport->reconf_timer)) 133 sctp_transport_put(transport); 134 135 if (del_timer(&transport->probe_timer)) 136 sctp_transport_put(transport); 137 138 /* Delete the ICMP proto unreachable timer if it's active. */ 139 if (del_timer(&transport->proto_unreach_timer)) 140 sctp_transport_put(transport); 141 142 sctp_transport_put(transport); 143 } 144 145 static void sctp_transport_destroy_rcu(struct rcu_head *head) 146 { 147 struct sctp_transport *transport; 148 149 transport = container_of(head, struct sctp_transport, rcu); 150 151 dst_release(transport->dst); 152 kfree(transport); 153 SCTP_DBG_OBJCNT_DEC(transport); 154 } 155 156 /* Destroy the transport data structure. 157 * Assumes there are no more users of this structure. 158 */ 159 static void sctp_transport_destroy(struct sctp_transport *transport) 160 { 161 if (unlikely(refcount_read(&transport->refcnt))) { 162 WARN(1, "Attempt to destroy undead transport %p!\n", transport); 163 return; 164 } 165 166 sctp_packet_free(&transport->packet); 167 168 if (transport->asoc) 169 sctp_association_put(transport->asoc); 170 171 call_rcu(&transport->rcu, sctp_transport_destroy_rcu); 172 } 173 174 /* Start T3_rtx timer if it is not already running and update the heartbeat 175 * timer. This routine is called every time a DATA chunk is sent. 176 */ 177 void sctp_transport_reset_t3_rtx(struct sctp_transport *transport) 178 { 179 /* RFC 2960 6.3.2 Retransmission Timer Rules 180 * 181 * R1) Every time a DATA chunk is sent to any address(including a 182 * retransmission), if the T3-rtx timer of that address is not running 183 * start it running so that it will expire after the RTO of that 184 * address. 185 */ 186 187 if (!timer_pending(&transport->T3_rtx_timer)) 188 if (!mod_timer(&transport->T3_rtx_timer, 189 jiffies + transport->rto)) 190 sctp_transport_hold(transport); 191 } 192 193 void sctp_transport_reset_hb_timer(struct sctp_transport *transport) 194 { 195 unsigned long expires; 196 197 /* When a data chunk is sent, reset the heartbeat interval. */ 198 expires = jiffies + sctp_transport_timeout(transport); 199 if ((time_before(transport->hb_timer.expires, expires) || 200 !timer_pending(&transport->hb_timer)) && 201 !mod_timer(&transport->hb_timer, 202 expires + prandom_u32_max(transport->rto))) 203 sctp_transport_hold(transport); 204 } 205 206 void sctp_transport_reset_reconf_timer(struct sctp_transport *transport) 207 { 208 if (!timer_pending(&transport->reconf_timer)) 209 if (!mod_timer(&transport->reconf_timer, 210 jiffies + transport->rto)) 211 sctp_transport_hold(transport); 212 } 213 214 void sctp_transport_reset_probe_timer(struct sctp_transport *transport) 215 { 216 if (timer_pending(&transport->probe_timer)) 217 return; 218 if (!mod_timer(&transport->probe_timer, 219 jiffies + transport->probe_interval)) 220 sctp_transport_hold(transport); 221 } 222 223 /* This transport has been assigned to an association. 224 * Initialize fields from the association or from the sock itself. 225 * Register the reference count in the association. 226 */ 227 void sctp_transport_set_owner(struct sctp_transport *transport, 228 struct sctp_association *asoc) 229 { 230 transport->asoc = asoc; 231 sctp_association_hold(asoc); 232 } 233 234 /* Initialize the pmtu of a transport. */ 235 void sctp_transport_pmtu(struct sctp_transport *transport, struct sock *sk) 236 { 237 /* If we don't have a fresh route, look one up */ 238 if (!transport->dst || transport->dst->obsolete) { 239 sctp_transport_dst_release(transport); 240 transport->af_specific->get_dst(transport, &transport->saddr, 241 &transport->fl, sk); 242 } 243 244 if (transport->param_flags & SPP_PMTUD_DISABLE) { 245 struct sctp_association *asoc = transport->asoc; 246 247 if (!transport->pathmtu && asoc && asoc->pathmtu) 248 transport->pathmtu = asoc->pathmtu; 249 if (transport->pathmtu) 250 return; 251 } 252 253 if (transport->dst) 254 transport->pathmtu = sctp_dst_mtu(transport->dst); 255 else 256 transport->pathmtu = SCTP_DEFAULT_MAXSEGMENT; 257 258 sctp_transport_pl_update(transport); 259 } 260 261 bool sctp_transport_pl_send(struct sctp_transport *t) 262 { 263 if (t->pl.probe_count < SCTP_MAX_PROBES) 264 goto out; 265 266 t->pl.last_rtx_chunks = t->asoc->rtx_data_chunks; 267 t->pl.probe_count = 0; 268 if (t->pl.state == SCTP_PL_BASE) { 269 if (t->pl.probe_size == SCTP_BASE_PLPMTU) { /* BASE_PLPMTU Confirmation Failed */ 270 t->pl.state = SCTP_PL_ERROR; /* Base -> Error */ 271 272 t->pl.pmtu = SCTP_BASE_PLPMTU; 273 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t); 274 sctp_assoc_sync_pmtu(t->asoc); 275 } 276 } else if (t->pl.state == SCTP_PL_SEARCH) { 277 if (t->pl.pmtu == t->pl.probe_size) { /* Black Hole Detected */ 278 t->pl.state = SCTP_PL_BASE; /* Search -> Base */ 279 t->pl.probe_size = SCTP_BASE_PLPMTU; 280 t->pl.probe_high = 0; 281 282 t->pl.pmtu = SCTP_BASE_PLPMTU; 283 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t); 284 sctp_assoc_sync_pmtu(t->asoc); 285 } else { /* Normal probe failure. */ 286 t->pl.probe_high = t->pl.probe_size; 287 t->pl.probe_size = t->pl.pmtu; 288 } 289 } else if (t->pl.state == SCTP_PL_COMPLETE) { 290 if (t->pl.pmtu == t->pl.probe_size) { /* Black Hole Detected */ 291 t->pl.state = SCTP_PL_BASE; /* Search Complete -> Base */ 292 t->pl.probe_size = SCTP_BASE_PLPMTU; 293 294 t->pl.pmtu = SCTP_BASE_PLPMTU; 295 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t); 296 sctp_assoc_sync_pmtu(t->asoc); 297 } 298 } 299 300 out: 301 if (t->pl.state == SCTP_PL_COMPLETE && t->pl.raise_count < 30 && 302 !t->pl.probe_count && t->pl.last_rtx_chunks == t->asoc->rtx_data_chunks) { 303 t->pl.raise_count++; 304 return false; 305 } 306 307 pr_debug("%s: PLPMTUD: transport: %p, state: %d, pmtu: %d, size: %d, high: %d\n", 308 __func__, t, t->pl.state, t->pl.pmtu, t->pl.probe_size, t->pl.probe_high); 309 310 t->pl.probe_count++; 311 return true; 312 } 313 314 bool sctp_transport_pl_recv(struct sctp_transport *t) 315 { 316 pr_debug("%s: PLPMTUD: transport: %p, state: %d, pmtu: %d, size: %d, high: %d\n", 317 __func__, t, t->pl.state, t->pl.pmtu, t->pl.probe_size, t->pl.probe_high); 318 319 t->pl.last_rtx_chunks = t->asoc->rtx_data_chunks; 320 t->pl.pmtu = t->pl.probe_size; 321 t->pl.probe_count = 0; 322 if (t->pl.state == SCTP_PL_BASE) { 323 t->pl.state = SCTP_PL_SEARCH; /* Base -> Search */ 324 t->pl.probe_size += SCTP_PL_BIG_STEP; 325 } else if (t->pl.state == SCTP_PL_ERROR) { 326 t->pl.state = SCTP_PL_SEARCH; /* Error -> Search */ 327 328 t->pl.pmtu = t->pl.probe_size; 329 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t); 330 sctp_assoc_sync_pmtu(t->asoc); 331 t->pl.probe_size += SCTP_PL_BIG_STEP; 332 } else if (t->pl.state == SCTP_PL_SEARCH) { 333 if (!t->pl.probe_high) { 334 t->pl.probe_size = min(t->pl.probe_size + SCTP_PL_BIG_STEP, 335 SCTP_MAX_PLPMTU); 336 return false; 337 } 338 t->pl.probe_size += SCTP_PL_MIN_STEP; 339 if (t->pl.probe_size >= t->pl.probe_high) { 340 t->pl.probe_high = 0; 341 t->pl.raise_count = 0; 342 t->pl.state = SCTP_PL_COMPLETE; /* Search -> Search Complete */ 343 344 t->pl.probe_size = t->pl.pmtu; 345 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t); 346 sctp_assoc_sync_pmtu(t->asoc); 347 } 348 } else if (t->pl.state == SCTP_PL_COMPLETE && t->pl.raise_count == 30) { 349 /* Raise probe_size again after 30 * interval in Search Complete */ 350 t->pl.state = SCTP_PL_SEARCH; /* Search Complete -> Search */ 351 t->pl.probe_size += SCTP_PL_MIN_STEP; 352 } 353 354 return t->pl.state == SCTP_PL_COMPLETE; 355 } 356 357 static bool sctp_transport_pl_toobig(struct sctp_transport *t, u32 pmtu) 358 { 359 pr_debug("%s: PLPMTUD: transport: %p, state: %d, pmtu: %d, size: %d, ptb: %d\n", 360 __func__, t, t->pl.state, t->pl.pmtu, t->pl.probe_size, pmtu); 361 362 if (pmtu < SCTP_MIN_PLPMTU || pmtu >= t->pl.probe_size) 363 return false; 364 365 if (t->pl.state == SCTP_PL_BASE) { 366 if (pmtu >= SCTP_MIN_PLPMTU && pmtu < SCTP_BASE_PLPMTU) { 367 t->pl.state = SCTP_PL_ERROR; /* Base -> Error */ 368 369 t->pl.pmtu = SCTP_BASE_PLPMTU; 370 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t); 371 return true; 372 } 373 } else if (t->pl.state == SCTP_PL_SEARCH) { 374 if (pmtu >= SCTP_BASE_PLPMTU && pmtu < t->pl.pmtu) { 375 t->pl.state = SCTP_PL_BASE; /* Search -> Base */ 376 t->pl.probe_size = SCTP_BASE_PLPMTU; 377 t->pl.probe_count = 0; 378 379 t->pl.probe_high = 0; 380 t->pl.pmtu = SCTP_BASE_PLPMTU; 381 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t); 382 return true; 383 } else if (pmtu > t->pl.pmtu && pmtu < t->pl.probe_size) { 384 t->pl.probe_size = pmtu; 385 t->pl.probe_count = 0; 386 } 387 } else if (t->pl.state == SCTP_PL_COMPLETE) { 388 if (pmtu >= SCTP_BASE_PLPMTU && pmtu < t->pl.pmtu) { 389 t->pl.state = SCTP_PL_BASE; /* Complete -> Base */ 390 t->pl.probe_size = SCTP_BASE_PLPMTU; 391 t->pl.probe_count = 0; 392 393 t->pl.probe_high = 0; 394 t->pl.pmtu = SCTP_BASE_PLPMTU; 395 t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t); 396 return true; 397 } 398 } 399 400 return false; 401 } 402 403 bool sctp_transport_update_pmtu(struct sctp_transport *t, u32 pmtu) 404 { 405 struct sock *sk = t->asoc->base.sk; 406 struct dst_entry *dst; 407 bool change = true; 408 409 if (unlikely(pmtu < SCTP_DEFAULT_MINSEGMENT)) { 410 pr_warn_ratelimited("%s: Reported pmtu %d too low, using default minimum of %d\n", 411 __func__, pmtu, SCTP_DEFAULT_MINSEGMENT); 412 /* Use default minimum segment instead */ 413 pmtu = SCTP_DEFAULT_MINSEGMENT; 414 } 415 pmtu = SCTP_TRUNC4(pmtu); 416 417 if (sctp_transport_pl_enabled(t)) 418 return sctp_transport_pl_toobig(t, pmtu - sctp_transport_pl_hlen(t)); 419 420 dst = sctp_transport_dst_check(t); 421 if (dst) { 422 struct sctp_pf *pf = sctp_get_pf_specific(dst->ops->family); 423 union sctp_addr addr; 424 425 pf->af->from_sk(&addr, sk); 426 pf->to_sk_daddr(&t->ipaddr, sk); 427 dst->ops->update_pmtu(dst, sk, NULL, pmtu, true); 428 pf->to_sk_daddr(&addr, sk); 429 430 dst = sctp_transport_dst_check(t); 431 } 432 433 if (!dst) { 434 t->af_specific->get_dst(t, &t->saddr, &t->fl, sk); 435 dst = t->dst; 436 } 437 438 if (dst) { 439 /* Re-fetch, as under layers may have a higher minimum size */ 440 pmtu = sctp_dst_mtu(dst); 441 change = t->pathmtu != pmtu; 442 } 443 t->pathmtu = pmtu; 444 445 return change; 446 } 447 448 /* Caches the dst entry and source address for a transport's destination 449 * address. 450 */ 451 void sctp_transport_route(struct sctp_transport *transport, 452 union sctp_addr *saddr, struct sctp_sock *opt) 453 { 454 struct sctp_association *asoc = transport->asoc; 455 struct sctp_af *af = transport->af_specific; 456 457 sctp_transport_dst_release(transport); 458 af->get_dst(transport, saddr, &transport->fl, sctp_opt2sk(opt)); 459 460 if (saddr) 461 memcpy(&transport->saddr, saddr, sizeof(union sctp_addr)); 462 else 463 af->get_saddr(opt, transport, &transport->fl); 464 465 sctp_transport_pmtu(transport, sctp_opt2sk(opt)); 466 467 /* Initialize sk->sk_rcv_saddr, if the transport is the 468 * association's active path for getsockname(). 469 */ 470 if (transport->dst && asoc && 471 (!asoc->peer.primary_path || transport == asoc->peer.active_path)) 472 opt->pf->to_sk_saddr(&transport->saddr, asoc->base.sk); 473 } 474 475 /* Hold a reference to a transport. */ 476 int sctp_transport_hold(struct sctp_transport *transport) 477 { 478 return refcount_inc_not_zero(&transport->refcnt); 479 } 480 481 /* Release a reference to a transport and clean up 482 * if there are no more references. 483 */ 484 void sctp_transport_put(struct sctp_transport *transport) 485 { 486 if (refcount_dec_and_test(&transport->refcnt)) 487 sctp_transport_destroy(transport); 488 } 489 490 /* Update transport's RTO based on the newly calculated RTT. */ 491 void sctp_transport_update_rto(struct sctp_transport *tp, __u32 rtt) 492 { 493 if (unlikely(!tp->rto_pending)) 494 /* We should not be doing any RTO updates unless rto_pending is set. */ 495 pr_debug("%s: rto_pending not set on transport %p!\n", __func__, tp); 496 497 if (tp->rttvar || tp->srtt) { 498 struct net *net = tp->asoc->base.net; 499 /* 6.3.1 C3) When a new RTT measurement R' is made, set 500 * RTTVAR <- (1 - RTO.Beta) * RTTVAR + RTO.Beta * |SRTT - R'| 501 * SRTT <- (1 - RTO.Alpha) * SRTT + RTO.Alpha * R' 502 */ 503 504 /* Note: The above algorithm has been rewritten to 505 * express rto_beta and rto_alpha as inverse powers 506 * of two. 507 * For example, assuming the default value of RTO.Alpha of 508 * 1/8, rto_alpha would be expressed as 3. 509 */ 510 tp->rttvar = tp->rttvar - (tp->rttvar >> net->sctp.rto_beta) 511 + (((__u32)abs((__s64)tp->srtt - (__s64)rtt)) >> net->sctp.rto_beta); 512 tp->srtt = tp->srtt - (tp->srtt >> net->sctp.rto_alpha) 513 + (rtt >> net->sctp.rto_alpha); 514 } else { 515 /* 6.3.1 C2) When the first RTT measurement R is made, set 516 * SRTT <- R, RTTVAR <- R/2. 517 */ 518 tp->srtt = rtt; 519 tp->rttvar = rtt >> 1; 520 } 521 522 /* 6.3.1 G1) Whenever RTTVAR is computed, if RTTVAR = 0, then 523 * adjust RTTVAR <- G, where G is the CLOCK GRANULARITY. 524 */ 525 if (tp->rttvar == 0) 526 tp->rttvar = SCTP_CLOCK_GRANULARITY; 527 528 /* 6.3.1 C3) After the computation, update RTO <- SRTT + 4 * RTTVAR. */ 529 tp->rto = tp->srtt + (tp->rttvar << 2); 530 531 /* 6.3.1 C6) Whenever RTO is computed, if it is less than RTO.Min 532 * seconds then it is rounded up to RTO.Min seconds. 533 */ 534 if (tp->rto < tp->asoc->rto_min) 535 tp->rto = tp->asoc->rto_min; 536 537 /* 6.3.1 C7) A maximum value may be placed on RTO provided it is 538 * at least RTO.max seconds. 539 */ 540 if (tp->rto > tp->asoc->rto_max) 541 tp->rto = tp->asoc->rto_max; 542 543 sctp_max_rto(tp->asoc, tp); 544 tp->rtt = rtt; 545 546 /* Reset rto_pending so that a new RTT measurement is started when a 547 * new data chunk is sent. 548 */ 549 tp->rto_pending = 0; 550 551 pr_debug("%s: transport:%p, rtt:%d, srtt:%d rttvar:%d, rto:%ld\n", 552 __func__, tp, rtt, tp->srtt, tp->rttvar, tp->rto); 553 } 554 555 /* This routine updates the transport's cwnd and partial_bytes_acked 556 * parameters based on the bytes acked in the received SACK. 557 */ 558 void sctp_transport_raise_cwnd(struct sctp_transport *transport, 559 __u32 sack_ctsn, __u32 bytes_acked) 560 { 561 struct sctp_association *asoc = transport->asoc; 562 __u32 cwnd, ssthresh, flight_size, pba, pmtu; 563 564 cwnd = transport->cwnd; 565 flight_size = transport->flight_size; 566 567 /* See if we need to exit Fast Recovery first */ 568 if (asoc->fast_recovery && 569 TSN_lte(asoc->fast_recovery_exit, sack_ctsn)) 570 asoc->fast_recovery = 0; 571 572 ssthresh = transport->ssthresh; 573 pba = transport->partial_bytes_acked; 574 pmtu = transport->asoc->pathmtu; 575 576 if (cwnd <= ssthresh) { 577 /* RFC 4960 7.2.1 578 * o When cwnd is less than or equal to ssthresh, an SCTP 579 * endpoint MUST use the slow-start algorithm to increase 580 * cwnd only if the current congestion window is being fully 581 * utilized, an incoming SACK advances the Cumulative TSN 582 * Ack Point, and the data sender is not in Fast Recovery. 583 * Only when these three conditions are met can the cwnd be 584 * increased; otherwise, the cwnd MUST not be increased. 585 * If these conditions are met, then cwnd MUST be increased 586 * by, at most, the lesser of 1) the total size of the 587 * previously outstanding DATA chunk(s) acknowledged, and 588 * 2) the destination's path MTU. This upper bound protects 589 * against the ACK-Splitting attack outlined in [SAVAGE99]. 590 */ 591 if (asoc->fast_recovery) 592 return; 593 594 /* The appropriate cwnd increase algorithm is performed 595 * if, and only if the congestion window is being fully 596 * utilized. Note that RFC4960 Errata 3.22 removed the 597 * other condition on ctsn moving. 598 */ 599 if (flight_size < cwnd) 600 return; 601 602 if (bytes_acked > pmtu) 603 cwnd += pmtu; 604 else 605 cwnd += bytes_acked; 606 607 pr_debug("%s: slow start: transport:%p, bytes_acked:%d, " 608 "cwnd:%d, ssthresh:%d, flight_size:%d, pba:%d\n", 609 __func__, transport, bytes_acked, cwnd, ssthresh, 610 flight_size, pba); 611 } else { 612 /* RFC 2960 7.2.2 Whenever cwnd is greater than ssthresh, 613 * upon each SACK arrival, increase partial_bytes_acked 614 * by the total number of bytes of all new chunks 615 * acknowledged in that SACK including chunks 616 * acknowledged by the new Cumulative TSN Ack and by Gap 617 * Ack Blocks. (updated by RFC4960 Errata 3.22) 618 * 619 * When partial_bytes_acked is greater than cwnd and 620 * before the arrival of the SACK the sender had less 621 * bytes of data outstanding than cwnd (i.e., before 622 * arrival of the SACK, flightsize was less than cwnd), 623 * reset partial_bytes_acked to cwnd. (RFC 4960 Errata 624 * 3.26) 625 * 626 * When partial_bytes_acked is equal to or greater than 627 * cwnd and before the arrival of the SACK the sender 628 * had cwnd or more bytes of data outstanding (i.e., 629 * before arrival of the SACK, flightsize was greater 630 * than or equal to cwnd), partial_bytes_acked is reset 631 * to (partial_bytes_acked - cwnd). Next, cwnd is 632 * increased by MTU. (RFC 4960 Errata 3.12) 633 */ 634 pba += bytes_acked; 635 if (pba > cwnd && flight_size < cwnd) 636 pba = cwnd; 637 if (pba >= cwnd && flight_size >= cwnd) { 638 pba = pba - cwnd; 639 cwnd += pmtu; 640 } 641 642 pr_debug("%s: congestion avoidance: transport:%p, " 643 "bytes_acked:%d, cwnd:%d, ssthresh:%d, " 644 "flight_size:%d, pba:%d\n", __func__, 645 transport, bytes_acked, cwnd, ssthresh, 646 flight_size, pba); 647 } 648 649 transport->cwnd = cwnd; 650 transport->partial_bytes_acked = pba; 651 } 652 653 /* This routine is used to lower the transport's cwnd when congestion is 654 * detected. 655 */ 656 void sctp_transport_lower_cwnd(struct sctp_transport *transport, 657 enum sctp_lower_cwnd reason) 658 { 659 struct sctp_association *asoc = transport->asoc; 660 661 switch (reason) { 662 case SCTP_LOWER_CWND_T3_RTX: 663 /* RFC 2960 Section 7.2.3, sctpimpguide 664 * When the T3-rtx timer expires on an address, SCTP should 665 * perform slow start by: 666 * ssthresh = max(cwnd/2, 4*MTU) 667 * cwnd = 1*MTU 668 * partial_bytes_acked = 0 669 */ 670 transport->ssthresh = max(transport->cwnd/2, 671 4*asoc->pathmtu); 672 transport->cwnd = asoc->pathmtu; 673 674 /* T3-rtx also clears fast recovery */ 675 asoc->fast_recovery = 0; 676 break; 677 678 case SCTP_LOWER_CWND_FAST_RTX: 679 /* RFC 2960 7.2.4 Adjust the ssthresh and cwnd of the 680 * destination address(es) to which the missing DATA chunks 681 * were last sent, according to the formula described in 682 * Section 7.2.3. 683 * 684 * RFC 2960 7.2.3, sctpimpguide Upon detection of packet 685 * losses from SACK (see Section 7.2.4), An endpoint 686 * should do the following: 687 * ssthresh = max(cwnd/2, 4*MTU) 688 * cwnd = ssthresh 689 * partial_bytes_acked = 0 690 */ 691 if (asoc->fast_recovery) 692 return; 693 694 /* Mark Fast recovery */ 695 asoc->fast_recovery = 1; 696 asoc->fast_recovery_exit = asoc->next_tsn - 1; 697 698 transport->ssthresh = max(transport->cwnd/2, 699 4*asoc->pathmtu); 700 transport->cwnd = transport->ssthresh; 701 break; 702 703 case SCTP_LOWER_CWND_ECNE: 704 /* RFC 2481 Section 6.1.2. 705 * If the sender receives an ECN-Echo ACK packet 706 * then the sender knows that congestion was encountered in the 707 * network on the path from the sender to the receiver. The 708 * indication of congestion should be treated just as a 709 * congestion loss in non-ECN Capable TCP. That is, the TCP 710 * source halves the congestion window "cwnd" and reduces the 711 * slow start threshold "ssthresh". 712 * A critical condition is that TCP does not react to 713 * congestion indications more than once every window of 714 * data (or more loosely more than once every round-trip time). 715 */ 716 if (time_after(jiffies, transport->last_time_ecne_reduced + 717 transport->rtt)) { 718 transport->ssthresh = max(transport->cwnd/2, 719 4*asoc->pathmtu); 720 transport->cwnd = transport->ssthresh; 721 transport->last_time_ecne_reduced = jiffies; 722 } 723 break; 724 725 case SCTP_LOWER_CWND_INACTIVE: 726 /* RFC 2960 Section 7.2.1, sctpimpguide 727 * When the endpoint does not transmit data on a given 728 * transport address, the cwnd of the transport address 729 * should be adjusted to max(cwnd/2, 4*MTU) per RTO. 730 * NOTE: Although the draft recommends that this check needs 731 * to be done every RTO interval, we do it every hearbeat 732 * interval. 733 */ 734 transport->cwnd = max(transport->cwnd/2, 735 4*asoc->pathmtu); 736 /* RFC 4960 Errata 3.27.2: also adjust sshthresh */ 737 transport->ssthresh = transport->cwnd; 738 break; 739 } 740 741 transport->partial_bytes_acked = 0; 742 743 pr_debug("%s: transport:%p, reason:%d, cwnd:%d, ssthresh:%d\n", 744 __func__, transport, reason, transport->cwnd, 745 transport->ssthresh); 746 } 747 748 /* Apply Max.Burst limit to the congestion window: 749 * sctpimpguide-05 2.14.2 750 * D) When the time comes for the sender to 751 * transmit new DATA chunks, the protocol parameter Max.Burst MUST 752 * first be applied to limit how many new DATA chunks may be sent. 753 * The limit is applied by adjusting cwnd as follows: 754 * if ((flightsize+ Max.Burst * MTU) < cwnd) 755 * cwnd = flightsize + Max.Burst * MTU 756 */ 757 758 void sctp_transport_burst_limited(struct sctp_transport *t) 759 { 760 struct sctp_association *asoc = t->asoc; 761 u32 old_cwnd = t->cwnd; 762 u32 max_burst_bytes; 763 764 if (t->burst_limited || asoc->max_burst == 0) 765 return; 766 767 max_burst_bytes = t->flight_size + (asoc->max_burst * asoc->pathmtu); 768 if (max_burst_bytes < old_cwnd) { 769 t->cwnd = max_burst_bytes; 770 t->burst_limited = old_cwnd; 771 } 772 } 773 774 /* Restore the old cwnd congestion window, after the burst had it's 775 * desired effect. 776 */ 777 void sctp_transport_burst_reset(struct sctp_transport *t) 778 { 779 if (t->burst_limited) { 780 t->cwnd = t->burst_limited; 781 t->burst_limited = 0; 782 } 783 } 784 785 /* What is the next timeout value for this transport? */ 786 unsigned long sctp_transport_timeout(struct sctp_transport *trans) 787 { 788 /* RTO + timer slack +/- 50% of RTO */ 789 unsigned long timeout = trans->rto >> 1; 790 791 if (trans->state != SCTP_UNCONFIRMED && 792 trans->state != SCTP_PF) 793 timeout += trans->hbinterval; 794 795 return max_t(unsigned long, timeout, HZ / 5); 796 } 797 798 /* Reset transport variables to their initial values */ 799 void sctp_transport_reset(struct sctp_transport *t) 800 { 801 struct sctp_association *asoc = t->asoc; 802 803 /* RFC 2960 (bis), Section 5.2.4 804 * All the congestion control parameters (e.g., cwnd, ssthresh) 805 * related to this peer MUST be reset to their initial values 806 * (see Section 6.2.1) 807 */ 808 t->cwnd = min(4*asoc->pathmtu, max_t(__u32, 2*asoc->pathmtu, 4380)); 809 t->burst_limited = 0; 810 t->ssthresh = asoc->peer.i.a_rwnd; 811 t->rto = asoc->rto_initial; 812 sctp_max_rto(asoc, t); 813 t->rtt = 0; 814 t->srtt = 0; 815 t->rttvar = 0; 816 817 /* Reset these additional variables so that we have a clean slate. */ 818 t->partial_bytes_acked = 0; 819 t->flight_size = 0; 820 t->error_count = 0; 821 t->rto_pending = 0; 822 t->hb_sent = 0; 823 824 /* Initialize the state information for SFR-CACC */ 825 t->cacc.changeover_active = 0; 826 t->cacc.cycling_changeover = 0; 827 t->cacc.next_tsn_at_change = 0; 828 t->cacc.cacc_saw_newack = 0; 829 } 830 831 /* Schedule retransmission on the given transport */ 832 void sctp_transport_immediate_rtx(struct sctp_transport *t) 833 { 834 /* Stop pending T3_rtx_timer */ 835 if (del_timer(&t->T3_rtx_timer)) 836 sctp_transport_put(t); 837 838 sctp_retransmit(&t->asoc->outqueue, t, SCTP_RTXR_T3_RTX); 839 if (!timer_pending(&t->T3_rtx_timer)) { 840 if (!mod_timer(&t->T3_rtx_timer, jiffies + t->rto)) 841 sctp_transport_hold(t); 842 } 843 } 844 845 /* Drop dst */ 846 void sctp_transport_dst_release(struct sctp_transport *t) 847 { 848 dst_release(t->dst); 849 t->dst = NULL; 850 t->dst_pending_confirm = 0; 851 } 852 853 /* Schedule neighbour confirm */ 854 void sctp_transport_dst_confirm(struct sctp_transport *t) 855 { 856 t->dst_pending_confirm = 1; 857 } 858