1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* SCTP kernel implementation
3  * Copyright (c) 1999-2000 Cisco, Inc.
4  * Copyright (c) 1999-2001 Motorola, Inc.
5  * Copyright (c) 2001-2003 International Business Machines Corp.
6  * Copyright (c) 2001 Intel Corp.
7  * Copyright (c) 2001 La Monte H.P. Yarroll
8  *
9  * This file is part of the SCTP kernel implementation
10  *
11  * This module provides the abstraction for an SCTP transport representing
12  * a remote transport address.  For local transport addresses, we just use
13  * union sctp_addr.
14  *
15  * Please send any bug reports or fixes you make to the
16  * email address(es):
17  *    lksctp developers <linux-sctp@vger.kernel.org>
18  *
19  * Written or modified by:
20  *    La Monte H.P. Yarroll <piggy@acm.org>
21  *    Karl Knutson          <karl@athena.chicago.il.us>
22  *    Jon Grimm             <jgrimm@us.ibm.com>
23  *    Xingang Guo           <xingang.guo@intel.com>
24  *    Hui Huang             <hui.huang@nokia.com>
25  *    Sridhar Samudrala	    <sri@us.ibm.com>
26  *    Ardelle Fan	    <ardelle.fan@intel.com>
27  */
28 
29 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
30 
31 #include <linux/slab.h>
32 #include <linux/types.h>
33 #include <linux/random.h>
34 #include <net/sctp/sctp.h>
35 #include <net/sctp/sm.h>
36 
37 /* 1st Level Abstractions.  */
38 
39 /* Initialize a new transport from provided memory.  */
sctp_transport_init(struct net * net,struct sctp_transport * peer,const union sctp_addr * addr,gfp_t gfp)40 static struct sctp_transport *sctp_transport_init(struct net *net,
41 						  struct sctp_transport *peer,
42 						  const union sctp_addr *addr,
43 						  gfp_t gfp)
44 {
45 	/* Copy in the address.  */
46 	peer->af_specific = sctp_get_af_specific(addr->sa.sa_family);
47 	memcpy(&peer->ipaddr, addr, peer->af_specific->sockaddr_len);
48 	memset(&peer->saddr, 0, sizeof(union sctp_addr));
49 
50 	peer->sack_generation = 0;
51 
52 	/* From 6.3.1 RTO Calculation:
53 	 *
54 	 * C1) Until an RTT measurement has been made for a packet sent to the
55 	 * given destination transport address, set RTO to the protocol
56 	 * parameter 'RTO.Initial'.
57 	 */
58 	peer->rto = msecs_to_jiffies(net->sctp.rto_initial);
59 
60 	peer->last_time_heard = 0;
61 	peer->last_time_ecne_reduced = jiffies;
62 
63 	peer->param_flags = SPP_HB_DISABLE |
64 			    SPP_PMTUD_ENABLE |
65 			    SPP_SACKDELAY_ENABLE;
66 
67 	/* Initialize the default path max_retrans.  */
68 	peer->pathmaxrxt  = net->sctp.max_retrans_path;
69 	peer->pf_retrans  = net->sctp.pf_retrans;
70 
71 	INIT_LIST_HEAD(&peer->transmitted);
72 	INIT_LIST_HEAD(&peer->send_ready);
73 	INIT_LIST_HEAD(&peer->transports);
74 
75 	timer_setup(&peer->T3_rtx_timer, sctp_generate_t3_rtx_event, 0);
76 	timer_setup(&peer->hb_timer, sctp_generate_heartbeat_event, 0);
77 	timer_setup(&peer->reconf_timer, sctp_generate_reconf_event, 0);
78 	timer_setup(&peer->probe_timer, sctp_generate_probe_event, 0);
79 	timer_setup(&peer->proto_unreach_timer,
80 		    sctp_generate_proto_unreach_event, 0);
81 
82 	/* Initialize the 64-bit random nonce sent with heartbeat. */
83 	get_random_bytes(&peer->hb_nonce, sizeof(peer->hb_nonce));
84 
85 	refcount_set(&peer->refcnt, 1);
86 
87 	return peer;
88 }
89 
90 /* Allocate and initialize a new transport.  */
sctp_transport_new(struct net * net,const union sctp_addr * addr,gfp_t gfp)91 struct sctp_transport *sctp_transport_new(struct net *net,
92 					  const union sctp_addr *addr,
93 					  gfp_t gfp)
94 {
95 	struct sctp_transport *transport;
96 
97 	transport = kzalloc(sizeof(*transport), gfp);
98 	if (!transport)
99 		goto fail;
100 
101 	if (!sctp_transport_init(net, transport, addr, gfp))
102 		goto fail_init;
103 
104 	SCTP_DBG_OBJCNT_INC(transport);
105 
106 	return transport;
107 
108 fail_init:
109 	kfree(transport);
110 
111 fail:
112 	return NULL;
113 }
114 
115 /* This transport is no longer needed.  Free up if possible, or
116  * delay until it last reference count.
117  */
sctp_transport_free(struct sctp_transport * transport)118 void sctp_transport_free(struct sctp_transport *transport)
119 {
120 	/* Try to delete the heartbeat timer.  */
121 	if (del_timer(&transport->hb_timer))
122 		sctp_transport_put(transport);
123 
124 	/* Delete the T3_rtx timer if it's active.
125 	 * There is no point in not doing this now and letting
126 	 * structure hang around in memory since we know
127 	 * the transport is going away.
128 	 */
129 	if (del_timer(&transport->T3_rtx_timer))
130 		sctp_transport_put(transport);
131 
132 	if (del_timer(&transport->reconf_timer))
133 		sctp_transport_put(transport);
134 
135 	if (del_timer(&transport->probe_timer))
136 		sctp_transport_put(transport);
137 
138 	/* Delete the ICMP proto unreachable timer if it's active. */
139 	if (del_timer(&transport->proto_unreach_timer))
140 		sctp_transport_put(transport);
141 
142 	sctp_transport_put(transport);
143 }
144 
sctp_transport_destroy_rcu(struct rcu_head * head)145 static void sctp_transport_destroy_rcu(struct rcu_head *head)
146 {
147 	struct sctp_transport *transport;
148 
149 	transport = container_of(head, struct sctp_transport, rcu);
150 
151 	dst_release(transport->dst);
152 	kfree(transport);
153 	SCTP_DBG_OBJCNT_DEC(transport);
154 }
155 
156 /* Destroy the transport data structure.
157  * Assumes there are no more users of this structure.
158  */
sctp_transport_destroy(struct sctp_transport * transport)159 static void sctp_transport_destroy(struct sctp_transport *transport)
160 {
161 	if (unlikely(refcount_read(&transport->refcnt))) {
162 		WARN(1, "Attempt to destroy undead transport %p!\n", transport);
163 		return;
164 	}
165 
166 	sctp_packet_free(&transport->packet);
167 
168 	if (transport->asoc)
169 		sctp_association_put(transport->asoc);
170 
171 	call_rcu(&transport->rcu, sctp_transport_destroy_rcu);
172 }
173 
174 /* Start T3_rtx timer if it is not already running and update the heartbeat
175  * timer.  This routine is called every time a DATA chunk is sent.
176  */
sctp_transport_reset_t3_rtx(struct sctp_transport * transport)177 void sctp_transport_reset_t3_rtx(struct sctp_transport *transport)
178 {
179 	/* RFC 2960 6.3.2 Retransmission Timer Rules
180 	 *
181 	 * R1) Every time a DATA chunk is sent to any address(including a
182 	 * retransmission), if the T3-rtx timer of that address is not running
183 	 * start it running so that it will expire after the RTO of that
184 	 * address.
185 	 */
186 
187 	if (!timer_pending(&transport->T3_rtx_timer))
188 		if (!mod_timer(&transport->T3_rtx_timer,
189 			       jiffies + transport->rto))
190 			sctp_transport_hold(transport);
191 }
192 
sctp_transport_reset_hb_timer(struct sctp_transport * transport)193 void sctp_transport_reset_hb_timer(struct sctp_transport *transport)
194 {
195 	unsigned long expires;
196 
197 	/* When a data chunk is sent, reset the heartbeat interval.  */
198 	expires = jiffies + sctp_transport_timeout(transport);
199 	if ((time_before(transport->hb_timer.expires, expires) ||
200 	     !timer_pending(&transport->hb_timer)) &&
201 	    !mod_timer(&transport->hb_timer,
202 		       expires + prandom_u32_max(transport->rto)))
203 		sctp_transport_hold(transport);
204 }
205 
sctp_transport_reset_reconf_timer(struct sctp_transport * transport)206 void sctp_transport_reset_reconf_timer(struct sctp_transport *transport)
207 {
208 	if (!timer_pending(&transport->reconf_timer))
209 		if (!mod_timer(&transport->reconf_timer,
210 			       jiffies + transport->rto))
211 			sctp_transport_hold(transport);
212 }
213 
sctp_transport_reset_probe_timer(struct sctp_transport * transport)214 void sctp_transport_reset_probe_timer(struct sctp_transport *transport)
215 {
216 	if (timer_pending(&transport->probe_timer))
217 		return;
218 	if (!mod_timer(&transport->probe_timer,
219 		       jiffies + transport->probe_interval))
220 		sctp_transport_hold(transport);
221 }
222 
223 /* This transport has been assigned to an association.
224  * Initialize fields from the association or from the sock itself.
225  * Register the reference count in the association.
226  */
sctp_transport_set_owner(struct sctp_transport * transport,struct sctp_association * asoc)227 void sctp_transport_set_owner(struct sctp_transport *transport,
228 			      struct sctp_association *asoc)
229 {
230 	transport->asoc = asoc;
231 	sctp_association_hold(asoc);
232 }
233 
234 /* Initialize the pmtu of a transport. */
sctp_transport_pmtu(struct sctp_transport * transport,struct sock * sk)235 void sctp_transport_pmtu(struct sctp_transport *transport, struct sock *sk)
236 {
237 	/* If we don't have a fresh route, look one up */
238 	if (!transport->dst || transport->dst->obsolete) {
239 		sctp_transport_dst_release(transport);
240 		transport->af_specific->get_dst(transport, &transport->saddr,
241 						&transport->fl, sk);
242 	}
243 
244 	if (transport->param_flags & SPP_PMTUD_DISABLE) {
245 		struct sctp_association *asoc = transport->asoc;
246 
247 		if (!transport->pathmtu && asoc && asoc->pathmtu)
248 			transport->pathmtu = asoc->pathmtu;
249 		if (transport->pathmtu)
250 			return;
251 	}
252 
253 	if (transport->dst)
254 		transport->pathmtu = sctp_dst_mtu(transport->dst);
255 	else
256 		transport->pathmtu = SCTP_DEFAULT_MAXSEGMENT;
257 
258 	sctp_transport_pl_update(transport);
259 }
260 
sctp_transport_pl_send(struct sctp_transport * t)261 bool sctp_transport_pl_send(struct sctp_transport *t)
262 {
263 	if (t->pl.probe_count < SCTP_MAX_PROBES)
264 		goto out;
265 
266 	t->pl.last_rtx_chunks = t->asoc->rtx_data_chunks;
267 	t->pl.probe_count = 0;
268 	if (t->pl.state == SCTP_PL_BASE) {
269 		if (t->pl.probe_size == SCTP_BASE_PLPMTU) { /* BASE_PLPMTU Confirmation Failed */
270 			t->pl.state = SCTP_PL_ERROR; /* Base -> Error */
271 
272 			t->pl.pmtu = SCTP_BASE_PLPMTU;
273 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
274 			sctp_assoc_sync_pmtu(t->asoc);
275 		}
276 	} else if (t->pl.state == SCTP_PL_SEARCH) {
277 		if (t->pl.pmtu == t->pl.probe_size) { /* Black Hole Detected */
278 			t->pl.state = SCTP_PL_BASE;  /* Search -> Base */
279 			t->pl.probe_size = SCTP_BASE_PLPMTU;
280 			t->pl.probe_high = 0;
281 
282 			t->pl.pmtu = SCTP_BASE_PLPMTU;
283 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
284 			sctp_assoc_sync_pmtu(t->asoc);
285 		} else { /* Normal probe failure. */
286 			t->pl.probe_high = t->pl.probe_size;
287 			t->pl.probe_size = t->pl.pmtu;
288 		}
289 	} else if (t->pl.state == SCTP_PL_COMPLETE) {
290 		if (t->pl.pmtu == t->pl.probe_size) { /* Black Hole Detected */
291 			t->pl.state = SCTP_PL_BASE;  /* Search Complete -> Base */
292 			t->pl.probe_size = SCTP_BASE_PLPMTU;
293 
294 			t->pl.pmtu = SCTP_BASE_PLPMTU;
295 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
296 			sctp_assoc_sync_pmtu(t->asoc);
297 		}
298 	}
299 
300 out:
301 	if (t->pl.state == SCTP_PL_COMPLETE && t->pl.raise_count < 30 &&
302 	    !t->pl.probe_count && t->pl.last_rtx_chunks == t->asoc->rtx_data_chunks) {
303 		t->pl.raise_count++;
304 		return false;
305 	}
306 
307 	pr_debug("%s: PLPMTUD: transport: %p, state: %d, pmtu: %d, size: %d, high: %d\n",
308 		 __func__, t, t->pl.state, t->pl.pmtu, t->pl.probe_size, t->pl.probe_high);
309 
310 	t->pl.probe_count++;
311 	return true;
312 }
313 
sctp_transport_pl_recv(struct sctp_transport * t)314 bool sctp_transport_pl_recv(struct sctp_transport *t)
315 {
316 	pr_debug("%s: PLPMTUD: transport: %p, state: %d, pmtu: %d, size: %d, high: %d\n",
317 		 __func__, t, t->pl.state, t->pl.pmtu, t->pl.probe_size, t->pl.probe_high);
318 
319 	t->pl.last_rtx_chunks = t->asoc->rtx_data_chunks;
320 	t->pl.pmtu = t->pl.probe_size;
321 	t->pl.probe_count = 0;
322 	if (t->pl.state == SCTP_PL_BASE) {
323 		t->pl.state = SCTP_PL_SEARCH; /* Base -> Search */
324 		t->pl.probe_size += SCTP_PL_BIG_STEP;
325 	} else if (t->pl.state == SCTP_PL_ERROR) {
326 		t->pl.state = SCTP_PL_SEARCH; /* Error -> Search */
327 
328 		t->pl.pmtu = t->pl.probe_size;
329 		t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
330 		sctp_assoc_sync_pmtu(t->asoc);
331 		t->pl.probe_size += SCTP_PL_BIG_STEP;
332 	} else if (t->pl.state == SCTP_PL_SEARCH) {
333 		if (!t->pl.probe_high) {
334 			t->pl.probe_size = min(t->pl.probe_size + SCTP_PL_BIG_STEP,
335 					       SCTP_MAX_PLPMTU);
336 			return false;
337 		}
338 		t->pl.probe_size += SCTP_PL_MIN_STEP;
339 		if (t->pl.probe_size >= t->pl.probe_high) {
340 			t->pl.probe_high = 0;
341 			t->pl.raise_count = 0;
342 			t->pl.state = SCTP_PL_COMPLETE; /* Search -> Search Complete */
343 
344 			t->pl.probe_size = t->pl.pmtu;
345 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
346 			sctp_assoc_sync_pmtu(t->asoc);
347 		}
348 	} else if (t->pl.state == SCTP_PL_COMPLETE && t->pl.raise_count == 30) {
349 		/* Raise probe_size again after 30 * interval in Search Complete */
350 		t->pl.state = SCTP_PL_SEARCH; /* Search Complete -> Search */
351 		t->pl.probe_size += SCTP_PL_MIN_STEP;
352 	}
353 
354 	return t->pl.state == SCTP_PL_COMPLETE;
355 }
356 
sctp_transport_pl_toobig(struct sctp_transport * t,u32 pmtu)357 static bool sctp_transport_pl_toobig(struct sctp_transport *t, u32 pmtu)
358 {
359 	pr_debug("%s: PLPMTUD: transport: %p, state: %d, pmtu: %d, size: %d, ptb: %d\n",
360 		 __func__, t, t->pl.state, t->pl.pmtu, t->pl.probe_size, pmtu);
361 
362 	if (pmtu < SCTP_MIN_PLPMTU || pmtu >= t->pl.probe_size)
363 		return false;
364 
365 	if (t->pl.state == SCTP_PL_BASE) {
366 		if (pmtu >= SCTP_MIN_PLPMTU && pmtu < SCTP_BASE_PLPMTU) {
367 			t->pl.state = SCTP_PL_ERROR; /* Base -> Error */
368 
369 			t->pl.pmtu = SCTP_BASE_PLPMTU;
370 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
371 			return true;
372 		}
373 	} else if (t->pl.state == SCTP_PL_SEARCH) {
374 		if (pmtu >= SCTP_BASE_PLPMTU && pmtu < t->pl.pmtu) {
375 			t->pl.state = SCTP_PL_BASE;  /* Search -> Base */
376 			t->pl.probe_size = SCTP_BASE_PLPMTU;
377 			t->pl.probe_count = 0;
378 
379 			t->pl.probe_high = 0;
380 			t->pl.pmtu = SCTP_BASE_PLPMTU;
381 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
382 			return true;
383 		} else if (pmtu > t->pl.pmtu && pmtu < t->pl.probe_size) {
384 			t->pl.probe_size = pmtu;
385 			t->pl.probe_count = 0;
386 		}
387 	} else if (t->pl.state == SCTP_PL_COMPLETE) {
388 		if (pmtu >= SCTP_BASE_PLPMTU && pmtu < t->pl.pmtu) {
389 			t->pl.state = SCTP_PL_BASE;  /* Complete -> Base */
390 			t->pl.probe_size = SCTP_BASE_PLPMTU;
391 			t->pl.probe_count = 0;
392 
393 			t->pl.probe_high = 0;
394 			t->pl.pmtu = SCTP_BASE_PLPMTU;
395 			t->pathmtu = t->pl.pmtu + sctp_transport_pl_hlen(t);
396 			return true;
397 		}
398 	}
399 
400 	return false;
401 }
402 
sctp_transport_update_pmtu(struct sctp_transport * t,u32 pmtu)403 bool sctp_transport_update_pmtu(struct sctp_transport *t, u32 pmtu)
404 {
405 	struct sock *sk = t->asoc->base.sk;
406 	struct dst_entry *dst;
407 	bool change = true;
408 
409 	if (unlikely(pmtu < SCTP_DEFAULT_MINSEGMENT)) {
410 		pr_warn_ratelimited("%s: Reported pmtu %d too low, using default minimum of %d\n",
411 				    __func__, pmtu, SCTP_DEFAULT_MINSEGMENT);
412 		/* Use default minimum segment instead */
413 		pmtu = SCTP_DEFAULT_MINSEGMENT;
414 	}
415 	pmtu = SCTP_TRUNC4(pmtu);
416 
417 	if (sctp_transport_pl_enabled(t))
418 		return sctp_transport_pl_toobig(t, pmtu - sctp_transport_pl_hlen(t));
419 
420 	dst = sctp_transport_dst_check(t);
421 	if (dst) {
422 		struct sctp_pf *pf = sctp_get_pf_specific(dst->ops->family);
423 		union sctp_addr addr;
424 
425 		pf->af->from_sk(&addr, sk);
426 		pf->to_sk_daddr(&t->ipaddr, sk);
427 		dst->ops->update_pmtu(dst, sk, NULL, pmtu, true);
428 		pf->to_sk_daddr(&addr, sk);
429 
430 		dst = sctp_transport_dst_check(t);
431 	}
432 
433 	if (!dst) {
434 		t->af_specific->get_dst(t, &t->saddr, &t->fl, sk);
435 		dst = t->dst;
436 	}
437 
438 	if (dst) {
439 		/* Re-fetch, as under layers may have a higher minimum size */
440 		pmtu = sctp_dst_mtu(dst);
441 		change = t->pathmtu != pmtu;
442 	}
443 	t->pathmtu = pmtu;
444 
445 	return change;
446 }
447 
448 /* Caches the dst entry and source address for a transport's destination
449  * address.
450  */
sctp_transport_route(struct sctp_transport * transport,union sctp_addr * saddr,struct sctp_sock * opt)451 void sctp_transport_route(struct sctp_transport *transport,
452 			  union sctp_addr *saddr, struct sctp_sock *opt)
453 {
454 	struct sctp_association *asoc = transport->asoc;
455 	struct sctp_af *af = transport->af_specific;
456 
457 	sctp_transport_dst_release(transport);
458 	af->get_dst(transport, saddr, &transport->fl, sctp_opt2sk(opt));
459 
460 	if (saddr)
461 		memcpy(&transport->saddr, saddr, sizeof(union sctp_addr));
462 	else
463 		af->get_saddr(opt, transport, &transport->fl);
464 
465 	sctp_transport_pmtu(transport, sctp_opt2sk(opt));
466 
467 	/* Initialize sk->sk_rcv_saddr, if the transport is the
468 	 * association's active path for getsockname().
469 	 */
470 	if (transport->dst && asoc &&
471 	    (!asoc->peer.primary_path || transport == asoc->peer.active_path))
472 		opt->pf->to_sk_saddr(&transport->saddr, asoc->base.sk);
473 }
474 
475 /* Hold a reference to a transport.  */
sctp_transport_hold(struct sctp_transport * transport)476 int sctp_transport_hold(struct sctp_transport *transport)
477 {
478 	return refcount_inc_not_zero(&transport->refcnt);
479 }
480 
481 /* Release a reference to a transport and clean up
482  * if there are no more references.
483  */
sctp_transport_put(struct sctp_transport * transport)484 void sctp_transport_put(struct sctp_transport *transport)
485 {
486 	if (refcount_dec_and_test(&transport->refcnt))
487 		sctp_transport_destroy(transport);
488 }
489 
490 /* Update transport's RTO based on the newly calculated RTT. */
sctp_transport_update_rto(struct sctp_transport * tp,__u32 rtt)491 void sctp_transport_update_rto(struct sctp_transport *tp, __u32 rtt)
492 {
493 	if (unlikely(!tp->rto_pending))
494 		/* We should not be doing any RTO updates unless rto_pending is set.  */
495 		pr_debug("%s: rto_pending not set on transport %p!\n", __func__, tp);
496 
497 	if (tp->rttvar || tp->srtt) {
498 		struct net *net = tp->asoc->base.net;
499 		/* 6.3.1 C3) When a new RTT measurement R' is made, set
500 		 * RTTVAR <- (1 - RTO.Beta) * RTTVAR + RTO.Beta * |SRTT - R'|
501 		 * SRTT <- (1 - RTO.Alpha) * SRTT + RTO.Alpha * R'
502 		 */
503 
504 		/* Note:  The above algorithm has been rewritten to
505 		 * express rto_beta and rto_alpha as inverse powers
506 		 * of two.
507 		 * For example, assuming the default value of RTO.Alpha of
508 		 * 1/8, rto_alpha would be expressed as 3.
509 		 */
510 		tp->rttvar = tp->rttvar - (tp->rttvar >> net->sctp.rto_beta)
511 			+ (((__u32)abs((__s64)tp->srtt - (__s64)rtt)) >> net->sctp.rto_beta);
512 		tp->srtt = tp->srtt - (tp->srtt >> net->sctp.rto_alpha)
513 			+ (rtt >> net->sctp.rto_alpha);
514 	} else {
515 		/* 6.3.1 C2) When the first RTT measurement R is made, set
516 		 * SRTT <- R, RTTVAR <- R/2.
517 		 */
518 		tp->srtt = rtt;
519 		tp->rttvar = rtt >> 1;
520 	}
521 
522 	/* 6.3.1 G1) Whenever RTTVAR is computed, if RTTVAR = 0, then
523 	 * adjust RTTVAR <- G, where G is the CLOCK GRANULARITY.
524 	 */
525 	if (tp->rttvar == 0)
526 		tp->rttvar = SCTP_CLOCK_GRANULARITY;
527 
528 	/* 6.3.1 C3) After the computation, update RTO <- SRTT + 4 * RTTVAR. */
529 	tp->rto = tp->srtt + (tp->rttvar << 2);
530 
531 	/* 6.3.1 C6) Whenever RTO is computed, if it is less than RTO.Min
532 	 * seconds then it is rounded up to RTO.Min seconds.
533 	 */
534 	if (tp->rto < tp->asoc->rto_min)
535 		tp->rto = tp->asoc->rto_min;
536 
537 	/* 6.3.1 C7) A maximum value may be placed on RTO provided it is
538 	 * at least RTO.max seconds.
539 	 */
540 	if (tp->rto > tp->asoc->rto_max)
541 		tp->rto = tp->asoc->rto_max;
542 
543 	sctp_max_rto(tp->asoc, tp);
544 	tp->rtt = rtt;
545 
546 	/* Reset rto_pending so that a new RTT measurement is started when a
547 	 * new data chunk is sent.
548 	 */
549 	tp->rto_pending = 0;
550 
551 	pr_debug("%s: transport:%p, rtt:%d, srtt:%d rttvar:%d, rto:%ld\n",
552 		 __func__, tp, rtt, tp->srtt, tp->rttvar, tp->rto);
553 }
554 
555 /* This routine updates the transport's cwnd and partial_bytes_acked
556  * parameters based on the bytes acked in the received SACK.
557  */
sctp_transport_raise_cwnd(struct sctp_transport * transport,__u32 sack_ctsn,__u32 bytes_acked)558 void sctp_transport_raise_cwnd(struct sctp_transport *transport,
559 			       __u32 sack_ctsn, __u32 bytes_acked)
560 {
561 	struct sctp_association *asoc = transport->asoc;
562 	__u32 cwnd, ssthresh, flight_size, pba, pmtu;
563 
564 	cwnd = transport->cwnd;
565 	flight_size = transport->flight_size;
566 
567 	/* See if we need to exit Fast Recovery first */
568 	if (asoc->fast_recovery &&
569 	    TSN_lte(asoc->fast_recovery_exit, sack_ctsn))
570 		asoc->fast_recovery = 0;
571 
572 	ssthresh = transport->ssthresh;
573 	pba = transport->partial_bytes_acked;
574 	pmtu = transport->asoc->pathmtu;
575 
576 	if (cwnd <= ssthresh) {
577 		/* RFC 4960 7.2.1
578 		 * o  When cwnd is less than or equal to ssthresh, an SCTP
579 		 *    endpoint MUST use the slow-start algorithm to increase
580 		 *    cwnd only if the current congestion window is being fully
581 		 *    utilized, an incoming SACK advances the Cumulative TSN
582 		 *    Ack Point, and the data sender is not in Fast Recovery.
583 		 *    Only when these three conditions are met can the cwnd be
584 		 *    increased; otherwise, the cwnd MUST not be increased.
585 		 *    If these conditions are met, then cwnd MUST be increased
586 		 *    by, at most, the lesser of 1) the total size of the
587 		 *    previously outstanding DATA chunk(s) acknowledged, and
588 		 *    2) the destination's path MTU.  This upper bound protects
589 		 *    against the ACK-Splitting attack outlined in [SAVAGE99].
590 		 */
591 		if (asoc->fast_recovery)
592 			return;
593 
594 		/* The appropriate cwnd increase algorithm is performed
595 		 * if, and only if the congestion window is being fully
596 		 * utilized.  Note that RFC4960 Errata 3.22 removed the
597 		 * other condition on ctsn moving.
598 		 */
599 		if (flight_size < cwnd)
600 			return;
601 
602 		if (bytes_acked > pmtu)
603 			cwnd += pmtu;
604 		else
605 			cwnd += bytes_acked;
606 
607 		pr_debug("%s: slow start: transport:%p, bytes_acked:%d, "
608 			 "cwnd:%d, ssthresh:%d, flight_size:%d, pba:%d\n",
609 			 __func__, transport, bytes_acked, cwnd, ssthresh,
610 			 flight_size, pba);
611 	} else {
612 		/* RFC 2960 7.2.2 Whenever cwnd is greater than ssthresh,
613 		 * upon each SACK arrival, increase partial_bytes_acked
614 		 * by the total number of bytes of all new chunks
615 		 * acknowledged in that SACK including chunks
616 		 * acknowledged by the new Cumulative TSN Ack and by Gap
617 		 * Ack Blocks. (updated by RFC4960 Errata 3.22)
618 		 *
619 		 * When partial_bytes_acked is greater than cwnd and
620 		 * before the arrival of the SACK the sender had less
621 		 * bytes of data outstanding than cwnd (i.e., before
622 		 * arrival of the SACK, flightsize was less than cwnd),
623 		 * reset partial_bytes_acked to cwnd. (RFC 4960 Errata
624 		 * 3.26)
625 		 *
626 		 * When partial_bytes_acked is equal to or greater than
627 		 * cwnd and before the arrival of the SACK the sender
628 		 * had cwnd or more bytes of data outstanding (i.e.,
629 		 * before arrival of the SACK, flightsize was greater
630 		 * than or equal to cwnd), partial_bytes_acked is reset
631 		 * to (partial_bytes_acked - cwnd). Next, cwnd is
632 		 * increased by MTU. (RFC 4960 Errata 3.12)
633 		 */
634 		pba += bytes_acked;
635 		if (pba > cwnd && flight_size < cwnd)
636 			pba = cwnd;
637 		if (pba >= cwnd && flight_size >= cwnd) {
638 			pba = pba - cwnd;
639 			cwnd += pmtu;
640 		}
641 
642 		pr_debug("%s: congestion avoidance: transport:%p, "
643 			 "bytes_acked:%d, cwnd:%d, ssthresh:%d, "
644 			 "flight_size:%d, pba:%d\n", __func__,
645 			 transport, bytes_acked, cwnd, ssthresh,
646 			 flight_size, pba);
647 	}
648 
649 	transport->cwnd = cwnd;
650 	transport->partial_bytes_acked = pba;
651 }
652 
653 /* This routine is used to lower the transport's cwnd when congestion is
654  * detected.
655  */
sctp_transport_lower_cwnd(struct sctp_transport * transport,enum sctp_lower_cwnd reason)656 void sctp_transport_lower_cwnd(struct sctp_transport *transport,
657 			       enum sctp_lower_cwnd reason)
658 {
659 	struct sctp_association *asoc = transport->asoc;
660 
661 	switch (reason) {
662 	case SCTP_LOWER_CWND_T3_RTX:
663 		/* RFC 2960 Section 7.2.3, sctpimpguide
664 		 * When the T3-rtx timer expires on an address, SCTP should
665 		 * perform slow start by:
666 		 *      ssthresh = max(cwnd/2, 4*MTU)
667 		 *      cwnd = 1*MTU
668 		 *      partial_bytes_acked = 0
669 		 */
670 		transport->ssthresh = max(transport->cwnd/2,
671 					  4*asoc->pathmtu);
672 		transport->cwnd = asoc->pathmtu;
673 
674 		/* T3-rtx also clears fast recovery */
675 		asoc->fast_recovery = 0;
676 		break;
677 
678 	case SCTP_LOWER_CWND_FAST_RTX:
679 		/* RFC 2960 7.2.4 Adjust the ssthresh and cwnd of the
680 		 * destination address(es) to which the missing DATA chunks
681 		 * were last sent, according to the formula described in
682 		 * Section 7.2.3.
683 		 *
684 		 * RFC 2960 7.2.3, sctpimpguide Upon detection of packet
685 		 * losses from SACK (see Section 7.2.4), An endpoint
686 		 * should do the following:
687 		 *      ssthresh = max(cwnd/2, 4*MTU)
688 		 *      cwnd = ssthresh
689 		 *      partial_bytes_acked = 0
690 		 */
691 		if (asoc->fast_recovery)
692 			return;
693 
694 		/* Mark Fast recovery */
695 		asoc->fast_recovery = 1;
696 		asoc->fast_recovery_exit = asoc->next_tsn - 1;
697 
698 		transport->ssthresh = max(transport->cwnd/2,
699 					  4*asoc->pathmtu);
700 		transport->cwnd = transport->ssthresh;
701 		break;
702 
703 	case SCTP_LOWER_CWND_ECNE:
704 		/* RFC 2481 Section 6.1.2.
705 		 * If the sender receives an ECN-Echo ACK packet
706 		 * then the sender knows that congestion was encountered in the
707 		 * network on the path from the sender to the receiver. The
708 		 * indication of congestion should be treated just as a
709 		 * congestion loss in non-ECN Capable TCP. That is, the TCP
710 		 * source halves the congestion window "cwnd" and reduces the
711 		 * slow start threshold "ssthresh".
712 		 * A critical condition is that TCP does not react to
713 		 * congestion indications more than once every window of
714 		 * data (or more loosely more than once every round-trip time).
715 		 */
716 		if (time_after(jiffies, transport->last_time_ecne_reduced +
717 					transport->rtt)) {
718 			transport->ssthresh = max(transport->cwnd/2,
719 						  4*asoc->pathmtu);
720 			transport->cwnd = transport->ssthresh;
721 			transport->last_time_ecne_reduced = jiffies;
722 		}
723 		break;
724 
725 	case SCTP_LOWER_CWND_INACTIVE:
726 		/* RFC 2960 Section 7.2.1, sctpimpguide
727 		 * When the endpoint does not transmit data on a given
728 		 * transport address, the cwnd of the transport address
729 		 * should be adjusted to max(cwnd/2, 4*MTU) per RTO.
730 		 * NOTE: Although the draft recommends that this check needs
731 		 * to be done every RTO interval, we do it every hearbeat
732 		 * interval.
733 		 */
734 		transport->cwnd = max(transport->cwnd/2,
735 					 4*asoc->pathmtu);
736 		/* RFC 4960 Errata 3.27.2: also adjust sshthresh */
737 		transport->ssthresh = transport->cwnd;
738 		break;
739 	}
740 
741 	transport->partial_bytes_acked = 0;
742 
743 	pr_debug("%s: transport:%p, reason:%d, cwnd:%d, ssthresh:%d\n",
744 		 __func__, transport, reason, transport->cwnd,
745 		 transport->ssthresh);
746 }
747 
748 /* Apply Max.Burst limit to the congestion window:
749  * sctpimpguide-05 2.14.2
750  * D) When the time comes for the sender to
751  * transmit new DATA chunks, the protocol parameter Max.Burst MUST
752  * first be applied to limit how many new DATA chunks may be sent.
753  * The limit is applied by adjusting cwnd as follows:
754  * 	if ((flightsize+ Max.Burst * MTU) < cwnd)
755  * 		cwnd = flightsize + Max.Burst * MTU
756  */
757 
sctp_transport_burst_limited(struct sctp_transport * t)758 void sctp_transport_burst_limited(struct sctp_transport *t)
759 {
760 	struct sctp_association *asoc = t->asoc;
761 	u32 old_cwnd = t->cwnd;
762 	u32 max_burst_bytes;
763 
764 	if (t->burst_limited || asoc->max_burst == 0)
765 		return;
766 
767 	max_burst_bytes = t->flight_size + (asoc->max_burst * asoc->pathmtu);
768 	if (max_burst_bytes < old_cwnd) {
769 		t->cwnd = max_burst_bytes;
770 		t->burst_limited = old_cwnd;
771 	}
772 }
773 
774 /* Restore the old cwnd congestion window, after the burst had it's
775  * desired effect.
776  */
sctp_transport_burst_reset(struct sctp_transport * t)777 void sctp_transport_burst_reset(struct sctp_transport *t)
778 {
779 	if (t->burst_limited) {
780 		t->cwnd = t->burst_limited;
781 		t->burst_limited = 0;
782 	}
783 }
784 
785 /* What is the next timeout value for this transport? */
sctp_transport_timeout(struct sctp_transport * trans)786 unsigned long sctp_transport_timeout(struct sctp_transport *trans)
787 {
788 	/* RTO + timer slack +/- 50% of RTO */
789 	unsigned long timeout = trans->rto >> 1;
790 
791 	if (trans->state != SCTP_UNCONFIRMED &&
792 	    trans->state != SCTP_PF)
793 		timeout += trans->hbinterval;
794 
795 	return max_t(unsigned long, timeout, HZ / 5);
796 }
797 
798 /* Reset transport variables to their initial values */
sctp_transport_reset(struct sctp_transport * t)799 void sctp_transport_reset(struct sctp_transport *t)
800 {
801 	struct sctp_association *asoc = t->asoc;
802 
803 	/* RFC 2960 (bis), Section 5.2.4
804 	 * All the congestion control parameters (e.g., cwnd, ssthresh)
805 	 * related to this peer MUST be reset to their initial values
806 	 * (see Section 6.2.1)
807 	 */
808 	t->cwnd = min(4*asoc->pathmtu, max_t(__u32, 2*asoc->pathmtu, 4380));
809 	t->burst_limited = 0;
810 	t->ssthresh = asoc->peer.i.a_rwnd;
811 	t->rto = asoc->rto_initial;
812 	sctp_max_rto(asoc, t);
813 	t->rtt = 0;
814 	t->srtt = 0;
815 	t->rttvar = 0;
816 
817 	/* Reset these additional variables so that we have a clean slate. */
818 	t->partial_bytes_acked = 0;
819 	t->flight_size = 0;
820 	t->error_count = 0;
821 	t->rto_pending = 0;
822 	t->hb_sent = 0;
823 
824 	/* Initialize the state information for SFR-CACC */
825 	t->cacc.changeover_active = 0;
826 	t->cacc.cycling_changeover = 0;
827 	t->cacc.next_tsn_at_change = 0;
828 	t->cacc.cacc_saw_newack = 0;
829 }
830 
831 /* Schedule retransmission on the given transport */
sctp_transport_immediate_rtx(struct sctp_transport * t)832 void sctp_transport_immediate_rtx(struct sctp_transport *t)
833 {
834 	/* Stop pending T3_rtx_timer */
835 	if (del_timer(&t->T3_rtx_timer))
836 		sctp_transport_put(t);
837 
838 	sctp_retransmit(&t->asoc->outqueue, t, SCTP_RTXR_T3_RTX);
839 	if (!timer_pending(&t->T3_rtx_timer)) {
840 		if (!mod_timer(&t->T3_rtx_timer, jiffies + t->rto))
841 			sctp_transport_hold(t);
842 	}
843 }
844 
845 /* Drop dst */
sctp_transport_dst_release(struct sctp_transport * t)846 void sctp_transport_dst_release(struct sctp_transport *t)
847 {
848 	dst_release(t->dst);
849 	t->dst = NULL;
850 	t->dst_pending_confirm = 0;
851 }
852 
853 /* Schedule neighbour confirm */
sctp_transport_dst_confirm(struct sctp_transport * t)854 void sctp_transport_dst_confirm(struct sctp_transport *t)
855 {
856 	t->dst_pending_confirm = 1;
857 }
858