[SCTP]: Make sure the chunk is off the transmitted list prior to freeing.
[linux-3.10.git] / net / sctp / outqueue.c
1 /* SCTP kernel implementation
2  * (C) Copyright IBM Corp. 2001, 2004
3  * Copyright (c) 1999-2000 Cisco, Inc.
4  * Copyright (c) 1999-2001 Motorola, Inc.
5  * Copyright (c) 2001-2003 Intel Corp.
6  *
7  * This file is part of the SCTP kernel implementation
8  *
9  * These functions implement the sctp_outq class.   The outqueue handles
10  * bundling and queueing of outgoing SCTP chunks.
11  *
12  * This SCTP implementation is free software;
13  * you can redistribute it and/or modify it under the terms of
14  * the GNU General Public License as published by
15  * the Free Software Foundation; either version 2, or (at your option)
16  * any later version.
17  *
18  * This SCTP implementation is distributed in the hope that it
19  * will be useful, but WITHOUT ANY WARRANTY; without even the implied
20  *                 ************************
21  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
22  * See the GNU General Public License for more details.
23  *
24  * You should have received a copy of the GNU General Public License
25  * along with GNU CC; see the file COPYING.  If not, write to
26  * the Free Software Foundation, 59 Temple Place - Suite 330,
27  * Boston, MA 02111-1307, USA.
28  *
29  * Please send any bug reports or fixes you make to the
30  * email address(es):
31  *    lksctp developers <lksctp-developers@lists.sourceforge.net>
32  *
33  * Or submit a bug report through the following website:
34  *    http://www.sf.net/projects/lksctp
35  *
36  * Written or modified by:
37  *    La Monte H.P. Yarroll <piggy@acm.org>
38  *    Karl Knutson          <karl@athena.chicago.il.us>
39  *    Perry Melange         <pmelange@null.cc.uic.edu>
40  *    Xingang Guo           <xingang.guo@intel.com>
41  *    Hui Huang             <hui.huang@nokia.com>
42  *    Sridhar Samudrala     <sri@us.ibm.com>
43  *    Jon Grimm             <jgrimm@us.ibm.com>
44  *
45  * Any bugs reported given to us we will try to fix... any fixes shared will
46  * be incorporated into the next SCTP release.
47  */
48
49 #include <linux/types.h>
50 #include <linux/list.h>   /* For struct list_head */
51 #include <linux/socket.h>
52 #include <linux/ip.h>
53 #include <net/sock.h>     /* For skb_set_owner_w */
54
55 #include <net/sctp/sctp.h>
56 #include <net/sctp/sm.h>
57
58 /* Declare internal functions here.  */
59 static int sctp_acked(struct sctp_sackhdr *sack, __u32 tsn);
60 static void sctp_check_transmitted(struct sctp_outq *q,
61                                    struct list_head *transmitted_queue,
62                                    struct sctp_transport *transport,
63                                    struct sctp_sackhdr *sack,
64                                    __u32 highest_new_tsn);
65
66 static void sctp_mark_missing(struct sctp_outq *q,
67                               struct list_head *transmitted_queue,
68                               struct sctp_transport *transport,
69                               __u32 highest_new_tsn,
70                               int count_of_newacks);
71
72 static void sctp_generate_fwdtsn(struct sctp_outq *q, __u32 sack_ctsn);
73
74 /* Add data to the front of the queue. */
75 static inline void sctp_outq_head_data(struct sctp_outq *q,
76                                         struct sctp_chunk *ch)
77 {
78         list_add(&ch->list, &q->out_chunk_list);
79         q->out_qlen += ch->skb->len;
80         return;
81 }
82
83 /* Take data from the front of the queue. */
84 static inline struct sctp_chunk *sctp_outq_dequeue_data(struct sctp_outq *q)
85 {
86         struct sctp_chunk *ch = NULL;
87
88         if (!list_empty(&q->out_chunk_list)) {
89                 struct list_head *entry = q->out_chunk_list.next;
90
91                 ch = list_entry(entry, struct sctp_chunk, list);
92                 list_del_init(entry);
93                 q->out_qlen -= ch->skb->len;
94         }
95         return ch;
96 }
97 /* Add data chunk to the end of the queue. */
98 static inline void sctp_outq_tail_data(struct sctp_outq *q,
99                                        struct sctp_chunk *ch)
100 {
101         list_add_tail(&ch->list, &q->out_chunk_list);
102         q->out_qlen += ch->skb->len;
103         return;
104 }
105
106 /*
107  * SFR-CACC algorithm:
108  * D) If count_of_newacks is greater than or equal to 2
109  * and t was not sent to the current primary then the
110  * sender MUST NOT increment missing report count for t.
111  */
112 static inline int sctp_cacc_skip_3_1_d(struct sctp_transport *primary,
113                                        struct sctp_transport *transport,
114                                        int count_of_newacks)
115 {
116         if (count_of_newacks >=2 && transport != primary)
117                 return 1;
118         return 0;
119 }
120
121 /*
122  * SFR-CACC algorithm:
123  * F) If count_of_newacks is less than 2, let d be the
124  * destination to which t was sent. If cacc_saw_newack
125  * is 0 for destination d, then the sender MUST NOT
126  * increment missing report count for t.
127  */
128 static inline int sctp_cacc_skip_3_1_f(struct sctp_transport *transport,
129                                        int count_of_newacks)
130 {
131         if (count_of_newacks < 2 && !transport->cacc.cacc_saw_newack)
132                 return 1;
133         return 0;
134 }
135
136 /*
137  * SFR-CACC algorithm:
138  * 3.1) If CYCLING_CHANGEOVER is 0, the sender SHOULD
139  * execute steps C, D, F.
140  *
141  * C has been implemented in sctp_outq_sack
142  */
143 static inline int sctp_cacc_skip_3_1(struct sctp_transport *primary,
144                                      struct sctp_transport *transport,
145                                      int count_of_newacks)
146 {
147         if (!primary->cacc.cycling_changeover) {
148                 if (sctp_cacc_skip_3_1_d(primary, transport, count_of_newacks))
149                         return 1;
150                 if (sctp_cacc_skip_3_1_f(transport, count_of_newacks))
151                         return 1;
152                 return 0;
153         }
154         return 0;
155 }
156
157 /*
158  * SFR-CACC algorithm:
159  * 3.2) Else if CYCLING_CHANGEOVER is 1, and t is less
160  * than next_tsn_at_change of the current primary, then
161  * the sender MUST NOT increment missing report count
162  * for t.
163  */
164 static inline int sctp_cacc_skip_3_2(struct sctp_transport *primary, __u32 tsn)
165 {
166         if (primary->cacc.cycling_changeover &&
167             TSN_lt(tsn, primary->cacc.next_tsn_at_change))
168                 return 1;
169         return 0;
170 }
171
172 /*
173  * SFR-CACC algorithm:
174  * 3) If the missing report count for TSN t is to be
175  * incremented according to [RFC2960] and
176  * [SCTP_STEWART-2002], and CHANGEOVER_ACTIVE is set,
177  * then the sender MUST futher execute steps 3.1 and
178  * 3.2 to determine if the missing report count for
179  * TSN t SHOULD NOT be incremented.
180  *
181  * 3.3) If 3.1 and 3.2 do not dictate that the missing
182  * report count for t should not be incremented, then
183  * the sender SOULD increment missing report count for
184  * t (according to [RFC2960] and [SCTP_STEWART_2002]).
185  */
186 static inline int sctp_cacc_skip(struct sctp_transport *primary,
187                                  struct sctp_transport *transport,
188                                  int count_of_newacks,
189                                  __u32 tsn)
190 {
191         if (primary->cacc.changeover_active &&
192             (sctp_cacc_skip_3_1(primary, transport, count_of_newacks)
193              || sctp_cacc_skip_3_2(primary, tsn)))
194                 return 1;
195         return 0;
196 }
197
198 /* Initialize an existing sctp_outq.  This does the boring stuff.
199  * You still need to define handlers if you really want to DO
200  * something with this structure...
201  */
202 void sctp_outq_init(struct sctp_association *asoc, struct sctp_outq *q)
203 {
204         q->asoc = asoc;
205         INIT_LIST_HEAD(&q->out_chunk_list);
206         INIT_LIST_HEAD(&q->control_chunk_list);
207         INIT_LIST_HEAD(&q->retransmit);
208         INIT_LIST_HEAD(&q->sacked);
209         INIT_LIST_HEAD(&q->abandoned);
210
211         q->outstanding_bytes = 0;
212         q->empty = 1;
213         q->cork  = 0;
214
215         q->malloced = 0;
216         q->out_qlen = 0;
217 }
218
219 /* Free the outqueue structure and any related pending chunks.
220  */
221 void sctp_outq_teardown(struct sctp_outq *q)
222 {
223         struct sctp_transport *transport;
224         struct list_head *lchunk, *pos, *temp;
225         struct sctp_chunk *chunk, *tmp;
226
227         /* Throw away unacknowledged chunks. */
228         list_for_each(pos, &q->asoc->peer.transport_addr_list) {
229                 transport = list_entry(pos, struct sctp_transport, transports);
230                 while ((lchunk = sctp_list_dequeue(&transport->transmitted)) != NULL) {
231                         chunk = list_entry(lchunk, struct sctp_chunk,
232                                            transmitted_list);
233                         /* Mark as part of a failed message. */
234                         sctp_chunk_fail(chunk, q->error);
235                         sctp_chunk_free(chunk);
236                 }
237         }
238
239         /* Throw away chunks that have been gap ACKed.  */
240         list_for_each_safe(lchunk, temp, &q->sacked) {
241                 list_del_init(lchunk);
242                 chunk = list_entry(lchunk, struct sctp_chunk,
243                                    transmitted_list);
244                 sctp_chunk_fail(chunk, q->error);
245                 sctp_chunk_free(chunk);
246         }
247
248         /* Throw away any chunks in the retransmit queue. */
249         list_for_each_safe(lchunk, temp, &q->retransmit) {
250                 list_del_init(lchunk);
251                 chunk = list_entry(lchunk, struct sctp_chunk,
252                                    transmitted_list);
253                 sctp_chunk_fail(chunk, q->error);
254                 sctp_chunk_free(chunk);
255         }
256
257         /* Throw away any chunks that are in the abandoned queue. */
258         list_for_each_safe(lchunk, temp, &q->abandoned) {
259                 list_del_init(lchunk);
260                 chunk = list_entry(lchunk, struct sctp_chunk,
261                                    transmitted_list);
262                 sctp_chunk_fail(chunk, q->error);
263                 sctp_chunk_free(chunk);
264         }
265
266         /* Throw away any leftover data chunks. */
267         while ((chunk = sctp_outq_dequeue_data(q)) != NULL) {
268
269                 /* Mark as send failure. */
270                 sctp_chunk_fail(chunk, q->error);
271                 sctp_chunk_free(chunk);
272         }
273
274         q->error = 0;
275
276         /* Throw away any leftover control chunks. */
277         list_for_each_entry_safe(chunk, tmp, &q->control_chunk_list, list) {
278                 list_del_init(&chunk->list);
279                 sctp_chunk_free(chunk);
280         }
281 }
282
283 /* Free the outqueue structure and any related pending chunks.  */
284 void sctp_outq_free(struct sctp_outq *q)
285 {
286         /* Throw away leftover chunks. */
287         sctp_outq_teardown(q);
288
289         /* If we were kmalloc()'d, free the memory.  */
290         if (q->malloced)
291                 kfree(q);
292 }
293
294 /* Put a new chunk in an sctp_outq.  */
295 int sctp_outq_tail(struct sctp_outq *q, struct sctp_chunk *chunk)
296 {
297         int error = 0;
298
299         SCTP_DEBUG_PRINTK("sctp_outq_tail(%p, %p[%s])\n",
300                           q, chunk, chunk && chunk->chunk_hdr ?
301                           sctp_cname(SCTP_ST_CHUNK(chunk->chunk_hdr->type))
302                           : "Illegal Chunk");
303
304         /* If it is data, queue it up, otherwise, send it
305          * immediately.
306          */
307         if (SCTP_CID_DATA == chunk->chunk_hdr->type) {
308                 /* Is it OK to queue data chunks?  */
309                 /* From 9. Termination of Association
310                  *
311                  * When either endpoint performs a shutdown, the
312                  * association on each peer will stop accepting new
313                  * data from its user and only deliver data in queue
314                  * at the time of sending or receiving the SHUTDOWN
315                  * chunk.
316                  */
317                 switch (q->asoc->state) {
318                 case SCTP_STATE_EMPTY:
319                 case SCTP_STATE_CLOSED:
320                 case SCTP_STATE_SHUTDOWN_PENDING:
321                 case SCTP_STATE_SHUTDOWN_SENT:
322                 case SCTP_STATE_SHUTDOWN_RECEIVED:
323                 case SCTP_STATE_SHUTDOWN_ACK_SENT:
324                         /* Cannot send after transport endpoint shutdown */
325                         error = -ESHUTDOWN;
326                         break;
327
328                 default:
329                         SCTP_DEBUG_PRINTK("outqueueing (%p, %p[%s])\n",
330                           q, chunk, chunk && chunk->chunk_hdr ?
331                           sctp_cname(SCTP_ST_CHUNK(chunk->chunk_hdr->type))
332                           : "Illegal Chunk");
333
334                         sctp_outq_tail_data(q, chunk);
335                         if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED)
336                                 SCTP_INC_STATS(SCTP_MIB_OUTUNORDERCHUNKS);
337                         else
338                                 SCTP_INC_STATS(SCTP_MIB_OUTORDERCHUNKS);
339                         q->empty = 0;
340                         break;
341                 }
342         } else {
343                 list_add_tail(&chunk->list, &q->control_chunk_list);
344                 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
345         }
346
347         if (error < 0)
348                 return error;
349
350         if (!q->cork)
351                 error = sctp_outq_flush(q, 0);
352
353         return error;
354 }
355
356 /* Insert a chunk into the sorted list based on the TSNs.  The retransmit list
357  * and the abandoned list are in ascending order.
358  */
359 static void sctp_insert_list(struct list_head *head, struct list_head *new)
360 {
361         struct list_head *pos;
362         struct sctp_chunk *nchunk, *lchunk;
363         __u32 ntsn, ltsn;
364         int done = 0;
365
366         nchunk = list_entry(new, struct sctp_chunk, transmitted_list);
367         ntsn = ntohl(nchunk->subh.data_hdr->tsn);
368
369         list_for_each(pos, head) {
370                 lchunk = list_entry(pos, struct sctp_chunk, transmitted_list);
371                 ltsn = ntohl(lchunk->subh.data_hdr->tsn);
372                 if (TSN_lt(ntsn, ltsn)) {
373                         list_add(new, pos->prev);
374                         done = 1;
375                         break;
376                 }
377         }
378         if (!done)
379                 list_add_tail(new, head);
380 }
381
382 /* Mark all the eligible packets on a transport for retransmission.  */
383 void sctp_retransmit_mark(struct sctp_outq *q,
384                           struct sctp_transport *transport,
385                           __u8 reason)
386 {
387         struct list_head *lchunk, *ltemp;
388         struct sctp_chunk *chunk;
389
390         /* Walk through the specified transmitted queue.  */
391         list_for_each_safe(lchunk, ltemp, &transport->transmitted) {
392                 chunk = list_entry(lchunk, struct sctp_chunk,
393                                    transmitted_list);
394
395                 /* If the chunk is abandoned, move it to abandoned list. */
396                 if (sctp_chunk_abandoned(chunk)) {
397                         list_del_init(lchunk);
398                         sctp_insert_list(&q->abandoned, lchunk);
399
400                         /* If this chunk has not been previousely acked,
401                          * stop considering it 'outstanding'.  Our peer
402                          * will most likely never see it since it will
403                          * not be retransmitted
404                          */
405                         if (!chunk->tsn_gap_acked) {
406                                 chunk->transport->flight_size -=
407                                                 sctp_data_size(chunk);
408                                 q->outstanding_bytes -= sctp_data_size(chunk);
409                                 q->asoc->peer.rwnd += (sctp_data_size(chunk) +
410                                                         sizeof(struct sk_buff));
411                         }
412                         continue;
413                 }
414
415                 /* If we are doing  retransmission due to a timeout or pmtu
416                  * discovery, only the  chunks that are not yet acked should
417                  * be added to the retransmit queue.
418                  */
419                 if ((reason == SCTP_RTXR_FAST_RTX  &&
420                             (chunk->fast_retransmit > 0)) ||
421                     (reason != SCTP_RTXR_FAST_RTX  && !chunk->tsn_gap_acked)) {
422                         /* If this chunk was sent less then 1 rto ago, do not
423                          * retransmit this chunk, but give the peer time
424                          * to acknowlege it.  Do this only when
425                          * retransmitting due to T3 timeout.
426                          */
427                         if (reason == SCTP_RTXR_T3_RTX &&
428                             (jiffies - chunk->sent_at) < transport->last_rto)
429                                 continue;
430
431                         /* RFC 2960 6.2.1 Processing a Received SACK
432                          *
433                          * C) Any time a DATA chunk is marked for
434                          * retransmission (via either T3-rtx timer expiration
435                          * (Section 6.3.3) or via fast retransmit
436                          * (Section 7.2.4)), add the data size of those
437                          * chunks to the rwnd.
438                          */
439                         q->asoc->peer.rwnd += (sctp_data_size(chunk) +
440                                                 sizeof(struct sk_buff));
441                         q->outstanding_bytes -= sctp_data_size(chunk);
442                         transport->flight_size -= sctp_data_size(chunk);
443
444                         /* sctpimpguide-05 Section 2.8.2
445                          * M5) If a T3-rtx timer expires, the
446                          * 'TSN.Missing.Report' of all affected TSNs is set
447                          * to 0.
448                          */
449                         chunk->tsn_missing_report = 0;
450
451                         /* If a chunk that is being used for RTT measurement
452                          * has to be retransmitted, we cannot use this chunk
453                          * anymore for RTT measurements. Reset rto_pending so
454                          * that a new RTT measurement is started when a new
455                          * data chunk is sent.
456                          */
457                         if (chunk->rtt_in_progress) {
458                                 chunk->rtt_in_progress = 0;
459                                 transport->rto_pending = 0;
460                         }
461
462                         /* Move the chunk to the retransmit queue. The chunks
463                          * on the retransmit queue are always kept in order.
464                          */
465                         list_del_init(lchunk);
466                         sctp_insert_list(&q->retransmit, lchunk);
467                 }
468         }
469
470         SCTP_DEBUG_PRINTK("%s: transport: %p, reason: %d, "
471                           "cwnd: %d, ssthresh: %d, flight_size: %d, "
472                           "pba: %d\n", __FUNCTION__,
473                           transport, reason,
474                           transport->cwnd, transport->ssthresh,
475                           transport->flight_size,
476                           transport->partial_bytes_acked);
477
478 }
479
480 /* Mark all the eligible packets on a transport for retransmission and force
481  * one packet out.
482  */
483 void sctp_retransmit(struct sctp_outq *q, struct sctp_transport *transport,
484                      sctp_retransmit_reason_t reason)
485 {
486         int error = 0;
487
488         switch(reason) {
489         case SCTP_RTXR_T3_RTX:
490                 SCTP_INC_STATS(SCTP_MIB_T3_RETRANSMITS);
491                 sctp_transport_lower_cwnd(transport, SCTP_LOWER_CWND_T3_RTX);
492                 /* Update the retran path if the T3-rtx timer has expired for
493                  * the current retran path.
494                  */
495                 if (transport == transport->asoc->peer.retran_path)
496                         sctp_assoc_update_retran_path(transport->asoc);
497                 break;
498         case SCTP_RTXR_FAST_RTX:
499                 SCTP_INC_STATS(SCTP_MIB_FAST_RETRANSMITS);
500                 sctp_transport_lower_cwnd(transport, SCTP_LOWER_CWND_FAST_RTX);
501                 break;
502         case SCTP_RTXR_PMTUD:
503                 SCTP_INC_STATS(SCTP_MIB_PMTUD_RETRANSMITS);
504                 break;
505         case SCTP_RTXR_T1_RTX:
506                 SCTP_INC_STATS(SCTP_MIB_T1_RETRANSMITS);
507                 break;
508         default:
509                 BUG();
510         }
511
512         sctp_retransmit_mark(q, transport, reason);
513
514         /* PR-SCTP A5) Any time the T3-rtx timer expires, on any destination,
515          * the sender SHOULD try to advance the "Advanced.Peer.Ack.Point" by
516          * following the procedures outlined in C1 - C5.
517          */
518         sctp_generate_fwdtsn(q, q->asoc->ctsn_ack_point);
519
520         error = sctp_outq_flush(q, /* rtx_timeout */ 1);
521
522         if (error)
523                 q->asoc->base.sk->sk_err = -error;
524 }
525
526 /*
527  * Transmit DATA chunks on the retransmit queue.  Upon return from
528  * sctp_outq_flush_rtx() the packet 'pkt' may contain chunks which
529  * need to be transmitted by the caller.
530  * We assume that pkt->transport has already been set.
531  *
532  * The return value is a normal kernel error return value.
533  */
534 static int sctp_outq_flush_rtx(struct sctp_outq *q, struct sctp_packet *pkt,
535                                int rtx_timeout, int *start_timer)
536 {
537         struct list_head *lqueue;
538         struct list_head *lchunk, *lchunk1;
539         struct sctp_transport *transport = pkt->transport;
540         sctp_xmit_t status;
541         struct sctp_chunk *chunk, *chunk1;
542         struct sctp_association *asoc;
543         int error = 0;
544
545         asoc = q->asoc;
546         lqueue = &q->retransmit;
547
548         /* RFC 2960 6.3.3 Handle T3-rtx Expiration
549          *
550          * E3) Determine how many of the earliest (i.e., lowest TSN)
551          * outstanding DATA chunks for the address for which the
552          * T3-rtx has expired will fit into a single packet, subject
553          * to the MTU constraint for the path corresponding to the
554          * destination transport address to which the retransmission
555          * is being sent (this may be different from the address for
556          * which the timer expires [see Section 6.4]). Call this value
557          * K. Bundle and retransmit those K DATA chunks in a single
558          * packet to the destination endpoint.
559          *
560          * [Just to be painfully clear, if we are retransmitting
561          * because a timeout just happened, we should send only ONE
562          * packet of retransmitted data.]
563          */
564         lchunk = sctp_list_dequeue(lqueue);
565
566         while (lchunk) {
567                 chunk = list_entry(lchunk, struct sctp_chunk,
568                                    transmitted_list);
569
570                 /* Make sure that Gap Acked TSNs are not retransmitted.  A
571                  * simple approach is just to move such TSNs out of the
572                  * way and into a 'transmitted' queue and skip to the
573                  * next chunk.
574                  */
575                 if (chunk->tsn_gap_acked) {
576                         list_add_tail(lchunk, &transport->transmitted);
577                         lchunk = sctp_list_dequeue(lqueue);
578                         continue;
579                 }
580
581                 /* Attempt to append this chunk to the packet. */
582                 status = sctp_packet_append_chunk(pkt, chunk);
583
584                 switch (status) {
585                 case SCTP_XMIT_PMTU_FULL:
586                         /* Send this packet.  */
587                         if ((error = sctp_packet_transmit(pkt)) == 0)
588                                 *start_timer = 1;
589
590                         /* If we are retransmitting, we should only
591                          * send a single packet.
592                          */
593                         if (rtx_timeout) {
594                                 list_add(lchunk, lqueue);
595                                 lchunk = NULL;
596                         }
597
598                         /* Bundle lchunk in the next round.  */
599                         break;
600
601                 case SCTP_XMIT_RWND_FULL:
602                         /* Send this packet. */
603                         if ((error = sctp_packet_transmit(pkt)) == 0)
604                                 *start_timer = 1;
605
606                         /* Stop sending DATA as there is no more room
607                          * at the receiver.
608                          */
609                         list_add(lchunk, lqueue);
610                         lchunk = NULL;
611                         break;
612
613                 case SCTP_XMIT_NAGLE_DELAY:
614                         /* Send this packet. */
615                         if ((error = sctp_packet_transmit(pkt)) == 0)
616                                 *start_timer = 1;
617
618                         /* Stop sending DATA because of nagle delay. */
619                         list_add(lchunk, lqueue);
620                         lchunk = NULL;
621                         break;
622
623                 default:
624                         /* The append was successful, so add this chunk to
625                          * the transmitted list.
626                          */
627                         list_add_tail(lchunk, &transport->transmitted);
628
629                         /* Mark the chunk as ineligible for fast retransmit
630                          * after it is retransmitted.
631                          */
632                         if (chunk->fast_retransmit > 0)
633                                 chunk->fast_retransmit = -1;
634
635                         *start_timer = 1;
636                         q->empty = 0;
637
638                         /* Retrieve a new chunk to bundle. */
639                         lchunk = sctp_list_dequeue(lqueue);
640                         break;
641                 }
642
643                 /* If we are here due to a retransmit timeout or a fast
644                  * retransmit and if there are any chunks left in the retransmit
645                  * queue that could not fit in the PMTU sized packet, they need
646                  * to be marked as ineligible for a subsequent fast retransmit.
647                  */
648                 if (rtx_timeout && !lchunk) {
649                         list_for_each(lchunk1, lqueue) {
650                                 chunk1 = list_entry(lchunk1, struct sctp_chunk,
651                                                     transmitted_list);
652                                 if (chunk1->fast_retransmit > 0)
653                                         chunk1->fast_retransmit = -1;
654                         }
655                 }
656         }
657
658         return error;
659 }
660
661 /* Cork the outqueue so queued chunks are really queued. */
662 int sctp_outq_uncork(struct sctp_outq *q)
663 {
664         int error = 0;
665         if (q->cork)
666                 q->cork = 0;
667         error = sctp_outq_flush(q, 0);
668         return error;
669 }
670
671 /*
672  * Try to flush an outqueue.
673  *
674  * Description: Send everything in q which we legally can, subject to
675  * congestion limitations.
676  * * Note: This function can be called from multiple contexts so appropriate
677  * locking concerns must be made.  Today we use the sock lock to protect
678  * this function.
679  */
680 int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout)
681 {
682         struct sctp_packet *packet;
683         struct sctp_packet singleton;
684         struct sctp_association *asoc = q->asoc;
685         __u16 sport = asoc->base.bind_addr.port;
686         __u16 dport = asoc->peer.port;
687         __u32 vtag = asoc->peer.i.init_tag;
688         struct sctp_transport *transport = NULL;
689         struct sctp_transport *new_transport;
690         struct sctp_chunk *chunk, *tmp;
691         sctp_xmit_t status;
692         int error = 0;
693         int start_timer = 0;
694
695         /* These transports have chunks to send. */
696         struct list_head transport_list;
697         struct list_head *ltransport;
698
699         INIT_LIST_HEAD(&transport_list);
700         packet = NULL;
701
702         /*
703          * 6.10 Bundling
704          *   ...
705          *   When bundling control chunks with DATA chunks, an
706          *   endpoint MUST place control chunks first in the outbound
707          *   SCTP packet.  The transmitter MUST transmit DATA chunks
708          *   within a SCTP packet in increasing order of TSN.
709          *   ...
710          */
711
712         list_for_each_entry_safe(chunk, tmp, &q->control_chunk_list, list) {
713                 list_del_init(&chunk->list);
714
715                 /* Pick the right transport to use. */
716                 new_transport = chunk->transport;
717
718                 if (!new_transport) {
719                         /*
720                          * If we have a prior transport pointer, see if
721                          * the destination address of the chunk
722                          * matches the destination address of the
723                          * current transport.  If not a match, then
724                          * try to look up the transport with a given
725                          * destination address.  We do this because
726                          * after processing ASCONFs, we may have new
727                          * transports created.
728                          */
729                         if (transport &&
730                             sctp_cmp_addr_exact(&chunk->dest,
731                                                 &transport->ipaddr))
732                                         new_transport = transport;
733                         else
734                                 new_transport = sctp_assoc_lookup_paddr(asoc,
735                                                                 &chunk->dest);
736
737                         /* if we still don't have a new transport, then
738                          * use the current active path.
739                          */
740                         if (!new_transport)
741                                 new_transport = asoc->peer.active_path;
742                 } else if ((new_transport->state == SCTP_INACTIVE) ||
743                            (new_transport->state == SCTP_UNCONFIRMED)) {
744                         /* If the chunk is Heartbeat or Heartbeat Ack,
745                          * send it to chunk->transport, even if it's
746                          * inactive.
747                          *
748                          * 3.3.6 Heartbeat Acknowledgement:
749                          * ...
750                          * A HEARTBEAT ACK is always sent to the source IP
751                          * address of the IP datagram containing the
752                          * HEARTBEAT chunk to which this ack is responding.
753                          * ...
754                          *
755                          * ASCONF_ACKs also must be sent to the source.
756                          */
757                         if (chunk->chunk_hdr->type != SCTP_CID_HEARTBEAT &&
758                             chunk->chunk_hdr->type != SCTP_CID_HEARTBEAT_ACK &&
759                             chunk->chunk_hdr->type != SCTP_CID_ASCONF_ACK)
760                                 new_transport = asoc->peer.active_path;
761                 }
762
763                 /* Are we switching transports?
764                  * Take care of transport locks.
765                  */
766                 if (new_transport != transport) {
767                         transport = new_transport;
768                         if (list_empty(&transport->send_ready)) {
769                                 list_add_tail(&transport->send_ready,
770                                               &transport_list);
771                         }
772                         packet = &transport->packet;
773                         sctp_packet_config(packet, vtag,
774                                            asoc->peer.ecn_capable);
775                 }
776
777                 switch (chunk->chunk_hdr->type) {
778                 /*
779                  * 6.10 Bundling
780                  *   ...
781                  *   An endpoint MUST NOT bundle INIT, INIT ACK or SHUTDOWN
782                  *   COMPLETE with any other chunks.  [Send them immediately.]
783                  */
784                 case SCTP_CID_INIT:
785                 case SCTP_CID_INIT_ACK:
786                 case SCTP_CID_SHUTDOWN_COMPLETE:
787                         sctp_packet_init(&singleton, transport, sport, dport);
788                         sctp_packet_config(&singleton, vtag, 0);
789                         sctp_packet_append_chunk(&singleton, chunk);
790                         error = sctp_packet_transmit(&singleton);
791                         if (error < 0)
792                                 return error;
793                         break;
794
795                 case SCTP_CID_ABORT:
796                 case SCTP_CID_SACK:
797                 case SCTP_CID_HEARTBEAT:
798                 case SCTP_CID_HEARTBEAT_ACK:
799                 case SCTP_CID_SHUTDOWN:
800                 case SCTP_CID_SHUTDOWN_ACK:
801                 case SCTP_CID_ERROR:
802                 case SCTP_CID_COOKIE_ECHO:
803                 case SCTP_CID_COOKIE_ACK:
804                 case SCTP_CID_ECN_ECNE:
805                 case SCTP_CID_ECN_CWR:
806                 case SCTP_CID_ASCONF:
807                 case SCTP_CID_ASCONF_ACK:
808                 case SCTP_CID_FWD_TSN:
809                         sctp_packet_transmit_chunk(packet, chunk);
810                         break;
811
812                 default:
813                         /* We built a chunk with an illegal type! */
814                         BUG();
815                 }
816         }
817
818         /* Is it OK to send data chunks?  */
819         switch (asoc->state) {
820         case SCTP_STATE_COOKIE_ECHOED:
821                 /* Only allow bundling when this packet has a COOKIE-ECHO
822                  * chunk.
823                  */
824                 if (!packet || !packet->has_cookie_echo)
825                         break;
826
827                 /* fallthru */
828         case SCTP_STATE_ESTABLISHED:
829         case SCTP_STATE_SHUTDOWN_PENDING:
830         case SCTP_STATE_SHUTDOWN_RECEIVED:
831                 /*
832                  * RFC 2960 6.1  Transmission of DATA Chunks
833                  *
834                  * C) When the time comes for the sender to transmit,
835                  * before sending new DATA chunks, the sender MUST
836                  * first transmit any outstanding DATA chunks which
837                  * are marked for retransmission (limited by the
838                  * current cwnd).
839                  */
840                 if (!list_empty(&q->retransmit)) {
841                         if (transport == asoc->peer.retran_path)
842                                 goto retran;
843
844                         /* Switch transports & prepare the packet.  */
845
846                         transport = asoc->peer.retran_path;
847
848                         if (list_empty(&transport->send_ready)) {
849                                 list_add_tail(&transport->send_ready,
850                                               &transport_list);
851                         }
852
853                         packet = &transport->packet;
854                         sctp_packet_config(packet, vtag,
855                                            asoc->peer.ecn_capable);
856                 retran:
857                         error = sctp_outq_flush_rtx(q, packet,
858                                                     rtx_timeout, &start_timer);
859
860                         if (start_timer)
861                                 sctp_transport_reset_timers(transport);
862
863                         /* This can happen on COOKIE-ECHO resend.  Only
864                          * one chunk can get bundled with a COOKIE-ECHO.
865                          */
866                         if (packet->has_cookie_echo)
867                                 goto sctp_flush_out;
868
869                         /* Don't send new data if there is still data
870                          * waiting to retransmit.
871                          */
872                         if (!list_empty(&q->retransmit))
873                                 goto sctp_flush_out;
874                 }
875
876                 /* Finally, transmit new packets.  */
877                 start_timer = 0;
878                 while ((chunk = sctp_outq_dequeue_data(q)) != NULL) {
879                         /* RFC 2960 6.5 Every DATA chunk MUST carry a valid
880                          * stream identifier.
881                          */
882                         if (chunk->sinfo.sinfo_stream >=
883                             asoc->c.sinit_num_ostreams) {
884
885                                 /* Mark as failed send. */
886                                 sctp_chunk_fail(chunk, SCTP_ERROR_INV_STRM);
887                                 sctp_chunk_free(chunk);
888                                 continue;
889                         }
890
891                         /* Has this chunk expired? */
892                         if (sctp_chunk_abandoned(chunk)) {
893                                 sctp_chunk_fail(chunk, 0);
894                                 sctp_chunk_free(chunk);
895                                 continue;
896                         }
897
898                         /* If there is a specified transport, use it.
899                          * Otherwise, we want to use the active path.
900                          */
901                         new_transport = chunk->transport;
902                         if (!new_transport ||
903                             ((new_transport->state == SCTP_INACTIVE) ||
904                              (new_transport->state == SCTP_UNCONFIRMED)))
905                                 new_transport = asoc->peer.active_path;
906
907                         /* Change packets if necessary.  */
908                         if (new_transport != transport) {
909                                 transport = new_transport;
910
911                                 /* Schedule to have this transport's
912                                  * packet flushed.
913                                  */
914                                 if (list_empty(&transport->send_ready)) {
915                                         list_add_tail(&transport->send_ready,
916                                                       &transport_list);
917                                 }
918
919                                 packet = &transport->packet;
920                                 sctp_packet_config(packet, vtag,
921                                                    asoc->peer.ecn_capable);
922                         }
923
924                         SCTP_DEBUG_PRINTK("sctp_outq_flush(%p, %p[%s]), ",
925                                           q, chunk,
926                                           chunk && chunk->chunk_hdr ?
927                                           sctp_cname(SCTP_ST_CHUNK(
928                                                   chunk->chunk_hdr->type))
929                                           : "Illegal Chunk");
930
931                         SCTP_DEBUG_PRINTK("TX TSN 0x%x skb->head "
932                                         "%p skb->users %d.\n",
933                                         ntohl(chunk->subh.data_hdr->tsn),
934                                         chunk->skb ?chunk->skb->head : NULL,
935                                         chunk->skb ?
936                                         atomic_read(&chunk->skb->users) : -1);
937
938                         /* Add the chunk to the packet.  */
939                         status = sctp_packet_transmit_chunk(packet, chunk);
940
941                         switch (status) {
942                         case SCTP_XMIT_PMTU_FULL:
943                         case SCTP_XMIT_RWND_FULL:
944                         case SCTP_XMIT_NAGLE_DELAY:
945                                 /* We could not append this chunk, so put
946                                  * the chunk back on the output queue.
947                                  */
948                                 SCTP_DEBUG_PRINTK("sctp_outq_flush: could "
949                                         "not transmit TSN: 0x%x, status: %d\n",
950                                         ntohl(chunk->subh.data_hdr->tsn),
951                                         status);
952                                 sctp_outq_head_data(q, chunk);
953                                 goto sctp_flush_out;
954                                 break;
955
956                         case SCTP_XMIT_OK:
957                                 break;
958
959                         default:
960                                 BUG();
961                         }
962
963                         /* BUG: We assume that the sctp_packet_transmit()
964                          * call below will succeed all the time and add the
965                          * chunk to the transmitted list and restart the
966                          * timers.
967                          * It is possible that the call can fail under OOM
968                          * conditions.
969                          *
970                          * Is this really a problem?  Won't this behave
971                          * like a lost TSN?
972                          */
973                         list_add_tail(&chunk->transmitted_list,
974                                       &transport->transmitted);
975
976                         sctp_transport_reset_timers(transport);
977
978                         q->empty = 0;
979
980                         /* Only let one DATA chunk get bundled with a
981                          * COOKIE-ECHO chunk.
982                          */
983                         if (packet->has_cookie_echo)
984                                 goto sctp_flush_out;
985                 }
986                 break;
987
988         default:
989                 /* Do nothing.  */
990                 break;
991         }
992
993 sctp_flush_out:
994
995         /* Before returning, examine all the transports touched in
996          * this call.  Right now, we bluntly force clear all the
997          * transports.  Things might change after we implement Nagle.
998          * But such an examination is still required.
999          *
1000          * --xguo
1001          */
1002         while ((ltransport = sctp_list_dequeue(&transport_list)) != NULL ) {
1003                 struct sctp_transport *t = list_entry(ltransport,
1004                                                       struct sctp_transport,
1005                                                       send_ready);
1006                 packet = &t->packet;
1007                 if (!sctp_packet_empty(packet))
1008                         error = sctp_packet_transmit(packet);
1009         }
1010
1011         return error;
1012 }
1013
1014 /* Update unack_data based on the incoming SACK chunk */
1015 static void sctp_sack_update_unack_data(struct sctp_association *assoc,
1016                                         struct sctp_sackhdr *sack)
1017 {
1018         sctp_sack_variable_t *frags;
1019         __u16 unack_data;
1020         int i;
1021
1022         unack_data = assoc->next_tsn - assoc->ctsn_ack_point - 1;
1023
1024         frags = sack->variable;
1025         for (i = 0; i < ntohs(sack->num_gap_ack_blocks); i++) {
1026                 unack_data -= ((ntohs(frags[i].gab.end) -
1027                                 ntohs(frags[i].gab.start) + 1));
1028         }
1029
1030         assoc->unack_data = unack_data;
1031 }
1032
1033 /* Return the highest new tsn that is acknowledged by the given SACK chunk. */
1034 static __u32 sctp_highest_new_tsn(struct sctp_sackhdr *sack,
1035                                   struct sctp_association *asoc)
1036 {
1037         struct list_head *ltransport, *lchunk;
1038         struct sctp_transport *transport;
1039         struct sctp_chunk *chunk;
1040         __u32 highest_new_tsn, tsn;
1041         struct list_head *transport_list = &asoc->peer.transport_addr_list;
1042
1043         highest_new_tsn = ntohl(sack->cum_tsn_ack);
1044
1045         list_for_each(ltransport, transport_list) {
1046                 transport = list_entry(ltransport, struct sctp_transport,
1047                                        transports);
1048                 list_for_each(lchunk, &transport->transmitted) {
1049                         chunk = list_entry(lchunk, struct sctp_chunk,
1050                                            transmitted_list);
1051                         tsn = ntohl(chunk->subh.data_hdr->tsn);
1052
1053                         if (!chunk->tsn_gap_acked &&
1054                             TSN_lt(highest_new_tsn, tsn) &&
1055                             sctp_acked(sack, tsn))
1056                                 highest_new_tsn = tsn;
1057                 }
1058         }
1059
1060         return highest_new_tsn;
1061 }
1062
1063 /* This is where we REALLY process a SACK.
1064  *
1065  * Process the SACK against the outqueue.  Mostly, this just frees
1066  * things off the transmitted queue.
1067  */
1068 int sctp_outq_sack(struct sctp_outq *q, struct sctp_sackhdr *sack)
1069 {
1070         struct sctp_association *asoc = q->asoc;
1071         struct sctp_transport *transport;
1072         struct sctp_chunk *tchunk = NULL;
1073         struct list_head *lchunk, *transport_list, *pos, *temp;
1074         sctp_sack_variable_t *frags = sack->variable;
1075         __u32 sack_ctsn, ctsn, tsn;
1076         __u32 highest_tsn, highest_new_tsn;
1077         __u32 sack_a_rwnd;
1078         unsigned outstanding;
1079         struct sctp_transport *primary = asoc->peer.primary_path;
1080         int count_of_newacks = 0;
1081
1082         /* Grab the association's destination address list. */
1083         transport_list = &asoc->peer.transport_addr_list;
1084
1085         sack_ctsn = ntohl(sack->cum_tsn_ack);
1086
1087         /*
1088          * SFR-CACC algorithm:
1089          * On receipt of a SACK the sender SHOULD execute the
1090          * following statements.
1091          *
1092          * 1) If the cumulative ack in the SACK passes next tsn_at_change
1093          * on the current primary, the CHANGEOVER_ACTIVE flag SHOULD be
1094          * cleared. The CYCLING_CHANGEOVER flag SHOULD also be cleared for
1095          * all destinations.
1096          */
1097         if (TSN_lte(primary->cacc.next_tsn_at_change, sack_ctsn)) {
1098                 primary->cacc.changeover_active = 0;
1099                 list_for_each(pos, transport_list) {
1100                         transport = list_entry(pos, struct sctp_transport,
1101                                         transports);
1102                         transport->cacc.cycling_changeover = 0;
1103                 }
1104         }
1105
1106         /*
1107          * SFR-CACC algorithm:
1108          * 2) If the SACK contains gap acks and the flag CHANGEOVER_ACTIVE
1109          * is set the receiver of the SACK MUST take the following actions:
1110          *
1111          * A) Initialize the cacc_saw_newack to 0 for all destination
1112          * addresses.
1113          */
1114         if (sack->num_gap_ack_blocks &&
1115             primary->cacc.changeover_active) {
1116                 list_for_each(pos, transport_list) {
1117                         transport = list_entry(pos, struct sctp_transport,
1118                                         transports);
1119                         transport->cacc.cacc_saw_newack = 0;
1120                 }
1121         }
1122
1123         /* Get the highest TSN in the sack. */
1124         highest_tsn = sack_ctsn;
1125         if (sack->num_gap_ack_blocks)
1126                 highest_tsn +=
1127                     ntohs(frags[ntohs(sack->num_gap_ack_blocks) - 1].gab.end);
1128
1129         if (TSN_lt(asoc->highest_sacked, highest_tsn)) {
1130                 highest_new_tsn = highest_tsn;
1131                 asoc->highest_sacked = highest_tsn;
1132         } else {
1133                 highest_new_tsn = sctp_highest_new_tsn(sack, asoc);
1134         }
1135
1136         /* Run through the retransmit queue.  Credit bytes received
1137          * and free those chunks that we can.
1138          */
1139         sctp_check_transmitted(q, &q->retransmit, NULL, sack, highest_new_tsn);
1140         sctp_mark_missing(q, &q->retransmit, NULL, highest_new_tsn, 0);
1141
1142         /* Run through the transmitted queue.
1143          * Credit bytes received and free those chunks which we can.
1144          *
1145          * This is a MASSIVE candidate for optimization.
1146          */
1147         list_for_each(pos, transport_list) {
1148                 transport  = list_entry(pos, struct sctp_transport,
1149                                         transports);
1150                 sctp_check_transmitted(q, &transport->transmitted,
1151                                        transport, sack, highest_new_tsn);
1152                 /*
1153                  * SFR-CACC algorithm:
1154                  * C) Let count_of_newacks be the number of
1155                  * destinations for which cacc_saw_newack is set.
1156                  */
1157                 if (transport->cacc.cacc_saw_newack)
1158                         count_of_newacks ++;
1159         }
1160
1161         list_for_each(pos, transport_list) {
1162                 transport  = list_entry(pos, struct sctp_transport,
1163                                         transports);
1164                 sctp_mark_missing(q, &transport->transmitted, transport,
1165                                   highest_new_tsn, count_of_newacks);
1166         }
1167
1168         /* Move the Cumulative TSN Ack Point if appropriate.  */
1169         if (TSN_lt(asoc->ctsn_ack_point, sack_ctsn))
1170                 asoc->ctsn_ack_point = sack_ctsn;
1171
1172         /* Update unack_data field in the assoc. */
1173         sctp_sack_update_unack_data(asoc, sack);
1174
1175         ctsn = asoc->ctsn_ack_point;
1176
1177         /* Throw away stuff rotting on the sack queue.  */
1178         list_for_each_safe(lchunk, temp, &q->sacked) {
1179                 tchunk = list_entry(lchunk, struct sctp_chunk,
1180                                     transmitted_list);
1181                 tsn = ntohl(tchunk->subh.data_hdr->tsn);
1182                 if (TSN_lte(tsn, ctsn)) {
1183                         list_del_init(&tchunk->transmitted_list);
1184                         sctp_chunk_free(tchunk);
1185                 }
1186         }
1187
1188         /* ii) Set rwnd equal to the newly received a_rwnd minus the
1189          *     number of bytes still outstanding after processing the
1190          *     Cumulative TSN Ack and the Gap Ack Blocks.
1191          */
1192
1193         sack_a_rwnd = ntohl(sack->a_rwnd);
1194         outstanding = q->outstanding_bytes;
1195
1196         if (outstanding < sack_a_rwnd)
1197                 sack_a_rwnd -= outstanding;
1198         else
1199                 sack_a_rwnd = 0;
1200
1201         asoc->peer.rwnd = sack_a_rwnd;
1202
1203         sctp_generate_fwdtsn(q, sack_ctsn);
1204
1205         SCTP_DEBUG_PRINTK("%s: sack Cumulative TSN Ack is 0x%x.\n",
1206                           __FUNCTION__, sack_ctsn);
1207         SCTP_DEBUG_PRINTK("%s: Cumulative TSN Ack of association, "
1208                           "%p is 0x%x. Adv peer ack point: 0x%x\n",
1209                           __FUNCTION__, asoc, ctsn, asoc->adv_peer_ack_point);
1210
1211         /* See if all chunks are acked.
1212          * Make sure the empty queue handler will get run later.
1213          */
1214         q->empty = (list_empty(&q->out_chunk_list) &&
1215                     list_empty(&q->control_chunk_list) &&
1216                     list_empty(&q->retransmit));
1217         if (!q->empty)
1218                 goto finish;
1219
1220         list_for_each(pos, transport_list) {
1221                 transport  = list_entry(pos, struct sctp_transport,
1222                                         transports);
1223                 q->empty = q->empty && list_empty(&transport->transmitted);
1224                 if (!q->empty)
1225                         goto finish;
1226         }
1227
1228         SCTP_DEBUG_PRINTK("sack queue is empty.\n");
1229 finish:
1230         return q->empty;
1231 }
1232
1233 /* Is the outqueue empty?  */
1234 int sctp_outq_is_empty(const struct sctp_outq *q)
1235 {
1236         return q->empty;
1237 }
1238
1239 /********************************************************************
1240  * 2nd Level Abstractions
1241  ********************************************************************/
1242
1243 /* Go through a transport's transmitted list or the association's retransmit
1244  * list and move chunks that are acked by the Cumulative TSN Ack to q->sacked.
1245  * The retransmit list will not have an associated transport.
1246  *
1247  * I added coherent debug information output.   --xguo
1248  *
1249  * Instead of printing 'sacked' or 'kept' for each TSN on the
1250  * transmitted_queue, we print a range: SACKED: TSN1-TSN2, TSN3, TSN4-TSN5.
1251  * KEPT TSN6-TSN7, etc.
1252  */
1253 static void sctp_check_transmitted(struct sctp_outq *q,
1254                                    struct list_head *transmitted_queue,
1255                                    struct sctp_transport *transport,
1256                                    struct sctp_sackhdr *sack,
1257                                    __u32 highest_new_tsn_in_sack)
1258 {
1259         struct list_head *lchunk;
1260         struct sctp_chunk *tchunk;
1261         struct list_head tlist;
1262         __u32 tsn;
1263         __u32 sack_ctsn;
1264         __u32 rtt;
1265         __u8 restart_timer = 0;
1266         int bytes_acked = 0;
1267
1268         /* These state variables are for coherent debug output. --xguo */
1269
1270 #if SCTP_DEBUG
1271         __u32 dbg_ack_tsn = 0;  /* An ACKed TSN range starts here... */
1272         __u32 dbg_last_ack_tsn = 0;  /* ...and finishes here.        */
1273         __u32 dbg_kept_tsn = 0; /* An un-ACKed range starts here...  */
1274         __u32 dbg_last_kept_tsn = 0; /* ...and finishes here.        */
1275
1276         /* 0 : The last TSN was ACKed.
1277          * 1 : The last TSN was NOT ACKed (i.e. KEPT).
1278          * -1: We need to initialize.
1279          */
1280         int dbg_prt_state = -1;
1281 #endif /* SCTP_DEBUG */
1282
1283         sack_ctsn = ntohl(sack->cum_tsn_ack);
1284
1285         INIT_LIST_HEAD(&tlist);
1286
1287         /* The while loop will skip empty transmitted queues. */
1288         while (NULL != (lchunk = sctp_list_dequeue(transmitted_queue))) {
1289                 tchunk = list_entry(lchunk, struct sctp_chunk,
1290                                     transmitted_list);
1291
1292                 if (sctp_chunk_abandoned(tchunk)) {
1293                         /* Move the chunk to abandoned list. */
1294                         sctp_insert_list(&q->abandoned, lchunk);
1295
1296                         /* If this chunk has not been acked, stop
1297                          * considering it as 'outstanding'.
1298                          */
1299                         if (!tchunk->tsn_gap_acked) {
1300                                 tchunk->transport->flight_size -=
1301                                                 sctp_data_size(tchunk);
1302                                 q->outstanding_bytes -= sctp_data_size(tchunk);
1303                         }
1304                         continue;
1305                 }
1306
1307                 tsn = ntohl(tchunk->subh.data_hdr->tsn);
1308                 if (sctp_acked(sack, tsn)) {
1309                         /* If this queue is the retransmit queue, the
1310                          * retransmit timer has already reclaimed
1311                          * the outstanding bytes for this chunk, so only
1312                          * count bytes associated with a transport.
1313                          */
1314                         if (transport) {
1315                                 /* If this chunk is being used for RTT
1316                                  * measurement, calculate the RTT and update
1317                                  * the RTO using this value.
1318                                  *
1319                                  * 6.3.1 C5) Karn's algorithm: RTT measurements
1320                                  * MUST NOT be made using packets that were
1321                                  * retransmitted (and thus for which it is
1322                                  * ambiguous whether the reply was for the
1323                                  * first instance of the packet or a later
1324                                  * instance).
1325                                  */
1326                                 if (!tchunk->tsn_gap_acked &&
1327                                     !tchunk->resent &&
1328                                     tchunk->rtt_in_progress) {
1329                                         tchunk->rtt_in_progress = 0;
1330                                         rtt = jiffies - tchunk->sent_at;
1331                                         sctp_transport_update_rto(transport,
1332                                                                   rtt);
1333                                 }
1334                         }
1335                         if (TSN_lte(tsn, sack_ctsn)) {
1336                                 /* RFC 2960  6.3.2 Retransmission Timer Rules
1337                                  *
1338                                  * R3) Whenever a SACK is received
1339                                  * that acknowledges the DATA chunk
1340                                  * with the earliest outstanding TSN
1341                                  * for that address, restart T3-rtx
1342                                  * timer for that address with its
1343                                  * current RTO.
1344                                  */
1345                                 restart_timer = 1;
1346
1347                                 if (!tchunk->tsn_gap_acked) {
1348                                         tchunk->tsn_gap_acked = 1;
1349                                         bytes_acked += sctp_data_size(tchunk);
1350                                         /*
1351                                          * SFR-CACC algorithm:
1352                                          * 2) If the SACK contains gap acks
1353                                          * and the flag CHANGEOVER_ACTIVE is
1354                                          * set the receiver of the SACK MUST
1355                                          * take the following action:
1356                                          *
1357                                          * B) For each TSN t being acked that
1358                                          * has not been acked in any SACK so
1359                                          * far, set cacc_saw_newack to 1 for
1360                                          * the destination that the TSN was
1361                                          * sent to.
1362                                          */
1363                                         if (transport &&
1364                                             sack->num_gap_ack_blocks &&
1365                                             q->asoc->peer.primary_path->cacc.
1366                                             changeover_active)
1367                                                 transport->cacc.cacc_saw_newack
1368                                                         = 1;
1369                                 }
1370
1371                                 list_add_tail(&tchunk->transmitted_list,
1372                                               &q->sacked);
1373                         } else {
1374                                 /* RFC2960 7.2.4, sctpimpguide-05 2.8.2
1375                                  * M2) Each time a SACK arrives reporting
1376                                  * 'Stray DATA chunk(s)' record the highest TSN
1377                                  * reported as newly acknowledged, call this
1378                                  * value 'HighestTSNinSack'. A newly
1379                                  * acknowledged DATA chunk is one not
1380                                  * previously acknowledged in a SACK.
1381                                  *
1382                                  * When the SCTP sender of data receives a SACK
1383                                  * chunk that acknowledges, for the first time,
1384                                  * the receipt of a DATA chunk, all the still
1385                                  * unacknowledged DATA chunks whose TSN is
1386                                  * older than that newly acknowledged DATA
1387                                  * chunk, are qualified as 'Stray DATA chunks'.
1388                                  */
1389                                 if (!tchunk->tsn_gap_acked) {
1390                                         tchunk->tsn_gap_acked = 1;
1391                                         bytes_acked += sctp_data_size(tchunk);
1392                                 }
1393                                 list_add_tail(lchunk, &tlist);
1394                         }
1395
1396 #if SCTP_DEBUG
1397                         switch (dbg_prt_state) {
1398                         case 0: /* last TSN was ACKed */
1399                                 if (dbg_last_ack_tsn + 1 == tsn) {
1400                                         /* This TSN belongs to the
1401                                          * current ACK range.
1402                                          */
1403                                         break;
1404                                 }
1405
1406                                 if (dbg_last_ack_tsn != dbg_ack_tsn) {
1407                                         /* Display the end of the
1408                                          * current range.
1409                                          */
1410                                         SCTP_DEBUG_PRINTK("-%08x",
1411                                                           dbg_last_ack_tsn);
1412                                 }
1413
1414                                 /* Start a new range.  */
1415                                 SCTP_DEBUG_PRINTK(",%08x", tsn);
1416                                 dbg_ack_tsn = tsn;
1417                                 break;
1418
1419                         case 1: /* The last TSN was NOT ACKed. */
1420                                 if (dbg_last_kept_tsn != dbg_kept_tsn) {
1421                                         /* Display the end of current range. */
1422                                         SCTP_DEBUG_PRINTK("-%08x",
1423                                                           dbg_last_kept_tsn);
1424                                 }
1425
1426                                 SCTP_DEBUG_PRINTK("\n");
1427
1428                                 /* FALL THROUGH... */
1429                         default:
1430                                 /* This is the first-ever TSN we examined.  */
1431                                 /* Start a new range of ACK-ed TSNs.  */
1432                                 SCTP_DEBUG_PRINTK("ACKed: %08x", tsn);
1433                                 dbg_prt_state = 0;
1434                                 dbg_ack_tsn = tsn;
1435                         }
1436
1437                         dbg_last_ack_tsn = tsn;
1438 #endif /* SCTP_DEBUG */
1439
1440                 } else {
1441                         if (tchunk->tsn_gap_acked) {
1442                                 SCTP_DEBUG_PRINTK("%s: Receiver reneged on "
1443                                                   "data TSN: 0x%x\n",
1444                                                   __FUNCTION__,
1445                                                   tsn);
1446                                 tchunk->tsn_gap_acked = 0;
1447
1448                                 bytes_acked -= sctp_data_size(tchunk);
1449
1450                                 /* RFC 2960 6.3.2 Retransmission Timer Rules
1451                                  *
1452                                  * R4) Whenever a SACK is received missing a
1453                                  * TSN that was previously acknowledged via a
1454                                  * Gap Ack Block, start T3-rtx for the
1455                                  * destination address to which the DATA
1456                                  * chunk was originally
1457                                  * transmitted if it is not already running.
1458                                  */
1459                                 restart_timer = 1;
1460                         }
1461
1462                         list_add_tail(lchunk, &tlist);
1463
1464 #if SCTP_DEBUG
1465                         /* See the above comments on ACK-ed TSNs. */
1466                         switch (dbg_prt_state) {
1467                         case 1:
1468                                 if (dbg_last_kept_tsn + 1 == tsn)
1469                                         break;
1470
1471                                 if (dbg_last_kept_tsn != dbg_kept_tsn)
1472                                         SCTP_DEBUG_PRINTK("-%08x",
1473                                                           dbg_last_kept_tsn);
1474
1475                                 SCTP_DEBUG_PRINTK(",%08x", tsn);
1476                                 dbg_kept_tsn = tsn;
1477                                 break;
1478
1479                         case 0:
1480                                 if (dbg_last_ack_tsn != dbg_ack_tsn)
1481                                         SCTP_DEBUG_PRINTK("-%08x",
1482                                                           dbg_last_ack_tsn);
1483                                 SCTP_DEBUG_PRINTK("\n");
1484
1485                                 /* FALL THROUGH... */
1486                         default:
1487                                 SCTP_DEBUG_PRINTK("KEPT: %08x",tsn);
1488                                 dbg_prt_state = 1;
1489                                 dbg_kept_tsn = tsn;
1490                         }
1491
1492                         dbg_last_kept_tsn = tsn;
1493 #endif /* SCTP_DEBUG */
1494                 }
1495         }
1496
1497 #if SCTP_DEBUG
1498         /* Finish off the last range, displaying its ending TSN.  */
1499         switch (dbg_prt_state) {
1500         case 0:
1501                 if (dbg_last_ack_tsn != dbg_ack_tsn) {
1502                         SCTP_DEBUG_PRINTK("-%08x\n", dbg_last_ack_tsn);
1503                 } else {
1504                         SCTP_DEBUG_PRINTK("\n");
1505                 }
1506         break;
1507
1508         case 1:
1509                 if (dbg_last_kept_tsn != dbg_kept_tsn) {
1510                         SCTP_DEBUG_PRINTK("-%08x\n", dbg_last_kept_tsn);
1511                 } else {
1512                         SCTP_DEBUG_PRINTK("\n");
1513                 }
1514         }
1515 #endif /* SCTP_DEBUG */
1516         if (transport) {
1517                 if (bytes_acked) {
1518                         /* 8.2. When an outstanding TSN is acknowledged,
1519                          * the endpoint shall clear the error counter of
1520                          * the destination transport address to which the
1521                          * DATA chunk was last sent.
1522                          * The association's overall error counter is
1523                          * also cleared.
1524                          */
1525                         transport->error_count = 0;
1526                         transport->asoc->overall_error_count = 0;
1527
1528                         /* Mark the destination transport address as
1529                          * active if it is not so marked.
1530                          */
1531                         if ((transport->state == SCTP_INACTIVE) ||
1532                             (transport->state == SCTP_UNCONFIRMED)) {
1533                                 sctp_assoc_control_transport(
1534                                         transport->asoc,
1535                                         transport,
1536                                         SCTP_TRANSPORT_UP,
1537                                         SCTP_RECEIVED_SACK);
1538                         }
1539
1540                         sctp_transport_raise_cwnd(transport, sack_ctsn,
1541                                                   bytes_acked);
1542
1543                         transport->flight_size -= bytes_acked;
1544                         q->outstanding_bytes -= bytes_acked;
1545                 } else {
1546                         /* RFC 2960 6.1, sctpimpguide-06 2.15.2
1547                          * When a sender is doing zero window probing, it
1548                          * should not timeout the association if it continues
1549                          * to receive new packets from the receiver. The
1550                          * reason is that the receiver MAY keep its window
1551                          * closed for an indefinite time.
1552                          * A sender is doing zero window probing when the
1553                          * receiver's advertised window is zero, and there is
1554                          * only one data chunk in flight to the receiver.
1555                          */
1556                         if (!q->asoc->peer.rwnd &&
1557                             !list_empty(&tlist) &&
1558                             (sack_ctsn+2 == q->asoc->next_tsn)) {
1559                                 SCTP_DEBUG_PRINTK("%s: SACK received for zero "
1560                                                   "window probe: %u\n",
1561                                                   __FUNCTION__, sack_ctsn);
1562                                 q->asoc->overall_error_count = 0;
1563                                 transport->error_count = 0;
1564                         }
1565                 }
1566
1567                 /* RFC 2960 6.3.2 Retransmission Timer Rules
1568                  *
1569                  * R2) Whenever all outstanding data sent to an address have
1570                  * been acknowledged, turn off the T3-rtx timer of that
1571                  * address.
1572                  */
1573                 if (!transport->flight_size) {
1574                         if (timer_pending(&transport->T3_rtx_timer) &&
1575                             del_timer(&transport->T3_rtx_timer)) {
1576                                 sctp_transport_put(transport);
1577                         }
1578                 } else if (restart_timer) {
1579                         if (!mod_timer(&transport->T3_rtx_timer,
1580                                        jiffies + transport->rto))
1581                                 sctp_transport_hold(transport);
1582                 }
1583         }
1584
1585         list_splice(&tlist, transmitted_queue);
1586 }
1587
1588 /* Mark chunks as missing and consequently may get retransmitted. */
1589 static void sctp_mark_missing(struct sctp_outq *q,
1590                               struct list_head *transmitted_queue,
1591                               struct sctp_transport *transport,
1592                               __u32 highest_new_tsn_in_sack,
1593                               int count_of_newacks)
1594 {
1595         struct sctp_chunk *chunk;
1596         struct list_head *pos;
1597         __u32 tsn;
1598         char do_fast_retransmit = 0;
1599         struct sctp_transport *primary = q->asoc->peer.primary_path;
1600
1601         list_for_each(pos, transmitted_queue) {
1602
1603                 chunk = list_entry(pos, struct sctp_chunk, transmitted_list);
1604                 tsn = ntohl(chunk->subh.data_hdr->tsn);
1605
1606                 /* RFC 2960 7.2.4, sctpimpguide-05 2.8.2 M3) Examine all
1607                  * 'Unacknowledged TSN's', if the TSN number of an
1608                  * 'Unacknowledged TSN' is smaller than the 'HighestTSNinSack'
1609                  * value, increment the 'TSN.Missing.Report' count on that
1610                  * chunk if it has NOT been fast retransmitted or marked for
1611                  * fast retransmit already.
1612                  */
1613                 if (!chunk->fast_retransmit &&
1614                     !chunk->tsn_gap_acked &&
1615                     TSN_lt(tsn, highest_new_tsn_in_sack)) {
1616
1617                         /* SFR-CACC may require us to skip marking
1618                          * this chunk as missing.
1619                          */
1620                         if (!transport || !sctp_cacc_skip(primary, transport,
1621                                             count_of_newacks, tsn)) {
1622                                 chunk->tsn_missing_report++;
1623
1624                                 SCTP_DEBUG_PRINTK(
1625                                         "%s: TSN 0x%x missing counter: %d\n",
1626                                         __FUNCTION__, tsn,
1627                                         chunk->tsn_missing_report);
1628                         }
1629                 }
1630                 /*
1631                  * M4) If any DATA chunk is found to have a
1632                  * 'TSN.Missing.Report'
1633                  * value larger than or equal to 3, mark that chunk for
1634                  * retransmission and start the fast retransmit procedure.
1635                  */
1636
1637                 if (chunk->tsn_missing_report >= 3) {
1638                         chunk->fast_retransmit = 1;
1639                         do_fast_retransmit = 1;
1640                 }
1641         }
1642
1643         if (transport) {
1644                 if (do_fast_retransmit)
1645                         sctp_retransmit(q, transport, SCTP_RTXR_FAST_RTX);
1646
1647                 SCTP_DEBUG_PRINTK("%s: transport: %p, cwnd: %d, "
1648                                   "ssthresh: %d, flight_size: %d, pba: %d\n",
1649                                   __FUNCTION__, transport, transport->cwnd,
1650                                   transport->ssthresh, transport->flight_size,
1651                                   transport->partial_bytes_acked);
1652         }
1653 }
1654
1655 /* Is the given TSN acked by this packet?  */
1656 static int sctp_acked(struct sctp_sackhdr *sack, __u32 tsn)
1657 {
1658         int i;
1659         sctp_sack_variable_t *frags;
1660         __u16 gap;
1661         __u32 ctsn = ntohl(sack->cum_tsn_ack);
1662
1663         if (TSN_lte(tsn, ctsn))
1664                 goto pass;
1665
1666         /* 3.3.4 Selective Acknowledgement (SACK) (3):
1667          *
1668          * Gap Ack Blocks:
1669          *  These fields contain the Gap Ack Blocks. They are repeated
1670          *  for each Gap Ack Block up to the number of Gap Ack Blocks
1671          *  defined in the Number of Gap Ack Blocks field. All DATA
1672          *  chunks with TSNs greater than or equal to (Cumulative TSN
1673          *  Ack + Gap Ack Block Start) and less than or equal to
1674          *  (Cumulative TSN Ack + Gap Ack Block End) of each Gap Ack
1675          *  Block are assumed to have been received correctly.
1676          */
1677
1678         frags = sack->variable;
1679         gap = tsn - ctsn;
1680         for (i = 0; i < ntohs(sack->num_gap_ack_blocks); ++i) {
1681                 if (TSN_lte(ntohs(frags[i].gab.start), gap) &&
1682                     TSN_lte(gap, ntohs(frags[i].gab.end)))
1683                         goto pass;
1684         }
1685
1686         return 0;
1687 pass:
1688         return 1;
1689 }
1690
1691 static inline int sctp_get_skip_pos(struct sctp_fwdtsn_skip *skiplist,
1692                                     int nskips, __be16 stream)
1693 {
1694         int i;
1695
1696         for (i = 0; i < nskips; i++) {
1697                 if (skiplist[i].stream == stream)
1698                         return i;
1699         }
1700         return i;
1701 }
1702
1703 /* Create and add a fwdtsn chunk to the outq's control queue if needed. */
1704 static void sctp_generate_fwdtsn(struct sctp_outq *q, __u32 ctsn)
1705 {
1706         struct sctp_association *asoc = q->asoc;
1707         struct sctp_chunk *ftsn_chunk = NULL;
1708         struct sctp_fwdtsn_skip ftsn_skip_arr[10];
1709         int nskips = 0;
1710         int skip_pos = 0;
1711         __u32 tsn;
1712         struct sctp_chunk *chunk;
1713         struct list_head *lchunk, *temp;
1714
1715         /* PR-SCTP C1) Let SackCumAck be the Cumulative TSN ACK carried in the
1716          * received SACK.
1717          *
1718          * If (Advanced.Peer.Ack.Point < SackCumAck), then update
1719          * Advanced.Peer.Ack.Point to be equal to SackCumAck.
1720          */
1721         if (TSN_lt(asoc->adv_peer_ack_point, ctsn))
1722                 asoc->adv_peer_ack_point = ctsn;
1723
1724         /* PR-SCTP C2) Try to further advance the "Advanced.Peer.Ack.Point"
1725          * locally, that is, to move "Advanced.Peer.Ack.Point" up as long as
1726          * the chunk next in the out-queue space is marked as "abandoned" as
1727          * shown in the following example:
1728          *
1729          * Assuming that a SACK arrived with the Cumulative TSN ACK 102
1730          * and the Advanced.Peer.Ack.Point is updated to this value:
1731          *
1732          *   out-queue at the end of  ==>   out-queue after Adv.Ack.Point
1733          *   normal SACK processing           local advancement
1734          *                ...                           ...
1735          *   Adv.Ack.Pt-> 102 acked                     102 acked
1736          *                103 abandoned                 103 abandoned
1737          *                104 abandoned     Adv.Ack.P-> 104 abandoned
1738          *                105                           105
1739          *                106 acked                     106 acked
1740          *                ...                           ...
1741          *
1742          * In this example, the data sender successfully advanced the
1743          * "Advanced.Peer.Ack.Point" from 102 to 104 locally.
1744          */
1745         list_for_each_safe(lchunk, temp, &q->abandoned) {
1746                 chunk = list_entry(lchunk, struct sctp_chunk,
1747                                         transmitted_list);
1748                 tsn = ntohl(chunk->subh.data_hdr->tsn);
1749
1750                 /* Remove any chunks in the abandoned queue that are acked by
1751                  * the ctsn.
1752                  */
1753                 if (TSN_lte(tsn, ctsn)) {
1754                         list_del_init(lchunk);
1755                         sctp_chunk_free(chunk);
1756                 } else {
1757                         if (TSN_lte(tsn, asoc->adv_peer_ack_point+1)) {
1758                                 asoc->adv_peer_ack_point = tsn;
1759                                 if (chunk->chunk_hdr->flags &
1760                                          SCTP_DATA_UNORDERED)
1761                                         continue;
1762                                 skip_pos = sctp_get_skip_pos(&ftsn_skip_arr[0],
1763                                                 nskips,
1764                                                 chunk->subh.data_hdr->stream);
1765                                 ftsn_skip_arr[skip_pos].stream =
1766                                         chunk->subh.data_hdr->stream;
1767                                 ftsn_skip_arr[skip_pos].ssn =
1768                                          chunk->subh.data_hdr->ssn;
1769                                 if (skip_pos == nskips)
1770                                         nskips++;
1771                                 if (nskips == 10)
1772                                         break;
1773                         } else
1774                                 break;
1775                 }
1776         }
1777
1778         /* PR-SCTP C3) If, after step C1 and C2, the "Advanced.Peer.Ack.Point"
1779          * is greater than the Cumulative TSN ACK carried in the received
1780          * SACK, the data sender MUST send the data receiver a FORWARD TSN
1781          * chunk containing the latest value of the
1782          * "Advanced.Peer.Ack.Point".
1783          *
1784          * C4) For each "abandoned" TSN the sender of the FORWARD TSN SHOULD
1785          * list each stream and sequence number in the forwarded TSN. This
1786          * information will enable the receiver to easily find any
1787          * stranded TSN's waiting on stream reorder queues. Each stream
1788          * SHOULD only be reported once; this means that if multiple
1789          * abandoned messages occur in the same stream then only the
1790          * highest abandoned stream sequence number is reported. If the
1791          * total size of the FORWARD TSN does NOT fit in a single MTU then
1792          * the sender of the FORWARD TSN SHOULD lower the
1793          * Advanced.Peer.Ack.Point to the last TSN that will fit in a
1794          * single MTU.
1795          */
1796         if (asoc->adv_peer_ack_point > ctsn)
1797                 ftsn_chunk = sctp_make_fwdtsn(asoc, asoc->adv_peer_ack_point,
1798                                               nskips, &ftsn_skip_arr[0]);
1799
1800         if (ftsn_chunk) {
1801                 list_add_tail(&ftsn_chunk->list, &q->control_chunk_list);
1802                 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
1803         }
1804 }