Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 5 Feb 2012 20:06:43 +0000 (UTC)
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r231045 - in stable/9/sys: netinet netinet6
Message-ID:  <201202052006.q15K6hd8099152@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: tuexen
Date: Sun Feb  5 20:06:43 2012
New Revision: 231045
URL: http://svn.freebsd.org/changeset/base/231045

Log:
  MFC r229805:
  Add an SCTP sysctl "blackhole", similar to the one for TCP.
  If set to 1, no ABORT is sent back in response to an incoming
  INIT. If set to 2, no ABORT is sent back in response to
  an out of the blue packet. If set to 0 (the default), ABORTs
  are sent.
  Discussed with rrs@.

Modified:
  stable/9/sys/netinet/sctp_input.c
  stable/9/sys/netinet/sctp_sysctl.c
  stable/9/sys/netinet/sctp_sysctl.h
  stable/9/sys/netinet/sctputil.c
  stable/9/sys/netinet6/sctp6_usrreq.c
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/netinet/sctp_input.c
==============================================================================
--- stable/9/sys/netinet/sctp_input.c	Sun Feb  5 20:04:43 2012	(r231044)
+++ stable/9/sys/netinet/sctp_input.c	Sun Feb  5 20:06:43 2012	(r231045)
@@ -170,8 +170,9 @@ sctp_handle_init(struct mbuf *m, int iph
 		 * accepts(). The App just looses and should NOT be in this
 		 * state :-)
 		 */
-		sctp_abort_association(inp, stcb, m, iphlen, sh, NULL,
-		    vrf_id, port);
+		if (SCTP_BASE_SYSCTL(sctp_blackhole) == 0) {
+			sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);
+		}
 		goto outnow;
 	}
 	if ((stcb != NULL) &&
@@ -5927,8 +5928,13 @@ sctp_skip_csum_4:
 		if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) {
 			goto bad;
 		}
-		if (ch->chunk_type != SCTP_ABORT_ASSOCIATION)
-			sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);
+		if (ch->chunk_type != SCTP_ABORT_ASSOCIATION) {
+			if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) ||
+			    ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) &&
+			    (ch->chunk_type != SCTP_INIT))) {
+				sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);
+			}
+		}
 		goto bad;
 	} else if (stcb == NULL) {
 		refcount_up = 1;

Modified: stable/9/sys/netinet/sctp_sysctl.c
==============================================================================
--- stable/9/sys/netinet/sctp_sysctl.c	Sun Feb  5 20:04:43 2012	(r231044)
+++ stable/9/sys/netinet/sctp_sysctl.c	Sun Feb  5 20:06:43 2012	(r231045)
@@ -117,6 +117,7 @@ sctp_init_sysctls()
 	SCTP_BASE_SYSCTL(sctp_rttvar_eqret) = SCTPCTL_RTTVAR_EQRET_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_steady_step) = SCTPCTL_RTTVAR_STEADYS_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_use_dccc_ecn) = SCTPCTL_RTTVAR_DCCCECN_DEFAULT;
+	SCTP_BASE_SYSCTL(sctp_blackhole) = SCTPCTL_BLACKHOLE_DEFAULT;
 
 #if defined(SCTP_LOCAL_TRACE_BUF)
 	memset(&SCTP_BASE_SYSCTL(sctp_log), 0, sizeof(struct sctp_log));
@@ -670,6 +671,7 @@ sysctl_sctp_check(SYSCTL_HANDLER_ARGS)
 #endif
 		RANGECHK(SCTP_BASE_SYSCTL(sctp_enable_sack_immediately), SCTPCTL_SACK_IMMEDIATELY_ENABLE_MIN, SCTPCTL_SACK_IMMEDIATELY_ENABLE_MAX);
 		RANGECHK(SCTP_BASE_SYSCTL(sctp_inits_include_nat_friendly), SCTPCTL_NAT_FRIENDLY_INITS_MIN, SCTPCTL_NAT_FRIENDLY_INITS_MAX);
+		RANGECHK(SCTP_BASE_SYSCTL(sctp_blackhole), SCTPCTL_BLACKHOLE_MIN, SCTPCTL_BLACKHOLE_MAX);
 
 #ifdef SCTP_DEBUG
 		RANGECHK(SCTP_BASE_SYSCTL(sctp_debug_on), SCTPCTL_DEBUG_MIN, SCTPCTL_DEBUG_MAX);
@@ -1132,6 +1134,10 @@ SYSCTL_VNET_PROC(_net_inet_sctp, OID_AUT
     &SCTP_BASE_SYSCTL(sctp_use_dccc_ecn), 0, sysctl_sctp_check, "IU",
     SCTPCTL_RTTVAR_DCCCECN_DESC);
 
+SYSCTL_VNET_PROC(_net_inet_sctp, OID_AUTO, blackhole, CTLTYPE_UINT | CTLFLAG_RW,
+    &SCTP_BASE_SYSCTL(sctp_blackhole), 0, sysctl_sctp_check, "IU",
+    SCTPCTL_BLACKHOLE_DESC);
+
 #ifdef SCTP_DEBUG
 SYSCTL_VNET_PROC(_net_inet_sctp, OID_AUTO, debug, CTLTYPE_UINT | CTLFLAG_RW,
     &SCTP_BASE_SYSCTL(sctp_debug_on), 0, sysctl_sctp_check, "IU",

Modified: stable/9/sys/netinet/sctp_sysctl.h
==============================================================================
--- stable/9/sys/netinet/sctp_sysctl.h	Sun Feb  5 20:04:43 2012	(r231044)
+++ stable/9/sys/netinet/sctp_sysctl.h	Sun Feb  5 20:06:43 2012	(r231045)
@@ -115,6 +115,7 @@ struct sctp_sysctl {
 	uint32_t sctp_vtag_time_wait;
 	uint32_t sctp_buffer_splitting;
 	uint32_t sctp_initial_cwnd;
+	uint32_t sctp_blackhole;
 #if defined(SCTP_DEBUG)
 	uint32_t sctp_debug_on;
 #endif
@@ -526,6 +527,11 @@ struct sctp_sysctl {
 #define SCTPCTL_RTTVAR_DCCCECN_MAX	1
 #define SCTPCTL_RTTVAR_DCCCECN_DEFAULT	1	/* 0 means disable feature */
 
+#define SCTPCTL_BLACKHOLE_DESC		"Enable SCTP blackholing"
+#define SCTPCTL_BLACKHOLE_MIN		0
+#define SCTPCTL_BLACKHOLE_MAX		2
+#define SCTPCTL_BLACKHOLE_DEFAULT	SCTPCTL_BLACKHOLE_MIN
+
 #if defined(SCTP_DEBUG)
 /* debug: Configure debug output */
 #define SCTPCTL_DEBUG_DESC	"Configure debug output"

Modified: stable/9/sys/netinet/sctputil.c
==============================================================================
--- stable/9/sys/netinet/sctputil.c	Sun Feb  5 20:04:43 2012	(r231044)
+++ stable/9/sys/netinet/sctputil.c	Sun Feb  5 20:06:43 2012	(r231045)
@@ -3800,6 +3800,7 @@ sctp_handle_ootb(struct mbuf *m, int iph
 {
 	struct sctp_chunkhdr *ch, chunk_buf;
 	unsigned int chk_length;
+	int contains_init_chunk;
 
 	SCTP_STAT_INCR_COUNTER32(sctps_outoftheblue);
 	/* Generate a TO address for future reference */
@@ -3809,6 +3810,7 @@ sctp_handle_ootb(struct mbuf *m, int iph
 			    SCTP_CALLED_DIRECTLY_NOCMPSET);
 		}
 	}
+	contains_init_chunk = 0;
 	ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset,
 	    sizeof(*ch), (uint8_t *) & chunk_buf);
 	while (ch != NULL) {
@@ -3818,6 +3820,9 @@ sctp_handle_ootb(struct mbuf *m, int iph
 			break;
 		}
 		switch (ch->chunk_type) {
+		case SCTP_INIT:
+			contains_init_chunk = 1;
+			break;
 		case SCTP_COOKIE_ECHO:
 			/* We hit here only if the assoc is being freed */
 			return;
@@ -3843,7 +3848,11 @@ sctp_handle_ootb(struct mbuf *m, int iph
 		ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset,
 		    sizeof(*ch), (uint8_t *) & chunk_buf);
 	}
-	sctp_send_abort(m, iphlen, sh, 0, op_err, vrf_id, port);
+	if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) ||
+	    ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) &&
+	    (contains_init_chunk == 0))) {
+		sctp_send_abort(m, iphlen, sh, 0, op_err, vrf_id, port);
+	}
 }
 
 /*

Modified: stable/9/sys/netinet6/sctp6_usrreq.c
==============================================================================
--- stable/9/sys/netinet6/sctp6_usrreq.c	Sun Feb  5 20:04:43 2012	(r231044)
+++ stable/9/sys/netinet6/sctp6_usrreq.c	Sun Feb  5 20:06:43 2012	(r231045)
@@ -236,8 +236,13 @@ sctp_skip_csum:
 		if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) {
 			goto bad;
 		}
-		if (ch->chunk_type != SCTP_ABORT_ASSOCIATION)
-			sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);
+		if (ch->chunk_type != SCTP_ABORT_ASSOCIATION) {
+			if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) ||
+			    ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) &&
+			    (ch->chunk_type != SCTP_INIT))) {
+				sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);
+			}
+		}
 		goto bad;
 	} else if (stcb == NULL) {
 		refcount_up = 1;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202052006.q15K6hd8099152>