From owner-svn-src-all@FreeBSD.ORG  Sat Feb 11 01:05:42 2012
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 31ED7106564A;
	Sat, 11 Feb 2012 01:05:42 +0000 (UTC)
	(envelope-from tuexen@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 1F8288FC08;
	Sat, 11 Feb 2012 01:05:42 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q1B15g6G005951;
	Sat, 11 Feb 2012 01:05:42 GMT (envelope-from tuexen@svn.freebsd.org)
Received: (from tuexen@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q1B15fYV005945;
	Sat, 11 Feb 2012 01:05:41 GMT (envelope-from tuexen@svn.freebsd.org)
Message-Id: <201202110105.q1B15fYV005945@svn.freebsd.org>
From: Michael Tuexen <tuexen@FreeBSD.org>
Date: Sat, 11 Feb 2012 01:05:41 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r231496 - in stable/8/sys: netinet netinet6
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Feb 2012 01:05:42 -0000

Author: tuexen
Date: Sat Feb 11 01:05:41 2012
New Revision: 231496
URL: http://svn.freebsd.org/changeset/base/231496

Log:
  MFC r229805:
  Add an SCTP sysctl "blackhole", similar to the one for TCP.
  If set to 1, no ABORT is sent back in response to an incoming
  INIT. If set to 2, no ABORT is sent back in response to
  an out of the blue packet. If set to 0 (the default), ABORTs
  are sent.
  Discussed with rrs@.

Modified:
  stable/8/sys/netinet/sctp_input.c
  stable/8/sys/netinet/sctp_sysctl.c
  stable/8/sys/netinet/sctp_sysctl.h
  stable/8/sys/netinet/sctputil.c
  stable/8/sys/netinet6/sctp6_usrreq.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/boot/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/dev/e1000/   (props changed)

Modified: stable/8/sys/netinet/sctp_input.c
==============================================================================
--- stable/8/sys/netinet/sctp_input.c	Sat Feb 11 01:03:17 2012	(r231495)
+++ stable/8/sys/netinet/sctp_input.c	Sat Feb 11 01:05:41 2012	(r231496)
@@ -170,8 +170,9 @@ sctp_handle_init(struct mbuf *m, int iph
 		 * accepts(). The App just looses and should NOT be in this
 		 * state :-)
 		 */
-		sctp_abort_association(inp, stcb, m, iphlen, sh, NULL,
-		    vrf_id, port);
+		if (SCTP_BASE_SYSCTL(sctp_blackhole) == 0) {
+			sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);
+		}
 		goto outnow;
 	}
 	if ((stcb != NULL) &&
@@ -5927,8 +5928,13 @@ sctp_skip_csum_4:
 		if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) {
 			goto bad;
 		}
-		if (ch->chunk_type != SCTP_ABORT_ASSOCIATION)
-			sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);
+		if (ch->chunk_type != SCTP_ABORT_ASSOCIATION) {
+			if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) ||
+			    ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) &&
+			    (ch->chunk_type != SCTP_INIT))) {
+				sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);
+			}
+		}
 		goto bad;
 	} else if (stcb == NULL) {
 		refcount_up = 1;

Modified: stable/8/sys/netinet/sctp_sysctl.c
==============================================================================
--- stable/8/sys/netinet/sctp_sysctl.c	Sat Feb 11 01:03:17 2012	(r231495)
+++ stable/8/sys/netinet/sctp_sysctl.c	Sat Feb 11 01:05:41 2012	(r231496)
@@ -117,6 +117,7 @@ sctp_init_sysctls()
 	SCTP_BASE_SYSCTL(sctp_rttvar_eqret) = SCTPCTL_RTTVAR_EQRET_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_steady_step) = SCTPCTL_RTTVAR_STEADYS_DEFAULT;
 	SCTP_BASE_SYSCTL(sctp_use_dccc_ecn) = SCTPCTL_RTTVAR_DCCCECN_DEFAULT;
+	SCTP_BASE_SYSCTL(sctp_blackhole) = SCTPCTL_BLACKHOLE_DEFAULT;
 
 #if defined(SCTP_LOCAL_TRACE_BUF)
 	memset(&SCTP_BASE_SYSCTL(sctp_log), 0, sizeof(struct sctp_log));
@@ -665,6 +666,7 @@ sysctl_sctp_check(SYSCTL_HANDLER_ARGS)
 		RANGECHK(SCTP_BASE_SYSCTL(sctp_mobility_fasthandoff), SCTPCTL_MOBILITY_FASTHANDOFF_MIN, SCTPCTL_MOBILITY_FASTHANDOFF_MAX);
 		RANGECHK(SCTP_BASE_SYSCTL(sctp_enable_sack_immediately), SCTPCTL_SACK_IMMEDIATELY_ENABLE_MIN, SCTPCTL_SACK_IMMEDIATELY_ENABLE_MAX);
 		RANGECHK(SCTP_BASE_SYSCTL(sctp_inits_include_nat_friendly), SCTPCTL_NAT_FRIENDLY_INITS_MIN, SCTPCTL_NAT_FRIENDLY_INITS_MAX);
+		RANGECHK(SCTP_BASE_SYSCTL(sctp_blackhole), SCTPCTL_BLACKHOLE_MIN, SCTPCTL_BLACKHOLE_MAX);
 
 #ifdef SCTP_DEBUG
 		RANGECHK(SCTP_BASE_SYSCTL(sctp_debug_on), SCTPCTL_DEBUG_MIN, SCTPCTL_DEBUG_MAX);
@@ -1123,6 +1125,10 @@ SYSCTL_VNET_PROC(_net_inet_sctp, OID_AUT
     &SCTP_BASE_SYSCTL(sctp_use_dccc_ecn), 0, sysctl_sctp_check, "IU",
     SCTPCTL_RTTVAR_DCCCECN_DESC);
 
+SYSCTL_VNET_PROC(_net_inet_sctp, OID_AUTO, blackhole, CTLTYPE_UINT | CTLFLAG_RW,
+    &SCTP_BASE_SYSCTL(sctp_blackhole), 0, sysctl_sctp_check, "IU",
+    SCTPCTL_BLACKHOLE_DESC);
+
 #ifdef SCTP_DEBUG
 SYSCTL_VNET_PROC(_net_inet_sctp, OID_AUTO, debug, CTLTYPE_UINT | CTLFLAG_RW,
     &SCTP_BASE_SYSCTL(sctp_debug_on), 0, sysctl_sctp_check, "IU",

Modified: stable/8/sys/netinet/sctp_sysctl.h
==============================================================================
--- stable/8/sys/netinet/sctp_sysctl.h	Sat Feb 11 01:03:17 2012	(r231495)
+++ stable/8/sys/netinet/sctp_sysctl.h	Sat Feb 11 01:05:41 2012	(r231496)
@@ -114,6 +114,7 @@ struct sctp_sysctl {
 	uint32_t sctp_vtag_time_wait;
 	uint32_t sctp_buffer_splitting;
 	uint32_t sctp_initial_cwnd;
+	uint32_t sctp_blackhole;
 #if defined(SCTP_DEBUG)
 	uint32_t sctp_debug_on;
 #endif
@@ -519,6 +520,11 @@ struct sctp_sysctl {
 #define SCTPCTL_RTTVAR_DCCCECN_MAX	1
 #define SCTPCTL_RTTVAR_DCCCECN_DEFAULT	1	/* 0 means disable feature */
 
+#define SCTPCTL_BLACKHOLE_DESC		"Enable SCTP blackholing"
+#define SCTPCTL_BLACKHOLE_MIN		0
+#define SCTPCTL_BLACKHOLE_MAX		2
+#define SCTPCTL_BLACKHOLE_DEFAULT	SCTPCTL_BLACKHOLE_MIN
+
 #if defined(SCTP_DEBUG)
 /* debug: Configure debug output */
 #define SCTPCTL_DEBUG_DESC	"Configure debug output"

Modified: stable/8/sys/netinet/sctputil.c
==============================================================================
--- stable/8/sys/netinet/sctputil.c	Sat Feb 11 01:03:17 2012	(r231495)
+++ stable/8/sys/netinet/sctputil.c	Sat Feb 11 01:05:41 2012	(r231496)
@@ -3801,6 +3801,7 @@ sctp_handle_ootb(struct mbuf *m, int iph
 {
 	struct sctp_chunkhdr *ch, chunk_buf;
 	unsigned int chk_length;
+	int contains_init_chunk;
 
 	SCTP_STAT_INCR_COUNTER32(sctps_outoftheblue);
 	/* Generate a TO address for future reference */
@@ -3810,6 +3811,7 @@ sctp_handle_ootb(struct mbuf *m, int iph
 			    SCTP_CALLED_DIRECTLY_NOCMPSET);
 		}
 	}
+	contains_init_chunk = 0;
 	ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset,
 	    sizeof(*ch), (uint8_t *) & chunk_buf);
 	while (ch != NULL) {
@@ -3819,6 +3821,9 @@ sctp_handle_ootb(struct mbuf *m, int iph
 			break;
 		}
 		switch (ch->chunk_type) {
+		case SCTP_INIT:
+			contains_init_chunk = 1;
+			break;
 		case SCTP_COOKIE_ECHO:
 			/* We hit here only if the assoc is being freed */
 			return;
@@ -3844,7 +3849,11 @@ sctp_handle_ootb(struct mbuf *m, int iph
 		ch = (struct sctp_chunkhdr *)sctp_m_getptr(m, offset,
 		    sizeof(*ch), (uint8_t *) & chunk_buf);
 	}
-	sctp_send_abort(m, iphlen, sh, 0, op_err, vrf_id, port);
+	if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) ||
+	    ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) &&
+	    (contains_init_chunk == 0))) {
+		sctp_send_abort(m, iphlen, sh, 0, op_err, vrf_id, port);
+	}
 }
 
 /*

Modified: stable/8/sys/netinet6/sctp6_usrreq.c
==============================================================================
--- stable/8/sys/netinet6/sctp6_usrreq.c	Sat Feb 11 01:03:17 2012	(r231495)
+++ stable/8/sys/netinet6/sctp6_usrreq.c	Sat Feb 11 01:05:41 2012	(r231496)
@@ -236,8 +236,13 @@ sctp_skip_csum:
 		if (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) {
 			goto bad;
 		}
-		if (ch->chunk_type != SCTP_ABORT_ASSOCIATION)
-			sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);
+		if (ch->chunk_type != SCTP_ABORT_ASSOCIATION) {
+			if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) ||
+			    ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) &&
+			    (ch->chunk_type != SCTP_INIT))) {
+				sctp_send_abort(m, iphlen, sh, 0, NULL, vrf_id, port);
+			}
+		}
 		goto bad;
 	} else if (stcb == NULL) {
 		refcount_up = 1;