1 /*-
2 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * a) Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 *
12 * b) Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the distribution.
15 *
16 * c) Neither the name of Cisco Systems, Inc. nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
30 * THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD: releng/9.1/sys/netinet/sctp_pcb.c 239452 2012-08-20 17:36:10Z tuexen $");
35
36 #include <netinet/sctp_os.h>
37 #include <sys/proc.h>
38 #include <netinet/sctp_var.h>
39 #include <netinet/sctp_sysctl.h>
40 #include <netinet/sctp_pcb.h>
41 #include <netinet/sctputil.h>
42 #include <netinet/sctp.h>
43 #include <netinet/sctp_header.h>
44 #include <netinet/sctp_asconf.h>
45 #include <netinet/sctp_output.h>
46 #include <netinet/sctp_timer.h>
47 #include <netinet/sctp_bsd_addr.h>
48 #include <netinet/sctp_dtrace_define.h>
49 #include <netinet/udp.h>
50 #ifdef INET6
51 #include <netinet6/ip6_var.h>
52 #endif
53 #include <sys/sched.h>
54 #include <sys/smp.h>
55 #include <sys/unistd.h>
56
57
58 VNET_DEFINE(struct sctp_base_info, system_base_info);
59
60 /* FIX: we don't handle multiple link local scopes */
61 /* "scopeless" replacement IN6_ARE_ADDR_EQUAL */
62 #ifdef INET6
63 int
64 SCTP6_ARE_ADDR_EQUAL(struct sockaddr_in6 *a, struct sockaddr_in6 *b)
65 {
66 struct sockaddr_in6 tmp_a, tmp_b;
67
68 memcpy(&tmp_a, a, sizeof(struct sockaddr_in6));
69 if (sa6_embedscope(&tmp_a, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
70 return (0);
71 }
72 memcpy(&tmp_b, b, sizeof(struct sockaddr_in6));
73 if (sa6_embedscope(&tmp_b, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
74 return (0);
75 }
76 return (IN6_ARE_ADDR_EQUAL(&tmp_a.sin6_addr, &tmp_b.sin6_addr));
77 }
78
79 #endif
80
81 void
82 sctp_fill_pcbinfo(struct sctp_pcbinfo *spcb)
83 {
84 /*
85 * We really don't need to lock this, but I will just because it
86 * does not hurt.
87 */
88 SCTP_INP_INFO_RLOCK();
89 spcb->ep_count = SCTP_BASE_INFO(ipi_count_ep);
90 spcb->asoc_count = SCTP_BASE_INFO(ipi_count_asoc);
91 spcb->laddr_count = SCTP_BASE_INFO(ipi_count_laddr);
92 spcb->raddr_count = SCTP_BASE_INFO(ipi_count_raddr);
93 spcb->chk_count = SCTP_BASE_INFO(ipi_count_chunk);
94 spcb->readq_count = SCTP_BASE_INFO(ipi_count_readq);
95 spcb->stream_oque = SCTP_BASE_INFO(ipi_count_strmoq);
96 spcb->free_chunks = SCTP_BASE_INFO(ipi_free_chunks);
97
98 SCTP_INP_INFO_RUNLOCK();
99 }
100
101 /*
102 * Addresses are added to VRF's (Virtual Router's). For BSD we
103 * have only the default VRF 0. We maintain a hash list of
104 * VRF's. Each VRF has its own list of sctp_ifn's. Each of
105 * these has a list of addresses. When we add a new address
106 * to a VRF we lookup the ifn/ifn_index, if the ifn does
107 * not exist we create it and add it to the list of IFN's
108 * within the VRF. Once we have the sctp_ifn, we add the
109 * address to the list. So we look something like:
110 *
111 * hash-vrf-table
112 * vrf-> ifn-> ifn -> ifn
113 * vrf |
114 * ... +--ifa-> ifa -> ifa
115 * vrf
116 *
117 * We keep these separate lists since the SCTP subsystem will
118 * point to these from its source address selection nets structure.
119 * When an address is deleted it does not happen right away on
120 * the SCTP side, it gets scheduled. What we do when a
121 * delete happens is immediately remove the address from
122 * the master list and decrement the refcount. As our
123 * addip iterator works through and frees the src address
124 * selection pointing to the sctp_ifa, eventually the refcount
125 * will reach 0 and we will delete it. Note that it is assumed
126 * that any locking on system level ifn/ifa is done at the
127 * caller of these functions and these routines will only
128 * lock the SCTP structures as they add or delete things.
129 *
130 * Other notes on VRF concepts.
131 * - An endpoint can be in multiple VRF's
132 * - An association lives within a VRF and only one VRF.
133 * - Any incoming packet we can deduce the VRF for by
134 * looking at the mbuf/pak inbound (for BSD its VRF=0 :D)
135 * - Any downward send call or connect call must supply the
136 * VRF via ancillary data or via some sort of set default
137 * VRF socket option call (again for BSD no brainer since
138 * the VRF is always 0).
139 * - An endpoint may add multiple VRF's to it.
140 * - Listening sockets can accept associations in any
141 * of the VRF's they are in but the assoc will end up
142 * in only one VRF (gotten from the packet or connect/send).
143 *
144 */
145
146 struct sctp_vrf *
147 sctp_allocate_vrf(int vrf_id)
148 {
149 struct sctp_vrf *vrf = NULL;
150 struct sctp_vrflist *bucket;
151
152 /* First allocate the VRF structure */
153 vrf = sctp_find_vrf(vrf_id);
154 if (vrf) {
155 /* Already allocated */
156 return (vrf);
157 }
158 SCTP_MALLOC(vrf, struct sctp_vrf *, sizeof(struct sctp_vrf),
159 SCTP_M_VRF);
160 if (vrf == NULL) {
161 /* No memory */
162 #ifdef INVARIANTS
163 panic("No memory for VRF:%d", vrf_id);
164 #endif
165 return (NULL);
166 }
167 /* setup the VRF */
168 memset(vrf, 0, sizeof(struct sctp_vrf));
169 vrf->vrf_id = vrf_id;
170 LIST_INIT(&vrf->ifnlist);
171 vrf->total_ifa_count = 0;
172 vrf->refcount = 0;
173 /* now also setup table ids */
174 SCTP_INIT_VRF_TABLEID(vrf);
175 /* Init the HASH of addresses */
176 vrf->vrf_addr_hash = SCTP_HASH_INIT(SCTP_VRF_ADDR_HASH_SIZE,
177 &vrf->vrf_addr_hashmark);
178 if (vrf->vrf_addr_hash == NULL) {
179 /* No memory */
180 #ifdef INVARIANTS
181 panic("No memory for VRF:%d", vrf_id);
182 #endif
183 SCTP_FREE(vrf, SCTP_M_VRF);
184 return (NULL);
185 }
186 /* Add it to the hash table */
187 bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(vrf_id & SCTP_BASE_INFO(hashvrfmark))];
188 LIST_INSERT_HEAD(bucket, vrf, next_vrf);
189 atomic_add_int(&SCTP_BASE_INFO(ipi_count_vrfs), 1);
190 return (vrf);
191 }
192
193
194 struct sctp_ifn *
195 sctp_find_ifn(void *ifn, uint32_t ifn_index)
196 {
197 struct sctp_ifn *sctp_ifnp;
198 struct sctp_ifnlist *hash_ifn_head;
199
200 /*
201 * We assume the lock is held for the addresses if that's wrong
202 * problems could occur :-)
203 */
204 hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))];
205 LIST_FOREACH(sctp_ifnp, hash_ifn_head, next_bucket) {
206 if (sctp_ifnp->ifn_index == ifn_index) {
207 return (sctp_ifnp);
208 }
209 if (sctp_ifnp->ifn_p && ifn && (sctp_ifnp->ifn_p == ifn)) {
210 return (sctp_ifnp);
211 }
212 }
213 return (NULL);
214 }
215
216
217
218 struct sctp_vrf *
219 sctp_find_vrf(uint32_t vrf_id)
220 {
221 struct sctp_vrflist *bucket;
222 struct sctp_vrf *liste;
223
224 bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(vrf_id & SCTP_BASE_INFO(hashvrfmark))];
225 LIST_FOREACH(liste, bucket, next_vrf) {
226 if (vrf_id == liste->vrf_id) {
227 return (liste);
228 }
229 }
230 return (NULL);
231 }
232
233 void
234 sctp_free_vrf(struct sctp_vrf *vrf)
235 {
236 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&vrf->refcount)) {
237 if (vrf->vrf_addr_hash) {
238 SCTP_HASH_FREE(vrf->vrf_addr_hash, vrf->vrf_addr_hashmark);
239 vrf->vrf_addr_hash = NULL;
240 }
241 /* We zero'd the count */
242 LIST_REMOVE(vrf, next_vrf);
243 SCTP_FREE(vrf, SCTP_M_VRF);
244 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_vrfs), 1);
245 }
246 }
247
248 void
249 sctp_free_ifn(struct sctp_ifn *sctp_ifnp)
250 {
251 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&sctp_ifnp->refcount)) {
252 /* We zero'd the count */
253 if (sctp_ifnp->vrf) {
254 sctp_free_vrf(sctp_ifnp->vrf);
255 }
256 SCTP_FREE(sctp_ifnp, SCTP_M_IFN);
257 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_ifns), 1);
258 }
259 }
260
261 void
262 sctp_update_ifn_mtu(uint32_t ifn_index, uint32_t mtu)
263 {
264 struct sctp_ifn *sctp_ifnp;
265
266 sctp_ifnp = sctp_find_ifn((void *)NULL, ifn_index);
267 if (sctp_ifnp != NULL) {
268 sctp_ifnp->ifn_mtu = mtu;
269 }
270 }
271
272
273 void
274 sctp_free_ifa(struct sctp_ifa *sctp_ifap)
275 {
276 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&sctp_ifap->refcount)) {
277 /* We zero'd the count */
278 if (sctp_ifap->ifn_p) {
279 sctp_free_ifn(sctp_ifap->ifn_p);
280 }
281 SCTP_FREE(sctp_ifap, SCTP_M_IFA);
282 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_ifas), 1);
283 }
284 }
285
286 static void
287 sctp_delete_ifn(struct sctp_ifn *sctp_ifnp, int hold_addr_lock)
288 {
289 struct sctp_ifn *found;
290
291 found = sctp_find_ifn(sctp_ifnp->ifn_p, sctp_ifnp->ifn_index);
292 if (found == NULL) {
293 /* Not in the list.. sorry */
294 return;
295 }
296 if (hold_addr_lock == 0)
297 SCTP_IPI_ADDR_WLOCK();
298 LIST_REMOVE(sctp_ifnp, next_bucket);
299 LIST_REMOVE(sctp_ifnp, next_ifn);
300 SCTP_DEREGISTER_INTERFACE(sctp_ifnp->ifn_index,
301 sctp_ifnp->registered_af);
302 if (hold_addr_lock == 0)
303 SCTP_IPI_ADDR_WUNLOCK();
304 /* Take away the reference, and possibly free it */
305 sctp_free_ifn(sctp_ifnp);
306 }
307
308 void
309 sctp_mark_ifa_addr_down(uint32_t vrf_id, struct sockaddr *addr,
310 const char *if_name, uint32_t ifn_index)
311 {
312 struct sctp_vrf *vrf;
313 struct sctp_ifa *sctp_ifap = NULL;
314
315 SCTP_IPI_ADDR_RLOCK();
316 vrf = sctp_find_vrf(vrf_id);
317 if (vrf == NULL) {
318 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id);
319 goto out;
320
321 }
322 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
323 if (sctp_ifap == NULL) {
324 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find sctp_ifap for address\n");
325 goto out;
326 }
327 if (sctp_ifap->ifn_p == NULL) {
328 SCTPDBG(SCTP_DEBUG_PCB4, "IFA has no IFN - can't mark unuseable\n");
329 goto out;
330 }
331 if (if_name) {
332 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) != 0) {
333 SCTPDBG(SCTP_DEBUG_PCB4, "IFN %s of IFA not the same as %s\n",
334 sctp_ifap->ifn_p->ifn_name, if_name);
335 goto out;
336 }
337 } else {
338 if (sctp_ifap->ifn_p->ifn_index != ifn_index) {
339 SCTPDBG(SCTP_DEBUG_PCB4, "IFA owned by ifn_index:%d down command for ifn_index:%d - ignored\n",
340 sctp_ifap->ifn_p->ifn_index, ifn_index);
341 goto out;
342 }
343 }
344
345 sctp_ifap->localifa_flags &= (~SCTP_ADDR_VALID);
346 sctp_ifap->localifa_flags |= SCTP_ADDR_IFA_UNUSEABLE;
347 out:
348 SCTP_IPI_ADDR_RUNLOCK();
349 }
350
351 void
352 sctp_mark_ifa_addr_up(uint32_t vrf_id, struct sockaddr *addr,
353 const char *if_name, uint32_t ifn_index)
354 {
355 struct sctp_vrf *vrf;
356 struct sctp_ifa *sctp_ifap = NULL;
357
358 SCTP_IPI_ADDR_RLOCK();
359 vrf = sctp_find_vrf(vrf_id);
360 if (vrf == NULL) {
361 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id);
362 goto out;
363
364 }
365 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
366 if (sctp_ifap == NULL) {
367 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find sctp_ifap for address\n");
368 goto out;
369 }
370 if (sctp_ifap->ifn_p == NULL) {
371 SCTPDBG(SCTP_DEBUG_PCB4, "IFA has no IFN - can't mark unuseable\n");
372 goto out;
373 }
374 if (if_name) {
375 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) != 0) {
376 SCTPDBG(SCTP_DEBUG_PCB4, "IFN %s of IFA not the same as %s\n",
377 sctp_ifap->ifn_p->ifn_name, if_name);
378 goto out;
379 }
380 } else {
381 if (sctp_ifap->ifn_p->ifn_index != ifn_index) {
382 SCTPDBG(SCTP_DEBUG_PCB4, "IFA owned by ifn_index:%d down command for ifn_index:%d - ignored\n",
383 sctp_ifap->ifn_p->ifn_index, ifn_index);
384 goto out;
385 }
386 }
387
388 sctp_ifap->localifa_flags &= (~SCTP_ADDR_IFA_UNUSEABLE);
389 sctp_ifap->localifa_flags |= SCTP_ADDR_VALID;
390 out:
391 SCTP_IPI_ADDR_RUNLOCK();
392 }
393
394 /*-
395 * Add an ifa to an ifn.
396 * Register the interface as necessary.
397 * NOTE: ADDR write lock MUST be held.
398 */
399 static void
400 sctp_add_ifa_to_ifn(struct sctp_ifn *sctp_ifnp, struct sctp_ifa *sctp_ifap)
401 {
402 int ifa_af;
403
404 LIST_INSERT_HEAD(&sctp_ifnp->ifalist, sctp_ifap, next_ifa);
405 sctp_ifap->ifn_p = sctp_ifnp;
406 atomic_add_int(&sctp_ifap->ifn_p->refcount, 1);
407 /* update address counts */
408 sctp_ifnp->ifa_count++;
409 ifa_af = sctp_ifap->address.sa.sa_family;
410 switch (ifa_af) {
411 #ifdef INET
412 case AF_INET:
413 sctp_ifnp->num_v4++;
414 break;
415 #endif
416 #ifdef INET6
417 case AF_INET6:
418 sctp_ifnp->num_v6++;
419 break;
420 #endif
421 default:
422 break;
423 }
424 if (sctp_ifnp->ifa_count == 1) {
425 /* register the new interface */
426 SCTP_REGISTER_INTERFACE(sctp_ifnp->ifn_index, ifa_af);
427 sctp_ifnp->registered_af = ifa_af;
428 }
429 }
430
431 /*-
432 * Remove an ifa from its ifn.
433 * If no more addresses exist, remove the ifn too. Otherwise, re-register
434 * the interface based on the remaining address families left.
435 * NOTE: ADDR write lock MUST be held.
436 */
437 static void
438 sctp_remove_ifa_from_ifn(struct sctp_ifa *sctp_ifap)
439 {
440 LIST_REMOVE(sctp_ifap, next_ifa);
441 if (sctp_ifap->ifn_p) {
442 /* update address counts */
443 sctp_ifap->ifn_p->ifa_count--;
444 switch (sctp_ifap->address.sa.sa_family) {
445 #ifdef INET
446 case AF_INET:
447 sctp_ifap->ifn_p->num_v4--;
448 break;
449 #endif
450 #ifdef INET6
451 case AF_INET6:
452 sctp_ifap->ifn_p->num_v6--;
453 break;
454 #endif
455 default:
456 break;
457 }
458
459 if (LIST_EMPTY(&sctp_ifap->ifn_p->ifalist)) {
460 /* remove the ifn, possibly freeing it */
461 sctp_delete_ifn(sctp_ifap->ifn_p, SCTP_ADDR_LOCKED);
462 } else {
463 /* re-register address family type, if needed */
464 if ((sctp_ifap->ifn_p->num_v6 == 0) &&
465 (sctp_ifap->ifn_p->registered_af == AF_INET6)) {
466 SCTP_DEREGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET6);
467 SCTP_REGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET);
468 sctp_ifap->ifn_p->registered_af = AF_INET;
469 } else if ((sctp_ifap->ifn_p->num_v4 == 0) &&
470 (sctp_ifap->ifn_p->registered_af == AF_INET)) {
471 SCTP_DEREGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET);
472 SCTP_REGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET6);
473 sctp_ifap->ifn_p->registered_af = AF_INET6;
474 }
475 /* free the ifn refcount */
476 sctp_free_ifn(sctp_ifap->ifn_p);
477 }
478 sctp_ifap->ifn_p = NULL;
479 }
480 }
481
482 struct sctp_ifa *
483 sctp_add_addr_to_vrf(uint32_t vrf_id, void *ifn, uint32_t ifn_index,
484 uint32_t ifn_type, const char *if_name, void *ifa,
485 struct sockaddr *addr, uint32_t ifa_flags,
486 int dynamic_add)
487 {
488 struct sctp_vrf *vrf;
489 struct sctp_ifn *sctp_ifnp = NULL;
490 struct sctp_ifa *sctp_ifap = NULL;
491 struct sctp_ifalist *hash_addr_head;
492 struct sctp_ifnlist *hash_ifn_head;
493 uint32_t hash_of_addr;
494 int new_ifn_af = 0;
495
496 #ifdef SCTP_DEBUG
497 SCTPDBG(SCTP_DEBUG_PCB4, "vrf_id 0x%x: adding address: ", vrf_id);
498 SCTPDBG_ADDR(SCTP_DEBUG_PCB4, addr);
499 #endif
500 SCTP_IPI_ADDR_WLOCK();
501 sctp_ifnp = sctp_find_ifn(ifn, ifn_index);
502 if (sctp_ifnp) {
503 vrf = sctp_ifnp->vrf;
504 } else {
505 vrf = sctp_find_vrf(vrf_id);
506 if (vrf == NULL) {
507 vrf = sctp_allocate_vrf(vrf_id);
508 if (vrf == NULL) {
509 SCTP_IPI_ADDR_WUNLOCK();
510 return (NULL);
511 }
512 }
513 }
514 if (sctp_ifnp == NULL) {
515 /*
516 * build one and add it, can't hold lock until after malloc
517 * done though.
518 */
519 SCTP_IPI_ADDR_WUNLOCK();
520 SCTP_MALLOC(sctp_ifnp, struct sctp_ifn *,
521 sizeof(struct sctp_ifn), SCTP_M_IFN);
522 if (sctp_ifnp == NULL) {
523 #ifdef INVARIANTS
524 panic("No memory for IFN");
525 #endif
526 return (NULL);
527 }
528 memset(sctp_ifnp, 0, sizeof(struct sctp_ifn));
529 sctp_ifnp->ifn_index = ifn_index;
530 sctp_ifnp->ifn_p = ifn;
531 sctp_ifnp->ifn_type = ifn_type;
532 sctp_ifnp->refcount = 0;
533 sctp_ifnp->vrf = vrf;
534 atomic_add_int(&vrf->refcount, 1);
535 sctp_ifnp->ifn_mtu = SCTP_GATHER_MTU_FROM_IFN_INFO(ifn, ifn_index, addr->sa_family);
536 if (if_name != NULL) {
537 snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name);
538 } else {
539 snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown");
540 }
541 hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))];
542 LIST_INIT(&sctp_ifnp->ifalist);
543 SCTP_IPI_ADDR_WLOCK();
544 LIST_INSERT_HEAD(hash_ifn_head, sctp_ifnp, next_bucket);
545 LIST_INSERT_HEAD(&vrf->ifnlist, sctp_ifnp, next_ifn);
546 atomic_add_int(&SCTP_BASE_INFO(ipi_count_ifns), 1);
547 new_ifn_af = 1;
548 }
549 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
550 if (sctp_ifap) {
551 /* Hmm, it already exists? */
552 if ((sctp_ifap->ifn_p) &&
553 (sctp_ifap->ifn_p->ifn_index == ifn_index)) {
554 SCTPDBG(SCTP_DEBUG_PCB4, "Using existing ifn %s (0x%x) for ifa %p\n",
555 sctp_ifap->ifn_p->ifn_name, ifn_index,
556 sctp_ifap);
557 if (new_ifn_af) {
558 /* Remove the created one that we don't want */
559 sctp_delete_ifn(sctp_ifnp, SCTP_ADDR_LOCKED);
560 }
561 if (sctp_ifap->localifa_flags & SCTP_BEING_DELETED) {
562 /* easy to solve, just switch back to active */
563 SCTPDBG(SCTP_DEBUG_PCB4, "Clearing deleted ifa flag\n");
564 sctp_ifap->localifa_flags = SCTP_ADDR_VALID;
565 sctp_ifap->ifn_p = sctp_ifnp;
566 atomic_add_int(&sctp_ifap->ifn_p->refcount, 1);
567 }
568 exit_stage_left:
569 SCTP_IPI_ADDR_WUNLOCK();
570 return (sctp_ifap);
571 } else {
572 if (sctp_ifap->ifn_p) {
573 /*
574 * The last IFN gets the address, remove the
575 * old one
576 */
577 SCTPDBG(SCTP_DEBUG_PCB4, "Moving ifa %p from %s (0x%x) to %s (0x%x)\n",
578 sctp_ifap, sctp_ifap->ifn_p->ifn_name,
579 sctp_ifap->ifn_p->ifn_index, if_name,
580 ifn_index);
581 /* remove the address from the old ifn */
582 sctp_remove_ifa_from_ifn(sctp_ifap);
583 /* move the address over to the new ifn */
584 sctp_add_ifa_to_ifn(sctp_ifnp, sctp_ifap);
585 goto exit_stage_left;
586 } else {
587 /* repair ifnp which was NULL ? */
588 sctp_ifap->localifa_flags = SCTP_ADDR_VALID;
589 SCTPDBG(SCTP_DEBUG_PCB4, "Repairing ifn %p for ifa %p\n",
590 sctp_ifnp, sctp_ifap);
591 sctp_add_ifa_to_ifn(sctp_ifnp, sctp_ifap);
592 }
593 goto exit_stage_left;
594 }
595 }
596 SCTP_IPI_ADDR_WUNLOCK();
597 SCTP_MALLOC(sctp_ifap, struct sctp_ifa *, sizeof(struct sctp_ifa), SCTP_M_IFA);
598 if (sctp_ifap == NULL) {
599 #ifdef INVARIANTS
600 panic("No memory for IFA");
601 #endif
602 return (NULL);
603 }
604 memset(sctp_ifap, 0, sizeof(struct sctp_ifa));
605 sctp_ifap->ifn_p = sctp_ifnp;
606 atomic_add_int(&sctp_ifnp->refcount, 1);
607 sctp_ifap->vrf_id = vrf_id;
608 sctp_ifap->ifa = ifa;
609 memcpy(&sctp_ifap->address, addr, addr->sa_len);
610 sctp_ifap->localifa_flags = SCTP_ADDR_VALID | SCTP_ADDR_DEFER_USE;
611 sctp_ifap->flags = ifa_flags;
612 /* Set scope */
613 switch (sctp_ifap->address.sa.sa_family) {
614 #ifdef INET
615 case AF_INET:
616 {
617 struct sockaddr_in *sin;
618
619 sin = (struct sockaddr_in *)&sctp_ifap->address.sin;
620 if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) ||
621 (IN4_ISLOOPBACK_ADDRESS(&sin->sin_addr))) {
622 sctp_ifap->src_is_loop = 1;
623 }
624 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) {
625 sctp_ifap->src_is_priv = 1;
626 }
627 sctp_ifnp->num_v4++;
628 if (new_ifn_af)
629 new_ifn_af = AF_INET;
630 break;
631 }
632 #endif
633 #ifdef INET6
634 case AF_INET6:
635 {
636 /* ok to use deprecated addresses? */
637 struct sockaddr_in6 *sin6;
638
639 sin6 = (struct sockaddr_in6 *)&sctp_ifap->address.sin6;
640 if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) ||
641 (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))) {
642 sctp_ifap->src_is_loop = 1;
643 }
644 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
645 sctp_ifap->src_is_priv = 1;
646 }
647 sctp_ifnp->num_v6++;
648 if (new_ifn_af)
649 new_ifn_af = AF_INET6;
650 break;
651 }
652 #endif
653 default:
654 new_ifn_af = 0;
655 break;
656 }
657 hash_of_addr = sctp_get_ifa_hash_val(&sctp_ifap->address.sa);
658
659 if ((sctp_ifap->src_is_priv == 0) &&
660 (sctp_ifap->src_is_loop == 0)) {
661 sctp_ifap->src_is_glob = 1;
662 }
663 SCTP_IPI_ADDR_WLOCK();
664 hash_addr_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)];
665 LIST_INSERT_HEAD(hash_addr_head, sctp_ifap, next_bucket);
666 sctp_ifap->refcount = 1;
667 LIST_INSERT_HEAD(&sctp_ifnp->ifalist, sctp_ifap, next_ifa);
668 sctp_ifnp->ifa_count++;
669 vrf->total_ifa_count++;
670 atomic_add_int(&SCTP_BASE_INFO(ipi_count_ifas), 1);
671 if (new_ifn_af) {
672 SCTP_REGISTER_INTERFACE(ifn_index, new_ifn_af);
673 sctp_ifnp->registered_af = new_ifn_af;
674 }
675 SCTP_IPI_ADDR_WUNLOCK();
676 if (dynamic_add) {
677 /*
678 * Bump up the refcount so that when the timer completes it
679 * will drop back down.
680 */
681 struct sctp_laddr *wi;
682
683 atomic_add_int(&sctp_ifap->refcount, 1);
684 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
685 if (wi == NULL) {
686 /*
687 * Gak, what can we do? We have lost an address
688 * change can you say HOSED?
689 */
690 SCTPDBG(SCTP_DEBUG_PCB4, "Lost an address change?\n");
691 /* Opps, must decrement the count */
692 sctp_del_addr_from_vrf(vrf_id, addr, ifn_index,
693 if_name);
694 return (NULL);
695 }
696 SCTP_INCR_LADDR_COUNT();
697 bzero(wi, sizeof(*wi));
698 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time);
699 wi->ifa = sctp_ifap;
700 wi->action = SCTP_ADD_IP_ADDRESS;
701
702 SCTP_WQ_ADDR_LOCK();
703 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr);
704 SCTP_WQ_ADDR_UNLOCK();
705
706 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ,
707 (struct sctp_inpcb *)NULL,
708 (struct sctp_tcb *)NULL,
709 (struct sctp_nets *)NULL);
710 } else {
711 /* it's ready for use */
712 sctp_ifap->localifa_flags &= ~SCTP_ADDR_DEFER_USE;
713 }
714 return (sctp_ifap);
715 }
716
717 void
718 sctp_del_addr_from_vrf(uint32_t vrf_id, struct sockaddr *addr,
719 uint32_t ifn_index, const char *if_name)
720 {
721 struct sctp_vrf *vrf;
722 struct sctp_ifa *sctp_ifap = NULL;
723
724 SCTP_IPI_ADDR_WLOCK();
725 vrf = sctp_find_vrf(vrf_id);
726 if (vrf == NULL) {
727 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id);
728 goto out_now;
729 }
730 #ifdef SCTP_DEBUG
731 SCTPDBG(SCTP_DEBUG_PCB4, "vrf_id 0x%x: deleting address:", vrf_id);
732 SCTPDBG_ADDR(SCTP_DEBUG_PCB4, addr);
733 #endif
734 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
735 if (sctp_ifap) {
736 /* Validate the delete */
737 if (sctp_ifap->ifn_p) {
738 int valid = 0;
739
740 /*-
741 * The name has priority over the ifn_index
742 * if its given. We do this especially for
743 * panda who might recycle indexes fast.
744 */
745 if (if_name) {
746 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) == 0) {
747 /* They match its a correct delete */
748 valid = 1;
749 }
750 }
751 if (!valid) {
752 /* last ditch check ifn_index */
753 if (ifn_index == sctp_ifap->ifn_p->ifn_index) {
754 valid = 1;
755 }
756 }
757 if (!valid) {
758 SCTPDBG(SCTP_DEBUG_PCB4, "ifn:%d ifname:%s does not match addresses\n",
759 ifn_index, ((if_name == NULL) ? "NULL" : if_name));
760 SCTPDBG(SCTP_DEBUG_PCB4, "ifn:%d ifname:%s - ignoring delete\n",
761 sctp_ifap->ifn_p->ifn_index, sctp_ifap->ifn_p->ifn_name);
762 SCTP_IPI_ADDR_WUNLOCK();
763 return;
764 }
765 }
766 SCTPDBG(SCTP_DEBUG_PCB4, "Deleting ifa %p\n", sctp_ifap);
767 sctp_ifap->localifa_flags &= SCTP_ADDR_VALID;
768 sctp_ifap->localifa_flags |= SCTP_BEING_DELETED;
769 vrf->total_ifa_count--;
770 LIST_REMOVE(sctp_ifap, next_bucket);
771 sctp_remove_ifa_from_ifn(sctp_ifap);
772 }
773 #ifdef SCTP_DEBUG
774 else {
775 SCTPDBG(SCTP_DEBUG_PCB4, "Del Addr-ifn:%d Could not find address:",
776 ifn_index);
777 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, addr);
778 }
779 #endif
780
781 out_now:
782 SCTP_IPI_ADDR_WUNLOCK();
783 if (sctp_ifap) {
784 struct sctp_laddr *wi;
785
786 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
787 if (wi == NULL) {
788 /*
789 * Gak, what can we do? We have lost an address
790 * change can you say HOSED?
791 */
792 SCTPDBG(SCTP_DEBUG_PCB4, "Lost an address change?\n");
793
794 /* Oops, must decrement the count */
795 sctp_free_ifa(sctp_ifap);
796 return;
797 }
798 SCTP_INCR_LADDR_COUNT();
799 bzero(wi, sizeof(*wi));
800 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time);
801 wi->ifa = sctp_ifap;
802 wi->action = SCTP_DEL_IP_ADDRESS;
803 SCTP_WQ_ADDR_LOCK();
804 /*
805 * Should this really be a tailq? As it is we will process
806 * the newest first :-0
807 */
808 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr);
809 SCTP_WQ_ADDR_UNLOCK();
810
811 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ,
812 (struct sctp_inpcb *)NULL,
813 (struct sctp_tcb *)NULL,
814 (struct sctp_nets *)NULL);
815 }
816 return;
817 }
818
819
820 static struct sctp_tcb *
821 sctp_tcb_special_locate(struct sctp_inpcb **inp_p, struct sockaddr *from,
822 struct sockaddr *to, struct sctp_nets **netp, uint32_t vrf_id)
823 {
824 /**** ASSUMES THE CALLER holds the INP_INFO_RLOCK */
825 /*
826 * If we support the TCP model, then we must now dig through to see
827 * if we can find our endpoint in the list of tcp ep's.
828 */
829 uint16_t lport, rport;
830 struct sctppcbhead *ephead;
831 struct sctp_inpcb *inp;
832 struct sctp_laddr *laddr;
833 struct sctp_tcb *stcb;
834 struct sctp_nets *net;
835
836 if ((to == NULL) || (from == NULL)) {
837 return (NULL);
838 }
839 switch (to->sa_family) {
840 #ifdef INET
841 case AF_INET:
842 if (from->sa_family == AF_INET) {
843 lport = ((struct sockaddr_in *)to)->sin_port;
844 rport = ((struct sockaddr_in *)from)->sin_port;
845 } else {
846 return (NULL);
847 }
848 break;
849 #endif
850 #ifdef INET6
851 case AF_INET6:
852 if (from->sa_family == AF_INET6) {
853 lport = ((struct sockaddr_in6 *)to)->sin6_port;
854 rport = ((struct sockaddr_in6 *)from)->sin6_port;
855 } else {
856 return (NULL);
857 }
858 break;
859 #endif
860 default:
861 return (NULL);
862 }
863 ephead = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR((lport | rport), SCTP_BASE_INFO(hashtcpmark))];
864 /*
865 * Ok now for each of the guys in this bucket we must look and see:
866 * - Does the remote port match. - Does there single association's
867 * addresses match this address (to). If so we update p_ep to point
868 * to this ep and return the tcb from it.
869 */
870 LIST_FOREACH(inp, ephead, sctp_hash) {
871 SCTP_INP_RLOCK(inp);
872 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
873 SCTP_INP_RUNLOCK(inp);
874 continue;
875 }
876 if (lport != inp->sctp_lport) {
877 SCTP_INP_RUNLOCK(inp);
878 continue;
879 }
880 if (inp->def_vrf_id != vrf_id) {
881 SCTP_INP_RUNLOCK(inp);
882 continue;
883 }
884 /* check to see if the ep has one of the addresses */
885 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) {
886 /* We are NOT bound all, so look further */
887 int match = 0;
888
889 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
890
891 if (laddr->ifa == NULL) {
892 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n", __FUNCTION__);
893 continue;
894 }
895 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
896 SCTPDBG(SCTP_DEBUG_PCB1, "ifa being deleted\n");
897 continue;
898 }
899 if (laddr->ifa->address.sa.sa_family ==
900 to->sa_family) {
901 /* see if it matches */
902
903 #ifdef INET
904 if (from->sa_family == AF_INET) {
905 struct sockaddr_in *intf_addr,
906 *sin;
907
908 intf_addr = &laddr->ifa->address.sin;
909 sin = (struct sockaddr_in *)to;
910 if (sin->sin_addr.s_addr ==
911 intf_addr->sin_addr.s_addr) {
912 match = 1;
913 break;
914 }
915 }
916 #endif
917 #ifdef INET6
918 if (from->sa_family == AF_INET6) {
919 struct sockaddr_in6 *intf_addr6;
920 struct sockaddr_in6 *sin6;
921
922 sin6 = (struct sockaddr_in6 *)
923 to;
924 intf_addr6 = &laddr->ifa->address.sin6;
925
926 if (SCTP6_ARE_ADDR_EQUAL(sin6,
927 intf_addr6)) {
928 match = 1;
929 break;
930 }
931 }
932 #endif
933 }
934 }
935 if (match == 0) {
936 /* This endpoint does not have this address */
937 SCTP_INP_RUNLOCK(inp);
938 continue;
939 }
940 }
941 /*
942 * Ok if we hit here the ep has the address, does it hold
943 * the tcb?
944 */
945
946 stcb = LIST_FIRST(&inp->sctp_asoc_list);
947 if (stcb == NULL) {
948 SCTP_INP_RUNLOCK(inp);
949 continue;
950 }
951 SCTP_TCB_LOCK(stcb);
952 if (stcb->rport != rport) {
953 /* remote port does not match. */
954 SCTP_TCB_UNLOCK(stcb);
955 SCTP_INP_RUNLOCK(inp);
956 continue;
957 }
958 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
959 SCTP_TCB_UNLOCK(stcb);
960 SCTP_INP_RUNLOCK(inp);
961 continue;
962 }
963 /* Does this TCB have a matching address? */
964 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
965
966 if (net->ro._l_addr.sa.sa_family != from->sa_family) {
967 /* not the same family, can't be a match */
968 continue;
969 }
970 switch (from->sa_family) {
971 #ifdef INET
972 case AF_INET:
973 {
974 struct sockaddr_in *sin, *rsin;
975
976 sin = (struct sockaddr_in *)&net->ro._l_addr;
977 rsin = (struct sockaddr_in *)from;
978 if (sin->sin_addr.s_addr ==
979 rsin->sin_addr.s_addr) {
980 /* found it */
981 if (netp != NULL) {
982 *netp = net;
983 }
984 /*
985 * Update the endpoint
986 * pointer
987 */
988 *inp_p = inp;
989 SCTP_INP_RUNLOCK(inp);
990 return (stcb);
991 }
992 break;
993 }
994 #endif
995 #ifdef INET6
996 case AF_INET6:
997 {
998 struct sockaddr_in6 *sin6, *rsin6;
999
1000 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1001 rsin6 = (struct sockaddr_in6 *)from;
1002 if (SCTP6_ARE_ADDR_EQUAL(sin6,
1003 rsin6)) {
1004 /* found it */
1005 if (netp != NULL) {
1006 *netp = net;
1007 }
1008 /*
1009 * Update the endpoint
1010 * pointer
1011 */
1012 *inp_p = inp;
1013 SCTP_INP_RUNLOCK(inp);
1014 return (stcb);
1015 }
1016 break;
1017 }
1018 #endif
1019 default:
1020 /* TSNH */
1021 break;
1022 }
1023 }
1024 SCTP_TCB_UNLOCK(stcb);
1025 SCTP_INP_RUNLOCK(inp);
1026 }
1027 return (NULL);
1028 }
1029
1030 static int
1031 sctp_does_stcb_own_this_addr(struct sctp_tcb *stcb, struct sockaddr *to)
1032 {
1033 int loopback_scope, ipv4_local_scope, local_scope, site_scope;
1034 int ipv4_addr_legal, ipv6_addr_legal;
1035 struct sctp_vrf *vrf;
1036 struct sctp_ifn *sctp_ifn;
1037 struct sctp_ifa *sctp_ifa;
1038
1039 loopback_scope = stcb->asoc.loopback_scope;
1040 ipv4_local_scope = stcb->asoc.ipv4_local_scope;
1041 local_scope = stcb->asoc.local_scope;
1042 site_scope = stcb->asoc.site_scope;
1043 ipv4_addr_legal = ipv6_addr_legal = 0;
1044 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
1045 ipv6_addr_legal = 1;
1046 if (SCTP_IPV6_V6ONLY(stcb->sctp_ep) == 0) {
1047 ipv4_addr_legal = 1;
1048 }
1049 } else {
1050 ipv4_addr_legal = 1;
1051 }
1052
1053 SCTP_IPI_ADDR_RLOCK();
1054 vrf = sctp_find_vrf(stcb->asoc.vrf_id);
1055 if (vrf == NULL) {
1056 /* no vrf, no addresses */
1057 SCTP_IPI_ADDR_RUNLOCK();
1058 return (0);
1059 }
1060 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
1061 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
1062 if ((loopback_scope == 0) &&
1063 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
1064 continue;
1065 }
1066 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
1067 if (sctp_is_addr_restricted(stcb, sctp_ifa) &&
1068 (!sctp_is_addr_pending(stcb, sctp_ifa))) {
1069 /*
1070 * We allow pending addresses, where
1071 * we have sent an asconf-add to be
1072 * considered valid.
1073 */
1074 continue;
1075 }
1076 switch (sctp_ifa->address.sa.sa_family) {
1077 #ifdef INET
1078 case AF_INET:
1079 if (ipv4_addr_legal) {
1080 struct sockaddr_in *sin,
1081 *rsin;
1082
1083 sin = &sctp_ifa->address.sin;
1084 rsin = (struct sockaddr_in *)to;
1085 if ((ipv4_local_scope == 0) &&
1086 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) {
1087 continue;
1088 }
1089 if (sin->sin_addr.s_addr == rsin->sin_addr.s_addr) {
1090 SCTP_IPI_ADDR_RUNLOCK();
1091 return (1);
1092 }
1093 }
1094 break;
1095 #endif
1096 #ifdef INET6
1097 case AF_INET6:
1098 if (ipv6_addr_legal) {
1099 struct sockaddr_in6 *sin6,
1100 *rsin6;
1101
1102 sin6 = &sctp_ifa->address.sin6;
1103 rsin6 = (struct sockaddr_in6 *)to;
1104 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
1105 if (local_scope == 0)
1106 continue;
1107 if (sin6->sin6_scope_id == 0) {
1108 if (sa6_recoverscope(sin6) != 0)
1109 continue;
1110 }
1111 }
1112 if ((site_scope == 0) &&
1113 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) {
1114 continue;
1115 }
1116 if (SCTP6_ARE_ADDR_EQUAL(sin6, rsin6)) {
1117 SCTP_IPI_ADDR_RUNLOCK();
1118 return (1);
1119 }
1120 }
1121 break;
1122 #endif
1123 default:
1124 /* TSNH */
1125 break;
1126 }
1127 }
1128 }
1129 } else {
1130 struct sctp_laddr *laddr;
1131
1132 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) {
1133 if (sctp_is_addr_restricted(stcb, laddr->ifa) &&
1134 (!sctp_is_addr_pending(stcb, laddr->ifa))) {
1135 /*
1136 * We allow pending addresses, where we have
1137 * sent an asconf-add to be considered
1138 * valid.
1139 */
1140 continue;
1141 }
1142 if (laddr->ifa->address.sa.sa_family != to->sa_family) {
1143 continue;
1144 }
1145 switch (to->sa_family) {
1146 #ifdef INET
1147 case AF_INET:
1148 {
1149 struct sockaddr_in *sin, *rsin;
1150
1151 sin = (struct sockaddr_in *)&laddr->ifa->address.sin;
1152 rsin = (struct sockaddr_in *)to;
1153 if (sin->sin_addr.s_addr == rsin->sin_addr.s_addr) {
1154 SCTP_IPI_ADDR_RUNLOCK();
1155 return (1);
1156 }
1157 break;
1158 }
1159 #endif
1160 #ifdef INET6
1161 case AF_INET6:
1162 {
1163 struct sockaddr_in6 *sin6, *rsin6;
1164
1165 sin6 = (struct sockaddr_in6 *)&laddr->ifa->address.sin6;
1166 rsin6 = (struct sockaddr_in6 *)to;
1167 if (SCTP6_ARE_ADDR_EQUAL(sin6, rsin6)) {
1168 SCTP_IPI_ADDR_RUNLOCK();
1169 return (1);
1170 }
1171 break;
1172 }
1173
1174 #endif
1175 default:
1176 /* TSNH */
1177 break;
1178 }
1179
1180 }
1181 }
1182 SCTP_IPI_ADDR_RUNLOCK();
1183 return (0);
1184 }
1185
1186 /*
1187 * rules for use
1188 *
1189 * 1) If I return a NULL you must decrement any INP ref cnt. 2) If I find an
1190 * stcb, both will be locked (locked_tcb and stcb) but decrement will be done
1191 * (if locked == NULL). 3) Decrement happens on return ONLY if locked ==
1192 * NULL.
1193 */
1194
1195 struct sctp_tcb *
1196 sctp_findassociation_ep_addr(struct sctp_inpcb **inp_p, struct sockaddr *remote,
1197 struct sctp_nets **netp, struct sockaddr *local, struct sctp_tcb *locked_tcb)
1198 {
1199 struct sctpasochead *head;
1200 struct sctp_inpcb *inp;
1201 struct sctp_tcb *stcb = NULL;
1202 struct sctp_nets *net;
1203 uint16_t rport;
1204
1205 inp = *inp_p;
1206 if (remote->sa_family == AF_INET) {
1207 rport = (((struct sockaddr_in *)remote)->sin_port);
1208 } else if (remote->sa_family == AF_INET6) {
1209 rport = (((struct sockaddr_in6 *)remote)->sin6_port);
1210 } else {
1211 return (NULL);
1212 }
1213 if (locked_tcb) {
1214 /*
1215 * UN-lock so we can do proper locking here this occurs when
1216 * called from load_addresses_from_init.
1217 */
1218 atomic_add_int(&locked_tcb->asoc.refcnt, 1);
1219 SCTP_TCB_UNLOCK(locked_tcb);
1220 }
1221 SCTP_INP_INFO_RLOCK();
1222 if (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) {
1223 /*-
1224 * Now either this guy is our listener or it's the
1225 * connector. If it is the one that issued the connect, then
1226 * it's only chance is to be the first TCB in the list. If
1227 * it is the acceptor, then do the special_lookup to hash
1228 * and find the real inp.
1229 */
1230 if ((inp->sctp_socket) && (inp->sctp_socket->so_qlimit)) {
1231 /* to is peer addr, from is my addr */
1232 stcb = sctp_tcb_special_locate(inp_p, remote, local,
1233 netp, inp->def_vrf_id);
1234 if ((stcb != NULL) && (locked_tcb == NULL)) {
1235 /* we have a locked tcb, lower refcount */
1236 SCTP_INP_DECR_REF(inp);
1237 }
1238 if ((locked_tcb != NULL) && (locked_tcb != stcb)) {
1239 SCTP_INP_RLOCK(locked_tcb->sctp_ep);
1240 SCTP_TCB_LOCK(locked_tcb);
1241 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1242 SCTP_INP_RUNLOCK(locked_tcb->sctp_ep);
1243 }
1244 SCTP_INP_INFO_RUNLOCK();
1245 return (stcb);
1246 } else {
1247 SCTP_INP_WLOCK(inp);
1248 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1249 goto null_return;
1250 }
1251 stcb = LIST_FIRST(&inp->sctp_asoc_list);
1252 if (stcb == NULL) {
1253 goto null_return;
1254 }
1255 SCTP_TCB_LOCK(stcb);
1256
1257 if (stcb->rport != rport) {
1258 /* remote port does not match. */
1259 SCTP_TCB_UNLOCK(stcb);
1260 goto null_return;
1261 }
1262 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
1263 SCTP_TCB_UNLOCK(stcb);
1264 goto null_return;
1265 }
1266 if (local && !sctp_does_stcb_own_this_addr(stcb, local)) {
1267 SCTP_TCB_UNLOCK(stcb);
1268 goto null_return;
1269 }
1270 /* now look at the list of remote addresses */
1271 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
1272 #ifdef INVARIANTS
1273 if (net == (TAILQ_NEXT(net, sctp_next))) {
1274 panic("Corrupt net list");
1275 }
1276 #endif
1277 if (net->ro._l_addr.sa.sa_family !=
1278 remote->sa_family) {
1279 /* not the same family */
1280 continue;
1281 }
1282 switch (remote->sa_family) {
1283 #ifdef INET
1284 case AF_INET:
1285 {
1286 struct sockaddr_in *sin,
1287 *rsin;
1288
1289 sin = (struct sockaddr_in *)
1290 &net->ro._l_addr;
1291 rsin = (struct sockaddr_in *)remote;
1292 if (sin->sin_addr.s_addr ==
1293 rsin->sin_addr.s_addr) {
1294 /* found it */
1295 if (netp != NULL) {
1296 *netp = net;
1297 }
1298 if (locked_tcb == NULL) {
1299 SCTP_INP_DECR_REF(inp);
1300 } else if (locked_tcb != stcb) {
1301 SCTP_TCB_LOCK(locked_tcb);
1302 }
1303 if (locked_tcb) {
1304 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1305 }
1306 SCTP_INP_WUNLOCK(inp);
1307 SCTP_INP_INFO_RUNLOCK();
1308 return (stcb);
1309 }
1310 break;
1311 }
1312 #endif
1313 #ifdef INET6
1314 case AF_INET6:
1315 {
1316 struct sockaddr_in6 *sin6,
1317 *rsin6;
1318
1319 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1320 rsin6 = (struct sockaddr_in6 *)remote;
1321 if (SCTP6_ARE_ADDR_EQUAL(sin6,
1322 rsin6)) {
1323 /* found it */
1324 if (netp != NULL) {
1325 *netp = net;
1326 }
1327 if (locked_tcb == NULL) {
1328 SCTP_INP_DECR_REF(inp);
1329 } else if (locked_tcb != stcb) {
1330 SCTP_TCB_LOCK(locked_tcb);
1331 }
1332 if (locked_tcb) {
1333 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1334 }
1335 SCTP_INP_WUNLOCK(inp);
1336 SCTP_INP_INFO_RUNLOCK();
1337 return (stcb);
1338 }
1339 break;
1340 }
1341 #endif
1342 default:
1343 /* TSNH */
1344 break;
1345 }
1346 }
1347 SCTP_TCB_UNLOCK(stcb);
1348 }
1349 } else {
1350 SCTP_INP_WLOCK(inp);
1351 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1352 goto null_return;
1353 }
1354 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(rport,
1355 inp->sctp_hashmark)];
1356 if (head == NULL) {
1357 goto null_return;
1358 }
1359 LIST_FOREACH(stcb, head, sctp_tcbhash) {
1360 if (stcb->rport != rport) {
1361 /* remote port does not match */
1362 continue;
1363 }
1364 SCTP_TCB_LOCK(stcb);
1365 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
1366 SCTP_TCB_UNLOCK(stcb);
1367 continue;
1368 }
1369 if (local && !sctp_does_stcb_own_this_addr(stcb, local)) {
1370 SCTP_TCB_UNLOCK(stcb);
1371 continue;
1372 }
1373 /* now look at the list of remote addresses */
1374 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
1375 #ifdef INVARIANTS
1376 if (net == (TAILQ_NEXT(net, sctp_next))) {
1377 panic("Corrupt net list");
1378 }
1379 #endif
1380 if (net->ro._l_addr.sa.sa_family !=
1381 remote->sa_family) {
1382 /* not the same family */
1383 continue;
1384 }
1385 switch (remote->sa_family) {
1386 #ifdef INET
1387 case AF_INET:
1388 {
1389 struct sockaddr_in *sin,
1390 *rsin;
1391
1392 sin = (struct sockaddr_in *)
1393 &net->ro._l_addr;
1394 rsin = (struct sockaddr_in *)remote;
1395 if (sin->sin_addr.s_addr ==
1396 rsin->sin_addr.s_addr) {
1397 /* found it */
1398 if (netp != NULL) {
1399 *netp = net;
1400 }
1401 if (locked_tcb == NULL) {
1402 SCTP_INP_DECR_REF(inp);
1403 } else if (locked_tcb != stcb) {
1404 SCTP_TCB_LOCK(locked_tcb);
1405 }
1406 if (locked_tcb) {
1407 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1408 }
1409 SCTP_INP_WUNLOCK(inp);
1410 SCTP_INP_INFO_RUNLOCK();
1411 return (stcb);
1412 }
1413 break;
1414 }
1415 #endif
1416 #ifdef INET6
1417 case AF_INET6:
1418 {
1419 struct sockaddr_in6 *sin6,
1420 *rsin6;
1421
1422 sin6 = (struct sockaddr_in6 *)
1423 &net->ro._l_addr;
1424 rsin6 = (struct sockaddr_in6 *)remote;
1425 if (SCTP6_ARE_ADDR_EQUAL(sin6,
1426 rsin6)) {
1427 /* found it */
1428 if (netp != NULL) {
1429 *netp = net;
1430 }
1431 if (locked_tcb == NULL) {
1432 SCTP_INP_DECR_REF(inp);
1433 } else if (locked_tcb != stcb) {
1434 SCTP_TCB_LOCK(locked_tcb);
1435 }
1436 if (locked_tcb) {
1437 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1438 }
1439 SCTP_INP_WUNLOCK(inp);
1440 SCTP_INP_INFO_RUNLOCK();
1441 return (stcb);
1442 }
1443 break;
1444 }
1445 #endif
1446 default:
1447 /* TSNH */
1448 break;
1449 }
1450 }
1451 SCTP_TCB_UNLOCK(stcb);
1452 }
1453 }
1454 null_return:
1455 /* clean up for returning null */
1456 if (locked_tcb) {
1457 SCTP_TCB_LOCK(locked_tcb);
1458 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1459 }
1460 SCTP_INP_WUNLOCK(inp);
1461 SCTP_INP_INFO_RUNLOCK();
1462 /* not found */
1463 return (NULL);
1464 }
1465
1466 /*
1467 * Find an association for a specific endpoint using the association id given
1468 * out in the COMM_UP notification
1469 */
1470
1471 struct sctp_tcb *
1472 sctp_findasoc_ep_asocid_locked(struct sctp_inpcb *inp, sctp_assoc_t asoc_id, int want_lock)
1473 {
1474 /*
1475 * Use my the assoc_id to find a endpoint
1476 */
1477 struct sctpasochead *head;
1478 struct sctp_tcb *stcb;
1479 uint32_t id;
1480
1481 if (inp == NULL) {
1482 SCTP_PRINTF("TSNH ep_associd\n");
1483 return (NULL);
1484 }
1485 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1486 SCTP_PRINTF("TSNH ep_associd0\n");
1487 return (NULL);
1488 }
1489 id = (uint32_t) asoc_id;
1490 head = &inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(id, inp->hashasocidmark)];
1491 if (head == NULL) {
1492 /* invalid id TSNH */
1493 SCTP_PRINTF("TSNH ep_associd1\n");
1494 return (NULL);
1495 }
1496 LIST_FOREACH(stcb, head, sctp_tcbasocidhash) {
1497 if (stcb->asoc.assoc_id == id) {
1498 if (inp != stcb->sctp_ep) {
1499 /*
1500 * some other guy has the same id active (id
1501 * collision ??).
1502 */
1503 SCTP_PRINTF("TSNH ep_associd2\n");
1504 continue;
1505 }
1506 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
1507 continue;
1508 }
1509 if (want_lock) {
1510 SCTP_TCB_LOCK(stcb);
1511 }
1512 return (stcb);
1513 }
1514 }
1515 return (NULL);
1516 }
1517
1518
1519 struct sctp_tcb *
1520 sctp_findassociation_ep_asocid(struct sctp_inpcb *inp, sctp_assoc_t asoc_id, int want_lock)
1521 {
1522 struct sctp_tcb *stcb;
1523
1524 SCTP_INP_RLOCK(inp);
1525 stcb = sctp_findasoc_ep_asocid_locked(inp, asoc_id, want_lock);
1526 SCTP_INP_RUNLOCK(inp);
1527 return (stcb);
1528 }
1529
1530
1531 static struct sctp_inpcb *
1532 sctp_endpoint_probe(struct sockaddr *nam, struct sctppcbhead *head,
1533 uint16_t lport, uint32_t vrf_id)
1534 {
1535 struct sctp_inpcb *inp;
1536 struct sctp_laddr *laddr;
1537
1538 #ifdef INET
1539 struct sockaddr_in *sin;
1540
1541 #endif
1542 #ifdef INET6
1543 struct sockaddr_in6 *sin6;
1544 struct sockaddr_in6 *intf_addr6;
1545
1546 #endif
1547
1548 int fnd;
1549
1550 /*
1551 * Endpoint probe expects that the INP_INFO is locked.
1552 */
1553 #ifdef INET
1554 sin = NULL;
1555 #endif
1556 #ifdef INET6
1557 sin6 = NULL;
1558 #endif
1559 switch (nam->sa_family) {
1560 #ifdef INET
1561 case AF_INET:
1562 sin = (struct sockaddr_in *)nam;
1563 break;
1564 #endif
1565 #ifdef INET6
1566 case AF_INET6:
1567 sin6 = (struct sockaddr_in6 *)nam;
1568 break;
1569 #endif
1570 default:
1571 /* unsupported family */
1572 return (NULL);
1573 }
1574
1575 if (head == NULL)
1576 return (NULL);
1577
1578 LIST_FOREACH(inp, head, sctp_hash) {
1579 SCTP_INP_RLOCK(inp);
1580 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1581 SCTP_INP_RUNLOCK(inp);
1582 continue;
1583 }
1584 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) &&
1585 (inp->sctp_lport == lport)) {
1586 /* got it */
1587 #ifdef INET
1588 if ((nam->sa_family == AF_INET) &&
1589 (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
1590 SCTP_IPV6_V6ONLY(inp)) {
1591 /* IPv4 on a IPv6 socket with ONLY IPv6 set */
1592 SCTP_INP_RUNLOCK(inp);
1593 continue;
1594 }
1595 #endif
1596 #ifdef INET6
1597 /* A V6 address and the endpoint is NOT bound V6 */
1598 if (nam->sa_family == AF_INET6 &&
1599 (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) {
1600 SCTP_INP_RUNLOCK(inp);
1601 continue;
1602 }
1603 #endif
1604 /* does a VRF id match? */
1605 fnd = 0;
1606 if (inp->def_vrf_id == vrf_id)
1607 fnd = 1;
1608
1609 SCTP_INP_RUNLOCK(inp);
1610 if (!fnd)
1611 continue;
1612 return (inp);
1613 }
1614 SCTP_INP_RUNLOCK(inp);
1615 }
1616 switch (nam->sa_family) {
1617 #ifdef INET
1618 case AF_INET:
1619 if (sin->sin_addr.s_addr == INADDR_ANY) {
1620 /* Can't hunt for one that has no address specified */
1621 return (NULL);
1622 }
1623 break;
1624 #endif
1625 #ifdef INET6
1626 case AF_INET6:
1627 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
1628 /* Can't hunt for one that has no address specified */
1629 return (NULL);
1630 }
1631 break;
1632 #endif
1633 default:
1634 break;
1635 }
1636 /*
1637 * ok, not bound to all so see if we can find a EP bound to this
1638 * address.
1639 */
1640 LIST_FOREACH(inp, head, sctp_hash) {
1641 SCTP_INP_RLOCK(inp);
1642 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1643 SCTP_INP_RUNLOCK(inp);
1644 continue;
1645 }
1646 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL)) {
1647 SCTP_INP_RUNLOCK(inp);
1648 continue;
1649 }
1650 /*
1651 * Ok this could be a likely candidate, look at all of its
1652 * addresses
1653 */
1654 if (inp->sctp_lport != lport) {
1655 SCTP_INP_RUNLOCK(inp);
1656 continue;
1657 }
1658 /* does a VRF id match? */
1659 fnd = 0;
1660 if (inp->def_vrf_id == vrf_id)
1661 fnd = 1;
1662
1663 if (!fnd) {
1664 SCTP_INP_RUNLOCK(inp);
1665 continue;
1666 }
1667 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
1668 if (laddr->ifa == NULL) {
1669 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n",
1670 __FUNCTION__);
1671 continue;
1672 }
1673 SCTPDBG(SCTP_DEBUG_PCB1, "Ok laddr->ifa:%p is possible, ",
1674 laddr->ifa);
1675 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
1676 SCTPDBG(SCTP_DEBUG_PCB1, "Huh IFA being deleted\n");
1677 continue;
1678 }
1679 if (laddr->ifa->address.sa.sa_family == nam->sa_family) {
1680 /* possible, see if it matches */
1681 switch (nam->sa_family) {
1682 #ifdef INET
1683 case AF_INET:
1684 if (sin->sin_addr.s_addr ==
1685 laddr->ifa->address.sin.sin_addr.s_addr) {
1686 SCTP_INP_RUNLOCK(inp);
1687 return (inp);
1688 }
1689 break;
1690 #endif
1691 #ifdef INET6
1692 case AF_INET6:
1693 intf_addr6 = &laddr->ifa->address.sin6;
1694 if (SCTP6_ARE_ADDR_EQUAL(sin6,
1695 intf_addr6)) {
1696 SCTP_INP_RUNLOCK(inp);
1697 return (inp);
1698 }
1699 break;
1700 #endif
1701 }
1702 }
1703 }
1704 SCTP_INP_RUNLOCK(inp);
1705 }
1706 return (NULL);
1707 }
1708
1709
1710 static struct sctp_inpcb *
1711 sctp_isport_inuse(struct sctp_inpcb *inp, uint16_t lport, uint32_t vrf_id)
1712 {
1713 struct sctppcbhead *head;
1714 struct sctp_inpcb *t_inp;
1715 int fnd;
1716
1717 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport,
1718 SCTP_BASE_INFO(hashmark))];
1719 LIST_FOREACH(t_inp, head, sctp_hash) {
1720 if (t_inp->sctp_lport != lport) {
1721 continue;
1722 }
1723 /* is it in the VRF in question */
1724 fnd = 0;
1725 if (t_inp->def_vrf_id == vrf_id)
1726 fnd = 1;
1727 if (!fnd)
1728 continue;
1729
1730 /* This one is in use. */
1731 /* check the v6/v4 binding issue */
1732 if ((t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
1733 SCTP_IPV6_V6ONLY(t_inp)) {
1734 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
1735 /* collision in V6 space */
1736 return (t_inp);
1737 } else {
1738 /* inp is BOUND_V4 no conflict */
1739 continue;
1740 }
1741 } else if (t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
1742 /* t_inp is bound v4 and v6, conflict always */
1743 return (t_inp);
1744 } else {
1745 /* t_inp is bound only V4 */
1746 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
1747 SCTP_IPV6_V6ONLY(inp)) {
1748 /* no conflict */
1749 continue;
1750 }
1751 /* else fall through to conflict */
1752 }
1753 return (t_inp);
1754 }
1755 return (NULL);
1756 }
1757
1758
1759 int
1760 sctp_swap_inpcb_for_listen(struct sctp_inpcb *inp)
1761 {
1762 /* For 1-2-1 with port reuse */
1763 struct sctppcbhead *head;
1764 struct sctp_inpcb *tinp;
1765
1766 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_PORTREUSE)) {
1767 /* only works with port reuse on */
1768 return (-1);
1769 }
1770 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) == 0) {
1771 return (0);
1772 }
1773 SCTP_INP_RUNLOCK(inp);
1774 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(inp->sctp_lport,
1775 SCTP_BASE_INFO(hashmark))];
1776 /* Kick out all non-listeners to the TCP hash */
1777 LIST_FOREACH(tinp, head, sctp_hash) {
1778 if (tinp->sctp_lport != inp->sctp_lport) {
1779 continue;
1780 }
1781 if (tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1782 continue;
1783 }
1784 if (tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
1785 continue;
1786 }
1787 if (tinp->sctp_socket->so_qlimit) {
1788 continue;
1789 }
1790 SCTP_INP_WLOCK(tinp);
1791 LIST_REMOVE(tinp, sctp_hash);
1792 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR(tinp->sctp_lport, SCTP_BASE_INFO(hashtcpmark))];
1793 tinp->sctp_flags |= SCTP_PCB_FLAGS_IN_TCPPOOL;
1794 LIST_INSERT_HEAD(head, tinp, sctp_hash);
1795 SCTP_INP_WUNLOCK(tinp);
1796 }
1797 SCTP_INP_WLOCK(inp);
1798 /* Pull from where he was */
1799 LIST_REMOVE(inp, sctp_hash);
1800 inp->sctp_flags &= ~SCTP_PCB_FLAGS_IN_TCPPOOL;
1801 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(inp->sctp_lport, SCTP_BASE_INFO(hashmark))];
1802 LIST_INSERT_HEAD(head, inp, sctp_hash);
1803 SCTP_INP_WUNLOCK(inp);
1804 SCTP_INP_RLOCK(inp);
1805 return (0);
1806 }
1807
1808
1809 struct sctp_inpcb *
1810 sctp_pcb_findep(struct sockaddr *nam, int find_tcp_pool, int have_lock,
1811 uint32_t vrf_id)
1812 {
1813 /*
1814 * First we check the hash table to see if someone has this port
1815 * bound with just the port.
1816 */
1817 struct sctp_inpcb *inp;
1818 struct sctppcbhead *head;
1819 int lport;
1820 unsigned int i;
1821
1822 #ifdef INET
1823 struct sockaddr_in *sin;
1824
1825 #endif
1826 #ifdef INET6
1827 struct sockaddr_in6 *sin6;
1828
1829 #endif
1830
1831 switch (nam->sa_family) {
1832 #ifdef INET
1833 case AF_INET:
1834 sin = (struct sockaddr_in *)nam;
1835 lport = sin->sin_port;
1836 break;
1837 #endif
1838 #ifdef INET6
1839 case AF_INET6:
1840 sin6 = (struct sockaddr_in6 *)nam;
1841 lport = sin6->sin6_port;
1842 break;
1843 #endif
1844 default:
1845 return (NULL);
1846 }
1847 /*
1848 * I could cheat here and just cast to one of the types but we will
1849 * do it right. It also provides the check against an Unsupported
1850 * type too.
1851 */
1852 /* Find the head of the ALLADDR chain */
1853 if (have_lock == 0) {
1854 SCTP_INP_INFO_RLOCK();
1855 }
1856 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport,
1857 SCTP_BASE_INFO(hashmark))];
1858 inp = sctp_endpoint_probe(nam, head, lport, vrf_id);
1859
1860 /*
1861 * If the TCP model exists it could be that the main listening
1862 * endpoint is gone but there still exists a connected socket for
1863 * this guy. If so we can return the first one that we find. This
1864 * may NOT be the correct one so the caller should be wary on the
1865 * returned INP. Currently the only caller that sets find_tcp_pool
1866 * is in bindx where we are verifying that a user CAN bind the
1867 * address. He either has bound it already, or someone else has, or
1868 * its open to bind, so this is good enough.
1869 */
1870 if (inp == NULL && find_tcp_pool) {
1871 for (i = 0; i < SCTP_BASE_INFO(hashtcpmark) + 1; i++) {
1872 head = &SCTP_BASE_INFO(sctp_tcpephash)[i];
1873 inp = sctp_endpoint_probe(nam, head, lport, vrf_id);
1874 if (inp) {
1875 break;
1876 }
1877 }
1878 }
1879 if (inp) {
1880 SCTP_INP_INCR_REF(inp);
1881 }
1882 if (have_lock == 0) {
1883 SCTP_INP_INFO_RUNLOCK();
1884 }
1885 return (inp);
1886 }
1887
1888 /*
1889 * Find an association for an endpoint with the pointer to whom you want to
1890 * send to and the endpoint pointer. The address can be IPv4 or IPv6. We may
1891 * need to change the *to to some other struct like a mbuf...
1892 */
1893 struct sctp_tcb *
1894 sctp_findassociation_addr_sa(struct sockaddr *to, struct sockaddr *from,
1895 struct sctp_inpcb **inp_p, struct sctp_nets **netp, int find_tcp_pool,
1896 uint32_t vrf_id)
1897 {
1898 struct sctp_inpcb *inp = NULL;
1899 struct sctp_tcb *retval;
1900
1901 SCTP_INP_INFO_RLOCK();
1902 if (find_tcp_pool) {
1903 if (inp_p != NULL) {
1904 retval = sctp_tcb_special_locate(inp_p, from, to, netp,
1905 vrf_id);
1906 } else {
1907 retval = sctp_tcb_special_locate(&inp, from, to, netp,
1908 vrf_id);
1909 }
1910 if (retval != NULL) {
1911 SCTP_INP_INFO_RUNLOCK();
1912 return (retval);
1913 }
1914 }
1915 inp = sctp_pcb_findep(to, 0, 1, vrf_id);
1916 if (inp_p != NULL) {
1917 *inp_p = inp;
1918 }
1919 SCTP_INP_INFO_RUNLOCK();
1920
1921 if (inp == NULL) {
1922 return (NULL);
1923 }
1924 /*
1925 * ok, we have an endpoint, now lets find the assoc for it (if any)
1926 * we now place the source address or from in the to of the find
1927 * endpoint call. Since in reality this chain is used from the
1928 * inbound packet side.
1929 */
1930 if (inp_p != NULL) {
1931 retval = sctp_findassociation_ep_addr(inp_p, from, netp, to,
1932 NULL);
1933 } else {
1934 retval = sctp_findassociation_ep_addr(&inp, from, netp, to,
1935 NULL);
1936 }
1937 return retval;
1938 }
1939
1940
1941 /*
1942 * This routine will grub through the mbuf that is a INIT or INIT-ACK and
1943 * find all addresses that the sender has specified in any address list. Each
1944 * address will be used to lookup the TCB and see if one exits.
1945 */
1946 static struct sctp_tcb *
1947 sctp_findassociation_special_addr(struct mbuf *m, int offset,
1948 struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp,
1949 struct sockaddr *dest)
1950 {
1951 struct sctp_paramhdr *phdr, parm_buf;
1952 struct sctp_tcb *retval;
1953 uint32_t ptype, plen;
1954
1955 #ifdef INET
1956 struct sockaddr_in sin4;
1957
1958 #endif
1959 #ifdef INET6
1960 struct sockaddr_in6 sin6;
1961
1962 #endif
1963
1964 #ifdef INET
1965 memset(&sin4, 0, sizeof(sin4));
1966 sin4.sin_len = sizeof(sin4);
1967 sin4.sin_family = AF_INET;
1968 sin4.sin_port = sh->src_port;
1969 #endif
1970 #ifdef INET6
1971 memset(&sin6, 0, sizeof(sin6));
1972 sin6.sin6_len = sizeof(sin6);
1973 sin6.sin6_family = AF_INET6;
1974 sin6.sin6_port = sh->src_port;
1975 #endif
1976
1977 retval = NULL;
1978 offset += sizeof(struct sctp_init_chunk);
1979
1980 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf));
1981 while (phdr != NULL) {
1982 /* now we must see if we want the parameter */
1983 ptype = ntohs(phdr->param_type);
1984 plen = ntohs(phdr->param_length);
1985 if (plen == 0) {
1986 break;
1987 }
1988 #ifdef INET
1989 if (ptype == SCTP_IPV4_ADDRESS &&
1990 plen == sizeof(struct sctp_ipv4addr_param)) {
1991 /* Get the rest of the address */
1992 struct sctp_ipv4addr_param ip4_parm, *p4;
1993
1994 phdr = sctp_get_next_param(m, offset,
1995 (struct sctp_paramhdr *)&ip4_parm, min(plen, sizeof(ip4_parm)));
1996 if (phdr == NULL) {
1997 return (NULL);
1998 }
1999 p4 = (struct sctp_ipv4addr_param *)phdr;
2000 memcpy(&sin4.sin_addr, &p4->addr, sizeof(p4->addr));
2001 /* look it up */
2002 retval = sctp_findassociation_ep_addr(inp_p,
2003 (struct sockaddr *)&sin4, netp, dest, NULL);
2004 if (retval != NULL) {
2005 return (retval);
2006 }
2007 }
2008 #endif
2009 #ifdef INET6
2010 if (ptype == SCTP_IPV6_ADDRESS &&
2011 plen == sizeof(struct sctp_ipv6addr_param)) {
2012 /* Get the rest of the address */
2013 struct sctp_ipv6addr_param ip6_parm, *p6;
2014
2015 phdr = sctp_get_next_param(m, offset,
2016 (struct sctp_paramhdr *)&ip6_parm, min(plen, sizeof(ip6_parm)));
2017 if (phdr == NULL) {
2018 return (NULL);
2019 }
2020 p6 = (struct sctp_ipv6addr_param *)phdr;
2021 memcpy(&sin6.sin6_addr, &p6->addr, sizeof(p6->addr));
2022 /* look it up */
2023 retval = sctp_findassociation_ep_addr(inp_p,
2024 (struct sockaddr *)&sin6, netp, dest, NULL);
2025 if (retval != NULL) {
2026 return (retval);
2027 }
2028 }
2029 #endif
2030 offset += SCTP_SIZE32(plen);
2031 phdr = sctp_get_next_param(m, offset, &parm_buf,
2032 sizeof(parm_buf));
2033 }
2034 return (NULL);
2035 }
2036
2037 static struct sctp_tcb *
2038 sctp_findassoc_by_vtag(struct sockaddr *from, struct sockaddr *to, uint32_t vtag,
2039 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint16_t rport,
2040 uint16_t lport, int skip_src_check, uint32_t vrf_id, uint32_t remote_tag)
2041 {
2042 /*
2043 * Use my vtag to hash. If we find it we then verify the source addr
2044 * is in the assoc. If all goes well we save a bit on rec of a
2045 * packet.
2046 */
2047 struct sctpasochead *head;
2048 struct sctp_nets *net;
2049 struct sctp_tcb *stcb;
2050
2051 SCTP_INP_INFO_RLOCK();
2052 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(vtag,
2053 SCTP_BASE_INFO(hashasocmark))];
2054 if (head == NULL) {
2055 /* invalid vtag */
2056 SCTP_INP_INFO_RUNLOCK();
2057 return (NULL);
2058 }
2059 LIST_FOREACH(stcb, head, sctp_asocs) {
2060 SCTP_INP_RLOCK(stcb->sctp_ep);
2061 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
2062 SCTP_INP_RUNLOCK(stcb->sctp_ep);
2063 continue;
2064 }
2065 if (stcb->sctp_ep->def_vrf_id != vrf_id) {
2066 SCTP_INP_RUNLOCK(stcb->sctp_ep);
2067 continue;
2068 }
2069 SCTP_TCB_LOCK(stcb);
2070 SCTP_INP_RUNLOCK(stcb->sctp_ep);
2071 if (stcb->asoc.my_vtag == vtag) {
2072 /* candidate */
2073 if (stcb->rport != rport) {
2074 SCTP_TCB_UNLOCK(stcb);
2075 continue;
2076 }
2077 if (stcb->sctp_ep->sctp_lport != lport) {
2078 SCTP_TCB_UNLOCK(stcb);
2079 continue;
2080 }
2081 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
2082 SCTP_TCB_UNLOCK(stcb);
2083 continue;
2084 }
2085 /* RRS:Need toaddr check here */
2086 if (sctp_does_stcb_own_this_addr(stcb, to) == 0) {
2087 /* Endpoint does not own this address */
2088 SCTP_TCB_UNLOCK(stcb);
2089 continue;
2090 }
2091 if (remote_tag) {
2092 /*
2093 * If we have both vtags that's all we match
2094 * on
2095 */
2096 if (stcb->asoc.peer_vtag == remote_tag) {
2097 /*
2098 * If both tags match we consider it
2099 * conclusive and check NO
2100 * source/destination addresses
2101 */
2102 goto conclusive;
2103 }
2104 }
2105 if (skip_src_check) {
2106 conclusive:
2107 if (from) {
2108 *netp = sctp_findnet(stcb, from);
2109 } else {
2110 *netp = NULL; /* unknown */
2111 }
2112 if (inp_p)
2113 *inp_p = stcb->sctp_ep;
2114 SCTP_INP_INFO_RUNLOCK();
2115 return (stcb);
2116 }
2117 net = sctp_findnet(stcb, from);
2118 if (net) {
2119 /* yep its him. */
2120 *netp = net;
2121 SCTP_STAT_INCR(sctps_vtagexpress);
2122 *inp_p = stcb->sctp_ep;
2123 SCTP_INP_INFO_RUNLOCK();
2124 return (stcb);
2125 } else {
2126 /*
2127 * not him, this should only happen in rare
2128 * cases so I peg it.
2129 */
2130 SCTP_STAT_INCR(sctps_vtagbogus);
2131 }
2132 }
2133 SCTP_TCB_UNLOCK(stcb);
2134 }
2135 SCTP_INP_INFO_RUNLOCK();
2136 return (NULL);
2137 }
2138
2139 /*
2140 * Find an association with the pointer to the inbound IP packet. This can be
2141 * a IPv4 or IPv6 packet.
2142 */
2143 struct sctp_tcb *
2144 sctp_findassociation_addr(struct mbuf *m, int offset,
2145 struct sctphdr *sh, struct sctp_chunkhdr *ch,
2146 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint32_t vrf_id)
2147 {
2148 int find_tcp_pool;
2149 struct ip *iph;
2150 struct sctp_tcb *retval;
2151 struct sockaddr_storage to_store, from_store;
2152 struct sockaddr *to = (struct sockaddr *)&to_store;
2153 struct sockaddr *from = (struct sockaddr *)&from_store;
2154 struct sctp_inpcb *inp;
2155
2156 iph = mtod(m, struct ip *);
2157 switch (iph->ip_v) {
2158 #ifdef INET
2159 case IPVERSION:
2160 {
2161 /* its IPv4 */
2162 struct sockaddr_in *from4;
2163
2164 from4 = (struct sockaddr_in *)&from_store;
2165 bzero(from4, sizeof(*from4));
2166 from4->sin_family = AF_INET;
2167 from4->sin_len = sizeof(struct sockaddr_in);
2168 from4->sin_addr.s_addr = iph->ip_src.s_addr;
2169 from4->sin_port = sh->src_port;
2170 break;
2171 }
2172 #endif
2173 #ifdef INET6
2174 case IPV6_VERSION >> 4:
2175 {
2176 /* its IPv6 */
2177 struct ip6_hdr *ip6;
2178 struct sockaddr_in6 *from6;
2179
2180 ip6 = mtod(m, struct ip6_hdr *);
2181 from6 = (struct sockaddr_in6 *)&from_store;
2182 bzero(from6, sizeof(*from6));
2183 from6->sin6_family = AF_INET6;
2184 from6->sin6_len = sizeof(struct sockaddr_in6);
2185 from6->sin6_addr = ip6->ip6_src;
2186 from6->sin6_port = sh->src_port;
2187 /* Get the scopes in properly to the sin6 addr's */
2188 sa6_embedscope(from6, MODULE_GLOBAL(ip6_use_defzone));
2189 break;
2190 }
2191 #endif
2192 default:
2193 /* Currently not supported. */
2194 return (NULL);
2195 }
2196
2197
2198 switch (iph->ip_v) {
2199 #ifdef INET
2200 case IPVERSION:
2201 {
2202 /* its IPv4 */
2203 struct sockaddr_in *to4;
2204
2205 to4 = (struct sockaddr_in *)&to_store;
2206 bzero(to4, sizeof(*to4));
2207 to4->sin_family = AF_INET;
2208 to4->sin_len = sizeof(struct sockaddr_in);
2209 to4->sin_addr.s_addr = iph->ip_dst.s_addr;
2210 to4->sin_port = sh->dest_port;
2211 break;
2212 }
2213 #endif
2214 #ifdef INET6
2215 case IPV6_VERSION >> 4:
2216 {
2217 /* its IPv6 */
2218 struct ip6_hdr *ip6;
2219 struct sockaddr_in6 *to6;
2220
2221 ip6 = mtod(m, struct ip6_hdr *);
2222 to6 = (struct sockaddr_in6 *)&to_store;
2223 bzero(to6, sizeof(*to6));
2224 to6->sin6_family = AF_INET6;
2225 to6->sin6_len = sizeof(struct sockaddr_in6);
2226 to6->sin6_addr = ip6->ip6_dst;
2227 to6->sin6_port = sh->dest_port;
2228 /* Get the scopes in properly to the sin6 addr's */
2229 sa6_embedscope(to6, MODULE_GLOBAL(ip6_use_defzone));
2230 break;
2231 }
2232 #endif
2233 default:
2234 /* TSNH */
2235 break;
2236 }
2237 if (sh->v_tag) {
2238 /* we only go down this path if vtag is non-zero */
2239 retval = sctp_findassoc_by_vtag(from, to, ntohl(sh->v_tag),
2240 inp_p, netp, sh->src_port, sh->dest_port, 0, vrf_id, 0);
2241 if (retval) {
2242 return (retval);
2243 }
2244 }
2245 find_tcp_pool = 0;
2246 if ((ch->chunk_type != SCTP_INITIATION) &&
2247 (ch->chunk_type != SCTP_INITIATION_ACK) &&
2248 (ch->chunk_type != SCTP_COOKIE_ACK) &&
2249 (ch->chunk_type != SCTP_COOKIE_ECHO)) {
2250 /* Other chunk types go to the tcp pool. */
2251 find_tcp_pool = 1;
2252 }
2253 if (inp_p) {
2254 retval = sctp_findassociation_addr_sa(to, from, inp_p, netp,
2255 find_tcp_pool, vrf_id);
2256 inp = *inp_p;
2257 } else {
2258 retval = sctp_findassociation_addr_sa(to, from, &inp, netp,
2259 find_tcp_pool, vrf_id);
2260 }
2261 SCTPDBG(SCTP_DEBUG_PCB1, "retval:%p inp:%p\n", retval, inp);
2262 if (retval == NULL && inp) {
2263 /* Found a EP but not this address */
2264 if ((ch->chunk_type == SCTP_INITIATION) ||
2265 (ch->chunk_type == SCTP_INITIATION_ACK)) {
2266 /*-
2267 * special hook, we do NOT return linp or an
2268 * association that is linked to an existing
2269 * association that is under the TCP pool (i.e. no
2270 * listener exists). The endpoint finding routine
2271 * will always find a listener before examining the
2272 * TCP pool.
2273 */
2274 if (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) {
2275 if (inp_p) {
2276 *inp_p = NULL;
2277 }
2278 return (NULL);
2279 }
2280 retval = sctp_findassociation_special_addr(m,
2281 offset, sh, &inp, netp, to);
2282 if (inp_p != NULL) {
2283 *inp_p = inp;
2284 }
2285 }
2286 }
2287 SCTPDBG(SCTP_DEBUG_PCB1, "retval is %p\n", retval);
2288 return (retval);
2289 }
2290
2291 /*
2292 * lookup an association by an ASCONF lookup address.
2293 * if the lookup address is 0.0.0.0 or ::0, use the vtag to do the lookup
2294 */
2295 struct sctp_tcb *
2296 sctp_findassociation_ep_asconf(struct mbuf *m, int offset,
2297 struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint32_t vrf_id)
2298 {
2299 struct sctp_tcb *stcb;
2300 struct sockaddr_storage local_store, remote_store;
2301 struct sockaddr *to;
2302 struct ip *iph;
2303 struct sctp_paramhdr parm_buf, *phdr;
2304 int ptype;
2305 int zero_address = 0;
2306
2307 #ifdef INET
2308 struct sockaddr_in *sin;
2309
2310 #endif
2311 #ifdef INET6
2312 struct ip6_hdr *ip6;
2313 struct sockaddr_in6 *sin6;
2314
2315 #endif
2316
2317 memset(&local_store, 0, sizeof(local_store));
2318 memset(&remote_store, 0, sizeof(remote_store));
2319 to = (struct sockaddr *)&local_store;
2320 /* First get the destination address setup too. */
2321 iph = mtod(m, struct ip *);
2322 switch (iph->ip_v) {
2323 #ifdef INET
2324 case IPVERSION:
2325 /* its IPv4 */
2326 sin = (struct sockaddr_in *)&local_store;
2327 sin->sin_family = AF_INET;
2328 sin->sin_len = sizeof(*sin);
2329 sin->sin_port = sh->dest_port;
2330 sin->sin_addr.s_addr = iph->ip_dst.s_addr;
2331 break;
2332 #endif
2333 #ifdef INET6
2334 case IPV6_VERSION >> 4:
2335 /* its IPv6 */
2336 ip6 = mtod(m, struct ip6_hdr *);
2337 sin6 = (struct sockaddr_in6 *)&local_store;
2338 sin6->sin6_family = AF_INET6;
2339 sin6->sin6_len = sizeof(*sin6);
2340 sin6->sin6_port = sh->dest_port;
2341 sin6->sin6_addr = ip6->ip6_dst;
2342 break;
2343 #endif
2344 default:
2345 return NULL;
2346 }
2347
2348 phdr = sctp_get_next_param(m, offset + sizeof(struct sctp_asconf_chunk),
2349 &parm_buf, sizeof(struct sctp_paramhdr));
2350 if (phdr == NULL) {
2351 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf lookup addr\n",
2352 __FUNCTION__);
2353 return NULL;
2354 }
2355 ptype = (int)((uint32_t) ntohs(phdr->param_type));
2356 /* get the correlation address */
2357 switch (ptype) {
2358 #ifdef INET6
2359 case SCTP_IPV6_ADDRESS:
2360 {
2361 /* ipv6 address param */
2362 struct sctp_ipv6addr_param *p6, p6_buf;
2363
2364 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv6addr_param)) {
2365 return NULL;
2366 }
2367 p6 = (struct sctp_ipv6addr_param *)sctp_get_next_param(m,
2368 offset + sizeof(struct sctp_asconf_chunk),
2369 &p6_buf.ph, sizeof(*p6));
2370 if (p6 == NULL) {
2371 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v6 lookup addr\n",
2372 __FUNCTION__);
2373 return (NULL);
2374 }
2375 sin6 = (struct sockaddr_in6 *)&remote_store;
2376 sin6->sin6_family = AF_INET6;
2377 sin6->sin6_len = sizeof(*sin6);
2378 sin6->sin6_port = sh->src_port;
2379 memcpy(&sin6->sin6_addr, &p6->addr, sizeof(struct in6_addr));
2380 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))
2381 zero_address = 1;
2382 break;
2383 }
2384 #endif
2385 #ifdef INET
2386 case SCTP_IPV4_ADDRESS:
2387 {
2388 /* ipv4 address param */
2389 struct sctp_ipv4addr_param *p4, p4_buf;
2390
2391 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv4addr_param)) {
2392 return NULL;
2393 }
2394 p4 = (struct sctp_ipv4addr_param *)sctp_get_next_param(m,
2395 offset + sizeof(struct sctp_asconf_chunk),
2396 &p4_buf.ph, sizeof(*p4));
2397 if (p4 == NULL) {
2398 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v4 lookup addr\n",
2399 __FUNCTION__);
2400 return (NULL);
2401 }
2402 sin = (struct sockaddr_in *)&remote_store;
2403 sin->sin_family = AF_INET;
2404 sin->sin_len = sizeof(*sin);
2405 sin->sin_port = sh->src_port;
2406 memcpy(&sin->sin_addr, &p4->addr, sizeof(struct in_addr));
2407 if (sin->sin_addr.s_addr == INADDR_ANY)
2408 zero_address = 1;
2409 break;
2410 }
2411 #endif
2412 default:
2413 /* invalid address param type */
2414 return NULL;
2415 }
2416
2417 if (zero_address) {
2418 stcb = sctp_findassoc_by_vtag(NULL, to, ntohl(sh->v_tag), inp_p,
2419 netp, sh->src_port, sh->dest_port, 1, vrf_id, 0);
2420 if (stcb != NULL) {
2421 SCTP_INP_DECR_REF(*inp_p);
2422 }
2423 } else {
2424 stcb = sctp_findassociation_ep_addr(inp_p,
2425 (struct sockaddr *)&remote_store, netp,
2426 to, NULL);
2427 }
2428 return (stcb);
2429 }
2430
2431
2432 /*
2433 * allocate a sctp_inpcb and setup a temporary binding to a port/all
2434 * addresses. This way if we don't get a bind we by default pick a ephemeral
2435 * port with all addresses bound.
2436 */
2437 int
2438 sctp_inpcb_alloc(struct socket *so, uint32_t vrf_id)
2439 {
2440 /*
2441 * we get called when a new endpoint starts up. We need to allocate
2442 * the sctp_inpcb structure from the zone and init it. Mark it as
2443 * unbound and find a port that we can use as an ephemeral with
2444 * INADDR_ANY. If the user binds later no problem we can then add in
2445 * the specific addresses. And setup the default parameters for the
2446 * EP.
2447 */
2448 int i, error;
2449 struct sctp_inpcb *inp;
2450 struct sctp_pcb *m;
2451 struct timeval time;
2452 sctp_sharedkey_t *null_key;
2453
2454 error = 0;
2455
2456 SCTP_INP_INFO_WLOCK();
2457 inp = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_ep), struct sctp_inpcb);
2458 if (inp == NULL) {
2459 SCTP_PRINTF("Out of SCTP-INPCB structures - no resources\n");
2460 SCTP_INP_INFO_WUNLOCK();
2461 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
2462 return (ENOBUFS);
2463 }
2464 /* zap it */
2465 bzero(inp, sizeof(*inp));
2466
2467 /* bump generations */
2468 /* setup socket pointers */
2469 inp->sctp_socket = so;
2470 inp->ip_inp.inp.inp_socket = so;
2471 #ifdef INET6
2472 if (MODULE_GLOBAL(ip6_auto_flowlabel)) {
2473 inp->ip_inp.inp.inp_flags |= IN6P_AUTOFLOWLABEL;
2474 }
2475 #endif
2476 inp->sctp_associd_counter = 1;
2477 inp->partial_delivery_point = SCTP_SB_LIMIT_RCV(so) >> SCTP_PARTIAL_DELIVERY_SHIFT;
2478 inp->sctp_frag_point = SCTP_DEFAULT_MAXSEGMENT;
2479 inp->sctp_cmt_on_off = SCTP_BASE_SYSCTL(sctp_cmt_on_off);
2480 inp->sctp_ecn_enable = SCTP_BASE_SYSCTL(sctp_ecn_enable);
2481 /* init the small hash table we use to track asocid <-> tcb */
2482 inp->sctp_asocidhash = SCTP_HASH_INIT(SCTP_STACK_VTAG_HASH_SIZE, &inp->hashasocidmark);
2483 if (inp->sctp_asocidhash == NULL) {
2484 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
2485 SCTP_INP_INFO_WUNLOCK();
2486 return (ENOBUFS);
2487 }
2488 #ifdef IPSEC
2489 {
2490 struct inpcbpolicy *pcb_sp = NULL;
2491
2492 error = ipsec_init_policy(so, &pcb_sp);
2493 /* Arrange to share the policy */
2494 inp->ip_inp.inp.inp_sp = pcb_sp;
2495 ((struct in6pcb *)(&inp->ip_inp.inp))->in6p_sp = pcb_sp;
2496 }
2497 if (error != 0) {
2498 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
2499 SCTP_INP_INFO_WUNLOCK();
2500 return error;
2501 }
2502 #endif /* IPSEC */
2503 SCTP_INCR_EP_COUNT();
2504 inp->ip_inp.inp.inp_ip_ttl = MODULE_GLOBAL(ip_defttl);
2505 SCTP_INP_INFO_WUNLOCK();
2506
2507 so->so_pcb = (caddr_t)inp;
2508
2509 if (SCTP_SO_TYPE(so) == SOCK_SEQPACKET) {
2510 /* UDP style socket */
2511 inp->sctp_flags = (SCTP_PCB_FLAGS_UDPTYPE |
2512 SCTP_PCB_FLAGS_UNBOUND);
2513 /* Be sure it is NON-BLOCKING IO for UDP */
2514 /* SCTP_SET_SO_NBIO(so); */
2515 } else if (SCTP_SO_TYPE(so) == SOCK_STREAM) {
2516 /* TCP style socket */
2517 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE |
2518 SCTP_PCB_FLAGS_UNBOUND);
2519 /* Be sure we have blocking IO by default */
2520 SCTP_CLEAR_SO_NBIO(so);
2521 } else {
2522 /*
2523 * unsupported socket type (RAW, etc)- in case we missed it
2524 * in protosw
2525 */
2526 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EOPNOTSUPP);
2527 so->so_pcb = NULL;
2528 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
2529 return (EOPNOTSUPP);
2530 }
2531 if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_1) {
2532 sctp_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE);
2533 sctp_feature_off(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS);
2534 } else if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_2) {
2535 sctp_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE);
2536 sctp_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS);
2537 } else if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_0) {
2538 sctp_feature_off(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE);
2539 sctp_feature_off(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS);
2540 }
2541 inp->sctp_tcbhash = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_pcbtblsize),
2542 &inp->sctp_hashmark);
2543 if (inp->sctp_tcbhash == NULL) {
2544 SCTP_PRINTF("Out of SCTP-INPCB->hashinit - no resources\n");
2545 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
2546 so->so_pcb = NULL;
2547 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
2548 return (ENOBUFS);
2549 }
2550 inp->def_vrf_id = vrf_id;
2551
2552 SCTP_INP_INFO_WLOCK();
2553 SCTP_INP_LOCK_INIT(inp);
2554 INP_LOCK_INIT(&inp->ip_inp.inp, "inp", "sctpinp");
2555 SCTP_INP_READ_INIT(inp);
2556 SCTP_ASOC_CREATE_LOCK_INIT(inp);
2557 /* lock the new ep */
2558 SCTP_INP_WLOCK(inp);
2559
2560 /* add it to the info area */
2561 LIST_INSERT_HEAD(&SCTP_BASE_INFO(listhead), inp, sctp_list);
2562 SCTP_INP_INFO_WUNLOCK();
2563
2564 TAILQ_INIT(&inp->read_queue);
2565 LIST_INIT(&inp->sctp_addr_list);
2566
2567 LIST_INIT(&inp->sctp_asoc_list);
2568
2569 #ifdef SCTP_TRACK_FREED_ASOCS
2570 /* TEMP CODE */
2571 LIST_INIT(&inp->sctp_asoc_free_list);
2572 #endif
2573 /* Init the timer structure for signature change */
2574 SCTP_OS_TIMER_INIT(&inp->sctp_ep.signature_change.timer);
2575 inp->sctp_ep.signature_change.type = SCTP_TIMER_TYPE_NEWCOOKIE;
2576
2577 /* now init the actual endpoint default data */
2578 m = &inp->sctp_ep;
2579
2580 /* setup the base timeout information */
2581 m->sctp_timeoutticks[SCTP_TIMER_SEND] = SEC_TO_TICKS(SCTP_SEND_SEC); /* needed ? */
2582 m->sctp_timeoutticks[SCTP_TIMER_INIT] = SEC_TO_TICKS(SCTP_INIT_SEC); /* needed ? */
2583 m->sctp_timeoutticks[SCTP_TIMER_RECV] = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_delayed_sack_time_default));
2584 m->sctp_timeoutticks[SCTP_TIMER_HEARTBEAT] = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_heartbeat_interval_default));
2585 m->sctp_timeoutticks[SCTP_TIMER_PMTU] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_pmtu_raise_time_default));
2586 m->sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_shutdown_guard_time_default));
2587 m->sctp_timeoutticks[SCTP_TIMER_SIGNATURE] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_secret_lifetime_default));
2588 /* all max/min max are in ms */
2589 m->sctp_maxrto = SCTP_BASE_SYSCTL(sctp_rto_max_default);
2590 m->sctp_minrto = SCTP_BASE_SYSCTL(sctp_rto_min_default);
2591 m->initial_rto = SCTP_BASE_SYSCTL(sctp_rto_initial_default);
2592 m->initial_init_rto_max = SCTP_BASE_SYSCTL(sctp_init_rto_max_default);
2593 m->sctp_sack_freq = SCTP_BASE_SYSCTL(sctp_sack_freq_default);
2594
2595 m->max_open_streams_intome = MAX_SCTP_STREAMS;
2596
2597 m->max_init_times = SCTP_BASE_SYSCTL(sctp_init_rtx_max_default);
2598 m->max_send_times = SCTP_BASE_SYSCTL(sctp_assoc_rtx_max_default);
2599 m->def_net_failure = SCTP_BASE_SYSCTL(sctp_path_rtx_max_default);
2600 m->def_net_pf_threshold = SCTP_BASE_SYSCTL(sctp_path_pf_threshold);
2601 m->sctp_sws_sender = SCTP_SWS_SENDER_DEF;
2602 m->sctp_sws_receiver = SCTP_SWS_RECEIVER_DEF;
2603 m->max_burst = SCTP_BASE_SYSCTL(sctp_max_burst_default);
2604 m->fr_max_burst = SCTP_BASE_SYSCTL(sctp_fr_max_burst_default);
2605
2606 m->sctp_default_cc_module = SCTP_BASE_SYSCTL(sctp_default_cc_module);
2607 m->sctp_default_ss_module = SCTP_BASE_SYSCTL(sctp_default_ss_module);
2608 /* number of streams to pre-open on a association */
2609 m->pre_open_stream_count = SCTP_BASE_SYSCTL(sctp_nr_outgoing_streams_default);
2610
2611 /* Add adaptation cookie */
2612 m->adaptation_layer_indicator = 0x504C5253;
2613
2614 /* seed random number generator */
2615 m->random_counter = 1;
2616 m->store_at = SCTP_SIGNATURE_SIZE;
2617 SCTP_READ_RANDOM(m->random_numbers, sizeof(m->random_numbers));
2618 sctp_fill_random_store(m);
2619
2620 /* Minimum cookie size */
2621 m->size_of_a_cookie = (sizeof(struct sctp_init_msg) * 2) +
2622 sizeof(struct sctp_state_cookie);
2623 m->size_of_a_cookie += SCTP_SIGNATURE_SIZE;
2624
2625 /* Setup the initial secret */
2626 (void)SCTP_GETTIME_TIMEVAL(&time);
2627 m->time_of_secret_change = time.tv_sec;
2628
2629 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) {
2630 m->secret_key[0][i] = sctp_select_initial_TSN(m);
2631 }
2632 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL);
2633
2634 /* How long is a cookie good for ? */
2635 m->def_cookie_life = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_valid_cookie_life_default));
2636 /*
2637 * Initialize authentication parameters
2638 */
2639 m->local_hmacs = sctp_default_supported_hmaclist();
2640 m->local_auth_chunks = sctp_alloc_chunklist();
2641 m->default_dscp = 0;
2642 #ifdef INET6
2643 m->default_flowlabel = 0;
2644 #endif
2645 m->port = 0; /* encapsulation disabled by default */
2646 sctp_auth_set_default_chunks(m->local_auth_chunks);
2647 LIST_INIT(&m->shared_keys);
2648 /* add default NULL key as key id 0 */
2649 null_key = sctp_alloc_sharedkey();
2650 sctp_insert_sharedkey(&m->shared_keys, null_key);
2651 SCTP_INP_WUNLOCK(inp);
2652 #ifdef SCTP_LOG_CLOSING
2653 sctp_log_closing(inp, NULL, 12);
2654 #endif
2655 return (error);
2656 }
2657
2658
2659 void
2660 sctp_move_pcb_and_assoc(struct sctp_inpcb *old_inp, struct sctp_inpcb *new_inp,
2661 struct sctp_tcb *stcb)
2662 {
2663 struct sctp_nets *net;
2664 uint16_t lport, rport;
2665 struct sctppcbhead *head;
2666 struct sctp_laddr *laddr, *oladdr;
2667
2668 atomic_add_int(&stcb->asoc.refcnt, 1);
2669 SCTP_TCB_UNLOCK(stcb);
2670 SCTP_INP_INFO_WLOCK();
2671 SCTP_INP_WLOCK(old_inp);
2672 SCTP_INP_WLOCK(new_inp);
2673 SCTP_TCB_LOCK(stcb);
2674 atomic_subtract_int(&stcb->asoc.refcnt, 1);
2675
2676 new_inp->sctp_ep.time_of_secret_change =
2677 old_inp->sctp_ep.time_of_secret_change;
2678 memcpy(new_inp->sctp_ep.secret_key, old_inp->sctp_ep.secret_key,
2679 sizeof(old_inp->sctp_ep.secret_key));
2680 new_inp->sctp_ep.current_secret_number =
2681 old_inp->sctp_ep.current_secret_number;
2682 new_inp->sctp_ep.last_secret_number =
2683 old_inp->sctp_ep.last_secret_number;
2684 new_inp->sctp_ep.size_of_a_cookie = old_inp->sctp_ep.size_of_a_cookie;
2685
2686 /* make it so new data pours into the new socket */
2687 stcb->sctp_socket = new_inp->sctp_socket;
2688 stcb->sctp_ep = new_inp;
2689
2690 /* Copy the port across */
2691 lport = new_inp->sctp_lport = old_inp->sctp_lport;
2692 rport = stcb->rport;
2693 /* Pull the tcb from the old association */
2694 LIST_REMOVE(stcb, sctp_tcbhash);
2695 LIST_REMOVE(stcb, sctp_tcblist);
2696 if (stcb->asoc.in_asocid_hash) {
2697 LIST_REMOVE(stcb, sctp_tcbasocidhash);
2698 }
2699 /* Now insert the new_inp into the TCP connected hash */
2700 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR((lport | rport), SCTP_BASE_INFO(hashtcpmark))];
2701
2702 LIST_INSERT_HEAD(head, new_inp, sctp_hash);
2703 /* Its safe to access */
2704 new_inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND;
2705
2706 /* Now move the tcb into the endpoint list */
2707 LIST_INSERT_HEAD(&new_inp->sctp_asoc_list, stcb, sctp_tcblist);
2708 /*
2709 * Question, do we even need to worry about the ep-hash since we
2710 * only have one connection? Probably not :> so lets get rid of it
2711 * and not suck up any kernel memory in that.
2712 */
2713 if (stcb->asoc.in_asocid_hash) {
2714 struct sctpasochead *lhd;
2715
2716 lhd = &new_inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(stcb->asoc.assoc_id,
2717 new_inp->hashasocidmark)];
2718 LIST_INSERT_HEAD(lhd, stcb, sctp_tcbasocidhash);
2719 }
2720 /* Ok. Let's restart timer. */
2721 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
2722 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, new_inp,
2723 stcb, net);
2724 }
2725
2726 SCTP_INP_INFO_WUNLOCK();
2727 if (new_inp->sctp_tcbhash != NULL) {
2728 SCTP_HASH_FREE(new_inp->sctp_tcbhash, new_inp->sctp_hashmark);
2729 new_inp->sctp_tcbhash = NULL;
2730 }
2731 if ((new_inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) {
2732 /* Subset bound, so copy in the laddr list from the old_inp */
2733 LIST_FOREACH(oladdr, &old_inp->sctp_addr_list, sctp_nxt_addr) {
2734 laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
2735 if (laddr == NULL) {
2736 /*
2737 * Gak, what can we do? This assoc is really
2738 * HOSED. We probably should send an abort
2739 * here.
2740 */
2741 SCTPDBG(SCTP_DEBUG_PCB1, "Association hosed in TCP model, out of laddr memory\n");
2742 continue;
2743 }
2744 SCTP_INCR_LADDR_COUNT();
2745 bzero(laddr, sizeof(*laddr));
2746 (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time);
2747 laddr->ifa = oladdr->ifa;
2748 atomic_add_int(&laddr->ifa->refcount, 1);
2749 LIST_INSERT_HEAD(&new_inp->sctp_addr_list, laddr,
2750 sctp_nxt_addr);
2751 new_inp->laddr_count++;
2752 if (oladdr == stcb->asoc.last_used_address) {
2753 stcb->asoc.last_used_address = laddr;
2754 }
2755 }
2756 }
2757 /*
2758 * Now any running timers need to be adjusted since we really don't
2759 * care if they are running or not just blast in the new_inp into
2760 * all of them.
2761 */
2762
2763 stcb->asoc.dack_timer.ep = (void *)new_inp;
2764 stcb->asoc.asconf_timer.ep = (void *)new_inp;
2765 stcb->asoc.strreset_timer.ep = (void *)new_inp;
2766 stcb->asoc.shut_guard_timer.ep = (void *)new_inp;
2767 stcb->asoc.autoclose_timer.ep = (void *)new_inp;
2768 stcb->asoc.delayed_event_timer.ep = (void *)new_inp;
2769 stcb->asoc.delete_prim_timer.ep = (void *)new_inp;
2770 /* now what about the nets? */
2771 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
2772 net->pmtu_timer.ep = (void *)new_inp;
2773 net->hb_timer.ep = (void *)new_inp;
2774 net->rxt_timer.ep = (void *)new_inp;
2775 }
2776 SCTP_INP_WUNLOCK(new_inp);
2777 SCTP_INP_WUNLOCK(old_inp);
2778 }
2779
2780
2781
2782
2783 /* sctp_ifap is used to bypass normal local address validation checks */
2784 int
2785 sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
2786 struct sctp_ifa *sctp_ifap, struct thread *p)
2787 {
2788 /* bind a ep to a socket address */
2789 struct sctppcbhead *head;
2790 struct sctp_inpcb *inp, *inp_tmp;
2791 struct inpcb *ip_inp;
2792 int port_reuse_active = 0;
2793 int bindall;
2794 uint16_t lport;
2795 int error;
2796 uint32_t vrf_id;
2797
2798 lport = 0;
2799 error = 0;
2800 bindall = 1;
2801 inp = (struct sctp_inpcb *)so->so_pcb;
2802 ip_inp = (struct inpcb *)so->so_pcb;
2803 #ifdef SCTP_DEBUG
2804 if (addr) {
2805 SCTPDBG(SCTP_DEBUG_PCB1, "Bind called port:%d\n",
2806 ntohs(((struct sockaddr_in *)addr)->sin_port));
2807 SCTPDBG(SCTP_DEBUG_PCB1, "Addr :");
2808 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, addr);
2809 }
2810 #endif
2811 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) == 0) {
2812 /* already did a bind, subsequent binds NOT allowed ! */
2813 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
2814 return (EINVAL);
2815 }
2816 #ifdef INVARIANTS
2817 if (p == NULL)
2818 panic("null proc/thread");
2819 #endif
2820 if (addr != NULL) {
2821 switch (addr->sa_family) {
2822 #ifdef INET
2823 case AF_INET:
2824 {
2825 struct sockaddr_in *sin;
2826
2827 /* IPV6_V6ONLY socket? */
2828 if (SCTP_IPV6_V6ONLY(ip_inp)) {
2829 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
2830 return (EINVAL);
2831 }
2832 if (addr->sa_len != sizeof(*sin)) {
2833 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
2834 return (EINVAL);
2835 }
2836 sin = (struct sockaddr_in *)addr;
2837 lport = sin->sin_port;
2838 /*
2839 * For LOOPBACK the prison_local_ip4() call
2840 * will transmute the ip address to the
2841 * proper value.
2842 */
2843 if (p && (error = prison_local_ip4(p->td_ucred, &sin->sin_addr)) != 0) {
2844 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2845 return (error);
2846 }
2847 if (sin->sin_addr.s_addr != INADDR_ANY) {
2848 bindall = 0;
2849 }
2850 break;
2851 }
2852 #endif
2853 #ifdef INET6
2854 case AF_INET6:
2855 {
2856 /*
2857 * Only for pure IPv6 Address. (No IPv4
2858 * Mapped!)
2859 */
2860 struct sockaddr_in6 *sin6;
2861
2862 sin6 = (struct sockaddr_in6 *)addr;
2863
2864 if (addr->sa_len != sizeof(*sin6)) {
2865 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
2866 return (EINVAL);
2867 }
2868 lport = sin6->sin6_port;
2869
2870 /*
2871 * For LOOPBACK the prison_local_ip6() call
2872 * will transmute the ipv6 address to the
2873 * proper value.
2874 */
2875 if (p && (error = prison_local_ip6(p->td_ucred, &sin6->sin6_addr,
2876 (SCTP_IPV6_V6ONLY(inp) != 0))) != 0) {
2877 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2878 return (error);
2879 }
2880 if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
2881 bindall = 0;
2882 /* KAME hack: embed scopeid */
2883 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
2884 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
2885 return (EINVAL);
2886 }
2887 }
2888 /* this must be cleared for ifa_ifwithaddr() */
2889 sin6->sin6_scope_id = 0;
2890 break;
2891 }
2892 #endif
2893 default:
2894 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EAFNOSUPPORT);
2895 return (EAFNOSUPPORT);
2896 }
2897 }
2898 SCTP_INP_INFO_WLOCK();
2899 SCTP_INP_WLOCK(inp);
2900 /* Setup a vrf_id to be the default for the non-bind-all case. */
2901 vrf_id = inp->def_vrf_id;
2902
2903 /* increase our count due to the unlock we do */
2904 SCTP_INP_INCR_REF(inp);
2905 if (lport) {
2906 /*
2907 * Did the caller specify a port? if so we must see if a ep
2908 * already has this one bound.
2909 */
2910 /* got to be root to get at low ports */
2911 if (ntohs(lport) < IPPORT_RESERVED) {
2912 if (p && (error =
2913 priv_check(p, PRIV_NETINET_RESERVEDPORT)
2914 )) {
2915 SCTP_INP_DECR_REF(inp);
2916 SCTP_INP_WUNLOCK(inp);
2917 SCTP_INP_INFO_WUNLOCK();
2918 return (error);
2919 }
2920 }
2921 if (p == NULL) {
2922 SCTP_INP_DECR_REF(inp);
2923 SCTP_INP_WUNLOCK(inp);
2924 SCTP_INP_INFO_WUNLOCK();
2925 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2926 return (error);
2927 }
2928 SCTP_INP_WUNLOCK(inp);
2929 if (bindall) {
2930 vrf_id = inp->def_vrf_id;
2931 inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id);
2932 if (inp_tmp != NULL) {
2933 /*
2934 * lock guy returned and lower count note
2935 * that we are not bound so inp_tmp should
2936 * NEVER be inp. And it is this inp
2937 * (inp_tmp) that gets the reference bump,
2938 * so we must lower it.
2939 */
2940 SCTP_INP_DECR_REF(inp_tmp);
2941 /* unlock info */
2942 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) &&
2943 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) {
2944 /*
2945 * Ok, must be one-2-one and
2946 * allowing port re-use
2947 */
2948 port_reuse_active = 1;
2949 goto continue_anyway;
2950 }
2951 SCTP_INP_DECR_REF(inp);
2952 SCTP_INP_INFO_WUNLOCK();
2953 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE);
2954 return (EADDRINUSE);
2955 }
2956 } else {
2957 inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id);
2958 if (inp_tmp != NULL) {
2959 /*
2960 * lock guy returned and lower count note
2961 * that we are not bound so inp_tmp should
2962 * NEVER be inp. And it is this inp
2963 * (inp_tmp) that gets the reference bump,
2964 * so we must lower it.
2965 */
2966 SCTP_INP_DECR_REF(inp_tmp);
2967 /* unlock info */
2968 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) &&
2969 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) {
2970 /*
2971 * Ok, must be one-2-one and
2972 * allowing port re-use
2973 */
2974 port_reuse_active = 1;
2975 goto continue_anyway;
2976 }
2977 SCTP_INP_DECR_REF(inp);
2978 SCTP_INP_INFO_WUNLOCK();
2979 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE);
2980 return (EADDRINUSE);
2981 }
2982 }
2983 continue_anyway:
2984 SCTP_INP_WLOCK(inp);
2985 if (bindall) {
2986 /* verify that no lport is not used by a singleton */
2987 if ((port_reuse_active == 0) &&
2988 (inp_tmp = sctp_isport_inuse(inp, lport, vrf_id))
2989 ) {
2990 /* Sorry someone already has this one bound */
2991 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) &&
2992 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) {
2993 port_reuse_active = 1;
2994 } else {
2995 SCTP_INP_DECR_REF(inp);
2996 SCTP_INP_WUNLOCK(inp);
2997 SCTP_INP_INFO_WUNLOCK();
2998 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE);
2999 return (EADDRINUSE);
3000 }
3001 }
3002 }
3003 } else {
3004 uint16_t first, last, candidate;
3005 uint16_t count;
3006 int done;
3007
3008 if (ip_inp->inp_flags & INP_HIGHPORT) {
3009 first = MODULE_GLOBAL(ipport_hifirstauto);
3010 last = MODULE_GLOBAL(ipport_hilastauto);
3011 } else if (ip_inp->inp_flags & INP_LOWPORT) {
3012 if (p && (error =
3013 priv_check(p, PRIV_NETINET_RESERVEDPORT)
3014 )) {
3015 SCTP_INP_DECR_REF(inp);
3016 SCTP_INP_WUNLOCK(inp);
3017 SCTP_INP_INFO_WUNLOCK();
3018 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
3019 return (error);
3020 }
3021 first = MODULE_GLOBAL(ipport_lowfirstauto);
3022 last = MODULE_GLOBAL(ipport_lowlastauto);
3023 } else {
3024 first = MODULE_GLOBAL(ipport_firstauto);
3025 last = MODULE_GLOBAL(ipport_lastauto);
3026 }
3027 if (first > last) {
3028 uint16_t temp;
3029
3030 temp = first;
3031 first = last;
3032 last = temp;
3033 }
3034 count = last - first + 1; /* number of candidates */
3035 candidate = first + sctp_select_initial_TSN(&inp->sctp_ep) % (count);
3036
3037 done = 0;
3038 while (!done) {
3039 if (sctp_isport_inuse(inp, htons(candidate), inp->def_vrf_id) == NULL) {
3040 done = 1;
3041 }
3042 if (!done) {
3043 if (--count == 0) {
3044 SCTP_INP_DECR_REF(inp);
3045 SCTP_INP_WUNLOCK(inp);
3046 SCTP_INP_INFO_WUNLOCK();
3047 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE);
3048 return (EADDRINUSE);
3049 }
3050 if (candidate == last)
3051 candidate = first;
3052 else
3053 candidate = candidate + 1;
3054 }
3055 }
3056 lport = htons(candidate);
3057 }
3058 SCTP_INP_DECR_REF(inp);
3059 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE |
3060 SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
3061 /*
3062 * this really should not happen. The guy did a non-blocking
3063 * bind and then did a close at the same time.
3064 */
3065 SCTP_INP_WUNLOCK(inp);
3066 SCTP_INP_INFO_WUNLOCK();
3067 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
3068 return (EINVAL);
3069 }
3070 /* ok we look clear to give out this port, so lets setup the binding */
3071 if (bindall) {
3072 /* binding to all addresses, so just set in the proper flags */
3073 inp->sctp_flags |= SCTP_PCB_FLAGS_BOUNDALL;
3074 /* set the automatic addr changes from kernel flag */
3075 if (SCTP_BASE_SYSCTL(sctp_auto_asconf) == 0) {
3076 sctp_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF);
3077 sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
3078 } else {
3079 sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF);
3080 sctp_feature_on(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
3081 }
3082 if (SCTP_BASE_SYSCTL(sctp_multiple_asconfs) == 0) {
3083 sctp_feature_off(inp, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS);
3084 } else {
3085 sctp_feature_on(inp, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS);
3086 }
3087 /*
3088 * set the automatic mobility_base from kernel flag (by
3089 * micchie)
3090 */
3091 if (SCTP_BASE_SYSCTL(sctp_mobility_base) == 0) {
3092 sctp_mobility_feature_off(inp, SCTP_MOBILITY_BASE);
3093 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
3094 } else {
3095 sctp_mobility_feature_on(inp, SCTP_MOBILITY_BASE);
3096 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
3097 }
3098 /*
3099 * set the automatic mobility_fasthandoff from kernel flag
3100 * (by micchie)
3101 */
3102 if (SCTP_BASE_SYSCTL(sctp_mobility_fasthandoff) == 0) {
3103 sctp_mobility_feature_off(inp, SCTP_MOBILITY_FASTHANDOFF);
3104 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
3105 } else {
3106 sctp_mobility_feature_on(inp, SCTP_MOBILITY_FASTHANDOFF);
3107 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
3108 }
3109 } else {
3110 /*
3111 * bind specific, make sure flags is off and add a new
3112 * address structure to the sctp_addr_list inside the ep
3113 * structure.
3114 *
3115 * We will need to allocate one and insert it at the head. The
3116 * socketopt call can just insert new addresses in there as
3117 * well. It will also have to do the embed scope kame hack
3118 * too (before adding).
3119 */
3120 struct sctp_ifa *ifa;
3121 struct sockaddr_storage store_sa;
3122
3123 memset(&store_sa, 0, sizeof(store_sa));
3124 switch (addr->sa_family) {
3125 #ifdef INET
3126 case AF_INET:
3127 {
3128 struct sockaddr_in *sin;
3129
3130 sin = (struct sockaddr_in *)&store_sa;
3131 memcpy(sin, addr, sizeof(struct sockaddr_in));
3132 sin->sin_port = 0;
3133 break;
3134 }
3135 #endif
3136 #ifdef INET6
3137 case AF_INET6:
3138 {
3139 struct sockaddr_in6 *sin6;
3140
3141 sin6 = (struct sockaddr_in6 *)&store_sa;
3142 memcpy(sin6, addr, sizeof(struct sockaddr_in6));
3143 sin6->sin6_port = 0;
3144 break;
3145 }
3146 #endif
3147 default:
3148 break;
3149 }
3150 /*
3151 * first find the interface with the bound address need to
3152 * zero out the port to find the address! yuck! can't do
3153 * this earlier since need port for sctp_pcb_findep()
3154 */
3155 if (sctp_ifap != NULL)
3156 ifa = sctp_ifap;
3157 else {
3158 /*
3159 * Note for BSD we hit here always other O/S's will
3160 * pass things in via the sctp_ifap argument
3161 * (Panda).
3162 */
3163 ifa = sctp_find_ifa_by_addr((struct sockaddr *)&store_sa,
3164 vrf_id, SCTP_ADDR_NOT_LOCKED);
3165 }
3166 if (ifa == NULL) {
3167 /* Can't find an interface with that address */
3168 SCTP_INP_WUNLOCK(inp);
3169 SCTP_INP_INFO_WUNLOCK();
3170 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRNOTAVAIL);
3171 return (EADDRNOTAVAIL);
3172 }
3173 #ifdef INET6
3174 if (addr->sa_family == AF_INET6) {
3175 /* GAK, more FIXME IFA lock? */
3176 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
3177 /* Can't bind a non-existent addr. */
3178 SCTP_INP_WUNLOCK(inp);
3179 SCTP_INP_INFO_WUNLOCK();
3180 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
3181 return (EINVAL);
3182 }
3183 }
3184 #endif
3185 /* we're not bound all */
3186 inp->sctp_flags &= ~SCTP_PCB_FLAGS_BOUNDALL;
3187 /* allow bindx() to send ASCONF's for binding changes */
3188 sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF);
3189 /* clear automatic addr changes from kernel flag */
3190 sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
3191
3192 /* add this address to the endpoint list */
3193 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, 0);
3194 if (error != 0) {
3195 SCTP_INP_WUNLOCK(inp);
3196 SCTP_INP_INFO_WUNLOCK();
3197 return (error);
3198 }
3199 inp->laddr_count++;
3200 }
3201 /* find the bucket */
3202 if (port_reuse_active) {
3203 /* Put it into tcp 1-2-1 hash */
3204 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR(lport, SCTP_BASE_INFO(hashtcpmark))];
3205 inp->sctp_flags |= SCTP_PCB_FLAGS_IN_TCPPOOL;
3206 } else {
3207 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport, SCTP_BASE_INFO(hashmark))];
3208 }
3209 /* put it in the bucket */
3210 LIST_INSERT_HEAD(head, inp, sctp_hash);
3211 SCTPDBG(SCTP_DEBUG_PCB1, "Main hash to bind at head:%p, bound port:%d - in tcp_pool=%d\n",
3212 head, ntohs(lport), port_reuse_active);
3213 /* set in the port */
3214 inp->sctp_lport = lport;
3215
3216 /* turn off just the unbound flag */
3217 inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND;
3218 SCTP_INP_WUNLOCK(inp);
3219 SCTP_INP_INFO_WUNLOCK();
3220 return (0);
3221 }
3222
3223
3224 static void
3225 sctp_iterator_inp_being_freed(struct sctp_inpcb *inp)
3226 {
3227 struct sctp_iterator *it, *nit;
3228
3229 /*
3230 * We enter with the only the ITERATOR_LOCK in place and a write
3231 * lock on the inp_info stuff.
3232 */
3233 it = sctp_it_ctl.cur_it;
3234 if (it && (it->vn != curvnet)) {
3235 /* Its not looking at our VNET */
3236 return;
3237 }
3238 if (it && (it->inp == inp)) {
3239 /*
3240 * This is tricky and we hold the iterator lock, but when it
3241 * returns and gets the lock (when we release it) the
3242 * iterator will try to operate on inp. We need to stop that
3243 * from happening. But of course the iterator has a
3244 * reference on the stcb and inp. We can mark it and it will
3245 * stop.
3246 *
3247 * If its a single iterator situation, we set the end iterator
3248 * flag. Otherwise we set the iterator to go to the next
3249 * inp.
3250 *
3251 */
3252 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
3253 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_IT;
3254 } else {
3255 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_INP;
3256 }
3257 }
3258 /*
3259 * Now go through and remove any single reference to our inp that
3260 * may be still pending on the list
3261 */
3262 SCTP_IPI_ITERATOR_WQ_LOCK();
3263 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) {
3264 if (it->vn != curvnet) {
3265 continue;
3266 }
3267 if (it->inp == inp) {
3268 /* This one points to me is it inp specific? */
3269 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
3270 /* Remove and free this one */
3271 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead,
3272 it, sctp_nxt_itr);
3273 if (it->function_atend != NULL) {
3274 (*it->function_atend) (it->pointer, it->val);
3275 }
3276 SCTP_FREE(it, SCTP_M_ITER);
3277 } else {
3278 it->inp = LIST_NEXT(it->inp, sctp_list);
3279 if (it->inp) {
3280 SCTP_INP_INCR_REF(it->inp);
3281 }
3282 }
3283 /*
3284 * When its put in the refcnt is incremented so decr
3285 * it
3286 */
3287 SCTP_INP_DECR_REF(inp);
3288 }
3289 }
3290 SCTP_IPI_ITERATOR_WQ_UNLOCK();
3291 }
3292
3293 /* release sctp_inpcb unbind the port */
3294 void
3295 sctp_inpcb_free(struct sctp_inpcb *inp, int immediate, int from)
3296 {
3297 /*
3298 * Here we free a endpoint. We must find it (if it is in the Hash
3299 * table) and remove it from there. Then we must also find it in the
3300 * overall list and remove it from there. After all removals are
3301 * complete then any timer has to be stopped. Then start the actual
3302 * freeing. a) Any local lists. b) Any associations. c) The hash of
3303 * all associations. d) finally the ep itself.
3304 */
3305 struct sctp_tcb *asoc, *nasoc;
3306 struct sctp_laddr *laddr, *nladdr;
3307 struct inpcb *ip_pcb;
3308 struct socket *so;
3309 int being_refed = 0;
3310 struct sctp_queued_to_read *sq, *nsq;
3311 int cnt;
3312 sctp_sharedkey_t *shared_key, *nshared_key;
3313
3314
3315 #ifdef SCTP_LOG_CLOSING
3316 sctp_log_closing(inp, NULL, 0);
3317 #endif
3318 SCTP_ITERATOR_LOCK();
3319 /* mark any iterators on the list or being processed */
3320 sctp_iterator_inp_being_freed(inp);
3321 SCTP_ITERATOR_UNLOCK();
3322 so = inp->sctp_socket;
3323 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
3324 /* been here before.. eeks.. get out of here */
3325 SCTP_PRINTF("This conflict in free SHOULD not be happening! from %d, imm %d\n", from, immediate);
3326 #ifdef SCTP_LOG_CLOSING
3327 sctp_log_closing(inp, NULL, 1);
3328 #endif
3329 return;
3330 }
3331 SCTP_ASOC_CREATE_LOCK(inp);
3332 SCTP_INP_INFO_WLOCK();
3333
3334 SCTP_INP_WLOCK(inp);
3335 if (from == SCTP_CALLED_AFTER_CMPSET_OFCLOSE) {
3336 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CLOSE_IP;
3337 /* socket is gone, so no more wakeups allowed */
3338 inp->sctp_flags |= SCTP_PCB_FLAGS_DONT_WAKE;
3339 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEINPUT;
3340 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEOUTPUT;
3341
3342 }
3343 /* First time through we have the socket lock, after that no more. */
3344 sctp_timer_stop(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL,
3345 SCTP_FROM_SCTP_PCB + SCTP_LOC_1);
3346
3347 if (inp->control) {
3348 sctp_m_freem(inp->control);
3349 inp->control = NULL;
3350 }
3351 if (inp->pkt) {
3352 sctp_m_freem(inp->pkt);
3353 inp->pkt = NULL;
3354 }
3355 ip_pcb = &inp->ip_inp.inp; /* we could just cast the main pointer
3356 * here but I will be nice :> (i.e.
3357 * ip_pcb = ep;) */
3358 if (immediate == SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE) {
3359 int cnt_in_sd;
3360
3361 cnt_in_sd = 0;
3362 LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_list, sctp_tcblist, nasoc) {
3363 SCTP_TCB_LOCK(asoc);
3364 if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
3365 /* Skip guys being freed */
3366 cnt_in_sd++;
3367 if (asoc->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE) {
3368 /*
3369 * Special case - we did not start a
3370 * kill timer on the asoc due to it
3371 * was not closed. So go ahead and
3372 * start it now.
3373 */
3374 asoc->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE;
3375 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, asoc, NULL);
3376 }
3377 SCTP_TCB_UNLOCK(asoc);
3378 continue;
3379 }
3380 if (((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_WAIT) ||
3381 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_ECHOED)) &&
3382 (asoc->asoc.total_output_queue_size == 0)) {
3383 /*
3384 * If we have data in queue, we don't want
3385 * to just free since the app may have done,
3386 * send()/close or connect/send/close. And
3387 * it wants the data to get across first.
3388 */
3389 /* Just abandon things in the front states */
3390 if (sctp_free_assoc(inp, asoc, SCTP_PCBFREE_NOFORCE,
3391 SCTP_FROM_SCTP_PCB + SCTP_LOC_2) == 0) {
3392 cnt_in_sd++;
3393 }
3394 continue;
3395 }
3396 /* Disconnect the socket please */
3397 asoc->sctp_socket = NULL;
3398 asoc->asoc.state |= SCTP_STATE_CLOSED_SOCKET;
3399 if ((asoc->asoc.size_on_reasm_queue > 0) ||
3400 (asoc->asoc.control_pdapi) ||
3401 (asoc->asoc.size_on_all_streams > 0) ||
3402 (so && (so->so_rcv.sb_cc > 0))) {
3403 /* Left with Data unread */
3404 struct mbuf *op_err;
3405
3406 op_err = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
3407 0, M_DONTWAIT, 1, MT_DATA);
3408 if (op_err) {
3409 /* Fill in the user initiated abort */
3410 struct sctp_paramhdr *ph;
3411 uint32_t *ippp;
3412
3413 SCTP_BUF_LEN(op_err) =
3414 sizeof(struct sctp_paramhdr) + sizeof(uint32_t);
3415 ph = mtod(op_err,
3416 struct sctp_paramhdr *);
3417 ph->param_type = htons(
3418 SCTP_CAUSE_USER_INITIATED_ABT);
3419 ph->param_length = htons(SCTP_BUF_LEN(op_err));
3420 ippp = (uint32_t *) (ph + 1);
3421 *ippp = htonl(SCTP_FROM_SCTP_PCB + SCTP_LOC_3);
3422 }
3423 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_3;
3424 sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED);
3425 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
3426 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
3427 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
3428 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
3429 }
3430 if (sctp_free_assoc(inp, asoc,
3431 SCTP_PCBFREE_NOFORCE, SCTP_FROM_SCTP_PCB + SCTP_LOC_4) == 0) {
3432 cnt_in_sd++;
3433 }
3434 continue;
3435 } else if (TAILQ_EMPTY(&asoc->asoc.send_queue) &&
3436 TAILQ_EMPTY(&asoc->asoc.sent_queue) &&
3437 (asoc->asoc.stream_queue_cnt == 0)
3438 ) {
3439 if (asoc->asoc.locked_on_sending) {
3440 goto abort_anyway;
3441 }
3442 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
3443 (SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
3444 struct sctp_nets *netp;
3445
3446 if (asoc->asoc.alternate) {
3447 netp = asoc->asoc.alternate;
3448 } else {
3449 netp = asoc->asoc.primary_destination;
3450 }
3451 /*
3452 * there is nothing queued to send,
3453 * so I send shutdown
3454 */
3455 sctp_send_shutdown(asoc, netp);
3456 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
3457 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
3458 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
3459 }
3460 SCTP_SET_STATE(&asoc->asoc, SCTP_STATE_SHUTDOWN_SENT);
3461 SCTP_CLEAR_SUBSTATE(&asoc->asoc, SCTP_STATE_SHUTDOWN_PENDING);
3462 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, asoc->sctp_ep, asoc,
3463 netp);
3464 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc,
3465 asoc->asoc.primary_destination);
3466 sctp_chunk_output(inp, asoc, SCTP_OUTPUT_FROM_SHUT_TMR, SCTP_SO_LOCKED);
3467 }
3468 } else {
3469 /* mark into shutdown pending */
3470 struct sctp_stream_queue_pending *sp;
3471
3472 asoc->asoc.state |= SCTP_STATE_SHUTDOWN_PENDING;
3473 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc,
3474 asoc->asoc.primary_destination);
3475 if (asoc->asoc.locked_on_sending) {
3476 sp = TAILQ_LAST(&((asoc->asoc.locked_on_sending)->outqueue),
3477 sctp_streamhead);
3478 if (sp == NULL) {
3479 SCTP_PRINTF("Error, sp is NULL, locked on sending is %p strm:%d\n",
3480 asoc->asoc.locked_on_sending,
3481 asoc->asoc.locked_on_sending->stream_no);
3482 } else {
3483 if ((sp->length == 0) && (sp->msg_is_complete == 0))
3484 asoc->asoc.state |= SCTP_STATE_PARTIAL_MSG_LEFT;
3485 }
3486 }
3487 if (TAILQ_EMPTY(&asoc->asoc.send_queue) &&
3488 TAILQ_EMPTY(&asoc->asoc.sent_queue) &&
3489 (asoc->asoc.state & SCTP_STATE_PARTIAL_MSG_LEFT)) {
3490 struct mbuf *op_err;
3491
3492 abort_anyway:
3493 op_err = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
3494 0, M_DONTWAIT, 1, MT_DATA);
3495 if (op_err) {
3496 /*
3497 * Fill in the user
3498 * initiated abort
3499 */
3500 struct sctp_paramhdr *ph;
3501 uint32_t *ippp;
3502
3503 SCTP_BUF_LEN(op_err) =
3504 (sizeof(struct sctp_paramhdr) +
3505 sizeof(uint32_t));
3506 ph = mtod(op_err,
3507 struct sctp_paramhdr *);
3508 ph->param_type = htons(
3509 SCTP_CAUSE_USER_INITIATED_ABT);
3510 ph->param_length = htons(SCTP_BUF_LEN(op_err));
3511 ippp = (uint32_t *) (ph + 1);
3512 *ippp = htonl(SCTP_FROM_SCTP_PCB + SCTP_LOC_5);
3513 }
3514 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_5;
3515 sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED);
3516 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
3517 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
3518 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
3519 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
3520 }
3521 if (sctp_free_assoc(inp, asoc,
3522 SCTP_PCBFREE_NOFORCE,
3523 SCTP_FROM_SCTP_PCB + SCTP_LOC_6) == 0) {
3524 cnt_in_sd++;
3525 }
3526 continue;
3527 } else {
3528 sctp_chunk_output(inp, asoc, SCTP_OUTPUT_FROM_CLOSING, SCTP_SO_LOCKED);
3529 }
3530 }
3531 cnt_in_sd++;
3532 SCTP_TCB_UNLOCK(asoc);
3533 }
3534 /* now is there some left in our SHUTDOWN state? */
3535 if (cnt_in_sd) {
3536 #ifdef SCTP_LOG_CLOSING
3537 sctp_log_closing(inp, NULL, 2);
3538 #endif
3539 inp->sctp_socket = NULL;
3540 SCTP_INP_WUNLOCK(inp);
3541 SCTP_ASOC_CREATE_UNLOCK(inp);
3542 SCTP_INP_INFO_WUNLOCK();
3543 return;
3544 }
3545 }
3546 inp->sctp_socket = NULL;
3547 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) !=
3548 SCTP_PCB_FLAGS_UNBOUND) {
3549 /*
3550 * ok, this guy has been bound. It's port is somewhere in
3551 * the SCTP_BASE_INFO(hash table). Remove it!
3552 */
3553 LIST_REMOVE(inp, sctp_hash);
3554 inp->sctp_flags |= SCTP_PCB_FLAGS_UNBOUND;
3555 }
3556 /*
3557 * If there is a timer running to kill us, forget it, since it may
3558 * have a contest on the INP lock.. which would cause us to die ...
3559 */
3560 cnt = 0;
3561 LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_list, sctp_tcblist, nasoc) {
3562 SCTP_TCB_LOCK(asoc);
3563 if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
3564 if (asoc->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE) {
3565 asoc->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE;
3566 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, asoc, NULL);
3567 }
3568 cnt++;
3569 SCTP_TCB_UNLOCK(asoc);
3570 continue;
3571 }
3572 /* Free associations that are NOT killing us */
3573 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_COOKIE_WAIT) &&
3574 ((asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) {
3575 struct mbuf *op_err;
3576 uint32_t *ippp;
3577
3578 op_err = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
3579 0, M_DONTWAIT, 1, MT_DATA);
3580 if (op_err) {
3581 /* Fill in the user initiated abort */
3582 struct sctp_paramhdr *ph;
3583
3584 SCTP_BUF_LEN(op_err) = (sizeof(struct sctp_paramhdr) +
3585 sizeof(uint32_t));
3586 ph = mtod(op_err, struct sctp_paramhdr *);
3587 ph->param_type = htons(
3588 SCTP_CAUSE_USER_INITIATED_ABT);
3589 ph->param_length = htons(SCTP_BUF_LEN(op_err));
3590 ippp = (uint32_t *) (ph + 1);
3591 *ippp = htonl(SCTP_FROM_SCTP_PCB + SCTP_LOC_7);
3592
3593 }
3594 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_7;
3595 sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED);
3596 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
3597 } else if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
3598 cnt++;
3599 SCTP_TCB_UNLOCK(asoc);
3600 continue;
3601 }
3602 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
3603 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
3604 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
3605 }
3606 if (sctp_free_assoc(inp, asoc, SCTP_PCBFREE_FORCE, SCTP_FROM_SCTP_PCB + SCTP_LOC_8) == 0) {
3607 cnt++;
3608 }
3609 }
3610 if (cnt) {
3611 /* Ok we have someone out there that will kill us */
3612 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
3613 #ifdef SCTP_LOG_CLOSING
3614 sctp_log_closing(inp, NULL, 3);
3615 #endif
3616 SCTP_INP_WUNLOCK(inp);
3617 SCTP_ASOC_CREATE_UNLOCK(inp);
3618 SCTP_INP_INFO_WUNLOCK();
3619 return;
3620 }
3621 if (SCTP_INP_LOCK_CONTENDED(inp))
3622 being_refed++;
3623 if (SCTP_INP_READ_CONTENDED(inp))
3624 being_refed++;
3625 if (SCTP_ASOC_CREATE_LOCK_CONTENDED(inp))
3626 being_refed++;
3627
3628 if ((inp->refcount) ||
3629 (being_refed) ||
3630 (inp->sctp_flags & SCTP_PCB_FLAGS_CLOSE_IP)) {
3631 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
3632 #ifdef SCTP_LOG_CLOSING
3633 sctp_log_closing(inp, NULL, 4);
3634 #endif
3635 sctp_timer_start(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL);
3636 SCTP_INP_WUNLOCK(inp);
3637 SCTP_ASOC_CREATE_UNLOCK(inp);
3638 SCTP_INP_INFO_WUNLOCK();
3639 return;
3640 }
3641 inp->sctp_ep.signature_change.type = 0;
3642 inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_ALLGONE;
3643 /*
3644 * Remove it from the list .. last thing we need a lock for.
3645 */
3646 LIST_REMOVE(inp, sctp_list);
3647 SCTP_INP_WUNLOCK(inp);
3648 SCTP_ASOC_CREATE_UNLOCK(inp);
3649 SCTP_INP_INFO_WUNLOCK();
3650 /*
3651 * Now we release all locks. Since this INP cannot be found anymore
3652 * except possibly by the kill timer that might be running. We call
3653 * the drain function here. It should hit the case were it sees the
3654 * ACTIVE flag cleared and exit out freeing us to proceed and
3655 * destroy everything.
3656 */
3657 if (from != SCTP_CALLED_FROM_INPKILL_TIMER) {
3658 (void)SCTP_OS_TIMER_STOP_DRAIN(&inp->sctp_ep.signature_change.timer);
3659 } else {
3660 /* Probably un-needed */
3661 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
3662 }
3663
3664 #ifdef SCTP_LOG_CLOSING
3665 sctp_log_closing(inp, NULL, 5);
3666 #endif
3667
3668
3669 if ((inp->sctp_asocidhash) != NULL) {
3670 SCTP_HASH_FREE(inp->sctp_asocidhash, inp->hashasocidmark);
3671 inp->sctp_asocidhash = NULL;
3672 }
3673 /* sa_ignore FREED_MEMORY */
3674 TAILQ_FOREACH_SAFE(sq, &inp->read_queue, next, nsq) {
3675 /* Its only abandoned if it had data left */
3676 if (sq->length)
3677 SCTP_STAT_INCR(sctps_left_abandon);
3678
3679 TAILQ_REMOVE(&inp->read_queue, sq, next);
3680 sctp_free_remote_addr(sq->whoFrom);
3681 if (so)
3682 so->so_rcv.sb_cc -= sq->length;
3683 if (sq->data) {
3684 sctp_m_freem(sq->data);
3685 sq->data = NULL;
3686 }
3687 /*
3688 * no need to free the net count, since at this point all
3689 * assoc's are gone.
3690 */
3691 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), sq);
3692 SCTP_DECR_READQ_COUNT();
3693 }
3694 /* Now the sctp_pcb things */
3695 /*
3696 * free each asoc if it is not already closed/free. we can't use the
3697 * macro here since le_next will get freed as part of the
3698 * sctp_free_assoc() call.
3699 */
3700 if (so) {
3701 #ifdef IPSEC
3702 ipsec_delete_pcbpolicy(ip_pcb);
3703 #endif /* IPSEC */
3704
3705 /* Unlocks not needed since the socket is gone now */
3706 }
3707 if (ip_pcb->inp_options) {
3708 (void)sctp_m_free(ip_pcb->inp_options);
3709 ip_pcb->inp_options = 0;
3710 }
3711 #ifdef INET6
3712 if (ip_pcb->inp_vflag & INP_IPV6) {
3713 struct in6pcb *in6p;
3714
3715 in6p = (struct in6pcb *)inp;
3716 ip6_freepcbopts(in6p->in6p_outputopts);
3717 }
3718 #endif /* INET6 */
3719 ip_pcb->inp_vflag = 0;
3720 /* free up authentication fields */
3721 if (inp->sctp_ep.local_auth_chunks != NULL)
3722 sctp_free_chunklist(inp->sctp_ep.local_auth_chunks);
3723 if (inp->sctp_ep.local_hmacs != NULL)
3724 sctp_free_hmaclist(inp->sctp_ep.local_hmacs);
3725
3726 LIST_FOREACH_SAFE(shared_key, &inp->sctp_ep.shared_keys, next, nshared_key) {
3727 LIST_REMOVE(shared_key, next);
3728 sctp_free_sharedkey(shared_key);
3729 /* sa_ignore FREED_MEMORY */
3730 }
3731
3732 /*
3733 * if we have an address list the following will free the list of
3734 * ifaddr's that are set into this ep. Again macro limitations here,
3735 * since the LIST_FOREACH could be a bad idea.
3736 */
3737 LIST_FOREACH_SAFE(laddr, &inp->sctp_addr_list, sctp_nxt_addr, nladdr) {
3738 sctp_remove_laddr(laddr);
3739 }
3740
3741 #ifdef SCTP_TRACK_FREED_ASOCS
3742 /* TEMP CODE */
3743 LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_free_list, sctp_tcblist, nasoc) {
3744 LIST_REMOVE(asoc, sctp_tcblist);
3745 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), asoc);
3746 SCTP_DECR_ASOC_COUNT();
3747 }
3748 /* *** END TEMP CODE *** */
3749 #endif
3750 /* Now lets see about freeing the EP hash table. */
3751 if (inp->sctp_tcbhash != NULL) {
3752 SCTP_HASH_FREE(inp->sctp_tcbhash, inp->sctp_hashmark);
3753 inp->sctp_tcbhash = NULL;
3754 }
3755 /* Now we must put the ep memory back into the zone pool */
3756 INP_LOCK_DESTROY(&inp->ip_inp.inp);
3757 SCTP_INP_LOCK_DESTROY(inp);
3758 SCTP_INP_READ_DESTROY(inp);
3759 SCTP_ASOC_CREATE_LOCK_DESTROY(inp);
3760 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
3761 SCTP_DECR_EP_COUNT();
3762 }
3763
3764
3765 struct sctp_nets *
3766 sctp_findnet(struct sctp_tcb *stcb, struct sockaddr *addr)
3767 {
3768 struct sctp_nets *net;
3769
3770 /* locate the address */
3771 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
3772 if (sctp_cmpaddr(addr, (struct sockaddr *)&net->ro._l_addr))
3773 return (net);
3774 }
3775 return (NULL);
3776 }
3777
3778
3779 int
3780 sctp_is_address_on_local_host(struct sockaddr *addr, uint32_t vrf_id)
3781 {
3782 struct sctp_ifa *sctp_ifa;
3783
3784 sctp_ifa = sctp_find_ifa_by_addr(addr, vrf_id, SCTP_ADDR_NOT_LOCKED);
3785 if (sctp_ifa) {
3786 return (1);
3787 } else {
3788 return (0);
3789 }
3790 }
3791
3792 /*
3793 * add's a remote endpoint address, done with the INIT/INIT-ACK as well as
3794 * when a ASCONF arrives that adds it. It will also initialize all the cwnd
3795 * stats of stuff.
3796 */
3797 int
3798 sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr,
3799 struct sctp_nets **netp, int set_scope, int from)
3800 {
3801 /*
3802 * The following is redundant to the same lines in the
3803 * sctp_aloc_assoc() but is needed since others call the add address
3804 * function
3805 */
3806 struct sctp_nets *net, *netfirst;
3807 int addr_inscope;
3808
3809 SCTPDBG(SCTP_DEBUG_PCB1, "Adding an address (from:%d) to the peer: ",
3810 from);
3811 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, newaddr);
3812
3813 netfirst = sctp_findnet(stcb, newaddr);
3814 if (netfirst) {
3815 /*
3816 * Lie and return ok, we don't want to make the association
3817 * go away for this behavior. It will happen in the TCP
3818 * model in a connected socket. It does not reach the hash
3819 * table until after the association is built so it can't be
3820 * found. Mark as reachable, since the initial creation will
3821 * have been cleared and the NOT_IN_ASSOC flag will have
3822 * been added... and we don't want to end up removing it
3823 * back out.
3824 */
3825 if (netfirst->dest_state & SCTP_ADDR_UNCONFIRMED) {
3826 netfirst->dest_state = (SCTP_ADDR_REACHABLE |
3827 SCTP_ADDR_UNCONFIRMED);
3828 } else {
3829 netfirst->dest_state = SCTP_ADDR_REACHABLE;
3830 }
3831
3832 return (0);
3833 }
3834 addr_inscope = 1;
3835 switch (newaddr->sa_family) {
3836 #ifdef INET
3837 case AF_INET:
3838 {
3839 struct sockaddr_in *sin;
3840
3841 sin = (struct sockaddr_in *)newaddr;
3842 if (sin->sin_addr.s_addr == 0) {
3843 /* Invalid address */
3844 return (-1);
3845 }
3846 /* zero out the bzero area */
3847 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
3848
3849 /* assure len is set */
3850 sin->sin_len = sizeof(struct sockaddr_in);
3851 if (set_scope) {
3852 #ifdef SCTP_DONT_DO_PRIVADDR_SCOPE
3853 stcb->ipv4_local_scope = 1;
3854 #else
3855 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) {
3856 stcb->asoc.ipv4_local_scope = 1;
3857 }
3858 #endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */
3859 } else {
3860 /* Validate the address is in scope */
3861 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) &&
3862 (stcb->asoc.ipv4_local_scope == 0)) {
3863 addr_inscope = 0;
3864 }
3865 }
3866 break;
3867 }
3868 #endif
3869 #ifdef INET6
3870 case AF_INET6:
3871 {
3872 struct sockaddr_in6 *sin6;
3873
3874 sin6 = (struct sockaddr_in6 *)newaddr;
3875 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
3876 /* Invalid address */
3877 return (-1);
3878 }
3879 /* assure len is set */
3880 sin6->sin6_len = sizeof(struct sockaddr_in6);
3881 if (set_scope) {
3882 if (sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id)) {
3883 stcb->asoc.loopback_scope = 1;
3884 stcb->asoc.local_scope = 0;
3885 stcb->asoc.ipv4_local_scope = 1;
3886 stcb->asoc.site_scope = 1;
3887 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
3888 /*
3889 * If the new destination is a
3890 * LINK_LOCAL we must have common
3891 * site scope. Don't set the local
3892 * scope since we may not share all
3893 * links, only loopback can do this.
3894 * Links on the local network would
3895 * also be on our private network
3896 * for v4 too.
3897 */
3898 stcb->asoc.ipv4_local_scope = 1;
3899 stcb->asoc.site_scope = 1;
3900 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
3901 /*
3902 * If the new destination is
3903 * SITE_LOCAL then we must have site
3904 * scope in common.
3905 */
3906 stcb->asoc.site_scope = 1;
3907 }
3908 } else {
3909 /* Validate the address is in scope */
3910 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) &&
3911 (stcb->asoc.loopback_scope == 0)) {
3912 addr_inscope = 0;
3913 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) &&
3914 (stcb->asoc.local_scope == 0)) {
3915 addr_inscope = 0;
3916 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr) &&
3917 (stcb->asoc.site_scope == 0)) {
3918 addr_inscope = 0;
3919 }
3920 }
3921 break;
3922 }
3923 #endif
3924 default:
3925 /* not supported family type */
3926 return (-1);
3927 }
3928 net = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_net), struct sctp_nets);
3929 if (net == NULL) {
3930 return (-1);
3931 }
3932 SCTP_INCR_RADDR_COUNT();
3933 bzero(net, sizeof(struct sctp_nets));
3934 (void)SCTP_GETTIME_TIMEVAL(&net->start_time);
3935 memcpy(&net->ro._l_addr, newaddr, newaddr->sa_len);
3936 switch (newaddr->sa_family) {
3937 #ifdef INET
3938 case AF_INET:
3939 ((struct sockaddr_in *)&net->ro._l_addr)->sin_port = stcb->rport;
3940 break;
3941 #endif
3942 #ifdef INET6
3943 case AF_INET6:
3944 ((struct sockaddr_in6 *)&net->ro._l_addr)->sin6_port = stcb->rport;
3945 break;
3946 #endif
3947 default:
3948 break;
3949 }
3950 net->addr_is_local = sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id);
3951 if (net->addr_is_local && ((set_scope || (from == SCTP_ADDR_IS_CONFIRMED)))) {
3952 stcb->asoc.loopback_scope = 1;
3953 stcb->asoc.ipv4_local_scope = 1;
3954 stcb->asoc.local_scope = 0;
3955 stcb->asoc.site_scope = 1;
3956 addr_inscope = 1;
3957 }
3958 net->failure_threshold = stcb->asoc.def_net_failure;
3959 net->pf_threshold = stcb->asoc.def_net_pf_threshold;
3960 if (addr_inscope == 0) {
3961 net->dest_state = (SCTP_ADDR_REACHABLE |
3962 SCTP_ADDR_OUT_OF_SCOPE);
3963 } else {
3964 if (from == SCTP_ADDR_IS_CONFIRMED)
3965 /* SCTP_ADDR_IS_CONFIRMED is passed by connect_x */
3966 net->dest_state = SCTP_ADDR_REACHABLE;
3967 else
3968 net->dest_state = SCTP_ADDR_REACHABLE |
3969 SCTP_ADDR_UNCONFIRMED;
3970 }
3971 /*
3972 * We set this to 0, the timer code knows that this means its an
3973 * initial value
3974 */
3975 net->rto_needed = 1;
3976 net->RTO = 0;
3977 net->RTO_measured = 0;
3978 stcb->asoc.numnets++;
3979 net->ref_count = 1;
3980 net->cwr_window_tsn = net->last_cwr_tsn = stcb->asoc.sending_seq - 1;
3981 net->port = stcb->asoc.port;
3982 net->dscp = stcb->asoc.default_dscp;
3983 #ifdef INET6
3984 net->flowlabel = stcb->asoc.default_flowlabel;
3985 #endif
3986 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DONOT_HEARTBEAT)) {
3987 net->dest_state |= SCTP_ADDR_NOHB;
3988 } else {
3989 net->dest_state &= ~SCTP_ADDR_NOHB;
3990 }
3991 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DO_NOT_PMTUD)) {
3992 net->dest_state |= SCTP_ADDR_NO_PMTUD;
3993 } else {
3994 net->dest_state &= ~SCTP_ADDR_NO_PMTUD;
3995 }
3996 net->heart_beat_delay = stcb->asoc.heart_beat_delay;
3997 /* Init the timer structure */
3998 SCTP_OS_TIMER_INIT(&net->rxt_timer.timer);
3999 SCTP_OS_TIMER_INIT(&net->pmtu_timer.timer);
4000 SCTP_OS_TIMER_INIT(&net->hb_timer.timer);
4001
4002 /* Now generate a route for this guy */
4003 #ifdef INET6
4004 /* KAME hack: embed scopeid */
4005 if (newaddr->sa_family == AF_INET6) {
4006 struct sockaddr_in6 *sin6;
4007
4008 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
4009 (void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
4010 sin6->sin6_scope_id = 0;
4011 }
4012 #endif
4013 SCTP_RTALLOC((sctp_route_t *) & net->ro, stcb->asoc.vrf_id);
4014
4015 if (SCTP_ROUTE_HAS_VALID_IFN(&net->ro)) {
4016 /* Get source address */
4017 net->ro._s_addr = sctp_source_address_selection(stcb->sctp_ep,
4018 stcb,
4019 (sctp_route_t *) & net->ro,
4020 net,
4021 0,
4022 stcb->asoc.vrf_id);
4023 /* Now get the interface MTU */
4024 if (net->ro._s_addr && net->ro._s_addr->ifn_p) {
4025 net->mtu = SCTP_GATHER_MTU_FROM_INTFC(net->ro._s_addr->ifn_p);
4026 }
4027 if (net->mtu > 0) {
4028 uint32_t rmtu;
4029
4030 rmtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, net->ro.ro_rt);
4031 if (rmtu == 0) {
4032 /*
4033 * Start things off to match mtu of
4034 * interface please.
4035 */
4036 SCTP_SET_MTU_OF_ROUTE(&net->ro._l_addr.sa,
4037 net->ro.ro_rt, net->mtu);
4038 } else {
4039 /*
4040 * we take the route mtu over the interface,
4041 * since the route may be leading out the
4042 * loopback, or a different interface.
4043 */
4044 net->mtu = rmtu;
4045 }
4046 }
4047 }
4048 if (net->mtu == 0) {
4049 switch (newaddr->sa_family) {
4050 #ifdef INET
4051 case AF_INET:
4052 net->mtu = SCTP_DEFAULT_MTU;
4053 break;
4054 #endif
4055 #ifdef INET6
4056 case AF_INET6:
4057 net->mtu = 1280;
4058 break;
4059 #endif
4060 default:
4061 break;
4062 }
4063 }
4064 if (net->port) {
4065 net->mtu -= (uint32_t) sizeof(struct udphdr);
4066 }
4067 if (from == SCTP_ALLOC_ASOC) {
4068 stcb->asoc.smallest_mtu = net->mtu;
4069 }
4070 if (stcb->asoc.smallest_mtu > net->mtu) {
4071 stcb->asoc.smallest_mtu = net->mtu;
4072 }
4073 #ifdef INET6
4074 if (newaddr->sa_family == AF_INET6) {
4075 struct sockaddr_in6 *sin6;
4076
4077 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
4078 (void)sa6_recoverscope(sin6);
4079 }
4080 #endif
4081
4082 /* JRS - Use the congestion control given in the CC module */
4083 if (stcb->asoc.cc_functions.sctp_set_initial_cc_param != NULL)
4084 (*stcb->asoc.cc_functions.sctp_set_initial_cc_param) (stcb, net);
4085
4086 /*
4087 * CMT: CUC algo - set find_pseudo_cumack to TRUE (1) at beginning
4088 * of assoc (2005/06/27, iyengar@cis.udel.edu)
4089 */
4090 net->find_pseudo_cumack = 1;
4091 net->find_rtx_pseudo_cumack = 1;
4092 net->src_addr_selected = 0;
4093 /* Choose an initial flowid. */
4094 net->flowid = stcb->asoc.my_vtag ^
4095 ntohs(stcb->rport) ^
4096 ntohs(stcb->sctp_ep->sctp_lport);
4097 #ifdef INVARIANTS
4098 net->flowidset = 1;
4099 #endif
4100 if (netp) {
4101 *netp = net;
4102 }
4103 netfirst = TAILQ_FIRST(&stcb->asoc.nets);
4104 if (net->ro.ro_rt == NULL) {
4105 /* Since we have no route put it at the back */
4106 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next);
4107 } else if (netfirst == NULL) {
4108 /* We are the first one in the pool. */
4109 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
4110 } else if (netfirst->ro.ro_rt == NULL) {
4111 /*
4112 * First one has NO route. Place this one ahead of the first
4113 * one.
4114 */
4115 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
4116 } else if (net->ro.ro_rt->rt_ifp != netfirst->ro.ro_rt->rt_ifp) {
4117 /*
4118 * This one has a different interface than the one at the
4119 * top of the list. Place it ahead.
4120 */
4121 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
4122 } else {
4123 /*
4124 * Ok we have the same interface as the first one. Move
4125 * forward until we find either a) one with a NULL route...
4126 * insert ahead of that b) one with a different ifp.. insert
4127 * after that. c) end of the list.. insert at the tail.
4128 */
4129 struct sctp_nets *netlook;
4130
4131 do {
4132 netlook = TAILQ_NEXT(netfirst, sctp_next);
4133 if (netlook == NULL) {
4134 /* End of the list */
4135 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next);
4136 break;
4137 } else if (netlook->ro.ro_rt == NULL) {
4138 /* next one has NO route */
4139 TAILQ_INSERT_BEFORE(netfirst, net, sctp_next);
4140 break;
4141 } else if (netlook->ro.ro_rt->rt_ifp != net->ro.ro_rt->rt_ifp) {
4142 TAILQ_INSERT_AFTER(&stcb->asoc.nets, netlook,
4143 net, sctp_next);
4144 break;
4145 }
4146 /* Shift forward */
4147 netfirst = netlook;
4148 } while (netlook != NULL);
4149 }
4150
4151 /* got to have a primary set */
4152 if (stcb->asoc.primary_destination == 0) {
4153 stcb->asoc.primary_destination = net;
4154 } else if ((stcb->asoc.primary_destination->ro.ro_rt == NULL) &&
4155 (net->ro.ro_rt) &&
4156 ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) {
4157 /* No route to current primary adopt new primary */
4158 stcb->asoc.primary_destination = net;
4159 }
4160 /* Validate primary is first */
4161 net = TAILQ_FIRST(&stcb->asoc.nets);
4162 if ((net != stcb->asoc.primary_destination) &&
4163 (stcb->asoc.primary_destination)) {
4164 /*
4165 * first one on the list is NOT the primary sctp_cmpaddr()
4166 * is much more efficient if the primary is the first on the
4167 * list, make it so.
4168 */
4169 TAILQ_REMOVE(&stcb->asoc.nets,
4170 stcb->asoc.primary_destination, sctp_next);
4171 TAILQ_INSERT_HEAD(&stcb->asoc.nets,
4172 stcb->asoc.primary_destination, sctp_next);
4173 }
4174 return (0);
4175 }
4176
4177
4178 static uint32_t
4179 sctp_aloc_a_assoc_id(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
4180 {
4181 uint32_t id;
4182 struct sctpasochead *head;
4183 struct sctp_tcb *lstcb;
4184
4185 SCTP_INP_WLOCK(inp);
4186 try_again:
4187 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
4188 /* TSNH */
4189 SCTP_INP_WUNLOCK(inp);
4190 return (0);
4191 }
4192 /*
4193 * We don't allow assoc id to be one of SCTP_FUTURE_ASSOC,
4194 * SCTP_CURRENT_ASSOC and SCTP_ALL_ASSOC.
4195 */
4196 if (inp->sctp_associd_counter <= SCTP_ALL_ASSOC) {
4197 inp->sctp_associd_counter = SCTP_ALL_ASSOC + 1;
4198 }
4199 id = inp->sctp_associd_counter;
4200 inp->sctp_associd_counter++;
4201 lstcb = sctp_findasoc_ep_asocid_locked(inp, (sctp_assoc_t) id, 0);
4202 if (lstcb) {
4203 goto try_again;
4204 }
4205 head = &inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(id, inp->hashasocidmark)];
4206 LIST_INSERT_HEAD(head, stcb, sctp_tcbasocidhash);
4207 stcb->asoc.in_asocid_hash = 1;
4208 SCTP_INP_WUNLOCK(inp);
4209 return id;
4210 }
4211
4212 /*
4213 * allocate an association and add it to the endpoint. The caller must be
4214 * careful to add all additional addresses once they are know right away or
4215 * else the assoc will be may experience a blackout scenario.
4216 */
4217 struct sctp_tcb *
4218 sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
4219 int *error, uint32_t override_tag, uint32_t vrf_id,
4220 struct thread *p
4221 )
4222 {
4223 /* note the p argument is only valid in unbound sockets */
4224
4225 struct sctp_tcb *stcb;
4226 struct sctp_association *asoc;
4227 struct sctpasochead *head;
4228 uint16_t rport;
4229 int err;
4230
4231 /*
4232 * Assumption made here: Caller has done a
4233 * sctp_findassociation_ep_addr(ep, addr's); to make sure the
4234 * address does not exist already.
4235 */
4236 if (SCTP_BASE_INFO(ipi_count_asoc) >= SCTP_MAX_NUM_OF_ASOC) {
4237 /* Hit max assoc, sorry no more */
4238 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
4239 *error = ENOBUFS;
4240 return (NULL);
4241 }
4242 if (firstaddr == NULL) {
4243 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4244 *error = EINVAL;
4245 return (NULL);
4246 }
4247 SCTP_INP_RLOCK(inp);
4248 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) &&
4249 ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_PORTREUSE)) ||
4250 (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) {
4251 /*
4252 * If its in the TCP pool, its NOT allowed to create an
4253 * association. The parent listener needs to call
4254 * sctp_aloc_assoc.. or the one-2-many socket. If a peeled
4255 * off, or connected one does this.. its an error.
4256 */
4257 SCTP_INP_RUNLOCK(inp);
4258 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4259 *error = EINVAL;
4260 return (NULL);
4261 }
4262 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) ||
4263 (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)) {
4264 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) ||
4265 (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED)) {
4266 SCTP_INP_RUNLOCK(inp);
4267 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4268 *error = EINVAL;
4269 return (NULL);
4270 }
4271 }
4272 SCTPDBG(SCTP_DEBUG_PCB3, "Allocate an association for peer:");
4273 #ifdef SCTP_DEBUG
4274 if (firstaddr) {
4275 SCTPDBG_ADDR(SCTP_DEBUG_PCB3, firstaddr);
4276 switch (firstaddr->sa_family) {
4277 #ifdef INET
4278 case AF_INET:
4279 SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n",
4280 ntohs(((struct sockaddr_in *)firstaddr)->sin_port));
4281 break;
4282 #endif
4283 #ifdef INET6
4284 case AF_INET6:
4285 SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n",
4286 ntohs(((struct sockaddr_in6 *)firstaddr)->sin6_port));
4287 break;
4288 #endif
4289 default:
4290 break;
4291 }
4292 } else {
4293 SCTPDBG(SCTP_DEBUG_PCB3, "None\n");
4294 }
4295 #endif /* SCTP_DEBUG */
4296 switch (firstaddr->sa_family) {
4297 #ifdef INET
4298 case AF_INET:
4299 {
4300 struct sockaddr_in *sin;
4301
4302 sin = (struct sockaddr_in *)firstaddr;
4303 if ((ntohs(sin->sin_port) == 0) ||
4304 (sin->sin_addr.s_addr == INADDR_ANY) ||
4305 (sin->sin_addr.s_addr == INADDR_BROADCAST) ||
4306 IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) {
4307 /* Invalid address */
4308 SCTP_INP_RUNLOCK(inp);
4309 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4310 *error = EINVAL;
4311 return (NULL);
4312 }
4313 rport = sin->sin_port;
4314 break;
4315 }
4316 #endif
4317 #ifdef INET6
4318 case AF_INET6:
4319 {
4320 struct sockaddr_in6 *sin6;
4321
4322 sin6 = (struct sockaddr_in6 *)firstaddr;
4323 if ((ntohs(sin6->sin6_port) == 0) ||
4324 IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) ||
4325 IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
4326 /* Invalid address */
4327 SCTP_INP_RUNLOCK(inp);
4328 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4329 *error = EINVAL;
4330 return (NULL);
4331 }
4332 rport = sin6->sin6_port;
4333 break;
4334 }
4335 #endif
4336 default:
4337 /* not supported family type */
4338 SCTP_INP_RUNLOCK(inp);
4339 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4340 *error = EINVAL;
4341 return (NULL);
4342 }
4343 SCTP_INP_RUNLOCK(inp);
4344 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) {
4345 /*
4346 * If you have not performed a bind, then we need to do the
4347 * ephemeral bind for you.
4348 */
4349 if ((err = sctp_inpcb_bind(inp->sctp_socket,
4350 (struct sockaddr *)NULL,
4351 (struct sctp_ifa *)NULL,
4352 p
4353 ))) {
4354 /* bind error, probably perm */
4355 *error = err;
4356 return (NULL);
4357 }
4358 }
4359 stcb = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_asoc), struct sctp_tcb);
4360 if (stcb == NULL) {
4361 /* out of memory? */
4362 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM);
4363 *error = ENOMEM;
4364 return (NULL);
4365 }
4366 SCTP_INCR_ASOC_COUNT();
4367
4368 bzero(stcb, sizeof(*stcb));
4369 asoc = &stcb->asoc;
4370
4371 asoc->assoc_id = sctp_aloc_a_assoc_id(inp, stcb);
4372 SCTP_TCB_LOCK_INIT(stcb);
4373 SCTP_TCB_SEND_LOCK_INIT(stcb);
4374 stcb->rport = rport;
4375 /* setup back pointer's */
4376 stcb->sctp_ep = inp;
4377 stcb->sctp_socket = inp->sctp_socket;
4378 if ((err = sctp_init_asoc(inp, stcb, override_tag, vrf_id))) {
4379 /* failed */
4380 SCTP_TCB_LOCK_DESTROY(stcb);
4381 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
4382 LIST_REMOVE(stcb, sctp_tcbasocidhash);
4383 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
4384 SCTP_DECR_ASOC_COUNT();
4385 *error = err;
4386 return (NULL);
4387 }
4388 /* and the port */
4389 SCTP_INP_INFO_WLOCK();
4390 SCTP_INP_WLOCK(inp);
4391 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
4392 /* inpcb freed while alloc going on */
4393 SCTP_TCB_LOCK_DESTROY(stcb);
4394 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
4395 LIST_REMOVE(stcb, sctp_tcbasocidhash);
4396 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
4397 SCTP_INP_WUNLOCK(inp);
4398 SCTP_INP_INFO_WUNLOCK();
4399 SCTP_DECR_ASOC_COUNT();
4400 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4401 *error = EINVAL;
4402 return (NULL);
4403 }
4404 SCTP_TCB_LOCK(stcb);
4405
4406 /* now that my_vtag is set, add it to the hash */
4407 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))];
4408 /* put it in the bucket in the vtag hash of assoc's for the system */
4409 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
4410 SCTP_INP_INFO_WUNLOCK();
4411
4412 if ((err = sctp_add_remote_addr(stcb, firstaddr, NULL, SCTP_DO_SETSCOPE, SCTP_ALLOC_ASOC))) {
4413 /* failure.. memory error? */
4414 if (asoc->strmout) {
4415 SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
4416 asoc->strmout = NULL;
4417 }
4418 if (asoc->mapping_array) {
4419 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP);
4420 asoc->mapping_array = NULL;
4421 }
4422 if (asoc->nr_mapping_array) {
4423 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP);
4424 asoc->nr_mapping_array = NULL;
4425 }
4426 SCTP_DECR_ASOC_COUNT();
4427 SCTP_TCB_LOCK_DESTROY(stcb);
4428 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
4429 LIST_REMOVE(stcb, sctp_tcbasocidhash);
4430 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
4431 SCTP_INP_WUNLOCK(inp);
4432 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
4433 *error = ENOBUFS;
4434 return (NULL);
4435 }
4436 /* Init all the timers */
4437 SCTP_OS_TIMER_INIT(&asoc->dack_timer.timer);
4438 SCTP_OS_TIMER_INIT(&asoc->strreset_timer.timer);
4439 SCTP_OS_TIMER_INIT(&asoc->asconf_timer.timer);
4440 SCTP_OS_TIMER_INIT(&asoc->shut_guard_timer.timer);
4441 SCTP_OS_TIMER_INIT(&asoc->autoclose_timer.timer);
4442 SCTP_OS_TIMER_INIT(&asoc->delayed_event_timer.timer);
4443 SCTP_OS_TIMER_INIT(&asoc->delete_prim_timer.timer);
4444
4445 LIST_INSERT_HEAD(&inp->sctp_asoc_list, stcb, sctp_tcblist);
4446 /* now file the port under the hash as well */
4447 if (inp->sctp_tcbhash != NULL) {
4448 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(stcb->rport,
4449 inp->sctp_hashmark)];
4450 LIST_INSERT_HEAD(head, stcb, sctp_tcbhash);
4451 }
4452 SCTP_INP_WUNLOCK(inp);
4453 SCTPDBG(SCTP_DEBUG_PCB1, "Association %p now allocated\n", stcb);
4454 return (stcb);
4455 }
4456
4457
4458 void
4459 sctp_remove_net(struct sctp_tcb *stcb, struct sctp_nets *net)
4460 {
4461 struct sctp_association *asoc;
4462
4463 asoc = &stcb->asoc;
4464 asoc->numnets--;
4465 TAILQ_REMOVE(&asoc->nets, net, sctp_next);
4466 if (net == asoc->primary_destination) {
4467 /* Reset primary */
4468 struct sctp_nets *lnet;
4469
4470 lnet = TAILQ_FIRST(&asoc->nets);
4471 /*
4472 * Mobility adaptation Ideally, if deleted destination is
4473 * the primary, it becomes a fast retransmission trigger by
4474 * the subsequent SET PRIMARY. (by micchie)
4475 */
4476 if (sctp_is_mobility_feature_on(stcb->sctp_ep,
4477 SCTP_MOBILITY_BASE) ||
4478 sctp_is_mobility_feature_on(stcb->sctp_ep,
4479 SCTP_MOBILITY_FASTHANDOFF)) {
4480 SCTPDBG(SCTP_DEBUG_ASCONF1, "remove_net: primary dst is deleting\n");
4481 if (asoc->deleted_primary != NULL) {
4482 SCTPDBG(SCTP_DEBUG_ASCONF1, "remove_net: deleted primary may be already stored\n");
4483 goto out;
4484 }
4485 asoc->deleted_primary = net;
4486 atomic_add_int(&net->ref_count, 1);
4487 memset(&net->lastsa, 0, sizeof(net->lastsa));
4488 memset(&net->lastsv, 0, sizeof(net->lastsv));
4489 sctp_mobility_feature_on(stcb->sctp_ep,
4490 SCTP_MOBILITY_PRIM_DELETED);
4491 sctp_timer_start(SCTP_TIMER_TYPE_PRIM_DELETED,
4492 stcb->sctp_ep, stcb, NULL);
4493 }
4494 out:
4495 /* Try to find a confirmed primary */
4496 asoc->primary_destination = sctp_find_alternate_net(stcb, lnet, 0);
4497 }
4498 if (net == asoc->last_data_chunk_from) {
4499 /* Reset primary */
4500 asoc->last_data_chunk_from = TAILQ_FIRST(&asoc->nets);
4501 }
4502 if (net == asoc->last_control_chunk_from) {
4503 /* Clear net */
4504 asoc->last_control_chunk_from = NULL;
4505 }
4506 if (net == stcb->asoc.alternate) {
4507 sctp_free_remote_addr(stcb->asoc.alternate);
4508 stcb->asoc.alternate = NULL;
4509 }
4510 sctp_free_remote_addr(net);
4511 }
4512
4513 /*
4514 * remove a remote endpoint address from an association, it will fail if the
4515 * address does not exist.
4516 */
4517 int
4518 sctp_del_remote_addr(struct sctp_tcb *stcb, struct sockaddr *remaddr)
4519 {
4520 /*
4521 * Here we need to remove a remote address. This is quite simple, we
4522 * first find it in the list of address for the association
4523 * (tasoc->asoc.nets) and then if it is there, we do a LIST_REMOVE
4524 * on that item. Note we do not allow it to be removed if there are
4525 * no other addresses.
4526 */
4527 struct sctp_association *asoc;
4528 struct sctp_nets *net, *nnet;
4529
4530 asoc = &stcb->asoc;
4531
4532 /* locate the address */
4533 TAILQ_FOREACH_SAFE(net, &asoc->nets, sctp_next, nnet) {
4534 if (net->ro._l_addr.sa.sa_family != remaddr->sa_family) {
4535 continue;
4536 }
4537 if (sctp_cmpaddr((struct sockaddr *)&net->ro._l_addr,
4538 remaddr)) {
4539 /* we found the guy */
4540 if (asoc->numnets < 2) {
4541 /* Must have at LEAST two remote addresses */
4542 return (-1);
4543 } else {
4544 sctp_remove_net(stcb, net);
4545 return (0);
4546 }
4547 }
4548 }
4549 /* not found. */
4550 return (-2);
4551 }
4552
4553 void
4554 sctp_delete_from_timewait(uint32_t tag, uint16_t lport, uint16_t rport)
4555 {
4556 struct sctpvtaghead *chain;
4557 struct sctp_tagblock *twait_block;
4558 int found = 0;
4559 int i;
4560
4561 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
4562 if (!LIST_EMPTY(chain)) {
4563 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
4564 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
4565 if ((twait_block->vtag_block[i].v_tag == tag) &&
4566 (twait_block->vtag_block[i].lport == lport) &&
4567 (twait_block->vtag_block[i].rport == rport)) {
4568 twait_block->vtag_block[i].tv_sec_at_expire = 0;
4569 twait_block->vtag_block[i].v_tag = 0;
4570 twait_block->vtag_block[i].lport = 0;
4571 twait_block->vtag_block[i].rport = 0;
4572 found = 1;
4573 break;
4574 }
4575 }
4576 if (found)
4577 break;
4578 }
4579 }
4580 }
4581
4582 int
4583 sctp_is_in_timewait(uint32_t tag, uint16_t lport, uint16_t rport)
4584 {
4585 struct sctpvtaghead *chain;
4586 struct sctp_tagblock *twait_block;
4587 int found = 0;
4588 int i;
4589
4590 SCTP_INP_INFO_WLOCK();
4591 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
4592 if (!LIST_EMPTY(chain)) {
4593 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
4594 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
4595 if ((twait_block->vtag_block[i].v_tag == tag) &&
4596 (twait_block->vtag_block[i].lport == lport) &&
4597 (twait_block->vtag_block[i].rport == rport)) {
4598 found = 1;
4599 break;
4600 }
4601 }
4602 if (found)
4603 break;
4604 }
4605 }
4606 SCTP_INP_INFO_WUNLOCK();
4607 return (found);
4608 }
4609
4610
4611 void
4612 sctp_add_vtag_to_timewait(uint32_t tag, uint32_t time, uint16_t lport, uint16_t rport)
4613 {
4614 struct sctpvtaghead *chain;
4615 struct sctp_tagblock *twait_block;
4616 struct timeval now;
4617 int set, i;
4618
4619 if (time == 0) {
4620 /* Its disabled */
4621 return;
4622 }
4623 (void)SCTP_GETTIME_TIMEVAL(&now);
4624 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
4625 set = 0;
4626 if (!LIST_EMPTY(chain)) {
4627 /* Block(s) present, lets find space, and expire on the fly */
4628 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
4629 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
4630 if ((twait_block->vtag_block[i].v_tag == 0) &&
4631 !set) {
4632 twait_block->vtag_block[i].tv_sec_at_expire =
4633 now.tv_sec + time;
4634 twait_block->vtag_block[i].v_tag = tag;
4635 twait_block->vtag_block[i].lport = lport;
4636 twait_block->vtag_block[i].rport = rport;
4637 set = 1;
4638 } else if ((twait_block->vtag_block[i].v_tag) &&
4639 ((long)twait_block->vtag_block[i].tv_sec_at_expire < now.tv_sec)) {
4640 /* Audit expires this guy */
4641 twait_block->vtag_block[i].tv_sec_at_expire = 0;
4642 twait_block->vtag_block[i].v_tag = 0;
4643 twait_block->vtag_block[i].lport = 0;
4644 twait_block->vtag_block[i].rport = 0;
4645 if (set == 0) {
4646 /* Reuse it for my new tag */
4647 twait_block->vtag_block[i].tv_sec_at_expire = now.tv_sec + time;
4648 twait_block->vtag_block[i].v_tag = tag;
4649 twait_block->vtag_block[i].lport = lport;
4650 twait_block->vtag_block[i].rport = rport;
4651 set = 1;
4652 }
4653 }
4654 }
4655 if (set) {
4656 /*
4657 * We only do up to the block where we can
4658 * place our tag for audits
4659 */
4660 break;
4661 }
4662 }
4663 }
4664 /* Need to add a new block to chain */
4665 if (!set) {
4666 SCTP_MALLOC(twait_block, struct sctp_tagblock *,
4667 sizeof(struct sctp_tagblock), SCTP_M_TIMW);
4668 if (twait_block == NULL) {
4669 #ifdef INVARIANTS
4670 panic("Can not alloc tagblock");
4671 #endif
4672 return;
4673 }
4674 memset(twait_block, 0, sizeof(struct sctp_tagblock));
4675 LIST_INSERT_HEAD(chain, twait_block, sctp_nxt_tagblock);
4676 twait_block->vtag_block[0].tv_sec_at_expire = now.tv_sec + time;
4677 twait_block->vtag_block[0].v_tag = tag;
4678 twait_block->vtag_block[0].lport = lport;
4679 twait_block->vtag_block[0].rport = rport;
4680 }
4681 }
4682
4683
4684
4685 /*-
4686 * Free the association after un-hashing the remote port. This
4687 * function ALWAYS returns holding NO LOCK on the stcb. It DOES
4688 * expect that the input to this function IS a locked TCB.
4689 * It will return 0, if it did NOT destroy the association (instead
4690 * it unlocks it. It will return NON-zero if it either destroyed the
4691 * association OR the association is already destroyed.
4692 */
4693 int
4694 sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int from_inpcbfree, int from_location)
4695 {
4696 int i;
4697 struct sctp_association *asoc;
4698 struct sctp_nets *net, *nnet;
4699 struct sctp_laddr *laddr, *naddr;
4700 struct sctp_tmit_chunk *chk, *nchk;
4701 struct sctp_asconf_addr *aparam, *naparam;
4702 struct sctp_asconf_ack *aack, *naack;
4703 struct sctp_stream_reset_list *strrst, *nstrrst;
4704 struct sctp_queued_to_read *sq, *nsq;
4705 struct sctp_stream_queue_pending *sp, *nsp;
4706 sctp_sharedkey_t *shared_key, *nshared_key;
4707 struct socket *so;
4708
4709 /* first, lets purge the entry from the hash table. */
4710
4711 #ifdef SCTP_LOG_CLOSING
4712 sctp_log_closing(inp, stcb, 6);
4713 #endif
4714 if (stcb->asoc.state == 0) {
4715 #ifdef SCTP_LOG_CLOSING
4716 sctp_log_closing(inp, NULL, 7);
4717 #endif
4718 /* there is no asoc, really TSNH :-0 */
4719 return (1);
4720 }
4721 if (stcb->asoc.alternate) {
4722 sctp_free_remote_addr(stcb->asoc.alternate);
4723 stcb->asoc.alternate = NULL;
4724 }
4725 /* TEMP CODE */
4726 if (stcb->freed_from_where == 0) {
4727 /* Only record the first place free happened from */
4728 stcb->freed_from_where = from_location;
4729 }
4730 /* TEMP CODE */
4731
4732 asoc = &stcb->asoc;
4733 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
4734 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
4735 /* nothing around */
4736 so = NULL;
4737 else
4738 so = inp->sctp_socket;
4739
4740 /*
4741 * We used timer based freeing if a reader or writer is in the way.
4742 * So we first check if we are actually being called from a timer,
4743 * if so we abort early if a reader or writer is still in the way.
4744 */
4745 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) &&
4746 (from_inpcbfree == SCTP_NORMAL_PROC)) {
4747 /*
4748 * is it the timer driving us? if so are the reader/writers
4749 * gone?
4750 */
4751 if (stcb->asoc.refcnt) {
4752 /* nope, reader or writer in the way */
4753 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
4754 /* no asoc destroyed */
4755 SCTP_TCB_UNLOCK(stcb);
4756 #ifdef SCTP_LOG_CLOSING
4757 sctp_log_closing(inp, stcb, 8);
4758 #endif
4759 return (0);
4760 }
4761 }
4762 /* now clean up any other timers */
4763 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer);
4764 asoc->dack_timer.self = NULL;
4765 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer);
4766 /*-
4767 * For stream reset we don't blast this unless
4768 * it is a str-reset timer, it might be the
4769 * free-asoc timer which we DON'T want to
4770 * disturb.
4771 */
4772 if (asoc->strreset_timer.type == SCTP_TIMER_TYPE_STRRESET)
4773 asoc->strreset_timer.self = NULL;
4774 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer);
4775 asoc->asconf_timer.self = NULL;
4776 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer);
4777 asoc->autoclose_timer.self = NULL;
4778 (void)SCTP_OS_TIMER_STOP(&asoc->shut_guard_timer.timer);
4779 asoc->shut_guard_timer.self = NULL;
4780 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer);
4781 asoc->delayed_event_timer.self = NULL;
4782 /* Mobility adaptation */
4783 (void)SCTP_OS_TIMER_STOP(&asoc->delete_prim_timer.timer);
4784 asoc->delete_prim_timer.self = NULL;
4785 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4786 (void)SCTP_OS_TIMER_STOP(&net->rxt_timer.timer);
4787 net->rxt_timer.self = NULL;
4788 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer);
4789 net->pmtu_timer.self = NULL;
4790 (void)SCTP_OS_TIMER_STOP(&net->hb_timer.timer);
4791 net->hb_timer.self = NULL;
4792 }
4793 /* Now the read queue needs to be cleaned up (only once) */
4794 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0) {
4795 stcb->asoc.state |= SCTP_STATE_ABOUT_TO_BE_FREED;
4796 SCTP_INP_READ_LOCK(inp);
4797 TAILQ_FOREACH(sq, &inp->read_queue, next) {
4798 if (sq->stcb == stcb) {
4799 sq->do_not_ref_stcb = 1;
4800 sq->sinfo_cumtsn = stcb->asoc.cumulative_tsn;
4801 /*
4802 * If there is no end, there never will be
4803 * now.
4804 */
4805 if (sq->end_added == 0) {
4806 /* Held for PD-API clear that. */
4807 sq->pdapi_aborted = 1;
4808 sq->held_length = 0;
4809 if (sctp_stcb_is_feature_on(inp, stcb, SCTP_PCB_FLAGS_PDAPIEVNT) && (so != NULL)) {
4810 /*
4811 * Need to add a PD-API
4812 * aborted indication.
4813 * Setting the control_pdapi
4814 * assures that it will be
4815 * added right after this
4816 * msg.
4817 */
4818 uint32_t strseq;
4819
4820 stcb->asoc.control_pdapi = sq;
4821 strseq = (sq->sinfo_stream << 16) | sq->sinfo_ssn;
4822 sctp_ulp_notify(SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION,
4823 stcb,
4824 SCTP_PARTIAL_DELIVERY_ABORTED,
4825 (void *)&strseq,
4826 SCTP_SO_LOCKED);
4827 stcb->asoc.control_pdapi = NULL;
4828 }
4829 }
4830 /* Add an end to wake them */
4831 sq->end_added = 1;
4832 }
4833 }
4834 SCTP_INP_READ_UNLOCK(inp);
4835 if (stcb->block_entry) {
4836 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_PCB, ECONNRESET);
4837 stcb->block_entry->error = ECONNRESET;
4838 stcb->block_entry = NULL;
4839 }
4840 }
4841 if ((stcb->asoc.refcnt) || (stcb->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE)) {
4842 /*
4843 * Someone holds a reference OR the socket is unaccepted
4844 * yet.
4845 */
4846 if ((stcb->asoc.refcnt) ||
4847 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
4848 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) {
4849 stcb->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE;
4850 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
4851 }
4852 SCTP_TCB_UNLOCK(stcb);
4853 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
4854 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
4855 /* nothing around */
4856 so = NULL;
4857 if (so) {
4858 /* Wake any reader/writers */
4859 sctp_sorwakeup(inp, so);
4860 sctp_sowwakeup(inp, so);
4861 }
4862 #ifdef SCTP_LOG_CLOSING
4863 sctp_log_closing(inp, stcb, 9);
4864 #endif
4865 /* no asoc destroyed */
4866 return (0);
4867 }
4868 #ifdef SCTP_LOG_CLOSING
4869 sctp_log_closing(inp, stcb, 10);
4870 #endif
4871 /*
4872 * When I reach here, no others want to kill the assoc yet.. and I
4873 * own the lock. Now its possible an abort comes in when I do the
4874 * lock exchange below to grab all the locks to do the final take
4875 * out. to prevent this we increment the count, which will start a
4876 * timer and blow out above thus assuring us that we hold exclusive
4877 * killing of the asoc. Note that after getting back the TCB lock we
4878 * will go ahead and increment the counter back up and stop any
4879 * timer a passing stranger may have started :-S
4880 */
4881 if (from_inpcbfree == SCTP_NORMAL_PROC) {
4882 atomic_add_int(&stcb->asoc.refcnt, 1);
4883
4884 SCTP_TCB_UNLOCK(stcb);
4885 SCTP_INP_INFO_WLOCK();
4886 SCTP_INP_WLOCK(inp);
4887 SCTP_TCB_LOCK(stcb);
4888 }
4889 /* Double check the GONE flag */
4890 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
4891 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
4892 /* nothing around */
4893 so = NULL;
4894
4895 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
4896 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
4897 /*
4898 * For TCP type we need special handling when we are
4899 * connected. We also include the peel'ed off ones to.
4900 */
4901 if (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) {
4902 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CONNECTED;
4903 inp->sctp_flags |= SCTP_PCB_FLAGS_WAS_CONNECTED;
4904 if (so) {
4905 SOCK_LOCK(so);
4906 if (so->so_rcv.sb_cc == 0) {
4907 so->so_state &= ~(SS_ISCONNECTING |
4908 SS_ISDISCONNECTING |
4909 SS_ISCONFIRMING |
4910 SS_ISCONNECTED);
4911 }
4912 socantrcvmore_locked(so);
4913 sctp_sowwakeup(inp, so);
4914 sctp_sorwakeup(inp, so);
4915 SCTP_SOWAKEUP(so);
4916 }
4917 }
4918 }
4919 /*
4920 * Make it invalid too, that way if its about to run it will abort
4921 * and return.
4922 */
4923 /* re-increment the lock */
4924 if (from_inpcbfree == SCTP_NORMAL_PROC) {
4925 atomic_add_int(&stcb->asoc.refcnt, -1);
4926 }
4927 if (stcb->asoc.refcnt) {
4928 stcb->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE;
4929 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
4930 if (from_inpcbfree == SCTP_NORMAL_PROC) {
4931 SCTP_INP_INFO_WUNLOCK();
4932 SCTP_INP_WUNLOCK(inp);
4933 }
4934 SCTP_TCB_UNLOCK(stcb);
4935 return (0);
4936 }
4937 asoc->state = 0;
4938 if (inp->sctp_tcbhash) {
4939 LIST_REMOVE(stcb, sctp_tcbhash);
4940 }
4941 if (stcb->asoc.in_asocid_hash) {
4942 LIST_REMOVE(stcb, sctp_tcbasocidhash);
4943 }
4944 /* Now lets remove it from the list of ALL associations in the EP */
4945 LIST_REMOVE(stcb, sctp_tcblist);
4946 if (from_inpcbfree == SCTP_NORMAL_PROC) {
4947 SCTP_INP_INCR_REF(inp);
4948 SCTP_INP_WUNLOCK(inp);
4949 }
4950 /* pull from vtag hash */
4951 LIST_REMOVE(stcb, sctp_asocs);
4952 sctp_add_vtag_to_timewait(asoc->my_vtag, SCTP_BASE_SYSCTL(sctp_vtag_time_wait),
4953 inp->sctp_lport, stcb->rport);
4954
4955 /*
4956 * Now restop the timers to be sure this is paranoia at is finest!
4957 */
4958 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer);
4959 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer);
4960 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer);
4961 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer);
4962 (void)SCTP_OS_TIMER_STOP(&asoc->shut_guard_timer.timer);
4963 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer);
4964 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer);
4965 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
4966 (void)SCTP_OS_TIMER_STOP(&net->rxt_timer.timer);
4967 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer);
4968 (void)SCTP_OS_TIMER_STOP(&net->hb_timer.timer);
4969 }
4970
4971 asoc->strreset_timer.type = SCTP_TIMER_TYPE_NONE;
4972 /*
4973 * The chunk lists and such SHOULD be empty but we check them just
4974 * in case.
4975 */
4976 /* anything on the wheel needs to be removed */
4977 for (i = 0; i < asoc->streamoutcnt; i++) {
4978 struct sctp_stream_out *outs;
4979
4980 outs = &asoc->strmout[i];
4981 /* now clean up any chunks here */
4982 TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) {
4983 TAILQ_REMOVE(&outs->outqueue, sp, next);
4984 sctp_free_spbufspace(stcb, asoc, sp);
4985 if (sp->data) {
4986 if (so) {
4987 /* Still an open socket - report */
4988 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb,
4989 0, (void *)sp, SCTP_SO_LOCKED);
4990 }
4991 if (sp->data) {
4992 sctp_m_freem(sp->data);
4993 sp->data = NULL;
4994 sp->tail_mbuf = NULL;
4995 sp->length = 0;
4996 }
4997 }
4998 if (sp->net) {
4999 sctp_free_remote_addr(sp->net);
5000 sp->net = NULL;
5001 }
5002 sctp_free_a_strmoq(stcb, sp, SCTP_SO_LOCKED);
5003 }
5004 }
5005 /* sa_ignore FREED_MEMORY */
5006 TAILQ_FOREACH_SAFE(strrst, &asoc->resetHead, next_resp, nstrrst) {
5007 TAILQ_REMOVE(&asoc->resetHead, strrst, next_resp);
5008 SCTP_FREE(strrst, SCTP_M_STRESET);
5009 }
5010 TAILQ_FOREACH_SAFE(sq, &asoc->pending_reply_queue, next, nsq) {
5011 TAILQ_REMOVE(&asoc->pending_reply_queue, sq, next);
5012 if (sq->data) {
5013 sctp_m_freem(sq->data);
5014 sq->data = NULL;
5015 }
5016 sctp_free_remote_addr(sq->whoFrom);
5017 sq->whoFrom = NULL;
5018 sq->stcb = NULL;
5019 /* Free the ctl entry */
5020 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), sq);
5021 SCTP_DECR_READQ_COUNT();
5022 /* sa_ignore FREED_MEMORY */
5023 }
5024 TAILQ_FOREACH_SAFE(chk, &asoc->free_chunks, sctp_next, nchk) {
5025 TAILQ_REMOVE(&asoc->free_chunks, chk, sctp_next);
5026 if (chk->data) {
5027 sctp_m_freem(chk->data);
5028 chk->data = NULL;
5029 }
5030 if (chk->holds_key_ref)
5031 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
5032 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
5033 SCTP_DECR_CHK_COUNT();
5034 atomic_subtract_int(&SCTP_BASE_INFO(ipi_free_chunks), 1);
5035 asoc->free_chunk_cnt--;
5036 /* sa_ignore FREED_MEMORY */
5037 }
5038 /* pending send queue SHOULD be empty */
5039 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) {
5040 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next);
5041 if (chk->data) {
5042 if (so) {
5043 /* Still a socket? */
5044 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb,
5045 0, chk, SCTP_SO_LOCKED);
5046 }
5047 if (chk->data) {
5048 sctp_m_freem(chk->data);
5049 chk->data = NULL;
5050 }
5051 }
5052 if (chk->holds_key_ref)
5053 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
5054 if (chk->whoTo) {
5055 sctp_free_remote_addr(chk->whoTo);
5056 chk->whoTo = NULL;
5057 }
5058 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
5059 SCTP_DECR_CHK_COUNT();
5060 /* sa_ignore FREED_MEMORY */
5061 }
5062 /* sent queue SHOULD be empty */
5063 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) {
5064 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
5065 if (chk->data) {
5066 if (so) {
5067 /* Still a socket? */
5068 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb,
5069 0, chk, SCTP_SO_LOCKED);
5070 }
5071 if (chk->data) {
5072 sctp_m_freem(chk->data);
5073 chk->data = NULL;
5074 }
5075 }
5076 if (chk->holds_key_ref)
5077 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
5078 sctp_free_remote_addr(chk->whoTo);
5079 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
5080 SCTP_DECR_CHK_COUNT();
5081 /* sa_ignore FREED_MEMORY */
5082 }
5083 /* control queue MAY not be empty */
5084 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) {
5085 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
5086 if (chk->data) {
5087 sctp_m_freem(chk->data);
5088 chk->data = NULL;
5089 }
5090 if (chk->holds_key_ref)
5091 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
5092 sctp_free_remote_addr(chk->whoTo);
5093 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
5094 SCTP_DECR_CHK_COUNT();
5095 /* sa_ignore FREED_MEMORY */
5096 }
5097 /* ASCONF queue MAY not be empty */
5098 TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) {
5099 TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next);
5100 if (chk->data) {
5101 sctp_m_freem(chk->data);
5102 chk->data = NULL;
5103 }
5104 if (chk->holds_key_ref)
5105 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
5106 sctp_free_remote_addr(chk->whoTo);
5107 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
5108 SCTP_DECR_CHK_COUNT();
5109 /* sa_ignore FREED_MEMORY */
5110 }
5111 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
5112 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
5113 if (chk->data) {
5114 sctp_m_freem(chk->data);
5115 chk->data = NULL;
5116 }
5117 if (chk->holds_key_ref)
5118 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
5119 sctp_free_remote_addr(chk->whoTo);
5120 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
5121 SCTP_DECR_CHK_COUNT();
5122 /* sa_ignore FREED_MEMORY */
5123 }
5124
5125 if (asoc->mapping_array) {
5126 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP);
5127 asoc->mapping_array = NULL;
5128 }
5129 if (asoc->nr_mapping_array) {
5130 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP);
5131 asoc->nr_mapping_array = NULL;
5132 }
5133 /* the stream outs */
5134 if (asoc->strmout) {
5135 SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
5136 asoc->strmout = NULL;
5137 }
5138 asoc->strm_realoutsize = asoc->streamoutcnt = 0;
5139 if (asoc->strmin) {
5140 struct sctp_queued_to_read *ctl, *nctl;
5141
5142 for (i = 0; i < asoc->streamincnt; i++) {
5143 TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[i].inqueue, next, nctl) {
5144 TAILQ_REMOVE(&asoc->strmin[i].inqueue, ctl, next);
5145 sctp_free_remote_addr(ctl->whoFrom);
5146 if (ctl->data) {
5147 sctp_m_freem(ctl->data);
5148 ctl->data = NULL;
5149 }
5150 /*
5151 * We don't free the address here since all
5152 * the net's were freed above.
5153 */
5154 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), ctl);
5155 SCTP_DECR_READQ_COUNT();
5156 }
5157 }
5158 SCTP_FREE(asoc->strmin, SCTP_M_STRMI);
5159 asoc->strmin = NULL;
5160 }
5161 asoc->streamincnt = 0;
5162 TAILQ_FOREACH_SAFE(net, &asoc->nets, sctp_next, nnet) {
5163 #ifdef INVARIANTS
5164 if (SCTP_BASE_INFO(ipi_count_raddr) == 0) {
5165 panic("no net's left alloc'ed, or list points to itself");
5166 }
5167 #endif
5168 TAILQ_REMOVE(&asoc->nets, net, sctp_next);
5169 sctp_free_remote_addr(net);
5170 }
5171 LIST_FOREACH_SAFE(laddr, &asoc->sctp_restricted_addrs, sctp_nxt_addr, naddr) {
5172 /* sa_ignore FREED_MEMORY */
5173 sctp_remove_laddr(laddr);
5174 }
5175
5176 /* pending asconf (address) parameters */
5177 TAILQ_FOREACH_SAFE(aparam, &asoc->asconf_queue, next, naparam) {
5178 /* sa_ignore FREED_MEMORY */
5179 TAILQ_REMOVE(&asoc->asconf_queue, aparam, next);
5180 SCTP_FREE(aparam, SCTP_M_ASC_ADDR);
5181 }
5182 TAILQ_FOREACH_SAFE(aack, &asoc->asconf_ack_sent, next, naack) {
5183 /* sa_ignore FREED_MEMORY */
5184 TAILQ_REMOVE(&asoc->asconf_ack_sent, aack, next);
5185 if (aack->data != NULL) {
5186 sctp_m_freem(aack->data);
5187 }
5188 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asconf_ack), aack);
5189 }
5190 /* clean up auth stuff */
5191 if (asoc->local_hmacs)
5192 sctp_free_hmaclist(asoc->local_hmacs);
5193 if (asoc->peer_hmacs)
5194 sctp_free_hmaclist(asoc->peer_hmacs);
5195
5196 if (asoc->local_auth_chunks)
5197 sctp_free_chunklist(asoc->local_auth_chunks);
5198 if (asoc->peer_auth_chunks)
5199 sctp_free_chunklist(asoc->peer_auth_chunks);
5200
5201 sctp_free_authinfo(&asoc->authinfo);
5202
5203 LIST_FOREACH_SAFE(shared_key, &asoc->shared_keys, next, nshared_key) {
5204 LIST_REMOVE(shared_key, next);
5205 sctp_free_sharedkey(shared_key);
5206 /* sa_ignore FREED_MEMORY */
5207 }
5208
5209 /* Insert new items here :> */
5210
5211 /* Get rid of LOCK */
5212 SCTP_TCB_LOCK_DESTROY(stcb);
5213 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
5214 if (from_inpcbfree == SCTP_NORMAL_PROC) {
5215 SCTP_INP_INFO_WUNLOCK();
5216 SCTP_INP_RLOCK(inp);
5217 }
5218 #ifdef SCTP_TRACK_FREED_ASOCS
5219 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
5220 /* now clean up the tasoc itself */
5221 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
5222 SCTP_DECR_ASOC_COUNT();
5223 } else {
5224 LIST_INSERT_HEAD(&inp->sctp_asoc_free_list, stcb, sctp_tcblist);
5225 }
5226 #else
5227 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
5228 SCTP_DECR_ASOC_COUNT();
5229 #endif
5230 if (from_inpcbfree == SCTP_NORMAL_PROC) {
5231 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
5232 /*
5233 * If its NOT the inp_free calling us AND sctp_close
5234 * as been called, we call back...
5235 */
5236 SCTP_INP_RUNLOCK(inp);
5237 /*
5238 * This will start the kill timer (if we are the
5239 * last one) since we hold an increment yet. But
5240 * this is the only safe way to do this since
5241 * otherwise if the socket closes at the same time
5242 * we are here we might collide in the cleanup.
5243 */
5244 sctp_inpcb_free(inp,
5245 SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE,
5246 SCTP_CALLED_DIRECTLY_NOCMPSET);
5247 SCTP_INP_DECR_REF(inp);
5248 goto out_of;
5249 } else {
5250 /* The socket is still open. */
5251 SCTP_INP_DECR_REF(inp);
5252 }
5253 }
5254 if (from_inpcbfree == SCTP_NORMAL_PROC) {
5255 SCTP_INP_RUNLOCK(inp);
5256 }
5257 out_of:
5258 /* destroyed the asoc */
5259 #ifdef SCTP_LOG_CLOSING
5260 sctp_log_closing(inp, NULL, 11);
5261 #endif
5262 return (1);
5263 }
5264
5265
5266
5267 /*
5268 * determine if a destination is "reachable" based upon the addresses bound
5269 * to the current endpoint (e.g. only v4 or v6 currently bound)
5270 */
5271 /*
5272 * FIX: if we allow assoc-level bindx(), then this needs to be fixed to use
5273 * assoc level v4/v6 flags, as the assoc *may* not have the same address
5274 * types bound as its endpoint
5275 */
5276 int
5277 sctp_destination_is_reachable(struct sctp_tcb *stcb, struct sockaddr *destaddr)
5278 {
5279 struct sctp_inpcb *inp;
5280 int answer;
5281
5282 /*
5283 * No locks here, the TCB, in all cases is already locked and an
5284 * assoc is up. There is either a INP lock by the caller applied (in
5285 * asconf case when deleting an address) or NOT in the HB case,
5286 * however if HB then the INP increment is up and the INP will not
5287 * be removed (on top of the fact that we have a TCB lock). So we
5288 * only want to read the sctp_flags, which is either bound-all or
5289 * not.. no protection needed since once an assoc is up you can't be
5290 * changing your binding.
5291 */
5292 inp = stcb->sctp_ep;
5293 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
5294 /* if bound all, destination is not restricted */
5295 /*
5296 * RRS: Question during lock work: Is this correct? If you
5297 * are bound-all you still might need to obey the V4--V6
5298 * flags??? IMO this bound-all stuff needs to be removed!
5299 */
5300 return (1);
5301 }
5302 /* NOTE: all "scope" checks are done when local addresses are added */
5303 switch (destaddr->sa_family) {
5304 #ifdef INET6
5305 case AF_INET6:
5306 answer = inp->ip_inp.inp.inp_vflag & INP_IPV6;
5307 break;
5308 #endif
5309 #ifdef INET
5310 case AF_INET:
5311 answer = inp->ip_inp.inp.inp_vflag & INP_IPV4;
5312 break;
5313 #endif
5314 default:
5315 /* invalid family, so it's unreachable */
5316 answer = 0;
5317 break;
5318 }
5319 return (answer);
5320 }
5321
5322 /*
5323 * update the inp_vflags on an endpoint
5324 */
5325 static void
5326 sctp_update_ep_vflag(struct sctp_inpcb *inp)
5327 {
5328 struct sctp_laddr *laddr;
5329
5330 /* first clear the flag */
5331 inp->ip_inp.inp.inp_vflag = 0;
5332 /* set the flag based on addresses on the ep list */
5333 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
5334 if (laddr->ifa == NULL) {
5335 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n",
5336 __FUNCTION__);
5337 continue;
5338 }
5339 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
5340 continue;
5341 }
5342 switch (laddr->ifa->address.sa.sa_family) {
5343 #ifdef INET6
5344 case AF_INET6:
5345 inp->ip_inp.inp.inp_vflag |= INP_IPV6;
5346 break;
5347 #endif
5348 #ifdef INET
5349 case AF_INET:
5350 inp->ip_inp.inp.inp_vflag |= INP_IPV4;
5351 break;
5352 #endif
5353 default:
5354 break;
5355 }
5356 }
5357 }
5358
5359 /*
5360 * Add the address to the endpoint local address list There is nothing to be
5361 * done if we are bound to all addresses
5362 */
5363 void
5364 sctp_add_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa, uint32_t action)
5365 {
5366 struct sctp_laddr *laddr;
5367 int fnd, error = 0;
5368
5369 fnd = 0;
5370
5371 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
5372 /* You are already bound to all. You have it already */
5373 return;
5374 }
5375 #ifdef INET6
5376 if (ifa->address.sa.sa_family == AF_INET6) {
5377 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
5378 /* Can't bind a non-useable addr. */
5379 return;
5380 }
5381 }
5382 #endif
5383 /* first, is it already present? */
5384 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
5385 if (laddr->ifa == ifa) {
5386 fnd = 1;
5387 break;
5388 }
5389 }
5390
5391 if (fnd == 0) {
5392 /* Not in the ep list */
5393 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, action);
5394 if (error != 0)
5395 return;
5396 inp->laddr_count++;
5397 /* update inp_vflag flags */
5398 switch (ifa->address.sa.sa_family) {
5399 #ifdef INET6
5400 case AF_INET6:
5401 inp->ip_inp.inp.inp_vflag |= INP_IPV6;
5402 break;
5403 #endif
5404 #ifdef INET
5405 case AF_INET:
5406 inp->ip_inp.inp.inp_vflag |= INP_IPV4;
5407 break;
5408 #endif
5409 default:
5410 break;
5411 }
5412 }
5413 return;
5414 }
5415
5416
5417 /*
5418 * select a new (hopefully reachable) destination net (should only be used
5419 * when we deleted an ep addr that is the only usable source address to reach
5420 * the destination net)
5421 */
5422 static void
5423 sctp_select_primary_destination(struct sctp_tcb *stcb)
5424 {
5425 struct sctp_nets *net;
5426
5427 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
5428 /* for now, we'll just pick the first reachable one we find */
5429 if (net->dest_state & SCTP_ADDR_UNCONFIRMED)
5430 continue;
5431 if (sctp_destination_is_reachable(stcb,
5432 (struct sockaddr *)&net->ro._l_addr)) {
5433 /* found a reachable destination */
5434 stcb->asoc.primary_destination = net;
5435 }
5436 }
5437 /* I can't there from here! ...we're gonna die shortly... */
5438 }
5439
5440
5441 /*
5442 * Delete the address from the endpoint local address list There is nothing
5443 * to be done if we are bound to all addresses
5444 */
5445 void
5446 sctp_del_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa)
5447 {
5448 struct sctp_laddr *laddr;
5449 int fnd;
5450
5451 fnd = 0;
5452 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
5453 /* You are already bound to all. You have it already */
5454 return;
5455 }
5456 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
5457 if (laddr->ifa == ifa) {
5458 fnd = 1;
5459 break;
5460 }
5461 }
5462 if (fnd && (inp->laddr_count < 2)) {
5463 /* can't delete unless there are at LEAST 2 addresses */
5464 return;
5465 }
5466 if (fnd) {
5467 /*
5468 * clean up any use of this address go through our
5469 * associations and clear any last_used_address that match
5470 * this one for each assoc, see if a new primary_destination
5471 * is needed
5472 */
5473 struct sctp_tcb *stcb;
5474
5475 /* clean up "next_addr_touse" */
5476 if (inp->next_addr_touse == laddr)
5477 /* delete this address */
5478 inp->next_addr_touse = NULL;
5479
5480 /* clean up "last_used_address" */
5481 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
5482 struct sctp_nets *net;
5483
5484 SCTP_TCB_LOCK(stcb);
5485 if (stcb->asoc.last_used_address == laddr)
5486 /* delete this address */
5487 stcb->asoc.last_used_address = NULL;
5488 /*
5489 * Now spin through all the nets and purge any ref
5490 * to laddr
5491 */
5492 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
5493 if (net->ro._s_addr &&
5494 (net->ro._s_addr->ifa == laddr->ifa)) {
5495 /* Yep, purge src address selected */
5496 sctp_rtentry_t *rt;
5497
5498 /* delete this address if cached */
5499 rt = net->ro.ro_rt;
5500 if (rt != NULL) {
5501 RTFREE(rt);
5502 net->ro.ro_rt = NULL;
5503 }
5504 sctp_free_ifa(net->ro._s_addr);
5505 net->ro._s_addr = NULL;
5506 net->src_addr_selected = 0;
5507 }
5508 }
5509 SCTP_TCB_UNLOCK(stcb);
5510 } /* for each tcb */
5511 /* remove it from the ep list */
5512 sctp_remove_laddr(laddr);
5513 inp->laddr_count--;
5514 /* update inp_vflag flags */
5515 sctp_update_ep_vflag(inp);
5516 }
5517 return;
5518 }
5519
5520 /*
5521 * Add the address to the TCB local address restricted list.
5522 * This is a "pending" address list (eg. addresses waiting for an
5523 * ASCONF-ACK response) and cannot be used as a valid source address.
5524 */
5525 void
5526 sctp_add_local_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa)
5527 {
5528 struct sctp_laddr *laddr;
5529 struct sctpladdr *list;
5530
5531 /*
5532 * Assumes TCB is locked.. and possibly the INP. May need to
5533 * confirm/fix that if we need it and is not the case.
5534 */
5535 list = &stcb->asoc.sctp_restricted_addrs;
5536
5537 #ifdef INET6
5538 if (ifa->address.sa.sa_family == AF_INET6) {
5539 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
5540 /* Can't bind a non-existent addr. */
5541 return;
5542 }
5543 }
5544 #endif
5545 /* does the address already exist? */
5546 LIST_FOREACH(laddr, list, sctp_nxt_addr) {
5547 if (laddr->ifa == ifa) {
5548 return;
5549 }
5550 }
5551
5552 /* add to the list */
5553 (void)sctp_insert_laddr(list, ifa, 0);
5554 return;
5555 }
5556
5557 /*
5558 * insert an laddr entry with the given ifa for the desired list
5559 */
5560 int
5561 sctp_insert_laddr(struct sctpladdr *list, struct sctp_ifa *ifa, uint32_t act)
5562 {
5563 struct sctp_laddr *laddr;
5564
5565 laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
5566 if (laddr == NULL) {
5567 /* out of memory? */
5568 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
5569 return (EINVAL);
5570 }
5571 SCTP_INCR_LADDR_COUNT();
5572 bzero(laddr, sizeof(*laddr));
5573 (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time);
5574 laddr->ifa = ifa;
5575 laddr->action = act;
5576 atomic_add_int(&ifa->refcount, 1);
5577 /* insert it */
5578 LIST_INSERT_HEAD(list, laddr, sctp_nxt_addr);
5579
5580 return (0);
5581 }
5582
5583 /*
5584 * Remove an laddr entry from the local address list (on an assoc)
5585 */
5586 void
5587 sctp_remove_laddr(struct sctp_laddr *laddr)
5588 {
5589
5590 /* remove from the list */
5591 LIST_REMOVE(laddr, sctp_nxt_addr);
5592 sctp_free_ifa(laddr->ifa);
5593 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), laddr);
5594 SCTP_DECR_LADDR_COUNT();
5595 }
5596
5597 /*
5598 * Remove a local address from the TCB local address restricted list
5599 */
5600 void
5601 sctp_del_local_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa)
5602 {
5603 struct sctp_inpcb *inp;
5604 struct sctp_laddr *laddr;
5605
5606 /*
5607 * This is called by asconf work. It is assumed that a) The TCB is
5608 * locked and b) The INP is locked. This is true in as much as I can
5609 * trace through the entry asconf code where I did these locks.
5610 * Again, the ASCONF code is a bit different in that it does lock
5611 * the INP during its work often times. This must be since we don't
5612 * want other proc's looking up things while what they are looking
5613 * up is changing :-D
5614 */
5615
5616 inp = stcb->sctp_ep;
5617 /* if subset bound and don't allow ASCONF's, can't delete last */
5618 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) &&
5619 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF)) {
5620 if (stcb->sctp_ep->laddr_count < 2) {
5621 /* can't delete last address */
5622 return;
5623 }
5624 }
5625 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) {
5626 /* remove the address if it exists */
5627 if (laddr->ifa == NULL)
5628 continue;
5629 if (laddr->ifa == ifa) {
5630 sctp_remove_laddr(laddr);
5631 return;
5632 }
5633 }
5634
5635 /* address not found! */
5636 return;
5637 }
5638
5639 /*
5640 * Temporarily remove for __APPLE__ until we use the Tiger equivalents
5641 */
5642 /* sysctl */
5643 static int sctp_max_number_of_assoc = SCTP_MAX_NUM_OF_ASOC;
5644 static int sctp_scale_up_for_address = SCTP_SCALE_FOR_ADDR;
5645
5646
5647
5648 #if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP)
5649 struct sctp_mcore_ctrl *sctp_mcore_workers = NULL;
5650 int *sctp_cpuarry = NULL;
5651 void
5652 sctp_queue_to_mcore(struct mbuf *m, int off, int cpu_to_use)
5653 {
5654 /* Queue a packet to a processor for the specified core */
5655 struct sctp_mcore_queue *qent;
5656 struct sctp_mcore_ctrl *wkq;
5657 int need_wake = 0;
5658
5659 if (sctp_mcore_workers == NULL) {
5660 /* Something went way bad during setup */
5661 sctp_input_with_port(m, off, 0);
5662 return;
5663 }
5664 SCTP_MALLOC(qent, struct sctp_mcore_queue *,
5665 (sizeof(struct sctp_mcore_queue)),
5666 SCTP_M_MCORE);
5667 if (qent == NULL) {
5668 /* This is trouble */
5669 sctp_input_with_port(m, off, 0);
5670 return;
5671 }
5672 qent->vn = curvnet;
5673 qent->m = m;
5674 qent->off = off;
5675 qent->v6 = 0;
5676 wkq = &sctp_mcore_workers[cpu_to_use];
5677 SCTP_MCORE_QLOCK(wkq);
5678
5679 TAILQ_INSERT_TAIL(&wkq->que, qent, next);
5680 if (wkq->running == 0) {
5681 need_wake = 1;
5682 }
5683 SCTP_MCORE_QUNLOCK(wkq);
5684 if (need_wake) {
5685 wakeup(&wkq->running);
5686 }
5687 }
5688
5689 static void
5690 sctp_mcore_thread(void *arg)
5691 {
5692
5693 struct sctp_mcore_ctrl *wkq;
5694 struct sctp_mcore_queue *qent;
5695
5696 wkq = (struct sctp_mcore_ctrl *)arg;
5697 struct mbuf *m;
5698 int off, v6;
5699
5700 /* Wait for first tickle */
5701 SCTP_MCORE_LOCK(wkq);
5702 wkq->running = 0;
5703 msleep(&wkq->running,
5704 &wkq->core_mtx,
5705 0, "wait for pkt", 0);
5706 SCTP_MCORE_UNLOCK(wkq);
5707
5708 /* Bind to our cpu */
5709 thread_lock(curthread);
5710 sched_bind(curthread, wkq->cpuid);
5711 thread_unlock(curthread);
5712
5713 /* Now lets start working */
5714 SCTP_MCORE_LOCK(wkq);
5715 /* Now grab lock and go */
5716 for (;;) {
5717 SCTP_MCORE_QLOCK(wkq);
5718 skip_sleep:
5719 wkq->running = 1;
5720 qent = TAILQ_FIRST(&wkq->que);
5721 if (qent) {
5722 TAILQ_REMOVE(&wkq->que, qent, next);
5723 SCTP_MCORE_QUNLOCK(wkq);
5724 CURVNET_SET(qent->vn);
5725 m = qent->m;
5726 off = qent->off;
5727 v6 = qent->v6;
5728 SCTP_FREE(qent, SCTP_M_MCORE);
5729 if (v6 == 0) {
5730 sctp_input_with_port(m, off, 0);
5731 } else {
5732 SCTP_PRINTF("V6 not yet supported\n");
5733 sctp_m_freem(m);
5734 }
5735 CURVNET_RESTORE();
5736 SCTP_MCORE_QLOCK(wkq);
5737 }
5738 wkq->running = 0;
5739 if (!TAILQ_EMPTY(&wkq->que)) {
5740 goto skip_sleep;
5741 }
5742 SCTP_MCORE_QUNLOCK(wkq);
5743 msleep(&wkq->running,
5744 &wkq->core_mtx,
5745 0, "wait for pkt", 0);
5746 }
5747 }
5748
5749 static void
5750 sctp_startup_mcore_threads(void)
5751 {
5752 int i, cpu;
5753
5754 if (mp_ncpus == 1)
5755 return;
5756
5757 if (sctp_mcore_workers != NULL) {
5758 /*
5759 * Already been here in some previous vnet?
5760 */
5761 return;
5762 }
5763 SCTP_MALLOC(sctp_mcore_workers, struct sctp_mcore_ctrl *,
5764 ((mp_maxid + 1) * sizeof(struct sctp_mcore_ctrl)),
5765 SCTP_M_MCORE);
5766 if (sctp_mcore_workers == NULL) {
5767 /* TSNH I hope */
5768 return;
5769 }
5770 memset(sctp_mcore_workers, 0, ((mp_maxid + 1) *
5771 sizeof(struct sctp_mcore_ctrl)));
5772 /* Init the structures */
5773 for (i = 0; i <= mp_maxid; i++) {
5774 TAILQ_INIT(&sctp_mcore_workers[i].que);
5775 SCTP_MCORE_LOCK_INIT(&sctp_mcore_workers[i]);
5776 SCTP_MCORE_QLOCK_INIT(&sctp_mcore_workers[i]);
5777 sctp_mcore_workers[i].cpuid = i;
5778 }
5779 if (sctp_cpuarry == NULL) {
5780 SCTP_MALLOC(sctp_cpuarry, int *,
5781 (mp_ncpus * sizeof(int)),
5782 SCTP_M_MCORE);
5783 i = 0;
5784 CPU_FOREACH(cpu) {
5785 sctp_cpuarry[i] = cpu;
5786 i++;
5787 }
5788 }
5789 /* Now start them all */
5790 CPU_FOREACH(cpu) {
5791 (void)kproc_create(sctp_mcore_thread,
5792 (void *)&sctp_mcore_workers[cpu],
5793 &sctp_mcore_workers[cpu].thread_proc,
5794 RFPROC,
5795 SCTP_KTHREAD_PAGES,
5796 SCTP_MCORE_NAME);
5797
5798 }
5799 }
5800
5801 #endif
5802
5803 void
5804 sctp_pcb_init()
5805 {
5806 /*
5807 * SCTP initialization for the PCB structures should be called by
5808 * the sctp_init() funciton.
5809 */
5810 int i;
5811 struct timeval tv;
5812
5813 if (SCTP_BASE_VAR(sctp_pcb_initialized) != 0) {
5814 /* error I was called twice */
5815 return;
5816 }
5817 SCTP_BASE_VAR(sctp_pcb_initialized) = 1;
5818
5819 #if defined(SCTP_LOCAL_TRACE_BUF)
5820 bzero(&SCTP_BASE_SYSCTL(sctp_log), sizeof(struct sctp_log));
5821 #endif
5822 #if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT)
5823 SCTP_MALLOC(SCTP_BASE_STATS, struct sctpstat *,
5824 ((mp_maxid + 1) * sizeof(struct sctpstat)),
5825 SCTP_M_MCORE);
5826 #endif
5827 (void)SCTP_GETTIME_TIMEVAL(&tv);
5828 #if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT)
5829 bzero(SCTP_BASE_STATS, (sizeof(struct sctpstat) * (mp_maxid + 1)));
5830 SCTP_BASE_STATS[PCPU_GET(cpuid)].sctps_discontinuitytime.tv_sec = (uint32_t) tv.tv_sec;
5831 SCTP_BASE_STATS[PCPU_GET(cpuid)].sctps_discontinuitytime.tv_usec = (uint32_t) tv.tv_usec;
5832 #else
5833 bzero(&SCTP_BASE_STATS, sizeof(struct sctpstat));
5834 SCTP_BASE_STAT(sctps_discontinuitytime).tv_sec = (uint32_t) tv.tv_sec;
5835 SCTP_BASE_STAT(sctps_discontinuitytime).tv_usec = (uint32_t) tv.tv_usec;
5836 #endif
5837 /* init the empty list of (All) Endpoints */
5838 LIST_INIT(&SCTP_BASE_INFO(listhead));
5839
5840
5841 /* init the hash table of endpoints */
5842 TUNABLE_INT_FETCH("net.inet.sctp.tcbhashsize", &SCTP_BASE_SYSCTL(sctp_hashtblsize));
5843 TUNABLE_INT_FETCH("net.inet.sctp.pcbhashsize", &SCTP_BASE_SYSCTL(sctp_pcbtblsize));
5844 TUNABLE_INT_FETCH("net.inet.sctp.chunkscale", &SCTP_BASE_SYSCTL(sctp_chunkscale));
5845 SCTP_BASE_INFO(sctp_asochash) = SCTP_HASH_INIT((SCTP_BASE_SYSCTL(sctp_hashtblsize) * 31),
5846 &SCTP_BASE_INFO(hashasocmark));
5847 SCTP_BASE_INFO(sctp_ephash) = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_hashtblsize),
5848 &SCTP_BASE_INFO(hashmark));
5849 SCTP_BASE_INFO(sctp_tcpephash) = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_hashtblsize),
5850 &SCTP_BASE_INFO(hashtcpmark));
5851 SCTP_BASE_INFO(hashtblsize) = SCTP_BASE_SYSCTL(sctp_hashtblsize);
5852
5853
5854 SCTP_BASE_INFO(sctp_vrfhash) = SCTP_HASH_INIT(SCTP_SIZE_OF_VRF_HASH,
5855 &SCTP_BASE_INFO(hashvrfmark));
5856
5857 SCTP_BASE_INFO(vrf_ifn_hash) = SCTP_HASH_INIT(SCTP_VRF_IFN_HASH_SIZE,
5858 &SCTP_BASE_INFO(vrf_ifn_hashmark));
5859 /* init the zones */
5860 /*
5861 * FIX ME: Should check for NULL returns, but if it does fail we are
5862 * doomed to panic anyways... add later maybe.
5863 */
5864 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_ep), "sctp_ep",
5865 sizeof(struct sctp_inpcb), maxsockets);
5866
5867 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asoc), "sctp_asoc",
5868 sizeof(struct sctp_tcb), sctp_max_number_of_assoc);
5869
5870 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_laddr), "sctp_laddr",
5871 sizeof(struct sctp_laddr),
5872 (sctp_max_number_of_assoc * sctp_scale_up_for_address));
5873
5874 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_net), "sctp_raddr",
5875 sizeof(struct sctp_nets),
5876 (sctp_max_number_of_assoc * sctp_scale_up_for_address));
5877
5878 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_chunk), "sctp_chunk",
5879 sizeof(struct sctp_tmit_chunk),
5880 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
5881
5882 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_readq), "sctp_readq",
5883 sizeof(struct sctp_queued_to_read),
5884 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
5885
5886 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_strmoq), "sctp_stream_msg_out",
5887 sizeof(struct sctp_stream_queue_pending),
5888 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
5889
5890 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asconf), "sctp_asconf",
5891 sizeof(struct sctp_asconf),
5892 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
5893
5894 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asconf_ack), "sctp_asconf_ack",
5895 sizeof(struct sctp_asconf_ack),
5896 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
5897
5898
5899 /* Master Lock INIT for info structure */
5900 SCTP_INP_INFO_LOCK_INIT();
5901 SCTP_STATLOG_INIT_LOCK();
5902
5903 SCTP_IPI_COUNT_INIT();
5904 SCTP_IPI_ADDR_INIT();
5905 #ifdef SCTP_PACKET_LOGGING
5906 SCTP_IP_PKTLOG_INIT();
5907 #endif
5908 LIST_INIT(&SCTP_BASE_INFO(addr_wq));
5909
5910 SCTP_WQ_ADDR_INIT();
5911 /* not sure if we need all the counts */
5912 SCTP_BASE_INFO(ipi_count_ep) = 0;
5913 /* assoc/tcb zone info */
5914 SCTP_BASE_INFO(ipi_count_asoc) = 0;
5915 /* local addrlist zone info */
5916 SCTP_BASE_INFO(ipi_count_laddr) = 0;
5917 /* remote addrlist zone info */
5918 SCTP_BASE_INFO(ipi_count_raddr) = 0;
5919 /* chunk info */
5920 SCTP_BASE_INFO(ipi_count_chunk) = 0;
5921
5922 /* socket queue zone info */
5923 SCTP_BASE_INFO(ipi_count_readq) = 0;
5924
5925 /* stream out queue cont */
5926 SCTP_BASE_INFO(ipi_count_strmoq) = 0;
5927
5928 SCTP_BASE_INFO(ipi_free_strmoq) = 0;
5929 SCTP_BASE_INFO(ipi_free_chunks) = 0;
5930
5931 SCTP_OS_TIMER_INIT(&SCTP_BASE_INFO(addr_wq_timer.timer));
5932
5933 /* Init the TIMEWAIT list */
5934 for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) {
5935 LIST_INIT(&SCTP_BASE_INFO(vtag_timewait)[i]);
5936 }
5937
5938 sctp_startup_iterator();
5939
5940 #if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP)
5941 sctp_startup_mcore_threads();
5942 #endif
5943
5944 /*
5945 * INIT the default VRF which for BSD is the only one, other O/S's
5946 * may have more. But initially they must start with one and then
5947 * add the VRF's as addresses are added.
5948 */
5949 sctp_init_vrf_list(SCTP_DEFAULT_VRF);
5950 }
5951
5952 /*
5953 * Assumes that the SCTP_BASE_INFO() lock is NOT held.
5954 */
5955 void
5956 sctp_pcb_finish(void)
5957 {
5958 struct sctp_vrflist *vrf_bucket;
5959 struct sctp_vrf *vrf, *nvrf;
5960 struct sctp_ifn *ifn, *nifn;
5961 struct sctp_ifa *ifa, *nifa;
5962 struct sctpvtaghead *chain;
5963 struct sctp_tagblock *twait_block, *prev_twait_block;
5964 struct sctp_laddr *wi, *nwi;
5965 int i;
5966
5967 /*
5968 * Free BSD the it thread never exits but we do clean up. The only
5969 * way freebsd reaches here if we have VRF's but we still add the
5970 * ifdef to make it compile on old versions.
5971 */
5972 {
5973 struct sctp_iterator *it, *nit;
5974
5975 SCTP_IPI_ITERATOR_WQ_LOCK();
5976 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) {
5977 if (it->vn != curvnet) {
5978 continue;
5979 }
5980 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr);
5981 if (it->function_atend != NULL) {
5982 (*it->function_atend) (it->pointer, it->val);
5983 }
5984 SCTP_FREE(it, SCTP_M_ITER);
5985 }
5986 SCTP_IPI_ITERATOR_WQ_UNLOCK();
5987 SCTP_ITERATOR_LOCK();
5988 if ((sctp_it_ctl.cur_it) &&
5989 (sctp_it_ctl.cur_it->vn == curvnet)) {
5990 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_IT;
5991 }
5992 SCTP_ITERATOR_UNLOCK();
5993 }
5994
5995 SCTP_OS_TIMER_STOP(&SCTP_BASE_INFO(addr_wq_timer.timer));
5996 SCTP_WQ_ADDR_LOCK();
5997 LIST_FOREACH_SAFE(wi, &SCTP_BASE_INFO(addr_wq), sctp_nxt_addr, nwi) {
5998 LIST_REMOVE(wi, sctp_nxt_addr);
5999 SCTP_DECR_LADDR_COUNT();
6000 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), wi);
6001 }
6002 SCTP_WQ_ADDR_UNLOCK();
6003
6004 /*
6005 * free the vrf/ifn/ifa lists and hashes (be sure address monitor is
6006 * destroyed first).
6007 */
6008 vrf_bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(SCTP_DEFAULT_VRFID & SCTP_BASE_INFO(hashvrfmark))];
6009 LIST_FOREACH_SAFE(vrf, vrf_bucket, next_vrf, nvrf) {
6010 LIST_FOREACH_SAFE(ifn, &vrf->ifnlist, next_ifn, nifn) {
6011 LIST_FOREACH_SAFE(ifa, &ifn->ifalist, next_ifa, nifa) {
6012 /* free the ifa */
6013 LIST_REMOVE(ifa, next_bucket);
6014 LIST_REMOVE(ifa, next_ifa);
6015 SCTP_FREE(ifa, SCTP_M_IFA);
6016 }
6017 /* free the ifn */
6018 LIST_REMOVE(ifn, next_bucket);
6019 LIST_REMOVE(ifn, next_ifn);
6020 SCTP_FREE(ifn, SCTP_M_IFN);
6021 }
6022 SCTP_HASH_FREE(vrf->vrf_addr_hash, vrf->vrf_addr_hashmark);
6023 /* free the vrf */
6024 LIST_REMOVE(vrf, next_vrf);
6025 SCTP_FREE(vrf, SCTP_M_VRF);
6026 }
6027 /* free the vrf hashes */
6028 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_vrfhash), SCTP_BASE_INFO(hashvrfmark));
6029 SCTP_HASH_FREE(SCTP_BASE_INFO(vrf_ifn_hash), SCTP_BASE_INFO(vrf_ifn_hashmark));
6030
6031 /*
6032 * free the TIMEWAIT list elements malloc'd in the function
6033 * sctp_add_vtag_to_timewait()...
6034 */
6035 for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) {
6036 chain = &SCTP_BASE_INFO(vtag_timewait)[i];
6037 if (!LIST_EMPTY(chain)) {
6038 prev_twait_block = NULL;
6039 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
6040 if (prev_twait_block) {
6041 SCTP_FREE(prev_twait_block, SCTP_M_TIMW);
6042 }
6043 prev_twait_block = twait_block;
6044 }
6045 SCTP_FREE(prev_twait_block, SCTP_M_TIMW);
6046 }
6047 }
6048
6049 /* free the locks and mutexes */
6050 #ifdef SCTP_PACKET_LOGGING
6051 SCTP_IP_PKTLOG_DESTROY();
6052 #endif
6053 SCTP_IPI_ADDR_DESTROY();
6054 SCTP_STATLOG_DESTROY();
6055 SCTP_INP_INFO_LOCK_DESTROY();
6056
6057 SCTP_WQ_ADDR_DESTROY();
6058
6059 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_ep));
6060 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asoc));
6061 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_laddr));
6062 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_net));
6063 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_chunk));
6064 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_readq));
6065 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_strmoq));
6066 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf));
6067 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf_ack));
6068 /* Get rid of other stuff to */
6069 if (SCTP_BASE_INFO(sctp_asochash) != NULL)
6070 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_asochash), SCTP_BASE_INFO(hashasocmark));
6071 if (SCTP_BASE_INFO(sctp_ephash) != NULL)
6072 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_ephash), SCTP_BASE_INFO(hashmark));
6073 if (SCTP_BASE_INFO(sctp_tcpephash) != NULL)
6074 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_tcpephash), SCTP_BASE_INFO(hashtcpmark));
6075 #if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT)
6076 SCTP_FREE(SCTP_BASE_STATS, SCTP_M_MCORE);
6077 #endif
6078 }
6079
6080
6081 int
6082 sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
6083 int offset, int limit, struct sctphdr *sh,
6084 struct sockaddr *altsa)
6085 {
6086 /*
6087 * grub through the INIT pulling addresses and loading them to the
6088 * nets structure in the asoc. The from address in the mbuf should
6089 * also be loaded (if it is not already). This routine can be called
6090 * with either INIT or INIT-ACK's as long as the m points to the IP
6091 * packet and the offset points to the beginning of the parameters.
6092 */
6093 struct sctp_inpcb *inp;
6094 struct sctp_nets *net, *nnet, *net_tmp;
6095 struct ip *iph;
6096 struct sctp_paramhdr *phdr, parm_buf;
6097 struct sctp_tcb *stcb_tmp;
6098 uint16_t ptype, plen;
6099 struct sockaddr *sa;
6100 struct sockaddr_storage dest_store;
6101 struct sockaddr *local_sa = (struct sockaddr *)&dest_store;
6102 uint8_t random_store[SCTP_PARAM_BUFFER_SIZE];
6103 struct sctp_auth_random *p_random = NULL;
6104 uint16_t random_len = 0;
6105 uint8_t hmacs_store[SCTP_PARAM_BUFFER_SIZE];
6106 struct sctp_auth_hmac_algo *hmacs = NULL;
6107 uint16_t hmacs_len = 0;
6108 uint8_t saw_asconf = 0;
6109 uint8_t saw_asconf_ack = 0;
6110 uint8_t chunks_store[SCTP_PARAM_BUFFER_SIZE];
6111 struct sctp_auth_chunk_list *chunks = NULL;
6112 uint16_t num_chunks = 0;
6113 sctp_key_t *new_key;
6114 uint32_t keylen;
6115 int got_random = 0, got_hmacs = 0, got_chklist = 0;
6116 uint8_t ecn_allowed;
6117
6118 #ifdef INET
6119 struct sockaddr_in sin;
6120
6121 #endif
6122 #ifdef INET6
6123 struct sockaddr_in6 sin6;
6124
6125 #endif
6126
6127 /* First get the destination address setup too. */
6128 #ifdef INET
6129 memset(&sin, 0, sizeof(sin));
6130 sin.sin_family = AF_INET;
6131 sin.sin_len = sizeof(sin);
6132 sin.sin_port = stcb->rport;
6133 #endif
6134 #ifdef INET6
6135 memset(&sin6, 0, sizeof(sin6));
6136 sin6.sin6_family = AF_INET6;
6137 sin6.sin6_len = sizeof(struct sockaddr_in6);
6138 sin6.sin6_port = stcb->rport;
6139 #endif
6140 iph = mtod(m, struct ip *);
6141 switch (iph->ip_v) {
6142 #ifdef INET
6143 case IPVERSION:
6144 {
6145 /* its IPv4 */
6146 struct sockaddr_in *sin_2;
6147
6148 sin_2 = (struct sockaddr_in *)(local_sa);
6149 memset(sin_2, 0, sizeof(sin));
6150 sin_2->sin_family = AF_INET;
6151 sin_2->sin_len = sizeof(sin);
6152 sin_2->sin_port = sh->dest_port;
6153 sin_2->sin_addr.s_addr = iph->ip_dst.s_addr;
6154 if (altsa) {
6155 /*
6156 * For cookies we use the src address NOT
6157 * from the packet but from the original
6158 * INIT.
6159 */
6160 sa = altsa;
6161 } else {
6162 sin.sin_addr = iph->ip_src;
6163 sa = (struct sockaddr *)&sin;
6164 }
6165 break;
6166 }
6167 #endif
6168 #ifdef INET6
6169 case IPV6_VERSION >> 4:
6170 {
6171 /* its IPv6 */
6172 struct ip6_hdr *ip6;
6173 struct sockaddr_in6 *sin6_2;
6174
6175 ip6 = mtod(m, struct ip6_hdr *);
6176 sin6_2 = (struct sockaddr_in6 *)(local_sa);
6177 memset(sin6_2, 0, sizeof(sin6));
6178 sin6_2->sin6_family = AF_INET6;
6179 sin6_2->sin6_len = sizeof(struct sockaddr_in6);
6180 sin6_2->sin6_port = sh->dest_port;
6181 sin6_2->sin6_addr = ip6->ip6_dst;
6182 if (altsa) {
6183 /*
6184 * For cookies we use the src address NOT
6185 * from the packet but from the original
6186 * INIT.
6187 */
6188 sa = altsa;
6189 } else {
6190 sin6.sin6_addr = ip6->ip6_src;
6191 sa = (struct sockaddr *)&sin6;
6192 }
6193 break;
6194 }
6195 #endif
6196 default:
6197 return (-1);
6198 break;
6199 }
6200 /* Turn off ECN until we get through all params */
6201 ecn_allowed = 0;
6202 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
6203 /* mark all addresses that we have currently on the list */
6204 net->dest_state |= SCTP_ADDR_NOT_IN_ASSOC;
6205 }
6206 /* does the source address already exist? if so skip it */
6207 inp = stcb->sctp_ep;
6208 atomic_add_int(&stcb->asoc.refcnt, 1);
6209 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net_tmp, local_sa, stcb);
6210 atomic_add_int(&stcb->asoc.refcnt, -1);
6211
6212 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) || inp == NULL) {
6213 /* we must add the source address */
6214 /* no scope set here since we have a tcb already. */
6215 switch (sa->sa_family) {
6216 #ifdef INET
6217 case AF_INET:
6218 if (stcb->asoc.ipv4_addr_legal) {
6219 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_2)) {
6220 return (-1);
6221 }
6222 }
6223 break;
6224 #endif
6225 #ifdef INET6
6226 case AF_INET6:
6227 if (stcb->asoc.ipv6_addr_legal) {
6228 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_3)) {
6229 return (-2);
6230 }
6231 }
6232 break;
6233 #endif
6234 default:
6235 break;
6236 }
6237 } else {
6238 if (net_tmp != NULL && stcb_tmp == stcb) {
6239 net_tmp->dest_state &= ~SCTP_ADDR_NOT_IN_ASSOC;
6240 } else if (stcb_tmp != stcb) {
6241 /* It belongs to another association? */
6242 if (stcb_tmp)
6243 SCTP_TCB_UNLOCK(stcb_tmp);
6244 return (-3);
6245 }
6246 }
6247 if (stcb->asoc.state == 0) {
6248 /* the assoc was freed? */
6249 return (-4);
6250 }
6251 /*
6252 * peer must explicitly turn this on. This may have been initialized
6253 * to be "on" in order to allow local addr changes while INIT's are
6254 * in flight.
6255 */
6256 stcb->asoc.peer_supports_asconf = 0;
6257 /* now we must go through each of the params. */
6258 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf));
6259 while (phdr) {
6260 ptype = ntohs(phdr->param_type);
6261 plen = ntohs(phdr->param_length);
6262 /*
6263 * SCTP_PRINTF("ptype => %0x, plen => %d\n",
6264 * (uint32_t)ptype, (int)plen);
6265 */
6266 if (offset + plen > limit) {
6267 break;
6268 }
6269 if (plen == 0) {
6270 break;
6271 }
6272 #ifdef INET
6273 if (ptype == SCTP_IPV4_ADDRESS) {
6274 if (stcb->asoc.ipv4_addr_legal) {
6275 struct sctp_ipv4addr_param *p4, p4_buf;
6276
6277 /* ok get the v4 address and check/add */
6278 phdr = sctp_get_next_param(m, offset,
6279 (struct sctp_paramhdr *)&p4_buf,
6280 sizeof(p4_buf));
6281 if (plen != sizeof(struct sctp_ipv4addr_param) ||
6282 phdr == NULL) {
6283 return (-5);
6284 }
6285 p4 = (struct sctp_ipv4addr_param *)phdr;
6286 sin.sin_addr.s_addr = p4->addr;
6287 if (IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) {
6288 /* Skip multi-cast addresses */
6289 goto next_param;
6290 }
6291 if ((sin.sin_addr.s_addr == INADDR_BROADCAST) ||
6292 (sin.sin_addr.s_addr == INADDR_ANY)) {
6293 goto next_param;
6294 }
6295 sa = (struct sockaddr *)&sin;
6296 inp = stcb->sctp_ep;
6297 atomic_add_int(&stcb->asoc.refcnt, 1);
6298 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net,
6299 local_sa, stcb);
6300 atomic_add_int(&stcb->asoc.refcnt, -1);
6301
6302 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) ||
6303 inp == NULL) {
6304 /* we must add the source address */
6305 /*
6306 * no scope set since we have a tcb
6307 * already
6308 */
6309
6310 /*
6311 * we must validate the state again
6312 * here
6313 */
6314 add_it_now:
6315 if (stcb->asoc.state == 0) {
6316 /* the assoc was freed? */
6317 return (-7);
6318 }
6319 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_4)) {
6320 return (-8);
6321 }
6322 } else if (stcb_tmp == stcb) {
6323 if (stcb->asoc.state == 0) {
6324 /* the assoc was freed? */
6325 return (-10);
6326 }
6327 if (net != NULL) {
6328 /* clear flag */
6329 net->dest_state &=
6330 ~SCTP_ADDR_NOT_IN_ASSOC;
6331 }
6332 } else {
6333 /*
6334 * strange, address is in another
6335 * assoc? straighten out locks.
6336 */
6337 if (stcb_tmp) {
6338 if (SCTP_GET_STATE(&stcb_tmp->asoc) & SCTP_STATE_COOKIE_WAIT) {
6339 /*
6340 * in setup state we
6341 * abort this guy
6342 */
6343 sctp_abort_an_association(stcb_tmp->sctp_ep,
6344 stcb_tmp, NULL, SCTP_SO_NOT_LOCKED);
6345 goto add_it_now;
6346 }
6347 SCTP_TCB_UNLOCK(stcb_tmp);
6348 }
6349 if (stcb->asoc.state == 0) {
6350 /* the assoc was freed? */
6351 return (-12);
6352 }
6353 return (-13);
6354 }
6355 }
6356 } else
6357 #endif
6358 #ifdef INET6
6359 if (ptype == SCTP_IPV6_ADDRESS) {
6360 if (stcb->asoc.ipv6_addr_legal) {
6361 /* ok get the v6 address and check/add */
6362 struct sctp_ipv6addr_param *p6, p6_buf;
6363
6364 phdr = sctp_get_next_param(m, offset,
6365 (struct sctp_paramhdr *)&p6_buf,
6366 sizeof(p6_buf));
6367 if (plen != sizeof(struct sctp_ipv6addr_param) ||
6368 phdr == NULL) {
6369 return (-14);
6370 }
6371 p6 = (struct sctp_ipv6addr_param *)phdr;
6372 memcpy((caddr_t)&sin6.sin6_addr, p6->addr,
6373 sizeof(p6->addr));
6374 if (IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) {
6375 /* Skip multi-cast addresses */
6376 goto next_param;
6377 }
6378 if (IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) {
6379 /*
6380 * Link local make no sense without
6381 * scope
6382 */
6383 goto next_param;
6384 }
6385 sa = (struct sockaddr *)&sin6;
6386 inp = stcb->sctp_ep;
6387 atomic_add_int(&stcb->asoc.refcnt, 1);
6388 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net,
6389 local_sa, stcb);
6390 atomic_add_int(&stcb->asoc.refcnt, -1);
6391 if (stcb_tmp == NULL &&
6392 (inp == stcb->sctp_ep || inp == NULL)) {
6393 /*
6394 * we must validate the state again
6395 * here
6396 */
6397 add_it_now6:
6398 if (stcb->asoc.state == 0) {
6399 /* the assoc was freed? */
6400 return (-16);
6401 }
6402 /*
6403 * we must add the address, no scope
6404 * set
6405 */
6406 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_5)) {
6407 return (-17);
6408 }
6409 } else if (stcb_tmp == stcb) {
6410 /*
6411 * we must validate the state again
6412 * here
6413 */
6414 if (stcb->asoc.state == 0) {
6415 /* the assoc was freed? */
6416 return (-19);
6417 }
6418 if (net != NULL) {
6419 /* clear flag */
6420 net->dest_state &=
6421 ~SCTP_ADDR_NOT_IN_ASSOC;
6422 }
6423 } else {
6424 /*
6425 * strange, address is in another
6426 * assoc? straighten out locks.
6427 */
6428 if (stcb_tmp)
6429 if (SCTP_GET_STATE(&stcb_tmp->asoc) & SCTP_STATE_COOKIE_WAIT) {
6430 /*
6431 * in setup state we
6432 * abort this guy
6433 */
6434 sctp_abort_an_association(stcb_tmp->sctp_ep,
6435 stcb_tmp, NULL, SCTP_SO_NOT_LOCKED);
6436 goto add_it_now6;
6437 }
6438 SCTP_TCB_UNLOCK(stcb_tmp);
6439
6440 if (stcb->asoc.state == 0) {
6441 /* the assoc was freed? */
6442 return (-21);
6443 }
6444 return (-22);
6445 }
6446 }
6447 } else
6448 #endif
6449 if (ptype == SCTP_ECN_CAPABLE) {
6450 ecn_allowed = 1;
6451 } else if (ptype == SCTP_ULP_ADAPTATION) {
6452 if (stcb->asoc.state != SCTP_STATE_OPEN) {
6453 struct sctp_adaptation_layer_indication ai,
6454 *aip;
6455
6456 phdr = sctp_get_next_param(m, offset,
6457 (struct sctp_paramhdr *)&ai, sizeof(ai));
6458 aip = (struct sctp_adaptation_layer_indication *)phdr;
6459 if (aip) {
6460 stcb->asoc.peers_adaptation = ntohl(aip->indication);
6461 stcb->asoc.adaptation_needed = 1;
6462 }
6463 }
6464 } else if (ptype == SCTP_SET_PRIM_ADDR) {
6465 struct sctp_asconf_addr_param lstore, *fee;
6466 int lptype;
6467 struct sockaddr *lsa = NULL;
6468
6469 #ifdef INET
6470 struct sctp_asconf_addrv4_param *fii;
6471
6472 #endif
6473
6474 stcb->asoc.peer_supports_asconf = 1;
6475 if (plen > sizeof(lstore)) {
6476 return (-23);
6477 }
6478 phdr = sctp_get_next_param(m, offset,
6479 (struct sctp_paramhdr *)&lstore,
6480 min(plen, sizeof(lstore)));
6481 if (phdr == NULL) {
6482 return (-24);
6483 }
6484 fee = (struct sctp_asconf_addr_param *)phdr;
6485 lptype = ntohs(fee->addrp.ph.param_type);
6486 switch (lptype) {
6487 #ifdef INET
6488 case SCTP_IPV4_ADDRESS:
6489 if (plen !=
6490 sizeof(struct sctp_asconf_addrv4_param)) {
6491 SCTP_PRINTF("Sizeof setprim in init/init ack not %d but %d - ignored\n",
6492 (int)sizeof(struct sctp_asconf_addrv4_param),
6493 plen);
6494 } else {
6495 fii = (struct sctp_asconf_addrv4_param *)fee;
6496 sin.sin_addr.s_addr = fii->addrp.addr;
6497 lsa = (struct sockaddr *)&sin;
6498 }
6499 break;
6500 #endif
6501 #ifdef INET6
6502 case SCTP_IPV6_ADDRESS:
6503 if (plen !=
6504 sizeof(struct sctp_asconf_addr_param)) {
6505 SCTP_PRINTF("Sizeof setprim (v6) in init/init ack not %d but %d - ignored\n",
6506 (int)sizeof(struct sctp_asconf_addr_param),
6507 plen);
6508 } else {
6509 memcpy(sin6.sin6_addr.s6_addr,
6510 fee->addrp.addr,
6511 sizeof(fee->addrp.addr));
6512 lsa = (struct sockaddr *)&sin6;
6513 }
6514 break;
6515 #endif
6516 default:
6517 break;
6518 }
6519 if (lsa) {
6520 (void)sctp_set_primary_addr(stcb, sa, NULL);
6521 }
6522 } else if (ptype == SCTP_HAS_NAT_SUPPORT) {
6523 stcb->asoc.peer_supports_nat = 1;
6524 } else if (ptype == SCTP_PRSCTP_SUPPORTED) {
6525 /* Peer supports pr-sctp */
6526 stcb->asoc.peer_supports_prsctp = 1;
6527 } else if (ptype == SCTP_SUPPORTED_CHUNK_EXT) {
6528 /* A supported extension chunk */
6529 struct sctp_supported_chunk_types_param *pr_supported;
6530 uint8_t local_store[SCTP_PARAM_BUFFER_SIZE];
6531 int num_ent, i;
6532
6533 phdr = sctp_get_next_param(m, offset,
6534 (struct sctp_paramhdr *)&local_store, min(sizeof(local_store), plen));
6535 if (phdr == NULL) {
6536 return (-25);
6537 }
6538 stcb->asoc.peer_supports_asconf = 0;
6539 stcb->asoc.peer_supports_prsctp = 0;
6540 stcb->asoc.peer_supports_pktdrop = 0;
6541 stcb->asoc.peer_supports_strreset = 0;
6542 stcb->asoc.peer_supports_nr_sack = 0;
6543 stcb->asoc.peer_supports_auth = 0;
6544 pr_supported = (struct sctp_supported_chunk_types_param *)phdr;
6545 num_ent = plen - sizeof(struct sctp_paramhdr);
6546 for (i = 0; i < num_ent; i++) {
6547 switch (pr_supported->chunk_types[i]) {
6548 case SCTP_ASCONF:
6549 case SCTP_ASCONF_ACK:
6550 stcb->asoc.peer_supports_asconf = 1;
6551 break;
6552 case SCTP_FORWARD_CUM_TSN:
6553 stcb->asoc.peer_supports_prsctp = 1;
6554 break;
6555 case SCTP_PACKET_DROPPED:
6556 stcb->asoc.peer_supports_pktdrop = 1;
6557 break;
6558 case SCTP_NR_SELECTIVE_ACK:
6559 stcb->asoc.peer_supports_nr_sack = 1;
6560 break;
6561 case SCTP_STREAM_RESET:
6562 stcb->asoc.peer_supports_strreset = 1;
6563 break;
6564 case SCTP_AUTHENTICATION:
6565 stcb->asoc.peer_supports_auth = 1;
6566 break;
6567 default:
6568 /* one I have not learned yet */
6569 break;
6570
6571 }
6572 }
6573 } else if (ptype == SCTP_RANDOM) {
6574 if (plen > sizeof(random_store))
6575 break;
6576 if (got_random) {
6577 /* already processed a RANDOM */
6578 goto next_param;
6579 }
6580 phdr = sctp_get_next_param(m, offset,
6581 (struct sctp_paramhdr *)random_store,
6582 min(sizeof(random_store), plen));
6583 if (phdr == NULL)
6584 return (-26);
6585 p_random = (struct sctp_auth_random *)phdr;
6586 random_len = plen - sizeof(*p_random);
6587 /* enforce the random length */
6588 if (random_len != SCTP_AUTH_RANDOM_SIZE_REQUIRED) {
6589 SCTPDBG(SCTP_DEBUG_AUTH1, "SCTP: invalid RANDOM len\n");
6590 return (-27);
6591 }
6592 got_random = 1;
6593 } else if (ptype == SCTP_HMAC_LIST) {
6594 int num_hmacs;
6595 int i;
6596
6597 if (plen > sizeof(hmacs_store))
6598 break;
6599 if (got_hmacs) {
6600 /* already processed a HMAC list */
6601 goto next_param;
6602 }
6603 phdr = sctp_get_next_param(m, offset,
6604 (struct sctp_paramhdr *)hmacs_store,
6605 min(plen, sizeof(hmacs_store)));
6606 if (phdr == NULL)
6607 return (-28);
6608 hmacs = (struct sctp_auth_hmac_algo *)phdr;
6609 hmacs_len = plen - sizeof(*hmacs);
6610 num_hmacs = hmacs_len / sizeof(hmacs->hmac_ids[0]);
6611 /* validate the hmac list */
6612 if (sctp_verify_hmac_param(hmacs, num_hmacs)) {
6613 return (-29);
6614 }
6615 if (stcb->asoc.peer_hmacs != NULL)
6616 sctp_free_hmaclist(stcb->asoc.peer_hmacs);
6617 stcb->asoc.peer_hmacs = sctp_alloc_hmaclist(num_hmacs);
6618 if (stcb->asoc.peer_hmacs != NULL) {
6619 for (i = 0; i < num_hmacs; i++) {
6620 (void)sctp_auth_add_hmacid(stcb->asoc.peer_hmacs,
6621 ntohs(hmacs->hmac_ids[i]));
6622 }
6623 }
6624 got_hmacs = 1;
6625 } else if (ptype == SCTP_CHUNK_LIST) {
6626 int i;
6627
6628 if (plen > sizeof(chunks_store))
6629 break;
6630 if (got_chklist) {
6631 /* already processed a Chunks list */
6632 goto next_param;
6633 }
6634 phdr = sctp_get_next_param(m, offset,
6635 (struct sctp_paramhdr *)chunks_store,
6636 min(plen, sizeof(chunks_store)));
6637 if (phdr == NULL)
6638 return (-30);
6639 chunks = (struct sctp_auth_chunk_list *)phdr;
6640 num_chunks = plen - sizeof(*chunks);
6641 if (stcb->asoc.peer_auth_chunks != NULL)
6642 sctp_clear_chunklist(stcb->asoc.peer_auth_chunks);
6643 else
6644 stcb->asoc.peer_auth_chunks = sctp_alloc_chunklist();
6645 for (i = 0; i < num_chunks; i++) {
6646 (void)sctp_auth_add_chunk(chunks->chunk_types[i],
6647 stcb->asoc.peer_auth_chunks);
6648 /* record asconf/asconf-ack if listed */
6649 if (chunks->chunk_types[i] == SCTP_ASCONF)
6650 saw_asconf = 1;
6651 if (chunks->chunk_types[i] == SCTP_ASCONF_ACK)
6652 saw_asconf_ack = 1;
6653
6654 }
6655 got_chklist = 1;
6656 } else if ((ptype == SCTP_HEARTBEAT_INFO) ||
6657 (ptype == SCTP_STATE_COOKIE) ||
6658 (ptype == SCTP_UNRECOG_PARAM) ||
6659 (ptype == SCTP_COOKIE_PRESERVE) ||
6660 (ptype == SCTP_SUPPORTED_ADDRTYPE) ||
6661 (ptype == SCTP_ADD_IP_ADDRESS) ||
6662 (ptype == SCTP_DEL_IP_ADDRESS) ||
6663 (ptype == SCTP_ERROR_CAUSE_IND) ||
6664 (ptype == SCTP_SUCCESS_REPORT)) {
6665 /* don't care */ ;
6666 } else {
6667 if ((ptype & 0x8000) == 0x0000) {
6668 /*
6669 * must stop processing the rest of the
6670 * param's. Any report bits were handled
6671 * with the call to
6672 * sctp_arethere_unrecognized_parameters()
6673 * when the INIT or INIT-ACK was first seen.
6674 */
6675 break;
6676 }
6677 }
6678
6679 next_param:
6680 offset += SCTP_SIZE32(plen);
6681 if (offset >= limit) {
6682 break;
6683 }
6684 phdr = sctp_get_next_param(m, offset, &parm_buf,
6685 sizeof(parm_buf));
6686 }
6687 /* Now check to see if we need to purge any addresses */
6688 TAILQ_FOREACH_SAFE(net, &stcb->asoc.nets, sctp_next, nnet) {
6689 if ((net->dest_state & SCTP_ADDR_NOT_IN_ASSOC) ==
6690 SCTP_ADDR_NOT_IN_ASSOC) {
6691 /* This address has been removed from the asoc */
6692 /* remove and free it */
6693 stcb->asoc.numnets--;
6694 TAILQ_REMOVE(&stcb->asoc.nets, net, sctp_next);
6695 sctp_free_remote_addr(net);
6696 if (net == stcb->asoc.primary_destination) {
6697 stcb->asoc.primary_destination = NULL;
6698 sctp_select_primary_destination(stcb);
6699 }
6700 }
6701 }
6702 if (ecn_allowed == 0) {
6703 stcb->asoc.ecn_allowed = 0;
6704 }
6705 /* validate authentication required parameters */
6706 if (got_random && got_hmacs) {
6707 stcb->asoc.peer_supports_auth = 1;
6708 } else {
6709 stcb->asoc.peer_supports_auth = 0;
6710 }
6711 if (!stcb->asoc.peer_supports_auth && got_chklist) {
6712 /* peer does not support auth but sent a chunks list? */
6713 return (-31);
6714 }
6715 if (!SCTP_BASE_SYSCTL(sctp_asconf_auth_nochk) && stcb->asoc.peer_supports_asconf &&
6716 !stcb->asoc.peer_supports_auth) {
6717 /* peer supports asconf but not auth? */
6718 return (-32);
6719 } else if ((stcb->asoc.peer_supports_asconf) && (stcb->asoc.peer_supports_auth) &&
6720 ((saw_asconf == 0) || (saw_asconf_ack == 0))) {
6721 return (-33);
6722 }
6723 /* concatenate the full random key */
6724 keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len;
6725 if (chunks != NULL) {
6726 keylen += sizeof(*chunks) + num_chunks;
6727 }
6728 new_key = sctp_alloc_key(keylen);
6729 if (new_key != NULL) {
6730 /* copy in the RANDOM */
6731 if (p_random != NULL) {
6732 keylen = sizeof(*p_random) + random_len;
6733 bcopy(p_random, new_key->key, keylen);
6734 }
6735 /* append in the AUTH chunks */
6736 if (chunks != NULL) {
6737 bcopy(chunks, new_key->key + keylen,
6738 sizeof(*chunks) + num_chunks);
6739 keylen += sizeof(*chunks) + num_chunks;
6740 }
6741 /* append in the HMACs */
6742 if (hmacs != NULL) {
6743 bcopy(hmacs, new_key->key + keylen,
6744 sizeof(*hmacs) + hmacs_len);
6745 }
6746 } else {
6747 /* failed to get memory for the key */
6748 return (-34);
6749 }
6750 if (stcb->asoc.authinfo.peer_random != NULL)
6751 sctp_free_key(stcb->asoc.authinfo.peer_random);
6752 stcb->asoc.authinfo.peer_random = new_key;
6753 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid);
6754 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid);
6755
6756 return (0);
6757 }
6758
6759 int
6760 sctp_set_primary_addr(struct sctp_tcb *stcb, struct sockaddr *sa,
6761 struct sctp_nets *net)
6762 {
6763 /* make sure the requested primary address exists in the assoc */
6764 if (net == NULL && sa)
6765 net = sctp_findnet(stcb, sa);
6766
6767 if (net == NULL) {
6768 /* didn't find the requested primary address! */
6769 return (-1);
6770 } else {
6771 /* set the primary address */
6772 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
6773 /* Must be confirmed, so queue to set */
6774 net->dest_state |= SCTP_ADDR_REQ_PRIMARY;
6775 return (0);
6776 }
6777 stcb->asoc.primary_destination = net;
6778 if (!(net->dest_state & SCTP_ADDR_PF) && (stcb->asoc.alternate)) {
6779 sctp_free_remote_addr(stcb->asoc.alternate);
6780 stcb->asoc.alternate = NULL;
6781 }
6782 net = TAILQ_FIRST(&stcb->asoc.nets);
6783 if (net != stcb->asoc.primary_destination) {
6784 /*
6785 * first one on the list is NOT the primary
6786 * sctp_cmpaddr() is much more efficient if the
6787 * primary is the first on the list, make it so.
6788 */
6789 TAILQ_REMOVE(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
6790 TAILQ_INSERT_HEAD(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
6791 }
6792 return (0);
6793 }
6794 }
6795
6796 int
6797 sctp_is_vtag_good(uint32_t tag, uint16_t lport, uint16_t rport, struct timeval *now)
6798 {
6799 /*
6800 * This function serves two purposes. It will see if a TAG can be
6801 * re-used and return 1 for yes it is ok and 0 for don't use that
6802 * tag. A secondary function it will do is purge out old tags that
6803 * can be removed.
6804 */
6805 struct sctpvtaghead *chain;
6806 struct sctp_tagblock *twait_block;
6807 struct sctpasochead *head;
6808 struct sctp_tcb *stcb;
6809 int i;
6810
6811 SCTP_INP_INFO_RLOCK();
6812 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(tag,
6813 SCTP_BASE_INFO(hashasocmark))];
6814 if (head == NULL) {
6815 /* invalid vtag */
6816 goto skip_vtag_check;
6817 }
6818 LIST_FOREACH(stcb, head, sctp_asocs) {
6819 /*
6820 * We choose not to lock anything here. TCB's can't be
6821 * removed since we have the read lock, so they can't be
6822 * freed on us, same thing for the INP. I may be wrong with
6823 * this assumption, but we will go with it for now :-)
6824 */
6825 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
6826 continue;
6827 }
6828 if (stcb->asoc.my_vtag == tag) {
6829 /* candidate */
6830 if (stcb->rport != rport) {
6831 continue;
6832 }
6833 if (stcb->sctp_ep->sctp_lport != lport) {
6834 continue;
6835 }
6836 /* Its a used tag set */
6837 SCTP_INP_INFO_RUNLOCK();
6838 return (0);
6839 }
6840 }
6841 skip_vtag_check:
6842
6843 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
6844 /* Now what about timed wait ? */
6845 if (!LIST_EMPTY(chain)) {
6846 /*
6847 * Block(s) are present, lets see if we have this tag in the
6848 * list
6849 */
6850 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
6851 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
6852 if (twait_block->vtag_block[i].v_tag == 0) {
6853 /* not used */
6854 continue;
6855 } else if ((long)twait_block->vtag_block[i].tv_sec_at_expire <
6856 now->tv_sec) {
6857 /* Audit expires this guy */
6858 twait_block->vtag_block[i].tv_sec_at_expire = 0;
6859 twait_block->vtag_block[i].v_tag = 0;
6860 twait_block->vtag_block[i].lport = 0;
6861 twait_block->vtag_block[i].rport = 0;
6862 } else if ((twait_block->vtag_block[i].v_tag == tag) &&
6863 (twait_block->vtag_block[i].lport == lport) &&
6864 (twait_block->vtag_block[i].rport == rport)) {
6865 /* Bad tag, sorry :< */
6866 SCTP_INP_INFO_RUNLOCK();
6867 return (0);
6868 }
6869 }
6870 }
6871 }
6872 SCTP_INP_INFO_RUNLOCK();
6873 return (1);
6874 }
6875
6876 static void
6877 sctp_drain_mbufs(struct sctp_tcb *stcb)
6878 {
6879 /*
6880 * We must hunt this association for MBUF's past the cumack (i.e.
6881 * out of order data that we can renege on).
6882 */
6883 struct sctp_association *asoc;
6884 struct sctp_tmit_chunk *chk, *nchk;
6885 uint32_t cumulative_tsn_p1;
6886 struct sctp_queued_to_read *ctl, *nctl;
6887 int cnt, strmat;
6888 uint32_t gap, i;
6889 int fnd = 0;
6890
6891 /* We look for anything larger than the cum-ack + 1 */
6892
6893 asoc = &stcb->asoc;
6894 if (asoc->cumulative_tsn == asoc->highest_tsn_inside_map) {
6895 /* none we can reneg on. */
6896 return;
6897 }
6898 SCTP_STAT_INCR(sctps_protocol_drains_done);
6899 cumulative_tsn_p1 = asoc->cumulative_tsn + 1;
6900 cnt = 0;
6901 /* First look in the re-assembly queue */
6902 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
6903 if (SCTP_TSN_GT(chk->rec.data.TSN_seq, cumulative_tsn_p1)) {
6904 /* Yep it is above cum-ack */
6905 cnt++;
6906 SCTP_CALC_TSN_TO_GAP(gap, chk->rec.data.TSN_seq, asoc->mapping_array_base_tsn);
6907 asoc->size_on_reasm_queue = sctp_sbspace_sub(asoc->size_on_reasm_queue, chk->send_size);
6908 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
6909 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
6910 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
6911 if (chk->data) {
6912 sctp_m_freem(chk->data);
6913 chk->data = NULL;
6914 }
6915 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
6916 }
6917 }
6918 /* Ok that was fun, now we will drain all the inbound streams? */
6919 for (strmat = 0; strmat < asoc->streamincnt; strmat++) {
6920 TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[strmat].inqueue, next, nctl) {
6921 if (SCTP_TSN_GT(ctl->sinfo_tsn, cumulative_tsn_p1)) {
6922 /* Yep it is above cum-ack */
6923 cnt++;
6924 SCTP_CALC_TSN_TO_GAP(gap, ctl->sinfo_tsn, asoc->mapping_array_base_tsn);
6925 asoc->size_on_all_streams = sctp_sbspace_sub(asoc->size_on_all_streams, ctl->length);
6926 sctp_ucount_decr(asoc->cnt_on_all_streams);
6927 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
6928 TAILQ_REMOVE(&asoc->strmin[strmat].inqueue, ctl, next);
6929 if (ctl->data) {
6930 sctp_m_freem(ctl->data);
6931 ctl->data = NULL;
6932 }
6933 sctp_free_remote_addr(ctl->whoFrom);
6934 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), ctl);
6935 SCTP_DECR_READQ_COUNT();
6936 }
6937 }
6938 }
6939 if (cnt) {
6940 /* We must back down to see what the new highest is */
6941 for (i = asoc->highest_tsn_inside_map; SCTP_TSN_GE(i, asoc->mapping_array_base_tsn); i--) {
6942 SCTP_CALC_TSN_TO_GAP(gap, i, asoc->mapping_array_base_tsn);
6943 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) {
6944 asoc->highest_tsn_inside_map = i;
6945 fnd = 1;
6946 break;
6947 }
6948 }
6949 if (!fnd) {
6950 asoc->highest_tsn_inside_map = asoc->mapping_array_base_tsn - 1;
6951 }
6952 /*
6953 * Question, should we go through the delivery queue? The
6954 * only reason things are on here is the app not reading OR
6955 * a p-d-api up. An attacker COULD send enough in to
6956 * initiate the PD-API and then send a bunch of stuff to
6957 * other streams... these would wind up on the delivery
6958 * queue.. and then we would not get to them. But in order
6959 * to do this I then have to back-track and un-deliver
6960 * sequence numbers in streams.. el-yucko. I think for now
6961 * we will NOT look at the delivery queue and leave it to be
6962 * something to consider later. An alternative would be to
6963 * abort the P-D-API with a notification and then deliver
6964 * the data.... Or another method might be to keep track of
6965 * how many times the situation occurs and if we see a
6966 * possible attack underway just abort the association.
6967 */
6968 #ifdef SCTP_DEBUG
6969 SCTPDBG(SCTP_DEBUG_PCB1, "Freed %d chunks from reneg harvest\n", cnt);
6970 #endif
6971 /*
6972 * Now do we need to find a new
6973 * asoc->highest_tsn_inside_map?
6974 */
6975 asoc->last_revoke_count = cnt;
6976 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer);
6977 /* sa_ignore NO_NULL_CHK */
6978 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
6979 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_DRAIN, SCTP_SO_NOT_LOCKED);
6980 }
6981 /*
6982 * Another issue, in un-setting the TSN's in the mapping array we
6983 * DID NOT adjust the highest_tsn marker. This will cause one of
6984 * two things to occur. It may cause us to do extra work in checking
6985 * for our mapping array movement. More importantly it may cause us
6986 * to SACK every datagram. This may not be a bad thing though since
6987 * we will recover once we get our cum-ack above and all this stuff
6988 * we dumped recovered.
6989 */
6990 }
6991
6992 void
6993 sctp_drain()
6994 {
6995 /*
6996 * We must walk the PCB lists for ALL associations here. The system
6997 * is LOW on MBUF's and needs help. This is where reneging will
6998 * occur. We really hope this does NOT happen!
6999 */
7000 VNET_ITERATOR_DECL(vnet_iter);
7001 VNET_LIST_RLOCK_NOSLEEP();
7002 VNET_FOREACH(vnet_iter) {
7003 CURVNET_SET(vnet_iter);
7004 struct sctp_inpcb *inp;
7005 struct sctp_tcb *stcb;
7006
7007 SCTP_STAT_INCR(sctps_protocol_drain_calls);
7008 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) {
7009 #ifdef VIMAGE
7010 continue;
7011 #else
7012 return;
7013 #endif
7014 }
7015 SCTP_INP_INFO_RLOCK();
7016 LIST_FOREACH(inp, &SCTP_BASE_INFO(listhead), sctp_list) {
7017 /* For each endpoint */
7018 SCTP_INP_RLOCK(inp);
7019 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
7020 /* For each association */
7021 SCTP_TCB_LOCK(stcb);
7022 sctp_drain_mbufs(stcb);
7023 SCTP_TCB_UNLOCK(stcb);
7024 }
7025 SCTP_INP_RUNLOCK(inp);
7026 }
7027 SCTP_INP_INFO_RUNLOCK();
7028 CURVNET_RESTORE();
7029 }
7030 VNET_LIST_RUNLOCK_NOSLEEP();
7031 }
7032
7033 /*
7034 * start a new iterator
7035 * iterates through all endpoints and associations based on the pcb_state
7036 * flags and asoc_state. "af" (mandatory) is executed for all matching
7037 * assocs and "ef" (optional) is executed when the iterator completes.
7038 * "inpf" (optional) is executed for each new endpoint as it is being
7039 * iterated through. inpe (optional) is called when the inp completes
7040 * its way through all the stcbs.
7041 */
7042 int
7043 sctp_initiate_iterator(inp_func inpf,
7044 asoc_func af,
7045 inp_func inpe,
7046 uint32_t pcb_state,
7047 uint32_t pcb_features,
7048 uint32_t asoc_state,
7049 void *argp,
7050 uint32_t argi,
7051 end_func ef,
7052 struct sctp_inpcb *s_inp,
7053 uint8_t chunk_output_off)
7054 {
7055 struct sctp_iterator *it = NULL;
7056
7057 if (af == NULL) {
7058 return (-1);
7059 }
7060 SCTP_MALLOC(it, struct sctp_iterator *, sizeof(struct sctp_iterator),
7061 SCTP_M_ITER);
7062 if (it == NULL) {
7063 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM);
7064 return (ENOMEM);
7065 }
7066 memset(it, 0, sizeof(*it));
7067 it->function_assoc = af;
7068 it->function_inp = inpf;
7069 if (inpf)
7070 it->done_current_ep = 0;
7071 else
7072 it->done_current_ep = 1;
7073 it->function_atend = ef;
7074 it->pointer = argp;
7075 it->val = argi;
7076 it->pcb_flags = pcb_state;
7077 it->pcb_features = pcb_features;
7078 it->asoc_state = asoc_state;
7079 it->function_inp_end = inpe;
7080 it->no_chunk_output = chunk_output_off;
7081 it->vn = curvnet;
7082 if (s_inp) {
7083 /* Assume lock is held here */
7084 it->inp = s_inp;
7085 SCTP_INP_INCR_REF(it->inp);
7086 it->iterator_flags = SCTP_ITERATOR_DO_SINGLE_INP;
7087 } else {
7088 SCTP_INP_INFO_RLOCK();
7089 it->inp = LIST_FIRST(&SCTP_BASE_INFO(listhead));
7090 if (it->inp) {
7091 SCTP_INP_INCR_REF(it->inp);
7092 }
7093 SCTP_INP_INFO_RUNLOCK();
7094 it->iterator_flags = SCTP_ITERATOR_DO_ALL_INP;
7095
7096 }
7097 SCTP_IPI_ITERATOR_WQ_LOCK();
7098
7099 TAILQ_INSERT_TAIL(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr);
7100 if (sctp_it_ctl.iterator_running == 0) {
7101 sctp_wakeup_iterator();
7102 }
7103 SCTP_IPI_ITERATOR_WQ_UNLOCK();
7104 /* sa_ignore MEMLEAK {memory is put on the tailq for the iterator} */
7105 return (0);
7106 }
Cache object: 8d9cea51acef0d742891ae68b1d78bad
|