The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netinet/sctp_pcb.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
    3  * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
    4  * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
    5  *
    6  * Redistribution and use in source and binary forms, with or without
    7  * modification, are permitted provided that the following conditions are met:
    8  *
    9  * a) Redistributions of source code must retain the above copyright notice,
   10  *    this list of conditions and the following disclaimer.
   11  *
   12  * b) Redistributions in binary form must reproduce the above copyright
   13  *    notice, this list of conditions and the following disclaimer in
   14  *    the documentation and/or other materials provided with the distribution.
   15  *
   16  * c) Neither the name of Cisco Systems, Inc. nor the names of its
   17  *    contributors may be used to endorse or promote products derived
   18  *    from this software without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
   21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
   22  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
   24  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
   25  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
   26  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
   27  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
   28  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
   30  * THE POSSIBILITY OF SUCH DAMAGE.
   31  */
   32 
   33 #include <sys/cdefs.h>
   34 __FBSDID("$FreeBSD: releng/9.1/sys/netinet/sctp_pcb.c 239452 2012-08-20 17:36:10Z tuexen $");
   35 
   36 #include <netinet/sctp_os.h>
   37 #include <sys/proc.h>
   38 #include <netinet/sctp_var.h>
   39 #include <netinet/sctp_sysctl.h>
   40 #include <netinet/sctp_pcb.h>
   41 #include <netinet/sctputil.h>
   42 #include <netinet/sctp.h>
   43 #include <netinet/sctp_header.h>
   44 #include <netinet/sctp_asconf.h>
   45 #include <netinet/sctp_output.h>
   46 #include <netinet/sctp_timer.h>
   47 #include <netinet/sctp_bsd_addr.h>
   48 #include <netinet/sctp_dtrace_define.h>
   49 #include <netinet/udp.h>
   50 #ifdef INET6
   51 #include <netinet6/ip6_var.h>
   52 #endif
   53 #include <sys/sched.h>
   54 #include <sys/smp.h>
   55 #include <sys/unistd.h>
   56 
   57 
   58 VNET_DEFINE(struct sctp_base_info, system_base_info);
   59 
   60 /* FIX: we don't handle multiple link local scopes */
   61 /* "scopeless" replacement IN6_ARE_ADDR_EQUAL */
   62 #ifdef INET6
   63 int
   64 SCTP6_ARE_ADDR_EQUAL(struct sockaddr_in6 *a, struct sockaddr_in6 *b)
   65 {
   66         struct sockaddr_in6 tmp_a, tmp_b;
   67 
   68         memcpy(&tmp_a, a, sizeof(struct sockaddr_in6));
   69         if (sa6_embedscope(&tmp_a, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
   70                 return (0);
   71         }
   72         memcpy(&tmp_b, b, sizeof(struct sockaddr_in6));
   73         if (sa6_embedscope(&tmp_b, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
   74                 return (0);
   75         }
   76         return (IN6_ARE_ADDR_EQUAL(&tmp_a.sin6_addr, &tmp_b.sin6_addr));
   77 }
   78 
   79 #endif
   80 
   81 void
   82 sctp_fill_pcbinfo(struct sctp_pcbinfo *spcb)
   83 {
   84         /*
   85          * We really don't need to lock this, but I will just because it
   86          * does not hurt.
   87          */
   88         SCTP_INP_INFO_RLOCK();
   89         spcb->ep_count = SCTP_BASE_INFO(ipi_count_ep);
   90         spcb->asoc_count = SCTP_BASE_INFO(ipi_count_asoc);
   91         spcb->laddr_count = SCTP_BASE_INFO(ipi_count_laddr);
   92         spcb->raddr_count = SCTP_BASE_INFO(ipi_count_raddr);
   93         spcb->chk_count = SCTP_BASE_INFO(ipi_count_chunk);
   94         spcb->readq_count = SCTP_BASE_INFO(ipi_count_readq);
   95         spcb->stream_oque = SCTP_BASE_INFO(ipi_count_strmoq);
   96         spcb->free_chunks = SCTP_BASE_INFO(ipi_free_chunks);
   97 
   98         SCTP_INP_INFO_RUNLOCK();
   99 }
  100 
  101 /*
  102  * Addresses are added to VRF's (Virtual Router's). For BSD we
  103  * have only the default VRF 0. We maintain a hash list of
  104  * VRF's. Each VRF has its own list of sctp_ifn's. Each of
  105  * these has a list of addresses. When we add a new address
  106  * to a VRF we lookup the ifn/ifn_index, if the ifn does
  107  * not exist we create it and add it to the list of IFN's
  108  * within the VRF. Once we have the sctp_ifn, we add the
  109  * address to the list. So we look something like:
  110  *
  111  * hash-vrf-table
  112  *   vrf-> ifn-> ifn -> ifn
  113  *   vrf    |
  114  *    ...   +--ifa-> ifa -> ifa
  115  *   vrf
  116  *
  117  * We keep these separate lists since the SCTP subsystem will
  118  * point to these from its source address selection nets structure.
  119  * When an address is deleted it does not happen right away on
  120  * the SCTP side, it gets scheduled. What we do when a
  121  * delete happens is immediately remove the address from
  122  * the master list and decrement the refcount. As our
  123  * addip iterator works through and frees the src address
  124  * selection pointing to the sctp_ifa, eventually the refcount
  125  * will reach 0 and we will delete it. Note that it is assumed
  126  * that any locking on system level ifn/ifa is done at the
  127  * caller of these functions and these routines will only
  128  * lock the SCTP structures as they add or delete things.
  129  *
  130  * Other notes on VRF concepts.
  131  *  - An endpoint can be in multiple VRF's
  132  *  - An association lives within a VRF and only one VRF.
  133  *  - Any incoming packet we can deduce the VRF for by
  134  *    looking at the mbuf/pak inbound (for BSD its VRF=0 :D)
  135  *  - Any downward send call or connect call must supply the
  136  *    VRF via ancillary data or via some sort of set default
  137  *    VRF socket option call (again for BSD no brainer since
  138  *    the VRF is always 0).
  139  *  - An endpoint may add multiple VRF's to it.
  140  *  - Listening sockets can accept associations in any
  141  *    of the VRF's they are in but the assoc will end up
  142  *    in only one VRF (gotten from the packet or connect/send).
  143  *
  144  */
  145 
  146 struct sctp_vrf *
  147 sctp_allocate_vrf(int vrf_id)
  148 {
  149         struct sctp_vrf *vrf = NULL;
  150         struct sctp_vrflist *bucket;
  151 
  152         /* First allocate the VRF structure */
  153         vrf = sctp_find_vrf(vrf_id);
  154         if (vrf) {
  155                 /* Already allocated */
  156                 return (vrf);
  157         }
  158         SCTP_MALLOC(vrf, struct sctp_vrf *, sizeof(struct sctp_vrf),
  159             SCTP_M_VRF);
  160         if (vrf == NULL) {
  161                 /* No memory */
  162 #ifdef INVARIANTS
  163                 panic("No memory for VRF:%d", vrf_id);
  164 #endif
  165                 return (NULL);
  166         }
  167         /* setup the VRF */
  168         memset(vrf, 0, sizeof(struct sctp_vrf));
  169         vrf->vrf_id = vrf_id;
  170         LIST_INIT(&vrf->ifnlist);
  171         vrf->total_ifa_count = 0;
  172         vrf->refcount = 0;
  173         /* now also setup table ids */
  174         SCTP_INIT_VRF_TABLEID(vrf);
  175         /* Init the HASH of addresses */
  176         vrf->vrf_addr_hash = SCTP_HASH_INIT(SCTP_VRF_ADDR_HASH_SIZE,
  177             &vrf->vrf_addr_hashmark);
  178         if (vrf->vrf_addr_hash == NULL) {
  179                 /* No memory */
  180 #ifdef INVARIANTS
  181                 panic("No memory for VRF:%d", vrf_id);
  182 #endif
  183                 SCTP_FREE(vrf, SCTP_M_VRF);
  184                 return (NULL);
  185         }
  186         /* Add it to the hash table */
  187         bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(vrf_id & SCTP_BASE_INFO(hashvrfmark))];
  188         LIST_INSERT_HEAD(bucket, vrf, next_vrf);
  189         atomic_add_int(&SCTP_BASE_INFO(ipi_count_vrfs), 1);
  190         return (vrf);
  191 }
  192 
  193 
  194 struct sctp_ifn *
  195 sctp_find_ifn(void *ifn, uint32_t ifn_index)
  196 {
  197         struct sctp_ifn *sctp_ifnp;
  198         struct sctp_ifnlist *hash_ifn_head;
  199 
  200         /*
  201          * We assume the lock is held for the addresses if that's wrong
  202          * problems could occur :-)
  203          */
  204         hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))];
  205         LIST_FOREACH(sctp_ifnp, hash_ifn_head, next_bucket) {
  206                 if (sctp_ifnp->ifn_index == ifn_index) {
  207                         return (sctp_ifnp);
  208                 }
  209                 if (sctp_ifnp->ifn_p && ifn && (sctp_ifnp->ifn_p == ifn)) {
  210                         return (sctp_ifnp);
  211                 }
  212         }
  213         return (NULL);
  214 }
  215 
  216 
  217 
  218 struct sctp_vrf *
  219 sctp_find_vrf(uint32_t vrf_id)
  220 {
  221         struct sctp_vrflist *bucket;
  222         struct sctp_vrf *liste;
  223 
  224         bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(vrf_id & SCTP_BASE_INFO(hashvrfmark))];
  225         LIST_FOREACH(liste, bucket, next_vrf) {
  226                 if (vrf_id == liste->vrf_id) {
  227                         return (liste);
  228                 }
  229         }
  230         return (NULL);
  231 }
  232 
  233 void
  234 sctp_free_vrf(struct sctp_vrf *vrf)
  235 {
  236         if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&vrf->refcount)) {
  237                 if (vrf->vrf_addr_hash) {
  238                         SCTP_HASH_FREE(vrf->vrf_addr_hash, vrf->vrf_addr_hashmark);
  239                         vrf->vrf_addr_hash = NULL;
  240                 }
  241                 /* We zero'd the count */
  242                 LIST_REMOVE(vrf, next_vrf);
  243                 SCTP_FREE(vrf, SCTP_M_VRF);
  244                 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_vrfs), 1);
  245         }
  246 }
  247 
  248 void
  249 sctp_free_ifn(struct sctp_ifn *sctp_ifnp)
  250 {
  251         if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&sctp_ifnp->refcount)) {
  252                 /* We zero'd the count */
  253                 if (sctp_ifnp->vrf) {
  254                         sctp_free_vrf(sctp_ifnp->vrf);
  255                 }
  256                 SCTP_FREE(sctp_ifnp, SCTP_M_IFN);
  257                 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_ifns), 1);
  258         }
  259 }
  260 
  261 void
  262 sctp_update_ifn_mtu(uint32_t ifn_index, uint32_t mtu)
  263 {
  264         struct sctp_ifn *sctp_ifnp;
  265 
  266         sctp_ifnp = sctp_find_ifn((void *)NULL, ifn_index);
  267         if (sctp_ifnp != NULL) {
  268                 sctp_ifnp->ifn_mtu = mtu;
  269         }
  270 }
  271 
  272 
  273 void
  274 sctp_free_ifa(struct sctp_ifa *sctp_ifap)
  275 {
  276         if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&sctp_ifap->refcount)) {
  277                 /* We zero'd the count */
  278                 if (sctp_ifap->ifn_p) {
  279                         sctp_free_ifn(sctp_ifap->ifn_p);
  280                 }
  281                 SCTP_FREE(sctp_ifap, SCTP_M_IFA);
  282                 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_ifas), 1);
  283         }
  284 }
  285 
  286 static void
  287 sctp_delete_ifn(struct sctp_ifn *sctp_ifnp, int hold_addr_lock)
  288 {
  289         struct sctp_ifn *found;
  290 
  291         found = sctp_find_ifn(sctp_ifnp->ifn_p, sctp_ifnp->ifn_index);
  292         if (found == NULL) {
  293                 /* Not in the list.. sorry */
  294                 return;
  295         }
  296         if (hold_addr_lock == 0)
  297                 SCTP_IPI_ADDR_WLOCK();
  298         LIST_REMOVE(sctp_ifnp, next_bucket);
  299         LIST_REMOVE(sctp_ifnp, next_ifn);
  300         SCTP_DEREGISTER_INTERFACE(sctp_ifnp->ifn_index,
  301             sctp_ifnp->registered_af);
  302         if (hold_addr_lock == 0)
  303                 SCTP_IPI_ADDR_WUNLOCK();
  304         /* Take away the reference, and possibly free it */
  305         sctp_free_ifn(sctp_ifnp);
  306 }
  307 
  308 void
  309 sctp_mark_ifa_addr_down(uint32_t vrf_id, struct sockaddr *addr,
  310     const char *if_name, uint32_t ifn_index)
  311 {
  312         struct sctp_vrf *vrf;
  313         struct sctp_ifa *sctp_ifap = NULL;
  314 
  315         SCTP_IPI_ADDR_RLOCK();
  316         vrf = sctp_find_vrf(vrf_id);
  317         if (vrf == NULL) {
  318                 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id);
  319                 goto out;
  320 
  321         }
  322         sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
  323         if (sctp_ifap == NULL) {
  324                 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find sctp_ifap for address\n");
  325                 goto out;
  326         }
  327         if (sctp_ifap->ifn_p == NULL) {
  328                 SCTPDBG(SCTP_DEBUG_PCB4, "IFA has no IFN - can't mark unuseable\n");
  329                 goto out;
  330         }
  331         if (if_name) {
  332                 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) != 0) {
  333                         SCTPDBG(SCTP_DEBUG_PCB4, "IFN %s of IFA not the same as %s\n",
  334                             sctp_ifap->ifn_p->ifn_name, if_name);
  335                         goto out;
  336                 }
  337         } else {
  338                 if (sctp_ifap->ifn_p->ifn_index != ifn_index) {
  339                         SCTPDBG(SCTP_DEBUG_PCB4, "IFA owned by ifn_index:%d down command for ifn_index:%d - ignored\n",
  340                             sctp_ifap->ifn_p->ifn_index, ifn_index);
  341                         goto out;
  342                 }
  343         }
  344 
  345         sctp_ifap->localifa_flags &= (~SCTP_ADDR_VALID);
  346         sctp_ifap->localifa_flags |= SCTP_ADDR_IFA_UNUSEABLE;
  347 out:
  348         SCTP_IPI_ADDR_RUNLOCK();
  349 }
  350 
  351 void
  352 sctp_mark_ifa_addr_up(uint32_t vrf_id, struct sockaddr *addr,
  353     const char *if_name, uint32_t ifn_index)
  354 {
  355         struct sctp_vrf *vrf;
  356         struct sctp_ifa *sctp_ifap = NULL;
  357 
  358         SCTP_IPI_ADDR_RLOCK();
  359         vrf = sctp_find_vrf(vrf_id);
  360         if (vrf == NULL) {
  361                 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id);
  362                 goto out;
  363 
  364         }
  365         sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
  366         if (sctp_ifap == NULL) {
  367                 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find sctp_ifap for address\n");
  368                 goto out;
  369         }
  370         if (sctp_ifap->ifn_p == NULL) {
  371                 SCTPDBG(SCTP_DEBUG_PCB4, "IFA has no IFN - can't mark unuseable\n");
  372                 goto out;
  373         }
  374         if (if_name) {
  375                 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) != 0) {
  376                         SCTPDBG(SCTP_DEBUG_PCB4, "IFN %s of IFA not the same as %s\n",
  377                             sctp_ifap->ifn_p->ifn_name, if_name);
  378                         goto out;
  379                 }
  380         } else {
  381                 if (sctp_ifap->ifn_p->ifn_index != ifn_index) {
  382                         SCTPDBG(SCTP_DEBUG_PCB4, "IFA owned by ifn_index:%d down command for ifn_index:%d - ignored\n",
  383                             sctp_ifap->ifn_p->ifn_index, ifn_index);
  384                         goto out;
  385                 }
  386         }
  387 
  388         sctp_ifap->localifa_flags &= (~SCTP_ADDR_IFA_UNUSEABLE);
  389         sctp_ifap->localifa_flags |= SCTP_ADDR_VALID;
  390 out:
  391         SCTP_IPI_ADDR_RUNLOCK();
  392 }
  393 
  394 /*-
  395  * Add an ifa to an ifn.
  396  * Register the interface as necessary.
  397  * NOTE: ADDR write lock MUST be held.
  398  */
  399 static void
  400 sctp_add_ifa_to_ifn(struct sctp_ifn *sctp_ifnp, struct sctp_ifa *sctp_ifap)
  401 {
  402         int ifa_af;
  403 
  404         LIST_INSERT_HEAD(&sctp_ifnp->ifalist, sctp_ifap, next_ifa);
  405         sctp_ifap->ifn_p = sctp_ifnp;
  406         atomic_add_int(&sctp_ifap->ifn_p->refcount, 1);
  407         /* update address counts */
  408         sctp_ifnp->ifa_count++;
  409         ifa_af = sctp_ifap->address.sa.sa_family;
  410         switch (ifa_af) {
  411 #ifdef INET
  412         case AF_INET:
  413                 sctp_ifnp->num_v4++;
  414                 break;
  415 #endif
  416 #ifdef INET6
  417         case AF_INET6:
  418                 sctp_ifnp->num_v6++;
  419                 break;
  420 #endif
  421         default:
  422                 break;
  423         }
  424         if (sctp_ifnp->ifa_count == 1) {
  425                 /* register the new interface */
  426                 SCTP_REGISTER_INTERFACE(sctp_ifnp->ifn_index, ifa_af);
  427                 sctp_ifnp->registered_af = ifa_af;
  428         }
  429 }
  430 
  431 /*-
  432  * Remove an ifa from its ifn.
  433  * If no more addresses exist, remove the ifn too. Otherwise, re-register
  434  * the interface based on the remaining address families left.
  435  * NOTE: ADDR write lock MUST be held.
  436  */
  437 static void
  438 sctp_remove_ifa_from_ifn(struct sctp_ifa *sctp_ifap)
  439 {
  440         LIST_REMOVE(sctp_ifap, next_ifa);
  441         if (sctp_ifap->ifn_p) {
  442                 /* update address counts */
  443                 sctp_ifap->ifn_p->ifa_count--;
  444                 switch (sctp_ifap->address.sa.sa_family) {
  445 #ifdef INET
  446                 case AF_INET:
  447                         sctp_ifap->ifn_p->num_v4--;
  448                         break;
  449 #endif
  450 #ifdef INET6
  451                 case AF_INET6:
  452                         sctp_ifap->ifn_p->num_v6--;
  453                         break;
  454 #endif
  455                 default:
  456                         break;
  457                 }
  458 
  459                 if (LIST_EMPTY(&sctp_ifap->ifn_p->ifalist)) {
  460                         /* remove the ifn, possibly freeing it */
  461                         sctp_delete_ifn(sctp_ifap->ifn_p, SCTP_ADDR_LOCKED);
  462                 } else {
  463                         /* re-register address family type, if needed */
  464                         if ((sctp_ifap->ifn_p->num_v6 == 0) &&
  465                             (sctp_ifap->ifn_p->registered_af == AF_INET6)) {
  466                                 SCTP_DEREGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET6);
  467                                 SCTP_REGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET);
  468                                 sctp_ifap->ifn_p->registered_af = AF_INET;
  469                         } else if ((sctp_ifap->ifn_p->num_v4 == 0) &&
  470                             (sctp_ifap->ifn_p->registered_af == AF_INET)) {
  471                                 SCTP_DEREGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET);
  472                                 SCTP_REGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET6);
  473                                 sctp_ifap->ifn_p->registered_af = AF_INET6;
  474                         }
  475                         /* free the ifn refcount */
  476                         sctp_free_ifn(sctp_ifap->ifn_p);
  477                 }
  478                 sctp_ifap->ifn_p = NULL;
  479         }
  480 }
  481 
  482 struct sctp_ifa *
  483 sctp_add_addr_to_vrf(uint32_t vrf_id, void *ifn, uint32_t ifn_index,
  484     uint32_t ifn_type, const char *if_name, void *ifa,
  485     struct sockaddr *addr, uint32_t ifa_flags,
  486     int dynamic_add)
  487 {
  488         struct sctp_vrf *vrf;
  489         struct sctp_ifn *sctp_ifnp = NULL;
  490         struct sctp_ifa *sctp_ifap = NULL;
  491         struct sctp_ifalist *hash_addr_head;
  492         struct sctp_ifnlist *hash_ifn_head;
  493         uint32_t hash_of_addr;
  494         int new_ifn_af = 0;
  495 
  496 #ifdef SCTP_DEBUG
  497         SCTPDBG(SCTP_DEBUG_PCB4, "vrf_id 0x%x: adding address: ", vrf_id);
  498         SCTPDBG_ADDR(SCTP_DEBUG_PCB4, addr);
  499 #endif
  500         SCTP_IPI_ADDR_WLOCK();
  501         sctp_ifnp = sctp_find_ifn(ifn, ifn_index);
  502         if (sctp_ifnp) {
  503                 vrf = sctp_ifnp->vrf;
  504         } else {
  505                 vrf = sctp_find_vrf(vrf_id);
  506                 if (vrf == NULL) {
  507                         vrf = sctp_allocate_vrf(vrf_id);
  508                         if (vrf == NULL) {
  509                                 SCTP_IPI_ADDR_WUNLOCK();
  510                                 return (NULL);
  511                         }
  512                 }
  513         }
  514         if (sctp_ifnp == NULL) {
  515                 /*
  516                  * build one and add it, can't hold lock until after malloc
  517                  * done though.
  518                  */
  519                 SCTP_IPI_ADDR_WUNLOCK();
  520                 SCTP_MALLOC(sctp_ifnp, struct sctp_ifn *,
  521                     sizeof(struct sctp_ifn), SCTP_M_IFN);
  522                 if (sctp_ifnp == NULL) {
  523 #ifdef INVARIANTS
  524                         panic("No memory for IFN");
  525 #endif
  526                         return (NULL);
  527                 }
  528                 memset(sctp_ifnp, 0, sizeof(struct sctp_ifn));
  529                 sctp_ifnp->ifn_index = ifn_index;
  530                 sctp_ifnp->ifn_p = ifn;
  531                 sctp_ifnp->ifn_type = ifn_type;
  532                 sctp_ifnp->refcount = 0;
  533                 sctp_ifnp->vrf = vrf;
  534                 atomic_add_int(&vrf->refcount, 1);
  535                 sctp_ifnp->ifn_mtu = SCTP_GATHER_MTU_FROM_IFN_INFO(ifn, ifn_index, addr->sa_family);
  536                 if (if_name != NULL) {
  537                         snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name);
  538                 } else {
  539                         snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown");
  540                 }
  541                 hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))];
  542                 LIST_INIT(&sctp_ifnp->ifalist);
  543                 SCTP_IPI_ADDR_WLOCK();
  544                 LIST_INSERT_HEAD(hash_ifn_head, sctp_ifnp, next_bucket);
  545                 LIST_INSERT_HEAD(&vrf->ifnlist, sctp_ifnp, next_ifn);
  546                 atomic_add_int(&SCTP_BASE_INFO(ipi_count_ifns), 1);
  547                 new_ifn_af = 1;
  548         }
  549         sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
  550         if (sctp_ifap) {
  551                 /* Hmm, it already exists? */
  552                 if ((sctp_ifap->ifn_p) &&
  553                     (sctp_ifap->ifn_p->ifn_index == ifn_index)) {
  554                         SCTPDBG(SCTP_DEBUG_PCB4, "Using existing ifn %s (0x%x) for ifa %p\n",
  555                             sctp_ifap->ifn_p->ifn_name, ifn_index,
  556                             sctp_ifap);
  557                         if (new_ifn_af) {
  558                                 /* Remove the created one that we don't want */
  559                                 sctp_delete_ifn(sctp_ifnp, SCTP_ADDR_LOCKED);
  560                         }
  561                         if (sctp_ifap->localifa_flags & SCTP_BEING_DELETED) {
  562                                 /* easy to solve, just switch back to active */
  563                                 SCTPDBG(SCTP_DEBUG_PCB4, "Clearing deleted ifa flag\n");
  564                                 sctp_ifap->localifa_flags = SCTP_ADDR_VALID;
  565                                 sctp_ifap->ifn_p = sctp_ifnp;
  566                                 atomic_add_int(&sctp_ifap->ifn_p->refcount, 1);
  567                         }
  568         exit_stage_left:
  569                         SCTP_IPI_ADDR_WUNLOCK();
  570                         return (sctp_ifap);
  571                 } else {
  572                         if (sctp_ifap->ifn_p) {
  573                                 /*
  574                                  * The last IFN gets the address, remove the
  575                                  * old one
  576                                  */
  577                                 SCTPDBG(SCTP_DEBUG_PCB4, "Moving ifa %p from %s (0x%x) to %s (0x%x)\n",
  578                                     sctp_ifap, sctp_ifap->ifn_p->ifn_name,
  579                                     sctp_ifap->ifn_p->ifn_index, if_name,
  580                                     ifn_index);
  581                                 /* remove the address from the old ifn */
  582                                 sctp_remove_ifa_from_ifn(sctp_ifap);
  583                                 /* move the address over to the new ifn */
  584                                 sctp_add_ifa_to_ifn(sctp_ifnp, sctp_ifap);
  585                                 goto exit_stage_left;
  586                         } else {
  587                                 /* repair ifnp which was NULL ? */
  588                                 sctp_ifap->localifa_flags = SCTP_ADDR_VALID;
  589                                 SCTPDBG(SCTP_DEBUG_PCB4, "Repairing ifn %p for ifa %p\n",
  590                                     sctp_ifnp, sctp_ifap);
  591                                 sctp_add_ifa_to_ifn(sctp_ifnp, sctp_ifap);
  592                         }
  593                         goto exit_stage_left;
  594                 }
  595         }
  596         SCTP_IPI_ADDR_WUNLOCK();
  597         SCTP_MALLOC(sctp_ifap, struct sctp_ifa *, sizeof(struct sctp_ifa), SCTP_M_IFA);
  598         if (sctp_ifap == NULL) {
  599 #ifdef INVARIANTS
  600                 panic("No memory for IFA");
  601 #endif
  602                 return (NULL);
  603         }
  604         memset(sctp_ifap, 0, sizeof(struct sctp_ifa));
  605         sctp_ifap->ifn_p = sctp_ifnp;
  606         atomic_add_int(&sctp_ifnp->refcount, 1);
  607         sctp_ifap->vrf_id = vrf_id;
  608         sctp_ifap->ifa = ifa;
  609         memcpy(&sctp_ifap->address, addr, addr->sa_len);
  610         sctp_ifap->localifa_flags = SCTP_ADDR_VALID | SCTP_ADDR_DEFER_USE;
  611         sctp_ifap->flags = ifa_flags;
  612         /* Set scope */
  613         switch (sctp_ifap->address.sa.sa_family) {
  614 #ifdef INET
  615         case AF_INET:
  616                 {
  617                         struct sockaddr_in *sin;
  618 
  619                         sin = (struct sockaddr_in *)&sctp_ifap->address.sin;
  620                         if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) ||
  621                             (IN4_ISLOOPBACK_ADDRESS(&sin->sin_addr))) {
  622                                 sctp_ifap->src_is_loop = 1;
  623                         }
  624                         if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) {
  625                                 sctp_ifap->src_is_priv = 1;
  626                         }
  627                         sctp_ifnp->num_v4++;
  628                         if (new_ifn_af)
  629                                 new_ifn_af = AF_INET;
  630                         break;
  631                 }
  632 #endif
  633 #ifdef INET6
  634         case AF_INET6:
  635                 {
  636                         /* ok to use deprecated addresses? */
  637                         struct sockaddr_in6 *sin6;
  638 
  639                         sin6 = (struct sockaddr_in6 *)&sctp_ifap->address.sin6;
  640                         if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) ||
  641                             (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))) {
  642                                 sctp_ifap->src_is_loop = 1;
  643                         }
  644                         if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
  645                                 sctp_ifap->src_is_priv = 1;
  646                         }
  647                         sctp_ifnp->num_v6++;
  648                         if (new_ifn_af)
  649                                 new_ifn_af = AF_INET6;
  650                         break;
  651                 }
  652 #endif
  653         default:
  654                 new_ifn_af = 0;
  655                 break;
  656         }
  657         hash_of_addr = sctp_get_ifa_hash_val(&sctp_ifap->address.sa);
  658 
  659         if ((sctp_ifap->src_is_priv == 0) &&
  660             (sctp_ifap->src_is_loop == 0)) {
  661                 sctp_ifap->src_is_glob = 1;
  662         }
  663         SCTP_IPI_ADDR_WLOCK();
  664         hash_addr_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)];
  665         LIST_INSERT_HEAD(hash_addr_head, sctp_ifap, next_bucket);
  666         sctp_ifap->refcount = 1;
  667         LIST_INSERT_HEAD(&sctp_ifnp->ifalist, sctp_ifap, next_ifa);
  668         sctp_ifnp->ifa_count++;
  669         vrf->total_ifa_count++;
  670         atomic_add_int(&SCTP_BASE_INFO(ipi_count_ifas), 1);
  671         if (new_ifn_af) {
  672                 SCTP_REGISTER_INTERFACE(ifn_index, new_ifn_af);
  673                 sctp_ifnp->registered_af = new_ifn_af;
  674         }
  675         SCTP_IPI_ADDR_WUNLOCK();
  676         if (dynamic_add) {
  677                 /*
  678                  * Bump up the refcount so that when the timer completes it
  679                  * will drop back down.
  680                  */
  681                 struct sctp_laddr *wi;
  682 
  683                 atomic_add_int(&sctp_ifap->refcount, 1);
  684                 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
  685                 if (wi == NULL) {
  686                         /*
  687                          * Gak, what can we do? We have lost an address
  688                          * change can you say HOSED?
  689                          */
  690                         SCTPDBG(SCTP_DEBUG_PCB4, "Lost an address change?\n");
  691                         /* Opps, must decrement the count */
  692                         sctp_del_addr_from_vrf(vrf_id, addr, ifn_index,
  693                             if_name);
  694                         return (NULL);
  695                 }
  696                 SCTP_INCR_LADDR_COUNT();
  697                 bzero(wi, sizeof(*wi));
  698                 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time);
  699                 wi->ifa = sctp_ifap;
  700                 wi->action = SCTP_ADD_IP_ADDRESS;
  701 
  702                 SCTP_WQ_ADDR_LOCK();
  703                 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr);
  704                 SCTP_WQ_ADDR_UNLOCK();
  705 
  706                 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ,
  707                     (struct sctp_inpcb *)NULL,
  708                     (struct sctp_tcb *)NULL,
  709                     (struct sctp_nets *)NULL);
  710         } else {
  711                 /* it's ready for use */
  712                 sctp_ifap->localifa_flags &= ~SCTP_ADDR_DEFER_USE;
  713         }
  714         return (sctp_ifap);
  715 }
  716 
  717 void
  718 sctp_del_addr_from_vrf(uint32_t vrf_id, struct sockaddr *addr,
  719     uint32_t ifn_index, const char *if_name)
  720 {
  721         struct sctp_vrf *vrf;
  722         struct sctp_ifa *sctp_ifap = NULL;
  723 
  724         SCTP_IPI_ADDR_WLOCK();
  725         vrf = sctp_find_vrf(vrf_id);
  726         if (vrf == NULL) {
  727                 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id);
  728                 goto out_now;
  729         }
  730 #ifdef SCTP_DEBUG
  731         SCTPDBG(SCTP_DEBUG_PCB4, "vrf_id 0x%x: deleting address:", vrf_id);
  732         SCTPDBG_ADDR(SCTP_DEBUG_PCB4, addr);
  733 #endif
  734         sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
  735         if (sctp_ifap) {
  736                 /* Validate the delete */
  737                 if (sctp_ifap->ifn_p) {
  738                         int valid = 0;
  739 
  740                         /*-
  741                          * The name has priority over the ifn_index
  742                          * if its given. We do this especially for
  743                          * panda who might recycle indexes fast.
  744                          */
  745                         if (if_name) {
  746                                 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) == 0) {
  747                                         /* They match its a correct delete */
  748                                         valid = 1;
  749                                 }
  750                         }
  751                         if (!valid) {
  752                                 /* last ditch check ifn_index */
  753                                 if (ifn_index == sctp_ifap->ifn_p->ifn_index) {
  754                                         valid = 1;
  755                                 }
  756                         }
  757                         if (!valid) {
  758                                 SCTPDBG(SCTP_DEBUG_PCB4, "ifn:%d ifname:%s does not match addresses\n",
  759                                     ifn_index, ((if_name == NULL) ? "NULL" : if_name));
  760                                 SCTPDBG(SCTP_DEBUG_PCB4, "ifn:%d ifname:%s - ignoring delete\n",
  761                                     sctp_ifap->ifn_p->ifn_index, sctp_ifap->ifn_p->ifn_name);
  762                                 SCTP_IPI_ADDR_WUNLOCK();
  763                                 return;
  764                         }
  765                 }
  766                 SCTPDBG(SCTP_DEBUG_PCB4, "Deleting ifa %p\n", sctp_ifap);
  767                 sctp_ifap->localifa_flags &= SCTP_ADDR_VALID;
  768                 sctp_ifap->localifa_flags |= SCTP_BEING_DELETED;
  769                 vrf->total_ifa_count--;
  770                 LIST_REMOVE(sctp_ifap, next_bucket);
  771                 sctp_remove_ifa_from_ifn(sctp_ifap);
  772         }
  773 #ifdef SCTP_DEBUG
  774         else {
  775                 SCTPDBG(SCTP_DEBUG_PCB4, "Del Addr-ifn:%d Could not find address:",
  776                     ifn_index);
  777                 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, addr);
  778         }
  779 #endif
  780 
  781 out_now:
  782         SCTP_IPI_ADDR_WUNLOCK();
  783         if (sctp_ifap) {
  784                 struct sctp_laddr *wi;
  785 
  786                 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
  787                 if (wi == NULL) {
  788                         /*
  789                          * Gak, what can we do? We have lost an address
  790                          * change can you say HOSED?
  791                          */
  792                         SCTPDBG(SCTP_DEBUG_PCB4, "Lost an address change?\n");
  793 
  794                         /* Oops, must decrement the count */
  795                         sctp_free_ifa(sctp_ifap);
  796                         return;
  797                 }
  798                 SCTP_INCR_LADDR_COUNT();
  799                 bzero(wi, sizeof(*wi));
  800                 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time);
  801                 wi->ifa = sctp_ifap;
  802                 wi->action = SCTP_DEL_IP_ADDRESS;
  803                 SCTP_WQ_ADDR_LOCK();
  804                 /*
  805                  * Should this really be a tailq? As it is we will process
  806                  * the newest first :-0
  807                  */
  808                 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr);
  809                 SCTP_WQ_ADDR_UNLOCK();
  810 
  811                 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ,
  812                     (struct sctp_inpcb *)NULL,
  813                     (struct sctp_tcb *)NULL,
  814                     (struct sctp_nets *)NULL);
  815         }
  816         return;
  817 }
  818 
  819 
  820 static struct sctp_tcb *
  821 sctp_tcb_special_locate(struct sctp_inpcb **inp_p, struct sockaddr *from,
  822     struct sockaddr *to, struct sctp_nets **netp, uint32_t vrf_id)
  823 {
  824         /**** ASSUMES THE CALLER holds the INP_INFO_RLOCK */
  825         /*
  826          * If we support the TCP model, then we must now dig through to see
  827          * if we can find our endpoint in the list of tcp ep's.
  828          */
  829         uint16_t lport, rport;
  830         struct sctppcbhead *ephead;
  831         struct sctp_inpcb *inp;
  832         struct sctp_laddr *laddr;
  833         struct sctp_tcb *stcb;
  834         struct sctp_nets *net;
  835 
  836         if ((to == NULL) || (from == NULL)) {
  837                 return (NULL);
  838         }
  839         switch (to->sa_family) {
  840 #ifdef INET
  841         case AF_INET:
  842                 if (from->sa_family == AF_INET) {
  843                         lport = ((struct sockaddr_in *)to)->sin_port;
  844                         rport = ((struct sockaddr_in *)from)->sin_port;
  845                 } else {
  846                         return (NULL);
  847                 }
  848                 break;
  849 #endif
  850 #ifdef INET6
  851         case AF_INET6:
  852                 if (from->sa_family == AF_INET6) {
  853                         lport = ((struct sockaddr_in6 *)to)->sin6_port;
  854                         rport = ((struct sockaddr_in6 *)from)->sin6_port;
  855                 } else {
  856                         return (NULL);
  857                 }
  858                 break;
  859 #endif
  860         default:
  861                 return (NULL);
  862         }
  863         ephead = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR((lport | rport), SCTP_BASE_INFO(hashtcpmark))];
  864         /*
  865          * Ok now for each of the guys in this bucket we must look and see:
  866          * - Does the remote port match. - Does there single association's
  867          * addresses match this address (to). If so we update p_ep to point
  868          * to this ep and return the tcb from it.
  869          */
  870         LIST_FOREACH(inp, ephead, sctp_hash) {
  871                 SCTP_INP_RLOCK(inp);
  872                 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
  873                         SCTP_INP_RUNLOCK(inp);
  874                         continue;
  875                 }
  876                 if (lport != inp->sctp_lport) {
  877                         SCTP_INP_RUNLOCK(inp);
  878                         continue;
  879                 }
  880                 if (inp->def_vrf_id != vrf_id) {
  881                         SCTP_INP_RUNLOCK(inp);
  882                         continue;
  883                 }
  884                 /* check to see if the ep has one of the addresses */
  885                 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) {
  886                         /* We are NOT bound all, so look further */
  887                         int match = 0;
  888 
  889                         LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
  890 
  891                                 if (laddr->ifa == NULL) {
  892                                         SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n", __FUNCTION__);
  893                                         continue;
  894                                 }
  895                                 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
  896                                         SCTPDBG(SCTP_DEBUG_PCB1, "ifa being deleted\n");
  897                                         continue;
  898                                 }
  899                                 if (laddr->ifa->address.sa.sa_family ==
  900                                     to->sa_family) {
  901                                         /* see if it matches */
  902 
  903 #ifdef INET
  904                                         if (from->sa_family == AF_INET) {
  905                                                 struct sockaddr_in *intf_addr,
  906                                                            *sin;
  907 
  908                                                 intf_addr = &laddr->ifa->address.sin;
  909                                                 sin = (struct sockaddr_in *)to;
  910                                                 if (sin->sin_addr.s_addr ==
  911                                                     intf_addr->sin_addr.s_addr) {
  912                                                         match = 1;
  913                                                         break;
  914                                                 }
  915                                         }
  916 #endif
  917 #ifdef INET6
  918                                         if (from->sa_family == AF_INET6) {
  919                                                 struct sockaddr_in6 *intf_addr6;
  920                                                 struct sockaddr_in6 *sin6;
  921 
  922                                                 sin6 = (struct sockaddr_in6 *)
  923                                                     to;
  924                                                 intf_addr6 = &laddr->ifa->address.sin6;
  925 
  926                                                 if (SCTP6_ARE_ADDR_EQUAL(sin6,
  927                                                     intf_addr6)) {
  928                                                         match = 1;
  929                                                         break;
  930                                                 }
  931                                         }
  932 #endif
  933                                 }
  934                         }
  935                         if (match == 0) {
  936                                 /* This endpoint does not have this address */
  937                                 SCTP_INP_RUNLOCK(inp);
  938                                 continue;
  939                         }
  940                 }
  941                 /*
  942                  * Ok if we hit here the ep has the address, does it hold
  943                  * the tcb?
  944                  */
  945 
  946                 stcb = LIST_FIRST(&inp->sctp_asoc_list);
  947                 if (stcb == NULL) {
  948                         SCTP_INP_RUNLOCK(inp);
  949                         continue;
  950                 }
  951                 SCTP_TCB_LOCK(stcb);
  952                 if (stcb->rport != rport) {
  953                         /* remote port does not match. */
  954                         SCTP_TCB_UNLOCK(stcb);
  955                         SCTP_INP_RUNLOCK(inp);
  956                         continue;
  957                 }
  958                 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
  959                         SCTP_TCB_UNLOCK(stcb);
  960                         SCTP_INP_RUNLOCK(inp);
  961                         continue;
  962                 }
  963                 /* Does this TCB have a matching address? */
  964                 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
  965 
  966                         if (net->ro._l_addr.sa.sa_family != from->sa_family) {
  967                                 /* not the same family, can't be a match */
  968                                 continue;
  969                         }
  970                         switch (from->sa_family) {
  971 #ifdef INET
  972                         case AF_INET:
  973                                 {
  974                                         struct sockaddr_in *sin, *rsin;
  975 
  976                                         sin = (struct sockaddr_in *)&net->ro._l_addr;
  977                                         rsin = (struct sockaddr_in *)from;
  978                                         if (sin->sin_addr.s_addr ==
  979                                             rsin->sin_addr.s_addr) {
  980                                                 /* found it */
  981                                                 if (netp != NULL) {
  982                                                         *netp = net;
  983                                                 }
  984                                                 /*
  985                                                  * Update the endpoint
  986                                                  * pointer
  987                                                  */
  988                                                 *inp_p = inp;
  989                                                 SCTP_INP_RUNLOCK(inp);
  990                                                 return (stcb);
  991                                         }
  992                                         break;
  993                                 }
  994 #endif
  995 #ifdef INET6
  996                         case AF_INET6:
  997                                 {
  998                                         struct sockaddr_in6 *sin6, *rsin6;
  999 
 1000                                         sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
 1001                                         rsin6 = (struct sockaddr_in6 *)from;
 1002                                         if (SCTP6_ARE_ADDR_EQUAL(sin6,
 1003                                             rsin6)) {
 1004                                                 /* found it */
 1005                                                 if (netp != NULL) {
 1006                                                         *netp = net;
 1007                                                 }
 1008                                                 /*
 1009                                                  * Update the endpoint
 1010                                                  * pointer
 1011                                                  */
 1012                                                 *inp_p = inp;
 1013                                                 SCTP_INP_RUNLOCK(inp);
 1014                                                 return (stcb);
 1015                                         }
 1016                                         break;
 1017                                 }
 1018 #endif
 1019                         default:
 1020                                 /* TSNH */
 1021                                 break;
 1022                         }
 1023                 }
 1024                 SCTP_TCB_UNLOCK(stcb);
 1025                 SCTP_INP_RUNLOCK(inp);
 1026         }
 1027         return (NULL);
 1028 }
 1029 
 1030 static int
 1031 sctp_does_stcb_own_this_addr(struct sctp_tcb *stcb, struct sockaddr *to)
 1032 {
 1033         int loopback_scope, ipv4_local_scope, local_scope, site_scope;
 1034         int ipv4_addr_legal, ipv6_addr_legal;
 1035         struct sctp_vrf *vrf;
 1036         struct sctp_ifn *sctp_ifn;
 1037         struct sctp_ifa *sctp_ifa;
 1038 
 1039         loopback_scope = stcb->asoc.loopback_scope;
 1040         ipv4_local_scope = stcb->asoc.ipv4_local_scope;
 1041         local_scope = stcb->asoc.local_scope;
 1042         site_scope = stcb->asoc.site_scope;
 1043         ipv4_addr_legal = ipv6_addr_legal = 0;
 1044         if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
 1045                 ipv6_addr_legal = 1;
 1046                 if (SCTP_IPV6_V6ONLY(stcb->sctp_ep) == 0) {
 1047                         ipv4_addr_legal = 1;
 1048                 }
 1049         } else {
 1050                 ipv4_addr_legal = 1;
 1051         }
 1052 
 1053         SCTP_IPI_ADDR_RLOCK();
 1054         vrf = sctp_find_vrf(stcb->asoc.vrf_id);
 1055         if (vrf == NULL) {
 1056                 /* no vrf, no addresses */
 1057                 SCTP_IPI_ADDR_RUNLOCK();
 1058                 return (0);
 1059         }
 1060         if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
 1061                 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
 1062                         if ((loopback_scope == 0) &&
 1063                             SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
 1064                                 continue;
 1065                         }
 1066                         LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
 1067                                 if (sctp_is_addr_restricted(stcb, sctp_ifa) &&
 1068                                     (!sctp_is_addr_pending(stcb, sctp_ifa))) {
 1069                                         /*
 1070                                          * We allow pending addresses, where
 1071                                          * we have sent an asconf-add to be
 1072                                          * considered valid.
 1073                                          */
 1074                                         continue;
 1075                                 }
 1076                                 switch (sctp_ifa->address.sa.sa_family) {
 1077 #ifdef INET
 1078                                 case AF_INET:
 1079                                         if (ipv4_addr_legal) {
 1080                                                 struct sockaddr_in *sin,
 1081                                                            *rsin;
 1082 
 1083                                                 sin = &sctp_ifa->address.sin;
 1084                                                 rsin = (struct sockaddr_in *)to;
 1085                                                 if ((ipv4_local_scope == 0) &&
 1086                                                     IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) {
 1087                                                         continue;
 1088                                                 }
 1089                                                 if (sin->sin_addr.s_addr == rsin->sin_addr.s_addr) {
 1090                                                         SCTP_IPI_ADDR_RUNLOCK();
 1091                                                         return (1);
 1092                                                 }
 1093                                         }
 1094                                         break;
 1095 #endif
 1096 #ifdef INET6
 1097                                 case AF_INET6:
 1098                                         if (ipv6_addr_legal) {
 1099                                                 struct sockaddr_in6 *sin6,
 1100                                                             *rsin6;
 1101 
 1102                                                 sin6 = &sctp_ifa->address.sin6;
 1103                                                 rsin6 = (struct sockaddr_in6 *)to;
 1104                                                 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
 1105                                                         if (local_scope == 0)
 1106                                                                 continue;
 1107                                                         if (sin6->sin6_scope_id == 0) {
 1108                                                                 if (sa6_recoverscope(sin6) != 0)
 1109                                                                         continue;
 1110                                                         }
 1111                                                 }
 1112                                                 if ((site_scope == 0) &&
 1113                                                     (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) {
 1114                                                         continue;
 1115                                                 }
 1116                                                 if (SCTP6_ARE_ADDR_EQUAL(sin6, rsin6)) {
 1117                                                         SCTP_IPI_ADDR_RUNLOCK();
 1118                                                         return (1);
 1119                                                 }
 1120                                         }
 1121                                         break;
 1122 #endif
 1123                                 default:
 1124                                         /* TSNH */
 1125                                         break;
 1126                                 }
 1127                         }
 1128                 }
 1129         } else {
 1130                 struct sctp_laddr *laddr;
 1131 
 1132                 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) {
 1133                         if (sctp_is_addr_restricted(stcb, laddr->ifa) &&
 1134                             (!sctp_is_addr_pending(stcb, laddr->ifa))) {
 1135                                 /*
 1136                                  * We allow pending addresses, where we have
 1137                                  * sent an asconf-add to be considered
 1138                                  * valid.
 1139                                  */
 1140                                 continue;
 1141                         }
 1142                         if (laddr->ifa->address.sa.sa_family != to->sa_family) {
 1143                                 continue;
 1144                         }
 1145                         switch (to->sa_family) {
 1146 #ifdef INET
 1147                         case AF_INET:
 1148                                 {
 1149                                         struct sockaddr_in *sin, *rsin;
 1150 
 1151                                         sin = (struct sockaddr_in *)&laddr->ifa->address.sin;
 1152                                         rsin = (struct sockaddr_in *)to;
 1153                                         if (sin->sin_addr.s_addr == rsin->sin_addr.s_addr) {
 1154                                                 SCTP_IPI_ADDR_RUNLOCK();
 1155                                                 return (1);
 1156                                         }
 1157                                         break;
 1158                                 }
 1159 #endif
 1160 #ifdef INET6
 1161                         case AF_INET6:
 1162                                 {
 1163                                         struct sockaddr_in6 *sin6, *rsin6;
 1164 
 1165                                         sin6 = (struct sockaddr_in6 *)&laddr->ifa->address.sin6;
 1166                                         rsin6 = (struct sockaddr_in6 *)to;
 1167                                         if (SCTP6_ARE_ADDR_EQUAL(sin6, rsin6)) {
 1168                                                 SCTP_IPI_ADDR_RUNLOCK();
 1169                                                 return (1);
 1170                                         }
 1171                                         break;
 1172                                 }
 1173 
 1174 #endif
 1175                         default:
 1176                                 /* TSNH */
 1177                                 break;
 1178                         }
 1179 
 1180                 }
 1181         }
 1182         SCTP_IPI_ADDR_RUNLOCK();
 1183         return (0);
 1184 }
 1185 
 1186 /*
 1187  * rules for use
 1188  *
 1189  * 1) If I return a NULL you must decrement any INP ref cnt. 2) If I find an
 1190  * stcb, both will be locked (locked_tcb and stcb) but decrement will be done
 1191  * (if locked == NULL). 3) Decrement happens on return ONLY if locked ==
 1192  * NULL.
 1193  */
 1194 
 1195 struct sctp_tcb *
 1196 sctp_findassociation_ep_addr(struct sctp_inpcb **inp_p, struct sockaddr *remote,
 1197     struct sctp_nets **netp, struct sockaddr *local, struct sctp_tcb *locked_tcb)
 1198 {
 1199         struct sctpasochead *head;
 1200         struct sctp_inpcb *inp;
 1201         struct sctp_tcb *stcb = NULL;
 1202         struct sctp_nets *net;
 1203         uint16_t rport;
 1204 
 1205         inp = *inp_p;
 1206         if (remote->sa_family == AF_INET) {
 1207                 rport = (((struct sockaddr_in *)remote)->sin_port);
 1208         } else if (remote->sa_family == AF_INET6) {
 1209                 rport = (((struct sockaddr_in6 *)remote)->sin6_port);
 1210         } else {
 1211                 return (NULL);
 1212         }
 1213         if (locked_tcb) {
 1214                 /*
 1215                  * UN-lock so we can do proper locking here this occurs when
 1216                  * called from load_addresses_from_init.
 1217                  */
 1218                 atomic_add_int(&locked_tcb->asoc.refcnt, 1);
 1219                 SCTP_TCB_UNLOCK(locked_tcb);
 1220         }
 1221         SCTP_INP_INFO_RLOCK();
 1222         if (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) {
 1223                 /*-
 1224                  * Now either this guy is our listener or it's the
 1225                  * connector. If it is the one that issued the connect, then
 1226                  * it's only chance is to be the first TCB in the list. If
 1227                  * it is the acceptor, then do the special_lookup to hash
 1228                  * and find the real inp.
 1229                  */
 1230                 if ((inp->sctp_socket) && (inp->sctp_socket->so_qlimit)) {
 1231                         /* to is peer addr, from is my addr */
 1232                         stcb = sctp_tcb_special_locate(inp_p, remote, local,
 1233                             netp, inp->def_vrf_id);
 1234                         if ((stcb != NULL) && (locked_tcb == NULL)) {
 1235                                 /* we have a locked tcb, lower refcount */
 1236                                 SCTP_INP_DECR_REF(inp);
 1237                         }
 1238                         if ((locked_tcb != NULL) && (locked_tcb != stcb)) {
 1239                                 SCTP_INP_RLOCK(locked_tcb->sctp_ep);
 1240                                 SCTP_TCB_LOCK(locked_tcb);
 1241                                 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
 1242                                 SCTP_INP_RUNLOCK(locked_tcb->sctp_ep);
 1243                         }
 1244                         SCTP_INP_INFO_RUNLOCK();
 1245                         return (stcb);
 1246                 } else {
 1247                         SCTP_INP_WLOCK(inp);
 1248                         if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
 1249                                 goto null_return;
 1250                         }
 1251                         stcb = LIST_FIRST(&inp->sctp_asoc_list);
 1252                         if (stcb == NULL) {
 1253                                 goto null_return;
 1254                         }
 1255                         SCTP_TCB_LOCK(stcb);
 1256 
 1257                         if (stcb->rport != rport) {
 1258                                 /* remote port does not match. */
 1259                                 SCTP_TCB_UNLOCK(stcb);
 1260                                 goto null_return;
 1261                         }
 1262                         if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
 1263                                 SCTP_TCB_UNLOCK(stcb);
 1264                                 goto null_return;
 1265                         }
 1266                         if (local && !sctp_does_stcb_own_this_addr(stcb, local)) {
 1267                                 SCTP_TCB_UNLOCK(stcb);
 1268                                 goto null_return;
 1269                         }
 1270                         /* now look at the list of remote addresses */
 1271                         TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
 1272 #ifdef INVARIANTS
 1273                                 if (net == (TAILQ_NEXT(net, sctp_next))) {
 1274                                         panic("Corrupt net list");
 1275                                 }
 1276 #endif
 1277                                 if (net->ro._l_addr.sa.sa_family !=
 1278                                     remote->sa_family) {
 1279                                         /* not the same family */
 1280                                         continue;
 1281                                 }
 1282                                 switch (remote->sa_family) {
 1283 #ifdef INET
 1284                                 case AF_INET:
 1285                                         {
 1286                                                 struct sockaddr_in *sin,
 1287                                                            *rsin;
 1288 
 1289                                                 sin = (struct sockaddr_in *)
 1290                                                     &net->ro._l_addr;
 1291                                                 rsin = (struct sockaddr_in *)remote;
 1292                                                 if (sin->sin_addr.s_addr ==
 1293                                                     rsin->sin_addr.s_addr) {
 1294                                                         /* found it */
 1295                                                         if (netp != NULL) {
 1296                                                                 *netp = net;
 1297                                                         }
 1298                                                         if (locked_tcb == NULL) {
 1299                                                                 SCTP_INP_DECR_REF(inp);
 1300                                                         } else if (locked_tcb != stcb) {
 1301                                                                 SCTP_TCB_LOCK(locked_tcb);
 1302                                                         }
 1303                                                         if (locked_tcb) {
 1304                                                                 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
 1305                                                         }
 1306                                                         SCTP_INP_WUNLOCK(inp);
 1307                                                         SCTP_INP_INFO_RUNLOCK();
 1308                                                         return (stcb);
 1309                                                 }
 1310                                                 break;
 1311                                         }
 1312 #endif
 1313 #ifdef INET6
 1314                                 case AF_INET6:
 1315                                         {
 1316                                                 struct sockaddr_in6 *sin6,
 1317                                                             *rsin6;
 1318 
 1319                                                 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
 1320                                                 rsin6 = (struct sockaddr_in6 *)remote;
 1321                                                 if (SCTP6_ARE_ADDR_EQUAL(sin6,
 1322                                                     rsin6)) {
 1323                                                         /* found it */
 1324                                                         if (netp != NULL) {
 1325                                                                 *netp = net;
 1326                                                         }
 1327                                                         if (locked_tcb == NULL) {
 1328                                                                 SCTP_INP_DECR_REF(inp);
 1329                                                         } else if (locked_tcb != stcb) {
 1330                                                                 SCTP_TCB_LOCK(locked_tcb);
 1331                                                         }
 1332                                                         if (locked_tcb) {
 1333                                                                 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
 1334                                                         }
 1335                                                         SCTP_INP_WUNLOCK(inp);
 1336                                                         SCTP_INP_INFO_RUNLOCK();
 1337                                                         return (stcb);
 1338                                                 }
 1339                                                 break;
 1340                                         }
 1341 #endif
 1342                                 default:
 1343                                         /* TSNH */
 1344                                         break;
 1345                                 }
 1346                         }
 1347                         SCTP_TCB_UNLOCK(stcb);
 1348                 }
 1349         } else {
 1350                 SCTP_INP_WLOCK(inp);
 1351                 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
 1352                         goto null_return;
 1353                 }
 1354                 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(rport,
 1355                     inp->sctp_hashmark)];
 1356                 if (head == NULL) {
 1357                         goto null_return;
 1358                 }
 1359                 LIST_FOREACH(stcb, head, sctp_tcbhash) {
 1360                         if (stcb->rport != rport) {
 1361                                 /* remote port does not match */
 1362                                 continue;
 1363                         }
 1364                         SCTP_TCB_LOCK(stcb);
 1365                         if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
 1366                                 SCTP_TCB_UNLOCK(stcb);
 1367                                 continue;
 1368                         }
 1369                         if (local && !sctp_does_stcb_own_this_addr(stcb, local)) {
 1370                                 SCTP_TCB_UNLOCK(stcb);
 1371                                 continue;
 1372                         }
 1373                         /* now look at the list of remote addresses */
 1374                         TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
 1375 #ifdef INVARIANTS
 1376                                 if (net == (TAILQ_NEXT(net, sctp_next))) {
 1377                                         panic("Corrupt net list");
 1378                                 }
 1379 #endif
 1380                                 if (net->ro._l_addr.sa.sa_family !=
 1381                                     remote->sa_family) {
 1382                                         /* not the same family */
 1383                                         continue;
 1384                                 }
 1385                                 switch (remote->sa_family) {
 1386 #ifdef INET
 1387                                 case AF_INET:
 1388                                         {
 1389                                                 struct sockaddr_in *sin,
 1390                                                            *rsin;
 1391 
 1392                                                 sin = (struct sockaddr_in *)
 1393                                                     &net->ro._l_addr;
 1394                                                 rsin = (struct sockaddr_in *)remote;
 1395                                                 if (sin->sin_addr.s_addr ==
 1396                                                     rsin->sin_addr.s_addr) {
 1397                                                         /* found it */
 1398                                                         if (netp != NULL) {
 1399                                                                 *netp = net;
 1400                                                         }
 1401                                                         if (locked_tcb == NULL) {
 1402                                                                 SCTP_INP_DECR_REF(inp);
 1403                                                         } else if (locked_tcb != stcb) {
 1404                                                                 SCTP_TCB_LOCK(locked_tcb);
 1405                                                         }
 1406                                                         if (locked_tcb) {
 1407                                                                 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
 1408                                                         }
 1409                                                         SCTP_INP_WUNLOCK(inp);
 1410                                                         SCTP_INP_INFO_RUNLOCK();
 1411                                                         return (stcb);
 1412                                                 }
 1413                                                 break;
 1414                                         }
 1415 #endif
 1416 #ifdef INET6
 1417                                 case AF_INET6:
 1418                                         {
 1419                                                 struct sockaddr_in6 *sin6,
 1420                                                             *rsin6;
 1421 
 1422                                                 sin6 = (struct sockaddr_in6 *)
 1423                                                     &net->ro._l_addr;
 1424                                                 rsin6 = (struct sockaddr_in6 *)remote;
 1425                                                 if (SCTP6_ARE_ADDR_EQUAL(sin6,
 1426                                                     rsin6)) {
 1427                                                         /* found it */
 1428                                                         if (netp != NULL) {
 1429                                                                 *netp = net;
 1430                                                         }
 1431                                                         if (locked_tcb == NULL) {
 1432                                                                 SCTP_INP_DECR_REF(inp);
 1433                                                         } else if (locked_tcb != stcb) {
 1434                                                                 SCTP_TCB_LOCK(locked_tcb);
 1435                                                         }
 1436                                                         if (locked_tcb) {
 1437                                                                 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
 1438                                                         }
 1439                                                         SCTP_INP_WUNLOCK(inp);
 1440                                                         SCTP_INP_INFO_RUNLOCK();
 1441                                                         return (stcb);
 1442                                                 }
 1443                                                 break;
 1444                                         }
 1445 #endif
 1446                                 default:
 1447                                         /* TSNH */
 1448                                         break;
 1449                                 }
 1450                         }
 1451                         SCTP_TCB_UNLOCK(stcb);
 1452                 }
 1453         }
 1454 null_return:
 1455         /* clean up for returning null */
 1456         if (locked_tcb) {
 1457                 SCTP_TCB_LOCK(locked_tcb);
 1458                 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
 1459         }
 1460         SCTP_INP_WUNLOCK(inp);
 1461         SCTP_INP_INFO_RUNLOCK();
 1462         /* not found */
 1463         return (NULL);
 1464 }
 1465 
 1466 /*
 1467  * Find an association for a specific endpoint using the association id given
 1468  * out in the COMM_UP notification
 1469  */
 1470 
 1471 struct sctp_tcb *
 1472 sctp_findasoc_ep_asocid_locked(struct sctp_inpcb *inp, sctp_assoc_t asoc_id, int want_lock)
 1473 {
 1474         /*
 1475          * Use my the assoc_id to find a endpoint
 1476          */
 1477         struct sctpasochead *head;
 1478         struct sctp_tcb *stcb;
 1479         uint32_t id;
 1480 
 1481         if (inp == NULL) {
 1482                 SCTP_PRINTF("TSNH ep_associd\n");
 1483                 return (NULL);
 1484         }
 1485         if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
 1486                 SCTP_PRINTF("TSNH ep_associd0\n");
 1487                 return (NULL);
 1488         }
 1489         id = (uint32_t) asoc_id;
 1490         head = &inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(id, inp->hashasocidmark)];
 1491         if (head == NULL) {
 1492                 /* invalid id TSNH */
 1493                 SCTP_PRINTF("TSNH ep_associd1\n");
 1494                 return (NULL);
 1495         }
 1496         LIST_FOREACH(stcb, head, sctp_tcbasocidhash) {
 1497                 if (stcb->asoc.assoc_id == id) {
 1498                         if (inp != stcb->sctp_ep) {
 1499                                 /*
 1500                                  * some other guy has the same id active (id
 1501                                  * collision ??).
 1502                                  */
 1503                                 SCTP_PRINTF("TSNH ep_associd2\n");
 1504                                 continue;
 1505                         }
 1506                         if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
 1507                                 continue;
 1508                         }
 1509                         if (want_lock) {
 1510                                 SCTP_TCB_LOCK(stcb);
 1511                         }
 1512                         return (stcb);
 1513                 }
 1514         }
 1515         return (NULL);
 1516 }
 1517 
 1518 
 1519 struct sctp_tcb *
 1520 sctp_findassociation_ep_asocid(struct sctp_inpcb *inp, sctp_assoc_t asoc_id, int want_lock)
 1521 {
 1522         struct sctp_tcb *stcb;
 1523 
 1524         SCTP_INP_RLOCK(inp);
 1525         stcb = sctp_findasoc_ep_asocid_locked(inp, asoc_id, want_lock);
 1526         SCTP_INP_RUNLOCK(inp);
 1527         return (stcb);
 1528 }
 1529 
 1530 
 1531 static struct sctp_inpcb *
 1532 sctp_endpoint_probe(struct sockaddr *nam, struct sctppcbhead *head,
 1533     uint16_t lport, uint32_t vrf_id)
 1534 {
 1535         struct sctp_inpcb *inp;
 1536         struct sctp_laddr *laddr;
 1537 
 1538 #ifdef INET
 1539         struct sockaddr_in *sin;
 1540 
 1541 #endif
 1542 #ifdef INET6
 1543         struct sockaddr_in6 *sin6;
 1544         struct sockaddr_in6 *intf_addr6;
 1545 
 1546 #endif
 1547 
 1548         int fnd;
 1549 
 1550         /*
 1551          * Endpoint probe expects that the INP_INFO is locked.
 1552          */
 1553 #ifdef INET
 1554         sin = NULL;
 1555 #endif
 1556 #ifdef INET6
 1557         sin6 = NULL;
 1558 #endif
 1559         switch (nam->sa_family) {
 1560 #ifdef INET
 1561         case AF_INET:
 1562                 sin = (struct sockaddr_in *)nam;
 1563                 break;
 1564 #endif
 1565 #ifdef INET6
 1566         case AF_INET6:
 1567                 sin6 = (struct sockaddr_in6 *)nam;
 1568                 break;
 1569 #endif
 1570         default:
 1571                 /* unsupported family */
 1572                 return (NULL);
 1573         }
 1574 
 1575         if (head == NULL)
 1576                 return (NULL);
 1577 
 1578         LIST_FOREACH(inp, head, sctp_hash) {
 1579                 SCTP_INP_RLOCK(inp);
 1580                 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
 1581                         SCTP_INP_RUNLOCK(inp);
 1582                         continue;
 1583                 }
 1584                 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) &&
 1585                     (inp->sctp_lport == lport)) {
 1586                         /* got it */
 1587 #ifdef INET
 1588                         if ((nam->sa_family == AF_INET) &&
 1589                             (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
 1590                             SCTP_IPV6_V6ONLY(inp)) {
 1591                                 /* IPv4 on a IPv6 socket with ONLY IPv6 set */
 1592                                 SCTP_INP_RUNLOCK(inp);
 1593                                 continue;
 1594                         }
 1595 #endif
 1596 #ifdef INET6
 1597                         /* A V6 address and the endpoint is NOT bound V6 */
 1598                         if (nam->sa_family == AF_INET6 &&
 1599                             (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) {
 1600                                 SCTP_INP_RUNLOCK(inp);
 1601                                 continue;
 1602                         }
 1603 #endif
 1604                         /* does a VRF id match? */
 1605                         fnd = 0;
 1606                         if (inp->def_vrf_id == vrf_id)
 1607                                 fnd = 1;
 1608 
 1609                         SCTP_INP_RUNLOCK(inp);
 1610                         if (!fnd)
 1611                                 continue;
 1612                         return (inp);
 1613                 }
 1614                 SCTP_INP_RUNLOCK(inp);
 1615         }
 1616         switch (nam->sa_family) {
 1617 #ifdef INET
 1618         case AF_INET:
 1619                 if (sin->sin_addr.s_addr == INADDR_ANY) {
 1620                         /* Can't hunt for one that has no address specified */
 1621                         return (NULL);
 1622                 }
 1623                 break;
 1624 #endif
 1625 #ifdef INET6
 1626         case AF_INET6:
 1627                 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
 1628                         /* Can't hunt for one that has no address specified */
 1629                         return (NULL);
 1630                 }
 1631                 break;
 1632 #endif
 1633         default:
 1634                 break;
 1635         }
 1636         /*
 1637          * ok, not bound to all so see if we can find a EP bound to this
 1638          * address.
 1639          */
 1640         LIST_FOREACH(inp, head, sctp_hash) {
 1641                 SCTP_INP_RLOCK(inp);
 1642                 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
 1643                         SCTP_INP_RUNLOCK(inp);
 1644                         continue;
 1645                 }
 1646                 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL)) {
 1647                         SCTP_INP_RUNLOCK(inp);
 1648                         continue;
 1649                 }
 1650                 /*
 1651                  * Ok this could be a likely candidate, look at all of its
 1652                  * addresses
 1653                  */
 1654                 if (inp->sctp_lport != lport) {
 1655                         SCTP_INP_RUNLOCK(inp);
 1656                         continue;
 1657                 }
 1658                 /* does a VRF id match? */
 1659                 fnd = 0;
 1660                 if (inp->def_vrf_id == vrf_id)
 1661                         fnd = 1;
 1662 
 1663                 if (!fnd) {
 1664                         SCTP_INP_RUNLOCK(inp);
 1665                         continue;
 1666                 }
 1667                 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
 1668                         if (laddr->ifa == NULL) {
 1669                                 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n",
 1670                                     __FUNCTION__);
 1671                                 continue;
 1672                         }
 1673                         SCTPDBG(SCTP_DEBUG_PCB1, "Ok laddr->ifa:%p is possible, ",
 1674                             laddr->ifa);
 1675                         if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
 1676                                 SCTPDBG(SCTP_DEBUG_PCB1, "Huh IFA being deleted\n");
 1677                                 continue;
 1678                         }
 1679                         if (laddr->ifa->address.sa.sa_family == nam->sa_family) {
 1680                                 /* possible, see if it matches */
 1681                                 switch (nam->sa_family) {
 1682 #ifdef INET
 1683                                 case AF_INET:
 1684                                         if (sin->sin_addr.s_addr ==
 1685                                             laddr->ifa->address.sin.sin_addr.s_addr) {
 1686                                                 SCTP_INP_RUNLOCK(inp);
 1687                                                 return (inp);
 1688                                         }
 1689                                         break;
 1690 #endif
 1691 #ifdef INET6
 1692                                 case AF_INET6:
 1693                                         intf_addr6 = &laddr->ifa->address.sin6;
 1694                                         if (SCTP6_ARE_ADDR_EQUAL(sin6,
 1695                                             intf_addr6)) {
 1696                                                 SCTP_INP_RUNLOCK(inp);
 1697                                                 return (inp);
 1698                                         }
 1699                                         break;
 1700 #endif
 1701                                 }
 1702                         }
 1703                 }
 1704                 SCTP_INP_RUNLOCK(inp);
 1705         }
 1706         return (NULL);
 1707 }
 1708 
 1709 
 1710 static struct sctp_inpcb *
 1711 sctp_isport_inuse(struct sctp_inpcb *inp, uint16_t lport, uint32_t vrf_id)
 1712 {
 1713         struct sctppcbhead *head;
 1714         struct sctp_inpcb *t_inp;
 1715         int fnd;
 1716 
 1717         head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport,
 1718             SCTP_BASE_INFO(hashmark))];
 1719         LIST_FOREACH(t_inp, head, sctp_hash) {
 1720                 if (t_inp->sctp_lport != lport) {
 1721                         continue;
 1722                 }
 1723                 /* is it in the VRF in question */
 1724                 fnd = 0;
 1725                 if (t_inp->def_vrf_id == vrf_id)
 1726                         fnd = 1;
 1727                 if (!fnd)
 1728                         continue;
 1729 
 1730                 /* This one is in use. */
 1731                 /* check the v6/v4 binding issue */
 1732                 if ((t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
 1733                     SCTP_IPV6_V6ONLY(t_inp)) {
 1734                         if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
 1735                                 /* collision in V6 space */
 1736                                 return (t_inp);
 1737                         } else {
 1738                                 /* inp is BOUND_V4 no conflict */
 1739                                 continue;
 1740                         }
 1741                 } else if (t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
 1742                         /* t_inp is bound v4 and v6, conflict always */
 1743                         return (t_inp);
 1744                 } else {
 1745                         /* t_inp is bound only V4 */
 1746                         if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
 1747                             SCTP_IPV6_V6ONLY(inp)) {
 1748                                 /* no conflict */
 1749                                 continue;
 1750                         }
 1751                         /* else fall through to conflict */
 1752                 }
 1753                 return (t_inp);
 1754         }
 1755         return (NULL);
 1756 }
 1757 
 1758 
 1759 int
 1760 sctp_swap_inpcb_for_listen(struct sctp_inpcb *inp)
 1761 {
 1762         /* For 1-2-1 with port reuse */
 1763         struct sctppcbhead *head;
 1764         struct sctp_inpcb *tinp;
 1765 
 1766         if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_PORTREUSE)) {
 1767                 /* only works with port reuse on */
 1768                 return (-1);
 1769         }
 1770         if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) == 0) {
 1771                 return (0);
 1772         }
 1773         SCTP_INP_RUNLOCK(inp);
 1774         head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(inp->sctp_lport,
 1775             SCTP_BASE_INFO(hashmark))];
 1776         /* Kick out all non-listeners to the TCP hash */
 1777         LIST_FOREACH(tinp, head, sctp_hash) {
 1778                 if (tinp->sctp_lport != inp->sctp_lport) {
 1779                         continue;
 1780                 }
 1781                 if (tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
 1782                         continue;
 1783                 }
 1784                 if (tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
 1785                         continue;
 1786                 }
 1787                 if (tinp->sctp_socket->so_qlimit) {
 1788                         continue;
 1789                 }
 1790                 SCTP_INP_WLOCK(tinp);
 1791                 LIST_REMOVE(tinp, sctp_hash);
 1792                 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR(tinp->sctp_lport, SCTP_BASE_INFO(hashtcpmark))];
 1793                 tinp->sctp_flags |= SCTP_PCB_FLAGS_IN_TCPPOOL;
 1794                 LIST_INSERT_HEAD(head, tinp, sctp_hash);
 1795                 SCTP_INP_WUNLOCK(tinp);
 1796         }
 1797         SCTP_INP_WLOCK(inp);
 1798         /* Pull from where he was */
 1799         LIST_REMOVE(inp, sctp_hash);
 1800         inp->sctp_flags &= ~SCTP_PCB_FLAGS_IN_TCPPOOL;
 1801         head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(inp->sctp_lport, SCTP_BASE_INFO(hashmark))];
 1802         LIST_INSERT_HEAD(head, inp, sctp_hash);
 1803         SCTP_INP_WUNLOCK(inp);
 1804         SCTP_INP_RLOCK(inp);
 1805         return (0);
 1806 }
 1807 
 1808 
 1809 struct sctp_inpcb *
 1810 sctp_pcb_findep(struct sockaddr *nam, int find_tcp_pool, int have_lock,
 1811     uint32_t vrf_id)
 1812 {
 1813         /*
 1814          * First we check the hash table to see if someone has this port
 1815          * bound with just the port.
 1816          */
 1817         struct sctp_inpcb *inp;
 1818         struct sctppcbhead *head;
 1819         int lport;
 1820         unsigned int i;
 1821 
 1822 #ifdef INET
 1823         struct sockaddr_in *sin;
 1824 
 1825 #endif
 1826 #ifdef INET6
 1827         struct sockaddr_in6 *sin6;
 1828 
 1829 #endif
 1830 
 1831         switch (nam->sa_family) {
 1832 #ifdef INET
 1833         case AF_INET:
 1834                 sin = (struct sockaddr_in *)nam;
 1835                 lport = sin->sin_port;
 1836                 break;
 1837 #endif
 1838 #ifdef INET6
 1839         case AF_INET6:
 1840                 sin6 = (struct sockaddr_in6 *)nam;
 1841                 lport = sin6->sin6_port;
 1842                 break;
 1843 #endif
 1844         default:
 1845                 return (NULL);
 1846         }
 1847         /*
 1848          * I could cheat here and just cast to one of the types but we will
 1849          * do it right. It also provides the check against an Unsupported
 1850          * type too.
 1851          */
 1852         /* Find the head of the ALLADDR chain */
 1853         if (have_lock == 0) {
 1854                 SCTP_INP_INFO_RLOCK();
 1855         }
 1856         head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport,
 1857             SCTP_BASE_INFO(hashmark))];
 1858         inp = sctp_endpoint_probe(nam, head, lport, vrf_id);
 1859 
 1860         /*
 1861          * If the TCP model exists it could be that the main listening
 1862          * endpoint is gone but there still exists a connected socket for
 1863          * this guy. If so we can return the first one that we find. This
 1864          * may NOT be the correct one so the caller should be wary on the
 1865          * returned INP. Currently the only caller that sets find_tcp_pool
 1866          * is in bindx where we are verifying that a user CAN bind the
 1867          * address. He either has bound it already, or someone else has, or
 1868          * its open to bind, so this is good enough.
 1869          */
 1870         if (inp == NULL && find_tcp_pool) {
 1871                 for (i = 0; i < SCTP_BASE_INFO(hashtcpmark) + 1; i++) {
 1872                         head = &SCTP_BASE_INFO(sctp_tcpephash)[i];
 1873                         inp = sctp_endpoint_probe(nam, head, lport, vrf_id);
 1874                         if (inp) {
 1875                                 break;
 1876                         }
 1877                 }
 1878         }
 1879         if (inp) {
 1880                 SCTP_INP_INCR_REF(inp);
 1881         }
 1882         if (have_lock == 0) {
 1883                 SCTP_INP_INFO_RUNLOCK();
 1884         }
 1885         return (inp);
 1886 }
 1887 
 1888 /*
 1889  * Find an association for an endpoint with the pointer to whom you want to
 1890  * send to and the endpoint pointer. The address can be IPv4 or IPv6. We may
 1891  * need to change the *to to some other struct like a mbuf...
 1892  */
 1893 struct sctp_tcb *
 1894 sctp_findassociation_addr_sa(struct sockaddr *to, struct sockaddr *from,
 1895     struct sctp_inpcb **inp_p, struct sctp_nets **netp, int find_tcp_pool,
 1896     uint32_t vrf_id)
 1897 {
 1898         struct sctp_inpcb *inp = NULL;
 1899         struct sctp_tcb *retval;
 1900 
 1901         SCTP_INP_INFO_RLOCK();
 1902         if (find_tcp_pool) {
 1903                 if (inp_p != NULL) {
 1904                         retval = sctp_tcb_special_locate(inp_p, from, to, netp,
 1905                             vrf_id);
 1906                 } else {
 1907                         retval = sctp_tcb_special_locate(&inp, from, to, netp,
 1908                             vrf_id);
 1909                 }
 1910                 if (retval != NULL) {
 1911                         SCTP_INP_INFO_RUNLOCK();
 1912                         return (retval);
 1913                 }
 1914         }
 1915         inp = sctp_pcb_findep(to, 0, 1, vrf_id);
 1916         if (inp_p != NULL) {
 1917                 *inp_p = inp;
 1918         }
 1919         SCTP_INP_INFO_RUNLOCK();
 1920 
 1921         if (inp == NULL) {
 1922                 return (NULL);
 1923         }
 1924         /*
 1925          * ok, we have an endpoint, now lets find the assoc for it (if any)
 1926          * we now place the source address or from in the to of the find
 1927          * endpoint call. Since in reality this chain is used from the
 1928          * inbound packet side.
 1929          */
 1930         if (inp_p != NULL) {
 1931                 retval = sctp_findassociation_ep_addr(inp_p, from, netp, to,
 1932                     NULL);
 1933         } else {
 1934                 retval = sctp_findassociation_ep_addr(&inp, from, netp, to,
 1935                     NULL);
 1936         }
 1937         return retval;
 1938 }
 1939 
 1940 
 1941 /*
 1942  * This routine will grub through the mbuf that is a INIT or INIT-ACK and
 1943  * find all addresses that the sender has specified in any address list. Each
 1944  * address will be used to lookup the TCB and see if one exits.
 1945  */
 1946 static struct sctp_tcb *
 1947 sctp_findassociation_special_addr(struct mbuf *m, int offset,
 1948     struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp,
 1949     struct sockaddr *dest)
 1950 {
 1951         struct sctp_paramhdr *phdr, parm_buf;
 1952         struct sctp_tcb *retval;
 1953         uint32_t ptype, plen;
 1954 
 1955 #ifdef INET
 1956         struct sockaddr_in sin4;
 1957 
 1958 #endif
 1959 #ifdef INET6
 1960         struct sockaddr_in6 sin6;
 1961 
 1962 #endif
 1963 
 1964 #ifdef INET
 1965         memset(&sin4, 0, sizeof(sin4));
 1966         sin4.sin_len = sizeof(sin4);
 1967         sin4.sin_family = AF_INET;
 1968         sin4.sin_port = sh->src_port;
 1969 #endif
 1970 #ifdef INET6
 1971         memset(&sin6, 0, sizeof(sin6));
 1972         sin6.sin6_len = sizeof(sin6);
 1973         sin6.sin6_family = AF_INET6;
 1974         sin6.sin6_port = sh->src_port;
 1975 #endif
 1976 
 1977         retval = NULL;
 1978         offset += sizeof(struct sctp_init_chunk);
 1979 
 1980         phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf));
 1981         while (phdr != NULL) {
 1982                 /* now we must see if we want the parameter */
 1983                 ptype = ntohs(phdr->param_type);
 1984                 plen = ntohs(phdr->param_length);
 1985                 if (plen == 0) {
 1986                         break;
 1987                 }
 1988 #ifdef INET
 1989                 if (ptype == SCTP_IPV4_ADDRESS &&
 1990                     plen == sizeof(struct sctp_ipv4addr_param)) {
 1991                         /* Get the rest of the address */
 1992                         struct sctp_ipv4addr_param ip4_parm, *p4;
 1993 
 1994                         phdr = sctp_get_next_param(m, offset,
 1995                             (struct sctp_paramhdr *)&ip4_parm, min(plen, sizeof(ip4_parm)));
 1996                         if (phdr == NULL) {
 1997                                 return (NULL);
 1998                         }
 1999                         p4 = (struct sctp_ipv4addr_param *)phdr;
 2000                         memcpy(&sin4.sin_addr, &p4->addr, sizeof(p4->addr));
 2001                         /* look it up */
 2002                         retval = sctp_findassociation_ep_addr(inp_p,
 2003                             (struct sockaddr *)&sin4, netp, dest, NULL);
 2004                         if (retval != NULL) {
 2005                                 return (retval);
 2006                         }
 2007                 }
 2008 #endif
 2009 #ifdef INET6
 2010                 if (ptype == SCTP_IPV6_ADDRESS &&
 2011                     plen == sizeof(struct sctp_ipv6addr_param)) {
 2012                         /* Get the rest of the address */
 2013                         struct sctp_ipv6addr_param ip6_parm, *p6;
 2014 
 2015                         phdr = sctp_get_next_param(m, offset,
 2016                             (struct sctp_paramhdr *)&ip6_parm, min(plen, sizeof(ip6_parm)));
 2017                         if (phdr == NULL) {
 2018                                 return (NULL);
 2019                         }
 2020                         p6 = (struct sctp_ipv6addr_param *)phdr;
 2021                         memcpy(&sin6.sin6_addr, &p6->addr, sizeof(p6->addr));
 2022                         /* look it up */
 2023                         retval = sctp_findassociation_ep_addr(inp_p,
 2024                             (struct sockaddr *)&sin6, netp, dest, NULL);
 2025                         if (retval != NULL) {
 2026                                 return (retval);
 2027                         }
 2028                 }
 2029 #endif
 2030                 offset += SCTP_SIZE32(plen);
 2031                 phdr = sctp_get_next_param(m, offset, &parm_buf,
 2032                     sizeof(parm_buf));
 2033         }
 2034         return (NULL);
 2035 }
 2036 
 2037 static struct sctp_tcb *
 2038 sctp_findassoc_by_vtag(struct sockaddr *from, struct sockaddr *to, uint32_t vtag,
 2039     struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint16_t rport,
 2040     uint16_t lport, int skip_src_check, uint32_t vrf_id, uint32_t remote_tag)
 2041 {
 2042         /*
 2043          * Use my vtag to hash. If we find it we then verify the source addr
 2044          * is in the assoc. If all goes well we save a bit on rec of a
 2045          * packet.
 2046          */
 2047         struct sctpasochead *head;
 2048         struct sctp_nets *net;
 2049         struct sctp_tcb *stcb;
 2050 
 2051         SCTP_INP_INFO_RLOCK();
 2052         head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(vtag,
 2053             SCTP_BASE_INFO(hashasocmark))];
 2054         if (head == NULL) {
 2055                 /* invalid vtag */
 2056                 SCTP_INP_INFO_RUNLOCK();
 2057                 return (NULL);
 2058         }
 2059         LIST_FOREACH(stcb, head, sctp_asocs) {
 2060                 SCTP_INP_RLOCK(stcb->sctp_ep);
 2061                 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
 2062                         SCTP_INP_RUNLOCK(stcb->sctp_ep);
 2063                         continue;
 2064                 }
 2065                 if (stcb->sctp_ep->def_vrf_id != vrf_id) {
 2066                         SCTP_INP_RUNLOCK(stcb->sctp_ep);
 2067                         continue;
 2068                 }
 2069                 SCTP_TCB_LOCK(stcb);
 2070                 SCTP_INP_RUNLOCK(stcb->sctp_ep);
 2071                 if (stcb->asoc.my_vtag == vtag) {
 2072                         /* candidate */
 2073                         if (stcb->rport != rport) {
 2074                                 SCTP_TCB_UNLOCK(stcb);
 2075                                 continue;
 2076                         }
 2077                         if (stcb->sctp_ep->sctp_lport != lport) {
 2078                                 SCTP_TCB_UNLOCK(stcb);
 2079                                 continue;
 2080                         }
 2081                         if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
 2082                                 SCTP_TCB_UNLOCK(stcb);
 2083                                 continue;
 2084                         }
 2085                         /* RRS:Need toaddr check here */
 2086                         if (sctp_does_stcb_own_this_addr(stcb, to) == 0) {
 2087                                 /* Endpoint does not own this address */
 2088                                 SCTP_TCB_UNLOCK(stcb);
 2089                                 continue;
 2090                         }
 2091                         if (remote_tag) {
 2092                                 /*
 2093                                  * If we have both vtags that's all we match
 2094                                  * on
 2095                                  */
 2096                                 if (stcb->asoc.peer_vtag == remote_tag) {
 2097                                         /*
 2098                                          * If both tags match we consider it
 2099                                          * conclusive and check NO
 2100                                          * source/destination addresses
 2101                                          */
 2102                                         goto conclusive;
 2103                                 }
 2104                         }
 2105                         if (skip_src_check) {
 2106                 conclusive:
 2107                                 if (from) {
 2108                                         *netp = sctp_findnet(stcb, from);
 2109                                 } else {
 2110                                         *netp = NULL;   /* unknown */
 2111                                 }
 2112                                 if (inp_p)
 2113                                         *inp_p = stcb->sctp_ep;
 2114                                 SCTP_INP_INFO_RUNLOCK();
 2115                                 return (stcb);
 2116                         }
 2117                         net = sctp_findnet(stcb, from);
 2118                         if (net) {
 2119                                 /* yep its him. */
 2120                                 *netp = net;
 2121                                 SCTP_STAT_INCR(sctps_vtagexpress);
 2122                                 *inp_p = stcb->sctp_ep;
 2123                                 SCTP_INP_INFO_RUNLOCK();
 2124                                 return (stcb);
 2125                         } else {
 2126                                 /*
 2127                                  * not him, this should only happen in rare
 2128                                  * cases so I peg it.
 2129                                  */
 2130                                 SCTP_STAT_INCR(sctps_vtagbogus);
 2131                         }
 2132                 }
 2133                 SCTP_TCB_UNLOCK(stcb);
 2134         }
 2135         SCTP_INP_INFO_RUNLOCK();
 2136         return (NULL);
 2137 }
 2138 
 2139 /*
 2140  * Find an association with the pointer to the inbound IP packet. This can be
 2141  * a IPv4 or IPv6 packet.
 2142  */
 2143 struct sctp_tcb *
 2144 sctp_findassociation_addr(struct mbuf *m, int offset,
 2145     struct sctphdr *sh, struct sctp_chunkhdr *ch,
 2146     struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint32_t vrf_id)
 2147 {
 2148         int find_tcp_pool;
 2149         struct ip *iph;
 2150         struct sctp_tcb *retval;
 2151         struct sockaddr_storage to_store, from_store;
 2152         struct sockaddr *to = (struct sockaddr *)&to_store;
 2153         struct sockaddr *from = (struct sockaddr *)&from_store;
 2154         struct sctp_inpcb *inp;
 2155 
 2156         iph = mtod(m, struct ip *);
 2157         switch (iph->ip_v) {
 2158 #ifdef INET
 2159         case IPVERSION:
 2160                 {
 2161                         /* its IPv4 */
 2162                         struct sockaddr_in *from4;
 2163 
 2164                         from4 = (struct sockaddr_in *)&from_store;
 2165                         bzero(from4, sizeof(*from4));
 2166                         from4->sin_family = AF_INET;
 2167                         from4->sin_len = sizeof(struct sockaddr_in);
 2168                         from4->sin_addr.s_addr = iph->ip_src.s_addr;
 2169                         from4->sin_port = sh->src_port;
 2170                         break;
 2171                 }
 2172 #endif
 2173 #ifdef INET6
 2174         case IPV6_VERSION >> 4:
 2175                 {
 2176                         /* its IPv6 */
 2177                         struct ip6_hdr *ip6;
 2178                         struct sockaddr_in6 *from6;
 2179 
 2180                         ip6 = mtod(m, struct ip6_hdr *);
 2181                         from6 = (struct sockaddr_in6 *)&from_store;
 2182                         bzero(from6, sizeof(*from6));
 2183                         from6->sin6_family = AF_INET6;
 2184                         from6->sin6_len = sizeof(struct sockaddr_in6);
 2185                         from6->sin6_addr = ip6->ip6_src;
 2186                         from6->sin6_port = sh->src_port;
 2187                         /* Get the scopes in properly to the sin6 addr's */
 2188                         sa6_embedscope(from6, MODULE_GLOBAL(ip6_use_defzone));
 2189                         break;
 2190                 }
 2191 #endif
 2192         default:
 2193                 /* Currently not supported. */
 2194                 return (NULL);
 2195         }
 2196 
 2197 
 2198         switch (iph->ip_v) {
 2199 #ifdef INET
 2200         case IPVERSION:
 2201                 {
 2202                         /* its IPv4 */
 2203                         struct sockaddr_in *to4;
 2204 
 2205                         to4 = (struct sockaddr_in *)&to_store;
 2206                         bzero(to4, sizeof(*to4));
 2207                         to4->sin_family = AF_INET;
 2208                         to4->sin_len = sizeof(struct sockaddr_in);
 2209                         to4->sin_addr.s_addr = iph->ip_dst.s_addr;
 2210                         to4->sin_port = sh->dest_port;
 2211                         break;
 2212                 }
 2213 #endif
 2214 #ifdef INET6
 2215         case IPV6_VERSION >> 4:
 2216                 {
 2217                         /* its IPv6 */
 2218                         struct ip6_hdr *ip6;
 2219                         struct sockaddr_in6 *to6;
 2220 
 2221                         ip6 = mtod(m, struct ip6_hdr *);
 2222                         to6 = (struct sockaddr_in6 *)&to_store;
 2223                         bzero(to6, sizeof(*to6));
 2224                         to6->sin6_family = AF_INET6;
 2225                         to6->sin6_len = sizeof(struct sockaddr_in6);
 2226                         to6->sin6_addr = ip6->ip6_dst;
 2227                         to6->sin6_port = sh->dest_port;
 2228                         /* Get the scopes in properly to the sin6 addr's */
 2229                         sa6_embedscope(to6, MODULE_GLOBAL(ip6_use_defzone));
 2230                         break;
 2231                 }
 2232 #endif
 2233         default:
 2234                 /* TSNH */
 2235                 break;
 2236         }
 2237         if (sh->v_tag) {
 2238                 /* we only go down this path if vtag is non-zero */
 2239                 retval = sctp_findassoc_by_vtag(from, to, ntohl(sh->v_tag),
 2240                     inp_p, netp, sh->src_port, sh->dest_port, 0, vrf_id, 0);
 2241                 if (retval) {
 2242                         return (retval);
 2243                 }
 2244         }
 2245         find_tcp_pool = 0;
 2246         if ((ch->chunk_type != SCTP_INITIATION) &&
 2247             (ch->chunk_type != SCTP_INITIATION_ACK) &&
 2248             (ch->chunk_type != SCTP_COOKIE_ACK) &&
 2249             (ch->chunk_type != SCTP_COOKIE_ECHO)) {
 2250                 /* Other chunk types go to the tcp pool. */
 2251                 find_tcp_pool = 1;
 2252         }
 2253         if (inp_p) {
 2254                 retval = sctp_findassociation_addr_sa(to, from, inp_p, netp,
 2255                     find_tcp_pool, vrf_id);
 2256                 inp = *inp_p;
 2257         } else {
 2258                 retval = sctp_findassociation_addr_sa(to, from, &inp, netp,
 2259                     find_tcp_pool, vrf_id);
 2260         }
 2261         SCTPDBG(SCTP_DEBUG_PCB1, "retval:%p inp:%p\n", retval, inp);
 2262         if (retval == NULL && inp) {
 2263                 /* Found a EP but not this address */
 2264                 if ((ch->chunk_type == SCTP_INITIATION) ||
 2265                     (ch->chunk_type == SCTP_INITIATION_ACK)) {
 2266                         /*-
 2267                          * special hook, we do NOT return linp or an
 2268                          * association that is linked to an existing
 2269                          * association that is under the TCP pool (i.e. no
 2270                          * listener exists). The endpoint finding routine
 2271                          * will always find a listener before examining the
 2272                          * TCP pool.
 2273                          */
 2274                         if (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) {
 2275                                 if (inp_p) {
 2276                                         *inp_p = NULL;
 2277                                 }
 2278                                 return (NULL);
 2279                         }
 2280                         retval = sctp_findassociation_special_addr(m,
 2281                             offset, sh, &inp, netp, to);
 2282                         if (inp_p != NULL) {
 2283                                 *inp_p = inp;
 2284                         }
 2285                 }
 2286         }
 2287         SCTPDBG(SCTP_DEBUG_PCB1, "retval is %p\n", retval);
 2288         return (retval);
 2289 }
 2290 
 2291 /*
 2292  * lookup an association by an ASCONF lookup address.
 2293  * if the lookup address is 0.0.0.0 or ::0, use the vtag to do the lookup
 2294  */
 2295 struct sctp_tcb *
 2296 sctp_findassociation_ep_asconf(struct mbuf *m, int offset,
 2297     struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint32_t vrf_id)
 2298 {
 2299         struct sctp_tcb *stcb;
 2300         struct sockaddr_storage local_store, remote_store;
 2301         struct sockaddr *to;
 2302         struct ip *iph;
 2303         struct sctp_paramhdr parm_buf, *phdr;
 2304         int ptype;
 2305         int zero_address = 0;
 2306 
 2307 #ifdef INET
 2308         struct sockaddr_in *sin;
 2309 
 2310 #endif
 2311 #ifdef INET6
 2312         struct ip6_hdr *ip6;
 2313         struct sockaddr_in6 *sin6;
 2314 
 2315 #endif
 2316 
 2317         memset(&local_store, 0, sizeof(local_store));
 2318         memset(&remote_store, 0, sizeof(remote_store));
 2319         to = (struct sockaddr *)&local_store;
 2320         /* First get the destination address setup too. */
 2321         iph = mtod(m, struct ip *);
 2322         switch (iph->ip_v) {
 2323 #ifdef INET
 2324         case IPVERSION:
 2325                 /* its IPv4 */
 2326                 sin = (struct sockaddr_in *)&local_store;
 2327                 sin->sin_family = AF_INET;
 2328                 sin->sin_len = sizeof(*sin);
 2329                 sin->sin_port = sh->dest_port;
 2330                 sin->sin_addr.s_addr = iph->ip_dst.s_addr;
 2331                 break;
 2332 #endif
 2333 #ifdef INET6
 2334         case IPV6_VERSION >> 4:
 2335                 /* its IPv6 */
 2336                 ip6 = mtod(m, struct ip6_hdr *);
 2337                 sin6 = (struct sockaddr_in6 *)&local_store;
 2338                 sin6->sin6_family = AF_INET6;
 2339                 sin6->sin6_len = sizeof(*sin6);
 2340                 sin6->sin6_port = sh->dest_port;
 2341                 sin6->sin6_addr = ip6->ip6_dst;
 2342                 break;
 2343 #endif
 2344         default:
 2345                 return NULL;
 2346         }
 2347 
 2348         phdr = sctp_get_next_param(m, offset + sizeof(struct sctp_asconf_chunk),
 2349             &parm_buf, sizeof(struct sctp_paramhdr));
 2350         if (phdr == NULL) {
 2351                 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf lookup addr\n",
 2352                     __FUNCTION__);
 2353                 return NULL;
 2354         }
 2355         ptype = (int)((uint32_t) ntohs(phdr->param_type));
 2356         /* get the correlation address */
 2357         switch (ptype) {
 2358 #ifdef INET6
 2359         case SCTP_IPV6_ADDRESS:
 2360                 {
 2361                         /* ipv6 address param */
 2362                         struct sctp_ipv6addr_param *p6, p6_buf;
 2363 
 2364                         if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv6addr_param)) {
 2365                                 return NULL;
 2366                         }
 2367                         p6 = (struct sctp_ipv6addr_param *)sctp_get_next_param(m,
 2368                             offset + sizeof(struct sctp_asconf_chunk),
 2369                             &p6_buf.ph, sizeof(*p6));
 2370                         if (p6 == NULL) {
 2371                                 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v6 lookup addr\n",
 2372                                     __FUNCTION__);
 2373                                 return (NULL);
 2374                         }
 2375                         sin6 = (struct sockaddr_in6 *)&remote_store;
 2376                         sin6->sin6_family = AF_INET6;
 2377                         sin6->sin6_len = sizeof(*sin6);
 2378                         sin6->sin6_port = sh->src_port;
 2379                         memcpy(&sin6->sin6_addr, &p6->addr, sizeof(struct in6_addr));
 2380                         if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))
 2381                                 zero_address = 1;
 2382                         break;
 2383                 }
 2384 #endif
 2385 #ifdef INET
 2386         case SCTP_IPV4_ADDRESS:
 2387                 {
 2388                         /* ipv4 address param */
 2389                         struct sctp_ipv4addr_param *p4, p4_buf;
 2390 
 2391                         if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv4addr_param)) {
 2392                                 return NULL;
 2393                         }
 2394                         p4 = (struct sctp_ipv4addr_param *)sctp_get_next_param(m,
 2395                             offset + sizeof(struct sctp_asconf_chunk),
 2396                             &p4_buf.ph, sizeof(*p4));
 2397                         if (p4 == NULL) {
 2398                                 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v4 lookup addr\n",
 2399                                     __FUNCTION__);
 2400                                 return (NULL);
 2401                         }
 2402                         sin = (struct sockaddr_in *)&remote_store;
 2403                         sin->sin_family = AF_INET;
 2404                         sin->sin_len = sizeof(*sin);
 2405                         sin->sin_port = sh->src_port;
 2406                         memcpy(&sin->sin_addr, &p4->addr, sizeof(struct in_addr));
 2407                         if (sin->sin_addr.s_addr == INADDR_ANY)
 2408                                 zero_address = 1;
 2409                         break;
 2410                 }
 2411 #endif
 2412         default:
 2413                 /* invalid address param type */
 2414                 return NULL;
 2415         }
 2416 
 2417         if (zero_address) {
 2418                 stcb = sctp_findassoc_by_vtag(NULL, to, ntohl(sh->v_tag), inp_p,
 2419                     netp, sh->src_port, sh->dest_port, 1, vrf_id, 0);
 2420                 if (stcb != NULL) {
 2421                         SCTP_INP_DECR_REF(*inp_p);
 2422                 }
 2423         } else {
 2424                 stcb = sctp_findassociation_ep_addr(inp_p,
 2425                     (struct sockaddr *)&remote_store, netp,
 2426                     to, NULL);
 2427         }
 2428         return (stcb);
 2429 }
 2430 
 2431 
 2432 /*
 2433  * allocate a sctp_inpcb and setup a temporary binding to a port/all
 2434  * addresses. This way if we don't get a bind we by default pick a ephemeral
 2435  * port with all addresses bound.
 2436  */
 2437 int
 2438 sctp_inpcb_alloc(struct socket *so, uint32_t vrf_id)
 2439 {
 2440         /*
 2441          * we get called when a new endpoint starts up. We need to allocate
 2442          * the sctp_inpcb structure from the zone and init it. Mark it as
 2443          * unbound and find a port that we can use as an ephemeral with
 2444          * INADDR_ANY. If the user binds later no problem we can then add in
 2445          * the specific addresses. And setup the default parameters for the
 2446          * EP.
 2447          */
 2448         int i, error;
 2449         struct sctp_inpcb *inp;
 2450         struct sctp_pcb *m;
 2451         struct timeval time;
 2452         sctp_sharedkey_t *null_key;
 2453 
 2454         error = 0;
 2455 
 2456         SCTP_INP_INFO_WLOCK();
 2457         inp = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_ep), struct sctp_inpcb);
 2458         if (inp == NULL) {
 2459                 SCTP_PRINTF("Out of SCTP-INPCB structures - no resources\n");
 2460                 SCTP_INP_INFO_WUNLOCK();
 2461                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
 2462                 return (ENOBUFS);
 2463         }
 2464         /* zap it */
 2465         bzero(inp, sizeof(*inp));
 2466 
 2467         /* bump generations */
 2468         /* setup socket pointers */
 2469         inp->sctp_socket = so;
 2470         inp->ip_inp.inp.inp_socket = so;
 2471 #ifdef INET6
 2472         if (MODULE_GLOBAL(ip6_auto_flowlabel)) {
 2473                 inp->ip_inp.inp.inp_flags |= IN6P_AUTOFLOWLABEL;
 2474         }
 2475 #endif
 2476         inp->sctp_associd_counter = 1;
 2477         inp->partial_delivery_point = SCTP_SB_LIMIT_RCV(so) >> SCTP_PARTIAL_DELIVERY_SHIFT;
 2478         inp->sctp_frag_point = SCTP_DEFAULT_MAXSEGMENT;
 2479         inp->sctp_cmt_on_off = SCTP_BASE_SYSCTL(sctp_cmt_on_off);
 2480         inp->sctp_ecn_enable = SCTP_BASE_SYSCTL(sctp_ecn_enable);
 2481         /* init the small hash table we use to track asocid <-> tcb */
 2482         inp->sctp_asocidhash = SCTP_HASH_INIT(SCTP_STACK_VTAG_HASH_SIZE, &inp->hashasocidmark);
 2483         if (inp->sctp_asocidhash == NULL) {
 2484                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
 2485                 SCTP_INP_INFO_WUNLOCK();
 2486                 return (ENOBUFS);
 2487         }
 2488 #ifdef IPSEC
 2489         {
 2490                 struct inpcbpolicy *pcb_sp = NULL;
 2491 
 2492                 error = ipsec_init_policy(so, &pcb_sp);
 2493                 /* Arrange to share the policy */
 2494                 inp->ip_inp.inp.inp_sp = pcb_sp;
 2495                 ((struct in6pcb *)(&inp->ip_inp.inp))->in6p_sp = pcb_sp;
 2496         }
 2497         if (error != 0) {
 2498                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
 2499                 SCTP_INP_INFO_WUNLOCK();
 2500                 return error;
 2501         }
 2502 #endif                          /* IPSEC */
 2503         SCTP_INCR_EP_COUNT();
 2504         inp->ip_inp.inp.inp_ip_ttl = MODULE_GLOBAL(ip_defttl);
 2505         SCTP_INP_INFO_WUNLOCK();
 2506 
 2507         so->so_pcb = (caddr_t)inp;
 2508 
 2509         if (SCTP_SO_TYPE(so) == SOCK_SEQPACKET) {
 2510                 /* UDP style socket */
 2511                 inp->sctp_flags = (SCTP_PCB_FLAGS_UDPTYPE |
 2512                     SCTP_PCB_FLAGS_UNBOUND);
 2513                 /* Be sure it is NON-BLOCKING IO for UDP */
 2514                 /* SCTP_SET_SO_NBIO(so); */
 2515         } else if (SCTP_SO_TYPE(so) == SOCK_STREAM) {
 2516                 /* TCP style socket */
 2517                 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE |
 2518                     SCTP_PCB_FLAGS_UNBOUND);
 2519                 /* Be sure we have blocking IO by default */
 2520                 SCTP_CLEAR_SO_NBIO(so);
 2521         } else {
 2522                 /*
 2523                  * unsupported socket type (RAW, etc)- in case we missed it
 2524                  * in protosw
 2525                  */
 2526                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EOPNOTSUPP);
 2527                 so->so_pcb = NULL;
 2528                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
 2529                 return (EOPNOTSUPP);
 2530         }
 2531         if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_1) {
 2532                 sctp_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE);
 2533                 sctp_feature_off(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS);
 2534         } else if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_2) {
 2535                 sctp_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE);
 2536                 sctp_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS);
 2537         } else if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_0) {
 2538                 sctp_feature_off(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE);
 2539                 sctp_feature_off(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS);
 2540         }
 2541         inp->sctp_tcbhash = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_pcbtblsize),
 2542             &inp->sctp_hashmark);
 2543         if (inp->sctp_tcbhash == NULL) {
 2544                 SCTP_PRINTF("Out of SCTP-INPCB->hashinit - no resources\n");
 2545                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
 2546                 so->so_pcb = NULL;
 2547                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
 2548                 return (ENOBUFS);
 2549         }
 2550         inp->def_vrf_id = vrf_id;
 2551 
 2552         SCTP_INP_INFO_WLOCK();
 2553         SCTP_INP_LOCK_INIT(inp);
 2554         INP_LOCK_INIT(&inp->ip_inp.inp, "inp", "sctpinp");
 2555         SCTP_INP_READ_INIT(inp);
 2556         SCTP_ASOC_CREATE_LOCK_INIT(inp);
 2557         /* lock the new ep */
 2558         SCTP_INP_WLOCK(inp);
 2559 
 2560         /* add it to the info area */
 2561         LIST_INSERT_HEAD(&SCTP_BASE_INFO(listhead), inp, sctp_list);
 2562         SCTP_INP_INFO_WUNLOCK();
 2563 
 2564         TAILQ_INIT(&inp->read_queue);
 2565         LIST_INIT(&inp->sctp_addr_list);
 2566 
 2567         LIST_INIT(&inp->sctp_asoc_list);
 2568 
 2569 #ifdef SCTP_TRACK_FREED_ASOCS
 2570         /* TEMP CODE */
 2571         LIST_INIT(&inp->sctp_asoc_free_list);
 2572 #endif
 2573         /* Init the timer structure for signature change */
 2574         SCTP_OS_TIMER_INIT(&inp->sctp_ep.signature_change.timer);
 2575         inp->sctp_ep.signature_change.type = SCTP_TIMER_TYPE_NEWCOOKIE;
 2576 
 2577         /* now init the actual endpoint default data */
 2578         m = &inp->sctp_ep;
 2579 
 2580         /* setup the base timeout information */
 2581         m->sctp_timeoutticks[SCTP_TIMER_SEND] = SEC_TO_TICKS(SCTP_SEND_SEC);    /* needed ? */
 2582         m->sctp_timeoutticks[SCTP_TIMER_INIT] = SEC_TO_TICKS(SCTP_INIT_SEC);    /* needed ? */
 2583         m->sctp_timeoutticks[SCTP_TIMER_RECV] = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_delayed_sack_time_default));
 2584         m->sctp_timeoutticks[SCTP_TIMER_HEARTBEAT] = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_heartbeat_interval_default));
 2585         m->sctp_timeoutticks[SCTP_TIMER_PMTU] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_pmtu_raise_time_default));
 2586         m->sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_shutdown_guard_time_default));
 2587         m->sctp_timeoutticks[SCTP_TIMER_SIGNATURE] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_secret_lifetime_default));
 2588         /* all max/min max are in ms */
 2589         m->sctp_maxrto = SCTP_BASE_SYSCTL(sctp_rto_max_default);
 2590         m->sctp_minrto = SCTP_BASE_SYSCTL(sctp_rto_min_default);
 2591         m->initial_rto = SCTP_BASE_SYSCTL(sctp_rto_initial_default);
 2592         m->initial_init_rto_max = SCTP_BASE_SYSCTL(sctp_init_rto_max_default);
 2593         m->sctp_sack_freq = SCTP_BASE_SYSCTL(sctp_sack_freq_default);
 2594 
 2595         m->max_open_streams_intome = MAX_SCTP_STREAMS;
 2596 
 2597         m->max_init_times = SCTP_BASE_SYSCTL(sctp_init_rtx_max_default);
 2598         m->max_send_times = SCTP_BASE_SYSCTL(sctp_assoc_rtx_max_default);
 2599         m->def_net_failure = SCTP_BASE_SYSCTL(sctp_path_rtx_max_default);
 2600         m->def_net_pf_threshold = SCTP_BASE_SYSCTL(sctp_path_pf_threshold);
 2601         m->sctp_sws_sender = SCTP_SWS_SENDER_DEF;
 2602         m->sctp_sws_receiver = SCTP_SWS_RECEIVER_DEF;
 2603         m->max_burst = SCTP_BASE_SYSCTL(sctp_max_burst_default);
 2604         m->fr_max_burst = SCTP_BASE_SYSCTL(sctp_fr_max_burst_default);
 2605 
 2606         m->sctp_default_cc_module = SCTP_BASE_SYSCTL(sctp_default_cc_module);
 2607         m->sctp_default_ss_module = SCTP_BASE_SYSCTL(sctp_default_ss_module);
 2608         /* number of streams to pre-open on a association */
 2609         m->pre_open_stream_count = SCTP_BASE_SYSCTL(sctp_nr_outgoing_streams_default);
 2610 
 2611         /* Add adaptation cookie */
 2612         m->adaptation_layer_indicator = 0x504C5253;
 2613 
 2614         /* seed random number generator */
 2615         m->random_counter = 1;
 2616         m->store_at = SCTP_SIGNATURE_SIZE;
 2617         SCTP_READ_RANDOM(m->random_numbers, sizeof(m->random_numbers));
 2618         sctp_fill_random_store(m);
 2619 
 2620         /* Minimum cookie size */
 2621         m->size_of_a_cookie = (sizeof(struct sctp_init_msg) * 2) +
 2622             sizeof(struct sctp_state_cookie);
 2623         m->size_of_a_cookie += SCTP_SIGNATURE_SIZE;
 2624 
 2625         /* Setup the initial secret */
 2626         (void)SCTP_GETTIME_TIMEVAL(&time);
 2627         m->time_of_secret_change = time.tv_sec;
 2628 
 2629         for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) {
 2630                 m->secret_key[0][i] = sctp_select_initial_TSN(m);
 2631         }
 2632         sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL);
 2633 
 2634         /* How long is a cookie good for ? */
 2635         m->def_cookie_life = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_valid_cookie_life_default));
 2636         /*
 2637          * Initialize authentication parameters
 2638          */
 2639         m->local_hmacs = sctp_default_supported_hmaclist();
 2640         m->local_auth_chunks = sctp_alloc_chunklist();
 2641         m->default_dscp = 0;
 2642 #ifdef INET6
 2643         m->default_flowlabel = 0;
 2644 #endif
 2645         m->port = 0;            /* encapsulation disabled by default */
 2646         sctp_auth_set_default_chunks(m->local_auth_chunks);
 2647         LIST_INIT(&m->shared_keys);
 2648         /* add default NULL key as key id 0 */
 2649         null_key = sctp_alloc_sharedkey();
 2650         sctp_insert_sharedkey(&m->shared_keys, null_key);
 2651         SCTP_INP_WUNLOCK(inp);
 2652 #ifdef SCTP_LOG_CLOSING
 2653         sctp_log_closing(inp, NULL, 12);
 2654 #endif
 2655         return (error);
 2656 }
 2657 
 2658 
 2659 void
 2660 sctp_move_pcb_and_assoc(struct sctp_inpcb *old_inp, struct sctp_inpcb *new_inp,
 2661     struct sctp_tcb *stcb)
 2662 {
 2663         struct sctp_nets *net;
 2664         uint16_t lport, rport;
 2665         struct sctppcbhead *head;
 2666         struct sctp_laddr *laddr, *oladdr;
 2667 
 2668         atomic_add_int(&stcb->asoc.refcnt, 1);
 2669         SCTP_TCB_UNLOCK(stcb);
 2670         SCTP_INP_INFO_WLOCK();
 2671         SCTP_INP_WLOCK(old_inp);
 2672         SCTP_INP_WLOCK(new_inp);
 2673         SCTP_TCB_LOCK(stcb);
 2674         atomic_subtract_int(&stcb->asoc.refcnt, 1);
 2675 
 2676         new_inp->sctp_ep.time_of_secret_change =
 2677             old_inp->sctp_ep.time_of_secret_change;
 2678         memcpy(new_inp->sctp_ep.secret_key, old_inp->sctp_ep.secret_key,
 2679             sizeof(old_inp->sctp_ep.secret_key));
 2680         new_inp->sctp_ep.current_secret_number =
 2681             old_inp->sctp_ep.current_secret_number;
 2682         new_inp->sctp_ep.last_secret_number =
 2683             old_inp->sctp_ep.last_secret_number;
 2684         new_inp->sctp_ep.size_of_a_cookie = old_inp->sctp_ep.size_of_a_cookie;
 2685 
 2686         /* make it so new data pours into the new socket */
 2687         stcb->sctp_socket = new_inp->sctp_socket;
 2688         stcb->sctp_ep = new_inp;
 2689 
 2690         /* Copy the port across */
 2691         lport = new_inp->sctp_lport = old_inp->sctp_lport;
 2692         rport = stcb->rport;
 2693         /* Pull the tcb from the old association */
 2694         LIST_REMOVE(stcb, sctp_tcbhash);
 2695         LIST_REMOVE(stcb, sctp_tcblist);
 2696         if (stcb->asoc.in_asocid_hash) {
 2697                 LIST_REMOVE(stcb, sctp_tcbasocidhash);
 2698         }
 2699         /* Now insert the new_inp into the TCP connected hash */
 2700         head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR((lport | rport), SCTP_BASE_INFO(hashtcpmark))];
 2701 
 2702         LIST_INSERT_HEAD(head, new_inp, sctp_hash);
 2703         /* Its safe to access */
 2704         new_inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND;
 2705 
 2706         /* Now move the tcb into the endpoint list */
 2707         LIST_INSERT_HEAD(&new_inp->sctp_asoc_list, stcb, sctp_tcblist);
 2708         /*
 2709          * Question, do we even need to worry about the ep-hash since we
 2710          * only have one connection? Probably not :> so lets get rid of it
 2711          * and not suck up any kernel memory in that.
 2712          */
 2713         if (stcb->asoc.in_asocid_hash) {
 2714                 struct sctpasochead *lhd;
 2715 
 2716                 lhd = &new_inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(stcb->asoc.assoc_id,
 2717                     new_inp->hashasocidmark)];
 2718                 LIST_INSERT_HEAD(lhd, stcb, sctp_tcbasocidhash);
 2719         }
 2720         /* Ok. Let's restart timer. */
 2721         TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
 2722                 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, new_inp,
 2723                     stcb, net);
 2724         }
 2725 
 2726         SCTP_INP_INFO_WUNLOCK();
 2727         if (new_inp->sctp_tcbhash != NULL) {
 2728                 SCTP_HASH_FREE(new_inp->sctp_tcbhash, new_inp->sctp_hashmark);
 2729                 new_inp->sctp_tcbhash = NULL;
 2730         }
 2731         if ((new_inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) {
 2732                 /* Subset bound, so copy in the laddr list from the old_inp */
 2733                 LIST_FOREACH(oladdr, &old_inp->sctp_addr_list, sctp_nxt_addr) {
 2734                         laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
 2735                         if (laddr == NULL) {
 2736                                 /*
 2737                                  * Gak, what can we do? This assoc is really
 2738                                  * HOSED. We probably should send an abort
 2739                                  * here.
 2740                                  */
 2741                                 SCTPDBG(SCTP_DEBUG_PCB1, "Association hosed in TCP model, out of laddr memory\n");
 2742                                 continue;
 2743                         }
 2744                         SCTP_INCR_LADDR_COUNT();
 2745                         bzero(laddr, sizeof(*laddr));
 2746                         (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time);
 2747                         laddr->ifa = oladdr->ifa;
 2748                         atomic_add_int(&laddr->ifa->refcount, 1);
 2749                         LIST_INSERT_HEAD(&new_inp->sctp_addr_list, laddr,
 2750                             sctp_nxt_addr);
 2751                         new_inp->laddr_count++;
 2752                         if (oladdr == stcb->asoc.last_used_address) {
 2753                                 stcb->asoc.last_used_address = laddr;
 2754                         }
 2755                 }
 2756         }
 2757         /*
 2758          * Now any running timers need to be adjusted since we really don't
 2759          * care if they are running or not just blast in the new_inp into
 2760          * all of them.
 2761          */
 2762 
 2763         stcb->asoc.dack_timer.ep = (void *)new_inp;
 2764         stcb->asoc.asconf_timer.ep = (void *)new_inp;
 2765         stcb->asoc.strreset_timer.ep = (void *)new_inp;
 2766         stcb->asoc.shut_guard_timer.ep = (void *)new_inp;
 2767         stcb->asoc.autoclose_timer.ep = (void *)new_inp;
 2768         stcb->asoc.delayed_event_timer.ep = (void *)new_inp;
 2769         stcb->asoc.delete_prim_timer.ep = (void *)new_inp;
 2770         /* now what about the nets? */
 2771         TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
 2772                 net->pmtu_timer.ep = (void *)new_inp;
 2773                 net->hb_timer.ep = (void *)new_inp;
 2774                 net->rxt_timer.ep = (void *)new_inp;
 2775         }
 2776         SCTP_INP_WUNLOCK(new_inp);
 2777         SCTP_INP_WUNLOCK(old_inp);
 2778 }
 2779 
 2780 
 2781 
 2782 
 2783 /* sctp_ifap is used to bypass normal local address validation checks */
 2784 int
 2785 sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
 2786     struct sctp_ifa *sctp_ifap, struct thread *p)
 2787 {
 2788         /* bind a ep to a socket address */
 2789         struct sctppcbhead *head;
 2790         struct sctp_inpcb *inp, *inp_tmp;
 2791         struct inpcb *ip_inp;
 2792         int port_reuse_active = 0;
 2793         int bindall;
 2794         uint16_t lport;
 2795         int error;
 2796         uint32_t vrf_id;
 2797 
 2798         lport = 0;
 2799         error = 0;
 2800         bindall = 1;
 2801         inp = (struct sctp_inpcb *)so->so_pcb;
 2802         ip_inp = (struct inpcb *)so->so_pcb;
 2803 #ifdef SCTP_DEBUG
 2804         if (addr) {
 2805                 SCTPDBG(SCTP_DEBUG_PCB1, "Bind called port:%d\n",
 2806                     ntohs(((struct sockaddr_in *)addr)->sin_port));
 2807                 SCTPDBG(SCTP_DEBUG_PCB1, "Addr :");
 2808                 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, addr);
 2809         }
 2810 #endif
 2811         if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) == 0) {
 2812                 /* already did a bind, subsequent binds NOT allowed ! */
 2813                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 2814                 return (EINVAL);
 2815         }
 2816 #ifdef INVARIANTS
 2817         if (p == NULL)
 2818                 panic("null proc/thread");
 2819 #endif
 2820         if (addr != NULL) {
 2821                 switch (addr->sa_family) {
 2822 #ifdef INET
 2823                 case AF_INET:
 2824                         {
 2825                                 struct sockaddr_in *sin;
 2826 
 2827                                 /* IPV6_V6ONLY socket? */
 2828                                 if (SCTP_IPV6_V6ONLY(ip_inp)) {
 2829                                         SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 2830                                         return (EINVAL);
 2831                                 }
 2832                                 if (addr->sa_len != sizeof(*sin)) {
 2833                                         SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 2834                                         return (EINVAL);
 2835                                 }
 2836                                 sin = (struct sockaddr_in *)addr;
 2837                                 lport = sin->sin_port;
 2838                                 /*
 2839                                  * For LOOPBACK the prison_local_ip4() call
 2840                                  * will transmute the ip address to the
 2841                                  * proper value.
 2842                                  */
 2843                                 if (p && (error = prison_local_ip4(p->td_ucred, &sin->sin_addr)) != 0) {
 2844                                         SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
 2845                                         return (error);
 2846                                 }
 2847                                 if (sin->sin_addr.s_addr != INADDR_ANY) {
 2848                                         bindall = 0;
 2849                                 }
 2850                                 break;
 2851                         }
 2852 #endif
 2853 #ifdef INET6
 2854                 case AF_INET6:
 2855                         {
 2856                                 /*
 2857                                  * Only for pure IPv6 Address. (No IPv4
 2858                                  * Mapped!)
 2859                                  */
 2860                                 struct sockaddr_in6 *sin6;
 2861 
 2862                                 sin6 = (struct sockaddr_in6 *)addr;
 2863 
 2864                                 if (addr->sa_len != sizeof(*sin6)) {
 2865                                         SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 2866                                         return (EINVAL);
 2867                                 }
 2868                                 lport = sin6->sin6_port;
 2869 
 2870                                 /*
 2871                                  * For LOOPBACK the prison_local_ip6() call
 2872                                  * will transmute the ipv6 address to the
 2873                                  * proper value.
 2874                                  */
 2875                                 if (p && (error = prison_local_ip6(p->td_ucred, &sin6->sin6_addr,
 2876                                     (SCTP_IPV6_V6ONLY(inp) != 0))) != 0) {
 2877                                         SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
 2878                                         return (error);
 2879                                 }
 2880                                 if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
 2881                                         bindall = 0;
 2882                                         /* KAME hack: embed scopeid */
 2883                                         if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
 2884                                                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 2885                                                 return (EINVAL);
 2886                                         }
 2887                                 }
 2888                                 /* this must be cleared for ifa_ifwithaddr() */
 2889                                 sin6->sin6_scope_id = 0;
 2890                                 break;
 2891                         }
 2892 #endif
 2893                 default:
 2894                         SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EAFNOSUPPORT);
 2895                         return (EAFNOSUPPORT);
 2896                 }
 2897         }
 2898         SCTP_INP_INFO_WLOCK();
 2899         SCTP_INP_WLOCK(inp);
 2900         /* Setup a vrf_id to be the default for the non-bind-all case. */
 2901         vrf_id = inp->def_vrf_id;
 2902 
 2903         /* increase our count due to the unlock we do */
 2904         SCTP_INP_INCR_REF(inp);
 2905         if (lport) {
 2906                 /*
 2907                  * Did the caller specify a port? if so we must see if a ep
 2908                  * already has this one bound.
 2909                  */
 2910                 /* got to be root to get at low ports */
 2911                 if (ntohs(lport) < IPPORT_RESERVED) {
 2912                         if (p && (error =
 2913                             priv_check(p, PRIV_NETINET_RESERVEDPORT)
 2914                             )) {
 2915                                 SCTP_INP_DECR_REF(inp);
 2916                                 SCTP_INP_WUNLOCK(inp);
 2917                                 SCTP_INP_INFO_WUNLOCK();
 2918                                 return (error);
 2919                         }
 2920                 }
 2921                 if (p == NULL) {
 2922                         SCTP_INP_DECR_REF(inp);
 2923                         SCTP_INP_WUNLOCK(inp);
 2924                         SCTP_INP_INFO_WUNLOCK();
 2925                         SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
 2926                         return (error);
 2927                 }
 2928                 SCTP_INP_WUNLOCK(inp);
 2929                 if (bindall) {
 2930                         vrf_id = inp->def_vrf_id;
 2931                         inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id);
 2932                         if (inp_tmp != NULL) {
 2933                                 /*
 2934                                  * lock guy returned and lower count note
 2935                                  * that we are not bound so inp_tmp should
 2936                                  * NEVER be inp. And it is this inp
 2937                                  * (inp_tmp) that gets the reference bump,
 2938                                  * so we must lower it.
 2939                                  */
 2940                                 SCTP_INP_DECR_REF(inp_tmp);
 2941                                 /* unlock info */
 2942                                 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) &&
 2943                                     (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) {
 2944                                         /*
 2945                                          * Ok, must be one-2-one and
 2946                                          * allowing port re-use
 2947                                          */
 2948                                         port_reuse_active = 1;
 2949                                         goto continue_anyway;
 2950                                 }
 2951                                 SCTP_INP_DECR_REF(inp);
 2952                                 SCTP_INP_INFO_WUNLOCK();
 2953                                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE);
 2954                                 return (EADDRINUSE);
 2955                         }
 2956                 } else {
 2957                         inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id);
 2958                         if (inp_tmp != NULL) {
 2959                                 /*
 2960                                  * lock guy returned and lower count note
 2961                                  * that we are not bound so inp_tmp should
 2962                                  * NEVER be inp. And it is this inp
 2963                                  * (inp_tmp) that gets the reference bump,
 2964                                  * so we must lower it.
 2965                                  */
 2966                                 SCTP_INP_DECR_REF(inp_tmp);
 2967                                 /* unlock info */
 2968                                 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) &&
 2969                                     (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) {
 2970                                         /*
 2971                                          * Ok, must be one-2-one and
 2972                                          * allowing port re-use
 2973                                          */
 2974                                         port_reuse_active = 1;
 2975                                         goto continue_anyway;
 2976                                 }
 2977                                 SCTP_INP_DECR_REF(inp);
 2978                                 SCTP_INP_INFO_WUNLOCK();
 2979                                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE);
 2980                                 return (EADDRINUSE);
 2981                         }
 2982                 }
 2983 continue_anyway:
 2984                 SCTP_INP_WLOCK(inp);
 2985                 if (bindall) {
 2986                         /* verify that no lport is not used by a singleton */
 2987                         if ((port_reuse_active == 0) &&
 2988                             (inp_tmp = sctp_isport_inuse(inp, lport, vrf_id))
 2989                             ) {
 2990                                 /* Sorry someone already has this one bound */
 2991                                 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) &&
 2992                                     (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) {
 2993                                         port_reuse_active = 1;
 2994                                 } else {
 2995                                         SCTP_INP_DECR_REF(inp);
 2996                                         SCTP_INP_WUNLOCK(inp);
 2997                                         SCTP_INP_INFO_WUNLOCK();
 2998                                         SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE);
 2999                                         return (EADDRINUSE);
 3000                                 }
 3001                         }
 3002                 }
 3003         } else {
 3004                 uint16_t first, last, candidate;
 3005                 uint16_t count;
 3006                 int done;
 3007 
 3008                 if (ip_inp->inp_flags & INP_HIGHPORT) {
 3009                         first = MODULE_GLOBAL(ipport_hifirstauto);
 3010                         last = MODULE_GLOBAL(ipport_hilastauto);
 3011                 } else if (ip_inp->inp_flags & INP_LOWPORT) {
 3012                         if (p && (error =
 3013                             priv_check(p, PRIV_NETINET_RESERVEDPORT)
 3014                             )) {
 3015                                 SCTP_INP_DECR_REF(inp);
 3016                                 SCTP_INP_WUNLOCK(inp);
 3017                                 SCTP_INP_INFO_WUNLOCK();
 3018                                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
 3019                                 return (error);
 3020                         }
 3021                         first = MODULE_GLOBAL(ipport_lowfirstauto);
 3022                         last = MODULE_GLOBAL(ipport_lowlastauto);
 3023                 } else {
 3024                         first = MODULE_GLOBAL(ipport_firstauto);
 3025                         last = MODULE_GLOBAL(ipport_lastauto);
 3026                 }
 3027                 if (first > last) {
 3028                         uint16_t temp;
 3029 
 3030                         temp = first;
 3031                         first = last;
 3032                         last = temp;
 3033                 }
 3034                 count = last - first + 1;       /* number of candidates */
 3035                 candidate = first + sctp_select_initial_TSN(&inp->sctp_ep) % (count);
 3036 
 3037                 done = 0;
 3038                 while (!done) {
 3039                         if (sctp_isport_inuse(inp, htons(candidate), inp->def_vrf_id) == NULL) {
 3040                                 done = 1;
 3041                         }
 3042                         if (!done) {
 3043                                 if (--count == 0) {
 3044                                         SCTP_INP_DECR_REF(inp);
 3045                                         SCTP_INP_WUNLOCK(inp);
 3046                                         SCTP_INP_INFO_WUNLOCK();
 3047                                         SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE);
 3048                                         return (EADDRINUSE);
 3049                                 }
 3050                                 if (candidate == last)
 3051                                         candidate = first;
 3052                                 else
 3053                                         candidate = candidate + 1;
 3054                         }
 3055                 }
 3056                 lport = htons(candidate);
 3057         }
 3058         SCTP_INP_DECR_REF(inp);
 3059         if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE |
 3060             SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
 3061                 /*
 3062                  * this really should not happen. The guy did a non-blocking
 3063                  * bind and then did a close at the same time.
 3064                  */
 3065                 SCTP_INP_WUNLOCK(inp);
 3066                 SCTP_INP_INFO_WUNLOCK();
 3067                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 3068                 return (EINVAL);
 3069         }
 3070         /* ok we look clear to give out this port, so lets setup the binding */
 3071         if (bindall) {
 3072                 /* binding to all addresses, so just set in the proper flags */
 3073                 inp->sctp_flags |= SCTP_PCB_FLAGS_BOUNDALL;
 3074                 /* set the automatic addr changes from kernel flag */
 3075                 if (SCTP_BASE_SYSCTL(sctp_auto_asconf) == 0) {
 3076                         sctp_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF);
 3077                         sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
 3078                 } else {
 3079                         sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF);
 3080                         sctp_feature_on(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
 3081                 }
 3082                 if (SCTP_BASE_SYSCTL(sctp_multiple_asconfs) == 0) {
 3083                         sctp_feature_off(inp, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS);
 3084                 } else {
 3085                         sctp_feature_on(inp, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS);
 3086                 }
 3087                 /*
 3088                  * set the automatic mobility_base from kernel flag (by
 3089                  * micchie)
 3090                  */
 3091                 if (SCTP_BASE_SYSCTL(sctp_mobility_base) == 0) {
 3092                         sctp_mobility_feature_off(inp, SCTP_MOBILITY_BASE);
 3093                         sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
 3094                 } else {
 3095                         sctp_mobility_feature_on(inp, SCTP_MOBILITY_BASE);
 3096                         sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
 3097                 }
 3098                 /*
 3099                  * set the automatic mobility_fasthandoff from kernel flag
 3100                  * (by micchie)
 3101                  */
 3102                 if (SCTP_BASE_SYSCTL(sctp_mobility_fasthandoff) == 0) {
 3103                         sctp_mobility_feature_off(inp, SCTP_MOBILITY_FASTHANDOFF);
 3104                         sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
 3105                 } else {
 3106                         sctp_mobility_feature_on(inp, SCTP_MOBILITY_FASTHANDOFF);
 3107                         sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
 3108                 }
 3109         } else {
 3110                 /*
 3111                  * bind specific, make sure flags is off and add a new
 3112                  * address structure to the sctp_addr_list inside the ep
 3113                  * structure.
 3114                  * 
 3115                  * We will need to allocate one and insert it at the head. The
 3116                  * socketopt call can just insert new addresses in there as
 3117                  * well. It will also have to do the embed scope kame hack
 3118                  * too (before adding).
 3119                  */
 3120                 struct sctp_ifa *ifa;
 3121                 struct sockaddr_storage store_sa;
 3122 
 3123                 memset(&store_sa, 0, sizeof(store_sa));
 3124                 switch (addr->sa_family) {
 3125 #ifdef INET
 3126                 case AF_INET:
 3127                         {
 3128                                 struct sockaddr_in *sin;
 3129 
 3130                                 sin = (struct sockaddr_in *)&store_sa;
 3131                                 memcpy(sin, addr, sizeof(struct sockaddr_in));
 3132                                 sin->sin_port = 0;
 3133                                 break;
 3134                         }
 3135 #endif
 3136 #ifdef INET6
 3137                 case AF_INET6:
 3138                         {
 3139                                 struct sockaddr_in6 *sin6;
 3140 
 3141                                 sin6 = (struct sockaddr_in6 *)&store_sa;
 3142                                 memcpy(sin6, addr, sizeof(struct sockaddr_in6));
 3143                                 sin6->sin6_port = 0;
 3144                                 break;
 3145                         }
 3146 #endif
 3147                 default:
 3148                         break;
 3149                 }
 3150                 /*
 3151                  * first find the interface with the bound address need to
 3152                  * zero out the port to find the address! yuck! can't do
 3153                  * this earlier since need port for sctp_pcb_findep()
 3154                  */
 3155                 if (sctp_ifap != NULL)
 3156                         ifa = sctp_ifap;
 3157                 else {
 3158                         /*
 3159                          * Note for BSD we hit here always other O/S's will
 3160                          * pass things in via the sctp_ifap argument
 3161                          * (Panda).
 3162                          */
 3163                         ifa = sctp_find_ifa_by_addr((struct sockaddr *)&store_sa,
 3164                             vrf_id, SCTP_ADDR_NOT_LOCKED);
 3165                 }
 3166                 if (ifa == NULL) {
 3167                         /* Can't find an interface with that address */
 3168                         SCTP_INP_WUNLOCK(inp);
 3169                         SCTP_INP_INFO_WUNLOCK();
 3170                         SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRNOTAVAIL);
 3171                         return (EADDRNOTAVAIL);
 3172                 }
 3173 #ifdef INET6
 3174                 if (addr->sa_family == AF_INET6) {
 3175                         /* GAK, more FIXME IFA lock? */
 3176                         if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
 3177                                 /* Can't bind a non-existent addr. */
 3178                                 SCTP_INP_WUNLOCK(inp);
 3179                                 SCTP_INP_INFO_WUNLOCK();
 3180                                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 3181                                 return (EINVAL);
 3182                         }
 3183                 }
 3184 #endif
 3185                 /* we're not bound all */
 3186                 inp->sctp_flags &= ~SCTP_PCB_FLAGS_BOUNDALL;
 3187                 /* allow bindx() to send ASCONF's for binding changes */
 3188                 sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF);
 3189                 /* clear automatic addr changes from kernel flag */
 3190                 sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
 3191 
 3192                 /* add this address to the endpoint list */
 3193                 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, 0);
 3194                 if (error != 0) {
 3195                         SCTP_INP_WUNLOCK(inp);
 3196                         SCTP_INP_INFO_WUNLOCK();
 3197                         return (error);
 3198                 }
 3199                 inp->laddr_count++;
 3200         }
 3201         /* find the bucket */
 3202         if (port_reuse_active) {
 3203                 /* Put it into tcp 1-2-1 hash */
 3204                 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR(lport, SCTP_BASE_INFO(hashtcpmark))];
 3205                 inp->sctp_flags |= SCTP_PCB_FLAGS_IN_TCPPOOL;
 3206         } else {
 3207                 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport, SCTP_BASE_INFO(hashmark))];
 3208         }
 3209         /* put it in the bucket */
 3210         LIST_INSERT_HEAD(head, inp, sctp_hash);
 3211         SCTPDBG(SCTP_DEBUG_PCB1, "Main hash to bind at head:%p, bound port:%d - in tcp_pool=%d\n",
 3212             head, ntohs(lport), port_reuse_active);
 3213         /* set in the port */
 3214         inp->sctp_lport = lport;
 3215 
 3216         /* turn off just the unbound flag */
 3217         inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND;
 3218         SCTP_INP_WUNLOCK(inp);
 3219         SCTP_INP_INFO_WUNLOCK();
 3220         return (0);
 3221 }
 3222 
 3223 
 3224 static void
 3225 sctp_iterator_inp_being_freed(struct sctp_inpcb *inp)
 3226 {
 3227         struct sctp_iterator *it, *nit;
 3228 
 3229         /*
 3230          * We enter with the only the ITERATOR_LOCK in place and a write
 3231          * lock on the inp_info stuff.
 3232          */
 3233         it = sctp_it_ctl.cur_it;
 3234         if (it && (it->vn != curvnet)) {
 3235                 /* Its not looking at our VNET */
 3236                 return;
 3237         }
 3238         if (it && (it->inp == inp)) {
 3239                 /*
 3240                  * This is tricky and we hold the iterator lock, but when it
 3241                  * returns and gets the lock (when we release it) the
 3242                  * iterator will try to operate on inp. We need to stop that
 3243                  * from happening. But of course the iterator has a
 3244                  * reference on the stcb and inp. We can mark it and it will
 3245                  * stop.
 3246                  * 
 3247                  * If its a single iterator situation, we set the end iterator
 3248                  * flag. Otherwise we set the iterator to go to the next
 3249                  * inp.
 3250                  * 
 3251                  */
 3252                 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
 3253                         sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_IT;
 3254                 } else {
 3255                         sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_INP;
 3256                 }
 3257         }
 3258         /*
 3259          * Now go through and remove any single reference to our inp that
 3260          * may be still pending on the list
 3261          */
 3262         SCTP_IPI_ITERATOR_WQ_LOCK();
 3263         TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) {
 3264                 if (it->vn != curvnet) {
 3265                         continue;
 3266                 }
 3267                 if (it->inp == inp) {
 3268                         /* This one points to me is it inp specific? */
 3269                         if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
 3270                                 /* Remove and free this one */
 3271                                 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead,
 3272                                     it, sctp_nxt_itr);
 3273                                 if (it->function_atend != NULL) {
 3274                                         (*it->function_atend) (it->pointer, it->val);
 3275                                 }
 3276                                 SCTP_FREE(it, SCTP_M_ITER);
 3277                         } else {
 3278                                 it->inp = LIST_NEXT(it->inp, sctp_list);
 3279                                 if (it->inp) {
 3280                                         SCTP_INP_INCR_REF(it->inp);
 3281                                 }
 3282                         }
 3283                         /*
 3284                          * When its put in the refcnt is incremented so decr
 3285                          * it
 3286                          */
 3287                         SCTP_INP_DECR_REF(inp);
 3288                 }
 3289         }
 3290         SCTP_IPI_ITERATOR_WQ_UNLOCK();
 3291 }
 3292 
 3293 /* release sctp_inpcb unbind the port */
 3294 void
 3295 sctp_inpcb_free(struct sctp_inpcb *inp, int immediate, int from)
 3296 {
 3297         /*
 3298          * Here we free a endpoint. We must find it (if it is in the Hash
 3299          * table) and remove it from there. Then we must also find it in the
 3300          * overall list and remove it from there. After all removals are
 3301          * complete then any timer has to be stopped. Then start the actual
 3302          * freeing. a) Any local lists. b) Any associations. c) The hash of
 3303          * all associations. d) finally the ep itself.
 3304          */
 3305         struct sctp_tcb *asoc, *nasoc;
 3306         struct sctp_laddr *laddr, *nladdr;
 3307         struct inpcb *ip_pcb;
 3308         struct socket *so;
 3309         int being_refed = 0;
 3310         struct sctp_queued_to_read *sq, *nsq;
 3311         int cnt;
 3312         sctp_sharedkey_t *shared_key, *nshared_key;
 3313 
 3314 
 3315 #ifdef SCTP_LOG_CLOSING
 3316         sctp_log_closing(inp, NULL, 0);
 3317 #endif
 3318         SCTP_ITERATOR_LOCK();
 3319         /* mark any iterators on the list or being processed */
 3320         sctp_iterator_inp_being_freed(inp);
 3321         SCTP_ITERATOR_UNLOCK();
 3322         so = inp->sctp_socket;
 3323         if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
 3324                 /* been here before.. eeks.. get out of here */
 3325                 SCTP_PRINTF("This conflict in free SHOULD not be happening! from %d, imm %d\n", from, immediate);
 3326 #ifdef SCTP_LOG_CLOSING
 3327                 sctp_log_closing(inp, NULL, 1);
 3328 #endif
 3329                 return;
 3330         }
 3331         SCTP_ASOC_CREATE_LOCK(inp);
 3332         SCTP_INP_INFO_WLOCK();
 3333 
 3334         SCTP_INP_WLOCK(inp);
 3335         if (from == SCTP_CALLED_AFTER_CMPSET_OFCLOSE) {
 3336                 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CLOSE_IP;
 3337                 /* socket is gone, so no more wakeups allowed */
 3338                 inp->sctp_flags |= SCTP_PCB_FLAGS_DONT_WAKE;
 3339                 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEINPUT;
 3340                 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEOUTPUT;
 3341 
 3342         }
 3343         /* First time through we have the socket lock, after that no more. */
 3344         sctp_timer_stop(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL,
 3345             SCTP_FROM_SCTP_PCB + SCTP_LOC_1);
 3346 
 3347         if (inp->control) {
 3348                 sctp_m_freem(inp->control);
 3349                 inp->control = NULL;
 3350         }
 3351         if (inp->pkt) {
 3352                 sctp_m_freem(inp->pkt);
 3353                 inp->pkt = NULL;
 3354         }
 3355         ip_pcb = &inp->ip_inp.inp;      /* we could just cast the main pointer
 3356                                          * here but I will be nice :> (i.e.
 3357                                          * ip_pcb = ep;) */
 3358         if (immediate == SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE) {
 3359                 int cnt_in_sd;
 3360 
 3361                 cnt_in_sd = 0;
 3362                 LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_list, sctp_tcblist, nasoc) {
 3363                         SCTP_TCB_LOCK(asoc);
 3364                         if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
 3365                                 /* Skip guys being freed */
 3366                                 cnt_in_sd++;
 3367                                 if (asoc->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE) {
 3368                                         /*
 3369                                          * Special case - we did not start a
 3370                                          * kill timer on the asoc due to it
 3371                                          * was not closed. So go ahead and
 3372                                          * start it now.
 3373                                          */
 3374                                         asoc->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE;
 3375                                         sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, asoc, NULL);
 3376                                 }
 3377                                 SCTP_TCB_UNLOCK(asoc);
 3378                                 continue;
 3379                         }
 3380                         if (((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_WAIT) ||
 3381                             (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_ECHOED)) &&
 3382                             (asoc->asoc.total_output_queue_size == 0)) {
 3383                                 /*
 3384                                  * If we have data in queue, we don't want
 3385                                  * to just free since the app may have done,
 3386                                  * send()/close or connect/send/close. And
 3387                                  * it wants the data to get across first.
 3388                                  */
 3389                                 /* Just abandon things in the front states */
 3390                                 if (sctp_free_assoc(inp, asoc, SCTP_PCBFREE_NOFORCE,
 3391                                     SCTP_FROM_SCTP_PCB + SCTP_LOC_2) == 0) {
 3392                                         cnt_in_sd++;
 3393                                 }
 3394                                 continue;
 3395                         }
 3396                         /* Disconnect the socket please */
 3397                         asoc->sctp_socket = NULL;
 3398                         asoc->asoc.state |= SCTP_STATE_CLOSED_SOCKET;
 3399                         if ((asoc->asoc.size_on_reasm_queue > 0) ||
 3400                             (asoc->asoc.control_pdapi) ||
 3401                             (asoc->asoc.size_on_all_streams > 0) ||
 3402                             (so && (so->so_rcv.sb_cc > 0))) {
 3403                                 /* Left with Data unread */
 3404                                 struct mbuf *op_err;
 3405 
 3406                                 op_err = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
 3407                                     0, M_DONTWAIT, 1, MT_DATA);
 3408                                 if (op_err) {
 3409                                         /* Fill in the user initiated abort */
 3410                                         struct sctp_paramhdr *ph;
 3411                                         uint32_t *ippp;
 3412 
 3413                                         SCTP_BUF_LEN(op_err) =
 3414                                             sizeof(struct sctp_paramhdr) + sizeof(uint32_t);
 3415                                         ph = mtod(op_err,
 3416                                             struct sctp_paramhdr *);
 3417                                         ph->param_type = htons(
 3418                                             SCTP_CAUSE_USER_INITIATED_ABT);
 3419                                         ph->param_length = htons(SCTP_BUF_LEN(op_err));
 3420                                         ippp = (uint32_t *) (ph + 1);
 3421                                         *ippp = htonl(SCTP_FROM_SCTP_PCB + SCTP_LOC_3);
 3422                                 }
 3423                                 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_3;
 3424                                 sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED);
 3425                                 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
 3426                                 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
 3427                                     (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
 3428                                         SCTP_STAT_DECR_GAUGE32(sctps_currestab);
 3429                                 }
 3430                                 if (sctp_free_assoc(inp, asoc,
 3431                                     SCTP_PCBFREE_NOFORCE, SCTP_FROM_SCTP_PCB + SCTP_LOC_4) == 0) {
 3432                                         cnt_in_sd++;
 3433                                 }
 3434                                 continue;
 3435                         } else if (TAILQ_EMPTY(&asoc->asoc.send_queue) &&
 3436                                     TAILQ_EMPTY(&asoc->asoc.sent_queue) &&
 3437                                     (asoc->asoc.stream_queue_cnt == 0)
 3438                             ) {
 3439                                 if (asoc->asoc.locked_on_sending) {
 3440                                         goto abort_anyway;
 3441                                 }
 3442                                 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
 3443                                     (SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
 3444                                         struct sctp_nets *netp;
 3445 
 3446                                         if (asoc->asoc.alternate) {
 3447                                                 netp = asoc->asoc.alternate;
 3448                                         } else {
 3449                                                 netp = asoc->asoc.primary_destination;
 3450                                         }
 3451                                         /*
 3452                                          * there is nothing queued to send,
 3453                                          * so I send shutdown
 3454                                          */
 3455                                         sctp_send_shutdown(asoc, netp);
 3456                                         if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
 3457                                             (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
 3458                                                 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
 3459                                         }
 3460                                         SCTP_SET_STATE(&asoc->asoc, SCTP_STATE_SHUTDOWN_SENT);
 3461                                         SCTP_CLEAR_SUBSTATE(&asoc->asoc, SCTP_STATE_SHUTDOWN_PENDING);
 3462                                         sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, asoc->sctp_ep, asoc,
 3463                                             netp);
 3464                                         sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc,
 3465                                             asoc->asoc.primary_destination);
 3466                                         sctp_chunk_output(inp, asoc, SCTP_OUTPUT_FROM_SHUT_TMR, SCTP_SO_LOCKED);
 3467                                 }
 3468                         } else {
 3469                                 /* mark into shutdown pending */
 3470                                 struct sctp_stream_queue_pending *sp;
 3471 
 3472                                 asoc->asoc.state |= SCTP_STATE_SHUTDOWN_PENDING;
 3473                                 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc,
 3474                                     asoc->asoc.primary_destination);
 3475                                 if (asoc->asoc.locked_on_sending) {
 3476                                         sp = TAILQ_LAST(&((asoc->asoc.locked_on_sending)->outqueue),
 3477                                             sctp_streamhead);
 3478                                         if (sp == NULL) {
 3479                                                 SCTP_PRINTF("Error, sp is NULL, locked on sending is %p strm:%d\n",
 3480                                                     asoc->asoc.locked_on_sending,
 3481                                                     asoc->asoc.locked_on_sending->stream_no);
 3482                                         } else {
 3483                                                 if ((sp->length == 0) && (sp->msg_is_complete == 0))
 3484                                                         asoc->asoc.state |= SCTP_STATE_PARTIAL_MSG_LEFT;
 3485                                         }
 3486                                 }
 3487                                 if (TAILQ_EMPTY(&asoc->asoc.send_queue) &&
 3488                                     TAILQ_EMPTY(&asoc->asoc.sent_queue) &&
 3489                                     (asoc->asoc.state & SCTP_STATE_PARTIAL_MSG_LEFT)) {
 3490                                         struct mbuf *op_err;
 3491 
 3492                         abort_anyway:
 3493                                         op_err = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
 3494                                             0, M_DONTWAIT, 1, MT_DATA);
 3495                                         if (op_err) {
 3496                                                 /*
 3497                                                  * Fill in the user
 3498                                                  * initiated abort
 3499                                                  */
 3500                                                 struct sctp_paramhdr *ph;
 3501                                                 uint32_t *ippp;
 3502 
 3503                                                 SCTP_BUF_LEN(op_err) =
 3504                                                     (sizeof(struct sctp_paramhdr) +
 3505                                                     sizeof(uint32_t));
 3506                                                 ph = mtod(op_err,
 3507                                                     struct sctp_paramhdr *);
 3508                                                 ph->param_type = htons(
 3509                                                     SCTP_CAUSE_USER_INITIATED_ABT);
 3510                                                 ph->param_length = htons(SCTP_BUF_LEN(op_err));
 3511                                                 ippp = (uint32_t *) (ph + 1);
 3512                                                 *ippp = htonl(SCTP_FROM_SCTP_PCB + SCTP_LOC_5);
 3513                                         }
 3514                                         asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_5;
 3515                                         sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED);
 3516                                         SCTP_STAT_INCR_COUNTER32(sctps_aborted);
 3517                                         if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
 3518                                             (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
 3519                                                 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
 3520                                         }
 3521                                         if (sctp_free_assoc(inp, asoc,
 3522                                             SCTP_PCBFREE_NOFORCE,
 3523                                             SCTP_FROM_SCTP_PCB + SCTP_LOC_6) == 0) {
 3524                                                 cnt_in_sd++;
 3525                                         }
 3526                                         continue;
 3527                                 } else {
 3528                                         sctp_chunk_output(inp, asoc, SCTP_OUTPUT_FROM_CLOSING, SCTP_SO_LOCKED);
 3529                                 }
 3530                         }
 3531                         cnt_in_sd++;
 3532                         SCTP_TCB_UNLOCK(asoc);
 3533                 }
 3534                 /* now is there some left in our SHUTDOWN state? */
 3535                 if (cnt_in_sd) {
 3536 #ifdef SCTP_LOG_CLOSING
 3537                         sctp_log_closing(inp, NULL, 2);
 3538 #endif
 3539                         inp->sctp_socket = NULL;
 3540                         SCTP_INP_WUNLOCK(inp);
 3541                         SCTP_ASOC_CREATE_UNLOCK(inp);
 3542                         SCTP_INP_INFO_WUNLOCK();
 3543                         return;
 3544                 }
 3545         }
 3546         inp->sctp_socket = NULL;
 3547         if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) !=
 3548             SCTP_PCB_FLAGS_UNBOUND) {
 3549                 /*
 3550                  * ok, this guy has been bound. It's port is somewhere in
 3551                  * the SCTP_BASE_INFO(hash table). Remove it!
 3552                  */
 3553                 LIST_REMOVE(inp, sctp_hash);
 3554                 inp->sctp_flags |= SCTP_PCB_FLAGS_UNBOUND;
 3555         }
 3556         /*
 3557          * If there is a timer running to kill us, forget it, since it may
 3558          * have a contest on the INP lock.. which would cause us to die ...
 3559          */
 3560         cnt = 0;
 3561         LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_list, sctp_tcblist, nasoc) {
 3562                 SCTP_TCB_LOCK(asoc);
 3563                 if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
 3564                         if (asoc->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE) {
 3565                                 asoc->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE;
 3566                                 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, asoc, NULL);
 3567                         }
 3568                         cnt++;
 3569                         SCTP_TCB_UNLOCK(asoc);
 3570                         continue;
 3571                 }
 3572                 /* Free associations that are NOT killing us */
 3573                 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_COOKIE_WAIT) &&
 3574                     ((asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) {
 3575                         struct mbuf *op_err;
 3576                         uint32_t *ippp;
 3577 
 3578                         op_err = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
 3579                             0, M_DONTWAIT, 1, MT_DATA);
 3580                         if (op_err) {
 3581                                 /* Fill in the user initiated abort */
 3582                                 struct sctp_paramhdr *ph;
 3583 
 3584                                 SCTP_BUF_LEN(op_err) = (sizeof(struct sctp_paramhdr) +
 3585                                     sizeof(uint32_t));
 3586                                 ph = mtod(op_err, struct sctp_paramhdr *);
 3587                                 ph->param_type = htons(
 3588                                     SCTP_CAUSE_USER_INITIATED_ABT);
 3589                                 ph->param_length = htons(SCTP_BUF_LEN(op_err));
 3590                                 ippp = (uint32_t *) (ph + 1);
 3591                                 *ippp = htonl(SCTP_FROM_SCTP_PCB + SCTP_LOC_7);
 3592 
 3593                         }
 3594                         asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_7;
 3595                         sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED);
 3596                         SCTP_STAT_INCR_COUNTER32(sctps_aborted);
 3597                 } else if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
 3598                         cnt++;
 3599                         SCTP_TCB_UNLOCK(asoc);
 3600                         continue;
 3601                 }
 3602                 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
 3603                     (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
 3604                         SCTP_STAT_DECR_GAUGE32(sctps_currestab);
 3605                 }
 3606                 if (sctp_free_assoc(inp, asoc, SCTP_PCBFREE_FORCE, SCTP_FROM_SCTP_PCB + SCTP_LOC_8) == 0) {
 3607                         cnt++;
 3608                 }
 3609         }
 3610         if (cnt) {
 3611                 /* Ok we have someone out there that will kill us */
 3612                 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
 3613 #ifdef SCTP_LOG_CLOSING
 3614                 sctp_log_closing(inp, NULL, 3);
 3615 #endif
 3616                 SCTP_INP_WUNLOCK(inp);
 3617                 SCTP_ASOC_CREATE_UNLOCK(inp);
 3618                 SCTP_INP_INFO_WUNLOCK();
 3619                 return;
 3620         }
 3621         if (SCTP_INP_LOCK_CONTENDED(inp))
 3622                 being_refed++;
 3623         if (SCTP_INP_READ_CONTENDED(inp))
 3624                 being_refed++;
 3625         if (SCTP_ASOC_CREATE_LOCK_CONTENDED(inp))
 3626                 being_refed++;
 3627 
 3628         if ((inp->refcount) ||
 3629             (being_refed) ||
 3630             (inp->sctp_flags & SCTP_PCB_FLAGS_CLOSE_IP)) {
 3631                 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
 3632 #ifdef SCTP_LOG_CLOSING
 3633                 sctp_log_closing(inp, NULL, 4);
 3634 #endif
 3635                 sctp_timer_start(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL);
 3636                 SCTP_INP_WUNLOCK(inp);
 3637                 SCTP_ASOC_CREATE_UNLOCK(inp);
 3638                 SCTP_INP_INFO_WUNLOCK();
 3639                 return;
 3640         }
 3641         inp->sctp_ep.signature_change.type = 0;
 3642         inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_ALLGONE;
 3643         /*
 3644          * Remove it from the list .. last thing we need a lock for.
 3645          */
 3646         LIST_REMOVE(inp, sctp_list);
 3647         SCTP_INP_WUNLOCK(inp);
 3648         SCTP_ASOC_CREATE_UNLOCK(inp);
 3649         SCTP_INP_INFO_WUNLOCK();
 3650         /*
 3651          * Now we release all locks. Since this INP cannot be found anymore
 3652          * except possibly by the kill timer that might be running. We call
 3653          * the drain function here. It should hit the case were it sees the
 3654          * ACTIVE flag cleared and exit out freeing us to proceed and
 3655          * destroy everything.
 3656          */
 3657         if (from != SCTP_CALLED_FROM_INPKILL_TIMER) {
 3658                 (void)SCTP_OS_TIMER_STOP_DRAIN(&inp->sctp_ep.signature_change.timer);
 3659         } else {
 3660                 /* Probably un-needed */
 3661                 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
 3662         }
 3663 
 3664 #ifdef SCTP_LOG_CLOSING
 3665         sctp_log_closing(inp, NULL, 5);
 3666 #endif
 3667 
 3668 
 3669         if ((inp->sctp_asocidhash) != NULL) {
 3670                 SCTP_HASH_FREE(inp->sctp_asocidhash, inp->hashasocidmark);
 3671                 inp->sctp_asocidhash = NULL;
 3672         }
 3673         /* sa_ignore FREED_MEMORY */
 3674         TAILQ_FOREACH_SAFE(sq, &inp->read_queue, next, nsq) {
 3675                 /* Its only abandoned if it had data left */
 3676                 if (sq->length)
 3677                         SCTP_STAT_INCR(sctps_left_abandon);
 3678 
 3679                 TAILQ_REMOVE(&inp->read_queue, sq, next);
 3680                 sctp_free_remote_addr(sq->whoFrom);
 3681                 if (so)
 3682                         so->so_rcv.sb_cc -= sq->length;
 3683                 if (sq->data) {
 3684                         sctp_m_freem(sq->data);
 3685                         sq->data = NULL;
 3686                 }
 3687                 /*
 3688                  * no need to free the net count, since at this point all
 3689                  * assoc's are gone.
 3690                  */
 3691                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), sq);
 3692                 SCTP_DECR_READQ_COUNT();
 3693         }
 3694         /* Now the sctp_pcb things */
 3695         /*
 3696          * free each asoc if it is not already closed/free. we can't use the
 3697          * macro here since le_next will get freed as part of the
 3698          * sctp_free_assoc() call.
 3699          */
 3700         if (so) {
 3701 #ifdef IPSEC
 3702                 ipsec_delete_pcbpolicy(ip_pcb);
 3703 #endif                          /* IPSEC */
 3704 
 3705                 /* Unlocks not needed since the socket is gone now */
 3706         }
 3707         if (ip_pcb->inp_options) {
 3708                 (void)sctp_m_free(ip_pcb->inp_options);
 3709                 ip_pcb->inp_options = 0;
 3710         }
 3711 #ifdef INET6
 3712         if (ip_pcb->inp_vflag & INP_IPV6) {
 3713                 struct in6pcb *in6p;
 3714 
 3715                 in6p = (struct in6pcb *)inp;
 3716                 ip6_freepcbopts(in6p->in6p_outputopts);
 3717         }
 3718 #endif                          /* INET6 */
 3719         ip_pcb->inp_vflag = 0;
 3720         /* free up authentication fields */
 3721         if (inp->sctp_ep.local_auth_chunks != NULL)
 3722                 sctp_free_chunklist(inp->sctp_ep.local_auth_chunks);
 3723         if (inp->sctp_ep.local_hmacs != NULL)
 3724                 sctp_free_hmaclist(inp->sctp_ep.local_hmacs);
 3725 
 3726         LIST_FOREACH_SAFE(shared_key, &inp->sctp_ep.shared_keys, next, nshared_key) {
 3727                 LIST_REMOVE(shared_key, next);
 3728                 sctp_free_sharedkey(shared_key);
 3729                 /* sa_ignore FREED_MEMORY */
 3730         }
 3731 
 3732         /*
 3733          * if we have an address list the following will free the list of
 3734          * ifaddr's that are set into this ep. Again macro limitations here,
 3735          * since the LIST_FOREACH could be a bad idea.
 3736          */
 3737         LIST_FOREACH_SAFE(laddr, &inp->sctp_addr_list, sctp_nxt_addr, nladdr) {
 3738                 sctp_remove_laddr(laddr);
 3739         }
 3740 
 3741 #ifdef SCTP_TRACK_FREED_ASOCS
 3742         /* TEMP CODE */
 3743         LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_free_list, sctp_tcblist, nasoc) {
 3744                 LIST_REMOVE(asoc, sctp_tcblist);
 3745                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), asoc);
 3746                 SCTP_DECR_ASOC_COUNT();
 3747         }
 3748         /* *** END TEMP CODE *** */
 3749 #endif
 3750         /* Now lets see about freeing the EP hash table. */
 3751         if (inp->sctp_tcbhash != NULL) {
 3752                 SCTP_HASH_FREE(inp->sctp_tcbhash, inp->sctp_hashmark);
 3753                 inp->sctp_tcbhash = NULL;
 3754         }
 3755         /* Now we must put the ep memory back into the zone pool */
 3756         INP_LOCK_DESTROY(&inp->ip_inp.inp);
 3757         SCTP_INP_LOCK_DESTROY(inp);
 3758         SCTP_INP_READ_DESTROY(inp);
 3759         SCTP_ASOC_CREATE_LOCK_DESTROY(inp);
 3760         SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
 3761         SCTP_DECR_EP_COUNT();
 3762 }
 3763 
 3764 
 3765 struct sctp_nets *
 3766 sctp_findnet(struct sctp_tcb *stcb, struct sockaddr *addr)
 3767 {
 3768         struct sctp_nets *net;
 3769 
 3770         /* locate the address */
 3771         TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
 3772                 if (sctp_cmpaddr(addr, (struct sockaddr *)&net->ro._l_addr))
 3773                         return (net);
 3774         }
 3775         return (NULL);
 3776 }
 3777 
 3778 
 3779 int
 3780 sctp_is_address_on_local_host(struct sockaddr *addr, uint32_t vrf_id)
 3781 {
 3782         struct sctp_ifa *sctp_ifa;
 3783 
 3784         sctp_ifa = sctp_find_ifa_by_addr(addr, vrf_id, SCTP_ADDR_NOT_LOCKED);
 3785         if (sctp_ifa) {
 3786                 return (1);
 3787         } else {
 3788                 return (0);
 3789         }
 3790 }
 3791 
 3792 /*
 3793  * add's a remote endpoint address, done with the INIT/INIT-ACK as well as
 3794  * when a ASCONF arrives that adds it. It will also initialize all the cwnd
 3795  * stats of stuff.
 3796  */
 3797 int
 3798 sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr,
 3799     struct sctp_nets **netp, int set_scope, int from)
 3800 {
 3801         /*
 3802          * The following is redundant to the same lines in the
 3803          * sctp_aloc_assoc() but is needed since others call the add address
 3804          * function
 3805          */
 3806         struct sctp_nets *net, *netfirst;
 3807         int addr_inscope;
 3808 
 3809         SCTPDBG(SCTP_DEBUG_PCB1, "Adding an address (from:%d) to the peer: ",
 3810             from);
 3811         SCTPDBG_ADDR(SCTP_DEBUG_PCB1, newaddr);
 3812 
 3813         netfirst = sctp_findnet(stcb, newaddr);
 3814         if (netfirst) {
 3815                 /*
 3816                  * Lie and return ok, we don't want to make the association
 3817                  * go away for this behavior. It will happen in the TCP
 3818                  * model in a connected socket. It does not reach the hash
 3819                  * table until after the association is built so it can't be
 3820                  * found. Mark as reachable, since the initial creation will
 3821                  * have been cleared and the NOT_IN_ASSOC flag will have
 3822                  * been added... and we don't want to end up removing it
 3823                  * back out.
 3824                  */
 3825                 if (netfirst->dest_state & SCTP_ADDR_UNCONFIRMED) {
 3826                         netfirst->dest_state = (SCTP_ADDR_REACHABLE |
 3827                             SCTP_ADDR_UNCONFIRMED);
 3828                 } else {
 3829                         netfirst->dest_state = SCTP_ADDR_REACHABLE;
 3830                 }
 3831 
 3832                 return (0);
 3833         }
 3834         addr_inscope = 1;
 3835         switch (newaddr->sa_family) {
 3836 #ifdef INET
 3837         case AF_INET:
 3838                 {
 3839                         struct sockaddr_in *sin;
 3840 
 3841                         sin = (struct sockaddr_in *)newaddr;
 3842                         if (sin->sin_addr.s_addr == 0) {
 3843                                 /* Invalid address */
 3844                                 return (-1);
 3845                         }
 3846                         /* zero out the bzero area */
 3847                         memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
 3848 
 3849                         /* assure len is set */
 3850                         sin->sin_len = sizeof(struct sockaddr_in);
 3851                         if (set_scope) {
 3852 #ifdef SCTP_DONT_DO_PRIVADDR_SCOPE
 3853                                 stcb->ipv4_local_scope = 1;
 3854 #else
 3855                                 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) {
 3856                                         stcb->asoc.ipv4_local_scope = 1;
 3857                                 }
 3858 #endif                          /* SCTP_DONT_DO_PRIVADDR_SCOPE */
 3859                         } else {
 3860                                 /* Validate the address is in scope */
 3861                                 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) &&
 3862                                     (stcb->asoc.ipv4_local_scope == 0)) {
 3863                                         addr_inscope = 0;
 3864                                 }
 3865                         }
 3866                         break;
 3867                 }
 3868 #endif
 3869 #ifdef INET6
 3870         case AF_INET6:
 3871                 {
 3872                         struct sockaddr_in6 *sin6;
 3873 
 3874                         sin6 = (struct sockaddr_in6 *)newaddr;
 3875                         if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
 3876                                 /* Invalid address */
 3877                                 return (-1);
 3878                         }
 3879                         /* assure len is set */
 3880                         sin6->sin6_len = sizeof(struct sockaddr_in6);
 3881                         if (set_scope) {
 3882                                 if (sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id)) {
 3883                                         stcb->asoc.loopback_scope = 1;
 3884                                         stcb->asoc.local_scope = 0;
 3885                                         stcb->asoc.ipv4_local_scope = 1;
 3886                                         stcb->asoc.site_scope = 1;
 3887                                 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
 3888                                         /*
 3889                                          * If the new destination is a
 3890                                          * LINK_LOCAL we must have common
 3891                                          * site scope. Don't set the local
 3892                                          * scope since we may not share all
 3893                                          * links, only loopback can do this.
 3894                                          * Links on the local network would
 3895                                          * also be on our private network
 3896                                          * for v4 too.
 3897                                          */
 3898                                         stcb->asoc.ipv4_local_scope = 1;
 3899                                         stcb->asoc.site_scope = 1;
 3900                                 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
 3901                                         /*
 3902                                          * If the new destination is
 3903                                          * SITE_LOCAL then we must have site
 3904                                          * scope in common.
 3905                                          */
 3906                                         stcb->asoc.site_scope = 1;
 3907                                 }
 3908                         } else {
 3909                                 /* Validate the address is in scope */
 3910                                 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) &&
 3911                                     (stcb->asoc.loopback_scope == 0)) {
 3912                                         addr_inscope = 0;
 3913                                 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) &&
 3914                                     (stcb->asoc.local_scope == 0)) {
 3915                                         addr_inscope = 0;
 3916                                 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr) &&
 3917                                     (stcb->asoc.site_scope == 0)) {
 3918                                         addr_inscope = 0;
 3919                                 }
 3920                         }
 3921                         break;
 3922                 }
 3923 #endif
 3924         default:
 3925                 /* not supported family type */
 3926                 return (-1);
 3927         }
 3928         net = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_net), struct sctp_nets);
 3929         if (net == NULL) {
 3930                 return (-1);
 3931         }
 3932         SCTP_INCR_RADDR_COUNT();
 3933         bzero(net, sizeof(struct sctp_nets));
 3934         (void)SCTP_GETTIME_TIMEVAL(&net->start_time);
 3935         memcpy(&net->ro._l_addr, newaddr, newaddr->sa_len);
 3936         switch (newaddr->sa_family) {
 3937 #ifdef INET
 3938         case AF_INET:
 3939                 ((struct sockaddr_in *)&net->ro._l_addr)->sin_port = stcb->rport;
 3940                 break;
 3941 #endif
 3942 #ifdef INET6
 3943         case AF_INET6:
 3944                 ((struct sockaddr_in6 *)&net->ro._l_addr)->sin6_port = stcb->rport;
 3945                 break;
 3946 #endif
 3947         default:
 3948                 break;
 3949         }
 3950         net->addr_is_local = sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id);
 3951         if (net->addr_is_local && ((set_scope || (from == SCTP_ADDR_IS_CONFIRMED)))) {
 3952                 stcb->asoc.loopback_scope = 1;
 3953                 stcb->asoc.ipv4_local_scope = 1;
 3954                 stcb->asoc.local_scope = 0;
 3955                 stcb->asoc.site_scope = 1;
 3956                 addr_inscope = 1;
 3957         }
 3958         net->failure_threshold = stcb->asoc.def_net_failure;
 3959         net->pf_threshold = stcb->asoc.def_net_pf_threshold;
 3960         if (addr_inscope == 0) {
 3961                 net->dest_state = (SCTP_ADDR_REACHABLE |
 3962                     SCTP_ADDR_OUT_OF_SCOPE);
 3963         } else {
 3964                 if (from == SCTP_ADDR_IS_CONFIRMED)
 3965                         /* SCTP_ADDR_IS_CONFIRMED is passed by connect_x */
 3966                         net->dest_state = SCTP_ADDR_REACHABLE;
 3967                 else
 3968                         net->dest_state = SCTP_ADDR_REACHABLE |
 3969                             SCTP_ADDR_UNCONFIRMED;
 3970         }
 3971         /*
 3972          * We set this to 0, the timer code knows that this means its an
 3973          * initial value
 3974          */
 3975         net->rto_needed = 1;
 3976         net->RTO = 0;
 3977         net->RTO_measured = 0;
 3978         stcb->asoc.numnets++;
 3979         net->ref_count = 1;
 3980         net->cwr_window_tsn = net->last_cwr_tsn = stcb->asoc.sending_seq - 1;
 3981         net->port = stcb->asoc.port;
 3982         net->dscp = stcb->asoc.default_dscp;
 3983 #ifdef INET6
 3984         net->flowlabel = stcb->asoc.default_flowlabel;
 3985 #endif
 3986         if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DONOT_HEARTBEAT)) {
 3987                 net->dest_state |= SCTP_ADDR_NOHB;
 3988         } else {
 3989                 net->dest_state &= ~SCTP_ADDR_NOHB;
 3990         }
 3991         if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DO_NOT_PMTUD)) {
 3992                 net->dest_state |= SCTP_ADDR_NO_PMTUD;
 3993         } else {
 3994                 net->dest_state &= ~SCTP_ADDR_NO_PMTUD;
 3995         }
 3996         net->heart_beat_delay = stcb->asoc.heart_beat_delay;
 3997         /* Init the timer structure */
 3998         SCTP_OS_TIMER_INIT(&net->rxt_timer.timer);
 3999         SCTP_OS_TIMER_INIT(&net->pmtu_timer.timer);
 4000         SCTP_OS_TIMER_INIT(&net->hb_timer.timer);
 4001 
 4002         /* Now generate a route for this guy */
 4003 #ifdef INET6
 4004         /* KAME hack: embed scopeid */
 4005         if (newaddr->sa_family == AF_INET6) {
 4006                 struct sockaddr_in6 *sin6;
 4007 
 4008                 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
 4009                 (void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
 4010                 sin6->sin6_scope_id = 0;
 4011         }
 4012 #endif
 4013         SCTP_RTALLOC((sctp_route_t *) & net->ro, stcb->asoc.vrf_id);
 4014 
 4015         if (SCTP_ROUTE_HAS_VALID_IFN(&net->ro)) {
 4016                 /* Get source address */
 4017                 net->ro._s_addr = sctp_source_address_selection(stcb->sctp_ep,
 4018                     stcb,
 4019                     (sctp_route_t *) & net->ro,
 4020                     net,
 4021                     0,
 4022                     stcb->asoc.vrf_id);
 4023                 /* Now get the interface MTU */
 4024                 if (net->ro._s_addr && net->ro._s_addr->ifn_p) {
 4025                         net->mtu = SCTP_GATHER_MTU_FROM_INTFC(net->ro._s_addr->ifn_p);
 4026                 }
 4027                 if (net->mtu > 0) {
 4028                         uint32_t rmtu;
 4029 
 4030                         rmtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, net->ro.ro_rt);
 4031                         if (rmtu == 0) {
 4032                                 /*
 4033                                  * Start things off to match mtu of
 4034                                  * interface please.
 4035                                  */
 4036                                 SCTP_SET_MTU_OF_ROUTE(&net->ro._l_addr.sa,
 4037                                     net->ro.ro_rt, net->mtu);
 4038                         } else {
 4039                                 /*
 4040                                  * we take the route mtu over the interface,
 4041                                  * since the route may be leading out the
 4042                                  * loopback, or a different interface.
 4043                                  */
 4044                                 net->mtu = rmtu;
 4045                         }
 4046                 }
 4047         }
 4048         if (net->mtu == 0) {
 4049                 switch (newaddr->sa_family) {
 4050 #ifdef INET
 4051                 case AF_INET:
 4052                         net->mtu = SCTP_DEFAULT_MTU;
 4053                         break;
 4054 #endif
 4055 #ifdef INET6
 4056                 case AF_INET6:
 4057                         net->mtu = 1280;
 4058                         break;
 4059 #endif
 4060                 default:
 4061                         break;
 4062                 }
 4063         }
 4064         if (net->port) {
 4065                 net->mtu -= (uint32_t) sizeof(struct udphdr);
 4066         }
 4067         if (from == SCTP_ALLOC_ASOC) {
 4068                 stcb->asoc.smallest_mtu = net->mtu;
 4069         }
 4070         if (stcb->asoc.smallest_mtu > net->mtu) {
 4071                 stcb->asoc.smallest_mtu = net->mtu;
 4072         }
 4073 #ifdef INET6
 4074         if (newaddr->sa_family == AF_INET6) {
 4075                 struct sockaddr_in6 *sin6;
 4076 
 4077                 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
 4078                 (void)sa6_recoverscope(sin6);
 4079         }
 4080 #endif
 4081 
 4082         /* JRS - Use the congestion control given in the CC module */
 4083         if (stcb->asoc.cc_functions.sctp_set_initial_cc_param != NULL)
 4084                 (*stcb->asoc.cc_functions.sctp_set_initial_cc_param) (stcb, net);
 4085 
 4086         /*
 4087          * CMT: CUC algo - set find_pseudo_cumack to TRUE (1) at beginning
 4088          * of assoc (2005/06/27, iyengar@cis.udel.edu)
 4089          */
 4090         net->find_pseudo_cumack = 1;
 4091         net->find_rtx_pseudo_cumack = 1;
 4092         net->src_addr_selected = 0;
 4093         /* Choose an initial flowid. */
 4094         net->flowid = stcb->asoc.my_vtag ^
 4095             ntohs(stcb->rport) ^
 4096             ntohs(stcb->sctp_ep->sctp_lport);
 4097 #ifdef INVARIANTS
 4098         net->flowidset = 1;
 4099 #endif
 4100         if (netp) {
 4101                 *netp = net;
 4102         }
 4103         netfirst = TAILQ_FIRST(&stcb->asoc.nets);
 4104         if (net->ro.ro_rt == NULL) {
 4105                 /* Since we have no route put it at the back */
 4106                 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next);
 4107         } else if (netfirst == NULL) {
 4108                 /* We are the first one in the pool. */
 4109                 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
 4110         } else if (netfirst->ro.ro_rt == NULL) {
 4111                 /*
 4112                  * First one has NO route. Place this one ahead of the first
 4113                  * one.
 4114                  */
 4115                 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
 4116         } else if (net->ro.ro_rt->rt_ifp != netfirst->ro.ro_rt->rt_ifp) {
 4117                 /*
 4118                  * This one has a different interface than the one at the
 4119                  * top of the list. Place it ahead.
 4120                  */
 4121                 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
 4122         } else {
 4123                 /*
 4124                  * Ok we have the same interface as the first one. Move
 4125                  * forward until we find either a) one with a NULL route...
 4126                  * insert ahead of that b) one with a different ifp.. insert
 4127                  * after that. c) end of the list.. insert at the tail.
 4128                  */
 4129                 struct sctp_nets *netlook;
 4130 
 4131                 do {
 4132                         netlook = TAILQ_NEXT(netfirst, sctp_next);
 4133                         if (netlook == NULL) {
 4134                                 /* End of the list */
 4135                                 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next);
 4136                                 break;
 4137                         } else if (netlook->ro.ro_rt == NULL) {
 4138                                 /* next one has NO route */
 4139                                 TAILQ_INSERT_BEFORE(netfirst, net, sctp_next);
 4140                                 break;
 4141                         } else if (netlook->ro.ro_rt->rt_ifp != net->ro.ro_rt->rt_ifp) {
 4142                                 TAILQ_INSERT_AFTER(&stcb->asoc.nets, netlook,
 4143                                     net, sctp_next);
 4144                                 break;
 4145                         }
 4146                         /* Shift forward */
 4147                         netfirst = netlook;
 4148                 } while (netlook != NULL);
 4149         }
 4150 
 4151         /* got to have a primary set */
 4152         if (stcb->asoc.primary_destination == 0) {
 4153                 stcb->asoc.primary_destination = net;
 4154         } else if ((stcb->asoc.primary_destination->ro.ro_rt == NULL) &&
 4155                     (net->ro.ro_rt) &&
 4156             ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) {
 4157                 /* No route to current primary adopt new primary */
 4158                 stcb->asoc.primary_destination = net;
 4159         }
 4160         /* Validate primary is first */
 4161         net = TAILQ_FIRST(&stcb->asoc.nets);
 4162         if ((net != stcb->asoc.primary_destination) &&
 4163             (stcb->asoc.primary_destination)) {
 4164                 /*
 4165                  * first one on the list is NOT the primary sctp_cmpaddr()
 4166                  * is much more efficient if the primary is the first on the
 4167                  * list, make it so.
 4168                  */
 4169                 TAILQ_REMOVE(&stcb->asoc.nets,
 4170                     stcb->asoc.primary_destination, sctp_next);
 4171                 TAILQ_INSERT_HEAD(&stcb->asoc.nets,
 4172                     stcb->asoc.primary_destination, sctp_next);
 4173         }
 4174         return (0);
 4175 }
 4176 
 4177 
 4178 static uint32_t
 4179 sctp_aloc_a_assoc_id(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
 4180 {
 4181         uint32_t id;
 4182         struct sctpasochead *head;
 4183         struct sctp_tcb *lstcb;
 4184 
 4185         SCTP_INP_WLOCK(inp);
 4186 try_again:
 4187         if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
 4188                 /* TSNH */
 4189                 SCTP_INP_WUNLOCK(inp);
 4190                 return (0);
 4191         }
 4192         /*
 4193          * We don't allow assoc id to be one of SCTP_FUTURE_ASSOC,
 4194          * SCTP_CURRENT_ASSOC and SCTP_ALL_ASSOC.
 4195          */
 4196         if (inp->sctp_associd_counter <= SCTP_ALL_ASSOC) {
 4197                 inp->sctp_associd_counter = SCTP_ALL_ASSOC + 1;
 4198         }
 4199         id = inp->sctp_associd_counter;
 4200         inp->sctp_associd_counter++;
 4201         lstcb = sctp_findasoc_ep_asocid_locked(inp, (sctp_assoc_t) id, 0);
 4202         if (lstcb) {
 4203                 goto try_again;
 4204         }
 4205         head = &inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(id, inp->hashasocidmark)];
 4206         LIST_INSERT_HEAD(head, stcb, sctp_tcbasocidhash);
 4207         stcb->asoc.in_asocid_hash = 1;
 4208         SCTP_INP_WUNLOCK(inp);
 4209         return id;
 4210 }
 4211 
 4212 /*
 4213  * allocate an association and add it to the endpoint. The caller must be
 4214  * careful to add all additional addresses once they are know right away or
 4215  * else the assoc will be may experience a blackout scenario.
 4216  */
 4217 struct sctp_tcb *
 4218 sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
 4219     int *error, uint32_t override_tag, uint32_t vrf_id,
 4220     struct thread *p
 4221 )
 4222 {
 4223         /* note the p argument is only valid in unbound sockets */
 4224 
 4225         struct sctp_tcb *stcb;
 4226         struct sctp_association *asoc;
 4227         struct sctpasochead *head;
 4228         uint16_t rport;
 4229         int err;
 4230 
 4231         /*
 4232          * Assumption made here: Caller has done a
 4233          * sctp_findassociation_ep_addr(ep, addr's); to make sure the
 4234          * address does not exist already.
 4235          */
 4236         if (SCTP_BASE_INFO(ipi_count_asoc) >= SCTP_MAX_NUM_OF_ASOC) {
 4237                 /* Hit max assoc, sorry no more */
 4238                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
 4239                 *error = ENOBUFS;
 4240                 return (NULL);
 4241         }
 4242         if (firstaddr == NULL) {
 4243                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 4244                 *error = EINVAL;
 4245                 return (NULL);
 4246         }
 4247         SCTP_INP_RLOCK(inp);
 4248         if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) &&
 4249             ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_PORTREUSE)) ||
 4250             (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) {
 4251                 /*
 4252                  * If its in the TCP pool, its NOT allowed to create an
 4253                  * association. The parent listener needs to call
 4254                  * sctp_aloc_assoc.. or the one-2-many socket. If a peeled
 4255                  * off, or connected one does this.. its an error.
 4256                  */
 4257                 SCTP_INP_RUNLOCK(inp);
 4258                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 4259                 *error = EINVAL;
 4260                 return (NULL);
 4261         }
 4262         if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) ||
 4263             (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)) {
 4264                 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) ||
 4265                     (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED)) {
 4266                         SCTP_INP_RUNLOCK(inp);
 4267                         SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 4268                         *error = EINVAL;
 4269                         return (NULL);
 4270                 }
 4271         }
 4272         SCTPDBG(SCTP_DEBUG_PCB3, "Allocate an association for peer:");
 4273 #ifdef SCTP_DEBUG
 4274         if (firstaddr) {
 4275                 SCTPDBG_ADDR(SCTP_DEBUG_PCB3, firstaddr);
 4276                 switch (firstaddr->sa_family) {
 4277 #ifdef INET
 4278                 case AF_INET:
 4279                         SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n",
 4280                             ntohs(((struct sockaddr_in *)firstaddr)->sin_port));
 4281                         break;
 4282 #endif
 4283 #ifdef INET6
 4284                 case AF_INET6:
 4285                         SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n",
 4286                             ntohs(((struct sockaddr_in6 *)firstaddr)->sin6_port));
 4287                         break;
 4288 #endif
 4289                 default:
 4290                         break;
 4291                 }
 4292         } else {
 4293                 SCTPDBG(SCTP_DEBUG_PCB3, "None\n");
 4294         }
 4295 #endif                          /* SCTP_DEBUG */
 4296         switch (firstaddr->sa_family) {
 4297 #ifdef INET
 4298         case AF_INET:
 4299                 {
 4300                         struct sockaddr_in *sin;
 4301 
 4302                         sin = (struct sockaddr_in *)firstaddr;
 4303                         if ((ntohs(sin->sin_port) == 0) ||
 4304                             (sin->sin_addr.s_addr == INADDR_ANY) ||
 4305                             (sin->sin_addr.s_addr == INADDR_BROADCAST) ||
 4306                             IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) {
 4307                                 /* Invalid address */
 4308                                 SCTP_INP_RUNLOCK(inp);
 4309                                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 4310                                 *error = EINVAL;
 4311                                 return (NULL);
 4312                         }
 4313                         rport = sin->sin_port;
 4314                         break;
 4315                 }
 4316 #endif
 4317 #ifdef INET6
 4318         case AF_INET6:
 4319                 {
 4320                         struct sockaddr_in6 *sin6;
 4321 
 4322                         sin6 = (struct sockaddr_in6 *)firstaddr;
 4323                         if ((ntohs(sin6->sin6_port) == 0) ||
 4324                             IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) ||
 4325                             IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
 4326                                 /* Invalid address */
 4327                                 SCTP_INP_RUNLOCK(inp);
 4328                                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 4329                                 *error = EINVAL;
 4330                                 return (NULL);
 4331                         }
 4332                         rport = sin6->sin6_port;
 4333                         break;
 4334                 }
 4335 #endif
 4336         default:
 4337                 /* not supported family type */
 4338                 SCTP_INP_RUNLOCK(inp);
 4339                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 4340                 *error = EINVAL;
 4341                 return (NULL);
 4342         }
 4343         SCTP_INP_RUNLOCK(inp);
 4344         if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) {
 4345                 /*
 4346                  * If you have not performed a bind, then we need to do the
 4347                  * ephemeral bind for you.
 4348                  */
 4349                 if ((err = sctp_inpcb_bind(inp->sctp_socket,
 4350                     (struct sockaddr *)NULL,
 4351                     (struct sctp_ifa *)NULL,
 4352                     p
 4353                     ))) {
 4354                         /* bind error, probably perm */
 4355                         *error = err;
 4356                         return (NULL);
 4357                 }
 4358         }
 4359         stcb = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_asoc), struct sctp_tcb);
 4360         if (stcb == NULL) {
 4361                 /* out of memory? */
 4362                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM);
 4363                 *error = ENOMEM;
 4364                 return (NULL);
 4365         }
 4366         SCTP_INCR_ASOC_COUNT();
 4367 
 4368         bzero(stcb, sizeof(*stcb));
 4369         asoc = &stcb->asoc;
 4370 
 4371         asoc->assoc_id = sctp_aloc_a_assoc_id(inp, stcb);
 4372         SCTP_TCB_LOCK_INIT(stcb);
 4373         SCTP_TCB_SEND_LOCK_INIT(stcb);
 4374         stcb->rport = rport;
 4375         /* setup back pointer's */
 4376         stcb->sctp_ep = inp;
 4377         stcb->sctp_socket = inp->sctp_socket;
 4378         if ((err = sctp_init_asoc(inp, stcb, override_tag, vrf_id))) {
 4379                 /* failed */
 4380                 SCTP_TCB_LOCK_DESTROY(stcb);
 4381                 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
 4382                 LIST_REMOVE(stcb, sctp_tcbasocidhash);
 4383                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
 4384                 SCTP_DECR_ASOC_COUNT();
 4385                 *error = err;
 4386                 return (NULL);
 4387         }
 4388         /* and the port */
 4389         SCTP_INP_INFO_WLOCK();
 4390         SCTP_INP_WLOCK(inp);
 4391         if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
 4392                 /* inpcb freed while alloc going on */
 4393                 SCTP_TCB_LOCK_DESTROY(stcb);
 4394                 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
 4395                 LIST_REMOVE(stcb, sctp_tcbasocidhash);
 4396                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
 4397                 SCTP_INP_WUNLOCK(inp);
 4398                 SCTP_INP_INFO_WUNLOCK();
 4399                 SCTP_DECR_ASOC_COUNT();
 4400                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 4401                 *error = EINVAL;
 4402                 return (NULL);
 4403         }
 4404         SCTP_TCB_LOCK(stcb);
 4405 
 4406         /* now that my_vtag is set, add it to the hash */
 4407         head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))];
 4408         /* put it in the bucket in the vtag hash of assoc's for the system */
 4409         LIST_INSERT_HEAD(head, stcb, sctp_asocs);
 4410         SCTP_INP_INFO_WUNLOCK();
 4411 
 4412         if ((err = sctp_add_remote_addr(stcb, firstaddr, NULL, SCTP_DO_SETSCOPE, SCTP_ALLOC_ASOC))) {
 4413                 /* failure.. memory error? */
 4414                 if (asoc->strmout) {
 4415                         SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
 4416                         asoc->strmout = NULL;
 4417                 }
 4418                 if (asoc->mapping_array) {
 4419                         SCTP_FREE(asoc->mapping_array, SCTP_M_MAP);
 4420                         asoc->mapping_array = NULL;
 4421                 }
 4422                 if (asoc->nr_mapping_array) {
 4423                         SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP);
 4424                         asoc->nr_mapping_array = NULL;
 4425                 }
 4426                 SCTP_DECR_ASOC_COUNT();
 4427                 SCTP_TCB_LOCK_DESTROY(stcb);
 4428                 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
 4429                 LIST_REMOVE(stcb, sctp_tcbasocidhash);
 4430                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
 4431                 SCTP_INP_WUNLOCK(inp);
 4432                 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
 4433                 *error = ENOBUFS;
 4434                 return (NULL);
 4435         }
 4436         /* Init all the timers */
 4437         SCTP_OS_TIMER_INIT(&asoc->dack_timer.timer);
 4438         SCTP_OS_TIMER_INIT(&asoc->strreset_timer.timer);
 4439         SCTP_OS_TIMER_INIT(&asoc->asconf_timer.timer);
 4440         SCTP_OS_TIMER_INIT(&asoc->shut_guard_timer.timer);
 4441         SCTP_OS_TIMER_INIT(&asoc->autoclose_timer.timer);
 4442         SCTP_OS_TIMER_INIT(&asoc->delayed_event_timer.timer);
 4443         SCTP_OS_TIMER_INIT(&asoc->delete_prim_timer.timer);
 4444 
 4445         LIST_INSERT_HEAD(&inp->sctp_asoc_list, stcb, sctp_tcblist);
 4446         /* now file the port under the hash as well */
 4447         if (inp->sctp_tcbhash != NULL) {
 4448                 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(stcb->rport,
 4449                     inp->sctp_hashmark)];
 4450                 LIST_INSERT_HEAD(head, stcb, sctp_tcbhash);
 4451         }
 4452         SCTP_INP_WUNLOCK(inp);
 4453         SCTPDBG(SCTP_DEBUG_PCB1, "Association %p now allocated\n", stcb);
 4454         return (stcb);
 4455 }
 4456 
 4457 
 4458 void
 4459 sctp_remove_net(struct sctp_tcb *stcb, struct sctp_nets *net)
 4460 {
 4461         struct sctp_association *asoc;
 4462 
 4463         asoc = &stcb->asoc;
 4464         asoc->numnets--;
 4465         TAILQ_REMOVE(&asoc->nets, net, sctp_next);
 4466         if (net == asoc->primary_destination) {
 4467                 /* Reset primary */
 4468                 struct sctp_nets *lnet;
 4469 
 4470                 lnet = TAILQ_FIRST(&asoc->nets);
 4471                 /*
 4472                  * Mobility adaptation Ideally, if deleted destination is
 4473                  * the primary, it becomes a fast retransmission trigger by
 4474                  * the subsequent SET PRIMARY. (by micchie)
 4475                  */
 4476                 if (sctp_is_mobility_feature_on(stcb->sctp_ep,
 4477                     SCTP_MOBILITY_BASE) ||
 4478                     sctp_is_mobility_feature_on(stcb->sctp_ep,
 4479                     SCTP_MOBILITY_FASTHANDOFF)) {
 4480                         SCTPDBG(SCTP_DEBUG_ASCONF1, "remove_net: primary dst is deleting\n");
 4481                         if (asoc->deleted_primary != NULL) {
 4482                                 SCTPDBG(SCTP_DEBUG_ASCONF1, "remove_net: deleted primary may be already stored\n");
 4483                                 goto out;
 4484                         }
 4485                         asoc->deleted_primary = net;
 4486                         atomic_add_int(&net->ref_count, 1);
 4487                         memset(&net->lastsa, 0, sizeof(net->lastsa));
 4488                         memset(&net->lastsv, 0, sizeof(net->lastsv));
 4489                         sctp_mobility_feature_on(stcb->sctp_ep,
 4490                             SCTP_MOBILITY_PRIM_DELETED);
 4491                         sctp_timer_start(SCTP_TIMER_TYPE_PRIM_DELETED,
 4492                             stcb->sctp_ep, stcb, NULL);
 4493                 }
 4494 out:
 4495                 /* Try to find a confirmed primary */
 4496                 asoc->primary_destination = sctp_find_alternate_net(stcb, lnet, 0);
 4497         }
 4498         if (net == asoc->last_data_chunk_from) {
 4499                 /* Reset primary */
 4500                 asoc->last_data_chunk_from = TAILQ_FIRST(&asoc->nets);
 4501         }
 4502         if (net == asoc->last_control_chunk_from) {
 4503                 /* Clear net */
 4504                 asoc->last_control_chunk_from = NULL;
 4505         }
 4506         if (net == stcb->asoc.alternate) {
 4507                 sctp_free_remote_addr(stcb->asoc.alternate);
 4508                 stcb->asoc.alternate = NULL;
 4509         }
 4510         sctp_free_remote_addr(net);
 4511 }
 4512 
 4513 /*
 4514  * remove a remote endpoint address from an association, it will fail if the
 4515  * address does not exist.
 4516  */
 4517 int
 4518 sctp_del_remote_addr(struct sctp_tcb *stcb, struct sockaddr *remaddr)
 4519 {
 4520         /*
 4521          * Here we need to remove a remote address. This is quite simple, we
 4522          * first find it in the list of address for the association
 4523          * (tasoc->asoc.nets) and then if it is there, we do a LIST_REMOVE
 4524          * on that item. Note we do not allow it to be removed if there are
 4525          * no other addresses.
 4526          */
 4527         struct sctp_association *asoc;
 4528         struct sctp_nets *net, *nnet;
 4529 
 4530         asoc = &stcb->asoc;
 4531 
 4532         /* locate the address */
 4533         TAILQ_FOREACH_SAFE(net, &asoc->nets, sctp_next, nnet) {
 4534                 if (net->ro._l_addr.sa.sa_family != remaddr->sa_family) {
 4535                         continue;
 4536                 }
 4537                 if (sctp_cmpaddr((struct sockaddr *)&net->ro._l_addr,
 4538                     remaddr)) {
 4539                         /* we found the guy */
 4540                         if (asoc->numnets < 2) {
 4541                                 /* Must have at LEAST two remote addresses */
 4542                                 return (-1);
 4543                         } else {
 4544                                 sctp_remove_net(stcb, net);
 4545                                 return (0);
 4546                         }
 4547                 }
 4548         }
 4549         /* not found. */
 4550         return (-2);
 4551 }
 4552 
 4553 void
 4554 sctp_delete_from_timewait(uint32_t tag, uint16_t lport, uint16_t rport)
 4555 {
 4556         struct sctpvtaghead *chain;
 4557         struct sctp_tagblock *twait_block;
 4558         int found = 0;
 4559         int i;
 4560 
 4561         chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
 4562         if (!LIST_EMPTY(chain)) {
 4563                 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
 4564                         for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
 4565                                 if ((twait_block->vtag_block[i].v_tag == tag) &&
 4566                                     (twait_block->vtag_block[i].lport == lport) &&
 4567                                     (twait_block->vtag_block[i].rport == rport)) {
 4568                                         twait_block->vtag_block[i].tv_sec_at_expire = 0;
 4569                                         twait_block->vtag_block[i].v_tag = 0;
 4570                                         twait_block->vtag_block[i].lport = 0;
 4571                                         twait_block->vtag_block[i].rport = 0;
 4572                                         found = 1;
 4573                                         break;
 4574                                 }
 4575                         }
 4576                         if (found)
 4577                                 break;
 4578                 }
 4579         }
 4580 }
 4581 
 4582 int
 4583 sctp_is_in_timewait(uint32_t tag, uint16_t lport, uint16_t rport)
 4584 {
 4585         struct sctpvtaghead *chain;
 4586         struct sctp_tagblock *twait_block;
 4587         int found = 0;
 4588         int i;
 4589 
 4590         SCTP_INP_INFO_WLOCK();
 4591         chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
 4592         if (!LIST_EMPTY(chain)) {
 4593                 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
 4594                         for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
 4595                                 if ((twait_block->vtag_block[i].v_tag == tag) &&
 4596                                     (twait_block->vtag_block[i].lport == lport) &&
 4597                                     (twait_block->vtag_block[i].rport == rport)) {
 4598                                         found = 1;
 4599                                         break;
 4600                                 }
 4601                         }
 4602                         if (found)
 4603                                 break;
 4604                 }
 4605         }
 4606         SCTP_INP_INFO_WUNLOCK();
 4607         return (found);
 4608 }
 4609 
 4610 
 4611 void
 4612 sctp_add_vtag_to_timewait(uint32_t tag, uint32_t time, uint16_t lport, uint16_t rport)
 4613 {
 4614         struct sctpvtaghead *chain;
 4615         struct sctp_tagblock *twait_block;
 4616         struct timeval now;
 4617         int set, i;
 4618 
 4619         if (time == 0) {
 4620                 /* Its disabled */
 4621                 return;
 4622         }
 4623         (void)SCTP_GETTIME_TIMEVAL(&now);
 4624         chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
 4625         set = 0;
 4626         if (!LIST_EMPTY(chain)) {
 4627                 /* Block(s) present, lets find space, and expire on the fly */
 4628                 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
 4629                         for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
 4630                                 if ((twait_block->vtag_block[i].v_tag == 0) &&
 4631                                     !set) {
 4632                                         twait_block->vtag_block[i].tv_sec_at_expire =
 4633                                             now.tv_sec + time;
 4634                                         twait_block->vtag_block[i].v_tag = tag;
 4635                                         twait_block->vtag_block[i].lport = lport;
 4636                                         twait_block->vtag_block[i].rport = rport;
 4637                                         set = 1;
 4638                                 } else if ((twait_block->vtag_block[i].v_tag) &&
 4639                                     ((long)twait_block->vtag_block[i].tv_sec_at_expire < now.tv_sec)) {
 4640                                         /* Audit expires this guy */
 4641                                         twait_block->vtag_block[i].tv_sec_at_expire = 0;
 4642                                         twait_block->vtag_block[i].v_tag = 0;
 4643                                         twait_block->vtag_block[i].lport = 0;
 4644                                         twait_block->vtag_block[i].rport = 0;
 4645                                         if (set == 0) {
 4646                                                 /* Reuse it for my new tag */
 4647                                                 twait_block->vtag_block[i].tv_sec_at_expire = now.tv_sec + time;
 4648                                                 twait_block->vtag_block[i].v_tag = tag;
 4649                                                 twait_block->vtag_block[i].lport = lport;
 4650                                                 twait_block->vtag_block[i].rport = rport;
 4651                                                 set = 1;
 4652                                         }
 4653                                 }
 4654                         }
 4655                         if (set) {
 4656                                 /*
 4657                                  * We only do up to the block where we can
 4658                                  * place our tag for audits
 4659                                  */
 4660                                 break;
 4661                         }
 4662                 }
 4663         }
 4664         /* Need to add a new block to chain */
 4665         if (!set) {
 4666                 SCTP_MALLOC(twait_block, struct sctp_tagblock *,
 4667                     sizeof(struct sctp_tagblock), SCTP_M_TIMW);
 4668                 if (twait_block == NULL) {
 4669 #ifdef INVARIANTS
 4670                         panic("Can not alloc tagblock");
 4671 #endif
 4672                         return;
 4673                 }
 4674                 memset(twait_block, 0, sizeof(struct sctp_tagblock));
 4675                 LIST_INSERT_HEAD(chain, twait_block, sctp_nxt_tagblock);
 4676                 twait_block->vtag_block[0].tv_sec_at_expire = now.tv_sec + time;
 4677                 twait_block->vtag_block[0].v_tag = tag;
 4678                 twait_block->vtag_block[0].lport = lport;
 4679                 twait_block->vtag_block[0].rport = rport;
 4680         }
 4681 }
 4682 
 4683 
 4684 
 4685 /*-
 4686  * Free the association after un-hashing the remote port. This
 4687  * function ALWAYS returns holding NO LOCK on the stcb. It DOES
 4688  * expect that the input to this function IS a locked TCB.
 4689  * It will return 0, if it did NOT destroy the association (instead
 4690  * it unlocks it. It will return NON-zero if it either destroyed the
 4691  * association OR the association is already destroyed.
 4692  */
 4693 int
 4694 sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int from_inpcbfree, int from_location)
 4695 {
 4696         int i;
 4697         struct sctp_association *asoc;
 4698         struct sctp_nets *net, *nnet;
 4699         struct sctp_laddr *laddr, *naddr;
 4700         struct sctp_tmit_chunk *chk, *nchk;
 4701         struct sctp_asconf_addr *aparam, *naparam;
 4702         struct sctp_asconf_ack *aack, *naack;
 4703         struct sctp_stream_reset_list *strrst, *nstrrst;
 4704         struct sctp_queued_to_read *sq, *nsq;
 4705         struct sctp_stream_queue_pending *sp, *nsp;
 4706         sctp_sharedkey_t *shared_key, *nshared_key;
 4707         struct socket *so;
 4708 
 4709         /* first, lets purge the entry from the hash table. */
 4710 
 4711 #ifdef SCTP_LOG_CLOSING
 4712         sctp_log_closing(inp, stcb, 6);
 4713 #endif
 4714         if (stcb->asoc.state == 0) {
 4715 #ifdef SCTP_LOG_CLOSING
 4716                 sctp_log_closing(inp, NULL, 7);
 4717 #endif
 4718                 /* there is no asoc, really TSNH :-0 */
 4719                 return (1);
 4720         }
 4721         if (stcb->asoc.alternate) {
 4722                 sctp_free_remote_addr(stcb->asoc.alternate);
 4723                 stcb->asoc.alternate = NULL;
 4724         }
 4725         /* TEMP CODE */
 4726         if (stcb->freed_from_where == 0) {
 4727                 /* Only record the first place free happened from */
 4728                 stcb->freed_from_where = from_location;
 4729         }
 4730         /* TEMP CODE */
 4731 
 4732         asoc = &stcb->asoc;
 4733         if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
 4734             (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
 4735                 /* nothing around */
 4736                 so = NULL;
 4737         else
 4738                 so = inp->sctp_socket;
 4739 
 4740         /*
 4741          * We used timer based freeing if a reader or writer is in the way.
 4742          * So we first check if we are actually being called from a timer,
 4743          * if so we abort early if a reader or writer is still in the way.
 4744          */
 4745         if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) &&
 4746             (from_inpcbfree == SCTP_NORMAL_PROC)) {
 4747                 /*
 4748                  * is it the timer driving us? if so are the reader/writers
 4749                  * gone?
 4750                  */
 4751                 if (stcb->asoc.refcnt) {
 4752                         /* nope, reader or writer in the way */
 4753                         sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
 4754                         /* no asoc destroyed */
 4755                         SCTP_TCB_UNLOCK(stcb);
 4756 #ifdef SCTP_LOG_CLOSING
 4757                         sctp_log_closing(inp, stcb, 8);
 4758 #endif
 4759                         return (0);
 4760                 }
 4761         }
 4762         /* now clean up any other timers */
 4763         (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer);
 4764         asoc->dack_timer.self = NULL;
 4765         (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer);
 4766         /*-
 4767          * For stream reset we don't blast this unless
 4768          * it is a str-reset timer, it might be the
 4769          * free-asoc timer which we DON'T want to
 4770          * disturb.
 4771          */
 4772         if (asoc->strreset_timer.type == SCTP_TIMER_TYPE_STRRESET)
 4773                 asoc->strreset_timer.self = NULL;
 4774         (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer);
 4775         asoc->asconf_timer.self = NULL;
 4776         (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer);
 4777         asoc->autoclose_timer.self = NULL;
 4778         (void)SCTP_OS_TIMER_STOP(&asoc->shut_guard_timer.timer);
 4779         asoc->shut_guard_timer.self = NULL;
 4780         (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer);
 4781         asoc->delayed_event_timer.self = NULL;
 4782         /* Mobility adaptation */
 4783         (void)SCTP_OS_TIMER_STOP(&asoc->delete_prim_timer.timer);
 4784         asoc->delete_prim_timer.self = NULL;
 4785         TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
 4786                 (void)SCTP_OS_TIMER_STOP(&net->rxt_timer.timer);
 4787                 net->rxt_timer.self = NULL;
 4788                 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer);
 4789                 net->pmtu_timer.self = NULL;
 4790                 (void)SCTP_OS_TIMER_STOP(&net->hb_timer.timer);
 4791                 net->hb_timer.self = NULL;
 4792         }
 4793         /* Now the read queue needs to be cleaned up (only once) */
 4794         if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0) {
 4795                 stcb->asoc.state |= SCTP_STATE_ABOUT_TO_BE_FREED;
 4796                 SCTP_INP_READ_LOCK(inp);
 4797                 TAILQ_FOREACH(sq, &inp->read_queue, next) {
 4798                         if (sq->stcb == stcb) {
 4799                                 sq->do_not_ref_stcb = 1;
 4800                                 sq->sinfo_cumtsn = stcb->asoc.cumulative_tsn;
 4801                                 /*
 4802                                  * If there is no end, there never will be
 4803                                  * now.
 4804                                  */
 4805                                 if (sq->end_added == 0) {
 4806                                         /* Held for PD-API clear that. */
 4807                                         sq->pdapi_aborted = 1;
 4808                                         sq->held_length = 0;
 4809                                         if (sctp_stcb_is_feature_on(inp, stcb, SCTP_PCB_FLAGS_PDAPIEVNT) && (so != NULL)) {
 4810                                                 /*
 4811                                                  * Need to add a PD-API
 4812                                                  * aborted indication.
 4813                                                  * Setting the control_pdapi
 4814                                                  * assures that it will be
 4815                                                  * added right after this
 4816                                                  * msg.
 4817                                                  */
 4818                                                 uint32_t strseq;
 4819 
 4820                                                 stcb->asoc.control_pdapi = sq;
 4821                                                 strseq = (sq->sinfo_stream << 16) | sq->sinfo_ssn;
 4822                                                 sctp_ulp_notify(SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION,
 4823                                                     stcb,
 4824                                                     SCTP_PARTIAL_DELIVERY_ABORTED,
 4825                                                     (void *)&strseq,
 4826                                                     SCTP_SO_LOCKED);
 4827                                                 stcb->asoc.control_pdapi = NULL;
 4828                                         }
 4829                                 }
 4830                                 /* Add an end to wake them */
 4831                                 sq->end_added = 1;
 4832                         }
 4833                 }
 4834                 SCTP_INP_READ_UNLOCK(inp);
 4835                 if (stcb->block_entry) {
 4836                         SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_PCB, ECONNRESET);
 4837                         stcb->block_entry->error = ECONNRESET;
 4838                         stcb->block_entry = NULL;
 4839                 }
 4840         }
 4841         if ((stcb->asoc.refcnt) || (stcb->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE)) {
 4842                 /*
 4843                  * Someone holds a reference OR the socket is unaccepted
 4844                  * yet.
 4845                  */
 4846                 if ((stcb->asoc.refcnt) ||
 4847                     (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
 4848                     (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) {
 4849                         stcb->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE;
 4850                         sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
 4851                 }
 4852                 SCTP_TCB_UNLOCK(stcb);
 4853                 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
 4854                     (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
 4855                         /* nothing around */
 4856                         so = NULL;
 4857                 if (so) {
 4858                         /* Wake any reader/writers */
 4859                         sctp_sorwakeup(inp, so);
 4860                         sctp_sowwakeup(inp, so);
 4861                 }
 4862 #ifdef SCTP_LOG_CLOSING
 4863                 sctp_log_closing(inp, stcb, 9);
 4864 #endif
 4865                 /* no asoc destroyed */
 4866                 return (0);
 4867         }
 4868 #ifdef SCTP_LOG_CLOSING
 4869         sctp_log_closing(inp, stcb, 10);
 4870 #endif
 4871         /*
 4872          * When I reach here, no others want to kill the assoc yet.. and I
 4873          * own the lock. Now its possible an abort comes in when I do the
 4874          * lock exchange below to grab all the locks to do the final take
 4875          * out. to prevent this we increment the count, which will start a
 4876          * timer and blow out above thus assuring us that we hold exclusive
 4877          * killing of the asoc. Note that after getting back the TCB lock we
 4878          * will go ahead and increment the counter back up and stop any
 4879          * timer a passing stranger may have started :-S
 4880          */
 4881         if (from_inpcbfree == SCTP_NORMAL_PROC) {
 4882                 atomic_add_int(&stcb->asoc.refcnt, 1);
 4883 
 4884                 SCTP_TCB_UNLOCK(stcb);
 4885                 SCTP_INP_INFO_WLOCK();
 4886                 SCTP_INP_WLOCK(inp);
 4887                 SCTP_TCB_LOCK(stcb);
 4888         }
 4889         /* Double check the GONE flag */
 4890         if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
 4891             (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
 4892                 /* nothing around */
 4893                 so = NULL;
 4894 
 4895         if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
 4896             (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
 4897                 /*
 4898                  * For TCP type we need special handling when we are
 4899                  * connected. We also include the peel'ed off ones to.
 4900                  */
 4901                 if (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) {
 4902                         inp->sctp_flags &= ~SCTP_PCB_FLAGS_CONNECTED;
 4903                         inp->sctp_flags |= SCTP_PCB_FLAGS_WAS_CONNECTED;
 4904                         if (so) {
 4905                                 SOCK_LOCK(so);
 4906                                 if (so->so_rcv.sb_cc == 0) {
 4907                                         so->so_state &= ~(SS_ISCONNECTING |
 4908                                             SS_ISDISCONNECTING |
 4909                                             SS_ISCONFIRMING |
 4910                                             SS_ISCONNECTED);
 4911                                 }
 4912                                 socantrcvmore_locked(so);
 4913                                 sctp_sowwakeup(inp, so);
 4914                                 sctp_sorwakeup(inp, so);
 4915                                 SCTP_SOWAKEUP(so);
 4916                         }
 4917                 }
 4918         }
 4919         /*
 4920          * Make it invalid too, that way if its about to run it will abort
 4921          * and return.
 4922          */
 4923         /* re-increment the lock */
 4924         if (from_inpcbfree == SCTP_NORMAL_PROC) {
 4925                 atomic_add_int(&stcb->asoc.refcnt, -1);
 4926         }
 4927         if (stcb->asoc.refcnt) {
 4928                 stcb->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE;
 4929                 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
 4930                 if (from_inpcbfree == SCTP_NORMAL_PROC) {
 4931                         SCTP_INP_INFO_WUNLOCK();
 4932                         SCTP_INP_WUNLOCK(inp);
 4933                 }
 4934                 SCTP_TCB_UNLOCK(stcb);
 4935                 return (0);
 4936         }
 4937         asoc->state = 0;
 4938         if (inp->sctp_tcbhash) {
 4939                 LIST_REMOVE(stcb, sctp_tcbhash);
 4940         }
 4941         if (stcb->asoc.in_asocid_hash) {
 4942                 LIST_REMOVE(stcb, sctp_tcbasocidhash);
 4943         }
 4944         /* Now lets remove it from the list of ALL associations in the EP */
 4945         LIST_REMOVE(stcb, sctp_tcblist);
 4946         if (from_inpcbfree == SCTP_NORMAL_PROC) {
 4947                 SCTP_INP_INCR_REF(inp);
 4948                 SCTP_INP_WUNLOCK(inp);
 4949         }
 4950         /* pull from vtag hash */
 4951         LIST_REMOVE(stcb, sctp_asocs);
 4952         sctp_add_vtag_to_timewait(asoc->my_vtag, SCTP_BASE_SYSCTL(sctp_vtag_time_wait),
 4953             inp->sctp_lport, stcb->rport);
 4954 
 4955         /*
 4956          * Now restop the timers to be sure this is paranoia at is finest!
 4957          */
 4958         (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer);
 4959         (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer);
 4960         (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer);
 4961         (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer);
 4962         (void)SCTP_OS_TIMER_STOP(&asoc->shut_guard_timer.timer);
 4963         (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer);
 4964         (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer);
 4965         TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
 4966                 (void)SCTP_OS_TIMER_STOP(&net->rxt_timer.timer);
 4967                 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer);
 4968                 (void)SCTP_OS_TIMER_STOP(&net->hb_timer.timer);
 4969         }
 4970 
 4971         asoc->strreset_timer.type = SCTP_TIMER_TYPE_NONE;
 4972         /*
 4973          * The chunk lists and such SHOULD be empty but we check them just
 4974          * in case.
 4975          */
 4976         /* anything on the wheel needs to be removed */
 4977         for (i = 0; i < asoc->streamoutcnt; i++) {
 4978                 struct sctp_stream_out *outs;
 4979 
 4980                 outs = &asoc->strmout[i];
 4981                 /* now clean up any chunks here */
 4982                 TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) {
 4983                         TAILQ_REMOVE(&outs->outqueue, sp, next);
 4984                         sctp_free_spbufspace(stcb, asoc, sp);
 4985                         if (sp->data) {
 4986                                 if (so) {
 4987                                         /* Still an open socket - report */
 4988                                         sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb,
 4989                                             0, (void *)sp, SCTP_SO_LOCKED);
 4990                                 }
 4991                                 if (sp->data) {
 4992                                         sctp_m_freem(sp->data);
 4993                                         sp->data = NULL;
 4994                                         sp->tail_mbuf = NULL;
 4995                                         sp->length = 0;
 4996                                 }
 4997                         }
 4998                         if (sp->net) {
 4999                                 sctp_free_remote_addr(sp->net);
 5000                                 sp->net = NULL;
 5001                         }
 5002                         sctp_free_a_strmoq(stcb, sp, SCTP_SO_LOCKED);
 5003                 }
 5004         }
 5005         /* sa_ignore FREED_MEMORY */
 5006         TAILQ_FOREACH_SAFE(strrst, &asoc->resetHead, next_resp, nstrrst) {
 5007                 TAILQ_REMOVE(&asoc->resetHead, strrst, next_resp);
 5008                 SCTP_FREE(strrst, SCTP_M_STRESET);
 5009         }
 5010         TAILQ_FOREACH_SAFE(sq, &asoc->pending_reply_queue, next, nsq) {
 5011                 TAILQ_REMOVE(&asoc->pending_reply_queue, sq, next);
 5012                 if (sq->data) {
 5013                         sctp_m_freem(sq->data);
 5014                         sq->data = NULL;
 5015                 }
 5016                 sctp_free_remote_addr(sq->whoFrom);
 5017                 sq->whoFrom = NULL;
 5018                 sq->stcb = NULL;
 5019                 /* Free the ctl entry */
 5020                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), sq);
 5021                 SCTP_DECR_READQ_COUNT();
 5022                 /* sa_ignore FREED_MEMORY */
 5023         }
 5024         TAILQ_FOREACH_SAFE(chk, &asoc->free_chunks, sctp_next, nchk) {
 5025                 TAILQ_REMOVE(&asoc->free_chunks, chk, sctp_next);
 5026                 if (chk->data) {
 5027                         sctp_m_freem(chk->data);
 5028                         chk->data = NULL;
 5029                 }
 5030                 if (chk->holds_key_ref)
 5031                         sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
 5032                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
 5033                 SCTP_DECR_CHK_COUNT();
 5034                 atomic_subtract_int(&SCTP_BASE_INFO(ipi_free_chunks), 1);
 5035                 asoc->free_chunk_cnt--;
 5036                 /* sa_ignore FREED_MEMORY */
 5037         }
 5038         /* pending send queue SHOULD be empty */
 5039         TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) {
 5040                 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next);
 5041                 if (chk->data) {
 5042                         if (so) {
 5043                                 /* Still a socket? */
 5044                                 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb,
 5045                                     0, chk, SCTP_SO_LOCKED);
 5046                         }
 5047                         if (chk->data) {
 5048                                 sctp_m_freem(chk->data);
 5049                                 chk->data = NULL;
 5050                         }
 5051                 }
 5052                 if (chk->holds_key_ref)
 5053                         sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
 5054                 if (chk->whoTo) {
 5055                         sctp_free_remote_addr(chk->whoTo);
 5056                         chk->whoTo = NULL;
 5057                 }
 5058                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
 5059                 SCTP_DECR_CHK_COUNT();
 5060                 /* sa_ignore FREED_MEMORY */
 5061         }
 5062         /* sent queue SHOULD be empty */
 5063         TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) {
 5064                 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
 5065                 if (chk->data) {
 5066                         if (so) {
 5067                                 /* Still a socket? */
 5068                                 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb,
 5069                                     0, chk, SCTP_SO_LOCKED);
 5070                         }
 5071                         if (chk->data) {
 5072                                 sctp_m_freem(chk->data);
 5073                                 chk->data = NULL;
 5074                         }
 5075                 }
 5076                 if (chk->holds_key_ref)
 5077                         sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
 5078                 sctp_free_remote_addr(chk->whoTo);
 5079                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
 5080                 SCTP_DECR_CHK_COUNT();
 5081                 /* sa_ignore FREED_MEMORY */
 5082         }
 5083         /* control queue MAY not be empty */
 5084         TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) {
 5085                 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
 5086                 if (chk->data) {
 5087                         sctp_m_freem(chk->data);
 5088                         chk->data = NULL;
 5089                 }
 5090                 if (chk->holds_key_ref)
 5091                         sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
 5092                 sctp_free_remote_addr(chk->whoTo);
 5093                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
 5094                 SCTP_DECR_CHK_COUNT();
 5095                 /* sa_ignore FREED_MEMORY */
 5096         }
 5097         /* ASCONF queue MAY not be empty */
 5098         TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) {
 5099                 TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next);
 5100                 if (chk->data) {
 5101                         sctp_m_freem(chk->data);
 5102                         chk->data = NULL;
 5103                 }
 5104                 if (chk->holds_key_ref)
 5105                         sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
 5106                 sctp_free_remote_addr(chk->whoTo);
 5107                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
 5108                 SCTP_DECR_CHK_COUNT();
 5109                 /* sa_ignore FREED_MEMORY */
 5110         }
 5111         TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
 5112                 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
 5113                 if (chk->data) {
 5114                         sctp_m_freem(chk->data);
 5115                         chk->data = NULL;
 5116                 }
 5117                 if (chk->holds_key_ref)
 5118                         sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
 5119                 sctp_free_remote_addr(chk->whoTo);
 5120                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
 5121                 SCTP_DECR_CHK_COUNT();
 5122                 /* sa_ignore FREED_MEMORY */
 5123         }
 5124 
 5125         if (asoc->mapping_array) {
 5126                 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP);
 5127                 asoc->mapping_array = NULL;
 5128         }
 5129         if (asoc->nr_mapping_array) {
 5130                 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP);
 5131                 asoc->nr_mapping_array = NULL;
 5132         }
 5133         /* the stream outs */
 5134         if (asoc->strmout) {
 5135                 SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
 5136                 asoc->strmout = NULL;
 5137         }
 5138         asoc->strm_realoutsize = asoc->streamoutcnt = 0;
 5139         if (asoc->strmin) {
 5140                 struct sctp_queued_to_read *ctl, *nctl;
 5141 
 5142                 for (i = 0; i < asoc->streamincnt; i++) {
 5143                         TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[i].inqueue, next, nctl) {
 5144                                 TAILQ_REMOVE(&asoc->strmin[i].inqueue, ctl, next);
 5145                                 sctp_free_remote_addr(ctl->whoFrom);
 5146                                 if (ctl->data) {
 5147                                         sctp_m_freem(ctl->data);
 5148                                         ctl->data = NULL;
 5149                                 }
 5150                                 /*
 5151                                  * We don't free the address here since all
 5152                                  * the net's were freed above.
 5153                                  */
 5154                                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), ctl);
 5155                                 SCTP_DECR_READQ_COUNT();
 5156                         }
 5157                 }
 5158                 SCTP_FREE(asoc->strmin, SCTP_M_STRMI);
 5159                 asoc->strmin = NULL;
 5160         }
 5161         asoc->streamincnt = 0;
 5162         TAILQ_FOREACH_SAFE(net, &asoc->nets, sctp_next, nnet) {
 5163 #ifdef INVARIANTS
 5164                 if (SCTP_BASE_INFO(ipi_count_raddr) == 0) {
 5165                         panic("no net's left alloc'ed, or list points to itself");
 5166                 }
 5167 #endif
 5168                 TAILQ_REMOVE(&asoc->nets, net, sctp_next);
 5169                 sctp_free_remote_addr(net);
 5170         }
 5171         LIST_FOREACH_SAFE(laddr, &asoc->sctp_restricted_addrs, sctp_nxt_addr, naddr) {
 5172                 /* sa_ignore FREED_MEMORY */
 5173                 sctp_remove_laddr(laddr);
 5174         }
 5175 
 5176         /* pending asconf (address) parameters */
 5177         TAILQ_FOREACH_SAFE(aparam, &asoc->asconf_queue, next, naparam) {
 5178                 /* sa_ignore FREED_MEMORY */
 5179                 TAILQ_REMOVE(&asoc->asconf_queue, aparam, next);
 5180                 SCTP_FREE(aparam, SCTP_M_ASC_ADDR);
 5181         }
 5182         TAILQ_FOREACH_SAFE(aack, &asoc->asconf_ack_sent, next, naack) {
 5183                 /* sa_ignore FREED_MEMORY */
 5184                 TAILQ_REMOVE(&asoc->asconf_ack_sent, aack, next);
 5185                 if (aack->data != NULL) {
 5186                         sctp_m_freem(aack->data);
 5187                 }
 5188                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asconf_ack), aack);
 5189         }
 5190         /* clean up auth stuff */
 5191         if (asoc->local_hmacs)
 5192                 sctp_free_hmaclist(asoc->local_hmacs);
 5193         if (asoc->peer_hmacs)
 5194                 sctp_free_hmaclist(asoc->peer_hmacs);
 5195 
 5196         if (asoc->local_auth_chunks)
 5197                 sctp_free_chunklist(asoc->local_auth_chunks);
 5198         if (asoc->peer_auth_chunks)
 5199                 sctp_free_chunklist(asoc->peer_auth_chunks);
 5200 
 5201         sctp_free_authinfo(&asoc->authinfo);
 5202 
 5203         LIST_FOREACH_SAFE(shared_key, &asoc->shared_keys, next, nshared_key) {
 5204                 LIST_REMOVE(shared_key, next);
 5205                 sctp_free_sharedkey(shared_key);
 5206                 /* sa_ignore FREED_MEMORY */
 5207         }
 5208 
 5209         /* Insert new items here :> */
 5210 
 5211         /* Get rid of LOCK */
 5212         SCTP_TCB_LOCK_DESTROY(stcb);
 5213         SCTP_TCB_SEND_LOCK_DESTROY(stcb);
 5214         if (from_inpcbfree == SCTP_NORMAL_PROC) {
 5215                 SCTP_INP_INFO_WUNLOCK();
 5216                 SCTP_INP_RLOCK(inp);
 5217         }
 5218 #ifdef SCTP_TRACK_FREED_ASOCS
 5219         if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
 5220                 /* now clean up the tasoc itself */
 5221                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
 5222                 SCTP_DECR_ASOC_COUNT();
 5223         } else {
 5224                 LIST_INSERT_HEAD(&inp->sctp_asoc_free_list, stcb, sctp_tcblist);
 5225         }
 5226 #else
 5227         SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
 5228         SCTP_DECR_ASOC_COUNT();
 5229 #endif
 5230         if (from_inpcbfree == SCTP_NORMAL_PROC) {
 5231                 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
 5232                         /*
 5233                          * If its NOT the inp_free calling us AND sctp_close
 5234                          * as been called, we call back...
 5235                          */
 5236                         SCTP_INP_RUNLOCK(inp);
 5237                         /*
 5238                          * This will start the kill timer (if we are the
 5239                          * last one) since we hold an increment yet. But
 5240                          * this is the only safe way to do this since
 5241                          * otherwise if the socket closes at the same time
 5242                          * we are here we might collide in the cleanup.
 5243                          */
 5244                         sctp_inpcb_free(inp,
 5245                             SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE,
 5246                             SCTP_CALLED_DIRECTLY_NOCMPSET);
 5247                         SCTP_INP_DECR_REF(inp);
 5248                         goto out_of;
 5249                 } else {
 5250                         /* The socket is still open. */
 5251                         SCTP_INP_DECR_REF(inp);
 5252                 }
 5253         }
 5254         if (from_inpcbfree == SCTP_NORMAL_PROC) {
 5255                 SCTP_INP_RUNLOCK(inp);
 5256         }
 5257 out_of:
 5258         /* destroyed the asoc */
 5259 #ifdef SCTP_LOG_CLOSING
 5260         sctp_log_closing(inp, NULL, 11);
 5261 #endif
 5262         return (1);
 5263 }
 5264 
 5265 
 5266 
 5267 /*
 5268  * determine if a destination is "reachable" based upon the addresses bound
 5269  * to the current endpoint (e.g. only v4 or v6 currently bound)
 5270  */
 5271 /*
 5272  * FIX: if we allow assoc-level bindx(), then this needs to be fixed to use
 5273  * assoc level v4/v6 flags, as the assoc *may* not have the same address
 5274  * types bound as its endpoint
 5275  */
 5276 int
 5277 sctp_destination_is_reachable(struct sctp_tcb *stcb, struct sockaddr *destaddr)
 5278 {
 5279         struct sctp_inpcb *inp;
 5280         int answer;
 5281 
 5282         /*
 5283          * No locks here, the TCB, in all cases is already locked and an
 5284          * assoc is up. There is either a INP lock by the caller applied (in
 5285          * asconf case when deleting an address) or NOT in the HB case,
 5286          * however if HB then the INP increment is up and the INP will not
 5287          * be removed (on top of the fact that we have a TCB lock). So we
 5288          * only want to read the sctp_flags, which is either bound-all or
 5289          * not.. no protection needed since once an assoc is up you can't be
 5290          * changing your binding.
 5291          */
 5292         inp = stcb->sctp_ep;
 5293         if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
 5294                 /* if bound all, destination is not restricted */
 5295                 /*
 5296                  * RRS: Question during lock work: Is this correct? If you
 5297                  * are bound-all you still might need to obey the V4--V6
 5298                  * flags??? IMO this bound-all stuff needs to be removed!
 5299                  */
 5300                 return (1);
 5301         }
 5302         /* NOTE: all "scope" checks are done when local addresses are added */
 5303         switch (destaddr->sa_family) {
 5304 #ifdef INET6
 5305         case AF_INET6:
 5306                 answer = inp->ip_inp.inp.inp_vflag & INP_IPV6;
 5307                 break;
 5308 #endif
 5309 #ifdef INET
 5310         case AF_INET:
 5311                 answer = inp->ip_inp.inp.inp_vflag & INP_IPV4;
 5312                 break;
 5313 #endif
 5314         default:
 5315                 /* invalid family, so it's unreachable */
 5316                 answer = 0;
 5317                 break;
 5318         }
 5319         return (answer);
 5320 }
 5321 
 5322 /*
 5323  * update the inp_vflags on an endpoint
 5324  */
 5325 static void
 5326 sctp_update_ep_vflag(struct sctp_inpcb *inp)
 5327 {
 5328         struct sctp_laddr *laddr;
 5329 
 5330         /* first clear the flag */
 5331         inp->ip_inp.inp.inp_vflag = 0;
 5332         /* set the flag based on addresses on the ep list */
 5333         LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
 5334                 if (laddr->ifa == NULL) {
 5335                         SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n",
 5336                             __FUNCTION__);
 5337                         continue;
 5338                 }
 5339                 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
 5340                         continue;
 5341                 }
 5342                 switch (laddr->ifa->address.sa.sa_family) {
 5343 #ifdef INET6
 5344                 case AF_INET6:
 5345                         inp->ip_inp.inp.inp_vflag |= INP_IPV6;
 5346                         break;
 5347 #endif
 5348 #ifdef INET
 5349                 case AF_INET:
 5350                         inp->ip_inp.inp.inp_vflag |= INP_IPV4;
 5351                         break;
 5352 #endif
 5353                 default:
 5354                         break;
 5355                 }
 5356         }
 5357 }
 5358 
 5359 /*
 5360  * Add the address to the endpoint local address list There is nothing to be
 5361  * done if we are bound to all addresses
 5362  */
 5363 void
 5364 sctp_add_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa, uint32_t action)
 5365 {
 5366         struct sctp_laddr *laddr;
 5367         int fnd, error = 0;
 5368 
 5369         fnd = 0;
 5370 
 5371         if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
 5372                 /* You are already bound to all. You have it already */
 5373                 return;
 5374         }
 5375 #ifdef INET6
 5376         if (ifa->address.sa.sa_family == AF_INET6) {
 5377                 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
 5378                         /* Can't bind a non-useable addr. */
 5379                         return;
 5380                 }
 5381         }
 5382 #endif
 5383         /* first, is it already present? */
 5384         LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
 5385                 if (laddr->ifa == ifa) {
 5386                         fnd = 1;
 5387                         break;
 5388                 }
 5389         }
 5390 
 5391         if (fnd == 0) {
 5392                 /* Not in the ep list */
 5393                 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, action);
 5394                 if (error != 0)
 5395                         return;
 5396                 inp->laddr_count++;
 5397                 /* update inp_vflag flags */
 5398                 switch (ifa->address.sa.sa_family) {
 5399 #ifdef INET6
 5400                 case AF_INET6:
 5401                         inp->ip_inp.inp.inp_vflag |= INP_IPV6;
 5402                         break;
 5403 #endif
 5404 #ifdef INET
 5405                 case AF_INET:
 5406                         inp->ip_inp.inp.inp_vflag |= INP_IPV4;
 5407                         break;
 5408 #endif
 5409                 default:
 5410                         break;
 5411                 }
 5412         }
 5413         return;
 5414 }
 5415 
 5416 
 5417 /*
 5418  * select a new (hopefully reachable) destination net (should only be used
 5419  * when we deleted an ep addr that is the only usable source address to reach
 5420  * the destination net)
 5421  */
 5422 static void
 5423 sctp_select_primary_destination(struct sctp_tcb *stcb)
 5424 {
 5425         struct sctp_nets *net;
 5426 
 5427         TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
 5428                 /* for now, we'll just pick the first reachable one we find */
 5429                 if (net->dest_state & SCTP_ADDR_UNCONFIRMED)
 5430                         continue;
 5431                 if (sctp_destination_is_reachable(stcb,
 5432                     (struct sockaddr *)&net->ro._l_addr)) {
 5433                         /* found a reachable destination */
 5434                         stcb->asoc.primary_destination = net;
 5435                 }
 5436         }
 5437         /* I can't there from here! ...we're gonna die shortly... */
 5438 }
 5439 
 5440 
 5441 /*
 5442  * Delete the address from the endpoint local address list There is nothing
 5443  * to be done if we are bound to all addresses
 5444  */
 5445 void
 5446 sctp_del_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa)
 5447 {
 5448         struct sctp_laddr *laddr;
 5449         int fnd;
 5450 
 5451         fnd = 0;
 5452         if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
 5453                 /* You are already bound to all. You have it already */
 5454                 return;
 5455         }
 5456         LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
 5457                 if (laddr->ifa == ifa) {
 5458                         fnd = 1;
 5459                         break;
 5460                 }
 5461         }
 5462         if (fnd && (inp->laddr_count < 2)) {
 5463                 /* can't delete unless there are at LEAST 2 addresses */
 5464                 return;
 5465         }
 5466         if (fnd) {
 5467                 /*
 5468                  * clean up any use of this address go through our
 5469                  * associations and clear any last_used_address that match
 5470                  * this one for each assoc, see if a new primary_destination
 5471                  * is needed
 5472                  */
 5473                 struct sctp_tcb *stcb;
 5474 
 5475                 /* clean up "next_addr_touse" */
 5476                 if (inp->next_addr_touse == laddr)
 5477                         /* delete this address */
 5478                         inp->next_addr_touse = NULL;
 5479 
 5480                 /* clean up "last_used_address" */
 5481                 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
 5482                         struct sctp_nets *net;
 5483 
 5484                         SCTP_TCB_LOCK(stcb);
 5485                         if (stcb->asoc.last_used_address == laddr)
 5486                                 /* delete this address */
 5487                                 stcb->asoc.last_used_address = NULL;
 5488                         /*
 5489                          * Now spin through all the nets and purge any ref
 5490                          * to laddr
 5491                          */
 5492                         TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
 5493                                 if (net->ro._s_addr &&
 5494                                     (net->ro._s_addr->ifa == laddr->ifa)) {
 5495                                         /* Yep, purge src address selected */
 5496                                         sctp_rtentry_t *rt;
 5497 
 5498                                         /* delete this address if cached */
 5499                                         rt = net->ro.ro_rt;
 5500                                         if (rt != NULL) {
 5501                                                 RTFREE(rt);
 5502                                                 net->ro.ro_rt = NULL;
 5503                                         }
 5504                                         sctp_free_ifa(net->ro._s_addr);
 5505                                         net->ro._s_addr = NULL;
 5506                                         net->src_addr_selected = 0;
 5507                                 }
 5508                         }
 5509                         SCTP_TCB_UNLOCK(stcb);
 5510                 }               /* for each tcb */
 5511                 /* remove it from the ep list */
 5512                 sctp_remove_laddr(laddr);
 5513                 inp->laddr_count--;
 5514                 /* update inp_vflag flags */
 5515                 sctp_update_ep_vflag(inp);
 5516         }
 5517         return;
 5518 }
 5519 
 5520 /*
 5521  * Add the address to the TCB local address restricted list.
 5522  * This is a "pending" address list (eg. addresses waiting for an
 5523  * ASCONF-ACK response) and cannot be used as a valid source address.
 5524  */
 5525 void
 5526 sctp_add_local_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa)
 5527 {
 5528         struct sctp_laddr *laddr;
 5529         struct sctpladdr *list;
 5530 
 5531         /*
 5532          * Assumes TCB is locked.. and possibly the INP. May need to
 5533          * confirm/fix that if we need it and is not the case.
 5534          */
 5535         list = &stcb->asoc.sctp_restricted_addrs;
 5536 
 5537 #ifdef INET6
 5538         if (ifa->address.sa.sa_family == AF_INET6) {
 5539                 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
 5540                         /* Can't bind a non-existent addr. */
 5541                         return;
 5542                 }
 5543         }
 5544 #endif
 5545         /* does the address already exist? */
 5546         LIST_FOREACH(laddr, list, sctp_nxt_addr) {
 5547                 if (laddr->ifa == ifa) {
 5548                         return;
 5549                 }
 5550         }
 5551 
 5552         /* add to the list */
 5553         (void)sctp_insert_laddr(list, ifa, 0);
 5554         return;
 5555 }
 5556 
 5557 /*
 5558  * insert an laddr entry with the given ifa for the desired list
 5559  */
 5560 int
 5561 sctp_insert_laddr(struct sctpladdr *list, struct sctp_ifa *ifa, uint32_t act)
 5562 {
 5563         struct sctp_laddr *laddr;
 5564 
 5565         laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
 5566         if (laddr == NULL) {
 5567                 /* out of memory? */
 5568                 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
 5569                 return (EINVAL);
 5570         }
 5571         SCTP_INCR_LADDR_COUNT();
 5572         bzero(laddr, sizeof(*laddr));
 5573         (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time);
 5574         laddr->ifa = ifa;
 5575         laddr->action = act;
 5576         atomic_add_int(&ifa->refcount, 1);
 5577         /* insert it */
 5578         LIST_INSERT_HEAD(list, laddr, sctp_nxt_addr);
 5579 
 5580         return (0);
 5581 }
 5582 
 5583 /*
 5584  * Remove an laddr entry from the local address list (on an assoc)
 5585  */
 5586 void
 5587 sctp_remove_laddr(struct sctp_laddr *laddr)
 5588 {
 5589 
 5590         /* remove from the list */
 5591         LIST_REMOVE(laddr, sctp_nxt_addr);
 5592         sctp_free_ifa(laddr->ifa);
 5593         SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), laddr);
 5594         SCTP_DECR_LADDR_COUNT();
 5595 }
 5596 
 5597 /*
 5598  * Remove a local address from the TCB local address restricted list
 5599  */
 5600 void
 5601 sctp_del_local_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa)
 5602 {
 5603         struct sctp_inpcb *inp;
 5604         struct sctp_laddr *laddr;
 5605 
 5606         /*
 5607          * This is called by asconf work. It is assumed that a) The TCB is
 5608          * locked and b) The INP is locked. This is true in as much as I can
 5609          * trace through the entry asconf code where I did these locks.
 5610          * Again, the ASCONF code is a bit different in that it does lock
 5611          * the INP during its work often times. This must be since we don't
 5612          * want other proc's looking up things while what they are looking
 5613          * up is changing :-D
 5614          */
 5615 
 5616         inp = stcb->sctp_ep;
 5617         /* if subset bound and don't allow ASCONF's, can't delete last */
 5618         if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) &&
 5619             sctp_is_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF)) {
 5620                 if (stcb->sctp_ep->laddr_count < 2) {
 5621                         /* can't delete last address */
 5622                         return;
 5623                 }
 5624         }
 5625         LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) {
 5626                 /* remove the address if it exists */
 5627                 if (laddr->ifa == NULL)
 5628                         continue;
 5629                 if (laddr->ifa == ifa) {
 5630                         sctp_remove_laddr(laddr);
 5631                         return;
 5632                 }
 5633         }
 5634 
 5635         /* address not found! */
 5636         return;
 5637 }
 5638 
 5639 /*
 5640  * Temporarily remove for __APPLE__ until we use the Tiger equivalents
 5641  */
 5642 /* sysctl */
 5643 static int sctp_max_number_of_assoc = SCTP_MAX_NUM_OF_ASOC;
 5644 static int sctp_scale_up_for_address = SCTP_SCALE_FOR_ADDR;
 5645 
 5646 
 5647 
 5648 #if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP)
 5649 struct sctp_mcore_ctrl *sctp_mcore_workers = NULL;
 5650 int *sctp_cpuarry = NULL;
 5651 void
 5652 sctp_queue_to_mcore(struct mbuf *m, int off, int cpu_to_use)
 5653 {
 5654         /* Queue a packet to a processor for the specified core */
 5655         struct sctp_mcore_queue *qent;
 5656         struct sctp_mcore_ctrl *wkq;
 5657         int need_wake = 0;
 5658 
 5659         if (sctp_mcore_workers == NULL) {
 5660                 /* Something went way bad during setup */
 5661                 sctp_input_with_port(m, off, 0);
 5662                 return;
 5663         }
 5664         SCTP_MALLOC(qent, struct sctp_mcore_queue *,
 5665             (sizeof(struct sctp_mcore_queue)),
 5666             SCTP_M_MCORE);
 5667         if (qent == NULL) {
 5668                 /* This is trouble  */
 5669                 sctp_input_with_port(m, off, 0);
 5670                 return;
 5671         }
 5672         qent->vn = curvnet;
 5673         qent->m = m;
 5674         qent->off = off;
 5675         qent->v6 = 0;
 5676         wkq = &sctp_mcore_workers[cpu_to_use];
 5677         SCTP_MCORE_QLOCK(wkq);
 5678 
 5679         TAILQ_INSERT_TAIL(&wkq->que, qent, next);
 5680         if (wkq->running == 0) {
 5681                 need_wake = 1;
 5682         }
 5683         SCTP_MCORE_QUNLOCK(wkq);
 5684         if (need_wake) {
 5685                 wakeup(&wkq->running);
 5686         }
 5687 }
 5688 
 5689 static void
 5690 sctp_mcore_thread(void *arg)
 5691 {
 5692 
 5693         struct sctp_mcore_ctrl *wkq;
 5694         struct sctp_mcore_queue *qent;
 5695 
 5696         wkq = (struct sctp_mcore_ctrl *)arg;
 5697         struct mbuf *m;
 5698         int off, v6;
 5699 
 5700         /* Wait for first tickle */
 5701         SCTP_MCORE_LOCK(wkq);
 5702         wkq->running = 0;
 5703         msleep(&wkq->running,
 5704             &wkq->core_mtx,
 5705             0, "wait for pkt", 0);
 5706         SCTP_MCORE_UNLOCK(wkq);
 5707 
 5708         /* Bind to our cpu */
 5709         thread_lock(curthread);
 5710         sched_bind(curthread, wkq->cpuid);
 5711         thread_unlock(curthread);
 5712 
 5713         /* Now lets start working */
 5714         SCTP_MCORE_LOCK(wkq);
 5715         /* Now grab lock and go */
 5716         for (;;) {
 5717                 SCTP_MCORE_QLOCK(wkq);
 5718 skip_sleep:
 5719                 wkq->running = 1;
 5720                 qent = TAILQ_FIRST(&wkq->que);
 5721                 if (qent) {
 5722                         TAILQ_REMOVE(&wkq->que, qent, next);
 5723                         SCTP_MCORE_QUNLOCK(wkq);
 5724                         CURVNET_SET(qent->vn);
 5725                         m = qent->m;
 5726                         off = qent->off;
 5727                         v6 = qent->v6;
 5728                         SCTP_FREE(qent, SCTP_M_MCORE);
 5729                         if (v6 == 0) {
 5730                                 sctp_input_with_port(m, off, 0);
 5731                         } else {
 5732                                 SCTP_PRINTF("V6 not yet supported\n");
 5733                                 sctp_m_freem(m);
 5734                         }
 5735                         CURVNET_RESTORE();
 5736                         SCTP_MCORE_QLOCK(wkq);
 5737                 }
 5738                 wkq->running = 0;
 5739                 if (!TAILQ_EMPTY(&wkq->que)) {
 5740                         goto skip_sleep;
 5741                 }
 5742                 SCTP_MCORE_QUNLOCK(wkq);
 5743                 msleep(&wkq->running,
 5744                     &wkq->core_mtx,
 5745                     0, "wait for pkt", 0);
 5746         }
 5747 }
 5748 
 5749 static void
 5750 sctp_startup_mcore_threads(void)
 5751 {
 5752         int i, cpu;
 5753 
 5754         if (mp_ncpus == 1)
 5755                 return;
 5756 
 5757         if (sctp_mcore_workers != NULL) {
 5758                 /*
 5759                  * Already been here in some previous vnet?
 5760                  */
 5761                 return;
 5762         }
 5763         SCTP_MALLOC(sctp_mcore_workers, struct sctp_mcore_ctrl *,
 5764             ((mp_maxid + 1) * sizeof(struct sctp_mcore_ctrl)),
 5765             SCTP_M_MCORE);
 5766         if (sctp_mcore_workers == NULL) {
 5767                 /* TSNH I hope */
 5768                 return;
 5769         }
 5770         memset(sctp_mcore_workers, 0, ((mp_maxid + 1) *
 5771             sizeof(struct sctp_mcore_ctrl)));
 5772         /* Init the structures */
 5773         for (i = 0; i <= mp_maxid; i++) {
 5774                 TAILQ_INIT(&sctp_mcore_workers[i].que);
 5775                 SCTP_MCORE_LOCK_INIT(&sctp_mcore_workers[i]);
 5776                 SCTP_MCORE_QLOCK_INIT(&sctp_mcore_workers[i]);
 5777                 sctp_mcore_workers[i].cpuid = i;
 5778         }
 5779         if (sctp_cpuarry == NULL) {
 5780                 SCTP_MALLOC(sctp_cpuarry, int *,
 5781                     (mp_ncpus * sizeof(int)),
 5782                     SCTP_M_MCORE);
 5783                 i = 0;
 5784                 CPU_FOREACH(cpu) {
 5785                         sctp_cpuarry[i] = cpu;
 5786                         i++;
 5787                 }
 5788         }
 5789         /* Now start them all */
 5790         CPU_FOREACH(cpu) {
 5791                 (void)kproc_create(sctp_mcore_thread,
 5792                     (void *)&sctp_mcore_workers[cpu],
 5793                     &sctp_mcore_workers[cpu].thread_proc,
 5794                     RFPROC,
 5795                     SCTP_KTHREAD_PAGES,
 5796                     SCTP_MCORE_NAME);
 5797 
 5798         }
 5799 }
 5800 
 5801 #endif
 5802 
 5803 void
 5804 sctp_pcb_init()
 5805 {
 5806         /*
 5807          * SCTP initialization for the PCB structures should be called by
 5808          * the sctp_init() funciton.
 5809          */
 5810         int i;
 5811         struct timeval tv;
 5812 
 5813         if (SCTP_BASE_VAR(sctp_pcb_initialized) != 0) {
 5814                 /* error I was called twice */
 5815                 return;
 5816         }
 5817         SCTP_BASE_VAR(sctp_pcb_initialized) = 1;
 5818 
 5819 #if defined(SCTP_LOCAL_TRACE_BUF)
 5820         bzero(&SCTP_BASE_SYSCTL(sctp_log), sizeof(struct sctp_log));
 5821 #endif
 5822 #if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT)
 5823         SCTP_MALLOC(SCTP_BASE_STATS, struct sctpstat *,
 5824             ((mp_maxid + 1) * sizeof(struct sctpstat)),
 5825             SCTP_M_MCORE);
 5826 #endif
 5827         (void)SCTP_GETTIME_TIMEVAL(&tv);
 5828 #if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT)
 5829         bzero(SCTP_BASE_STATS, (sizeof(struct sctpstat) * (mp_maxid + 1)));
 5830         SCTP_BASE_STATS[PCPU_GET(cpuid)].sctps_discontinuitytime.tv_sec = (uint32_t) tv.tv_sec;
 5831         SCTP_BASE_STATS[PCPU_GET(cpuid)].sctps_discontinuitytime.tv_usec = (uint32_t) tv.tv_usec;
 5832 #else
 5833         bzero(&SCTP_BASE_STATS, sizeof(struct sctpstat));
 5834         SCTP_BASE_STAT(sctps_discontinuitytime).tv_sec = (uint32_t) tv.tv_sec;
 5835         SCTP_BASE_STAT(sctps_discontinuitytime).tv_usec = (uint32_t) tv.tv_usec;
 5836 #endif
 5837         /* init the empty list of (All) Endpoints */
 5838         LIST_INIT(&SCTP_BASE_INFO(listhead));
 5839 
 5840 
 5841         /* init the hash table of endpoints */
 5842         TUNABLE_INT_FETCH("net.inet.sctp.tcbhashsize", &SCTP_BASE_SYSCTL(sctp_hashtblsize));
 5843         TUNABLE_INT_FETCH("net.inet.sctp.pcbhashsize", &SCTP_BASE_SYSCTL(sctp_pcbtblsize));
 5844         TUNABLE_INT_FETCH("net.inet.sctp.chunkscale", &SCTP_BASE_SYSCTL(sctp_chunkscale));
 5845         SCTP_BASE_INFO(sctp_asochash) = SCTP_HASH_INIT((SCTP_BASE_SYSCTL(sctp_hashtblsize) * 31),
 5846             &SCTP_BASE_INFO(hashasocmark));
 5847         SCTP_BASE_INFO(sctp_ephash) = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_hashtblsize),
 5848             &SCTP_BASE_INFO(hashmark));
 5849         SCTP_BASE_INFO(sctp_tcpephash) = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_hashtblsize),
 5850             &SCTP_BASE_INFO(hashtcpmark));
 5851         SCTP_BASE_INFO(hashtblsize) = SCTP_BASE_SYSCTL(sctp_hashtblsize);
 5852 
 5853 
 5854         SCTP_BASE_INFO(sctp_vrfhash) = SCTP_HASH_INIT(SCTP_SIZE_OF_VRF_HASH,
 5855             &SCTP_BASE_INFO(hashvrfmark));
 5856 
 5857         SCTP_BASE_INFO(vrf_ifn_hash) = SCTP_HASH_INIT(SCTP_VRF_IFN_HASH_SIZE,
 5858             &SCTP_BASE_INFO(vrf_ifn_hashmark));
 5859         /* init the zones */
 5860         /*
 5861          * FIX ME: Should check for NULL returns, but if it does fail we are
 5862          * doomed to panic anyways... add later maybe.
 5863          */
 5864         SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_ep), "sctp_ep",
 5865             sizeof(struct sctp_inpcb), maxsockets);
 5866 
 5867         SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asoc), "sctp_asoc",
 5868             sizeof(struct sctp_tcb), sctp_max_number_of_assoc);
 5869 
 5870         SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_laddr), "sctp_laddr",
 5871             sizeof(struct sctp_laddr),
 5872             (sctp_max_number_of_assoc * sctp_scale_up_for_address));
 5873 
 5874         SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_net), "sctp_raddr",
 5875             sizeof(struct sctp_nets),
 5876             (sctp_max_number_of_assoc * sctp_scale_up_for_address));
 5877 
 5878         SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_chunk), "sctp_chunk",
 5879             sizeof(struct sctp_tmit_chunk),
 5880             (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
 5881 
 5882         SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_readq), "sctp_readq",
 5883             sizeof(struct sctp_queued_to_read),
 5884             (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
 5885 
 5886         SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_strmoq), "sctp_stream_msg_out",
 5887             sizeof(struct sctp_stream_queue_pending),
 5888             (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
 5889 
 5890         SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asconf), "sctp_asconf",
 5891             sizeof(struct sctp_asconf),
 5892             (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
 5893 
 5894         SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asconf_ack), "sctp_asconf_ack",
 5895             sizeof(struct sctp_asconf_ack),
 5896             (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
 5897 
 5898 
 5899         /* Master Lock INIT for info structure */
 5900         SCTP_INP_INFO_LOCK_INIT();
 5901         SCTP_STATLOG_INIT_LOCK();
 5902 
 5903         SCTP_IPI_COUNT_INIT();
 5904         SCTP_IPI_ADDR_INIT();
 5905 #ifdef SCTP_PACKET_LOGGING
 5906         SCTP_IP_PKTLOG_INIT();
 5907 #endif
 5908         LIST_INIT(&SCTP_BASE_INFO(addr_wq));
 5909 
 5910         SCTP_WQ_ADDR_INIT();
 5911         /* not sure if we need all the counts */
 5912         SCTP_BASE_INFO(ipi_count_ep) = 0;
 5913         /* assoc/tcb zone info */
 5914         SCTP_BASE_INFO(ipi_count_asoc) = 0;
 5915         /* local addrlist zone info */
 5916         SCTP_BASE_INFO(ipi_count_laddr) = 0;
 5917         /* remote addrlist zone info */
 5918         SCTP_BASE_INFO(ipi_count_raddr) = 0;
 5919         /* chunk info */
 5920         SCTP_BASE_INFO(ipi_count_chunk) = 0;
 5921 
 5922         /* socket queue zone info */
 5923         SCTP_BASE_INFO(ipi_count_readq) = 0;
 5924 
 5925         /* stream out queue cont */
 5926         SCTP_BASE_INFO(ipi_count_strmoq) = 0;
 5927 
 5928         SCTP_BASE_INFO(ipi_free_strmoq) = 0;
 5929         SCTP_BASE_INFO(ipi_free_chunks) = 0;
 5930 
 5931         SCTP_OS_TIMER_INIT(&SCTP_BASE_INFO(addr_wq_timer.timer));
 5932 
 5933         /* Init the TIMEWAIT list */
 5934         for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) {
 5935                 LIST_INIT(&SCTP_BASE_INFO(vtag_timewait)[i]);
 5936         }
 5937 
 5938         sctp_startup_iterator();
 5939 
 5940 #if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP)
 5941         sctp_startup_mcore_threads();
 5942 #endif
 5943 
 5944         /*
 5945          * INIT the default VRF which for BSD is the only one, other O/S's
 5946          * may have more. But initially they must start with one and then
 5947          * add the VRF's as addresses are added.
 5948          */
 5949         sctp_init_vrf_list(SCTP_DEFAULT_VRF);
 5950 }
 5951 
 5952 /*
 5953  * Assumes that the SCTP_BASE_INFO() lock is NOT held.
 5954  */
 5955 void
 5956 sctp_pcb_finish(void)
 5957 {
 5958         struct sctp_vrflist *vrf_bucket;
 5959         struct sctp_vrf *vrf, *nvrf;
 5960         struct sctp_ifn *ifn, *nifn;
 5961         struct sctp_ifa *ifa, *nifa;
 5962         struct sctpvtaghead *chain;
 5963         struct sctp_tagblock *twait_block, *prev_twait_block;
 5964         struct sctp_laddr *wi, *nwi;
 5965         int i;
 5966 
 5967         /*
 5968          * Free BSD the it thread never exits but we do clean up. The only
 5969          * way freebsd reaches here if we have VRF's but we still add the
 5970          * ifdef to make it compile on old versions.
 5971          */
 5972         {
 5973                 struct sctp_iterator *it, *nit;
 5974 
 5975                 SCTP_IPI_ITERATOR_WQ_LOCK();
 5976                 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) {
 5977                         if (it->vn != curvnet) {
 5978                                 continue;
 5979                         }
 5980                         TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr);
 5981                         if (it->function_atend != NULL) {
 5982                                 (*it->function_atend) (it->pointer, it->val);
 5983                         }
 5984                         SCTP_FREE(it, SCTP_M_ITER);
 5985                 }
 5986                 SCTP_IPI_ITERATOR_WQ_UNLOCK();
 5987                 SCTP_ITERATOR_LOCK();
 5988                 if ((sctp_it_ctl.cur_it) &&
 5989                     (sctp_it_ctl.cur_it->vn == curvnet)) {
 5990                         sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_IT;
 5991                 }
 5992                 SCTP_ITERATOR_UNLOCK();
 5993         }
 5994 
 5995         SCTP_OS_TIMER_STOP(&SCTP_BASE_INFO(addr_wq_timer.timer));
 5996         SCTP_WQ_ADDR_LOCK();
 5997         LIST_FOREACH_SAFE(wi, &SCTP_BASE_INFO(addr_wq), sctp_nxt_addr, nwi) {
 5998                 LIST_REMOVE(wi, sctp_nxt_addr);
 5999                 SCTP_DECR_LADDR_COUNT();
 6000                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), wi);
 6001         }
 6002         SCTP_WQ_ADDR_UNLOCK();
 6003 
 6004         /*
 6005          * free the vrf/ifn/ifa lists and hashes (be sure address monitor is
 6006          * destroyed first).
 6007          */
 6008         vrf_bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(SCTP_DEFAULT_VRFID & SCTP_BASE_INFO(hashvrfmark))];
 6009         LIST_FOREACH_SAFE(vrf, vrf_bucket, next_vrf, nvrf) {
 6010                 LIST_FOREACH_SAFE(ifn, &vrf->ifnlist, next_ifn, nifn) {
 6011                         LIST_FOREACH_SAFE(ifa, &ifn->ifalist, next_ifa, nifa) {
 6012                                 /* free the ifa */
 6013                                 LIST_REMOVE(ifa, next_bucket);
 6014                                 LIST_REMOVE(ifa, next_ifa);
 6015                                 SCTP_FREE(ifa, SCTP_M_IFA);
 6016                         }
 6017                         /* free the ifn */
 6018                         LIST_REMOVE(ifn, next_bucket);
 6019                         LIST_REMOVE(ifn, next_ifn);
 6020                         SCTP_FREE(ifn, SCTP_M_IFN);
 6021                 }
 6022                 SCTP_HASH_FREE(vrf->vrf_addr_hash, vrf->vrf_addr_hashmark);
 6023                 /* free the vrf */
 6024                 LIST_REMOVE(vrf, next_vrf);
 6025                 SCTP_FREE(vrf, SCTP_M_VRF);
 6026         }
 6027         /* free the vrf hashes */
 6028         SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_vrfhash), SCTP_BASE_INFO(hashvrfmark));
 6029         SCTP_HASH_FREE(SCTP_BASE_INFO(vrf_ifn_hash), SCTP_BASE_INFO(vrf_ifn_hashmark));
 6030 
 6031         /*
 6032          * free the TIMEWAIT list elements malloc'd in the function
 6033          * sctp_add_vtag_to_timewait()...
 6034          */
 6035         for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) {
 6036                 chain = &SCTP_BASE_INFO(vtag_timewait)[i];
 6037                 if (!LIST_EMPTY(chain)) {
 6038                         prev_twait_block = NULL;
 6039                         LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
 6040                                 if (prev_twait_block) {
 6041                                         SCTP_FREE(prev_twait_block, SCTP_M_TIMW);
 6042                                 }
 6043                                 prev_twait_block = twait_block;
 6044                         }
 6045                         SCTP_FREE(prev_twait_block, SCTP_M_TIMW);
 6046                 }
 6047         }
 6048 
 6049         /* free the locks and mutexes */
 6050 #ifdef SCTP_PACKET_LOGGING
 6051         SCTP_IP_PKTLOG_DESTROY();
 6052 #endif
 6053         SCTP_IPI_ADDR_DESTROY();
 6054         SCTP_STATLOG_DESTROY();
 6055         SCTP_INP_INFO_LOCK_DESTROY();
 6056 
 6057         SCTP_WQ_ADDR_DESTROY();
 6058 
 6059         SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_ep));
 6060         SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asoc));
 6061         SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_laddr));
 6062         SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_net));
 6063         SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_chunk));
 6064         SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_readq));
 6065         SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_strmoq));
 6066         SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf));
 6067         SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf_ack));
 6068         /* Get rid of other stuff to */
 6069         if (SCTP_BASE_INFO(sctp_asochash) != NULL)
 6070                 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_asochash), SCTP_BASE_INFO(hashasocmark));
 6071         if (SCTP_BASE_INFO(sctp_ephash) != NULL)
 6072                 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_ephash), SCTP_BASE_INFO(hashmark));
 6073         if (SCTP_BASE_INFO(sctp_tcpephash) != NULL)
 6074                 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_tcpephash), SCTP_BASE_INFO(hashtcpmark));
 6075 #if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT)
 6076         SCTP_FREE(SCTP_BASE_STATS, SCTP_M_MCORE);
 6077 #endif
 6078 }
 6079 
 6080 
 6081 int
 6082 sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
 6083     int offset, int limit, struct sctphdr *sh,
 6084     struct sockaddr *altsa)
 6085 {
 6086         /*
 6087          * grub through the INIT pulling addresses and loading them to the
 6088          * nets structure in the asoc. The from address in the mbuf should
 6089          * also be loaded (if it is not already). This routine can be called
 6090          * with either INIT or INIT-ACK's as long as the m points to the IP
 6091          * packet and the offset points to the beginning of the parameters.
 6092          */
 6093         struct sctp_inpcb *inp;
 6094         struct sctp_nets *net, *nnet, *net_tmp;
 6095         struct ip *iph;
 6096         struct sctp_paramhdr *phdr, parm_buf;
 6097         struct sctp_tcb *stcb_tmp;
 6098         uint16_t ptype, plen;
 6099         struct sockaddr *sa;
 6100         struct sockaddr_storage dest_store;
 6101         struct sockaddr *local_sa = (struct sockaddr *)&dest_store;
 6102         uint8_t random_store[SCTP_PARAM_BUFFER_SIZE];
 6103         struct sctp_auth_random *p_random = NULL;
 6104         uint16_t random_len = 0;
 6105         uint8_t hmacs_store[SCTP_PARAM_BUFFER_SIZE];
 6106         struct sctp_auth_hmac_algo *hmacs = NULL;
 6107         uint16_t hmacs_len = 0;
 6108         uint8_t saw_asconf = 0;
 6109         uint8_t saw_asconf_ack = 0;
 6110         uint8_t chunks_store[SCTP_PARAM_BUFFER_SIZE];
 6111         struct sctp_auth_chunk_list *chunks = NULL;
 6112         uint16_t num_chunks = 0;
 6113         sctp_key_t *new_key;
 6114         uint32_t keylen;
 6115         int got_random = 0, got_hmacs = 0, got_chklist = 0;
 6116         uint8_t ecn_allowed;
 6117 
 6118 #ifdef INET
 6119         struct sockaddr_in sin;
 6120 
 6121 #endif
 6122 #ifdef INET6
 6123         struct sockaddr_in6 sin6;
 6124 
 6125 #endif
 6126 
 6127         /* First get the destination address setup too. */
 6128 #ifdef INET
 6129         memset(&sin, 0, sizeof(sin));
 6130         sin.sin_family = AF_INET;
 6131         sin.sin_len = sizeof(sin);
 6132         sin.sin_port = stcb->rport;
 6133 #endif
 6134 #ifdef INET6
 6135         memset(&sin6, 0, sizeof(sin6));
 6136         sin6.sin6_family = AF_INET6;
 6137         sin6.sin6_len = sizeof(struct sockaddr_in6);
 6138         sin6.sin6_port = stcb->rport;
 6139 #endif
 6140         iph = mtod(m, struct ip *);
 6141         switch (iph->ip_v) {
 6142 #ifdef INET
 6143         case IPVERSION:
 6144                 {
 6145                         /* its IPv4 */
 6146                         struct sockaddr_in *sin_2;
 6147 
 6148                         sin_2 = (struct sockaddr_in *)(local_sa);
 6149                         memset(sin_2, 0, sizeof(sin));
 6150                         sin_2->sin_family = AF_INET;
 6151                         sin_2->sin_len = sizeof(sin);
 6152                         sin_2->sin_port = sh->dest_port;
 6153                         sin_2->sin_addr.s_addr = iph->ip_dst.s_addr;
 6154                         if (altsa) {
 6155                                 /*
 6156                                  * For cookies we use the src address NOT
 6157                                  * from the packet but from the original
 6158                                  * INIT.
 6159                                  */
 6160                                 sa = altsa;
 6161                         } else {
 6162                                 sin.sin_addr = iph->ip_src;
 6163                                 sa = (struct sockaddr *)&sin;
 6164                         }
 6165                         break;
 6166                 }
 6167 #endif
 6168 #ifdef INET6
 6169         case IPV6_VERSION >> 4:
 6170                 {
 6171                         /* its IPv6 */
 6172                         struct ip6_hdr *ip6;
 6173                         struct sockaddr_in6 *sin6_2;
 6174 
 6175                         ip6 = mtod(m, struct ip6_hdr *);
 6176                         sin6_2 = (struct sockaddr_in6 *)(local_sa);
 6177                         memset(sin6_2, 0, sizeof(sin6));
 6178                         sin6_2->sin6_family = AF_INET6;
 6179                         sin6_2->sin6_len = sizeof(struct sockaddr_in6);
 6180                         sin6_2->sin6_port = sh->dest_port;
 6181                         sin6_2->sin6_addr = ip6->ip6_dst;
 6182                         if (altsa) {
 6183                                 /*
 6184                                  * For cookies we use the src address NOT
 6185                                  * from the packet but from the original
 6186                                  * INIT.
 6187                                  */
 6188                                 sa = altsa;
 6189                         } else {
 6190                                 sin6.sin6_addr = ip6->ip6_src;
 6191                                 sa = (struct sockaddr *)&sin6;
 6192                         }
 6193                         break;
 6194                 }
 6195 #endif
 6196         default:
 6197                 return (-1);
 6198                 break;
 6199         }
 6200         /* Turn off ECN until we get through all params */
 6201         ecn_allowed = 0;
 6202         TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
 6203                 /* mark all addresses that we have currently on the list */
 6204                 net->dest_state |= SCTP_ADDR_NOT_IN_ASSOC;
 6205         }
 6206         /* does the source address already exist? if so skip it */
 6207         inp = stcb->sctp_ep;
 6208         atomic_add_int(&stcb->asoc.refcnt, 1);
 6209         stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net_tmp, local_sa, stcb);
 6210         atomic_add_int(&stcb->asoc.refcnt, -1);
 6211 
 6212         if ((stcb_tmp == NULL && inp == stcb->sctp_ep) || inp == NULL) {
 6213                 /* we must add the source address */
 6214                 /* no scope set here since we have a tcb already. */
 6215                 switch (sa->sa_family) {
 6216 #ifdef INET
 6217                 case AF_INET:
 6218                         if (stcb->asoc.ipv4_addr_legal) {
 6219                                 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_2)) {
 6220                                         return (-1);
 6221                                 }
 6222                         }
 6223                         break;
 6224 #endif
 6225 #ifdef INET6
 6226                 case AF_INET6:
 6227                         if (stcb->asoc.ipv6_addr_legal) {
 6228                                 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_3)) {
 6229                                         return (-2);
 6230                                 }
 6231                         }
 6232                         break;
 6233 #endif
 6234                 default:
 6235                         break;
 6236                 }
 6237         } else {
 6238                 if (net_tmp != NULL && stcb_tmp == stcb) {
 6239                         net_tmp->dest_state &= ~SCTP_ADDR_NOT_IN_ASSOC;
 6240                 } else if (stcb_tmp != stcb) {
 6241                         /* It belongs to another association? */
 6242                         if (stcb_tmp)
 6243                                 SCTP_TCB_UNLOCK(stcb_tmp);
 6244                         return (-3);
 6245                 }
 6246         }
 6247         if (stcb->asoc.state == 0) {
 6248                 /* the assoc was freed? */
 6249                 return (-4);
 6250         }
 6251         /*
 6252          * peer must explicitly turn this on. This may have been initialized
 6253          * to be "on" in order to allow local addr changes while INIT's are
 6254          * in flight.
 6255          */
 6256         stcb->asoc.peer_supports_asconf = 0;
 6257         /* now we must go through each of the params. */
 6258         phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf));
 6259         while (phdr) {
 6260                 ptype = ntohs(phdr->param_type);
 6261                 plen = ntohs(phdr->param_length);
 6262                 /*
 6263                  * SCTP_PRINTF("ptype => %0x, plen => %d\n",
 6264                  * (uint32_t)ptype, (int)plen);
 6265                  */
 6266                 if (offset + plen > limit) {
 6267                         break;
 6268                 }
 6269                 if (plen == 0) {
 6270                         break;
 6271                 }
 6272 #ifdef INET
 6273                 if (ptype == SCTP_IPV4_ADDRESS) {
 6274                         if (stcb->asoc.ipv4_addr_legal) {
 6275                                 struct sctp_ipv4addr_param *p4, p4_buf;
 6276 
 6277                                 /* ok get the v4 address and check/add */
 6278                                 phdr = sctp_get_next_param(m, offset,
 6279                                     (struct sctp_paramhdr *)&p4_buf,
 6280                                     sizeof(p4_buf));
 6281                                 if (plen != sizeof(struct sctp_ipv4addr_param) ||
 6282                                     phdr == NULL) {
 6283                                         return (-5);
 6284                                 }
 6285                                 p4 = (struct sctp_ipv4addr_param *)phdr;
 6286                                 sin.sin_addr.s_addr = p4->addr;
 6287                                 if (IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) {
 6288                                         /* Skip multi-cast addresses */
 6289                                         goto next_param;
 6290                                 }
 6291                                 if ((sin.sin_addr.s_addr == INADDR_BROADCAST) ||
 6292                                     (sin.sin_addr.s_addr == INADDR_ANY)) {
 6293                                         goto next_param;
 6294                                 }
 6295                                 sa = (struct sockaddr *)&sin;
 6296                                 inp = stcb->sctp_ep;
 6297                                 atomic_add_int(&stcb->asoc.refcnt, 1);
 6298                                 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net,
 6299                                     local_sa, stcb);
 6300                                 atomic_add_int(&stcb->asoc.refcnt, -1);
 6301 
 6302                                 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) ||
 6303                                     inp == NULL) {
 6304                                         /* we must add the source address */
 6305                                         /*
 6306                                          * no scope set since we have a tcb
 6307                                          * already
 6308                                          */
 6309 
 6310                                         /*
 6311                                          * we must validate the state again
 6312                                          * here
 6313                                          */
 6314                         add_it_now:
 6315                                         if (stcb->asoc.state == 0) {
 6316                                                 /* the assoc was freed? */
 6317                                                 return (-7);
 6318                                         }
 6319                                         if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_4)) {
 6320                                                 return (-8);
 6321                                         }
 6322                                 } else if (stcb_tmp == stcb) {
 6323                                         if (stcb->asoc.state == 0) {
 6324                                                 /* the assoc was freed? */
 6325                                                 return (-10);
 6326                                         }
 6327                                         if (net != NULL) {
 6328                                                 /* clear flag */
 6329                                                 net->dest_state &=
 6330                                                     ~SCTP_ADDR_NOT_IN_ASSOC;
 6331                                         }
 6332                                 } else {
 6333                                         /*
 6334                                          * strange, address is in another
 6335                                          * assoc? straighten out locks.
 6336                                          */
 6337                                         if (stcb_tmp) {
 6338                                                 if (SCTP_GET_STATE(&stcb_tmp->asoc) & SCTP_STATE_COOKIE_WAIT) {
 6339                                                         /*
 6340                                                          * in setup state we
 6341                                                          * abort this guy
 6342                                                          */
 6343                                                         sctp_abort_an_association(stcb_tmp->sctp_ep,
 6344                                                             stcb_tmp, NULL, SCTP_SO_NOT_LOCKED);
 6345                                                         goto add_it_now;
 6346                                                 }
 6347                                                 SCTP_TCB_UNLOCK(stcb_tmp);
 6348                                         }
 6349                                         if (stcb->asoc.state == 0) {
 6350                                                 /* the assoc was freed? */
 6351                                                 return (-12);
 6352                                         }
 6353                                         return (-13);
 6354                                 }
 6355                         }
 6356                 } else
 6357 #endif
 6358 #ifdef INET6
 6359                 if (ptype == SCTP_IPV6_ADDRESS) {
 6360                         if (stcb->asoc.ipv6_addr_legal) {
 6361                                 /* ok get the v6 address and check/add */
 6362                                 struct sctp_ipv6addr_param *p6, p6_buf;
 6363 
 6364                                 phdr = sctp_get_next_param(m, offset,
 6365                                     (struct sctp_paramhdr *)&p6_buf,
 6366                                     sizeof(p6_buf));
 6367                                 if (plen != sizeof(struct sctp_ipv6addr_param) ||
 6368                                     phdr == NULL) {
 6369                                         return (-14);
 6370                                 }
 6371                                 p6 = (struct sctp_ipv6addr_param *)phdr;
 6372                                 memcpy((caddr_t)&sin6.sin6_addr, p6->addr,
 6373                                     sizeof(p6->addr));
 6374                                 if (IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) {
 6375                                         /* Skip multi-cast addresses */
 6376                                         goto next_param;
 6377                                 }
 6378                                 if (IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) {
 6379                                         /*
 6380                                          * Link local make no sense without
 6381                                          * scope
 6382                                          */
 6383                                         goto next_param;
 6384                                 }
 6385                                 sa = (struct sockaddr *)&sin6;
 6386                                 inp = stcb->sctp_ep;
 6387                                 atomic_add_int(&stcb->asoc.refcnt, 1);
 6388                                 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net,
 6389                                     local_sa, stcb);
 6390                                 atomic_add_int(&stcb->asoc.refcnt, -1);
 6391                                 if (stcb_tmp == NULL &&
 6392                                     (inp == stcb->sctp_ep || inp == NULL)) {
 6393                                         /*
 6394                                          * we must validate the state again
 6395                                          * here
 6396                                          */
 6397                         add_it_now6:
 6398                                         if (stcb->asoc.state == 0) {
 6399                                                 /* the assoc was freed? */
 6400                                                 return (-16);
 6401                                         }
 6402                                         /*
 6403                                          * we must add the address, no scope
 6404                                          * set
 6405                                          */
 6406                                         if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_5)) {
 6407                                                 return (-17);
 6408                                         }
 6409                                 } else if (stcb_tmp == stcb) {
 6410                                         /*
 6411                                          * we must validate the state again
 6412                                          * here
 6413                                          */
 6414                                         if (stcb->asoc.state == 0) {
 6415                                                 /* the assoc was freed? */
 6416                                                 return (-19);
 6417                                         }
 6418                                         if (net != NULL) {
 6419                                                 /* clear flag */
 6420                                                 net->dest_state &=
 6421                                                     ~SCTP_ADDR_NOT_IN_ASSOC;
 6422                                         }
 6423                                 } else {
 6424                                         /*
 6425                                          * strange, address is in another
 6426                                          * assoc? straighten out locks.
 6427                                          */
 6428                                         if (stcb_tmp)
 6429                                                 if (SCTP_GET_STATE(&stcb_tmp->asoc) & SCTP_STATE_COOKIE_WAIT) {
 6430                                                         /*
 6431                                                          * in setup state we
 6432                                                          * abort this guy
 6433                                                          */
 6434                                                         sctp_abort_an_association(stcb_tmp->sctp_ep,
 6435                                                             stcb_tmp, NULL, SCTP_SO_NOT_LOCKED);
 6436                                                         goto add_it_now6;
 6437                                                 }
 6438                                         SCTP_TCB_UNLOCK(stcb_tmp);
 6439 
 6440                                         if (stcb->asoc.state == 0) {
 6441                                                 /* the assoc was freed? */
 6442                                                 return (-21);
 6443                                         }
 6444                                         return (-22);
 6445                                 }
 6446                         }
 6447                 } else
 6448 #endif
 6449                 if (ptype == SCTP_ECN_CAPABLE) {
 6450                         ecn_allowed = 1;
 6451                 } else if (ptype == SCTP_ULP_ADAPTATION) {
 6452                         if (stcb->asoc.state != SCTP_STATE_OPEN) {
 6453                                 struct sctp_adaptation_layer_indication ai,
 6454                                                                 *aip;
 6455 
 6456                                 phdr = sctp_get_next_param(m, offset,
 6457                                     (struct sctp_paramhdr *)&ai, sizeof(ai));
 6458                                 aip = (struct sctp_adaptation_layer_indication *)phdr;
 6459                                 if (aip) {
 6460                                         stcb->asoc.peers_adaptation = ntohl(aip->indication);
 6461                                         stcb->asoc.adaptation_needed = 1;
 6462                                 }
 6463                         }
 6464                 } else if (ptype == SCTP_SET_PRIM_ADDR) {
 6465                         struct sctp_asconf_addr_param lstore, *fee;
 6466                         int lptype;
 6467                         struct sockaddr *lsa = NULL;
 6468 
 6469 #ifdef INET
 6470                         struct sctp_asconf_addrv4_param *fii;
 6471 
 6472 #endif
 6473 
 6474                         stcb->asoc.peer_supports_asconf = 1;
 6475                         if (plen > sizeof(lstore)) {
 6476                                 return (-23);
 6477                         }
 6478                         phdr = sctp_get_next_param(m, offset,
 6479                             (struct sctp_paramhdr *)&lstore,
 6480                             min(plen, sizeof(lstore)));
 6481                         if (phdr == NULL) {
 6482                                 return (-24);
 6483                         }
 6484                         fee = (struct sctp_asconf_addr_param *)phdr;
 6485                         lptype = ntohs(fee->addrp.ph.param_type);
 6486                         switch (lptype) {
 6487 #ifdef INET
 6488                         case SCTP_IPV4_ADDRESS:
 6489                                 if (plen !=
 6490                                     sizeof(struct sctp_asconf_addrv4_param)) {
 6491                                         SCTP_PRINTF("Sizeof setprim in init/init ack not %d but %d - ignored\n",
 6492                                             (int)sizeof(struct sctp_asconf_addrv4_param),
 6493                                             plen);
 6494                                 } else {
 6495                                         fii = (struct sctp_asconf_addrv4_param *)fee;
 6496                                         sin.sin_addr.s_addr = fii->addrp.addr;
 6497                                         lsa = (struct sockaddr *)&sin;
 6498                                 }
 6499                                 break;
 6500 #endif
 6501 #ifdef INET6
 6502                         case SCTP_IPV6_ADDRESS:
 6503                                 if (plen !=
 6504                                     sizeof(struct sctp_asconf_addr_param)) {
 6505                                         SCTP_PRINTF("Sizeof setprim (v6) in init/init ack not %d but %d - ignored\n",
 6506                                             (int)sizeof(struct sctp_asconf_addr_param),
 6507                                             plen);
 6508                                 } else {
 6509                                         memcpy(sin6.sin6_addr.s6_addr,
 6510                                             fee->addrp.addr,
 6511                                             sizeof(fee->addrp.addr));
 6512                                         lsa = (struct sockaddr *)&sin6;
 6513                                 }
 6514                                 break;
 6515 #endif
 6516                         default:
 6517                                 break;
 6518                         }
 6519                         if (lsa) {
 6520                                 (void)sctp_set_primary_addr(stcb, sa, NULL);
 6521                         }
 6522                 } else if (ptype == SCTP_HAS_NAT_SUPPORT) {
 6523                         stcb->asoc.peer_supports_nat = 1;
 6524                 } else if (ptype == SCTP_PRSCTP_SUPPORTED) {
 6525                         /* Peer supports pr-sctp */
 6526                         stcb->asoc.peer_supports_prsctp = 1;
 6527                 } else if (ptype == SCTP_SUPPORTED_CHUNK_EXT) {
 6528                         /* A supported extension chunk */
 6529                         struct sctp_supported_chunk_types_param *pr_supported;
 6530                         uint8_t local_store[SCTP_PARAM_BUFFER_SIZE];
 6531                         int num_ent, i;
 6532 
 6533                         phdr = sctp_get_next_param(m, offset,
 6534                             (struct sctp_paramhdr *)&local_store, min(sizeof(local_store), plen));
 6535                         if (phdr == NULL) {
 6536                                 return (-25);
 6537                         }
 6538                         stcb->asoc.peer_supports_asconf = 0;
 6539                         stcb->asoc.peer_supports_prsctp = 0;
 6540                         stcb->asoc.peer_supports_pktdrop = 0;
 6541                         stcb->asoc.peer_supports_strreset = 0;
 6542                         stcb->asoc.peer_supports_nr_sack = 0;
 6543                         stcb->asoc.peer_supports_auth = 0;
 6544                         pr_supported = (struct sctp_supported_chunk_types_param *)phdr;
 6545                         num_ent = plen - sizeof(struct sctp_paramhdr);
 6546                         for (i = 0; i < num_ent; i++) {
 6547                                 switch (pr_supported->chunk_types[i]) {
 6548                                 case SCTP_ASCONF:
 6549                                 case SCTP_ASCONF_ACK:
 6550                                         stcb->asoc.peer_supports_asconf = 1;
 6551                                         break;
 6552                                 case SCTP_FORWARD_CUM_TSN:
 6553                                         stcb->asoc.peer_supports_prsctp = 1;
 6554                                         break;
 6555                                 case SCTP_PACKET_DROPPED:
 6556                                         stcb->asoc.peer_supports_pktdrop = 1;
 6557                                         break;
 6558                                 case SCTP_NR_SELECTIVE_ACK:
 6559                                         stcb->asoc.peer_supports_nr_sack = 1;
 6560                                         break;
 6561                                 case SCTP_STREAM_RESET:
 6562                                         stcb->asoc.peer_supports_strreset = 1;
 6563                                         break;
 6564                                 case SCTP_AUTHENTICATION:
 6565                                         stcb->asoc.peer_supports_auth = 1;
 6566                                         break;
 6567                                 default:
 6568                                         /* one I have not learned yet */
 6569                                         break;
 6570 
 6571                                 }
 6572                         }
 6573                 } else if (ptype == SCTP_RANDOM) {
 6574                         if (plen > sizeof(random_store))
 6575                                 break;
 6576                         if (got_random) {
 6577                                 /* already processed a RANDOM */
 6578                                 goto next_param;
 6579                         }
 6580                         phdr = sctp_get_next_param(m, offset,
 6581                             (struct sctp_paramhdr *)random_store,
 6582                             min(sizeof(random_store), plen));
 6583                         if (phdr == NULL)
 6584                                 return (-26);
 6585                         p_random = (struct sctp_auth_random *)phdr;
 6586                         random_len = plen - sizeof(*p_random);
 6587                         /* enforce the random length */
 6588                         if (random_len != SCTP_AUTH_RANDOM_SIZE_REQUIRED) {
 6589                                 SCTPDBG(SCTP_DEBUG_AUTH1, "SCTP: invalid RANDOM len\n");
 6590                                 return (-27);
 6591                         }
 6592                         got_random = 1;
 6593                 } else if (ptype == SCTP_HMAC_LIST) {
 6594                         int num_hmacs;
 6595                         int i;
 6596 
 6597                         if (plen > sizeof(hmacs_store))
 6598                                 break;
 6599                         if (got_hmacs) {
 6600                                 /* already processed a HMAC list */
 6601                                 goto next_param;
 6602                         }
 6603                         phdr = sctp_get_next_param(m, offset,
 6604                             (struct sctp_paramhdr *)hmacs_store,
 6605                             min(plen, sizeof(hmacs_store)));
 6606                         if (phdr == NULL)
 6607                                 return (-28);
 6608                         hmacs = (struct sctp_auth_hmac_algo *)phdr;
 6609                         hmacs_len = plen - sizeof(*hmacs);
 6610                         num_hmacs = hmacs_len / sizeof(hmacs->hmac_ids[0]);
 6611                         /* validate the hmac list */
 6612                         if (sctp_verify_hmac_param(hmacs, num_hmacs)) {
 6613                                 return (-29);
 6614                         }
 6615                         if (stcb->asoc.peer_hmacs != NULL)
 6616                                 sctp_free_hmaclist(stcb->asoc.peer_hmacs);
 6617                         stcb->asoc.peer_hmacs = sctp_alloc_hmaclist(num_hmacs);
 6618                         if (stcb->asoc.peer_hmacs != NULL) {
 6619                                 for (i = 0; i < num_hmacs; i++) {
 6620                                         (void)sctp_auth_add_hmacid(stcb->asoc.peer_hmacs,
 6621                                             ntohs(hmacs->hmac_ids[i]));
 6622                                 }
 6623                         }
 6624                         got_hmacs = 1;
 6625                 } else if (ptype == SCTP_CHUNK_LIST) {
 6626                         int i;
 6627 
 6628                         if (plen > sizeof(chunks_store))
 6629                                 break;
 6630                         if (got_chklist) {
 6631                                 /* already processed a Chunks list */
 6632                                 goto next_param;
 6633                         }
 6634                         phdr = sctp_get_next_param(m, offset,
 6635                             (struct sctp_paramhdr *)chunks_store,
 6636                             min(plen, sizeof(chunks_store)));
 6637                         if (phdr == NULL)
 6638                                 return (-30);
 6639                         chunks = (struct sctp_auth_chunk_list *)phdr;
 6640                         num_chunks = plen - sizeof(*chunks);
 6641                         if (stcb->asoc.peer_auth_chunks != NULL)
 6642                                 sctp_clear_chunklist(stcb->asoc.peer_auth_chunks);
 6643                         else
 6644                                 stcb->asoc.peer_auth_chunks = sctp_alloc_chunklist();
 6645                         for (i = 0; i < num_chunks; i++) {
 6646                                 (void)sctp_auth_add_chunk(chunks->chunk_types[i],
 6647                                     stcb->asoc.peer_auth_chunks);
 6648                                 /* record asconf/asconf-ack if listed */
 6649                                 if (chunks->chunk_types[i] == SCTP_ASCONF)
 6650                                         saw_asconf = 1;
 6651                                 if (chunks->chunk_types[i] == SCTP_ASCONF_ACK)
 6652                                         saw_asconf_ack = 1;
 6653 
 6654                         }
 6655                         got_chklist = 1;
 6656                 } else if ((ptype == SCTP_HEARTBEAT_INFO) ||
 6657                             (ptype == SCTP_STATE_COOKIE) ||
 6658                             (ptype == SCTP_UNRECOG_PARAM) ||
 6659                             (ptype == SCTP_COOKIE_PRESERVE) ||
 6660                             (ptype == SCTP_SUPPORTED_ADDRTYPE) ||
 6661                             (ptype == SCTP_ADD_IP_ADDRESS) ||
 6662                             (ptype == SCTP_DEL_IP_ADDRESS) ||
 6663                             (ptype == SCTP_ERROR_CAUSE_IND) ||
 6664                     (ptype == SCTP_SUCCESS_REPORT)) {
 6665                          /* don't care */ ;
 6666                 } else {
 6667                         if ((ptype & 0x8000) == 0x0000) {
 6668                                 /*
 6669                                  * must stop processing the rest of the
 6670                                  * param's. Any report bits were handled
 6671                                  * with the call to
 6672                                  * sctp_arethere_unrecognized_parameters()
 6673                                  * when the INIT or INIT-ACK was first seen.
 6674                                  */
 6675                                 break;
 6676                         }
 6677                 }
 6678 
 6679 next_param:
 6680                 offset += SCTP_SIZE32(plen);
 6681                 if (offset >= limit) {
 6682                         break;
 6683                 }
 6684                 phdr = sctp_get_next_param(m, offset, &parm_buf,
 6685                     sizeof(parm_buf));
 6686         }
 6687         /* Now check to see if we need to purge any addresses */
 6688         TAILQ_FOREACH_SAFE(net, &stcb->asoc.nets, sctp_next, nnet) {
 6689                 if ((net->dest_state & SCTP_ADDR_NOT_IN_ASSOC) ==
 6690                     SCTP_ADDR_NOT_IN_ASSOC) {
 6691                         /* This address has been removed from the asoc */
 6692                         /* remove and free it */
 6693                         stcb->asoc.numnets--;
 6694                         TAILQ_REMOVE(&stcb->asoc.nets, net, sctp_next);
 6695                         sctp_free_remote_addr(net);
 6696                         if (net == stcb->asoc.primary_destination) {
 6697                                 stcb->asoc.primary_destination = NULL;
 6698                                 sctp_select_primary_destination(stcb);
 6699                         }
 6700                 }
 6701         }
 6702         if (ecn_allowed == 0) {
 6703                 stcb->asoc.ecn_allowed = 0;
 6704         }
 6705         /* validate authentication required parameters */
 6706         if (got_random && got_hmacs) {
 6707                 stcb->asoc.peer_supports_auth = 1;
 6708         } else {
 6709                 stcb->asoc.peer_supports_auth = 0;
 6710         }
 6711         if (!stcb->asoc.peer_supports_auth && got_chklist) {
 6712                 /* peer does not support auth but sent a chunks list? */
 6713                 return (-31);
 6714         }
 6715         if (!SCTP_BASE_SYSCTL(sctp_asconf_auth_nochk) && stcb->asoc.peer_supports_asconf &&
 6716             !stcb->asoc.peer_supports_auth) {
 6717                 /* peer supports asconf but not auth? */
 6718                 return (-32);
 6719         } else if ((stcb->asoc.peer_supports_asconf) && (stcb->asoc.peer_supports_auth) &&
 6720             ((saw_asconf == 0) || (saw_asconf_ack == 0))) {
 6721                 return (-33);
 6722         }
 6723         /* concatenate the full random key */
 6724         keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len;
 6725         if (chunks != NULL) {
 6726                 keylen += sizeof(*chunks) + num_chunks;
 6727         }
 6728         new_key = sctp_alloc_key(keylen);
 6729         if (new_key != NULL) {
 6730                 /* copy in the RANDOM */
 6731                 if (p_random != NULL) {
 6732                         keylen = sizeof(*p_random) + random_len;
 6733                         bcopy(p_random, new_key->key, keylen);
 6734                 }
 6735                 /* append in the AUTH chunks */
 6736                 if (chunks != NULL) {
 6737                         bcopy(chunks, new_key->key + keylen,
 6738                             sizeof(*chunks) + num_chunks);
 6739                         keylen += sizeof(*chunks) + num_chunks;
 6740                 }
 6741                 /* append in the HMACs */
 6742                 if (hmacs != NULL) {
 6743                         bcopy(hmacs, new_key->key + keylen,
 6744                             sizeof(*hmacs) + hmacs_len);
 6745                 }
 6746         } else {
 6747                 /* failed to get memory for the key */
 6748                 return (-34);
 6749         }
 6750         if (stcb->asoc.authinfo.peer_random != NULL)
 6751                 sctp_free_key(stcb->asoc.authinfo.peer_random);
 6752         stcb->asoc.authinfo.peer_random = new_key;
 6753         sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid);
 6754         sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid);
 6755 
 6756         return (0);
 6757 }
 6758 
 6759 int
 6760 sctp_set_primary_addr(struct sctp_tcb *stcb, struct sockaddr *sa,
 6761     struct sctp_nets *net)
 6762 {
 6763         /* make sure the requested primary address exists in the assoc */
 6764         if (net == NULL && sa)
 6765                 net = sctp_findnet(stcb, sa);
 6766 
 6767         if (net == NULL) {
 6768                 /* didn't find the requested primary address! */
 6769                 return (-1);
 6770         } else {
 6771                 /* set the primary address */
 6772                 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
 6773                         /* Must be confirmed, so queue to set */
 6774                         net->dest_state |= SCTP_ADDR_REQ_PRIMARY;
 6775                         return (0);
 6776                 }
 6777                 stcb->asoc.primary_destination = net;
 6778                 if (!(net->dest_state & SCTP_ADDR_PF) && (stcb->asoc.alternate)) {
 6779                         sctp_free_remote_addr(stcb->asoc.alternate);
 6780                         stcb->asoc.alternate = NULL;
 6781                 }
 6782                 net = TAILQ_FIRST(&stcb->asoc.nets);
 6783                 if (net != stcb->asoc.primary_destination) {
 6784                         /*
 6785                          * first one on the list is NOT the primary
 6786                          * sctp_cmpaddr() is much more efficient if the
 6787                          * primary is the first on the list, make it so.
 6788                          */
 6789                         TAILQ_REMOVE(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
 6790                         TAILQ_INSERT_HEAD(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
 6791                 }
 6792                 return (0);
 6793         }
 6794 }
 6795 
 6796 int
 6797 sctp_is_vtag_good(uint32_t tag, uint16_t lport, uint16_t rport, struct timeval *now)
 6798 {
 6799         /*
 6800          * This function serves two purposes. It will see if a TAG can be
 6801          * re-used and return 1 for yes it is ok and 0 for don't use that
 6802          * tag. A secondary function it will do is purge out old tags that
 6803          * can be removed.
 6804          */
 6805         struct sctpvtaghead *chain;
 6806         struct sctp_tagblock *twait_block;
 6807         struct sctpasochead *head;
 6808         struct sctp_tcb *stcb;
 6809         int i;
 6810 
 6811         SCTP_INP_INFO_RLOCK();
 6812         head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(tag,
 6813             SCTP_BASE_INFO(hashasocmark))];
 6814         if (head == NULL) {
 6815                 /* invalid vtag */
 6816                 goto skip_vtag_check;
 6817         }
 6818         LIST_FOREACH(stcb, head, sctp_asocs) {
 6819                 /*
 6820                  * We choose not to lock anything here. TCB's can't be
 6821                  * removed since we have the read lock, so they can't be
 6822                  * freed on us, same thing for the INP. I may be wrong with
 6823                  * this assumption, but we will go with it for now :-)
 6824                  */
 6825                 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
 6826                         continue;
 6827                 }
 6828                 if (stcb->asoc.my_vtag == tag) {
 6829                         /* candidate */
 6830                         if (stcb->rport != rport) {
 6831                                 continue;
 6832                         }
 6833                         if (stcb->sctp_ep->sctp_lport != lport) {
 6834                                 continue;
 6835                         }
 6836                         /* Its a used tag set */
 6837                         SCTP_INP_INFO_RUNLOCK();
 6838                         return (0);
 6839                 }
 6840         }
 6841 skip_vtag_check:
 6842 
 6843         chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
 6844         /* Now what about timed wait ? */
 6845         if (!LIST_EMPTY(chain)) {
 6846                 /*
 6847                  * Block(s) are present, lets see if we have this tag in the
 6848                  * list
 6849                  */
 6850                 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
 6851                         for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
 6852                                 if (twait_block->vtag_block[i].v_tag == 0) {
 6853                                         /* not used */
 6854                                         continue;
 6855                                 } else if ((long)twait_block->vtag_block[i].tv_sec_at_expire <
 6856                                     now->tv_sec) {
 6857                                         /* Audit expires this guy */
 6858                                         twait_block->vtag_block[i].tv_sec_at_expire = 0;
 6859                                         twait_block->vtag_block[i].v_tag = 0;
 6860                                         twait_block->vtag_block[i].lport = 0;
 6861                                         twait_block->vtag_block[i].rport = 0;
 6862                                 } else if ((twait_block->vtag_block[i].v_tag == tag) &&
 6863                                             (twait_block->vtag_block[i].lport == lport) &&
 6864                                     (twait_block->vtag_block[i].rport == rport)) {
 6865                                         /* Bad tag, sorry :< */
 6866                                         SCTP_INP_INFO_RUNLOCK();
 6867                                         return (0);
 6868                                 }
 6869                         }
 6870                 }
 6871         }
 6872         SCTP_INP_INFO_RUNLOCK();
 6873         return (1);
 6874 }
 6875 
 6876 static void
 6877 sctp_drain_mbufs(struct sctp_tcb *stcb)
 6878 {
 6879         /*
 6880          * We must hunt this association for MBUF's past the cumack (i.e.
 6881          * out of order data that we can renege on).
 6882          */
 6883         struct sctp_association *asoc;
 6884         struct sctp_tmit_chunk *chk, *nchk;
 6885         uint32_t cumulative_tsn_p1;
 6886         struct sctp_queued_to_read *ctl, *nctl;
 6887         int cnt, strmat;
 6888         uint32_t gap, i;
 6889         int fnd = 0;
 6890 
 6891         /* We look for anything larger than the cum-ack + 1 */
 6892 
 6893         asoc = &stcb->asoc;
 6894         if (asoc->cumulative_tsn == asoc->highest_tsn_inside_map) {
 6895                 /* none we can reneg on. */
 6896                 return;
 6897         }
 6898         SCTP_STAT_INCR(sctps_protocol_drains_done);
 6899         cumulative_tsn_p1 = asoc->cumulative_tsn + 1;
 6900         cnt = 0;
 6901         /* First look in the re-assembly queue */
 6902         TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
 6903                 if (SCTP_TSN_GT(chk->rec.data.TSN_seq, cumulative_tsn_p1)) {
 6904                         /* Yep it is above cum-ack */
 6905                         cnt++;
 6906                         SCTP_CALC_TSN_TO_GAP(gap, chk->rec.data.TSN_seq, asoc->mapping_array_base_tsn);
 6907                         asoc->size_on_reasm_queue = sctp_sbspace_sub(asoc->size_on_reasm_queue, chk->send_size);
 6908                         sctp_ucount_decr(asoc->cnt_on_reasm_queue);
 6909                         SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
 6910                         TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
 6911                         if (chk->data) {
 6912                                 sctp_m_freem(chk->data);
 6913                                 chk->data = NULL;
 6914                         }
 6915                         sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
 6916                 }
 6917         }
 6918         /* Ok that was fun, now we will drain all the inbound streams? */
 6919         for (strmat = 0; strmat < asoc->streamincnt; strmat++) {
 6920                 TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[strmat].inqueue, next, nctl) {
 6921                         if (SCTP_TSN_GT(ctl->sinfo_tsn, cumulative_tsn_p1)) {
 6922                                 /* Yep it is above cum-ack */
 6923                                 cnt++;
 6924                                 SCTP_CALC_TSN_TO_GAP(gap, ctl->sinfo_tsn, asoc->mapping_array_base_tsn);
 6925                                 asoc->size_on_all_streams = sctp_sbspace_sub(asoc->size_on_all_streams, ctl->length);
 6926                                 sctp_ucount_decr(asoc->cnt_on_all_streams);
 6927                                 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
 6928                                 TAILQ_REMOVE(&asoc->strmin[strmat].inqueue, ctl, next);
 6929                                 if (ctl->data) {
 6930                                         sctp_m_freem(ctl->data);
 6931                                         ctl->data = NULL;
 6932                                 }
 6933                                 sctp_free_remote_addr(ctl->whoFrom);
 6934                                 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), ctl);
 6935                                 SCTP_DECR_READQ_COUNT();
 6936                         }
 6937                 }
 6938         }
 6939         if (cnt) {
 6940                 /* We must back down to see what the new highest is */
 6941                 for (i = asoc->highest_tsn_inside_map; SCTP_TSN_GE(i, asoc->mapping_array_base_tsn); i--) {
 6942                         SCTP_CALC_TSN_TO_GAP(gap, i, asoc->mapping_array_base_tsn);
 6943                         if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) {
 6944                                 asoc->highest_tsn_inside_map = i;
 6945                                 fnd = 1;
 6946                                 break;
 6947                         }
 6948                 }
 6949                 if (!fnd) {
 6950                         asoc->highest_tsn_inside_map = asoc->mapping_array_base_tsn - 1;
 6951                 }
 6952                 /*
 6953                  * Question, should we go through the delivery queue? The
 6954                  * only reason things are on here is the app not reading OR
 6955                  * a p-d-api up. An attacker COULD send enough in to
 6956                  * initiate the PD-API and then send a bunch of stuff to
 6957                  * other streams... these would wind up on the delivery
 6958                  * queue.. and then we would not get to them. But in order
 6959                  * to do this I then have to back-track and un-deliver
 6960                  * sequence numbers in streams.. el-yucko. I think for now
 6961                  * we will NOT look at the delivery queue and leave it to be
 6962                  * something to consider later. An alternative would be to
 6963                  * abort the P-D-API with a notification and then deliver
 6964                  * the data.... Or another method might be to keep track of
 6965                  * how many times the situation occurs and if we see a
 6966                  * possible attack underway just abort the association.
 6967                  */
 6968 #ifdef SCTP_DEBUG
 6969                 SCTPDBG(SCTP_DEBUG_PCB1, "Freed %d chunks from reneg harvest\n", cnt);
 6970 #endif
 6971                 /*
 6972                  * Now do we need to find a new
 6973                  * asoc->highest_tsn_inside_map?
 6974                  */
 6975                 asoc->last_revoke_count = cnt;
 6976                 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer);
 6977                 /* sa_ignore NO_NULL_CHK */
 6978                 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
 6979                 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_DRAIN, SCTP_SO_NOT_LOCKED);
 6980         }
 6981         /*
 6982          * Another issue, in un-setting the TSN's in the mapping array we
 6983          * DID NOT adjust the highest_tsn marker.  This will cause one of
 6984          * two things to occur. It may cause us to do extra work in checking
 6985          * for our mapping array movement. More importantly it may cause us
 6986          * to SACK every datagram. This may not be a bad thing though since
 6987          * we will recover once we get our cum-ack above and all this stuff
 6988          * we dumped recovered.
 6989          */
 6990 }
 6991 
 6992 void
 6993 sctp_drain()
 6994 {
 6995         /*
 6996          * We must walk the PCB lists for ALL associations here. The system
 6997          * is LOW on MBUF's and needs help. This is where reneging will
 6998          * occur. We really hope this does NOT happen!
 6999          */
 7000         VNET_ITERATOR_DECL(vnet_iter);
 7001         VNET_LIST_RLOCK_NOSLEEP();
 7002         VNET_FOREACH(vnet_iter) {
 7003                 CURVNET_SET(vnet_iter);
 7004                 struct sctp_inpcb *inp;
 7005                 struct sctp_tcb *stcb;
 7006 
 7007                 SCTP_STAT_INCR(sctps_protocol_drain_calls);
 7008                 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) {
 7009 #ifdef VIMAGE
 7010                         continue;
 7011 #else
 7012                         return;
 7013 #endif
 7014                 }
 7015                 SCTP_INP_INFO_RLOCK();
 7016                 LIST_FOREACH(inp, &SCTP_BASE_INFO(listhead), sctp_list) {
 7017                         /* For each endpoint */
 7018                         SCTP_INP_RLOCK(inp);
 7019                         LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
 7020                                 /* For each association */
 7021                                 SCTP_TCB_LOCK(stcb);
 7022                                 sctp_drain_mbufs(stcb);
 7023                                 SCTP_TCB_UNLOCK(stcb);
 7024                         }
 7025                         SCTP_INP_RUNLOCK(inp);
 7026                 }
 7027                 SCTP_INP_INFO_RUNLOCK();
 7028                 CURVNET_RESTORE();
 7029         }
 7030         VNET_LIST_RUNLOCK_NOSLEEP();
 7031 }
 7032 
 7033 /*
 7034  * start a new iterator
 7035  * iterates through all endpoints and associations based on the pcb_state
 7036  * flags and asoc_state.  "af" (mandatory) is executed for all matching
 7037  * assocs and "ef" (optional) is executed when the iterator completes.
 7038  * "inpf" (optional) is executed for each new endpoint as it is being
 7039  * iterated through. inpe (optional) is called when the inp completes
 7040  * its way through all the stcbs.
 7041  */
 7042 int
 7043 sctp_initiate_iterator(inp_func inpf,
 7044     asoc_func af,
 7045     inp_func inpe,
 7046     uint32_t pcb_state,
 7047     uint32_t pcb_features,
 7048     uint32_t asoc_state,
 7049     void *argp,
 7050     uint32_t argi,
 7051     end_func ef,
 7052     struct sctp_inpcb *s_inp,
 7053     uint8_t chunk_output_off)
 7054 {
 7055         struct sctp_iterator *it = NULL;
 7056 
 7057         if (af == NULL) {
 7058                 return (-1);
 7059         }
 7060         SCTP_MALLOC(it, struct sctp_iterator *, sizeof(struct sctp_iterator),
 7061             SCTP_M_ITER);
 7062         if (it == NULL) {
 7063                 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM);
 7064                 return (ENOMEM);
 7065         }
 7066         memset(it, 0, sizeof(*it));
 7067         it->function_assoc = af;
 7068         it->function_inp = inpf;
 7069         if (inpf)
 7070                 it->done_current_ep = 0;
 7071         else
 7072                 it->done_current_ep = 1;
 7073         it->function_atend = ef;
 7074         it->pointer = argp;
 7075         it->val = argi;
 7076         it->pcb_flags = pcb_state;
 7077         it->pcb_features = pcb_features;
 7078         it->asoc_state = asoc_state;
 7079         it->function_inp_end = inpe;
 7080         it->no_chunk_output = chunk_output_off;
 7081         it->vn = curvnet;
 7082         if (s_inp) {
 7083                 /* Assume lock is held here */
 7084                 it->inp = s_inp;
 7085                 SCTP_INP_INCR_REF(it->inp);
 7086                 it->iterator_flags = SCTP_ITERATOR_DO_SINGLE_INP;
 7087         } else {
 7088                 SCTP_INP_INFO_RLOCK();
 7089                 it->inp = LIST_FIRST(&SCTP_BASE_INFO(listhead));
 7090                 if (it->inp) {
 7091                         SCTP_INP_INCR_REF(it->inp);
 7092                 }
 7093                 SCTP_INP_INFO_RUNLOCK();
 7094                 it->iterator_flags = SCTP_ITERATOR_DO_ALL_INP;
 7095 
 7096         }
 7097         SCTP_IPI_ITERATOR_WQ_LOCK();
 7098 
 7099         TAILQ_INSERT_TAIL(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr);
 7100         if (sctp_it_ctl.iterator_running == 0) {
 7101                 sctp_wakeup_iterator();
 7102         }
 7103         SCTP_IPI_ITERATOR_WQ_UNLOCK();
 7104         /* sa_ignore MEMLEAK {memory is put on the tailq for the iterator} */
 7105         return (0);
 7106 }

Cache object: 8d9cea51acef0d742891ae68b1d78bad


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.