sctp_pcb.c revision 330897
1/*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * a) Redistributions of source code must retain the above copyright notice, 12 * this list of conditions and the following disclaimer. 13 * 14 * b) Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the distribution. 17 * 18 * c) Neither the name of Cisco Systems, Inc. nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 32 * THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35#include <sys/cdefs.h> 36__FBSDID("$FreeBSD: stable/11/sys/netinet/sctp_pcb.c 330897 2018-03-14 03:19:51Z eadler $"); 37 38#include <netinet/sctp_os.h> 39#include <sys/proc.h> 40#include <netinet/sctp_var.h> 41#include <netinet/sctp_sysctl.h> 42#include <netinet/sctp_pcb.h> 43#include <netinet/sctputil.h> 44#include <netinet/sctp.h> 45#include <netinet/sctp_header.h> 46#include <netinet/sctp_asconf.h> 47#include <netinet/sctp_output.h> 48#include <netinet/sctp_timer.h> 49#include <netinet/sctp_bsd_addr.h> 50#include <netinet/sctp_dtrace_define.h> 51#if defined(INET) || defined(INET6) 52#include <netinet/udp.h> 53#endif 54#ifdef INET6 55#include <netinet6/ip6_var.h> 56#endif 57#include <sys/sched.h> 58#include <sys/smp.h> 59#include <sys/unistd.h> 60 61 62VNET_DEFINE(struct sctp_base_info, system_base_info); 63 64/* FIX: we don't handle multiple link local scopes */ 65/* "scopeless" replacement IN6_ARE_ADDR_EQUAL */ 66#ifdef INET6 67int 68SCTP6_ARE_ADDR_EQUAL(struct sockaddr_in6 *a, struct sockaddr_in6 *b) 69{ 70 struct sockaddr_in6 tmp_a, tmp_b; 71 72 memcpy(&tmp_a, a, sizeof(struct sockaddr_in6)); 73 if (sa6_embedscope(&tmp_a, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 74 return (0); 75 } 76 memcpy(&tmp_b, b, sizeof(struct sockaddr_in6)); 77 if (sa6_embedscope(&tmp_b, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 78 return (0); 79 } 80 return (IN6_ARE_ADDR_EQUAL(&tmp_a.sin6_addr, &tmp_b.sin6_addr)); 81} 82#endif 83 84void 85sctp_fill_pcbinfo(struct sctp_pcbinfo *spcb) 86{ 87 /* 88 * We really don't need to lock this, but I will just because it 89 * does not hurt. 90 */ 91 SCTP_INP_INFO_RLOCK(); 92 spcb->ep_count = SCTP_BASE_INFO(ipi_count_ep); 93 spcb->asoc_count = SCTP_BASE_INFO(ipi_count_asoc); 94 spcb->laddr_count = SCTP_BASE_INFO(ipi_count_laddr); 95 spcb->raddr_count = SCTP_BASE_INFO(ipi_count_raddr); 96 spcb->chk_count = SCTP_BASE_INFO(ipi_count_chunk); 97 spcb->readq_count = SCTP_BASE_INFO(ipi_count_readq); 98 spcb->stream_oque = SCTP_BASE_INFO(ipi_count_strmoq); 99 spcb->free_chunks = SCTP_BASE_INFO(ipi_free_chunks); 100 SCTP_INP_INFO_RUNLOCK(); 101} 102 103/*- 104 * Addresses are added to VRF's (Virtual Router's). For BSD we 105 * have only the default VRF 0. We maintain a hash list of 106 * VRF's. Each VRF has its own list of sctp_ifn's. Each of 107 * these has a list of addresses. When we add a new address 108 * to a VRF we lookup the ifn/ifn_index, if the ifn does 109 * not exist we create it and add it to the list of IFN's 110 * within the VRF. Once we have the sctp_ifn, we add the 111 * address to the list. So we look something like: 112 * 113 * hash-vrf-table 114 * vrf-> ifn-> ifn -> ifn 115 * vrf | 116 * ... +--ifa-> ifa -> ifa 117 * vrf 118 * 119 * We keep these separate lists since the SCTP subsystem will 120 * point to these from its source address selection nets structure. 121 * When an address is deleted it does not happen right away on 122 * the SCTP side, it gets scheduled. What we do when a 123 * delete happens is immediately remove the address from 124 * the master list and decrement the refcount. As our 125 * addip iterator works through and frees the src address 126 * selection pointing to the sctp_ifa, eventually the refcount 127 * will reach 0 and we will delete it. Note that it is assumed 128 * that any locking on system level ifn/ifa is done at the 129 * caller of these functions and these routines will only 130 * lock the SCTP structures as they add or delete things. 131 * 132 * Other notes on VRF concepts. 133 * - An endpoint can be in multiple VRF's 134 * - An association lives within a VRF and only one VRF. 135 * - Any incoming packet we can deduce the VRF for by 136 * looking at the mbuf/pak inbound (for BSD its VRF=0 :D) 137 * - Any downward send call or connect call must supply the 138 * VRF via ancillary data or via some sort of set default 139 * VRF socket option call (again for BSD no brainer since 140 * the VRF is always 0). 141 * - An endpoint may add multiple VRF's to it. 142 * - Listening sockets can accept associations in any 143 * of the VRF's they are in but the assoc will end up 144 * in only one VRF (gotten from the packet or connect/send). 145 * 146 */ 147 148struct sctp_vrf * 149sctp_allocate_vrf(int vrf_id) 150{ 151 struct sctp_vrf *vrf = NULL; 152 struct sctp_vrflist *bucket; 153 154 /* First allocate the VRF structure */ 155 vrf = sctp_find_vrf(vrf_id); 156 if (vrf) { 157 /* Already allocated */ 158 return (vrf); 159 } 160 SCTP_MALLOC(vrf, struct sctp_vrf *, sizeof(struct sctp_vrf), 161 SCTP_M_VRF); 162 if (vrf == NULL) { 163 /* No memory */ 164#ifdef INVARIANTS 165 panic("No memory for VRF:%d", vrf_id); 166#endif 167 return (NULL); 168 } 169 /* setup the VRF */ 170 memset(vrf, 0, sizeof(struct sctp_vrf)); 171 vrf->vrf_id = vrf_id; 172 LIST_INIT(&vrf->ifnlist); 173 vrf->total_ifa_count = 0; 174 vrf->refcount = 0; 175 /* now also setup table ids */ 176 SCTP_INIT_VRF_TABLEID(vrf); 177 /* Init the HASH of addresses */ 178 vrf->vrf_addr_hash = SCTP_HASH_INIT(SCTP_VRF_ADDR_HASH_SIZE, 179 &vrf->vrf_addr_hashmark); 180 if (vrf->vrf_addr_hash == NULL) { 181 /* No memory */ 182#ifdef INVARIANTS 183 panic("No memory for VRF:%d", vrf_id); 184#endif 185 SCTP_FREE(vrf, SCTP_M_VRF); 186 return (NULL); 187 } 188 /* Add it to the hash table */ 189 bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(vrf_id & SCTP_BASE_INFO(hashvrfmark))]; 190 LIST_INSERT_HEAD(bucket, vrf, next_vrf); 191 atomic_add_int(&SCTP_BASE_INFO(ipi_count_vrfs), 1); 192 return (vrf); 193} 194 195 196struct sctp_ifn * 197sctp_find_ifn(void *ifn, uint32_t ifn_index) 198{ 199 struct sctp_ifn *sctp_ifnp; 200 struct sctp_ifnlist *hash_ifn_head; 201 202 /* 203 * We assume the lock is held for the addresses if that's wrong 204 * problems could occur :-) 205 */ 206 hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))]; 207 LIST_FOREACH(sctp_ifnp, hash_ifn_head, next_bucket) { 208 if (sctp_ifnp->ifn_index == ifn_index) { 209 return (sctp_ifnp); 210 } 211 if (sctp_ifnp->ifn_p && ifn && (sctp_ifnp->ifn_p == ifn)) { 212 return (sctp_ifnp); 213 } 214 } 215 return (NULL); 216} 217 218 219struct sctp_vrf * 220sctp_find_vrf(uint32_t vrf_id) 221{ 222 struct sctp_vrflist *bucket; 223 struct sctp_vrf *liste; 224 225 bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(vrf_id & SCTP_BASE_INFO(hashvrfmark))]; 226 LIST_FOREACH(liste, bucket, next_vrf) { 227 if (vrf_id == liste->vrf_id) { 228 return (liste); 229 } 230 } 231 return (NULL); 232} 233 234 235void 236sctp_free_vrf(struct sctp_vrf *vrf) 237{ 238 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&vrf->refcount)) { 239 if (vrf->vrf_addr_hash) { 240 SCTP_HASH_FREE(vrf->vrf_addr_hash, vrf->vrf_addr_hashmark); 241 vrf->vrf_addr_hash = NULL; 242 } 243 /* We zero'd the count */ 244 LIST_REMOVE(vrf, next_vrf); 245 SCTP_FREE(vrf, SCTP_M_VRF); 246 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_vrfs), 1); 247 } 248} 249 250 251void 252sctp_free_ifn(struct sctp_ifn *sctp_ifnp) 253{ 254 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&sctp_ifnp->refcount)) { 255 /* We zero'd the count */ 256 if (sctp_ifnp->vrf) { 257 sctp_free_vrf(sctp_ifnp->vrf); 258 } 259 SCTP_FREE(sctp_ifnp, SCTP_M_IFN); 260 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_ifns), 1); 261 } 262} 263 264 265void 266sctp_update_ifn_mtu(uint32_t ifn_index, uint32_t mtu) 267{ 268 struct sctp_ifn *sctp_ifnp; 269 270 sctp_ifnp = sctp_find_ifn((void *)NULL, ifn_index); 271 if (sctp_ifnp != NULL) { 272 sctp_ifnp->ifn_mtu = mtu; 273 } 274} 275 276 277void 278sctp_free_ifa(struct sctp_ifa *sctp_ifap) 279{ 280 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&sctp_ifap->refcount)) { 281 /* We zero'd the count */ 282 if (sctp_ifap->ifn_p) { 283 sctp_free_ifn(sctp_ifap->ifn_p); 284 } 285 SCTP_FREE(sctp_ifap, SCTP_M_IFA); 286 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_ifas), 1); 287 } 288} 289 290 291static void 292sctp_delete_ifn(struct sctp_ifn *sctp_ifnp, int hold_addr_lock) 293{ 294 struct sctp_ifn *found; 295 296 found = sctp_find_ifn(sctp_ifnp->ifn_p, sctp_ifnp->ifn_index); 297 if (found == NULL) { 298 /* Not in the list.. sorry */ 299 return; 300 } 301 if (hold_addr_lock == 0) 302 SCTP_IPI_ADDR_WLOCK(); 303 LIST_REMOVE(sctp_ifnp, next_bucket); 304 LIST_REMOVE(sctp_ifnp, next_ifn); 305 SCTP_DEREGISTER_INTERFACE(sctp_ifnp->ifn_index, 306 sctp_ifnp->registered_af); 307 if (hold_addr_lock == 0) 308 SCTP_IPI_ADDR_WUNLOCK(); 309 /* Take away the reference, and possibly free it */ 310 sctp_free_ifn(sctp_ifnp); 311} 312 313 314void 315sctp_mark_ifa_addr_down(uint32_t vrf_id, struct sockaddr *addr, 316 const char *if_name, uint32_t ifn_index) 317{ 318 struct sctp_vrf *vrf; 319 struct sctp_ifa *sctp_ifap; 320 321 SCTP_IPI_ADDR_RLOCK(); 322 vrf = sctp_find_vrf(vrf_id); 323 if (vrf == NULL) { 324 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id); 325 goto out; 326 327 } 328 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED); 329 if (sctp_ifap == NULL) { 330 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find sctp_ifap for address\n"); 331 goto out; 332 } 333 if (sctp_ifap->ifn_p == NULL) { 334 SCTPDBG(SCTP_DEBUG_PCB4, "IFA has no IFN - can't mark unusable\n"); 335 goto out; 336 } 337 if (if_name) { 338 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) != 0) { 339 SCTPDBG(SCTP_DEBUG_PCB4, "IFN %s of IFA not the same as %s\n", 340 sctp_ifap->ifn_p->ifn_name, if_name); 341 goto out; 342 } 343 } else { 344 if (sctp_ifap->ifn_p->ifn_index != ifn_index) { 345 SCTPDBG(SCTP_DEBUG_PCB4, "IFA owned by ifn_index:%d down command for ifn_index:%d - ignored\n", 346 sctp_ifap->ifn_p->ifn_index, ifn_index); 347 goto out; 348 } 349 } 350 351 sctp_ifap->localifa_flags &= (~SCTP_ADDR_VALID); 352 sctp_ifap->localifa_flags |= SCTP_ADDR_IFA_UNUSEABLE; 353out: 354 SCTP_IPI_ADDR_RUNLOCK(); 355} 356 357 358void 359sctp_mark_ifa_addr_up(uint32_t vrf_id, struct sockaddr *addr, 360 const char *if_name, uint32_t ifn_index) 361{ 362 struct sctp_vrf *vrf; 363 struct sctp_ifa *sctp_ifap; 364 365 SCTP_IPI_ADDR_RLOCK(); 366 vrf = sctp_find_vrf(vrf_id); 367 if (vrf == NULL) { 368 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id); 369 goto out; 370 371 } 372 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED); 373 if (sctp_ifap == NULL) { 374 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find sctp_ifap for address\n"); 375 goto out; 376 } 377 if (sctp_ifap->ifn_p == NULL) { 378 SCTPDBG(SCTP_DEBUG_PCB4, "IFA has no IFN - can't mark unusable\n"); 379 goto out; 380 } 381 if (if_name) { 382 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) != 0) { 383 SCTPDBG(SCTP_DEBUG_PCB4, "IFN %s of IFA not the same as %s\n", 384 sctp_ifap->ifn_p->ifn_name, if_name); 385 goto out; 386 } 387 } else { 388 if (sctp_ifap->ifn_p->ifn_index != ifn_index) { 389 SCTPDBG(SCTP_DEBUG_PCB4, "IFA owned by ifn_index:%d down command for ifn_index:%d - ignored\n", 390 sctp_ifap->ifn_p->ifn_index, ifn_index); 391 goto out; 392 } 393 } 394 395 sctp_ifap->localifa_flags &= (~SCTP_ADDR_IFA_UNUSEABLE); 396 sctp_ifap->localifa_flags |= SCTP_ADDR_VALID; 397out: 398 SCTP_IPI_ADDR_RUNLOCK(); 399} 400 401 402/*- 403 * Add an ifa to an ifn. 404 * Register the interface as necessary. 405 * NOTE: ADDR write lock MUST be held. 406 */ 407static void 408sctp_add_ifa_to_ifn(struct sctp_ifn *sctp_ifnp, struct sctp_ifa *sctp_ifap) 409{ 410 int ifa_af; 411 412 LIST_INSERT_HEAD(&sctp_ifnp->ifalist, sctp_ifap, next_ifa); 413 sctp_ifap->ifn_p = sctp_ifnp; 414 atomic_add_int(&sctp_ifap->ifn_p->refcount, 1); 415 /* update address counts */ 416 sctp_ifnp->ifa_count++; 417 ifa_af = sctp_ifap->address.sa.sa_family; 418 switch (ifa_af) { 419#ifdef INET 420 case AF_INET: 421 sctp_ifnp->num_v4++; 422 break; 423#endif 424#ifdef INET6 425 case AF_INET6: 426 sctp_ifnp->num_v6++; 427 break; 428#endif 429 default: 430 break; 431 } 432 if (sctp_ifnp->ifa_count == 1) { 433 /* register the new interface */ 434 SCTP_REGISTER_INTERFACE(sctp_ifnp->ifn_index, ifa_af); 435 sctp_ifnp->registered_af = ifa_af; 436 } 437} 438 439 440/*- 441 * Remove an ifa from its ifn. 442 * If no more addresses exist, remove the ifn too. Otherwise, re-register 443 * the interface based on the remaining address families left. 444 * NOTE: ADDR write lock MUST be held. 445 */ 446static void 447sctp_remove_ifa_from_ifn(struct sctp_ifa *sctp_ifap) 448{ 449 LIST_REMOVE(sctp_ifap, next_ifa); 450 if (sctp_ifap->ifn_p) { 451 /* update address counts */ 452 sctp_ifap->ifn_p->ifa_count--; 453 switch (sctp_ifap->address.sa.sa_family) { 454#ifdef INET 455 case AF_INET: 456 sctp_ifap->ifn_p->num_v4--; 457 break; 458#endif 459#ifdef INET6 460 case AF_INET6: 461 sctp_ifap->ifn_p->num_v6--; 462 break; 463#endif 464 default: 465 break; 466 } 467 468 if (LIST_EMPTY(&sctp_ifap->ifn_p->ifalist)) { 469 /* remove the ifn, possibly freeing it */ 470 sctp_delete_ifn(sctp_ifap->ifn_p, SCTP_ADDR_LOCKED); 471 } else { 472 /* re-register address family type, if needed */ 473 if ((sctp_ifap->ifn_p->num_v6 == 0) && 474 (sctp_ifap->ifn_p->registered_af == AF_INET6)) { 475 SCTP_DEREGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET6); 476 SCTP_REGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET); 477 sctp_ifap->ifn_p->registered_af = AF_INET; 478 } else if ((sctp_ifap->ifn_p->num_v4 == 0) && 479 (sctp_ifap->ifn_p->registered_af == AF_INET)) { 480 SCTP_DEREGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET); 481 SCTP_REGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET6); 482 sctp_ifap->ifn_p->registered_af = AF_INET6; 483 } 484 /* free the ifn refcount */ 485 sctp_free_ifn(sctp_ifap->ifn_p); 486 } 487 sctp_ifap->ifn_p = NULL; 488 } 489} 490 491 492struct sctp_ifa * 493sctp_add_addr_to_vrf(uint32_t vrf_id, void *ifn, uint32_t ifn_index, 494 uint32_t ifn_type, const char *if_name, void *ifa, 495 struct sockaddr *addr, uint32_t ifa_flags, 496 int dynamic_add) 497{ 498 struct sctp_vrf *vrf; 499 struct sctp_ifn *sctp_ifnp = NULL; 500 struct sctp_ifa *sctp_ifap = NULL; 501 struct sctp_ifalist *hash_addr_head; 502 struct sctp_ifnlist *hash_ifn_head; 503 uint32_t hash_of_addr; 504 int new_ifn_af = 0; 505 506#ifdef SCTP_DEBUG 507 SCTPDBG(SCTP_DEBUG_PCB4, "vrf_id 0x%x: adding address: ", vrf_id); 508 SCTPDBG_ADDR(SCTP_DEBUG_PCB4, addr); 509#endif 510 SCTP_IPI_ADDR_WLOCK(); 511 sctp_ifnp = sctp_find_ifn(ifn, ifn_index); 512 if (sctp_ifnp) { 513 vrf = sctp_ifnp->vrf; 514 } else { 515 vrf = sctp_find_vrf(vrf_id); 516 if (vrf == NULL) { 517 vrf = sctp_allocate_vrf(vrf_id); 518 if (vrf == NULL) { 519 SCTP_IPI_ADDR_WUNLOCK(); 520 return (NULL); 521 } 522 } 523 } 524 if (sctp_ifnp == NULL) { 525 /* 526 * build one and add it, can't hold lock until after malloc 527 * done though. 528 */ 529 SCTP_IPI_ADDR_WUNLOCK(); 530 SCTP_MALLOC(sctp_ifnp, struct sctp_ifn *, 531 sizeof(struct sctp_ifn), SCTP_M_IFN); 532 if (sctp_ifnp == NULL) { 533#ifdef INVARIANTS 534 panic("No memory for IFN"); 535#endif 536 return (NULL); 537 } 538 memset(sctp_ifnp, 0, sizeof(struct sctp_ifn)); 539 sctp_ifnp->ifn_index = ifn_index; 540 sctp_ifnp->ifn_p = ifn; 541 sctp_ifnp->ifn_type = ifn_type; 542 sctp_ifnp->refcount = 0; 543 sctp_ifnp->vrf = vrf; 544 atomic_add_int(&vrf->refcount, 1); 545 sctp_ifnp->ifn_mtu = SCTP_GATHER_MTU_FROM_IFN_INFO(ifn, ifn_index, addr->sa_family); 546 if (if_name != NULL) { 547 snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name); 548 } else { 549 snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown"); 550 } 551 hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))]; 552 LIST_INIT(&sctp_ifnp->ifalist); 553 SCTP_IPI_ADDR_WLOCK(); 554 LIST_INSERT_HEAD(hash_ifn_head, sctp_ifnp, next_bucket); 555 LIST_INSERT_HEAD(&vrf->ifnlist, sctp_ifnp, next_ifn); 556 atomic_add_int(&SCTP_BASE_INFO(ipi_count_ifns), 1); 557 new_ifn_af = 1; 558 } 559 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED); 560 if (sctp_ifap) { 561 /* Hmm, it already exists? */ 562 if ((sctp_ifap->ifn_p) && 563 (sctp_ifap->ifn_p->ifn_index == ifn_index)) { 564 SCTPDBG(SCTP_DEBUG_PCB4, "Using existing ifn %s (0x%x) for ifa %p\n", 565 sctp_ifap->ifn_p->ifn_name, ifn_index, 566 (void *)sctp_ifap); 567 if (new_ifn_af) { 568 /* Remove the created one that we don't want */ 569 sctp_delete_ifn(sctp_ifnp, SCTP_ADDR_LOCKED); 570 } 571 if (sctp_ifap->localifa_flags & SCTP_BEING_DELETED) { 572 /* easy to solve, just switch back to active */ 573 SCTPDBG(SCTP_DEBUG_PCB4, "Clearing deleted ifa flag\n"); 574 sctp_ifap->localifa_flags = SCTP_ADDR_VALID; 575 sctp_ifap->ifn_p = sctp_ifnp; 576 atomic_add_int(&sctp_ifap->ifn_p->refcount, 1); 577 } 578 exit_stage_left: 579 SCTP_IPI_ADDR_WUNLOCK(); 580 return (sctp_ifap); 581 } else { 582 if (sctp_ifap->ifn_p) { 583 /* 584 * The last IFN gets the address, remove the 585 * old one 586 */ 587 SCTPDBG(SCTP_DEBUG_PCB4, "Moving ifa %p from %s (0x%x) to %s (0x%x)\n", 588 (void *)sctp_ifap, sctp_ifap->ifn_p->ifn_name, 589 sctp_ifap->ifn_p->ifn_index, if_name, 590 ifn_index); 591 /* remove the address from the old ifn */ 592 sctp_remove_ifa_from_ifn(sctp_ifap); 593 /* move the address over to the new ifn */ 594 sctp_add_ifa_to_ifn(sctp_ifnp, sctp_ifap); 595 goto exit_stage_left; 596 } else { 597 /* repair ifnp which was NULL ? */ 598 sctp_ifap->localifa_flags = SCTP_ADDR_VALID; 599 SCTPDBG(SCTP_DEBUG_PCB4, "Repairing ifn %p for ifa %p\n", 600 (void *)sctp_ifnp, (void *)sctp_ifap); 601 sctp_add_ifa_to_ifn(sctp_ifnp, sctp_ifap); 602 } 603 goto exit_stage_left; 604 } 605 } 606 SCTP_IPI_ADDR_WUNLOCK(); 607 SCTP_MALLOC(sctp_ifap, struct sctp_ifa *, sizeof(struct sctp_ifa), SCTP_M_IFA); 608 if (sctp_ifap == NULL) { 609#ifdef INVARIANTS 610 panic("No memory for IFA"); 611#endif 612 return (NULL); 613 } 614 memset(sctp_ifap, 0, sizeof(struct sctp_ifa)); 615 sctp_ifap->ifn_p = sctp_ifnp; 616 atomic_add_int(&sctp_ifnp->refcount, 1); 617 sctp_ifap->vrf_id = vrf_id; 618 sctp_ifap->ifa = ifa; 619 memcpy(&sctp_ifap->address, addr, addr->sa_len); 620 sctp_ifap->localifa_flags = SCTP_ADDR_VALID | SCTP_ADDR_DEFER_USE; 621 sctp_ifap->flags = ifa_flags; 622 /* Set scope */ 623 switch (sctp_ifap->address.sa.sa_family) { 624#ifdef INET 625 case AF_INET: 626 { 627 struct sockaddr_in *sin; 628 629 sin = &sctp_ifap->address.sin; 630 if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) || 631 (IN4_ISLOOPBACK_ADDRESS(&sin->sin_addr))) { 632 sctp_ifap->src_is_loop = 1; 633 } 634 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 635 sctp_ifap->src_is_priv = 1; 636 } 637 sctp_ifnp->num_v4++; 638 if (new_ifn_af) 639 new_ifn_af = AF_INET; 640 break; 641 } 642#endif 643#ifdef INET6 644 case AF_INET6: 645 { 646 /* ok to use deprecated addresses? */ 647 struct sockaddr_in6 *sin6; 648 649 sin6 = &sctp_ifap->address.sin6; 650 if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) || 651 (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))) { 652 sctp_ifap->src_is_loop = 1; 653 } 654 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 655 sctp_ifap->src_is_priv = 1; 656 } 657 sctp_ifnp->num_v6++; 658 if (new_ifn_af) 659 new_ifn_af = AF_INET6; 660 break; 661 } 662#endif 663 default: 664 new_ifn_af = 0; 665 break; 666 } 667 hash_of_addr = sctp_get_ifa_hash_val(&sctp_ifap->address.sa); 668 669 if ((sctp_ifap->src_is_priv == 0) && 670 (sctp_ifap->src_is_loop == 0)) { 671 sctp_ifap->src_is_glob = 1; 672 } 673 SCTP_IPI_ADDR_WLOCK(); 674 hash_addr_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)]; 675 LIST_INSERT_HEAD(hash_addr_head, sctp_ifap, next_bucket); 676 sctp_ifap->refcount = 1; 677 LIST_INSERT_HEAD(&sctp_ifnp->ifalist, sctp_ifap, next_ifa); 678 sctp_ifnp->ifa_count++; 679 vrf->total_ifa_count++; 680 atomic_add_int(&SCTP_BASE_INFO(ipi_count_ifas), 1); 681 if (new_ifn_af) { 682 SCTP_REGISTER_INTERFACE(ifn_index, new_ifn_af); 683 sctp_ifnp->registered_af = new_ifn_af; 684 } 685 SCTP_IPI_ADDR_WUNLOCK(); 686 if (dynamic_add) { 687 /* 688 * Bump up the refcount so that when the timer completes it 689 * will drop back down. 690 */ 691 struct sctp_laddr *wi; 692 693 atomic_add_int(&sctp_ifap->refcount, 1); 694 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 695 if (wi == NULL) { 696 /* 697 * Gak, what can we do? We have lost an address 698 * change can you say HOSED? 699 */ 700 SCTPDBG(SCTP_DEBUG_PCB4, "Lost an address change?\n"); 701 /* Opps, must decrement the count */ 702 sctp_del_addr_from_vrf(vrf_id, addr, ifn_index, 703 if_name); 704 return (NULL); 705 } 706 SCTP_INCR_LADDR_COUNT(); 707 bzero(wi, sizeof(*wi)); 708 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time); 709 wi->ifa = sctp_ifap; 710 wi->action = SCTP_ADD_IP_ADDRESS; 711 712 SCTP_WQ_ADDR_LOCK(); 713 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 714 SCTP_WQ_ADDR_UNLOCK(); 715 716 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 717 (struct sctp_inpcb *)NULL, 718 (struct sctp_tcb *)NULL, 719 (struct sctp_nets *)NULL); 720 } else { 721 /* it's ready for use */ 722 sctp_ifap->localifa_flags &= ~SCTP_ADDR_DEFER_USE; 723 } 724 return (sctp_ifap); 725} 726 727void 728sctp_del_addr_from_vrf(uint32_t vrf_id, struct sockaddr *addr, 729 uint32_t ifn_index, const char *if_name) 730{ 731 struct sctp_vrf *vrf; 732 struct sctp_ifa *sctp_ifap = NULL; 733 734 SCTP_IPI_ADDR_WLOCK(); 735 vrf = sctp_find_vrf(vrf_id); 736 if (vrf == NULL) { 737 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id); 738 goto out_now; 739 } 740#ifdef SCTP_DEBUG 741 SCTPDBG(SCTP_DEBUG_PCB4, "vrf_id 0x%x: deleting address:", vrf_id); 742 SCTPDBG_ADDR(SCTP_DEBUG_PCB4, addr); 743#endif 744 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED); 745 if (sctp_ifap) { 746 /* Validate the delete */ 747 if (sctp_ifap->ifn_p) { 748 int valid = 0; 749 750 /*- 751 * The name has priority over the ifn_index 752 * if its given. We do this especially for 753 * panda who might recycle indexes fast. 754 */ 755 if (if_name) { 756 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) == 0) { 757 /* They match its a correct delete */ 758 valid = 1; 759 } 760 } 761 if (!valid) { 762 /* last ditch check ifn_index */ 763 if (ifn_index == sctp_ifap->ifn_p->ifn_index) { 764 valid = 1; 765 } 766 } 767 if (!valid) { 768 SCTPDBG(SCTP_DEBUG_PCB4, "ifn:%d ifname:%s does not match addresses\n", 769 ifn_index, ((if_name == NULL) ? "NULL" : if_name)); 770 SCTPDBG(SCTP_DEBUG_PCB4, "ifn:%d ifname:%s - ignoring delete\n", 771 sctp_ifap->ifn_p->ifn_index, sctp_ifap->ifn_p->ifn_name); 772 SCTP_IPI_ADDR_WUNLOCK(); 773 return; 774 } 775 } 776 SCTPDBG(SCTP_DEBUG_PCB4, "Deleting ifa %p\n", (void *)sctp_ifap); 777 sctp_ifap->localifa_flags &= SCTP_ADDR_VALID; 778 /* 779 * We don't set the flag. This means that the structure will 780 * hang around in EP's that have bound specific to it until 781 * they close. This gives us TCP like behavior if someone 782 * removes an address (or for that matter adds it right 783 * back). 784 */ 785 /* sctp_ifap->localifa_flags |= SCTP_BEING_DELETED; */ 786 vrf->total_ifa_count--; 787 LIST_REMOVE(sctp_ifap, next_bucket); 788 sctp_remove_ifa_from_ifn(sctp_ifap); 789 } 790#ifdef SCTP_DEBUG 791 else { 792 SCTPDBG(SCTP_DEBUG_PCB4, "Del Addr-ifn:%d Could not find address:", 793 ifn_index); 794 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, addr); 795 } 796#endif 797 798out_now: 799 SCTP_IPI_ADDR_WUNLOCK(); 800 if (sctp_ifap) { 801 struct sctp_laddr *wi; 802 803 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 804 if (wi == NULL) { 805 /* 806 * Gak, what can we do? We have lost an address 807 * change can you say HOSED? 808 */ 809 SCTPDBG(SCTP_DEBUG_PCB4, "Lost an address change?\n"); 810 811 /* Oops, must decrement the count */ 812 sctp_free_ifa(sctp_ifap); 813 return; 814 } 815 SCTP_INCR_LADDR_COUNT(); 816 bzero(wi, sizeof(*wi)); 817 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time); 818 wi->ifa = sctp_ifap; 819 wi->action = SCTP_DEL_IP_ADDRESS; 820 SCTP_WQ_ADDR_LOCK(); 821 /* 822 * Should this really be a tailq? As it is we will process 823 * the newest first :-0 824 */ 825 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 826 SCTP_WQ_ADDR_UNLOCK(); 827 828 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 829 (struct sctp_inpcb *)NULL, 830 (struct sctp_tcb *)NULL, 831 (struct sctp_nets *)NULL); 832 } 833 return; 834} 835 836 837static int 838sctp_does_stcb_own_this_addr(struct sctp_tcb *stcb, struct sockaddr *to) 839{ 840 int loopback_scope; 841#if defined(INET) 842 int ipv4_local_scope, ipv4_addr_legal; 843#endif 844#if defined(INET6) 845 int local_scope, site_scope, ipv6_addr_legal; 846#endif 847 struct sctp_vrf *vrf; 848 struct sctp_ifn *sctp_ifn; 849 struct sctp_ifa *sctp_ifa; 850 851 loopback_scope = stcb->asoc.scope.loopback_scope; 852#if defined(INET) 853 ipv4_local_scope = stcb->asoc.scope.ipv4_local_scope; 854 ipv4_addr_legal = stcb->asoc.scope.ipv4_addr_legal; 855#endif 856#if defined(INET6) 857 local_scope = stcb->asoc.scope.local_scope; 858 site_scope = stcb->asoc.scope.site_scope; 859 ipv6_addr_legal = stcb->asoc.scope.ipv6_addr_legal; 860#endif 861 862 SCTP_IPI_ADDR_RLOCK(); 863 vrf = sctp_find_vrf(stcb->asoc.vrf_id); 864 if (vrf == NULL) { 865 /* no vrf, no addresses */ 866 SCTP_IPI_ADDR_RUNLOCK(); 867 return (0); 868 } 869 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 870 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 871 if ((loopback_scope == 0) && 872 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 873 continue; 874 } 875 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 876 if (sctp_is_addr_restricted(stcb, sctp_ifa) && 877 (!sctp_is_addr_pending(stcb, sctp_ifa))) { 878 /* 879 * We allow pending addresses, where 880 * we have sent an asconf-add to be 881 * considered valid. 882 */ 883 continue; 884 } 885 if (sctp_ifa->address.sa.sa_family != to->sa_family) { 886 continue; 887 } 888 switch (sctp_ifa->address.sa.sa_family) { 889#ifdef INET 890 case AF_INET: 891 if (ipv4_addr_legal) { 892 struct sockaddr_in *sin, 893 *rsin; 894 895 sin = &sctp_ifa->address.sin; 896 rsin = (struct sockaddr_in *)to; 897 if ((ipv4_local_scope == 0) && 898 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 899 continue; 900 } 901 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 902 &sin->sin_addr) != 0) { 903 continue; 904 } 905 if (sin->sin_addr.s_addr == rsin->sin_addr.s_addr) { 906 SCTP_IPI_ADDR_RUNLOCK(); 907 return (1); 908 } 909 } 910 break; 911#endif 912#ifdef INET6 913 case AF_INET6: 914 if (ipv6_addr_legal) { 915 struct sockaddr_in6 *sin6, 916 *rsin6; 917 918 sin6 = &sctp_ifa->address.sin6; 919 rsin6 = (struct sockaddr_in6 *)to; 920 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 921 &sin6->sin6_addr) != 0) { 922 continue; 923 } 924 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 925 if (local_scope == 0) 926 continue; 927 if (sin6->sin6_scope_id == 0) { 928 if (sa6_recoverscope(sin6) != 0) 929 continue; 930 } 931 } 932 if ((site_scope == 0) && 933 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 934 continue; 935 } 936 if (SCTP6_ARE_ADDR_EQUAL(sin6, rsin6)) { 937 SCTP_IPI_ADDR_RUNLOCK(); 938 return (1); 939 } 940 } 941 break; 942#endif 943 default: 944 /* TSNH */ 945 break; 946 } 947 } 948 } 949 } else { 950 struct sctp_laddr *laddr; 951 952 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) { 953 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) { 954 SCTPDBG(SCTP_DEBUG_PCB1, "ifa being deleted\n"); 955 continue; 956 } 957 if (sctp_is_addr_restricted(stcb, laddr->ifa) && 958 (!sctp_is_addr_pending(stcb, laddr->ifa))) { 959 /* 960 * We allow pending addresses, where we have 961 * sent an asconf-add to be considered 962 * valid. 963 */ 964 continue; 965 } 966 if (laddr->ifa->address.sa.sa_family != to->sa_family) { 967 continue; 968 } 969 switch (to->sa_family) { 970#ifdef INET 971 case AF_INET: 972 { 973 struct sockaddr_in *sin, *rsin; 974 975 sin = &laddr->ifa->address.sin; 976 rsin = (struct sockaddr_in *)to; 977 if (sin->sin_addr.s_addr == rsin->sin_addr.s_addr) { 978 SCTP_IPI_ADDR_RUNLOCK(); 979 return (1); 980 } 981 break; 982 } 983#endif 984#ifdef INET6 985 case AF_INET6: 986 { 987 struct sockaddr_in6 *sin6, *rsin6; 988 989 sin6 = &laddr->ifa->address.sin6; 990 rsin6 = (struct sockaddr_in6 *)to; 991 if (SCTP6_ARE_ADDR_EQUAL(sin6, rsin6)) { 992 SCTP_IPI_ADDR_RUNLOCK(); 993 return (1); 994 } 995 break; 996 } 997 998#endif 999 default: 1000 /* TSNH */ 1001 break; 1002 } 1003 1004 } 1005 } 1006 SCTP_IPI_ADDR_RUNLOCK(); 1007 return (0); 1008} 1009 1010 1011static struct sctp_tcb * 1012sctp_tcb_special_locate(struct sctp_inpcb **inp_p, struct sockaddr *from, 1013 struct sockaddr *to, struct sctp_nets **netp, uint32_t vrf_id) 1014{ 1015 /**** ASSUMES THE CALLER holds the INP_INFO_RLOCK */ 1016 /* 1017 * If we support the TCP model, then we must now dig through to see 1018 * if we can find our endpoint in the list of tcp ep's. 1019 */ 1020 uint16_t lport, rport; 1021 struct sctppcbhead *ephead; 1022 struct sctp_inpcb *inp; 1023 struct sctp_laddr *laddr; 1024 struct sctp_tcb *stcb; 1025 struct sctp_nets *net; 1026 1027 if ((to == NULL) || (from == NULL)) { 1028 return (NULL); 1029 } 1030 switch (to->sa_family) { 1031#ifdef INET 1032 case AF_INET: 1033 if (from->sa_family == AF_INET) { 1034 lport = ((struct sockaddr_in *)to)->sin_port; 1035 rport = ((struct sockaddr_in *)from)->sin_port; 1036 } else { 1037 return (NULL); 1038 } 1039 break; 1040#endif 1041#ifdef INET6 1042 case AF_INET6: 1043 if (from->sa_family == AF_INET6) { 1044 lport = ((struct sockaddr_in6 *)to)->sin6_port; 1045 rport = ((struct sockaddr_in6 *)from)->sin6_port; 1046 } else { 1047 return (NULL); 1048 } 1049 break; 1050#endif 1051 default: 1052 return (NULL); 1053 } 1054 ephead = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR((lport | rport), SCTP_BASE_INFO(hashtcpmark))]; 1055 /* 1056 * Ok now for each of the guys in this bucket we must look and see: 1057 * - Does the remote port match. - Does there single association's 1058 * addresses match this address (to). If so we update p_ep to point 1059 * to this ep and return the tcb from it. 1060 */ 1061 LIST_FOREACH(inp, ephead, sctp_hash) { 1062 SCTP_INP_RLOCK(inp); 1063 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 1064 SCTP_INP_RUNLOCK(inp); 1065 continue; 1066 } 1067 if (lport != inp->sctp_lport) { 1068 SCTP_INP_RUNLOCK(inp); 1069 continue; 1070 } 1071 switch (to->sa_family) { 1072#ifdef INET 1073 case AF_INET: 1074 { 1075 struct sockaddr_in *sin; 1076 1077 sin = (struct sockaddr_in *)to; 1078 if (prison_check_ip4(inp->ip_inp.inp.inp_cred, 1079 &sin->sin_addr) != 0) { 1080 SCTP_INP_RUNLOCK(inp); 1081 continue; 1082 } 1083 break; 1084 } 1085#endif 1086#ifdef INET6 1087 case AF_INET6: 1088 { 1089 struct sockaddr_in6 *sin6; 1090 1091 sin6 = (struct sockaddr_in6 *)to; 1092 if (prison_check_ip6(inp->ip_inp.inp.inp_cred, 1093 &sin6->sin6_addr) != 0) { 1094 SCTP_INP_RUNLOCK(inp); 1095 continue; 1096 } 1097 break; 1098 } 1099#endif 1100 default: 1101 SCTP_INP_RUNLOCK(inp); 1102 continue; 1103 } 1104 if (inp->def_vrf_id != vrf_id) { 1105 SCTP_INP_RUNLOCK(inp); 1106 continue; 1107 } 1108 /* check to see if the ep has one of the addresses */ 1109 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) { 1110 /* We are NOT bound all, so look further */ 1111 int match = 0; 1112 1113 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 1114 1115 if (laddr->ifa == NULL) { 1116 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n", __func__); 1117 continue; 1118 } 1119 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) { 1120 SCTPDBG(SCTP_DEBUG_PCB1, "ifa being deleted\n"); 1121 continue; 1122 } 1123 if (laddr->ifa->address.sa.sa_family == 1124 to->sa_family) { 1125 /* see if it matches */ 1126#ifdef INET 1127 if (from->sa_family == AF_INET) { 1128 struct sockaddr_in *intf_addr, 1129 *sin; 1130 1131 intf_addr = &laddr->ifa->address.sin; 1132 sin = (struct sockaddr_in *)to; 1133 if (sin->sin_addr.s_addr == 1134 intf_addr->sin_addr.s_addr) { 1135 match = 1; 1136 break; 1137 } 1138 } 1139#endif 1140#ifdef INET6 1141 if (from->sa_family == AF_INET6) { 1142 struct sockaddr_in6 *intf_addr6; 1143 struct sockaddr_in6 *sin6; 1144 1145 sin6 = (struct sockaddr_in6 *) 1146 to; 1147 intf_addr6 = &laddr->ifa->address.sin6; 1148 1149 if (SCTP6_ARE_ADDR_EQUAL(sin6, 1150 intf_addr6)) { 1151 match = 1; 1152 break; 1153 } 1154 } 1155#endif 1156 } 1157 } 1158 if (match == 0) { 1159 /* This endpoint does not have this address */ 1160 SCTP_INP_RUNLOCK(inp); 1161 continue; 1162 } 1163 } 1164 /* 1165 * Ok if we hit here the ep has the address, does it hold 1166 * the tcb? 1167 */ 1168 /* XXX: Why don't we TAILQ_FOREACH through sctp_asoc_list? */ 1169 stcb = LIST_FIRST(&inp->sctp_asoc_list); 1170 if (stcb == NULL) { 1171 SCTP_INP_RUNLOCK(inp); 1172 continue; 1173 } 1174 SCTP_TCB_LOCK(stcb); 1175 if (!sctp_does_stcb_own_this_addr(stcb, to)) { 1176 SCTP_TCB_UNLOCK(stcb); 1177 SCTP_INP_RUNLOCK(inp); 1178 continue; 1179 } 1180 if (stcb->rport != rport) { 1181 /* remote port does not match. */ 1182 SCTP_TCB_UNLOCK(stcb); 1183 SCTP_INP_RUNLOCK(inp); 1184 continue; 1185 } 1186 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 1187 SCTP_TCB_UNLOCK(stcb); 1188 SCTP_INP_RUNLOCK(inp); 1189 continue; 1190 } 1191 if (!sctp_does_stcb_own_this_addr(stcb, to)) { 1192 SCTP_TCB_UNLOCK(stcb); 1193 SCTP_INP_RUNLOCK(inp); 1194 continue; 1195 } 1196 /* Does this TCB have a matching address? */ 1197 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1198 1199 if (net->ro._l_addr.sa.sa_family != from->sa_family) { 1200 /* not the same family, can't be a match */ 1201 continue; 1202 } 1203 switch (from->sa_family) { 1204#ifdef INET 1205 case AF_INET: 1206 { 1207 struct sockaddr_in *sin, *rsin; 1208 1209 sin = (struct sockaddr_in *)&net->ro._l_addr; 1210 rsin = (struct sockaddr_in *)from; 1211 if (sin->sin_addr.s_addr == 1212 rsin->sin_addr.s_addr) { 1213 /* found it */ 1214 if (netp != NULL) { 1215 *netp = net; 1216 } 1217 /* 1218 * Update the endpoint 1219 * pointer 1220 */ 1221 *inp_p = inp; 1222 SCTP_INP_RUNLOCK(inp); 1223 return (stcb); 1224 } 1225 break; 1226 } 1227#endif 1228#ifdef INET6 1229 case AF_INET6: 1230 { 1231 struct sockaddr_in6 *sin6, *rsin6; 1232 1233 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 1234 rsin6 = (struct sockaddr_in6 *)from; 1235 if (SCTP6_ARE_ADDR_EQUAL(sin6, 1236 rsin6)) { 1237 /* found it */ 1238 if (netp != NULL) { 1239 *netp = net; 1240 } 1241 /* 1242 * Update the endpoint 1243 * pointer 1244 */ 1245 *inp_p = inp; 1246 SCTP_INP_RUNLOCK(inp); 1247 return (stcb); 1248 } 1249 break; 1250 } 1251#endif 1252 default: 1253 /* TSNH */ 1254 break; 1255 } 1256 } 1257 SCTP_TCB_UNLOCK(stcb); 1258 SCTP_INP_RUNLOCK(inp); 1259 } 1260 return (NULL); 1261} 1262 1263 1264/* 1265 * rules for use 1266 * 1267 * 1) If I return a NULL you must decrement any INP ref cnt. 2) If I find an 1268 * stcb, both will be locked (locked_tcb and stcb) but decrement will be done 1269 * (if locked == NULL). 3) Decrement happens on return ONLY if locked == 1270 * NULL. 1271 */ 1272 1273struct sctp_tcb * 1274sctp_findassociation_ep_addr(struct sctp_inpcb **inp_p, struct sockaddr *remote, 1275 struct sctp_nets **netp, struct sockaddr *local, struct sctp_tcb *locked_tcb) 1276{ 1277 struct sctpasochead *head; 1278 struct sctp_inpcb *inp; 1279 struct sctp_tcb *stcb = NULL; 1280 struct sctp_nets *net; 1281 uint16_t rport; 1282 1283 inp = *inp_p; 1284 switch (remote->sa_family) { 1285#ifdef INET 1286 case AF_INET: 1287 rport = (((struct sockaddr_in *)remote)->sin_port); 1288 break; 1289#endif 1290#ifdef INET6 1291 case AF_INET6: 1292 rport = (((struct sockaddr_in6 *)remote)->sin6_port); 1293 break; 1294#endif 1295 default: 1296 return (NULL); 1297 } 1298 if (locked_tcb) { 1299 /* 1300 * UN-lock so we can do proper locking here this occurs when 1301 * called from load_addresses_from_init. 1302 */ 1303 atomic_add_int(&locked_tcb->asoc.refcnt, 1); 1304 SCTP_TCB_UNLOCK(locked_tcb); 1305 } 1306 SCTP_INP_INFO_RLOCK(); 1307 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 1308 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 1309 /*- 1310 * Now either this guy is our listener or it's the 1311 * connector. If it is the one that issued the connect, then 1312 * it's only chance is to be the first TCB in the list. If 1313 * it is the acceptor, then do the special_lookup to hash 1314 * and find the real inp. 1315 */ 1316 if ((inp->sctp_socket) && (inp->sctp_socket->so_qlimit)) { 1317 /* to is peer addr, from is my addr */ 1318 stcb = sctp_tcb_special_locate(inp_p, remote, local, 1319 netp, inp->def_vrf_id); 1320 if ((stcb != NULL) && (locked_tcb == NULL)) { 1321 /* we have a locked tcb, lower refcount */ 1322 SCTP_INP_DECR_REF(inp); 1323 } 1324 if ((locked_tcb != NULL) && (locked_tcb != stcb)) { 1325 SCTP_INP_RLOCK(locked_tcb->sctp_ep); 1326 SCTP_TCB_LOCK(locked_tcb); 1327 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1328 SCTP_INP_RUNLOCK(locked_tcb->sctp_ep); 1329 } 1330 SCTP_INP_INFO_RUNLOCK(); 1331 return (stcb); 1332 } else { 1333 SCTP_INP_WLOCK(inp); 1334 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 1335 goto null_return; 1336 } 1337 stcb = LIST_FIRST(&inp->sctp_asoc_list); 1338 if (stcb == NULL) { 1339 goto null_return; 1340 } 1341 SCTP_TCB_LOCK(stcb); 1342 1343 if (stcb->rport != rport) { 1344 /* remote port does not match. */ 1345 SCTP_TCB_UNLOCK(stcb); 1346 goto null_return; 1347 } 1348 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 1349 SCTP_TCB_UNLOCK(stcb); 1350 goto null_return; 1351 } 1352 if (local && !sctp_does_stcb_own_this_addr(stcb, local)) { 1353 SCTP_TCB_UNLOCK(stcb); 1354 goto null_return; 1355 } 1356 /* now look at the list of remote addresses */ 1357 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1358#ifdef INVARIANTS 1359 if (net == (TAILQ_NEXT(net, sctp_next))) { 1360 panic("Corrupt net list"); 1361 } 1362#endif 1363 if (net->ro._l_addr.sa.sa_family != 1364 remote->sa_family) { 1365 /* not the same family */ 1366 continue; 1367 } 1368 switch (remote->sa_family) { 1369#ifdef INET 1370 case AF_INET: 1371 { 1372 struct sockaddr_in *sin, 1373 *rsin; 1374 1375 sin = (struct sockaddr_in *) 1376 &net->ro._l_addr; 1377 rsin = (struct sockaddr_in *)remote; 1378 if (sin->sin_addr.s_addr == 1379 rsin->sin_addr.s_addr) { 1380 /* found it */ 1381 if (netp != NULL) { 1382 *netp = net; 1383 } 1384 if (locked_tcb == NULL) { 1385 SCTP_INP_DECR_REF(inp); 1386 } else if (locked_tcb != stcb) { 1387 SCTP_TCB_LOCK(locked_tcb); 1388 } 1389 if (locked_tcb) { 1390 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1391 } 1392 SCTP_INP_WUNLOCK(inp); 1393 SCTP_INP_INFO_RUNLOCK(); 1394 return (stcb); 1395 } 1396 break; 1397 } 1398#endif 1399#ifdef INET6 1400 case AF_INET6: 1401 { 1402 struct sockaddr_in6 *sin6, 1403 *rsin6; 1404 1405 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 1406 rsin6 = (struct sockaddr_in6 *)remote; 1407 if (SCTP6_ARE_ADDR_EQUAL(sin6, 1408 rsin6)) { 1409 /* found it */ 1410 if (netp != NULL) { 1411 *netp = net; 1412 } 1413 if (locked_tcb == NULL) { 1414 SCTP_INP_DECR_REF(inp); 1415 } else if (locked_tcb != stcb) { 1416 SCTP_TCB_LOCK(locked_tcb); 1417 } 1418 if (locked_tcb) { 1419 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1420 } 1421 SCTP_INP_WUNLOCK(inp); 1422 SCTP_INP_INFO_RUNLOCK(); 1423 return (stcb); 1424 } 1425 break; 1426 } 1427#endif 1428 default: 1429 /* TSNH */ 1430 break; 1431 } 1432 } 1433 SCTP_TCB_UNLOCK(stcb); 1434 } 1435 } else { 1436 SCTP_INP_WLOCK(inp); 1437 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 1438 goto null_return; 1439 } 1440 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(rport, 1441 inp->sctp_hashmark)]; 1442 LIST_FOREACH(stcb, head, sctp_tcbhash) { 1443 if (stcb->rport != rport) { 1444 /* remote port does not match */ 1445 continue; 1446 } 1447 SCTP_TCB_LOCK(stcb); 1448 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 1449 SCTP_TCB_UNLOCK(stcb); 1450 continue; 1451 } 1452 if (local && !sctp_does_stcb_own_this_addr(stcb, local)) { 1453 SCTP_TCB_UNLOCK(stcb); 1454 continue; 1455 } 1456 /* now look at the list of remote addresses */ 1457 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1458#ifdef INVARIANTS 1459 if (net == (TAILQ_NEXT(net, sctp_next))) { 1460 panic("Corrupt net list"); 1461 } 1462#endif 1463 if (net->ro._l_addr.sa.sa_family != 1464 remote->sa_family) { 1465 /* not the same family */ 1466 continue; 1467 } 1468 switch (remote->sa_family) { 1469#ifdef INET 1470 case AF_INET: 1471 { 1472 struct sockaddr_in *sin, 1473 *rsin; 1474 1475 sin = (struct sockaddr_in *) 1476 &net->ro._l_addr; 1477 rsin = (struct sockaddr_in *)remote; 1478 if (sin->sin_addr.s_addr == 1479 rsin->sin_addr.s_addr) { 1480 /* found it */ 1481 if (netp != NULL) { 1482 *netp = net; 1483 } 1484 if (locked_tcb == NULL) { 1485 SCTP_INP_DECR_REF(inp); 1486 } else if (locked_tcb != stcb) { 1487 SCTP_TCB_LOCK(locked_tcb); 1488 } 1489 if (locked_tcb) { 1490 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1491 } 1492 SCTP_INP_WUNLOCK(inp); 1493 SCTP_INP_INFO_RUNLOCK(); 1494 return (stcb); 1495 } 1496 break; 1497 } 1498#endif 1499#ifdef INET6 1500 case AF_INET6: 1501 { 1502 struct sockaddr_in6 *sin6, 1503 *rsin6; 1504 1505 sin6 = (struct sockaddr_in6 *) 1506 &net->ro._l_addr; 1507 rsin6 = (struct sockaddr_in6 *)remote; 1508 if (SCTP6_ARE_ADDR_EQUAL(sin6, 1509 rsin6)) { 1510 /* found it */ 1511 if (netp != NULL) { 1512 *netp = net; 1513 } 1514 if (locked_tcb == NULL) { 1515 SCTP_INP_DECR_REF(inp); 1516 } else if (locked_tcb != stcb) { 1517 SCTP_TCB_LOCK(locked_tcb); 1518 } 1519 if (locked_tcb) { 1520 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1521 } 1522 SCTP_INP_WUNLOCK(inp); 1523 SCTP_INP_INFO_RUNLOCK(); 1524 return (stcb); 1525 } 1526 break; 1527 } 1528#endif 1529 default: 1530 /* TSNH */ 1531 break; 1532 } 1533 } 1534 SCTP_TCB_UNLOCK(stcb); 1535 } 1536 } 1537null_return: 1538 /* clean up for returning null */ 1539 if (locked_tcb) { 1540 SCTP_TCB_LOCK(locked_tcb); 1541 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1542 } 1543 SCTP_INP_WUNLOCK(inp); 1544 SCTP_INP_INFO_RUNLOCK(); 1545 /* not found */ 1546 return (NULL); 1547} 1548 1549 1550/* 1551 * Find an association for a specific endpoint using the association id given 1552 * out in the COMM_UP notification 1553 */ 1554struct sctp_tcb * 1555sctp_findasoc_ep_asocid_locked(struct sctp_inpcb *inp, sctp_assoc_t asoc_id, int want_lock) 1556{ 1557 /* 1558 * Use my the assoc_id to find a endpoint 1559 */ 1560 struct sctpasochead *head; 1561 struct sctp_tcb *stcb; 1562 uint32_t id; 1563 1564 if (inp == NULL) { 1565 SCTP_PRINTF("TSNH ep_associd\n"); 1566 return (NULL); 1567 } 1568 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 1569 SCTP_PRINTF("TSNH ep_associd0\n"); 1570 return (NULL); 1571 } 1572 id = (uint32_t)asoc_id; 1573 head = &inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(id, inp->hashasocidmark)]; 1574 if (head == NULL) { 1575 /* invalid id TSNH */ 1576 SCTP_PRINTF("TSNH ep_associd1\n"); 1577 return (NULL); 1578 } 1579 LIST_FOREACH(stcb, head, sctp_tcbasocidhash) { 1580 if (stcb->asoc.assoc_id == id) { 1581 if (inp != stcb->sctp_ep) { 1582 /* 1583 * some other guy has the same id active (id 1584 * collision ??). 1585 */ 1586 SCTP_PRINTF("TSNH ep_associd2\n"); 1587 continue; 1588 } 1589 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 1590 continue; 1591 } 1592 if (want_lock) { 1593 SCTP_TCB_LOCK(stcb); 1594 } 1595 return (stcb); 1596 } 1597 } 1598 return (NULL); 1599} 1600 1601 1602struct sctp_tcb * 1603sctp_findassociation_ep_asocid(struct sctp_inpcb *inp, sctp_assoc_t asoc_id, int want_lock) 1604{ 1605 struct sctp_tcb *stcb; 1606 1607 SCTP_INP_RLOCK(inp); 1608 stcb = sctp_findasoc_ep_asocid_locked(inp, asoc_id, want_lock); 1609 SCTP_INP_RUNLOCK(inp); 1610 return (stcb); 1611} 1612 1613 1614/* 1615 * Endpoint probe expects that the INP_INFO is locked. 1616 */ 1617static struct sctp_inpcb * 1618sctp_endpoint_probe(struct sockaddr *nam, struct sctppcbhead *head, 1619 uint16_t lport, uint32_t vrf_id) 1620{ 1621 struct sctp_inpcb *inp; 1622 struct sctp_laddr *laddr; 1623#ifdef INET 1624 struct sockaddr_in *sin; 1625#endif 1626#ifdef INET6 1627 struct sockaddr_in6 *sin6; 1628 struct sockaddr_in6 *intf_addr6; 1629#endif 1630 int fnd; 1631 1632#ifdef INET 1633 sin = NULL; 1634#endif 1635#ifdef INET6 1636 sin6 = NULL; 1637#endif 1638 switch (nam->sa_family) { 1639#ifdef INET 1640 case AF_INET: 1641 sin = (struct sockaddr_in *)nam; 1642 break; 1643#endif 1644#ifdef INET6 1645 case AF_INET6: 1646 sin6 = (struct sockaddr_in6 *)nam; 1647 break; 1648#endif 1649 default: 1650 /* unsupported family */ 1651 return (NULL); 1652 } 1653 1654 if (head == NULL) 1655 return (NULL); 1656 1657 LIST_FOREACH(inp, head, sctp_hash) { 1658 SCTP_INP_RLOCK(inp); 1659 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 1660 SCTP_INP_RUNLOCK(inp); 1661 continue; 1662 } 1663 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) && 1664 (inp->sctp_lport == lport)) { 1665 /* got it */ 1666 switch (nam->sa_family) { 1667#ifdef INET 1668 case AF_INET: 1669 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 1670 SCTP_IPV6_V6ONLY(inp)) { 1671 /* 1672 * IPv4 on a IPv6 socket with ONLY 1673 * IPv6 set 1674 */ 1675 SCTP_INP_RUNLOCK(inp); 1676 continue; 1677 } 1678 if (prison_check_ip4(inp->ip_inp.inp.inp_cred, 1679 &sin->sin_addr) != 0) { 1680 SCTP_INP_RUNLOCK(inp); 1681 continue; 1682 } 1683 break; 1684#endif 1685#ifdef INET6 1686 case AF_INET6: 1687 /* 1688 * A V6 address and the endpoint is NOT 1689 * bound V6 1690 */ 1691 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 1692 SCTP_INP_RUNLOCK(inp); 1693 continue; 1694 } 1695 if (prison_check_ip6(inp->ip_inp.inp.inp_cred, 1696 &sin6->sin6_addr) != 0) { 1697 SCTP_INP_RUNLOCK(inp); 1698 continue; 1699 } 1700 break; 1701#endif 1702 default: 1703 break; 1704 } 1705 /* does a VRF id match? */ 1706 fnd = 0; 1707 if (inp->def_vrf_id == vrf_id) 1708 fnd = 1; 1709 1710 SCTP_INP_RUNLOCK(inp); 1711 if (!fnd) 1712 continue; 1713 return (inp); 1714 } 1715 SCTP_INP_RUNLOCK(inp); 1716 } 1717 switch (nam->sa_family) { 1718#ifdef INET 1719 case AF_INET: 1720 if (sin->sin_addr.s_addr == INADDR_ANY) { 1721 /* Can't hunt for one that has no address specified */ 1722 return (NULL); 1723 } 1724 break; 1725#endif 1726#ifdef INET6 1727 case AF_INET6: 1728 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1729 /* Can't hunt for one that has no address specified */ 1730 return (NULL); 1731 } 1732 break; 1733#endif 1734 default: 1735 break; 1736 } 1737 /* 1738 * ok, not bound to all so see if we can find a EP bound to this 1739 * address. 1740 */ 1741 LIST_FOREACH(inp, head, sctp_hash) { 1742 SCTP_INP_RLOCK(inp); 1743 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 1744 SCTP_INP_RUNLOCK(inp); 1745 continue; 1746 } 1747 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL)) { 1748 SCTP_INP_RUNLOCK(inp); 1749 continue; 1750 } 1751 /* 1752 * Ok this could be a likely candidate, look at all of its 1753 * addresses 1754 */ 1755 if (inp->sctp_lport != lport) { 1756 SCTP_INP_RUNLOCK(inp); 1757 continue; 1758 } 1759 /* does a VRF id match? */ 1760 fnd = 0; 1761 if (inp->def_vrf_id == vrf_id) 1762 fnd = 1; 1763 1764 if (!fnd) { 1765 SCTP_INP_RUNLOCK(inp); 1766 continue; 1767 } 1768 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 1769 if (laddr->ifa == NULL) { 1770 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n", 1771 __func__); 1772 continue; 1773 } 1774 SCTPDBG(SCTP_DEBUG_PCB1, "Ok laddr->ifa:%p is possible, ", 1775 (void *)laddr->ifa); 1776 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) { 1777 SCTPDBG(SCTP_DEBUG_PCB1, "Huh IFA being deleted\n"); 1778 continue; 1779 } 1780 if (laddr->ifa->address.sa.sa_family == nam->sa_family) { 1781 /* possible, see if it matches */ 1782 switch (nam->sa_family) { 1783#ifdef INET 1784 case AF_INET: 1785 if (sin->sin_addr.s_addr == 1786 laddr->ifa->address.sin.sin_addr.s_addr) { 1787 SCTP_INP_RUNLOCK(inp); 1788 return (inp); 1789 } 1790 break; 1791#endif 1792#ifdef INET6 1793 case AF_INET6: 1794 intf_addr6 = &laddr->ifa->address.sin6; 1795 if (SCTP6_ARE_ADDR_EQUAL(sin6, 1796 intf_addr6)) { 1797 SCTP_INP_RUNLOCK(inp); 1798 return (inp); 1799 } 1800 break; 1801#endif 1802 } 1803 } 1804 } 1805 SCTP_INP_RUNLOCK(inp); 1806 } 1807 return (NULL); 1808} 1809 1810 1811static struct sctp_inpcb * 1812sctp_isport_inuse(struct sctp_inpcb *inp, uint16_t lport, uint32_t vrf_id) 1813{ 1814 struct sctppcbhead *head; 1815 struct sctp_inpcb *t_inp; 1816 int fnd; 1817 1818 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport, 1819 SCTP_BASE_INFO(hashmark))]; 1820 LIST_FOREACH(t_inp, head, sctp_hash) { 1821 if (t_inp->sctp_lport != lport) { 1822 continue; 1823 } 1824 /* is it in the VRF in question */ 1825 fnd = 0; 1826 if (t_inp->def_vrf_id == vrf_id) 1827 fnd = 1; 1828 if (!fnd) 1829 continue; 1830 1831 /* This one is in use. */ 1832 /* check the v6/v4 binding issue */ 1833 if ((t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 1834 SCTP_IPV6_V6ONLY(t_inp)) { 1835 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 1836 /* collision in V6 space */ 1837 return (t_inp); 1838 } else { 1839 /* inp is BOUND_V4 no conflict */ 1840 continue; 1841 } 1842 } else if (t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 1843 /* t_inp is bound v4 and v6, conflict always */ 1844 return (t_inp); 1845 } else { 1846 /* t_inp is bound only V4 */ 1847 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 1848 SCTP_IPV6_V6ONLY(inp)) { 1849 /* no conflict */ 1850 continue; 1851 } 1852 /* else fall through to conflict */ 1853 } 1854 return (t_inp); 1855 } 1856 return (NULL); 1857} 1858 1859 1860int 1861sctp_swap_inpcb_for_listen(struct sctp_inpcb *inp) 1862{ 1863 /* For 1-2-1 with port reuse */ 1864 struct sctppcbhead *head; 1865 struct sctp_inpcb *tinp, *ninp; 1866 1867 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_PORTREUSE)) { 1868 /* only works with port reuse on */ 1869 return (-1); 1870 } 1871 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) == 0) { 1872 return (0); 1873 } 1874 SCTP_INP_RUNLOCK(inp); 1875 SCTP_INP_INFO_WLOCK(); 1876 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(inp->sctp_lport, 1877 SCTP_BASE_INFO(hashmark))]; 1878 /* Kick out all non-listeners to the TCP hash */ 1879 LIST_FOREACH_SAFE(tinp, head, sctp_hash, ninp) { 1880 if (tinp->sctp_lport != inp->sctp_lport) { 1881 continue; 1882 } 1883 if (tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 1884 continue; 1885 } 1886 if (tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 1887 continue; 1888 } 1889 if (tinp->sctp_socket->so_qlimit) { 1890 continue; 1891 } 1892 SCTP_INP_WLOCK(tinp); 1893 LIST_REMOVE(tinp, sctp_hash); 1894 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR(tinp->sctp_lport, SCTP_BASE_INFO(hashtcpmark))]; 1895 tinp->sctp_flags |= SCTP_PCB_FLAGS_IN_TCPPOOL; 1896 LIST_INSERT_HEAD(head, tinp, sctp_hash); 1897 SCTP_INP_WUNLOCK(tinp); 1898 } 1899 SCTP_INP_WLOCK(inp); 1900 /* Pull from where he was */ 1901 LIST_REMOVE(inp, sctp_hash); 1902 inp->sctp_flags &= ~SCTP_PCB_FLAGS_IN_TCPPOOL; 1903 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(inp->sctp_lport, SCTP_BASE_INFO(hashmark))]; 1904 LIST_INSERT_HEAD(head, inp, sctp_hash); 1905 SCTP_INP_WUNLOCK(inp); 1906 SCTP_INP_RLOCK(inp); 1907 SCTP_INP_INFO_WUNLOCK(); 1908 return (0); 1909} 1910 1911 1912struct sctp_inpcb * 1913sctp_pcb_findep(struct sockaddr *nam, int find_tcp_pool, int have_lock, 1914 uint32_t vrf_id) 1915{ 1916 /* 1917 * First we check the hash table to see if someone has this port 1918 * bound with just the port. 1919 */ 1920 struct sctp_inpcb *inp; 1921 struct sctppcbhead *head; 1922 int lport; 1923 unsigned int i; 1924#ifdef INET 1925 struct sockaddr_in *sin; 1926#endif 1927#ifdef INET6 1928 struct sockaddr_in6 *sin6; 1929#endif 1930 1931 switch (nam->sa_family) { 1932#ifdef INET 1933 case AF_INET: 1934 sin = (struct sockaddr_in *)nam; 1935 lport = sin->sin_port; 1936 break; 1937#endif 1938#ifdef INET6 1939 case AF_INET6: 1940 sin6 = (struct sockaddr_in6 *)nam; 1941 lport = sin6->sin6_port; 1942 break; 1943#endif 1944 default: 1945 return (NULL); 1946 } 1947 /* 1948 * I could cheat here and just cast to one of the types but we will 1949 * do it right. It also provides the check against an Unsupported 1950 * type too. 1951 */ 1952 /* Find the head of the ALLADDR chain */ 1953 if (have_lock == 0) { 1954 SCTP_INP_INFO_RLOCK(); 1955 } 1956 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport, 1957 SCTP_BASE_INFO(hashmark))]; 1958 inp = sctp_endpoint_probe(nam, head, lport, vrf_id); 1959 1960 /* 1961 * If the TCP model exists it could be that the main listening 1962 * endpoint is gone but there still exists a connected socket for 1963 * this guy. If so we can return the first one that we find. This 1964 * may NOT be the correct one so the caller should be wary on the 1965 * returned INP. Currently the only caller that sets find_tcp_pool 1966 * is in bindx where we are verifying that a user CAN bind the 1967 * address. He either has bound it already, or someone else has, or 1968 * its open to bind, so this is good enough. 1969 */ 1970 if (inp == NULL && find_tcp_pool) { 1971 for (i = 0; i < SCTP_BASE_INFO(hashtcpmark) + 1; i++) { 1972 head = &SCTP_BASE_INFO(sctp_tcpephash)[i]; 1973 inp = sctp_endpoint_probe(nam, head, lport, vrf_id); 1974 if (inp) { 1975 break; 1976 } 1977 } 1978 } 1979 if (inp) { 1980 SCTP_INP_INCR_REF(inp); 1981 } 1982 if (have_lock == 0) { 1983 SCTP_INP_INFO_RUNLOCK(); 1984 } 1985 return (inp); 1986} 1987 1988 1989/* 1990 * Find an association for an endpoint with the pointer to whom you want to 1991 * send to and the endpoint pointer. The address can be IPv4 or IPv6. We may 1992 * need to change the *to to some other struct like a mbuf... 1993 */ 1994struct sctp_tcb * 1995sctp_findassociation_addr_sa(struct sockaddr *from, struct sockaddr *to, 1996 struct sctp_inpcb **inp_p, struct sctp_nets **netp, int find_tcp_pool, 1997 uint32_t vrf_id) 1998{ 1999 struct sctp_inpcb *inp = NULL; 2000 struct sctp_tcb *stcb; 2001 2002 SCTP_INP_INFO_RLOCK(); 2003 if (find_tcp_pool) { 2004 if (inp_p != NULL) { 2005 stcb = sctp_tcb_special_locate(inp_p, from, to, netp, 2006 vrf_id); 2007 } else { 2008 stcb = sctp_tcb_special_locate(&inp, from, to, netp, 2009 vrf_id); 2010 } 2011 if (stcb != NULL) { 2012 SCTP_INP_INFO_RUNLOCK(); 2013 return (stcb); 2014 } 2015 } 2016 inp = sctp_pcb_findep(to, 0, 1, vrf_id); 2017 if (inp_p != NULL) { 2018 *inp_p = inp; 2019 } 2020 SCTP_INP_INFO_RUNLOCK(); 2021 if (inp == NULL) { 2022 return (NULL); 2023 } 2024 /* 2025 * ok, we have an endpoint, now lets find the assoc for it (if any) 2026 * we now place the source address or from in the to of the find 2027 * endpoint call. Since in reality this chain is used from the 2028 * inbound packet side. 2029 */ 2030 if (inp_p != NULL) { 2031 stcb = sctp_findassociation_ep_addr(inp_p, from, netp, to, 2032 NULL); 2033 } else { 2034 stcb = sctp_findassociation_ep_addr(&inp, from, netp, to, 2035 NULL); 2036 } 2037 return (stcb); 2038} 2039 2040 2041/* 2042 * This routine will grub through the mbuf that is a INIT or INIT-ACK and 2043 * find all addresses that the sender has specified in any address list. Each 2044 * address will be used to lookup the TCB and see if one exits. 2045 */ 2046static struct sctp_tcb * 2047sctp_findassociation_special_addr(struct mbuf *m, int offset, 2048 struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp, 2049 struct sockaddr *dst) 2050{ 2051 struct sctp_paramhdr *phdr, param_buf; 2052#if defined(INET) || defined(INET6) 2053 struct sctp_tcb *stcb; 2054 uint16_t ptype; 2055#endif 2056 uint16_t plen; 2057#ifdef INET 2058 struct sockaddr_in sin4; 2059#endif 2060#ifdef INET6 2061 struct sockaddr_in6 sin6; 2062#endif 2063 2064#ifdef INET 2065 memset(&sin4, 0, sizeof(sin4)); 2066 sin4.sin_len = sizeof(sin4); 2067 sin4.sin_family = AF_INET; 2068 sin4.sin_port = sh->src_port; 2069#endif 2070#ifdef INET6 2071 memset(&sin6, 0, sizeof(sin6)); 2072 sin6.sin6_len = sizeof(sin6); 2073 sin6.sin6_family = AF_INET6; 2074 sin6.sin6_port = sh->src_port; 2075#endif 2076 2077 offset += sizeof(struct sctp_init_chunk); 2078 2079 phdr = sctp_get_next_param(m, offset, ¶m_buf, sizeof(param_buf)); 2080 while (phdr != NULL) { 2081 /* now we must see if we want the parameter */ 2082#if defined(INET) || defined(INET6) 2083 ptype = ntohs(phdr->param_type); 2084#endif 2085 plen = ntohs(phdr->param_length); 2086 if (plen == 0) { 2087 break; 2088 } 2089#ifdef INET 2090 if (ptype == SCTP_IPV4_ADDRESS && 2091 plen == sizeof(struct sctp_ipv4addr_param)) { 2092 /* Get the rest of the address */ 2093 struct sctp_ipv4addr_param ip4_param, *p4; 2094 2095 phdr = sctp_get_next_param(m, offset, 2096 (struct sctp_paramhdr *)&ip4_param, sizeof(ip4_param)); 2097 if (phdr == NULL) { 2098 return (NULL); 2099 } 2100 p4 = (struct sctp_ipv4addr_param *)phdr; 2101 memcpy(&sin4.sin_addr, &p4->addr, sizeof(p4->addr)); 2102 /* look it up */ 2103 stcb = sctp_findassociation_ep_addr(inp_p, 2104 (struct sockaddr *)&sin4, netp, dst, NULL); 2105 if (stcb != NULL) { 2106 return (stcb); 2107 } 2108 } 2109#endif 2110#ifdef INET6 2111 if (ptype == SCTP_IPV6_ADDRESS && 2112 plen == sizeof(struct sctp_ipv6addr_param)) { 2113 /* Get the rest of the address */ 2114 struct sctp_ipv6addr_param ip6_param, *p6; 2115 2116 phdr = sctp_get_next_param(m, offset, 2117 (struct sctp_paramhdr *)&ip6_param, sizeof(ip6_param)); 2118 if (phdr == NULL) { 2119 return (NULL); 2120 } 2121 p6 = (struct sctp_ipv6addr_param *)phdr; 2122 memcpy(&sin6.sin6_addr, &p6->addr, sizeof(p6->addr)); 2123 /* look it up */ 2124 stcb = sctp_findassociation_ep_addr(inp_p, 2125 (struct sockaddr *)&sin6, netp, dst, NULL); 2126 if (stcb != NULL) { 2127 return (stcb); 2128 } 2129 } 2130#endif 2131 offset += SCTP_SIZE32(plen); 2132 phdr = sctp_get_next_param(m, offset, ¶m_buf, 2133 sizeof(param_buf)); 2134 } 2135 return (NULL); 2136} 2137 2138static struct sctp_tcb * 2139sctp_findassoc_by_vtag(struct sockaddr *from, struct sockaddr *to, uint32_t vtag, 2140 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint16_t rport, 2141 uint16_t lport, int skip_src_check, uint32_t vrf_id, uint32_t remote_tag) 2142{ 2143 /* 2144 * Use my vtag to hash. If we find it we then verify the source addr 2145 * is in the assoc. If all goes well we save a bit on rec of a 2146 * packet. 2147 */ 2148 struct sctpasochead *head; 2149 struct sctp_nets *net; 2150 struct sctp_tcb *stcb; 2151 2152 SCTP_INP_INFO_RLOCK(); 2153 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(vtag, 2154 SCTP_BASE_INFO(hashasocmark))]; 2155 LIST_FOREACH(stcb, head, sctp_asocs) { 2156 SCTP_INP_RLOCK(stcb->sctp_ep); 2157 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 2158 SCTP_INP_RUNLOCK(stcb->sctp_ep); 2159 continue; 2160 } 2161 if (stcb->sctp_ep->def_vrf_id != vrf_id) { 2162 SCTP_INP_RUNLOCK(stcb->sctp_ep); 2163 continue; 2164 } 2165 SCTP_TCB_LOCK(stcb); 2166 SCTP_INP_RUNLOCK(stcb->sctp_ep); 2167 if (stcb->asoc.my_vtag == vtag) { 2168 /* candidate */ 2169 if (stcb->rport != rport) { 2170 SCTP_TCB_UNLOCK(stcb); 2171 continue; 2172 } 2173 if (stcb->sctp_ep->sctp_lport != lport) { 2174 SCTP_TCB_UNLOCK(stcb); 2175 continue; 2176 } 2177 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 2178 SCTP_TCB_UNLOCK(stcb); 2179 continue; 2180 } 2181 /* RRS:Need toaddr check here */ 2182 if (sctp_does_stcb_own_this_addr(stcb, to) == 0) { 2183 /* Endpoint does not own this address */ 2184 SCTP_TCB_UNLOCK(stcb); 2185 continue; 2186 } 2187 if (remote_tag) { 2188 /* 2189 * If we have both vtags that's all we match 2190 * on 2191 */ 2192 if (stcb->asoc.peer_vtag == remote_tag) { 2193 /* 2194 * If both tags match we consider it 2195 * conclusive and check NO 2196 * source/destination addresses 2197 */ 2198 goto conclusive; 2199 } 2200 } 2201 if (skip_src_check) { 2202 conclusive: 2203 if (from) { 2204 *netp = sctp_findnet(stcb, from); 2205 } else { 2206 *netp = NULL; /* unknown */ 2207 } 2208 if (inp_p) 2209 *inp_p = stcb->sctp_ep; 2210 SCTP_INP_INFO_RUNLOCK(); 2211 return (stcb); 2212 } 2213 net = sctp_findnet(stcb, from); 2214 if (net) { 2215 /* yep its him. */ 2216 *netp = net; 2217 SCTP_STAT_INCR(sctps_vtagexpress); 2218 *inp_p = stcb->sctp_ep; 2219 SCTP_INP_INFO_RUNLOCK(); 2220 return (stcb); 2221 } else { 2222 /* 2223 * not him, this should only happen in rare 2224 * cases so I peg it. 2225 */ 2226 SCTP_STAT_INCR(sctps_vtagbogus); 2227 } 2228 } 2229 SCTP_TCB_UNLOCK(stcb); 2230 } 2231 SCTP_INP_INFO_RUNLOCK(); 2232 return (NULL); 2233} 2234 2235 2236/* 2237 * Find an association with the pointer to the inbound IP packet. This can be 2238 * a IPv4 or IPv6 packet. 2239 */ 2240struct sctp_tcb * 2241sctp_findassociation_addr(struct mbuf *m, int offset, 2242 struct sockaddr *src, struct sockaddr *dst, 2243 struct sctphdr *sh, struct sctp_chunkhdr *ch, 2244 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint32_t vrf_id) 2245{ 2246 struct sctp_tcb *stcb; 2247 struct sctp_inpcb *inp; 2248 2249 if (sh->v_tag) { 2250 /* we only go down this path if vtag is non-zero */ 2251 stcb = sctp_findassoc_by_vtag(src, dst, ntohl(sh->v_tag), 2252 inp_p, netp, sh->src_port, sh->dest_port, 0, vrf_id, 0); 2253 if (stcb) { 2254 return (stcb); 2255 } 2256 } 2257 if (inp_p) { 2258 stcb = sctp_findassociation_addr_sa(src, dst, inp_p, netp, 2259 1, vrf_id); 2260 inp = *inp_p; 2261 } else { 2262 stcb = sctp_findassociation_addr_sa(src, dst, &inp, netp, 2263 1, vrf_id); 2264 } 2265 SCTPDBG(SCTP_DEBUG_PCB1, "stcb:%p inp:%p\n", (void *)stcb, (void *)inp); 2266 if (stcb == NULL && inp) { 2267 /* Found a EP but not this address */ 2268 if ((ch->chunk_type == SCTP_INITIATION) || 2269 (ch->chunk_type == SCTP_INITIATION_ACK)) { 2270 /*- 2271 * special hook, we do NOT return linp or an 2272 * association that is linked to an existing 2273 * association that is under the TCP pool (i.e. no 2274 * listener exists). The endpoint finding routine 2275 * will always find a listener before examining the 2276 * TCP pool. 2277 */ 2278 if (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) { 2279 if (inp_p) { 2280 *inp_p = NULL; 2281 } 2282 return (NULL); 2283 } 2284 stcb = sctp_findassociation_special_addr(m, 2285 offset, sh, &inp, netp, dst); 2286 if (inp_p != NULL) { 2287 *inp_p = inp; 2288 } 2289 } 2290 } 2291 SCTPDBG(SCTP_DEBUG_PCB1, "stcb is %p\n", (void *)stcb); 2292 return (stcb); 2293} 2294 2295/* 2296 * lookup an association by an ASCONF lookup address. 2297 * if the lookup address is 0.0.0.0 or ::0, use the vtag to do the lookup 2298 */ 2299struct sctp_tcb * 2300sctp_findassociation_ep_asconf(struct mbuf *m, int offset, 2301 struct sockaddr *dst, struct sctphdr *sh, 2302 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint32_t vrf_id) 2303{ 2304 struct sctp_tcb *stcb; 2305 union sctp_sockstore remote_store; 2306 struct sctp_paramhdr param_buf, *phdr; 2307 int ptype; 2308 int zero_address = 0; 2309#ifdef INET 2310 struct sockaddr_in *sin; 2311#endif 2312#ifdef INET6 2313 struct sockaddr_in6 *sin6; 2314#endif 2315 2316 memset(&remote_store, 0, sizeof(remote_store)); 2317 phdr = sctp_get_next_param(m, offset + sizeof(struct sctp_asconf_chunk), 2318 ¶m_buf, sizeof(struct sctp_paramhdr)); 2319 if (phdr == NULL) { 2320 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf lookup addr\n", 2321 __func__); 2322 return NULL; 2323 } 2324 ptype = (int)((uint32_t)ntohs(phdr->param_type)); 2325 /* get the correlation address */ 2326 switch (ptype) { 2327#ifdef INET6 2328 case SCTP_IPV6_ADDRESS: 2329 { 2330 /* ipv6 address param */ 2331 struct sctp_ipv6addr_param *p6, p6_buf; 2332 2333 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv6addr_param)) { 2334 return NULL; 2335 } 2336 p6 = (struct sctp_ipv6addr_param *)sctp_get_next_param(m, 2337 offset + sizeof(struct sctp_asconf_chunk), 2338 &p6_buf.ph, sizeof(p6_buf)); 2339 if (p6 == NULL) { 2340 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v6 lookup addr\n", 2341 __func__); 2342 return (NULL); 2343 } 2344 sin6 = &remote_store.sin6; 2345 sin6->sin6_family = AF_INET6; 2346 sin6->sin6_len = sizeof(*sin6); 2347 sin6->sin6_port = sh->src_port; 2348 memcpy(&sin6->sin6_addr, &p6->addr, sizeof(struct in6_addr)); 2349 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) 2350 zero_address = 1; 2351 break; 2352 } 2353#endif 2354#ifdef INET 2355 case SCTP_IPV4_ADDRESS: 2356 { 2357 /* ipv4 address param */ 2358 struct sctp_ipv4addr_param *p4, p4_buf; 2359 2360 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv4addr_param)) { 2361 return NULL; 2362 } 2363 p4 = (struct sctp_ipv4addr_param *)sctp_get_next_param(m, 2364 offset + sizeof(struct sctp_asconf_chunk), 2365 &p4_buf.ph, sizeof(p4_buf)); 2366 if (p4 == NULL) { 2367 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v4 lookup addr\n", 2368 __func__); 2369 return (NULL); 2370 } 2371 sin = &remote_store.sin; 2372 sin->sin_family = AF_INET; 2373 sin->sin_len = sizeof(*sin); 2374 sin->sin_port = sh->src_port; 2375 memcpy(&sin->sin_addr, &p4->addr, sizeof(struct in_addr)); 2376 if (sin->sin_addr.s_addr == INADDR_ANY) 2377 zero_address = 1; 2378 break; 2379 } 2380#endif 2381 default: 2382 /* invalid address param type */ 2383 return NULL; 2384 } 2385 2386 if (zero_address) { 2387 stcb = sctp_findassoc_by_vtag(NULL, dst, ntohl(sh->v_tag), inp_p, 2388 netp, sh->src_port, sh->dest_port, 1, vrf_id, 0); 2389 if (stcb != NULL) { 2390 SCTP_INP_DECR_REF(*inp_p); 2391 } 2392 } else { 2393 stcb = sctp_findassociation_ep_addr(inp_p, 2394 &remote_store.sa, netp, 2395 dst, NULL); 2396 } 2397 return (stcb); 2398} 2399 2400 2401/* 2402 * allocate a sctp_inpcb and setup a temporary binding to a port/all 2403 * addresses. This way if we don't get a bind we by default pick a ephemeral 2404 * port with all addresses bound. 2405 */ 2406int 2407sctp_inpcb_alloc(struct socket *so, uint32_t vrf_id) 2408{ 2409 /* 2410 * we get called when a new endpoint starts up. We need to allocate 2411 * the sctp_inpcb structure from the zone and init it. Mark it as 2412 * unbound and find a port that we can use as an ephemeral with 2413 * INADDR_ANY. If the user binds later no problem we can then add in 2414 * the specific addresses. And setup the default parameters for the 2415 * EP. 2416 */ 2417 int i, error; 2418 struct sctp_inpcb *inp; 2419 struct sctp_pcb *m; 2420 struct timeval time; 2421 sctp_sharedkey_t *null_key; 2422 2423 error = 0; 2424 2425 SCTP_INP_INFO_WLOCK(); 2426 inp = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_ep), struct sctp_inpcb); 2427 if (inp == NULL) { 2428 SCTP_PRINTF("Out of SCTP-INPCB structures - no resources\n"); 2429 SCTP_INP_INFO_WUNLOCK(); 2430 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS); 2431 return (ENOBUFS); 2432 } 2433 /* zap it */ 2434 bzero(inp, sizeof(*inp)); 2435 2436 /* bump generations */ 2437 /* setup socket pointers */ 2438 inp->sctp_socket = so; 2439 inp->ip_inp.inp.inp_socket = so; 2440 inp->ip_inp.inp.inp_cred = crhold(so->so_cred); 2441#ifdef INET6 2442 if (INP_SOCKAF(so) == AF_INET6) { 2443 if (MODULE_GLOBAL(ip6_auto_flowlabel)) { 2444 inp->ip_inp.inp.inp_flags |= IN6P_AUTOFLOWLABEL; 2445 } 2446 if (MODULE_GLOBAL(ip6_v6only)) { 2447 inp->ip_inp.inp.inp_flags |= IN6P_IPV6_V6ONLY; 2448 } 2449 } 2450#endif 2451 inp->sctp_associd_counter = 1; 2452 inp->partial_delivery_point = SCTP_SB_LIMIT_RCV(so) >> SCTP_PARTIAL_DELIVERY_SHIFT; 2453 inp->sctp_frag_point = SCTP_DEFAULT_MAXSEGMENT; 2454 inp->max_cwnd = 0; 2455 inp->sctp_cmt_on_off = SCTP_BASE_SYSCTL(sctp_cmt_on_off); 2456 inp->ecn_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_ecn_enable); 2457 inp->prsctp_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_pr_enable); 2458 inp->auth_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_auth_enable); 2459 inp->asconf_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_asconf_enable); 2460 inp->reconfig_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_reconfig_enable); 2461 inp->nrsack_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_nrsack_enable); 2462 inp->pktdrop_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_pktdrop_enable); 2463 inp->idata_supported = 0; 2464 2465 inp->fibnum = so->so_fibnum; 2466 /* init the small hash table we use to track asocid <-> tcb */ 2467 inp->sctp_asocidhash = SCTP_HASH_INIT(SCTP_STACK_VTAG_HASH_SIZE, &inp->hashasocidmark); 2468 if (inp->sctp_asocidhash == NULL) { 2469 crfree(inp->ip_inp.inp.inp_cred); 2470 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); 2471 SCTP_INP_INFO_WUNLOCK(); 2472 return (ENOBUFS); 2473 } 2474 SCTP_INCR_EP_COUNT(); 2475 inp->ip_inp.inp.inp_ip_ttl = MODULE_GLOBAL(ip_defttl); 2476 SCTP_INP_INFO_WUNLOCK(); 2477 2478 so->so_pcb = (caddr_t)inp; 2479 2480 if (SCTP_SO_TYPE(so) == SOCK_SEQPACKET) { 2481 /* UDP style socket */ 2482 inp->sctp_flags = (SCTP_PCB_FLAGS_UDPTYPE | 2483 SCTP_PCB_FLAGS_UNBOUND); 2484 /* Be sure it is NON-BLOCKING IO for UDP */ 2485 /* SCTP_SET_SO_NBIO(so); */ 2486 } else if (SCTP_SO_TYPE(so) == SOCK_STREAM) { 2487 /* TCP style socket */ 2488 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE | 2489 SCTP_PCB_FLAGS_UNBOUND); 2490 /* Be sure we have blocking IO by default */ 2491 SCTP_CLEAR_SO_NBIO(so); 2492 } else { 2493 /* 2494 * unsupported socket type (RAW, etc)- in case we missed it 2495 * in protosw 2496 */ 2497 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EOPNOTSUPP); 2498 so->so_pcb = NULL; 2499 crfree(inp->ip_inp.inp.inp_cred); 2500 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); 2501 return (EOPNOTSUPP); 2502 } 2503 if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_1) { 2504 sctp_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE); 2505 sctp_feature_off(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS); 2506 } else if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_2) { 2507 sctp_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE); 2508 sctp_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS); 2509 } else if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_0) { 2510 sctp_feature_off(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE); 2511 sctp_feature_off(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS); 2512 } 2513 inp->sctp_tcbhash = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_pcbtblsize), 2514 &inp->sctp_hashmark); 2515 if (inp->sctp_tcbhash == NULL) { 2516 SCTP_PRINTF("Out of SCTP-INPCB->hashinit - no resources\n"); 2517 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS); 2518 so->so_pcb = NULL; 2519 crfree(inp->ip_inp.inp.inp_cred); 2520 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); 2521 return (ENOBUFS); 2522 } 2523 inp->def_vrf_id = vrf_id; 2524 2525 SCTP_INP_INFO_WLOCK(); 2526 SCTP_INP_LOCK_INIT(inp); 2527 INP_LOCK_INIT(&inp->ip_inp.inp, "inp", "sctpinp"); 2528 SCTP_INP_READ_INIT(inp); 2529 SCTP_ASOC_CREATE_LOCK_INIT(inp); 2530 /* lock the new ep */ 2531 SCTP_INP_WLOCK(inp); 2532 2533 /* add it to the info area */ 2534 LIST_INSERT_HEAD(&SCTP_BASE_INFO(listhead), inp, sctp_list); 2535 SCTP_INP_INFO_WUNLOCK(); 2536 2537 TAILQ_INIT(&inp->read_queue); 2538 LIST_INIT(&inp->sctp_addr_list); 2539 2540 LIST_INIT(&inp->sctp_asoc_list); 2541 2542#ifdef SCTP_TRACK_FREED_ASOCS 2543 /* TEMP CODE */ 2544 LIST_INIT(&inp->sctp_asoc_free_list); 2545#endif 2546 /* Init the timer structure for signature change */ 2547 SCTP_OS_TIMER_INIT(&inp->sctp_ep.signature_change.timer); 2548 inp->sctp_ep.signature_change.type = SCTP_TIMER_TYPE_NEWCOOKIE; 2549 2550 /* now init the actual endpoint default data */ 2551 m = &inp->sctp_ep; 2552 2553 /* setup the base timeout information */ 2554 m->sctp_timeoutticks[SCTP_TIMER_SEND] = SEC_TO_TICKS(SCTP_SEND_SEC); /* needed ? */ 2555 m->sctp_timeoutticks[SCTP_TIMER_INIT] = SEC_TO_TICKS(SCTP_INIT_SEC); /* needed ? */ 2556 m->sctp_timeoutticks[SCTP_TIMER_RECV] = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_delayed_sack_time_default)); 2557 m->sctp_timeoutticks[SCTP_TIMER_HEARTBEAT] = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_heartbeat_interval_default)); 2558 m->sctp_timeoutticks[SCTP_TIMER_PMTU] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_pmtu_raise_time_default)); 2559 m->sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_shutdown_guard_time_default)); 2560 m->sctp_timeoutticks[SCTP_TIMER_SIGNATURE] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_secret_lifetime_default)); 2561 /* all max/min max are in ms */ 2562 m->sctp_maxrto = SCTP_BASE_SYSCTL(sctp_rto_max_default); 2563 m->sctp_minrto = SCTP_BASE_SYSCTL(sctp_rto_min_default); 2564 m->initial_rto = SCTP_BASE_SYSCTL(sctp_rto_initial_default); 2565 m->initial_init_rto_max = SCTP_BASE_SYSCTL(sctp_init_rto_max_default); 2566 m->sctp_sack_freq = SCTP_BASE_SYSCTL(sctp_sack_freq_default); 2567 m->max_init_times = SCTP_BASE_SYSCTL(sctp_init_rtx_max_default); 2568 m->max_send_times = SCTP_BASE_SYSCTL(sctp_assoc_rtx_max_default); 2569 m->def_net_failure = SCTP_BASE_SYSCTL(sctp_path_rtx_max_default); 2570 m->def_net_pf_threshold = SCTP_BASE_SYSCTL(sctp_path_pf_threshold); 2571 m->sctp_sws_sender = SCTP_SWS_SENDER_DEF; 2572 m->sctp_sws_receiver = SCTP_SWS_RECEIVER_DEF; 2573 m->max_burst = SCTP_BASE_SYSCTL(sctp_max_burst_default); 2574 m->fr_max_burst = SCTP_BASE_SYSCTL(sctp_fr_max_burst_default); 2575 2576 m->sctp_default_cc_module = SCTP_BASE_SYSCTL(sctp_default_cc_module); 2577 m->sctp_default_ss_module = SCTP_BASE_SYSCTL(sctp_default_ss_module); 2578 m->max_open_streams_intome = SCTP_BASE_SYSCTL(sctp_nr_incoming_streams_default); 2579 /* number of streams to pre-open on a association */ 2580 m->pre_open_stream_count = SCTP_BASE_SYSCTL(sctp_nr_outgoing_streams_default); 2581 2582 /* Add adaptation cookie */ 2583 m->adaptation_layer_indicator = 0; 2584 m->adaptation_layer_indicator_provided = 0; 2585 2586 /* seed random number generator */ 2587 m->random_counter = 1; 2588 m->store_at = SCTP_SIGNATURE_SIZE; 2589 SCTP_READ_RANDOM(m->random_numbers, sizeof(m->random_numbers)); 2590 sctp_fill_random_store(m); 2591 2592 /* Minimum cookie size */ 2593 m->size_of_a_cookie = (sizeof(struct sctp_init_msg) * 2) + 2594 sizeof(struct sctp_state_cookie); 2595 m->size_of_a_cookie += SCTP_SIGNATURE_SIZE; 2596 2597 /* Setup the initial secret */ 2598 (void)SCTP_GETTIME_TIMEVAL(&time); 2599 m->time_of_secret_change = time.tv_sec; 2600 2601 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) { 2602 m->secret_key[0][i] = sctp_select_initial_TSN(m); 2603 } 2604 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL); 2605 2606 /* How long is a cookie good for ? */ 2607 m->def_cookie_life = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_valid_cookie_life_default)); 2608 /* 2609 * Initialize authentication parameters 2610 */ 2611 m->local_hmacs = sctp_default_supported_hmaclist(); 2612 m->local_auth_chunks = sctp_alloc_chunklist(); 2613 if (inp->asconf_supported) { 2614 sctp_auth_add_chunk(SCTP_ASCONF, m->local_auth_chunks); 2615 sctp_auth_add_chunk(SCTP_ASCONF_ACK, m->local_auth_chunks); 2616 } 2617 m->default_dscp = 0; 2618#ifdef INET6 2619 m->default_flowlabel = 0; 2620#endif 2621 m->port = 0; /* encapsulation disabled by default */ 2622 LIST_INIT(&m->shared_keys); 2623 /* add default NULL key as key id 0 */ 2624 null_key = sctp_alloc_sharedkey(); 2625 sctp_insert_sharedkey(&m->shared_keys, null_key); 2626 SCTP_INP_WUNLOCK(inp); 2627#ifdef SCTP_LOG_CLOSING 2628 sctp_log_closing(inp, NULL, 12); 2629#endif 2630 return (error); 2631} 2632 2633 2634void 2635sctp_move_pcb_and_assoc(struct sctp_inpcb *old_inp, struct sctp_inpcb *new_inp, 2636 struct sctp_tcb *stcb) 2637{ 2638 struct sctp_nets *net; 2639 uint16_t lport, rport; 2640 struct sctppcbhead *head; 2641 struct sctp_laddr *laddr, *oladdr; 2642 2643 atomic_add_int(&stcb->asoc.refcnt, 1); 2644 SCTP_TCB_UNLOCK(stcb); 2645 SCTP_INP_INFO_WLOCK(); 2646 SCTP_INP_WLOCK(old_inp); 2647 SCTP_INP_WLOCK(new_inp); 2648 SCTP_TCB_LOCK(stcb); 2649 atomic_subtract_int(&stcb->asoc.refcnt, 1); 2650 2651 new_inp->sctp_ep.time_of_secret_change = 2652 old_inp->sctp_ep.time_of_secret_change; 2653 memcpy(new_inp->sctp_ep.secret_key, old_inp->sctp_ep.secret_key, 2654 sizeof(old_inp->sctp_ep.secret_key)); 2655 new_inp->sctp_ep.current_secret_number = 2656 old_inp->sctp_ep.current_secret_number; 2657 new_inp->sctp_ep.last_secret_number = 2658 old_inp->sctp_ep.last_secret_number; 2659 new_inp->sctp_ep.size_of_a_cookie = old_inp->sctp_ep.size_of_a_cookie; 2660 2661 /* make it so new data pours into the new socket */ 2662 stcb->sctp_socket = new_inp->sctp_socket; 2663 stcb->sctp_ep = new_inp; 2664 2665 /* Copy the port across */ 2666 lport = new_inp->sctp_lport = old_inp->sctp_lport; 2667 rport = stcb->rport; 2668 /* Pull the tcb from the old association */ 2669 LIST_REMOVE(stcb, sctp_tcbhash); 2670 LIST_REMOVE(stcb, sctp_tcblist); 2671 if (stcb->asoc.in_asocid_hash) { 2672 LIST_REMOVE(stcb, sctp_tcbasocidhash); 2673 } 2674 /* Now insert the new_inp into the TCP connected hash */ 2675 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR((lport | rport), SCTP_BASE_INFO(hashtcpmark))]; 2676 2677 LIST_INSERT_HEAD(head, new_inp, sctp_hash); 2678 /* Its safe to access */ 2679 new_inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND; 2680 2681 /* Now move the tcb into the endpoint list */ 2682 LIST_INSERT_HEAD(&new_inp->sctp_asoc_list, stcb, sctp_tcblist); 2683 /* 2684 * Question, do we even need to worry about the ep-hash since we 2685 * only have one connection? Probably not :> so lets get rid of it 2686 * and not suck up any kernel memory in that. 2687 */ 2688 if (stcb->asoc.in_asocid_hash) { 2689 struct sctpasochead *lhd; 2690 2691 lhd = &new_inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(stcb->asoc.assoc_id, 2692 new_inp->hashasocidmark)]; 2693 LIST_INSERT_HEAD(lhd, stcb, sctp_tcbasocidhash); 2694 } 2695 /* Ok. Let's restart timer. */ 2696 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 2697 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, new_inp, 2698 stcb, net); 2699 } 2700 2701 SCTP_INP_INFO_WUNLOCK(); 2702 if (new_inp->sctp_tcbhash != NULL) { 2703 SCTP_HASH_FREE(new_inp->sctp_tcbhash, new_inp->sctp_hashmark); 2704 new_inp->sctp_tcbhash = NULL; 2705 } 2706 if ((new_inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) { 2707 /* Subset bound, so copy in the laddr list from the old_inp */ 2708 LIST_FOREACH(oladdr, &old_inp->sctp_addr_list, sctp_nxt_addr) { 2709 laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 2710 if (laddr == NULL) { 2711 /* 2712 * Gak, what can we do? This assoc is really 2713 * HOSED. We probably should send an abort 2714 * here. 2715 */ 2716 SCTPDBG(SCTP_DEBUG_PCB1, "Association hosed in TCP model, out of laddr memory\n"); 2717 continue; 2718 } 2719 SCTP_INCR_LADDR_COUNT(); 2720 bzero(laddr, sizeof(*laddr)); 2721 (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time); 2722 laddr->ifa = oladdr->ifa; 2723 atomic_add_int(&laddr->ifa->refcount, 1); 2724 LIST_INSERT_HEAD(&new_inp->sctp_addr_list, laddr, 2725 sctp_nxt_addr); 2726 new_inp->laddr_count++; 2727 if (oladdr == stcb->asoc.last_used_address) { 2728 stcb->asoc.last_used_address = laddr; 2729 } 2730 } 2731 } 2732 /* 2733 * Now any running timers need to be adjusted since we really don't 2734 * care if they are running or not just blast in the new_inp into 2735 * all of them. 2736 */ 2737 2738 stcb->asoc.dack_timer.ep = (void *)new_inp; 2739 stcb->asoc.asconf_timer.ep = (void *)new_inp; 2740 stcb->asoc.strreset_timer.ep = (void *)new_inp; 2741 stcb->asoc.shut_guard_timer.ep = (void *)new_inp; 2742 stcb->asoc.autoclose_timer.ep = (void *)new_inp; 2743 stcb->asoc.delayed_event_timer.ep = (void *)new_inp; 2744 stcb->asoc.delete_prim_timer.ep = (void *)new_inp; 2745 /* now what about the nets? */ 2746 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 2747 net->pmtu_timer.ep = (void *)new_inp; 2748 net->hb_timer.ep = (void *)new_inp; 2749 net->rxt_timer.ep = (void *)new_inp; 2750 } 2751 SCTP_INP_WUNLOCK(new_inp); 2752 SCTP_INP_WUNLOCK(old_inp); 2753} 2754 2755/* 2756 * insert an laddr entry with the given ifa for the desired list 2757 */ 2758static int 2759sctp_insert_laddr(struct sctpladdr *list, struct sctp_ifa *ifa, uint32_t act) 2760{ 2761 struct sctp_laddr *laddr; 2762 2763 laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 2764 if (laddr == NULL) { 2765 /* out of memory? */ 2766 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 2767 return (EINVAL); 2768 } 2769 SCTP_INCR_LADDR_COUNT(); 2770 bzero(laddr, sizeof(*laddr)); 2771 (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time); 2772 laddr->ifa = ifa; 2773 laddr->action = act; 2774 atomic_add_int(&ifa->refcount, 1); 2775 /* insert it */ 2776 LIST_INSERT_HEAD(list, laddr, sctp_nxt_addr); 2777 2778 return (0); 2779} 2780 2781/* 2782 * Remove an laddr entry from the local address list (on an assoc) 2783 */ 2784static void 2785sctp_remove_laddr(struct sctp_laddr *laddr) 2786{ 2787 2788 /* remove from the list */ 2789 LIST_REMOVE(laddr, sctp_nxt_addr); 2790 sctp_free_ifa(laddr->ifa); 2791 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), laddr); 2792 SCTP_DECR_LADDR_COUNT(); 2793} 2794 2795 2796 2797/* sctp_ifap is used to bypass normal local address validation checks */ 2798int 2799sctp_inpcb_bind(struct socket *so, struct sockaddr *addr, 2800 struct sctp_ifa *sctp_ifap, struct thread *p) 2801{ 2802 /* bind a ep to a socket address */ 2803 struct sctppcbhead *head; 2804 struct sctp_inpcb *inp, *inp_tmp; 2805 struct inpcb *ip_inp; 2806 int port_reuse_active = 0; 2807 int bindall; 2808 uint16_t lport; 2809 int error; 2810 uint32_t vrf_id; 2811 2812 lport = 0; 2813 bindall = 1; 2814 inp = (struct sctp_inpcb *)so->so_pcb; 2815 ip_inp = (struct inpcb *)so->so_pcb; 2816#ifdef SCTP_DEBUG 2817 if (addr) { 2818 SCTPDBG(SCTP_DEBUG_PCB1, "Bind called port: %d\n", 2819 ntohs(((struct sockaddr_in *)addr)->sin_port)); 2820 SCTPDBG(SCTP_DEBUG_PCB1, "Addr: "); 2821 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, addr); 2822 } 2823#endif 2824 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) == 0) { 2825 /* already did a bind, subsequent binds NOT allowed ! */ 2826 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 2827 return (EINVAL); 2828 } 2829#ifdef INVARIANTS 2830 if (p == NULL) 2831 panic("null proc/thread"); 2832#endif 2833 if (addr != NULL) { 2834 switch (addr->sa_family) { 2835#ifdef INET 2836 case AF_INET: 2837 { 2838 struct sockaddr_in *sin; 2839 2840 /* IPV6_V6ONLY socket? */ 2841 if (SCTP_IPV6_V6ONLY(ip_inp)) { 2842 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 2843 return (EINVAL); 2844 } 2845 if (addr->sa_len != sizeof(*sin)) { 2846 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 2847 return (EINVAL); 2848 } 2849 sin = (struct sockaddr_in *)addr; 2850 lport = sin->sin_port; 2851 /* 2852 * For LOOPBACK the prison_local_ip4() call 2853 * will transmute the ip address to the 2854 * proper value. 2855 */ 2856 if (p && (error = prison_local_ip4(p->td_ucred, &sin->sin_addr)) != 0) { 2857 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error); 2858 return (error); 2859 } 2860 if (sin->sin_addr.s_addr != INADDR_ANY) { 2861 bindall = 0; 2862 } 2863 break; 2864 } 2865#endif 2866#ifdef INET6 2867 case AF_INET6: 2868 { 2869 /* 2870 * Only for pure IPv6 Address. (No IPv4 2871 * Mapped!) 2872 */ 2873 struct sockaddr_in6 *sin6; 2874 2875 sin6 = (struct sockaddr_in6 *)addr; 2876 2877 if (addr->sa_len != sizeof(*sin6)) { 2878 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 2879 return (EINVAL); 2880 } 2881 lport = sin6->sin6_port; 2882 /* 2883 * For LOOPBACK the prison_local_ip6() call 2884 * will transmute the ipv6 address to the 2885 * proper value. 2886 */ 2887 if (p && (error = prison_local_ip6(p->td_ucred, &sin6->sin6_addr, 2888 (SCTP_IPV6_V6ONLY(inp) != 0))) != 0) { 2889 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error); 2890 return (error); 2891 } 2892 if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 2893 bindall = 0; 2894 /* KAME hack: embed scopeid */ 2895 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 2896 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 2897 return (EINVAL); 2898 } 2899 } 2900 /* this must be cleared for ifa_ifwithaddr() */ 2901 sin6->sin6_scope_id = 0; 2902 break; 2903 } 2904#endif 2905 default: 2906 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EAFNOSUPPORT); 2907 return (EAFNOSUPPORT); 2908 } 2909 } 2910 SCTP_INP_INFO_WLOCK(); 2911 SCTP_INP_WLOCK(inp); 2912 /* Setup a vrf_id to be the default for the non-bind-all case. */ 2913 vrf_id = inp->def_vrf_id; 2914 2915 /* increase our count due to the unlock we do */ 2916 SCTP_INP_INCR_REF(inp); 2917 if (lport) { 2918 /* 2919 * Did the caller specify a port? if so we must see if an ep 2920 * already has this one bound. 2921 */ 2922 /* got to be root to get at low ports */ 2923 if (ntohs(lport) < IPPORT_RESERVED) { 2924 if (p && (error = 2925 priv_check(p, PRIV_NETINET_RESERVEDPORT) 2926 )) { 2927 SCTP_INP_DECR_REF(inp); 2928 SCTP_INP_WUNLOCK(inp); 2929 SCTP_INP_INFO_WUNLOCK(); 2930 return (error); 2931 } 2932 } 2933 SCTP_INP_WUNLOCK(inp); 2934 if (bindall) { 2935 vrf_id = inp->def_vrf_id; 2936 inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id); 2937 if (inp_tmp != NULL) { 2938 /* 2939 * lock guy returned and lower count note 2940 * that we are not bound so inp_tmp should 2941 * NEVER be inp. And it is this inp 2942 * (inp_tmp) that gets the reference bump, 2943 * so we must lower it. 2944 */ 2945 SCTP_INP_DECR_REF(inp_tmp); 2946 /* unlock info */ 2947 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) && 2948 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) { 2949 /* 2950 * Ok, must be one-2-one and 2951 * allowing port re-use 2952 */ 2953 port_reuse_active = 1; 2954 goto continue_anyway; 2955 } 2956 SCTP_INP_DECR_REF(inp); 2957 SCTP_INP_INFO_WUNLOCK(); 2958 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE); 2959 return (EADDRINUSE); 2960 } 2961 } else { 2962 inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id); 2963 if (inp_tmp != NULL) { 2964 /* 2965 * lock guy returned and lower count note 2966 * that we are not bound so inp_tmp should 2967 * NEVER be inp. And it is this inp 2968 * (inp_tmp) that gets the reference bump, 2969 * so we must lower it. 2970 */ 2971 SCTP_INP_DECR_REF(inp_tmp); 2972 /* unlock info */ 2973 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) && 2974 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) { 2975 /* 2976 * Ok, must be one-2-one and 2977 * allowing port re-use 2978 */ 2979 port_reuse_active = 1; 2980 goto continue_anyway; 2981 } 2982 SCTP_INP_DECR_REF(inp); 2983 SCTP_INP_INFO_WUNLOCK(); 2984 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE); 2985 return (EADDRINUSE); 2986 } 2987 } 2988continue_anyway: 2989 SCTP_INP_WLOCK(inp); 2990 if (bindall) { 2991 /* verify that no lport is not used by a singleton */ 2992 if ((port_reuse_active == 0) && 2993 (inp_tmp = sctp_isport_inuse(inp, lport, vrf_id))) { 2994 /* Sorry someone already has this one bound */ 2995 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) && 2996 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) { 2997 port_reuse_active = 1; 2998 } else { 2999 SCTP_INP_DECR_REF(inp); 3000 SCTP_INP_WUNLOCK(inp); 3001 SCTP_INP_INFO_WUNLOCK(); 3002 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE); 3003 return (EADDRINUSE); 3004 } 3005 } 3006 } 3007 } else { 3008 uint16_t first, last, candidate; 3009 uint16_t count; 3010 int done; 3011 3012 if (ip_inp->inp_flags & INP_HIGHPORT) { 3013 first = MODULE_GLOBAL(ipport_hifirstauto); 3014 last = MODULE_GLOBAL(ipport_hilastauto); 3015 } else if (ip_inp->inp_flags & INP_LOWPORT) { 3016 if (p && (error = 3017 priv_check(p, PRIV_NETINET_RESERVEDPORT) 3018 )) { 3019 SCTP_INP_DECR_REF(inp); 3020 SCTP_INP_WUNLOCK(inp); 3021 SCTP_INP_INFO_WUNLOCK(); 3022 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error); 3023 return (error); 3024 } 3025 first = MODULE_GLOBAL(ipport_lowfirstauto); 3026 last = MODULE_GLOBAL(ipport_lowlastauto); 3027 } else { 3028 first = MODULE_GLOBAL(ipport_firstauto); 3029 last = MODULE_GLOBAL(ipport_lastauto); 3030 } 3031 if (first > last) { 3032 uint16_t temp; 3033 3034 temp = first; 3035 first = last; 3036 last = temp; 3037 } 3038 count = last - first + 1; /* number of candidates */ 3039 candidate = first + sctp_select_initial_TSN(&inp->sctp_ep) % (count); 3040 3041 done = 0; 3042 while (!done) { 3043 if (sctp_isport_inuse(inp, htons(candidate), inp->def_vrf_id) == NULL) { 3044 done = 1; 3045 } 3046 if (!done) { 3047 if (--count == 0) { 3048 SCTP_INP_DECR_REF(inp); 3049 SCTP_INP_WUNLOCK(inp); 3050 SCTP_INP_INFO_WUNLOCK(); 3051 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE); 3052 return (EADDRINUSE); 3053 } 3054 if (candidate == last) 3055 candidate = first; 3056 else 3057 candidate = candidate + 1; 3058 } 3059 } 3060 lport = htons(candidate); 3061 } 3062 SCTP_INP_DECR_REF(inp); 3063 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | 3064 SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 3065 /* 3066 * this really should not happen. The guy did a non-blocking 3067 * bind and then did a close at the same time. 3068 */ 3069 SCTP_INP_WUNLOCK(inp); 3070 SCTP_INP_INFO_WUNLOCK(); 3071 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 3072 return (EINVAL); 3073 } 3074 /* ok we look clear to give out this port, so lets setup the binding */ 3075 if (bindall) { 3076 /* binding to all addresses, so just set in the proper flags */ 3077 inp->sctp_flags |= SCTP_PCB_FLAGS_BOUNDALL; 3078 /* set the automatic addr changes from kernel flag */ 3079 if (SCTP_BASE_SYSCTL(sctp_auto_asconf) == 0) { 3080 sctp_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF); 3081 sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF); 3082 } else { 3083 sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF); 3084 sctp_feature_on(inp, SCTP_PCB_FLAGS_AUTO_ASCONF); 3085 } 3086 if (SCTP_BASE_SYSCTL(sctp_multiple_asconfs) == 0) { 3087 sctp_feature_off(inp, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS); 3088 } else { 3089 sctp_feature_on(inp, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS); 3090 } 3091 /* 3092 * set the automatic mobility_base from kernel flag (by 3093 * micchie) 3094 */ 3095 if (SCTP_BASE_SYSCTL(sctp_mobility_base) == 0) { 3096 sctp_mobility_feature_off(inp, SCTP_MOBILITY_BASE); 3097 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED); 3098 } else { 3099 sctp_mobility_feature_on(inp, SCTP_MOBILITY_BASE); 3100 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED); 3101 } 3102 /* 3103 * set the automatic mobility_fasthandoff from kernel flag 3104 * (by micchie) 3105 */ 3106 if (SCTP_BASE_SYSCTL(sctp_mobility_fasthandoff) == 0) { 3107 sctp_mobility_feature_off(inp, SCTP_MOBILITY_FASTHANDOFF); 3108 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED); 3109 } else { 3110 sctp_mobility_feature_on(inp, SCTP_MOBILITY_FASTHANDOFF); 3111 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED); 3112 } 3113 } else { 3114 /* 3115 * bind specific, make sure flags is off and add a new 3116 * address structure to the sctp_addr_list inside the ep 3117 * structure. 3118 * 3119 * We will need to allocate one and insert it at the head. 3120 * The socketopt call can just insert new addresses in there 3121 * as well. It will also have to do the embed scope kame 3122 * hack too (before adding). 3123 */ 3124 struct sctp_ifa *ifa; 3125 union sctp_sockstore store; 3126 3127 memset(&store, 0, sizeof(store)); 3128 switch (addr->sa_family) { 3129#ifdef INET 3130 case AF_INET: 3131 memcpy(&store.sin, addr, sizeof(struct sockaddr_in)); 3132 store.sin.sin_port = 0; 3133 break; 3134#endif 3135#ifdef INET6 3136 case AF_INET6: 3137 memcpy(&store.sin6, addr, sizeof(struct sockaddr_in6)); 3138 store.sin6.sin6_port = 0; 3139 break; 3140#endif 3141 default: 3142 break; 3143 } 3144 /* 3145 * first find the interface with the bound address need to 3146 * zero out the port to find the address! yuck! can't do 3147 * this earlier since need port for sctp_pcb_findep() 3148 */ 3149 if (sctp_ifap != NULL) { 3150 ifa = sctp_ifap; 3151 } else { 3152 /* 3153 * Note for BSD we hit here always other O/S's will 3154 * pass things in via the sctp_ifap argument 3155 * (Panda). 3156 */ 3157 ifa = sctp_find_ifa_by_addr(&store.sa, 3158 vrf_id, SCTP_ADDR_NOT_LOCKED); 3159 } 3160 if (ifa == NULL) { 3161 /* Can't find an interface with that address */ 3162 SCTP_INP_WUNLOCK(inp); 3163 SCTP_INP_INFO_WUNLOCK(); 3164 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRNOTAVAIL); 3165 return (EADDRNOTAVAIL); 3166 } 3167#ifdef INET6 3168 if (addr->sa_family == AF_INET6) { 3169 /* GAK, more FIXME IFA lock? */ 3170 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 3171 /* Can't bind a non-existent addr. */ 3172 SCTP_INP_WUNLOCK(inp); 3173 SCTP_INP_INFO_WUNLOCK(); 3174 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 3175 return (EINVAL); 3176 } 3177 } 3178#endif 3179 /* we're not bound all */ 3180 inp->sctp_flags &= ~SCTP_PCB_FLAGS_BOUNDALL; 3181 /* allow bindx() to send ASCONF's for binding changes */ 3182 sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF); 3183 /* clear automatic addr changes from kernel flag */ 3184 sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF); 3185 3186 /* add this address to the endpoint list */ 3187 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, 0); 3188 if (error != 0) { 3189 SCTP_INP_WUNLOCK(inp); 3190 SCTP_INP_INFO_WUNLOCK(); 3191 return (error); 3192 } 3193 inp->laddr_count++; 3194 } 3195 /* find the bucket */ 3196 if (port_reuse_active) { 3197 /* Put it into tcp 1-2-1 hash */ 3198 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR(lport, SCTP_BASE_INFO(hashtcpmark))]; 3199 inp->sctp_flags |= SCTP_PCB_FLAGS_IN_TCPPOOL; 3200 } else { 3201 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport, SCTP_BASE_INFO(hashmark))]; 3202 } 3203 /* put it in the bucket */ 3204 LIST_INSERT_HEAD(head, inp, sctp_hash); 3205 SCTPDBG(SCTP_DEBUG_PCB1, "Main hash to bind at head:%p, bound port:%d - in tcp_pool=%d\n", 3206 (void *)head, ntohs(lport), port_reuse_active); 3207 /* set in the port */ 3208 inp->sctp_lport = lport; 3209 3210 /* turn off just the unbound flag */ 3211 inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND; 3212 SCTP_INP_WUNLOCK(inp); 3213 SCTP_INP_INFO_WUNLOCK(); 3214 return (0); 3215} 3216 3217 3218static void 3219sctp_iterator_inp_being_freed(struct sctp_inpcb *inp) 3220{ 3221 struct sctp_iterator *it, *nit; 3222 3223 /* 3224 * We enter with the only the ITERATOR_LOCK in place and a write 3225 * lock on the inp_info stuff. 3226 */ 3227 it = sctp_it_ctl.cur_it; 3228 if (it && (it->vn != curvnet)) { 3229 /* Its not looking at our VNET */ 3230 return; 3231 } 3232 if (it && (it->inp == inp)) { 3233 /* 3234 * This is tricky and we hold the iterator lock, but when it 3235 * returns and gets the lock (when we release it) the 3236 * iterator will try to operate on inp. We need to stop that 3237 * from happening. But of course the iterator has a 3238 * reference on the stcb and inp. We can mark it and it will 3239 * stop. 3240 * 3241 * If its a single iterator situation, we set the end 3242 * iterator flag. Otherwise we set the iterator to go to the 3243 * next inp. 3244 * 3245 */ 3246 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 3247 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_IT; 3248 } else { 3249 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_INP; 3250 } 3251 } 3252 /* 3253 * Now go through and remove any single reference to our inp that 3254 * may be still pending on the list 3255 */ 3256 SCTP_IPI_ITERATOR_WQ_LOCK(); 3257 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) { 3258 if (it->vn != curvnet) { 3259 continue; 3260 } 3261 if (it->inp == inp) { 3262 /* This one points to me is it inp specific? */ 3263 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 3264 /* Remove and free this one */ 3265 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, 3266 it, sctp_nxt_itr); 3267 if (it->function_atend != NULL) { 3268 (*it->function_atend) (it->pointer, it->val); 3269 } 3270 SCTP_FREE(it, SCTP_M_ITER); 3271 } else { 3272 it->inp = LIST_NEXT(it->inp, sctp_list); 3273 if (it->inp) { 3274 SCTP_INP_INCR_REF(it->inp); 3275 } 3276 } 3277 /* 3278 * When its put in the refcnt is incremented so decr 3279 * it 3280 */ 3281 SCTP_INP_DECR_REF(inp); 3282 } 3283 } 3284 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 3285} 3286 3287/* release sctp_inpcb unbind the port */ 3288void 3289sctp_inpcb_free(struct sctp_inpcb *inp, int immediate, int from) 3290{ 3291 /* 3292 * Here we free a endpoint. We must find it (if it is in the Hash 3293 * table) and remove it from there. Then we must also find it in the 3294 * overall list and remove it from there. After all removals are 3295 * complete then any timer has to be stopped. Then start the actual 3296 * freeing. a) Any local lists. b) Any associations. c) The hash of 3297 * all associations. d) finally the ep itself. 3298 */ 3299 struct sctp_tcb *asoc, *nasoc; 3300 struct sctp_laddr *laddr, *nladdr; 3301 struct inpcb *ip_pcb; 3302 struct socket *so; 3303 int being_refed = 0; 3304 struct sctp_queued_to_read *sq, *nsq; 3305 int cnt; 3306 sctp_sharedkey_t *shared_key, *nshared_key; 3307 3308 3309#ifdef SCTP_LOG_CLOSING 3310 sctp_log_closing(inp, NULL, 0); 3311#endif 3312 SCTP_ITERATOR_LOCK(); 3313 /* mark any iterators on the list or being processed */ 3314 sctp_iterator_inp_being_freed(inp); 3315 SCTP_ITERATOR_UNLOCK(); 3316 so = inp->sctp_socket; 3317 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 3318 /* been here before.. eeks.. get out of here */ 3319 SCTP_PRINTF("This conflict in free SHOULD not be happening! from %d, imm %d\n", from, immediate); 3320#ifdef SCTP_LOG_CLOSING 3321 sctp_log_closing(inp, NULL, 1); 3322#endif 3323 return; 3324 } 3325 SCTP_ASOC_CREATE_LOCK(inp); 3326 SCTP_INP_INFO_WLOCK(); 3327 3328 SCTP_INP_WLOCK(inp); 3329 if (from == SCTP_CALLED_AFTER_CMPSET_OFCLOSE) { 3330 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CLOSE_IP; 3331 /* socket is gone, so no more wakeups allowed */ 3332 inp->sctp_flags |= SCTP_PCB_FLAGS_DONT_WAKE; 3333 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEINPUT; 3334 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEOUTPUT; 3335 3336 } 3337 /* First time through we have the socket lock, after that no more. */ 3338 sctp_timer_stop(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL, 3339 SCTP_FROM_SCTP_PCB + SCTP_LOC_1); 3340 3341 if (inp->control) { 3342 sctp_m_freem(inp->control); 3343 inp->control = NULL; 3344 } 3345 if (inp->pkt) { 3346 sctp_m_freem(inp->pkt); 3347 inp->pkt = NULL; 3348 } 3349 ip_pcb = &inp->ip_inp.inp; /* we could just cast the main pointer 3350 * here but I will be nice :> (i.e. 3351 * ip_pcb = ep;) */ 3352 if (immediate == SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE) { 3353 int cnt_in_sd; 3354 3355 cnt_in_sd = 0; 3356 LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_list, sctp_tcblist, nasoc) { 3357 SCTP_TCB_LOCK(asoc); 3358 if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 3359 /* Skip guys being freed */ 3360 cnt_in_sd++; 3361 if (asoc->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE) { 3362 /* 3363 * Special case - we did not start a 3364 * kill timer on the asoc due to it 3365 * was not closed. So go ahead and 3366 * start it now. 3367 */ 3368 asoc->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE; 3369 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, asoc, NULL); 3370 } 3371 SCTP_TCB_UNLOCK(asoc); 3372 continue; 3373 } 3374 if (((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_WAIT) || 3375 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_ECHOED)) && 3376 (asoc->asoc.total_output_queue_size == 0)) { 3377 /* 3378 * If we have data in queue, we don't want 3379 * to just free since the app may have done, 3380 * send()/close or connect/send/close. And 3381 * it wants the data to get across first. 3382 */ 3383 /* Just abandon things in the front states */ 3384 if (sctp_free_assoc(inp, asoc, SCTP_PCBFREE_NOFORCE, 3385 SCTP_FROM_SCTP_PCB + SCTP_LOC_2) == 0) { 3386 cnt_in_sd++; 3387 } 3388 continue; 3389 } 3390 /* Disconnect the socket please */ 3391 asoc->sctp_socket = NULL; 3392 asoc->asoc.state |= SCTP_STATE_CLOSED_SOCKET; 3393 if ((asoc->asoc.size_on_reasm_queue > 0) || 3394 (asoc->asoc.control_pdapi) || 3395 (asoc->asoc.size_on_all_streams > 0) || 3396 (so && (so->so_rcv.sb_cc > 0))) { 3397 /* Left with Data unread */ 3398 struct mbuf *op_err; 3399 3400 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, ""); 3401 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_3; 3402 sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED); 3403 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 3404 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) || 3405 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 3406 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 3407 } 3408 if (sctp_free_assoc(inp, asoc, 3409 SCTP_PCBFREE_NOFORCE, SCTP_FROM_SCTP_PCB + SCTP_LOC_4) == 0) { 3410 cnt_in_sd++; 3411 } 3412 continue; 3413 } else if (TAILQ_EMPTY(&asoc->asoc.send_queue) && 3414 TAILQ_EMPTY(&asoc->asoc.sent_queue) && 3415 (asoc->asoc.stream_queue_cnt == 0)) { 3416 if ((*asoc->asoc.ss_functions.sctp_ss_is_user_msgs_incomplete) (asoc, &asoc->asoc)) { 3417 goto abort_anyway; 3418 } 3419 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_SENT) && 3420 (SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 3421 struct sctp_nets *netp; 3422 3423 /* 3424 * there is nothing queued to send, 3425 * so I send shutdown 3426 */ 3427 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) || 3428 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 3429 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 3430 } 3431 SCTP_SET_STATE(&asoc->asoc, SCTP_STATE_SHUTDOWN_SENT); 3432 SCTP_CLEAR_SUBSTATE(&asoc->asoc, SCTP_STATE_SHUTDOWN_PENDING); 3433 sctp_stop_timers_for_shutdown(asoc); 3434 if (asoc->asoc.alternate) { 3435 netp = asoc->asoc.alternate; 3436 } else { 3437 netp = asoc->asoc.primary_destination; 3438 } 3439 sctp_send_shutdown(asoc, netp); 3440 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, asoc->sctp_ep, asoc, 3441 netp); 3442 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc, 3443 asoc->asoc.primary_destination); 3444 sctp_chunk_output(inp, asoc, SCTP_OUTPUT_FROM_SHUT_TMR, SCTP_SO_LOCKED); 3445 } 3446 } else { 3447 /* mark into shutdown pending */ 3448 asoc->asoc.state |= SCTP_STATE_SHUTDOWN_PENDING; 3449 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc, 3450 asoc->asoc.primary_destination); 3451 if ((*asoc->asoc.ss_functions.sctp_ss_is_user_msgs_incomplete) (asoc, &asoc->asoc)) { 3452 asoc->asoc.state |= SCTP_STATE_PARTIAL_MSG_LEFT; 3453 } 3454 if (TAILQ_EMPTY(&asoc->asoc.send_queue) && 3455 TAILQ_EMPTY(&asoc->asoc.sent_queue) && 3456 (asoc->asoc.state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 3457 struct mbuf *op_err; 3458 3459 abort_anyway: 3460 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, ""); 3461 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_5; 3462 sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED); 3463 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 3464 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) || 3465 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 3466 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 3467 } 3468 if (sctp_free_assoc(inp, asoc, 3469 SCTP_PCBFREE_NOFORCE, 3470 SCTP_FROM_SCTP_PCB + SCTP_LOC_6) == 0) { 3471 cnt_in_sd++; 3472 } 3473 continue; 3474 } else { 3475 sctp_chunk_output(inp, asoc, SCTP_OUTPUT_FROM_CLOSING, SCTP_SO_LOCKED); 3476 } 3477 } 3478 cnt_in_sd++; 3479 SCTP_TCB_UNLOCK(asoc); 3480 } 3481 /* now is there some left in our SHUTDOWN state? */ 3482 if (cnt_in_sd) { 3483#ifdef SCTP_LOG_CLOSING 3484 sctp_log_closing(inp, NULL, 2); 3485#endif 3486 inp->sctp_socket = NULL; 3487 SCTP_INP_WUNLOCK(inp); 3488 SCTP_ASOC_CREATE_UNLOCK(inp); 3489 SCTP_INP_INFO_WUNLOCK(); 3490 return; 3491 } 3492 } 3493 inp->sctp_socket = NULL; 3494 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) != 3495 SCTP_PCB_FLAGS_UNBOUND) { 3496 /* 3497 * ok, this guy has been bound. It's port is somewhere in 3498 * the SCTP_BASE_INFO(hash table). Remove it! 3499 */ 3500 LIST_REMOVE(inp, sctp_hash); 3501 inp->sctp_flags |= SCTP_PCB_FLAGS_UNBOUND; 3502 } 3503 /* 3504 * If there is a timer running to kill us, forget it, since it may 3505 * have a contest on the INP lock.. which would cause us to die ... 3506 */ 3507 cnt = 0; 3508 LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_list, sctp_tcblist, nasoc) { 3509 SCTP_TCB_LOCK(asoc); 3510 if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 3511 if (asoc->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE) { 3512 asoc->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE; 3513 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, asoc, NULL); 3514 } 3515 cnt++; 3516 SCTP_TCB_UNLOCK(asoc); 3517 continue; 3518 } 3519 /* Free associations that are NOT killing us */ 3520 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_COOKIE_WAIT) && 3521 ((asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) { 3522 struct mbuf *op_err; 3523 3524 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, ""); 3525 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_7; 3526 sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED); 3527 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 3528 } else if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 3529 cnt++; 3530 SCTP_TCB_UNLOCK(asoc); 3531 continue; 3532 } 3533 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) || 3534 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 3535 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 3536 } 3537 if (sctp_free_assoc(inp, asoc, SCTP_PCBFREE_FORCE, 3538 SCTP_FROM_SCTP_PCB + SCTP_LOC_8) == 0) { 3539 cnt++; 3540 } 3541 } 3542 if (cnt) { 3543 /* Ok we have someone out there that will kill us */ 3544 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer); 3545#ifdef SCTP_LOG_CLOSING 3546 sctp_log_closing(inp, NULL, 3); 3547#endif 3548 SCTP_INP_WUNLOCK(inp); 3549 SCTP_ASOC_CREATE_UNLOCK(inp); 3550 SCTP_INP_INFO_WUNLOCK(); 3551 return; 3552 } 3553 if (SCTP_INP_LOCK_CONTENDED(inp)) 3554 being_refed++; 3555 if (SCTP_INP_READ_CONTENDED(inp)) 3556 being_refed++; 3557 if (SCTP_ASOC_CREATE_LOCK_CONTENDED(inp)) 3558 being_refed++; 3559 3560 if ((inp->refcount) || 3561 (being_refed) || 3562 (inp->sctp_flags & SCTP_PCB_FLAGS_CLOSE_IP)) { 3563 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer); 3564#ifdef SCTP_LOG_CLOSING 3565 sctp_log_closing(inp, NULL, 4); 3566#endif 3567 sctp_timer_start(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL); 3568 SCTP_INP_WUNLOCK(inp); 3569 SCTP_ASOC_CREATE_UNLOCK(inp); 3570 SCTP_INP_INFO_WUNLOCK(); 3571 return; 3572 } 3573 inp->sctp_ep.signature_change.type = 0; 3574 inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_ALLGONE; 3575 /* 3576 * Remove it from the list .. last thing we need a lock for. 3577 */ 3578 LIST_REMOVE(inp, sctp_list); 3579 SCTP_INP_WUNLOCK(inp); 3580 SCTP_ASOC_CREATE_UNLOCK(inp); 3581 SCTP_INP_INFO_WUNLOCK(); 3582 /* 3583 * Now we release all locks. Since this INP cannot be found anymore 3584 * except possibly by the kill timer that might be running. We call 3585 * the drain function here. It should hit the case were it sees the 3586 * ACTIVE flag cleared and exit out freeing us to proceed and 3587 * destroy everything. 3588 */ 3589 if (from != SCTP_CALLED_FROM_INPKILL_TIMER) { 3590 (void)SCTP_OS_TIMER_STOP_DRAIN(&inp->sctp_ep.signature_change.timer); 3591 } else { 3592 /* Probably un-needed */ 3593 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer); 3594 } 3595 3596#ifdef SCTP_LOG_CLOSING 3597 sctp_log_closing(inp, NULL, 5); 3598#endif 3599 3600 3601 if ((inp->sctp_asocidhash) != NULL) { 3602 SCTP_HASH_FREE(inp->sctp_asocidhash, inp->hashasocidmark); 3603 inp->sctp_asocidhash = NULL; 3604 } 3605 /* sa_ignore FREED_MEMORY */ 3606 TAILQ_FOREACH_SAFE(sq, &inp->read_queue, next, nsq) { 3607 /* Its only abandoned if it had data left */ 3608 if (sq->length) 3609 SCTP_STAT_INCR(sctps_left_abandon); 3610 3611 TAILQ_REMOVE(&inp->read_queue, sq, next); 3612 sctp_free_remote_addr(sq->whoFrom); 3613 if (so) 3614 so->so_rcv.sb_cc -= sq->length; 3615 if (sq->data) { 3616 sctp_m_freem(sq->data); 3617 sq->data = NULL; 3618 } 3619 /* 3620 * no need to free the net count, since at this point all 3621 * assoc's are gone. 3622 */ 3623 sctp_free_a_readq(NULL, sq); 3624 } 3625 /* Now the sctp_pcb things */ 3626 /* 3627 * free each asoc if it is not already closed/free. we can't use the 3628 * macro here since le_next will get freed as part of the 3629 * sctp_free_assoc() call. 3630 */ 3631 if (ip_pcb->inp_options) { 3632 (void)sctp_m_free(ip_pcb->inp_options); 3633 ip_pcb->inp_options = 0; 3634 } 3635#ifdef INET6 3636 if (ip_pcb->inp_vflag & INP_IPV6) { 3637 struct in6pcb *in6p; 3638 3639 in6p = (struct in6pcb *)inp; 3640 ip6_freepcbopts(in6p->in6p_outputopts); 3641 } 3642#endif /* INET6 */ 3643 ip_pcb->inp_vflag = 0; 3644 /* free up authentication fields */ 3645 if (inp->sctp_ep.local_auth_chunks != NULL) 3646 sctp_free_chunklist(inp->sctp_ep.local_auth_chunks); 3647 if (inp->sctp_ep.local_hmacs != NULL) 3648 sctp_free_hmaclist(inp->sctp_ep.local_hmacs); 3649 3650 LIST_FOREACH_SAFE(shared_key, &inp->sctp_ep.shared_keys, next, nshared_key) { 3651 LIST_REMOVE(shared_key, next); 3652 sctp_free_sharedkey(shared_key); 3653 /* sa_ignore FREED_MEMORY */ 3654 } 3655 3656 /* 3657 * if we have an address list the following will free the list of 3658 * ifaddr's that are set into this ep. Again macro limitations here, 3659 * since the LIST_FOREACH could be a bad idea. 3660 */ 3661 LIST_FOREACH_SAFE(laddr, &inp->sctp_addr_list, sctp_nxt_addr, nladdr) { 3662 sctp_remove_laddr(laddr); 3663 } 3664 3665#ifdef SCTP_TRACK_FREED_ASOCS 3666 /* TEMP CODE */ 3667 LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_free_list, sctp_tcblist, nasoc) { 3668 LIST_REMOVE(asoc, sctp_tcblist); 3669 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), asoc); 3670 SCTP_DECR_ASOC_COUNT(); 3671 } 3672 /* *** END TEMP CODE *** */ 3673#endif 3674 /* Now lets see about freeing the EP hash table. */ 3675 if (inp->sctp_tcbhash != NULL) { 3676 SCTP_HASH_FREE(inp->sctp_tcbhash, inp->sctp_hashmark); 3677 inp->sctp_tcbhash = NULL; 3678 } 3679 /* Now we must put the ep memory back into the zone pool */ 3680 crfree(inp->ip_inp.inp.inp_cred); 3681 INP_LOCK_DESTROY(&inp->ip_inp.inp); 3682 SCTP_INP_LOCK_DESTROY(inp); 3683 SCTP_INP_READ_DESTROY(inp); 3684 SCTP_ASOC_CREATE_LOCK_DESTROY(inp); 3685 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); 3686 SCTP_DECR_EP_COUNT(); 3687} 3688 3689 3690struct sctp_nets * 3691sctp_findnet(struct sctp_tcb *stcb, struct sockaddr *addr) 3692{ 3693 struct sctp_nets *net; 3694 3695 /* locate the address */ 3696 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 3697 if (sctp_cmpaddr(addr, (struct sockaddr *)&net->ro._l_addr)) 3698 return (net); 3699 } 3700 return (NULL); 3701} 3702 3703 3704int 3705sctp_is_address_on_local_host(struct sockaddr *addr, uint32_t vrf_id) 3706{ 3707 struct sctp_ifa *sctp_ifa; 3708 3709 sctp_ifa = sctp_find_ifa_by_addr(addr, vrf_id, SCTP_ADDR_NOT_LOCKED); 3710 if (sctp_ifa) { 3711 return (1); 3712 } else { 3713 return (0); 3714 } 3715} 3716 3717/* 3718 * add's a remote endpoint address, done with the INIT/INIT-ACK as well as 3719 * when a ASCONF arrives that adds it. It will also initialize all the cwnd 3720 * stats of stuff. 3721 */ 3722int 3723sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr, 3724 struct sctp_nets **netp, uint16_t port, int set_scope, int from) 3725{ 3726 /* 3727 * The following is redundant to the same lines in the 3728 * sctp_aloc_assoc() but is needed since others call the add address 3729 * function 3730 */ 3731 struct sctp_nets *net, *netfirst; 3732 int addr_inscope; 3733 3734 SCTPDBG(SCTP_DEBUG_PCB1, "Adding an address (from:%d) to the peer: ", 3735 from); 3736 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, newaddr); 3737 3738 netfirst = sctp_findnet(stcb, newaddr); 3739 if (netfirst) { 3740 /* 3741 * Lie and return ok, we don't want to make the association 3742 * go away for this behavior. It will happen in the TCP 3743 * model in a connected socket. It does not reach the hash 3744 * table until after the association is built so it can't be 3745 * found. Mark as reachable, since the initial creation will 3746 * have been cleared and the NOT_IN_ASSOC flag will have 3747 * been added... and we don't want to end up removing it 3748 * back out. 3749 */ 3750 if (netfirst->dest_state & SCTP_ADDR_UNCONFIRMED) { 3751 netfirst->dest_state = (SCTP_ADDR_REACHABLE | 3752 SCTP_ADDR_UNCONFIRMED); 3753 } else { 3754 netfirst->dest_state = SCTP_ADDR_REACHABLE; 3755 } 3756 3757 return (0); 3758 } 3759 addr_inscope = 1; 3760 switch (newaddr->sa_family) { 3761#ifdef INET 3762 case AF_INET: 3763 { 3764 struct sockaddr_in *sin; 3765 3766 sin = (struct sockaddr_in *)newaddr; 3767 if (sin->sin_addr.s_addr == 0) { 3768 /* Invalid address */ 3769 return (-1); 3770 } 3771 /* zero out the bzero area */ 3772 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); 3773 3774 /* assure len is set */ 3775 sin->sin_len = sizeof(struct sockaddr_in); 3776 if (set_scope) { 3777 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 3778 stcb->asoc.scope.ipv4_local_scope = 1; 3779 } 3780 } else { 3781 /* Validate the address is in scope */ 3782 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) && 3783 (stcb->asoc.scope.ipv4_local_scope == 0)) { 3784 addr_inscope = 0; 3785 } 3786 } 3787 break; 3788 } 3789#endif 3790#ifdef INET6 3791 case AF_INET6: 3792 { 3793 struct sockaddr_in6 *sin6; 3794 3795 sin6 = (struct sockaddr_in6 *)newaddr; 3796 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 3797 /* Invalid address */ 3798 return (-1); 3799 } 3800 /* assure len is set */ 3801 sin6->sin6_len = sizeof(struct sockaddr_in6); 3802 if (set_scope) { 3803 if (sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id)) { 3804 stcb->asoc.scope.loopback_scope = 1; 3805 stcb->asoc.scope.local_scope = 0; 3806 stcb->asoc.scope.ipv4_local_scope = 1; 3807 stcb->asoc.scope.site_scope = 1; 3808 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 3809 /* 3810 * If the new destination is a 3811 * LINK_LOCAL we must have common 3812 * site scope. Don't set the local 3813 * scope since we may not share all 3814 * links, only loopback can do this. 3815 * Links on the local network would 3816 * also be on our private network 3817 * for v4 too. 3818 */ 3819 stcb->asoc.scope.ipv4_local_scope = 1; 3820 stcb->asoc.scope.site_scope = 1; 3821 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { 3822 /* 3823 * If the new destination is 3824 * SITE_LOCAL then we must have site 3825 * scope in common. 3826 */ 3827 stcb->asoc.scope.site_scope = 1; 3828 } 3829 } else { 3830 /* Validate the address is in scope */ 3831 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) && 3832 (stcb->asoc.scope.loopback_scope == 0)) { 3833 addr_inscope = 0; 3834 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) && 3835 (stcb->asoc.scope.local_scope == 0)) { 3836 addr_inscope = 0; 3837 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr) && 3838 (stcb->asoc.scope.site_scope == 0)) { 3839 addr_inscope = 0; 3840 } 3841 } 3842 break; 3843 } 3844#endif 3845 default: 3846 /* not supported family type */ 3847 return (-1); 3848 } 3849 net = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_net), struct sctp_nets); 3850 if (net == NULL) { 3851 return (-1); 3852 } 3853 SCTP_INCR_RADDR_COUNT(); 3854 bzero(net, sizeof(struct sctp_nets)); 3855 (void)SCTP_GETTIME_TIMEVAL(&net->start_time); 3856 memcpy(&net->ro._l_addr, newaddr, newaddr->sa_len); 3857 switch (newaddr->sa_family) { 3858#ifdef INET 3859 case AF_INET: 3860 ((struct sockaddr_in *)&net->ro._l_addr)->sin_port = stcb->rport; 3861 break; 3862#endif 3863#ifdef INET6 3864 case AF_INET6: 3865 ((struct sockaddr_in6 *)&net->ro._l_addr)->sin6_port = stcb->rport; 3866 break; 3867#endif 3868 default: 3869 break; 3870 } 3871 net->addr_is_local = sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id); 3872 if (net->addr_is_local && ((set_scope || (from == SCTP_ADDR_IS_CONFIRMED)))) { 3873 stcb->asoc.scope.loopback_scope = 1; 3874 stcb->asoc.scope.ipv4_local_scope = 1; 3875 stcb->asoc.scope.local_scope = 0; 3876 stcb->asoc.scope.site_scope = 1; 3877 addr_inscope = 1; 3878 } 3879 net->failure_threshold = stcb->asoc.def_net_failure; 3880 net->pf_threshold = stcb->asoc.def_net_pf_threshold; 3881 if (addr_inscope == 0) { 3882 net->dest_state = (SCTP_ADDR_REACHABLE | 3883 SCTP_ADDR_OUT_OF_SCOPE); 3884 } else { 3885 if (from == SCTP_ADDR_IS_CONFIRMED) 3886 /* SCTP_ADDR_IS_CONFIRMED is passed by connect_x */ 3887 net->dest_state = SCTP_ADDR_REACHABLE; 3888 else 3889 net->dest_state = SCTP_ADDR_REACHABLE | 3890 SCTP_ADDR_UNCONFIRMED; 3891 } 3892 /* 3893 * We set this to 0, the timer code knows that this means its an 3894 * initial value 3895 */ 3896 net->rto_needed = 1; 3897 net->RTO = 0; 3898 net->RTO_measured = 0; 3899 stcb->asoc.numnets++; 3900 net->ref_count = 1; 3901 net->cwr_window_tsn = net->last_cwr_tsn = stcb->asoc.sending_seq - 1; 3902 net->port = port; 3903 net->dscp = stcb->asoc.default_dscp; 3904#ifdef INET6 3905 net->flowlabel = stcb->asoc.default_flowlabel; 3906#endif 3907 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DONOT_HEARTBEAT)) { 3908 net->dest_state |= SCTP_ADDR_NOHB; 3909 } else { 3910 net->dest_state &= ~SCTP_ADDR_NOHB; 3911 } 3912 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DO_NOT_PMTUD)) { 3913 net->dest_state |= SCTP_ADDR_NO_PMTUD; 3914 } else { 3915 net->dest_state &= ~SCTP_ADDR_NO_PMTUD; 3916 } 3917 net->heart_beat_delay = stcb->asoc.heart_beat_delay; 3918 /* Init the timer structure */ 3919 SCTP_OS_TIMER_INIT(&net->rxt_timer.timer); 3920 SCTP_OS_TIMER_INIT(&net->pmtu_timer.timer); 3921 SCTP_OS_TIMER_INIT(&net->hb_timer.timer); 3922 3923 /* Now generate a route for this guy */ 3924#ifdef INET6 3925 /* KAME hack: embed scopeid */ 3926 if (newaddr->sa_family == AF_INET6) { 3927 struct sockaddr_in6 *sin6; 3928 3929 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 3930 (void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)); 3931 sin6->sin6_scope_id = 0; 3932 } 3933#endif 3934 SCTP_RTALLOC((sctp_route_t *)&net->ro, 3935 stcb->asoc.vrf_id, 3936 stcb->sctp_ep->fibnum); 3937 3938 net->src_addr_selected = 0; 3939 if (SCTP_ROUTE_HAS_VALID_IFN(&net->ro)) { 3940 /* Get source address */ 3941 net->ro._s_addr = sctp_source_address_selection(stcb->sctp_ep, 3942 stcb, 3943 (sctp_route_t *)&net->ro, 3944 net, 3945 0, 3946 stcb->asoc.vrf_id); 3947 if (net->ro._s_addr != NULL) { 3948 uint32_t imtu, rmtu, hcmtu; 3949 3950 net->src_addr_selected = 1; 3951 /* Now get the interface MTU */ 3952 if (net->ro._s_addr->ifn_p != NULL) { 3953 imtu = SCTP_GATHER_MTU_FROM_INTFC(net->ro._s_addr->ifn_p); 3954 } else { 3955 imtu = 0; 3956 } 3957 rmtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, net->ro.ro_rt); 3958 hcmtu = sctp_hc_get_mtu(&net->ro._l_addr, stcb->sctp_ep->fibnum); 3959 net->mtu = sctp_min_mtu(hcmtu, rmtu, imtu); 3960 if (rmtu == 0) { 3961 /* 3962 * Start things off to match mtu of 3963 * interface please. 3964 */ 3965 SCTP_SET_MTU_OF_ROUTE(&net->ro._l_addr.sa, 3966 net->ro.ro_rt, net->mtu); 3967 } 3968 } 3969 } 3970 if (net->mtu == 0) { 3971 switch (newaddr->sa_family) { 3972#ifdef INET 3973 case AF_INET: 3974 net->mtu = SCTP_DEFAULT_MTU; 3975 break; 3976#endif 3977#ifdef INET6 3978 case AF_INET6: 3979 net->mtu = 1280; 3980 break; 3981#endif 3982 default: 3983 break; 3984 } 3985 } 3986#if defined(INET) || defined(INET6) 3987 if (net->port) { 3988 net->mtu -= (uint32_t)sizeof(struct udphdr); 3989 } 3990#endif 3991 if (from == SCTP_ALLOC_ASOC) { 3992 stcb->asoc.smallest_mtu = net->mtu; 3993 } 3994 if (stcb->asoc.smallest_mtu > net->mtu) { 3995 sctp_pathmtu_adjustment(stcb, net->mtu); 3996 } 3997#ifdef INET6 3998 if (newaddr->sa_family == AF_INET6) { 3999 struct sockaddr_in6 *sin6; 4000 4001 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 4002 (void)sa6_recoverscope(sin6); 4003 } 4004#endif 4005 4006 /* JRS - Use the congestion control given in the CC module */ 4007 if (stcb->asoc.cc_functions.sctp_set_initial_cc_param != NULL) 4008 (*stcb->asoc.cc_functions.sctp_set_initial_cc_param) (stcb, net); 4009 4010 /* 4011 * CMT: CUC algo - set find_pseudo_cumack to TRUE (1) at beginning 4012 * of assoc (2005/06/27, iyengar@cis.udel.edu) 4013 */ 4014 net->find_pseudo_cumack = 1; 4015 net->find_rtx_pseudo_cumack = 1; 4016 /* Choose an initial flowid. */ 4017 net->flowid = stcb->asoc.my_vtag ^ 4018 ntohs(stcb->rport) ^ 4019 ntohs(stcb->sctp_ep->sctp_lport); 4020 net->flowtype = M_HASHTYPE_OPAQUE_HASH; 4021 if (netp) { 4022 *netp = net; 4023 } 4024 netfirst = TAILQ_FIRST(&stcb->asoc.nets); 4025 if (net->ro.ro_rt == NULL) { 4026 /* Since we have no route put it at the back */ 4027 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next); 4028 } else if (netfirst == NULL) { 4029 /* We are the first one in the pool. */ 4030 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next); 4031 } else if (netfirst->ro.ro_rt == NULL) { 4032 /* 4033 * First one has NO route. Place this one ahead of the first 4034 * one. 4035 */ 4036 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next); 4037 } else if (net->ro.ro_rt->rt_ifp != netfirst->ro.ro_rt->rt_ifp) { 4038 /* 4039 * This one has a different interface than the one at the 4040 * top of the list. Place it ahead. 4041 */ 4042 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next); 4043 } else { 4044 /* 4045 * Ok we have the same interface as the first one. Move 4046 * forward until we find either a) one with a NULL route... 4047 * insert ahead of that b) one with a different ifp.. insert 4048 * after that. c) end of the list.. insert at the tail. 4049 */ 4050 struct sctp_nets *netlook; 4051 4052 do { 4053 netlook = TAILQ_NEXT(netfirst, sctp_next); 4054 if (netlook == NULL) { 4055 /* End of the list */ 4056 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next); 4057 break; 4058 } else if (netlook->ro.ro_rt == NULL) { 4059 /* next one has NO route */ 4060 TAILQ_INSERT_BEFORE(netfirst, net, sctp_next); 4061 break; 4062 } else if (netlook->ro.ro_rt->rt_ifp != net->ro.ro_rt->rt_ifp) { 4063 TAILQ_INSERT_AFTER(&stcb->asoc.nets, netlook, 4064 net, sctp_next); 4065 break; 4066 } 4067 /* Shift forward */ 4068 netfirst = netlook; 4069 } while (netlook != NULL); 4070 } 4071 4072 /* got to have a primary set */ 4073 if (stcb->asoc.primary_destination == 0) { 4074 stcb->asoc.primary_destination = net; 4075 } else if ((stcb->asoc.primary_destination->ro.ro_rt == NULL) && 4076 (net->ro.ro_rt) && 4077 ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) { 4078 /* No route to current primary adopt new primary */ 4079 stcb->asoc.primary_destination = net; 4080 } 4081 /* Validate primary is first */ 4082 net = TAILQ_FIRST(&stcb->asoc.nets); 4083 if ((net != stcb->asoc.primary_destination) && 4084 (stcb->asoc.primary_destination)) { 4085 /* 4086 * first one on the list is NOT the primary sctp_cmpaddr() 4087 * is much more efficient if the primary is the first on the 4088 * list, make it so. 4089 */ 4090 TAILQ_REMOVE(&stcb->asoc.nets, 4091 stcb->asoc.primary_destination, sctp_next); 4092 TAILQ_INSERT_HEAD(&stcb->asoc.nets, 4093 stcb->asoc.primary_destination, sctp_next); 4094 } 4095 return (0); 4096} 4097 4098 4099static uint32_t 4100sctp_aloc_a_assoc_id(struct sctp_inpcb *inp, struct sctp_tcb *stcb) 4101{ 4102 uint32_t id; 4103 struct sctpasochead *head; 4104 struct sctp_tcb *lstcb; 4105 4106 SCTP_INP_WLOCK(inp); 4107try_again: 4108 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 4109 /* TSNH */ 4110 SCTP_INP_WUNLOCK(inp); 4111 return (0); 4112 } 4113 /* 4114 * We don't allow assoc id to be one of SCTP_FUTURE_ASSOC, 4115 * SCTP_CURRENT_ASSOC and SCTP_ALL_ASSOC. 4116 */ 4117 if (inp->sctp_associd_counter <= SCTP_ALL_ASSOC) { 4118 inp->sctp_associd_counter = SCTP_ALL_ASSOC + 1; 4119 } 4120 id = inp->sctp_associd_counter; 4121 inp->sctp_associd_counter++; 4122 lstcb = sctp_findasoc_ep_asocid_locked(inp, (sctp_assoc_t)id, 0); 4123 if (lstcb) { 4124 goto try_again; 4125 } 4126 head = &inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(id, inp->hashasocidmark)]; 4127 LIST_INSERT_HEAD(head, stcb, sctp_tcbasocidhash); 4128 stcb->asoc.in_asocid_hash = 1; 4129 SCTP_INP_WUNLOCK(inp); 4130 return id; 4131} 4132 4133/* 4134 * allocate an association and add it to the endpoint. The caller must be 4135 * careful to add all additional addresses once they are know right away or 4136 * else the assoc will be may experience a blackout scenario. 4137 */ 4138struct sctp_tcb * 4139sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr, 4140 int *error, uint32_t override_tag, uint32_t vrf_id, 4141 uint16_t o_streams, uint16_t port, 4142 struct thread *p 4143) 4144{ 4145 /* note the p argument is only valid in unbound sockets */ 4146 4147 struct sctp_tcb *stcb; 4148 struct sctp_association *asoc; 4149 struct sctpasochead *head; 4150 uint16_t rport; 4151 int err; 4152 4153 /* 4154 * Assumption made here: Caller has done a 4155 * sctp_findassociation_ep_addr(ep, addr's); to make sure the 4156 * address does not exist already. 4157 */ 4158 if (SCTP_BASE_INFO(ipi_count_asoc) >= SCTP_MAX_NUM_OF_ASOC) { 4159 /* Hit max assoc, sorry no more */ 4160 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS); 4161 *error = ENOBUFS; 4162 return (NULL); 4163 } 4164 if (firstaddr == NULL) { 4165 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4166 *error = EINVAL; 4167 return (NULL); 4168 } 4169 SCTP_INP_RLOCK(inp); 4170 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) && 4171 ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_PORTREUSE)) || 4172 (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) { 4173 /* 4174 * If its in the TCP pool, its NOT allowed to create an 4175 * association. The parent listener needs to call 4176 * sctp_aloc_assoc.. or the one-2-many socket. If a peeled 4177 * off, or connected one does this.. its an error. 4178 */ 4179 SCTP_INP_RUNLOCK(inp); 4180 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4181 *error = EINVAL; 4182 return (NULL); 4183 } 4184 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || 4185 (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)) { 4186 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) || 4187 (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED)) { 4188 SCTP_INP_RUNLOCK(inp); 4189 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4190 *error = EINVAL; 4191 return (NULL); 4192 } 4193 } 4194 SCTPDBG(SCTP_DEBUG_PCB3, "Allocate an association for peer:"); 4195#ifdef SCTP_DEBUG 4196 if (firstaddr) { 4197 SCTPDBG_ADDR(SCTP_DEBUG_PCB3, firstaddr); 4198 switch (firstaddr->sa_family) { 4199#ifdef INET 4200 case AF_INET: 4201 SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n", 4202 ntohs(((struct sockaddr_in *)firstaddr)->sin_port)); 4203 break; 4204#endif 4205#ifdef INET6 4206 case AF_INET6: 4207 SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n", 4208 ntohs(((struct sockaddr_in6 *)firstaddr)->sin6_port)); 4209 break; 4210#endif 4211 default: 4212 break; 4213 } 4214 } else { 4215 SCTPDBG(SCTP_DEBUG_PCB3, "None\n"); 4216 } 4217#endif /* SCTP_DEBUG */ 4218 switch (firstaddr->sa_family) { 4219#ifdef INET 4220 case AF_INET: 4221 { 4222 struct sockaddr_in *sin; 4223 4224 sin = (struct sockaddr_in *)firstaddr; 4225 if ((ntohs(sin->sin_port) == 0) || 4226 (sin->sin_addr.s_addr == INADDR_ANY) || 4227 (sin->sin_addr.s_addr == INADDR_BROADCAST) || 4228 IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { 4229 /* Invalid address */ 4230 SCTP_INP_RUNLOCK(inp); 4231 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4232 *error = EINVAL; 4233 return (NULL); 4234 } 4235 rport = sin->sin_port; 4236 break; 4237 } 4238#endif 4239#ifdef INET6 4240 case AF_INET6: 4241 { 4242 struct sockaddr_in6 *sin6; 4243 4244 sin6 = (struct sockaddr_in6 *)firstaddr; 4245 if ((ntohs(sin6->sin6_port) == 0) || 4246 IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) || 4247 IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 4248 /* Invalid address */ 4249 SCTP_INP_RUNLOCK(inp); 4250 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4251 *error = EINVAL; 4252 return (NULL); 4253 } 4254 rport = sin6->sin6_port; 4255 break; 4256 } 4257#endif 4258 default: 4259 /* not supported family type */ 4260 SCTP_INP_RUNLOCK(inp); 4261 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4262 *error = EINVAL; 4263 return (NULL); 4264 } 4265 SCTP_INP_RUNLOCK(inp); 4266 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) { 4267 /* 4268 * If you have not performed a bind, then we need to do the 4269 * ephemeral bind for you. 4270 */ 4271 if ((err = sctp_inpcb_bind(inp->sctp_socket, 4272 (struct sockaddr *)NULL, 4273 (struct sctp_ifa *)NULL, 4274 p 4275 ))) { 4276 /* bind error, probably perm */ 4277 *error = err; 4278 return (NULL); 4279 } 4280 } 4281 stcb = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_asoc), struct sctp_tcb); 4282 if (stcb == NULL) { 4283 /* out of memory? */ 4284 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM); 4285 *error = ENOMEM; 4286 return (NULL); 4287 } 4288 SCTP_INCR_ASOC_COUNT(); 4289 4290 bzero(stcb, sizeof(*stcb)); 4291 asoc = &stcb->asoc; 4292 4293 asoc->assoc_id = sctp_aloc_a_assoc_id(inp, stcb); 4294 SCTP_TCB_LOCK_INIT(stcb); 4295 SCTP_TCB_SEND_LOCK_INIT(stcb); 4296 stcb->rport = rport; 4297 /* setup back pointer's */ 4298 stcb->sctp_ep = inp; 4299 stcb->sctp_socket = inp->sctp_socket; 4300 if ((err = sctp_init_asoc(inp, stcb, override_tag, vrf_id, o_streams))) { 4301 /* failed */ 4302 SCTP_TCB_LOCK_DESTROY(stcb); 4303 SCTP_TCB_SEND_LOCK_DESTROY(stcb); 4304 LIST_REMOVE(stcb, sctp_tcbasocidhash); 4305 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb); 4306 SCTP_DECR_ASOC_COUNT(); 4307 *error = err; 4308 return (NULL); 4309 } 4310 /* and the port */ 4311 SCTP_INP_INFO_WLOCK(); 4312 SCTP_INP_WLOCK(inp); 4313 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 4314 /* inpcb freed while alloc going on */ 4315 SCTP_TCB_LOCK_DESTROY(stcb); 4316 SCTP_TCB_SEND_LOCK_DESTROY(stcb); 4317 LIST_REMOVE(stcb, sctp_tcbasocidhash); 4318 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb); 4319 SCTP_INP_WUNLOCK(inp); 4320 SCTP_INP_INFO_WUNLOCK(); 4321 SCTP_DECR_ASOC_COUNT(); 4322 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4323 *error = EINVAL; 4324 return (NULL); 4325 } 4326 SCTP_TCB_LOCK(stcb); 4327 4328 /* now that my_vtag is set, add it to the hash */ 4329 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))]; 4330 /* put it in the bucket in the vtag hash of assoc's for the system */ 4331 LIST_INSERT_HEAD(head, stcb, sctp_asocs); 4332 SCTP_INP_INFO_WUNLOCK(); 4333 4334 if ((err = sctp_add_remote_addr(stcb, firstaddr, NULL, port, SCTP_DO_SETSCOPE, SCTP_ALLOC_ASOC))) { 4335 /* failure.. memory error? */ 4336 if (asoc->strmout) { 4337 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 4338 asoc->strmout = NULL; 4339 } 4340 if (asoc->mapping_array) { 4341 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 4342 asoc->mapping_array = NULL; 4343 } 4344 if (asoc->nr_mapping_array) { 4345 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP); 4346 asoc->nr_mapping_array = NULL; 4347 } 4348 SCTP_DECR_ASOC_COUNT(); 4349 SCTP_TCB_UNLOCK(stcb); 4350 SCTP_TCB_LOCK_DESTROY(stcb); 4351 SCTP_TCB_SEND_LOCK_DESTROY(stcb); 4352 LIST_REMOVE(stcb, sctp_tcbasocidhash); 4353 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb); 4354 SCTP_INP_WUNLOCK(inp); 4355 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS); 4356 *error = ENOBUFS; 4357 return (NULL); 4358 } 4359 /* Init all the timers */ 4360 SCTP_OS_TIMER_INIT(&asoc->dack_timer.timer); 4361 SCTP_OS_TIMER_INIT(&asoc->strreset_timer.timer); 4362 SCTP_OS_TIMER_INIT(&asoc->asconf_timer.timer); 4363 SCTP_OS_TIMER_INIT(&asoc->shut_guard_timer.timer); 4364 SCTP_OS_TIMER_INIT(&asoc->autoclose_timer.timer); 4365 SCTP_OS_TIMER_INIT(&asoc->delayed_event_timer.timer); 4366 SCTP_OS_TIMER_INIT(&asoc->delete_prim_timer.timer); 4367 4368 LIST_INSERT_HEAD(&inp->sctp_asoc_list, stcb, sctp_tcblist); 4369 /* now file the port under the hash as well */ 4370 if (inp->sctp_tcbhash != NULL) { 4371 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(stcb->rport, 4372 inp->sctp_hashmark)]; 4373 LIST_INSERT_HEAD(head, stcb, sctp_tcbhash); 4374 } 4375 SCTP_INP_WUNLOCK(inp); 4376 SCTPDBG(SCTP_DEBUG_PCB1, "Association %p now allocated\n", (void *)stcb); 4377 return (stcb); 4378} 4379 4380 4381void 4382sctp_remove_net(struct sctp_tcb *stcb, struct sctp_nets *net) 4383{ 4384 struct sctp_association *asoc; 4385 4386 asoc = &stcb->asoc; 4387 asoc->numnets--; 4388 TAILQ_REMOVE(&asoc->nets, net, sctp_next); 4389 if (net == asoc->primary_destination) { 4390 /* Reset primary */ 4391 struct sctp_nets *lnet; 4392 4393 lnet = TAILQ_FIRST(&asoc->nets); 4394 /* 4395 * Mobility adaptation Ideally, if deleted destination is 4396 * the primary, it becomes a fast retransmission trigger by 4397 * the subsequent SET PRIMARY. (by micchie) 4398 */ 4399 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 4400 SCTP_MOBILITY_BASE) || 4401 sctp_is_mobility_feature_on(stcb->sctp_ep, 4402 SCTP_MOBILITY_FASTHANDOFF)) { 4403 SCTPDBG(SCTP_DEBUG_ASCONF1, "remove_net: primary dst is deleting\n"); 4404 if (asoc->deleted_primary != NULL) { 4405 SCTPDBG(SCTP_DEBUG_ASCONF1, "remove_net: deleted primary may be already stored\n"); 4406 goto out; 4407 } 4408 asoc->deleted_primary = net; 4409 atomic_add_int(&net->ref_count, 1); 4410 memset(&net->lastsa, 0, sizeof(net->lastsa)); 4411 memset(&net->lastsv, 0, sizeof(net->lastsv)); 4412 sctp_mobility_feature_on(stcb->sctp_ep, 4413 SCTP_MOBILITY_PRIM_DELETED); 4414 sctp_timer_start(SCTP_TIMER_TYPE_PRIM_DELETED, 4415 stcb->sctp_ep, stcb, NULL); 4416 } 4417out: 4418 /* Try to find a confirmed primary */ 4419 asoc->primary_destination = sctp_find_alternate_net(stcb, lnet, 0); 4420 } 4421 if (net == asoc->last_data_chunk_from) { 4422 /* Reset primary */ 4423 asoc->last_data_chunk_from = TAILQ_FIRST(&asoc->nets); 4424 } 4425 if (net == asoc->last_control_chunk_from) { 4426 /* Clear net */ 4427 asoc->last_control_chunk_from = NULL; 4428 } 4429 if (net == stcb->asoc.alternate) { 4430 sctp_free_remote_addr(stcb->asoc.alternate); 4431 stcb->asoc.alternate = NULL; 4432 } 4433 sctp_free_remote_addr(net); 4434} 4435 4436/* 4437 * remove a remote endpoint address from an association, it will fail if the 4438 * address does not exist. 4439 */ 4440int 4441sctp_del_remote_addr(struct sctp_tcb *stcb, struct sockaddr *remaddr) 4442{ 4443 /* 4444 * Here we need to remove a remote address. This is quite simple, we 4445 * first find it in the list of address for the association 4446 * (tasoc->asoc.nets) and then if it is there, we do a LIST_REMOVE 4447 * on that item. Note we do not allow it to be removed if there are 4448 * no other addresses. 4449 */ 4450 struct sctp_association *asoc; 4451 struct sctp_nets *net, *nnet; 4452 4453 asoc = &stcb->asoc; 4454 4455 /* locate the address */ 4456 TAILQ_FOREACH_SAFE(net, &asoc->nets, sctp_next, nnet) { 4457 if (net->ro._l_addr.sa.sa_family != remaddr->sa_family) { 4458 continue; 4459 } 4460 if (sctp_cmpaddr((struct sockaddr *)&net->ro._l_addr, 4461 remaddr)) { 4462 /* we found the guy */ 4463 if (asoc->numnets < 2) { 4464 /* Must have at LEAST two remote addresses */ 4465 return (-1); 4466 } else { 4467 sctp_remove_net(stcb, net); 4468 return (0); 4469 } 4470 } 4471 } 4472 /* not found. */ 4473 return (-2); 4474} 4475 4476void 4477sctp_delete_from_timewait(uint32_t tag, uint16_t lport, uint16_t rport) 4478{ 4479 struct sctpvtaghead *chain; 4480 struct sctp_tagblock *twait_block; 4481 int found = 0; 4482 int i; 4483 4484 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)]; 4485 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) { 4486 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) { 4487 if ((twait_block->vtag_block[i].v_tag == tag) && 4488 (twait_block->vtag_block[i].lport == lport) && 4489 (twait_block->vtag_block[i].rport == rport)) { 4490 twait_block->vtag_block[i].tv_sec_at_expire = 0; 4491 twait_block->vtag_block[i].v_tag = 0; 4492 twait_block->vtag_block[i].lport = 0; 4493 twait_block->vtag_block[i].rport = 0; 4494 found = 1; 4495 break; 4496 } 4497 } 4498 if (found) 4499 break; 4500 } 4501} 4502 4503int 4504sctp_is_in_timewait(uint32_t tag, uint16_t lport, uint16_t rport) 4505{ 4506 struct sctpvtaghead *chain; 4507 struct sctp_tagblock *twait_block; 4508 int found = 0; 4509 int i; 4510 4511 SCTP_INP_INFO_WLOCK(); 4512 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)]; 4513 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) { 4514 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) { 4515 if ((twait_block->vtag_block[i].v_tag == tag) && 4516 (twait_block->vtag_block[i].lport == lport) && 4517 (twait_block->vtag_block[i].rport == rport)) { 4518 found = 1; 4519 break; 4520 } 4521 } 4522 if (found) 4523 break; 4524 } 4525 SCTP_INP_INFO_WUNLOCK(); 4526 return (found); 4527} 4528 4529 4530void 4531sctp_add_vtag_to_timewait(uint32_t tag, uint32_t time, uint16_t lport, uint16_t rport) 4532{ 4533 struct sctpvtaghead *chain; 4534 struct sctp_tagblock *twait_block; 4535 struct timeval now; 4536 int set, i; 4537 4538 if (time == 0) { 4539 /* Its disabled */ 4540 return; 4541 } 4542 (void)SCTP_GETTIME_TIMEVAL(&now); 4543 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)]; 4544 set = 0; 4545 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) { 4546 /* Block(s) present, lets find space, and expire on the fly */ 4547 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) { 4548 if ((twait_block->vtag_block[i].v_tag == 0) && 4549 !set) { 4550 twait_block->vtag_block[i].tv_sec_at_expire = 4551 now.tv_sec + time; 4552 twait_block->vtag_block[i].v_tag = tag; 4553 twait_block->vtag_block[i].lport = lport; 4554 twait_block->vtag_block[i].rport = rport; 4555 set = 1; 4556 } else if ((twait_block->vtag_block[i].v_tag) && 4557 ((long)twait_block->vtag_block[i].tv_sec_at_expire < now.tv_sec)) { 4558 /* Audit expires this guy */ 4559 twait_block->vtag_block[i].tv_sec_at_expire = 0; 4560 twait_block->vtag_block[i].v_tag = 0; 4561 twait_block->vtag_block[i].lport = 0; 4562 twait_block->vtag_block[i].rport = 0; 4563 if (set == 0) { 4564 /* Reuse it for my new tag */ 4565 twait_block->vtag_block[i].tv_sec_at_expire = now.tv_sec + time; 4566 twait_block->vtag_block[i].v_tag = tag; 4567 twait_block->vtag_block[i].lport = lport; 4568 twait_block->vtag_block[i].rport = rport; 4569 set = 1; 4570 } 4571 } 4572 } 4573 if (set) { 4574 /* 4575 * We only do up to the block where we can place our 4576 * tag for audits 4577 */ 4578 break; 4579 } 4580 } 4581 /* Need to add a new block to chain */ 4582 if (!set) { 4583 SCTP_MALLOC(twait_block, struct sctp_tagblock *, 4584 sizeof(struct sctp_tagblock), SCTP_M_TIMW); 4585 if (twait_block == NULL) { 4586#ifdef INVARIANTS 4587 panic("Can not alloc tagblock"); 4588#endif 4589 return; 4590 } 4591 memset(twait_block, 0, sizeof(struct sctp_tagblock)); 4592 LIST_INSERT_HEAD(chain, twait_block, sctp_nxt_tagblock); 4593 twait_block->vtag_block[0].tv_sec_at_expire = now.tv_sec + time; 4594 twait_block->vtag_block[0].v_tag = tag; 4595 twait_block->vtag_block[0].lport = lport; 4596 twait_block->vtag_block[0].rport = rport; 4597 } 4598} 4599 4600void 4601sctp_clean_up_stream(struct sctp_tcb *stcb, struct sctp_readhead *rh) 4602{ 4603 struct sctp_tmit_chunk *chk, *nchk; 4604 struct sctp_queued_to_read *ctl, *nctl; 4605 4606 TAILQ_FOREACH_SAFE(ctl, rh, next_instrm, nctl) { 4607 TAILQ_REMOVE(rh, ctl, next_instrm); 4608 ctl->on_strm_q = 0; 4609 if (ctl->on_read_q == 0) { 4610 sctp_free_remote_addr(ctl->whoFrom); 4611 if (ctl->data) { 4612 sctp_m_freem(ctl->data); 4613 ctl->data = NULL; 4614 } 4615 } 4616 /* Reassembly free? */ 4617 TAILQ_FOREACH_SAFE(chk, &ctl->reasm, sctp_next, nchk) { 4618 TAILQ_REMOVE(&ctl->reasm, chk, sctp_next); 4619 if (chk->data) { 4620 sctp_m_freem(chk->data); 4621 chk->data = NULL; 4622 } 4623 if (chk->holds_key_ref) 4624 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); 4625 sctp_free_remote_addr(chk->whoTo); 4626 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); 4627 SCTP_DECR_CHK_COUNT(); 4628 /* sa_ignore FREED_MEMORY */ 4629 } 4630 /* 4631 * We don't free the address here since all the net's were 4632 * freed above. 4633 */ 4634 if (ctl->on_read_q == 0) { 4635 sctp_free_a_readq(stcb, ctl); 4636 } 4637 } 4638} 4639 4640 4641/*- 4642 * Free the association after un-hashing the remote port. This 4643 * function ALWAYS returns holding NO LOCK on the stcb. It DOES 4644 * expect that the input to this function IS a locked TCB. 4645 * It will return 0, if it did NOT destroy the association (instead 4646 * it unlocks it. It will return NON-zero if it either destroyed the 4647 * association OR the association is already destroyed. 4648 */ 4649int 4650sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int from_inpcbfree, int from_location) 4651{ 4652 int i; 4653 struct sctp_association *asoc; 4654 struct sctp_nets *net, *nnet; 4655 struct sctp_laddr *laddr, *naddr; 4656 struct sctp_tmit_chunk *chk, *nchk; 4657 struct sctp_asconf_addr *aparam, *naparam; 4658 struct sctp_asconf_ack *aack, *naack; 4659 struct sctp_stream_reset_list *strrst, *nstrrst; 4660 struct sctp_queued_to_read *sq, *nsq; 4661 struct sctp_stream_queue_pending *sp, *nsp; 4662 sctp_sharedkey_t *shared_key, *nshared_key; 4663 struct socket *so; 4664 4665 /* first, lets purge the entry from the hash table. */ 4666 4667#ifdef SCTP_LOG_CLOSING 4668 sctp_log_closing(inp, stcb, 6); 4669#endif 4670 if (stcb->asoc.state == 0) { 4671#ifdef SCTP_LOG_CLOSING 4672 sctp_log_closing(inp, NULL, 7); 4673#endif 4674 /* there is no asoc, really TSNH :-0 */ 4675 return (1); 4676 } 4677 if (stcb->asoc.alternate) { 4678 sctp_free_remote_addr(stcb->asoc.alternate); 4679 stcb->asoc.alternate = NULL; 4680 } 4681 /* TEMP CODE */ 4682 if (stcb->freed_from_where == 0) { 4683 /* Only record the first place free happened from */ 4684 stcb->freed_from_where = from_location; 4685 } 4686 /* TEMP CODE */ 4687 4688 asoc = &stcb->asoc; 4689 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 4690 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) 4691 /* nothing around */ 4692 so = NULL; 4693 else 4694 so = inp->sctp_socket; 4695 4696 /* 4697 * We used timer based freeing if a reader or writer is in the way. 4698 * So we first check if we are actually being called from a timer, 4699 * if so we abort early if a reader or writer is still in the way. 4700 */ 4701 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) && 4702 (from_inpcbfree == SCTP_NORMAL_PROC)) { 4703 /* 4704 * is it the timer driving us? if so are the reader/writers 4705 * gone? 4706 */ 4707 if (stcb->asoc.refcnt) { 4708 /* nope, reader or writer in the way */ 4709 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL); 4710 /* no asoc destroyed */ 4711 SCTP_TCB_UNLOCK(stcb); 4712#ifdef SCTP_LOG_CLOSING 4713 sctp_log_closing(inp, stcb, 8); 4714#endif 4715 return (0); 4716 } 4717 } 4718 /* now clean up any other timers */ 4719 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer); 4720 asoc->dack_timer.self = NULL; 4721 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer); 4722 /*- 4723 * For stream reset we don't blast this unless 4724 * it is a str-reset timer, it might be the 4725 * free-asoc timer which we DON'T want to 4726 * disturb. 4727 */ 4728 if (asoc->strreset_timer.type == SCTP_TIMER_TYPE_STRRESET) 4729 asoc->strreset_timer.self = NULL; 4730 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer); 4731 asoc->asconf_timer.self = NULL; 4732 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer); 4733 asoc->autoclose_timer.self = NULL; 4734 (void)SCTP_OS_TIMER_STOP(&asoc->shut_guard_timer.timer); 4735 asoc->shut_guard_timer.self = NULL; 4736 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer); 4737 asoc->delayed_event_timer.self = NULL; 4738 /* Mobility adaptation */ 4739 (void)SCTP_OS_TIMER_STOP(&asoc->delete_prim_timer.timer); 4740 asoc->delete_prim_timer.self = NULL; 4741 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 4742 (void)SCTP_OS_TIMER_STOP(&net->rxt_timer.timer); 4743 net->rxt_timer.self = NULL; 4744 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer); 4745 net->pmtu_timer.self = NULL; 4746 (void)SCTP_OS_TIMER_STOP(&net->hb_timer.timer); 4747 net->hb_timer.self = NULL; 4748 } 4749 /* Now the read queue needs to be cleaned up (only once) */ 4750 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0) { 4751 stcb->asoc.state |= SCTP_STATE_ABOUT_TO_BE_FREED; 4752 SCTP_INP_READ_LOCK(inp); 4753 TAILQ_FOREACH(sq, &inp->read_queue, next) { 4754 if (sq->stcb == stcb) { 4755 sq->do_not_ref_stcb = 1; 4756 sq->sinfo_cumtsn = stcb->asoc.cumulative_tsn; 4757 /* 4758 * If there is no end, there never will be 4759 * now. 4760 */ 4761 if (sq->end_added == 0) { 4762 /* Held for PD-API clear that. */ 4763 sq->pdapi_aborted = 1; 4764 sq->held_length = 0; 4765 if (sctp_stcb_is_feature_on(inp, stcb, SCTP_PCB_FLAGS_PDAPIEVNT) && (so != NULL)) { 4766 /* 4767 * Need to add a PD-API 4768 * aborted indication. 4769 * Setting the control_pdapi 4770 * assures that it will be 4771 * added right after this 4772 * msg. 4773 */ 4774 uint32_t strseq; 4775 4776 stcb->asoc.control_pdapi = sq; 4777 strseq = (sq->sinfo_stream << 16) | (sq->mid & 0x0000ffff); 4778 sctp_ulp_notify(SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION, 4779 stcb, 4780 SCTP_PARTIAL_DELIVERY_ABORTED, 4781 (void *)&strseq, 4782 SCTP_SO_LOCKED); 4783 stcb->asoc.control_pdapi = NULL; 4784 } 4785 } 4786 /* Add an end to wake them */ 4787 sq->end_added = 1; 4788 } 4789 } 4790 SCTP_INP_READ_UNLOCK(inp); 4791 if (stcb->block_entry) { 4792 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_PCB, ECONNRESET); 4793 stcb->block_entry->error = ECONNRESET; 4794 stcb->block_entry = NULL; 4795 } 4796 } 4797 if ((stcb->asoc.refcnt) || (stcb->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE)) { 4798 /* 4799 * Someone holds a reference OR the socket is unaccepted 4800 * yet. 4801 */ 4802 if ((stcb->asoc.refcnt) || 4803 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 4804 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { 4805 stcb->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE; 4806 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL); 4807 } 4808 SCTP_TCB_UNLOCK(stcb); 4809 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 4810 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) 4811 /* nothing around */ 4812 so = NULL; 4813 if (so) { 4814 /* Wake any reader/writers */ 4815 sctp_sorwakeup(inp, so); 4816 sctp_sowwakeup(inp, so); 4817 } 4818#ifdef SCTP_LOG_CLOSING 4819 sctp_log_closing(inp, stcb, 9); 4820#endif 4821 /* no asoc destroyed */ 4822 return (0); 4823 } 4824#ifdef SCTP_LOG_CLOSING 4825 sctp_log_closing(inp, stcb, 10); 4826#endif 4827 /* 4828 * When I reach here, no others want to kill the assoc yet.. and I 4829 * own the lock. Now its possible an abort comes in when I do the 4830 * lock exchange below to grab all the locks to do the final take 4831 * out. to prevent this we increment the count, which will start a 4832 * timer and blow out above thus assuring us that we hold exclusive 4833 * killing of the asoc. Note that after getting back the TCB lock we 4834 * will go ahead and increment the counter back up and stop any 4835 * timer a passing stranger may have started :-S 4836 */ 4837 if (from_inpcbfree == SCTP_NORMAL_PROC) { 4838 atomic_add_int(&stcb->asoc.refcnt, 1); 4839 4840 SCTP_TCB_UNLOCK(stcb); 4841 SCTP_INP_INFO_WLOCK(); 4842 SCTP_INP_WLOCK(inp); 4843 SCTP_TCB_LOCK(stcb); 4844 } 4845 /* Double check the GONE flag */ 4846 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 4847 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) 4848 /* nothing around */ 4849 so = NULL; 4850 4851 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 4852 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 4853 /* 4854 * For TCP type we need special handling when we are 4855 * connected. We also include the peel'ed off ones to. 4856 */ 4857 if (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) { 4858 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CONNECTED; 4859 inp->sctp_flags |= SCTP_PCB_FLAGS_WAS_CONNECTED; 4860 if (so) { 4861 SOCK_LOCK(so); 4862 if (so->so_rcv.sb_cc == 0) { 4863 so->so_state &= ~(SS_ISCONNECTING | 4864 SS_ISDISCONNECTING | 4865 SS_ISCONFIRMING | 4866 SS_ISCONNECTED); 4867 } 4868 socantrcvmore_locked(so); 4869 socantsendmore(so); 4870 sctp_sowwakeup(inp, so); 4871 sctp_sorwakeup(inp, so); 4872 SCTP_SOWAKEUP(so); 4873 } 4874 } 4875 } 4876 /* 4877 * Make it invalid too, that way if its about to run it will abort 4878 * and return. 4879 */ 4880 /* re-increment the lock */ 4881 if (from_inpcbfree == SCTP_NORMAL_PROC) { 4882 atomic_add_int(&stcb->asoc.refcnt, -1); 4883 } 4884 if (stcb->asoc.refcnt) { 4885 stcb->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE; 4886 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL); 4887 if (from_inpcbfree == SCTP_NORMAL_PROC) { 4888 SCTP_INP_INFO_WUNLOCK(); 4889 SCTP_INP_WUNLOCK(inp); 4890 } 4891 SCTP_TCB_UNLOCK(stcb); 4892 return (0); 4893 } 4894 asoc->state = 0; 4895 if (inp->sctp_tcbhash) { 4896 LIST_REMOVE(stcb, sctp_tcbhash); 4897 } 4898 if (stcb->asoc.in_asocid_hash) { 4899 LIST_REMOVE(stcb, sctp_tcbasocidhash); 4900 } 4901 /* Now lets remove it from the list of ALL associations in the EP */ 4902 LIST_REMOVE(stcb, sctp_tcblist); 4903 if (from_inpcbfree == SCTP_NORMAL_PROC) { 4904 SCTP_INP_INCR_REF(inp); 4905 SCTP_INP_WUNLOCK(inp); 4906 } 4907 /* pull from vtag hash */ 4908 LIST_REMOVE(stcb, sctp_asocs); 4909 sctp_add_vtag_to_timewait(asoc->my_vtag, SCTP_BASE_SYSCTL(sctp_vtag_time_wait), 4910 inp->sctp_lport, stcb->rport); 4911 4912 /* 4913 * Now restop the timers to be sure this is paranoia at is finest! 4914 */ 4915 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer); 4916 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer); 4917 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer); 4918 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer); 4919 (void)SCTP_OS_TIMER_STOP(&asoc->shut_guard_timer.timer); 4920 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer); 4921 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer); 4922 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 4923 (void)SCTP_OS_TIMER_STOP(&net->rxt_timer.timer); 4924 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer); 4925 (void)SCTP_OS_TIMER_STOP(&net->hb_timer.timer); 4926 } 4927 4928 asoc->strreset_timer.type = SCTP_TIMER_TYPE_NONE; 4929 /* 4930 * The chunk lists and such SHOULD be empty but we check them just 4931 * in case. 4932 */ 4933 /* anything on the wheel needs to be removed */ 4934 for (i = 0; i < asoc->streamoutcnt; i++) { 4935 struct sctp_stream_out *outs; 4936 4937 outs = &asoc->strmout[i]; 4938 /* now clean up any chunks here */ 4939 TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) { 4940 atomic_subtract_int(&asoc->stream_queue_cnt, 1); 4941 TAILQ_REMOVE(&outs->outqueue, sp, next); 4942 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, outs, sp, 0); 4943 sctp_free_spbufspace(stcb, asoc, sp); 4944 if (sp->data) { 4945 if (so) { 4946 /* Still an open socket - report */ 4947 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb, 4948 0, (void *)sp, SCTP_SO_LOCKED); 4949 } 4950 if (sp->data) { 4951 sctp_m_freem(sp->data); 4952 sp->data = NULL; 4953 sp->tail_mbuf = NULL; 4954 sp->length = 0; 4955 } 4956 } 4957 if (sp->net) { 4958 sctp_free_remote_addr(sp->net); 4959 sp->net = NULL; 4960 } 4961 sctp_free_a_strmoq(stcb, sp, SCTP_SO_LOCKED); 4962 } 4963 } 4964 /* sa_ignore FREED_MEMORY */ 4965 TAILQ_FOREACH_SAFE(strrst, &asoc->resetHead, next_resp, nstrrst) { 4966 TAILQ_REMOVE(&asoc->resetHead, strrst, next_resp); 4967 SCTP_FREE(strrst, SCTP_M_STRESET); 4968 } 4969 TAILQ_FOREACH_SAFE(sq, &asoc->pending_reply_queue, next, nsq) { 4970 TAILQ_REMOVE(&asoc->pending_reply_queue, sq, next); 4971 if (sq->data) { 4972 sctp_m_freem(sq->data); 4973 sq->data = NULL; 4974 } 4975 sctp_free_remote_addr(sq->whoFrom); 4976 sq->whoFrom = NULL; 4977 sq->stcb = NULL; 4978 /* Free the ctl entry */ 4979 sctp_free_a_readq(stcb, sq); 4980 /* sa_ignore FREED_MEMORY */ 4981 } 4982 TAILQ_FOREACH_SAFE(chk, &asoc->free_chunks, sctp_next, nchk) { 4983 TAILQ_REMOVE(&asoc->free_chunks, chk, sctp_next); 4984 if (chk->data) { 4985 sctp_m_freem(chk->data); 4986 chk->data = NULL; 4987 } 4988 if (chk->holds_key_ref) 4989 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); 4990 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); 4991 SCTP_DECR_CHK_COUNT(); 4992 atomic_subtract_int(&SCTP_BASE_INFO(ipi_free_chunks), 1); 4993 asoc->free_chunk_cnt--; 4994 /* sa_ignore FREED_MEMORY */ 4995 } 4996 /* pending send queue SHOULD be empty */ 4997 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { 4998 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { 4999 asoc->strmout[chk->rec.data.sid].chunks_on_queues--; 5000#ifdef INVARIANTS 5001 } else { 5002 panic("No chunks on the queues for sid %u.", chk->rec.data.sid); 5003#endif 5004 } 5005 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); 5006 if (chk->data) { 5007 if (so) { 5008 /* Still a socket? */ 5009 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 5010 0, chk, SCTP_SO_LOCKED); 5011 } 5012 if (chk->data) { 5013 sctp_m_freem(chk->data); 5014 chk->data = NULL; 5015 } 5016 } 5017 if (chk->holds_key_ref) 5018 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); 5019 if (chk->whoTo) { 5020 sctp_free_remote_addr(chk->whoTo); 5021 chk->whoTo = NULL; 5022 } 5023 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); 5024 SCTP_DECR_CHK_COUNT(); 5025 /* sa_ignore FREED_MEMORY */ 5026 } 5027 /* sent queue SHOULD be empty */ 5028 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) { 5029 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) { 5030 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) { 5031 asoc->strmout[chk->rec.data.sid].chunks_on_queues--; 5032#ifdef INVARIANTS 5033 } else { 5034 panic("No chunks on the queues for sid %u.", chk->rec.data.sid); 5035#endif 5036 } 5037 } 5038 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next); 5039 if (chk->data) { 5040 if (so) { 5041 /* Still a socket? */ 5042 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 5043 0, chk, SCTP_SO_LOCKED); 5044 } 5045 if (chk->data) { 5046 sctp_m_freem(chk->data); 5047 chk->data = NULL; 5048 } 5049 } 5050 if (chk->holds_key_ref) 5051 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); 5052 sctp_free_remote_addr(chk->whoTo); 5053 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); 5054 SCTP_DECR_CHK_COUNT(); 5055 /* sa_ignore FREED_MEMORY */ 5056 } 5057#ifdef INVARIANTS 5058 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 5059 if (stcb->asoc.strmout[i].chunks_on_queues > 0) { 5060 panic("%u chunks left for stream %u.", stcb->asoc.strmout[i].chunks_on_queues, i); 5061 } 5062 } 5063#endif 5064 /* control queue MAY not be empty */ 5065 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) { 5066 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 5067 if (chk->data) { 5068 sctp_m_freem(chk->data); 5069 chk->data = NULL; 5070 } 5071 if (chk->holds_key_ref) 5072 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); 5073 sctp_free_remote_addr(chk->whoTo); 5074 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); 5075 SCTP_DECR_CHK_COUNT(); 5076 /* sa_ignore FREED_MEMORY */ 5077 } 5078 /* ASCONF queue MAY not be empty */ 5079 TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) { 5080 TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next); 5081 if (chk->data) { 5082 sctp_m_freem(chk->data); 5083 chk->data = NULL; 5084 } 5085 if (chk->holds_key_ref) 5086 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); 5087 sctp_free_remote_addr(chk->whoTo); 5088 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); 5089 SCTP_DECR_CHK_COUNT(); 5090 /* sa_ignore FREED_MEMORY */ 5091 } 5092 if (asoc->mapping_array) { 5093 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 5094 asoc->mapping_array = NULL; 5095 } 5096 if (asoc->nr_mapping_array) { 5097 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP); 5098 asoc->nr_mapping_array = NULL; 5099 } 5100 /* the stream outs */ 5101 if (asoc->strmout) { 5102 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 5103 asoc->strmout = NULL; 5104 } 5105 asoc->strm_realoutsize = asoc->streamoutcnt = 0; 5106 if (asoc->strmin) { 5107 for (i = 0; i < asoc->streamincnt; i++) { 5108 sctp_clean_up_stream(stcb, &asoc->strmin[i].inqueue); 5109 sctp_clean_up_stream(stcb, &asoc->strmin[i].uno_inqueue); 5110 } 5111 SCTP_FREE(asoc->strmin, SCTP_M_STRMI); 5112 asoc->strmin = NULL; 5113 } 5114 asoc->streamincnt = 0; 5115 TAILQ_FOREACH_SAFE(net, &asoc->nets, sctp_next, nnet) { 5116#ifdef INVARIANTS 5117 if (SCTP_BASE_INFO(ipi_count_raddr) == 0) { 5118 panic("no net's left alloc'ed, or list points to itself"); 5119 } 5120#endif 5121 TAILQ_REMOVE(&asoc->nets, net, sctp_next); 5122 sctp_free_remote_addr(net); 5123 } 5124 LIST_FOREACH_SAFE(laddr, &asoc->sctp_restricted_addrs, sctp_nxt_addr, naddr) { 5125 /* sa_ignore FREED_MEMORY */ 5126 sctp_remove_laddr(laddr); 5127 } 5128 5129 /* pending asconf (address) parameters */ 5130 TAILQ_FOREACH_SAFE(aparam, &asoc->asconf_queue, next, naparam) { 5131 /* sa_ignore FREED_MEMORY */ 5132 TAILQ_REMOVE(&asoc->asconf_queue, aparam, next); 5133 SCTP_FREE(aparam, SCTP_M_ASC_ADDR); 5134 } 5135 TAILQ_FOREACH_SAFE(aack, &asoc->asconf_ack_sent, next, naack) { 5136 /* sa_ignore FREED_MEMORY */ 5137 TAILQ_REMOVE(&asoc->asconf_ack_sent, aack, next); 5138 if (aack->data != NULL) { 5139 sctp_m_freem(aack->data); 5140 } 5141 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asconf_ack), aack); 5142 } 5143 /* clean up auth stuff */ 5144 if (asoc->local_hmacs) 5145 sctp_free_hmaclist(asoc->local_hmacs); 5146 if (asoc->peer_hmacs) 5147 sctp_free_hmaclist(asoc->peer_hmacs); 5148 5149 if (asoc->local_auth_chunks) 5150 sctp_free_chunklist(asoc->local_auth_chunks); 5151 if (asoc->peer_auth_chunks) 5152 sctp_free_chunklist(asoc->peer_auth_chunks); 5153 5154 sctp_free_authinfo(&asoc->authinfo); 5155 5156 LIST_FOREACH_SAFE(shared_key, &asoc->shared_keys, next, nshared_key) { 5157 LIST_REMOVE(shared_key, next); 5158 sctp_free_sharedkey(shared_key); 5159 /* sa_ignore FREED_MEMORY */ 5160 } 5161 5162 /* Insert new items here :> */ 5163 5164 /* Get rid of LOCK */ 5165 SCTP_TCB_UNLOCK(stcb); 5166 SCTP_TCB_LOCK_DESTROY(stcb); 5167 SCTP_TCB_SEND_LOCK_DESTROY(stcb); 5168 if (from_inpcbfree == SCTP_NORMAL_PROC) { 5169 SCTP_INP_INFO_WUNLOCK(); 5170 SCTP_INP_RLOCK(inp); 5171 } 5172#ifdef SCTP_TRACK_FREED_ASOCS 5173 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 5174 /* now clean up the tasoc itself */ 5175 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb); 5176 SCTP_DECR_ASOC_COUNT(); 5177 } else { 5178 LIST_INSERT_HEAD(&inp->sctp_asoc_free_list, stcb, sctp_tcblist); 5179 } 5180#else 5181 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb); 5182 SCTP_DECR_ASOC_COUNT(); 5183#endif 5184 if (from_inpcbfree == SCTP_NORMAL_PROC) { 5185 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 5186 /* 5187 * If its NOT the inp_free calling us AND sctp_close 5188 * as been called, we call back... 5189 */ 5190 SCTP_INP_RUNLOCK(inp); 5191 /* 5192 * This will start the kill timer (if we are the 5193 * last one) since we hold an increment yet. But 5194 * this is the only safe way to do this since 5195 * otherwise if the socket closes at the same time 5196 * we are here we might collide in the cleanup. 5197 */ 5198 sctp_inpcb_free(inp, 5199 SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE, 5200 SCTP_CALLED_DIRECTLY_NOCMPSET); 5201 SCTP_INP_DECR_REF(inp); 5202 goto out_of; 5203 } else { 5204 /* The socket is still open. */ 5205 SCTP_INP_DECR_REF(inp); 5206 } 5207 } 5208 if (from_inpcbfree == SCTP_NORMAL_PROC) { 5209 SCTP_INP_RUNLOCK(inp); 5210 } 5211out_of: 5212 /* destroyed the asoc */ 5213#ifdef SCTP_LOG_CLOSING 5214 sctp_log_closing(inp, NULL, 11); 5215#endif 5216 return (1); 5217} 5218 5219 5220 5221/* 5222 * determine if a destination is "reachable" based upon the addresses bound 5223 * to the current endpoint (e.g. only v4 or v6 currently bound) 5224 */ 5225/* 5226 * FIX: if we allow assoc-level bindx(), then this needs to be fixed to use 5227 * assoc level v4/v6 flags, as the assoc *may* not have the same address 5228 * types bound as its endpoint 5229 */ 5230int 5231sctp_destination_is_reachable(struct sctp_tcb *stcb, struct sockaddr *destaddr) 5232{ 5233 struct sctp_inpcb *inp; 5234 int answer; 5235 5236 /* 5237 * No locks here, the TCB, in all cases is already locked and an 5238 * assoc is up. There is either a INP lock by the caller applied (in 5239 * asconf case when deleting an address) or NOT in the HB case, 5240 * however if HB then the INP increment is up and the INP will not 5241 * be removed (on top of the fact that we have a TCB lock). So we 5242 * only want to read the sctp_flags, which is either bound-all or 5243 * not.. no protection needed since once an assoc is up you can't be 5244 * changing your binding. 5245 */ 5246 inp = stcb->sctp_ep; 5247 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 5248 /* if bound all, destination is not restricted */ 5249 /* 5250 * RRS: Question during lock work: Is this correct? If you 5251 * are bound-all you still might need to obey the V4--V6 5252 * flags??? IMO this bound-all stuff needs to be removed! 5253 */ 5254 return (1); 5255 } 5256 /* NOTE: all "scope" checks are done when local addresses are added */ 5257 switch (destaddr->sa_family) { 5258#ifdef INET6 5259 case AF_INET6: 5260 answer = inp->ip_inp.inp.inp_vflag & INP_IPV6; 5261 break; 5262#endif 5263#ifdef INET 5264 case AF_INET: 5265 answer = inp->ip_inp.inp.inp_vflag & INP_IPV4; 5266 break; 5267#endif 5268 default: 5269 /* invalid family, so it's unreachable */ 5270 answer = 0; 5271 break; 5272 } 5273 return (answer); 5274} 5275 5276/* 5277 * update the inp_vflags on an endpoint 5278 */ 5279static void 5280sctp_update_ep_vflag(struct sctp_inpcb *inp) 5281{ 5282 struct sctp_laddr *laddr; 5283 5284 /* first clear the flag */ 5285 inp->ip_inp.inp.inp_vflag = 0; 5286 /* set the flag based on addresses on the ep list */ 5287 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 5288 if (laddr->ifa == NULL) { 5289 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n", 5290 __func__); 5291 continue; 5292 } 5293 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) { 5294 continue; 5295 } 5296 switch (laddr->ifa->address.sa.sa_family) { 5297#ifdef INET6 5298 case AF_INET6: 5299 inp->ip_inp.inp.inp_vflag |= INP_IPV6; 5300 break; 5301#endif 5302#ifdef INET 5303 case AF_INET: 5304 inp->ip_inp.inp.inp_vflag |= INP_IPV4; 5305 break; 5306#endif 5307 default: 5308 break; 5309 } 5310 } 5311} 5312 5313/* 5314 * Add the address to the endpoint local address list There is nothing to be 5315 * done if we are bound to all addresses 5316 */ 5317void 5318sctp_add_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa, uint32_t action) 5319{ 5320 struct sctp_laddr *laddr; 5321 struct sctp_tcb *stcb; 5322 int fnd, error = 0; 5323 5324 fnd = 0; 5325 5326 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 5327 /* You are already bound to all. You have it already */ 5328 return; 5329 } 5330#ifdef INET6 5331 if (ifa->address.sa.sa_family == AF_INET6) { 5332 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 5333 /* Can't bind a non-useable addr. */ 5334 return; 5335 } 5336 } 5337#endif 5338 /* first, is it already present? */ 5339 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 5340 if (laddr->ifa == ifa) { 5341 fnd = 1; 5342 break; 5343 } 5344 } 5345 5346 if (fnd == 0) { 5347 /* Not in the ep list */ 5348 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, action); 5349 if (error != 0) 5350 return; 5351 inp->laddr_count++; 5352 /* update inp_vflag flags */ 5353 switch (ifa->address.sa.sa_family) { 5354#ifdef INET6 5355 case AF_INET6: 5356 inp->ip_inp.inp.inp_vflag |= INP_IPV6; 5357 break; 5358#endif 5359#ifdef INET 5360 case AF_INET: 5361 inp->ip_inp.inp.inp_vflag |= INP_IPV4; 5362 break; 5363#endif 5364 default: 5365 break; 5366 } 5367 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 5368 sctp_add_local_addr_restricted(stcb, ifa); 5369 } 5370 } 5371 return; 5372} 5373 5374 5375/* 5376 * select a new (hopefully reachable) destination net (should only be used 5377 * when we deleted an ep addr that is the only usable source address to reach 5378 * the destination net) 5379 */ 5380static void 5381sctp_select_primary_destination(struct sctp_tcb *stcb) 5382{ 5383 struct sctp_nets *net; 5384 5385 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 5386 /* for now, we'll just pick the first reachable one we find */ 5387 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) 5388 continue; 5389 if (sctp_destination_is_reachable(stcb, 5390 (struct sockaddr *)&net->ro._l_addr)) { 5391 /* found a reachable destination */ 5392 stcb->asoc.primary_destination = net; 5393 } 5394 } 5395 /* I can't there from here! ...we're gonna die shortly... */ 5396} 5397 5398 5399/* 5400 * Delete the address from the endpoint local address list. There is nothing 5401 * to be done if we are bound to all addresses 5402 */ 5403void 5404sctp_del_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa) 5405{ 5406 struct sctp_laddr *laddr; 5407 int fnd; 5408 5409 fnd = 0; 5410 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 5411 /* You are already bound to all. You have it already */ 5412 return; 5413 } 5414 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 5415 if (laddr->ifa == ifa) { 5416 fnd = 1; 5417 break; 5418 } 5419 } 5420 if (fnd && (inp->laddr_count < 2)) { 5421 /* can't delete unless there are at LEAST 2 addresses */ 5422 return; 5423 } 5424 if (fnd) { 5425 /* 5426 * clean up any use of this address go through our 5427 * associations and clear any last_used_address that match 5428 * this one for each assoc, see if a new primary_destination 5429 * is needed 5430 */ 5431 struct sctp_tcb *stcb; 5432 5433 /* clean up "next_addr_touse" */ 5434 if (inp->next_addr_touse == laddr) 5435 /* delete this address */ 5436 inp->next_addr_touse = NULL; 5437 5438 /* clean up "last_used_address" */ 5439 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 5440 struct sctp_nets *net; 5441 5442 SCTP_TCB_LOCK(stcb); 5443 if (stcb->asoc.last_used_address == laddr) 5444 /* delete this address */ 5445 stcb->asoc.last_used_address = NULL; 5446 /* 5447 * Now spin through all the nets and purge any ref 5448 * to laddr 5449 */ 5450 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 5451 if (net->ro._s_addr == laddr->ifa) { 5452 /* Yep, purge src address selected */ 5453 sctp_rtentry_t *rt; 5454 5455 /* delete this address if cached */ 5456 rt = net->ro.ro_rt; 5457 if (rt != NULL) { 5458 RTFREE(rt); 5459 net->ro.ro_rt = NULL; 5460 } 5461 sctp_free_ifa(net->ro._s_addr); 5462 net->ro._s_addr = NULL; 5463 net->src_addr_selected = 0; 5464 } 5465 } 5466 SCTP_TCB_UNLOCK(stcb); 5467 } /* for each tcb */ 5468 /* remove it from the ep list */ 5469 sctp_remove_laddr(laddr); 5470 inp->laddr_count--; 5471 /* update inp_vflag flags */ 5472 sctp_update_ep_vflag(inp); 5473 } 5474 return; 5475} 5476 5477/* 5478 * Add the address to the TCB local address restricted list. 5479 * This is a "pending" address list (eg. addresses waiting for an 5480 * ASCONF-ACK response) and cannot be used as a valid source address. 5481 */ 5482void 5483sctp_add_local_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa) 5484{ 5485 struct sctp_laddr *laddr; 5486 struct sctpladdr *list; 5487 5488 /* 5489 * Assumes TCB is locked.. and possibly the INP. May need to 5490 * confirm/fix that if we need it and is not the case. 5491 */ 5492 list = &stcb->asoc.sctp_restricted_addrs; 5493 5494#ifdef INET6 5495 if (ifa->address.sa.sa_family == AF_INET6) { 5496 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 5497 /* Can't bind a non-existent addr. */ 5498 return; 5499 } 5500 } 5501#endif 5502 /* does the address already exist? */ 5503 LIST_FOREACH(laddr, list, sctp_nxt_addr) { 5504 if (laddr->ifa == ifa) { 5505 return; 5506 } 5507 } 5508 5509 /* add to the list */ 5510 (void)sctp_insert_laddr(list, ifa, 0); 5511 return; 5512} 5513 5514/* 5515 * Remove a local address from the TCB local address restricted list 5516 */ 5517void 5518sctp_del_local_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa) 5519{ 5520 struct sctp_inpcb *inp; 5521 struct sctp_laddr *laddr; 5522 5523 /* 5524 * This is called by asconf work. It is assumed that a) The TCB is 5525 * locked and b) The INP is locked. This is true in as much as I can 5526 * trace through the entry asconf code where I did these locks. 5527 * Again, the ASCONF code is a bit different in that it does lock 5528 * the INP during its work often times. This must be since we don't 5529 * want other proc's looking up things while what they are looking 5530 * up is changing :-D 5531 */ 5532 5533 inp = stcb->sctp_ep; 5534 /* if subset bound and don't allow ASCONF's, can't delete last */ 5535 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) && 5536 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF)) { 5537 if (stcb->sctp_ep->laddr_count < 2) { 5538 /* can't delete last address */ 5539 return; 5540 } 5541 } 5542 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) { 5543 /* remove the address if it exists */ 5544 if (laddr->ifa == NULL) 5545 continue; 5546 if (laddr->ifa == ifa) { 5547 sctp_remove_laddr(laddr); 5548 return; 5549 } 5550 } 5551 5552 /* address not found! */ 5553 return; 5554} 5555 5556/* 5557 * Temporarily remove for __APPLE__ until we use the Tiger equivalents 5558 */ 5559/* sysctl */ 5560static int sctp_max_number_of_assoc = SCTP_MAX_NUM_OF_ASOC; 5561static int sctp_scale_up_for_address = SCTP_SCALE_FOR_ADDR; 5562 5563 5564 5565#if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP) 5566struct sctp_mcore_ctrl *sctp_mcore_workers = NULL; 5567int *sctp_cpuarry = NULL; 5568void 5569sctp_queue_to_mcore(struct mbuf *m, int off, int cpu_to_use) 5570{ 5571 /* Queue a packet to a processor for the specified core */ 5572 struct sctp_mcore_queue *qent; 5573 struct sctp_mcore_ctrl *wkq; 5574 int need_wake = 0; 5575 5576 if (sctp_mcore_workers == NULL) { 5577 /* Something went way bad during setup */ 5578 sctp_input_with_port(m, off, 0); 5579 return; 5580 } 5581 SCTP_MALLOC(qent, struct sctp_mcore_queue *, 5582 (sizeof(struct sctp_mcore_queue)), 5583 SCTP_M_MCORE); 5584 if (qent == NULL) { 5585 /* This is trouble */ 5586 sctp_input_with_port(m, off, 0); 5587 return; 5588 } 5589 qent->vn = curvnet; 5590 qent->m = m; 5591 qent->off = off; 5592 qent->v6 = 0; 5593 wkq = &sctp_mcore_workers[cpu_to_use]; 5594 SCTP_MCORE_QLOCK(wkq); 5595 5596 TAILQ_INSERT_TAIL(&wkq->que, qent, next); 5597 if (wkq->running == 0) { 5598 need_wake = 1; 5599 } 5600 SCTP_MCORE_QUNLOCK(wkq); 5601 if (need_wake) { 5602 wakeup(&wkq->running); 5603 } 5604} 5605 5606static void 5607sctp_mcore_thread(void *arg) 5608{ 5609 5610 struct sctp_mcore_ctrl *wkq; 5611 struct sctp_mcore_queue *qent; 5612 5613 wkq = (struct sctp_mcore_ctrl *)arg; 5614 struct mbuf *m; 5615 int off, v6; 5616 5617 /* Wait for first tickle */ 5618 SCTP_MCORE_LOCK(wkq); 5619 wkq->running = 0; 5620 msleep(&wkq->running, 5621 &wkq->core_mtx, 5622 0, "wait for pkt", 0); 5623 SCTP_MCORE_UNLOCK(wkq); 5624 5625 /* Bind to our cpu */ 5626 thread_lock(curthread); 5627 sched_bind(curthread, wkq->cpuid); 5628 thread_unlock(curthread); 5629 5630 /* Now lets start working */ 5631 SCTP_MCORE_LOCK(wkq); 5632 /* Now grab lock and go */ 5633 for (;;) { 5634 SCTP_MCORE_QLOCK(wkq); 5635skip_sleep: 5636 wkq->running = 1; 5637 qent = TAILQ_FIRST(&wkq->que); 5638 if (qent) { 5639 TAILQ_REMOVE(&wkq->que, qent, next); 5640 SCTP_MCORE_QUNLOCK(wkq); 5641 CURVNET_SET(qent->vn); 5642 m = qent->m; 5643 off = qent->off; 5644 v6 = qent->v6; 5645 SCTP_FREE(qent, SCTP_M_MCORE); 5646 if (v6 == 0) { 5647 sctp_input_with_port(m, off, 0); 5648 } else { 5649 SCTP_PRINTF("V6 not yet supported\n"); 5650 sctp_m_freem(m); 5651 } 5652 CURVNET_RESTORE(); 5653 SCTP_MCORE_QLOCK(wkq); 5654 } 5655 wkq->running = 0; 5656 if (!TAILQ_EMPTY(&wkq->que)) { 5657 goto skip_sleep; 5658 } 5659 SCTP_MCORE_QUNLOCK(wkq); 5660 msleep(&wkq->running, 5661 &wkq->core_mtx, 5662 0, "wait for pkt", 0); 5663 } 5664} 5665 5666static void 5667sctp_startup_mcore_threads(void) 5668{ 5669 int i, cpu; 5670 5671 if (mp_ncpus == 1) 5672 return; 5673 5674 if (sctp_mcore_workers != NULL) { 5675 /* 5676 * Already been here in some previous vnet? 5677 */ 5678 return; 5679 } 5680 SCTP_MALLOC(sctp_mcore_workers, struct sctp_mcore_ctrl *, 5681 ((mp_maxid + 1) * sizeof(struct sctp_mcore_ctrl)), 5682 SCTP_M_MCORE); 5683 if (sctp_mcore_workers == NULL) { 5684 /* TSNH I hope */ 5685 return; 5686 } 5687 memset(sctp_mcore_workers, 0, ((mp_maxid + 1) * 5688 sizeof(struct sctp_mcore_ctrl))); 5689 /* Init the structures */ 5690 for (i = 0; i <= mp_maxid; i++) { 5691 TAILQ_INIT(&sctp_mcore_workers[i].que); 5692 SCTP_MCORE_LOCK_INIT(&sctp_mcore_workers[i]); 5693 SCTP_MCORE_QLOCK_INIT(&sctp_mcore_workers[i]); 5694 sctp_mcore_workers[i].cpuid = i; 5695 } 5696 if (sctp_cpuarry == NULL) { 5697 SCTP_MALLOC(sctp_cpuarry, int *, 5698 (mp_ncpus * sizeof(int)), 5699 SCTP_M_MCORE); 5700 i = 0; 5701 CPU_FOREACH(cpu) { 5702 sctp_cpuarry[i] = cpu; 5703 i++; 5704 } 5705 } 5706 /* Now start them all */ 5707 CPU_FOREACH(cpu) { 5708 (void)kproc_create(sctp_mcore_thread, 5709 (void *)&sctp_mcore_workers[cpu], 5710 &sctp_mcore_workers[cpu].thread_proc, 5711 RFPROC, 5712 SCTP_KTHREAD_PAGES, 5713 SCTP_MCORE_NAME); 5714 5715 } 5716} 5717#endif 5718 5719void 5720sctp_pcb_init() 5721{ 5722 /* 5723 * SCTP initialization for the PCB structures should be called by 5724 * the sctp_init() function. 5725 */ 5726 int i; 5727 struct timeval tv; 5728 5729 if (SCTP_BASE_VAR(sctp_pcb_initialized) != 0) { 5730 /* error I was called twice */ 5731 return; 5732 } 5733 SCTP_BASE_VAR(sctp_pcb_initialized) = 1; 5734 5735#if defined(SCTP_LOCAL_TRACE_BUF) 5736 bzero(&SCTP_BASE_SYSCTL(sctp_log), sizeof(struct sctp_log)); 5737#endif 5738#if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT) 5739 SCTP_MALLOC(SCTP_BASE_STATS, struct sctpstat *, 5740 ((mp_maxid + 1) * sizeof(struct sctpstat)), 5741 SCTP_M_MCORE); 5742#endif 5743 (void)SCTP_GETTIME_TIMEVAL(&tv); 5744#if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT) 5745 bzero(SCTP_BASE_STATS, (sizeof(struct sctpstat) * (mp_maxid + 1))); 5746 SCTP_BASE_STATS[PCPU_GET(cpuid)].sctps_discontinuitytime.tv_sec = (uint32_t)tv.tv_sec; 5747 SCTP_BASE_STATS[PCPU_GET(cpuid)].sctps_discontinuitytime.tv_usec = (uint32_t)tv.tv_usec; 5748#else 5749 bzero(&SCTP_BASE_STATS, sizeof(struct sctpstat)); 5750 SCTP_BASE_STAT(sctps_discontinuitytime).tv_sec = (uint32_t)tv.tv_sec; 5751 SCTP_BASE_STAT(sctps_discontinuitytime).tv_usec = (uint32_t)tv.tv_usec; 5752#endif 5753 /* init the empty list of (All) Endpoints */ 5754 LIST_INIT(&SCTP_BASE_INFO(listhead)); 5755 5756 5757 /* init the hash table of endpoints */ 5758 TUNABLE_INT_FETCH("net.inet.sctp.tcbhashsize", &SCTP_BASE_SYSCTL(sctp_hashtblsize)); 5759 TUNABLE_INT_FETCH("net.inet.sctp.pcbhashsize", &SCTP_BASE_SYSCTL(sctp_pcbtblsize)); 5760 TUNABLE_INT_FETCH("net.inet.sctp.chunkscale", &SCTP_BASE_SYSCTL(sctp_chunkscale)); 5761 SCTP_BASE_INFO(sctp_asochash) = SCTP_HASH_INIT((SCTP_BASE_SYSCTL(sctp_hashtblsize) * 31), 5762 &SCTP_BASE_INFO(hashasocmark)); 5763 SCTP_BASE_INFO(sctp_ephash) = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_hashtblsize), 5764 &SCTP_BASE_INFO(hashmark)); 5765 SCTP_BASE_INFO(sctp_tcpephash) = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_hashtblsize), 5766 &SCTP_BASE_INFO(hashtcpmark)); 5767 SCTP_BASE_INFO(hashtblsize) = SCTP_BASE_SYSCTL(sctp_hashtblsize); 5768 5769 5770 SCTP_BASE_INFO(sctp_vrfhash) = SCTP_HASH_INIT(SCTP_SIZE_OF_VRF_HASH, 5771 &SCTP_BASE_INFO(hashvrfmark)); 5772 5773 SCTP_BASE_INFO(vrf_ifn_hash) = SCTP_HASH_INIT(SCTP_VRF_IFN_HASH_SIZE, 5774 &SCTP_BASE_INFO(vrf_ifn_hashmark)); 5775 /* init the zones */ 5776 /* 5777 * FIX ME: Should check for NULL returns, but if it does fail we are 5778 * doomed to panic anyways... add later maybe. 5779 */ 5780 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_ep), "sctp_ep", 5781 sizeof(struct sctp_inpcb), maxsockets); 5782 5783 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asoc), "sctp_asoc", 5784 sizeof(struct sctp_tcb), sctp_max_number_of_assoc); 5785 5786 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_laddr), "sctp_laddr", 5787 sizeof(struct sctp_laddr), 5788 (sctp_max_number_of_assoc * sctp_scale_up_for_address)); 5789 5790 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_net), "sctp_raddr", 5791 sizeof(struct sctp_nets), 5792 (sctp_max_number_of_assoc * sctp_scale_up_for_address)); 5793 5794 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_chunk), "sctp_chunk", 5795 sizeof(struct sctp_tmit_chunk), 5796 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale))); 5797 5798 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_readq), "sctp_readq", 5799 sizeof(struct sctp_queued_to_read), 5800 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale))); 5801 5802 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_strmoq), "sctp_stream_msg_out", 5803 sizeof(struct sctp_stream_queue_pending), 5804 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale))); 5805 5806 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asconf), "sctp_asconf", 5807 sizeof(struct sctp_asconf), 5808 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale))); 5809 5810 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asconf_ack), "sctp_asconf_ack", 5811 sizeof(struct sctp_asconf_ack), 5812 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale))); 5813 5814 5815 /* Master Lock INIT for info structure */ 5816 SCTP_INP_INFO_LOCK_INIT(); 5817 SCTP_STATLOG_INIT_LOCK(); 5818 5819 SCTP_IPI_COUNT_INIT(); 5820 SCTP_IPI_ADDR_INIT(); 5821#ifdef SCTP_PACKET_LOGGING 5822 SCTP_IP_PKTLOG_INIT(); 5823#endif 5824 LIST_INIT(&SCTP_BASE_INFO(addr_wq)); 5825 5826 SCTP_WQ_ADDR_INIT(); 5827 /* not sure if we need all the counts */ 5828 SCTP_BASE_INFO(ipi_count_ep) = 0; 5829 /* assoc/tcb zone info */ 5830 SCTP_BASE_INFO(ipi_count_asoc) = 0; 5831 /* local addrlist zone info */ 5832 SCTP_BASE_INFO(ipi_count_laddr) = 0; 5833 /* remote addrlist zone info */ 5834 SCTP_BASE_INFO(ipi_count_raddr) = 0; 5835 /* chunk info */ 5836 SCTP_BASE_INFO(ipi_count_chunk) = 0; 5837 5838 /* socket queue zone info */ 5839 SCTP_BASE_INFO(ipi_count_readq) = 0; 5840 5841 /* stream out queue cont */ 5842 SCTP_BASE_INFO(ipi_count_strmoq) = 0; 5843 5844 SCTP_BASE_INFO(ipi_free_strmoq) = 0; 5845 SCTP_BASE_INFO(ipi_free_chunks) = 0; 5846 5847 SCTP_OS_TIMER_INIT(&SCTP_BASE_INFO(addr_wq_timer.timer)); 5848 5849 /* Init the TIMEWAIT list */ 5850 for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) { 5851 LIST_INIT(&SCTP_BASE_INFO(vtag_timewait)[i]); 5852 } 5853 sctp_startup_iterator(); 5854 5855#if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP) 5856 sctp_startup_mcore_threads(); 5857#endif 5858 5859 /* 5860 * INIT the default VRF which for BSD is the only one, other O/S's 5861 * may have more. But initially they must start with one and then 5862 * add the VRF's as addresses are added. 5863 */ 5864 sctp_init_vrf_list(SCTP_DEFAULT_VRF); 5865} 5866 5867/* 5868 * Assumes that the SCTP_BASE_INFO() lock is NOT held. 5869 */ 5870void 5871sctp_pcb_finish(void) 5872{ 5873 struct sctp_vrflist *vrf_bucket; 5874 struct sctp_vrf *vrf, *nvrf; 5875 struct sctp_ifn *ifn, *nifn; 5876 struct sctp_ifa *ifa, *nifa; 5877 struct sctpvtaghead *chain; 5878 struct sctp_tagblock *twait_block, *prev_twait_block; 5879 struct sctp_laddr *wi, *nwi; 5880 int i; 5881 struct sctp_iterator *it, *nit; 5882 5883 if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) { 5884 SCTP_PRINTF("%s: race condition on teardown.\n", __func__); 5885 return; 5886 } 5887 SCTP_BASE_VAR(sctp_pcb_initialized) = 0; 5888 /* 5889 * In FreeBSD the iterator thread never exits but we do clean up. 5890 * The only way FreeBSD reaches here is if we have VRF's but we 5891 * still add the ifdef to make it compile on old versions. 5892 */ 5893retry: 5894 SCTP_IPI_ITERATOR_WQ_LOCK(); 5895 /* 5896 * sctp_iterator_worker() might be working on an it entry without 5897 * holding the lock. We won't find it on the list either and 5898 * continue and free/destroy it. While holding the lock, spin, to 5899 * avoid the race condition as sctp_iterator_worker() will have to 5900 * wait to re-aquire the lock. 5901 */ 5902 if (sctp_it_ctl.iterator_running != 0 || sctp_it_ctl.cur_it != NULL) { 5903 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 5904 SCTP_PRINTF("%s: Iterator running while we held the lock. Retry. " 5905 "cur_it=%p\n", __func__, sctp_it_ctl.cur_it); 5906 DELAY(10); 5907 goto retry; 5908 } 5909 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) { 5910 if (it->vn != curvnet) { 5911 continue; 5912 } 5913 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr); 5914 if (it->function_atend != NULL) { 5915 (*it->function_atend) (it->pointer, it->val); 5916 } 5917 SCTP_FREE(it, SCTP_M_ITER); 5918 } 5919 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 5920 SCTP_ITERATOR_LOCK(); 5921 if ((sctp_it_ctl.cur_it) && 5922 (sctp_it_ctl.cur_it->vn == curvnet)) { 5923 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_IT; 5924 } 5925 SCTP_ITERATOR_UNLOCK(); 5926 SCTP_OS_TIMER_STOP_DRAIN(&SCTP_BASE_INFO(addr_wq_timer.timer)); 5927 SCTP_WQ_ADDR_LOCK(); 5928 LIST_FOREACH_SAFE(wi, &SCTP_BASE_INFO(addr_wq), sctp_nxt_addr, nwi) { 5929 LIST_REMOVE(wi, sctp_nxt_addr); 5930 SCTP_DECR_LADDR_COUNT(); 5931 if (wi->action == SCTP_DEL_IP_ADDRESS) { 5932 SCTP_FREE(wi->ifa, SCTP_M_IFA); 5933 } 5934 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), wi); 5935 } 5936 SCTP_WQ_ADDR_UNLOCK(); 5937 5938 /* 5939 * free the vrf/ifn/ifa lists and hashes (be sure address monitor is 5940 * destroyed first). 5941 */ 5942 vrf_bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(SCTP_DEFAULT_VRFID & SCTP_BASE_INFO(hashvrfmark))]; 5943 LIST_FOREACH_SAFE(vrf, vrf_bucket, next_vrf, nvrf) { 5944 LIST_FOREACH_SAFE(ifn, &vrf->ifnlist, next_ifn, nifn) { 5945 LIST_FOREACH_SAFE(ifa, &ifn->ifalist, next_ifa, nifa) { 5946 /* free the ifa */ 5947 LIST_REMOVE(ifa, next_bucket); 5948 LIST_REMOVE(ifa, next_ifa); 5949 SCTP_FREE(ifa, SCTP_M_IFA); 5950 } 5951 /* free the ifn */ 5952 LIST_REMOVE(ifn, next_bucket); 5953 LIST_REMOVE(ifn, next_ifn); 5954 SCTP_FREE(ifn, SCTP_M_IFN); 5955 } 5956 SCTP_HASH_FREE(vrf->vrf_addr_hash, vrf->vrf_addr_hashmark); 5957 /* free the vrf */ 5958 LIST_REMOVE(vrf, next_vrf); 5959 SCTP_FREE(vrf, SCTP_M_VRF); 5960 } 5961 /* free the vrf hashes */ 5962 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_vrfhash), SCTP_BASE_INFO(hashvrfmark)); 5963 SCTP_HASH_FREE(SCTP_BASE_INFO(vrf_ifn_hash), SCTP_BASE_INFO(vrf_ifn_hashmark)); 5964 5965 /* 5966 * free the TIMEWAIT list elements malloc'd in the function 5967 * sctp_add_vtag_to_timewait()... 5968 */ 5969 for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) { 5970 chain = &SCTP_BASE_INFO(vtag_timewait)[i]; 5971 if (!LIST_EMPTY(chain)) { 5972 prev_twait_block = NULL; 5973 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) { 5974 if (prev_twait_block) { 5975 SCTP_FREE(prev_twait_block, SCTP_M_TIMW); 5976 } 5977 prev_twait_block = twait_block; 5978 } 5979 SCTP_FREE(prev_twait_block, SCTP_M_TIMW); 5980 } 5981 } 5982 5983 /* free the locks and mutexes */ 5984#ifdef SCTP_PACKET_LOGGING 5985 SCTP_IP_PKTLOG_DESTROY(); 5986#endif 5987 SCTP_IPI_ADDR_DESTROY(); 5988 SCTP_STATLOG_DESTROY(); 5989 SCTP_INP_INFO_LOCK_DESTROY(); 5990 5991 SCTP_WQ_ADDR_DESTROY(); 5992 5993 /* Get rid of other stuff too. */ 5994 if (SCTP_BASE_INFO(sctp_asochash) != NULL) 5995 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_asochash), SCTP_BASE_INFO(hashasocmark)); 5996 if (SCTP_BASE_INFO(sctp_ephash) != NULL) 5997 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_ephash), SCTP_BASE_INFO(hashmark)); 5998 if (SCTP_BASE_INFO(sctp_tcpephash) != NULL) 5999 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_tcpephash), SCTP_BASE_INFO(hashtcpmark)); 6000 6001 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_ep)); 6002 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asoc)); 6003 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_laddr)); 6004 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_net)); 6005 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_chunk)); 6006 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_readq)); 6007 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_strmoq)); 6008 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf)); 6009 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf_ack)); 6010#if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT) 6011 SCTP_FREE(SCTP_BASE_STATS, SCTP_M_MCORE); 6012#endif 6013} 6014 6015 6016int 6017sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m, 6018 int offset, int limit, 6019 struct sockaddr *src, struct sockaddr *dst, 6020 struct sockaddr *altsa, uint16_t port) 6021{ 6022 /* 6023 * grub through the INIT pulling addresses and loading them to the 6024 * nets structure in the asoc. The from address in the mbuf should 6025 * also be loaded (if it is not already). This routine can be called 6026 * with either INIT or INIT-ACK's as long as the m points to the IP 6027 * packet and the offset points to the beginning of the parameters. 6028 */ 6029 struct sctp_inpcb *inp; 6030 struct sctp_nets *net, *nnet, *net_tmp; 6031 struct sctp_paramhdr *phdr, param_buf; 6032 struct sctp_tcb *stcb_tmp; 6033 uint16_t ptype, plen; 6034 struct sockaddr *sa; 6035 uint8_t random_store[SCTP_PARAM_BUFFER_SIZE]; 6036 struct sctp_auth_random *p_random = NULL; 6037 uint16_t random_len = 0; 6038 uint8_t hmacs_store[SCTP_PARAM_BUFFER_SIZE]; 6039 struct sctp_auth_hmac_algo *hmacs = NULL; 6040 uint16_t hmacs_len = 0; 6041 uint8_t saw_asconf = 0; 6042 uint8_t saw_asconf_ack = 0; 6043 uint8_t chunks_store[SCTP_PARAM_BUFFER_SIZE]; 6044 struct sctp_auth_chunk_list *chunks = NULL; 6045 uint16_t num_chunks = 0; 6046 sctp_key_t *new_key; 6047 uint32_t keylen; 6048 int got_random = 0, got_hmacs = 0, got_chklist = 0; 6049 uint8_t peer_supports_ecn; 6050 uint8_t peer_supports_prsctp; 6051 uint8_t peer_supports_auth; 6052 uint8_t peer_supports_asconf; 6053 uint8_t peer_supports_asconf_ack; 6054 uint8_t peer_supports_reconfig; 6055 uint8_t peer_supports_nrsack; 6056 uint8_t peer_supports_pktdrop; 6057 uint8_t peer_supports_idata; 6058#ifdef INET 6059 struct sockaddr_in sin; 6060#endif 6061#ifdef INET6 6062 struct sockaddr_in6 sin6; 6063#endif 6064 6065 /* First get the destination address setup too. */ 6066#ifdef INET 6067 memset(&sin, 0, sizeof(sin)); 6068 sin.sin_family = AF_INET; 6069 sin.sin_len = sizeof(sin); 6070 sin.sin_port = stcb->rport; 6071#endif 6072#ifdef INET6 6073 memset(&sin6, 0, sizeof(sin6)); 6074 sin6.sin6_family = AF_INET6; 6075 sin6.sin6_len = sizeof(struct sockaddr_in6); 6076 sin6.sin6_port = stcb->rport; 6077#endif 6078 if (altsa) { 6079 sa = altsa; 6080 } else { 6081 sa = src; 6082 } 6083 peer_supports_idata = 0; 6084 peer_supports_ecn = 0; 6085 peer_supports_prsctp = 0; 6086 peer_supports_auth = 0; 6087 peer_supports_asconf = 0; 6088 peer_supports_reconfig = 0; 6089 peer_supports_nrsack = 0; 6090 peer_supports_pktdrop = 0; 6091 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 6092 /* mark all addresses that we have currently on the list */ 6093 net->dest_state |= SCTP_ADDR_NOT_IN_ASSOC; 6094 } 6095 /* does the source address already exist? if so skip it */ 6096 inp = stcb->sctp_ep; 6097 atomic_add_int(&stcb->asoc.refcnt, 1); 6098 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net_tmp, dst, stcb); 6099 atomic_add_int(&stcb->asoc.refcnt, -1); 6100 6101 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) || inp == NULL) { 6102 /* we must add the source address */ 6103 /* no scope set here since we have a tcb already. */ 6104 switch (sa->sa_family) { 6105#ifdef INET 6106 case AF_INET: 6107 if (stcb->asoc.scope.ipv4_addr_legal) { 6108 if (sctp_add_remote_addr(stcb, sa, NULL, port, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_2)) { 6109 return (-1); 6110 } 6111 } 6112 break; 6113#endif 6114#ifdef INET6 6115 case AF_INET6: 6116 if (stcb->asoc.scope.ipv6_addr_legal) { 6117 if (sctp_add_remote_addr(stcb, sa, NULL, port, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_3)) { 6118 return (-2); 6119 } 6120 } 6121 break; 6122#endif 6123 default: 6124 break; 6125 } 6126 } else { 6127 if (net_tmp != NULL && stcb_tmp == stcb) { 6128 net_tmp->dest_state &= ~SCTP_ADDR_NOT_IN_ASSOC; 6129 } else if (stcb_tmp != stcb) { 6130 /* It belongs to another association? */ 6131 if (stcb_tmp) 6132 SCTP_TCB_UNLOCK(stcb_tmp); 6133 return (-3); 6134 } 6135 } 6136 if (stcb->asoc.state == 0) { 6137 /* the assoc was freed? */ 6138 return (-4); 6139 } 6140 /* now we must go through each of the params. */ 6141 phdr = sctp_get_next_param(m, offset, ¶m_buf, sizeof(param_buf)); 6142 while (phdr) { 6143 ptype = ntohs(phdr->param_type); 6144 plen = ntohs(phdr->param_length); 6145 /* 6146 * SCTP_PRINTF("ptype => %0x, plen => %d\n", 6147 * (uint32_t)ptype, (int)plen); 6148 */ 6149 if (offset + plen > limit) { 6150 break; 6151 } 6152 if (plen == 0) { 6153 break; 6154 } 6155#ifdef INET 6156 if (ptype == SCTP_IPV4_ADDRESS) { 6157 if (stcb->asoc.scope.ipv4_addr_legal) { 6158 struct sctp_ipv4addr_param *p4, p4_buf; 6159 6160 /* ok get the v4 address and check/add */ 6161 phdr = sctp_get_next_param(m, offset, 6162 (struct sctp_paramhdr *)&p4_buf, 6163 sizeof(p4_buf)); 6164 if (plen != sizeof(struct sctp_ipv4addr_param) || 6165 phdr == NULL) { 6166 return (-5); 6167 } 6168 p4 = (struct sctp_ipv4addr_param *)phdr; 6169 sin.sin_addr.s_addr = p4->addr; 6170 if (IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) { 6171 /* Skip multi-cast addresses */ 6172 goto next_param; 6173 } 6174 if ((sin.sin_addr.s_addr == INADDR_BROADCAST) || 6175 (sin.sin_addr.s_addr == INADDR_ANY)) { 6176 goto next_param; 6177 } 6178 sa = (struct sockaddr *)&sin; 6179 inp = stcb->sctp_ep; 6180 atomic_add_int(&stcb->asoc.refcnt, 1); 6181 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net, 6182 dst, stcb); 6183 atomic_add_int(&stcb->asoc.refcnt, -1); 6184 6185 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) || 6186 inp == NULL) { 6187 /* we must add the source address */ 6188 /* 6189 * no scope set since we have a tcb 6190 * already 6191 */ 6192 6193 /* 6194 * we must validate the state again 6195 * here 6196 */ 6197 add_it_now: 6198 if (stcb->asoc.state == 0) { 6199 /* the assoc was freed? */ 6200 return (-7); 6201 } 6202 if (sctp_add_remote_addr(stcb, sa, NULL, port, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_4)) { 6203 return (-8); 6204 } 6205 } else if (stcb_tmp == stcb) { 6206 if (stcb->asoc.state == 0) { 6207 /* the assoc was freed? */ 6208 return (-10); 6209 } 6210 if (net != NULL) { 6211 /* clear flag */ 6212 net->dest_state &= 6213 ~SCTP_ADDR_NOT_IN_ASSOC; 6214 } 6215 } else { 6216 /* 6217 * strange, address is in another 6218 * assoc? straighten out locks. 6219 */ 6220 if (stcb_tmp) { 6221 if (SCTP_GET_STATE(&stcb_tmp->asoc) & SCTP_STATE_COOKIE_WAIT) { 6222 struct mbuf *op_err; 6223 char msg[SCTP_DIAG_INFO_LEN]; 6224 6225 /* 6226 * in setup state we 6227 * abort this guy 6228 */ 6229 snprintf(msg, sizeof(msg), 6230 "%s:%d at %s", __FILE__, __LINE__, __func__); 6231 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 6232 msg); 6233 sctp_abort_an_association(stcb_tmp->sctp_ep, 6234 stcb_tmp, op_err, 6235 SCTP_SO_NOT_LOCKED); 6236 goto add_it_now; 6237 } 6238 SCTP_TCB_UNLOCK(stcb_tmp); 6239 } 6240 if (stcb->asoc.state == 0) { 6241 /* the assoc was freed? */ 6242 return (-12); 6243 } 6244 return (-13); 6245 } 6246 } 6247 } else 6248#endif 6249#ifdef INET6 6250 if (ptype == SCTP_IPV6_ADDRESS) { 6251 if (stcb->asoc.scope.ipv6_addr_legal) { 6252 /* ok get the v6 address and check/add */ 6253 struct sctp_ipv6addr_param *p6, p6_buf; 6254 6255 phdr = sctp_get_next_param(m, offset, 6256 (struct sctp_paramhdr *)&p6_buf, 6257 sizeof(p6_buf)); 6258 if (plen != sizeof(struct sctp_ipv6addr_param) || 6259 phdr == NULL) { 6260 return (-14); 6261 } 6262 p6 = (struct sctp_ipv6addr_param *)phdr; 6263 memcpy((caddr_t)&sin6.sin6_addr, p6->addr, 6264 sizeof(p6->addr)); 6265 if (IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) { 6266 /* Skip multi-cast addresses */ 6267 goto next_param; 6268 } 6269 if (IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) { 6270 /* 6271 * Link local make no sense without 6272 * scope 6273 */ 6274 goto next_param; 6275 } 6276 sa = (struct sockaddr *)&sin6; 6277 inp = stcb->sctp_ep; 6278 atomic_add_int(&stcb->asoc.refcnt, 1); 6279 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net, 6280 dst, stcb); 6281 atomic_add_int(&stcb->asoc.refcnt, -1); 6282 if (stcb_tmp == NULL && 6283 (inp == stcb->sctp_ep || inp == NULL)) { 6284 /* 6285 * we must validate the state again 6286 * here 6287 */ 6288 add_it_now6: 6289 if (stcb->asoc.state == 0) { 6290 /* the assoc was freed? */ 6291 return (-16); 6292 } 6293 /* 6294 * we must add the address, no scope 6295 * set 6296 */ 6297 if (sctp_add_remote_addr(stcb, sa, NULL, port, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_5)) { 6298 return (-17); 6299 } 6300 } else if (stcb_tmp == stcb) { 6301 /* 6302 * we must validate the state again 6303 * here 6304 */ 6305 if (stcb->asoc.state == 0) { 6306 /* the assoc was freed? */ 6307 return (-19); 6308 } 6309 if (net != NULL) { 6310 /* clear flag */ 6311 net->dest_state &= 6312 ~SCTP_ADDR_NOT_IN_ASSOC; 6313 } 6314 } else { 6315 /* 6316 * strange, address is in another 6317 * assoc? straighten out locks. 6318 */ 6319 if (stcb_tmp) { 6320 if (SCTP_GET_STATE(&stcb_tmp->asoc) & SCTP_STATE_COOKIE_WAIT) { 6321 struct mbuf *op_err; 6322 char msg[SCTP_DIAG_INFO_LEN]; 6323 6324 /* 6325 * in setup state we 6326 * abort this guy 6327 */ 6328 snprintf(msg, sizeof(msg), 6329 "%s:%d at %s", __FILE__, __LINE__, __func__); 6330 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), 6331 msg); 6332 sctp_abort_an_association(stcb_tmp->sctp_ep, 6333 stcb_tmp, op_err, 6334 SCTP_SO_NOT_LOCKED); 6335 goto add_it_now6; 6336 } 6337 SCTP_TCB_UNLOCK(stcb_tmp); 6338 } 6339 if (stcb->asoc.state == 0) { 6340 /* the assoc was freed? */ 6341 return (-21); 6342 } 6343 return (-22); 6344 } 6345 } 6346 } else 6347#endif 6348 if (ptype == SCTP_ECN_CAPABLE) { 6349 peer_supports_ecn = 1; 6350 } else if (ptype == SCTP_ULP_ADAPTATION) { 6351 if (stcb->asoc.state != SCTP_STATE_OPEN) { 6352 struct sctp_adaptation_layer_indication ai, 6353 *aip; 6354 6355 phdr = sctp_get_next_param(m, offset, 6356 (struct sctp_paramhdr *)&ai, sizeof(ai)); 6357 aip = (struct sctp_adaptation_layer_indication *)phdr; 6358 if (aip) { 6359 stcb->asoc.peers_adaptation = ntohl(aip->indication); 6360 stcb->asoc.adaptation_needed = 1; 6361 } 6362 } 6363 } else if (ptype == SCTP_SET_PRIM_ADDR) { 6364 struct sctp_asconf_addr_param lstore, *fee; 6365 int lptype; 6366 struct sockaddr *lsa = NULL; 6367#ifdef INET 6368 struct sctp_asconf_addrv4_param *fii; 6369#endif 6370 6371 if (stcb->asoc.asconf_supported == 0) { 6372 return (-100); 6373 } 6374 if (plen > sizeof(lstore)) { 6375 return (-23); 6376 } 6377 phdr = sctp_get_next_param(m, offset, 6378 (struct sctp_paramhdr *)&lstore, 6379 plen); 6380 if (phdr == NULL) { 6381 return (-24); 6382 } 6383 fee = (struct sctp_asconf_addr_param *)phdr; 6384 lptype = ntohs(fee->addrp.ph.param_type); 6385 switch (lptype) { 6386#ifdef INET 6387 case SCTP_IPV4_ADDRESS: 6388 if (plen != 6389 sizeof(struct sctp_asconf_addrv4_param)) { 6390 SCTP_PRINTF("Sizeof setprim in init/init ack not %d but %d - ignored\n", 6391 (int)sizeof(struct sctp_asconf_addrv4_param), 6392 plen); 6393 } else { 6394 fii = (struct sctp_asconf_addrv4_param *)fee; 6395 sin.sin_addr.s_addr = fii->addrp.addr; 6396 lsa = (struct sockaddr *)&sin; 6397 } 6398 break; 6399#endif 6400#ifdef INET6 6401 case SCTP_IPV6_ADDRESS: 6402 if (plen != 6403 sizeof(struct sctp_asconf_addr_param)) { 6404 SCTP_PRINTF("Sizeof setprim (v6) in init/init ack not %d but %d - ignored\n", 6405 (int)sizeof(struct sctp_asconf_addr_param), 6406 plen); 6407 } else { 6408 memcpy(sin6.sin6_addr.s6_addr, 6409 fee->addrp.addr, 6410 sizeof(fee->addrp.addr)); 6411 lsa = (struct sockaddr *)&sin6; 6412 } 6413 break; 6414#endif 6415 default: 6416 break; 6417 } 6418 if (lsa) { 6419 (void)sctp_set_primary_addr(stcb, sa, NULL); 6420 } 6421 } else if (ptype == SCTP_HAS_NAT_SUPPORT) { 6422 stcb->asoc.peer_supports_nat = 1; 6423 } else if (ptype == SCTP_PRSCTP_SUPPORTED) { 6424 /* Peer supports pr-sctp */ 6425 peer_supports_prsctp = 1; 6426 } else if (ptype == SCTP_SUPPORTED_CHUNK_EXT) { 6427 /* A supported extension chunk */ 6428 struct sctp_supported_chunk_types_param *pr_supported; 6429 uint8_t local_store[SCTP_PARAM_BUFFER_SIZE]; 6430 int num_ent, i; 6431 6432 if (plen > sizeof(local_store)) { 6433 return (-35); 6434 } 6435 phdr = sctp_get_next_param(m, offset, 6436 (struct sctp_paramhdr *)&local_store, plen); 6437 if (phdr == NULL) { 6438 return (-25); 6439 } 6440 pr_supported = (struct sctp_supported_chunk_types_param *)phdr; 6441 num_ent = plen - sizeof(struct sctp_paramhdr); 6442 for (i = 0; i < num_ent; i++) { 6443 switch (pr_supported->chunk_types[i]) { 6444 case SCTP_ASCONF: 6445 peer_supports_asconf = 1; 6446 break; 6447 case SCTP_ASCONF_ACK: 6448 peer_supports_asconf_ack = 1; 6449 break; 6450 case SCTP_FORWARD_CUM_TSN: 6451 peer_supports_prsctp = 1; 6452 break; 6453 case SCTP_PACKET_DROPPED: 6454 peer_supports_pktdrop = 1; 6455 break; 6456 case SCTP_NR_SELECTIVE_ACK: 6457 peer_supports_nrsack = 1; 6458 break; 6459 case SCTP_STREAM_RESET: 6460 peer_supports_reconfig = 1; 6461 break; 6462 case SCTP_AUTHENTICATION: 6463 peer_supports_auth = 1; 6464 break; 6465 case SCTP_IDATA: 6466 peer_supports_idata = 1; 6467 break; 6468 default: 6469 /* one I have not learned yet */ 6470 break; 6471 6472 } 6473 } 6474 } else if (ptype == SCTP_RANDOM) { 6475 if (plen > sizeof(random_store)) 6476 break; 6477 if (got_random) { 6478 /* already processed a RANDOM */ 6479 goto next_param; 6480 } 6481 phdr = sctp_get_next_param(m, offset, 6482 (struct sctp_paramhdr *)random_store, 6483 plen); 6484 if (phdr == NULL) 6485 return (-26); 6486 p_random = (struct sctp_auth_random *)phdr; 6487 random_len = plen - sizeof(*p_random); 6488 /* enforce the random length */ 6489 if (random_len != SCTP_AUTH_RANDOM_SIZE_REQUIRED) { 6490 SCTPDBG(SCTP_DEBUG_AUTH1, "SCTP: invalid RANDOM len\n"); 6491 return (-27); 6492 } 6493 got_random = 1; 6494 } else if (ptype == SCTP_HMAC_LIST) { 6495 uint16_t num_hmacs; 6496 uint16_t i; 6497 6498 if (plen > sizeof(hmacs_store)) 6499 break; 6500 if (got_hmacs) { 6501 /* already processed a HMAC list */ 6502 goto next_param; 6503 } 6504 phdr = sctp_get_next_param(m, offset, 6505 (struct sctp_paramhdr *)hmacs_store, 6506 plen); 6507 if (phdr == NULL) 6508 return (-28); 6509 hmacs = (struct sctp_auth_hmac_algo *)phdr; 6510 hmacs_len = plen - sizeof(*hmacs); 6511 num_hmacs = hmacs_len / sizeof(hmacs->hmac_ids[0]); 6512 /* validate the hmac list */ 6513 if (sctp_verify_hmac_param(hmacs, num_hmacs)) { 6514 return (-29); 6515 } 6516 if (stcb->asoc.peer_hmacs != NULL) 6517 sctp_free_hmaclist(stcb->asoc.peer_hmacs); 6518 stcb->asoc.peer_hmacs = sctp_alloc_hmaclist(num_hmacs); 6519 if (stcb->asoc.peer_hmacs != NULL) { 6520 for (i = 0; i < num_hmacs; i++) { 6521 (void)sctp_auth_add_hmacid(stcb->asoc.peer_hmacs, 6522 ntohs(hmacs->hmac_ids[i])); 6523 } 6524 } 6525 got_hmacs = 1; 6526 } else if (ptype == SCTP_CHUNK_LIST) { 6527 int i; 6528 6529 if (plen > sizeof(chunks_store)) 6530 break; 6531 if (got_chklist) { 6532 /* already processed a Chunks list */ 6533 goto next_param; 6534 } 6535 phdr = sctp_get_next_param(m, offset, 6536 (struct sctp_paramhdr *)chunks_store, 6537 plen); 6538 if (phdr == NULL) 6539 return (-30); 6540 chunks = (struct sctp_auth_chunk_list *)phdr; 6541 num_chunks = plen - sizeof(*chunks); 6542 if (stcb->asoc.peer_auth_chunks != NULL) 6543 sctp_clear_chunklist(stcb->asoc.peer_auth_chunks); 6544 else 6545 stcb->asoc.peer_auth_chunks = sctp_alloc_chunklist(); 6546 for (i = 0; i < num_chunks; i++) { 6547 (void)sctp_auth_add_chunk(chunks->chunk_types[i], 6548 stcb->asoc.peer_auth_chunks); 6549 /* record asconf/asconf-ack if listed */ 6550 if (chunks->chunk_types[i] == SCTP_ASCONF) 6551 saw_asconf = 1; 6552 if (chunks->chunk_types[i] == SCTP_ASCONF_ACK) 6553 saw_asconf_ack = 1; 6554 6555 } 6556 got_chklist = 1; 6557 } else if ((ptype == SCTP_HEARTBEAT_INFO) || 6558 (ptype == SCTP_STATE_COOKIE) || 6559 (ptype == SCTP_UNRECOG_PARAM) || 6560 (ptype == SCTP_COOKIE_PRESERVE) || 6561 (ptype == SCTP_SUPPORTED_ADDRTYPE) || 6562 (ptype == SCTP_ADD_IP_ADDRESS) || 6563 (ptype == SCTP_DEL_IP_ADDRESS) || 6564 (ptype == SCTP_ERROR_CAUSE_IND) || 6565 (ptype == SCTP_SUCCESS_REPORT)) { 6566 /* don't care */ ; 6567 } else { 6568 if ((ptype & 0x8000) == 0x0000) { 6569 /* 6570 * must stop processing the rest of the 6571 * param's. Any report bits were handled 6572 * with the call to 6573 * sctp_arethere_unrecognized_parameters() 6574 * when the INIT or INIT-ACK was first seen. 6575 */ 6576 break; 6577 } 6578 } 6579 6580next_param: 6581 offset += SCTP_SIZE32(plen); 6582 if (offset >= limit) { 6583 break; 6584 } 6585 phdr = sctp_get_next_param(m, offset, ¶m_buf, 6586 sizeof(param_buf)); 6587 } 6588 /* Now check to see if we need to purge any addresses */ 6589 TAILQ_FOREACH_SAFE(net, &stcb->asoc.nets, sctp_next, nnet) { 6590 if ((net->dest_state & SCTP_ADDR_NOT_IN_ASSOC) == 6591 SCTP_ADDR_NOT_IN_ASSOC) { 6592 /* This address has been removed from the asoc */ 6593 /* remove and free it */ 6594 stcb->asoc.numnets--; 6595 TAILQ_REMOVE(&stcb->asoc.nets, net, sctp_next); 6596 sctp_free_remote_addr(net); 6597 if (net == stcb->asoc.primary_destination) { 6598 stcb->asoc.primary_destination = NULL; 6599 sctp_select_primary_destination(stcb); 6600 } 6601 } 6602 } 6603 if ((stcb->asoc.ecn_supported == 1) && 6604 (peer_supports_ecn == 0)) { 6605 stcb->asoc.ecn_supported = 0; 6606 } 6607 if ((stcb->asoc.prsctp_supported == 1) && 6608 (peer_supports_prsctp == 0)) { 6609 stcb->asoc.prsctp_supported = 0; 6610 } 6611 if ((stcb->asoc.auth_supported == 1) && 6612 ((peer_supports_auth == 0) || 6613 (got_random == 0) || (got_hmacs == 0))) { 6614 stcb->asoc.auth_supported = 0; 6615 } 6616 if ((stcb->asoc.asconf_supported == 1) && 6617 ((peer_supports_asconf == 0) || (peer_supports_asconf_ack == 0) || 6618 (stcb->asoc.auth_supported == 0) || 6619 (saw_asconf == 0) || (saw_asconf_ack == 0))) { 6620 stcb->asoc.asconf_supported = 0; 6621 } 6622 if ((stcb->asoc.reconfig_supported == 1) && 6623 (peer_supports_reconfig == 0)) { 6624 stcb->asoc.reconfig_supported = 0; 6625 } 6626 if ((stcb->asoc.idata_supported == 1) && 6627 (peer_supports_idata == 0)) { 6628 stcb->asoc.idata_supported = 0; 6629 } 6630 if ((stcb->asoc.nrsack_supported == 1) && 6631 (peer_supports_nrsack == 0)) { 6632 stcb->asoc.nrsack_supported = 0; 6633 } 6634 if ((stcb->asoc.pktdrop_supported == 1) && 6635 (peer_supports_pktdrop == 0)) { 6636 stcb->asoc.pktdrop_supported = 0; 6637 } 6638 /* validate authentication required parameters */ 6639 if ((peer_supports_auth == 0) && (got_chklist == 1)) { 6640 /* peer does not support auth but sent a chunks list? */ 6641 return (-31); 6642 } 6643 if ((peer_supports_asconf == 1) && (peer_supports_auth == 0)) { 6644 /* peer supports asconf but not auth? */ 6645 return (-32); 6646 } else if ((peer_supports_asconf == 1) && 6647 (peer_supports_auth == 1) && 6648 ((saw_asconf == 0) || (saw_asconf_ack == 0))) { 6649 return (-33); 6650 } 6651 /* concatenate the full random key */ 6652 keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len; 6653 if (chunks != NULL) { 6654 keylen += sizeof(*chunks) + num_chunks; 6655 } 6656 new_key = sctp_alloc_key(keylen); 6657 if (new_key != NULL) { 6658 /* copy in the RANDOM */ 6659 if (p_random != NULL) { 6660 keylen = sizeof(*p_random) + random_len; 6661 bcopy(p_random, new_key->key, keylen); 6662 } 6663 /* append in the AUTH chunks */ 6664 if (chunks != NULL) { 6665 bcopy(chunks, new_key->key + keylen, 6666 sizeof(*chunks) + num_chunks); 6667 keylen += sizeof(*chunks) + num_chunks; 6668 } 6669 /* append in the HMACs */ 6670 if (hmacs != NULL) { 6671 bcopy(hmacs, new_key->key + keylen, 6672 sizeof(*hmacs) + hmacs_len); 6673 } 6674 } else { 6675 /* failed to get memory for the key */ 6676 return (-34); 6677 } 6678 if (stcb->asoc.authinfo.peer_random != NULL) 6679 sctp_free_key(stcb->asoc.authinfo.peer_random); 6680 stcb->asoc.authinfo.peer_random = new_key; 6681 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid); 6682 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid); 6683 6684 return (0); 6685} 6686 6687int 6688sctp_set_primary_addr(struct sctp_tcb *stcb, struct sockaddr *sa, 6689 struct sctp_nets *net) 6690{ 6691 /* make sure the requested primary address exists in the assoc */ 6692 if (net == NULL && sa) 6693 net = sctp_findnet(stcb, sa); 6694 6695 if (net == NULL) { 6696 /* didn't find the requested primary address! */ 6697 return (-1); 6698 } else { 6699 /* set the primary address */ 6700 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 6701 /* Must be confirmed, so queue to set */ 6702 net->dest_state |= SCTP_ADDR_REQ_PRIMARY; 6703 return (0); 6704 } 6705 stcb->asoc.primary_destination = net; 6706 if (!(net->dest_state & SCTP_ADDR_PF) && (stcb->asoc.alternate)) { 6707 sctp_free_remote_addr(stcb->asoc.alternate); 6708 stcb->asoc.alternate = NULL; 6709 } 6710 net = TAILQ_FIRST(&stcb->asoc.nets); 6711 if (net != stcb->asoc.primary_destination) { 6712 /* 6713 * first one on the list is NOT the primary 6714 * sctp_cmpaddr() is much more efficient if the 6715 * primary is the first on the list, make it so. 6716 */ 6717 TAILQ_REMOVE(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next); 6718 TAILQ_INSERT_HEAD(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next); 6719 } 6720 return (0); 6721 } 6722} 6723 6724int 6725sctp_is_vtag_good(uint32_t tag, uint16_t lport, uint16_t rport, struct timeval *now) 6726{ 6727 /* 6728 * This function serves two purposes. It will see if a TAG can be 6729 * re-used and return 1 for yes it is ok and 0 for don't use that 6730 * tag. A secondary function it will do is purge out old tags that 6731 * can be removed. 6732 */ 6733 struct sctpvtaghead *chain; 6734 struct sctp_tagblock *twait_block; 6735 struct sctpasochead *head; 6736 struct sctp_tcb *stcb; 6737 int i; 6738 6739 SCTP_INP_INFO_RLOCK(); 6740 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(tag, 6741 SCTP_BASE_INFO(hashasocmark))]; 6742 LIST_FOREACH(stcb, head, sctp_asocs) { 6743 /* 6744 * We choose not to lock anything here. TCB's can't be 6745 * removed since we have the read lock, so they can't be 6746 * freed on us, same thing for the INP. I may be wrong with 6747 * this assumption, but we will go with it for now :-) 6748 */ 6749 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 6750 continue; 6751 } 6752 if (stcb->asoc.my_vtag == tag) { 6753 /* candidate */ 6754 if (stcb->rport != rport) { 6755 continue; 6756 } 6757 if (stcb->sctp_ep->sctp_lport != lport) { 6758 continue; 6759 } 6760 /* Its a used tag set */ 6761 SCTP_INP_INFO_RUNLOCK(); 6762 return (0); 6763 } 6764 } 6765 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)]; 6766 /* Now what about timed wait ? */ 6767 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) { 6768 /* 6769 * Block(s) are present, lets see if we have this tag in the 6770 * list 6771 */ 6772 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) { 6773 if (twait_block->vtag_block[i].v_tag == 0) { 6774 /* not used */ 6775 continue; 6776 } else if ((long)twait_block->vtag_block[i].tv_sec_at_expire < 6777 now->tv_sec) { 6778 /* Audit expires this guy */ 6779 twait_block->vtag_block[i].tv_sec_at_expire = 0; 6780 twait_block->vtag_block[i].v_tag = 0; 6781 twait_block->vtag_block[i].lport = 0; 6782 twait_block->vtag_block[i].rport = 0; 6783 } else if ((twait_block->vtag_block[i].v_tag == tag) && 6784 (twait_block->vtag_block[i].lport == lport) && 6785 (twait_block->vtag_block[i].rport == rport)) { 6786 /* Bad tag, sorry :< */ 6787 SCTP_INP_INFO_RUNLOCK(); 6788 return (0); 6789 } 6790 } 6791 } 6792 SCTP_INP_INFO_RUNLOCK(); 6793 return (1); 6794} 6795 6796static void 6797sctp_drain_mbufs(struct sctp_tcb *stcb) 6798{ 6799 /* 6800 * We must hunt this association for MBUF's past the cumack (i.e. 6801 * out of order data that we can renege on). 6802 */ 6803 struct sctp_association *asoc; 6804 struct sctp_tmit_chunk *chk, *nchk; 6805 uint32_t cumulative_tsn_p1; 6806 struct sctp_queued_to_read *ctl, *nctl; 6807 int cnt, strmat; 6808 uint32_t gap, i; 6809 int fnd = 0; 6810 6811 /* We look for anything larger than the cum-ack + 1 */ 6812 6813 asoc = &stcb->asoc; 6814 if (asoc->cumulative_tsn == asoc->highest_tsn_inside_map) { 6815 /* none we can reneg on. */ 6816 return; 6817 } 6818 SCTP_STAT_INCR(sctps_protocol_drains_done); 6819 cumulative_tsn_p1 = asoc->cumulative_tsn + 1; 6820 cnt = 0; 6821 /* Ok that was fun, now we will drain all the inbound streams? */ 6822 for (strmat = 0; strmat < asoc->streamincnt; strmat++) { 6823 TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[strmat].inqueue, next_instrm, nctl) { 6824#ifdef INVARIANTS 6825 if (ctl->on_strm_q != SCTP_ON_ORDERED) { 6826 panic("Huh control: %p on_q: %d -- not ordered?", 6827 ctl, ctl->on_strm_q); 6828 } 6829#endif 6830 if (SCTP_TSN_GT(ctl->sinfo_tsn, cumulative_tsn_p1)) { 6831 /* Yep it is above cum-ack */ 6832 cnt++; 6833 SCTP_CALC_TSN_TO_GAP(gap, ctl->sinfo_tsn, asoc->mapping_array_base_tsn); 6834 asoc->size_on_all_streams = sctp_sbspace_sub(asoc->size_on_all_streams, ctl->length); 6835 sctp_ucount_decr(asoc->cnt_on_all_streams); 6836 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); 6837 if (ctl->on_read_q) { 6838 TAILQ_REMOVE(&stcb->sctp_ep->read_queue, ctl, next); 6839 ctl->on_read_q = 0; 6840 } 6841 TAILQ_REMOVE(&asoc->strmin[strmat].inqueue, ctl, next_instrm); 6842 ctl->on_strm_q = 0; 6843 if (ctl->data) { 6844 sctp_m_freem(ctl->data); 6845 ctl->data = NULL; 6846 } 6847 sctp_free_remote_addr(ctl->whoFrom); 6848 /* Now its reasm? */ 6849 TAILQ_FOREACH_SAFE(chk, &ctl->reasm, sctp_next, nchk) { 6850 cnt++; 6851 SCTP_CALC_TSN_TO_GAP(gap, chk->rec.data.tsn, asoc->mapping_array_base_tsn); 6852 asoc->size_on_reasm_queue = sctp_sbspace_sub(asoc->size_on_reasm_queue, chk->send_size); 6853 sctp_ucount_decr(asoc->cnt_on_reasm_queue); 6854 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); 6855 TAILQ_REMOVE(&ctl->reasm, chk, sctp_next); 6856 if (chk->data) { 6857 sctp_m_freem(chk->data); 6858 chk->data = NULL; 6859 } 6860 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 6861 } 6862 sctp_free_a_readq(stcb, ctl); 6863 } 6864 } 6865 TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[strmat].uno_inqueue, next_instrm, nctl) { 6866#ifdef INVARIANTS 6867 if (ctl->on_strm_q != SCTP_ON_UNORDERED) { 6868 panic("Huh control: %p on_q: %d -- not unordered?", 6869 ctl, ctl->on_strm_q); 6870 } 6871#endif 6872 if (SCTP_TSN_GT(ctl->sinfo_tsn, cumulative_tsn_p1)) { 6873 /* Yep it is above cum-ack */ 6874 cnt++; 6875 SCTP_CALC_TSN_TO_GAP(gap, ctl->sinfo_tsn, asoc->mapping_array_base_tsn); 6876 asoc->size_on_all_streams = sctp_sbspace_sub(asoc->size_on_all_streams, ctl->length); 6877 sctp_ucount_decr(asoc->cnt_on_all_streams); 6878 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); 6879 if (ctl->on_read_q) { 6880 TAILQ_REMOVE(&stcb->sctp_ep->read_queue, ctl, next); 6881 ctl->on_read_q = 0; 6882 } 6883 TAILQ_REMOVE(&asoc->strmin[strmat].uno_inqueue, ctl, next_instrm); 6884 ctl->on_strm_q = 0; 6885 if (ctl->data) { 6886 sctp_m_freem(ctl->data); 6887 ctl->data = NULL; 6888 } 6889 sctp_free_remote_addr(ctl->whoFrom); 6890 /* Now its reasm? */ 6891 TAILQ_FOREACH_SAFE(chk, &ctl->reasm, sctp_next, nchk) { 6892 cnt++; 6893 SCTP_CALC_TSN_TO_GAP(gap, chk->rec.data.tsn, asoc->mapping_array_base_tsn); 6894 asoc->size_on_reasm_queue = sctp_sbspace_sub(asoc->size_on_reasm_queue, chk->send_size); 6895 sctp_ucount_decr(asoc->cnt_on_reasm_queue); 6896 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); 6897 TAILQ_REMOVE(&ctl->reasm, chk, sctp_next); 6898 if (chk->data) { 6899 sctp_m_freem(chk->data); 6900 chk->data = NULL; 6901 } 6902 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 6903 } 6904 sctp_free_a_readq(stcb, ctl); 6905 } 6906 } 6907 } 6908 if (cnt) { 6909 /* We must back down to see what the new highest is */ 6910 for (i = asoc->highest_tsn_inside_map; SCTP_TSN_GE(i, asoc->mapping_array_base_tsn); i--) { 6911 SCTP_CALC_TSN_TO_GAP(gap, i, asoc->mapping_array_base_tsn); 6912 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) { 6913 asoc->highest_tsn_inside_map = i; 6914 fnd = 1; 6915 break; 6916 } 6917 } 6918 if (!fnd) { 6919 asoc->highest_tsn_inside_map = asoc->mapping_array_base_tsn - 1; 6920 } 6921 /* 6922 * Question, should we go through the delivery queue? The 6923 * only reason things are on here is the app not reading OR 6924 * a p-d-api up. An attacker COULD send enough in to 6925 * initiate the PD-API and then send a bunch of stuff to 6926 * other streams... these would wind up on the delivery 6927 * queue.. and then we would not get to them. But in order 6928 * to do this I then have to back-track and un-deliver 6929 * sequence numbers in streams.. el-yucko. I think for now 6930 * we will NOT look at the delivery queue and leave it to be 6931 * something to consider later. An alternative would be to 6932 * abort the P-D-API with a notification and then deliver 6933 * the data.... Or another method might be to keep track of 6934 * how many times the situation occurs and if we see a 6935 * possible attack underway just abort the association. 6936 */ 6937#ifdef SCTP_DEBUG 6938 SCTPDBG(SCTP_DEBUG_PCB1, "Freed %d chunks from reneg harvest\n", cnt); 6939#endif 6940 /* 6941 * Now do we need to find a new 6942 * asoc->highest_tsn_inside_map? 6943 */ 6944 asoc->last_revoke_count = cnt; 6945 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer); 6946 /* sa_ignore NO_NULL_CHK */ 6947 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED); 6948 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_DRAIN, SCTP_SO_NOT_LOCKED); 6949 } 6950 /* 6951 * Another issue, in un-setting the TSN's in the mapping array we 6952 * DID NOT adjust the highest_tsn marker. This will cause one of 6953 * two things to occur. It may cause us to do extra work in checking 6954 * for our mapping array movement. More importantly it may cause us 6955 * to SACK every datagram. This may not be a bad thing though since 6956 * we will recover once we get our cum-ack above and all this stuff 6957 * we dumped recovered. 6958 */ 6959} 6960 6961void 6962sctp_drain() 6963{ 6964 /* 6965 * We must walk the PCB lists for ALL associations here. The system 6966 * is LOW on MBUF's and needs help. This is where reneging will 6967 * occur. We really hope this does NOT happen! 6968 */ 6969 VNET_ITERATOR_DECL(vnet_iter); 6970 VNET_LIST_RLOCK_NOSLEEP(); 6971 VNET_FOREACH(vnet_iter) { 6972 CURVNET_SET(vnet_iter); 6973 struct sctp_inpcb *inp; 6974 struct sctp_tcb *stcb; 6975 6976 SCTP_STAT_INCR(sctps_protocol_drain_calls); 6977 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) { 6978#ifdef VIMAGE 6979 continue; 6980#else 6981 return; 6982#endif 6983 } 6984 SCTP_INP_INFO_RLOCK(); 6985 LIST_FOREACH(inp, &SCTP_BASE_INFO(listhead), sctp_list) { 6986 /* For each endpoint */ 6987 SCTP_INP_RLOCK(inp); 6988 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 6989 /* For each association */ 6990 SCTP_TCB_LOCK(stcb); 6991 sctp_drain_mbufs(stcb); 6992 SCTP_TCB_UNLOCK(stcb); 6993 } 6994 SCTP_INP_RUNLOCK(inp); 6995 } 6996 SCTP_INP_INFO_RUNLOCK(); 6997 CURVNET_RESTORE(); 6998 } 6999 VNET_LIST_RUNLOCK_NOSLEEP(); 7000} 7001 7002/* 7003 * start a new iterator 7004 * iterates through all endpoints and associations based on the pcb_state 7005 * flags and asoc_state. "af" (mandatory) is executed for all matching 7006 * assocs and "ef" (optional) is executed when the iterator completes. 7007 * "inpf" (optional) is executed for each new endpoint as it is being 7008 * iterated through. inpe (optional) is called when the inp completes 7009 * its way through all the stcbs. 7010 */ 7011int 7012sctp_initiate_iterator(inp_func inpf, 7013 asoc_func af, 7014 inp_func inpe, 7015 uint32_t pcb_state, 7016 uint32_t pcb_features, 7017 uint32_t asoc_state, 7018 void *argp, 7019 uint32_t argi, 7020 end_func ef, 7021 struct sctp_inpcb *s_inp, 7022 uint8_t chunk_output_off) 7023{ 7024 struct sctp_iterator *it = NULL; 7025 7026 if (af == NULL) { 7027 return (-1); 7028 } 7029 if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) { 7030 SCTP_PRINTF("%s: abort on initialize being %d\n", __func__, 7031 SCTP_BASE_VAR(sctp_pcb_initialized)); 7032 return (-1); 7033 } 7034 SCTP_MALLOC(it, struct sctp_iterator *, sizeof(struct sctp_iterator), 7035 SCTP_M_ITER); 7036 if (it == NULL) { 7037 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM); 7038 return (ENOMEM); 7039 } 7040 memset(it, 0, sizeof(*it)); 7041 it->function_assoc = af; 7042 it->function_inp = inpf; 7043 if (inpf) 7044 it->done_current_ep = 0; 7045 else 7046 it->done_current_ep = 1; 7047 it->function_atend = ef; 7048 it->pointer = argp; 7049 it->val = argi; 7050 it->pcb_flags = pcb_state; 7051 it->pcb_features = pcb_features; 7052 it->asoc_state = asoc_state; 7053 it->function_inp_end = inpe; 7054 it->no_chunk_output = chunk_output_off; 7055 it->vn = curvnet; 7056 if (s_inp) { 7057 /* Assume lock is held here */ 7058 it->inp = s_inp; 7059 SCTP_INP_INCR_REF(it->inp); 7060 it->iterator_flags = SCTP_ITERATOR_DO_SINGLE_INP; 7061 } else { 7062 SCTP_INP_INFO_RLOCK(); 7063 it->inp = LIST_FIRST(&SCTP_BASE_INFO(listhead)); 7064 if (it->inp) { 7065 SCTP_INP_INCR_REF(it->inp); 7066 } 7067 SCTP_INP_INFO_RUNLOCK(); 7068 it->iterator_flags = SCTP_ITERATOR_DO_ALL_INP; 7069 7070 } 7071 SCTP_IPI_ITERATOR_WQ_LOCK(); 7072 if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) { 7073 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 7074 SCTP_PRINTF("%s: rollback on initialize being %d it=%p\n", __func__, 7075 SCTP_BASE_VAR(sctp_pcb_initialized), it); 7076 SCTP_FREE(it, SCTP_M_ITER); 7077 return (-1); 7078 } 7079 TAILQ_INSERT_TAIL(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr); 7080 if (sctp_it_ctl.iterator_running == 0) { 7081 sctp_wakeup_iterator(); 7082 } 7083 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 7084 /* sa_ignore MEMLEAK {memory is put on the tailq for the iterator} */ 7085 return (0); 7086} 7087