1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
10 *
11 * a) Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 *
14 * b) Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the distribution.
17 *
18 * c) Neither the name of Cisco Systems, Inc. nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
32 * THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35 #include <netinet/sctp_os.h>
36 #include <sys/proc.h>
37 #include <netinet/sctp_var.h>
38 #include <netinet/sctp_sysctl.h>
39 #include <netinet/sctp_pcb.h>
40 #include <netinet/sctputil.h>
41 #include <netinet/sctp.h>
42 #include <netinet/sctp_header.h>
43 #include <netinet/sctp_asconf.h>
44 #include <netinet/sctp_output.h>
45 #include <netinet/sctp_timer.h>
46 #include <netinet/sctp_bsd_addr.h>
47 #if defined(INET) || defined(INET6)
48 #include <netinet/udp.h>
49 #endif
50 #ifdef INET6
51 #include <netinet6/ip6_var.h>
52 #endif
53 #include <sys/sched.h>
54 #include <sys/smp.h>
55 #include <sys/unistd.h>
56
57 /* FIX: we don't handle multiple link local scopes */
58 /* "scopeless" replacement IN6_ARE_ADDR_EQUAL */
59 #ifdef INET6
60 int
SCTP6_ARE_ADDR_EQUAL(struct sockaddr_in6 * a,struct sockaddr_in6 * b)61 SCTP6_ARE_ADDR_EQUAL(struct sockaddr_in6 *a, struct sockaddr_in6 *b)
62 {
63 struct sockaddr_in6 tmp_a, tmp_b;
64
65 memcpy(&tmp_a, a, sizeof(struct sockaddr_in6));
66 if (sa6_embedscope(&tmp_a, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
67 return (0);
68 }
69 memcpy(&tmp_b, b, sizeof(struct sockaddr_in6));
70 if (sa6_embedscope(&tmp_b, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
71 return (0);
72 }
73 return (IN6_ARE_ADDR_EQUAL(&tmp_a.sin6_addr, &tmp_b.sin6_addr));
74 }
75 #endif
76
77 void
sctp_fill_pcbinfo(struct sctp_pcbinfo * spcb)78 sctp_fill_pcbinfo(struct sctp_pcbinfo *spcb)
79 {
80 /*
81 * We really don't need to lock this, but I will just because it
82 * does not hurt.
83 */
84 SCTP_INP_INFO_RLOCK();
85 spcb->ep_count = SCTP_BASE_INFO(ipi_count_ep);
86 spcb->asoc_count = SCTP_BASE_INFO(ipi_count_asoc);
87 spcb->laddr_count = SCTP_BASE_INFO(ipi_count_laddr);
88 spcb->raddr_count = SCTP_BASE_INFO(ipi_count_raddr);
89 spcb->chk_count = SCTP_BASE_INFO(ipi_count_chunk);
90 spcb->readq_count = SCTP_BASE_INFO(ipi_count_readq);
91 spcb->stream_oque = SCTP_BASE_INFO(ipi_count_strmoq);
92 spcb->free_chunks = SCTP_BASE_INFO(ipi_free_chunks);
93 SCTP_INP_INFO_RUNLOCK();
94 }
95
96 /*-
97 * Addresses are added to VRF's (Virtual Router's). For BSD we
98 * have only the default VRF 0. We maintain a hash list of
99 * VRF's. Each VRF has its own list of sctp_ifn's. Each of
100 * these has a list of addresses. When we add a new address
101 * to a VRF we lookup the ifn/ifn_index, if the ifn does
102 * not exist we create it and add it to the list of IFN's
103 * within the VRF. Once we have the sctp_ifn, we add the
104 * address to the list. So we look something like:
105 *
106 * hash-vrf-table
107 * vrf-> ifn-> ifn -> ifn
108 * vrf |
109 * ... +--ifa-> ifa -> ifa
110 * vrf
111 *
112 * We keep these separate lists since the SCTP subsystem will
113 * point to these from its source address selection nets structure.
114 * When an address is deleted it does not happen right away on
115 * the SCTP side, it gets scheduled. What we do when a
116 * delete happens is immediately remove the address from
117 * the master list and decrement the refcount. As our
118 * addip iterator works through and frees the src address
119 * selection pointing to the sctp_ifa, eventually the refcount
120 * will reach 0 and we will delete it. Note that it is assumed
121 * that any locking on system level ifn/ifa is done at the
122 * caller of these functions and these routines will only
123 * lock the SCTP structures as they add or delete things.
124 *
125 * Other notes on VRF concepts.
126 * - An endpoint can be in multiple VRF's
127 * - An association lives within a VRF and only one VRF.
128 * - Any incoming packet we can deduce the VRF for by
129 * looking at the mbuf/pak inbound (for BSD its VRF=0 :D)
130 * - Any downward send call or connect call must supply the
131 * VRF via ancillary data or via some sort of set default
132 * VRF socket option call (again for BSD no brainer since
133 * the VRF is always 0).
134 * - An endpoint may add multiple VRF's to it.
135 * - Listening sockets can accept associations in any
136 * of the VRF's they are in but the assoc will end up
137 * in only one VRF (gotten from the packet or connect/send).
138 *
139 */
140
141 struct sctp_vrf *
sctp_allocate_vrf(int vrf_id)142 sctp_allocate_vrf(int vrf_id)
143 {
144 struct sctp_vrf *vrf = NULL;
145 struct sctp_vrflist *bucket;
146
147 /* First allocate the VRF structure */
148 vrf = sctp_find_vrf(vrf_id);
149 if (vrf) {
150 /* Already allocated */
151 return (vrf);
152 }
153 SCTP_MALLOC(vrf, struct sctp_vrf *, sizeof(struct sctp_vrf),
154 SCTP_M_VRF);
155 if (vrf == NULL) {
156 /* No memory */
157 #ifdef INVARIANTS
158 panic("No memory for VRF:%d", vrf_id);
159 #endif
160 return (NULL);
161 }
162 /* setup the VRF */
163 memset(vrf, 0, sizeof(struct sctp_vrf));
164 vrf->vrf_id = vrf_id;
165 LIST_INIT(&vrf->ifnlist);
166 vrf->total_ifa_count = 0;
167 vrf->refcount = 0;
168 /* now also setup table ids */
169 SCTP_INIT_VRF_TABLEID(vrf);
170 /* Init the HASH of addresses */
171 vrf->vrf_addr_hash = SCTP_HASH_INIT(SCTP_VRF_ADDR_HASH_SIZE,
172 &vrf->vrf_addr_hashmark);
173 if (vrf->vrf_addr_hash == NULL) {
174 /* No memory */
175 #ifdef INVARIANTS
176 panic("No memory for VRF:%d", vrf_id);
177 #endif
178 SCTP_FREE(vrf, SCTP_M_VRF);
179 return (NULL);
180 }
181
182 /* Add it to the hash table */
183 bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(vrf_id & SCTP_BASE_INFO(hashvrfmark))];
184 LIST_INSERT_HEAD(bucket, vrf, next_vrf);
185 atomic_add_int(&SCTP_BASE_INFO(ipi_count_vrfs), 1);
186 return (vrf);
187 }
188
189 struct sctp_ifn *
sctp_find_ifn(void * ifn,uint32_t ifn_index)190 sctp_find_ifn(void *ifn, uint32_t ifn_index)
191 {
192 struct sctp_ifn *sctp_ifnp;
193 struct sctp_ifnlist *hash_ifn_head;
194
195 SCTP_IPI_ADDR_LOCK_ASSERT();
196 KASSERT(ifn != NULL, ("sctp_find_ifn(NULL, %u) called", ifn_index));
197 hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))];
198 LIST_FOREACH(sctp_ifnp, hash_ifn_head, next_bucket) {
199 if (sctp_ifnp->ifn_index == ifn_index &&
200 sctp_ifnp->ifn_p == ifn) {
201 break;
202 }
203 }
204 return (sctp_ifnp);
205 }
206
207 struct sctp_vrf *
sctp_find_vrf(uint32_t vrf_id)208 sctp_find_vrf(uint32_t vrf_id)
209 {
210 struct sctp_vrflist *bucket;
211 struct sctp_vrf *liste;
212
213 bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(vrf_id & SCTP_BASE_INFO(hashvrfmark))];
214 LIST_FOREACH(liste, bucket, next_vrf) {
215 if (vrf_id == liste->vrf_id) {
216 return (liste);
217 }
218 }
219 return (NULL);
220 }
221
222 void
sctp_free_vrf(struct sctp_vrf * vrf)223 sctp_free_vrf(struct sctp_vrf *vrf)
224 {
225 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&vrf->refcount)) {
226 if (vrf->vrf_addr_hash) {
227 SCTP_HASH_FREE(vrf->vrf_addr_hash, vrf->vrf_addr_hashmark);
228 vrf->vrf_addr_hash = NULL;
229 }
230 /* We zero'd the count */
231 LIST_REMOVE(vrf, next_vrf);
232 SCTP_FREE(vrf, SCTP_M_VRF);
233 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_vrfs), 1);
234 }
235 }
236
237 static void
sctp_free_ifn(struct sctp_ifn * sctp_ifnp)238 sctp_free_ifn(struct sctp_ifn *sctp_ifnp)
239 {
240 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&sctp_ifnp->refcount)) {
241 /* We zero'd the count */
242 if (sctp_ifnp->vrf) {
243 sctp_free_vrf(sctp_ifnp->vrf);
244 }
245 SCTP_FREE(sctp_ifnp, SCTP_M_IFN);
246 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_ifns), 1);
247 }
248 }
249
250 void
sctp_free_ifa(struct sctp_ifa * sctp_ifap)251 sctp_free_ifa(struct sctp_ifa *sctp_ifap)
252 {
253 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&sctp_ifap->refcount)) {
254 /* We zero'd the count */
255 if (sctp_ifap->ifn_p) {
256 sctp_free_ifn(sctp_ifap->ifn_p);
257 }
258 SCTP_FREE(sctp_ifap, SCTP_M_IFA);
259 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_ifas), 1);
260 }
261 }
262
263 static void
sctp_delete_ifn(struct sctp_ifn * sctp_ifnp)264 sctp_delete_ifn(struct sctp_ifn *sctp_ifnp)
265 {
266
267 SCTP_IPI_ADDR_WLOCK_ASSERT();
268 if (sctp_find_ifn(sctp_ifnp->ifn_p, sctp_ifnp->ifn_index) == NULL) {
269 /* Not in the list.. sorry */
270 return;
271 }
272 LIST_REMOVE(sctp_ifnp, next_bucket);
273 LIST_REMOVE(sctp_ifnp, next_ifn);
274 /* Take away the reference, and possibly free it */
275 sctp_free_ifn(sctp_ifnp);
276 }
277
278 /*-
279 * Add an ifa to an ifn.
280 * Register the interface as necessary.
281 */
282 static void
sctp_add_ifa_to_ifn(struct sctp_ifn * sctp_ifnp,struct sctp_ifa * sctp_ifap)283 sctp_add_ifa_to_ifn(struct sctp_ifn *sctp_ifnp, struct sctp_ifa *sctp_ifap)
284 {
285 int ifa_af;
286
287 SCTP_IPI_ADDR_WLOCK_ASSERT();
288 LIST_INSERT_HEAD(&sctp_ifnp->ifalist, sctp_ifap, next_ifa);
289 sctp_ifap->ifn_p = sctp_ifnp;
290 atomic_add_int(&sctp_ifap->ifn_p->refcount, 1);
291 /* update address counts */
292 sctp_ifnp->ifa_count++;
293 ifa_af = sctp_ifap->address.sa.sa_family;
294 switch (ifa_af) {
295 #ifdef INET
296 case AF_INET:
297 sctp_ifnp->num_v4++;
298 break;
299 #endif
300 #ifdef INET6
301 case AF_INET6:
302 sctp_ifnp->num_v6++;
303 break;
304 #endif
305 default:
306 break;
307 }
308 if (sctp_ifnp->ifa_count == 1) {
309 /* register the new interface */
310 sctp_ifnp->registered_af = ifa_af;
311 }
312 }
313
314 /*-
315 * Remove an ifa from its ifn.
316 * If no more addresses exist, remove the ifn too. Otherwise, re-register
317 * the interface based on the remaining address families left.
318 */
319 static void
sctp_remove_ifa_from_ifn(struct sctp_ifa * sctp_ifap)320 sctp_remove_ifa_from_ifn(struct sctp_ifa *sctp_ifap)
321 {
322 SCTP_IPI_ADDR_WLOCK_ASSERT();
323 LIST_REMOVE(sctp_ifap, next_ifa);
324 if (sctp_ifap->ifn_p) {
325 /* update address counts */
326 sctp_ifap->ifn_p->ifa_count--;
327 switch (sctp_ifap->address.sa.sa_family) {
328 #ifdef INET
329 case AF_INET:
330 sctp_ifap->ifn_p->num_v4--;
331 break;
332 #endif
333 #ifdef INET6
334 case AF_INET6:
335 sctp_ifap->ifn_p->num_v6--;
336 break;
337 #endif
338 default:
339 break;
340 }
341
342 if (LIST_EMPTY(&sctp_ifap->ifn_p->ifalist)) {
343 /* remove the ifn, possibly freeing it */
344 sctp_delete_ifn(sctp_ifap->ifn_p);
345 } else {
346 /* re-register address family type, if needed */
347 if ((sctp_ifap->ifn_p->num_v6 == 0) &&
348 (sctp_ifap->ifn_p->registered_af == AF_INET6)) {
349 sctp_ifap->ifn_p->registered_af = AF_INET;
350 } else if ((sctp_ifap->ifn_p->num_v4 == 0) &&
351 (sctp_ifap->ifn_p->registered_af == AF_INET)) {
352 sctp_ifap->ifn_p->registered_af = AF_INET6;
353 }
354 /* free the ifn refcount */
355 sctp_free_ifn(sctp_ifap->ifn_p);
356 }
357 sctp_ifap->ifn_p = NULL;
358 }
359 }
360
361 struct sctp_ifa *
sctp_add_addr_to_vrf(uint32_t vrf_id,void * ifn,uint32_t ifn_index,uint32_t ifn_type,const char * if_name,void * ifa,struct sockaddr * addr,uint32_t ifa_flags,int dynamic_add)362 sctp_add_addr_to_vrf(uint32_t vrf_id, void *ifn, uint32_t ifn_index,
363 uint32_t ifn_type, const char *if_name, void *ifa,
364 struct sockaddr *addr, uint32_t ifa_flags,
365 int dynamic_add)
366 {
367 struct sctp_vrf *vrf;
368 struct sctp_ifn *sctp_ifnp, *new_sctp_ifnp;
369 struct sctp_ifa *sctp_ifap, *new_sctp_ifap;
370 struct sctp_ifalist *hash_addr_head;
371 struct sctp_ifnlist *hash_ifn_head;
372 uint32_t hash_of_addr;
373
374 #ifdef SCTP_DEBUG
375 SCTPDBG(SCTP_DEBUG_PCB4, "vrf_id 0x%x: adding address: ", vrf_id);
376 SCTPDBG_ADDR(SCTP_DEBUG_PCB4, addr);
377 #endif
378 SCTP_MALLOC(new_sctp_ifnp, struct sctp_ifn *,
379 sizeof(struct sctp_ifn), SCTP_M_IFN);
380 if (new_sctp_ifnp == NULL) {
381 #ifdef INVARIANTS
382 panic("No memory for IFN");
383 #endif
384 return (NULL);
385 }
386 SCTP_MALLOC(new_sctp_ifap, struct sctp_ifa *, sizeof(struct sctp_ifa), SCTP_M_IFA);
387 if (new_sctp_ifap == NULL) {
388 #ifdef INVARIANTS
389 panic("No memory for IFA");
390 #endif
391 SCTP_FREE(new_sctp_ifnp, SCTP_M_IFN);
392 return (NULL);
393 }
394
395 SCTP_IPI_ADDR_WLOCK();
396 sctp_ifnp = sctp_find_ifn(ifn, ifn_index);
397 if (sctp_ifnp) {
398 vrf = sctp_ifnp->vrf;
399 } else {
400 vrf = sctp_find_vrf(vrf_id);
401 if (vrf == NULL) {
402 vrf = sctp_allocate_vrf(vrf_id);
403 if (vrf == NULL) {
404 SCTP_IPI_ADDR_WUNLOCK();
405 SCTP_FREE(new_sctp_ifnp, SCTP_M_IFN);
406 SCTP_FREE(new_sctp_ifap, SCTP_M_IFA);
407 return (NULL);
408 }
409 }
410 }
411 if (sctp_ifnp == NULL) {
412 /*
413 * build one and add it, can't hold lock until after malloc
414 * done though.
415 */
416 sctp_ifnp = new_sctp_ifnp;
417 new_sctp_ifnp = NULL;
418 memset(sctp_ifnp, 0, sizeof(struct sctp_ifn));
419 sctp_ifnp->ifn_index = ifn_index;
420 sctp_ifnp->ifn_p = ifn;
421 sctp_ifnp->ifn_type = ifn_type;
422 sctp_ifnp->refcount = 0;
423 sctp_ifnp->vrf = vrf;
424 atomic_add_int(&vrf->refcount, 1);
425 sctp_ifnp->ifn_mtu = SCTP_GATHER_MTU_FROM_IFN_INFO(ifn, ifn_index);
426 if (if_name != NULL) {
427 SCTP_SNPRINTF(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name);
428 } else {
429 SCTP_SNPRINTF(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown");
430 }
431 hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))];
432 LIST_INIT(&sctp_ifnp->ifalist);
433 LIST_INSERT_HEAD(hash_ifn_head, sctp_ifnp, next_bucket);
434 LIST_INSERT_HEAD(&vrf->ifnlist, sctp_ifnp, next_ifn);
435 atomic_add_int(&SCTP_BASE_INFO(ipi_count_ifns), 1);
436 }
437 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
438 if (sctp_ifap != NULL) {
439 /* The address being added is already or still known. */
440 if (sctp_ifap->ifn_p != NULL) {
441 if (sctp_ifap->ifn_p->ifn_index == ifn_index &&
442 sctp_ifap->ifn_p->ifn_p == ifn) {
443 SCTPDBG(SCTP_DEBUG_PCB4,
444 "Using existing ifn %s (0x%x) for ifa %p\n",
445 sctp_ifap->ifn_p->ifn_name, ifn_index,
446 (void *)sctp_ifap);
447 if (new_sctp_ifnp == NULL) {
448 /* Remove the created one not used. */
449 sctp_delete_ifn(sctp_ifnp);
450 }
451 if (sctp_ifap->localifa_flags & SCTP_BEING_DELETED) {
452 /* Switch back to active. */
453 SCTPDBG(SCTP_DEBUG_PCB4,
454 "Clearing deleted ifa flag\n");
455 sctp_ifap->localifa_flags = SCTP_ADDR_VALID;
456 #ifdef INET6
457 if (sctp_ifap->address.sa.sa_family == AF_INET6) {
458 sctp_gather_internal_ifa_flags(sctp_ifap);
459 }
460 #endif
461 sctp_ifap->ifn_p = sctp_ifnp;
462 atomic_add_int(&sctp_ifap->ifn_p->refcount, 1);
463 }
464 } else {
465 /*
466 * The last IFN gets the address, remove the
467 * old one.
468 */
469 SCTPDBG(SCTP_DEBUG_PCB4,
470 "Moving ifa %p from %s (0x%x) to %s (0x%x)\n",
471 (void *)sctp_ifap,
472 sctp_ifap->ifn_p->ifn_name,
473 sctp_ifap->ifn_p->ifn_index, if_name,
474 ifn_index);
475 /* remove the address from the old ifn */
476 sctp_remove_ifa_from_ifn(sctp_ifap);
477 /* move the address over to the new ifn */
478 sctp_add_ifa_to_ifn(sctp_ifnp, sctp_ifap);
479 }
480 } else {
481 /* Repair ifn_p, which was NULL... */
482 sctp_ifap->localifa_flags = SCTP_ADDR_VALID;
483 #ifdef INET6
484 if (sctp_ifap->address.sa.sa_family == AF_INET6) {
485 sctp_gather_internal_ifa_flags(sctp_ifap);
486 }
487 #endif
488 SCTPDBG(SCTP_DEBUG_PCB4,
489 "Repairing ifn %p for ifa %p\n",
490 (void *)sctp_ifnp, (void *)sctp_ifap);
491 sctp_add_ifa_to_ifn(sctp_ifnp, sctp_ifap);
492 }
493 SCTP_IPI_ADDR_WUNLOCK();
494 if (new_sctp_ifnp != NULL) {
495 SCTP_FREE(new_sctp_ifnp, SCTP_M_IFN);
496 }
497 SCTP_FREE(new_sctp_ifap, SCTP_M_IFA);
498 return (sctp_ifap);
499 }
500 KASSERT(sctp_ifnp != NULL,
501 ("sctp_add_addr_to_vrf: sctp_ifnp == NULL"));
502 KASSERT(sctp_ifap == NULL,
503 ("sctp_add_addr_to_vrf: sctp_ifap (%p) != NULL", sctp_ifap));
504 sctp_ifap = new_sctp_ifap;
505 memset(sctp_ifap, 0, sizeof(struct sctp_ifa));
506 sctp_ifap->ifn_p = sctp_ifnp;
507 atomic_add_int(&sctp_ifnp->refcount, 1);
508 sctp_ifap->vrf_id = vrf_id;
509 sctp_ifap->ifa = ifa;
510 memcpy(&sctp_ifap->address, addr, addr->sa_len);
511 sctp_ifap->localifa_flags = SCTP_ADDR_VALID | SCTP_ADDR_DEFER_USE;
512 sctp_ifap->flags = ifa_flags;
513 #ifdef INET6
514 if (addr->sa_family == AF_INET6) {
515 sctp_gather_internal_ifa_flags(sctp_ifap);
516 }
517 #endif
518 /* Set scope */
519 switch (sctp_ifap->address.sa.sa_family) {
520 #ifdef INET
521 case AF_INET:
522 {
523 struct sockaddr_in *sin;
524
525 sin = &sctp_ifap->address.sin;
526 if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) ||
527 (IN4_ISLOOPBACK_ADDRESS(&sin->sin_addr))) {
528 sctp_ifap->src_is_loop = 1;
529 }
530 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) {
531 sctp_ifap->src_is_priv = 1;
532 }
533 sctp_ifnp->num_v4++;
534 if (new_sctp_ifnp == NULL)
535 sctp_ifnp->registered_af = AF_INET;
536 break;
537 }
538 #endif
539 #ifdef INET6
540 case AF_INET6:
541 {
542 /* ok to use deprecated addresses? */
543 struct sockaddr_in6 *sin6;
544
545 sin6 = &sctp_ifap->address.sin6;
546 if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) ||
547 (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))) {
548 sctp_ifap->src_is_loop = 1;
549 }
550 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
551 sctp_ifap->src_is_priv = 1;
552 }
553 sctp_ifnp->num_v6++;
554 if (new_sctp_ifnp == NULL)
555 sctp_ifnp->registered_af = AF_INET6;
556 break;
557 }
558 #endif
559 default:
560 break;
561 }
562 hash_of_addr = sctp_get_ifa_hash_val(&sctp_ifap->address.sa);
563
564 if ((sctp_ifap->src_is_priv == 0) &&
565 (sctp_ifap->src_is_loop == 0)) {
566 sctp_ifap->src_is_glob = 1;
567 }
568 hash_addr_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)];
569 LIST_INSERT_HEAD(hash_addr_head, sctp_ifap, next_bucket);
570 sctp_ifap->refcount = 1;
571 LIST_INSERT_HEAD(&sctp_ifnp->ifalist, sctp_ifap, next_ifa);
572 sctp_ifnp->ifa_count++;
573 vrf->total_ifa_count++;
574 atomic_add_int(&SCTP_BASE_INFO(ipi_count_ifas), 1);
575 SCTP_IPI_ADDR_WUNLOCK();
576 if (new_sctp_ifnp != NULL) {
577 SCTP_FREE(new_sctp_ifnp, SCTP_M_IFN);
578 }
579
580 if (dynamic_add) {
581 /*
582 * Bump up the refcount so that when the timer completes it
583 * will drop back down.
584 */
585 struct sctp_laddr *wi;
586
587 atomic_add_int(&sctp_ifap->refcount, 1);
588 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
589 if (wi == NULL) {
590 /*
591 * Gak, what can we do? We have lost an address
592 * change can you say HOSED?
593 */
594 SCTPDBG(SCTP_DEBUG_PCB4, "Lost an address change?\n");
595 /* Opps, must decrement the count */
596 sctp_del_addr_from_vrf(vrf_id, addr, ifn, ifn_index);
597 return (NULL);
598 }
599 SCTP_INCR_LADDR_COUNT();
600 memset(wi, 0, sizeof(*wi));
601 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time);
602 wi->ifa = sctp_ifap;
603 wi->action = SCTP_ADD_IP_ADDRESS;
604
605 SCTP_WQ_ADDR_LOCK();
606 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr);
607 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ,
608 (struct sctp_inpcb *)NULL,
609 (struct sctp_tcb *)NULL,
610 (struct sctp_nets *)NULL);
611 SCTP_WQ_ADDR_UNLOCK();
612 } else {
613 /* it's ready for use */
614 sctp_ifap->localifa_flags &= ~SCTP_ADDR_DEFER_USE;
615 }
616 return (sctp_ifap);
617 }
618
619 void
sctp_del_addr_from_vrf(uint32_t vrf_id,struct sockaddr * addr,void * ifn,uint32_t ifn_index)620 sctp_del_addr_from_vrf(uint32_t vrf_id, struct sockaddr *addr,
621 void *ifn, uint32_t ifn_index)
622 {
623 struct sctp_vrf *vrf;
624 struct sctp_ifa *sctp_ifap;
625
626 SCTP_IPI_ADDR_WLOCK();
627 vrf = sctp_find_vrf(vrf_id);
628 if (vrf == NULL) {
629 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id);
630 SCTP_IPI_ADDR_WUNLOCK();
631 return;
632 }
633
634 #ifdef SCTP_DEBUG
635 SCTPDBG(SCTP_DEBUG_PCB4, "vrf_id 0x%x: deleting address:", vrf_id);
636 SCTPDBG_ADDR(SCTP_DEBUG_PCB4, addr);
637 #endif
638 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
639 if (sctp_ifap != NULL) {
640 /* Validate the delete */
641 if (sctp_ifap->ifn_p) {
642 if (ifn_index != sctp_ifap->ifn_p->ifn_index ||
643 ifn != sctp_ifap->ifn_p->ifn_p) {
644 SCTPDBG(SCTP_DEBUG_PCB4, "ifn:%d (%p) ifname:%s - ignoring delete\n",
645 sctp_ifap->ifn_p->ifn_index,
646 sctp_ifap->ifn_p->ifn_p,
647 sctp_ifap->ifn_p->ifn_name);
648 SCTP_IPI_ADDR_WUNLOCK();
649 return;
650 }
651 }
652 SCTPDBG(SCTP_DEBUG_PCB4, "Deleting ifa %p\n", (void *)sctp_ifap);
653 sctp_ifap->localifa_flags &= ~SCTP_ADDR_VALID;
654 /*
655 * We don't set the flag. This means that the structure will
656 * hang around in EP's that have bound specific to it until
657 * they close. This gives us TCP like behavior if someone
658 * removes an address (or for that matter adds it right
659 * back).
660 */
661 /* sctp_ifap->localifa_flags |= SCTP_BEING_DELETED; */
662 vrf->total_ifa_count--;
663 LIST_REMOVE(sctp_ifap, next_bucket);
664 sctp_remove_ifa_from_ifn(sctp_ifap);
665 }
666 #ifdef SCTP_DEBUG
667 else {
668 SCTPDBG(SCTP_DEBUG_PCB4, "Del Addr-ifn:%d Could not find address:",
669 ifn_index);
670 SCTPDBG_ADDR(SCTP_DEBUG_PCB4, addr);
671 }
672 #endif
673
674 SCTP_IPI_ADDR_WUNLOCK();
675 if (sctp_ifap != NULL) {
676 struct sctp_laddr *wi;
677
678 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
679 if (wi == NULL) {
680 /*
681 * Gak, what can we do? We have lost an address
682 * change can you say HOSED?
683 */
684 SCTPDBG(SCTP_DEBUG_PCB4, "Lost an address change?\n");
685
686 /* Oops, must decrement the count */
687 sctp_free_ifa(sctp_ifap);
688 return;
689 }
690 SCTP_INCR_LADDR_COUNT();
691 memset(wi, 0, sizeof(*wi));
692 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time);
693 wi->ifa = sctp_ifap;
694 wi->action = SCTP_DEL_IP_ADDRESS;
695 SCTP_WQ_ADDR_LOCK();
696 /*
697 * Should this really be a tailq? As it is we will process
698 * the newest first :-0
699 */
700 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr);
701 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ,
702 (struct sctp_inpcb *)NULL,
703 (struct sctp_tcb *)NULL,
704 (struct sctp_nets *)NULL);
705 SCTP_WQ_ADDR_UNLOCK();
706 }
707 return;
708 }
709
710 static int
sctp_does_stcb_own_this_addr(struct sctp_tcb * stcb,struct sockaddr * to)711 sctp_does_stcb_own_this_addr(struct sctp_tcb *stcb, struct sockaddr *to)
712 {
713 int loopback_scope;
714 #if defined(INET)
715 int ipv4_local_scope, ipv4_addr_legal;
716 #endif
717 #if defined(INET6)
718 int local_scope, site_scope, ipv6_addr_legal;
719 #endif
720 struct sctp_vrf *vrf;
721 struct sctp_ifn *sctp_ifn;
722 struct sctp_ifa *sctp_ifa;
723
724 loopback_scope = stcb->asoc.scope.loopback_scope;
725 #if defined(INET)
726 ipv4_local_scope = stcb->asoc.scope.ipv4_local_scope;
727 ipv4_addr_legal = stcb->asoc.scope.ipv4_addr_legal;
728 #endif
729 #if defined(INET6)
730 local_scope = stcb->asoc.scope.local_scope;
731 site_scope = stcb->asoc.scope.site_scope;
732 ipv6_addr_legal = stcb->asoc.scope.ipv6_addr_legal;
733 #endif
734
735 SCTP_IPI_ADDR_RLOCK();
736 vrf = sctp_find_vrf(stcb->asoc.vrf_id);
737 if (vrf == NULL) {
738 /* no vrf, no addresses */
739 SCTP_IPI_ADDR_RUNLOCK();
740 return (0);
741 }
742
743 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
744 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
745 if ((loopback_scope == 0) &&
746 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
747 continue;
748 }
749 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
750 if (sctp_is_addr_restricted(stcb, sctp_ifa) &&
751 (!sctp_is_addr_pending(stcb, sctp_ifa))) {
752 /*
753 * We allow pending addresses, where
754 * we have sent an asconf-add to be
755 * considered valid.
756 */
757 continue;
758 }
759 if (sctp_ifa->address.sa.sa_family != to->sa_family) {
760 continue;
761 }
762 switch (sctp_ifa->address.sa.sa_family) {
763 #ifdef INET
764 case AF_INET:
765 if (ipv4_addr_legal) {
766 struct sockaddr_in *sin,
767 *rsin;
768
769 sin = &sctp_ifa->address.sin;
770 rsin = (struct sockaddr_in *)to;
771 if ((ipv4_local_scope == 0) &&
772 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) {
773 continue;
774 }
775 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred,
776 &sin->sin_addr) != 0) {
777 continue;
778 }
779 if (sin->sin_addr.s_addr == rsin->sin_addr.s_addr) {
780 SCTP_IPI_ADDR_RUNLOCK();
781 return (1);
782 }
783 }
784 break;
785 #endif
786 #ifdef INET6
787 case AF_INET6:
788 if (ipv6_addr_legal) {
789 struct sockaddr_in6 *sin6,
790 *rsin6;
791
792 sin6 = &sctp_ifa->address.sin6;
793 rsin6 = (struct sockaddr_in6 *)to;
794 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred,
795 &sin6->sin6_addr) != 0) {
796 continue;
797 }
798 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
799 if (local_scope == 0)
800 continue;
801 if (sin6->sin6_scope_id == 0) {
802 if (sa6_recoverscope(sin6) != 0)
803 continue;
804 }
805 }
806 if ((site_scope == 0) &&
807 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) {
808 continue;
809 }
810 if (SCTP6_ARE_ADDR_EQUAL(sin6, rsin6)) {
811 SCTP_IPI_ADDR_RUNLOCK();
812 return (1);
813 }
814 }
815 break;
816 #endif
817 default:
818 /* TSNH */
819 break;
820 }
821 }
822 }
823 } else {
824 struct sctp_laddr *laddr;
825
826 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) {
827 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
828 SCTPDBG(SCTP_DEBUG_PCB1, "ifa being deleted\n");
829 continue;
830 }
831 if (sctp_is_addr_restricted(stcb, laddr->ifa) &&
832 (!sctp_is_addr_pending(stcb, laddr->ifa))) {
833 /*
834 * We allow pending addresses, where we have
835 * sent an asconf-add to be considered
836 * valid.
837 */
838 continue;
839 }
840 if (laddr->ifa->address.sa.sa_family != to->sa_family) {
841 continue;
842 }
843 switch (to->sa_family) {
844 #ifdef INET
845 case AF_INET:
846 {
847 struct sockaddr_in *sin, *rsin;
848
849 sin = &laddr->ifa->address.sin;
850 rsin = (struct sockaddr_in *)to;
851 if (sin->sin_addr.s_addr == rsin->sin_addr.s_addr) {
852 SCTP_IPI_ADDR_RUNLOCK();
853 return (1);
854 }
855 break;
856 }
857 #endif
858 #ifdef INET6
859 case AF_INET6:
860 {
861 struct sockaddr_in6 *sin6, *rsin6;
862
863 sin6 = &laddr->ifa->address.sin6;
864 rsin6 = (struct sockaddr_in6 *)to;
865 if (SCTP6_ARE_ADDR_EQUAL(sin6, rsin6)) {
866 SCTP_IPI_ADDR_RUNLOCK();
867 return (1);
868 }
869 break;
870 }
871
872 #endif
873 default:
874 /* TSNH */
875 break;
876 }
877 }
878 }
879 SCTP_IPI_ADDR_RUNLOCK();
880 return (0);
881 }
882
883 static struct sctp_tcb *
sctp_tcb_special_locate(struct sctp_inpcb ** inp_p,struct sockaddr * from,struct sockaddr * to,struct sctp_nets ** netp,uint32_t vrf_id)884 sctp_tcb_special_locate(struct sctp_inpcb **inp_p, struct sockaddr *from,
885 struct sockaddr *to, struct sctp_nets **netp, uint32_t vrf_id)
886 {
887 /**** ASSUMES THE CALLER holds the INP_INFO_RLOCK */
888 /*
889 * If we support the TCP model, then we must now dig through to see
890 * if we can find our endpoint in the list of tcp ep's.
891 */
892 uint16_t lport, rport;
893 struct sctppcbhead *ephead;
894 struct sctp_inpcb *inp;
895 struct sctp_laddr *laddr;
896 struct sctp_tcb *stcb;
897 struct sctp_nets *net;
898
899 if ((to == NULL) || (from == NULL)) {
900 return (NULL);
901 }
902
903 switch (to->sa_family) {
904 #ifdef INET
905 case AF_INET:
906 if (from->sa_family == AF_INET) {
907 lport = ((struct sockaddr_in *)to)->sin_port;
908 rport = ((struct sockaddr_in *)from)->sin_port;
909 } else {
910 return (NULL);
911 }
912 break;
913 #endif
914 #ifdef INET6
915 case AF_INET6:
916 if (from->sa_family == AF_INET6) {
917 lport = ((struct sockaddr_in6 *)to)->sin6_port;
918 rport = ((struct sockaddr_in6 *)from)->sin6_port;
919 } else {
920 return (NULL);
921 }
922 break;
923 #endif
924 default:
925 return (NULL);
926 }
927 ephead = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR((lport | rport), SCTP_BASE_INFO(hashtcpmark))];
928 /*
929 * Ok now for each of the guys in this bucket we must look and see:
930 * - Does the remote port match. - Does there single association's
931 * addresses match this address (to). If so we update p_ep to point
932 * to this ep and return the tcb from it.
933 */
934 LIST_FOREACH(inp, ephead, sctp_hash) {
935 SCTP_INP_RLOCK(inp);
936 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
937 SCTP_INP_RUNLOCK(inp);
938 continue;
939 }
940 if (lport != inp->sctp_lport) {
941 SCTP_INP_RUNLOCK(inp);
942 continue;
943 }
944 switch (to->sa_family) {
945 #ifdef INET
946 case AF_INET:
947 {
948 struct sockaddr_in *sin;
949
950 sin = (struct sockaddr_in *)to;
951 if (prison_check_ip4(inp->ip_inp.inp.inp_cred,
952 &sin->sin_addr) != 0) {
953 SCTP_INP_RUNLOCK(inp);
954 continue;
955 }
956 break;
957 }
958 #endif
959 #ifdef INET6
960 case AF_INET6:
961 {
962 struct sockaddr_in6 *sin6;
963
964 sin6 = (struct sockaddr_in6 *)to;
965 if (prison_check_ip6(inp->ip_inp.inp.inp_cred,
966 &sin6->sin6_addr) != 0) {
967 SCTP_INP_RUNLOCK(inp);
968 continue;
969 }
970 break;
971 }
972 #endif
973 default:
974 SCTP_INP_RUNLOCK(inp);
975 continue;
976 }
977 if (inp->def_vrf_id != vrf_id) {
978 SCTP_INP_RUNLOCK(inp);
979 continue;
980 }
981 /* check to see if the ep has one of the addresses */
982 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) {
983 /* We are NOT bound all, so look further */
984 int match = 0;
985
986 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
987 if (laddr->ifa == NULL) {
988 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n", __func__);
989 continue;
990 }
991 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
992 SCTPDBG(SCTP_DEBUG_PCB1, "ifa being deleted\n");
993 continue;
994 }
995 if (laddr->ifa->address.sa.sa_family ==
996 to->sa_family) {
997 /* see if it matches */
998 #ifdef INET
999 if (from->sa_family == AF_INET) {
1000 struct sockaddr_in *intf_addr,
1001 *sin;
1002
1003 intf_addr = &laddr->ifa->address.sin;
1004 sin = (struct sockaddr_in *)to;
1005 if (sin->sin_addr.s_addr ==
1006 intf_addr->sin_addr.s_addr) {
1007 match = 1;
1008 break;
1009 }
1010 }
1011 #endif
1012 #ifdef INET6
1013 if (from->sa_family == AF_INET6) {
1014 struct sockaddr_in6 *intf_addr6;
1015 struct sockaddr_in6 *sin6;
1016
1017 sin6 = (struct sockaddr_in6 *)
1018 to;
1019 intf_addr6 = &laddr->ifa->address.sin6;
1020
1021 if (SCTP6_ARE_ADDR_EQUAL(sin6,
1022 intf_addr6)) {
1023 match = 1;
1024 break;
1025 }
1026 }
1027 #endif
1028 }
1029 }
1030 if (match == 0) {
1031 /* This endpoint does not have this address */
1032 SCTP_INP_RUNLOCK(inp);
1033 continue;
1034 }
1035 }
1036 /*
1037 * Ok if we hit here the ep has the address, does it hold
1038 * the tcb?
1039 */
1040 /* XXX: Why don't we TAILQ_FOREACH through sctp_asoc_list? */
1041 stcb = LIST_FIRST(&inp->sctp_asoc_list);
1042 if (stcb == NULL) {
1043 SCTP_INP_RUNLOCK(inp);
1044 continue;
1045 }
1046 SCTP_TCB_LOCK(stcb);
1047 if (!sctp_does_stcb_own_this_addr(stcb, to)) {
1048 SCTP_TCB_UNLOCK(stcb);
1049 SCTP_INP_RUNLOCK(inp);
1050 continue;
1051 }
1052 if (stcb->rport != rport) {
1053 /* remote port does not match. */
1054 SCTP_TCB_UNLOCK(stcb);
1055 SCTP_INP_RUNLOCK(inp);
1056 continue;
1057 }
1058 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
1059 SCTP_TCB_UNLOCK(stcb);
1060 SCTP_INP_RUNLOCK(inp);
1061 continue;
1062 }
1063 if (!sctp_does_stcb_own_this_addr(stcb, to)) {
1064 SCTP_TCB_UNLOCK(stcb);
1065 SCTP_INP_RUNLOCK(inp);
1066 continue;
1067 }
1068 /* Does this TCB have a matching address? */
1069 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
1070 if (net->ro._l_addr.sa.sa_family != from->sa_family) {
1071 /* not the same family, can't be a match */
1072 continue;
1073 }
1074 switch (from->sa_family) {
1075 #ifdef INET
1076 case AF_INET:
1077 {
1078 struct sockaddr_in *sin, *rsin;
1079
1080 sin = (struct sockaddr_in *)&net->ro._l_addr;
1081 rsin = (struct sockaddr_in *)from;
1082 if (sin->sin_addr.s_addr ==
1083 rsin->sin_addr.s_addr) {
1084 /* found it */
1085 if (netp != NULL) {
1086 *netp = net;
1087 }
1088 /*
1089 * Update the endpoint
1090 * pointer
1091 */
1092 *inp_p = inp;
1093 SCTP_INP_RUNLOCK(inp);
1094 return (stcb);
1095 }
1096 break;
1097 }
1098 #endif
1099 #ifdef INET6
1100 case AF_INET6:
1101 {
1102 struct sockaddr_in6 *sin6, *rsin6;
1103
1104 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1105 rsin6 = (struct sockaddr_in6 *)from;
1106 if (SCTP6_ARE_ADDR_EQUAL(sin6,
1107 rsin6)) {
1108 /* found it */
1109 if (netp != NULL) {
1110 *netp = net;
1111 }
1112 /*
1113 * Update the endpoint
1114 * pointer
1115 */
1116 *inp_p = inp;
1117 SCTP_INP_RUNLOCK(inp);
1118 return (stcb);
1119 }
1120 break;
1121 }
1122 #endif
1123 default:
1124 /* TSNH */
1125 break;
1126 }
1127 }
1128 SCTP_TCB_UNLOCK(stcb);
1129 SCTP_INP_RUNLOCK(inp);
1130 }
1131 return (NULL);
1132 }
1133
1134 /*
1135 * rules for use
1136 *
1137 * 1) If I return a NULL you must decrement any INP ref cnt. 2) If I find an
1138 * stcb, both will be locked (locked_tcb and stcb) but decrement will be done
1139 * (if locked == NULL). 3) Decrement happens on return ONLY if locked ==
1140 * NULL.
1141 */
1142
1143 struct sctp_tcb *
sctp_findassociation_ep_addr(struct sctp_inpcb ** inp_p,struct sockaddr * remote,struct sctp_nets ** netp,struct sockaddr * local,struct sctp_tcb * locked_tcb)1144 sctp_findassociation_ep_addr(struct sctp_inpcb **inp_p, struct sockaddr *remote,
1145 struct sctp_nets **netp, struct sockaddr *local, struct sctp_tcb *locked_tcb)
1146 {
1147 struct sctpasochead *head;
1148 struct sctp_inpcb *inp;
1149 struct sctp_tcb *stcb = NULL;
1150 struct sctp_nets *net;
1151 uint16_t rport;
1152
1153 inp = *inp_p;
1154 switch (remote->sa_family) {
1155 #ifdef INET
1156 case AF_INET:
1157 rport = (((struct sockaddr_in *)remote)->sin_port);
1158 break;
1159 #endif
1160 #ifdef INET6
1161 case AF_INET6:
1162 rport = (((struct sockaddr_in6 *)remote)->sin6_port);
1163 break;
1164 #endif
1165 default:
1166 return (NULL);
1167 }
1168 if (locked_tcb) {
1169 /*
1170 * UN-lock so we can do proper locking here this occurs when
1171 * called from load_addresses_from_init.
1172 */
1173 atomic_add_int(&locked_tcb->asoc.refcnt, 1);
1174 SCTP_TCB_UNLOCK(locked_tcb);
1175 }
1176 SCTP_INP_INFO_RLOCK();
1177 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1178 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
1179 /*-
1180 * Now either this guy is our listener or it's the
1181 * connector. If it is the one that issued the connect, then
1182 * it's only chance is to be the first TCB in the list. If
1183 * it is the acceptor, then do the special_lookup to hash
1184 * and find the real inp.
1185 */
1186 if ((inp->sctp_socket) && SCTP_IS_LISTENING(inp)) {
1187 /* to is peer addr, from is my addr */
1188 stcb = sctp_tcb_special_locate(inp_p, remote, local,
1189 netp, inp->def_vrf_id);
1190 if ((stcb != NULL) && (locked_tcb == NULL)) {
1191 /* we have a locked tcb, lower refcount */
1192 SCTP_INP_DECR_REF(inp);
1193 }
1194 if ((locked_tcb != NULL) && (locked_tcb != stcb)) {
1195 SCTP_INP_RLOCK(locked_tcb->sctp_ep);
1196 SCTP_TCB_LOCK(locked_tcb);
1197 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1198 SCTP_INP_RUNLOCK(locked_tcb->sctp_ep);
1199 }
1200 SCTP_INP_INFO_RUNLOCK();
1201 return (stcb);
1202 } else {
1203 SCTP_INP_WLOCK(inp);
1204 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1205 goto null_return;
1206 }
1207 stcb = LIST_FIRST(&inp->sctp_asoc_list);
1208 if (stcb == NULL) {
1209 goto null_return;
1210 }
1211 SCTP_TCB_LOCK(stcb);
1212
1213 if (stcb->rport != rport) {
1214 /* remote port does not match. */
1215 SCTP_TCB_UNLOCK(stcb);
1216 goto null_return;
1217 }
1218 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
1219 SCTP_TCB_UNLOCK(stcb);
1220 goto null_return;
1221 }
1222 if (local && !sctp_does_stcb_own_this_addr(stcb, local)) {
1223 SCTP_TCB_UNLOCK(stcb);
1224 goto null_return;
1225 }
1226 /* now look at the list of remote addresses */
1227 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
1228 #ifdef INVARIANTS
1229 if (net == (TAILQ_NEXT(net, sctp_next))) {
1230 panic("Corrupt net list");
1231 }
1232 #endif
1233 if (net->ro._l_addr.sa.sa_family !=
1234 remote->sa_family) {
1235 /* not the same family */
1236 continue;
1237 }
1238 switch (remote->sa_family) {
1239 #ifdef INET
1240 case AF_INET:
1241 {
1242 struct sockaddr_in *sin,
1243 *rsin;
1244
1245 sin = (struct sockaddr_in *)
1246 &net->ro._l_addr;
1247 rsin = (struct sockaddr_in *)remote;
1248 if (sin->sin_addr.s_addr ==
1249 rsin->sin_addr.s_addr) {
1250 /* found it */
1251 if (netp != NULL) {
1252 *netp = net;
1253 }
1254 if (locked_tcb == NULL) {
1255 SCTP_INP_DECR_REF(inp);
1256 } else if (locked_tcb != stcb) {
1257 SCTP_TCB_LOCK(locked_tcb);
1258 }
1259 if (locked_tcb) {
1260 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1261 }
1262
1263 SCTP_INP_WUNLOCK(inp);
1264 SCTP_INP_INFO_RUNLOCK();
1265 return (stcb);
1266 }
1267 break;
1268 }
1269 #endif
1270 #ifdef INET6
1271 case AF_INET6:
1272 {
1273 struct sockaddr_in6 *sin6,
1274 *rsin6;
1275
1276 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1277 rsin6 = (struct sockaddr_in6 *)remote;
1278 if (SCTP6_ARE_ADDR_EQUAL(sin6,
1279 rsin6)) {
1280 /* found it */
1281 if (netp != NULL) {
1282 *netp = net;
1283 }
1284 if (locked_tcb == NULL) {
1285 SCTP_INP_DECR_REF(inp);
1286 } else if (locked_tcb != stcb) {
1287 SCTP_TCB_LOCK(locked_tcb);
1288 }
1289 if (locked_tcb) {
1290 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1291 }
1292 SCTP_INP_WUNLOCK(inp);
1293 SCTP_INP_INFO_RUNLOCK();
1294 return (stcb);
1295 }
1296 break;
1297 }
1298 #endif
1299 default:
1300 /* TSNH */
1301 break;
1302 }
1303 }
1304 SCTP_TCB_UNLOCK(stcb);
1305 }
1306 } else {
1307 SCTP_INP_WLOCK(inp);
1308 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1309 goto null_return;
1310 }
1311 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(rport,
1312 inp->sctp_hashmark)];
1313 LIST_FOREACH(stcb, head, sctp_tcbhash) {
1314 if (stcb->rport != rport) {
1315 /* remote port does not match */
1316 continue;
1317 }
1318 SCTP_TCB_LOCK(stcb);
1319 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
1320 SCTP_TCB_UNLOCK(stcb);
1321 continue;
1322 }
1323 if (local && !sctp_does_stcb_own_this_addr(stcb, local)) {
1324 SCTP_TCB_UNLOCK(stcb);
1325 continue;
1326 }
1327 /* now look at the list of remote addresses */
1328 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
1329 #ifdef INVARIANTS
1330 if (net == (TAILQ_NEXT(net, sctp_next))) {
1331 panic("Corrupt net list");
1332 }
1333 #endif
1334 if (net->ro._l_addr.sa.sa_family !=
1335 remote->sa_family) {
1336 /* not the same family */
1337 continue;
1338 }
1339 switch (remote->sa_family) {
1340 #ifdef INET
1341 case AF_INET:
1342 {
1343 struct sockaddr_in *sin,
1344 *rsin;
1345
1346 sin = (struct sockaddr_in *)
1347 &net->ro._l_addr;
1348 rsin = (struct sockaddr_in *)remote;
1349 if (sin->sin_addr.s_addr ==
1350 rsin->sin_addr.s_addr) {
1351 /* found it */
1352 if (netp != NULL) {
1353 *netp = net;
1354 }
1355 if (locked_tcb == NULL) {
1356 SCTP_INP_DECR_REF(inp);
1357 } else if (locked_tcb != stcb) {
1358 SCTP_TCB_LOCK(locked_tcb);
1359 }
1360 if (locked_tcb) {
1361 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1362 }
1363 SCTP_INP_WUNLOCK(inp);
1364 SCTP_INP_INFO_RUNLOCK();
1365 return (stcb);
1366 }
1367 break;
1368 }
1369 #endif
1370 #ifdef INET6
1371 case AF_INET6:
1372 {
1373 struct sockaddr_in6 *sin6,
1374 *rsin6;
1375
1376 sin6 = (struct sockaddr_in6 *)
1377 &net->ro._l_addr;
1378 rsin6 = (struct sockaddr_in6 *)remote;
1379 if (SCTP6_ARE_ADDR_EQUAL(sin6,
1380 rsin6)) {
1381 /* found it */
1382 if (netp != NULL) {
1383 *netp = net;
1384 }
1385 if (locked_tcb == NULL) {
1386 SCTP_INP_DECR_REF(inp);
1387 } else if (locked_tcb != stcb) {
1388 SCTP_TCB_LOCK(locked_tcb);
1389 }
1390 if (locked_tcb) {
1391 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1392 }
1393 SCTP_INP_WUNLOCK(inp);
1394 SCTP_INP_INFO_RUNLOCK();
1395 return (stcb);
1396 }
1397 break;
1398 }
1399 #endif
1400 default:
1401 /* TSNH */
1402 break;
1403 }
1404 }
1405 SCTP_TCB_UNLOCK(stcb);
1406 }
1407 }
1408 null_return:
1409 /* clean up for returning null */
1410 if (locked_tcb) {
1411 SCTP_TCB_LOCK(locked_tcb);
1412 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1413 }
1414 SCTP_INP_WUNLOCK(inp);
1415 SCTP_INP_INFO_RUNLOCK();
1416 /* not found */
1417 return (NULL);
1418 }
1419
1420 /*
1421 * Find an association for a specific endpoint using the association id given
1422 * out in the COMM_UP notification
1423 */
1424 struct sctp_tcb *
sctp_findasoc_ep_asocid_locked(struct sctp_inpcb * inp,sctp_assoc_t asoc_id,int want_lock)1425 sctp_findasoc_ep_asocid_locked(struct sctp_inpcb *inp, sctp_assoc_t asoc_id, int want_lock)
1426 {
1427 /*
1428 * Use my the assoc_id to find a endpoint
1429 */
1430 struct sctpasochead *head;
1431 struct sctp_tcb *stcb;
1432 uint32_t id;
1433
1434 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1435 SCTP_PRINTF("TSNH ep_associd0\n");
1436 return (NULL);
1437 }
1438 id = (uint32_t)asoc_id;
1439 head = &inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(id, inp->hashasocidmark)];
1440 if (head == NULL) {
1441 /* invalid id TSNH */
1442 SCTP_PRINTF("TSNH ep_associd1\n");
1443 return (NULL);
1444 }
1445 LIST_FOREACH(stcb, head, sctp_tcbasocidhash) {
1446 if (stcb->asoc.assoc_id == id) {
1447 if (inp != stcb->sctp_ep) {
1448 /*
1449 * some other guy has the same id active (id
1450 * collision ??).
1451 */
1452 SCTP_PRINTF("TSNH ep_associd2\n");
1453 continue;
1454 }
1455 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
1456 continue;
1457 }
1458 if (want_lock) {
1459 SCTP_TCB_LOCK(stcb);
1460 }
1461 return (stcb);
1462 }
1463 }
1464 return (NULL);
1465 }
1466
1467 struct sctp_tcb *
sctp_findassociation_ep_asocid(struct sctp_inpcb * inp,sctp_assoc_t asoc_id,int want_lock)1468 sctp_findassociation_ep_asocid(struct sctp_inpcb *inp, sctp_assoc_t asoc_id, int want_lock)
1469 {
1470 struct sctp_tcb *stcb;
1471
1472 SCTP_INP_RLOCK(inp);
1473 stcb = sctp_findasoc_ep_asocid_locked(inp, asoc_id, want_lock);
1474 SCTP_INP_RUNLOCK(inp);
1475 return (stcb);
1476 }
1477
1478 /*
1479 * Endpoint probe expects that the INP_INFO is locked.
1480 */
1481 static struct sctp_inpcb *
sctp_endpoint_probe(struct sockaddr * nam,struct sctppcbhead * head,uint16_t lport,uint32_t vrf_id)1482 sctp_endpoint_probe(struct sockaddr *nam, struct sctppcbhead *head,
1483 uint16_t lport, uint32_t vrf_id)
1484 {
1485 struct sctp_inpcb *inp;
1486 struct sctp_laddr *laddr;
1487 #ifdef INET
1488 struct sockaddr_in *sin;
1489 #endif
1490 #ifdef INET6
1491 struct sockaddr_in6 *sin6;
1492 struct sockaddr_in6 *intf_addr6;
1493 #endif
1494 int fnd;
1495
1496 #ifdef INET
1497 sin = NULL;
1498 #endif
1499 #ifdef INET6
1500 sin6 = NULL;
1501 #endif
1502 switch (nam->sa_family) {
1503 #ifdef INET
1504 case AF_INET:
1505 sin = (struct sockaddr_in *)nam;
1506 break;
1507 #endif
1508 #ifdef INET6
1509 case AF_INET6:
1510 sin6 = (struct sockaddr_in6 *)nam;
1511 break;
1512 #endif
1513 default:
1514 /* unsupported family */
1515 return (NULL);
1516 }
1517
1518 if (head == NULL)
1519 return (NULL);
1520
1521 LIST_FOREACH(inp, head, sctp_hash) {
1522 SCTP_INP_RLOCK(inp);
1523 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1524 SCTP_INP_RUNLOCK(inp);
1525 continue;
1526 }
1527 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) &&
1528 (inp->sctp_lport == lport)) {
1529 /* got it */
1530 switch (nam->sa_family) {
1531 #ifdef INET
1532 case AF_INET:
1533 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
1534 SCTP_IPV6_V6ONLY(inp)) {
1535 /*
1536 * IPv4 on a IPv6 socket with ONLY
1537 * IPv6 set
1538 */
1539 SCTP_INP_RUNLOCK(inp);
1540 continue;
1541 }
1542 if (prison_check_ip4(inp->ip_inp.inp.inp_cred,
1543 &sin->sin_addr) != 0) {
1544 SCTP_INP_RUNLOCK(inp);
1545 continue;
1546 }
1547 break;
1548 #endif
1549 #ifdef INET6
1550 case AF_INET6:
1551 /*
1552 * A V6 address and the endpoint is NOT
1553 * bound V6
1554 */
1555 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) {
1556 SCTP_INP_RUNLOCK(inp);
1557 continue;
1558 }
1559 if (prison_check_ip6(inp->ip_inp.inp.inp_cred,
1560 &sin6->sin6_addr) != 0) {
1561 SCTP_INP_RUNLOCK(inp);
1562 continue;
1563 }
1564 break;
1565 #endif
1566 default:
1567 break;
1568 }
1569 /* does a VRF id match? */
1570 fnd = 0;
1571 if (inp->def_vrf_id == vrf_id)
1572 fnd = 1;
1573
1574 SCTP_INP_RUNLOCK(inp);
1575 if (!fnd)
1576 continue;
1577 return (inp);
1578 }
1579 SCTP_INP_RUNLOCK(inp);
1580 }
1581 switch (nam->sa_family) {
1582 #ifdef INET
1583 case AF_INET:
1584 if (sin->sin_addr.s_addr == INADDR_ANY) {
1585 /* Can't hunt for one that has no address specified */
1586 return (NULL);
1587 }
1588 break;
1589 #endif
1590 #ifdef INET6
1591 case AF_INET6:
1592 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
1593 /* Can't hunt for one that has no address specified */
1594 return (NULL);
1595 }
1596 break;
1597 #endif
1598 default:
1599 break;
1600 }
1601 /*
1602 * ok, not bound to all so see if we can find a EP bound to this
1603 * address.
1604 */
1605 LIST_FOREACH(inp, head, sctp_hash) {
1606 SCTP_INP_RLOCK(inp);
1607 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1608 SCTP_INP_RUNLOCK(inp);
1609 continue;
1610 }
1611 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL)) {
1612 SCTP_INP_RUNLOCK(inp);
1613 continue;
1614 }
1615 /*
1616 * Ok this could be a likely candidate, look at all of its
1617 * addresses
1618 */
1619 if (inp->sctp_lport != lport) {
1620 SCTP_INP_RUNLOCK(inp);
1621 continue;
1622 }
1623 /* does a VRF id match? */
1624 fnd = 0;
1625 if (inp->def_vrf_id == vrf_id)
1626 fnd = 1;
1627
1628 if (!fnd) {
1629 SCTP_INP_RUNLOCK(inp);
1630 continue;
1631 }
1632 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
1633 if (laddr->ifa == NULL) {
1634 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n",
1635 __func__);
1636 continue;
1637 }
1638 SCTPDBG(SCTP_DEBUG_PCB1, "Ok laddr->ifa:%p is possible, ",
1639 (void *)laddr->ifa);
1640 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
1641 SCTPDBG(SCTP_DEBUG_PCB1, "Huh IFA being deleted\n");
1642 continue;
1643 }
1644 if (laddr->ifa->address.sa.sa_family == nam->sa_family) {
1645 /* possible, see if it matches */
1646 switch (nam->sa_family) {
1647 #ifdef INET
1648 case AF_INET:
1649 if (sin->sin_addr.s_addr ==
1650 laddr->ifa->address.sin.sin_addr.s_addr) {
1651 SCTP_INP_RUNLOCK(inp);
1652 return (inp);
1653 }
1654 break;
1655 #endif
1656 #ifdef INET6
1657 case AF_INET6:
1658 intf_addr6 = &laddr->ifa->address.sin6;
1659 if (SCTP6_ARE_ADDR_EQUAL(sin6,
1660 intf_addr6)) {
1661 SCTP_INP_RUNLOCK(inp);
1662 return (inp);
1663 }
1664 break;
1665 #endif
1666 }
1667 }
1668 }
1669 SCTP_INP_RUNLOCK(inp);
1670 }
1671 return (NULL);
1672 }
1673
1674 static struct sctp_inpcb *
sctp_isport_inuse(struct sctp_inpcb * inp,uint16_t lport,uint32_t vrf_id)1675 sctp_isport_inuse(struct sctp_inpcb *inp, uint16_t lport, uint32_t vrf_id)
1676 {
1677 struct sctppcbhead *head;
1678 struct sctp_inpcb *t_inp;
1679 int fnd;
1680
1681 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport,
1682 SCTP_BASE_INFO(hashmark))];
1683 LIST_FOREACH(t_inp, head, sctp_hash) {
1684 if (t_inp->sctp_lport != lport) {
1685 continue;
1686 }
1687 /* is it in the VRF in question */
1688 fnd = 0;
1689 if (t_inp->def_vrf_id == vrf_id)
1690 fnd = 1;
1691 if (!fnd)
1692 continue;
1693
1694 /* This one is in use. */
1695 /* check the v6/v4 binding issue */
1696 if ((t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
1697 SCTP_IPV6_V6ONLY(t_inp)) {
1698 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
1699 /* collision in V6 space */
1700 return (t_inp);
1701 } else {
1702 /* inp is BOUND_V4 no conflict */
1703 continue;
1704 }
1705 } else if (t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
1706 /* t_inp is bound v4 and v6, conflict always */
1707 return (t_inp);
1708 } else {
1709 /* t_inp is bound only V4 */
1710 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
1711 SCTP_IPV6_V6ONLY(inp)) {
1712 /* no conflict */
1713 continue;
1714 }
1715 /* else fall through to conflict */
1716 }
1717 return (t_inp);
1718 }
1719 return (NULL);
1720 }
1721
1722 int
sctp_swap_inpcb_for_listen(struct sctp_inpcb * inp)1723 sctp_swap_inpcb_for_listen(struct sctp_inpcb *inp)
1724 {
1725 /* For 1-2-1 with port reuse */
1726 struct sctppcbhead *head;
1727 struct sctp_inpcb *tinp, *ninp;
1728
1729 SCTP_INP_INFO_WLOCK_ASSERT();
1730 SCTP_INP_WLOCK_ASSERT(inp);
1731
1732 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_PORTREUSE)) {
1733 /* only works with port reuse on */
1734 return (-1);
1735 }
1736 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) == 0) {
1737 return (0);
1738 }
1739 SCTP_INP_WUNLOCK(inp);
1740 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(inp->sctp_lport,
1741 SCTP_BASE_INFO(hashmark))];
1742 /* Kick out all non-listeners to the TCP hash */
1743 LIST_FOREACH_SAFE(tinp, head, sctp_hash, ninp) {
1744 if (tinp->sctp_lport != inp->sctp_lport) {
1745 continue;
1746 }
1747 if (tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1748 continue;
1749 }
1750 if (tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
1751 continue;
1752 }
1753 if (SCTP_IS_LISTENING(tinp)) {
1754 continue;
1755 }
1756 SCTP_INP_WLOCK(tinp);
1757 LIST_REMOVE(tinp, sctp_hash);
1758 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR(tinp->sctp_lport, SCTP_BASE_INFO(hashtcpmark))];
1759 tinp->sctp_flags |= SCTP_PCB_FLAGS_IN_TCPPOOL;
1760 LIST_INSERT_HEAD(head, tinp, sctp_hash);
1761 SCTP_INP_WUNLOCK(tinp);
1762 }
1763 SCTP_INP_WLOCK(inp);
1764 /* Pull from where he was */
1765 LIST_REMOVE(inp, sctp_hash);
1766 inp->sctp_flags &= ~SCTP_PCB_FLAGS_IN_TCPPOOL;
1767 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(inp->sctp_lport, SCTP_BASE_INFO(hashmark))];
1768 LIST_INSERT_HEAD(head, inp, sctp_hash);
1769 return (0);
1770 }
1771
1772 struct sctp_inpcb *
sctp_pcb_findep(struct sockaddr * nam,int find_tcp_pool,int have_lock,uint32_t vrf_id)1773 sctp_pcb_findep(struct sockaddr *nam, int find_tcp_pool, int have_lock,
1774 uint32_t vrf_id)
1775 {
1776 /*
1777 * First we check the hash table to see if someone has this port
1778 * bound with just the port.
1779 */
1780 struct sctp_inpcb *inp;
1781 struct sctppcbhead *head;
1782 int lport;
1783 unsigned int i;
1784 #ifdef INET
1785 struct sockaddr_in *sin;
1786 #endif
1787 #ifdef INET6
1788 struct sockaddr_in6 *sin6;
1789 #endif
1790
1791 switch (nam->sa_family) {
1792 #ifdef INET
1793 case AF_INET:
1794 sin = (struct sockaddr_in *)nam;
1795 lport = sin->sin_port;
1796 break;
1797 #endif
1798 #ifdef INET6
1799 case AF_INET6:
1800 sin6 = (struct sockaddr_in6 *)nam;
1801 lport = sin6->sin6_port;
1802 break;
1803 #endif
1804 default:
1805 return (NULL);
1806 }
1807 /*
1808 * I could cheat here and just cast to one of the types but we will
1809 * do it right. It also provides the check against an Unsupported
1810 * type too.
1811 */
1812 /* Find the head of the ALLADDR chain */
1813 if (have_lock == 0) {
1814 SCTP_INP_INFO_RLOCK();
1815 }
1816 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport,
1817 SCTP_BASE_INFO(hashmark))];
1818 inp = sctp_endpoint_probe(nam, head, lport, vrf_id);
1819
1820 /*
1821 * If the TCP model exists it could be that the main listening
1822 * endpoint is gone but there still exists a connected socket for
1823 * this guy. If so we can return the first one that we find. This
1824 * may NOT be the correct one so the caller should be wary on the
1825 * returned INP. Currently the only caller that sets find_tcp_pool
1826 * is in bindx where we are verifying that a user CAN bind the
1827 * address. He either has bound it already, or someone else has, or
1828 * its open to bind, so this is good enough.
1829 */
1830 if (inp == NULL && find_tcp_pool) {
1831 for (i = 0; i < SCTP_BASE_INFO(hashtcpmark) + 1; i++) {
1832 head = &SCTP_BASE_INFO(sctp_tcpephash)[i];
1833 inp = sctp_endpoint_probe(nam, head, lport, vrf_id);
1834 if (inp) {
1835 break;
1836 }
1837 }
1838 }
1839 if (inp) {
1840 SCTP_INP_INCR_REF(inp);
1841 }
1842 if (have_lock == 0) {
1843 SCTP_INP_INFO_RUNLOCK();
1844 }
1845 return (inp);
1846 }
1847
1848 /*
1849 * Find an association for an endpoint with the pointer to whom you want to
1850 * send to and the endpoint pointer. The address can be IPv4 or IPv6. We may
1851 * need to change the *to to some other struct like a mbuf...
1852 */
1853 struct sctp_tcb *
sctp_findassociation_addr_sa(struct sockaddr * from,struct sockaddr * to,struct sctp_inpcb ** inp_p,struct sctp_nets ** netp,int find_tcp_pool,uint32_t vrf_id)1854 sctp_findassociation_addr_sa(struct sockaddr *from, struct sockaddr *to,
1855 struct sctp_inpcb **inp_p, struct sctp_nets **netp, int find_tcp_pool,
1856 uint32_t vrf_id)
1857 {
1858 struct sctp_inpcb *inp = NULL;
1859 struct sctp_tcb *stcb;
1860
1861 SCTP_INP_INFO_RLOCK();
1862 if (find_tcp_pool) {
1863 if (inp_p != NULL) {
1864 stcb = sctp_tcb_special_locate(inp_p, from, to, netp,
1865 vrf_id);
1866 } else {
1867 stcb = sctp_tcb_special_locate(&inp, from, to, netp,
1868 vrf_id);
1869 }
1870 if (stcb != NULL) {
1871 SCTP_INP_INFO_RUNLOCK();
1872 return (stcb);
1873 }
1874 }
1875 inp = sctp_pcb_findep(to, 0, 1, vrf_id);
1876 if (inp_p != NULL) {
1877 *inp_p = inp;
1878 }
1879 SCTP_INP_INFO_RUNLOCK();
1880 if (inp == NULL) {
1881 return (NULL);
1882 }
1883 /*
1884 * ok, we have an endpoint, now lets find the assoc for it (if any)
1885 * we now place the source address or from in the to of the find
1886 * endpoint call. Since in reality this chain is used from the
1887 * inbound packet side.
1888 */
1889 if (inp_p != NULL) {
1890 stcb = sctp_findassociation_ep_addr(inp_p, from, netp, to,
1891 NULL);
1892 } else {
1893 stcb = sctp_findassociation_ep_addr(&inp, from, netp, to,
1894 NULL);
1895 }
1896 return (stcb);
1897 }
1898
1899 /*
1900 * This routine will grub through the mbuf that is a INIT or INIT-ACK and
1901 * find all addresses that the sender has specified in any address list. Each
1902 * address will be used to lookup the TCB and see if one exits.
1903 */
1904 static struct sctp_tcb *
sctp_findassociation_special_addr(struct mbuf * m,int offset,struct sctphdr * sh,struct sctp_inpcb ** inp_p,struct sctp_nets ** netp,struct sockaddr * dst)1905 sctp_findassociation_special_addr(struct mbuf *m, int offset,
1906 struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp,
1907 struct sockaddr *dst)
1908 {
1909 struct sctp_paramhdr *phdr, param_buf;
1910 #if defined(INET) || defined(INET6)
1911 struct sctp_tcb *stcb;
1912 uint16_t ptype;
1913 #endif
1914 uint16_t plen;
1915 #ifdef INET
1916 struct sockaddr_in sin4;
1917 #endif
1918 #ifdef INET6
1919 struct sockaddr_in6 sin6;
1920 #endif
1921
1922 #ifdef INET
1923 memset(&sin4, 0, sizeof(sin4));
1924 sin4.sin_len = sizeof(sin4);
1925 sin4.sin_family = AF_INET;
1926 sin4.sin_port = sh->src_port;
1927 #endif
1928 #ifdef INET6
1929 memset(&sin6, 0, sizeof(sin6));
1930 sin6.sin6_len = sizeof(sin6);
1931 sin6.sin6_family = AF_INET6;
1932 sin6.sin6_port = sh->src_port;
1933 #endif
1934
1935 offset += sizeof(struct sctp_init_chunk);
1936
1937 phdr = sctp_get_next_param(m, offset, ¶m_buf, sizeof(param_buf));
1938 while (phdr != NULL) {
1939 /* now we must see if we want the parameter */
1940 #if defined(INET) || defined(INET6)
1941 ptype = ntohs(phdr->param_type);
1942 #endif
1943 plen = ntohs(phdr->param_length);
1944 if (plen == 0) {
1945 break;
1946 }
1947 #ifdef INET
1948 if (ptype == SCTP_IPV4_ADDRESS &&
1949 plen == sizeof(struct sctp_ipv4addr_param)) {
1950 /* Get the rest of the address */
1951 struct sctp_ipv4addr_param ip4_param, *p4;
1952
1953 phdr = sctp_get_next_param(m, offset,
1954 (struct sctp_paramhdr *)&ip4_param, sizeof(ip4_param));
1955 if (phdr == NULL) {
1956 return (NULL);
1957 }
1958 p4 = (struct sctp_ipv4addr_param *)phdr;
1959 memcpy(&sin4.sin_addr, &p4->addr, sizeof(p4->addr));
1960 /* look it up */
1961 stcb = sctp_findassociation_ep_addr(inp_p,
1962 (struct sockaddr *)&sin4, netp, dst, NULL);
1963 if (stcb != NULL) {
1964 return (stcb);
1965 }
1966 }
1967 #endif
1968 #ifdef INET6
1969 if (ptype == SCTP_IPV6_ADDRESS &&
1970 plen == sizeof(struct sctp_ipv6addr_param)) {
1971 /* Get the rest of the address */
1972 struct sctp_ipv6addr_param ip6_param, *p6;
1973
1974 phdr = sctp_get_next_param(m, offset,
1975 (struct sctp_paramhdr *)&ip6_param, sizeof(ip6_param));
1976 if (phdr == NULL) {
1977 return (NULL);
1978 }
1979 p6 = (struct sctp_ipv6addr_param *)phdr;
1980 memcpy(&sin6.sin6_addr, &p6->addr, sizeof(p6->addr));
1981 /* look it up */
1982 stcb = sctp_findassociation_ep_addr(inp_p,
1983 (struct sockaddr *)&sin6, netp, dst, NULL);
1984 if (stcb != NULL) {
1985 return (stcb);
1986 }
1987 }
1988 #endif
1989 offset += SCTP_SIZE32(plen);
1990 phdr = sctp_get_next_param(m, offset, ¶m_buf,
1991 sizeof(param_buf));
1992 }
1993 return (NULL);
1994 }
1995
1996 static struct sctp_tcb *
sctp_findassoc_by_vtag(struct sockaddr * from,struct sockaddr * to,uint32_t vtag,struct sctp_inpcb ** inp_p,struct sctp_nets ** netp,uint16_t rport,uint16_t lport,int skip_src_check,uint32_t vrf_id,uint32_t remote_tag)1997 sctp_findassoc_by_vtag(struct sockaddr *from, struct sockaddr *to, uint32_t vtag,
1998 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint16_t rport,
1999 uint16_t lport, int skip_src_check, uint32_t vrf_id, uint32_t remote_tag)
2000 {
2001 /*
2002 * Use my vtag to hash. If we find it we then verify the source addr
2003 * is in the assoc. If all goes well we save a bit on rec of a
2004 * packet.
2005 */
2006 struct sctpasochead *head;
2007 struct sctp_nets *net;
2008 struct sctp_tcb *stcb;
2009
2010 SCTP_INP_INFO_RLOCK();
2011 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(vtag,
2012 SCTP_BASE_INFO(hashasocmark))];
2013 LIST_FOREACH(stcb, head, sctp_asocs) {
2014 SCTP_INP_RLOCK(stcb->sctp_ep);
2015 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
2016 SCTP_INP_RUNLOCK(stcb->sctp_ep);
2017 continue;
2018 }
2019 if (stcb->sctp_ep->def_vrf_id != vrf_id) {
2020 SCTP_INP_RUNLOCK(stcb->sctp_ep);
2021 continue;
2022 }
2023 SCTP_TCB_LOCK(stcb);
2024 SCTP_INP_RUNLOCK(stcb->sctp_ep);
2025 if (stcb->asoc.my_vtag == vtag) {
2026 /* candidate */
2027 if (stcb->rport != rport) {
2028 SCTP_TCB_UNLOCK(stcb);
2029 continue;
2030 }
2031 if (stcb->sctp_ep->sctp_lport != lport) {
2032 SCTP_TCB_UNLOCK(stcb);
2033 continue;
2034 }
2035 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
2036 SCTP_TCB_UNLOCK(stcb);
2037 continue;
2038 }
2039 /* RRS:Need toaddr check here */
2040 if (sctp_does_stcb_own_this_addr(stcb, to) == 0) {
2041 /* Endpoint does not own this address */
2042 SCTP_TCB_UNLOCK(stcb);
2043 continue;
2044 }
2045 if (remote_tag) {
2046 /*
2047 * If we have both vtags that's all we match
2048 * on
2049 */
2050 if (stcb->asoc.peer_vtag == remote_tag) {
2051 /*
2052 * If both tags match we consider it
2053 * conclusive and check NO
2054 * source/destination addresses
2055 */
2056 goto conclusive;
2057 }
2058 }
2059 if (skip_src_check) {
2060 conclusive:
2061 if (from) {
2062 *netp = sctp_findnet(stcb, from);
2063 } else {
2064 *netp = NULL; /* unknown */
2065 }
2066 if (inp_p)
2067 *inp_p = stcb->sctp_ep;
2068 SCTP_INP_INFO_RUNLOCK();
2069 return (stcb);
2070 }
2071 net = sctp_findnet(stcb, from);
2072 if (net) {
2073 /* yep its him. */
2074 *netp = net;
2075 SCTP_STAT_INCR(sctps_vtagexpress);
2076 *inp_p = stcb->sctp_ep;
2077 SCTP_INP_INFO_RUNLOCK();
2078 return (stcb);
2079 } else {
2080 /*
2081 * not him, this should only happen in rare
2082 * cases so I peg it.
2083 */
2084 SCTP_STAT_INCR(sctps_vtagbogus);
2085 }
2086 }
2087 SCTP_TCB_UNLOCK(stcb);
2088 }
2089 SCTP_INP_INFO_RUNLOCK();
2090 return (NULL);
2091 }
2092
2093 /*
2094 * Find an association with the pointer to the inbound IP packet. This can be
2095 * a IPv4 or IPv6 packet.
2096 */
2097 struct sctp_tcb *
sctp_findassociation_addr(struct mbuf * m,int offset,struct sockaddr * src,struct sockaddr * dst,struct sctphdr * sh,struct sctp_chunkhdr * ch,struct sctp_inpcb ** inp_p,struct sctp_nets ** netp,uint32_t vrf_id)2098 sctp_findassociation_addr(struct mbuf *m, int offset,
2099 struct sockaddr *src, struct sockaddr *dst,
2100 struct sctphdr *sh, struct sctp_chunkhdr *ch,
2101 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint32_t vrf_id)
2102 {
2103 struct sctp_tcb *stcb;
2104 struct sctp_inpcb *inp;
2105
2106 if (sh->v_tag) {
2107 /* we only go down this path if vtag is non-zero */
2108 stcb = sctp_findassoc_by_vtag(src, dst, ntohl(sh->v_tag),
2109 inp_p, netp, sh->src_port, sh->dest_port, 0, vrf_id, 0);
2110 if (stcb) {
2111 return (stcb);
2112 }
2113 }
2114
2115 if (inp_p) {
2116 stcb = sctp_findassociation_addr_sa(src, dst, inp_p, netp,
2117 1, vrf_id);
2118 inp = *inp_p;
2119 } else {
2120 stcb = sctp_findassociation_addr_sa(src, dst, &inp, netp,
2121 1, vrf_id);
2122 }
2123 SCTPDBG(SCTP_DEBUG_PCB1, "stcb:%p inp:%p\n", (void *)stcb, (void *)inp);
2124 if (stcb == NULL && inp) {
2125 /* Found a EP but not this address */
2126 if ((ch->chunk_type == SCTP_INITIATION) ||
2127 (ch->chunk_type == SCTP_INITIATION_ACK)) {
2128 /*-
2129 * special hook, we do NOT return linp or an
2130 * association that is linked to an existing
2131 * association that is under the TCP pool (i.e. no
2132 * listener exists). The endpoint finding routine
2133 * will always find a listener before examining the
2134 * TCP pool.
2135 */
2136 if (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) {
2137 if (inp_p) {
2138 *inp_p = NULL;
2139 }
2140 return (NULL);
2141 }
2142 stcb = sctp_findassociation_special_addr(m,
2143 offset, sh, &inp, netp, dst);
2144 if (inp_p != NULL) {
2145 *inp_p = inp;
2146 }
2147 }
2148 }
2149 SCTPDBG(SCTP_DEBUG_PCB1, "stcb is %p\n", (void *)stcb);
2150 return (stcb);
2151 }
2152
2153 /*
2154 * lookup an association by an ASCONF lookup address.
2155 * if the lookup address is 0.0.0.0 or ::0, use the vtag to do the lookup
2156 */
2157 struct sctp_tcb *
sctp_findassociation_ep_asconf(struct mbuf * m,int offset,struct sockaddr * dst,struct sctphdr * sh,struct sctp_inpcb ** inp_p,struct sctp_nets ** netp,uint32_t vrf_id)2158 sctp_findassociation_ep_asconf(struct mbuf *m, int offset,
2159 struct sockaddr *dst, struct sctphdr *sh,
2160 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint32_t vrf_id)
2161 {
2162 struct sctp_tcb *stcb;
2163 union sctp_sockstore remote_store;
2164 struct sctp_paramhdr param_buf, *phdr;
2165 int ptype;
2166 int zero_address = 0;
2167 #ifdef INET
2168 struct sockaddr_in *sin;
2169 #endif
2170 #ifdef INET6
2171 struct sockaddr_in6 *sin6;
2172 #endif
2173
2174 memset(&remote_store, 0, sizeof(remote_store));
2175 phdr = sctp_get_next_param(m, offset + sizeof(struct sctp_asconf_chunk),
2176 ¶m_buf, sizeof(struct sctp_paramhdr));
2177 if (phdr == NULL) {
2178 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf lookup addr\n",
2179 __func__);
2180 return NULL;
2181 }
2182 ptype = (int)((uint32_t)ntohs(phdr->param_type));
2183 /* get the correlation address */
2184 switch (ptype) {
2185 #ifdef INET6
2186 case SCTP_IPV6_ADDRESS:
2187 {
2188 /* ipv6 address param */
2189 struct sctp_ipv6addr_param *p6, p6_buf;
2190
2191 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv6addr_param)) {
2192 return NULL;
2193 }
2194 p6 = (struct sctp_ipv6addr_param *)sctp_get_next_param(m,
2195 offset + sizeof(struct sctp_asconf_chunk),
2196 &p6_buf.ph, sizeof(p6_buf));
2197 if (p6 == NULL) {
2198 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v6 lookup addr\n",
2199 __func__);
2200 return (NULL);
2201 }
2202 sin6 = &remote_store.sin6;
2203 sin6->sin6_family = AF_INET6;
2204 sin6->sin6_len = sizeof(*sin6);
2205 sin6->sin6_port = sh->src_port;
2206 memcpy(&sin6->sin6_addr, &p6->addr, sizeof(struct in6_addr));
2207 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))
2208 zero_address = 1;
2209 break;
2210 }
2211 #endif
2212 #ifdef INET
2213 case SCTP_IPV4_ADDRESS:
2214 {
2215 /* ipv4 address param */
2216 struct sctp_ipv4addr_param *p4, p4_buf;
2217
2218 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv4addr_param)) {
2219 return NULL;
2220 }
2221 p4 = (struct sctp_ipv4addr_param *)sctp_get_next_param(m,
2222 offset + sizeof(struct sctp_asconf_chunk),
2223 &p4_buf.ph, sizeof(p4_buf));
2224 if (p4 == NULL) {
2225 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v4 lookup addr\n",
2226 __func__);
2227 return (NULL);
2228 }
2229 sin = &remote_store.sin;
2230 sin->sin_family = AF_INET;
2231 sin->sin_len = sizeof(*sin);
2232 sin->sin_port = sh->src_port;
2233 memcpy(&sin->sin_addr, &p4->addr, sizeof(struct in_addr));
2234 if (sin->sin_addr.s_addr == INADDR_ANY)
2235 zero_address = 1;
2236 break;
2237 }
2238 #endif
2239 default:
2240 /* invalid address param type */
2241 return NULL;
2242 }
2243
2244 if (zero_address) {
2245 stcb = sctp_findassoc_by_vtag(NULL, dst, ntohl(sh->v_tag), inp_p,
2246 netp, sh->src_port, sh->dest_port, 1, vrf_id, 0);
2247 if (stcb != NULL) {
2248 SCTP_INP_DECR_REF(*inp_p);
2249 }
2250 } else {
2251 stcb = sctp_findassociation_ep_addr(inp_p,
2252 &remote_store.sa, netp,
2253 dst, NULL);
2254 }
2255 return (stcb);
2256 }
2257
2258 /*
2259 * allocate a sctp_inpcb and setup a temporary binding to a port/all
2260 * addresses. This way if we don't get a bind we by default pick a ephemeral
2261 * port with all addresses bound.
2262 */
2263 int
sctp_inpcb_alloc(struct socket * so,uint32_t vrf_id)2264 sctp_inpcb_alloc(struct socket *so, uint32_t vrf_id)
2265 {
2266 /*
2267 * we get called when a new endpoint starts up. We need to allocate
2268 * the sctp_inpcb structure from the zone and init it. Mark it as
2269 * unbound and find a port that we can use as an ephemeral with
2270 * INADDR_ANY. If the user binds later no problem we can then add in
2271 * the specific addresses. And setup the default parameters for the
2272 * EP.
2273 */
2274 int i, error;
2275 struct sctp_inpcb *inp;
2276 struct sctp_pcb *m;
2277 struct timeval time;
2278 sctp_sharedkey_t *null_key;
2279
2280 error = 0;
2281
2282 SCTP_INP_INFO_WLOCK();
2283 inp = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_ep), struct sctp_inpcb);
2284 if (inp == NULL) {
2285 SCTP_PRINTF("Out of SCTP-INPCB structures - no resources\n");
2286 SCTP_INP_INFO_WUNLOCK();
2287 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
2288 return (ENOBUFS);
2289 }
2290 /* zap it */
2291 memset(inp, 0, sizeof(*inp));
2292
2293 /* bump generations */
2294 /* setup socket pointers */
2295 inp->sctp_socket = so;
2296 inp->ip_inp.inp.inp_socket = so;
2297 inp->ip_inp.inp.inp_cred = crhold(so->so_cred);
2298 #ifdef INET6
2299 if (INP_SOCKAF(so) == AF_INET6) {
2300 if (MODULE_GLOBAL(ip6_auto_flowlabel)) {
2301 inp->ip_inp.inp.inp_flags |= IN6P_AUTOFLOWLABEL;
2302 }
2303 if (MODULE_GLOBAL(ip6_v6only)) {
2304 inp->ip_inp.inp.inp_flags |= IN6P_IPV6_V6ONLY;
2305 }
2306 }
2307 #endif
2308 inp->sctp_associd_counter = 1;
2309 inp->partial_delivery_point = SCTP_SB_LIMIT_RCV(so) >> SCTP_PARTIAL_DELIVERY_SHIFT;
2310 inp->sctp_frag_point = 0;
2311 inp->max_cwnd = 0;
2312 inp->sctp_cmt_on_off = SCTP_BASE_SYSCTL(sctp_cmt_on_off);
2313 inp->ecn_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_ecn_enable);
2314 inp->prsctp_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_pr_enable);
2315 inp->auth_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_auth_enable);
2316 inp->asconf_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_asconf_enable);
2317 inp->reconfig_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_reconfig_enable);
2318 inp->nrsack_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_nrsack_enable);
2319 inp->pktdrop_supported = (uint8_t)SCTP_BASE_SYSCTL(sctp_pktdrop_enable);
2320 inp->idata_supported = 0;
2321 inp->rcv_edmid = SCTP_EDMID_NONE;
2322
2323 inp->fibnum = so->so_fibnum;
2324 /* init the small hash table we use to track asocid <-> tcb */
2325 inp->sctp_asocidhash = SCTP_HASH_INIT(SCTP_STACK_VTAG_HASH_SIZE, &inp->hashasocidmark);
2326 if (inp->sctp_asocidhash == NULL) {
2327 crfree(inp->ip_inp.inp.inp_cred);
2328 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
2329 SCTP_INP_INFO_WUNLOCK();
2330 return (ENOBUFS);
2331 }
2332 SCTP_INCR_EP_COUNT();
2333 inp->ip_inp.inp.inp_ip_ttl = MODULE_GLOBAL(ip_defttl);
2334 SCTP_INP_INFO_WUNLOCK();
2335
2336 so->so_pcb = (caddr_t)inp;
2337
2338 if (SCTP_SO_TYPE(so) == SOCK_SEQPACKET) {
2339 /* UDP style socket */
2340 inp->sctp_flags = (SCTP_PCB_FLAGS_UDPTYPE |
2341 SCTP_PCB_FLAGS_UNBOUND);
2342 /* Be sure it is NON-BLOCKING IO for UDP */
2343 /* SCTP_SET_SO_NBIO(so); */
2344 } else if (SCTP_SO_TYPE(so) == SOCK_STREAM) {
2345 /* TCP style socket */
2346 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE |
2347 SCTP_PCB_FLAGS_UNBOUND);
2348 /* Be sure we have blocking IO by default */
2349 SOCK_LOCK(so);
2350 SCTP_CLEAR_SO_NBIO(so);
2351 SOCK_UNLOCK(so);
2352 } else {
2353 /*
2354 * unsupported socket type (RAW, etc)- in case we missed it
2355 * in protosw
2356 */
2357 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EOPNOTSUPP);
2358 so->so_pcb = NULL;
2359 crfree(inp->ip_inp.inp.inp_cred);
2360 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
2361 return (EOPNOTSUPP);
2362 }
2363 if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_1) {
2364 sctp_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE);
2365 sctp_feature_off(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS);
2366 } else if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_2) {
2367 sctp_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE);
2368 sctp_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS);
2369 } else if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_0) {
2370 sctp_feature_off(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE);
2371 sctp_feature_off(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS);
2372 }
2373 inp->sctp_tcbhash = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_pcbtblsize),
2374 &inp->sctp_hashmark);
2375 if (inp->sctp_tcbhash == NULL) {
2376 SCTP_PRINTF("Out of SCTP-INPCB->hashinit - no resources\n");
2377 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
2378 so->so_pcb = NULL;
2379 crfree(inp->ip_inp.inp.inp_cred);
2380 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
2381 return (ENOBUFS);
2382 }
2383 inp->def_vrf_id = vrf_id;
2384
2385 SCTP_INP_INFO_WLOCK();
2386 SCTP_INP_LOCK_INIT(inp);
2387 rw_init_flags(&inp->ip_inp.inp.inp_lock, "sctpinp",
2388 RW_RECURSE | RW_DUPOK);
2389 SCTP_INP_READ_LOCK_INIT(inp);
2390 SCTP_ASOC_CREATE_LOCK_INIT(inp);
2391 /* lock the new ep */
2392 SCTP_INP_WLOCK(inp);
2393
2394 /* add it to the info area */
2395 LIST_INSERT_HEAD(&SCTP_BASE_INFO(listhead), inp, sctp_list);
2396 SCTP_INP_INFO_WUNLOCK();
2397
2398 TAILQ_INIT(&inp->read_queue);
2399 LIST_INIT(&inp->sctp_addr_list);
2400
2401 LIST_INIT(&inp->sctp_asoc_list);
2402
2403 #ifdef SCTP_TRACK_FREED_ASOCS
2404 /* TEMP CODE */
2405 LIST_INIT(&inp->sctp_asoc_free_list);
2406 #endif
2407 /* Init the timer structure for signature change */
2408 SCTP_OS_TIMER_INIT(&inp->sctp_ep.signature_change.timer);
2409 inp->sctp_ep.signature_change.type = SCTP_TIMER_TYPE_NEWCOOKIE;
2410
2411 /* now init the actual endpoint default data */
2412 m = &inp->sctp_ep;
2413
2414 /* setup the base timeout information */
2415 m->sctp_timeoutticks[SCTP_TIMER_SEND] = sctp_secs_to_ticks(SCTP_SEND_SEC); /* needed ? */
2416 m->sctp_timeoutticks[SCTP_TIMER_INIT] = sctp_secs_to_ticks(SCTP_INIT_SEC); /* needed ? */
2417 m->sctp_timeoutticks[SCTP_TIMER_RECV] = sctp_msecs_to_ticks(SCTP_BASE_SYSCTL(sctp_delayed_sack_time_default));
2418 m->sctp_timeoutticks[SCTP_TIMER_HEARTBEAT] = sctp_msecs_to_ticks(SCTP_BASE_SYSCTL(sctp_heartbeat_interval_default));
2419 m->sctp_timeoutticks[SCTP_TIMER_PMTU] = sctp_secs_to_ticks(SCTP_BASE_SYSCTL(sctp_pmtu_raise_time_default));
2420 m->sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] = sctp_secs_to_ticks(SCTP_BASE_SYSCTL(sctp_shutdown_guard_time_default));
2421 m->sctp_timeoutticks[SCTP_TIMER_SIGNATURE] = sctp_secs_to_ticks(SCTP_BASE_SYSCTL(sctp_secret_lifetime_default));
2422 /* all max/min max are in ms */
2423 m->sctp_maxrto = SCTP_BASE_SYSCTL(sctp_rto_max_default);
2424 m->sctp_minrto = SCTP_BASE_SYSCTL(sctp_rto_min_default);
2425 m->initial_rto = SCTP_BASE_SYSCTL(sctp_rto_initial_default);
2426 m->initial_init_rto_max = SCTP_BASE_SYSCTL(sctp_init_rto_max_default);
2427 m->sctp_sack_freq = SCTP_BASE_SYSCTL(sctp_sack_freq_default);
2428 m->max_init_times = SCTP_BASE_SYSCTL(sctp_init_rtx_max_default);
2429 m->max_send_times = SCTP_BASE_SYSCTL(sctp_assoc_rtx_max_default);
2430 m->def_net_failure = SCTP_BASE_SYSCTL(sctp_path_rtx_max_default);
2431 m->def_net_pf_threshold = SCTP_BASE_SYSCTL(sctp_path_pf_threshold);
2432 m->sctp_sws_sender = SCTP_SWS_SENDER_DEF;
2433 m->sctp_sws_receiver = SCTP_SWS_RECEIVER_DEF;
2434 m->max_burst = SCTP_BASE_SYSCTL(sctp_max_burst_default);
2435 m->fr_max_burst = SCTP_BASE_SYSCTL(sctp_fr_max_burst_default);
2436
2437 m->sctp_default_cc_module = SCTP_BASE_SYSCTL(sctp_default_cc_module);
2438 m->sctp_default_ss_module = SCTP_BASE_SYSCTL(sctp_default_ss_module);
2439 m->max_open_streams_intome = SCTP_BASE_SYSCTL(sctp_nr_incoming_streams_default);
2440 /* number of streams to pre-open on a association */
2441 m->pre_open_stream_count = SCTP_BASE_SYSCTL(sctp_nr_outgoing_streams_default);
2442
2443 m->default_mtu = 0;
2444 /* Add adaptation cookie */
2445 m->adaptation_layer_indicator = 0;
2446 m->adaptation_layer_indicator_provided = 0;
2447
2448 /* seed random number generator */
2449 m->random_counter = 1;
2450 m->store_at = SCTP_SIGNATURE_SIZE;
2451 SCTP_READ_RANDOM(m->random_numbers, sizeof(m->random_numbers));
2452 sctp_fill_random_store(m);
2453
2454 /* Minimum cookie size */
2455 m->size_of_a_cookie = (sizeof(struct sctp_init_msg) * 2) +
2456 sizeof(struct sctp_state_cookie);
2457 m->size_of_a_cookie += SCTP_SIGNATURE_SIZE;
2458
2459 /* Setup the initial secret */
2460 (void)SCTP_GETTIME_TIMEVAL(&time);
2461 m->time_of_secret_change = time.tv_sec;
2462
2463 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) {
2464 m->secret_key[0][i] = sctp_select_initial_TSN(m);
2465 }
2466 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL);
2467
2468 /* How long is a cookie good for ? */
2469 m->def_cookie_life = sctp_msecs_to_ticks(SCTP_BASE_SYSCTL(sctp_valid_cookie_life_default));
2470 /*
2471 * Initialize authentication parameters
2472 */
2473 m->local_hmacs = sctp_default_supported_hmaclist();
2474 m->local_auth_chunks = sctp_alloc_chunklist();
2475 if (inp->asconf_supported) {
2476 sctp_auth_add_chunk(SCTP_ASCONF, m->local_auth_chunks);
2477 sctp_auth_add_chunk(SCTP_ASCONF_ACK, m->local_auth_chunks);
2478 }
2479 m->default_dscp = 0;
2480 #ifdef INET6
2481 m->default_flowlabel = 0;
2482 #endif
2483 m->port = 0; /* encapsulation disabled by default */
2484 LIST_INIT(&m->shared_keys);
2485 /* add default NULL key as key id 0 */
2486 null_key = sctp_alloc_sharedkey();
2487 sctp_insert_sharedkey(&m->shared_keys, null_key);
2488 SCTP_INP_WUNLOCK(inp);
2489 #ifdef SCTP_LOG_CLOSING
2490 sctp_log_closing(inp, NULL, 12);
2491 #endif
2492 return (error);
2493 }
2494
2495 void
sctp_move_pcb_and_assoc(struct sctp_inpcb * old_inp,struct sctp_inpcb * new_inp,struct sctp_tcb * stcb)2496 sctp_move_pcb_and_assoc(struct sctp_inpcb *old_inp, struct sctp_inpcb *new_inp,
2497 struct sctp_tcb *stcb)
2498 {
2499 struct sctp_nets *net;
2500 uint16_t lport, rport;
2501 struct sctppcbhead *head;
2502 struct sctp_laddr *laddr, *oladdr;
2503
2504 atomic_add_int(&stcb->asoc.refcnt, 1);
2505 SCTP_TCB_UNLOCK(stcb);
2506 SCTP_INP_INFO_WLOCK();
2507 SCTP_INP_WLOCK(old_inp);
2508 SCTP_INP_WLOCK(new_inp);
2509 SCTP_TCB_LOCK(stcb);
2510 atomic_subtract_int(&stcb->asoc.refcnt, 1);
2511
2512 #ifdef INET6
2513 if (old_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
2514 new_inp->ip_inp.inp.inp_flags |= old_inp->ip_inp.inp.inp_flags & INP_CONTROLOPTS;
2515 if (old_inp->ip_inp.inp.in6p_outputopts) {
2516 new_inp->ip_inp.inp.in6p_outputopts = ip6_copypktopts(old_inp->ip_inp.inp.in6p_outputopts, M_NOWAIT);
2517 }
2518 }
2519 #endif
2520 #if defined(INET) && defined(INET6)
2521 else
2522 #endif
2523 #ifdef INET
2524 {
2525 new_inp->ip_inp.inp.inp_ip_tos = old_inp->ip_inp.inp.inp_ip_tos;
2526 new_inp->ip_inp.inp.inp_ip_ttl = old_inp->ip_inp.inp.inp_ip_ttl;
2527 }
2528 #endif
2529 new_inp->sctp_ep.time_of_secret_change =
2530 old_inp->sctp_ep.time_of_secret_change;
2531 memcpy(new_inp->sctp_ep.secret_key, old_inp->sctp_ep.secret_key,
2532 sizeof(old_inp->sctp_ep.secret_key));
2533 new_inp->sctp_ep.current_secret_number =
2534 old_inp->sctp_ep.current_secret_number;
2535 new_inp->sctp_ep.last_secret_number =
2536 old_inp->sctp_ep.last_secret_number;
2537 new_inp->sctp_ep.size_of_a_cookie = old_inp->sctp_ep.size_of_a_cookie;
2538
2539 /* make it so new data pours into the new socket */
2540 stcb->sctp_socket = new_inp->sctp_socket;
2541 stcb->sctp_ep = new_inp;
2542
2543 /* Copy the port across */
2544 lport = new_inp->sctp_lport = old_inp->sctp_lport;
2545 rport = stcb->rport;
2546 /* Pull the tcb from the old association */
2547 LIST_REMOVE(stcb, sctp_tcbhash);
2548 LIST_REMOVE(stcb, sctp_tcblist);
2549 if (stcb->asoc.in_asocid_hash) {
2550 LIST_REMOVE(stcb, sctp_tcbasocidhash);
2551 }
2552 /* Now insert the new_inp into the TCP connected hash */
2553 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR((lport | rport), SCTP_BASE_INFO(hashtcpmark))];
2554
2555 LIST_INSERT_HEAD(head, new_inp, sctp_hash);
2556 /* Its safe to access */
2557 new_inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND;
2558
2559 /* Now move the tcb into the endpoint list */
2560 LIST_INSERT_HEAD(&new_inp->sctp_asoc_list, stcb, sctp_tcblist);
2561 /*
2562 * Question, do we even need to worry about the ep-hash since we
2563 * only have one connection? Probably not :> so lets get rid of it
2564 * and not suck up any kernel memory in that.
2565 */
2566 if (stcb->asoc.in_asocid_hash) {
2567 struct sctpasochead *lhd;
2568
2569 lhd = &new_inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(stcb->asoc.assoc_id,
2570 new_inp->hashasocidmark)];
2571 LIST_INSERT_HEAD(lhd, stcb, sctp_tcbasocidhash);
2572 }
2573 /* Ok. Let's restart timer. */
2574 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
2575 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, new_inp,
2576 stcb, net);
2577 }
2578
2579 SCTP_INP_INFO_WUNLOCK();
2580 if (new_inp->sctp_tcbhash != NULL) {
2581 SCTP_HASH_FREE(new_inp->sctp_tcbhash, new_inp->sctp_hashmark);
2582 new_inp->sctp_tcbhash = NULL;
2583 }
2584 if ((new_inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) {
2585 /* Subset bound, so copy in the laddr list from the old_inp */
2586 LIST_FOREACH(oladdr, &old_inp->sctp_addr_list, sctp_nxt_addr) {
2587 laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
2588 if (laddr == NULL) {
2589 /*
2590 * Gak, what can we do? This assoc is really
2591 * HOSED. We probably should send an abort
2592 * here.
2593 */
2594 SCTPDBG(SCTP_DEBUG_PCB1, "Association hosed in TCP model, out of laddr memory\n");
2595 continue;
2596 }
2597 SCTP_INCR_LADDR_COUNT();
2598 memset(laddr, 0, sizeof(*laddr));
2599 (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time);
2600 laddr->ifa = oladdr->ifa;
2601 atomic_add_int(&laddr->ifa->refcount, 1);
2602 LIST_INSERT_HEAD(&new_inp->sctp_addr_list, laddr,
2603 sctp_nxt_addr);
2604 new_inp->laddr_count++;
2605 if (oladdr == stcb->asoc.last_used_address) {
2606 stcb->asoc.last_used_address = laddr;
2607 }
2608 }
2609 }
2610 /* Now any running timers need to be adjusted. */
2611 if (stcb->asoc.dack_timer.ep == old_inp) {
2612 SCTP_INP_DECR_REF(old_inp);
2613 stcb->asoc.dack_timer.ep = new_inp;
2614 SCTP_INP_INCR_REF(new_inp);
2615 }
2616 if (stcb->asoc.asconf_timer.ep == old_inp) {
2617 SCTP_INP_DECR_REF(old_inp);
2618 stcb->asoc.asconf_timer.ep = new_inp;
2619 SCTP_INP_INCR_REF(new_inp);
2620 }
2621 if (stcb->asoc.strreset_timer.ep == old_inp) {
2622 SCTP_INP_DECR_REF(old_inp);
2623 stcb->asoc.strreset_timer.ep = new_inp;
2624 SCTP_INP_INCR_REF(new_inp);
2625 }
2626 if (stcb->asoc.shut_guard_timer.ep == old_inp) {
2627 SCTP_INP_DECR_REF(old_inp);
2628 stcb->asoc.shut_guard_timer.ep = new_inp;
2629 SCTP_INP_INCR_REF(new_inp);
2630 }
2631 if (stcb->asoc.autoclose_timer.ep == old_inp) {
2632 SCTP_INP_DECR_REF(old_inp);
2633 stcb->asoc.autoclose_timer.ep = new_inp;
2634 SCTP_INP_INCR_REF(new_inp);
2635 }
2636 if (stcb->asoc.delete_prim_timer.ep == old_inp) {
2637 SCTP_INP_DECR_REF(old_inp);
2638 stcb->asoc.delete_prim_timer.ep = new_inp;
2639 SCTP_INP_INCR_REF(new_inp);
2640 }
2641 /* now what about the nets? */
2642 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
2643 if (net->pmtu_timer.ep == old_inp) {
2644 SCTP_INP_DECR_REF(old_inp);
2645 net->pmtu_timer.ep = new_inp;
2646 SCTP_INP_INCR_REF(new_inp);
2647 }
2648 if (net->hb_timer.ep == old_inp) {
2649 SCTP_INP_DECR_REF(old_inp);
2650 net->hb_timer.ep = new_inp;
2651 SCTP_INP_INCR_REF(new_inp);
2652 }
2653 if (net->rxt_timer.ep == old_inp) {
2654 SCTP_INP_DECR_REF(old_inp);
2655 net->rxt_timer.ep = new_inp;
2656 SCTP_INP_INCR_REF(new_inp);
2657 }
2658 }
2659 SCTP_INP_WUNLOCK(new_inp);
2660 SCTP_INP_WUNLOCK(old_inp);
2661 }
2662
2663 /*
2664 * insert an laddr entry with the given ifa for the desired list
2665 */
2666 static int
sctp_insert_laddr(struct sctpladdr * list,struct sctp_ifa * ifa,uint32_t act)2667 sctp_insert_laddr(struct sctpladdr *list, struct sctp_ifa *ifa, uint32_t act)
2668 {
2669 struct sctp_laddr *laddr;
2670
2671 laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
2672 if (laddr == NULL) {
2673 /* out of memory? */
2674 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
2675 return (EINVAL);
2676 }
2677 SCTP_INCR_LADDR_COUNT();
2678 memset(laddr, 0, sizeof(*laddr));
2679 (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time);
2680 laddr->ifa = ifa;
2681 laddr->action = act;
2682 atomic_add_int(&ifa->refcount, 1);
2683 /* insert it */
2684 LIST_INSERT_HEAD(list, laddr, sctp_nxt_addr);
2685
2686 return (0);
2687 }
2688
2689 /*
2690 * Remove an laddr entry from the local address list (on an assoc)
2691 */
2692 static void
sctp_remove_laddr(struct sctp_laddr * laddr)2693 sctp_remove_laddr(struct sctp_laddr *laddr)
2694 {
2695
2696 /* remove from the list */
2697 LIST_REMOVE(laddr, sctp_nxt_addr);
2698 sctp_free_ifa(laddr->ifa);
2699 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), laddr);
2700 SCTP_DECR_LADDR_COUNT();
2701 }
2702
2703 /*
2704 * Bind the socket, with the PCB and global info locks held. Note, if a
2705 * socket address is specified, the PCB lock may be dropped and re-acquired.
2706 *
2707 * sctp_ifap is used to bypass normal local address validation checks.
2708 */
2709 int
sctp_inpcb_bind_locked(struct sctp_inpcb * inp,struct sockaddr * addr,struct sctp_ifa * sctp_ifap,struct thread * td)2710 sctp_inpcb_bind_locked(struct sctp_inpcb *inp, struct sockaddr *addr,
2711 struct sctp_ifa *sctp_ifap, struct thread *td)
2712 {
2713 /* bind a ep to a socket address */
2714 struct sctppcbhead *head;
2715 struct sctp_inpcb *inp_tmp;
2716 struct inpcb *ip_inp;
2717 int port_reuse_active = 0;
2718 int bindall;
2719 uint16_t lport;
2720 int error;
2721 uint32_t vrf_id;
2722
2723 KASSERT(td != NULL, ("%s: null thread", __func__));
2724
2725 error = 0;
2726 lport = 0;
2727 bindall = 1;
2728 ip_inp = &inp->ip_inp.inp;
2729
2730 SCTP_INP_INFO_WLOCK_ASSERT();
2731 SCTP_INP_WLOCK_ASSERT(inp);
2732
2733 #ifdef SCTP_DEBUG
2734 if (addr) {
2735 SCTPDBG(SCTP_DEBUG_PCB1, "Bind called port: %d\n",
2736 ntohs(((struct sockaddr_in *)addr)->sin_port));
2737 SCTPDBG(SCTP_DEBUG_PCB1, "Addr: ");
2738 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, addr);
2739 }
2740 #endif
2741 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) == 0) {
2742 error = EINVAL;
2743 /* already did a bind, subsequent binds NOT allowed ! */
2744 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2745 goto out;
2746 }
2747 if (addr != NULL) {
2748 switch (addr->sa_family) {
2749 #ifdef INET
2750 case AF_INET:
2751 {
2752 struct sockaddr_in *sin;
2753
2754 /* IPV6_V6ONLY socket? */
2755 if (SCTP_IPV6_V6ONLY(inp)) {
2756 error = EINVAL;
2757 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2758 goto out;
2759 }
2760 if (addr->sa_len != sizeof(*sin)) {
2761 error = EINVAL;
2762 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2763 goto out;
2764 }
2765
2766 sin = (struct sockaddr_in *)addr;
2767 lport = sin->sin_port;
2768 /*
2769 * For LOOPBACK the prison_local_ip4() call
2770 * will transmute the ip address to the
2771 * proper value.
2772 */
2773 if ((error = prison_local_ip4(td->td_ucred, &sin->sin_addr)) != 0) {
2774 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2775 goto out;
2776 }
2777 if (sin->sin_addr.s_addr != INADDR_ANY) {
2778 bindall = 0;
2779 }
2780 break;
2781 }
2782 #endif
2783 #ifdef INET6
2784 case AF_INET6:
2785 {
2786 /*
2787 * Only for pure IPv6 Address. (No IPv4
2788 * Mapped!)
2789 */
2790 struct sockaddr_in6 *sin6;
2791
2792 sin6 = (struct sockaddr_in6 *)addr;
2793 if (addr->sa_len != sizeof(*sin6)) {
2794 error = EINVAL;
2795 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2796 goto out;
2797 }
2798 lport = sin6->sin6_port;
2799 /*
2800 * For LOOPBACK the prison_local_ip6() call
2801 * will transmute the ipv6 address to the
2802 * proper value.
2803 */
2804 if ((error = prison_local_ip6(td->td_ucred, &sin6->sin6_addr,
2805 (SCTP_IPV6_V6ONLY(inp) != 0))) != 0) {
2806 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2807 goto out;
2808 }
2809 if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
2810 bindall = 0;
2811 /* KAME hack: embed scopeid */
2812 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
2813 error = EINVAL;
2814 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2815 goto out;
2816 }
2817 }
2818 /* this must be cleared for ifa_ifwithaddr() */
2819 sin6->sin6_scope_id = 0;
2820 break;
2821 }
2822 #endif
2823 default:
2824 error = EAFNOSUPPORT;
2825 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2826 goto out;
2827 }
2828 }
2829 /* Setup a vrf_id to be the default for the non-bind-all case. */
2830 vrf_id = inp->def_vrf_id;
2831
2832 if (lport) {
2833 /*
2834 * Did the caller specify a port? if so we must see if an ep
2835 * already has this one bound.
2836 */
2837 /* got to be root to get at low ports */
2838 if (ntohs(lport) < IPPORT_RESERVED &&
2839 (error = priv_check(td, PRIV_NETINET_RESERVEDPORT)) != 0) {
2840 goto out;
2841 }
2842 SCTP_INP_INCR_REF(inp);
2843 SCTP_INP_WUNLOCK(inp);
2844 if (bindall) {
2845 vrf_id = inp->def_vrf_id;
2846 inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id);
2847 if (inp_tmp != NULL) {
2848 /*
2849 * lock guy returned and lower count note
2850 * that we are not bound so inp_tmp should
2851 * NEVER be inp. And it is this inp
2852 * (inp_tmp) that gets the reference bump,
2853 * so we must lower it.
2854 */
2855 SCTP_INP_DECR_REF(inp_tmp);
2856 /* unlock info */
2857 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) &&
2858 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) {
2859 /*
2860 * Ok, must be one-2-one and
2861 * allowing port re-use
2862 */
2863 port_reuse_active = 1;
2864 goto continue_anyway;
2865 }
2866 SCTP_INP_WLOCK(inp);
2867 SCTP_INP_DECR_REF(inp);
2868 error = EADDRINUSE;
2869 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2870 goto out;
2871 }
2872 } else {
2873 inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id);
2874 if (inp_tmp != NULL) {
2875 /*
2876 * lock guy returned and lower count note
2877 * that we are not bound so inp_tmp should
2878 * NEVER be inp. And it is this inp
2879 * (inp_tmp) that gets the reference bump,
2880 * so we must lower it.
2881 */
2882 SCTP_INP_DECR_REF(inp_tmp);
2883 /* unlock info */
2884 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) &&
2885 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) {
2886 /*
2887 * Ok, must be one-2-one and
2888 * allowing port re-use
2889 */
2890 port_reuse_active = 1;
2891 goto continue_anyway;
2892 }
2893 SCTP_INP_WLOCK(inp);
2894 SCTP_INP_DECR_REF(inp);
2895 error = EADDRINUSE;
2896 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2897 goto out;
2898 }
2899 }
2900 continue_anyway:
2901 SCTP_INP_WLOCK(inp);
2902 SCTP_INP_DECR_REF(inp);
2903 if (bindall) {
2904 /* verify that no lport is not used by a singleton */
2905 if ((port_reuse_active == 0) &&
2906 (inp_tmp = sctp_isport_inuse(inp, lport, vrf_id))) {
2907 /* Sorry someone already has this one bound */
2908 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) &&
2909 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) {
2910 port_reuse_active = 1;
2911 } else {
2912 error = EADDRINUSE;
2913 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2914 goto out;
2915 }
2916 }
2917 }
2918 } else {
2919 uint16_t first, last, candidate;
2920 uint16_t count;
2921
2922 if (ip_inp->inp_flags & INP_HIGHPORT) {
2923 first = MODULE_GLOBAL(ipport_hifirstauto);
2924 last = MODULE_GLOBAL(ipport_hilastauto);
2925 } else if (ip_inp->inp_flags & INP_LOWPORT) {
2926 if ((error = priv_check(td, PRIV_NETINET_RESERVEDPORT)) != 0) {
2927 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2928 goto out;
2929 }
2930 first = MODULE_GLOBAL(ipport_lowfirstauto);
2931 last = MODULE_GLOBAL(ipport_lowlastauto);
2932 } else {
2933 first = MODULE_GLOBAL(ipport_firstauto);
2934 last = MODULE_GLOBAL(ipport_lastauto);
2935 }
2936 if (first > last) {
2937 uint16_t temp;
2938
2939 temp = first;
2940 first = last;
2941 last = temp;
2942 }
2943 count = last - first + 1; /* number of candidates */
2944 candidate = first + sctp_select_initial_TSN(&inp->sctp_ep) % (count);
2945
2946 for (;;) {
2947 if (sctp_isport_inuse(inp, htons(candidate), inp->def_vrf_id) == NULL) {
2948 lport = htons(candidate);
2949 break;
2950 }
2951 if (--count == 0) {
2952 error = EADDRINUSE;
2953 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2954 goto out;
2955 }
2956 if (candidate == last)
2957 candidate = first;
2958 else
2959 candidate = candidate + 1;
2960 }
2961 }
2962 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE |
2963 SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
2964 /*
2965 * this really should not happen. The guy did a non-blocking
2966 * bind and then did a close at the same time.
2967 */
2968 error = EINVAL;
2969 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
2970 goto out;
2971 }
2972 /* ok we look clear to give out this port, so lets setup the binding */
2973 if (bindall) {
2974 /* binding to all addresses, so just set in the proper flags */
2975 inp->sctp_flags |= SCTP_PCB_FLAGS_BOUNDALL;
2976 /* set the automatic addr changes from kernel flag */
2977 if (SCTP_BASE_SYSCTL(sctp_auto_asconf) == 0) {
2978 sctp_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF);
2979 sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
2980 } else {
2981 sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF);
2982 sctp_feature_on(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
2983 }
2984 if (SCTP_BASE_SYSCTL(sctp_multiple_asconfs) == 0) {
2985 sctp_feature_off(inp, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS);
2986 } else {
2987 sctp_feature_on(inp, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS);
2988 }
2989 /*
2990 * set the automatic mobility_base from kernel flag (by
2991 * micchie)
2992 */
2993 if (SCTP_BASE_SYSCTL(sctp_mobility_base) == 0) {
2994 sctp_mobility_feature_off(inp, SCTP_MOBILITY_BASE);
2995 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
2996 } else {
2997 sctp_mobility_feature_on(inp, SCTP_MOBILITY_BASE);
2998 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
2999 }
3000 /*
3001 * set the automatic mobility_fasthandoff from kernel flag
3002 * (by micchie)
3003 */
3004 if (SCTP_BASE_SYSCTL(sctp_mobility_fasthandoff) == 0) {
3005 sctp_mobility_feature_off(inp, SCTP_MOBILITY_FASTHANDOFF);
3006 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
3007 } else {
3008 sctp_mobility_feature_on(inp, SCTP_MOBILITY_FASTHANDOFF);
3009 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
3010 }
3011 } else {
3012 /*
3013 * bind specific, make sure flags is off and add a new
3014 * address structure to the sctp_addr_list inside the ep
3015 * structure.
3016 *
3017 * We will need to allocate one and insert it at the head.
3018 * The socketopt call can just insert new addresses in there
3019 * as well. It will also have to do the embed scope kame
3020 * hack too (before adding).
3021 */
3022 struct sctp_ifa *ifa;
3023 union sctp_sockstore store;
3024
3025 memset(&store, 0, sizeof(store));
3026 switch (addr->sa_family) {
3027 #ifdef INET
3028 case AF_INET:
3029 memcpy(&store.sin, addr, sizeof(struct sockaddr_in));
3030 store.sin.sin_port = 0;
3031 break;
3032 #endif
3033 #ifdef INET6
3034 case AF_INET6:
3035 memcpy(&store.sin6, addr, sizeof(struct sockaddr_in6));
3036 store.sin6.sin6_port = 0;
3037 break;
3038 #endif
3039 default:
3040 break;
3041 }
3042 /*
3043 * first find the interface with the bound address need to
3044 * zero out the port to find the address! yuck! can't do
3045 * this earlier since need port for sctp_pcb_findep()
3046 */
3047 if (sctp_ifap != NULL) {
3048 ifa = sctp_ifap;
3049 } else {
3050 /*
3051 * Note for BSD we hit here always other O/S's will
3052 * pass things in via the sctp_ifap argument.
3053 */
3054 ifa = sctp_find_ifa_by_addr(&store.sa,
3055 vrf_id, SCTP_ADDR_NOT_LOCKED);
3056 }
3057 if (ifa == NULL) {
3058 error = EADDRNOTAVAIL;
3059 /* Can't find an interface with that address */
3060 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
3061 goto out;
3062 }
3063 #ifdef INET6
3064 if (addr->sa_family == AF_INET6) {
3065 /* GAK, more FIXME IFA lock? */
3066 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
3067 /* Can't bind a non-existent addr. */
3068 error = EADDRNOTAVAIL;
3069 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
3070 goto out;
3071 }
3072 }
3073 #endif
3074 /* we're not bound all */
3075 inp->sctp_flags &= ~SCTP_PCB_FLAGS_BOUNDALL;
3076 /* allow bindx() to send ASCONF's for binding changes */
3077 sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF);
3078 /* clear automatic addr changes from kernel flag */
3079 sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
3080
3081 /* add this address to the endpoint list */
3082 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, 0);
3083 if (error != 0)
3084 goto out;
3085 inp->laddr_count++;
3086 }
3087 /* find the bucket */
3088 if (port_reuse_active) {
3089 /* Put it into tcp 1-2-1 hash */
3090 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR(lport, SCTP_BASE_INFO(hashtcpmark))];
3091 inp->sctp_flags |= SCTP_PCB_FLAGS_IN_TCPPOOL;
3092 } else {
3093 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport, SCTP_BASE_INFO(hashmark))];
3094 }
3095 /* put it in the bucket */
3096 LIST_INSERT_HEAD(head, inp, sctp_hash);
3097 SCTPDBG(SCTP_DEBUG_PCB1, "Main hash to bind at head:%p, bound port:%d - in tcp_pool=%d\n",
3098 (void *)head, ntohs(lport), port_reuse_active);
3099 /* set in the port */
3100 inp->sctp_lport = lport;
3101
3102 /* turn off just the unbound flag */
3103 KASSERT((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) != 0,
3104 ("%s: inp %p is already bound", __func__, inp));
3105 inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND;
3106 out:
3107 return (error);
3108 }
3109
3110 int
sctp_inpcb_bind(struct socket * so,struct sockaddr * addr,struct sctp_ifa * sctp_ifap,struct thread * td)3111 sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
3112 struct sctp_ifa *sctp_ifap, struct thread *td)
3113 {
3114 struct sctp_inpcb *inp;
3115 int error;
3116
3117 inp = so->so_pcb;
3118 SCTP_INP_INFO_WLOCK();
3119 SCTP_INP_WLOCK(inp);
3120 error = sctp_inpcb_bind_locked(inp, addr, sctp_ifap, td);
3121 SCTP_INP_WUNLOCK(inp);
3122 SCTP_INP_INFO_WUNLOCK();
3123 return (error);
3124 }
3125
3126 static void
sctp_iterator_inp_being_freed(struct sctp_inpcb * inp)3127 sctp_iterator_inp_being_freed(struct sctp_inpcb *inp)
3128 {
3129 struct sctp_iterator *it, *nit;
3130
3131 /*
3132 * We enter with the only the ITERATOR_LOCK in place and a write
3133 * lock on the inp_info stuff.
3134 */
3135 it = sctp_it_ctl.cur_it;
3136 if (it && (it->vn != curvnet)) {
3137 /* Its not looking at our VNET */
3138 return;
3139 }
3140 if (it && (it->inp == inp)) {
3141 /*
3142 * This is tricky and we hold the iterator lock, but when it
3143 * returns and gets the lock (when we release it) the
3144 * iterator will try to operate on inp. We need to stop that
3145 * from happening. But of course the iterator has a
3146 * reference on the stcb and inp. We can mark it and it will
3147 * stop.
3148 *
3149 * If its a single iterator situation, we set the end
3150 * iterator flag. Otherwise we set the iterator to go to the
3151 * next inp.
3152 *
3153 */
3154 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
3155 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_IT;
3156 } else {
3157 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_INP;
3158 }
3159 }
3160 /*
3161 * Now go through and remove any single reference to our inp that
3162 * may be still pending on the list
3163 */
3164 SCTP_IPI_ITERATOR_WQ_LOCK();
3165 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) {
3166 if (it->vn != curvnet) {
3167 continue;
3168 }
3169 if (it->inp == inp) {
3170 /* This one points to me is it inp specific? */
3171 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
3172 /* Remove and free this one */
3173 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead,
3174 it, sctp_nxt_itr);
3175 if (it->function_atend != NULL) {
3176 (*it->function_atend) (it->pointer, it->val);
3177 }
3178 SCTP_FREE(it, SCTP_M_ITER);
3179 } else {
3180 it->inp = LIST_NEXT(it->inp, sctp_list);
3181 if (it->inp) {
3182 SCTP_INP_INCR_REF(it->inp);
3183 }
3184 }
3185 /*
3186 * When its put in the refcnt is incremented so decr
3187 * it
3188 */
3189 SCTP_INP_DECR_REF(inp);
3190 }
3191 }
3192 SCTP_IPI_ITERATOR_WQ_UNLOCK();
3193 }
3194
3195 /* release sctp_inpcb unbind the port */
3196 void
sctp_inpcb_free(struct sctp_inpcb * inp,int immediate,int from)3197 sctp_inpcb_free(struct sctp_inpcb *inp, int immediate, int from)
3198 {
3199 /*
3200 * Here we free a endpoint. We must find it (if it is in the Hash
3201 * table) and remove it from there. Then we must also find it in the
3202 * overall list and remove it from there. After all removals are
3203 * complete then any timer has to be stopped. Then start the actual
3204 * freeing. a) Any local lists. b) Any associations. c) The hash of
3205 * all associations. d) finally the ep itself.
3206 */
3207 struct sctp_tcb *stcb, *nstcb;
3208 struct sctp_laddr *laddr, *nladdr;
3209 struct inpcb *ip_pcb;
3210 struct socket *so;
3211 int being_refed = 0;
3212 struct sctp_queued_to_read *sq, *nsq;
3213 int cnt;
3214 sctp_sharedkey_t *shared_key, *nshared_key;
3215
3216 #ifdef SCTP_LOG_CLOSING
3217 sctp_log_closing(inp, NULL, 0);
3218 #endif
3219 SCTP_ITERATOR_LOCK();
3220 /* mark any iterators on the list or being processed */
3221 sctp_iterator_inp_being_freed(inp);
3222 SCTP_ITERATOR_UNLOCK();
3223
3224 SCTP_ASOC_CREATE_LOCK(inp);
3225 SCTP_INP_INFO_WLOCK();
3226 SCTP_INP_WLOCK(inp);
3227 so = inp->sctp_socket;
3228 KASSERT((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) != 0,
3229 ("%s: inp %p still has socket", __func__, inp));
3230 KASSERT((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) == 0,
3231 ("%s: double free of inp %p", __func__, inp));
3232 if (from == SCTP_CALLED_AFTER_CMPSET_OFCLOSE) {
3233 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CLOSE_IP;
3234 /* socket is gone, so no more wakeups allowed */
3235 inp->sctp_flags |= SCTP_PCB_FLAGS_DONT_WAKE;
3236 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEINPUT;
3237 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEOUTPUT;
3238 }
3239 /* First time through we have the socket lock, after that no more. */
3240 sctp_timer_stop(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL,
3241 SCTP_FROM_SCTP_PCB + SCTP_LOC_1);
3242
3243 if (inp->control) {
3244 sctp_m_freem(inp->control);
3245 inp->control = NULL;
3246 }
3247 if (inp->pkt) {
3248 sctp_m_freem(inp->pkt);
3249 inp->pkt = NULL;
3250 }
3251 ip_pcb = &inp->ip_inp.inp; /* we could just cast the main pointer
3252 * here but I will be nice :> (i.e.
3253 * ip_pcb = ep;) */
3254 if (immediate == SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE) {
3255 int cnt_in_sd;
3256
3257 cnt_in_sd = 0;
3258 LIST_FOREACH_SAFE(stcb, &inp->sctp_asoc_list, sctp_tcblist, nstcb) {
3259 SCTP_TCB_LOCK(stcb);
3260 /* Disconnect the socket please. */
3261 stcb->sctp_socket = NULL;
3262 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_CLOSED_SOCKET);
3263 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
3264 /* Skip guys being freed */
3265 cnt_in_sd++;
3266 if (stcb->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE) {
3267 /*
3268 * Special case - we did not start a
3269 * kill timer on the asoc due to it
3270 * was not closed. So go ahead and
3271 * start it now.
3272 */
3273 SCTP_CLEAR_SUBSTATE(stcb, SCTP_STATE_IN_ACCEPT_QUEUE);
3274 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
3275 }
3276 SCTP_TCB_UNLOCK(stcb);
3277 continue;
3278 }
3279 if (((SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_WAIT) ||
3280 (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED)) &&
3281 (stcb->asoc.total_output_queue_size == 0)) {
3282 /*
3283 * If we have data in queue, we don't want
3284 * to just free since the app may have done,
3285 * send()/close or connect/send/close. And
3286 * it wants the data to get across first.
3287 */
3288 /* Just abandon things in the front states */
3289 if (sctp_free_assoc(inp, stcb, SCTP_PCBFREE_NOFORCE,
3290 SCTP_FROM_SCTP_PCB + SCTP_LOC_2) == 0) {
3291 cnt_in_sd++;
3292 }
3293 continue;
3294 }
3295 if ((stcb->asoc.size_on_reasm_queue > 0) ||
3296 (stcb->asoc.size_on_all_streams > 0) ||
3297 ((so != NULL) && (SCTP_SBAVAIL(&so->so_rcv) > 0))) {
3298 /* Left with Data unread */
3299 struct mbuf *op_err;
3300
3301 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, "");
3302 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_3;
3303 sctp_send_abort_tcb(stcb, op_err, SCTP_SO_LOCKED);
3304 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
3305 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) ||
3306 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
3307 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
3308 }
3309 if (sctp_free_assoc(inp, stcb,
3310 SCTP_PCBFREE_NOFORCE, SCTP_FROM_SCTP_PCB + SCTP_LOC_4) == 0) {
3311 cnt_in_sd++;
3312 }
3313 continue;
3314 } else if (TAILQ_EMPTY(&stcb->asoc.send_queue) &&
3315 TAILQ_EMPTY(&stcb->asoc.sent_queue) &&
3316 (stcb->asoc.stream_queue_cnt == 0)) {
3317 if ((*stcb->asoc.ss_functions.sctp_ss_is_user_msgs_incomplete) (stcb, &stcb->asoc)) {
3318 goto abort_anyway;
3319 }
3320 if ((SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) &&
3321 (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
3322 struct sctp_nets *netp;
3323
3324 /*
3325 * there is nothing queued to send,
3326 * so I send shutdown
3327 */
3328 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) ||
3329 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
3330 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
3331 }
3332 SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_SENT);
3333 sctp_stop_timers_for_shutdown(stcb);
3334 if (stcb->asoc.alternate) {
3335 netp = stcb->asoc.alternate;
3336 } else {
3337 netp = stcb->asoc.primary_destination;
3338 }
3339 sctp_send_shutdown(stcb, netp);
3340 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, stcb->sctp_ep, stcb,
3341 netp);
3342 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, stcb->sctp_ep, stcb, NULL);
3343 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SHUT_TMR, SCTP_SO_LOCKED);
3344 }
3345 } else {
3346 /* mark into shutdown pending */
3347 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_SHUTDOWN_PENDING);
3348 if ((*stcb->asoc.ss_functions.sctp_ss_is_user_msgs_incomplete) (stcb, &stcb->asoc)) {
3349 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_PARTIAL_MSG_LEFT);
3350 }
3351 if (TAILQ_EMPTY(&stcb->asoc.send_queue) &&
3352 TAILQ_EMPTY(&stcb->asoc.sent_queue) &&
3353 (stcb->asoc.state & SCTP_STATE_PARTIAL_MSG_LEFT)) {
3354 struct mbuf *op_err;
3355
3356 abort_anyway:
3357 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, "");
3358 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_5;
3359 sctp_send_abort_tcb(stcb, op_err, SCTP_SO_LOCKED);
3360 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
3361 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) ||
3362 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
3363 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
3364 }
3365 if (sctp_free_assoc(inp, stcb,
3366 SCTP_PCBFREE_NOFORCE,
3367 SCTP_FROM_SCTP_PCB + SCTP_LOC_6) == 0) {
3368 cnt_in_sd++;
3369 }
3370 continue;
3371 } else {
3372 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CLOSING, SCTP_SO_LOCKED);
3373 }
3374 }
3375 cnt_in_sd++;
3376 SCTP_TCB_UNLOCK(stcb);
3377 }
3378 /* now is there some left in our SHUTDOWN state? */
3379 if (cnt_in_sd) {
3380 #ifdef SCTP_LOG_CLOSING
3381 sctp_log_closing(inp, NULL, 2);
3382 #endif
3383 inp->sctp_socket = NULL;
3384 SCTP_INP_WUNLOCK(inp);
3385 SCTP_ASOC_CREATE_UNLOCK(inp);
3386 SCTP_INP_INFO_WUNLOCK();
3387 return;
3388 }
3389 }
3390 inp->sctp_socket = NULL;
3391 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) == 0) {
3392 /*
3393 * ok, this guy has been bound. It's port is somewhere in
3394 * the SCTP_BASE_INFO(hash table). Remove it!
3395 */
3396 LIST_REMOVE(inp, sctp_hash);
3397 inp->sctp_flags |= SCTP_PCB_FLAGS_UNBOUND;
3398 }
3399
3400 /*
3401 * If there is a timer running to kill us, forget it, since it may
3402 * have a contest on the INP lock.. which would cause us to die ...
3403 */
3404 cnt = 0;
3405 LIST_FOREACH_SAFE(stcb, &inp->sctp_asoc_list, sctp_tcblist, nstcb) {
3406 SCTP_TCB_LOCK(stcb);
3407 if (immediate != SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE) {
3408 /* Disconnect the socket please */
3409 stcb->sctp_socket = NULL;
3410 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_CLOSED_SOCKET);
3411 }
3412 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
3413 if (stcb->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE) {
3414 SCTP_CLEAR_SUBSTATE(stcb, SCTP_STATE_IN_ACCEPT_QUEUE);
3415 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
3416 }
3417 cnt++;
3418 SCTP_TCB_UNLOCK(stcb);
3419 continue;
3420 }
3421 /* Free associations that are NOT killing us */
3422 if ((SCTP_GET_STATE(stcb) != SCTP_STATE_COOKIE_WAIT) &&
3423 ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) {
3424 struct mbuf *op_err;
3425
3426 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, "");
3427 stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_7;
3428 sctp_send_abort_tcb(stcb, op_err, SCTP_SO_LOCKED);
3429 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
3430 } else if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
3431 cnt++;
3432 SCTP_TCB_UNLOCK(stcb);
3433 continue;
3434 }
3435 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) ||
3436 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
3437 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
3438 }
3439 if (sctp_free_assoc(inp, stcb, SCTP_PCBFREE_FORCE,
3440 SCTP_FROM_SCTP_PCB + SCTP_LOC_8) == 0) {
3441 cnt++;
3442 }
3443 }
3444 if (cnt) {
3445 /* Ok we have someone out there that will kill us */
3446 #ifdef SCTP_LOG_CLOSING
3447 sctp_log_closing(inp, NULL, 3);
3448 #endif
3449 SCTP_INP_WUNLOCK(inp);
3450 SCTP_ASOC_CREATE_UNLOCK(inp);
3451 SCTP_INP_INFO_WUNLOCK();
3452 return;
3453 }
3454 if (SCTP_INP_LOCK_CONTENDED(inp))
3455 being_refed++;
3456 if (SCTP_INP_READ_CONTENDED(inp))
3457 being_refed++;
3458 if (SCTP_ASOC_CREATE_LOCK_CONTENDED(inp))
3459 being_refed++;
3460 /* NOTE: 0 refcount also means no timers are referencing us. */
3461 if ((inp->refcount) ||
3462 (being_refed) ||
3463 (inp->sctp_flags & SCTP_PCB_FLAGS_CLOSE_IP)) {
3464 #ifdef SCTP_LOG_CLOSING
3465 sctp_log_closing(inp, NULL, 4);
3466 #endif
3467 sctp_timer_start(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL);
3468 SCTP_INP_WUNLOCK(inp);
3469 SCTP_ASOC_CREATE_UNLOCK(inp);
3470 SCTP_INP_INFO_WUNLOCK();
3471 return;
3472 }
3473 inp->sctp_ep.signature_change.type = 0;
3474 inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_ALLGONE;
3475 /*
3476 * Remove it from the list .. last thing we need a lock for.
3477 */
3478 LIST_REMOVE(inp, sctp_list);
3479 SCTP_INP_WUNLOCK(inp);
3480 SCTP_ASOC_CREATE_UNLOCK(inp);
3481 SCTP_INP_INFO_WUNLOCK();
3482
3483 #ifdef SCTP_LOG_CLOSING
3484 sctp_log_closing(inp, NULL, 5);
3485 #endif
3486 if ((inp->sctp_asocidhash) != NULL) {
3487 SCTP_HASH_FREE(inp->sctp_asocidhash, inp->hashasocidmark);
3488 inp->sctp_asocidhash = NULL;
3489 }
3490 /* sa_ignore FREED_MEMORY */
3491 TAILQ_FOREACH_SAFE(sq, &inp->read_queue, next, nsq) {
3492 /* Its only abandoned if it had data left */
3493 if (sq->length)
3494 SCTP_STAT_INCR(sctps_left_abandon);
3495
3496 TAILQ_REMOVE(&inp->read_queue, sq, next);
3497 sctp_free_remote_addr(sq->whoFrom);
3498 if (so)
3499 SCTP_SB_DECR(&so->so_rcv, sq->length);
3500 if (sq->data) {
3501 sctp_m_freem(sq->data);
3502 sq->data = NULL;
3503 }
3504 /*
3505 * no need to free the net count, since at this point all
3506 * assoc's are gone.
3507 */
3508 sctp_free_a_readq(NULL, sq);
3509 }
3510 /* Now the sctp_pcb things */
3511 /*
3512 * free each asoc if it is not already closed/free. we can't use the
3513 * macro here since le_next will get freed as part of the
3514 * sctp_free_assoc() call.
3515 */
3516 if (ip_pcb->inp_options) {
3517 (void)sctp_m_free(ip_pcb->inp_options);
3518 ip_pcb->inp_options = 0;
3519 }
3520 #ifdef INET6
3521 if (ip_pcb->inp_vflag & INP_IPV6) {
3522 ip6_freepcbopts(ip_pcb->in6p_outputopts);
3523 }
3524 #endif /* INET6 */
3525 ip_pcb->inp_vflag = 0;
3526 /* free up authentication fields */
3527 if (inp->sctp_ep.local_auth_chunks != NULL)
3528 sctp_free_chunklist(inp->sctp_ep.local_auth_chunks);
3529 if (inp->sctp_ep.local_hmacs != NULL)
3530 sctp_free_hmaclist(inp->sctp_ep.local_hmacs);
3531
3532 LIST_FOREACH_SAFE(shared_key, &inp->sctp_ep.shared_keys, next, nshared_key) {
3533 LIST_REMOVE(shared_key, next);
3534 sctp_free_sharedkey(shared_key);
3535 /* sa_ignore FREED_MEMORY */
3536 }
3537
3538 /*
3539 * if we have an address list the following will free the list of
3540 * ifaddr's that are set into this ep. Again macro limitations here,
3541 * since the LIST_FOREACH could be a bad idea.
3542 */
3543 LIST_FOREACH_SAFE(laddr, &inp->sctp_addr_list, sctp_nxt_addr, nladdr) {
3544 sctp_remove_laddr(laddr);
3545 }
3546
3547 #ifdef SCTP_TRACK_FREED_ASOCS
3548 /* TEMP CODE */
3549 LIST_FOREACH_SAFE(stcb, &inp->sctp_asoc_free_list, sctp_tcblist, nstcb) {
3550 LIST_REMOVE(stcb, sctp_tcblist);
3551 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
3552 SCTP_DECR_ASOC_COUNT();
3553 }
3554 /* *** END TEMP CODE *** */
3555 #endif
3556 /* Now lets see about freeing the EP hash table. */
3557 if (inp->sctp_tcbhash != NULL) {
3558 SCTP_HASH_FREE(inp->sctp_tcbhash, inp->sctp_hashmark);
3559 inp->sctp_tcbhash = NULL;
3560 }
3561 /* Now we must put the ep memory back into the zone pool */
3562 crfree(inp->ip_inp.inp.inp_cred);
3563 INP_LOCK_DESTROY(&inp->ip_inp.inp);
3564 SCTP_INP_LOCK_DESTROY(inp);
3565 SCTP_INP_READ_LOCK_DESTROY(inp);
3566 SCTP_ASOC_CREATE_LOCK_DESTROY(inp);
3567 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
3568 SCTP_DECR_EP_COUNT();
3569 }
3570
3571 struct sctp_nets *
sctp_findnet(struct sctp_tcb * stcb,struct sockaddr * addr)3572 sctp_findnet(struct sctp_tcb *stcb, struct sockaddr *addr)
3573 {
3574 struct sctp_nets *net;
3575
3576 /* locate the address */
3577 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
3578 if (sctp_cmpaddr(addr, (struct sockaddr *)&net->ro._l_addr))
3579 return (net);
3580 }
3581 return (NULL);
3582 }
3583
3584 int
sctp_is_address_on_local_host(struct sockaddr * addr,uint32_t vrf_id)3585 sctp_is_address_on_local_host(struct sockaddr *addr, uint32_t vrf_id)
3586 {
3587 struct sctp_ifa *sctp_ifa;
3588
3589 sctp_ifa = sctp_find_ifa_by_addr(addr, vrf_id, SCTP_ADDR_NOT_LOCKED);
3590 if (sctp_ifa) {
3591 return (1);
3592 } else {
3593 return (0);
3594 }
3595 }
3596
3597 /*
3598 * add's a remote endpoint address, done with the INIT/INIT-ACK as well as
3599 * when a ASCONF arrives that adds it. It will also initialize all the cwnd
3600 * stats of stuff.
3601 */
3602 int
sctp_add_remote_addr(struct sctp_tcb * stcb,struct sockaddr * newaddr,struct sctp_nets ** netp,uint16_t port,int set_scope,int from)3603 sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr,
3604 struct sctp_nets **netp, uint16_t port, int set_scope, int from)
3605 {
3606 /*
3607 * The following is redundant to the same lines in the
3608 * sctp_aloc_assoc() but is needed since others call the add address
3609 * function
3610 */
3611 struct sctp_nets *net, *netfirst;
3612 int addr_inscope;
3613
3614 SCTPDBG(SCTP_DEBUG_PCB1, "Adding an address (from:%d) to the peer: ",
3615 from);
3616 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, newaddr);
3617
3618 netfirst = sctp_findnet(stcb, newaddr);
3619 if (netfirst) {
3620 /*
3621 * Lie and return ok, we don't want to make the association
3622 * go away for this behavior. It will happen in the TCP
3623 * model in a connected socket. It does not reach the hash
3624 * table until after the association is built so it can't be
3625 * found. Mark as reachable, since the initial creation will
3626 * have been cleared and the NOT_IN_ASSOC flag will have
3627 * been added... and we don't want to end up removing it
3628 * back out.
3629 */
3630 if (netfirst->dest_state & SCTP_ADDR_UNCONFIRMED) {
3631 netfirst->dest_state = (SCTP_ADDR_REACHABLE |
3632 SCTP_ADDR_UNCONFIRMED);
3633 } else {
3634 netfirst->dest_state = SCTP_ADDR_REACHABLE;
3635 }
3636
3637 return (0);
3638 }
3639 addr_inscope = 1;
3640 switch (newaddr->sa_family) {
3641 #ifdef INET
3642 case AF_INET:
3643 {
3644 struct sockaddr_in *sin;
3645
3646 sin = (struct sockaddr_in *)newaddr;
3647 if (sin->sin_addr.s_addr == 0) {
3648 /* Invalid address */
3649 return (-1);
3650 }
3651 /* zero out the zero area */
3652 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
3653
3654 /* assure len is set */
3655 sin->sin_len = sizeof(struct sockaddr_in);
3656 if (set_scope) {
3657 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) {
3658 stcb->asoc.scope.ipv4_local_scope = 1;
3659 }
3660 } else {
3661 /* Validate the address is in scope */
3662 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) &&
3663 (stcb->asoc.scope.ipv4_local_scope == 0)) {
3664 addr_inscope = 0;
3665 }
3666 }
3667 break;
3668 }
3669 #endif
3670 #ifdef INET6
3671 case AF_INET6:
3672 {
3673 struct sockaddr_in6 *sin6;
3674
3675 sin6 = (struct sockaddr_in6 *)newaddr;
3676 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
3677 /* Invalid address */
3678 return (-1);
3679 }
3680 /* assure len is set */
3681 sin6->sin6_len = sizeof(struct sockaddr_in6);
3682 if (set_scope) {
3683 if (sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id)) {
3684 stcb->asoc.scope.loopback_scope = 1;
3685 stcb->asoc.scope.local_scope = 0;
3686 stcb->asoc.scope.ipv4_local_scope = 1;
3687 stcb->asoc.scope.site_scope = 1;
3688 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
3689 /*
3690 * If the new destination is a
3691 * LINK_LOCAL we must have common
3692 * site scope. Don't set the local
3693 * scope since we may not share all
3694 * links, only loopback can do this.
3695 * Links on the local network would
3696 * also be on our private network
3697 * for v4 too.
3698 */
3699 stcb->asoc.scope.ipv4_local_scope = 1;
3700 stcb->asoc.scope.site_scope = 1;
3701 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
3702 /*
3703 * If the new destination is
3704 * SITE_LOCAL then we must have site
3705 * scope in common.
3706 */
3707 stcb->asoc.scope.site_scope = 1;
3708 }
3709 } else {
3710 /* Validate the address is in scope */
3711 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) &&
3712 (stcb->asoc.scope.loopback_scope == 0)) {
3713 addr_inscope = 0;
3714 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) &&
3715 (stcb->asoc.scope.local_scope == 0)) {
3716 addr_inscope = 0;
3717 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr) &&
3718 (stcb->asoc.scope.site_scope == 0)) {
3719 addr_inscope = 0;
3720 }
3721 }
3722 break;
3723 }
3724 #endif
3725 default:
3726 /* not supported family type */
3727 return (-1);
3728 }
3729 net = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_net), struct sctp_nets);
3730 if (net == NULL) {
3731 return (-1);
3732 }
3733 SCTP_INCR_RADDR_COUNT();
3734 memset(net, 0, sizeof(struct sctp_nets));
3735 (void)SCTP_GETTIME_TIMEVAL(&net->start_time);
3736 memcpy(&net->ro._l_addr, newaddr, newaddr->sa_len);
3737 switch (newaddr->sa_family) {
3738 #ifdef INET
3739 case AF_INET:
3740 ((struct sockaddr_in *)&net->ro._l_addr)->sin_port = stcb->rport;
3741 break;
3742 #endif
3743 #ifdef INET6
3744 case AF_INET6:
3745 ((struct sockaddr_in6 *)&net->ro._l_addr)->sin6_port = stcb->rport;
3746 break;
3747 #endif
3748 default:
3749 break;
3750 }
3751 net->addr_is_local = sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id);
3752 if (net->addr_is_local && ((set_scope || (from == SCTP_ADDR_IS_CONFIRMED)))) {
3753 stcb->asoc.scope.loopback_scope = 1;
3754 stcb->asoc.scope.ipv4_local_scope = 1;
3755 stcb->asoc.scope.local_scope = 0;
3756 stcb->asoc.scope.site_scope = 1;
3757 addr_inscope = 1;
3758 }
3759 net->failure_threshold = stcb->asoc.def_net_failure;
3760 net->pf_threshold = stcb->asoc.def_net_pf_threshold;
3761 if (addr_inscope == 0) {
3762 net->dest_state = (SCTP_ADDR_REACHABLE |
3763 SCTP_ADDR_OUT_OF_SCOPE);
3764 } else {
3765 if (from == SCTP_ADDR_IS_CONFIRMED)
3766 /* SCTP_ADDR_IS_CONFIRMED is passed by connect_x */
3767 net->dest_state = SCTP_ADDR_REACHABLE;
3768 else
3769 net->dest_state = SCTP_ADDR_REACHABLE |
3770 SCTP_ADDR_UNCONFIRMED;
3771 }
3772 /*
3773 * We set this to 0, the timer code knows that this means its an
3774 * initial value
3775 */
3776 net->rto_needed = 1;
3777 net->RTO = 0;
3778 net->RTO_measured = 0;
3779 stcb->asoc.numnets++;
3780 net->ref_count = 1;
3781 net->cwr_window_tsn = net->last_cwr_tsn = stcb->asoc.sending_seq - 1;
3782 net->port = port;
3783 net->dscp = stcb->asoc.default_dscp;
3784 #ifdef INET6
3785 net->flowlabel = stcb->asoc.default_flowlabel;
3786 #endif
3787 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DONOT_HEARTBEAT)) {
3788 net->dest_state |= SCTP_ADDR_NOHB;
3789 } else {
3790 net->dest_state &= ~SCTP_ADDR_NOHB;
3791 }
3792 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DO_NOT_PMTUD)) {
3793 net->dest_state |= SCTP_ADDR_NO_PMTUD;
3794 } else {
3795 net->dest_state &= ~SCTP_ADDR_NO_PMTUD;
3796 }
3797 net->heart_beat_delay = stcb->asoc.heart_beat_delay;
3798 /* Init the timer structure */
3799 SCTP_OS_TIMER_INIT(&net->rxt_timer.timer);
3800 SCTP_OS_TIMER_INIT(&net->pmtu_timer.timer);
3801 SCTP_OS_TIMER_INIT(&net->hb_timer.timer);
3802
3803 /* Now generate a route for this guy */
3804 #ifdef INET6
3805 /* KAME hack: embed scopeid */
3806 if (newaddr->sa_family == AF_INET6) {
3807 struct sockaddr_in6 *sin6;
3808
3809 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
3810 (void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
3811 sin6->sin6_scope_id = 0;
3812 }
3813 #endif
3814 SCTP_RTALLOC((sctp_route_t *)&net->ro,
3815 stcb->asoc.vrf_id,
3816 stcb->sctp_ep->fibnum);
3817
3818 net->src_addr_selected = 0;
3819 if (SCTP_ROUTE_HAS_VALID_IFN(&net->ro)) {
3820 /* Get source address */
3821 net->ro._s_addr = sctp_source_address_selection(stcb->sctp_ep,
3822 stcb,
3823 (sctp_route_t *)&net->ro,
3824 net,
3825 0,
3826 stcb->asoc.vrf_id);
3827 if (stcb->asoc.default_mtu > 0) {
3828 net->mtu = stcb->asoc.default_mtu;
3829 switch (net->ro._l_addr.sa.sa_family) {
3830 #ifdef INET
3831 case AF_INET:
3832 net->mtu += SCTP_MIN_V4_OVERHEAD;
3833 break;
3834 #endif
3835 #ifdef INET6
3836 case AF_INET6:
3837 net->mtu += SCTP_MIN_OVERHEAD;
3838 break;
3839 #endif
3840 default:
3841 break;
3842 }
3843 #if defined(INET) || defined(INET6)
3844 if (net->port) {
3845 net->mtu += (uint32_t)sizeof(struct udphdr);
3846 }
3847 #endif
3848 } else if (net->ro._s_addr != NULL) {
3849 uint32_t imtu, rmtu, hcmtu;
3850
3851 net->src_addr_selected = 1;
3852 /* Now get the interface MTU */
3853 if (net->ro._s_addr->ifn_p != NULL) {
3854 /*
3855 * XXX: Should we here just use
3856 * net->ro._s_addr->ifn_p->ifn_mtu
3857 */
3858 imtu = SCTP_GATHER_MTU_FROM_IFN_INFO(net->ro._s_addr->ifn_p->ifn_p,
3859 net->ro._s_addr->ifn_p->ifn_index);
3860 } else {
3861 imtu = 0;
3862 }
3863 rmtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, net->ro.ro_nh);
3864 hcmtu = sctp_hc_get_mtu(&net->ro._l_addr, stcb->sctp_ep->fibnum);
3865 net->mtu = sctp_min_mtu(hcmtu, rmtu, imtu);
3866 }
3867 }
3868 if (net->mtu == 0) {
3869 if (stcb->asoc.default_mtu > 0) {
3870 net->mtu = stcb->asoc.default_mtu;
3871 switch (net->ro._l_addr.sa.sa_family) {
3872 #ifdef INET
3873 case AF_INET:
3874 net->mtu += SCTP_MIN_V4_OVERHEAD;
3875 break;
3876 #endif
3877 #ifdef INET6
3878 case AF_INET6:
3879 net->mtu += SCTP_MIN_OVERHEAD;
3880 break;
3881 #endif
3882 default:
3883 break;
3884 }
3885 #if defined(INET) || defined(INET6)
3886 if (net->port) {
3887 net->mtu += (uint32_t)sizeof(struct udphdr);
3888 }
3889 #endif
3890 } else {
3891 switch (newaddr->sa_family) {
3892 #ifdef INET
3893 case AF_INET:
3894 net->mtu = SCTP_DEFAULT_MTU;
3895 break;
3896 #endif
3897 #ifdef INET6
3898 case AF_INET6:
3899 net->mtu = 1280;
3900 break;
3901 #endif
3902 default:
3903 break;
3904 }
3905 }
3906 }
3907 #if defined(INET) || defined(INET6)
3908 if (net->port) {
3909 net->mtu -= (uint32_t)sizeof(struct udphdr);
3910 }
3911 #endif
3912 if (from == SCTP_ALLOC_ASOC) {
3913 stcb->asoc.smallest_mtu = net->mtu;
3914 }
3915 if (stcb->asoc.smallest_mtu > net->mtu) {
3916 sctp_pathmtu_adjustment(stcb, net->mtu, true);
3917 }
3918 #ifdef INET6
3919 if (newaddr->sa_family == AF_INET6) {
3920 struct sockaddr_in6 *sin6;
3921
3922 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
3923 (void)sa6_recoverscope(sin6);
3924 }
3925 #endif
3926
3927 /* JRS - Use the congestion control given in the CC module */
3928 if (stcb->asoc.cc_functions.sctp_set_initial_cc_param != NULL)
3929 (*stcb->asoc.cc_functions.sctp_set_initial_cc_param) (stcb, net);
3930
3931 /*
3932 * CMT: CUC algo - set find_pseudo_cumack to TRUE (1) at beginning
3933 * of assoc (2005/06/27, iyengar@cis.udel.edu)
3934 */
3935 net->find_pseudo_cumack = 1;
3936 net->find_rtx_pseudo_cumack = 1;
3937 /* Choose an initial flowid. */
3938 net->flowid = stcb->asoc.my_vtag ^
3939 ntohs(stcb->rport) ^
3940 ntohs(stcb->sctp_ep->sctp_lport);
3941 net->flowtype = M_HASHTYPE_OPAQUE_HASH;
3942 if (netp) {
3943 *netp = net;
3944 }
3945 netfirst = TAILQ_FIRST(&stcb->asoc.nets);
3946 if (net->ro.ro_nh == NULL) {
3947 /* Since we have no route put it at the back */
3948 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next);
3949 } else if (netfirst == NULL) {
3950 /* We are the first one in the pool. */
3951 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
3952 } else if (netfirst->ro.ro_nh == NULL) {
3953 /*
3954 * First one has NO route. Place this one ahead of the first
3955 * one.
3956 */
3957 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
3958 } else if (net->ro.ro_nh->nh_ifp != netfirst->ro.ro_nh->nh_ifp) {
3959 /*
3960 * This one has a different interface than the one at the
3961 * top of the list. Place it ahead.
3962 */
3963 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
3964 } else {
3965 /*
3966 * Ok we have the same interface as the first one. Move
3967 * forward until we find either a) one with a NULL route...
3968 * insert ahead of that b) one with a different ifp.. insert
3969 * after that. c) end of the list.. insert at the tail.
3970 */
3971 struct sctp_nets *netlook;
3972
3973 do {
3974 netlook = TAILQ_NEXT(netfirst, sctp_next);
3975 if (netlook == NULL) {
3976 /* End of the list */
3977 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next);
3978 break;
3979 } else if (netlook->ro.ro_nh == NULL) {
3980 /* next one has NO route */
3981 TAILQ_INSERT_BEFORE(netfirst, net, sctp_next);
3982 break;
3983 } else if (netlook->ro.ro_nh->nh_ifp != net->ro.ro_nh->nh_ifp) {
3984 TAILQ_INSERT_AFTER(&stcb->asoc.nets, netlook,
3985 net, sctp_next);
3986 break;
3987 }
3988 /* Shift forward */
3989 netfirst = netlook;
3990 } while (netlook != NULL);
3991 }
3992
3993 /* got to have a primary set */
3994 if (stcb->asoc.primary_destination == 0) {
3995 stcb->asoc.primary_destination = net;
3996 } else if ((stcb->asoc.primary_destination->ro.ro_nh == NULL) &&
3997 (net->ro.ro_nh) &&
3998 ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) {
3999 /* No route to current primary adopt new primary */
4000 stcb->asoc.primary_destination = net;
4001 }
4002 /* Validate primary is first */
4003 net = TAILQ_FIRST(&stcb->asoc.nets);
4004 if ((net != stcb->asoc.primary_destination) &&
4005 (stcb->asoc.primary_destination)) {
4006 /*
4007 * first one on the list is NOT the primary sctp_cmpaddr()
4008 * is much more efficient if the primary is the first on the
4009 * list, make it so.
4010 */
4011 TAILQ_REMOVE(&stcb->asoc.nets,
4012 stcb->asoc.primary_destination, sctp_next);
4013 TAILQ_INSERT_HEAD(&stcb->asoc.nets,
4014 stcb->asoc.primary_destination, sctp_next);
4015 }
4016 return (0);
4017 }
4018
4019 static uint32_t
sctp_aloc_a_assoc_id(struct sctp_inpcb * inp,struct sctp_tcb * stcb)4020 sctp_aloc_a_assoc_id(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
4021 {
4022 uint32_t id;
4023 struct sctpasochead *head;
4024 struct sctp_tcb *lstcb;
4025
4026 try_again:
4027 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
4028 /* TSNH */
4029 return (0);
4030 }
4031 /*
4032 * We don't allow assoc id to be one of SCTP_FUTURE_ASSOC,
4033 * SCTP_CURRENT_ASSOC and SCTP_ALL_ASSOC.
4034 */
4035 if (inp->sctp_associd_counter <= SCTP_ALL_ASSOC) {
4036 inp->sctp_associd_counter = SCTP_ALL_ASSOC + 1;
4037 }
4038 id = inp->sctp_associd_counter;
4039 inp->sctp_associd_counter++;
4040 lstcb = sctp_findasoc_ep_asocid_locked(inp, (sctp_assoc_t)id, 0);
4041 if (lstcb) {
4042 goto try_again;
4043 }
4044 head = &inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(id, inp->hashasocidmark)];
4045 LIST_INSERT_HEAD(head, stcb, sctp_tcbasocidhash);
4046 stcb->asoc.in_asocid_hash = 1;
4047 return (id);
4048 }
4049
4050 /*
4051 * allocate an association and add it to the endpoint. The caller must be
4052 * careful to add all additional addresses once they are know right away or
4053 * else the assoc will be may experience a blackout scenario.
4054 */
4055 static struct sctp_tcb *
sctp_aloc_assoc_locked(struct sctp_inpcb * inp,struct sockaddr * firstaddr,int * error,uint32_t override_tag,uint32_t initial_tsn,uint32_t vrf_id,uint16_t o_streams,uint16_t port,struct thread * p,int initialize_auth_params)4056 sctp_aloc_assoc_locked(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
4057 int *error, uint32_t override_tag, uint32_t initial_tsn,
4058 uint32_t vrf_id, uint16_t o_streams, uint16_t port,
4059 struct thread *p,
4060 int initialize_auth_params)
4061 {
4062 /* note the p argument is only valid in unbound sockets */
4063
4064 struct sctp_tcb *stcb;
4065 struct sctp_association *asoc;
4066 struct sctpasochead *head;
4067 uint16_t rport;
4068 int err;
4069
4070 SCTP_INP_INFO_WLOCK_ASSERT();
4071 SCTP_INP_WLOCK_ASSERT(inp);
4072
4073 /*
4074 * Assumption made here: Caller has done a
4075 * sctp_findassociation_ep_addr(ep, addr's); to make sure the
4076 * address does not exist already.
4077 */
4078 if (SCTP_BASE_INFO(ipi_count_asoc) >= SCTP_MAX_NUM_OF_ASOC) {
4079 /* Hit max assoc, sorry no more */
4080 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
4081 *error = ENOBUFS;
4082 return (NULL);
4083 }
4084 if (firstaddr == NULL) {
4085 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4086 *error = EINVAL;
4087 return (NULL);
4088 }
4089 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
4090 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4091 *error = EINVAL;
4092 return (NULL);
4093 }
4094 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) &&
4095 ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_PORTREUSE)) ||
4096 (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) {
4097 /*
4098 * If its in the TCP pool, its NOT allowed to create an
4099 * association. The parent listener needs to call
4100 * sctp_aloc_assoc.. or the one-2-many socket. If a peeled
4101 * off, or connected one does this.. its an error.
4102 */
4103 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4104 *error = EINVAL;
4105 return (NULL);
4106 }
4107 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) ||
4108 (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)) {
4109 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) ||
4110 (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED)) {
4111 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4112 *error = EINVAL;
4113 return (NULL);
4114 }
4115 }
4116 SCTPDBG(SCTP_DEBUG_PCB3, "Allocate an association for peer:");
4117 #ifdef SCTP_DEBUG
4118 if (firstaddr) {
4119 SCTPDBG_ADDR(SCTP_DEBUG_PCB3, firstaddr);
4120 switch (firstaddr->sa_family) {
4121 #ifdef INET
4122 case AF_INET:
4123 SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n",
4124 ntohs(((struct sockaddr_in *)firstaddr)->sin_port));
4125 break;
4126 #endif
4127 #ifdef INET6
4128 case AF_INET6:
4129 SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n",
4130 ntohs(((struct sockaddr_in6 *)firstaddr)->sin6_port));
4131 break;
4132 #endif
4133 default:
4134 break;
4135 }
4136 } else {
4137 SCTPDBG(SCTP_DEBUG_PCB3, "None\n");
4138 }
4139 #endif /* SCTP_DEBUG */
4140 switch (firstaddr->sa_family) {
4141 #ifdef INET
4142 case AF_INET:
4143 {
4144 struct sockaddr_in *sin;
4145
4146 sin = (struct sockaddr_in *)firstaddr;
4147 if ((ntohs(sin->sin_port) == 0) ||
4148 in_broadcast(sin->sin_addr) ||
4149 IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) ||
4150 ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
4151 (SCTP_IPV6_V6ONLY(inp) != 0))) {
4152 /* Invalid address */
4153 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4154 *error = EINVAL;
4155 return (NULL);
4156 }
4157 rport = sin->sin_port;
4158 break;
4159 }
4160 #endif
4161 #ifdef INET6
4162 case AF_INET6:
4163 {
4164 struct sockaddr_in6 *sin6;
4165
4166 sin6 = (struct sockaddr_in6 *)firstaddr;
4167 if ((ntohs(sin6->sin6_port) == 0) ||
4168 IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) ||
4169 IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) ||
4170 ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0)) {
4171 /* Invalid address */
4172 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4173 *error = EINVAL;
4174 return (NULL);
4175 }
4176 rport = sin6->sin6_port;
4177 break;
4178 }
4179 #endif
4180 default:
4181 /* not supported family type */
4182 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4183 *error = EINVAL;
4184 return (NULL);
4185 }
4186 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) {
4187 /*
4188 * If you have not performed a bind, then we need to do the
4189 * ephemeral bind for you.
4190 */
4191 if ((err = sctp_inpcb_bind_locked(inp, NULL, NULL, p))) {
4192 /* bind error, probably perm */
4193 *error = err;
4194 return (NULL);
4195 }
4196 }
4197 stcb = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_asoc), struct sctp_tcb);
4198 if (stcb == NULL) {
4199 /* out of memory? */
4200 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM);
4201 *error = ENOMEM;
4202 return (NULL);
4203 }
4204 SCTP_INCR_ASOC_COUNT();
4205
4206 memset(stcb, 0, sizeof(*stcb));
4207 asoc = &stcb->asoc;
4208
4209 SCTP_TCB_LOCK_INIT(stcb);
4210 stcb->rport = rport;
4211 /* setup back pointer's */
4212 stcb->sctp_ep = inp;
4213 stcb->sctp_socket = inp->sctp_socket;
4214 if ((err = sctp_init_asoc(inp, stcb, override_tag, initial_tsn, vrf_id, o_streams))) {
4215 /* failed */
4216 SCTP_TCB_LOCK_DESTROY(stcb);
4217 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
4218 SCTP_DECR_ASOC_COUNT();
4219 *error = err;
4220 return (NULL);
4221 }
4222 SCTP_TCB_LOCK(stcb);
4223
4224 asoc->assoc_id = sctp_aloc_a_assoc_id(inp, stcb);
4225 /* now that my_vtag is set, add it to the hash */
4226 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))];
4227 /* put it in the bucket in the vtag hash of assoc's for the system */
4228 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
4229
4230 if (sctp_add_remote_addr(stcb, firstaddr, NULL, port, SCTP_DO_SETSCOPE, SCTP_ALLOC_ASOC)) {
4231 /* failure.. memory error? */
4232 if (asoc->strmout) {
4233 SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
4234 asoc->strmout = NULL;
4235 }
4236 if (asoc->mapping_array) {
4237 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP);
4238 asoc->mapping_array = NULL;
4239 }
4240 if (asoc->nr_mapping_array) {
4241 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP);
4242 asoc->nr_mapping_array = NULL;
4243 }
4244 SCTP_DECR_ASOC_COUNT();
4245 SCTP_TCB_UNLOCK(stcb);
4246 SCTP_TCB_LOCK_DESTROY(stcb);
4247 LIST_REMOVE(stcb, sctp_asocs);
4248 LIST_REMOVE(stcb, sctp_tcbasocidhash);
4249 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
4250 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
4251 *error = ENOBUFS;
4252 return (NULL);
4253 }
4254 /* Init all the timers */
4255 SCTP_OS_TIMER_INIT(&asoc->dack_timer.timer);
4256 SCTP_OS_TIMER_INIT(&asoc->strreset_timer.timer);
4257 SCTP_OS_TIMER_INIT(&asoc->asconf_timer.timer);
4258 SCTP_OS_TIMER_INIT(&asoc->shut_guard_timer.timer);
4259 SCTP_OS_TIMER_INIT(&asoc->autoclose_timer.timer);
4260 SCTP_OS_TIMER_INIT(&asoc->delete_prim_timer.timer);
4261
4262 LIST_INSERT_HEAD(&inp->sctp_asoc_list, stcb, sctp_tcblist);
4263 /* now file the port under the hash as well */
4264 if (inp->sctp_tcbhash != NULL) {
4265 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(stcb->rport,
4266 inp->sctp_hashmark)];
4267 LIST_INSERT_HEAD(head, stcb, sctp_tcbhash);
4268 }
4269 if (initialize_auth_params == SCTP_INITIALIZE_AUTH_PARAMS) {
4270 sctp_initialize_auth_params(inp, stcb);
4271 }
4272 SCTPDBG(SCTP_DEBUG_PCB1, "Association %p now allocated\n", (void *)stcb);
4273 return (stcb);
4274 }
4275
4276 struct sctp_tcb *
sctp_aloc_assoc(struct sctp_inpcb * inp,struct sockaddr * firstaddr,int * error,uint32_t override_tag,uint32_t initial_tsn,uint32_t vrf_id,uint16_t o_streams,uint16_t port,struct thread * p,int initialize_auth_params)4277 sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
4278 int *error, uint32_t override_tag, uint32_t initial_tsn,
4279 uint32_t vrf_id, uint16_t o_streams, uint16_t port,
4280 struct thread *p,
4281 int initialize_auth_params)
4282 {
4283 struct sctp_tcb *stcb;
4284
4285 SCTP_INP_INFO_WLOCK();
4286 SCTP_INP_WLOCK(inp);
4287 stcb = sctp_aloc_assoc_locked(inp, firstaddr, error, override_tag,
4288 initial_tsn, vrf_id, o_streams, port, p, initialize_auth_params);
4289 SCTP_INP_INFO_WUNLOCK();
4290 SCTP_INP_WUNLOCK(inp);
4291 return (stcb);
4292 }
4293
4294 struct sctp_tcb *
sctp_aloc_assoc_connected(struct sctp_inpcb * inp,struct sockaddr * firstaddr,int * error,uint32_t override_tag,uint32_t initial_tsn,uint32_t vrf_id,uint16_t o_streams,uint16_t port,struct thread * p,int initialize_auth_params)4295 sctp_aloc_assoc_connected(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
4296 int *error, uint32_t override_tag, uint32_t initial_tsn,
4297 uint32_t vrf_id, uint16_t o_streams, uint16_t port,
4298 struct thread *p,
4299 int initialize_auth_params)
4300 {
4301 struct sctp_tcb *stcb;
4302
4303 SCTP_INP_INFO_WLOCK();
4304 SCTP_INP_WLOCK(inp);
4305 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
4306 SCTP_IS_LISTENING(inp)) {
4307 SCTP_INP_INFO_WUNLOCK();
4308 SCTP_INP_WUNLOCK(inp);
4309 *error = EINVAL;
4310 return (NULL);
4311 }
4312 stcb = sctp_aloc_assoc_locked(inp, firstaddr, error, override_tag,
4313 initial_tsn, vrf_id, o_streams, port, p, initialize_auth_params);
4314 SCTP_INP_INFO_WUNLOCK();
4315 if (stcb != NULL && (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)) {
4316 inp->sctp_flags |= SCTP_PCB_FLAGS_CONNECTED;
4317 soisconnecting(inp->sctp_socket);
4318 }
4319 SCTP_INP_WUNLOCK(inp);
4320 return (stcb);
4321 }
4322
4323 void
sctp_remove_net(struct sctp_tcb * stcb,struct sctp_nets * net)4324 sctp_remove_net(struct sctp_tcb *stcb, struct sctp_nets *net)
4325 {
4326 struct sctp_inpcb *inp;
4327 struct sctp_association *asoc;
4328
4329 inp = stcb->sctp_ep;
4330 asoc = &stcb->asoc;
4331 asoc->numnets--;
4332 TAILQ_REMOVE(&asoc->nets, net, sctp_next);
4333 if (net == asoc->primary_destination) {
4334 /* Reset primary */
4335 struct sctp_nets *lnet;
4336
4337 lnet = TAILQ_FIRST(&asoc->nets);
4338 /*
4339 * Mobility adaptation Ideally, if deleted destination is
4340 * the primary, it becomes a fast retransmission trigger by
4341 * the subsequent SET PRIMARY. (by micchie)
4342 */
4343 if (sctp_is_mobility_feature_on(stcb->sctp_ep,
4344 SCTP_MOBILITY_BASE) ||
4345 sctp_is_mobility_feature_on(stcb->sctp_ep,
4346 SCTP_MOBILITY_FASTHANDOFF)) {
4347 SCTPDBG(SCTP_DEBUG_ASCONF1, "remove_net: primary dst is deleting\n");
4348 if (asoc->deleted_primary != NULL) {
4349 SCTPDBG(SCTP_DEBUG_ASCONF1, "remove_net: deleted primary may be already stored\n");
4350 goto out;
4351 }
4352 asoc->deleted_primary = net;
4353 atomic_add_int(&net->ref_count, 1);
4354 memset(&net->lastsa, 0, sizeof(net->lastsa));
4355 memset(&net->lastsv, 0, sizeof(net->lastsv));
4356 sctp_mobility_feature_on(stcb->sctp_ep,
4357 SCTP_MOBILITY_PRIM_DELETED);
4358 sctp_timer_start(SCTP_TIMER_TYPE_PRIM_DELETED,
4359 stcb->sctp_ep, stcb, NULL);
4360 }
4361 out:
4362 /* Try to find a confirmed primary */
4363 asoc->primary_destination = sctp_find_alternate_net(stcb, lnet, 0);
4364 }
4365 if (net == asoc->last_data_chunk_from) {
4366 /* Reset primary */
4367 asoc->last_data_chunk_from = TAILQ_FIRST(&asoc->nets);
4368 }
4369 if (net == asoc->last_control_chunk_from) {
4370 /* Clear net */
4371 asoc->last_control_chunk_from = NULL;
4372 }
4373 if (net == asoc->last_net_cmt_send_started) {
4374 /* Clear net */
4375 asoc->last_net_cmt_send_started = NULL;
4376 }
4377 if (net == stcb->asoc.alternate) {
4378 sctp_free_remote_addr(stcb->asoc.alternate);
4379 stcb->asoc.alternate = NULL;
4380 }
4381 sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net,
4382 SCTP_FROM_SCTP_PCB + SCTP_LOC_9);
4383 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net,
4384 SCTP_FROM_SCTP_PCB + SCTP_LOC_10);
4385 net->dest_state |= SCTP_ADDR_BEING_DELETED;
4386 sctp_free_remote_addr(net);
4387 }
4388
4389 /*
4390 * remove a remote endpoint address from an association, it will fail if the
4391 * address does not exist.
4392 */
4393 int
sctp_del_remote_addr(struct sctp_tcb * stcb,struct sockaddr * remaddr)4394 sctp_del_remote_addr(struct sctp_tcb *stcb, struct sockaddr *remaddr)
4395 {
4396 /*
4397 * Here we need to remove a remote address. This is quite simple, we
4398 * first find it in the list of address for the association
4399 * (tasoc->asoc.nets) and then if it is there, we do a LIST_REMOVE
4400 * on that item. Note we do not allow it to be removed if there are
4401 * no other addresses.
4402 */
4403 struct sctp_association *asoc;
4404 struct sctp_nets *net, *nnet;
4405
4406 asoc = &stcb->asoc;
4407
4408 /* locate the address */
4409 TAILQ_FOREACH_SAFE(net, &asoc->nets, sctp_next, nnet) {
4410 if (net->ro._l_addr.sa.sa_family != remaddr->sa_family) {
4411 continue;
4412 }
4413 if (sctp_cmpaddr((struct sockaddr *)&net->ro._l_addr,
4414 remaddr)) {
4415 /* we found the guy */
4416 if (asoc->numnets < 2) {
4417 /* Must have at LEAST two remote addresses */
4418 return (-1);
4419 } else {
4420 sctp_remove_net(stcb, net);
4421 return (0);
4422 }
4423 }
4424 }
4425 /* not found. */
4426 return (-2);
4427 }
4428
4429 static bool
sctp_is_in_timewait(uint32_t tag,uint16_t lport,uint16_t rport,time_t now)4430 sctp_is_in_timewait(uint32_t tag, uint16_t lport, uint16_t rport, time_t now)
4431 {
4432 struct sctpvtaghead *chain;
4433 struct sctp_tagblock *twait_block;
4434 int i;
4435
4436 SCTP_INP_INFO_LOCK_ASSERT();
4437 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
4438 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
4439 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
4440 if ((twait_block->vtag_block[i].tv_sec_at_expire >= now) &&
4441 (twait_block->vtag_block[i].v_tag == tag) &&
4442 (twait_block->vtag_block[i].lport == lport) &&
4443 (twait_block->vtag_block[i].rport == rport)) {
4444 return (true);
4445 }
4446 }
4447 }
4448 return (false);
4449 }
4450
4451 static void
sctp_set_vtag_block(struct sctp_timewait * vtag_block,time_t time,uint32_t tag,uint16_t lport,uint16_t rport)4452 sctp_set_vtag_block(struct sctp_timewait *vtag_block, time_t time,
4453 uint32_t tag, uint16_t lport, uint16_t rport)
4454 {
4455 vtag_block->tv_sec_at_expire = time;
4456 vtag_block->v_tag = tag;
4457 vtag_block->lport = lport;
4458 vtag_block->rport = rport;
4459 }
4460
4461 static void
sctp_add_vtag_to_timewait(uint32_t tag,uint16_t lport,uint16_t rport)4462 sctp_add_vtag_to_timewait(uint32_t tag, uint16_t lport, uint16_t rport)
4463 {
4464 struct sctpvtaghead *chain;
4465 struct sctp_tagblock *twait_block;
4466 struct timeval now;
4467 time_t time;
4468 int i;
4469 bool set;
4470
4471 SCTP_INP_INFO_WLOCK_ASSERT();
4472 (void)SCTP_GETTIME_TIMEVAL(&now);
4473 time = now.tv_sec + SCTP_BASE_SYSCTL(sctp_vtag_time_wait);
4474 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
4475 set = false;
4476 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
4477 /* Block(s) present, lets find space, and expire on the fly */
4478 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
4479 if ((twait_block->vtag_block[i].v_tag == 0) && !set) {
4480 sctp_set_vtag_block(twait_block->vtag_block + i, time, tag, lport, rport);
4481 set = true;
4482 continue;
4483 }
4484 if ((twait_block->vtag_block[i].v_tag != 0) &&
4485 (twait_block->vtag_block[i].tv_sec_at_expire < now.tv_sec)) {
4486 if (set) {
4487 /* Audit expires this guy */
4488 sctp_set_vtag_block(twait_block->vtag_block + i, 0, 0, 0, 0);
4489 } else {
4490 /* Reuse it for the new tag */
4491 sctp_set_vtag_block(twait_block->vtag_block + i, time, tag, lport, rport);
4492 set = true;
4493 }
4494 }
4495 }
4496 if (set) {
4497 /*
4498 * We only do up to the block where we can place our
4499 * tag for audits
4500 */
4501 break;
4502 }
4503 }
4504 /* Need to add a new block to chain */
4505 if (!set) {
4506 SCTP_MALLOC(twait_block, struct sctp_tagblock *,
4507 sizeof(struct sctp_tagblock), SCTP_M_TIMW);
4508 if (twait_block == NULL) {
4509 return;
4510 }
4511 memset(twait_block, 0, sizeof(struct sctp_tagblock));
4512 LIST_INSERT_HEAD(chain, twait_block, sctp_nxt_tagblock);
4513 sctp_set_vtag_block(twait_block->vtag_block, time, tag, lport, rport);
4514 }
4515 }
4516
4517 void
sctp_clean_up_stream(struct sctp_tcb * stcb,struct sctp_readhead * rh)4518 sctp_clean_up_stream(struct sctp_tcb *stcb, struct sctp_readhead *rh)
4519 {
4520 struct sctp_tmit_chunk *chk, *nchk;
4521 struct sctp_queued_to_read *control, *ncontrol;
4522
4523 TAILQ_FOREACH_SAFE(control, rh, next_instrm, ncontrol) {
4524 TAILQ_REMOVE(rh, control, next_instrm);
4525 control->on_strm_q = 0;
4526 if (control->on_read_q == 0) {
4527 sctp_free_remote_addr(control->whoFrom);
4528 if (control->data) {
4529 sctp_m_freem(control->data);
4530 control->data = NULL;
4531 }
4532 }
4533 /* Reassembly free? */
4534 TAILQ_FOREACH_SAFE(chk, &control->reasm, sctp_next, nchk) {
4535 TAILQ_REMOVE(&control->reasm, chk, sctp_next);
4536 if (chk->data) {
4537 sctp_m_freem(chk->data);
4538 chk->data = NULL;
4539 }
4540 if (chk->holds_key_ref)
4541 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
4542 sctp_free_remote_addr(chk->whoTo);
4543 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
4544 SCTP_DECR_CHK_COUNT();
4545 /* sa_ignore FREED_MEMORY */
4546 }
4547 /*
4548 * We don't free the address here since all the net's were
4549 * freed above.
4550 */
4551 if (control->on_read_q == 0) {
4552 sctp_free_a_readq(stcb, control);
4553 }
4554 }
4555 }
4556
4557 /*-
4558 * Free the association after un-hashing the remote port. This
4559 * function ALWAYS returns holding NO LOCK on the stcb. It DOES
4560 * expect that the input to this function IS a locked TCB.
4561 * It will return 0, if it did NOT destroy the association (instead
4562 * it unlocks it. It will return NON-zero if it either destroyed the
4563 * association OR the association is already destroyed.
4564 */
4565 int
sctp_free_assoc(struct sctp_inpcb * inp,struct sctp_tcb * stcb,int from_inpcbfree,int from_location)4566 sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int from_inpcbfree, int from_location)
4567 {
4568 int i;
4569 struct sctp_association *asoc;
4570 struct sctp_nets *net, *nnet;
4571 struct sctp_laddr *laddr, *naddr;
4572 struct sctp_tmit_chunk *chk, *nchk;
4573 struct sctp_asconf_addr *aparam, *naparam;
4574 struct sctp_asconf_ack *aack, *naack;
4575 struct sctp_stream_reset_list *strrst, *nstrrst;
4576 struct sctp_queued_to_read *sq, *nsq;
4577 struct sctp_stream_queue_pending *sp, *nsp;
4578 sctp_sharedkey_t *shared_key, *nshared_key;
4579 struct socket *so;
4580
4581 /* first, lets purge the entry from the hash table. */
4582 SCTP_TCB_LOCK_ASSERT(stcb);
4583
4584 #ifdef SCTP_LOG_CLOSING
4585 sctp_log_closing(inp, stcb, 6);
4586 #endif
4587 if (stcb->asoc.state == 0) {
4588 #ifdef SCTP_LOG_CLOSING
4589 sctp_log_closing(inp, NULL, 7);
4590 #endif
4591 /* there is no asoc, really TSNH :-0 */
4592 return (1);
4593 }
4594 if (stcb->asoc.alternate) {
4595 sctp_free_remote_addr(stcb->asoc.alternate);
4596 stcb->asoc.alternate = NULL;
4597 }
4598 /* TEMP CODE */
4599 if (stcb->freed_from_where == 0) {
4600 /* Only record the first place free happened from */
4601 stcb->freed_from_where = from_location;
4602 }
4603 /* TEMP CODE */
4604
4605 asoc = &stcb->asoc;
4606 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
4607 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
4608 /* nothing around */
4609 so = NULL;
4610 else
4611 so = inp->sctp_socket;
4612
4613 /*
4614 * We used timer based freeing if a reader or writer is in the way.
4615 * So we first check if we are actually being called from a timer,
4616 * if so we abort early if a reader or writer is still in the way.
4617 */
4618 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) &&
4619 (from_inpcbfree == SCTP_NORMAL_PROC)) {
4620 /*
4621 * is it the timer driving us? if so are the reader/writers
4622 * gone?
4623 */
4624 if (stcb->asoc.refcnt) {
4625 /* nope, reader or writer in the way */
4626 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
4627 /* no asoc destroyed */
4628 SCTP_TCB_UNLOCK(stcb);
4629 #ifdef SCTP_LOG_CLOSING
4630 sctp_log_closing(inp, stcb, 8);
4631 #endif
4632 return (0);
4633 }
4634 }
4635 /* Now clean up any other timers */
4636 sctp_stop_association_timers(stcb, false);
4637 /* Now the read queue needs to be cleaned up (only once) */
4638 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0) {
4639 SCTP_ADD_SUBSTATE(stcb, SCTP_STATE_ABOUT_TO_BE_FREED);
4640 SCTP_INP_READ_LOCK(inp);
4641 TAILQ_FOREACH(sq, &inp->read_queue, next) {
4642 if (sq->stcb == stcb) {
4643 sq->do_not_ref_stcb = 1;
4644 sq->sinfo_cumtsn = stcb->asoc.cumulative_tsn;
4645 /*
4646 * If there is no end, there never will be
4647 * now.
4648 */
4649 if (sq->end_added == 0) {
4650 /* Held for PD-API, clear that. */
4651 sq->pdapi_aborted = 1;
4652 sq->held_length = 0;
4653 if (sctp_stcb_is_feature_on(inp, stcb, SCTP_PCB_FLAGS_PDAPIEVNT) && (so != NULL)) {
4654 sctp_ulp_notify(SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION,
4655 stcb,
4656 SCTP_PARTIAL_DELIVERY_ABORTED,
4657 (void *)sq,
4658 SCTP_SO_LOCKED);
4659 }
4660 /* Add an end to wake them */
4661 sq->end_added = 1;
4662 }
4663 }
4664 }
4665 SCTP_INP_READ_UNLOCK(inp);
4666 if (stcb->block_entry) {
4667 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_PCB, ECONNRESET);
4668 stcb->block_entry->error = ECONNRESET;
4669 stcb->block_entry = NULL;
4670 }
4671 }
4672 if ((stcb->asoc.refcnt) || (stcb->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE)) {
4673 /*
4674 * Someone holds a reference OR the socket is unaccepted
4675 * yet.
4676 */
4677 if ((stcb->asoc.refcnt) ||
4678 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
4679 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) {
4680 SCTP_CLEAR_SUBSTATE(stcb, SCTP_STATE_IN_ACCEPT_QUEUE);
4681 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
4682 }
4683 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
4684 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
4685 /* nothing around */
4686 so = NULL;
4687 if (so) {
4688 /* Wake any reader/writers */
4689 sctp_sorwakeup(inp, so);
4690 sctp_sowwakeup(inp, so);
4691 }
4692 SCTP_TCB_UNLOCK(stcb);
4693
4694 #ifdef SCTP_LOG_CLOSING
4695 sctp_log_closing(inp, stcb, 9);
4696 #endif
4697 /* no asoc destroyed */
4698 return (0);
4699 }
4700 #ifdef SCTP_LOG_CLOSING
4701 sctp_log_closing(inp, stcb, 10);
4702 #endif
4703 /*
4704 * When I reach here, no others want to kill the assoc yet.. and I
4705 * own the lock. Now its possible an abort comes in when I do the
4706 * lock exchange below to grab all the locks to do the final take
4707 * out. to prevent this we increment the count, which will start a
4708 * timer and blow out above thus assuring us that we hold exclusive
4709 * killing of the asoc. Note that after getting back the TCB lock we
4710 * will go ahead and increment the counter back up and stop any
4711 * timer a passing stranger may have started :-S
4712 */
4713 if (from_inpcbfree == SCTP_NORMAL_PROC) {
4714 atomic_add_int(&stcb->asoc.refcnt, 1);
4715
4716 SCTP_TCB_UNLOCK(stcb);
4717 SCTP_INP_INFO_WLOCK();
4718 SCTP_INP_WLOCK(inp);
4719 SCTP_TCB_LOCK(stcb);
4720 }
4721 /* Double check the GONE flag */
4722 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
4723 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
4724 /* nothing around */
4725 so = NULL;
4726
4727 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
4728 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
4729 /*
4730 * For TCP type we need special handling when we are
4731 * connected. We also include the peel'ed off ones to.
4732 */
4733 if (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) {
4734 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CONNECTED;
4735 inp->sctp_flags |= SCTP_PCB_FLAGS_WAS_CONNECTED;
4736 if (so) {
4737 SOCKBUF_LOCK(&so->so_rcv);
4738 so->so_state &= ~(SS_ISCONNECTING |
4739 SS_ISDISCONNECTING |
4740 SS_ISCONNECTED);
4741 so->so_state |= SS_ISDISCONNECTED;
4742 socantrcvmore_locked(so);
4743 socantsendmore(so);
4744 sctp_sowwakeup(inp, so);
4745 sctp_sorwakeup(inp, so);
4746 SCTP_SOWAKEUP(so);
4747 }
4748 }
4749 }
4750
4751 /*
4752 * Make it invalid too, that way if its about to run it will abort
4753 * and return.
4754 */
4755 /* re-increment the lock */
4756 if (from_inpcbfree == SCTP_NORMAL_PROC) {
4757 atomic_subtract_int(&stcb->asoc.refcnt, 1);
4758 }
4759 if (stcb->asoc.refcnt) {
4760 SCTP_CLEAR_SUBSTATE(stcb, SCTP_STATE_IN_ACCEPT_QUEUE);
4761 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
4762 if (from_inpcbfree == SCTP_NORMAL_PROC) {
4763 SCTP_INP_INFO_WUNLOCK();
4764 SCTP_INP_WUNLOCK(inp);
4765 }
4766 SCTP_TCB_UNLOCK(stcb);
4767 return (0);
4768 }
4769 asoc->state = 0;
4770 if (inp->sctp_tcbhash) {
4771 LIST_REMOVE(stcb, sctp_tcbhash);
4772 }
4773 if (stcb->asoc.in_asocid_hash) {
4774 LIST_REMOVE(stcb, sctp_tcbasocidhash);
4775 }
4776 if (inp->sctp_socket == NULL) {
4777 stcb->sctp_socket = NULL;
4778 }
4779 /* Now lets remove it from the list of ALL associations in the EP */
4780 LIST_REMOVE(stcb, sctp_tcblist);
4781 if (from_inpcbfree == SCTP_NORMAL_PROC) {
4782 SCTP_INP_INCR_REF(inp);
4783 SCTP_INP_WUNLOCK(inp);
4784 }
4785 /* pull from vtag hash */
4786 LIST_REMOVE(stcb, sctp_asocs);
4787 sctp_add_vtag_to_timewait(asoc->my_vtag, inp->sctp_lport, stcb->rport);
4788
4789 /*
4790 * Now restop the timers to be sure this is paranoia at is finest!
4791 */
4792 sctp_stop_association_timers(stcb, true);
4793
4794 /*
4795 * The chunk lists and such SHOULD be empty but we check them just
4796 * in case.
4797 */
4798 /* anything on the wheel needs to be removed */
4799 for (i = 0; i < asoc->streamoutcnt; i++) {
4800 struct sctp_stream_out *outs;
4801
4802 outs = &asoc->strmout[i];
4803 /* now clean up any chunks here */
4804 TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) {
4805 atomic_subtract_int(&asoc->stream_queue_cnt, 1);
4806 TAILQ_REMOVE(&outs->outqueue, sp, next);
4807 stcb->asoc.ss_functions.sctp_ss_remove_from_stream(stcb, asoc, outs, sp);
4808 sctp_free_spbufspace(stcb, asoc, sp);
4809 if (sp->data) {
4810 if (so) {
4811 /* Still an open socket - report */
4812 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb,
4813 0, (void *)sp, SCTP_SO_LOCKED);
4814 }
4815 if (sp->data) {
4816 sctp_m_freem(sp->data);
4817 sp->data = NULL;
4818 sp->tail_mbuf = NULL;
4819 sp->length = 0;
4820 }
4821 }
4822 if (sp->net) {
4823 sctp_free_remote_addr(sp->net);
4824 sp->net = NULL;
4825 }
4826 sctp_free_a_strmoq(stcb, sp, SCTP_SO_LOCKED);
4827 }
4828 }
4829 /* sa_ignore FREED_MEMORY */
4830 TAILQ_FOREACH_SAFE(strrst, &asoc->resetHead, next_resp, nstrrst) {
4831 TAILQ_REMOVE(&asoc->resetHead, strrst, next_resp);
4832 SCTP_FREE(strrst, SCTP_M_STRESET);
4833 }
4834 TAILQ_FOREACH_SAFE(sq, &asoc->pending_reply_queue, next, nsq) {
4835 TAILQ_REMOVE(&asoc->pending_reply_queue, sq, next);
4836 if (sq->data) {
4837 sctp_m_freem(sq->data);
4838 sq->data = NULL;
4839 }
4840 sctp_free_remote_addr(sq->whoFrom);
4841 sq->whoFrom = NULL;
4842 sq->stcb = NULL;
4843 /* Free the ctl entry */
4844 sctp_free_a_readq(stcb, sq);
4845 /* sa_ignore FREED_MEMORY */
4846 }
4847 TAILQ_FOREACH_SAFE(chk, &asoc->free_chunks, sctp_next, nchk) {
4848 TAILQ_REMOVE(&asoc->free_chunks, chk, sctp_next);
4849 if (chk->data) {
4850 sctp_m_freem(chk->data);
4851 chk->data = NULL;
4852 }
4853 if (chk->holds_key_ref)
4854 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
4855 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
4856 SCTP_DECR_CHK_COUNT();
4857 atomic_subtract_int(&SCTP_BASE_INFO(ipi_free_chunks), 1);
4858 asoc->free_chunk_cnt--;
4859 /* sa_ignore FREED_MEMORY */
4860 }
4861 /* pending send queue SHOULD be empty */
4862 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) {
4863 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) {
4864 asoc->strmout[chk->rec.data.sid].chunks_on_queues--;
4865 #ifdef INVARIANTS
4866 } else {
4867 panic("No chunks on the queues for sid %u.", chk->rec.data.sid);
4868 #endif
4869 }
4870 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next);
4871 if (chk->data) {
4872 if (so) {
4873 /* Still a socket? */
4874 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb,
4875 0, chk, SCTP_SO_LOCKED);
4876 }
4877 if (chk->data) {
4878 sctp_m_freem(chk->data);
4879 chk->data = NULL;
4880 }
4881 }
4882 if (chk->holds_key_ref)
4883 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
4884 if (chk->whoTo) {
4885 sctp_free_remote_addr(chk->whoTo);
4886 chk->whoTo = NULL;
4887 }
4888 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
4889 SCTP_DECR_CHK_COUNT();
4890 /* sa_ignore FREED_MEMORY */
4891 }
4892 /* sent queue SHOULD be empty */
4893 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) {
4894 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) {
4895 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) {
4896 asoc->strmout[chk->rec.data.sid].chunks_on_queues--;
4897 #ifdef INVARIANTS
4898 } else {
4899 panic("No chunks on the queues for sid %u.", chk->rec.data.sid);
4900 #endif
4901 }
4902 }
4903 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
4904 if (chk->data) {
4905 if (so) {
4906 /* Still a socket? */
4907 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb,
4908 0, chk, SCTP_SO_LOCKED);
4909 }
4910 if (chk->data) {
4911 sctp_m_freem(chk->data);
4912 chk->data = NULL;
4913 }
4914 }
4915 if (chk->holds_key_ref)
4916 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
4917 sctp_free_remote_addr(chk->whoTo);
4918 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
4919 SCTP_DECR_CHK_COUNT();
4920 /* sa_ignore FREED_MEMORY */
4921 }
4922 #ifdef INVARIANTS
4923 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
4924 if (stcb->asoc.strmout[i].chunks_on_queues > 0) {
4925 panic("%u chunks left for stream %u.", stcb->asoc.strmout[i].chunks_on_queues, i);
4926 }
4927 }
4928 #endif
4929 /* control queue MAY not be empty */
4930 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) {
4931 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
4932 if (chk->data) {
4933 sctp_m_freem(chk->data);
4934 chk->data = NULL;
4935 }
4936 if (chk->holds_key_ref)
4937 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
4938 sctp_free_remote_addr(chk->whoTo);
4939 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
4940 SCTP_DECR_CHK_COUNT();
4941 /* sa_ignore FREED_MEMORY */
4942 }
4943 /* ASCONF queue MAY not be empty */
4944 TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) {
4945 TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next);
4946 if (chk->data) {
4947 sctp_m_freem(chk->data);
4948 chk->data = NULL;
4949 }
4950 if (chk->holds_key_ref)
4951 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
4952 sctp_free_remote_addr(chk->whoTo);
4953 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
4954 SCTP_DECR_CHK_COUNT();
4955 /* sa_ignore FREED_MEMORY */
4956 }
4957 if (asoc->mapping_array) {
4958 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP);
4959 asoc->mapping_array = NULL;
4960 }
4961 if (asoc->nr_mapping_array) {
4962 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP);
4963 asoc->nr_mapping_array = NULL;
4964 }
4965 /* the stream outs */
4966 if (asoc->strmout) {
4967 SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
4968 asoc->strmout = NULL;
4969 }
4970 asoc->strm_realoutsize = asoc->streamoutcnt = 0;
4971 if (asoc->strmin) {
4972 for (i = 0; i < asoc->streamincnt; i++) {
4973 sctp_clean_up_stream(stcb, &asoc->strmin[i].inqueue);
4974 sctp_clean_up_stream(stcb, &asoc->strmin[i].uno_inqueue);
4975 }
4976 SCTP_FREE(asoc->strmin, SCTP_M_STRMI);
4977 asoc->strmin = NULL;
4978 }
4979 asoc->streamincnt = 0;
4980 TAILQ_FOREACH_SAFE(net, &asoc->nets, sctp_next, nnet) {
4981 #ifdef INVARIANTS
4982 if (SCTP_BASE_INFO(ipi_count_raddr) == 0) {
4983 panic("no net's left alloc'ed, or list points to itself");
4984 }
4985 #endif
4986 TAILQ_REMOVE(&asoc->nets, net, sctp_next);
4987 sctp_free_remote_addr(net);
4988 }
4989 LIST_FOREACH_SAFE(laddr, &asoc->sctp_restricted_addrs, sctp_nxt_addr, naddr) {
4990 /* sa_ignore FREED_MEMORY */
4991 sctp_remove_laddr(laddr);
4992 }
4993
4994 /* pending asconf (address) parameters */
4995 TAILQ_FOREACH_SAFE(aparam, &asoc->asconf_queue, next, naparam) {
4996 /* sa_ignore FREED_MEMORY */
4997 TAILQ_REMOVE(&asoc->asconf_queue, aparam, next);
4998 SCTP_FREE(aparam, SCTP_M_ASC_ADDR);
4999 }
5000 TAILQ_FOREACH_SAFE(aack, &asoc->asconf_ack_sent, next, naack) {
5001 /* sa_ignore FREED_MEMORY */
5002 TAILQ_REMOVE(&asoc->asconf_ack_sent, aack, next);
5003 if (aack->data != NULL) {
5004 sctp_m_freem(aack->data);
5005 }
5006 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asconf_ack), aack);
5007 }
5008 /* clean up auth stuff */
5009 if (asoc->local_hmacs)
5010 sctp_free_hmaclist(asoc->local_hmacs);
5011 if (asoc->peer_hmacs)
5012 sctp_free_hmaclist(asoc->peer_hmacs);
5013
5014 if (asoc->local_auth_chunks)
5015 sctp_free_chunklist(asoc->local_auth_chunks);
5016 if (asoc->peer_auth_chunks)
5017 sctp_free_chunklist(asoc->peer_auth_chunks);
5018
5019 sctp_free_authinfo(&asoc->authinfo);
5020
5021 LIST_FOREACH_SAFE(shared_key, &asoc->shared_keys, next, nshared_key) {
5022 LIST_REMOVE(shared_key, next);
5023 sctp_free_sharedkey(shared_key);
5024 /* sa_ignore FREED_MEMORY */
5025 }
5026
5027 /* Insert new items here :> */
5028
5029 /* Get rid of LOCK */
5030 SCTP_TCB_UNLOCK(stcb);
5031 SCTP_TCB_LOCK_DESTROY(stcb);
5032 if (from_inpcbfree == SCTP_NORMAL_PROC) {
5033 SCTP_INP_INFO_WUNLOCK();
5034 SCTP_INP_RLOCK(inp);
5035 }
5036 #ifdef SCTP_TRACK_FREED_ASOCS
5037 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
5038 /* now clean up the tasoc itself */
5039 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
5040 SCTP_DECR_ASOC_COUNT();
5041 } else {
5042 LIST_INSERT_HEAD(&inp->sctp_asoc_free_list, stcb, sctp_tcblist);
5043 }
5044 #else
5045 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
5046 SCTP_DECR_ASOC_COUNT();
5047 #endif
5048 if (from_inpcbfree == SCTP_NORMAL_PROC) {
5049 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
5050 /*
5051 * If its NOT the inp_free calling us AND sctp_close
5052 * as been called, we call back...
5053 */
5054 SCTP_INP_RUNLOCK(inp);
5055 /*
5056 * This will start the kill timer (if we are the
5057 * last one) since we hold an increment yet. But
5058 * this is the only safe way to do this since
5059 * otherwise if the socket closes at the same time
5060 * we are here we might collide in the cleanup.
5061 */
5062 sctp_inpcb_free(inp,
5063 SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE,
5064 SCTP_CALLED_DIRECTLY_NOCMPSET);
5065 SCTP_INP_DECR_REF(inp);
5066 } else {
5067 /* The socket is still open. */
5068 SCTP_INP_DECR_REF(inp);
5069 SCTP_INP_RUNLOCK(inp);
5070 }
5071 }
5072 /* destroyed the asoc */
5073 #ifdef SCTP_LOG_CLOSING
5074 sctp_log_closing(inp, NULL, 11);
5075 #endif
5076 return (1);
5077 }
5078
5079 /*
5080 * determine if a destination is "reachable" based upon the addresses bound
5081 * to the current endpoint (e.g. only v4 or v6 currently bound)
5082 */
5083 /*
5084 * FIX: if we allow assoc-level bindx(), then this needs to be fixed to use
5085 * assoc level v4/v6 flags, as the assoc *may* not have the same address
5086 * types bound as its endpoint
5087 */
5088 int
sctp_destination_is_reachable(struct sctp_tcb * stcb,struct sockaddr * destaddr)5089 sctp_destination_is_reachable(struct sctp_tcb *stcb, struct sockaddr *destaddr)
5090 {
5091 struct sctp_inpcb *inp;
5092 int answer;
5093
5094 /*
5095 * No locks here, the TCB, in all cases is already locked and an
5096 * assoc is up. There is either a INP lock by the caller applied (in
5097 * asconf case when deleting an address) or NOT in the HB case,
5098 * however if HB then the INP increment is up and the INP will not
5099 * be removed (on top of the fact that we have a TCB lock). So we
5100 * only want to read the sctp_flags, which is either bound-all or
5101 * not.. no protection needed since once an assoc is up you can't be
5102 * changing your binding.
5103 */
5104 inp = stcb->sctp_ep;
5105 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
5106 /* if bound all, destination is not restricted */
5107 /*
5108 * RRS: Question during lock work: Is this correct? If you
5109 * are bound-all you still might need to obey the V4--V6
5110 * flags??? IMO this bound-all stuff needs to be removed!
5111 */
5112 return (1);
5113 }
5114 /* NOTE: all "scope" checks are done when local addresses are added */
5115 switch (destaddr->sa_family) {
5116 #ifdef INET6
5117 case AF_INET6:
5118 answer = inp->ip_inp.inp.inp_vflag & INP_IPV6;
5119 break;
5120 #endif
5121 #ifdef INET
5122 case AF_INET:
5123 answer = inp->ip_inp.inp.inp_vflag & INP_IPV4;
5124 break;
5125 #endif
5126 default:
5127 /* invalid family, so it's unreachable */
5128 answer = 0;
5129 break;
5130 }
5131 return (answer);
5132 }
5133
5134 /*
5135 * update the inp_vflags on an endpoint
5136 */
5137 static void
sctp_update_ep_vflag(struct sctp_inpcb * inp)5138 sctp_update_ep_vflag(struct sctp_inpcb *inp)
5139 {
5140 struct sctp_laddr *laddr;
5141
5142 /* first clear the flag */
5143 inp->ip_inp.inp.inp_vflag = 0;
5144 /* set the flag based on addresses on the ep list */
5145 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
5146 if (laddr->ifa == NULL) {
5147 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n",
5148 __func__);
5149 continue;
5150 }
5151
5152 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
5153 continue;
5154 }
5155 switch (laddr->ifa->address.sa.sa_family) {
5156 #ifdef INET6
5157 case AF_INET6:
5158 inp->ip_inp.inp.inp_vflag |= INP_IPV6;
5159 break;
5160 #endif
5161 #ifdef INET
5162 case AF_INET:
5163 inp->ip_inp.inp.inp_vflag |= INP_IPV4;
5164 break;
5165 #endif
5166 default:
5167 break;
5168 }
5169 }
5170 }
5171
5172 /*
5173 * Add the address to the endpoint local address list There is nothing to be
5174 * done if we are bound to all addresses
5175 */
5176 void
sctp_add_local_addr_ep(struct sctp_inpcb * inp,struct sctp_ifa * ifa,uint32_t action)5177 sctp_add_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa, uint32_t action)
5178 {
5179 struct sctp_laddr *laddr;
5180 struct sctp_tcb *stcb;
5181 int fnd, error = 0;
5182
5183 fnd = 0;
5184
5185 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
5186 /* You are already bound to all. You have it already */
5187 return;
5188 }
5189 #ifdef INET6
5190 if (ifa->address.sa.sa_family == AF_INET6) {
5191 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
5192 /* Can't bind a non-useable addr. */
5193 return;
5194 }
5195 }
5196 #endif
5197 /* first, is it already present? */
5198 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
5199 if (laddr->ifa == ifa) {
5200 fnd = 1;
5201 break;
5202 }
5203 }
5204
5205 if (fnd == 0) {
5206 /* Not in the ep list */
5207 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, action);
5208 if (error != 0)
5209 return;
5210 inp->laddr_count++;
5211 /* update inp_vflag flags */
5212 switch (ifa->address.sa.sa_family) {
5213 #ifdef INET6
5214 case AF_INET6:
5215 inp->ip_inp.inp.inp_vflag |= INP_IPV6;
5216 break;
5217 #endif
5218 #ifdef INET
5219 case AF_INET:
5220 inp->ip_inp.inp.inp_vflag |= INP_IPV4;
5221 break;
5222 #endif
5223 default:
5224 break;
5225 }
5226 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
5227 sctp_add_local_addr_restricted(stcb, ifa);
5228 }
5229 }
5230 return;
5231 }
5232
5233 /*
5234 * select a new (hopefully reachable) destination net (should only be used
5235 * when we deleted an ep addr that is the only usable source address to reach
5236 * the destination net)
5237 */
5238 static void
sctp_select_primary_destination(struct sctp_tcb * stcb)5239 sctp_select_primary_destination(struct sctp_tcb *stcb)
5240 {
5241 struct sctp_nets *net;
5242
5243 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
5244 /* for now, we'll just pick the first reachable one we find */
5245 if (net->dest_state & SCTP_ADDR_UNCONFIRMED)
5246 continue;
5247 if (sctp_destination_is_reachable(stcb,
5248 (struct sockaddr *)&net->ro._l_addr)) {
5249 /* found a reachable destination */
5250 stcb->asoc.primary_destination = net;
5251 }
5252 }
5253 /* I can't there from here! ...we're gonna die shortly... */
5254 }
5255
5256 /*
5257 * Delete the address from the endpoint local address list. There is nothing
5258 * to be done if we are bound to all addresses
5259 */
5260 void
sctp_del_local_addr_ep(struct sctp_inpcb * inp,struct sctp_ifa * ifa)5261 sctp_del_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa)
5262 {
5263 struct sctp_laddr *laddr;
5264 int fnd;
5265
5266 fnd = 0;
5267 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
5268 /* You are already bound to all. You have it already */
5269 return;
5270 }
5271 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
5272 if (laddr->ifa == ifa) {
5273 fnd = 1;
5274 break;
5275 }
5276 }
5277 if (fnd && (inp->laddr_count < 2)) {
5278 /* can't delete unless there are at LEAST 2 addresses */
5279 return;
5280 }
5281 if (fnd) {
5282 /*
5283 * clean up any use of this address go through our
5284 * associations and clear any last_used_address that match
5285 * this one for each assoc, see if a new primary_destination
5286 * is needed
5287 */
5288 struct sctp_tcb *stcb;
5289
5290 /* clean up "next_addr_touse" */
5291 if (inp->next_addr_touse == laddr)
5292 /* delete this address */
5293 inp->next_addr_touse = NULL;
5294
5295 /* clean up "last_used_address" */
5296 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
5297 struct sctp_nets *net;
5298
5299 SCTP_TCB_LOCK(stcb);
5300 if (stcb->asoc.last_used_address == laddr)
5301 /* delete this address */
5302 stcb->asoc.last_used_address = NULL;
5303 /*
5304 * Now spin through all the nets and purge any ref
5305 * to laddr
5306 */
5307 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
5308 if (net->ro._s_addr == laddr->ifa) {
5309 /* Yep, purge src address selected */
5310 RO_NHFREE(&net->ro);
5311 sctp_free_ifa(net->ro._s_addr);
5312 net->ro._s_addr = NULL;
5313 net->src_addr_selected = 0;
5314 }
5315 }
5316 SCTP_TCB_UNLOCK(stcb);
5317 } /* for each tcb */
5318 /* remove it from the ep list */
5319 sctp_remove_laddr(laddr);
5320 inp->laddr_count--;
5321 /* update inp_vflag flags */
5322 sctp_update_ep_vflag(inp);
5323 }
5324 return;
5325 }
5326
5327 /*
5328 * Add the address to the TCB local address restricted list.
5329 * This is a "pending" address list (eg. addresses waiting for an
5330 * ASCONF-ACK response) and cannot be used as a valid source address.
5331 */
5332 void
sctp_add_local_addr_restricted(struct sctp_tcb * stcb,struct sctp_ifa * ifa)5333 sctp_add_local_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa)
5334 {
5335 struct sctp_laddr *laddr;
5336 struct sctpladdr *list;
5337
5338 /*
5339 * Assumes TCB is locked.. and possibly the INP. May need to
5340 * confirm/fix that if we need it and is not the case.
5341 */
5342 list = &stcb->asoc.sctp_restricted_addrs;
5343
5344 #ifdef INET6
5345 if (ifa->address.sa.sa_family == AF_INET6) {
5346 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
5347 /* Can't bind a non-existent addr. */
5348 return;
5349 }
5350 }
5351 #endif
5352 /* does the address already exist? */
5353 LIST_FOREACH(laddr, list, sctp_nxt_addr) {
5354 if (laddr->ifa == ifa) {
5355 return;
5356 }
5357 }
5358
5359 /* add to the list */
5360 (void)sctp_insert_laddr(list, ifa, 0);
5361 return;
5362 }
5363
5364 /*
5365 * Remove a local address from the TCB local address restricted list
5366 */
5367 void
sctp_del_local_addr_restricted(struct sctp_tcb * stcb,struct sctp_ifa * ifa)5368 sctp_del_local_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa)
5369 {
5370 struct sctp_inpcb *inp;
5371 struct sctp_laddr *laddr;
5372
5373 /*
5374 * This is called by asconf work. It is assumed that a) The TCB is
5375 * locked and b) The INP is locked. This is true in as much as I can
5376 * trace through the entry asconf code where I did these locks.
5377 * Again, the ASCONF code is a bit different in that it does lock
5378 * the INP during its work often times. This must be since we don't
5379 * want other proc's looking up things while what they are looking
5380 * up is changing :-D
5381 */
5382
5383 inp = stcb->sctp_ep;
5384 /* if subset bound and don't allow ASCONF's, can't delete last */
5385 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) &&
5386 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF)) {
5387 if (stcb->sctp_ep->laddr_count < 2) {
5388 /* can't delete last address */
5389 return;
5390 }
5391 }
5392 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) {
5393 /* remove the address if it exists */
5394 if (laddr->ifa == NULL)
5395 continue;
5396 if (laddr->ifa == ifa) {
5397 sctp_remove_laddr(laddr);
5398 return;
5399 }
5400 }
5401
5402 /* address not found! */
5403 return;
5404 }
5405
5406 /* sysctl */
5407 static int sctp_max_number_of_assoc = SCTP_MAX_NUM_OF_ASOC;
5408 static int sctp_scale_up_for_address = SCTP_SCALE_FOR_ADDR;
5409
5410 #if defined(SCTP_MCORE_INPUT) && defined(SMP)
5411 struct sctp_mcore_ctrl *sctp_mcore_workers = NULL;
5412 int *sctp_cpuarry = NULL;
5413
5414 void
sctp_queue_to_mcore(struct mbuf * m,int off,int cpu_to_use)5415 sctp_queue_to_mcore(struct mbuf *m, int off, int cpu_to_use)
5416 {
5417 /* Queue a packet to a processor for the specified core */
5418 struct sctp_mcore_queue *qent;
5419 struct sctp_mcore_ctrl *wkq;
5420 int need_wake = 0;
5421
5422 if (sctp_mcore_workers == NULL) {
5423 /* Something went way bad during setup */
5424 sctp_input_with_port(m, off, 0);
5425 return;
5426 }
5427 SCTP_MALLOC(qent, struct sctp_mcore_queue *,
5428 (sizeof(struct sctp_mcore_queue)),
5429 SCTP_M_MCORE);
5430 if (qent == NULL) {
5431 /* This is trouble */
5432 sctp_input_with_port(m, off, 0);
5433 return;
5434 }
5435 qent->vn = curvnet;
5436 qent->m = m;
5437 qent->off = off;
5438 qent->v6 = 0;
5439 wkq = &sctp_mcore_workers[cpu_to_use];
5440 SCTP_MCORE_QLOCK(wkq);
5441
5442 TAILQ_INSERT_TAIL(&wkq->que, qent, next);
5443 if (wkq->running == 0) {
5444 need_wake = 1;
5445 }
5446 SCTP_MCORE_QUNLOCK(wkq);
5447 if (need_wake) {
5448 wakeup(&wkq->running);
5449 }
5450 }
5451
5452 static void
sctp_mcore_thread(void * arg)5453 sctp_mcore_thread(void *arg)
5454 {
5455
5456 struct sctp_mcore_ctrl *wkq;
5457 struct sctp_mcore_queue *qent;
5458
5459 wkq = (struct sctp_mcore_ctrl *)arg;
5460 struct mbuf *m;
5461 int off, v6;
5462
5463 /* Wait for first tickle */
5464 SCTP_MCORE_LOCK(wkq);
5465 wkq->running = 0;
5466 msleep(&wkq->running,
5467 &wkq->core_mtx,
5468 0, "wait for pkt", 0);
5469 SCTP_MCORE_UNLOCK(wkq);
5470
5471 /* Bind to our cpu */
5472 thread_lock(curthread);
5473 sched_bind(curthread, wkq->cpuid);
5474 thread_unlock(curthread);
5475
5476 /* Now lets start working */
5477 SCTP_MCORE_LOCK(wkq);
5478 /* Now grab lock and go */
5479 for (;;) {
5480 SCTP_MCORE_QLOCK(wkq);
5481 skip_sleep:
5482 wkq->running = 1;
5483 qent = TAILQ_FIRST(&wkq->que);
5484 if (qent) {
5485 TAILQ_REMOVE(&wkq->que, qent, next);
5486 SCTP_MCORE_QUNLOCK(wkq);
5487 CURVNET_SET(qent->vn);
5488 m = qent->m;
5489 off = qent->off;
5490 v6 = qent->v6;
5491 SCTP_FREE(qent, SCTP_M_MCORE);
5492 if (v6 == 0) {
5493 sctp_input_with_port(m, off, 0);
5494 } else {
5495 SCTP_PRINTF("V6 not yet supported\n");
5496 sctp_m_freem(m);
5497 }
5498 CURVNET_RESTORE();
5499 SCTP_MCORE_QLOCK(wkq);
5500 }
5501 wkq->running = 0;
5502 if (!TAILQ_EMPTY(&wkq->que)) {
5503 goto skip_sleep;
5504 }
5505 SCTP_MCORE_QUNLOCK(wkq);
5506 msleep(&wkq->running,
5507 &wkq->core_mtx,
5508 0, "wait for pkt", 0);
5509 }
5510 }
5511
5512 static void
sctp_startup_mcore_threads(void)5513 sctp_startup_mcore_threads(void)
5514 {
5515 int i, cpu;
5516
5517 if (mp_ncpus == 1)
5518 return;
5519
5520 if (sctp_mcore_workers != NULL) {
5521 /*
5522 * Already been here in some previous vnet?
5523 */
5524 return;
5525 }
5526 SCTP_MALLOC(sctp_mcore_workers, struct sctp_mcore_ctrl *,
5527 ((mp_maxid + 1) * sizeof(struct sctp_mcore_ctrl)),
5528 SCTP_M_MCORE);
5529 if (sctp_mcore_workers == NULL) {
5530 /* TSNH I hope */
5531 return;
5532 }
5533 memset(sctp_mcore_workers, 0, ((mp_maxid + 1) *
5534 sizeof(struct sctp_mcore_ctrl)));
5535 /* Init the structures */
5536 for (i = 0; i <= mp_maxid; i++) {
5537 TAILQ_INIT(&sctp_mcore_workers[i].que);
5538 SCTP_MCORE_LOCK_INIT(&sctp_mcore_workers[i]);
5539 SCTP_MCORE_QLOCK_INIT(&sctp_mcore_workers[i]);
5540 sctp_mcore_workers[i].cpuid = i;
5541 }
5542 if (sctp_cpuarry == NULL) {
5543 SCTP_MALLOC(sctp_cpuarry, int *,
5544 (mp_ncpus * sizeof(int)),
5545 SCTP_M_MCORE);
5546 i = 0;
5547 CPU_FOREACH(cpu) {
5548 sctp_cpuarry[i] = cpu;
5549 i++;
5550 }
5551 }
5552 /* Now start them all */
5553 CPU_FOREACH(cpu) {
5554 (void)kproc_create(sctp_mcore_thread,
5555 (void *)&sctp_mcore_workers[cpu],
5556 &sctp_mcore_workers[cpu].thread_proc,
5557 0,
5558 SCTP_KTHREAD_PAGES,
5559 SCTP_MCORE_NAME);
5560 }
5561 }
5562 #endif
5563
5564 #define VALIDATE_LOADER_TUNABLE(var_name, prefix) \
5565 if (SCTP_BASE_SYSCTL(var_name) < prefix##_MIN || \
5566 SCTP_BASE_SYSCTL(var_name) > prefix##_MAX) \
5567 SCTP_BASE_SYSCTL(var_name) = prefix##_DEFAULT
5568
5569 void
sctp_pcb_init(void)5570 sctp_pcb_init(void)
5571 {
5572 /*
5573 * SCTP initialization for the PCB structures should be called by
5574 * the sctp_init() function.
5575 */
5576 int i;
5577 struct timeval tv;
5578
5579 if (SCTP_BASE_VAR(sctp_pcb_initialized) != 0) {
5580 /* error I was called twice */
5581 return;
5582 }
5583 SCTP_BASE_VAR(sctp_pcb_initialized) = 1;
5584
5585 #if defined(SCTP_LOCAL_TRACE_BUF)
5586 memset(&SCTP_BASE_SYSCTL(sctp_log), 0, sizeof(struct sctp_log));
5587 #endif
5588 #if defined(SMP) && defined(SCTP_USE_PERCPU_STAT)
5589 SCTP_MALLOC(SCTP_BASE_STATS, struct sctpstat *,
5590 ((mp_maxid + 1) * sizeof(struct sctpstat)),
5591 SCTP_M_MCORE);
5592 #endif
5593 (void)SCTP_GETTIME_TIMEVAL(&tv);
5594 #if defined(SMP) && defined(SCTP_USE_PERCPU_STAT)
5595 memset(SCTP_BASE_STATS, 0, sizeof(struct sctpstat) * (mp_maxid + 1));
5596 SCTP_BASE_STATS[PCPU_GET(cpuid)].sctps_discontinuitytime.tv_sec = (uint32_t)tv.tv_sec;
5597 SCTP_BASE_STATS[PCPU_GET(cpuid)].sctps_discontinuitytime.tv_usec = (uint32_t)tv.tv_usec;
5598 #else
5599 memset(&SCTP_BASE_STATS, 0, sizeof(struct sctpstat));
5600 SCTP_BASE_STAT(sctps_discontinuitytime).tv_sec = (uint32_t)tv.tv_sec;
5601 SCTP_BASE_STAT(sctps_discontinuitytime).tv_usec = (uint32_t)tv.tv_usec;
5602 #endif
5603 /* init the empty list of (All) Endpoints */
5604 LIST_INIT(&SCTP_BASE_INFO(listhead));
5605
5606 /* init the hash table of endpoints */
5607 TUNABLE_INT_FETCH("net.inet.sctp.tcbhashsize", &SCTP_BASE_SYSCTL(sctp_hashtblsize));
5608 TUNABLE_INT_FETCH("net.inet.sctp.pcbhashsize", &SCTP_BASE_SYSCTL(sctp_pcbtblsize));
5609 TUNABLE_INT_FETCH("net.inet.sctp.chunkscale", &SCTP_BASE_SYSCTL(sctp_chunkscale));
5610 VALIDATE_LOADER_TUNABLE(sctp_hashtblsize, SCTPCTL_TCBHASHSIZE);
5611 VALIDATE_LOADER_TUNABLE(sctp_pcbtblsize, SCTPCTL_PCBHASHSIZE);
5612 VALIDATE_LOADER_TUNABLE(sctp_chunkscale, SCTPCTL_CHUNKSCALE);
5613 SCTP_BASE_INFO(sctp_asochash) = SCTP_HASH_INIT((SCTP_BASE_SYSCTL(sctp_hashtblsize) * 31),
5614 &SCTP_BASE_INFO(hashasocmark));
5615 SCTP_BASE_INFO(sctp_ephash) = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_hashtblsize),
5616 &SCTP_BASE_INFO(hashmark));
5617 SCTP_BASE_INFO(sctp_tcpephash) = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_hashtblsize),
5618 &SCTP_BASE_INFO(hashtcpmark));
5619 SCTP_BASE_INFO(hashtblsize) = SCTP_BASE_SYSCTL(sctp_hashtblsize);
5620 SCTP_BASE_INFO(sctp_vrfhash) = SCTP_HASH_INIT(SCTP_SIZE_OF_VRF_HASH,
5621 &SCTP_BASE_INFO(hashvrfmark));
5622
5623 SCTP_BASE_INFO(vrf_ifn_hash) = SCTP_HASH_INIT(SCTP_VRF_IFN_HASH_SIZE,
5624 &SCTP_BASE_INFO(vrf_ifn_hashmark));
5625 /* init the zones */
5626 /*
5627 * FIX ME: Should check for NULL returns, but if it does fail we are
5628 * doomed to panic anyways... add later maybe.
5629 */
5630 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_ep), "sctp_ep",
5631 sizeof(struct sctp_inpcb), maxsockets);
5632
5633 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asoc), "sctp_asoc",
5634 sizeof(struct sctp_tcb), sctp_max_number_of_assoc);
5635
5636 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_laddr), "sctp_laddr",
5637 sizeof(struct sctp_laddr),
5638 (sctp_max_number_of_assoc * sctp_scale_up_for_address));
5639
5640 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_net), "sctp_raddr",
5641 sizeof(struct sctp_nets),
5642 (sctp_max_number_of_assoc * sctp_scale_up_for_address));
5643
5644 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_chunk), "sctp_chunk",
5645 sizeof(struct sctp_tmit_chunk),
5646 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
5647
5648 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_readq), "sctp_readq",
5649 sizeof(struct sctp_queued_to_read),
5650 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
5651
5652 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_strmoq), "sctp_stream_msg_out",
5653 sizeof(struct sctp_stream_queue_pending),
5654 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
5655
5656 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asconf), "sctp_asconf",
5657 sizeof(struct sctp_asconf),
5658 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
5659
5660 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asconf_ack), "sctp_asconf_ack",
5661 sizeof(struct sctp_asconf_ack),
5662 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
5663
5664 /* Master Lock INIT for info structure */
5665 SCTP_INP_INFO_LOCK_INIT();
5666 SCTP_STATLOG_INIT_LOCK();
5667
5668 SCTP_IPI_COUNT_INIT();
5669 SCTP_IPI_ADDR_INIT();
5670 #ifdef SCTP_PACKET_LOGGING
5671 SCTP_IP_PKTLOG_INIT();
5672 #endif
5673 LIST_INIT(&SCTP_BASE_INFO(addr_wq));
5674
5675 SCTP_WQ_ADDR_INIT();
5676 /* not sure if we need all the counts */
5677 SCTP_BASE_INFO(ipi_count_ep) = 0;
5678 /* assoc/tcb zone info */
5679 SCTP_BASE_INFO(ipi_count_asoc) = 0;
5680 /* local addrlist zone info */
5681 SCTP_BASE_INFO(ipi_count_laddr) = 0;
5682 /* remote addrlist zone info */
5683 SCTP_BASE_INFO(ipi_count_raddr) = 0;
5684 /* chunk info */
5685 SCTP_BASE_INFO(ipi_count_chunk) = 0;
5686
5687 /* socket queue zone info */
5688 SCTP_BASE_INFO(ipi_count_readq) = 0;
5689
5690 /* stream out queue cont */
5691 SCTP_BASE_INFO(ipi_count_strmoq) = 0;
5692
5693 SCTP_BASE_INFO(ipi_free_strmoq) = 0;
5694 SCTP_BASE_INFO(ipi_free_chunks) = 0;
5695
5696 SCTP_OS_TIMER_INIT(&SCTP_BASE_INFO(addr_wq_timer.timer));
5697
5698 /* Init the TIMEWAIT list */
5699 for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) {
5700 LIST_INIT(&SCTP_BASE_INFO(vtag_timewait)[i]);
5701 }
5702 sctp_startup_iterator();
5703
5704 #if defined(SCTP_MCORE_INPUT) && defined(SMP)
5705 sctp_startup_mcore_threads();
5706 #endif
5707
5708 /*
5709 * INIT the default VRF which for BSD is the only one, other O/S's
5710 * may have more. But initially they must start with one and then
5711 * add the VRF's as addresses are added.
5712 */
5713 sctp_init_vrf_list(SCTP_DEFAULT_VRF);
5714 }
5715
5716 /*
5717 * Assumes that the SCTP_BASE_INFO() lock is NOT held.
5718 */
5719 void
sctp_pcb_finish(void)5720 sctp_pcb_finish(void)
5721 {
5722 struct sctp_vrflist *vrf_bucket;
5723 struct sctp_vrf *vrf, *nvrf;
5724 struct sctp_ifn *ifn, *nifn;
5725 struct sctp_ifa *ifa, *nifa;
5726 struct sctpvtaghead *chain;
5727 struct sctp_tagblock *twait_block, *prev_twait_block;
5728 struct sctp_laddr *wi, *nwi;
5729 int i;
5730 struct sctp_iterator *it, *nit;
5731
5732 if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) {
5733 SCTP_PRINTF("%s: race condition on teardown.\n", __func__);
5734 return;
5735 }
5736 SCTP_BASE_VAR(sctp_pcb_initialized) = 0;
5737 /*
5738 * In FreeBSD the iterator thread never exits but we do clean up.
5739 * The only way FreeBSD reaches here is if we have VRF's but we
5740 * still add the ifdef to make it compile on old versions.
5741 */
5742 retry:
5743 SCTP_IPI_ITERATOR_WQ_LOCK();
5744 /*
5745 * sctp_iterator_worker() might be working on an it entry without
5746 * holding the lock. We won't find it on the list either and
5747 * continue and free/destroy it. While holding the lock, spin, to
5748 * avoid the race condition as sctp_iterator_worker() will have to
5749 * wait to re-acquire the lock.
5750 */
5751 if (sctp_it_ctl.iterator_running != 0 || sctp_it_ctl.cur_it != NULL) {
5752 SCTP_IPI_ITERATOR_WQ_UNLOCK();
5753 SCTP_PRINTF("%s: Iterator running while we held the lock. Retry. "
5754 "cur_it=%p\n", __func__, sctp_it_ctl.cur_it);
5755 DELAY(10);
5756 goto retry;
5757 }
5758 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) {
5759 if (it->vn != curvnet) {
5760 continue;
5761 }
5762 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr);
5763 if (it->function_atend != NULL) {
5764 (*it->function_atend) (it->pointer, it->val);
5765 }
5766 SCTP_FREE(it, SCTP_M_ITER);
5767 }
5768 SCTP_IPI_ITERATOR_WQ_UNLOCK();
5769 SCTP_ITERATOR_LOCK();
5770 if ((sctp_it_ctl.cur_it) &&
5771 (sctp_it_ctl.cur_it->vn == curvnet)) {
5772 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_IT;
5773 }
5774 SCTP_ITERATOR_UNLOCK();
5775 SCTP_OS_TIMER_STOP_DRAIN(&SCTP_BASE_INFO(addr_wq_timer.timer));
5776 SCTP_WQ_ADDR_LOCK();
5777 LIST_FOREACH_SAFE(wi, &SCTP_BASE_INFO(addr_wq), sctp_nxt_addr, nwi) {
5778 LIST_REMOVE(wi, sctp_nxt_addr);
5779 SCTP_DECR_LADDR_COUNT();
5780 if (wi->action == SCTP_DEL_IP_ADDRESS) {
5781 SCTP_FREE(wi->ifa, SCTP_M_IFA);
5782 }
5783 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), wi);
5784 }
5785 SCTP_WQ_ADDR_UNLOCK();
5786
5787 /*
5788 * free the vrf/ifn/ifa lists and hashes (be sure address monitor is
5789 * destroyed first).
5790 */
5791 SCTP_IPI_ADDR_WLOCK();
5792 vrf_bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(SCTP_DEFAULT_VRFID & SCTP_BASE_INFO(hashvrfmark))];
5793 LIST_FOREACH_SAFE(vrf, vrf_bucket, next_vrf, nvrf) {
5794 LIST_FOREACH_SAFE(ifn, &vrf->ifnlist, next_ifn, nifn) {
5795 LIST_FOREACH_SAFE(ifa, &ifn->ifalist, next_ifa, nifa) {
5796 /* free the ifa */
5797 LIST_REMOVE(ifa, next_bucket);
5798 LIST_REMOVE(ifa, next_ifa);
5799 SCTP_FREE(ifa, SCTP_M_IFA);
5800 }
5801 /* free the ifn */
5802 LIST_REMOVE(ifn, next_bucket);
5803 LIST_REMOVE(ifn, next_ifn);
5804 SCTP_FREE(ifn, SCTP_M_IFN);
5805 }
5806 SCTP_HASH_FREE(vrf->vrf_addr_hash, vrf->vrf_addr_hashmark);
5807 /* free the vrf */
5808 LIST_REMOVE(vrf, next_vrf);
5809 SCTP_FREE(vrf, SCTP_M_VRF);
5810 }
5811 SCTP_IPI_ADDR_WUNLOCK();
5812 /* free the vrf hashes */
5813 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_vrfhash), SCTP_BASE_INFO(hashvrfmark));
5814 SCTP_HASH_FREE(SCTP_BASE_INFO(vrf_ifn_hash), SCTP_BASE_INFO(vrf_ifn_hashmark));
5815
5816 /*
5817 * free the TIMEWAIT list elements malloc'd in the function
5818 * sctp_add_vtag_to_timewait()...
5819 */
5820 for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) {
5821 chain = &SCTP_BASE_INFO(vtag_timewait)[i];
5822 if (!LIST_EMPTY(chain)) {
5823 prev_twait_block = NULL;
5824 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
5825 if (prev_twait_block) {
5826 SCTP_FREE(prev_twait_block, SCTP_M_TIMW);
5827 }
5828 prev_twait_block = twait_block;
5829 }
5830 SCTP_FREE(prev_twait_block, SCTP_M_TIMW);
5831 }
5832 }
5833
5834 /* free the locks and mutexes */
5835 #ifdef SCTP_PACKET_LOGGING
5836 SCTP_IP_PKTLOG_DESTROY();
5837 #endif
5838 SCTP_IPI_ADDR_DESTROY();
5839 SCTP_STATLOG_DESTROY();
5840 SCTP_INP_INFO_LOCK_DESTROY();
5841
5842 SCTP_WQ_ADDR_DESTROY();
5843
5844 /* Get rid of other stuff too. */
5845 if (SCTP_BASE_INFO(sctp_asochash) != NULL)
5846 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_asochash), SCTP_BASE_INFO(hashasocmark));
5847 if (SCTP_BASE_INFO(sctp_ephash) != NULL)
5848 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_ephash), SCTP_BASE_INFO(hashmark));
5849 if (SCTP_BASE_INFO(sctp_tcpephash) != NULL)
5850 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_tcpephash), SCTP_BASE_INFO(hashtcpmark));
5851
5852 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_ep));
5853 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asoc));
5854 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_laddr));
5855 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_net));
5856 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_chunk));
5857 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_readq));
5858 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_strmoq));
5859 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf));
5860 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf_ack));
5861 #if defined(SMP) && defined(SCTP_USE_PERCPU_STAT)
5862 SCTP_FREE(SCTP_BASE_STATS, SCTP_M_MCORE);
5863 #endif
5864 }
5865
5866 int
sctp_load_addresses_from_init(struct sctp_tcb * stcb,struct mbuf * m,int offset,int limit,struct sockaddr * src,struct sockaddr * dst,struct sockaddr * altsa,uint16_t port)5867 sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
5868 int offset, int limit,
5869 struct sockaddr *src, struct sockaddr *dst,
5870 struct sockaddr *altsa, uint16_t port)
5871 {
5872 /*
5873 * grub through the INIT pulling addresses and loading them to the
5874 * nets structure in the asoc. The from address in the mbuf should
5875 * also be loaded (if it is not already). This routine can be called
5876 * with either INIT or INIT-ACK's as long as the m points to the IP
5877 * packet and the offset points to the beginning of the parameters.
5878 */
5879 struct sctp_inpcb *inp;
5880 struct sctp_nets *net, *nnet, *net_tmp;
5881 struct sctp_paramhdr *phdr, param_buf;
5882 struct sctp_tcb *stcb_tmp;
5883 uint16_t ptype, plen;
5884 struct sockaddr *sa;
5885 uint8_t random_store[SCTP_PARAM_BUFFER_SIZE];
5886 struct sctp_auth_random *p_random = NULL;
5887 uint16_t random_len = 0;
5888 uint8_t hmacs_store[SCTP_PARAM_BUFFER_SIZE];
5889 struct sctp_auth_hmac_algo *hmacs = NULL;
5890 uint16_t hmacs_len = 0;
5891 uint8_t saw_asconf = 0;
5892 uint8_t saw_asconf_ack = 0;
5893 uint8_t chunks_store[SCTP_PARAM_BUFFER_SIZE];
5894 struct sctp_auth_chunk_list *chunks = NULL;
5895 uint16_t num_chunks = 0;
5896 sctp_key_t *new_key;
5897 uint32_t keylen;
5898 int got_random = 0, got_hmacs = 0, got_chklist = 0;
5899 uint8_t peer_supports_ecn;
5900 uint8_t peer_supports_prsctp;
5901 uint8_t peer_supports_auth;
5902 uint8_t peer_supports_asconf;
5903 uint8_t peer_supports_asconf_ack;
5904 uint8_t peer_supports_reconfig;
5905 uint8_t peer_supports_nrsack;
5906 uint8_t peer_supports_pktdrop;
5907 uint8_t peer_supports_idata;
5908 #ifdef INET
5909 struct sockaddr_in sin;
5910 #endif
5911 #ifdef INET6
5912 struct sockaddr_in6 sin6;
5913 #endif
5914
5915 /* First get the destination address setup too. */
5916 #ifdef INET
5917 memset(&sin, 0, sizeof(sin));
5918 sin.sin_family = AF_INET;
5919 sin.sin_len = sizeof(sin);
5920 sin.sin_port = stcb->rport;
5921 #endif
5922 #ifdef INET6
5923 memset(&sin6, 0, sizeof(sin6));
5924 sin6.sin6_family = AF_INET6;
5925 sin6.sin6_len = sizeof(struct sockaddr_in6);
5926 sin6.sin6_port = stcb->rport;
5927 #endif
5928 if (altsa) {
5929 sa = altsa;
5930 } else {
5931 sa = src;
5932 }
5933 peer_supports_idata = 0;
5934 peer_supports_ecn = 0;
5935 peer_supports_prsctp = 0;
5936 peer_supports_auth = 0;
5937 peer_supports_asconf = 0;
5938 peer_supports_asconf_ack = 0;
5939 peer_supports_reconfig = 0;
5940 peer_supports_nrsack = 0;
5941 peer_supports_pktdrop = 0;
5942 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
5943 /* mark all addresses that we have currently on the list */
5944 net->dest_state |= SCTP_ADDR_NOT_IN_ASSOC;
5945 }
5946 /* does the source address already exist? if so skip it */
5947 inp = stcb->sctp_ep;
5948 atomic_add_int(&stcb->asoc.refcnt, 1);
5949 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net_tmp, dst, stcb);
5950 atomic_subtract_int(&stcb->asoc.refcnt, 1);
5951
5952 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) || inp == NULL) {
5953 /* we must add the source address */
5954 /* no scope set here since we have a tcb already. */
5955 switch (sa->sa_family) {
5956 #ifdef INET
5957 case AF_INET:
5958 if (stcb->asoc.scope.ipv4_addr_legal) {
5959 if (sctp_add_remote_addr(stcb, sa, NULL, port, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_2)) {
5960 return (-1);
5961 }
5962 }
5963 break;
5964 #endif
5965 #ifdef INET6
5966 case AF_INET6:
5967 if (stcb->asoc.scope.ipv6_addr_legal) {
5968 if (sctp_add_remote_addr(stcb, sa, NULL, port, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_3)) {
5969 return (-2);
5970 }
5971 }
5972 break;
5973 #endif
5974 default:
5975 break;
5976 }
5977 } else {
5978 if (net_tmp != NULL && stcb_tmp == stcb) {
5979 net_tmp->dest_state &= ~SCTP_ADDR_NOT_IN_ASSOC;
5980 } else if (stcb_tmp != stcb) {
5981 /* It belongs to another association? */
5982 if (stcb_tmp)
5983 SCTP_TCB_UNLOCK(stcb_tmp);
5984 return (-3);
5985 }
5986 }
5987 if (stcb->asoc.state == 0) {
5988 /* the assoc was freed? */
5989 return (-4);
5990 }
5991 /* now we must go through each of the params. */
5992 phdr = sctp_get_next_param(m, offset, ¶m_buf, sizeof(param_buf));
5993 while (phdr) {
5994 ptype = ntohs(phdr->param_type);
5995 plen = ntohs(phdr->param_length);
5996 /*
5997 * SCTP_PRINTF("ptype => %0x, plen => %d\n",
5998 * (uint32_t)ptype, (int)plen);
5999 */
6000 if (offset + plen > limit) {
6001 break;
6002 }
6003 if (plen < sizeof(struct sctp_paramhdr)) {
6004 break;
6005 }
6006 #ifdef INET
6007 if (ptype == SCTP_IPV4_ADDRESS) {
6008 if (stcb->asoc.scope.ipv4_addr_legal) {
6009 struct sctp_ipv4addr_param *p4, p4_buf;
6010
6011 /* ok get the v4 address and check/add */
6012 phdr = sctp_get_next_param(m, offset,
6013 (struct sctp_paramhdr *)&p4_buf,
6014 sizeof(p4_buf));
6015 if (plen != sizeof(struct sctp_ipv4addr_param) ||
6016 phdr == NULL) {
6017 return (-5);
6018 }
6019 p4 = (struct sctp_ipv4addr_param *)phdr;
6020 sin.sin_addr.s_addr = p4->addr;
6021 if (IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) {
6022 /* Skip multi-cast addresses */
6023 goto next_param;
6024 }
6025 if (in_broadcast(sin.sin_addr)) {
6026 goto next_param;
6027 }
6028 sa = (struct sockaddr *)&sin;
6029 inp = stcb->sctp_ep;
6030 atomic_add_int(&stcb->asoc.refcnt, 1);
6031 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net,
6032 dst, stcb);
6033 atomic_subtract_int(&stcb->asoc.refcnt, 1);
6034
6035 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) ||
6036 inp == NULL) {
6037 /* we must add the source address */
6038 /*
6039 * no scope set since we have a tcb
6040 * already
6041 */
6042
6043 /*
6044 * we must validate the state again
6045 * here
6046 */
6047 add_it_now:
6048 if (stcb->asoc.state == 0) {
6049 /* the assoc was freed? */
6050 return (-7);
6051 }
6052 if (sctp_add_remote_addr(stcb, sa, NULL, port, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_4)) {
6053 return (-8);
6054 }
6055 } else if (stcb_tmp == stcb) {
6056 if (stcb->asoc.state == 0) {
6057 /* the assoc was freed? */
6058 return (-10);
6059 }
6060 if (net != NULL) {
6061 /* clear flag */
6062 net->dest_state &=
6063 ~SCTP_ADDR_NOT_IN_ASSOC;
6064 }
6065 } else {
6066 /*
6067 * strange, address is in another
6068 * assoc? straighten out locks.
6069 */
6070 if (stcb_tmp) {
6071 if (SCTP_GET_STATE(stcb_tmp) == SCTP_STATE_COOKIE_WAIT) {
6072 struct mbuf *op_err;
6073 char msg[SCTP_DIAG_INFO_LEN];
6074
6075 /*
6076 * in setup state we
6077 * abort this guy
6078 */
6079 SCTP_SNPRINTF(msg, sizeof(msg),
6080 "%s:%d at %s", __FILE__, __LINE__, __func__);
6081 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
6082 msg);
6083 sctp_abort_an_association(stcb_tmp->sctp_ep,
6084 stcb_tmp, op_err, false,
6085 SCTP_SO_NOT_LOCKED);
6086 goto add_it_now;
6087 }
6088 SCTP_TCB_UNLOCK(stcb_tmp);
6089 }
6090
6091 if (stcb->asoc.state == 0) {
6092 /* the assoc was freed? */
6093 return (-12);
6094 }
6095 return (-13);
6096 }
6097 }
6098 } else
6099 #endif
6100 #ifdef INET6
6101 if (ptype == SCTP_IPV6_ADDRESS) {
6102 if (stcb->asoc.scope.ipv6_addr_legal) {
6103 /* ok get the v6 address and check/add */
6104 struct sctp_ipv6addr_param *p6, p6_buf;
6105
6106 phdr = sctp_get_next_param(m, offset,
6107 (struct sctp_paramhdr *)&p6_buf,
6108 sizeof(p6_buf));
6109 if (plen != sizeof(struct sctp_ipv6addr_param) ||
6110 phdr == NULL) {
6111 return (-14);
6112 }
6113 p6 = (struct sctp_ipv6addr_param *)phdr;
6114 memcpy((caddr_t)&sin6.sin6_addr, p6->addr,
6115 sizeof(p6->addr));
6116 if (IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) {
6117 /* Skip multi-cast addresses */
6118 goto next_param;
6119 }
6120 if (IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) {
6121 /*
6122 * Link local make no sense without
6123 * scope
6124 */
6125 goto next_param;
6126 }
6127 sa = (struct sockaddr *)&sin6;
6128 inp = stcb->sctp_ep;
6129 atomic_add_int(&stcb->asoc.refcnt, 1);
6130 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net,
6131 dst, stcb);
6132 atomic_subtract_int(&stcb->asoc.refcnt, 1);
6133 if (stcb_tmp == NULL &&
6134 (inp == stcb->sctp_ep || inp == NULL)) {
6135 /*
6136 * we must validate the state again
6137 * here
6138 */
6139 add_it_now6:
6140 if (stcb->asoc.state == 0) {
6141 /* the assoc was freed? */
6142 return (-16);
6143 }
6144 /*
6145 * we must add the address, no scope
6146 * set
6147 */
6148 if (sctp_add_remote_addr(stcb, sa, NULL, port, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_5)) {
6149 return (-17);
6150 }
6151 } else if (stcb_tmp == stcb) {
6152 /*
6153 * we must validate the state again
6154 * here
6155 */
6156 if (stcb->asoc.state == 0) {
6157 /* the assoc was freed? */
6158 return (-19);
6159 }
6160 if (net != NULL) {
6161 /* clear flag */
6162 net->dest_state &=
6163 ~SCTP_ADDR_NOT_IN_ASSOC;
6164 }
6165 } else {
6166 /*
6167 * strange, address is in another
6168 * assoc? straighten out locks.
6169 */
6170 if (stcb_tmp) {
6171 if (SCTP_GET_STATE(stcb_tmp) == SCTP_STATE_COOKIE_WAIT) {
6172 struct mbuf *op_err;
6173 char msg[SCTP_DIAG_INFO_LEN];
6174
6175 /*
6176 * in setup state we
6177 * abort this guy
6178 */
6179 SCTP_SNPRINTF(msg, sizeof(msg),
6180 "%s:%d at %s", __FILE__, __LINE__, __func__);
6181 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
6182 msg);
6183 sctp_abort_an_association(stcb_tmp->sctp_ep,
6184 stcb_tmp, op_err, false,
6185 SCTP_SO_NOT_LOCKED);
6186 goto add_it_now6;
6187 }
6188 SCTP_TCB_UNLOCK(stcb_tmp);
6189 }
6190 if (stcb->asoc.state == 0) {
6191 /* the assoc was freed? */
6192 return (-21);
6193 }
6194 return (-22);
6195 }
6196 }
6197 } else
6198 #endif
6199 if (ptype == SCTP_ECN_CAPABLE) {
6200 peer_supports_ecn = 1;
6201 } else if (ptype == SCTP_ULP_ADAPTATION) {
6202 if (stcb->asoc.state != SCTP_STATE_OPEN) {
6203 struct sctp_adaptation_layer_indication ai,
6204 *aip;
6205
6206 phdr = sctp_get_next_param(m, offset,
6207 (struct sctp_paramhdr *)&ai, sizeof(ai));
6208 aip = (struct sctp_adaptation_layer_indication *)phdr;
6209 if (aip) {
6210 stcb->asoc.peers_adaptation = ntohl(aip->indication);
6211 stcb->asoc.adaptation_needed = 1;
6212 }
6213 }
6214 } else if (ptype == SCTP_SET_PRIM_ADDR) {
6215 struct sctp_asconf_addr_param lstore, *fee;
6216 int lptype;
6217 struct sockaddr *lsa = NULL;
6218 #ifdef INET
6219 struct sctp_asconf_addrv4_param *fii;
6220 #endif
6221
6222 if (stcb->asoc.asconf_supported == 0) {
6223 return (-100);
6224 }
6225 if (plen > sizeof(lstore)) {
6226 return (-23);
6227 }
6228 if (plen < sizeof(struct sctp_asconf_addrv4_param)) {
6229 return (-101);
6230 }
6231 phdr = sctp_get_next_param(m, offset,
6232 (struct sctp_paramhdr *)&lstore,
6233 plen);
6234 if (phdr == NULL) {
6235 return (-24);
6236 }
6237 fee = (struct sctp_asconf_addr_param *)phdr;
6238 lptype = ntohs(fee->addrp.ph.param_type);
6239 switch (lptype) {
6240 #ifdef INET
6241 case SCTP_IPV4_ADDRESS:
6242 if (plen !=
6243 sizeof(struct sctp_asconf_addrv4_param)) {
6244 SCTP_PRINTF("Sizeof setprim in init/init ack not %d but %d - ignored\n",
6245 (int)sizeof(struct sctp_asconf_addrv4_param),
6246 plen);
6247 } else {
6248 fii = (struct sctp_asconf_addrv4_param *)fee;
6249 sin.sin_addr.s_addr = fii->addrp.addr;
6250 lsa = (struct sockaddr *)&sin;
6251 }
6252 break;
6253 #endif
6254 #ifdef INET6
6255 case SCTP_IPV6_ADDRESS:
6256 if (plen !=
6257 sizeof(struct sctp_asconf_addr_param)) {
6258 SCTP_PRINTF("Sizeof setprim (v6) in init/init ack not %d but %d - ignored\n",
6259 (int)sizeof(struct sctp_asconf_addr_param),
6260 plen);
6261 } else {
6262 memcpy(sin6.sin6_addr.s6_addr,
6263 fee->addrp.addr,
6264 sizeof(fee->addrp.addr));
6265 lsa = (struct sockaddr *)&sin6;
6266 }
6267 break;
6268 #endif
6269 default:
6270 break;
6271 }
6272 if (lsa) {
6273 (void)sctp_set_primary_addr(stcb, sa, NULL);
6274 }
6275 } else if (ptype == SCTP_HAS_NAT_SUPPORT) {
6276 stcb->asoc.peer_supports_nat = 1;
6277 } else if (ptype == SCTP_PRSCTP_SUPPORTED) {
6278 /* Peer supports pr-sctp */
6279 peer_supports_prsctp = 1;
6280 } else if (ptype == SCTP_ZERO_CHECKSUM_ACCEPTABLE) {
6281 struct sctp_zero_checksum_acceptable zero_chksum,
6282 *zero_chksum_p;
6283
6284 phdr = sctp_get_next_param(m, offset,
6285 (struct sctp_paramhdr *)&zero_chksum,
6286 sizeof(struct sctp_zero_checksum_acceptable));
6287 if (phdr != NULL) {
6288 /*
6289 * Only send zero checksums if the upper
6290 * layer has enabled the support for the
6291 * same method as allowed by the peer.
6292 */
6293 zero_chksum_p = (struct sctp_zero_checksum_acceptable *)phdr;
6294 if ((ntohl(zero_chksum_p->edmid) != SCTP_EDMID_NONE) &&
6295 (ntohl(zero_chksum_p->edmid) == stcb->asoc.rcv_edmid)) {
6296 stcb->asoc.snd_edmid = stcb->asoc.rcv_edmid;
6297 }
6298 }
6299 } else if (ptype == SCTP_SUPPORTED_CHUNK_EXT) {
6300 /* A supported extension chunk */
6301 struct sctp_supported_chunk_types_param *pr_supported;
6302 uint8_t local_store[SCTP_PARAM_BUFFER_SIZE];
6303 int num_ent, i;
6304
6305 if (plen > sizeof(local_store)) {
6306 return (-35);
6307 }
6308 phdr = sctp_get_next_param(m, offset,
6309 (struct sctp_paramhdr *)&local_store, plen);
6310 if (phdr == NULL) {
6311 return (-25);
6312 }
6313 pr_supported = (struct sctp_supported_chunk_types_param *)phdr;
6314 num_ent = plen - sizeof(struct sctp_paramhdr);
6315 for (i = 0; i < num_ent; i++) {
6316 switch (pr_supported->chunk_types[i]) {
6317 case SCTP_ASCONF:
6318 peer_supports_asconf = 1;
6319 break;
6320 case SCTP_ASCONF_ACK:
6321 peer_supports_asconf_ack = 1;
6322 break;
6323 case SCTP_FORWARD_CUM_TSN:
6324 peer_supports_prsctp = 1;
6325 break;
6326 case SCTP_PACKET_DROPPED:
6327 peer_supports_pktdrop = 1;
6328 break;
6329 case SCTP_NR_SELECTIVE_ACK:
6330 peer_supports_nrsack = 1;
6331 break;
6332 case SCTP_STREAM_RESET:
6333 peer_supports_reconfig = 1;
6334 break;
6335 case SCTP_AUTHENTICATION:
6336 peer_supports_auth = 1;
6337 break;
6338 case SCTP_IDATA:
6339 peer_supports_idata = 1;
6340 break;
6341 default:
6342 /* one I have not learned yet */
6343 break;
6344 }
6345 }
6346 } else if (ptype == SCTP_RANDOM) {
6347 if (plen > sizeof(random_store))
6348 break;
6349 if (got_random) {
6350 /* already processed a RANDOM */
6351 goto next_param;
6352 }
6353 phdr = sctp_get_next_param(m, offset,
6354 (struct sctp_paramhdr *)random_store,
6355 plen);
6356 if (phdr == NULL)
6357 return (-26);
6358 p_random = (struct sctp_auth_random *)phdr;
6359 random_len = plen - sizeof(*p_random);
6360 /* enforce the random length */
6361 if (random_len != SCTP_AUTH_RANDOM_SIZE_REQUIRED) {
6362 SCTPDBG(SCTP_DEBUG_AUTH1, "SCTP: invalid RANDOM len\n");
6363 return (-27);
6364 }
6365 got_random = 1;
6366 } else if (ptype == SCTP_HMAC_LIST) {
6367 uint16_t num_hmacs;
6368 uint16_t i;
6369
6370 if (plen > sizeof(hmacs_store))
6371 break;
6372 if (got_hmacs) {
6373 /* already processed a HMAC list */
6374 goto next_param;
6375 }
6376 phdr = sctp_get_next_param(m, offset,
6377 (struct sctp_paramhdr *)hmacs_store,
6378 plen);
6379 if (phdr == NULL)
6380 return (-28);
6381 hmacs = (struct sctp_auth_hmac_algo *)phdr;
6382 hmacs_len = plen - sizeof(*hmacs);
6383 num_hmacs = hmacs_len / sizeof(hmacs->hmac_ids[0]);
6384 /* validate the hmac list */
6385 if (sctp_verify_hmac_param(hmacs, num_hmacs)) {
6386 return (-29);
6387 }
6388 if (stcb->asoc.peer_hmacs != NULL)
6389 sctp_free_hmaclist(stcb->asoc.peer_hmacs);
6390 stcb->asoc.peer_hmacs = sctp_alloc_hmaclist(num_hmacs);
6391 if (stcb->asoc.peer_hmacs != NULL) {
6392 for (i = 0; i < num_hmacs; i++) {
6393 (void)sctp_auth_add_hmacid(stcb->asoc.peer_hmacs,
6394 ntohs(hmacs->hmac_ids[i]));
6395 }
6396 }
6397 got_hmacs = 1;
6398 } else if (ptype == SCTP_CHUNK_LIST) {
6399 int i;
6400
6401 if (plen > sizeof(chunks_store))
6402 break;
6403 if (got_chklist) {
6404 /* already processed a Chunks list */
6405 goto next_param;
6406 }
6407 phdr = sctp_get_next_param(m, offset,
6408 (struct sctp_paramhdr *)chunks_store,
6409 plen);
6410 if (phdr == NULL)
6411 return (-30);
6412 chunks = (struct sctp_auth_chunk_list *)phdr;
6413 num_chunks = plen - sizeof(*chunks);
6414 if (stcb->asoc.peer_auth_chunks != NULL)
6415 sctp_clear_chunklist(stcb->asoc.peer_auth_chunks);
6416 else
6417 stcb->asoc.peer_auth_chunks = sctp_alloc_chunklist();
6418 for (i = 0; i < num_chunks; i++) {
6419 (void)sctp_auth_add_chunk(chunks->chunk_types[i],
6420 stcb->asoc.peer_auth_chunks);
6421 /* record asconf/asconf-ack if listed */
6422 if (chunks->chunk_types[i] == SCTP_ASCONF)
6423 saw_asconf = 1;
6424 if (chunks->chunk_types[i] == SCTP_ASCONF_ACK)
6425 saw_asconf_ack = 1;
6426 }
6427 got_chklist = 1;
6428 } else if ((ptype == SCTP_HEARTBEAT_INFO) ||
6429 (ptype == SCTP_STATE_COOKIE) ||
6430 (ptype == SCTP_UNRECOG_PARAM) ||
6431 (ptype == SCTP_COOKIE_PRESERVE) ||
6432 (ptype == SCTP_SUPPORTED_ADDRTYPE) ||
6433 (ptype == SCTP_ADD_IP_ADDRESS) ||
6434 (ptype == SCTP_DEL_IP_ADDRESS) ||
6435 (ptype == SCTP_ERROR_CAUSE_IND) ||
6436 (ptype == SCTP_SUCCESS_REPORT)) {
6437 /* don't care */
6438 } else {
6439 if ((ptype & 0x8000) == 0x0000) {
6440 /*
6441 * must stop processing the rest of the
6442 * param's. Any report bits were handled
6443 * with the call to
6444 * sctp_arethere_unrecognized_parameters()
6445 * when the INIT or INIT-ACK was first seen.
6446 */
6447 break;
6448 }
6449 }
6450
6451 next_param:
6452 offset += SCTP_SIZE32(plen);
6453 if (offset >= limit) {
6454 break;
6455 }
6456 phdr = sctp_get_next_param(m, offset, ¶m_buf,
6457 sizeof(param_buf));
6458 }
6459 /* Now check to see if we need to purge any addresses */
6460 TAILQ_FOREACH_SAFE(net, &stcb->asoc.nets, sctp_next, nnet) {
6461 if ((net->dest_state & SCTP_ADDR_NOT_IN_ASSOC) ==
6462 SCTP_ADDR_NOT_IN_ASSOC) {
6463 /* This address has been removed from the asoc */
6464 /* remove and free it */
6465 stcb->asoc.numnets--;
6466 TAILQ_REMOVE(&stcb->asoc.nets, net, sctp_next);
6467 if (net == stcb->asoc.alternate) {
6468 sctp_free_remote_addr(stcb->asoc.alternate);
6469 stcb->asoc.alternate = NULL;
6470 }
6471 if (net == stcb->asoc.primary_destination) {
6472 stcb->asoc.primary_destination = NULL;
6473 sctp_select_primary_destination(stcb);
6474 }
6475 sctp_free_remote_addr(net);
6476 }
6477 }
6478 if ((stcb->asoc.ecn_supported == 1) &&
6479 (peer_supports_ecn == 0)) {
6480 stcb->asoc.ecn_supported = 0;
6481 }
6482 if ((stcb->asoc.prsctp_supported == 1) &&
6483 (peer_supports_prsctp == 0)) {
6484 stcb->asoc.prsctp_supported = 0;
6485 }
6486 if ((stcb->asoc.auth_supported == 1) &&
6487 ((peer_supports_auth == 0) ||
6488 (got_random == 0) || (got_hmacs == 0))) {
6489 stcb->asoc.auth_supported = 0;
6490 }
6491 if ((stcb->asoc.asconf_supported == 1) &&
6492 ((peer_supports_asconf == 0) || (peer_supports_asconf_ack == 0) ||
6493 (stcb->asoc.auth_supported == 0) ||
6494 (saw_asconf == 0) || (saw_asconf_ack == 0))) {
6495 stcb->asoc.asconf_supported = 0;
6496 }
6497 if ((stcb->asoc.reconfig_supported == 1) &&
6498 (peer_supports_reconfig == 0)) {
6499 stcb->asoc.reconfig_supported = 0;
6500 }
6501 if ((stcb->asoc.idata_supported == 1) &&
6502 (peer_supports_idata == 0)) {
6503 stcb->asoc.idata_supported = 0;
6504 }
6505 if ((stcb->asoc.nrsack_supported == 1) &&
6506 (peer_supports_nrsack == 0)) {
6507 stcb->asoc.nrsack_supported = 0;
6508 }
6509 if ((stcb->asoc.pktdrop_supported == 1) &&
6510 (peer_supports_pktdrop == 0)) {
6511 stcb->asoc.pktdrop_supported = 0;
6512 }
6513 /* validate authentication required parameters */
6514 if ((peer_supports_auth == 0) && (got_chklist == 1)) {
6515 /* peer does not support auth but sent a chunks list? */
6516 return (-31);
6517 }
6518 if ((peer_supports_asconf == 1) && (peer_supports_auth == 0)) {
6519 /* peer supports asconf but not auth? */
6520 return (-32);
6521 } else if ((peer_supports_asconf == 1) &&
6522 (peer_supports_auth == 1) &&
6523 ((saw_asconf == 0) || (saw_asconf_ack == 0))) {
6524 return (-33);
6525 }
6526 /* concatenate the full random key */
6527 keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len;
6528 if (chunks != NULL) {
6529 keylen += sizeof(*chunks) + num_chunks;
6530 }
6531 new_key = sctp_alloc_key(keylen);
6532 if (new_key != NULL) {
6533 /* copy in the RANDOM */
6534 if (p_random != NULL) {
6535 keylen = sizeof(*p_random) + random_len;
6536 memcpy(new_key->key, p_random, keylen);
6537 } else {
6538 keylen = 0;
6539 }
6540 /* append in the AUTH chunks */
6541 if (chunks != NULL) {
6542 memcpy(new_key->key + keylen, chunks,
6543 sizeof(*chunks) + num_chunks);
6544 keylen += sizeof(*chunks) + num_chunks;
6545 }
6546 /* append in the HMACs */
6547 if (hmacs != NULL) {
6548 memcpy(new_key->key + keylen, hmacs,
6549 sizeof(*hmacs) + hmacs_len);
6550 }
6551 } else {
6552 /* failed to get memory for the key */
6553 return (-34);
6554 }
6555 if (stcb->asoc.authinfo.peer_random != NULL)
6556 sctp_free_key(stcb->asoc.authinfo.peer_random);
6557 stcb->asoc.authinfo.peer_random = new_key;
6558 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid);
6559 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid);
6560
6561 return (0);
6562 }
6563
6564 int
sctp_set_primary_addr(struct sctp_tcb * stcb,struct sockaddr * sa,struct sctp_nets * net)6565 sctp_set_primary_addr(struct sctp_tcb *stcb, struct sockaddr *sa,
6566 struct sctp_nets *net)
6567 {
6568 /* make sure the requested primary address exists in the assoc */
6569 if (net == NULL && sa)
6570 net = sctp_findnet(stcb, sa);
6571
6572 if (net == NULL) {
6573 /* didn't find the requested primary address! */
6574 return (-1);
6575 } else {
6576 /* set the primary address */
6577 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
6578 /* Must be confirmed, so queue to set */
6579 net->dest_state |= SCTP_ADDR_REQ_PRIMARY;
6580 return (0);
6581 }
6582 stcb->asoc.primary_destination = net;
6583 if (((net->dest_state & SCTP_ADDR_PF) == 0) &&
6584 (stcb->asoc.alternate != NULL)) {
6585 sctp_free_remote_addr(stcb->asoc.alternate);
6586 stcb->asoc.alternate = NULL;
6587 }
6588 net = TAILQ_FIRST(&stcb->asoc.nets);
6589 if (net != stcb->asoc.primary_destination) {
6590 /*
6591 * first one on the list is NOT the primary
6592 * sctp_cmpaddr() is much more efficient if the
6593 * primary is the first on the list, make it so.
6594 */
6595 TAILQ_REMOVE(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
6596 TAILQ_INSERT_HEAD(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
6597 }
6598 return (0);
6599 }
6600 }
6601
6602 bool
sctp_is_vtag_good(uint32_t tag,uint16_t lport,uint16_t rport,struct timeval * now)6603 sctp_is_vtag_good(uint32_t tag, uint16_t lport, uint16_t rport, struct timeval *now)
6604 {
6605 struct sctpasochead *head;
6606 struct sctp_tcb *stcb;
6607
6608 SCTP_INP_INFO_LOCK_ASSERT();
6609
6610 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(tag, SCTP_BASE_INFO(hashasocmark))];
6611 LIST_FOREACH(stcb, head, sctp_asocs) {
6612 /*
6613 * We choose not to lock anything here. TCB's can't be
6614 * removed since we have the read lock, so they can't be
6615 * freed on us, same thing for the INP. I may be wrong with
6616 * this assumption, but we will go with it for now :-)
6617 */
6618 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
6619 continue;
6620 }
6621 if (stcb->asoc.my_vtag == tag) {
6622 /* candidate */
6623 if (stcb->rport != rport) {
6624 continue;
6625 }
6626 if (stcb->sctp_ep->sctp_lport != lport) {
6627 continue;
6628 }
6629 /* The tag is currently used, so don't use it. */
6630 return (false);
6631 }
6632 }
6633 return (!sctp_is_in_timewait(tag, lport, rport, now->tv_sec));
6634 }
6635
6636 static void
sctp_drain_mbufs(struct sctp_tcb * stcb)6637 sctp_drain_mbufs(struct sctp_tcb *stcb)
6638 {
6639 /*
6640 * We must hunt this association for MBUF's past the cumack (i.e.
6641 * out of order data that we can renege on).
6642 */
6643 struct sctp_association *asoc;
6644 struct sctp_tmit_chunk *chk, *nchk;
6645 uint32_t cumulative_tsn_p1;
6646 struct sctp_queued_to_read *control, *ncontrol;
6647 int cnt, strmat;
6648 uint32_t gap, i;
6649 int fnd = 0;
6650
6651 /* We look for anything larger than the cum-ack + 1 */
6652
6653 asoc = &stcb->asoc;
6654 if (asoc->cumulative_tsn == asoc->highest_tsn_inside_map) {
6655 /* none we can reneg on. */
6656 return;
6657 }
6658 SCTP_STAT_INCR(sctps_protocol_drains_done);
6659 cumulative_tsn_p1 = asoc->cumulative_tsn + 1;
6660 cnt = 0;
6661 /* Ok that was fun, now we will drain all the inbound streams? */
6662 for (strmat = 0; strmat < asoc->streamincnt; strmat++) {
6663 TAILQ_FOREACH_SAFE(control, &asoc->strmin[strmat].inqueue, next_instrm, ncontrol) {
6664 #ifdef INVARIANTS
6665 if (control->on_strm_q != SCTP_ON_ORDERED) {
6666 panic("Huh control: %p on_q: %d -- not ordered?",
6667 control, control->on_strm_q);
6668 }
6669 #endif
6670 if (SCTP_TSN_GT(control->sinfo_tsn, cumulative_tsn_p1)) {
6671 /* Yep it is above cum-ack */
6672 cnt++;
6673 SCTP_CALC_TSN_TO_GAP(gap, control->sinfo_tsn, asoc->mapping_array_base_tsn);
6674 KASSERT(control->length > 0, ("control has zero length"));
6675 if (asoc->size_on_all_streams >= control->length) {
6676 asoc->size_on_all_streams -= control->length;
6677 } else {
6678 #ifdef INVARIANTS
6679 panic("size_on_all_streams = %u smaller than control length %u", asoc->size_on_all_streams, control->length);
6680 #else
6681 asoc->size_on_all_streams = 0;
6682 #endif
6683 }
6684 sctp_ucount_decr(asoc->cnt_on_all_streams);
6685 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
6686 if (control->on_read_q) {
6687 TAILQ_REMOVE(&stcb->sctp_ep->read_queue, control, next);
6688 control->on_read_q = 0;
6689 }
6690 TAILQ_REMOVE(&asoc->strmin[strmat].inqueue, control, next_instrm);
6691 control->on_strm_q = 0;
6692 if (control->data) {
6693 sctp_m_freem(control->data);
6694 control->data = NULL;
6695 }
6696 sctp_free_remote_addr(control->whoFrom);
6697 /* Now its reasm? */
6698 TAILQ_FOREACH_SAFE(chk, &control->reasm, sctp_next, nchk) {
6699 cnt++;
6700 SCTP_CALC_TSN_TO_GAP(gap, chk->rec.data.tsn, asoc->mapping_array_base_tsn);
6701 KASSERT(chk->send_size > 0, ("chunk has zero length"));
6702 if (asoc->size_on_reasm_queue >= chk->send_size) {
6703 asoc->size_on_reasm_queue -= chk->send_size;
6704 } else {
6705 #ifdef INVARIANTS
6706 panic("size_on_reasm_queue = %u smaller than chunk length %u", asoc->size_on_reasm_queue, chk->send_size);
6707 #else
6708 asoc->size_on_reasm_queue = 0;
6709 #endif
6710 }
6711 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
6712 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
6713 TAILQ_REMOVE(&control->reasm, chk, sctp_next);
6714 if (chk->data) {
6715 sctp_m_freem(chk->data);
6716 chk->data = NULL;
6717 }
6718 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
6719 }
6720 sctp_free_a_readq(stcb, control);
6721 }
6722 }
6723 TAILQ_FOREACH_SAFE(control, &asoc->strmin[strmat].uno_inqueue, next_instrm, ncontrol) {
6724 #ifdef INVARIANTS
6725 if (control->on_strm_q != SCTP_ON_UNORDERED) {
6726 panic("Huh control: %p on_q: %d -- not unordered?",
6727 control, control->on_strm_q);
6728 }
6729 #endif
6730 if (SCTP_TSN_GT(control->sinfo_tsn, cumulative_tsn_p1)) {
6731 /* Yep it is above cum-ack */
6732 cnt++;
6733 SCTP_CALC_TSN_TO_GAP(gap, control->sinfo_tsn, asoc->mapping_array_base_tsn);
6734 KASSERT(control->length > 0, ("control has zero length"));
6735 if (asoc->size_on_all_streams >= control->length) {
6736 asoc->size_on_all_streams -= control->length;
6737 } else {
6738 #ifdef INVARIANTS
6739 panic("size_on_all_streams = %u smaller than control length %u", asoc->size_on_all_streams, control->length);
6740 #else
6741 asoc->size_on_all_streams = 0;
6742 #endif
6743 }
6744 sctp_ucount_decr(asoc->cnt_on_all_streams);
6745 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
6746 if (control->on_read_q) {
6747 TAILQ_REMOVE(&stcb->sctp_ep->read_queue, control, next);
6748 control->on_read_q = 0;
6749 }
6750 TAILQ_REMOVE(&asoc->strmin[strmat].uno_inqueue, control, next_instrm);
6751 control->on_strm_q = 0;
6752 if (control->data) {
6753 sctp_m_freem(control->data);
6754 control->data = NULL;
6755 }
6756 sctp_free_remote_addr(control->whoFrom);
6757 /* Now its reasm? */
6758 TAILQ_FOREACH_SAFE(chk, &control->reasm, sctp_next, nchk) {
6759 cnt++;
6760 SCTP_CALC_TSN_TO_GAP(gap, chk->rec.data.tsn, asoc->mapping_array_base_tsn);
6761 KASSERT(chk->send_size > 0, ("chunk has zero length"));
6762 if (asoc->size_on_reasm_queue >= chk->send_size) {
6763 asoc->size_on_reasm_queue -= chk->send_size;
6764 } else {
6765 #ifdef INVARIANTS
6766 panic("size_on_reasm_queue = %u smaller than chunk length %u", asoc->size_on_reasm_queue, chk->send_size);
6767 #else
6768 asoc->size_on_reasm_queue = 0;
6769 #endif
6770 }
6771 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
6772 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
6773 TAILQ_REMOVE(&control->reasm, chk, sctp_next);
6774 if (chk->data) {
6775 sctp_m_freem(chk->data);
6776 chk->data = NULL;
6777 }
6778 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
6779 }
6780 sctp_free_a_readq(stcb, control);
6781 }
6782 }
6783 }
6784 if (cnt) {
6785 /* We must back down to see what the new highest is */
6786 for (i = asoc->highest_tsn_inside_map; SCTP_TSN_GE(i, asoc->mapping_array_base_tsn); i--) {
6787 SCTP_CALC_TSN_TO_GAP(gap, i, asoc->mapping_array_base_tsn);
6788 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) {
6789 asoc->highest_tsn_inside_map = i;
6790 fnd = 1;
6791 break;
6792 }
6793 }
6794 if (!fnd) {
6795 asoc->highest_tsn_inside_map = asoc->mapping_array_base_tsn - 1;
6796 }
6797
6798 /*
6799 * Question, should we go through the delivery queue? The
6800 * only reason things are on here is the app not reading OR
6801 * a p-d-api up. An attacker COULD send enough in to
6802 * initiate the PD-API and then send a bunch of stuff to
6803 * other streams... these would wind up on the delivery
6804 * queue.. and then we would not get to them. But in order
6805 * to do this I then have to back-track and un-deliver
6806 * sequence numbers in streams.. el-yucko. I think for now
6807 * we will NOT look at the delivery queue and leave it to be
6808 * something to consider later. An alternative would be to
6809 * abort the P-D-API with a notification and then deliver
6810 * the data.... Or another method might be to keep track of
6811 * how many times the situation occurs and if we see a
6812 * possible attack underway just abort the association.
6813 */
6814 #ifdef SCTP_DEBUG
6815 SCTPDBG(SCTP_DEBUG_PCB1, "Freed %d chunks from reneg harvest\n", cnt);
6816 #endif
6817 /*
6818 * Now do we need to find a new
6819 * asoc->highest_tsn_inside_map?
6820 */
6821 asoc->last_revoke_count = cnt;
6822 sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL,
6823 SCTP_FROM_SCTP_PCB + SCTP_LOC_11);
6824 /* sa_ignore NO_NULL_CHK */
6825 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
6826 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_DRAIN, SCTP_SO_NOT_LOCKED);
6827 }
6828 /*
6829 * Another issue, in un-setting the TSN's in the mapping array we
6830 * DID NOT adjust the highest_tsn marker. This will cause one of
6831 * two things to occur. It may cause us to do extra work in checking
6832 * for our mapping array movement. More importantly it may cause us
6833 * to SACK every datagram. This may not be a bad thing though since
6834 * we will recover once we get our cum-ack above and all this stuff
6835 * we dumped recovered.
6836 */
6837 }
6838
6839 static void
sctp_drain(void * arg __unused,int flags __unused)6840 sctp_drain(void *arg __unused, int flags __unused)
6841 {
6842 struct epoch_tracker et;
6843
6844 VNET_ITERATOR_DECL(vnet_iter);
6845
6846 NET_EPOCH_ENTER(et);
6847 /*
6848 * We must walk the PCB lists for ALL associations here. The system
6849 * is LOW on MBUF's and needs help. This is where reneging will
6850 * occur. We really hope this does NOT happen!
6851 */
6852 VNET_LIST_RLOCK_NOSLEEP();
6853 VNET_FOREACH(vnet_iter) {
6854 CURVNET_SET(vnet_iter);
6855 struct sctp_inpcb *inp;
6856 struct sctp_tcb *stcb;
6857
6858 SCTP_STAT_INCR(sctps_protocol_drain_calls);
6859 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) {
6860 #ifdef VIMAGE
6861 continue;
6862 #else
6863 NET_EPOCH_EXIT(et);
6864 return;
6865 #endif
6866 }
6867 SCTP_INP_INFO_RLOCK();
6868 LIST_FOREACH(inp, &SCTP_BASE_INFO(listhead), sctp_list) {
6869 /* For each endpoint */
6870 SCTP_INP_RLOCK(inp);
6871 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
6872 /* For each association */
6873 SCTP_TCB_LOCK(stcb);
6874 sctp_drain_mbufs(stcb);
6875 SCTP_TCB_UNLOCK(stcb);
6876 }
6877 SCTP_INP_RUNLOCK(inp);
6878 }
6879 SCTP_INP_INFO_RUNLOCK();
6880 CURVNET_RESTORE();
6881 }
6882 VNET_LIST_RUNLOCK_NOSLEEP();
6883 NET_EPOCH_EXIT(et);
6884 }
6885
6886 EVENTHANDLER_DEFINE(vm_lowmem, sctp_drain, NULL, LOWMEM_PRI_DEFAULT);
6887 EVENTHANDLER_DEFINE(mbuf_lowmem, sctp_drain, NULL, LOWMEM_PRI_DEFAULT);
6888
6889 /*
6890 * start a new iterator
6891 * iterates through all endpoints and associations based on the pcb_state
6892 * flags and asoc_state. "af" (mandatory) is executed for all matching
6893 * assocs and "ef" (optional) is executed when the iterator completes.
6894 * "inpf" (optional) is executed for each new endpoint as it is being
6895 * iterated through. inpe (optional) is called when the inp completes
6896 * its way through all the stcbs.
6897 */
6898 int
sctp_initiate_iterator(inp_func inpf,asoc_func af,inp_func inpe,uint32_t pcb_state,uint32_t pcb_features,uint32_t asoc_state,void * argp,uint32_t argi,end_func ef,struct sctp_inpcb * s_inp,uint8_t chunk_output_off)6899 sctp_initiate_iterator(inp_func inpf,
6900 asoc_func af,
6901 inp_func inpe,
6902 uint32_t pcb_state,
6903 uint32_t pcb_features,
6904 uint32_t asoc_state,
6905 void *argp,
6906 uint32_t argi,
6907 end_func ef,
6908 struct sctp_inpcb *s_inp,
6909 uint8_t chunk_output_off)
6910 {
6911 struct sctp_iterator *it = NULL;
6912
6913 if (af == NULL) {
6914 return (-1);
6915 }
6916 if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) {
6917 SCTP_PRINTF("%s: abort on initialize being %d\n", __func__,
6918 SCTP_BASE_VAR(sctp_pcb_initialized));
6919 return (-1);
6920 }
6921 SCTP_MALLOC(it, struct sctp_iterator *, sizeof(struct sctp_iterator),
6922 SCTP_M_ITER);
6923 if (it == NULL) {
6924 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM);
6925 return (-1);
6926 }
6927 memset(it, 0, sizeof(*it));
6928 it->function_assoc = af;
6929 it->function_inp = inpf;
6930 if (inpf)
6931 it->done_current_ep = 0;
6932 else
6933 it->done_current_ep = 1;
6934 it->function_atend = ef;
6935 it->pointer = argp;
6936 it->val = argi;
6937 it->pcb_flags = pcb_state;
6938 it->pcb_features = pcb_features;
6939 it->asoc_state = asoc_state;
6940 it->function_inp_end = inpe;
6941 it->no_chunk_output = chunk_output_off;
6942 it->vn = curvnet;
6943 if (s_inp) {
6944 /* Assume lock is held here */
6945 it->inp = s_inp;
6946 SCTP_INP_INCR_REF(it->inp);
6947 it->iterator_flags = SCTP_ITERATOR_DO_SINGLE_INP;
6948 } else {
6949 SCTP_INP_INFO_RLOCK();
6950 it->inp = LIST_FIRST(&SCTP_BASE_INFO(listhead));
6951 if (it->inp) {
6952 SCTP_INP_INCR_REF(it->inp);
6953 }
6954 SCTP_INP_INFO_RUNLOCK();
6955 it->iterator_flags = SCTP_ITERATOR_DO_ALL_INP;
6956 }
6957 SCTP_IPI_ITERATOR_WQ_LOCK();
6958 if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) {
6959 SCTP_IPI_ITERATOR_WQ_UNLOCK();
6960 SCTP_PRINTF("%s: rollback on initialize being %d it=%p\n", __func__,
6961 SCTP_BASE_VAR(sctp_pcb_initialized), it);
6962 SCTP_FREE(it, SCTP_M_ITER);
6963 return (-1);
6964 }
6965 TAILQ_INSERT_TAIL(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr);
6966 if (sctp_it_ctl.iterator_running == 0) {
6967 sctp_wakeup_iterator();
6968 }
6969 SCTP_IPI_ITERATOR_WQ_UNLOCK();
6970 /* sa_ignore MEMLEAK {memory is put on the tailq for the iterator} */
6971 return (0);
6972 }
6973
6974 /*
6975 * Atomically add flags to the sctp_flags of an inp.
6976 * To be used when the write lock of the inp is not held.
6977 */
6978 void
sctp_pcb_add_flags(struct sctp_inpcb * inp,uint32_t flags)6979 sctp_pcb_add_flags(struct sctp_inpcb *inp, uint32_t flags)
6980 {
6981 uint32_t old_flags, new_flags;
6982
6983 do {
6984 old_flags = inp->sctp_flags;
6985 new_flags = old_flags | flags;
6986 } while (atomic_cmpset_int(&inp->sctp_flags, old_flags, new_flags) == 0);
6987 }
6988