1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved. 5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * a) Redistributions of source code must retain the above copyright notice, 12 * this list of conditions and the following disclaimer. 13 * 14 * b) Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the distribution. 17 * 18 * c) Neither the name of Cisco Systems, Inc. nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 32 * THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <netinet/sctp_os.h> 36 #include <netinet/sctp_var.h> 37 #include <netinet/sctp_sysctl.h> 38 #include <netinet/sctp_pcb.h> 39 #include <netinet/sctp_header.h> 40 #include <netinet/sctputil.h> 41 #include <netinet/sctp_output.h> 42 #include <netinet/sctp_asconf.h> 43 #include <netinet/sctp_timer.h> 44 45 /* 46 * debug flags: 47 * SCTP_DEBUG_ASCONF1: protocol info, general info and errors 48 * SCTP_DEBUG_ASCONF2: detailed info 49 */ 50 51 /* 52 * RFC 5061 53 * 54 * An ASCONF parameter queue exists per asoc which holds the pending address 55 * operations. Lists are updated upon receipt of ASCONF-ACK. 56 * 57 * A restricted_addrs list exists per assoc to hold local addresses that are 58 * not (yet) usable by the assoc as a source address. These addresses are 59 * either pending an ASCONF operation (and exist on the ASCONF parameter 60 * queue), or they are permanently restricted (the peer has returned an 61 * ERROR indication to an ASCONF(ADD), or the peer does not support ASCONF). 62 * 63 * Deleted addresses are always immediately removed from the lists as they will 64 * (shortly) no longer exist in the kernel. We send ASCONFs as a courtesy, 65 * only if allowed. 66 */ 67 68 /* 69 * ASCONF parameter processing. 70 * response_required: set if a reply is required (eg. SUCCESS_REPORT). 71 * returns a mbuf to an "error" response parameter or NULL/"success" if ok. 72 * FIX: allocating this many mbufs on the fly is pretty inefficient... 73 */ 74 static struct mbuf * 75 sctp_asconf_success_response(uint32_t id) 76 { 77 struct mbuf *m_reply = NULL; 78 struct sctp_asconf_paramhdr *aph; 79 80 m_reply = sctp_get_mbuf_for_msg(sizeof(struct sctp_asconf_paramhdr), 81 0, M_NOWAIT, 1, MT_DATA); 82 if (m_reply == NULL) { 83 SCTPDBG(SCTP_DEBUG_ASCONF1, 84 "asconf_success_response: couldn't get mbuf!\n"); 85 return (NULL); 86 } 87 aph = mtod(m_reply, struct sctp_asconf_paramhdr *); 88 aph->correlation_id = id; 89 aph->ph.param_type = htons(SCTP_SUCCESS_REPORT); 90 aph->ph.param_length = sizeof(struct sctp_asconf_paramhdr); 91 SCTP_BUF_LEN(m_reply) = aph->ph.param_length; 92 aph->ph.param_length = htons(aph->ph.param_length); 93 94 return (m_reply); 95 } 96 97 static struct mbuf * 98 sctp_asconf_error_response(uint32_t id, uint16_t cause, uint8_t *error_tlv, 99 uint16_t tlv_length) 100 { 101 struct mbuf *m_reply = NULL; 102 struct sctp_asconf_paramhdr *aph; 103 struct sctp_error_cause *error; 104 uint32_t buf_len; 105 uint16_t i, param_length, cause_length, padding_length; 106 uint8_t *tlv; 107 108 if (error_tlv == NULL) { 109 tlv_length = 0; 110 } 111 cause_length = sizeof(struct sctp_error_cause) + tlv_length; 112 param_length = sizeof(struct sctp_asconf_paramhdr) + cause_length; 113 padding_length = tlv_length % 4; 114 if (padding_length != 0) { 115 padding_length = 4 - padding_length; 116 } 117 buf_len = param_length + padding_length; 118 if (buf_len > MLEN) { 119 SCTPDBG(SCTP_DEBUG_ASCONF1, 120 "asconf_error_response: tlv_length (%xh) too big\n", 121 tlv_length); 122 return (NULL); 123 } 124 m_reply = sctp_get_mbuf_for_msg(buf_len, 0, M_NOWAIT, 1, MT_DATA); 125 if (m_reply == NULL) { 126 SCTPDBG(SCTP_DEBUG_ASCONF1, 127 "asconf_error_response: couldn't get mbuf!\n"); 128 return (NULL); 129 } 130 aph = mtod(m_reply, struct sctp_asconf_paramhdr *); 131 aph->ph.param_type = htons(SCTP_ERROR_CAUSE_IND); 132 aph->ph.param_length = htons(param_length); 133 aph->correlation_id = id; 134 error = (struct sctp_error_cause *)(aph + 1); 135 error->code = htons(cause); 136 error->length = htons(cause_length); 137 if (error_tlv != NULL) { 138 tlv = (uint8_t *)(error + 1); 139 memcpy(tlv, error_tlv, tlv_length); 140 for (i = 0; i < padding_length; i++) { 141 tlv[tlv_length + i] = 0; 142 } 143 } 144 SCTP_BUF_LEN(m_reply) = buf_len; 145 return (m_reply); 146 } 147 148 static struct mbuf * 149 sctp_process_asconf_add_ip(struct sockaddr *src, struct sctp_asconf_paramhdr *aph, 150 struct sctp_tcb *stcb, int send_hb, int response_required) 151 { 152 struct sctp_nets *net; 153 struct mbuf *m_reply = NULL; 154 union sctp_sockstore store; 155 struct sctp_paramhdr *ph; 156 uint16_t param_type, aparam_length; 157 #if defined(INET) || defined(INET6) 158 uint16_t param_length; 159 #endif 160 struct sockaddr *sa; 161 int zero_address = 0; 162 int bad_address = 0; 163 #ifdef INET 164 struct sockaddr_in *sin; 165 struct sctp_ipv4addr_param *v4addr; 166 #endif 167 #ifdef INET6 168 struct sockaddr_in6 *sin6; 169 struct sctp_ipv6addr_param *v6addr; 170 #endif 171 172 aparam_length = ntohs(aph->ph.param_length); 173 if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_paramhdr)) { 174 return (NULL); 175 } 176 ph = (struct sctp_paramhdr *)(aph + 1); 177 param_type = ntohs(ph->param_type); 178 #if defined(INET) || defined(INET6) 179 param_length = ntohs(ph->param_length); 180 if (param_length + sizeof(struct sctp_asconf_paramhdr) != aparam_length) { 181 return (NULL); 182 } 183 #endif 184 sa = &store.sa; 185 switch (param_type) { 186 #ifdef INET 187 case SCTP_IPV4_ADDRESS: 188 if (param_length != sizeof(struct sctp_ipv4addr_param)) { 189 /* invalid param size */ 190 return (NULL); 191 } 192 v4addr = (struct sctp_ipv4addr_param *)ph; 193 sin = &store.sin; 194 memset(sin, 0, sizeof(*sin)); 195 sin->sin_family = AF_INET; 196 sin->sin_len = sizeof(struct sockaddr_in); 197 sin->sin_port = stcb->rport; 198 sin->sin_addr.s_addr = v4addr->addr; 199 if ((sin->sin_addr.s_addr == INADDR_BROADCAST) || 200 IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { 201 bad_address = 1; 202 } 203 if (sin->sin_addr.s_addr == INADDR_ANY) 204 zero_address = 1; 205 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_add_ip: adding "); 206 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 207 break; 208 #endif 209 #ifdef INET6 210 case SCTP_IPV6_ADDRESS: 211 if (param_length != sizeof(struct sctp_ipv6addr_param)) { 212 /* invalid param size */ 213 return (NULL); 214 } 215 v6addr = (struct sctp_ipv6addr_param *)ph; 216 sin6 = &store.sin6; 217 memset(sin6, 0, sizeof(*sin6)); 218 sin6->sin6_family = AF_INET6; 219 sin6->sin6_len = sizeof(struct sockaddr_in6); 220 sin6->sin6_port = stcb->rport; 221 memcpy((caddr_t)&sin6->sin6_addr, v6addr->addr, 222 sizeof(struct in6_addr)); 223 if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 224 bad_address = 1; 225 } 226 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) 227 zero_address = 1; 228 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_add_ip: adding "); 229 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 230 break; 231 #endif 232 default: 233 m_reply = sctp_asconf_error_response(aph->correlation_id, 234 SCTP_CAUSE_INVALID_PARAM, (uint8_t *)aph, 235 aparam_length); 236 return (m_reply); 237 } /* end switch */ 238 239 /* if 0.0.0.0/::0, add the source address instead */ 240 if (zero_address && SCTP_BASE_SYSCTL(sctp_nat_friendly)) { 241 sa = src; 242 SCTPDBG(SCTP_DEBUG_ASCONF1, 243 "process_asconf_add_ip: using source addr "); 244 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, src); 245 } 246 net = NULL; 247 /* add the address */ 248 if (bad_address) { 249 m_reply = sctp_asconf_error_response(aph->correlation_id, 250 SCTP_CAUSE_INVALID_PARAM, (uint8_t *)aph, 251 aparam_length); 252 } else if (sctp_add_remote_addr(stcb, sa, &net, stcb->asoc.port, 253 SCTP_DONOT_SETSCOPE, 254 SCTP_ADDR_DYNAMIC_ADDED) != 0) { 255 SCTPDBG(SCTP_DEBUG_ASCONF1, 256 "process_asconf_add_ip: error adding address\n"); 257 m_reply = sctp_asconf_error_response(aph->correlation_id, 258 SCTP_CAUSE_RESOURCE_SHORTAGE, (uint8_t *)aph, 259 aparam_length); 260 } else { 261 if (response_required) { 262 m_reply = 263 sctp_asconf_success_response(aph->correlation_id); 264 } 265 if (net != NULL) { 266 /* notify upper layer */ 267 sctp_ulp_notify(SCTP_NOTIFY_ASCONF_ADD_IP, stcb, 0, sa, SCTP_SO_NOT_LOCKED); 268 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb, net); 269 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, 270 stcb, net); 271 if (send_hb) { 272 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED); 273 } 274 } 275 } 276 return (m_reply); 277 } 278 279 static int 280 sctp_asconf_del_remote_addrs_except(struct sctp_tcb *stcb, struct sockaddr *src) 281 { 282 struct sctp_nets *src_net, *net, *nnet; 283 284 /* make sure the source address exists as a destination net */ 285 src_net = sctp_findnet(stcb, src); 286 if (src_net == NULL) { 287 /* not found */ 288 return (-1); 289 } 290 291 /* delete all destination addresses except the source */ 292 TAILQ_FOREACH_SAFE(net, &stcb->asoc.nets, sctp_next, nnet) { 293 if (net != src_net) { 294 /* delete this address */ 295 SCTPDBG(SCTP_DEBUG_ASCONF1, 296 "asconf_del_remote_addrs_except: deleting "); 297 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, 298 (struct sockaddr *)&net->ro._l_addr); 299 /* notify upper layer */ 300 sctp_ulp_notify(SCTP_NOTIFY_ASCONF_DELETE_IP, stcb, 0, 301 (struct sockaddr *)&net->ro._l_addr, SCTP_SO_NOT_LOCKED); 302 sctp_remove_net(stcb, net); 303 } 304 } 305 return (0); 306 } 307 308 static struct mbuf * 309 sctp_process_asconf_delete_ip(struct sockaddr *src, 310 struct sctp_asconf_paramhdr *aph, 311 struct sctp_tcb *stcb, int response_required) 312 { 313 struct mbuf *m_reply = NULL; 314 union sctp_sockstore store; 315 struct sctp_paramhdr *ph; 316 uint16_t param_type, aparam_length; 317 #if defined(INET) || defined(INET6) 318 uint16_t param_length; 319 #endif 320 struct sockaddr *sa; 321 int zero_address = 0; 322 int result; 323 #ifdef INET 324 struct sockaddr_in *sin; 325 struct sctp_ipv4addr_param *v4addr; 326 #endif 327 #ifdef INET6 328 struct sockaddr_in6 *sin6; 329 struct sctp_ipv6addr_param *v6addr; 330 #endif 331 332 aparam_length = ntohs(aph->ph.param_length); 333 if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_paramhdr)) { 334 return (NULL); 335 } 336 ph = (struct sctp_paramhdr *)(aph + 1); 337 param_type = ntohs(ph->param_type); 338 #if defined(INET) || defined(INET6) 339 param_length = ntohs(ph->param_length); 340 if (param_length + sizeof(struct sctp_asconf_paramhdr) != aparam_length) { 341 return (NULL); 342 } 343 #endif 344 sa = &store.sa; 345 switch (param_type) { 346 #ifdef INET 347 case SCTP_IPV4_ADDRESS: 348 if (param_length != sizeof(struct sctp_ipv4addr_param)) { 349 /* invalid param size */ 350 return (NULL); 351 } 352 v4addr = (struct sctp_ipv4addr_param *)ph; 353 sin = &store.sin; 354 memset(sin, 0, sizeof(*sin)); 355 sin->sin_family = AF_INET; 356 sin->sin_len = sizeof(struct sockaddr_in); 357 sin->sin_port = stcb->rport; 358 sin->sin_addr.s_addr = v4addr->addr; 359 if (sin->sin_addr.s_addr == INADDR_ANY) 360 zero_address = 1; 361 SCTPDBG(SCTP_DEBUG_ASCONF1, 362 "process_asconf_delete_ip: deleting "); 363 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 364 break; 365 #endif 366 #ifdef INET6 367 case SCTP_IPV6_ADDRESS: 368 if (param_length != sizeof(struct sctp_ipv6addr_param)) { 369 /* invalid param size */ 370 return (NULL); 371 } 372 v6addr = (struct sctp_ipv6addr_param *)ph; 373 sin6 = &store.sin6; 374 memset(sin6, 0, sizeof(*sin6)); 375 sin6->sin6_family = AF_INET6; 376 sin6->sin6_len = sizeof(struct sockaddr_in6); 377 sin6->sin6_port = stcb->rport; 378 memcpy(&sin6->sin6_addr, v6addr->addr, 379 sizeof(struct in6_addr)); 380 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) 381 zero_address = 1; 382 SCTPDBG(SCTP_DEBUG_ASCONF1, 383 "process_asconf_delete_ip: deleting "); 384 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 385 break; 386 #endif 387 default: 388 m_reply = sctp_asconf_error_response(aph->correlation_id, 389 SCTP_CAUSE_UNRESOLVABLE_ADDR, (uint8_t *)aph, 390 aparam_length); 391 return (m_reply); 392 } 393 394 /* make sure the source address is not being deleted */ 395 if (sctp_cmpaddr(sa, src)) { 396 /* trying to delete the source address! */ 397 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_delete_ip: tried to delete source addr\n"); 398 m_reply = sctp_asconf_error_response(aph->correlation_id, 399 SCTP_CAUSE_DELETING_SRC_ADDR, (uint8_t *)aph, 400 aparam_length); 401 return (m_reply); 402 } 403 404 /* if deleting 0.0.0.0/::0, delete all addresses except src addr */ 405 if (zero_address && SCTP_BASE_SYSCTL(sctp_nat_friendly)) { 406 result = sctp_asconf_del_remote_addrs_except(stcb, src); 407 408 if (result) { 409 /* src address did not exist? */ 410 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_delete_ip: src addr does not exist?\n"); 411 /* what error to reply with?? */ 412 m_reply = 413 sctp_asconf_error_response(aph->correlation_id, 414 SCTP_CAUSE_REQUEST_REFUSED, (uint8_t *)aph, 415 aparam_length); 416 } else if (response_required) { 417 m_reply = 418 sctp_asconf_success_response(aph->correlation_id); 419 } 420 return (m_reply); 421 } 422 423 /* delete the address */ 424 result = sctp_del_remote_addr(stcb, sa); 425 /* 426 * note if result == -2, the address doesn't exist in the asoc but 427 * since it's being deleted anyways, we just ack the delete -- but 428 * this probably means something has already gone awry 429 */ 430 if (result == -1) { 431 /* only one address in the asoc */ 432 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_delete_ip: tried to delete last IP addr!\n"); 433 m_reply = sctp_asconf_error_response(aph->correlation_id, 434 SCTP_CAUSE_DELETING_LAST_ADDR, (uint8_t *)aph, 435 aparam_length); 436 } else { 437 if (response_required) { 438 m_reply = sctp_asconf_success_response(aph->correlation_id); 439 } 440 /* notify upper layer */ 441 sctp_ulp_notify(SCTP_NOTIFY_ASCONF_DELETE_IP, stcb, 0, sa, SCTP_SO_NOT_LOCKED); 442 } 443 return (m_reply); 444 } 445 446 static struct mbuf * 447 sctp_process_asconf_set_primary(struct sockaddr *src, 448 struct sctp_asconf_paramhdr *aph, 449 struct sctp_tcb *stcb, int response_required) 450 { 451 struct mbuf *m_reply = NULL; 452 union sctp_sockstore store; 453 struct sctp_paramhdr *ph; 454 uint16_t param_type, aparam_length; 455 #if defined(INET) || defined(INET6) 456 uint16_t param_length; 457 #endif 458 struct sockaddr *sa; 459 int zero_address = 0; 460 #ifdef INET 461 struct sockaddr_in *sin; 462 struct sctp_ipv4addr_param *v4addr; 463 #endif 464 #ifdef INET6 465 struct sockaddr_in6 *sin6; 466 struct sctp_ipv6addr_param *v6addr; 467 #endif 468 469 aparam_length = ntohs(aph->ph.param_length); 470 if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_paramhdr)) { 471 return (NULL); 472 } 473 ph = (struct sctp_paramhdr *)(aph + 1); 474 param_type = ntohs(ph->param_type); 475 #if defined(INET) || defined(INET6) 476 param_length = ntohs(ph->param_length); 477 if (param_length + sizeof(struct sctp_asconf_paramhdr) != aparam_length) { 478 return (NULL); 479 } 480 #endif 481 sa = &store.sa; 482 switch (param_type) { 483 #ifdef INET 484 case SCTP_IPV4_ADDRESS: 485 if (param_length != sizeof(struct sctp_ipv4addr_param)) { 486 /* invalid param size */ 487 return (NULL); 488 } 489 v4addr = (struct sctp_ipv4addr_param *)ph; 490 sin = &store.sin; 491 memset(sin, 0, sizeof(*sin)); 492 sin->sin_family = AF_INET; 493 sin->sin_len = sizeof(struct sockaddr_in); 494 sin->sin_addr.s_addr = v4addr->addr; 495 if (sin->sin_addr.s_addr == INADDR_ANY) 496 zero_address = 1; 497 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_set_primary: "); 498 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 499 break; 500 #endif 501 #ifdef INET6 502 case SCTP_IPV6_ADDRESS: 503 if (param_length != sizeof(struct sctp_ipv6addr_param)) { 504 /* invalid param size */ 505 return (NULL); 506 } 507 v6addr = (struct sctp_ipv6addr_param *)ph; 508 sin6 = &store.sin6; 509 memset(sin6, 0, sizeof(*sin6)); 510 sin6->sin6_family = AF_INET6; 511 sin6->sin6_len = sizeof(struct sockaddr_in6); 512 memcpy((caddr_t)&sin6->sin6_addr, v6addr->addr, 513 sizeof(struct in6_addr)); 514 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) 515 zero_address = 1; 516 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_set_primary: "); 517 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 518 break; 519 #endif 520 default: 521 m_reply = sctp_asconf_error_response(aph->correlation_id, 522 SCTP_CAUSE_UNRESOLVABLE_ADDR, (uint8_t *)aph, 523 aparam_length); 524 return (m_reply); 525 } 526 527 /* if 0.0.0.0/::0, use the source address instead */ 528 if (zero_address && SCTP_BASE_SYSCTL(sctp_nat_friendly)) { 529 sa = src; 530 SCTPDBG(SCTP_DEBUG_ASCONF1, 531 "process_asconf_set_primary: using source addr "); 532 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, src); 533 } 534 /* set the primary address */ 535 if (sctp_set_primary_addr(stcb, sa, NULL) == 0) { 536 SCTPDBG(SCTP_DEBUG_ASCONF1, 537 "process_asconf_set_primary: primary address set\n"); 538 /* notify upper layer */ 539 sctp_ulp_notify(SCTP_NOTIFY_ASCONF_SET_PRIMARY, stcb, 0, sa, SCTP_SO_NOT_LOCKED); 540 if ((stcb->asoc.primary_destination->dest_state & SCTP_ADDR_REACHABLE) && 541 ((stcb->asoc.primary_destination->dest_state & SCTP_ADDR_PF) == 0) && 542 (stcb->asoc.alternate != NULL)) { 543 sctp_free_remote_addr(stcb->asoc.alternate); 544 stcb->asoc.alternate = NULL; 545 } 546 if (response_required) { 547 m_reply = sctp_asconf_success_response(aph->correlation_id); 548 } 549 /* 550 * Mobility adaptation. Ideally, when the reception of SET 551 * PRIMARY with DELETE IP ADDRESS of the previous primary 552 * destination, unacknowledged DATA are retransmitted 553 * immediately to the new primary destination for seamless 554 * handover. If the destination is UNCONFIRMED and marked to 555 * REQ_PRIM, The retransmission occur when reception of the 556 * HEARTBEAT-ACK. (See sctp_handle_heartbeat_ack in 557 * sctp_input.c) Also, when change of the primary 558 * destination, it is better that all subsequent new DATA 559 * containing already queued DATA are transmitted to the new 560 * primary destination. (by micchie) 561 */ 562 if ((sctp_is_mobility_feature_on(stcb->sctp_ep, 563 SCTP_MOBILITY_BASE) || 564 sctp_is_mobility_feature_on(stcb->sctp_ep, 565 SCTP_MOBILITY_FASTHANDOFF)) && 566 sctp_is_mobility_feature_on(stcb->sctp_ep, 567 SCTP_MOBILITY_PRIM_DELETED) && 568 (stcb->asoc.primary_destination->dest_state & 569 SCTP_ADDR_UNCONFIRMED) == 0) { 570 sctp_timer_stop(SCTP_TIMER_TYPE_PRIM_DELETED, 571 stcb->sctp_ep, stcb, NULL, 572 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_1); 573 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 574 SCTP_MOBILITY_FASTHANDOFF)) { 575 sctp_assoc_immediate_retrans(stcb, 576 stcb->asoc.primary_destination); 577 } 578 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 579 SCTP_MOBILITY_BASE)) { 580 sctp_move_chunks_from_net(stcb, 581 stcb->asoc.deleted_primary); 582 } 583 sctp_delete_prim_timer(stcb->sctp_ep, stcb); 584 } 585 } else { 586 /* couldn't set the requested primary address! */ 587 SCTPDBG(SCTP_DEBUG_ASCONF1, 588 "process_asconf_set_primary: set primary failed!\n"); 589 /* must have been an invalid address, so report */ 590 m_reply = sctp_asconf_error_response(aph->correlation_id, 591 SCTP_CAUSE_UNRESOLVABLE_ADDR, (uint8_t *)aph, 592 aparam_length); 593 } 594 595 return (m_reply); 596 } 597 598 /* 599 * handles an ASCONF chunk. 600 * if all parameters are processed ok, send a plain (empty) ASCONF-ACK 601 */ 602 void 603 sctp_handle_asconf(struct mbuf *m, unsigned int offset, 604 struct sockaddr *src, 605 struct sctp_asconf_chunk *cp, struct sctp_tcb *stcb, 606 int first) 607 { 608 struct sctp_association *asoc; 609 uint32_t serial_num; 610 struct mbuf *n, *m_ack, *m_result, *m_tail; 611 struct sctp_asconf_ack_chunk *ack_cp; 612 struct sctp_asconf_paramhdr *aph; 613 struct sctp_ipv6addr_param *p_addr; 614 unsigned int asconf_limit, cnt; 615 int error = 0; /* did an error occur? */ 616 617 /* asconf param buffer */ 618 uint8_t aparam_buf[SCTP_PARAM_BUFFER_SIZE]; 619 struct sctp_asconf_ack *ack, *ack_next; 620 621 /* verify minimum length */ 622 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_asconf_chunk)) { 623 SCTPDBG(SCTP_DEBUG_ASCONF1, 624 "handle_asconf: chunk too small = %xh\n", 625 ntohs(cp->ch.chunk_length)); 626 return; 627 } 628 asoc = &stcb->asoc; 629 serial_num = ntohl(cp->serial_number); 630 631 if (SCTP_TSN_GE(asoc->asconf_seq_in, serial_num)) { 632 /* got a duplicate ASCONF */ 633 SCTPDBG(SCTP_DEBUG_ASCONF1, 634 "handle_asconf: got duplicate serial number = %xh\n", 635 serial_num); 636 return; 637 } else if (serial_num != (asoc->asconf_seq_in + 1)) { 638 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: incorrect serial number = %xh (expected next = %xh)\n", 639 serial_num, asoc->asconf_seq_in + 1); 640 return; 641 } 642 643 /* it's the expected "next" sequence number, so process it */ 644 asoc->asconf_seq_in = serial_num; /* update sequence */ 645 /* get length of all the param's in the ASCONF */ 646 asconf_limit = offset + ntohs(cp->ch.chunk_length); 647 SCTPDBG(SCTP_DEBUG_ASCONF1, 648 "handle_asconf: asconf_limit=%u, sequence=%xh\n", 649 asconf_limit, serial_num); 650 651 if (first) { 652 /* delete old cache */ 653 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: Now processing first ASCONF. Try to delete old cache\n"); 654 655 TAILQ_FOREACH_SAFE(ack, &asoc->asconf_ack_sent, next, ack_next) { 656 if (ack->serial_number == serial_num) 657 break; 658 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: delete old(%u) < first(%u)\n", 659 ack->serial_number, serial_num); 660 TAILQ_REMOVE(&asoc->asconf_ack_sent, ack, next); 661 if (ack->data != NULL) { 662 sctp_m_freem(ack->data); 663 } 664 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asconf_ack), ack); 665 } 666 } 667 668 m_ack = sctp_get_mbuf_for_msg(sizeof(struct sctp_asconf_ack_chunk), 0, 669 M_NOWAIT, 1, MT_DATA); 670 if (m_ack == NULL) { 671 SCTPDBG(SCTP_DEBUG_ASCONF1, 672 "handle_asconf: couldn't get mbuf!\n"); 673 return; 674 } 675 m_tail = m_ack; /* current reply chain's tail */ 676 677 /* fill in ASCONF-ACK header */ 678 ack_cp = mtod(m_ack, struct sctp_asconf_ack_chunk *); 679 ack_cp->ch.chunk_type = SCTP_ASCONF_ACK; 680 ack_cp->ch.chunk_flags = 0; 681 ack_cp->serial_number = htonl(serial_num); 682 /* set initial lengths (eg. just an ASCONF-ACK), ntohx at the end! */ 683 SCTP_BUF_LEN(m_ack) = sizeof(struct sctp_asconf_ack_chunk); 684 ack_cp->ch.chunk_length = sizeof(struct sctp_asconf_ack_chunk); 685 686 /* skip the lookup address parameter */ 687 offset += sizeof(struct sctp_asconf_chunk); 688 p_addr = (struct sctp_ipv6addr_param *)sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr), (uint8_t *)&aparam_buf); 689 if (p_addr == NULL) { 690 SCTPDBG(SCTP_DEBUG_ASCONF1, 691 "handle_asconf: couldn't get lookup addr!\n"); 692 /* respond with a missing/invalid mandatory parameter error */ 693 sctp_m_freem(m_ack); 694 return; 695 } 696 /* skip lookup addr */ 697 offset += SCTP_SIZE32(ntohs(p_addr->ph.param_length)); 698 /* get pointer to first asconf param in ASCONF */ 699 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, sizeof(struct sctp_asconf_paramhdr), (uint8_t *)&aparam_buf); 700 if (aph == NULL) { 701 SCTPDBG(SCTP_DEBUG_ASCONF1, "Empty ASCONF received?\n"); 702 goto send_reply; 703 } 704 /* process through all parameters */ 705 cnt = 0; 706 while (aph != NULL) { 707 unsigned int param_length, param_type; 708 709 param_type = ntohs(aph->ph.param_type); 710 param_length = ntohs(aph->ph.param_length); 711 if (offset + param_length > asconf_limit) { 712 /* parameter goes beyond end of chunk! */ 713 sctp_m_freem(m_ack); 714 return; 715 } 716 m_result = NULL; 717 718 if (param_length > sizeof(aparam_buf)) { 719 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: param length (%u) larger than buffer size!\n", param_length); 720 sctp_m_freem(m_ack); 721 return; 722 } 723 if (param_length < sizeof(struct sctp_asconf_paramhdr)) { 724 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: param length (%u) too short\n", param_length); 725 sctp_m_freem(m_ack); 726 return; 727 } 728 /* get the entire parameter */ 729 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, param_length, aparam_buf); 730 if (aph == NULL) { 731 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: couldn't get entire param\n"); 732 sctp_m_freem(m_ack); 733 return; 734 } 735 switch (param_type) { 736 case SCTP_ADD_IP_ADDRESS: 737 m_result = sctp_process_asconf_add_ip(src, aph, stcb, 738 (cnt < SCTP_BASE_SYSCTL(sctp_hb_maxburst)), error); 739 cnt++; 740 break; 741 case SCTP_DEL_IP_ADDRESS: 742 m_result = sctp_process_asconf_delete_ip(src, aph, stcb, 743 error); 744 break; 745 case SCTP_ERROR_CAUSE_IND: 746 /* not valid in an ASCONF chunk */ 747 break; 748 case SCTP_SET_PRIM_ADDR: 749 m_result = sctp_process_asconf_set_primary(src, aph, 750 stcb, error); 751 break; 752 case SCTP_NAT_VTAGS: 753 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: sees a NAT VTAG state parameter\n"); 754 break; 755 case SCTP_SUCCESS_REPORT: 756 /* not valid in an ASCONF chunk */ 757 break; 758 case SCTP_ULP_ADAPTATION: 759 /* FIX */ 760 break; 761 default: 762 if ((param_type & 0x8000) == 0) { 763 /* Been told to STOP at this param */ 764 asconf_limit = offset; 765 /* 766 * FIX FIX - We need to call 767 * sctp_arethere_unrecognized_parameters() 768 * to get a operr and send it for any 769 * param's with the 0x4000 bit set OR do it 770 * here ourselves... note we still must STOP 771 * if the 0x8000 bit is clear. 772 */ 773 } 774 /* unknown/invalid param type */ 775 break; 776 } /* switch */ 777 778 /* add any (error) result to the reply mbuf chain */ 779 if (m_result != NULL) { 780 SCTP_BUF_NEXT(m_tail) = m_result; 781 m_tail = m_result; 782 ack_cp->ch.chunk_length += SCTP_BUF_LEN(m_result); 783 /* set flag to force success reports */ 784 error = 1; 785 } 786 offset += SCTP_SIZE32(param_length); 787 /* update remaining ASCONF message length to process */ 788 if (offset >= asconf_limit) { 789 /* no more data in the mbuf chain */ 790 break; 791 } 792 /* get pointer to next asconf param */ 793 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, 794 sizeof(struct sctp_asconf_paramhdr), 795 (uint8_t *)&aparam_buf); 796 if (aph == NULL) { 797 /* can't get an asconf paramhdr */ 798 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: can't get asconf param hdr!\n"); 799 /* FIX ME - add error here... */ 800 } 801 } 802 803 send_reply: 804 ack_cp->ch.chunk_length = htons(ack_cp->ch.chunk_length); 805 /* save the ASCONF-ACK reply */ 806 ack = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_asconf_ack), 807 struct sctp_asconf_ack); 808 if (ack == NULL) { 809 sctp_m_freem(m_ack); 810 return; 811 } 812 ack->serial_number = serial_num; 813 ack->last_sent_to = NULL; 814 ack->data = m_ack; 815 ack->len = 0; 816 for (n = m_ack; n != NULL; n = SCTP_BUF_NEXT(n)) { 817 ack->len += SCTP_BUF_LEN(n); 818 } 819 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_ack_sent, ack, next); 820 821 /* see if last_control_chunk_from is set properly (use IP src addr) */ 822 if (stcb->asoc.last_control_chunk_from == NULL) { 823 /* 824 * this could happen if the source address was just newly 825 * added 826 */ 827 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: looking up net for IP source address\n"); 828 SCTPDBG(SCTP_DEBUG_ASCONF1, "Looking for IP source: "); 829 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, src); 830 /* look up the from address */ 831 stcb->asoc.last_control_chunk_from = sctp_findnet(stcb, src); 832 #ifdef SCTP_DEBUG 833 if (stcb->asoc.last_control_chunk_from == NULL) { 834 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: IP source address not found?!\n"); 835 } 836 #endif 837 } 838 } 839 840 /* 841 * does the address match? returns 0 if not, 1 if so 842 */ 843 static uint32_t 844 sctp_asconf_addr_match(struct sctp_asconf_addr *aa, struct sockaddr *sa) 845 { 846 switch (sa->sa_family) { 847 #ifdef INET6 848 case AF_INET6: 849 { 850 /* XXX scopeid */ 851 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; 852 853 if ((aa->ap.addrp.ph.param_type == SCTP_IPV6_ADDRESS) && 854 (memcmp(&aa->ap.addrp.addr, &sin6->sin6_addr, 855 sizeof(struct in6_addr)) == 0)) { 856 return (1); 857 } 858 break; 859 } 860 #endif 861 #ifdef INET 862 case AF_INET: 863 { 864 struct sockaddr_in *sin = (struct sockaddr_in *)sa; 865 866 if ((aa->ap.addrp.ph.param_type == SCTP_IPV4_ADDRESS) && 867 (memcmp(&aa->ap.addrp.addr, &sin->sin_addr, 868 sizeof(struct in_addr)) == 0)) { 869 return (1); 870 } 871 break; 872 } 873 #endif 874 default: 875 break; 876 } 877 return (0); 878 } 879 880 /* 881 * does the address match? returns 0 if not, 1 if so 882 */ 883 static uint32_t 884 sctp_addr_match(struct sctp_paramhdr *ph, struct sockaddr *sa) 885 { 886 #if defined(INET) || defined(INET6) 887 uint16_t param_type, param_length; 888 889 param_type = ntohs(ph->param_type); 890 param_length = ntohs(ph->param_length); 891 #endif 892 switch (sa->sa_family) { 893 #ifdef INET6 894 case AF_INET6: 895 { 896 /* XXX scopeid */ 897 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; 898 struct sctp_ipv6addr_param *v6addr; 899 900 v6addr = (struct sctp_ipv6addr_param *)ph; 901 if ((param_type == SCTP_IPV6_ADDRESS) && 902 (param_length == sizeof(struct sctp_ipv6addr_param)) && 903 (memcmp(&v6addr->addr, &sin6->sin6_addr, 904 sizeof(struct in6_addr)) == 0)) { 905 return (1); 906 } 907 break; 908 } 909 #endif 910 #ifdef INET 911 case AF_INET: 912 { 913 struct sockaddr_in *sin = (struct sockaddr_in *)sa; 914 struct sctp_ipv4addr_param *v4addr; 915 916 v4addr = (struct sctp_ipv4addr_param *)ph; 917 if ((param_type == SCTP_IPV4_ADDRESS) && 918 (param_length == sizeof(struct sctp_ipv4addr_param)) && 919 (memcmp(&v4addr->addr, &sin->sin_addr, 920 sizeof(struct in_addr)) == 0)) { 921 return (1); 922 } 923 break; 924 } 925 #endif 926 default: 927 break; 928 } 929 return (0); 930 } 931 932 /* 933 * Cleanup for non-responded/OP ERR'd ASCONF 934 */ 935 void 936 sctp_asconf_cleanup(struct sctp_tcb *stcb) 937 { 938 /* 939 * clear out any existing asconfs going out 940 */ 941 sctp_timer_stop(SCTP_TIMER_TYPE_ASCONF, stcb->sctp_ep, stcb, NULL, 942 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_2); 943 stcb->asoc.asconf_seq_out_acked = stcb->asoc.asconf_seq_out; 944 /* remove the old ASCONF on our outbound queue */ 945 sctp_toss_old_asconf(stcb); 946 } 947 948 /* 949 * cleanup any cached source addresses that may be topologically 950 * incorrect after a new address has been added to this interface. 951 */ 952 static void 953 sctp_asconf_nets_cleanup(struct sctp_tcb *stcb, struct sctp_ifn *ifn) 954 { 955 struct sctp_nets *net; 956 957 /* 958 * Ideally, we want to only clear cached routes and source addresses 959 * that are topologically incorrect. But since there is no easy way 960 * to know whether the newly added address on the ifn would cause a 961 * routing change (i.e. a new egress interface would be chosen) 962 * without doing a new routing lookup and source address selection, 963 * we will (for now) just flush any cached route using a different 964 * ifn (and cached source addrs) and let output re-choose them 965 * during the next send on that net. 966 */ 967 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 968 /* 969 * clear any cached route (and cached source address) if the 970 * route's interface is NOT the same as the address change. 971 * If it's the same interface, just clear the cached source 972 * address. 973 */ 974 if (SCTP_ROUTE_HAS_VALID_IFN(&net->ro) && 975 ((ifn == NULL) || 976 (SCTP_GET_IF_INDEX_FROM_ROUTE(&net->ro) != ifn->ifn_index))) { 977 /* clear any cached route */ 978 RO_NHFREE(&net->ro); 979 } 980 /* clear any cached source address */ 981 if (net->src_addr_selected) { 982 sctp_free_ifa(net->ro._s_addr); 983 net->ro._s_addr = NULL; 984 net->src_addr_selected = 0; 985 } 986 } 987 } 988 989 void 990 sctp_assoc_immediate_retrans(struct sctp_tcb *stcb, struct sctp_nets *dstnet) 991 { 992 int error; 993 994 if (dstnet->dest_state & SCTP_ADDR_UNCONFIRMED) { 995 return; 996 } 997 if (stcb->asoc.deleted_primary == NULL) { 998 return; 999 } 1000 1001 if (!TAILQ_EMPTY(&stcb->asoc.sent_queue)) { 1002 SCTPDBG(SCTP_DEBUG_ASCONF1, "assoc_immediate_retrans: Deleted primary is "); 1003 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.deleted_primary->ro._l_addr.sa); 1004 SCTPDBG(SCTP_DEBUG_ASCONF1, "Current Primary is "); 1005 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.primary_destination->ro._l_addr.sa); 1006 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, 1007 stcb->asoc.deleted_primary, 1008 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_3); 1009 stcb->asoc.num_send_timers_up--; 1010 if (stcb->asoc.num_send_timers_up < 0) { 1011 stcb->asoc.num_send_timers_up = 0; 1012 } 1013 SCTP_TCB_LOCK_ASSERT(stcb); 1014 error = sctp_t3rxt_timer(stcb->sctp_ep, stcb, 1015 stcb->asoc.deleted_primary); 1016 if (error) { 1017 SCTP_INP_DECR_REF(stcb->sctp_ep); 1018 return; 1019 } 1020 SCTP_TCB_LOCK_ASSERT(stcb); 1021 #ifdef SCTP_AUDITING_ENABLED 1022 sctp_auditing(4, stcb->sctp_ep, stcb, stcb->asoc.deleted_primary); 1023 #endif 1024 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1025 if ((stcb->asoc.num_send_timers_up == 0) && 1026 (stcb->asoc.sent_queue_cnt > 0)) { 1027 struct sctp_tmit_chunk *chk; 1028 1029 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 1030 if (chk->whoTo != NULL) { 1031 break; 1032 } 1033 } 1034 if (chk != NULL) { 1035 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, chk->whoTo); 1036 } 1037 } 1038 } 1039 return; 1040 } 1041 1042 static int 1043 sctp_asconf_queue_mgmt(struct sctp_tcb *, struct sctp_ifa *, uint16_t); 1044 1045 void 1046 sctp_net_immediate_retrans(struct sctp_tcb *stcb, struct sctp_nets *net) 1047 { 1048 struct sctp_tmit_chunk *chk; 1049 1050 SCTPDBG(SCTP_DEBUG_ASCONF1, "net_immediate_retrans: RTO is %d\n", net->RTO); 1051 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, net, 1052 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_4); 1053 stcb->asoc.cc_functions.sctp_set_initial_cc_param(stcb, net); 1054 net->error_count = 0; 1055 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 1056 if (chk->whoTo == net) { 1057 if (chk->sent < SCTP_DATAGRAM_RESEND) { 1058 chk->sent = SCTP_DATAGRAM_RESEND; 1059 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt); 1060 sctp_flight_size_decrease(chk); 1061 sctp_total_flight_decrease(stcb, chk); 1062 net->marked_retrans++; 1063 stcb->asoc.marked_retrans++; 1064 } 1065 } 1066 } 1067 if (net->marked_retrans) { 1068 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1069 } 1070 } 1071 1072 static void 1073 sctp_path_check_and_react(struct sctp_tcb *stcb, struct sctp_ifa *newifa) 1074 { 1075 struct sctp_nets *net; 1076 int addrnum, changed; 1077 1078 /* 1079 * If number of local valid addresses is 1, the valid address is 1080 * probably newly added address. Several valid addresses in this 1081 * association. A source address may not be changed. Additionally, 1082 * they can be configured on a same interface as "alias" addresses. 1083 * (by micchie) 1084 */ 1085 addrnum = sctp_local_addr_count(stcb); 1086 SCTPDBG(SCTP_DEBUG_ASCONF1, "p_check_react(): %d local addresses\n", 1087 addrnum); 1088 if (addrnum == 1) { 1089 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1090 /* clear any cached route and source address */ 1091 RO_NHFREE(&net->ro); 1092 if (net->src_addr_selected) { 1093 sctp_free_ifa(net->ro._s_addr); 1094 net->ro._s_addr = NULL; 1095 net->src_addr_selected = 0; 1096 } 1097 /* Retransmit unacknowledged DATA chunks immediately */ 1098 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 1099 SCTP_MOBILITY_FASTHANDOFF)) { 1100 sctp_net_immediate_retrans(stcb, net); 1101 } 1102 /* also, SET PRIMARY is maybe already sent */ 1103 } 1104 return; 1105 } 1106 1107 /* Multiple local addresses exist in the association. */ 1108 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1109 /* clear any cached route and source address */ 1110 RO_NHFREE(&net->ro); 1111 if (net->src_addr_selected) { 1112 sctp_free_ifa(net->ro._s_addr); 1113 net->ro._s_addr = NULL; 1114 net->src_addr_selected = 0; 1115 } 1116 /* 1117 * Check if the nexthop is corresponding to the new address. 1118 * If the new address is corresponding to the current 1119 * nexthop, the path will be changed. If the new address is 1120 * NOT corresponding to the current nexthop, the path will 1121 * not be changed. 1122 */ 1123 SCTP_RTALLOC((sctp_route_t *)&net->ro, 1124 stcb->sctp_ep->def_vrf_id, 1125 stcb->sctp_ep->fibnum); 1126 if (net->ro.ro_nh == NULL) 1127 continue; 1128 1129 changed = 0; 1130 switch (net->ro._l_addr.sa.sa_family) { 1131 #ifdef INET 1132 case AF_INET: 1133 if (sctp_v4src_match_nexthop(newifa, (sctp_route_t *)&net->ro)) { 1134 changed = 1; 1135 } 1136 break; 1137 #endif 1138 #ifdef INET6 1139 case AF_INET6: 1140 if (sctp_v6src_match_nexthop( 1141 &newifa->address.sin6, (sctp_route_t *)&net->ro)) { 1142 changed = 1; 1143 } 1144 break; 1145 #endif 1146 default: 1147 break; 1148 } 1149 /* 1150 * if the newly added address does not relate routing 1151 * information, we skip. 1152 */ 1153 if (changed == 0) 1154 continue; 1155 /* Retransmit unacknowledged DATA chunks immediately */ 1156 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 1157 SCTP_MOBILITY_FASTHANDOFF)) { 1158 sctp_net_immediate_retrans(stcb, net); 1159 } 1160 /* Send SET PRIMARY for this new address */ 1161 if (net == stcb->asoc.primary_destination) { 1162 (void)sctp_asconf_queue_mgmt(stcb, newifa, 1163 SCTP_SET_PRIM_ADDR); 1164 } 1165 } 1166 } 1167 1168 /* 1169 * process an ADD/DELETE IP ack from peer. 1170 * addr: corresponding sctp_ifa to the address being added/deleted. 1171 * type: SCTP_ADD_IP_ADDRESS or SCTP_DEL_IP_ADDRESS. 1172 * flag: 1=success, 0=failure. 1173 */ 1174 static void 1175 sctp_asconf_addr_mgmt_ack(struct sctp_tcb *stcb, struct sctp_ifa *addr, uint32_t flag) 1176 { 1177 /* 1178 * do the necessary asoc list work- if we get a failure indication, 1179 * leave the address on the assoc's restricted list. If we get a 1180 * success indication, remove the address from the restricted list. 1181 */ 1182 /* 1183 * Note: this will only occur for ADD_IP_ADDRESS, since 1184 * DEL_IP_ADDRESS is never actually added to the list... 1185 */ 1186 if (flag) { 1187 /* success case, so remove from the restricted list */ 1188 sctp_del_local_addr_restricted(stcb, addr); 1189 1190 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 1191 SCTP_MOBILITY_BASE) || 1192 sctp_is_mobility_feature_on(stcb->sctp_ep, 1193 SCTP_MOBILITY_FASTHANDOFF)) { 1194 sctp_path_check_and_react(stcb, addr); 1195 return; 1196 } 1197 /* clear any cached/topologically incorrect source addresses */ 1198 sctp_asconf_nets_cleanup(stcb, addr->ifn_p); 1199 } 1200 /* else, leave it on the list */ 1201 } 1202 1203 /* 1204 * add an asconf add/delete/set primary IP address parameter to the queue. 1205 * type = SCTP_ADD_IP_ADDRESS, SCTP_DEL_IP_ADDRESS, SCTP_SET_PRIM_ADDR. 1206 * returns 0 if queued, -1 if not queued/removed. 1207 * NOTE: if adding, but a delete for the same address is already scheduled 1208 * (and not yet sent out), simply remove it from queue. Same for deleting 1209 * an address already scheduled for add. If a duplicate operation is found, 1210 * ignore the new one. 1211 */ 1212 static int 1213 sctp_asconf_queue_mgmt(struct sctp_tcb *stcb, struct sctp_ifa *ifa, 1214 uint16_t type) 1215 { 1216 struct sctp_asconf_addr *aa, *aa_next; 1217 1218 /* make sure the request isn't already in the queue */ 1219 TAILQ_FOREACH_SAFE(aa, &stcb->asoc.asconf_queue, next, aa_next) { 1220 /* address match? */ 1221 if (sctp_asconf_addr_match(aa, &ifa->address.sa) == 0) 1222 continue; 1223 /* 1224 * is the request already in queue but not sent? pass the 1225 * request already sent in order to resolve the following 1226 * case: 1. arrival of ADD, then sent 2. arrival of DEL. we 1227 * can't remove the ADD request already sent 3. arrival of 1228 * ADD 1229 */ 1230 if (aa->ap.aph.ph.param_type == type && aa->sent == 0) { 1231 return (-1); 1232 } 1233 /* is the negative request already in queue, and not sent */ 1234 if ((aa->sent == 0) && (type == SCTP_ADD_IP_ADDRESS) && 1235 (aa->ap.aph.ph.param_type == SCTP_DEL_IP_ADDRESS)) { 1236 /* add requested, delete already queued */ 1237 TAILQ_REMOVE(&stcb->asoc.asconf_queue, aa, next); 1238 /* remove the ifa from the restricted list */ 1239 sctp_del_local_addr_restricted(stcb, ifa); 1240 /* free the asconf param */ 1241 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1242 SCTPDBG(SCTP_DEBUG_ASCONF2, "asconf_queue_mgmt: add removes queued entry\n"); 1243 return (-1); 1244 } 1245 if ((aa->sent == 0) && (type == SCTP_DEL_IP_ADDRESS) && 1246 (aa->ap.aph.ph.param_type == SCTP_ADD_IP_ADDRESS)) { 1247 /* delete requested, add already queued */ 1248 TAILQ_REMOVE(&stcb->asoc.asconf_queue, aa, next); 1249 /* remove the aa->ifa from the restricted list */ 1250 sctp_del_local_addr_restricted(stcb, aa->ifa); 1251 /* free the asconf param */ 1252 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1253 SCTPDBG(SCTP_DEBUG_ASCONF2, "asconf_queue_mgmt: delete removes queued entry\n"); 1254 return (-1); 1255 } 1256 } /* for each aa */ 1257 1258 /* adding new request to the queue */ 1259 SCTP_MALLOC(aa, struct sctp_asconf_addr *, sizeof(*aa), 1260 SCTP_M_ASC_ADDR); 1261 if (aa == NULL) { 1262 /* didn't get memory */ 1263 SCTPDBG(SCTP_DEBUG_ASCONF1, "asconf_queue_mgmt: failed to get memory!\n"); 1264 return (-1); 1265 } 1266 aa->special_del = 0; 1267 /* fill in asconf address parameter fields */ 1268 /* top level elements are "networked" during send */ 1269 aa->ap.aph.ph.param_type = type; 1270 aa->ifa = ifa; 1271 atomic_add_int(&ifa->refcount, 1); 1272 /* correlation_id filled in during send routine later... */ 1273 switch (ifa->address.sa.sa_family) { 1274 #ifdef INET6 1275 case AF_INET6: 1276 { 1277 struct sockaddr_in6 *sin6; 1278 1279 sin6 = &ifa->address.sin6; 1280 aa->ap.addrp.ph.param_type = SCTP_IPV6_ADDRESS; 1281 aa->ap.addrp.ph.param_length = (sizeof(struct sctp_ipv6addr_param)); 1282 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_paramhdr) + 1283 sizeof(struct sctp_ipv6addr_param); 1284 memcpy(&aa->ap.addrp.addr, &sin6->sin6_addr, 1285 sizeof(struct in6_addr)); 1286 break; 1287 } 1288 #endif 1289 #ifdef INET 1290 case AF_INET: 1291 { 1292 struct sockaddr_in *sin; 1293 1294 sin = &ifa->address.sin; 1295 aa->ap.addrp.ph.param_type = SCTP_IPV4_ADDRESS; 1296 aa->ap.addrp.ph.param_length = (sizeof(struct sctp_ipv4addr_param)); 1297 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_paramhdr) + 1298 sizeof(struct sctp_ipv4addr_param); 1299 memcpy(&aa->ap.addrp.addr, &sin->sin_addr, 1300 sizeof(struct in_addr)); 1301 break; 1302 } 1303 #endif 1304 default: 1305 /* invalid family! */ 1306 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1307 sctp_free_ifa(ifa); 1308 return (-1); 1309 } 1310 aa->sent = 0; /* clear sent flag */ 1311 1312 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 1313 #ifdef SCTP_DEBUG 1314 if (SCTP_BASE_SYSCTL(sctp_debug_on) & SCTP_DEBUG_ASCONF2) { 1315 if (type == SCTP_ADD_IP_ADDRESS) { 1316 SCTP_PRINTF("asconf_queue_mgmt: inserted asconf ADD_IP_ADDRESS: "); 1317 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF2, &ifa->address.sa); 1318 } else if (type == SCTP_DEL_IP_ADDRESS) { 1319 SCTP_PRINTF("asconf_queue_mgmt: appended asconf DEL_IP_ADDRESS: "); 1320 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF2, &ifa->address.sa); 1321 } else { 1322 SCTP_PRINTF("asconf_queue_mgmt: appended asconf SET_PRIM_ADDR: "); 1323 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF2, &ifa->address.sa); 1324 } 1325 } 1326 #endif 1327 1328 return (0); 1329 } 1330 1331 /* 1332 * add an asconf operation for the given ifa and type. 1333 * type = SCTP_ADD_IP_ADDRESS, SCTP_DEL_IP_ADDRESS, SCTP_SET_PRIM_ADDR. 1334 * returns 0 if completed, -1 if not completed, 1 if immediate send is 1335 * advisable. 1336 */ 1337 static int 1338 sctp_asconf_queue_add(struct sctp_tcb *stcb, struct sctp_ifa *ifa, 1339 uint16_t type) 1340 { 1341 uint32_t status; 1342 int pending_delete_queued = 0; 1343 int last; 1344 1345 /* see if peer supports ASCONF */ 1346 if (stcb->asoc.asconf_supported == 0) { 1347 return (-1); 1348 } 1349 1350 /* 1351 * if this is deleting the last address from the assoc, mark it as 1352 * pending. 1353 */ 1354 if ((type == SCTP_DEL_IP_ADDRESS) && !stcb->asoc.asconf_del_pending) { 1355 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 1356 last = (sctp_local_addr_count(stcb) == 0); 1357 } else { 1358 last = (sctp_local_addr_count(stcb) == 1); 1359 } 1360 if (last) { 1361 /* set the pending delete info only */ 1362 stcb->asoc.asconf_del_pending = 1; 1363 stcb->asoc.asconf_addr_del_pending = ifa; 1364 atomic_add_int(&ifa->refcount, 1); 1365 SCTPDBG(SCTP_DEBUG_ASCONF2, 1366 "asconf_queue_add: mark delete last address pending\n"); 1367 return (-1); 1368 } 1369 } 1370 1371 /* queue an asconf parameter */ 1372 status = sctp_asconf_queue_mgmt(stcb, ifa, type); 1373 1374 /* 1375 * if this is an add, and there is a delete also pending (i.e. the 1376 * last local address is being changed), queue the pending delete 1377 * too. 1378 */ 1379 if ((type == SCTP_ADD_IP_ADDRESS) && stcb->asoc.asconf_del_pending && (status == 0)) { 1380 /* queue in the pending delete */ 1381 if (sctp_asconf_queue_mgmt(stcb, 1382 stcb->asoc.asconf_addr_del_pending, 1383 SCTP_DEL_IP_ADDRESS) == 0) { 1384 SCTPDBG(SCTP_DEBUG_ASCONF2, "asconf_queue_add: queuing pending delete\n"); 1385 pending_delete_queued = 1; 1386 /* clear out the pending delete info */ 1387 stcb->asoc.asconf_del_pending = 0; 1388 sctp_free_ifa(stcb->asoc.asconf_addr_del_pending); 1389 stcb->asoc.asconf_addr_del_pending = NULL; 1390 } 1391 } 1392 1393 if (pending_delete_queued) { 1394 struct sctp_nets *net; 1395 1396 /* 1397 * since we know that the only/last address is now being 1398 * changed in this case, reset the cwnd/rto on all nets to 1399 * start as a new address and path. Also clear the error 1400 * counts to give the assoc the best chance to complete the 1401 * address change. 1402 */ 1403 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1404 stcb->asoc.cc_functions.sctp_set_initial_cc_param(stcb, 1405 net); 1406 net->RTO = 0; 1407 net->error_count = 0; 1408 } 1409 stcb->asoc.overall_error_count = 0; 1410 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) { 1411 sctp_misc_ints(SCTP_THRESHOLD_CLEAR, 1412 stcb->asoc.overall_error_count, 1413 0, 1414 SCTP_FROM_SCTP_ASCONF, 1415 __LINE__); 1416 } 1417 1418 /* queue in an advisory set primary too */ 1419 (void)sctp_asconf_queue_mgmt(stcb, ifa, SCTP_SET_PRIM_ADDR); 1420 /* let caller know we should send this out immediately */ 1421 status = 1; 1422 } 1423 return (status); 1424 } 1425 1426 /*- 1427 * add an asconf delete IP address parameter to the queue by sockaddr and 1428 * possibly with no sctp_ifa available. This is only called by the routine 1429 * that checks the addresses in an INIT-ACK against the current address list. 1430 * returns 0 if completed, non-zero if not completed. 1431 * NOTE: if an add is already scheduled (and not yet sent out), simply 1432 * remove it from queue. If a duplicate operation is found, ignore the 1433 * new one. 1434 */ 1435 static int 1436 sctp_asconf_queue_sa_delete(struct sctp_tcb *stcb, struct sockaddr *sa) 1437 { 1438 struct sctp_ifa *ifa; 1439 struct sctp_asconf_addr *aa, *aa_next; 1440 1441 if (stcb == NULL) { 1442 return (-1); 1443 } 1444 /* see if peer supports ASCONF */ 1445 if (stcb->asoc.asconf_supported == 0) { 1446 return (-1); 1447 } 1448 /* make sure the request isn't already in the queue */ 1449 TAILQ_FOREACH_SAFE(aa, &stcb->asoc.asconf_queue, next, aa_next) { 1450 /* address match? */ 1451 if (sctp_asconf_addr_match(aa, sa) == 0) 1452 continue; 1453 /* is the request already in queue (sent or not) */ 1454 if (aa->ap.aph.ph.param_type == SCTP_DEL_IP_ADDRESS) { 1455 return (-1); 1456 } 1457 /* is the negative request already in queue, and not sent */ 1458 if (aa->sent == 1) 1459 continue; 1460 if (aa->ap.aph.ph.param_type == SCTP_ADD_IP_ADDRESS) { 1461 /* add already queued, so remove existing entry */ 1462 TAILQ_REMOVE(&stcb->asoc.asconf_queue, aa, next); 1463 sctp_del_local_addr_restricted(stcb, aa->ifa); 1464 /* free the entry */ 1465 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1466 return (-1); 1467 } 1468 } /* for each aa */ 1469 1470 /* find any existing ifa-- NOTE ifa CAN be allowed to be NULL */ 1471 ifa = sctp_find_ifa_by_addr(sa, stcb->asoc.vrf_id, SCTP_ADDR_NOT_LOCKED); 1472 1473 /* adding new request to the queue */ 1474 SCTP_MALLOC(aa, struct sctp_asconf_addr *, sizeof(*aa), 1475 SCTP_M_ASC_ADDR); 1476 if (aa == NULL) { 1477 /* didn't get memory */ 1478 SCTPDBG(SCTP_DEBUG_ASCONF1, 1479 "sctp_asconf_queue_sa_delete: failed to get memory!\n"); 1480 return (-1); 1481 } 1482 aa->special_del = 0; 1483 /* fill in asconf address parameter fields */ 1484 /* top level elements are "networked" during send */ 1485 aa->ap.aph.ph.param_type = SCTP_DEL_IP_ADDRESS; 1486 aa->ifa = ifa; 1487 if (ifa) 1488 atomic_add_int(&ifa->refcount, 1); 1489 /* correlation_id filled in during send routine later... */ 1490 switch (sa->sa_family) { 1491 #ifdef INET6 1492 case AF_INET6: 1493 { 1494 /* IPv6 address */ 1495 struct sockaddr_in6 *sin6; 1496 1497 sin6 = (struct sockaddr_in6 *)sa; 1498 aa->ap.addrp.ph.param_type = SCTP_IPV6_ADDRESS; 1499 aa->ap.addrp.ph.param_length = (sizeof(struct sctp_ipv6addr_param)); 1500 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_ipv6addr_param); 1501 memcpy(&aa->ap.addrp.addr, &sin6->sin6_addr, 1502 sizeof(struct in6_addr)); 1503 break; 1504 } 1505 #endif 1506 #ifdef INET 1507 case AF_INET: 1508 { 1509 /* IPv4 address */ 1510 struct sockaddr_in *sin = (struct sockaddr_in *)sa; 1511 1512 aa->ap.addrp.ph.param_type = SCTP_IPV4_ADDRESS; 1513 aa->ap.addrp.ph.param_length = (sizeof(struct sctp_ipv4addr_param)); 1514 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_ipv4addr_param); 1515 memcpy(&aa->ap.addrp.addr, &sin->sin_addr, 1516 sizeof(struct in_addr)); 1517 break; 1518 } 1519 #endif 1520 default: 1521 /* invalid family! */ 1522 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1523 if (ifa) 1524 sctp_free_ifa(ifa); 1525 return (-1); 1526 } 1527 aa->sent = 0; /* clear sent flag */ 1528 1529 /* delete goes to the back of the queue */ 1530 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 1531 1532 /* sa_ignore MEMLEAK {memory is put on the tailq} */ 1533 return (0); 1534 } 1535 1536 /* 1537 * find a specific asconf param on our "sent" queue 1538 */ 1539 static struct sctp_asconf_addr * 1540 sctp_asconf_find_param(struct sctp_tcb *stcb, uint32_t correlation_id) 1541 { 1542 struct sctp_asconf_addr *aa; 1543 1544 TAILQ_FOREACH(aa, &stcb->asoc.asconf_queue, next) { 1545 if (aa->ap.aph.correlation_id == correlation_id && 1546 aa->sent == 1) { 1547 /* found it */ 1548 return (aa); 1549 } 1550 } 1551 /* didn't find it */ 1552 return (NULL); 1553 } 1554 1555 /* 1556 * process an SCTP_ERROR_CAUSE_IND for a ASCONF-ACK parameter and do 1557 * notifications based on the error response 1558 */ 1559 static void 1560 sctp_asconf_process_error(struct sctp_tcb *stcb SCTP_UNUSED, 1561 struct sctp_asconf_paramhdr *aph) 1562 { 1563 struct sctp_error_cause *eh; 1564 struct sctp_paramhdr *ph; 1565 uint16_t param_type; 1566 uint16_t error_code; 1567 1568 eh = (struct sctp_error_cause *)(aph + 1); 1569 ph = (struct sctp_paramhdr *)(eh + 1); 1570 /* validate lengths */ 1571 if (htons(eh->length) + sizeof(struct sctp_error_cause) > 1572 htons(aph->ph.param_length)) { 1573 /* invalid error cause length */ 1574 SCTPDBG(SCTP_DEBUG_ASCONF1, 1575 "asconf_process_error: cause element too long\n"); 1576 return; 1577 } 1578 if (htons(ph->param_length) + sizeof(struct sctp_paramhdr) > 1579 htons(eh->length)) { 1580 /* invalid included TLV length */ 1581 SCTPDBG(SCTP_DEBUG_ASCONF1, 1582 "asconf_process_error: included TLV too long\n"); 1583 return; 1584 } 1585 /* which error code ? */ 1586 error_code = ntohs(eh->code); 1587 param_type = ntohs(aph->ph.param_type); 1588 /* FIX: this should go back up the REMOTE_ERROR ULP notify */ 1589 switch (error_code) { 1590 case SCTP_CAUSE_RESOURCE_SHORTAGE: 1591 /* we allow ourselves to "try again" for this error */ 1592 break; 1593 default: 1594 /* peer can't handle it... */ 1595 switch (param_type) { 1596 case SCTP_ADD_IP_ADDRESS: 1597 case SCTP_DEL_IP_ADDRESS: 1598 case SCTP_SET_PRIM_ADDR: 1599 break; 1600 default: 1601 break; 1602 } 1603 } 1604 } 1605 1606 /* 1607 * process an asconf queue param. 1608 * aparam: parameter to process, will be removed from the queue. 1609 * flag: 1=success case, 0=failure case 1610 */ 1611 static void 1612 sctp_asconf_process_param_ack(struct sctp_tcb *stcb, 1613 struct sctp_asconf_addr *aparam, uint32_t flag) 1614 { 1615 uint16_t param_type; 1616 1617 /* process this param */ 1618 param_type = aparam->ap.aph.ph.param_type; 1619 switch (param_type) { 1620 case SCTP_ADD_IP_ADDRESS: 1621 SCTPDBG(SCTP_DEBUG_ASCONF1, 1622 "process_param_ack: added IP address\n"); 1623 sctp_asconf_addr_mgmt_ack(stcb, aparam->ifa, flag); 1624 break; 1625 case SCTP_DEL_IP_ADDRESS: 1626 SCTPDBG(SCTP_DEBUG_ASCONF1, 1627 "process_param_ack: deleted IP address\n"); 1628 /* nothing really to do... lists already updated */ 1629 break; 1630 case SCTP_SET_PRIM_ADDR: 1631 SCTPDBG(SCTP_DEBUG_ASCONF1, 1632 "process_param_ack: set primary IP address\n"); 1633 /* nothing to do... peer may start using this addr */ 1634 break; 1635 default: 1636 /* should NEVER happen */ 1637 break; 1638 } 1639 1640 /* remove the param and free it */ 1641 TAILQ_REMOVE(&stcb->asoc.asconf_queue, aparam, next); 1642 if (aparam->ifa) 1643 sctp_free_ifa(aparam->ifa); 1644 SCTP_FREE(aparam, SCTP_M_ASC_ADDR); 1645 } 1646 1647 /* 1648 * cleanup from a bad asconf ack parameter 1649 */ 1650 static void 1651 sctp_asconf_ack_clear(struct sctp_tcb *stcb SCTP_UNUSED) 1652 { 1653 /* assume peer doesn't really know how to do asconfs */ 1654 /* XXX we could free the pending queue here */ 1655 1656 } 1657 1658 void 1659 sctp_handle_asconf_ack(struct mbuf *m, int offset, 1660 struct sctp_asconf_ack_chunk *cp, struct sctp_tcb *stcb, 1661 struct sctp_nets *net, int *abort_no_unlock) 1662 { 1663 struct sctp_association *asoc; 1664 uint32_t serial_num; 1665 uint16_t ack_length; 1666 struct sctp_asconf_paramhdr *aph; 1667 struct sctp_asconf_addr *aa, *aa_next; 1668 uint32_t last_error_id = 0; /* last error correlation id */ 1669 uint32_t id; 1670 struct sctp_asconf_addr *ap; 1671 1672 /* asconf param buffer */ 1673 uint8_t aparam_buf[SCTP_PARAM_BUFFER_SIZE]; 1674 1675 /* verify minimum length */ 1676 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_asconf_ack_chunk)) { 1677 SCTPDBG(SCTP_DEBUG_ASCONF1, 1678 "handle_asconf_ack: chunk too small = %xh\n", 1679 ntohs(cp->ch.chunk_length)); 1680 return; 1681 } 1682 asoc = &stcb->asoc; 1683 serial_num = ntohl(cp->serial_number); 1684 1685 /* 1686 * NOTE: we may want to handle this differently- currently, we will 1687 * abort when we get an ack for the expected serial number + 1 (eg. 1688 * we didn't send it), process an ack normally if it is the expected 1689 * serial number, and re-send the previous ack for *ALL* other 1690 * serial numbers 1691 */ 1692 1693 /* 1694 * if the serial number is the next expected, but I didn't send it, 1695 * abort the asoc, since someone probably just hijacked us... 1696 */ 1697 if (serial_num == (asoc->asconf_seq_out + 1)) { 1698 struct mbuf *op_err; 1699 char msg[SCTP_DIAG_INFO_LEN]; 1700 1701 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf_ack: got unexpected next serial number! Aborting asoc!\n"); 1702 SCTP_SNPRINTF(msg, sizeof(msg), "Never sent serial number %8.8x", serial_num); 1703 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); 1704 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, false, SCTP_SO_NOT_LOCKED); 1705 *abort_no_unlock = 1; 1706 return; 1707 } 1708 if (serial_num != asoc->asconf_seq_out_acked + 1) { 1709 /* got a duplicate/unexpected ASCONF-ACK */ 1710 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf_ack: got duplicate/unexpected serial number = %xh (expected = %xh)\n", 1711 serial_num, asoc->asconf_seq_out_acked + 1); 1712 return; 1713 } 1714 1715 if (serial_num == asoc->asconf_seq_out - 1) { 1716 /* stop our timer */ 1717 sctp_timer_stop(SCTP_TIMER_TYPE_ASCONF, stcb->sctp_ep, stcb, NULL, 1718 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_5); 1719 } 1720 1721 /* process the ASCONF-ACK contents */ 1722 ack_length = ntohs(cp->ch.chunk_length) - 1723 sizeof(struct sctp_asconf_ack_chunk); 1724 offset += sizeof(struct sctp_asconf_ack_chunk); 1725 /* process through all parameters */ 1726 while (ack_length >= sizeof(struct sctp_asconf_paramhdr)) { 1727 unsigned int param_length, param_type; 1728 1729 /* get pointer to next asconf parameter */ 1730 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, 1731 sizeof(struct sctp_asconf_paramhdr), aparam_buf); 1732 if (aph == NULL) { 1733 /* can't get an asconf paramhdr */ 1734 sctp_asconf_ack_clear(stcb); 1735 return; 1736 } 1737 param_type = ntohs(aph->ph.param_type); 1738 param_length = ntohs(aph->ph.param_length); 1739 if (param_length > ack_length) { 1740 sctp_asconf_ack_clear(stcb); 1741 return; 1742 } 1743 if (param_length < sizeof(struct sctp_asconf_paramhdr)) { 1744 sctp_asconf_ack_clear(stcb); 1745 return; 1746 } 1747 /* get the complete parameter... */ 1748 if (param_length > sizeof(aparam_buf)) { 1749 SCTPDBG(SCTP_DEBUG_ASCONF1, 1750 "param length (%u) larger than buffer size!\n", param_length); 1751 sctp_asconf_ack_clear(stcb); 1752 return; 1753 } 1754 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, param_length, aparam_buf); 1755 if (aph == NULL) { 1756 sctp_asconf_ack_clear(stcb); 1757 return; 1758 } 1759 /* correlation_id is transparent to peer, no ntohl needed */ 1760 id = aph->correlation_id; 1761 1762 switch (param_type) { 1763 case SCTP_ERROR_CAUSE_IND: 1764 last_error_id = id; 1765 /* find the corresponding asconf param in our queue */ 1766 ap = sctp_asconf_find_param(stcb, id); 1767 if (ap == NULL) { 1768 /* hmm... can't find this in our queue! */ 1769 break; 1770 } 1771 /* process the parameter, failed flag */ 1772 sctp_asconf_process_param_ack(stcb, ap, 0); 1773 /* process the error response */ 1774 sctp_asconf_process_error(stcb, aph); 1775 break; 1776 case SCTP_SUCCESS_REPORT: 1777 /* find the corresponding asconf param in our queue */ 1778 ap = sctp_asconf_find_param(stcb, id); 1779 if (ap == NULL) { 1780 /* hmm... can't find this in our queue! */ 1781 break; 1782 } 1783 /* process the parameter, success flag */ 1784 sctp_asconf_process_param_ack(stcb, ap, 1); 1785 break; 1786 default: 1787 break; 1788 } /* switch */ 1789 1790 /* update remaining ASCONF-ACK message length to process */ 1791 if (ack_length > SCTP_SIZE32(param_length)) { 1792 ack_length -= SCTP_SIZE32(param_length); 1793 } else { 1794 break; 1795 } 1796 offset += SCTP_SIZE32(param_length); 1797 } /* while */ 1798 1799 /* 1800 * if there are any "sent" params still on the queue, these are 1801 * implicitly "success", or "failed" (if we got an error back) ... 1802 * so process these appropriately 1803 * 1804 * we assume that the correlation_id's are monotonically increasing 1805 * beginning from 1 and that we don't have *that* many outstanding 1806 * at any given time 1807 */ 1808 if (last_error_id == 0) 1809 last_error_id--; /* set to "max" value */ 1810 TAILQ_FOREACH_SAFE(aa, &stcb->asoc.asconf_queue, next, aa_next) { 1811 if (aa->sent == 1) { 1812 /* 1813 * implicitly successful or failed if correlation_id 1814 * < last_error_id, then success else, failure 1815 */ 1816 if (aa->ap.aph.correlation_id < last_error_id) 1817 sctp_asconf_process_param_ack(stcb, aa, 1); 1818 else 1819 sctp_asconf_process_param_ack(stcb, aa, 0); 1820 } else { 1821 /* 1822 * since we always process in order (FIFO queue) if 1823 * we reach one that hasn't been sent, the rest 1824 * should not have been sent either. so, we're 1825 * done... 1826 */ 1827 break; 1828 } 1829 } 1830 1831 /* update the next sequence number to use */ 1832 asoc->asconf_seq_out_acked++; 1833 /* remove the old ASCONF on our outbound queue */ 1834 sctp_toss_old_asconf(stcb); 1835 if (!TAILQ_EMPTY(&stcb->asoc.asconf_queue)) { 1836 #ifdef SCTP_TIMER_BASED_ASCONF 1837 /* we have more params, so restart our timer */ 1838 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, stcb->sctp_ep, 1839 stcb, net); 1840 #else 1841 /* we have more params, so send out more */ 1842 sctp_send_asconf(stcb, net, SCTP_ADDR_NOT_LOCKED); 1843 #endif 1844 } 1845 } 1846 1847 #ifdef INET6 1848 static uint32_t 1849 sctp_is_scopeid_in_nets(struct sctp_tcb *stcb, struct sockaddr *sa) 1850 { 1851 struct sockaddr_in6 *sin6, *net6; 1852 struct sctp_nets *net; 1853 1854 if (sa->sa_family != AF_INET6) { 1855 /* wrong family */ 1856 return (0); 1857 } 1858 sin6 = (struct sockaddr_in6 *)sa; 1859 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) == 0) { 1860 /* not link local address */ 1861 return (0); 1862 } 1863 /* hunt through our destination nets list for this scope_id */ 1864 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1865 if (((struct sockaddr *)(&net->ro._l_addr))->sa_family != 1866 AF_INET6) 1867 continue; 1868 net6 = (struct sockaddr_in6 *)&net->ro._l_addr; 1869 if (IN6_IS_ADDR_LINKLOCAL(&net6->sin6_addr) == 0) 1870 continue; 1871 if (sctp_is_same_scope(sin6, net6)) { 1872 /* found one */ 1873 return (1); 1874 } 1875 } 1876 /* didn't find one */ 1877 return (0); 1878 } 1879 #endif 1880 1881 /* 1882 * address management functions 1883 */ 1884 static void 1885 sctp_addr_mgmt_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 1886 struct sctp_ifa *ifa, uint16_t type, int addr_locked) 1887 { 1888 int status; 1889 1890 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0 || 1891 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF)) { 1892 /* subset bound, no ASCONF allowed case, so ignore */ 1893 return; 1894 } 1895 /* 1896 * note: we know this is not the subset bound, no ASCONF case eg. 1897 * this is boundall or subset bound w/ASCONF allowed 1898 */ 1899 1900 /* first, make sure that the address is IPv4 or IPv6 and not jailed */ 1901 switch (ifa->address.sa.sa_family) { 1902 #ifdef INET6 1903 case AF_INET6: 1904 if (prison_check_ip6(inp->ip_inp.inp.inp_cred, 1905 &ifa->address.sin6.sin6_addr) != 0) { 1906 return; 1907 } 1908 break; 1909 #endif 1910 #ifdef INET 1911 case AF_INET: 1912 if (prison_check_ip4(inp->ip_inp.inp.inp_cred, 1913 &ifa->address.sin.sin_addr) != 0) { 1914 return; 1915 } 1916 break; 1917 #endif 1918 default: 1919 return; 1920 } 1921 #ifdef INET6 1922 /* make sure we're "allowed" to add this type of addr */ 1923 if (ifa->address.sa.sa_family == AF_INET6) { 1924 /* invalid if we're not a v6 endpoint */ 1925 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) 1926 return; 1927 /* is the v6 addr really valid ? */ 1928 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 1929 return; 1930 } 1931 } 1932 #endif 1933 /* put this address on the "pending/do not use yet" list */ 1934 sctp_add_local_addr_restricted(stcb, ifa); 1935 /* 1936 * check address scope if address is out of scope, don't queue 1937 * anything... note: this would leave the address on both inp and 1938 * asoc lists 1939 */ 1940 switch (ifa->address.sa.sa_family) { 1941 #ifdef INET6 1942 case AF_INET6: 1943 { 1944 struct sockaddr_in6 *sin6; 1945 1946 sin6 = &ifa->address.sin6; 1947 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1948 /* we skip unspecified addresses */ 1949 return; 1950 } 1951 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 1952 if (stcb->asoc.scope.local_scope == 0) { 1953 return; 1954 } 1955 /* is it the right link local scope? */ 1956 if (sctp_is_scopeid_in_nets(stcb, &ifa->address.sa) == 0) { 1957 return; 1958 } 1959 } 1960 if (stcb->asoc.scope.site_scope == 0 && 1961 IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { 1962 return; 1963 } 1964 break; 1965 } 1966 #endif 1967 #ifdef INET 1968 case AF_INET: 1969 { 1970 struct sockaddr_in *sin; 1971 1972 /* invalid if we are a v6 only endpoint */ 1973 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 1974 SCTP_IPV6_V6ONLY(inp)) 1975 return; 1976 1977 sin = &ifa->address.sin; 1978 if (sin->sin_addr.s_addr == 0) { 1979 /* we skip unspecified addresses */ 1980 return; 1981 } 1982 if (stcb->asoc.scope.ipv4_local_scope == 0 && 1983 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 1984 return; 1985 } 1986 break; 1987 } 1988 #endif 1989 default: 1990 /* else, not AF_INET or AF_INET6, so skip */ 1991 return; 1992 } 1993 1994 /* queue an asconf for this address add/delete */ 1995 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF)) { 1996 /* does the peer do asconf? */ 1997 if (stcb->asoc.asconf_supported) { 1998 /* queue an asconf for this addr */ 1999 status = sctp_asconf_queue_add(stcb, ifa, type); 2000 2001 /* 2002 * if queued ok, and in the open state, send out the 2003 * ASCONF. If in the non-open state, these will be 2004 * sent when the state goes open. 2005 */ 2006 if (status == 0 && 2007 ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 2008 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED))) { 2009 #ifdef SCTP_TIMER_BASED_ASCONF 2010 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, 2011 stcb, stcb->asoc.primary_destination); 2012 #else 2013 sctp_send_asconf(stcb, NULL, addr_locked); 2014 #endif 2015 } 2016 } 2017 } 2018 } 2019 2020 int 2021 sctp_asconf_iterator_ep(struct sctp_inpcb *inp, void *ptr, uint32_t val SCTP_UNUSED) 2022 { 2023 struct sctp_asconf_iterator *asc; 2024 struct sctp_ifa *ifa; 2025 struct sctp_laddr *l; 2026 int cnt_invalid = 0; 2027 2028 asc = (struct sctp_asconf_iterator *)ptr; 2029 LIST_FOREACH(l, &asc->list_of_work, sctp_nxt_addr) { 2030 ifa = l->ifa; 2031 switch (ifa->address.sa.sa_family) { 2032 #ifdef INET6 2033 case AF_INET6: 2034 /* invalid if we're not a v6 endpoint */ 2035 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 2036 cnt_invalid++; 2037 if (asc->cnt == cnt_invalid) 2038 return (1); 2039 } 2040 break; 2041 #endif 2042 #ifdef INET 2043 case AF_INET: 2044 { 2045 /* invalid if we are a v6 only endpoint */ 2046 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 2047 SCTP_IPV6_V6ONLY(inp)) { 2048 cnt_invalid++; 2049 if (asc->cnt == cnt_invalid) 2050 return (1); 2051 } 2052 break; 2053 } 2054 #endif 2055 default: 2056 /* invalid address family */ 2057 cnt_invalid++; 2058 if (asc->cnt == cnt_invalid) 2059 return (1); 2060 } 2061 } 2062 return (0); 2063 } 2064 2065 static int 2066 sctp_asconf_iterator_ep_end(struct sctp_inpcb *inp, void *ptr, uint32_t val SCTP_UNUSED) 2067 { 2068 struct sctp_ifa *ifa; 2069 struct sctp_asconf_iterator *asc; 2070 struct sctp_laddr *laddr, *nladdr, *l; 2071 2072 /* Only for specific case not bound all */ 2073 asc = (struct sctp_asconf_iterator *)ptr; 2074 LIST_FOREACH(l, &asc->list_of_work, sctp_nxt_addr) { 2075 ifa = l->ifa; 2076 if (l->action == SCTP_ADD_IP_ADDRESS) { 2077 LIST_FOREACH(laddr, &inp->sctp_addr_list, 2078 sctp_nxt_addr) { 2079 if (laddr->ifa == ifa) { 2080 laddr->action = 0; 2081 break; 2082 } 2083 } 2084 } else if (l->action == SCTP_DEL_IP_ADDRESS) { 2085 LIST_FOREACH_SAFE(laddr, &inp->sctp_addr_list, sctp_nxt_addr, nladdr) { 2086 /* remove only after all guys are done */ 2087 if (laddr->ifa == ifa) { 2088 sctp_del_local_addr_ep(inp, ifa); 2089 } 2090 } 2091 } 2092 } 2093 return (0); 2094 } 2095 2096 void 2097 sctp_asconf_iterator_stcb(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 2098 void *ptr, uint32_t val SCTP_UNUSED) 2099 { 2100 struct sctp_asconf_iterator *asc; 2101 struct sctp_ifa *ifa; 2102 struct sctp_laddr *l; 2103 int cnt_invalid = 0; 2104 int type, status; 2105 int num_queued = 0; 2106 2107 asc = (struct sctp_asconf_iterator *)ptr; 2108 LIST_FOREACH(l, &asc->list_of_work, sctp_nxt_addr) { 2109 ifa = l->ifa; 2110 type = l->action; 2111 2112 /* address's vrf_id must be the vrf_id of the assoc */ 2113 if (ifa->vrf_id != stcb->asoc.vrf_id) { 2114 continue; 2115 } 2116 2117 /* Same checks again for assoc */ 2118 switch (ifa->address.sa.sa_family) { 2119 #ifdef INET6 2120 case AF_INET6: 2121 { 2122 /* invalid if we're not a v6 endpoint */ 2123 struct sockaddr_in6 *sin6; 2124 2125 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 2126 cnt_invalid++; 2127 if (asc->cnt == cnt_invalid) 2128 return; 2129 else 2130 continue; 2131 } 2132 sin6 = &ifa->address.sin6; 2133 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 2134 /* we skip unspecified addresses */ 2135 continue; 2136 } 2137 if (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2138 &sin6->sin6_addr) != 0) { 2139 continue; 2140 } 2141 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 2142 if (stcb->asoc.scope.local_scope == 0) { 2143 continue; 2144 } 2145 /* is it the right link local scope? */ 2146 if (sctp_is_scopeid_in_nets(stcb, &ifa->address.sa) == 0) { 2147 continue; 2148 } 2149 } 2150 break; 2151 } 2152 #endif 2153 #ifdef INET 2154 case AF_INET: 2155 { 2156 /* invalid if we are a v6 only endpoint */ 2157 struct sockaddr_in *sin; 2158 2159 /* invalid if we are a v6 only endpoint */ 2160 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 2161 SCTP_IPV6_V6ONLY(inp)) 2162 continue; 2163 2164 sin = &ifa->address.sin; 2165 if (sin->sin_addr.s_addr == 0) { 2166 /* we skip unspecified addresses */ 2167 continue; 2168 } 2169 if (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2170 &sin->sin_addr) != 0) { 2171 continue; 2172 } 2173 if (stcb->asoc.scope.ipv4_local_scope == 0 && 2174 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 2175 continue; 2176 } 2177 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 2178 SCTP_IPV6_V6ONLY(inp)) { 2179 cnt_invalid++; 2180 if (asc->cnt == cnt_invalid) 2181 return; 2182 else 2183 continue; 2184 } 2185 break; 2186 } 2187 #endif 2188 default: 2189 /* invalid address family */ 2190 cnt_invalid++; 2191 if (asc->cnt == cnt_invalid) 2192 return; 2193 else 2194 continue; 2195 } 2196 2197 if (type == SCTP_ADD_IP_ADDRESS) { 2198 /* prevent this address from being used as a source */ 2199 sctp_add_local_addr_restricted(stcb, ifa); 2200 } else if (type == SCTP_DEL_IP_ADDRESS) { 2201 struct sctp_nets *net; 2202 2203 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 2204 /* delete this address if cached */ 2205 if (net->ro._s_addr == ifa) { 2206 sctp_free_ifa(net->ro._s_addr); 2207 net->ro._s_addr = NULL; 2208 net->src_addr_selected = 0; 2209 RO_NHFREE(&net->ro); 2210 /* 2211 * Now we deleted our src address, 2212 * should we not also now reset the 2213 * cwnd/rto to start as if its a new 2214 * address? 2215 */ 2216 stcb->asoc.cc_functions.sctp_set_initial_cc_param(stcb, net); 2217 net->RTO = 0; 2218 } 2219 } 2220 } else if (type == SCTP_SET_PRIM_ADDR) { 2221 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) { 2222 /* must validate the ifa is in the ep */ 2223 if (sctp_is_addr_in_ep(stcb->sctp_ep, ifa) == 0) { 2224 continue; 2225 } 2226 } else { 2227 /* Need to check scopes for this guy */ 2228 if (sctp_is_address_in_scope(ifa, &stcb->asoc.scope, 0) == 0) { 2229 continue; 2230 } 2231 } 2232 } 2233 /* queue an asconf for this address add/delete */ 2234 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF) && 2235 stcb->asoc.asconf_supported == 1) { 2236 /* queue an asconf for this addr */ 2237 status = sctp_asconf_queue_add(stcb, ifa, type); 2238 /* 2239 * if queued ok, and in the open state, update the 2240 * count of queued params. If in the non-open 2241 * state, these get sent when the assoc goes open. 2242 */ 2243 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 2244 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 2245 if (status >= 0) { 2246 num_queued++; 2247 } 2248 } 2249 } 2250 } 2251 /* 2252 * If we have queued params in the open state, send out an ASCONF. 2253 */ 2254 if (num_queued > 0) { 2255 sctp_send_asconf(stcb, NULL, SCTP_ADDR_NOT_LOCKED); 2256 } 2257 } 2258 2259 void 2260 sctp_asconf_iterator_end(void *ptr, uint32_t val SCTP_UNUSED) 2261 { 2262 struct sctp_asconf_iterator *asc; 2263 struct sctp_ifa *ifa; 2264 struct sctp_laddr *l, *nl; 2265 2266 asc = (struct sctp_asconf_iterator *)ptr; 2267 LIST_FOREACH_SAFE(l, &asc->list_of_work, sctp_nxt_addr, nl) { 2268 ifa = l->ifa; 2269 if (l->action == SCTP_ADD_IP_ADDRESS) { 2270 /* Clear the defer use flag */ 2271 ifa->localifa_flags &= ~SCTP_ADDR_DEFER_USE; 2272 } 2273 sctp_free_ifa(ifa); 2274 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), l); 2275 SCTP_DECR_LADDR_COUNT(); 2276 } 2277 SCTP_FREE(asc, SCTP_M_ASC_IT); 2278 } 2279 2280 /* 2281 * sa is the sockaddr to ask the peer to set primary to. 2282 * returns: 0 = completed, -1 = error 2283 */ 2284 int32_t 2285 sctp_set_primary_ip_address_sa(struct sctp_tcb *stcb, struct sockaddr *sa) 2286 { 2287 uint32_t vrf_id; 2288 struct sctp_ifa *ifa; 2289 2290 /* find the ifa for the desired set primary */ 2291 vrf_id = stcb->asoc.vrf_id; 2292 ifa = sctp_find_ifa_by_addr(sa, vrf_id, SCTP_ADDR_NOT_LOCKED); 2293 if (ifa == NULL) { 2294 /* Invalid address */ 2295 return (-1); 2296 } 2297 2298 /* queue an ASCONF:SET_PRIM_ADDR to be sent */ 2299 if (!sctp_asconf_queue_add(stcb, ifa, SCTP_SET_PRIM_ADDR)) { 2300 /* set primary queuing succeeded */ 2301 SCTPDBG(SCTP_DEBUG_ASCONF1, 2302 "set_primary_ip_address_sa: queued on tcb=%p, ", 2303 (void *)stcb); 2304 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 2305 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 2306 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 2307 #ifdef SCTP_TIMER_BASED_ASCONF 2308 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, 2309 stcb->sctp_ep, stcb, 2310 stcb->asoc.primary_destination); 2311 #else 2312 sctp_send_asconf(stcb, NULL, SCTP_ADDR_NOT_LOCKED); 2313 #endif 2314 } 2315 } else { 2316 SCTPDBG(SCTP_DEBUG_ASCONF1, "set_primary_ip_address_sa: failed to add to queue on tcb=%p, ", 2317 (void *)stcb); 2318 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 2319 return (-1); 2320 } 2321 return (0); 2322 } 2323 2324 int 2325 sctp_is_addr_pending(struct sctp_tcb *stcb, struct sctp_ifa *sctp_ifa) 2326 { 2327 struct sctp_tmit_chunk *chk, *nchk; 2328 unsigned int offset, asconf_limit; 2329 struct sctp_asconf_chunk *acp; 2330 struct sctp_asconf_paramhdr *aph; 2331 uint8_t aparam_buf[SCTP_PARAM_BUFFER_SIZE]; 2332 struct sctp_paramhdr *ph; 2333 int add_cnt, del_cnt; 2334 uint16_t last_param_type; 2335 2336 add_cnt = del_cnt = 0; 2337 last_param_type = 0; 2338 TAILQ_FOREACH_SAFE(chk, &stcb->asoc.asconf_send_queue, sctp_next, nchk) { 2339 if (chk->data == NULL) { 2340 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: No mbuf data?\n"); 2341 continue; 2342 } 2343 offset = 0; 2344 acp = mtod(chk->data, struct sctp_asconf_chunk *); 2345 offset += sizeof(struct sctp_asconf_chunk); 2346 asconf_limit = ntohs(acp->ch.chunk_length); 2347 ph = (struct sctp_paramhdr *)sctp_m_getptr(chk->data, offset, sizeof(struct sctp_paramhdr), aparam_buf); 2348 if (ph == NULL) { 2349 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: couldn't get lookup addr!\n"); 2350 continue; 2351 } 2352 offset += ntohs(ph->param_length); 2353 2354 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(chk->data, offset, sizeof(struct sctp_asconf_paramhdr), aparam_buf); 2355 if (aph == NULL) { 2356 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: Empty ASCONF will be sent?\n"); 2357 continue; 2358 } 2359 while (aph != NULL) { 2360 unsigned int param_length, param_type; 2361 2362 param_type = ntohs(aph->ph.param_type); 2363 param_length = ntohs(aph->ph.param_length); 2364 if (offset + param_length > asconf_limit) { 2365 /* parameter goes beyond end of chunk! */ 2366 break; 2367 } 2368 if (param_length > sizeof(aparam_buf)) { 2369 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: param length (%u) larger than buffer size!\n", param_length); 2370 break; 2371 } 2372 if (param_length <= sizeof(struct sctp_paramhdr)) { 2373 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: param length(%u) too short\n", param_length); 2374 break; 2375 } 2376 2377 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(chk->data, offset, param_length, aparam_buf); 2378 if (aph == NULL) { 2379 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: couldn't get entire param\n"); 2380 break; 2381 } 2382 2383 ph = (struct sctp_paramhdr *)(aph + 1); 2384 if (sctp_addr_match(ph, &sctp_ifa->address.sa) != 0) { 2385 switch (param_type) { 2386 case SCTP_ADD_IP_ADDRESS: 2387 add_cnt++; 2388 break; 2389 case SCTP_DEL_IP_ADDRESS: 2390 del_cnt++; 2391 break; 2392 default: 2393 break; 2394 } 2395 last_param_type = param_type; 2396 } 2397 2398 offset += SCTP_SIZE32(param_length); 2399 if (offset >= asconf_limit) { 2400 /* no more data in the mbuf chain */ 2401 break; 2402 } 2403 /* get pointer to next asconf param */ 2404 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(chk->data, offset, sizeof(struct sctp_asconf_paramhdr), aparam_buf); 2405 } 2406 } 2407 2408 /* 2409 * we want to find the sequences which consist of ADD -> DEL -> ADD 2410 * or DEL -> ADD 2411 */ 2412 if (add_cnt > del_cnt || 2413 (add_cnt == del_cnt && last_param_type == SCTP_ADD_IP_ADDRESS)) { 2414 return (1); 2415 } 2416 return (0); 2417 } 2418 2419 static struct sockaddr * 2420 sctp_find_valid_localaddr(struct sctp_tcb *stcb, int addr_locked) 2421 { 2422 struct sctp_vrf *vrf = NULL; 2423 struct sctp_ifn *sctp_ifn; 2424 struct sctp_ifa *sctp_ifa; 2425 2426 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2427 SCTP_IPI_ADDR_RLOCK(); 2428 vrf = sctp_find_vrf(stcb->asoc.vrf_id); 2429 if (vrf == NULL) { 2430 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2431 SCTP_IPI_ADDR_RUNLOCK(); 2432 return (NULL); 2433 } 2434 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 2435 if (stcb->asoc.scope.loopback_scope == 0 && 2436 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 2437 /* Skip if loopback_scope not set */ 2438 continue; 2439 } 2440 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2441 switch (sctp_ifa->address.sa.sa_family) { 2442 #ifdef INET 2443 case AF_INET: 2444 if (stcb->asoc.scope.ipv4_addr_legal) { 2445 struct sockaddr_in *sin; 2446 2447 sin = &sctp_ifa->address.sin; 2448 if (sin->sin_addr.s_addr == 0) { 2449 /* 2450 * skip unspecified 2451 * addresses 2452 */ 2453 continue; 2454 } 2455 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 2456 &sin->sin_addr) != 0) { 2457 continue; 2458 } 2459 if (stcb->asoc.scope.ipv4_local_scope == 0 && 2460 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) 2461 continue; 2462 2463 if (sctp_is_addr_restricted(stcb, sctp_ifa) && 2464 (!sctp_is_addr_pending(stcb, sctp_ifa))) 2465 continue; 2466 /* 2467 * found a valid local v4 address to 2468 * use 2469 */ 2470 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2471 SCTP_IPI_ADDR_RUNLOCK(); 2472 return (&sctp_ifa->address.sa); 2473 } 2474 break; 2475 #endif 2476 #ifdef INET6 2477 case AF_INET6: 2478 if (stcb->asoc.scope.ipv6_addr_legal) { 2479 struct sockaddr_in6 *sin6; 2480 2481 if (sctp_ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2482 continue; 2483 } 2484 2485 sin6 = &sctp_ifa->address.sin6; 2486 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 2487 /* 2488 * we skip unspecified 2489 * addresses 2490 */ 2491 continue; 2492 } 2493 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 2494 &sin6->sin6_addr) != 0) { 2495 continue; 2496 } 2497 if (stcb->asoc.scope.local_scope == 0 && 2498 IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 2499 continue; 2500 if (stcb->asoc.scope.site_scope == 0 && 2501 IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) 2502 continue; 2503 2504 if (sctp_is_addr_restricted(stcb, sctp_ifa) && 2505 (!sctp_is_addr_pending(stcb, sctp_ifa))) 2506 continue; 2507 /* 2508 * found a valid local v6 address to 2509 * use 2510 */ 2511 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2512 SCTP_IPI_ADDR_RUNLOCK(); 2513 return (&sctp_ifa->address.sa); 2514 } 2515 break; 2516 #endif 2517 default: 2518 break; 2519 } 2520 } 2521 } 2522 /* no valid addresses found */ 2523 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2524 SCTP_IPI_ADDR_RUNLOCK(); 2525 return (NULL); 2526 } 2527 2528 static struct sockaddr * 2529 sctp_find_valid_localaddr_ep(struct sctp_tcb *stcb) 2530 { 2531 struct sctp_laddr *laddr; 2532 2533 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) { 2534 if (laddr->ifa == NULL) { 2535 continue; 2536 } 2537 /* is the address restricted ? */ 2538 if (sctp_is_addr_restricted(stcb, laddr->ifa) && 2539 (!sctp_is_addr_pending(stcb, laddr->ifa))) 2540 continue; 2541 2542 /* found a valid local address to use */ 2543 return (&laddr->ifa->address.sa); 2544 } 2545 /* no valid addresses found */ 2546 return (NULL); 2547 } 2548 2549 /* 2550 * builds an ASCONF chunk from queued ASCONF params. 2551 * returns NULL on error (no mbuf, no ASCONF params queued, etc). 2552 */ 2553 struct mbuf * 2554 sctp_compose_asconf(struct sctp_tcb *stcb, int *retlen, int addr_locked) 2555 { 2556 struct mbuf *m_asconf, *m_asconf_chk; 2557 struct sctp_asconf_addr *aa; 2558 struct sctp_asconf_chunk *acp; 2559 struct sctp_asconf_paramhdr *aph; 2560 struct sctp_asconf_addr_param *aap; 2561 uint32_t p_length, overhead; 2562 uint32_t correlation_id = 1; /* 0 is reserved... */ 2563 caddr_t ptr, lookup_ptr; 2564 uint8_t lookup_used = 0; 2565 2566 /* are there any asconf params to send? */ 2567 TAILQ_FOREACH(aa, &stcb->asoc.asconf_queue, next) { 2568 if (aa->sent == 0) 2569 break; 2570 } 2571 if (aa == NULL) 2572 return (NULL); 2573 2574 /* Consider IP header and SCTP common header. */ 2575 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 2576 overhead = SCTP_MIN_OVERHEAD; 2577 } else { 2578 overhead = SCTP_MIN_V4_OVERHEAD; 2579 } 2580 /* Consider ASONF chunk. */ 2581 overhead += sizeof(struct sctp_asconf_chunk); 2582 /* Consider AUTH chunk. */ 2583 overhead += sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); 2584 if (stcb->asoc.smallest_mtu <= overhead) { 2585 /* MTU too small. */ 2586 return (NULL); 2587 } 2588 /* 2589 * get a chunk header mbuf and a cluster for the asconf params since 2590 * it's simpler to fill in the asconf chunk header lookup address on 2591 * the fly 2592 */ 2593 m_asconf_chk = sctp_get_mbuf_for_msg(sizeof(struct sctp_asconf_chunk), 0, M_NOWAIT, 1, MT_DATA); 2594 if (m_asconf_chk == NULL) { 2595 /* no mbuf's */ 2596 SCTPDBG(SCTP_DEBUG_ASCONF1, 2597 "sctp_compose_asconf: couldn't get chunk mbuf!\n"); 2598 return (NULL); 2599 } 2600 m_asconf = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 2601 if (m_asconf == NULL) { 2602 /* no mbuf's */ 2603 SCTPDBG(SCTP_DEBUG_ASCONF1, 2604 "sctp_compose_asconf: couldn't get mbuf!\n"); 2605 sctp_m_freem(m_asconf_chk); 2606 return (NULL); 2607 } 2608 SCTP_BUF_LEN(m_asconf_chk) = sizeof(struct sctp_asconf_chunk); 2609 SCTP_BUF_LEN(m_asconf) = 0; 2610 acp = mtod(m_asconf_chk, struct sctp_asconf_chunk *); 2611 memset(acp, 0, sizeof(struct sctp_asconf_chunk)); 2612 /* save pointers to lookup address and asconf params */ 2613 lookup_ptr = (caddr_t)(acp + 1); /* after the header */ 2614 ptr = mtod(m_asconf, caddr_t); /* beginning of cluster */ 2615 2616 /* fill in chunk header info */ 2617 acp->ch.chunk_type = SCTP_ASCONF; 2618 acp->ch.chunk_flags = 0; 2619 acp->serial_number = htonl(stcb->asoc.asconf_seq_out); 2620 stcb->asoc.asconf_seq_out++; 2621 2622 /* add parameters... up to smallest MTU allowed */ 2623 TAILQ_FOREACH(aa, &stcb->asoc.asconf_queue, next) { 2624 if (aa->sent) 2625 continue; 2626 /* get the parameter length */ 2627 p_length = SCTP_SIZE32(aa->ap.aph.ph.param_length); 2628 /* will it fit in current chunk? */ 2629 if ((SCTP_BUF_LEN(m_asconf) + p_length > stcb->asoc.smallest_mtu - overhead) || 2630 (SCTP_BUF_LEN(m_asconf) + p_length > MCLBYTES)) { 2631 /* won't fit, so we're done with this chunk */ 2632 break; 2633 } 2634 /* assign (and store) a correlation id */ 2635 aa->ap.aph.correlation_id = correlation_id++; 2636 2637 /* 2638 * fill in address if we're doing a delete this is a simple 2639 * way for us to fill in the correlation address, which 2640 * should only be used by the peer if we're deleting our 2641 * source address and adding a new address (e.g. renumbering 2642 * case) 2643 */ 2644 if (lookup_used == 0 && 2645 (aa->special_del == 0) && 2646 aa->ap.aph.ph.param_type == SCTP_DEL_IP_ADDRESS) { 2647 struct sctp_ipv6addr_param *lookup; 2648 uint16_t p_size, addr_size; 2649 2650 lookup = (struct sctp_ipv6addr_param *)lookup_ptr; 2651 lookup->ph.param_type = 2652 htons(aa->ap.addrp.ph.param_type); 2653 if (aa->ap.addrp.ph.param_type == SCTP_IPV6_ADDRESS) { 2654 /* copy IPv6 address */ 2655 p_size = sizeof(struct sctp_ipv6addr_param); 2656 addr_size = sizeof(struct in6_addr); 2657 } else { 2658 /* copy IPv4 address */ 2659 p_size = sizeof(struct sctp_ipv4addr_param); 2660 addr_size = sizeof(struct in_addr); 2661 } 2662 lookup->ph.param_length = htons(SCTP_SIZE32(p_size)); 2663 memcpy(lookup->addr, &aa->ap.addrp.addr, addr_size); 2664 SCTP_BUF_LEN(m_asconf_chk) += SCTP_SIZE32(p_size); 2665 lookup_used = 1; 2666 } 2667 /* copy into current space */ 2668 memcpy(ptr, &aa->ap, p_length); 2669 2670 /* network elements and update lengths */ 2671 aph = (struct sctp_asconf_paramhdr *)ptr; 2672 aap = (struct sctp_asconf_addr_param *)ptr; 2673 /* correlation_id is transparent to peer, no htonl needed */ 2674 aph->ph.param_type = htons(aph->ph.param_type); 2675 aph->ph.param_length = htons(aph->ph.param_length); 2676 aap->addrp.ph.param_type = htons(aap->addrp.ph.param_type); 2677 aap->addrp.ph.param_length = htons(aap->addrp.ph.param_length); 2678 2679 SCTP_BUF_LEN(m_asconf) += SCTP_SIZE32(p_length); 2680 ptr += SCTP_SIZE32(p_length); 2681 2682 /* 2683 * these params are removed off the pending list upon 2684 * getting an ASCONF-ACK back from the peer, just set flag 2685 */ 2686 aa->sent = 1; 2687 } 2688 /* check to see if the lookup addr has been populated yet */ 2689 if (lookup_used == 0) { 2690 /* NOTE: if the address param is optional, can skip this... */ 2691 /* add any valid (existing) address... */ 2692 struct sctp_ipv6addr_param *lookup; 2693 uint16_t p_size, addr_size; 2694 struct sockaddr *found_addr; 2695 caddr_t addr_ptr; 2696 2697 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) 2698 found_addr = sctp_find_valid_localaddr(stcb, 2699 addr_locked); 2700 else 2701 found_addr = sctp_find_valid_localaddr_ep(stcb); 2702 2703 lookup = (struct sctp_ipv6addr_param *)lookup_ptr; 2704 if (found_addr != NULL) { 2705 switch (found_addr->sa_family) { 2706 #ifdef INET6 2707 case AF_INET6: 2708 /* copy IPv6 address */ 2709 lookup->ph.param_type = 2710 htons(SCTP_IPV6_ADDRESS); 2711 p_size = sizeof(struct sctp_ipv6addr_param); 2712 addr_size = sizeof(struct in6_addr); 2713 addr_ptr = (caddr_t)&((struct sockaddr_in6 *) 2714 found_addr)->sin6_addr; 2715 break; 2716 #endif 2717 #ifdef INET 2718 case AF_INET: 2719 /* copy IPv4 address */ 2720 lookup->ph.param_type = 2721 htons(SCTP_IPV4_ADDRESS); 2722 p_size = sizeof(struct sctp_ipv4addr_param); 2723 addr_size = sizeof(struct in_addr); 2724 addr_ptr = (caddr_t)&((struct sockaddr_in *) 2725 found_addr)->sin_addr; 2726 break; 2727 #endif 2728 default: 2729 SCTPDBG(SCTP_DEBUG_ASCONF1, 2730 "sctp_compose_asconf: no usable lookup addr (family = %d)!\n", 2731 found_addr->sa_family); 2732 sctp_m_freem(m_asconf_chk); 2733 sctp_m_freem(m_asconf); 2734 return (NULL); 2735 } 2736 lookup->ph.param_length = htons(SCTP_SIZE32(p_size)); 2737 memcpy(lookup->addr, addr_ptr, addr_size); 2738 SCTP_BUF_LEN(m_asconf_chk) += SCTP_SIZE32(p_size); 2739 } else { 2740 /* uh oh... don't have any address?? */ 2741 SCTPDBG(SCTP_DEBUG_ASCONF1, 2742 "sctp_compose_asconf: no lookup addr!\n"); 2743 sctp_m_freem(m_asconf_chk); 2744 sctp_m_freem(m_asconf); 2745 return (NULL); 2746 } 2747 } 2748 /* chain it all together */ 2749 SCTP_BUF_NEXT(m_asconf_chk) = m_asconf; 2750 *retlen = SCTP_BUF_LEN(m_asconf_chk) + SCTP_BUF_LEN(m_asconf); 2751 acp->ch.chunk_length = htons(*retlen); 2752 2753 return (m_asconf_chk); 2754 } 2755 2756 /* 2757 * section to handle address changes before an association is up eg. changes 2758 * during INIT/INIT-ACK/COOKIE-ECHO handshake 2759 */ 2760 2761 /* 2762 * processes the (local) addresses in the INIT-ACK chunk 2763 */ 2764 static void 2765 sctp_process_initack_addresses(struct sctp_tcb *stcb, struct mbuf *m, 2766 unsigned int offset, unsigned int length) 2767 { 2768 struct sctp_paramhdr tmp_param, *ph; 2769 uint16_t plen, ptype; 2770 struct sctp_ifa *sctp_ifa; 2771 union sctp_sockstore store; 2772 #ifdef INET6 2773 struct sctp_ipv6addr_param addr6_store; 2774 #endif 2775 #ifdef INET 2776 struct sctp_ipv4addr_param addr4_store; 2777 #endif 2778 2779 SCTPDBG(SCTP_DEBUG_ASCONF2, "processing init-ack addresses\n"); 2780 if (stcb == NULL) /* Un-needed check for SA */ 2781 return; 2782 2783 /* convert to upper bound */ 2784 length += offset; 2785 2786 if ((offset + sizeof(struct sctp_paramhdr)) > length) { 2787 return; 2788 } 2789 /* go through the addresses in the init-ack */ 2790 ph = (struct sctp_paramhdr *) 2791 sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr), 2792 (uint8_t *)&tmp_param); 2793 while (ph != NULL) { 2794 ptype = ntohs(ph->param_type); 2795 plen = ntohs(ph->param_length); 2796 switch (ptype) { 2797 #ifdef INET6 2798 case SCTP_IPV6_ADDRESS: 2799 { 2800 struct sctp_ipv6addr_param *a6p; 2801 2802 /* get the entire IPv6 address param */ 2803 a6p = (struct sctp_ipv6addr_param *) 2804 sctp_m_getptr(m, offset, 2805 sizeof(struct sctp_ipv6addr_param), 2806 (uint8_t *)&addr6_store); 2807 if (plen != sizeof(struct sctp_ipv6addr_param) || 2808 a6p == NULL) { 2809 return; 2810 } 2811 memset(&store, 0, sizeof(union sctp_sockstore)); 2812 store.sin6.sin6_family = AF_INET6; 2813 store.sin6.sin6_len = sizeof(struct sockaddr_in6); 2814 store.sin6.sin6_port = stcb->rport; 2815 memcpy(&store.sin6.sin6_addr, a6p->addr, sizeof(struct in6_addr)); 2816 break; 2817 } 2818 #endif 2819 #ifdef INET 2820 case SCTP_IPV4_ADDRESS: 2821 { 2822 struct sctp_ipv4addr_param *a4p; 2823 2824 /* get the entire IPv4 address param */ 2825 a4p = (struct sctp_ipv4addr_param *)sctp_m_getptr(m, offset, 2826 sizeof(struct sctp_ipv4addr_param), 2827 (uint8_t *)&addr4_store); 2828 if (plen != sizeof(struct sctp_ipv4addr_param) || 2829 a4p == NULL) { 2830 return; 2831 } 2832 memset(&store, 0, sizeof(union sctp_sockstore)); 2833 store.sin.sin_family = AF_INET; 2834 store.sin.sin_len = sizeof(struct sockaddr_in); 2835 store.sin.sin_port = stcb->rport; 2836 store.sin.sin_addr.s_addr = a4p->addr; 2837 break; 2838 } 2839 #endif 2840 default: 2841 goto next_addr; 2842 } 2843 2844 /* see if this address really (still) exists */ 2845 sctp_ifa = sctp_find_ifa_by_addr(&store.sa, stcb->asoc.vrf_id, 2846 SCTP_ADDR_NOT_LOCKED); 2847 if (sctp_ifa == NULL) { 2848 /* address doesn't exist anymore */ 2849 int status; 2850 2851 /* are ASCONFs allowed ? */ 2852 if ((sctp_is_feature_on(stcb->sctp_ep, 2853 SCTP_PCB_FLAGS_DO_ASCONF)) && 2854 stcb->asoc.asconf_supported) { 2855 /* queue an ASCONF DEL_IP_ADDRESS */ 2856 status = sctp_asconf_queue_sa_delete(stcb, &store.sa); 2857 /* 2858 * if queued ok, and in correct state, send 2859 * out the ASCONF. 2860 */ 2861 if (status == 0 && 2862 SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) { 2863 #ifdef SCTP_TIMER_BASED_ASCONF 2864 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, 2865 stcb->sctp_ep, stcb, 2866 stcb->asoc.primary_destination); 2867 #else 2868 sctp_send_asconf(stcb, NULL, SCTP_ADDR_NOT_LOCKED); 2869 #endif 2870 } 2871 } 2872 } 2873 2874 next_addr: 2875 /* 2876 * Sanity check: Make sure the length isn't 0, otherwise 2877 * we'll be stuck in this loop for a long time... 2878 */ 2879 if (SCTP_SIZE32(plen) == 0) { 2880 SCTP_PRINTF("process_initack_addrs: bad len (%d) type=%xh\n", 2881 plen, ptype); 2882 return; 2883 } 2884 /* get next parameter */ 2885 offset += SCTP_SIZE32(plen); 2886 if ((offset + sizeof(struct sctp_paramhdr)) > length) 2887 return; 2888 ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, 2889 sizeof(struct sctp_paramhdr), (uint8_t *)&tmp_param); 2890 } /* while */ 2891 } 2892 2893 /* FIX ME: need to verify return result for v6 address type if v6 disabled */ 2894 /* 2895 * checks to see if a specific address is in the initack address list returns 2896 * 1 if found, 0 if not 2897 */ 2898 static uint32_t 2899 sctp_addr_in_initack(struct mbuf *m, uint32_t offset, uint32_t length, struct sockaddr *sa) 2900 { 2901 struct sctp_paramhdr tmp_param, *ph; 2902 uint16_t plen, ptype; 2903 #ifdef INET 2904 struct sockaddr_in *sin; 2905 struct sctp_ipv4addr_param *a4p; 2906 struct sctp_ipv6addr_param addr4_store; 2907 #endif 2908 #ifdef INET6 2909 struct sockaddr_in6 *sin6; 2910 struct sctp_ipv6addr_param *a6p; 2911 struct sctp_ipv6addr_param addr6_store; 2912 struct sockaddr_in6 sin6_tmp; 2913 #endif 2914 2915 switch (sa->sa_family) { 2916 #ifdef INET 2917 case AF_INET: 2918 break; 2919 #endif 2920 #ifdef INET6 2921 case AF_INET6: 2922 break; 2923 #endif 2924 default: 2925 return (0); 2926 } 2927 2928 SCTPDBG(SCTP_DEBUG_ASCONF2, "find_initack_addr: starting search for "); 2929 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF2, sa); 2930 /* convert to upper bound */ 2931 length += offset; 2932 2933 if ((offset + sizeof(struct sctp_paramhdr)) > length) { 2934 SCTPDBG(SCTP_DEBUG_ASCONF1, 2935 "find_initack_addr: invalid offset?\n"); 2936 return (0); 2937 } 2938 /* go through the addresses in the init-ack */ 2939 ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, 2940 sizeof(struct sctp_paramhdr), (uint8_t *)&tmp_param); 2941 while (ph != NULL) { 2942 ptype = ntohs(ph->param_type); 2943 plen = ntohs(ph->param_length); 2944 switch (ptype) { 2945 #ifdef INET6 2946 case SCTP_IPV6_ADDRESS: 2947 if (sa->sa_family == AF_INET6) { 2948 /* get the entire IPv6 address param */ 2949 if (plen != sizeof(struct sctp_ipv6addr_param)) { 2950 break; 2951 } 2952 /* get the entire IPv6 address param */ 2953 a6p = (struct sctp_ipv6addr_param *) 2954 sctp_m_getptr(m, offset, 2955 sizeof(struct sctp_ipv6addr_param), 2956 (uint8_t *)&addr6_store); 2957 if (a6p == NULL) { 2958 return (0); 2959 } 2960 sin6 = (struct sockaddr_in6 *)sa; 2961 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) { 2962 /* create a copy and clear scope */ 2963 memcpy(&sin6_tmp, sin6, 2964 sizeof(struct sockaddr_in6)); 2965 sin6 = &sin6_tmp; 2966 in6_clearscope(&sin6->sin6_addr); 2967 } 2968 if (memcmp(&sin6->sin6_addr, a6p->addr, 2969 sizeof(struct in6_addr)) == 0) { 2970 /* found it */ 2971 return (1); 2972 } 2973 } 2974 break; 2975 #endif /* INET6 */ 2976 #ifdef INET 2977 case SCTP_IPV4_ADDRESS: 2978 if (sa->sa_family == AF_INET) { 2979 if (plen != sizeof(struct sctp_ipv4addr_param)) { 2980 break; 2981 } 2982 /* get the entire IPv4 address param */ 2983 a4p = (struct sctp_ipv4addr_param *) 2984 sctp_m_getptr(m, offset, 2985 sizeof(struct sctp_ipv4addr_param), 2986 (uint8_t *)&addr4_store); 2987 if (a4p == NULL) { 2988 return (0); 2989 } 2990 sin = (struct sockaddr_in *)sa; 2991 if (sin->sin_addr.s_addr == a4p->addr) { 2992 /* found it */ 2993 return (1); 2994 } 2995 } 2996 break; 2997 #endif 2998 default: 2999 break; 3000 } 3001 /* get next parameter */ 3002 offset += SCTP_SIZE32(plen); 3003 if (offset + sizeof(struct sctp_paramhdr) > length) { 3004 return (0); 3005 } 3006 ph = (struct sctp_paramhdr *) 3007 sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr), 3008 (uint8_t *)&tmp_param); 3009 } /* while */ 3010 /* not found! */ 3011 return (0); 3012 } 3013 3014 /* 3015 * makes sure that the current endpoint local addr list is consistent with 3016 * the new association (eg. subset bound, asconf allowed) adds addresses as 3017 * necessary 3018 */ 3019 static void 3020 sctp_check_address_list_ep(struct sctp_tcb *stcb, struct mbuf *m, int offset, 3021 int length, struct sockaddr *init_addr) 3022 { 3023 struct sctp_laddr *laddr; 3024 3025 /* go through the endpoint list */ 3026 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) { 3027 /* be paranoid and validate the laddr */ 3028 if (laddr->ifa == NULL) { 3029 SCTPDBG(SCTP_DEBUG_ASCONF1, 3030 "check_addr_list_ep: laddr->ifa is NULL"); 3031 continue; 3032 } 3033 /* do i have it implicitly? */ 3034 if (sctp_cmpaddr(&laddr->ifa->address.sa, init_addr)) { 3035 continue; 3036 } 3037 /* check to see if in the init-ack */ 3038 if (!sctp_addr_in_initack(m, offset, length, &laddr->ifa->address.sa)) { 3039 /* try to add it */ 3040 sctp_addr_mgmt_assoc(stcb->sctp_ep, stcb, laddr->ifa, 3041 SCTP_ADD_IP_ADDRESS, SCTP_ADDR_NOT_LOCKED); 3042 } 3043 } 3044 } 3045 3046 /* 3047 * makes sure that the current kernel address list is consistent with the new 3048 * association (with all addrs bound) adds addresses as necessary 3049 */ 3050 static void 3051 sctp_check_address_list_all(struct sctp_tcb *stcb, struct mbuf *m, int offset, 3052 int length, struct sockaddr *init_addr, 3053 uint16_t local_scope, uint16_t site_scope, 3054 uint16_t ipv4_scope, uint16_t loopback_scope) 3055 { 3056 struct sctp_vrf *vrf = NULL; 3057 struct sctp_ifn *sctp_ifn; 3058 struct sctp_ifa *sctp_ifa; 3059 uint32_t vrf_id; 3060 #ifdef INET 3061 struct sockaddr_in *sin; 3062 #endif 3063 #ifdef INET6 3064 struct sockaddr_in6 *sin6; 3065 #endif 3066 3067 if (stcb) { 3068 vrf_id = stcb->asoc.vrf_id; 3069 } else { 3070 return; 3071 } 3072 SCTP_IPI_ADDR_RLOCK(); 3073 vrf = sctp_find_vrf(vrf_id); 3074 if (vrf == NULL) { 3075 SCTP_IPI_ADDR_RUNLOCK(); 3076 return; 3077 } 3078 /* go through all our known interfaces */ 3079 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 3080 if (loopback_scope == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 3081 /* skip loopback interface */ 3082 continue; 3083 } 3084 /* go through each interface address */ 3085 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 3086 /* do i have it implicitly? */ 3087 if (sctp_cmpaddr(&sctp_ifa->address.sa, init_addr)) { 3088 continue; 3089 } 3090 switch (sctp_ifa->address.sa.sa_family) { 3091 #ifdef INET 3092 case AF_INET: 3093 sin = &sctp_ifa->address.sin; 3094 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 3095 &sin->sin_addr) != 0) { 3096 continue; 3097 } 3098 if ((ipv4_scope == 0) && 3099 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 3100 /* private address not in scope */ 3101 continue; 3102 } 3103 break; 3104 #endif 3105 #ifdef INET6 3106 case AF_INET6: 3107 sin6 = &sctp_ifa->address.sin6; 3108 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 3109 &sin6->sin6_addr) != 0) { 3110 continue; 3111 } 3112 if ((local_scope == 0) && 3113 (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) { 3114 continue; 3115 } 3116 if ((site_scope == 0) && 3117 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 3118 continue; 3119 } 3120 break; 3121 #endif 3122 default: 3123 break; 3124 } 3125 /* check to see if in the init-ack */ 3126 if (!sctp_addr_in_initack(m, offset, length, &sctp_ifa->address.sa)) { 3127 /* try to add it */ 3128 sctp_addr_mgmt_assoc(stcb->sctp_ep, stcb, 3129 sctp_ifa, SCTP_ADD_IP_ADDRESS, 3130 SCTP_ADDR_LOCKED); 3131 } 3132 } /* end foreach ifa */ 3133 } /* end foreach ifn */ 3134 SCTP_IPI_ADDR_RUNLOCK(); 3135 } 3136 3137 /* 3138 * validates an init-ack chunk (from a cookie-echo) with current addresses 3139 * adds addresses from the init-ack into our local address list, if needed 3140 * queues asconf adds/deletes addresses as needed and makes appropriate list 3141 * changes for source address selection m, offset: points to the start of the 3142 * address list in an init-ack chunk length: total length of the address 3143 * params only init_addr: address where my INIT-ACK was sent from 3144 */ 3145 void 3146 sctp_check_address_list(struct sctp_tcb *stcb, struct mbuf *m, int offset, 3147 int length, struct sockaddr *init_addr, 3148 uint16_t local_scope, uint16_t site_scope, 3149 uint16_t ipv4_scope, uint16_t loopback_scope) 3150 { 3151 /* process the local addresses in the initack */ 3152 sctp_process_initack_addresses(stcb, m, offset, length); 3153 3154 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3155 /* bound all case */ 3156 sctp_check_address_list_all(stcb, m, offset, length, init_addr, 3157 local_scope, site_scope, ipv4_scope, loopback_scope); 3158 } else { 3159 /* subset bound case */ 3160 if (sctp_is_feature_on(stcb->sctp_ep, 3161 SCTP_PCB_FLAGS_DO_ASCONF)) { 3162 /* asconf's allowed */ 3163 sctp_check_address_list_ep(stcb, m, offset, length, 3164 init_addr); 3165 } 3166 /* else, no asconfs allowed, so what we sent is what we get */ 3167 } 3168 } 3169 3170 /* 3171 * sctp_bindx() support 3172 */ 3173 uint32_t 3174 sctp_addr_mgmt_ep_sa(struct sctp_inpcb *inp, struct sockaddr *sa, 3175 uint32_t type, uint32_t vrf_id) 3176 { 3177 struct sctp_ifa *ifa; 3178 struct sctp_laddr *laddr, *nladdr; 3179 3180 if (sa->sa_len == 0) { 3181 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, EINVAL); 3182 return (EINVAL); 3183 } 3184 if (type == SCTP_ADD_IP_ADDRESS) { 3185 /* For an add the address MUST be on the system */ 3186 ifa = sctp_find_ifa_by_addr(sa, vrf_id, SCTP_ADDR_NOT_LOCKED); 3187 } else if (type == SCTP_DEL_IP_ADDRESS) { 3188 /* For a delete we need to find it in the inp */ 3189 ifa = sctp_find_ifa_in_ep(inp, sa, SCTP_ADDR_NOT_LOCKED); 3190 } else { 3191 ifa = NULL; 3192 } 3193 if (ifa != NULL) { 3194 if (type == SCTP_ADD_IP_ADDRESS) { 3195 sctp_add_local_addr_ep(inp, ifa, type); 3196 } else if (type == SCTP_DEL_IP_ADDRESS) { 3197 if (inp->laddr_count < 2) { 3198 /* can't delete the last local address */ 3199 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, EINVAL); 3200 return (EINVAL); 3201 } 3202 LIST_FOREACH(laddr, &inp->sctp_addr_list, 3203 sctp_nxt_addr) { 3204 if (ifa == laddr->ifa) { 3205 /* Mark in the delete */ 3206 laddr->action = type; 3207 } 3208 } 3209 } 3210 if (LIST_EMPTY(&inp->sctp_asoc_list)) { 3211 /* 3212 * There is no need to start the iterator if the inp 3213 * has no associations. 3214 */ 3215 if (type == SCTP_DEL_IP_ADDRESS) { 3216 LIST_FOREACH_SAFE(laddr, &inp->sctp_addr_list, sctp_nxt_addr, nladdr) { 3217 if (laddr->ifa == ifa) { 3218 sctp_del_local_addr_ep(inp, ifa); 3219 } 3220 } 3221 } 3222 } else { 3223 struct sctp_asconf_iterator *asc; 3224 struct sctp_laddr *wi; 3225 int ret; 3226 3227 SCTP_MALLOC(asc, struct sctp_asconf_iterator *, 3228 sizeof(struct sctp_asconf_iterator), 3229 SCTP_M_ASC_IT); 3230 if (asc == NULL) { 3231 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, ENOMEM); 3232 return (ENOMEM); 3233 } 3234 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 3235 if (wi == NULL) { 3236 SCTP_FREE(asc, SCTP_M_ASC_IT); 3237 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, ENOMEM); 3238 return (ENOMEM); 3239 } 3240 LIST_INIT(&asc->list_of_work); 3241 asc->cnt = 1; 3242 SCTP_INCR_LADDR_COUNT(); 3243 wi->ifa = ifa; 3244 wi->action = type; 3245 atomic_add_int(&ifa->refcount, 1); 3246 LIST_INSERT_HEAD(&asc->list_of_work, wi, sctp_nxt_addr); 3247 ret = sctp_initiate_iterator(sctp_asconf_iterator_ep, 3248 sctp_asconf_iterator_stcb, 3249 sctp_asconf_iterator_ep_end, 3250 SCTP_PCB_ANY_FLAGS, 3251 SCTP_PCB_ANY_FEATURES, 3252 SCTP_ASOC_ANY_STATE, 3253 (void *)asc, 0, 3254 sctp_asconf_iterator_end, inp, 0); 3255 if (ret) { 3256 SCTP_PRINTF("Failed to initiate iterator for addr_mgmt_ep_sa\n"); 3257 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, EFAULT); 3258 sctp_asconf_iterator_end(asc, 0); 3259 return (EFAULT); 3260 } 3261 } 3262 return (0); 3263 } else { 3264 /* invalid address! */ 3265 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_ASCONF, EADDRNOTAVAIL); 3266 return (EADDRNOTAVAIL); 3267 } 3268 } 3269 3270 void 3271 sctp_asconf_send_nat_state_update(struct sctp_tcb *stcb, struct sctp_nets *net) 3272 { 3273 struct sctp_asconf_addr *aa_vtag, *aa_add, *aa_del; 3274 struct sctp_ifa *sctp_ifap; 3275 struct sctp_asconf_tag_param *vtag; 3276 #ifdef INET 3277 struct sockaddr_in *to; 3278 #endif 3279 #ifdef INET6 3280 struct sockaddr_in6 *to6; 3281 #endif 3282 3283 if (net == NULL) { 3284 SCTPDBG(SCTP_DEBUG_ASCONF1, "sctp_asconf_send_nat_state_update: Missing net\n"); 3285 return; 3286 } 3287 if (stcb == NULL) { 3288 SCTPDBG(SCTP_DEBUG_ASCONF1, "sctp_asconf_send_nat_state_update: Missing stcb\n"); 3289 return; 3290 } 3291 /* 3292 * Need to have in the ASCONF: - VTAG(my_vtag/peer_vtag) - 3293 * ADD(wildcard) - DEL(wildcard) - ADD(Any global addresses) 3294 */ 3295 SCTP_MALLOC(aa_vtag, struct sctp_asconf_addr *, sizeof(struct sctp_asconf_addr), SCTP_M_ASC_ADDR); 3296 SCTP_MALLOC(aa_add, struct sctp_asconf_addr *, sizeof(struct sctp_asconf_addr), SCTP_M_ASC_ADDR); 3297 SCTP_MALLOC(aa_del, struct sctp_asconf_addr *, sizeof(struct sctp_asconf_addr), SCTP_M_ASC_ADDR); 3298 3299 if ((aa_vtag == NULL) || (aa_add == NULL) || (aa_del == NULL)) { 3300 /* Didn't get memory */ 3301 SCTPDBG(SCTP_DEBUG_ASCONF1, "sctp_asconf_send_nat_state_update: failed to get memory!\n"); 3302 out: 3303 if (aa_vtag != NULL) { 3304 SCTP_FREE(aa_vtag, SCTP_M_ASC_ADDR); 3305 } 3306 if (aa_add != NULL) { 3307 SCTP_FREE(aa_add, SCTP_M_ASC_ADDR); 3308 } 3309 if (aa_del != NULL) { 3310 SCTP_FREE(aa_del, SCTP_M_ASC_ADDR); 3311 } 3312 return; 3313 } 3314 memset(aa_vtag, 0, sizeof(struct sctp_asconf_addr)); 3315 aa_vtag->special_del = 0; 3316 /* Fill in ASCONF address parameter fields. */ 3317 /* Top level elements are "networked" during send. */ 3318 aa_vtag->ifa = NULL; 3319 aa_vtag->sent = 0; /* clear sent flag */ 3320 vtag = (struct sctp_asconf_tag_param *)&aa_vtag->ap.aph; 3321 vtag->aph.ph.param_type = SCTP_NAT_VTAGS; 3322 vtag->aph.ph.param_length = sizeof(struct sctp_asconf_tag_param); 3323 vtag->local_vtag = htonl(stcb->asoc.my_vtag); 3324 vtag->remote_vtag = htonl(stcb->asoc.peer_vtag); 3325 3326 memset(aa_add, 0, sizeof(struct sctp_asconf_addr)); 3327 memset(aa_del, 0, sizeof(struct sctp_asconf_addr)); 3328 switch (net->ro._l_addr.sa.sa_family) { 3329 #ifdef INET 3330 case AF_INET: 3331 aa_add->ap.aph.ph.param_type = SCTP_ADD_IP_ADDRESS; 3332 aa_add->ap.aph.ph.param_length = sizeof(struct sctp_asconf_addrv4_param); 3333 aa_add->ap.addrp.ph.param_type = SCTP_IPV4_ADDRESS; 3334 aa_add->ap.addrp.ph.param_length = sizeof(struct sctp_ipv4addr_param); 3335 /* No need to fill the address, we are using 0.0.0.0 */ 3336 aa_del->ap.aph.ph.param_type = SCTP_DEL_IP_ADDRESS; 3337 aa_del->ap.aph.ph.param_length = sizeof(struct sctp_asconf_addrv4_param); 3338 aa_del->ap.addrp.ph.param_type = SCTP_IPV4_ADDRESS; 3339 aa_del->ap.addrp.ph.param_length = sizeof(struct sctp_ipv4addr_param); 3340 /* No need to fill the address, we are using 0.0.0.0 */ 3341 break; 3342 #endif 3343 #ifdef INET6 3344 case AF_INET6: 3345 aa_add->ap.aph.ph.param_type = SCTP_ADD_IP_ADDRESS; 3346 aa_add->ap.aph.ph.param_length = sizeof(struct sctp_asconf_addr_param); 3347 aa_add->ap.addrp.ph.param_type = SCTP_IPV6_ADDRESS; 3348 aa_add->ap.addrp.ph.param_length = sizeof(struct sctp_ipv6addr_param); 3349 /* No need to fill the address, we are using ::0 */ 3350 aa_del->ap.aph.ph.param_type = SCTP_DEL_IP_ADDRESS; 3351 aa_del->ap.aph.ph.param_length = sizeof(struct sctp_asconf_addr_param); 3352 aa_del->ap.addrp.ph.param_type = SCTP_IPV6_ADDRESS; 3353 aa_del->ap.addrp.ph.param_length = sizeof(struct sctp_ipv6addr_param); 3354 /* No need to fill the address, we are using ::0 */ 3355 break; 3356 #endif 3357 default: 3358 SCTPDBG(SCTP_DEBUG_ASCONF1, 3359 "sctp_asconf_send_nat_state_update: unknown address family %d\n", 3360 net->ro._l_addr.sa.sa_family); 3361 goto out; 3362 } 3363 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa_vtag, next); 3364 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa_add, next); 3365 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa_del, next); 3366 3367 /* Now we must hunt the addresses and add all global addresses */ 3368 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3369 struct sctp_vrf *vrf = NULL; 3370 struct sctp_ifn *sctp_ifnp; 3371 uint32_t vrf_id; 3372 3373 vrf_id = stcb->sctp_ep->def_vrf_id; 3374 vrf = sctp_find_vrf(vrf_id); 3375 if (vrf == NULL) { 3376 goto skip_rest; 3377 } 3378 3379 SCTP_IPI_ADDR_RLOCK(); 3380 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 3381 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 3382 switch (sctp_ifap->address.sa.sa_family) { 3383 #ifdef INET 3384 case AF_INET: 3385 to = &sctp_ifap->address.sin; 3386 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 3387 &to->sin_addr) != 0) { 3388 continue; 3389 } 3390 if (IN4_ISPRIVATE_ADDRESS(&to->sin_addr)) { 3391 continue; 3392 } 3393 if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 3394 continue; 3395 } 3396 break; 3397 #endif 3398 #ifdef INET6 3399 case AF_INET6: 3400 to6 = &sctp_ifap->address.sin6; 3401 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 3402 &to6->sin6_addr) != 0) { 3403 continue; 3404 } 3405 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr)) { 3406 continue; 3407 } 3408 if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) { 3409 continue; 3410 } 3411 break; 3412 #endif 3413 default: 3414 continue; 3415 } 3416 sctp_asconf_queue_mgmt(stcb, sctp_ifap, SCTP_ADD_IP_ADDRESS); 3417 } 3418 } 3419 SCTP_IPI_ADDR_RUNLOCK(); 3420 } else { 3421 struct sctp_laddr *laddr; 3422 3423 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) { 3424 if (laddr->ifa == NULL) { 3425 continue; 3426 } 3427 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) 3428 /* 3429 * Address being deleted by the system, dont 3430 * list. 3431 */ 3432 continue; 3433 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 3434 /* 3435 * Address being deleted on this ep don't 3436 * list. 3437 */ 3438 continue; 3439 } 3440 sctp_ifap = laddr->ifa; 3441 switch (sctp_ifap->address.sa.sa_family) { 3442 #ifdef INET 3443 case AF_INET: 3444 to = &sctp_ifap->address.sin; 3445 if (IN4_ISPRIVATE_ADDRESS(&to->sin_addr)) { 3446 continue; 3447 } 3448 if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 3449 continue; 3450 } 3451 break; 3452 #endif 3453 #ifdef INET6 3454 case AF_INET6: 3455 to6 = &sctp_ifap->address.sin6; 3456 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr)) { 3457 continue; 3458 } 3459 if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) { 3460 continue; 3461 } 3462 break; 3463 #endif 3464 default: 3465 continue; 3466 } 3467 sctp_asconf_queue_mgmt(stcb, sctp_ifap, SCTP_ADD_IP_ADDRESS); 3468 } 3469 } 3470 skip_rest: 3471 /* Now we must send the asconf into the queue */ 3472 sctp_send_asconf(stcb, net, SCTP_ADDR_NOT_LOCKED); 3473 } 3474