1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved. 5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * a) Redistributions of source code must retain the above copyright notice, 12 * this list of conditions and the following disclaimer. 13 * 14 * b) Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the distribution. 17 * 18 * c) Neither the name of Cisco Systems, Inc. nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 32 * THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <sys/cdefs.h> 36 __FBSDID("$FreeBSD$"); 37 38 #include <netinet/sctp_os.h> 39 #include <netinet/sctp_var.h> 40 #include <netinet/sctp_sysctl.h> 41 #include <netinet/sctp_pcb.h> 42 #include <netinet/sctp_header.h> 43 #include <netinet/sctputil.h> 44 #include <netinet/sctp_output.h> 45 #include <netinet/sctp_asconf.h> 46 #include <netinet/sctp_timer.h> 47 48 /* 49 * debug flags: 50 * SCTP_DEBUG_ASCONF1: protocol info, general info and errors 51 * SCTP_DEBUG_ASCONF2: detailed info 52 */ 53 54 55 /* 56 * RFC 5061 57 * 58 * An ASCONF parameter queue exists per asoc which holds the pending address 59 * operations. Lists are updated upon receipt of ASCONF-ACK. 60 * 61 * A restricted_addrs list exists per assoc to hold local addresses that are 62 * not (yet) usable by the assoc as a source address. These addresses are 63 * either pending an ASCONF operation (and exist on the ASCONF parameter 64 * queue), or they are permanently restricted (the peer has returned an 65 * ERROR indication to an ASCONF(ADD), or the peer does not support ASCONF). 66 * 67 * Deleted addresses are always immediately removed from the lists as they will 68 * (shortly) no longer exist in the kernel. We send ASCONFs as a courtesy, 69 * only if allowed. 70 */ 71 72 /* 73 * ASCONF parameter processing. 74 * response_required: set if a reply is required (eg. SUCCESS_REPORT). 75 * returns a mbuf to an "error" response parameter or NULL/"success" if ok. 76 * FIX: allocating this many mbufs on the fly is pretty inefficient... 77 */ 78 static struct mbuf * 79 sctp_asconf_success_response(uint32_t id) 80 { 81 struct mbuf *m_reply = NULL; 82 struct sctp_asconf_paramhdr *aph; 83 84 m_reply = sctp_get_mbuf_for_msg(sizeof(struct sctp_asconf_paramhdr), 85 0, M_NOWAIT, 1, MT_DATA); 86 if (m_reply == NULL) { 87 SCTPDBG(SCTP_DEBUG_ASCONF1, 88 "asconf_success_response: couldn't get mbuf!\n"); 89 return (NULL); 90 } 91 aph = mtod(m_reply, struct sctp_asconf_paramhdr *); 92 aph->correlation_id = id; 93 aph->ph.param_type = htons(SCTP_SUCCESS_REPORT); 94 aph->ph.param_length = sizeof(struct sctp_asconf_paramhdr); 95 SCTP_BUF_LEN(m_reply) = aph->ph.param_length; 96 aph->ph.param_length = htons(aph->ph.param_length); 97 98 return (m_reply); 99 } 100 101 static struct mbuf * 102 sctp_asconf_error_response(uint32_t id, uint16_t cause, uint8_t *error_tlv, 103 uint16_t tlv_length) 104 { 105 struct mbuf *m_reply = NULL; 106 struct sctp_asconf_paramhdr *aph; 107 struct sctp_error_cause *error; 108 size_t buf_len; 109 uint16_t i, param_length, cause_length, padding_length; 110 uint8_t *tlv; 111 112 if (error_tlv == NULL) { 113 tlv_length = 0; 114 } 115 cause_length = sizeof(struct sctp_error_cause) + tlv_length; 116 param_length = sizeof(struct sctp_asconf_paramhdr) + cause_length; 117 padding_length = tlv_length % 4; 118 if (padding_length != 0) { 119 padding_length = 4 - padding_length; 120 } 121 buf_len = param_length + padding_length; 122 if (buf_len > MLEN) { 123 SCTPDBG(SCTP_DEBUG_ASCONF1, 124 "asconf_error_response: tlv_length (%xh) too big\n", 125 tlv_length); 126 return (NULL); 127 } 128 m_reply = sctp_get_mbuf_for_msg(buf_len, 0, M_NOWAIT, 1, MT_DATA); 129 if (m_reply == NULL) { 130 SCTPDBG(SCTP_DEBUG_ASCONF1, 131 "asconf_error_response: couldn't get mbuf!\n"); 132 return (NULL); 133 } 134 aph = mtod(m_reply, struct sctp_asconf_paramhdr *); 135 aph->ph.param_type = htons(SCTP_ERROR_CAUSE_IND); 136 aph->ph.param_length = htons(param_length); 137 aph->correlation_id = id; 138 error = (struct sctp_error_cause *)(aph + 1); 139 error->code = htons(cause); 140 error->length = htons(cause_length); 141 if (error_tlv != NULL) { 142 tlv = (uint8_t *)(error + 1); 143 memcpy(tlv, error_tlv, tlv_length); 144 for (i = 0; i < padding_length; i++) { 145 tlv[tlv_length + i] = 0; 146 } 147 } 148 SCTP_BUF_LEN(m_reply) = buf_len; 149 return (m_reply); 150 } 151 152 static struct mbuf * 153 sctp_process_asconf_add_ip(struct sockaddr *src, struct sctp_asconf_paramhdr *aph, 154 struct sctp_tcb *stcb, int send_hb, int response_required) 155 { 156 struct sctp_nets *net; 157 struct mbuf *m_reply = NULL; 158 union sctp_sockstore store; 159 struct sctp_paramhdr *ph; 160 uint16_t param_type, aparam_length; 161 #if defined(INET) || defined(INET6) 162 uint16_t param_length; 163 #endif 164 struct sockaddr *sa; 165 int zero_address = 0; 166 int bad_address = 0; 167 #ifdef INET 168 struct sockaddr_in *sin; 169 struct sctp_ipv4addr_param *v4addr; 170 #endif 171 #ifdef INET6 172 struct sockaddr_in6 *sin6; 173 struct sctp_ipv6addr_param *v6addr; 174 #endif 175 176 aparam_length = ntohs(aph->ph.param_length); 177 if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_paramhdr)) { 178 return (NULL); 179 } 180 ph = (struct sctp_paramhdr *)(aph + 1); 181 param_type = ntohs(ph->param_type); 182 #if defined(INET) || defined(INET6) 183 param_length = ntohs(ph->param_length); 184 if (param_length + sizeof(struct sctp_asconf_paramhdr) != aparam_length) { 185 return (NULL); 186 } 187 #endif 188 sa = &store.sa; 189 switch (param_type) { 190 #ifdef INET 191 case SCTP_IPV4_ADDRESS: 192 if (param_length != sizeof(struct sctp_ipv4addr_param)) { 193 /* invalid param size */ 194 return (NULL); 195 } 196 v4addr = (struct sctp_ipv4addr_param *)ph; 197 sin = &store.sin; 198 memset(sin, 0, sizeof(*sin)); 199 sin->sin_family = AF_INET; 200 sin->sin_len = sizeof(struct sockaddr_in); 201 sin->sin_port = stcb->rport; 202 sin->sin_addr.s_addr = v4addr->addr; 203 if ((sin->sin_addr.s_addr == INADDR_BROADCAST) || 204 IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { 205 bad_address = 1; 206 } 207 if (sin->sin_addr.s_addr == INADDR_ANY) 208 zero_address = 1; 209 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_add_ip: adding "); 210 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 211 break; 212 #endif 213 #ifdef INET6 214 case SCTP_IPV6_ADDRESS: 215 if (param_length != sizeof(struct sctp_ipv6addr_param)) { 216 /* invalid param size */ 217 return (NULL); 218 } 219 v6addr = (struct sctp_ipv6addr_param *)ph; 220 sin6 = &store.sin6; 221 memset(sin6, 0, sizeof(*sin6)); 222 sin6->sin6_family = AF_INET6; 223 sin6->sin6_len = sizeof(struct sockaddr_in6); 224 sin6->sin6_port = stcb->rport; 225 memcpy((caddr_t)&sin6->sin6_addr, v6addr->addr, 226 sizeof(struct in6_addr)); 227 if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 228 bad_address = 1; 229 } 230 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) 231 zero_address = 1; 232 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_add_ip: adding "); 233 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 234 break; 235 #endif 236 default: 237 m_reply = sctp_asconf_error_response(aph->correlation_id, 238 SCTP_CAUSE_INVALID_PARAM, (uint8_t *)aph, 239 aparam_length); 240 return (m_reply); 241 } /* end switch */ 242 243 /* if 0.0.0.0/::0, add the source address instead */ 244 if (zero_address && SCTP_BASE_SYSCTL(sctp_nat_friendly)) { 245 sa = src; 246 SCTPDBG(SCTP_DEBUG_ASCONF1, 247 "process_asconf_add_ip: using source addr "); 248 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, src); 249 } 250 net = NULL; 251 /* add the address */ 252 if (bad_address) { 253 m_reply = sctp_asconf_error_response(aph->correlation_id, 254 SCTP_CAUSE_INVALID_PARAM, (uint8_t *)aph, 255 aparam_length); 256 } else if (sctp_add_remote_addr(stcb, sa, &net, stcb->asoc.port, 257 SCTP_DONOT_SETSCOPE, 258 SCTP_ADDR_DYNAMIC_ADDED) != 0) { 259 SCTPDBG(SCTP_DEBUG_ASCONF1, 260 "process_asconf_add_ip: error adding address\n"); 261 m_reply = sctp_asconf_error_response(aph->correlation_id, 262 SCTP_CAUSE_RESOURCE_SHORTAGE, (uint8_t *)aph, 263 aparam_length); 264 } else { 265 if (response_required) { 266 m_reply = 267 sctp_asconf_success_response(aph->correlation_id); 268 } 269 if (net != NULL) { 270 /* notify upper layer */ 271 sctp_ulp_notify(SCTP_NOTIFY_ASCONF_ADD_IP, stcb, 0, sa, SCTP_SO_NOT_LOCKED); 272 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb, net); 273 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, 274 stcb, net); 275 if (send_hb) { 276 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED); 277 } 278 } 279 } 280 return (m_reply); 281 } 282 283 static int 284 sctp_asconf_del_remote_addrs_except(struct sctp_tcb *stcb, struct sockaddr *src) 285 { 286 struct sctp_nets *src_net, *net, *nnet; 287 288 /* make sure the source address exists as a destination net */ 289 src_net = sctp_findnet(stcb, src); 290 if (src_net == NULL) { 291 /* not found */ 292 return (-1); 293 } 294 295 /* delete all destination addresses except the source */ 296 TAILQ_FOREACH_SAFE(net, &stcb->asoc.nets, sctp_next, nnet) { 297 if (net != src_net) { 298 /* delete this address */ 299 SCTPDBG(SCTP_DEBUG_ASCONF1, 300 "asconf_del_remote_addrs_except: deleting "); 301 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, 302 (struct sockaddr *)&net->ro._l_addr); 303 /* notify upper layer */ 304 sctp_ulp_notify(SCTP_NOTIFY_ASCONF_DELETE_IP, stcb, 0, 305 (struct sockaddr *)&net->ro._l_addr, SCTP_SO_NOT_LOCKED); 306 sctp_remove_net(stcb, net); 307 } 308 } 309 return (0); 310 } 311 312 static struct mbuf * 313 sctp_process_asconf_delete_ip(struct sockaddr *src, 314 struct sctp_asconf_paramhdr *aph, 315 struct sctp_tcb *stcb, int response_required) 316 { 317 struct mbuf *m_reply = NULL; 318 union sctp_sockstore store; 319 struct sctp_paramhdr *ph; 320 uint16_t param_type, aparam_length; 321 #if defined(INET) || defined(INET6) 322 uint16_t param_length; 323 #endif 324 struct sockaddr *sa; 325 int zero_address = 0; 326 int result; 327 #ifdef INET 328 struct sockaddr_in *sin; 329 struct sctp_ipv4addr_param *v4addr; 330 #endif 331 #ifdef INET6 332 struct sockaddr_in6 *sin6; 333 struct sctp_ipv6addr_param *v6addr; 334 #endif 335 336 aparam_length = ntohs(aph->ph.param_length); 337 if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_paramhdr)) { 338 return (NULL); 339 } 340 ph = (struct sctp_paramhdr *)(aph + 1); 341 param_type = ntohs(ph->param_type); 342 #if defined(INET) || defined(INET6) 343 param_length = ntohs(ph->param_length); 344 if (param_length + sizeof(struct sctp_asconf_paramhdr) != aparam_length) { 345 return (NULL); 346 } 347 #endif 348 sa = &store.sa; 349 switch (param_type) { 350 #ifdef INET 351 case SCTP_IPV4_ADDRESS: 352 if (param_length != sizeof(struct sctp_ipv4addr_param)) { 353 /* invalid param size */ 354 return (NULL); 355 } 356 v4addr = (struct sctp_ipv4addr_param *)ph; 357 sin = &store.sin; 358 memset(sin, 0, sizeof(*sin)); 359 sin->sin_family = AF_INET; 360 sin->sin_len = sizeof(struct sockaddr_in); 361 sin->sin_port = stcb->rport; 362 sin->sin_addr.s_addr = v4addr->addr; 363 if (sin->sin_addr.s_addr == INADDR_ANY) 364 zero_address = 1; 365 SCTPDBG(SCTP_DEBUG_ASCONF1, 366 "process_asconf_delete_ip: deleting "); 367 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 368 break; 369 #endif 370 #ifdef INET6 371 case SCTP_IPV6_ADDRESS: 372 if (param_length != sizeof(struct sctp_ipv6addr_param)) { 373 /* invalid param size */ 374 return (NULL); 375 } 376 v6addr = (struct sctp_ipv6addr_param *)ph; 377 sin6 = &store.sin6; 378 memset(sin6, 0, sizeof(*sin6)); 379 sin6->sin6_family = AF_INET6; 380 sin6->sin6_len = sizeof(struct sockaddr_in6); 381 sin6->sin6_port = stcb->rport; 382 memcpy(&sin6->sin6_addr, v6addr->addr, 383 sizeof(struct in6_addr)); 384 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) 385 zero_address = 1; 386 SCTPDBG(SCTP_DEBUG_ASCONF1, 387 "process_asconf_delete_ip: deleting "); 388 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 389 break; 390 #endif 391 default: 392 m_reply = sctp_asconf_error_response(aph->correlation_id, 393 SCTP_CAUSE_UNRESOLVABLE_ADDR, (uint8_t *)aph, 394 aparam_length); 395 return (m_reply); 396 } 397 398 /* make sure the source address is not being deleted */ 399 if (sctp_cmpaddr(sa, src)) { 400 /* trying to delete the source address! */ 401 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_delete_ip: tried to delete source addr\n"); 402 m_reply = sctp_asconf_error_response(aph->correlation_id, 403 SCTP_CAUSE_DELETING_SRC_ADDR, (uint8_t *)aph, 404 aparam_length); 405 return (m_reply); 406 } 407 408 /* if deleting 0.0.0.0/::0, delete all addresses except src addr */ 409 if (zero_address && SCTP_BASE_SYSCTL(sctp_nat_friendly)) { 410 result = sctp_asconf_del_remote_addrs_except(stcb, src); 411 412 if (result) { 413 /* src address did not exist? */ 414 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_delete_ip: src addr does not exist?\n"); 415 /* what error to reply with?? */ 416 m_reply = 417 sctp_asconf_error_response(aph->correlation_id, 418 SCTP_CAUSE_REQUEST_REFUSED, (uint8_t *)aph, 419 aparam_length); 420 } else if (response_required) { 421 m_reply = 422 sctp_asconf_success_response(aph->correlation_id); 423 } 424 return (m_reply); 425 } 426 427 /* delete the address */ 428 result = sctp_del_remote_addr(stcb, sa); 429 /* 430 * note if result == -2, the address doesn't exist in the asoc but 431 * since it's being deleted anyways, we just ack the delete -- but 432 * this probably means something has already gone awry 433 */ 434 if (result == -1) { 435 /* only one address in the asoc */ 436 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_delete_ip: tried to delete last IP addr!\n"); 437 m_reply = sctp_asconf_error_response(aph->correlation_id, 438 SCTP_CAUSE_DELETING_LAST_ADDR, (uint8_t *)aph, 439 aparam_length); 440 } else { 441 if (response_required) { 442 m_reply = sctp_asconf_success_response(aph->correlation_id); 443 } 444 /* notify upper layer */ 445 sctp_ulp_notify(SCTP_NOTIFY_ASCONF_DELETE_IP, stcb, 0, sa, SCTP_SO_NOT_LOCKED); 446 } 447 return (m_reply); 448 } 449 450 static struct mbuf * 451 sctp_process_asconf_set_primary(struct sockaddr *src, 452 struct sctp_asconf_paramhdr *aph, 453 struct sctp_tcb *stcb, int response_required) 454 { 455 struct mbuf *m_reply = NULL; 456 union sctp_sockstore store; 457 struct sctp_paramhdr *ph; 458 uint16_t param_type, aparam_length; 459 #if defined(INET) || defined(INET6) 460 uint16_t param_length; 461 #endif 462 struct sockaddr *sa; 463 int zero_address = 0; 464 #ifdef INET 465 struct sockaddr_in *sin; 466 struct sctp_ipv4addr_param *v4addr; 467 #endif 468 #ifdef INET6 469 struct sockaddr_in6 *sin6; 470 struct sctp_ipv6addr_param *v6addr; 471 #endif 472 473 aparam_length = ntohs(aph->ph.param_length); 474 if (aparam_length < sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_paramhdr)) { 475 return (NULL); 476 } 477 ph = (struct sctp_paramhdr *)(aph + 1); 478 param_type = ntohs(ph->param_type); 479 #if defined(INET) || defined(INET6) 480 param_length = ntohs(ph->param_length); 481 if (param_length + sizeof(struct sctp_asconf_paramhdr) != aparam_length) { 482 return (NULL); 483 } 484 #endif 485 sa = &store.sa; 486 switch (param_type) { 487 #ifdef INET 488 case SCTP_IPV4_ADDRESS: 489 if (param_length != sizeof(struct sctp_ipv4addr_param)) { 490 /* invalid param size */ 491 return (NULL); 492 } 493 v4addr = (struct sctp_ipv4addr_param *)ph; 494 sin = &store.sin; 495 memset(sin, 0, sizeof(*sin)); 496 sin->sin_family = AF_INET; 497 sin->sin_len = sizeof(struct sockaddr_in); 498 sin->sin_addr.s_addr = v4addr->addr; 499 if (sin->sin_addr.s_addr == INADDR_ANY) 500 zero_address = 1; 501 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_set_primary: "); 502 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 503 break; 504 #endif 505 #ifdef INET6 506 case SCTP_IPV6_ADDRESS: 507 if (param_length != sizeof(struct sctp_ipv6addr_param)) { 508 /* invalid param size */ 509 return (NULL); 510 } 511 v6addr = (struct sctp_ipv6addr_param *)ph; 512 sin6 = &store.sin6; 513 memset(sin6, 0, sizeof(*sin6)); 514 sin6->sin6_family = AF_INET6; 515 sin6->sin6_len = sizeof(struct sockaddr_in6); 516 memcpy((caddr_t)&sin6->sin6_addr, v6addr->addr, 517 sizeof(struct in6_addr)); 518 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) 519 zero_address = 1; 520 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_set_primary: "); 521 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 522 break; 523 #endif 524 default: 525 m_reply = sctp_asconf_error_response(aph->correlation_id, 526 SCTP_CAUSE_UNRESOLVABLE_ADDR, (uint8_t *)aph, 527 aparam_length); 528 return (m_reply); 529 } 530 531 /* if 0.0.0.0/::0, use the source address instead */ 532 if (zero_address && SCTP_BASE_SYSCTL(sctp_nat_friendly)) { 533 sa = src; 534 SCTPDBG(SCTP_DEBUG_ASCONF1, 535 "process_asconf_set_primary: using source addr "); 536 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, src); 537 } 538 /* set the primary address */ 539 if (sctp_set_primary_addr(stcb, sa, NULL) == 0) { 540 SCTPDBG(SCTP_DEBUG_ASCONF1, 541 "process_asconf_set_primary: primary address set\n"); 542 /* notify upper layer */ 543 sctp_ulp_notify(SCTP_NOTIFY_ASCONF_SET_PRIMARY, stcb, 0, sa, SCTP_SO_NOT_LOCKED); 544 if ((stcb->asoc.primary_destination->dest_state & SCTP_ADDR_REACHABLE) && 545 (!(stcb->asoc.primary_destination->dest_state & SCTP_ADDR_PF)) && 546 (stcb->asoc.alternate)) { 547 sctp_free_remote_addr(stcb->asoc.alternate); 548 stcb->asoc.alternate = NULL; 549 } 550 if (response_required) { 551 m_reply = sctp_asconf_success_response(aph->correlation_id); 552 } 553 /* 554 * Mobility adaptation. Ideally, when the reception of SET 555 * PRIMARY with DELETE IP ADDRESS of the previous primary 556 * destination, unacknowledged DATA are retransmitted 557 * immediately to the new primary destination for seamless 558 * handover. If the destination is UNCONFIRMED and marked to 559 * REQ_PRIM, The retransmission occur when reception of the 560 * HEARTBEAT-ACK. (See sctp_handle_heartbeat_ack in 561 * sctp_input.c) Also, when change of the primary 562 * destination, it is better that all subsequent new DATA 563 * containing already queued DATA are transmitted to the new 564 * primary destination. (by micchie) 565 */ 566 if ((sctp_is_mobility_feature_on(stcb->sctp_ep, 567 SCTP_MOBILITY_BASE) || 568 sctp_is_mobility_feature_on(stcb->sctp_ep, 569 SCTP_MOBILITY_FASTHANDOFF)) && 570 sctp_is_mobility_feature_on(stcb->sctp_ep, 571 SCTP_MOBILITY_PRIM_DELETED) && 572 (stcb->asoc.primary_destination->dest_state & 573 SCTP_ADDR_UNCONFIRMED) == 0) { 574 575 sctp_timer_stop(SCTP_TIMER_TYPE_PRIM_DELETED, 576 stcb->sctp_ep, stcb, NULL, 577 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_1); 578 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 579 SCTP_MOBILITY_FASTHANDOFF)) { 580 sctp_assoc_immediate_retrans(stcb, 581 stcb->asoc.primary_destination); 582 } 583 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 584 SCTP_MOBILITY_BASE)) { 585 sctp_move_chunks_from_net(stcb, 586 stcb->asoc.deleted_primary); 587 } 588 sctp_delete_prim_timer(stcb->sctp_ep, stcb, 589 stcb->asoc.deleted_primary); 590 } 591 } else { 592 /* couldn't set the requested primary address! */ 593 SCTPDBG(SCTP_DEBUG_ASCONF1, 594 "process_asconf_set_primary: set primary failed!\n"); 595 /* must have been an invalid address, so report */ 596 m_reply = sctp_asconf_error_response(aph->correlation_id, 597 SCTP_CAUSE_UNRESOLVABLE_ADDR, (uint8_t *)aph, 598 aparam_length); 599 } 600 601 return (m_reply); 602 } 603 604 /* 605 * handles an ASCONF chunk. 606 * if all parameters are processed ok, send a plain (empty) ASCONF-ACK 607 */ 608 void 609 sctp_handle_asconf(struct mbuf *m, unsigned int offset, 610 struct sockaddr *src, 611 struct sctp_asconf_chunk *cp, struct sctp_tcb *stcb, 612 int first) 613 { 614 struct sctp_association *asoc; 615 uint32_t serial_num; 616 struct mbuf *n, *m_ack, *m_result, *m_tail; 617 struct sctp_asconf_ack_chunk *ack_cp; 618 struct sctp_asconf_paramhdr *aph; 619 struct sctp_ipv6addr_param *p_addr; 620 unsigned int asconf_limit, cnt; 621 int error = 0; /* did an error occur? */ 622 623 /* asconf param buffer */ 624 uint8_t aparam_buf[SCTP_PARAM_BUFFER_SIZE]; 625 struct sctp_asconf_ack *ack, *ack_next; 626 627 /* verify minimum length */ 628 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_asconf_chunk)) { 629 SCTPDBG(SCTP_DEBUG_ASCONF1, 630 "handle_asconf: chunk too small = %xh\n", 631 ntohs(cp->ch.chunk_length)); 632 return; 633 } 634 asoc = &stcb->asoc; 635 serial_num = ntohl(cp->serial_number); 636 637 if (SCTP_TSN_GE(asoc->asconf_seq_in, serial_num)) { 638 /* got a duplicate ASCONF */ 639 SCTPDBG(SCTP_DEBUG_ASCONF1, 640 "handle_asconf: got duplicate serial number = %xh\n", 641 serial_num); 642 return; 643 } else if (serial_num != (asoc->asconf_seq_in + 1)) { 644 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: incorrect serial number = %xh (expected next = %xh)\n", 645 serial_num, asoc->asconf_seq_in + 1); 646 return; 647 } 648 649 /* it's the expected "next" sequence number, so process it */ 650 asoc->asconf_seq_in = serial_num; /* update sequence */ 651 /* get length of all the param's in the ASCONF */ 652 asconf_limit = offset + ntohs(cp->ch.chunk_length); 653 SCTPDBG(SCTP_DEBUG_ASCONF1, 654 "handle_asconf: asconf_limit=%u, sequence=%xh\n", 655 asconf_limit, serial_num); 656 657 if (first) { 658 /* delete old cache */ 659 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: Now processing first ASCONF. Try to delete old cache\n"); 660 661 TAILQ_FOREACH_SAFE(ack, &asoc->asconf_ack_sent, next, ack_next) { 662 if (ack->serial_number == serial_num) 663 break; 664 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: delete old(%u) < first(%u)\n", 665 ack->serial_number, serial_num); 666 TAILQ_REMOVE(&asoc->asconf_ack_sent, ack, next); 667 if (ack->data != NULL) { 668 sctp_m_freem(ack->data); 669 } 670 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asconf_ack), ack); 671 } 672 } 673 674 m_ack = sctp_get_mbuf_for_msg(sizeof(struct sctp_asconf_ack_chunk), 0, 675 M_NOWAIT, 1, MT_DATA); 676 if (m_ack == NULL) { 677 SCTPDBG(SCTP_DEBUG_ASCONF1, 678 "handle_asconf: couldn't get mbuf!\n"); 679 return; 680 } 681 m_tail = m_ack; /* current reply chain's tail */ 682 683 /* fill in ASCONF-ACK header */ 684 ack_cp = mtod(m_ack, struct sctp_asconf_ack_chunk *); 685 ack_cp->ch.chunk_type = SCTP_ASCONF_ACK; 686 ack_cp->ch.chunk_flags = 0; 687 ack_cp->serial_number = htonl(serial_num); 688 /* set initial lengths (eg. just an ASCONF-ACK), ntohx at the end! */ 689 SCTP_BUF_LEN(m_ack) = sizeof(struct sctp_asconf_ack_chunk); 690 ack_cp->ch.chunk_length = sizeof(struct sctp_asconf_ack_chunk); 691 692 /* skip the lookup address parameter */ 693 offset += sizeof(struct sctp_asconf_chunk); 694 p_addr = (struct sctp_ipv6addr_param *)sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr), (uint8_t *)&aparam_buf); 695 if (p_addr == NULL) { 696 SCTPDBG(SCTP_DEBUG_ASCONF1, 697 "handle_asconf: couldn't get lookup addr!\n"); 698 /* respond with a missing/invalid mandatory parameter error */ 699 sctp_m_freem(m_ack); 700 return; 701 } 702 /* skip lookup addr */ 703 offset += SCTP_SIZE32(ntohs(p_addr->ph.param_length)); 704 /* get pointer to first asconf param in ASCONF */ 705 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, sizeof(struct sctp_asconf_paramhdr), (uint8_t *)&aparam_buf); 706 if (aph == NULL) { 707 SCTPDBG(SCTP_DEBUG_ASCONF1, "Empty ASCONF received?\n"); 708 goto send_reply; 709 } 710 /* process through all parameters */ 711 cnt = 0; 712 while (aph != NULL) { 713 unsigned int param_length, param_type; 714 715 param_type = ntohs(aph->ph.param_type); 716 param_length = ntohs(aph->ph.param_length); 717 if (offset + param_length > asconf_limit) { 718 /* parameter goes beyond end of chunk! */ 719 sctp_m_freem(m_ack); 720 return; 721 } 722 m_result = NULL; 723 724 if (param_length > sizeof(aparam_buf)) { 725 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: param length (%u) larger than buffer size!\n", param_length); 726 sctp_m_freem(m_ack); 727 return; 728 } 729 if (param_length <= sizeof(struct sctp_paramhdr)) { 730 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: param length (%u) too short\n", param_length); 731 sctp_m_freem(m_ack); 732 return; 733 } 734 /* get the entire parameter */ 735 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, param_length, aparam_buf); 736 if (aph == NULL) { 737 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: couldn't get entire param\n"); 738 sctp_m_freem(m_ack); 739 return; 740 } 741 switch (param_type) { 742 case SCTP_ADD_IP_ADDRESS: 743 m_result = sctp_process_asconf_add_ip(src, aph, stcb, 744 (cnt < SCTP_BASE_SYSCTL(sctp_hb_maxburst)), error); 745 cnt++; 746 break; 747 case SCTP_DEL_IP_ADDRESS: 748 m_result = sctp_process_asconf_delete_ip(src, aph, stcb, 749 error); 750 break; 751 case SCTP_ERROR_CAUSE_IND: 752 /* not valid in an ASCONF chunk */ 753 break; 754 case SCTP_SET_PRIM_ADDR: 755 m_result = sctp_process_asconf_set_primary(src, aph, 756 stcb, error); 757 break; 758 case SCTP_NAT_VTAGS: 759 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: sees a NAT VTAG state parameter\n"); 760 break; 761 case SCTP_SUCCESS_REPORT: 762 /* not valid in an ASCONF chunk */ 763 break; 764 case SCTP_ULP_ADAPTATION: 765 /* FIX */ 766 break; 767 default: 768 if ((param_type & 0x8000) == 0) { 769 /* Been told to STOP at this param */ 770 asconf_limit = offset; 771 /* 772 * FIX FIX - We need to call 773 * sctp_arethere_unrecognized_parameters() 774 * to get a operr and send it for any 775 * param's with the 0x4000 bit set OR do it 776 * here ourselves... note we still must STOP 777 * if the 0x8000 bit is clear. 778 */ 779 } 780 /* unknown/invalid param type */ 781 break; 782 } /* switch */ 783 784 /* add any (error) result to the reply mbuf chain */ 785 if (m_result != NULL) { 786 SCTP_BUF_NEXT(m_tail) = m_result; 787 m_tail = m_result; 788 ack_cp->ch.chunk_length += SCTP_BUF_LEN(m_result); 789 /* set flag to force success reports */ 790 error = 1; 791 } 792 offset += SCTP_SIZE32(param_length); 793 /* update remaining ASCONF message length to process */ 794 if (offset >= asconf_limit) { 795 /* no more data in the mbuf chain */ 796 break; 797 } 798 /* get pointer to next asconf param */ 799 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, 800 sizeof(struct sctp_asconf_paramhdr), 801 (uint8_t *)&aparam_buf); 802 if (aph == NULL) { 803 /* can't get an asconf paramhdr */ 804 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: can't get asconf param hdr!\n"); 805 /* FIX ME - add error here... */ 806 } 807 } 808 809 send_reply: 810 ack_cp->ch.chunk_length = htons(ack_cp->ch.chunk_length); 811 /* save the ASCONF-ACK reply */ 812 ack = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_asconf_ack), 813 struct sctp_asconf_ack); 814 if (ack == NULL) { 815 sctp_m_freem(m_ack); 816 return; 817 } 818 ack->serial_number = serial_num; 819 ack->last_sent_to = NULL; 820 ack->data = m_ack; 821 ack->len = 0; 822 for (n = m_ack; n != NULL; n = SCTP_BUF_NEXT(n)) { 823 ack->len += SCTP_BUF_LEN(n); 824 } 825 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_ack_sent, ack, next); 826 827 /* see if last_control_chunk_from is set properly (use IP src addr) */ 828 if (stcb->asoc.last_control_chunk_from == NULL) { 829 /* 830 * this could happen if the source address was just newly 831 * added 832 */ 833 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: looking up net for IP source address\n"); 834 SCTPDBG(SCTP_DEBUG_ASCONF1, "Looking for IP source: "); 835 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, src); 836 /* look up the from address */ 837 stcb->asoc.last_control_chunk_from = sctp_findnet(stcb, src); 838 #ifdef SCTP_DEBUG 839 if (stcb->asoc.last_control_chunk_from == NULL) { 840 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: IP source address not found?!\n"); 841 } 842 #endif 843 } 844 } 845 846 /* 847 * does the address match? returns 0 if not, 1 if so 848 */ 849 static uint32_t 850 sctp_asconf_addr_match(struct sctp_asconf_addr *aa, struct sockaddr *sa) 851 { 852 switch (sa->sa_family) { 853 #ifdef INET6 854 case AF_INET6: 855 { 856 /* XXX scopeid */ 857 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; 858 859 if ((aa->ap.addrp.ph.param_type == SCTP_IPV6_ADDRESS) && 860 (memcmp(&aa->ap.addrp.addr, &sin6->sin6_addr, 861 sizeof(struct in6_addr)) == 0)) { 862 return (1); 863 } 864 break; 865 } 866 #endif 867 #ifdef INET 868 case AF_INET: 869 { 870 struct sockaddr_in *sin = (struct sockaddr_in *)sa; 871 872 if ((aa->ap.addrp.ph.param_type == SCTP_IPV4_ADDRESS) && 873 (memcmp(&aa->ap.addrp.addr, &sin->sin_addr, 874 sizeof(struct in_addr)) == 0)) { 875 return (1); 876 } 877 break; 878 } 879 #endif 880 default: 881 break; 882 } 883 return (0); 884 } 885 886 /* 887 * does the address match? returns 0 if not, 1 if so 888 */ 889 static uint32_t 890 sctp_addr_match(struct sctp_paramhdr *ph, struct sockaddr *sa) 891 { 892 #if defined(INET) || defined(INET6) 893 uint16_t param_type, param_length; 894 895 param_type = ntohs(ph->param_type); 896 param_length = ntohs(ph->param_length); 897 #endif 898 switch (sa->sa_family) { 899 #ifdef INET6 900 case AF_INET6: 901 { 902 /* XXX scopeid */ 903 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; 904 struct sctp_ipv6addr_param *v6addr; 905 906 v6addr = (struct sctp_ipv6addr_param *)ph; 907 if ((param_type == SCTP_IPV6_ADDRESS) && 908 (param_length == sizeof(struct sctp_ipv6addr_param)) && 909 (memcmp(&v6addr->addr, &sin6->sin6_addr, 910 sizeof(struct in6_addr)) == 0)) { 911 return (1); 912 } 913 break; 914 } 915 #endif 916 #ifdef INET 917 case AF_INET: 918 { 919 struct sockaddr_in *sin = (struct sockaddr_in *)sa; 920 struct sctp_ipv4addr_param *v4addr; 921 922 v4addr = (struct sctp_ipv4addr_param *)ph; 923 if ((param_type == SCTP_IPV4_ADDRESS) && 924 (param_length == sizeof(struct sctp_ipv4addr_param)) && 925 (memcmp(&v4addr->addr, &sin->sin_addr, 926 sizeof(struct in_addr)) == 0)) { 927 return (1); 928 } 929 break; 930 } 931 #endif 932 default: 933 break; 934 } 935 return (0); 936 } 937 938 /* 939 * Cleanup for non-responded/OP ERR'd ASCONF 940 */ 941 void 942 sctp_asconf_cleanup(struct sctp_tcb *stcb, struct sctp_nets *net) 943 { 944 /* 945 * clear out any existing asconfs going out 946 */ 947 sctp_timer_stop(SCTP_TIMER_TYPE_ASCONF, stcb->sctp_ep, stcb, net, 948 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_2); 949 stcb->asoc.asconf_seq_out_acked = stcb->asoc.asconf_seq_out; 950 /* remove the old ASCONF on our outbound queue */ 951 sctp_toss_old_asconf(stcb); 952 } 953 954 /* 955 * cleanup any cached source addresses that may be topologically 956 * incorrect after a new address has been added to this interface. 957 */ 958 static void 959 sctp_asconf_nets_cleanup(struct sctp_tcb *stcb, struct sctp_ifn *ifn) 960 { 961 struct sctp_nets *net; 962 963 /* 964 * Ideally, we want to only clear cached routes and source addresses 965 * that are topologically incorrect. But since there is no easy way 966 * to know whether the newly added address on the ifn would cause a 967 * routing change (i.e. a new egress interface would be chosen) 968 * without doing a new routing lookup and source address selection, 969 * we will (for now) just flush any cached route using a different 970 * ifn (and cached source addrs) and let output re-choose them 971 * during the next send on that net. 972 */ 973 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 974 /* 975 * clear any cached route (and cached source address) if the 976 * route's interface is NOT the same as the address change. 977 * If it's the same interface, just clear the cached source 978 * address. 979 */ 980 if (SCTP_ROUTE_HAS_VALID_IFN(&net->ro) && 981 ((ifn == NULL) || 982 (SCTP_GET_IF_INDEX_FROM_ROUTE(&net->ro) != ifn->ifn_index))) { 983 /* clear any cached route */ 984 RTFREE(net->ro.ro_rt); 985 net->ro.ro_rt = NULL; 986 } 987 /* clear any cached source address */ 988 if (net->src_addr_selected) { 989 sctp_free_ifa(net->ro._s_addr); 990 net->ro._s_addr = NULL; 991 net->src_addr_selected = 0; 992 } 993 } 994 } 995 996 997 void 998 sctp_assoc_immediate_retrans(struct sctp_tcb *stcb, struct sctp_nets *dstnet) 999 { 1000 int error; 1001 1002 if (dstnet->dest_state & SCTP_ADDR_UNCONFIRMED) { 1003 return; 1004 } 1005 if (stcb->asoc.deleted_primary == NULL) { 1006 return; 1007 } 1008 1009 if (!TAILQ_EMPTY(&stcb->asoc.sent_queue)) { 1010 SCTPDBG(SCTP_DEBUG_ASCONF1, "assoc_immediate_retrans: Deleted primary is "); 1011 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.deleted_primary->ro._l_addr.sa); 1012 SCTPDBG(SCTP_DEBUG_ASCONF1, "Current Primary is "); 1013 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.primary_destination->ro._l_addr.sa); 1014 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, 1015 stcb->asoc.deleted_primary, 1016 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_3); 1017 stcb->asoc.num_send_timers_up--; 1018 if (stcb->asoc.num_send_timers_up < 0) { 1019 stcb->asoc.num_send_timers_up = 0; 1020 } 1021 SCTP_TCB_LOCK_ASSERT(stcb); 1022 error = sctp_t3rxt_timer(stcb->sctp_ep, stcb, 1023 stcb->asoc.deleted_primary); 1024 if (error) { 1025 SCTP_INP_DECR_REF(stcb->sctp_ep); 1026 return; 1027 } 1028 SCTP_TCB_LOCK_ASSERT(stcb); 1029 #ifdef SCTP_AUDITING_ENABLED 1030 sctp_auditing(4, stcb->sctp_ep, stcb, stcb->asoc.deleted_primary); 1031 #endif 1032 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1033 if ((stcb->asoc.num_send_timers_up == 0) && 1034 (stcb->asoc.sent_queue_cnt > 0)) { 1035 struct sctp_tmit_chunk *chk; 1036 1037 chk = TAILQ_FIRST(&stcb->asoc.sent_queue); 1038 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, 1039 stcb, chk->whoTo); 1040 } 1041 } 1042 return; 1043 } 1044 1045 static int 1046 sctp_asconf_queue_mgmt(struct sctp_tcb *, struct sctp_ifa *, uint16_t); 1047 1048 void 1049 sctp_net_immediate_retrans(struct sctp_tcb *stcb, struct sctp_nets *net) 1050 { 1051 struct sctp_tmit_chunk *chk; 1052 1053 SCTPDBG(SCTP_DEBUG_ASCONF1, "net_immediate_retrans: RTO is %d\n", net->RTO); 1054 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, net, 1055 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_4); 1056 stcb->asoc.cc_functions.sctp_set_initial_cc_param(stcb, net); 1057 net->error_count = 0; 1058 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 1059 if (chk->whoTo == net) { 1060 if (chk->sent < SCTP_DATAGRAM_RESEND) { 1061 chk->sent = SCTP_DATAGRAM_RESEND; 1062 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt); 1063 sctp_flight_size_decrease(chk); 1064 sctp_total_flight_decrease(stcb, chk); 1065 net->marked_retrans++; 1066 stcb->asoc.marked_retrans++; 1067 } 1068 } 1069 } 1070 if (net->marked_retrans) { 1071 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1072 } 1073 } 1074 1075 static void 1076 sctp_path_check_and_react(struct sctp_tcb *stcb, struct sctp_ifa *newifa) 1077 { 1078 struct sctp_nets *net; 1079 int addrnum, changed; 1080 1081 /* 1082 * If number of local valid addresses is 1, the valid address is 1083 * probably newly added address. Several valid addresses in this 1084 * association. A source address may not be changed. Additionally, 1085 * they can be configured on a same interface as "alias" addresses. 1086 * (by micchie) 1087 */ 1088 addrnum = sctp_local_addr_count(stcb); 1089 SCTPDBG(SCTP_DEBUG_ASCONF1, "p_check_react(): %d local addresses\n", 1090 addrnum); 1091 if (addrnum == 1) { 1092 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1093 /* clear any cached route and source address */ 1094 if (net->ro.ro_rt) { 1095 RTFREE(net->ro.ro_rt); 1096 net->ro.ro_rt = NULL; 1097 } 1098 if (net->src_addr_selected) { 1099 sctp_free_ifa(net->ro._s_addr); 1100 net->ro._s_addr = NULL; 1101 net->src_addr_selected = 0; 1102 } 1103 /* Retransmit unacknowledged DATA chunks immediately */ 1104 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 1105 SCTP_MOBILITY_FASTHANDOFF)) { 1106 sctp_net_immediate_retrans(stcb, net); 1107 } 1108 /* also, SET PRIMARY is maybe already sent */ 1109 } 1110 return; 1111 } 1112 1113 /* Multiple local addresses exsist in the association. */ 1114 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1115 /* clear any cached route and source address */ 1116 if (net->ro.ro_rt) { 1117 RTFREE(net->ro.ro_rt); 1118 net->ro.ro_rt = NULL; 1119 } 1120 if (net->src_addr_selected) { 1121 sctp_free_ifa(net->ro._s_addr); 1122 net->ro._s_addr = NULL; 1123 net->src_addr_selected = 0; 1124 } 1125 /* 1126 * Check if the nexthop is corresponding to the new address. 1127 * If the new address is corresponding to the current 1128 * nexthop, the path will be changed. If the new address is 1129 * NOT corresponding to the current nexthop, the path will 1130 * not be changed. 1131 */ 1132 SCTP_RTALLOC((sctp_route_t *)&net->ro, 1133 stcb->sctp_ep->def_vrf_id, 1134 stcb->sctp_ep->fibnum); 1135 if (net->ro.ro_rt == NULL) 1136 continue; 1137 1138 changed = 0; 1139 switch (net->ro._l_addr.sa.sa_family) { 1140 #ifdef INET 1141 case AF_INET: 1142 if (sctp_v4src_match_nexthop(newifa, (sctp_route_t *)&net->ro)) { 1143 changed = 1; 1144 } 1145 break; 1146 #endif 1147 #ifdef INET6 1148 case AF_INET6: 1149 if (sctp_v6src_match_nexthop( 1150 &newifa->address.sin6, (sctp_route_t *)&net->ro)) { 1151 changed = 1; 1152 } 1153 break; 1154 #endif 1155 default: 1156 break; 1157 } 1158 /* 1159 * if the newly added address does not relate routing 1160 * information, we skip. 1161 */ 1162 if (changed == 0) 1163 continue; 1164 /* Retransmit unacknowledged DATA chunks immediately */ 1165 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 1166 SCTP_MOBILITY_FASTHANDOFF)) { 1167 sctp_net_immediate_retrans(stcb, net); 1168 } 1169 /* Send SET PRIMARY for this new address */ 1170 if (net == stcb->asoc.primary_destination) { 1171 (void)sctp_asconf_queue_mgmt(stcb, newifa, 1172 SCTP_SET_PRIM_ADDR); 1173 } 1174 } 1175 } 1176 1177 /* 1178 * process an ADD/DELETE IP ack from peer. 1179 * addr: corresponding sctp_ifa to the address being added/deleted. 1180 * type: SCTP_ADD_IP_ADDRESS or SCTP_DEL_IP_ADDRESS. 1181 * flag: 1=success, 0=failure. 1182 */ 1183 static void 1184 sctp_asconf_addr_mgmt_ack(struct sctp_tcb *stcb, struct sctp_ifa *addr, uint32_t flag) 1185 { 1186 /* 1187 * do the necessary asoc list work- if we get a failure indication, 1188 * leave the address on the assoc's restricted list. If we get a 1189 * success indication, remove the address from the restricted list. 1190 */ 1191 /* 1192 * Note: this will only occur for ADD_IP_ADDRESS, since 1193 * DEL_IP_ADDRESS is never actually added to the list... 1194 */ 1195 if (flag) { 1196 /* success case, so remove from the restricted list */ 1197 sctp_del_local_addr_restricted(stcb, addr); 1198 1199 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 1200 SCTP_MOBILITY_BASE) || 1201 sctp_is_mobility_feature_on(stcb->sctp_ep, 1202 SCTP_MOBILITY_FASTHANDOFF)) { 1203 sctp_path_check_and_react(stcb, addr); 1204 return; 1205 } 1206 /* clear any cached/topologically incorrect source addresses */ 1207 sctp_asconf_nets_cleanup(stcb, addr->ifn_p); 1208 } 1209 /* else, leave it on the list */ 1210 } 1211 1212 /* 1213 * add an asconf add/delete/set primary IP address parameter to the queue. 1214 * type = SCTP_ADD_IP_ADDRESS, SCTP_DEL_IP_ADDRESS, SCTP_SET_PRIM_ADDR. 1215 * returns 0 if queued, -1 if not queued/removed. 1216 * NOTE: if adding, but a delete for the same address is already scheduled 1217 * (and not yet sent out), simply remove it from queue. Same for deleting 1218 * an address already scheduled for add. If a duplicate operation is found, 1219 * ignore the new one. 1220 */ 1221 static int 1222 sctp_asconf_queue_mgmt(struct sctp_tcb *stcb, struct sctp_ifa *ifa, 1223 uint16_t type) 1224 { 1225 struct sctp_asconf_addr *aa, *aa_next; 1226 1227 /* make sure the request isn't already in the queue */ 1228 TAILQ_FOREACH_SAFE(aa, &stcb->asoc.asconf_queue, next, aa_next) { 1229 /* address match? */ 1230 if (sctp_asconf_addr_match(aa, &ifa->address.sa) == 0) 1231 continue; 1232 /* 1233 * is the request already in queue but not sent? pass the 1234 * request already sent in order to resolve the following 1235 * case: 1. arrival of ADD, then sent 2. arrival of DEL. we 1236 * can't remove the ADD request already sent 3. arrival of 1237 * ADD 1238 */ 1239 if (aa->ap.aph.ph.param_type == type && aa->sent == 0) { 1240 return (-1); 1241 } 1242 /* is the negative request already in queue, and not sent */ 1243 if ((aa->sent == 0) && (type == SCTP_ADD_IP_ADDRESS) && 1244 (aa->ap.aph.ph.param_type == SCTP_DEL_IP_ADDRESS)) { 1245 /* add requested, delete already queued */ 1246 TAILQ_REMOVE(&stcb->asoc.asconf_queue, aa, next); 1247 /* remove the ifa from the restricted list */ 1248 sctp_del_local_addr_restricted(stcb, ifa); 1249 /* free the asconf param */ 1250 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1251 SCTPDBG(SCTP_DEBUG_ASCONF2, "asconf_queue_mgmt: add removes queued entry\n"); 1252 return (-1); 1253 } 1254 if ((aa->sent == 0) && (type == SCTP_DEL_IP_ADDRESS) && 1255 (aa->ap.aph.ph.param_type == SCTP_ADD_IP_ADDRESS)) { 1256 /* delete requested, add already queued */ 1257 TAILQ_REMOVE(&stcb->asoc.asconf_queue, aa, next); 1258 /* remove the aa->ifa from the restricted list */ 1259 sctp_del_local_addr_restricted(stcb, aa->ifa); 1260 /* free the asconf param */ 1261 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1262 SCTPDBG(SCTP_DEBUG_ASCONF2, "asconf_queue_mgmt: delete removes queued entry\n"); 1263 return (-1); 1264 } 1265 } /* for each aa */ 1266 1267 /* adding new request to the queue */ 1268 SCTP_MALLOC(aa, struct sctp_asconf_addr *, sizeof(*aa), 1269 SCTP_M_ASC_ADDR); 1270 if (aa == NULL) { 1271 /* didn't get memory */ 1272 SCTPDBG(SCTP_DEBUG_ASCONF1, "asconf_queue_mgmt: failed to get memory!\n"); 1273 return (-1); 1274 } 1275 aa->special_del = 0; 1276 /* fill in asconf address parameter fields */ 1277 /* top level elements are "networked" during send */ 1278 aa->ap.aph.ph.param_type = type; 1279 aa->ifa = ifa; 1280 atomic_add_int(&ifa->refcount, 1); 1281 /* correlation_id filled in during send routine later... */ 1282 switch (ifa->address.sa.sa_family) { 1283 #ifdef INET6 1284 case AF_INET6: 1285 { 1286 struct sockaddr_in6 *sin6; 1287 1288 sin6 = &ifa->address.sin6; 1289 aa->ap.addrp.ph.param_type = SCTP_IPV6_ADDRESS; 1290 aa->ap.addrp.ph.param_length = (sizeof(struct sctp_ipv6addr_param)); 1291 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_paramhdr) + 1292 sizeof(struct sctp_ipv6addr_param); 1293 memcpy(&aa->ap.addrp.addr, &sin6->sin6_addr, 1294 sizeof(struct in6_addr)); 1295 break; 1296 } 1297 #endif 1298 #ifdef INET 1299 case AF_INET: 1300 { 1301 struct sockaddr_in *sin; 1302 1303 sin = &ifa->address.sin; 1304 aa->ap.addrp.ph.param_type = SCTP_IPV4_ADDRESS; 1305 aa->ap.addrp.ph.param_length = (sizeof(struct sctp_ipv4addr_param)); 1306 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_paramhdr) + 1307 sizeof(struct sctp_ipv4addr_param); 1308 memcpy(&aa->ap.addrp.addr, &sin->sin_addr, 1309 sizeof(struct in_addr)); 1310 break; 1311 } 1312 #endif 1313 default: 1314 /* invalid family! */ 1315 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1316 sctp_free_ifa(ifa); 1317 return (-1); 1318 } 1319 aa->sent = 0; /* clear sent flag */ 1320 1321 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 1322 #ifdef SCTP_DEBUG 1323 if (SCTP_BASE_SYSCTL(sctp_debug_on) & SCTP_DEBUG_ASCONF2) { 1324 if (type == SCTP_ADD_IP_ADDRESS) { 1325 SCTP_PRINTF("asconf_queue_mgmt: inserted asconf ADD_IP_ADDRESS: "); 1326 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF2, &ifa->address.sa); 1327 } else if (type == SCTP_DEL_IP_ADDRESS) { 1328 SCTP_PRINTF("asconf_queue_mgmt: appended asconf DEL_IP_ADDRESS: "); 1329 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF2, &ifa->address.sa); 1330 } else { 1331 SCTP_PRINTF("asconf_queue_mgmt: appended asconf SET_PRIM_ADDR: "); 1332 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF2, &ifa->address.sa); 1333 } 1334 } 1335 #endif 1336 1337 return (0); 1338 } 1339 1340 1341 /* 1342 * add an asconf operation for the given ifa and type. 1343 * type = SCTP_ADD_IP_ADDRESS, SCTP_DEL_IP_ADDRESS, SCTP_SET_PRIM_ADDR. 1344 * returns 0 if completed, -1 if not completed, 1 if immediate send is 1345 * advisable. 1346 */ 1347 static int 1348 sctp_asconf_queue_add(struct sctp_tcb *stcb, struct sctp_ifa *ifa, 1349 uint16_t type) 1350 { 1351 uint32_t status; 1352 int pending_delete_queued = 0; 1353 int last; 1354 1355 /* see if peer supports ASCONF */ 1356 if (stcb->asoc.asconf_supported == 0) { 1357 return (-1); 1358 } 1359 1360 /* 1361 * if this is deleting the last address from the assoc, mark it as 1362 * pending. 1363 */ 1364 if ((type == SCTP_DEL_IP_ADDRESS) && !stcb->asoc.asconf_del_pending) { 1365 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 1366 last = (sctp_local_addr_count(stcb) == 0); 1367 } else { 1368 last = (sctp_local_addr_count(stcb) == 1); 1369 } 1370 if (last) { 1371 /* set the pending delete info only */ 1372 stcb->asoc.asconf_del_pending = 1; 1373 stcb->asoc.asconf_addr_del_pending = ifa; 1374 atomic_add_int(&ifa->refcount, 1); 1375 SCTPDBG(SCTP_DEBUG_ASCONF2, 1376 "asconf_queue_add: mark delete last address pending\n"); 1377 return (-1); 1378 } 1379 } 1380 1381 /* queue an asconf parameter */ 1382 status = sctp_asconf_queue_mgmt(stcb, ifa, type); 1383 1384 /* 1385 * if this is an add, and there is a delete also pending (i.e. the 1386 * last local address is being changed), queue the pending delete 1387 * too. 1388 */ 1389 if ((type == SCTP_ADD_IP_ADDRESS) && stcb->asoc.asconf_del_pending && (status == 0)) { 1390 /* queue in the pending delete */ 1391 if (sctp_asconf_queue_mgmt(stcb, 1392 stcb->asoc.asconf_addr_del_pending, 1393 SCTP_DEL_IP_ADDRESS) == 0) { 1394 SCTPDBG(SCTP_DEBUG_ASCONF2, "asconf_queue_add: queuing pending delete\n"); 1395 pending_delete_queued = 1; 1396 /* clear out the pending delete info */ 1397 stcb->asoc.asconf_del_pending = 0; 1398 sctp_free_ifa(stcb->asoc.asconf_addr_del_pending); 1399 stcb->asoc.asconf_addr_del_pending = NULL; 1400 } 1401 } 1402 1403 if (pending_delete_queued) { 1404 struct sctp_nets *net; 1405 1406 /* 1407 * since we know that the only/last address is now being 1408 * changed in this case, reset the cwnd/rto on all nets to 1409 * start as a new address and path. Also clear the error 1410 * counts to give the assoc the best chance to complete the 1411 * address change. 1412 */ 1413 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1414 stcb->asoc.cc_functions.sctp_set_initial_cc_param(stcb, 1415 net); 1416 net->RTO = 0; 1417 net->error_count = 0; 1418 } 1419 stcb->asoc.overall_error_count = 0; 1420 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) { 1421 sctp_misc_ints(SCTP_THRESHOLD_CLEAR, 1422 stcb->asoc.overall_error_count, 1423 0, 1424 SCTP_FROM_SCTP_ASCONF, 1425 __LINE__); 1426 } 1427 1428 /* queue in an advisory set primary too */ 1429 (void)sctp_asconf_queue_mgmt(stcb, ifa, SCTP_SET_PRIM_ADDR); 1430 /* let caller know we should send this out immediately */ 1431 status = 1; 1432 } 1433 return (status); 1434 } 1435 1436 /*- 1437 * add an asconf delete IP address parameter to the queue by sockaddr and 1438 * possibly with no sctp_ifa available. This is only called by the routine 1439 * that checks the addresses in an INIT-ACK against the current address list. 1440 * returns 0 if completed, non-zero if not completed. 1441 * NOTE: if an add is already scheduled (and not yet sent out), simply 1442 * remove it from queue. If a duplicate operation is found, ignore the 1443 * new one. 1444 */ 1445 static int 1446 sctp_asconf_queue_sa_delete(struct sctp_tcb *stcb, struct sockaddr *sa) 1447 { 1448 struct sctp_ifa *ifa; 1449 struct sctp_asconf_addr *aa, *aa_next; 1450 1451 if (stcb == NULL) { 1452 return (-1); 1453 } 1454 /* see if peer supports ASCONF */ 1455 if (stcb->asoc.asconf_supported == 0) { 1456 return (-1); 1457 } 1458 /* make sure the request isn't already in the queue */ 1459 TAILQ_FOREACH_SAFE(aa, &stcb->asoc.asconf_queue, next, aa_next) { 1460 /* address match? */ 1461 if (sctp_asconf_addr_match(aa, sa) == 0) 1462 continue; 1463 /* is the request already in queue (sent or not) */ 1464 if (aa->ap.aph.ph.param_type == SCTP_DEL_IP_ADDRESS) { 1465 return (-1); 1466 } 1467 /* is the negative request already in queue, and not sent */ 1468 if (aa->sent == 1) 1469 continue; 1470 if (aa->ap.aph.ph.param_type == SCTP_ADD_IP_ADDRESS) { 1471 /* add already queued, so remove existing entry */ 1472 TAILQ_REMOVE(&stcb->asoc.asconf_queue, aa, next); 1473 sctp_del_local_addr_restricted(stcb, aa->ifa); 1474 /* free the entry */ 1475 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1476 return (-1); 1477 } 1478 } /* for each aa */ 1479 1480 /* find any existing ifa-- NOTE ifa CAN be allowed to be NULL */ 1481 ifa = sctp_find_ifa_by_addr(sa, stcb->asoc.vrf_id, SCTP_ADDR_NOT_LOCKED); 1482 1483 /* adding new request to the queue */ 1484 SCTP_MALLOC(aa, struct sctp_asconf_addr *, sizeof(*aa), 1485 SCTP_M_ASC_ADDR); 1486 if (aa == NULL) { 1487 /* didn't get memory */ 1488 SCTPDBG(SCTP_DEBUG_ASCONF1, 1489 "sctp_asconf_queue_sa_delete: failed to get memory!\n"); 1490 return (-1); 1491 } 1492 aa->special_del = 0; 1493 /* fill in asconf address parameter fields */ 1494 /* top level elements are "networked" during send */ 1495 aa->ap.aph.ph.param_type = SCTP_DEL_IP_ADDRESS; 1496 aa->ifa = ifa; 1497 if (ifa) 1498 atomic_add_int(&ifa->refcount, 1); 1499 /* correlation_id filled in during send routine later... */ 1500 switch (sa->sa_family) { 1501 #ifdef INET6 1502 case AF_INET6: 1503 { 1504 /* IPv6 address */ 1505 struct sockaddr_in6 *sin6; 1506 1507 sin6 = (struct sockaddr_in6 *)sa; 1508 aa->ap.addrp.ph.param_type = SCTP_IPV6_ADDRESS; 1509 aa->ap.addrp.ph.param_length = (sizeof(struct sctp_ipv6addr_param)); 1510 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_ipv6addr_param); 1511 memcpy(&aa->ap.addrp.addr, &sin6->sin6_addr, 1512 sizeof(struct in6_addr)); 1513 break; 1514 } 1515 #endif 1516 #ifdef INET 1517 case AF_INET: 1518 { 1519 /* IPv4 address */ 1520 struct sockaddr_in *sin = (struct sockaddr_in *)sa; 1521 1522 aa->ap.addrp.ph.param_type = SCTP_IPV4_ADDRESS; 1523 aa->ap.addrp.ph.param_length = (sizeof(struct sctp_ipv4addr_param)); 1524 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_ipv4addr_param); 1525 memcpy(&aa->ap.addrp.addr, &sin->sin_addr, 1526 sizeof(struct in_addr)); 1527 break; 1528 } 1529 #endif 1530 default: 1531 /* invalid family! */ 1532 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1533 if (ifa) 1534 sctp_free_ifa(ifa); 1535 return (-1); 1536 } 1537 aa->sent = 0; /* clear sent flag */ 1538 1539 /* delete goes to the back of the queue */ 1540 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 1541 1542 /* sa_ignore MEMLEAK {memory is put on the tailq} */ 1543 return (0); 1544 } 1545 1546 /* 1547 * find a specific asconf param on our "sent" queue 1548 */ 1549 static struct sctp_asconf_addr * 1550 sctp_asconf_find_param(struct sctp_tcb *stcb, uint32_t correlation_id) 1551 { 1552 struct sctp_asconf_addr *aa; 1553 1554 TAILQ_FOREACH(aa, &stcb->asoc.asconf_queue, next) { 1555 if (aa->ap.aph.correlation_id == correlation_id && 1556 aa->sent == 1) { 1557 /* found it */ 1558 return (aa); 1559 } 1560 } 1561 /* didn't find it */ 1562 return (NULL); 1563 } 1564 1565 /* 1566 * process an SCTP_ERROR_CAUSE_IND for a ASCONF-ACK parameter and do 1567 * notifications based on the error response 1568 */ 1569 static void 1570 sctp_asconf_process_error(struct sctp_tcb *stcb SCTP_UNUSED, 1571 struct sctp_asconf_paramhdr *aph) 1572 { 1573 struct sctp_error_cause *eh; 1574 struct sctp_paramhdr *ph; 1575 uint16_t param_type; 1576 uint16_t error_code; 1577 1578 eh = (struct sctp_error_cause *)(aph + 1); 1579 ph = (struct sctp_paramhdr *)(eh + 1); 1580 /* validate lengths */ 1581 if (htons(eh->length) + sizeof(struct sctp_error_cause) > 1582 htons(aph->ph.param_length)) { 1583 /* invalid error cause length */ 1584 SCTPDBG(SCTP_DEBUG_ASCONF1, 1585 "asconf_process_error: cause element too long\n"); 1586 return; 1587 } 1588 if (htons(ph->param_length) + sizeof(struct sctp_paramhdr) > 1589 htons(eh->length)) { 1590 /* invalid included TLV length */ 1591 SCTPDBG(SCTP_DEBUG_ASCONF1, 1592 "asconf_process_error: included TLV too long\n"); 1593 return; 1594 } 1595 /* which error code ? */ 1596 error_code = ntohs(eh->code); 1597 param_type = ntohs(aph->ph.param_type); 1598 /* FIX: this should go back up the REMOTE_ERROR ULP notify */ 1599 switch (error_code) { 1600 case SCTP_CAUSE_RESOURCE_SHORTAGE: 1601 /* we allow ourselves to "try again" for this error */ 1602 break; 1603 default: 1604 /* peer can't handle it... */ 1605 switch (param_type) { 1606 case SCTP_ADD_IP_ADDRESS: 1607 case SCTP_DEL_IP_ADDRESS: 1608 case SCTP_SET_PRIM_ADDR: 1609 break; 1610 default: 1611 break; 1612 } 1613 } 1614 } 1615 1616 /* 1617 * process an asconf queue param. 1618 * aparam: parameter to process, will be removed from the queue. 1619 * flag: 1=success case, 0=failure case 1620 */ 1621 static void 1622 sctp_asconf_process_param_ack(struct sctp_tcb *stcb, 1623 struct sctp_asconf_addr *aparam, uint32_t flag) 1624 { 1625 uint16_t param_type; 1626 1627 /* process this param */ 1628 param_type = aparam->ap.aph.ph.param_type; 1629 switch (param_type) { 1630 case SCTP_ADD_IP_ADDRESS: 1631 SCTPDBG(SCTP_DEBUG_ASCONF1, 1632 "process_param_ack: added IP address\n"); 1633 sctp_asconf_addr_mgmt_ack(stcb, aparam->ifa, flag); 1634 break; 1635 case SCTP_DEL_IP_ADDRESS: 1636 SCTPDBG(SCTP_DEBUG_ASCONF1, 1637 "process_param_ack: deleted IP address\n"); 1638 /* nothing really to do... lists already updated */ 1639 break; 1640 case SCTP_SET_PRIM_ADDR: 1641 SCTPDBG(SCTP_DEBUG_ASCONF1, 1642 "process_param_ack: set primary IP address\n"); 1643 /* nothing to do... peer may start using this addr */ 1644 break; 1645 default: 1646 /* should NEVER happen */ 1647 break; 1648 } 1649 1650 /* remove the param and free it */ 1651 TAILQ_REMOVE(&stcb->asoc.asconf_queue, aparam, next); 1652 if (aparam->ifa) 1653 sctp_free_ifa(aparam->ifa); 1654 SCTP_FREE(aparam, SCTP_M_ASC_ADDR); 1655 } 1656 1657 /* 1658 * cleanup from a bad asconf ack parameter 1659 */ 1660 static void 1661 sctp_asconf_ack_clear(struct sctp_tcb *stcb SCTP_UNUSED) 1662 { 1663 /* assume peer doesn't really know how to do asconfs */ 1664 /* XXX we could free the pending queue here */ 1665 1666 } 1667 1668 void 1669 sctp_handle_asconf_ack(struct mbuf *m, int offset, 1670 struct sctp_asconf_ack_chunk *cp, struct sctp_tcb *stcb, 1671 struct sctp_nets *net, int *abort_no_unlock) 1672 { 1673 struct sctp_association *asoc; 1674 uint32_t serial_num; 1675 uint16_t ack_length; 1676 struct sctp_asconf_paramhdr *aph; 1677 struct sctp_asconf_addr *aa, *aa_next; 1678 uint32_t last_error_id = 0; /* last error correlation id */ 1679 uint32_t id; 1680 struct sctp_asconf_addr *ap; 1681 1682 /* asconf param buffer */ 1683 uint8_t aparam_buf[SCTP_PARAM_BUFFER_SIZE]; 1684 1685 /* verify minimum length */ 1686 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_asconf_ack_chunk)) { 1687 SCTPDBG(SCTP_DEBUG_ASCONF1, 1688 "handle_asconf_ack: chunk too small = %xh\n", 1689 ntohs(cp->ch.chunk_length)); 1690 return; 1691 } 1692 asoc = &stcb->asoc; 1693 serial_num = ntohl(cp->serial_number); 1694 1695 /* 1696 * NOTE: we may want to handle this differently- currently, we will 1697 * abort when we get an ack for the expected serial number + 1 (eg. 1698 * we didn't send it), process an ack normally if it is the expected 1699 * serial number, and re-send the previous ack for *ALL* other 1700 * serial numbers 1701 */ 1702 1703 /* 1704 * if the serial number is the next expected, but I didn't send it, 1705 * abort the asoc, since someone probably just hijacked us... 1706 */ 1707 if (serial_num == (asoc->asconf_seq_out + 1)) { 1708 struct mbuf *op_err; 1709 char msg[SCTP_DIAG_INFO_LEN]; 1710 1711 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf_ack: got unexpected next serial number! Aborting asoc!\n"); 1712 snprintf(msg, sizeof(msg), "Never sent serial number %8.8x", 1713 serial_num); 1714 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); 1715 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); 1716 *abort_no_unlock = 1; 1717 return; 1718 } 1719 if (serial_num != asoc->asconf_seq_out_acked + 1) { 1720 /* got a duplicate/unexpected ASCONF-ACK */ 1721 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf_ack: got duplicate/unexpected serial number = %xh (expected = %xh)\n", 1722 serial_num, asoc->asconf_seq_out_acked + 1); 1723 return; 1724 } 1725 1726 if (serial_num == asoc->asconf_seq_out - 1) { 1727 /* stop our timer */ 1728 sctp_timer_stop(SCTP_TIMER_TYPE_ASCONF, stcb->sctp_ep, stcb, net, 1729 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_5); 1730 } 1731 1732 /* process the ASCONF-ACK contents */ 1733 ack_length = ntohs(cp->ch.chunk_length) - 1734 sizeof(struct sctp_asconf_ack_chunk); 1735 offset += sizeof(struct sctp_asconf_ack_chunk); 1736 /* process through all parameters */ 1737 while (ack_length >= sizeof(struct sctp_asconf_paramhdr)) { 1738 unsigned int param_length, param_type; 1739 1740 /* get pointer to next asconf parameter */ 1741 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, 1742 sizeof(struct sctp_asconf_paramhdr), aparam_buf); 1743 if (aph == NULL) { 1744 /* can't get an asconf paramhdr */ 1745 sctp_asconf_ack_clear(stcb); 1746 return; 1747 } 1748 param_type = ntohs(aph->ph.param_type); 1749 param_length = ntohs(aph->ph.param_length); 1750 if (param_length > ack_length) { 1751 sctp_asconf_ack_clear(stcb); 1752 return; 1753 } 1754 if (param_length < sizeof(struct sctp_paramhdr)) { 1755 sctp_asconf_ack_clear(stcb); 1756 return; 1757 } 1758 /* get the complete parameter... */ 1759 if (param_length > sizeof(aparam_buf)) { 1760 SCTPDBG(SCTP_DEBUG_ASCONF1, 1761 "param length (%u) larger than buffer size!\n", param_length); 1762 sctp_asconf_ack_clear(stcb); 1763 return; 1764 } 1765 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, param_length, aparam_buf); 1766 if (aph == NULL) { 1767 sctp_asconf_ack_clear(stcb); 1768 return; 1769 } 1770 /* correlation_id is transparent to peer, no ntohl needed */ 1771 id = aph->correlation_id; 1772 1773 switch (param_type) { 1774 case SCTP_ERROR_CAUSE_IND: 1775 last_error_id = id; 1776 /* find the corresponding asconf param in our queue */ 1777 ap = sctp_asconf_find_param(stcb, id); 1778 if (ap == NULL) { 1779 /* hmm... can't find this in our queue! */ 1780 break; 1781 } 1782 /* process the parameter, failed flag */ 1783 sctp_asconf_process_param_ack(stcb, ap, 0); 1784 /* process the error response */ 1785 sctp_asconf_process_error(stcb, aph); 1786 break; 1787 case SCTP_SUCCESS_REPORT: 1788 /* find the corresponding asconf param in our queue */ 1789 ap = sctp_asconf_find_param(stcb, id); 1790 if (ap == NULL) { 1791 /* hmm... can't find this in our queue! */ 1792 break; 1793 } 1794 /* process the parameter, success flag */ 1795 sctp_asconf_process_param_ack(stcb, ap, 1); 1796 break; 1797 default: 1798 break; 1799 } /* switch */ 1800 1801 /* update remaining ASCONF-ACK message length to process */ 1802 ack_length -= SCTP_SIZE32(param_length); 1803 if (ack_length <= 0) { 1804 /* no more data in the mbuf chain */ 1805 break; 1806 } 1807 offset += SCTP_SIZE32(param_length); 1808 } /* while */ 1809 1810 /* 1811 * if there are any "sent" params still on the queue, these are 1812 * implicitly "success", or "failed" (if we got an error back) ... 1813 * so process these appropriately 1814 * 1815 * we assume that the correlation_id's are monotonically increasing 1816 * beginning from 1 and that we don't have *that* many outstanding 1817 * at any given time 1818 */ 1819 if (last_error_id == 0) 1820 last_error_id--; /* set to "max" value */ 1821 TAILQ_FOREACH_SAFE(aa, &stcb->asoc.asconf_queue, next, aa_next) { 1822 if (aa->sent == 1) { 1823 /* 1824 * implicitly successful or failed if correlation_id 1825 * < last_error_id, then success else, failure 1826 */ 1827 if (aa->ap.aph.correlation_id < last_error_id) 1828 sctp_asconf_process_param_ack(stcb, aa, 1); 1829 else 1830 sctp_asconf_process_param_ack(stcb, aa, 0); 1831 } else { 1832 /* 1833 * since we always process in order (FIFO queue) if 1834 * we reach one that hasn't been sent, the rest 1835 * should not have been sent either. so, we're 1836 * done... 1837 */ 1838 break; 1839 } 1840 } 1841 1842 /* update the next sequence number to use */ 1843 asoc->asconf_seq_out_acked++; 1844 /* remove the old ASCONF on our outbound queue */ 1845 sctp_toss_old_asconf(stcb); 1846 if (!TAILQ_EMPTY(&stcb->asoc.asconf_queue)) { 1847 #ifdef SCTP_TIMER_BASED_ASCONF 1848 /* we have more params, so restart our timer */ 1849 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, stcb->sctp_ep, 1850 stcb, net); 1851 #else 1852 /* we have more params, so send out more */ 1853 sctp_send_asconf(stcb, net, SCTP_ADDR_NOT_LOCKED); 1854 #endif 1855 } 1856 } 1857 1858 #ifdef INET6 1859 static uint32_t 1860 sctp_is_scopeid_in_nets(struct sctp_tcb *stcb, struct sockaddr *sa) 1861 { 1862 struct sockaddr_in6 *sin6, *net6; 1863 struct sctp_nets *net; 1864 1865 if (sa->sa_family != AF_INET6) { 1866 /* wrong family */ 1867 return (0); 1868 } 1869 sin6 = (struct sockaddr_in6 *)sa; 1870 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) == 0) { 1871 /* not link local address */ 1872 return (0); 1873 } 1874 /* hunt through our destination nets list for this scope_id */ 1875 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1876 if (((struct sockaddr *)(&net->ro._l_addr))->sa_family != 1877 AF_INET6) 1878 continue; 1879 net6 = (struct sockaddr_in6 *)&net->ro._l_addr; 1880 if (IN6_IS_ADDR_LINKLOCAL(&net6->sin6_addr) == 0) 1881 continue; 1882 if (sctp_is_same_scope(sin6, net6)) { 1883 /* found one */ 1884 return (1); 1885 } 1886 } 1887 /* didn't find one */ 1888 return (0); 1889 } 1890 #endif 1891 1892 /* 1893 * address management functions 1894 */ 1895 static void 1896 sctp_addr_mgmt_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 1897 struct sctp_ifa *ifa, uint16_t type, int addr_locked) 1898 { 1899 int status; 1900 1901 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0 || 1902 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF)) { 1903 /* subset bound, no ASCONF allowed case, so ignore */ 1904 return; 1905 } 1906 /* 1907 * note: we know this is not the subset bound, no ASCONF case eg. 1908 * this is boundall or subset bound w/ASCONF allowed 1909 */ 1910 1911 /* first, make sure that the address is IPv4 or IPv6 and not jailed */ 1912 switch (ifa->address.sa.sa_family) { 1913 #ifdef INET6 1914 case AF_INET6: 1915 if (prison_check_ip6(inp->ip_inp.inp.inp_cred, 1916 &ifa->address.sin6.sin6_addr) != 0) { 1917 return; 1918 } 1919 break; 1920 #endif 1921 #ifdef INET 1922 case AF_INET: 1923 if (prison_check_ip4(inp->ip_inp.inp.inp_cred, 1924 &ifa->address.sin.sin_addr) != 0) { 1925 return; 1926 } 1927 break; 1928 #endif 1929 default: 1930 return; 1931 } 1932 #ifdef INET6 1933 /* make sure we're "allowed" to add this type of addr */ 1934 if (ifa->address.sa.sa_family == AF_INET6) { 1935 /* invalid if we're not a v6 endpoint */ 1936 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) 1937 return; 1938 /* is the v6 addr really valid ? */ 1939 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 1940 return; 1941 } 1942 } 1943 #endif 1944 /* put this address on the "pending/do not use yet" list */ 1945 sctp_add_local_addr_restricted(stcb, ifa); 1946 /* 1947 * check address scope if address is out of scope, don't queue 1948 * anything... note: this would leave the address on both inp and 1949 * asoc lists 1950 */ 1951 switch (ifa->address.sa.sa_family) { 1952 #ifdef INET6 1953 case AF_INET6: 1954 { 1955 struct sockaddr_in6 *sin6; 1956 1957 sin6 = &ifa->address.sin6; 1958 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1959 /* we skip unspecifed addresses */ 1960 return; 1961 } 1962 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 1963 if (stcb->asoc.scope.local_scope == 0) { 1964 return; 1965 } 1966 /* is it the right link local scope? */ 1967 if (sctp_is_scopeid_in_nets(stcb, &ifa->address.sa) == 0) { 1968 return; 1969 } 1970 } 1971 if (stcb->asoc.scope.site_scope == 0 && 1972 IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { 1973 return; 1974 } 1975 break; 1976 } 1977 #endif 1978 #ifdef INET 1979 case AF_INET: 1980 { 1981 struct sockaddr_in *sin; 1982 1983 /* invalid if we are a v6 only endpoint */ 1984 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 1985 SCTP_IPV6_V6ONLY(inp)) 1986 return; 1987 1988 sin = &ifa->address.sin; 1989 if (sin->sin_addr.s_addr == 0) { 1990 /* we skip unspecifed addresses */ 1991 return; 1992 } 1993 if (stcb->asoc.scope.ipv4_local_scope == 0 && 1994 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 1995 return; 1996 } 1997 break; 1998 } 1999 #endif 2000 default: 2001 /* else, not AF_INET or AF_INET6, so skip */ 2002 return; 2003 } 2004 2005 /* queue an asconf for this address add/delete */ 2006 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF)) { 2007 /* does the peer do asconf? */ 2008 if (stcb->asoc.asconf_supported) { 2009 /* queue an asconf for this addr */ 2010 status = sctp_asconf_queue_add(stcb, ifa, type); 2011 2012 /* 2013 * if queued ok, and in the open state, send out the 2014 * ASCONF. If in the non-open state, these will be 2015 * sent when the state goes open. 2016 */ 2017 if (status == 0 && 2018 ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 2019 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED))) { 2020 #ifdef SCTP_TIMER_BASED_ASCONF 2021 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, 2022 stcb, stcb->asoc.primary_destination); 2023 #else 2024 sctp_send_asconf(stcb, NULL, addr_locked); 2025 #endif 2026 } 2027 } 2028 } 2029 } 2030 2031 2032 int 2033 sctp_asconf_iterator_ep(struct sctp_inpcb *inp, void *ptr, uint32_t val SCTP_UNUSED) 2034 { 2035 struct sctp_asconf_iterator *asc; 2036 struct sctp_ifa *ifa; 2037 struct sctp_laddr *l; 2038 int cnt_invalid = 0; 2039 2040 asc = (struct sctp_asconf_iterator *)ptr; 2041 LIST_FOREACH(l, &asc->list_of_work, sctp_nxt_addr) { 2042 ifa = l->ifa; 2043 switch (ifa->address.sa.sa_family) { 2044 #ifdef INET6 2045 case AF_INET6: 2046 /* invalid if we're not a v6 endpoint */ 2047 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 2048 cnt_invalid++; 2049 if (asc->cnt == cnt_invalid) 2050 return (1); 2051 } 2052 break; 2053 #endif 2054 #ifdef INET 2055 case AF_INET: 2056 { 2057 /* invalid if we are a v6 only endpoint */ 2058 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 2059 SCTP_IPV6_V6ONLY(inp)) { 2060 cnt_invalid++; 2061 if (asc->cnt == cnt_invalid) 2062 return (1); 2063 } 2064 break; 2065 } 2066 #endif 2067 default: 2068 /* invalid address family */ 2069 cnt_invalid++; 2070 if (asc->cnt == cnt_invalid) 2071 return (1); 2072 } 2073 } 2074 return (0); 2075 } 2076 2077 static int 2078 sctp_asconf_iterator_ep_end(struct sctp_inpcb *inp, void *ptr, uint32_t val SCTP_UNUSED) 2079 { 2080 struct sctp_ifa *ifa; 2081 struct sctp_asconf_iterator *asc; 2082 struct sctp_laddr *laddr, *nladdr, *l; 2083 2084 /* Only for specific case not bound all */ 2085 asc = (struct sctp_asconf_iterator *)ptr; 2086 LIST_FOREACH(l, &asc->list_of_work, sctp_nxt_addr) { 2087 ifa = l->ifa; 2088 if (l->action == SCTP_ADD_IP_ADDRESS) { 2089 LIST_FOREACH(laddr, &inp->sctp_addr_list, 2090 sctp_nxt_addr) { 2091 if (laddr->ifa == ifa) { 2092 laddr->action = 0; 2093 break; 2094 } 2095 2096 } 2097 } else if (l->action == SCTP_DEL_IP_ADDRESS) { 2098 LIST_FOREACH_SAFE(laddr, &inp->sctp_addr_list, sctp_nxt_addr, nladdr) { 2099 /* remove only after all guys are done */ 2100 if (laddr->ifa == ifa) { 2101 sctp_del_local_addr_ep(inp, ifa); 2102 } 2103 } 2104 } 2105 } 2106 return (0); 2107 } 2108 2109 void 2110 sctp_asconf_iterator_stcb(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 2111 void *ptr, uint32_t val SCTP_UNUSED) 2112 { 2113 struct sctp_asconf_iterator *asc; 2114 struct sctp_ifa *ifa; 2115 struct sctp_laddr *l; 2116 int cnt_invalid = 0; 2117 int type, status; 2118 int num_queued = 0; 2119 2120 asc = (struct sctp_asconf_iterator *)ptr; 2121 LIST_FOREACH(l, &asc->list_of_work, sctp_nxt_addr) { 2122 ifa = l->ifa; 2123 type = l->action; 2124 2125 /* address's vrf_id must be the vrf_id of the assoc */ 2126 if (ifa->vrf_id != stcb->asoc.vrf_id) { 2127 continue; 2128 } 2129 2130 /* Same checks again for assoc */ 2131 switch (ifa->address.sa.sa_family) { 2132 #ifdef INET6 2133 case AF_INET6: 2134 { 2135 /* invalid if we're not a v6 endpoint */ 2136 struct sockaddr_in6 *sin6; 2137 2138 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 2139 cnt_invalid++; 2140 if (asc->cnt == cnt_invalid) 2141 return; 2142 else 2143 continue; 2144 } 2145 sin6 = &ifa->address.sin6; 2146 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 2147 /* we skip unspecifed addresses */ 2148 continue; 2149 } 2150 if (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2151 &sin6->sin6_addr) != 0) { 2152 continue; 2153 } 2154 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 2155 if (stcb->asoc.scope.local_scope == 0) { 2156 continue; 2157 } 2158 /* is it the right link local scope? */ 2159 if (sctp_is_scopeid_in_nets(stcb, &ifa->address.sa) == 0) { 2160 continue; 2161 } 2162 } 2163 break; 2164 } 2165 #endif 2166 #ifdef INET 2167 case AF_INET: 2168 { 2169 /* invalid if we are a v6 only endpoint */ 2170 struct sockaddr_in *sin; 2171 2172 /* invalid if we are a v6 only endpoint */ 2173 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 2174 SCTP_IPV6_V6ONLY(inp)) 2175 continue; 2176 2177 sin = &ifa->address.sin; 2178 if (sin->sin_addr.s_addr == 0) { 2179 /* we skip unspecifed addresses */ 2180 continue; 2181 } 2182 if (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2183 &sin->sin_addr) != 0) { 2184 continue; 2185 } 2186 if (stcb->asoc.scope.ipv4_local_scope == 0 && 2187 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 2188 continue; 2189 } 2190 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 2191 SCTP_IPV6_V6ONLY(inp)) { 2192 cnt_invalid++; 2193 if (asc->cnt == cnt_invalid) 2194 return; 2195 else 2196 continue; 2197 } 2198 break; 2199 } 2200 #endif 2201 default: 2202 /* invalid address family */ 2203 cnt_invalid++; 2204 if (asc->cnt == cnt_invalid) 2205 return; 2206 else 2207 continue; 2208 break; 2209 } 2210 2211 if (type == SCTP_ADD_IP_ADDRESS) { 2212 /* prevent this address from being used as a source */ 2213 sctp_add_local_addr_restricted(stcb, ifa); 2214 } else if (type == SCTP_DEL_IP_ADDRESS) { 2215 struct sctp_nets *net; 2216 2217 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 2218 sctp_rtentry_t *rt; 2219 2220 /* delete this address if cached */ 2221 if (net->ro._s_addr == ifa) { 2222 sctp_free_ifa(net->ro._s_addr); 2223 net->ro._s_addr = NULL; 2224 net->src_addr_selected = 0; 2225 rt = net->ro.ro_rt; 2226 if (rt) { 2227 RTFREE(rt); 2228 net->ro.ro_rt = NULL; 2229 } 2230 /* 2231 * Now we deleted our src address, 2232 * should we not also now reset the 2233 * cwnd/rto to start as if its a new 2234 * address? 2235 */ 2236 stcb->asoc.cc_functions.sctp_set_initial_cc_param(stcb, net); 2237 net->RTO = 0; 2238 2239 } 2240 } 2241 } else if (type == SCTP_SET_PRIM_ADDR) { 2242 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) { 2243 /* must validate the ifa is in the ep */ 2244 if (sctp_is_addr_in_ep(stcb->sctp_ep, ifa) == 0) { 2245 continue; 2246 } 2247 } else { 2248 /* Need to check scopes for this guy */ 2249 if (sctp_is_address_in_scope(ifa, &stcb->asoc.scope, 0) == 0) { 2250 continue; 2251 } 2252 } 2253 } 2254 /* queue an asconf for this address add/delete */ 2255 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF) && 2256 stcb->asoc.asconf_supported == 1) { 2257 /* queue an asconf for this addr */ 2258 status = sctp_asconf_queue_add(stcb, ifa, type); 2259 /* 2260 * if queued ok, and in the open state, update the 2261 * count of queued params. If in the non-open 2262 * state, these get sent when the assoc goes open. 2263 */ 2264 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 2265 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 2266 if (status >= 0) { 2267 num_queued++; 2268 } 2269 } 2270 } 2271 } 2272 /* 2273 * If we have queued params in the open state, send out an ASCONF. 2274 */ 2275 if (num_queued > 0) { 2276 sctp_send_asconf(stcb, NULL, SCTP_ADDR_NOT_LOCKED); 2277 } 2278 } 2279 2280 void 2281 sctp_asconf_iterator_end(void *ptr, uint32_t val SCTP_UNUSED) 2282 { 2283 struct sctp_asconf_iterator *asc; 2284 struct sctp_ifa *ifa; 2285 struct sctp_laddr *l, *nl; 2286 2287 asc = (struct sctp_asconf_iterator *)ptr; 2288 LIST_FOREACH_SAFE(l, &asc->list_of_work, sctp_nxt_addr, nl) { 2289 ifa = l->ifa; 2290 if (l->action == SCTP_ADD_IP_ADDRESS) { 2291 /* Clear the defer use flag */ 2292 ifa->localifa_flags &= ~SCTP_ADDR_DEFER_USE; 2293 } 2294 sctp_free_ifa(ifa); 2295 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), l); 2296 SCTP_DECR_LADDR_COUNT(); 2297 } 2298 SCTP_FREE(asc, SCTP_M_ASC_IT); 2299 } 2300 2301 /* 2302 * sa is the sockaddr to ask the peer to set primary to. 2303 * returns: 0 = completed, -1 = error 2304 */ 2305 int32_t 2306 sctp_set_primary_ip_address_sa(struct sctp_tcb *stcb, struct sockaddr *sa) 2307 { 2308 uint32_t vrf_id; 2309 struct sctp_ifa *ifa; 2310 2311 /* find the ifa for the desired set primary */ 2312 vrf_id = stcb->asoc.vrf_id; 2313 ifa = sctp_find_ifa_by_addr(sa, vrf_id, SCTP_ADDR_NOT_LOCKED); 2314 if (ifa == NULL) { 2315 /* Invalid address */ 2316 return (-1); 2317 } 2318 2319 /* queue an ASCONF:SET_PRIM_ADDR to be sent */ 2320 if (!sctp_asconf_queue_add(stcb, ifa, SCTP_SET_PRIM_ADDR)) { 2321 /* set primary queuing succeeded */ 2322 SCTPDBG(SCTP_DEBUG_ASCONF1, 2323 "set_primary_ip_address_sa: queued on tcb=%p, ", 2324 (void *)stcb); 2325 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 2326 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) || 2327 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 2328 #ifdef SCTP_TIMER_BASED_ASCONF 2329 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, 2330 stcb->sctp_ep, stcb, 2331 stcb->asoc.primary_destination); 2332 #else 2333 sctp_send_asconf(stcb, NULL, SCTP_ADDR_NOT_LOCKED); 2334 #endif 2335 } 2336 } else { 2337 SCTPDBG(SCTP_DEBUG_ASCONF1, "set_primary_ip_address_sa: failed to add to queue on tcb=%p, ", 2338 (void *)stcb); 2339 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 2340 return (-1); 2341 } 2342 return (0); 2343 } 2344 2345 int 2346 sctp_is_addr_pending(struct sctp_tcb *stcb, struct sctp_ifa *sctp_ifa) 2347 { 2348 struct sctp_tmit_chunk *chk, *nchk; 2349 unsigned int offset, asconf_limit; 2350 struct sctp_asconf_chunk *acp; 2351 struct sctp_asconf_paramhdr *aph; 2352 uint8_t aparam_buf[SCTP_PARAM_BUFFER_SIZE]; 2353 struct sctp_paramhdr *ph; 2354 int add_cnt, del_cnt; 2355 uint16_t last_param_type; 2356 2357 add_cnt = del_cnt = 0; 2358 last_param_type = 0; 2359 TAILQ_FOREACH_SAFE(chk, &stcb->asoc.asconf_send_queue, sctp_next, nchk) { 2360 if (chk->data == NULL) { 2361 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: No mbuf data?\n"); 2362 continue; 2363 } 2364 offset = 0; 2365 acp = mtod(chk->data, struct sctp_asconf_chunk *); 2366 offset += sizeof(struct sctp_asconf_chunk); 2367 asconf_limit = ntohs(acp->ch.chunk_length); 2368 ph = (struct sctp_paramhdr *)sctp_m_getptr(chk->data, offset, sizeof(struct sctp_paramhdr), aparam_buf); 2369 if (ph == NULL) { 2370 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: couldn't get lookup addr!\n"); 2371 continue; 2372 } 2373 offset += ntohs(ph->param_length); 2374 2375 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(chk->data, offset, sizeof(struct sctp_asconf_paramhdr), aparam_buf); 2376 if (aph == NULL) { 2377 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: Empty ASCONF will be sent?\n"); 2378 continue; 2379 } 2380 while (aph != NULL) { 2381 unsigned int param_length, param_type; 2382 2383 param_type = ntohs(aph->ph.param_type); 2384 param_length = ntohs(aph->ph.param_length); 2385 if (offset + param_length > asconf_limit) { 2386 /* parameter goes beyond end of chunk! */ 2387 break; 2388 } 2389 if (param_length > sizeof(aparam_buf)) { 2390 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: param length (%u) larger than buffer size!\n", param_length); 2391 break; 2392 } 2393 if (param_length <= sizeof(struct sctp_paramhdr)) { 2394 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: param length(%u) too short\n", param_length); 2395 break; 2396 } 2397 2398 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(chk->data, offset, param_length, aparam_buf); 2399 if (aph == NULL) { 2400 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: couldn't get entire param\n"); 2401 break; 2402 } 2403 2404 ph = (struct sctp_paramhdr *)(aph + 1); 2405 if (sctp_addr_match(ph, &sctp_ifa->address.sa) != 0) { 2406 switch (param_type) { 2407 case SCTP_ADD_IP_ADDRESS: 2408 add_cnt++; 2409 break; 2410 case SCTP_DEL_IP_ADDRESS: 2411 del_cnt++; 2412 break; 2413 default: 2414 break; 2415 } 2416 last_param_type = param_type; 2417 } 2418 2419 offset += SCTP_SIZE32(param_length); 2420 if (offset >= asconf_limit) { 2421 /* no more data in the mbuf chain */ 2422 break; 2423 } 2424 /* get pointer to next asconf param */ 2425 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(chk->data, offset, sizeof(struct sctp_asconf_paramhdr), aparam_buf); 2426 } 2427 } 2428 2429 /* 2430 * we want to find the sequences which consist of ADD -> DEL -> ADD 2431 * or DEL -> ADD 2432 */ 2433 if (add_cnt > del_cnt || 2434 (add_cnt == del_cnt && last_param_type == SCTP_ADD_IP_ADDRESS)) { 2435 return (1); 2436 } 2437 return (0); 2438 } 2439 2440 static struct sockaddr * 2441 sctp_find_valid_localaddr(struct sctp_tcb *stcb, int addr_locked) 2442 { 2443 struct sctp_vrf *vrf = NULL; 2444 struct sctp_ifn *sctp_ifn; 2445 struct sctp_ifa *sctp_ifa; 2446 2447 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2448 SCTP_IPI_ADDR_RLOCK(); 2449 vrf = sctp_find_vrf(stcb->asoc.vrf_id); 2450 if (vrf == NULL) { 2451 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2452 SCTP_IPI_ADDR_RUNLOCK(); 2453 return (NULL); 2454 } 2455 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 2456 if (stcb->asoc.scope.loopback_scope == 0 && 2457 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 2458 /* Skip if loopback_scope not set */ 2459 continue; 2460 } 2461 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2462 switch (sctp_ifa->address.sa.sa_family) { 2463 #ifdef INET 2464 case AF_INET: 2465 if (stcb->asoc.scope.ipv4_addr_legal) { 2466 struct sockaddr_in *sin; 2467 2468 sin = &sctp_ifa->address.sin; 2469 if (sin->sin_addr.s_addr == 0) { 2470 /* skip unspecifed addresses */ 2471 continue; 2472 } 2473 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 2474 &sin->sin_addr) != 0) { 2475 continue; 2476 } 2477 if (stcb->asoc.scope.ipv4_local_scope == 0 && 2478 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) 2479 continue; 2480 2481 if (sctp_is_addr_restricted(stcb, sctp_ifa) && 2482 (!sctp_is_addr_pending(stcb, sctp_ifa))) 2483 continue; 2484 /* 2485 * found a valid local v4 address to 2486 * use 2487 */ 2488 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2489 SCTP_IPI_ADDR_RUNLOCK(); 2490 return (&sctp_ifa->address.sa); 2491 } 2492 break; 2493 #endif 2494 #ifdef INET6 2495 case AF_INET6: 2496 if (stcb->asoc.scope.ipv6_addr_legal) { 2497 struct sockaddr_in6 *sin6; 2498 2499 if (sctp_ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2500 continue; 2501 } 2502 2503 sin6 = &sctp_ifa->address.sin6; 2504 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 2505 /* 2506 * we skip unspecifed 2507 * addresses 2508 */ 2509 continue; 2510 } 2511 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 2512 &sin6->sin6_addr) != 0) { 2513 continue; 2514 } 2515 if (stcb->asoc.scope.local_scope == 0 && 2516 IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 2517 continue; 2518 if (stcb->asoc.scope.site_scope == 0 && 2519 IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) 2520 continue; 2521 2522 if (sctp_is_addr_restricted(stcb, sctp_ifa) && 2523 (!sctp_is_addr_pending(stcb, sctp_ifa))) 2524 continue; 2525 /* 2526 * found a valid local v6 address to 2527 * use 2528 */ 2529 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2530 SCTP_IPI_ADDR_RUNLOCK(); 2531 return (&sctp_ifa->address.sa); 2532 } 2533 break; 2534 #endif 2535 default: 2536 break; 2537 } 2538 } 2539 } 2540 /* no valid addresses found */ 2541 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2542 SCTP_IPI_ADDR_RUNLOCK(); 2543 return (NULL); 2544 } 2545 2546 static struct sockaddr * 2547 sctp_find_valid_localaddr_ep(struct sctp_tcb *stcb) 2548 { 2549 struct sctp_laddr *laddr; 2550 2551 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) { 2552 if (laddr->ifa == NULL) { 2553 continue; 2554 } 2555 /* is the address restricted ? */ 2556 if (sctp_is_addr_restricted(stcb, laddr->ifa) && 2557 (!sctp_is_addr_pending(stcb, laddr->ifa))) 2558 continue; 2559 2560 /* found a valid local address to use */ 2561 return (&laddr->ifa->address.sa); 2562 } 2563 /* no valid addresses found */ 2564 return (NULL); 2565 } 2566 2567 /* 2568 * builds an ASCONF chunk from queued ASCONF params. 2569 * returns NULL on error (no mbuf, no ASCONF params queued, etc). 2570 */ 2571 struct mbuf * 2572 sctp_compose_asconf(struct sctp_tcb *stcb, int *retlen, int addr_locked) 2573 { 2574 struct mbuf *m_asconf, *m_asconf_chk; 2575 struct sctp_asconf_addr *aa; 2576 struct sctp_asconf_chunk *acp; 2577 struct sctp_asconf_paramhdr *aph; 2578 struct sctp_asconf_addr_param *aap; 2579 uint32_t p_length; 2580 uint32_t correlation_id = 1; /* 0 is reserved... */ 2581 caddr_t ptr, lookup_ptr; 2582 uint8_t lookup_used = 0; 2583 2584 /* are there any asconf params to send? */ 2585 TAILQ_FOREACH(aa, &stcb->asoc.asconf_queue, next) { 2586 if (aa->sent == 0) 2587 break; 2588 } 2589 if (aa == NULL) 2590 return (NULL); 2591 2592 /* 2593 * get a chunk header mbuf and a cluster for the asconf params since 2594 * it's simpler to fill in the asconf chunk header lookup address on 2595 * the fly 2596 */ 2597 m_asconf_chk = sctp_get_mbuf_for_msg(sizeof(struct sctp_asconf_chunk), 0, M_NOWAIT, 1, MT_DATA); 2598 if (m_asconf_chk == NULL) { 2599 /* no mbuf's */ 2600 SCTPDBG(SCTP_DEBUG_ASCONF1, 2601 "compose_asconf: couldn't get chunk mbuf!\n"); 2602 return (NULL); 2603 } 2604 m_asconf = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 2605 if (m_asconf == NULL) { 2606 /* no mbuf's */ 2607 SCTPDBG(SCTP_DEBUG_ASCONF1, 2608 "compose_asconf: couldn't get mbuf!\n"); 2609 sctp_m_freem(m_asconf_chk); 2610 return (NULL); 2611 } 2612 SCTP_BUF_LEN(m_asconf_chk) = sizeof(struct sctp_asconf_chunk); 2613 SCTP_BUF_LEN(m_asconf) = 0; 2614 acp = mtod(m_asconf_chk, struct sctp_asconf_chunk *); 2615 memset(acp, 0, sizeof(struct sctp_asconf_chunk)); 2616 /* save pointers to lookup address and asconf params */ 2617 lookup_ptr = (caddr_t)(acp + 1); /* after the header */ 2618 ptr = mtod(m_asconf, caddr_t); /* beginning of cluster */ 2619 2620 /* fill in chunk header info */ 2621 acp->ch.chunk_type = SCTP_ASCONF; 2622 acp->ch.chunk_flags = 0; 2623 acp->serial_number = htonl(stcb->asoc.asconf_seq_out); 2624 stcb->asoc.asconf_seq_out++; 2625 2626 /* add parameters... up to smallest MTU allowed */ 2627 TAILQ_FOREACH(aa, &stcb->asoc.asconf_queue, next) { 2628 if (aa->sent) 2629 continue; 2630 /* get the parameter length */ 2631 p_length = SCTP_SIZE32(aa->ap.aph.ph.param_length); 2632 /* will it fit in current chunk? */ 2633 if ((SCTP_BUF_LEN(m_asconf) + p_length > stcb->asoc.smallest_mtu) || 2634 (SCTP_BUF_LEN(m_asconf) + p_length > MCLBYTES)) { 2635 /* won't fit, so we're done with this chunk */ 2636 break; 2637 } 2638 /* assign (and store) a correlation id */ 2639 aa->ap.aph.correlation_id = correlation_id++; 2640 2641 /* 2642 * fill in address if we're doing a delete this is a simple 2643 * way for us to fill in the correlation address, which 2644 * should only be used by the peer if we're deleting our 2645 * source address and adding a new address (e.g. renumbering 2646 * case) 2647 */ 2648 if (lookup_used == 0 && 2649 (aa->special_del == 0) && 2650 aa->ap.aph.ph.param_type == SCTP_DEL_IP_ADDRESS) { 2651 struct sctp_ipv6addr_param *lookup; 2652 uint16_t p_size, addr_size; 2653 2654 lookup = (struct sctp_ipv6addr_param *)lookup_ptr; 2655 lookup->ph.param_type = 2656 htons(aa->ap.addrp.ph.param_type); 2657 if (aa->ap.addrp.ph.param_type == SCTP_IPV6_ADDRESS) { 2658 /* copy IPv6 address */ 2659 p_size = sizeof(struct sctp_ipv6addr_param); 2660 addr_size = sizeof(struct in6_addr); 2661 } else { 2662 /* copy IPv4 address */ 2663 p_size = sizeof(struct sctp_ipv4addr_param); 2664 addr_size = sizeof(struct in_addr); 2665 } 2666 lookup->ph.param_length = htons(SCTP_SIZE32(p_size)); 2667 memcpy(lookup->addr, &aa->ap.addrp.addr, addr_size); 2668 SCTP_BUF_LEN(m_asconf_chk) += SCTP_SIZE32(p_size); 2669 lookup_used = 1; 2670 } 2671 /* copy into current space */ 2672 memcpy(ptr, &aa->ap, p_length); 2673 2674 /* network elements and update lengths */ 2675 aph = (struct sctp_asconf_paramhdr *)ptr; 2676 aap = (struct sctp_asconf_addr_param *)ptr; 2677 /* correlation_id is transparent to peer, no htonl needed */ 2678 aph->ph.param_type = htons(aph->ph.param_type); 2679 aph->ph.param_length = htons(aph->ph.param_length); 2680 aap->addrp.ph.param_type = htons(aap->addrp.ph.param_type); 2681 aap->addrp.ph.param_length = htons(aap->addrp.ph.param_length); 2682 2683 SCTP_BUF_LEN(m_asconf) += SCTP_SIZE32(p_length); 2684 ptr += SCTP_SIZE32(p_length); 2685 2686 /* 2687 * these params are removed off the pending list upon 2688 * getting an ASCONF-ACK back from the peer, just set flag 2689 */ 2690 aa->sent = 1; 2691 } 2692 /* check to see if the lookup addr has been populated yet */ 2693 if (lookup_used == 0) { 2694 /* NOTE: if the address param is optional, can skip this... */ 2695 /* add any valid (existing) address... */ 2696 struct sctp_ipv6addr_param *lookup; 2697 uint16_t p_size, addr_size; 2698 struct sockaddr *found_addr; 2699 caddr_t addr_ptr; 2700 2701 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) 2702 found_addr = sctp_find_valid_localaddr(stcb, 2703 addr_locked); 2704 else 2705 found_addr = sctp_find_valid_localaddr_ep(stcb); 2706 2707 lookup = (struct sctp_ipv6addr_param *)lookup_ptr; 2708 if (found_addr != NULL) { 2709 switch (found_addr->sa_family) { 2710 #ifdef INET6 2711 case AF_INET6: 2712 /* copy IPv6 address */ 2713 lookup->ph.param_type = 2714 htons(SCTP_IPV6_ADDRESS); 2715 p_size = sizeof(struct sctp_ipv6addr_param); 2716 addr_size = sizeof(struct in6_addr); 2717 addr_ptr = (caddr_t)&((struct sockaddr_in6 *) 2718 found_addr)->sin6_addr; 2719 break; 2720 #endif 2721 #ifdef INET 2722 case AF_INET: 2723 /* copy IPv4 address */ 2724 lookup->ph.param_type = 2725 htons(SCTP_IPV4_ADDRESS); 2726 p_size = sizeof(struct sctp_ipv4addr_param); 2727 addr_size = sizeof(struct in_addr); 2728 addr_ptr = (caddr_t)&((struct sockaddr_in *) 2729 found_addr)->sin_addr; 2730 break; 2731 #endif 2732 default: 2733 p_size = 0; 2734 addr_size = 0; 2735 addr_ptr = NULL; 2736 break; 2737 } 2738 lookup->ph.param_length = htons(SCTP_SIZE32(p_size)); 2739 memcpy(lookup->addr, addr_ptr, addr_size); 2740 SCTP_BUF_LEN(m_asconf_chk) += SCTP_SIZE32(p_size); 2741 } else { 2742 /* uh oh... don't have any address?? */ 2743 SCTPDBG(SCTP_DEBUG_ASCONF1, 2744 "compose_asconf: no lookup addr!\n"); 2745 /* XXX for now, we send a IPv4 address of 0.0.0.0 */ 2746 lookup->ph.param_type = htons(SCTP_IPV4_ADDRESS); 2747 lookup->ph.param_length = htons(SCTP_SIZE32(sizeof(struct sctp_ipv4addr_param))); 2748 memset(lookup->addr, 0, sizeof(struct in_addr)); 2749 SCTP_BUF_LEN(m_asconf_chk) += SCTP_SIZE32(sizeof(struct sctp_ipv4addr_param)); 2750 } 2751 } 2752 /* chain it all together */ 2753 SCTP_BUF_NEXT(m_asconf_chk) = m_asconf; 2754 *retlen = SCTP_BUF_LEN(m_asconf_chk) + SCTP_BUF_LEN(m_asconf); 2755 acp->ch.chunk_length = htons(*retlen); 2756 2757 return (m_asconf_chk); 2758 } 2759 2760 /* 2761 * section to handle address changes before an association is up eg. changes 2762 * during INIT/INIT-ACK/COOKIE-ECHO handshake 2763 */ 2764 2765 /* 2766 * processes the (local) addresses in the INIT-ACK chunk 2767 */ 2768 static void 2769 sctp_process_initack_addresses(struct sctp_tcb *stcb, struct mbuf *m, 2770 unsigned int offset, unsigned int length) 2771 { 2772 struct sctp_paramhdr tmp_param, *ph; 2773 uint16_t plen, ptype; 2774 struct sctp_ifa *sctp_ifa; 2775 union sctp_sockstore store; 2776 #ifdef INET6 2777 struct sctp_ipv6addr_param addr6_store; 2778 #endif 2779 #ifdef INET 2780 struct sctp_ipv4addr_param addr4_store; 2781 #endif 2782 2783 SCTPDBG(SCTP_DEBUG_ASCONF2, "processing init-ack addresses\n"); 2784 if (stcb == NULL) /* Un-needed check for SA */ 2785 return; 2786 2787 /* convert to upper bound */ 2788 length += offset; 2789 2790 if ((offset + sizeof(struct sctp_paramhdr)) > length) { 2791 return; 2792 } 2793 /* go through the addresses in the init-ack */ 2794 ph = (struct sctp_paramhdr *) 2795 sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr), 2796 (uint8_t *)&tmp_param); 2797 while (ph != NULL) { 2798 ptype = ntohs(ph->param_type); 2799 plen = ntohs(ph->param_length); 2800 switch (ptype) { 2801 #ifdef INET6 2802 case SCTP_IPV6_ADDRESS: 2803 { 2804 struct sctp_ipv6addr_param *a6p; 2805 2806 /* get the entire IPv6 address param */ 2807 a6p = (struct sctp_ipv6addr_param *) 2808 sctp_m_getptr(m, offset, 2809 sizeof(struct sctp_ipv6addr_param), 2810 (uint8_t *)&addr6_store); 2811 if (plen != sizeof(struct sctp_ipv6addr_param) || 2812 a6p == NULL) { 2813 return; 2814 } 2815 memset(&store, 0, sizeof(union sctp_sockstore)); 2816 store.sin6.sin6_family = AF_INET6; 2817 store.sin6.sin6_len = sizeof(struct sockaddr_in6); 2818 store.sin6.sin6_port = stcb->rport; 2819 memcpy(&store.sin6.sin6_addr, a6p->addr, sizeof(struct in6_addr)); 2820 break; 2821 } 2822 #endif 2823 #ifdef INET 2824 case SCTP_IPV4_ADDRESS: 2825 { 2826 struct sctp_ipv4addr_param *a4p; 2827 2828 /* get the entire IPv4 address param */ 2829 a4p = (struct sctp_ipv4addr_param *)sctp_m_getptr(m, offset, 2830 sizeof(struct sctp_ipv4addr_param), 2831 (uint8_t *)&addr4_store); 2832 if (plen != sizeof(struct sctp_ipv4addr_param) || 2833 a4p == NULL) { 2834 return; 2835 } 2836 memset(&store, 0, sizeof(union sctp_sockstore)); 2837 store.sin.sin_family = AF_INET; 2838 store.sin.sin_len = sizeof(struct sockaddr_in); 2839 store.sin.sin_port = stcb->rport; 2840 store.sin.sin_addr.s_addr = a4p->addr; 2841 break; 2842 } 2843 #endif 2844 default: 2845 goto next_addr; 2846 } 2847 2848 /* see if this address really (still) exists */ 2849 sctp_ifa = sctp_find_ifa_by_addr(&store.sa, stcb->asoc.vrf_id, 2850 SCTP_ADDR_NOT_LOCKED); 2851 if (sctp_ifa == NULL) { 2852 /* address doesn't exist anymore */ 2853 int status; 2854 2855 /* are ASCONFs allowed ? */ 2856 if ((sctp_is_feature_on(stcb->sctp_ep, 2857 SCTP_PCB_FLAGS_DO_ASCONF)) && 2858 stcb->asoc.asconf_supported) { 2859 /* queue an ASCONF DEL_IP_ADDRESS */ 2860 status = sctp_asconf_queue_sa_delete(stcb, &store.sa); 2861 /* 2862 * if queued ok, and in correct state, send 2863 * out the ASCONF. 2864 */ 2865 if (status == 0 && 2866 SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) { 2867 #ifdef SCTP_TIMER_BASED_ASCONF 2868 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, 2869 stcb->sctp_ep, stcb, 2870 stcb->asoc.primary_destination); 2871 #else 2872 sctp_send_asconf(stcb, NULL, SCTP_ADDR_NOT_LOCKED); 2873 #endif 2874 } 2875 } 2876 } 2877 2878 next_addr: 2879 /* 2880 * Sanity check: Make sure the length isn't 0, otherwise 2881 * we'll be stuck in this loop for a long time... 2882 */ 2883 if (SCTP_SIZE32(plen) == 0) { 2884 SCTP_PRINTF("process_initack_addrs: bad len (%d) type=%xh\n", 2885 plen, ptype); 2886 return; 2887 } 2888 /* get next parameter */ 2889 offset += SCTP_SIZE32(plen); 2890 if ((offset + sizeof(struct sctp_paramhdr)) > length) 2891 return; 2892 ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, 2893 sizeof(struct sctp_paramhdr), (uint8_t *)&tmp_param); 2894 } /* while */ 2895 } 2896 2897 /* FIX ME: need to verify return result for v6 address type if v6 disabled */ 2898 /* 2899 * checks to see if a specific address is in the initack address list returns 2900 * 1 if found, 0 if not 2901 */ 2902 static uint32_t 2903 sctp_addr_in_initack(struct mbuf *m, uint32_t offset, uint32_t length, struct sockaddr *sa) 2904 { 2905 struct sctp_paramhdr tmp_param, *ph; 2906 uint16_t plen, ptype; 2907 #ifdef INET 2908 struct sockaddr_in *sin; 2909 struct sctp_ipv4addr_param *a4p; 2910 struct sctp_ipv6addr_param addr4_store; 2911 #endif 2912 #ifdef INET6 2913 struct sockaddr_in6 *sin6; 2914 struct sctp_ipv6addr_param *a6p; 2915 struct sctp_ipv6addr_param addr6_store; 2916 struct sockaddr_in6 sin6_tmp; 2917 #endif 2918 2919 switch (sa->sa_family) { 2920 #ifdef INET 2921 case AF_INET: 2922 break; 2923 #endif 2924 #ifdef INET6 2925 case AF_INET6: 2926 break; 2927 #endif 2928 default: 2929 return (0); 2930 } 2931 2932 SCTPDBG(SCTP_DEBUG_ASCONF2, "find_initack_addr: starting search for "); 2933 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF2, sa); 2934 /* convert to upper bound */ 2935 length += offset; 2936 2937 if ((offset + sizeof(struct sctp_paramhdr)) > length) { 2938 SCTPDBG(SCTP_DEBUG_ASCONF1, 2939 "find_initack_addr: invalid offset?\n"); 2940 return (0); 2941 } 2942 /* go through the addresses in the init-ack */ 2943 ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, 2944 sizeof(struct sctp_paramhdr), (uint8_t *)&tmp_param); 2945 while (ph != NULL) { 2946 ptype = ntohs(ph->param_type); 2947 plen = ntohs(ph->param_length); 2948 switch (ptype) { 2949 #ifdef INET6 2950 case SCTP_IPV6_ADDRESS: 2951 if (sa->sa_family == AF_INET6) { 2952 /* get the entire IPv6 address param */ 2953 if (plen != sizeof(struct sctp_ipv6addr_param)) { 2954 break; 2955 } 2956 /* get the entire IPv6 address param */ 2957 a6p = (struct sctp_ipv6addr_param *) 2958 sctp_m_getptr(m, offset, 2959 sizeof(struct sctp_ipv6addr_param), 2960 (uint8_t *)&addr6_store); 2961 if (a6p == NULL) { 2962 return (0); 2963 } 2964 sin6 = (struct sockaddr_in6 *)sa; 2965 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) { 2966 /* create a copy and clear scope */ 2967 memcpy(&sin6_tmp, sin6, 2968 sizeof(struct sockaddr_in6)); 2969 sin6 = &sin6_tmp; 2970 in6_clearscope(&sin6->sin6_addr); 2971 } 2972 if (memcmp(&sin6->sin6_addr, a6p->addr, 2973 sizeof(struct in6_addr)) == 0) { 2974 /* found it */ 2975 return (1); 2976 } 2977 } 2978 break; 2979 #endif /* INET6 */ 2980 #ifdef INET 2981 case SCTP_IPV4_ADDRESS: 2982 if (sa->sa_family == AF_INET) { 2983 if (plen != sizeof(struct sctp_ipv4addr_param)) { 2984 break; 2985 } 2986 /* get the entire IPv4 address param */ 2987 a4p = (struct sctp_ipv4addr_param *) 2988 sctp_m_getptr(m, offset, 2989 sizeof(struct sctp_ipv4addr_param), 2990 (uint8_t *)&addr4_store); 2991 if (a4p == NULL) { 2992 return (0); 2993 } 2994 sin = (struct sockaddr_in *)sa; 2995 if (sin->sin_addr.s_addr == a4p->addr) { 2996 /* found it */ 2997 return (1); 2998 } 2999 } 3000 break; 3001 #endif 3002 default: 3003 break; 3004 } 3005 /* get next parameter */ 3006 offset += SCTP_SIZE32(plen); 3007 if (offset + sizeof(struct sctp_paramhdr) > length) { 3008 return (0); 3009 } 3010 ph = (struct sctp_paramhdr *) 3011 sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr), 3012 (uint8_t *)&tmp_param); 3013 } /* while */ 3014 /* not found! */ 3015 return (0); 3016 } 3017 3018 /* 3019 * makes sure that the current endpoint local addr list is consistent with 3020 * the new association (eg. subset bound, asconf allowed) adds addresses as 3021 * necessary 3022 */ 3023 static void 3024 sctp_check_address_list_ep(struct sctp_tcb *stcb, struct mbuf *m, int offset, 3025 int length, struct sockaddr *init_addr) 3026 { 3027 struct sctp_laddr *laddr; 3028 3029 /* go through the endpoint list */ 3030 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) { 3031 /* be paranoid and validate the laddr */ 3032 if (laddr->ifa == NULL) { 3033 SCTPDBG(SCTP_DEBUG_ASCONF1, 3034 "check_addr_list_ep: laddr->ifa is NULL"); 3035 continue; 3036 } 3037 if (laddr->ifa == NULL) { 3038 SCTPDBG(SCTP_DEBUG_ASCONF1, "check_addr_list_ep: laddr->ifa->ifa_addr is NULL"); 3039 continue; 3040 } 3041 /* do i have it implicitly? */ 3042 if (sctp_cmpaddr(&laddr->ifa->address.sa, init_addr)) { 3043 continue; 3044 } 3045 /* check to see if in the init-ack */ 3046 if (!sctp_addr_in_initack(m, offset, length, &laddr->ifa->address.sa)) { 3047 /* try to add it */ 3048 sctp_addr_mgmt_assoc(stcb->sctp_ep, stcb, laddr->ifa, 3049 SCTP_ADD_IP_ADDRESS, SCTP_ADDR_NOT_LOCKED); 3050 } 3051 } 3052 } 3053 3054 /* 3055 * makes sure that the current kernel address list is consistent with the new 3056 * association (with all addrs bound) adds addresses as necessary 3057 */ 3058 static void 3059 sctp_check_address_list_all(struct sctp_tcb *stcb, struct mbuf *m, int offset, 3060 int length, struct sockaddr *init_addr, 3061 uint16_t local_scope, uint16_t site_scope, 3062 uint16_t ipv4_scope, uint16_t loopback_scope) 3063 { 3064 struct sctp_vrf *vrf = NULL; 3065 struct sctp_ifn *sctp_ifn; 3066 struct sctp_ifa *sctp_ifa; 3067 uint32_t vrf_id; 3068 #ifdef INET 3069 struct sockaddr_in *sin; 3070 #endif 3071 #ifdef INET6 3072 struct sockaddr_in6 *sin6; 3073 #endif 3074 3075 if (stcb) { 3076 vrf_id = stcb->asoc.vrf_id; 3077 } else { 3078 return; 3079 } 3080 SCTP_IPI_ADDR_RLOCK(); 3081 vrf = sctp_find_vrf(vrf_id); 3082 if (vrf == NULL) { 3083 SCTP_IPI_ADDR_RUNLOCK(); 3084 return; 3085 } 3086 /* go through all our known interfaces */ 3087 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 3088 if (loopback_scope == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 3089 /* skip loopback interface */ 3090 continue; 3091 } 3092 /* go through each interface address */ 3093 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 3094 /* do i have it implicitly? */ 3095 if (sctp_cmpaddr(&sctp_ifa->address.sa, init_addr)) { 3096 continue; 3097 } 3098 switch (sctp_ifa->address.sa.sa_family) { 3099 #ifdef INET 3100 case AF_INET: 3101 sin = &sctp_ifa->address.sin; 3102 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 3103 &sin->sin_addr) != 0) { 3104 continue; 3105 } 3106 if ((ipv4_scope == 0) && 3107 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 3108 /* private address not in scope */ 3109 continue; 3110 } 3111 break; 3112 #endif 3113 #ifdef INET6 3114 case AF_INET6: 3115 sin6 = &sctp_ifa->address.sin6; 3116 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 3117 &sin6->sin6_addr) != 0) { 3118 continue; 3119 } 3120 if ((local_scope == 0) && 3121 (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) { 3122 continue; 3123 } 3124 if ((site_scope == 0) && 3125 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 3126 continue; 3127 } 3128 break; 3129 #endif 3130 default: 3131 break; 3132 } 3133 /* check to see if in the init-ack */ 3134 if (!sctp_addr_in_initack(m, offset, length, &sctp_ifa->address.sa)) { 3135 /* try to add it */ 3136 sctp_addr_mgmt_assoc(stcb->sctp_ep, stcb, 3137 sctp_ifa, SCTP_ADD_IP_ADDRESS, 3138 SCTP_ADDR_LOCKED); 3139 } 3140 } /* end foreach ifa */ 3141 } /* end foreach ifn */ 3142 SCTP_IPI_ADDR_RUNLOCK(); 3143 } 3144 3145 /* 3146 * validates an init-ack chunk (from a cookie-echo) with current addresses 3147 * adds addresses from the init-ack into our local address list, if needed 3148 * queues asconf adds/deletes addresses as needed and makes appropriate list 3149 * changes for source address selection m, offset: points to the start of the 3150 * address list in an init-ack chunk length: total length of the address 3151 * params only init_addr: address where my INIT-ACK was sent from 3152 */ 3153 void 3154 sctp_check_address_list(struct sctp_tcb *stcb, struct mbuf *m, int offset, 3155 int length, struct sockaddr *init_addr, 3156 uint16_t local_scope, uint16_t site_scope, 3157 uint16_t ipv4_scope, uint16_t loopback_scope) 3158 { 3159 /* process the local addresses in the initack */ 3160 sctp_process_initack_addresses(stcb, m, offset, length); 3161 3162 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3163 /* bound all case */ 3164 sctp_check_address_list_all(stcb, m, offset, length, init_addr, 3165 local_scope, site_scope, ipv4_scope, loopback_scope); 3166 } else { 3167 /* subset bound case */ 3168 if (sctp_is_feature_on(stcb->sctp_ep, 3169 SCTP_PCB_FLAGS_DO_ASCONF)) { 3170 /* asconf's allowed */ 3171 sctp_check_address_list_ep(stcb, m, offset, length, 3172 init_addr); 3173 } 3174 /* else, no asconfs allowed, so what we sent is what we get */ 3175 } 3176 } 3177 3178 /* 3179 * sctp_bindx() support 3180 */ 3181 uint32_t 3182 sctp_addr_mgmt_ep_sa(struct sctp_inpcb *inp, struct sockaddr *sa, 3183 uint32_t type, uint32_t vrf_id, struct sctp_ifa *sctp_ifap) 3184 { 3185 struct sctp_ifa *ifa; 3186 struct sctp_laddr *laddr, *nladdr; 3187 3188 if (sa->sa_len == 0) { 3189 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, EINVAL); 3190 return (EINVAL); 3191 } 3192 if (sctp_ifap) { 3193 ifa = sctp_ifap; 3194 } else if (type == SCTP_ADD_IP_ADDRESS) { 3195 /* For an add the address MUST be on the system */ 3196 ifa = sctp_find_ifa_by_addr(sa, vrf_id, SCTP_ADDR_NOT_LOCKED); 3197 } else if (type == SCTP_DEL_IP_ADDRESS) { 3198 /* For a delete we need to find it in the inp */ 3199 ifa = sctp_find_ifa_in_ep(inp, sa, SCTP_ADDR_NOT_LOCKED); 3200 } else { 3201 ifa = NULL; 3202 } 3203 if (ifa != NULL) { 3204 if (type == SCTP_ADD_IP_ADDRESS) { 3205 sctp_add_local_addr_ep(inp, ifa, type); 3206 } else if (type == SCTP_DEL_IP_ADDRESS) { 3207 if (inp->laddr_count < 2) { 3208 /* can't delete the last local address */ 3209 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, EINVAL); 3210 return (EINVAL); 3211 } 3212 LIST_FOREACH(laddr, &inp->sctp_addr_list, 3213 sctp_nxt_addr) { 3214 if (ifa == laddr->ifa) { 3215 /* Mark in the delete */ 3216 laddr->action = type; 3217 } 3218 } 3219 } 3220 if (LIST_EMPTY(&inp->sctp_asoc_list)) { 3221 /* 3222 * There is no need to start the iterator if the inp 3223 * has no associations. 3224 */ 3225 if (type == SCTP_DEL_IP_ADDRESS) { 3226 LIST_FOREACH_SAFE(laddr, &inp->sctp_addr_list, sctp_nxt_addr, nladdr) { 3227 if (laddr->ifa == ifa) { 3228 sctp_del_local_addr_ep(inp, ifa); 3229 } 3230 } 3231 } 3232 } else { 3233 struct sctp_asconf_iterator *asc; 3234 struct sctp_laddr *wi; 3235 int ret; 3236 3237 SCTP_MALLOC(asc, struct sctp_asconf_iterator *, 3238 sizeof(struct sctp_asconf_iterator), 3239 SCTP_M_ASC_IT); 3240 if (asc == NULL) { 3241 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, ENOMEM); 3242 return (ENOMEM); 3243 } 3244 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 3245 if (wi == NULL) { 3246 SCTP_FREE(asc, SCTP_M_ASC_IT); 3247 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, ENOMEM); 3248 return (ENOMEM); 3249 } 3250 LIST_INIT(&asc->list_of_work); 3251 asc->cnt = 1; 3252 SCTP_INCR_LADDR_COUNT(); 3253 wi->ifa = ifa; 3254 wi->action = type; 3255 atomic_add_int(&ifa->refcount, 1); 3256 LIST_INSERT_HEAD(&asc->list_of_work, wi, sctp_nxt_addr); 3257 ret = sctp_initiate_iterator(sctp_asconf_iterator_ep, 3258 sctp_asconf_iterator_stcb, 3259 sctp_asconf_iterator_ep_end, 3260 SCTP_PCB_ANY_FLAGS, 3261 SCTP_PCB_ANY_FEATURES, 3262 SCTP_ASOC_ANY_STATE, 3263 (void *)asc, 0, 3264 sctp_asconf_iterator_end, inp, 0); 3265 if (ret) { 3266 SCTP_PRINTF("Failed to initiate iterator for addr_mgmt_ep_sa\n"); 3267 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, EFAULT); 3268 sctp_asconf_iterator_end(asc, 0); 3269 return (EFAULT); 3270 } 3271 } 3272 return (0); 3273 } else { 3274 /* invalid address! */ 3275 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_ASCONF, EADDRNOTAVAIL); 3276 return (EADDRNOTAVAIL); 3277 } 3278 } 3279 3280 void 3281 sctp_asconf_send_nat_state_update(struct sctp_tcb *stcb, 3282 struct sctp_nets *net) 3283 { 3284 struct sctp_asconf_addr *aa; 3285 struct sctp_ifa *sctp_ifap; 3286 struct sctp_asconf_tag_param *vtag; 3287 #ifdef INET 3288 struct sockaddr_in *to; 3289 #endif 3290 #ifdef INET6 3291 struct sockaddr_in6 *to6; 3292 #endif 3293 if (net == NULL) { 3294 SCTPDBG(SCTP_DEBUG_ASCONF1, "sctp_asconf_send_nat_state_update: Missing net\n"); 3295 return; 3296 } 3297 if (stcb == NULL) { 3298 SCTPDBG(SCTP_DEBUG_ASCONF1, "sctp_asconf_send_nat_state_update: Missing stcb\n"); 3299 return; 3300 } 3301 /* 3302 * Need to have in the asconf: - vtagparam(my_vtag/peer_vtag) - 3303 * add(0.0.0.0) - del(0.0.0.0) - Any global addresses add(addr) 3304 */ 3305 SCTP_MALLOC(aa, struct sctp_asconf_addr *, sizeof(*aa), 3306 SCTP_M_ASC_ADDR); 3307 if (aa == NULL) { 3308 /* didn't get memory */ 3309 SCTPDBG(SCTP_DEBUG_ASCONF1, 3310 "sctp_asconf_send_nat_state_update: failed to get memory!\n"); 3311 return; 3312 } 3313 aa->special_del = 0; 3314 /* fill in asconf address parameter fields */ 3315 /* top level elements are "networked" during send */ 3316 aa->ifa = NULL; 3317 aa->sent = 0; /* clear sent flag */ 3318 vtag = (struct sctp_asconf_tag_param *)&aa->ap.aph; 3319 vtag->aph.ph.param_type = SCTP_NAT_VTAGS; 3320 vtag->aph.ph.param_length = sizeof(struct sctp_asconf_tag_param); 3321 vtag->local_vtag = htonl(stcb->asoc.my_vtag); 3322 vtag->remote_vtag = htonl(stcb->asoc.peer_vtag); 3323 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 3324 3325 SCTP_MALLOC(aa, struct sctp_asconf_addr *, sizeof(*aa), 3326 SCTP_M_ASC_ADDR); 3327 if (aa == NULL) { 3328 /* didn't get memory */ 3329 SCTPDBG(SCTP_DEBUG_ASCONF1, 3330 "sctp_asconf_send_nat_state_update: failed to get memory!\n"); 3331 return; 3332 } 3333 memset(aa, 0, sizeof(struct sctp_asconf_addr)); 3334 /* fill in asconf address parameter fields */ 3335 /* ADD(0.0.0.0) */ 3336 switch (net->ro._l_addr.sa.sa_family) { 3337 #ifdef INET 3338 case AF_INET: 3339 aa->ap.aph.ph.param_type = SCTP_ADD_IP_ADDRESS; 3340 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_addrv4_param); 3341 aa->ap.addrp.ph.param_type = SCTP_IPV4_ADDRESS; 3342 aa->ap.addrp.ph.param_length = sizeof(struct sctp_ipv4addr_param); 3343 /* No need to add an address, we are using 0.0.0.0 */ 3344 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 3345 break; 3346 #endif 3347 #ifdef INET6 3348 case AF_INET6: 3349 aa->ap.aph.ph.param_type = SCTP_ADD_IP_ADDRESS; 3350 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_addr_param); 3351 aa->ap.addrp.ph.param_type = SCTP_IPV6_ADDRESS; 3352 aa->ap.addrp.ph.param_length = sizeof(struct sctp_ipv6addr_param); 3353 /* No need to add an address, we are using 0.0.0.0 */ 3354 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 3355 break; 3356 #endif 3357 default: 3358 SCTPDBG(SCTP_DEBUG_ASCONF1, 3359 "sctp_asconf_send_nat_state_update: unknown address family\n"); 3360 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 3361 return; 3362 } 3363 SCTP_MALLOC(aa, struct sctp_asconf_addr *, sizeof(*aa), 3364 SCTP_M_ASC_ADDR); 3365 if (aa == NULL) { 3366 /* didn't get memory */ 3367 SCTPDBG(SCTP_DEBUG_ASCONF1, 3368 "sctp_asconf_send_nat_state_update: failed to get memory!\n"); 3369 return; 3370 } 3371 memset(aa, 0, sizeof(struct sctp_asconf_addr)); 3372 /* fill in asconf address parameter fields */ 3373 /* ADD(0.0.0.0) */ 3374 switch (net->ro._l_addr.sa.sa_family) { 3375 #ifdef INET 3376 case AF_INET: 3377 aa->ap.aph.ph.param_type = SCTP_ADD_IP_ADDRESS; 3378 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_addrv4_param); 3379 aa->ap.addrp.ph.param_type = SCTP_IPV4_ADDRESS; 3380 aa->ap.addrp.ph.param_length = sizeof(struct sctp_ipv4addr_param); 3381 /* No need to add an address, we are using 0.0.0.0 */ 3382 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 3383 break; 3384 #endif 3385 #ifdef INET6 3386 case AF_INET6: 3387 aa->ap.aph.ph.param_type = SCTP_DEL_IP_ADDRESS; 3388 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_addr_param); 3389 aa->ap.addrp.ph.param_type = SCTP_IPV6_ADDRESS; 3390 aa->ap.addrp.ph.param_length = sizeof(struct sctp_ipv6addr_param); 3391 /* No need to add an address, we are using 0.0.0.0 */ 3392 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 3393 break; 3394 #endif 3395 default: 3396 SCTPDBG(SCTP_DEBUG_ASCONF1, 3397 "sctp_asconf_send_nat_state_update: unknown address family\n"); 3398 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 3399 return; 3400 } 3401 /* Now we must hunt the addresses and add all global addresses */ 3402 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3403 struct sctp_vrf *vrf = NULL; 3404 struct sctp_ifn *sctp_ifnp; 3405 uint32_t vrf_id; 3406 3407 vrf_id = stcb->sctp_ep->def_vrf_id; 3408 vrf = sctp_find_vrf(vrf_id); 3409 if (vrf == NULL) { 3410 goto skip_rest; 3411 } 3412 3413 SCTP_IPI_ADDR_RLOCK(); 3414 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 3415 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 3416 switch (sctp_ifap->address.sa.sa_family) { 3417 #ifdef INET 3418 case AF_INET: 3419 to = &sctp_ifap->address.sin; 3420 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 3421 &to->sin_addr) != 0) { 3422 continue; 3423 } 3424 if (IN4_ISPRIVATE_ADDRESS(&to->sin_addr)) { 3425 continue; 3426 } 3427 if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 3428 continue; 3429 } 3430 break; 3431 #endif 3432 #ifdef INET6 3433 case AF_INET6: 3434 to6 = &sctp_ifap->address.sin6; 3435 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 3436 &to6->sin6_addr) != 0) { 3437 continue; 3438 } 3439 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr)) { 3440 continue; 3441 } 3442 if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) { 3443 continue; 3444 } 3445 break; 3446 #endif 3447 default: 3448 continue; 3449 } 3450 sctp_asconf_queue_mgmt(stcb, sctp_ifap, SCTP_ADD_IP_ADDRESS); 3451 } 3452 } 3453 SCTP_IPI_ADDR_RUNLOCK(); 3454 } else { 3455 struct sctp_laddr *laddr; 3456 3457 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) { 3458 if (laddr->ifa == NULL) { 3459 continue; 3460 } 3461 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) 3462 /* 3463 * Address being deleted by the system, dont 3464 * list. 3465 */ 3466 continue; 3467 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 3468 /* 3469 * Address being deleted on this ep don't 3470 * list. 3471 */ 3472 continue; 3473 } 3474 sctp_ifap = laddr->ifa; 3475 switch (sctp_ifap->address.sa.sa_family) { 3476 #ifdef INET 3477 case AF_INET: 3478 to = &sctp_ifap->address.sin; 3479 if (IN4_ISPRIVATE_ADDRESS(&to->sin_addr)) { 3480 continue; 3481 } 3482 if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 3483 continue; 3484 } 3485 break; 3486 #endif 3487 #ifdef INET6 3488 case AF_INET6: 3489 to6 = &sctp_ifap->address.sin6; 3490 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr)) { 3491 continue; 3492 } 3493 if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) { 3494 continue; 3495 } 3496 break; 3497 #endif 3498 default: 3499 continue; 3500 } 3501 sctp_asconf_queue_mgmt(stcb, sctp_ifap, SCTP_ADD_IP_ADDRESS); 3502 } 3503 } 3504 skip_rest: 3505 /* Now we must send the asconf into the queue */ 3506 sctp_send_asconf(stcb, net, SCTP_ADDR_NOT_LOCKED); 3507 } 3508