1 /*- 2 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved. 3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * a) Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * 12 * b) Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the distribution. 15 * 16 * c) Neither the name of Cisco Systems, Inc. nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 30 * THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include <netinet/sctp_os.h> 37 #include <netinet/sctp_var.h> 38 #include <netinet/sctp_sysctl.h> 39 #include <netinet/sctp_pcb.h> 40 #include <netinet/sctp_header.h> 41 #include <netinet/sctputil.h> 42 #include <netinet/sctp_output.h> 43 #include <netinet/sctp_asconf.h> 44 #include <netinet/sctp_timer.h> 45 46 /* 47 * debug flags: 48 * SCTP_DEBUG_ASCONF1: protocol info, general info and errors 49 * SCTP_DEBUG_ASCONF2: detailed info 50 */ 51 52 53 /* 54 * RFC 5061 55 * 56 * An ASCONF parameter queue exists per asoc which holds the pending address 57 * operations. Lists are updated upon receipt of ASCONF-ACK. 58 * 59 * A restricted_addrs list exists per assoc to hold local addresses that are 60 * not (yet) usable by the assoc as a source address. These addresses are 61 * either pending an ASCONF operation (and exist on the ASCONF parameter 62 * queue), or they are permanently restricted (the peer has returned an 63 * ERROR indication to an ASCONF(ADD), or the peer does not support ASCONF). 64 * 65 * Deleted addresses are always immediately removed from the lists as they will 66 * (shortly) no longer exist in the kernel. We send ASCONFs as a courtesy, 67 * only if allowed. 68 */ 69 70 /* 71 * ASCONF parameter processing. 72 * response_required: set if a reply is required (eg. SUCCESS_REPORT). 73 * returns a mbuf to an "error" response parameter or NULL/"success" if ok. 74 * FIX: allocating this many mbufs on the fly is pretty inefficient... 75 */ 76 static struct mbuf * 77 sctp_asconf_success_response(uint32_t id) 78 { 79 struct mbuf *m_reply = NULL; 80 struct sctp_asconf_paramhdr *aph; 81 82 m_reply = sctp_get_mbuf_for_msg(sizeof(struct sctp_asconf_paramhdr), 83 0, M_NOWAIT, 1, MT_DATA); 84 if (m_reply == NULL) { 85 SCTPDBG(SCTP_DEBUG_ASCONF1, 86 "asconf_success_response: couldn't get mbuf!\n"); 87 return (NULL); 88 } 89 aph = mtod(m_reply, struct sctp_asconf_paramhdr *); 90 aph->correlation_id = id; 91 aph->ph.param_type = htons(SCTP_SUCCESS_REPORT); 92 aph->ph.param_length = sizeof(struct sctp_asconf_paramhdr); 93 SCTP_BUF_LEN(m_reply) = aph->ph.param_length; 94 aph->ph.param_length = htons(aph->ph.param_length); 95 96 return (m_reply); 97 } 98 99 static struct mbuf * 100 sctp_asconf_error_response(uint32_t id, uint16_t cause, uint8_t * error_tlv, 101 uint16_t tlv_length) 102 { 103 struct mbuf *m_reply = NULL; 104 struct sctp_asconf_paramhdr *aph; 105 struct sctp_error_cause *error; 106 uint8_t *tlv; 107 108 m_reply = sctp_get_mbuf_for_msg((sizeof(struct sctp_asconf_paramhdr) + 109 tlv_length + 110 sizeof(struct sctp_error_cause)), 111 0, M_NOWAIT, 1, MT_DATA); 112 if (m_reply == NULL) { 113 SCTPDBG(SCTP_DEBUG_ASCONF1, 114 "asconf_error_response: couldn't get mbuf!\n"); 115 return (NULL); 116 } 117 aph = mtod(m_reply, struct sctp_asconf_paramhdr *); 118 error = (struct sctp_error_cause *)(aph + 1); 119 120 aph->correlation_id = id; 121 aph->ph.param_type = htons(SCTP_ERROR_CAUSE_IND); 122 error->code = htons(cause); 123 error->length = tlv_length + sizeof(struct sctp_error_cause); 124 aph->ph.param_length = error->length + 125 sizeof(struct sctp_asconf_paramhdr); 126 127 if (aph->ph.param_length > MLEN) { 128 SCTPDBG(SCTP_DEBUG_ASCONF1, 129 "asconf_error_response: tlv_length (%xh) too big\n", 130 tlv_length); 131 sctp_m_freem(m_reply); /* discard */ 132 return (NULL); 133 } 134 if (error_tlv != NULL) { 135 tlv = (uint8_t *) (error + 1); 136 memcpy(tlv, error_tlv, tlv_length); 137 } 138 SCTP_BUF_LEN(m_reply) = aph->ph.param_length; 139 error->length = htons(error->length); 140 aph->ph.param_length = htons(aph->ph.param_length); 141 142 return (m_reply); 143 } 144 145 static struct mbuf * 146 sctp_process_asconf_add_ip(struct sockaddr *src, struct sctp_asconf_paramhdr *aph, 147 struct sctp_tcb *stcb, int send_hb, int response_required) 148 { 149 struct sctp_nets *net; 150 struct mbuf *m_reply = NULL; 151 union sctp_sockstore store; 152 struct sctp_paramhdr *ph; 153 uint16_t param_type, aparam_length; 154 155 #if defined(INET) || defined(INET6) 156 uint16_t param_length; 157 158 #endif 159 struct sockaddr *sa; 160 int zero_address = 0; 161 int bad_address = 0; 162 163 #ifdef INET 164 struct sockaddr_in *sin; 165 struct sctp_ipv4addr_param *v4addr; 166 167 #endif 168 #ifdef INET6 169 struct sockaddr_in6 *sin6; 170 struct sctp_ipv6addr_param *v6addr; 171 172 #endif 173 174 aparam_length = ntohs(aph->ph.param_length); 175 ph = (struct sctp_paramhdr *)(aph + 1); 176 param_type = ntohs(ph->param_type); 177 #if defined(INET) || defined(INET6) 178 param_length = ntohs(ph->param_length); 179 #endif 180 sa = &store.sa; 181 switch (param_type) { 182 #ifdef INET 183 case SCTP_IPV4_ADDRESS: 184 if (param_length != sizeof(struct sctp_ipv4addr_param)) { 185 /* invalid param size */ 186 return (NULL); 187 } 188 v4addr = (struct sctp_ipv4addr_param *)ph; 189 sin = &store.sin; 190 bzero(sin, sizeof(*sin)); 191 sin->sin_family = AF_INET; 192 sin->sin_len = sizeof(struct sockaddr_in); 193 sin->sin_port = stcb->rport; 194 sin->sin_addr.s_addr = v4addr->addr; 195 if ((sin->sin_addr.s_addr == INADDR_BROADCAST) || 196 IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { 197 bad_address = 1; 198 } 199 if (sin->sin_addr.s_addr == INADDR_ANY) 200 zero_address = 1; 201 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_add_ip: adding "); 202 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 203 break; 204 #endif 205 #ifdef INET6 206 case SCTP_IPV6_ADDRESS: 207 if (param_length != sizeof(struct sctp_ipv6addr_param)) { 208 /* invalid param size */ 209 return (NULL); 210 } 211 v6addr = (struct sctp_ipv6addr_param *)ph; 212 sin6 = &store.sin6; 213 bzero(sin6, sizeof(*sin6)); 214 sin6->sin6_family = AF_INET6; 215 sin6->sin6_len = sizeof(struct sockaddr_in6); 216 sin6->sin6_port = stcb->rport; 217 memcpy((caddr_t)&sin6->sin6_addr, v6addr->addr, 218 sizeof(struct in6_addr)); 219 if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 220 bad_address = 1; 221 } 222 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) 223 zero_address = 1; 224 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_add_ip: adding "); 225 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 226 break; 227 #endif 228 default: 229 m_reply = sctp_asconf_error_response(aph->correlation_id, 230 SCTP_CAUSE_INVALID_PARAM, (uint8_t *) aph, 231 aparam_length); 232 return (m_reply); 233 } /* end switch */ 234 235 /* if 0.0.0.0/::0, add the source address instead */ 236 if (zero_address && SCTP_BASE_SYSCTL(sctp_nat_friendly)) { 237 sa = src; 238 SCTPDBG(SCTP_DEBUG_ASCONF1, 239 "process_asconf_add_ip: using source addr "); 240 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, src); 241 } 242 /* add the address */ 243 if (bad_address) { 244 m_reply = sctp_asconf_error_response(aph->correlation_id, 245 SCTP_CAUSE_INVALID_PARAM, (uint8_t *) aph, 246 aparam_length); 247 } else if (sctp_add_remote_addr(stcb, sa, &net, stcb->asoc.port, 248 SCTP_DONOT_SETSCOPE, 249 SCTP_ADDR_DYNAMIC_ADDED) != 0) { 250 SCTPDBG(SCTP_DEBUG_ASCONF1, 251 "process_asconf_add_ip: error adding address\n"); 252 m_reply = sctp_asconf_error_response(aph->correlation_id, 253 SCTP_CAUSE_RESOURCE_SHORTAGE, (uint8_t *) aph, 254 aparam_length); 255 } else { 256 /* notify upper layer */ 257 sctp_ulp_notify(SCTP_NOTIFY_ASCONF_ADD_IP, stcb, 0, sa, SCTP_SO_NOT_LOCKED); 258 if (response_required) { 259 m_reply = 260 sctp_asconf_success_response(aph->correlation_id); 261 } 262 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb, net); 263 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, 264 stcb, net); 265 if (send_hb) { 266 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED); 267 } 268 } 269 return (m_reply); 270 } 271 272 static int 273 sctp_asconf_del_remote_addrs_except(struct sctp_tcb *stcb, struct sockaddr *src) 274 { 275 struct sctp_nets *src_net, *net; 276 277 /* make sure the source address exists as a destination net */ 278 src_net = sctp_findnet(stcb, src); 279 if (src_net == NULL) { 280 /* not found */ 281 return (-1); 282 } 283 /* delete all destination addresses except the source */ 284 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 285 if (net != src_net) { 286 /* delete this address */ 287 sctp_remove_net(stcb, net); 288 SCTPDBG(SCTP_DEBUG_ASCONF1, 289 "asconf_del_remote_addrs_except: deleting "); 290 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, 291 (struct sockaddr *)&net->ro._l_addr); 292 /* notify upper layer */ 293 sctp_ulp_notify(SCTP_NOTIFY_ASCONF_DELETE_IP, stcb, 0, 294 (struct sockaddr *)&net->ro._l_addr, SCTP_SO_NOT_LOCKED); 295 } 296 } 297 return (0); 298 } 299 300 static struct mbuf * 301 sctp_process_asconf_delete_ip(struct sockaddr *src, 302 struct sctp_asconf_paramhdr *aph, 303 struct sctp_tcb *stcb, int response_required) 304 { 305 struct mbuf *m_reply = NULL; 306 union sctp_sockstore store; 307 struct sctp_paramhdr *ph; 308 uint16_t param_type, aparam_length; 309 310 #if defined(INET) || defined(INET6) 311 uint16_t param_length; 312 313 #endif 314 struct sockaddr *sa; 315 int zero_address = 0; 316 int result; 317 318 #ifdef INET 319 struct sockaddr_in *sin; 320 struct sctp_ipv4addr_param *v4addr; 321 322 #endif 323 #ifdef INET6 324 struct sockaddr_in6 *sin6; 325 struct sctp_ipv6addr_param *v6addr; 326 327 #endif 328 329 aparam_length = ntohs(aph->ph.param_length); 330 ph = (struct sctp_paramhdr *)(aph + 1); 331 param_type = ntohs(ph->param_type); 332 #if defined(INET) || defined(INET6) 333 param_length = ntohs(ph->param_length); 334 #endif 335 sa = &store.sa; 336 switch (param_type) { 337 #ifdef INET 338 case SCTP_IPV4_ADDRESS: 339 if (param_length != sizeof(struct sctp_ipv4addr_param)) { 340 /* invalid param size */ 341 return (NULL); 342 } 343 v4addr = (struct sctp_ipv4addr_param *)ph; 344 sin = &store.sin; 345 bzero(sin, sizeof(*sin)); 346 sin->sin_family = AF_INET; 347 sin->sin_len = sizeof(struct sockaddr_in); 348 sin->sin_port = stcb->rport; 349 sin->sin_addr.s_addr = v4addr->addr; 350 if (sin->sin_addr.s_addr == INADDR_ANY) 351 zero_address = 1; 352 SCTPDBG(SCTP_DEBUG_ASCONF1, 353 "process_asconf_delete_ip: deleting "); 354 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 355 break; 356 #endif 357 #ifdef INET6 358 case SCTP_IPV6_ADDRESS: 359 if (param_length != sizeof(struct sctp_ipv6addr_param)) { 360 /* invalid param size */ 361 return (NULL); 362 } 363 v6addr = (struct sctp_ipv6addr_param *)ph; 364 sin6 = &store.sin6; 365 bzero(sin6, sizeof(*sin6)); 366 sin6->sin6_family = AF_INET6; 367 sin6->sin6_len = sizeof(struct sockaddr_in6); 368 sin6->sin6_port = stcb->rport; 369 memcpy(&sin6->sin6_addr, v6addr->addr, 370 sizeof(struct in6_addr)); 371 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) 372 zero_address = 1; 373 SCTPDBG(SCTP_DEBUG_ASCONF1, 374 "process_asconf_delete_ip: deleting "); 375 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 376 break; 377 #endif 378 default: 379 m_reply = sctp_asconf_error_response(aph->correlation_id, 380 SCTP_CAUSE_UNRESOLVABLE_ADDR, (uint8_t *) aph, 381 aparam_length); 382 return (m_reply); 383 } 384 385 /* make sure the source address is not being deleted */ 386 if (sctp_cmpaddr(sa, src)) { 387 /* trying to delete the source address! */ 388 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_delete_ip: tried to delete source addr\n"); 389 m_reply = sctp_asconf_error_response(aph->correlation_id, 390 SCTP_CAUSE_DELETING_SRC_ADDR, (uint8_t *) aph, 391 aparam_length); 392 return (m_reply); 393 } 394 /* if deleting 0.0.0.0/::0, delete all addresses except src addr */ 395 if (zero_address && SCTP_BASE_SYSCTL(sctp_nat_friendly)) { 396 result = sctp_asconf_del_remote_addrs_except(stcb, src); 397 398 if (result) { 399 /* src address did not exist? */ 400 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_delete_ip: src addr does not exist?\n"); 401 /* what error to reply with?? */ 402 m_reply = 403 sctp_asconf_error_response(aph->correlation_id, 404 SCTP_CAUSE_REQUEST_REFUSED, (uint8_t *) aph, 405 aparam_length); 406 } else if (response_required) { 407 m_reply = 408 sctp_asconf_success_response(aph->correlation_id); 409 } 410 return (m_reply); 411 } 412 /* delete the address */ 413 result = sctp_del_remote_addr(stcb, sa); 414 /* 415 * note if result == -2, the address doesn't exist in the asoc but 416 * since it's being deleted anyways, we just ack the delete -- but 417 * this probably means something has already gone awry 418 */ 419 if (result == -1) { 420 /* only one address in the asoc */ 421 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_delete_ip: tried to delete last IP addr!\n"); 422 m_reply = sctp_asconf_error_response(aph->correlation_id, 423 SCTP_CAUSE_DELETING_LAST_ADDR, (uint8_t *) aph, 424 aparam_length); 425 } else { 426 if (response_required) { 427 m_reply = sctp_asconf_success_response(aph->correlation_id); 428 } 429 /* notify upper layer */ 430 sctp_ulp_notify(SCTP_NOTIFY_ASCONF_DELETE_IP, stcb, 0, sa, SCTP_SO_NOT_LOCKED); 431 } 432 return (m_reply); 433 } 434 435 static struct mbuf * 436 sctp_process_asconf_set_primary(struct sockaddr *src, 437 struct sctp_asconf_paramhdr *aph, 438 struct sctp_tcb *stcb, int response_required) 439 { 440 struct mbuf *m_reply = NULL; 441 union sctp_sockstore store; 442 struct sctp_paramhdr *ph; 443 uint16_t param_type, aparam_length; 444 445 #if defined(INET) || defined(INET6) 446 uint16_t param_length; 447 448 #endif 449 struct sockaddr *sa; 450 int zero_address = 0; 451 452 #ifdef INET 453 struct sockaddr_in *sin; 454 struct sctp_ipv4addr_param *v4addr; 455 456 #endif 457 #ifdef INET6 458 struct sockaddr_in6 *sin6; 459 struct sctp_ipv6addr_param *v6addr; 460 461 #endif 462 463 aparam_length = ntohs(aph->ph.param_length); 464 ph = (struct sctp_paramhdr *)(aph + 1); 465 param_type = ntohs(ph->param_type); 466 #if defined(INET) || defined(INET6) 467 param_length = ntohs(ph->param_length); 468 #endif 469 sa = &store.sa; 470 switch (param_type) { 471 #ifdef INET 472 case SCTP_IPV4_ADDRESS: 473 if (param_length != sizeof(struct sctp_ipv4addr_param)) { 474 /* invalid param size */ 475 return (NULL); 476 } 477 v4addr = (struct sctp_ipv4addr_param *)ph; 478 sin = &store.sin; 479 bzero(sin, sizeof(*sin)); 480 sin->sin_family = AF_INET; 481 sin->sin_len = sizeof(struct sockaddr_in); 482 sin->sin_addr.s_addr = v4addr->addr; 483 if (sin->sin_addr.s_addr == INADDR_ANY) 484 zero_address = 1; 485 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_set_primary: "); 486 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 487 break; 488 #endif 489 #ifdef INET6 490 case SCTP_IPV6_ADDRESS: 491 if (param_length != sizeof(struct sctp_ipv6addr_param)) { 492 /* invalid param size */ 493 return (NULL); 494 } 495 v6addr = (struct sctp_ipv6addr_param *)ph; 496 sin6 = &store.sin6; 497 bzero(sin6, sizeof(*sin6)); 498 sin6->sin6_family = AF_INET6; 499 sin6->sin6_len = sizeof(struct sockaddr_in6); 500 memcpy((caddr_t)&sin6->sin6_addr, v6addr->addr, 501 sizeof(struct in6_addr)); 502 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) 503 zero_address = 1; 504 SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_set_primary: "); 505 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 506 break; 507 #endif 508 default: 509 m_reply = sctp_asconf_error_response(aph->correlation_id, 510 SCTP_CAUSE_UNRESOLVABLE_ADDR, (uint8_t *) aph, 511 aparam_length); 512 return (m_reply); 513 } 514 515 /* if 0.0.0.0/::0, use the source address instead */ 516 if (zero_address && SCTP_BASE_SYSCTL(sctp_nat_friendly)) { 517 sa = src; 518 SCTPDBG(SCTP_DEBUG_ASCONF1, 519 "process_asconf_set_primary: using source addr "); 520 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, src); 521 } 522 /* set the primary address */ 523 if (sctp_set_primary_addr(stcb, sa, NULL) == 0) { 524 SCTPDBG(SCTP_DEBUG_ASCONF1, 525 "process_asconf_set_primary: primary address set\n"); 526 /* notify upper layer */ 527 sctp_ulp_notify(SCTP_NOTIFY_ASCONF_SET_PRIMARY, stcb, 0, sa, SCTP_SO_NOT_LOCKED); 528 if ((stcb->asoc.primary_destination->dest_state & SCTP_ADDR_REACHABLE) && 529 (!(stcb->asoc.primary_destination->dest_state & SCTP_ADDR_PF)) && 530 (stcb->asoc.alternate)) { 531 sctp_free_remote_addr(stcb->asoc.alternate); 532 stcb->asoc.alternate = NULL; 533 } 534 if (response_required) { 535 m_reply = sctp_asconf_success_response(aph->correlation_id); 536 } 537 /* 538 * Mobility adaptation. Ideally, when the reception of SET 539 * PRIMARY with DELETE IP ADDRESS of the previous primary 540 * destination, unacknowledged DATA are retransmitted 541 * immediately to the new primary destination for seamless 542 * handover. If the destination is UNCONFIRMED and marked to 543 * REQ_PRIM, The retransmission occur when reception of the 544 * HEARTBEAT-ACK. (See sctp_handle_heartbeat_ack in 545 * sctp_input.c) Also, when change of the primary 546 * destination, it is better that all subsequent new DATA 547 * containing already queued DATA are transmitted to the new 548 * primary destination. (by micchie) 549 */ 550 if ((sctp_is_mobility_feature_on(stcb->sctp_ep, 551 SCTP_MOBILITY_BASE) || 552 sctp_is_mobility_feature_on(stcb->sctp_ep, 553 SCTP_MOBILITY_FASTHANDOFF)) && 554 sctp_is_mobility_feature_on(stcb->sctp_ep, 555 SCTP_MOBILITY_PRIM_DELETED) && 556 (stcb->asoc.primary_destination->dest_state & 557 SCTP_ADDR_UNCONFIRMED) == 0) { 558 559 sctp_timer_stop(SCTP_TIMER_TYPE_PRIM_DELETED, 560 stcb->sctp_ep, stcb, NULL, 561 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_1); 562 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 563 SCTP_MOBILITY_FASTHANDOFF)) { 564 sctp_assoc_immediate_retrans(stcb, 565 stcb->asoc.primary_destination); 566 } 567 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 568 SCTP_MOBILITY_BASE)) { 569 sctp_move_chunks_from_net(stcb, 570 stcb->asoc.deleted_primary); 571 } 572 sctp_delete_prim_timer(stcb->sctp_ep, stcb, 573 stcb->asoc.deleted_primary); 574 } 575 } else { 576 /* couldn't set the requested primary address! */ 577 SCTPDBG(SCTP_DEBUG_ASCONF1, 578 "process_asconf_set_primary: set primary failed!\n"); 579 /* must have been an invalid address, so report */ 580 m_reply = sctp_asconf_error_response(aph->correlation_id, 581 SCTP_CAUSE_UNRESOLVABLE_ADDR, (uint8_t *) aph, 582 aparam_length); 583 } 584 585 return (m_reply); 586 } 587 588 /* 589 * handles an ASCONF chunk. 590 * if all parameters are processed ok, send a plain (empty) ASCONF-ACK 591 */ 592 void 593 sctp_handle_asconf(struct mbuf *m, unsigned int offset, 594 struct sockaddr *src, 595 struct sctp_asconf_chunk *cp, struct sctp_tcb *stcb, 596 int first) 597 { 598 struct sctp_association *asoc; 599 uint32_t serial_num; 600 struct mbuf *n, *m_ack, *m_result, *m_tail; 601 struct sctp_asconf_ack_chunk *ack_cp; 602 struct sctp_asconf_paramhdr *aph; 603 struct sctp_ipv6addr_param *p_addr; 604 unsigned int asconf_limit, cnt; 605 int error = 0; /* did an error occur? */ 606 607 /* asconf param buffer */ 608 uint8_t aparam_buf[SCTP_PARAM_BUFFER_SIZE]; 609 struct sctp_asconf_ack *ack, *ack_next; 610 611 /* verify minimum length */ 612 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_asconf_chunk)) { 613 SCTPDBG(SCTP_DEBUG_ASCONF1, 614 "handle_asconf: chunk too small = %xh\n", 615 ntohs(cp->ch.chunk_length)); 616 return; 617 } 618 asoc = &stcb->asoc; 619 serial_num = ntohl(cp->serial_number); 620 621 if (SCTP_TSN_GE(asoc->asconf_seq_in, serial_num)) { 622 /* got a duplicate ASCONF */ 623 SCTPDBG(SCTP_DEBUG_ASCONF1, 624 "handle_asconf: got duplicate serial number = %xh\n", 625 serial_num); 626 return; 627 } else if (serial_num != (asoc->asconf_seq_in + 1)) { 628 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: incorrect serial number = %xh (expected next = %xh)\n", 629 serial_num, asoc->asconf_seq_in + 1); 630 return; 631 } 632 /* it's the expected "next" sequence number, so process it */ 633 asoc->asconf_seq_in = serial_num; /* update sequence */ 634 /* get length of all the param's in the ASCONF */ 635 asconf_limit = offset + ntohs(cp->ch.chunk_length); 636 SCTPDBG(SCTP_DEBUG_ASCONF1, 637 "handle_asconf: asconf_limit=%u, sequence=%xh\n", 638 asconf_limit, serial_num); 639 640 if (first) { 641 /* delete old cache */ 642 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: Now processing first ASCONF. Try to delete old cache\n"); 643 644 TAILQ_FOREACH_SAFE(ack, &asoc->asconf_ack_sent, next, ack_next) { 645 if (ack->serial_number == serial_num) 646 break; 647 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: delete old(%u) < first(%u)\n", 648 ack->serial_number, serial_num); 649 TAILQ_REMOVE(&asoc->asconf_ack_sent, ack, next); 650 if (ack->data != NULL) { 651 sctp_m_freem(ack->data); 652 } 653 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asconf_ack), ack); 654 } 655 } 656 m_ack = sctp_get_mbuf_for_msg(sizeof(struct sctp_asconf_ack_chunk), 0, 657 M_NOWAIT, 1, MT_DATA); 658 if (m_ack == NULL) { 659 SCTPDBG(SCTP_DEBUG_ASCONF1, 660 "handle_asconf: couldn't get mbuf!\n"); 661 return; 662 } 663 m_tail = m_ack; /* current reply chain's tail */ 664 665 /* fill in ASCONF-ACK header */ 666 ack_cp = mtod(m_ack, struct sctp_asconf_ack_chunk *); 667 ack_cp->ch.chunk_type = SCTP_ASCONF_ACK; 668 ack_cp->ch.chunk_flags = 0; 669 ack_cp->serial_number = htonl(serial_num); 670 /* set initial lengths (eg. just an ASCONF-ACK), ntohx at the end! */ 671 SCTP_BUF_LEN(m_ack) = sizeof(struct sctp_asconf_ack_chunk); 672 ack_cp->ch.chunk_length = sizeof(struct sctp_asconf_ack_chunk); 673 674 /* skip the lookup address parameter */ 675 offset += sizeof(struct sctp_asconf_chunk); 676 p_addr = (struct sctp_ipv6addr_param *)sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr), (uint8_t *) & aparam_buf); 677 if (p_addr == NULL) { 678 SCTPDBG(SCTP_DEBUG_ASCONF1, 679 "handle_asconf: couldn't get lookup addr!\n"); 680 /* respond with a missing/invalid mandatory parameter error */ 681 return; 682 } 683 /* param_length is already validated in process_control... */ 684 offset += ntohs(p_addr->ph.param_length); /* skip lookup addr */ 685 /* get pointer to first asconf param in ASCONF */ 686 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, sizeof(struct sctp_asconf_paramhdr), (uint8_t *) & aparam_buf); 687 if (aph == NULL) { 688 SCTPDBG(SCTP_DEBUG_ASCONF1, "Empty ASCONF received?\n"); 689 goto send_reply; 690 } 691 /* process through all parameters */ 692 cnt = 0; 693 while (aph != NULL) { 694 unsigned int param_length, param_type; 695 696 param_type = ntohs(aph->ph.param_type); 697 param_length = ntohs(aph->ph.param_length); 698 if (offset + param_length > asconf_limit) { 699 /* parameter goes beyond end of chunk! */ 700 sctp_m_freem(m_ack); 701 return; 702 } 703 m_result = NULL; 704 705 if (param_length > sizeof(aparam_buf)) { 706 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: param length (%u) larger than buffer size!\n", param_length); 707 sctp_m_freem(m_ack); 708 return; 709 } 710 if (param_length <= sizeof(struct sctp_paramhdr)) { 711 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: param length (%u) too short\n", param_length); 712 sctp_m_freem(m_ack); 713 } 714 /* get the entire parameter */ 715 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, param_length, aparam_buf); 716 if (aph == NULL) { 717 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: couldn't get entire param\n"); 718 sctp_m_freem(m_ack); 719 return; 720 } 721 switch (param_type) { 722 case SCTP_ADD_IP_ADDRESS: 723 m_result = sctp_process_asconf_add_ip(src, aph, stcb, 724 (cnt < SCTP_BASE_SYSCTL(sctp_hb_maxburst)), error); 725 cnt++; 726 break; 727 case SCTP_DEL_IP_ADDRESS: 728 m_result = sctp_process_asconf_delete_ip(src, aph, stcb, 729 error); 730 break; 731 case SCTP_ERROR_CAUSE_IND: 732 /* not valid in an ASCONF chunk */ 733 break; 734 case SCTP_SET_PRIM_ADDR: 735 m_result = sctp_process_asconf_set_primary(src, aph, 736 stcb, error); 737 break; 738 case SCTP_NAT_VTAGS: 739 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: sees a NAT VTAG state parameter\n"); 740 break; 741 case SCTP_SUCCESS_REPORT: 742 /* not valid in an ASCONF chunk */ 743 break; 744 case SCTP_ULP_ADAPTATION: 745 /* FIX */ 746 break; 747 default: 748 if ((param_type & 0x8000) == 0) { 749 /* Been told to STOP at this param */ 750 asconf_limit = offset; 751 /* 752 * FIX FIX - We need to call 753 * sctp_arethere_unrecognized_parameters() 754 * to get a operr and send it for any 755 * param's with the 0x4000 bit set OR do it 756 * here ourselves... note we still must STOP 757 * if the 0x8000 bit is clear. 758 */ 759 } 760 /* unknown/invalid param type */ 761 break; 762 } /* switch */ 763 764 /* add any (error) result to the reply mbuf chain */ 765 if (m_result != NULL) { 766 SCTP_BUF_NEXT(m_tail) = m_result; 767 m_tail = m_result; 768 /* update lengths, make sure it's aligned too */ 769 SCTP_BUF_LEN(m_result) = SCTP_SIZE32(SCTP_BUF_LEN(m_result)); 770 ack_cp->ch.chunk_length += SCTP_BUF_LEN(m_result); 771 /* set flag to force success reports */ 772 error = 1; 773 } 774 offset += SCTP_SIZE32(param_length); 775 /* update remaining ASCONF message length to process */ 776 if (offset >= asconf_limit) { 777 /* no more data in the mbuf chain */ 778 break; 779 } 780 /* get pointer to next asconf param */ 781 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, 782 sizeof(struct sctp_asconf_paramhdr), 783 (uint8_t *) & aparam_buf); 784 if (aph == NULL) { 785 /* can't get an asconf paramhdr */ 786 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: can't get asconf param hdr!\n"); 787 /* FIX ME - add error here... */ 788 } 789 } 790 791 send_reply: 792 ack_cp->ch.chunk_length = htons(ack_cp->ch.chunk_length); 793 /* save the ASCONF-ACK reply */ 794 ack = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_asconf_ack), 795 struct sctp_asconf_ack); 796 if (ack == NULL) { 797 sctp_m_freem(m_ack); 798 return; 799 } 800 ack->serial_number = serial_num; 801 ack->last_sent_to = NULL; 802 ack->data = m_ack; 803 ack->len = 0; 804 for (n = m_ack; n != NULL; n = SCTP_BUF_NEXT(n)) { 805 ack->len += SCTP_BUF_LEN(n); 806 } 807 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_ack_sent, ack, next); 808 809 /* see if last_control_chunk_from is set properly (use IP src addr) */ 810 if (stcb->asoc.last_control_chunk_from == NULL) { 811 /* 812 * this could happen if the source address was just newly 813 * added 814 */ 815 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: looking up net for IP source address\n"); 816 SCTPDBG(SCTP_DEBUG_ASCONF1, "Looking for IP source: "); 817 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, src); 818 /* look up the from address */ 819 stcb->asoc.last_control_chunk_from = sctp_findnet(stcb, src); 820 #ifdef SCTP_DEBUG 821 if (stcb->asoc.last_control_chunk_from == NULL) { 822 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: IP source address not found?!\n"); 823 } 824 #endif 825 } 826 } 827 828 /* 829 * does the address match? returns 0 if not, 1 if so 830 */ 831 static uint32_t 832 sctp_asconf_addr_match(struct sctp_asconf_addr *aa, struct sockaddr *sa) 833 { 834 switch (sa->sa_family) { 835 #ifdef INET6 836 case AF_INET6: 837 { 838 /* XXX scopeid */ 839 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; 840 841 if ((aa->ap.addrp.ph.param_type == SCTP_IPV6_ADDRESS) && 842 (memcmp(&aa->ap.addrp.addr, &sin6->sin6_addr, 843 sizeof(struct in6_addr)) == 0)) { 844 return (1); 845 } 846 break; 847 } 848 #endif 849 #ifdef INET 850 case AF_INET: 851 { 852 struct sockaddr_in *sin = (struct sockaddr_in *)sa; 853 854 if ((aa->ap.addrp.ph.param_type == SCTP_IPV4_ADDRESS) && 855 (memcmp(&aa->ap.addrp.addr, &sin->sin_addr, 856 sizeof(struct in_addr)) == 0)) { 857 return (1); 858 } 859 break; 860 } 861 #endif 862 default: 863 break; 864 } 865 return (0); 866 } 867 868 /* 869 * does the address match? returns 0 if not, 1 if so 870 */ 871 static uint32_t 872 sctp_addr_match(struct sctp_paramhdr *ph, struct sockaddr *sa) 873 { 874 #if defined(INET) || defined(INET6) 875 uint16_t param_type, param_length; 876 877 param_type = ntohs(ph->param_type); 878 param_length = ntohs(ph->param_length); 879 #endif 880 switch (sa->sa_family) { 881 #ifdef INET6 882 case AF_INET6: 883 { 884 /* XXX scopeid */ 885 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; 886 struct sctp_ipv6addr_param *v6addr; 887 888 v6addr = (struct sctp_ipv6addr_param *)ph; 889 if ((param_type == SCTP_IPV6_ADDRESS) && 890 (param_length == sizeof(struct sctp_ipv6addr_param)) && 891 (memcmp(&v6addr->addr, &sin6->sin6_addr, 892 sizeof(struct in6_addr)) == 0)) { 893 return (1); 894 } 895 break; 896 } 897 #endif 898 #ifdef INET 899 case AF_INET: 900 { 901 struct sockaddr_in *sin = (struct sockaddr_in *)sa; 902 struct sctp_ipv4addr_param *v4addr; 903 904 v4addr = (struct sctp_ipv4addr_param *)ph; 905 if ((param_type == SCTP_IPV4_ADDRESS) && 906 (param_length == sizeof(struct sctp_ipv4addr_param)) && 907 (memcmp(&v4addr->addr, &sin->sin_addr, 908 sizeof(struct in_addr)) == 0)) { 909 return (1); 910 } 911 break; 912 } 913 #endif 914 default: 915 break; 916 } 917 return (0); 918 } 919 920 /* 921 * Cleanup for non-responded/OP ERR'd ASCONF 922 */ 923 void 924 sctp_asconf_cleanup(struct sctp_tcb *stcb, struct sctp_nets *net) 925 { 926 /* 927 * clear out any existing asconfs going out 928 */ 929 sctp_timer_stop(SCTP_TIMER_TYPE_ASCONF, stcb->sctp_ep, stcb, net, 930 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_2); 931 stcb->asoc.asconf_seq_out_acked = stcb->asoc.asconf_seq_out; 932 /* remove the old ASCONF on our outbound queue */ 933 sctp_toss_old_asconf(stcb); 934 } 935 936 /* 937 * cleanup any cached source addresses that may be topologically 938 * incorrect after a new address has been added to this interface. 939 */ 940 static void 941 sctp_asconf_nets_cleanup(struct sctp_tcb *stcb, struct sctp_ifn *ifn) 942 { 943 struct sctp_nets *net; 944 945 /* 946 * Ideally, we want to only clear cached routes and source addresses 947 * that are topologically incorrect. But since there is no easy way 948 * to know whether the newly added address on the ifn would cause a 949 * routing change (i.e. a new egress interface would be chosen) 950 * without doing a new routing lookup and source address selection, 951 * we will (for now) just flush any cached route using a different 952 * ifn (and cached source addrs) and let output re-choose them 953 * during the next send on that net. 954 */ 955 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 956 /* 957 * clear any cached route (and cached source address) if the 958 * route's interface is NOT the same as the address change. 959 * If it's the same interface, just clear the cached source 960 * address. 961 */ 962 if (SCTP_ROUTE_HAS_VALID_IFN(&net->ro) && 963 ((ifn == NULL) || 964 (SCTP_GET_IF_INDEX_FROM_ROUTE(&net->ro) != ifn->ifn_index))) { 965 /* clear any cached route */ 966 RTFREE(net->ro.ro_rt); 967 net->ro.ro_rt = NULL; 968 } 969 /* clear any cached source address */ 970 if (net->src_addr_selected) { 971 sctp_free_ifa(net->ro._s_addr); 972 net->ro._s_addr = NULL; 973 net->src_addr_selected = 0; 974 } 975 } 976 } 977 978 979 void 980 sctp_assoc_immediate_retrans(struct sctp_tcb *stcb, struct sctp_nets *dstnet) 981 { 982 int error; 983 984 if (dstnet->dest_state & SCTP_ADDR_UNCONFIRMED) { 985 return; 986 } 987 if (stcb->asoc.deleted_primary == NULL) { 988 return; 989 } 990 if (!TAILQ_EMPTY(&stcb->asoc.sent_queue)) { 991 SCTPDBG(SCTP_DEBUG_ASCONF1, "assoc_immediate_retrans: Deleted primary is "); 992 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.deleted_primary->ro._l_addr.sa); 993 SCTPDBG(SCTP_DEBUG_ASCONF1, "Current Primary is "); 994 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.primary_destination->ro._l_addr.sa); 995 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, 996 stcb->asoc.deleted_primary, 997 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_3); 998 stcb->asoc.num_send_timers_up--; 999 if (stcb->asoc.num_send_timers_up < 0) { 1000 stcb->asoc.num_send_timers_up = 0; 1001 } 1002 SCTP_TCB_LOCK_ASSERT(stcb); 1003 error = sctp_t3rxt_timer(stcb->sctp_ep, stcb, 1004 stcb->asoc.deleted_primary); 1005 if (error) { 1006 SCTP_INP_DECR_REF(stcb->sctp_ep); 1007 return; 1008 } 1009 SCTP_TCB_LOCK_ASSERT(stcb); 1010 #ifdef SCTP_AUDITING_ENABLED 1011 sctp_auditing(4, stcb->sctp_ep, stcb, stcb->asoc.deleted_primary); 1012 #endif 1013 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1014 if ((stcb->asoc.num_send_timers_up == 0) && 1015 (stcb->asoc.sent_queue_cnt > 0)) { 1016 struct sctp_tmit_chunk *chk; 1017 1018 chk = TAILQ_FIRST(&stcb->asoc.sent_queue); 1019 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, 1020 stcb, chk->whoTo); 1021 } 1022 } 1023 return; 1024 } 1025 1026 static int 1027 sctp_asconf_queue_mgmt(struct sctp_tcb *, struct sctp_ifa *, uint16_t); 1028 1029 void 1030 sctp_net_immediate_retrans(struct sctp_tcb *stcb, struct sctp_nets *net) 1031 { 1032 struct sctp_tmit_chunk *chk; 1033 1034 SCTPDBG(SCTP_DEBUG_ASCONF1, "net_immediate_retrans: RTO is %d\n", net->RTO); 1035 sctp_timer_stop(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, net, 1036 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_4); 1037 stcb->asoc.cc_functions.sctp_set_initial_cc_param(stcb, net); 1038 net->error_count = 0; 1039 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) { 1040 if (chk->whoTo == net) { 1041 if (chk->sent < SCTP_DATAGRAM_RESEND) { 1042 chk->sent = SCTP_DATAGRAM_RESEND; 1043 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt); 1044 sctp_flight_size_decrease(chk); 1045 sctp_total_flight_decrease(stcb, chk); 1046 net->marked_retrans++; 1047 stcb->asoc.marked_retrans++; 1048 } 1049 } 1050 } 1051 if (net->marked_retrans) { 1052 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED); 1053 } 1054 } 1055 1056 static void 1057 sctp_path_check_and_react(struct sctp_tcb *stcb, struct sctp_ifa *newifa) 1058 { 1059 struct sctp_nets *net; 1060 int addrnum, changed; 1061 1062 /* 1063 * If number of local valid addresses is 1, the valid address is 1064 * probably newly added address. Several valid addresses in this 1065 * association. A source address may not be changed. Additionally, 1066 * they can be configured on a same interface as "alias" addresses. 1067 * (by micchie) 1068 */ 1069 addrnum = sctp_local_addr_count(stcb); 1070 SCTPDBG(SCTP_DEBUG_ASCONF1, "p_check_react(): %d local addresses\n", 1071 addrnum); 1072 if (addrnum == 1) { 1073 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1074 /* clear any cached route and source address */ 1075 if (net->ro.ro_rt) { 1076 RTFREE(net->ro.ro_rt); 1077 net->ro.ro_rt = NULL; 1078 } 1079 if (net->src_addr_selected) { 1080 sctp_free_ifa(net->ro._s_addr); 1081 net->ro._s_addr = NULL; 1082 net->src_addr_selected = 0; 1083 } 1084 /* Retransmit unacknowledged DATA chunks immediately */ 1085 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 1086 SCTP_MOBILITY_FASTHANDOFF)) { 1087 sctp_net_immediate_retrans(stcb, net); 1088 } 1089 /* also, SET PRIMARY is maybe already sent */ 1090 } 1091 return; 1092 } 1093 /* Multiple local addresses exsist in the association. */ 1094 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1095 /* clear any cached route and source address */ 1096 if (net->ro.ro_rt) { 1097 RTFREE(net->ro.ro_rt); 1098 net->ro.ro_rt = NULL; 1099 } 1100 if (net->src_addr_selected) { 1101 sctp_free_ifa(net->ro._s_addr); 1102 net->ro._s_addr = NULL; 1103 net->src_addr_selected = 0; 1104 } 1105 /* 1106 * Check if the nexthop is corresponding to the new address. 1107 * If the new address is corresponding to the current 1108 * nexthop, the path will be changed. If the new address is 1109 * NOT corresponding to the current nexthop, the path will 1110 * not be changed. 1111 */ 1112 SCTP_RTALLOC((sctp_route_t *) & net->ro, 1113 stcb->sctp_ep->def_vrf_id, 1114 stcb->sctp_ep->fibnum); 1115 if (net->ro.ro_rt == NULL) 1116 continue; 1117 1118 changed = 0; 1119 switch (net->ro._l_addr.sa.sa_family) { 1120 #ifdef INET 1121 case AF_INET: 1122 if (sctp_v4src_match_nexthop(newifa, (sctp_route_t *) & net->ro)) { 1123 changed = 1; 1124 } 1125 break; 1126 #endif 1127 #ifdef INET6 1128 case AF_INET6: 1129 if (sctp_v6src_match_nexthop( 1130 &newifa->address.sin6, (sctp_route_t *) & net->ro)) { 1131 changed = 1; 1132 } 1133 break; 1134 #endif 1135 default: 1136 break; 1137 } 1138 /* 1139 * if the newly added address does not relate routing 1140 * information, we skip. 1141 */ 1142 if (changed == 0) 1143 continue; 1144 /* Retransmit unacknowledged DATA chunks immediately */ 1145 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 1146 SCTP_MOBILITY_FASTHANDOFF)) { 1147 sctp_net_immediate_retrans(stcb, net); 1148 } 1149 /* Send SET PRIMARY for this new address */ 1150 if (net == stcb->asoc.primary_destination) { 1151 (void)sctp_asconf_queue_mgmt(stcb, newifa, 1152 SCTP_SET_PRIM_ADDR); 1153 } 1154 } 1155 } 1156 1157 /* 1158 * process an ADD/DELETE IP ack from peer. 1159 * addr: corresponding sctp_ifa to the address being added/deleted. 1160 * type: SCTP_ADD_IP_ADDRESS or SCTP_DEL_IP_ADDRESS. 1161 * flag: 1=success, 0=failure. 1162 */ 1163 static void 1164 sctp_asconf_addr_mgmt_ack(struct sctp_tcb *stcb, struct sctp_ifa *addr, uint32_t flag) 1165 { 1166 /* 1167 * do the necessary asoc list work- if we get a failure indication, 1168 * leave the address on the assoc's restricted list. If we get a 1169 * success indication, remove the address from the restricted list. 1170 */ 1171 /* 1172 * Note: this will only occur for ADD_IP_ADDRESS, since 1173 * DEL_IP_ADDRESS is never actually added to the list... 1174 */ 1175 if (flag) { 1176 /* success case, so remove from the restricted list */ 1177 sctp_del_local_addr_restricted(stcb, addr); 1178 1179 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 1180 SCTP_MOBILITY_BASE) || 1181 sctp_is_mobility_feature_on(stcb->sctp_ep, 1182 SCTP_MOBILITY_FASTHANDOFF)) { 1183 sctp_path_check_and_react(stcb, addr); 1184 return; 1185 } 1186 /* clear any cached/topologically incorrect source addresses */ 1187 sctp_asconf_nets_cleanup(stcb, addr->ifn_p); 1188 } 1189 /* else, leave it on the list */ 1190 } 1191 1192 /* 1193 * add an asconf add/delete/set primary IP address parameter to the queue. 1194 * type = SCTP_ADD_IP_ADDRESS, SCTP_DEL_IP_ADDRESS, SCTP_SET_PRIM_ADDR. 1195 * returns 0 if queued, -1 if not queued/removed. 1196 * NOTE: if adding, but a delete for the same address is already scheduled 1197 * (and not yet sent out), simply remove it from queue. Same for deleting 1198 * an address already scheduled for add. If a duplicate operation is found, 1199 * ignore the new one. 1200 */ 1201 static int 1202 sctp_asconf_queue_mgmt(struct sctp_tcb *stcb, struct sctp_ifa *ifa, 1203 uint16_t type) 1204 { 1205 struct sctp_asconf_addr *aa, *aa_next; 1206 1207 /* make sure the request isn't already in the queue */ 1208 TAILQ_FOREACH_SAFE(aa, &stcb->asoc.asconf_queue, next, aa_next) { 1209 /* address match? */ 1210 if (sctp_asconf_addr_match(aa, &ifa->address.sa) == 0) 1211 continue; 1212 /* 1213 * is the request already in queue but not sent? pass the 1214 * request already sent in order to resolve the following 1215 * case: 1. arrival of ADD, then sent 2. arrival of DEL. we 1216 * can't remove the ADD request already sent 3. arrival of 1217 * ADD 1218 */ 1219 if (aa->ap.aph.ph.param_type == type && aa->sent == 0) { 1220 return (-1); 1221 } 1222 /* is the negative request already in queue, and not sent */ 1223 if ((aa->sent == 0) && (type == SCTP_ADD_IP_ADDRESS) && 1224 (aa->ap.aph.ph.param_type == SCTP_DEL_IP_ADDRESS)) { 1225 /* add requested, delete already queued */ 1226 TAILQ_REMOVE(&stcb->asoc.asconf_queue, aa, next); 1227 /* remove the ifa from the restricted list */ 1228 sctp_del_local_addr_restricted(stcb, ifa); 1229 /* free the asconf param */ 1230 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1231 SCTPDBG(SCTP_DEBUG_ASCONF2, "asconf_queue_mgmt: add removes queued entry\n"); 1232 return (-1); 1233 } 1234 if ((aa->sent == 0) && (type == SCTP_DEL_IP_ADDRESS) && 1235 (aa->ap.aph.ph.param_type == SCTP_ADD_IP_ADDRESS)) { 1236 /* delete requested, add already queued */ 1237 TAILQ_REMOVE(&stcb->asoc.asconf_queue, aa, next); 1238 /* remove the aa->ifa from the restricted list */ 1239 sctp_del_local_addr_restricted(stcb, aa->ifa); 1240 /* free the asconf param */ 1241 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1242 SCTPDBG(SCTP_DEBUG_ASCONF2, "asconf_queue_mgmt: delete removes queued entry\n"); 1243 return (-1); 1244 } 1245 } /* for each aa */ 1246 1247 /* adding new request to the queue */ 1248 SCTP_MALLOC(aa, struct sctp_asconf_addr *, sizeof(*aa), 1249 SCTP_M_ASC_ADDR); 1250 if (aa == NULL) { 1251 /* didn't get memory */ 1252 SCTPDBG(SCTP_DEBUG_ASCONF1, "asconf_queue_mgmt: failed to get memory!\n"); 1253 return (-1); 1254 } 1255 aa->special_del = 0; 1256 /* fill in asconf address parameter fields */ 1257 /* top level elements are "networked" during send */ 1258 aa->ap.aph.ph.param_type = type; 1259 aa->ifa = ifa; 1260 atomic_add_int(&ifa->refcount, 1); 1261 /* correlation_id filled in during send routine later... */ 1262 switch (ifa->address.sa.sa_family) { 1263 #ifdef INET6 1264 case AF_INET6: 1265 { 1266 struct sockaddr_in6 *sin6; 1267 1268 sin6 = &ifa->address.sin6; 1269 aa->ap.addrp.ph.param_type = SCTP_IPV6_ADDRESS; 1270 aa->ap.addrp.ph.param_length = (sizeof(struct sctp_ipv6addr_param)); 1271 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_paramhdr) + 1272 sizeof(struct sctp_ipv6addr_param); 1273 memcpy(&aa->ap.addrp.addr, &sin6->sin6_addr, 1274 sizeof(struct in6_addr)); 1275 break; 1276 } 1277 #endif 1278 #ifdef INET 1279 case AF_INET: 1280 { 1281 struct sockaddr_in *sin; 1282 1283 sin = &ifa->address.sin; 1284 aa->ap.addrp.ph.param_type = SCTP_IPV4_ADDRESS; 1285 aa->ap.addrp.ph.param_length = (sizeof(struct sctp_ipv4addr_param)); 1286 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_paramhdr) + 1287 sizeof(struct sctp_ipv4addr_param); 1288 memcpy(&aa->ap.addrp.addr, &sin->sin_addr, 1289 sizeof(struct in_addr)); 1290 break; 1291 } 1292 #endif 1293 default: 1294 /* invalid family! */ 1295 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1296 sctp_free_ifa(ifa); 1297 return (-1); 1298 } 1299 aa->sent = 0; /* clear sent flag */ 1300 1301 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 1302 #ifdef SCTP_DEBUG 1303 if (SCTP_BASE_SYSCTL(sctp_debug_on) & SCTP_DEBUG_ASCONF2) { 1304 if (type == SCTP_ADD_IP_ADDRESS) { 1305 SCTP_PRINTF("asconf_queue_mgmt: inserted asconf ADD_IP_ADDRESS: "); 1306 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF2, &ifa->address.sa); 1307 } else if (type == SCTP_DEL_IP_ADDRESS) { 1308 SCTP_PRINTF("asconf_queue_mgmt: appended asconf DEL_IP_ADDRESS: "); 1309 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF2, &ifa->address.sa); 1310 } else { 1311 SCTP_PRINTF("asconf_queue_mgmt: appended asconf SET_PRIM_ADDR: "); 1312 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF2, &ifa->address.sa); 1313 } 1314 } 1315 #endif 1316 1317 return (0); 1318 } 1319 1320 1321 /* 1322 * add an asconf operation for the given ifa and type. 1323 * type = SCTP_ADD_IP_ADDRESS, SCTP_DEL_IP_ADDRESS, SCTP_SET_PRIM_ADDR. 1324 * returns 0 if completed, -1 if not completed, 1 if immediate send is 1325 * advisable. 1326 */ 1327 static int 1328 sctp_asconf_queue_add(struct sctp_tcb *stcb, struct sctp_ifa *ifa, 1329 uint16_t type) 1330 { 1331 uint32_t status; 1332 int pending_delete_queued = 0; 1333 int last; 1334 1335 /* see if peer supports ASCONF */ 1336 if (stcb->asoc.asconf_supported == 0) { 1337 return (-1); 1338 } 1339 /* 1340 * if this is deleting the last address from the assoc, mark it as 1341 * pending. 1342 */ 1343 if ((type == SCTP_DEL_IP_ADDRESS) && !stcb->asoc.asconf_del_pending) { 1344 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 1345 last = (sctp_local_addr_count(stcb) == 0); 1346 } else { 1347 last = (sctp_local_addr_count(stcb) == 1); 1348 } 1349 if (last) { 1350 /* set the pending delete info only */ 1351 stcb->asoc.asconf_del_pending = 1; 1352 stcb->asoc.asconf_addr_del_pending = ifa; 1353 atomic_add_int(&ifa->refcount, 1); 1354 SCTPDBG(SCTP_DEBUG_ASCONF2, 1355 "asconf_queue_add: mark delete last address pending\n"); 1356 return (-1); 1357 } 1358 } 1359 /* queue an asconf parameter */ 1360 status = sctp_asconf_queue_mgmt(stcb, ifa, type); 1361 1362 /* 1363 * if this is an add, and there is a delete also pending (i.e. the 1364 * last local address is being changed), queue the pending delete 1365 * too. 1366 */ 1367 if ((type == SCTP_ADD_IP_ADDRESS) && stcb->asoc.asconf_del_pending && (status == 0)) { 1368 /* queue in the pending delete */ 1369 if (sctp_asconf_queue_mgmt(stcb, 1370 stcb->asoc.asconf_addr_del_pending, 1371 SCTP_DEL_IP_ADDRESS) == 0) { 1372 SCTPDBG(SCTP_DEBUG_ASCONF2, "asconf_queue_add: queing pending delete\n"); 1373 pending_delete_queued = 1; 1374 /* clear out the pending delete info */ 1375 stcb->asoc.asconf_del_pending = 0; 1376 sctp_free_ifa(stcb->asoc.asconf_addr_del_pending); 1377 stcb->asoc.asconf_addr_del_pending = NULL; 1378 } 1379 } 1380 if (pending_delete_queued) { 1381 struct sctp_nets *net; 1382 1383 /* 1384 * since we know that the only/last address is now being 1385 * changed in this case, reset the cwnd/rto on all nets to 1386 * start as a new address and path. Also clear the error 1387 * counts to give the assoc the best chance to complete the 1388 * address change. 1389 */ 1390 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1391 stcb->asoc.cc_functions.sctp_set_initial_cc_param(stcb, 1392 net); 1393 net->RTO = 0; 1394 net->error_count = 0; 1395 } 1396 stcb->asoc.overall_error_count = 0; 1397 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) { 1398 sctp_misc_ints(SCTP_THRESHOLD_CLEAR, 1399 stcb->asoc.overall_error_count, 1400 0, 1401 SCTP_FROM_SCTP_ASCONF, 1402 __LINE__); 1403 } 1404 /* queue in an advisory set primary too */ 1405 (void)sctp_asconf_queue_mgmt(stcb, ifa, SCTP_SET_PRIM_ADDR); 1406 /* let caller know we should send this out immediately */ 1407 status = 1; 1408 } 1409 return (status); 1410 } 1411 1412 /*- 1413 * add an asconf delete IP address parameter to the queue by sockaddr and 1414 * possibly with no sctp_ifa available. This is only called by the routine 1415 * that checks the addresses in an INIT-ACK against the current address list. 1416 * returns 0 if completed, non-zero if not completed. 1417 * NOTE: if an add is already scheduled (and not yet sent out), simply 1418 * remove it from queue. If a duplicate operation is found, ignore the 1419 * new one. 1420 */ 1421 static int 1422 sctp_asconf_queue_sa_delete(struct sctp_tcb *stcb, struct sockaddr *sa) 1423 { 1424 struct sctp_ifa *ifa; 1425 struct sctp_asconf_addr *aa, *aa_next; 1426 1427 if (stcb == NULL) { 1428 return (-1); 1429 } 1430 /* see if peer supports ASCONF */ 1431 if (stcb->asoc.asconf_supported == 0) { 1432 return (-1); 1433 } 1434 /* make sure the request isn't already in the queue */ 1435 TAILQ_FOREACH_SAFE(aa, &stcb->asoc.asconf_queue, next, aa_next) { 1436 /* address match? */ 1437 if (sctp_asconf_addr_match(aa, sa) == 0) 1438 continue; 1439 /* is the request already in queue (sent or not) */ 1440 if (aa->ap.aph.ph.param_type == SCTP_DEL_IP_ADDRESS) { 1441 return (-1); 1442 } 1443 /* is the negative request already in queue, and not sent */ 1444 if (aa->sent == 1) 1445 continue; 1446 if (aa->ap.aph.ph.param_type == SCTP_ADD_IP_ADDRESS) { 1447 /* add already queued, so remove existing entry */ 1448 TAILQ_REMOVE(&stcb->asoc.asconf_queue, aa, next); 1449 sctp_del_local_addr_restricted(stcb, aa->ifa); 1450 /* free the entry */ 1451 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1452 return (-1); 1453 } 1454 } /* for each aa */ 1455 1456 /* find any existing ifa-- NOTE ifa CAN be allowed to be NULL */ 1457 ifa = sctp_find_ifa_by_addr(sa, stcb->asoc.vrf_id, SCTP_ADDR_NOT_LOCKED); 1458 1459 /* adding new request to the queue */ 1460 SCTP_MALLOC(aa, struct sctp_asconf_addr *, sizeof(*aa), 1461 SCTP_M_ASC_ADDR); 1462 if (aa == NULL) { 1463 /* didn't get memory */ 1464 SCTPDBG(SCTP_DEBUG_ASCONF1, 1465 "sctp_asconf_queue_sa_delete: failed to get memory!\n"); 1466 return (-1); 1467 } 1468 aa->special_del = 0; 1469 /* fill in asconf address parameter fields */ 1470 /* top level elements are "networked" during send */ 1471 aa->ap.aph.ph.param_type = SCTP_DEL_IP_ADDRESS; 1472 aa->ifa = ifa; 1473 if (ifa) 1474 atomic_add_int(&ifa->refcount, 1); 1475 /* correlation_id filled in during send routine later... */ 1476 switch (sa->sa_family) { 1477 #ifdef INET6 1478 case AF_INET6: 1479 { 1480 /* IPv6 address */ 1481 struct sockaddr_in6 *sin6; 1482 1483 sin6 = (struct sockaddr_in6 *)sa; 1484 aa->ap.addrp.ph.param_type = SCTP_IPV6_ADDRESS; 1485 aa->ap.addrp.ph.param_length = (sizeof(struct sctp_ipv6addr_param)); 1486 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_ipv6addr_param); 1487 memcpy(&aa->ap.addrp.addr, &sin6->sin6_addr, 1488 sizeof(struct in6_addr)); 1489 break; 1490 } 1491 #endif 1492 #ifdef INET 1493 case AF_INET: 1494 { 1495 /* IPv4 address */ 1496 struct sockaddr_in *sin = (struct sockaddr_in *)sa; 1497 1498 aa->ap.addrp.ph.param_type = SCTP_IPV4_ADDRESS; 1499 aa->ap.addrp.ph.param_length = (sizeof(struct sctp_ipv4addr_param)); 1500 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_paramhdr) + sizeof(struct sctp_ipv4addr_param); 1501 memcpy(&aa->ap.addrp.addr, &sin->sin_addr, 1502 sizeof(struct in_addr)); 1503 break; 1504 } 1505 #endif 1506 default: 1507 /* invalid family! */ 1508 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 1509 if (ifa) 1510 sctp_free_ifa(ifa); 1511 return (-1); 1512 } 1513 aa->sent = 0; /* clear sent flag */ 1514 1515 /* delete goes to the back of the queue */ 1516 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 1517 1518 /* sa_ignore MEMLEAK {memory is put on the tailq} */ 1519 return (0); 1520 } 1521 1522 /* 1523 * find a specific asconf param on our "sent" queue 1524 */ 1525 static struct sctp_asconf_addr * 1526 sctp_asconf_find_param(struct sctp_tcb *stcb, uint32_t correlation_id) 1527 { 1528 struct sctp_asconf_addr *aa; 1529 1530 TAILQ_FOREACH(aa, &stcb->asoc.asconf_queue, next) { 1531 if (aa->ap.aph.correlation_id == correlation_id && 1532 aa->sent == 1) { 1533 /* found it */ 1534 return (aa); 1535 } 1536 } 1537 /* didn't find it */ 1538 return (NULL); 1539 } 1540 1541 /* 1542 * process an SCTP_ERROR_CAUSE_IND for a ASCONF-ACK parameter and do 1543 * notifications based on the error response 1544 */ 1545 static void 1546 sctp_asconf_process_error(struct sctp_tcb *stcb SCTP_UNUSED, 1547 struct sctp_asconf_paramhdr *aph) 1548 { 1549 struct sctp_error_cause *eh; 1550 struct sctp_paramhdr *ph; 1551 uint16_t param_type; 1552 uint16_t error_code; 1553 1554 eh = (struct sctp_error_cause *)(aph + 1); 1555 ph = (struct sctp_paramhdr *)(eh + 1); 1556 /* validate lengths */ 1557 if (htons(eh->length) + sizeof(struct sctp_error_cause) > 1558 htons(aph->ph.param_length)) { 1559 /* invalid error cause length */ 1560 SCTPDBG(SCTP_DEBUG_ASCONF1, 1561 "asconf_process_error: cause element too long\n"); 1562 return; 1563 } 1564 if (htons(ph->param_length) + sizeof(struct sctp_paramhdr) > 1565 htons(eh->length)) { 1566 /* invalid included TLV length */ 1567 SCTPDBG(SCTP_DEBUG_ASCONF1, 1568 "asconf_process_error: included TLV too long\n"); 1569 return; 1570 } 1571 /* which error code ? */ 1572 error_code = ntohs(eh->code); 1573 param_type = ntohs(aph->ph.param_type); 1574 /* FIX: this should go back up the REMOTE_ERROR ULP notify */ 1575 switch (error_code) { 1576 case SCTP_CAUSE_RESOURCE_SHORTAGE: 1577 /* we allow ourselves to "try again" for this error */ 1578 break; 1579 default: 1580 /* peer can't handle it... */ 1581 switch (param_type) { 1582 case SCTP_ADD_IP_ADDRESS: 1583 case SCTP_DEL_IP_ADDRESS: 1584 case SCTP_SET_PRIM_ADDR: 1585 break; 1586 default: 1587 break; 1588 } 1589 } 1590 } 1591 1592 /* 1593 * process an asconf queue param. 1594 * aparam: parameter to process, will be removed from the queue. 1595 * flag: 1=success case, 0=failure case 1596 */ 1597 static void 1598 sctp_asconf_process_param_ack(struct sctp_tcb *stcb, 1599 struct sctp_asconf_addr *aparam, uint32_t flag) 1600 { 1601 uint16_t param_type; 1602 1603 /* process this param */ 1604 param_type = aparam->ap.aph.ph.param_type; 1605 switch (param_type) { 1606 case SCTP_ADD_IP_ADDRESS: 1607 SCTPDBG(SCTP_DEBUG_ASCONF1, 1608 "process_param_ack: added IP address\n"); 1609 sctp_asconf_addr_mgmt_ack(stcb, aparam->ifa, flag); 1610 break; 1611 case SCTP_DEL_IP_ADDRESS: 1612 SCTPDBG(SCTP_DEBUG_ASCONF1, 1613 "process_param_ack: deleted IP address\n"); 1614 /* nothing really to do... lists already updated */ 1615 break; 1616 case SCTP_SET_PRIM_ADDR: 1617 SCTPDBG(SCTP_DEBUG_ASCONF1, 1618 "process_param_ack: set primary IP address\n"); 1619 /* nothing to do... peer may start using this addr */ 1620 break; 1621 default: 1622 /* should NEVER happen */ 1623 break; 1624 } 1625 1626 /* remove the param and free it */ 1627 TAILQ_REMOVE(&stcb->asoc.asconf_queue, aparam, next); 1628 if (aparam->ifa) 1629 sctp_free_ifa(aparam->ifa); 1630 SCTP_FREE(aparam, SCTP_M_ASC_ADDR); 1631 } 1632 1633 /* 1634 * cleanup from a bad asconf ack parameter 1635 */ 1636 static void 1637 sctp_asconf_ack_clear(struct sctp_tcb *stcb SCTP_UNUSED) 1638 { 1639 /* assume peer doesn't really know how to do asconfs */ 1640 /* XXX we could free the pending queue here */ 1641 1642 } 1643 1644 void 1645 sctp_handle_asconf_ack(struct mbuf *m, int offset, 1646 struct sctp_asconf_ack_chunk *cp, struct sctp_tcb *stcb, 1647 struct sctp_nets *net, int *abort_no_unlock) 1648 { 1649 struct sctp_association *asoc; 1650 uint32_t serial_num; 1651 uint16_t ack_length; 1652 struct sctp_asconf_paramhdr *aph; 1653 struct sctp_asconf_addr *aa, *aa_next; 1654 uint32_t last_error_id = 0; /* last error correlation id */ 1655 uint32_t id; 1656 struct sctp_asconf_addr *ap; 1657 1658 /* asconf param buffer */ 1659 uint8_t aparam_buf[SCTP_PARAM_BUFFER_SIZE]; 1660 1661 /* verify minimum length */ 1662 if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_asconf_ack_chunk)) { 1663 SCTPDBG(SCTP_DEBUG_ASCONF1, 1664 "handle_asconf_ack: chunk too small = %xh\n", 1665 ntohs(cp->ch.chunk_length)); 1666 return; 1667 } 1668 asoc = &stcb->asoc; 1669 serial_num = ntohl(cp->serial_number); 1670 1671 /* 1672 * NOTE: we may want to handle this differently- currently, we will 1673 * abort when we get an ack for the expected serial number + 1 (eg. 1674 * we didn't send it), process an ack normally if it is the expected 1675 * serial number, and re-send the previous ack for *ALL* other 1676 * serial numbers 1677 */ 1678 1679 /* 1680 * if the serial number is the next expected, but I didn't send it, 1681 * abort the asoc, since someone probably just hijacked us... 1682 */ 1683 if (serial_num == (asoc->asconf_seq_out + 1)) { 1684 struct mbuf *op_err; 1685 char msg[SCTP_DIAG_INFO_LEN]; 1686 1687 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf_ack: got unexpected next serial number! Aborting asoc!\n"); 1688 snprintf(msg, sizeof(msg), "Never sent serial number %8.8x", 1689 serial_num); 1690 op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); 1691 sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); 1692 *abort_no_unlock = 1; 1693 return; 1694 } 1695 if (serial_num != asoc->asconf_seq_out_acked + 1) { 1696 /* got a duplicate/unexpected ASCONF-ACK */ 1697 SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf_ack: got duplicate/unexpected serial number = %xh (expected = %xh)\n", 1698 serial_num, asoc->asconf_seq_out_acked + 1); 1699 return; 1700 } 1701 if (serial_num == asoc->asconf_seq_out - 1) { 1702 /* stop our timer */ 1703 sctp_timer_stop(SCTP_TIMER_TYPE_ASCONF, stcb->sctp_ep, stcb, net, 1704 SCTP_FROM_SCTP_ASCONF + SCTP_LOC_5); 1705 } 1706 /* process the ASCONF-ACK contents */ 1707 ack_length = ntohs(cp->ch.chunk_length) - 1708 sizeof(struct sctp_asconf_ack_chunk); 1709 offset += sizeof(struct sctp_asconf_ack_chunk); 1710 /* process through all parameters */ 1711 while (ack_length >= sizeof(struct sctp_asconf_paramhdr)) { 1712 unsigned int param_length, param_type; 1713 1714 /* get pointer to next asconf parameter */ 1715 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, 1716 sizeof(struct sctp_asconf_paramhdr), aparam_buf); 1717 if (aph == NULL) { 1718 /* can't get an asconf paramhdr */ 1719 sctp_asconf_ack_clear(stcb); 1720 return; 1721 } 1722 param_type = ntohs(aph->ph.param_type); 1723 param_length = ntohs(aph->ph.param_length); 1724 if (param_length > ack_length) { 1725 sctp_asconf_ack_clear(stcb); 1726 return; 1727 } 1728 if (param_length < sizeof(struct sctp_paramhdr)) { 1729 sctp_asconf_ack_clear(stcb); 1730 return; 1731 } 1732 /* get the complete parameter... */ 1733 if (param_length > sizeof(aparam_buf)) { 1734 SCTPDBG(SCTP_DEBUG_ASCONF1, 1735 "param length (%u) larger than buffer size!\n", param_length); 1736 sctp_asconf_ack_clear(stcb); 1737 return; 1738 } 1739 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, param_length, aparam_buf); 1740 if (aph == NULL) { 1741 sctp_asconf_ack_clear(stcb); 1742 return; 1743 } 1744 /* correlation_id is transparent to peer, no ntohl needed */ 1745 id = aph->correlation_id; 1746 1747 switch (param_type) { 1748 case SCTP_ERROR_CAUSE_IND: 1749 last_error_id = id; 1750 /* find the corresponding asconf param in our queue */ 1751 ap = sctp_asconf_find_param(stcb, id); 1752 if (ap == NULL) { 1753 /* hmm... can't find this in our queue! */ 1754 break; 1755 } 1756 /* process the parameter, failed flag */ 1757 sctp_asconf_process_param_ack(stcb, ap, 0); 1758 /* process the error response */ 1759 sctp_asconf_process_error(stcb, aph); 1760 break; 1761 case SCTP_SUCCESS_REPORT: 1762 /* find the corresponding asconf param in our queue */ 1763 ap = sctp_asconf_find_param(stcb, id); 1764 if (ap == NULL) { 1765 /* hmm... can't find this in our queue! */ 1766 break; 1767 } 1768 /* process the parameter, success flag */ 1769 sctp_asconf_process_param_ack(stcb, ap, 1); 1770 break; 1771 default: 1772 break; 1773 } /* switch */ 1774 1775 /* update remaining ASCONF-ACK message length to process */ 1776 ack_length -= SCTP_SIZE32(param_length); 1777 if (ack_length <= 0) { 1778 /* no more data in the mbuf chain */ 1779 break; 1780 } 1781 offset += SCTP_SIZE32(param_length); 1782 } /* while */ 1783 1784 /* 1785 * if there are any "sent" params still on the queue, these are 1786 * implicitly "success", or "failed" (if we got an error back) ... 1787 * so process these appropriately 1788 * 1789 * we assume that the correlation_id's are monotonically increasing 1790 * beginning from 1 and that we don't have *that* many outstanding 1791 * at any given time 1792 */ 1793 if (last_error_id == 0) 1794 last_error_id--;/* set to "max" value */ 1795 TAILQ_FOREACH_SAFE(aa, &stcb->asoc.asconf_queue, next, aa_next) { 1796 if (aa->sent == 1) { 1797 /* 1798 * implicitly successful or failed if correlation_id 1799 * < last_error_id, then success else, failure 1800 */ 1801 if (aa->ap.aph.correlation_id < last_error_id) 1802 sctp_asconf_process_param_ack(stcb, aa, 1); 1803 else 1804 sctp_asconf_process_param_ack(stcb, aa, 0); 1805 } else { 1806 /* 1807 * since we always process in order (FIFO queue) if 1808 * we reach one that hasn't been sent, the rest 1809 * should not have been sent either. so, we're 1810 * done... 1811 */ 1812 break; 1813 } 1814 } 1815 1816 /* update the next sequence number to use */ 1817 asoc->asconf_seq_out_acked++; 1818 /* remove the old ASCONF on our outbound queue */ 1819 sctp_toss_old_asconf(stcb); 1820 if (!TAILQ_EMPTY(&stcb->asoc.asconf_queue)) { 1821 #ifdef SCTP_TIMER_BASED_ASCONF 1822 /* we have more params, so restart our timer */ 1823 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, stcb->sctp_ep, 1824 stcb, net); 1825 #else 1826 /* we have more params, so send out more */ 1827 sctp_send_asconf(stcb, net, SCTP_ADDR_NOT_LOCKED); 1828 #endif 1829 } 1830 } 1831 1832 #ifdef INET6 1833 static uint32_t 1834 sctp_is_scopeid_in_nets(struct sctp_tcb *stcb, struct sockaddr *sa) 1835 { 1836 struct sockaddr_in6 *sin6, *net6; 1837 struct sctp_nets *net; 1838 1839 if (sa->sa_family != AF_INET6) { 1840 /* wrong family */ 1841 return (0); 1842 } 1843 sin6 = (struct sockaddr_in6 *)sa; 1844 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) == 0) { 1845 /* not link local address */ 1846 return (0); 1847 } 1848 /* hunt through our destination nets list for this scope_id */ 1849 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1850 if (((struct sockaddr *)(&net->ro._l_addr))->sa_family != 1851 AF_INET6) 1852 continue; 1853 net6 = (struct sockaddr_in6 *)&net->ro._l_addr; 1854 if (IN6_IS_ADDR_LINKLOCAL(&net6->sin6_addr) == 0) 1855 continue; 1856 if (sctp_is_same_scope(sin6, net6)) { 1857 /* found one */ 1858 return (1); 1859 } 1860 } 1861 /* didn't find one */ 1862 return (0); 1863 } 1864 1865 #endif 1866 1867 /* 1868 * address management functions 1869 */ 1870 static void 1871 sctp_addr_mgmt_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 1872 struct sctp_ifa *ifa, uint16_t type, int addr_locked) 1873 { 1874 int status; 1875 1876 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0 || 1877 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF)) { 1878 /* subset bound, no ASCONF allowed case, so ignore */ 1879 return; 1880 } 1881 /* 1882 * note: we know this is not the subset bound, no ASCONF case eg. 1883 * this is boundall or subset bound w/ASCONF allowed 1884 */ 1885 1886 /* first, make sure that the address is IPv4 or IPv6 and not jailed */ 1887 switch (ifa->address.sa.sa_family) { 1888 #ifdef INET6 1889 case AF_INET6: 1890 if (prison_check_ip6(inp->ip_inp.inp.inp_cred, 1891 &ifa->address.sin6.sin6_addr) != 0) { 1892 return; 1893 } 1894 break; 1895 #endif 1896 #ifdef INET 1897 case AF_INET: 1898 if (prison_check_ip4(inp->ip_inp.inp.inp_cred, 1899 &ifa->address.sin.sin_addr) != 0) { 1900 return; 1901 } 1902 break; 1903 #endif 1904 default: 1905 return; 1906 } 1907 #ifdef INET6 1908 /* make sure we're "allowed" to add this type of addr */ 1909 if (ifa->address.sa.sa_family == AF_INET6) { 1910 /* invalid if we're not a v6 endpoint */ 1911 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) 1912 return; 1913 /* is the v6 addr really valid ? */ 1914 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 1915 return; 1916 } 1917 } 1918 #endif 1919 /* put this address on the "pending/do not use yet" list */ 1920 sctp_add_local_addr_restricted(stcb, ifa); 1921 /* 1922 * check address scope if address is out of scope, don't queue 1923 * anything... note: this would leave the address on both inp and 1924 * asoc lists 1925 */ 1926 switch (ifa->address.sa.sa_family) { 1927 #ifdef INET6 1928 case AF_INET6: 1929 { 1930 struct sockaddr_in6 *sin6; 1931 1932 sin6 = &ifa->address.sin6; 1933 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1934 /* we skip unspecifed addresses */ 1935 return; 1936 } 1937 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 1938 if (stcb->asoc.scope.local_scope == 0) { 1939 return; 1940 } 1941 /* is it the right link local scope? */ 1942 if (sctp_is_scopeid_in_nets(stcb, &ifa->address.sa) == 0) { 1943 return; 1944 } 1945 } 1946 if (stcb->asoc.scope.site_scope == 0 && 1947 IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { 1948 return; 1949 } 1950 break; 1951 } 1952 #endif 1953 #ifdef INET 1954 case AF_INET: 1955 { 1956 struct sockaddr_in *sin; 1957 struct in6pcb *inp6; 1958 1959 inp6 = (struct in6pcb *)&inp->ip_inp.inp; 1960 /* invalid if we are a v6 only endpoint */ 1961 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 1962 SCTP_IPV6_V6ONLY(inp6)) 1963 return; 1964 1965 sin = &ifa->address.sin; 1966 if (sin->sin_addr.s_addr == 0) { 1967 /* we skip unspecifed addresses */ 1968 return; 1969 } 1970 if (stcb->asoc.scope.ipv4_local_scope == 0 && 1971 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 1972 return; 1973 } 1974 break; 1975 } 1976 #endif 1977 default: 1978 /* else, not AF_INET or AF_INET6, so skip */ 1979 return; 1980 } 1981 1982 /* queue an asconf for this address add/delete */ 1983 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF)) { 1984 /* does the peer do asconf? */ 1985 if (stcb->asoc.asconf_supported) { 1986 /* queue an asconf for this addr */ 1987 status = sctp_asconf_queue_add(stcb, ifa, type); 1988 1989 /* 1990 * if queued ok, and in the open state, send out the 1991 * ASCONF. If in the non-open state, these will be 1992 * sent when the state goes open. 1993 */ 1994 if (status == 0 && 1995 ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) || 1996 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED))) { 1997 #ifdef SCTP_TIMER_BASED_ASCONF 1998 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, inp, 1999 stcb, stcb->asoc.primary_destination); 2000 #else 2001 sctp_send_asconf(stcb, NULL, addr_locked); 2002 #endif 2003 } 2004 } 2005 } 2006 } 2007 2008 2009 int 2010 sctp_asconf_iterator_ep(struct sctp_inpcb *inp, void *ptr, uint32_t val SCTP_UNUSED) 2011 { 2012 struct sctp_asconf_iterator *asc; 2013 struct sctp_ifa *ifa; 2014 struct sctp_laddr *l; 2015 int cnt_invalid = 0; 2016 2017 asc = (struct sctp_asconf_iterator *)ptr; 2018 LIST_FOREACH(l, &asc->list_of_work, sctp_nxt_addr) { 2019 ifa = l->ifa; 2020 switch (ifa->address.sa.sa_family) { 2021 #ifdef INET6 2022 case AF_INET6: 2023 /* invalid if we're not a v6 endpoint */ 2024 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 2025 cnt_invalid++; 2026 if (asc->cnt == cnt_invalid) 2027 return (1); 2028 } 2029 break; 2030 #endif 2031 #ifdef INET 2032 case AF_INET: 2033 { 2034 /* invalid if we are a v6 only endpoint */ 2035 struct in6pcb *inp6; 2036 2037 inp6 = (struct in6pcb *)&inp->ip_inp.inp; 2038 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 2039 SCTP_IPV6_V6ONLY(inp6)) { 2040 cnt_invalid++; 2041 if (asc->cnt == cnt_invalid) 2042 return (1); 2043 } 2044 break; 2045 } 2046 #endif 2047 default: 2048 /* invalid address family */ 2049 cnt_invalid++; 2050 if (asc->cnt == cnt_invalid) 2051 return (1); 2052 } 2053 } 2054 return (0); 2055 } 2056 2057 static int 2058 sctp_asconf_iterator_ep_end(struct sctp_inpcb *inp, void *ptr, uint32_t val SCTP_UNUSED) 2059 { 2060 struct sctp_ifa *ifa; 2061 struct sctp_asconf_iterator *asc; 2062 struct sctp_laddr *laddr, *nladdr, *l; 2063 2064 /* Only for specific case not bound all */ 2065 asc = (struct sctp_asconf_iterator *)ptr; 2066 LIST_FOREACH(l, &asc->list_of_work, sctp_nxt_addr) { 2067 ifa = l->ifa; 2068 if (l->action == SCTP_ADD_IP_ADDRESS) { 2069 LIST_FOREACH(laddr, &inp->sctp_addr_list, 2070 sctp_nxt_addr) { 2071 if (laddr->ifa == ifa) { 2072 laddr->action = 0; 2073 break; 2074 } 2075 } 2076 } else if (l->action == SCTP_DEL_IP_ADDRESS) { 2077 LIST_FOREACH_SAFE(laddr, &inp->sctp_addr_list, sctp_nxt_addr, nladdr) { 2078 /* remove only after all guys are done */ 2079 if (laddr->ifa == ifa) { 2080 sctp_del_local_addr_ep(inp, ifa); 2081 } 2082 } 2083 } 2084 } 2085 return (0); 2086 } 2087 2088 void 2089 sctp_asconf_iterator_stcb(struct sctp_inpcb *inp, struct sctp_tcb *stcb, 2090 void *ptr, uint32_t val SCTP_UNUSED) 2091 { 2092 struct sctp_asconf_iterator *asc; 2093 struct sctp_ifa *ifa; 2094 struct sctp_laddr *l; 2095 int cnt_invalid = 0; 2096 int type, status; 2097 int num_queued = 0; 2098 2099 asc = (struct sctp_asconf_iterator *)ptr; 2100 LIST_FOREACH(l, &asc->list_of_work, sctp_nxt_addr) { 2101 ifa = l->ifa; 2102 type = l->action; 2103 2104 /* address's vrf_id must be the vrf_id of the assoc */ 2105 if (ifa->vrf_id != stcb->asoc.vrf_id) { 2106 continue; 2107 } 2108 /* Same checks again for assoc */ 2109 switch (ifa->address.sa.sa_family) { 2110 #ifdef INET6 2111 case AF_INET6: 2112 { 2113 /* invalid if we're not a v6 endpoint */ 2114 struct sockaddr_in6 *sin6; 2115 2116 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 2117 cnt_invalid++; 2118 if (asc->cnt == cnt_invalid) 2119 return; 2120 else 2121 continue; 2122 } 2123 sin6 = &ifa->address.sin6; 2124 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 2125 /* we skip unspecifed addresses */ 2126 continue; 2127 } 2128 if (prison_check_ip6(inp->ip_inp.inp.inp_cred, 2129 &sin6->sin6_addr) != 0) { 2130 continue; 2131 } 2132 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 2133 if (stcb->asoc.scope.local_scope == 0) { 2134 continue; 2135 } 2136 /* is it the right link local scope? */ 2137 if (sctp_is_scopeid_in_nets(stcb, &ifa->address.sa) == 0) { 2138 continue; 2139 } 2140 } 2141 break; 2142 } 2143 #endif 2144 #ifdef INET 2145 case AF_INET: 2146 { 2147 /* invalid if we are a v6 only endpoint */ 2148 struct in6pcb *inp6; 2149 struct sockaddr_in *sin; 2150 2151 inp6 = (struct in6pcb *)&inp->ip_inp.inp; 2152 /* invalid if we are a v6 only endpoint */ 2153 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 2154 SCTP_IPV6_V6ONLY(inp6)) 2155 continue; 2156 2157 sin = &ifa->address.sin; 2158 if (sin->sin_addr.s_addr == 0) { 2159 /* we skip unspecifed addresses */ 2160 continue; 2161 } 2162 if (prison_check_ip4(inp->ip_inp.inp.inp_cred, 2163 &sin->sin_addr) != 0) { 2164 continue; 2165 } 2166 if (stcb->asoc.scope.ipv4_local_scope == 0 && 2167 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 2168 continue; 2169 } 2170 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 2171 SCTP_IPV6_V6ONLY(inp6)) { 2172 cnt_invalid++; 2173 if (asc->cnt == cnt_invalid) 2174 return; 2175 else 2176 continue; 2177 } 2178 break; 2179 } 2180 #endif 2181 default: 2182 /* invalid address family */ 2183 cnt_invalid++; 2184 if (asc->cnt == cnt_invalid) 2185 return; 2186 else 2187 continue; 2188 break; 2189 } 2190 2191 if (type == SCTP_ADD_IP_ADDRESS) { 2192 /* prevent this address from being used as a source */ 2193 sctp_add_local_addr_restricted(stcb, ifa); 2194 } else if (type == SCTP_DEL_IP_ADDRESS) { 2195 struct sctp_nets *net; 2196 2197 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 2198 sctp_rtentry_t *rt; 2199 2200 /* delete this address if cached */ 2201 if (net->ro._s_addr == ifa) { 2202 sctp_free_ifa(net->ro._s_addr); 2203 net->ro._s_addr = NULL; 2204 net->src_addr_selected = 0; 2205 rt = net->ro.ro_rt; 2206 if (rt) { 2207 RTFREE(rt); 2208 net->ro.ro_rt = NULL; 2209 } 2210 /* 2211 * Now we deleted our src address, 2212 * should we not also now reset the 2213 * cwnd/rto to start as if its a new 2214 * address? 2215 */ 2216 stcb->asoc.cc_functions.sctp_set_initial_cc_param(stcb, net); 2217 net->RTO = 0; 2218 2219 } 2220 } 2221 } else if (type == SCTP_SET_PRIM_ADDR) { 2222 if ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) { 2223 /* must validate the ifa is in the ep */ 2224 if (sctp_is_addr_in_ep(stcb->sctp_ep, ifa) == 0) { 2225 continue; 2226 } 2227 } else { 2228 /* Need to check scopes for this guy */ 2229 if (sctp_is_address_in_scope(ifa, &stcb->asoc.scope, 0) == 0) { 2230 continue; 2231 } 2232 } 2233 } 2234 /* queue an asconf for this address add/delete */ 2235 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF) && 2236 stcb->asoc.asconf_supported == 1) { 2237 /* queue an asconf for this addr */ 2238 status = sctp_asconf_queue_add(stcb, ifa, type); 2239 /* 2240 * if queued ok, and in the open state, update the 2241 * count of queued params. If in the non-open 2242 * state, these get sent when the assoc goes open. 2243 */ 2244 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) || 2245 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 2246 if (status >= 0) { 2247 num_queued++; 2248 } 2249 } 2250 } 2251 } 2252 /* 2253 * If we have queued params in the open state, send out an ASCONF. 2254 */ 2255 if (num_queued > 0) { 2256 sctp_send_asconf(stcb, NULL, SCTP_ADDR_NOT_LOCKED); 2257 } 2258 } 2259 2260 void 2261 sctp_asconf_iterator_end(void *ptr, uint32_t val SCTP_UNUSED) 2262 { 2263 struct sctp_asconf_iterator *asc; 2264 struct sctp_ifa *ifa; 2265 struct sctp_laddr *l, *nl; 2266 2267 asc = (struct sctp_asconf_iterator *)ptr; 2268 LIST_FOREACH_SAFE(l, &asc->list_of_work, sctp_nxt_addr, nl) { 2269 ifa = l->ifa; 2270 if (l->action == SCTP_ADD_IP_ADDRESS) { 2271 /* Clear the defer use flag */ 2272 ifa->localifa_flags &= ~SCTP_ADDR_DEFER_USE; 2273 } 2274 sctp_free_ifa(ifa); 2275 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), l); 2276 SCTP_DECR_LADDR_COUNT(); 2277 } 2278 SCTP_FREE(asc, SCTP_M_ASC_IT); 2279 } 2280 2281 /* 2282 * sa is the sockaddr to ask the peer to set primary to. 2283 * returns: 0 = completed, -1 = error 2284 */ 2285 int32_t 2286 sctp_set_primary_ip_address_sa(struct sctp_tcb *stcb, struct sockaddr *sa) 2287 { 2288 uint32_t vrf_id; 2289 struct sctp_ifa *ifa; 2290 2291 /* find the ifa for the desired set primary */ 2292 vrf_id = stcb->asoc.vrf_id; 2293 ifa = sctp_find_ifa_by_addr(sa, vrf_id, SCTP_ADDR_NOT_LOCKED); 2294 if (ifa == NULL) { 2295 /* Invalid address */ 2296 return (-1); 2297 } 2298 /* queue an ASCONF:SET_PRIM_ADDR to be sent */ 2299 if (!sctp_asconf_queue_add(stcb, ifa, SCTP_SET_PRIM_ADDR)) { 2300 /* set primary queuing succeeded */ 2301 SCTPDBG(SCTP_DEBUG_ASCONF1, 2302 "set_primary_ip_address_sa: queued on tcb=%p, ", 2303 (void *)stcb); 2304 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 2305 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) || 2306 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 2307 #ifdef SCTP_TIMER_BASED_ASCONF 2308 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, 2309 stcb->sctp_ep, stcb, 2310 stcb->asoc.primary_destination); 2311 #else 2312 sctp_send_asconf(stcb, NULL, SCTP_ADDR_NOT_LOCKED); 2313 #endif 2314 } 2315 } else { 2316 SCTPDBG(SCTP_DEBUG_ASCONF1, "set_primary_ip_address_sa: failed to add to queue on tcb=%p, ", 2317 (void *)stcb); 2318 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); 2319 return (-1); 2320 } 2321 return (0); 2322 } 2323 2324 void 2325 sctp_set_primary_ip_address(struct sctp_ifa *ifa) 2326 { 2327 struct sctp_inpcb *inp; 2328 2329 /* go through all our PCB's */ 2330 LIST_FOREACH(inp, &SCTP_BASE_INFO(listhead), sctp_list) { 2331 struct sctp_tcb *stcb; 2332 2333 /* process for all associations for this endpoint */ 2334 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 2335 /* queue an ASCONF:SET_PRIM_ADDR to be sent */ 2336 if (!sctp_asconf_queue_add(stcb, ifa, 2337 SCTP_SET_PRIM_ADDR)) { 2338 /* set primary queuing succeeded */ 2339 SCTPDBG(SCTP_DEBUG_ASCONF1, "set_primary_ip_address: queued on stcb=%p, ", 2340 (void *)stcb); 2341 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &ifa->address.sa); 2342 if ((SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_OPEN) || 2343 (SCTP_GET_STATE(&stcb->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 2344 #ifdef SCTP_TIMER_BASED_ASCONF 2345 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, 2346 stcb->sctp_ep, stcb, 2347 stcb->asoc.primary_destination); 2348 #else 2349 sctp_send_asconf(stcb, NULL, SCTP_ADDR_NOT_LOCKED); 2350 #endif 2351 } 2352 } 2353 } /* for each stcb */ 2354 } /* for each inp */ 2355 } 2356 2357 int 2358 sctp_is_addr_pending(struct sctp_tcb *stcb, struct sctp_ifa *sctp_ifa) 2359 { 2360 struct sctp_tmit_chunk *chk, *nchk; 2361 unsigned int offset, asconf_limit; 2362 struct sctp_asconf_chunk *acp; 2363 struct sctp_asconf_paramhdr *aph; 2364 uint8_t aparam_buf[SCTP_PARAM_BUFFER_SIZE]; 2365 struct sctp_paramhdr *ph; 2366 int add_cnt, del_cnt; 2367 uint16_t last_param_type; 2368 2369 add_cnt = del_cnt = 0; 2370 last_param_type = 0; 2371 TAILQ_FOREACH_SAFE(chk, &stcb->asoc.asconf_send_queue, sctp_next, nchk) { 2372 if (chk->data == NULL) { 2373 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: No mbuf data?\n"); 2374 continue; 2375 } 2376 offset = 0; 2377 acp = mtod(chk->data, struct sctp_asconf_chunk *); 2378 offset += sizeof(struct sctp_asconf_chunk); 2379 asconf_limit = ntohs(acp->ch.chunk_length); 2380 ph = (struct sctp_paramhdr *)sctp_m_getptr(chk->data, offset, sizeof(struct sctp_paramhdr), aparam_buf); 2381 if (ph == NULL) { 2382 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: couldn't get lookup addr!\n"); 2383 continue; 2384 } 2385 offset += ntohs(ph->param_length); 2386 2387 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(chk->data, offset, sizeof(struct sctp_asconf_paramhdr), aparam_buf); 2388 if (aph == NULL) { 2389 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: Empty ASCONF will be sent?\n"); 2390 continue; 2391 } 2392 while (aph != NULL) { 2393 unsigned int param_length, param_type; 2394 2395 param_type = ntohs(aph->ph.param_type); 2396 param_length = ntohs(aph->ph.param_length); 2397 if (offset + param_length > asconf_limit) { 2398 /* parameter goes beyond end of chunk! */ 2399 break; 2400 } 2401 if (param_length > sizeof(aparam_buf)) { 2402 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: param length (%u) larger than buffer size!\n", param_length); 2403 break; 2404 } 2405 if (param_length <= sizeof(struct sctp_paramhdr)) { 2406 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: param length(%u) too short\n", param_length); 2407 break; 2408 } 2409 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(chk->data, offset, param_length, aparam_buf); 2410 if (aph == NULL) { 2411 SCTPDBG(SCTP_DEBUG_ASCONF1, "is_addr_pending: couldn't get entire param\n"); 2412 break; 2413 } 2414 ph = (struct sctp_paramhdr *)(aph + 1); 2415 if (sctp_addr_match(ph, &sctp_ifa->address.sa) != 0) { 2416 switch (param_type) { 2417 case SCTP_ADD_IP_ADDRESS: 2418 add_cnt++; 2419 break; 2420 case SCTP_DEL_IP_ADDRESS: 2421 del_cnt++; 2422 break; 2423 default: 2424 break; 2425 } 2426 last_param_type = param_type; 2427 } 2428 offset += SCTP_SIZE32(param_length); 2429 if (offset >= asconf_limit) { 2430 /* no more data in the mbuf chain */ 2431 break; 2432 } 2433 /* get pointer to next asconf param */ 2434 aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(chk->data, offset, sizeof(struct sctp_asconf_paramhdr), aparam_buf); 2435 } 2436 } 2437 2438 /* 2439 * we want to find the sequences which consist of ADD -> DEL -> ADD 2440 * or DEL -> ADD 2441 */ 2442 if (add_cnt > del_cnt || 2443 (add_cnt == del_cnt && last_param_type == SCTP_ADD_IP_ADDRESS)) { 2444 return (1); 2445 } 2446 return (0); 2447 } 2448 2449 static struct sockaddr * 2450 sctp_find_valid_localaddr(struct sctp_tcb *stcb, int addr_locked) 2451 { 2452 struct sctp_vrf *vrf = NULL; 2453 struct sctp_ifn *sctp_ifn; 2454 struct sctp_ifa *sctp_ifa; 2455 2456 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2457 SCTP_IPI_ADDR_RLOCK(); 2458 vrf = sctp_find_vrf(stcb->asoc.vrf_id); 2459 if (vrf == NULL) { 2460 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2461 SCTP_IPI_ADDR_RUNLOCK(); 2462 return (NULL); 2463 } 2464 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 2465 if (stcb->asoc.scope.loopback_scope == 0 && 2466 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 2467 /* Skip if loopback_scope not set */ 2468 continue; 2469 } 2470 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 2471 switch (sctp_ifa->address.sa.sa_family) { 2472 #ifdef INET 2473 case AF_INET: 2474 if (stcb->asoc.scope.ipv4_addr_legal) { 2475 struct sockaddr_in *sin; 2476 2477 sin = &sctp_ifa->address.sin; 2478 if (sin->sin_addr.s_addr == 0) { 2479 /* skip unspecifed addresses */ 2480 continue; 2481 } 2482 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 2483 &sin->sin_addr) != 0) { 2484 continue; 2485 } 2486 if (stcb->asoc.scope.ipv4_local_scope == 0 && 2487 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) 2488 continue; 2489 2490 if (sctp_is_addr_restricted(stcb, sctp_ifa) && 2491 (!sctp_is_addr_pending(stcb, sctp_ifa))) 2492 continue; 2493 /* 2494 * found a valid local v4 address to 2495 * use 2496 */ 2497 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2498 SCTP_IPI_ADDR_RUNLOCK(); 2499 return (&sctp_ifa->address.sa); 2500 } 2501 break; 2502 #endif 2503 #ifdef INET6 2504 case AF_INET6: 2505 if (stcb->asoc.scope.ipv6_addr_legal) { 2506 struct sockaddr_in6 *sin6; 2507 2508 if (sctp_ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 2509 continue; 2510 } 2511 sin6 = &sctp_ifa->address.sin6; 2512 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 2513 /* 2514 * we skip unspecifed 2515 * addresses 2516 */ 2517 continue; 2518 } 2519 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 2520 &sin6->sin6_addr) != 0) { 2521 continue; 2522 } 2523 if (stcb->asoc.scope.local_scope == 0 && 2524 IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 2525 continue; 2526 if (stcb->asoc.scope.site_scope == 0 && 2527 IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) 2528 continue; 2529 2530 if (sctp_is_addr_restricted(stcb, sctp_ifa) && 2531 (!sctp_is_addr_pending(stcb, sctp_ifa))) 2532 continue; 2533 /* 2534 * found a valid local v6 address to 2535 * use 2536 */ 2537 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2538 SCTP_IPI_ADDR_RUNLOCK(); 2539 return (&sctp_ifa->address.sa); 2540 } 2541 break; 2542 #endif 2543 default: 2544 break; 2545 } 2546 } 2547 } 2548 /* no valid addresses found */ 2549 if (addr_locked == SCTP_ADDR_NOT_LOCKED) 2550 SCTP_IPI_ADDR_RUNLOCK(); 2551 return (NULL); 2552 } 2553 2554 static struct sockaddr * 2555 sctp_find_valid_localaddr_ep(struct sctp_tcb *stcb) 2556 { 2557 struct sctp_laddr *laddr; 2558 2559 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) { 2560 if (laddr->ifa == NULL) { 2561 continue; 2562 } 2563 /* is the address restricted ? */ 2564 if (sctp_is_addr_restricted(stcb, laddr->ifa) && 2565 (!sctp_is_addr_pending(stcb, laddr->ifa))) 2566 continue; 2567 2568 /* found a valid local address to use */ 2569 return (&laddr->ifa->address.sa); 2570 } 2571 /* no valid addresses found */ 2572 return (NULL); 2573 } 2574 2575 /* 2576 * builds an ASCONF chunk from queued ASCONF params. 2577 * returns NULL on error (no mbuf, no ASCONF params queued, etc). 2578 */ 2579 struct mbuf * 2580 sctp_compose_asconf(struct sctp_tcb *stcb, int *retlen, int addr_locked) 2581 { 2582 struct mbuf *m_asconf, *m_asconf_chk; 2583 struct sctp_asconf_addr *aa; 2584 struct sctp_asconf_chunk *acp; 2585 struct sctp_asconf_paramhdr *aph; 2586 struct sctp_asconf_addr_param *aap; 2587 uint32_t p_length; 2588 uint32_t correlation_id = 1; /* 0 is reserved... */ 2589 caddr_t ptr, lookup_ptr; 2590 uint8_t lookup_used = 0; 2591 2592 /* are there any asconf params to send? */ 2593 TAILQ_FOREACH(aa, &stcb->asoc.asconf_queue, next) { 2594 if (aa->sent == 0) 2595 break; 2596 } 2597 if (aa == NULL) 2598 return (NULL); 2599 2600 /* 2601 * get a chunk header mbuf and a cluster for the asconf params since 2602 * it's simpler to fill in the asconf chunk header lookup address on 2603 * the fly 2604 */ 2605 m_asconf_chk = sctp_get_mbuf_for_msg(sizeof(struct sctp_asconf_chunk), 0, M_NOWAIT, 1, MT_DATA); 2606 if (m_asconf_chk == NULL) { 2607 /* no mbuf's */ 2608 SCTPDBG(SCTP_DEBUG_ASCONF1, 2609 "compose_asconf: couldn't get chunk mbuf!\n"); 2610 return (NULL); 2611 } 2612 m_asconf = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); 2613 if (m_asconf == NULL) { 2614 /* no mbuf's */ 2615 SCTPDBG(SCTP_DEBUG_ASCONF1, 2616 "compose_asconf: couldn't get mbuf!\n"); 2617 sctp_m_freem(m_asconf_chk); 2618 return (NULL); 2619 } 2620 SCTP_BUF_LEN(m_asconf_chk) = sizeof(struct sctp_asconf_chunk); 2621 SCTP_BUF_LEN(m_asconf) = 0; 2622 acp = mtod(m_asconf_chk, struct sctp_asconf_chunk *); 2623 bzero(acp, sizeof(struct sctp_asconf_chunk)); 2624 /* save pointers to lookup address and asconf params */ 2625 lookup_ptr = (caddr_t)(acp + 1); /* after the header */ 2626 ptr = mtod(m_asconf, caddr_t); /* beginning of cluster */ 2627 2628 /* fill in chunk header info */ 2629 acp->ch.chunk_type = SCTP_ASCONF; 2630 acp->ch.chunk_flags = 0; 2631 acp->serial_number = htonl(stcb->asoc.asconf_seq_out); 2632 stcb->asoc.asconf_seq_out++; 2633 2634 /* add parameters... up to smallest MTU allowed */ 2635 TAILQ_FOREACH(aa, &stcb->asoc.asconf_queue, next) { 2636 if (aa->sent) 2637 continue; 2638 /* get the parameter length */ 2639 p_length = SCTP_SIZE32(aa->ap.aph.ph.param_length); 2640 /* will it fit in current chunk? */ 2641 if ((SCTP_BUF_LEN(m_asconf) + p_length > stcb->asoc.smallest_mtu) || 2642 (SCTP_BUF_LEN(m_asconf) + p_length > MCLBYTES)) { 2643 /* won't fit, so we're done with this chunk */ 2644 break; 2645 } 2646 /* assign (and store) a correlation id */ 2647 aa->ap.aph.correlation_id = correlation_id++; 2648 2649 /* 2650 * fill in address if we're doing a delete this is a simple 2651 * way for us to fill in the correlation address, which 2652 * should only be used by the peer if we're deleting our 2653 * source address and adding a new address (e.g. renumbering 2654 * case) 2655 */ 2656 if (lookup_used == 0 && 2657 (aa->special_del == 0) && 2658 aa->ap.aph.ph.param_type == SCTP_DEL_IP_ADDRESS) { 2659 struct sctp_ipv6addr_param *lookup; 2660 uint16_t p_size, addr_size; 2661 2662 lookup = (struct sctp_ipv6addr_param *)lookup_ptr; 2663 lookup->ph.param_type = 2664 htons(aa->ap.addrp.ph.param_type); 2665 if (aa->ap.addrp.ph.param_type == SCTP_IPV6_ADDRESS) { 2666 /* copy IPv6 address */ 2667 p_size = sizeof(struct sctp_ipv6addr_param); 2668 addr_size = sizeof(struct in6_addr); 2669 } else { 2670 /* copy IPv4 address */ 2671 p_size = sizeof(struct sctp_ipv4addr_param); 2672 addr_size = sizeof(struct in_addr); 2673 } 2674 lookup->ph.param_length = htons(SCTP_SIZE32(p_size)); 2675 memcpy(lookup->addr, &aa->ap.addrp.addr, addr_size); 2676 SCTP_BUF_LEN(m_asconf_chk) += SCTP_SIZE32(p_size); 2677 lookup_used = 1; 2678 } 2679 /* copy into current space */ 2680 memcpy(ptr, &aa->ap, p_length); 2681 2682 /* network elements and update lengths */ 2683 aph = (struct sctp_asconf_paramhdr *)ptr; 2684 aap = (struct sctp_asconf_addr_param *)ptr; 2685 /* correlation_id is transparent to peer, no htonl needed */ 2686 aph->ph.param_type = htons(aph->ph.param_type); 2687 aph->ph.param_length = htons(aph->ph.param_length); 2688 aap->addrp.ph.param_type = htons(aap->addrp.ph.param_type); 2689 aap->addrp.ph.param_length = htons(aap->addrp.ph.param_length); 2690 2691 SCTP_BUF_LEN(m_asconf) += SCTP_SIZE32(p_length); 2692 ptr += SCTP_SIZE32(p_length); 2693 2694 /* 2695 * these params are removed off the pending list upon 2696 * getting an ASCONF-ACK back from the peer, just set flag 2697 */ 2698 aa->sent = 1; 2699 } 2700 /* check to see if the lookup addr has been populated yet */ 2701 if (lookup_used == 0) { 2702 /* NOTE: if the address param is optional, can skip this... */ 2703 /* add any valid (existing) address... */ 2704 struct sctp_ipv6addr_param *lookup; 2705 uint16_t p_size, addr_size; 2706 struct sockaddr *found_addr; 2707 caddr_t addr_ptr; 2708 2709 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) 2710 found_addr = sctp_find_valid_localaddr(stcb, 2711 addr_locked); 2712 else 2713 found_addr = sctp_find_valid_localaddr_ep(stcb); 2714 2715 lookup = (struct sctp_ipv6addr_param *)lookup_ptr; 2716 if (found_addr != NULL) { 2717 switch (found_addr->sa_family) { 2718 #ifdef INET6 2719 case AF_INET6: 2720 /* copy IPv6 address */ 2721 lookup->ph.param_type = 2722 htons(SCTP_IPV6_ADDRESS); 2723 p_size = sizeof(struct sctp_ipv6addr_param); 2724 addr_size = sizeof(struct in6_addr); 2725 addr_ptr = (caddr_t)&((struct sockaddr_in6 *) 2726 found_addr)->sin6_addr; 2727 break; 2728 #endif 2729 #ifdef INET 2730 case AF_INET: 2731 /* copy IPv4 address */ 2732 lookup->ph.param_type = 2733 htons(SCTP_IPV4_ADDRESS); 2734 p_size = sizeof(struct sctp_ipv4addr_param); 2735 addr_size = sizeof(struct in_addr); 2736 addr_ptr = (caddr_t)&((struct sockaddr_in *) 2737 found_addr)->sin_addr; 2738 break; 2739 #endif 2740 default: 2741 p_size = 0; 2742 addr_size = 0; 2743 addr_ptr = NULL; 2744 break; 2745 } 2746 lookup->ph.param_length = htons(SCTP_SIZE32(p_size)); 2747 memcpy(lookup->addr, addr_ptr, addr_size); 2748 SCTP_BUF_LEN(m_asconf_chk) += SCTP_SIZE32(p_size); 2749 } else { 2750 /* uh oh... don't have any address?? */ 2751 SCTPDBG(SCTP_DEBUG_ASCONF1, 2752 "compose_asconf: no lookup addr!\n"); 2753 /* XXX for now, we send a IPv4 address of 0.0.0.0 */ 2754 lookup->ph.param_type = htons(SCTP_IPV4_ADDRESS); 2755 lookup->ph.param_length = htons(SCTP_SIZE32(sizeof(struct sctp_ipv4addr_param))); 2756 bzero(lookup->addr, sizeof(struct in_addr)); 2757 SCTP_BUF_LEN(m_asconf_chk) += SCTP_SIZE32(sizeof(struct sctp_ipv4addr_param)); 2758 } 2759 } 2760 /* chain it all together */ 2761 SCTP_BUF_NEXT(m_asconf_chk) = m_asconf; 2762 *retlen = SCTP_BUF_LEN(m_asconf_chk) + SCTP_BUF_LEN(m_asconf); 2763 acp->ch.chunk_length = htons(*retlen); 2764 2765 return (m_asconf_chk); 2766 } 2767 2768 /* 2769 * section to handle address changes before an association is up eg. changes 2770 * during INIT/INIT-ACK/COOKIE-ECHO handshake 2771 */ 2772 2773 /* 2774 * processes the (local) addresses in the INIT-ACK chunk 2775 */ 2776 static void 2777 sctp_process_initack_addresses(struct sctp_tcb *stcb, struct mbuf *m, 2778 unsigned int offset, unsigned int length) 2779 { 2780 struct sctp_paramhdr tmp_param, *ph; 2781 uint16_t plen, ptype; 2782 struct sctp_ifa *sctp_ifa; 2783 union sctp_sockstore store; 2784 2785 #ifdef INET6 2786 struct sctp_ipv6addr_param addr6_store; 2787 2788 #endif 2789 #ifdef INET 2790 struct sctp_ipv4addr_param addr4_store; 2791 2792 #endif 2793 2794 SCTPDBG(SCTP_DEBUG_ASCONF2, "processing init-ack addresses\n"); 2795 if (stcb == NULL) /* Un-needed check for SA */ 2796 return; 2797 2798 /* convert to upper bound */ 2799 length += offset; 2800 2801 if ((offset + sizeof(struct sctp_paramhdr)) > length) { 2802 return; 2803 } 2804 /* go through the addresses in the init-ack */ 2805 ph = (struct sctp_paramhdr *) 2806 sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr), 2807 (uint8_t *) & tmp_param); 2808 while (ph != NULL) { 2809 ptype = ntohs(ph->param_type); 2810 plen = ntohs(ph->param_length); 2811 switch (ptype) { 2812 #ifdef INET6 2813 case SCTP_IPV6_ADDRESS: 2814 { 2815 struct sctp_ipv6addr_param *a6p; 2816 2817 /* get the entire IPv6 address param */ 2818 a6p = (struct sctp_ipv6addr_param *) 2819 sctp_m_getptr(m, offset, 2820 sizeof(struct sctp_ipv6addr_param), 2821 (uint8_t *) & addr6_store); 2822 if (plen != sizeof(struct sctp_ipv6addr_param) || 2823 a6p == NULL) { 2824 return; 2825 } 2826 memset(&store, 0, sizeof(union sctp_sockstore)); 2827 store.sin6.sin6_family = AF_INET6; 2828 store.sin6.sin6_len = sizeof(struct sockaddr_in6); 2829 store.sin6.sin6_port = stcb->rport; 2830 memcpy(&store.sin6.sin6_addr, a6p->addr, sizeof(struct in6_addr)); 2831 break; 2832 } 2833 #endif 2834 #ifdef INET 2835 case SCTP_IPV4_ADDRESS: 2836 { 2837 struct sctp_ipv4addr_param *a4p; 2838 2839 /* get the entire IPv4 address param */ 2840 a4p = (struct sctp_ipv4addr_param *)sctp_m_getptr(m, offset, 2841 sizeof(struct sctp_ipv4addr_param), 2842 (uint8_t *) & addr4_store); 2843 if (plen != sizeof(struct sctp_ipv4addr_param) || 2844 a4p == NULL) { 2845 return; 2846 } 2847 memset(&store, 0, sizeof(union sctp_sockstore)); 2848 store.sin.sin_family = AF_INET; 2849 store.sin.sin_len = sizeof(struct sockaddr_in); 2850 store.sin.sin_port = stcb->rport; 2851 store.sin.sin_addr.s_addr = a4p->addr; 2852 break; 2853 } 2854 #endif 2855 default: 2856 goto next_addr; 2857 } 2858 2859 /* see if this address really (still) exists */ 2860 sctp_ifa = sctp_find_ifa_by_addr(&store.sa, stcb->asoc.vrf_id, 2861 SCTP_ADDR_NOT_LOCKED); 2862 if (sctp_ifa == NULL) { 2863 /* address doesn't exist anymore */ 2864 int status; 2865 2866 /* are ASCONFs allowed ? */ 2867 if ((sctp_is_feature_on(stcb->sctp_ep, 2868 SCTP_PCB_FLAGS_DO_ASCONF)) && 2869 stcb->asoc.asconf_supported) { 2870 /* queue an ASCONF DEL_IP_ADDRESS */ 2871 status = sctp_asconf_queue_sa_delete(stcb, &store.sa); 2872 /* 2873 * if queued ok, and in correct state, send 2874 * out the ASCONF. 2875 */ 2876 if (status == 0 && 2877 SCTP_GET_STATE(&stcb->asoc) == 2878 SCTP_STATE_OPEN) { 2879 #ifdef SCTP_TIMER_BASED_ASCONF 2880 sctp_timer_start(SCTP_TIMER_TYPE_ASCONF, 2881 stcb->sctp_ep, stcb, 2882 stcb->asoc.primary_destination); 2883 #else 2884 sctp_send_asconf(stcb, NULL, SCTP_ADDR_NOT_LOCKED); 2885 #endif 2886 } 2887 } 2888 } 2889 next_addr: 2890 /* 2891 * Sanity check: Make sure the length isn't 0, otherwise 2892 * we'll be stuck in this loop for a long time... 2893 */ 2894 if (SCTP_SIZE32(plen) == 0) { 2895 SCTP_PRINTF("process_initack_addrs: bad len (%d) type=%xh\n", 2896 plen, ptype); 2897 return; 2898 } 2899 /* get next parameter */ 2900 offset += SCTP_SIZE32(plen); 2901 if ((offset + sizeof(struct sctp_paramhdr)) > length) 2902 return; 2903 ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, 2904 sizeof(struct sctp_paramhdr), (uint8_t *) & tmp_param); 2905 } /* while */ 2906 } 2907 2908 /* FIX ME: need to verify return result for v6 address type if v6 disabled */ 2909 /* 2910 * checks to see if a specific address is in the initack address list returns 2911 * 1 if found, 0 if not 2912 */ 2913 static uint32_t 2914 sctp_addr_in_initack(struct mbuf *m, uint32_t offset, uint32_t length, struct sockaddr *sa) 2915 { 2916 struct sctp_paramhdr tmp_param, *ph; 2917 uint16_t plen, ptype; 2918 2919 #ifdef INET 2920 struct sockaddr_in *sin; 2921 struct sctp_ipv4addr_param *a4p; 2922 struct sctp_ipv6addr_param addr4_store; 2923 2924 #endif 2925 #ifdef INET6 2926 struct sockaddr_in6 *sin6; 2927 struct sctp_ipv6addr_param *a6p; 2928 struct sctp_ipv6addr_param addr6_store; 2929 struct sockaddr_in6 sin6_tmp; 2930 2931 #endif 2932 2933 switch (sa->sa_family) { 2934 #ifdef INET 2935 case AF_INET: 2936 break; 2937 #endif 2938 #ifdef INET6 2939 case AF_INET6: 2940 break; 2941 #endif 2942 default: 2943 return (0); 2944 } 2945 2946 SCTPDBG(SCTP_DEBUG_ASCONF2, "find_initack_addr: starting search for "); 2947 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF2, sa); 2948 /* convert to upper bound */ 2949 length += offset; 2950 2951 if ((offset + sizeof(struct sctp_paramhdr)) > length) { 2952 SCTPDBG(SCTP_DEBUG_ASCONF1, 2953 "find_initack_addr: invalid offset?\n"); 2954 return (0); 2955 } 2956 /* go through the addresses in the init-ack */ 2957 ph = (struct sctp_paramhdr *)sctp_m_getptr(m, offset, 2958 sizeof(struct sctp_paramhdr), (uint8_t *) & tmp_param); 2959 while (ph != NULL) { 2960 ptype = ntohs(ph->param_type); 2961 plen = ntohs(ph->param_length); 2962 switch (ptype) { 2963 #ifdef INET6 2964 case SCTP_IPV6_ADDRESS: 2965 if (sa->sa_family == AF_INET6) { 2966 /* get the entire IPv6 address param */ 2967 if (plen != sizeof(struct sctp_ipv6addr_param)) { 2968 break; 2969 } 2970 /* get the entire IPv6 address param */ 2971 a6p = (struct sctp_ipv6addr_param *) 2972 sctp_m_getptr(m, offset, 2973 sizeof(struct sctp_ipv6addr_param), 2974 (uint8_t *) & addr6_store); 2975 if (a6p == NULL) { 2976 return (0); 2977 } 2978 sin6 = (struct sockaddr_in6 *)sa; 2979 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) { 2980 /* create a copy and clear scope */ 2981 memcpy(&sin6_tmp, sin6, 2982 sizeof(struct sockaddr_in6)); 2983 sin6 = &sin6_tmp; 2984 in6_clearscope(&sin6->sin6_addr); 2985 } 2986 if (memcmp(&sin6->sin6_addr, a6p->addr, 2987 sizeof(struct in6_addr)) == 0) { 2988 /* found it */ 2989 return (1); 2990 } 2991 } 2992 break; 2993 #endif /* INET6 */ 2994 #ifdef INET 2995 case SCTP_IPV4_ADDRESS: 2996 if (sa->sa_family == AF_INET) { 2997 if (plen != sizeof(struct sctp_ipv4addr_param)) { 2998 break; 2999 } 3000 /* get the entire IPv4 address param */ 3001 a4p = (struct sctp_ipv4addr_param *) 3002 sctp_m_getptr(m, offset, 3003 sizeof(struct sctp_ipv4addr_param), 3004 (uint8_t *) & addr4_store); 3005 if (a4p == NULL) { 3006 return (0); 3007 } 3008 sin = (struct sockaddr_in *)sa; 3009 if (sin->sin_addr.s_addr == a4p->addr) { 3010 /* found it */ 3011 return (1); 3012 } 3013 } 3014 break; 3015 #endif 3016 default: 3017 break; 3018 } 3019 /* get next parameter */ 3020 offset += SCTP_SIZE32(plen); 3021 if (offset + sizeof(struct sctp_paramhdr) > length) { 3022 return (0); 3023 } 3024 ph = (struct sctp_paramhdr *) 3025 sctp_m_getptr(m, offset, sizeof(struct sctp_paramhdr), 3026 (uint8_t *) & tmp_param); 3027 } /* while */ 3028 /* not found! */ 3029 return (0); 3030 } 3031 3032 /* 3033 * makes sure that the current endpoint local addr list is consistent with 3034 * the new association (eg. subset bound, asconf allowed) adds addresses as 3035 * necessary 3036 */ 3037 static void 3038 sctp_check_address_list_ep(struct sctp_tcb *stcb, struct mbuf *m, int offset, 3039 int length, struct sockaddr *init_addr) 3040 { 3041 struct sctp_laddr *laddr; 3042 3043 /* go through the endpoint list */ 3044 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) { 3045 /* be paranoid and validate the laddr */ 3046 if (laddr->ifa == NULL) { 3047 SCTPDBG(SCTP_DEBUG_ASCONF1, 3048 "check_addr_list_ep: laddr->ifa is NULL"); 3049 continue; 3050 } 3051 if (laddr->ifa == NULL) { 3052 SCTPDBG(SCTP_DEBUG_ASCONF1, "check_addr_list_ep: laddr->ifa->ifa_addr is NULL"); 3053 continue; 3054 } 3055 /* do i have it implicitly? */ 3056 if (sctp_cmpaddr(&laddr->ifa->address.sa, init_addr)) { 3057 continue; 3058 } 3059 /* check to see if in the init-ack */ 3060 if (!sctp_addr_in_initack(m, offset, length, &laddr->ifa->address.sa)) { 3061 /* try to add it */ 3062 sctp_addr_mgmt_assoc(stcb->sctp_ep, stcb, laddr->ifa, 3063 SCTP_ADD_IP_ADDRESS, SCTP_ADDR_NOT_LOCKED); 3064 } 3065 } 3066 } 3067 3068 /* 3069 * makes sure that the current kernel address list is consistent with the new 3070 * association (with all addrs bound) adds addresses as necessary 3071 */ 3072 static void 3073 sctp_check_address_list_all(struct sctp_tcb *stcb, struct mbuf *m, int offset, 3074 int length, struct sockaddr *init_addr, 3075 uint16_t local_scope, uint16_t site_scope, 3076 uint16_t ipv4_scope, uint16_t loopback_scope) 3077 { 3078 struct sctp_vrf *vrf = NULL; 3079 struct sctp_ifn *sctp_ifn; 3080 struct sctp_ifa *sctp_ifa; 3081 uint32_t vrf_id; 3082 3083 #ifdef INET 3084 struct sockaddr_in *sin; 3085 3086 #endif 3087 #ifdef INET6 3088 struct sockaddr_in6 *sin6; 3089 3090 #endif 3091 3092 if (stcb) { 3093 vrf_id = stcb->asoc.vrf_id; 3094 } else { 3095 return; 3096 } 3097 SCTP_IPI_ADDR_RLOCK(); 3098 vrf = sctp_find_vrf(vrf_id); 3099 if (vrf == NULL) { 3100 SCTP_IPI_ADDR_RUNLOCK(); 3101 return; 3102 } 3103 /* go through all our known interfaces */ 3104 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 3105 if (loopback_scope == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 3106 /* skip loopback interface */ 3107 continue; 3108 } 3109 /* go through each interface address */ 3110 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 3111 /* do i have it implicitly? */ 3112 if (sctp_cmpaddr(&sctp_ifa->address.sa, init_addr)) { 3113 continue; 3114 } 3115 switch (sctp_ifa->address.sa.sa_family) { 3116 #ifdef INET 3117 case AF_INET: 3118 sin = &sctp_ifa->address.sin; 3119 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 3120 &sin->sin_addr) != 0) { 3121 continue; 3122 } 3123 if ((ipv4_scope == 0) && 3124 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 3125 /* private address not in scope */ 3126 continue; 3127 } 3128 break; 3129 #endif 3130 #ifdef INET6 3131 case AF_INET6: 3132 sin6 = &sctp_ifa->address.sin6; 3133 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 3134 &sin6->sin6_addr) != 0) { 3135 continue; 3136 } 3137 if ((local_scope == 0) && 3138 (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) { 3139 continue; 3140 } 3141 if ((site_scope == 0) && 3142 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 3143 continue; 3144 } 3145 break; 3146 #endif 3147 default: 3148 break; 3149 } 3150 /* check to see if in the init-ack */ 3151 if (!sctp_addr_in_initack(m, offset, length, &sctp_ifa->address.sa)) { 3152 /* try to add it */ 3153 sctp_addr_mgmt_assoc(stcb->sctp_ep, stcb, 3154 sctp_ifa, SCTP_ADD_IP_ADDRESS, 3155 SCTP_ADDR_LOCKED); 3156 } 3157 } /* end foreach ifa */ 3158 } /* end foreach ifn */ 3159 SCTP_IPI_ADDR_RUNLOCK(); 3160 } 3161 3162 /* 3163 * validates an init-ack chunk (from a cookie-echo) with current addresses 3164 * adds addresses from the init-ack into our local address list, if needed 3165 * queues asconf adds/deletes addresses as needed and makes appropriate list 3166 * changes for source address selection m, offset: points to the start of the 3167 * address list in an init-ack chunk length: total length of the address 3168 * params only init_addr: address where my INIT-ACK was sent from 3169 */ 3170 void 3171 sctp_check_address_list(struct sctp_tcb *stcb, struct mbuf *m, int offset, 3172 int length, struct sockaddr *init_addr, 3173 uint16_t local_scope, uint16_t site_scope, 3174 uint16_t ipv4_scope, uint16_t loopback_scope) 3175 { 3176 /* process the local addresses in the initack */ 3177 sctp_process_initack_addresses(stcb, m, offset, length); 3178 3179 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3180 /* bound all case */ 3181 sctp_check_address_list_all(stcb, m, offset, length, init_addr, 3182 local_scope, site_scope, ipv4_scope, loopback_scope); 3183 } else { 3184 /* subset bound case */ 3185 if (sctp_is_feature_on(stcb->sctp_ep, 3186 SCTP_PCB_FLAGS_DO_ASCONF)) { 3187 /* asconf's allowed */ 3188 sctp_check_address_list_ep(stcb, m, offset, length, 3189 init_addr); 3190 } 3191 /* else, no asconfs allowed, so what we sent is what we get */ 3192 } 3193 } 3194 3195 /* 3196 * sctp_bindx() support 3197 */ 3198 uint32_t 3199 sctp_addr_mgmt_ep_sa(struct sctp_inpcb *inp, struct sockaddr *sa, 3200 uint32_t type, uint32_t vrf_id, struct sctp_ifa *sctp_ifap) 3201 { 3202 struct sctp_ifa *ifa; 3203 struct sctp_laddr *laddr, *nladdr; 3204 3205 if (sa->sa_len == 0) { 3206 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, EINVAL); 3207 return (EINVAL); 3208 } 3209 if (sctp_ifap) { 3210 ifa = sctp_ifap; 3211 } else if (type == SCTP_ADD_IP_ADDRESS) { 3212 /* For an add the address MUST be on the system */ 3213 ifa = sctp_find_ifa_by_addr(sa, vrf_id, SCTP_ADDR_NOT_LOCKED); 3214 } else if (type == SCTP_DEL_IP_ADDRESS) { 3215 /* For a delete we need to find it in the inp */ 3216 ifa = sctp_find_ifa_in_ep(inp, sa, SCTP_ADDR_NOT_LOCKED); 3217 } else { 3218 ifa = NULL; 3219 } 3220 if (ifa != NULL) { 3221 if (type == SCTP_ADD_IP_ADDRESS) { 3222 sctp_add_local_addr_ep(inp, ifa, type); 3223 } else if (type == SCTP_DEL_IP_ADDRESS) { 3224 if (inp->laddr_count < 2) { 3225 /* can't delete the last local address */ 3226 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, EINVAL); 3227 return (EINVAL); 3228 } 3229 LIST_FOREACH(laddr, &inp->sctp_addr_list, 3230 sctp_nxt_addr) { 3231 if (ifa == laddr->ifa) { 3232 /* Mark in the delete */ 3233 laddr->action = type; 3234 } 3235 } 3236 } 3237 if (LIST_EMPTY(&inp->sctp_asoc_list)) { 3238 /* 3239 * There is no need to start the iterator if the inp 3240 * has no associations. 3241 */ 3242 if (type == SCTP_DEL_IP_ADDRESS) { 3243 LIST_FOREACH_SAFE(laddr, &inp->sctp_addr_list, sctp_nxt_addr, nladdr) { 3244 if (laddr->ifa == ifa) { 3245 sctp_del_local_addr_ep(inp, ifa); 3246 } 3247 } 3248 } 3249 } else { 3250 struct sctp_asconf_iterator *asc; 3251 struct sctp_laddr *wi; 3252 int ret; 3253 3254 SCTP_MALLOC(asc, struct sctp_asconf_iterator *, 3255 sizeof(struct sctp_asconf_iterator), 3256 SCTP_M_ASC_IT); 3257 if (asc == NULL) { 3258 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, ENOMEM); 3259 return (ENOMEM); 3260 } 3261 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 3262 if (wi == NULL) { 3263 SCTP_FREE(asc, SCTP_M_ASC_IT); 3264 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, ENOMEM); 3265 return (ENOMEM); 3266 } 3267 LIST_INIT(&asc->list_of_work); 3268 asc->cnt = 1; 3269 SCTP_INCR_LADDR_COUNT(); 3270 wi->ifa = ifa; 3271 wi->action = type; 3272 atomic_add_int(&ifa->refcount, 1); 3273 LIST_INSERT_HEAD(&asc->list_of_work, wi, sctp_nxt_addr); 3274 ret = sctp_initiate_iterator(sctp_asconf_iterator_ep, 3275 sctp_asconf_iterator_stcb, 3276 sctp_asconf_iterator_ep_end, 3277 SCTP_PCB_ANY_FLAGS, 3278 SCTP_PCB_ANY_FEATURES, 3279 SCTP_ASOC_ANY_STATE, 3280 (void *)asc, 0, 3281 sctp_asconf_iterator_end, inp, 0); 3282 if (ret) { 3283 SCTP_PRINTF("Failed to initiate iterator for addr_mgmt_ep_sa\n"); 3284 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, EFAULT); 3285 sctp_asconf_iterator_end(asc, 0); 3286 return (EFAULT); 3287 } 3288 } 3289 return (0); 3290 } else { 3291 /* invalid address! */ 3292 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_ASCONF, EADDRNOTAVAIL); 3293 return (EADDRNOTAVAIL); 3294 } 3295 } 3296 3297 void 3298 sctp_asconf_send_nat_state_update(struct sctp_tcb *stcb, 3299 struct sctp_nets *net) 3300 { 3301 struct sctp_asconf_addr *aa; 3302 struct sctp_ifa *sctp_ifap; 3303 struct sctp_asconf_tag_param *vtag; 3304 3305 #ifdef INET 3306 struct sockaddr_in *to; 3307 3308 #endif 3309 #ifdef INET6 3310 struct sockaddr_in6 *to6; 3311 3312 #endif 3313 if (net == NULL) { 3314 SCTPDBG(SCTP_DEBUG_ASCONF1, "sctp_asconf_send_nat_state_update: Missing net\n"); 3315 return; 3316 } 3317 if (stcb == NULL) { 3318 SCTPDBG(SCTP_DEBUG_ASCONF1, "sctp_asconf_send_nat_state_update: Missing stcb\n"); 3319 return; 3320 } 3321 /* 3322 * Need to have in the asconf: - vtagparam(my_vtag/peer_vtag) - 3323 * add(0.0.0.0) - del(0.0.0.0) - Any global addresses add(addr) 3324 */ 3325 SCTP_MALLOC(aa, struct sctp_asconf_addr *, sizeof(*aa), 3326 SCTP_M_ASC_ADDR); 3327 if (aa == NULL) { 3328 /* didn't get memory */ 3329 SCTPDBG(SCTP_DEBUG_ASCONF1, 3330 "sctp_asconf_send_nat_state_update: failed to get memory!\n"); 3331 return; 3332 } 3333 aa->special_del = 0; 3334 /* fill in asconf address parameter fields */ 3335 /* top level elements are "networked" during send */ 3336 aa->ifa = NULL; 3337 aa->sent = 0; /* clear sent flag */ 3338 vtag = (struct sctp_asconf_tag_param *)&aa->ap.aph; 3339 vtag->aph.ph.param_type = SCTP_NAT_VTAGS; 3340 vtag->aph.ph.param_length = sizeof(struct sctp_asconf_tag_param); 3341 vtag->local_vtag = htonl(stcb->asoc.my_vtag); 3342 vtag->remote_vtag = htonl(stcb->asoc.peer_vtag); 3343 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 3344 3345 SCTP_MALLOC(aa, struct sctp_asconf_addr *, sizeof(*aa), 3346 SCTP_M_ASC_ADDR); 3347 if (aa == NULL) { 3348 /* didn't get memory */ 3349 SCTPDBG(SCTP_DEBUG_ASCONF1, 3350 "sctp_asconf_send_nat_state_update: failed to get memory!\n"); 3351 return; 3352 } 3353 memset(aa, 0, sizeof(struct sctp_asconf_addr)); 3354 /* fill in asconf address parameter fields */ 3355 /* ADD(0.0.0.0) */ 3356 switch (net->ro._l_addr.sa.sa_family) { 3357 #ifdef INET 3358 case AF_INET: 3359 aa->ap.aph.ph.param_type = SCTP_ADD_IP_ADDRESS; 3360 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_addrv4_param); 3361 aa->ap.addrp.ph.param_type = SCTP_IPV4_ADDRESS; 3362 aa->ap.addrp.ph.param_length = sizeof(struct sctp_ipv4addr_param); 3363 /* No need to add an address, we are using 0.0.0.0 */ 3364 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 3365 break; 3366 #endif 3367 #ifdef INET6 3368 case AF_INET6: 3369 aa->ap.aph.ph.param_type = SCTP_ADD_IP_ADDRESS; 3370 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_addr_param); 3371 aa->ap.addrp.ph.param_type = SCTP_IPV6_ADDRESS; 3372 aa->ap.addrp.ph.param_length = sizeof(struct sctp_ipv6addr_param); 3373 /* No need to add an address, we are using 0.0.0.0 */ 3374 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 3375 break; 3376 #endif 3377 default: 3378 SCTPDBG(SCTP_DEBUG_ASCONF1, 3379 "sctp_asconf_send_nat_state_update: unknown address family\n"); 3380 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 3381 return; 3382 } 3383 SCTP_MALLOC(aa, struct sctp_asconf_addr *, sizeof(*aa), 3384 SCTP_M_ASC_ADDR); 3385 if (aa == NULL) { 3386 /* didn't get memory */ 3387 SCTPDBG(SCTP_DEBUG_ASCONF1, 3388 "sctp_asconf_send_nat_state_update: failed to get memory!\n"); 3389 return; 3390 } 3391 memset(aa, 0, sizeof(struct sctp_asconf_addr)); 3392 /* fill in asconf address parameter fields */ 3393 /* ADD(0.0.0.0) */ 3394 switch (net->ro._l_addr.sa.sa_family) { 3395 #ifdef INET 3396 case AF_INET: 3397 aa->ap.aph.ph.param_type = SCTP_ADD_IP_ADDRESS; 3398 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_addrv4_param); 3399 aa->ap.addrp.ph.param_type = SCTP_IPV4_ADDRESS; 3400 aa->ap.addrp.ph.param_length = sizeof(struct sctp_ipv4addr_param); 3401 /* No need to add an address, we are using 0.0.0.0 */ 3402 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 3403 break; 3404 #endif 3405 #ifdef INET6 3406 case AF_INET6: 3407 aa->ap.aph.ph.param_type = SCTP_DEL_IP_ADDRESS; 3408 aa->ap.aph.ph.param_length = sizeof(struct sctp_asconf_addr_param); 3409 aa->ap.addrp.ph.param_type = SCTP_IPV6_ADDRESS; 3410 aa->ap.addrp.ph.param_length = sizeof(struct sctp_ipv6addr_param); 3411 /* No need to add an address, we are using 0.0.0.0 */ 3412 TAILQ_INSERT_TAIL(&stcb->asoc.asconf_queue, aa, next); 3413 break; 3414 #endif 3415 default: 3416 SCTPDBG(SCTP_DEBUG_ASCONF1, 3417 "sctp_asconf_send_nat_state_update: unknown address family\n"); 3418 SCTP_FREE(aa, SCTP_M_ASC_ADDR); 3419 return; 3420 } 3421 /* Now we must hunt the addresses and add all global addresses */ 3422 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3423 struct sctp_vrf *vrf = NULL; 3424 struct sctp_ifn *sctp_ifnp; 3425 uint32_t vrf_id; 3426 3427 vrf_id = stcb->sctp_ep->def_vrf_id; 3428 vrf = sctp_find_vrf(vrf_id); 3429 if (vrf == NULL) { 3430 goto skip_rest; 3431 } 3432 SCTP_IPI_ADDR_RLOCK(); 3433 LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) { 3434 LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { 3435 switch (sctp_ifap->address.sa.sa_family) { 3436 #ifdef INET 3437 case AF_INET: 3438 to = &sctp_ifap->address.sin; 3439 if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, 3440 &to->sin_addr) != 0) { 3441 continue; 3442 } 3443 if (IN4_ISPRIVATE_ADDRESS(&to->sin_addr)) { 3444 continue; 3445 } 3446 if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 3447 continue; 3448 } 3449 break; 3450 #endif 3451 #ifdef INET6 3452 case AF_INET6: 3453 to6 = &sctp_ifap->address.sin6; 3454 if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, 3455 &to6->sin6_addr) != 0) { 3456 continue; 3457 } 3458 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr)) { 3459 continue; 3460 } 3461 if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) { 3462 continue; 3463 } 3464 break; 3465 #endif 3466 default: 3467 continue; 3468 } 3469 sctp_asconf_queue_mgmt(stcb, sctp_ifap, SCTP_ADD_IP_ADDRESS); 3470 } 3471 } 3472 SCTP_IPI_ADDR_RUNLOCK(); 3473 } else { 3474 struct sctp_laddr *laddr; 3475 3476 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) { 3477 if (laddr->ifa == NULL) { 3478 continue; 3479 } 3480 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) 3481 /* 3482 * Address being deleted by the system, dont 3483 * list. 3484 */ 3485 continue; 3486 if (laddr->action == SCTP_DEL_IP_ADDRESS) { 3487 /* 3488 * Address being deleted on this ep don't 3489 * list. 3490 */ 3491 continue; 3492 } 3493 sctp_ifap = laddr->ifa; 3494 switch (sctp_ifap->address.sa.sa_family) { 3495 #ifdef INET 3496 case AF_INET: 3497 to = &sctp_ifap->address.sin; 3498 if (IN4_ISPRIVATE_ADDRESS(&to->sin_addr)) { 3499 continue; 3500 } 3501 if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 3502 continue; 3503 } 3504 break; 3505 #endif 3506 #ifdef INET6 3507 case AF_INET6: 3508 to6 = &sctp_ifap->address.sin6; 3509 if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr)) { 3510 continue; 3511 } 3512 if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) { 3513 continue; 3514 } 3515 break; 3516 #endif 3517 default: 3518 continue; 3519 } 3520 sctp_asconf_queue_mgmt(stcb, sctp_ifap, SCTP_ADD_IP_ADDRESS); 3521 } 3522 } 3523 skip_rest: 3524 /* Now we must send the asconf into the queue */ 3525 sctp_send_asconf(stcb, net, SCTP_ADDR_NOT_LOCKED); 3526 } 3527