1 /*- 2 * Copyright (c) 2001-2006, Cisco Systems, Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * a) Redistributions of source code must retain the above copyright notice, 8 * this list of conditions and the following disclaimer. 9 * 10 * b) Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the distribution. 13 * 14 * c) Neither the name of Cisco Systems, Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived 16 * from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 28 * THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 /* $KAME: sctp_output.c,v 1.46 2005/03/06 16:04:17 itojun Exp $ */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include "opt_ipsec.h" 37 #include "opt_compat.h" 38 #include "opt_inet6.h" 39 #include "opt_inet.h" 40 #include "opt_sctp.h" 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/malloc.h> 44 #include <sys/mbuf.h> 45 #include <sys/domain.h> 46 #include <sys/protosw.h> 47 #include <sys/socket.h> 48 #include <sys/socketvar.h> 49 #include <sys/proc.h> 50 #include <sys/kernel.h> 51 #include <sys/sysctl.h> 52 #include <sys/resourcevar.h> 53 #include <sys/uio.h> 54 #ifdef INET6 55 #include <sys/domain.h> 56 #endif 57 58 #include <sys/limits.h> 59 #include <machine/cpu.h> 60 61 #include <net/if.h> 62 #include <net/if_types.h> 63 64 #include <net/if_var.h> 65 66 #include <net/route.h> 67 68 #include <netinet/in.h> 69 #include <netinet/in_systm.h> 70 #include <netinet/ip.h> 71 #include <netinet/in_pcb.h> 72 #include <netinet/in_var.h> 73 #include <netinet/ip_var.h> 74 75 #ifdef INET6 76 #include <netinet/ip6.h> 77 #include <netinet6/ip6_var.h> 78 #include <netinet6/scope6_var.h> 79 #include <netinet6/nd6.h> 80 81 #include <netinet6/in6_pcb.h> 82 83 #include <netinet/icmp6.h> 84 85 #endif /* INET6 */ 86 87 88 89 #ifndef in6pcb 90 #define in6pcb inpcb 91 #endif 92 93 94 #ifdef IPSEC 95 #include <netinet6/ipsec.h> 96 #include <netkey/key.h> 97 #endif /* IPSEC */ 98 99 #include <netinet/sctp_os.h> 100 #include <netinet/sctp_var.h> 101 #include <netinet/sctp_pcb.h> 102 #include <netinet/sctp_header.h> 103 #include <netinet/sctputil.h> 104 #include <netinet/sctp_output.h> 105 #include <netinet/sctp_bsd_addr.h> 106 #include <netinet/sctp_uio.h> 107 #include <netinet/sctputil.h> 108 #include <netinet/sctp_timer.h> 109 #include <netinet/sctp_asconf.h> 110 #include <netinet/sctp_indata.h> 111 112 /* XXX 113 * This module needs to be rewritten with an eye towards getting 114 * rid of the user of ifa.. and use another list method George 115 * as told me of. 116 */ 117 118 #ifdef SCTP_DEBUG 119 extern uint32_t sctp_debug_on; 120 121 #endif 122 123 static struct sockaddr_in * 124 sctp_is_v4_ifa_addr_prefered(struct ifaddr *ifa, uint8_t loopscope, uint8_t ipv4_scope, uint8_t * sin_loop, uint8_t * sin_local) 125 { 126 struct sockaddr_in *sin; 127 128 /* 129 * Here we determine if its a prefered address. A prefered address 130 * means it is the same scope or higher scope then the destination. 131 * L = loopback, P = private, G = global 132 * ----------------------------------------- src | dest | 133 * result ----------------------------------------- L | L | 134 * yes ----------------------------------------- P | L | yes 135 * ----------------------------------------- G | L | yes 136 * ----------------------------------------- L | P | no 137 * ----------------------------------------- P | P | yes 138 * ----------------------------------------- G | P | no 139 * ----------------------------------------- L | G | no 140 * ----------------------------------------- P | G | no 141 * ----------------------------------------- G | G | yes 142 * ----------------------------------------- 143 */ 144 145 if (ifa->ifa_addr->sa_family != AF_INET) { 146 /* forget non-v4 */ 147 return (NULL); 148 } 149 /* Ok the address may be ok */ 150 sin = (struct sockaddr_in *)ifa->ifa_addr; 151 if (sin->sin_addr.s_addr == 0) { 152 return (NULL); 153 } 154 *sin_local = *sin_loop = 0; 155 if ((ifa->ifa_ifp->if_type == IFT_LOOP) || 156 (IN4_ISLOOPBACK_ADDRESS(&sin->sin_addr))) { 157 *sin_loop = 1; 158 *sin_local = 1; 159 } 160 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 161 *sin_local = 1; 162 } 163 if (!loopscope && *sin_loop) { 164 /* Its a loopback address and we don't have loop scope */ 165 return (NULL); 166 } 167 if (!ipv4_scope && *sin_local) { 168 /* 169 * Its a private address, and we don't have private address 170 * scope 171 */ 172 return (NULL); 173 } 174 if (((ipv4_scope == 0) && (loopscope == 0)) && (*sin_local)) { 175 /* its a global src and a private dest */ 176 return (NULL); 177 } 178 /* its a prefered address */ 179 return (sin); 180 } 181 182 static struct sockaddr_in * 183 sctp_is_v4_ifa_addr_acceptable(struct ifaddr *ifa, uint8_t loopscope, uint8_t ipv4_scope, uint8_t * sin_loop, uint8_t * sin_local) 184 { 185 struct sockaddr_in *sin; 186 187 /* 188 * Here we determine if its a acceptable address. A acceptable 189 * address means it is the same scope or higher scope but we can 190 * allow for NAT which means its ok to have a global dest and a 191 * private src. 192 * 193 * L = loopback, P = private, G = global 194 * ----------------------------------------- src | dest | 195 * result ----------------------------------------- L | L | 196 * yes ----------------------------------------- P | L | yes 197 * ----------------------------------------- G | L | yes 198 * ----------------------------------------- L | P | no 199 * ----------------------------------------- P | P | yes 200 * ----------------------------------------- G | P | yes - 201 * probably this won't work. 202 * ----------------------------------------- L | G | 203 * no ----------------------------------------- P | G | 204 * yes ----------------------------------------- G | G | 205 * yes ----------------------------------------- 206 */ 207 208 if (ifa->ifa_addr->sa_family != AF_INET) { 209 /* forget non-v4 */ 210 return (NULL); 211 } 212 /* Ok the address may be ok */ 213 sin = (struct sockaddr_in *)ifa->ifa_addr; 214 if (sin->sin_addr.s_addr == 0) { 215 return (NULL); 216 } 217 *sin_local = *sin_loop = 0; 218 if ((ifa->ifa_ifp->if_type == IFT_LOOP) || 219 (IN4_ISLOOPBACK_ADDRESS(&sin->sin_addr))) { 220 *sin_loop = 1; 221 *sin_local = 1; 222 } 223 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 224 *sin_local = 1; 225 } 226 if (!loopscope && *sin_loop) { 227 /* Its a loopback address and we don't have loop scope */ 228 return (NULL); 229 } 230 /* its an acceptable address */ 231 return (sin); 232 } 233 234 /* 235 * This treats the address list on the ep as a restricted list (negative 236 * list). If a the passed address is listed, then the address is NOT allowed 237 * on the association. 238 */ 239 int 240 sctp_is_addr_restricted(struct sctp_tcb *stcb, struct sockaddr *addr) 241 { 242 struct sctp_laddr *laddr; 243 244 #ifdef SCTP_DEBUG 245 int cnt = 0; 246 247 #endif 248 if (stcb == NULL) { 249 /* There are no restrictions, no TCB :-) */ 250 return (0); 251 } 252 #ifdef SCTP_DEBUG 253 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, sctp_nxt_addr) { 254 cnt++; 255 } 256 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 257 printf("There are %d addresses on the restricted list\n", cnt); 258 } 259 cnt = 0; 260 #endif 261 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, sctp_nxt_addr) { 262 if (laddr->ifa == NULL) { 263 #ifdef SCTP_DEBUG 264 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 265 printf("Help I have fallen and I can't get up!\n"); 266 } 267 #endif 268 continue; 269 } 270 #ifdef SCTP_DEBUG 271 if (sctp_debug_on & SCTP_DEBUG_OUTPUT4) { 272 cnt++; 273 printf("Restricted address[%d]:", cnt); 274 sctp_print_address(laddr->ifa->ifa_addr); 275 } 276 #endif 277 if (sctp_cmpaddr(addr, laddr->ifa->ifa_addr) == 1) { 278 /* Yes it is on the list */ 279 return (1); 280 } 281 } 282 return (0); 283 } 284 285 static int 286 sctp_is_addr_in_ep(struct sctp_inpcb *inp, struct ifaddr *ifa) 287 { 288 struct sctp_laddr *laddr; 289 290 if (ifa == NULL) 291 return (0); 292 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 293 if (laddr->ifa == NULL) { 294 #ifdef SCTP_DEBUG 295 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 296 printf("Help I have fallen and I can't get up!\n"); 297 } 298 #endif 299 continue; 300 } 301 if (laddr->ifa->ifa_addr == NULL) 302 continue; 303 if (laddr->ifa == ifa) 304 /* same pointer */ 305 return (1); 306 if (laddr->ifa->ifa_addr->sa_family != ifa->ifa_addr->sa_family) { 307 /* skip non compatible address comparison */ 308 continue; 309 } 310 if (sctp_cmpaddr(ifa->ifa_addr, laddr->ifa->ifa_addr) == 1) { 311 /* Yes it is restricted */ 312 return (1); 313 } 314 } 315 return (0); 316 } 317 318 319 320 static struct in_addr 321 sctp_choose_v4_boundspecific_inp(struct sctp_inpcb *inp, 322 struct route *ro, 323 uint8_t ipv4_scope, 324 uint8_t loopscope) 325 { 326 struct in_addr ans; 327 struct sctp_laddr *laddr; 328 struct sockaddr_in *sin; 329 struct ifnet *ifn; 330 struct ifaddr *ifa; 331 uint8_t sin_loop, sin_local; 332 struct rtentry *rt; 333 334 /* 335 * first question, is the ifn we will emit on in our list, if so, we 336 * want that one. 337 */ 338 rt = ro->ro_rt; 339 ifn = rt->rt_ifp; 340 if (ifn) { 341 /* is a prefered one on the interface we route out? */ 342 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 343 sin = sctp_is_v4_ifa_addr_prefered(ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 344 if (sin == NULL) 345 continue; 346 if (sctp_is_addr_in_ep(inp, ifa)) { 347 return (sin->sin_addr); 348 } 349 } 350 /* is an acceptable one on the interface we route out? */ 351 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 352 sin = sctp_is_v4_ifa_addr_acceptable(ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 353 if (sin == NULL) 354 continue; 355 if (sctp_is_addr_in_ep(inp, ifa)) { 356 return (sin->sin_addr); 357 } 358 } 359 } 360 /* ok, what about a prefered address in the inp */ 361 for (laddr = LIST_FIRST(&inp->sctp_addr_list); 362 laddr && (laddr != inp->next_addr_touse); 363 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 364 if (laddr->ifa == NULL) { 365 /* address has been removed */ 366 continue; 367 } 368 sin = sctp_is_v4_ifa_addr_prefered(laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 369 if (sin == NULL) 370 continue; 371 return (sin->sin_addr); 372 373 } 374 /* ok, what about an acceptable address in the inp */ 375 for (laddr = LIST_FIRST(&inp->sctp_addr_list); 376 laddr && (laddr != inp->next_addr_touse); 377 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 378 if (laddr->ifa == NULL) { 379 /* address has been removed */ 380 continue; 381 } 382 sin = sctp_is_v4_ifa_addr_acceptable(laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 383 if (sin == NULL) 384 continue; 385 return (sin->sin_addr); 386 387 } 388 389 /* 390 * no address bound can be a source for the destination we are in 391 * trouble 392 */ 393 #ifdef SCTP_DEBUG 394 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 395 printf("Src address selection for EP, no acceptable src address found for address\n"); 396 } 397 #endif 398 RTFREE(ro->ro_rt); 399 ro->ro_rt = NULL; 400 memset(&ans, 0, sizeof(ans)); 401 return (ans); 402 } 403 404 405 406 static struct in_addr 407 sctp_choose_v4_boundspecific_stcb(struct sctp_inpcb *inp, 408 struct sctp_tcb *stcb, 409 struct sctp_nets *net, 410 struct route *ro, 411 uint8_t ipv4_scope, 412 uint8_t loopscope, 413 int non_asoc_addr_ok) 414 { 415 /* 416 * Here we have two cases, bound all asconf allowed. bound all 417 * asconf not allowed. 418 * 419 */ 420 struct sctp_laddr *laddr, *starting_point; 421 struct in_addr ans; 422 struct ifnet *ifn; 423 struct ifaddr *ifa; 424 uint8_t sin_loop, sin_local, start_at_beginning = 0; 425 struct sockaddr_in *sin; 426 struct rtentry *rt; 427 428 /* 429 * first question, is the ifn we will emit on in our list, if so, we 430 * want that one. 431 */ 432 rt = ro->ro_rt; 433 ifn = rt->rt_ifp; 434 435 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF)) { 436 /* 437 * Here we use the list of addresses on the endpoint. Then 438 * the addresses listed on the "restricted" list is just 439 * that, address that have not been added and can't be used 440 * (unless the non_asoc_addr_ok is set). 441 */ 442 #ifdef SCTP_DEBUG 443 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 444 printf("Have a STCB - asconf allowed, not bound all have a netgative list\n"); 445 } 446 #endif 447 /* 448 * first question, is the ifn we will emit on in our list, 449 * if so, we want that one. 450 */ 451 if (ifn) { 452 /* first try for an prefered address on the ep */ 453 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 454 if (sctp_is_addr_in_ep(inp, ifa)) { 455 sin = sctp_is_v4_ifa_addr_prefered(ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 456 if (sin == NULL) 457 continue; 458 if ((non_asoc_addr_ok == 0) && 459 (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin))) { 460 /* on the no-no list */ 461 continue; 462 } 463 return (sin->sin_addr); 464 } 465 } 466 /* next try for an acceptable address on the ep */ 467 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 468 if (sctp_is_addr_in_ep(inp, ifa)) { 469 sin = sctp_is_v4_ifa_addr_acceptable(ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 470 if (sin == NULL) 471 continue; 472 if ((non_asoc_addr_ok == 0) && 473 (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin))) { 474 /* on the no-no list */ 475 continue; 476 } 477 return (sin->sin_addr); 478 } 479 } 480 481 } 482 /* 483 * if we can't find one like that then we must look at all 484 * addresses bound to pick one at first prefereable then 485 * secondly acceptable. 486 */ 487 starting_point = stcb->asoc.last_used_address; 488 sctpv4_from_the_top: 489 if (stcb->asoc.last_used_address == NULL) { 490 start_at_beginning = 1; 491 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 492 } 493 /* search beginning with the last used address */ 494 for (laddr = stcb->asoc.last_used_address; laddr; 495 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 496 if (laddr->ifa == NULL) { 497 /* address has been removed */ 498 continue; 499 } 500 sin = sctp_is_v4_ifa_addr_prefered(laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 501 if (sin == NULL) 502 continue; 503 if ((non_asoc_addr_ok == 0) && 504 (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin))) { 505 /* on the no-no list */ 506 continue; 507 } 508 return (sin->sin_addr); 509 510 } 511 if (start_at_beginning == 0) { 512 stcb->asoc.last_used_address = NULL; 513 goto sctpv4_from_the_top; 514 } 515 /* now try for any higher scope than the destination */ 516 stcb->asoc.last_used_address = starting_point; 517 start_at_beginning = 0; 518 sctpv4_from_the_top2: 519 if (stcb->asoc.last_used_address == NULL) { 520 start_at_beginning = 1; 521 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 522 } 523 /* search beginning with the last used address */ 524 for (laddr = stcb->asoc.last_used_address; laddr; 525 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 526 if (laddr->ifa == NULL) { 527 /* address has been removed */ 528 continue; 529 } 530 sin = sctp_is_v4_ifa_addr_acceptable(laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 531 if (sin == NULL) 532 continue; 533 if ((non_asoc_addr_ok == 0) && 534 (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin))) { 535 /* on the no-no list */ 536 continue; 537 } 538 return (sin->sin_addr); 539 } 540 if (start_at_beginning == 0) { 541 stcb->asoc.last_used_address = NULL; 542 goto sctpv4_from_the_top2; 543 } 544 } else { 545 /* 546 * Here we have an address list on the association, thats 547 * the only valid source addresses that we can use. 548 */ 549 #ifdef SCTP_DEBUG 550 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 551 printf("Have a STCB - no asconf allowed, not bound all have a postive list\n"); 552 } 553 #endif 554 /* 555 * First look at all addresses for one that is on the 556 * interface we route out 557 */ 558 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 559 sctp_nxt_addr) { 560 if (laddr->ifa == NULL) { 561 /* address has been removed */ 562 continue; 563 } 564 sin = sctp_is_v4_ifa_addr_prefered(laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 565 if (sin == NULL) 566 continue; 567 /* 568 * first question, is laddr->ifa an address 569 * associated with the emit interface 570 */ 571 if (ifn) { 572 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 573 if (laddr->ifa == ifa) { 574 sin = (struct sockaddr_in *)laddr->ifa->ifa_addr; 575 return (sin->sin_addr); 576 } 577 if (sctp_cmpaddr(ifa->ifa_addr, laddr->ifa->ifa_addr) == 1) { 578 sin = (struct sockaddr_in *)laddr->ifa->ifa_addr; 579 return (sin->sin_addr); 580 } 581 } 582 } 583 } 584 /* what about an acceptable one on the interface? */ 585 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 586 sctp_nxt_addr) { 587 if (laddr->ifa == NULL) { 588 /* address has been removed */ 589 continue; 590 } 591 sin = sctp_is_v4_ifa_addr_acceptable(laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 592 if (sin == NULL) 593 continue; 594 /* 595 * first question, is laddr->ifa an address 596 * associated with the emit interface 597 */ 598 if (ifn) { 599 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 600 if (laddr->ifa == ifa) { 601 sin = (struct sockaddr_in *)laddr->ifa->ifa_addr; 602 return (sin->sin_addr); 603 } 604 if (sctp_cmpaddr(ifa->ifa_addr, laddr->ifa->ifa_addr) == 1) { 605 sin = (struct sockaddr_in *)laddr->ifa->ifa_addr; 606 return (sin->sin_addr); 607 } 608 } 609 } 610 } 611 /* ok, next one that is preferable in general */ 612 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 613 sctp_nxt_addr) { 614 if (laddr->ifa == NULL) { 615 /* address has been removed */ 616 continue; 617 } 618 sin = sctp_is_v4_ifa_addr_prefered(laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 619 if (sin == NULL) 620 continue; 621 return (sin->sin_addr); 622 } 623 624 /* last, what about one that is acceptable */ 625 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 626 sctp_nxt_addr) { 627 if (laddr->ifa == NULL) { 628 /* address has been removed */ 629 continue; 630 } 631 sin = sctp_is_v4_ifa_addr_acceptable(laddr->ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 632 if (sin == NULL) 633 continue; 634 return (sin->sin_addr); 635 } 636 } 637 RTFREE(ro->ro_rt); 638 ro->ro_rt = NULL; 639 memset(&ans, 0, sizeof(ans)); 640 return (ans); 641 } 642 643 static struct sockaddr_in * 644 sctp_select_v4_nth_prefered_addr_from_ifn_boundall(struct ifnet *ifn, struct sctp_tcb *stcb, int non_asoc_addr_ok, 645 uint8_t loopscope, uint8_t ipv4_scope, int cur_addr_num) 646 { 647 struct ifaddr *ifa; 648 struct sockaddr_in *sin; 649 uint8_t sin_loop, sin_local; 650 int num_eligible_addr = 0; 651 652 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 653 sin = sctp_is_v4_ifa_addr_prefered(ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 654 if (sin == NULL) 655 continue; 656 if (stcb) { 657 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, (struct sockaddr *)sin)) { 658 /* 659 * It is restricted for some reason.. 660 * probably not yet added. 661 */ 662 continue; 663 } 664 } 665 if (cur_addr_num == num_eligible_addr) { 666 return (sin); 667 } 668 } 669 return (NULL); 670 } 671 672 673 static int 674 sctp_count_v4_num_prefered_boundall(struct ifnet *ifn, struct sctp_tcb *stcb, int non_asoc_addr_ok, 675 uint8_t loopscope, uint8_t ipv4_scope, uint8_t * sin_loop, uint8_t * sin_local) 676 { 677 struct ifaddr *ifa; 678 struct sockaddr_in *sin; 679 int num_eligible_addr = 0; 680 681 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 682 sin = sctp_is_v4_ifa_addr_prefered(ifa, loopscope, ipv4_scope, sin_loop, sin_local); 683 if (sin == NULL) 684 continue; 685 if (stcb) { 686 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, (struct sockaddr *)sin)) { 687 /* 688 * It is restricted for some reason.. 689 * probably not yet added. 690 */ 691 continue; 692 } 693 } 694 num_eligible_addr++; 695 } 696 return (num_eligible_addr); 697 698 } 699 700 static struct in_addr 701 sctp_choose_v4_boundall(struct sctp_inpcb *inp, 702 struct sctp_tcb *stcb, 703 struct sctp_nets *net, 704 struct route *ro, 705 uint8_t ipv4_scope, 706 uint8_t loopscope, 707 int non_asoc_addr_ok) 708 { 709 int cur_addr_num = 0, num_prefered = 0; 710 uint8_t sin_loop, sin_local; 711 struct ifnet *ifn; 712 struct sockaddr_in *sin; 713 struct in_addr ans; 714 struct ifaddr *ifa; 715 struct rtentry *rt; 716 717 /* 718 * For v4 we can use (in boundall) any address in the association. 719 * If non_asoc_addr_ok is set we can use any address (at least in 720 * theory). So we look for prefered addresses first. If we find one, 721 * we use it. Otherwise we next try to get an address on the 722 * interface, which we should be able to do (unless non_asoc_addr_ok 723 * is false and we are routed out that way). In these cases where we 724 * can't use the address of the interface we go through all the 725 * ifn's looking for an address we can use and fill that in. Punting 726 * means we send back address 0, which will probably cause problems 727 * actually since then IP will fill in the address of the route ifn, 728 * which means we probably already rejected it.. i.e. here comes an 729 * abort :-<. 730 */ 731 rt = ro->ro_rt; 732 ifn = rt->rt_ifp; 733 if (net) { 734 cur_addr_num = net->indx_of_eligible_next_to_use; 735 } 736 if (ifn == NULL) { 737 goto bound_all_v4_plan_c; 738 } 739 num_prefered = sctp_count_v4_num_prefered_boundall(ifn, stcb, non_asoc_addr_ok, loopscope, ipv4_scope, &sin_loop, &sin_local); 740 #ifdef SCTP_DEBUG 741 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 742 printf("Found %d prefered source addresses\n", num_prefered); 743 } 744 #endif 745 if (num_prefered == 0) { 746 /* 747 * no eligible addresses, we must use some other interface 748 * address if we can find one. 749 */ 750 goto bound_all_v4_plan_b; 751 } 752 /* 753 * Ok we have num_eligible_addr set with how many we can use, this 754 * may vary from call to call due to addresses being deprecated 755 * etc.. 756 */ 757 if (cur_addr_num >= num_prefered) { 758 cur_addr_num = 0; 759 } 760 /* 761 * select the nth address from the list (where cur_addr_num is the 762 * nth) and 0 is the first one, 1 is the second one etc... 763 */ 764 #ifdef SCTP_DEBUG 765 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 766 printf("cur_addr_num:%d\n", cur_addr_num); 767 } 768 #endif 769 sin = sctp_select_v4_nth_prefered_addr_from_ifn_boundall(ifn, stcb, non_asoc_addr_ok, loopscope, 770 ipv4_scope, cur_addr_num); 771 772 /* if sin is NULL something changed??, plan_a now */ 773 if (sin) { 774 return (sin->sin_addr); 775 } 776 /* 777 * plan_b: Look at the interface that we emit on and see if we can 778 * find an acceptable address. 779 */ 780 bound_all_v4_plan_b: 781 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 782 sin = sctp_is_v4_ifa_addr_acceptable(ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 783 if (sin == NULL) 784 continue; 785 if (stcb) { 786 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, (struct sockaddr *)sin)) { 787 /* 788 * It is restricted for some reason.. 789 * probably not yet added. 790 */ 791 continue; 792 } 793 } 794 return (sin->sin_addr); 795 } 796 /* 797 * plan_c: Look at all interfaces and find a prefered address. If we 798 * reache here we are in trouble I think. 799 */ 800 bound_all_v4_plan_c: 801 for (ifn = TAILQ_FIRST(&ifnet); 802 ifn && (ifn != inp->next_ifn_touse); 803 ifn = TAILQ_NEXT(ifn, if_list)) { 804 if (loopscope == 0 && ifn->if_type == IFT_LOOP) { 805 /* wrong base scope */ 806 continue; 807 } 808 if (ifn == rt->rt_ifp) 809 /* already looked at this guy */ 810 continue; 811 num_prefered = sctp_count_v4_num_prefered_boundall(ifn, stcb, non_asoc_addr_ok, 812 loopscope, ipv4_scope, &sin_loop, &sin_local); 813 #ifdef SCTP_DEBUG 814 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 815 printf("Found ifn:%p %d prefered source addresses\n", ifn, num_prefered); 816 } 817 #endif 818 if (num_prefered == 0) { 819 /* 820 * None on this interface. 821 */ 822 continue; 823 } 824 /* 825 * Ok we have num_eligible_addr set with how many we can 826 * use, this may vary from call to call due to addresses 827 * being deprecated etc.. 828 */ 829 if (cur_addr_num >= num_prefered) { 830 cur_addr_num = 0; 831 } 832 sin = sctp_select_v4_nth_prefered_addr_from_ifn_boundall(ifn, stcb, non_asoc_addr_ok, loopscope, 833 ipv4_scope, cur_addr_num); 834 if (sin == NULL) 835 continue; 836 return (sin->sin_addr); 837 838 } 839 840 /* 841 * plan_d: We are in deep trouble. No prefered address on any 842 * interface. And the emit interface does not even have an 843 * acceptable address. Take anything we can get! If this does not 844 * work we are probably going to emit a packet that will illicit an 845 * ABORT, falling through. 846 */ 847 848 for (ifn = TAILQ_FIRST(&ifnet); 849 ifn && (ifn != inp->next_ifn_touse); 850 ifn = TAILQ_NEXT(ifn, if_list)) { 851 if (loopscope == 0 && ifn->if_type == IFT_LOOP) { 852 /* wrong base scope */ 853 continue; 854 } 855 if (ifn == rt->rt_ifp) 856 /* already looked at this guy */ 857 continue; 858 859 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 860 sin = sctp_is_v4_ifa_addr_acceptable(ifa, loopscope, ipv4_scope, &sin_loop, &sin_local); 861 if (sin == NULL) 862 continue; 863 if (stcb) { 864 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, (struct sockaddr *)sin)) { 865 /* 866 * It is restricted for some 867 * reason.. probably not yet added. 868 */ 869 continue; 870 } 871 } 872 return (sin->sin_addr); 873 } 874 } 875 /* 876 * Ok we can find NO address to source from that is not on our 877 * negative list. It is either the special ASCONF case where we are 878 * sourceing from a intf that has been ifconfig'd to a different 879 * address (i.e. it holds a ADD/DEL/SET-PRIM and the proper lookup 880 * address. OR we are hosed, and this baby is going to abort the 881 * association. 882 */ 883 if (non_asoc_addr_ok) { 884 return (((struct sockaddr_in *)(rt->rt_ifa->ifa_addr))->sin_addr); 885 } else { 886 RTFREE(ro->ro_rt); 887 ro->ro_rt = NULL; 888 memset(&ans, 0, sizeof(ans)); 889 return (ans); 890 } 891 } 892 893 894 895 /* tcb may be NULL */ 896 struct in_addr 897 sctp_ipv4_source_address_selection(struct sctp_inpcb *inp, 898 struct sctp_tcb *stcb, struct route *ro, struct sctp_nets *net, 899 int non_asoc_addr_ok) 900 { 901 struct in_addr ans; 902 struct sockaddr_in *to = (struct sockaddr_in *)&ro->ro_dst; 903 uint8_t ipv4_scope, loopscope; 904 905 /* 906 * Rules: - Find the route if needed, cache if I can. - Look at 907 * interface address in route, Is it in the bound list. If so we 908 * have the best source. - If not we must rotate amongst the 909 * addresses. 910 * 911 * Cavets and issues 912 * 913 * Do we need to pay attention to scope. We can have a private address 914 * or a global address we are sourcing or sending to. So if we draw 915 * it out source * dest * result 916 * ------------------------------------------ a Private * 917 * Global * NAT? ------------------------------------------ b 918 * Private * Private * No problem 919 * ------------------------------------------ c Global * 920 * Private * Huh, How will this work? 921 * ------------------------------------------ d Global * 922 * Global * No Problem ------------------------------------------ 923 * 924 * And then we add to that what happens if there are multiple addresses 925 * assigned to an interface. Remember the ifa on a ifn is a linked 926 * list of addresses. So one interface can have more than one IPv4 927 * address. What happens if we have both a private and a global 928 * address? Do we then use context of destination to sort out which 929 * one is best? And what about NAT's sending P->G may get you a NAT 930 * translation, or should you select the G thats on the interface in 931 * preference. 932 * 933 * Decisions: 934 * 935 * - count the number of addresses on the interface. - if its one, no 936 * problem except case <c>. For <a> we will assume a NAT out there. 937 * - if there are more than one, then we need to worry about scope P 938 * or G. We should prefer G -> G and P -> P if possible. Then as a 939 * secondary fall back to mixed types G->P being a last ditch one. - 940 * The above all works for bound all, but bound specific we need to 941 * use the same concept but instead only consider the bound 942 * addresses. If the bound set is NOT assigned to the interface then 943 * we must use rotation amongst them. 944 * 945 * Notes: For v4, we can always punt and let ip_output decide by 946 * sending back a source of 0.0.0.0 947 */ 948 949 if (ro->ro_rt == NULL) { 950 /* 951 * Need a route to cache. 952 * 953 */ 954 rtalloc_ign(ro, 0UL); 955 } 956 if (ro->ro_rt == NULL) { 957 /* No route to host .. punt */ 958 memset(&ans, 0, sizeof(ans)); 959 return (ans); 960 } 961 /* Setup our scopes */ 962 if (stcb) { 963 ipv4_scope = stcb->asoc.ipv4_local_scope; 964 loopscope = stcb->asoc.loopback_scope; 965 } else { 966 /* Scope based on outbound address */ 967 if ((IN4_ISPRIVATE_ADDRESS(&to->sin_addr))) { 968 ipv4_scope = 1; 969 loopscope = 0; 970 } else if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) { 971 ipv4_scope = 1; 972 loopscope = 1; 973 } else { 974 ipv4_scope = 0; 975 loopscope = 0; 976 } 977 } 978 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 979 /* 980 * When bound to all if the address list is set it is a 981 * negative list. Addresses being added by asconf. 982 */ 983 return (sctp_choose_v4_boundall(inp, stcb, net, ro, 984 ipv4_scope, loopscope, non_asoc_addr_ok)); 985 } 986 /* 987 * Three possiblities here: 988 * 989 * a) stcb is NULL, which means we operate only from the list of 990 * addresses (ifa's) bound to the assoc and we care not about the 991 * list. b) stcb is NOT-NULL, which means we have an assoc structure 992 * and auto-asconf is on. This means that the list of addresses is a 993 * NOT list. We use the list from the inp, but any listed address in 994 * our list is NOT yet added. However if the non_asoc_addr_ok is set 995 * we CAN use an address NOT available (i.e. being added). Its a 996 * negative list. c) stcb is NOT-NULL, which means we have an assoc 997 * structure and auto-asconf is off. This means that the list of 998 * addresses is the ONLY addresses I can use.. its positive. 999 * 1000 * Note we collapse b & c into the same function just like in the v6 1001 * address selection. 1002 */ 1003 if (stcb) { 1004 return (sctp_choose_v4_boundspecific_stcb(inp, stcb, net, 1005 ro, ipv4_scope, loopscope, non_asoc_addr_ok)); 1006 } else { 1007 return (sctp_choose_v4_boundspecific_inp(inp, ro, 1008 ipv4_scope, loopscope)); 1009 } 1010 /* this should not be reached */ 1011 memset(&ans, 0, sizeof(ans)); 1012 return (ans); 1013 } 1014 1015 1016 1017 static struct sockaddr_in6 * 1018 sctp_is_v6_ifa_addr_acceptable(struct ifaddr *ifa, int loopscope, int loc_scope, int *sin_loop, int *sin_local) 1019 { 1020 struct in6_ifaddr *ifa6; 1021 struct sockaddr_in6 *sin6; 1022 1023 1024 if (ifa->ifa_addr->sa_family != AF_INET6) { 1025 /* forget non-v6 */ 1026 return (NULL); 1027 } 1028 ifa6 = (struct in6_ifaddr *)ifa; 1029 /* ok to use deprecated addresses? */ 1030 if (!ip6_use_deprecated) { 1031 if (IFA6_IS_DEPRECATED(ifa6)) { 1032 /* can't use this type */ 1033 return (NULL); 1034 } 1035 } 1036 /* are we ok, with the current state of this address? */ 1037 if (ifa6->ia6_flags & 1038 (IN6_IFF_DETACHED | IN6_IFF_NOTREADY | IN6_IFF_ANYCAST)) { 1039 /* Can't use these types */ 1040 return (NULL); 1041 } 1042 /* Ok the address may be ok */ 1043 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 1044 *sin_local = *sin_loop = 0; 1045 if ((ifa->ifa_ifp->if_type == IFT_LOOP) || 1046 (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))) { 1047 *sin_loop = 1; 1048 } 1049 if (!loopscope && *sin_loop) { 1050 /* Its a loopback address and we don't have loop scope */ 1051 return (NULL); 1052 } 1053 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1054 /* we skip unspecifed addresses */ 1055 return (NULL); 1056 } 1057 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 1058 *sin_local = 1; 1059 } 1060 if (!loc_scope && *sin_local) { 1061 /* 1062 * Its a link local address, and we don't have link local 1063 * scope 1064 */ 1065 return (NULL); 1066 } 1067 return (sin6); 1068 } 1069 1070 1071 static struct sockaddr_in6 * 1072 sctp_choose_v6_boundspecific_stcb(struct sctp_inpcb *inp, 1073 struct sctp_tcb *stcb, 1074 struct sctp_nets *net, 1075 struct route *ro, 1076 uint8_t loc_scope, 1077 uint8_t loopscope, 1078 int non_asoc_addr_ok) 1079 { 1080 /* 1081 * Each endpoint has a list of local addresses associated with it. 1082 * The address list is either a "negative list" i.e. those addresses 1083 * that are NOT allowed to be used as a source OR a "postive list" 1084 * i.e. those addresses that CAN be used. 1085 * 1086 * Its a negative list if asconf is allowed. What we do in this case is 1087 * use the ep address list BUT we have to cross check it against the 1088 * negative list. 1089 * 1090 * In the case where NO asconf is allowed, we have just a straight 1091 * association level list that we must use to find a source address. 1092 */ 1093 struct sctp_laddr *laddr, *starting_point; 1094 struct sockaddr_in6 *sin6; 1095 int sin_loop, sin_local; 1096 int start_at_beginning = 0; 1097 struct ifnet *ifn; 1098 struct ifaddr *ifa; 1099 struct rtentry *rt; 1100 1101 rt = ro->ro_rt; 1102 ifn = rt->rt_ifp; 1103 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF)) { 1104 #ifdef SCTP_DEBUG 1105 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1106 printf("Have a STCB - asconf allowed, not bound all have a netgative list\n"); 1107 } 1108 #endif 1109 /* 1110 * first question, is the ifn we will emit on in our list, 1111 * if so, we want that one. 1112 */ 1113 if (ifn) { 1114 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 1115 if (sctp_is_addr_in_ep(inp, ifa)) { 1116 sin6 = sctp_is_v6_ifa_addr_acceptable(ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1117 if (sin6 == NULL) 1118 continue; 1119 if ((non_asoc_addr_ok == 0) && 1120 (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin6))) { 1121 /* on the no-no list */ 1122 continue; 1123 } 1124 return (sin6); 1125 } 1126 } 1127 } 1128 starting_point = stcb->asoc.last_used_address; 1129 /* First try for matching scope */ 1130 sctp_from_the_top: 1131 if (stcb->asoc.last_used_address == NULL) { 1132 start_at_beginning = 1; 1133 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 1134 } 1135 /* search beginning with the last used address */ 1136 for (laddr = stcb->asoc.last_used_address; laddr; 1137 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 1138 if (laddr->ifa == NULL) { 1139 /* address has been removed */ 1140 continue; 1141 } 1142 sin6 = sctp_is_v6_ifa_addr_acceptable(laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1143 if (sin6 == NULL) 1144 continue; 1145 if ((non_asoc_addr_ok == 0) && (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin6))) { 1146 /* on the no-no list */ 1147 continue; 1148 } 1149 /* is it of matching scope ? */ 1150 if ((loopscope == 0) && 1151 (loc_scope == 0) && 1152 (sin_loop == 0) && 1153 (sin_local == 0)) { 1154 /* all of global scope we are ok with it */ 1155 return (sin6); 1156 } 1157 if (loopscope && sin_loop) 1158 /* both on the loopback, thats ok */ 1159 return (sin6); 1160 if (loc_scope && sin_local) 1161 /* both local scope */ 1162 return (sin6); 1163 1164 } 1165 if (start_at_beginning == 0) { 1166 stcb->asoc.last_used_address = NULL; 1167 goto sctp_from_the_top; 1168 } 1169 /* now try for any higher scope than the destination */ 1170 stcb->asoc.last_used_address = starting_point; 1171 start_at_beginning = 0; 1172 sctp_from_the_top2: 1173 if (stcb->asoc.last_used_address == NULL) { 1174 start_at_beginning = 1; 1175 stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list); 1176 } 1177 /* search beginning with the last used address */ 1178 for (laddr = stcb->asoc.last_used_address; laddr; 1179 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 1180 if (laddr->ifa == NULL) { 1181 /* address has been removed */ 1182 continue; 1183 } 1184 sin6 = sctp_is_v6_ifa_addr_acceptable(laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1185 if (sin6 == NULL) 1186 continue; 1187 if ((non_asoc_addr_ok == 0) && (sctp_is_addr_restricted(stcb, (struct sockaddr *)sin6))) { 1188 /* on the no-no list */ 1189 continue; 1190 } 1191 return (sin6); 1192 } 1193 if (start_at_beginning == 0) { 1194 stcb->asoc.last_used_address = NULL; 1195 goto sctp_from_the_top2; 1196 } 1197 } else { 1198 #ifdef SCTP_DEBUG 1199 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1200 printf("Have a STCB - no asconf allowed, not bound all have a postive list\n"); 1201 } 1202 #endif 1203 /* First try for interface output match */ 1204 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 1205 sctp_nxt_addr) { 1206 if (laddr->ifa == NULL) { 1207 /* address has been removed */ 1208 continue; 1209 } 1210 sin6 = sctp_is_v6_ifa_addr_acceptable(laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1211 if (sin6 == NULL) 1212 continue; 1213 /* 1214 * first question, is laddr->ifa an address 1215 * associated with the emit interface 1216 */ 1217 if (ifn) { 1218 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 1219 if (laddr->ifa == ifa) { 1220 sin6 = (struct sockaddr_in6 *)laddr->ifa->ifa_addr; 1221 return (sin6); 1222 } 1223 if (sctp_cmpaddr(ifa->ifa_addr, laddr->ifa->ifa_addr) == 1) { 1224 sin6 = (struct sockaddr_in6 *)laddr->ifa->ifa_addr; 1225 return (sin6); 1226 } 1227 } 1228 } 1229 } 1230 /* Next try for matching scope */ 1231 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 1232 sctp_nxt_addr) { 1233 if (laddr->ifa == NULL) { 1234 /* address has been removed */ 1235 continue; 1236 } 1237 sin6 = sctp_is_v6_ifa_addr_acceptable(laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1238 if (sin6 == NULL) 1239 continue; 1240 1241 if ((loopscope == 0) && 1242 (loc_scope == 0) && 1243 (sin_loop == 0) && 1244 (sin_local == 0)) { 1245 /* all of global scope we are ok with it */ 1246 return (sin6); 1247 } 1248 if (loopscope && sin_loop) 1249 /* both on the loopback, thats ok */ 1250 return (sin6); 1251 if (loc_scope && sin_local) 1252 /* both local scope */ 1253 return (sin6); 1254 } 1255 /* ok, now try for a higher scope in the source address */ 1256 /* First try for matching scope */ 1257 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, 1258 sctp_nxt_addr) { 1259 if (laddr->ifa == NULL) { 1260 /* address has been removed */ 1261 continue; 1262 } 1263 sin6 = sctp_is_v6_ifa_addr_acceptable(laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1264 if (sin6 == NULL) 1265 continue; 1266 return (sin6); 1267 } 1268 } 1269 RTFREE(ro->ro_rt); 1270 ro->ro_rt = NULL; 1271 return (NULL); 1272 } 1273 1274 static struct sockaddr_in6 * 1275 sctp_choose_v6_boundspecific_inp(struct sctp_inpcb *inp, 1276 struct route *ro, 1277 uint8_t loc_scope, 1278 uint8_t loopscope) 1279 { 1280 /* 1281 * Here we are bound specific and have only an inp. We must find an 1282 * address that is bound that we can give out as a src address. We 1283 * prefer two addresses of same scope if we can find them that way. 1284 */ 1285 struct sctp_laddr *laddr; 1286 struct sockaddr_in6 *sin6; 1287 struct ifnet *ifn; 1288 struct ifaddr *ifa; 1289 int sin_loop, sin_local; 1290 struct rtentry *rt; 1291 1292 /* 1293 * first question, is the ifn we will emit on in our list, if so, we 1294 * want that one. 1295 */ 1296 1297 rt = ro->ro_rt; 1298 ifn = rt->rt_ifp; 1299 if (ifn) { 1300 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 1301 sin6 = sctp_is_v6_ifa_addr_acceptable(ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1302 if (sin6 == NULL) 1303 continue; 1304 if (sctp_is_addr_in_ep(inp, ifa)) { 1305 return (sin6); 1306 } 1307 } 1308 } 1309 for (laddr = LIST_FIRST(&inp->sctp_addr_list); 1310 laddr && (laddr != inp->next_addr_touse); 1311 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 1312 if (laddr->ifa == NULL) { 1313 /* address has been removed */ 1314 continue; 1315 } 1316 sin6 = sctp_is_v6_ifa_addr_acceptable(laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1317 if (sin6 == NULL) 1318 continue; 1319 1320 if ((loopscope == 0) && 1321 (loc_scope == 0) && 1322 (sin_loop == 0) && 1323 (sin_local == 0)) { 1324 /* all of global scope we are ok with it */ 1325 return (sin6); 1326 } 1327 if (loopscope && sin_loop) 1328 /* both on the loopback, thats ok */ 1329 return (sin6); 1330 if (loc_scope && sin_local) 1331 /* both local scope */ 1332 return (sin6); 1333 1334 } 1335 /* 1336 * if we reach here, we could not find two addresses of the same 1337 * scope to give out. Lets look for any higher level scope for a 1338 * source address. 1339 */ 1340 for (laddr = LIST_FIRST(&inp->sctp_addr_list); 1341 laddr && (laddr != inp->next_addr_touse); 1342 laddr = LIST_NEXT(laddr, sctp_nxt_addr)) { 1343 if (laddr->ifa == NULL) { 1344 /* address has been removed */ 1345 continue; 1346 } 1347 sin6 = sctp_is_v6_ifa_addr_acceptable(laddr->ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1348 if (sin6 == NULL) 1349 continue; 1350 return (sin6); 1351 } 1352 /* no address bound can be a source for the destination */ 1353 #ifdef SCTP_DEBUG 1354 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1355 printf("Src address selection for EP, no acceptable src address found for address\n"); 1356 } 1357 #endif 1358 RTFREE(ro->ro_rt); 1359 ro->ro_rt = NULL; 1360 return (NULL); 1361 } 1362 1363 1364 static struct sockaddr_in6 * 1365 sctp_select_v6_nth_addr_from_ifn_boundall(struct ifnet *ifn, struct sctp_tcb *stcb, int non_asoc_addr_ok, uint8_t loopscope, 1366 uint8_t loc_scope, int cur_addr_num, int match_scope) 1367 { 1368 struct ifaddr *ifa; 1369 struct sockaddr_in6 *sin6; 1370 int sin_loop, sin_local; 1371 int num_eligible_addr = 0; 1372 1373 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 1374 sin6 = sctp_is_v6_ifa_addr_acceptable(ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1375 if (sin6 == NULL) 1376 continue; 1377 if (stcb) { 1378 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, (struct sockaddr *)sin6)) { 1379 /* 1380 * It is restricted for some reason.. 1381 * probably not yet added. 1382 */ 1383 continue; 1384 } 1385 } 1386 if (match_scope) { 1387 /* Here we are asked to match scope if possible */ 1388 if (loopscope && sin_loop) 1389 /* src and destination are loopback scope */ 1390 return (sin6); 1391 if (loc_scope && sin_local) 1392 /* src and destination are local scope */ 1393 return (sin6); 1394 if ((loopscope == 0) && 1395 (loc_scope == 0) && 1396 (sin_loop == 0) && 1397 (sin_local == 0)) { 1398 /* src and destination are global scope */ 1399 return (sin6); 1400 } 1401 continue; 1402 } 1403 if (num_eligible_addr == cur_addr_num) { 1404 /* this is it */ 1405 return (sin6); 1406 } 1407 num_eligible_addr++; 1408 } 1409 return (NULL); 1410 } 1411 1412 1413 static int 1414 sctp_count_v6_num_eligible_boundall(struct ifnet *ifn, struct sctp_tcb *stcb, 1415 int non_asoc_addr_ok, uint8_t loopscope, uint8_t loc_scope) 1416 { 1417 struct ifaddr *ifa; 1418 struct sockaddr_in6 *sin6; 1419 int num_eligible_addr = 0; 1420 int sin_loop, sin_local; 1421 1422 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 1423 sin6 = sctp_is_v6_ifa_addr_acceptable(ifa, loopscope, loc_scope, &sin_loop, &sin_local); 1424 if (sin6 == NULL) 1425 continue; 1426 if (stcb) { 1427 if ((non_asoc_addr_ok == 0) && sctp_is_addr_restricted(stcb, (struct sockaddr *)sin6)) { 1428 /* 1429 * It is restricted for some reason.. 1430 * probably not yet added. 1431 */ 1432 continue; 1433 } 1434 } 1435 num_eligible_addr++; 1436 } 1437 return (num_eligible_addr); 1438 } 1439 1440 1441 static struct sockaddr_in6 * 1442 sctp_choose_v6_boundall(struct sctp_inpcb *inp, 1443 struct sctp_tcb *stcb, 1444 struct sctp_nets *net, 1445 struct route *ro, 1446 uint8_t loc_scope, 1447 uint8_t loopscope, 1448 int non_asoc_addr_ok) 1449 { 1450 /* 1451 * Ok, we are bound all SO any address is ok to use as long as it is 1452 * NOT in the negative list. 1453 */ 1454 int num_eligible_addr; 1455 int cur_addr_num = 0; 1456 int started_at_beginning = 0; 1457 int match_scope_prefered; 1458 1459 /* 1460 * first question is, how many eligible addresses are there for the 1461 * destination ifn that we are using that are within the proper 1462 * scope? 1463 */ 1464 struct ifnet *ifn; 1465 struct sockaddr_in6 *sin6; 1466 struct rtentry *rt; 1467 1468 rt = ro->ro_rt; 1469 ifn = rt->rt_ifp; 1470 if (net) { 1471 cur_addr_num = net->indx_of_eligible_next_to_use; 1472 } 1473 if (cur_addr_num == 0) { 1474 match_scope_prefered = 1; 1475 } else { 1476 match_scope_prefered = 0; 1477 } 1478 num_eligible_addr = sctp_count_v6_num_eligible_boundall(ifn, stcb, non_asoc_addr_ok, loopscope, loc_scope); 1479 #ifdef SCTP_DEBUG 1480 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1481 printf("Found %d eligible source addresses\n", num_eligible_addr); 1482 } 1483 #endif 1484 if (num_eligible_addr == 0) { 1485 /* 1486 * no eligible addresses, we must use some other interface 1487 * address if we can find one. 1488 */ 1489 goto bound_all_v6_plan_b; 1490 } 1491 /* 1492 * Ok we have num_eligible_addr set with how many we can use, this 1493 * may vary from call to call due to addresses being deprecated 1494 * etc.. 1495 */ 1496 if (cur_addr_num >= num_eligible_addr) { 1497 cur_addr_num = 0; 1498 } 1499 /* 1500 * select the nth address from the list (where cur_addr_num is the 1501 * nth) and 0 is the first one, 1 is the second one etc... 1502 */ 1503 #ifdef SCTP_DEBUG 1504 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1505 printf("cur_addr_num:%d match_scope_prefered:%d select it\n", 1506 cur_addr_num, match_scope_prefered); 1507 } 1508 #endif 1509 sin6 = sctp_select_v6_nth_addr_from_ifn_boundall(ifn, stcb, non_asoc_addr_ok, loopscope, 1510 loc_scope, cur_addr_num, match_scope_prefered); 1511 if (match_scope_prefered && (sin6 == NULL)) { 1512 /* retry without the preference for matching scope */ 1513 #ifdef SCTP_DEBUG 1514 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1515 printf("retry with no match_scope_prefered\n"); 1516 } 1517 #endif 1518 sin6 = sctp_select_v6_nth_addr_from_ifn_boundall(ifn, stcb, non_asoc_addr_ok, loopscope, 1519 loc_scope, cur_addr_num, 0); 1520 } 1521 if (sin6) { 1522 #ifdef SCTP_DEBUG 1523 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1524 printf("Selected address %d ifn:%p for the route\n", cur_addr_num, ifn); 1525 } 1526 #endif 1527 if (net) { 1528 /* store so we get the next one */ 1529 if (cur_addr_num < 255) 1530 net->indx_of_eligible_next_to_use = cur_addr_num + 1; 1531 else 1532 net->indx_of_eligible_next_to_use = 0; 1533 } 1534 return (sin6); 1535 } 1536 num_eligible_addr = 0; 1537 bound_all_v6_plan_b: 1538 /* 1539 * ok, if we reach here we either fell through due to something 1540 * changing during an interupt (unlikely) or we have NO eligible 1541 * source addresses for the ifn of the route (most likely). We must 1542 * look at all the other interfaces EXCEPT rt->rt_ifp and do the 1543 * same game. 1544 */ 1545 if (inp->next_ifn_touse == NULL) { 1546 started_at_beginning = 1; 1547 inp->next_ifn_touse = TAILQ_FIRST(&ifnet); 1548 #ifdef SCTP_DEBUG 1549 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1550 printf("Start at first IFN:%p\n", inp->next_ifn_touse); 1551 } 1552 #endif 1553 } else { 1554 inp->next_ifn_touse = TAILQ_NEXT(inp->next_ifn_touse, if_list); 1555 #ifdef SCTP_DEBUG 1556 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1557 printf("Resume at IFN:%p\n", inp->next_ifn_touse); 1558 } 1559 #endif 1560 if (inp->next_ifn_touse == NULL) { 1561 #ifdef SCTP_DEBUG 1562 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1563 printf("IFN Resets\n"); 1564 } 1565 #endif 1566 started_at_beginning = 1; 1567 inp->next_ifn_touse = TAILQ_FIRST(&ifnet); 1568 } 1569 } 1570 for (ifn = inp->next_ifn_touse; ifn; 1571 ifn = TAILQ_NEXT(ifn, if_list)) { 1572 if (loopscope == 0 && ifn->if_type == IFT_LOOP) { 1573 /* wrong base scope */ 1574 continue; 1575 } 1576 if (loc_scope && (ifn->if_index != loc_scope)) { 1577 /* 1578 * by definition the scope (from to->sin6_scopeid) 1579 * must match that of the interface. If not then we 1580 * could pick a wrong scope for the address. 1581 * Ususally we don't hit plan-b since the route 1582 * handles this. However we can hit plan-b when we 1583 * send to local-host so the route is the loopback 1584 * interface, but the destination is a link local. 1585 */ 1586 continue; 1587 } 1588 if (ifn == rt->rt_ifp) { 1589 /* already looked at this guy */ 1590 continue; 1591 } 1592 /* 1593 * Address rotation will only work when we are not rotating 1594 * sourced interfaces and are using the interface of the 1595 * route. We would need to have a per interface index in 1596 * order to do proper rotation. 1597 */ 1598 num_eligible_addr = sctp_count_v6_num_eligible_boundall(ifn, stcb, non_asoc_addr_ok, loopscope, loc_scope); 1599 #ifdef SCTP_DEBUG 1600 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1601 printf("IFN:%p has %d eligible\n", ifn, num_eligible_addr); 1602 } 1603 #endif 1604 if (num_eligible_addr == 0) { 1605 /* none we can use */ 1606 continue; 1607 } 1608 /* 1609 * Ok we have num_eligible_addr set with how many we can 1610 * use, this may vary from call to call due to addresses 1611 * being deprecated etc.. 1612 */ 1613 inp->next_ifn_touse = ifn; 1614 1615 /* 1616 * select the first one we can find with perference for 1617 * matching scope. 1618 */ 1619 sin6 = sctp_select_v6_nth_addr_from_ifn_boundall(ifn, stcb, non_asoc_addr_ok, loopscope, loc_scope, 0, 1); 1620 if (sin6 == NULL) { 1621 /* 1622 * can't find one with matching scope how about a 1623 * source with higher scope 1624 */ 1625 sin6 = sctp_select_v6_nth_addr_from_ifn_boundall(ifn, stcb, non_asoc_addr_ok, loopscope, loc_scope, 0, 0); 1626 if (sin6 == NULL) 1627 /* Hmm, can't find one in the interface now */ 1628 continue; 1629 } 1630 #ifdef SCTP_DEBUG 1631 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1632 printf("Selected the %d'th address of ifn:%p\n", 1633 cur_addr_num, 1634 ifn); 1635 } 1636 #endif 1637 return (sin6); 1638 } 1639 if (started_at_beginning == 0) { 1640 /* 1641 * we have not been through all of them yet, force us to go 1642 * through them all. 1643 */ 1644 #ifdef SCTP_DEBUG 1645 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1646 printf("Force a recycle\n"); 1647 } 1648 #endif 1649 inp->next_ifn_touse = NULL; 1650 goto bound_all_v6_plan_b; 1651 } 1652 RTFREE(ro->ro_rt); 1653 ro->ro_rt = NULL; 1654 return (NULL); 1655 1656 } 1657 1658 /* stcb and net may be NULL */ 1659 struct in6_addr 1660 sctp_ipv6_source_address_selection(struct sctp_inpcb *inp, 1661 struct sctp_tcb *stcb, struct route *ro, struct sctp_nets *net, 1662 int non_asoc_addr_ok) 1663 { 1664 struct in6_addr ans; 1665 struct sockaddr_in6 *rt_addr; 1666 uint8_t loc_scope, loopscope; 1667 struct sockaddr_in6 *to = (struct sockaddr_in6 *)&ro->ro_dst; 1668 1669 /* 1670 * This routine is tricky standard v6 src address selection cannot 1671 * take into account what we have bound etc, so we can't use it. 1672 * 1673 * Instead here is what we must do: 1) Make sure we have a route, if we 1674 * don't have a route we can never reach the peer. 2) Once we have a 1675 * route, determine the scope of the route. Link local, loopback or 1676 * global. 3) Next we divide into three types. Either we are bound 1677 * all.. which means we want to use one of the addresses of the 1678 * interface we are going out. <or> 4a) We have not stcb, which 1679 * means we are using the specific addresses bound on an inp, in 1680 * this case we are similar to the stcb case (4b below) accept the 1681 * list is always a positive list.<or> 4b) We are bound specific 1682 * with a stcb, which means we have a list of bound addresses and we 1683 * must see if the ifn of the route is actually one of the bound 1684 * addresses. If not, then we must rotate addresses amongst properly 1685 * scoped bound addresses, if so we use the address of the 1686 * interface. 5) Always, no matter which path we take through the 1687 * above we must be sure the source address we use is allowed to be 1688 * used. I.e. IN6_IFF_DETACHED, IN6_IFF_NOTREADY, and 1689 * IN6_IFF_ANYCAST addresses cannot be used. 6) Addresses that are 1690 * deprecated MAY be used if (!ip6_use_deprecated) { if 1691 * (IFA6_IS_DEPRECATED(ifa6)) { skip the address } } 1692 */ 1693 1694 /*** 1> determine route, if not already done */ 1695 if (ro->ro_rt == NULL) { 1696 /* 1697 * Need a route to cache. 1698 */ 1699 int scope_save; 1700 1701 scope_save = to->sin6_scope_id; 1702 to->sin6_scope_id = 0; 1703 1704 rtalloc_ign(ro, 0UL); 1705 to->sin6_scope_id = scope_save; 1706 } 1707 if (ro->ro_rt == NULL) { 1708 /* 1709 * no route to host. this packet is going no-where. We 1710 * probably should make sure we arrange to send back an 1711 * error. 1712 */ 1713 #ifdef SCTP_DEBUG 1714 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1715 printf("No route to host, this packet cannot be sent!\n"); 1716 } 1717 #endif 1718 memset(&ans, 0, sizeof(ans)); 1719 return (ans); 1720 } 1721 /*** 2a> determine scope for outbound address/route */ 1722 loc_scope = loopscope = 0; 1723 /* 1724 * We base our scope on the outbound packet scope and route, NOT the 1725 * TCB (if there is one). This way in local scope we will only use a 1726 * local scope src address when we send to a local address. 1727 */ 1728 1729 if (IN6_IS_ADDR_LOOPBACK(&to->sin6_addr)) { 1730 /* 1731 * If the route goes to the loopback address OR the address 1732 * is a loopback address, we are loopback scope. 1733 */ 1734 loc_scope = 0; 1735 loopscope = 1; 1736 if (net != NULL) { 1737 /* mark it as local */ 1738 net->addr_is_local = 1; 1739 } 1740 } else if (IN6_IS_ADDR_LINKLOCAL(&to->sin6_addr)) { 1741 if (to->sin6_scope_id) 1742 loc_scope = to->sin6_scope_id; 1743 else { 1744 loc_scope = 1; 1745 } 1746 loopscope = 0; 1747 } 1748 /* 1749 * now, depending on which way we are bound we call the appropriate 1750 * routine to do steps 3-6 1751 */ 1752 #ifdef SCTP_DEBUG 1753 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1754 printf("Destination address:"); 1755 sctp_print_address((struct sockaddr *)to); 1756 } 1757 #endif 1758 1759 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 1760 rt_addr = sctp_choose_v6_boundall(inp, stcb, net, ro, loc_scope, loopscope, non_asoc_addr_ok); 1761 } else { 1762 if (stcb) 1763 rt_addr = sctp_choose_v6_boundspecific_stcb(inp, stcb, net, ro, loc_scope, loopscope, non_asoc_addr_ok); 1764 else 1765 /* 1766 * we can't have a non-asoc address since we have no 1767 * association 1768 */ 1769 rt_addr = sctp_choose_v6_boundspecific_inp(inp, ro, loc_scope, loopscope); 1770 } 1771 if (rt_addr == NULL) { 1772 /* no suitable address? */ 1773 struct in6_addr in6; 1774 1775 #ifdef SCTP_DEBUG 1776 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1777 printf("V6 packet will reach dead-end no suitable src address\n"); 1778 } 1779 #endif 1780 memset(&in6, 0, sizeof(in6)); 1781 return (in6); 1782 } 1783 #ifdef SCTP_DEBUG 1784 if (sctp_debug_on & SCTP_DEBUG_OUTPUT1) { 1785 printf("Source address selected is:"); 1786 sctp_print_address((struct sockaddr *)rt_addr); 1787 } 1788 #endif 1789 return (rt_addr->sin6_addr); 1790 } 1791 1792 1793 static 1794 int 1795 sctp_is_address_in_scope(struct ifaddr *ifa, 1796 int ipv4_addr_legal, 1797 int ipv6_addr_legal, 1798 int loopback_scope, 1799 int ipv4_local_scope, 1800 int local_scope, 1801 int site_scope) 1802 { 1803 if ((loopback_scope == 0) && 1804 (ifa->ifa_ifp) && 1805 (ifa->ifa_ifp->if_type == IFT_LOOP)) { 1806 /* 1807 * skip loopback if not in scope * 1808 */ 1809 return (0); 1810 } 1811 if ((ifa->ifa_addr->sa_family == AF_INET) && ipv4_addr_legal) { 1812 struct sockaddr_in *sin; 1813 1814 sin = (struct sockaddr_in *)ifa->ifa_addr; 1815 if (sin->sin_addr.s_addr == 0) { 1816 /* not in scope , unspecified */ 1817 return (0); 1818 } 1819 if ((ipv4_local_scope == 0) && 1820 (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 1821 /* private address not in scope */ 1822 return (0); 1823 } 1824 } else if ((ifa->ifa_addr->sa_family == AF_INET6) && ipv6_addr_legal) { 1825 struct sockaddr_in6 *sin6; 1826 struct in6_ifaddr *ifa6; 1827 1828 ifa6 = (struct in6_ifaddr *)ifa; 1829 /* ok to use deprecated addresses? */ 1830 if (!ip6_use_deprecated) { 1831 if (ifa6->ia6_flags & 1832 IN6_IFF_DEPRECATED) { 1833 return (0); 1834 } 1835 } 1836 if (ifa6->ia6_flags & 1837 (IN6_IFF_DETACHED | 1838 IN6_IFF_ANYCAST | 1839 IN6_IFF_NOTREADY)) { 1840 return (0); 1841 } 1842 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 1843 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1844 /* skip unspecifed addresses */ 1845 return (0); 1846 } 1847 if ( /* (local_scope == 0) && */ 1848 (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) { 1849 return (0); 1850 } 1851 if ((site_scope == 0) && 1852 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 1853 return (0); 1854 } 1855 } else { 1856 return (0); 1857 } 1858 return (1); 1859 } 1860 1861 static struct mbuf * 1862 sctp_add_addr_to_mbuf(struct mbuf *m, struct ifaddr *ifa) 1863 { 1864 struct sctp_paramhdr *parmh; 1865 struct mbuf *mret; 1866 int len; 1867 1868 if (ifa->ifa_addr->sa_family == AF_INET) { 1869 len = sizeof(struct sctp_ipv4addr_param); 1870 } else if (ifa->ifa_addr->sa_family == AF_INET6) { 1871 len = sizeof(struct sctp_ipv6addr_param); 1872 } else { 1873 /* unknown type */ 1874 return (m); 1875 } 1876 if (M_TRAILINGSPACE(m) >= len) { 1877 /* easy side we just drop it on the end */ 1878 parmh = (struct sctp_paramhdr *)(SCTP_BUF_AT(m, SCTP_BUF_LEN(m))); 1879 mret = m; 1880 } else { 1881 /* Need more space */ 1882 mret = m; 1883 while (SCTP_BUF_NEXT(mret) != NULL) { 1884 mret = SCTP_BUF_NEXT(mret); 1885 } 1886 SCTP_BUF_NEXT(mret) = sctp_get_mbuf_for_msg(len, 0, M_DONTWAIT, 1, MT_DATA); 1887 if (SCTP_BUF_NEXT(mret) == NULL) { 1888 /* We are hosed, can't add more addresses */ 1889 return (m); 1890 } 1891 mret = SCTP_BUF_NEXT(mret); 1892 parmh = mtod(mret, struct sctp_paramhdr *); 1893 } 1894 /* now add the parameter */ 1895 if (ifa->ifa_addr->sa_family == AF_INET) { 1896 struct sctp_ipv4addr_param *ipv4p; 1897 struct sockaddr_in *sin; 1898 1899 sin = (struct sockaddr_in *)ifa->ifa_addr; 1900 ipv4p = (struct sctp_ipv4addr_param *)parmh; 1901 parmh->param_type = htons(SCTP_IPV4_ADDRESS); 1902 parmh->param_length = htons(len); 1903 ipv4p->addr = sin->sin_addr.s_addr; 1904 SCTP_BUF_LEN(mret) += len; 1905 } else if (ifa->ifa_addr->sa_family == AF_INET6) { 1906 struct sctp_ipv6addr_param *ipv6p; 1907 struct sockaddr_in6 *sin6; 1908 1909 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 1910 ipv6p = (struct sctp_ipv6addr_param *)parmh; 1911 parmh->param_type = htons(SCTP_IPV6_ADDRESS); 1912 parmh->param_length = htons(len); 1913 memcpy(ipv6p->addr, &sin6->sin6_addr, 1914 sizeof(ipv6p->addr)); 1915 /* clear embedded scope in the address */ 1916 in6_clearscope((struct in6_addr *)ipv6p->addr); 1917 SCTP_BUF_LEN(mret) += len; 1918 } else { 1919 return (m); 1920 } 1921 return (mret); 1922 } 1923 1924 1925 struct mbuf * 1926 sctp_add_addresses_to_i_ia(struct sctp_inpcb *inp, struct sctp_scoping *scope, struct mbuf *m_at, int cnt_inits_to) 1927 { 1928 int cnt; 1929 1930 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 1931 struct ifnet *ifn; 1932 struct ifaddr *ifa; 1933 1934 cnt = cnt_inits_to; 1935 TAILQ_FOREACH(ifn, &ifnet, if_list) { 1936 if ((scope->loopback_scope == 0) && 1937 (ifn->if_type == IFT_LOOP)) { 1938 /* 1939 * Skip loopback devices if loopback_scope 1940 * not set 1941 */ 1942 continue; 1943 } 1944 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 1945 if (sctp_is_address_in_scope(ifa, 1946 scope->ipv4_addr_legal, 1947 scope->ipv6_addr_legal, 1948 scope->loopback_scope, 1949 scope->ipv4_local_scope, 1950 scope->local_scope, 1951 scope->site_scope) == 0) { 1952 continue; 1953 } 1954 cnt++; 1955 } 1956 } 1957 if (cnt > 1) { 1958 TAILQ_FOREACH(ifn, &ifnet, if_list) { 1959 if ((scope->loopback_scope == 0) && 1960 (ifn->if_type == IFT_LOOP)) { 1961 /* 1962 * Skip loopback devices if 1963 * loopback_scope not set 1964 */ 1965 continue; 1966 } 1967 TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) { 1968 if (sctp_is_address_in_scope(ifa, 1969 scope->ipv4_addr_legal, 1970 scope->ipv6_addr_legal, 1971 scope->loopback_scope, 1972 scope->ipv4_local_scope, 1973 scope->local_scope, 1974 scope->site_scope) == 0) { 1975 continue; 1976 } 1977 m_at = sctp_add_addr_to_mbuf(m_at, ifa); 1978 } 1979 } 1980 } 1981 } else { 1982 struct sctp_laddr *laddr; 1983 int cnt; 1984 1985 cnt = cnt_inits_to; 1986 /* First, how many ? */ 1987 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 1988 if (laddr->ifa == NULL) { 1989 continue; 1990 } 1991 if (laddr->ifa->ifa_addr == NULL) 1992 continue; 1993 if (sctp_is_address_in_scope(laddr->ifa, 1994 scope->ipv4_addr_legal, 1995 scope->ipv6_addr_legal, 1996 scope->loopback_scope, 1997 scope->ipv4_local_scope, 1998 scope->local_scope, 1999 scope->site_scope) == 0) { 2000 continue; 2001 } 2002 cnt++; 2003 } 2004 /* 2005 * To get through a NAT we only list addresses if we have 2006 * more than one. That way if you just bind a single address 2007 * we let the source of the init dictate our address. 2008 */ 2009 if (cnt > 1) { 2010 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2011 if (laddr->ifa == NULL) { 2012 continue; 2013 } 2014 if (laddr->ifa->ifa_addr == NULL) { 2015 continue; 2016 } 2017 if (sctp_is_address_in_scope(laddr->ifa, 2018 scope->ipv4_addr_legal, 2019 scope->ipv6_addr_legal, 2020 scope->loopback_scope, 2021 scope->ipv4_local_scope, 2022 scope->local_scope, 2023 scope->site_scope) == 0) { 2024 continue; 2025 } 2026 m_at = sctp_add_addr_to_mbuf(m_at, laddr->ifa); 2027 } 2028 } 2029 } 2030 return (m_at); 2031 } 2032