1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #include <sys/types.h> 28 #include <sys/systm.h> 29 #include <sys/stream.h> 30 #include <sys/cmn_err.h> 31 #include <sys/kmem.h> 32 #define _SUN_TPI_VERSION 2 33 #include <sys/tihdr.h> 34 #include <sys/stropts.h> 35 #include <sys/socket.h> 36 #include <sys/random.h> 37 #include <sys/policy.h> 38 #include <sys/tsol/tndb.h> 39 #include <sys/tsol/tnet.h> 40 41 #include <netinet/in.h> 42 #include <netinet/ip6.h> 43 44 #include <inet/common.h> 45 #include <inet/ip.h> 46 #include <inet/ip6.h> 47 #include <inet/ipclassifier.h> 48 #include "sctp_impl.h" 49 #include "sctp_asconf.h" 50 #include "sctp_addr.h" 51 52 /* 53 * Returns 0 on success, EACCES on permission failure. 54 */ 55 static int 56 sctp_select_port(sctp_t *sctp, in_port_t *requested_port, int *user_specified) 57 { 58 sctp_stack_t *sctps = sctp->sctp_sctps; 59 60 /* 61 * Get a valid port (within the anonymous range and should not 62 * be a privileged one) to use if the user has not given a port. 63 * If multiple threads are here, they may all start with 64 * with the same initial port. But, it should be fine as long as 65 * sctp_bindi will ensure that no two threads will be assigned 66 * the same port. 67 */ 68 if (*requested_port == 0) { 69 *requested_port = sctp_update_next_port( 70 sctps->sctps_next_port_to_try, 71 crgetzone(sctp->sctp_credp), sctps); 72 if (*requested_port == 0) 73 return (EACCES); 74 *user_specified = 0; 75 } else { 76 int i; 77 boolean_t priv = B_FALSE; 78 79 /* 80 * If the requested_port is in the well-known privileged range, 81 * verify that the stream was opened by a privileged user. 82 * Note: No locks are held when inspecting sctp_g_*epriv_ports 83 * but instead the code relies on: 84 * - the fact that the address of the array and its size never 85 * changes 86 * - the atomic assignment of the elements of the array 87 */ 88 if (*requested_port < sctps->sctps_smallest_nonpriv_port) { 89 priv = B_TRUE; 90 } else { 91 for (i = 0; i < sctps->sctps_g_num_epriv_ports; i++) { 92 if (*requested_port == 93 sctps->sctps_g_epriv_ports[i]) { 94 priv = B_TRUE; 95 break; 96 } 97 } 98 } 99 if (priv) { 100 /* 101 * sctp_bind() should take a cred_t argument so that 102 * we can use it here. 103 */ 104 if (secpolicy_net_privaddr(sctp->sctp_credp, 105 *requested_port, IPPROTO_SCTP) != 0) { 106 dprint(1, 107 ("sctp_bind(x): no prive for port %d", 108 *requested_port)); 109 return (EACCES); 110 } 111 } 112 *user_specified = 1; 113 } 114 115 return (0); 116 } 117 118 int 119 sctp_listen(sctp_t *sctp) 120 { 121 sctp_tf_t *tf; 122 sctp_stack_t *sctps = sctp->sctp_sctps; 123 124 RUN_SCTP(sctp); 125 /* 126 * TCP handles listen() increasing the backlog, need to check 127 * if it should be handled here too 128 */ 129 if (sctp->sctp_state > SCTPS_BOUND || 130 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) { 131 WAKE_SCTP(sctp); 132 return (EINVAL); 133 } 134 135 /* Do an anonymous bind for unbound socket doing listen(). */ 136 if (sctp->sctp_nsaddrs == 0) { 137 struct sockaddr_storage ss; 138 int ret; 139 140 bzero(&ss, sizeof (ss)); 141 ss.ss_family = sctp->sctp_family; 142 143 WAKE_SCTP(sctp); 144 if ((ret = sctp_bind(sctp, (struct sockaddr *)&ss, 145 sizeof (ss))) != 0) 146 return (ret); 147 RUN_SCTP(sctp) 148 } 149 150 sctp->sctp_state = SCTPS_LISTEN; 151 (void) random_get_pseudo_bytes(sctp->sctp_secret, SCTP_SECRET_LEN); 152 sctp->sctp_last_secret_update = lbolt64; 153 bzero(sctp->sctp_old_secret, SCTP_SECRET_LEN); 154 tf = &sctps->sctps_listen_fanout[SCTP_LISTEN_HASH( 155 ntohs(sctp->sctp_lport))]; 156 sctp_listen_hash_insert(tf, sctp); 157 WAKE_SCTP(sctp); 158 return (0); 159 } 160 161 /* 162 * Bind the sctp_t to a sockaddr, which includes an address and other 163 * information, such as port or flowinfo. 164 */ 165 int 166 sctp_bind(sctp_t *sctp, struct sockaddr *sa, socklen_t len) 167 { 168 int user_specified; 169 boolean_t bind_to_req_port_only; 170 in_port_t requested_port; 171 in_port_t allocated_port; 172 int err = 0; 173 174 ASSERT(sctp != NULL); 175 176 RUN_SCTP(sctp); 177 178 if ((sctp->sctp_state >= SCTPS_BOUND) || 179 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING) || 180 (sa == NULL || len == 0)) { 181 /* 182 * Multiple binds not allowed for any SCTP socket 183 * Also binding with null address is not supported. 184 */ 185 err = EINVAL; 186 goto done; 187 } 188 189 switch (sa->sa_family) { 190 case AF_INET: 191 if (len < sizeof (struct sockaddr_in) || 192 sctp->sctp_family == AF_INET6) { 193 err = EINVAL; 194 goto done; 195 } 196 requested_port = ntohs(((struct sockaddr_in *)sa)->sin_port); 197 break; 198 case AF_INET6: 199 if (len < sizeof (struct sockaddr_in6) || 200 sctp->sctp_family == AF_INET) { 201 err = EINVAL; 202 goto done; 203 } 204 requested_port = ntohs(((struct sockaddr_in6 *)sa)->sin6_port); 205 /* Set the flowinfo. */ 206 sctp->sctp_ip6h->ip6_vcf = 207 (IPV6_DEFAULT_VERS_AND_FLOW & IPV6_VERS_AND_FLOW_MASK) | 208 (((struct sockaddr_in6 *)sa)->sin6_flowinfo & 209 ~IPV6_VERS_AND_FLOW_MASK); 210 break; 211 default: 212 err = EAFNOSUPPORT; 213 goto done; 214 } 215 bind_to_req_port_only = requested_port == 0 ? B_FALSE : B_TRUE; 216 217 err = sctp_select_port(sctp, &requested_port, &user_specified); 218 if (err != 0) 219 goto done; 220 221 if ((err = sctp_bind_add(sctp, sa, 1, B_TRUE, 222 user_specified == 1 ? htons(requested_port) : 0)) != 0) { 223 goto done; 224 } 225 err = sctp_bindi(sctp, requested_port, bind_to_req_port_only, 226 user_specified, &allocated_port); 227 if (err != 0) { 228 sctp_free_saddrs(sctp); 229 } else { 230 ASSERT(sctp->sctp_state == SCTPS_BOUND); 231 } 232 done: 233 WAKE_SCTP(sctp); 234 return (err); 235 } 236 237 /* 238 * Perform bind/unbind operation of a list of addresses on a sctp_t 239 */ 240 int 241 sctp_bindx(sctp_t *sctp, const void *addrs, int addrcnt, int bindop) 242 { 243 ASSERT(sctp != NULL); 244 ASSERT(addrs != NULL); 245 ASSERT(addrcnt > 0); 246 247 switch (bindop) { 248 case SCTP_BINDX_ADD_ADDR: 249 return (sctp_bind_add(sctp, addrs, addrcnt, B_FALSE, 250 sctp->sctp_lport)); 251 case SCTP_BINDX_REM_ADDR: 252 return (sctp_bind_del(sctp, addrs, addrcnt, B_FALSE)); 253 default: 254 return (EINVAL); 255 } 256 } 257 258 /* 259 * Add a list of addresses to a sctp_t. 260 */ 261 int 262 sctp_bind_add(sctp_t *sctp, const void *addrs, uint32_t addrcnt, 263 boolean_t caller_hold_lock, in_port_t port) 264 { 265 int err = 0; 266 boolean_t do_asconf = B_FALSE; 267 sctp_stack_t *sctps = sctp->sctp_sctps; 268 269 if (!caller_hold_lock) 270 RUN_SCTP(sctp); 271 272 if (sctp->sctp_state > SCTPS_ESTABLISHED || 273 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) { 274 if (!caller_hold_lock) 275 WAKE_SCTP(sctp); 276 return (EINVAL); 277 } 278 279 if (sctp->sctp_state > SCTPS_LISTEN) { 280 /* 281 * Let's do some checking here rather than undoing the 282 * add later (for these reasons). 283 */ 284 if (!sctps->sctps_addip_enabled || 285 !sctp->sctp_understands_asconf || 286 !sctp->sctp_understands_addip) { 287 if (!caller_hold_lock) 288 WAKE_SCTP(sctp); 289 return (EINVAL); 290 } 291 do_asconf = B_TRUE; 292 } 293 /* 294 * On a clustered node, for an inaddr_any bind, we will pass the list 295 * of all the addresses in the global list, minus any address on the 296 * loopback interface, and expect the clustering susbsystem to give us 297 * the correct list for the 'port'. For explicit binds we give the 298 * list of addresses and the clustering module validates it for the 299 * 'port'. 300 * 301 * On a non-clustered node, cl_sctp_check_addrs will be NULL and 302 * we proceed as usual. 303 */ 304 if (cl_sctp_check_addrs != NULL) { 305 uchar_t *addrlist = NULL; 306 size_t size = 0; 307 int unspec = 0; 308 boolean_t do_listen; 309 uchar_t *llist = NULL; 310 size_t lsize = 0; 311 312 /* 313 * If we are adding addresses after listening, but before 314 * an association is established, we need to update the 315 * clustering module with this info. 316 */ 317 do_listen = !do_asconf && sctp->sctp_state > SCTPS_BOUND && 318 cl_sctp_listen != NULL; 319 320 err = sctp_get_addrlist(sctp, addrs, &addrcnt, &addrlist, 321 &unspec, &size); 322 if (err != 0) { 323 ASSERT(addrlist == NULL); 324 ASSERT(addrcnt == 0); 325 ASSERT(size == 0); 326 if (!caller_hold_lock) 327 WAKE_SCTP(sctp); 328 SCTP_KSTAT(sctps, sctp_cl_check_addrs); 329 return (err); 330 } 331 ASSERT(addrlist != NULL); 332 (*cl_sctp_check_addrs)(sctp->sctp_family, port, &addrlist, 333 size, &addrcnt, unspec == 1); 334 if (addrcnt == 0) { 335 /* We free the list */ 336 kmem_free(addrlist, size); 337 if (!caller_hold_lock) 338 WAKE_SCTP(sctp); 339 return (EINVAL); 340 } 341 if (do_listen) { 342 lsize = sizeof (in6_addr_t) * addrcnt; 343 llist = kmem_alloc(lsize, KM_SLEEP); 344 } 345 err = sctp_valid_addr_list(sctp, addrlist, addrcnt, llist, 346 lsize); 347 if (err == 0 && do_listen) { 348 (*cl_sctp_listen)(sctp->sctp_family, llist, 349 addrcnt, sctp->sctp_lport); 350 /* list will be freed by the clustering module */ 351 } else if (err != 0 && llist != NULL) { 352 kmem_free(llist, lsize); 353 } 354 /* free the list we allocated */ 355 kmem_free(addrlist, size); 356 } else { 357 err = sctp_valid_addr_list(sctp, addrs, addrcnt, NULL, 0); 358 } 359 if (err != 0) { 360 if (!caller_hold_lock) 361 WAKE_SCTP(sctp); 362 return (err); 363 } 364 /* Need to send ASCONF messages */ 365 if (do_asconf) { 366 err = sctp_add_ip(sctp, addrs, addrcnt); 367 if (err != 0) { 368 sctp_del_saddr_list(sctp, addrs, addrcnt, B_FALSE); 369 if (!caller_hold_lock) 370 WAKE_SCTP(sctp); 371 return (err); 372 } 373 } 374 if (!caller_hold_lock) 375 WAKE_SCTP(sctp); 376 if (do_asconf) 377 sctp_process_sendq(sctp); 378 return (0); 379 } 380 381 /* 382 * Remove one or more addresses bound to the sctp_t. 383 */ 384 int 385 sctp_bind_del(sctp_t *sctp, const void *addrs, uint32_t addrcnt, 386 boolean_t caller_hold_lock) 387 { 388 int error = 0; 389 boolean_t do_asconf = B_FALSE; 390 uchar_t *ulist = NULL; 391 size_t usize = 0; 392 sctp_stack_t *sctps = sctp->sctp_sctps; 393 394 if (!caller_hold_lock) 395 RUN_SCTP(sctp); 396 397 if (sctp->sctp_state > SCTPS_ESTABLISHED || 398 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) { 399 if (!caller_hold_lock) 400 WAKE_SCTP(sctp); 401 return (EINVAL); 402 } 403 /* 404 * Fail the remove if we are beyond listen, but can't send this 405 * to the peer. 406 */ 407 if (sctp->sctp_state > SCTPS_LISTEN) { 408 if (!sctps->sctps_addip_enabled || 409 !sctp->sctp_understands_asconf || 410 !sctp->sctp_understands_addip) { 411 if (!caller_hold_lock) 412 WAKE_SCTP(sctp); 413 return (EINVAL); 414 } 415 do_asconf = B_TRUE; 416 } 417 418 /* Can't delete the last address nor all of the addresses */ 419 if (sctp->sctp_nsaddrs == 1 || addrcnt >= sctp->sctp_nsaddrs) { 420 if (!caller_hold_lock) 421 WAKE_SCTP(sctp); 422 return (EINVAL); 423 } 424 425 if (cl_sctp_unlisten != NULL && !do_asconf && 426 sctp->sctp_state > SCTPS_BOUND) { 427 usize = sizeof (in6_addr_t) * addrcnt; 428 ulist = kmem_alloc(usize, KM_SLEEP); 429 } 430 431 error = sctp_del_ip(sctp, addrs, addrcnt, ulist, usize); 432 if (error != 0) { 433 if (ulist != NULL) 434 kmem_free(ulist, usize); 435 if (!caller_hold_lock) 436 WAKE_SCTP(sctp); 437 return (error); 438 } 439 /* ulist will be non-NULL only if cl_sctp_unlisten is non-NULL */ 440 if (ulist != NULL) { 441 ASSERT(cl_sctp_unlisten != NULL); 442 (*cl_sctp_unlisten)(sctp->sctp_family, ulist, addrcnt, 443 sctp->sctp_lport); 444 /* ulist will be freed by the clustering module */ 445 } 446 if (!caller_hold_lock) 447 WAKE_SCTP(sctp); 448 if (do_asconf) 449 sctp_process_sendq(sctp); 450 return (error); 451 } 452 453 /* 454 * Returns 0 for success, errno value otherwise. 455 * 456 * If the "bind_to_req_port_only" parameter is set and the requested port 457 * number is available, then set allocated_port to it. If not available, 458 * return an error. 459 * 460 * If the "bind_to_req_port_only" parameter is not set and the requested port 461 * number is available, then set allocated_port to it. If not available, 462 * find the first anonymous port we can and set allocated_port to that. If no 463 * anonymous ports are available, return an error. 464 * 465 * In either case, when succeeding, update the sctp_t to record the port number 466 * and insert it in the bind hash table. 467 */ 468 int 469 sctp_bindi(sctp_t *sctp, in_port_t port, boolean_t bind_to_req_port_only, 470 int user_specified, in_port_t *allocated_port) 471 { 472 /* number of times we have run around the loop */ 473 int count = 0; 474 /* maximum number of times to run around the loop */ 475 int loopmax; 476 zoneid_t zoneid = sctp->sctp_zoneid; 477 zone_t *zone = crgetzone(sctp->sctp_credp); 478 sctp_stack_t *sctps = sctp->sctp_sctps; 479 480 /* 481 * Lookup for free addresses is done in a loop and "loopmax" 482 * influences how long we spin in the loop 483 */ 484 if (bind_to_req_port_only) { 485 /* 486 * If the requested port is busy, don't bother to look 487 * for a new one. Setting loop maximum count to 1 has 488 * that effect. 489 */ 490 loopmax = 1; 491 } else { 492 /* 493 * If the requested port is busy, look for a free one 494 * in the anonymous port range. 495 * Set loopmax appropriately so that one does not look 496 * forever in the case all of the anonymous ports are in use. 497 */ 498 loopmax = (sctps->sctps_largest_anon_port - 499 sctps->sctps_smallest_anon_port + 1); 500 } 501 do { 502 uint16_t lport; 503 sctp_tf_t *tbf; 504 sctp_t *lsctp; 505 int addrcmp; 506 507 lport = htons(port); 508 509 /* 510 * Ensure that the sctp_t is not currently in the bind hash. 511 * Hold the lock on the hash bucket to ensure that 512 * the duplicate check plus the insertion is an atomic 513 * operation. 514 * 515 * This function does an inline lookup on the bind hash list 516 * Make sure that we access only members of sctp_t 517 * and that we don't look at sctp_sctp, since we are not 518 * doing a SCTPB_REFHOLD. For more details please see the notes 519 * in sctp_compress() 520 */ 521 sctp_bind_hash_remove(sctp); 522 tbf = &sctps->sctps_bind_fanout[SCTP_BIND_HASH(port)]; 523 mutex_enter(&tbf->tf_lock); 524 for (lsctp = tbf->tf_sctp; lsctp != NULL; 525 lsctp = lsctp->sctp_bind_hash) { 526 527 if (lport != lsctp->sctp_lport || 528 lsctp->sctp_state < SCTPS_BOUND) 529 continue; 530 531 /* 532 * On a labeled system, we must treat bindings to ports 533 * on shared IP addresses by sockets with MAC exemption 534 * privilege as being in all zones, as there's 535 * otherwise no way to identify the right receiver. 536 */ 537 if (lsctp->sctp_zoneid != zoneid && 538 lsctp->sctp_mac_mode == CONN_MAC_DEFAULT && 539 sctp->sctp_mac_mode == CONN_MAC_DEFAULT) 540 continue; 541 542 addrcmp = sctp_compare_saddrs(sctp, lsctp); 543 if (addrcmp != SCTP_ADDR_DISJOINT) { 544 if (!sctp->sctp_reuseaddr) { 545 /* in use */ 546 break; 547 } else if (lsctp->sctp_state == SCTPS_BOUND || 548 lsctp->sctp_state == SCTPS_LISTEN) { 549 /* 550 * socket option SO_REUSEADDR is set 551 * on the binding sctp_t. 552 * 553 * We have found a match of IP source 554 * address and source port, which is 555 * refused regardless of the 556 * SO_REUSEADDR setting, so we break. 557 */ 558 break; 559 } 560 } 561 } 562 if (lsctp != NULL) { 563 /* The port number is busy */ 564 mutex_exit(&tbf->tf_lock); 565 } else { 566 conn_t *connp = sctp->sctp_connp; 567 568 if (is_system_labeled()) { 569 mlp_type_t addrtype, mlptype; 570 571 /* 572 * On a labeled system we must check the type 573 * of the binding requested by the user (either 574 * MLP or SLP on shared and private addresses), 575 * and that the user's requested binding 576 * is permitted. 577 */ 578 addrtype = tsol_mlp_addr_type( 579 connp->conn_allzones ? ALL_ZONES : 580 zone->zone_id, 581 sctp->sctp_ipversion, 582 sctp->sctp_ipversion == IPV4_VERSION ? 583 (void *)&sctp->sctp_ipha->ipha_src : 584 (void *)&sctp->sctp_ip6h->ip6_src, 585 sctps->sctps_netstack->netstack_ip); 586 587 /* 588 * tsol_mlp_addr_type returns the possibilities 589 * for the selected address. Since all local 590 * addresses are either private or shared, the 591 * return value mlptSingle means "local address 592 * not valid (interface not present)." 593 */ 594 if (addrtype == mlptSingle) { 595 mutex_exit(&tbf->tf_lock); 596 return (EADDRNOTAVAIL); 597 } 598 mlptype = tsol_mlp_port_type(zone, IPPROTO_SCTP, 599 port, addrtype); 600 if (mlptype != mlptSingle) { 601 if (secpolicy_net_bindmlp(connp-> 602 conn_cred) != 0) { 603 mutex_exit(&tbf->tf_lock); 604 return (EACCES); 605 } 606 /* 607 * If we're binding a shared MLP, then 608 * make sure that this zone is the one 609 * that owns that MLP. Shared MLPs can 610 * be owned by at most one zone. 611 * 612 * No need to handle exclusive-stack 613 * zones since ALL_ZONES only applies 614 * to the shared stack. 615 */ 616 617 if (mlptype == mlptShared && 618 addrtype == mlptShared && 619 connp->conn_zoneid != 620 tsol_mlp_findzone(IPPROTO_SCTP, 621 lport)) { 622 mutex_exit(&tbf->tf_lock); 623 return (EACCES); 624 } 625 connp->conn_mlp_type = mlptype; 626 } 627 } 628 /* 629 * This port is ours. Insert in fanout and mark as 630 * bound to prevent others from getting the port 631 * number. 632 */ 633 sctp->sctp_state = SCTPS_BOUND; 634 sctp->sctp_lport = lport; 635 sctp->sctp_sctph->sh_sport = lport; 636 637 ASSERT(&sctps->sctps_bind_fanout[ 638 SCTP_BIND_HASH(port)] == tbf); 639 sctp_bind_hash_insert(tbf, sctp, 1); 640 641 mutex_exit(&tbf->tf_lock); 642 643 /* 644 * We don't want sctp_next_port_to_try to "inherit" 645 * a port number supplied by the user in a bind. 646 * 647 * This is the only place where sctp_next_port_to_try 648 * is updated. After the update, it may or may not 649 * be in the valid range. 650 */ 651 if (user_specified == 0) 652 sctps->sctps_next_port_to_try = port + 1; 653 654 *allocated_port = port; 655 656 return (0); 657 } 658 659 if ((count == 0) && (user_specified)) { 660 /* 661 * We may have to return an anonymous port. So 662 * get one to start with. 663 */ 664 port = sctp_update_next_port( 665 sctps->sctps_next_port_to_try, 666 zone, sctps); 667 user_specified = 0; 668 } else { 669 port = sctp_update_next_port(port + 1, zone, sctps); 670 } 671 if (port == 0) 672 break; 673 674 /* 675 * Don't let this loop run forever in the case where 676 * all of the anonymous ports are in use. 677 */ 678 } while (++count < loopmax); 679 680 return (bind_to_req_port_only ? EADDRINUSE : EADDRNOTAVAIL); 681 } 682 683 /* 684 * Don't let port fall into the privileged range. 685 * Since the extra privileged ports can be arbitrary we also 686 * ensure that we exclude those from consideration. 687 * sctp_g_epriv_ports is not sorted thus we loop over it until 688 * there are no changes. 689 * 690 * Note: No locks are held when inspecting sctp_g_*epriv_ports 691 * but instead the code relies on: 692 * - the fact that the address of the array and its size never changes 693 * - the atomic assignment of the elements of the array 694 */ 695 in_port_t 696 sctp_update_next_port(in_port_t port, zone_t *zone, sctp_stack_t *sctps) 697 { 698 int i; 699 boolean_t restart = B_FALSE; 700 701 retry: 702 if (port < sctps->sctps_smallest_anon_port) 703 port = sctps->sctps_smallest_anon_port; 704 705 if (port > sctps->sctps_largest_anon_port) { 706 if (restart) 707 return (0); 708 restart = B_TRUE; 709 port = sctps->sctps_smallest_anon_port; 710 } 711 712 if (port < sctps->sctps_smallest_nonpriv_port) 713 port = sctps->sctps_smallest_nonpriv_port; 714 715 for (i = 0; i < sctps->sctps_g_num_epriv_ports; i++) { 716 if (port == sctps->sctps_g_epriv_ports[i]) { 717 port++; 718 /* 719 * Make sure whether the port is in the 720 * valid range. 721 * 722 * XXX Note that if sctp_g_epriv_ports contains 723 * all the anonymous ports this will be an 724 * infinite loop. 725 */ 726 goto retry; 727 } 728 } 729 730 if (is_system_labeled() && 731 (i = tsol_next_port(zone, port, IPPROTO_SCTP, B_TRUE)) != 0) { 732 port = i; 733 goto retry; 734 } 735 736 return (port); 737 } 738