1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/types.h> 30 #include <sys/systm.h> 31 #include <sys/stream.h> 32 #include <sys/cmn_err.h> 33 #include <sys/kmem.h> 34 #define _SUN_TPI_VERSION 2 35 #include <sys/tihdr.h> 36 #include <sys/stropts.h> 37 #include <sys/socket.h> 38 #include <sys/random.h> 39 #include <sys/policy.h> 40 #include <sys/tsol/tndb.h> 41 #include <sys/tsol/tnet.h> 42 43 #include <netinet/in.h> 44 #include <netinet/ip6.h> 45 46 #include <inet/common.h> 47 #include <inet/ip.h> 48 #include <inet/ip6.h> 49 #include <inet/ipclassifier.h> 50 #include "sctp_impl.h" 51 #include "sctp_asconf.h" 52 #include "sctp_addr.h" 53 54 /* 55 * Returns 0 on success, EACCES on permission failure. 56 */ 57 static int 58 sctp_select_port(sctp_t *sctp, in_port_t *requested_port, int *user_specified) 59 { 60 sctp_stack_t *sctps = sctp->sctp_sctps; 61 62 /* 63 * Get a valid port (within the anonymous range and should not 64 * be a privileged one) to use if the user has not given a port. 65 * If multiple threads are here, they may all start with 66 * with the same initial port. But, it should be fine as long as 67 * sctp_bindi will ensure that no two threads will be assigned 68 * the same port. 69 */ 70 if (*requested_port == 0) { 71 *requested_port = sctp_update_next_port( 72 sctps->sctps_next_port_to_try, 73 crgetzone(sctp->sctp_credp), sctps); 74 if (*requested_port == 0) 75 return (EACCES); 76 *user_specified = 0; 77 } else { 78 int i; 79 boolean_t priv = B_FALSE; 80 81 /* 82 * If the requested_port is in the well-known privileged range, 83 * verify that the stream was opened by a privileged user. 84 * Note: No locks are held when inspecting sctp_g_*epriv_ports 85 * but instead the code relies on: 86 * - the fact that the address of the array and its size never 87 * changes 88 * - the atomic assignment of the elements of the array 89 */ 90 if (*requested_port < sctps->sctps_smallest_nonpriv_port) { 91 priv = B_TRUE; 92 } else { 93 for (i = 0; i < sctps->sctps_g_num_epriv_ports; i++) { 94 if (*requested_port == 95 sctps->sctps_g_epriv_ports[i]) { 96 priv = B_TRUE; 97 break; 98 } 99 } 100 } 101 if (priv) { 102 /* 103 * sctp_bind() should take a cred_t argument so that 104 * we can use it here. 105 */ 106 if (secpolicy_net_privaddr(sctp->sctp_credp, 107 *requested_port) != 0) { 108 dprint(1, 109 ("sctp_bind(x): no prive for port %d", 110 *requested_port)); 111 return (EACCES); 112 } 113 } 114 *user_specified = 1; 115 } 116 117 return (0); 118 } 119 120 int 121 sctp_listen(sctp_t *sctp) 122 { 123 sctp_tf_t *tf; 124 sctp_stack_t *sctps = sctp->sctp_sctps; 125 126 RUN_SCTP(sctp); 127 /* 128 * TCP handles listen() increasing the backlog, need to check 129 * if it should be handled here too 130 */ 131 if (sctp->sctp_state > SCTPS_BOUND || 132 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) { 133 WAKE_SCTP(sctp); 134 return (EINVAL); 135 } 136 137 /* Do an anonymous bind for unbound socket doing listen(). */ 138 if (sctp->sctp_nsaddrs == 0) { 139 struct sockaddr_storage ss; 140 int ret; 141 142 bzero(&ss, sizeof (ss)); 143 ss.ss_family = sctp->sctp_family; 144 145 WAKE_SCTP(sctp); 146 if ((ret = sctp_bind(sctp, (struct sockaddr *)&ss, 147 sizeof (ss))) != 0) 148 return (ret); 149 RUN_SCTP(sctp) 150 } 151 152 sctp->sctp_state = SCTPS_LISTEN; 153 (void) random_get_pseudo_bytes(sctp->sctp_secret, SCTP_SECRET_LEN); 154 sctp->sctp_last_secret_update = lbolt64; 155 bzero(sctp->sctp_old_secret, SCTP_SECRET_LEN); 156 tf = &sctps->sctps_listen_fanout[SCTP_LISTEN_HASH( 157 ntohs(sctp->sctp_lport))]; 158 sctp_listen_hash_insert(tf, sctp); 159 WAKE_SCTP(sctp); 160 return (0); 161 } 162 163 /* 164 * Bind the sctp_t to a sockaddr, which includes an address and other 165 * information, such as port or flowinfo. 166 */ 167 int 168 sctp_bind(sctp_t *sctp, struct sockaddr *sa, socklen_t len) 169 { 170 int user_specified; 171 boolean_t bind_to_req_port_only; 172 in_port_t requested_port; 173 in_port_t allocated_port; 174 int err = 0; 175 176 ASSERT(sctp != NULL); 177 ASSERT(sa); 178 179 RUN_SCTP(sctp); 180 181 if (sctp->sctp_state > SCTPS_BOUND || 182 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) { 183 err = EINVAL; 184 goto done; 185 } 186 187 switch (sa->sa_family) { 188 case AF_INET: 189 if (len < sizeof (struct sockaddr_in) || 190 sctp->sctp_family == AF_INET6) { 191 err = EINVAL; 192 goto done; 193 } 194 requested_port = ntohs(((struct sockaddr_in *)sa)->sin_port); 195 break; 196 case AF_INET6: 197 if (len < sizeof (struct sockaddr_in6) || 198 sctp->sctp_family == AF_INET) { 199 err = EINVAL; 200 goto done; 201 } 202 requested_port = ntohs(((struct sockaddr_in6 *)sa)->sin6_port); 203 /* Set the flowinfo. */ 204 sctp->sctp_ip6h->ip6_vcf = 205 (IPV6_DEFAULT_VERS_AND_FLOW & IPV6_VERS_AND_FLOW_MASK) | 206 (((struct sockaddr_in6 *)sa)->sin6_flowinfo & 207 ~IPV6_VERS_AND_FLOW_MASK); 208 break; 209 default: 210 err = EAFNOSUPPORT; 211 goto done; 212 } 213 bind_to_req_port_only = requested_port == 0 ? B_FALSE : B_TRUE; 214 215 err = sctp_select_port(sctp, &requested_port, &user_specified); 216 if (err != 0) 217 goto done; 218 219 if ((err = sctp_bind_add(sctp, sa, 1, B_TRUE, 220 user_specified == 1 ? htons(requested_port) : 0)) != 0) { 221 goto done; 222 } 223 err = sctp_bindi(sctp, requested_port, bind_to_req_port_only, 224 user_specified, &allocated_port); 225 if (err != 0) { 226 sctp_free_saddrs(sctp); 227 } else { 228 ASSERT(sctp->sctp_state == SCTPS_BOUND); 229 } 230 done: 231 WAKE_SCTP(sctp); 232 return (err); 233 } 234 235 /* 236 * Perform bind/unbind operation of a list of addresses on a sctp_t 237 */ 238 int 239 sctp_bindx(sctp_t *sctp, const void *addrs, int addrcnt, int bindop) 240 { 241 ASSERT(sctp != NULL); 242 ASSERT(addrs != NULL); 243 ASSERT(addrcnt > 0); 244 245 switch (bindop) { 246 case SCTP_BINDX_ADD_ADDR: 247 return (sctp_bind_add(sctp, addrs, addrcnt, B_FALSE, 248 sctp->sctp_lport)); 249 case SCTP_BINDX_REM_ADDR: 250 return (sctp_bind_del(sctp, addrs, addrcnt, B_FALSE)); 251 default: 252 return (EINVAL); 253 } 254 } 255 256 /* 257 * Add a list of addresses to a sctp_t. 258 */ 259 int 260 sctp_bind_add(sctp_t *sctp, const void *addrs, uint32_t addrcnt, 261 boolean_t caller_hold_lock, in_port_t port) 262 { 263 int err = 0; 264 boolean_t do_asconf = B_FALSE; 265 sctp_stack_t *sctps = sctp->sctp_sctps; 266 267 if (!caller_hold_lock) 268 RUN_SCTP(sctp); 269 270 if (sctp->sctp_state > SCTPS_ESTABLISHED || 271 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) { 272 if (!caller_hold_lock) 273 WAKE_SCTP(sctp); 274 return (EINVAL); 275 } 276 277 if (sctp->sctp_state > SCTPS_LISTEN) { 278 /* 279 * Let's do some checking here rather than undoing the 280 * add later (for these reasons). 281 */ 282 if (!sctps->sctps_addip_enabled || 283 !sctp->sctp_understands_asconf || 284 !sctp->sctp_understands_addip) { 285 if (!caller_hold_lock) 286 WAKE_SCTP(sctp); 287 return (EINVAL); 288 } 289 do_asconf = B_TRUE; 290 } 291 /* 292 * On a clustered node, for an inaddr_any bind, we will pass the list 293 * of all the addresses in the global list, minus any address on the 294 * loopback interface, and expect the clustering susbsystem to give us 295 * the correct list for the 'port'. For explicit binds we give the 296 * list of addresses and the clustering module validates it for the 297 * 'port'. 298 * 299 * On a non-clustered node, cl_sctp_check_addrs will be NULL and 300 * we proceed as usual. 301 */ 302 if (cl_sctp_check_addrs != NULL) { 303 uchar_t *addrlist = NULL; 304 size_t size = 0; 305 int unspec = 0; 306 boolean_t do_listen; 307 uchar_t *llist = NULL; 308 size_t lsize = 0; 309 310 /* 311 * If we are adding addresses after listening, but before 312 * an association is established, we need to update the 313 * clustering module with this info. 314 */ 315 do_listen = !do_asconf && sctp->sctp_state > SCTPS_BOUND && 316 cl_sctp_listen != NULL; 317 318 err = sctp_get_addrlist(sctp, addrs, &addrcnt, &addrlist, 319 &unspec, &size); 320 if (err != 0) { 321 ASSERT(addrlist == NULL); 322 ASSERT(addrcnt == 0); 323 ASSERT(size == 0); 324 if (!caller_hold_lock) 325 WAKE_SCTP(sctp); 326 SCTP_KSTAT(sctps, sctp_cl_check_addrs); 327 return (err); 328 } 329 ASSERT(addrlist != NULL); 330 (*cl_sctp_check_addrs)(sctp->sctp_family, port, &addrlist, 331 size, &addrcnt, unspec == 1); 332 if (addrcnt == 0) { 333 /* We free the list */ 334 kmem_free(addrlist, size); 335 if (!caller_hold_lock) 336 WAKE_SCTP(sctp); 337 return (EINVAL); 338 } 339 if (do_listen) { 340 lsize = sizeof (in6_addr_t) * addrcnt; 341 llist = kmem_alloc(lsize, KM_SLEEP); 342 } 343 err = sctp_valid_addr_list(sctp, addrlist, addrcnt, llist, 344 lsize); 345 if (err == 0 && do_listen) { 346 (*cl_sctp_listen)(sctp->sctp_family, llist, 347 addrcnt, sctp->sctp_lport); 348 /* list will be freed by the clustering module */ 349 } else if (err != 0 && llist != NULL) { 350 kmem_free(llist, lsize); 351 } 352 /* free the list we allocated */ 353 kmem_free(addrlist, size); 354 } else { 355 err = sctp_valid_addr_list(sctp, addrs, addrcnt, NULL, 0); 356 } 357 if (err != 0) { 358 if (!caller_hold_lock) 359 WAKE_SCTP(sctp); 360 return (err); 361 } 362 /* Need to send ASCONF messages */ 363 if (do_asconf) { 364 err = sctp_add_ip(sctp, addrs, addrcnt); 365 if (err != 0) { 366 sctp_del_saddr_list(sctp, addrs, addrcnt, B_FALSE); 367 if (!caller_hold_lock) 368 WAKE_SCTP(sctp); 369 return (err); 370 } 371 } 372 if (!caller_hold_lock) 373 WAKE_SCTP(sctp); 374 if (do_asconf) 375 sctp_process_sendq(sctp); 376 return (0); 377 } 378 379 /* 380 * Remove one or more addresses bound to the sctp_t. 381 */ 382 int 383 sctp_bind_del(sctp_t *sctp, const void *addrs, uint32_t addrcnt, 384 boolean_t caller_hold_lock) 385 { 386 int error = 0; 387 boolean_t do_asconf = B_FALSE; 388 uchar_t *ulist = NULL; 389 size_t usize = 0; 390 sctp_stack_t *sctps = sctp->sctp_sctps; 391 392 if (!caller_hold_lock) 393 RUN_SCTP(sctp); 394 395 if (sctp->sctp_state > SCTPS_ESTABLISHED || 396 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) { 397 if (!caller_hold_lock) 398 WAKE_SCTP(sctp); 399 return (EINVAL); 400 } 401 /* 402 * Fail the remove if we are beyond listen, but can't send this 403 * to the peer. 404 */ 405 if (sctp->sctp_state > SCTPS_LISTEN) { 406 if (!sctps->sctps_addip_enabled || 407 !sctp->sctp_understands_asconf || 408 !sctp->sctp_understands_addip) { 409 if (!caller_hold_lock) 410 WAKE_SCTP(sctp); 411 return (EINVAL); 412 } 413 do_asconf = B_TRUE; 414 } 415 416 /* Can't delete the last address nor all of the addresses */ 417 if (sctp->sctp_nsaddrs == 1 || addrcnt >= sctp->sctp_nsaddrs) { 418 if (!caller_hold_lock) 419 WAKE_SCTP(sctp); 420 return (EINVAL); 421 } 422 423 if (cl_sctp_unlisten != NULL && !do_asconf && 424 sctp->sctp_state > SCTPS_BOUND) { 425 usize = sizeof (in6_addr_t) * addrcnt; 426 ulist = kmem_alloc(usize, KM_SLEEP); 427 } 428 429 error = sctp_del_ip(sctp, addrs, addrcnt, ulist, usize); 430 if (error != 0) { 431 if (ulist != NULL) 432 kmem_free(ulist, usize); 433 if (!caller_hold_lock) 434 WAKE_SCTP(sctp); 435 return (error); 436 } 437 /* ulist will be non-NULL only if cl_sctp_unlisten is non-NULL */ 438 if (ulist != NULL) { 439 ASSERT(cl_sctp_unlisten != NULL); 440 (*cl_sctp_unlisten)(sctp->sctp_family, ulist, addrcnt, 441 sctp->sctp_lport); 442 /* ulist will be freed by the clustering module */ 443 } 444 if (!caller_hold_lock) 445 WAKE_SCTP(sctp); 446 if (do_asconf) 447 sctp_process_sendq(sctp); 448 return (error); 449 } 450 451 /* 452 * Returns 0 for success, errno value otherwise. 453 * 454 * If the "bind_to_req_port_only" parameter is set and the requested port 455 * number is available, then set allocated_port to it. If not available, 456 * return an error. 457 * 458 * If the "bind_to_req_port_only" parameter is not set and the requested port 459 * number is available, then set allocated_port to it. If not available, 460 * find the first anonymous port we can and set allocated_port to that. If no 461 * anonymous ports are available, return an error. 462 * 463 * In either case, when succeeding, update the sctp_t to record the port number 464 * and insert it in the bind hash table. 465 */ 466 int 467 sctp_bindi(sctp_t *sctp, in_port_t port, boolean_t bind_to_req_port_only, 468 int user_specified, in_port_t *allocated_port) 469 { 470 /* number of times we have run around the loop */ 471 int count = 0; 472 /* maximum number of times to run around the loop */ 473 int loopmax; 474 zoneid_t zoneid = sctp->sctp_zoneid; 475 zone_t *zone = crgetzone(sctp->sctp_credp); 476 sctp_stack_t *sctps = sctp->sctp_sctps; 477 478 /* 479 * Lookup for free addresses is done in a loop and "loopmax" 480 * influences how long we spin in the loop 481 */ 482 if (bind_to_req_port_only) { 483 /* 484 * If the requested port is busy, don't bother to look 485 * for a new one. Setting loop maximum count to 1 has 486 * that effect. 487 */ 488 loopmax = 1; 489 } else { 490 /* 491 * If the requested port is busy, look for a free one 492 * in the anonymous port range. 493 * Set loopmax appropriately so that one does not look 494 * forever in the case all of the anonymous ports are in use. 495 */ 496 loopmax = (sctps->sctps_largest_anon_port - 497 sctps->sctps_smallest_anon_port + 1); 498 } 499 do { 500 uint16_t lport; 501 sctp_tf_t *tbf; 502 sctp_t *lsctp; 503 int addrcmp; 504 505 lport = htons(port); 506 507 /* 508 * Ensure that the sctp_t is not currently in the bind hash. 509 * Hold the lock on the hash bucket to ensure that 510 * the duplicate check plus the insertion is an atomic 511 * operation. 512 * 513 * This function does an inline lookup on the bind hash list 514 * Make sure that we access only members of sctp_t 515 * and that we don't look at sctp_sctp, since we are not 516 * doing a SCTPB_REFHOLD. For more details please see the notes 517 * in sctp_compress() 518 */ 519 sctp_bind_hash_remove(sctp); 520 tbf = &sctps->sctps_bind_fanout[SCTP_BIND_HASH(port)]; 521 mutex_enter(&tbf->tf_lock); 522 for (lsctp = tbf->tf_sctp; lsctp != NULL; 523 lsctp = lsctp->sctp_bind_hash) { 524 525 if (lport != lsctp->sctp_lport || 526 lsctp->sctp_state < SCTPS_BOUND) 527 continue; 528 529 /* 530 * On a labeled system, we must treat bindings to ports 531 * on shared IP addresses by sockets with MAC exemption 532 * privilege as being in all zones, as there's 533 * otherwise no way to identify the right receiver. 534 */ 535 if (lsctp->sctp_zoneid != zoneid && 536 !lsctp->sctp_mac_exempt && !sctp->sctp_mac_exempt) 537 continue; 538 539 addrcmp = sctp_compare_saddrs(sctp, lsctp); 540 if (addrcmp != SCTP_ADDR_DISJOINT) { 541 if (!sctp->sctp_reuseaddr) { 542 /* in use */ 543 break; 544 } else if (lsctp->sctp_state == SCTPS_BOUND || 545 lsctp->sctp_state == SCTPS_LISTEN) { 546 /* 547 * socket option SO_REUSEADDR is set 548 * on the binding sctp_t. 549 * 550 * We have found a match of IP source 551 * address and source port, which is 552 * refused regardless of the 553 * SO_REUSEADDR setting, so we break. 554 */ 555 break; 556 } 557 } 558 } 559 if (lsctp != NULL) { 560 /* The port number is busy */ 561 mutex_exit(&tbf->tf_lock); 562 } else { 563 conn_t *connp = sctp->sctp_connp; 564 565 if (is_system_labeled()) { 566 mlp_type_t addrtype, mlptype; 567 568 /* 569 * On a labeled system we must check the type 570 * of the binding requested by the user (either 571 * MLP or SLP on shared and private addresses), 572 * and that the user's requested binding 573 * is permitted. 574 */ 575 addrtype = tsol_mlp_addr_type(zone->zone_id, 576 sctp->sctp_ipversion, 577 sctp->sctp_ipversion == IPV4_VERSION ? 578 (void *)&sctp->sctp_ipha->ipha_src : 579 (void *)&sctp->sctp_ip6h->ip6_src, 580 sctps->sctps_netstack->netstack_ip); 581 582 /* 583 * tsol_mlp_addr_type returns the possibilities 584 * for the selected address. Since all local 585 * addresses are either private or shared, the 586 * return value mlptSingle means "local address 587 * not valid (interface not present)." 588 */ 589 if (addrtype == mlptSingle) { 590 mutex_exit(&tbf->tf_lock); 591 return (EADDRNOTAVAIL); 592 } 593 mlptype = tsol_mlp_port_type(zone, IPPROTO_SCTP, 594 port, addrtype); 595 if (mlptype != mlptSingle) { 596 if (secpolicy_net_bindmlp(connp-> 597 conn_cred) != 0) { 598 mutex_exit(&tbf->tf_lock); 599 return (EACCES); 600 } 601 /* 602 * If we're binding a shared MLP, then 603 * make sure that this zone is the one 604 * that owns that MLP. Shared MLPs can 605 * be owned by at most one zone. 606 * 607 * No need to handle exclusive-stack 608 * zones since ALL_ZONES only applies 609 * to the shared stack. 610 */ 611 612 if (mlptype == mlptShared && 613 addrtype == mlptShared && 614 connp->conn_zoneid != 615 tsol_mlp_findzone(IPPROTO_SCTP, 616 lport)) { 617 mutex_exit(&tbf->tf_lock); 618 return (EACCES); 619 } 620 connp->conn_mlp_type = mlptype; 621 } 622 } 623 /* 624 * This port is ours. Insert in fanout and mark as 625 * bound to prevent others from getting the port 626 * number. 627 */ 628 sctp->sctp_state = SCTPS_BOUND; 629 sctp->sctp_lport = lport; 630 sctp->sctp_sctph->sh_sport = lport; 631 632 ASSERT(&sctps->sctps_bind_fanout[ 633 SCTP_BIND_HASH(port)] == tbf); 634 sctp_bind_hash_insert(tbf, sctp, 1); 635 636 mutex_exit(&tbf->tf_lock); 637 638 /* 639 * We don't want sctp_next_port_to_try to "inherit" 640 * a port number supplied by the user in a bind. 641 * 642 * This is the only place where sctp_next_port_to_try 643 * is updated. After the update, it may or may not 644 * be in the valid range. 645 */ 646 if (user_specified == 0) 647 sctps->sctps_next_port_to_try = port + 1; 648 649 *allocated_port = port; 650 651 return (0); 652 } 653 654 if ((count == 0) && (user_specified)) { 655 /* 656 * We may have to return an anonymous port. So 657 * get one to start with. 658 */ 659 port = sctp_update_next_port( 660 sctps->sctps_next_port_to_try, 661 zone, sctps); 662 user_specified = 0; 663 } else { 664 port = sctp_update_next_port(port + 1, zone, sctps); 665 } 666 if (port == 0) 667 break; 668 669 /* 670 * Don't let this loop run forever in the case where 671 * all of the anonymous ports are in use. 672 */ 673 } while (++count < loopmax); 674 675 return (bind_to_req_port_only ? EADDRINUSE : EADDRNOTAVAIL); 676 } 677 678 /* 679 * Don't let port fall into the privileged range. 680 * Since the extra privileged ports can be arbitrary we also 681 * ensure that we exclude those from consideration. 682 * sctp_g_epriv_ports is not sorted thus we loop over it until 683 * there are no changes. 684 * 685 * Note: No locks are held when inspecting sctp_g_*epriv_ports 686 * but instead the code relies on: 687 * - the fact that the address of the array and its size never changes 688 * - the atomic assignment of the elements of the array 689 */ 690 in_port_t 691 sctp_update_next_port(in_port_t port, zone_t *zone, sctp_stack_t *sctps) 692 { 693 int i; 694 boolean_t restart = B_FALSE; 695 696 retry: 697 if (port < sctps->sctps_smallest_anon_port) 698 port = sctps->sctps_smallest_anon_port; 699 700 if (port > sctps->sctps_largest_anon_port) { 701 if (restart) 702 return (0); 703 restart = B_TRUE; 704 port = sctps->sctps_smallest_anon_port; 705 } 706 707 if (port < sctps->sctps_smallest_nonpriv_port) 708 port = sctps->sctps_smallest_nonpriv_port; 709 710 for (i = 0; i < sctps->sctps_g_num_epriv_ports; i++) { 711 if (port == sctps->sctps_g_epriv_ports[i]) { 712 port++; 713 /* 714 * Make sure whether the port is in the 715 * valid range. 716 * 717 * XXX Note that if sctp_g_epriv_ports contains 718 * all the anonymous ports this will be an 719 * infinite loop. 720 */ 721 goto retry; 722 } 723 } 724 725 if (is_system_labeled() && 726 (i = tsol_next_port(zone, port, IPPROTO_SCTP, B_TRUE)) != 0) { 727 port = i; 728 goto retry; 729 } 730 731 return (port); 732 } 733