1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/types.h> 30 #include <sys/systm.h> 31 #include <sys/stream.h> 32 #include <sys/cmn_err.h> 33 #include <sys/kmem.h> 34 #define _SUN_TPI_VERSION 2 35 #include <sys/tihdr.h> 36 #include <sys/stropts.h> 37 #include <sys/strsubr.h> 38 #include <sys/socket.h> 39 40 #include <netinet/in.h> 41 #include <netinet/ip6.h> 42 43 #include <inet/common.h> 44 #include <inet/ip.h> 45 #include <inet/ip6.h> 46 #include <inet/ipclassifier.h> 47 #include <inet/ipsec_impl.h> 48 49 #include "sctp_impl.h" 50 #include "sctp_addr.h" 51 52 /* 53 * Common accept code. Called by sctp_conn_request. 54 * cr_pkt is the INIT / INIT ACK packet. 55 */ 56 static int 57 sctp_accept_comm(sctp_t *listener, sctp_t *acceptor, mblk_t *cr_pkt, 58 uint_t ip_hdr_len, sctp_init_chunk_t *iack) 59 { 60 61 sctp_hdr_t *sctph; 62 sctp_chunk_hdr_t *ich; 63 sctp_init_chunk_t *init; 64 int err; 65 uint_t sctp_options; 66 67 sctph = (sctp_hdr_t *)(cr_pkt->b_rptr + ip_hdr_len); 68 ASSERT(OK_32PTR(sctph)); 69 70 acceptor->sctp_lport = listener->sctp_lport; 71 acceptor->sctp_fport = sctph->sh_sport; 72 73 ich = (sctp_chunk_hdr_t *)(iack + 1); 74 init = (sctp_init_chunk_t *)(ich + 1); 75 76 /* acceptor isn't in any fanouts yet, so don't need to hold locks */ 77 ASSERT(acceptor->sctp_faddrs == NULL); 78 err = sctp_get_addrparams(acceptor, listener, cr_pkt, ich, 79 &sctp_options); 80 if (err != 0) 81 return (err); 82 83 if ((sctp_options & SCTP_PRSCTP_OPTION) && 84 listener->sctp_prsctp_aware && sctp_prsctp_enabled) { 85 acceptor->sctp_prsctp_aware = B_TRUE; 86 } else { 87 acceptor->sctp_prsctp_aware = B_FALSE; 88 } 89 /* The new sctp_t is fully bound now. */ 90 acceptor->sctp_connp->conn_fully_bound = B_TRUE; 91 92 sctp_set_hdraddrs(acceptor); 93 94 /* Get initial TSNs */ 95 acceptor->sctp_ltsn = ntohl(iack->sic_inittsn); 96 acceptor->sctp_recovery_tsn = acceptor->sctp_lastack_rxd = 97 acceptor->sctp_ltsn - 1; 98 acceptor->sctp_adv_pap = acceptor->sctp_lastack_rxd; 99 /* Serial numbers are initialized to the same value as the TSNs */ 100 acceptor->sctp_lcsn = acceptor->sctp_ltsn; 101 102 if (!sctp_initialize_params(acceptor, init, iack)) 103 return (ENOMEM); 104 105 /* 106 * Copy sctp_secret from the listener in case we need to validate 107 * a possibly delayed cookie. 108 */ 109 bcopy(listener->sctp_secret, acceptor->sctp_secret, SCTP_SECRET_LEN); 110 bcopy(listener->sctp_old_secret, acceptor->sctp_old_secret, 111 SCTP_SECRET_LEN); 112 acceptor->sctp_last_secret_update = lbolt64; 113 114 /* 115 * After acceptor is inserted in the hash list, it can be found. 116 * So we need to lock it here. 117 */ 118 RUN_SCTP(acceptor); 119 120 sctp_conn_hash_insert(&sctp_conn_fanout[ 121 SCTP_CONN_HASH(acceptor->sctp_ports)], acceptor, 0); 122 sctp_bind_hash_insert(&sctp_bind_fanout[ 123 SCTP_BIND_HASH(ntohs(acceptor->sctp_lport))], acceptor, 0); 124 125 /* 126 * No need to check for multicast destination since ip will only pass 127 * up multicasts to those that have expressed interest 128 * TODO: what about rejecting broadcasts? 129 * Also check that source is not a multicast or broadcast address. 130 */ 131 /* XXXSCTP */ 132 acceptor->sctp_state = SCTPS_ESTABLISHED; 133 acceptor->sctp_assoc_start_time = (uint32_t)lbolt; 134 /* 135 * listener->sctp_rwnd should be the default window size or a 136 * window size changed via SO_RCVBUF option. 137 */ 138 acceptor->sctp_rwnd = MSS_ROUNDUP(listener->sctp_rwnd, 139 (acceptor->sctp_mss - sizeof (sctp_data_hdr_t))); 140 141 bcopy(&listener->sctp_upcalls, &acceptor->sctp_upcalls, 142 sizeof (sctp_upcalls_t)); 143 144 return (0); 145 } 146 147 /* Process the COOKIE packet, mp, directed at the listener 'sctp' */ 148 sctp_t * 149 sctp_conn_request(sctp_t *sctp, mblk_t *mp, uint_t ifindex, uint_t ip_hdr_len, 150 sctp_init_chunk_t *iack, mblk_t *ipsec_mp) 151 { 152 sctp_t *eager; 153 uint_t ipvers; 154 ip6_t *ip6h; 155 int err; 156 conn_t *connp, *econnp; 157 158 /* 159 * No need to check for duplicate as this is the listener 160 * and we are holding the lock. This means that no new 161 * connection can be created out of it. And since the 162 * fanout already done cannot find a match, it means that 163 * there is no duplicate. 164 */ 165 ipvers = IPH_HDR_VERSION(mp->b_rptr); 166 ASSERT(ipvers == IPV6_VERSION || ipvers == IPV4_VERSION); 167 ASSERT(OK_32PTR(mp->b_rptr)); 168 169 if ((eager = sctp_create_eager(sctp)) == NULL) { 170 return (NULL); 171 } 172 173 if (ipvers != IPV4_VERSION) { 174 ip6h = (ip6_t *)mp->b_rptr; 175 /* 176 * Record ifindex (might be zero) to tie this connection to 177 * that interface if either the listener was bound or 178 * if the connection is using link-local addresses. 179 */ 180 if (sctp->sctp_bound_if == ifindex || 181 IN6_IS_ADDR_LINKLOCAL(&ip6h->ip6_src)) 182 eager->sctp_bound_if = ifindex; 183 /* 184 * XXX broken. bound_if is always overwritten by statement 185 * below. What is the right thing to do here? 186 */ 187 eager->sctp_bound_if = sctp->sctp_bound_if; 188 } 189 190 connp = sctp->sctp_connp; 191 econnp = eager->sctp_connp; 192 193 if (connp->conn_policy != NULL) { 194 ipsec_in_t *ii; 195 196 ASSERT(ipsec_mp != NULL); 197 ii = (ipsec_in_t *)(ipsec_mp->b_rptr); 198 ASSERT(ii->ipsec_in_policy == NULL); 199 IPPH_REFHOLD(connp->conn_policy); 200 ii->ipsec_in_policy = connp->conn_policy; 201 202 ipsec_mp->b_datap->db_type = IPSEC_POLICY_SET; 203 if (!ip_bind_ipsec_policy_set(econnp, ipsec_mp)) { 204 sctp_close_eager(eager); 205 BUMP_MIB(&sctp_mib, sctpListenDrop); 206 return (NULL); 207 } 208 } 209 210 if (ipsec_mp != NULL) { 211 /* 212 * XXX need to fix the cached policy issue here. 213 * We temporarily set the conn_src/conn_rem here so 214 * that IPsec can use it for the latched policy 215 * selector. This is obvioursly wrong as SCTP can 216 * use different addresses... 217 */ 218 if (ipvers == IPV4_VERSION) { 219 ipha_t *ipha; 220 221 ipha = (ipha_t *)mp->b_rptr; 222 econnp->conn_src = ipha->ipha_dst; 223 econnp->conn_rem = ipha->ipha_src; 224 } else { 225 econnp->conn_srcv6 = ip6h->ip6_dst; 226 econnp->conn_remv6 = ip6h->ip6_src; 227 } 228 } 229 if (ipsec_conn_cache_policy(econnp, ipvers == IPV4_VERSION) != 0) { 230 sctp_close_eager(eager); 231 BUMP_MIB(&sctp_mib, sctpListenDrop); 232 return (NULL); 233 } 234 235 err = sctp_accept_comm(sctp, eager, mp, ip_hdr_len, iack); 236 if (err) { 237 sctp_close_eager(eager); 238 BUMP_MIB(&sctp_mib, sctpListenDrop); 239 return (NULL); 240 } 241 242 /* Connection established, so send up the conn_ind */ 243 if ((eager->sctp_ulpd = sctp->sctp_ulp_newconn(sctp->sctp_ulpd, 244 eager)) == NULL) { 245 sctp_close_eager(eager); 246 BUMP_MIB(&sctp_mib, sctpListenDrop); 247 return (NULL); 248 } 249 ASSERT(SCTP_IS_DETACHED(eager)); 250 eager->sctp_detached = B_FALSE; 251 if (eager->sctp_family == AF_INET) { 252 eager->sctp_ulp_prop(eager->sctp_ulpd, 253 sctp_wroff_xtra + sizeof (sctp_data_hdr_t) + 254 sctp->sctp_hdr_len, strmsgsz); 255 } else { 256 eager->sctp_ulp_prop(eager->sctp_ulpd, 257 sctp_wroff_xtra + sizeof (sctp_data_hdr_t) + 258 sctp->sctp_hdr6_len, strmsgsz); 259 } 260 return (eager); 261 } 262 263 /* 264 * Connect to a peer - this function inserts the sctp in the 265 * bind and conn fanouts, sends the INIT, and replies to the client 266 * with an OK ack. 267 */ 268 /* ARGSUSED */ 269 int 270 sctp_connect(sctp_t *sctp, const struct sockaddr *dst, uint32_t addrlen) 271 { 272 sin_t *sin; 273 sin6_t *sin6; 274 in_port_t lport; 275 in6_addr_t dstaddr; 276 in_port_t dstport; 277 mblk_t *initmp; 278 sctp_tf_t *tbf; 279 sctp_t *lsctp; 280 char buf[INET6_ADDRSTRLEN]; 281 int sleep = sctp->sctp_cansleep ? KM_SLEEP : KM_NOSLEEP; 282 int hdrlen; 283 ip6_rthdr_t *rth; 284 sctp_faddr_t *cur_fp; 285 286 /* 287 * Determine packet type based on type of address passed in 288 * the request should contain an IPv4 or IPv6 address. 289 * Make sure that address family matches the type of 290 * family of the the address passed down 291 */ 292 if (addrlen < sizeof (sin_t)) { 293 return (EINVAL); 294 } 295 switch (dst->sa_family) { 296 case AF_INET: 297 sin = (sin_t *)dst; 298 299 /* Check for attempt to connect to non-unicast */ 300 if (IN_MULTICAST(sin->sin_addr.s_addr) || 301 (sin->sin_addr.s_addr == INADDR_BROADCAST)) { 302 ip0dbg(("sctp_connect: non-unicast\n")); 303 return (EINVAL); 304 } 305 if (sctp->sctp_connp->conn_ipv6_v6only) 306 return (EAFNOSUPPORT); 307 308 /* convert to v6 mapped */ 309 /* Check for attempt to connect to INADDR_ANY */ 310 if (sin->sin_addr.s_addr == INADDR_ANY) { 311 struct in_addr v4_addr; 312 /* 313 * SunOS 4.x and 4.3 BSD allow an application 314 * to connect a TCP socket to INADDR_ANY. 315 * When they do this, the kernel picks the 316 * address of one interface and uses it 317 * instead. The kernel usually ends up 318 * picking the address of the loopback 319 * interface. This is an undocumented feature. 320 * However, we provide the same thing here 321 * in case any TCP apps that use this feature 322 * are being ported to SCTP... 323 */ 324 v4_addr.s_addr = htonl(INADDR_LOOPBACK); 325 IN6_INADDR_TO_V4MAPPED(&v4_addr, &dstaddr); 326 } else { 327 IN6_INADDR_TO_V4MAPPED(&sin->sin_addr, &dstaddr); 328 } 329 dstport = sin->sin_port; 330 if (sin->sin_family == AF_INET) { 331 hdrlen = sctp->sctp_hdr_len; 332 } else { 333 hdrlen = sctp->sctp_hdr6_len; 334 } 335 break; 336 case AF_INET6: 337 sin6 = (sin6_t *)dst; 338 /* Check for attempt to connect to non-unicast. */ 339 if ((addrlen < sizeof (sin6_t)) || 340 IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 341 ip0dbg(("sctp_connect: non-unicast\n")); 342 return (EINVAL); 343 } 344 if (sctp->sctp_connp->conn_ipv6_v6only && 345 IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 346 return (EAFNOSUPPORT); 347 } 348 /* check for attempt to connect to unspec */ 349 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 350 dstaddr = ipv6_loopback; 351 } else { 352 dstaddr = sin6->sin6_addr; 353 } 354 dstport = sin6->sin6_port; 355 hdrlen = sctp->sctp_hdr6_len; 356 break; 357 default: 358 dprint(1, ("sctp_connect: unknown family %d\n", 359 dst->sa_family)); 360 return (EAFNOSUPPORT); 361 } 362 363 (void) inet_ntop(AF_INET6, &dstaddr, buf, sizeof (buf)); 364 dprint(1, ("sctp_connect: attempting connect to %s...\n", buf)); 365 366 RUN_SCTP(sctp); 367 368 if (sctp->sctp_family != dst->sa_family) { 369 WAKE_SCTP(sctp); 370 return (EINVAL); 371 } 372 373 switch (sctp->sctp_state) { 374 case SCTPS_IDLE: { 375 int err; 376 /* 377 * We support a quick connect capability here, allowing 378 * clients to transition directly from IDLE to COOKIE_WAIT. 379 * sctp_bindi will pick an unused port, insert the connection 380 * in the bind hash and transition to BOUND state. SCTP 381 * picks and uses what it considers the optimal local address 382 * set (just like specifiying INADDR_ANY to bind()). 383 */ 384 dprint(1, ("sctp_connect: idle, attempting bind...\n")); 385 ASSERT(sctp->sctp_nsaddrs == 0); 386 387 err = sctp_dup_saddrs(NULL, sctp, sleep); 388 if (err != 0) { 389 WAKE_SCTP(sctp); 390 return (err); 391 } 392 lport = sctp_update_next_port(sctp_next_port_to_try); 393 lport = sctp_bindi(sctp, lport, 0, 0); 394 if (lport == 0) { 395 WAKE_SCTP(sctp); 396 sctp_free_saddrs(sctp); 397 return (EADDRNOTAVAIL); 398 } 399 sctp->sctp_bound_to_all = 1; 400 /* FALLTHRU */ 401 } 402 403 case SCTPS_BOUND: 404 ASSERT(sctp->sctp_nsaddrs > 0); 405 406 /* do the connect */ 407 /* XXX check for attempt to connect to self */ 408 sctp->sctp_fport = dstport; 409 410 ASSERT(sctp->sctp_iphc); 411 ASSERT(sctp->sctp_iphc6); 412 413 /* 414 * Don't allow this connection to completely duplicate 415 * an existing connection. 416 * 417 * Ensure that the duplicate check and insertion is atomic. 418 */ 419 sctp_conn_hash_remove(sctp); 420 tbf = &sctp_conn_fanout[SCTP_CONN_HASH(sctp->sctp_ports)]; 421 mutex_enter(&tbf->tf_lock); 422 lsctp = sctp_lookup(sctp, &dstaddr, tbf, &sctp->sctp_ports, 423 SCTPS_COOKIE_WAIT); 424 if (lsctp != NULL) { 425 /* found a duplicate connection */ 426 mutex_exit(&tbf->tf_lock); 427 SCTP_REFRELE(lsctp); 428 WAKE_SCTP(sctp); 429 return (EADDRINUSE); 430 } 431 /* 432 * OK; set up the peer addr (this may grow after we get 433 * the INIT ACK from the peer with additional addresses). 434 */ 435 if (sctp_add_faddr(sctp, &dstaddr, sleep) < 0) { 436 mutex_exit(&tbf->tf_lock); 437 WAKE_SCTP(sctp); 438 return (ENOMEM); 439 } 440 /* No valid src addr, return. */ 441 if (sctp->sctp_faddrs->state == SCTP_FADDRS_UNREACH) { 442 mutex_exit(&tbf->tf_lock); 443 WAKE_SCTP(sctp); 444 return (EADDRNOTAVAIL); 445 } 446 sctp->sctp_primary = sctp->sctp_faddrs; 447 sctp->sctp_current = sctp->sctp_faddrs; 448 cur_fp = sctp->sctp_current; 449 sctp->sctp_mss = sctp->sctp_faddrs->sfa_pmss; 450 sctp_conn_hash_insert(tbf, sctp, 1); 451 mutex_exit(&tbf->tf_lock); 452 453 /* initialize composite headers */ 454 sctp_set_hdraddrs(sctp); 455 456 /* 457 * Massage a routing header (if present) putting the first hop 458 * in ip6_dst. 459 */ 460 rth = ip_find_rthdr_v6(sctp->sctp_ip6h, 461 (uint8_t *)sctp->sctp_sctph6); 462 if (rth != NULL) 463 (void) ip_massage_options_v6(sctp->sctp_ip6h, rth); 464 465 /* 466 * Turn off the don't fragment bit on the (only) faddr, 467 * so that if one of the messages exchanged during the 468 * initialization sequence exceeds the path mtu, it 469 * at least has a chance to get there. SCTP does no 470 * fragmentation of initialization messages. The DF bit 471 * will be turned on again in sctp_send_cookie_echo() 472 * (but the cookie echo will still be sent with the df bit 473 * off). 474 */ 475 cur_fp->df = B_FALSE; 476 477 /* Mark this address as alive */ 478 cur_fp->state = SCTP_FADDRS_ALIVE; 479 480 /* This sctp_t is fully bound now. */ 481 sctp->sctp_connp->conn_fully_bound = B_TRUE; 482 483 /* Send the INIT to the peer */ 484 SCTP_FADDR_TIMER_RESTART(sctp, cur_fp, cur_fp->rto); 485 initmp = sctp_init_mp(sctp); 486 if (initmp == NULL) { 487 WAKE_SCTP(sctp); 488 /* let timer retry */ 489 return (0); 490 } 491 sctp->sctp_state = SCTPS_COOKIE_WAIT; 492 WAKE_SCTP(sctp); 493 /* OK to call IP_PUT() here instead of sctp_add_sendq(). */ 494 CONN_INC_REF(sctp->sctp_connp); 495 initmp->b_flag |= MSGHASREF; 496 IP_PUT(initmp, sctp->sctp_connp, sctp->sctp_current->isv4); 497 BUMP_LOCAL(sctp->sctp_opkts); 498 499 sctp->sctp_ulp_prop(sctp->sctp_ulpd, 500 sctp_wroff_xtra + hdrlen + sizeof (sctp_data_hdr_t), 0); 501 502 return (0); 503 default: 504 ip0dbg(("sctp_connect: invalid state. %d\n", sctp->sctp_state)); 505 WAKE_SCTP(sctp); 506 return (EINVAL); 507 } 508 } 509