xref: /titanic_51/usr/src/uts/common/inet/sctp/sctp_bind.c (revision 1a7c1b724419d3cb5fa6eea75123c6b2060ba31b)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <sys/types.h>
30 #include <sys/systm.h>
31 #include <sys/stream.h>
32 #include <sys/cmn_err.h>
33 #include <sys/kmem.h>
34 #define	_SUN_TPI_VERSION 2
35 #include <sys/tihdr.h>
36 #include <sys/stropts.h>
37 #include <sys/socket.h>
38 #include <sys/random.h>
39 #include <sys/policy.h>
40 
41 #include <netinet/in.h>
42 #include <netinet/ip6.h>
43 
44 #include <inet/common.h>
45 #include <inet/ip.h>
46 #include <inet/ip6.h>
47 #include <inet/ipclassifier.h>
48 #include "sctp_impl.h"
49 #include "sctp_asconf.h"
50 #include "sctp_addr.h"
51 
52 uint_t	sctp_next_port_to_try;
53 
54 /*
55  * Returns 0 on success, EACCES on permission failure.
56  */
57 static int
58 sctp_select_port(sctp_t *sctp, in_port_t *requested_port, int *user_specified)
59 {
60 	/*
61 	 * Get a valid port (within the anonymous range and should not
62 	 * be a privileged one) to use if the user has not given a port.
63 	 * If multiple threads are here, they may all start with
64 	 * with the same initial port. But, it should be fine as long as
65 	 * sctp_bindi will ensure that no two threads will be assigned
66 	 * the same port.
67 	 */
68 	if (*requested_port == 0) {
69 		*requested_port = sctp_update_next_port(sctp_next_port_to_try);
70 		*user_specified = 0;
71 	} else {
72 		int i;
73 		boolean_t priv = B_FALSE;
74 
75 		/*
76 		 * If the requested_port is in the well-known privileged range,
77 		 * verify that the stream was opened by a privileged user.
78 		 * Note: No locks are held when inspecting sctp_g_*epriv_ports
79 		 * but instead the code relies on:
80 		 * - the fact that the address of the array and its size never
81 		 *   changes
82 		 * - the atomic assignment of the elements of the array
83 		 */
84 		if (*requested_port < sctp_smallest_nonpriv_port) {
85 			priv = B_TRUE;
86 		} else {
87 			for (i = 0; i < sctp_g_num_epriv_ports; i++) {
88 				if (*requested_port == sctp_g_epriv_ports[i]) {
89 					priv = B_TRUE;
90 					break;
91 				}
92 			}
93 		}
94 		if (priv) {
95 			/*
96 			 * sctp_bind() should take a cred_t argument so that
97 			 * we can use it here.
98 			 */
99 			if (secpolicy_net_privaddr(sctp->sctp_credp,
100 			    *requested_port) != 0) {
101 				dprint(1,
102 				    ("sctp_bind(x): no prive for port %d",
103 				    *requested_port));
104 				return (TACCES);
105 			}
106 		}
107 		*user_specified = 1;
108 	}
109 
110 	return (0);
111 }
112 
113 int
114 sctp_listen(sctp_t *sctp)
115 {
116 	sctp_tf_t	*tf;
117 
118 	RUN_SCTP(sctp);
119 	/*
120 	 * TCP handles listen() increasing the backlog, need to check
121 	 * if it should be handled here too - VENU.
122 	 */
123 	if (sctp->sctp_state > SCTPS_BOUND) {
124 		WAKE_SCTP(sctp);
125 		return (EINVAL);
126 	}
127 
128 	/* Do an anonymous bind for unbound socket doing listen(). */
129 	if (sctp->sctp_nsaddrs == 0) {
130 		struct sockaddr_storage ss;
131 		int ret;
132 
133 		bzero(&ss, sizeof (ss));
134 		ss.ss_family = sctp->sctp_family;
135 
136 		WAKE_SCTP(sctp);
137 		if ((ret = sctp_bind(sctp, (struct sockaddr *)&ss,
138 			sizeof (ss))) != 0)
139 			return (ret);
140 		RUN_SCTP(sctp)
141 	}
142 
143 	sctp->sctp_state = SCTPS_LISTEN;
144 	(void) random_get_pseudo_bytes(sctp->sctp_secret, SCTP_SECRET_LEN);
145 	sctp->sctp_last_secret_update = lbolt64;
146 	bzero(sctp->sctp_old_secret, SCTP_SECRET_LEN);
147 	tf = &sctp_listen_fanout[SCTP_LISTEN_HASH(ntohs(sctp->sctp_lport))];
148 	sctp_listen_hash_insert(tf, sctp);
149 
150 	WAKE_SCTP(sctp);
151 	return (0);
152 }
153 
154 /*
155  * Bind the sctp_t to a sockaddr, which includes an address and other
156  * information, such as port or flowinfo.
157  */
158 int
159 sctp_bind(sctp_t *sctp, struct sockaddr *sa, socklen_t len)
160 {
161 	int		user_specified;
162 	boolean_t	bind_to_req_port_only;
163 	in_port_t	requested_port;
164 	in_port_t	allocated_port;
165 	int		err = 0;
166 
167 	ASSERT(sctp != NULL);
168 	ASSERT(sa);
169 
170 	RUN_SCTP(sctp);
171 
172 	if (sctp->sctp_state > SCTPS_BOUND) {
173 		err = EINVAL;
174 		goto done;
175 	}
176 
177 	switch (sa->sa_family) {
178 	case AF_INET:
179 		if (len < sizeof (struct sockaddr_in) ||
180 		    sctp->sctp_family == AF_INET6) {
181 			err = EINVAL;
182 			goto done;
183 		}
184 		requested_port = ntohs(((struct sockaddr_in *)sa)->sin_port);
185 		break;
186 	case AF_INET6:
187 		if (len < sizeof (struct sockaddr_in6) ||
188 		    sctp->sctp_family == AF_INET) {
189 			err = EINVAL;
190 			goto done;
191 		}
192 		requested_port = ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
193 		/* Set the flowinfo. */
194 		sctp->sctp_ip6h->ip6_vcf =
195 		    (IPV6_DEFAULT_VERS_AND_FLOW & IPV6_VERS_AND_FLOW_MASK) |
196 		    (((struct sockaddr_in6 *)sa)->sin6_flowinfo &
197 		    ~IPV6_VERS_AND_FLOW_MASK);
198 		break;
199 	default:
200 		err = EAFNOSUPPORT;
201 		goto done;
202 	}
203 	bind_to_req_port_only = requested_port == 0 ? B_FALSE : B_TRUE;
204 
205 	if (sctp_select_port(sctp, &requested_port, &user_specified) != 0) {
206 		err = EPERM;
207 		goto done;
208 	}
209 
210 	if ((err = sctp_bind_add(sctp, sa, 1, B_TRUE)) != 0)
211 		goto done;
212 
213 	allocated_port = sctp_bindi(sctp, requested_port,
214 	    bind_to_req_port_only, user_specified);
215 	if (allocated_port == 0) {
216 		sctp_free_saddrs(sctp);
217 		if (bind_to_req_port_only) {
218 			err = EADDRINUSE;
219 			goto done;
220 		} else {
221 			err = EADDRNOTAVAIL;
222 			goto done;
223 		}
224 	}
225 	ASSERT(sctp->sctp_state == SCTPS_BOUND);
226 done:
227 	WAKE_SCTP(sctp);
228 	return (err);
229 }
230 
231 /*
232  * Perform bind/unbind operation of a list of addresses on a sctp_t
233  */
234 int
235 sctp_bindx(sctp_t *sctp, const void *addrs, int addrcnt, int bindop)
236 {
237 	ASSERT(sctp != NULL);
238 	ASSERT(addrs != NULL);
239 	ASSERT(addrcnt > 0);
240 
241 	switch (bindop) {
242 	case SCTP_BINDX_ADD_ADDR:
243 		return (sctp_bind_add(sctp, addrs, addrcnt, B_FALSE));
244 	case SCTP_BINDX_REM_ADDR:
245 		return (sctp_bind_del(sctp, addrs, addrcnt, B_FALSE));
246 	default:
247 		return (EINVAL);
248 	}
249 }
250 
251 /*
252  * Add a list of addresses to a sctp_t.
253  */
254 int
255 sctp_bind_add(sctp_t *sctp, const void *addrs, uint32_t addrcnt,
256     boolean_t caller_hold_lock)
257 {
258 	int		err = 0;
259 	boolean_t	do_asconf = B_FALSE;
260 
261 	if (!caller_hold_lock)
262 		RUN_SCTP(sctp);
263 
264 	if (sctp->sctp_state > SCTPS_ESTABLISHED) {
265 		if (!caller_hold_lock)
266 			WAKE_SCTP(sctp);
267 		return (EINVAL);
268 	}
269 
270 	if (sctp->sctp_state > SCTPS_LISTEN) {
271 		/*
272 		 * Let's do some checking here rather than undoing the
273 		 * add later (for these reasons).
274 		 */
275 		if (!sctp_addip_enabled || !sctp->sctp_understands_asconf ||
276 		    !sctp->sctp_understands_addip) {
277 			if (!caller_hold_lock)
278 				WAKE_SCTP(sctp);
279 			return (EINVAL);
280 		}
281 		do_asconf = B_TRUE;
282 	}
283 	err = sctp_valid_addr_list(sctp, addrs, addrcnt);
284 	if (err != 0) {
285 		if (!caller_hold_lock)
286 			WAKE_SCTP(sctp);
287 		return (err);
288 	}
289 
290 	/* Need to send  ASCONF messages */
291 	if (do_asconf) {
292 		err = sctp_add_ip(sctp, addrs, addrcnt);
293 		if (err != 0) {
294 			sctp_del_saddr_list(sctp, addrs, addrcnt, B_FALSE);
295 			if (!caller_hold_lock)
296 				WAKE_SCTP(sctp);
297 			return (err);
298 		}
299 	}
300 	if (!caller_hold_lock)
301 		WAKE_SCTP(sctp);
302 	if (do_asconf)
303 		sctp_process_sendq(sctp);
304 	return (0);
305 }
306 
307 /*
308  * Remove one or more addresses bound to the sctp_t.
309  */
310 int
311 sctp_bind_del(sctp_t *sctp, const void *addrs, uint32_t addrcnt,
312     boolean_t caller_hold_lock)
313 {
314 	int		error = 0;
315 	boolean_t	do_asconf = B_FALSE;
316 
317 	if (!caller_hold_lock)
318 		RUN_SCTP(sctp);
319 
320 	if (sctp->sctp_state > SCTPS_ESTABLISHED) {
321 		if (!caller_hold_lock)
322 			WAKE_SCTP(sctp);
323 		return (EINVAL);
324 	}
325 	/*
326 	 * Fail the remove if we are beyond listen, but can't send this
327 	 * to the peer.
328 	 */
329 	if (sctp->sctp_state > SCTPS_LISTEN) {
330 		if (!sctp_addip_enabled || !sctp->sctp_understands_asconf ||
331 		    !sctp->sctp_understands_addip) {
332 			if (!caller_hold_lock)
333 				WAKE_SCTP(sctp);
334 			return (EINVAL);
335 		}
336 		do_asconf = B_TRUE;
337 	}
338 
339 	/* Can't delete the last address nor all of the addresses */
340 	if (sctp->sctp_nsaddrs == 1 || addrcnt >= sctp->sctp_nsaddrs) {
341 		if (!caller_hold_lock)
342 			WAKE_SCTP(sctp);
343 		return (EINVAL);
344 	}
345 
346 	error = sctp_del_ip(sctp, addrs, addrcnt);
347 	if (!caller_hold_lock)
348 		WAKE_SCTP(sctp);
349 	if (error == 0 && do_asconf)
350 		sctp_process_sendq(sctp);
351 	return (error);
352 }
353 
354 /*
355  * If the "bind_to_req_port_only" parameter is set, if the requested port
356  * number is available, return it, If not return 0
357  *
358  * If "bind_to_req_port_only" parameter is not set and
359  * If the requested port number is available, return it.  If not, return
360  * the first anonymous port we happen across.  If no anonymous ports are
361  * available, return 0. addr is the requested local address, if any.
362  *
363  * In either case, when succeeding update the sctp_t to record the port number
364  * and insert it in the bind hash table.
365  */
366 in_port_t
367 sctp_bindi(sctp_t *sctp, in_port_t port, int bind_to_req_port_only,
368     int user_specified)
369 {
370 	/* number of times we have run around the loop */
371 	int count = 0;
372 	/* maximum number of times to run around the loop */
373 	int loopmax;
374 	zoneid_t zoneid = sctp->sctp_zoneid;
375 
376 	/*
377 	 * Lookup for free addresses is done in a loop and "loopmax"
378 	 * influences how long we spin in the loop
379 	 */
380 	if (bind_to_req_port_only) {
381 		/*
382 		 * If the requested port is busy, don't bother to look
383 		 * for a new one. Setting loop maximum count to 1 has
384 		 * that effect.
385 		 */
386 		loopmax = 1;
387 	} else {
388 		/*
389 		 * If the requested port is busy, look for a free one
390 		 * in the anonymous port range.
391 		 * Set loopmax appropriately so that one does not look
392 		 * forever in the case all of the anonymous ports are in use.
393 		 */
394 		loopmax = (sctp_largest_anon_port -
395 		    sctp_smallest_anon_port + 1);
396 	}
397 	do {
398 		uint16_t	lport;
399 		sctp_tf_t	*tbf;
400 		sctp_t		*lsctp;
401 		int		addrcmp;
402 
403 		lport = htons(port);
404 
405 		/*
406 		 * Ensure that the sctp_t is not currently in the bind hash.
407 		 * Hold the lock on the hash bucket to ensure that
408 		 * the duplicate check plus the insertion is an atomic
409 		 * operation.
410 		 *
411 		 * This function does an inline lookup on the bind hash list
412 		 * Make sure that we access only members of sctp_t
413 		 * and that we don't look at sctp_sctp, since we are not
414 		 * doing a SCTPB_REFHOLD. For more details please see the notes
415 		 * in sctp_compress()
416 		 */
417 		sctp_bind_hash_remove(sctp);
418 		tbf = &sctp_bind_fanout[SCTP_BIND_HASH(port)];
419 		mutex_enter(&tbf->tf_lock);
420 		for (lsctp = tbf->tf_sctp; lsctp != NULL;
421 		    lsctp = lsctp->sctp_bind_hash) {
422 
423 			if (lport != lsctp->sctp_lport ||
424 			    lsctp->sctp_zoneid != zoneid ||
425 			    lsctp->sctp_state < SCTPS_BOUND)
426 				continue;
427 
428 			addrcmp = sctp_compare_saddrs(sctp, lsctp);
429 			if (addrcmp != SCTP_ADDR_DISJOINT) {
430 				if (!sctp->sctp_reuseaddr) {
431 					/* in use */
432 					break;
433 				} else if (lsctp->sctp_state == SCTPS_BOUND ||
434 				    lsctp->sctp_state == SCTPS_LISTEN) {
435 					/*
436 					 * socket option SO_REUSEADDR is set
437 					 * on the binding sctp_t.
438 					 *
439 					 * We have found a match of IP source
440 					 * address and source port, which is
441 					 * refused regardless of the
442 					 * SO_REUSEADDR setting, so we break.
443 					 */
444 					break;
445 				}
446 			}
447 		}
448 		if (lsctp != NULL) {
449 			/* The port number is busy */
450 			mutex_exit(&tbf->tf_lock);
451 		} else {
452 			/*
453 			 * This port is ours. Insert in fanout and mark as
454 			 * bound to prevent others from getting the port
455 			 * number.
456 			 */
457 			sctp->sctp_state = SCTPS_BOUND;
458 			sctp->sctp_lport = lport;
459 			sctp->sctp_sctph->sh_sport = sctp->sctp_lport;
460 
461 			ASSERT(&sctp_bind_fanout[SCTP_BIND_HASH(port)] == tbf);
462 			sctp_bind_hash_insert(tbf, sctp, 1);
463 
464 			mutex_exit(&tbf->tf_lock);
465 
466 			/*
467 			 * We don't want sctp_next_port_to_try to "inherit"
468 			 * a port number supplied by the user in a bind.
469 			 */
470 			if (user_specified != 0)
471 				return (port);
472 
473 			/*
474 			 * This is the only place where sctp_next_port_to_try
475 			 * is updated. After the update, it may or may not
476 			 * be in the valid range.
477 			 */
478 			sctp_next_port_to_try = port + 1;
479 			return (port);
480 		}
481 
482 		if ((count == 0) && (user_specified)) {
483 			/*
484 			 * We may have to return an anonymous port. So
485 			 * get one to start with.
486 			 */
487 			port = sctp_update_next_port(sctp_next_port_to_try);
488 			user_specified = 0;
489 		} else {
490 			port = sctp_update_next_port(port + 1);
491 		}
492 
493 		/*
494 		 * Don't let this loop run forever in the case where
495 		 * all of the anonymous ports are in use.
496 		 */
497 	} while (++count < loopmax);
498 	return (0);
499 }
500 
501 /*
502  * Don't let port fall into the privileged range.
503  * Since the extra privileged ports can be arbitrary we also
504  * ensure that we exclude those from consideration.
505  * sctp_g_epriv_ports is not sorted thus we loop over it until
506  * there are no changes.
507  *
508  * Note: No locks are held when inspecting sctp_g_*epriv_ports
509  * but instead the code relies on:
510  * - the fact that the address of the array and its size never changes
511  * - the atomic assignment of the elements of the array
512  */
513 in_port_t
514 sctp_update_next_port(in_port_t port)
515 {
516 	int i;
517 
518 retry:
519 	if (port < sctp_smallest_anon_port || port > sctp_largest_anon_port)
520 		port = sctp_smallest_anon_port;
521 
522 	if (port < sctp_smallest_nonpriv_port)
523 		port = sctp_smallest_nonpriv_port;
524 
525 	for (i = 0; i < sctp_g_num_epriv_ports; i++) {
526 		if (port == sctp_g_epriv_ports[i]) {
527 			port++;
528 			/*
529 			 * Make sure whether the port is in the
530 			 * valid range.
531 			 *
532 			 * XXX Note that if sctp_g_epriv_ports contains
533 			 * all the anonymous ports this will be an
534 			 * infinite loop.
535 			 */
536 			goto retry;
537 		}
538 	}
539 	return (port);
540 }
541