1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/types.h> 30 #include <sys/systm.h> 31 #include <sys/stream.h> 32 #include <sys/strsubr.h> 33 #include <sys/ddi.h> 34 #include <sys/sunddi.h> 35 #include <sys/kmem.h> 36 #include <sys/socket.h> 37 #include <sys/random.h> 38 #include <sys/tsol/tndb.h> 39 #include <sys/tsol/tnet.h> 40 41 #include <netinet/in.h> 42 #include <netinet/ip6.h> 43 #include <netinet/sctp.h> 44 45 #include <inet/common.h> 46 #include <inet/ip.h> 47 #include <inet/ip6.h> 48 #include <inet/ip_ire.h> 49 #include <inet/mib2.h> 50 #include <inet/nd.h> 51 #include <inet/optcom.h> 52 #include <inet/sctp_ip.h> 53 #include <inet/ipclassifier.h> 54 55 #include "sctp_impl.h" 56 #include "sctp_addr.h" 57 #include "sctp_asconf.h" 58 59 static struct kmem_cache *sctp_kmem_faddr_cache; 60 static void sctp_init_faddr(sctp_t *, sctp_faddr_t *, in6_addr_t *, mblk_t *); 61 62 /* Set the source address. Refer to comments in sctp_get_ire(). */ 63 void 64 sctp_set_saddr(sctp_t *sctp, sctp_faddr_t *fp) 65 { 66 boolean_t v6 = !fp->isv4; 67 68 if (sctp->sctp_bound_to_all) { 69 V6_SET_ZERO(fp->saddr); 70 } else { 71 fp->saddr = sctp_get_valid_addr(sctp, v6); 72 if (!v6 && IN6_IS_ADDR_V4MAPPED_ANY(&fp->saddr) || 73 v6 && IN6_IS_ADDR_UNSPECIFIED(&fp->saddr)) { 74 fp->state = SCTP_FADDRS_UNREACH; 75 /* Disable heartbeat. */ 76 fp->hb_expiry = 0; 77 fp->hb_pending = B_FALSE; 78 fp->strikes = 0; 79 } 80 } 81 } 82 83 /* 84 * Call this function to update the cached IRE of a peer addr fp. 85 */ 86 void 87 sctp_get_ire(sctp_t *sctp, sctp_faddr_t *fp) 88 { 89 ire_t *ire; 90 ipaddr_t addr4; 91 in6_addr_t laddr; 92 sctp_saddr_ipif_t *sp; 93 uint_t ipif_seqid; 94 int hdrlen; 95 ts_label_t *tsl; 96 sctp_stack_t *sctps = sctp->sctp_sctps; 97 ip_stack_t *ipst = sctps->sctps_netstack->netstack_ip; 98 99 /* Remove the previous cache IRE */ 100 if ((ire = fp->ire) != NULL) { 101 IRE_REFRELE_NOTR(ire); 102 fp->ire = NULL; 103 } 104 105 /* 106 * If this addr is not reachable, mark it as unconfirmed for now, the 107 * state will be changed back to unreachable later in this function 108 * if it is still the case. 109 */ 110 if (fp->state == SCTP_FADDRS_UNREACH) { 111 fp->state = SCTP_FADDRS_UNCONFIRMED; 112 } 113 114 tsl = crgetlabel(CONN_CRED(sctp->sctp_connp)); 115 116 if (fp->isv4) { 117 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, addr4); 118 ire = ire_cache_lookup(addr4, sctp->sctp_zoneid, tsl, ipst); 119 if (ire != NULL) 120 IN6_IPADDR_TO_V4MAPPED(ire->ire_src_addr, &laddr); 121 } else { 122 ire = ire_cache_lookup_v6(&fp->faddr, sctp->sctp_zoneid, tsl, 123 ipst); 124 if (ire != NULL) 125 laddr = ire->ire_src_addr_v6; 126 } 127 128 if (ire == NULL) { 129 dprint(3, ("ire2faddr: no ire for %x:%x:%x:%x\n", 130 SCTP_PRINTADDR(fp->faddr))); 131 /* 132 * It is tempting to just leave the src addr 133 * unspecified and let IP figure it out, but we 134 * *cannot* do this, since IP may choose a src addr 135 * that is not part of this association... unless 136 * this sctp has bound to all addrs. So if the ire 137 * lookup fails, try to find one in our src addr 138 * list, unless the sctp has bound to all addrs, in 139 * which case we change the src addr to unspec. 140 * 141 * Note that if this is a v6 endpoint but it does 142 * not have any v4 address at this point (e.g. may 143 * have been deleted), sctp_get_valid_addr() will 144 * return mapped INADDR_ANY. In this case, this 145 * address should be marked not reachable so that 146 * it won't be used to send data. 147 */ 148 sctp_set_saddr(sctp, fp); 149 if (fp->state == SCTP_FADDRS_UNREACH) 150 return; 151 goto check_current; 152 } 153 154 ipif_seqid = ire->ire_ipif->ipif_seqid; 155 dprint(2, ("ire2faddr: got ire for %x:%x:%x:%x, ", 156 SCTP_PRINTADDR(fp->faddr))); 157 if (fp->isv4) { 158 dprint(2, ("src = %x\n", ire->ire_src_addr)); 159 } else { 160 dprint(2, ("src=%x:%x:%x:%x\n", 161 SCTP_PRINTADDR(ire->ire_src_addr_v6))); 162 } 163 164 /* Make sure the laddr is part of this association */ 165 if ((sp = sctp_ipif_lookup(sctp, ipif_seqid)) != NULL && 166 !sp->saddr_ipif_dontsrc) { 167 if (sp->saddr_ipif_unconfirmed == 1) 168 sp->saddr_ipif_unconfirmed = 0; 169 fp->saddr = laddr; 170 } else { 171 dprint(2, ("ire2faddr: src addr is not part of assc\n")); 172 173 /* 174 * Set the src to the first saddr and hope for the best. 175 * Note that we will still do the ire caching below. 176 * Otherwise, whenever we send a packet, we need to do 177 * the ire lookup again and still may not get the correct 178 * source address. Note that this case should very seldomly 179 * happen. One scenario this can happen is an app 180 * explicitly bind() to an address. But that address is 181 * not the preferred source address to send to the peer. 182 */ 183 sctp_set_saddr(sctp, fp); 184 if (fp->state == SCTP_FADDRS_UNREACH) { 185 IRE_REFRELE(ire); 186 return; 187 } 188 } 189 190 /* 191 * Note that ire_cache_lookup_*() returns an ire with the tracing 192 * bits enabled. This requires the thread holding the ire also 193 * do the IRE_REFRELE(). Thus we need to do IRE_REFHOLD_NOTR() 194 * and then IRE_REFRELE() the ire here to make the tracing bits 195 * work. 196 */ 197 IRE_REFHOLD_NOTR(ire); 198 IRE_REFRELE(ire); 199 200 /* Cache the IRE */ 201 fp->ire = ire; 202 if (fp->ire->ire_type == IRE_LOOPBACK && !sctp->sctp_loopback) 203 sctp->sctp_loopback = 1; 204 205 /* 206 * Pull out RTO information for this faddr and use it if we don't 207 * have any yet. 208 */ 209 if (fp->srtt == -1 && ire->ire_uinfo.iulp_rtt != 0) { 210 /* The cached value is in ms. */ 211 fp->srtt = MSEC_TO_TICK(ire->ire_uinfo.iulp_rtt); 212 fp->rttvar = MSEC_TO_TICK(ire->ire_uinfo.iulp_rtt_sd); 213 fp->rto = 3 * fp->srtt; 214 215 /* Bound the RTO by configured min and max values */ 216 if (fp->rto < sctp->sctp_rto_min) { 217 fp->rto = sctp->sctp_rto_min; 218 } 219 if (fp->rto > sctp->sctp_rto_max) { 220 fp->rto = sctp->sctp_rto_max; 221 } 222 } 223 224 /* 225 * Record the MTU for this faddr. If the MTU for this faddr has 226 * changed, check if the assc MTU will also change. 227 */ 228 if (fp->isv4) { 229 hdrlen = sctp->sctp_hdr_len; 230 } else { 231 hdrlen = sctp->sctp_hdr6_len; 232 } 233 if ((fp->sfa_pmss + hdrlen) != ire->ire_max_frag) { 234 /* Make sure that sfa_pmss is a multiple of SCTP_ALIGN. */ 235 fp->sfa_pmss = (ire->ire_max_frag - hdrlen) & ~(SCTP_ALIGN - 1); 236 if (fp->cwnd < (fp->sfa_pmss * 2)) { 237 fp->cwnd = fp->sfa_pmss * 238 sctps->sctps_slow_start_initial; 239 } 240 } 241 242 check_current: 243 if (fp == sctp->sctp_current) 244 sctp_set_faddr_current(sctp, fp); 245 } 246 247 void 248 sctp_update_ire(sctp_t *sctp) 249 { 250 ire_t *ire; 251 sctp_faddr_t *fp; 252 sctp_stack_t *sctps = sctp->sctp_sctps; 253 254 for (fp = sctp->sctp_faddrs; fp != NULL; fp = fp->next) { 255 if ((ire = fp->ire) == NULL) 256 continue; 257 mutex_enter(&ire->ire_lock); 258 259 /* 260 * If the cached IRE is going away, there is no point to 261 * update it. 262 */ 263 if (ire->ire_marks & IRE_MARK_CONDEMNED) { 264 mutex_exit(&ire->ire_lock); 265 IRE_REFRELE_NOTR(ire); 266 fp->ire = NULL; 267 continue; 268 } 269 270 /* 271 * Only record the PMTU for this faddr if we actually have 272 * done discovery. This prevents initialized default from 273 * clobbering any real info that IP may have. 274 */ 275 if (fp->pmtu_discovered) { 276 if (fp->isv4) { 277 ire->ire_max_frag = fp->sfa_pmss + 278 sctp->sctp_hdr_len; 279 } else { 280 ire->ire_max_frag = fp->sfa_pmss + 281 sctp->sctp_hdr6_len; 282 } 283 } 284 285 if (sctps->sctps_rtt_updates != 0 && 286 fp->rtt_updates >= sctps->sctps_rtt_updates) { 287 /* 288 * If there is no old cached values, initialize them 289 * conservatively. Set them to be (1.5 * new value). 290 * This code copied from ip_ire_advise(). The cached 291 * value is in ms. 292 */ 293 if (ire->ire_uinfo.iulp_rtt != 0) { 294 ire->ire_uinfo.iulp_rtt = 295 (ire->ire_uinfo.iulp_rtt + 296 TICK_TO_MSEC(fp->srtt)) >> 1; 297 } else { 298 ire->ire_uinfo.iulp_rtt = 299 TICK_TO_MSEC(fp->srtt + (fp->srtt >> 1)); 300 } 301 if (ire->ire_uinfo.iulp_rtt_sd != 0) { 302 ire->ire_uinfo.iulp_rtt_sd = 303 (ire->ire_uinfo.iulp_rtt_sd + 304 TICK_TO_MSEC(fp->rttvar)) >> 1; 305 } else { 306 ire->ire_uinfo.iulp_rtt_sd = 307 TICK_TO_MSEC(fp->rttvar + 308 (fp->rttvar >> 1)); 309 } 310 fp->rtt_updates = 0; 311 } 312 mutex_exit(&ire->ire_lock); 313 } 314 } 315 316 /* 317 * The sender must set the total length in the IP header. 318 * If sendto == NULL, the current will be used. 319 */ 320 mblk_t * 321 sctp_make_mp(sctp_t *sctp, sctp_faddr_t *sendto, int trailer) 322 { 323 mblk_t *mp; 324 size_t ipsctplen; 325 int isv4; 326 sctp_faddr_t *fp; 327 sctp_stack_t *sctps = sctp->sctp_sctps; 328 329 ASSERT(sctp->sctp_current != NULL || sendto != NULL); 330 if (sendto == NULL) { 331 fp = sctp->sctp_current; 332 } else { 333 fp = sendto; 334 } 335 isv4 = fp->isv4; 336 337 /* Try to look for another IRE again. */ 338 if (fp->ire == NULL) 339 sctp_get_ire(sctp, fp); 340 341 /* There is no suitable source address to use, return. */ 342 if (fp->state == SCTP_FADDRS_UNREACH) 343 return (NULL); 344 345 if (isv4) { 346 ipsctplen = sctp->sctp_hdr_len; 347 } else { 348 ipsctplen = sctp->sctp_hdr6_len; 349 } 350 351 mp = allocb_cred(ipsctplen + sctps->sctps_wroff_xtra + trailer, 352 CONN_CRED(sctp->sctp_connp)); 353 if (mp == NULL) { 354 ip1dbg(("sctp_make_mp: error making mp..\n")); 355 return (NULL); 356 } 357 mp->b_rptr += sctps->sctps_wroff_xtra; 358 mp->b_wptr = mp->b_rptr + ipsctplen; 359 360 ASSERT(OK_32PTR(mp->b_wptr)); 361 362 if (isv4) { 363 ipha_t *iph = (ipha_t *)mp->b_rptr; 364 365 bcopy(sctp->sctp_iphc, mp->b_rptr, ipsctplen); 366 if (fp != sctp->sctp_current) { 367 /* fiddle with the dst addr */ 368 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, iph->ipha_dst); 369 /* fix up src addr */ 370 if (!IN6_IS_ADDR_V4MAPPED_ANY(&fp->saddr)) { 371 IN6_V4MAPPED_TO_IPADDR(&fp->saddr, 372 iph->ipha_src); 373 } else if (sctp->sctp_bound_to_all) { 374 iph->ipha_src = INADDR_ANY; 375 } 376 } 377 /* set or clear the don't fragment bit */ 378 if (fp->df) { 379 iph->ipha_fragment_offset_and_flags = htons(IPH_DF); 380 } else { 381 iph->ipha_fragment_offset_and_flags = 0; 382 } 383 } else { 384 bcopy(sctp->sctp_iphc6, mp->b_rptr, ipsctplen); 385 if (fp != sctp->sctp_current) { 386 /* fiddle with the dst addr */ 387 ((ip6_t *)(mp->b_rptr))->ip6_dst = fp->faddr; 388 /* fix up src addr */ 389 if (!IN6_IS_ADDR_UNSPECIFIED(&fp->saddr)) { 390 ((ip6_t *)(mp->b_rptr))->ip6_src = fp->saddr; 391 } else if (sctp->sctp_bound_to_all) { 392 bzero(&((ip6_t *)(mp->b_rptr))->ip6_src, 393 sizeof (in6_addr_t)); 394 } 395 } 396 } 397 ASSERT(sctp->sctp_connp != NULL); 398 399 /* 400 * IP will not free this IRE if it is condemned. SCTP needs to 401 * free it. 402 */ 403 if ((fp->ire != NULL) && (fp->ire->ire_marks & IRE_MARK_CONDEMNED)) { 404 IRE_REFRELE_NOTR(fp->ire); 405 fp->ire = NULL; 406 } 407 /* Stash the conn and ire ptr info. for IP */ 408 SCTP_STASH_IPINFO(mp, fp->ire); 409 410 return (mp); 411 } 412 413 /* 414 * Notify upper layers about preferred write offset, write size. 415 */ 416 void 417 sctp_set_ulp_prop(sctp_t *sctp) 418 { 419 int hdrlen; 420 sctp_stack_t *sctps = sctp->sctp_sctps; 421 422 if (sctp->sctp_current->isv4) { 423 hdrlen = sctp->sctp_hdr_len; 424 } else { 425 hdrlen = sctp->sctp_hdr6_len; 426 } 427 ASSERT(sctp->sctp_ulpd); 428 429 ASSERT(sctp->sctp_current->sfa_pmss == sctp->sctp_mss); 430 sctp->sctp_ulp_prop(sctp->sctp_ulpd, 431 sctps->sctps_wroff_xtra + hdrlen + sizeof (sctp_data_hdr_t), 432 sctp->sctp_mss - sizeof (sctp_data_hdr_t)); 433 } 434 435 void 436 sctp_set_iplen(sctp_t *sctp, mblk_t *mp) 437 { 438 uint16_t sum = 0; 439 ipha_t *iph; 440 ip6_t *ip6h; 441 mblk_t *pmp = mp; 442 boolean_t isv4; 443 444 isv4 = (IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION); 445 for (; pmp; pmp = pmp->b_cont) 446 sum += pmp->b_wptr - pmp->b_rptr; 447 448 if (isv4) { 449 iph = (ipha_t *)mp->b_rptr; 450 iph->ipha_length = htons(sum); 451 } else { 452 ip6h = (ip6_t *)mp->b_rptr; 453 /* 454 * If an ip6i_t is present, the real IPv6 header 455 * immediately follows. 456 */ 457 if (ip6h->ip6_nxt == IPPROTO_RAW) 458 ip6h = (ip6_t *)&ip6h[1]; 459 ip6h->ip6_plen = htons(sum - ((char *)&sctp->sctp_ip6h[1] - 460 sctp->sctp_iphc6)); 461 } 462 } 463 464 int 465 sctp_compare_faddrsets(sctp_faddr_t *a1, sctp_faddr_t *a2) 466 { 467 int na1 = 0; 468 int overlap = 0; 469 int equal = 1; 470 int onematch; 471 sctp_faddr_t *fp1, *fp2; 472 473 for (fp1 = a1; fp1; fp1 = fp1->next) { 474 onematch = 0; 475 for (fp2 = a2; fp2; fp2 = fp2->next) { 476 if (IN6_ARE_ADDR_EQUAL(&fp1->faddr, &fp2->faddr)) { 477 overlap++; 478 onematch = 1; 479 break; 480 } 481 if (!onematch) { 482 equal = 0; 483 } 484 } 485 na1++; 486 } 487 488 if (equal) { 489 return (SCTP_ADDR_EQUAL); 490 } 491 if (overlap == na1) { 492 return (SCTP_ADDR_SUBSET); 493 } 494 if (overlap) { 495 return (SCTP_ADDR_OVERLAP); 496 } 497 return (SCTP_ADDR_DISJOINT); 498 } 499 500 /* 501 * Returns 0 on success, -1 on memory allocation failure. If sleep 502 * is true, this function should never fail. The boolean parameter 503 * first decides whether the newly created faddr structure should be 504 * added at the beginning of the list or at the end. 505 * 506 * Note: caller must hold conn fanout lock. 507 */ 508 int 509 sctp_add_faddr(sctp_t *sctp, in6_addr_t *addr, int sleep, boolean_t first) 510 { 511 sctp_faddr_t *faddr; 512 mblk_t *timer_mp; 513 514 if (is_system_labeled()) { 515 ts_label_t *tsl; 516 tsol_tpc_t *rhtp; 517 int retv; 518 519 tsl = crgetlabel(CONN_CRED(sctp->sctp_connp)); 520 ASSERT(tsl != NULL); 521 522 /* find_tpc automatically does the right thing with IPv4 */ 523 rhtp = find_tpc(addr, IPV6_VERSION, B_FALSE); 524 if (rhtp == NULL) 525 return (EACCES); 526 527 retv = EACCES; 528 if (tsl->tsl_doi == rhtp->tpc_tp.tp_doi) { 529 switch (rhtp->tpc_tp.host_type) { 530 case UNLABELED: 531 /* 532 * Can talk to unlabeled hosts if any of the 533 * following are true: 534 * 1. zone's label matches the remote host's 535 * default label, 536 * 2. mac_exempt is on and the zone dominates 537 * the remote host's label, or 538 * 3. mac_exempt is on and the socket is from 539 * the global zone. 540 */ 541 if (blequal(&rhtp->tpc_tp.tp_def_label, 542 &tsl->tsl_label) || 543 (sctp->sctp_mac_exempt && 544 (sctp->sctp_zoneid == GLOBAL_ZONEID || 545 bldominates(&tsl->tsl_label, 546 &rhtp->tpc_tp.tp_def_label)))) 547 retv = 0; 548 break; 549 case SUN_CIPSO: 550 if (_blinrange(&tsl->tsl_label, 551 &rhtp->tpc_tp.tp_sl_range_cipso) || 552 blinlset(&tsl->tsl_label, 553 rhtp->tpc_tp.tp_sl_set_cipso)) 554 retv = 0; 555 break; 556 } 557 } 558 TPC_RELE(rhtp); 559 if (retv != 0) 560 return (retv); 561 } 562 563 if ((faddr = kmem_cache_alloc(sctp_kmem_faddr_cache, sleep)) == NULL) 564 return (ENOMEM); 565 timer_mp = sctp_timer_alloc((sctp), sctp_rexmit_timer); 566 if (timer_mp == NULL) { 567 kmem_cache_free(sctp_kmem_faddr_cache, faddr); 568 return (ENOMEM); 569 } 570 ((sctpt_t *)(timer_mp->b_rptr))->sctpt_faddr = faddr; 571 572 sctp_init_faddr(sctp, faddr, addr, timer_mp); 573 ASSERT(faddr->next == NULL); 574 575 if (sctp->sctp_faddrs == NULL) { 576 ASSERT(sctp->sctp_lastfaddr == NULL); 577 /* only element on list; first and last are same */ 578 sctp->sctp_faddrs = sctp->sctp_lastfaddr = faddr; 579 } else if (first) { 580 ASSERT(sctp->sctp_lastfaddr != NULL); 581 faddr->next = sctp->sctp_faddrs; 582 sctp->sctp_faddrs = faddr; 583 } else { 584 sctp->sctp_lastfaddr->next = faddr; 585 sctp->sctp_lastfaddr = faddr; 586 } 587 sctp->sctp_nfaddrs++; 588 589 return (0); 590 } 591 592 sctp_faddr_t * 593 sctp_lookup_faddr(sctp_t *sctp, in6_addr_t *addr) 594 { 595 sctp_faddr_t *fp; 596 597 for (fp = sctp->sctp_faddrs; fp != NULL; fp = fp->next) { 598 if (IN6_ARE_ADDR_EQUAL(&fp->faddr, addr)) 599 break; 600 } 601 602 return (fp); 603 } 604 605 sctp_faddr_t * 606 sctp_lookup_faddr_nosctp(sctp_faddr_t *fp, in6_addr_t *addr) 607 { 608 for (; fp; fp = fp->next) { 609 if (IN6_ARE_ADDR_EQUAL(&fp->faddr, addr)) { 610 break; 611 } 612 } 613 614 return (fp); 615 } 616 617 /* 618 * To change the currently used peer address to the specified one. 619 */ 620 void 621 sctp_set_faddr_current(sctp_t *sctp, sctp_faddr_t *fp) 622 { 623 /* Now setup the composite header. */ 624 if (fp->isv4) { 625 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, 626 sctp->sctp_ipha->ipha_dst); 627 IN6_V4MAPPED_TO_IPADDR(&fp->saddr, sctp->sctp_ipha->ipha_src); 628 /* update don't fragment bit */ 629 if (fp->df) { 630 sctp->sctp_ipha->ipha_fragment_offset_and_flags = 631 htons(IPH_DF); 632 } else { 633 sctp->sctp_ipha->ipha_fragment_offset_and_flags = 0; 634 } 635 } else { 636 sctp->sctp_ip6h->ip6_dst = fp->faddr; 637 sctp->sctp_ip6h->ip6_src = fp->saddr; 638 } 639 640 sctp->sctp_current = fp; 641 sctp->sctp_mss = fp->sfa_pmss; 642 643 /* Update the uppper layer for the change. */ 644 if (!SCTP_IS_DETACHED(sctp)) 645 sctp_set_ulp_prop(sctp); 646 } 647 648 void 649 sctp_redo_faddr_srcs(sctp_t *sctp) 650 { 651 sctp_faddr_t *fp; 652 653 for (fp = sctp->sctp_faddrs; fp != NULL; fp = fp->next) { 654 sctp_get_ire(sctp, fp); 655 } 656 } 657 658 void 659 sctp_faddr_alive(sctp_t *sctp, sctp_faddr_t *fp) 660 { 661 int64_t now = lbolt64; 662 663 fp->strikes = 0; 664 sctp->sctp_strikes = 0; 665 fp->lastactive = now; 666 fp->hb_expiry = now + SET_HB_INTVL(fp); 667 fp->hb_pending = B_FALSE; 668 if (fp->state != SCTP_FADDRS_ALIVE) { 669 fp->state = SCTP_FADDRS_ALIVE; 670 sctp_intf_event(sctp, fp->faddr, SCTP_ADDR_AVAILABLE, 0); 671 672 /* 673 * If this is the primary, switch back to it now. And 674 * we probably want to reset the source addr used to reach 675 * it. 676 */ 677 if (fp == sctp->sctp_primary) { 678 sctp_set_faddr_current(sctp, fp); 679 sctp_get_ire(sctp, fp); 680 return; 681 } 682 } 683 if (fp->ire == NULL) { 684 /* Should have a full IRE now */ 685 sctp_get_ire(sctp, fp); 686 } 687 } 688 689 int 690 sctp_is_a_faddr_clean(sctp_t *sctp) 691 { 692 sctp_faddr_t *fp; 693 694 for (fp = sctp->sctp_faddrs; fp; fp = fp->next) { 695 if (fp->state == SCTP_FADDRS_ALIVE && fp->strikes == 0) { 696 return (1); 697 } 698 } 699 700 return (0); 701 } 702 703 /* 704 * Returns 0 if there is at leave one other active faddr, -1 if there 705 * are none. If there are none left, faddr_dead() will start killing the 706 * association. 707 * If the downed faddr was the current faddr, a new current faddr 708 * will be chosen. 709 */ 710 int 711 sctp_faddr_dead(sctp_t *sctp, sctp_faddr_t *fp, int newstate) 712 { 713 sctp_faddr_t *ofp; 714 sctp_stack_t *sctps = sctp->sctp_sctps; 715 716 if (fp->state == SCTP_FADDRS_ALIVE) { 717 sctp_intf_event(sctp, fp->faddr, SCTP_ADDR_UNREACHABLE, 0); 718 } 719 fp->state = newstate; 720 721 dprint(1, ("sctp_faddr_dead: %x:%x:%x:%x down (state=%d)\n", 722 SCTP_PRINTADDR(fp->faddr), newstate)); 723 724 if (fp == sctp->sctp_current) { 725 /* Current faddr down; need to switch it */ 726 sctp->sctp_current = NULL; 727 } 728 729 /* Find next alive faddr */ 730 ofp = fp; 731 for (fp = fp->next; fp != NULL; fp = fp->next) { 732 if (fp->state == SCTP_FADDRS_ALIVE) { 733 break; 734 } 735 } 736 737 if (fp == NULL) { 738 /* Continue from beginning of list */ 739 for (fp = sctp->sctp_faddrs; fp != ofp; fp = fp->next) { 740 if (fp->state == SCTP_FADDRS_ALIVE) { 741 break; 742 } 743 } 744 } 745 746 /* 747 * Find a new fp, so if the current faddr is dead, use the new fp 748 * as the current one. 749 */ 750 if (fp != ofp) { 751 if (sctp->sctp_current == NULL) { 752 dprint(1, ("sctp_faddr_dead: failover->%x:%x:%x:%x\n", 753 SCTP_PRINTADDR(fp->faddr))); 754 /* 755 * Note that we don't need to reset the source addr 756 * of the new fp. 757 */ 758 sctp_set_faddr_current(sctp, fp); 759 } 760 return (0); 761 } 762 763 764 /* All faddrs are down; kill the association */ 765 dprint(1, ("sctp_faddr_dead: all faddrs down, killing assoc\n")); 766 BUMP_MIB(&sctps->sctps_mib, sctpAborted); 767 sctp_assoc_event(sctp, sctp->sctp_state < SCTPS_ESTABLISHED ? 768 SCTP_CANT_STR_ASSOC : SCTP_COMM_LOST, 0, NULL); 769 sctp_clean_death(sctp, sctp->sctp_client_errno ? 770 sctp->sctp_client_errno : ETIMEDOUT); 771 772 return (-1); 773 } 774 775 sctp_faddr_t * 776 sctp_rotate_faddr(sctp_t *sctp, sctp_faddr_t *ofp) 777 { 778 sctp_faddr_t *nfp = NULL; 779 780 if (ofp == NULL) { 781 ofp = sctp->sctp_current; 782 } 783 784 /* Find the next live one */ 785 for (nfp = ofp->next; nfp != NULL; nfp = nfp->next) { 786 if (nfp->state == SCTP_FADDRS_ALIVE) { 787 break; 788 } 789 } 790 791 if (nfp == NULL) { 792 /* Continue from beginning of list */ 793 for (nfp = sctp->sctp_faddrs; nfp != ofp; nfp = nfp->next) { 794 if (nfp->state == SCTP_FADDRS_ALIVE) { 795 break; 796 } 797 } 798 } 799 800 /* 801 * nfp could only be NULL if all faddrs are down, and when 802 * this happens, faddr_dead() should have killed the 803 * association. Hence this assertion... 804 */ 805 ASSERT(nfp != NULL); 806 return (nfp); 807 } 808 809 void 810 sctp_unlink_faddr(sctp_t *sctp, sctp_faddr_t *fp) 811 { 812 sctp_faddr_t *fpp; 813 814 if (!sctp->sctp_faddrs) { 815 return; 816 } 817 818 if (fp->timer_mp != NULL) { 819 sctp_timer_free(fp->timer_mp); 820 fp->timer_mp = NULL; 821 fp->timer_running = 0; 822 } 823 if (fp->rc_timer_mp != NULL) { 824 sctp_timer_free(fp->rc_timer_mp); 825 fp->rc_timer_mp = NULL; 826 fp->rc_timer_running = 0; 827 } 828 if (fp->ire != NULL) { 829 IRE_REFRELE_NOTR(fp->ire); 830 fp->ire = NULL; 831 } 832 833 if (fp == sctp->sctp_faddrs) { 834 goto gotit; 835 } 836 837 for (fpp = sctp->sctp_faddrs; fpp->next != fp; fpp = fpp->next) 838 ; 839 840 gotit: 841 ASSERT(sctp->sctp_conn_tfp != NULL); 842 mutex_enter(&sctp->sctp_conn_tfp->tf_lock); 843 if (fp == sctp->sctp_faddrs) { 844 sctp->sctp_faddrs = fp->next; 845 } else { 846 fpp->next = fp->next; 847 } 848 mutex_exit(&sctp->sctp_conn_tfp->tf_lock); 849 /* XXX faddr2ire? */ 850 kmem_cache_free(sctp_kmem_faddr_cache, fp); 851 sctp->sctp_nfaddrs--; 852 } 853 854 void 855 sctp_zap_faddrs(sctp_t *sctp, int caller_holds_lock) 856 { 857 sctp_faddr_t *fp, *fpn; 858 859 if (sctp->sctp_faddrs == NULL) { 860 ASSERT(sctp->sctp_lastfaddr == NULL); 861 return; 862 } 863 864 ASSERT(sctp->sctp_lastfaddr != NULL); 865 sctp->sctp_lastfaddr = NULL; 866 sctp->sctp_current = NULL; 867 sctp->sctp_primary = NULL; 868 869 sctp_free_faddr_timers(sctp); 870 871 if (sctp->sctp_conn_tfp != NULL && !caller_holds_lock) { 872 /* in conn fanout; need to hold lock */ 873 mutex_enter(&sctp->sctp_conn_tfp->tf_lock); 874 } 875 876 for (fp = sctp->sctp_faddrs; fp; fp = fpn) { 877 fpn = fp->next; 878 if (fp->ire != NULL) 879 IRE_REFRELE_NOTR(fp->ire); 880 kmem_cache_free(sctp_kmem_faddr_cache, fp); 881 sctp->sctp_nfaddrs--; 882 } 883 884 sctp->sctp_faddrs = NULL; 885 ASSERT(sctp->sctp_nfaddrs == 0); 886 if (sctp->sctp_conn_tfp != NULL && !caller_holds_lock) { 887 mutex_exit(&sctp->sctp_conn_tfp->tf_lock); 888 } 889 890 } 891 892 void 893 sctp_zap_addrs(sctp_t *sctp) 894 { 895 sctp_zap_faddrs(sctp, 0); 896 sctp_free_saddrs(sctp); 897 } 898 899 /* 900 * Initialize the IPv4 header. Loses any record of any IP options. 901 */ 902 int 903 sctp_header_init_ipv4(sctp_t *sctp, int sleep) 904 { 905 sctp_hdr_t *sctph; 906 sctp_stack_t *sctps = sctp->sctp_sctps; 907 908 /* 909 * This is a simple initialization. If there's 910 * already a template, it should never be too small, 911 * so reuse it. Otherwise, allocate space for the new one. 912 */ 913 if (sctp->sctp_iphc != NULL) { 914 ASSERT(sctp->sctp_iphc_len >= SCTP_MAX_COMBINED_HEADER_LENGTH); 915 bzero(sctp->sctp_iphc, sctp->sctp_iphc_len); 916 } else { 917 sctp->sctp_iphc_len = SCTP_MAX_COMBINED_HEADER_LENGTH; 918 sctp->sctp_iphc = kmem_zalloc(sctp->sctp_iphc_len, sleep); 919 if (sctp->sctp_iphc == NULL) { 920 sctp->sctp_iphc_len = 0; 921 return (ENOMEM); 922 } 923 } 924 925 sctp->sctp_ipha = (ipha_t *)sctp->sctp_iphc; 926 927 sctp->sctp_hdr_len = sizeof (ipha_t) + sizeof (sctp_hdr_t); 928 sctp->sctp_ip_hdr_len = sizeof (ipha_t); 929 sctp->sctp_ipha->ipha_length = htons(sizeof (ipha_t) + 930 sizeof (sctp_hdr_t)); 931 sctp->sctp_ipha->ipha_version_and_hdr_length 932 = (IP_VERSION << 4) | IP_SIMPLE_HDR_LENGTH_IN_WORDS; 933 934 /* 935 * These two fields should be zero, and are already set above. 936 * 937 * sctp->sctp_ipha->ipha_ident, 938 * sctp->sctp_ipha->ipha_fragment_offset_and_flags. 939 */ 940 941 sctp->sctp_ipha->ipha_ttl = sctps->sctps_ipv4_ttl; 942 sctp->sctp_ipha->ipha_protocol = IPPROTO_SCTP; 943 944 sctph = (sctp_hdr_t *)(sctp->sctp_iphc + sizeof (ipha_t)); 945 sctp->sctp_sctph = sctph; 946 947 return (0); 948 } 949 950 /* 951 * Update sctp_sticky_hdrs based on sctp_sticky_ipp. 952 * The headers include ip6i_t (if needed), ip6_t, any sticky extension 953 * headers, and the maximum size sctp header (to avoid reallocation 954 * on the fly for additional sctp options). 955 * Returns failure if can't allocate memory. 956 */ 957 int 958 sctp_build_hdrs(sctp_t *sctp) 959 { 960 char *hdrs; 961 uint_t hdrs_len; 962 ip6i_t *ip6i; 963 char buf[SCTP_MAX_HDR_LENGTH]; 964 ip6_pkt_t *ipp = &sctp->sctp_sticky_ipp; 965 in6_addr_t src; 966 in6_addr_t dst; 967 sctp_stack_t *sctps = sctp->sctp_sctps; 968 969 /* 970 * save the existing sctp header and source/dest IP addresses 971 */ 972 bcopy(sctp->sctp_sctph6, buf, sizeof (sctp_hdr_t)); 973 src = sctp->sctp_ip6h->ip6_src; 974 dst = sctp->sctp_ip6h->ip6_dst; 975 hdrs_len = ip_total_hdrs_len_v6(ipp) + SCTP_MAX_HDR_LENGTH; 976 ASSERT(hdrs_len != 0); 977 if (hdrs_len > sctp->sctp_iphc6_len) { 978 /* Need to reallocate */ 979 hdrs = kmem_zalloc(hdrs_len, KM_NOSLEEP); 980 if (hdrs == NULL) 981 return (ENOMEM); 982 983 if (sctp->sctp_iphc6_len != 0) 984 kmem_free(sctp->sctp_iphc6, sctp->sctp_iphc6_len); 985 sctp->sctp_iphc6 = hdrs; 986 sctp->sctp_iphc6_len = hdrs_len; 987 } 988 ip_build_hdrs_v6((uchar_t *)sctp->sctp_iphc6, 989 hdrs_len - SCTP_MAX_HDR_LENGTH, ipp, IPPROTO_SCTP); 990 991 /* Set header fields not in ipp */ 992 if (ipp->ipp_fields & IPPF_HAS_IP6I) { 993 ip6i = (ip6i_t *)sctp->sctp_iphc6; 994 sctp->sctp_ip6h = (ip6_t *)&ip6i[1]; 995 } else { 996 sctp->sctp_ip6h = (ip6_t *)sctp->sctp_iphc6; 997 } 998 /* 999 * sctp->sctp_ip_hdr_len will include ip6i_t if there is one. 1000 */ 1001 sctp->sctp_ip_hdr6_len = hdrs_len - SCTP_MAX_HDR_LENGTH; 1002 sctp->sctp_sctph6 = (sctp_hdr_t *)(sctp->sctp_iphc6 + 1003 sctp->sctp_ip_hdr6_len); 1004 sctp->sctp_hdr6_len = sctp->sctp_ip_hdr6_len + sizeof (sctp_hdr_t); 1005 1006 bcopy(buf, sctp->sctp_sctph6, sizeof (sctp_hdr_t)); 1007 1008 sctp->sctp_ip6h->ip6_src = src; 1009 sctp->sctp_ip6h->ip6_dst = dst; 1010 /* 1011 * If the hoplimit was not set by ip_build_hdrs_v6(), we need to 1012 * set it to the default value for SCTP. 1013 */ 1014 if (!(ipp->ipp_fields & IPPF_UNICAST_HOPS)) 1015 sctp->sctp_ip6h->ip6_hops = sctps->sctps_ipv6_hoplimit; 1016 /* 1017 * If we're setting extension headers after a connection 1018 * has been established, and if we have a routing header 1019 * among the extension headers, call ip_massage_options_v6 to 1020 * manipulate the routing header/ip6_dst set the checksum 1021 * difference in the sctp header template. 1022 * (This happens in sctp_connect_ipv6 if the routing header 1023 * is set prior to the connect.) 1024 */ 1025 1026 if ((sctp->sctp_state >= SCTPS_COOKIE_WAIT) && 1027 (sctp->sctp_sticky_ipp.ipp_fields & IPPF_RTHDR)) { 1028 ip6_rthdr_t *rth; 1029 1030 rth = ip_find_rthdr_v6(sctp->sctp_ip6h, 1031 (uint8_t *)sctp->sctp_sctph6); 1032 if (rth != NULL) { 1033 (void) ip_massage_options_v6(sctp->sctp_ip6h, rth, 1034 sctps->sctps_netstack); 1035 } 1036 } 1037 return (0); 1038 } 1039 1040 /* 1041 * Initialize the IPv6 header. Loses any record of any IPv6 extension headers. 1042 */ 1043 int 1044 sctp_header_init_ipv6(sctp_t *sctp, int sleep) 1045 { 1046 sctp_hdr_t *sctph; 1047 sctp_stack_t *sctps = sctp->sctp_sctps; 1048 1049 /* 1050 * This is a simple initialization. If there's 1051 * already a template, it should never be too small, 1052 * so reuse it. Otherwise, allocate space for the new one. 1053 * Ensure that there is enough space to "downgrade" the sctp_t 1054 * to an IPv4 sctp_t. This requires having space for a full load 1055 * of IPv4 options 1056 */ 1057 if (sctp->sctp_iphc6 != NULL) { 1058 ASSERT(sctp->sctp_iphc6_len >= 1059 SCTP_MAX_COMBINED_HEADER_LENGTH); 1060 bzero(sctp->sctp_iphc6, sctp->sctp_iphc6_len); 1061 } else { 1062 sctp->sctp_iphc6_len = SCTP_MAX_COMBINED_HEADER_LENGTH; 1063 sctp->sctp_iphc6 = kmem_zalloc(sctp->sctp_iphc_len, sleep); 1064 if (sctp->sctp_iphc6 == NULL) { 1065 sctp->sctp_iphc6_len = 0; 1066 return (ENOMEM); 1067 } 1068 } 1069 sctp->sctp_hdr6_len = IPV6_HDR_LEN + sizeof (sctp_hdr_t); 1070 sctp->sctp_ip_hdr6_len = IPV6_HDR_LEN; 1071 sctp->sctp_ip6h = (ip6_t *)sctp->sctp_iphc6; 1072 1073 /* Initialize the header template */ 1074 1075 sctp->sctp_ip6h->ip6_vcf = IPV6_DEFAULT_VERS_AND_FLOW; 1076 sctp->sctp_ip6h->ip6_plen = ntohs(sizeof (sctp_hdr_t)); 1077 sctp->sctp_ip6h->ip6_nxt = IPPROTO_SCTP; 1078 sctp->sctp_ip6h->ip6_hops = sctps->sctps_ipv6_hoplimit; 1079 1080 sctph = (sctp_hdr_t *)(sctp->sctp_iphc6 + IPV6_HDR_LEN); 1081 sctp->sctp_sctph6 = sctph; 1082 1083 return (0); 1084 } 1085 1086 static int 1087 sctp_v4_label(sctp_t *sctp) 1088 { 1089 uchar_t optbuf[IP_MAX_OPT_LENGTH]; 1090 const cred_t *cr = CONN_CRED(sctp->sctp_connp); 1091 int added; 1092 1093 if (tsol_compute_label(cr, sctp->sctp_ipha->ipha_dst, optbuf, 1094 sctp->sctp_mac_exempt, 1095 sctp->sctp_sctps->sctps_netstack->netstack_ip) != 0) 1096 return (EACCES); 1097 1098 added = tsol_remove_secopt(sctp->sctp_ipha, sctp->sctp_hdr_len); 1099 if (added == -1) 1100 return (EACCES); 1101 sctp->sctp_hdr_len += added; 1102 sctp->sctp_sctph = (sctp_hdr_t *)((uchar_t *)sctp->sctp_sctph + added); 1103 sctp->sctp_ip_hdr_len += added; 1104 if ((sctp->sctp_v4label_len = optbuf[IPOPT_OLEN]) != 0) { 1105 sctp->sctp_v4label_len = (sctp->sctp_v4label_len + 3) & ~3; 1106 added = tsol_prepend_option(optbuf, sctp->sctp_ipha, 1107 sctp->sctp_hdr_len); 1108 if (added == -1) 1109 return (EACCES); 1110 sctp->sctp_hdr_len += added; 1111 sctp->sctp_sctph = (sctp_hdr_t *)((uchar_t *)sctp->sctp_sctph + 1112 added); 1113 sctp->sctp_ip_hdr_len += added; 1114 } 1115 return (0); 1116 } 1117 1118 static int 1119 sctp_v6_label(sctp_t *sctp) 1120 { 1121 uchar_t optbuf[TSOL_MAX_IPV6_OPTION]; 1122 const cred_t *cr = CONN_CRED(sctp->sctp_connp); 1123 1124 if (tsol_compute_label_v6(cr, &sctp->sctp_ip6h->ip6_dst, optbuf, 1125 sctp->sctp_mac_exempt, 1126 sctp->sctp_sctps->sctps_netstack->netstack_ip) != 0) 1127 return (EACCES); 1128 if (tsol_update_sticky(&sctp->sctp_sticky_ipp, &sctp->sctp_v6label_len, 1129 optbuf) != 0) 1130 return (EACCES); 1131 if (sctp_build_hdrs(sctp) != 0) 1132 return (EACCES); 1133 return (0); 1134 } 1135 1136 /* 1137 * XXX implement more sophisticated logic 1138 */ 1139 int 1140 sctp_set_hdraddrs(sctp_t *sctp) 1141 { 1142 sctp_faddr_t *fp; 1143 int gotv4 = 0; 1144 int gotv6 = 0; 1145 1146 ASSERT(sctp->sctp_faddrs != NULL); 1147 ASSERT(sctp->sctp_nsaddrs > 0); 1148 1149 /* Set up using the primary first */ 1150 if (IN6_IS_ADDR_V4MAPPED(&sctp->sctp_primary->faddr)) { 1151 IN6_V4MAPPED_TO_IPADDR(&sctp->sctp_primary->faddr, 1152 sctp->sctp_ipha->ipha_dst); 1153 /* saddr may be unspec; make_mp() will handle this */ 1154 IN6_V4MAPPED_TO_IPADDR(&sctp->sctp_primary->saddr, 1155 sctp->sctp_ipha->ipha_src); 1156 if (!is_system_labeled() || sctp_v4_label(sctp) == 0) { 1157 gotv4 = 1; 1158 if (sctp->sctp_ipversion == IPV4_VERSION) { 1159 goto copyports; 1160 } 1161 } 1162 } else { 1163 sctp->sctp_ip6h->ip6_dst = sctp->sctp_primary->faddr; 1164 /* saddr may be unspec; make_mp() will handle this */ 1165 sctp->sctp_ip6h->ip6_src = sctp->sctp_primary->saddr; 1166 if (!is_system_labeled() || sctp_v6_label(sctp) == 0) 1167 gotv6 = 1; 1168 } 1169 1170 for (fp = sctp->sctp_faddrs; fp; fp = fp->next) { 1171 if (!gotv4 && IN6_IS_ADDR_V4MAPPED(&fp->faddr)) { 1172 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, 1173 sctp->sctp_ipha->ipha_dst); 1174 /* copy in the faddr_t's saddr */ 1175 IN6_V4MAPPED_TO_IPADDR(&fp->saddr, 1176 sctp->sctp_ipha->ipha_src); 1177 if (!is_system_labeled() || sctp_v4_label(sctp) == 0) { 1178 gotv4 = 1; 1179 if (sctp->sctp_ipversion == IPV4_VERSION || 1180 gotv6) { 1181 break; 1182 } 1183 } 1184 } else if (!gotv6 && !IN6_IS_ADDR_V4MAPPED(&fp->faddr)) { 1185 sctp->sctp_ip6h->ip6_dst = fp->faddr; 1186 /* copy in the faddr_t's saddr */ 1187 sctp->sctp_ip6h->ip6_src = fp->saddr; 1188 if (!is_system_labeled() || sctp_v6_label(sctp) == 0) { 1189 gotv6 = 1; 1190 if (gotv4) 1191 break; 1192 } 1193 } 1194 } 1195 1196 copyports: 1197 if (!gotv4 && !gotv6) 1198 return (EACCES); 1199 1200 /* copy in the ports for good measure */ 1201 sctp->sctp_sctph->sh_sport = sctp->sctp_lport; 1202 sctp->sctp_sctph->sh_dport = sctp->sctp_fport; 1203 1204 sctp->sctp_sctph6->sh_sport = sctp->sctp_lport; 1205 sctp->sctp_sctph6->sh_dport = sctp->sctp_fport; 1206 return (0); 1207 } 1208 1209 void 1210 sctp_add_unrec_parm(sctp_parm_hdr_t *uph, mblk_t **errmp) 1211 { 1212 mblk_t *mp; 1213 sctp_parm_hdr_t *ph; 1214 size_t len; 1215 int pad; 1216 1217 len = sizeof (*ph) + ntohs(uph->sph_len); 1218 if ((pad = len % 4) != 0) { 1219 pad = 4 - pad; 1220 len += pad; 1221 } 1222 mp = allocb(len, BPRI_MED); 1223 if (mp == NULL) { 1224 return; 1225 } 1226 1227 ph = (sctp_parm_hdr_t *)(mp->b_rptr); 1228 ph->sph_type = htons(PARM_UNRECOGNIZED); 1229 ph->sph_len = htons(len - pad); 1230 1231 /* copy in the unrecognized parameter */ 1232 bcopy(uph, ph + 1, ntohs(uph->sph_len)); 1233 1234 mp->b_wptr = mp->b_rptr + len; 1235 if (*errmp != NULL) { 1236 linkb(*errmp, mp); 1237 } else { 1238 *errmp = mp; 1239 } 1240 } 1241 1242 /* 1243 * o Bounds checking 1244 * o Updates remaining 1245 * o Checks alignment 1246 */ 1247 sctp_parm_hdr_t * 1248 sctp_next_parm(sctp_parm_hdr_t *current, ssize_t *remaining) 1249 { 1250 int pad; 1251 uint16_t len; 1252 1253 len = ntohs(current->sph_len); 1254 *remaining -= len; 1255 if (*remaining < sizeof (*current) || len < sizeof (*current)) { 1256 return (NULL); 1257 } 1258 if ((pad = len & (SCTP_ALIGN - 1)) != 0) { 1259 pad = SCTP_ALIGN - pad; 1260 *remaining -= pad; 1261 } 1262 /*LINTED pointer cast may result in improper alignment*/ 1263 current = (sctp_parm_hdr_t *)((char *)current + len + pad); 1264 return (current); 1265 } 1266 1267 /* 1268 * Sets the address parameters given in the INIT chunk into sctp's 1269 * faddrs; if psctp is non-NULL, copies psctp's saddrs. If there are 1270 * no address parameters in the INIT chunk, a single faddr is created 1271 * from the ip hdr at the beginning of pkt. 1272 * If there already are existing addresses hanging from sctp, merge 1273 * them in, if the old info contains addresses which are not present 1274 * in this new info, get rid of them, and clean the pointers if there's 1275 * messages which have this as their target address. 1276 * 1277 * We also re-adjust the source address list here since the list may 1278 * contain more than what is actually part of the association. If 1279 * we get here from sctp_send_cookie_echo(), we are on the active 1280 * side and psctp will be NULL and ich will be the INIT-ACK chunk. 1281 * If we get here from sctp_accept_comm(), ich will be the INIT chunk 1282 * and psctp will the listening endpoint. 1283 * 1284 * INIT processing: When processing the INIT we inherit the src address 1285 * list from the listener. For a loopback or linklocal association, we 1286 * delete the list and just take the address from the IP header (since 1287 * that's how we created the INIT-ACK). Additionally, for loopback we 1288 * ignore the address params in the INIT. For determining which address 1289 * types were sent in the INIT-ACK we follow the same logic as in 1290 * creating the INIT-ACK. We delete addresses of the type that are not 1291 * supported by the peer. 1292 * 1293 * INIT-ACK processing: When processing the INIT-ACK since we had not 1294 * included addr params for loopback or linklocal addresses when creating 1295 * the INIT, we just use the address from the IP header. Further, for 1296 * loopback we ignore the addr param list. We mark addresses of the 1297 * type not supported by the peer as unconfirmed. 1298 * 1299 * In case of INIT processing we look for supported address types in the 1300 * supported address param, if present. In both cases the address type in 1301 * the IP header is supported as well as types for addresses in the param 1302 * list, if any. 1303 * 1304 * Once we have the supported address types sctp_check_saddr() runs through 1305 * the source address list and deletes or marks as unconfirmed address of 1306 * types not supported by the peer. 1307 * 1308 * Returns 0 on success, sys errno on failure 1309 */ 1310 int 1311 sctp_get_addrparams(sctp_t *sctp, sctp_t *psctp, mblk_t *pkt, 1312 sctp_chunk_hdr_t *ich, uint_t *sctp_options) 1313 { 1314 sctp_init_chunk_t *init; 1315 ipha_t *iph; 1316 ip6_t *ip6h; 1317 in6_addr_t hdrsaddr[1]; 1318 in6_addr_t hdrdaddr[1]; 1319 sctp_parm_hdr_t *ph; 1320 ssize_t remaining; 1321 int isv4; 1322 int err; 1323 sctp_faddr_t *fp; 1324 int supp_af = 0; 1325 boolean_t check_saddr = B_TRUE; 1326 in6_addr_t curaddr; 1327 sctp_stack_t *sctps = sctp->sctp_sctps; 1328 1329 if (sctp_options != NULL) 1330 *sctp_options = 0; 1331 1332 /* extract the address from the IP header */ 1333 isv4 = (IPH_HDR_VERSION(pkt->b_rptr) == IPV4_VERSION); 1334 if (isv4) { 1335 iph = (ipha_t *)pkt->b_rptr; 1336 IN6_IPADDR_TO_V4MAPPED(iph->ipha_src, hdrsaddr); 1337 IN6_IPADDR_TO_V4MAPPED(iph->ipha_dst, hdrdaddr); 1338 supp_af |= PARM_SUPP_V4; 1339 } else { 1340 ip6h = (ip6_t *)pkt->b_rptr; 1341 hdrsaddr[0] = ip6h->ip6_src; 1342 hdrdaddr[0] = ip6h->ip6_dst; 1343 supp_af |= PARM_SUPP_V6; 1344 } 1345 1346 /* 1347 * Unfortunately, we can't delay this because adding an faddr 1348 * looks for the presence of the source address (from the ire 1349 * for the faddr) in the source address list. We could have 1350 * delayed this if, say, this was a loopback/linklocal connection. 1351 * Now, we just end up nuking this list and taking the addr from 1352 * the IP header for loopback/linklocal. 1353 */ 1354 if (psctp != NULL && psctp->sctp_nsaddrs > 0) { 1355 ASSERT(sctp->sctp_nsaddrs == 0); 1356 1357 err = sctp_dup_saddrs(psctp, sctp, KM_NOSLEEP); 1358 if (err != 0) 1359 return (err); 1360 } 1361 /* 1362 * We will add the faddr before parsing the address list as this 1363 * might be a loopback connection and we would not have to 1364 * go through the list. 1365 * 1366 * Make sure the header's addr is in the list 1367 */ 1368 fp = sctp_lookup_faddr(sctp, hdrsaddr); 1369 if (fp == NULL) { 1370 /* not included; add it now */ 1371 err = sctp_add_faddr(sctp, hdrsaddr, KM_NOSLEEP, B_TRUE); 1372 if (err != 0) 1373 return (err); 1374 1375 /* sctp_faddrs will be the hdr addr */ 1376 fp = sctp->sctp_faddrs; 1377 } 1378 /* make the header addr the primary */ 1379 1380 if (cl_sctp_assoc_change != NULL && psctp == NULL) 1381 curaddr = sctp->sctp_current->faddr; 1382 1383 sctp->sctp_primary = fp; 1384 sctp->sctp_current = fp; 1385 sctp->sctp_mss = fp->sfa_pmss; 1386 1387 /* For loopback connections & linklocal get address from the header */ 1388 if (sctp->sctp_loopback || sctp->sctp_linklocal) { 1389 if (sctp->sctp_nsaddrs != 0) 1390 sctp_free_saddrs(sctp); 1391 if ((err = sctp_saddr_add_addr(sctp, hdrdaddr, 0)) != 0) 1392 return (err); 1393 /* For loopback ignore address list */ 1394 if (sctp->sctp_loopback) 1395 return (0); 1396 check_saddr = B_FALSE; 1397 } 1398 1399 /* Walk the params in the INIT [ACK], pulling out addr params */ 1400 remaining = ntohs(ich->sch_len) - sizeof (*ich) - 1401 sizeof (sctp_init_chunk_t); 1402 if (remaining < sizeof (*ph)) { 1403 if (check_saddr) { 1404 sctp_check_saddr(sctp, supp_af, psctp == NULL ? 1405 B_FALSE : B_TRUE); 1406 } 1407 ASSERT(sctp_saddr_lookup(sctp, hdrdaddr, 0) != NULL); 1408 return (0); 1409 } 1410 1411 init = (sctp_init_chunk_t *)(ich + 1); 1412 ph = (sctp_parm_hdr_t *)(init + 1); 1413 1414 /* params will have already been byteordered when validating */ 1415 while (ph != NULL) { 1416 if (ph->sph_type == htons(PARM_SUPP_ADDRS)) { 1417 int plen; 1418 uint16_t *p; 1419 uint16_t addrtype; 1420 1421 ASSERT(psctp != NULL); 1422 plen = ntohs(ph->sph_len); 1423 p = (uint16_t *)(ph + 1); 1424 while (plen > 0) { 1425 addrtype = ntohs(*p); 1426 switch (addrtype) { 1427 case PARM_ADDR6: 1428 supp_af |= PARM_SUPP_V6; 1429 break; 1430 case PARM_ADDR4: 1431 supp_af |= PARM_SUPP_V4; 1432 break; 1433 default: 1434 break; 1435 } 1436 p++; 1437 plen -= sizeof (*p); 1438 } 1439 } else if (ph->sph_type == htons(PARM_ADDR4)) { 1440 if (remaining >= PARM_ADDR4_LEN) { 1441 in6_addr_t addr; 1442 ipaddr_t ta; 1443 1444 supp_af |= PARM_SUPP_V4; 1445 /* 1446 * Screen out broad/multicasts & loopback. 1447 * If the endpoint only accepts v6 address, 1448 * go to the next one. 1449 */ 1450 bcopy(ph + 1, &ta, sizeof (ta)); 1451 if (ta == 0 || 1452 ta == INADDR_BROADCAST || 1453 ta == htonl(INADDR_LOOPBACK) || 1454 IN_MULTICAST(ta) || 1455 sctp->sctp_connp->conn_ipv6_v6only) { 1456 goto next; 1457 } 1458 /* 1459 * XXX also need to check for subnet 1460 * broadcasts. This should probably 1461 * wait until we have full access 1462 * to the ILL tables. 1463 */ 1464 1465 IN6_INADDR_TO_V4MAPPED((struct in_addr *) 1466 (ph + 1), &addr); 1467 /* Check for duplicate. */ 1468 if (sctp_lookup_faddr(sctp, &addr) != NULL) 1469 goto next; 1470 1471 /* OK, add it to the faddr set */ 1472 err = sctp_add_faddr(sctp, &addr, KM_NOSLEEP, 1473 B_FALSE); 1474 if (err != 0) 1475 return (err); 1476 } 1477 } else if (ph->sph_type == htons(PARM_ADDR6) && 1478 sctp->sctp_family == AF_INET6) { 1479 /* An v4 socket should not take v6 addresses. */ 1480 if (remaining >= PARM_ADDR6_LEN) { 1481 in6_addr_t *addr6; 1482 1483 supp_af |= PARM_SUPP_V6; 1484 addr6 = (in6_addr_t *)(ph + 1); 1485 /* 1486 * Screen out link locals, mcast, loopback 1487 * and bogus v6 address. 1488 */ 1489 if (IN6_IS_ADDR_LINKLOCAL(addr6) || 1490 IN6_IS_ADDR_MULTICAST(addr6) || 1491 IN6_IS_ADDR_LOOPBACK(addr6) || 1492 IN6_IS_ADDR_V4MAPPED(addr6)) { 1493 goto next; 1494 } 1495 /* Check for duplicate. */ 1496 if (sctp_lookup_faddr(sctp, addr6) != NULL) 1497 goto next; 1498 1499 err = sctp_add_faddr(sctp, 1500 (in6_addr_t *)(ph + 1), KM_NOSLEEP, 1501 B_FALSE); 1502 if (err != 0) 1503 return (err); 1504 } 1505 } else if (ph->sph_type == htons(PARM_FORWARD_TSN)) { 1506 if (sctp_options != NULL) 1507 *sctp_options |= SCTP_PRSCTP_OPTION; 1508 } /* else; skip */ 1509 1510 next: 1511 ph = sctp_next_parm(ph, &remaining); 1512 } 1513 if (check_saddr) { 1514 sctp_check_saddr(sctp, supp_af, psctp == NULL ? B_FALSE : 1515 B_TRUE); 1516 } 1517 ASSERT(sctp_saddr_lookup(sctp, hdrdaddr, 0) != NULL); 1518 /* 1519 * We have the right address list now, update clustering's 1520 * knowledge because when we sent the INIT we had just added 1521 * the address the INIT was sent to. 1522 */ 1523 if (psctp == NULL && cl_sctp_assoc_change != NULL) { 1524 uchar_t *alist; 1525 size_t asize; 1526 uchar_t *dlist; 1527 size_t dsize; 1528 1529 asize = sizeof (in6_addr_t) * sctp->sctp_nfaddrs; 1530 alist = kmem_alloc(asize, KM_NOSLEEP); 1531 if (alist == NULL) { 1532 SCTP_KSTAT(sctps, sctp_cl_assoc_change); 1533 return (ENOMEM); 1534 } 1535 /* 1536 * Just include the address the INIT was sent to in the 1537 * delete list and send the entire faddr list. We could 1538 * do it differently (i.e include all the addresses in the 1539 * add list even if it contains the original address OR 1540 * remove the original address from the add list etc.), but 1541 * this seems reasonable enough. 1542 */ 1543 dsize = sizeof (in6_addr_t); 1544 dlist = kmem_alloc(dsize, KM_NOSLEEP); 1545 if (dlist == NULL) { 1546 kmem_free(alist, asize); 1547 SCTP_KSTAT(sctps, sctp_cl_assoc_change); 1548 return (ENOMEM); 1549 } 1550 bcopy(&curaddr, dlist, sizeof (curaddr)); 1551 sctp_get_faddr_list(sctp, alist, asize); 1552 (*cl_sctp_assoc_change)(sctp->sctp_family, alist, asize, 1553 sctp->sctp_nfaddrs, dlist, dsize, 1, SCTP_CL_PADDR, 1554 (cl_sctp_handle_t)sctp); 1555 /* alist and dlist will be freed by the clustering module */ 1556 } 1557 return (0); 1558 } 1559 1560 /* 1561 * Returns 0 if the check failed and the restart should be refused, 1562 * 1 if the check succeeded. 1563 */ 1564 int 1565 sctp_secure_restart_check(mblk_t *pkt, sctp_chunk_hdr_t *ich, uint32_t ports, 1566 int sleep, sctp_stack_t *sctps) 1567 { 1568 sctp_faddr_t *fp, *fpa, *fphead = NULL; 1569 sctp_parm_hdr_t *ph; 1570 ssize_t remaining; 1571 int isv4; 1572 ipha_t *iph; 1573 ip6_t *ip6h; 1574 in6_addr_t hdraddr[1]; 1575 int retval = 0; 1576 sctp_tf_t *tf; 1577 sctp_t *sctp; 1578 int compres; 1579 sctp_init_chunk_t *init; 1580 int nadded = 0; 1581 1582 /* extract the address from the IP header */ 1583 isv4 = (IPH_HDR_VERSION(pkt->b_rptr) == IPV4_VERSION); 1584 if (isv4) { 1585 iph = (ipha_t *)pkt->b_rptr; 1586 IN6_IPADDR_TO_V4MAPPED(iph->ipha_src, hdraddr); 1587 } else { 1588 ip6h = (ip6_t *)pkt->b_rptr; 1589 hdraddr[0] = ip6h->ip6_src; 1590 } 1591 1592 /* Walk the params in the INIT [ACK], pulling out addr params */ 1593 remaining = ntohs(ich->sch_len) - sizeof (*ich) - 1594 sizeof (sctp_init_chunk_t); 1595 if (remaining < sizeof (*ph)) { 1596 /* no parameters; restart OK */ 1597 return (1); 1598 } 1599 init = (sctp_init_chunk_t *)(ich + 1); 1600 ph = (sctp_parm_hdr_t *)(init + 1); 1601 1602 while (ph != NULL) { 1603 /* params will have already been byteordered when validating */ 1604 if (ph->sph_type == htons(PARM_ADDR4)) { 1605 if (remaining >= PARM_ADDR4_LEN) { 1606 in6_addr_t addr; 1607 IN6_INADDR_TO_V4MAPPED((struct in_addr *) 1608 (ph + 1), &addr); 1609 fpa = kmem_cache_alloc(sctp_kmem_faddr_cache, 1610 sleep); 1611 if (!fpa) { 1612 goto done; 1613 } 1614 bzero(fpa, sizeof (*fpa)); 1615 fpa->faddr = addr; 1616 fpa->next = NULL; 1617 } 1618 } else if (ph->sph_type == htons(PARM_ADDR6)) { 1619 if (remaining >= PARM_ADDR6_LEN) { 1620 fpa = kmem_cache_alloc(sctp_kmem_faddr_cache, 1621 sleep); 1622 if (!fpa) { 1623 goto done; 1624 } 1625 bzero(fpa, sizeof (*fpa)); 1626 bcopy(ph + 1, &fpa->faddr, 1627 sizeof (fpa->faddr)); 1628 fpa->next = NULL; 1629 } 1630 } else { 1631 /* else not addr param; skip */ 1632 fpa = NULL; 1633 } 1634 /* link in the new addr, if it was an addr param */ 1635 if (fpa) { 1636 if (!fphead) { 1637 fphead = fpa; 1638 fp = fphead; 1639 } else { 1640 fp->next = fpa; 1641 fp = fpa; 1642 } 1643 } 1644 1645 ph = sctp_next_parm(ph, &remaining); 1646 } 1647 1648 if (fphead == NULL) { 1649 /* no addr parameters; restart OK */ 1650 return (1); 1651 } 1652 1653 /* 1654 * got at least one; make sure the header's addr is 1655 * in the list 1656 */ 1657 fp = sctp_lookup_faddr_nosctp(fphead, hdraddr); 1658 if (!fp) { 1659 /* not included; add it now */ 1660 fp = kmem_cache_alloc(sctp_kmem_faddr_cache, sleep); 1661 if (!fp) { 1662 goto done; 1663 } 1664 bzero(fp, sizeof (*fp)); 1665 fp->faddr = *hdraddr; 1666 fp->next = fphead; 1667 fphead = fp; 1668 } 1669 1670 /* 1671 * Now, we can finally do the check: For each sctp instance 1672 * on the hash line for ports, compare its faddr set against 1673 * the new one. If the new one is a strict subset of any 1674 * existing sctp's faddrs, the restart is OK. However, if there 1675 * is an overlap, this could be an attack, so return failure. 1676 * If all sctp's faddrs are disjoint, this is a legitimate new 1677 * association. 1678 */ 1679 tf = &(sctps->sctps_conn_fanout[SCTP_CONN_HASH(sctps, ports)]); 1680 mutex_enter(&tf->tf_lock); 1681 1682 for (sctp = tf->tf_sctp; sctp; sctp = sctp->sctp_conn_hash_next) { 1683 if (ports != sctp->sctp_ports) { 1684 continue; 1685 } 1686 compres = sctp_compare_faddrsets(fphead, sctp->sctp_faddrs); 1687 if (compres <= SCTP_ADDR_SUBSET) { 1688 retval = 1; 1689 mutex_exit(&tf->tf_lock); 1690 goto done; 1691 } 1692 if (compres == SCTP_ADDR_OVERLAP) { 1693 dprint(1, 1694 ("new assoc from %x:%x:%x:%x overlaps with %p\n", 1695 SCTP_PRINTADDR(*hdraddr), (void *)sctp)); 1696 /* 1697 * While we still hold the lock, we need to 1698 * figure out which addresses have been 1699 * added so we can include them in the abort 1700 * we will send back. Since these faddrs will 1701 * never be used, we overload the rto field 1702 * here, setting it to 0 if the address was 1703 * not added, 1 if it was added. 1704 */ 1705 for (fp = fphead; fp; fp = fp->next) { 1706 if (sctp_lookup_faddr(sctp, &fp->faddr)) { 1707 fp->rto = 0; 1708 } else { 1709 fp->rto = 1; 1710 nadded++; 1711 } 1712 } 1713 mutex_exit(&tf->tf_lock); 1714 goto done; 1715 } 1716 } 1717 mutex_exit(&tf->tf_lock); 1718 1719 /* All faddrs are disjoint; legit new association */ 1720 retval = 1; 1721 1722 done: 1723 /* If are attempted adds, send back an abort listing the addrs */ 1724 if (nadded > 0) { 1725 void *dtail; 1726 size_t dlen; 1727 1728 dtail = kmem_alloc(PARM_ADDR6_LEN * nadded, KM_NOSLEEP); 1729 if (dtail == NULL) { 1730 goto cleanup; 1731 } 1732 1733 ph = dtail; 1734 dlen = 0; 1735 for (fp = fphead; fp; fp = fp->next) { 1736 if (fp->rto == 0) { 1737 continue; 1738 } 1739 if (IN6_IS_ADDR_V4MAPPED(&fp->faddr)) { 1740 ipaddr_t addr4; 1741 1742 ph->sph_type = htons(PARM_ADDR4); 1743 ph->sph_len = htons(PARM_ADDR4_LEN); 1744 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, addr4); 1745 ph++; 1746 bcopy(&addr4, ph, sizeof (addr4)); 1747 ph = (sctp_parm_hdr_t *) 1748 ((char *)ph + sizeof (addr4)); 1749 dlen += PARM_ADDR4_LEN; 1750 } else { 1751 ph->sph_type = htons(PARM_ADDR6); 1752 ph->sph_len = htons(PARM_ADDR6_LEN); 1753 ph++; 1754 bcopy(&fp->faddr, ph, sizeof (fp->faddr)); 1755 ph = (sctp_parm_hdr_t *) 1756 ((char *)ph + sizeof (fp->faddr)); 1757 dlen += PARM_ADDR6_LEN; 1758 } 1759 } 1760 1761 /* Send off the abort */ 1762 sctp_send_abort(sctp, sctp_init2vtag(ich), 1763 SCTP_ERR_RESTART_NEW_ADDRS, dtail, dlen, pkt, 0, B_TRUE); 1764 1765 kmem_free(dtail, PARM_ADDR6_LEN * nadded); 1766 } 1767 1768 cleanup: 1769 /* Clean up */ 1770 if (fphead) { 1771 sctp_faddr_t *fpn; 1772 for (fp = fphead; fp; fp = fpn) { 1773 fpn = fp->next; 1774 kmem_cache_free(sctp_kmem_faddr_cache, fp); 1775 } 1776 } 1777 1778 return (retval); 1779 } 1780 1781 /* 1782 * Reset any state related to transmitted chunks. 1783 */ 1784 void 1785 sctp_congest_reset(sctp_t *sctp) 1786 { 1787 sctp_faddr_t *fp; 1788 sctp_stack_t *sctps = sctp->sctp_sctps; 1789 mblk_t *mp; 1790 1791 for (fp = sctp->sctp_faddrs; fp != NULL; fp = fp->next) { 1792 fp->ssthresh = sctps->sctps_initial_mtu; 1793 fp->cwnd = fp->sfa_pmss * sctps->sctps_slow_start_initial; 1794 fp->suna = 0; 1795 fp->pba = 0; 1796 } 1797 /* 1798 * Clean up the transmit list as well since we have reset accounting 1799 * on all the fps. Send event upstream, if required. 1800 */ 1801 while ((mp = sctp->sctp_xmit_head) != NULL) { 1802 sctp->sctp_xmit_head = mp->b_next; 1803 mp->b_next = NULL; 1804 if (sctp->sctp_xmit_head != NULL) 1805 sctp->sctp_xmit_head->b_prev = NULL; 1806 sctp_sendfail_event(sctp, mp, 0, B_TRUE); 1807 } 1808 sctp->sctp_xmit_head = NULL; 1809 sctp->sctp_xmit_tail = NULL; 1810 sctp->sctp_xmit_unacked = NULL; 1811 1812 sctp->sctp_unacked = 0; 1813 /* 1814 * Any control message as well. We will clean-up this list as well. 1815 * This contains any pending ASCONF request that we have queued/sent. 1816 * If we do get an ACK we will just drop it. However, given that 1817 * we are restarting chances are we aren't going to get any. 1818 */ 1819 if (sctp->sctp_cxmit_list != NULL) 1820 sctp_asconf_free_cxmit(sctp, NULL); 1821 sctp->sctp_cxmit_list = NULL; 1822 sctp->sctp_cchunk_pend = 0; 1823 1824 sctp->sctp_rexmitting = B_FALSE; 1825 sctp->sctp_rxt_nxttsn = 0; 1826 sctp->sctp_rxt_maxtsn = 0; 1827 1828 sctp->sctp_zero_win_probe = B_FALSE; 1829 } 1830 1831 static void 1832 sctp_init_faddr(sctp_t *sctp, sctp_faddr_t *fp, in6_addr_t *addr, 1833 mblk_t *timer_mp) 1834 { 1835 sctp_stack_t *sctps = sctp->sctp_sctps; 1836 1837 bcopy(addr, &fp->faddr, sizeof (*addr)); 1838 if (IN6_IS_ADDR_V4MAPPED(addr)) { 1839 fp->isv4 = 1; 1840 /* Make sure that sfa_pmss is a multiple of SCTP_ALIGN. */ 1841 fp->sfa_pmss = (sctps->sctps_initial_mtu - sctp->sctp_hdr_len) & 1842 ~(SCTP_ALIGN - 1); 1843 } else { 1844 fp->isv4 = 0; 1845 fp->sfa_pmss = 1846 (sctps->sctps_initial_mtu - sctp->sctp_hdr6_len) & 1847 ~(SCTP_ALIGN - 1); 1848 } 1849 fp->cwnd = sctps->sctps_slow_start_initial * fp->sfa_pmss; 1850 fp->rto = MIN(sctp->sctp_rto_initial, sctp->sctp_init_rto_max); 1851 fp->srtt = -1; 1852 fp->rtt_updates = 0; 1853 fp->strikes = 0; 1854 fp->max_retr = sctp->sctp_pp_max_rxt; 1855 /* Mark it as not confirmed. */ 1856 fp->state = SCTP_FADDRS_UNCONFIRMED; 1857 fp->hb_interval = sctp->sctp_hb_interval; 1858 fp->ssthresh = sctps->sctps_initial_ssthresh; 1859 fp->suna = 0; 1860 fp->pba = 0; 1861 fp->acked = 0; 1862 fp->lastactive = lbolt64; 1863 fp->timer_mp = timer_mp; 1864 fp->hb_pending = B_FALSE; 1865 fp->timer_running = 0; 1866 fp->df = 1; 1867 fp->pmtu_discovered = 0; 1868 fp->rc_timer_mp = NULL; 1869 fp->rc_timer_running = 0; 1870 fp->next = NULL; 1871 fp->ire = NULL; 1872 fp->T3expire = 0; 1873 (void) random_get_pseudo_bytes((uint8_t *)&fp->hb_secret, 1874 sizeof (fp->hb_secret)); 1875 fp->hb_expiry = lbolt64; 1876 1877 sctp_get_ire(sctp, fp); 1878 } 1879 1880 /*ARGSUSED*/ 1881 static void 1882 faddr_destructor(void *buf, void *cdrarg) 1883 { 1884 sctp_faddr_t *fp = buf; 1885 1886 ASSERT(fp->timer_mp == NULL); 1887 ASSERT(fp->timer_running == 0); 1888 1889 ASSERT(fp->rc_timer_mp == NULL); 1890 ASSERT(fp->rc_timer_running == 0); 1891 } 1892 1893 void 1894 sctp_faddr_init(void) 1895 { 1896 sctp_kmem_faddr_cache = kmem_cache_create("sctp_faddr_cache", 1897 sizeof (sctp_faddr_t), 0, NULL, faddr_destructor, 1898 NULL, NULL, NULL, 0); 1899 } 1900 1901 void 1902 sctp_faddr_fini(void) 1903 { 1904 kmem_cache_destroy(sctp_kmem_faddr_cache); 1905 } 1906