1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/types.h> 30 #include <sys/systm.h> 31 #include <sys/stream.h> 32 #include <sys/ddi.h> 33 #include <sys/sunddi.h> 34 #include <sys/kmem.h> 35 #include <sys/socket.h> 36 #include <sys/random.h> 37 38 #include <netinet/in.h> 39 #include <netinet/ip6.h> 40 #include <netinet/sctp.h> 41 42 #include <inet/common.h> 43 #include <inet/ip.h> 44 #include <inet/ip6.h> 45 #include <inet/ip_ire.h> 46 #include <inet/mi.h> 47 #include <inet/mib2.h> 48 #include <inet/nd.h> 49 #include <inet/optcom.h> 50 #include <inet/sctp_ip.h> 51 #include <inet/ipclassifier.h> 52 #include "sctp_impl.h" 53 #include "sctp_addr.h" 54 55 static struct kmem_cache *sctp_kmem_faddr_cache; 56 static void sctp_init_faddr(sctp_t *, sctp_faddr_t *, in6_addr_t *); 57 58 /* Set the source address. Refer to comments in sctp_ire2faddr(). */ 59 static void 60 set_saddr(sctp_t *sctp, sctp_faddr_t *fp, boolean_t v6) 61 { 62 if (sctp->sctp_bound_to_all) { 63 V6_SET_ZERO(fp->saddr); 64 } else { 65 fp->saddr = sctp_get_valid_addr(sctp, v6); 66 if (!v6 && IN6_IS_ADDR_V4MAPPED_ANY(&fp->saddr) || 67 v6 && IN6_IS_ADDR_UNSPECIFIED(&fp->saddr)) { 68 fp->state = SCTP_FADDRS_UNREACH; 69 /* Disable heartbeat. */ 70 fp->hb_expiry = 0; 71 fp->hb_pending = B_FALSE; 72 fp->strikes = 0; 73 } 74 } 75 } 76 77 /* 78 * Call this function to update the cached IRE of a peer addr fp. 79 */ 80 void 81 sctp_ire2faddr(sctp_t *sctp, sctp_faddr_t *fp) 82 { 83 ire_t *ire; 84 ipaddr_t addr4; 85 in6_addr_t laddr; 86 sctp_saddr_ipif_t *sp; 87 uint_t ipif_seqid; 88 int hdrlen; 89 90 /* Remove the previous cache IRE */ 91 if ((ire = fp->ire) != NULL) { 92 IRE_REFRELE_NOTR(ire); 93 fp->ire = NULL; 94 } 95 96 /* 97 * If this addr is not reachable, mark it as unconfirmed for now, the 98 * state will be changed back to unreachable later in this function 99 * if it is still the case. 100 */ 101 if (fp->state == SCTP_FADDRS_UNREACH) { 102 fp->state = SCTP_FADDRS_UNCONFIRMED; 103 } 104 105 if (fp->isv4) { 106 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, addr4); 107 108 ire = ire_cache_lookup(addr4, sctp->sctp_zoneid); 109 if (ire == NULL) { 110 dprint(3, ("ire2faddr: no ire for %x:%x:%x:%x\n", 111 SCTP_PRINTADDR(fp->faddr))); 112 /* 113 * It is tempting to just leave the src addr 114 * unspecified and let IP figure it out, but we 115 * *cannot* do this, since IP may choose a src addr 116 * that is not part of this association... unless 117 * this sctp has bound to all addrs. So if the ire 118 * lookup fails, try to find one in our src addr 119 * list, unless the sctp has bound to all addrs, in 120 * which case we change the src addr to unspec. 121 * 122 * Note that if this is a v6 endpoint but it does 123 * not have any v4 address at this point (e.g. may 124 * have been deleted), sctp_get_valid_addr() will 125 * return mapped INADDR_ANY. In this case, this 126 * address should be marked not reachable so that 127 * it won't be used to send data. 128 */ 129 set_saddr(sctp, fp, B_FALSE); 130 goto set_current; 131 } 132 ipif_seqid = ire->ire_ipif->ipif_seqid; 133 dprint(2, ("ire2faddr: got ire for %x:%x:%x:%x, ", 134 SCTP_PRINTADDR(fp->faddr))); 135 dprint(2, ("src = %x\n", ire->ire_src_addr)); 136 IN6_IPADDR_TO_V4MAPPED(ire->ire_src_addr, &laddr); 137 138 /* make sure the laddr is part of this association */ 139 if ((sp = sctp_ipif_lookup(sctp, ipif_seqid)) != 140 NULL && !sp->saddr_ipif_dontsrc) { 141 if (sp->saddr_ipif_unconfirmed == 1) 142 sp->saddr_ipif_unconfirmed = 0; 143 fp->saddr = laddr; 144 } else { 145 ip2dbg(("ire2faddr: src addr is not part of assc\n")); 146 set_saddr(sctp, fp, B_FALSE); 147 } 148 } else { 149 ire = ire_cache_lookup_v6(&fp->faddr, sctp->sctp_zoneid); 150 if (ire == NULL) { 151 dprint(3, ("ire2faddr: no ire for %x:%x:%x:%x\n", 152 SCTP_PRINTADDR(fp->faddr))); 153 set_saddr(sctp, fp, B_TRUE); 154 goto set_current; 155 } 156 ipif_seqid = ire->ire_ipif->ipif_seqid; 157 dprint(2, ("ire2faddr: got ire for %x:%x:%x:%x, ", 158 SCTP_PRINTADDR(fp->faddr))); 159 dprint(2, ("src=%x:%x:%x:%x\n", 160 SCTP_PRINTADDR(ire->ire_src_addr_v6))); 161 laddr = ire->ire_src_addr_v6; 162 163 /* make sure the laddr is part of this association */ 164 165 if ((sp = sctp_ipif_lookup(sctp, ipif_seqid)) != 166 NULL && !sp->saddr_ipif_dontsrc) { 167 if (sp->saddr_ipif_unconfirmed == 1) 168 sp->saddr_ipif_unconfirmed = 0; 169 fp->saddr = laddr; 170 } else { 171 dprint(2, ("ire2faddr: src addr is not part " 172 "of assc\n")); 173 set_saddr(sctp, fp, B_TRUE); 174 } 175 } 176 177 /* Cache the IRE */ 178 IRE_REFHOLD_NOTR(ire); 179 fp->ire = ire; 180 if (fp->ire->ire_type == IRE_LOOPBACK && !sctp->sctp_loopback) 181 sctp->sctp_loopback = 1; 182 IRE_REFRELE(ire); 183 184 /* 185 * Pull out RTO information for this faddr and use it if we don't 186 * have any yet. 187 */ 188 if (fp->srtt == -1 && ire->ire_uinfo.iulp_rtt != 0) { 189 /* The cached value is in ms. */ 190 fp->srtt = MSEC_TO_TICK(ire->ire_uinfo.iulp_rtt); 191 fp->rttvar = MSEC_TO_TICK(ire->ire_uinfo.iulp_rtt_sd); 192 fp->rto = 3 * fp->srtt; 193 194 /* Bound the RTO by configured min and max values */ 195 if (fp->rto < sctp->sctp_rto_min) { 196 fp->rto = sctp->sctp_rto_min; 197 } 198 if (fp->rto > sctp->sctp_rto_max) { 199 fp->rto = sctp->sctp_rto_max; 200 } 201 } 202 203 /* 204 * Record the MTU for this faddr. If the MTU for this faddr has 205 * changed, check if the assc MTU will also change. 206 */ 207 if (fp->isv4) { 208 hdrlen = sctp->sctp_hdr_len; 209 } else { 210 hdrlen = sctp->sctp_hdr6_len; 211 } 212 if ((fp->sfa_pmss + hdrlen) != ire->ire_max_frag) { 213 /* Make sure that sfa_pmss is a multiple of SCTP_ALIGN. */ 214 fp->sfa_pmss = (ire->ire_max_frag - hdrlen) & ~(SCTP_ALIGN - 1); 215 if (fp->cwnd < (fp->sfa_pmss * 2)) { 216 fp->cwnd = fp->sfa_pmss * sctp_slow_start_initial; 217 } 218 } 219 220 set_current: 221 if (fp == sctp->sctp_current) { 222 sctp_faddr2hdraddr(fp, sctp); 223 sctp->sctp_mss = fp->sfa_pmss; 224 if (!SCTP_IS_DETACHED(sctp)) { 225 sctp_set_ulp_prop(sctp); 226 } 227 } 228 } 229 230 /*ARGSUSED*/ 231 void 232 sctp_faddr2ire(sctp_t *sctp, sctp_faddr_t *fp) 233 { 234 ire_t *ire; 235 236 if ((ire = fp->ire) == NULL) { 237 return; 238 } 239 240 mutex_enter(&ire->ire_lock); 241 242 /* If the cached IRE is going sway, there is no point to update it. */ 243 if (ire->ire_marks & IRE_MARK_CONDEMNED) { 244 mutex_exit(&ire->ire_lock); 245 IRE_REFRELE_NOTR(ire); 246 fp->ire = NULL; 247 return; 248 } 249 250 /* 251 * Only record the PMTU for this faddr if we actually have 252 * done discovery. This prevents initialized default from 253 * clobbering any real info that IP may have. 254 */ 255 if (fp->pmtu_discovered) { 256 if (fp->isv4) { 257 ire->ire_max_frag = fp->sfa_pmss + sctp->sctp_hdr_len; 258 } else { 259 ire->ire_max_frag = fp->sfa_pmss + sctp->sctp_hdr6_len; 260 } 261 } 262 263 if (sctp_rtt_updates != 0 && fp->rtt_updates >= sctp_rtt_updates) { 264 /* 265 * If there is no old cached values, initialize them 266 * conservatively. Set them to be (1.5 * new value). 267 * This code copied from ip_ire_advise(). The cached 268 * value is in ms. 269 */ 270 if (ire->ire_uinfo.iulp_rtt != 0) { 271 ire->ire_uinfo.iulp_rtt = (ire->ire_uinfo.iulp_rtt + 272 TICK_TO_MSEC(fp->srtt)) >> 1; 273 } else { 274 ire->ire_uinfo.iulp_rtt = TICK_TO_MSEC(fp->srtt + 275 (fp->srtt >> 1)); 276 } 277 if (ire->ire_uinfo.iulp_rtt_sd != 0) { 278 ire->ire_uinfo.iulp_rtt_sd = 279 (ire->ire_uinfo.iulp_rtt_sd + 280 TICK_TO_MSEC(fp->rttvar)) >> 1; 281 } else { 282 ire->ire_uinfo.iulp_rtt_sd = TICK_TO_MSEC(fp->rttvar + 283 (fp->rttvar >> 1)); 284 } 285 fp->rtt_updates = 0; 286 } 287 288 mutex_exit(&ire->ire_lock); 289 } 290 291 /* 292 * The sender must set the total length in the IP header. 293 * If sendto == NULL, the current will be used. 294 */ 295 mblk_t * 296 sctp_make_mp(sctp_t *sctp, sctp_faddr_t *sendto, int trailer) 297 { 298 mblk_t *mp; 299 size_t ipsctplen; 300 int isv4; 301 sctp_faddr_t *fp; 302 303 ASSERT(sctp->sctp_current != NULL || sendto != NULL); 304 if (sendto == NULL) { 305 fp = sctp->sctp_current; 306 } else { 307 fp = sendto; 308 } 309 isv4 = fp->isv4; 310 311 /* Try to look for another IRE again. */ 312 if (fp->ire == NULL) 313 sctp_ire2faddr(sctp, fp); 314 315 /* There is no suitable source address to use, return. */ 316 if (fp->state == SCTP_FADDRS_UNREACH) 317 return (NULL); 318 319 if (isv4) { 320 ipsctplen = sctp->sctp_hdr_len; 321 } else { 322 ipsctplen = sctp->sctp_hdr6_len; 323 } 324 325 mp = allocb(ipsctplen + sctp_wroff_xtra + trailer, BPRI_MED); 326 if (mp == NULL) { 327 ip1dbg(("sctp_make_mp: error makign mp..\n")); 328 return (NULL); 329 } 330 mp->b_rptr += sctp_wroff_xtra; 331 mp->b_wptr = mp->b_rptr + ipsctplen; 332 333 ASSERT(OK_32PTR(mp->b_wptr)); 334 335 if (isv4) { 336 ipha_t *iph = (ipha_t *)mp->b_rptr; 337 338 bcopy(sctp->sctp_iphc, mp->b_rptr, ipsctplen); 339 if (fp != sctp->sctp_current) { 340 /* fiddle with the dst addr */ 341 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, iph->ipha_dst); 342 /* fix up src addr */ 343 if (!IN6_IS_ADDR_V4MAPPED_ANY(&fp->saddr)) { 344 IN6_V4MAPPED_TO_IPADDR(&fp->saddr, 345 iph->ipha_src); 346 } else if (sctp->sctp_bound_to_all) { 347 iph->ipha_src = INADDR_ANY; 348 } 349 } 350 /* set or clear the don't fragment bit */ 351 if (fp->df) { 352 iph->ipha_fragment_offset_and_flags = htons(IPH_DF); 353 } else { 354 iph->ipha_fragment_offset_and_flags = 0; 355 } 356 } else { 357 bcopy(sctp->sctp_iphc6, mp->b_rptr, ipsctplen); 358 if (fp != sctp->sctp_current) { 359 /* fiddle with the dst addr */ 360 ((ip6_t *)(mp->b_rptr))->ip6_dst = fp->faddr; 361 /* fix up src addr */ 362 if (!IN6_IS_ADDR_UNSPECIFIED(&fp->saddr)) { 363 ((ip6_t *)(mp->b_rptr))->ip6_src = fp->saddr; 364 } else if (sctp->sctp_bound_to_all) { 365 bzero(&((ip6_t *)(mp->b_rptr))->ip6_src, 366 sizeof (in6_addr_t)); 367 } 368 } 369 } 370 ASSERT(sctp->sctp_connp != NULL); 371 372 /* 373 * IP will not free this IRE if it is condemned. SCTP needs to 374 * free it. 375 */ 376 if ((fp->ire != NULL) && (fp->ire->ire_marks & IRE_MARK_CONDEMNED)) { 377 IRE_REFRELE_NOTR(fp->ire); 378 fp->ire = NULL; 379 } 380 /* Stash the conn and ire ptr info. for IP */ 381 SCTP_STASH_IPINFO(mp, fp->ire); 382 383 return (mp); 384 } 385 386 /* 387 * Notify upper layers about preferred write offset, write size. 388 */ 389 void 390 sctp_set_ulp_prop(sctp_t *sctp) 391 { 392 int hdrlen; 393 394 if (sctp->sctp_current->isv4) { 395 hdrlen = sctp->sctp_hdr_len; 396 } else { 397 hdrlen = sctp->sctp_hdr6_len; 398 } 399 ASSERT(sctp->sctp_ulpd); 400 401 ASSERT(sctp->sctp_current->sfa_pmss == sctp->sctp_mss); 402 sctp->sctp_ulp_prop(sctp->sctp_ulpd, 403 sctp_wroff_xtra + hdrlen + sizeof (sctp_data_hdr_t), 404 sctp->sctp_mss - sizeof (sctp_data_hdr_t)); 405 } 406 407 void 408 sctp_set_iplen(sctp_t *sctp, mblk_t *mp) 409 { 410 uint16_t sum = 0; 411 ipha_t *iph; 412 ip6_t *ip6h; 413 mblk_t *pmp = mp; 414 boolean_t isv4; 415 416 isv4 = (IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION); 417 for (; pmp; pmp = pmp->b_cont) 418 sum += pmp->b_wptr - pmp->b_rptr; 419 420 if (isv4) { 421 iph = (ipha_t *)mp->b_rptr; 422 iph->ipha_length = htons(sum); 423 } else { 424 ip6h = (ip6_t *)mp->b_rptr; 425 /* 426 * If an ip6i_t is present, the real IPv6 header 427 * immediately follows. 428 */ 429 if (ip6h->ip6_nxt == IPPROTO_RAW) 430 ip6h = (ip6_t *)&ip6h[1]; 431 ip6h->ip6_plen = htons(sum - ((char *)&sctp->sctp_ip6h[1] - 432 sctp->sctp_iphc6)); 433 } 434 } 435 436 int 437 sctp_compare_faddrsets(sctp_faddr_t *a1, sctp_faddr_t *a2) 438 { 439 int na1 = 0; 440 int overlap = 0; 441 int equal = 1; 442 int onematch; 443 sctp_faddr_t *fp1, *fp2; 444 445 for (fp1 = a1; fp1; fp1 = fp1->next) { 446 onematch = 0; 447 for (fp2 = a2; fp2; fp2 = fp2->next) { 448 if (IN6_ARE_ADDR_EQUAL(&fp1->faddr, &fp2->faddr)) { 449 overlap++; 450 onematch = 1; 451 break; 452 } 453 if (!onematch) { 454 equal = 0; 455 } 456 } 457 na1++; 458 } 459 460 if (equal) { 461 return (SCTP_ADDR_EQUAL); 462 } 463 if (overlap == na1) { 464 return (SCTP_ADDR_SUBSET); 465 } 466 if (overlap) { 467 return (SCTP_ADDR_OVERLAP); 468 } 469 return (SCTP_ADDR_DISJOINT); 470 } 471 472 /* 473 * Returns 0 on success, -1 on memory allocation failure. If sleep 474 * is true, should never fail. 475 * Caller must hold conn fanout lock. 476 */ 477 int 478 sctp_add_faddr(sctp_t *sctp, in6_addr_t *addr, int sleep) 479 { 480 sctp_faddr_t *faddr; 481 482 dprint(4, ("add_faddr: %x:%x:%x:%x %d\n", SCTP_PRINTADDR(*addr), 483 sleep)); 484 485 if ((faddr = kmem_cache_alloc(sctp_kmem_faddr_cache, sleep)) == NULL) { 486 return (-1); 487 } 488 489 sctp_init_faddr(sctp, faddr, addr); 490 ASSERT(faddr->next == NULL); 491 492 /* tack it on to the end */ 493 if (sctp->sctp_lastfaddr != NULL) { 494 sctp->sctp_lastfaddr->next = faddr; 495 } else { 496 /* list is empty */ 497 ASSERT(sctp->sctp_faddrs == NULL); 498 sctp->sctp_faddrs = faddr; 499 } 500 sctp->sctp_lastfaddr = faddr; 501 502 return (0); 503 } 504 505 /* 506 * Caller must hold conn fanout lock. 507 */ 508 int 509 sctp_add_faddr_first(sctp_t *sctp, in6_addr_t *addr, int sleep) 510 { 511 sctp_faddr_t *faddr; 512 513 dprint(4, ("add_faddr_first: %x:%x:%x:%x %d\n", SCTP_PRINTADDR(*addr), 514 sleep)); 515 516 if ((faddr = kmem_cache_alloc(sctp_kmem_faddr_cache, sleep)) == NULL) { 517 return (-1); 518 } 519 sctp_init_faddr(sctp, faddr, addr); 520 ASSERT(faddr->next == NULL); 521 522 /* Put it at the beginning of the list */ 523 if (sctp->sctp_faddrs != NULL) { 524 faddr->next = sctp->sctp_faddrs; 525 } else { 526 sctp->sctp_lastfaddr = faddr; 527 } 528 sctp->sctp_faddrs = faddr; 529 530 return (0); 531 } 532 533 sctp_faddr_t * 534 sctp_lookup_faddr(sctp_t *sctp, in6_addr_t *addr) 535 { 536 sctp_faddr_t *fp; 537 538 for (fp = sctp->sctp_faddrs; fp != NULL; fp = fp->next) { 539 if (IN6_ARE_ADDR_EQUAL(&fp->faddr, addr)) 540 break; 541 } 542 543 return (fp); 544 } 545 546 sctp_faddr_t * 547 sctp_lookup_faddr_nosctp(sctp_faddr_t *fp, in6_addr_t *addr) 548 { 549 for (; fp; fp = fp->next) { 550 if (IN6_ARE_ADDR_EQUAL(&fp->faddr, addr)) { 551 break; 552 } 553 } 554 555 return (fp); 556 } 557 558 void 559 sctp_faddr2hdraddr(sctp_faddr_t *fp, sctp_t *sctp) 560 { 561 if (fp->isv4) { 562 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, 563 sctp->sctp_ipha->ipha_dst); 564 /* Must not allow unspec src addr if not bound to all */ 565 if (IN6_IS_ADDR_V4MAPPED_ANY(&fp->saddr) && 566 !sctp->sctp_bound_to_all) { 567 /* 568 * set the src to the first v4 saddr and hope 569 * for the best 570 */ 571 fp->saddr = sctp_get_valid_addr(sctp, B_FALSE); 572 } 573 IN6_V4MAPPED_TO_IPADDR(&fp->saddr, sctp->sctp_ipha->ipha_src); 574 /* update don't fragment bit */ 575 if (fp->df) { 576 sctp->sctp_ipha->ipha_fragment_offset_and_flags = 577 htons(IPH_DF); 578 } else { 579 sctp->sctp_ipha->ipha_fragment_offset_and_flags = 0; 580 } 581 } else { 582 sctp->sctp_ip6h->ip6_dst = fp->faddr; 583 /* Must not allow unspec src addr if not bound to all */ 584 if (IN6_IS_ADDR_UNSPECIFIED(&fp->saddr) && 585 !sctp->sctp_bound_to_all) { 586 /* 587 * set the src to the first v6 saddr and hope 588 * for the best 589 */ 590 fp->saddr = sctp_get_valid_addr(sctp, B_TRUE); 591 } 592 sctp->sctp_ip6h->ip6_src = fp->saddr; 593 } 594 } 595 596 void 597 sctp_redo_faddr_srcs(sctp_t *sctp) 598 { 599 sctp_faddr_t *fp; 600 601 for (fp = sctp->sctp_faddrs; fp != NULL; fp = fp->next) { 602 sctp_ire2faddr(sctp, fp); 603 } 604 605 sctp_faddr2hdraddr(sctp->sctp_current, sctp); 606 } 607 608 void 609 sctp_faddr_alive(sctp_t *sctp, sctp_faddr_t *fp) 610 { 611 int64_t now = lbolt64; 612 613 fp->strikes = 0; 614 sctp->sctp_strikes = 0; 615 fp->lastactive = now; 616 fp->hb_expiry = now + SET_HB_INTVL(fp); 617 fp->hb_pending = B_FALSE; 618 if (fp->state != SCTP_FADDRS_ALIVE) { 619 fp->state = SCTP_FADDRS_ALIVE; 620 sctp_intf_event(sctp, fp->faddr, SCTP_ADDR_AVAILABLE, 0); 621 622 /* If this is the primary, switch back to it now */ 623 if (fp == sctp->sctp_primary) { 624 sctp->sctp_current = fp; 625 sctp->sctp_mss = fp->sfa_pmss; 626 /* Reset the addrs in the composite header */ 627 sctp_faddr2hdraddr(fp, sctp); 628 if (!SCTP_IS_DETACHED(sctp)) { 629 sctp_set_ulp_prop(sctp); 630 } 631 } 632 } 633 if (fp->ire == NULL) { 634 /* Should have a full IRE now */ 635 sctp_ire2faddr(sctp, fp); 636 } 637 } 638 639 int 640 sctp_is_a_faddr_clean(sctp_t *sctp) 641 { 642 sctp_faddr_t *fp; 643 644 for (fp = sctp->sctp_faddrs; fp; fp = fp->next) { 645 if (fp->state == SCTP_FADDRS_ALIVE && fp->strikes == 0) { 646 return (1); 647 } 648 } 649 650 return (0); 651 } 652 653 /* 654 * Returns 0 if there is at leave one other active faddr, -1 if there 655 * are none. If there are none left, faddr_dead() will start killing the 656 * association. 657 * If the downed faddr was the current faddr, a new current faddr 658 * will be chosen. 659 */ 660 int 661 sctp_faddr_dead(sctp_t *sctp, sctp_faddr_t *fp, int newstate) 662 { 663 sctp_faddr_t *ofp; 664 665 if (fp->state == SCTP_FADDRS_ALIVE) { 666 sctp_intf_event(sctp, fp->faddr, SCTP_ADDR_UNREACHABLE, 0); 667 } 668 fp->state = newstate; 669 670 dprint(1, ("sctp_faddr_dead: %x:%x:%x:%x down (state=%d)\n", 671 SCTP_PRINTADDR(fp->faddr), newstate)); 672 673 if (fp == sctp->sctp_current) { 674 /* Current faddr down; need to switch it */ 675 sctp->sctp_current = NULL; 676 } 677 678 /* Find next alive faddr */ 679 ofp = fp; 680 for (fp = fp->next; fp; fp = fp->next) { 681 if (fp->state == SCTP_FADDRS_ALIVE) { 682 break; 683 } 684 } 685 686 if (fp == NULL) { 687 /* Continue from beginning of list */ 688 for (fp = sctp->sctp_faddrs; fp != ofp; fp = fp->next) { 689 if (fp->state == SCTP_FADDRS_ALIVE) { 690 break; 691 } 692 } 693 } 694 695 if (fp != ofp) { 696 if (sctp->sctp_current == NULL) { 697 dprint(1, ("sctp_faddr_dead: failover->%x:%x:%x:%x\n", 698 SCTP_PRINTADDR(fp->faddr))); 699 sctp->sctp_current = fp; 700 sctp->sctp_mss = fp->sfa_pmss; 701 702 /* Reset the addrs in the composite header */ 703 sctp_faddr2hdraddr(fp, sctp); 704 705 if (!SCTP_IS_DETACHED(sctp)) { 706 sctp_set_ulp_prop(sctp); 707 } 708 } 709 return (0); 710 } 711 712 713 /* All faddrs are down; kill the association */ 714 dprint(1, ("sctp_faddr_dead: all faddrs down, killing assoc\n")); 715 BUMP_MIB(&sctp_mib, sctpAborted); 716 sctp_assoc_event(sctp, sctp->sctp_state < SCTPS_ESTABLISHED ? 717 SCTP_CANT_STR_ASSOC : SCTP_COMM_LOST, 0, NULL); 718 sctp_clean_death(sctp, sctp->sctp_client_errno ? 719 sctp->sctp_client_errno : ETIMEDOUT); 720 721 return (-1); 722 } 723 724 sctp_faddr_t * 725 sctp_rotate_faddr(sctp_t *sctp, sctp_faddr_t *ofp) 726 { 727 sctp_faddr_t *nfp = NULL; 728 729 if (ofp == NULL) { 730 ofp = sctp->sctp_current; 731 } 732 733 /* Find the next live one */ 734 for (nfp = ofp->next; nfp != NULL; nfp = nfp->next) { 735 if (nfp->state == SCTP_FADDRS_ALIVE) { 736 break; 737 } 738 } 739 740 if (nfp == NULL) { 741 /* Continue from beginning of list */ 742 for (nfp = sctp->sctp_faddrs; nfp != ofp; nfp = nfp->next) { 743 if (nfp->state == SCTP_FADDRS_ALIVE) { 744 break; 745 } 746 } 747 } 748 749 /* 750 * nfp could only be NULL if all faddrs are down, and when 751 * this happens, faddr_dead() should have killed the 752 * association. Hence this assertion... 753 */ 754 ASSERT(nfp != NULL); 755 return (nfp); 756 } 757 758 void 759 sctp_unlink_faddr(sctp_t *sctp, sctp_faddr_t *fp) 760 { 761 sctp_faddr_t *fpp; 762 763 if (!sctp->sctp_faddrs) { 764 return; 765 } 766 767 if (fp->timer_mp != NULL) { 768 sctp_timer_free(fp->timer_mp); 769 fp->timer_mp = NULL; 770 fp->timer_running = 0; 771 } 772 if (fp->rc_timer_mp != NULL) { 773 sctp_timer_free(fp->rc_timer_mp); 774 fp->rc_timer_mp = NULL; 775 fp->rc_timer_running = 0; 776 } 777 if (fp->ire != NULL) { 778 IRE_REFRELE_NOTR(fp->ire); 779 fp->ire = NULL; 780 } 781 782 if (fp == sctp->sctp_faddrs) { 783 goto gotit; 784 } 785 786 for (fpp = sctp->sctp_faddrs; fpp->next != fp; fpp = fpp->next) 787 ; 788 789 gotit: 790 ASSERT(sctp->sctp_conn_tfp != NULL); 791 mutex_enter(&sctp->sctp_conn_tfp->tf_lock); 792 if (fp == sctp->sctp_faddrs) { 793 sctp->sctp_faddrs = fp->next; 794 } else { 795 fpp->next = fp->next; 796 } 797 mutex_exit(&sctp->sctp_conn_tfp->tf_lock); 798 /* XXX faddr2ire? */ 799 kmem_cache_free(sctp_kmem_faddr_cache, fp); 800 } 801 802 void 803 sctp_zap_faddrs(sctp_t *sctp, int caller_holds_lock) 804 { 805 sctp_faddr_t *fp, *fpn; 806 807 if (sctp->sctp_faddrs == NULL) { 808 ASSERT(sctp->sctp_lastfaddr == NULL); 809 return; 810 } 811 812 ASSERT(sctp->sctp_lastfaddr != NULL); 813 sctp->sctp_lastfaddr = NULL; 814 sctp->sctp_current = NULL; 815 sctp->sctp_primary = NULL; 816 817 sctp_free_faddr_timers(sctp); 818 819 if (sctp->sctp_conn_tfp != NULL && !caller_holds_lock) { 820 /* in conn fanout; need to hold lock */ 821 mutex_enter(&sctp->sctp_conn_tfp->tf_lock); 822 } 823 824 for (fp = sctp->sctp_faddrs; fp; fp = fpn) { 825 fpn = fp->next; 826 if (fp->ire != NULL) 827 IRE_REFRELE_NOTR(fp->ire); 828 kmem_cache_free(sctp_kmem_faddr_cache, fp); 829 } 830 831 sctp->sctp_faddrs = NULL; 832 833 if (sctp->sctp_conn_tfp != NULL && !caller_holds_lock) { 834 mutex_exit(&sctp->sctp_conn_tfp->tf_lock); 835 } 836 837 } 838 839 void 840 sctp_zap_addrs(sctp_t *sctp) 841 { 842 sctp_zap_faddrs(sctp, 0); 843 sctp_free_saddrs(sctp); 844 } 845 846 /* 847 * Initialize the IPv4 header. Loses any record of any IP options. 848 */ 849 int 850 sctp_header_init_ipv4(sctp_t *sctp, int sleep) 851 { 852 sctp_hdr_t *sctph; 853 854 /* 855 * This is a simple initialization. If there's 856 * already a template, it should never be too small, 857 * so reuse it. Otherwise, allocate space for the new one. 858 */ 859 if (sctp->sctp_iphc != NULL) { 860 ASSERT(sctp->sctp_iphc_len >= SCTP_MAX_COMBINED_HEADER_LENGTH); 861 bzero(sctp->sctp_iphc, sctp->sctp_iphc_len); 862 } else { 863 sctp->sctp_iphc_len = SCTP_MAX_COMBINED_HEADER_LENGTH; 864 sctp->sctp_iphc = kmem_zalloc(sctp->sctp_iphc_len, sleep); 865 if (sctp->sctp_iphc == NULL) { 866 sctp->sctp_iphc_len = 0; 867 return (ENOMEM); 868 } 869 } 870 871 sctp->sctp_ipha = (ipha_t *)sctp->sctp_iphc; 872 873 sctp->sctp_hdr_len = sizeof (ipha_t) + sizeof (sctp_hdr_t); 874 sctp->sctp_ip_hdr_len = sizeof (ipha_t); 875 sctp->sctp_ipha->ipha_length = htons(sizeof (ipha_t) + 876 sizeof (sctp_hdr_t)); 877 sctp->sctp_ipha->ipha_version_and_hdr_length 878 = (IP_VERSION << 4) | IP_SIMPLE_HDR_LENGTH_IN_WORDS; 879 880 /* 881 * These two fields should be zero, and are already set above. 882 * 883 * sctp->sctp_ipha->ipha_ident, 884 * sctp->sctp_ipha->ipha_fragment_offset_and_flags. 885 */ 886 887 sctp->sctp_ipha->ipha_ttl = sctp_ipv4_ttl; 888 sctp->sctp_ipha->ipha_protocol = IPPROTO_SCTP; 889 890 sctph = (sctp_hdr_t *)(sctp->sctp_iphc + sizeof (ipha_t)); 891 sctp->sctp_sctph = sctph; 892 893 return (0); 894 } 895 896 /* 897 * Update sctp_sticky_hdrs based on sctp_sticky_ipp. 898 * The headers include ip6i_t (if needed), ip6_t, any sticky extension 899 * headers, and the maximum size sctp header (to avoid reallocation 900 * on the fly for additional sctp options). 901 * Returns failure if can't allocate memory. 902 */ 903 int 904 sctp_build_hdrs(sctp_t *sctp) 905 { 906 char *hdrs; 907 uint_t hdrs_len; 908 ip6i_t *ip6i; 909 char buf[SCTP_MAX_HDR_LENGTH]; 910 ip6_pkt_t *ipp = &sctp->sctp_sticky_ipp; 911 in6_addr_t src; 912 in6_addr_t dst; 913 /* 914 * save the existing sctp header and source/dest IP addresses 915 */ 916 bcopy(sctp->sctp_sctph6, buf, sizeof (sctp_hdr_t)); 917 src = sctp->sctp_ip6h->ip6_src; 918 dst = sctp->sctp_ip6h->ip6_dst; 919 hdrs_len = ip_total_hdrs_len_v6(ipp) + SCTP_MAX_HDR_LENGTH; 920 ASSERT(hdrs_len != 0); 921 if (hdrs_len > sctp->sctp_iphc6_len) { 922 /* Need to reallocate */ 923 hdrs = kmem_zalloc(hdrs_len, KM_NOSLEEP); 924 if (hdrs == NULL) 925 return (ENOMEM); 926 927 if (sctp->sctp_iphc6_len != 0) 928 kmem_free(sctp->sctp_iphc6, sctp->sctp_iphc6_len); 929 sctp->sctp_iphc6 = hdrs; 930 sctp->sctp_iphc6_len = hdrs_len; 931 } 932 ip_build_hdrs_v6((uchar_t *)sctp->sctp_iphc6, 933 hdrs_len - SCTP_MAX_HDR_LENGTH, ipp, IPPROTO_SCTP); 934 935 /* Set header fields not in ipp */ 936 if (ipp->ipp_fields & IPPF_HAS_IP6I) { 937 ip6i = (ip6i_t *)sctp->sctp_iphc6; 938 sctp->sctp_ip6h = (ip6_t *)&ip6i[1]; 939 } else { 940 sctp->sctp_ip6h = (ip6_t *)sctp->sctp_iphc6; 941 } 942 /* 943 * sctp->sctp_ip_hdr_len will include ip6i_t if there is one. 944 */ 945 sctp->sctp_ip_hdr6_len = hdrs_len - SCTP_MAX_HDR_LENGTH; 946 sctp->sctp_sctph6 = (sctp_hdr_t *)(sctp->sctp_iphc6 + 947 sctp->sctp_ip_hdr6_len); 948 sctp->sctp_hdr6_len = sctp->sctp_ip_hdr6_len + sizeof (sctp_hdr_t); 949 950 bcopy(buf, sctp->sctp_sctph6, sizeof (sctp_hdr_t)); 951 952 sctp->sctp_ip6h->ip6_src = src; 953 sctp->sctp_ip6h->ip6_dst = dst; 954 /* 955 * If the hoplimit was not set by ip_build_hdrs_v6(), we need to 956 * set it to the default value for SCTP. 957 */ 958 if (!(ipp->ipp_fields & IPPF_UNICAST_HOPS)) 959 sctp->sctp_ip6h->ip6_hops = sctp_ipv6_hoplimit; 960 /* 961 * If we're setting extension headers after a connection 962 * has been established, and if we have a routing header 963 * among the extension headers, call ip_massage_options_v6 to 964 * manipulate the routing header/ip6_dst set the checksum 965 * difference in the sctp header template. 966 * (This happens in sctp_connect_ipv6 if the routing header 967 * is set prior to the connect.) 968 */ 969 970 if ((sctp->sctp_state >= SCTPS_COOKIE_WAIT) && 971 (sctp->sctp_sticky_ipp.ipp_fields & IPPF_RTHDR)) { 972 ip6_rthdr_t *rth; 973 974 rth = ip_find_rthdr_v6(sctp->sctp_ip6h, 975 (uint8_t *)sctp->sctp_sctph6); 976 if (rth != NULL) 977 (void) ip_massage_options_v6(sctp->sctp_ip6h, rth); 978 } 979 return (0); 980 } 981 982 /* 983 * Initialize the IPv6 header. Loses any record of any IPv6 extension headers. 984 */ 985 int 986 sctp_header_init_ipv6(sctp_t *sctp, int sleep) 987 { 988 sctp_hdr_t *sctph; 989 990 /* 991 * This is a simple initialization. If there's 992 * already a template, it should never be too small, 993 * so reuse it. Otherwise, allocate space for the new one. 994 * Ensure that there is enough space to "downgrade" the sctp_t 995 * to an IPv4 sctp_t. This requires having space for a full load 996 * of IPv4 options 997 */ 998 if (sctp->sctp_iphc6 != NULL) { 999 ASSERT(sctp->sctp_iphc6_len >= 1000 SCTP_MAX_COMBINED_HEADER_LENGTH); 1001 bzero(sctp->sctp_iphc6, sctp->sctp_iphc6_len); 1002 } else { 1003 sctp->sctp_iphc6_len = SCTP_MAX_COMBINED_HEADER_LENGTH; 1004 sctp->sctp_iphc6 = kmem_zalloc(sctp->sctp_iphc_len, sleep); 1005 if (sctp->sctp_iphc6 == NULL) { 1006 sctp->sctp_iphc6_len = 0; 1007 return (ENOMEM); 1008 } 1009 } 1010 sctp->sctp_hdr6_len = IPV6_HDR_LEN + sizeof (sctp_hdr_t); 1011 sctp->sctp_ip_hdr6_len = IPV6_HDR_LEN; 1012 sctp->sctp_ip6h = (ip6_t *)sctp->sctp_iphc6; 1013 1014 /* Initialize the header template */ 1015 1016 sctp->sctp_ip6h->ip6_vcf = IPV6_DEFAULT_VERS_AND_FLOW; 1017 sctp->sctp_ip6h->ip6_plen = ntohs(sizeof (sctp_hdr_t)); 1018 sctp->sctp_ip6h->ip6_nxt = IPPROTO_SCTP; 1019 sctp->sctp_ip6h->ip6_hops = sctp_ipv6_hoplimit; 1020 1021 sctph = (sctp_hdr_t *)(sctp->sctp_iphc6 + IPV6_HDR_LEN); 1022 sctp->sctp_sctph6 = sctph; 1023 1024 return (0); 1025 } 1026 1027 /* 1028 * XXX implement more sophisticated logic 1029 */ 1030 void 1031 sctp_set_hdraddrs(sctp_t *sctp) 1032 { 1033 sctp_faddr_t *fp; 1034 int gotv4 = 0; 1035 int gotv6 = 0; 1036 1037 ASSERT(sctp->sctp_faddrs != NULL); 1038 ASSERT(sctp->sctp_nsaddrs > 0); 1039 1040 /* Set up using the primary first */ 1041 if (IN6_IS_ADDR_V4MAPPED(&sctp->sctp_primary->faddr)) { 1042 IN6_V4MAPPED_TO_IPADDR(&sctp->sctp_primary->faddr, 1043 sctp->sctp_ipha->ipha_dst); 1044 /* saddr may be unspec; make_mp() will handle this */ 1045 IN6_V4MAPPED_TO_IPADDR(&sctp->sctp_primary->saddr, 1046 sctp->sctp_ipha->ipha_src); 1047 gotv4 = 1; 1048 if (sctp->sctp_ipversion == IPV4_VERSION) { 1049 goto copyports; 1050 } 1051 } else { 1052 sctp->sctp_ip6h->ip6_dst = sctp->sctp_primary->faddr; 1053 /* saddr may be unspec; make_mp() will handle this */ 1054 sctp->sctp_ip6h->ip6_src = sctp->sctp_primary->saddr; 1055 gotv6 = 1; 1056 } 1057 1058 for (fp = sctp->sctp_faddrs; fp; fp = fp->next) { 1059 if (!gotv4 && IN6_IS_ADDR_V4MAPPED(&fp->faddr)) { 1060 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, 1061 sctp->sctp_ipha->ipha_dst); 1062 /* copy in the faddr_t's saddr */ 1063 IN6_V4MAPPED_TO_IPADDR(&fp->saddr, 1064 sctp->sctp_ipha->ipha_src); 1065 gotv4 = 1; 1066 if (sctp->sctp_ipversion == IPV4_VERSION || gotv6) { 1067 break; 1068 } 1069 } else if (!gotv6) { 1070 sctp->sctp_ip6h->ip6_dst = fp->faddr; 1071 /* copy in the faddr_t's saddr */ 1072 sctp->sctp_ip6h->ip6_src = fp->saddr; 1073 gotv6 = 1; 1074 if (gotv4) { 1075 break; 1076 } 1077 } 1078 } 1079 1080 copyports: 1081 /* copy in the ports for good measure */ 1082 sctp->sctp_sctph->sh_sport = sctp->sctp_lport; 1083 sctp->sctp_sctph->sh_dport = sctp->sctp_fport; 1084 1085 sctp->sctp_sctph6->sh_sport = sctp->sctp_lport; 1086 sctp->sctp_sctph6->sh_dport = sctp->sctp_fport; 1087 } 1088 1089 void 1090 sctp_add_unrec_parm(sctp_parm_hdr_t *uph, mblk_t **errmp) 1091 { 1092 mblk_t *mp; 1093 sctp_parm_hdr_t *ph; 1094 size_t len; 1095 int pad; 1096 1097 len = sizeof (*ph) + ntohs(uph->sph_len); 1098 if ((pad = len % 4) != 0) { 1099 pad = 4 - pad; 1100 len += pad; 1101 } 1102 mp = allocb(len, BPRI_MED); 1103 if (mp == NULL) { 1104 return; 1105 } 1106 1107 ph = (sctp_parm_hdr_t *)(mp->b_rptr); 1108 ph->sph_type = htons(PARM_UNRECOGNIZED); 1109 ph->sph_len = htons(len - pad); 1110 1111 /* copy in the unrecognized parameter */ 1112 bcopy(uph, ph + 1, ntohs(uph->sph_len)); 1113 1114 mp->b_wptr = mp->b_rptr + len; 1115 if (*errmp != NULL) { 1116 linkb(*errmp, mp); 1117 } else { 1118 *errmp = mp; 1119 } 1120 } 1121 1122 /* 1123 * o Bounds checking 1124 * o Updates remaining 1125 * o Checks alignment 1126 */ 1127 sctp_parm_hdr_t * 1128 sctp_next_parm(sctp_parm_hdr_t *current, ssize_t *remaining) 1129 { 1130 int pad; 1131 uint16_t len; 1132 1133 len = ntohs(current->sph_len); 1134 *remaining -= len; 1135 if (*remaining < sizeof (*current) || len < sizeof (*current)) { 1136 return (NULL); 1137 } 1138 if ((pad = len & (SCTP_ALIGN - 1)) != 0) { 1139 pad = SCTP_ALIGN - pad; 1140 *remaining -= pad; 1141 } 1142 /*LINTED pointer cast may result in improper alignment*/ 1143 current = (sctp_parm_hdr_t *)((char *)current + len + pad); 1144 return (current); 1145 } 1146 1147 /* 1148 * Sets the address parameters given in the INIT chunk into sctp's 1149 * faddrs; if psctp is non-NULL, copies psctp's saddrs. If there are 1150 * no address parameters in the INIT chunk, a single faddr is created 1151 * from the ip hdr at the beginning of pkt. 1152 * If there already are existing addresses hanging from sctp, merge 1153 * them in, if the old info contains addresses which are not present 1154 * in this new info, get rid of them, and clean the pointers if there's 1155 * messages which have this as their target address. 1156 * 1157 * We also re-adjust the source address list here since the list may 1158 * contain more than what is actually part of the association. If 1159 * we get here from sctp_send_cookie_echo(), we are on the active 1160 * side and psctp will be NULL and ich will be the INIT-ACK chunk. 1161 * If we get here from sctp_accept_comm(), ich will be the INIT chunk 1162 * and psctp will the listening endpoint. 1163 * 1164 * INIT processing: When processing the INIT we inherit the src address 1165 * list from the listener. For a loopback or linklocal association, we 1166 * delete the list and just take the address from the IP header (since 1167 * that's how we created the INIT-ACK). Additionally, for loopback we 1168 * ignore the address params in the INIT. For determining which address 1169 * types were sent in the INIT-ACK we follow the same logic as in 1170 * creating the INIT-ACK. We delete addresses of the type that are not 1171 * supported by the peer. 1172 * 1173 * INIT-ACK processing: When processing the INIT-ACK since we had not 1174 * included addr params for loopback or linklocal addresses when creating 1175 * the INIT, we just use the address from the IP header. Further, for 1176 * loopback we ignore the addr param list. We mark addresses of the 1177 * type not supported by the peer as unconfirmed. 1178 * 1179 * In case of INIT processing we look for supported address types in the 1180 * supported address param, if present. In both cases the address type in 1181 * the IP header is supported as well as types for addresses in the param 1182 * list, if any. 1183 * 1184 * Once we have the supported address types sctp_check_saddr() runs through 1185 * the source address list and deletes or marks as unconfirmed address of 1186 * types not supported by the peer. 1187 * 1188 * Returns 0 on success, sys errno on failure 1189 */ 1190 int 1191 sctp_get_addrparams(sctp_t *sctp, sctp_t *psctp, mblk_t *pkt, 1192 sctp_chunk_hdr_t *ich, uint_t *sctp_options) 1193 { 1194 sctp_init_chunk_t *init; 1195 ipha_t *iph; 1196 ip6_t *ip6h; 1197 in6_addr_t hdrsaddr[1]; 1198 in6_addr_t hdrdaddr[1]; 1199 sctp_parm_hdr_t *ph; 1200 ssize_t remaining; 1201 int isv4; 1202 int err; 1203 sctp_faddr_t *fp; 1204 int supp_af = 0; 1205 boolean_t check_saddr = B_TRUE; 1206 1207 if (sctp_options != NULL) 1208 *sctp_options = 0; 1209 1210 /* extract the address from the IP header */ 1211 isv4 = (IPH_HDR_VERSION(pkt->b_rptr) == IPV4_VERSION); 1212 if (isv4) { 1213 iph = (ipha_t *)pkt->b_rptr; 1214 IN6_IPADDR_TO_V4MAPPED(iph->ipha_src, hdrsaddr); 1215 IN6_IPADDR_TO_V4MAPPED(iph->ipha_dst, hdrdaddr); 1216 supp_af |= PARM_SUPP_V4; 1217 } else { 1218 ip6h = (ip6_t *)pkt->b_rptr; 1219 hdrsaddr[0] = ip6h->ip6_src; 1220 hdrdaddr[0] = ip6h->ip6_dst; 1221 supp_af |= PARM_SUPP_V6; 1222 } 1223 1224 /* 1225 * Unfortunately, we can't delay this because adding an faddr 1226 * looks for the presence of the source address (from the ire 1227 * for the faddr) in the source address list. We could have 1228 * delayed this if, say, this was a loopback/linklocal connection. 1229 * Now, we just end up nuking this list and taking the addr from 1230 * the IP header for loopback/linklocal. 1231 */ 1232 if (psctp != NULL && psctp->sctp_nsaddrs > 0) { 1233 ASSERT(sctp->sctp_nsaddrs == 0); 1234 1235 err = sctp_dup_saddrs(psctp, sctp, KM_NOSLEEP); 1236 if (err != 0) 1237 return (err); 1238 } 1239 /* 1240 * We will add the faddr before parsing the address list as this 1241 * might be a loopback connection and we would not have to 1242 * go through the list. 1243 * 1244 * Make sure the header's addr is in the list 1245 */ 1246 fp = sctp_lookup_faddr(sctp, hdrsaddr); 1247 if (fp == NULL) { 1248 /* not included; add it now */ 1249 if (sctp_add_faddr_first(sctp, hdrsaddr, KM_NOSLEEP) == -1) 1250 return (ENOMEM); 1251 1252 /* sctp_faddrs will be the hdr addr */ 1253 fp = sctp->sctp_faddrs; 1254 } 1255 /* make the header addr the primary */ 1256 sctp->sctp_primary = fp; 1257 sctp->sctp_current = fp; 1258 sctp->sctp_mss = fp->sfa_pmss; 1259 1260 /* For loopback connections & linklocal get address from the header */ 1261 if (sctp->sctp_loopback || sctp->sctp_linklocal) { 1262 if (sctp->sctp_nsaddrs != 0) 1263 sctp_free_saddrs(sctp); 1264 if ((err = sctp_saddr_add_addr(sctp, hdrdaddr)) != 0) 1265 return (err); 1266 /* For loopback ignore address list */ 1267 if (sctp->sctp_loopback) 1268 return (0); 1269 check_saddr = B_FALSE; 1270 } 1271 1272 /* Walk the params in the INIT [ACK], pulling out addr params */ 1273 remaining = ntohs(ich->sch_len) - sizeof (*ich) - 1274 sizeof (sctp_init_chunk_t); 1275 if (remaining < sizeof (*ph)) { 1276 if (check_saddr) { 1277 sctp_check_saddr(sctp, supp_af, psctp == NULL ? 1278 B_FALSE : B_TRUE); 1279 } 1280 ASSERT(sctp_saddr_lookup(sctp, hdrdaddr) != NULL); 1281 return (0); 1282 } 1283 1284 init = (sctp_init_chunk_t *)(ich + 1); 1285 ph = (sctp_parm_hdr_t *)(init + 1); 1286 1287 /* params will have already been byteordered when validating */ 1288 while (ph != NULL) { 1289 if (ph->sph_type == htons(PARM_SUPP_ADDRS)) { 1290 int plen; 1291 uint16_t *p; 1292 uint16_t addrtype; 1293 1294 ASSERT(psctp != NULL); 1295 plen = ntohs(ph->sph_len); 1296 p = (uint16_t *)(ph + 1); 1297 while (plen > 0) { 1298 addrtype = ntohs(*p); 1299 switch (addrtype) { 1300 case PARM_ADDR6: 1301 supp_af |= PARM_SUPP_V6; 1302 break; 1303 case PARM_ADDR4: 1304 supp_af |= PARM_SUPP_V4; 1305 break; 1306 default: 1307 break; 1308 } 1309 p++; 1310 plen -= sizeof (*p); 1311 } 1312 } else if (ph->sph_type == htons(PARM_ADDR4)) { 1313 if (remaining >= PARM_ADDR4_LEN) { 1314 in6_addr_t addr; 1315 ipaddr_t ta; 1316 1317 supp_af |= PARM_SUPP_V4; 1318 /* 1319 * Screen out broad/multicasts & loopback. 1320 * If the endpoint only accepts v6 address, 1321 * go to the next one. 1322 */ 1323 bcopy(ph + 1, &ta, sizeof (ta)); 1324 if (ta == 0 || 1325 ta == INADDR_BROADCAST || 1326 ta == htonl(INADDR_LOOPBACK) || 1327 IN_MULTICAST(ta) || 1328 sctp->sctp_connp->conn_ipv6_v6only) { 1329 goto next; 1330 } 1331 /* 1332 * XXX also need to check for subnet 1333 * broadcasts. This should probably 1334 * wait until we have full access 1335 * to the ILL tables. 1336 */ 1337 1338 IN6_INADDR_TO_V4MAPPED((struct in_addr *) 1339 (ph + 1), &addr); 1340 /* Check for duplicate. */ 1341 if (sctp_lookup_faddr(sctp, &addr) != NULL) 1342 goto next; 1343 1344 /* OK, add it to the faddr set */ 1345 if (sctp_add_faddr(sctp, &addr, 1346 KM_NOSLEEP) != 0) { 1347 return (ENOMEM); 1348 } 1349 } 1350 } else if (ph->sph_type == htons(PARM_ADDR6) && 1351 sctp->sctp_family == AF_INET6) { 1352 /* An v4 socket should not take v6 addresses. */ 1353 if (remaining >= PARM_ADDR6_LEN) { 1354 in6_addr_t *addr6; 1355 1356 supp_af |= PARM_SUPP_V6; 1357 addr6 = (in6_addr_t *)(ph + 1); 1358 /* 1359 * Screen out link locals, mcast, loopback 1360 * and bogus v6 address. 1361 */ 1362 if (IN6_IS_ADDR_LINKLOCAL(addr6) || 1363 IN6_IS_ADDR_MULTICAST(addr6) || 1364 IN6_IS_ADDR_LOOPBACK(addr6) || 1365 IN6_IS_ADDR_V4MAPPED(addr6)) { 1366 goto next; 1367 } 1368 /* Check for duplicate. */ 1369 if (sctp_lookup_faddr(sctp, addr6) != NULL) 1370 goto next; 1371 1372 if (sctp_add_faddr(sctp, 1373 (in6_addr_t *)(ph + 1), KM_NOSLEEP) != 0) { 1374 return (ENOMEM); 1375 } 1376 } 1377 } else if (ph->sph_type == htons(PARM_FORWARD_TSN)) { 1378 if (sctp_options != NULL) 1379 *sctp_options |= SCTP_PRSCTP_OPTION; 1380 } /* else; skip */ 1381 1382 next: 1383 ph = sctp_next_parm(ph, &remaining); 1384 } 1385 if (check_saddr) { 1386 sctp_check_saddr(sctp, supp_af, psctp == NULL ? B_FALSE : 1387 B_TRUE); 1388 } 1389 ASSERT(sctp_saddr_lookup(sctp, hdrdaddr) != NULL); 1390 return (0); 1391 } 1392 1393 /* 1394 * Returns 0 if the check failed and the restart should be refused, 1395 * 1 if the check succeeded. 1396 */ 1397 int 1398 sctp_secure_restart_check(mblk_t *pkt, sctp_chunk_hdr_t *ich, uint32_t ports, 1399 int sleep) 1400 { 1401 sctp_faddr_t *fp, *fpa, *fphead = NULL; 1402 sctp_parm_hdr_t *ph; 1403 ssize_t remaining; 1404 int isv4; 1405 ipha_t *iph; 1406 ip6_t *ip6h; 1407 in6_addr_t hdraddr[1]; 1408 int retval = 0; 1409 sctp_tf_t *tf; 1410 sctp_t *sctp; 1411 int compres; 1412 sctp_init_chunk_t *init; 1413 int nadded = 0; 1414 1415 /* extract the address from the IP header */ 1416 isv4 = (IPH_HDR_VERSION(pkt->b_rptr) == IPV4_VERSION); 1417 if (isv4) { 1418 iph = (ipha_t *)pkt->b_rptr; 1419 IN6_IPADDR_TO_V4MAPPED(iph->ipha_src, hdraddr); 1420 } else { 1421 ip6h = (ip6_t *)pkt->b_rptr; 1422 hdraddr[0] = ip6h->ip6_src; 1423 } 1424 1425 /* Walk the params in the INIT [ACK], pulling out addr params */ 1426 remaining = ntohs(ich->sch_len) - sizeof (*ich) - 1427 sizeof (sctp_init_chunk_t); 1428 if (remaining < sizeof (*ph)) { 1429 /* no parameters; restart OK */ 1430 return (1); 1431 } 1432 init = (sctp_init_chunk_t *)(ich + 1); 1433 ph = (sctp_parm_hdr_t *)(init + 1); 1434 1435 while (ph != NULL) { 1436 /* params will have already been byteordered when validating */ 1437 if (ph->sph_type == htons(PARM_ADDR4)) { 1438 if (remaining >= PARM_ADDR4_LEN) { 1439 in6_addr_t addr; 1440 IN6_INADDR_TO_V4MAPPED((struct in_addr *) 1441 (ph + 1), &addr); 1442 fpa = kmem_cache_alloc(sctp_kmem_faddr_cache, 1443 sleep); 1444 if (!fpa) { 1445 goto done; 1446 } 1447 bzero(fpa, sizeof (*fpa)); 1448 fpa->faddr = addr; 1449 fpa->next = NULL; 1450 } 1451 } else if (ph->sph_type == htons(PARM_ADDR6)) { 1452 if (remaining >= PARM_ADDR6_LEN) { 1453 fpa = kmem_cache_alloc(sctp_kmem_faddr_cache, 1454 sleep); 1455 if (!fpa) { 1456 goto done; 1457 } 1458 bzero(fpa, sizeof (*fpa)); 1459 bcopy(ph + 1, &fpa->faddr, 1460 sizeof (fpa->faddr)); 1461 fpa->next = NULL; 1462 } 1463 } else { 1464 /* else not addr param; skip */ 1465 fpa = NULL; 1466 } 1467 /* link in the new addr, if it was an addr param */ 1468 if (fpa) { 1469 if (!fphead) { 1470 fphead = fpa; 1471 fp = fphead; 1472 } else { 1473 fp->next = fpa; 1474 fp = fpa; 1475 } 1476 } 1477 1478 ph = sctp_next_parm(ph, &remaining); 1479 } 1480 1481 if (fphead == NULL) { 1482 /* no addr parameters; restart OK */ 1483 return (1); 1484 } 1485 1486 /* 1487 * got at least one; make sure the header's addr is 1488 * in the list 1489 */ 1490 fp = sctp_lookup_faddr_nosctp(fphead, hdraddr); 1491 if (!fp) { 1492 /* not included; add it now */ 1493 fp = kmem_cache_alloc(sctp_kmem_faddr_cache, sleep); 1494 if (!fp) { 1495 goto done; 1496 } 1497 bzero(fp, sizeof (*fp)); 1498 fp->faddr = *hdraddr; 1499 fp->next = fphead; 1500 fphead = fp; 1501 } 1502 1503 /* 1504 * Now, we can finally do the check: For each sctp instance 1505 * on the hash line for ports, compare its faddr set against 1506 * the new one. If the new one is a strict subset of any 1507 * existing sctp's faddrs, the restart is OK. However, if there 1508 * is an overlap, this could be an attack, so return failure. 1509 * If all sctp's faddrs are disjoint, this is a legitimate new 1510 * association. 1511 */ 1512 tf = &(sctp_conn_fanout[SCTP_CONN_HASH(ports)]); 1513 mutex_enter(&tf->tf_lock); 1514 1515 for (sctp = tf->tf_sctp; sctp; sctp = sctp->sctp_conn_hash_next) { 1516 if (ports != sctp->sctp_ports) { 1517 continue; 1518 } 1519 compres = sctp_compare_faddrsets(fphead, sctp->sctp_faddrs); 1520 if (compres <= SCTP_ADDR_SUBSET) { 1521 retval = 1; 1522 mutex_exit(&tf->tf_lock); 1523 goto done; 1524 } 1525 if (compres == SCTP_ADDR_OVERLAP) { 1526 dprint(1, 1527 ("new assoc from %x:%x:%x:%x overlaps with %p\n", 1528 SCTP_PRINTADDR(*hdraddr), sctp)); 1529 /* 1530 * While we still hold the lock, we need to 1531 * figure out which addresses have been 1532 * added so we can include them in the abort 1533 * we will send back. Since these faddrs will 1534 * never be used, we overload the rto field 1535 * here, setting it to 0 if the address was 1536 * not added, 1 if it was added. 1537 */ 1538 for (fp = fphead; fp; fp = fp->next) { 1539 if (sctp_lookup_faddr(sctp, &fp->faddr)) { 1540 fp->rto = 0; 1541 } else { 1542 fp->rto = 1; 1543 nadded++; 1544 } 1545 } 1546 mutex_exit(&tf->tf_lock); 1547 goto done; 1548 } 1549 } 1550 mutex_exit(&tf->tf_lock); 1551 1552 /* All faddrs are disjoint; legit new association */ 1553 retval = 1; 1554 1555 done: 1556 /* If are attempted adds, send back an abort listing the addrs */ 1557 if (nadded > 0) { 1558 void *dtail; 1559 size_t dlen; 1560 1561 dtail = kmem_alloc(PARM_ADDR6_LEN * nadded, KM_NOSLEEP); 1562 if (dtail == NULL) { 1563 goto cleanup; 1564 } 1565 1566 ph = dtail; 1567 dlen = 0; 1568 for (fp = fphead; fp; fp = fp->next) { 1569 if (fp->rto == 0) { 1570 continue; 1571 } 1572 if (IN6_IS_ADDR_V4MAPPED(&fp->faddr)) { 1573 ipaddr_t addr4; 1574 1575 ph->sph_type = htons(PARM_ADDR4); 1576 ph->sph_len = htons(PARM_ADDR4_LEN); 1577 IN6_V4MAPPED_TO_IPADDR(&fp->faddr, addr4); 1578 ph++; 1579 bcopy(&addr4, ph, sizeof (addr4)); 1580 ph = (sctp_parm_hdr_t *) 1581 ((char *)ph + sizeof (addr4)); 1582 dlen += PARM_ADDR4_LEN; 1583 } else { 1584 ph->sph_type = htons(PARM_ADDR6); 1585 ph->sph_len = htons(PARM_ADDR6_LEN); 1586 ph++; 1587 bcopy(&fp->faddr, ph, sizeof (fp->faddr)); 1588 ph = (sctp_parm_hdr_t *) 1589 ((char *)ph + sizeof (fp->faddr)); 1590 dlen += PARM_ADDR6_LEN; 1591 } 1592 } 1593 1594 /* Send off the abort */ 1595 sctp_send_abort(sctp, sctp_init2vtag(ich), 1596 SCTP_ERR_RESTART_NEW_ADDRS, dtail, dlen, pkt, 0, B_TRUE); 1597 1598 kmem_free(dtail, PARM_ADDR6_LEN * nadded); 1599 } 1600 1601 cleanup: 1602 /* Clean up */ 1603 if (fphead) { 1604 sctp_faddr_t *fpn; 1605 for (fp = fphead; fp; fp = fpn) { 1606 fpn = fp->next; 1607 kmem_cache_free(sctp_kmem_faddr_cache, fp); 1608 } 1609 } 1610 1611 return (retval); 1612 } 1613 1614 void 1615 sctp_congest_reset(sctp_t *sctp) 1616 { 1617 sctp_faddr_t *fp; 1618 1619 for (fp = sctp->sctp_faddrs; fp; fp = fp->next) { 1620 fp->ssthresh = sctp_initial_mtu; 1621 fp->cwnd = fp->sfa_pmss * sctp_slow_start_initial; 1622 fp->suna = 0; 1623 fp->pba = 0; 1624 } 1625 } 1626 1627 /* 1628 * Return zero if the buffers are identical in length and content. 1629 * This is used for comparing extension header buffers. 1630 * Note that an extension header would be declared different 1631 * even if all that changed was the next header value in that header i.e. 1632 * what really changed is the next extension header. 1633 */ 1634 boolean_t 1635 sctp_cmpbuf(void *a, uint_t alen, boolean_t b_valid, void *b, uint_t blen) 1636 { 1637 if (!b_valid) 1638 blen = 0; 1639 1640 if (alen != blen) 1641 return (B_TRUE); 1642 if (alen == 0) 1643 return (B_FALSE); /* Both zero length */ 1644 return (bcmp(a, b, alen)); 1645 } 1646 1647 /* 1648 * Preallocate memory for sctp_savebuf(). Returns B_TRUE if ok. 1649 * Return B_FALSE if memory allocation fails - don't change any state! 1650 */ 1651 boolean_t 1652 sctp_allocbuf(void **dstp, uint_t *dstlenp, boolean_t src_valid, 1653 void *src, uint_t srclen) 1654 { 1655 void *dst; 1656 1657 if (!src_valid) 1658 srclen = 0; 1659 1660 ASSERT(*dstlenp == 0); 1661 if (src != NULL && srclen != 0) { 1662 dst = mi_zalloc(srclen); 1663 if (dst == NULL) 1664 return (B_FALSE); 1665 } else { 1666 dst = NULL; 1667 } 1668 if (*dstp != NULL) { 1669 mi_free(*dstp); 1670 *dstp = NULL; 1671 *dstlenp = 0; 1672 } 1673 *dstp = dst; 1674 if (dst != NULL) 1675 *dstlenp = srclen; 1676 else 1677 *dstlenp = 0; 1678 return (B_TRUE); 1679 } 1680 1681 /* 1682 * Replace what is in *dst, *dstlen with the source. 1683 * Assumes sctp_allocbuf has already been called. 1684 */ 1685 void 1686 sctp_savebuf(void **dstp, uint_t *dstlenp, boolean_t src_valid, 1687 void *src, uint_t srclen) 1688 { 1689 if (!src_valid) 1690 srclen = 0; 1691 1692 ASSERT(*dstlenp == srclen); 1693 if (src != NULL && srclen != 0) { 1694 bcopy(src, *dstp, srclen); 1695 } 1696 } 1697 1698 static void 1699 sctp_init_faddr(sctp_t *sctp, sctp_faddr_t *fp, in6_addr_t *addr) 1700 { 1701 bcopy(addr, &fp->faddr, sizeof (*addr)); 1702 if (IN6_IS_ADDR_V4MAPPED(addr)) { 1703 fp->isv4 = 1; 1704 /* Make sure that sfa_pmss is a multiple of SCTP_ALIGN. */ 1705 fp->sfa_pmss = (sctp_initial_mtu - sctp->sctp_hdr_len) & 1706 ~(SCTP_ALIGN - 1); 1707 } else { 1708 fp->isv4 = 0; 1709 fp->sfa_pmss = (sctp_initial_mtu - sctp->sctp_hdr6_len) & 1710 ~(SCTP_ALIGN - 1); 1711 } 1712 fp->cwnd = sctp_slow_start_initial * fp->sfa_pmss; 1713 fp->rto = MIN(sctp->sctp_rto_initial, sctp->sctp_init_rto_max); 1714 fp->srtt = -1; 1715 fp->rtt_updates = 0; 1716 fp->strikes = 0; 1717 fp->max_retr = sctp->sctp_pp_max_rxt; 1718 /* Mark it as not confirmed. */ 1719 fp->state = SCTP_FADDRS_UNCONFIRMED; 1720 fp->hb_interval = sctp->sctp_hb_interval; 1721 fp->ssthresh = sctp_initial_ssthresh; 1722 fp->suna = 0; 1723 fp->pba = 0; 1724 fp->acked = 0; 1725 fp->lastactive = lbolt64; 1726 fp->timer_mp = NULL; 1727 fp->hb_pending = B_FALSE; 1728 fp->timer_running = 0; 1729 fp->df = 1; 1730 fp->pmtu_discovered = 0; 1731 fp->rc_timer_mp = NULL; 1732 fp->rc_timer_running = 0; 1733 fp->next = NULL; 1734 fp->ire = NULL; 1735 fp->T3expire = 0; 1736 (void) random_get_pseudo_bytes((uint8_t *)&fp->hb_secret, 1737 sizeof (fp->hb_secret)); 1738 fp->hb_expiry = lbolt64; 1739 1740 sctp_ire2faddr(sctp, fp); 1741 } 1742 1743 /*ARGSUSED*/ 1744 static void 1745 faddr_destructor(void *buf, void *cdrarg) 1746 { 1747 sctp_faddr_t *fp = buf; 1748 1749 ASSERT(fp->timer_mp == NULL); 1750 ASSERT(fp->timer_running == 0); 1751 1752 ASSERT(fp->rc_timer_mp == NULL); 1753 ASSERT(fp->rc_timer_running == 0); 1754 } 1755 1756 void 1757 sctp_faddr_init() 1758 { 1759 sctp_kmem_faddr_cache = kmem_cache_create("sctp_faddr_cache", 1760 sizeof (sctp_faddr_t), 0, NULL, faddr_destructor, 1761 NULL, NULL, NULL, 0); 1762 } 1763 1764 void 1765 sctp_faddr_fini() 1766 { 1767 kmem_cache_destroy(sctp_kmem_faddr_cache); 1768 } 1769