1 /* $KAME: sctp_pcb.c,v 1.39 2005/06/16 18:29:25 jinmei Exp $ */ 2 /* $NetBSD: sctp_pcb.c,v 1.17 2018/09/03 16:29:36 riastradh Exp $ */ 3 4 /* 5 * Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. All advertising materials mentioning features or use of this software 17 * must display the following acknowledgement: 18 * This product includes software developed by Cisco Systems, Inc. 19 * 4. Neither the name of the project nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY CISCO SYSTEMS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL CISCO SYSTEMS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 #include <sys/cdefs.h> 36 __KERNEL_RCSID(0, "$NetBSD: sctp_pcb.c,v 1.17 2018/09/03 16:29:36 riastradh Exp $"); 37 38 #ifdef _KERNEL_OPT 39 #include "opt_inet.h" 40 #include "opt_ipsec.h" 41 #include "opt_sctp.h" 42 #endif /* _KERNEL_OPT */ 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/malloc.h> 47 #include <sys/mbuf.h> 48 #include <sys/domain.h> 49 #include <sys/protosw.h> 50 #include <sys/socket.h> 51 #include <sys/socketvar.h> 52 #include <sys/proc.h> 53 #include <sys/kauth.h> 54 #include <sys/kernel.h> 55 #include <sys/sysctl.h> 56 #include <sys/rnd.h> 57 #include <sys/callout.h> 58 59 #include <machine/limits.h> 60 #include <machine/cpu.h> 61 62 #include <net/if.h> 63 #include <net/if_types.h> 64 #include <net/route.h> 65 #include <netinet/in.h> 66 #include <netinet/in_systm.h> 67 #include <netinet/ip.h> 68 #include <netinet/in_pcb.h> 69 #include <netinet/in_var.h> 70 #include <netinet/ip_var.h> 71 72 #ifdef INET6 73 #include <netinet/ip6.h> 74 #include <netinet6/ip6_var.h> 75 #include <netinet6/scope6_var.h> 76 #include <netinet6/in6_pcb.h> 77 #endif /* INET6 */ 78 79 #ifdef IPSEC 80 #include <netipsec/ipsec.h> 81 #include <netipsec/key.h> 82 #endif /* IPSEC */ 83 84 #include <netinet/sctp_var.h> 85 #include <netinet/sctp_pcb.h> 86 #include <netinet/sctputil.h> 87 #include <netinet/sctp.h> 88 #include <netinet/sctp_header.h> 89 #include <netinet/sctp_asconf.h> 90 #include <netinet/sctp_output.h> 91 #include <netinet/sctp_timer.h> 92 93 #ifndef SCTP_PCBHASHSIZE 94 /* default number of association hash buckets in each endpoint */ 95 #define SCTP_PCBHASHSIZE 256 96 #endif 97 98 #ifdef SCTP_DEBUG 99 u_int32_t sctp_debug_on = SCTP_DEBUG_ALL; 100 #endif /* SCTP_DEBUG */ 101 102 u_int32_t sctp_pegs[SCTP_NUMBER_OF_PEGS]; 103 104 int sctp_pcbtblsize = SCTP_PCBHASHSIZE; 105 106 struct sctp_epinfo sctppcbinfo; 107 108 /* FIX: we don't handle multiple link local scopes */ 109 /* "scopeless" replacement IN6_ARE_ADDR_EQUAL */ 110 int 111 SCTP6_ARE_ADDR_EQUAL(const struct in6_addr *a, const struct in6_addr *b) 112 { 113 struct in6_addr tmp_a, tmp_b; 114 /* use a copy of a and b */ 115 tmp_a = *a; 116 tmp_b = *b; 117 in6_clearscope(&tmp_a); 118 in6_clearscope(&tmp_b); 119 return (IN6_ARE_ADDR_EQUAL(&tmp_a, &tmp_b)); 120 } 121 122 #if defined(__FreeBSD__) && __FreeBSD_version > 500000 123 124 #ifndef xyzzy 125 void sctp_validate_no_locks(void); 126 127 void 128 SCTP_INP_RLOCK(struct sctp_inpcb *inp) 129 { 130 struct sctp_tcb *stcb; 131 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 132 if (mtx_owned(&(stcb)->tcb_mtx)) 133 panic("I own TCB lock?"); 134 } 135 if (mtx_owned(&(inp)->inp_mtx)) 136 panic("INP Recursive Lock-R"); 137 mtx_lock(&(inp)->inp_mtx); 138 } 139 140 void 141 SCTP_INP_WLOCK(struct sctp_inpcb *inp) 142 { 143 SCTP_INP_RLOCK(inp); 144 } 145 146 void 147 SCTP_INP_INFO_RLOCK() 148 { 149 struct sctp_inpcb *inp; 150 struct sctp_tcb *stcb; 151 LIST_FOREACH(inp, &sctppcbinfo.listhead, sctp_list) { 152 if (mtx_owned(&(inp)->inp_mtx)) 153 panic("info-lock and own inp lock?"); 154 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 155 if (mtx_owned(&(stcb)->tcb_mtx)) 156 panic("Info lock and own a tcb lock?"); 157 } 158 } 159 if (mtx_owned(&sctppcbinfo.ipi_ep_mtx)) 160 panic("INP INFO Recursive Lock-R"); 161 mtx_lock(&sctppcbinfo.ipi_ep_mtx); 162 } 163 164 void 165 SCTP_INP_INFO_WLOCK() 166 { 167 SCTP_INP_INFO_RLOCK(); 168 } 169 170 171 void sctp_validate_no_locks() 172 { 173 struct sctp_inpcb *inp; 174 struct sctp_tcb *stcb; 175 176 if (mtx_owned(&sctppcbinfo.ipi_ep_mtx)) 177 panic("INP INFO lock is owned?"); 178 179 LIST_FOREACH(inp, &sctppcbinfo.listhead, sctp_list) { 180 if (mtx_owned(&(inp)->inp_mtx)) 181 panic("You own an INP lock?"); 182 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 183 if (mtx_owned(&(stcb)->tcb_mtx)) 184 panic("You own a TCB lock?"); 185 } 186 } 187 } 188 189 #endif 190 #endif 191 192 void 193 sctp_fill_pcbinfo(struct sctp_pcbinfo *spcb) 194 { 195 /* We really don't need 196 * to lock this, but I will 197 * just because it does not hurt. 198 */ 199 SCTP_INP_INFO_RLOCK(); 200 spcb->ep_count = sctppcbinfo.ipi_count_ep; 201 spcb->asoc_count = sctppcbinfo.ipi_count_asoc; 202 spcb->laddr_count = sctppcbinfo.ipi_count_laddr; 203 spcb->raddr_count = sctppcbinfo.ipi_count_raddr; 204 spcb->chk_count = sctppcbinfo.ipi_count_chunk; 205 spcb->sockq_count = sctppcbinfo.ipi_count_sockq; 206 spcb->mbuf_track = sctppcbinfo.mbuf_track; 207 SCTP_INP_INFO_RUNLOCK(); 208 } 209 210 211 /* 212 * Notes on locks for FreeBSD 5 and up. All association 213 * lookups that have a definte ep, the INP structure is 214 * assumed to be locked for reading. If we need to go 215 * find the INP (ususally when a **inp is passed) then 216 * we must lock the INFO structure first and if needed 217 * lock the INP too. Note that if we lock it we must 218 * 219 */ 220 221 222 /* 223 * Given a endpoint, look and find in its association list any association 224 * with the "to" address given. This can be a "from" address, too, for 225 * inbound packets. For outbound packets it is a true "to" address. 226 */ 227 static struct sctp_tcb * 228 sctp_tcb_special_locate(struct sctp_inpcb **inp_p, struct sockaddr *from, 229 struct sockaddr *to, struct sctp_nets **netp) 230 { 231 /**** ASSUMSES THE CALLER holds the INP_INFO_RLOCK */ 232 233 /* 234 * Note for this module care must be taken when observing what to is 235 * for. In most of the rest of the code the TO field represents my 236 * peer and the FROM field represents my address. For this module it 237 * is reversed of that. 238 */ 239 /* 240 * If we support the TCP model, then we must now dig through to 241 * see if we can find our endpoint in the list of tcp ep's. 242 */ 243 uint16_t lport, rport; 244 struct sctppcbhead *ephead; 245 struct sctp_inpcb *inp; 246 struct sctp_laddr *laddr; 247 struct sctp_tcb *stcb; 248 struct sctp_nets *net; 249 250 if ((to == NULL) || (from == NULL)) { 251 return (NULL); 252 } 253 254 if (to->sa_family == AF_INET && from->sa_family == AF_INET) { 255 lport = ((struct sockaddr_in *)to)->sin_port; 256 rport = ((struct sockaddr_in *)from)->sin_port; 257 } else if (to->sa_family == AF_INET6 && from->sa_family == AF_INET6) { 258 lport = ((struct sockaddr_in6 *)to)->sin6_port; 259 rport = ((struct sockaddr_in6 *)from)->sin6_port; 260 } else { 261 return NULL; 262 } 263 ephead = &sctppcbinfo.sctp_tcpephash[SCTP_PCBHASH_ALLADDR( 264 (lport + rport), sctppcbinfo.hashtcpmark)]; 265 /* 266 * Ok now for each of the guys in this bucket we must look 267 * and see: 268 * - Does the remote port match. 269 * - Does there single association's addresses match this 270 * address (to). 271 * If so we update p_ep to point to this ep and return the 272 * tcb from it. 273 */ 274 LIST_FOREACH(inp, ephead, sctp_hash) { 275 if (lport != inp->sctp_lport) { 276 continue; 277 } 278 SCTP_INP_RLOCK(inp); 279 /* check to see if the ep has one of the addresses */ 280 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) { 281 /* We are NOT bound all, so look further */ 282 int match = 0; 283 284 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 285 if (laddr->ifa == NULL) { 286 #ifdef SCTP_DEBUG 287 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 288 printf("An ounce of prevention is worth a pound of cure\n"); 289 } 290 #endif 291 continue; 292 } 293 if (laddr->ifa->ifa_addr == NULL) { 294 #ifdef SCTP_DEBUG 295 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 296 printf("ifa with a NULL address\n"); 297 } 298 #endif 299 continue; 300 } 301 if (laddr->ifa->ifa_addr->sa_family == 302 to->sa_family) { 303 /* see if it matches */ 304 struct sockaddr_in *intf_addr, *sin; 305 intf_addr = (struct sockaddr_in *) 306 laddr->ifa->ifa_addr; 307 sin = (struct sockaddr_in *)to; 308 if (from->sa_family == AF_INET) { 309 if (sin->sin_addr.s_addr == 310 intf_addr->sin_addr.s_addr) { 311 match = 1; 312 SCTP_INP_RUNLOCK(inp); 313 break; 314 } 315 } else { 316 struct sockaddr_in6 *intf_addr6; 317 struct sockaddr_in6 *sin6; 318 sin6 = (struct sockaddr_in6 *) 319 to; 320 intf_addr6 = (struct sockaddr_in6 *) 321 laddr->ifa->ifa_addr; 322 323 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr, 324 &intf_addr6->sin6_addr)) { 325 match = 1; 326 SCTP_INP_RUNLOCK(inp); 327 break; 328 } 329 } 330 } 331 } 332 if (match == 0) { 333 /* This endpoint does not have this address */ 334 SCTP_INP_RUNLOCK(inp); 335 continue; 336 } 337 } 338 /* 339 * Ok if we hit here the ep has the address, does it hold the 340 * tcb? 341 */ 342 343 stcb = LIST_FIRST(&inp->sctp_asoc_list); 344 if (stcb == NULL) { 345 SCTP_INP_RUNLOCK(inp); 346 continue; 347 } 348 SCTP_TCB_LOCK(stcb); 349 if (stcb->rport != rport) { 350 /* remote port does not match. */ 351 SCTP_TCB_UNLOCK(stcb); 352 SCTP_INP_RUNLOCK(inp); 353 continue; 354 } 355 /* Does this TCB have a matching address? */ 356 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 357 if (sctp_cmpaddr(from, rtcache_getdst(&net->ro))) { 358 /* found it */ 359 if (netp != NULL) { 360 *netp = net; 361 } 362 /* Update the endpoint pointer */ 363 *inp_p = inp; 364 SCTP_INP_RUNLOCK(inp); 365 return (stcb); 366 } 367 } 368 SCTP_TCB_UNLOCK(stcb); 369 370 SCTP_INP_RUNLOCK(inp); 371 } 372 return (NULL); 373 } 374 375 struct sctp_tcb * 376 sctp_findassociation_ep_asconf(struct mbuf *m, int iphlen, int offset, 377 struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp) 378 { 379 struct sctp_tcb *stcb; 380 struct sockaddr_in *sin; 381 struct sockaddr_in6 *sin6; 382 struct sockaddr_storage local_store, remote_store; 383 struct ip *iph; 384 struct sctp_paramhdr parm_buf, *phdr; 385 int ptype; 386 387 memset(&local_store, 0, sizeof(local_store)); 388 memset(&remote_store, 0, sizeof(remote_store)); 389 390 /* First get the destination address setup too. */ 391 iph = mtod(m, struct ip *); 392 if (iph->ip_v == IPVERSION) { 393 /* its IPv4 */ 394 sin = (struct sockaddr_in *)&local_store; 395 sin->sin_family = AF_INET; 396 sin->sin_len = sizeof(*sin); 397 sin->sin_port = sh->dest_port; 398 sin->sin_addr.s_addr = iph->ip_dst.s_addr ; 399 } else if (iph->ip_v == (IPV6_VERSION >> 4)) { 400 /* its IPv6 */ 401 struct ip6_hdr *ip6; 402 ip6 = mtod(m, struct ip6_hdr *); 403 sin6 = (struct sockaddr_in6 *)&local_store; 404 sin6->sin6_family = AF_INET6; 405 sin6->sin6_len = sizeof(*sin6); 406 sin6->sin6_port = sh->dest_port; 407 sin6->sin6_addr = ip6->ip6_dst; 408 } else { 409 return NULL; 410 } 411 412 phdr = sctp_get_next_param(m, offset + sizeof(struct sctp_asconf_chunk), 413 &parm_buf, sizeof(struct sctp_paramhdr)); 414 if (phdr == NULL) { 415 #ifdef SCTP_DEBUG 416 if (sctp_debug_on & SCTP_DEBUG_INPUT3) { 417 printf("sctp_process_control: failed to get asconf lookup addr\n"); 418 } 419 #endif /* SCTP_DEBUG */ 420 return NULL; 421 } 422 ptype = (int)((u_int)ntohs(phdr->param_type)); 423 /* get the correlation address */ 424 if (ptype == SCTP_IPV6_ADDRESS) { 425 /* ipv6 address param */ 426 struct sctp_ipv6addr_param *p6, p6_buf; 427 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv6addr_param)) { 428 return NULL; 429 } 430 431 p6 = (struct sctp_ipv6addr_param *)sctp_get_next_param(m, 432 offset + sizeof(struct sctp_asconf_chunk), 433 &p6_buf.ph, sizeof(*p6)); 434 if (p6 == NULL) { 435 #ifdef SCTP_DEBUG 436 if (sctp_debug_on & SCTP_DEBUG_INPUT3) { 437 printf("sctp_process_control: failed to get asconf v6 lookup addr\n"); 438 } 439 #endif /* SCTP_DEBUG */ 440 return (NULL); 441 } 442 sin6 = (struct sockaddr_in6 *)&remote_store; 443 sin6->sin6_family = AF_INET6; 444 sin6->sin6_len = sizeof(*sin6); 445 sin6->sin6_port = sh->src_port; 446 memcpy(&sin6->sin6_addr, &p6->addr, sizeof(struct in6_addr)); 447 } else if (ptype == SCTP_IPV4_ADDRESS) { 448 /* ipv4 address param */ 449 struct sctp_ipv4addr_param *p4, p4_buf; 450 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv4addr_param)) { 451 return NULL; 452 } 453 454 p4 = (struct sctp_ipv4addr_param *)sctp_get_next_param(m, 455 offset + sizeof(struct sctp_asconf_chunk), 456 &p4_buf.ph, sizeof(*p4)); 457 if (p4 == NULL) { 458 #ifdef SCTP_DEBUG 459 if (sctp_debug_on & SCTP_DEBUG_INPUT3) { 460 printf("sctp_process_control: failed to get asconf v4 lookup addr\n"); 461 } 462 #endif /* SCTP_DEBUG */ 463 return (NULL); 464 } 465 sin = (struct sockaddr_in *)&remote_store; 466 sin->sin_family = AF_INET; 467 sin->sin_len = sizeof(*sin); 468 sin->sin_port = sh->src_port; 469 memcpy(&sin->sin_addr, &p4->addr, sizeof(struct in_addr)); 470 } else { 471 /* invalid address param type */ 472 return NULL; 473 } 474 475 stcb = sctp_findassociation_ep_addr(inp_p, 476 (struct sockaddr *)&remote_store, netp, 477 (struct sockaddr *)&local_store, NULL); 478 return (stcb); 479 } 480 481 struct sctp_tcb * 482 sctp_findassociation_ep_addr(struct sctp_inpcb **inp_p, struct sockaddr *remote, 483 struct sctp_nets **netp, struct sockaddr *local, struct sctp_tcb *locked_tcb) 484 { 485 struct sctpasochead *head; 486 struct sctp_inpcb *inp; 487 struct sctp_tcb *stcb; 488 struct sctp_nets *net; 489 uint16_t rport; 490 491 inp = *inp_p; 492 if (remote->sa_family == AF_INET) { 493 rport = (((struct sockaddr_in *)remote)->sin_port); 494 } else if (remote->sa_family == AF_INET6) { 495 rport = (((struct sockaddr_in6 *)remote)->sin6_port); 496 } else { 497 return (NULL); 498 } 499 if (locked_tcb) { 500 /* UN-lock so we can do proper locking here 501 * this occurs when called from load_addresses_from_init. 502 */ 503 SCTP_TCB_UNLOCK(locked_tcb); 504 } 505 SCTP_INP_INFO_RLOCK(); 506 if (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) { 507 /* 508 * Now either this guy is our listner or it's the connector. 509 * If it is the one that issued the connect, then it's only 510 * chance is to be the first TCB in the list. If it is the 511 * acceptor, then do the special_lookup to hash and find the 512 * real inp. 513 */ 514 if (inp->sctp_flags & SCTP_PCB_FLAGS_ACCEPTING) { 515 /* to is peer addr, from is my addr */ 516 stcb = sctp_tcb_special_locate(inp_p, remote, local, 517 netp); 518 if ((stcb != NULL) && (locked_tcb == NULL)){ 519 /* we have a locked tcb, lower refcount */ 520 SCTP_INP_WLOCK(inp); 521 SCTP_INP_DECR_REF(inp); 522 SCTP_INP_WUNLOCK(inp); 523 } 524 if (locked_tcb != NULL) { 525 SCTP_INP_RLOCK(locked_tcb->sctp_ep); 526 SCTP_TCB_LOCK(locked_tcb); 527 SCTP_INP_RUNLOCK(locked_tcb->sctp_ep); 528 if (stcb != NULL) { 529 SCTP_TCB_UNLOCK(stcb); 530 } 531 } 532 SCTP_INP_INFO_RUNLOCK(); 533 return (stcb); 534 } else { 535 SCTP_INP_WLOCK(inp); 536 stcb = LIST_FIRST(&inp->sctp_asoc_list); 537 if (stcb == NULL) { 538 goto null_return; 539 } 540 SCTP_TCB_LOCK(stcb); 541 if (stcb->rport != rport) { 542 /* remote port does not match. */ 543 SCTP_TCB_UNLOCK(stcb); 544 goto null_return; 545 } 546 /* now look at the list of remote addresses */ 547 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 548 if (sctp_cmpaddr(remote, rtcache_getdst(&net->ro))) { 549 /* found it */ 550 if (netp != NULL) { 551 *netp = net; 552 } 553 if (locked_tcb == NULL) { 554 SCTP_INP_DECR_REF(inp); 555 } 556 SCTP_INP_WUNLOCK(inp); 557 SCTP_INP_INFO_RUNLOCK(); 558 return (stcb); 559 } 560 } 561 SCTP_TCB_UNLOCK(stcb); 562 } 563 } else { 564 SCTP_INP_WLOCK(inp); 565 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(rport, 566 inp->sctp_hashmark)]; 567 if (head == NULL) { 568 goto null_return; 569 } 570 LIST_FOREACH(stcb, head, sctp_tcbhash) { 571 if (stcb->rport != rport) { 572 /* remote port does not match */ 573 continue; 574 } 575 /* now look at the list of remote addresses */ 576 SCTP_TCB_LOCK(stcb); 577 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 578 if (sctp_cmpaddr(remote, rtcache_getdst(&net->ro))) { 579 /* found it */ 580 if (netp != NULL) { 581 *netp = net; 582 } 583 if (locked_tcb == NULL) { 584 SCTP_INP_DECR_REF(inp); 585 } 586 SCTP_INP_WUNLOCK(inp); 587 SCTP_INP_INFO_RUNLOCK(); 588 return (stcb); 589 } 590 } 591 SCTP_TCB_UNLOCK(stcb); 592 } 593 } 594 null_return: 595 /* clean up for returning null */ 596 if (locked_tcb){ 597 if (locked_tcb->sctp_ep != inp) { 598 SCTP_INP_RLOCK(locked_tcb->sctp_ep); 599 SCTP_TCB_LOCK(locked_tcb); 600 SCTP_INP_RUNLOCK(locked_tcb->sctp_ep); 601 } else { 602 SCTP_TCB_LOCK(locked_tcb); 603 } 604 } 605 SCTP_INP_WUNLOCK(inp); 606 SCTP_INP_INFO_RUNLOCK(); 607 /* not found */ 608 return (NULL); 609 } 610 611 /* 612 * Find an association for a specific endpoint using the association id 613 * given out in the COMM_UP notification 614 */ 615 struct sctp_tcb * 616 sctp_findassociation_ep_asocid(struct sctp_inpcb *inp, vaddr_t asoc_id) 617 { 618 /* 619 * Use my the assoc_id to find a endpoint 620 */ 621 struct sctpasochead *head; 622 struct sctp_tcb *stcb; 623 u_int32_t vtag; 624 625 if (asoc_id == 0 || inp == NULL) { 626 return (NULL); 627 } 628 SCTP_INP_INFO_RLOCK(); 629 vtag = (u_int32_t)asoc_id; 630 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(vtag, 631 sctppcbinfo.hashasocmark)]; 632 if (head == NULL) { 633 /* invalid vtag */ 634 SCTP_INP_INFO_RUNLOCK(); 635 return (NULL); 636 } 637 LIST_FOREACH(stcb, head, sctp_asocs) { 638 SCTP_INP_RLOCK(stcb->sctp_ep); 639 SCTP_TCB_LOCK(stcb); 640 SCTP_INP_RUNLOCK(stcb->sctp_ep); 641 if (stcb->asoc.my_vtag == vtag) { 642 /* candidate */ 643 if (inp != stcb->sctp_ep) { 644 /* some other guy has the 645 * same vtag active (vtag collision). 646 */ 647 sctp_pegs[SCTP_VTAG_BOGUS]++; 648 SCTP_TCB_UNLOCK(stcb); 649 continue; 650 } 651 sctp_pegs[SCTP_VTAG_EXPR]++; 652 SCTP_INP_INFO_RUNLOCK(); 653 return (stcb); 654 } 655 SCTP_TCB_UNLOCK(stcb); 656 } 657 SCTP_INP_INFO_RUNLOCK(); 658 return (NULL); 659 } 660 661 static struct sctp_inpcb * 662 sctp_endpoint_probe(struct sockaddr *nam, struct sctppcbhead *head, 663 uint16_t lport) 664 { 665 struct sctp_inpcb *inp; 666 struct sockaddr_in *sin; 667 struct sockaddr_in6 *sin6; 668 struct sctp_laddr *laddr; 669 670 /* Endpoing probe expects 671 * that the INP_INFO is locked. 672 */ 673 if (nam->sa_family == AF_INET) { 674 sin = (struct sockaddr_in *)nam; 675 sin6 = NULL; 676 } else if (nam->sa_family == AF_INET6) { 677 sin6 = (struct sockaddr_in6 *)nam; 678 sin = NULL; 679 } else { 680 /* unsupported family */ 681 return (NULL); 682 } 683 if (head == NULL) 684 return (NULL); 685 686 LIST_FOREACH(inp, head, sctp_hash) { 687 SCTP_INP_RLOCK(inp); 688 689 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) && 690 (inp->sctp_lport == lport)) { 691 /* got it */ 692 if ((nam->sa_family == AF_INET) && 693 (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 694 (((struct in6pcb *)inp)->in6p_flags & IN6P_IPV6_V6ONLY) 695 ) { 696 /* IPv4 on a IPv6 socket with ONLY IPv6 set */ 697 SCTP_INP_RUNLOCK(inp); 698 continue; 699 } 700 /* A V6 address and the endpoint is NOT bound V6 */ 701 if (nam->sa_family == AF_INET6 && 702 (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 703 SCTP_INP_RUNLOCK(inp); 704 continue; 705 } 706 SCTP_INP_RUNLOCK(inp); 707 return (inp); 708 } 709 SCTP_INP_RUNLOCK(inp); 710 } 711 712 if ((nam->sa_family == AF_INET) && 713 (sin->sin_addr.s_addr == INADDR_ANY)) { 714 /* Can't hunt for one that has no address specified */ 715 return (NULL); 716 } else if ((nam->sa_family == AF_INET6) && 717 (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))) { 718 /* Can't hunt for one that has no address specified */ 719 return (NULL); 720 } 721 /* 722 * ok, not bound to all so see if we can find a EP bound to this 723 * address. 724 */ 725 #ifdef SCTP_DEBUG 726 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 727 printf("Ok, there is NO bound-all available for port:%x\n", ntohs(lport)); 728 } 729 #endif 730 LIST_FOREACH(inp, head, sctp_hash) { 731 SCTP_INP_RLOCK(inp); 732 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL)) { 733 SCTP_INP_RUNLOCK(inp); 734 continue; 735 } 736 /* 737 * Ok this could be a likely candidate, look at all of 738 * its addresses 739 */ 740 if (inp->sctp_lport != lport) { 741 SCTP_INP_RUNLOCK(inp); 742 continue; 743 } 744 #ifdef SCTP_DEBUG 745 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 746 printf("Ok, found maching local port\n"); 747 } 748 #endif 749 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 750 if (laddr->ifa == NULL) { 751 #ifdef SCTP_DEBUG 752 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 753 printf("An ounce of prevention is worth a pound of cure\n"); 754 } 755 #endif 756 continue; 757 } 758 #ifdef SCTP_DEBUG 759 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 760 printf("Ok laddr->ifa:%p is possible, ", 761 laddr->ifa); 762 } 763 #endif 764 if (laddr->ifa->ifa_addr == NULL) { 765 #ifdef SCTP_DEBUG 766 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 767 printf("Huh IFA as an ifa_addr=NULL, "); 768 } 769 #endif 770 continue; 771 } 772 #ifdef SCTP_DEBUG 773 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 774 printf("Ok laddr->ifa:%p is possible, ", 775 laddr->ifa->ifa_addr); 776 sctp_print_address(laddr->ifa->ifa_addr); 777 printf("looking for "); 778 sctp_print_address(nam); 779 } 780 #endif 781 if (laddr->ifa->ifa_addr->sa_family == nam->sa_family) { 782 /* possible, see if it matches */ 783 struct sockaddr_in *intf_addr; 784 intf_addr = (struct sockaddr_in *) 785 laddr->ifa->ifa_addr; 786 if (nam->sa_family == AF_INET) { 787 if (sin->sin_addr.s_addr == 788 intf_addr->sin_addr.s_addr) { 789 #ifdef SCTP_DEBUG 790 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 791 printf("YES, return ep:%p\n", inp); 792 } 793 #endif 794 SCTP_INP_RUNLOCK(inp); 795 return (inp); 796 } 797 } else if (nam->sa_family == AF_INET6) { 798 struct sockaddr_in6 *intf_addr6; 799 intf_addr6 = (struct sockaddr_in6 *) 800 laddr->ifa->ifa_addr; 801 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr, 802 &intf_addr6->sin6_addr)) { 803 #ifdef SCTP_DEBUG 804 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 805 printf("YES, return ep:%p\n", inp); 806 } 807 #endif 808 SCTP_INP_RUNLOCK(inp); 809 return (inp); 810 } 811 } 812 } 813 SCTP_INP_RUNLOCK(inp); 814 } 815 } 816 #ifdef SCTP_DEBUG 817 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 818 printf("NO, Falls out to NULL\n"); 819 } 820 #endif 821 return (NULL); 822 } 823 824 825 struct sctp_inpcb * 826 sctp_pcb_findep(struct sockaddr *nam, int find_tcp_pool, int have_lock) 827 { 828 /* 829 * First we check the hash table to see if someone has this port 830 * bound with just the port. 831 */ 832 struct sctp_inpcb *inp; 833 struct sctppcbhead *head; 834 int lport; 835 #ifdef SCTP_DEBUG 836 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 837 printf("Looking for endpoint %d :", 838 ntohs(((struct sockaddr_in *)nam)->sin_port)); 839 sctp_print_address(nam); 840 } 841 #endif 842 if (nam->sa_family == AF_INET) { 843 lport = ((struct sockaddr_in *)nam)->sin_port; 844 } else if (nam->sa_family == AF_INET6) { 845 lport = ((struct sockaddr_in6 *)nam)->sin6_port; 846 } else { 847 /* unsupported family */ 848 return (NULL); 849 } 850 /* 851 * I could cheat here and just cast to one of the types but we will 852 * do it right. It also provides the check against an Unsupported 853 * type too. 854 */ 855 /* Find the head of the ALLADDR chain */ 856 if (have_lock == 0) { 857 SCTP_INP_INFO_RLOCK(); 858 } 859 head = &sctppcbinfo.sctp_ephash[SCTP_PCBHASH_ALLADDR(lport, 860 sctppcbinfo.hashmark)]; 861 #ifdef SCTP_DEBUG 862 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 863 printf("Main hash to lookup at head:%p\n", head); 864 } 865 #endif 866 inp = sctp_endpoint_probe(nam, head, lport); 867 868 /* 869 * If the TCP model exists it could be that the main listening 870 * endpoint is gone but there exists a connected socket for this 871 * guy yet. If so we can return the first one that we find. This 872 * may NOT be the correct one but the sctp_findassociation_ep_addr 873 * has further code to look at all TCP models. 874 */ 875 if (inp == NULL && find_tcp_pool) { 876 unsigned int i; 877 #ifdef SCTP_DEBUG 878 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 879 printf("EP was NULL and TCP model is supported\n"); 880 } 881 #endif 882 for (i = 0; i < sctppcbinfo.hashtblsize; i++) { 883 /* 884 * This is real gross, but we do NOT have a remote 885 * port at this point depending on who is calling. We 886 * must therefore look for ANY one that matches our 887 * local port :/ 888 */ 889 head = &sctppcbinfo.sctp_tcpephash[i]; 890 if (LIST_FIRST(head)) { 891 inp = sctp_endpoint_probe(nam, head, lport); 892 if (inp) { 893 /* Found one */ 894 break; 895 } 896 } 897 } 898 } 899 #ifdef SCTP_DEBUG 900 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 901 printf("EP to return is %p\n", inp); 902 } 903 #endif 904 if (have_lock == 0) { 905 if (inp) { 906 SCTP_INP_WLOCK(inp); 907 SCTP_INP_INCR_REF(inp); 908 SCTP_INP_WUNLOCK(inp); 909 } 910 SCTP_INP_INFO_RUNLOCK(); 911 } else { 912 if (inp) { 913 SCTP_INP_WLOCK(inp); 914 SCTP_INP_INCR_REF(inp); 915 SCTP_INP_WUNLOCK(inp); 916 } 917 } 918 return (inp); 919 } 920 921 /* 922 * Find an association for an endpoint with the pointer to whom you want 923 * to send to and the endpoint pointer. The address can be IPv4 or IPv6. 924 * We may need to change the *to to some other struct like a mbuf... 925 */ 926 struct sctp_tcb * 927 sctp_findassociation_addr_sa(struct sockaddr *to, struct sockaddr *from, 928 struct sctp_inpcb **inp_p, struct sctp_nets **netp, int find_tcp_pool) 929 { 930 struct sctp_inpcb *inp; 931 struct sctp_tcb *retval; 932 933 SCTP_INP_INFO_RLOCK(); 934 if (find_tcp_pool) { 935 if (inp_p != NULL) { 936 retval = sctp_tcb_special_locate(inp_p, from, to, netp); 937 } else { 938 retval = sctp_tcb_special_locate(&inp, from, to, netp); 939 } 940 if (retval != NULL) { 941 SCTP_INP_INFO_RUNLOCK(); 942 return (retval); 943 } 944 } 945 inp = sctp_pcb_findep(to, 0, 1); 946 if (inp_p != NULL) { 947 *inp_p = inp; 948 } 949 SCTP_INP_INFO_RUNLOCK(); 950 951 if (inp == NULL) { 952 return (NULL); 953 } 954 955 /* 956 * ok, we have an endpoint, now lets find the assoc for it (if any) 957 * we now place the source address or from in the to of the find 958 * endpoint call. Since in reality this chain is used from the 959 * inbound packet side. 960 */ 961 if (inp_p != NULL) { 962 return (sctp_findassociation_ep_addr(inp_p, from, netp, to, NULL)); 963 } else { 964 return (sctp_findassociation_ep_addr(&inp, from, netp, to, NULL)); 965 } 966 } 967 968 969 /* 970 * This routine will grub through the mbuf that is a INIT or INIT-ACK and 971 * find all addresses that the sender has specified in any address list. 972 * Each address will be used to lookup the TCB and see if one exits. 973 */ 974 static struct sctp_tcb * 975 sctp_findassociation_special_addr(struct mbuf *m, int iphlen, int offset, 976 struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp, 977 struct sockaddr *dest) 978 { 979 struct sockaddr_in sin4; 980 struct sockaddr_in6 sin6; 981 struct sctp_paramhdr *phdr, parm_buf; 982 struct sctp_tcb *retval; 983 u_int32_t ptype, plen; 984 985 memset(&sin4, 0, sizeof(sin4)); 986 memset(&sin6, 0, sizeof(sin6)); 987 sin4.sin_len = sizeof(sin4); 988 sin4.sin_family = AF_INET; 989 sin4.sin_port = sh->src_port; 990 sin6.sin6_len = sizeof(sin6); 991 sin6.sin6_family = AF_INET6; 992 sin6.sin6_port = sh->src_port; 993 994 retval = NULL; 995 offset += sizeof(struct sctp_init_chunk); 996 997 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf)); 998 while (phdr != NULL) { 999 /* now we must see if we want the parameter */ 1000 ptype = ntohs(phdr->param_type); 1001 plen = ntohs(phdr->param_length); 1002 if (plen == 0) { 1003 #ifdef SCTP_DEBUG 1004 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 1005 printf("sctp_findassociation_special_addr: Impossible length in parameter\n"); 1006 } 1007 #endif /* SCTP_DEBUG */ 1008 break; 1009 } 1010 if (ptype == SCTP_IPV4_ADDRESS && 1011 plen == sizeof(struct sctp_ipv4addr_param)) { 1012 /* Get the rest of the address */ 1013 struct sctp_ipv4addr_param ip4_parm, *p4; 1014 1015 phdr = sctp_get_next_param(m, offset, 1016 (struct sctp_paramhdr *)&ip4_parm, plen); 1017 if (phdr == NULL) { 1018 return (NULL); 1019 } 1020 p4 = (struct sctp_ipv4addr_param *)phdr; 1021 memcpy(&sin4.sin_addr, &p4->addr, sizeof(p4->addr)); 1022 /* look it up */ 1023 retval = sctp_findassociation_ep_addr(inp_p, 1024 (struct sockaddr *)&sin4, netp, dest, NULL); 1025 if (retval != NULL) { 1026 return (retval); 1027 } 1028 } else if (ptype == SCTP_IPV6_ADDRESS && 1029 plen == sizeof(struct sctp_ipv6addr_param)) { 1030 /* Get the rest of the address */ 1031 struct sctp_ipv6addr_param ip6_parm, *p6; 1032 1033 phdr = sctp_get_next_param(m, offset, 1034 (struct sctp_paramhdr *)&ip6_parm, plen); 1035 if (phdr == NULL) { 1036 return (NULL); 1037 } 1038 p6 = (struct sctp_ipv6addr_param *)phdr; 1039 memcpy(&sin6.sin6_addr, &p6->addr, sizeof(p6->addr)); 1040 /* look it up */ 1041 retval = sctp_findassociation_ep_addr(inp_p, 1042 (struct sockaddr *)&sin6, netp, dest, NULL); 1043 if (retval != NULL) { 1044 return (retval); 1045 } 1046 } 1047 offset += SCTP_SIZE32(plen); 1048 phdr = sctp_get_next_param(m, offset, &parm_buf, 1049 sizeof(parm_buf)); 1050 } 1051 return (NULL); 1052 } 1053 1054 static struct sctp_tcb * 1055 sctp_findassoc_by_vtag(struct sockaddr *from, uint32_t vtag, 1056 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint16_t rport, 1057 uint16_t lport) 1058 { 1059 /* 1060 * Use my vtag to hash. If we find it we then verify the source addr 1061 * is in the assoc. If all goes well we save a bit on rec of a packet. 1062 */ 1063 struct sctpasochead *head; 1064 struct sctp_nets *net; 1065 struct sctp_tcb *stcb; 1066 1067 SCTP_INP_INFO_RLOCK(); 1068 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(vtag, 1069 sctppcbinfo.hashasocmark)]; 1070 if (head == NULL) { 1071 /* invalid vtag */ 1072 SCTP_INP_INFO_RUNLOCK(); 1073 return (NULL); 1074 } 1075 LIST_FOREACH(stcb, head, sctp_asocs) { 1076 SCTP_INP_RLOCK(stcb->sctp_ep); 1077 SCTP_TCB_LOCK(stcb); 1078 SCTP_INP_RUNLOCK(stcb->sctp_ep); 1079 if (stcb->asoc.my_vtag == vtag) { 1080 /* candidate */ 1081 if (stcb->rport != rport) { 1082 /* 1083 * we could remove this if vtags are unique 1084 * across the system. 1085 */ 1086 SCTP_TCB_UNLOCK(stcb); 1087 continue; 1088 } 1089 if (stcb->sctp_ep->sctp_lport != lport) { 1090 /* 1091 * we could remove this if vtags are unique 1092 * across the system. 1093 */ 1094 SCTP_TCB_UNLOCK(stcb); 1095 continue; 1096 } 1097 net = sctp_findnet(stcb, from); 1098 if (net) { 1099 /* yep its him. */ 1100 *netp = net; 1101 sctp_pegs[SCTP_VTAG_EXPR]++; 1102 *inp_p = stcb->sctp_ep; 1103 SCTP_INP_INFO_RUNLOCK(); 1104 return (stcb); 1105 } else { 1106 /* not him, this should only 1107 * happen in rare cases so 1108 * I peg it. 1109 */ 1110 sctp_pegs[SCTP_VTAG_BOGUS]++; 1111 } 1112 } 1113 SCTP_TCB_UNLOCK(stcb); 1114 } 1115 SCTP_INP_INFO_RUNLOCK(); 1116 return (NULL); 1117 } 1118 1119 /* 1120 * Find an association with the pointer to the inbound IP packet. This 1121 * can be a IPv4 or IPv6 packet. 1122 */ 1123 struct sctp_tcb * 1124 sctp_findassociation_addr(struct mbuf *m, int iphlen, int offset, 1125 struct sctphdr *sh, struct sctp_chunkhdr *ch, 1126 struct sctp_inpcb **inp_p, struct sctp_nets **netp) 1127 { 1128 int find_tcp_pool; 1129 struct ip *iph; 1130 struct sctp_tcb *retval; 1131 struct sockaddr_storage to_store, from_store; 1132 struct sockaddr *to = (struct sockaddr *)&to_store; 1133 struct sockaddr *from = (struct sockaddr *)&from_store; 1134 struct sctp_inpcb *inp; 1135 1136 1137 iph = mtod(m, struct ip *); 1138 if (iph->ip_v == IPVERSION) { 1139 /* its IPv4 */ 1140 struct sockaddr_in *to4, *from4; 1141 1142 to4 = (struct sockaddr_in *)&to_store; 1143 from4 = (struct sockaddr_in *)&from_store; 1144 memset(to4, 0, sizeof(*to4)); 1145 memset(from4, 0, sizeof(*from4)); 1146 from4->sin_family = to4->sin_family = AF_INET; 1147 from4->sin_len = to4->sin_len = sizeof(struct sockaddr_in); 1148 from4->sin_addr.s_addr = iph->ip_src.s_addr; 1149 to4->sin_addr.s_addr = iph->ip_dst.s_addr ; 1150 from4->sin_port = sh->src_port; 1151 to4->sin_port = sh->dest_port; 1152 } else if (iph->ip_v == (IPV6_VERSION >> 4)) { 1153 /* its IPv6 */ 1154 struct ip6_hdr *ip6; 1155 struct sockaddr_in6 *to6, *from6; 1156 1157 ip6 = mtod(m, struct ip6_hdr *); 1158 to6 = (struct sockaddr_in6 *)&to_store; 1159 from6 = (struct sockaddr_in6 *)&from_store; 1160 memset(to6, 0, sizeof(*to6)); 1161 memset(from6, 0, sizeof(*from6)); 1162 from6->sin6_family = to6->sin6_family = AF_INET6; 1163 from6->sin6_len = to6->sin6_len = sizeof(struct sockaddr_in6); 1164 from6->sin6_addr = ip6->ip6_src; 1165 to6->sin6_addr = ip6->ip6_dst; 1166 from6->sin6_port = sh->src_port; 1167 to6->sin6_port = sh->dest_port; 1168 /* Get the scopes in properly to the sin6 addr's */ 1169 #if defined(SCTP_BASE_FREEBSD) || defined(__APPLE__) 1170 /* We probably don't need this operation (jinmei@kame) */ 1171 (void)in6_recoverscope(to6, &to6->sin6_addr, NULL); 1172 (void)in6_embedscope(&to6->sin6_addr, to6, NULL, NULL); 1173 1174 (void)in6_recoverscope(from6, &from6->sin6_addr, NULL); 1175 (void)in6_embedscope(&from6->sin6_addr, from6, NULL, NULL); 1176 #endif 1177 } else { 1178 /* Currently not supported. */ 1179 return (NULL); 1180 } 1181 #ifdef SCTP_DEBUG 1182 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 1183 printf("Looking for port %d address :", 1184 ntohs(((struct sockaddr_in *)to)->sin_port)); 1185 sctp_print_address(to); 1186 printf("From for port %d address :", 1187 ntohs(((struct sockaddr_in *)from)->sin_port)); 1188 sctp_print_address(from); 1189 } 1190 #endif 1191 1192 if (sh->v_tag) { 1193 /* we only go down this path if vtag is non-zero */ 1194 retval = sctp_findassoc_by_vtag(from, ntohl(sh->v_tag), 1195 inp_p, netp, sh->src_port, sh->dest_port); 1196 if (retval) { 1197 return (retval); 1198 } 1199 } 1200 find_tcp_pool = 0; 1201 if ((ch->chunk_type != SCTP_INITIATION) && 1202 (ch->chunk_type != SCTP_INITIATION_ACK) && 1203 (ch->chunk_type != SCTP_COOKIE_ACK) && 1204 (ch->chunk_type != SCTP_COOKIE_ECHO)) { 1205 /* Other chunk types go to the tcp pool. */ 1206 find_tcp_pool = 1; 1207 } 1208 if (inp_p) { 1209 retval = sctp_findassociation_addr_sa(to, from, inp_p, netp, 1210 find_tcp_pool); 1211 inp = *inp_p; 1212 } else { 1213 retval = sctp_findassociation_addr_sa(to, from, &inp, netp, 1214 find_tcp_pool); 1215 } 1216 #ifdef SCTP_DEBUG 1217 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 1218 printf("retval:%p inp:%p\n", retval, inp); 1219 } 1220 #endif 1221 if (retval == NULL && inp) { 1222 /* Found a EP but not this address */ 1223 #ifdef SCTP_DEBUG 1224 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 1225 printf("Found endpoint %p but no asoc - ep state:%x\n", 1226 inp, inp->sctp_flags); 1227 } 1228 #endif 1229 if ((ch->chunk_type == SCTP_INITIATION) || 1230 (ch->chunk_type == SCTP_INITIATION_ACK)) { 1231 /* 1232 * special hook, we do NOT return linp or an 1233 * association that is linked to an existing 1234 * association that is under the TCP pool (i.e. no 1235 * listener exists). The endpoint finding routine 1236 * will always find a listner before examining the 1237 * TCP pool. 1238 */ 1239 if (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) { 1240 #ifdef SCTP_DEBUG 1241 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 1242 printf("Gak, its in the TCP pool... return NULL"); 1243 } 1244 #endif 1245 if (inp_p) { 1246 *inp_p = NULL; 1247 } 1248 return (NULL); 1249 } 1250 #ifdef SCTP_DEBUG 1251 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 1252 printf("Now doing SPECIAL find\n"); 1253 } 1254 #endif 1255 retval = sctp_findassociation_special_addr(m, iphlen, 1256 offset, sh, inp_p, netp, to); 1257 } 1258 } 1259 #ifdef SCTP_DEBUG 1260 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 1261 printf("retval is %p\n", retval); 1262 } 1263 #endif 1264 return (retval); 1265 } 1266 1267 extern int sctp_max_burst_default; 1268 1269 extern unsigned int sctp_delayed_sack_time_default; 1270 extern unsigned int sctp_heartbeat_interval_default; 1271 extern unsigned int sctp_pmtu_raise_time_default; 1272 extern unsigned int sctp_shutdown_guard_time_default; 1273 extern unsigned int sctp_secret_lifetime_default; 1274 1275 extern unsigned int sctp_rto_max_default; 1276 extern unsigned int sctp_rto_min_default; 1277 extern unsigned int sctp_rto_initial_default; 1278 extern unsigned int sctp_init_rto_max_default; 1279 extern unsigned int sctp_valid_cookie_life_default; 1280 extern unsigned int sctp_init_rtx_max_default; 1281 extern unsigned int sctp_assoc_rtx_max_default; 1282 extern unsigned int sctp_path_rtx_max_default; 1283 extern unsigned int sctp_nr_outgoing_streams_default; 1284 1285 /* 1286 * allocate a sctp_inpcb and setup a temporary binding to a port/all 1287 * addresses. This way if we don't get a bind we by default pick a ephemeral 1288 * port with all addresses bound. 1289 */ 1290 int 1291 sctp_inpcb_alloc(struct socket *so) 1292 { 1293 /* 1294 * we get called when a new endpoint starts up. We need to allocate 1295 * the sctp_inpcb structure from the zone and init it. Mark it as 1296 * unbound and find a port that we can use as an ephemeral with 1297 * INADDR_ANY. If the user binds later no problem we can then add 1298 * in the specific addresses. And setup the default parameters for 1299 * the EP. 1300 */ 1301 int i, error; 1302 struct sctp_inpcb *inp; 1303 #ifdef DEBUG 1304 struct sctp_inpcb *n_inp; 1305 #endif 1306 #ifdef IPSEC 1307 struct inpcbpolicy *pcb_sp = NULL; 1308 #endif 1309 struct sctp_pcb *m; 1310 struct timeval time; 1311 1312 error = 0; 1313 1314 /* Hack alert: 1315 * 1316 * This code audits the entire INP list to see if 1317 * any ep's that are in the GONE state are now 1318 * all free. This should not happen really since when 1319 * the last association if freed we should end up deleting 1320 * the inpcb. This code including the locks should 1321 * be taken out ... since the last set of fixes I 1322 * have not seen the "Found a GONE on list" has not 1323 * came out. But i am paranoid and we will leave this 1324 * in at the cost of efficency on allocation of PCB's. 1325 * Probably we should move this to the invariant 1326 * compile options 1327 */ 1328 #ifdef DEBUG 1329 SCTP_INP_INFO_RLOCK(); 1330 inp = LIST_FIRST(&sctppcbinfo.listhead); 1331 while (inp) { 1332 n_inp = LIST_NEXT(inp, sctp_list); 1333 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 1334 if (LIST_FIRST(&inp->sctp_asoc_list) == NULL) { 1335 /* finish the job now */ 1336 printf("Found a GONE on list\n"); 1337 SCTP_INP_INFO_RUNLOCK(); 1338 sctp_inpcb_free(inp, 1); 1339 SCTP_INP_INFO_RLOCK(); 1340 } 1341 } 1342 inp = n_inp; 1343 } 1344 SCTP_INP_INFO_RUNLOCK(); 1345 #endif /* DEBUG */ 1346 1347 SCTP_INP_INFO_WLOCK(); 1348 inp = (struct sctp_inpcb *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_ep); 1349 if (inp == NULL) { 1350 printf("Out of SCTP-INPCB structures - no resources\n"); 1351 SCTP_INP_INFO_WUNLOCK(); 1352 return (ENOBUFS); 1353 } 1354 1355 /* zap it */ 1356 memset(inp, 0, sizeof(*inp)); 1357 1358 /* setup socket pointers */ 1359 inp->sctp_socket = so; 1360 1361 /* setup inpcb socket too */ 1362 inp->ip_inp.inp.inp_socket = so; 1363 inp->sctp_frag_point = SCTP_DEFAULT_MAXSEGMENT; 1364 #ifdef IPSEC 1365 if (ipsec_enabled) { 1366 error = ipsec_init_pcbpolicy(so, &pcb_sp); 1367 if (error != 0) { 1368 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp); 1369 SCTP_INP_INFO_WUNLOCK(); 1370 return error; 1371 } 1372 /* Arrange to share the policy */ 1373 inp->ip_inp.inp.inp_sp = pcb_sp; 1374 pcb_sp->sp_inph = (struct inpcb_hdr *)inp; 1375 } 1376 #endif /* IPSEC */ 1377 sctppcbinfo.ipi_count_ep++; 1378 inp->inp_ip_ttl = ip_defttl; 1379 inp->inp_ip_tos = 0; 1380 1381 so->so_pcb = (void *)inp; 1382 1383 if ((so->so_type == SOCK_DGRAM) || 1384 (so->so_type == SOCK_SEQPACKET)) { 1385 /* UDP style socket */ 1386 inp->sctp_flags = (SCTP_PCB_FLAGS_UDPTYPE | 1387 SCTP_PCB_FLAGS_UNBOUND); 1388 inp->sctp_flags |= (SCTP_PCB_FLAGS_RECVDATAIOEVNT); 1389 /* Be sure it is NON-BLOCKING IO for UDP */ 1390 /*so->so_state |= SS_NBIO;*/ 1391 } else if (so->so_type == SOCK_STREAM) { 1392 /* TCP style socket */ 1393 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE | 1394 SCTP_PCB_FLAGS_UNBOUND); 1395 inp->sctp_flags |= (SCTP_PCB_FLAGS_RECVDATAIOEVNT); 1396 /* Be sure we have blocking IO bu default */ 1397 so->so_state &= ~SS_NBIO; 1398 } else { 1399 /* 1400 * unsupported socket type (RAW, etc)- in case we missed 1401 * it in protosw 1402 */ 1403 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp); 1404 SCTP_INP_INFO_WUNLOCK(); 1405 return (EOPNOTSUPP); 1406 } 1407 inp->sctp_tcbhash = SCTP_ZONE_GET(sctppcbinfo.ipi_zone_hash); 1408 if (inp->sctp_tcbhash == NULL) { 1409 printf("Out of SCTP-INPCB->hashinit - no resources\n"); 1410 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp); 1411 SCTP_INP_INFO_WUNLOCK(); 1412 return (ENOBUFS); 1413 } else { 1414 for (i = 0; i < sctp_pcbtblsize; i++) 1415 LIST_INIT(&inp->sctp_tcbhash[i]); 1416 for (i = 1; i < sctp_pcbtblsize; i <<= 1) 1417 continue; 1418 inp->sctp_hashmark = i - 1; 1419 } 1420 /* LOCK init's */ 1421 SCTP_INP_LOCK_INIT(inp); 1422 SCTP_ASOC_CREATE_LOCK_INIT(inp); 1423 /* lock the new ep */ 1424 SCTP_INP_WLOCK(inp); 1425 1426 /* add it to the info area */ 1427 LIST_INSERT_HEAD(&sctppcbinfo.listhead, inp, sctp_list); 1428 SCTP_INP_INFO_WUNLOCK(); 1429 1430 LIST_INIT(&inp->sctp_addr_list); 1431 LIST_INIT(&inp->sctp_asoc_list); 1432 TAILQ_INIT(&inp->sctp_queue_list); 1433 /* Init the timer structure for signature change */ 1434 callout_init(&inp->sctp_ep.signature_change.timer, 0); 1435 inp->sctp_ep.signature_change.type = SCTP_TIMER_TYPE_NEWCOOKIE; 1436 1437 /* now init the actual endpoint default data */ 1438 m = &inp->sctp_ep; 1439 1440 /* setup the base timeout information */ 1441 m->sctp_timeoutticks[SCTP_TIMER_SEND] = SEC_TO_TICKS(SCTP_SEND_SEC); /* needed ? */ 1442 m->sctp_timeoutticks[SCTP_TIMER_INIT] = SEC_TO_TICKS(SCTP_INIT_SEC); /* needed ? */ 1443 m->sctp_timeoutticks[SCTP_TIMER_RECV] = MSEC_TO_TICKS(sctp_delayed_sack_time_default); 1444 m->sctp_timeoutticks[SCTP_TIMER_HEARTBEAT] = sctp_heartbeat_interval_default; /* this is in MSEC */ 1445 m->sctp_timeoutticks[SCTP_TIMER_PMTU] = SEC_TO_TICKS(sctp_pmtu_raise_time_default); 1446 m->sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] = SEC_TO_TICKS(sctp_shutdown_guard_time_default); 1447 m->sctp_timeoutticks[SCTP_TIMER_SIGNATURE] = SEC_TO_TICKS(sctp_secret_lifetime_default); 1448 /* all max/min max are in ms */ 1449 m->sctp_maxrto = sctp_rto_max_default; 1450 m->sctp_minrto = sctp_rto_min_default; 1451 m->initial_rto = sctp_rto_initial_default; 1452 m->initial_init_rto_max = sctp_init_rto_max_default; 1453 1454 m->max_open_streams_intome = MAX_SCTP_STREAMS; 1455 1456 m->max_init_times = sctp_init_rtx_max_default; 1457 m->max_send_times = sctp_assoc_rtx_max_default; 1458 m->def_net_failure = sctp_path_rtx_max_default; 1459 m->sctp_sws_sender = SCTP_SWS_SENDER_DEF; 1460 m->sctp_sws_receiver = SCTP_SWS_RECEIVER_DEF; 1461 m->max_burst = sctp_max_burst_default; 1462 /* number of streams to pre-open on a association */ 1463 m->pre_open_stream_count = sctp_nr_outgoing_streams_default; 1464 1465 /* Add adaption cookie */ 1466 m->adaption_layer_indicator = 0x504C5253; 1467 1468 /* seed random number generator */ 1469 m->random_counter = 1; 1470 m->store_at = SCTP_SIGNATURE_SIZE; 1471 #if NRND > 0 1472 rnd_extract_data(m->random_numbers, sizeof(m->random_numbers), 1473 RND_EXTRACT_ANY); 1474 #else 1475 { 1476 u_int32_t *ranm, *ranp; 1477 ranp = (u_int32_t *)&m->random_numbers; 1478 ranm = ranp + (SCTP_SIGNATURE_ALOC_SIZE/sizeof(u_int32_t)); 1479 if ((u_long)ranp % 4) { 1480 /* not a even boundary? */ 1481 ranp = (u_int32_t *)SCTP_SIZE32((u_long)ranp); 1482 } 1483 while (ranp < ranm) { 1484 *ranp = random(); 1485 ranp++; 1486 } 1487 } 1488 #endif 1489 sctp_fill_random_store(m); 1490 1491 /* Minimum cookie size */ 1492 m->size_of_a_cookie = (sizeof(struct sctp_init_msg) * 2) + 1493 sizeof(struct sctp_state_cookie); 1494 m->size_of_a_cookie += SCTP_SIGNATURE_SIZE; 1495 1496 /* Setup the initial secret */ 1497 SCTP_GETTIME_TIMEVAL(&time); 1498 m->time_of_secret_change = time.tv_sec; 1499 1500 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) { 1501 m->secret_key[0][i] = sctp_select_initial_TSN(m); 1502 } 1503 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL); 1504 1505 /* How long is a cookie good for ? */ 1506 m->def_cookie_life = sctp_valid_cookie_life_default; 1507 SCTP_INP_WUNLOCK(inp); 1508 return (error); 1509 } 1510 1511 1512 void 1513 sctp_move_pcb_and_assoc(struct sctp_inpcb *old_inp, struct sctp_inpcb *new_inp, 1514 struct sctp_tcb *stcb) 1515 { 1516 uint16_t lport, rport; 1517 struct sctppcbhead *head; 1518 struct sctp_laddr *laddr, *oladdr; 1519 1520 SCTP_TCB_UNLOCK(stcb); 1521 SCTP_INP_INFO_WLOCK(); 1522 SCTP_INP_WLOCK(old_inp); 1523 SCTP_INP_WLOCK(new_inp); 1524 SCTP_TCB_LOCK(stcb); 1525 1526 new_inp->sctp_ep.time_of_secret_change = 1527 old_inp->sctp_ep.time_of_secret_change; 1528 memcpy(new_inp->sctp_ep.secret_key, old_inp->sctp_ep.secret_key, 1529 sizeof(old_inp->sctp_ep.secret_key)); 1530 new_inp->sctp_ep.current_secret_number = 1531 old_inp->sctp_ep.current_secret_number; 1532 new_inp->sctp_ep.last_secret_number = 1533 old_inp->sctp_ep.last_secret_number; 1534 new_inp->sctp_ep.size_of_a_cookie = old_inp->sctp_ep.size_of_a_cookie; 1535 1536 /* Copy the port across */ 1537 lport = new_inp->sctp_lport = old_inp->sctp_lport; 1538 rport = stcb->rport; 1539 /* Pull the tcb from the old association */ 1540 LIST_REMOVE(stcb, sctp_tcbhash); 1541 LIST_REMOVE(stcb, sctp_tcblist); 1542 1543 /* Now insert the new_inp into the TCP connected hash */ 1544 head = &sctppcbinfo.sctp_tcpephash[SCTP_PCBHASH_ALLADDR((lport + rport), 1545 sctppcbinfo.hashtcpmark)]; 1546 1547 LIST_INSERT_HEAD(head, new_inp, sctp_hash); 1548 1549 /* Now move the tcb into the endpoint list */ 1550 LIST_INSERT_HEAD(&new_inp->sctp_asoc_list, stcb, sctp_tcblist); 1551 /* 1552 * Question, do we even need to worry about the ep-hash since 1553 * we only have one connection? Probably not :> so lets 1554 * get rid of it and not suck up any kernel memory in that. 1555 */ 1556 SCTP_INP_INFO_WUNLOCK(); 1557 stcb->sctp_socket = new_inp->sctp_socket; 1558 stcb->sctp_ep = new_inp; 1559 if (new_inp->sctp_tcbhash != NULL) { 1560 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_hash, 1561 new_inp->sctp_tcbhash); 1562 new_inp->sctp_tcbhash = NULL; 1563 } 1564 if ((new_inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) { 1565 /* Subset bound, so copy in the laddr list from the old_inp */ 1566 LIST_FOREACH(oladdr, &old_inp->sctp_addr_list, sctp_nxt_addr) { 1567 laddr = (struct sctp_laddr *)SCTP_ZONE_GET( 1568 sctppcbinfo.ipi_zone_laddr); 1569 if (laddr == NULL) { 1570 /* 1571 * Gak, what can we do? This assoc is really 1572 * HOSED. We probably should send an abort 1573 * here. 1574 */ 1575 #ifdef SCTP_DEBUG 1576 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 1577 printf("Association hosed in TCP model, out of laddr memory\n"); 1578 } 1579 #endif /* SCTP_DEBUG */ 1580 continue; 1581 } 1582 sctppcbinfo.ipi_count_laddr++; 1583 sctppcbinfo.ipi_gencnt_laddr++; 1584 memset(laddr, 0, sizeof(*laddr)); 1585 laddr->ifa = oladdr->ifa; 1586 LIST_INSERT_HEAD(&new_inp->sctp_addr_list, laddr, 1587 sctp_nxt_addr); 1588 new_inp->laddr_count++; 1589 } 1590 } 1591 SCTP_INP_WUNLOCK(new_inp); 1592 SCTP_INP_WUNLOCK(old_inp); 1593 } 1594 1595 static int 1596 sctp_isport_inuse(struct sctp_inpcb *inp, uint16_t lport) 1597 { 1598 struct sctppcbhead *head; 1599 struct sctp_inpcb *t_inp; 1600 1601 head = &sctppcbinfo.sctp_ephash[SCTP_PCBHASH_ALLADDR(lport, 1602 sctppcbinfo.hashmark)]; 1603 LIST_FOREACH(t_inp, head, sctp_hash) { 1604 if (t_inp->sctp_lport != lport) { 1605 continue; 1606 } 1607 /* This one is in use. */ 1608 /* check the v6/v4 binding issue */ 1609 if ((t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 1610 (((struct in6pcb *)t_inp)->in6p_flags & IN6P_IPV6_V6ONLY)) { 1611 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 1612 /* collision in V6 space */ 1613 return (1); 1614 } else { 1615 /* inp is BOUND_V4 no conflict */ 1616 continue; 1617 } 1618 } else if (t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 1619 /* t_inp is bound v4 and v6, conflict always */ 1620 return (1); 1621 } else { 1622 /* t_inp is bound only V4 */ 1623 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 1624 (((struct in6pcb *)inp)->in6p_flags & IN6P_IPV6_V6ONLY) 1625 ) { 1626 /* no conflict */ 1627 continue; 1628 } 1629 /* else fall through to conflict */ 1630 } 1631 return (1); 1632 } 1633 return (0); 1634 } 1635 1636 int 1637 sctp_inpcb_bind(struct socket *so, struct sockaddr *addr, struct lwp *l) 1638 { 1639 /* bind a ep to a socket address */ 1640 struct sctppcbhead *head; 1641 struct sctp_inpcb *inp, *inp_tmp; 1642 int bindall; 1643 uint16_t lport; 1644 int error; 1645 1646 lport = 0; 1647 error = 0; 1648 bindall = 1; 1649 inp = (struct sctp_inpcb *)so->so_pcb; 1650 #ifdef SCTP_DEBUG 1651 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 1652 if (addr) { 1653 printf("Bind called port:%d\n", 1654 ntohs(((struct sockaddr_in *)addr)->sin_port)); 1655 printf("Addr :"); 1656 sctp_print_address(addr); 1657 } 1658 } 1659 #endif /* SCTP_DEBUG */ 1660 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) == 0) { 1661 /* already did a bind, subsequent binds NOT allowed ! */ 1662 return (EINVAL); 1663 } 1664 1665 if (addr != NULL) { 1666 if (addr->sa_family == AF_INET) { 1667 struct sockaddr_in *sin; 1668 1669 /* IPV6_V6ONLY socket? */ 1670 if (((struct in6pcb *)inp)->in6p_flags & IN6P_IPV6_V6ONLY) { 1671 return (EINVAL); 1672 } 1673 1674 if (addr->sa_len != sizeof(*sin)) 1675 return (EINVAL); 1676 1677 sin = (struct sockaddr_in *)addr; 1678 lport = sin->sin_port; 1679 1680 if (sin->sin_addr.s_addr != INADDR_ANY) { 1681 bindall = 0; 1682 } 1683 #ifdef IPSEC 1684 inp->ip_inp.inp.inp_af = AF_INET; 1685 #endif 1686 } else if (addr->sa_family == AF_INET6) { 1687 /* Only for pure IPv6 Address. (No IPv4 Mapped!) */ 1688 struct sockaddr_in6 *sin6; 1689 1690 sin6 = (struct sockaddr_in6 *)addr; 1691 1692 if (addr->sa_len != sizeof(*sin6)) 1693 return (EINVAL); 1694 1695 lport = sin6->sin6_port; 1696 if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1697 bindall = 0; 1698 /* KAME hack: embed scopeid */ 1699 error = sa6_embedscope(sin6, ip6_use_defzone); 1700 if (error != 0) 1701 return (error); 1702 } 1703 #ifndef SCOPEDROUTING 1704 /* this must be cleared for ifa_ifwithaddr() */ 1705 sin6->sin6_scope_id = 0; 1706 #endif /* SCOPEDROUTING */ 1707 #ifdef IPSEC 1708 inp->ip_inp.inp.inp_af = AF_INET6; 1709 #endif 1710 } else { 1711 return (EAFNOSUPPORT); 1712 } 1713 #ifdef IPSEC 1714 if (ipsec_enabled) { 1715 inp->ip_inp.inp.inp_socket = so; 1716 error = ipsec_init_pcbpolicy(so, &inp->ip_inp.inp.inp_sp); 1717 if (error != 0) 1718 return (error); 1719 inp->ip_inp.inp.inp_sp->sp_inph = (struct inpcb_hdr *)inp; 1720 } 1721 #endif 1722 } 1723 SCTP_INP_INFO_WLOCK(); 1724 #ifdef SCTP_DEBUG 1725 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 1726 printf("sctp_inpcb_bind: after SCTP_INP_INFO_WLOCK\n"); 1727 } 1728 #endif /* SCTP_DEBUG */ 1729 SCTP_INP_WLOCK(inp); 1730 /* increase our count due to the unlock we do */ 1731 SCTP_INP_INCR_REF(inp); 1732 if (lport) { 1733 enum kauth_network_req req; 1734 /* 1735 * Did the caller specify a port? if so we must see if a 1736 * ep already has this one bound. 1737 */ 1738 if (ntohs(lport) < IPPORT_RESERVED) 1739 req = KAUTH_REQ_NETWORK_BIND_PRIVPORT; 1740 else 1741 req = KAUTH_REQ_NETWORK_BIND_PORT; 1742 1743 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_BIND, 1744 req, so, addr, NULL); 1745 if (error) { 1746 SCTP_INP_DECR_REF(inp); 1747 SCTP_INP_WUNLOCK(inp); 1748 SCTP_INP_INFO_WUNLOCK(); 1749 return (EACCES); 1750 } 1751 SCTP_INP_WUNLOCK(inp); 1752 inp_tmp = sctp_pcb_findep(addr, 0, 1); 1753 if (inp_tmp != NULL) { 1754 /* lock guy returned and lower count 1755 * note that we are not bound so inp_tmp 1756 * should NEVER be inp. And it is this 1757 * inp (inp_tmp) that gets the reference 1758 * bump, so we must lower it. 1759 */ 1760 SCTP_INP_WLOCK(inp_tmp); 1761 SCTP_INP_DECR_REF(inp_tmp); 1762 SCTP_INP_WUNLOCK(inp_tmp); 1763 1764 /* unlock info */ 1765 SCTP_INP_INFO_WUNLOCK(); 1766 return (EADDRNOTAVAIL); 1767 } 1768 SCTP_INP_WLOCK(inp); 1769 if (bindall) { 1770 /* verify that no lport is not used by a singleton */ 1771 if (sctp_isport_inuse(inp, lport)) { 1772 /* Sorry someone already has this one bound */ 1773 SCTP_INP_DECR_REF(inp); 1774 SCTP_INP_WUNLOCK(inp); 1775 SCTP_INP_INFO_WUNLOCK(); 1776 return (EADDRNOTAVAIL); 1777 } 1778 } 1779 } else { 1780 /* 1781 * get any port but lets make sure no one has any address 1782 * with this port bound 1783 */ 1784 1785 /* 1786 * setup the inp to the top (I could use the union but this 1787 * is just as easy 1788 */ 1789 uint32_t port_guess; 1790 uint16_t port_attempt; 1791 int not_done=1; 1792 1793 while (not_done) { 1794 port_guess = sctp_select_initial_TSN(&inp->sctp_ep); 1795 port_attempt = (port_guess & 0x0000ffff); 1796 if (port_attempt == 0) { 1797 goto next_half; 1798 } 1799 if (port_attempt < IPPORT_RESERVED) { 1800 port_attempt += IPPORT_RESERVED; 1801 } 1802 1803 if (sctp_isport_inuse(inp, htons(port_attempt)) == 0) { 1804 /* got a port we can use */ 1805 not_done = 0; 1806 continue; 1807 } 1808 /* try upper half */ 1809 next_half: 1810 port_attempt = ((port_guess >> 16) & 0x0000ffff); 1811 if (port_attempt == 0) { 1812 goto last_try; 1813 } 1814 if (port_attempt < IPPORT_RESERVED) { 1815 port_attempt += IPPORT_RESERVED; 1816 } 1817 if (sctp_isport_inuse(inp, htons(port_attempt)) == 0) { 1818 /* got a port we can use */ 1819 not_done = 0; 1820 continue; 1821 } 1822 /* try two half's added together */ 1823 last_try: 1824 port_attempt = (((port_guess >> 16) & 0x0000ffff) + (port_guess & 0x0000ffff)); 1825 if (port_attempt == 0) { 1826 /* get a new random number */ 1827 continue; 1828 } 1829 if (port_attempt < IPPORT_RESERVED) { 1830 port_attempt += IPPORT_RESERVED; 1831 } 1832 if (sctp_isport_inuse(inp, htons(port_attempt)) == 0) { 1833 /* got a port we can use */ 1834 not_done = 0; 1835 continue; 1836 } 1837 } 1838 /* we don't get out of the loop until we have a port */ 1839 lport = htons(port_attempt); 1840 } 1841 SCTP_INP_DECR_REF(inp); 1842 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 1843 /* this really should not happen. The guy 1844 * did a non-blocking bind and then did a close 1845 * at the same time. 1846 */ 1847 SCTP_INP_WUNLOCK(inp); 1848 SCTP_INP_INFO_WUNLOCK(); 1849 return (EINVAL); 1850 } 1851 /* ok we look clear to give out this port, so lets setup the binding */ 1852 if (bindall) { 1853 /* binding to all addresses, so just set in the proper flags */ 1854 inp->sctp_flags |= (SCTP_PCB_FLAGS_BOUNDALL | 1855 SCTP_PCB_FLAGS_DO_ASCONF); 1856 /* set the automatic addr changes from kernel flag */ 1857 if (sctp_auto_asconf == 0) { 1858 inp->sctp_flags &= ~SCTP_PCB_FLAGS_AUTO_ASCONF; 1859 } else { 1860 inp->sctp_flags |= SCTP_PCB_FLAGS_AUTO_ASCONF; 1861 } 1862 } else { 1863 /* 1864 * bind specific, make sure flags is off and add a new address 1865 * structure to the sctp_addr_list inside the ep structure. 1866 * 1867 * We will need to allocate one and insert it at the head. 1868 * The socketopt call can just insert new addresses in there 1869 * as well. It will also have to do the embed scope kame hack 1870 * too (before adding). 1871 */ 1872 struct ifaddr *ifa; 1873 struct sockaddr_storage store_sa; 1874 1875 memset(&store_sa, 0, sizeof(store_sa)); 1876 if (addr->sa_family == AF_INET) { 1877 struct sockaddr_in *sin; 1878 1879 sin = (struct sockaddr_in *)&store_sa; 1880 memcpy(sin, addr, sizeof(struct sockaddr_in)); 1881 sin->sin_port = 0; 1882 } else if (addr->sa_family == AF_INET6) { 1883 struct sockaddr_in6 *sin6; 1884 1885 sin6 = (struct sockaddr_in6 *)&store_sa; 1886 memcpy(sin6, addr, sizeof(struct sockaddr_in6)); 1887 sin6->sin6_port = 0; 1888 } 1889 /* 1890 * first find the interface with the bound address 1891 * need to zero out the port to find the address! yuck! 1892 * can't do this earlier since need port for sctp_pcb_findep() 1893 */ 1894 ifa = sctp_find_ifa_by_addr((struct sockaddr *)&store_sa); 1895 if (ifa == NULL) { 1896 /* Can't find an interface with that address */ 1897 SCTP_INP_WUNLOCK(inp); 1898 SCTP_INP_INFO_WUNLOCK(); 1899 return (EADDRNOTAVAIL); 1900 } 1901 if (addr->sa_family == AF_INET6) { 1902 struct in6_ifaddr *ifa6; 1903 ifa6 = (struct in6_ifaddr *)ifa; 1904 /* 1905 * allow binding of deprecated addresses as per 1906 * RFC 2462 and ipng discussion 1907 */ 1908 if (ifa6->ia6_flags & (IN6_IFF_DETACHED | 1909 IN6_IFF_ANYCAST | 1910 IN6_IFF_NOTREADY)) { 1911 /* Can't bind a non-existent addr. */ 1912 SCTP_INP_WUNLOCK(inp); 1913 SCTP_INP_INFO_WUNLOCK(); 1914 return (EINVAL); 1915 } 1916 } 1917 /* we're not bound all */ 1918 inp->sctp_flags &= ~SCTP_PCB_FLAGS_BOUNDALL; 1919 #if 0 /* use sysctl now */ 1920 /* don't allow automatic addr changes from kernel */ 1921 inp->sctp_flags &= ~SCTP_PCB_FLAGS_AUTO_ASCONF; 1922 #endif 1923 /* set the automatic addr changes from kernel flag */ 1924 if (sctp_auto_asconf == 0) { 1925 inp->sctp_flags &= ~SCTP_PCB_FLAGS_AUTO_ASCONF; 1926 } else { 1927 inp->sctp_flags |= SCTP_PCB_FLAGS_AUTO_ASCONF; 1928 } 1929 /* allow bindx() to send ASCONF's for binding changes */ 1930 inp->sctp_flags |= SCTP_PCB_FLAGS_DO_ASCONF; 1931 /* add this address to the endpoint list */ 1932 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa); 1933 if (error != 0) { 1934 SCTP_INP_WUNLOCK(inp); 1935 SCTP_INP_INFO_WUNLOCK(); 1936 return (error); 1937 } 1938 inp->laddr_count++; 1939 } 1940 /* find the bucket */ 1941 head = &sctppcbinfo.sctp_ephash[SCTP_PCBHASH_ALLADDR(lport, 1942 sctppcbinfo.hashmark)]; 1943 /* put it in the bucket */ 1944 LIST_INSERT_HEAD(head, inp, sctp_hash); 1945 #ifdef SCTP_DEBUG 1946 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 1947 printf("Main hash to bind at head:%p, bound port:%d\n", head, ntohs(lport)); 1948 } 1949 #endif 1950 /* set in the port */ 1951 inp->sctp_lport = lport; 1952 1953 /* turn off just the unbound flag */ 1954 inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND; 1955 SCTP_INP_WUNLOCK(inp); 1956 SCTP_INP_INFO_WUNLOCK(); 1957 return (0); 1958 } 1959 1960 1961 static void 1962 sctp_iterator_inp_being_freed(struct sctp_inpcb *inp, struct sctp_inpcb *inp_next) 1963 { 1964 struct sctp_iterator *it; 1965 /* We enter with the only the ITERATOR_LOCK in place and 1966 * A write lock on the inp_info stuff. 1967 */ 1968 1969 /* Go through all iterators, we must do this since 1970 * it is possible that some iterator does NOT have 1971 * the lock, but is waiting for it. And the one that 1972 * had the lock has either moved in the last iteration 1973 * or we just cleared it above. We need to find all 1974 * of those guys. The list of iterators should never 1975 * be very big though. 1976 */ 1977 LIST_FOREACH(it, &sctppcbinfo.iteratorhead, sctp_nxt_itr) { 1978 if (it == inp->inp_starting_point_for_iterator) 1979 /* skip this guy, he's special */ 1980 continue; 1981 if (it->inp == inp) { 1982 /* This is tricky and we DON'T lock the iterator. 1983 * Reason is he's running but waiting for me since 1984 * inp->inp_starting_point_for_iterator has the lock 1985 * on me (the guy above we skipped). This tells us 1986 * its is not running but waiting for inp->inp_starting_point_for_iterator 1987 * to be released by the guy that does have our INP in a lock. 1988 */ 1989 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 1990 it->inp = NULL; 1991 it->stcb = NULL; 1992 } else { 1993 /* set him up to do the next guy not me */ 1994 it->inp = inp_next; 1995 it->stcb = NULL; 1996 } 1997 } 1998 } 1999 it = inp->inp_starting_point_for_iterator; 2000 if (it) { 2001 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 2002 it->inp = NULL; 2003 } else { 2004 it->inp = inp_next; 2005 } 2006 it->stcb = NULL; 2007 } 2008 } 2009 2010 /* release sctp_inpcb unbind the port */ 2011 void 2012 sctp_inpcb_free(struct sctp_inpcb *inp, int immediate) 2013 { 2014 /* 2015 * Here we free a endpoint. We must find it (if it is in the Hash 2016 * table) and remove it from there. Then we must also find it in 2017 * the overall list and remove it from there. After all removals are 2018 * complete then any timer has to be stopped. Then start the actual 2019 * freeing. 2020 * a) Any local lists. 2021 * b) Any associations. 2022 * c) The hash of all associations. 2023 * d) finally the ep itself. 2024 */ 2025 struct sctp_inpcb *inp_save; 2026 struct sctp_tcb *asoc, *nasoc; 2027 struct sctp_laddr *laddr, *nladdr; 2028 struct inpcb *ip_pcb; 2029 struct socket *so; 2030 struct sctp_socket_q_list *sq; 2031 int s, cnt; 2032 struct rtentry *rt; 2033 2034 s = splsoftnet(); 2035 SCTP_ASOC_CREATE_LOCK(inp); 2036 SCTP_INP_WLOCK(inp); 2037 2038 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 2039 /* been here before */ 2040 splx(s); 2041 printf("Endpoint was all gone (dup free)?\n"); 2042 SCTP_INP_WUNLOCK(inp); 2043 SCTP_ASOC_CREATE_UNLOCK(inp); 2044 return; 2045 } 2046 sctp_timer_stop(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL); 2047 2048 if (inp->control) { 2049 sctp_m_freem(inp->control); 2050 inp->control = NULL; 2051 } 2052 if (inp->pkt) { 2053 sctp_m_freem(inp->pkt); 2054 inp->pkt = NULL; 2055 } 2056 so = inp->sctp_socket; 2057 ip_pcb = &inp->ip_inp.inp; /* we could just cast the main 2058 * pointer here but I will 2059 * be nice :> (i.e. ip_pcb = ep;) 2060 */ 2061 2062 if (immediate == 0) { 2063 int cnt_in_sd; 2064 cnt_in_sd = 0; 2065 for ((asoc = LIST_FIRST(&inp->sctp_asoc_list)); asoc != NULL; 2066 asoc = nasoc) { 2067 nasoc = LIST_NEXT(asoc, sctp_tcblist); 2068 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_WAIT) || 2069 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_ECHOED)) { 2070 /* Just abandon things in the front states */ 2071 SCTP_TCB_LOCK(asoc); 2072 SCTP_INP_WUNLOCK(inp); 2073 sctp_free_assoc(inp, asoc); 2074 SCTP_INP_WLOCK(inp); 2075 continue; 2076 } else { 2077 asoc->asoc.state |= SCTP_STATE_CLOSED_SOCKET; 2078 } 2079 if ((asoc->asoc.size_on_delivery_queue > 0) || 2080 (asoc->asoc.size_on_reasm_queue > 0) || 2081 (asoc->asoc.size_on_all_streams > 0) || 2082 (so && (so->so_rcv.sb_cc > 0)) 2083 ) { 2084 /* Left with Data unread */ 2085 struct mbuf *op_err; 2086 MGET(op_err, M_DONTWAIT, MT_DATA); 2087 if (op_err) { 2088 /* Fill in the user initiated abort */ 2089 struct sctp_paramhdr *ph; 2090 op_err->m_len = 2091 sizeof(struct sctp_paramhdr); 2092 ph = mtod(op_err, 2093 struct sctp_paramhdr *); 2094 ph->param_type = htons( 2095 SCTP_CAUSE_USER_INITIATED_ABT); 2096 ph->param_length = htons(op_err->m_len); 2097 } 2098 SCTP_TCB_LOCK(asoc); 2099 sctp_send_abort_tcb(asoc, op_err); 2100 2101 SCTP_INP_WUNLOCK(inp); 2102 sctp_free_assoc(inp, asoc); 2103 SCTP_INP_WLOCK(inp); 2104 continue; 2105 } else if (TAILQ_EMPTY(&asoc->asoc.send_queue) && 2106 TAILQ_EMPTY(&asoc->asoc.sent_queue)) { 2107 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_SENT) && 2108 (SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 2109 /* there is nothing queued to send, so I send shutdown */ 2110 SCTP_TCB_LOCK(asoc); 2111 sctp_send_shutdown(asoc, asoc->asoc.primary_destination); 2112 asoc->asoc.state = SCTP_STATE_SHUTDOWN_SENT; 2113 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, asoc->sctp_ep, asoc, 2114 asoc->asoc.primary_destination); 2115 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc, 2116 asoc->asoc.primary_destination); 2117 sctp_chunk_output(inp, asoc, 1); 2118 SCTP_TCB_UNLOCK(asoc); 2119 } 2120 } else { 2121 /* mark into shutdown pending */ 2122 asoc->asoc.state |= SCTP_STATE_SHUTDOWN_PENDING; 2123 } 2124 cnt_in_sd++; 2125 } 2126 /* now is there some left in our SHUTDOWN state? */ 2127 if (cnt_in_sd) { 2128 inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_GONE; 2129 splx(s); 2130 SCTP_INP_WUNLOCK(inp); 2131 SCTP_ASOC_CREATE_UNLOCK(inp); 2132 return; 2133 } 2134 } 2135 #if defined(__FreeBSD__) && __FreeBSD_version >= 503000 2136 if (inp->refcount) { 2137 sctp_timer_start(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL); 2138 SCTP_INP_WUNLOCK(inp); 2139 SCTP_ASOC_CREATE_UNLOCK(inp); 2140 return; 2141 } 2142 #endif 2143 inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_ALLGONE; 2144 2145 /* XXX */ 2146 rt = rtcache_validate(&ip_pcb->inp_route); 2147 rtcache_unref(rt, &ip_pcb->inp_route); 2148 2149 callout_stop(&inp->sctp_ep.signature_change.timer); 2150 callout_destroy(&inp->sctp_ep.signature_change.timer); 2151 2152 if (so) { 2153 /* First take care of socket level things */ 2154 #ifdef IPSEC 2155 if (ipsec_enabled) 2156 ipsec_delete_pcbpolicy(ip_pcb); 2157 #endif /*IPSEC*/ 2158 so->so_pcb = 0; 2159 } 2160 2161 if (ip_pcb->inp_options) { 2162 (void)m_free(ip_pcb->inp_options); 2163 ip_pcb->inp_options = 0; 2164 } 2165 rtcache_free(&ip_pcb->inp_route); 2166 if (ip_pcb->inp_moptions) { 2167 ip_freemoptions(ip_pcb->inp_moptions); 2168 ip_pcb->inp_moptions = 0; 2169 } 2170 inp->inp_vflag = 0; 2171 2172 /* Now the sctp_pcb things */ 2173 /* 2174 * free each asoc if it is not already closed/free. we can't use 2175 * the macro here since le_next will get freed as part of the 2176 * sctp_free_assoc() call. 2177 */ 2178 cnt = 0; 2179 for ((asoc = LIST_FIRST(&inp->sctp_asoc_list)); asoc != NULL; 2180 asoc = nasoc) { 2181 nasoc = LIST_NEXT(asoc, sctp_tcblist); 2182 SCTP_TCB_LOCK(asoc); 2183 if (SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_COOKIE_WAIT) { 2184 struct mbuf *op_err; 2185 MGET(op_err, M_DONTWAIT, MT_DATA); 2186 if (op_err) { 2187 /* Fill in the user initiated abort */ 2188 struct sctp_paramhdr *ph; 2189 op_err->m_len = sizeof(struct sctp_paramhdr); 2190 ph = mtod(op_err, struct sctp_paramhdr *); 2191 ph->param_type = htons( 2192 SCTP_CAUSE_USER_INITIATED_ABT); 2193 ph->param_length = htons(op_err->m_len); 2194 } 2195 sctp_send_abort_tcb(asoc, op_err); 2196 } 2197 cnt++; 2198 /* 2199 * sctp_free_assoc() will call sctp_inpcb_free(), 2200 * if SCTP_PCB_FLAGS_SOCKET_GONE set. 2201 * So, we clear it before sctp_free_assoc() making sure 2202 * no double sctp_inpcb_free(). 2203 */ 2204 inp->sctp_flags &= ~SCTP_PCB_FLAGS_SOCKET_GONE; 2205 SCTP_INP_WUNLOCK(inp); 2206 sctp_free_assoc(inp, asoc); 2207 SCTP_INP_WLOCK(inp); 2208 } 2209 while ((sq = TAILQ_FIRST(&inp->sctp_queue_list)) != NULL) { 2210 TAILQ_REMOVE(&inp->sctp_queue_list, sq, next_sq); 2211 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_sockq, sq); 2212 sctppcbinfo.ipi_count_sockq--; 2213 sctppcbinfo.ipi_gencnt_sockq++; 2214 } 2215 inp->sctp_socket = 0; 2216 /* Now first we remove ourselves from the overall list of all EP's */ 2217 2218 /* Unlock inp first, need correct order */ 2219 SCTP_INP_WUNLOCK(inp); 2220 /* now iterator lock */ 2221 SCTP_ITERATOR_LOCK(); 2222 /* now info lock */ 2223 SCTP_INP_INFO_WLOCK(); 2224 /* now reget the inp lock */ 2225 SCTP_INP_WLOCK(inp); 2226 2227 inp_save = LIST_NEXT(inp, sctp_list); 2228 LIST_REMOVE(inp, sctp_list); 2229 /* 2230 * Now the question comes as to if this EP was ever bound at all. 2231 * If it was, then we must pull it out of the EP hash list. 2232 */ 2233 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) != 2234 SCTP_PCB_FLAGS_UNBOUND) { 2235 /* 2236 * ok, this guy has been bound. It's port is somewhere 2237 * in the sctppcbinfo hash table. Remove it! 2238 */ 2239 LIST_REMOVE(inp, sctp_hash); 2240 } 2241 /* fix any iterators only after out of the list */ 2242 sctp_iterator_inp_being_freed(inp, inp_save); 2243 SCTP_ITERATOR_UNLOCK(); 2244 /* 2245 * if we have an address list the following will free the list of 2246 * ifaddr's that are set into this ep. Again macro limitations here, 2247 * since the LIST_FOREACH could be a bad idea. 2248 */ 2249 for ((laddr = LIST_FIRST(&inp->sctp_addr_list)); laddr != NULL; 2250 laddr = nladdr) { 2251 nladdr = LIST_NEXT(laddr, sctp_nxt_addr); 2252 LIST_REMOVE(laddr, sctp_nxt_addr); 2253 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_laddr, laddr); 2254 sctppcbinfo.ipi_gencnt_laddr++; 2255 sctppcbinfo.ipi_count_laddr--; 2256 } 2257 2258 /* Now lets see about freeing the EP hash table. */ 2259 if (inp->sctp_tcbhash != NULL) { 2260 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_hash, inp->sctp_tcbhash); 2261 inp->sctp_tcbhash = NULL; 2262 } 2263 SCTP_INP_WUNLOCK(inp); 2264 SCTP_ASOC_CREATE_UNLOCK(inp); 2265 SCTP_INP_LOCK_DESTROY(inp); 2266 SCTP_ASOC_CREATE_LOCK_DESTROY(inp); 2267 2268 /* Now we must put the ep memory back into the zone pool */ 2269 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp); 2270 sctppcbinfo.ipi_count_ep--; 2271 2272 SCTP_INP_INFO_WUNLOCK(); 2273 splx(s); 2274 2275 sofree(so); 2276 mutex_enter(softnet_lock); 2277 } 2278 2279 2280 struct sctp_nets * 2281 sctp_findnet(struct sctp_tcb *stcb, struct sockaddr *addr) 2282 { 2283 struct sctp_nets *net; 2284 2285 /* use the peer's/remote port for lookup if unspecified */ 2286 #if 0 /* why do we need to check the port for a nets list on an assoc? */ 2287 if (stcb->rport != sin->sin_port) { 2288 /* we cheat and just a sin for this test */ 2289 return (NULL); 2290 } 2291 #endif 2292 /* locate the address */ 2293 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 2294 if (sctp_cmpaddr(addr, rtcache_getdst(&net->ro))) 2295 return (net); 2296 } 2297 return (NULL); 2298 } 2299 2300 2301 /* 2302 * add's a remote endpoint address, done with the INIT/INIT-ACK 2303 * as well as when a ASCONF arrives that adds it. It will also 2304 * initialize all the cwnd stats of stuff. 2305 */ 2306 int 2307 sctp_is_address_on_local_host(struct sockaddr *addr) 2308 { 2309 struct ifnet *ifn; 2310 struct ifaddr *ifa; 2311 int s; 2312 2313 s = pserialize_read_enter(); 2314 IFNET_READER_FOREACH(ifn) { 2315 IFADDR_READER_FOREACH(ifa, ifn) { 2316 if (addr->sa_family == ifa->ifa_addr->sa_family) { 2317 /* same family */ 2318 if (addr->sa_family == AF_INET) { 2319 struct sockaddr_in *sin, *sin_c; 2320 sin = (struct sockaddr_in *)addr; 2321 sin_c = (struct sockaddr_in *) 2322 ifa->ifa_addr; 2323 if (sin->sin_addr.s_addr == 2324 sin_c->sin_addr.s_addr) { 2325 /* we are on the same machine */ 2326 pserialize_read_exit(s); 2327 return (1); 2328 } 2329 } else if (addr->sa_family == AF_INET6) { 2330 struct sockaddr_in6 *sin6, *sin_c6; 2331 sin6 = (struct sockaddr_in6 *)addr; 2332 sin_c6 = (struct sockaddr_in6 *) 2333 ifa->ifa_addr; 2334 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr, 2335 &sin_c6->sin6_addr)) { 2336 /* we are on the same machine */ 2337 pserialize_read_exit(s); 2338 return (1); 2339 } 2340 } 2341 } 2342 } 2343 } 2344 pserialize_read_exit(s); 2345 2346 return (0); 2347 } 2348 2349 int 2350 sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr, 2351 int set_scope, int from) 2352 { 2353 /* 2354 * The following is redundant to the same lines in the 2355 * sctp_aloc_assoc() but is needed since other's call the add 2356 * address function 2357 */ 2358 struct sctp_nets *net, *netfirst; 2359 struct rtentry *rt, *netfirst_rt; 2360 int addr_inscope; 2361 2362 #ifdef SCTP_DEBUG 2363 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 2364 printf("Adding an address (from:%d) to the peer: ", from); 2365 sctp_print_address(newaddr); 2366 } 2367 #endif 2368 netfirst = sctp_findnet(stcb, newaddr); 2369 if (netfirst) { 2370 /* 2371 * Lie and return ok, we don't want to make the association 2372 * go away for this behavior. It will happen in the TCP model 2373 * in a connected socket. It does not reach the hash table 2374 * until after the association is built so it can't be found. 2375 * Mark as reachable, since the initial creation will have 2376 * been cleared and the NOT_IN_ASSOC flag will have been 2377 * added... and we don't want to end up removing it back out. 2378 */ 2379 if (netfirst->dest_state & SCTP_ADDR_UNCONFIRMED) { 2380 netfirst->dest_state = (SCTP_ADDR_REACHABLE| 2381 SCTP_ADDR_UNCONFIRMED); 2382 } else { 2383 netfirst->dest_state = SCTP_ADDR_REACHABLE; 2384 } 2385 2386 return (0); 2387 } 2388 addr_inscope = 1; 2389 if (newaddr->sa_family == AF_INET) { 2390 struct sockaddr_in *sin; 2391 sin = (struct sockaddr_in *)newaddr; 2392 if (sin->sin_addr.s_addr == 0) { 2393 /* Invalid address */ 2394 return (-1); 2395 } 2396 /* zero out the bzero area */ 2397 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); 2398 2399 /* assure len is set */ 2400 sin->sin_len = sizeof(struct sockaddr_in); 2401 if (set_scope) { 2402 #ifdef SCTP_DONT_DO_PRIVADDR_SCOPE 2403 stcb->ipv4_local_scope = 1; 2404 #else 2405 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 2406 stcb->asoc.ipv4_local_scope = 1; 2407 } 2408 #endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */ 2409 2410 if (sctp_is_address_on_local_host(newaddr)) { 2411 stcb->asoc.loopback_scope = 1; 2412 stcb->asoc.ipv4_local_scope = 1; 2413 stcb->asoc.local_scope = 1; 2414 stcb->asoc.site_scope = 1; 2415 } 2416 } else { 2417 if (from == 8) { 2418 /* From connectx */ 2419 if (sctp_is_address_on_local_host(newaddr)) { 2420 stcb->asoc.loopback_scope = 1; 2421 stcb->asoc.ipv4_local_scope = 1; 2422 stcb->asoc.local_scope = 1; 2423 stcb->asoc.site_scope = 1; 2424 } 2425 } 2426 /* Validate the address is in scope */ 2427 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) && 2428 (stcb->asoc.ipv4_local_scope == 0)) { 2429 addr_inscope = 0; 2430 } 2431 } 2432 } else if (newaddr->sa_family == AF_INET6) { 2433 struct sockaddr_in6 *sin6; 2434 sin6 = (struct sockaddr_in6 *)newaddr; 2435 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 2436 /* Invalid address */ 2437 return (-1); 2438 } 2439 /* assure len is set */ 2440 sin6->sin6_len = sizeof(struct sockaddr_in6); 2441 if (set_scope) { 2442 if (sctp_is_address_on_local_host(newaddr)) { 2443 stcb->asoc.loopback_scope = 1; 2444 stcb->asoc.local_scope = 1; 2445 stcb->asoc.ipv4_local_scope = 1; 2446 stcb->asoc.site_scope = 1; 2447 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 2448 /* 2449 * If the new destination is a LINK_LOCAL 2450 * we must have common site scope. Don't set 2451 * the local scope since we may not share all 2452 * links, only loopback can do this. 2453 * Links on the local network would also 2454 * be on our private network for v4 too. 2455 */ 2456 stcb->asoc.ipv4_local_scope = 1; 2457 stcb->asoc.site_scope = 1; 2458 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { 2459 /* 2460 * If the new destination is SITE_LOCAL 2461 * then we must have site scope in common. 2462 */ 2463 stcb->asoc.site_scope = 1; 2464 } 2465 } else { 2466 if (from == 8) { 2467 /* From connectx */ 2468 if (sctp_is_address_on_local_host(newaddr)) { 2469 stcb->asoc.loopback_scope = 1; 2470 stcb->asoc.ipv4_local_scope = 1; 2471 stcb->asoc.local_scope = 1; 2472 stcb->asoc.site_scope = 1; 2473 } 2474 } 2475 /* Validate the address is in scope */ 2476 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) && 2477 (stcb->asoc.loopback_scope == 0)) { 2478 addr_inscope = 0; 2479 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) && 2480 (stcb->asoc.local_scope == 0)) { 2481 addr_inscope = 0; 2482 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr) && 2483 (stcb->asoc.site_scope == 0)) { 2484 addr_inscope = 0; 2485 } 2486 } 2487 } else { 2488 /* not supported family type */ 2489 return (-1); 2490 } 2491 net = (struct sctp_nets *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_net); 2492 if (net == NULL) { 2493 return (-1); 2494 } 2495 sctppcbinfo.ipi_count_raddr++; 2496 sctppcbinfo.ipi_gencnt_raddr++; 2497 memset(net, 0, sizeof(*net)); 2498 if (newaddr->sa_family == AF_INET) { 2499 ((struct sockaddr_in *)newaddr)->sin_port = stcb->rport; 2500 } else if (newaddr->sa_family == AF_INET6) { 2501 ((struct sockaddr_in6 *)newaddr)->sin6_port = stcb->rport; 2502 } 2503 net->addr_is_local = sctp_is_address_on_local_host(newaddr); 2504 net->failure_threshold = stcb->asoc.def_net_failure; 2505 if (addr_inscope == 0) { 2506 #ifdef SCTP_DEBUG 2507 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 2508 printf("Adding an address which is OUT OF SCOPE\n"); 2509 } 2510 #endif /* SCTP_DEBUG */ 2511 net->dest_state = (SCTP_ADDR_REACHABLE | 2512 SCTP_ADDR_OUT_OF_SCOPE); 2513 } else { 2514 if (from == 8) 2515 /* 8 is passed by connect_x */ 2516 net->dest_state = SCTP_ADDR_REACHABLE; 2517 else 2518 net->dest_state = SCTP_ADDR_REACHABLE | 2519 SCTP_ADDR_UNCONFIRMED; 2520 } 2521 net->RTO = stcb->asoc.initial_rto; 2522 stcb->asoc.numnets++; 2523 net->ref_count = 1; 2524 2525 /* Init the timer structure */ 2526 callout_init(&net->rxt_timer.timer, 0); 2527 callout_init(&net->pmtu_timer.timer, 0); 2528 2529 /* Now generate a route for this guy */ 2530 /* KAME hack: embed scope zone ID */ 2531 if (newaddr->sa_family == AF_INET6) { 2532 struct sockaddr_in6 *sin6; 2533 sin6 = (struct sockaddr_in6 *)newaddr; 2534 if (sa6_embedscope(sin6, ip6_use_defzone) != 0) 2535 return (-1); 2536 } 2537 rt = rtcache_lookup(&net->ro, newaddr); 2538 if (rt) { 2539 net->mtu = rt->rt_ifp->if_mtu; 2540 if (from == 1) { 2541 stcb->asoc.smallest_mtu = net->mtu; 2542 } 2543 /* start things off to match mtu of interface please. */ 2544 rt->rt_rmx.rmx_mtu = rt->rt_ifp->if_mtu; 2545 } else { 2546 net->mtu = stcb->asoc.smallest_mtu; 2547 } 2548 #ifdef SCTP_DEBUG 2549 printf("After lookup\n"); 2550 #endif 2551 if (stcb->asoc.smallest_mtu > net->mtu) { 2552 stcb->asoc.smallest_mtu = net->mtu; 2553 } 2554 /* We take the max of the burst limit times a MTU or the INITIAL_CWND. 2555 * We then limit this to 4 MTU's of sending. 2556 */ 2557 net->cwnd = uimin((net->mtu * 4), uimax((stcb->asoc.max_burst * net->mtu), SCTP_INITIAL_CWND)); 2558 2559 /* we always get at LEAST 2 MTU's */ 2560 if (net->cwnd < (2 * net->mtu)) { 2561 net->cwnd = 2 * net->mtu; 2562 } 2563 2564 net->ssthresh = stcb->asoc.peers_rwnd; 2565 2566 net->src_addr_selected = 0; 2567 netfirst = TAILQ_FIRST(&stcb->asoc.nets); 2568 if (rt == NULL) { 2569 /* Since we have no route put it at the back */ 2570 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next); 2571 } else if (netfirst == NULL) { 2572 /* We are the first one in the pool. */ 2573 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next); 2574 } else if ((netfirst_rt = rtcache_validate(&netfirst->ro)) == NULL) { 2575 /* 2576 * First one has NO route. Place this one ahead of the 2577 * first one. 2578 */ 2579 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next); 2580 } else if (rt->rt_ifp != netfirst_rt->rt_ifp) { 2581 rtcache_unref(netfirst_rt, &netfirst->ro); 2582 /* 2583 * This one has a different interface than the one at the 2584 * top of the list. Place it ahead. 2585 */ 2586 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next); 2587 } else { 2588 /* 2589 * Ok we have the same interface as the first one. Move 2590 * forward until we find either 2591 * a) one with a NULL route... insert ahead of that 2592 * b) one with a different ifp.. insert after that. 2593 * c) end of the list.. insert at the tail. 2594 */ 2595 struct sctp_nets *netlook; 2596 struct rtentry *netlook_rt; 2597 do { 2598 netlook = TAILQ_NEXT(netfirst, sctp_next); 2599 if (netlook == NULL) { 2600 /* End of the list */ 2601 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, 2602 sctp_next); 2603 break; 2604 } else if ((netlook_rt = rtcache_validate(&netlook->ro)) == NULL) { 2605 /* next one has NO route */ 2606 TAILQ_INSERT_BEFORE(netfirst, net, sctp_next); 2607 break; 2608 } else if (netlook_rt->rt_ifp != rt->rt_ifp) { 2609 rtcache_unref(netlook_rt, &netlook->ro); 2610 TAILQ_INSERT_AFTER(&stcb->asoc.nets, netlook, 2611 net, sctp_next); 2612 break; 2613 } 2614 rtcache_unref(netlook_rt, &netlook->ro); 2615 /* Shift forward */ 2616 netfirst = netlook; 2617 } while (netlook != NULL); 2618 rtcache_unref(netfirst_rt, &netfirst->ro); 2619 } 2620 /* got to have a primary set */ 2621 if (stcb->asoc.primary_destination == 0) { 2622 stcb->asoc.primary_destination = net; 2623 } else if (!rtcache_validate(&stcb->asoc.primary_destination->ro)) { 2624 /* No route to current primary adopt new primary */ 2625 stcb->asoc.primary_destination = net; 2626 } 2627 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb, 2628 net); 2629 2630 return (0); 2631 } 2632 2633 2634 /* 2635 * allocate an association and add it to the endpoint. The caller must 2636 * be careful to add all additional addresses once they are know right 2637 * away or else the assoc will be may experience a blackout scenario. 2638 */ 2639 struct sctp_tcb * 2640 sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr, 2641 int for_a_init, int *error, uint32_t override_tag) 2642 { 2643 struct sctp_tcb *stcb; 2644 struct sctp_association *asoc; 2645 struct sctpasochead *head; 2646 uint16_t rport; 2647 int err; 2648 2649 /* 2650 * Assumption made here: 2651 * Caller has done a sctp_findassociation_ep_addr(ep, addr's); 2652 * to make sure the address does not exist already. 2653 */ 2654 if (sctppcbinfo.ipi_count_asoc >= SCTP_MAX_NUM_OF_ASOC) { 2655 /* Hit max assoc, sorry no more */ 2656 *error = ENOBUFS; 2657 return (NULL); 2658 } 2659 SCTP_INP_RLOCK(inp); 2660 if (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) { 2661 /* 2662 * If its in the TCP pool, its NOT allowed to create an 2663 * association. The parent listener needs to call 2664 * sctp_aloc_assoc.. or the one-2-many socket. If a 2665 * peeled off, or connected one does this.. its an error. 2666 */ 2667 SCTP_INP_RUNLOCK(inp); 2668 *error = EINVAL; 2669 return (NULL); 2670 } 2671 2672 #ifdef SCTP_DEBUG 2673 if (sctp_debug_on & SCTP_DEBUG_PCB3) { 2674 printf("Allocate an association for peer:"); 2675 if (firstaddr) 2676 sctp_print_address(firstaddr); 2677 else 2678 printf("None\n"); 2679 printf("Port:%d\n", 2680 ntohs(((struct sockaddr_in *)firstaddr)->sin_port)); 2681 } 2682 #endif /* SCTP_DEBUG */ 2683 if (firstaddr->sa_family == AF_INET) { 2684 struct sockaddr_in *sin; 2685 sin = (struct sockaddr_in *)firstaddr; 2686 if ((sin->sin_port == 0) || (sin->sin_addr.s_addr == 0)) { 2687 /* Invalid address */ 2688 #ifdef SCTP_DEBUG 2689 if (sctp_debug_on & SCTP_DEBUG_PCB3) { 2690 printf("peer address invalid\n"); 2691 } 2692 #endif 2693 SCTP_INP_RUNLOCK(inp); 2694 *error = EINVAL; 2695 return (NULL); 2696 } 2697 rport = sin->sin_port; 2698 } else if (firstaddr->sa_family == AF_INET6) { 2699 struct sockaddr_in6 *sin6; 2700 sin6 = (struct sockaddr_in6 *)firstaddr; 2701 if ((sin6->sin6_port == 0) || 2702 (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))) { 2703 /* Invalid address */ 2704 #ifdef SCTP_DEBUG 2705 if (sctp_debug_on & SCTP_DEBUG_PCB3) { 2706 printf("peer address invalid\n"); 2707 } 2708 #endif 2709 SCTP_INP_RUNLOCK(inp); 2710 *error = EINVAL; 2711 return (NULL); 2712 } 2713 rport = sin6->sin6_port; 2714 } else { 2715 /* not supported family type */ 2716 #ifdef SCTP_DEBUG 2717 if (sctp_debug_on & SCTP_DEBUG_PCB3) { 2718 printf("BAD family %d\n", firstaddr->sa_family); 2719 } 2720 #endif 2721 SCTP_INP_RUNLOCK(inp); 2722 *error = EINVAL; 2723 return (NULL); 2724 } 2725 SCTP_INP_RUNLOCK(inp); 2726 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) { 2727 /* 2728 * If you have not performed a bind, then we need to do 2729 * the ephemerial bind for you. 2730 */ 2731 #ifdef SCTP_DEBUG 2732 if (sctp_debug_on & SCTP_DEBUG_PCB3) { 2733 printf("Doing implicit BIND\n"); 2734 } 2735 #endif 2736 2737 if ((err = sctp_inpcb_bind(inp->sctp_socket, 2738 (struct sockaddr *)NULL, (struct lwp *)NULL))){ 2739 /* bind error, probably perm */ 2740 #ifdef SCTP_DEBUG 2741 if (sctp_debug_on & SCTP_DEBUG_PCB3) { 2742 printf("BIND FAILS ret:%d\n", err); 2743 } 2744 #endif 2745 2746 *error = err; 2747 return (NULL); 2748 } 2749 } 2750 stcb = (struct sctp_tcb *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_asoc); 2751 if (stcb == NULL) { 2752 /* out of memory? */ 2753 #ifdef SCTP_DEBUG 2754 if (sctp_debug_on & SCTP_DEBUG_PCB3) { 2755 printf("aloc_assoc: no assoc mem left, stcb=NULL\n"); 2756 } 2757 #endif 2758 *error = ENOMEM; 2759 return (NULL); 2760 } 2761 sctppcbinfo.ipi_count_asoc++; 2762 sctppcbinfo.ipi_gencnt_asoc++; 2763 2764 memset(stcb, 0, sizeof(*stcb)); 2765 asoc = &stcb->asoc; 2766 SCTP_TCB_LOCK_INIT(stcb); 2767 /* setup back pointers */ 2768 #ifdef SCTP_DEBUG 2769 printf("Before back pointers\n"); 2770 #endif 2771 stcb->sctp_ep = inp; 2772 stcb->sctp_socket = inp->sctp_socket; 2773 if ((err = sctp_init_asoc(inp, asoc, for_a_init, override_tag))) { 2774 /* failed */ 2775 SCTP_TCB_LOCK_DESTROY (stcb); 2776 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb); 2777 sctppcbinfo.ipi_count_asoc--; 2778 #ifdef SCTP_DEBUG 2779 if (sctp_debug_on & SCTP_DEBUG_PCB3) { 2780 printf("aloc_assoc: couldn't init asoc, out of mem?!\n"); 2781 } 2782 #endif 2783 *error = err; 2784 return (NULL); 2785 } 2786 /* and the port */ 2787 stcb->rport = rport; 2788 SCTP_INP_INFO_WLOCK(); 2789 SCTP_INP_WLOCK(inp); 2790 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 2791 /* inpcb freed while alloc going on */ 2792 SCTP_TCB_LOCK_DESTROY (stcb); 2793 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb); 2794 SCTP_INP_WUNLOCK(inp); 2795 SCTP_INP_INFO_WUNLOCK(); 2796 sctppcbinfo.ipi_count_asoc--; 2797 #ifdef SCTP_DEBUG 2798 if (sctp_debug_on & SCTP_DEBUG_PCB3) { 2799 printf("aloc_assoc: couldn't init asoc, out of mem?!\n"); 2800 } 2801 #endif 2802 *error = EINVAL; 2803 return (NULL); 2804 } 2805 SCTP_TCB_LOCK(stcb); 2806 2807 /* now that my_vtag is set, add it to the hash */ 2808 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, 2809 sctppcbinfo.hashasocmark)]; 2810 /* put it in the bucket in the vtag hash of assoc's for the system */ 2811 LIST_INSERT_HEAD(head, stcb, sctp_asocs); 2812 SCTP_INP_INFO_WUNLOCK(); 2813 2814 2815 if ((err = sctp_add_remote_addr(stcb, firstaddr, 1, 1))) { 2816 /* failure.. memory error? */ 2817 if (asoc->strmout) 2818 free(asoc->strmout, M_PCB); 2819 if (asoc->mapping_array) 2820 free(asoc->mapping_array, M_PCB); 2821 2822 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb); 2823 sctppcbinfo.ipi_count_asoc--; 2824 #ifdef SCTP_DEBUG 2825 if (sctp_debug_on & SCTP_DEBUG_PCB3) { 2826 printf("aloc_assoc: couldn't add remote addr!\n"); 2827 } 2828 #endif 2829 SCTP_TCB_LOCK_DESTROY (stcb); 2830 *error = ENOBUFS; 2831 return (NULL); 2832 } 2833 /* Init all the timers */ 2834 callout_init(&asoc->hb_timer.timer, 0); 2835 callout_init(&asoc->dack_timer.timer, 0); 2836 callout_init(&asoc->asconf_timer.timer, 0); 2837 callout_init(&asoc->shut_guard_timer.timer, 0); 2838 callout_init(&asoc->autoclose_timer.timer, 0); 2839 callout_init(&asoc->delayed_event_timer.timer, 0); 2840 LIST_INSERT_HEAD(&inp->sctp_asoc_list, stcb, sctp_tcblist); 2841 /* now file the port under the hash as well */ 2842 #ifdef SCTP_DEBUG 2843 printf("Before hashing %ld size %d\n", 2844 inp->sctp_hashmark, sctp_pcbtblsize); 2845 #endif 2846 if (inp->sctp_tcbhash != NULL) { 2847 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(stcb->rport, 2848 inp->sctp_hashmark)]; 2849 LIST_INSERT_HEAD(head, stcb, sctp_tcbhash); 2850 } 2851 #ifdef SCTP_DEBUG 2852 printf("After hashing\n"); 2853 #endif 2854 SCTP_INP_WUNLOCK(inp); 2855 #ifdef SCTP_DEBUG 2856 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 2857 printf("Association %p now allocated\n", stcb); 2858 } 2859 #endif 2860 return (stcb); 2861 } 2862 2863 void 2864 sctp_free_remote_addr(struct sctp_nets *net) 2865 { 2866 if (net == NULL) 2867 return; 2868 net->ref_count--; 2869 if (net->ref_count <= 0) { 2870 /* stop timer if running */ 2871 callout_stop(&net->rxt_timer.timer); 2872 callout_stop(&net->pmtu_timer.timer); 2873 callout_destroy(&net->rxt_timer.timer); 2874 callout_destroy(&net->pmtu_timer.timer); 2875 net->dest_state = SCTP_ADDR_NOT_REACHABLE; 2876 rtcache_free(&net->ro); 2877 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_net, net); 2878 sctppcbinfo.ipi_count_raddr--; 2879 } 2880 } 2881 2882 /* 2883 * remove a remote endpoint address from an association, it 2884 * will fail if the address does not exist. 2885 */ 2886 int 2887 sctp_del_remote_addr(struct sctp_tcb *stcb, struct sockaddr *remaddr) 2888 { 2889 /* 2890 * Here we need to remove a remote address. This is quite simple, we 2891 * first find it in the list of address for the association 2892 * (tasoc->asoc.nets) and then if it is there, we do a LIST_REMOVE on 2893 * that item. 2894 * Note we do not allow it to be removed if there are no other 2895 * addresses. 2896 */ 2897 struct sctp_association *asoc; 2898 struct sctp_nets *net, *net_tmp; 2899 asoc = &stcb->asoc; 2900 if (asoc->numnets < 2) { 2901 /* Must have at LEAST two remote addresses */ 2902 return (-1); 2903 } 2904 /* locate the address */ 2905 for (net = TAILQ_FIRST(&asoc->nets); net != NULL; net = net_tmp) { 2906 net_tmp = TAILQ_NEXT(net, sctp_next); 2907 if (rtcache_getdst(&net->ro)->sa_family != remaddr->sa_family) { 2908 continue; 2909 } 2910 if (sctp_cmpaddr(rtcache_getdst(&net->ro), remaddr)) { 2911 /* we found the guy */ 2912 asoc->numnets--; 2913 TAILQ_REMOVE(&asoc->nets, net, sctp_next); 2914 sctp_free_remote_addr(net); 2915 if (net == asoc->primary_destination) { 2916 /* Reset primary */ 2917 struct sctp_nets *lnet; 2918 lnet = TAILQ_FIRST(&asoc->nets); 2919 /* Try to find a confirmed primary */ 2920 asoc->primary_destination = 2921 sctp_find_alternate_net(stcb, lnet); 2922 } 2923 if (net == asoc->last_data_chunk_from) { 2924 /* Reset primary */ 2925 asoc->last_data_chunk_from = 2926 TAILQ_FIRST(&asoc->nets); 2927 } 2928 if (net == asoc->last_control_chunk_from) { 2929 /* Reset primary */ 2930 asoc->last_control_chunk_from = 2931 TAILQ_FIRST(&asoc->nets); 2932 } 2933 if (net == asoc->asconf_last_sent_to) { 2934 /* Reset primary */ 2935 asoc->asconf_last_sent_to = 2936 TAILQ_FIRST(&asoc->nets); 2937 } 2938 return (0); 2939 } 2940 } 2941 /* not found. */ 2942 return (-2); 2943 } 2944 2945 2946 static void 2947 sctp_add_vtag_to_timewait(struct sctp_inpcb *inp, u_int32_t tag) 2948 { 2949 struct sctpvtaghead *chain; 2950 struct sctp_tagblock *twait_block; 2951 struct timeval now; 2952 int set, i; 2953 SCTP_GETTIME_TIMEVAL(&now); 2954 chain = &sctppcbinfo.vtag_timewait[(tag % SCTP_STACK_VTAG_HASH_SIZE)]; 2955 set = 0; 2956 if (!LIST_EMPTY(chain)) { 2957 /* Block(s) present, lets find space, and expire on the fly */ 2958 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) { 2959 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) { 2960 if ((twait_block->vtag_block[i].v_tag == 0) && 2961 !set) { 2962 twait_block->vtag_block[0].tv_sec_at_expire = 2963 now.tv_sec + SCTP_TIME_WAIT; 2964 twait_block->vtag_block[0].v_tag = tag; 2965 set = 1; 2966 } else if ((twait_block->vtag_block[i].v_tag) && 2967 ((long)twait_block->vtag_block[i].tv_sec_at_expire > 2968 now.tv_sec)) { 2969 /* Audit expires this guy */ 2970 twait_block->vtag_block[i].tv_sec_at_expire = 0; 2971 twait_block->vtag_block[i].v_tag = 0; 2972 if (set == 0) { 2973 /* Reuse it for my new tag */ 2974 twait_block->vtag_block[0].tv_sec_at_expire = now.tv_sec + SCTP_TIME_WAIT; 2975 twait_block->vtag_block[0].v_tag = tag; 2976 set = 1; 2977 } 2978 } 2979 } 2980 if (set) { 2981 /* 2982 * We only do up to the block where we can 2983 * place our tag for audits 2984 */ 2985 break; 2986 } 2987 } 2988 } 2989 /* Need to add a new block to chain */ 2990 if (!set) { 2991 twait_block = malloc(sizeof(struct sctp_tagblock), M_PCB, M_NOWAIT); 2992 if (twait_block == NULL) { 2993 return; 2994 } 2995 memset(twait_block, 0, sizeof(struct sctp_timewait)); 2996 LIST_INSERT_HEAD(chain, twait_block, sctp_nxt_tagblock); 2997 twait_block->vtag_block[0].tv_sec_at_expire = now.tv_sec + 2998 SCTP_TIME_WAIT; 2999 twait_block->vtag_block[0].v_tag = tag; 3000 } 3001 } 3002 3003 3004 static void 3005 sctp_iterator_asoc_being_freed(struct sctp_inpcb *inp, struct sctp_tcb *stcb) 3006 { 3007 struct sctp_iterator *it; 3008 3009 3010 3011 /* Unlock the tcb lock we do this so 3012 * we avoid a dead lock scenario where 3013 * the iterator is waiting on the TCB lock 3014 * and the TCB lock is waiting on the iterator 3015 * lock. 3016 */ 3017 SCTP_ITERATOR_LOCK(); 3018 SCTP_INP_INFO_WLOCK(); 3019 SCTP_INP_WLOCK(inp); 3020 SCTP_TCB_LOCK(stcb); 3021 3022 it = stcb->asoc.stcb_starting_point_for_iterator; 3023 if (it == NULL) { 3024 return; 3025 } 3026 if (it->inp != stcb->sctp_ep) { 3027 /* hm, focused on the wrong one? */ 3028 return; 3029 } 3030 if (it->stcb != stcb) { 3031 return; 3032 } 3033 it->stcb = LIST_NEXT(stcb, sctp_tcblist); 3034 if (it->stcb == NULL) { 3035 /* done with all asoc's in this assoc */ 3036 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 3037 it->inp = NULL; 3038 } else { 3039 3040 it->inp = LIST_NEXT(inp, sctp_list); 3041 } 3042 } 3043 } 3044 3045 /* 3046 * Free the association after un-hashing the remote port. 3047 */ 3048 void 3049 sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb) 3050 { 3051 struct sctp_association *asoc; 3052 struct sctp_nets *net, *prev; 3053 struct sctp_laddr *laddr; 3054 struct sctp_tmit_chunk *chk; 3055 struct sctp_asconf_addr *aparam; 3056 struct sctp_socket_q_list *sq; 3057 int s; 3058 3059 /* first, lets purge the entry from the hash table. */ 3060 s = splsoftnet(); 3061 if (stcb->asoc.state == 0) { 3062 printf("Freeing already free association:%p - huh??\n", 3063 stcb); 3064 splx(s); 3065 return; 3066 } 3067 asoc = &stcb->asoc; 3068 asoc->state = 0; 3069 /* now clean up any other timers */ 3070 callout_stop(&asoc->hb_timer.timer); 3071 callout_destroy(&asoc->hb_timer.timer); 3072 callout_stop(&asoc->dack_timer.timer); 3073 callout_destroy(&asoc->dack_timer.timer); 3074 callout_stop(&asoc->asconf_timer.timer); 3075 callout_destroy(&asoc->asconf_timer.timer); 3076 callout_stop(&asoc->shut_guard_timer.timer); 3077 callout_destroy(&asoc->shut_guard_timer.timer); 3078 callout_stop(&asoc->autoclose_timer.timer); 3079 callout_destroy(&asoc->autoclose_timer.timer); 3080 callout_stop(&asoc->delayed_event_timer.timer); 3081 callout_destroy(&asoc->delayed_event_timer.timer); 3082 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 3083 callout_stop(&net->rxt_timer.timer); 3084 callout_stop(&net->pmtu_timer.timer); 3085 callout_destroy(&net->rxt_timer.timer); 3086 callout_destroy(&net->pmtu_timer.timer); 3087 } 3088 3089 /* Iterator asoc being freed we send an 3090 * unlocked TCB. It returns with INP_INFO 3091 * and INP write locked and the TCB locked 3092 * too and of course the iterator lock 3093 * in place as well.. 3094 */ 3095 SCTP_TCB_UNLOCK(stcb); 3096 sctp_iterator_asoc_being_freed(inp, stcb); 3097 3098 /* Null all of my entry's on the socket q */ 3099 TAILQ_FOREACH(sq, &inp->sctp_queue_list, next_sq) { 3100 if (sq->tcb == stcb) { 3101 sq->tcb = NULL; 3102 } 3103 } 3104 3105 if (inp->sctp_tcb_at_block == (void *)stcb) { 3106 inp->error_on_block = ECONNRESET; 3107 } 3108 3109 if (inp->sctp_tcbhash) { 3110 LIST_REMOVE(stcb, sctp_tcbhash); 3111 } 3112 /* Now lets remove it from the list of ALL associations in the EP */ 3113 LIST_REMOVE(stcb, sctp_tcblist); 3114 SCTP_INP_WUNLOCK(inp); 3115 SCTP_ITERATOR_UNLOCK(); 3116 3117 3118 /* pull from vtag hash */ 3119 LIST_REMOVE(stcb, sctp_asocs); 3120 3121 /* 3122 * Now before we can free the assoc, we must remove all of the 3123 * networks and any other allocated space.. i.e. add removes here 3124 * before the SCTP_ZONE_FREE() of the tasoc entry. 3125 */ 3126 3127 sctp_add_vtag_to_timewait(inp, asoc->my_vtag); 3128 SCTP_INP_INFO_WUNLOCK(); 3129 prev = NULL; 3130 while (!TAILQ_EMPTY(&asoc->nets)) { 3131 net = TAILQ_FIRST(&asoc->nets); 3132 /* pull from list */ 3133 if ((sctppcbinfo.ipi_count_raddr == 0) || (prev == net)) { 3134 break; 3135 } 3136 prev = net; 3137 TAILQ_REMOVE(&asoc->nets, net, sctp_next); 3138 rtcache_free(&net->ro); 3139 /* free it */ 3140 net->ref_count = 0; 3141 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_net, net); 3142 sctppcbinfo.ipi_count_raddr--; 3143 } 3144 /* 3145 * The chunk lists and such SHOULD be empty but we check them 3146 * just in case. 3147 */ 3148 /* anything on the wheel needs to be removed */ 3149 while (!TAILQ_EMPTY(&asoc->out_wheel)) { 3150 struct sctp_stream_out *outs; 3151 outs = TAILQ_FIRST(&asoc->out_wheel); 3152 TAILQ_REMOVE(&asoc->out_wheel, outs, next_spoke); 3153 /* now clean up any chunks here */ 3154 chk = TAILQ_FIRST(&outs->outqueue); 3155 while (chk) { 3156 TAILQ_REMOVE(&outs->outqueue, chk, sctp_next); 3157 if (chk->data) { 3158 sctp_m_freem(chk->data); 3159 chk->data = NULL; 3160 } 3161 chk->whoTo = NULL; 3162 chk->asoc = NULL; 3163 /* Free the chunk */ 3164 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 3165 sctppcbinfo.ipi_count_chunk--; 3166 sctppcbinfo.ipi_gencnt_chunk++; 3167 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 3168 panic("Chunk count is negative"); 3169 } 3170 chk = TAILQ_FIRST(&outs->outqueue); 3171 } 3172 outs = TAILQ_FIRST(&asoc->out_wheel); 3173 } 3174 3175 if (asoc->pending_reply) { 3176 free(asoc->pending_reply, M_PCB); 3177 asoc->pending_reply = NULL; 3178 } 3179 chk = TAILQ_FIRST(&asoc->pending_reply_queue); 3180 while (chk) { 3181 TAILQ_REMOVE(&asoc->pending_reply_queue, chk, sctp_next); 3182 if (chk->data) { 3183 sctp_m_freem(chk->data); 3184 chk->data = NULL; 3185 } 3186 chk->whoTo = NULL; 3187 chk->asoc = NULL; 3188 /* Free the chunk */ 3189 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 3190 sctppcbinfo.ipi_count_chunk--; 3191 sctppcbinfo.ipi_gencnt_chunk++; 3192 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 3193 panic("Chunk count is negative"); 3194 } 3195 chk = TAILQ_FIRST(&asoc->pending_reply_queue); 3196 } 3197 /* pending send queue SHOULD be empty */ 3198 if (!TAILQ_EMPTY(&asoc->send_queue)) { 3199 chk = TAILQ_FIRST(&asoc->send_queue); 3200 while (chk) { 3201 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); 3202 if (chk->data) { 3203 sctp_m_freem(chk->data); 3204 chk->data = NULL; 3205 } 3206 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 3207 sctppcbinfo.ipi_count_chunk--; 3208 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 3209 panic("Chunk count is negative"); 3210 } 3211 sctppcbinfo.ipi_gencnt_chunk++; 3212 chk = TAILQ_FIRST(&asoc->send_queue); 3213 } 3214 } 3215 /* sent queue SHOULD be empty */ 3216 if (!TAILQ_EMPTY(&asoc->sent_queue)) { 3217 chk = TAILQ_FIRST(&asoc->sent_queue); 3218 while (chk) { 3219 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next); 3220 if (chk->data) { 3221 sctp_m_freem(chk->data); 3222 chk->data = NULL; 3223 } 3224 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 3225 sctppcbinfo.ipi_count_chunk--; 3226 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 3227 panic("Chunk count is negative"); 3228 } 3229 sctppcbinfo.ipi_gencnt_chunk++; 3230 chk = TAILQ_FIRST(&asoc->sent_queue); 3231 } 3232 } 3233 /* control queue MAY not be empty */ 3234 if (!TAILQ_EMPTY(&asoc->control_send_queue)) { 3235 chk = TAILQ_FIRST(&asoc->control_send_queue); 3236 while (chk) { 3237 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 3238 if (chk->data) { 3239 sctp_m_freem(chk->data); 3240 chk->data = NULL; 3241 } 3242 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 3243 sctppcbinfo.ipi_count_chunk--; 3244 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 3245 panic("Chunk count is negative"); 3246 } 3247 sctppcbinfo.ipi_gencnt_chunk++; 3248 chk = TAILQ_FIRST(&asoc->control_send_queue); 3249 } 3250 } 3251 if (!TAILQ_EMPTY(&asoc->reasmqueue)) { 3252 chk = TAILQ_FIRST(&asoc->reasmqueue); 3253 while (chk) { 3254 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next); 3255 if (chk->data) { 3256 sctp_m_freem(chk->data); 3257 chk->data = NULL; 3258 } 3259 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 3260 sctppcbinfo.ipi_count_chunk--; 3261 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 3262 panic("Chunk count is negative"); 3263 } 3264 sctppcbinfo.ipi_gencnt_chunk++; 3265 chk = TAILQ_FIRST(&asoc->reasmqueue); 3266 } 3267 } 3268 if (!TAILQ_EMPTY(&asoc->delivery_queue)) { 3269 chk = TAILQ_FIRST(&asoc->delivery_queue); 3270 while (chk) { 3271 TAILQ_REMOVE(&asoc->delivery_queue, chk, sctp_next); 3272 if (chk->data) { 3273 sctp_m_freem(chk->data); 3274 chk->data = NULL; 3275 } 3276 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 3277 sctppcbinfo.ipi_count_chunk--; 3278 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 3279 panic("Chunk count is negative"); 3280 } 3281 sctppcbinfo.ipi_gencnt_chunk++; 3282 chk = TAILQ_FIRST(&asoc->delivery_queue); 3283 } 3284 } 3285 if (asoc->mapping_array) { 3286 free(asoc->mapping_array, M_PCB); 3287 asoc->mapping_array = NULL; 3288 } 3289 3290 /* the stream outs */ 3291 if (asoc->strmout) { 3292 free(asoc->strmout, M_PCB); 3293 asoc->strmout = NULL; 3294 } 3295 asoc->streamoutcnt = 0; 3296 if (asoc->strmin) { 3297 int i; 3298 for (i = 0; i < asoc->streamincnt; i++) { 3299 if (!TAILQ_EMPTY(&asoc->strmin[i].inqueue)) { 3300 /* We have somethings on the streamin queue */ 3301 chk = TAILQ_FIRST(&asoc->strmin[i].inqueue); 3302 while (chk) { 3303 TAILQ_REMOVE(&asoc->strmin[i].inqueue, 3304 chk, sctp_next); 3305 if (chk->data) { 3306 sctp_m_freem(chk->data); 3307 chk->data = NULL; 3308 } 3309 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, 3310 chk); 3311 sctppcbinfo.ipi_count_chunk--; 3312 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 3313 panic("Chunk count is negative"); 3314 } 3315 sctppcbinfo.ipi_gencnt_chunk++; 3316 chk = TAILQ_FIRST(&asoc->strmin[i].inqueue); 3317 } 3318 } 3319 } 3320 free(asoc->strmin, M_PCB); 3321 asoc->strmin = NULL; 3322 } 3323 asoc->streamincnt = 0; 3324 /* local addresses, if any */ 3325 while (!LIST_EMPTY(&asoc->sctp_local_addr_list)) { 3326 laddr = LIST_FIRST(&asoc->sctp_local_addr_list); 3327 LIST_REMOVE(laddr, sctp_nxt_addr); 3328 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_laddr, laddr); 3329 sctppcbinfo.ipi_count_laddr--; 3330 } 3331 /* pending asconf (address) parameters */ 3332 while (!TAILQ_EMPTY(&asoc->asconf_queue)) { 3333 aparam = TAILQ_FIRST(&asoc->asconf_queue); 3334 TAILQ_REMOVE(&asoc->asconf_queue, aparam, next); 3335 free(aparam, M_PCB); 3336 } 3337 if (asoc->last_asconf_ack_sent != NULL) { 3338 sctp_m_freem(asoc->last_asconf_ack_sent); 3339 asoc->last_asconf_ack_sent = NULL; 3340 } 3341 /* Insert new items here :> */ 3342 3343 /* Get rid of LOCK */ 3344 SCTP_TCB_LOCK_DESTROY(stcb); 3345 3346 /* now clean up the tasoc itself */ 3347 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb); 3348 sctppcbinfo.ipi_count_asoc--; 3349 if ((inp->sctp_socket->so_snd.sb_cc) || 3350 (inp->sctp_socket->so_snd.sb_mbcnt)) { 3351 /* This will happen when a abort is done */ 3352 inp->sctp_socket->so_snd.sb_cc = 0; 3353 inp->sctp_socket->so_snd.sb_mbcnt = 0; 3354 } 3355 if (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) { 3356 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) == 0) { 3357 if (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) { 3358 /* 3359 * For the base fd, that is NOT in TCP pool we 3360 * turn off the connected flag. This allows 3361 * non-listening endpoints to connect/shutdown/ 3362 * connect. 3363 */ 3364 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CONNECTED; 3365 soisdisconnected(inp->sctp_socket); 3366 } 3367 /* 3368 * For those that are in the TCP pool we just leave 3369 * so it cannot be used. When they close the fd we 3370 * will free it all. 3371 */ 3372 } 3373 } 3374 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 3375 sctp_inpcb_free(inp, 0); 3376 } 3377 splx(s); 3378 } 3379 3380 3381 /* 3382 * determine if a destination is "reachable" based upon the addresses 3383 * bound to the current endpoint (e.g. only v4 or v6 currently bound) 3384 */ 3385 /* 3386 * FIX: if we allow assoc-level bindx(), then this needs to be fixed 3387 * to use assoc level v4/v6 flags, as the assoc *may* not have the 3388 * same address types bound as its endpoint 3389 */ 3390 int 3391 sctp_destination_is_reachable(struct sctp_tcb *stcb, const struct sockaddr *destaddr) 3392 { 3393 struct sctp_inpcb *inp; 3394 int answer; 3395 3396 /* No locks here, the TCB, in all cases is already 3397 * locked and an assoc is up. There is either a 3398 * INP lock by the caller applied (in asconf case when 3399 * deleting an address) or NOT in the HB case, however 3400 * if HB then the INP increment is up and the INP 3401 * will not be removed (on top of the fact that 3402 * we have a TCB lock). So we only want to 3403 * read the sctp_flags, which is either bound-all 3404 * or not.. no protection needed since once an 3405 * assoc is up you can't be changing your binding. 3406 */ 3407 inp = stcb->sctp_ep; 3408 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3409 /* if bound all, destination is not restricted */ 3410 /* RRS: Question during lock work: Is this 3411 * correct? If you are bound-all you still 3412 * might need to obey the V4--V6 flags??? 3413 * IMO this bound-all stuff needs to be removed! 3414 */ 3415 return (1); 3416 } 3417 /* NOTE: all "scope" checks are done when local addresses are added */ 3418 if (destaddr->sa_family == AF_INET6) { 3419 answer = inp->inp_vflag & INP_IPV6; 3420 } else if (destaddr->sa_family == AF_INET) { 3421 answer = inp->inp_vflag & INP_IPV4; 3422 } else { 3423 /* invalid family, so it's unreachable */ 3424 answer = 0; 3425 } 3426 return (answer); 3427 } 3428 3429 /* 3430 * update the inp_vflags on an endpoint 3431 */ 3432 static void 3433 sctp_update_ep_vflag(struct sctp_inpcb *inp) { 3434 struct sctp_laddr *laddr; 3435 3436 /* first clear the flag */ 3437 inp->inp_vflag = 0; 3438 3439 /* set the flag based on addresses on the ep list */ 3440 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 3441 if (laddr->ifa == NULL) { 3442 #ifdef SCTP_DEBUG 3443 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 3444 printf("An ounce of prevention is worth a pound of cure\n"); 3445 } 3446 #endif /* SCTP_DEBUG */ 3447 continue; 3448 } 3449 if (laddr->ifa->ifa_addr) { 3450 continue; 3451 } 3452 if (laddr->ifa->ifa_addr->sa_family == AF_INET6) { 3453 inp->inp_vflag |= INP_IPV6; 3454 } else if (laddr->ifa->ifa_addr->sa_family == AF_INET) { 3455 inp->inp_vflag |= INP_IPV4; 3456 } 3457 } 3458 } 3459 3460 /* 3461 * Add the address to the endpoint local address list 3462 * There is nothing to be done if we are bound to all addresses 3463 */ 3464 int 3465 sctp_add_local_addr_ep(struct sctp_inpcb *inp, struct ifaddr *ifa) 3466 { 3467 struct sctp_laddr *laddr; 3468 int fnd, error; 3469 fnd = 0; 3470 3471 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3472 /* You are already bound to all. You have it already */ 3473 return (0); 3474 } 3475 if (ifa->ifa_addr->sa_family == AF_INET6) { 3476 struct in6_ifaddr *ifa6; 3477 ifa6 = (struct in6_ifaddr *)ifa; 3478 if (ifa6->ia6_flags & (IN6_IFF_DETACHED | 3479 IN6_IFF_DEPRECATED | IN6_IFF_ANYCAST | IN6_IFF_NOTREADY)) 3480 /* Can't bind a non-existent addr. */ 3481 return (-1); 3482 } 3483 /* first, is it already present? */ 3484 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 3485 if (laddr->ifa == ifa) { 3486 fnd = 1; 3487 break; 3488 } 3489 } 3490 3491 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) && (fnd == 0)) { 3492 /* Not bound to all */ 3493 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa); 3494 if (error != 0) 3495 return (error); 3496 inp->laddr_count++; 3497 /* update inp_vflag flags */ 3498 if (ifa->ifa_addr->sa_family == AF_INET6) { 3499 inp->inp_vflag |= INP_IPV6; 3500 } else if (ifa->ifa_addr->sa_family == AF_INET) { 3501 inp->inp_vflag |= INP_IPV4; 3502 } 3503 } 3504 return (0); 3505 } 3506 3507 3508 /* 3509 * select a new (hopefully reachable) destination net 3510 * (should only be used when we deleted an ep addr that is the 3511 * only usable source address to reach the destination net) 3512 */ 3513 static void 3514 sctp_select_primary_destination(struct sctp_tcb *stcb) 3515 { 3516 struct sctp_nets *net; 3517 3518 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 3519 /* for now, we'll just pick the first reachable one we find */ 3520 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) 3521 continue; 3522 if (sctp_destination_is_reachable(stcb, 3523 rtcache_getdst(&net->ro))) { 3524 /* found a reachable destination */ 3525 stcb->asoc.primary_destination = net; 3526 } 3527 } 3528 /* I can't there from here! ...we're gonna die shortly... */ 3529 } 3530 3531 3532 /* 3533 * Delete the address from the endpoint local address list 3534 * There is nothing to be done if we are bound to all addresses 3535 */ 3536 int 3537 sctp_del_local_addr_ep(struct sctp_inpcb *inp, struct ifaddr *ifa) 3538 { 3539 struct sctp_laddr *laddr; 3540 int fnd; 3541 fnd = 0; 3542 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 3543 /* You are already bound to all. You have it already */ 3544 return (EINVAL); 3545 } 3546 3547 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 3548 if (laddr->ifa == ifa) { 3549 fnd = 1; 3550 break; 3551 } 3552 } 3553 if (fnd && (inp->laddr_count < 2)) { 3554 /* can't delete unless there are at LEAST 2 addresses */ 3555 return (-1); 3556 } 3557 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) && (fnd)) { 3558 /* 3559 * clean up any use of this address 3560 * go through our associations and clear any 3561 * last_used_address that match this one 3562 * for each assoc, see if a new primary_destination is needed 3563 */ 3564 struct sctp_tcb *stcb; 3565 3566 /* clean up "next_addr_touse" */ 3567 if (inp->next_addr_touse == laddr) 3568 /* delete this address */ 3569 inp->next_addr_touse = NULL; 3570 3571 /* clean up "last_used_address" */ 3572 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 3573 if (stcb->asoc.last_used_address == laddr) 3574 /* delete this address */ 3575 stcb->asoc.last_used_address = NULL; 3576 } /* for each tcb */ 3577 3578 /* remove it from the ep list */ 3579 sctp_remove_laddr(laddr); 3580 inp->laddr_count--; 3581 /* update inp_vflag flags */ 3582 sctp_update_ep_vflag(inp); 3583 /* select a new primary destination if needed */ 3584 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 3585 /* presume caller (sctp_asconf.c) already owns INP lock */ 3586 SCTP_TCB_LOCK(stcb); 3587 if (sctp_destination_is_reachable(stcb, 3588 rtcache_getdst(&stcb->asoc.primary_destination->ro)) == 0) { 3589 sctp_select_primary_destination(stcb); 3590 } 3591 SCTP_TCB_UNLOCK(stcb); 3592 } /* for each tcb */ 3593 } 3594 return (0); 3595 } 3596 3597 /* 3598 * Add the addr to the TCB local address list 3599 * For the BOUNDALL or dynamic case, this is a "pending" address list 3600 * (eg. addresses waiting for an ASCONF-ACK response) 3601 * For the subset binding, static case, this is a "valid" address list 3602 */ 3603 int 3604 sctp_add_local_addr_assoc(struct sctp_tcb *stcb, struct ifaddr *ifa) 3605 { 3606 struct sctp_laddr *laddr; 3607 int error; 3608 3609 /* Assumes TCP is locked.. and possiblye 3610 * the INP. May need to confirm/fix that if 3611 * we need it and is not the case. 3612 */ 3613 if (ifa->ifa_addr->sa_family == AF_INET6) { 3614 struct in6_ifaddr *ifa6; 3615 ifa6 = (struct in6_ifaddr *)ifa; 3616 if (ifa6->ia6_flags & (IN6_IFF_DETACHED | 3617 /* IN6_IFF_DEPRECATED | */ 3618 IN6_IFF_ANYCAST | 3619 IN6_IFF_NOTREADY)) 3620 /* Can't bind a non-existent addr. */ 3621 return (-1); 3622 } 3623 /* does the address already exist? */ 3624 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, sctp_nxt_addr) { 3625 if (laddr->ifa == ifa) { 3626 return (-1); 3627 } 3628 } 3629 3630 /* add to the list */ 3631 error = sctp_insert_laddr(&stcb->asoc.sctp_local_addr_list, ifa); 3632 if (error != 0) 3633 return (error); 3634 return (0); 3635 } 3636 3637 /* 3638 * insert an laddr entry with the given ifa for the desired list 3639 */ 3640 int 3641 sctp_insert_laddr(struct sctpladdr *list, struct ifaddr *ifa) { 3642 struct sctp_laddr *laddr; 3643 int s; 3644 3645 s = splsoftnet(); 3646 3647 laddr = (struct sctp_laddr *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_laddr); 3648 if (laddr == NULL) { 3649 /* out of memory? */ 3650 splx(s); 3651 return (EINVAL); 3652 } 3653 sctppcbinfo.ipi_count_laddr++; 3654 sctppcbinfo.ipi_gencnt_laddr++; 3655 memset(laddr, 0, sizeof(*laddr)); 3656 laddr->ifa = ifa; 3657 /* insert it */ 3658 LIST_INSERT_HEAD(list, laddr, sctp_nxt_addr); 3659 3660 splx(s); 3661 return (0); 3662 } 3663 3664 /* 3665 * Remove an laddr entry from the local address list (on an assoc) 3666 */ 3667 void 3668 sctp_remove_laddr(struct sctp_laddr *laddr) 3669 { 3670 int s; 3671 s = splsoftnet(); 3672 /* remove from the list */ 3673 LIST_REMOVE(laddr, sctp_nxt_addr); 3674 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_laddr, laddr); 3675 sctppcbinfo.ipi_count_laddr--; 3676 sctppcbinfo.ipi_gencnt_laddr++; 3677 3678 splx(s); 3679 } 3680 3681 /* 3682 * Remove an address from the TCB local address list 3683 */ 3684 int 3685 sctp_del_local_addr_assoc(struct sctp_tcb *stcb, struct ifaddr *ifa) 3686 { 3687 struct sctp_inpcb *inp; 3688 struct sctp_laddr *laddr; 3689 3690 /* This is called by asconf work. It is assumed that 3691 * a) The TCB is locked 3692 * and 3693 * b) The INP is locked. 3694 * This is true in as much as I can trace through 3695 * the entry asconf code where I did these locks. 3696 * Again, the ASCONF code is a bit different in 3697 * that it does lock the INP during its work often 3698 * times. This must be since we don't want other 3699 * proc's looking up things while what they are 3700 * looking up is changing :-D 3701 */ 3702 3703 inp = stcb->sctp_ep; 3704 /* if subset bound and don't allow ASCONF's, can't delete last */ 3705 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) && 3706 ((inp->sctp_flags & SCTP_PCB_FLAGS_DO_ASCONF) == 0)) { 3707 if (stcb->asoc.numnets < 2) { 3708 /* can't delete last address */ 3709 return (-1); 3710 } 3711 } 3712 3713 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, sctp_nxt_addr) { 3714 /* remove the address if it exists */ 3715 if (laddr->ifa == NULL) 3716 continue; 3717 if (laddr->ifa == ifa) { 3718 sctp_remove_laddr(laddr); 3719 return (0); 3720 } 3721 } 3722 3723 /* address not found! */ 3724 return (-1); 3725 } 3726 3727 /* 3728 * Remove an address from the TCB local address list 3729 * lookup using a sockaddr addr 3730 */ 3731 int 3732 sctp_del_local_addr_assoc_sa(struct sctp_tcb *stcb, struct sockaddr *sa) 3733 { 3734 struct sctp_inpcb *inp; 3735 struct sctp_laddr *laddr; 3736 struct sockaddr *l_sa; 3737 3738 /* 3739 * This function I find does not seem to have a caller. 3740 * As such we NEED TO DELETE this code. If we do 3741 * find a caller, the caller MUST have locked the TCB 3742 * at the least and probably the INP as well. 3743 */ 3744 inp = stcb->sctp_ep; 3745 /* if subset bound and don't allow ASCONF's, can't delete last */ 3746 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) && 3747 ((inp->sctp_flags & SCTP_PCB_FLAGS_DO_ASCONF) == 0)) { 3748 if (stcb->asoc.numnets < 2) { 3749 /* can't delete last address */ 3750 return (-1); 3751 } 3752 } 3753 3754 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, sctp_nxt_addr) { 3755 /* make sure the address exists */ 3756 if (laddr->ifa == NULL) 3757 continue; 3758 if (laddr->ifa->ifa_addr == NULL) 3759 continue; 3760 3761 l_sa = laddr->ifa->ifa_addr; 3762 if (l_sa->sa_family == AF_INET6) { 3763 /* IPv6 address */ 3764 struct sockaddr_in6 *sin1, *sin2; 3765 sin1 = (struct sockaddr_in6 *)l_sa; 3766 sin2 = (struct sockaddr_in6 *)sa; 3767 if (memcmp(&sin1->sin6_addr, &sin2->sin6_addr, 3768 sizeof(struct in6_addr)) == 0) { 3769 /* matched */ 3770 sctp_remove_laddr(laddr); 3771 return (0); 3772 } 3773 } else if (l_sa->sa_family == AF_INET) { 3774 /* IPv4 address */ 3775 struct sockaddr_in *sin1, *sin2; 3776 sin1 = (struct sockaddr_in *)l_sa; 3777 sin2 = (struct sockaddr_in *)sa; 3778 if (sin1->sin_addr.s_addr == sin2->sin_addr.s_addr) { 3779 /* matched */ 3780 sctp_remove_laddr(laddr); 3781 return (0); 3782 } 3783 } else { 3784 /* invalid family */ 3785 return (-1); 3786 } 3787 } /* end foreach */ 3788 /* address not found! */ 3789 return (-1); 3790 } 3791 3792 static char sctp_pcb_initialized = 0; 3793 3794 #if defined(__FreeBSD__) || defined(__APPLE__) 3795 /* sysctl */ 3796 static int sctp_max_number_of_assoc = SCTP_MAX_NUM_OF_ASOC; 3797 static int sctp_scale_up_for_address = SCTP_SCALE_FOR_ADDR; 3798 3799 #endif /* FreeBSD || APPLE */ 3800 3801 #ifndef SCTP_TCBHASHSIZE 3802 #define SCTP_TCBHASHSIZE 1024 3803 #endif 3804 3805 #ifndef SCTP_CHUNKQUEUE_SCALE 3806 #define SCTP_CHUNKQUEUE_SCALE 10 3807 #endif 3808 3809 void 3810 sctp_pcb_init(void) 3811 { 3812 /* 3813 * SCTP initialization for the PCB structures 3814 * should be called by the sctp_init() funciton. 3815 */ 3816 int i; 3817 int hashtblsize = SCTP_TCBHASHSIZE; 3818 3819 #if defined(__FreeBSD__) || defined(__APPLE__) 3820 int sctp_chunkscale = SCTP_CHUNKQUEUE_SCALE; 3821 #endif 3822 3823 if (sctp_pcb_initialized != 0) { 3824 /* error I was called twice */ 3825 return; 3826 } 3827 sctp_pcb_initialized = 1; 3828 3829 /* Init all peg counts */ 3830 for (i = 0; i < SCTP_NUMBER_OF_PEGS; i++) { 3831 sctp_pegs[i] = 0; 3832 } 3833 3834 /* init the empty list of (All) Endpoints */ 3835 LIST_INIT(&sctppcbinfo.listhead); 3836 3837 /* init the iterator head */ 3838 LIST_INIT(&sctppcbinfo.iteratorhead); 3839 3840 /* init the hash table of endpoints */ 3841 #if defined(__FreeBSD__) 3842 #if defined(__FreeBSD_cc_version) && __FreeBSD_cc_version >= 440000 3843 TUNABLE_INT_FETCH("net.inet.sctp.tcbhashsize", &hashtblsize); 3844 TUNABLE_INT_FETCH("net.inet.sctp.pcbhashsize", &sctp_pcbtblsize); 3845 TUNABLE_INT_FETCH("net.inet.sctp.chunkscale", &sctp_chunkscale); 3846 #else 3847 TUNABLE_INT_FETCH("net.inet.sctp.tcbhashsize", SCTP_TCBHASHSIZE, 3848 hashtblsize); 3849 TUNABLE_INT_FETCH("net.inet.sctp.pcbhashsize", SCTP_PCBHASHSIZE, 3850 sctp_pcbtblsize); 3851 TUNABLE_INT_FETCH("net.inet.sctp.chunkscale", SCTP_CHUNKQUEUE_SCALE, 3852 sctp_chunkscale); 3853 #endif 3854 #endif 3855 3856 sctppcbinfo.sctp_asochash = hashinit((hashtblsize * 31), HASH_LIST, 3857 M_WAITOK, &sctppcbinfo.hashasocmark); 3858 3859 sctppcbinfo.sctp_ephash = hashinit(hashtblsize, HASH_LIST, 3860 M_WAITOK, &sctppcbinfo.hashmark); 3861 3862 sctppcbinfo.sctp_tcpephash = hashinit(hashtblsize, HASH_LIST, 3863 M_WAITOK, &sctppcbinfo.hashtcpmark); 3864 3865 sctppcbinfo.hashtblsize = hashtblsize; 3866 3867 /* init the zones */ 3868 /* 3869 * FIX ME: Should check for NULL returns, but if it does fail we 3870 * are doomed to panic anyways... add later maybe. 3871 */ 3872 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_ep, "sctp_ep", 3873 sizeof(struct sctp_inpcb), maxsockets); 3874 3875 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_asoc, "sctp_asoc", 3876 sizeof(struct sctp_tcb), sctp_max_number_of_assoc); 3877 3878 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_laddr, "sctp_laddr", 3879 sizeof(struct sctp_laddr), 3880 (sctp_max_number_of_assoc * sctp_scale_up_for_address)); 3881 3882 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_net, "sctp_raddr", 3883 sizeof(struct sctp_nets), 3884 (sctp_max_number_of_assoc * sctp_scale_up_for_address)); 3885 3886 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_chunk, "sctp_chunk", 3887 sizeof(struct sctp_tmit_chunk), 3888 (sctp_max_number_of_assoc * sctp_scale_up_for_address * 3889 sctp_chunkscale)); 3890 3891 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_sockq, "sctp_sockq", 3892 sizeof(struct sctp_socket_q_list), 3893 (sctp_max_number_of_assoc * sctp_scale_up_for_address * 3894 sctp_chunkscale)); 3895 3896 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_hash, "sctp_hash", 3897 sizeof(void *) * sctp_pcbtblsize, maxsockets); 3898 3899 /* Master Lock INIT for info structure */ 3900 SCTP_INP_INFO_LOCK_INIT(); 3901 SCTP_ITERATOR_LOCK_INIT(); 3902 /* not sure if we need all the counts */ 3903 sctppcbinfo.ipi_count_ep = 0; 3904 sctppcbinfo.ipi_gencnt_ep = 0; 3905 /* assoc/tcb zone info */ 3906 sctppcbinfo.ipi_count_asoc = 0; 3907 sctppcbinfo.ipi_gencnt_asoc = 0; 3908 /* local addrlist zone info */ 3909 sctppcbinfo.ipi_count_laddr = 0; 3910 sctppcbinfo.ipi_gencnt_laddr = 0; 3911 /* remote addrlist zone info */ 3912 sctppcbinfo.ipi_count_raddr = 0; 3913 sctppcbinfo.ipi_gencnt_raddr = 0; 3914 /* chunk info */ 3915 sctppcbinfo.ipi_count_chunk = 0; 3916 sctppcbinfo.ipi_gencnt_chunk = 0; 3917 3918 /* socket queue zone info */ 3919 sctppcbinfo.ipi_count_sockq = 0; 3920 sctppcbinfo.ipi_gencnt_sockq = 0; 3921 3922 /* mbuf tracker */ 3923 sctppcbinfo.mbuf_track = 0; 3924 /* port stuff */ 3925 sctppcbinfo.lastlow = anonportmin; 3926 3927 /* Init the TIMEWAIT list */ 3928 for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) { 3929 LIST_INIT(&sctppcbinfo.vtag_timewait[i]); 3930 } 3931 3932 #if defined(_SCTP_NEEDS_CALLOUT_) && !defined(__APPLE__) 3933 TAILQ_INIT(&sctppcbinfo.callqueue); 3934 #endif 3935 3936 } 3937 3938 int 3939 sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m, 3940 int iphlen, int offset, int limit, struct sctphdr *sh, 3941 struct sockaddr *altsa) 3942 { 3943 /* 3944 * grub through the INIT pulling addresses and 3945 * loading them to the nets structure in the asoc. 3946 * The from address in the mbuf should also be loaded 3947 * (if it is not already). This routine can be called 3948 * with either INIT or INIT-ACK's as long as the 3949 * m points to the IP packet and the offset points 3950 * to the beginning of the parameters. 3951 */ 3952 struct sctp_inpcb *inp, *l_inp; 3953 struct sctp_nets *net, *net_tmp; 3954 struct ip *iph; 3955 struct sctp_paramhdr *phdr, parm_buf; 3956 struct sctp_tcb *stcb_tmp; 3957 u_int16_t ptype, plen; 3958 struct sockaddr *sa; 3959 struct sockaddr_storage dest_store; 3960 struct sockaddr *local_sa = (struct sockaddr *)&dest_store; 3961 struct sockaddr_in sin; 3962 struct sockaddr_in6 sin6; 3963 3964 /* First get the destination address setup too. */ 3965 memset(&sin, 0, sizeof(sin)); 3966 memset(&sin6, 0, sizeof(sin6)); 3967 3968 sin.sin_family = AF_INET; 3969 sin.sin_len = sizeof(sin); 3970 sin.sin_port = stcb->rport; 3971 3972 sin6.sin6_family = AF_INET6; 3973 sin6.sin6_len = sizeof(struct sockaddr_in6); 3974 sin6.sin6_port = stcb->rport; 3975 if (altsa == NULL) { 3976 iph = mtod(m, struct ip *); 3977 if (iph->ip_v == IPVERSION) { 3978 /* its IPv4 */ 3979 struct sockaddr_in *sin_2; 3980 sin_2 = (struct sockaddr_in *)(local_sa); 3981 memset(sin_2, 0, sizeof(sin)); 3982 sin_2->sin_family = AF_INET; 3983 sin_2->sin_len = sizeof(sin); 3984 sin_2->sin_port = sh->dest_port; 3985 sin_2->sin_addr.s_addr = iph->ip_dst.s_addr ; 3986 sin.sin_addr = iph->ip_src; 3987 sa = (struct sockaddr *)&sin; 3988 } else if (iph->ip_v == (IPV6_VERSION >> 4)) { 3989 /* its IPv6 */ 3990 struct ip6_hdr *ip6; 3991 struct sockaddr_in6 *sin6_2; 3992 3993 ip6 = mtod(m, struct ip6_hdr *); 3994 sin6_2 = (struct sockaddr_in6 *)(local_sa); 3995 memset(sin6_2, 0, sizeof(sin6)); 3996 sin6_2->sin6_family = AF_INET6; 3997 sin6_2->sin6_len = sizeof(struct sockaddr_in6); 3998 sin6_2->sin6_port = sh->dest_port; 3999 sin6.sin6_addr = ip6->ip6_src; 4000 sa = (struct sockaddr *)&sin6; 4001 } else { 4002 sa = NULL; 4003 } 4004 } else { 4005 /* 4006 * For cookies we use the src address NOT from the packet 4007 * but from the original INIT 4008 */ 4009 sa = altsa; 4010 } 4011 /* Turn off ECN until we get through all params */ 4012 stcb->asoc.ecn_allowed = 0; 4013 4014 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 4015 /* mark all addresses that we have currently on the list */ 4016 net->dest_state |= SCTP_ADDR_NOT_IN_ASSOC; 4017 } 4018 /* does the source address already exist? if so skip it */ 4019 l_inp = inp = stcb->sctp_ep; 4020 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net_tmp, local_sa, stcb); 4021 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) || inp == NULL) { 4022 /* we must add the source address */ 4023 /* no scope set here since we have a tcb already. */ 4024 if ((sa->sa_family == AF_INET) && 4025 (stcb->asoc.ipv4_addr_legal)) { 4026 if (sctp_add_remote_addr(stcb, sa, 0, 2)) { 4027 return (-1); 4028 } 4029 } else if ((sa->sa_family == AF_INET6) && 4030 (stcb->asoc.ipv6_addr_legal)) { 4031 if (sctp_add_remote_addr(stcb, sa, 0, 3)) { 4032 return (-1); 4033 } 4034 } 4035 } else { 4036 if (net_tmp != NULL && stcb_tmp == stcb) { 4037 net_tmp->dest_state &= ~SCTP_ADDR_NOT_IN_ASSOC; 4038 } else if (stcb_tmp != stcb) { 4039 /* It belongs to another association? */ 4040 return (-1); 4041 } 4042 } 4043 /* since a unlock occured we must check the 4044 * TCB's state and the pcb's gone flags. 4045 */ 4046 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 4047 /* the user freed the ep */ 4048 return (-1); 4049 } 4050 if (stcb->asoc.state == 0) { 4051 /* the assoc was freed? */ 4052 return (-1); 4053 } 4054 4055 /* now we must go through each of the params. */ 4056 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf)); 4057 while (phdr) { 4058 ptype = ntohs(phdr->param_type); 4059 plen = ntohs(phdr->param_length); 4060 /*printf("ptype => %d, plen => %d\n", ptype, plen);*/ 4061 if (offset + plen > limit) { 4062 break; 4063 } 4064 if (plen == 0) { 4065 break; 4066 } 4067 if ((ptype == SCTP_IPV4_ADDRESS) && 4068 (stcb->asoc.ipv4_addr_legal)) { 4069 struct sctp_ipv4addr_param *p4, p4_buf; 4070 /* ok get the v4 address and check/add */ 4071 phdr = sctp_get_next_param(m, offset, 4072 (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf)); 4073 if (plen != sizeof(struct sctp_ipv4addr_param) || 4074 phdr == NULL) { 4075 return (-1); 4076 } 4077 p4 = (struct sctp_ipv4addr_param *)phdr; 4078 sin.sin_addr.s_addr = p4->addr; 4079 sa = (struct sockaddr *)&sin; 4080 inp = stcb->sctp_ep; 4081 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net, 4082 local_sa, stcb); 4083 4084 if ((stcb_tmp== NULL && inp == stcb->sctp_ep) || 4085 inp == NULL) { 4086 /* we must add the source address */ 4087 /* no scope set since we have a tcb already */ 4088 4089 /* we must validate the state again here */ 4090 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 4091 /* the user freed the ep */ 4092 return (-1); 4093 } 4094 if (stcb->asoc.state == 0) { 4095 /* the assoc was freed? */ 4096 return (-1); 4097 } 4098 if (sctp_add_remote_addr(stcb, sa, 0, 4)) { 4099 return (-1); 4100 } 4101 } else if (stcb_tmp == stcb) { 4102 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 4103 /* the user freed the ep */ 4104 return (-1); 4105 } 4106 if (stcb->asoc.state == 0) { 4107 /* the assoc was freed? */ 4108 return (-1); 4109 } 4110 if (net != NULL) { 4111 /* clear flag */ 4112 net->dest_state &= 4113 ~SCTP_ADDR_NOT_IN_ASSOC; 4114 } 4115 } else { 4116 /* strange, address is in another assoc? 4117 * straighten out locks. 4118 */ 4119 SCTP_TCB_UNLOCK(stcb_tmp); 4120 SCTP_INP_RLOCK(inp); 4121 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 4122 /* the user freed the ep */ 4123 SCTP_INP_RUNLOCK(l_inp); 4124 return (-1); 4125 } 4126 if (stcb->asoc.state == 0) { 4127 /* the assoc was freed? */ 4128 SCTP_INP_RUNLOCK(l_inp); 4129 return (-1); 4130 } 4131 SCTP_TCB_LOCK(stcb); 4132 SCTP_INP_RUNLOCK(stcb->sctp_ep); 4133 return (-1); 4134 } 4135 } else if ((ptype == SCTP_IPV6_ADDRESS) && 4136 (stcb->asoc.ipv6_addr_legal)) { 4137 /* ok get the v6 address and check/add */ 4138 struct sctp_ipv6addr_param *p6, p6_buf; 4139 phdr = sctp_get_next_param(m, offset, 4140 (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf)); 4141 if (plen != sizeof(struct sctp_ipv6addr_param) || 4142 phdr == NULL) { 4143 return (-1); 4144 } 4145 p6 = (struct sctp_ipv6addr_param *)phdr; 4146 memcpy((void *)&sin6.sin6_addr, p6->addr, 4147 sizeof(p6->addr)); 4148 sa = (struct sockaddr *)&sin6; 4149 inp = stcb->sctp_ep; 4150 stcb_tmp= sctp_findassociation_ep_addr(&inp, sa, &net, 4151 local_sa, stcb); 4152 if (stcb_tmp == NULL && (inp == stcb->sctp_ep || 4153 inp == NULL)) { 4154 /* we must validate the state again here */ 4155 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 4156 /* the user freed the ep */ 4157 return (-1); 4158 } 4159 if (stcb->asoc.state == 0) { 4160 /* the assoc was freed? */ 4161 return (-1); 4162 } 4163 /* we must add the address, no scope set */ 4164 if (sctp_add_remote_addr(stcb, sa, 0, 5)) { 4165 return (-1); 4166 } 4167 } else if (stcb_tmp == stcb) { 4168 /* we must validate the state again here */ 4169 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 4170 /* the user freed the ep */ 4171 return (-1); 4172 } 4173 if (stcb->asoc.state == 0) { 4174 /* the assoc was freed? */ 4175 return (-1); 4176 } 4177 if (net != NULL) { 4178 /* clear flag */ 4179 net->dest_state &= 4180 ~SCTP_ADDR_NOT_IN_ASSOC; 4181 } 4182 } else { 4183 /* strange, address is in another assoc? 4184 * straighten out locks. 4185 */ 4186 SCTP_TCB_UNLOCK(stcb_tmp); 4187 SCTP_INP_RLOCK(l_inp); 4188 /* we must validate the state again here */ 4189 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 4190 /* the user freed the ep */ 4191 SCTP_INP_RUNLOCK(l_inp); 4192 return (-1); 4193 } 4194 if (stcb->asoc.state == 0) { 4195 /* the assoc was freed? */ 4196 SCTP_INP_RUNLOCK(l_inp); 4197 return (-1); 4198 } 4199 SCTP_TCB_LOCK(stcb); 4200 SCTP_INP_RUNLOCK(l_inp); 4201 return (-1); 4202 } 4203 } else if (ptype == SCTP_ECN_CAPABLE) { 4204 stcb->asoc.ecn_allowed = 1; 4205 } else if (ptype == SCTP_ULP_ADAPTION) { 4206 if (stcb->asoc.state != SCTP_STATE_OPEN) { 4207 struct sctp_adaption_layer_indication ai, *aip; 4208 4209 phdr = sctp_get_next_param(m, offset, 4210 (struct sctp_paramhdr *)&ai, sizeof(ai)); 4211 aip = (struct sctp_adaption_layer_indication *)phdr; 4212 sctp_ulp_notify(SCTP_NOTIFY_ADAPTION_INDICATION, 4213 stcb, ntohl(aip->indication), NULL); 4214 } 4215 } else if (ptype == SCTP_SET_PRIM_ADDR) { 4216 struct sctp_asconf_addr_param lstore, *fee; 4217 struct sctp_asconf_addrv4_param *fii; 4218 int lptype; 4219 struct sockaddr *lsa = NULL; 4220 4221 stcb->asoc.peer_supports_asconf = 1; 4222 stcb->asoc.peer_supports_asconf_setprim = 1; 4223 if (plen > sizeof(lstore)) { 4224 return (-1); 4225 } 4226 phdr = sctp_get_next_param(m, offset, 4227 (struct sctp_paramhdr *)&lstore, plen); 4228 if (phdr == NULL) { 4229 return (-1); 4230 } 4231 4232 fee = (struct sctp_asconf_addr_param *)phdr; 4233 lptype = ntohs(fee->addrp.ph.param_type); 4234 if (lptype == SCTP_IPV4_ADDRESS) { 4235 if (plen != 4236 sizeof(struct sctp_asconf_addrv4_param)) { 4237 printf("Sizeof setprim in init/init ack not %d but %d - ignored\n", 4238 (int)sizeof(struct sctp_asconf_addrv4_param), 4239 plen); 4240 } else { 4241 fii = (struct sctp_asconf_addrv4_param *)fee; 4242 sin.sin_addr.s_addr = fii->addrp.addr; 4243 lsa = (struct sockaddr *)&sin; 4244 } 4245 } else if (lptype == SCTP_IPV6_ADDRESS) { 4246 if (plen != 4247 sizeof(struct sctp_asconf_addr_param)) { 4248 printf("Sizeof setprim (v6) in init/init ack not %d but %d - ignored\n", 4249 (int)sizeof(struct sctp_asconf_addr_param), 4250 plen); 4251 } else { 4252 memcpy(sin6.sin6_addr.s6_addr, 4253 fee->addrp.addr, 4254 sizeof(fee->addrp.addr)); 4255 lsa = (struct sockaddr *)&sin6; 4256 } 4257 } 4258 if (lsa) { 4259 sctp_set_primary_addr(stcb, sa, NULL); 4260 } 4261 4262 } else if (ptype == SCTP_PRSCTP_SUPPORTED) { 4263 /* Peer supports pr-sctp */ 4264 stcb->asoc.peer_supports_prsctp = 1; 4265 } else if (ptype == SCTP_SUPPORTED_CHUNK_EXT) { 4266 /* A supported extension chunk */ 4267 struct sctp_supported_chunk_types_param *pr_supported; 4268 uint8_t local_store[128]; 4269 int num_ent, i; 4270 4271 phdr = sctp_get_next_param(m, offset, 4272 (struct sctp_paramhdr *)&local_store, plen); 4273 if (phdr == NULL) { 4274 return (-1); 4275 } 4276 stcb->asoc.peer_supports_asconf = 0; 4277 stcb->asoc.peer_supports_asconf_setprim = 0; 4278 stcb->asoc.peer_supports_prsctp = 0; 4279 stcb->asoc.peer_supports_pktdrop = 0; 4280 stcb->asoc.peer_supports_strreset = 0; 4281 pr_supported = (struct sctp_supported_chunk_types_param *)phdr; 4282 num_ent = plen - sizeof(struct sctp_paramhdr); 4283 for (i=0; i<num_ent; i++) { 4284 switch (pr_supported->chunk_types[i]) { 4285 case SCTP_ASCONF: 4286 stcb->asoc.peer_supports_asconf = 1; 4287 stcb->asoc.peer_supports_asconf_setprim = 1; 4288 break; 4289 case SCTP_ASCONF_ACK: 4290 stcb->asoc.peer_supports_asconf = 1; 4291 stcb->asoc.peer_supports_asconf_setprim = 1; 4292 break; 4293 case SCTP_FORWARD_CUM_TSN: 4294 stcb->asoc.peer_supports_prsctp = 1; 4295 break; 4296 case SCTP_PACKET_DROPPED: 4297 stcb->asoc.peer_supports_pktdrop = 1; 4298 break; 4299 case SCTP_STREAM_RESET: 4300 stcb->asoc.peer_supports_strreset = 1; 4301 break; 4302 default: 4303 /* one I have not learned yet */ 4304 break; 4305 4306 } 4307 } 4308 } else if (ptype == SCTP_ECN_NONCE_SUPPORTED) { 4309 /* Peer supports ECN-nonce */ 4310 stcb->asoc.peer_supports_ecn_nonce = 1; 4311 stcb->asoc.ecn_nonce_allowed = 1; 4312 } else if ((ptype == SCTP_HEARTBEAT_INFO) || 4313 (ptype == SCTP_STATE_COOKIE) || 4314 (ptype == SCTP_UNRECOG_PARAM) || 4315 (ptype == SCTP_COOKIE_PRESERVE) || 4316 (ptype == SCTP_SUPPORTED_ADDRTYPE) || 4317 (ptype == SCTP_ADD_IP_ADDRESS) || 4318 (ptype == SCTP_DEL_IP_ADDRESS) || 4319 (ptype == SCTP_ERROR_CAUSE_IND) || 4320 (ptype == SCTP_SUCCESS_REPORT)) { 4321 /* don't care */; 4322 } else { 4323 if ((ptype & 0x8000) == 0x0000) { 4324 /* must stop processing the rest of 4325 * the param's. Any report bits were 4326 * handled with the call to sctp_arethere_unrecognized_parameters() 4327 * when the INIT or INIT-ACK was first seen. 4328 */ 4329 break; 4330 } 4331 } 4332 offset += SCTP_SIZE32(plen); 4333 if (offset >= limit) { 4334 break; 4335 } 4336 phdr = sctp_get_next_param(m, offset, &parm_buf, 4337 sizeof(parm_buf)); 4338 } 4339 /* Now check to see if we need to purge any addresses */ 4340 for (net = TAILQ_FIRST(&stcb->asoc.nets); net != NULL; net = net_tmp) { 4341 net_tmp = TAILQ_NEXT(net, sctp_next); 4342 if ((net->dest_state & SCTP_ADDR_NOT_IN_ASSOC) == 4343 SCTP_ADDR_NOT_IN_ASSOC) { 4344 /* This address has been removed from the asoc */ 4345 /* remove and free it */ 4346 stcb->asoc.numnets--; 4347 TAILQ_REMOVE(&stcb->asoc.nets, net, sctp_next); 4348 sctp_free_remote_addr(net); 4349 if (net == stcb->asoc.primary_destination) { 4350 stcb->asoc.primary_destination = NULL; 4351 sctp_select_primary_destination(stcb); 4352 } 4353 } 4354 } 4355 return (0); 4356 } 4357 4358 int 4359 sctp_set_primary_addr(struct sctp_tcb *stcb, struct sockaddr *sa, 4360 struct sctp_nets *net) 4361 { 4362 /* make sure the requested primary address exists in the assoc */ 4363 if (net == NULL && sa) 4364 net = sctp_findnet(stcb, sa); 4365 4366 if (net == NULL) { 4367 /* didn't find the requested primary address! */ 4368 return (-1); 4369 } else { 4370 /* set the primary address */ 4371 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 4372 /* Must be confirmed */ 4373 return (-1); 4374 } 4375 stcb->asoc.primary_destination = net; 4376 net->dest_state &= ~SCTP_ADDR_WAS_PRIMARY; 4377 return (0); 4378 } 4379 } 4380 4381 4382 int 4383 sctp_is_vtag_good(struct sctp_inpcb *inp, u_int32_t tag, struct timeval *now) 4384 { 4385 /* 4386 * This function serves two purposes. It will see if a TAG can be 4387 * re-used and return 1 for yes it is ok and 0 for don't use that 4388 * tag. 4389 * A secondary function it will do is purge out old tags that can 4390 * be removed. 4391 */ 4392 struct sctpasochead *head; 4393 struct sctpvtaghead *chain; 4394 struct sctp_tagblock *twait_block; 4395 struct sctp_tcb *stcb; 4396 4397 int i; 4398 SCTP_INP_INFO_WLOCK(); 4399 chain = &sctppcbinfo.vtag_timewait[(tag % SCTP_STACK_VTAG_HASH_SIZE)]; 4400 /* First is the vtag in use ? */ 4401 4402 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(tag, 4403 sctppcbinfo.hashasocmark)]; 4404 if (head == NULL) { 4405 SCTP_INP_INFO_WUNLOCK(); 4406 return (0); 4407 } 4408 LIST_FOREACH(stcb, head, sctp_asocs) { 4409 if (stcb->asoc.my_vtag == tag) { 4410 /* We should remove this if and 4411 * return 0 always if we want vtags 4412 * unique across all endpoints. For 4413 * now within a endpoint is ok. 4414 */ 4415 if (inp == stcb->sctp_ep) { 4416 /* bad tag, in use */ 4417 SCTP_INP_INFO_WUNLOCK(); 4418 return (0); 4419 } 4420 } 4421 } 4422 if (!LIST_EMPTY(chain)) { 4423 /* 4424 * Block(s) are present, lets see if we have this tag in 4425 * the list 4426 */ 4427 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) { 4428 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) { 4429 if (twait_block->vtag_block[i].v_tag == 0) { 4430 /* not used */ 4431 continue; 4432 } else if ((long)twait_block->vtag_block[i].tv_sec_at_expire > 4433 now->tv_sec) { 4434 /* Audit expires this guy */ 4435 twait_block->vtag_block[i].tv_sec_at_expire = 0; 4436 twait_block->vtag_block[i].v_tag = 0; 4437 } else if (twait_block->vtag_block[i].v_tag == 4438 tag) { 4439 /* Bad tag, sorry :< */ 4440 SCTP_INP_INFO_WUNLOCK(); 4441 return (0); 4442 } 4443 } 4444 } 4445 } 4446 /* Not found, ok to use the tag */ 4447 SCTP_INP_INFO_WUNLOCK(); 4448 return (1); 4449 } 4450 4451 4452 /* 4453 * Delete the address from the endpoint local address list 4454 * Lookup using a sockaddr address (ie. not an ifaddr) 4455 */ 4456 int 4457 sctp_del_local_addr_ep_sa(struct sctp_inpcb *inp, struct sockaddr *sa) 4458 { 4459 struct sctp_laddr *laddr; 4460 struct sockaddr *l_sa; 4461 int found = 0; 4462 /* Here is another function I cannot find a 4463 * caller for. As such we SHOULD delete it 4464 * if we have no users. If we find a user that 4465 * user MUST have the INP locked. 4466 * 4467 */ 4468 4469 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 4470 /* You are already bound to all. You have it already */ 4471 return (EINVAL); 4472 } 4473 4474 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 4475 /* make sure the address exists */ 4476 if (laddr->ifa == NULL) 4477 continue; 4478 if (laddr->ifa->ifa_addr == NULL) 4479 continue; 4480 4481 l_sa = laddr->ifa->ifa_addr; 4482 if (l_sa->sa_family == AF_INET6) { 4483 /* IPv6 address */ 4484 struct sockaddr_in6 *sin1, *sin2; 4485 sin1 = (struct sockaddr_in6 *)l_sa; 4486 sin2 = (struct sockaddr_in6 *)sa; 4487 if (memcmp(&sin1->sin6_addr, &sin2->sin6_addr, 4488 sizeof(struct in6_addr)) == 0) { 4489 /* matched */ 4490 found = 1; 4491 break; 4492 } 4493 } else if (l_sa->sa_family == AF_INET) { 4494 /* IPv4 address */ 4495 struct sockaddr_in *sin1, *sin2; 4496 sin1 = (struct sockaddr_in *)l_sa; 4497 sin2 = (struct sockaddr_in *)sa; 4498 if (sin1->sin_addr.s_addr == sin2->sin_addr.s_addr) { 4499 /* matched */ 4500 found = 1; 4501 break; 4502 } 4503 } else { 4504 /* invalid family */ 4505 return (-1); 4506 } 4507 } 4508 4509 if (found && inp->laddr_count < 2) { 4510 /* can't delete unless there are at LEAST 2 addresses */ 4511 return (-1); 4512 } 4513 4514 if (found && (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) { 4515 /* 4516 * remove it from the ep list, this should NOT be 4517 * done until its really gone from the interface list and 4518 * we won't be receiving more of these. Probably right 4519 * away. If we do allow a removal of an address from 4520 * an association (sub-set bind) than this should NOT 4521 * be called until the all ASCONF come back from this 4522 * association. 4523 */ 4524 sctp_remove_laddr(laddr); 4525 return (0); 4526 } else { 4527 return (-1); 4528 } 4529 } 4530 4531 static void 4532 sctp_drain_mbufs(struct sctp_inpcb *inp, struct sctp_tcb *stcb) 4533 { 4534 /* 4535 * We must hunt this association for MBUF's past the cumack 4536 * (i.e. out of order data that we can renege on). 4537 */ 4538 struct sctp_association *asoc; 4539 struct sctp_tmit_chunk *chk, *nchk; 4540 u_int32_t cumulative_tsn_p1, tsn; 4541 int cnt, strmat, gap; 4542 /* We look for anything larger than the cum-ack + 1 */ 4543 4544 asoc = &stcb->asoc; 4545 cumulative_tsn_p1 = asoc->cumulative_tsn + 1; 4546 cnt = 0; 4547 /* First look in the re-assembly queue */ 4548 chk = TAILQ_FIRST(&asoc->reasmqueue); 4549 while (chk) { 4550 /* Get the next one */ 4551 nchk = TAILQ_NEXT(chk, sctp_next); 4552 if (compare_with_wrap(chk->rec.data.TSN_seq, 4553 cumulative_tsn_p1, MAX_TSN)) { 4554 /* Yep it is above cum-ack */ 4555 cnt++; 4556 tsn = chk->rec.data.TSN_seq; 4557 if (tsn >= asoc->mapping_array_base_tsn) { 4558 gap = tsn - asoc->mapping_array_base_tsn; 4559 } else { 4560 gap = (MAX_TSN - asoc->mapping_array_base_tsn) + 4561 tsn + 1; 4562 } 4563 asoc->size_on_reasm_queue -= chk->send_size; 4564 asoc->cnt_on_reasm_queue--; 4565 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); 4566 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next); 4567 if (chk->data) { 4568 sctp_m_freem(chk->data); 4569 chk->data = NULL; 4570 } 4571 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 4572 sctppcbinfo.ipi_count_chunk--; 4573 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 4574 panic("Chunk count is negative"); 4575 } 4576 sctppcbinfo.ipi_gencnt_chunk++; 4577 } 4578 chk = nchk; 4579 } 4580 /* Ok that was fun, now we will drain all the inbound streams? */ 4581 for (strmat = 0; strmat < asoc->streamincnt; strmat++) { 4582 chk = TAILQ_FIRST(&asoc->strmin[strmat].inqueue); 4583 while (chk) { 4584 nchk = TAILQ_NEXT(chk, sctp_next); 4585 if (compare_with_wrap(chk->rec.data.TSN_seq, 4586 cumulative_tsn_p1, MAX_TSN)) { 4587 /* Yep it is above cum-ack */ 4588 cnt++; 4589 tsn = chk->rec.data.TSN_seq; 4590 if (tsn >= asoc->mapping_array_base_tsn) { 4591 gap = tsn - 4592 asoc->mapping_array_base_tsn; 4593 } else { 4594 gap = (MAX_TSN - 4595 asoc->mapping_array_base_tsn) + 4596 tsn + 1; 4597 } 4598 asoc->size_on_all_streams -= chk->send_size; 4599 asoc->cnt_on_all_streams--; 4600 4601 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, 4602 gap); 4603 TAILQ_REMOVE(&asoc->strmin[strmat].inqueue, 4604 chk, sctp_next); 4605 if (chk->data) { 4606 sctp_m_freem(chk->data); 4607 chk->data = NULL; 4608 } 4609 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk); 4610 sctppcbinfo.ipi_count_chunk--; 4611 if ((int)sctppcbinfo.ipi_count_chunk < 0) { 4612 panic("Chunk count is negative"); 4613 } 4614 sctppcbinfo.ipi_gencnt_chunk++; 4615 } 4616 chk = nchk; 4617 } 4618 } 4619 /* 4620 * Question, should we go through the delivery queue? 4621 * The only reason things are on here is the app not reading OR a 4622 * p-d-api up. An attacker COULD send enough in to initiate the 4623 * PD-API and then send a bunch of stuff to other streams... these 4624 * would wind up on the delivery queue.. and then we would not get 4625 * to them. But in order to do this I then have to back-track and 4626 * un-deliver sequence numbers in streams.. el-yucko. I think for 4627 * now we will NOT look at the delivery queue and leave it to be 4628 * something to consider later. An alternative would be to abort 4629 * the P-D-API with a notification and then deliver the data.... 4630 * Or another method might be to keep track of how many times the 4631 * situation occurs and if we see a possible attack underway just 4632 * abort the association. 4633 */ 4634 #ifdef SCTP_DEBUG 4635 if (sctp_debug_on & SCTP_DEBUG_PCB1) { 4636 if (cnt) { 4637 printf("Freed %d chunks from reneg harvest\n", cnt); 4638 } 4639 } 4640 #endif /* SCTP_DEBUG */ 4641 4642 /* 4643 * Another issue, in un-setting the TSN's in the mapping array we 4644 * DID NOT adjust the higest_tsn marker. This will cause one of 4645 * two things to occur. It may cause us to do extra work in checking 4646 * for our mapping array movement. More importantly it may cause us 4647 * to SACK every datagram. This may not be a bad thing though since 4648 * we will recover once we get our cum-ack above and all this stuff 4649 * we dumped recovered. 4650 */ 4651 } 4652 4653 void 4654 sctp_drain(void) 4655 { 4656 /* 4657 * We must walk the PCB lists for ALL associations here. The system 4658 * is LOW on MBUF's and needs help. This is where reneging will 4659 * occur. We really hope this does NOT happen! 4660 */ 4661 struct sctp_inpcb *inp; 4662 struct sctp_tcb *stcb; 4663 4664 SCTP_INP_INFO_RLOCK(); 4665 LIST_FOREACH(inp, &sctppcbinfo.listhead, sctp_list) { 4666 /* For each endpoint */ 4667 SCTP_INP_RLOCK(inp); 4668 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 4669 /* For each association */ 4670 SCTP_TCB_LOCK(stcb); 4671 sctp_drain_mbufs(inp, stcb); 4672 SCTP_TCB_UNLOCK(stcb); 4673 } 4674 SCTP_INP_RUNLOCK(inp); 4675 } 4676 SCTP_INP_INFO_RUNLOCK(); 4677 } 4678 4679 int 4680 sctp_add_to_socket_q(struct sctp_inpcb *inp, struct sctp_tcb *stcb) 4681 { 4682 struct sctp_socket_q_list *sq; 4683 4684 /* write lock on INP assumed */ 4685 if ((inp == NULL) || (stcb == NULL)) { 4686 /* I am paranoid */ 4687 return (0); 4688 } 4689 sq = (struct sctp_socket_q_list *)SCTP_ZONE_GET( 4690 sctppcbinfo.ipi_zone_sockq); 4691 if (sq == NULL) { 4692 /* out of sq structs */ 4693 return (0); 4694 } 4695 sctppcbinfo.ipi_count_sockq++; 4696 sctppcbinfo.ipi_gencnt_sockq++; 4697 if (stcb) 4698 stcb->asoc.cnt_msg_on_sb++; 4699 sq->tcb = stcb; 4700 TAILQ_INSERT_TAIL(&inp->sctp_queue_list, sq, next_sq); 4701 return (1); 4702 } 4703 4704 4705 struct sctp_tcb * 4706 sctp_remove_from_socket_q(struct sctp_inpcb *inp) 4707 { 4708 struct sctp_tcb *stcb = NULL; 4709 struct sctp_socket_q_list *sq; 4710 4711 /* W-Lock on INP assumed held */ 4712 sq = TAILQ_FIRST(&inp->sctp_queue_list); 4713 if (sq == NULL) 4714 return (NULL); 4715 4716 stcb = sq->tcb; 4717 TAILQ_REMOVE(&inp->sctp_queue_list, sq, next_sq); 4718 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_sockq, sq); 4719 sctppcbinfo.ipi_count_sockq--; 4720 sctppcbinfo.ipi_gencnt_sockq++; 4721 if (stcb) { 4722 stcb->asoc.cnt_msg_on_sb--; 4723 } 4724 return (stcb); 4725 } 4726 4727 int 4728 sctp_initiate_iterator(asoc_func af, uint32_t pcb_state, uint32_t asoc_state, 4729 void *argp, uint32_t argi, end_func ef, 4730 struct sctp_inpcb *s_inp) 4731 { 4732 struct sctp_iterator *it=NULL; 4733 int s; 4734 if (af == NULL) { 4735 return (-1); 4736 } 4737 it = malloc(sizeof(struct sctp_iterator), M_PCB, M_WAITOK); 4738 if (it == NULL) { 4739 return (ENOMEM); 4740 } 4741 memset(it, 0, sizeof(*it)); 4742 it->function_toapply = af; 4743 it->function_atend = ef; 4744 it->pointer = argp; 4745 it->val = argi; 4746 it->pcb_flags = pcb_state; 4747 it->asoc_state = asoc_state; 4748 if (s_inp) { 4749 it->inp = s_inp; 4750 it->iterator_flags = SCTP_ITERATOR_DO_SINGLE_INP; 4751 } else { 4752 SCTP_INP_INFO_RLOCK(); 4753 it->inp = LIST_FIRST(&sctppcbinfo.listhead); 4754 SCTP_INP_INFO_RUNLOCK(); 4755 it->iterator_flags = SCTP_ITERATOR_DO_ALL_INP; 4756 4757 } 4758 /* Init the timer */ 4759 callout_init(&it->tmr.timer, 0); 4760 /* add to the list of all iterators */ 4761 SCTP_INP_INFO_WLOCK(); 4762 LIST_INSERT_HEAD(&sctppcbinfo.iteratorhead, it, sctp_nxt_itr); 4763 SCTP_INP_INFO_WUNLOCK(); 4764 s = splsoftnet(); 4765 sctp_iterator_timer(it); 4766 splx(s); 4767 return (0); 4768 } 4769 4770 4771