1 /*- 2 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved. 3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved. 4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * a) Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * 12 * b) Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the distribution. 15 * 16 * c) Neither the name of Cisco Systems, Inc. nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 30 * THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #ifdef __FreeBSD__ 34 #include <sys/cdefs.h> 35 __FBSDID("$FreeBSD: head/sys/netinet/sctp_pcb.c 265455 2014-05-06 16:51:07Z tuexen $"); 36 #endif 37 38 #include <netinet/sctp_os.h> 39 #ifdef __FreeBSD__ 40 #include <sys/proc.h> 41 #endif 42 #include <netinet/sctp_var.h> 43 #include <netinet/sctp_sysctl.h> 44 #include <netinet/sctp_pcb.h> 45 #include <netinet/sctputil.h> 46 #include <netinet/sctp.h> 47 #include <netinet/sctp_header.h> 48 #include <netinet/sctp_asconf.h> 49 #include <netinet/sctp_output.h> 50 #include <netinet/sctp_timer.h> 51 #include <netinet/sctp_bsd_addr.h> 52 #if defined(__FreeBSD__) && __FreeBSD_version >= 803000 53 #include <netinet/sctp_dtrace_define.h> 54 #endif 55 #if !defined(__Userspace_os_Windows) 56 #include <netinet/udp.h> 57 #endif 58 #ifdef INET6 59 #if defined(__Userspace__) 60 #include "user_ip6_var.h" 61 #else 62 #include <netinet6/ip6_var.h> 63 #endif 64 #endif 65 #if defined(__FreeBSD__) 66 #include <sys/sched.h> 67 #include <sys/smp.h> 68 #include <sys/unistd.h> 69 #endif 70 #if defined(__Userspace__) 71 #include <user_socketvar.h> 72 #endif 73 74 #if defined(__APPLE__) 75 #define APPLE_FILE_NO 4 76 #endif 77 78 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000 79 VNET_DEFINE(struct sctp_base_info, system_base_info); 80 #else 81 struct sctp_base_info system_base_info; 82 #endif 83 84 #if defined(__Userspace__) 85 #if defined(INET) || defined(INET6) 86 struct ifaddrs *g_interfaces; 87 #endif 88 #endif 89 /* FIX: we don't handle multiple link local scopes */ 90 /* "scopeless" replacement IN6_ARE_ADDR_EQUAL */ 91 #ifdef INET6 92 int 93 SCTP6_ARE_ADDR_EQUAL(struct sockaddr_in6 *a, struct sockaddr_in6 *b) 94 { 95 #ifdef SCTP_EMBEDDED_V6_SCOPE 96 #if defined(__APPLE__) 97 struct in6_addr tmp_a, tmp_b; 98 99 tmp_a = a->sin6_addr; 100 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) 101 if (in6_embedscope(&tmp_a, a, NULL, NULL) != 0) { 102 #else 103 if (in6_embedscope(&tmp_a, a, NULL, NULL, NULL) != 0) { 104 #endif 105 return (0); 106 } 107 tmp_b = b->sin6_addr; 108 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) 109 if (in6_embedscope(&tmp_b, b, NULL, NULL) != 0) { 110 #else 111 if (in6_embedscope(&tmp_b, b, NULL, NULL, NULL) != 0) { 112 #endif 113 return (0); 114 } 115 return (IN6_ARE_ADDR_EQUAL(&tmp_a, &tmp_b)); 116 #elif defined(SCTP_KAME) 117 struct sockaddr_in6 tmp_a, tmp_b; 118 119 memcpy(&tmp_a, a, sizeof(struct sockaddr_in6)); 120 if (sa6_embedscope(&tmp_a, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 121 return (0); 122 } 123 memcpy(&tmp_b, b, sizeof(struct sockaddr_in6)); 124 if (sa6_embedscope(&tmp_b, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 125 return (0); 126 } 127 return (IN6_ARE_ADDR_EQUAL(&tmp_a.sin6_addr, &tmp_b.sin6_addr)); 128 #else 129 struct in6_addr tmp_a, tmp_b; 130 131 tmp_a = a->sin6_addr; 132 if (in6_embedscope(&tmp_a, a) != 0) { 133 return (0); 134 } 135 tmp_b = b->sin6_addr; 136 if (in6_embedscope(&tmp_b, b) != 0) { 137 return (0); 138 } 139 return (IN6_ARE_ADDR_EQUAL(&tmp_a, &tmp_b)); 140 #endif 141 #else 142 return (IN6_ARE_ADDR_EQUAL(&(a->sin6_addr), &(b->sin6_addr))); 143 #endif /* SCTP_EMBEDDED_V6_SCOPE */ 144 } 145 #endif 146 147 void 148 sctp_fill_pcbinfo(struct sctp_pcbinfo *spcb) 149 { 150 /* 151 * We really don't need to lock this, but I will just because it 152 * does not hurt. 153 */ 154 SCTP_INP_INFO_RLOCK(); 155 spcb->ep_count = SCTP_BASE_INFO(ipi_count_ep); 156 spcb->asoc_count = SCTP_BASE_INFO(ipi_count_asoc); 157 spcb->laddr_count = SCTP_BASE_INFO(ipi_count_laddr); 158 spcb->raddr_count = SCTP_BASE_INFO(ipi_count_raddr); 159 spcb->chk_count = SCTP_BASE_INFO(ipi_count_chunk); 160 spcb->readq_count = SCTP_BASE_INFO(ipi_count_readq); 161 spcb->stream_oque = SCTP_BASE_INFO(ipi_count_strmoq); 162 spcb->free_chunks = SCTP_BASE_INFO(ipi_free_chunks); 163 SCTP_INP_INFO_RUNLOCK(); 164 } 165 166 /*- 167 * Addresses are added to VRF's (Virtual Router's). For BSD we 168 * have only the default VRF 0. We maintain a hash list of 169 * VRF's. Each VRF has its own list of sctp_ifn's. Each of 170 * these has a list of addresses. When we add a new address 171 * to a VRF we lookup the ifn/ifn_index, if the ifn does 172 * not exist we create it and add it to the list of IFN's 173 * within the VRF. Once we have the sctp_ifn, we add the 174 * address to the list. So we look something like: 175 * 176 * hash-vrf-table 177 * vrf-> ifn-> ifn -> ifn 178 * vrf | 179 * ... +--ifa-> ifa -> ifa 180 * vrf 181 * 182 * We keep these separate lists since the SCTP subsystem will 183 * point to these from its source address selection nets structure. 184 * When an address is deleted it does not happen right away on 185 * the SCTP side, it gets scheduled. What we do when a 186 * delete happens is immediately remove the address from 187 * the master list and decrement the refcount. As our 188 * addip iterator works through and frees the src address 189 * selection pointing to the sctp_ifa, eventually the refcount 190 * will reach 0 and we will delete it. Note that it is assumed 191 * that any locking on system level ifn/ifa is done at the 192 * caller of these functions and these routines will only 193 * lock the SCTP structures as they add or delete things. 194 * 195 * Other notes on VRF concepts. 196 * - An endpoint can be in multiple VRF's 197 * - An association lives within a VRF and only one VRF. 198 * - Any incoming packet we can deduce the VRF for by 199 * looking at the mbuf/pak inbound (for BSD its VRF=0 :D) 200 * - Any downward send call or connect call must supply the 201 * VRF via ancillary data or via some sort of set default 202 * VRF socket option call (again for BSD no brainer since 203 * the VRF is always 0). 204 * - An endpoint may add multiple VRF's to it. 205 * - Listening sockets can accept associations in any 206 * of the VRF's they are in but the assoc will end up 207 * in only one VRF (gotten from the packet or connect/send). 208 * 209 */ 210 211 struct sctp_vrf * 212 sctp_allocate_vrf(int vrf_id) 213 { 214 struct sctp_vrf *vrf = NULL; 215 struct sctp_vrflist *bucket; 216 217 /* First allocate the VRF structure */ 218 vrf = sctp_find_vrf(vrf_id); 219 if (vrf) { 220 /* Already allocated */ 221 return (vrf); 222 } 223 SCTP_MALLOC(vrf, struct sctp_vrf *, sizeof(struct sctp_vrf), 224 SCTP_M_VRF); 225 if (vrf == NULL) { 226 /* No memory */ 227 #ifdef INVARIANTS 228 panic("No memory for VRF:%d", vrf_id); 229 #endif 230 return (NULL); 231 } 232 /* setup the VRF */ 233 memset(vrf, 0, sizeof(struct sctp_vrf)); 234 vrf->vrf_id = vrf_id; 235 LIST_INIT(&vrf->ifnlist); 236 vrf->total_ifa_count = 0; 237 vrf->refcount = 0; 238 /* now also setup table ids */ 239 SCTP_INIT_VRF_TABLEID(vrf); 240 /* Init the HASH of addresses */ 241 vrf->vrf_addr_hash = SCTP_HASH_INIT(SCTP_VRF_ADDR_HASH_SIZE, 242 &vrf->vrf_addr_hashmark); 243 if (vrf->vrf_addr_hash == NULL) { 244 /* No memory */ 245 #ifdef INVARIANTS 246 panic("No memory for VRF:%d", vrf_id); 247 #endif 248 SCTP_FREE(vrf, SCTP_M_VRF); 249 return (NULL); 250 } 251 252 /* Add it to the hash table */ 253 bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(vrf_id & SCTP_BASE_INFO(hashvrfmark))]; 254 LIST_INSERT_HEAD(bucket, vrf, next_vrf); 255 atomic_add_int(&SCTP_BASE_INFO(ipi_count_vrfs), 1); 256 return (vrf); 257 } 258 259 260 struct sctp_ifn * 261 sctp_find_ifn(void *ifn, uint32_t ifn_index) 262 { 263 struct sctp_ifn *sctp_ifnp; 264 struct sctp_ifnlist *hash_ifn_head; 265 266 /* We assume the lock is held for the addresses 267 * if that's wrong problems could occur :-) 268 */ 269 hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))]; 270 LIST_FOREACH(sctp_ifnp, hash_ifn_head, next_bucket) { 271 if (sctp_ifnp->ifn_index == ifn_index) { 272 return (sctp_ifnp); 273 } 274 if (sctp_ifnp->ifn_p && ifn && (sctp_ifnp->ifn_p == ifn)) { 275 return (sctp_ifnp); 276 } 277 } 278 return (NULL); 279 } 280 281 282 struct sctp_vrf * 283 sctp_find_vrf(uint32_t vrf_id) 284 { 285 struct sctp_vrflist *bucket; 286 struct sctp_vrf *liste; 287 288 bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(vrf_id & SCTP_BASE_INFO(hashvrfmark))]; 289 LIST_FOREACH(liste, bucket, next_vrf) { 290 if (vrf_id == liste->vrf_id) { 291 return (liste); 292 } 293 } 294 return (NULL); 295 } 296 297 298 void 299 sctp_free_vrf(struct sctp_vrf *vrf) 300 { 301 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&vrf->refcount)) { 302 if (vrf->vrf_addr_hash) { 303 SCTP_HASH_FREE(vrf->vrf_addr_hash, vrf->vrf_addr_hashmark); 304 vrf->vrf_addr_hash = NULL; 305 } 306 /* We zero'd the count */ 307 LIST_REMOVE(vrf, next_vrf); 308 SCTP_FREE(vrf, SCTP_M_VRF); 309 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_vrfs), 1); 310 } 311 } 312 313 314 void 315 sctp_free_ifn(struct sctp_ifn *sctp_ifnp) 316 { 317 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&sctp_ifnp->refcount)) { 318 /* We zero'd the count */ 319 if (sctp_ifnp->vrf) { 320 sctp_free_vrf(sctp_ifnp->vrf); 321 } 322 SCTP_FREE(sctp_ifnp, SCTP_M_IFN); 323 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_ifns), 1); 324 } 325 } 326 327 328 void 329 sctp_update_ifn_mtu(uint32_t ifn_index, uint32_t mtu) 330 { 331 struct sctp_ifn *sctp_ifnp; 332 333 sctp_ifnp = sctp_find_ifn((void *)NULL, ifn_index); 334 if (sctp_ifnp != NULL) { 335 sctp_ifnp->ifn_mtu = mtu; 336 } 337 } 338 339 340 void 341 sctp_free_ifa(struct sctp_ifa *sctp_ifap) 342 { 343 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&sctp_ifap->refcount)) { 344 /* We zero'd the count */ 345 if (sctp_ifap->ifn_p) { 346 sctp_free_ifn(sctp_ifap->ifn_p); 347 } 348 SCTP_FREE(sctp_ifap, SCTP_M_IFA); 349 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_ifas), 1); 350 } 351 } 352 353 354 static void 355 sctp_delete_ifn(struct sctp_ifn *sctp_ifnp, int hold_addr_lock) 356 { 357 struct sctp_ifn *found; 358 359 found = sctp_find_ifn(sctp_ifnp->ifn_p, sctp_ifnp->ifn_index); 360 if (found == NULL) { 361 /* Not in the list.. sorry */ 362 return; 363 } 364 if (hold_addr_lock == 0) 365 SCTP_IPI_ADDR_WLOCK(); 366 LIST_REMOVE(sctp_ifnp, next_bucket); 367 LIST_REMOVE(sctp_ifnp, next_ifn); 368 SCTP_DEREGISTER_INTERFACE(sctp_ifnp->ifn_index, 369 sctp_ifnp->registered_af); 370 if (hold_addr_lock == 0) 371 SCTP_IPI_ADDR_WUNLOCK(); 372 /* Take away the reference, and possibly free it */ 373 sctp_free_ifn(sctp_ifnp); 374 } 375 376 377 void 378 sctp_mark_ifa_addr_down(uint32_t vrf_id, struct sockaddr *addr, 379 const char *if_name, uint32_t ifn_index) 380 { 381 struct sctp_vrf *vrf; 382 struct sctp_ifa *sctp_ifap; 383 384 SCTP_IPI_ADDR_RLOCK(); 385 vrf = sctp_find_vrf(vrf_id); 386 if (vrf == NULL) { 387 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id); 388 goto out; 389 390 } 391 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED); 392 if (sctp_ifap == NULL) { 393 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find sctp_ifap for address\n"); 394 goto out; 395 } 396 if (sctp_ifap->ifn_p == NULL) { 397 SCTPDBG(SCTP_DEBUG_PCB4, "IFA has no IFN - can't mark unuseable\n"); 398 goto out; 399 } 400 if (if_name) { 401 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) != 0) { 402 SCTPDBG(SCTP_DEBUG_PCB4, "IFN %s of IFA not the same as %s\n", 403 sctp_ifap->ifn_p->ifn_name, if_name); 404 goto out; 405 } 406 } else { 407 if (sctp_ifap->ifn_p->ifn_index != ifn_index) { 408 SCTPDBG(SCTP_DEBUG_PCB4, "IFA owned by ifn_index:%d down command for ifn_index:%d - ignored\n", 409 sctp_ifap->ifn_p->ifn_index, ifn_index); 410 goto out; 411 } 412 } 413 414 sctp_ifap->localifa_flags &= (~SCTP_ADDR_VALID); 415 sctp_ifap->localifa_flags |= SCTP_ADDR_IFA_UNUSEABLE; 416 out: 417 SCTP_IPI_ADDR_RUNLOCK(); 418 } 419 420 421 void 422 sctp_mark_ifa_addr_up(uint32_t vrf_id, struct sockaddr *addr, 423 const char *if_name, uint32_t ifn_index) 424 { 425 struct sctp_vrf *vrf; 426 struct sctp_ifa *sctp_ifap; 427 428 SCTP_IPI_ADDR_RLOCK(); 429 vrf = sctp_find_vrf(vrf_id); 430 if (vrf == NULL) { 431 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id); 432 goto out; 433 434 } 435 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED); 436 if (sctp_ifap == NULL) { 437 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find sctp_ifap for address\n"); 438 goto out; 439 } 440 if (sctp_ifap->ifn_p == NULL) { 441 SCTPDBG(SCTP_DEBUG_PCB4, "IFA has no IFN - can't mark unuseable\n"); 442 goto out; 443 } 444 if (if_name) { 445 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) != 0) { 446 SCTPDBG(SCTP_DEBUG_PCB4, "IFN %s of IFA not the same as %s\n", 447 sctp_ifap->ifn_p->ifn_name, if_name); 448 goto out; 449 } 450 } else { 451 if (sctp_ifap->ifn_p->ifn_index != ifn_index) { 452 SCTPDBG(SCTP_DEBUG_PCB4, "IFA owned by ifn_index:%d down command for ifn_index:%d - ignored\n", 453 sctp_ifap->ifn_p->ifn_index, ifn_index); 454 goto out; 455 } 456 } 457 458 sctp_ifap->localifa_flags &= (~SCTP_ADDR_IFA_UNUSEABLE); 459 sctp_ifap->localifa_flags |= SCTP_ADDR_VALID; 460 out: 461 SCTP_IPI_ADDR_RUNLOCK(); 462 } 463 464 465 /*- 466 * Add an ifa to an ifn. 467 * Register the interface as necessary. 468 * NOTE: ADDR write lock MUST be held. 469 */ 470 static void 471 sctp_add_ifa_to_ifn(struct sctp_ifn *sctp_ifnp, struct sctp_ifa *sctp_ifap) 472 { 473 int ifa_af; 474 475 LIST_INSERT_HEAD(&sctp_ifnp->ifalist, sctp_ifap, next_ifa); 476 sctp_ifap->ifn_p = sctp_ifnp; 477 atomic_add_int(&sctp_ifap->ifn_p->refcount, 1); 478 /* update address counts */ 479 sctp_ifnp->ifa_count++; 480 ifa_af = sctp_ifap->address.sa.sa_family; 481 switch (ifa_af) { 482 #ifdef INET 483 case AF_INET: 484 sctp_ifnp->num_v4++; 485 break; 486 #endif 487 #ifdef INET6 488 case AF_INET6: 489 sctp_ifnp->num_v6++; 490 break; 491 #endif 492 default: 493 break; 494 } 495 if (sctp_ifnp->ifa_count == 1) { 496 /* register the new interface */ 497 SCTP_REGISTER_INTERFACE(sctp_ifnp->ifn_index, ifa_af); 498 sctp_ifnp->registered_af = ifa_af; 499 } 500 } 501 502 503 /*- 504 * Remove an ifa from its ifn. 505 * If no more addresses exist, remove the ifn too. Otherwise, re-register 506 * the interface based on the remaining address families left. 507 * NOTE: ADDR write lock MUST be held. 508 */ 509 static void 510 sctp_remove_ifa_from_ifn(struct sctp_ifa *sctp_ifap) 511 { 512 LIST_REMOVE(sctp_ifap, next_ifa); 513 if (sctp_ifap->ifn_p) { 514 /* update address counts */ 515 sctp_ifap->ifn_p->ifa_count--; 516 switch (sctp_ifap->address.sa.sa_family) { 517 #ifdef INET 518 case AF_INET: 519 sctp_ifap->ifn_p->num_v4--; 520 break; 521 #endif 522 #ifdef INET6 523 case AF_INET6: 524 sctp_ifap->ifn_p->num_v6--; 525 break; 526 #endif 527 default: 528 break; 529 } 530 531 if (LIST_EMPTY(&sctp_ifap->ifn_p->ifalist)) { 532 /* remove the ifn, possibly freeing it */ 533 sctp_delete_ifn(sctp_ifap->ifn_p, SCTP_ADDR_LOCKED); 534 } else { 535 /* re-register address family type, if needed */ 536 if ((sctp_ifap->ifn_p->num_v6 == 0) && 537 (sctp_ifap->ifn_p->registered_af == AF_INET6)) { 538 SCTP_DEREGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET6); 539 SCTP_REGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET); 540 sctp_ifap->ifn_p->registered_af = AF_INET; 541 } else if ((sctp_ifap->ifn_p->num_v4 == 0) && 542 (sctp_ifap->ifn_p->registered_af == AF_INET)) { 543 SCTP_DEREGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET); 544 SCTP_REGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET6); 545 sctp_ifap->ifn_p->registered_af = AF_INET6; 546 } 547 /* free the ifn refcount */ 548 sctp_free_ifn(sctp_ifap->ifn_p); 549 } 550 sctp_ifap->ifn_p = NULL; 551 } 552 } 553 554 555 struct sctp_ifa * 556 sctp_add_addr_to_vrf(uint32_t vrf_id, void *ifn, uint32_t ifn_index, 557 uint32_t ifn_type, const char *if_name, void *ifa, 558 struct sockaddr *addr, uint32_t ifa_flags, 559 int dynamic_add) 560 { 561 struct sctp_vrf *vrf; 562 struct sctp_ifn *sctp_ifnp = NULL; 563 struct sctp_ifa *sctp_ifap = NULL; 564 struct sctp_ifalist *hash_addr_head; 565 struct sctp_ifnlist *hash_ifn_head; 566 uint32_t hash_of_addr; 567 int new_ifn_af = 0; 568 569 #ifdef SCTP_DEBUG 570 SCTPDBG(SCTP_DEBUG_PCB4, "vrf_id 0x%x: adding address: ", vrf_id); 571 SCTPDBG_ADDR(SCTP_DEBUG_PCB4, addr); 572 #endif 573 SCTP_IPI_ADDR_WLOCK(); 574 sctp_ifnp = sctp_find_ifn(ifn, ifn_index); 575 if (sctp_ifnp) { 576 vrf = sctp_ifnp->vrf; 577 } else { 578 vrf = sctp_find_vrf(vrf_id); 579 if (vrf == NULL) { 580 vrf = sctp_allocate_vrf(vrf_id); 581 if (vrf == NULL) { 582 SCTP_IPI_ADDR_WUNLOCK(); 583 return (NULL); 584 } 585 } 586 } 587 if (sctp_ifnp == NULL) { 588 /* build one and add it, can't hold lock 589 * until after malloc done though. 590 */ 591 SCTP_IPI_ADDR_WUNLOCK(); 592 SCTP_MALLOC(sctp_ifnp, struct sctp_ifn *, 593 sizeof(struct sctp_ifn), SCTP_M_IFN); 594 if (sctp_ifnp == NULL) { 595 #ifdef INVARIANTS 596 panic("No memory for IFN"); 597 #endif 598 return (NULL); 599 } 600 memset(sctp_ifnp, 0, sizeof(struct sctp_ifn)); 601 sctp_ifnp->ifn_index = ifn_index; 602 sctp_ifnp->ifn_p = ifn; 603 sctp_ifnp->ifn_type = ifn_type; 604 sctp_ifnp->refcount = 0; 605 sctp_ifnp->vrf = vrf; 606 atomic_add_int(&vrf->refcount, 1); 607 sctp_ifnp->ifn_mtu = SCTP_GATHER_MTU_FROM_IFN_INFO(ifn, ifn_index, addr->sa_family); 608 if (if_name != NULL) { 609 snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name); 610 } else { 611 snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown"); 612 } 613 hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))]; 614 LIST_INIT(&sctp_ifnp->ifalist); 615 SCTP_IPI_ADDR_WLOCK(); 616 LIST_INSERT_HEAD(hash_ifn_head, sctp_ifnp, next_bucket); 617 LIST_INSERT_HEAD(&vrf->ifnlist, sctp_ifnp, next_ifn); 618 atomic_add_int(&SCTP_BASE_INFO(ipi_count_ifns), 1); 619 new_ifn_af = 1; 620 } 621 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED); 622 if (sctp_ifap) { 623 /* Hmm, it already exists? */ 624 if ((sctp_ifap->ifn_p) && 625 (sctp_ifap->ifn_p->ifn_index == ifn_index)) { 626 SCTPDBG(SCTP_DEBUG_PCB4, "Using existing ifn %s (0x%x) for ifa %p\n", 627 sctp_ifap->ifn_p->ifn_name, ifn_index, 628 (void *)sctp_ifap); 629 if (new_ifn_af) { 630 /* Remove the created one that we don't want */ 631 sctp_delete_ifn(sctp_ifnp, SCTP_ADDR_LOCKED); 632 } 633 if (sctp_ifap->localifa_flags & SCTP_BEING_DELETED) { 634 /* easy to solve, just switch back to active */ 635 SCTPDBG(SCTP_DEBUG_PCB4, "Clearing deleted ifa flag\n"); 636 sctp_ifap->localifa_flags = SCTP_ADDR_VALID; 637 sctp_ifap->ifn_p = sctp_ifnp; 638 atomic_add_int(&sctp_ifap->ifn_p->refcount, 1); 639 } 640 exit_stage_left: 641 SCTP_IPI_ADDR_WUNLOCK(); 642 return (sctp_ifap); 643 } else { 644 if (sctp_ifap->ifn_p) { 645 /* 646 * The last IFN gets the address, remove the 647 * old one 648 */ 649 SCTPDBG(SCTP_DEBUG_PCB4, "Moving ifa %p from %s (0x%x) to %s (0x%x)\n", 650 (void *)sctp_ifap, sctp_ifap->ifn_p->ifn_name, 651 sctp_ifap->ifn_p->ifn_index, if_name, 652 ifn_index); 653 /* remove the address from the old ifn */ 654 sctp_remove_ifa_from_ifn(sctp_ifap); 655 /* move the address over to the new ifn */ 656 sctp_add_ifa_to_ifn(sctp_ifnp, sctp_ifap); 657 goto exit_stage_left; 658 } else { 659 /* repair ifnp which was NULL ? */ 660 sctp_ifap->localifa_flags = SCTP_ADDR_VALID; 661 SCTPDBG(SCTP_DEBUG_PCB4, "Repairing ifn %p for ifa %p\n", 662 (void *)sctp_ifnp, (void *)sctp_ifap); 663 sctp_add_ifa_to_ifn(sctp_ifnp, sctp_ifap); 664 } 665 goto exit_stage_left; 666 } 667 } 668 SCTP_IPI_ADDR_WUNLOCK(); 669 SCTP_MALLOC(sctp_ifap, struct sctp_ifa *, sizeof(struct sctp_ifa), SCTP_M_IFA); 670 if (sctp_ifap == NULL) { 671 #ifdef INVARIANTS 672 panic("No memory for IFA"); 673 #endif 674 return (NULL); 675 } 676 memset(sctp_ifap, 0, sizeof(struct sctp_ifa)); 677 sctp_ifap->ifn_p = sctp_ifnp; 678 atomic_add_int(&sctp_ifnp->refcount, 1); 679 sctp_ifap->vrf_id = vrf_id; 680 sctp_ifap->ifa = ifa; 681 #ifdef HAVE_SA_LEN 682 memcpy(&sctp_ifap->address, addr, addr->sa_len); 683 #else 684 switch (addr->sa_family) { 685 #ifdef INET 686 case AF_INET: 687 memcpy(&sctp_ifap->address, addr, sizeof(struct sockaddr_in)); 688 break; 689 #endif 690 #ifdef INET6 691 case AF_INET6: 692 memcpy(&sctp_ifap->address, addr, sizeof(struct sockaddr_in6)); 693 break; 694 #endif 695 #if defined(__Userspace__) 696 case AF_CONN: 697 memcpy(&sctp_ifap->address, addr, sizeof(struct sockaddr_conn)); 698 break; 699 #endif 700 default: 701 /* TSNH */ 702 break; 703 } 704 #endif 705 sctp_ifap->localifa_flags = SCTP_ADDR_VALID | SCTP_ADDR_DEFER_USE; 706 sctp_ifap->flags = ifa_flags; 707 /* Set scope */ 708 switch (sctp_ifap->address.sa.sa_family) { 709 #ifdef INET 710 case AF_INET: 711 { 712 struct sockaddr_in *sin; 713 714 sin = (struct sockaddr_in *)&sctp_ifap->address.sin; 715 if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) || 716 (IN4_ISLOOPBACK_ADDRESS(&sin->sin_addr))) { 717 sctp_ifap->src_is_loop = 1; 718 } 719 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { 720 sctp_ifap->src_is_priv = 1; 721 } 722 sctp_ifnp->num_v4++; 723 if (new_ifn_af) 724 new_ifn_af = AF_INET; 725 break; 726 } 727 #endif 728 #ifdef INET6 729 case AF_INET6: 730 { 731 /* ok to use deprecated addresses? */ 732 struct sockaddr_in6 *sin6; 733 734 sin6 = (struct sockaddr_in6 *)&sctp_ifap->address.sin6; 735 if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) || 736 (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))) { 737 sctp_ifap->src_is_loop = 1; 738 } 739 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 740 sctp_ifap->src_is_priv = 1; 741 } 742 sctp_ifnp->num_v6++; 743 if (new_ifn_af) 744 new_ifn_af = AF_INET6; 745 break; 746 } 747 #endif 748 #if defined(__Userspace__) 749 case AF_CONN: 750 if (new_ifn_af) 751 new_ifn_af = AF_CONN; 752 break; 753 #endif 754 default: 755 new_ifn_af = 0; 756 break; 757 } 758 hash_of_addr = sctp_get_ifa_hash_val(&sctp_ifap->address.sa); 759 760 if ((sctp_ifap->src_is_priv == 0) && 761 (sctp_ifap->src_is_loop == 0)) { 762 sctp_ifap->src_is_glob = 1; 763 } 764 SCTP_IPI_ADDR_WLOCK(); 765 hash_addr_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)]; 766 LIST_INSERT_HEAD(hash_addr_head, sctp_ifap, next_bucket); 767 sctp_ifap->refcount = 1; 768 LIST_INSERT_HEAD(&sctp_ifnp->ifalist, sctp_ifap, next_ifa); 769 sctp_ifnp->ifa_count++; 770 vrf->total_ifa_count++; 771 atomic_add_int(&SCTP_BASE_INFO(ipi_count_ifas), 1); 772 if (new_ifn_af) { 773 SCTP_REGISTER_INTERFACE(ifn_index, new_ifn_af); 774 sctp_ifnp->registered_af = new_ifn_af; 775 } 776 SCTP_IPI_ADDR_WUNLOCK(); 777 if (dynamic_add) { 778 /* Bump up the refcount so that when the timer 779 * completes it will drop back down. 780 */ 781 struct sctp_laddr *wi; 782 783 atomic_add_int(&sctp_ifap->refcount, 1); 784 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 785 if (wi == NULL) { 786 /* 787 * Gak, what can we do? We have lost an address 788 * change can you say HOSED? 789 */ 790 SCTPDBG(SCTP_DEBUG_PCB4, "Lost an address change?\n"); 791 /* Opps, must decrement the count */ 792 sctp_del_addr_from_vrf(vrf_id, addr, ifn_index, 793 if_name); 794 return (NULL); 795 } 796 SCTP_INCR_LADDR_COUNT(); 797 bzero(wi, sizeof(*wi)); 798 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time); 799 wi->ifa = sctp_ifap; 800 wi->action = SCTP_ADD_IP_ADDRESS; 801 802 SCTP_WQ_ADDR_LOCK(); 803 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 804 SCTP_WQ_ADDR_UNLOCK(); 805 806 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 807 (struct sctp_inpcb *)NULL, 808 (struct sctp_tcb *)NULL, 809 (struct sctp_nets *)NULL); 810 } else { 811 /* it's ready for use */ 812 sctp_ifap->localifa_flags &= ~SCTP_ADDR_DEFER_USE; 813 } 814 return (sctp_ifap); 815 } 816 817 void 818 sctp_del_addr_from_vrf(uint32_t vrf_id, struct sockaddr *addr, 819 uint32_t ifn_index, const char *if_name) 820 { 821 struct sctp_vrf *vrf; 822 struct sctp_ifa *sctp_ifap = NULL; 823 824 SCTP_IPI_ADDR_WLOCK(); 825 vrf = sctp_find_vrf(vrf_id); 826 if (vrf == NULL) { 827 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id); 828 goto out_now; 829 } 830 831 #ifdef SCTP_DEBUG 832 SCTPDBG(SCTP_DEBUG_PCB4, "vrf_id 0x%x: deleting address:", vrf_id); 833 SCTPDBG_ADDR(SCTP_DEBUG_PCB4, addr); 834 #endif 835 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED); 836 if (sctp_ifap) { 837 /* Validate the delete */ 838 if (sctp_ifap->ifn_p) { 839 int valid = 0; 840 /*- 841 * The name has priority over the ifn_index 842 * if its given. We do this especially for 843 * panda who might recycle indexes fast. 844 */ 845 if (if_name) { 846 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) == 0) { 847 /* They match its a correct delete */ 848 valid = 1; 849 } 850 } 851 if (!valid) { 852 /* last ditch check ifn_index */ 853 if (ifn_index == sctp_ifap->ifn_p->ifn_index) { 854 valid = 1; 855 } 856 } 857 if (!valid) { 858 SCTPDBG(SCTP_DEBUG_PCB4, "ifn:%d ifname:%s does not match addresses\n", 859 ifn_index, ((if_name == NULL) ? "NULL" : if_name)); 860 SCTPDBG(SCTP_DEBUG_PCB4, "ifn:%d ifname:%s - ignoring delete\n", 861 sctp_ifap->ifn_p->ifn_index, sctp_ifap->ifn_p->ifn_name); 862 SCTP_IPI_ADDR_WUNLOCK(); 863 return; 864 } 865 } 866 SCTPDBG(SCTP_DEBUG_PCB4, "Deleting ifa %p\n", (void *)sctp_ifap); 867 sctp_ifap->localifa_flags &= SCTP_ADDR_VALID; 868 /* 869 * We don't set the flag. This means that the structure will 870 * hang around in EP's that have bound specific to it until 871 * they close. This gives us TCP like behavior if someone 872 * removes an address (or for that matter adds it right back). 873 */ 874 /* sctp_ifap->localifa_flags |= SCTP_BEING_DELETED; */ 875 vrf->total_ifa_count--; 876 LIST_REMOVE(sctp_ifap, next_bucket); 877 sctp_remove_ifa_from_ifn(sctp_ifap); 878 } 879 #ifdef SCTP_DEBUG 880 else { 881 SCTPDBG(SCTP_DEBUG_PCB4, "Del Addr-ifn:%d Could not find address:", 882 ifn_index); 883 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, addr); 884 } 885 #endif 886 887 out_now: 888 SCTP_IPI_ADDR_WUNLOCK(); 889 if (sctp_ifap) { 890 struct sctp_laddr *wi; 891 892 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 893 if (wi == NULL) { 894 /* 895 * Gak, what can we do? We have lost an address 896 * change can you say HOSED? 897 */ 898 SCTPDBG(SCTP_DEBUG_PCB4, "Lost an address change?\n"); 899 900 /* Oops, must decrement the count */ 901 sctp_free_ifa(sctp_ifap); 902 return; 903 } 904 SCTP_INCR_LADDR_COUNT(); 905 bzero(wi, sizeof(*wi)); 906 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time); 907 wi->ifa = sctp_ifap; 908 wi->action = SCTP_DEL_IP_ADDRESS; 909 SCTP_WQ_ADDR_LOCK(); 910 /* 911 * Should this really be a tailq? As it is we will process the 912 * newest first :-0 913 */ 914 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); 915 SCTP_WQ_ADDR_UNLOCK(); 916 917 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ, 918 (struct sctp_inpcb *)NULL, 919 (struct sctp_tcb *)NULL, 920 (struct sctp_nets *)NULL); 921 } 922 return; 923 } 924 925 926 static int 927 sctp_does_stcb_own_this_addr(struct sctp_tcb *stcb, struct sockaddr *to) 928 { 929 int loopback_scope; 930 #if defined(INET) 931 int ipv4_local_scope, ipv4_addr_legal; 932 #endif 933 #if defined(INET6) 934 int local_scope, site_scope, ipv6_addr_legal; 935 #endif 936 #if defined(__Userspace__) 937 int conn_addr_legal; 938 #endif 939 struct sctp_vrf *vrf; 940 struct sctp_ifn *sctp_ifn; 941 struct sctp_ifa *sctp_ifa; 942 943 loopback_scope = stcb->asoc.scope.loopback_scope; 944 #if defined(INET) 945 ipv4_local_scope = stcb->asoc.scope.ipv4_local_scope; 946 ipv4_addr_legal = stcb->asoc.scope.ipv4_addr_legal; 947 #endif 948 #if defined(INET6) 949 local_scope = stcb->asoc.scope.local_scope; 950 site_scope = stcb->asoc.scope.site_scope; 951 ipv6_addr_legal = stcb->asoc.scope.ipv6_addr_legal; 952 #endif 953 #if defined(__Userspace__) 954 conn_addr_legal = stcb->asoc.scope.conn_addr_legal; 955 #endif 956 957 SCTP_IPI_ADDR_RLOCK(); 958 vrf = sctp_find_vrf(stcb->asoc.vrf_id); 959 if (vrf == NULL) { 960 /* no vrf, no addresses */ 961 SCTP_IPI_ADDR_RUNLOCK(); 962 return (0); 963 } 964 965 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 966 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) { 967 if ((loopback_scope == 0) && 968 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) { 969 continue; 970 } 971 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { 972 if (sctp_is_addr_restricted(stcb, sctp_ifa) && 973 (!sctp_is_addr_pending(stcb, sctp_ifa))) { 974 /* We allow pending addresses, where we 975 * have sent an asconf-add to be considered 976 * valid. 977 */ 978 continue; 979 } 980 if (sctp_ifa->address.sa.sa_family != to->sa_family) { 981 continue; 982 } 983 switch (sctp_ifa->address.sa.sa_family) { 984 #ifdef INET 985 case AF_INET: 986 if (ipv4_addr_legal) { 987 struct sockaddr_in *sin, *rsin; 988 989 sin = &sctp_ifa->address.sin; 990 rsin = (struct sockaddr_in *)to; 991 if ((ipv4_local_scope == 0) && 992 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 993 continue; 994 } 995 if (sin->sin_addr.s_addr == rsin->sin_addr.s_addr) { 996 SCTP_IPI_ADDR_RUNLOCK(); 997 return (1); 998 } 999 } 1000 break; 1001 #endif 1002 #ifdef INET6 1003 case AF_INET6: 1004 if (ipv6_addr_legal) { 1005 struct sockaddr_in6 *sin6, *rsin6; 1006 #if defined(SCTP_EMBEDDED_V6_SCOPE) && !defined(SCTP_KAME) 1007 struct sockaddr_in6 lsa6; 1008 #endif 1009 sin6 = &sctp_ifa->address.sin6; 1010 rsin6 = (struct sockaddr_in6 *)to; 1011 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 1012 if (local_scope == 0) 1013 continue; 1014 #if defined(SCTP_EMBEDDED_V6_SCOPE) 1015 if (sin6->sin6_scope_id == 0) { 1016 #ifdef SCTP_KAME 1017 if (sa6_recoverscope(sin6) != 0) 1018 continue; 1019 #else 1020 lsa6 = *sin6; 1021 if (in6_recoverscope(&lsa6, 1022 &lsa6.sin6_addr, 1023 NULL)) 1024 continue; 1025 sin6 = &lsa6; 1026 #endif /* SCTP_KAME */ 1027 } 1028 #endif /* SCTP_EMBEDDED_V6_SCOPE */ 1029 } 1030 if ((site_scope == 0) && 1031 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) { 1032 continue; 1033 } 1034 if (SCTP6_ARE_ADDR_EQUAL(sin6, rsin6)) { 1035 SCTP_IPI_ADDR_RUNLOCK(); 1036 return (1); 1037 } 1038 } 1039 break; 1040 #endif 1041 #if defined(__Userspace__) 1042 case AF_CONN: 1043 if (conn_addr_legal) { 1044 struct sockaddr_conn *sconn, *rsconn; 1045 1046 sconn = &sctp_ifa->address.sconn; 1047 rsconn = (struct sockaddr_conn *)to; 1048 if (sconn->sconn_addr == rsconn->sconn_addr) { 1049 SCTP_IPI_ADDR_RUNLOCK(); 1050 return (1); 1051 } 1052 } 1053 break; 1054 #endif 1055 default: 1056 /* TSNH */ 1057 break; 1058 } 1059 } 1060 } 1061 } else { 1062 struct sctp_laddr *laddr; 1063 1064 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) { 1065 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) { 1066 SCTPDBG(SCTP_DEBUG_PCB1, "ifa being deleted\n"); 1067 continue; 1068 } 1069 if (sctp_is_addr_restricted(stcb, laddr->ifa) && 1070 (!sctp_is_addr_pending(stcb, laddr->ifa))) { 1071 /* We allow pending addresses, where we 1072 * have sent an asconf-add to be considered 1073 * valid. 1074 */ 1075 continue; 1076 } 1077 if (laddr->ifa->address.sa.sa_family != to->sa_family) { 1078 continue; 1079 } 1080 switch (to->sa_family) { 1081 #ifdef INET 1082 case AF_INET: 1083 { 1084 struct sockaddr_in *sin, *rsin; 1085 1086 sin = (struct sockaddr_in *)&laddr->ifa->address.sin; 1087 rsin = (struct sockaddr_in *)to; 1088 if (sin->sin_addr.s_addr == rsin->sin_addr.s_addr) { 1089 SCTP_IPI_ADDR_RUNLOCK(); 1090 return (1); 1091 } 1092 break; 1093 } 1094 #endif 1095 #ifdef INET6 1096 case AF_INET6: 1097 { 1098 struct sockaddr_in6 *sin6, *rsin6; 1099 1100 sin6 = (struct sockaddr_in6 *)&laddr->ifa->address.sin6; 1101 rsin6 = (struct sockaddr_in6 *)to; 1102 if (SCTP6_ARE_ADDR_EQUAL(sin6, rsin6)) { 1103 SCTP_IPI_ADDR_RUNLOCK(); 1104 return (1); 1105 } 1106 break; 1107 } 1108 1109 #endif 1110 #if defined(__Userspace__) 1111 case AF_CONN: 1112 { 1113 struct sockaddr_conn *sconn, *rsconn; 1114 1115 sconn = (struct sockaddr_conn *)&laddr->ifa->address.sconn; 1116 rsconn = (struct sockaddr_conn *)to; 1117 if (sconn->sconn_addr == rsconn->sconn_addr) { 1118 SCTP_IPI_ADDR_RUNLOCK(); 1119 return (1); 1120 } 1121 break; 1122 } 1123 #endif 1124 default: 1125 /* TSNH */ 1126 break; 1127 } 1128 1129 } 1130 } 1131 SCTP_IPI_ADDR_RUNLOCK(); 1132 return (0); 1133 } 1134 1135 1136 static struct sctp_tcb * 1137 sctp_tcb_special_locate(struct sctp_inpcb **inp_p, struct sockaddr *from, 1138 struct sockaddr *to, struct sctp_nets **netp, uint32_t vrf_id) 1139 { 1140 /**** ASSUMES THE CALLER holds the INP_INFO_RLOCK */ 1141 /* 1142 * If we support the TCP model, then we must now dig through to see 1143 * if we can find our endpoint in the list of tcp ep's. 1144 */ 1145 uint16_t lport, rport; 1146 struct sctppcbhead *ephead; 1147 struct sctp_inpcb *inp; 1148 struct sctp_laddr *laddr; 1149 struct sctp_tcb *stcb; 1150 struct sctp_nets *net; 1151 #ifdef SCTP_MVRF 1152 int fnd, i; 1153 #endif 1154 1155 if ((to == NULL) || (from == NULL)) { 1156 return (NULL); 1157 } 1158 1159 switch (to->sa_family) { 1160 #ifdef INET 1161 case AF_INET: 1162 if (from->sa_family == AF_INET) { 1163 lport = ((struct sockaddr_in *)to)->sin_port; 1164 rport = ((struct sockaddr_in *)from)->sin_port; 1165 } else { 1166 return (NULL); 1167 } 1168 break; 1169 #endif 1170 #ifdef INET6 1171 case AF_INET6: 1172 if (from->sa_family == AF_INET6) { 1173 lport = ((struct sockaddr_in6 *)to)->sin6_port; 1174 rport = ((struct sockaddr_in6 *)from)->sin6_port; 1175 } else { 1176 return (NULL); 1177 } 1178 break; 1179 #endif 1180 #if defined(__Userspace__) 1181 case AF_CONN: 1182 if (from->sa_family == AF_CONN) { 1183 lport = ((struct sockaddr_conn *)to)->sconn_port; 1184 rport = ((struct sockaddr_conn *)from)->sconn_port; 1185 } else { 1186 return (NULL); 1187 } 1188 break; 1189 #endif 1190 default: 1191 return (NULL); 1192 } 1193 ephead = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR((lport | rport), SCTP_BASE_INFO(hashtcpmark))]; 1194 /* 1195 * Ok now for each of the guys in this bucket we must look and see: 1196 * - Does the remote port match. - Does there single association's 1197 * addresses match this address (to). If so we update p_ep to point 1198 * to this ep and return the tcb from it. 1199 */ 1200 LIST_FOREACH(inp, ephead, sctp_hash) { 1201 SCTP_INP_RLOCK(inp); 1202 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 1203 SCTP_INP_RUNLOCK(inp); 1204 continue; 1205 } 1206 if (lport != inp->sctp_lport) { 1207 SCTP_INP_RUNLOCK(inp); 1208 continue; 1209 } 1210 #ifdef SCTP_MVRF 1211 fnd = 0; 1212 for (i = 0; i < inp->num_vrfs; i++) { 1213 if (inp->m_vrf_ids[i] == vrf_id) { 1214 fnd = 1; 1215 break; 1216 } 1217 } 1218 if (fnd == 0) { 1219 SCTP_INP_RUNLOCK(inp); 1220 continue; 1221 } 1222 #else 1223 if (inp->def_vrf_id != vrf_id) { 1224 SCTP_INP_RUNLOCK(inp); 1225 continue; 1226 } 1227 #endif 1228 /* check to see if the ep has one of the addresses */ 1229 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) { 1230 /* We are NOT bound all, so look further */ 1231 int match = 0; 1232 1233 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 1234 1235 if (laddr->ifa == NULL) { 1236 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n", __FUNCTION__); 1237 continue; 1238 } 1239 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) { 1240 SCTPDBG(SCTP_DEBUG_PCB1, "ifa being deleted\n"); 1241 continue; 1242 } 1243 if (laddr->ifa->address.sa.sa_family == 1244 to->sa_family) { 1245 /* see if it matches */ 1246 #ifdef INET 1247 if (from->sa_family == AF_INET) { 1248 struct sockaddr_in *intf_addr, *sin; 1249 1250 intf_addr = &laddr->ifa->address.sin; 1251 sin = (struct sockaddr_in *)to; 1252 if (sin->sin_addr.s_addr == 1253 intf_addr->sin_addr.s_addr) { 1254 match = 1; 1255 break; 1256 } 1257 } 1258 #endif 1259 #ifdef INET6 1260 if (from->sa_family == AF_INET6) { 1261 struct sockaddr_in6 *intf_addr6; 1262 struct sockaddr_in6 *sin6; 1263 1264 sin6 = (struct sockaddr_in6 *) 1265 to; 1266 intf_addr6 = &laddr->ifa->address.sin6; 1267 1268 if (SCTP6_ARE_ADDR_EQUAL(sin6, 1269 intf_addr6)) { 1270 match = 1; 1271 break; 1272 } 1273 } 1274 #endif 1275 #if defined(__Userspace__) 1276 if (from->sa_family == AF_CONN) { 1277 struct sockaddr_conn *intf_addr, *sconn; 1278 1279 intf_addr = &laddr->ifa->address.sconn; 1280 sconn = (struct sockaddr_conn *)to; 1281 if (sconn->sconn_addr == 1282 intf_addr->sconn_addr) { 1283 match = 1; 1284 break; 1285 } 1286 } 1287 #endif 1288 } 1289 } 1290 if (match == 0) { 1291 /* This endpoint does not have this address */ 1292 SCTP_INP_RUNLOCK(inp); 1293 continue; 1294 } 1295 } 1296 /* 1297 * Ok if we hit here the ep has the address, does it hold 1298 * the tcb? 1299 */ 1300 /* XXX: Why don't we TAILQ_FOREACH through sctp_asoc_list? */ 1301 stcb = LIST_FIRST(&inp->sctp_asoc_list); 1302 if (stcb == NULL) { 1303 SCTP_INP_RUNLOCK(inp); 1304 continue; 1305 } 1306 SCTP_TCB_LOCK(stcb); 1307 if (!sctp_does_stcb_own_this_addr(stcb, to)) { 1308 SCTP_TCB_UNLOCK(stcb); 1309 SCTP_INP_RUNLOCK(inp); 1310 continue; 1311 } 1312 if (stcb->rport != rport) { 1313 /* remote port does not match. */ 1314 SCTP_TCB_UNLOCK(stcb); 1315 SCTP_INP_RUNLOCK(inp); 1316 continue; 1317 } 1318 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 1319 SCTP_TCB_UNLOCK(stcb); 1320 SCTP_INP_RUNLOCK(inp); 1321 continue; 1322 } 1323 if (!sctp_does_stcb_own_this_addr(stcb, to)) { 1324 SCTP_TCB_UNLOCK(stcb); 1325 SCTP_INP_RUNLOCK(inp); 1326 continue; 1327 } 1328 /* Does this TCB have a matching address? */ 1329 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1330 1331 if (net->ro._l_addr.sa.sa_family != from->sa_family) { 1332 /* not the same family, can't be a match */ 1333 continue; 1334 } 1335 switch (from->sa_family) { 1336 #ifdef INET 1337 case AF_INET: 1338 { 1339 struct sockaddr_in *sin, *rsin; 1340 1341 sin = (struct sockaddr_in *)&net->ro._l_addr; 1342 rsin = (struct sockaddr_in *)from; 1343 if (sin->sin_addr.s_addr == 1344 rsin->sin_addr.s_addr) { 1345 /* found it */ 1346 if (netp != NULL) { 1347 *netp = net; 1348 } 1349 /* Update the endpoint pointer */ 1350 *inp_p = inp; 1351 SCTP_INP_RUNLOCK(inp); 1352 return (stcb); 1353 } 1354 break; 1355 } 1356 #endif 1357 #ifdef INET6 1358 case AF_INET6: 1359 { 1360 struct sockaddr_in6 *sin6, *rsin6; 1361 1362 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 1363 rsin6 = (struct sockaddr_in6 *)from; 1364 if (SCTP6_ARE_ADDR_EQUAL(sin6, 1365 rsin6)) { 1366 /* found it */ 1367 if (netp != NULL) { 1368 *netp = net; 1369 } 1370 /* Update the endpoint pointer */ 1371 *inp_p = inp; 1372 SCTP_INP_RUNLOCK(inp); 1373 return (stcb); 1374 } 1375 break; 1376 } 1377 #endif 1378 #if defined(__Userspace__) 1379 case AF_CONN: 1380 { 1381 struct sockaddr_conn *sconn, *rsconn; 1382 1383 sconn = (struct sockaddr_conn *)&net->ro._l_addr; 1384 rsconn = (struct sockaddr_conn *)from; 1385 if (sconn->sconn_addr == rsconn->sconn_addr) { 1386 /* found it */ 1387 if (netp != NULL) { 1388 *netp = net; 1389 } 1390 /* Update the endpoint pointer */ 1391 *inp_p = inp; 1392 SCTP_INP_RUNLOCK(inp); 1393 return (stcb); 1394 } 1395 break; 1396 } 1397 #endif 1398 default: 1399 /* TSNH */ 1400 break; 1401 } 1402 } 1403 SCTP_TCB_UNLOCK(stcb); 1404 SCTP_INP_RUNLOCK(inp); 1405 } 1406 return (NULL); 1407 } 1408 1409 1410 /* 1411 * rules for use 1412 * 1413 * 1) If I return a NULL you must decrement any INP ref cnt. 2) If I find an 1414 * stcb, both will be locked (locked_tcb and stcb) but decrement will be done 1415 * (if locked == NULL). 3) Decrement happens on return ONLY if locked == 1416 * NULL. 1417 */ 1418 1419 struct sctp_tcb * 1420 sctp_findassociation_ep_addr(struct sctp_inpcb **inp_p, struct sockaddr *remote, 1421 struct sctp_nets **netp, struct sockaddr *local, struct sctp_tcb *locked_tcb) 1422 { 1423 struct sctpasochead *head; 1424 struct sctp_inpcb *inp; 1425 struct sctp_tcb *stcb = NULL; 1426 struct sctp_nets *net; 1427 uint16_t rport; 1428 1429 inp = *inp_p; 1430 switch (remote->sa_family) { 1431 #ifdef INET 1432 case AF_INET: 1433 rport = (((struct sockaddr_in *)remote)->sin_port); 1434 break; 1435 #endif 1436 #ifdef INET6 1437 case AF_INET6: 1438 rport = (((struct sockaddr_in6 *)remote)->sin6_port); 1439 break; 1440 #endif 1441 #if defined(__Userspace__) 1442 case AF_CONN: 1443 rport = (((struct sockaddr_in6 *)remote)->sin6_port); 1444 break; 1445 #endif 1446 default: 1447 return (NULL); 1448 } 1449 if (locked_tcb) { 1450 /* 1451 * UN-lock so we can do proper locking here this occurs when 1452 * called from load_addresses_from_init. 1453 */ 1454 atomic_add_int(&locked_tcb->asoc.refcnt, 1); 1455 SCTP_TCB_UNLOCK(locked_tcb); 1456 } 1457 SCTP_INP_INFO_RLOCK(); 1458 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 1459 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 1460 /*- 1461 * Now either this guy is our listener or it's the 1462 * connector. If it is the one that issued the connect, then 1463 * it's only chance is to be the first TCB in the list. If 1464 * it is the acceptor, then do the special_lookup to hash 1465 * and find the real inp. 1466 */ 1467 if ((inp->sctp_socket) && (inp->sctp_socket->so_qlimit)) { 1468 /* to is peer addr, from is my addr */ 1469 #ifndef SCTP_MVRF 1470 stcb = sctp_tcb_special_locate(inp_p, remote, local, 1471 netp, inp->def_vrf_id); 1472 if ((stcb != NULL) && (locked_tcb == NULL)) { 1473 /* we have a locked tcb, lower refcount */ 1474 SCTP_INP_DECR_REF(inp); 1475 } 1476 if ((locked_tcb != NULL) && (locked_tcb != stcb)) { 1477 SCTP_INP_RLOCK(locked_tcb->sctp_ep); 1478 SCTP_TCB_LOCK(locked_tcb); 1479 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1480 SCTP_INP_RUNLOCK(locked_tcb->sctp_ep); 1481 } 1482 #else 1483 /*- 1484 * MVRF is tricky, we must look in every VRF 1485 * the endpoint has. 1486 */ 1487 int i; 1488 1489 for (i = 0; i < inp->num_vrfs; i++) { 1490 stcb = sctp_tcb_special_locate(inp_p, remote, local, 1491 netp, inp->m_vrf_ids[i]); 1492 if ((stcb != NULL) && (locked_tcb == NULL)) { 1493 /* we have a locked tcb, lower refcount */ 1494 SCTP_INP_DECR_REF(inp); 1495 break; 1496 } 1497 if ((locked_tcb != NULL) && (locked_tcb != stcb)) { 1498 SCTP_INP_RLOCK(locked_tcb->sctp_ep); 1499 SCTP_TCB_LOCK(locked_tcb); 1500 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1501 SCTP_INP_RUNLOCK(locked_tcb->sctp_ep); 1502 break; 1503 } 1504 } 1505 #endif 1506 SCTP_INP_INFO_RUNLOCK(); 1507 return (stcb); 1508 } else { 1509 SCTP_INP_WLOCK(inp); 1510 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 1511 goto null_return; 1512 } 1513 stcb = LIST_FIRST(&inp->sctp_asoc_list); 1514 if (stcb == NULL) { 1515 goto null_return; 1516 } 1517 SCTP_TCB_LOCK(stcb); 1518 1519 if (stcb->rport != rport) { 1520 /* remote port does not match. */ 1521 SCTP_TCB_UNLOCK(stcb); 1522 goto null_return; 1523 } 1524 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 1525 SCTP_TCB_UNLOCK(stcb); 1526 goto null_return; 1527 } 1528 if (local && !sctp_does_stcb_own_this_addr(stcb, local)) { 1529 SCTP_TCB_UNLOCK(stcb); 1530 goto null_return; 1531 } 1532 /* now look at the list of remote addresses */ 1533 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1534 #ifdef INVARIANTS 1535 if (net == (TAILQ_NEXT(net, sctp_next))) { 1536 panic("Corrupt net list"); 1537 } 1538 #endif 1539 if (net->ro._l_addr.sa.sa_family != 1540 remote->sa_family) { 1541 /* not the same family */ 1542 continue; 1543 } 1544 switch (remote->sa_family) { 1545 #ifdef INET 1546 case AF_INET: 1547 { 1548 struct sockaddr_in *sin, *rsin; 1549 1550 sin = (struct sockaddr_in *) 1551 &net->ro._l_addr; 1552 rsin = (struct sockaddr_in *)remote; 1553 if (sin->sin_addr.s_addr == 1554 rsin->sin_addr.s_addr) { 1555 /* found it */ 1556 if (netp != NULL) { 1557 *netp = net; 1558 } 1559 if (locked_tcb == NULL) { 1560 SCTP_INP_DECR_REF(inp); 1561 } else if (locked_tcb != stcb) { 1562 SCTP_TCB_LOCK(locked_tcb); 1563 } 1564 if (locked_tcb) { 1565 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1566 } 1567 1568 SCTP_INP_WUNLOCK(inp); 1569 SCTP_INP_INFO_RUNLOCK(); 1570 return (stcb); 1571 } 1572 break; 1573 } 1574 #endif 1575 #ifdef INET6 1576 case AF_INET6: 1577 { 1578 struct sockaddr_in6 *sin6, *rsin6; 1579 1580 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 1581 rsin6 = (struct sockaddr_in6 *)remote; 1582 if (SCTP6_ARE_ADDR_EQUAL(sin6, 1583 rsin6)) { 1584 /* found it */ 1585 if (netp != NULL) { 1586 *netp = net; 1587 } 1588 if (locked_tcb == NULL) { 1589 SCTP_INP_DECR_REF(inp); 1590 } else if (locked_tcb != stcb) { 1591 SCTP_TCB_LOCK(locked_tcb); 1592 } 1593 if (locked_tcb) { 1594 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1595 } 1596 SCTP_INP_WUNLOCK(inp); 1597 SCTP_INP_INFO_RUNLOCK(); 1598 return (stcb); 1599 } 1600 break; 1601 } 1602 #endif 1603 #if defined(__Userspace__) 1604 case AF_CONN: 1605 { 1606 struct sockaddr_conn *sconn, *rsconn; 1607 1608 sconn = (struct sockaddr_conn *)&net->ro._l_addr; 1609 rsconn = (struct sockaddr_conn *)remote; 1610 if (sconn->sconn_addr == rsconn->sconn_addr) { 1611 /* found it */ 1612 if (netp != NULL) { 1613 *netp = net; 1614 } 1615 if (locked_tcb == NULL) { 1616 SCTP_INP_DECR_REF(inp); 1617 } else if (locked_tcb != stcb) { 1618 SCTP_TCB_LOCK(locked_tcb); 1619 } 1620 if (locked_tcb) { 1621 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1622 } 1623 SCTP_INP_WUNLOCK(inp); 1624 SCTP_INP_INFO_RUNLOCK(); 1625 return (stcb); 1626 } 1627 break; 1628 } 1629 #endif 1630 default: 1631 /* TSNH */ 1632 break; 1633 } 1634 } 1635 SCTP_TCB_UNLOCK(stcb); 1636 } 1637 } else { 1638 SCTP_INP_WLOCK(inp); 1639 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 1640 goto null_return; 1641 } 1642 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(rport, 1643 inp->sctp_hashmark)]; 1644 if (head == NULL) { 1645 goto null_return; 1646 } 1647 LIST_FOREACH(stcb, head, sctp_tcbhash) { 1648 if (stcb->rport != rport) { 1649 /* remote port does not match */ 1650 continue; 1651 } 1652 SCTP_TCB_LOCK(stcb); 1653 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 1654 SCTP_TCB_UNLOCK(stcb); 1655 continue; 1656 } 1657 if (local && !sctp_does_stcb_own_this_addr(stcb, local)) { 1658 SCTP_TCB_UNLOCK(stcb); 1659 continue; 1660 } 1661 /* now look at the list of remote addresses */ 1662 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 1663 #ifdef INVARIANTS 1664 if (net == (TAILQ_NEXT(net, sctp_next))) { 1665 panic("Corrupt net list"); 1666 } 1667 #endif 1668 if (net->ro._l_addr.sa.sa_family != 1669 remote->sa_family) { 1670 /* not the same family */ 1671 continue; 1672 } 1673 switch (remote->sa_family) { 1674 #ifdef INET 1675 case AF_INET: 1676 { 1677 struct sockaddr_in *sin, *rsin; 1678 1679 sin = (struct sockaddr_in *) 1680 &net->ro._l_addr; 1681 rsin = (struct sockaddr_in *)remote; 1682 if (sin->sin_addr.s_addr == 1683 rsin->sin_addr.s_addr) { 1684 /* found it */ 1685 if (netp != NULL) { 1686 *netp = net; 1687 } 1688 if (locked_tcb == NULL) { 1689 SCTP_INP_DECR_REF(inp); 1690 } else if (locked_tcb != stcb) { 1691 SCTP_TCB_LOCK(locked_tcb); 1692 } 1693 if (locked_tcb) { 1694 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1695 } 1696 SCTP_INP_WUNLOCK(inp); 1697 SCTP_INP_INFO_RUNLOCK(); 1698 return (stcb); 1699 } 1700 break; 1701 } 1702 #endif 1703 #ifdef INET6 1704 case AF_INET6: 1705 { 1706 struct sockaddr_in6 *sin6, *rsin6; 1707 1708 sin6 = (struct sockaddr_in6 *) 1709 &net->ro._l_addr; 1710 rsin6 = (struct sockaddr_in6 *)remote; 1711 if (SCTP6_ARE_ADDR_EQUAL(sin6, 1712 rsin6)) { 1713 /* found it */ 1714 if (netp != NULL) { 1715 *netp = net; 1716 } 1717 if (locked_tcb == NULL) { 1718 SCTP_INP_DECR_REF(inp); 1719 } else if (locked_tcb != stcb) { 1720 SCTP_TCB_LOCK(locked_tcb); 1721 } 1722 if (locked_tcb) { 1723 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1724 } 1725 SCTP_INP_WUNLOCK(inp); 1726 SCTP_INP_INFO_RUNLOCK(); 1727 return (stcb); 1728 } 1729 break; 1730 } 1731 #endif 1732 #if defined(__Userspace__) 1733 case AF_CONN: 1734 { 1735 struct sockaddr_conn *sconn, *rsconn; 1736 1737 sconn = (struct sockaddr_conn *)&net->ro._l_addr; 1738 rsconn = (struct sockaddr_conn *)remote; 1739 if (sconn->sconn_addr == rsconn->sconn_addr) { 1740 /* found it */ 1741 if (netp != NULL) { 1742 *netp = net; 1743 } 1744 if (locked_tcb == NULL) { 1745 SCTP_INP_DECR_REF(inp); 1746 } else if (locked_tcb != stcb) { 1747 SCTP_TCB_LOCK(locked_tcb); 1748 } 1749 if (locked_tcb) { 1750 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1751 } 1752 SCTP_INP_WUNLOCK(inp); 1753 SCTP_INP_INFO_RUNLOCK(); 1754 return (stcb); 1755 } 1756 break; 1757 } 1758 #endif 1759 default: 1760 /* TSNH */ 1761 break; 1762 } 1763 } 1764 SCTP_TCB_UNLOCK(stcb); 1765 } 1766 } 1767 null_return: 1768 /* clean up for returning null */ 1769 if (locked_tcb) { 1770 SCTP_TCB_LOCK(locked_tcb); 1771 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1); 1772 } 1773 SCTP_INP_WUNLOCK(inp); 1774 SCTP_INP_INFO_RUNLOCK(); 1775 /* not found */ 1776 return (NULL); 1777 } 1778 1779 1780 /* 1781 * Find an association for a specific endpoint using the association id given 1782 * out in the COMM_UP notification 1783 */ 1784 struct sctp_tcb * 1785 sctp_findasoc_ep_asocid_locked(struct sctp_inpcb *inp, sctp_assoc_t asoc_id, int want_lock) 1786 { 1787 /* 1788 * Use my the assoc_id to find a endpoint 1789 */ 1790 struct sctpasochead *head; 1791 struct sctp_tcb *stcb; 1792 uint32_t id; 1793 1794 if (inp == NULL) { 1795 SCTP_PRINTF("TSNH ep_associd\n"); 1796 return (NULL); 1797 } 1798 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 1799 SCTP_PRINTF("TSNH ep_associd0\n"); 1800 return (NULL); 1801 } 1802 id = (uint32_t)asoc_id; 1803 head = &inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(id, inp->hashasocidmark)]; 1804 if (head == NULL) { 1805 /* invalid id TSNH */ 1806 SCTP_PRINTF("TSNH ep_associd1\n"); 1807 return (NULL); 1808 } 1809 LIST_FOREACH(stcb, head, sctp_tcbasocidhash) { 1810 if (stcb->asoc.assoc_id == id) { 1811 if (inp != stcb->sctp_ep) { 1812 /* 1813 * some other guy has the same id active (id 1814 * collision ??). 1815 */ 1816 SCTP_PRINTF("TSNH ep_associd2\n"); 1817 continue; 1818 } 1819 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 1820 continue; 1821 } 1822 if (want_lock) { 1823 SCTP_TCB_LOCK(stcb); 1824 } 1825 return (stcb); 1826 } 1827 } 1828 return (NULL); 1829 } 1830 1831 1832 struct sctp_tcb * 1833 sctp_findassociation_ep_asocid(struct sctp_inpcb *inp, sctp_assoc_t asoc_id, int want_lock) 1834 { 1835 struct sctp_tcb *stcb; 1836 1837 SCTP_INP_RLOCK(inp); 1838 stcb = sctp_findasoc_ep_asocid_locked(inp, asoc_id, want_lock); 1839 SCTP_INP_RUNLOCK(inp); 1840 return (stcb); 1841 } 1842 1843 1844 /* 1845 * Endpoint probe expects that the INP_INFO is locked. 1846 */ 1847 static struct sctp_inpcb * 1848 sctp_endpoint_probe(struct sockaddr *nam, struct sctppcbhead *head, 1849 uint16_t lport, uint32_t vrf_id) 1850 { 1851 struct sctp_inpcb *inp; 1852 struct sctp_laddr *laddr; 1853 #ifdef INET 1854 struct sockaddr_in *sin; 1855 #endif 1856 #ifdef INET6 1857 struct sockaddr_in6 *sin6; 1858 struct sockaddr_in6 *intf_addr6; 1859 #endif 1860 #if defined(__Userspace__) 1861 struct sockaddr_conn *sconn; 1862 #endif 1863 #ifdef SCTP_MVRF 1864 int i; 1865 #endif 1866 int fnd; 1867 1868 #ifdef INET 1869 sin = NULL; 1870 #endif 1871 #ifdef INET6 1872 sin6 = NULL; 1873 #endif 1874 #if defined(__Userspace__) 1875 sconn = NULL; 1876 #endif 1877 switch (nam->sa_family) { 1878 #ifdef INET 1879 case AF_INET: 1880 sin = (struct sockaddr_in *)nam; 1881 break; 1882 #endif 1883 #ifdef INET6 1884 case AF_INET6: 1885 sin6 = (struct sockaddr_in6 *)nam; 1886 break; 1887 #endif 1888 #if defined(__Userspace__) 1889 case AF_CONN: 1890 sconn = (struct sockaddr_conn *)nam; 1891 break; 1892 #endif 1893 default: 1894 /* unsupported family */ 1895 return (NULL); 1896 } 1897 1898 if (head == NULL) 1899 return (NULL); 1900 1901 LIST_FOREACH(inp, head, sctp_hash) { 1902 SCTP_INP_RLOCK(inp); 1903 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 1904 SCTP_INP_RUNLOCK(inp); 1905 continue; 1906 } 1907 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) && 1908 (inp->sctp_lport == lport)) { 1909 /* got it */ 1910 #ifdef INET 1911 if ((nam->sa_family == AF_INET) && 1912 (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 1913 SCTP_IPV6_V6ONLY(inp)) { 1914 /* IPv4 on a IPv6 socket with ONLY IPv6 set */ 1915 SCTP_INP_RUNLOCK(inp); 1916 continue; 1917 } 1918 #endif 1919 #ifdef INET6 1920 /* A V6 address and the endpoint is NOT bound V6 */ 1921 if (nam->sa_family == AF_INET6 && 1922 (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { 1923 SCTP_INP_RUNLOCK(inp); 1924 continue; 1925 } 1926 #endif 1927 /* does a VRF id match? */ 1928 fnd = 0; 1929 #ifdef SCTP_MVRF 1930 for (i = 0; i < inp->num_vrfs; i++) { 1931 if (inp->m_vrf_ids[i] == vrf_id) { 1932 fnd = 1; 1933 break; 1934 } 1935 } 1936 #else 1937 if (inp->def_vrf_id == vrf_id) 1938 fnd = 1; 1939 #endif 1940 1941 SCTP_INP_RUNLOCK(inp); 1942 if (!fnd) 1943 continue; 1944 return (inp); 1945 } 1946 SCTP_INP_RUNLOCK(inp); 1947 } 1948 switch (nam->sa_family) { 1949 #ifdef INET 1950 case AF_INET: 1951 if (sin->sin_addr.s_addr == INADDR_ANY) { 1952 /* Can't hunt for one that has no address specified */ 1953 return (NULL); 1954 } 1955 break; 1956 #endif 1957 #ifdef INET6 1958 case AF_INET6: 1959 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 1960 /* Can't hunt for one that has no address specified */ 1961 return (NULL); 1962 } 1963 break; 1964 #endif 1965 #if defined(__Userspace__) 1966 case AF_CONN: 1967 if (sconn->sconn_addr == NULL) { 1968 return (NULL); 1969 } 1970 break; 1971 #endif 1972 default: 1973 break; 1974 } 1975 /* 1976 * ok, not bound to all so see if we can find a EP bound to this 1977 * address. 1978 */ 1979 LIST_FOREACH(inp, head, sctp_hash) { 1980 SCTP_INP_RLOCK(inp); 1981 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 1982 SCTP_INP_RUNLOCK(inp); 1983 continue; 1984 } 1985 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL)) { 1986 SCTP_INP_RUNLOCK(inp); 1987 continue; 1988 } 1989 /* 1990 * Ok this could be a likely candidate, look at all of its 1991 * addresses 1992 */ 1993 if (inp->sctp_lport != lport) { 1994 SCTP_INP_RUNLOCK(inp); 1995 continue; 1996 } 1997 /* does a VRF id match? */ 1998 fnd = 0; 1999 #ifdef SCTP_MVRF 2000 for (i = 0; i < inp->num_vrfs; i++) { 2001 if (inp->m_vrf_ids[i] == vrf_id) { 2002 fnd = 1; 2003 break; 2004 } 2005 } 2006 #else 2007 if (inp->def_vrf_id == vrf_id) 2008 fnd = 1; 2009 2010 #endif 2011 if (!fnd) { 2012 SCTP_INP_RUNLOCK(inp); 2013 continue; 2014 } 2015 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 2016 if (laddr->ifa == NULL) { 2017 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n", 2018 __FUNCTION__); 2019 continue; 2020 } 2021 SCTPDBG(SCTP_DEBUG_PCB1, "Ok laddr->ifa:%p is possible, ", 2022 (void *)laddr->ifa); 2023 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) { 2024 SCTPDBG(SCTP_DEBUG_PCB1, "Huh IFA being deleted\n"); 2025 continue; 2026 } 2027 if (laddr->ifa->address.sa.sa_family == nam->sa_family) { 2028 /* possible, see if it matches */ 2029 switch (nam->sa_family) { 2030 #ifdef INET 2031 case AF_INET: 2032 #if defined(__APPLE__) 2033 if (sin == NULL) { 2034 /* TSNH */ 2035 break; 2036 } 2037 #endif 2038 if (sin->sin_addr.s_addr == 2039 laddr->ifa->address.sin.sin_addr.s_addr) { 2040 SCTP_INP_RUNLOCK(inp); 2041 return (inp); 2042 } 2043 break; 2044 #endif 2045 #ifdef INET6 2046 case AF_INET6: 2047 intf_addr6 = &laddr->ifa->address.sin6; 2048 if (SCTP6_ARE_ADDR_EQUAL(sin6, 2049 intf_addr6)) { 2050 SCTP_INP_RUNLOCK(inp); 2051 return (inp); 2052 } 2053 break; 2054 #endif 2055 #if defined(__Userspace__) 2056 case AF_CONN: 2057 if (sconn->sconn_addr == laddr->ifa->address.sconn.sconn_addr) { 2058 SCTP_INP_RUNLOCK(inp); 2059 return (inp); 2060 } 2061 break; 2062 #endif 2063 } 2064 } 2065 } 2066 SCTP_INP_RUNLOCK(inp); 2067 } 2068 return (NULL); 2069 } 2070 2071 2072 static struct sctp_inpcb * 2073 sctp_isport_inuse(struct sctp_inpcb *inp, uint16_t lport, uint32_t vrf_id) 2074 { 2075 struct sctppcbhead *head; 2076 struct sctp_inpcb *t_inp; 2077 #ifdef SCTP_MVRF 2078 int i; 2079 #endif 2080 int fnd; 2081 2082 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport, 2083 SCTP_BASE_INFO(hashmark))]; 2084 LIST_FOREACH(t_inp, head, sctp_hash) { 2085 if (t_inp->sctp_lport != lport) { 2086 continue; 2087 } 2088 /* is it in the VRF in question */ 2089 fnd = 0; 2090 #ifdef SCTP_MVRF 2091 for (i = 0; i < inp->num_vrfs; i++) { 2092 if (t_inp->m_vrf_ids[i] == vrf_id) { 2093 fnd = 1; 2094 break; 2095 } 2096 } 2097 #else 2098 if (t_inp->def_vrf_id == vrf_id) 2099 fnd = 1; 2100 #endif 2101 if (!fnd) 2102 continue; 2103 2104 /* This one is in use. */ 2105 /* check the v6/v4 binding issue */ 2106 if ((t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 2107 SCTP_IPV6_V6ONLY(t_inp)) { 2108 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 2109 /* collision in V6 space */ 2110 return (t_inp); 2111 } else { 2112 /* inp is BOUND_V4 no conflict */ 2113 continue; 2114 } 2115 } else if (t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { 2116 /* t_inp is bound v4 and v6, conflict always */ 2117 return (t_inp); 2118 } else { 2119 /* t_inp is bound only V4 */ 2120 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && 2121 SCTP_IPV6_V6ONLY(inp)) { 2122 /* no conflict */ 2123 continue; 2124 } 2125 /* else fall through to conflict */ 2126 } 2127 return (t_inp); 2128 } 2129 return (NULL); 2130 } 2131 2132 2133 int 2134 sctp_swap_inpcb_for_listen(struct sctp_inpcb *inp) 2135 { 2136 /* For 1-2-1 with port reuse */ 2137 struct sctppcbhead *head; 2138 struct sctp_inpcb *tinp; 2139 2140 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_PORTREUSE)) { 2141 /* only works with port reuse on */ 2142 return (-1); 2143 } 2144 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) == 0) { 2145 return (0); 2146 } 2147 SCTP_INP_RUNLOCK(inp); 2148 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(inp->sctp_lport, 2149 SCTP_BASE_INFO(hashmark))]; 2150 /* Kick out all non-listeners to the TCP hash */ 2151 LIST_FOREACH(tinp, head, sctp_hash) { 2152 if (tinp->sctp_lport != inp->sctp_lport) { 2153 continue; 2154 } 2155 if (tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 2156 continue; 2157 } 2158 if (tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 2159 continue; 2160 } 2161 if (tinp->sctp_socket->so_qlimit) { 2162 continue; 2163 } 2164 SCTP_INP_WLOCK(tinp); 2165 LIST_REMOVE(tinp, sctp_hash); 2166 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR(tinp->sctp_lport, SCTP_BASE_INFO(hashtcpmark))]; 2167 tinp->sctp_flags |= SCTP_PCB_FLAGS_IN_TCPPOOL; 2168 LIST_INSERT_HEAD(head, tinp, sctp_hash); 2169 SCTP_INP_WUNLOCK(tinp); 2170 } 2171 SCTP_INP_WLOCK(inp); 2172 /* Pull from where he was */ 2173 LIST_REMOVE(inp, sctp_hash); 2174 inp->sctp_flags &= ~SCTP_PCB_FLAGS_IN_TCPPOOL; 2175 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(inp->sctp_lport, SCTP_BASE_INFO(hashmark))]; 2176 LIST_INSERT_HEAD(head, inp, sctp_hash); 2177 SCTP_INP_WUNLOCK(inp); 2178 SCTP_INP_RLOCK(inp); 2179 return (0); 2180 } 2181 2182 2183 struct sctp_inpcb * 2184 sctp_pcb_findep(struct sockaddr *nam, int find_tcp_pool, int have_lock, 2185 uint32_t vrf_id) 2186 { 2187 /* 2188 * First we check the hash table to see if someone has this port 2189 * bound with just the port. 2190 */ 2191 struct sctp_inpcb *inp; 2192 struct sctppcbhead *head; 2193 int lport; 2194 unsigned int i; 2195 #ifdef INET 2196 struct sockaddr_in *sin; 2197 #endif 2198 #ifdef INET6 2199 struct sockaddr_in6 *sin6; 2200 #endif 2201 #if defined(__Userspace__) 2202 struct sockaddr_conn *sconn; 2203 #endif 2204 2205 switch (nam->sa_family) { 2206 #ifdef INET 2207 case AF_INET: 2208 sin = (struct sockaddr_in *)nam; 2209 lport = sin->sin_port; 2210 break; 2211 #endif 2212 #ifdef INET6 2213 case AF_INET6: 2214 sin6 = (struct sockaddr_in6 *)nam; 2215 lport = sin6->sin6_port; 2216 break; 2217 #endif 2218 #if defined(__Userspace__) 2219 case AF_CONN: 2220 sconn = (struct sockaddr_conn *)nam; 2221 lport = sconn->sconn_port; 2222 break; 2223 #endif 2224 default: 2225 return (NULL); 2226 } 2227 /* 2228 * I could cheat here and just cast to one of the types but we will 2229 * do it right. It also provides the check against an Unsupported 2230 * type too. 2231 */ 2232 /* Find the head of the ALLADDR chain */ 2233 if (have_lock == 0) { 2234 SCTP_INP_INFO_RLOCK(); 2235 } 2236 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport, 2237 SCTP_BASE_INFO(hashmark))]; 2238 inp = sctp_endpoint_probe(nam, head, lport, vrf_id); 2239 2240 /* 2241 * If the TCP model exists it could be that the main listening 2242 * endpoint is gone but there still exists a connected socket for this 2243 * guy. If so we can return the first one that we find. This may NOT 2244 * be the correct one so the caller should be wary on the returned INP. 2245 * Currently the only caller that sets find_tcp_pool is in bindx where 2246 * we are verifying that a user CAN bind the address. He either 2247 * has bound it already, or someone else has, or its open to bind, 2248 * so this is good enough. 2249 */ 2250 if (inp == NULL && find_tcp_pool) { 2251 for (i = 0; i < SCTP_BASE_INFO(hashtcpmark) + 1; i++) { 2252 head = &SCTP_BASE_INFO(sctp_tcpephash)[i]; 2253 inp = sctp_endpoint_probe(nam, head, lport, vrf_id); 2254 if (inp) { 2255 break; 2256 } 2257 } 2258 } 2259 if (inp) { 2260 SCTP_INP_INCR_REF(inp); 2261 } 2262 if (have_lock == 0) { 2263 SCTP_INP_INFO_RUNLOCK(); 2264 } 2265 return (inp); 2266 } 2267 2268 2269 /* 2270 * Find an association for an endpoint with the pointer to whom you want to 2271 * send to and the endpoint pointer. The address can be IPv4 or IPv6. We may 2272 * need to change the *to to some other struct like a mbuf... 2273 */ 2274 struct sctp_tcb * 2275 sctp_findassociation_addr_sa(struct sockaddr *from, struct sockaddr *to, 2276 struct sctp_inpcb **inp_p, struct sctp_nets **netp, int find_tcp_pool, 2277 uint32_t vrf_id) 2278 { 2279 struct sctp_inpcb *inp = NULL; 2280 struct sctp_tcb *stcb; 2281 2282 SCTP_INP_INFO_RLOCK(); 2283 if (find_tcp_pool) { 2284 if (inp_p != NULL) { 2285 stcb = sctp_tcb_special_locate(inp_p, from, to, netp, 2286 vrf_id); 2287 } else { 2288 stcb = sctp_tcb_special_locate(&inp, from, to, netp, 2289 vrf_id); 2290 } 2291 if (stcb != NULL) { 2292 SCTP_INP_INFO_RUNLOCK(); 2293 return (stcb); 2294 } 2295 } 2296 inp = sctp_pcb_findep(to, 0, 1, vrf_id); 2297 if (inp_p != NULL) { 2298 *inp_p = inp; 2299 } 2300 SCTP_INP_INFO_RUNLOCK(); 2301 if (inp == NULL) { 2302 return (NULL); 2303 } 2304 /* 2305 * ok, we have an endpoint, now lets find the assoc for it (if any) 2306 * we now place the source address or from in the to of the find 2307 * endpoint call. Since in reality this chain is used from the 2308 * inbound packet side. 2309 */ 2310 if (inp_p != NULL) { 2311 stcb = sctp_findassociation_ep_addr(inp_p, from, netp, to, 2312 NULL); 2313 } else { 2314 stcb = sctp_findassociation_ep_addr(&inp, from, netp, to, 2315 NULL); 2316 } 2317 return (stcb); 2318 } 2319 2320 2321 /* 2322 * This routine will grub through the mbuf that is a INIT or INIT-ACK and 2323 * find all addresses that the sender has specified in any address list. Each 2324 * address will be used to lookup the TCB and see if one exits. 2325 */ 2326 static struct sctp_tcb * 2327 sctp_findassociation_special_addr(struct mbuf *m, int offset, 2328 struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp, 2329 struct sockaddr *dst) 2330 { 2331 struct sctp_paramhdr *phdr, parm_buf; 2332 #if defined(INET) || defined(INET6) 2333 struct sctp_tcb *stcb; 2334 uint16_t ptype; 2335 #endif 2336 uint16_t plen; 2337 #ifdef INET 2338 struct sockaddr_in sin4; 2339 #endif 2340 #ifdef INET6 2341 struct sockaddr_in6 sin6; 2342 #endif 2343 2344 #ifdef INET 2345 memset(&sin4, 0, sizeof(sin4)); 2346 #ifdef HAVE_SIN_LEN 2347 sin4.sin_len = sizeof(sin4); 2348 #endif 2349 sin4.sin_family = AF_INET; 2350 sin4.sin_port = sh->src_port; 2351 #endif 2352 #ifdef INET6 2353 memset(&sin6, 0, sizeof(sin6)); 2354 #ifdef HAVE_SIN6_LEN 2355 sin6.sin6_len = sizeof(sin6); 2356 #endif 2357 sin6.sin6_family = AF_INET6; 2358 sin6.sin6_port = sh->src_port; 2359 #endif 2360 2361 offset += sizeof(struct sctp_init_chunk); 2362 2363 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf)); 2364 while (phdr != NULL) { 2365 /* now we must see if we want the parameter */ 2366 #if defined(INET) || defined(INET6) 2367 ptype = ntohs(phdr->param_type); 2368 #endif 2369 plen = ntohs(phdr->param_length); 2370 if (plen == 0) { 2371 break; 2372 } 2373 #ifdef INET 2374 if (ptype == SCTP_IPV4_ADDRESS && 2375 plen == sizeof(struct sctp_ipv4addr_param)) { 2376 /* Get the rest of the address */ 2377 struct sctp_ipv4addr_param ip4_parm, *p4; 2378 2379 phdr = sctp_get_next_param(m, offset, 2380 (struct sctp_paramhdr *)&ip4_parm, min(plen, sizeof(ip4_parm))); 2381 if (phdr == NULL) { 2382 return (NULL); 2383 } 2384 p4 = (struct sctp_ipv4addr_param *)phdr; 2385 memcpy(&sin4.sin_addr, &p4->addr, sizeof(p4->addr)); 2386 /* look it up */ 2387 stcb = sctp_findassociation_ep_addr(inp_p, 2388 (struct sockaddr *)&sin4, netp, dst, NULL); 2389 if (stcb != NULL) { 2390 return (stcb); 2391 } 2392 } 2393 #endif 2394 #ifdef INET6 2395 if (ptype == SCTP_IPV6_ADDRESS && 2396 plen == sizeof(struct sctp_ipv6addr_param)) { 2397 /* Get the rest of the address */ 2398 struct sctp_ipv6addr_param ip6_parm, *p6; 2399 2400 phdr = sctp_get_next_param(m, offset, 2401 (struct sctp_paramhdr *)&ip6_parm, min(plen,sizeof(ip6_parm))); 2402 if (phdr == NULL) { 2403 return (NULL); 2404 } 2405 p6 = (struct sctp_ipv6addr_param *)phdr; 2406 memcpy(&sin6.sin6_addr, &p6->addr, sizeof(p6->addr)); 2407 /* look it up */ 2408 stcb = sctp_findassociation_ep_addr(inp_p, 2409 (struct sockaddr *)&sin6, netp, dst, NULL); 2410 if (stcb != NULL) { 2411 return (stcb); 2412 } 2413 } 2414 #endif 2415 offset += SCTP_SIZE32(plen); 2416 phdr = sctp_get_next_param(m, offset, &parm_buf, 2417 sizeof(parm_buf)); 2418 } 2419 return (NULL); 2420 } 2421 2422 static struct sctp_tcb * 2423 sctp_findassoc_by_vtag(struct sockaddr *from, struct sockaddr *to, uint32_t vtag, 2424 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint16_t rport, 2425 uint16_t lport, int skip_src_check, uint32_t vrf_id, uint32_t remote_tag) 2426 { 2427 /* 2428 * Use my vtag to hash. If we find it we then verify the source addr 2429 * is in the assoc. If all goes well we save a bit on rec of a 2430 * packet. 2431 */ 2432 struct sctpasochead *head; 2433 struct sctp_nets *net; 2434 struct sctp_tcb *stcb; 2435 #ifdef SCTP_MVRF 2436 unsigned int i; 2437 #endif 2438 2439 SCTP_INP_INFO_RLOCK(); 2440 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(vtag, 2441 SCTP_BASE_INFO(hashasocmark))]; 2442 if (head == NULL) { 2443 /* invalid vtag */ 2444 SCTP_INP_INFO_RUNLOCK(); 2445 return (NULL); 2446 } 2447 LIST_FOREACH(stcb, head, sctp_asocs) { 2448 SCTP_INP_RLOCK(stcb->sctp_ep); 2449 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 2450 SCTP_INP_RUNLOCK(stcb->sctp_ep); 2451 continue; 2452 } 2453 #ifdef SCTP_MVRF 2454 for (i = 0; i < stcb->sctp_ep->num_vrfs; i++) { 2455 if (stcb->sctp_ep->m_vrf_ids[i] == vrf_id) { 2456 break; 2457 } 2458 } 2459 if (i == stcb->sctp_ep->num_vrfs) { 2460 SCTP_INP_RUNLOCK(inp); 2461 continue; 2462 } 2463 #else 2464 if (stcb->sctp_ep->def_vrf_id != vrf_id) { 2465 SCTP_INP_RUNLOCK(stcb->sctp_ep); 2466 continue; 2467 } 2468 #endif 2469 SCTP_TCB_LOCK(stcb); 2470 SCTP_INP_RUNLOCK(stcb->sctp_ep); 2471 if (stcb->asoc.my_vtag == vtag) { 2472 /* candidate */ 2473 if (stcb->rport != rport) { 2474 SCTP_TCB_UNLOCK(stcb); 2475 continue; 2476 } 2477 if (stcb->sctp_ep->sctp_lport != lport) { 2478 SCTP_TCB_UNLOCK(stcb); 2479 continue; 2480 } 2481 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 2482 SCTP_TCB_UNLOCK(stcb); 2483 continue; 2484 } 2485 /* RRS:Need toaddr check here */ 2486 if (sctp_does_stcb_own_this_addr(stcb, to) == 0) { 2487 /* Endpoint does not own this address */ 2488 SCTP_TCB_UNLOCK(stcb); 2489 continue; 2490 } 2491 if (remote_tag) { 2492 /* If we have both vtags that's all we match on */ 2493 if (stcb->asoc.peer_vtag == remote_tag) { 2494 /* If both tags match we consider it conclusive 2495 * and check NO source/destination addresses 2496 */ 2497 goto conclusive; 2498 } 2499 } 2500 if (skip_src_check) { 2501 conclusive: 2502 if (from) { 2503 *netp = sctp_findnet(stcb, from); 2504 } else { 2505 *netp = NULL; /* unknown */ 2506 } 2507 if (inp_p) 2508 *inp_p = stcb->sctp_ep; 2509 SCTP_INP_INFO_RUNLOCK(); 2510 return (stcb); 2511 } 2512 net = sctp_findnet(stcb, from); 2513 if (net) { 2514 /* yep its him. */ 2515 *netp = net; 2516 SCTP_STAT_INCR(sctps_vtagexpress); 2517 *inp_p = stcb->sctp_ep; 2518 SCTP_INP_INFO_RUNLOCK(); 2519 return (stcb); 2520 } else { 2521 /* 2522 * not him, this should only happen in rare 2523 * cases so I peg it. 2524 */ 2525 SCTP_STAT_INCR(sctps_vtagbogus); 2526 } 2527 } 2528 SCTP_TCB_UNLOCK(stcb); 2529 } 2530 SCTP_INP_INFO_RUNLOCK(); 2531 return (NULL); 2532 } 2533 2534 2535 /* 2536 * Find an association with the pointer to the inbound IP packet. This can be 2537 * a IPv4 or IPv6 packet. 2538 */ 2539 struct sctp_tcb * 2540 sctp_findassociation_addr(struct mbuf *m, int offset, 2541 struct sockaddr *src, struct sockaddr *dst, 2542 struct sctphdr *sh, struct sctp_chunkhdr *ch, 2543 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint32_t vrf_id) 2544 { 2545 int find_tcp_pool; 2546 struct sctp_tcb *stcb; 2547 struct sctp_inpcb *inp; 2548 2549 if (sh->v_tag) { 2550 /* we only go down this path if vtag is non-zero */ 2551 stcb = sctp_findassoc_by_vtag(src, dst, ntohl(sh->v_tag), 2552 inp_p, netp, sh->src_port, sh->dest_port, 0, vrf_id, 0); 2553 if (stcb) { 2554 return (stcb); 2555 } 2556 } 2557 2558 find_tcp_pool = 0; 2559 if ((ch->chunk_type != SCTP_INITIATION) && 2560 (ch->chunk_type != SCTP_INITIATION_ACK) && 2561 (ch->chunk_type != SCTP_COOKIE_ACK) && 2562 (ch->chunk_type != SCTP_COOKIE_ECHO)) { 2563 /* Other chunk types go to the tcp pool. */ 2564 find_tcp_pool = 1; 2565 } 2566 if (inp_p) { 2567 stcb = sctp_findassociation_addr_sa(src, dst, inp_p, netp, 2568 find_tcp_pool, vrf_id); 2569 inp = *inp_p; 2570 } else { 2571 stcb = sctp_findassociation_addr_sa(src, dst, &inp, netp, 2572 find_tcp_pool, vrf_id); 2573 } 2574 SCTPDBG(SCTP_DEBUG_PCB1, "stcb:%p inp:%p\n", (void *)stcb, (void *)inp); 2575 if (stcb == NULL && inp) { 2576 /* Found a EP but not this address */ 2577 if ((ch->chunk_type == SCTP_INITIATION) || 2578 (ch->chunk_type == SCTP_INITIATION_ACK)) { 2579 /*- 2580 * special hook, we do NOT return linp or an 2581 * association that is linked to an existing 2582 * association that is under the TCP pool (i.e. no 2583 * listener exists). The endpoint finding routine 2584 * will always find a listener before examining the 2585 * TCP pool. 2586 */ 2587 if (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) { 2588 if (inp_p) { 2589 *inp_p = NULL; 2590 } 2591 return (NULL); 2592 } 2593 stcb = sctp_findassociation_special_addr(m, 2594 offset, sh, &inp, netp, dst); 2595 if (inp_p != NULL) { 2596 *inp_p = inp; 2597 } 2598 } 2599 } 2600 SCTPDBG(SCTP_DEBUG_PCB1, "stcb is %p\n", (void *)stcb); 2601 return (stcb); 2602 } 2603 2604 /* 2605 * lookup an association by an ASCONF lookup address. 2606 * if the lookup address is 0.0.0.0 or ::0, use the vtag to do the lookup 2607 */ 2608 struct sctp_tcb * 2609 sctp_findassociation_ep_asconf(struct mbuf *m, int offset, 2610 struct sockaddr *dst, struct sctphdr *sh, 2611 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint32_t vrf_id) 2612 { 2613 struct sctp_tcb *stcb; 2614 struct sockaddr_storage remote_store; 2615 struct sctp_paramhdr parm_buf, *phdr; 2616 int ptype; 2617 int zero_address = 0; 2618 #ifdef INET 2619 struct sockaddr_in *sin; 2620 #endif 2621 #ifdef INET6 2622 struct sockaddr_in6 *sin6; 2623 #endif 2624 2625 memset(&remote_store, 0, sizeof(remote_store)); 2626 phdr = sctp_get_next_param(m, offset + sizeof(struct sctp_asconf_chunk), 2627 &parm_buf, sizeof(struct sctp_paramhdr)); 2628 if (phdr == NULL) { 2629 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf lookup addr\n", 2630 __FUNCTION__); 2631 return NULL; 2632 } 2633 ptype = (int)((uint32_t) ntohs(phdr->param_type)); 2634 /* get the correlation address */ 2635 switch (ptype) { 2636 #ifdef INET6 2637 case SCTP_IPV6_ADDRESS: 2638 { 2639 /* ipv6 address param */ 2640 struct sctp_ipv6addr_param *p6, p6_buf; 2641 2642 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv6addr_param)) { 2643 return NULL; 2644 } 2645 p6 = (struct sctp_ipv6addr_param *)sctp_get_next_param(m, 2646 offset + sizeof(struct sctp_asconf_chunk), 2647 &p6_buf.ph, sizeof(*p6)); 2648 if (p6 == NULL) { 2649 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v6 lookup addr\n", 2650 __FUNCTION__); 2651 return (NULL); 2652 } 2653 sin6 = (struct sockaddr_in6 *)&remote_store; 2654 sin6->sin6_family = AF_INET6; 2655 #ifdef HAVE_SIN6_LEN 2656 sin6->sin6_len = sizeof(*sin6); 2657 #endif 2658 sin6->sin6_port = sh->src_port; 2659 memcpy(&sin6->sin6_addr, &p6->addr, sizeof(struct in6_addr)); 2660 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) 2661 zero_address = 1; 2662 break; 2663 } 2664 #endif 2665 #ifdef INET 2666 case SCTP_IPV4_ADDRESS: 2667 { 2668 /* ipv4 address param */ 2669 struct sctp_ipv4addr_param *p4, p4_buf; 2670 2671 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv4addr_param)) { 2672 return NULL; 2673 } 2674 p4 = (struct sctp_ipv4addr_param *)sctp_get_next_param(m, 2675 offset + sizeof(struct sctp_asconf_chunk), 2676 &p4_buf.ph, sizeof(*p4)); 2677 if (p4 == NULL) { 2678 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v4 lookup addr\n", 2679 __FUNCTION__); 2680 return (NULL); 2681 } 2682 sin = (struct sockaddr_in *)&remote_store; 2683 sin->sin_family = AF_INET; 2684 #ifdef HAVE_SIN_LEN 2685 sin->sin_len = sizeof(*sin); 2686 #endif 2687 sin->sin_port = sh->src_port; 2688 memcpy(&sin->sin_addr, &p4->addr, sizeof(struct in_addr)); 2689 if (sin->sin_addr.s_addr == INADDR_ANY) 2690 zero_address = 1; 2691 break; 2692 } 2693 #endif 2694 default: 2695 /* invalid address param type */ 2696 return NULL; 2697 } 2698 2699 if (zero_address) { 2700 stcb = sctp_findassoc_by_vtag(NULL, dst, ntohl(sh->v_tag), inp_p, 2701 netp, sh->src_port, sh->dest_port, 1, vrf_id, 0); 2702 if (stcb != NULL) { 2703 SCTP_INP_DECR_REF(*inp_p); 2704 } 2705 } else { 2706 stcb = sctp_findassociation_ep_addr(inp_p, 2707 (struct sockaddr *)&remote_store, netp, 2708 dst, NULL); 2709 } 2710 return (stcb); 2711 } 2712 2713 2714 /* 2715 * allocate a sctp_inpcb and setup a temporary binding to a port/all 2716 * addresses. This way if we don't get a bind we by default pick a ephemeral 2717 * port with all addresses bound. 2718 */ 2719 int 2720 sctp_inpcb_alloc(struct socket *so, uint32_t vrf_id) 2721 { 2722 /* 2723 * we get called when a new endpoint starts up. We need to allocate 2724 * the sctp_inpcb structure from the zone and init it. Mark it as 2725 * unbound and find a port that we can use as an ephemeral with 2726 * INADDR_ANY. If the user binds later no problem we can then add in 2727 * the specific addresses. And setup the default parameters for the 2728 * EP. 2729 */ 2730 int i, error; 2731 struct sctp_inpcb *inp; 2732 struct sctp_pcb *m; 2733 struct timeval time; 2734 sctp_sharedkey_t *null_key; 2735 2736 error = 0; 2737 2738 SCTP_INP_INFO_WLOCK(); 2739 inp = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_ep), struct sctp_inpcb); 2740 if (inp == NULL) { 2741 SCTP_PRINTF("Out of SCTP-INPCB structures - no resources\n"); 2742 SCTP_INP_INFO_WUNLOCK(); 2743 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS); 2744 return (ENOBUFS); 2745 } 2746 /* zap it */ 2747 bzero(inp, sizeof(*inp)); 2748 2749 /* bump generations */ 2750 #if defined(__APPLE__) 2751 inp->ip_inp.inp.inp_state = INPCB_STATE_INUSE; 2752 #endif 2753 /* setup socket pointers */ 2754 inp->sctp_socket = so; 2755 inp->ip_inp.inp.inp_socket = so; 2756 #ifdef INET6 2757 #if !defined(__Userspace__) && !defined(__Windows__) 2758 if (INP_SOCKAF(so) == AF_INET6) { 2759 if (MODULE_GLOBAL(ip6_auto_flowlabel)) { 2760 inp->ip_inp.inp.inp_flags |= IN6P_AUTOFLOWLABEL; 2761 } 2762 if (MODULE_GLOBAL(ip6_v6only)) { 2763 inp->ip_inp.inp.inp_flags |= IN6P_IPV6_V6ONLY; 2764 } 2765 } 2766 #endif 2767 #endif 2768 inp->sctp_associd_counter = 1; 2769 inp->partial_delivery_point = SCTP_SB_LIMIT_RCV(so) >> SCTP_PARTIAL_DELIVERY_SHIFT; 2770 inp->sctp_frag_point = SCTP_DEFAULT_MAXSEGMENT; 2771 inp->sctp_cmt_on_off = SCTP_BASE_SYSCTL(sctp_cmt_on_off); 2772 inp->sctp_ecn_enable = SCTP_BASE_SYSCTL(sctp_ecn_enable); 2773 #if defined(__Userspace__) 2774 inp->ulp_info = NULL; 2775 inp->recv_callback = NULL; 2776 inp->send_callback = NULL; 2777 inp->send_sb_threshold = 0; 2778 #endif 2779 /* init the small hash table we use to track asocid <-> tcb */ 2780 inp->sctp_asocidhash = SCTP_HASH_INIT(SCTP_STACK_VTAG_HASH_SIZE, &inp->hashasocidmark); 2781 if (inp->sctp_asocidhash == NULL) { 2782 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); 2783 SCTP_INP_INFO_WUNLOCK(); 2784 return (ENOBUFS); 2785 } 2786 #ifdef IPSEC 2787 #if !(defined(__APPLE__)) 2788 { 2789 struct inpcbpolicy *pcb_sp = NULL; 2790 2791 error = ipsec_init_policy(so, &pcb_sp); 2792 /* Arrange to share the policy */ 2793 inp->ip_inp.inp.inp_sp = pcb_sp; 2794 ((struct in6pcb *)(&inp->ip_inp.inp))->in6p_sp = pcb_sp; 2795 } 2796 #else 2797 /* not sure what to do for openbsd here */ 2798 error = 0; 2799 #endif 2800 if (error != 0) { 2801 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); 2802 SCTP_INP_INFO_WUNLOCK(); 2803 return error; 2804 } 2805 #endif /* IPSEC */ 2806 SCTP_INCR_EP_COUNT(); 2807 inp->ip_inp.inp.inp_ip_ttl = MODULE_GLOBAL(ip_defttl); 2808 SCTP_INP_INFO_WUNLOCK(); 2809 2810 so->so_pcb = (caddr_t)inp; 2811 2812 #if defined(__FreeBSD__) && __FreeBSD_version < 803000 2813 if ((SCTP_SO_TYPE(so) == SOCK_DGRAM) || 2814 (SCTP_SO_TYPE(so) == SOCK_SEQPACKET)) { 2815 #else 2816 if (SCTP_SO_TYPE(so) == SOCK_SEQPACKET) { 2817 #endif 2818 /* UDP style socket */ 2819 inp->sctp_flags = (SCTP_PCB_FLAGS_UDPTYPE | 2820 SCTP_PCB_FLAGS_UNBOUND); 2821 /* Be sure it is NON-BLOCKING IO for UDP */ 2822 /* SCTP_SET_SO_NBIO(so); */ 2823 } else if (SCTP_SO_TYPE(so) == SOCK_STREAM) { 2824 /* TCP style socket */ 2825 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE | 2826 SCTP_PCB_FLAGS_UNBOUND); 2827 /* Be sure we have blocking IO by default */ 2828 SCTP_CLEAR_SO_NBIO(so); 2829 #if defined(__Panda__) 2830 } else if (SCTP_SO_TYPE(so) == SOCK_FASTSEQPACKET) { 2831 inp->sctp_flags = (SCTP_PCB_FLAGS_UDPTYPE | 2832 SCTP_PCB_FLAGS_UNBOUND); 2833 sctp_feature_on(inp, SCTP_PCB_FLAGS_ZERO_COPY_ACTIVE); 2834 } else if (SCTP_SO_TYPE(so) == SOCK_FASTSTREAM) { 2835 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE | 2836 SCTP_PCB_FLAGS_UNBOUND); 2837 sctp_feature_on(inp, SCTP_PCB_FLAGS_ZERO_COPY_ACTIVE); 2838 #endif 2839 } else { 2840 /* 2841 * unsupported socket type (RAW, etc)- in case we missed it 2842 * in protosw 2843 */ 2844 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EOPNOTSUPP); 2845 so->so_pcb = NULL; 2846 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); 2847 return (EOPNOTSUPP); 2848 } 2849 if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_1) { 2850 sctp_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE); 2851 sctp_feature_off(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS); 2852 } else if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_2) { 2853 sctp_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE); 2854 sctp_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS); 2855 } else if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_0) { 2856 sctp_feature_off(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE); 2857 sctp_feature_off(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS); 2858 } 2859 inp->sctp_tcbhash = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_pcbtblsize), 2860 &inp->sctp_hashmark); 2861 if (inp->sctp_tcbhash == NULL) { 2862 SCTP_PRINTF("Out of SCTP-INPCB->hashinit - no resources\n"); 2863 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS); 2864 so->so_pcb = NULL; 2865 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); 2866 return (ENOBUFS); 2867 } 2868 #ifdef SCTP_MVRF 2869 inp->vrf_size = SCTP_DEFAULT_VRF_SIZE; 2870 SCTP_MALLOC(inp->m_vrf_ids, uint32_t *, 2871 (sizeof(uint32_t) * inp->vrf_size), SCTP_M_MVRF); 2872 if (inp->m_vrf_ids == NULL) { 2873 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS); 2874 so->so_pcb = NULL; 2875 SCTP_HASH_FREE(inp->sctp_tcbhash, inp->sctp_hashmark); 2876 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); 2877 return (ENOBUFS); 2878 } 2879 inp->m_vrf_ids[0] = vrf_id; 2880 inp->num_vrfs = 1; 2881 #endif 2882 inp->def_vrf_id = vrf_id; 2883 2884 #if defined(__APPLE__) 2885 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) 2886 inp->ip_inp.inp.inpcb_mtx = lck_mtx_alloc_init(SCTP_BASE_INFO(sctbinfo).mtx_grp, SCTP_BASE_INFO(sctbinfo).mtx_attr); 2887 if (inp->ip_inp.inp.inpcb_mtx == NULL) { 2888 SCTP_PRINTF("in_pcballoc: can't alloc mutex! so=%p\n", (void *)so); 2889 #ifdef SCTP_MVRF 2890 SCTP_FREE(inp->m_vrf_ids, SCTP_M_MVRF); 2891 #endif 2892 SCTP_HASH_FREE(inp->sctp_tcbhash, inp->sctp_hashmark); 2893 so->so_pcb = NULL; 2894 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); 2895 SCTP_UNLOCK_EXC(SCTP_BASE_INFO(sctbinfo).ipi_lock); 2896 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM); 2897 return (ENOMEM); 2898 } 2899 #elif defined(APPLE_LION) || defined(APPLE_MOUNTAINLION) 2900 lck_mtx_init(&inp->ip_inp.inp.inpcb_mtx, SCTP_BASE_INFO(sctbinfo).mtx_grp, SCTP_BASE_INFO(sctbinfo).mtx_attr); 2901 #else 2902 lck_mtx_init(&inp->ip_inp.inp.inpcb_mtx, SCTP_BASE_INFO(sctbinfo).ipi_lock_grp, SCTP_BASE_INFO(sctbinfo).ipi_lock_attr); 2903 #endif 2904 #endif 2905 SCTP_INP_INFO_WLOCK(); 2906 SCTP_INP_LOCK_INIT(inp); 2907 #if defined(__FreeBSD__) 2908 INP_LOCK_INIT(&inp->ip_inp.inp, "inp", "sctpinp"); 2909 #endif 2910 SCTP_INP_READ_INIT(inp); 2911 SCTP_ASOC_CREATE_LOCK_INIT(inp); 2912 /* lock the new ep */ 2913 SCTP_INP_WLOCK(inp); 2914 2915 /* add it to the info area */ 2916 LIST_INSERT_HEAD(&SCTP_BASE_INFO(listhead), inp, sctp_list); 2917 #if defined(__APPLE__) 2918 inp->ip_inp.inp.inp_pcbinfo = &SCTP_BASE_INFO(sctbinfo); 2919 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) || defined(APPLE_LION) || defined(APPLE_MOUNTAINLION) 2920 LIST_INSERT_HEAD(SCTP_BASE_INFO(sctbinfo).listhead, &inp->ip_inp.inp, inp_list); 2921 #else 2922 LIST_INSERT_HEAD(SCTP_BASE_INFO(sctbinfo).ipi_listhead, &inp->ip_inp.inp, inp_list); 2923 #endif 2924 #endif 2925 SCTP_INP_INFO_WUNLOCK(); 2926 2927 TAILQ_INIT(&inp->read_queue); 2928 LIST_INIT(&inp->sctp_addr_list); 2929 2930 LIST_INIT(&inp->sctp_asoc_list); 2931 2932 #ifdef SCTP_TRACK_FREED_ASOCS 2933 /* TEMP CODE */ 2934 LIST_INIT(&inp->sctp_asoc_free_list); 2935 #endif 2936 /* Init the timer structure for signature change */ 2937 SCTP_OS_TIMER_INIT(&inp->sctp_ep.signature_change.timer); 2938 inp->sctp_ep.signature_change.type = SCTP_TIMER_TYPE_NEWCOOKIE; 2939 2940 /* now init the actual endpoint default data */ 2941 m = &inp->sctp_ep; 2942 2943 /* setup the base timeout information */ 2944 m->sctp_timeoutticks[SCTP_TIMER_SEND] = SEC_TO_TICKS(SCTP_SEND_SEC); /* needed ? */ 2945 m->sctp_timeoutticks[SCTP_TIMER_INIT] = SEC_TO_TICKS(SCTP_INIT_SEC); /* needed ? */ 2946 m->sctp_timeoutticks[SCTP_TIMER_RECV] = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_delayed_sack_time_default)); 2947 m->sctp_timeoutticks[SCTP_TIMER_HEARTBEAT] = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_heartbeat_interval_default)); 2948 m->sctp_timeoutticks[SCTP_TIMER_PMTU] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_pmtu_raise_time_default)); 2949 m->sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_shutdown_guard_time_default)); 2950 m->sctp_timeoutticks[SCTP_TIMER_SIGNATURE] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_secret_lifetime_default)); 2951 /* all max/min max are in ms */ 2952 m->sctp_maxrto = SCTP_BASE_SYSCTL(sctp_rto_max_default); 2953 m->sctp_minrto = SCTP_BASE_SYSCTL(sctp_rto_min_default); 2954 m->initial_rto = SCTP_BASE_SYSCTL(sctp_rto_initial_default); 2955 m->initial_init_rto_max = SCTP_BASE_SYSCTL(sctp_init_rto_max_default); 2956 m->sctp_sack_freq = SCTP_BASE_SYSCTL(sctp_sack_freq_default); 2957 m->max_init_times = SCTP_BASE_SYSCTL(sctp_init_rtx_max_default); 2958 m->max_send_times = SCTP_BASE_SYSCTL(sctp_assoc_rtx_max_default); 2959 m->def_net_failure = SCTP_BASE_SYSCTL(sctp_path_rtx_max_default); 2960 m->def_net_pf_threshold = SCTP_BASE_SYSCTL(sctp_path_pf_threshold); 2961 m->sctp_sws_sender = SCTP_SWS_SENDER_DEF; 2962 m->sctp_sws_receiver = SCTP_SWS_RECEIVER_DEF; 2963 m->max_burst = SCTP_BASE_SYSCTL(sctp_max_burst_default); 2964 m->fr_max_burst = SCTP_BASE_SYSCTL(sctp_fr_max_burst_default); 2965 2966 m->sctp_default_cc_module = SCTP_BASE_SYSCTL(sctp_default_cc_module); 2967 m->sctp_default_ss_module = SCTP_BASE_SYSCTL(sctp_default_ss_module); 2968 m->max_open_streams_intome = SCTP_BASE_SYSCTL(sctp_nr_incoming_streams_default); 2969 /* number of streams to pre-open on a association */ 2970 m->pre_open_stream_count = SCTP_BASE_SYSCTL(sctp_nr_outgoing_streams_default); 2971 2972 /* Add adaptation cookie */ 2973 m->adaptation_layer_indicator = 0; 2974 m->adaptation_layer_indicator_provided = 0; 2975 2976 /* seed random number generator */ 2977 m->random_counter = 1; 2978 m->store_at = SCTP_SIGNATURE_SIZE; 2979 SCTP_READ_RANDOM(m->random_numbers, sizeof(m->random_numbers)); 2980 sctp_fill_random_store(m); 2981 2982 /* Minimum cookie size */ 2983 m->size_of_a_cookie = (sizeof(struct sctp_init_msg) * 2) + 2984 sizeof(struct sctp_state_cookie); 2985 m->size_of_a_cookie += SCTP_SIGNATURE_SIZE; 2986 2987 /* Setup the initial secret */ 2988 (void)SCTP_GETTIME_TIMEVAL(&time); 2989 m->time_of_secret_change = time.tv_sec; 2990 2991 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) { 2992 m->secret_key[0][i] = sctp_select_initial_TSN(m); 2993 } 2994 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL); 2995 2996 /* How long is a cookie good for ? */ 2997 m->def_cookie_life = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_valid_cookie_life_default)); 2998 /* 2999 * Initialize authentication parameters 3000 */ 3001 m->local_hmacs = sctp_default_supported_hmaclist(); 3002 m->local_auth_chunks = sctp_alloc_chunklist(); 3003 m->default_dscp = 0; 3004 #ifdef INET6 3005 m->default_flowlabel = 0; 3006 #endif 3007 m->port = 0; /* encapsulation disabled by default */ 3008 sctp_auth_set_default_chunks(m->local_auth_chunks); 3009 LIST_INIT(&m->shared_keys); 3010 /* add default NULL key as key id 0 */ 3011 null_key = sctp_alloc_sharedkey(); 3012 sctp_insert_sharedkey(&m->shared_keys, null_key); 3013 SCTP_INP_WUNLOCK(inp); 3014 #ifdef SCTP_LOG_CLOSING 3015 sctp_log_closing(inp, NULL, 12); 3016 #endif 3017 return (error); 3018 } 3019 3020 3021 void 3022 sctp_move_pcb_and_assoc(struct sctp_inpcb *old_inp, struct sctp_inpcb *new_inp, 3023 struct sctp_tcb *stcb) 3024 { 3025 struct sctp_nets *net; 3026 uint16_t lport, rport; 3027 struct sctppcbhead *head; 3028 struct sctp_laddr *laddr, *oladdr; 3029 3030 atomic_add_int(&stcb->asoc.refcnt, 1); 3031 SCTP_TCB_UNLOCK(stcb); 3032 SCTP_INP_INFO_WLOCK(); 3033 SCTP_INP_WLOCK(old_inp); 3034 SCTP_INP_WLOCK(new_inp); 3035 SCTP_TCB_LOCK(stcb); 3036 atomic_subtract_int(&stcb->asoc.refcnt, 1); 3037 3038 new_inp->sctp_ep.time_of_secret_change = 3039 old_inp->sctp_ep.time_of_secret_change; 3040 memcpy(new_inp->sctp_ep.secret_key, old_inp->sctp_ep.secret_key, 3041 sizeof(old_inp->sctp_ep.secret_key)); 3042 new_inp->sctp_ep.current_secret_number = 3043 old_inp->sctp_ep.current_secret_number; 3044 new_inp->sctp_ep.last_secret_number = 3045 old_inp->sctp_ep.last_secret_number; 3046 new_inp->sctp_ep.size_of_a_cookie = old_inp->sctp_ep.size_of_a_cookie; 3047 3048 /* make it so new data pours into the new socket */ 3049 stcb->sctp_socket = new_inp->sctp_socket; 3050 stcb->sctp_ep = new_inp; 3051 3052 /* Copy the port across */ 3053 lport = new_inp->sctp_lport = old_inp->sctp_lport; 3054 rport = stcb->rport; 3055 /* Pull the tcb from the old association */ 3056 LIST_REMOVE(stcb, sctp_tcbhash); 3057 LIST_REMOVE(stcb, sctp_tcblist); 3058 if (stcb->asoc.in_asocid_hash) { 3059 LIST_REMOVE(stcb, sctp_tcbasocidhash); 3060 } 3061 /* Now insert the new_inp into the TCP connected hash */ 3062 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR((lport | rport), SCTP_BASE_INFO(hashtcpmark))]; 3063 3064 LIST_INSERT_HEAD(head, new_inp, sctp_hash); 3065 /* Its safe to access */ 3066 new_inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND; 3067 3068 /* Now move the tcb into the endpoint list */ 3069 LIST_INSERT_HEAD(&new_inp->sctp_asoc_list, stcb, sctp_tcblist); 3070 /* 3071 * Question, do we even need to worry about the ep-hash since we 3072 * only have one connection? Probably not :> so lets get rid of it 3073 * and not suck up any kernel memory in that. 3074 */ 3075 if (stcb->asoc.in_asocid_hash) { 3076 struct sctpasochead *lhd; 3077 lhd = &new_inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(stcb->asoc.assoc_id, 3078 new_inp->hashasocidmark)]; 3079 LIST_INSERT_HEAD(lhd, stcb, sctp_tcbasocidhash); 3080 } 3081 /* Ok. Let's restart timer. */ 3082 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 3083 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, new_inp, 3084 stcb, net); 3085 } 3086 3087 SCTP_INP_INFO_WUNLOCK(); 3088 if (new_inp->sctp_tcbhash != NULL) { 3089 SCTP_HASH_FREE(new_inp->sctp_tcbhash, new_inp->sctp_hashmark); 3090 new_inp->sctp_tcbhash = NULL; 3091 } 3092 if ((new_inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) { 3093 /* Subset bound, so copy in the laddr list from the old_inp */ 3094 LIST_FOREACH(oladdr, &old_inp->sctp_addr_list, sctp_nxt_addr) { 3095 laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 3096 if (laddr == NULL) { 3097 /* 3098 * Gak, what can we do? This assoc is really 3099 * HOSED. We probably should send an abort 3100 * here. 3101 */ 3102 SCTPDBG(SCTP_DEBUG_PCB1, "Association hosed in TCP model, out of laddr memory\n"); 3103 continue; 3104 } 3105 SCTP_INCR_LADDR_COUNT(); 3106 bzero(laddr, sizeof(*laddr)); 3107 (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time); 3108 laddr->ifa = oladdr->ifa; 3109 atomic_add_int(&laddr->ifa->refcount, 1); 3110 LIST_INSERT_HEAD(&new_inp->sctp_addr_list, laddr, 3111 sctp_nxt_addr); 3112 new_inp->laddr_count++; 3113 if (oladdr == stcb->asoc.last_used_address) { 3114 stcb->asoc.last_used_address = laddr; 3115 } 3116 } 3117 } 3118 /* Now any running timers need to be adjusted 3119 * since we really don't care if they are running 3120 * or not just blast in the new_inp into all of 3121 * them. 3122 */ 3123 3124 stcb->asoc.dack_timer.ep = (void *)new_inp; 3125 stcb->asoc.asconf_timer.ep = (void *)new_inp; 3126 stcb->asoc.strreset_timer.ep = (void *)new_inp; 3127 stcb->asoc.shut_guard_timer.ep = (void *)new_inp; 3128 stcb->asoc.autoclose_timer.ep = (void *)new_inp; 3129 stcb->asoc.delayed_event_timer.ep = (void *)new_inp; 3130 stcb->asoc.delete_prim_timer.ep = (void *)new_inp; 3131 /* now what about the nets? */ 3132 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 3133 net->pmtu_timer.ep = (void *)new_inp; 3134 net->hb_timer.ep = (void *)new_inp; 3135 net->rxt_timer.ep = (void *)new_inp; 3136 } 3137 SCTP_INP_WUNLOCK(new_inp); 3138 SCTP_INP_WUNLOCK(old_inp); 3139 } 3140 3141 3142 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Userspace__)) 3143 /* 3144 * Don't know why, but without this there is an unknown reference when 3145 * compiling NetBSD... hmm 3146 */ 3147 extern void in6_sin6_2_sin(struct sockaddr_in *, struct sockaddr_in6 *sin6); 3148 #endif 3149 3150 3151 /* sctp_ifap is used to bypass normal local address validation checks */ 3152 int 3153 #if defined(__FreeBSD__) && __FreeBSD_version >= 500000 3154 sctp_inpcb_bind(struct socket *so, struct sockaddr *addr, 3155 struct sctp_ifa *sctp_ifap, struct thread *p) 3156 #elif defined(__Windows__) 3157 sctp_inpcb_bind(struct socket *so, struct sockaddr *addr, 3158 struct sctp_ifa *sctp_ifap, PKTHREAD p) 3159 #else 3160 sctp_inpcb_bind(struct socket *so, struct sockaddr *addr, 3161 struct sctp_ifa *sctp_ifap, struct proc *p) 3162 #endif 3163 { 3164 /* bind a ep to a socket address */ 3165 struct sctppcbhead *head; 3166 struct sctp_inpcb *inp, *inp_tmp; 3167 #if defined(INET) || (defined(INET6) && defined(__APPLE__)) || defined(__FreeBSD__) || defined(__APPLE__) 3168 struct inpcb *ip_inp; 3169 #endif 3170 int port_reuse_active = 0; 3171 int bindall; 3172 #ifdef SCTP_MVRF 3173 int i; 3174 #endif 3175 uint16_t lport; 3176 int error; 3177 uint32_t vrf_id; 3178 3179 lport = 0; 3180 bindall = 1; 3181 inp = (struct sctp_inpcb *)so->so_pcb; 3182 #if defined(INET) || (defined(INET6) && defined(__APPLE__)) || defined(__FreeBSD__) || defined(__APPLE__) 3183 ip_inp = (struct inpcb *)so->so_pcb; 3184 #endif 3185 #ifdef SCTP_DEBUG 3186 if (addr) { 3187 SCTPDBG(SCTP_DEBUG_PCB1, "Bind called port: %d\n", 3188 ntohs(((struct sockaddr_in *)addr)->sin_port)); 3189 SCTPDBG(SCTP_DEBUG_PCB1, "Addr: "); 3190 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, addr); 3191 } 3192 #endif 3193 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) == 0) { 3194 /* already did a bind, subsequent binds NOT allowed ! */ 3195 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 3196 return (EINVAL); 3197 } 3198 #if defined(__FreeBSD__) && __FreeBSD_version >= 500000 3199 #ifdef INVARIANTS 3200 if (p == NULL) 3201 panic("null proc/thread"); 3202 #endif 3203 #endif 3204 if (addr != NULL) { 3205 switch (addr->sa_family) { 3206 #ifdef INET 3207 case AF_INET: 3208 { 3209 struct sockaddr_in *sin; 3210 3211 /* IPV6_V6ONLY socket? */ 3212 if (SCTP_IPV6_V6ONLY(ip_inp)) { 3213 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 3214 return (EINVAL); 3215 } 3216 #ifdef HAVE_SA_LEN 3217 if (addr->sa_len != sizeof(*sin)) { 3218 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 3219 return (EINVAL); 3220 } 3221 #endif 3222 3223 sin = (struct sockaddr_in *)addr; 3224 lport = sin->sin_port; 3225 #if defined(__FreeBSD__) && __FreeBSD_version >= 800000 3226 /* 3227 * For LOOPBACK the prison_local_ip4() call will transmute the ip address 3228 * to the proper value. 3229 */ 3230 if (p && (error = prison_local_ip4(p->td_ucred, &sin->sin_addr)) != 0) { 3231 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error); 3232 return (error); 3233 } 3234 #endif 3235 if (sin->sin_addr.s_addr != INADDR_ANY) { 3236 bindall = 0; 3237 } 3238 break; 3239 } 3240 #endif 3241 #ifdef INET6 3242 case AF_INET6: 3243 { 3244 /* Only for pure IPv6 Address. (No IPv4 Mapped!) */ 3245 struct sockaddr_in6 *sin6; 3246 3247 sin6 = (struct sockaddr_in6 *)addr; 3248 3249 #ifdef HAVE_SA_LEN 3250 if (addr->sa_len != sizeof(*sin6)) { 3251 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 3252 return (EINVAL); 3253 } 3254 #endif 3255 lport = sin6->sin6_port; 3256 #if defined(__FreeBSD__) && __FreeBSD_version >= 800000 3257 /* 3258 * For LOOPBACK the prison_local_ip6() call will transmute the ipv6 address 3259 * to the proper value. 3260 */ 3261 if (p && (error = prison_local_ip6(p->td_ucred, &sin6->sin6_addr, 3262 (SCTP_IPV6_V6ONLY(inp) != 0))) != 0) { 3263 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error); 3264 return (error); 3265 } 3266 #endif 3267 if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 3268 bindall = 0; 3269 #ifdef SCTP_EMBEDDED_V6_SCOPE 3270 /* KAME hack: embed scopeid */ 3271 #if defined(SCTP_KAME) 3272 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) { 3273 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 3274 return (EINVAL); 3275 } 3276 #elif defined(__APPLE__) 3277 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) 3278 if (in6_embedscope(&sin6->sin6_addr, sin6, ip_inp, NULL) != 0) { 3279 #else 3280 if (in6_embedscope(&sin6->sin6_addr, sin6, ip_inp, NULL, NULL) != 0) { 3281 #endif 3282 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 3283 return (EINVAL); 3284 } 3285 #elif defined(__FreeBSD__) 3286 error = scope6_check_id(sin6, MODULE_GLOBAL(ip6_use_defzone)); 3287 if (error != 0) { 3288 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error); 3289 return (error); 3290 } 3291 #else 3292 if (in6_embedscope(&sin6->sin6_addr, sin6) != 0) { 3293 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 3294 return (EINVAL); 3295 } 3296 #endif 3297 #endif /* SCTP_EMBEDDED_V6_SCOPE */ 3298 } 3299 #ifndef SCOPEDROUTING 3300 /* this must be cleared for ifa_ifwithaddr() */ 3301 sin6->sin6_scope_id = 0; 3302 #endif /* SCOPEDROUTING */ 3303 break; 3304 } 3305 #endif 3306 #if defined(__Userspace__) 3307 case AF_CONN: 3308 { 3309 struct sockaddr_conn *sconn; 3310 3311 #ifdef HAVE_SA_LEN 3312 if (addr->sa_len != sizeof(struct sockaddr_conn)) { 3313 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 3314 return (EINVAL); 3315 } 3316 #endif 3317 sconn = (struct sockaddr_conn *)addr; 3318 lport = sconn->sconn_port; 3319 if (sconn->sconn_addr != NULL) { 3320 bindall = 0; 3321 } 3322 break; 3323 } 3324 #endif 3325 default: 3326 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EAFNOSUPPORT); 3327 return (EAFNOSUPPORT); 3328 } 3329 } 3330 SCTP_INP_INFO_WLOCK(); 3331 SCTP_INP_WLOCK(inp); 3332 /* Setup a vrf_id to be the default for the non-bind-all case. */ 3333 vrf_id = inp->def_vrf_id; 3334 3335 /* increase our count due to the unlock we do */ 3336 SCTP_INP_INCR_REF(inp); 3337 if (lport) { 3338 /* 3339 * Did the caller specify a port? if so we must see if an ep 3340 * already has this one bound. 3341 */ 3342 /* got to be root to get at low ports */ 3343 #if !defined(__Windows__) 3344 if (ntohs(lport) < IPPORT_RESERVED) { 3345 if (p && (error = 3346 #ifdef __FreeBSD__ 3347 #if __FreeBSD_version > 602000 3348 priv_check(p, PRIV_NETINET_RESERVEDPORT) 3349 #elif __FreeBSD_version >= 500000 3350 suser_cred(p->td_ucred, 0) 3351 #else 3352 suser(p) 3353 #endif 3354 #elif defined(__APPLE__) 3355 suser(p->p_ucred, &p->p_acflag) 3356 #elif defined(__Userspace__) /* must be true to use raw socket */ 3357 1 3358 #else 3359 suser(p, 0) 3360 #endif 3361 )) { 3362 SCTP_INP_DECR_REF(inp); 3363 SCTP_INP_WUNLOCK(inp); 3364 SCTP_INP_INFO_WUNLOCK(); 3365 return (error); 3366 } 3367 #if defined(__Panda__) 3368 if (!SCTP_IS_PRIVILEDGED(so)) { 3369 SCTP_INP_DECR_REF(inp); 3370 SCTP_INP_WUNLOCK(inp); 3371 SCTP_INP_INFO_WUNLOCK(); 3372 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EACCES); 3373 return (EACCES); 3374 } 3375 #endif 3376 } 3377 #endif /* __Windows__ */ 3378 SCTP_INP_WUNLOCK(inp); 3379 if (bindall) { 3380 #ifdef SCTP_MVRF 3381 for (i = 0; i < inp->num_vrfs; i++) { 3382 vrf_id = inp->m_vrf_ids[i]; 3383 #else 3384 vrf_id = inp->def_vrf_id; 3385 #endif 3386 inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id); 3387 if (inp_tmp != NULL) { 3388 /* 3389 * lock guy returned and lower count 3390 * note that we are not bound so 3391 * inp_tmp should NEVER be inp. And 3392 * it is this inp (inp_tmp) that gets 3393 * the reference bump, so we must 3394 * lower it. 3395 */ 3396 SCTP_INP_DECR_REF(inp_tmp); 3397 /* unlock info */ 3398 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) && 3399 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) { 3400 /* Ok, must be one-2-one and allowing port re-use */ 3401 port_reuse_active = 1; 3402 goto continue_anyway; 3403 } 3404 SCTP_INP_DECR_REF(inp); 3405 SCTP_INP_INFO_WUNLOCK(); 3406 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE); 3407 return (EADDRINUSE); 3408 } 3409 #ifdef SCTP_MVRF 3410 } 3411 #endif 3412 } else { 3413 inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id); 3414 if (inp_tmp != NULL) { 3415 /* 3416 * lock guy returned and lower count note 3417 * that we are not bound so inp_tmp should 3418 * NEVER be inp. And it is this inp (inp_tmp) 3419 * that gets the reference bump, so we must 3420 * lower it. 3421 */ 3422 SCTP_INP_DECR_REF(inp_tmp); 3423 /* unlock info */ 3424 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) && 3425 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) { 3426 /* Ok, must be one-2-one and allowing port re-use */ 3427 port_reuse_active = 1; 3428 goto continue_anyway; 3429 } 3430 SCTP_INP_DECR_REF(inp); 3431 SCTP_INP_INFO_WUNLOCK(); 3432 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE); 3433 return (EADDRINUSE); 3434 } 3435 } 3436 continue_anyway: 3437 SCTP_INP_WLOCK(inp); 3438 if (bindall) { 3439 /* verify that no lport is not used by a singleton */ 3440 if ((port_reuse_active == 0) && 3441 (inp_tmp = sctp_isport_inuse(inp, lport, vrf_id))) { 3442 /* Sorry someone already has this one bound */ 3443 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) && 3444 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) { 3445 port_reuse_active = 1; 3446 } else { 3447 SCTP_INP_DECR_REF(inp); 3448 SCTP_INP_WUNLOCK(inp); 3449 SCTP_INP_INFO_WUNLOCK(); 3450 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE); 3451 return (EADDRINUSE); 3452 } 3453 } 3454 } 3455 } else { 3456 uint16_t first, last, candidate; 3457 uint16_t count; 3458 int done; 3459 3460 #if defined(__Windows__) 3461 first = 1; 3462 last = 0xffff; 3463 #else 3464 #if defined(__Userspace__) 3465 /* TODO ensure uid is 0, etc... */ 3466 #elif defined(__FreeBSD__) || defined(__APPLE__) 3467 if (ip_inp->inp_flags & INP_HIGHPORT) { 3468 first = MODULE_GLOBAL(ipport_hifirstauto); 3469 last = MODULE_GLOBAL(ipport_hilastauto); 3470 } else if (ip_inp->inp_flags & INP_LOWPORT) { 3471 if (p && (error = 3472 #ifdef __FreeBSD__ 3473 #if __FreeBSD_version > 602000 3474 priv_check(p, PRIV_NETINET_RESERVEDPORT) 3475 #elif __FreeBSD_version >= 500000 3476 suser_cred(p->td_ucred, 0) 3477 #else 3478 suser(p) 3479 #endif 3480 #elif defined(__APPLE__) 3481 suser(p->p_ucred, &p->p_acflag) 3482 #else 3483 suser(p, 0) 3484 #endif 3485 )) { 3486 SCTP_INP_DECR_REF(inp); 3487 SCTP_INP_WUNLOCK(inp); 3488 SCTP_INP_INFO_WUNLOCK(); 3489 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error); 3490 return (error); 3491 } 3492 first = MODULE_GLOBAL(ipport_lowfirstauto); 3493 last = MODULE_GLOBAL(ipport_lowlastauto); 3494 } else { 3495 #endif 3496 first = MODULE_GLOBAL(ipport_firstauto); 3497 last = MODULE_GLOBAL(ipport_lastauto); 3498 #if defined(__FreeBSD__) || defined(__APPLE__) 3499 } 3500 #endif 3501 #endif /* __Windows__ */ 3502 if (first > last) { 3503 uint16_t temp; 3504 3505 temp = first; 3506 first = last; 3507 last = temp; 3508 } 3509 count = last - first + 1; /* number of candidates */ 3510 candidate = first + sctp_select_initial_TSN(&inp->sctp_ep) % (count); 3511 3512 done = 0; 3513 while (!done) { 3514 #ifdef SCTP_MVRF 3515 for (i = 0; i < inp->num_vrfs; i++) { 3516 if (sctp_isport_inuse(inp, htons(candidate), inp->m_vrf_ids[i]) != NULL) { 3517 break; 3518 } 3519 } 3520 if (i == inp->num_vrfs) { 3521 done = 1; 3522 } 3523 #else 3524 if (sctp_isport_inuse(inp, htons(candidate), inp->def_vrf_id) == NULL) { 3525 done = 1; 3526 } 3527 #endif 3528 if (!done) { 3529 if (--count == 0) { 3530 SCTP_INP_DECR_REF(inp); 3531 SCTP_INP_WUNLOCK(inp); 3532 SCTP_INP_INFO_WUNLOCK(); 3533 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE); 3534 return (EADDRINUSE); 3535 } 3536 if (candidate == last) 3537 candidate = first; 3538 else 3539 candidate = candidate + 1; 3540 } 3541 } 3542 lport = htons(candidate); 3543 } 3544 SCTP_INP_DECR_REF(inp); 3545 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | 3546 SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 3547 /* 3548 * this really should not happen. The guy did a non-blocking 3549 * bind and then did a close at the same time. 3550 */ 3551 SCTP_INP_WUNLOCK(inp); 3552 SCTP_INP_INFO_WUNLOCK(); 3553 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 3554 return (EINVAL); 3555 } 3556 /* ok we look clear to give out this port, so lets setup the binding */ 3557 if (bindall) { 3558 /* binding to all addresses, so just set in the proper flags */ 3559 inp->sctp_flags |= SCTP_PCB_FLAGS_BOUNDALL; 3560 /* set the automatic addr changes from kernel flag */ 3561 if (SCTP_BASE_SYSCTL(sctp_auto_asconf) == 0) { 3562 sctp_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF); 3563 sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF); 3564 } else { 3565 sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF); 3566 sctp_feature_on(inp, SCTP_PCB_FLAGS_AUTO_ASCONF); 3567 } 3568 if (SCTP_BASE_SYSCTL(sctp_multiple_asconfs) == 0) { 3569 sctp_feature_off(inp, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS); 3570 } else { 3571 sctp_feature_on(inp, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS); 3572 } 3573 /* set the automatic mobility_base from kernel 3574 flag (by micchie) 3575 */ 3576 if (SCTP_BASE_SYSCTL(sctp_mobility_base) == 0) { 3577 sctp_mobility_feature_off(inp, SCTP_MOBILITY_BASE); 3578 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED); 3579 } else { 3580 sctp_mobility_feature_on(inp, SCTP_MOBILITY_BASE); 3581 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED); 3582 } 3583 /* set the automatic mobility_fasthandoff from kernel 3584 flag (by micchie) 3585 */ 3586 if (SCTP_BASE_SYSCTL(sctp_mobility_fasthandoff) == 0) { 3587 sctp_mobility_feature_off(inp, SCTP_MOBILITY_FASTHANDOFF); 3588 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED); 3589 } else { 3590 sctp_mobility_feature_on(inp, SCTP_MOBILITY_FASTHANDOFF); 3591 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED); 3592 } 3593 } else { 3594 /* 3595 * bind specific, make sure flags is off and add a new 3596 * address structure to the sctp_addr_list inside the ep 3597 * structure. 3598 * 3599 * We will need to allocate one and insert it at the head. The 3600 * socketopt call can just insert new addresses in there as 3601 * well. It will also have to do the embed scope kame hack 3602 * too (before adding). 3603 */ 3604 struct sctp_ifa *ifa; 3605 struct sockaddr_storage store_sa; 3606 3607 memset(&store_sa, 0, sizeof(store_sa)); 3608 switch (addr->sa_family) { 3609 #ifdef INET 3610 case AF_INET: 3611 { 3612 struct sockaddr_in *sin; 3613 3614 sin = (struct sockaddr_in *)&store_sa; 3615 memcpy(sin, addr, sizeof(struct sockaddr_in)); 3616 sin->sin_port = 0; 3617 break; 3618 } 3619 #endif 3620 #ifdef INET6 3621 case AF_INET6: 3622 { 3623 struct sockaddr_in6 *sin6; 3624 3625 sin6 = (struct sockaddr_in6 *)&store_sa; 3626 memcpy(sin6, addr, sizeof(struct sockaddr_in6)); 3627 sin6->sin6_port = 0; 3628 break; 3629 } 3630 #endif 3631 #if defined(__Userspace__) 3632 case AF_CONN: 3633 { 3634 struct sockaddr_conn *sconn; 3635 3636 sconn = (struct sockaddr_conn *)&store_sa; 3637 memcpy(sconn, addr, sizeof(struct sockaddr_conn)); 3638 sconn->sconn_port = 0; 3639 break; 3640 } 3641 #endif 3642 default: 3643 break; 3644 } 3645 /* 3646 * first find the interface with the bound address need to 3647 * zero out the port to find the address! yuck! can't do 3648 * this earlier since need port for sctp_pcb_findep() 3649 */ 3650 if (sctp_ifap != NULL) { 3651 ifa = sctp_ifap; 3652 } else { 3653 /* Note for BSD we hit here always other 3654 * O/S's will pass things in via the 3655 * sctp_ifap argument (Panda). 3656 */ 3657 ifa = sctp_find_ifa_by_addr((struct sockaddr *)&store_sa, 3658 vrf_id, SCTP_ADDR_NOT_LOCKED); 3659 } 3660 if (ifa == NULL) { 3661 /* Can't find an interface with that address */ 3662 SCTP_INP_WUNLOCK(inp); 3663 SCTP_INP_INFO_WUNLOCK(); 3664 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRNOTAVAIL); 3665 return (EADDRNOTAVAIL); 3666 } 3667 #ifdef INET6 3668 if (addr->sa_family == AF_INET6) { 3669 /* GAK, more FIXME IFA lock? */ 3670 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 3671 /* Can't bind a non-existent addr. */ 3672 SCTP_INP_WUNLOCK(inp); 3673 SCTP_INP_INFO_WUNLOCK(); 3674 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 3675 return (EINVAL); 3676 } 3677 } 3678 #endif 3679 /* we're not bound all */ 3680 inp->sctp_flags &= ~SCTP_PCB_FLAGS_BOUNDALL; 3681 /* allow bindx() to send ASCONF's for binding changes */ 3682 sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF); 3683 /* clear automatic addr changes from kernel flag */ 3684 sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF); 3685 3686 /* add this address to the endpoint list */ 3687 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, 0); 3688 if (error != 0) { 3689 SCTP_INP_WUNLOCK(inp); 3690 SCTP_INP_INFO_WUNLOCK(); 3691 return (error); 3692 } 3693 inp->laddr_count++; 3694 } 3695 /* find the bucket */ 3696 if (port_reuse_active) { 3697 /* Put it into tcp 1-2-1 hash */ 3698 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR(lport, SCTP_BASE_INFO(hashtcpmark))]; 3699 inp->sctp_flags |= SCTP_PCB_FLAGS_IN_TCPPOOL; 3700 } else { 3701 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport, SCTP_BASE_INFO(hashmark))]; 3702 } 3703 /* put it in the bucket */ 3704 LIST_INSERT_HEAD(head, inp, sctp_hash); 3705 SCTPDBG(SCTP_DEBUG_PCB1, "Main hash to bind at head:%p, bound port:%d - in tcp_pool=%d\n", 3706 (void *)head, ntohs(lport), port_reuse_active); 3707 /* set in the port */ 3708 inp->sctp_lport = lport; 3709 3710 /* turn off just the unbound flag */ 3711 inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND; 3712 SCTP_INP_WUNLOCK(inp); 3713 SCTP_INP_INFO_WUNLOCK(); 3714 return (0); 3715 } 3716 3717 3718 static void 3719 sctp_iterator_inp_being_freed(struct sctp_inpcb *inp) 3720 { 3721 struct sctp_iterator *it, *nit; 3722 3723 /* 3724 * We enter with the only the ITERATOR_LOCK in place and a write 3725 * lock on the inp_info stuff. 3726 */ 3727 it = sctp_it_ctl.cur_it; 3728 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000 3729 if (it && (it->vn != curvnet)) { 3730 /* Its not looking at our VNET */ 3731 return; 3732 } 3733 #endif 3734 if (it && (it->inp == inp)) { 3735 /* 3736 * This is tricky and we hold the iterator lock, 3737 * but when it returns and gets the lock (when we 3738 * release it) the iterator will try to operate on 3739 * inp. We need to stop that from happening. But 3740 * of course the iterator has a reference on the 3741 * stcb and inp. We can mark it and it will stop. 3742 * 3743 * If its a single iterator situation, we 3744 * set the end iterator flag. Otherwise 3745 * we set the iterator to go to the next inp. 3746 * 3747 */ 3748 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 3749 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_IT; 3750 } else { 3751 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_INP; 3752 } 3753 } 3754 /* Now go through and remove any single reference to 3755 * our inp that may be still pending on the list 3756 */ 3757 SCTP_IPI_ITERATOR_WQ_LOCK(); 3758 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) { 3759 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000 3760 if (it->vn != curvnet) { 3761 continue; 3762 } 3763 #endif 3764 if (it->inp == inp) { 3765 /* This one points to me is it inp specific? */ 3766 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) { 3767 /* Remove and free this one */ 3768 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, 3769 it, sctp_nxt_itr); 3770 if (it->function_atend != NULL) { 3771 (*it->function_atend) (it->pointer, it->val); 3772 } 3773 SCTP_FREE(it, SCTP_M_ITER); 3774 } else { 3775 it->inp = LIST_NEXT(it->inp, sctp_list); 3776 if (it->inp) { 3777 SCTP_INP_INCR_REF(it->inp); 3778 } 3779 } 3780 /* When its put in the refcnt is incremented so decr it */ 3781 SCTP_INP_DECR_REF(inp); 3782 } 3783 } 3784 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 3785 } 3786 3787 /* release sctp_inpcb unbind the port */ 3788 void 3789 sctp_inpcb_free(struct sctp_inpcb *inp, int immediate, int from) 3790 { 3791 /* 3792 * Here we free a endpoint. We must find it (if it is in the Hash 3793 * table) and remove it from there. Then we must also find it in the 3794 * overall list and remove it from there. After all removals are 3795 * complete then any timer has to be stopped. Then start the actual 3796 * freeing. a) Any local lists. b) Any associations. c) The hash of 3797 * all associations. d) finally the ep itself. 3798 */ 3799 struct sctp_tcb *asoc, *nasoc; 3800 struct sctp_laddr *laddr, *nladdr; 3801 struct inpcb *ip_pcb; 3802 struct socket *so; 3803 int being_refed = 0; 3804 struct sctp_queued_to_read *sq, *nsq; 3805 #if !defined(__Panda__) && !defined(__Userspace__) 3806 #if !defined(__FreeBSD__) || __FreeBSD_version < 500000 3807 sctp_rtentry_t *rt; 3808 #endif 3809 #endif 3810 int cnt; 3811 sctp_sharedkey_t *shared_key, *nshared_key; 3812 3813 3814 #if defined(__APPLE__) 3815 sctp_lock_assert(SCTP_INP_SO(inp)); 3816 #endif 3817 #ifdef SCTP_LOG_CLOSING 3818 sctp_log_closing(inp, NULL, 0); 3819 #endif 3820 SCTP_ITERATOR_LOCK(); 3821 /* mark any iterators on the list or being processed */ 3822 sctp_iterator_inp_being_freed(inp); 3823 SCTP_ITERATOR_UNLOCK(); 3824 so = inp->sctp_socket; 3825 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 3826 /* been here before.. eeks.. get out of here */ 3827 SCTP_PRINTF("This conflict in free SHOULD not be happening! from %d, imm %d\n", from, immediate); 3828 #ifdef SCTP_LOG_CLOSING 3829 sctp_log_closing(inp, NULL, 1); 3830 #endif 3831 return; 3832 } 3833 SCTP_ASOC_CREATE_LOCK(inp); 3834 SCTP_INP_INFO_WLOCK(); 3835 3836 SCTP_INP_WLOCK(inp); 3837 if (from == SCTP_CALLED_AFTER_CMPSET_OFCLOSE) { 3838 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CLOSE_IP; 3839 /* socket is gone, so no more wakeups allowed */ 3840 inp->sctp_flags |= SCTP_PCB_FLAGS_DONT_WAKE; 3841 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEINPUT; 3842 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEOUTPUT; 3843 3844 } 3845 /* First time through we have the socket lock, after that no more. */ 3846 sctp_timer_stop(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL, 3847 SCTP_FROM_SCTP_PCB+SCTP_LOC_1); 3848 3849 if (inp->control) { 3850 sctp_m_freem(inp->control); 3851 inp->control = NULL; 3852 } 3853 if (inp->pkt) { 3854 sctp_m_freem(inp->pkt); 3855 inp->pkt = NULL; 3856 } 3857 ip_pcb = &inp->ip_inp.inp; /* we could just cast the main pointer 3858 * here but I will be nice :> (i.e. 3859 * ip_pcb = ep;) */ 3860 if (immediate == SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE) { 3861 int cnt_in_sd; 3862 3863 cnt_in_sd = 0; 3864 LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_list, sctp_tcblist, nasoc) { 3865 SCTP_TCB_LOCK(asoc); 3866 if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 3867 /* Skip guys being freed */ 3868 cnt_in_sd++; 3869 if (asoc->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE) { 3870 /* 3871 * Special case - we did not start a kill 3872 * timer on the asoc due to it was not 3873 * closed. So go ahead and start it now. 3874 */ 3875 asoc->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE; 3876 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, asoc, NULL); 3877 } 3878 SCTP_TCB_UNLOCK(asoc); 3879 continue; 3880 } 3881 if (((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_WAIT) || 3882 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_ECHOED)) && 3883 (asoc->asoc.total_output_queue_size == 0)) { 3884 /* If we have data in queue, we don't want to just 3885 * free since the app may have done, send()/close 3886 * or connect/send/close. And it wants the data 3887 * to get across first. 3888 */ 3889 /* Just abandon things in the front states */ 3890 if (sctp_free_assoc(inp, asoc, SCTP_PCBFREE_NOFORCE, 3891 SCTP_FROM_SCTP_PCB+SCTP_LOC_2) == 0) { 3892 cnt_in_sd++; 3893 } 3894 continue; 3895 } 3896 /* Disconnect the socket please */ 3897 asoc->sctp_socket = NULL; 3898 asoc->asoc.state |= SCTP_STATE_CLOSED_SOCKET; 3899 if ((asoc->asoc.size_on_reasm_queue > 0) || 3900 (asoc->asoc.control_pdapi) || 3901 (asoc->asoc.size_on_all_streams > 0) || 3902 (so && (so->so_rcv.sb_cc > 0))) { 3903 /* Left with Data unread */ 3904 struct mbuf *op_err; 3905 3906 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, ""); 3907 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB+SCTP_LOC_3; 3908 sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED); 3909 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 3910 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) || 3911 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 3912 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 3913 } 3914 if (sctp_free_assoc(inp, asoc, 3915 SCTP_PCBFREE_NOFORCE, SCTP_FROM_SCTP_PCB+SCTP_LOC_4) == 0) { 3916 cnt_in_sd++; 3917 } 3918 continue; 3919 } else if (TAILQ_EMPTY(&asoc->asoc.send_queue) && 3920 TAILQ_EMPTY(&asoc->asoc.sent_queue) && 3921 (asoc->asoc.stream_queue_cnt == 0)) { 3922 if (asoc->asoc.locked_on_sending) { 3923 goto abort_anyway; 3924 } 3925 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_SENT) && 3926 (SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) { 3927 struct sctp_nets *netp; 3928 3929 /* 3930 * there is nothing queued to send, 3931 * so I send shutdown 3932 */ 3933 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) || 3934 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 3935 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 3936 } 3937 SCTP_SET_STATE(&asoc->asoc, SCTP_STATE_SHUTDOWN_SENT); 3938 SCTP_CLEAR_SUBSTATE(&asoc->asoc, SCTP_STATE_SHUTDOWN_PENDING); 3939 sctp_stop_timers_for_shutdown(asoc); 3940 if (asoc->asoc.alternate) { 3941 netp = asoc->asoc.alternate; 3942 } else { 3943 netp = asoc->asoc.primary_destination; 3944 } 3945 sctp_send_shutdown(asoc, netp); 3946 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, asoc->sctp_ep, asoc, 3947 netp); 3948 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc, 3949 asoc->asoc.primary_destination); 3950 sctp_chunk_output(inp, asoc, SCTP_OUTPUT_FROM_SHUT_TMR, SCTP_SO_LOCKED); 3951 } 3952 } else { 3953 /* mark into shutdown pending */ 3954 struct sctp_stream_queue_pending *sp; 3955 3956 asoc->asoc.state |= SCTP_STATE_SHUTDOWN_PENDING; 3957 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc, 3958 asoc->asoc.primary_destination); 3959 if (asoc->asoc.locked_on_sending) { 3960 sp = TAILQ_LAST(&((asoc->asoc.locked_on_sending)->outqueue), 3961 sctp_streamhead); 3962 if (sp == NULL) { 3963 SCTP_PRINTF("Error, sp is NULL, locked on sending is %p strm:%d\n", 3964 (void *)asoc->asoc.locked_on_sending, 3965 asoc->asoc.locked_on_sending->stream_no); 3966 } else { 3967 if ((sp->length == 0) && (sp->msg_is_complete == 0)) 3968 asoc->asoc.state |= SCTP_STATE_PARTIAL_MSG_LEFT; 3969 } 3970 } 3971 if (TAILQ_EMPTY(&asoc->asoc.send_queue) && 3972 TAILQ_EMPTY(&asoc->asoc.sent_queue) && 3973 (asoc->asoc.state & SCTP_STATE_PARTIAL_MSG_LEFT)) { 3974 struct mbuf *op_err; 3975 abort_anyway: 3976 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, ""); 3977 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB+SCTP_LOC_5; 3978 sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED); 3979 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 3980 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) || 3981 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 3982 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 3983 } 3984 if (sctp_free_assoc(inp, asoc, 3985 SCTP_PCBFREE_NOFORCE, 3986 SCTP_FROM_SCTP_PCB+SCTP_LOC_6) == 0) { 3987 cnt_in_sd++; 3988 } 3989 continue; 3990 } else { 3991 sctp_chunk_output(inp, asoc, SCTP_OUTPUT_FROM_CLOSING, SCTP_SO_LOCKED); 3992 } 3993 } 3994 cnt_in_sd++; 3995 SCTP_TCB_UNLOCK(asoc); 3996 } 3997 /* now is there some left in our SHUTDOWN state? */ 3998 if (cnt_in_sd) { 3999 #ifdef SCTP_LOG_CLOSING 4000 sctp_log_closing(inp, NULL, 2); 4001 #endif 4002 inp->sctp_socket = NULL; 4003 SCTP_INP_WUNLOCK(inp); 4004 SCTP_ASOC_CREATE_UNLOCK(inp); 4005 SCTP_INP_INFO_WUNLOCK(); 4006 return; 4007 } 4008 } 4009 inp->sctp_socket = NULL; 4010 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) != 4011 SCTP_PCB_FLAGS_UNBOUND) { 4012 /* 4013 * ok, this guy has been bound. It's port is 4014 * somewhere in the SCTP_BASE_INFO(hash table). Remove 4015 * it! 4016 */ 4017 LIST_REMOVE(inp, sctp_hash); 4018 inp->sctp_flags |= SCTP_PCB_FLAGS_UNBOUND; 4019 } 4020 4021 /* If there is a timer running to kill us, 4022 * forget it, since it may have a contest 4023 * on the INP lock.. which would cause us 4024 * to die ... 4025 */ 4026 cnt = 0; 4027 LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_list, sctp_tcblist, nasoc) { 4028 SCTP_TCB_LOCK(asoc); 4029 if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 4030 if (asoc->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE) { 4031 asoc->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE; 4032 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, asoc, NULL); 4033 } 4034 cnt++; 4035 SCTP_TCB_UNLOCK(asoc); 4036 continue; 4037 } 4038 /* Free associations that are NOT killing us */ 4039 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_COOKIE_WAIT) && 4040 ((asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) { 4041 struct mbuf *op_err; 4042 4043 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, ""); 4044 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB+SCTP_LOC_7; 4045 sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED); 4046 SCTP_STAT_INCR_COUNTER32(sctps_aborted); 4047 } else if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { 4048 cnt++; 4049 SCTP_TCB_UNLOCK(asoc); 4050 continue; 4051 } 4052 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) || 4053 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) { 4054 SCTP_STAT_DECR_GAUGE32(sctps_currestab); 4055 } 4056 if (sctp_free_assoc(inp, asoc, SCTP_PCBFREE_FORCE, SCTP_FROM_SCTP_PCB+SCTP_LOC_8) == 0) { 4057 cnt++; 4058 } 4059 } 4060 if (cnt) { 4061 /* Ok we have someone out there that will kill us */ 4062 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer); 4063 #ifdef SCTP_LOG_CLOSING 4064 sctp_log_closing(inp, NULL, 3); 4065 #endif 4066 SCTP_INP_WUNLOCK(inp); 4067 SCTP_ASOC_CREATE_UNLOCK(inp); 4068 SCTP_INP_INFO_WUNLOCK(); 4069 return; 4070 } 4071 if (SCTP_INP_LOCK_CONTENDED(inp)) 4072 being_refed++; 4073 if (SCTP_INP_READ_CONTENDED(inp)) 4074 being_refed++; 4075 if (SCTP_ASOC_CREATE_LOCK_CONTENDED(inp)) 4076 being_refed++; 4077 4078 if ((inp->refcount) || 4079 (being_refed) || 4080 (inp->sctp_flags & SCTP_PCB_FLAGS_CLOSE_IP)) { 4081 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer); 4082 #ifdef SCTP_LOG_CLOSING 4083 sctp_log_closing(inp, NULL, 4); 4084 #endif 4085 sctp_timer_start(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL); 4086 SCTP_INP_WUNLOCK(inp); 4087 SCTP_ASOC_CREATE_UNLOCK(inp); 4088 SCTP_INP_INFO_WUNLOCK(); 4089 return; 4090 } 4091 inp->sctp_ep.signature_change.type = 0; 4092 inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_ALLGONE; 4093 /* Remove it from the list .. last thing we need a 4094 * lock for. 4095 */ 4096 LIST_REMOVE(inp, sctp_list); 4097 SCTP_INP_WUNLOCK(inp); 4098 SCTP_ASOC_CREATE_UNLOCK(inp); 4099 SCTP_INP_INFO_WUNLOCK(); 4100 /* Now we release all locks. Since this INP 4101 * cannot be found anymore except possibly by the 4102 * kill timer that might be running. We call 4103 * the drain function here. It should hit the case 4104 * were it sees the ACTIVE flag cleared and exit 4105 * out freeing us to proceed and destroy everything. 4106 */ 4107 if (from != SCTP_CALLED_FROM_INPKILL_TIMER) { 4108 (void)SCTP_OS_TIMER_STOP_DRAIN(&inp->sctp_ep.signature_change.timer); 4109 } else { 4110 /* Probably un-needed */ 4111 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer); 4112 } 4113 4114 #ifdef SCTP_LOG_CLOSING 4115 sctp_log_closing(inp, NULL, 5); 4116 #endif 4117 4118 #if !(defined(__Panda__) || defined(__Windows__) || defined(__Userspace__)) 4119 #if !defined(__FreeBSD__) || __FreeBSD_version < 500000 4120 rt = ip_pcb->inp_route.ro_rt; 4121 #endif 4122 #endif 4123 4124 #if defined(__Panda__) 4125 if (inp->pak_to_read) { 4126 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.zero_copy_timer.timer); 4127 SCTP_RELEASE_PKT(inp->pak_to_read); 4128 inp->pak_to_read = NULL; 4129 } 4130 if (inp->pak_to_read_sendq) { 4131 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.zero_copy_sendq_timer.timer); 4132 SCTP_RELEASE_PKT(inp->pak_to_read_sendq); 4133 inp->pak_to_read_sendq = NULL; 4134 } 4135 #endif 4136 if ((inp->sctp_asocidhash) != NULL) { 4137 SCTP_HASH_FREE(inp->sctp_asocidhash, inp->hashasocidmark); 4138 inp->sctp_asocidhash = NULL; 4139 } 4140 /*sa_ignore FREED_MEMORY*/ 4141 TAILQ_FOREACH_SAFE(sq, &inp->read_queue, next, nsq) { 4142 /* Its only abandoned if it had data left */ 4143 if (sq->length) 4144 SCTP_STAT_INCR(sctps_left_abandon); 4145 4146 TAILQ_REMOVE(&inp->read_queue, sq, next); 4147 sctp_free_remote_addr(sq->whoFrom); 4148 if (so) 4149 so->so_rcv.sb_cc -= sq->length; 4150 if (sq->data) { 4151 sctp_m_freem(sq->data); 4152 sq->data = NULL; 4153 } 4154 /* 4155 * no need to free the net count, since at this point all 4156 * assoc's are gone. 4157 */ 4158 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), sq); 4159 SCTP_DECR_READQ_COUNT(); 4160 } 4161 /* Now the sctp_pcb things */ 4162 /* 4163 * free each asoc if it is not already closed/free. we can't use the 4164 * macro here since le_next will get freed as part of the 4165 * sctp_free_assoc() call. 4166 */ 4167 if (so) { 4168 #ifdef IPSEC 4169 ipsec_delete_pcbpolicy(ip_pcb); 4170 #endif /* IPSEC */ 4171 4172 /* Unlocks not needed since the socket is gone now */ 4173 } 4174 #ifndef __Panda__ 4175 if (ip_pcb->inp_options) { 4176 (void)sctp_m_free(ip_pcb->inp_options); 4177 ip_pcb->inp_options = 0; 4178 } 4179 #endif 4180 4181 #if !(defined(__Panda__) || defined(__Windows__) || defined(__Userspace__)) 4182 #if !defined(__FreeBSD__) || __FreeBSD_version < 500000 4183 if (rt) { 4184 RTFREE(rt); 4185 ip_pcb->inp_route.ro_rt = 0; 4186 } 4187 #endif 4188 #if defined(__FreeBSD__) && __FreeBSD_version < 803000 4189 #ifdef INET 4190 if (ip_pcb->inp_moptions) { 4191 inp_freemoptions(ip_pcb->inp_moptions); 4192 ip_pcb->inp_moptions = 0; 4193 } 4194 #endif 4195 #endif 4196 #endif 4197 4198 #ifdef INET6 4199 #if !(defined(__Panda__) || defined(__Windows__) || defined(__Userspace__)) 4200 #if defined(__FreeBSD__) || defined(__APPLE__) 4201 if (ip_pcb->inp_vflag & INP_IPV6) { 4202 #else 4203 if (inp->inp_vflag & INP_IPV6) { 4204 #endif 4205 struct in6pcb *in6p; 4206 4207 in6p = (struct in6pcb *)inp; 4208 ip6_freepcbopts(in6p->in6p_outputopts); 4209 } 4210 #endif 4211 #endif /* INET6 */ 4212 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__)) 4213 inp->inp_vflag = 0; 4214 #else 4215 ip_pcb->inp_vflag = 0; 4216 #endif 4217 /* free up authentication fields */ 4218 if (inp->sctp_ep.local_auth_chunks != NULL) 4219 sctp_free_chunklist(inp->sctp_ep.local_auth_chunks); 4220 if (inp->sctp_ep.local_hmacs != NULL) 4221 sctp_free_hmaclist(inp->sctp_ep.local_hmacs); 4222 4223 LIST_FOREACH_SAFE(shared_key, &inp->sctp_ep.shared_keys, next, nshared_key) { 4224 LIST_REMOVE(shared_key, next); 4225 sctp_free_sharedkey(shared_key); 4226 /*sa_ignore FREED_MEMORY*/ 4227 } 4228 4229 #if defined(__APPLE__) 4230 inp->ip_inp.inp.inp_state = INPCB_STATE_DEAD; 4231 if (in_pcb_checkstate(&inp->ip_inp.inp, WNT_STOPUSING, 1) != WNT_STOPUSING) { 4232 #ifdef INVARIANTS 4233 panic("sctp_inpcb_free inp = %p couldn't set to STOPUSING\n", (void *)inp); 4234 #else 4235 SCTP_PRINTF("sctp_inpcb_free inp = %p couldn't set to STOPUSING\n", (void *)inp); 4236 #endif 4237 } 4238 inp->ip_inp.inp.inp_socket->so_flags |= SOF_PCBCLEARING; 4239 #endif 4240 /* 4241 * if we have an address list the following will free the list of 4242 * ifaddr's that are set into this ep. Again macro limitations here, 4243 * since the LIST_FOREACH could be a bad idea. 4244 */ 4245 LIST_FOREACH_SAFE(laddr, &inp->sctp_addr_list, sctp_nxt_addr, nladdr) { 4246 sctp_remove_laddr(laddr); 4247 } 4248 4249 #ifdef SCTP_TRACK_FREED_ASOCS 4250 /* TEMP CODE */ 4251 LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_free_list, sctp_tcblist, nasoc) { 4252 LIST_REMOVE(asoc, sctp_tcblist); 4253 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), asoc); 4254 SCTP_DECR_ASOC_COUNT(); 4255 } 4256 /* *** END TEMP CODE ****/ 4257 #endif 4258 #ifdef SCTP_MVRF 4259 SCTP_FREE(inp->m_vrf_ids, SCTP_M_MVRF); 4260 #endif 4261 /* Now lets see about freeing the EP hash table. */ 4262 if (inp->sctp_tcbhash != NULL) { 4263 SCTP_HASH_FREE(inp->sctp_tcbhash, inp->sctp_hashmark); 4264 inp->sctp_tcbhash = NULL; 4265 } 4266 /* Now we must put the ep memory back into the zone pool */ 4267 #if defined(__FreeBSD__) 4268 INP_LOCK_DESTROY(&inp->ip_inp.inp); 4269 #endif 4270 SCTP_INP_LOCK_DESTROY(inp); 4271 SCTP_INP_READ_DESTROY(inp); 4272 SCTP_ASOC_CREATE_LOCK_DESTROY(inp); 4273 #if !defined(__APPLE__) 4274 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); 4275 SCTP_DECR_EP_COUNT(); 4276 #else 4277 /* For Tiger, we will do this later... */ 4278 #endif 4279 } 4280 4281 4282 struct sctp_nets * 4283 sctp_findnet(struct sctp_tcb *stcb, struct sockaddr *addr) 4284 { 4285 struct sctp_nets *net; 4286 /* locate the address */ 4287 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 4288 if (sctp_cmpaddr(addr, (struct sockaddr *)&net->ro._l_addr)) 4289 return (net); 4290 } 4291 return (NULL); 4292 } 4293 4294 4295 int 4296 sctp_is_address_on_local_host(struct sockaddr *addr, uint32_t vrf_id) 4297 { 4298 #ifdef __Panda__ 4299 return (0); 4300 #else 4301 struct sctp_ifa *sctp_ifa; 4302 sctp_ifa = sctp_find_ifa_by_addr(addr, vrf_id, SCTP_ADDR_NOT_LOCKED); 4303 if (sctp_ifa) { 4304 return (1); 4305 } else { 4306 return (0); 4307 } 4308 #endif 4309 } 4310 4311 /* 4312 * add's a remote endpoint address, done with the INIT/INIT-ACK as well as 4313 * when a ASCONF arrives that adds it. It will also initialize all the cwnd 4314 * stats of stuff. 4315 */ 4316 int 4317 sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr, 4318 struct sctp_nets **netp, int set_scope, int from) 4319 { 4320 /* 4321 * The following is redundant to the same lines in the 4322 * sctp_aloc_assoc() but is needed since others call the add 4323 * address function 4324 */ 4325 struct sctp_nets *net, *netfirst; 4326 int addr_inscope; 4327 4328 SCTPDBG(SCTP_DEBUG_PCB1, "Adding an address (from:%d) to the peer: ", 4329 from); 4330 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, newaddr); 4331 4332 netfirst = sctp_findnet(stcb, newaddr); 4333 if (netfirst) { 4334 /* 4335 * Lie and return ok, we don't want to make the association 4336 * go away for this behavior. It will happen in the TCP 4337 * model in a connected socket. It does not reach the hash 4338 * table until after the association is built so it can't be 4339 * found. Mark as reachable, since the initial creation will 4340 * have been cleared and the NOT_IN_ASSOC flag will have 4341 * been added... and we don't want to end up removing it 4342 * back out. 4343 */ 4344 if (netfirst->dest_state & SCTP_ADDR_UNCONFIRMED) { 4345 netfirst->dest_state = (SCTP_ADDR_REACHABLE | 4346 SCTP_ADDR_UNCONFIRMED); 4347 } else { 4348 netfirst->dest_state = SCTP_ADDR_REACHABLE; 4349 } 4350 4351 return (0); 4352 } 4353 addr_inscope = 1; 4354 switch (newaddr->sa_family) { 4355 #ifdef INET 4356 case AF_INET: 4357 { 4358 struct sockaddr_in *sin; 4359 4360 sin = (struct sockaddr_in *)newaddr; 4361 if (sin->sin_addr.s_addr == 0) { 4362 /* Invalid address */ 4363 return (-1); 4364 } 4365 /* zero out the bzero area */ 4366 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); 4367 4368 /* assure len is set */ 4369 #ifdef HAVE_SIN_LEN 4370 sin->sin_len = sizeof(struct sockaddr_in); 4371 #endif 4372 if (set_scope) { 4373 #ifdef SCTP_DONT_DO_PRIVADDR_SCOPE 4374 stcb->asoc.scope.ipv4_local_scope = 1; 4375 #else 4376 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { 4377 stcb->asoc.scope.ipv4_local_scope = 1; 4378 } 4379 #endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */ 4380 } else { 4381 /* Validate the address is in scope */ 4382 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) && 4383 (stcb->asoc.scope.ipv4_local_scope == 0)) { 4384 addr_inscope = 0; 4385 } 4386 } 4387 break; 4388 } 4389 #endif 4390 #ifdef INET6 4391 case AF_INET6: 4392 { 4393 struct sockaddr_in6 *sin6; 4394 4395 sin6 = (struct sockaddr_in6 *)newaddr; 4396 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 4397 /* Invalid address */ 4398 return (-1); 4399 } 4400 /* assure len is set */ 4401 #ifdef HAVE_SIN6_LEN 4402 sin6->sin6_len = sizeof(struct sockaddr_in6); 4403 #endif 4404 if (set_scope) { 4405 if (sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id)) { 4406 stcb->asoc.scope.loopback_scope = 1; 4407 stcb->asoc.scope.local_scope = 0; 4408 stcb->asoc.scope.ipv4_local_scope = 1; 4409 stcb->asoc.scope.site_scope = 1; 4410 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 4411 /* 4412 * If the new destination is a LINK_LOCAL we 4413 * must have common site scope. Don't set 4414 * the local scope since we may not share 4415 * all links, only loopback can do this. 4416 * Links on the local network would also be 4417 * on our private network for v4 too. 4418 */ 4419 stcb->asoc.scope.ipv4_local_scope = 1; 4420 stcb->asoc.scope.site_scope = 1; 4421 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { 4422 /* 4423 * If the new destination is SITE_LOCAL then 4424 * we must have site scope in common. 4425 */ 4426 stcb->asoc.scope.site_scope = 1; 4427 } 4428 } else { 4429 /* Validate the address is in scope */ 4430 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) && 4431 (stcb->asoc.scope.loopback_scope == 0)) { 4432 addr_inscope = 0; 4433 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) && 4434 (stcb->asoc.scope.local_scope == 0)) { 4435 addr_inscope = 0; 4436 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr) && 4437 (stcb->asoc.scope.site_scope == 0)) { 4438 addr_inscope = 0; 4439 } 4440 } 4441 break; 4442 } 4443 #endif 4444 #if defined(__Userspace__) 4445 case AF_CONN: 4446 { 4447 struct sockaddr_conn *sconn; 4448 4449 sconn = (struct sockaddr_conn *)newaddr; 4450 if (sconn->sconn_addr == NULL) { 4451 /* Invalid address */ 4452 return (-1); 4453 } 4454 #ifdef HAVE_SCONN_LEN 4455 sconn->sconn_len = sizeof(struct sockaddr_conn); 4456 #endif 4457 break; 4458 } 4459 #endif 4460 default: 4461 /* not supported family type */ 4462 return (-1); 4463 } 4464 net = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_net), struct sctp_nets); 4465 if (net == NULL) { 4466 return (-1); 4467 } 4468 SCTP_INCR_RADDR_COUNT(); 4469 bzero(net, sizeof(struct sctp_nets)); 4470 (void)SCTP_GETTIME_TIMEVAL(&net->start_time); 4471 #ifdef HAVE_SA_LEN 4472 memcpy(&net->ro._l_addr, newaddr, newaddr->sa_len); 4473 #endif 4474 switch (newaddr->sa_family) { 4475 #ifdef INET 4476 case AF_INET: 4477 #ifndef HAVE_SA_LEN 4478 memcpy(&net->ro._l_addr, newaddr, sizeof(struct sockaddr_in)); 4479 #endif 4480 ((struct sockaddr_in *)&net->ro._l_addr)->sin_port = stcb->rport; 4481 break; 4482 #endif 4483 #ifdef INET6 4484 case AF_INET6: 4485 #ifndef HAVE_SA_LEN 4486 memcpy(&net->ro._l_addr, newaddr, sizeof(struct sockaddr_in6)); 4487 #endif 4488 ((struct sockaddr_in6 *)&net->ro._l_addr)->sin6_port = stcb->rport; 4489 break; 4490 #endif 4491 #if defined(__Userspace__) 4492 case AF_CONN: 4493 #ifndef HAVE_SA_LEN 4494 memcpy(&net->ro._l_addr, newaddr, sizeof(struct sockaddr_conn)); 4495 #endif 4496 ((struct sockaddr_conn *)&net->ro._l_addr)->sconn_port = stcb->rport; 4497 break; 4498 #endif 4499 default: 4500 break; 4501 } 4502 net->addr_is_local = sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id); 4503 if (net->addr_is_local && ((set_scope || (from == SCTP_ADDR_IS_CONFIRMED)))) { 4504 stcb->asoc.scope.loopback_scope = 1; 4505 stcb->asoc.scope.ipv4_local_scope = 1; 4506 stcb->asoc.scope.local_scope = 0; 4507 stcb->asoc.scope.site_scope = 1; 4508 addr_inscope = 1; 4509 } 4510 net->failure_threshold = stcb->asoc.def_net_failure; 4511 net->pf_threshold = stcb->asoc.def_net_pf_threshold; 4512 if (addr_inscope == 0) { 4513 net->dest_state = (SCTP_ADDR_REACHABLE | 4514 SCTP_ADDR_OUT_OF_SCOPE); 4515 } else { 4516 if (from == SCTP_ADDR_IS_CONFIRMED) 4517 /* SCTP_ADDR_IS_CONFIRMED is passed by connect_x */ 4518 net->dest_state = SCTP_ADDR_REACHABLE; 4519 else 4520 net->dest_state = SCTP_ADDR_REACHABLE | 4521 SCTP_ADDR_UNCONFIRMED; 4522 } 4523 /* We set this to 0, the timer code knows that 4524 * this means its an initial value 4525 */ 4526 net->rto_needed = 1; 4527 net->RTO = 0; 4528 net->RTO_measured = 0; 4529 stcb->asoc.numnets++; 4530 net->ref_count = 1; 4531 net->cwr_window_tsn = net->last_cwr_tsn = stcb->asoc.sending_seq - 1; 4532 net->port = stcb->asoc.port; 4533 net->dscp = stcb->asoc.default_dscp; 4534 #ifdef INET6 4535 net->flowlabel = stcb->asoc.default_flowlabel; 4536 #endif 4537 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DONOT_HEARTBEAT)) { 4538 net->dest_state |= SCTP_ADDR_NOHB; 4539 } else { 4540 net->dest_state &= ~SCTP_ADDR_NOHB; 4541 } 4542 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DO_NOT_PMTUD)) { 4543 net->dest_state |= SCTP_ADDR_NO_PMTUD; 4544 } else { 4545 net->dest_state &= ~SCTP_ADDR_NO_PMTUD; 4546 } 4547 net->heart_beat_delay = stcb->asoc.heart_beat_delay; 4548 /* Init the timer structure */ 4549 SCTP_OS_TIMER_INIT(&net->rxt_timer.timer); 4550 SCTP_OS_TIMER_INIT(&net->pmtu_timer.timer); 4551 SCTP_OS_TIMER_INIT(&net->hb_timer.timer); 4552 4553 /* Now generate a route for this guy */ 4554 #ifdef INET6 4555 #ifdef SCTP_EMBEDDED_V6_SCOPE 4556 /* KAME hack: embed scopeid */ 4557 if (newaddr->sa_family == AF_INET6) { 4558 struct sockaddr_in6 *sin6; 4559 4560 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 4561 #if defined(__APPLE__) 4562 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) 4563 (void)in6_embedscope(&sin6->sin6_addr, sin6, &stcb->sctp_ep->ip_inp.inp, NULL); 4564 #else 4565 (void)in6_embedscope(&sin6->sin6_addr, sin6, &stcb->sctp_ep->ip_inp.inp, NULL, NULL); 4566 #endif 4567 #elif defined(SCTP_KAME) 4568 (void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)); 4569 #else 4570 (void)in6_embedscope(&sin6->sin6_addr, sin6); 4571 #endif 4572 #ifndef SCOPEDROUTING 4573 sin6->sin6_scope_id = 0; 4574 #endif 4575 } 4576 #endif /* SCTP_EMBEDDED_V6_SCOPE */ 4577 #endif 4578 SCTP_RTALLOC((sctp_route_t *)&net->ro, stcb->asoc.vrf_id); 4579 4580 #if !defined(__Userspace__) 4581 if (SCTP_ROUTE_HAS_VALID_IFN(&net->ro)) { 4582 /* Get source address */ 4583 net->ro._s_addr = sctp_source_address_selection(stcb->sctp_ep, 4584 stcb, 4585 (sctp_route_t *)&net->ro, 4586 net, 4587 0, 4588 stcb->asoc.vrf_id); 4589 /* Now get the interface MTU */ 4590 if (net->ro._s_addr && net->ro._s_addr->ifn_p) { 4591 net->mtu = SCTP_GATHER_MTU_FROM_INTFC(net->ro._s_addr->ifn_p); 4592 } 4593 if (net->mtu > 0) { 4594 uint32_t rmtu; 4595 4596 rmtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, net->ro.ro_rt); 4597 if (rmtu == 0) { 4598 /* Start things off to match mtu of interface please. */ 4599 SCTP_SET_MTU_OF_ROUTE(&net->ro._l_addr.sa, 4600 net->ro.ro_rt, net->mtu); 4601 } else { 4602 /* we take the route mtu over the interface, since 4603 * the route may be leading out the loopback, or 4604 * a different interface. 4605 */ 4606 net->mtu = rmtu; 4607 } 4608 } 4609 } 4610 #endif 4611 if (net->mtu == 0) { 4612 switch (newaddr->sa_family) { 4613 #ifdef INET 4614 case AF_INET: 4615 net->mtu = SCTP_DEFAULT_MTU; 4616 break; 4617 #endif 4618 #ifdef INET6 4619 case AF_INET6: 4620 net->mtu = 1280; 4621 break; 4622 #endif 4623 #if defined(__Userspace__) 4624 case AF_CONN: 4625 net->mtu = 1280; 4626 break; 4627 #endif 4628 default: 4629 break; 4630 } 4631 } 4632 if (net->port) { 4633 net->mtu -= (uint32_t)sizeof(struct udphdr); 4634 } 4635 if (from == SCTP_ALLOC_ASOC) { 4636 stcb->asoc.smallest_mtu = net->mtu; 4637 } 4638 if (stcb->asoc.smallest_mtu > net->mtu) { 4639 stcb->asoc.smallest_mtu = net->mtu; 4640 } 4641 #ifdef INET6 4642 #ifdef SCTP_EMBEDDED_V6_SCOPE 4643 if (newaddr->sa_family == AF_INET6) { 4644 struct sockaddr_in6 *sin6; 4645 4646 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr; 4647 #ifdef SCTP_KAME 4648 (void)sa6_recoverscope(sin6); 4649 #else 4650 (void)in6_recoverscope(sin6, &sin6->sin6_addr, NULL); 4651 #endif /* SCTP_KAME */ 4652 } 4653 #endif /* SCTP_EMBEDDED_V6_SCOPE */ 4654 #endif 4655 4656 /* JRS - Use the congestion control given in the CC module */ 4657 if (stcb->asoc.cc_functions.sctp_set_initial_cc_param != NULL) 4658 (*stcb->asoc.cc_functions.sctp_set_initial_cc_param)(stcb, net); 4659 4660 /* 4661 * CMT: CUC algo - set find_pseudo_cumack to TRUE (1) at beginning 4662 * of assoc (2005/06/27, iyengar (at) cis.udel.edu) 4663 */ 4664 net->find_pseudo_cumack = 1; 4665 net->find_rtx_pseudo_cumack = 1; 4666 net->src_addr_selected = 0; 4667 #if defined(__FreeBSD__) 4668 /* Choose an initial flowid. */ 4669 net->flowid = stcb->asoc.my_vtag ^ 4670 ntohs(stcb->rport) ^ 4671 ntohs(stcb->sctp_ep->sctp_lport); 4672 #ifdef INVARIANTS 4673 net->flowidset = 1; 4674 #endif 4675 #endif 4676 if (netp) { 4677 *netp = net; 4678 } 4679 netfirst = TAILQ_FIRST(&stcb->asoc.nets); 4680 if (net->ro.ro_rt == NULL) { 4681 /* Since we have no route put it at the back */ 4682 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next); 4683 } else if (netfirst == NULL) { 4684 /* We are the first one in the pool. */ 4685 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next); 4686 } else if (netfirst->ro.ro_rt == NULL) { 4687 /* 4688 * First one has NO route. Place this one ahead of the first 4689 * one. 4690 */ 4691 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next); 4692 #ifndef __Panda__ 4693 } else if (net->ro.ro_rt->rt_ifp != netfirst->ro.ro_rt->rt_ifp) { 4694 /* 4695 * This one has a different interface than the one at the 4696 * top of the list. Place it ahead. 4697 */ 4698 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next); 4699 #endif 4700 } else { 4701 /* 4702 * Ok we have the same interface as the first one. Move 4703 * forward until we find either a) one with a NULL route... 4704 * insert ahead of that b) one with a different ifp.. insert 4705 * after that. c) end of the list.. insert at the tail. 4706 */ 4707 struct sctp_nets *netlook; 4708 4709 do { 4710 netlook = TAILQ_NEXT(netfirst, sctp_next); 4711 if (netlook == NULL) { 4712 /* End of the list */ 4713 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next); 4714 break; 4715 } else if (netlook->ro.ro_rt == NULL) { 4716 /* next one has NO route */ 4717 TAILQ_INSERT_BEFORE(netfirst, net, sctp_next); 4718 break; 4719 } 4720 #ifndef __Panda__ 4721 else if (netlook->ro.ro_rt->rt_ifp != net->ro.ro_rt->rt_ifp) 4722 #else 4723 else 4724 #endif 4725 { 4726 TAILQ_INSERT_AFTER(&stcb->asoc.nets, netlook, 4727 net, sctp_next); 4728 break; 4729 } 4730 #ifndef __Panda__ 4731 /* Shift forward */ 4732 netfirst = netlook; 4733 #endif 4734 } while (netlook != NULL); 4735 } 4736 4737 /* got to have a primary set */ 4738 if (stcb->asoc.primary_destination == 0) { 4739 stcb->asoc.primary_destination = net; 4740 } else if ((stcb->asoc.primary_destination->ro.ro_rt == NULL) && 4741 (net->ro.ro_rt) && 4742 ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) { 4743 /* No route to current primary adopt new primary */ 4744 stcb->asoc.primary_destination = net; 4745 } 4746 /* Validate primary is first */ 4747 net = TAILQ_FIRST(&stcb->asoc.nets); 4748 if ((net != stcb->asoc.primary_destination) && 4749 (stcb->asoc.primary_destination)) { 4750 /* first one on the list is NOT the primary 4751 * sctp_cmpaddr() is much more efficient if 4752 * the primary is the first on the list, make it 4753 * so. 4754 */ 4755 TAILQ_REMOVE(&stcb->asoc.nets, 4756 stcb->asoc.primary_destination, sctp_next); 4757 TAILQ_INSERT_HEAD(&stcb->asoc.nets, 4758 stcb->asoc.primary_destination, sctp_next); 4759 } 4760 return (0); 4761 } 4762 4763 4764 static uint32_t 4765 sctp_aloc_a_assoc_id(struct sctp_inpcb *inp, struct sctp_tcb *stcb) 4766 { 4767 uint32_t id; 4768 struct sctpasochead *head; 4769 struct sctp_tcb *lstcb; 4770 4771 SCTP_INP_WLOCK(inp); 4772 try_again: 4773 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 4774 /* TSNH */ 4775 SCTP_INP_WUNLOCK(inp); 4776 return (0); 4777 } 4778 /* 4779 * We don't allow assoc id to be one of SCTP_FUTURE_ASSOC, 4780 * SCTP_CURRENT_ASSOC and SCTP_ALL_ASSOC. 4781 */ 4782 if (inp->sctp_associd_counter <= SCTP_ALL_ASSOC) { 4783 inp->sctp_associd_counter = SCTP_ALL_ASSOC + 1; 4784 } 4785 id = inp->sctp_associd_counter; 4786 inp->sctp_associd_counter++; 4787 lstcb = sctp_findasoc_ep_asocid_locked(inp, (sctp_assoc_t)id, 0); 4788 if (lstcb) { 4789 goto try_again; 4790 } 4791 head = &inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(id, inp->hashasocidmark)]; 4792 LIST_INSERT_HEAD(head, stcb, sctp_tcbasocidhash); 4793 stcb->asoc.in_asocid_hash = 1; 4794 SCTP_INP_WUNLOCK(inp); 4795 return id; 4796 } 4797 4798 /* 4799 * allocate an association and add it to the endpoint. The caller must be 4800 * careful to add all additional addresses once they are know right away or 4801 * else the assoc will be may experience a blackout scenario. 4802 */ 4803 struct sctp_tcb * 4804 sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr, 4805 int *error, uint32_t override_tag, uint32_t vrf_id, 4806 #if defined(__FreeBSD__) && __FreeBSD_version >= 500000 4807 struct thread *p 4808 #elif defined(__Windows__) 4809 PKTHREAD p 4810 #else 4811 #if defined(__Userspace__) 4812 /* __Userspace__ NULL proc is going to be passed here. See sctp_lower_sosend */ 4813 #endif 4814 struct proc *p 4815 #endif 4816 ) 4817 { 4818 /* note the p argument is only valid in unbound sockets */ 4819 4820 struct sctp_tcb *stcb; 4821 struct sctp_association *asoc; 4822 struct sctpasochead *head; 4823 uint16_t rport; 4824 int err; 4825 4826 /* 4827 * Assumption made here: Caller has done a 4828 * sctp_findassociation_ep_addr(ep, addr's); to make sure the 4829 * address does not exist already. 4830 */ 4831 if (SCTP_BASE_INFO(ipi_count_asoc) >= SCTP_MAX_NUM_OF_ASOC) { 4832 /* Hit max assoc, sorry no more */ 4833 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS); 4834 *error = ENOBUFS; 4835 return (NULL); 4836 } 4837 if (firstaddr == NULL) { 4838 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4839 *error = EINVAL; 4840 return (NULL); 4841 } 4842 SCTP_INP_RLOCK(inp); 4843 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) && 4844 ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_PORTREUSE)) || 4845 (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) { 4846 /* 4847 * If its in the TCP pool, its NOT allowed to create an 4848 * association. The parent listener needs to call 4849 * sctp_aloc_assoc.. or the one-2-many socket. If a peeled 4850 * off, or connected one does this.. its an error. 4851 */ 4852 SCTP_INP_RUNLOCK(inp); 4853 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4854 *error = EINVAL; 4855 return (NULL); 4856 } 4857 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) || 4858 (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)) { 4859 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) || 4860 (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED)) { 4861 SCTP_INP_RUNLOCK(inp); 4862 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4863 *error = EINVAL; 4864 return (NULL); 4865 } 4866 } 4867 SCTPDBG(SCTP_DEBUG_PCB3, "Allocate an association for peer:"); 4868 #ifdef SCTP_DEBUG 4869 if (firstaddr) { 4870 SCTPDBG_ADDR(SCTP_DEBUG_PCB3, firstaddr); 4871 switch (firstaddr->sa_family) { 4872 #ifdef INET 4873 case AF_INET: 4874 SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n", 4875 ntohs(((struct sockaddr_in *)firstaddr)->sin_port)); 4876 break; 4877 #endif 4878 #ifdef INET6 4879 case AF_INET6: 4880 SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n", 4881 ntohs(((struct sockaddr_in6 *)firstaddr)->sin6_port)); 4882 break; 4883 #endif 4884 #if defined(__Userspace__) 4885 case AF_CONN: 4886 SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n", 4887 ntohs(((struct sockaddr_conn *)firstaddr)->sconn_port)); 4888 break; 4889 #endif 4890 default: 4891 break; 4892 } 4893 } else { 4894 SCTPDBG(SCTP_DEBUG_PCB3,"None\n"); 4895 } 4896 #endif /* SCTP_DEBUG */ 4897 switch (firstaddr->sa_family) { 4898 #ifdef INET 4899 case AF_INET: 4900 { 4901 struct sockaddr_in *sin; 4902 4903 sin = (struct sockaddr_in *)firstaddr; 4904 if ((ntohs(sin->sin_port) == 0) || 4905 (sin->sin_addr.s_addr == INADDR_ANY) || 4906 (sin->sin_addr.s_addr == INADDR_BROADCAST) || 4907 IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { 4908 /* Invalid address */ 4909 SCTP_INP_RUNLOCK(inp); 4910 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4911 *error = EINVAL; 4912 return (NULL); 4913 } 4914 rport = sin->sin_port; 4915 break; 4916 } 4917 #endif 4918 #ifdef INET6 4919 case AF_INET6: 4920 { 4921 struct sockaddr_in6 *sin6; 4922 4923 sin6 = (struct sockaddr_in6 *)firstaddr; 4924 if ((ntohs(sin6->sin6_port) == 0) || 4925 IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) || 4926 IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 4927 /* Invalid address */ 4928 SCTP_INP_RUNLOCK(inp); 4929 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4930 *error = EINVAL; 4931 return (NULL); 4932 } 4933 rport = sin6->sin6_port; 4934 break; 4935 } 4936 #endif 4937 #if defined(__Userspace__) 4938 case AF_CONN: 4939 { 4940 struct sockaddr_conn *sconn; 4941 4942 sconn = (struct sockaddr_conn *)firstaddr; 4943 if ((ntohs(sconn->sconn_port) == 0) || 4944 (sconn->sconn_addr == NULL)) { 4945 /* Invalid address */ 4946 SCTP_INP_RUNLOCK(inp); 4947 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4948 *error = EINVAL; 4949 return (NULL); 4950 } 4951 rport = sconn->sconn_port; 4952 break; 4953 } 4954 #endif 4955 default: 4956 /* not supported family type */ 4957 SCTP_INP_RUNLOCK(inp); 4958 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 4959 *error = EINVAL; 4960 return (NULL); 4961 } 4962 SCTP_INP_RUNLOCK(inp); 4963 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) { 4964 /* 4965 * If you have not performed a bind, then we need to do the 4966 * ephemeral bind for you. 4967 */ 4968 if ((err = sctp_inpcb_bind(inp->sctp_socket, 4969 (struct sockaddr *)NULL, 4970 (struct sctp_ifa *)NULL, 4971 #ifndef __Panda__ 4972 p 4973 #else 4974 (struct proc *)NULL 4975 #endif 4976 ))) { 4977 /* bind error, probably perm */ 4978 *error = err; 4979 return (NULL); 4980 } 4981 } 4982 stcb = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_asoc), struct sctp_tcb); 4983 if (stcb == NULL) { 4984 /* out of memory? */ 4985 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM); 4986 *error = ENOMEM; 4987 return (NULL); 4988 } 4989 SCTP_INCR_ASOC_COUNT(); 4990 4991 bzero(stcb, sizeof(*stcb)); 4992 asoc = &stcb->asoc; 4993 4994 asoc->assoc_id = sctp_aloc_a_assoc_id(inp, stcb); 4995 SCTP_TCB_LOCK_INIT(stcb); 4996 SCTP_TCB_SEND_LOCK_INIT(stcb); 4997 stcb->rport = rport; 4998 /* setup back pointer's */ 4999 stcb->sctp_ep = inp; 5000 stcb->sctp_socket = inp->sctp_socket; 5001 if ((err = sctp_init_asoc(inp, stcb, override_tag, vrf_id))) { 5002 /* failed */ 5003 SCTP_TCB_LOCK_DESTROY(stcb); 5004 SCTP_TCB_SEND_LOCK_DESTROY(stcb); 5005 LIST_REMOVE(stcb, sctp_tcbasocidhash); 5006 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb); 5007 SCTP_DECR_ASOC_COUNT(); 5008 *error = err; 5009 return (NULL); 5010 } 5011 /* and the port */ 5012 SCTP_INP_INFO_WLOCK(); 5013 SCTP_INP_WLOCK(inp); 5014 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { 5015 /* inpcb freed while alloc going on */ 5016 SCTP_TCB_LOCK_DESTROY(stcb); 5017 SCTP_TCB_SEND_LOCK_DESTROY(stcb); 5018 LIST_REMOVE(stcb, sctp_tcbasocidhash); 5019 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb); 5020 SCTP_INP_WUNLOCK(inp); 5021 SCTP_INP_INFO_WUNLOCK(); 5022 SCTP_DECR_ASOC_COUNT(); 5023 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 5024 *error = EINVAL; 5025 return (NULL); 5026 } 5027 SCTP_TCB_LOCK(stcb); 5028 5029 /* now that my_vtag is set, add it to the hash */ 5030 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))]; 5031 /* put it in the bucket in the vtag hash of assoc's for the system */ 5032 LIST_INSERT_HEAD(head, stcb, sctp_asocs); 5033 SCTP_INP_INFO_WUNLOCK(); 5034 5035 if ((err = sctp_add_remote_addr(stcb, firstaddr, NULL, SCTP_DO_SETSCOPE, SCTP_ALLOC_ASOC))) { 5036 /* failure.. memory error? */ 5037 if (asoc->strmout) { 5038 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 5039 asoc->strmout = NULL; 5040 } 5041 if (asoc->mapping_array) { 5042 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 5043 asoc->mapping_array = NULL; 5044 } 5045 if (asoc->nr_mapping_array) { 5046 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP); 5047 asoc->nr_mapping_array = NULL; 5048 } 5049 SCTP_DECR_ASOC_COUNT(); 5050 SCTP_TCB_UNLOCK(stcb); 5051 SCTP_TCB_LOCK_DESTROY(stcb); 5052 SCTP_TCB_SEND_LOCK_DESTROY(stcb); 5053 LIST_REMOVE(stcb, sctp_tcbasocidhash); 5054 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb); 5055 SCTP_INP_WUNLOCK(inp); 5056 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS); 5057 *error = ENOBUFS; 5058 return (NULL); 5059 } 5060 /* Init all the timers */ 5061 SCTP_OS_TIMER_INIT(&asoc->dack_timer.timer); 5062 SCTP_OS_TIMER_INIT(&asoc->strreset_timer.timer); 5063 SCTP_OS_TIMER_INIT(&asoc->asconf_timer.timer); 5064 SCTP_OS_TIMER_INIT(&asoc->shut_guard_timer.timer); 5065 SCTP_OS_TIMER_INIT(&asoc->autoclose_timer.timer); 5066 SCTP_OS_TIMER_INIT(&asoc->delayed_event_timer.timer); 5067 SCTP_OS_TIMER_INIT(&asoc->delete_prim_timer.timer); 5068 5069 LIST_INSERT_HEAD(&inp->sctp_asoc_list, stcb, sctp_tcblist); 5070 /* now file the port under the hash as well */ 5071 if (inp->sctp_tcbhash != NULL) { 5072 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(stcb->rport, 5073 inp->sctp_hashmark)]; 5074 LIST_INSERT_HEAD(head, stcb, sctp_tcbhash); 5075 } 5076 SCTP_INP_WUNLOCK(inp); 5077 SCTPDBG(SCTP_DEBUG_PCB1, "Association %p now allocated\n", (void *)stcb); 5078 return (stcb); 5079 } 5080 5081 5082 void 5083 sctp_remove_net(struct sctp_tcb *stcb, struct sctp_nets *net) 5084 { 5085 struct sctp_association *asoc; 5086 5087 asoc = &stcb->asoc; 5088 asoc->numnets--; 5089 TAILQ_REMOVE(&asoc->nets, net, sctp_next); 5090 if (net == asoc->primary_destination) { 5091 /* Reset primary */ 5092 struct sctp_nets *lnet; 5093 5094 lnet = TAILQ_FIRST(&asoc->nets); 5095 /* Mobility adaptation 5096 Ideally, if deleted destination is the primary, it becomes 5097 a fast retransmission trigger by the subsequent SET PRIMARY. 5098 (by micchie) 5099 */ 5100 if (sctp_is_mobility_feature_on(stcb->sctp_ep, 5101 SCTP_MOBILITY_BASE) || 5102 sctp_is_mobility_feature_on(stcb->sctp_ep, 5103 SCTP_MOBILITY_FASTHANDOFF)) { 5104 SCTPDBG(SCTP_DEBUG_ASCONF1, "remove_net: primary dst is deleting\n"); 5105 if (asoc->deleted_primary != NULL) { 5106 SCTPDBG(SCTP_DEBUG_ASCONF1, "remove_net: deleted primary may be already stored\n"); 5107 goto out; 5108 } 5109 asoc->deleted_primary = net; 5110 atomic_add_int(&net->ref_count, 1); 5111 memset(&net->lastsa, 0, sizeof(net->lastsa)); 5112 memset(&net->lastsv, 0, sizeof(net->lastsv)); 5113 sctp_mobility_feature_on(stcb->sctp_ep, 5114 SCTP_MOBILITY_PRIM_DELETED); 5115 sctp_timer_start(SCTP_TIMER_TYPE_PRIM_DELETED, 5116 stcb->sctp_ep, stcb, NULL); 5117 } 5118 out: 5119 /* Try to find a confirmed primary */ 5120 asoc->primary_destination = sctp_find_alternate_net(stcb, lnet, 0); 5121 } 5122 if (net == asoc->last_data_chunk_from) { 5123 /* Reset primary */ 5124 asoc->last_data_chunk_from = TAILQ_FIRST(&asoc->nets); 5125 } 5126 if (net == asoc->last_control_chunk_from) { 5127 /* Clear net */ 5128 asoc->last_control_chunk_from = NULL; 5129 } 5130 if (net == stcb->asoc.alternate) { 5131 sctp_free_remote_addr(stcb->asoc.alternate); 5132 stcb->asoc.alternate = NULL; 5133 } 5134 sctp_free_remote_addr(net); 5135 } 5136 5137 /* 5138 * remove a remote endpoint address from an association, it will fail if the 5139 * address does not exist. 5140 */ 5141 int 5142 sctp_del_remote_addr(struct sctp_tcb *stcb, struct sockaddr *remaddr) 5143 { 5144 /* 5145 * Here we need to remove a remote address. This is quite simple, we 5146 * first find it in the list of address for the association 5147 * (tasoc->asoc.nets) and then if it is there, we do a LIST_REMOVE 5148 * on that item. Note we do not allow it to be removed if there are 5149 * no other addresses. 5150 */ 5151 struct sctp_association *asoc; 5152 struct sctp_nets *net, *nnet; 5153 5154 asoc = &stcb->asoc; 5155 5156 /* locate the address */ 5157 TAILQ_FOREACH_SAFE(net, &asoc->nets, sctp_next, nnet) { 5158 if (net->ro._l_addr.sa.sa_family != remaddr->sa_family) { 5159 continue; 5160 } 5161 if (sctp_cmpaddr((struct sockaddr *)&net->ro._l_addr, 5162 remaddr)) { 5163 /* we found the guy */ 5164 if (asoc->numnets < 2) { 5165 /* Must have at LEAST two remote addresses */ 5166 return (-1); 5167 } else { 5168 sctp_remove_net(stcb, net); 5169 return (0); 5170 } 5171 } 5172 } 5173 /* not found. */ 5174 return (-2); 5175 } 5176 5177 void 5178 sctp_delete_from_timewait(uint32_t tag, uint16_t lport, uint16_t rport) 5179 { 5180 struct sctpvtaghead *chain; 5181 struct sctp_tagblock *twait_block; 5182 int found = 0; 5183 int i; 5184 5185 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)]; 5186 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) { 5187 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) { 5188 if ((twait_block->vtag_block[i].v_tag == tag) && 5189 (twait_block->vtag_block[i].lport == lport) && 5190 (twait_block->vtag_block[i].rport == rport)) { 5191 twait_block->vtag_block[i].tv_sec_at_expire = 0; 5192 twait_block->vtag_block[i].v_tag = 0; 5193 twait_block->vtag_block[i].lport = 0; 5194 twait_block->vtag_block[i].rport = 0; 5195 found = 1; 5196 break; 5197 } 5198 } 5199 if (found) 5200 break; 5201 } 5202 } 5203 5204 int 5205 sctp_is_in_timewait(uint32_t tag, uint16_t lport, uint16_t rport) 5206 { 5207 struct sctpvtaghead *chain; 5208 struct sctp_tagblock *twait_block; 5209 int found = 0; 5210 int i; 5211 5212 SCTP_INP_INFO_WLOCK(); 5213 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)]; 5214 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) { 5215 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) { 5216 if ((twait_block->vtag_block[i].v_tag == tag) && 5217 (twait_block->vtag_block[i].lport == lport) && 5218 (twait_block->vtag_block[i].rport == rport)) { 5219 found = 1; 5220 break; 5221 } 5222 } 5223 if (found) 5224 break; 5225 } 5226 SCTP_INP_INFO_WUNLOCK(); 5227 return (found); 5228 } 5229 5230 5231 void 5232 sctp_add_vtag_to_timewait(uint32_t tag, uint32_t time, uint16_t lport, uint16_t rport) 5233 { 5234 struct sctpvtaghead *chain; 5235 struct sctp_tagblock *twait_block; 5236 struct timeval now; 5237 int set, i; 5238 5239 if (time == 0) { 5240 /* Its disabled */ 5241 return; 5242 } 5243 (void)SCTP_GETTIME_TIMEVAL(&now); 5244 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)]; 5245 set = 0; 5246 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) { 5247 /* Block(s) present, lets find space, and expire on the fly */ 5248 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) { 5249 if ((twait_block->vtag_block[i].v_tag == 0) && 5250 !set) { 5251 twait_block->vtag_block[i].tv_sec_at_expire = 5252 now.tv_sec + time; 5253 twait_block->vtag_block[i].v_tag = tag; 5254 twait_block->vtag_block[i].lport = lport; 5255 twait_block->vtag_block[i].rport = rport; 5256 set = 1; 5257 } else if ((twait_block->vtag_block[i].v_tag) && 5258 ((long)twait_block->vtag_block[i].tv_sec_at_expire < now.tv_sec)) { 5259 /* Audit expires this guy */ 5260 twait_block->vtag_block[i].tv_sec_at_expire = 0; 5261 twait_block->vtag_block[i].v_tag = 0; 5262 twait_block->vtag_block[i].lport = 0; 5263 twait_block->vtag_block[i].rport = 0; 5264 if (set == 0) { 5265 /* Reuse it for my new tag */ 5266 twait_block->vtag_block[i].tv_sec_at_expire = now.tv_sec + time; 5267 twait_block->vtag_block[i].v_tag = tag; 5268 twait_block->vtag_block[i].lport = lport; 5269 twait_block->vtag_block[i].rport = rport; 5270 set = 1; 5271 } 5272 } 5273 } 5274 if (set) { 5275 /* 5276 * We only do up to the block where we can 5277 * place our tag for audits 5278 */ 5279 break; 5280 } 5281 } 5282 /* Need to add a new block to chain */ 5283 if (!set) { 5284 SCTP_MALLOC(twait_block, struct sctp_tagblock *, 5285 sizeof(struct sctp_tagblock), SCTP_M_TIMW); 5286 if (twait_block == NULL) { 5287 #ifdef INVARIANTS 5288 panic("Can not alloc tagblock"); 5289 #endif 5290 return; 5291 } 5292 memset(twait_block, 0, sizeof(struct sctp_tagblock)); 5293 LIST_INSERT_HEAD(chain, twait_block, sctp_nxt_tagblock); 5294 twait_block->vtag_block[0].tv_sec_at_expire = now.tv_sec + time; 5295 twait_block->vtag_block[0].v_tag = tag; 5296 twait_block->vtag_block[0].lport = lport; 5297 twait_block->vtag_block[0].rport = rport; 5298 } 5299 } 5300 5301 5302 #ifdef __Panda__ 5303 void panda_wakeup_socket(struct socket *so); 5304 #endif 5305 5306 /*- 5307 * Free the association after un-hashing the remote port. This 5308 * function ALWAYS returns holding NO LOCK on the stcb. It DOES 5309 * expect that the input to this function IS a locked TCB. 5310 * It will return 0, if it did NOT destroy the association (instead 5311 * it unlocks it. It will return NON-zero if it either destroyed the 5312 * association OR the association is already destroyed. 5313 */ 5314 int 5315 sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int from_inpcbfree, int from_location) 5316 { 5317 int i; 5318 struct sctp_association *asoc; 5319 struct sctp_nets *net, *nnet; 5320 struct sctp_laddr *laddr, *naddr; 5321 struct sctp_tmit_chunk *chk, *nchk; 5322 struct sctp_asconf_addr *aparam, *naparam; 5323 struct sctp_asconf_ack *aack, *naack; 5324 struct sctp_stream_reset_list *strrst, *nstrrst; 5325 struct sctp_queued_to_read *sq, *nsq; 5326 struct sctp_stream_queue_pending *sp, *nsp; 5327 sctp_sharedkey_t *shared_key, *nshared_key; 5328 struct socket *so; 5329 5330 /* first, lets purge the entry from the hash table. */ 5331 #if defined(__APPLE__) 5332 sctp_lock_assert(SCTP_INP_SO(inp)); 5333 #endif 5334 5335 #ifdef SCTP_LOG_CLOSING 5336 sctp_log_closing(inp, stcb, 6); 5337 #endif 5338 if (stcb->asoc.state == 0) { 5339 #ifdef SCTP_LOG_CLOSING 5340 sctp_log_closing(inp, NULL, 7); 5341 #endif 5342 /* there is no asoc, really TSNH :-0 */ 5343 return (1); 5344 } 5345 if (stcb->asoc.alternate) { 5346 sctp_free_remote_addr(stcb->asoc.alternate); 5347 stcb->asoc.alternate = NULL; 5348 } 5349 #if !defined(__APPLE__) /* TEMP: moved to below */ 5350 /* TEMP CODE */ 5351 if (stcb->freed_from_where == 0) { 5352 /* Only record the first place free happened from */ 5353 stcb->freed_from_where = from_location; 5354 } 5355 /* TEMP CODE */ 5356 #endif 5357 5358 asoc = &stcb->asoc; 5359 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 5360 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) 5361 /* nothing around */ 5362 so = NULL; 5363 else 5364 so = inp->sctp_socket; 5365 5366 /* 5367 * We used timer based freeing if a reader or writer is in the way. 5368 * So we first check if we are actually being called from a timer, 5369 * if so we abort early if a reader or writer is still in the way. 5370 */ 5371 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) && 5372 (from_inpcbfree == SCTP_NORMAL_PROC)) { 5373 /* 5374 * is it the timer driving us? if so are the reader/writers 5375 * gone? 5376 */ 5377 if (stcb->asoc.refcnt) { 5378 /* nope, reader or writer in the way */ 5379 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL); 5380 /* no asoc destroyed */ 5381 SCTP_TCB_UNLOCK(stcb); 5382 #ifdef SCTP_LOG_CLOSING 5383 sctp_log_closing(inp, stcb, 8); 5384 #endif 5385 return (0); 5386 } 5387 } 5388 /* now clean up any other timers */ 5389 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer); 5390 asoc->dack_timer.self = NULL; 5391 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer); 5392 /*- 5393 * For stream reset we don't blast this unless 5394 * it is a str-reset timer, it might be the 5395 * free-asoc timer which we DON'T want to 5396 * disturb. 5397 */ 5398 if (asoc->strreset_timer.type == SCTP_TIMER_TYPE_STRRESET) 5399 asoc->strreset_timer.self = NULL; 5400 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer); 5401 asoc->asconf_timer.self = NULL; 5402 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer); 5403 asoc->autoclose_timer.self = NULL; 5404 (void)SCTP_OS_TIMER_STOP(&asoc->shut_guard_timer.timer); 5405 asoc->shut_guard_timer.self = NULL; 5406 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer); 5407 asoc->delayed_event_timer.self = NULL; 5408 /* Mobility adaptation */ 5409 (void)SCTP_OS_TIMER_STOP(&asoc->delete_prim_timer.timer); 5410 asoc->delete_prim_timer.self = NULL; 5411 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 5412 (void)SCTP_OS_TIMER_STOP(&net->rxt_timer.timer); 5413 net->rxt_timer.self = NULL; 5414 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer); 5415 net->pmtu_timer.self = NULL; 5416 (void)SCTP_OS_TIMER_STOP(&net->hb_timer.timer); 5417 net->hb_timer.self = NULL; 5418 } 5419 /* Now the read queue needs to be cleaned up (only once) */ 5420 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0) { 5421 stcb->asoc.state |= SCTP_STATE_ABOUT_TO_BE_FREED; 5422 SCTP_INP_READ_LOCK(inp); 5423 TAILQ_FOREACH(sq, &inp->read_queue, next) { 5424 if (sq->stcb == stcb) { 5425 sq->do_not_ref_stcb = 1; 5426 sq->sinfo_cumtsn = stcb->asoc.cumulative_tsn; 5427 /* If there is no end, there never 5428 * will be now. 5429 */ 5430 if (sq->end_added == 0) { 5431 /* Held for PD-API clear that. */ 5432 sq->pdapi_aborted = 1; 5433 sq->held_length = 0; 5434 if (sctp_stcb_is_feature_on(inp, stcb, SCTP_PCB_FLAGS_PDAPIEVNT) && (so != NULL)) { 5435 /* 5436 * Need to add a PD-API aborted indication. 5437 * Setting the control_pdapi assures that it will 5438 * be added right after this msg. 5439 */ 5440 uint32_t strseq; 5441 stcb->asoc.control_pdapi = sq; 5442 strseq = (sq->sinfo_stream << 16) | sq->sinfo_ssn; 5443 sctp_ulp_notify(SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION, 5444 stcb, 5445 SCTP_PARTIAL_DELIVERY_ABORTED, 5446 (void *)&strseq, 5447 SCTP_SO_LOCKED); 5448 stcb->asoc.control_pdapi = NULL; 5449 } 5450 } 5451 /* Add an end to wake them */ 5452 sq->end_added = 1; 5453 } 5454 } 5455 SCTP_INP_READ_UNLOCK(inp); 5456 if (stcb->block_entry) { 5457 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_PCB, ECONNRESET); 5458 stcb->block_entry->error = ECONNRESET; 5459 stcb->block_entry = NULL; 5460 } 5461 } 5462 if ((stcb->asoc.refcnt) || (stcb->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE)) { 5463 /* Someone holds a reference OR the socket is unaccepted yet. 5464 */ 5465 if ((stcb->asoc.refcnt) || 5466 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 5467 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { 5468 stcb->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE; 5469 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL); 5470 } 5471 SCTP_TCB_UNLOCK(stcb); 5472 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 5473 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) 5474 /* nothing around */ 5475 so = NULL; 5476 if (so) { 5477 /* Wake any reader/writers */ 5478 sctp_sorwakeup(inp, so); 5479 sctp_sowwakeup(inp, so); 5480 } 5481 5482 #ifdef SCTP_LOG_CLOSING 5483 sctp_log_closing(inp, stcb, 9); 5484 #endif 5485 /* no asoc destroyed */ 5486 return (0); 5487 } 5488 #ifdef SCTP_LOG_CLOSING 5489 sctp_log_closing(inp, stcb, 10); 5490 #endif 5491 /* When I reach here, no others want 5492 * to kill the assoc yet.. and I own 5493 * the lock. Now its possible an abort 5494 * comes in when I do the lock exchange 5495 * below to grab all the locks to do 5496 * the final take out. to prevent this 5497 * we increment the count, which will 5498 * start a timer and blow out above thus 5499 * assuring us that we hold exclusive 5500 * killing of the asoc. Note that 5501 * after getting back the TCB lock 5502 * we will go ahead and increment the 5503 * counter back up and stop any timer 5504 * a passing stranger may have started :-S 5505 */ 5506 if (from_inpcbfree == SCTP_NORMAL_PROC) { 5507 atomic_add_int(&stcb->asoc.refcnt, 1); 5508 5509 SCTP_TCB_UNLOCK(stcb); 5510 SCTP_INP_INFO_WLOCK(); 5511 SCTP_INP_WLOCK(inp); 5512 SCTP_TCB_LOCK(stcb); 5513 } 5514 /* Double check the GONE flag */ 5515 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || 5516 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) 5517 /* nothing around */ 5518 so = NULL; 5519 5520 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) || 5521 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) { 5522 /* 5523 * For TCP type we need special handling when we are 5524 * connected. We also include the peel'ed off ones to. 5525 */ 5526 if (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) { 5527 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CONNECTED; 5528 inp->sctp_flags |= SCTP_PCB_FLAGS_WAS_CONNECTED; 5529 if (so) { 5530 SOCK_LOCK(so); 5531 if (so->so_rcv.sb_cc == 0) { 5532 so->so_state &= ~(SS_ISCONNECTING | 5533 SS_ISDISCONNECTING | 5534 SS_ISCONFIRMING | 5535 SS_ISCONNECTED); 5536 } 5537 #if defined(__APPLE__) 5538 socantrcvmore(so); 5539 #else 5540 socantrcvmore_locked(so); 5541 #endif 5542 sctp_sowwakeup(inp, so); 5543 sctp_sorwakeup(inp, so); 5544 SCTP_SOWAKEUP(so); 5545 } 5546 } 5547 } 5548 5549 /* Make it invalid too, that way if its 5550 * about to run it will abort and return. 5551 */ 5552 /* re-increment the lock */ 5553 if (from_inpcbfree == SCTP_NORMAL_PROC) { 5554 atomic_add_int(&stcb->asoc.refcnt, -1); 5555 } 5556 if (stcb->asoc.refcnt) { 5557 stcb->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE; 5558 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL); 5559 if (from_inpcbfree == SCTP_NORMAL_PROC) { 5560 SCTP_INP_INFO_WUNLOCK(); 5561 SCTP_INP_WUNLOCK(inp); 5562 } 5563 SCTP_TCB_UNLOCK(stcb); 5564 return (0); 5565 } 5566 asoc->state = 0; 5567 if (inp->sctp_tcbhash) { 5568 LIST_REMOVE(stcb, sctp_tcbhash); 5569 } 5570 if (stcb->asoc.in_asocid_hash) { 5571 LIST_REMOVE(stcb, sctp_tcbasocidhash); 5572 } 5573 /* Now lets remove it from the list of ALL associations in the EP */ 5574 LIST_REMOVE(stcb, sctp_tcblist); 5575 if (from_inpcbfree == SCTP_NORMAL_PROC) { 5576 SCTP_INP_INCR_REF(inp); 5577 SCTP_INP_WUNLOCK(inp); 5578 } 5579 /* pull from vtag hash */ 5580 LIST_REMOVE(stcb, sctp_asocs); 5581 sctp_add_vtag_to_timewait(asoc->my_vtag, SCTP_BASE_SYSCTL(sctp_vtag_time_wait), 5582 inp->sctp_lport, stcb->rport); 5583 5584 /* Now restop the timers to be sure 5585 * this is paranoia at is finest! 5586 */ 5587 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer); 5588 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer); 5589 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer); 5590 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer); 5591 (void)SCTP_OS_TIMER_STOP(&asoc->shut_guard_timer.timer); 5592 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer); 5593 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer); 5594 TAILQ_FOREACH(net, &asoc->nets, sctp_next) { 5595 (void)SCTP_OS_TIMER_STOP(&net->rxt_timer.timer); 5596 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer); 5597 (void)SCTP_OS_TIMER_STOP(&net->hb_timer.timer); 5598 } 5599 5600 asoc->strreset_timer.type = SCTP_TIMER_TYPE_NONE; 5601 /* 5602 * The chunk lists and such SHOULD be empty but we check them just 5603 * in case. 5604 */ 5605 /* anything on the wheel needs to be removed */ 5606 for (i = 0; i < asoc->streamoutcnt; i++) { 5607 struct sctp_stream_out *outs; 5608 5609 outs = &asoc->strmout[i]; 5610 /* now clean up any chunks here */ 5611 TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) { 5612 TAILQ_REMOVE(&outs->outqueue, sp, next); 5613 sctp_free_spbufspace(stcb, asoc, sp); 5614 if (sp->data) { 5615 if (so) { 5616 /* Still an open socket - report */ 5617 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb, 5618 0, (void *)sp, SCTP_SO_LOCKED); 5619 } 5620 if (sp->data) { 5621 sctp_m_freem(sp->data); 5622 sp->data = NULL; 5623 sp->tail_mbuf = NULL; 5624 sp->length = 0; 5625 } 5626 } 5627 if (sp->net) { 5628 sctp_free_remote_addr(sp->net); 5629 sp->net = NULL; 5630 } 5631 sctp_free_a_strmoq(stcb, sp, SCTP_SO_LOCKED); 5632 } 5633 } 5634 /*sa_ignore FREED_MEMORY*/ 5635 TAILQ_FOREACH_SAFE(strrst, &asoc->resetHead, next_resp, nstrrst) { 5636 TAILQ_REMOVE(&asoc->resetHead, strrst, next_resp); 5637 SCTP_FREE(strrst, SCTP_M_STRESET); 5638 } 5639 TAILQ_FOREACH_SAFE(sq, &asoc->pending_reply_queue, next, nsq) { 5640 TAILQ_REMOVE(&asoc->pending_reply_queue, sq, next); 5641 if (sq->data) { 5642 sctp_m_freem(sq->data); 5643 sq->data = NULL; 5644 } 5645 sctp_free_remote_addr(sq->whoFrom); 5646 sq->whoFrom = NULL; 5647 sq->stcb = NULL; 5648 /* Free the ctl entry */ 5649 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), sq); 5650 SCTP_DECR_READQ_COUNT(); 5651 /*sa_ignore FREED_MEMORY*/ 5652 } 5653 TAILQ_FOREACH_SAFE(chk, &asoc->free_chunks, sctp_next, nchk) { 5654 TAILQ_REMOVE(&asoc->free_chunks, chk, sctp_next); 5655 if (chk->data) { 5656 sctp_m_freem(chk->data); 5657 chk->data = NULL; 5658 } 5659 if (chk->holds_key_ref) 5660 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); 5661 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); 5662 SCTP_DECR_CHK_COUNT(); 5663 atomic_subtract_int(&SCTP_BASE_INFO(ipi_free_chunks), 1); 5664 asoc->free_chunk_cnt--; 5665 /*sa_ignore FREED_MEMORY*/ 5666 } 5667 /* pending send queue SHOULD be empty */ 5668 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { 5669 if (asoc->strmout[chk->rec.data.stream_number].chunks_on_queues > 0) { 5670 asoc->strmout[chk->rec.data.stream_number].chunks_on_queues--; 5671 #ifdef INVARIANTS 5672 } else { 5673 panic("No chunks on the queues for sid %u.", chk->rec.data.stream_number); 5674 #endif 5675 } 5676 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next); 5677 if (chk->data) { 5678 if (so) { 5679 /* Still a socket? */ 5680 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb, 5681 0, chk, SCTP_SO_LOCKED); 5682 } 5683 if (chk->data) { 5684 sctp_m_freem(chk->data); 5685 chk->data = NULL; 5686 } 5687 } 5688 if (chk->holds_key_ref) 5689 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); 5690 if (chk->whoTo) { 5691 sctp_free_remote_addr(chk->whoTo); 5692 chk->whoTo = NULL; 5693 } 5694 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); 5695 SCTP_DECR_CHK_COUNT(); 5696 /*sa_ignore FREED_MEMORY*/ 5697 } 5698 /* sent queue SHOULD be empty */ 5699 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) { 5700 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) { 5701 if (asoc->strmout[chk->rec.data.stream_number].chunks_on_queues > 0) { 5702 asoc->strmout[chk->rec.data.stream_number].chunks_on_queues--; 5703 #ifdef INVARIANTS 5704 } else { 5705 panic("No chunks on the queues for sid %u.", chk->rec.data.stream_number); 5706 #endif 5707 } 5708 } 5709 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next); 5710 if (chk->data) { 5711 if (so) { 5712 /* Still a socket? */ 5713 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb, 5714 0, chk, SCTP_SO_LOCKED); 5715 } 5716 if (chk->data) { 5717 sctp_m_freem(chk->data); 5718 chk->data = NULL; 5719 } 5720 } 5721 if (chk->holds_key_ref) 5722 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); 5723 sctp_free_remote_addr(chk->whoTo); 5724 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); 5725 SCTP_DECR_CHK_COUNT(); 5726 /*sa_ignore FREED_MEMORY*/ 5727 } 5728 #ifdef INVARIANTS 5729 for (i = 0; i < stcb->asoc.streamoutcnt; i++) { 5730 if (stcb->asoc.strmout[i].chunks_on_queues > 0) { 5731 panic("%u chunks left for stream %u.", stcb->asoc.strmout[i].chunks_on_queues, i); 5732 } 5733 } 5734 #endif 5735 /* control queue MAY not be empty */ 5736 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) { 5737 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next); 5738 if (chk->data) { 5739 sctp_m_freem(chk->data); 5740 chk->data = NULL; 5741 } 5742 if (chk->holds_key_ref) 5743 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); 5744 sctp_free_remote_addr(chk->whoTo); 5745 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); 5746 SCTP_DECR_CHK_COUNT(); 5747 /*sa_ignore FREED_MEMORY*/ 5748 } 5749 /* ASCONF queue MAY not be empty */ 5750 TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) { 5751 TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next); 5752 if (chk->data) { 5753 sctp_m_freem(chk->data); 5754 chk->data = NULL; 5755 } 5756 if (chk->holds_key_ref) 5757 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); 5758 sctp_free_remote_addr(chk->whoTo); 5759 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); 5760 SCTP_DECR_CHK_COUNT(); 5761 /*sa_ignore FREED_MEMORY*/ 5762 } 5763 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) { 5764 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next); 5765 if (chk->data) { 5766 sctp_m_freem(chk->data); 5767 chk->data = NULL; 5768 } 5769 if (chk->holds_key_ref) 5770 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED); 5771 sctp_free_remote_addr(chk->whoTo); 5772 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk); 5773 SCTP_DECR_CHK_COUNT(); 5774 /*sa_ignore FREED_MEMORY*/ 5775 } 5776 5777 if (asoc->mapping_array) { 5778 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); 5779 asoc->mapping_array = NULL; 5780 } 5781 if (asoc->nr_mapping_array) { 5782 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP); 5783 asoc->nr_mapping_array = NULL; 5784 } 5785 /* the stream outs */ 5786 if (asoc->strmout) { 5787 SCTP_FREE(asoc->strmout, SCTP_M_STRMO); 5788 asoc->strmout = NULL; 5789 } 5790 asoc->strm_realoutsize = asoc->streamoutcnt = 0; 5791 if (asoc->strmin) { 5792 struct sctp_queued_to_read *ctl, *nctl; 5793 5794 for (i = 0; i < asoc->streamincnt; i++) { 5795 TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[i].inqueue, next, nctl) { 5796 TAILQ_REMOVE(&asoc->strmin[i].inqueue, ctl, next); 5797 sctp_free_remote_addr(ctl->whoFrom); 5798 if (ctl->data) { 5799 sctp_m_freem(ctl->data); 5800 ctl->data = NULL; 5801 } 5802 /* 5803 * We don't free the address here 5804 * since all the net's were freed 5805 * above. 5806 */ 5807 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), ctl); 5808 SCTP_DECR_READQ_COUNT(); 5809 } 5810 } 5811 SCTP_FREE(asoc->strmin, SCTP_M_STRMI); 5812 asoc->strmin = NULL; 5813 } 5814 asoc->streamincnt = 0; 5815 TAILQ_FOREACH_SAFE(net, &asoc->nets, sctp_next, nnet) { 5816 #ifdef INVARIANTS 5817 if (SCTP_BASE_INFO(ipi_count_raddr) == 0) { 5818 panic("no net's left alloc'ed, or list points to itself"); 5819 } 5820 #endif 5821 TAILQ_REMOVE(&asoc->nets, net, sctp_next); 5822 sctp_free_remote_addr(net); 5823 } 5824 LIST_FOREACH_SAFE(laddr, &asoc->sctp_restricted_addrs, sctp_nxt_addr, naddr) { 5825 /*sa_ignore FREED_MEMORY*/ 5826 sctp_remove_laddr(laddr); 5827 } 5828 5829 /* pending asconf (address) parameters */ 5830 TAILQ_FOREACH_SAFE(aparam, &asoc->asconf_queue, next, naparam) { 5831 /*sa_ignore FREED_MEMORY*/ 5832 TAILQ_REMOVE(&asoc->asconf_queue, aparam, next); 5833 SCTP_FREE(aparam,SCTP_M_ASC_ADDR); 5834 } 5835 TAILQ_FOREACH_SAFE(aack, &asoc->asconf_ack_sent, next, naack) { 5836 /*sa_ignore FREED_MEMORY*/ 5837 TAILQ_REMOVE(&asoc->asconf_ack_sent, aack, next); 5838 if (aack->data != NULL) { 5839 sctp_m_freem(aack->data); 5840 } 5841 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asconf_ack), aack); 5842 } 5843 /* clean up auth stuff */ 5844 if (asoc->local_hmacs) 5845 sctp_free_hmaclist(asoc->local_hmacs); 5846 if (asoc->peer_hmacs) 5847 sctp_free_hmaclist(asoc->peer_hmacs); 5848 5849 if (asoc->local_auth_chunks) 5850 sctp_free_chunklist(asoc->local_auth_chunks); 5851 if (asoc->peer_auth_chunks) 5852 sctp_free_chunklist(asoc->peer_auth_chunks); 5853 5854 sctp_free_authinfo(&asoc->authinfo); 5855 5856 LIST_FOREACH_SAFE(shared_key, &asoc->shared_keys, next, nshared_key) { 5857 LIST_REMOVE(shared_key, next); 5858 sctp_free_sharedkey(shared_key); 5859 /*sa_ignore FREED_MEMORY*/ 5860 } 5861 5862 /* Insert new items here :> */ 5863 5864 /* Get rid of LOCK */ 5865 SCTP_TCB_UNLOCK(stcb); 5866 SCTP_TCB_LOCK_DESTROY(stcb); 5867 SCTP_TCB_SEND_LOCK_DESTROY(stcb); 5868 if (from_inpcbfree == SCTP_NORMAL_PROC) { 5869 SCTP_INP_INFO_WUNLOCK(); 5870 SCTP_INP_RLOCK(inp); 5871 } 5872 #if defined(__APPLE__) /* TEMP CODE */ 5873 stcb->freed_from_where = from_location; 5874 #endif 5875 #ifdef SCTP_TRACK_FREED_ASOCS 5876 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 5877 /* now clean up the tasoc itself */ 5878 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb); 5879 SCTP_DECR_ASOC_COUNT(); 5880 } else { 5881 LIST_INSERT_HEAD(&inp->sctp_asoc_free_list, stcb, sctp_tcblist); 5882 } 5883 #else 5884 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb); 5885 SCTP_DECR_ASOC_COUNT(); 5886 #endif 5887 if (from_inpcbfree == SCTP_NORMAL_PROC) { 5888 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) { 5889 /* If its NOT the inp_free calling us AND 5890 * sctp_close as been called, we 5891 * call back... 5892 */ 5893 SCTP_INP_RUNLOCK(inp); 5894 /* This will start the kill timer (if we are 5895 * the last one) since we hold an increment yet. But 5896 * this is the only safe way to do this 5897 * since otherwise if the socket closes 5898 * at the same time we are here we might 5899 * collide in the cleanup. 5900 */ 5901 sctp_inpcb_free(inp, 5902 SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE, 5903 SCTP_CALLED_DIRECTLY_NOCMPSET); 5904 SCTP_INP_DECR_REF(inp); 5905 goto out_of; 5906 } else { 5907 /* The socket is still open. */ 5908 SCTP_INP_DECR_REF(inp); 5909 } 5910 } 5911 if (from_inpcbfree == SCTP_NORMAL_PROC) { 5912 SCTP_INP_RUNLOCK(inp); 5913 } 5914 out_of: 5915 /* destroyed the asoc */ 5916 #ifdef SCTP_LOG_CLOSING 5917 sctp_log_closing(inp, NULL, 11); 5918 #endif 5919 return (1); 5920 } 5921 5922 5923 5924 /* 5925 * determine if a destination is "reachable" based upon the addresses bound 5926 * to the current endpoint (e.g. only v4 or v6 currently bound) 5927 */ 5928 /* 5929 * FIX: if we allow assoc-level bindx(), then this needs to be fixed to use 5930 * assoc level v4/v6 flags, as the assoc *may* not have the same address 5931 * types bound as its endpoint 5932 */ 5933 int 5934 sctp_destination_is_reachable(struct sctp_tcb *stcb, struct sockaddr *destaddr) 5935 { 5936 struct sctp_inpcb *inp; 5937 int answer; 5938 5939 /* 5940 * No locks here, the TCB, in all cases is already locked and an 5941 * assoc is up. There is either a INP lock by the caller applied (in 5942 * asconf case when deleting an address) or NOT in the HB case, 5943 * however if HB then the INP increment is up and the INP will not 5944 * be removed (on top of the fact that we have a TCB lock). So we 5945 * only want to read the sctp_flags, which is either bound-all or 5946 * not.. no protection needed since once an assoc is up you can't be 5947 * changing your binding. 5948 */ 5949 inp = stcb->sctp_ep; 5950 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 5951 /* if bound all, destination is not restricted */ 5952 /* 5953 * RRS: Question during lock work: Is this correct? If you 5954 * are bound-all you still might need to obey the V4--V6 5955 * flags??? IMO this bound-all stuff needs to be removed! 5956 */ 5957 return (1); 5958 } 5959 /* NOTE: all "scope" checks are done when local addresses are added */ 5960 switch (destaddr->sa_family) { 5961 #ifdef INET6 5962 case AF_INET6: 5963 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__)) 5964 answer = inp->inp_vflag & INP_IPV6; 5965 #else 5966 answer = inp->ip_inp.inp.inp_vflag & INP_IPV6; 5967 #endif 5968 break; 5969 #endif 5970 #ifdef INET 5971 case AF_INET: 5972 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__)) 5973 answer = inp->inp_vflag & INP_IPV4; 5974 #else 5975 answer = inp->ip_inp.inp.inp_vflag & INP_IPV4; 5976 #endif 5977 break; 5978 #endif 5979 #if defined(__Userspace__) 5980 case AF_CONN: 5981 answer = inp->ip_inp.inp.inp_vflag & INP_CONN; 5982 break; 5983 #endif 5984 default: 5985 /* invalid family, so it's unreachable */ 5986 answer = 0; 5987 break; 5988 } 5989 return (answer); 5990 } 5991 5992 /* 5993 * update the inp_vflags on an endpoint 5994 */ 5995 static void 5996 sctp_update_ep_vflag(struct sctp_inpcb *inp) 5997 { 5998 struct sctp_laddr *laddr; 5999 6000 /* first clear the flag */ 6001 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__)) 6002 inp->inp_vflag = 0; 6003 #else 6004 inp->ip_inp.inp.inp_vflag = 0; 6005 #endif 6006 /* set the flag based on addresses on the ep list */ 6007 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 6008 if (laddr->ifa == NULL) { 6009 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n", 6010 __FUNCTION__); 6011 continue; 6012 } 6013 6014 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) { 6015 continue; 6016 } 6017 switch (laddr->ifa->address.sa.sa_family) { 6018 #ifdef INET6 6019 case AF_INET6: 6020 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__)) 6021 inp->inp_vflag |= INP_IPV6; 6022 #else 6023 inp->ip_inp.inp.inp_vflag |= INP_IPV6; 6024 #endif 6025 break; 6026 #endif 6027 #ifdef INET 6028 case AF_INET: 6029 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__)) 6030 inp->inp_vflag |= INP_IPV4; 6031 #else 6032 inp->ip_inp.inp.inp_vflag |= INP_IPV4; 6033 #endif 6034 break; 6035 #endif 6036 #if defined(__Userspace__) 6037 case AF_CONN: 6038 inp->ip_inp.inp.inp_vflag |= INP_CONN; 6039 break; 6040 #endif 6041 default: 6042 break; 6043 } 6044 } 6045 } 6046 6047 /* 6048 * Add the address to the endpoint local address list There is nothing to be 6049 * done if we are bound to all addresses 6050 */ 6051 void 6052 sctp_add_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa, uint32_t action) 6053 { 6054 struct sctp_laddr *laddr; 6055 int fnd, error = 0; 6056 6057 fnd = 0; 6058 6059 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6060 /* You are already bound to all. You have it already */ 6061 return; 6062 } 6063 #ifdef INET6 6064 if (ifa->address.sa.sa_family == AF_INET6) { 6065 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 6066 /* Can't bind a non-useable addr. */ 6067 return; 6068 } 6069 } 6070 #endif 6071 /* first, is it already present? */ 6072 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 6073 if (laddr->ifa == ifa) { 6074 fnd = 1; 6075 break; 6076 } 6077 } 6078 6079 if (fnd == 0) { 6080 /* Not in the ep list */ 6081 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, action); 6082 if (error != 0) 6083 return; 6084 inp->laddr_count++; 6085 /* update inp_vflag flags */ 6086 switch (ifa->address.sa.sa_family) { 6087 #ifdef INET6 6088 case AF_INET6: 6089 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__)) 6090 inp->inp_vflag |= INP_IPV6; 6091 #else 6092 inp->ip_inp.inp.inp_vflag |= INP_IPV6; 6093 #endif 6094 break; 6095 #endif 6096 #ifdef INET 6097 case AF_INET: 6098 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__)) 6099 inp->inp_vflag |= INP_IPV4; 6100 #else 6101 inp->ip_inp.inp.inp_vflag |= INP_IPV4; 6102 #endif 6103 break; 6104 #endif 6105 #if defined(__Userspace__) 6106 case AF_CONN: 6107 inp->ip_inp.inp.inp_vflag |= INP_CONN; 6108 break; 6109 #endif 6110 default: 6111 break; 6112 } 6113 } 6114 return; 6115 } 6116 6117 6118 /* 6119 * select a new (hopefully reachable) destination net (should only be used 6120 * when we deleted an ep addr that is the only usable source address to reach 6121 * the destination net) 6122 */ 6123 static void 6124 sctp_select_primary_destination(struct sctp_tcb *stcb) 6125 { 6126 struct sctp_nets *net; 6127 6128 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 6129 /* for now, we'll just pick the first reachable one we find */ 6130 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) 6131 continue; 6132 if (sctp_destination_is_reachable(stcb, 6133 (struct sockaddr *)&net->ro._l_addr)) { 6134 /* found a reachable destination */ 6135 stcb->asoc.primary_destination = net; 6136 } 6137 } 6138 /* I can't there from here! ...we're gonna die shortly... */ 6139 } 6140 6141 6142 /* 6143 * Delete the address from the endpoint local address list There is nothing 6144 * to be done if we are bound to all addresses 6145 */ 6146 void 6147 sctp_del_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa) 6148 { 6149 struct sctp_laddr *laddr; 6150 int fnd; 6151 6152 fnd = 0; 6153 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) { 6154 /* You are already bound to all. You have it already */ 6155 return; 6156 } 6157 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { 6158 if (laddr->ifa == ifa) { 6159 fnd = 1; 6160 break; 6161 } 6162 } 6163 if (fnd && (inp->laddr_count < 2)) { 6164 /* can't delete unless there are at LEAST 2 addresses */ 6165 return; 6166 } 6167 if (fnd) { 6168 /* 6169 * clean up any use of this address go through our 6170 * associations and clear any last_used_address that match 6171 * this one for each assoc, see if a new primary_destination 6172 * is needed 6173 */ 6174 struct sctp_tcb *stcb; 6175 6176 /* clean up "next_addr_touse" */ 6177 if (inp->next_addr_touse == laddr) 6178 /* delete this address */ 6179 inp->next_addr_touse = NULL; 6180 6181 /* clean up "last_used_address" */ 6182 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 6183 struct sctp_nets *net; 6184 SCTP_TCB_LOCK(stcb); 6185 if (stcb->asoc.last_used_address == laddr) 6186 /* delete this address */ 6187 stcb->asoc.last_used_address = NULL; 6188 /* Now spin through all the nets and purge any ref to laddr */ 6189 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 6190 if (net->ro._s_addr && 6191 (net->ro._s_addr->ifa == laddr->ifa)) { 6192 /* Yep, purge src address selected */ 6193 sctp_rtentry_t *rt; 6194 6195 /* delete this address if cached */ 6196 rt = net->ro.ro_rt; 6197 if (rt != NULL) { 6198 RTFREE(rt); 6199 net->ro.ro_rt = NULL; 6200 } 6201 sctp_free_ifa(net->ro._s_addr); 6202 net->ro._s_addr = NULL; 6203 net->src_addr_selected = 0; 6204 } 6205 } 6206 SCTP_TCB_UNLOCK(stcb); 6207 } /* for each tcb */ 6208 /* remove it from the ep list */ 6209 sctp_remove_laddr(laddr); 6210 inp->laddr_count--; 6211 /* update inp_vflag flags */ 6212 sctp_update_ep_vflag(inp); 6213 } 6214 return; 6215 } 6216 6217 /* 6218 * Add the address to the TCB local address restricted list. 6219 * This is a "pending" address list (eg. addresses waiting for an 6220 * ASCONF-ACK response) and cannot be used as a valid source address. 6221 */ 6222 void 6223 sctp_add_local_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa) 6224 { 6225 struct sctp_laddr *laddr; 6226 struct sctpladdr *list; 6227 6228 /* 6229 * Assumes TCB is locked.. and possibly the INP. May need to 6230 * confirm/fix that if we need it and is not the case. 6231 */ 6232 list = &stcb->asoc.sctp_restricted_addrs; 6233 6234 #ifdef INET6 6235 if (ifa->address.sa.sa_family == AF_INET6) { 6236 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) { 6237 /* Can't bind a non-existent addr. */ 6238 return; 6239 } 6240 } 6241 #endif 6242 /* does the address already exist? */ 6243 LIST_FOREACH(laddr, list, sctp_nxt_addr) { 6244 if (laddr->ifa == ifa) { 6245 return; 6246 } 6247 } 6248 6249 /* add to the list */ 6250 (void)sctp_insert_laddr(list, ifa, 0); 6251 return; 6252 } 6253 6254 /* 6255 * insert an laddr entry with the given ifa for the desired list 6256 */ 6257 int 6258 sctp_insert_laddr(struct sctpladdr *list, struct sctp_ifa *ifa, uint32_t act) 6259 { 6260 struct sctp_laddr *laddr; 6261 6262 laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); 6263 if (laddr == NULL) { 6264 /* out of memory? */ 6265 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); 6266 return (EINVAL); 6267 } 6268 SCTP_INCR_LADDR_COUNT(); 6269 bzero(laddr, sizeof(*laddr)); 6270 (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time); 6271 laddr->ifa = ifa; 6272 laddr->action = act; 6273 atomic_add_int(&ifa->refcount, 1); 6274 /* insert it */ 6275 LIST_INSERT_HEAD(list, laddr, sctp_nxt_addr); 6276 6277 return (0); 6278 } 6279 6280 /* 6281 * Remove an laddr entry from the local address list (on an assoc) 6282 */ 6283 void 6284 sctp_remove_laddr(struct sctp_laddr *laddr) 6285 { 6286 6287 /* remove from the list */ 6288 LIST_REMOVE(laddr, sctp_nxt_addr); 6289 sctp_free_ifa(laddr->ifa); 6290 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), laddr); 6291 SCTP_DECR_LADDR_COUNT(); 6292 } 6293 6294 /* 6295 * Remove a local address from the TCB local address restricted list 6296 */ 6297 void 6298 sctp_del_local_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa) 6299 { 6300 struct sctp_inpcb *inp; 6301 struct sctp_laddr *laddr; 6302 6303 /* 6304 * This is called by asconf work. It is assumed that a) The TCB is 6305 * locked and b) The INP is locked. This is true in as much as I can 6306 * trace through the entry asconf code where I did these locks. 6307 * Again, the ASCONF code is a bit different in that it does lock 6308 * the INP during its work often times. This must be since we don't 6309 * want other proc's looking up things while what they are looking 6310 * up is changing :-D 6311 */ 6312 6313 inp = stcb->sctp_ep; 6314 /* if subset bound and don't allow ASCONF's, can't delete last */ 6315 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) && 6316 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF)) { 6317 if (stcb->sctp_ep->laddr_count < 2) { 6318 /* can't delete last address */ 6319 return; 6320 } 6321 } 6322 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) { 6323 /* remove the address if it exists */ 6324 if (laddr->ifa == NULL) 6325 continue; 6326 if (laddr->ifa == ifa) { 6327 sctp_remove_laddr(laddr); 6328 return; 6329 } 6330 } 6331 6332 /* address not found! */ 6333 return; 6334 } 6335 6336 #if defined(__FreeBSD__) 6337 /* 6338 * Temporarily remove for __APPLE__ until we use the Tiger equivalents 6339 */ 6340 /* sysctl */ 6341 static int sctp_max_number_of_assoc = SCTP_MAX_NUM_OF_ASOC; 6342 static int sctp_scale_up_for_address = SCTP_SCALE_FOR_ADDR; 6343 #endif /* FreeBSD || APPLE */ 6344 6345 6346 6347 #if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP) 6348 struct sctp_mcore_ctrl *sctp_mcore_workers = NULL; 6349 int *sctp_cpuarry = NULL; 6350 void 6351 sctp_queue_to_mcore(struct mbuf *m, int off, int cpu_to_use) 6352 { 6353 /* Queue a packet to a processor for the specified core */ 6354 struct sctp_mcore_queue *qent; 6355 struct sctp_mcore_ctrl *wkq; 6356 int need_wake = 0; 6357 if (sctp_mcore_workers == NULL) { 6358 /* Something went way bad during setup */ 6359 sctp_input_with_port(m, off, 0); 6360 return; 6361 } 6362 SCTP_MALLOC(qent, struct sctp_mcore_queue *, 6363 (sizeof(struct sctp_mcore_queue)), 6364 SCTP_M_MCORE); 6365 if (qent == NULL) { 6366 /* This is trouble */ 6367 sctp_input_with_port(m, off, 0); 6368 return; 6369 } 6370 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000 6371 qent->vn = curvnet; 6372 #endif 6373 qent->m = m; 6374 qent->off = off; 6375 qent->v6 = 0; 6376 wkq = &sctp_mcore_workers[cpu_to_use]; 6377 SCTP_MCORE_QLOCK(wkq); 6378 6379 TAILQ_INSERT_TAIL(&wkq->que, qent, next); 6380 if (wkq->running == 0) { 6381 need_wake = 1; 6382 } 6383 SCTP_MCORE_QUNLOCK(wkq); 6384 if (need_wake) { 6385 wakeup(&wkq->running); 6386 } 6387 } 6388 6389 static void 6390 sctp_mcore_thread(void *arg) 6391 { 6392 6393 struct sctp_mcore_ctrl *wkq; 6394 struct sctp_mcore_queue *qent; 6395 6396 wkq = (struct sctp_mcore_ctrl *)arg; 6397 struct mbuf *m; 6398 int off, v6; 6399 6400 /* Wait for first tickle */ 6401 SCTP_MCORE_LOCK(wkq); 6402 wkq->running = 0; 6403 msleep(&wkq->running, 6404 &wkq->core_mtx, 6405 0, "wait for pkt", 0); 6406 SCTP_MCORE_UNLOCK(wkq); 6407 6408 /* Bind to our cpu */ 6409 thread_lock(curthread); 6410 sched_bind(curthread, wkq->cpuid); 6411 thread_unlock(curthread); 6412 6413 /* Now lets start working */ 6414 SCTP_MCORE_LOCK(wkq); 6415 /* Now grab lock and go */ 6416 for (;;) { 6417 SCTP_MCORE_QLOCK(wkq); 6418 skip_sleep: 6419 wkq->running = 1; 6420 qent = TAILQ_FIRST(&wkq->que); 6421 if (qent) { 6422 TAILQ_REMOVE(&wkq->que, qent, next); 6423 SCTP_MCORE_QUNLOCK(wkq); 6424 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000 6425 CURVNET_SET(qent->vn); 6426 #endif 6427 m = qent->m; 6428 off = qent->off; 6429 v6 = qent->v6; 6430 SCTP_FREE(qent, SCTP_M_MCORE); 6431 if (v6 == 0) { 6432 sctp_input_with_port(m, off, 0); 6433 } else { 6434 SCTP_PRINTF("V6 not yet supported\n"); 6435 sctp_m_freem(m); 6436 } 6437 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000 6438 CURVNET_RESTORE(); 6439 #endif 6440 SCTP_MCORE_QLOCK(wkq); 6441 } 6442 wkq->running = 0; 6443 if (!TAILQ_EMPTY(&wkq->que)) { 6444 goto skip_sleep; 6445 } 6446 SCTP_MCORE_QUNLOCK(wkq); 6447 msleep(&wkq->running, 6448 &wkq->core_mtx, 6449 0, "wait for pkt", 0); 6450 } 6451 } 6452 6453 static void 6454 sctp_startup_mcore_threads(void) 6455 { 6456 int i, cpu; 6457 6458 if (mp_ncpus == 1) 6459 return; 6460 6461 if (sctp_mcore_workers != NULL) { 6462 /* Already been here in some previous 6463 * vnet? 6464 */ 6465 return; 6466 } 6467 SCTP_MALLOC(sctp_mcore_workers, struct sctp_mcore_ctrl *, 6468 ((mp_maxid+1) * sizeof(struct sctp_mcore_ctrl)), 6469 SCTP_M_MCORE); 6470 if (sctp_mcore_workers == NULL) { 6471 /* TSNH I hope */ 6472 return; 6473 } 6474 memset(sctp_mcore_workers, 0 , ((mp_maxid+1) * 6475 sizeof(struct sctp_mcore_ctrl))); 6476 /* Init the structures */ 6477 for (i = 0; i<=mp_maxid; i++) { 6478 TAILQ_INIT(&sctp_mcore_workers[i].que); 6479 SCTP_MCORE_LOCK_INIT(&sctp_mcore_workers[i]); 6480 SCTP_MCORE_QLOCK_INIT(&sctp_mcore_workers[i]); 6481 sctp_mcore_workers[i].cpuid = i; 6482 } 6483 if (sctp_cpuarry == NULL) { 6484 SCTP_MALLOC(sctp_cpuarry, int *, 6485 (mp_ncpus * sizeof(int)), 6486 SCTP_M_MCORE); 6487 i = 0; 6488 CPU_FOREACH(cpu) { 6489 sctp_cpuarry[i] = cpu; 6490 i++; 6491 } 6492 } 6493 6494 /* Now start them all */ 6495 CPU_FOREACH(cpu) { 6496 #if __FreeBSD_version <= 701000 6497 (void)kthread_create(sctp_mcore_thread, 6498 (void *)&sctp_mcore_workers[cpu], 6499 &sctp_mcore_workers[cpu].thread_proc, 6500 RFPROC, 6501 SCTP_KTHREAD_PAGES, 6502 SCTP_MCORE_NAME); 6503 6504 #else 6505 (void)kproc_create(sctp_mcore_thread, 6506 (void *)&sctp_mcore_workers[cpu], 6507 &sctp_mcore_workers[cpu].thread_proc, 6508 RFPROC, 6509 SCTP_KTHREAD_PAGES, 6510 SCTP_MCORE_NAME); 6511 #endif 6512 6513 } 6514 } 6515 #endif 6516 #if defined(__FreeBSD__) && __FreeBSD_cc_version >= 1200000 6517 static struct mbuf * 6518 sctp_netisr_hdlr(struct mbuf *m, uintptr_t source) 6519 { 6520 struct ip *ip; 6521 struct sctphdr *sh; 6522 int offset; 6523 uint32_t flowid, tag; 6524 6525 /* 6526 * No flow id built by lower layers fix it so we 6527 * create one. 6528 */ 6529 ip = mtod(m, struct ip *); 6530 offset = (ip->ip_hl << 2) + sizeof(struct sctphdr); 6531 if (SCTP_BUF_LEN(m) < offset) { 6532 if ((m = m_pullup(m, offset)) == NULL) { 6533 SCTP_STAT_INCR(sctps_hdrops); 6534 return (NULL); 6535 } 6536 ip = mtod(m, struct ip *); 6537 } 6538 sh = (struct sctphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 6539 tag = htonl(sh->v_tag); 6540 flowid = tag ^ ntohs(sh->dest_port) ^ ntohs(sh->src_port); 6541 m->m_pkthdr.flowid = flowid; 6542 m->m_flags |= M_FLOWID; 6543 return (m); 6544 } 6545 #endif 6546 6547 void 6548 sctp_pcb_init() 6549 { 6550 /* 6551 * SCTP initialization for the PCB structures should be called by 6552 * the sctp_init() funciton. 6553 */ 6554 int i; 6555 struct timeval tv; 6556 6557 if (SCTP_BASE_VAR(sctp_pcb_initialized) != 0) { 6558 /* error I was called twice */ 6559 return; 6560 } 6561 SCTP_BASE_VAR(sctp_pcb_initialized) = 1; 6562 6563 #if defined(SCTP_LOCAL_TRACE_BUF) 6564 #if defined(__Windows__) 6565 if (SCTP_BASE_SYSCTL(sctp_log) != NULL) { 6566 bzero(SCTP_BASE_SYSCTL(sctp_log), sizeof(struct sctp_log)); 6567 } 6568 #else 6569 bzero(&SCTP_BASE_SYSCTL(sctp_log), sizeof(struct sctp_log)); 6570 #endif 6571 #endif 6572 #if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT) 6573 SCTP_MALLOC(SCTP_BASE_STATS, struct sctpstat *, 6574 ((mp_maxid+1) * sizeof(struct sctpstat)), 6575 SCTP_M_MCORE); 6576 #endif 6577 (void)SCTP_GETTIME_TIMEVAL(&tv); 6578 #if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT) 6579 bzero(SCTP_BASE_STATS, (sizeof(struct sctpstat) * (mp_maxid+1))); 6580 SCTP_BASE_STATS[PCPU_GET(cpuid)].sctps_discontinuitytime.tv_sec = (uint32_t)tv.tv_sec; 6581 SCTP_BASE_STATS[PCPU_GET(cpuid)].sctps_discontinuitytime.tv_usec = (uint32_t)tv.tv_usec; 6582 #else 6583 bzero(&SCTP_BASE_STATS, sizeof(struct sctpstat)); 6584 SCTP_BASE_STAT(sctps_discontinuitytime).tv_sec = (uint32_t)tv.tv_sec; 6585 SCTP_BASE_STAT(sctps_discontinuitytime).tv_usec = (uint32_t)tv.tv_usec; 6586 #endif 6587 /* init the empty list of (All) Endpoints */ 6588 LIST_INIT(&SCTP_BASE_INFO(listhead)); 6589 #if defined(__APPLE__) 6590 LIST_INIT(&SCTP_BASE_INFO(inplisthead)); 6591 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) || defined(APPLE_LION) || defined(APPLE_MOUNTAINLION) 6592 SCTP_BASE_INFO(sctbinfo).listhead = &SCTP_BASE_INFO(inplisthead); 6593 SCTP_BASE_INFO(sctbinfo).mtx_grp_attr = lck_grp_attr_alloc_init(); 6594 lck_grp_attr_setdefault(SCTP_BASE_INFO(sctbinfo).mtx_grp_attr); 6595 SCTP_BASE_INFO(sctbinfo).mtx_grp = lck_grp_alloc_init("sctppcb", SCTP_BASE_INFO(sctbinfo).mtx_grp_attr); 6596 SCTP_BASE_INFO(sctbinfo).mtx_attr = lck_attr_alloc_init(); 6597 lck_attr_setdefault(SCTP_BASE_INFO(sctbinfo).mtx_attr); 6598 #else 6599 SCTP_BASE_INFO(sctbinfo).ipi_listhead = &SCTP_BASE_INFO(inplisthead); 6600 SCTP_BASE_INFO(sctbinfo).ipi_lock_grp_attr = lck_grp_attr_alloc_init(); 6601 lck_grp_attr_setdefault(SCTP_BASE_INFO(sctbinfo).ipi_lock_grp_attr); 6602 SCTP_BASE_INFO(sctbinfo).ipi_lock_grp = lck_grp_alloc_init("sctppcb", SCTP_BASE_INFO(sctbinfo).ipi_lock_grp_attr); 6603 SCTP_BASE_INFO(sctbinfo).ipi_lock_attr = lck_attr_alloc_init(); 6604 lck_attr_setdefault(SCTP_BASE_INFO(sctbinfo).ipi_lock_attr); 6605 #endif 6606 #if !defined(APPLE_LEOPARD) && !defined(APPLE_SNOWLEOPARD) && !defined(APPLE_LION) && !defined(APPLE_MOUNTAINLION) 6607 SCTP_BASE_INFO(sctbinfo).ipi_gc = sctp_gc; 6608 in_pcbinfo_attach(&SCTP_BASE_INFO(sctbinfo)); 6609 #endif 6610 #endif 6611 6612 6613 /* init the hash table of endpoints */ 6614 #if defined(__FreeBSD__) 6615 #if defined(__FreeBSD_cc_version) && __FreeBSD_cc_version >= 440000 6616 TUNABLE_INT_FETCH("net.inet.sctp.tcbhashsize", &SCTP_BASE_SYSCTL(sctp_hashtblsize)); 6617 TUNABLE_INT_FETCH("net.inet.sctp.pcbhashsize", &SCTP_BASE_SYSCTL(sctp_pcbtblsize)); 6618 TUNABLE_INT_FETCH("net.inet.sctp.chunkscale", &SCTP_BASE_SYSCTL(sctp_chunkscale)); 6619 #else 6620 TUNABLE_INT_FETCH("net.inet.sctp.tcbhashsize", SCTP_TCBHASHSIZE, 6621 SCTP_BASE_SYSCTL(sctp_hashtblsize)); 6622 TUNABLE_INT_FETCH("net.inet.sctp.pcbhashsize", SCTP_PCBHASHSIZE, 6623 SCTP_BASE_SYSCTL(sctp_pcbtblsize)); 6624 TUNABLE_INT_FETCH("net.inet.sctp.chunkscale", SCTP_CHUNKQUEUE_SCALE, 6625 SCTP_BASE_SYSCTL(sctp_chunkscale)); 6626 #endif 6627 #endif 6628 SCTP_BASE_INFO(sctp_asochash) = SCTP_HASH_INIT((SCTP_BASE_SYSCTL(sctp_hashtblsize) * 31), 6629 &SCTP_BASE_INFO(hashasocmark)); 6630 SCTP_BASE_INFO(sctp_ephash) = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_hashtblsize), 6631 &SCTP_BASE_INFO(hashmark)); 6632 SCTP_BASE_INFO(sctp_tcpephash) = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_hashtblsize), 6633 &SCTP_BASE_INFO(hashtcpmark)); 6634 SCTP_BASE_INFO(hashtblsize) = SCTP_BASE_SYSCTL(sctp_hashtblsize); 6635 6636 6637 SCTP_BASE_INFO(sctp_vrfhash) = SCTP_HASH_INIT(SCTP_SIZE_OF_VRF_HASH, 6638 &SCTP_BASE_INFO(hashvrfmark)); 6639 6640 SCTP_BASE_INFO(vrf_ifn_hash) = SCTP_HASH_INIT(SCTP_VRF_IFN_HASH_SIZE, 6641 &SCTP_BASE_INFO(vrf_ifn_hashmark)); 6642 /* init the zones */ 6643 /* 6644 * FIX ME: Should check for NULL returns, but if it does fail we are 6645 * doomed to panic anyways... add later maybe. 6646 */ 6647 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_ep), "sctp_ep", 6648 sizeof(struct sctp_inpcb), maxsockets); 6649 6650 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asoc), "sctp_asoc", 6651 sizeof(struct sctp_tcb), sctp_max_number_of_assoc); 6652 6653 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_laddr), "sctp_laddr", 6654 sizeof(struct sctp_laddr), 6655 (sctp_max_number_of_assoc * sctp_scale_up_for_address)); 6656 6657 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_net), "sctp_raddr", 6658 sizeof(struct sctp_nets), 6659 (sctp_max_number_of_assoc * sctp_scale_up_for_address)); 6660 6661 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_chunk), "sctp_chunk", 6662 sizeof(struct sctp_tmit_chunk), 6663 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale))); 6664 6665 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_readq), "sctp_readq", 6666 sizeof(struct sctp_queued_to_read), 6667 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale))); 6668 6669 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_strmoq), "sctp_stream_msg_out", 6670 sizeof(struct sctp_stream_queue_pending), 6671 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale))); 6672 6673 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asconf), "sctp_asconf", 6674 sizeof(struct sctp_asconf), 6675 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale))); 6676 6677 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asconf_ack), "sctp_asconf_ack", 6678 sizeof(struct sctp_asconf_ack), 6679 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale))); 6680 6681 6682 /* Master Lock INIT for info structure */ 6683 SCTP_INP_INFO_LOCK_INIT(); 6684 SCTP_STATLOG_INIT_LOCK(); 6685 6686 SCTP_IPI_COUNT_INIT(); 6687 SCTP_IPI_ADDR_INIT(); 6688 #ifdef SCTP_PACKET_LOGGING 6689 SCTP_IP_PKTLOG_INIT(); 6690 #endif 6691 LIST_INIT(&SCTP_BASE_INFO(addr_wq)); 6692 6693 SCTP_WQ_ADDR_INIT(); 6694 /* not sure if we need all the counts */ 6695 SCTP_BASE_INFO(ipi_count_ep) = 0; 6696 /* assoc/tcb zone info */ 6697 SCTP_BASE_INFO(ipi_count_asoc) = 0; 6698 /* local addrlist zone info */ 6699 SCTP_BASE_INFO(ipi_count_laddr) = 0; 6700 /* remote addrlist zone info */ 6701 SCTP_BASE_INFO(ipi_count_raddr) = 0; 6702 /* chunk info */ 6703 SCTP_BASE_INFO(ipi_count_chunk) = 0; 6704 6705 /* socket queue zone info */ 6706 SCTP_BASE_INFO(ipi_count_readq) = 0; 6707 6708 /* stream out queue cont */ 6709 SCTP_BASE_INFO(ipi_count_strmoq) = 0; 6710 6711 SCTP_BASE_INFO(ipi_free_strmoq) = 0; 6712 SCTP_BASE_INFO(ipi_free_chunks) = 0; 6713 6714 SCTP_OS_TIMER_INIT(&SCTP_BASE_INFO(addr_wq_timer.timer)); 6715 6716 /* Init the TIMEWAIT list */ 6717 for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) { 6718 LIST_INIT(&SCTP_BASE_INFO(vtag_timewait)[i]); 6719 } 6720 #if defined(SCTP_PROCESS_LEVEL_LOCKS) 6721 #if defined(__Userspace_os_Windows) 6722 InitializeConditionVariable(&sctp_it_ctl.iterator_wakeup); 6723 #else 6724 (void)pthread_cond_init(&sctp_it_ctl.iterator_wakeup, NULL); 6725 #endif 6726 #endif 6727 sctp_startup_iterator(); 6728 6729 #if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP) 6730 sctp_startup_mcore_threads(); 6731 #endif 6732 6733 #ifndef __Panda__ 6734 /* 6735 * INIT the default VRF which for BSD is the only one, other O/S's 6736 * may have more. But initially they must start with one and then 6737 * add the VRF's as addresses are added. 6738 */ 6739 sctp_init_vrf_list(SCTP_DEFAULT_VRF); 6740 #endif 6741 #if defined(__FreeBSD__) && __FreeBSD_cc_version >= 1200000 6742 if (ip_register_flow_handler(sctp_netisr_hdlr, IPPROTO_SCTP)) { 6743 SCTP_PRINTF("***SCTP- Error can't register netisr handler***\n"); 6744 } 6745 #endif 6746 #if defined(_SCTP_NEEDS_CALLOUT_) || defined(_USER_SCTP_NEEDS_CALLOUT_) 6747 /* allocate the lock for the callout/timer queue */ 6748 SCTP_TIMERQ_LOCK_INIT(); 6749 TAILQ_INIT(&SCTP_BASE_INFO(callqueue)); 6750 #endif 6751 #if defined(__Userspace__) 6752 mbuf_init(NULL); 6753 atomic_init(); 6754 #if defined(INET) || defined(INET6) 6755 recv_thread_init(); 6756 #endif 6757 #endif 6758 } 6759 6760 /* 6761 * Assumes that the SCTP_BASE_INFO() lock is NOT held. 6762 */ 6763 void 6764 sctp_pcb_finish(void) 6765 { 6766 struct sctp_vrflist *vrf_bucket; 6767 struct sctp_vrf *vrf, *nvrf; 6768 struct sctp_ifn *ifn, *nifn; 6769 struct sctp_ifa *ifa, *nifa; 6770 struct sctpvtaghead *chain; 6771 struct sctp_tagblock *twait_block, *prev_twait_block; 6772 struct sctp_laddr *wi, *nwi; 6773 int i; 6774 struct sctp_iterator *it, *nit; 6775 6776 #if !defined(__FreeBSD__) 6777 /* Notify the iterator to exit. */ 6778 SCTP_IPI_ITERATOR_WQ_LOCK(); 6779 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_MUST_EXIT; 6780 sctp_wakeup_iterator(); 6781 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 6782 #endif 6783 #if defined(__APPLE__) 6784 #if !defined(APPLE_LEOPARD) && !defined(APPLE_SNOWLEOPARD) && !defined(APPLE_LION) && !defined(APPLE_MOUNTAINLION) 6785 in_pcbinfo_detach(&SCTP_BASE_INFO(sctbinfo)); 6786 #endif 6787 SCTP_IPI_ITERATOR_WQ_LOCK(); 6788 do { 6789 msleep(&sctp_it_ctl.iterator_flags, 6790 sctp_it_ctl.ipi_iterator_wq_mtx, 6791 0, "waiting_for_work", 0); 6792 } while ((sctp_it_ctl.iterator_flags & SCTP_ITERATOR_EXITED) == 0); 6793 thread_deallocate(sctp_it_ctl.thread_proc); 6794 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 6795 #endif 6796 #if defined(__Windows__) 6797 if (sctp_it_ctl.iterator_thread_obj != NULL) { 6798 NTSTATUS status = STATUS_SUCCESS; 6799 6800 KeSetEvent(&sctp_it_ctl.iterator_wakeup[1], IO_NO_INCREMENT, FALSE); 6801 status = KeWaitForSingleObject(sctp_it_ctl.iterator_thread_obj, 6802 Executive, 6803 KernelMode, 6804 FALSE, 6805 NULL); 6806 ObDereferenceObject(sctp_it_ctl.iterator_thread_obj); 6807 } 6808 #endif 6809 #if defined(__Userspace__) 6810 if (sctp_it_ctl.thread_proc) { 6811 #if defined(__Userspace_os_Windows) 6812 WaitForSingleObject(sctp_it_ctl.thread_proc, INFINITE); 6813 CloseHandle(sctp_it_ctl.thread_proc); 6814 sctp_it_ctl.thread_proc = NULL; 6815 #else 6816 pthread_join(sctp_it_ctl.thread_proc, NULL); 6817 sctp_it_ctl.thread_proc = 0; 6818 #endif 6819 } 6820 #endif 6821 #if defined(SCTP_PROCESS_LEVEL_LOCKS) 6822 #if defined(__Userspace_os_Windows) 6823 DeleteConditionVariable(&sctp_it_ctl.iterator_wakeup); 6824 #else 6825 pthread_cond_destroy(&sctp_it_ctl.iterator_wakeup); 6826 #endif 6827 #endif 6828 /* In FreeBSD the iterator thread never exits 6829 * but we do clean up. 6830 * The only way FreeBSD reaches here is if we have VRF's 6831 * but we still add the ifdef to make it compile on old versions. 6832 */ 6833 SCTP_IPI_ITERATOR_WQ_LOCK(); 6834 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) { 6835 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000 6836 if (it->vn != curvnet) { 6837 continue; 6838 } 6839 #endif 6840 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr); 6841 if (it->function_atend != NULL) { 6842 (*it->function_atend) (it->pointer, it->val); 6843 } 6844 SCTP_FREE(it,SCTP_M_ITER); 6845 } 6846 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 6847 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000 6848 SCTP_ITERATOR_LOCK(); 6849 if ((sctp_it_ctl.cur_it) && 6850 (sctp_it_ctl.cur_it->vn == curvnet)) { 6851 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_IT; 6852 } 6853 SCTP_ITERATOR_UNLOCK(); 6854 #endif 6855 #if !defined(__FreeBSD__) 6856 SCTP_IPI_ITERATOR_WQ_DESTROY(); 6857 SCTP_ITERATOR_LOCK_DESTROY(); 6858 #endif 6859 SCTP_OS_TIMER_STOP(&SCTP_BASE_INFO(addr_wq_timer.timer)); 6860 SCTP_WQ_ADDR_LOCK(); 6861 LIST_FOREACH_SAFE(wi, &SCTP_BASE_INFO(addr_wq), sctp_nxt_addr, nwi) { 6862 LIST_REMOVE(wi, sctp_nxt_addr); 6863 SCTP_DECR_LADDR_COUNT(); 6864 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), wi); 6865 } 6866 SCTP_WQ_ADDR_UNLOCK(); 6867 6868 /* 6869 * free the vrf/ifn/ifa lists and hashes (be sure address monitor 6870 * is destroyed first). 6871 */ 6872 vrf_bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(SCTP_DEFAULT_VRFID & SCTP_BASE_INFO(hashvrfmark))]; 6873 LIST_FOREACH_SAFE(vrf, vrf_bucket, next_vrf, nvrf) { 6874 LIST_FOREACH_SAFE(ifn, &vrf->ifnlist, next_ifn, nifn) { 6875 LIST_FOREACH_SAFE(ifa, &ifn->ifalist, next_ifa, nifa) { 6876 /* free the ifa */ 6877 LIST_REMOVE(ifa, next_bucket); 6878 LIST_REMOVE(ifa, next_ifa); 6879 SCTP_FREE(ifa, SCTP_M_IFA); 6880 } 6881 /* free the ifn */ 6882 LIST_REMOVE(ifn, next_bucket); 6883 LIST_REMOVE(ifn, next_ifn); 6884 SCTP_FREE(ifn, SCTP_M_IFN); 6885 } 6886 SCTP_HASH_FREE(vrf->vrf_addr_hash, vrf->vrf_addr_hashmark); 6887 /* free the vrf */ 6888 LIST_REMOVE(vrf, next_vrf); 6889 SCTP_FREE(vrf, SCTP_M_VRF); 6890 } 6891 /* free the vrf hashes */ 6892 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_vrfhash), SCTP_BASE_INFO(hashvrfmark)); 6893 SCTP_HASH_FREE(SCTP_BASE_INFO(vrf_ifn_hash), SCTP_BASE_INFO(vrf_ifn_hashmark)); 6894 #if defined(__Userspace__) && !defined(__Userspace_os_Windows) 6895 /* free memory allocated by getifaddrs call */ 6896 #if defined(INET) || defined(INET6) 6897 freeifaddrs(g_interfaces); 6898 #endif 6899 #endif 6900 6901 /* free the TIMEWAIT list elements malloc'd in the function 6902 * sctp_add_vtag_to_timewait()... 6903 */ 6904 for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) { 6905 chain = &SCTP_BASE_INFO(vtag_timewait)[i]; 6906 if (!LIST_EMPTY(chain)) { 6907 prev_twait_block = NULL; 6908 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) { 6909 if (prev_twait_block) { 6910 SCTP_FREE(prev_twait_block, SCTP_M_TIMW); 6911 } 6912 prev_twait_block = twait_block; 6913 } 6914 SCTP_FREE(prev_twait_block, SCTP_M_TIMW); 6915 } 6916 } 6917 6918 /* free the locks and mutexes */ 6919 #if defined(__APPLE__) 6920 SCTP_TIMERQ_LOCK_DESTROY(); 6921 #endif 6922 #ifdef SCTP_PACKET_LOGGING 6923 SCTP_IP_PKTLOG_DESTROY(); 6924 #endif 6925 SCTP_IPI_ADDR_DESTROY(); 6926 #if defined(__APPLE__) 6927 SCTP_IPI_COUNT_DESTROY(); 6928 #endif 6929 SCTP_STATLOG_DESTROY(); 6930 SCTP_INP_INFO_LOCK_DESTROY(); 6931 6932 SCTP_WQ_ADDR_DESTROY(); 6933 6934 #if defined(__APPLE__) 6935 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) || defined(APPLE_LION) || defined(APPLE_MOUNTAINLION) 6936 lck_grp_attr_free(SCTP_BASE_INFO(sctbinfo).mtx_grp_attr); 6937 lck_grp_free(SCTP_BASE_INFO(sctbinfo).mtx_grp); 6938 lck_attr_free(SCTP_BASE_INFO(sctbinfo).mtx_attr); 6939 #else 6940 lck_grp_attr_free(SCTP_BASE_INFO(sctbinfo).ipi_lock_grp_attr); 6941 lck_grp_free(SCTP_BASE_INFO(sctbinfo).ipi_lock_grp); 6942 lck_attr_free(SCTP_BASE_INFO(sctbinfo).ipi_lock_attr); 6943 #endif 6944 #endif 6945 #if defined(__Userspace__) 6946 SCTP_TIMERQ_LOCK_DESTROY(); 6947 SCTP_ZONE_DESTROY(zone_mbuf); 6948 SCTP_ZONE_DESTROY(zone_clust); 6949 SCTP_ZONE_DESTROY(zone_ext_refcnt); 6950 #endif 6951 #if defined(__Windows__) || defined(__FreeBSD__) || defined(__Userspace__) 6952 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_ep)); 6953 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asoc)); 6954 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_laddr)); 6955 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_net)); 6956 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_chunk)); 6957 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_readq)); 6958 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_strmoq)); 6959 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf)); 6960 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf_ack)); 6961 #endif 6962 /* Get rid of other stuff to */ 6963 if (SCTP_BASE_INFO(sctp_asochash) != NULL) 6964 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_asochash), SCTP_BASE_INFO(hashasocmark)); 6965 if (SCTP_BASE_INFO(sctp_ephash) != NULL) 6966 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_ephash), SCTP_BASE_INFO(hashmark)); 6967 if (SCTP_BASE_INFO(sctp_tcpephash) != NULL) 6968 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_tcpephash), SCTP_BASE_INFO(hashtcpmark)); 6969 #if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT) 6970 SCTP_FREE(SCTP_BASE_STATS, SCTP_M_MCORE); 6971 #endif 6972 } 6973 6974 6975 int 6976 sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m, 6977 int offset, int limit, 6978 struct sockaddr *src, struct sockaddr *dst, 6979 struct sockaddr *altsa) 6980 { 6981 /* 6982 * grub through the INIT pulling addresses and loading them to the 6983 * nets structure in the asoc. The from address in the mbuf should 6984 * also be loaded (if it is not already). This routine can be called 6985 * with either INIT or INIT-ACK's as long as the m points to the IP 6986 * packet and the offset points to the beginning of the parameters. 6987 */ 6988 struct sctp_inpcb *inp; 6989 struct sctp_nets *net, *nnet, *net_tmp; 6990 struct sctp_paramhdr *phdr, parm_buf; 6991 struct sctp_tcb *stcb_tmp; 6992 uint16_t ptype, plen; 6993 struct sockaddr *sa; 6994 uint8_t random_store[SCTP_PARAM_BUFFER_SIZE]; 6995 struct sctp_auth_random *p_random = NULL; 6996 uint16_t random_len = 0; 6997 uint8_t hmacs_store[SCTP_PARAM_BUFFER_SIZE]; 6998 struct sctp_auth_hmac_algo *hmacs = NULL; 6999 uint16_t hmacs_len = 0; 7000 uint8_t saw_asconf = 0; 7001 uint8_t saw_asconf_ack = 0; 7002 uint8_t chunks_store[SCTP_PARAM_BUFFER_SIZE]; 7003 struct sctp_auth_chunk_list *chunks = NULL; 7004 uint16_t num_chunks = 0; 7005 sctp_key_t *new_key; 7006 uint32_t keylen; 7007 int got_random = 0, got_hmacs = 0, got_chklist = 0; 7008 uint8_t ecn_allowed; 7009 #ifdef INET 7010 struct sockaddr_in sin; 7011 #endif 7012 #ifdef INET6 7013 struct sockaddr_in6 sin6; 7014 #endif 7015 7016 /* First get the destination address setup too. */ 7017 #ifdef INET 7018 memset(&sin, 0, sizeof(sin)); 7019 sin.sin_family = AF_INET; 7020 #ifdef HAVE_SIN_LEN 7021 sin.sin_len = sizeof(sin); 7022 #endif 7023 sin.sin_port = stcb->rport; 7024 #endif 7025 #ifdef INET6 7026 memset(&sin6, 0, sizeof(sin6)); 7027 sin6.sin6_family = AF_INET6; 7028 #ifdef HAVE_SIN6_LEN 7029 sin6.sin6_len = sizeof(struct sockaddr_in6); 7030 #endif 7031 sin6.sin6_port = stcb->rport; 7032 #endif 7033 if (altsa) { 7034 sa = altsa; 7035 } else { 7036 sa = src; 7037 } 7038 /* Turn off ECN until we get through all params */ 7039 ecn_allowed = 0; 7040 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { 7041 /* mark all addresses that we have currently on the list */ 7042 net->dest_state |= SCTP_ADDR_NOT_IN_ASSOC; 7043 } 7044 /* does the source address already exist? if so skip it */ 7045 inp = stcb->sctp_ep; 7046 atomic_add_int(&stcb->asoc.refcnt, 1); 7047 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net_tmp, dst, stcb); 7048 atomic_add_int(&stcb->asoc.refcnt, -1); 7049 7050 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) || inp == NULL) { 7051 /* we must add the source address */ 7052 /* no scope set here since we have a tcb already. */ 7053 switch (sa->sa_family) { 7054 #ifdef INET 7055 case AF_INET: 7056 if (stcb->asoc.scope.ipv4_addr_legal) { 7057 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_2)) { 7058 return (-1); 7059 } 7060 } 7061 break; 7062 #endif 7063 #ifdef INET6 7064 case AF_INET6: 7065 if (stcb->asoc.scope.ipv6_addr_legal) { 7066 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_3)) { 7067 return (-2); 7068 } 7069 } 7070 break; 7071 #endif 7072 #if defined(__Userspace__) 7073 case AF_CONN: 7074 if (stcb->asoc.scope.conn_addr_legal) { 7075 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_3)) { 7076 return (-2); 7077 } 7078 } 7079 break; 7080 #endif 7081 default: 7082 break; 7083 } 7084 } else { 7085 if (net_tmp != NULL && stcb_tmp == stcb) { 7086 net_tmp->dest_state &= ~SCTP_ADDR_NOT_IN_ASSOC; 7087 } else if (stcb_tmp != stcb) { 7088 /* It belongs to another association? */ 7089 if (stcb_tmp) 7090 SCTP_TCB_UNLOCK(stcb_tmp); 7091 return (-3); 7092 } 7093 } 7094 if (stcb->asoc.state == 0) { 7095 /* the assoc was freed? */ 7096 return (-4); 7097 } 7098 /* 7099 * peer must explicitly turn this on. This may have been initialized 7100 * to be "on" in order to allow local addr changes while INIT's are 7101 * in flight. 7102 */ 7103 stcb->asoc.peer_supports_asconf = 0; 7104 /* now we must go through each of the params. */ 7105 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf)); 7106 while (phdr) { 7107 ptype = ntohs(phdr->param_type); 7108 plen = ntohs(phdr->param_length); 7109 /* 7110 * SCTP_PRINTF("ptype => %0x, plen => %d\n", (uint32_t)ptype, 7111 * (int)plen); 7112 */ 7113 if (offset + plen > limit) { 7114 break; 7115 } 7116 if (plen == 0) { 7117 break; 7118 } 7119 #ifdef INET 7120 if (ptype == SCTP_IPV4_ADDRESS) { 7121 if (stcb->asoc.scope.ipv4_addr_legal) { 7122 struct sctp_ipv4addr_param *p4, p4_buf; 7123 7124 /* ok get the v4 address and check/add */ 7125 phdr = sctp_get_next_param(m, offset, 7126 (struct sctp_paramhdr *)&p4_buf, 7127 sizeof(p4_buf)); 7128 if (plen != sizeof(struct sctp_ipv4addr_param) || 7129 phdr == NULL) { 7130 return (-5); 7131 } 7132 p4 = (struct sctp_ipv4addr_param *)phdr; 7133 sin.sin_addr.s_addr = p4->addr; 7134 if (IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) { 7135 /* Skip multi-cast addresses */ 7136 goto next_param; 7137 } 7138 if ((sin.sin_addr.s_addr == INADDR_BROADCAST) || 7139 (sin.sin_addr.s_addr == INADDR_ANY)) { 7140 goto next_param; 7141 } 7142 sa = (struct sockaddr *)&sin; 7143 inp = stcb->sctp_ep; 7144 atomic_add_int(&stcb->asoc.refcnt, 1); 7145 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net, 7146 dst, stcb); 7147 atomic_add_int(&stcb->asoc.refcnt, -1); 7148 7149 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) || 7150 inp == NULL) { 7151 /* we must add the source address */ 7152 /* 7153 * no scope set since we have a tcb 7154 * already 7155 */ 7156 7157 /* 7158 * we must validate the state again 7159 * here 7160 */ 7161 add_it_now: 7162 if (stcb->asoc.state == 0) { 7163 /* the assoc was freed? */ 7164 return (-7); 7165 } 7166 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_4)) { 7167 return (-8); 7168 } 7169 } else if (stcb_tmp == stcb) { 7170 if (stcb->asoc.state == 0) { 7171 /* the assoc was freed? */ 7172 return (-10); 7173 } 7174 if (net != NULL) { 7175 /* clear flag */ 7176 net->dest_state &= 7177 ~SCTP_ADDR_NOT_IN_ASSOC; 7178 } 7179 } else { 7180 /* 7181 * strange, address is in another 7182 * assoc? straighten out locks. 7183 */ 7184 if (stcb_tmp) { 7185 if (SCTP_GET_STATE(&stcb_tmp->asoc) & SCTP_STATE_COOKIE_WAIT) { 7186 /* in setup state we abort this guy */ 7187 sctp_abort_an_association(stcb_tmp->sctp_ep, 7188 stcb_tmp, NULL, SCTP_SO_NOT_LOCKED); 7189 goto add_it_now; 7190 } 7191 SCTP_TCB_UNLOCK(stcb_tmp); 7192 } 7193 7194 if (stcb->asoc.state == 0) { 7195 /* the assoc was freed? */ 7196 return (-12); 7197 } 7198 return (-13); 7199 } 7200 } 7201 } else 7202 #endif 7203 #ifdef INET6 7204 if (ptype == SCTP_IPV6_ADDRESS) { 7205 if (stcb->asoc.scope.ipv6_addr_legal) { 7206 /* ok get the v6 address and check/add */ 7207 struct sctp_ipv6addr_param *p6, p6_buf; 7208 7209 phdr = sctp_get_next_param(m, offset, 7210 (struct sctp_paramhdr *)&p6_buf, 7211 sizeof(p6_buf)); 7212 if (plen != sizeof(struct sctp_ipv6addr_param) || 7213 phdr == NULL) { 7214 return (-14); 7215 } 7216 p6 = (struct sctp_ipv6addr_param *)phdr; 7217 memcpy((caddr_t)&sin6.sin6_addr, p6->addr, 7218 sizeof(p6->addr)); 7219 if (IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) { 7220 /* Skip multi-cast addresses */ 7221 goto next_param; 7222 } 7223 if (IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) { 7224 /* Link local make no sense without scope */ 7225 goto next_param; 7226 } 7227 sa = (struct sockaddr *)&sin6; 7228 inp = stcb->sctp_ep; 7229 atomic_add_int(&stcb->asoc.refcnt, 1); 7230 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net, 7231 dst, stcb); 7232 atomic_add_int(&stcb->asoc.refcnt, -1); 7233 if (stcb_tmp == NULL && 7234 (inp == stcb->sctp_ep || inp == NULL)) { 7235 /* 7236 * we must validate the state again 7237 * here 7238 */ 7239 add_it_now6: 7240 if (stcb->asoc.state == 0) { 7241 /* the assoc was freed? */ 7242 return (-16); 7243 } 7244 /* 7245 * we must add the address, no scope 7246 * set 7247 */ 7248 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_5)) { 7249 return (-17); 7250 } 7251 } else if (stcb_tmp == stcb) { 7252 /* 7253 * we must validate the state again 7254 * here 7255 */ 7256 if (stcb->asoc.state == 0) { 7257 /* the assoc was freed? */ 7258 return (-19); 7259 } 7260 if (net != NULL) { 7261 /* clear flag */ 7262 net->dest_state &= 7263 ~SCTP_ADDR_NOT_IN_ASSOC; 7264 } 7265 } else { 7266 /* 7267 * strange, address is in another 7268 * assoc? straighten out locks. 7269 */ 7270 if (stcb_tmp) 7271 if (SCTP_GET_STATE(&stcb_tmp->asoc) & SCTP_STATE_COOKIE_WAIT) { 7272 /* in setup state we abort this guy */ 7273 sctp_abort_an_association(stcb_tmp->sctp_ep, 7274 stcb_tmp, NULL, SCTP_SO_NOT_LOCKED); 7275 goto add_it_now6; 7276 } 7277 SCTP_TCB_UNLOCK(stcb_tmp); 7278 7279 if (stcb->asoc.state == 0) { 7280 /* the assoc was freed? */ 7281 return (-21); 7282 } 7283 return (-22); 7284 } 7285 } 7286 } else 7287 #endif 7288 if (ptype == SCTP_ECN_CAPABLE) { 7289 ecn_allowed = 1; 7290 } else if (ptype == SCTP_ULP_ADAPTATION) { 7291 if (stcb->asoc.state != SCTP_STATE_OPEN) { 7292 struct sctp_adaptation_layer_indication ai, *aip; 7293 7294 phdr = sctp_get_next_param(m, offset, 7295 (struct sctp_paramhdr *)&ai, sizeof(ai)); 7296 aip = (struct sctp_adaptation_layer_indication *)phdr; 7297 if (aip) { 7298 stcb->asoc.peers_adaptation = ntohl(aip->indication); 7299 stcb->asoc.adaptation_needed = 1; 7300 } 7301 } 7302 } else if (ptype == SCTP_SET_PRIM_ADDR) { 7303 struct sctp_asconf_addr_param lstore, *fee; 7304 int lptype; 7305 struct sockaddr *lsa = NULL; 7306 #ifdef INET 7307 struct sctp_asconf_addrv4_param *fii; 7308 #endif 7309 7310 stcb->asoc.peer_supports_asconf = 1; 7311 if (plen > sizeof(lstore)) { 7312 return (-23); 7313 } 7314 phdr = sctp_get_next_param(m, offset, 7315 (struct sctp_paramhdr *)&lstore, 7316 min(plen,sizeof(lstore))); 7317 if (phdr == NULL) { 7318 return (-24); 7319 } 7320 fee = (struct sctp_asconf_addr_param *)phdr; 7321 lptype = ntohs(fee->addrp.ph.param_type); 7322 switch (lptype) { 7323 #ifdef INET 7324 case SCTP_IPV4_ADDRESS: 7325 if (plen != 7326 sizeof(struct sctp_asconf_addrv4_param)) { 7327 SCTP_PRINTF("Sizeof setprim in init/init ack not %d but %d - ignored\n", 7328 (int)sizeof(struct sctp_asconf_addrv4_param), 7329 plen); 7330 } else { 7331 fii = (struct sctp_asconf_addrv4_param *)fee; 7332 sin.sin_addr.s_addr = fii->addrp.addr; 7333 lsa = (struct sockaddr *)&sin; 7334 } 7335 break; 7336 #endif 7337 #ifdef INET6 7338 case SCTP_IPV6_ADDRESS: 7339 if (plen != 7340 sizeof(struct sctp_asconf_addr_param)) { 7341 SCTP_PRINTF("Sizeof setprim (v6) in init/init ack not %d but %d - ignored\n", 7342 (int)sizeof(struct sctp_asconf_addr_param), 7343 plen); 7344 } else { 7345 memcpy(sin6.sin6_addr.s6_addr, 7346 fee->addrp.addr, 7347 sizeof(fee->addrp.addr)); 7348 lsa = (struct sockaddr *)&sin6; 7349 } 7350 break; 7351 #endif 7352 default: 7353 break; 7354 } 7355 if (lsa) { 7356 (void)sctp_set_primary_addr(stcb, sa, NULL); 7357 } 7358 } else if (ptype == SCTP_HAS_NAT_SUPPORT) { 7359 stcb->asoc.peer_supports_nat = 1; 7360 } else if (ptype == SCTP_PRSCTP_SUPPORTED) { 7361 /* Peer supports pr-sctp */ 7362 stcb->asoc.peer_supports_prsctp = 1; 7363 } else if (ptype == SCTP_SUPPORTED_CHUNK_EXT) { 7364 /* A supported extension chunk */ 7365 struct sctp_supported_chunk_types_param *pr_supported; 7366 uint8_t local_store[SCTP_PARAM_BUFFER_SIZE]; 7367 int num_ent, i; 7368 7369 phdr = sctp_get_next_param(m, offset, 7370 (struct sctp_paramhdr *)&local_store, min(sizeof(local_store),plen)); 7371 if (phdr == NULL) { 7372 return (-25); 7373 } 7374 stcb->asoc.peer_supports_asconf = 0; 7375 stcb->asoc.peer_supports_prsctp = 0; 7376 stcb->asoc.peer_supports_pktdrop = 0; 7377 stcb->asoc.peer_supports_strreset = 0; 7378 stcb->asoc.peer_supports_nr_sack = 0; 7379 stcb->asoc.peer_supports_auth = 0; 7380 pr_supported = (struct sctp_supported_chunk_types_param *)phdr; 7381 num_ent = plen - sizeof(struct sctp_paramhdr); 7382 for (i = 0; i < num_ent; i++) { 7383 switch (pr_supported->chunk_types[i]) { 7384 case SCTP_ASCONF: 7385 case SCTP_ASCONF_ACK: 7386 stcb->asoc.peer_supports_asconf = 1; 7387 break; 7388 case SCTP_FORWARD_CUM_TSN: 7389 stcb->asoc.peer_supports_prsctp = 1; 7390 break; 7391 case SCTP_PACKET_DROPPED: 7392 stcb->asoc.peer_supports_pktdrop = 1; 7393 break; 7394 case SCTP_NR_SELECTIVE_ACK: 7395 stcb->asoc.peer_supports_nr_sack = 1; 7396 break; 7397 case SCTP_STREAM_RESET: 7398 stcb->asoc.peer_supports_strreset = 1; 7399 break; 7400 case SCTP_AUTHENTICATION: 7401 stcb->asoc.peer_supports_auth = 1; 7402 break; 7403 default: 7404 /* one I have not learned yet */ 7405 break; 7406 7407 } 7408 } 7409 } else if (ptype == SCTP_RANDOM) { 7410 if (plen > sizeof(random_store)) 7411 break; 7412 if (got_random) { 7413 /* already processed a RANDOM */ 7414 goto next_param; 7415 } 7416 phdr = sctp_get_next_param(m, offset, 7417 (struct sctp_paramhdr *)random_store, 7418 min(sizeof(random_store),plen)); 7419 if (phdr == NULL) 7420 return (-26); 7421 p_random = (struct sctp_auth_random *)phdr; 7422 random_len = plen - sizeof(*p_random); 7423 /* enforce the random length */ 7424 if (random_len != SCTP_AUTH_RANDOM_SIZE_REQUIRED) { 7425 SCTPDBG(SCTP_DEBUG_AUTH1, "SCTP: invalid RANDOM len\n"); 7426 return (-27); 7427 } 7428 got_random = 1; 7429 } else if (ptype == SCTP_HMAC_LIST) { 7430 int num_hmacs; 7431 int i; 7432 7433 if (plen > sizeof(hmacs_store)) 7434 break; 7435 if (got_hmacs) { 7436 /* already processed a HMAC list */ 7437 goto next_param; 7438 } 7439 phdr = sctp_get_next_param(m, offset, 7440 (struct sctp_paramhdr *)hmacs_store, 7441 min(plen,sizeof(hmacs_store))); 7442 if (phdr == NULL) 7443 return (-28); 7444 hmacs = (struct sctp_auth_hmac_algo *)phdr; 7445 hmacs_len = plen - sizeof(*hmacs); 7446 num_hmacs = hmacs_len / sizeof(hmacs->hmac_ids[0]); 7447 /* validate the hmac list */ 7448 if (sctp_verify_hmac_param(hmacs, num_hmacs)) { 7449 return (-29); 7450 } 7451 if (stcb->asoc.peer_hmacs != NULL) 7452 sctp_free_hmaclist(stcb->asoc.peer_hmacs); 7453 stcb->asoc.peer_hmacs = sctp_alloc_hmaclist(num_hmacs); 7454 if (stcb->asoc.peer_hmacs != NULL) { 7455 for (i = 0; i < num_hmacs; i++) { 7456 (void)sctp_auth_add_hmacid(stcb->asoc.peer_hmacs, 7457 ntohs(hmacs->hmac_ids[i])); 7458 } 7459 } 7460 got_hmacs = 1; 7461 } else if (ptype == SCTP_CHUNK_LIST) { 7462 int i; 7463 7464 if (plen > sizeof(chunks_store)) 7465 break; 7466 if (got_chklist) { 7467 /* already processed a Chunks list */ 7468 goto next_param; 7469 } 7470 phdr = sctp_get_next_param(m, offset, 7471 (struct sctp_paramhdr *)chunks_store, 7472 min(plen,sizeof(chunks_store))); 7473 if (phdr == NULL) 7474 return (-30); 7475 chunks = (struct sctp_auth_chunk_list *)phdr; 7476 num_chunks = plen - sizeof(*chunks); 7477 if (stcb->asoc.peer_auth_chunks != NULL) 7478 sctp_clear_chunklist(stcb->asoc.peer_auth_chunks); 7479 else 7480 stcb->asoc.peer_auth_chunks = sctp_alloc_chunklist(); 7481 for (i = 0; i < num_chunks; i++) { 7482 (void)sctp_auth_add_chunk(chunks->chunk_types[i], 7483 stcb->asoc.peer_auth_chunks); 7484 /* record asconf/asconf-ack if listed */ 7485 if (chunks->chunk_types[i] == SCTP_ASCONF) 7486 saw_asconf = 1; 7487 if (chunks->chunk_types[i] == SCTP_ASCONF_ACK) 7488 saw_asconf_ack = 1; 7489 7490 } 7491 got_chklist = 1; 7492 } else if ((ptype == SCTP_HEARTBEAT_INFO) || 7493 (ptype == SCTP_STATE_COOKIE) || 7494 (ptype == SCTP_UNRECOG_PARAM) || 7495 (ptype == SCTP_COOKIE_PRESERVE) || 7496 (ptype == SCTP_SUPPORTED_ADDRTYPE) || 7497 (ptype == SCTP_ADD_IP_ADDRESS) || 7498 (ptype == SCTP_DEL_IP_ADDRESS) || 7499 (ptype == SCTP_ERROR_CAUSE_IND) || 7500 (ptype == SCTP_SUCCESS_REPORT)) { 7501 /* don't care */ ; 7502 } else { 7503 if ((ptype & 0x8000) == 0x0000) { 7504 /* 7505 * must stop processing the rest of the 7506 * param's. Any report bits were handled 7507 * with the call to 7508 * sctp_arethere_unrecognized_parameters() 7509 * when the INIT or INIT-ACK was first seen. 7510 */ 7511 break; 7512 } 7513 } 7514 7515 next_param: 7516 offset += SCTP_SIZE32(plen); 7517 if (offset >= limit) { 7518 break; 7519 } 7520 phdr = sctp_get_next_param(m, offset, &parm_buf, 7521 sizeof(parm_buf)); 7522 } 7523 /* Now check to see if we need to purge any addresses */ 7524 TAILQ_FOREACH_SAFE(net, &stcb->asoc.nets, sctp_next, nnet) { 7525 if ((net->dest_state & SCTP_ADDR_NOT_IN_ASSOC) == 7526 SCTP_ADDR_NOT_IN_ASSOC) { 7527 /* This address has been removed from the asoc */ 7528 /* remove and free it */ 7529 stcb->asoc.numnets--; 7530 TAILQ_REMOVE(&stcb->asoc.nets, net, sctp_next); 7531 sctp_free_remote_addr(net); 7532 if (net == stcb->asoc.primary_destination) { 7533 stcb->asoc.primary_destination = NULL; 7534 sctp_select_primary_destination(stcb); 7535 } 7536 } 7537 } 7538 if (ecn_allowed == 0) { 7539 stcb->asoc.ecn_allowed = 0; 7540 } 7541 /* validate authentication required parameters */ 7542 if (got_random && got_hmacs) { 7543 stcb->asoc.peer_supports_auth = 1; 7544 } else { 7545 stcb->asoc.peer_supports_auth = 0; 7546 } 7547 if (!stcb->asoc.peer_supports_auth && got_chklist) { 7548 /* peer does not support auth but sent a chunks list? */ 7549 return (-31); 7550 } 7551 if (!SCTP_BASE_SYSCTL(sctp_asconf_auth_nochk) && stcb->asoc.peer_supports_asconf && 7552 !stcb->asoc.peer_supports_auth) { 7553 /* peer supports asconf but not auth? */ 7554 return (-32); 7555 } else if ((stcb->asoc.peer_supports_asconf) && (stcb->asoc.peer_supports_auth) && 7556 ((saw_asconf == 0) || (saw_asconf_ack == 0))) { 7557 return (-33); 7558 } 7559 /* concatenate the full random key */ 7560 keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len; 7561 if (chunks != NULL) { 7562 keylen += sizeof(*chunks) + num_chunks; 7563 } 7564 new_key = sctp_alloc_key(keylen); 7565 if (new_key != NULL) { 7566 /* copy in the RANDOM */ 7567 if (p_random != NULL) { 7568 keylen = sizeof(*p_random) + random_len; 7569 bcopy(p_random, new_key->key, keylen); 7570 } 7571 /* append in the AUTH chunks */ 7572 if (chunks != NULL) { 7573 bcopy(chunks, new_key->key + keylen, 7574 sizeof(*chunks) + num_chunks); 7575 keylen += sizeof(*chunks) + num_chunks; 7576 } 7577 /* append in the HMACs */ 7578 if (hmacs != NULL) { 7579 bcopy(hmacs, new_key->key + keylen, 7580 sizeof(*hmacs) + hmacs_len); 7581 } 7582 } else { 7583 /* failed to get memory for the key */ 7584 return (-34); 7585 } 7586 if (stcb->asoc.authinfo.peer_random != NULL) 7587 sctp_free_key(stcb->asoc.authinfo.peer_random); 7588 stcb->asoc.authinfo.peer_random = new_key; 7589 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid); 7590 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid); 7591 7592 return (0); 7593 } 7594 7595 int 7596 sctp_set_primary_addr(struct sctp_tcb *stcb, struct sockaddr *sa, 7597 struct sctp_nets *net) 7598 { 7599 /* make sure the requested primary address exists in the assoc */ 7600 if (net == NULL && sa) 7601 net = sctp_findnet(stcb, sa); 7602 7603 if (net == NULL) { 7604 /* didn't find the requested primary address! */ 7605 return (-1); 7606 } else { 7607 /* set the primary address */ 7608 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) { 7609 /* Must be confirmed, so queue to set */ 7610 net->dest_state |= SCTP_ADDR_REQ_PRIMARY; 7611 return (0); 7612 } 7613 stcb->asoc.primary_destination = net; 7614 if (!(net->dest_state & SCTP_ADDR_PF) && (stcb->asoc.alternate)) { 7615 sctp_free_remote_addr(stcb->asoc.alternate); 7616 stcb->asoc.alternate = NULL; 7617 } 7618 net = TAILQ_FIRST(&stcb->asoc.nets); 7619 if (net != stcb->asoc.primary_destination) { 7620 /* first one on the list is NOT the primary 7621 * sctp_cmpaddr() is much more efficient if 7622 * the primary is the first on the list, make it 7623 * so. 7624 */ 7625 TAILQ_REMOVE(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next); 7626 TAILQ_INSERT_HEAD(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next); 7627 } 7628 return (0); 7629 } 7630 } 7631 7632 int 7633 sctp_is_vtag_good(uint32_t tag, uint16_t lport, uint16_t rport, struct timeval *now) 7634 { 7635 /* 7636 * This function serves two purposes. It will see if a TAG can be 7637 * re-used and return 1 for yes it is ok and 0 for don't use that 7638 * tag. A secondary function it will do is purge out old tags that 7639 * can be removed. 7640 */ 7641 struct sctpvtaghead *chain; 7642 struct sctp_tagblock *twait_block; 7643 struct sctpasochead *head; 7644 struct sctp_tcb *stcb; 7645 int i; 7646 7647 SCTP_INP_INFO_RLOCK(); 7648 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(tag, 7649 SCTP_BASE_INFO(hashasocmark))]; 7650 if (head == NULL) { 7651 /* invalid vtag */ 7652 goto skip_vtag_check; 7653 } 7654 LIST_FOREACH(stcb, head, sctp_asocs) { 7655 /* We choose not to lock anything here. TCB's can't be 7656 * removed since we have the read lock, so they can't 7657 * be freed on us, same thing for the INP. I may 7658 * be wrong with this assumption, but we will go 7659 * with it for now :-) 7660 */ 7661 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) { 7662 continue; 7663 } 7664 if (stcb->asoc.my_vtag == tag) { 7665 /* candidate */ 7666 if (stcb->rport != rport) { 7667 continue; 7668 } 7669 if (stcb->sctp_ep->sctp_lport != lport) { 7670 continue; 7671 } 7672 /* Its a used tag set */ 7673 SCTP_INP_INFO_RUNLOCK(); 7674 return (0); 7675 } 7676 } 7677 skip_vtag_check: 7678 7679 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)]; 7680 /* Now what about timed wait ? */ 7681 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) { 7682 /* 7683 * Block(s) are present, lets see if we have this tag in the 7684 * list 7685 */ 7686 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) { 7687 if (twait_block->vtag_block[i].v_tag == 0) { 7688 /* not used */ 7689 continue; 7690 } else if ((long)twait_block->vtag_block[i].tv_sec_at_expire < 7691 now->tv_sec) { 7692 /* Audit expires this guy */ 7693 twait_block->vtag_block[i].tv_sec_at_expire = 0; 7694 twait_block->vtag_block[i].v_tag = 0; 7695 twait_block->vtag_block[i].lport = 0; 7696 twait_block->vtag_block[i].rport = 0; 7697 } else if ((twait_block->vtag_block[i].v_tag == tag) && 7698 (twait_block->vtag_block[i].lport == lport) && 7699 (twait_block->vtag_block[i].rport == rport)) { 7700 /* Bad tag, sorry :< */ 7701 SCTP_INP_INFO_RUNLOCK(); 7702 return (0); 7703 } 7704 } 7705 } 7706 SCTP_INP_INFO_RUNLOCK(); 7707 return (1); 7708 } 7709 7710 static void 7711 sctp_drain_mbufs(struct sctp_tcb *stcb) 7712 { 7713 /* 7714 * We must hunt this association for MBUF's past the cumack (i.e. 7715 * out of order data that we can renege on). 7716 */ 7717 struct sctp_association *asoc; 7718 struct sctp_tmit_chunk *chk, *nchk; 7719 uint32_t cumulative_tsn_p1; 7720 struct sctp_queued_to_read *ctl, *nctl; 7721 int cnt, strmat; 7722 uint32_t gap, i; 7723 int fnd = 0; 7724 7725 /* We look for anything larger than the cum-ack + 1 */ 7726 7727 asoc = &stcb->asoc; 7728 if (asoc->cumulative_tsn == asoc->highest_tsn_inside_map) { 7729 /* none we can reneg on. */ 7730 return; 7731 } 7732 SCTP_STAT_INCR(sctps_protocol_drains_done); 7733 cumulative_tsn_p1 = asoc->cumulative_tsn + 1; 7734 cnt = 0; 7735 /* First look in the re-assembly queue */ 7736 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) { 7737 if (SCTP_TSN_GT(chk->rec.data.TSN_seq, cumulative_tsn_p1)) { 7738 /* Yep it is above cum-ack */ 7739 cnt++; 7740 SCTP_CALC_TSN_TO_GAP(gap, chk->rec.data.TSN_seq, asoc->mapping_array_base_tsn); 7741 asoc->size_on_reasm_queue = sctp_sbspace_sub(asoc->size_on_reasm_queue, chk->send_size); 7742 sctp_ucount_decr(asoc->cnt_on_reasm_queue); 7743 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); 7744 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next); 7745 if (chk->data) { 7746 sctp_m_freem(chk->data); 7747 chk->data = NULL; 7748 } 7749 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED); 7750 } 7751 } 7752 /* Ok that was fun, now we will drain all the inbound streams? */ 7753 for (strmat = 0; strmat < asoc->streamincnt; strmat++) { 7754 TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[strmat].inqueue, next, nctl) { 7755 if (SCTP_TSN_GT(ctl->sinfo_tsn, cumulative_tsn_p1)) { 7756 /* Yep it is above cum-ack */ 7757 cnt++; 7758 SCTP_CALC_TSN_TO_GAP(gap, ctl->sinfo_tsn, asoc->mapping_array_base_tsn); 7759 asoc->size_on_all_streams = sctp_sbspace_sub(asoc->size_on_all_streams, ctl->length); 7760 sctp_ucount_decr(asoc->cnt_on_all_streams); 7761 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap); 7762 TAILQ_REMOVE(&asoc->strmin[strmat].inqueue, ctl, next); 7763 if (ctl->data) { 7764 sctp_m_freem(ctl->data); 7765 ctl->data = NULL; 7766 } 7767 sctp_free_remote_addr(ctl->whoFrom); 7768 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), ctl); 7769 SCTP_DECR_READQ_COUNT(); 7770 } 7771 } 7772 } 7773 if (cnt) { 7774 /* We must back down to see what the new highest is */ 7775 for (i = asoc->highest_tsn_inside_map; SCTP_TSN_GE(i, asoc->mapping_array_base_tsn); i--) { 7776 SCTP_CALC_TSN_TO_GAP(gap, i, asoc->mapping_array_base_tsn); 7777 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) { 7778 asoc->highest_tsn_inside_map = i; 7779 fnd = 1; 7780 break; 7781 } 7782 } 7783 if (!fnd) { 7784 asoc->highest_tsn_inside_map = asoc->mapping_array_base_tsn - 1; 7785 } 7786 7787 /* 7788 * Question, should we go through the delivery queue? The only 7789 * reason things are on here is the app not reading OR a p-d-api up. 7790 * An attacker COULD send enough in to initiate the PD-API and then 7791 * send a bunch of stuff to other streams... these would wind up on 7792 * the delivery queue.. and then we would not get to them. But in 7793 * order to do this I then have to back-track and un-deliver 7794 * sequence numbers in streams.. el-yucko. I think for now we will 7795 * NOT look at the delivery queue and leave it to be something to 7796 * consider later. An alternative would be to abort the P-D-API with 7797 * a notification and then deliver the data.... Or another method 7798 * might be to keep track of how many times the situation occurs and 7799 * if we see a possible attack underway just abort the association. 7800 */ 7801 #ifdef SCTP_DEBUG 7802 SCTPDBG(SCTP_DEBUG_PCB1, "Freed %d chunks from reneg harvest\n", cnt); 7803 #endif 7804 /* 7805 * Now do we need to find a new 7806 * asoc->highest_tsn_inside_map? 7807 */ 7808 asoc->last_revoke_count = cnt; 7809 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer); 7810 /*sa_ignore NO_NULL_CHK*/ 7811 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED); 7812 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_DRAIN, SCTP_SO_NOT_LOCKED); 7813 } 7814 /* 7815 * Another issue, in un-setting the TSN's in the mapping array we 7816 * DID NOT adjust the highest_tsn marker. This will cause one of two 7817 * things to occur. It may cause us to do extra work in checking for 7818 * our mapping array movement. More importantly it may cause us to 7819 * SACK every datagram. This may not be a bad thing though since we 7820 * will recover once we get our cum-ack above and all this stuff we 7821 * dumped recovered. 7822 */ 7823 } 7824 7825 void 7826 sctp_drain() 7827 { 7828 /* 7829 * We must walk the PCB lists for ALL associations here. The system 7830 * is LOW on MBUF's and needs help. This is where reneging will 7831 * occur. We really hope this does NOT happen! 7832 */ 7833 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000 7834 VNET_ITERATOR_DECL(vnet_iter); 7835 #else 7836 struct sctp_inpcb *inp; 7837 struct sctp_tcb *stcb; 7838 7839 SCTP_STAT_INCR(sctps_protocol_drain_calls); 7840 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) { 7841 return; 7842 } 7843 #endif 7844 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000 7845 VNET_LIST_RLOCK_NOSLEEP(); 7846 VNET_FOREACH(vnet_iter) { 7847 CURVNET_SET(vnet_iter); 7848 struct sctp_inpcb *inp; 7849 struct sctp_tcb *stcb; 7850 #endif 7851 7852 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000 7853 SCTP_STAT_INCR(sctps_protocol_drain_calls); 7854 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) { 7855 #ifdef VIMAGE 7856 continue; 7857 #else 7858 return; 7859 #endif 7860 } 7861 #endif 7862 SCTP_INP_INFO_RLOCK(); 7863 LIST_FOREACH(inp, &SCTP_BASE_INFO(listhead), sctp_list) { 7864 /* For each endpoint */ 7865 SCTP_INP_RLOCK(inp); 7866 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) { 7867 /* For each association */ 7868 SCTP_TCB_LOCK(stcb); 7869 sctp_drain_mbufs(stcb); 7870 SCTP_TCB_UNLOCK(stcb); 7871 } 7872 SCTP_INP_RUNLOCK(inp); 7873 } 7874 SCTP_INP_INFO_RUNLOCK(); 7875 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000 7876 CURVNET_RESTORE(); 7877 } 7878 VNET_LIST_RUNLOCK_NOSLEEP(); 7879 #endif 7880 } 7881 7882 /* 7883 * start a new iterator 7884 * iterates through all endpoints and associations based on the pcb_state 7885 * flags and asoc_state. "af" (mandatory) is executed for all matching 7886 * assocs and "ef" (optional) is executed when the iterator completes. 7887 * "inpf" (optional) is executed for each new endpoint as it is being 7888 * iterated through. inpe (optional) is called when the inp completes 7889 * its way through all the stcbs. 7890 */ 7891 int 7892 sctp_initiate_iterator(inp_func inpf, 7893 asoc_func af, 7894 inp_func inpe, 7895 uint32_t pcb_state, 7896 uint32_t pcb_features, 7897 uint32_t asoc_state, 7898 void *argp, 7899 uint32_t argi, 7900 end_func ef, 7901 struct sctp_inpcb *s_inp, 7902 uint8_t chunk_output_off) 7903 { 7904 struct sctp_iterator *it = NULL; 7905 7906 if (af == NULL) { 7907 return (-1); 7908 } 7909 SCTP_MALLOC(it, struct sctp_iterator *, sizeof(struct sctp_iterator), 7910 SCTP_M_ITER); 7911 if (it == NULL) { 7912 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM); 7913 return (ENOMEM); 7914 } 7915 memset(it, 0, sizeof(*it)); 7916 it->function_assoc = af; 7917 it->function_inp = inpf; 7918 if (inpf) 7919 it->done_current_ep = 0; 7920 else 7921 it->done_current_ep = 1; 7922 it->function_atend = ef; 7923 it->pointer = argp; 7924 it->val = argi; 7925 it->pcb_flags = pcb_state; 7926 it->pcb_features = pcb_features; 7927 it->asoc_state = asoc_state; 7928 it->function_inp_end = inpe; 7929 it->no_chunk_output = chunk_output_off; 7930 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000 7931 it->vn = curvnet; 7932 #endif 7933 if (s_inp) { 7934 /* Assume lock is held here */ 7935 it->inp = s_inp; 7936 SCTP_INP_INCR_REF(it->inp); 7937 it->iterator_flags = SCTP_ITERATOR_DO_SINGLE_INP; 7938 } else { 7939 SCTP_INP_INFO_RLOCK(); 7940 it->inp = LIST_FIRST(&SCTP_BASE_INFO(listhead)); 7941 if (it->inp) { 7942 SCTP_INP_INCR_REF(it->inp); 7943 } 7944 SCTP_INP_INFO_RUNLOCK(); 7945 it->iterator_flags = SCTP_ITERATOR_DO_ALL_INP; 7946 7947 } 7948 SCTP_IPI_ITERATOR_WQ_LOCK(); 7949 7950 TAILQ_INSERT_TAIL(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr); 7951 if (sctp_it_ctl.iterator_running == 0) { 7952 sctp_wakeup_iterator(); 7953 } 7954 SCTP_IPI_ITERATOR_WQ_UNLOCK(); 7955 /* sa_ignore MEMLEAK {memory is put on the tailq for the iterator} */ 7956 return (0); 7957 } 7958