2 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
7 * a) Redistributions of source code must retain the above copyright notice,
8 * this list of conditions and the following disclaimer.
10 * b) Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the distribution.
14 * c) Neither the name of Cisco Systems, Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
20 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
28 * THE POSSIBILITY OF SUCH DAMAGE.
31 /* $KAME: sctp_pcb.c,v 1.38 2005/03/06 16:04:18 itojun Exp $ */
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
36 #include <netinet/sctp_os.h>
38 #include <netinet/sctp_var.h>
39 #include <netinet/sctp_sysctl.h>
40 #include <netinet/sctp_pcb.h>
41 #include <netinet/sctputil.h>
42 #include <netinet/sctp.h>
43 #include <netinet/sctp_header.h>
44 #include <netinet/sctp_asconf.h>
45 #include <netinet/sctp_output.h>
46 #include <netinet/sctp_timer.h>
47 #include <netinet/sctp_bsd_addr.h>
50 struct sctp_epinfo sctppcbinfo;
52 /* FIX: we don't handle multiple link local scopes */
53 /* "scopeless" replacement IN6_ARE_ADDR_EQUAL */
55 SCTP6_ARE_ADDR_EQUAL(struct in6_addr *a, struct in6_addr *b)
57 struct in6_addr tmp_a, tmp_b;
59 /* use a copy of a and b */
62 in6_clearscope(&tmp_a);
63 in6_clearscope(&tmp_b);
64 return (IN6_ARE_ADDR_EQUAL(&tmp_a, &tmp_b));
68 sctp_fill_pcbinfo(struct sctp_pcbinfo *spcb)
71 * We really don't need to lock this, but I will just because it
74 SCTP_INP_INFO_RLOCK();
75 spcb->ep_count = sctppcbinfo.ipi_count_ep;
76 spcb->asoc_count = sctppcbinfo.ipi_count_asoc;
77 spcb->laddr_count = sctppcbinfo.ipi_count_laddr;
78 spcb->raddr_count = sctppcbinfo.ipi_count_raddr;
79 spcb->chk_count = sctppcbinfo.ipi_count_chunk;
80 spcb->readq_count = sctppcbinfo.ipi_count_readq;
81 spcb->stream_oque = sctppcbinfo.ipi_count_strmoq;
82 spcb->free_chunks = sctppcbinfo.ipi_free_chunks;
84 SCTP_INP_INFO_RUNLOCK();
88 * Addresses are added to VRF's (Virtual Router's). For BSD we
89 * have only the default VRF 0. We maintain a hash list of
90 * VRF's. Each VRF has its own list of sctp_ifn's. Each of
91 * these has a list of addresses. When we add a new address
92 * to a VRF we lookup the ifn/ifn_index, if the ifn does
93 * not exist we create it and add it to the list of IFN's
94 * within the VRF. Once we have the sctp_ifn, we add the
95 * address to the list. So we look something like:
98 * vrf-> ifn-> ifn -> ifn
100 * ... +--ifa-> ifa -> ifa
103 * We keep these seperate lists since the SCTP subsystem will
104 * point to these from its source address selection nets structure.
105 * When an address is deleted it does not happen right away on
106 * the SCTP side, it gets scheduled. What we do when a
107 * delete happens is immediately remove the address from
108 * the master list and decrement the refcount. As our
109 * addip iterator works through and frees the src address
110 * selection pointing to the sctp_ifa, eventually the refcount
111 * will reach 0 and we will delete it. Note that it is assumed
112 * that any locking on system level ifn/ifa is done at the
113 * caller of these functions and these routines will only
114 * lock the SCTP structures as they add or delete things.
116 * Other notes on VRF concepts.
117 * - An endpoint can be in multiple VRF's
118 * - An association lives within a VRF and only one VRF.
119 * - Any incoming packet we can deduce the VRF for by
120 * looking at the mbuf/pak inbound (for BSD its VRF=0 :D)
121 * - Any downward send call or connect call must supply the
122 * VRF via ancillary data or via some sort of set default
123 * VRF socket option call (again for BSD no brainer since
124 * the VRF is always 0).
125 * - An endpoint may add multiple VRF's to it.
126 * - Listening sockets can accept associations in any
127 * of the VRF's they are in but the assoc will end up
128 * in only one VRF (gotten from the packet or connect/send).
133 sctp_allocate_vrf(int vrf_id)
135 struct sctp_vrf *vrf = NULL;
136 struct sctp_vrflist *bucket;
138 /* First allocate the VRF structure */
139 vrf = sctp_find_vrf(vrf_id);
141 /* Already allocated */
144 SCTP_MALLOC(vrf, struct sctp_vrf *, sizeof(struct sctp_vrf),
149 panic("No memory for VRF:%d", vrf_id);
154 memset(vrf, 0, sizeof(struct sctp_vrf));
155 vrf->vrf_id = vrf_id;
156 LIST_INIT(&vrf->ifnlist);
157 vrf->total_ifa_count = 0;
159 /* now also setup table ids */
160 SCTP_INIT_VRF_TABLEID(vrf);
161 /* Init the HASH of addresses */
162 vrf->vrf_addr_hash = SCTP_HASH_INIT(SCTP_VRF_ADDR_HASH_SIZE,
163 &vrf->vrf_addr_hashmark);
164 if (vrf->vrf_addr_hash == NULL) {
167 panic("No memory for VRF:%d", vrf_id);
169 SCTP_FREE(vrf, SCTP_M_VRF);
172 /* Add it to the hash table */
173 bucket = &sctppcbinfo.sctp_vrfhash[(vrf_id & sctppcbinfo.hashvrfmark)];
174 LIST_INSERT_HEAD(bucket, vrf, next_vrf);
175 atomic_add_int(&sctppcbinfo.ipi_count_vrfs, 1);
181 sctp_find_ifn(void *ifn, uint32_t ifn_index)
183 struct sctp_ifn *sctp_ifnp;
184 struct sctp_ifnlist *hash_ifn_head;
187 * We assume the lock is held for the addresses if thats wrong
188 * problems could occur :-)
190 hash_ifn_head = &sctppcbinfo.vrf_ifn_hash[(ifn_index & sctppcbinfo.vrf_ifn_hashmark)];
191 LIST_FOREACH(sctp_ifnp, hash_ifn_head, next_bucket) {
192 if (sctp_ifnp->ifn_index == ifn_index) {
195 if (sctp_ifnp->ifn_p && ifn && (sctp_ifnp->ifn_p == ifn)) {
205 sctp_find_vrf(uint32_t vrf_id)
207 struct sctp_vrflist *bucket;
208 struct sctp_vrf *liste;
210 bucket = &sctppcbinfo.sctp_vrfhash[(vrf_id & sctppcbinfo.hashvrfmark)];
211 LIST_FOREACH(liste, bucket, next_vrf) {
212 if (vrf_id == liste->vrf_id) {
220 sctp_free_vrf(struct sctp_vrf *vrf)
224 ret = atomic_fetchadd_int(&vrf->refcount, -1);
226 /* We zero'd the count */
227 LIST_REMOVE(vrf, next_vrf);
228 SCTP_FREE(vrf, SCTP_M_VRF);
229 atomic_subtract_int(&sctppcbinfo.ipi_count_vrfs, 1);
234 sctp_free_ifn(struct sctp_ifn *sctp_ifnp)
238 ret = atomic_fetchadd_int(&sctp_ifnp->refcount, -1);
240 /* We zero'd the count */
241 if (sctp_ifnp->vrf) {
242 sctp_free_vrf(sctp_ifnp->vrf);
244 SCTP_FREE(sctp_ifnp, SCTP_M_IFN);
245 atomic_subtract_int(&sctppcbinfo.ipi_count_ifns, 1);
250 sctp_update_ifn_mtu(uint32_t ifn_index, uint32_t mtu)
252 struct sctp_ifn *sctp_ifnp;
254 sctp_ifnp = sctp_find_ifn((void *)NULL, ifn_index);
255 if (sctp_ifnp != NULL) {
256 sctp_ifnp->ifn_mtu = mtu;
262 sctp_free_ifa(struct sctp_ifa *sctp_ifap)
266 ret = atomic_fetchadd_int(&sctp_ifap->refcount, -1);
268 /* We zero'd the count */
269 if (sctp_ifap->ifn_p) {
270 sctp_free_ifn(sctp_ifap->ifn_p);
272 SCTP_FREE(sctp_ifap, SCTP_M_IFA);
273 atomic_subtract_int(&sctppcbinfo.ipi_count_ifas, 1);
278 sctp_delete_ifn(struct sctp_ifn *sctp_ifnp, int hold_addr_lock)
280 struct sctp_ifn *found;
282 found = sctp_find_ifn(sctp_ifnp->ifn_p, sctp_ifnp->ifn_index);
284 /* Not in the list.. sorry */
287 if (hold_addr_lock == 0)
288 SCTP_IPI_ADDR_LOCK();
289 LIST_REMOVE(sctp_ifnp, next_bucket);
290 LIST_REMOVE(sctp_ifnp, next_ifn);
291 SCTP_DEREGISTER_INTERFACE(sctp_ifnp->ifn_index,
292 sctp_ifnp->registered_af);
293 if (hold_addr_lock == 0)
294 SCTP_IPI_ADDR_UNLOCK();
295 /* Take away the reference, and possibly free it */
296 sctp_free_ifn(sctp_ifnp);
301 sctp_add_addr_to_vrf(uint32_t vrf_id, void *ifn, uint32_t ifn_index,
302 uint32_t ifn_type, const char *if_name,
303 void *ifa, struct sockaddr *addr, uint32_t ifa_flags,
306 struct sctp_vrf *vrf;
307 struct sctp_ifn *sctp_ifnp = NULL;
308 struct sctp_ifa *sctp_ifap = NULL;
309 struct sctp_ifalist *hash_addr_head;
310 struct sctp_ifnlist *hash_ifn_head;
311 uint32_t hash_of_addr;
314 /* How granular do we need the locks to be here? */
315 SCTP_IPI_ADDR_LOCK();
316 sctp_ifnp = sctp_find_ifn(ifn, ifn_index);
318 vrf = sctp_ifnp->vrf;
320 vrf = sctp_find_vrf(vrf_id);
322 vrf = sctp_allocate_vrf(vrf_id);
324 SCTP_IPI_ADDR_UNLOCK();
329 if (sctp_ifnp == NULL) {
331 * build one and add it, can't hold lock until after malloc
334 SCTP_IPI_ADDR_UNLOCK();
335 SCTP_MALLOC(sctp_ifnp, struct sctp_ifn *, sizeof(struct sctp_ifn), SCTP_M_IFN);
336 if (sctp_ifnp == NULL) {
338 panic("No memory for IFN:%u", sctp_ifnp->ifn_index);
342 sctp_ifnp->ifn_index = ifn_index;
343 sctp_ifnp->ifn_p = ifn;
344 sctp_ifnp->ifn_type = ifn_type;
345 sctp_ifnp->ifa_count = 0;
346 sctp_ifnp->refcount = 1;
347 sctp_ifnp->vrf = vrf;
348 atomic_add_int(&vrf->refcount, 1);
349 sctp_ifnp->ifn_mtu = SCTP_GATHER_MTU_FROM_IFN_INFO(ifn, ifn_index, addr->sa_family);
350 if (if_name != NULL) {
351 memcpy(sctp_ifnp->ifn_name, if_name, SCTP_IFNAMSIZ);
353 memcpy(sctp_ifnp->ifn_name, "unknown", min(7, SCTP_IFNAMSIZ));
355 hash_ifn_head = &sctppcbinfo.vrf_ifn_hash[(ifn_index & sctppcbinfo.vrf_ifn_hashmark)];
356 LIST_INIT(&sctp_ifnp->ifalist);
357 SCTP_IPI_ADDR_LOCK();
358 LIST_INSERT_HEAD(hash_ifn_head, sctp_ifnp, next_bucket);
359 LIST_INSERT_HEAD(&vrf->ifnlist, sctp_ifnp, next_ifn);
360 atomic_add_int(&sctppcbinfo.ipi_count_ifns, 1);
363 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, 1);
365 /* Hmm, it already exists? */
366 if ((sctp_ifap->ifn_p) &&
367 (sctp_ifap->ifn_p->ifn_index == ifn_index)) {
369 /* Remove the created one that we don't want */
370 sctp_delete_ifn(sctp_ifap->ifn_p, 1);
372 if (sctp_ifap->localifa_flags & SCTP_BEING_DELETED) {
373 /* easy to solve, just switch back to active */
374 sctp_ifap->localifa_flags = SCTP_ADDR_VALID;
375 sctp_ifap->ifn_p = sctp_ifnp;
376 atomic_add_int(&sctp_ifap->ifn_p->refcount, 1);
378 SCTP_IPI_ADDR_UNLOCK();
381 goto exit_stage_left;
384 if (sctp_ifap->ifn_p) {
386 * The first IFN gets the address,
387 * duplicates are ignored.
391 * Remove the created one that we
394 sctp_delete_ifn(sctp_ifap->ifn_p, 1);
396 goto exit_stage_left;
398 /* repair ifnp which was NULL ? */
399 sctp_ifap->localifa_flags = SCTP_ADDR_VALID;
400 sctp_ifap->ifn_p = sctp_ifnp;
401 atomic_add_int(&sctp_ifap->ifn_p->refcount, 1);
403 goto exit_stage_left;
406 SCTP_IPI_ADDR_UNLOCK();
407 SCTP_MALLOC(sctp_ifap, struct sctp_ifa *, sizeof(struct sctp_ifa), SCTP_M_IFA);
408 if (sctp_ifap == NULL) {
410 panic("No memory for IFA");
414 memset(sctp_ifap, 0, sizeof(struct sctp_ifa));
415 sctp_ifap->ifn_p = sctp_ifnp;
416 atomic_add_int(&sctp_ifnp->refcount, 1);
418 sctp_ifap->ifa = ifa;
419 memcpy(&sctp_ifap->address, addr, addr->sa_len);
420 sctp_ifap->localifa_flags = SCTP_ADDR_VALID | SCTP_ADDR_DEFER_USE;
421 sctp_ifap->flags = ifa_flags;
423 if (sctp_ifap->address.sa.sa_family == AF_INET) {
424 struct sockaddr_in *sin;
426 sin = (struct sockaddr_in *)&sctp_ifap->address.sin;
427 if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) ||
428 (IN4_ISLOOPBACK_ADDRESS(&sin->sin_addr))) {
429 sctp_ifap->src_is_loop = 1;
431 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) {
432 sctp_ifap->src_is_priv = 1;
436 new_ifn_af = AF_INET;
437 } else if (sctp_ifap->address.sa.sa_family == AF_INET6) {
438 /* ok to use deprecated addresses? */
439 struct sockaddr_in6 *sin6;
441 sin6 = (struct sockaddr_in6 *)&sctp_ifap->address.sin6;
442 if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) ||
443 (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))) {
444 sctp_ifap->src_is_loop = 1;
446 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
447 sctp_ifap->src_is_priv = 1;
451 new_ifn_af = AF_INET6;
455 hash_of_addr = sctp_get_ifa_hash_val(&sctp_ifap->address.sa);
457 if ((sctp_ifap->src_is_priv == 0) &&
458 (sctp_ifap->src_is_loop == 0)) {
459 sctp_ifap->src_is_glob = 1;
461 SCTP_IPI_ADDR_LOCK();
462 hash_addr_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)];
463 LIST_INSERT_HEAD(hash_addr_head, sctp_ifap, next_bucket);
464 sctp_ifap->refcount = 1;
465 LIST_INSERT_HEAD(&sctp_ifnp->ifalist, sctp_ifap, next_ifa);
466 sctp_ifnp->ifa_count++;
467 vrf->total_ifa_count++;
468 atomic_add_int(&sctppcbinfo.ipi_count_ifas, 1);
470 SCTP_REGISTER_INTERFACE(ifn_index, new_ifn_af);
471 sctp_ifnp->registered_af = new_ifn_af;
473 SCTP_IPI_ADDR_UNLOCK();
476 * Bump up the refcount so that when the timer completes it
477 * will drop back down.
479 struct sctp_laddr *wi;
481 atomic_add_int(&sctp_ifap->refcount, 1);
482 wi = SCTP_ZONE_GET(sctppcbinfo.ipi_zone_laddr, struct sctp_laddr);
485 * Gak, what can we do? We have lost an address
486 * change can you say HOSED?
488 SCTPDBG(SCTP_DEBUG_PCB1, "Lost and address change ???\n");
489 /* Opps, must decrement the count */
490 sctp_del_addr_from_vrf(vrf_id, addr, ifn_index);
493 SCTP_INCR_LADDR_COUNT();
494 bzero(wi, sizeof(*wi));
495 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time);
497 wi->action = SCTP_ADD_IP_ADDRESS;
498 SCTP_IPI_ITERATOR_WQ_LOCK();
500 * Should this really be a tailq? As it is we will process
501 * the newest first :-0
503 LIST_INSERT_HEAD(&sctppcbinfo.addr_wq, wi, sctp_nxt_addr);
504 SCTP_IPI_ITERATOR_WQ_UNLOCK();
505 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ,
506 (struct sctp_inpcb *)NULL,
507 (struct sctp_tcb *)NULL,
508 (struct sctp_nets *)NULL);
510 /* it's ready for use */
511 sctp_ifap->localifa_flags &= ~SCTP_ADDR_DEFER_USE;
517 sctp_del_addr_from_vrf(uint32_t vrf_id, struct sockaddr *addr,
520 struct sctp_vrf *vrf;
521 struct sctp_ifa *sctp_ifap = NULL;
523 SCTP_IPI_ADDR_LOCK();
525 vrf = sctp_find_vrf(vrf_id);
527 SCTP_PRINTF("Can't find vrf_id:%d\n", vrf_id);
530 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, 1);
532 sctp_ifap->localifa_flags &= SCTP_ADDR_VALID;
533 sctp_ifap->localifa_flags |= SCTP_BEING_DELETED;
534 vrf->total_ifa_count--;
535 LIST_REMOVE(sctp_ifap, next_bucket);
536 LIST_REMOVE(sctp_ifap, next_ifa);
537 if (sctp_ifap->ifn_p) {
538 sctp_ifap->ifn_p->ifa_count--;
539 if (sctp_ifap->address.sa.sa_family == AF_INET6)
540 sctp_ifap->ifn_p->num_v6--;
541 else if (sctp_ifap->address.sa.sa_family == AF_INET)
542 sctp_ifap->ifn_p->num_v4--;
543 if (SCTP_LIST_EMPTY(&sctp_ifap->ifn_p->ifalist)) {
544 sctp_delete_ifn(sctp_ifap->ifn_p, 1);
546 if ((sctp_ifap->ifn_p->num_v6 == 0) &&
547 (sctp_ifap->ifn_p->registered_af == AF_INET6)) {
548 SCTP_DEREGISTER_INTERFACE(ifn_index,
550 SCTP_REGISTER_INTERFACE(ifn_index,
552 sctp_ifap->ifn_p->registered_af = AF_INET;
553 } else if ((sctp_ifap->ifn_p->num_v4 == 0) &&
554 (sctp_ifap->ifn_p->registered_af == AF_INET)) {
555 SCTP_DEREGISTER_INTERFACE(ifn_index,
557 SCTP_REGISTER_INTERFACE(ifn_index,
559 sctp_ifap->ifn_p->registered_af = AF_INET6;
562 sctp_free_ifn(sctp_ifap->ifn_p);
563 sctp_ifap->ifn_p = NULL;
568 SCTPDBG(SCTP_DEBUG_PCB1, "Del Addr-ifn:%d Could not find address:",
570 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, addr);
575 SCTP_IPI_ADDR_UNLOCK();
577 struct sctp_laddr *wi;
579 wi = SCTP_ZONE_GET(sctppcbinfo.ipi_zone_laddr, struct sctp_laddr);
582 * Gak, what can we do? We have lost an address
583 * change can you say HOSED?
585 SCTPDBG(SCTP_DEBUG_PCB1, "Lost and address change ???\n");
587 /* Opps, must decrement the count */
588 sctp_free_ifa(sctp_ifap);
591 SCTP_INCR_LADDR_COUNT();
592 bzero(wi, sizeof(*wi));
593 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time);
595 wi->action = SCTP_DEL_IP_ADDRESS;
596 SCTP_IPI_ITERATOR_WQ_LOCK();
598 * Should this really be a tailq? As it is we will process
599 * the newest first :-0
601 LIST_INSERT_HEAD(&sctppcbinfo.addr_wq, wi, sctp_nxt_addr);
602 SCTP_IPI_ITERATOR_WQ_UNLOCK();
604 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ,
605 (struct sctp_inpcb *)NULL,
606 (struct sctp_tcb *)NULL,
607 (struct sctp_nets *)NULL);
614 static struct sctp_tcb *
615 sctp_tcb_special_locate(struct sctp_inpcb **inp_p, struct sockaddr *from,
616 struct sockaddr *to, struct sctp_nets **netp, uint32_t vrf_id)
618 /**** ASSUMSES THE CALLER holds the INP_INFO_RLOCK */
620 * If we support the TCP model, then we must now dig through to see
621 * if we can find our endpoint in the list of tcp ep's.
623 uint16_t lport, rport;
624 struct sctppcbhead *ephead;
625 struct sctp_inpcb *inp;
626 struct sctp_laddr *laddr;
627 struct sctp_tcb *stcb;
628 struct sctp_nets *net;
630 if ((to == NULL) || (from == NULL)) {
633 if (to->sa_family == AF_INET && from->sa_family == AF_INET) {
634 lport = ((struct sockaddr_in *)to)->sin_port;
635 rport = ((struct sockaddr_in *)from)->sin_port;
636 } else if (to->sa_family == AF_INET6 && from->sa_family == AF_INET6) {
637 lport = ((struct sockaddr_in6 *)to)->sin6_port;
638 rport = ((struct sockaddr_in6 *)from)->sin6_port;
642 ephead = &sctppcbinfo.sctp_tcpephash[SCTP_PCBHASH_ALLADDR(
643 (lport + rport), sctppcbinfo.hashtcpmark)];
645 * Ok now for each of the guys in this bucket we must look and see:
646 * - Does the remote port match. - Does there single association's
647 * addresses match this address (to). If so we update p_ep to point
648 * to this ep and return the tcb from it.
650 LIST_FOREACH(inp, ephead, sctp_hash) {
652 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
653 SCTP_INP_RUNLOCK(inp);
656 if (lport != inp->sctp_lport) {
657 SCTP_INP_RUNLOCK(inp);
660 if (inp->def_vrf_id != vrf_id) {
661 SCTP_INP_RUNLOCK(inp);
664 /* check to see if the ep has one of the addresses */
665 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) {
666 /* We are NOT bound all, so look further */
669 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
671 if (laddr->ifa == NULL) {
672 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n", __FUNCTION__);
675 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
676 SCTPDBG(SCTP_DEBUG_PCB1, "ifa being deleted\n");
679 if (laddr->ifa->address.sa.sa_family ==
681 /* see if it matches */
682 struct sockaddr_in *intf_addr, *sin;
684 intf_addr = &laddr->ifa->address.sin;
685 sin = (struct sockaddr_in *)to;
686 if (from->sa_family == AF_INET) {
687 if (sin->sin_addr.s_addr ==
688 intf_addr->sin_addr.s_addr) {
693 struct sockaddr_in6 *intf_addr6;
694 struct sockaddr_in6 *sin6;
696 sin6 = (struct sockaddr_in6 *)
698 intf_addr6 = &laddr->ifa->address.sin6;
700 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
701 &intf_addr6->sin6_addr)) {
709 /* This endpoint does not have this address */
710 SCTP_INP_RUNLOCK(inp);
715 * Ok if we hit here the ep has the address, does it hold
719 stcb = LIST_FIRST(&inp->sctp_asoc_list);
721 SCTP_INP_RUNLOCK(inp);
725 if (stcb->rport != rport) {
726 /* remote port does not match. */
727 SCTP_TCB_UNLOCK(stcb);
728 SCTP_INP_RUNLOCK(inp);
731 /* Does this TCB have a matching address? */
732 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
734 if (net->ro._l_addr.sa.sa_family != from->sa_family) {
735 /* not the same family, can't be a match */
738 if (from->sa_family == AF_INET) {
739 struct sockaddr_in *sin, *rsin;
741 sin = (struct sockaddr_in *)&net->ro._l_addr;
742 rsin = (struct sockaddr_in *)from;
743 if (sin->sin_addr.s_addr ==
744 rsin->sin_addr.s_addr) {
749 /* Update the endpoint pointer */
751 SCTP_INP_RUNLOCK(inp);
755 struct sockaddr_in6 *sin6, *rsin6;
757 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
758 rsin6 = (struct sockaddr_in6 *)from;
759 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
760 &rsin6->sin6_addr)) {
765 /* Update the endpoint pointer */
767 SCTP_INP_RUNLOCK(inp);
772 SCTP_TCB_UNLOCK(stcb);
773 SCTP_INP_RUNLOCK(inp);
781 * 1) If I return a NULL you must decrement any INP ref cnt. 2) If I find an
782 * stcb, both will be locked (locked_tcb and stcb) but decrement will be done
783 * (if locked == NULL). 3) Decrement happens on return ONLY if locked ==
788 sctp_findassociation_ep_addr(struct sctp_inpcb **inp_p, struct sockaddr *remote,
789 struct sctp_nets **netp, struct sockaddr *local, struct sctp_tcb *locked_tcb)
791 struct sctpasochead *head;
792 struct sctp_inpcb *inp;
793 struct sctp_tcb *stcb = NULL;
794 struct sctp_nets *net;
798 if (remote->sa_family == AF_INET) {
799 rport = (((struct sockaddr_in *)remote)->sin_port);
800 } else if (remote->sa_family == AF_INET6) {
801 rport = (((struct sockaddr_in6 *)remote)->sin6_port);
807 * UN-lock so we can do proper locking here this occurs when
808 * called from load_addresses_from_init.
810 SCTP_TCB_UNLOCK(locked_tcb);
812 SCTP_INP_INFO_RLOCK();
813 if (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) {
815 * Now either this guy is our listener or it's the
816 * connector. If it is the one that issued the connect, then
817 * it's only chance is to be the first TCB in the list. If
818 * it is the acceptor, then do the special_lookup to hash
819 * and find the real inp.
821 if ((inp->sctp_socket) && (inp->sctp_socket->so_qlimit)) {
822 /* to is peer addr, from is my addr */
823 stcb = sctp_tcb_special_locate(inp_p, remote, local,
824 netp, inp->def_vrf_id);
825 if ((stcb != NULL) && (locked_tcb == NULL)) {
826 /* we have a locked tcb, lower refcount */
828 SCTP_INP_DECR_REF(inp);
829 SCTP_INP_WUNLOCK(inp);
831 if ((locked_tcb != NULL) && (locked_tcb != stcb)) {
832 SCTP_INP_RLOCK(locked_tcb->sctp_ep);
833 SCTP_TCB_LOCK(locked_tcb);
834 SCTP_INP_RUNLOCK(locked_tcb->sctp_ep);
836 SCTP_INP_INFO_RUNLOCK();
840 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
843 stcb = LIST_FIRST(&inp->sctp_asoc_list);
848 if (stcb->rport != rport) {
849 /* remote port does not match. */
850 SCTP_TCB_UNLOCK(stcb);
853 /* now look at the list of remote addresses */
854 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
856 if (net == (TAILQ_NEXT(net, sctp_next))) {
857 panic("Corrupt net list");
860 if (net->ro._l_addr.sa.sa_family !=
862 /* not the same family */
865 if (remote->sa_family == AF_INET) {
866 struct sockaddr_in *sin, *rsin;
868 sin = (struct sockaddr_in *)
870 rsin = (struct sockaddr_in *)remote;
871 if (sin->sin_addr.s_addr ==
872 rsin->sin_addr.s_addr) {
877 if (locked_tcb == NULL) {
878 SCTP_INP_DECR_REF(inp);
879 } else if (locked_tcb != stcb) {
880 SCTP_TCB_LOCK(locked_tcb);
882 SCTP_INP_WUNLOCK(inp);
883 SCTP_INP_INFO_RUNLOCK();
886 } else if (remote->sa_family == AF_INET6) {
887 struct sockaddr_in6 *sin6, *rsin6;
889 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
890 rsin6 = (struct sockaddr_in6 *)remote;
891 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
892 &rsin6->sin6_addr)) {
897 if (locked_tcb == NULL) {
898 SCTP_INP_DECR_REF(inp);
899 } else if (locked_tcb != stcb) {
900 SCTP_TCB_LOCK(locked_tcb);
902 SCTP_INP_WUNLOCK(inp);
903 SCTP_INP_INFO_RUNLOCK();
908 SCTP_TCB_UNLOCK(stcb);
912 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
915 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(rport,
916 inp->sctp_hashmark)];
920 LIST_FOREACH(stcb, head, sctp_tcbhash) {
921 if (stcb->rport != rport) {
922 /* remote port does not match */
925 /* now look at the list of remote addresses */
927 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
929 if (net == (TAILQ_NEXT(net, sctp_next))) {
930 panic("Corrupt net list");
933 if (net->ro._l_addr.sa.sa_family !=
935 /* not the same family */
938 if (remote->sa_family == AF_INET) {
939 struct sockaddr_in *sin, *rsin;
941 sin = (struct sockaddr_in *)
943 rsin = (struct sockaddr_in *)remote;
944 if (sin->sin_addr.s_addr ==
945 rsin->sin_addr.s_addr) {
950 if (locked_tcb == NULL) {
951 SCTP_INP_DECR_REF(inp);
952 } else if (locked_tcb != stcb) {
953 SCTP_TCB_LOCK(locked_tcb);
955 SCTP_INP_WUNLOCK(inp);
956 SCTP_INP_INFO_RUNLOCK();
959 } else if (remote->sa_family == AF_INET6) {
960 struct sockaddr_in6 *sin6, *rsin6;
962 sin6 = (struct sockaddr_in6 *)
964 rsin6 = (struct sockaddr_in6 *)remote;
965 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
966 &rsin6->sin6_addr)) {
971 if (locked_tcb == NULL) {
972 SCTP_INP_DECR_REF(inp);
973 } else if (locked_tcb != stcb) {
974 SCTP_TCB_LOCK(locked_tcb);
976 SCTP_INP_WUNLOCK(inp);
977 SCTP_INP_INFO_RUNLOCK();
982 SCTP_TCB_UNLOCK(stcb);
986 /* clean up for returning null */
988 SCTP_TCB_LOCK(locked_tcb);
990 SCTP_INP_WUNLOCK(inp);
991 SCTP_INP_INFO_RUNLOCK();
997 * Find an association for a specific endpoint using the association id given
998 * out in the COMM_UP notification
1002 sctp_findassociation_ep_asocid(struct sctp_inpcb *inp, sctp_assoc_t asoc_id, int want_lock)
1005 * Use my the assoc_id to find a endpoint
1007 struct sctpasochead *head;
1008 struct sctp_tcb *stcb;
1011 if (asoc_id == 0 || inp == NULL) {
1014 SCTP_INP_INFO_RLOCK();
1015 id = (uint32_t) asoc_id;
1016 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(id,
1017 sctppcbinfo.hashasocmark)];
1019 /* invalid id TSNH */
1020 SCTP_INP_INFO_RUNLOCK();
1023 LIST_FOREACH(stcb, head, sctp_asocs) {
1024 SCTP_INP_RLOCK(stcb->sctp_ep);
1025 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1026 SCTP_INP_RUNLOCK(stcb->sctp_ep);
1027 SCTP_INP_INFO_RUNLOCK();
1030 if (stcb->asoc.assoc_id == id) {
1032 if (inp != stcb->sctp_ep) {
1034 * some other guy has the same id active (id
1037 SCTP_INP_RUNLOCK(stcb->sctp_ep);
1041 SCTP_TCB_LOCK(stcb);
1043 SCTP_INP_RUNLOCK(stcb->sctp_ep);
1044 SCTP_INP_INFO_RUNLOCK();
1047 SCTP_INP_RUNLOCK(stcb->sctp_ep);
1049 /* Ok if we missed here, lets try the restart hash */
1050 head = &sctppcbinfo.sctp_restarthash[SCTP_PCBHASH_ASOC(id, sctppcbinfo.hashrestartmark)];
1052 /* invalid id TSNH */
1053 SCTP_INP_INFO_RUNLOCK();
1056 LIST_FOREACH(stcb, head, sctp_tcbrestarhash) {
1057 SCTP_INP_RLOCK(stcb->sctp_ep);
1058 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1059 SCTP_INP_RUNLOCK(stcb->sctp_ep);
1063 SCTP_TCB_LOCK(stcb);
1065 if (stcb->asoc.assoc_id == id) {
1067 SCTP_INP_RUNLOCK(stcb->sctp_ep);
1068 if (inp != stcb->sctp_ep) {
1070 * some other guy has the same id active (id
1074 SCTP_TCB_UNLOCK(stcb);
1078 SCTP_INP_INFO_RUNLOCK();
1081 SCTP_INP_RUNLOCK(stcb->sctp_ep);
1084 SCTP_TCB_UNLOCK(stcb);
1087 SCTP_INP_INFO_RUNLOCK();
1092 static struct sctp_inpcb *
1093 sctp_endpoint_probe(struct sockaddr *nam, struct sctppcbhead *head,
1094 uint16_t lport, uint32_t vrf_id)
1096 struct sctp_inpcb *inp;
1097 struct sockaddr_in *sin;
1098 struct sockaddr_in6 *sin6;
1099 struct sctp_laddr *laddr;
1103 * Endpoing probe expects that the INP_INFO is locked.
1105 if (nam->sa_family == AF_INET) {
1106 sin = (struct sockaddr_in *)nam;
1108 } else if (nam->sa_family == AF_INET6) {
1109 sin6 = (struct sockaddr_in6 *)nam;
1112 /* unsupported family */
1117 LIST_FOREACH(inp, head, sctp_hash) {
1118 SCTP_INP_RLOCK(inp);
1119 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1120 SCTP_INP_RUNLOCK(inp);
1123 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) &&
1124 (inp->sctp_lport == lport)) {
1126 if ((nam->sa_family == AF_INET) &&
1127 (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
1128 SCTP_IPV6_V6ONLY(inp)) {
1129 /* IPv4 on a IPv6 socket with ONLY IPv6 set */
1130 SCTP_INP_RUNLOCK(inp);
1133 /* A V6 address and the endpoint is NOT bound V6 */
1134 if (nam->sa_family == AF_INET6 &&
1135 (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) {
1136 SCTP_INP_RUNLOCK(inp);
1139 /* does a VRF id match? */
1141 if (inp->def_vrf_id == vrf_id)
1144 SCTP_INP_RUNLOCK(inp);
1149 SCTP_INP_RUNLOCK(inp);
1152 if ((nam->sa_family == AF_INET) &&
1153 (sin->sin_addr.s_addr == INADDR_ANY)) {
1154 /* Can't hunt for one that has no address specified */
1156 } else if ((nam->sa_family == AF_INET6) &&
1157 (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))) {
1158 /* Can't hunt for one that has no address specified */
1162 * ok, not bound to all so see if we can find a EP bound to this
1165 LIST_FOREACH(inp, head, sctp_hash) {
1166 SCTP_INP_RLOCK(inp);
1167 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1168 SCTP_INP_RUNLOCK(inp);
1171 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL)) {
1172 SCTP_INP_RUNLOCK(inp);
1176 * Ok this could be a likely candidate, look at all of its
1179 if (inp->sctp_lport != lport) {
1180 SCTP_INP_RUNLOCK(inp);
1183 /* does a VRF id match? */
1185 if (inp->def_vrf_id == vrf_id)
1189 SCTP_INP_RUNLOCK(inp);
1192 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
1193 if (laddr->ifa == NULL) {
1194 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n",
1198 SCTPDBG(SCTP_DEBUG_PCB1, "Ok laddr->ifa:%p is possible, ",
1200 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
1201 SCTPDBG(SCTP_DEBUG_PCB1, "Huh IFA being deleted\n");
1204 if (laddr->ifa->address.sa.sa_family == nam->sa_family) {
1205 /* possible, see if it matches */
1206 struct sockaddr_in *intf_addr;
1208 intf_addr = &laddr->ifa->address.sin;
1209 if (nam->sa_family == AF_INET) {
1210 if (sin->sin_addr.s_addr ==
1211 intf_addr->sin_addr.s_addr) {
1212 SCTP_INP_RUNLOCK(inp);
1215 } else if (nam->sa_family == AF_INET6) {
1216 struct sockaddr_in6 *intf_addr6;
1218 intf_addr6 = &laddr->ifa->address.sin6;
1219 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
1220 &intf_addr6->sin6_addr)) {
1221 SCTP_INP_RUNLOCK(inp);
1227 SCTP_INP_RUNLOCK(inp);
1234 sctp_pcb_findep(struct sockaddr *nam, int find_tcp_pool, int have_lock,
1238 * First we check the hash table to see if someone has this port
1239 * bound with just the port.
1241 struct sctp_inpcb *inp;
1242 struct sctppcbhead *head;
1243 struct sockaddr_in *sin;
1244 struct sockaddr_in6 *sin6;
1247 if (nam->sa_family == AF_INET) {
1248 sin = (struct sockaddr_in *)nam;
1249 lport = ((struct sockaddr_in *)nam)->sin_port;
1250 } else if (nam->sa_family == AF_INET6) {
1251 sin6 = (struct sockaddr_in6 *)nam;
1252 lport = ((struct sockaddr_in6 *)nam)->sin6_port;
1254 /* unsupported family */
1258 * I could cheat here and just cast to one of the types but we will
1259 * do it right. It also provides the check against an Unsupported
1262 /* Find the head of the ALLADDR chain */
1263 if (have_lock == 0) {
1264 SCTP_INP_INFO_RLOCK();
1267 head = &sctppcbinfo.sctp_ephash[SCTP_PCBHASH_ALLADDR(lport,
1268 sctppcbinfo.hashmark)];
1269 inp = sctp_endpoint_probe(nam, head, lport, vrf_id);
1272 * If the TCP model exists it could be that the main listening
1273 * endpoint is gone but there exists a connected socket for this guy
1274 * yet. If so we can return the first one that we find. This may NOT
1275 * be the correct one but the sctp_findassociation_ep_addr has
1276 * further code to look at all TCP models.
1278 if (inp == NULL && find_tcp_pool) {
1281 for (i = 0; i < sctppcbinfo.hashtblsize; i++) {
1283 * This is real gross, but we do NOT have a remote
1284 * port at this point depending on who is calling.
1285 * We must therefore look for ANY one that matches
1288 head = &sctppcbinfo.sctp_tcpephash[i];
1289 if (LIST_FIRST(head)) {
1290 inp = sctp_endpoint_probe(nam, head, lport, vrf_id);
1299 SCTP_INP_INCR_REF(inp);
1301 if (have_lock == 0) {
1302 SCTP_INP_INFO_RUNLOCK();
1308 * Find an association for an endpoint with the pointer to whom you want to
1309 * send to and the endpoint pointer. The address can be IPv4 or IPv6. We may
1310 * need to change the *to to some other struct like a mbuf...
1313 sctp_findassociation_addr_sa(struct sockaddr *to, struct sockaddr *from,
1314 struct sctp_inpcb **inp_p, struct sctp_nets **netp, int find_tcp_pool,
1317 struct sctp_inpcb *inp = NULL;
1318 struct sctp_tcb *retval;
1320 SCTP_INP_INFO_RLOCK();
1321 if (find_tcp_pool) {
1322 if (inp_p != NULL) {
1323 retval = sctp_tcb_special_locate(inp_p, from, to, netp,
1326 retval = sctp_tcb_special_locate(&inp, from, to, netp,
1329 if (retval != NULL) {
1330 SCTP_INP_INFO_RUNLOCK();
1334 inp = sctp_pcb_findep(to, 0, 1, vrf_id);
1335 if (inp_p != NULL) {
1338 SCTP_INP_INFO_RUNLOCK();
1344 * ok, we have an endpoint, now lets find the assoc for it (if any)
1345 * we now place the source address or from in the to of the find
1346 * endpoint call. Since in reality this chain is used from the
1347 * inbound packet side.
1349 if (inp_p != NULL) {
1350 retval = sctp_findassociation_ep_addr(inp_p, from, netp, to,
1353 retval = sctp_findassociation_ep_addr(&inp, from, netp, to,
1361 * This routine will grub through the mbuf that is a INIT or INIT-ACK and
1362 * find all addresses that the sender has specified in any address list. Each
1363 * address will be used to lookup the TCB and see if one exits.
1365 static struct sctp_tcb *
1366 sctp_findassociation_special_addr(struct mbuf *m, int iphlen, int offset,
1367 struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp,
1368 struct sockaddr *dest)
1370 struct sockaddr_in sin4;
1371 struct sockaddr_in6 sin6;
1372 struct sctp_paramhdr *phdr, parm_buf;
1373 struct sctp_tcb *retval;
1374 uint32_t ptype, plen;
1376 memset(&sin4, 0, sizeof(sin4));
1377 memset(&sin6, 0, sizeof(sin6));
1378 sin4.sin_len = sizeof(sin4);
1379 sin4.sin_family = AF_INET;
1380 sin4.sin_port = sh->src_port;
1381 sin6.sin6_len = sizeof(sin6);
1382 sin6.sin6_family = AF_INET6;
1383 sin6.sin6_port = sh->src_port;
1386 offset += sizeof(struct sctp_init_chunk);
1388 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf));
1389 while (phdr != NULL) {
1390 /* now we must see if we want the parameter */
1391 ptype = ntohs(phdr->param_type);
1392 plen = ntohs(phdr->param_length);
1396 if (ptype == SCTP_IPV4_ADDRESS &&
1397 plen == sizeof(struct sctp_ipv4addr_param)) {
1398 /* Get the rest of the address */
1399 struct sctp_ipv4addr_param ip4_parm, *p4;
1401 phdr = sctp_get_next_param(m, offset,
1402 (struct sctp_paramhdr *)&ip4_parm, min(plen, sizeof(ip4_parm)));
1406 p4 = (struct sctp_ipv4addr_param *)phdr;
1407 memcpy(&sin4.sin_addr, &p4->addr, sizeof(p4->addr));
1409 retval = sctp_findassociation_ep_addr(inp_p,
1410 (struct sockaddr *)&sin4, netp, dest, NULL);
1411 if (retval != NULL) {
1414 } else if (ptype == SCTP_IPV6_ADDRESS &&
1415 plen == sizeof(struct sctp_ipv6addr_param)) {
1416 /* Get the rest of the address */
1417 struct sctp_ipv6addr_param ip6_parm, *p6;
1419 phdr = sctp_get_next_param(m, offset,
1420 (struct sctp_paramhdr *)&ip6_parm, min(plen, sizeof(ip6_parm)));
1424 p6 = (struct sctp_ipv6addr_param *)phdr;
1425 memcpy(&sin6.sin6_addr, &p6->addr, sizeof(p6->addr));
1427 retval = sctp_findassociation_ep_addr(inp_p,
1428 (struct sockaddr *)&sin6, netp, dest, NULL);
1429 if (retval != NULL) {
1433 offset += SCTP_SIZE32(plen);
1434 phdr = sctp_get_next_param(m, offset, &parm_buf,
1441 static struct sctp_tcb *
1442 sctp_findassoc_by_vtag(struct sockaddr *from, uint32_t vtag,
1443 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint16_t rport,
1444 uint16_t lport, int skip_src_check)
1447 * Use my vtag to hash. If we find it we then verify the source addr
1448 * is in the assoc. If all goes well we save a bit on rec of a
1451 struct sctpasochead *head;
1452 struct sctp_nets *net;
1453 struct sctp_tcb *stcb;
1457 SCTP_INP_INFO_RLOCK();
1458 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(vtag,
1459 sctppcbinfo.hashasocmark)];
1462 SCTP_INP_INFO_RUNLOCK();
1465 LIST_FOREACH(stcb, head, sctp_asocs) {
1466 SCTP_INP_RLOCK(stcb->sctp_ep);
1467 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1468 SCTP_INP_RUNLOCK(stcb->sctp_ep);
1471 SCTP_TCB_LOCK(stcb);
1472 SCTP_INP_RUNLOCK(stcb->sctp_ep);
1473 if (stcb->asoc.my_vtag == vtag) {
1475 if (stcb->rport != rport) {
1477 * we could remove this if vtags are unique
1478 * across the system.
1480 SCTP_TCB_UNLOCK(stcb);
1483 if (stcb->sctp_ep->sctp_lport != lport) {
1485 * we could remove this if vtags are unique
1486 * across the system.
1488 SCTP_TCB_UNLOCK(stcb);
1491 if (skip_src_check) {
1492 *netp = NULL; /* unknown */
1494 *inp_p = stcb->sctp_ep;
1495 SCTP_INP_INFO_RUNLOCK();
1498 net = sctp_findnet(stcb, from);
1502 SCTP_STAT_INCR(sctps_vtagexpress);
1503 *inp_p = stcb->sctp_ep;
1504 SCTP_INP_INFO_RUNLOCK();
1508 * not him, this should only happen in rare
1509 * cases so I peg it.
1511 SCTP_STAT_INCR(sctps_vtagbogus);
1514 SCTP_TCB_UNLOCK(stcb);
1516 SCTP_INP_INFO_RUNLOCK();
1521 * Find an association with the pointer to the inbound IP packet. This can be
1522 * a IPv4 or IPv6 packet.
1525 sctp_findassociation_addr(struct mbuf *m, int iphlen, int offset,
1526 struct sctphdr *sh, struct sctp_chunkhdr *ch,
1527 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint32_t vrf_id)
1531 struct sctp_tcb *retval;
1532 struct sockaddr_storage to_store, from_store;
1533 struct sockaddr *to = (struct sockaddr *)&to_store;
1534 struct sockaddr *from = (struct sockaddr *)&from_store;
1535 struct sctp_inpcb *inp;
1537 iph = mtod(m, struct ip *);
1538 if (iph->ip_v == IPVERSION) {
1540 struct sockaddr_in *from4;
1542 from4 = (struct sockaddr_in *)&from_store;
1543 bzero(from4, sizeof(*from4));
1544 from4->sin_family = AF_INET;
1545 from4->sin_len = sizeof(struct sockaddr_in);
1546 from4->sin_addr.s_addr = iph->ip_src.s_addr;
1547 from4->sin_port = sh->src_port;
1548 } else if (iph->ip_v == (IPV6_VERSION >> 4)) {
1550 struct ip6_hdr *ip6;
1551 struct sockaddr_in6 *from6;
1553 ip6 = mtod(m, struct ip6_hdr *);
1554 from6 = (struct sockaddr_in6 *)&from_store;
1555 bzero(from6, sizeof(*from6));
1556 from6->sin6_family = AF_INET6;
1557 from6->sin6_len = sizeof(struct sockaddr_in6);
1558 from6->sin6_addr = ip6->ip6_src;
1559 from6->sin6_port = sh->src_port;
1560 /* Get the scopes in properly to the sin6 addr's */
1561 /* we probably don't need these operations */
1562 (void)sa6_recoverscope(from6);
1563 sa6_embedscope(from6, ip6_use_defzone);
1565 /* Currently not supported. */
1569 /* we only go down this path if vtag is non-zero */
1570 retval = sctp_findassoc_by_vtag(from, ntohl(sh->v_tag),
1571 inp_p, netp, sh->src_port, sh->dest_port, 0);
1576 if (iph->ip_v == IPVERSION) {
1578 struct sockaddr_in *to4;
1580 to4 = (struct sockaddr_in *)&to_store;
1581 bzero(to4, sizeof(*to4));
1582 to4->sin_family = AF_INET;
1583 to4->sin_len = sizeof(struct sockaddr_in);
1584 to4->sin_addr.s_addr = iph->ip_dst.s_addr;
1585 to4->sin_port = sh->dest_port;
1586 } else if (iph->ip_v == (IPV6_VERSION >> 4)) {
1588 struct ip6_hdr *ip6;
1589 struct sockaddr_in6 *to6;
1591 ip6 = mtod(m, struct ip6_hdr *);
1592 to6 = (struct sockaddr_in6 *)&to_store;
1593 bzero(to6, sizeof(*to6));
1594 to6->sin6_family = AF_INET6;
1595 to6->sin6_len = sizeof(struct sockaddr_in6);
1596 to6->sin6_addr = ip6->ip6_dst;
1597 to6->sin6_port = sh->dest_port;
1598 /* Get the scopes in properly to the sin6 addr's */
1599 /* we probably don't need these operations */
1600 (void)sa6_recoverscope(to6);
1601 sa6_embedscope(to6, ip6_use_defzone);
1604 if ((ch->chunk_type != SCTP_INITIATION) &&
1605 (ch->chunk_type != SCTP_INITIATION_ACK) &&
1606 (ch->chunk_type != SCTP_COOKIE_ACK) &&
1607 (ch->chunk_type != SCTP_COOKIE_ECHO)) {
1608 /* Other chunk types go to the tcp pool. */
1612 retval = sctp_findassociation_addr_sa(to, from, inp_p, netp,
1613 find_tcp_pool, vrf_id);
1616 retval = sctp_findassociation_addr_sa(to, from, &inp, netp,
1617 find_tcp_pool, vrf_id);
1619 SCTPDBG(SCTP_DEBUG_PCB1, "retval:%p inp:%p\n", retval, inp);
1620 if (retval == NULL && inp) {
1621 /* Found a EP but not this address */
1622 if ((ch->chunk_type == SCTP_INITIATION) ||
1623 (ch->chunk_type == SCTP_INITIATION_ACK)) {
1625 * special hook, we do NOT return linp or an
1626 * association that is linked to an existing
1627 * association that is under the TCP pool (i.e. no
1628 * listener exists). The endpoint finding routine
1629 * will always find a listner before examining the
1632 if (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) {
1638 retval = sctp_findassociation_special_addr(m, iphlen,
1639 offset, sh, &inp, netp, to);
1640 if (inp_p != NULL) {
1645 SCTPDBG(SCTP_DEBUG_PCB1, "retval is %p\n", retval);
1650 * lookup an association by an ASCONF lookup address.
1651 * if the lookup address is 0.0.0.0 or ::0, use the vtag to do the lookup
1654 sctp_findassociation_ep_asconf(struct mbuf *m, int iphlen, int offset,
1655 struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp)
1657 struct sctp_tcb *stcb;
1658 struct sockaddr_in *sin;
1659 struct sockaddr_in6 *sin6;
1660 struct sockaddr_storage local_store, remote_store;
1662 struct sctp_paramhdr parm_buf, *phdr;
1664 int zero_address = 0;
1667 memset(&local_store, 0, sizeof(local_store));
1668 memset(&remote_store, 0, sizeof(remote_store));
1670 /* First get the destination address setup too. */
1671 iph = mtod(m, struct ip *);
1672 if (iph->ip_v == IPVERSION) {
1674 sin = (struct sockaddr_in *)&local_store;
1675 sin->sin_family = AF_INET;
1676 sin->sin_len = sizeof(*sin);
1677 sin->sin_port = sh->dest_port;
1678 sin->sin_addr.s_addr = iph->ip_dst.s_addr;
1679 } else if (iph->ip_v == (IPV6_VERSION >> 4)) {
1681 struct ip6_hdr *ip6;
1683 ip6 = mtod(m, struct ip6_hdr *);
1684 sin6 = (struct sockaddr_in6 *)&local_store;
1685 sin6->sin6_family = AF_INET6;
1686 sin6->sin6_len = sizeof(*sin6);
1687 sin6->sin6_port = sh->dest_port;
1688 sin6->sin6_addr = ip6->ip6_dst;
1693 phdr = sctp_get_next_param(m, offset + sizeof(struct sctp_asconf_chunk),
1694 &parm_buf, sizeof(struct sctp_paramhdr));
1696 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf lookup addr\n",
1700 ptype = (int)((uint32_t) ntohs(phdr->param_type));
1701 /* get the correlation address */
1702 if (ptype == SCTP_IPV6_ADDRESS) {
1703 /* ipv6 address param */
1704 struct sctp_ipv6addr_param *p6, p6_buf;
1706 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv6addr_param)) {
1709 p6 = (struct sctp_ipv6addr_param *)sctp_get_next_param(m,
1710 offset + sizeof(struct sctp_asconf_chunk),
1711 &p6_buf.ph, sizeof(*p6));
1713 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v6 lookup addr\n",
1717 sin6 = (struct sockaddr_in6 *)&remote_store;
1718 sin6->sin6_family = AF_INET6;
1719 sin6->sin6_len = sizeof(*sin6);
1720 sin6->sin6_port = sh->src_port;
1721 memcpy(&sin6->sin6_addr, &p6->addr, sizeof(struct in6_addr));
1722 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))
1724 } else if (ptype == SCTP_IPV4_ADDRESS) {
1725 /* ipv4 address param */
1726 struct sctp_ipv4addr_param *p4, p4_buf;
1728 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv4addr_param)) {
1731 p4 = (struct sctp_ipv4addr_param *)sctp_get_next_param(m,
1732 offset + sizeof(struct sctp_asconf_chunk),
1733 &p4_buf.ph, sizeof(*p4));
1735 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v4 lookup addr\n",
1739 sin = (struct sockaddr_in *)&remote_store;
1740 sin->sin_family = AF_INET;
1741 sin->sin_len = sizeof(*sin);
1742 sin->sin_port = sh->src_port;
1743 memcpy(&sin->sin_addr, &p4->addr, sizeof(struct in_addr));
1744 if (sin->sin_addr.s_addr == INADDR_ANY)
1747 /* invalid address param type */
1752 stcb = sctp_findassoc_by_vtag(NULL, ntohl(sh->v_tag), inp_p,
1753 netp, sh->src_port, sh->dest_port, 1);
1755 * printf("findassociation_ep_asconf: zero lookup address
1756 * finds stcb 0x%x\n", (uint32_t)stcb);
1759 stcb = sctp_findassociation_ep_addr(inp_p,
1760 (struct sockaddr *)&remote_store, netp,
1761 (struct sockaddr *)&local_store, NULL);
1768 * allocate a sctp_inpcb and setup a temporary binding to a port/all
1769 * addresses. This way if we don't get a bind we by default pick a ephemeral
1770 * port with all addresses bound.
1773 sctp_inpcb_alloc(struct socket *so, uint32_t vrf_id)
1776 * we get called when a new endpoint starts up. We need to allocate
1777 * the sctp_inpcb structure from the zone and init it. Mark it as
1778 * unbound and find a port that we can use as an ephemeral with
1779 * INADDR_ANY. If the user binds later no problem we can then add in
1780 * the specific addresses. And setup the default parameters for the
1784 struct sctp_inpcb *inp;
1786 struct timeval time;
1787 sctp_sharedkey_t *null_key;
1791 SCTP_INP_INFO_WLOCK();
1792 inp = SCTP_ZONE_GET(sctppcbinfo.ipi_zone_ep, struct sctp_inpcb);
1794 SCTP_PRINTF("Out of SCTP-INPCB structures - no resources\n");
1795 SCTP_INP_INFO_WUNLOCK();
1799 bzero(inp, sizeof(*inp));
1801 /* bump generations */
1802 /* setup socket pointers */
1803 inp->sctp_socket = so;
1804 inp->ip_inp.inp.inp_socket = so;
1806 inp->partial_delivery_point = SCTP_SB_LIMIT_RCV(so) >> SCTP_PARTIAL_DELIVERY_SHIFT;
1807 inp->sctp_frag_point = SCTP_DEFAULT_MAXSEGMENT;
1811 struct inpcbpolicy *pcb_sp = NULL;
1813 error = ipsec_init_pcbpolicy(so, &pcb_sp);
1814 /* Arrange to share the policy */
1815 inp->ip_inp.inp.inp_sp = pcb_sp;
1816 ((struct in6pcb *)(&inp->ip_inp.inp))->in6p_sp = pcb_sp;
1819 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp);
1820 SCTP_INP_INFO_WUNLOCK();
1824 SCTP_INCR_EP_COUNT();
1825 inp->ip_inp.inp.inp_ip_ttl = ip_defttl;
1826 SCTP_INP_INFO_WUNLOCK();
1828 so->so_pcb = (caddr_t)inp;
1830 if ((SCTP_SO_TYPE(so) == SOCK_DGRAM) ||
1831 (SCTP_SO_TYPE(so) == SOCK_SEQPACKET)) {
1832 /* UDP style socket */
1833 inp->sctp_flags = (SCTP_PCB_FLAGS_UDPTYPE |
1834 SCTP_PCB_FLAGS_UNBOUND);
1835 /* Be sure it is NON-BLOCKING IO for UDP */
1836 /* SCTP_SET_SO_NBIO(so); */
1837 } else if (SCTP_SO_TYPE(so) == SOCK_STREAM) {
1838 /* TCP style socket */
1839 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE |
1840 SCTP_PCB_FLAGS_UNBOUND);
1841 /* Be sure we have blocking IO by default */
1842 SCTP_CLEAR_SO_NBIO(so);
1845 * unsupported socket type (RAW, etc)- in case we missed it
1848 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp);
1849 return (EOPNOTSUPP);
1851 sctp_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE);
1853 inp->sctp_tcbhash = SCTP_HASH_INIT(sctp_pcbtblsize,
1854 &inp->sctp_hashmark);
1855 if (inp->sctp_tcbhash == NULL) {
1856 SCTP_PRINTF("Out of SCTP-INPCB->hashinit - no resources\n");
1857 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp);
1860 inp->def_vrf_id = vrf_id;
1862 SCTP_INP_INFO_WLOCK();
1863 SCTP_INP_LOCK_INIT(inp);
1864 SCTP_INP_READ_INIT(inp);
1865 SCTP_ASOC_CREATE_LOCK_INIT(inp);
1866 /* lock the new ep */
1867 SCTP_INP_WLOCK(inp);
1869 /* add it to the info area */
1870 LIST_INSERT_HEAD(&sctppcbinfo.listhead, inp, sctp_list);
1871 SCTP_INP_INFO_WUNLOCK();
1873 TAILQ_INIT(&inp->read_queue);
1874 LIST_INIT(&inp->sctp_addr_list);
1876 LIST_INIT(&inp->sctp_asoc_list);
1878 #ifdef SCTP_TRACK_FREED_ASOCS
1880 LIST_INIT(&inp->sctp_asoc_free_list);
1882 /* Init the timer structure for signature change */
1883 SCTP_OS_TIMER_INIT(&inp->sctp_ep.signature_change.timer);
1884 inp->sctp_ep.signature_change.type = SCTP_TIMER_TYPE_NEWCOOKIE;
1886 /* now init the actual endpoint default data */
1889 /* setup the base timeout information */
1890 m->sctp_timeoutticks[SCTP_TIMER_SEND] = SEC_TO_TICKS(SCTP_SEND_SEC); /* needed ? */
1891 m->sctp_timeoutticks[SCTP_TIMER_INIT] = SEC_TO_TICKS(SCTP_INIT_SEC); /* needed ? */
1892 m->sctp_timeoutticks[SCTP_TIMER_RECV] = MSEC_TO_TICKS(sctp_delayed_sack_time_default);
1893 m->sctp_timeoutticks[SCTP_TIMER_HEARTBEAT] = MSEC_TO_TICKS(sctp_heartbeat_interval_default);
1894 m->sctp_timeoutticks[SCTP_TIMER_PMTU] = SEC_TO_TICKS(sctp_pmtu_raise_time_default);
1895 m->sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] = SEC_TO_TICKS(sctp_shutdown_guard_time_default);
1896 m->sctp_timeoutticks[SCTP_TIMER_SIGNATURE] = SEC_TO_TICKS(sctp_secret_lifetime_default);
1897 /* all max/min max are in ms */
1898 m->sctp_maxrto = sctp_rto_max_default;
1899 m->sctp_minrto = sctp_rto_min_default;
1900 m->initial_rto = sctp_rto_initial_default;
1901 m->initial_init_rto_max = sctp_init_rto_max_default;
1902 m->sctp_sack_freq = sctp_sack_freq_default;
1904 m->max_open_streams_intome = MAX_SCTP_STREAMS;
1906 m->max_init_times = sctp_init_rtx_max_default;
1907 m->max_send_times = sctp_assoc_rtx_max_default;
1908 m->def_net_failure = sctp_path_rtx_max_default;
1909 m->sctp_sws_sender = SCTP_SWS_SENDER_DEF;
1910 m->sctp_sws_receiver = SCTP_SWS_RECEIVER_DEF;
1911 m->max_burst = sctp_max_burst_default;
1912 /* number of streams to pre-open on a association */
1913 m->pre_open_stream_count = sctp_nr_outgoing_streams_default;
1915 /* Add adaptation cookie */
1916 m->adaptation_layer_indicator = 0x504C5253;
1918 /* seed random number generator */
1919 m->random_counter = 1;
1920 m->store_at = SCTP_SIGNATURE_SIZE;
1921 SCTP_READ_RANDOM(m->random_numbers, sizeof(m->random_numbers));
1922 sctp_fill_random_store(m);
1924 /* Minimum cookie size */
1925 m->size_of_a_cookie = (sizeof(struct sctp_init_msg) * 2) +
1926 sizeof(struct sctp_state_cookie);
1927 m->size_of_a_cookie += SCTP_SIGNATURE_SIZE;
1929 /* Setup the initial secret */
1930 (void)SCTP_GETTIME_TIMEVAL(&time);
1931 m->time_of_secret_change = time.tv_sec;
1933 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) {
1934 m->secret_key[0][i] = sctp_select_initial_TSN(m);
1936 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL);
1938 /* How long is a cookie good for ? */
1939 m->def_cookie_life = MSEC_TO_TICKS(sctp_valid_cookie_life_default);
1941 * Initialize authentication parameters
1943 m->local_hmacs = sctp_default_supported_hmaclist();
1944 m->local_auth_chunks = sctp_alloc_chunklist();
1945 sctp_auth_set_default_chunks(m->local_auth_chunks);
1946 LIST_INIT(&m->shared_keys);
1947 /* add default NULL key as key id 0 */
1948 null_key = sctp_alloc_sharedkey();
1949 sctp_insert_sharedkey(&m->shared_keys, null_key);
1950 SCTP_INP_WUNLOCK(inp);
1951 #ifdef SCTP_LOG_CLOSING
1952 sctp_log_closing(inp, NULL, 12);
1959 sctp_move_pcb_and_assoc(struct sctp_inpcb *old_inp, struct sctp_inpcb *new_inp,
1960 struct sctp_tcb *stcb)
1962 struct sctp_nets *net;
1963 uint16_t lport, rport;
1964 struct sctppcbhead *head;
1965 struct sctp_laddr *laddr, *oladdr;
1967 SCTP_TCB_UNLOCK(stcb);
1968 SCTP_INP_INFO_WLOCK();
1969 SCTP_INP_WLOCK(old_inp);
1970 SCTP_INP_WLOCK(new_inp);
1971 SCTP_TCB_LOCK(stcb);
1973 new_inp->sctp_ep.time_of_secret_change =
1974 old_inp->sctp_ep.time_of_secret_change;
1975 memcpy(new_inp->sctp_ep.secret_key, old_inp->sctp_ep.secret_key,
1976 sizeof(old_inp->sctp_ep.secret_key));
1977 new_inp->sctp_ep.current_secret_number =
1978 old_inp->sctp_ep.current_secret_number;
1979 new_inp->sctp_ep.last_secret_number =
1980 old_inp->sctp_ep.last_secret_number;
1981 new_inp->sctp_ep.size_of_a_cookie = old_inp->sctp_ep.size_of_a_cookie;
1983 /* make it so new data pours into the new socket */
1984 stcb->sctp_socket = new_inp->sctp_socket;
1985 stcb->sctp_ep = new_inp;
1987 /* Copy the port across */
1988 lport = new_inp->sctp_lport = old_inp->sctp_lport;
1989 rport = stcb->rport;
1990 /* Pull the tcb from the old association */
1991 LIST_REMOVE(stcb, sctp_tcbhash);
1992 LIST_REMOVE(stcb, sctp_tcblist);
1994 /* Now insert the new_inp into the TCP connected hash */
1995 head = &sctppcbinfo.sctp_tcpephash[SCTP_PCBHASH_ALLADDR((lport + rport),
1996 sctppcbinfo.hashtcpmark)];
1998 LIST_INSERT_HEAD(head, new_inp, sctp_hash);
1999 /* Its safe to access */
2000 new_inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND;
2002 /* Now move the tcb into the endpoint list */
2003 LIST_INSERT_HEAD(&new_inp->sctp_asoc_list, stcb, sctp_tcblist);
2005 * Question, do we even need to worry about the ep-hash since we
2006 * only have one connection? Probably not :> so lets get rid of it
2007 * and not suck up any kernel memory in that.
2010 /* Ok. Let's restart timer. */
2011 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
2012 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, new_inp,
2016 SCTP_INP_INFO_WUNLOCK();
2017 if (new_inp->sctp_tcbhash != NULL) {
2018 SCTP_HASH_FREE(new_inp->sctp_tcbhash, new_inp->sctp_hashmark);
2019 new_inp->sctp_tcbhash = NULL;
2021 if ((new_inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) {
2022 /* Subset bound, so copy in the laddr list from the old_inp */
2023 LIST_FOREACH(oladdr, &old_inp->sctp_addr_list, sctp_nxt_addr) {
2024 laddr = SCTP_ZONE_GET(sctppcbinfo.ipi_zone_laddr, struct sctp_laddr);
2025 if (laddr == NULL) {
2027 * Gak, what can we do? This assoc is really
2028 * HOSED. We probably should send an abort
2031 SCTPDBG(SCTP_DEBUG_PCB1, "Association hosed in TCP model, out of laddr memory\n");
2034 SCTP_INCR_LADDR_COUNT();
2035 bzero(laddr, sizeof(*laddr));
2036 (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time);
2037 laddr->ifa = oladdr->ifa;
2038 atomic_add_int(&laddr->ifa->refcount, 1);
2039 LIST_INSERT_HEAD(&new_inp->sctp_addr_list, laddr,
2041 new_inp->laddr_count++;
2045 * Now any running timers need to be adjusted since we really don't
2046 * care if they are running or not just blast in the new_inp into
2050 stcb->asoc.hb_timer.ep = (void *)new_inp;
2051 stcb->asoc.dack_timer.ep = (void *)new_inp;
2052 stcb->asoc.asconf_timer.ep = (void *)new_inp;
2053 stcb->asoc.strreset_timer.ep = (void *)new_inp;
2054 stcb->asoc.shut_guard_timer.ep = (void *)new_inp;
2055 stcb->asoc.autoclose_timer.ep = (void *)new_inp;
2056 stcb->asoc.delayed_event_timer.ep = (void *)new_inp;
2057 /* now what about the nets? */
2058 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
2059 net->pmtu_timer.ep = (void *)new_inp;
2060 net->rxt_timer.ep = (void *)new_inp;
2061 net->fr_timer.ep = (void *)new_inp;
2063 SCTP_INP_WUNLOCK(new_inp);
2064 SCTP_INP_WUNLOCK(old_inp);
2068 sctp_isport_inuse(struct sctp_inpcb *inp, uint16_t lport, uint32_t vrf_id)
2070 struct sctppcbhead *head;
2071 struct sctp_inpcb *t_inp;
2074 head = &sctppcbinfo.sctp_ephash[SCTP_PCBHASH_ALLADDR(lport,
2075 sctppcbinfo.hashmark)];
2076 LIST_FOREACH(t_inp, head, sctp_hash) {
2077 if (t_inp->sctp_lport != lport) {
2080 /* is it in the VRF in question */
2082 if (t_inp->def_vrf_id == vrf_id)
2087 /* This one is in use. */
2088 /* check the v6/v4 binding issue */
2089 if ((t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
2090 SCTP_IPV6_V6ONLY(t_inp)) {
2091 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
2092 /* collision in V6 space */
2095 /* inp is BOUND_V4 no conflict */
2098 } else if (t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
2099 /* t_inp is bound v4 and v6, conflict always */
2102 /* t_inp is bound only V4 */
2103 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
2104 SCTP_IPV6_V6ONLY(inp)) {
2108 /* else fall through to conflict */
2118 sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
2119 struct sctp_ifa *sctp_ifap, struct thread *p)
2121 /* bind a ep to a socket address */
2122 struct sctppcbhead *head;
2123 struct sctp_inpcb *inp, *inp_tmp;
2124 struct inpcb *ip_inp;
2133 inp = (struct sctp_inpcb *)so->so_pcb;
2134 ip_inp = (struct inpcb *)so->so_pcb;
2137 SCTPDBG(SCTP_DEBUG_PCB1, "Bind called port:%d\n",
2138 ntohs(((struct sockaddr_in *)addr)->sin_port));
2139 SCTPDBG(SCTP_DEBUG_PCB1, "Addr :");
2140 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, addr);
2143 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) == 0) {
2144 /* already did a bind, subsequent binds NOT allowed ! */
2148 if (addr->sa_family == AF_INET) {
2149 struct sockaddr_in *sin;
2151 /* IPV6_V6ONLY socket? */
2152 if (SCTP_IPV6_V6ONLY(ip_inp)) {
2155 if (addr->sa_len != sizeof(*sin))
2158 sin = (struct sockaddr_in *)addr;
2159 lport = sin->sin_port;
2161 if (sin->sin_addr.s_addr != INADDR_ANY) {
2164 } else if (addr->sa_family == AF_INET6) {
2165 /* Only for pure IPv6 Address. (No IPv4 Mapped!) */
2166 struct sockaddr_in6 *sin6;
2168 sin6 = (struct sockaddr_in6 *)addr;
2170 if (addr->sa_len != sizeof(*sin6))
2173 lport = sin6->sin6_port;
2174 if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
2176 /* KAME hack: embed scopeid */
2177 if (sa6_embedscope(sin6, ip6_use_defzone) != 0)
2180 /* this must be cleared for ifa_ifwithaddr() */
2181 sin6->sin6_scope_id = 0;
2183 return (EAFNOSUPPORT);
2186 /* Setup a vrf_id to be the default for the non-bind-all case. */
2187 vrf_id = inp->def_vrf_id;
2189 SCTP_INP_INFO_WLOCK();
2190 SCTP_INP_WLOCK(inp);
2191 /* increase our count due to the unlock we do */
2192 SCTP_INP_INCR_REF(inp);
2195 * Did the caller specify a port? if so we must see if a ep
2196 * already has this one bound.
2198 /* got to be root to get at low ports */
2199 if (ntohs(lport) < IPPORT_RESERVED) {
2201 priv_check(p, PRIV_NETINET_RESERVEDPORT)
2203 SCTP_INP_DECR_REF(inp);
2204 SCTP_INP_WUNLOCK(inp);
2205 SCTP_INP_INFO_WUNLOCK();
2210 SCTP_INP_DECR_REF(inp);
2211 SCTP_INP_WUNLOCK(inp);
2212 SCTP_INP_INFO_WUNLOCK();
2215 SCTP_INP_WUNLOCK(inp);
2217 vrf_id = inp->def_vrf_id;
2218 inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id);
2219 if (inp_tmp != NULL) {
2221 * lock guy returned and lower count note
2222 * that we are not bound so inp_tmp should
2223 * NEVER be inp. And it is this inp
2224 * (inp_tmp) that gets the reference bump,
2225 * so we must lower it.
2227 SCTP_INP_DECR_REF(inp_tmp);
2228 SCTP_INP_DECR_REF(inp);
2230 SCTP_INP_INFO_WUNLOCK();
2231 return (EADDRINUSE);
2234 inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id);
2235 if (inp_tmp != NULL) {
2237 * lock guy returned and lower count note
2238 * that we are not bound so inp_tmp should
2239 * NEVER be inp. And it is this inp
2240 * (inp_tmp) that gets the reference bump,
2241 * so we must lower it.
2243 SCTP_INP_DECR_REF(inp_tmp);
2244 SCTP_INP_DECR_REF(inp);
2246 SCTP_INP_INFO_WUNLOCK();
2247 return (EADDRINUSE);
2250 SCTP_INP_WLOCK(inp);
2252 /* verify that no lport is not used by a singleton */
2253 if (sctp_isport_inuse(inp, lport, vrf_id)) {
2254 /* Sorry someone already has this one bound */
2255 SCTP_INP_DECR_REF(inp);
2256 SCTP_INP_WUNLOCK(inp);
2257 SCTP_INP_INFO_WUNLOCK();
2258 return (EADDRINUSE);
2262 uint16_t first, last, candidate;
2266 if (ip_inp->inp_flags & INP_HIGHPORT) {
2267 first = ipport_hifirstauto;
2268 last = ipport_hilastauto;
2269 } else if (ip_inp->inp_flags & INP_LOWPORT) {
2271 priv_check(p, PRIV_NETINET_RESERVEDPORT)
2273 SCTP_INP_DECR_REF(inp);
2274 SCTP_INP_WUNLOCK(inp);
2275 SCTP_INP_INFO_WUNLOCK();
2278 first = ipport_lowfirstauto;
2279 last = ipport_lowlastauto;
2281 first = ipport_firstauto;
2282 last = ipport_lastauto;
2291 count = last - first + 1; /* number of candidates */
2292 candidate = first + sctp_select_initial_TSN(&inp->sctp_ep) % (count);
2296 if (sctp_isport_inuse(inp, htons(candidate), inp->def_vrf_id) == 0) {
2301 SCTP_INP_DECR_REF(inp);
2302 SCTP_INP_WUNLOCK(inp);
2303 SCTP_INP_INFO_WUNLOCK();
2304 return (EADDRINUSE);
2306 if (candidate == last)
2309 candidate = candidate + 1;
2312 lport = htons(candidate);
2314 SCTP_INP_DECR_REF(inp);
2315 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE |
2316 SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
2318 * this really should not happen. The guy did a non-blocking
2319 * bind and then did a close at the same time.
2321 SCTP_INP_WUNLOCK(inp);
2322 SCTP_INP_INFO_WUNLOCK();
2325 /* ok we look clear to give out this port, so lets setup the binding */
2327 /* binding to all addresses, so just set in the proper flags */
2328 inp->sctp_flags |= SCTP_PCB_FLAGS_BOUNDALL;
2329 sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF);
2330 /* set the automatic addr changes from kernel flag */
2331 if (sctp_auto_asconf == 0) {
2332 sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
2334 sctp_feature_on(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
2338 * bind specific, make sure flags is off and add a new
2339 * address structure to the sctp_addr_list inside the ep
2342 * We will need to allocate one and insert it at the head. The
2343 * socketopt call can just insert new addresses in there as
2344 * well. It will also have to do the embed scope kame hack
2345 * too (before adding).
2347 struct sctp_ifa *ifa;
2348 struct sockaddr_storage store_sa;
2350 memset(&store_sa, 0, sizeof(store_sa));
2351 if (addr->sa_family == AF_INET) {
2352 struct sockaddr_in *sin;
2354 sin = (struct sockaddr_in *)&store_sa;
2355 memcpy(sin, addr, sizeof(struct sockaddr_in));
2357 } else if (addr->sa_family == AF_INET6) {
2358 struct sockaddr_in6 *sin6;
2360 sin6 = (struct sockaddr_in6 *)&store_sa;
2361 memcpy(sin6, addr, sizeof(struct sockaddr_in6));
2362 sin6->sin6_port = 0;
2365 * first find the interface with the bound address need to
2366 * zero out the port to find the address! yuck! can't do
2367 * this earlier since need port for sctp_pcb_findep()
2372 ifa = sctp_find_ifa_by_addr((struct sockaddr *)&store_sa,
2375 /* Can't find an interface with that address */
2376 SCTP_INP_WUNLOCK(inp);
2377 SCTP_INP_INFO_WUNLOCK();
2378 return (EADDRNOTAVAIL);
2380 if (addr->sa_family == AF_INET6) {
2381 /* GAK, more FIXME IFA lock? */
2382 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
2383 /* Can't bind a non-existent addr. */
2384 SCTP_INP_WUNLOCK(inp);
2385 SCTP_INP_INFO_WUNLOCK();
2389 /* we're not bound all */
2390 inp->sctp_flags &= ~SCTP_PCB_FLAGS_BOUNDALL;
2391 /* allow bindx() to send ASCONF's for binding changes */
2392 sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF);
2393 /* clear automatic addr changes from kernel flag */
2394 sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
2396 /* add this address to the endpoint list */
2397 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, 0);
2399 SCTP_INP_WUNLOCK(inp);
2400 SCTP_INP_INFO_WUNLOCK();
2405 /* find the bucket */
2406 head = &sctppcbinfo.sctp_ephash[SCTP_PCBHASH_ALLADDR(lport,
2407 sctppcbinfo.hashmark)];
2408 /* put it in the bucket */
2409 LIST_INSERT_HEAD(head, inp, sctp_hash);
2410 SCTPDBG(SCTP_DEBUG_PCB1, "Main hash to bind at head:%p, bound port:%d\n",
2411 head, ntohs(lport));
2412 /* set in the port */
2413 inp->sctp_lport = lport;
2415 /* turn off just the unbound flag */
2416 inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND;
2417 SCTP_INP_WUNLOCK(inp);
2418 SCTP_INP_INFO_WUNLOCK();
2424 sctp_iterator_inp_being_freed(struct sctp_inpcb *inp, struct sctp_inpcb *inp_next)
2426 struct sctp_iterator *it;
2429 * We enter with the only the ITERATOR_LOCK in place and a write
2430 * lock on the inp_info stuff.
2434 * Go through all iterators, we must do this since it is possible
2435 * that some iterator does NOT have the lock, but is waiting for it.
2436 * And the one that had the lock has either moved in the last
2437 * iteration or we just cleared it above. We need to find all of
2438 * those guys. The list of iterators should never be very big
2441 TAILQ_FOREACH(it, &sctppcbinfo.iteratorhead, sctp_nxt_itr) {
2442 if (it == inp->inp_starting_point_for_iterator)
2443 /* skip this guy, he's special */
2445 if (it->inp == inp) {
2447 * This is tricky and we DON'T lock the iterator.
2448 * Reason is he's running but waiting for me since
2449 * inp->inp_starting_point_for_iterator has the lock
2450 * on me (the guy above we skipped). This tells us
2451 * its is not running but waiting for
2452 * inp->inp_starting_point_for_iterator to be
2453 * released by the guy that does have our INP in a
2456 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
2460 /* set him up to do the next guy not me */
2466 it = inp->inp_starting_point_for_iterator;
2468 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
2477 /* release sctp_inpcb unbind the port */
2479 sctp_inpcb_free(struct sctp_inpcb *inp, int immediate, int from)
2482 * Here we free a endpoint. We must find it (if it is in the Hash
2483 * table) and remove it from there. Then we must also find it in the
2484 * overall list and remove it from there. After all removals are
2485 * complete then any timer has to be stopped. Then start the actual
2486 * freeing. a) Any local lists. b) Any associations. c) The hash of
2487 * all associations. d) finally the ep itself.
2490 struct sctp_inpcb *inp_save;
2491 struct sctp_tcb *asoc, *nasoc;
2492 struct sctp_laddr *laddr, *nladdr;
2493 struct inpcb *ip_pcb;
2496 struct sctp_queued_to_read *sq;
2500 sctp_sharedkey_t *shared_key;
2503 #ifdef SCTP_LOG_CLOSING
2504 sctp_log_closing(inp, NULL, 0);
2507 SCTP_ITERATOR_LOCK();
2508 so = inp->sctp_socket;
2509 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
2510 /* been here before.. eeks.. get out of here */
2511 SCTP_PRINTF("This conflict in free SHOULD not be happening! from %d, imm %d\n", from, immediate);
2512 SCTP_ITERATOR_UNLOCK();
2513 #ifdef SCTP_LOG_CLOSING
2514 sctp_log_closing(inp, NULL, 1);
2518 SCTP_ASOC_CREATE_LOCK(inp);
2519 SCTP_INP_INFO_WLOCK();
2521 SCTP_INP_WLOCK(inp);
2522 /* First time through we have the socket lock, after that no more. */
2523 if (from == SCTP_CALLED_AFTER_CMPSET_OFCLOSE) {
2525 * Once we are in we can remove the flag from = 1 is only
2526 * passed from the actual closing routines that are called
2527 * via the sockets layer.
2529 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CLOSE_IP;
2531 sctp_timer_stop(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL,
2532 SCTP_FROM_SCTP_PCB + SCTP_LOC_1);
2535 sctp_m_freem(inp->control);
2536 inp->control = NULL;
2539 sctp_m_freem(inp->pkt);
2543 ip_pcb = &inp->ip_inp.inp; /* we could just cast the main pointer
2544 * here but I will be nice :> (i.e.
2546 if (immediate == SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE) {
2550 for ((asoc = LIST_FIRST(&inp->sctp_asoc_list)); asoc != NULL;
2552 nasoc = LIST_NEXT(asoc, sctp_tcblist);
2553 if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
2554 /* Skip guys being freed */
2555 asoc->sctp_socket = NULL;
2559 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_WAIT) ||
2560 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_ECHOED)) {
2561 /* Just abandon things in the front states */
2562 if (asoc->asoc.total_output_queue_size == 0) {
2563 sctp_free_assoc(inp, asoc, SCTP_PCBFREE_NOFORCE, SCTP_FROM_SCTP_PCB + SCTP_LOC_2);
2567 SCTP_TCB_LOCK(asoc);
2568 /* Disconnect the socket please */
2569 asoc->sctp_socket = NULL;
2570 asoc->asoc.state |= SCTP_STATE_CLOSED_SOCKET;
2571 if ((asoc->asoc.size_on_reasm_queue > 0) ||
2572 (asoc->asoc.control_pdapi) ||
2573 (asoc->asoc.size_on_all_streams > 0) ||
2574 (so && (so->so_rcv.sb_cc > 0))
2576 /* Left with Data unread */
2577 struct mbuf *op_err;
2579 op_err = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
2580 0, M_DONTWAIT, 1, MT_DATA);
2582 /* Fill in the user initiated abort */
2583 struct sctp_paramhdr *ph;
2586 SCTP_BUF_LEN(op_err) =
2587 sizeof(struct sctp_paramhdr) + sizeof(uint32_t);
2589 struct sctp_paramhdr *);
2590 ph->param_type = htons(
2591 SCTP_CAUSE_USER_INITIATED_ABT);
2592 ph->param_length = htons(SCTP_BUF_LEN(op_err));
2593 ippp = (uint32_t *) (ph + 1);
2594 *ippp = htonl(SCTP_FROM_SCTP_PCB + SCTP_LOC_3);
2596 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_3;
2597 sctp_send_abort_tcb(asoc, op_err);
2598 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
2599 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
2600 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
2601 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
2603 sctp_free_assoc(inp, asoc, SCTP_PCBFREE_NOFORCE, SCTP_FROM_SCTP_PCB + SCTP_LOC_4);
2605 } else if (TAILQ_EMPTY(&asoc->asoc.send_queue) &&
2606 TAILQ_EMPTY(&asoc->asoc.sent_queue) &&
2607 (asoc->asoc.stream_queue_cnt == 0)
2609 if (asoc->asoc.locked_on_sending) {
2612 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
2613 (SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
2615 * there is nothing queued to send,
2616 * so I send shutdown
2618 sctp_send_shutdown(asoc, asoc->asoc.primary_destination);
2619 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
2620 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
2621 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
2623 asoc->asoc.state = SCTP_STATE_SHUTDOWN_SENT;
2624 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, asoc->sctp_ep, asoc,
2625 asoc->asoc.primary_destination);
2626 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc,
2627 asoc->asoc.primary_destination);
2628 sctp_chunk_output(inp, asoc, SCTP_OUTPUT_FROM_SHUT_TMR);
2631 /* mark into shutdown pending */
2632 struct sctp_stream_queue_pending *sp;
2634 asoc->asoc.state |= SCTP_STATE_SHUTDOWN_PENDING;
2635 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc,
2636 asoc->asoc.primary_destination);
2637 if (asoc->asoc.locked_on_sending) {
2638 sp = TAILQ_LAST(&((asoc->asoc.locked_on_sending)->outqueue),
2641 SCTP_PRINTF("Error, sp is NULL, locked on sending is %p strm:%d\n",
2642 asoc->asoc.locked_on_sending,
2643 asoc->asoc.locked_on_sending->stream_no);
2645 if ((sp->length == 0) && (sp->msg_is_complete == 0))
2646 asoc->asoc.state |= SCTP_STATE_PARTIAL_MSG_LEFT;
2649 if (TAILQ_EMPTY(&asoc->asoc.send_queue) &&
2650 TAILQ_EMPTY(&asoc->asoc.sent_queue) &&
2651 (asoc->asoc.state & SCTP_STATE_PARTIAL_MSG_LEFT)) {
2652 struct mbuf *op_err;
2655 op_err = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
2656 0, M_DONTWAIT, 1, MT_DATA);
2662 struct sctp_paramhdr *ph;
2665 SCTP_BUF_LEN(op_err) =
2666 (sizeof(struct sctp_paramhdr) +
2669 struct sctp_paramhdr *);
2670 ph->param_type = htons(
2671 SCTP_CAUSE_USER_INITIATED_ABT);
2672 ph->param_length = htons(SCTP_BUF_LEN(op_err));
2673 ippp = (uint32_t *) (ph + 1);
2674 *ippp = htonl(SCTP_FROM_SCTP_PCB + SCTP_LOC_5);
2676 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_5;
2677 sctp_send_abort_tcb(asoc, op_err);
2678 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
2679 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
2680 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
2681 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
2683 sctp_free_assoc(inp, asoc, SCTP_PCBFREE_NOFORCE, SCTP_FROM_SCTP_PCB + SCTP_LOC_6);
2688 SCTP_TCB_UNLOCK(asoc);
2690 /* now is there some left in our SHUTDOWN state? */
2692 SCTP_INP_WUNLOCK(inp);
2693 SCTP_ASOC_CREATE_UNLOCK(inp);
2694 SCTP_INP_INFO_WUNLOCK();
2695 SCTP_ITERATOR_UNLOCK();
2696 #ifdef SCTP_LOG_CLOSING
2697 sctp_log_closing(inp, NULL, 2);
2702 inp->sctp_socket = NULL;
2703 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) !=
2704 SCTP_PCB_FLAGS_UNBOUND) {
2706 * ok, this guy has been bound. It's port is somewhere in
2707 * the sctppcbinfo hash table. Remove it!
2709 LIST_REMOVE(inp, sctp_hash);
2710 inp->sctp_flags |= SCTP_PCB_FLAGS_UNBOUND;
2713 * If there is a timer running to kill us, forget it, since it may
2714 * have a contest on the INP lock.. which would cause us to die ...
2717 for ((asoc = LIST_FIRST(&inp->sctp_asoc_list)); asoc != NULL;
2719 nasoc = LIST_NEXT(asoc, sctp_tcblist);
2720 if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
2724 /* Free associations that are NOT killing us */
2725 SCTP_TCB_LOCK(asoc);
2726 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_COOKIE_WAIT) &&
2727 ((asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) {
2728 struct mbuf *op_err;
2731 op_err = sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
2732 0, M_DONTWAIT, 1, MT_DATA);
2734 /* Fill in the user initiated abort */
2735 struct sctp_paramhdr *ph;
2737 SCTP_BUF_LEN(op_err) = (sizeof(struct sctp_paramhdr) +
2739 ph = mtod(op_err, struct sctp_paramhdr *);
2740 ph->param_type = htons(
2741 SCTP_CAUSE_USER_INITIATED_ABT);
2742 ph->param_length = htons(SCTP_BUF_LEN(op_err));
2743 ippp = (uint32_t *) (ph + 1);
2744 *ippp = htonl(SCTP_FROM_SCTP_PCB + SCTP_LOC_7);
2747 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + SCTP_LOC_7;
2748 sctp_send_abort_tcb(asoc, op_err);
2749 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
2750 } else if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
2752 SCTP_TCB_UNLOCK(asoc);
2755 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
2756 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
2757 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
2759 sctp_free_assoc(inp, asoc, SCTP_PCBFREE_FORCE, SCTP_FROM_SCTP_PCB + SCTP_LOC_8);
2762 /* Ok we have someone out there that will kill us */
2763 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
2764 SCTP_INP_WUNLOCK(inp);
2765 SCTP_ASOC_CREATE_UNLOCK(inp);
2766 SCTP_INP_INFO_WUNLOCK();
2767 SCTP_ITERATOR_UNLOCK();
2768 #ifdef SCTP_LOG_CLOSING
2769 sctp_log_closing(inp, NULL, 3);
2773 if ((inp->refcount) || (inp->sctp_flags & SCTP_PCB_FLAGS_CLOSE_IP)) {
2774 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
2775 sctp_timer_start(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL);
2776 SCTP_INP_WUNLOCK(inp);
2777 SCTP_ASOC_CREATE_UNLOCK(inp);
2778 SCTP_INP_INFO_WUNLOCK();
2779 SCTP_ITERATOR_UNLOCK();
2780 #ifdef SCTP_LOG_CLOSING
2781 sctp_log_closing(inp, NULL, 4);
2785 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
2786 inp->sctp_ep.signature_change.type = 0;
2787 inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_ALLGONE;
2789 #ifdef SCTP_LOG_CLOSING
2790 sctp_log_closing(inp, NULL, 5);
2793 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
2794 inp->sctp_ep.signature_change.type = SCTP_TIMER_TYPE_NONE;
2795 /* Clear the read queue */
2796 /* sa_ignore FREED_MEMORY */
2797 while ((sq = TAILQ_FIRST(&inp->read_queue)) != NULL) {
2798 /* Its only abandoned if it had data left */
2800 SCTP_STAT_INCR(sctps_left_abandon);
2802 TAILQ_REMOVE(&inp->read_queue, sq, next);
2803 sctp_free_remote_addr(sq->whoFrom);
2805 so->so_rcv.sb_cc -= sq->length;
2807 sctp_m_freem(sq->data);
2811 * no need to free the net count, since at this point all
2814 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_readq, sq);
2815 SCTP_DECR_READQ_COUNT();
2817 /* Now the sctp_pcb things */
2819 * free each asoc if it is not already closed/free. we can't use the
2820 * macro here since le_next will get freed as part of the
2821 * sctp_free_assoc() call.
2826 ipsec4_delete_pcbpolicy(ip_pcb);
2829 /* Unlocks not needed since the socket is gone now */
2831 if (ip_pcb->inp_options) {
2832 (void)sctp_m_free(ip_pcb->inp_options);
2833 ip_pcb->inp_options = 0;
2835 if (ip_pcb->inp_moptions) {
2836 inp_freemoptions(ip_pcb->inp_moptions);
2837 ip_pcb->inp_moptions = 0;
2840 if (ip_pcb->inp_vflag & INP_IPV6) {
2841 struct in6pcb *in6p;
2843 in6p = (struct in6pcb *)inp;
2844 ip6_freepcbopts(in6p->in6p_outputopts);
2847 ip_pcb->inp_vflag = 0;
2848 /* free up authentication fields */
2849 if (inp->sctp_ep.local_auth_chunks != NULL)
2850 sctp_free_chunklist(inp->sctp_ep.local_auth_chunks);
2851 if (inp->sctp_ep.local_hmacs != NULL)
2852 sctp_free_hmaclist(inp->sctp_ep.local_hmacs);
2854 shared_key = LIST_FIRST(&inp->sctp_ep.shared_keys);
2855 while (shared_key) {
2856 LIST_REMOVE(shared_key, next);
2857 sctp_free_sharedkey(shared_key);
2858 /* sa_ignore FREED_MEMORY */
2859 shared_key = LIST_FIRST(&inp->sctp_ep.shared_keys);
2862 inp_save = LIST_NEXT(inp, sctp_list);
2863 LIST_REMOVE(inp, sctp_list);
2865 /* fix any iterators only after out of the list */
2866 sctp_iterator_inp_being_freed(inp, inp_save);
2868 * if we have an address list the following will free the list of
2869 * ifaddr's that are set into this ep. Again macro limitations here,
2870 * since the LIST_FOREACH could be a bad idea.
2872 for ((laddr = LIST_FIRST(&inp->sctp_addr_list)); laddr != NULL;
2874 nladdr = LIST_NEXT(laddr, sctp_nxt_addr);
2875 sctp_remove_laddr(laddr);
2878 #ifdef SCTP_TRACK_FREED_ASOCS
2880 for ((asoc = LIST_FIRST(&inp->sctp_asoc_free_list)); asoc != NULL;
2882 nasoc = LIST_NEXT(asoc, sctp_tcblist);
2883 LIST_REMOVE(asoc, sctp_tcblist);
2884 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, asoc);
2885 SCTP_DECR_ASOC_COUNT();
2887 /* *** END TEMP CODE *** */
2889 /* Now lets see about freeing the EP hash table. */
2890 if (inp->sctp_tcbhash != NULL) {
2891 SCTP_HASH_FREE(inp->sctp_tcbhash, inp->sctp_hashmark);
2892 inp->sctp_tcbhash = NULL;
2894 /* Now we must put the ep memory back into the zone pool */
2895 SCTP_INP_LOCK_DESTROY(inp);
2896 SCTP_INP_READ_DESTROY(inp);
2897 SCTP_ASOC_CREATE_LOCK_DESTROY(inp);
2898 SCTP_INP_INFO_WUNLOCK();
2900 SCTP_ITERATOR_UNLOCK();
2902 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp);
2903 SCTP_DECR_EP_COUNT();
2909 sctp_findnet(struct sctp_tcb *stcb, struct sockaddr *addr)
2911 struct sctp_nets *net;
2913 /* locate the address */
2914 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
2915 if (sctp_cmpaddr(addr, (struct sockaddr *)&net->ro._l_addr))
2923 sctp_is_address_on_local_host(struct sockaddr *addr, uint32_t vrf_id)
2925 struct sctp_ifa *sctp_ifa;
2927 sctp_ifa = sctp_find_ifa_by_addr(addr, vrf_id, 0);
2936 sctp_set_initial_cc_param(struct sctp_tcb *stcb, struct sctp_nets *net)
2938 net->cwnd = min((net->mtu * 4), max((2 * net->mtu), SCTP_INITIAL_CWND));
2939 /* we always get at LEAST 2 MTU's */
2940 if (net->cwnd < (2 * net->mtu)) {
2941 net->cwnd = 2 * net->mtu;
2943 net->ssthresh = stcb->asoc.peers_rwnd;
2949 * add's a remote endpoint address, done with the INIT/INIT-ACK as well as
2950 * when a ASCONF arrives that adds it. It will also initialize all the cwnd
2954 sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr,
2955 int set_scope, int from)
2958 * The following is redundant to the same lines in the
2959 * sctp_aloc_assoc() but is needed since other's call the add
2962 struct sctp_nets *net, *netfirst;
2965 SCTPDBG(SCTP_DEBUG_PCB1, "Adding an address (from:%d) to the peer: ",
2967 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, newaddr);
2969 netfirst = sctp_findnet(stcb, newaddr);
2972 * Lie and return ok, we don't want to make the association
2973 * go away for this behavior. It will happen in the TCP
2974 * model in a connected socket. It does not reach the hash
2975 * table until after the association is built so it can't be
2976 * found. Mark as reachable, since the initial creation will
2977 * have been cleared and the NOT_IN_ASSOC flag will have
2978 * been added... and we don't want to end up removing it
2981 if (netfirst->dest_state & SCTP_ADDR_UNCONFIRMED) {
2982 netfirst->dest_state = (SCTP_ADDR_REACHABLE |
2983 SCTP_ADDR_UNCONFIRMED);
2985 netfirst->dest_state = SCTP_ADDR_REACHABLE;
2991 if (newaddr->sa_family == AF_INET) {
2992 struct sockaddr_in *sin;
2994 sin = (struct sockaddr_in *)newaddr;
2995 if (sin->sin_addr.s_addr == 0) {
2996 /* Invalid address */
2999 /* zero out the bzero area */
3000 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
3002 /* assure len is set */
3003 sin->sin_len = sizeof(struct sockaddr_in);
3005 #ifdef SCTP_DONT_DO_PRIVADDR_SCOPE
3006 stcb->ipv4_local_scope = 1;
3008 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) {
3009 stcb->asoc.ipv4_local_scope = 1;
3011 #endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */
3013 /* Validate the address is in scope */
3014 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) &&
3015 (stcb->asoc.ipv4_local_scope == 0)) {
3019 } else if (newaddr->sa_family == AF_INET6) {
3020 struct sockaddr_in6 *sin6;
3022 sin6 = (struct sockaddr_in6 *)newaddr;
3023 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
3024 /* Invalid address */
3027 /* assure len is set */
3028 sin6->sin6_len = sizeof(struct sockaddr_in6);
3030 if (sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id)) {
3031 stcb->asoc.loopback_scope = 1;
3032 stcb->asoc.local_scope = 0;
3033 stcb->asoc.ipv4_local_scope = 1;
3034 stcb->asoc.site_scope = 1;
3035 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
3037 * If the new destination is a LINK_LOCAL we
3038 * must have common site scope. Don't set
3039 * the local scope since we may not share
3040 * all links, only loopback can do this.
3041 * Links on the local network would also be
3042 * on our private network for v4 too.
3044 stcb->asoc.ipv4_local_scope = 1;
3045 stcb->asoc.site_scope = 1;
3046 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
3048 * If the new destination is SITE_LOCAL then
3049 * we must have site scope in common.
3051 stcb->asoc.site_scope = 1;
3054 /* Validate the address is in scope */
3055 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) &&
3056 (stcb->asoc.loopback_scope == 0)) {
3058 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) &&
3059 (stcb->asoc.local_scope == 0)) {
3061 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr) &&
3062 (stcb->asoc.site_scope == 0)) {
3067 /* not supported family type */
3070 net = SCTP_ZONE_GET(sctppcbinfo.ipi_zone_net, struct sctp_nets);
3074 SCTP_INCR_RADDR_COUNT();
3075 bzero(net, sizeof(*net));
3076 (void)SCTP_GETTIME_TIMEVAL(&net->start_time);
3077 memcpy(&net->ro._l_addr, newaddr, newaddr->sa_len);
3078 if (newaddr->sa_family == AF_INET) {
3079 ((struct sockaddr_in *)&net->ro._l_addr)->sin_port = stcb->rport;
3080 } else if (newaddr->sa_family == AF_INET6) {
3081 ((struct sockaddr_in6 *)&net->ro._l_addr)->sin6_port = stcb->rport;
3083 net->addr_is_local = sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id);
3084 if (net->addr_is_local && ((set_scope || (from == SCTP_ADDR_IS_CONFIRMED)))) {
3085 stcb->asoc.loopback_scope = 1;
3086 stcb->asoc.ipv4_local_scope = 1;
3087 stcb->asoc.local_scope = 0;
3088 stcb->asoc.site_scope = 1;
3091 net->failure_threshold = stcb->asoc.def_net_failure;
3092 if (addr_inscope == 0) {
3093 net->dest_state = (SCTP_ADDR_REACHABLE |
3094 SCTP_ADDR_OUT_OF_SCOPE);
3096 if (from == SCTP_ADDR_IS_CONFIRMED)
3097 /* SCTP_ADDR_IS_CONFIRMED is passed by connect_x */
3098 net->dest_state = SCTP_ADDR_REACHABLE;
3100 net->dest_state = SCTP_ADDR_REACHABLE |
3101 SCTP_ADDR_UNCONFIRMED;
3104 * We set this to 0, the timer code knows that this means its an
3108 net->RTO_measured = 0;
3109 stcb->asoc.numnets++;
3110 *(&net->ref_count) = 1;
3111 net->tos_flowlabel = 0;
3113 if (newaddr->sa_family == AF_INET)
3114 net->tos_flowlabel = stcb->asoc.default_tos;
3117 if (newaddr->sa_family == AF_INET6)
3118 net->tos_flowlabel = stcb->asoc.default_flowlabel;
3120 /* Init the timer structure */
3121 SCTP_OS_TIMER_INIT(&net->rxt_timer.timer);
3122 SCTP_OS_TIMER_INIT(&net->fr_timer.timer);
3123 SCTP_OS_TIMER_INIT(&net->pmtu_timer.timer);
3125 /* Now generate a route for this guy */
3126 /* KAME hack: embed scopeid */
3127 if (newaddr->sa_family == AF_INET6) {
3128 struct sockaddr_in6 *sin6;
3130 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
3131 (void)sa6_embedscope(sin6, ip6_use_defzone);
3132 sin6->sin6_scope_id = 0;
3134 SCTP_RTALLOC((sctp_route_t *) & net->ro, stcb->asoc.vrf_id);
3136 if (newaddr->sa_family == AF_INET6) {
3137 struct sockaddr_in6 *sin6;
3139 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
3140 (void)sa6_recoverscope(sin6);
3142 if (SCTP_ROUTE_HAS_VALID_IFN(&net->ro)) {
3143 /* Get source address */
3144 net->ro._s_addr = sctp_source_address_selection(stcb->sctp_ep,
3146 (sctp_route_t *) & net->ro,
3150 /* Now get the interface MTU */
3151 if (net->ro._s_addr && net->ro._s_addr->ifn_p) {
3152 net->mtu = SCTP_GATHER_MTU_FROM_INTFC(net->ro._s_addr->ifn_p);
3156 #ifdef SCTP_PRINT_FOR_B_AND_M
3157 SCTP_PRINTF("We have found an interface mtu of %d\n", net->mtu);
3159 if (net->mtu == 0) {
3161 net->mtu = SCTP_DEFAULT_MTU;
3165 rmtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, net->ro.ro_rt);
3166 #ifdef SCTP_PRINT_FOR_B_AND_M
3167 SCTP_PRINTF("The route mtu is %d\n", rmtu);
3171 * Start things off to match mtu of
3174 SCTP_SET_MTU_OF_ROUTE(&net->ro._l_addr.sa,
3175 net->ro.ro_rt, net->mtu);
3178 * we take the route mtu over the interface,
3179 * since the route may be leading out the
3180 * loopback, or a different interface.
3185 if (from == SCTP_ALLOC_ASOC) {
3186 #ifdef SCTP_PRINT_FOR_B_AND_M
3187 SCTP_PRINTF("New assoc sets mtu to :%d\n", net->mtu);
3189 stcb->asoc.smallest_mtu = net->mtu;
3192 net->mtu = stcb->asoc.smallest_mtu;
3194 if (stcb->asoc.smallest_mtu > net->mtu) {
3195 #ifdef SCTP_PRINT_FOR_B_AND_M
3196 SCTP_PRINTF("new address mtu:%d smaller than smallest:%d\n",
3197 net->mtu, stcb->asoc.smallest_mtu);
3199 stcb->asoc.smallest_mtu = net->mtu;
3202 * We take the max of the burst limit times a MTU or the
3203 * INITIAL_CWND. We then limit this to 4 MTU's of sending.
3205 sctp_set_initial_cc_param(stcb, net);
3208 if (sctp_logging_level & (SCTP_CWND_MONITOR_ENABLE | SCTP_CWND_LOGGING_ENABLE)) {
3209 sctp_log_cwnd(stcb, net, 0, SCTP_CWND_INITIALIZATION);
3212 * CMT: CUC algo - set find_pseudo_cumack to TRUE (1) at beginning
3213 * of assoc (2005/06/27, iyengar@cis.udel.edu)
3215 net->find_pseudo_cumack = 1;
3216 net->find_rtx_pseudo_cumack = 1;
3217 net->src_addr_selected = 0;
3218 netfirst = TAILQ_FIRST(&stcb->asoc.nets);
3219 if (net->ro.ro_rt == NULL) {
3220 /* Since we have no route put it at the back */
3221 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next);
3222 } else if (netfirst == NULL) {
3223 /* We are the first one in the pool. */
3224 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
3225 } else if (netfirst->ro.ro_rt == NULL) {
3227 * First one has NO route. Place this one ahead of the first
3230 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
3231 } else if (net->ro.ro_rt->rt_ifp != netfirst->ro.ro_rt->rt_ifp) {
3233 * This one has a different interface than the one at the
3234 * top of the list. Place it ahead.
3236 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
3239 * Ok we have the same interface as the first one. Move
3240 * forward until we find either a) one with a NULL route...
3241 * insert ahead of that b) one with a different ifp.. insert
3242 * after that. c) end of the list.. insert at the tail.
3244 struct sctp_nets *netlook;
3247 netlook = TAILQ_NEXT(netfirst, sctp_next);
3248 if (netlook == NULL) {
3249 /* End of the list */
3250 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next);
3252 } else if (netlook->ro.ro_rt == NULL) {
3253 /* next one has NO route */
3254 TAILQ_INSERT_BEFORE(netfirst, net, sctp_next);
3256 } else if (netlook->ro.ro_rt->rt_ifp != net->ro.ro_rt->rt_ifp) {
3257 TAILQ_INSERT_AFTER(&stcb->asoc.nets, netlook,
3263 } while (netlook != NULL);
3266 /* got to have a primary set */
3267 if (stcb->asoc.primary_destination == 0) {
3268 stcb->asoc.primary_destination = net;
3269 } else if ((stcb->asoc.primary_destination->ro.ro_rt == NULL) &&
3271 ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) {
3272 /* No route to current primary adopt new primary */
3273 stcb->asoc.primary_destination = net;
3275 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb,
3277 /* Validate primary is first */
3278 net = TAILQ_FIRST(&stcb->asoc.nets);
3279 if ((net != stcb->asoc.primary_destination) &&
3280 (stcb->asoc.primary_destination)) {
3282 * first one on the list is NOT the primary sctp_cmpaddr()
3283 * is much more efficent if the primary is the first on the
3286 TAILQ_REMOVE(&stcb->asoc.nets,
3287 stcb->asoc.primary_destination, sctp_next);
3288 TAILQ_INSERT_HEAD(&stcb->asoc.nets,
3289 stcb->asoc.primary_destination, sctp_next);
3296 * allocate an association and add it to the endpoint. The caller must be
3297 * careful to add all additional addresses once they are know right away or
3298 * else the assoc will be may experience a blackout scenario.
3301 sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
3302 int for_a_init, int *error, uint32_t override_tag, uint32_t vrf_id)
3304 struct sctp_tcb *stcb;
3305 struct sctp_association *asoc;
3306 struct sctpasochead *head;
3311 * Assumption made here: Caller has done a
3312 * sctp_findassociation_ep_addr(ep, addr's); to make sure the
3313 * address does not exist already.
3315 if (sctppcbinfo.ipi_count_asoc >= SCTP_MAX_NUM_OF_ASOC) {
3316 /* Hit max assoc, sorry no more */
3320 if (firstaddr == NULL) {
3324 SCTP_INP_RLOCK(inp);
3325 if (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) {
3327 * If its in the TCP pool, its NOT allowed to create an
3328 * association. The parent listener needs to call
3329 * sctp_aloc_assoc.. or the one-2-many socket. If a peeled
3330 * off, or connected one does this.. its an error.
3332 SCTP_INP_RUNLOCK(inp);
3336 SCTPDBG(SCTP_DEBUG_PCB3, "Allocate an association for peer:");
3339 SCTPDBG_ADDR(SCTP_DEBUG_PCB3, firstaddr);
3340 SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n",
3341 ntohs(((struct sockaddr_in *)firstaddr)->sin_port));
3343 SCTPDBG(SCTP_DEBUG_PCB3, "None\n");
3345 #endif /* SCTP_DEBUG */
3346 if (firstaddr->sa_family == AF_INET) {
3347 struct sockaddr_in *sin;
3349 sin = (struct sockaddr_in *)firstaddr;
3350 if ((sin->sin_port == 0) || (sin->sin_addr.s_addr == 0)) {
3351 /* Invalid address */
3352 SCTP_INP_RUNLOCK(inp);
3356 rport = sin->sin_port;
3357 } else if (firstaddr->sa_family == AF_INET6) {
3358 struct sockaddr_in6 *sin6;
3360 sin6 = (struct sockaddr_in6 *)firstaddr;
3361 if ((sin6->sin6_port == 0) ||
3362 (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))) {
3363 /* Invalid address */
3364 SCTP_INP_RUNLOCK(inp);
3368 rport = sin6->sin6_port;
3370 /* not supported family type */
3371 SCTP_INP_RUNLOCK(inp);
3375 SCTP_INP_RUNLOCK(inp);
3376 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) {
3378 * If you have not performed a bind, then we need to do the
3379 * ephemerial bind for you.
3381 if ((err = sctp_inpcb_bind(inp->sctp_socket,
3382 (struct sockaddr *)NULL, (struct sctp_ifa *)NULL,
3383 (struct thread *)NULL
3385 /* bind error, probably perm */
3390 stcb = SCTP_ZONE_GET(sctppcbinfo.ipi_zone_asoc, struct sctp_tcb);
3392 /* out of memory? */
3396 SCTP_INCR_ASOC_COUNT();
3398 bzero(stcb, sizeof(*stcb));
3400 SCTP_TCB_LOCK_INIT(stcb);
3401 SCTP_TCB_SEND_LOCK_INIT(stcb);
3402 /* setup back pointer's */
3403 stcb->sctp_ep = inp;
3404 stcb->sctp_socket = inp->sctp_socket;
3405 if ((err = sctp_init_asoc(inp, stcb, for_a_init, override_tag, vrf_id))) {
3407 SCTP_TCB_LOCK_DESTROY(stcb);
3408 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
3409 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb);
3410 SCTP_DECR_ASOC_COUNT();
3415 stcb->rport = rport;
3416 SCTP_INP_INFO_WLOCK();
3417 SCTP_INP_WLOCK(inp);
3418 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
3419 /* inpcb freed while alloc going on */
3420 SCTP_TCB_LOCK_DESTROY(stcb);
3421 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
3422 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb);
3423 SCTP_INP_WUNLOCK(inp);
3424 SCTP_INP_INFO_WUNLOCK();
3425 SCTP_DECR_ASOC_COUNT();
3429 SCTP_TCB_LOCK(stcb);
3431 /* now that my_vtag is set, add it to the hash */
3432 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag,
3433 sctppcbinfo.hashasocmark)];
3434 /* put it in the bucket in the vtag hash of assoc's for the system */
3435 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
3436 SCTP_INP_INFO_WUNLOCK();
3438 if ((err = sctp_add_remote_addr(stcb, firstaddr, SCTP_DO_SETSCOPE, SCTP_ALLOC_ASOC))) {
3439 /* failure.. memory error? */
3440 if (asoc->strmout) {
3441 SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
3442 asoc->strmout = NULL;
3444 if (asoc->mapping_array) {
3445 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP);
3446 asoc->mapping_array = NULL;
3448 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb);
3449 SCTP_DECR_ASOC_COUNT();
3450 SCTP_TCB_LOCK_DESTROY(stcb);
3451 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
3452 SCTP_INP_WUNLOCK(inp);
3456 /* Init all the timers */
3457 SCTP_OS_TIMER_INIT(&asoc->hb_timer.timer);
3458 SCTP_OS_TIMER_INIT(&asoc->dack_timer.timer);
3459 SCTP_OS_TIMER_INIT(&asoc->strreset_timer.timer);
3460 SCTP_OS_TIMER_INIT(&asoc->asconf_timer.timer);
3461 SCTP_OS_TIMER_INIT(&asoc->shut_guard_timer.timer);
3462 SCTP_OS_TIMER_INIT(&asoc->autoclose_timer.timer);
3463 SCTP_OS_TIMER_INIT(&asoc->delayed_event_timer.timer);
3465 LIST_INSERT_HEAD(&inp->sctp_asoc_list, stcb, sctp_tcblist);
3466 /* now file the port under the hash as well */
3467 if (inp->sctp_tcbhash != NULL) {
3468 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(stcb->rport,
3469 inp->sctp_hashmark)];
3470 LIST_INSERT_HEAD(head, stcb, sctp_tcbhash);
3472 SCTP_INP_WUNLOCK(inp);
3473 SCTPDBG(SCTP_DEBUG_PCB1, "Association %p now allocated\n", stcb);
3479 sctp_remove_net(struct sctp_tcb *stcb, struct sctp_nets *net)
3481 struct sctp_association *asoc;
3485 TAILQ_REMOVE(&asoc->nets, net, sctp_next);
3486 if (net == asoc->primary_destination) {
3488 struct sctp_nets *lnet;
3490 lnet = TAILQ_FIRST(&asoc->nets);
3491 /* Try to find a confirmed primary */
3492 asoc->primary_destination = sctp_find_alternate_net(stcb, lnet, 0);
3494 if (net == asoc->last_data_chunk_from) {
3496 asoc->last_data_chunk_from = TAILQ_FIRST(&asoc->nets);
3498 if (net == asoc->last_control_chunk_from) {
3500 asoc->last_control_chunk_from = NULL;
3502 sctp_free_remote_addr(net);
3506 * remove a remote endpoint address from an association, it will fail if the
3507 * address does not exist.
3510 sctp_del_remote_addr(struct sctp_tcb *stcb, struct sockaddr *remaddr)
3513 * Here we need to remove a remote address. This is quite simple, we
3514 * first find it in the list of address for the association
3515 * (tasoc->asoc.nets) and then if it is there, we do a LIST_REMOVE
3516 * on that item. Note we do not allow it to be removed if there are
3517 * no other addresses.
3519 struct sctp_association *asoc;
3520 struct sctp_nets *net, *net_tmp;
3524 /* locate the address */
3525 for (net = TAILQ_FIRST(&asoc->nets); net != NULL; net = net_tmp) {
3526 net_tmp = TAILQ_NEXT(net, sctp_next);
3527 if (net->ro._l_addr.sa.sa_family != remaddr->sa_family) {
3530 if (sctp_cmpaddr((struct sockaddr *)&net->ro._l_addr,
3532 /* we found the guy */
3533 if (asoc->numnets < 2) {
3534 /* Must have at LEAST two remote addresses */
3537 sctp_remove_net(stcb, net);
3548 sctp_add_vtag_to_timewait(struct sctp_inpcb *inp, uint32_t tag, uint32_t time)
3550 struct sctpvtaghead *chain;
3551 struct sctp_tagblock *twait_block;
3555 (void)SCTP_GETTIME_TIMEVAL(&now);
3556 chain = &sctppcbinfo.vtag_timewait[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
3558 if (!SCTP_LIST_EMPTY(chain)) {
3559 /* Block(s) present, lets find space, and expire on the fly */
3560 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
3561 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
3562 if ((twait_block->vtag_block[i].v_tag == 0) &&
3564 twait_block->vtag_block[i].tv_sec_at_expire =
3566 twait_block->vtag_block[i].v_tag = tag;
3568 } else if ((twait_block->vtag_block[i].v_tag) &&
3569 ((long)twait_block->vtag_block[i].tv_sec_at_expire >
3571 /* Audit expires this guy */
3572 twait_block->vtag_block[i].tv_sec_at_expire = 0;
3573 twait_block->vtag_block[i].v_tag = 0;
3575 /* Reuse it for my new tag */
3576 twait_block->vtag_block[0].tv_sec_at_expire = now.tv_sec + SCTP_TIME_WAIT;
3577 twait_block->vtag_block[0].v_tag = tag;
3584 * We only do up to the block where we can
3585 * place our tag for audits
3591 /* Need to add a new block to chain */
3593 SCTP_MALLOC(twait_block, struct sctp_tagblock *,
3594 sizeof(struct sctp_tagblock), SCTP_M_TIMW);
3595 if (twait_block == NULL) {
3598 memset(twait_block, 0, sizeof(struct sctp_tagblock));
3599 LIST_INSERT_HEAD(chain, twait_block, sctp_nxt_tagblock);
3600 twait_block->vtag_block[0].tv_sec_at_expire = now.tv_sec +
3602 twait_block->vtag_block[0].v_tag = tag;
3608 sctp_iterator_asoc_being_freed(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
3610 struct sctp_iterator *it;
3613 * Unlock the tcb lock we do this so we avoid a dead lock scenario
3614 * where the iterator is waiting on the TCB lock and the TCB lock is
3615 * waiting on the iterator lock.
3617 it = stcb->asoc.stcb_starting_point_for_iterator;
3621 if (it->inp != stcb->sctp_ep) {
3622 /* hmm, focused on the wrong one? */
3625 if (it->stcb != stcb) {
3628 it->stcb = LIST_NEXT(stcb, sctp_tcblist);
3629 if (it->stcb == NULL) {
3630 /* done with all asoc's in this assoc */
3631 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
3634 it->inp = LIST_NEXT(inp, sctp_list);
3641 * Free the association after un-hashing the remote port.
3644 sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int from_inpcbfree, int from_location)
3647 struct sctp_association *asoc;
3648 struct sctp_nets *net, *prev;
3649 struct sctp_laddr *laddr;
3650 struct sctp_tmit_chunk *chk;
3651 struct sctp_asconf_addr *aparam;
3652 struct sctp_stream_reset_list *liste;
3653 struct sctp_queued_to_read *sq;
3654 struct sctp_stream_queue_pending *sp;
3655 sctp_sharedkey_t *shared_key;
3660 /* first, lets purge the entry from the hash table. */
3662 #ifdef SCTP_LOG_CLOSING
3663 sctp_log_closing(inp, stcb, 6);
3665 if (stcb->asoc.state == 0) {
3666 #ifdef SCTP_LOG_CLOSING
3667 sctp_log_closing(inp, NULL, 7);
3669 /* there is no asoc, really TSNH :-0 */
3673 if (stcb->freed_from_where == 0) {
3674 /* Only record the first place free happened from */
3675 stcb->freed_from_where = from_location;
3680 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
3681 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
3682 /* nothing around */
3685 so = inp->sctp_socket;
3688 * We used timer based freeing if a reader or writer is in the way.
3689 * So we first check if we are actually being called from a timer,
3690 * if so we abort early if a reader or writer is still in the way.
3692 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) &&
3693 (from_inpcbfree == SCTP_NORMAL_PROC)) {
3695 * is it the timer driving us? if so are the reader/writers
3698 if (stcb->asoc.refcnt) {
3699 /* nope, reader or writer in the way */
3700 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
3701 /* no asoc destroyed */
3702 SCTP_TCB_UNLOCK(stcb);
3703 #ifdef SCTP_LOG_CLOSING
3704 sctp_log_closing(inp, stcb, 8);
3709 /* now clean up any other timers */
3710 (void)SCTP_OS_TIMER_STOP(&asoc->hb_timer.timer);
3711 asoc->hb_timer.self = NULL;
3712 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer);
3713 asoc->dack_timer.self = NULL;
3714 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer);
3716 * For stream reset we don't blast this unless
3717 * it is a str-reset timer, it might be the
3718 * free-asoc timer which we DON'T want to
3721 if (asoc->strreset_timer.type == SCTP_TIMER_TYPE_STRRESET)
3722 asoc->strreset_timer.self = NULL;
3723 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer);
3724 asoc->asconf_timer.self = NULL;
3725 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer);
3726 asoc->autoclose_timer.self = NULL;
3727 (void)SCTP_OS_TIMER_STOP(&asoc->shut_guard_timer.timer);
3728 asoc->shut_guard_timer.self = NULL;
3729 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer);
3730 asoc->delayed_event_timer.self = NULL;
3731 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
3732 (void)SCTP_OS_TIMER_STOP(&net->fr_timer.timer);
3733 net->fr_timer.self = NULL;
3734 (void)SCTP_OS_TIMER_STOP(&net->rxt_timer.timer);
3735 net->rxt_timer.self = NULL;
3736 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer);
3737 net->pmtu_timer.self = NULL;
3739 /* Now the read queue needs to be cleaned up (only once) */
3741 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0) {
3742 stcb->asoc.state |= SCTP_STATE_ABOUT_TO_BE_FREED;
3743 SCTP_INP_READ_LOCK(inp);
3744 TAILQ_FOREACH(sq, &inp->read_queue, next) {
3745 if (sq->stcb == stcb) {
3746 sq->do_not_ref_stcb = 1;
3747 sq->sinfo_cumtsn = stcb->asoc.cumulative_tsn;
3749 * If there is no end, there never will be
3752 if (sq->end_added == 0) {
3753 /* Held for PD-API clear that. */
3754 sq->pdapi_aborted = 1;
3755 sq->held_length = 0;
3756 if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PDAPIEVNT)) {
3758 * Need to add a PD-API
3759 * aborted indication.
3760 * Setting the control_pdapi
3761 * assures that it will be
3762 * added right after this
3767 stcb->asoc.control_pdapi = sq;
3768 strseq = (sq->sinfo_stream << 16) | sq->sinfo_ssn;
3769 sctp_notify_partial_delivery_indication(stcb,
3770 SCTP_PARTIAL_DELIVERY_ABORTED, 1, strseq);
3771 stcb->asoc.control_pdapi = NULL;
3774 /* Add an end to wake them */
3779 SCTP_INP_READ_UNLOCK(inp);
3780 if (stcb->block_entry) {
3782 stcb->block_entry->error = ECONNRESET;
3783 stcb->block_entry = NULL;
3786 if ((from_inpcbfree != SCTP_PCBFREE_FORCE) && (stcb->asoc.refcnt)) {
3788 * reader or writer in the way, we have hopefully given him
3789 * something to chew on above.
3791 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
3792 SCTP_TCB_UNLOCK(stcb);
3794 SCTP_INP_RLOCK(inp);
3795 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
3796 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
3797 /* nothing around */
3800 /* Wake any reader/writers */
3801 sctp_sorwakeup(inp, so);
3802 sctp_sowwakeup(inp, so);
3804 SCTP_INP_RUNLOCK(inp);
3807 #ifdef SCTP_LOG_CLOSING
3808 sctp_log_closing(inp, stcb, 9);
3810 /* no asoc destroyed */
3813 #ifdef SCTP_LOG_CLOSING
3814 sctp_log_closing(inp, stcb, 10);
3817 * When I reach here, no others want to kill the assoc yet.. and I
3818 * own the lock. Now its possible an abort comes in when I do the
3819 * lock exchange below to grab all the locks to do the final take
3820 * out. to prevent this we increment the count, which will start a
3821 * timer and blow out above thus assuring us that we hold exclusive
3822 * killing of the asoc. Note that after getting back the TCB lock we
3823 * will go ahead and increment the counter back up and stop any
3824 * timer a passing stranger may have started :-S
3826 if (from_inpcbfree == SCTP_NORMAL_PROC) {
3827 atomic_add_int(&stcb->asoc.refcnt, 1);
3829 SCTP_TCB_UNLOCK(stcb);
3831 SCTP_ITERATOR_LOCK();
3832 SCTP_INP_INFO_WLOCK();
3833 SCTP_INP_WLOCK(inp);
3834 SCTP_TCB_LOCK(stcb);
3836 /* Double check the GONE flag */
3837 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
3838 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
3839 /* nothing around */
3842 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
3843 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
3845 * For TCP type we need special handling when we are
3846 * connected. We also include the peel'ed off ones to.
3848 if (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) {
3849 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CONNECTED;
3850 inp->sctp_flags |= SCTP_PCB_FLAGS_WAS_CONNECTED;
3853 if (so->so_rcv.sb_cc == 0) {
3854 so->so_state &= ~(SS_ISCONNECTING |
3855 SS_ISDISCONNECTING |
3860 sctp_sowwakeup(inp, so);
3861 sctp_sorwakeup(inp, so);
3867 * Make it invalid too, that way if its about to run it will abort
3870 sctp_iterator_asoc_being_freed(inp, stcb);
3871 /* re-increment the lock */
3872 if (from_inpcbfree == SCTP_NORMAL_PROC) {
3873 atomic_add_int(&stcb->asoc.refcnt, -1);
3876 if (inp->sctp_tcbhash) {
3877 LIST_REMOVE(stcb, sctp_tcbhash);
3879 if (stcb->asoc.in_restart_hash) {
3880 LIST_REMOVE(stcb, sctp_tcbrestarhash);
3882 /* Now lets remove it from the list of ALL associations in the EP */
3883 LIST_REMOVE(stcb, sctp_tcblist);
3884 if (from_inpcbfree == SCTP_NORMAL_PROC) {
3885 SCTP_INP_INCR_REF(inp);
3886 SCTP_INP_WUNLOCK(inp);
3887 SCTP_ITERATOR_UNLOCK();
3889 /* pull from vtag hash */
3890 LIST_REMOVE(stcb, sctp_asocs);
3891 sctp_add_vtag_to_timewait(inp, asoc->my_vtag, SCTP_TIME_WAIT);
3895 * Now restop the timers to be sure - this is paranoia at is finest!
3897 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer);
3898 (void)SCTP_OS_TIMER_STOP(&asoc->hb_timer.timer);
3899 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer);
3900 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer);
3901 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer);
3902 (void)SCTP_OS_TIMER_STOP(&asoc->shut_guard_timer.timer);
3903 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer);
3904 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer);
3906 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
3907 (void)SCTP_OS_TIMER_STOP(&net->fr_timer.timer);
3908 (void)SCTP_OS_TIMER_STOP(&net->rxt_timer.timer);
3909 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer);
3912 asoc->strreset_timer.type = SCTP_TIMER_TYPE_NONE;
3915 * The chunk lists and such SHOULD be empty but we check them just
3918 /* anything on the wheel needs to be removed */
3919 for (i = 0; i < asoc->streamoutcnt; i++) {
3920 struct sctp_stream_out *outs;
3922 outs = &asoc->strmout[i];
3923 /* now clean up any chunks here */
3924 sp = TAILQ_FIRST(&outs->outqueue);
3926 TAILQ_REMOVE(&outs->outqueue, sp, next);
3928 sctp_m_freem(sp->data);
3930 sp->tail_mbuf = NULL;
3932 sctp_free_remote_addr(sp->net);
3933 sctp_free_spbufspace(stcb, asoc, sp);
3934 /* Free the zone stuff */
3935 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_strmoq, sp);
3936 SCTP_DECR_STRMOQ_COUNT();
3937 /* sa_ignore FREED_MEMORY */
3938 sp = TAILQ_FIRST(&outs->outqueue);
3942 /* sa_ignore FREED_MEMORY */
3943 while ((liste = TAILQ_FIRST(&asoc->resetHead)) != NULL) {
3944 TAILQ_REMOVE(&asoc->resetHead, liste, next_resp);
3945 SCTP_FREE(liste, SCTP_M_STRESET);
3948 sq = TAILQ_FIRST(&asoc->pending_reply_queue);
3950 TAILQ_REMOVE(&asoc->pending_reply_queue, sq, next);
3952 sctp_m_freem(sq->data);
3955 sctp_free_remote_addr(sq->whoFrom);
3958 /* Free the ctl entry */
3959 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_readq, sq);
3960 SCTP_DECR_READQ_COUNT();
3961 /* sa_ignore FREED_MEMORY */
3962 sq = TAILQ_FIRST(&asoc->pending_reply_queue);
3965 chk = TAILQ_FIRST(&asoc->free_chunks);
3967 TAILQ_REMOVE(&asoc->free_chunks, chk, sctp_next);
3969 sctp_m_freem(chk->data);
3973 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
3974 SCTP_DECR_CHK_COUNT();
3975 atomic_subtract_int(&sctppcbinfo.ipi_free_chunks, 1);
3976 asoc->free_chunk_cnt--;
3977 /* sa_ignore FREED_MEMORY */
3978 chk = TAILQ_FIRST(&asoc->free_chunks);
3980 /* pending send queue SHOULD be empty */
3981 if (!TAILQ_EMPTY(&asoc->send_queue)) {
3982 chk = TAILQ_FIRST(&asoc->send_queue);
3984 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next);
3986 sctp_m_freem(chk->data);
3990 sctp_free_remote_addr(chk->whoTo);
3991 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
3992 SCTP_DECR_CHK_COUNT();
3993 /* sa_ignore FREED_MEMORY */
3994 chk = TAILQ_FIRST(&asoc->send_queue);
3999 printf("Freed %d from send_queue\n", ccnt);
4003 /* sent queue SHOULD be empty */
4004 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
4005 chk = TAILQ_FIRST(&asoc->sent_queue);
4007 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
4009 sctp_m_freem(chk->data);
4013 sctp_free_remote_addr(chk->whoTo);
4014 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
4015 SCTP_DECR_CHK_COUNT();
4016 /* sa_ignore FREED_MEMORY */
4017 chk = TAILQ_FIRST(&asoc->sent_queue);
4022 printf("Freed %d from sent_queue\n", ccnt);
4026 /* control queue MAY not be empty */
4027 if (!TAILQ_EMPTY(&asoc->control_send_queue)) {
4028 chk = TAILQ_FIRST(&asoc->control_send_queue);
4030 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
4032 sctp_m_freem(chk->data);
4036 sctp_free_remote_addr(chk->whoTo);
4037 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
4038 SCTP_DECR_CHK_COUNT();
4039 /* sa_ignore FREED_MEMORY */
4040 chk = TAILQ_FIRST(&asoc->control_send_queue);
4045 printf("Freed %d from ctrl_queue\n", ccnt);
4049 if (!TAILQ_EMPTY(&asoc->reasmqueue)) {
4050 chk = TAILQ_FIRST(&asoc->reasmqueue);
4052 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
4054 sctp_m_freem(chk->data);
4057 sctp_free_remote_addr(chk->whoTo);
4059 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
4060 SCTP_DECR_CHK_COUNT();
4061 /* sa_ignore FREED_MEMORY */
4062 chk = TAILQ_FIRST(&asoc->reasmqueue);
4067 printf("Freed %d from reasm_queue\n", ccnt);
4071 if (asoc->mapping_array) {
4072 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP);
4073 asoc->mapping_array = NULL;
4075 /* the stream outs */
4076 if (asoc->strmout) {
4077 SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
4078 asoc->strmout = NULL;
4080 asoc->streamoutcnt = 0;
4082 struct sctp_queued_to_read *ctl;
4084 for (i = 0; i < asoc->streamincnt; i++) {
4085 if (!TAILQ_EMPTY(&asoc->strmin[i].inqueue)) {
4086 /* We have somethings on the streamin queue */
4087 ctl = TAILQ_FIRST(&asoc->strmin[i].inqueue);
4089 TAILQ_REMOVE(&asoc->strmin[i].inqueue,
4091 sctp_free_remote_addr(ctl->whoFrom);
4093 sctp_m_freem(ctl->data);
4097 * We don't free the address here
4098 * since all the net's were freed
4101 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_readq, ctl);
4102 SCTP_DECR_READQ_COUNT();
4103 ctl = TAILQ_FIRST(&asoc->strmin[i].inqueue);
4107 SCTP_FREE(asoc->strmin, SCTP_M_STRMI);
4108 asoc->strmin = NULL;
4110 asoc->streamincnt = 0;
4111 while (!TAILQ_EMPTY(&asoc->nets)) {
4112 /* sa_ignore FREED_MEMORY */
4113 net = TAILQ_FIRST(&asoc->nets);
4114 /* pull from list */
4115 if ((sctppcbinfo.ipi_count_raddr == 0) || (prev == net)) {
4117 panic("no net's left alloc'ed, or list points to itself");
4122 TAILQ_REMOVE(&asoc->nets, net, sctp_next);
4123 sctp_free_remote_addr(net);
4126 while (!SCTP_LIST_EMPTY(&asoc->sctp_restricted_addrs)) {
4127 /* sa_ignore FREED_MEMORY */
4128 laddr = LIST_FIRST(&asoc->sctp_restricted_addrs);
4129 sctp_remove_laddr(laddr);
4132 /* pending asconf (address) parameters */
4133 while (!TAILQ_EMPTY(&asoc->asconf_queue)) {
4134 /* sa_ignore FREED_MEMORY */
4135 aparam = TAILQ_FIRST(&asoc->asconf_queue);
4136 TAILQ_REMOVE(&asoc->asconf_queue, aparam, next);
4137 SCTP_FREE(aparam, SCTP_M_ASC_ADDR);
4139 if (asoc->last_asconf_ack_sent != NULL) {
4140 sctp_m_freem(asoc->last_asconf_ack_sent);
4141 asoc->last_asconf_ack_sent = NULL;
4143 /* clean up auth stuff */
4144 if (asoc->local_hmacs)
4145 sctp_free_hmaclist(asoc->local_hmacs);
4146 if (asoc->peer_hmacs)
4147 sctp_free_hmaclist(asoc->peer_hmacs);
4149 if (asoc->local_auth_chunks)
4150 sctp_free_chunklist(asoc->local_auth_chunks);
4151 if (asoc->peer_auth_chunks)
4152 sctp_free_chunklist(asoc->peer_auth_chunks);
4154 sctp_free_authinfo(&asoc->authinfo);
4156 shared_key = LIST_FIRST(&asoc->shared_keys);
4157 while (shared_key) {
4158 LIST_REMOVE(shared_key, next);
4159 sctp_free_sharedkey(shared_key);
4160 /* sa_ignore FREED_MEMORY */
4161 shared_key = LIST_FIRST(&asoc->shared_keys);
4164 /* Insert new items here :> */
4166 /* Get rid of LOCK */
4167 SCTP_TCB_LOCK_DESTROY(stcb);
4168 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
4169 if (from_inpcbfree == SCTP_NORMAL_PROC) {
4170 SCTP_INP_INFO_WUNLOCK();
4171 SCTP_INP_RLOCK(inp);
4173 #ifdef SCTP_TRACK_FREED_ASOCS
4174 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4175 /* now clean up the tasoc itself */
4176 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb);
4177 SCTP_DECR_ASOC_COUNT();
4179 LIST_INSERT_HEAD(&inp->sctp_asoc_free_list, stcb, sctp_tcblist);
4182 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb);
4183 SCTP_DECR_ASOC_COUNT();
4185 if (from_inpcbfree == SCTP_NORMAL_PROC) {
4186 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
4188 * If its NOT the inp_free calling us AND sctp_close
4189 * as been called, we call back...
4191 SCTP_INP_RUNLOCK(inp);
4193 * This will start the kill timer (if we are the
4194 * lastone) since we hold an increment yet. But this
4195 * is the only safe way to do this since otherwise
4196 * if the socket closes at the same time we are here
4197 * we might collide in the cleanup.
4199 sctp_inpcb_free(inp,
4200 SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE,
4201 SCTP_CALLED_DIRECTLY_NOCMPSET);
4202 SCTP_INP_DECR_REF(inp);
4205 /* The socket is still open. */
4206 SCTP_INP_DECR_REF(inp);
4209 if (from_inpcbfree == SCTP_NORMAL_PROC) {
4210 SCTP_INP_RUNLOCK(inp);
4213 /* destroyed the asoc */
4214 #ifdef SCTP_LOG_CLOSING
4215 sctp_log_closing(inp, NULL, 11);
4223 * determine if a destination is "reachable" based upon the addresses bound
4224 * to the current endpoint (e.g. only v4 or v6 currently bound)
4227 * FIX: if we allow assoc-level bindx(), then this needs to be fixed to use
4228 * assoc level v4/v6 flags, as the assoc *may* not have the same address
4229 * types bound as its endpoint
4232 sctp_destination_is_reachable(struct sctp_tcb *stcb, struct sockaddr *destaddr)
4234 struct sctp_inpcb *inp;
4238 * No locks here, the TCB, in all cases is already locked and an
4239 * assoc is up. There is either a INP lock by the caller applied (in
4240 * asconf case when deleting an address) or NOT in the HB case,
4241 * however if HB then the INP increment is up and the INP will not
4242 * be removed (on top of the fact that we have a TCB lock). So we
4243 * only want to read the sctp_flags, which is either bound-all or
4244 * not.. no protection needed since once an assoc is up you can't be
4245 * changing your binding.
4247 inp = stcb->sctp_ep;
4248 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
4249 /* if bound all, destination is not restricted */
4251 * RRS: Question during lock work: Is this correct? If you
4252 * are bound-all you still might need to obey the V4--V6
4253 * flags??? IMO this bound-all stuff needs to be removed!
4257 /* NOTE: all "scope" checks are done when local addresses are added */
4258 if (destaddr->sa_family == AF_INET6) {
4259 answer = inp->ip_inp.inp.inp_vflag & INP_IPV6;
4260 } else if (destaddr->sa_family == AF_INET) {
4261 answer = inp->ip_inp.inp.inp_vflag & INP_IPV4;
4263 /* invalid family, so it's unreachable */
4270 * update the inp_vflags on an endpoint
4273 sctp_update_ep_vflag(struct sctp_inpcb *inp)
4275 struct sctp_laddr *laddr;
4277 /* first clear the flag */
4278 inp->ip_inp.inp.inp_vflag = 0;
4279 /* set the flag based on addresses on the ep list */
4280 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
4281 if (laddr->ifa == NULL) {
4282 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n",
4286 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
4289 if (laddr->ifa->address.sa.sa_family == AF_INET6) {
4290 inp->ip_inp.inp.inp_vflag |= INP_IPV6;
4291 } else if (laddr->ifa->address.sa.sa_family == AF_INET) {
4292 inp->ip_inp.inp.inp_vflag |= INP_IPV4;
4298 * Add the address to the endpoint local address list There is nothing to be
4299 * done if we are bound to all addresses
4302 sctp_add_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa, uint32_t action)
4304 struct sctp_laddr *laddr;
4309 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
4310 /* You are already bound to all. You have it already */
4313 if (ifa->address.sa.sa_family == AF_INET6) {
4314 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
4315 /* Can't bind a non-useable addr. */
4319 /* first, is it already present? */
4320 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
4321 if (laddr->ifa == ifa) {
4328 /* Not in the ep list */
4329 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, action);
4333 /* update inp_vflag flags */
4334 if (ifa->address.sa.sa_family == AF_INET6) {
4335 inp->ip_inp.inp.inp_vflag |= INP_IPV6;
4336 } else if (ifa->address.sa.sa_family == AF_INET) {
4337 inp->ip_inp.inp.inp_vflag |= INP_IPV4;
4345 * select a new (hopefully reachable) destination net (should only be used
4346 * when we deleted an ep addr that is the only usable source address to reach
4347 * the destination net)
4350 sctp_select_primary_destination(struct sctp_tcb *stcb)
4352 struct sctp_nets *net;
4354 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
4355 /* for now, we'll just pick the first reachable one we find */
4356 if (net->dest_state & SCTP_ADDR_UNCONFIRMED)
4358 if (sctp_destination_is_reachable(stcb,
4359 (struct sockaddr *)&net->ro._l_addr)) {
4360 /* found a reachable destination */
4361 stcb->asoc.primary_destination = net;
4364 /* I can't there from here! ...we're gonna die shortly... */
4369 * Delete the address from the endpoint local address list There is nothing
4370 * to be done if we are bound to all addresses
4373 sctp_del_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa)
4375 struct sctp_laddr *laddr;
4379 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
4380 /* You are already bound to all. You have it already */
4383 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
4384 if (laddr->ifa == ifa) {
4389 if (fnd && (inp->laddr_count < 2)) {
4390 /* can't delete unless there are at LEAST 2 addresses */
4395 * clean up any use of this address go through our
4396 * associations and clear any last_used_address that match
4397 * this one for each assoc, see if a new primary_destination
4400 struct sctp_tcb *stcb;
4402 /* clean up "next_addr_touse" */
4403 if (inp->next_addr_touse == laddr)
4404 /* delete this address */
4405 inp->next_addr_touse = NULL;
4407 /* clean up "last_used_address" */
4408 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
4409 struct sctp_nets *net;
4411 SCTP_TCB_LOCK(stcb);
4412 if (stcb->asoc.last_used_address == laddr)
4413 /* delete this address */
4414 stcb->asoc.last_used_address = NULL;
4416 * Now spin through all the nets and purge any ref
4419 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
4420 if (net->ro._s_addr &&
4421 (net->ro._s_addr->ifa == laddr->ifa)) {
4422 /* Yep, purge src address selected */
4425 /* delete this address if cached */
4429 net->ro.ro_rt = NULL;
4431 sctp_free_ifa(net->ro._s_addr);
4432 net->ro._s_addr = NULL;
4433 net->src_addr_selected = 0;
4436 SCTP_TCB_UNLOCK(stcb);
4437 } /* for each tcb */
4438 /* remove it from the ep list */
4439 sctp_remove_laddr(laddr);
4441 /* update inp_vflag flags */
4442 sctp_update_ep_vflag(inp);
4448 * Add the addr to the TCB local address list For the BOUNDALL or dynamic
4449 * case, this is a "pending" address list (eg. addresses waiting for an
4450 * ASCONF-ACK response) For the subset binding, static case, this is a
4451 * "valid" address list
4454 sctp_add_local_addr_assoc(struct sctp_tcb *stcb, struct sctp_ifa *ifa, int restricted_list)
4456 struct sctp_inpcb *inp;
4457 struct sctp_laddr *laddr;
4458 struct sctpladdr *list;
4461 * Assumes TCB is locked.. and possibly the INP. May need to
4462 * confirm/fix that if we need it and is not the case.
4464 list = &stcb->asoc.sctp_restricted_addrs;
4466 inp = stcb->sctp_ep;
4467 if (ifa->address.sa.sa_family == AF_INET6) {
4468 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
4469 /* Can't bind a non-existent addr. */
4473 /* does the address already exist? */
4474 LIST_FOREACH(laddr, list, sctp_nxt_addr) {
4475 if (laddr->ifa == ifa) {
4480 /* add to the list */
4481 (void)sctp_insert_laddr(list, ifa, 0);
4486 * insert an laddr entry with the given ifa for the desired list
4489 sctp_insert_laddr(struct sctpladdr *list, struct sctp_ifa *ifa, uint32_t act)
4491 struct sctp_laddr *laddr;
4493 laddr = SCTP_ZONE_GET(sctppcbinfo.ipi_zone_laddr, struct sctp_laddr);
4494 if (laddr == NULL) {
4495 /* out of memory? */
4498 SCTP_INCR_LADDR_COUNT();
4499 bzero(laddr, sizeof(*laddr));
4500 (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time);
4502 laddr->action = act;
4503 atomic_add_int(&ifa->refcount, 1);
4505 LIST_INSERT_HEAD(list, laddr, sctp_nxt_addr);
4511 * Remove an laddr entry from the local address list (on an assoc)
4514 sctp_remove_laddr(struct sctp_laddr *laddr)
4517 /* remove from the list */
4518 LIST_REMOVE(laddr, sctp_nxt_addr);
4519 sctp_free_ifa(laddr->ifa);
4520 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_laddr, laddr);
4521 SCTP_DECR_LADDR_COUNT();
4525 * Remove an address from the TCB local address list
4528 sctp_del_local_addr_assoc(struct sctp_tcb *stcb, struct sctp_ifa *ifa)
4530 struct sctp_inpcb *inp;
4531 struct sctp_laddr *laddr;
4534 * This is called by asconf work. It is assumed that a) The TCB is
4535 * locked and b) The INP is locked. This is true in as much as I can
4536 * trace through the entry asconf code where I did these locks.
4537 * Again, the ASCONF code is a bit different in that it does lock
4538 * the INP during its work often times. This must be since we don't
4539 * want other proc's looking up things while what they are looking
4540 * up is changing :-D
4543 inp = stcb->sctp_ep;
4544 /* if subset bound and don't allow ASCONF's, can't delete last */
4545 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) &&
4546 (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF) == 0)) {
4547 if (stcb->asoc.numnets < 2) {
4548 /* can't delete last address */
4552 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) {
4553 /* remove the address if it exists */
4554 if (laddr->ifa == NULL)
4556 if (laddr->ifa == ifa) {
4557 sctp_remove_laddr(laddr);
4562 /* address not found! */
4566 static char sctp_pcb_initialized = 0;
4569 * Temporarily remove for __APPLE__ until we use the Tiger equivalents
4572 static int sctp_max_number_of_assoc = SCTP_MAX_NUM_OF_ASOC;
4573 static int sctp_scale_up_for_address = SCTP_SCALE_FOR_ADDR;
4579 * SCTP initialization for the PCB structures should be called by
4580 * the sctp_init() funciton.
4584 if (sctp_pcb_initialized != 0) {
4585 /* error I was called twice */
4588 sctp_pcb_initialized = 1;
4590 bzero(&sctpstat, sizeof(struct sctpstat));
4591 (void)SCTP_GETTIME_TIMEVAL(&sctpstat.sctps_discontinuitytime);
4592 /* init the empty list of (All) Endpoints */
4593 LIST_INIT(&sctppcbinfo.listhead);
4595 /* init the iterator head */
4596 TAILQ_INIT(&sctppcbinfo.iteratorhead);
4598 /* init the hash table of endpoints */
4599 TUNABLE_INT_FETCH("net.inet.sctp.tcbhashsize", &sctp_hashtblsize);
4600 TUNABLE_INT_FETCH("net.inet.sctp.pcbhashsize", &sctp_pcbtblsize);
4601 TUNABLE_INT_FETCH("net.inet.sctp.chunkscale", &sctp_chunkscale);
4602 sctppcbinfo.sctp_asochash = SCTP_HASH_INIT((sctp_hashtblsize * 31),
4603 &sctppcbinfo.hashasocmark);
4604 sctppcbinfo.sctp_ephash = SCTP_HASH_INIT(sctp_hashtblsize,
4605 &sctppcbinfo.hashmark);
4606 sctppcbinfo.sctp_tcpephash = SCTP_HASH_INIT(sctp_hashtblsize,
4607 &sctppcbinfo.hashtcpmark);
4608 sctppcbinfo.hashtblsize = sctp_hashtblsize;
4610 /* init the small hash table we use to track restarted asoc's */
4611 sctppcbinfo.sctp_restarthash = SCTP_HASH_INIT(SCTP_STACK_VTAG_HASH_SIZE,
4612 &sctppcbinfo.hashrestartmark);
4615 sctppcbinfo.sctp_vrfhash = SCTP_HASH_INIT(SCTP_SIZE_OF_VRF_HASH,
4616 &sctppcbinfo.hashvrfmark);
4618 sctppcbinfo.vrf_ifn_hash = SCTP_HASH_INIT(SCTP_VRF_IFN_HASH_SIZE,
4619 &sctppcbinfo.vrf_ifn_hashmark);
4621 /* init the zones */
4623 * FIX ME: Should check for NULL returns, but if it does fail we are
4624 * doomed to panic anyways... add later maybe.
4626 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_ep, "sctp_ep",
4627 sizeof(struct sctp_inpcb), maxsockets);
4629 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_asoc, "sctp_asoc",
4630 sizeof(struct sctp_tcb), sctp_max_number_of_assoc);
4632 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_laddr, "sctp_laddr",
4633 sizeof(struct sctp_laddr),
4634 (sctp_max_number_of_assoc * sctp_scale_up_for_address));
4636 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_net, "sctp_raddr",
4637 sizeof(struct sctp_nets),
4638 (sctp_max_number_of_assoc * sctp_scale_up_for_address));
4640 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_chunk, "sctp_chunk",
4641 sizeof(struct sctp_tmit_chunk),
4642 (sctp_max_number_of_assoc * sctp_chunkscale));
4644 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_readq, "sctp_readq",
4645 sizeof(struct sctp_queued_to_read),
4646 (sctp_max_number_of_assoc * sctp_chunkscale));
4648 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_strmoq, "sctp_stream_msg_out",
4649 sizeof(struct sctp_stream_queue_pending),
4650 (sctp_max_number_of_assoc * sctp_chunkscale));
4652 /* Master Lock INIT for info structure */
4653 SCTP_INP_INFO_LOCK_INIT();
4654 SCTP_STATLOG_INIT_LOCK();
4655 SCTP_ITERATOR_LOCK_INIT();
4657 SCTP_IPI_COUNT_INIT();
4658 SCTP_IPI_ADDR_INIT();
4659 SCTP_IPI_ITERATOR_WQ_INIT();
4660 #ifdef SCTP_PACKET_LOGGING
4661 SCTP_IP_PKTLOG_INIT();
4663 LIST_INIT(&sctppcbinfo.addr_wq);
4665 /* not sure if we need all the counts */
4666 sctppcbinfo.ipi_count_ep = 0;
4667 /* assoc/tcb zone info */
4668 sctppcbinfo.ipi_count_asoc = 0;
4669 /* local addrlist zone info */
4670 sctppcbinfo.ipi_count_laddr = 0;
4671 /* remote addrlist zone info */
4672 sctppcbinfo.ipi_count_raddr = 0;
4674 sctppcbinfo.ipi_count_chunk = 0;
4676 /* socket queue zone info */
4677 sctppcbinfo.ipi_count_readq = 0;
4679 /* stream out queue cont */
4680 sctppcbinfo.ipi_count_strmoq = 0;
4682 sctppcbinfo.ipi_free_strmoq = 0;
4683 sctppcbinfo.ipi_free_chunks = 0;
4685 SCTP_OS_TIMER_INIT(&sctppcbinfo.addr_wq_timer.timer);
4687 /* Init the TIMEWAIT list */
4688 for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE_A; i++) {
4689 LIST_INIT(&sctppcbinfo.vtag_timewait[i]);
4692 #if defined(SCTP_USE_THREAD_BASED_ITERATOR)
4693 sctppcbinfo.iterator_running = 0;
4694 sctp_startup_iterator();
4698 * INIT the default VRF which for BSD is the only one, other O/S's
4699 * may have more. But initially they must start with one and then
4700 * add the VRF's as addresses are added.
4702 sctp_init_vrf_list(SCTP_DEFAULT_VRF);
4708 sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
4709 int iphlen, int offset, int limit, struct sctphdr *sh,
4710 struct sockaddr *altsa)
4713 * grub through the INIT pulling addresses and loading them to the
4714 * nets structure in the asoc. The from address in the mbuf should
4715 * also be loaded (if it is not already). This routine can be called
4716 * with either INIT or INIT-ACK's as long as the m points to the IP
4717 * packet and the offset points to the beginning of the parameters.
4719 struct sctp_inpcb *inp, *l_inp;
4720 struct sctp_nets *net, *net_tmp;
4722 struct sctp_paramhdr *phdr, parm_buf;
4723 struct sctp_tcb *stcb_tmp;
4724 uint16_t ptype, plen;
4725 struct sockaddr *sa;
4726 struct sockaddr_storage dest_store;
4727 struct sockaddr *local_sa = (struct sockaddr *)&dest_store;
4728 struct sockaddr_in sin;
4729 struct sockaddr_in6 sin6;
4730 uint8_t random_store[SCTP_PARAM_BUFFER_SIZE];
4731 struct sctp_auth_random *p_random = NULL;
4732 uint16_t random_len = 0;
4733 uint8_t hmacs_store[SCTP_PARAM_BUFFER_SIZE];
4734 struct sctp_auth_hmac_algo *hmacs = NULL;
4735 uint16_t hmacs_len = 0;
4736 uint8_t chunks_store[SCTP_PARAM_BUFFER_SIZE];
4737 struct sctp_auth_chunk_list *chunks = NULL;
4738 uint16_t num_chunks = 0;
4739 sctp_key_t *new_key;
4741 int got_random = 0, got_hmacs = 0, got_chklist = 0;
4743 /* First get the destination address setup too. */
4744 memset(&sin, 0, sizeof(sin));
4745 memset(&sin6, 0, sizeof(sin6));
4747 sin.sin_family = AF_INET;
4748 sin.sin_len = sizeof(sin);
4749 sin.sin_port = stcb->rport;
4751 sin6.sin6_family = AF_INET6;
4752 sin6.sin6_len = sizeof(struct sockaddr_in6);
4753 sin6.sin6_port = stcb->rport;
4754 if (altsa == NULL) {
4755 iph = mtod(m, struct ip *);
4756 if (iph->ip_v == IPVERSION) {
4758 struct sockaddr_in *sin_2;
4760 sin_2 = (struct sockaddr_in *)(local_sa);
4761 memset(sin_2, 0, sizeof(sin));
4762 sin_2->sin_family = AF_INET;
4763 sin_2->sin_len = sizeof(sin);
4764 sin_2->sin_port = sh->dest_port;
4765 sin_2->sin_addr.s_addr = iph->ip_dst.s_addr;
4766 sin.sin_addr = iph->ip_src;
4767 sa = (struct sockaddr *)&sin;
4768 } else if (iph->ip_v == (IPV6_VERSION >> 4)) {
4770 struct ip6_hdr *ip6;
4771 struct sockaddr_in6 *sin6_2;
4773 ip6 = mtod(m, struct ip6_hdr *);
4774 sin6_2 = (struct sockaddr_in6 *)(local_sa);
4775 memset(sin6_2, 0, sizeof(sin6));
4776 sin6_2->sin6_family = AF_INET6;
4777 sin6_2->sin6_len = sizeof(struct sockaddr_in6);
4778 sin6_2->sin6_port = sh->dest_port;
4779 sin6.sin6_addr = ip6->ip6_src;
4780 sa = (struct sockaddr *)&sin6;
4786 * For cookies we use the src address NOT from the packet
4787 * but from the original INIT
4791 /* Turn off ECN until we get through all params */
4792 stcb->asoc.ecn_allowed = 0;
4793 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
4794 /* mark all addresses that we have currently on the list */
4795 net->dest_state |= SCTP_ADDR_NOT_IN_ASSOC;
4797 /* does the source address already exist? if so skip it */
4798 l_inp = inp = stcb->sctp_ep;
4800 atomic_add_int(&stcb->asoc.refcnt, 1);
4801 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net_tmp, local_sa, stcb);
4802 atomic_add_int(&stcb->asoc.refcnt, -1);
4804 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) || inp == NULL) {
4805 /* we must add the source address */
4806 /* no scope set here since we have a tcb already. */
4807 if ((sa->sa_family == AF_INET) &&
4808 (stcb->asoc.ipv4_addr_legal)) {
4809 if (sctp_add_remote_addr(stcb, sa, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_2)) {
4812 } else if ((sa->sa_family == AF_INET6) &&
4813 (stcb->asoc.ipv6_addr_legal)) {
4814 if (sctp_add_remote_addr(stcb, sa, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_3)) {
4819 if (net_tmp != NULL && stcb_tmp == stcb) {
4820 net_tmp->dest_state &= ~SCTP_ADDR_NOT_IN_ASSOC;
4821 } else if (stcb_tmp != stcb) {
4822 /* It belongs to another association? */
4823 SCTP_TCB_UNLOCK(stcb_tmp);
4827 if (stcb->asoc.state == 0) {
4828 /* the assoc was freed? */
4831 /* now we must go through each of the params. */
4832 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf));
4834 ptype = ntohs(phdr->param_type);
4835 plen = ntohs(phdr->param_length);
4837 * printf("ptype => %0x, plen => %d\n", (uint32_t)ptype,
4840 if (offset + plen > limit) {
4846 if (ptype == SCTP_IPV4_ADDRESS) {
4847 if (stcb->asoc.ipv4_addr_legal) {
4848 struct sctp_ipv4addr_param *p4, p4_buf;
4850 /* ok get the v4 address and check/add */
4851 phdr = sctp_get_next_param(m, offset,
4852 (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf));
4853 if (plen != sizeof(struct sctp_ipv4addr_param) ||
4857 p4 = (struct sctp_ipv4addr_param *)phdr;
4858 sin.sin_addr.s_addr = p4->addr;
4859 if (IN_MULTICAST(sin.sin_addr.s_addr)) {
4860 /* Skip multi-cast addresses */
4863 if ((sin.sin_addr.s_addr == INADDR_BROADCAST) ||
4864 (sin.sin_addr.s_addr == INADDR_ANY)) {
4867 sa = (struct sockaddr *)&sin;
4868 inp = stcb->sctp_ep;
4869 atomic_add_int(&stcb->asoc.refcnt, 1);
4870 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net,
4872 atomic_add_int(&stcb->asoc.refcnt, -1);
4874 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) ||
4876 /* we must add the source address */
4878 * no scope set since we have a tcb
4883 * we must validate the state again
4886 if (stcb->asoc.state == 0) {
4887 /* the assoc was freed? */
4890 if (sctp_add_remote_addr(stcb, sa, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_4)) {
4893 } else if (stcb_tmp == stcb) {
4894 if (stcb->asoc.state == 0) {
4895 /* the assoc was freed? */
4901 ~SCTP_ADDR_NOT_IN_ASSOC;
4905 * strange, address is in another
4906 * assoc? straighten out locks.
4908 if (stcb->asoc.state == 0) {
4909 /* the assoc was freed? */
4915 } else if (ptype == SCTP_IPV6_ADDRESS) {
4916 if (stcb->asoc.ipv6_addr_legal) {
4917 /* ok get the v6 address and check/add */
4918 struct sctp_ipv6addr_param *p6, p6_buf;
4920 phdr = sctp_get_next_param(m, offset,
4921 (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf));
4922 if (plen != sizeof(struct sctp_ipv6addr_param) ||
4926 p6 = (struct sctp_ipv6addr_param *)phdr;
4927 memcpy((caddr_t)&sin6.sin6_addr, p6->addr,
4929 if (IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) {
4930 /* Skip multi-cast addresses */
4933 if (IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) {
4935 * Link local make no sense without
4940 sa = (struct sockaddr *)&sin6;
4941 inp = stcb->sctp_ep;
4942 atomic_add_int(&stcb->asoc.refcnt, 1);
4943 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net,
4945 atomic_add_int(&stcb->asoc.refcnt, -1);
4946 if (stcb_tmp == NULL && (inp == stcb->sctp_ep ||
4949 * we must validate the state again
4952 if (stcb->asoc.state == 0) {
4953 /* the assoc was freed? */
4957 * we must add the address, no scope
4960 if (sctp_add_remote_addr(stcb, sa, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_5)) {
4963 } else if (stcb_tmp == stcb) {
4965 * we must validate the state again
4968 if (stcb->asoc.state == 0) {
4969 /* the assoc was freed? */
4975 ~SCTP_ADDR_NOT_IN_ASSOC;
4979 * strange, address is in another
4980 * assoc? straighten out locks.
4982 if (stcb->asoc.state == 0) {
4983 /* the assoc was freed? */
4989 } else if (ptype == SCTP_ECN_CAPABLE) {
4990 stcb->asoc.ecn_allowed = 1;
4991 } else if (ptype == SCTP_ULP_ADAPTATION) {
4992 if (stcb->asoc.state != SCTP_STATE_OPEN) {
4993 struct sctp_adaptation_layer_indication ai,
4996 phdr = sctp_get_next_param(m, offset,
4997 (struct sctp_paramhdr *)&ai, sizeof(ai));
4998 aip = (struct sctp_adaptation_layer_indication *)phdr;
5000 sctp_ulp_notify(SCTP_NOTIFY_ADAPTATION_INDICATION,
5001 stcb, ntohl(aip->indication), NULL);
5004 } else if (ptype == SCTP_SET_PRIM_ADDR) {
5005 struct sctp_asconf_addr_param lstore, *fee;
5006 struct sctp_asconf_addrv4_param *fii;
5008 struct sockaddr *lsa = NULL;
5010 stcb->asoc.peer_supports_asconf = 1;
5011 if (plen > sizeof(lstore)) {
5014 phdr = sctp_get_next_param(m, offset,
5015 (struct sctp_paramhdr *)&lstore, min(plen, sizeof(lstore)));
5019 fee = (struct sctp_asconf_addr_param *)phdr;
5020 lptype = ntohs(fee->addrp.ph.param_type);
5021 if (lptype == SCTP_IPV4_ADDRESS) {
5023 sizeof(struct sctp_asconf_addrv4_param)) {
5024 SCTP_PRINTF("Sizeof setprim in init/init ack not %d but %d - ignored\n",
5025 (int)sizeof(struct sctp_asconf_addrv4_param),
5028 fii = (struct sctp_asconf_addrv4_param *)fee;
5029 sin.sin_addr.s_addr = fii->addrp.addr;
5030 lsa = (struct sockaddr *)&sin;
5032 } else if (lptype == SCTP_IPV6_ADDRESS) {
5034 sizeof(struct sctp_asconf_addr_param)) {
5035 SCTP_PRINTF("Sizeof setprim (v6) in init/init ack not %d but %d - ignored\n",
5036 (int)sizeof(struct sctp_asconf_addr_param),
5039 memcpy(sin6.sin6_addr.s6_addr,
5041 sizeof(fee->addrp.addr));
5042 lsa = (struct sockaddr *)&sin6;
5046 (void)sctp_set_primary_addr(stcb, sa, NULL);
5048 } else if (ptype == SCTP_PRSCTP_SUPPORTED) {
5049 /* Peer supports pr-sctp */
5050 stcb->asoc.peer_supports_prsctp = 1;
5051 } else if (ptype == SCTP_SUPPORTED_CHUNK_EXT) {
5052 /* A supported extension chunk */
5053 struct sctp_supported_chunk_types_param *pr_supported;
5054 uint8_t local_store[SCTP_PARAM_BUFFER_SIZE];
5057 phdr = sctp_get_next_param(m, offset,
5058 (struct sctp_paramhdr *)&local_store, min(sizeof(local_store), plen));
5062 stcb->asoc.peer_supports_asconf = 0;
5063 stcb->asoc.peer_supports_prsctp = 0;
5064 stcb->asoc.peer_supports_pktdrop = 0;
5065 stcb->asoc.peer_supports_strreset = 0;
5066 stcb->asoc.peer_supports_auth = 0;
5067 pr_supported = (struct sctp_supported_chunk_types_param *)phdr;
5068 num_ent = plen - sizeof(struct sctp_paramhdr);
5069 for (i = 0; i < num_ent; i++) {
5070 switch (pr_supported->chunk_types[i]) {
5072 case SCTP_ASCONF_ACK:
5073 stcb->asoc.peer_supports_asconf = 1;
5075 case SCTP_FORWARD_CUM_TSN:
5076 stcb->asoc.peer_supports_prsctp = 1;
5078 case SCTP_PACKET_DROPPED:
5079 stcb->asoc.peer_supports_pktdrop = 1;
5081 case SCTP_STREAM_RESET:
5082 stcb->asoc.peer_supports_strreset = 1;
5084 case SCTP_AUTHENTICATION:
5085 stcb->asoc.peer_supports_auth = 1;
5088 /* one I have not learned yet */
5093 } else if (ptype == SCTP_ECN_NONCE_SUPPORTED) {
5094 /* Peer supports ECN-nonce */
5095 stcb->asoc.peer_supports_ecn_nonce = 1;
5096 stcb->asoc.ecn_nonce_allowed = 1;
5097 } else if (ptype == SCTP_RANDOM) {
5098 if (plen > sizeof(random_store))
5101 /* already processed a RANDOM */
5104 phdr = sctp_get_next_param(m, offset,
5105 (struct sctp_paramhdr *)random_store,
5106 min(sizeof(random_store), plen));
5109 p_random = (struct sctp_auth_random *)phdr;
5110 random_len = plen - sizeof(*p_random);
5111 /* enforce the random length */
5112 if (random_len != SCTP_AUTH_RANDOM_SIZE_REQUIRED) {
5113 SCTPDBG(SCTP_DEBUG_AUTH1, "SCTP: invalid RANDOM len\n");
5117 } else if (ptype == SCTP_HMAC_LIST) {
5121 if (plen > sizeof(hmacs_store))
5124 /* already processed a HMAC list */
5127 phdr = sctp_get_next_param(m, offset,
5128 (struct sctp_paramhdr *)hmacs_store,
5129 min(plen, sizeof(hmacs_store)));
5132 hmacs = (struct sctp_auth_hmac_algo *)phdr;
5133 hmacs_len = plen - sizeof(*hmacs);
5134 num_hmacs = hmacs_len / sizeof(hmacs->hmac_ids[0]);
5135 /* validate the hmac list */
5136 if (sctp_verify_hmac_param(hmacs, num_hmacs)) {
5139 if (stcb->asoc.peer_hmacs != NULL)
5140 sctp_free_hmaclist(stcb->asoc.peer_hmacs);
5141 stcb->asoc.peer_hmacs = sctp_alloc_hmaclist(num_hmacs);
5142 if (stcb->asoc.peer_hmacs != NULL) {
5143 for (i = 0; i < num_hmacs; i++) {
5144 (void)sctp_auth_add_hmacid(stcb->asoc.peer_hmacs,
5145 ntohs(hmacs->hmac_ids[i]));
5149 } else if (ptype == SCTP_CHUNK_LIST) {
5152 if (plen > sizeof(chunks_store))
5155 /* already processed a Chunks list */
5158 phdr = sctp_get_next_param(m, offset,
5159 (struct sctp_paramhdr *)chunks_store,
5160 min(plen, sizeof(chunks_store)));
5163 chunks = (struct sctp_auth_chunk_list *)phdr;
5164 num_chunks = plen - sizeof(*chunks);
5165 if (stcb->asoc.peer_auth_chunks != NULL)
5166 sctp_clear_chunklist(stcb->asoc.peer_auth_chunks);
5168 stcb->asoc.peer_auth_chunks = sctp_alloc_chunklist();
5169 for (i = 0; i < num_chunks; i++) {
5170 (void)sctp_auth_add_chunk(chunks->chunk_types[i],
5171 stcb->asoc.peer_auth_chunks);
5174 } else if ((ptype == SCTP_HEARTBEAT_INFO) ||
5175 (ptype == SCTP_STATE_COOKIE) ||
5176 (ptype == SCTP_UNRECOG_PARAM) ||
5177 (ptype == SCTP_COOKIE_PRESERVE) ||
5178 (ptype == SCTP_SUPPORTED_ADDRTYPE) ||
5179 (ptype == SCTP_ADD_IP_ADDRESS) ||
5180 (ptype == SCTP_DEL_IP_ADDRESS) ||
5181 (ptype == SCTP_ERROR_CAUSE_IND) ||
5182 (ptype == SCTP_SUCCESS_REPORT)) {
5185 if ((ptype & 0x8000) == 0x0000) {
5187 * must stop processing the rest of the
5188 * param's. Any report bits were handled
5190 * sctp_arethere_unrecognized_parameters()
5191 * when the INIT or INIT-ACK was first seen.
5197 offset += SCTP_SIZE32(plen);
5198 if (offset >= limit) {
5201 phdr = sctp_get_next_param(m, offset, &parm_buf,
5204 /* Now check to see if we need to purge any addresses */
5205 for (net = TAILQ_FIRST(&stcb->asoc.nets); net != NULL; net = net_tmp) {
5206 net_tmp = TAILQ_NEXT(net, sctp_next);
5207 if ((net->dest_state & SCTP_ADDR_NOT_IN_ASSOC) ==
5208 SCTP_ADDR_NOT_IN_ASSOC) {
5209 /* This address has been removed from the asoc */
5210 /* remove and free it */
5211 stcb->asoc.numnets--;
5212 TAILQ_REMOVE(&stcb->asoc.nets, net, sctp_next);
5213 sctp_free_remote_addr(net);
5214 if (net == stcb->asoc.primary_destination) {
5215 stcb->asoc.primary_destination = NULL;
5216 sctp_select_primary_destination(stcb);
5220 /* validate authentication required parameters */
5221 if (got_random && got_hmacs) {
5222 stcb->asoc.peer_supports_auth = 1;
5224 stcb->asoc.peer_supports_auth = 0;
5226 if (!stcb->asoc.peer_supports_auth && got_chklist) {
5227 /* peer does not support auth but sent a chunks list? */
5230 if (!sctp_asconf_auth_nochk && stcb->asoc.peer_supports_asconf &&
5231 !stcb->asoc.peer_supports_auth) {
5232 /* peer supports asconf but not auth? */
5235 /* concatenate the full random key */
5236 #ifdef SCTP_AUTH_DRAFT_04
5237 keylen = random_len;
5238 new_key = sctp_alloc_key(keylen);
5239 if (new_key != NULL) {
5240 /* copy in the RANDOM */
5241 if (p_random != NULL)
5242 bcopy(p_random->random_data, new_key->key, random_len);
5245 keylen = sizeof(*p_random) + random_len + sizeof(*chunks) + num_chunks +
5246 sizeof(*hmacs) + hmacs_len;
5247 new_key = sctp_alloc_key(keylen);
5248 if (new_key != NULL) {
5249 /* copy in the RANDOM */
5250 if (p_random != NULL) {
5251 keylen = sizeof(*p_random) + random_len;
5252 bcopy(p_random, new_key->key, keylen);
5254 /* append in the AUTH chunks */
5255 if (chunks != NULL) {
5256 bcopy(chunks, new_key->key + keylen,
5257 sizeof(*chunks) + num_chunks);
5258 keylen += sizeof(*chunks) + num_chunks;
5260 /* append in the HMACs */
5261 if (hmacs != NULL) {
5262 bcopy(hmacs, new_key->key + keylen,
5263 sizeof(*hmacs) + hmacs_len);
5268 /* failed to get memory for the key */
5271 if (stcb->asoc.authinfo.peer_random != NULL)
5272 sctp_free_key(stcb->asoc.authinfo.peer_random);
5273 stcb->asoc.authinfo.peer_random = new_key;
5274 #ifdef SCTP_AUTH_DRAFT_04
5275 /* don't include the chunks and hmacs for draft -04 */
5276 stcb->asoc.authinfo.peer_random->keylen = random_len;
5278 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid);
5279 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid);
5285 sctp_set_primary_addr(struct sctp_tcb *stcb, struct sockaddr *sa,
5286 struct sctp_nets *net)
5288 /* make sure the requested primary address exists in the assoc */
5289 if (net == NULL && sa)
5290 net = sctp_findnet(stcb, sa);
5293 /* didn't find the requested primary address! */
5296 /* set the primary address */
5297 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
5298 /* Must be confirmed, so queue to set */
5299 net->dest_state |= SCTP_ADDR_REQ_PRIMARY;
5302 stcb->asoc.primary_destination = net;
5303 net->dest_state &= ~SCTP_ADDR_WAS_PRIMARY;
5304 net = TAILQ_FIRST(&stcb->asoc.nets);
5305 if (net != stcb->asoc.primary_destination) {
5307 * first one on the list is NOT the primary
5308 * sctp_cmpaddr() is much more efficent if the
5309 * primary is the first on the list, make it so.
5311 TAILQ_REMOVE(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
5312 TAILQ_INSERT_HEAD(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
5320 sctp_is_vtag_good(struct sctp_inpcb *inp, uint32_t tag, struct timeval *now)
5323 * This function serves two purposes. It will see if a TAG can be
5324 * re-used and return 1 for yes it is ok and 0 for don't use that
5325 * tag. A secondary function it will do is purge out old tags that
5328 struct sctpasochead *head;
5329 struct sctpvtaghead *chain;
5330 struct sctp_tagblock *twait_block;
5331 struct sctp_tcb *stcb;
5334 SCTP_INP_INFO_WLOCK();
5335 chain = &sctppcbinfo.vtag_timewait[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
5336 /* First is the vtag in use ? */
5338 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(tag,
5339 sctppcbinfo.hashasocmark)];
5343 LIST_FOREACH(stcb, head, sctp_asocs) {
5345 if (stcb->asoc.my_vtag == tag) {
5347 * We should remove this if and return 0 always if
5348 * we want vtags unique across all endpoints. For
5349 * now within a endpoint is ok.
5351 if (inp == stcb->sctp_ep) {
5352 /* bad tag, in use */
5353 SCTP_INP_INFO_WUNLOCK();
5359 /* Now lets check the restart hash */
5360 head = &sctppcbinfo.sctp_restarthash[SCTP_PCBHASH_ASOC(tag,
5361 sctppcbinfo.hashrestartmark)];
5363 goto check_time_wait;
5365 LIST_FOREACH(stcb, head, sctp_tcbrestarhash) {
5366 if (stcb->asoc.assoc_id == tag) {
5368 if (inp == stcb->sctp_ep) {
5369 /* bad tag, in use */
5370 SCTP_INP_INFO_WUNLOCK();
5376 /* Now what about timed wait ? */
5377 if (!SCTP_LIST_EMPTY(chain)) {
5379 * Block(s) are present, lets see if we have this tag in the
5382 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
5383 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
5384 if (twait_block->vtag_block[i].v_tag == 0) {
5387 } else if ((long)twait_block->vtag_block[i].tv_sec_at_expire >
5389 /* Audit expires this guy */
5390 twait_block->vtag_block[i].tv_sec_at_expire = 0;
5391 twait_block->vtag_block[i].v_tag = 0;
5392 } else if (twait_block->vtag_block[i].v_tag ==
5394 /* Bad tag, sorry :< */
5395 SCTP_INP_INFO_WUNLOCK();
5401 /* Not found, ok to use the tag */
5402 SCTP_INP_INFO_WUNLOCK();
5407 static sctp_assoc_t reneged_asoc_ids[256];
5408 static uint8_t reneged_at = 0;
5412 sctp_drain_mbufs(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
5415 * We must hunt this association for MBUF's past the cumack (i.e.
5416 * out of order data that we can renege on).
5418 struct sctp_association *asoc;
5419 struct sctp_tmit_chunk *chk, *nchk;
5420 uint32_t cumulative_tsn_p1, tsn;
5421 struct sctp_queued_to_read *ctl, *nctl;
5422 int cnt, strmat, gap;
5424 /* We look for anything larger than the cum-ack + 1 */
5426 SCTP_STAT_INCR(sctps_protocol_drain_calls);
5427 if (sctp_do_drain == 0) {
5431 if (asoc->cumulative_tsn == asoc->highest_tsn_inside_map) {
5432 /* none we can reneg on. */
5435 SCTP_STAT_INCR(sctps_protocol_drains_done);
5436 cumulative_tsn_p1 = asoc->cumulative_tsn + 1;
5438 /* First look in the re-assembly queue */
5439 chk = TAILQ_FIRST(&asoc->reasmqueue);
5441 /* Get the next one */
5442 nchk = TAILQ_NEXT(chk, sctp_next);
5443 if (compare_with_wrap(chk->rec.data.TSN_seq,
5444 cumulative_tsn_p1, MAX_TSN)) {
5445 /* Yep it is above cum-ack */
5447 tsn = chk->rec.data.TSN_seq;
5448 if (tsn >= asoc->mapping_array_base_tsn) {
5449 gap = tsn - asoc->mapping_array_base_tsn;
5451 gap = (MAX_TSN - asoc->mapping_array_base_tsn) +
5454 asoc->size_on_reasm_queue = sctp_sbspace_sub(asoc->size_on_reasm_queue, chk->send_size);
5455 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
5456 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
5457 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
5459 sctp_m_freem(chk->data);
5462 sctp_free_remote_addr(chk->whoTo);
5463 sctp_free_a_chunk(stcb, chk);
5467 /* Ok that was fun, now we will drain all the inbound streams? */
5468 for (strmat = 0; strmat < asoc->streamincnt; strmat++) {
5469 ctl = TAILQ_FIRST(&asoc->strmin[strmat].inqueue);
5471 nctl = TAILQ_NEXT(ctl, next);
5472 if (compare_with_wrap(ctl->sinfo_tsn,
5473 cumulative_tsn_p1, MAX_TSN)) {
5474 /* Yep it is above cum-ack */
5476 tsn = ctl->sinfo_tsn;
5477 if (tsn >= asoc->mapping_array_base_tsn) {
5479 asoc->mapping_array_base_tsn;
5482 asoc->mapping_array_base_tsn) +
5485 asoc->size_on_all_streams = sctp_sbspace_sub(asoc->size_on_all_streams, ctl->length);
5486 sctp_ucount_decr(asoc->cnt_on_all_streams);
5488 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array,
5490 TAILQ_REMOVE(&asoc->strmin[strmat].inqueue,
5493 sctp_m_freem(ctl->data);
5496 sctp_free_remote_addr(ctl->whoFrom);
5497 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_readq, ctl);
5498 SCTP_DECR_READQ_COUNT();
5504 * Question, should we go through the delivery queue? The only
5505 * reason things are on here is the app not reading OR a p-d-api up.
5506 * An attacker COULD send enough in to initiate the PD-API and then
5507 * send a bunch of stuff to other streams... these would wind up on
5508 * the delivery queue.. and then we would not get to them. But in
5509 * order to do this I then have to back-track and un-deliver
5510 * sequence numbers in streams.. el-yucko. I think for now we will
5511 * NOT look at the delivery queue and leave it to be something to
5512 * consider later. An alternative would be to abort the P-D-API with
5513 * a notification and then deliver the data.... Or another method
5514 * might be to keep track of how many times the situation occurs and
5515 * if we see a possible attack underway just abort the association.
5519 SCTPDBG(SCTP_DEBUG_PCB1, "Freed %d chunks from reneg harvest\n", cnt);
5524 * Now do we need to find a new
5525 * asoc->highest_tsn_inside_map?
5527 if (asoc->highest_tsn_inside_map >= asoc->mapping_array_base_tsn) {
5528 gap = asoc->highest_tsn_inside_map - asoc->mapping_array_base_tsn;
5530 gap = (MAX_TSN - asoc->mapping_array_base_tsn) +
5531 asoc->highest_tsn_inside_map + 1;
5533 if (gap >= (asoc->mapping_array_size << 3)) {
5535 * Something bad happened or cum-ack and high were
5536 * behind the base, but if so earlier checks should
5537 * have found NO data... wierd... we will start at
5538 * end of mapping array.
5540 SCTP_PRINTF("Gap was larger than array?? %d set to max:%d maparraymax:%x\n",
5542 (int)(asoc->mapping_array_size << 3),
5543 (int)asoc->highest_tsn_inside_map);
5544 gap = asoc->mapping_array_size << 3;
5547 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) {
5548 /* found the new highest */
5549 asoc->highest_tsn_inside_map = asoc->mapping_array_base_tsn + gap;
5555 /* Nothing left in map */
5556 memset(asoc->mapping_array, 0, asoc->mapping_array_size);
5557 asoc->mapping_array_base_tsn = asoc->cumulative_tsn + 1;
5558 asoc->highest_tsn_inside_map = asoc->cumulative_tsn;
5560 asoc->last_revoke_count = cnt;
5561 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer);
5562 sctp_send_sack(stcb);
5563 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_DRAIN);
5564 reneged_asoc_ids[reneged_at] = sctp_get_associd(stcb);
5568 * Another issue, in un-setting the TSN's in the mapping array we
5569 * DID NOT adjust the higest_tsn marker. This will cause one of two
5570 * things to occur. It may cause us to do extra work in checking for
5571 * our mapping array movement. More importantly it may cause us to
5572 * SACK every datagram. This may not be a bad thing though since we
5573 * will recover once we get our cum-ack above and all this stuff we
5582 * We must walk the PCB lists for ALL associations here. The system
5583 * is LOW on MBUF's and needs help. This is where reneging will
5584 * occur. We really hope this does NOT happen!
5586 struct sctp_inpcb *inp;
5587 struct sctp_tcb *stcb;
5589 SCTP_INP_INFO_RLOCK();
5590 LIST_FOREACH(inp, &sctppcbinfo.listhead, sctp_list) {
5591 /* For each endpoint */
5592 SCTP_INP_RLOCK(inp);
5593 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
5594 /* For each association */
5595 SCTP_TCB_LOCK(stcb);
5596 sctp_drain_mbufs(inp, stcb);
5597 SCTP_TCB_UNLOCK(stcb);
5599 SCTP_INP_RUNLOCK(inp);
5601 SCTP_INP_INFO_RUNLOCK();
5605 * start a new iterator
5606 * iterates through all endpoints and associations based on the pcb_state
5607 * flags and asoc_state. "af" (mandatory) is executed for all matching
5608 * assocs and "ef" (optional) is executed when the iterator completes.
5609 * "inpf" (optional) is executed for each new endpoint as it is being
5610 * iterated through. inpe (optional) is called when the inp completes
5611 * its way through all the stcbs.
5614 sctp_initiate_iterator(inp_func inpf,
5618 uint32_t pcb_features,
5619 uint32_t asoc_state,
5623 struct sctp_inpcb *s_inp,
5624 uint8_t chunk_output_off)
5626 struct sctp_iterator *it = NULL;
5631 SCTP_MALLOC(it, struct sctp_iterator *, sizeof(struct sctp_iterator),
5636 memset(it, 0, sizeof(*it));
5637 it->function_assoc = af;
5638 it->function_inp = inpf;
5640 it->done_current_ep = 0;
5642 it->done_current_ep = 1;
5643 it->function_atend = ef;
5646 it->pcb_flags = pcb_state;
5647 it->pcb_features = pcb_features;
5648 it->asoc_state = asoc_state;
5649 it->function_inp_end = inpe;
5650 it->no_chunk_output = chunk_output_off;
5653 it->iterator_flags = SCTP_ITERATOR_DO_SINGLE_INP;
5655 SCTP_INP_INFO_RLOCK();
5656 it->inp = LIST_FIRST(&sctppcbinfo.listhead);
5658 SCTP_INP_INFO_RUNLOCK();
5659 it->iterator_flags = SCTP_ITERATOR_DO_ALL_INP;
5662 SCTP_IPI_ITERATOR_WQ_LOCK();
5664 SCTP_INP_INCR_REF(it->inp);
5666 TAILQ_INSERT_TAIL(&sctppcbinfo.iteratorhead, it, sctp_nxt_itr);
5667 #if defined(SCTP_USE_THREAD_BASED_ITERATOR)
5668 if (sctppcbinfo.iterator_running == 0) {
5669 sctp_wakeup_iterator();
5671 SCTP_IPI_ITERATOR_WQ_UNLOCK();
5674 SCTP_INP_DECR_REF(it->inp);
5675 SCTP_IPI_ITERATOR_WQ_UNLOCK();
5676 /* Init the timer */
5677 SCTP_OS_TIMER_INIT(&it->tmr.timer);
5678 /* add to the list of all iterators */
5679 sctp_timer_start(SCTP_TIMER_TYPE_ITERATOR, (struct sctp_inpcb *)it,
5682 /* sa_ignore MEMLEAK {memory is put on the tailq for the iterator} */