2 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
3 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
4 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * a) Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
12 * b) Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the distribution.
16 * c) Neither the name of Cisco Systems, Inc. nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
30 * THE POSSIBILITY OF SUCH DAMAGE.
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD: head/sys/netinet/sctp_pcb.c 263922 2014-03-29 21:26:45Z tuexen $");
38 #include <netinet/sctp_os.h>
42 #include <netinet/sctp_var.h>
43 #include <netinet/sctp_sysctl.h>
44 #include <netinet/sctp_pcb.h>
45 #include <netinet/sctputil.h>
46 #include <netinet/sctp.h>
47 #include <netinet/sctp_header.h>
48 #include <netinet/sctp_asconf.h>
49 #include <netinet/sctp_output.h>
50 #include <netinet/sctp_timer.h>
51 #include <netinet/sctp_bsd_addr.h>
52 #if defined(__FreeBSD__) && __FreeBSD_version >= 803000
53 #include <netinet/sctp_dtrace_define.h>
55 #if !defined(__Userspace_os_Windows)
56 #include <netinet/udp.h>
59 #if defined(__Userspace__)
60 #include "user_ip6_var.h"
62 #include <netinet6/ip6_var.h>
65 #if defined(__FreeBSD__)
66 #include <sys/sched.h>
68 #include <sys/unistd.h>
70 #if defined(__Userspace__)
71 #include <user_socketvar.h>
74 #if defined(__APPLE__)
75 #define APPLE_FILE_NO 4
78 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000
79 VNET_DEFINE(struct sctp_base_info, system_base_info);
81 struct sctp_base_info system_base_info;
84 #if defined(__Userspace__)
85 #if defined(INET) || defined(INET6)
86 struct ifaddrs *g_interfaces;
89 /* FIX: we don't handle multiple link local scopes */
90 /* "scopeless" replacement IN6_ARE_ADDR_EQUAL */
93 SCTP6_ARE_ADDR_EQUAL(struct sockaddr_in6 *a, struct sockaddr_in6 *b)
95 #ifdef SCTP_EMBEDDED_V6_SCOPE
96 #if defined(__APPLE__)
97 struct in6_addr tmp_a, tmp_b;
100 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
101 if (in6_embedscope(&tmp_a, a, NULL, NULL) != 0) {
103 if (in6_embedscope(&tmp_a, a, NULL, NULL, NULL) != 0) {
107 tmp_b = b->sin6_addr;
108 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
109 if (in6_embedscope(&tmp_b, b, NULL, NULL) != 0) {
111 if (in6_embedscope(&tmp_b, b, NULL, NULL, NULL) != 0) {
115 return (IN6_ARE_ADDR_EQUAL(&tmp_a, &tmp_b));
116 #elif defined(SCTP_KAME)
117 struct sockaddr_in6 tmp_a, tmp_b;
119 memcpy(&tmp_a, a, sizeof(struct sockaddr_in6));
120 if (sa6_embedscope(&tmp_a, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
123 memcpy(&tmp_b, b, sizeof(struct sockaddr_in6));
124 if (sa6_embedscope(&tmp_b, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
127 return (IN6_ARE_ADDR_EQUAL(&tmp_a.sin6_addr, &tmp_b.sin6_addr));
129 struct in6_addr tmp_a, tmp_b;
131 tmp_a = a->sin6_addr;
132 if (in6_embedscope(&tmp_a, a) != 0) {
135 tmp_b = b->sin6_addr;
136 if (in6_embedscope(&tmp_b, b) != 0) {
139 return (IN6_ARE_ADDR_EQUAL(&tmp_a, &tmp_b));
142 return (IN6_ARE_ADDR_EQUAL(&(a->sin6_addr), &(b->sin6_addr)));
143 #endif /* SCTP_EMBEDDED_V6_SCOPE */
148 sctp_fill_pcbinfo(struct sctp_pcbinfo *spcb)
151 * We really don't need to lock this, but I will just because it
154 SCTP_INP_INFO_RLOCK();
155 spcb->ep_count = SCTP_BASE_INFO(ipi_count_ep);
156 spcb->asoc_count = SCTP_BASE_INFO(ipi_count_asoc);
157 spcb->laddr_count = SCTP_BASE_INFO(ipi_count_laddr);
158 spcb->raddr_count = SCTP_BASE_INFO(ipi_count_raddr);
159 spcb->chk_count = SCTP_BASE_INFO(ipi_count_chunk);
160 spcb->readq_count = SCTP_BASE_INFO(ipi_count_readq);
161 spcb->stream_oque = SCTP_BASE_INFO(ipi_count_strmoq);
162 spcb->free_chunks = SCTP_BASE_INFO(ipi_free_chunks);
163 SCTP_INP_INFO_RUNLOCK();
167 * Addresses are added to VRF's (Virtual Router's). For BSD we
168 * have only the default VRF 0. We maintain a hash list of
169 * VRF's. Each VRF has its own list of sctp_ifn's. Each of
170 * these has a list of addresses. When we add a new address
171 * to a VRF we lookup the ifn/ifn_index, if the ifn does
172 * not exist we create it and add it to the list of IFN's
173 * within the VRF. Once we have the sctp_ifn, we add the
174 * address to the list. So we look something like:
177 * vrf-> ifn-> ifn -> ifn
179 * ... +--ifa-> ifa -> ifa
182 * We keep these separate lists since the SCTP subsystem will
183 * point to these from its source address selection nets structure.
184 * When an address is deleted it does not happen right away on
185 * the SCTP side, it gets scheduled. What we do when a
186 * delete happens is immediately remove the address from
187 * the master list and decrement the refcount. As our
188 * addip iterator works through and frees the src address
189 * selection pointing to the sctp_ifa, eventually the refcount
190 * will reach 0 and we will delete it. Note that it is assumed
191 * that any locking on system level ifn/ifa is done at the
192 * caller of these functions and these routines will only
193 * lock the SCTP structures as they add or delete things.
195 * Other notes on VRF concepts.
196 * - An endpoint can be in multiple VRF's
197 * - An association lives within a VRF and only one VRF.
198 * - Any incoming packet we can deduce the VRF for by
199 * looking at the mbuf/pak inbound (for BSD its VRF=0 :D)
200 * - Any downward send call or connect call must supply the
201 * VRF via ancillary data or via some sort of set default
202 * VRF socket option call (again for BSD no brainer since
203 * the VRF is always 0).
204 * - An endpoint may add multiple VRF's to it.
205 * - Listening sockets can accept associations in any
206 * of the VRF's they are in but the assoc will end up
207 * in only one VRF (gotten from the packet or connect/send).
212 sctp_allocate_vrf(int vrf_id)
214 struct sctp_vrf *vrf = NULL;
215 struct sctp_vrflist *bucket;
217 /* First allocate the VRF structure */
218 vrf = sctp_find_vrf(vrf_id);
220 /* Already allocated */
223 SCTP_MALLOC(vrf, struct sctp_vrf *, sizeof(struct sctp_vrf),
228 panic("No memory for VRF:%d", vrf_id);
233 memset(vrf, 0, sizeof(struct sctp_vrf));
234 vrf->vrf_id = vrf_id;
235 LIST_INIT(&vrf->ifnlist);
236 vrf->total_ifa_count = 0;
238 /* now also setup table ids */
239 SCTP_INIT_VRF_TABLEID(vrf);
240 /* Init the HASH of addresses */
241 vrf->vrf_addr_hash = SCTP_HASH_INIT(SCTP_VRF_ADDR_HASH_SIZE,
242 &vrf->vrf_addr_hashmark);
243 if (vrf->vrf_addr_hash == NULL) {
246 panic("No memory for VRF:%d", vrf_id);
248 SCTP_FREE(vrf, SCTP_M_VRF);
252 /* Add it to the hash table */
253 bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(vrf_id & SCTP_BASE_INFO(hashvrfmark))];
254 LIST_INSERT_HEAD(bucket, vrf, next_vrf);
255 atomic_add_int(&SCTP_BASE_INFO(ipi_count_vrfs), 1);
261 sctp_find_ifn(void *ifn, uint32_t ifn_index)
263 struct sctp_ifn *sctp_ifnp;
264 struct sctp_ifnlist *hash_ifn_head;
266 /* We assume the lock is held for the addresses
267 * if that's wrong problems could occur :-)
269 hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))];
270 LIST_FOREACH(sctp_ifnp, hash_ifn_head, next_bucket) {
271 if (sctp_ifnp->ifn_index == ifn_index) {
274 if (sctp_ifnp->ifn_p && ifn && (sctp_ifnp->ifn_p == ifn)) {
283 sctp_find_vrf(uint32_t vrf_id)
285 struct sctp_vrflist *bucket;
286 struct sctp_vrf *liste;
288 bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(vrf_id & SCTP_BASE_INFO(hashvrfmark))];
289 LIST_FOREACH(liste, bucket, next_vrf) {
290 if (vrf_id == liste->vrf_id) {
299 sctp_free_vrf(struct sctp_vrf *vrf)
301 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&vrf->refcount)) {
302 if (vrf->vrf_addr_hash) {
303 SCTP_HASH_FREE(vrf->vrf_addr_hash, vrf->vrf_addr_hashmark);
304 vrf->vrf_addr_hash = NULL;
306 /* We zero'd the count */
307 LIST_REMOVE(vrf, next_vrf);
308 SCTP_FREE(vrf, SCTP_M_VRF);
309 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_vrfs), 1);
315 sctp_free_ifn(struct sctp_ifn *sctp_ifnp)
317 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&sctp_ifnp->refcount)) {
318 /* We zero'd the count */
319 if (sctp_ifnp->vrf) {
320 sctp_free_vrf(sctp_ifnp->vrf);
322 SCTP_FREE(sctp_ifnp, SCTP_M_IFN);
323 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_ifns), 1);
329 sctp_update_ifn_mtu(uint32_t ifn_index, uint32_t mtu)
331 struct sctp_ifn *sctp_ifnp;
333 sctp_ifnp = sctp_find_ifn((void *)NULL, ifn_index);
334 if (sctp_ifnp != NULL) {
335 sctp_ifnp->ifn_mtu = mtu;
341 sctp_free_ifa(struct sctp_ifa *sctp_ifap)
343 if (SCTP_DECREMENT_AND_CHECK_REFCOUNT(&sctp_ifap->refcount)) {
344 /* We zero'd the count */
345 if (sctp_ifap->ifn_p) {
346 sctp_free_ifn(sctp_ifap->ifn_p);
348 SCTP_FREE(sctp_ifap, SCTP_M_IFA);
349 atomic_subtract_int(&SCTP_BASE_INFO(ipi_count_ifas), 1);
355 sctp_delete_ifn(struct sctp_ifn *sctp_ifnp, int hold_addr_lock)
357 struct sctp_ifn *found;
359 found = sctp_find_ifn(sctp_ifnp->ifn_p, sctp_ifnp->ifn_index);
361 /* Not in the list.. sorry */
364 if (hold_addr_lock == 0)
365 SCTP_IPI_ADDR_WLOCK();
366 LIST_REMOVE(sctp_ifnp, next_bucket);
367 LIST_REMOVE(sctp_ifnp, next_ifn);
368 SCTP_DEREGISTER_INTERFACE(sctp_ifnp->ifn_index,
369 sctp_ifnp->registered_af);
370 if (hold_addr_lock == 0)
371 SCTP_IPI_ADDR_WUNLOCK();
372 /* Take away the reference, and possibly free it */
373 sctp_free_ifn(sctp_ifnp);
378 sctp_mark_ifa_addr_down(uint32_t vrf_id, struct sockaddr *addr,
379 const char *if_name, uint32_t ifn_index)
381 struct sctp_vrf *vrf;
382 struct sctp_ifa *sctp_ifap;
384 SCTP_IPI_ADDR_RLOCK();
385 vrf = sctp_find_vrf(vrf_id);
387 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id);
391 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
392 if (sctp_ifap == NULL) {
393 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find sctp_ifap for address\n");
396 if (sctp_ifap->ifn_p == NULL) {
397 SCTPDBG(SCTP_DEBUG_PCB4, "IFA has no IFN - can't mark unuseable\n");
401 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) != 0) {
402 SCTPDBG(SCTP_DEBUG_PCB4, "IFN %s of IFA not the same as %s\n",
403 sctp_ifap->ifn_p->ifn_name, if_name);
407 if (sctp_ifap->ifn_p->ifn_index != ifn_index) {
408 SCTPDBG(SCTP_DEBUG_PCB4, "IFA owned by ifn_index:%d down command for ifn_index:%d - ignored\n",
409 sctp_ifap->ifn_p->ifn_index, ifn_index);
414 sctp_ifap->localifa_flags &= (~SCTP_ADDR_VALID);
415 sctp_ifap->localifa_flags |= SCTP_ADDR_IFA_UNUSEABLE;
417 SCTP_IPI_ADDR_RUNLOCK();
422 sctp_mark_ifa_addr_up(uint32_t vrf_id, struct sockaddr *addr,
423 const char *if_name, uint32_t ifn_index)
425 struct sctp_vrf *vrf;
426 struct sctp_ifa *sctp_ifap;
428 SCTP_IPI_ADDR_RLOCK();
429 vrf = sctp_find_vrf(vrf_id);
431 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id);
435 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
436 if (sctp_ifap == NULL) {
437 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find sctp_ifap for address\n");
440 if (sctp_ifap->ifn_p == NULL) {
441 SCTPDBG(SCTP_DEBUG_PCB4, "IFA has no IFN - can't mark unuseable\n");
445 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) != 0) {
446 SCTPDBG(SCTP_DEBUG_PCB4, "IFN %s of IFA not the same as %s\n",
447 sctp_ifap->ifn_p->ifn_name, if_name);
451 if (sctp_ifap->ifn_p->ifn_index != ifn_index) {
452 SCTPDBG(SCTP_DEBUG_PCB4, "IFA owned by ifn_index:%d down command for ifn_index:%d - ignored\n",
453 sctp_ifap->ifn_p->ifn_index, ifn_index);
458 sctp_ifap->localifa_flags &= (~SCTP_ADDR_IFA_UNUSEABLE);
459 sctp_ifap->localifa_flags |= SCTP_ADDR_VALID;
461 SCTP_IPI_ADDR_RUNLOCK();
466 * Add an ifa to an ifn.
467 * Register the interface as necessary.
468 * NOTE: ADDR write lock MUST be held.
471 sctp_add_ifa_to_ifn(struct sctp_ifn *sctp_ifnp, struct sctp_ifa *sctp_ifap)
475 LIST_INSERT_HEAD(&sctp_ifnp->ifalist, sctp_ifap, next_ifa);
476 sctp_ifap->ifn_p = sctp_ifnp;
477 atomic_add_int(&sctp_ifap->ifn_p->refcount, 1);
478 /* update address counts */
479 sctp_ifnp->ifa_count++;
480 ifa_af = sctp_ifap->address.sa.sa_family;
495 if (sctp_ifnp->ifa_count == 1) {
496 /* register the new interface */
497 SCTP_REGISTER_INTERFACE(sctp_ifnp->ifn_index, ifa_af);
498 sctp_ifnp->registered_af = ifa_af;
504 * Remove an ifa from its ifn.
505 * If no more addresses exist, remove the ifn too. Otherwise, re-register
506 * the interface based on the remaining address families left.
507 * NOTE: ADDR write lock MUST be held.
510 sctp_remove_ifa_from_ifn(struct sctp_ifa *sctp_ifap)
512 LIST_REMOVE(sctp_ifap, next_ifa);
513 if (sctp_ifap->ifn_p) {
514 /* update address counts */
515 sctp_ifap->ifn_p->ifa_count--;
516 switch (sctp_ifap->address.sa.sa_family) {
519 sctp_ifap->ifn_p->num_v4--;
524 sctp_ifap->ifn_p->num_v6--;
531 if (LIST_EMPTY(&sctp_ifap->ifn_p->ifalist)) {
532 /* remove the ifn, possibly freeing it */
533 sctp_delete_ifn(sctp_ifap->ifn_p, SCTP_ADDR_LOCKED);
535 /* re-register address family type, if needed */
536 if ((sctp_ifap->ifn_p->num_v6 == 0) &&
537 (sctp_ifap->ifn_p->registered_af == AF_INET6)) {
538 SCTP_DEREGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET6);
539 SCTP_REGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET);
540 sctp_ifap->ifn_p->registered_af = AF_INET;
541 } else if ((sctp_ifap->ifn_p->num_v4 == 0) &&
542 (sctp_ifap->ifn_p->registered_af == AF_INET)) {
543 SCTP_DEREGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET);
544 SCTP_REGISTER_INTERFACE(sctp_ifap->ifn_p->ifn_index, AF_INET6);
545 sctp_ifap->ifn_p->registered_af = AF_INET6;
547 /* free the ifn refcount */
548 sctp_free_ifn(sctp_ifap->ifn_p);
550 sctp_ifap->ifn_p = NULL;
556 sctp_add_addr_to_vrf(uint32_t vrf_id, void *ifn, uint32_t ifn_index,
557 uint32_t ifn_type, const char *if_name, void *ifa,
558 struct sockaddr *addr, uint32_t ifa_flags,
561 struct sctp_vrf *vrf;
562 struct sctp_ifn *sctp_ifnp = NULL;
563 struct sctp_ifa *sctp_ifap = NULL;
564 struct sctp_ifalist *hash_addr_head;
565 struct sctp_ifnlist *hash_ifn_head;
566 uint32_t hash_of_addr;
570 SCTPDBG(SCTP_DEBUG_PCB4, "vrf_id 0x%x: adding address: ", vrf_id);
571 SCTPDBG_ADDR(SCTP_DEBUG_PCB4, addr);
573 SCTP_IPI_ADDR_WLOCK();
574 sctp_ifnp = sctp_find_ifn(ifn, ifn_index);
576 vrf = sctp_ifnp->vrf;
578 vrf = sctp_find_vrf(vrf_id);
580 vrf = sctp_allocate_vrf(vrf_id);
582 SCTP_IPI_ADDR_WUNLOCK();
587 if (sctp_ifnp == NULL) {
588 /* build one and add it, can't hold lock
589 * until after malloc done though.
591 SCTP_IPI_ADDR_WUNLOCK();
592 SCTP_MALLOC(sctp_ifnp, struct sctp_ifn *,
593 sizeof(struct sctp_ifn), SCTP_M_IFN);
594 if (sctp_ifnp == NULL) {
596 panic("No memory for IFN");
600 memset(sctp_ifnp, 0, sizeof(struct sctp_ifn));
601 sctp_ifnp->ifn_index = ifn_index;
602 sctp_ifnp->ifn_p = ifn;
603 sctp_ifnp->ifn_type = ifn_type;
604 sctp_ifnp->refcount = 0;
605 sctp_ifnp->vrf = vrf;
606 atomic_add_int(&vrf->refcount, 1);
607 sctp_ifnp->ifn_mtu = SCTP_GATHER_MTU_FROM_IFN_INFO(ifn, ifn_index, addr->sa_family);
608 if (if_name != NULL) {
609 snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name);
611 snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown");
613 hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))];
614 LIST_INIT(&sctp_ifnp->ifalist);
615 SCTP_IPI_ADDR_WLOCK();
616 LIST_INSERT_HEAD(hash_ifn_head, sctp_ifnp, next_bucket);
617 LIST_INSERT_HEAD(&vrf->ifnlist, sctp_ifnp, next_ifn);
618 atomic_add_int(&SCTP_BASE_INFO(ipi_count_ifns), 1);
621 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
623 /* Hmm, it already exists? */
624 if ((sctp_ifap->ifn_p) &&
625 (sctp_ifap->ifn_p->ifn_index == ifn_index)) {
626 SCTPDBG(SCTP_DEBUG_PCB4, "Using existing ifn %s (0x%x) for ifa %p\n",
627 sctp_ifap->ifn_p->ifn_name, ifn_index,
630 /* Remove the created one that we don't want */
631 sctp_delete_ifn(sctp_ifnp, SCTP_ADDR_LOCKED);
633 if (sctp_ifap->localifa_flags & SCTP_BEING_DELETED) {
634 /* easy to solve, just switch back to active */
635 SCTPDBG(SCTP_DEBUG_PCB4, "Clearing deleted ifa flag\n");
636 sctp_ifap->localifa_flags = SCTP_ADDR_VALID;
637 sctp_ifap->ifn_p = sctp_ifnp;
638 atomic_add_int(&sctp_ifap->ifn_p->refcount, 1);
641 SCTP_IPI_ADDR_WUNLOCK();
644 if (sctp_ifap->ifn_p) {
646 * The last IFN gets the address, remove the
649 SCTPDBG(SCTP_DEBUG_PCB4, "Moving ifa %p from %s (0x%x) to %s (0x%x)\n",
650 (void *)sctp_ifap, sctp_ifap->ifn_p->ifn_name,
651 sctp_ifap->ifn_p->ifn_index, if_name,
653 /* remove the address from the old ifn */
654 sctp_remove_ifa_from_ifn(sctp_ifap);
655 /* move the address over to the new ifn */
656 sctp_add_ifa_to_ifn(sctp_ifnp, sctp_ifap);
657 goto exit_stage_left;
659 /* repair ifnp which was NULL ? */
660 sctp_ifap->localifa_flags = SCTP_ADDR_VALID;
661 SCTPDBG(SCTP_DEBUG_PCB4, "Repairing ifn %p for ifa %p\n",
662 (void *)sctp_ifnp, (void *)sctp_ifap);
663 sctp_add_ifa_to_ifn(sctp_ifnp, sctp_ifap);
665 goto exit_stage_left;
668 SCTP_IPI_ADDR_WUNLOCK();
669 SCTP_MALLOC(sctp_ifap, struct sctp_ifa *, sizeof(struct sctp_ifa), SCTP_M_IFA);
670 if (sctp_ifap == NULL) {
672 panic("No memory for IFA");
676 memset(sctp_ifap, 0, sizeof(struct sctp_ifa));
677 sctp_ifap->ifn_p = sctp_ifnp;
678 atomic_add_int(&sctp_ifnp->refcount, 1);
679 sctp_ifap->vrf_id = vrf_id;
680 sctp_ifap->ifa = ifa;
682 memcpy(&sctp_ifap->address, addr, addr->sa_len);
684 switch (addr->sa_family) {
687 memcpy(&sctp_ifap->address, addr, sizeof(struct sockaddr_in));
692 memcpy(&sctp_ifap->address, addr, sizeof(struct sockaddr_in6));
695 #if defined(__Userspace__)
697 memcpy(&sctp_ifap->address, addr, sizeof(struct sockaddr_conn));
705 sctp_ifap->localifa_flags = SCTP_ADDR_VALID | SCTP_ADDR_DEFER_USE;
706 sctp_ifap->flags = ifa_flags;
708 switch (sctp_ifap->address.sa.sa_family) {
712 struct sockaddr_in *sin;
714 sin = (struct sockaddr_in *)&sctp_ifap->address.sin;
715 if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) ||
716 (IN4_ISLOOPBACK_ADDRESS(&sin->sin_addr))) {
717 sctp_ifap->src_is_loop = 1;
719 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) {
720 sctp_ifap->src_is_priv = 1;
724 new_ifn_af = AF_INET;
731 /* ok to use deprecated addresses? */
732 struct sockaddr_in6 *sin6;
734 sin6 = (struct sockaddr_in6 *)&sctp_ifap->address.sin6;
735 if (SCTP_IFN_IS_IFT_LOOP(sctp_ifap->ifn_p) ||
736 (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))) {
737 sctp_ifap->src_is_loop = 1;
739 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
740 sctp_ifap->src_is_priv = 1;
744 new_ifn_af = AF_INET6;
748 #if defined(__Userspace__)
751 new_ifn_af = AF_CONN;
758 hash_of_addr = sctp_get_ifa_hash_val(&sctp_ifap->address.sa);
760 if ((sctp_ifap->src_is_priv == 0) &&
761 (sctp_ifap->src_is_loop == 0)) {
762 sctp_ifap->src_is_glob = 1;
764 SCTP_IPI_ADDR_WLOCK();
765 hash_addr_head = &vrf->vrf_addr_hash[(hash_of_addr & vrf->vrf_addr_hashmark)];
766 LIST_INSERT_HEAD(hash_addr_head, sctp_ifap, next_bucket);
767 sctp_ifap->refcount = 1;
768 LIST_INSERT_HEAD(&sctp_ifnp->ifalist, sctp_ifap, next_ifa);
769 sctp_ifnp->ifa_count++;
770 vrf->total_ifa_count++;
771 atomic_add_int(&SCTP_BASE_INFO(ipi_count_ifas), 1);
773 SCTP_REGISTER_INTERFACE(ifn_index, new_ifn_af);
774 sctp_ifnp->registered_af = new_ifn_af;
776 SCTP_IPI_ADDR_WUNLOCK();
778 /* Bump up the refcount so that when the timer
779 * completes it will drop back down.
781 struct sctp_laddr *wi;
783 atomic_add_int(&sctp_ifap->refcount, 1);
784 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
787 * Gak, what can we do? We have lost an address
788 * change can you say HOSED?
790 SCTPDBG(SCTP_DEBUG_PCB4, "Lost an address change?\n");
791 /* Opps, must decrement the count */
792 sctp_del_addr_from_vrf(vrf_id, addr, ifn_index,
796 SCTP_INCR_LADDR_COUNT();
797 bzero(wi, sizeof(*wi));
798 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time);
800 wi->action = SCTP_ADD_IP_ADDRESS;
803 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr);
804 SCTP_WQ_ADDR_UNLOCK();
806 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ,
807 (struct sctp_inpcb *)NULL,
808 (struct sctp_tcb *)NULL,
809 (struct sctp_nets *)NULL);
811 /* it's ready for use */
812 sctp_ifap->localifa_flags &= ~SCTP_ADDR_DEFER_USE;
818 sctp_del_addr_from_vrf(uint32_t vrf_id, struct sockaddr *addr,
819 uint32_t ifn_index, const char *if_name)
821 struct sctp_vrf *vrf;
822 struct sctp_ifa *sctp_ifap = NULL;
824 SCTP_IPI_ADDR_WLOCK();
825 vrf = sctp_find_vrf(vrf_id);
827 SCTPDBG(SCTP_DEBUG_PCB4, "Can't find vrf_id 0x%x\n", vrf_id);
832 SCTPDBG(SCTP_DEBUG_PCB4, "vrf_id 0x%x: deleting address:", vrf_id);
833 SCTPDBG_ADDR(SCTP_DEBUG_PCB4, addr);
835 sctp_ifap = sctp_find_ifa_by_addr(addr, vrf->vrf_id, SCTP_ADDR_LOCKED);
837 /* Validate the delete */
838 if (sctp_ifap->ifn_p) {
841 * The name has priority over the ifn_index
842 * if its given. We do this especially for
843 * panda who might recycle indexes fast.
846 if (strncmp(if_name, sctp_ifap->ifn_p->ifn_name, SCTP_IFNAMSIZ) == 0) {
847 /* They match its a correct delete */
852 /* last ditch check ifn_index */
853 if (ifn_index == sctp_ifap->ifn_p->ifn_index) {
858 SCTPDBG(SCTP_DEBUG_PCB4, "ifn:%d ifname:%s does not match addresses\n",
859 ifn_index, ((if_name == NULL) ? "NULL" : if_name));
860 SCTPDBG(SCTP_DEBUG_PCB4, "ifn:%d ifname:%s - ignoring delete\n",
861 sctp_ifap->ifn_p->ifn_index, sctp_ifap->ifn_p->ifn_name);
862 SCTP_IPI_ADDR_WUNLOCK();
866 SCTPDBG(SCTP_DEBUG_PCB4, "Deleting ifa %p\n", (void *)sctp_ifap);
867 sctp_ifap->localifa_flags &= SCTP_ADDR_VALID;
869 * We don't set the flag. This means that the structure will
870 * hang around in EP's that have bound specific to it until
871 * they close. This gives us TCP like behavior if someone
872 * removes an address (or for that matter adds it right back).
874 /* sctp_ifap->localifa_flags |= SCTP_BEING_DELETED; */
875 vrf->total_ifa_count--;
876 LIST_REMOVE(sctp_ifap, next_bucket);
877 sctp_remove_ifa_from_ifn(sctp_ifap);
881 SCTPDBG(SCTP_DEBUG_PCB4, "Del Addr-ifn:%d Could not find address:",
883 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, addr);
888 SCTP_IPI_ADDR_WUNLOCK();
890 struct sctp_laddr *wi;
892 wi = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
895 * Gak, what can we do? We have lost an address
896 * change can you say HOSED?
898 SCTPDBG(SCTP_DEBUG_PCB4, "Lost an address change?\n");
900 /* Oops, must decrement the count */
901 sctp_free_ifa(sctp_ifap);
904 SCTP_INCR_LADDR_COUNT();
905 bzero(wi, sizeof(*wi));
906 (void)SCTP_GETTIME_TIMEVAL(&wi->start_time);
908 wi->action = SCTP_DEL_IP_ADDRESS;
911 * Should this really be a tailq? As it is we will process the
914 LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr);
915 SCTP_WQ_ADDR_UNLOCK();
917 sctp_timer_start(SCTP_TIMER_TYPE_ADDR_WQ,
918 (struct sctp_inpcb *)NULL,
919 (struct sctp_tcb *)NULL,
920 (struct sctp_nets *)NULL);
927 sctp_does_stcb_own_this_addr(struct sctp_tcb *stcb, struct sockaddr *to)
931 int ipv4_local_scope, ipv4_addr_legal;
934 int local_scope, site_scope, ipv6_addr_legal;
936 #if defined(__Userspace__)
939 struct sctp_vrf *vrf;
940 struct sctp_ifn *sctp_ifn;
941 struct sctp_ifa *sctp_ifa;
943 loopback_scope = stcb->asoc.scope.loopback_scope;
945 ipv4_local_scope = stcb->asoc.scope.ipv4_local_scope;
946 ipv4_addr_legal = stcb->asoc.scope.ipv4_addr_legal;
949 local_scope = stcb->asoc.scope.local_scope;
950 site_scope = stcb->asoc.scope.site_scope;
951 ipv6_addr_legal = stcb->asoc.scope.ipv6_addr_legal;
953 #if defined(__Userspace__)
954 conn_addr_legal = stcb->asoc.scope.conn_addr_legal;
957 SCTP_IPI_ADDR_RLOCK();
958 vrf = sctp_find_vrf(stcb->asoc.vrf_id);
960 /* no vrf, no addresses */
961 SCTP_IPI_ADDR_RUNLOCK();
965 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
966 LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
967 if ((loopback_scope == 0) &&
968 SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
971 LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
972 if (sctp_is_addr_restricted(stcb, sctp_ifa) &&
973 (!sctp_is_addr_pending(stcb, sctp_ifa))) {
974 /* We allow pending addresses, where we
975 * have sent an asconf-add to be considered
980 if (sctp_ifa->address.sa.sa_family != to->sa_family) {
983 switch (sctp_ifa->address.sa.sa_family) {
986 if (ipv4_addr_legal) {
987 struct sockaddr_in *sin, *rsin;
989 sin = &sctp_ifa->address.sin;
990 rsin = (struct sockaddr_in *)to;
991 if ((ipv4_local_scope == 0) &&
992 IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) {
995 if (sin->sin_addr.s_addr == rsin->sin_addr.s_addr) {
996 SCTP_IPI_ADDR_RUNLOCK();
1004 if (ipv6_addr_legal) {
1005 struct sockaddr_in6 *sin6, *rsin6;
1006 #if defined(SCTP_EMBEDDED_V6_SCOPE) && !defined(SCTP_KAME)
1007 struct sockaddr_in6 lsa6;
1009 sin6 = &sctp_ifa->address.sin6;
1010 rsin6 = (struct sockaddr_in6 *)to;
1011 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
1012 if (local_scope == 0)
1014 #if defined(SCTP_EMBEDDED_V6_SCOPE)
1015 if (sin6->sin6_scope_id == 0) {
1017 if (sa6_recoverscope(sin6) != 0)
1021 if (in6_recoverscope(&lsa6,
1026 #endif /* SCTP_KAME */
1028 #endif /* SCTP_EMBEDDED_V6_SCOPE */
1030 if ((site_scope == 0) &&
1031 (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) {
1034 if (SCTP6_ARE_ADDR_EQUAL(sin6, rsin6)) {
1035 SCTP_IPI_ADDR_RUNLOCK();
1041 #if defined(__Userspace__)
1043 if (conn_addr_legal) {
1044 struct sockaddr_conn *sconn, *rsconn;
1046 sconn = &sctp_ifa->address.sconn;
1047 rsconn = (struct sockaddr_conn *)to;
1048 if (sconn->sconn_addr == rsconn->sconn_addr) {
1049 SCTP_IPI_ADDR_RUNLOCK();
1062 struct sctp_laddr *laddr;
1064 LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) {
1065 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
1066 SCTPDBG(SCTP_DEBUG_PCB1, "ifa being deleted\n");
1069 if (sctp_is_addr_restricted(stcb, laddr->ifa) &&
1070 (!sctp_is_addr_pending(stcb, laddr->ifa))) {
1071 /* We allow pending addresses, where we
1072 * have sent an asconf-add to be considered
1077 if (laddr->ifa->address.sa.sa_family != to->sa_family) {
1080 switch (to->sa_family) {
1084 struct sockaddr_in *sin, *rsin;
1086 sin = (struct sockaddr_in *)&laddr->ifa->address.sin;
1087 rsin = (struct sockaddr_in *)to;
1088 if (sin->sin_addr.s_addr == rsin->sin_addr.s_addr) {
1089 SCTP_IPI_ADDR_RUNLOCK();
1098 struct sockaddr_in6 *sin6, *rsin6;
1100 sin6 = (struct sockaddr_in6 *)&laddr->ifa->address.sin6;
1101 rsin6 = (struct sockaddr_in6 *)to;
1102 if (SCTP6_ARE_ADDR_EQUAL(sin6, rsin6)) {
1103 SCTP_IPI_ADDR_RUNLOCK();
1110 #if defined(__Userspace__)
1113 struct sockaddr_conn *sconn, *rsconn;
1115 sconn = (struct sockaddr_conn *)&laddr->ifa->address.sconn;
1116 rsconn = (struct sockaddr_conn *)to;
1117 if (sconn->sconn_addr == rsconn->sconn_addr) {
1118 SCTP_IPI_ADDR_RUNLOCK();
1131 SCTP_IPI_ADDR_RUNLOCK();
1136 static struct sctp_tcb *
1137 sctp_tcb_special_locate(struct sctp_inpcb **inp_p, struct sockaddr *from,
1138 struct sockaddr *to, struct sctp_nets **netp, uint32_t vrf_id)
1140 /**** ASSUMES THE CALLER holds the INP_INFO_RLOCK */
1142 * If we support the TCP model, then we must now dig through to see
1143 * if we can find our endpoint in the list of tcp ep's.
1145 uint16_t lport, rport;
1146 struct sctppcbhead *ephead;
1147 struct sctp_inpcb *inp;
1148 struct sctp_laddr *laddr;
1149 struct sctp_tcb *stcb;
1150 struct sctp_nets *net;
1155 if ((to == NULL) || (from == NULL)) {
1159 switch (to->sa_family) {
1162 if (from->sa_family == AF_INET) {
1163 lport = ((struct sockaddr_in *)to)->sin_port;
1164 rport = ((struct sockaddr_in *)from)->sin_port;
1172 if (from->sa_family == AF_INET6) {
1173 lport = ((struct sockaddr_in6 *)to)->sin6_port;
1174 rport = ((struct sockaddr_in6 *)from)->sin6_port;
1180 #if defined(__Userspace__)
1182 if (from->sa_family == AF_CONN) {
1183 lport = ((struct sockaddr_conn *)to)->sconn_port;
1184 rport = ((struct sockaddr_conn *)from)->sconn_port;
1193 ephead = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR((lport | rport), SCTP_BASE_INFO(hashtcpmark))];
1195 * Ok now for each of the guys in this bucket we must look and see:
1196 * - Does the remote port match. - Does there single association's
1197 * addresses match this address (to). If so we update p_ep to point
1198 * to this ep and return the tcb from it.
1200 LIST_FOREACH(inp, ephead, sctp_hash) {
1201 SCTP_INP_RLOCK(inp);
1202 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1203 SCTP_INP_RUNLOCK(inp);
1206 if (lport != inp->sctp_lport) {
1207 SCTP_INP_RUNLOCK(inp);
1212 for (i = 0; i < inp->num_vrfs; i++) {
1213 if (inp->m_vrf_ids[i] == vrf_id) {
1219 SCTP_INP_RUNLOCK(inp);
1223 if (inp->def_vrf_id != vrf_id) {
1224 SCTP_INP_RUNLOCK(inp);
1228 /* check to see if the ep has one of the addresses */
1229 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) {
1230 /* We are NOT bound all, so look further */
1233 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
1235 if (laddr->ifa == NULL) {
1236 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n", __FUNCTION__);
1239 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
1240 SCTPDBG(SCTP_DEBUG_PCB1, "ifa being deleted\n");
1243 if (laddr->ifa->address.sa.sa_family ==
1245 /* see if it matches */
1247 if (from->sa_family == AF_INET) {
1248 struct sockaddr_in *intf_addr, *sin;
1250 intf_addr = &laddr->ifa->address.sin;
1251 sin = (struct sockaddr_in *)to;
1252 if (sin->sin_addr.s_addr ==
1253 intf_addr->sin_addr.s_addr) {
1260 if (from->sa_family == AF_INET6) {
1261 struct sockaddr_in6 *intf_addr6;
1262 struct sockaddr_in6 *sin6;
1264 sin6 = (struct sockaddr_in6 *)
1266 intf_addr6 = &laddr->ifa->address.sin6;
1268 if (SCTP6_ARE_ADDR_EQUAL(sin6,
1275 #if defined(__Userspace__)
1276 if (from->sa_family == AF_CONN) {
1277 struct sockaddr_conn *intf_addr, *sconn;
1279 intf_addr = &laddr->ifa->address.sconn;
1280 sconn = (struct sockaddr_conn *)to;
1281 if (sconn->sconn_addr ==
1282 intf_addr->sconn_addr) {
1291 /* This endpoint does not have this address */
1292 SCTP_INP_RUNLOCK(inp);
1297 * Ok if we hit here the ep has the address, does it hold
1300 /* XXX: Why don't we TAILQ_FOREACH through sctp_asoc_list? */
1301 stcb = LIST_FIRST(&inp->sctp_asoc_list);
1303 SCTP_INP_RUNLOCK(inp);
1306 SCTP_TCB_LOCK(stcb);
1307 if (!sctp_does_stcb_own_this_addr(stcb, to)) {
1308 SCTP_TCB_UNLOCK(stcb);
1309 SCTP_INP_RUNLOCK(inp);
1312 if (stcb->rport != rport) {
1313 /* remote port does not match. */
1314 SCTP_TCB_UNLOCK(stcb);
1315 SCTP_INP_RUNLOCK(inp);
1318 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
1319 SCTP_TCB_UNLOCK(stcb);
1320 SCTP_INP_RUNLOCK(inp);
1323 if (!sctp_does_stcb_own_this_addr(stcb, to)) {
1324 SCTP_TCB_UNLOCK(stcb);
1325 SCTP_INP_RUNLOCK(inp);
1328 /* Does this TCB have a matching address? */
1329 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
1331 if (net->ro._l_addr.sa.sa_family != from->sa_family) {
1332 /* not the same family, can't be a match */
1335 switch (from->sa_family) {
1339 struct sockaddr_in *sin, *rsin;
1341 sin = (struct sockaddr_in *)&net->ro._l_addr;
1342 rsin = (struct sockaddr_in *)from;
1343 if (sin->sin_addr.s_addr ==
1344 rsin->sin_addr.s_addr) {
1349 /* Update the endpoint pointer */
1351 SCTP_INP_RUNLOCK(inp);
1360 struct sockaddr_in6 *sin6, *rsin6;
1362 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1363 rsin6 = (struct sockaddr_in6 *)from;
1364 if (SCTP6_ARE_ADDR_EQUAL(sin6,
1370 /* Update the endpoint pointer */
1372 SCTP_INP_RUNLOCK(inp);
1378 #if defined(__Userspace__)
1381 struct sockaddr_conn *sconn, *rsconn;
1383 sconn = (struct sockaddr_conn *)&net->ro._l_addr;
1384 rsconn = (struct sockaddr_conn *)from;
1385 if (sconn->sconn_addr == rsconn->sconn_addr) {
1390 /* Update the endpoint pointer */
1392 SCTP_INP_RUNLOCK(inp);
1403 SCTP_TCB_UNLOCK(stcb);
1404 SCTP_INP_RUNLOCK(inp);
1413 * 1) If I return a NULL you must decrement any INP ref cnt. 2) If I find an
1414 * stcb, both will be locked (locked_tcb and stcb) but decrement will be done
1415 * (if locked == NULL). 3) Decrement happens on return ONLY if locked ==
1420 sctp_findassociation_ep_addr(struct sctp_inpcb **inp_p, struct sockaddr *remote,
1421 struct sctp_nets **netp, struct sockaddr *local, struct sctp_tcb *locked_tcb)
1423 struct sctpasochead *head;
1424 struct sctp_inpcb *inp;
1425 struct sctp_tcb *stcb = NULL;
1426 struct sctp_nets *net;
1430 switch (remote->sa_family) {
1433 rport = (((struct sockaddr_in *)remote)->sin_port);
1438 rport = (((struct sockaddr_in6 *)remote)->sin6_port);
1441 #if defined(__Userspace__)
1443 rport = (((struct sockaddr_in6 *)remote)->sin6_port);
1451 * UN-lock so we can do proper locking here this occurs when
1452 * called from load_addresses_from_init.
1454 atomic_add_int(&locked_tcb->asoc.refcnt, 1);
1455 SCTP_TCB_UNLOCK(locked_tcb);
1457 SCTP_INP_INFO_RLOCK();
1458 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
1459 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
1461 * Now either this guy is our listener or it's the
1462 * connector. If it is the one that issued the connect, then
1463 * it's only chance is to be the first TCB in the list. If
1464 * it is the acceptor, then do the special_lookup to hash
1465 * and find the real inp.
1467 if ((inp->sctp_socket) && (inp->sctp_socket->so_qlimit)) {
1468 /* to is peer addr, from is my addr */
1470 stcb = sctp_tcb_special_locate(inp_p, remote, local,
1471 netp, inp->def_vrf_id);
1472 if ((stcb != NULL) && (locked_tcb == NULL)) {
1473 /* we have a locked tcb, lower refcount */
1474 SCTP_INP_DECR_REF(inp);
1476 if ((locked_tcb != NULL) && (locked_tcb != stcb)) {
1477 SCTP_INP_RLOCK(locked_tcb->sctp_ep);
1478 SCTP_TCB_LOCK(locked_tcb);
1479 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1480 SCTP_INP_RUNLOCK(locked_tcb->sctp_ep);
1484 * MVRF is tricky, we must look in every VRF
1489 for (i = 0; i < inp->num_vrfs; i++) {
1490 stcb = sctp_tcb_special_locate(inp_p, remote, local,
1491 netp, inp->m_vrf_ids[i]);
1492 if ((stcb != NULL) && (locked_tcb == NULL)) {
1493 /* we have a locked tcb, lower refcount */
1494 SCTP_INP_DECR_REF(inp);
1497 if ((locked_tcb != NULL) && (locked_tcb != stcb)) {
1498 SCTP_INP_RLOCK(locked_tcb->sctp_ep);
1499 SCTP_TCB_LOCK(locked_tcb);
1500 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1501 SCTP_INP_RUNLOCK(locked_tcb->sctp_ep);
1506 SCTP_INP_INFO_RUNLOCK();
1509 SCTP_INP_WLOCK(inp);
1510 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1513 stcb = LIST_FIRST(&inp->sctp_asoc_list);
1517 SCTP_TCB_LOCK(stcb);
1519 if (stcb->rport != rport) {
1520 /* remote port does not match. */
1521 SCTP_TCB_UNLOCK(stcb);
1524 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
1525 SCTP_TCB_UNLOCK(stcb);
1528 if (local && !sctp_does_stcb_own_this_addr(stcb, local)) {
1529 SCTP_TCB_UNLOCK(stcb);
1532 /* now look at the list of remote addresses */
1533 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
1535 if (net == (TAILQ_NEXT(net, sctp_next))) {
1536 panic("Corrupt net list");
1539 if (net->ro._l_addr.sa.sa_family !=
1540 remote->sa_family) {
1541 /* not the same family */
1544 switch (remote->sa_family) {
1548 struct sockaddr_in *sin, *rsin;
1550 sin = (struct sockaddr_in *)
1552 rsin = (struct sockaddr_in *)remote;
1553 if (sin->sin_addr.s_addr ==
1554 rsin->sin_addr.s_addr) {
1559 if (locked_tcb == NULL) {
1560 SCTP_INP_DECR_REF(inp);
1561 } else if (locked_tcb != stcb) {
1562 SCTP_TCB_LOCK(locked_tcb);
1565 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1568 SCTP_INP_WUNLOCK(inp);
1569 SCTP_INP_INFO_RUNLOCK();
1578 struct sockaddr_in6 *sin6, *rsin6;
1580 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1581 rsin6 = (struct sockaddr_in6 *)remote;
1582 if (SCTP6_ARE_ADDR_EQUAL(sin6,
1588 if (locked_tcb == NULL) {
1589 SCTP_INP_DECR_REF(inp);
1590 } else if (locked_tcb != stcb) {
1591 SCTP_TCB_LOCK(locked_tcb);
1594 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1596 SCTP_INP_WUNLOCK(inp);
1597 SCTP_INP_INFO_RUNLOCK();
1603 #if defined(__Userspace__)
1606 struct sockaddr_conn *sconn, *rsconn;
1608 sconn = (struct sockaddr_conn *)&net->ro._l_addr;
1609 rsconn = (struct sockaddr_conn *)remote;
1610 if (sconn->sconn_addr == rsconn->sconn_addr) {
1615 if (locked_tcb == NULL) {
1616 SCTP_INP_DECR_REF(inp);
1617 } else if (locked_tcb != stcb) {
1618 SCTP_TCB_LOCK(locked_tcb);
1621 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1623 SCTP_INP_WUNLOCK(inp);
1624 SCTP_INP_INFO_RUNLOCK();
1635 SCTP_TCB_UNLOCK(stcb);
1638 SCTP_INP_WLOCK(inp);
1639 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1642 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(rport,
1643 inp->sctp_hashmark)];
1647 LIST_FOREACH(stcb, head, sctp_tcbhash) {
1648 if (stcb->rport != rport) {
1649 /* remote port does not match */
1652 SCTP_TCB_LOCK(stcb);
1653 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
1654 SCTP_TCB_UNLOCK(stcb);
1657 if (local && !sctp_does_stcb_own_this_addr(stcb, local)) {
1658 SCTP_TCB_UNLOCK(stcb);
1661 /* now look at the list of remote addresses */
1662 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
1664 if (net == (TAILQ_NEXT(net, sctp_next))) {
1665 panic("Corrupt net list");
1668 if (net->ro._l_addr.sa.sa_family !=
1669 remote->sa_family) {
1670 /* not the same family */
1673 switch (remote->sa_family) {
1677 struct sockaddr_in *sin, *rsin;
1679 sin = (struct sockaddr_in *)
1681 rsin = (struct sockaddr_in *)remote;
1682 if (sin->sin_addr.s_addr ==
1683 rsin->sin_addr.s_addr) {
1688 if (locked_tcb == NULL) {
1689 SCTP_INP_DECR_REF(inp);
1690 } else if (locked_tcb != stcb) {
1691 SCTP_TCB_LOCK(locked_tcb);
1694 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1696 SCTP_INP_WUNLOCK(inp);
1697 SCTP_INP_INFO_RUNLOCK();
1706 struct sockaddr_in6 *sin6, *rsin6;
1708 sin6 = (struct sockaddr_in6 *)
1710 rsin6 = (struct sockaddr_in6 *)remote;
1711 if (SCTP6_ARE_ADDR_EQUAL(sin6,
1717 if (locked_tcb == NULL) {
1718 SCTP_INP_DECR_REF(inp);
1719 } else if (locked_tcb != stcb) {
1720 SCTP_TCB_LOCK(locked_tcb);
1723 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1725 SCTP_INP_WUNLOCK(inp);
1726 SCTP_INP_INFO_RUNLOCK();
1732 #if defined(__Userspace__)
1735 struct sockaddr_conn *sconn, *rsconn;
1737 sconn = (struct sockaddr_conn *)&net->ro._l_addr;
1738 rsconn = (struct sockaddr_conn *)remote;
1739 if (sconn->sconn_addr == rsconn->sconn_addr) {
1744 if (locked_tcb == NULL) {
1745 SCTP_INP_DECR_REF(inp);
1746 } else if (locked_tcb != stcb) {
1747 SCTP_TCB_LOCK(locked_tcb);
1750 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1752 SCTP_INP_WUNLOCK(inp);
1753 SCTP_INP_INFO_RUNLOCK();
1764 SCTP_TCB_UNLOCK(stcb);
1768 /* clean up for returning null */
1770 SCTP_TCB_LOCK(locked_tcb);
1771 atomic_subtract_int(&locked_tcb->asoc.refcnt, 1);
1773 SCTP_INP_WUNLOCK(inp);
1774 SCTP_INP_INFO_RUNLOCK();
1781 * Find an association for a specific endpoint using the association id given
1782 * out in the COMM_UP notification
1785 sctp_findasoc_ep_asocid_locked(struct sctp_inpcb *inp, sctp_assoc_t asoc_id, int want_lock)
1788 * Use my the assoc_id to find a endpoint
1790 struct sctpasochead *head;
1791 struct sctp_tcb *stcb;
1795 SCTP_PRINTF("TSNH ep_associd\n");
1798 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1799 SCTP_PRINTF("TSNH ep_associd0\n");
1802 id = (uint32_t)asoc_id;
1803 head = &inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(id, inp->hashasocidmark)];
1805 /* invalid id TSNH */
1806 SCTP_PRINTF("TSNH ep_associd1\n");
1809 LIST_FOREACH(stcb, head, sctp_tcbasocidhash) {
1810 if (stcb->asoc.assoc_id == id) {
1811 if (inp != stcb->sctp_ep) {
1813 * some other guy has the same id active (id
1816 SCTP_PRINTF("TSNH ep_associd2\n");
1819 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
1823 SCTP_TCB_LOCK(stcb);
1833 sctp_findassociation_ep_asocid(struct sctp_inpcb *inp, sctp_assoc_t asoc_id, int want_lock)
1835 struct sctp_tcb *stcb;
1837 SCTP_INP_RLOCK(inp);
1838 stcb = sctp_findasoc_ep_asocid_locked(inp, asoc_id, want_lock);
1839 SCTP_INP_RUNLOCK(inp);
1845 * Endpoint probe expects that the INP_INFO is locked.
1847 static struct sctp_inpcb *
1848 sctp_endpoint_probe(struct sockaddr *nam, struct sctppcbhead *head,
1849 uint16_t lport, uint32_t vrf_id)
1851 struct sctp_inpcb *inp;
1852 struct sctp_laddr *laddr;
1854 struct sockaddr_in *sin;
1857 struct sockaddr_in6 *sin6;
1858 struct sockaddr_in6 *intf_addr6;
1860 #if defined(__Userspace__)
1861 struct sockaddr_conn *sconn;
1874 #if defined(__Userspace__)
1877 switch (nam->sa_family) {
1880 sin = (struct sockaddr_in *)nam;
1885 sin6 = (struct sockaddr_in6 *)nam;
1888 #if defined(__Userspace__)
1890 sconn = (struct sockaddr_conn *)nam;
1894 /* unsupported family */
1901 LIST_FOREACH(inp, head, sctp_hash) {
1902 SCTP_INP_RLOCK(inp);
1903 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1904 SCTP_INP_RUNLOCK(inp);
1907 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) &&
1908 (inp->sctp_lport == lport)) {
1911 if ((nam->sa_family == AF_INET) &&
1912 (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
1913 SCTP_IPV6_V6ONLY(inp)) {
1914 /* IPv4 on a IPv6 socket with ONLY IPv6 set */
1915 SCTP_INP_RUNLOCK(inp);
1920 /* A V6 address and the endpoint is NOT bound V6 */
1921 if (nam->sa_family == AF_INET6 &&
1922 (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) {
1923 SCTP_INP_RUNLOCK(inp);
1927 /* does a VRF id match? */
1930 for (i = 0; i < inp->num_vrfs; i++) {
1931 if (inp->m_vrf_ids[i] == vrf_id) {
1937 if (inp->def_vrf_id == vrf_id)
1941 SCTP_INP_RUNLOCK(inp);
1946 SCTP_INP_RUNLOCK(inp);
1948 switch (nam->sa_family) {
1951 if (sin->sin_addr.s_addr == INADDR_ANY) {
1952 /* Can't hunt for one that has no address specified */
1959 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
1960 /* Can't hunt for one that has no address specified */
1965 #if defined(__Userspace__)
1967 if (sconn->sconn_addr == NULL) {
1976 * ok, not bound to all so see if we can find a EP bound to this
1979 LIST_FOREACH(inp, head, sctp_hash) {
1980 SCTP_INP_RLOCK(inp);
1981 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
1982 SCTP_INP_RUNLOCK(inp);
1985 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL)) {
1986 SCTP_INP_RUNLOCK(inp);
1990 * Ok this could be a likely candidate, look at all of its
1993 if (inp->sctp_lport != lport) {
1994 SCTP_INP_RUNLOCK(inp);
1997 /* does a VRF id match? */
2000 for (i = 0; i < inp->num_vrfs; i++) {
2001 if (inp->m_vrf_ids[i] == vrf_id) {
2007 if (inp->def_vrf_id == vrf_id)
2012 SCTP_INP_RUNLOCK(inp);
2015 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
2016 if (laddr->ifa == NULL) {
2017 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n",
2021 SCTPDBG(SCTP_DEBUG_PCB1, "Ok laddr->ifa:%p is possible, ",
2022 (void *)laddr->ifa);
2023 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
2024 SCTPDBG(SCTP_DEBUG_PCB1, "Huh IFA being deleted\n");
2027 if (laddr->ifa->address.sa.sa_family == nam->sa_family) {
2028 /* possible, see if it matches */
2029 switch (nam->sa_family) {
2032 #if defined(__APPLE__)
2038 if (sin->sin_addr.s_addr ==
2039 laddr->ifa->address.sin.sin_addr.s_addr) {
2040 SCTP_INP_RUNLOCK(inp);
2047 intf_addr6 = &laddr->ifa->address.sin6;
2048 if (SCTP6_ARE_ADDR_EQUAL(sin6,
2050 SCTP_INP_RUNLOCK(inp);
2055 #if defined(__Userspace__)
2057 if (sconn->sconn_addr == laddr->ifa->address.sconn.sconn_addr) {
2058 SCTP_INP_RUNLOCK(inp);
2066 SCTP_INP_RUNLOCK(inp);
2072 static struct sctp_inpcb *
2073 sctp_isport_inuse(struct sctp_inpcb *inp, uint16_t lport, uint32_t vrf_id)
2075 struct sctppcbhead *head;
2076 struct sctp_inpcb *t_inp;
2082 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport,
2083 SCTP_BASE_INFO(hashmark))];
2084 LIST_FOREACH(t_inp, head, sctp_hash) {
2085 if (t_inp->sctp_lport != lport) {
2088 /* is it in the VRF in question */
2091 for (i = 0; i < inp->num_vrfs; i++) {
2092 if (t_inp->m_vrf_ids[i] == vrf_id) {
2098 if (t_inp->def_vrf_id == vrf_id)
2104 /* This one is in use. */
2105 /* check the v6/v4 binding issue */
2106 if ((t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
2107 SCTP_IPV6_V6ONLY(t_inp)) {
2108 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
2109 /* collision in V6 space */
2112 /* inp is BOUND_V4 no conflict */
2115 } else if (t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
2116 /* t_inp is bound v4 and v6, conflict always */
2119 /* t_inp is bound only V4 */
2120 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) &&
2121 SCTP_IPV6_V6ONLY(inp)) {
2125 /* else fall through to conflict */
2134 sctp_swap_inpcb_for_listen(struct sctp_inpcb *inp)
2136 /* For 1-2-1 with port reuse */
2137 struct sctppcbhead *head;
2138 struct sctp_inpcb *tinp;
2140 if (sctp_is_feature_off(inp, SCTP_PCB_FLAGS_PORTREUSE)) {
2141 /* only works with port reuse on */
2144 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) == 0) {
2147 SCTP_INP_RUNLOCK(inp);
2148 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(inp->sctp_lport,
2149 SCTP_BASE_INFO(hashmark))];
2150 /* Kick out all non-listeners to the TCP hash */
2151 LIST_FOREACH(tinp, head, sctp_hash) {
2152 if (tinp->sctp_lport != inp->sctp_lport) {
2155 if (tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
2158 if (tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
2161 if (tinp->sctp_socket->so_qlimit) {
2164 SCTP_INP_WLOCK(tinp);
2165 LIST_REMOVE(tinp, sctp_hash);
2166 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR(tinp->sctp_lport, SCTP_BASE_INFO(hashtcpmark))];
2167 tinp->sctp_flags |= SCTP_PCB_FLAGS_IN_TCPPOOL;
2168 LIST_INSERT_HEAD(head, tinp, sctp_hash);
2169 SCTP_INP_WUNLOCK(tinp);
2171 SCTP_INP_WLOCK(inp);
2172 /* Pull from where he was */
2173 LIST_REMOVE(inp, sctp_hash);
2174 inp->sctp_flags &= ~SCTP_PCB_FLAGS_IN_TCPPOOL;
2175 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(inp->sctp_lport, SCTP_BASE_INFO(hashmark))];
2176 LIST_INSERT_HEAD(head, inp, sctp_hash);
2177 SCTP_INP_WUNLOCK(inp);
2178 SCTP_INP_RLOCK(inp);
2184 sctp_pcb_findep(struct sockaddr *nam, int find_tcp_pool, int have_lock,
2188 * First we check the hash table to see if someone has this port
2189 * bound with just the port.
2191 struct sctp_inpcb *inp;
2192 struct sctppcbhead *head;
2196 struct sockaddr_in *sin;
2199 struct sockaddr_in6 *sin6;
2201 #if defined(__Userspace__)
2202 struct sockaddr_conn *sconn;
2205 switch (nam->sa_family) {
2208 sin = (struct sockaddr_in *)nam;
2209 lport = sin->sin_port;
2214 sin6 = (struct sockaddr_in6 *)nam;
2215 lport = sin6->sin6_port;
2218 #if defined(__Userspace__)
2220 sconn = (struct sockaddr_conn *)nam;
2221 lport = sconn->sconn_port;
2228 * I could cheat here and just cast to one of the types but we will
2229 * do it right. It also provides the check against an Unsupported
2232 /* Find the head of the ALLADDR chain */
2233 if (have_lock == 0) {
2234 SCTP_INP_INFO_RLOCK();
2236 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport,
2237 SCTP_BASE_INFO(hashmark))];
2238 inp = sctp_endpoint_probe(nam, head, lport, vrf_id);
2241 * If the TCP model exists it could be that the main listening
2242 * endpoint is gone but there still exists a connected socket for this
2243 * guy. If so we can return the first one that we find. This may NOT
2244 * be the correct one so the caller should be wary on the returned INP.
2245 * Currently the only caller that sets find_tcp_pool is in bindx where
2246 * we are verifying that a user CAN bind the address. He either
2247 * has bound it already, or someone else has, or its open to bind,
2248 * so this is good enough.
2250 if (inp == NULL && find_tcp_pool) {
2251 for (i = 0; i < SCTP_BASE_INFO(hashtcpmark) + 1; i++) {
2252 head = &SCTP_BASE_INFO(sctp_tcpephash)[i];
2253 inp = sctp_endpoint_probe(nam, head, lport, vrf_id);
2260 SCTP_INP_INCR_REF(inp);
2262 if (have_lock == 0) {
2263 SCTP_INP_INFO_RUNLOCK();
2270 * Find an association for an endpoint with the pointer to whom you want to
2271 * send to and the endpoint pointer. The address can be IPv4 or IPv6. We may
2272 * need to change the *to to some other struct like a mbuf...
2275 sctp_findassociation_addr_sa(struct sockaddr *from, struct sockaddr *to,
2276 struct sctp_inpcb **inp_p, struct sctp_nets **netp, int find_tcp_pool,
2279 struct sctp_inpcb *inp = NULL;
2280 struct sctp_tcb *stcb;
2282 SCTP_INP_INFO_RLOCK();
2283 if (find_tcp_pool) {
2284 if (inp_p != NULL) {
2285 stcb = sctp_tcb_special_locate(inp_p, from, to, netp,
2288 stcb = sctp_tcb_special_locate(&inp, from, to, netp,
2292 SCTP_INP_INFO_RUNLOCK();
2296 inp = sctp_pcb_findep(to, 0, 1, vrf_id);
2297 if (inp_p != NULL) {
2300 SCTP_INP_INFO_RUNLOCK();
2305 * ok, we have an endpoint, now lets find the assoc for it (if any)
2306 * we now place the source address or from in the to of the find
2307 * endpoint call. Since in reality this chain is used from the
2308 * inbound packet side.
2310 if (inp_p != NULL) {
2311 stcb = sctp_findassociation_ep_addr(inp_p, from, netp, to,
2314 stcb = sctp_findassociation_ep_addr(&inp, from, netp, to,
2322 * This routine will grub through the mbuf that is a INIT or INIT-ACK and
2323 * find all addresses that the sender has specified in any address list. Each
2324 * address will be used to lookup the TCB and see if one exits.
2326 static struct sctp_tcb *
2327 sctp_findassociation_special_addr(struct mbuf *m, int offset,
2328 struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp,
2329 struct sockaddr *dst)
2331 struct sctp_paramhdr *phdr, parm_buf;
2332 #if defined(INET) || defined(INET6)
2333 struct sctp_tcb *stcb;
2338 struct sockaddr_in sin4;
2341 struct sockaddr_in6 sin6;
2345 memset(&sin4, 0, sizeof(sin4));
2347 sin4.sin_len = sizeof(sin4);
2349 sin4.sin_family = AF_INET;
2350 sin4.sin_port = sh->src_port;
2353 memset(&sin6, 0, sizeof(sin6));
2354 #ifdef HAVE_SIN6_LEN
2355 sin6.sin6_len = sizeof(sin6);
2357 sin6.sin6_family = AF_INET6;
2358 sin6.sin6_port = sh->src_port;
2361 offset += sizeof(struct sctp_init_chunk);
2363 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf));
2364 while (phdr != NULL) {
2365 /* now we must see if we want the parameter */
2366 #if defined(INET) || defined(INET6)
2367 ptype = ntohs(phdr->param_type);
2369 plen = ntohs(phdr->param_length);
2374 if (ptype == SCTP_IPV4_ADDRESS &&
2375 plen == sizeof(struct sctp_ipv4addr_param)) {
2376 /* Get the rest of the address */
2377 struct sctp_ipv4addr_param ip4_parm, *p4;
2379 phdr = sctp_get_next_param(m, offset,
2380 (struct sctp_paramhdr *)&ip4_parm, min(plen, sizeof(ip4_parm)));
2384 p4 = (struct sctp_ipv4addr_param *)phdr;
2385 memcpy(&sin4.sin_addr, &p4->addr, sizeof(p4->addr));
2387 stcb = sctp_findassociation_ep_addr(inp_p,
2388 (struct sockaddr *)&sin4, netp, dst, NULL);
2395 if (ptype == SCTP_IPV6_ADDRESS &&
2396 plen == sizeof(struct sctp_ipv6addr_param)) {
2397 /* Get the rest of the address */
2398 struct sctp_ipv6addr_param ip6_parm, *p6;
2400 phdr = sctp_get_next_param(m, offset,
2401 (struct sctp_paramhdr *)&ip6_parm, min(plen,sizeof(ip6_parm)));
2405 p6 = (struct sctp_ipv6addr_param *)phdr;
2406 memcpy(&sin6.sin6_addr, &p6->addr, sizeof(p6->addr));
2408 stcb = sctp_findassociation_ep_addr(inp_p,
2409 (struct sockaddr *)&sin6, netp, dst, NULL);
2415 offset += SCTP_SIZE32(plen);
2416 phdr = sctp_get_next_param(m, offset, &parm_buf,
2422 static struct sctp_tcb *
2423 sctp_findassoc_by_vtag(struct sockaddr *from, struct sockaddr *to, uint32_t vtag,
2424 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint16_t rport,
2425 uint16_t lport, int skip_src_check, uint32_t vrf_id, uint32_t remote_tag)
2428 * Use my vtag to hash. If we find it we then verify the source addr
2429 * is in the assoc. If all goes well we save a bit on rec of a
2432 struct sctpasochead *head;
2433 struct sctp_nets *net;
2434 struct sctp_tcb *stcb;
2439 SCTP_INP_INFO_RLOCK();
2440 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(vtag,
2441 SCTP_BASE_INFO(hashasocmark))];
2444 SCTP_INP_INFO_RUNLOCK();
2447 LIST_FOREACH(stcb, head, sctp_asocs) {
2448 SCTP_INP_RLOCK(stcb->sctp_ep);
2449 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
2450 SCTP_INP_RUNLOCK(stcb->sctp_ep);
2454 for (i = 0; i < stcb->sctp_ep->num_vrfs; i++) {
2455 if (stcb->sctp_ep->m_vrf_ids[i] == vrf_id) {
2459 if (i == stcb->sctp_ep->num_vrfs) {
2460 SCTP_INP_RUNLOCK(inp);
2464 if (stcb->sctp_ep->def_vrf_id != vrf_id) {
2465 SCTP_INP_RUNLOCK(stcb->sctp_ep);
2469 SCTP_TCB_LOCK(stcb);
2470 SCTP_INP_RUNLOCK(stcb->sctp_ep);
2471 if (stcb->asoc.my_vtag == vtag) {
2473 if (stcb->rport != rport) {
2474 SCTP_TCB_UNLOCK(stcb);
2477 if (stcb->sctp_ep->sctp_lport != lport) {
2478 SCTP_TCB_UNLOCK(stcb);
2481 if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
2482 SCTP_TCB_UNLOCK(stcb);
2485 /* RRS:Need toaddr check here */
2486 if (sctp_does_stcb_own_this_addr(stcb, to) == 0) {
2487 /* Endpoint does not own this address */
2488 SCTP_TCB_UNLOCK(stcb);
2492 /* If we have both vtags that's all we match on */
2493 if (stcb->asoc.peer_vtag == remote_tag) {
2494 /* If both tags match we consider it conclusive
2495 * and check NO source/destination addresses
2500 if (skip_src_check) {
2503 *netp = sctp_findnet(stcb, from);
2505 *netp = NULL; /* unknown */
2508 *inp_p = stcb->sctp_ep;
2509 SCTP_INP_INFO_RUNLOCK();
2512 net = sctp_findnet(stcb, from);
2516 SCTP_STAT_INCR(sctps_vtagexpress);
2517 *inp_p = stcb->sctp_ep;
2518 SCTP_INP_INFO_RUNLOCK();
2522 * not him, this should only happen in rare
2523 * cases so I peg it.
2525 SCTP_STAT_INCR(sctps_vtagbogus);
2528 SCTP_TCB_UNLOCK(stcb);
2530 SCTP_INP_INFO_RUNLOCK();
2536 * Find an association with the pointer to the inbound IP packet. This can be
2537 * a IPv4 or IPv6 packet.
2540 sctp_findassociation_addr(struct mbuf *m, int offset,
2541 struct sockaddr *src, struct sockaddr *dst,
2542 struct sctphdr *sh, struct sctp_chunkhdr *ch,
2543 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint32_t vrf_id)
2546 struct sctp_tcb *stcb;
2547 struct sctp_inpcb *inp;
2550 /* we only go down this path if vtag is non-zero */
2551 stcb = sctp_findassoc_by_vtag(src, dst, ntohl(sh->v_tag),
2552 inp_p, netp, sh->src_port, sh->dest_port, 0, vrf_id, 0);
2559 if ((ch->chunk_type != SCTP_INITIATION) &&
2560 (ch->chunk_type != SCTP_INITIATION_ACK) &&
2561 (ch->chunk_type != SCTP_COOKIE_ACK) &&
2562 (ch->chunk_type != SCTP_COOKIE_ECHO)) {
2563 /* Other chunk types go to the tcp pool. */
2567 stcb = sctp_findassociation_addr_sa(src, dst, inp_p, netp,
2568 find_tcp_pool, vrf_id);
2571 stcb = sctp_findassociation_addr_sa(src, dst, &inp, netp,
2572 find_tcp_pool, vrf_id);
2574 SCTPDBG(SCTP_DEBUG_PCB1, "stcb:%p inp:%p\n", (void *)stcb, (void *)inp);
2575 if (stcb == NULL && inp) {
2576 /* Found a EP but not this address */
2577 if ((ch->chunk_type == SCTP_INITIATION) ||
2578 (ch->chunk_type == SCTP_INITIATION_ACK)) {
2580 * special hook, we do NOT return linp or an
2581 * association that is linked to an existing
2582 * association that is under the TCP pool (i.e. no
2583 * listener exists). The endpoint finding routine
2584 * will always find a listener before examining the
2587 if (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) {
2593 stcb = sctp_findassociation_special_addr(m,
2594 offset, sh, &inp, netp, dst);
2595 if (inp_p != NULL) {
2600 SCTPDBG(SCTP_DEBUG_PCB1, "stcb is %p\n", (void *)stcb);
2605 * lookup an association by an ASCONF lookup address.
2606 * if the lookup address is 0.0.0.0 or ::0, use the vtag to do the lookup
2609 sctp_findassociation_ep_asconf(struct mbuf *m, int offset,
2610 struct sockaddr *dst, struct sctphdr *sh,
2611 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint32_t vrf_id)
2613 struct sctp_tcb *stcb;
2614 struct sockaddr_storage remote_store;
2615 struct sctp_paramhdr parm_buf, *phdr;
2617 int zero_address = 0;
2619 struct sockaddr_in *sin;
2622 struct sockaddr_in6 *sin6;
2625 memset(&remote_store, 0, sizeof(remote_store));
2626 phdr = sctp_get_next_param(m, offset + sizeof(struct sctp_asconf_chunk),
2627 &parm_buf, sizeof(struct sctp_paramhdr));
2629 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf lookup addr\n",
2633 ptype = (int)((uint32_t) ntohs(phdr->param_type));
2634 /* get the correlation address */
2637 case SCTP_IPV6_ADDRESS:
2639 /* ipv6 address param */
2640 struct sctp_ipv6addr_param *p6, p6_buf;
2642 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv6addr_param)) {
2645 p6 = (struct sctp_ipv6addr_param *)sctp_get_next_param(m,
2646 offset + sizeof(struct sctp_asconf_chunk),
2647 &p6_buf.ph, sizeof(*p6));
2649 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v6 lookup addr\n",
2653 sin6 = (struct sockaddr_in6 *)&remote_store;
2654 sin6->sin6_family = AF_INET6;
2655 #ifdef HAVE_SIN6_LEN
2656 sin6->sin6_len = sizeof(*sin6);
2658 sin6->sin6_port = sh->src_port;
2659 memcpy(&sin6->sin6_addr, &p6->addr, sizeof(struct in6_addr));
2660 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))
2666 case SCTP_IPV4_ADDRESS:
2668 /* ipv4 address param */
2669 struct sctp_ipv4addr_param *p4, p4_buf;
2671 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv4addr_param)) {
2674 p4 = (struct sctp_ipv4addr_param *)sctp_get_next_param(m,
2675 offset + sizeof(struct sctp_asconf_chunk),
2676 &p4_buf.ph, sizeof(*p4));
2678 SCTPDBG(SCTP_DEBUG_INPUT3, "%s: failed to get asconf v4 lookup addr\n",
2682 sin = (struct sockaddr_in *)&remote_store;
2683 sin->sin_family = AF_INET;
2685 sin->sin_len = sizeof(*sin);
2687 sin->sin_port = sh->src_port;
2688 memcpy(&sin->sin_addr, &p4->addr, sizeof(struct in_addr));
2689 if (sin->sin_addr.s_addr == INADDR_ANY)
2695 /* invalid address param type */
2700 stcb = sctp_findassoc_by_vtag(NULL, dst, ntohl(sh->v_tag), inp_p,
2701 netp, sh->src_port, sh->dest_port, 1, vrf_id, 0);
2703 SCTP_INP_DECR_REF(*inp_p);
2706 stcb = sctp_findassociation_ep_addr(inp_p,
2707 (struct sockaddr *)&remote_store, netp,
2715 * allocate a sctp_inpcb and setup a temporary binding to a port/all
2716 * addresses. This way if we don't get a bind we by default pick a ephemeral
2717 * port with all addresses bound.
2720 sctp_inpcb_alloc(struct socket *so, uint32_t vrf_id)
2723 * we get called when a new endpoint starts up. We need to allocate
2724 * the sctp_inpcb structure from the zone and init it. Mark it as
2725 * unbound and find a port that we can use as an ephemeral with
2726 * INADDR_ANY. If the user binds later no problem we can then add in
2727 * the specific addresses. And setup the default parameters for the
2731 struct sctp_inpcb *inp;
2733 struct timeval time;
2734 sctp_sharedkey_t *null_key;
2738 SCTP_INP_INFO_WLOCK();
2739 inp = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_ep), struct sctp_inpcb);
2741 SCTP_PRINTF("Out of SCTP-INPCB structures - no resources\n");
2742 SCTP_INP_INFO_WUNLOCK();
2743 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
2747 bzero(inp, sizeof(*inp));
2749 /* bump generations */
2750 #if defined(__APPLE__)
2751 inp->ip_inp.inp.inp_state = INPCB_STATE_INUSE;
2753 /* setup socket pointers */
2754 inp->sctp_socket = so;
2755 inp->ip_inp.inp.inp_socket = so;
2757 #if !defined(__Userspace__) && !defined(__Windows__)
2758 if (INP_SOCKAF(so) == AF_INET6) {
2759 if (MODULE_GLOBAL(ip6_auto_flowlabel)) {
2760 inp->ip_inp.inp.inp_flags |= IN6P_AUTOFLOWLABEL;
2762 if (MODULE_GLOBAL(ip6_v6only)) {
2763 inp->ip_inp.inp.inp_flags |= IN6P_IPV6_V6ONLY;
2768 inp->sctp_associd_counter = 1;
2769 inp->partial_delivery_point = SCTP_SB_LIMIT_RCV(so) >> SCTP_PARTIAL_DELIVERY_SHIFT;
2770 inp->sctp_frag_point = SCTP_DEFAULT_MAXSEGMENT;
2771 inp->sctp_cmt_on_off = SCTP_BASE_SYSCTL(sctp_cmt_on_off);
2772 inp->sctp_ecn_enable = SCTP_BASE_SYSCTL(sctp_ecn_enable);
2773 #if defined(__Userspace__)
2774 inp->ulp_info = NULL;
2775 inp->recv_callback = NULL;
2776 inp->send_callback = NULL;
2777 inp->send_sb_threshold = 0;
2779 /* init the small hash table we use to track asocid <-> tcb */
2780 inp->sctp_asocidhash = SCTP_HASH_INIT(SCTP_STACK_VTAG_HASH_SIZE, &inp->hashasocidmark);
2781 if (inp->sctp_asocidhash == NULL) {
2782 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
2783 SCTP_INP_INFO_WUNLOCK();
2787 #if !(defined(__APPLE__))
2789 struct inpcbpolicy *pcb_sp = NULL;
2791 error = ipsec_init_policy(so, &pcb_sp);
2792 /* Arrange to share the policy */
2793 inp->ip_inp.inp.inp_sp = pcb_sp;
2794 ((struct in6pcb *)(&inp->ip_inp.inp))->in6p_sp = pcb_sp;
2797 /* not sure what to do for openbsd here */
2801 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
2802 SCTP_INP_INFO_WUNLOCK();
2806 SCTP_INCR_EP_COUNT();
2807 inp->ip_inp.inp.inp_ip_ttl = MODULE_GLOBAL(ip_defttl);
2808 SCTP_INP_INFO_WUNLOCK();
2810 so->so_pcb = (caddr_t)inp;
2812 #if defined(__FreeBSD__) && __FreeBSD_version < 803000
2813 if ((SCTP_SO_TYPE(so) == SOCK_DGRAM) ||
2814 (SCTP_SO_TYPE(so) == SOCK_SEQPACKET)) {
2816 if (SCTP_SO_TYPE(so) == SOCK_SEQPACKET) {
2818 /* UDP style socket */
2819 inp->sctp_flags = (SCTP_PCB_FLAGS_UDPTYPE |
2820 SCTP_PCB_FLAGS_UNBOUND);
2821 /* Be sure it is NON-BLOCKING IO for UDP */
2822 /* SCTP_SET_SO_NBIO(so); */
2823 } else if (SCTP_SO_TYPE(so) == SOCK_STREAM) {
2824 /* TCP style socket */
2825 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE |
2826 SCTP_PCB_FLAGS_UNBOUND);
2827 /* Be sure we have blocking IO by default */
2828 SCTP_CLEAR_SO_NBIO(so);
2829 #if defined(__Panda__)
2830 } else if (SCTP_SO_TYPE(so) == SOCK_FASTSEQPACKET) {
2831 inp->sctp_flags = (SCTP_PCB_FLAGS_UDPTYPE |
2832 SCTP_PCB_FLAGS_UNBOUND);
2833 sctp_feature_on(inp, SCTP_PCB_FLAGS_ZERO_COPY_ACTIVE);
2834 } else if (SCTP_SO_TYPE(so) == SOCK_FASTSTREAM) {
2835 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE |
2836 SCTP_PCB_FLAGS_UNBOUND);
2837 sctp_feature_on(inp, SCTP_PCB_FLAGS_ZERO_COPY_ACTIVE);
2841 * unsupported socket type (RAW, etc)- in case we missed it
2844 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EOPNOTSUPP);
2846 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
2847 return (EOPNOTSUPP);
2849 if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_1) {
2850 sctp_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE);
2851 sctp_feature_off(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS);
2852 } else if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_2) {
2853 sctp_feature_on(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE);
2854 sctp_feature_on(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS);
2855 } else if (SCTP_BASE_SYSCTL(sctp_default_frag_interleave) == SCTP_FRAG_LEVEL_0) {
2856 sctp_feature_off(inp, SCTP_PCB_FLAGS_FRAG_INTERLEAVE);
2857 sctp_feature_off(inp, SCTP_PCB_FLAGS_INTERLEAVE_STRMS);
2859 inp->sctp_tcbhash = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_pcbtblsize),
2860 &inp->sctp_hashmark);
2861 if (inp->sctp_tcbhash == NULL) {
2862 SCTP_PRINTF("Out of SCTP-INPCB->hashinit - no resources\n");
2863 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
2865 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
2869 inp->vrf_size = SCTP_DEFAULT_VRF_SIZE;
2870 SCTP_MALLOC(inp->m_vrf_ids, uint32_t *,
2871 (sizeof(uint32_t) * inp->vrf_size), SCTP_M_MVRF);
2872 if (inp->m_vrf_ids == NULL) {
2873 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
2875 SCTP_HASH_FREE(inp->sctp_tcbhash, inp->sctp_hashmark);
2876 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
2879 inp->m_vrf_ids[0] = vrf_id;
2882 inp->def_vrf_id = vrf_id;
2884 #if defined(__APPLE__)
2885 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
2886 inp->ip_inp.inp.inpcb_mtx = lck_mtx_alloc_init(SCTP_BASE_INFO(sctbinfo).mtx_grp, SCTP_BASE_INFO(sctbinfo).mtx_attr);
2887 if (inp->ip_inp.inp.inpcb_mtx == NULL) {
2888 SCTP_PRINTF("in_pcballoc: can't alloc mutex! so=%p\n", (void *)so);
2890 SCTP_FREE(inp->m_vrf_ids, SCTP_M_MVRF);
2892 SCTP_HASH_FREE(inp->sctp_tcbhash, inp->sctp_hashmark);
2894 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
2895 SCTP_UNLOCK_EXC(SCTP_BASE_INFO(sctbinfo).ipi_lock);
2896 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM);
2899 #elif defined(APPLE_LION) || defined(APPLE_MOUNTAINLION)
2900 lck_mtx_init(&inp->ip_inp.inp.inpcb_mtx, SCTP_BASE_INFO(sctbinfo).mtx_grp, SCTP_BASE_INFO(sctbinfo).mtx_attr);
2902 lck_mtx_init(&inp->ip_inp.inp.inpcb_mtx, SCTP_BASE_INFO(sctbinfo).ipi_lock_grp, SCTP_BASE_INFO(sctbinfo).ipi_lock_attr);
2905 SCTP_INP_INFO_WLOCK();
2906 SCTP_INP_LOCK_INIT(inp);
2907 #if defined(__FreeBSD__)
2908 INP_LOCK_INIT(&inp->ip_inp.inp, "inp", "sctpinp");
2910 SCTP_INP_READ_INIT(inp);
2911 SCTP_ASOC_CREATE_LOCK_INIT(inp);
2912 /* lock the new ep */
2913 SCTP_INP_WLOCK(inp);
2915 /* add it to the info area */
2916 LIST_INSERT_HEAD(&SCTP_BASE_INFO(listhead), inp, sctp_list);
2917 #if defined(__APPLE__)
2918 inp->ip_inp.inp.inp_pcbinfo = &SCTP_BASE_INFO(sctbinfo);
2919 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) || defined(APPLE_LION) || defined(APPLE_MOUNTAINLION)
2920 LIST_INSERT_HEAD(SCTP_BASE_INFO(sctbinfo).listhead, &inp->ip_inp.inp, inp_list);
2922 LIST_INSERT_HEAD(SCTP_BASE_INFO(sctbinfo).ipi_listhead, &inp->ip_inp.inp, inp_list);
2925 SCTP_INP_INFO_WUNLOCK();
2927 TAILQ_INIT(&inp->read_queue);
2928 LIST_INIT(&inp->sctp_addr_list);
2930 LIST_INIT(&inp->sctp_asoc_list);
2932 #ifdef SCTP_TRACK_FREED_ASOCS
2934 LIST_INIT(&inp->sctp_asoc_free_list);
2936 /* Init the timer structure for signature change */
2937 SCTP_OS_TIMER_INIT(&inp->sctp_ep.signature_change.timer);
2938 inp->sctp_ep.signature_change.type = SCTP_TIMER_TYPE_NEWCOOKIE;
2940 /* now init the actual endpoint default data */
2943 /* setup the base timeout information */
2944 m->sctp_timeoutticks[SCTP_TIMER_SEND] = SEC_TO_TICKS(SCTP_SEND_SEC); /* needed ? */
2945 m->sctp_timeoutticks[SCTP_TIMER_INIT] = SEC_TO_TICKS(SCTP_INIT_SEC); /* needed ? */
2946 m->sctp_timeoutticks[SCTP_TIMER_RECV] = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_delayed_sack_time_default));
2947 m->sctp_timeoutticks[SCTP_TIMER_HEARTBEAT] = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_heartbeat_interval_default));
2948 m->sctp_timeoutticks[SCTP_TIMER_PMTU] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_pmtu_raise_time_default));
2949 m->sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_shutdown_guard_time_default));
2950 m->sctp_timeoutticks[SCTP_TIMER_SIGNATURE] = SEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_secret_lifetime_default));
2951 /* all max/min max are in ms */
2952 m->sctp_maxrto = SCTP_BASE_SYSCTL(sctp_rto_max_default);
2953 m->sctp_minrto = SCTP_BASE_SYSCTL(sctp_rto_min_default);
2954 m->initial_rto = SCTP_BASE_SYSCTL(sctp_rto_initial_default);
2955 m->initial_init_rto_max = SCTP_BASE_SYSCTL(sctp_init_rto_max_default);
2956 m->sctp_sack_freq = SCTP_BASE_SYSCTL(sctp_sack_freq_default);
2957 m->max_init_times = SCTP_BASE_SYSCTL(sctp_init_rtx_max_default);
2958 m->max_send_times = SCTP_BASE_SYSCTL(sctp_assoc_rtx_max_default);
2959 m->def_net_failure = SCTP_BASE_SYSCTL(sctp_path_rtx_max_default);
2960 m->def_net_pf_threshold = SCTP_BASE_SYSCTL(sctp_path_pf_threshold);
2961 m->sctp_sws_sender = SCTP_SWS_SENDER_DEF;
2962 m->sctp_sws_receiver = SCTP_SWS_RECEIVER_DEF;
2963 m->max_burst = SCTP_BASE_SYSCTL(sctp_max_burst_default);
2964 m->fr_max_burst = SCTP_BASE_SYSCTL(sctp_fr_max_burst_default);
2966 m->sctp_default_cc_module = SCTP_BASE_SYSCTL(sctp_default_cc_module);
2967 m->sctp_default_ss_module = SCTP_BASE_SYSCTL(sctp_default_ss_module);
2968 m->max_open_streams_intome = SCTP_BASE_SYSCTL(sctp_nr_incoming_streams_default);
2969 /* number of streams to pre-open on a association */
2970 m->pre_open_stream_count = SCTP_BASE_SYSCTL(sctp_nr_outgoing_streams_default);
2972 /* Add adaptation cookie */
2973 m->adaptation_layer_indicator = 0;
2974 m->adaptation_layer_indicator_provided = 0;
2976 /* seed random number generator */
2977 m->random_counter = 1;
2978 m->store_at = SCTP_SIGNATURE_SIZE;
2979 SCTP_READ_RANDOM(m->random_numbers, sizeof(m->random_numbers));
2980 sctp_fill_random_store(m);
2982 /* Minimum cookie size */
2983 m->size_of_a_cookie = (sizeof(struct sctp_init_msg) * 2) +
2984 sizeof(struct sctp_state_cookie);
2985 m->size_of_a_cookie += SCTP_SIGNATURE_SIZE;
2987 /* Setup the initial secret */
2988 (void)SCTP_GETTIME_TIMEVAL(&time);
2989 m->time_of_secret_change = time.tv_sec;
2991 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) {
2992 m->secret_key[0][i] = sctp_select_initial_TSN(m);
2994 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL);
2996 /* How long is a cookie good for ? */
2997 m->def_cookie_life = MSEC_TO_TICKS(SCTP_BASE_SYSCTL(sctp_valid_cookie_life_default));
2999 * Initialize authentication parameters
3001 m->local_hmacs = sctp_default_supported_hmaclist();
3002 m->local_auth_chunks = sctp_alloc_chunklist();
3003 m->default_dscp = 0;
3005 m->default_flowlabel = 0;
3007 m->port = 0; /* encapsulation disabled by default */
3008 sctp_auth_set_default_chunks(m->local_auth_chunks);
3009 LIST_INIT(&m->shared_keys);
3010 /* add default NULL key as key id 0 */
3011 null_key = sctp_alloc_sharedkey();
3012 sctp_insert_sharedkey(&m->shared_keys, null_key);
3013 SCTP_INP_WUNLOCK(inp);
3014 #ifdef SCTP_LOG_CLOSING
3015 sctp_log_closing(inp, NULL, 12);
3022 sctp_move_pcb_and_assoc(struct sctp_inpcb *old_inp, struct sctp_inpcb *new_inp,
3023 struct sctp_tcb *stcb)
3025 struct sctp_nets *net;
3026 uint16_t lport, rport;
3027 struct sctppcbhead *head;
3028 struct sctp_laddr *laddr, *oladdr;
3030 atomic_add_int(&stcb->asoc.refcnt, 1);
3031 SCTP_TCB_UNLOCK(stcb);
3032 SCTP_INP_INFO_WLOCK();
3033 SCTP_INP_WLOCK(old_inp);
3034 SCTP_INP_WLOCK(new_inp);
3035 SCTP_TCB_LOCK(stcb);
3036 atomic_subtract_int(&stcb->asoc.refcnt, 1);
3038 new_inp->sctp_ep.time_of_secret_change =
3039 old_inp->sctp_ep.time_of_secret_change;
3040 memcpy(new_inp->sctp_ep.secret_key, old_inp->sctp_ep.secret_key,
3041 sizeof(old_inp->sctp_ep.secret_key));
3042 new_inp->sctp_ep.current_secret_number =
3043 old_inp->sctp_ep.current_secret_number;
3044 new_inp->sctp_ep.last_secret_number =
3045 old_inp->sctp_ep.last_secret_number;
3046 new_inp->sctp_ep.size_of_a_cookie = old_inp->sctp_ep.size_of_a_cookie;
3048 /* make it so new data pours into the new socket */
3049 stcb->sctp_socket = new_inp->sctp_socket;
3050 stcb->sctp_ep = new_inp;
3052 /* Copy the port across */
3053 lport = new_inp->sctp_lport = old_inp->sctp_lport;
3054 rport = stcb->rport;
3055 /* Pull the tcb from the old association */
3056 LIST_REMOVE(stcb, sctp_tcbhash);
3057 LIST_REMOVE(stcb, sctp_tcblist);
3058 if (stcb->asoc.in_asocid_hash) {
3059 LIST_REMOVE(stcb, sctp_tcbasocidhash);
3061 /* Now insert the new_inp into the TCP connected hash */
3062 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR((lport | rport), SCTP_BASE_INFO(hashtcpmark))];
3064 LIST_INSERT_HEAD(head, new_inp, sctp_hash);
3065 /* Its safe to access */
3066 new_inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND;
3068 /* Now move the tcb into the endpoint list */
3069 LIST_INSERT_HEAD(&new_inp->sctp_asoc_list, stcb, sctp_tcblist);
3071 * Question, do we even need to worry about the ep-hash since we
3072 * only have one connection? Probably not :> so lets get rid of it
3073 * and not suck up any kernel memory in that.
3075 if (stcb->asoc.in_asocid_hash) {
3076 struct sctpasochead *lhd;
3077 lhd = &new_inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(stcb->asoc.assoc_id,
3078 new_inp->hashasocidmark)];
3079 LIST_INSERT_HEAD(lhd, stcb, sctp_tcbasocidhash);
3081 /* Ok. Let's restart timer. */
3082 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
3083 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, new_inp,
3087 SCTP_INP_INFO_WUNLOCK();
3088 if (new_inp->sctp_tcbhash != NULL) {
3089 SCTP_HASH_FREE(new_inp->sctp_tcbhash, new_inp->sctp_hashmark);
3090 new_inp->sctp_tcbhash = NULL;
3092 if ((new_inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) {
3093 /* Subset bound, so copy in the laddr list from the old_inp */
3094 LIST_FOREACH(oladdr, &old_inp->sctp_addr_list, sctp_nxt_addr) {
3095 laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
3096 if (laddr == NULL) {
3098 * Gak, what can we do? This assoc is really
3099 * HOSED. We probably should send an abort
3102 SCTPDBG(SCTP_DEBUG_PCB1, "Association hosed in TCP model, out of laddr memory\n");
3105 SCTP_INCR_LADDR_COUNT();
3106 bzero(laddr, sizeof(*laddr));
3107 (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time);
3108 laddr->ifa = oladdr->ifa;
3109 atomic_add_int(&laddr->ifa->refcount, 1);
3110 LIST_INSERT_HEAD(&new_inp->sctp_addr_list, laddr,
3112 new_inp->laddr_count++;
3113 if (oladdr == stcb->asoc.last_used_address) {
3114 stcb->asoc.last_used_address = laddr;
3118 /* Now any running timers need to be adjusted
3119 * since we really don't care if they are running
3120 * or not just blast in the new_inp into all of
3124 stcb->asoc.dack_timer.ep = (void *)new_inp;
3125 stcb->asoc.asconf_timer.ep = (void *)new_inp;
3126 stcb->asoc.strreset_timer.ep = (void *)new_inp;
3127 stcb->asoc.shut_guard_timer.ep = (void *)new_inp;
3128 stcb->asoc.autoclose_timer.ep = (void *)new_inp;
3129 stcb->asoc.delayed_event_timer.ep = (void *)new_inp;
3130 stcb->asoc.delete_prim_timer.ep = (void *)new_inp;
3131 /* now what about the nets? */
3132 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
3133 net->pmtu_timer.ep = (void *)new_inp;
3134 net->hb_timer.ep = (void *)new_inp;
3135 net->rxt_timer.ep = (void *)new_inp;
3137 SCTP_INP_WUNLOCK(new_inp);
3138 SCTP_INP_WUNLOCK(old_inp);
3142 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Userspace__))
3144 * Don't know why, but without this there is an unknown reference when
3145 * compiling NetBSD... hmm
3147 extern void in6_sin6_2_sin(struct sockaddr_in *, struct sockaddr_in6 *sin6);
3151 /* sctp_ifap is used to bypass normal local address validation checks */
3153 #if defined(__FreeBSD__) && __FreeBSD_version >= 500000
3154 sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
3155 struct sctp_ifa *sctp_ifap, struct thread *p)
3156 #elif defined(__Windows__)
3157 sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
3158 struct sctp_ifa *sctp_ifap, PKTHREAD p)
3160 sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
3161 struct sctp_ifa *sctp_ifap, struct proc *p)
3164 /* bind a ep to a socket address */
3165 struct sctppcbhead *head;
3166 struct sctp_inpcb *inp, *inp_tmp;
3167 #if defined(INET) || (defined(INET6) && defined(__APPLE__)) || defined(__FreeBSD__) || defined(__APPLE__)
3168 struct inpcb *ip_inp;
3170 int port_reuse_active = 0;
3182 inp = (struct sctp_inpcb *)so->so_pcb;
3183 #if defined(INET) || (defined(INET6) && defined(__APPLE__)) || defined(__FreeBSD__) || defined(__APPLE__)
3184 ip_inp = (struct inpcb *)so->so_pcb;
3188 SCTPDBG(SCTP_DEBUG_PCB1, "Bind called port: %d\n",
3189 ntohs(((struct sockaddr_in *)addr)->sin_port));
3190 SCTPDBG(SCTP_DEBUG_PCB1, "Addr: ");
3191 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, addr);
3194 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) == 0) {
3195 /* already did a bind, subsequent binds NOT allowed ! */
3196 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
3199 #if defined(__FreeBSD__) && __FreeBSD_version >= 500000
3202 panic("null proc/thread");
3206 switch (addr->sa_family) {
3210 struct sockaddr_in *sin;
3212 /* IPV6_V6ONLY socket? */
3213 if (SCTP_IPV6_V6ONLY(ip_inp)) {
3214 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
3218 if (addr->sa_len != sizeof(*sin)) {
3219 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
3224 sin = (struct sockaddr_in *)addr;
3225 lport = sin->sin_port;
3226 #if defined(__FreeBSD__) && __FreeBSD_version >= 800000
3228 * For LOOPBACK the prison_local_ip4() call will transmute the ip address
3229 * to the proper value.
3231 if (p && (error = prison_local_ip4(p->td_ucred, &sin->sin_addr)) != 0) {
3232 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
3236 if (sin->sin_addr.s_addr != INADDR_ANY) {
3245 /* Only for pure IPv6 Address. (No IPv4 Mapped!) */
3246 struct sockaddr_in6 *sin6;
3248 sin6 = (struct sockaddr_in6 *)addr;
3251 if (addr->sa_len != sizeof(*sin6)) {
3252 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
3256 lport = sin6->sin6_port;
3257 #if defined(__FreeBSD__) && __FreeBSD_version >= 800000
3259 * For LOOPBACK the prison_local_ip6() call will transmute the ipv6 address
3260 * to the proper value.
3262 if (p && (error = prison_local_ip6(p->td_ucred, &sin6->sin6_addr,
3263 (SCTP_IPV6_V6ONLY(inp) != 0))) != 0) {
3264 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
3268 if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
3270 #ifdef SCTP_EMBEDDED_V6_SCOPE
3271 /* KAME hack: embed scopeid */
3272 #if defined(SCTP_KAME)
3273 if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
3274 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
3277 #elif defined(__APPLE__)
3278 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
3279 if (in6_embedscope(&sin6->sin6_addr, sin6, ip_inp, NULL) != 0) {
3281 if (in6_embedscope(&sin6->sin6_addr, sin6, ip_inp, NULL, NULL) != 0) {
3283 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
3286 #elif defined(__FreeBSD__)
3287 error = scope6_check_id(sin6, MODULE_GLOBAL(ip6_use_defzone));
3289 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
3293 if (in6_embedscope(&sin6->sin6_addr, sin6) != 0) {
3294 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
3298 #endif /* SCTP_EMBEDDED_V6_SCOPE */
3300 #ifndef SCOPEDROUTING
3301 /* this must be cleared for ifa_ifwithaddr() */
3302 sin6->sin6_scope_id = 0;
3303 #endif /* SCOPEDROUTING */
3307 #if defined(__Userspace__)
3310 struct sockaddr_conn *sconn;
3313 if (addr->sa_len != sizeof(struct sockaddr_conn)) {
3314 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
3318 sconn = (struct sockaddr_conn *)addr;
3319 lport = sconn->sconn_port;
3320 if (sconn->sconn_addr != NULL) {
3327 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EAFNOSUPPORT);
3328 return (EAFNOSUPPORT);
3331 SCTP_INP_INFO_WLOCK();
3332 SCTP_INP_WLOCK(inp);
3333 /* Setup a vrf_id to be the default for the non-bind-all case. */
3334 vrf_id = inp->def_vrf_id;
3336 /* increase our count due to the unlock we do */
3337 SCTP_INP_INCR_REF(inp);
3340 * Did the caller specify a port? if so we must see if an ep
3341 * already has this one bound.
3343 /* got to be root to get at low ports */
3344 #if !defined(__Windows__)
3345 if (ntohs(lport) < IPPORT_RESERVED) {
3348 #if __FreeBSD_version > 602000
3349 priv_check(p, PRIV_NETINET_RESERVEDPORT)
3350 #elif __FreeBSD_version >= 500000
3351 suser_cred(p->td_ucred, 0)
3355 #elif defined(__APPLE__)
3356 suser(p->p_ucred, &p->p_acflag)
3357 #elif defined(__Userspace__) /* must be true to use raw socket */
3363 SCTP_INP_DECR_REF(inp);
3364 SCTP_INP_WUNLOCK(inp);
3365 SCTP_INP_INFO_WUNLOCK();
3368 #if defined(__Panda__)
3369 if (!SCTP_IS_PRIVILEDGED(so)) {
3370 SCTP_INP_DECR_REF(inp);
3371 SCTP_INP_WUNLOCK(inp);
3372 SCTP_INP_INFO_WUNLOCK();
3373 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EACCES);
3378 #if !defined(__Panda__) && !defined(__Userspace__)
3380 SCTP_INP_DECR_REF(inp);
3381 SCTP_INP_WUNLOCK(inp);
3382 SCTP_INP_INFO_WUNLOCK();
3383 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
3387 #endif /* __Windows__ */
3388 SCTP_INP_WUNLOCK(inp);
3391 for (i = 0; i < inp->num_vrfs; i++) {
3392 vrf_id = inp->m_vrf_ids[i];
3394 vrf_id = inp->def_vrf_id;
3396 inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id);
3397 if (inp_tmp != NULL) {
3399 * lock guy returned and lower count
3400 * note that we are not bound so
3401 * inp_tmp should NEVER be inp. And
3402 * it is this inp (inp_tmp) that gets
3403 * the reference bump, so we must
3406 SCTP_INP_DECR_REF(inp_tmp);
3408 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) &&
3409 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) {
3410 /* Ok, must be one-2-one and allowing port re-use */
3411 port_reuse_active = 1;
3412 goto continue_anyway;
3414 SCTP_INP_DECR_REF(inp);
3415 SCTP_INP_INFO_WUNLOCK();
3416 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE);
3417 return (EADDRINUSE);
3423 inp_tmp = sctp_pcb_findep(addr, 0, 1, vrf_id);
3424 if (inp_tmp != NULL) {
3426 * lock guy returned and lower count note
3427 * that we are not bound so inp_tmp should
3428 * NEVER be inp. And it is this inp (inp_tmp)
3429 * that gets the reference bump, so we must
3432 SCTP_INP_DECR_REF(inp_tmp);
3434 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) &&
3435 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) {
3436 /* Ok, must be one-2-one and allowing port re-use */
3437 port_reuse_active = 1;
3438 goto continue_anyway;
3440 SCTP_INP_DECR_REF(inp);
3441 SCTP_INP_INFO_WUNLOCK();
3442 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE);
3443 return (EADDRINUSE);
3447 SCTP_INP_WLOCK(inp);
3449 /* verify that no lport is not used by a singleton */
3450 if ((port_reuse_active == 0) &&
3451 (inp_tmp = sctp_isport_inuse(inp, lport, vrf_id))) {
3452 /* Sorry someone already has this one bound */
3453 if ((sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) &&
3454 (sctp_is_feature_on(inp_tmp, SCTP_PCB_FLAGS_PORTREUSE))) {
3455 port_reuse_active = 1;
3457 SCTP_INP_DECR_REF(inp);
3458 SCTP_INP_WUNLOCK(inp);
3459 SCTP_INP_INFO_WUNLOCK();
3460 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE);
3461 return (EADDRINUSE);
3466 uint16_t first, last, candidate;
3470 #if defined(__Windows__)
3474 #if defined(__Userspace__)
3475 /* TODO ensure uid is 0, etc... */
3476 #elif defined(__FreeBSD__) || defined(__APPLE__)
3477 if (ip_inp->inp_flags & INP_HIGHPORT) {
3478 first = MODULE_GLOBAL(ipport_hifirstauto);
3479 last = MODULE_GLOBAL(ipport_hilastauto);
3480 } else if (ip_inp->inp_flags & INP_LOWPORT) {
3483 #if __FreeBSD_version > 602000
3484 priv_check(p, PRIV_NETINET_RESERVEDPORT)
3485 #elif __FreeBSD_version >= 500000
3486 suser_cred(p->td_ucred, 0)
3490 #elif defined(__APPLE__)
3491 suser(p->p_ucred, &p->p_acflag)
3496 SCTP_INP_DECR_REF(inp);
3497 SCTP_INP_WUNLOCK(inp);
3498 SCTP_INP_INFO_WUNLOCK();
3499 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
3502 first = MODULE_GLOBAL(ipport_lowfirstauto);
3503 last = MODULE_GLOBAL(ipport_lowlastauto);
3506 first = MODULE_GLOBAL(ipport_firstauto);
3507 last = MODULE_GLOBAL(ipport_lastauto);
3508 #if defined(__FreeBSD__) || defined(__APPLE__)
3511 #endif /* __Windows__ */
3519 count = last - first + 1; /* number of candidates */
3520 candidate = first + sctp_select_initial_TSN(&inp->sctp_ep) % (count);
3525 for (i = 0; i < inp->num_vrfs; i++) {
3526 if (sctp_isport_inuse(inp, htons(candidate), inp->m_vrf_ids[i]) != NULL) {
3530 if (i == inp->num_vrfs) {
3534 if (sctp_isport_inuse(inp, htons(candidate), inp->def_vrf_id) == NULL) {
3540 SCTP_INP_DECR_REF(inp);
3541 SCTP_INP_WUNLOCK(inp);
3542 SCTP_INP_INFO_WUNLOCK();
3543 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRINUSE);
3544 return (EADDRINUSE);
3546 if (candidate == last)
3549 candidate = candidate + 1;
3552 lport = htons(candidate);
3554 SCTP_INP_DECR_REF(inp);
3555 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE |
3556 SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
3558 * this really should not happen. The guy did a non-blocking
3559 * bind and then did a close at the same time.
3561 SCTP_INP_WUNLOCK(inp);
3562 SCTP_INP_INFO_WUNLOCK();
3563 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
3566 /* ok we look clear to give out this port, so lets setup the binding */
3568 /* binding to all addresses, so just set in the proper flags */
3569 inp->sctp_flags |= SCTP_PCB_FLAGS_BOUNDALL;
3570 /* set the automatic addr changes from kernel flag */
3571 if (SCTP_BASE_SYSCTL(sctp_auto_asconf) == 0) {
3572 sctp_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF);
3573 sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
3575 sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF);
3576 sctp_feature_on(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
3578 if (SCTP_BASE_SYSCTL(sctp_multiple_asconfs) == 0) {
3579 sctp_feature_off(inp, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS);
3581 sctp_feature_on(inp, SCTP_PCB_FLAGS_MULTIPLE_ASCONFS);
3583 /* set the automatic mobility_base from kernel
3586 if (SCTP_BASE_SYSCTL(sctp_mobility_base) == 0) {
3587 sctp_mobility_feature_off(inp, SCTP_MOBILITY_BASE);
3588 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
3590 sctp_mobility_feature_on(inp, SCTP_MOBILITY_BASE);
3591 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
3593 /* set the automatic mobility_fasthandoff from kernel
3596 if (SCTP_BASE_SYSCTL(sctp_mobility_fasthandoff) == 0) {
3597 sctp_mobility_feature_off(inp, SCTP_MOBILITY_FASTHANDOFF);
3598 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
3600 sctp_mobility_feature_on(inp, SCTP_MOBILITY_FASTHANDOFF);
3601 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
3605 * bind specific, make sure flags is off and add a new
3606 * address structure to the sctp_addr_list inside the ep
3609 * We will need to allocate one and insert it at the head. The
3610 * socketopt call can just insert new addresses in there as
3611 * well. It will also have to do the embed scope kame hack
3612 * too (before adding).
3614 struct sctp_ifa *ifa;
3615 struct sockaddr_storage store_sa;
3617 memset(&store_sa, 0, sizeof(store_sa));
3618 switch (addr->sa_family) {
3622 struct sockaddr_in *sin;
3624 sin = (struct sockaddr_in *)&store_sa;
3625 memcpy(sin, addr, sizeof(struct sockaddr_in));
3633 struct sockaddr_in6 *sin6;
3635 sin6 = (struct sockaddr_in6 *)&store_sa;
3636 memcpy(sin6, addr, sizeof(struct sockaddr_in6));
3637 sin6->sin6_port = 0;
3641 #if defined(__Userspace__)
3644 struct sockaddr_conn *sconn;
3646 sconn = (struct sockaddr_conn *)&store_sa;
3647 memcpy(sconn, addr, sizeof(struct sockaddr_conn));
3648 sconn->sconn_port = 0;
3656 * first find the interface with the bound address need to
3657 * zero out the port to find the address! yuck! can't do
3658 * this earlier since need port for sctp_pcb_findep()
3660 if (sctp_ifap != NULL) {
3663 /* Note for BSD we hit here always other
3664 * O/S's will pass things in via the
3665 * sctp_ifap argument (Panda).
3667 ifa = sctp_find_ifa_by_addr((struct sockaddr *)&store_sa,
3668 vrf_id, SCTP_ADDR_NOT_LOCKED);
3671 /* Can't find an interface with that address */
3672 SCTP_INP_WUNLOCK(inp);
3673 SCTP_INP_INFO_WUNLOCK();
3674 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EADDRNOTAVAIL);
3675 return (EADDRNOTAVAIL);
3678 if (addr->sa_family == AF_INET6) {
3679 /* GAK, more FIXME IFA lock? */
3680 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
3681 /* Can't bind a non-existent addr. */
3682 SCTP_INP_WUNLOCK(inp);
3683 SCTP_INP_INFO_WUNLOCK();
3684 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
3689 /* we're not bound all */
3690 inp->sctp_flags &= ~SCTP_PCB_FLAGS_BOUNDALL;
3691 /* allow bindx() to send ASCONF's for binding changes */
3692 sctp_feature_on(inp, SCTP_PCB_FLAGS_DO_ASCONF);
3693 /* clear automatic addr changes from kernel flag */
3694 sctp_feature_off(inp, SCTP_PCB_FLAGS_AUTO_ASCONF);
3696 /* add this address to the endpoint list */
3697 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, 0);
3699 SCTP_INP_WUNLOCK(inp);
3700 SCTP_INP_INFO_WUNLOCK();
3705 /* find the bucket */
3706 if (port_reuse_active) {
3707 /* Put it into tcp 1-2-1 hash */
3708 head = &SCTP_BASE_INFO(sctp_tcpephash)[SCTP_PCBHASH_ALLADDR(lport, SCTP_BASE_INFO(hashtcpmark))];
3709 inp->sctp_flags |= SCTP_PCB_FLAGS_IN_TCPPOOL;
3711 head = &SCTP_BASE_INFO(sctp_ephash)[SCTP_PCBHASH_ALLADDR(lport, SCTP_BASE_INFO(hashmark))];
3713 /* put it in the bucket */
3714 LIST_INSERT_HEAD(head, inp, sctp_hash);
3715 SCTPDBG(SCTP_DEBUG_PCB1, "Main hash to bind at head:%p, bound port:%d - in tcp_pool=%d\n",
3716 (void *)head, ntohs(lport), port_reuse_active);
3717 /* set in the port */
3718 inp->sctp_lport = lport;
3720 /* turn off just the unbound flag */
3721 inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND;
3722 SCTP_INP_WUNLOCK(inp);
3723 SCTP_INP_INFO_WUNLOCK();
3729 sctp_iterator_inp_being_freed(struct sctp_inpcb *inp)
3731 struct sctp_iterator *it, *nit;
3734 * We enter with the only the ITERATOR_LOCK in place and a write
3735 * lock on the inp_info stuff.
3737 it = sctp_it_ctl.cur_it;
3738 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000
3739 if (it && (it->vn != curvnet)) {
3740 /* Its not looking at our VNET */
3744 if (it && (it->inp == inp)) {
3746 * This is tricky and we hold the iterator lock,
3747 * but when it returns and gets the lock (when we
3748 * release it) the iterator will try to operate on
3749 * inp. We need to stop that from happening. But
3750 * of course the iterator has a reference on the
3751 * stcb and inp. We can mark it and it will stop.
3753 * If its a single iterator situation, we
3754 * set the end iterator flag. Otherwise
3755 * we set the iterator to go to the next inp.
3758 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
3759 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_IT;
3761 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_INP;
3764 /* Now go through and remove any single reference to
3765 * our inp that may be still pending on the list
3767 SCTP_IPI_ITERATOR_WQ_LOCK();
3768 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) {
3769 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000
3770 if (it->vn != curvnet) {
3774 if (it->inp == inp) {
3775 /* This one points to me is it inp specific? */
3776 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
3777 /* Remove and free this one */
3778 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead,
3780 if (it->function_atend != NULL) {
3781 (*it->function_atend) (it->pointer, it->val);
3783 SCTP_FREE(it, SCTP_M_ITER);
3785 it->inp = LIST_NEXT(it->inp, sctp_list);
3787 SCTP_INP_INCR_REF(it->inp);
3790 /* When its put in the refcnt is incremented so decr it */
3791 SCTP_INP_DECR_REF(inp);
3794 SCTP_IPI_ITERATOR_WQ_UNLOCK();
3797 /* release sctp_inpcb unbind the port */
3799 sctp_inpcb_free(struct sctp_inpcb *inp, int immediate, int from)
3802 * Here we free a endpoint. We must find it (if it is in the Hash
3803 * table) and remove it from there. Then we must also find it in the
3804 * overall list and remove it from there. After all removals are
3805 * complete then any timer has to be stopped. Then start the actual
3806 * freeing. a) Any local lists. b) Any associations. c) The hash of
3807 * all associations. d) finally the ep itself.
3809 struct sctp_tcb *asoc, *nasoc;
3810 struct sctp_laddr *laddr, *nladdr;
3811 struct inpcb *ip_pcb;
3813 int being_refed = 0;
3814 struct sctp_queued_to_read *sq, *nsq;
3815 #if !defined(__Panda__) && !defined(__Userspace__)
3816 #if !defined(__FreeBSD__) || __FreeBSD_version < 500000
3821 sctp_sharedkey_t *shared_key, *nshared_key;
3824 #if defined(__APPLE__)
3825 sctp_lock_assert(SCTP_INP_SO(inp));
3827 #ifdef SCTP_LOG_CLOSING
3828 sctp_log_closing(inp, NULL, 0);
3830 SCTP_ITERATOR_LOCK();
3831 /* mark any iterators on the list or being processed */
3832 sctp_iterator_inp_being_freed(inp);
3833 SCTP_ITERATOR_UNLOCK();
3834 so = inp->sctp_socket;
3835 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
3836 /* been here before.. eeks.. get out of here */
3837 SCTP_PRINTF("This conflict in free SHOULD not be happening! from %d, imm %d\n", from, immediate);
3838 #ifdef SCTP_LOG_CLOSING
3839 sctp_log_closing(inp, NULL, 1);
3843 SCTP_ASOC_CREATE_LOCK(inp);
3844 SCTP_INP_INFO_WLOCK();
3846 SCTP_INP_WLOCK(inp);
3847 if (from == SCTP_CALLED_AFTER_CMPSET_OFCLOSE) {
3848 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CLOSE_IP;
3849 /* socket is gone, so no more wakeups allowed */
3850 inp->sctp_flags |= SCTP_PCB_FLAGS_DONT_WAKE;
3851 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEINPUT;
3852 inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEOUTPUT;
3855 /* First time through we have the socket lock, after that no more. */
3856 sctp_timer_stop(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL,
3857 SCTP_FROM_SCTP_PCB+SCTP_LOC_1);
3860 sctp_m_freem(inp->control);
3861 inp->control = NULL;
3864 sctp_m_freem(inp->pkt);
3867 ip_pcb = &inp->ip_inp.inp; /* we could just cast the main pointer
3868 * here but I will be nice :> (i.e.
3870 if (immediate == SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE) {
3874 LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_list, sctp_tcblist, nasoc) {
3875 SCTP_TCB_LOCK(asoc);
3876 if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
3877 /* Skip guys being freed */
3879 if (asoc->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE) {
3881 * Special case - we did not start a kill
3882 * timer on the asoc due to it was not
3883 * closed. So go ahead and start it now.
3885 asoc->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE;
3886 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, asoc, NULL);
3888 SCTP_TCB_UNLOCK(asoc);
3891 if (((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_WAIT) ||
3892 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_ECHOED)) &&
3893 (asoc->asoc.total_output_queue_size == 0)) {
3894 /* If we have data in queue, we don't want to just
3895 * free since the app may have done, send()/close
3896 * or connect/send/close. And it wants the data
3897 * to get across first.
3899 /* Just abandon things in the front states */
3900 if (sctp_free_assoc(inp, asoc, SCTP_PCBFREE_NOFORCE,
3901 SCTP_FROM_SCTP_PCB+SCTP_LOC_2) == 0) {
3906 /* Disconnect the socket please */
3907 asoc->sctp_socket = NULL;
3908 asoc->asoc.state |= SCTP_STATE_CLOSED_SOCKET;
3909 if ((asoc->asoc.size_on_reasm_queue > 0) ||
3910 (asoc->asoc.control_pdapi) ||
3911 (asoc->asoc.size_on_all_streams > 0) ||
3912 (so && (so->so_rcv.sb_cc > 0))) {
3913 /* Left with Data unread */
3914 struct mbuf *op_err;
3916 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, "");
3917 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB+SCTP_LOC_3;
3918 sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED);
3919 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
3920 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
3921 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
3922 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
3924 if (sctp_free_assoc(inp, asoc,
3925 SCTP_PCBFREE_NOFORCE, SCTP_FROM_SCTP_PCB+SCTP_LOC_4) == 0) {
3929 } else if (TAILQ_EMPTY(&asoc->asoc.send_queue) &&
3930 TAILQ_EMPTY(&asoc->asoc.sent_queue) &&
3931 (asoc->asoc.stream_queue_cnt == 0)) {
3932 if (asoc->asoc.locked_on_sending) {
3935 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
3936 (SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
3937 struct sctp_nets *netp;
3940 * there is nothing queued to send,
3941 * so I send shutdown
3943 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
3944 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
3945 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
3947 SCTP_SET_STATE(&asoc->asoc, SCTP_STATE_SHUTDOWN_SENT);
3948 SCTP_CLEAR_SUBSTATE(&asoc->asoc, SCTP_STATE_SHUTDOWN_PENDING);
3949 sctp_stop_timers_for_shutdown(asoc);
3950 if (asoc->asoc.alternate) {
3951 netp = asoc->asoc.alternate;
3953 netp = asoc->asoc.primary_destination;
3955 sctp_send_shutdown(asoc, netp);
3956 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, asoc->sctp_ep, asoc,
3958 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc,
3959 asoc->asoc.primary_destination);
3960 sctp_chunk_output(inp, asoc, SCTP_OUTPUT_FROM_SHUT_TMR, SCTP_SO_LOCKED);
3963 /* mark into shutdown pending */
3964 struct sctp_stream_queue_pending *sp;
3966 asoc->asoc.state |= SCTP_STATE_SHUTDOWN_PENDING;
3967 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc,
3968 asoc->asoc.primary_destination);
3969 if (asoc->asoc.locked_on_sending) {
3970 sp = TAILQ_LAST(&((asoc->asoc.locked_on_sending)->outqueue),
3973 SCTP_PRINTF("Error, sp is NULL, locked on sending is %p strm:%d\n",
3974 (void *)asoc->asoc.locked_on_sending,
3975 asoc->asoc.locked_on_sending->stream_no);
3977 if ((sp->length == 0) && (sp->msg_is_complete == 0))
3978 asoc->asoc.state |= SCTP_STATE_PARTIAL_MSG_LEFT;
3981 if (TAILQ_EMPTY(&asoc->asoc.send_queue) &&
3982 TAILQ_EMPTY(&asoc->asoc.sent_queue) &&
3983 (asoc->asoc.state & SCTP_STATE_PARTIAL_MSG_LEFT)) {
3984 struct mbuf *op_err;
3986 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, "");
3987 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB+SCTP_LOC_5;
3988 sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED);
3989 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
3990 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
3991 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
3992 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
3994 if (sctp_free_assoc(inp, asoc,
3995 SCTP_PCBFREE_NOFORCE,
3996 SCTP_FROM_SCTP_PCB+SCTP_LOC_6) == 0) {
4001 sctp_chunk_output(inp, asoc, SCTP_OUTPUT_FROM_CLOSING, SCTP_SO_LOCKED);
4005 SCTP_TCB_UNLOCK(asoc);
4007 /* now is there some left in our SHUTDOWN state? */
4009 #ifdef SCTP_LOG_CLOSING
4010 sctp_log_closing(inp, NULL, 2);
4012 inp->sctp_socket = NULL;
4013 SCTP_INP_WUNLOCK(inp);
4014 SCTP_ASOC_CREATE_UNLOCK(inp);
4015 SCTP_INP_INFO_WUNLOCK();
4019 inp->sctp_socket = NULL;
4020 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) !=
4021 SCTP_PCB_FLAGS_UNBOUND) {
4023 * ok, this guy has been bound. It's port is
4024 * somewhere in the SCTP_BASE_INFO(hash table). Remove
4027 LIST_REMOVE(inp, sctp_hash);
4028 inp->sctp_flags |= SCTP_PCB_FLAGS_UNBOUND;
4031 /* If there is a timer running to kill us,
4032 * forget it, since it may have a contest
4033 * on the INP lock.. which would cause us
4037 LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_list, sctp_tcblist, nasoc) {
4038 SCTP_TCB_LOCK(asoc);
4039 if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
4040 if (asoc->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE) {
4041 asoc->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE;
4042 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, asoc, NULL);
4045 SCTP_TCB_UNLOCK(asoc);
4048 /* Free associations that are NOT killing us */
4049 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_COOKIE_WAIT) &&
4050 ((asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) {
4051 struct mbuf *op_err;
4053 op_err = sctp_generate_cause(SCTP_CAUSE_USER_INITIATED_ABT, "");
4054 asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB+SCTP_LOC_7;
4055 sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED);
4056 SCTP_STAT_INCR_COUNTER32(sctps_aborted);
4057 } else if (asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
4059 SCTP_TCB_UNLOCK(asoc);
4062 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_OPEN) ||
4063 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
4064 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
4066 if (sctp_free_assoc(inp, asoc, SCTP_PCBFREE_FORCE, SCTP_FROM_SCTP_PCB+SCTP_LOC_8) == 0) {
4071 /* Ok we have someone out there that will kill us */
4072 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
4073 #ifdef SCTP_LOG_CLOSING
4074 sctp_log_closing(inp, NULL, 3);
4076 SCTP_INP_WUNLOCK(inp);
4077 SCTP_ASOC_CREATE_UNLOCK(inp);
4078 SCTP_INP_INFO_WUNLOCK();
4081 if (SCTP_INP_LOCK_CONTENDED(inp))
4083 if (SCTP_INP_READ_CONTENDED(inp))
4085 if (SCTP_ASOC_CREATE_LOCK_CONTENDED(inp))
4088 if ((inp->refcount) ||
4090 (inp->sctp_flags & SCTP_PCB_FLAGS_CLOSE_IP)) {
4091 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
4092 #ifdef SCTP_LOG_CLOSING
4093 sctp_log_closing(inp, NULL, 4);
4095 sctp_timer_start(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL);
4096 SCTP_INP_WUNLOCK(inp);
4097 SCTP_ASOC_CREATE_UNLOCK(inp);
4098 SCTP_INP_INFO_WUNLOCK();
4101 inp->sctp_ep.signature_change.type = 0;
4102 inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_ALLGONE;
4103 /* Remove it from the list .. last thing we need a
4106 LIST_REMOVE(inp, sctp_list);
4107 SCTP_INP_WUNLOCK(inp);
4108 SCTP_ASOC_CREATE_UNLOCK(inp);
4109 SCTP_INP_INFO_WUNLOCK();
4110 /* Now we release all locks. Since this INP
4111 * cannot be found anymore except possibly by the
4112 * kill timer that might be running. We call
4113 * the drain function here. It should hit the case
4114 * were it sees the ACTIVE flag cleared and exit
4115 * out freeing us to proceed and destroy everything.
4117 if (from != SCTP_CALLED_FROM_INPKILL_TIMER) {
4118 (void)SCTP_OS_TIMER_STOP_DRAIN(&inp->sctp_ep.signature_change.timer);
4120 /* Probably un-needed */
4121 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.signature_change.timer);
4124 #ifdef SCTP_LOG_CLOSING
4125 sctp_log_closing(inp, NULL, 5);
4128 #if !(defined(__Panda__) || defined(__Windows__) || defined(__Userspace__))
4129 #if !defined(__FreeBSD__) || __FreeBSD_version < 500000
4130 rt = ip_pcb->inp_route.ro_rt;
4134 #if defined(__Panda__)
4135 if (inp->pak_to_read) {
4136 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.zero_copy_timer.timer);
4137 SCTP_RELEASE_PKT(inp->pak_to_read);
4138 inp->pak_to_read = NULL;
4140 if (inp->pak_to_read_sendq) {
4141 (void)SCTP_OS_TIMER_STOP(&inp->sctp_ep.zero_copy_sendq_timer.timer);
4142 SCTP_RELEASE_PKT(inp->pak_to_read_sendq);
4143 inp->pak_to_read_sendq = NULL;
4146 if ((inp->sctp_asocidhash) != NULL) {
4147 SCTP_HASH_FREE(inp->sctp_asocidhash, inp->hashasocidmark);
4148 inp->sctp_asocidhash = NULL;
4150 /*sa_ignore FREED_MEMORY*/
4151 TAILQ_FOREACH_SAFE(sq, &inp->read_queue, next, nsq) {
4152 /* Its only abandoned if it had data left */
4154 SCTP_STAT_INCR(sctps_left_abandon);
4156 TAILQ_REMOVE(&inp->read_queue, sq, next);
4157 sctp_free_remote_addr(sq->whoFrom);
4159 so->so_rcv.sb_cc -= sq->length;
4161 sctp_m_freem(sq->data);
4165 * no need to free the net count, since at this point all
4168 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), sq);
4169 SCTP_DECR_READQ_COUNT();
4171 /* Now the sctp_pcb things */
4173 * free each asoc if it is not already closed/free. we can't use the
4174 * macro here since le_next will get freed as part of the
4175 * sctp_free_assoc() call.
4179 ipsec_delete_pcbpolicy(ip_pcb);
4182 /* Unlocks not needed since the socket is gone now */
4185 if (ip_pcb->inp_options) {
4186 (void)sctp_m_free(ip_pcb->inp_options);
4187 ip_pcb->inp_options = 0;
4191 #if !(defined(__Panda__) || defined(__Windows__) || defined(__Userspace__))
4192 #if !defined(__FreeBSD__) || __FreeBSD_version < 500000
4195 ip_pcb->inp_route.ro_rt = 0;
4198 #if defined(__FreeBSD__) && __FreeBSD_version < 803000
4200 if (ip_pcb->inp_moptions) {
4201 inp_freemoptions(ip_pcb->inp_moptions);
4202 ip_pcb->inp_moptions = 0;
4209 #if !(defined(__Panda__) || defined(__Windows__) || defined(__Userspace__))
4210 #if defined(__FreeBSD__) || defined(__APPLE__)
4211 if (ip_pcb->inp_vflag & INP_IPV6) {
4213 if (inp->inp_vflag & INP_IPV6) {
4215 struct in6pcb *in6p;
4217 in6p = (struct in6pcb *)inp;
4218 ip6_freepcbopts(in6p->in6p_outputopts);
4222 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__))
4225 ip_pcb->inp_vflag = 0;
4227 /* free up authentication fields */
4228 if (inp->sctp_ep.local_auth_chunks != NULL)
4229 sctp_free_chunklist(inp->sctp_ep.local_auth_chunks);
4230 if (inp->sctp_ep.local_hmacs != NULL)
4231 sctp_free_hmaclist(inp->sctp_ep.local_hmacs);
4233 LIST_FOREACH_SAFE(shared_key, &inp->sctp_ep.shared_keys, next, nshared_key) {
4234 LIST_REMOVE(shared_key, next);
4235 sctp_free_sharedkey(shared_key);
4236 /*sa_ignore FREED_MEMORY*/
4239 #if defined(__APPLE__)
4240 inp->ip_inp.inp.inp_state = INPCB_STATE_DEAD;
4241 if (in_pcb_checkstate(&inp->ip_inp.inp, WNT_STOPUSING, 1) != WNT_STOPUSING) {
4243 panic("sctp_inpcb_free inp = %p couldn't set to STOPUSING\n", (void *)inp);
4245 SCTP_PRINTF("sctp_inpcb_free inp = %p couldn't set to STOPUSING\n", (void *)inp);
4248 inp->ip_inp.inp.inp_socket->so_flags |= SOF_PCBCLEARING;
4251 * if we have an address list the following will free the list of
4252 * ifaddr's that are set into this ep. Again macro limitations here,
4253 * since the LIST_FOREACH could be a bad idea.
4255 LIST_FOREACH_SAFE(laddr, &inp->sctp_addr_list, sctp_nxt_addr, nladdr) {
4256 sctp_remove_laddr(laddr);
4259 #ifdef SCTP_TRACK_FREED_ASOCS
4261 LIST_FOREACH_SAFE(asoc, &inp->sctp_asoc_free_list, sctp_tcblist, nasoc) {
4262 LIST_REMOVE(asoc, sctp_tcblist);
4263 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), asoc);
4264 SCTP_DECR_ASOC_COUNT();
4266 /* *** END TEMP CODE ****/
4269 SCTP_FREE(inp->m_vrf_ids, SCTP_M_MVRF);
4271 /* Now lets see about freeing the EP hash table. */
4272 if (inp->sctp_tcbhash != NULL) {
4273 SCTP_HASH_FREE(inp->sctp_tcbhash, inp->sctp_hashmark);
4274 inp->sctp_tcbhash = NULL;
4276 /* Now we must put the ep memory back into the zone pool */
4277 #if defined(__FreeBSD__)
4278 INP_LOCK_DESTROY(&inp->ip_inp.inp);
4280 SCTP_INP_LOCK_DESTROY(inp);
4281 SCTP_INP_READ_DESTROY(inp);
4282 SCTP_ASOC_CREATE_LOCK_DESTROY(inp);
4283 #if !defined(__APPLE__)
4284 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
4285 SCTP_DECR_EP_COUNT();
4287 /* For Tiger, we will do this later... */
4293 sctp_findnet(struct sctp_tcb *stcb, struct sockaddr *addr)
4295 struct sctp_nets *net;
4296 /* locate the address */
4297 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
4298 if (sctp_cmpaddr(addr, (struct sockaddr *)&net->ro._l_addr))
4306 sctp_is_address_on_local_host(struct sockaddr *addr, uint32_t vrf_id)
4311 struct sctp_ifa *sctp_ifa;
4312 sctp_ifa = sctp_find_ifa_by_addr(addr, vrf_id, SCTP_ADDR_NOT_LOCKED);
4322 * add's a remote endpoint address, done with the INIT/INIT-ACK as well as
4323 * when a ASCONF arrives that adds it. It will also initialize all the cwnd
4327 sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr,
4328 struct sctp_nets **netp, int set_scope, int from)
4331 * The following is redundant to the same lines in the
4332 * sctp_aloc_assoc() but is needed since others call the add
4335 struct sctp_nets *net, *netfirst;
4338 SCTPDBG(SCTP_DEBUG_PCB1, "Adding an address (from:%d) to the peer: ",
4340 SCTPDBG_ADDR(SCTP_DEBUG_PCB1, newaddr);
4342 netfirst = sctp_findnet(stcb, newaddr);
4345 * Lie and return ok, we don't want to make the association
4346 * go away for this behavior. It will happen in the TCP
4347 * model in a connected socket. It does not reach the hash
4348 * table until after the association is built so it can't be
4349 * found. Mark as reachable, since the initial creation will
4350 * have been cleared and the NOT_IN_ASSOC flag will have
4351 * been added... and we don't want to end up removing it
4354 if (netfirst->dest_state & SCTP_ADDR_UNCONFIRMED) {
4355 netfirst->dest_state = (SCTP_ADDR_REACHABLE |
4356 SCTP_ADDR_UNCONFIRMED);
4358 netfirst->dest_state = SCTP_ADDR_REACHABLE;
4364 switch (newaddr->sa_family) {
4368 struct sockaddr_in *sin;
4370 sin = (struct sockaddr_in *)newaddr;
4371 if (sin->sin_addr.s_addr == 0) {
4372 /* Invalid address */
4375 /* zero out the bzero area */
4376 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
4378 /* assure len is set */
4380 sin->sin_len = sizeof(struct sockaddr_in);
4383 #ifdef SCTP_DONT_DO_PRIVADDR_SCOPE
4384 stcb->asoc.scope.ipv4_local_scope = 1;
4386 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) {
4387 stcb->asoc.scope.ipv4_local_scope = 1;
4389 #endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */
4391 /* Validate the address is in scope */
4392 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) &&
4393 (stcb->asoc.scope.ipv4_local_scope == 0)) {
4403 struct sockaddr_in6 *sin6;
4405 sin6 = (struct sockaddr_in6 *)newaddr;
4406 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
4407 /* Invalid address */
4410 /* assure len is set */
4411 #ifdef HAVE_SIN6_LEN
4412 sin6->sin6_len = sizeof(struct sockaddr_in6);
4415 if (sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id)) {
4416 stcb->asoc.scope.loopback_scope = 1;
4417 stcb->asoc.scope.local_scope = 0;
4418 stcb->asoc.scope.ipv4_local_scope = 1;
4419 stcb->asoc.scope.site_scope = 1;
4420 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
4422 * If the new destination is a LINK_LOCAL we
4423 * must have common site scope. Don't set
4424 * the local scope since we may not share
4425 * all links, only loopback can do this.
4426 * Links on the local network would also be
4427 * on our private network for v4 too.
4429 stcb->asoc.scope.ipv4_local_scope = 1;
4430 stcb->asoc.scope.site_scope = 1;
4431 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
4433 * If the new destination is SITE_LOCAL then
4434 * we must have site scope in common.
4436 stcb->asoc.scope.site_scope = 1;
4439 /* Validate the address is in scope */
4440 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) &&
4441 (stcb->asoc.scope.loopback_scope == 0)) {
4443 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) &&
4444 (stcb->asoc.scope.local_scope == 0)) {
4446 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr) &&
4447 (stcb->asoc.scope.site_scope == 0)) {
4454 #if defined(__Userspace__)
4457 struct sockaddr_conn *sconn;
4459 sconn = (struct sockaddr_conn *)newaddr;
4460 if (sconn->sconn_addr == NULL) {
4461 /* Invalid address */
4464 #ifdef HAVE_SCONN_LEN
4465 sconn->sconn_len = sizeof(struct sockaddr_conn);
4471 /* not supported family type */
4474 net = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_net), struct sctp_nets);
4478 SCTP_INCR_RADDR_COUNT();
4479 bzero(net, sizeof(struct sctp_nets));
4480 (void)SCTP_GETTIME_TIMEVAL(&net->start_time);
4482 memcpy(&net->ro._l_addr, newaddr, newaddr->sa_len);
4484 switch (newaddr->sa_family) {
4488 memcpy(&net->ro._l_addr, newaddr, sizeof(struct sockaddr_in));
4490 ((struct sockaddr_in *)&net->ro._l_addr)->sin_port = stcb->rport;
4496 memcpy(&net->ro._l_addr, newaddr, sizeof(struct sockaddr_in6));
4498 ((struct sockaddr_in6 *)&net->ro._l_addr)->sin6_port = stcb->rport;
4501 #if defined(__Userspace__)
4504 memcpy(&net->ro._l_addr, newaddr, sizeof(struct sockaddr_conn));
4506 ((struct sockaddr_conn *)&net->ro._l_addr)->sconn_port = stcb->rport;
4512 net->addr_is_local = sctp_is_address_on_local_host(newaddr, stcb->asoc.vrf_id);
4513 if (net->addr_is_local && ((set_scope || (from == SCTP_ADDR_IS_CONFIRMED)))) {
4514 stcb->asoc.scope.loopback_scope = 1;
4515 stcb->asoc.scope.ipv4_local_scope = 1;
4516 stcb->asoc.scope.local_scope = 0;
4517 stcb->asoc.scope.site_scope = 1;
4520 net->failure_threshold = stcb->asoc.def_net_failure;
4521 net->pf_threshold = stcb->asoc.def_net_pf_threshold;
4522 if (addr_inscope == 0) {
4523 net->dest_state = (SCTP_ADDR_REACHABLE |
4524 SCTP_ADDR_OUT_OF_SCOPE);
4526 if (from == SCTP_ADDR_IS_CONFIRMED)
4527 /* SCTP_ADDR_IS_CONFIRMED is passed by connect_x */
4528 net->dest_state = SCTP_ADDR_REACHABLE;
4530 net->dest_state = SCTP_ADDR_REACHABLE |
4531 SCTP_ADDR_UNCONFIRMED;
4533 /* We set this to 0, the timer code knows that
4534 * this means its an initial value
4536 net->rto_needed = 1;
4538 net->RTO_measured = 0;
4539 stcb->asoc.numnets++;
4541 net->cwr_window_tsn = net->last_cwr_tsn = stcb->asoc.sending_seq - 1;
4542 net->port = stcb->asoc.port;
4543 net->dscp = stcb->asoc.default_dscp;
4545 net->flowlabel = stcb->asoc.default_flowlabel;
4547 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DONOT_HEARTBEAT)) {
4548 net->dest_state |= SCTP_ADDR_NOHB;
4550 net->dest_state &= ~SCTP_ADDR_NOHB;
4552 if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_DO_NOT_PMTUD)) {
4553 net->dest_state |= SCTP_ADDR_NO_PMTUD;
4555 net->dest_state &= ~SCTP_ADDR_NO_PMTUD;
4557 net->heart_beat_delay = stcb->asoc.heart_beat_delay;
4558 /* Init the timer structure */
4559 SCTP_OS_TIMER_INIT(&net->rxt_timer.timer);
4560 SCTP_OS_TIMER_INIT(&net->pmtu_timer.timer);
4561 SCTP_OS_TIMER_INIT(&net->hb_timer.timer);
4563 /* Now generate a route for this guy */
4565 #ifdef SCTP_EMBEDDED_V6_SCOPE
4566 /* KAME hack: embed scopeid */
4567 if (newaddr->sa_family == AF_INET6) {
4568 struct sockaddr_in6 *sin6;
4570 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
4571 #if defined(__APPLE__)
4572 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
4573 (void)in6_embedscope(&sin6->sin6_addr, sin6, &stcb->sctp_ep->ip_inp.inp, NULL);
4575 (void)in6_embedscope(&sin6->sin6_addr, sin6, &stcb->sctp_ep->ip_inp.inp, NULL, NULL);
4577 #elif defined(SCTP_KAME)
4578 (void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
4580 (void)in6_embedscope(&sin6->sin6_addr, sin6);
4582 #ifndef SCOPEDROUTING
4583 sin6->sin6_scope_id = 0;
4586 #endif /* SCTP_EMBEDDED_V6_SCOPE */
4588 SCTP_RTALLOC((sctp_route_t *)&net->ro, stcb->asoc.vrf_id);
4590 #if !defined(__Userspace__)
4591 if (SCTP_ROUTE_HAS_VALID_IFN(&net->ro)) {
4592 /* Get source address */
4593 net->ro._s_addr = sctp_source_address_selection(stcb->sctp_ep,
4595 (sctp_route_t *)&net->ro,
4599 /* Now get the interface MTU */
4600 if (net->ro._s_addr && net->ro._s_addr->ifn_p) {
4601 net->mtu = SCTP_GATHER_MTU_FROM_INTFC(net->ro._s_addr->ifn_p);
4606 rmtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, net->ro.ro_rt);
4608 /* Start things off to match mtu of interface please. */
4609 SCTP_SET_MTU_OF_ROUTE(&net->ro._l_addr.sa,
4610 net->ro.ro_rt, net->mtu);
4612 /* we take the route mtu over the interface, since
4613 * the route may be leading out the loopback, or
4614 * a different interface.
4621 if (net->mtu == 0) {
4622 switch (newaddr->sa_family) {
4625 net->mtu = SCTP_DEFAULT_MTU;
4633 #if defined(__Userspace__)
4643 net->mtu -= (uint32_t)sizeof(struct udphdr);
4645 if (from == SCTP_ALLOC_ASOC) {
4646 stcb->asoc.smallest_mtu = net->mtu;
4648 if (stcb->asoc.smallest_mtu > net->mtu) {
4649 stcb->asoc.smallest_mtu = net->mtu;
4652 #ifdef SCTP_EMBEDDED_V6_SCOPE
4653 if (newaddr->sa_family == AF_INET6) {
4654 struct sockaddr_in6 *sin6;
4656 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
4658 (void)sa6_recoverscope(sin6);
4660 (void)in6_recoverscope(sin6, &sin6->sin6_addr, NULL);
4661 #endif /* SCTP_KAME */
4663 #endif /* SCTP_EMBEDDED_V6_SCOPE */
4666 /* JRS - Use the congestion control given in the CC module */
4667 if (stcb->asoc.cc_functions.sctp_set_initial_cc_param != NULL)
4668 (*stcb->asoc.cc_functions.sctp_set_initial_cc_param)(stcb, net);
4671 * CMT: CUC algo - set find_pseudo_cumack to TRUE (1) at beginning
4672 * of assoc (2005/06/27, iyengar@cis.udel.edu)
4674 net->find_pseudo_cumack = 1;
4675 net->find_rtx_pseudo_cumack = 1;
4676 net->src_addr_selected = 0;
4677 #if defined(__FreeBSD__)
4678 /* Choose an initial flowid. */
4679 net->flowid = stcb->asoc.my_vtag ^
4680 ntohs(stcb->rport) ^
4681 ntohs(stcb->sctp_ep->sctp_lport);
4689 netfirst = TAILQ_FIRST(&stcb->asoc.nets);
4690 if (net->ro.ro_rt == NULL) {
4691 /* Since we have no route put it at the back */
4692 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next);
4693 } else if (netfirst == NULL) {
4694 /* We are the first one in the pool. */
4695 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
4696 } else if (netfirst->ro.ro_rt == NULL) {
4698 * First one has NO route. Place this one ahead of the first
4701 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
4703 } else if (net->ro.ro_rt->rt_ifp != netfirst->ro.ro_rt->rt_ifp) {
4705 * This one has a different interface than the one at the
4706 * top of the list. Place it ahead.
4708 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
4712 * Ok we have the same interface as the first one. Move
4713 * forward until we find either a) one with a NULL route...
4714 * insert ahead of that b) one with a different ifp.. insert
4715 * after that. c) end of the list.. insert at the tail.
4717 struct sctp_nets *netlook;
4720 netlook = TAILQ_NEXT(netfirst, sctp_next);
4721 if (netlook == NULL) {
4722 /* End of the list */
4723 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next);
4725 } else if (netlook->ro.ro_rt == NULL) {
4726 /* next one has NO route */
4727 TAILQ_INSERT_BEFORE(netfirst, net, sctp_next);
4731 else if (netlook->ro.ro_rt->rt_ifp != net->ro.ro_rt->rt_ifp)
4736 TAILQ_INSERT_AFTER(&stcb->asoc.nets, netlook,
4744 } while (netlook != NULL);
4747 /* got to have a primary set */
4748 if (stcb->asoc.primary_destination == 0) {
4749 stcb->asoc.primary_destination = net;
4750 } else if ((stcb->asoc.primary_destination->ro.ro_rt == NULL) &&
4752 ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0)) {
4753 /* No route to current primary adopt new primary */
4754 stcb->asoc.primary_destination = net;
4756 /* Validate primary is first */
4757 net = TAILQ_FIRST(&stcb->asoc.nets);
4758 if ((net != stcb->asoc.primary_destination) &&
4759 (stcb->asoc.primary_destination)) {
4760 /* first one on the list is NOT the primary
4761 * sctp_cmpaddr() is much more efficient if
4762 * the primary is the first on the list, make it
4765 TAILQ_REMOVE(&stcb->asoc.nets,
4766 stcb->asoc.primary_destination, sctp_next);
4767 TAILQ_INSERT_HEAD(&stcb->asoc.nets,
4768 stcb->asoc.primary_destination, sctp_next);
4775 sctp_aloc_a_assoc_id(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
4778 struct sctpasochead *head;
4779 struct sctp_tcb *lstcb;
4781 SCTP_INP_WLOCK(inp);
4783 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
4785 SCTP_INP_WUNLOCK(inp);
4789 * We don't allow assoc id to be one of SCTP_FUTURE_ASSOC,
4790 * SCTP_CURRENT_ASSOC and SCTP_ALL_ASSOC.
4792 if (inp->sctp_associd_counter <= SCTP_ALL_ASSOC) {
4793 inp->sctp_associd_counter = SCTP_ALL_ASSOC + 1;
4795 id = inp->sctp_associd_counter;
4796 inp->sctp_associd_counter++;
4797 lstcb = sctp_findasoc_ep_asocid_locked(inp, (sctp_assoc_t)id, 0);
4801 head = &inp->sctp_asocidhash[SCTP_PCBHASH_ASOC(id, inp->hashasocidmark)];
4802 LIST_INSERT_HEAD(head, stcb, sctp_tcbasocidhash);
4803 stcb->asoc.in_asocid_hash = 1;
4804 SCTP_INP_WUNLOCK(inp);
4809 * allocate an association and add it to the endpoint. The caller must be
4810 * careful to add all additional addresses once they are know right away or
4811 * else the assoc will be may experience a blackout scenario.
4814 sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
4815 int *error, uint32_t override_tag, uint32_t vrf_id,
4816 #if defined(__FreeBSD__) && __FreeBSD_version >= 500000
4818 #elif defined(__Windows__)
4821 #if defined(__Userspace__)
4822 /* __Userspace__ NULL proc is going to be passed here. See sctp_lower_sosend */
4828 /* note the p argument is only valid in unbound sockets */
4830 struct sctp_tcb *stcb;
4831 struct sctp_association *asoc;
4832 struct sctpasochead *head;
4837 * Assumption made here: Caller has done a
4838 * sctp_findassociation_ep_addr(ep, addr's); to make sure the
4839 * address does not exist already.
4841 if (SCTP_BASE_INFO(ipi_count_asoc) >= SCTP_MAX_NUM_OF_ASOC) {
4842 /* Hit max assoc, sorry no more */
4843 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
4847 if (firstaddr == NULL) {
4848 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4852 SCTP_INP_RLOCK(inp);
4853 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) &&
4854 ((sctp_is_feature_off(inp, SCTP_PCB_FLAGS_PORTREUSE)) ||
4855 (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED))) {
4857 * If its in the TCP pool, its NOT allowed to create an
4858 * association. The parent listener needs to call
4859 * sctp_aloc_assoc.. or the one-2-many socket. If a peeled
4860 * off, or connected one does this.. its an error.
4862 SCTP_INP_RUNLOCK(inp);
4863 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4867 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) ||
4868 (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE)) {
4869 if ((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) ||
4870 (inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED)) {
4871 SCTP_INP_RUNLOCK(inp);
4872 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4877 SCTPDBG(SCTP_DEBUG_PCB3, "Allocate an association for peer:");
4880 SCTPDBG_ADDR(SCTP_DEBUG_PCB3, firstaddr);
4881 switch (firstaddr->sa_family) {
4884 SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n",
4885 ntohs(((struct sockaddr_in *)firstaddr)->sin_port));
4890 SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n",
4891 ntohs(((struct sockaddr_in6 *)firstaddr)->sin6_port));
4894 #if defined(__Userspace__)
4896 SCTPDBG(SCTP_DEBUG_PCB3, "Port:%d\n",
4897 ntohs(((struct sockaddr_conn *)firstaddr)->sconn_port));
4904 SCTPDBG(SCTP_DEBUG_PCB3,"None\n");
4906 #endif /* SCTP_DEBUG */
4907 switch (firstaddr->sa_family) {
4911 struct sockaddr_in *sin;
4913 sin = (struct sockaddr_in *)firstaddr;
4914 if ((ntohs(sin->sin_port) == 0) ||
4915 (sin->sin_addr.s_addr == INADDR_ANY) ||
4916 (sin->sin_addr.s_addr == INADDR_BROADCAST) ||
4917 IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) {
4918 /* Invalid address */
4919 SCTP_INP_RUNLOCK(inp);
4920 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4924 rport = sin->sin_port;
4931 struct sockaddr_in6 *sin6;
4933 sin6 = (struct sockaddr_in6 *)firstaddr;
4934 if ((ntohs(sin6->sin6_port) == 0) ||
4935 IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) ||
4936 IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
4937 /* Invalid address */
4938 SCTP_INP_RUNLOCK(inp);
4939 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4943 rport = sin6->sin6_port;
4947 #if defined(__Userspace__)
4950 struct sockaddr_conn *sconn;
4952 sconn = (struct sockaddr_conn *)firstaddr;
4953 if ((ntohs(sconn->sconn_port) == 0) ||
4954 (sconn->sconn_addr == NULL)) {
4955 /* Invalid address */
4956 SCTP_INP_RUNLOCK(inp);
4957 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4961 rport = sconn->sconn_port;
4966 /* not supported family type */
4967 SCTP_INP_RUNLOCK(inp);
4968 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
4972 SCTP_INP_RUNLOCK(inp);
4973 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) {
4975 * If you have not performed a bind, then we need to do the
4976 * ephemeral bind for you.
4978 if ((err = sctp_inpcb_bind(inp->sctp_socket,
4979 (struct sockaddr *)NULL,
4980 (struct sctp_ifa *)NULL,
4987 /* bind error, probably perm */
4992 stcb = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_asoc), struct sctp_tcb);
4994 /* out of memory? */
4995 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM);
4999 SCTP_INCR_ASOC_COUNT();
5001 bzero(stcb, sizeof(*stcb));
5004 asoc->assoc_id = sctp_aloc_a_assoc_id(inp, stcb);
5005 SCTP_TCB_LOCK_INIT(stcb);
5006 SCTP_TCB_SEND_LOCK_INIT(stcb);
5007 stcb->rport = rport;
5008 /* setup back pointer's */
5009 stcb->sctp_ep = inp;
5010 stcb->sctp_socket = inp->sctp_socket;
5011 if ((err = sctp_init_asoc(inp, stcb, override_tag, vrf_id))) {
5013 SCTP_TCB_LOCK_DESTROY(stcb);
5014 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
5015 LIST_REMOVE(stcb, sctp_tcbasocidhash);
5016 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
5017 SCTP_DECR_ASOC_COUNT();
5022 SCTP_INP_INFO_WLOCK();
5023 SCTP_INP_WLOCK(inp);
5024 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
5025 /* inpcb freed while alloc going on */
5026 SCTP_TCB_LOCK_DESTROY(stcb);
5027 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
5028 LIST_REMOVE(stcb, sctp_tcbasocidhash);
5029 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
5030 SCTP_INP_WUNLOCK(inp);
5031 SCTP_INP_INFO_WUNLOCK();
5032 SCTP_DECR_ASOC_COUNT();
5033 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
5037 SCTP_TCB_LOCK(stcb);
5039 /* now that my_vtag is set, add it to the hash */
5040 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag, SCTP_BASE_INFO(hashasocmark))];
5041 /* put it in the bucket in the vtag hash of assoc's for the system */
5042 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
5043 SCTP_INP_INFO_WUNLOCK();
5045 if ((err = sctp_add_remote_addr(stcb, firstaddr, NULL, SCTP_DO_SETSCOPE, SCTP_ALLOC_ASOC))) {
5046 /* failure.. memory error? */
5047 if (asoc->strmout) {
5048 SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
5049 asoc->strmout = NULL;
5051 if (asoc->mapping_array) {
5052 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP);
5053 asoc->mapping_array = NULL;
5055 if (asoc->nr_mapping_array) {
5056 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP);
5057 asoc->nr_mapping_array = NULL;
5059 SCTP_DECR_ASOC_COUNT();
5060 SCTP_TCB_UNLOCK(stcb);
5061 SCTP_TCB_LOCK_DESTROY(stcb);
5062 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
5063 LIST_REMOVE(stcb, sctp_tcbasocidhash);
5064 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
5065 SCTP_INP_WUNLOCK(inp);
5066 SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
5070 /* Init all the timers */
5071 SCTP_OS_TIMER_INIT(&asoc->dack_timer.timer);
5072 SCTP_OS_TIMER_INIT(&asoc->strreset_timer.timer);
5073 SCTP_OS_TIMER_INIT(&asoc->asconf_timer.timer);
5074 SCTP_OS_TIMER_INIT(&asoc->shut_guard_timer.timer);
5075 SCTP_OS_TIMER_INIT(&asoc->autoclose_timer.timer);
5076 SCTP_OS_TIMER_INIT(&asoc->delayed_event_timer.timer);
5077 SCTP_OS_TIMER_INIT(&asoc->delete_prim_timer.timer);
5079 LIST_INSERT_HEAD(&inp->sctp_asoc_list, stcb, sctp_tcblist);
5080 /* now file the port under the hash as well */
5081 if (inp->sctp_tcbhash != NULL) {
5082 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(stcb->rport,
5083 inp->sctp_hashmark)];
5084 LIST_INSERT_HEAD(head, stcb, sctp_tcbhash);
5086 SCTP_INP_WUNLOCK(inp);
5087 SCTPDBG(SCTP_DEBUG_PCB1, "Association %p now allocated\n", (void *)stcb);
5093 sctp_remove_net(struct sctp_tcb *stcb, struct sctp_nets *net)
5095 struct sctp_association *asoc;
5099 TAILQ_REMOVE(&asoc->nets, net, sctp_next);
5100 if (net == asoc->primary_destination) {
5102 struct sctp_nets *lnet;
5104 lnet = TAILQ_FIRST(&asoc->nets);
5105 /* Mobility adaptation
5106 Ideally, if deleted destination is the primary, it becomes
5107 a fast retransmission trigger by the subsequent SET PRIMARY.
5110 if (sctp_is_mobility_feature_on(stcb->sctp_ep,
5111 SCTP_MOBILITY_BASE) ||
5112 sctp_is_mobility_feature_on(stcb->sctp_ep,
5113 SCTP_MOBILITY_FASTHANDOFF)) {
5114 SCTPDBG(SCTP_DEBUG_ASCONF1, "remove_net: primary dst is deleting\n");
5115 if (asoc->deleted_primary != NULL) {
5116 SCTPDBG(SCTP_DEBUG_ASCONF1, "remove_net: deleted primary may be already stored\n");
5119 asoc->deleted_primary = net;
5120 atomic_add_int(&net->ref_count, 1);
5121 memset(&net->lastsa, 0, sizeof(net->lastsa));
5122 memset(&net->lastsv, 0, sizeof(net->lastsv));
5123 sctp_mobility_feature_on(stcb->sctp_ep,
5124 SCTP_MOBILITY_PRIM_DELETED);
5125 sctp_timer_start(SCTP_TIMER_TYPE_PRIM_DELETED,
5126 stcb->sctp_ep, stcb, NULL);
5129 /* Try to find a confirmed primary */
5130 asoc->primary_destination = sctp_find_alternate_net(stcb, lnet, 0);
5132 if (net == asoc->last_data_chunk_from) {
5134 asoc->last_data_chunk_from = TAILQ_FIRST(&asoc->nets);
5136 if (net == asoc->last_control_chunk_from) {
5138 asoc->last_control_chunk_from = NULL;
5140 if (net == stcb->asoc.alternate) {
5141 sctp_free_remote_addr(stcb->asoc.alternate);
5142 stcb->asoc.alternate = NULL;
5144 sctp_free_remote_addr(net);
5148 * remove a remote endpoint address from an association, it will fail if the
5149 * address does not exist.
5152 sctp_del_remote_addr(struct sctp_tcb *stcb, struct sockaddr *remaddr)
5155 * Here we need to remove a remote address. This is quite simple, we
5156 * first find it in the list of address for the association
5157 * (tasoc->asoc.nets) and then if it is there, we do a LIST_REMOVE
5158 * on that item. Note we do not allow it to be removed if there are
5159 * no other addresses.
5161 struct sctp_association *asoc;
5162 struct sctp_nets *net, *nnet;
5166 /* locate the address */
5167 TAILQ_FOREACH_SAFE(net, &asoc->nets, sctp_next, nnet) {
5168 if (net->ro._l_addr.sa.sa_family != remaddr->sa_family) {
5171 if (sctp_cmpaddr((struct sockaddr *)&net->ro._l_addr,
5173 /* we found the guy */
5174 if (asoc->numnets < 2) {
5175 /* Must have at LEAST two remote addresses */
5178 sctp_remove_net(stcb, net);
5188 sctp_delete_from_timewait(uint32_t tag, uint16_t lport, uint16_t rport)
5190 struct sctpvtaghead *chain;
5191 struct sctp_tagblock *twait_block;
5195 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
5196 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
5197 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
5198 if ((twait_block->vtag_block[i].v_tag == tag) &&
5199 (twait_block->vtag_block[i].lport == lport) &&
5200 (twait_block->vtag_block[i].rport == rport)) {
5201 twait_block->vtag_block[i].tv_sec_at_expire = 0;
5202 twait_block->vtag_block[i].v_tag = 0;
5203 twait_block->vtag_block[i].lport = 0;
5204 twait_block->vtag_block[i].rport = 0;
5215 sctp_is_in_timewait(uint32_t tag, uint16_t lport, uint16_t rport)
5217 struct sctpvtaghead *chain;
5218 struct sctp_tagblock *twait_block;
5222 SCTP_INP_INFO_WLOCK();
5223 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
5224 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
5225 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
5226 if ((twait_block->vtag_block[i].v_tag == tag) &&
5227 (twait_block->vtag_block[i].lport == lport) &&
5228 (twait_block->vtag_block[i].rport == rport)) {
5236 SCTP_INP_INFO_WUNLOCK();
5242 sctp_add_vtag_to_timewait(uint32_t tag, uint32_t time, uint16_t lport, uint16_t rport)
5244 struct sctpvtaghead *chain;
5245 struct sctp_tagblock *twait_block;
5253 (void)SCTP_GETTIME_TIMEVAL(&now);
5254 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
5256 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
5257 /* Block(s) present, lets find space, and expire on the fly */
5258 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
5259 if ((twait_block->vtag_block[i].v_tag == 0) &&
5261 twait_block->vtag_block[i].tv_sec_at_expire =
5263 twait_block->vtag_block[i].v_tag = tag;
5264 twait_block->vtag_block[i].lport = lport;
5265 twait_block->vtag_block[i].rport = rport;
5267 } else if ((twait_block->vtag_block[i].v_tag) &&
5268 ((long)twait_block->vtag_block[i].tv_sec_at_expire < now.tv_sec)) {
5269 /* Audit expires this guy */
5270 twait_block->vtag_block[i].tv_sec_at_expire = 0;
5271 twait_block->vtag_block[i].v_tag = 0;
5272 twait_block->vtag_block[i].lport = 0;
5273 twait_block->vtag_block[i].rport = 0;
5275 /* Reuse it for my new tag */
5276 twait_block->vtag_block[i].tv_sec_at_expire = now.tv_sec + time;
5277 twait_block->vtag_block[i].v_tag = tag;
5278 twait_block->vtag_block[i].lport = lport;
5279 twait_block->vtag_block[i].rport = rport;
5286 * We only do up to the block where we can
5287 * place our tag for audits
5292 /* Need to add a new block to chain */
5294 SCTP_MALLOC(twait_block, struct sctp_tagblock *,
5295 sizeof(struct sctp_tagblock), SCTP_M_TIMW);
5296 if (twait_block == NULL) {
5298 panic("Can not alloc tagblock");
5302 memset(twait_block, 0, sizeof(struct sctp_tagblock));
5303 LIST_INSERT_HEAD(chain, twait_block, sctp_nxt_tagblock);
5304 twait_block->vtag_block[0].tv_sec_at_expire = now.tv_sec + time;
5305 twait_block->vtag_block[0].v_tag = tag;
5306 twait_block->vtag_block[0].lport = lport;
5307 twait_block->vtag_block[0].rport = rport;
5313 void panda_wakeup_socket(struct socket *so);
5317 * Free the association after un-hashing the remote port. This
5318 * function ALWAYS returns holding NO LOCK on the stcb. It DOES
5319 * expect that the input to this function IS a locked TCB.
5320 * It will return 0, if it did NOT destroy the association (instead
5321 * it unlocks it. It will return NON-zero if it either destroyed the
5322 * association OR the association is already destroyed.
5325 sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int from_inpcbfree, int from_location)
5328 struct sctp_association *asoc;
5329 struct sctp_nets *net, *nnet;
5330 struct sctp_laddr *laddr, *naddr;
5331 struct sctp_tmit_chunk *chk, *nchk;
5332 struct sctp_asconf_addr *aparam, *naparam;
5333 struct sctp_asconf_ack *aack, *naack;
5334 struct sctp_stream_reset_list *strrst, *nstrrst;
5335 struct sctp_queued_to_read *sq, *nsq;
5336 struct sctp_stream_queue_pending *sp, *nsp;
5337 sctp_sharedkey_t *shared_key, *nshared_key;
5340 /* first, lets purge the entry from the hash table. */
5341 #if defined(__APPLE__)
5342 sctp_lock_assert(SCTP_INP_SO(inp));
5345 #ifdef SCTP_LOG_CLOSING
5346 sctp_log_closing(inp, stcb, 6);
5348 if (stcb->asoc.state == 0) {
5349 #ifdef SCTP_LOG_CLOSING
5350 sctp_log_closing(inp, NULL, 7);
5352 /* there is no asoc, really TSNH :-0 */
5355 if (stcb->asoc.alternate) {
5356 sctp_free_remote_addr(stcb->asoc.alternate);
5357 stcb->asoc.alternate = NULL;
5359 #if !defined(__APPLE__) /* TEMP: moved to below */
5361 if (stcb->freed_from_where == 0) {
5362 /* Only record the first place free happened from */
5363 stcb->freed_from_where = from_location;
5369 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
5370 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
5371 /* nothing around */
5374 so = inp->sctp_socket;
5377 * We used timer based freeing if a reader or writer is in the way.
5378 * So we first check if we are actually being called from a timer,
5379 * if so we abort early if a reader or writer is still in the way.
5381 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) &&
5382 (from_inpcbfree == SCTP_NORMAL_PROC)) {
5384 * is it the timer driving us? if so are the reader/writers
5387 if (stcb->asoc.refcnt) {
5388 /* nope, reader or writer in the way */
5389 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
5390 /* no asoc destroyed */
5391 SCTP_TCB_UNLOCK(stcb);
5392 #ifdef SCTP_LOG_CLOSING
5393 sctp_log_closing(inp, stcb, 8);
5398 /* now clean up any other timers */
5399 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer);
5400 asoc->dack_timer.self = NULL;
5401 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer);
5403 * For stream reset we don't blast this unless
5404 * it is a str-reset timer, it might be the
5405 * free-asoc timer which we DON'T want to
5408 if (asoc->strreset_timer.type == SCTP_TIMER_TYPE_STRRESET)
5409 asoc->strreset_timer.self = NULL;
5410 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer);
5411 asoc->asconf_timer.self = NULL;
5412 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer);
5413 asoc->autoclose_timer.self = NULL;
5414 (void)SCTP_OS_TIMER_STOP(&asoc->shut_guard_timer.timer);
5415 asoc->shut_guard_timer.self = NULL;
5416 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer);
5417 asoc->delayed_event_timer.self = NULL;
5418 /* Mobility adaptation */
5419 (void)SCTP_OS_TIMER_STOP(&asoc->delete_prim_timer.timer);
5420 asoc->delete_prim_timer.self = NULL;
5421 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5422 (void)SCTP_OS_TIMER_STOP(&net->rxt_timer.timer);
5423 net->rxt_timer.self = NULL;
5424 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer);
5425 net->pmtu_timer.self = NULL;
5426 (void)SCTP_OS_TIMER_STOP(&net->hb_timer.timer);
5427 net->hb_timer.self = NULL;
5429 /* Now the read queue needs to be cleaned up (only once) */
5430 if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0) {
5431 stcb->asoc.state |= SCTP_STATE_ABOUT_TO_BE_FREED;
5432 SCTP_INP_READ_LOCK(inp);
5433 TAILQ_FOREACH(sq, &inp->read_queue, next) {
5434 if (sq->stcb == stcb) {
5435 sq->do_not_ref_stcb = 1;
5436 sq->sinfo_cumtsn = stcb->asoc.cumulative_tsn;
5437 /* If there is no end, there never
5440 if (sq->end_added == 0) {
5441 /* Held for PD-API clear that. */
5442 sq->pdapi_aborted = 1;
5443 sq->held_length = 0;
5444 if (sctp_stcb_is_feature_on(inp, stcb, SCTP_PCB_FLAGS_PDAPIEVNT) && (so != NULL)) {
5446 * Need to add a PD-API aborted indication.
5447 * Setting the control_pdapi assures that it will
5448 * be added right after this msg.
5451 stcb->asoc.control_pdapi = sq;
5452 strseq = (sq->sinfo_stream << 16) | sq->sinfo_ssn;
5453 sctp_ulp_notify(SCTP_NOTIFY_PARTIAL_DELVIERY_INDICATION,
5455 SCTP_PARTIAL_DELIVERY_ABORTED,
5458 stcb->asoc.control_pdapi = NULL;
5461 /* Add an end to wake them */
5465 SCTP_INP_READ_UNLOCK(inp);
5466 if (stcb->block_entry) {
5467 SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_PCB, ECONNRESET);
5468 stcb->block_entry->error = ECONNRESET;
5469 stcb->block_entry = NULL;
5472 if ((stcb->asoc.refcnt) || (stcb->asoc.state & SCTP_STATE_IN_ACCEPT_QUEUE)) {
5473 /* Someone holds a reference OR the socket is unaccepted yet.
5475 if ((stcb->asoc.refcnt) ||
5476 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
5477 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) {
5478 stcb->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE;
5479 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
5481 SCTP_TCB_UNLOCK(stcb);
5482 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
5483 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
5484 /* nothing around */
5487 /* Wake any reader/writers */
5488 sctp_sorwakeup(inp, so);
5489 sctp_sowwakeup(inp, so);
5492 #ifdef SCTP_LOG_CLOSING
5493 sctp_log_closing(inp, stcb, 9);
5495 /* no asoc destroyed */
5498 #ifdef SCTP_LOG_CLOSING
5499 sctp_log_closing(inp, stcb, 10);
5501 /* When I reach here, no others want
5502 * to kill the assoc yet.. and I own
5503 * the lock. Now its possible an abort
5504 * comes in when I do the lock exchange
5505 * below to grab all the locks to do
5506 * the final take out. to prevent this
5507 * we increment the count, which will
5508 * start a timer and blow out above thus
5509 * assuring us that we hold exclusive
5510 * killing of the asoc. Note that
5511 * after getting back the TCB lock
5512 * we will go ahead and increment the
5513 * counter back up and stop any timer
5514 * a passing stranger may have started :-S
5516 if (from_inpcbfree == SCTP_NORMAL_PROC) {
5517 atomic_add_int(&stcb->asoc.refcnt, 1);
5519 SCTP_TCB_UNLOCK(stcb);
5520 SCTP_INP_INFO_WLOCK();
5521 SCTP_INP_WLOCK(inp);
5522 SCTP_TCB_LOCK(stcb);
5524 /* Double check the GONE flag */
5525 if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
5526 (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE))
5527 /* nothing around */
5530 if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
5531 (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
5533 * For TCP type we need special handling when we are
5534 * connected. We also include the peel'ed off ones to.
5536 if (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) {
5537 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CONNECTED;
5538 inp->sctp_flags |= SCTP_PCB_FLAGS_WAS_CONNECTED;
5541 if (so->so_rcv.sb_cc == 0) {
5542 so->so_state &= ~(SS_ISCONNECTING |
5543 SS_ISDISCONNECTING |
5547 #if defined(__APPLE__)
5550 socantrcvmore_locked(so);
5552 sctp_sowwakeup(inp, so);
5553 sctp_sorwakeup(inp, so);
5559 /* Make it invalid too, that way if its
5560 * about to run it will abort and return.
5562 /* re-increment the lock */
5563 if (from_inpcbfree == SCTP_NORMAL_PROC) {
5564 atomic_add_int(&stcb->asoc.refcnt, -1);
5566 if (stcb->asoc.refcnt) {
5567 stcb->asoc.state &= ~SCTP_STATE_IN_ACCEPT_QUEUE;
5568 sctp_timer_start(SCTP_TIMER_TYPE_ASOCKILL, inp, stcb, NULL);
5569 if (from_inpcbfree == SCTP_NORMAL_PROC) {
5570 SCTP_INP_INFO_WUNLOCK();
5571 SCTP_INP_WUNLOCK(inp);
5573 SCTP_TCB_UNLOCK(stcb);
5577 if (inp->sctp_tcbhash) {
5578 LIST_REMOVE(stcb, sctp_tcbhash);
5580 if (stcb->asoc.in_asocid_hash) {
5581 LIST_REMOVE(stcb, sctp_tcbasocidhash);
5583 /* Now lets remove it from the list of ALL associations in the EP */
5584 LIST_REMOVE(stcb, sctp_tcblist);
5585 if (from_inpcbfree == SCTP_NORMAL_PROC) {
5586 SCTP_INP_INCR_REF(inp);
5587 SCTP_INP_WUNLOCK(inp);
5589 /* pull from vtag hash */
5590 LIST_REMOVE(stcb, sctp_asocs);
5591 sctp_add_vtag_to_timewait(asoc->my_vtag, SCTP_BASE_SYSCTL(sctp_vtag_time_wait),
5592 inp->sctp_lport, stcb->rport);
5594 /* Now restop the timers to be sure
5595 * this is paranoia at is finest!
5597 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer);
5598 (void)SCTP_OS_TIMER_STOP(&asoc->dack_timer.timer);
5599 (void)SCTP_OS_TIMER_STOP(&asoc->strreset_timer.timer);
5600 (void)SCTP_OS_TIMER_STOP(&asoc->asconf_timer.timer);
5601 (void)SCTP_OS_TIMER_STOP(&asoc->shut_guard_timer.timer);
5602 (void)SCTP_OS_TIMER_STOP(&asoc->autoclose_timer.timer);
5603 (void)SCTP_OS_TIMER_STOP(&asoc->delayed_event_timer.timer);
5604 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
5605 (void)SCTP_OS_TIMER_STOP(&net->rxt_timer.timer);
5606 (void)SCTP_OS_TIMER_STOP(&net->pmtu_timer.timer);
5607 (void)SCTP_OS_TIMER_STOP(&net->hb_timer.timer);
5610 asoc->strreset_timer.type = SCTP_TIMER_TYPE_NONE;
5612 * The chunk lists and such SHOULD be empty but we check them just
5615 /* anything on the wheel needs to be removed */
5616 for (i = 0; i < asoc->streamoutcnt; i++) {
5617 struct sctp_stream_out *outs;
5619 outs = &asoc->strmout[i];
5620 /* now clean up any chunks here */
5621 TAILQ_FOREACH_SAFE(sp, &outs->outqueue, next, nsp) {
5622 TAILQ_REMOVE(&outs->outqueue, sp, next);
5623 sctp_free_spbufspace(stcb, asoc, sp);
5626 /* Still an open socket - report */
5627 sctp_ulp_notify(SCTP_NOTIFY_SPECIAL_SP_FAIL, stcb,
5628 0, (void *)sp, SCTP_SO_LOCKED);
5631 sctp_m_freem(sp->data);
5633 sp->tail_mbuf = NULL;
5638 sctp_free_remote_addr(sp->net);
5641 sctp_free_a_strmoq(stcb, sp, SCTP_SO_LOCKED);
5644 /*sa_ignore FREED_MEMORY*/
5645 TAILQ_FOREACH_SAFE(strrst, &asoc->resetHead, next_resp, nstrrst) {
5646 TAILQ_REMOVE(&asoc->resetHead, strrst, next_resp);
5647 SCTP_FREE(strrst, SCTP_M_STRESET);
5649 TAILQ_FOREACH_SAFE(sq, &asoc->pending_reply_queue, next, nsq) {
5650 TAILQ_REMOVE(&asoc->pending_reply_queue, sq, next);
5652 sctp_m_freem(sq->data);
5655 sctp_free_remote_addr(sq->whoFrom);
5658 /* Free the ctl entry */
5659 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), sq);
5660 SCTP_DECR_READQ_COUNT();
5661 /*sa_ignore FREED_MEMORY*/
5663 TAILQ_FOREACH_SAFE(chk, &asoc->free_chunks, sctp_next, nchk) {
5664 TAILQ_REMOVE(&asoc->free_chunks, chk, sctp_next);
5666 sctp_m_freem(chk->data);
5669 if (chk->holds_key_ref)
5670 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
5671 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
5672 SCTP_DECR_CHK_COUNT();
5673 atomic_subtract_int(&SCTP_BASE_INFO(ipi_free_chunks), 1);
5674 asoc->free_chunk_cnt--;
5675 /*sa_ignore FREED_MEMORY*/
5677 /* pending send queue SHOULD be empty */
5678 TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) {
5679 if (asoc->strmout[chk->rec.data.stream_number].chunks_on_queues > 0) {
5680 asoc->strmout[chk->rec.data.stream_number].chunks_on_queues--;
5683 panic("No chunks on the queues for sid %u.", chk->rec.data.stream_number);
5686 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next);
5689 /* Still a socket? */
5690 sctp_ulp_notify(SCTP_NOTIFY_UNSENT_DG_FAIL, stcb,
5691 0, chk, SCTP_SO_LOCKED);
5694 sctp_m_freem(chk->data);
5698 if (chk->holds_key_ref)
5699 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
5701 sctp_free_remote_addr(chk->whoTo);
5704 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
5705 SCTP_DECR_CHK_COUNT();
5706 /*sa_ignore FREED_MEMORY*/
5708 /* sent queue SHOULD be empty */
5709 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) {
5710 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) {
5711 if (asoc->strmout[chk->rec.data.stream_number].chunks_on_queues > 0) {
5712 asoc->strmout[chk->rec.data.stream_number].chunks_on_queues--;
5715 panic("No chunks on the queues for sid %u.", chk->rec.data.stream_number);
5719 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
5722 /* Still a socket? */
5723 sctp_ulp_notify(SCTP_NOTIFY_SENT_DG_FAIL, stcb,
5724 0, chk, SCTP_SO_LOCKED);
5727 sctp_m_freem(chk->data);
5731 if (chk->holds_key_ref)
5732 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
5733 sctp_free_remote_addr(chk->whoTo);
5734 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
5735 SCTP_DECR_CHK_COUNT();
5736 /*sa_ignore FREED_MEMORY*/
5739 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
5740 if (stcb->asoc.strmout[i].chunks_on_queues > 0) {
5741 panic("%u chunks left for stream %u.", stcb->asoc.strmout[i].chunks_on_queues, i);
5745 /* control queue MAY not be empty */
5746 TAILQ_FOREACH_SAFE(chk, &asoc->control_send_queue, sctp_next, nchk) {
5747 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
5749 sctp_m_freem(chk->data);
5752 if (chk->holds_key_ref)
5753 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
5754 sctp_free_remote_addr(chk->whoTo);
5755 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
5756 SCTP_DECR_CHK_COUNT();
5757 /*sa_ignore FREED_MEMORY*/
5759 /* ASCONF queue MAY not be empty */
5760 TAILQ_FOREACH_SAFE(chk, &asoc->asconf_send_queue, sctp_next, nchk) {
5761 TAILQ_REMOVE(&asoc->asconf_send_queue, chk, sctp_next);
5763 sctp_m_freem(chk->data);
5766 if (chk->holds_key_ref)
5767 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
5768 sctp_free_remote_addr(chk->whoTo);
5769 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
5770 SCTP_DECR_CHK_COUNT();
5771 /*sa_ignore FREED_MEMORY*/
5773 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
5774 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
5776 sctp_m_freem(chk->data);
5779 if (chk->holds_key_ref)
5780 sctp_auth_key_release(stcb, chk->auth_keyid, SCTP_SO_LOCKED);
5781 sctp_free_remote_addr(chk->whoTo);
5782 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_chunk), chk);
5783 SCTP_DECR_CHK_COUNT();
5784 /*sa_ignore FREED_MEMORY*/
5787 if (asoc->mapping_array) {
5788 SCTP_FREE(asoc->mapping_array, SCTP_M_MAP);
5789 asoc->mapping_array = NULL;
5791 if (asoc->nr_mapping_array) {
5792 SCTP_FREE(asoc->nr_mapping_array, SCTP_M_MAP);
5793 asoc->nr_mapping_array = NULL;
5795 /* the stream outs */
5796 if (asoc->strmout) {
5797 SCTP_FREE(asoc->strmout, SCTP_M_STRMO);
5798 asoc->strmout = NULL;
5800 asoc->strm_realoutsize = asoc->streamoutcnt = 0;
5802 struct sctp_queued_to_read *ctl, *nctl;
5804 for (i = 0; i < asoc->streamincnt; i++) {
5805 TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[i].inqueue, next, nctl) {
5806 TAILQ_REMOVE(&asoc->strmin[i].inqueue, ctl, next);
5807 sctp_free_remote_addr(ctl->whoFrom);
5809 sctp_m_freem(ctl->data);
5813 * We don't free the address here
5814 * since all the net's were freed
5817 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), ctl);
5818 SCTP_DECR_READQ_COUNT();
5821 SCTP_FREE(asoc->strmin, SCTP_M_STRMI);
5822 asoc->strmin = NULL;
5824 asoc->streamincnt = 0;
5825 TAILQ_FOREACH_SAFE(net, &asoc->nets, sctp_next, nnet) {
5827 if (SCTP_BASE_INFO(ipi_count_raddr) == 0) {
5828 panic("no net's left alloc'ed, or list points to itself");
5831 TAILQ_REMOVE(&asoc->nets, net, sctp_next);
5832 sctp_free_remote_addr(net);
5834 LIST_FOREACH_SAFE(laddr, &asoc->sctp_restricted_addrs, sctp_nxt_addr, naddr) {
5835 /*sa_ignore FREED_MEMORY*/
5836 sctp_remove_laddr(laddr);
5839 /* pending asconf (address) parameters */
5840 TAILQ_FOREACH_SAFE(aparam, &asoc->asconf_queue, next, naparam) {
5841 /*sa_ignore FREED_MEMORY*/
5842 TAILQ_REMOVE(&asoc->asconf_queue, aparam, next);
5843 SCTP_FREE(aparam,SCTP_M_ASC_ADDR);
5845 TAILQ_FOREACH_SAFE(aack, &asoc->asconf_ack_sent, next, naack) {
5846 /*sa_ignore FREED_MEMORY*/
5847 TAILQ_REMOVE(&asoc->asconf_ack_sent, aack, next);
5848 if (aack->data != NULL) {
5849 sctp_m_freem(aack->data);
5851 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asconf_ack), aack);
5853 /* clean up auth stuff */
5854 if (asoc->local_hmacs)
5855 sctp_free_hmaclist(asoc->local_hmacs);
5856 if (asoc->peer_hmacs)
5857 sctp_free_hmaclist(asoc->peer_hmacs);
5859 if (asoc->local_auth_chunks)
5860 sctp_free_chunklist(asoc->local_auth_chunks);
5861 if (asoc->peer_auth_chunks)
5862 sctp_free_chunklist(asoc->peer_auth_chunks);
5864 sctp_free_authinfo(&asoc->authinfo);
5866 LIST_FOREACH_SAFE(shared_key, &asoc->shared_keys, next, nshared_key) {
5867 LIST_REMOVE(shared_key, next);
5868 sctp_free_sharedkey(shared_key);
5869 /*sa_ignore FREED_MEMORY*/
5872 /* Insert new items here :> */
5874 /* Get rid of LOCK */
5875 SCTP_TCB_UNLOCK(stcb);
5876 SCTP_TCB_LOCK_DESTROY(stcb);
5877 SCTP_TCB_SEND_LOCK_DESTROY(stcb);
5878 if (from_inpcbfree == SCTP_NORMAL_PROC) {
5879 SCTP_INP_INFO_WUNLOCK();
5880 SCTP_INP_RLOCK(inp);
5882 #if defined(__APPLE__) /* TEMP CODE */
5883 stcb->freed_from_where = from_location;
5885 #ifdef SCTP_TRACK_FREED_ASOCS
5886 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
5887 /* now clean up the tasoc itself */
5888 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
5889 SCTP_DECR_ASOC_COUNT();
5891 LIST_INSERT_HEAD(&inp->sctp_asoc_free_list, stcb, sctp_tcblist);
5894 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_asoc), stcb);
5895 SCTP_DECR_ASOC_COUNT();
5897 if (from_inpcbfree == SCTP_NORMAL_PROC) {
5898 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
5899 /* If its NOT the inp_free calling us AND
5900 * sctp_close as been called, we
5903 SCTP_INP_RUNLOCK(inp);
5904 /* This will start the kill timer (if we are
5905 * the last one) since we hold an increment yet. But
5906 * this is the only safe way to do this
5907 * since otherwise if the socket closes
5908 * at the same time we are here we might
5909 * collide in the cleanup.
5911 sctp_inpcb_free(inp,
5912 SCTP_FREE_SHOULD_USE_GRACEFUL_CLOSE,
5913 SCTP_CALLED_DIRECTLY_NOCMPSET);
5914 SCTP_INP_DECR_REF(inp);
5917 /* The socket is still open. */
5918 SCTP_INP_DECR_REF(inp);
5921 if (from_inpcbfree == SCTP_NORMAL_PROC) {
5922 SCTP_INP_RUNLOCK(inp);
5925 /* destroyed the asoc */
5926 #ifdef SCTP_LOG_CLOSING
5927 sctp_log_closing(inp, NULL, 11);
5935 * determine if a destination is "reachable" based upon the addresses bound
5936 * to the current endpoint (e.g. only v4 or v6 currently bound)
5939 * FIX: if we allow assoc-level bindx(), then this needs to be fixed to use
5940 * assoc level v4/v6 flags, as the assoc *may* not have the same address
5941 * types bound as its endpoint
5944 sctp_destination_is_reachable(struct sctp_tcb *stcb, struct sockaddr *destaddr)
5946 struct sctp_inpcb *inp;
5950 * No locks here, the TCB, in all cases is already locked and an
5951 * assoc is up. There is either a INP lock by the caller applied (in
5952 * asconf case when deleting an address) or NOT in the HB case,
5953 * however if HB then the INP increment is up and the INP will not
5954 * be removed (on top of the fact that we have a TCB lock). So we
5955 * only want to read the sctp_flags, which is either bound-all or
5956 * not.. no protection needed since once an assoc is up you can't be
5957 * changing your binding.
5959 inp = stcb->sctp_ep;
5960 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
5961 /* if bound all, destination is not restricted */
5963 * RRS: Question during lock work: Is this correct? If you
5964 * are bound-all you still might need to obey the V4--V6
5965 * flags??? IMO this bound-all stuff needs to be removed!
5969 /* NOTE: all "scope" checks are done when local addresses are added */
5970 switch (destaddr->sa_family) {
5973 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__))
5974 answer = inp->inp_vflag & INP_IPV6;
5976 answer = inp->ip_inp.inp.inp_vflag & INP_IPV6;
5982 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__))
5983 answer = inp->inp_vflag & INP_IPV4;
5985 answer = inp->ip_inp.inp.inp_vflag & INP_IPV4;
5989 #if defined(__Userspace__)
5991 answer = inp->ip_inp.inp.inp_vflag & INP_CONN;
5995 /* invalid family, so it's unreachable */
6003 * update the inp_vflags on an endpoint
6006 sctp_update_ep_vflag(struct sctp_inpcb *inp)
6008 struct sctp_laddr *laddr;
6010 /* first clear the flag */
6011 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__))
6014 inp->ip_inp.inp.inp_vflag = 0;
6016 /* set the flag based on addresses on the ep list */
6017 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
6018 if (laddr->ifa == NULL) {
6019 SCTPDBG(SCTP_DEBUG_PCB1, "%s: NULL ifa\n",
6024 if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
6027 switch (laddr->ifa->address.sa.sa_family) {
6030 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__))
6031 inp->inp_vflag |= INP_IPV6;
6033 inp->ip_inp.inp.inp_vflag |= INP_IPV6;
6039 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__))
6040 inp->inp_vflag |= INP_IPV4;
6042 inp->ip_inp.inp.inp_vflag |= INP_IPV4;
6046 #if defined(__Userspace__)
6048 inp->ip_inp.inp.inp_vflag |= INP_CONN;
6058 * Add the address to the endpoint local address list There is nothing to be
6059 * done if we are bound to all addresses
6062 sctp_add_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa, uint32_t action)
6064 struct sctp_laddr *laddr;
6069 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
6070 /* You are already bound to all. You have it already */
6074 if (ifa->address.sa.sa_family == AF_INET6) {
6075 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
6076 /* Can't bind a non-useable addr. */
6081 /* first, is it already present? */
6082 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
6083 if (laddr->ifa == ifa) {
6090 /* Not in the ep list */
6091 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa, action);
6095 /* update inp_vflag flags */
6096 switch (ifa->address.sa.sa_family) {
6099 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__))
6100 inp->inp_vflag |= INP_IPV6;
6102 inp->ip_inp.inp.inp_vflag |= INP_IPV6;
6108 #if !(defined(__FreeBSD__) || defined(__APPLE__) || defined(__Windows__) || defined(__Userspace__))
6109 inp->inp_vflag |= INP_IPV4;
6111 inp->ip_inp.inp.inp_vflag |= INP_IPV4;
6115 #if defined(__Userspace__)
6117 inp->ip_inp.inp.inp_vflag |= INP_CONN;
6129 * select a new (hopefully reachable) destination net (should only be used
6130 * when we deleted an ep addr that is the only usable source address to reach
6131 * the destination net)
6134 sctp_select_primary_destination(struct sctp_tcb *stcb)
6136 struct sctp_nets *net;
6138 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
6139 /* for now, we'll just pick the first reachable one we find */
6140 if (net->dest_state & SCTP_ADDR_UNCONFIRMED)
6142 if (sctp_destination_is_reachable(stcb,
6143 (struct sockaddr *)&net->ro._l_addr)) {
6144 /* found a reachable destination */
6145 stcb->asoc.primary_destination = net;
6148 /* I can't there from here! ...we're gonna die shortly... */
6153 * Delete the address from the endpoint local address list There is nothing
6154 * to be done if we are bound to all addresses
6157 sctp_del_local_addr_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa)
6159 struct sctp_laddr *laddr;
6163 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
6164 /* You are already bound to all. You have it already */
6167 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
6168 if (laddr->ifa == ifa) {
6173 if (fnd && (inp->laddr_count < 2)) {
6174 /* can't delete unless there are at LEAST 2 addresses */
6179 * clean up any use of this address go through our
6180 * associations and clear any last_used_address that match
6181 * this one for each assoc, see if a new primary_destination
6184 struct sctp_tcb *stcb;
6186 /* clean up "next_addr_touse" */
6187 if (inp->next_addr_touse == laddr)
6188 /* delete this address */
6189 inp->next_addr_touse = NULL;
6191 /* clean up "last_used_address" */
6192 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
6193 struct sctp_nets *net;
6194 SCTP_TCB_LOCK(stcb);
6195 if (stcb->asoc.last_used_address == laddr)
6196 /* delete this address */
6197 stcb->asoc.last_used_address = NULL;
6198 /* Now spin through all the nets and purge any ref to laddr */
6199 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
6200 if (net->ro._s_addr &&
6201 (net->ro._s_addr->ifa == laddr->ifa)) {
6202 /* Yep, purge src address selected */
6205 /* delete this address if cached */
6209 net->ro.ro_rt = NULL;
6211 sctp_free_ifa(net->ro._s_addr);
6212 net->ro._s_addr = NULL;
6213 net->src_addr_selected = 0;
6216 SCTP_TCB_UNLOCK(stcb);
6217 } /* for each tcb */
6218 /* remove it from the ep list */
6219 sctp_remove_laddr(laddr);
6221 /* update inp_vflag flags */
6222 sctp_update_ep_vflag(inp);
6228 * Add the address to the TCB local address restricted list.
6229 * This is a "pending" address list (eg. addresses waiting for an
6230 * ASCONF-ACK response) and cannot be used as a valid source address.
6233 sctp_add_local_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa)
6235 struct sctp_laddr *laddr;
6236 struct sctpladdr *list;
6239 * Assumes TCB is locked.. and possibly the INP. May need to
6240 * confirm/fix that if we need it and is not the case.
6242 list = &stcb->asoc.sctp_restricted_addrs;
6245 if (ifa->address.sa.sa_family == AF_INET6) {
6246 if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
6247 /* Can't bind a non-existent addr. */
6252 /* does the address already exist? */
6253 LIST_FOREACH(laddr, list, sctp_nxt_addr) {
6254 if (laddr->ifa == ifa) {
6259 /* add to the list */
6260 (void)sctp_insert_laddr(list, ifa, 0);
6265 * insert an laddr entry with the given ifa for the desired list
6268 sctp_insert_laddr(struct sctpladdr *list, struct sctp_ifa *ifa, uint32_t act)
6270 struct sctp_laddr *laddr;
6272 laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr);
6273 if (laddr == NULL) {
6274 /* out of memory? */
6275 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
6278 SCTP_INCR_LADDR_COUNT();
6279 bzero(laddr, sizeof(*laddr));
6280 (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time);
6282 laddr->action = act;
6283 atomic_add_int(&ifa->refcount, 1);
6285 LIST_INSERT_HEAD(list, laddr, sctp_nxt_addr);
6291 * Remove an laddr entry from the local address list (on an assoc)
6294 sctp_remove_laddr(struct sctp_laddr *laddr)
6297 /* remove from the list */
6298 LIST_REMOVE(laddr, sctp_nxt_addr);
6299 sctp_free_ifa(laddr->ifa);
6300 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), laddr);
6301 SCTP_DECR_LADDR_COUNT();
6305 * Remove a local address from the TCB local address restricted list
6308 sctp_del_local_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa)
6310 struct sctp_inpcb *inp;
6311 struct sctp_laddr *laddr;
6314 * This is called by asconf work. It is assumed that a) The TCB is
6315 * locked and b) The INP is locked. This is true in as much as I can
6316 * trace through the entry asconf code where I did these locks.
6317 * Again, the ASCONF code is a bit different in that it does lock
6318 * the INP during its work often times. This must be since we don't
6319 * want other proc's looking up things while what they are looking
6320 * up is changing :-D
6323 inp = stcb->sctp_ep;
6324 /* if subset bound and don't allow ASCONF's, can't delete last */
6325 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) &&
6326 sctp_is_feature_off(inp, SCTP_PCB_FLAGS_DO_ASCONF)) {
6327 if (stcb->sctp_ep->laddr_count < 2) {
6328 /* can't delete last address */
6332 LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) {
6333 /* remove the address if it exists */
6334 if (laddr->ifa == NULL)
6336 if (laddr->ifa == ifa) {
6337 sctp_remove_laddr(laddr);
6342 /* address not found! */
6346 #if defined(__FreeBSD__)
6348 * Temporarily remove for __APPLE__ until we use the Tiger equivalents
6351 static int sctp_max_number_of_assoc = SCTP_MAX_NUM_OF_ASOC;
6352 static int sctp_scale_up_for_address = SCTP_SCALE_FOR_ADDR;
6353 #endif /* FreeBSD || APPLE */
6357 #if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP)
6358 struct sctp_mcore_ctrl *sctp_mcore_workers = NULL;
6359 int *sctp_cpuarry = NULL;
6361 sctp_queue_to_mcore(struct mbuf *m, int off, int cpu_to_use)
6363 /* Queue a packet to a processor for the specified core */
6364 struct sctp_mcore_queue *qent;
6365 struct sctp_mcore_ctrl *wkq;
6367 if (sctp_mcore_workers == NULL) {
6368 /* Something went way bad during setup */
6369 sctp_input_with_port(m, off, 0);
6372 SCTP_MALLOC(qent, struct sctp_mcore_queue *,
6373 (sizeof(struct sctp_mcore_queue)),
6376 /* This is trouble */
6377 sctp_input_with_port(m, off, 0);
6380 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000
6386 wkq = &sctp_mcore_workers[cpu_to_use];
6387 SCTP_MCORE_QLOCK(wkq);
6389 TAILQ_INSERT_TAIL(&wkq->que, qent, next);
6390 if (wkq->running == 0) {
6393 SCTP_MCORE_QUNLOCK(wkq);
6395 wakeup(&wkq->running);
6400 sctp_mcore_thread(void *arg)
6403 struct sctp_mcore_ctrl *wkq;
6404 struct sctp_mcore_queue *qent;
6406 wkq = (struct sctp_mcore_ctrl *)arg;
6410 /* Wait for first tickle */
6411 SCTP_MCORE_LOCK(wkq);
6413 msleep(&wkq->running,
6415 0, "wait for pkt", 0);
6416 SCTP_MCORE_UNLOCK(wkq);
6418 /* Bind to our cpu */
6419 thread_lock(curthread);
6420 sched_bind(curthread, wkq->cpuid);
6421 thread_unlock(curthread);
6423 /* Now lets start working */
6424 SCTP_MCORE_LOCK(wkq);
6425 /* Now grab lock and go */
6427 SCTP_MCORE_QLOCK(wkq);
6430 qent = TAILQ_FIRST(&wkq->que);
6432 TAILQ_REMOVE(&wkq->que, qent, next);
6433 SCTP_MCORE_QUNLOCK(wkq);
6434 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000
6435 CURVNET_SET(qent->vn);
6440 SCTP_FREE(qent, SCTP_M_MCORE);
6442 sctp_input_with_port(m, off, 0);
6444 SCTP_PRINTF("V6 not yet supported\n");
6447 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000
6450 SCTP_MCORE_QLOCK(wkq);
6453 if (!TAILQ_EMPTY(&wkq->que)) {
6456 SCTP_MCORE_QUNLOCK(wkq);
6457 msleep(&wkq->running,
6459 0, "wait for pkt", 0);
6464 sctp_startup_mcore_threads(void)
6471 if (sctp_mcore_workers != NULL) {
6472 /* Already been here in some previous
6477 SCTP_MALLOC(sctp_mcore_workers, struct sctp_mcore_ctrl *,
6478 ((mp_maxid+1) * sizeof(struct sctp_mcore_ctrl)),
6480 if (sctp_mcore_workers == NULL) {
6484 memset(sctp_mcore_workers, 0 , ((mp_maxid+1) *
6485 sizeof(struct sctp_mcore_ctrl)));
6486 /* Init the structures */
6487 for (i = 0; i<=mp_maxid; i++) {
6488 TAILQ_INIT(&sctp_mcore_workers[i].que);
6489 SCTP_MCORE_LOCK_INIT(&sctp_mcore_workers[i]);
6490 SCTP_MCORE_QLOCK_INIT(&sctp_mcore_workers[i]);
6491 sctp_mcore_workers[i].cpuid = i;
6493 if (sctp_cpuarry == NULL) {
6494 SCTP_MALLOC(sctp_cpuarry, int *,
6495 (mp_ncpus * sizeof(int)),
6499 sctp_cpuarry[i] = cpu;
6504 /* Now start them all */
6506 #if __FreeBSD_version <= 701000
6507 (void)kthread_create(sctp_mcore_thread,
6508 (void *)&sctp_mcore_workers[cpu],
6509 &sctp_mcore_workers[cpu].thread_proc,
6515 (void)kproc_create(sctp_mcore_thread,
6516 (void *)&sctp_mcore_workers[cpu],
6517 &sctp_mcore_workers[cpu].thread_proc,
6526 #if defined(__FreeBSD__) && __FreeBSD_cc_version >= 1200000
6527 static struct mbuf *
6528 sctp_netisr_hdlr(struct mbuf *m, uintptr_t source)
6533 uint32_t flowid, tag;
6536 * No flow id built by lower layers fix it so we
6539 ip = mtod(m, struct ip *);
6540 offset = (ip->ip_hl << 2) + sizeof(struct sctphdr);
6541 if (SCTP_BUF_LEN(m) < offset) {
6542 if ((m = m_pullup(m, offset)) == NULL) {
6543 SCTP_STAT_INCR(sctps_hdrops);
6546 ip = mtod(m, struct ip *);
6548 sh = (struct sctphdr *)((caddr_t)ip + (ip->ip_hl << 2));
6549 tag = htonl(sh->v_tag);
6550 flowid = tag ^ ntohs(sh->dest_port) ^ ntohs(sh->src_port);
6551 m->m_pkthdr.flowid = flowid;
6552 m->m_flags |= M_FLOWID;
6561 * SCTP initialization for the PCB structures should be called by
6562 * the sctp_init() funciton.
6567 if (SCTP_BASE_VAR(sctp_pcb_initialized) != 0) {
6568 /* error I was called twice */
6571 SCTP_BASE_VAR(sctp_pcb_initialized) = 1;
6573 #if defined(SCTP_LOCAL_TRACE_BUF)
6574 #if defined(__Windows__)
6575 if (SCTP_BASE_SYSCTL(sctp_log) != NULL) {
6576 bzero(SCTP_BASE_SYSCTL(sctp_log), sizeof(struct sctp_log));
6579 bzero(&SCTP_BASE_SYSCTL(sctp_log), sizeof(struct sctp_log));
6582 #if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT)
6583 SCTP_MALLOC(SCTP_BASE_STATS, struct sctpstat *,
6584 ((mp_maxid+1) * sizeof(struct sctpstat)),
6587 (void)SCTP_GETTIME_TIMEVAL(&tv);
6588 #if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT)
6589 bzero(SCTP_BASE_STATS, (sizeof(struct sctpstat) * (mp_maxid+1)));
6590 SCTP_BASE_STATS[PCPU_GET(cpuid)].sctps_discontinuitytime.tv_sec = (uint32_t)tv.tv_sec;
6591 SCTP_BASE_STATS[PCPU_GET(cpuid)].sctps_discontinuitytime.tv_usec = (uint32_t)tv.tv_usec;
6593 bzero(&SCTP_BASE_STATS, sizeof(struct sctpstat));
6594 SCTP_BASE_STAT(sctps_discontinuitytime).tv_sec = (uint32_t)tv.tv_sec;
6595 SCTP_BASE_STAT(sctps_discontinuitytime).tv_usec = (uint32_t)tv.tv_usec;
6597 /* init the empty list of (All) Endpoints */
6598 LIST_INIT(&SCTP_BASE_INFO(listhead));
6599 #if defined(__APPLE__)
6600 LIST_INIT(&SCTP_BASE_INFO(inplisthead));
6601 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) || defined(APPLE_LION) || defined(APPLE_MOUNTAINLION)
6602 SCTP_BASE_INFO(sctbinfo).listhead = &SCTP_BASE_INFO(inplisthead);
6603 SCTP_BASE_INFO(sctbinfo).mtx_grp_attr = lck_grp_attr_alloc_init();
6604 lck_grp_attr_setdefault(SCTP_BASE_INFO(sctbinfo).mtx_grp_attr);
6605 SCTP_BASE_INFO(sctbinfo).mtx_grp = lck_grp_alloc_init("sctppcb", SCTP_BASE_INFO(sctbinfo).mtx_grp_attr);
6606 SCTP_BASE_INFO(sctbinfo).mtx_attr = lck_attr_alloc_init();
6607 lck_attr_setdefault(SCTP_BASE_INFO(sctbinfo).mtx_attr);
6609 SCTP_BASE_INFO(sctbinfo).ipi_listhead = &SCTP_BASE_INFO(inplisthead);
6610 SCTP_BASE_INFO(sctbinfo).ipi_lock_grp_attr = lck_grp_attr_alloc_init();
6611 lck_grp_attr_setdefault(SCTP_BASE_INFO(sctbinfo).ipi_lock_grp_attr);
6612 SCTP_BASE_INFO(sctbinfo).ipi_lock_grp = lck_grp_alloc_init("sctppcb", SCTP_BASE_INFO(sctbinfo).ipi_lock_grp_attr);
6613 SCTP_BASE_INFO(sctbinfo).ipi_lock_attr = lck_attr_alloc_init();
6614 lck_attr_setdefault(SCTP_BASE_INFO(sctbinfo).ipi_lock_attr);
6616 #if !defined(APPLE_LEOPARD) && !defined(APPLE_SNOWLEOPARD) && !defined(APPLE_LION) && !defined(APPLE_MOUNTAINLION)
6617 SCTP_BASE_INFO(sctbinfo).ipi_gc = sctp_gc;
6618 in_pcbinfo_attach(&SCTP_BASE_INFO(sctbinfo));
6623 /* init the hash table of endpoints */
6624 #if defined(__FreeBSD__)
6625 #if defined(__FreeBSD_cc_version) && __FreeBSD_cc_version >= 440000
6626 TUNABLE_INT_FETCH("net.inet.sctp.tcbhashsize", &SCTP_BASE_SYSCTL(sctp_hashtblsize));
6627 TUNABLE_INT_FETCH("net.inet.sctp.pcbhashsize", &SCTP_BASE_SYSCTL(sctp_pcbtblsize));
6628 TUNABLE_INT_FETCH("net.inet.sctp.chunkscale", &SCTP_BASE_SYSCTL(sctp_chunkscale));
6630 TUNABLE_INT_FETCH("net.inet.sctp.tcbhashsize", SCTP_TCBHASHSIZE,
6631 SCTP_BASE_SYSCTL(sctp_hashtblsize));
6632 TUNABLE_INT_FETCH("net.inet.sctp.pcbhashsize", SCTP_PCBHASHSIZE,
6633 SCTP_BASE_SYSCTL(sctp_pcbtblsize));
6634 TUNABLE_INT_FETCH("net.inet.sctp.chunkscale", SCTP_CHUNKQUEUE_SCALE,
6635 SCTP_BASE_SYSCTL(sctp_chunkscale));
6638 SCTP_BASE_INFO(sctp_asochash) = SCTP_HASH_INIT((SCTP_BASE_SYSCTL(sctp_hashtblsize) * 31),
6639 &SCTP_BASE_INFO(hashasocmark));
6640 SCTP_BASE_INFO(sctp_ephash) = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_hashtblsize),
6641 &SCTP_BASE_INFO(hashmark));
6642 SCTP_BASE_INFO(sctp_tcpephash) = SCTP_HASH_INIT(SCTP_BASE_SYSCTL(sctp_hashtblsize),
6643 &SCTP_BASE_INFO(hashtcpmark));
6644 SCTP_BASE_INFO(hashtblsize) = SCTP_BASE_SYSCTL(sctp_hashtblsize);
6647 SCTP_BASE_INFO(sctp_vrfhash) = SCTP_HASH_INIT(SCTP_SIZE_OF_VRF_HASH,
6648 &SCTP_BASE_INFO(hashvrfmark));
6650 SCTP_BASE_INFO(vrf_ifn_hash) = SCTP_HASH_INIT(SCTP_VRF_IFN_HASH_SIZE,
6651 &SCTP_BASE_INFO(vrf_ifn_hashmark));
6652 /* init the zones */
6654 * FIX ME: Should check for NULL returns, but if it does fail we are
6655 * doomed to panic anyways... add later maybe.
6657 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_ep), "sctp_ep",
6658 sizeof(struct sctp_inpcb), maxsockets);
6660 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asoc), "sctp_asoc",
6661 sizeof(struct sctp_tcb), sctp_max_number_of_assoc);
6663 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_laddr), "sctp_laddr",
6664 sizeof(struct sctp_laddr),
6665 (sctp_max_number_of_assoc * sctp_scale_up_for_address));
6667 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_net), "sctp_raddr",
6668 sizeof(struct sctp_nets),
6669 (sctp_max_number_of_assoc * sctp_scale_up_for_address));
6671 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_chunk), "sctp_chunk",
6672 sizeof(struct sctp_tmit_chunk),
6673 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
6675 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_readq), "sctp_readq",
6676 sizeof(struct sctp_queued_to_read),
6677 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
6679 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_strmoq), "sctp_stream_msg_out",
6680 sizeof(struct sctp_stream_queue_pending),
6681 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
6683 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asconf), "sctp_asconf",
6684 sizeof(struct sctp_asconf),
6685 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
6687 SCTP_ZONE_INIT(SCTP_BASE_INFO(ipi_zone_asconf_ack), "sctp_asconf_ack",
6688 sizeof(struct sctp_asconf_ack),
6689 (sctp_max_number_of_assoc * SCTP_BASE_SYSCTL(sctp_chunkscale)));
6692 /* Master Lock INIT for info structure */
6693 SCTP_INP_INFO_LOCK_INIT();
6694 SCTP_STATLOG_INIT_LOCK();
6696 SCTP_IPI_COUNT_INIT();
6697 SCTP_IPI_ADDR_INIT();
6698 #ifdef SCTP_PACKET_LOGGING
6699 SCTP_IP_PKTLOG_INIT();
6701 LIST_INIT(&SCTP_BASE_INFO(addr_wq));
6703 SCTP_WQ_ADDR_INIT();
6704 /* not sure if we need all the counts */
6705 SCTP_BASE_INFO(ipi_count_ep) = 0;
6706 /* assoc/tcb zone info */
6707 SCTP_BASE_INFO(ipi_count_asoc) = 0;
6708 /* local addrlist zone info */
6709 SCTP_BASE_INFO(ipi_count_laddr) = 0;
6710 /* remote addrlist zone info */
6711 SCTP_BASE_INFO(ipi_count_raddr) = 0;
6713 SCTP_BASE_INFO(ipi_count_chunk) = 0;
6715 /* socket queue zone info */
6716 SCTP_BASE_INFO(ipi_count_readq) = 0;
6718 /* stream out queue cont */
6719 SCTP_BASE_INFO(ipi_count_strmoq) = 0;
6721 SCTP_BASE_INFO(ipi_free_strmoq) = 0;
6722 SCTP_BASE_INFO(ipi_free_chunks) = 0;
6724 SCTP_OS_TIMER_INIT(&SCTP_BASE_INFO(addr_wq_timer.timer));
6726 /* Init the TIMEWAIT list */
6727 for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) {
6728 LIST_INIT(&SCTP_BASE_INFO(vtag_timewait)[i]);
6730 #if defined(SCTP_PROCESS_LEVEL_LOCKS)
6731 #if defined(__Userspace_os_Windows)
6732 InitializeConditionVariable(&sctp_it_ctl.iterator_wakeup);
6734 (void)pthread_cond_init(&sctp_it_ctl.iterator_wakeup, NULL);
6737 sctp_startup_iterator();
6739 #if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP)
6740 sctp_startup_mcore_threads();
6745 * INIT the default VRF which for BSD is the only one, other O/S's
6746 * may have more. But initially they must start with one and then
6747 * add the VRF's as addresses are added.
6749 sctp_init_vrf_list(SCTP_DEFAULT_VRF);
6751 #if defined(__FreeBSD__) && __FreeBSD_cc_version >= 1200000
6752 if (ip_register_flow_handler(sctp_netisr_hdlr, IPPROTO_SCTP)) {
6753 SCTP_PRINTF("***SCTP- Error can't register netisr handler***\n");
6756 #if defined(_SCTP_NEEDS_CALLOUT_) || defined(_USER_SCTP_NEEDS_CALLOUT_)
6757 /* allocate the lock for the callout/timer queue */
6758 SCTP_TIMERQ_LOCK_INIT();
6759 TAILQ_INIT(&SCTP_BASE_INFO(callqueue));
6761 #if defined(__Userspace__)
6764 #if defined(INET) || defined(INET6)
6771 * Assumes that the SCTP_BASE_INFO() lock is NOT held.
6774 sctp_pcb_finish(void)
6776 struct sctp_vrflist *vrf_bucket;
6777 struct sctp_vrf *vrf, *nvrf;
6778 struct sctp_ifn *ifn, *nifn;
6779 struct sctp_ifa *ifa, *nifa;
6780 struct sctpvtaghead *chain;
6781 struct sctp_tagblock *twait_block, *prev_twait_block;
6782 struct sctp_laddr *wi, *nwi;
6784 struct sctp_iterator *it, *nit;
6786 #if !defined(__FreeBSD__)
6787 /* Notify the iterator to exit. */
6788 SCTP_IPI_ITERATOR_WQ_LOCK();
6789 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_MUST_EXIT;
6790 sctp_wakeup_iterator();
6791 SCTP_IPI_ITERATOR_WQ_UNLOCK();
6793 #if defined(__APPLE__)
6794 #if !defined(APPLE_LEOPARD) && !defined(APPLE_SNOWLEOPARD) && !defined(APPLE_LION) && !defined(APPLE_MOUNTAINLION)
6795 in_pcbinfo_detach(&SCTP_BASE_INFO(sctbinfo));
6797 SCTP_IPI_ITERATOR_WQ_LOCK();
6799 msleep(&sctp_it_ctl.iterator_flags,
6800 sctp_it_ctl.ipi_iterator_wq_mtx,
6801 0, "waiting_for_work", 0);
6802 } while ((sctp_it_ctl.iterator_flags & SCTP_ITERATOR_EXITED) == 0);
6803 thread_deallocate(sctp_it_ctl.thread_proc);
6804 SCTP_IPI_ITERATOR_WQ_UNLOCK();
6806 #if defined(__Windows__)
6807 if (sctp_it_ctl.iterator_thread_obj != NULL) {
6808 NTSTATUS status = STATUS_SUCCESS;
6810 KeSetEvent(&sctp_it_ctl.iterator_wakeup[1], IO_NO_INCREMENT, FALSE);
6811 status = KeWaitForSingleObject(sctp_it_ctl.iterator_thread_obj,
6816 ObDereferenceObject(sctp_it_ctl.iterator_thread_obj);
6819 #if defined(__Userspace__)
6820 if (sctp_it_ctl.thread_proc) {
6821 #if defined(__Userspace_os_Windows)
6822 WaitForSingleObject(sctp_it_ctl.thread_proc, INFINITE);
6823 CloseHandle(sctp_it_ctl.thread_proc);
6824 sctp_it_ctl.thread_proc = NULL;
6826 pthread_join(sctp_it_ctl.thread_proc, NULL);
6827 sctp_it_ctl.thread_proc = 0;
6831 #if defined(SCTP_PROCESS_LEVEL_LOCKS)
6832 #if defined(__Userspace_os_Windows)
6833 DeleteConditionVariable(&sctp_it_ctl.iterator_wakeup);
6835 pthread_cond_destroy(&sctp_it_ctl.iterator_wakeup);
6838 /* In FreeBSD the iterator thread never exits
6839 * but we do clean up.
6840 * The only way FreeBSD reaches here is if we have VRF's
6841 * but we still add the ifdef to make it compile on old versions.
6843 SCTP_IPI_ITERATOR_WQ_LOCK();
6844 TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) {
6845 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000
6846 if (it->vn != curvnet) {
6850 TAILQ_REMOVE(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr);
6851 if (it->function_atend != NULL) {
6852 (*it->function_atend) (it->pointer, it->val);
6854 SCTP_FREE(it,SCTP_M_ITER);
6856 SCTP_IPI_ITERATOR_WQ_UNLOCK();
6857 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000
6858 SCTP_ITERATOR_LOCK();
6859 if ((sctp_it_ctl.cur_it) &&
6860 (sctp_it_ctl.cur_it->vn == curvnet)) {
6861 sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_IT;
6863 SCTP_ITERATOR_UNLOCK();
6865 #if !defined(__FreeBSD__)
6866 SCTP_IPI_ITERATOR_WQ_DESTROY();
6867 SCTP_ITERATOR_LOCK_DESTROY();
6869 SCTP_OS_TIMER_STOP(&SCTP_BASE_INFO(addr_wq_timer.timer));
6870 SCTP_WQ_ADDR_LOCK();
6871 LIST_FOREACH_SAFE(wi, &SCTP_BASE_INFO(addr_wq), sctp_nxt_addr, nwi) {
6872 LIST_REMOVE(wi, sctp_nxt_addr);
6873 SCTP_DECR_LADDR_COUNT();
6874 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), wi);
6876 SCTP_WQ_ADDR_UNLOCK();
6879 * free the vrf/ifn/ifa lists and hashes (be sure address monitor
6880 * is destroyed first).
6882 vrf_bucket = &SCTP_BASE_INFO(sctp_vrfhash)[(SCTP_DEFAULT_VRFID & SCTP_BASE_INFO(hashvrfmark))];
6883 LIST_FOREACH_SAFE(vrf, vrf_bucket, next_vrf, nvrf) {
6884 LIST_FOREACH_SAFE(ifn, &vrf->ifnlist, next_ifn, nifn) {
6885 LIST_FOREACH_SAFE(ifa, &ifn->ifalist, next_ifa, nifa) {
6887 LIST_REMOVE(ifa, next_bucket);
6888 LIST_REMOVE(ifa, next_ifa);
6889 SCTP_FREE(ifa, SCTP_M_IFA);
6892 LIST_REMOVE(ifn, next_bucket);
6893 LIST_REMOVE(ifn, next_ifn);
6894 SCTP_FREE(ifn, SCTP_M_IFN);
6896 SCTP_HASH_FREE(vrf->vrf_addr_hash, vrf->vrf_addr_hashmark);
6898 LIST_REMOVE(vrf, next_vrf);
6899 SCTP_FREE(vrf, SCTP_M_VRF);
6901 /* free the vrf hashes */
6902 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_vrfhash), SCTP_BASE_INFO(hashvrfmark));
6903 SCTP_HASH_FREE(SCTP_BASE_INFO(vrf_ifn_hash), SCTP_BASE_INFO(vrf_ifn_hashmark));
6904 #if defined(__Userspace__) && !defined(__Userspace_os_Windows)
6905 /* free memory allocated by getifaddrs call */
6906 #if defined(INET) || defined(INET6)
6907 freeifaddrs(g_interfaces);
6911 /* free the TIMEWAIT list elements malloc'd in the function
6912 * sctp_add_vtag_to_timewait()...
6914 for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) {
6915 chain = &SCTP_BASE_INFO(vtag_timewait)[i];
6916 if (!LIST_EMPTY(chain)) {
6917 prev_twait_block = NULL;
6918 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
6919 if (prev_twait_block) {
6920 SCTP_FREE(prev_twait_block, SCTP_M_TIMW);
6922 prev_twait_block = twait_block;
6924 SCTP_FREE(prev_twait_block, SCTP_M_TIMW);
6928 /* free the locks and mutexes */
6929 #if defined(__APPLE__)
6930 SCTP_TIMERQ_LOCK_DESTROY();
6932 #ifdef SCTP_PACKET_LOGGING
6933 SCTP_IP_PKTLOG_DESTROY();
6935 SCTP_IPI_ADDR_DESTROY();
6936 #if defined(__APPLE__)
6937 SCTP_IPI_COUNT_DESTROY();
6939 SCTP_STATLOG_DESTROY();
6940 SCTP_INP_INFO_LOCK_DESTROY();
6942 SCTP_WQ_ADDR_DESTROY();
6944 #if defined(__APPLE__)
6945 #if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD) || defined(APPLE_LION) || defined(APPLE_MOUNTAINLION)
6946 lck_grp_attr_free(SCTP_BASE_INFO(sctbinfo).mtx_grp_attr);
6947 lck_grp_free(SCTP_BASE_INFO(sctbinfo).mtx_grp);
6948 lck_attr_free(SCTP_BASE_INFO(sctbinfo).mtx_attr);
6950 lck_grp_attr_free(SCTP_BASE_INFO(sctbinfo).ipi_lock_grp_attr);
6951 lck_grp_free(SCTP_BASE_INFO(sctbinfo).ipi_lock_grp);
6952 lck_attr_free(SCTP_BASE_INFO(sctbinfo).ipi_lock_attr);
6955 #if defined(__Userspace__)
6956 SCTP_TIMERQ_LOCK_DESTROY();
6957 SCTP_ZONE_DESTROY(zone_mbuf);
6958 SCTP_ZONE_DESTROY(zone_clust);
6959 SCTP_ZONE_DESTROY(zone_ext_refcnt);
6961 #if defined(__Windows__) || defined(__FreeBSD__) || defined(__Userspace__)
6962 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_ep));
6963 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asoc));
6964 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_laddr));
6965 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_net));
6966 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_chunk));
6967 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_readq));
6968 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_strmoq));
6969 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf));
6970 SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf_ack));
6972 /* Get rid of other stuff to */
6973 if (SCTP_BASE_INFO(sctp_asochash) != NULL)
6974 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_asochash), SCTP_BASE_INFO(hashasocmark));
6975 if (SCTP_BASE_INFO(sctp_ephash) != NULL)
6976 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_ephash), SCTP_BASE_INFO(hashmark));
6977 if (SCTP_BASE_INFO(sctp_tcpephash) != NULL)
6978 SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_tcpephash), SCTP_BASE_INFO(hashtcpmark));
6979 #if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT)
6980 SCTP_FREE(SCTP_BASE_STATS, SCTP_M_MCORE);
6986 sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
6987 int offset, int limit,
6988 struct sockaddr *src, struct sockaddr *dst,
6989 struct sockaddr *altsa)
6992 * grub through the INIT pulling addresses and loading them to the
6993 * nets structure in the asoc. The from address in the mbuf should
6994 * also be loaded (if it is not already). This routine can be called
6995 * with either INIT or INIT-ACK's as long as the m points to the IP
6996 * packet and the offset points to the beginning of the parameters.
6998 struct sctp_inpcb *inp;
6999 struct sctp_nets *net, *nnet, *net_tmp;
7000 struct sctp_paramhdr *phdr, parm_buf;
7001 struct sctp_tcb *stcb_tmp;
7002 uint16_t ptype, plen;
7003 struct sockaddr *sa;
7004 uint8_t random_store[SCTP_PARAM_BUFFER_SIZE];
7005 struct sctp_auth_random *p_random = NULL;
7006 uint16_t random_len = 0;
7007 uint8_t hmacs_store[SCTP_PARAM_BUFFER_SIZE];
7008 struct sctp_auth_hmac_algo *hmacs = NULL;
7009 uint16_t hmacs_len = 0;
7010 uint8_t saw_asconf = 0;
7011 uint8_t saw_asconf_ack = 0;
7012 uint8_t chunks_store[SCTP_PARAM_BUFFER_SIZE];
7013 struct sctp_auth_chunk_list *chunks = NULL;
7014 uint16_t num_chunks = 0;
7015 sctp_key_t *new_key;
7017 int got_random = 0, got_hmacs = 0, got_chklist = 0;
7018 uint8_t ecn_allowed;
7020 struct sockaddr_in sin;
7023 struct sockaddr_in6 sin6;
7026 /* First get the destination address setup too. */
7028 memset(&sin, 0, sizeof(sin));
7029 sin.sin_family = AF_INET;
7031 sin.sin_len = sizeof(sin);
7033 sin.sin_port = stcb->rport;
7036 memset(&sin6, 0, sizeof(sin6));
7037 sin6.sin6_family = AF_INET6;
7038 #ifdef HAVE_SIN6_LEN
7039 sin6.sin6_len = sizeof(struct sockaddr_in6);
7041 sin6.sin6_port = stcb->rport;
7048 /* Turn off ECN until we get through all params */
7050 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
7051 /* mark all addresses that we have currently on the list */
7052 net->dest_state |= SCTP_ADDR_NOT_IN_ASSOC;
7054 /* does the source address already exist? if so skip it */
7055 inp = stcb->sctp_ep;
7056 atomic_add_int(&stcb->asoc.refcnt, 1);
7057 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net_tmp, dst, stcb);
7058 atomic_add_int(&stcb->asoc.refcnt, -1);
7060 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) || inp == NULL) {
7061 /* we must add the source address */
7062 /* no scope set here since we have a tcb already. */
7063 switch (sa->sa_family) {
7066 if (stcb->asoc.scope.ipv4_addr_legal) {
7067 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_2)) {
7075 if (stcb->asoc.scope.ipv6_addr_legal) {
7076 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_3)) {
7082 #if defined(__Userspace__)
7084 if (stcb->asoc.scope.conn_addr_legal) {
7085 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_3)) {
7095 if (net_tmp != NULL && stcb_tmp == stcb) {
7096 net_tmp->dest_state &= ~SCTP_ADDR_NOT_IN_ASSOC;
7097 } else if (stcb_tmp != stcb) {
7098 /* It belongs to another association? */
7100 SCTP_TCB_UNLOCK(stcb_tmp);
7104 if (stcb->asoc.state == 0) {
7105 /* the assoc was freed? */
7109 * peer must explicitly turn this on. This may have been initialized
7110 * to be "on" in order to allow local addr changes while INIT's are
7113 stcb->asoc.peer_supports_asconf = 0;
7114 /* now we must go through each of the params. */
7115 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf));
7117 ptype = ntohs(phdr->param_type);
7118 plen = ntohs(phdr->param_length);
7120 * SCTP_PRINTF("ptype => %0x, plen => %d\n", (uint32_t)ptype,
7123 if (offset + plen > limit) {
7130 if (ptype == SCTP_IPV4_ADDRESS) {
7131 if (stcb->asoc.scope.ipv4_addr_legal) {
7132 struct sctp_ipv4addr_param *p4, p4_buf;
7134 /* ok get the v4 address and check/add */
7135 phdr = sctp_get_next_param(m, offset,
7136 (struct sctp_paramhdr *)&p4_buf,
7138 if (plen != sizeof(struct sctp_ipv4addr_param) ||
7142 p4 = (struct sctp_ipv4addr_param *)phdr;
7143 sin.sin_addr.s_addr = p4->addr;
7144 if (IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) {
7145 /* Skip multi-cast addresses */
7148 if ((sin.sin_addr.s_addr == INADDR_BROADCAST) ||
7149 (sin.sin_addr.s_addr == INADDR_ANY)) {
7152 sa = (struct sockaddr *)&sin;
7153 inp = stcb->sctp_ep;
7154 atomic_add_int(&stcb->asoc.refcnt, 1);
7155 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net,
7157 atomic_add_int(&stcb->asoc.refcnt, -1);
7159 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) ||
7161 /* we must add the source address */
7163 * no scope set since we have a tcb
7168 * we must validate the state again
7172 if (stcb->asoc.state == 0) {
7173 /* the assoc was freed? */
7176 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_4)) {
7179 } else if (stcb_tmp == stcb) {
7180 if (stcb->asoc.state == 0) {
7181 /* the assoc was freed? */
7187 ~SCTP_ADDR_NOT_IN_ASSOC;
7191 * strange, address is in another
7192 * assoc? straighten out locks.
7195 if (SCTP_GET_STATE(&stcb_tmp->asoc) & SCTP_STATE_COOKIE_WAIT) {
7196 /* in setup state we abort this guy */
7197 sctp_abort_an_association(stcb_tmp->sctp_ep,
7198 stcb_tmp, NULL, SCTP_SO_NOT_LOCKED);
7201 SCTP_TCB_UNLOCK(stcb_tmp);
7204 if (stcb->asoc.state == 0) {
7205 /* the assoc was freed? */
7214 if (ptype == SCTP_IPV6_ADDRESS) {
7215 if (stcb->asoc.scope.ipv6_addr_legal) {
7216 /* ok get the v6 address and check/add */
7217 struct sctp_ipv6addr_param *p6, p6_buf;
7219 phdr = sctp_get_next_param(m, offset,
7220 (struct sctp_paramhdr *)&p6_buf,
7222 if (plen != sizeof(struct sctp_ipv6addr_param) ||
7226 p6 = (struct sctp_ipv6addr_param *)phdr;
7227 memcpy((caddr_t)&sin6.sin6_addr, p6->addr,
7229 if (IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) {
7230 /* Skip multi-cast addresses */
7233 if (IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) {
7234 /* Link local make no sense without scope */
7237 sa = (struct sockaddr *)&sin6;
7238 inp = stcb->sctp_ep;
7239 atomic_add_int(&stcb->asoc.refcnt, 1);
7240 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net,
7242 atomic_add_int(&stcb->asoc.refcnt, -1);
7243 if (stcb_tmp == NULL &&
7244 (inp == stcb->sctp_ep || inp == NULL)) {
7246 * we must validate the state again
7250 if (stcb->asoc.state == 0) {
7251 /* the assoc was freed? */
7255 * we must add the address, no scope
7258 if (sctp_add_remote_addr(stcb, sa, NULL, SCTP_DONOT_SETSCOPE, SCTP_LOAD_ADDR_5)) {
7261 } else if (stcb_tmp == stcb) {
7263 * we must validate the state again
7266 if (stcb->asoc.state == 0) {
7267 /* the assoc was freed? */
7273 ~SCTP_ADDR_NOT_IN_ASSOC;
7277 * strange, address is in another
7278 * assoc? straighten out locks.
7281 if (SCTP_GET_STATE(&stcb_tmp->asoc) & SCTP_STATE_COOKIE_WAIT) {
7282 /* in setup state we abort this guy */
7283 sctp_abort_an_association(stcb_tmp->sctp_ep,
7284 stcb_tmp, NULL, SCTP_SO_NOT_LOCKED);
7287 SCTP_TCB_UNLOCK(stcb_tmp);
7289 if (stcb->asoc.state == 0) {
7290 /* the assoc was freed? */
7298 if (ptype == SCTP_ECN_CAPABLE) {
7300 } else if (ptype == SCTP_ULP_ADAPTATION) {
7301 if (stcb->asoc.state != SCTP_STATE_OPEN) {
7302 struct sctp_adaptation_layer_indication ai, *aip;
7304 phdr = sctp_get_next_param(m, offset,
7305 (struct sctp_paramhdr *)&ai, sizeof(ai));
7306 aip = (struct sctp_adaptation_layer_indication *)phdr;
7308 stcb->asoc.peers_adaptation = ntohl(aip->indication);
7309 stcb->asoc.adaptation_needed = 1;
7312 } else if (ptype == SCTP_SET_PRIM_ADDR) {
7313 struct sctp_asconf_addr_param lstore, *fee;
7315 struct sockaddr *lsa = NULL;
7317 struct sctp_asconf_addrv4_param *fii;
7320 stcb->asoc.peer_supports_asconf = 1;
7321 if (plen > sizeof(lstore)) {
7324 phdr = sctp_get_next_param(m, offset,
7325 (struct sctp_paramhdr *)&lstore,
7326 min(plen,sizeof(lstore)));
7330 fee = (struct sctp_asconf_addr_param *)phdr;
7331 lptype = ntohs(fee->addrp.ph.param_type);
7334 case SCTP_IPV4_ADDRESS:
7336 sizeof(struct sctp_asconf_addrv4_param)) {
7337 SCTP_PRINTF("Sizeof setprim in init/init ack not %d but %d - ignored\n",
7338 (int)sizeof(struct sctp_asconf_addrv4_param),
7341 fii = (struct sctp_asconf_addrv4_param *)fee;
7342 sin.sin_addr.s_addr = fii->addrp.addr;
7343 lsa = (struct sockaddr *)&sin;
7348 case SCTP_IPV6_ADDRESS:
7350 sizeof(struct sctp_asconf_addr_param)) {
7351 SCTP_PRINTF("Sizeof setprim (v6) in init/init ack not %d but %d - ignored\n",
7352 (int)sizeof(struct sctp_asconf_addr_param),
7355 memcpy(sin6.sin6_addr.s6_addr,
7357 sizeof(fee->addrp.addr));
7358 lsa = (struct sockaddr *)&sin6;
7366 (void)sctp_set_primary_addr(stcb, sa, NULL);
7368 } else if (ptype == SCTP_HAS_NAT_SUPPORT) {
7369 stcb->asoc.peer_supports_nat = 1;
7370 } else if (ptype == SCTP_PRSCTP_SUPPORTED) {
7371 /* Peer supports pr-sctp */
7372 stcb->asoc.peer_supports_prsctp = 1;
7373 } else if (ptype == SCTP_SUPPORTED_CHUNK_EXT) {
7374 /* A supported extension chunk */
7375 struct sctp_supported_chunk_types_param *pr_supported;
7376 uint8_t local_store[SCTP_PARAM_BUFFER_SIZE];
7379 phdr = sctp_get_next_param(m, offset,
7380 (struct sctp_paramhdr *)&local_store, min(sizeof(local_store),plen));
7384 stcb->asoc.peer_supports_asconf = 0;
7385 stcb->asoc.peer_supports_prsctp = 0;
7386 stcb->asoc.peer_supports_pktdrop = 0;
7387 stcb->asoc.peer_supports_strreset = 0;
7388 stcb->asoc.peer_supports_nr_sack = 0;
7389 stcb->asoc.peer_supports_auth = 0;
7390 pr_supported = (struct sctp_supported_chunk_types_param *)phdr;
7391 num_ent = plen - sizeof(struct sctp_paramhdr);
7392 for (i = 0; i < num_ent; i++) {
7393 switch (pr_supported->chunk_types[i]) {
7395 case SCTP_ASCONF_ACK:
7396 stcb->asoc.peer_supports_asconf = 1;
7398 case SCTP_FORWARD_CUM_TSN:
7399 stcb->asoc.peer_supports_prsctp = 1;
7401 case SCTP_PACKET_DROPPED:
7402 stcb->asoc.peer_supports_pktdrop = 1;
7404 case SCTP_NR_SELECTIVE_ACK:
7405 stcb->asoc.peer_supports_nr_sack = 1;
7407 case SCTP_STREAM_RESET:
7408 stcb->asoc.peer_supports_strreset = 1;
7410 case SCTP_AUTHENTICATION:
7411 stcb->asoc.peer_supports_auth = 1;
7414 /* one I have not learned yet */
7419 } else if (ptype == SCTP_RANDOM) {
7420 if (plen > sizeof(random_store))
7423 /* already processed a RANDOM */
7426 phdr = sctp_get_next_param(m, offset,
7427 (struct sctp_paramhdr *)random_store,
7428 min(sizeof(random_store),plen));
7431 p_random = (struct sctp_auth_random *)phdr;
7432 random_len = plen - sizeof(*p_random);
7433 /* enforce the random length */
7434 if (random_len != SCTP_AUTH_RANDOM_SIZE_REQUIRED) {
7435 SCTPDBG(SCTP_DEBUG_AUTH1, "SCTP: invalid RANDOM len\n");
7439 } else if (ptype == SCTP_HMAC_LIST) {
7443 if (plen > sizeof(hmacs_store))
7446 /* already processed a HMAC list */
7449 phdr = sctp_get_next_param(m, offset,
7450 (struct sctp_paramhdr *)hmacs_store,
7451 min(plen,sizeof(hmacs_store)));
7454 hmacs = (struct sctp_auth_hmac_algo *)phdr;
7455 hmacs_len = plen - sizeof(*hmacs);
7456 num_hmacs = hmacs_len / sizeof(hmacs->hmac_ids[0]);
7457 /* validate the hmac list */
7458 if (sctp_verify_hmac_param(hmacs, num_hmacs)) {
7461 if (stcb->asoc.peer_hmacs != NULL)
7462 sctp_free_hmaclist(stcb->asoc.peer_hmacs);
7463 stcb->asoc.peer_hmacs = sctp_alloc_hmaclist(num_hmacs);
7464 if (stcb->asoc.peer_hmacs != NULL) {
7465 for (i = 0; i < num_hmacs; i++) {
7466 (void)sctp_auth_add_hmacid(stcb->asoc.peer_hmacs,
7467 ntohs(hmacs->hmac_ids[i]));
7471 } else if (ptype == SCTP_CHUNK_LIST) {
7474 if (plen > sizeof(chunks_store))
7477 /* already processed a Chunks list */
7480 phdr = sctp_get_next_param(m, offset,
7481 (struct sctp_paramhdr *)chunks_store,
7482 min(plen,sizeof(chunks_store)));
7485 chunks = (struct sctp_auth_chunk_list *)phdr;
7486 num_chunks = plen - sizeof(*chunks);
7487 if (stcb->asoc.peer_auth_chunks != NULL)
7488 sctp_clear_chunklist(stcb->asoc.peer_auth_chunks);
7490 stcb->asoc.peer_auth_chunks = sctp_alloc_chunklist();
7491 for (i = 0; i < num_chunks; i++) {
7492 (void)sctp_auth_add_chunk(chunks->chunk_types[i],
7493 stcb->asoc.peer_auth_chunks);
7494 /* record asconf/asconf-ack if listed */
7495 if (chunks->chunk_types[i] == SCTP_ASCONF)
7497 if (chunks->chunk_types[i] == SCTP_ASCONF_ACK)
7502 } else if ((ptype == SCTP_HEARTBEAT_INFO) ||
7503 (ptype == SCTP_STATE_COOKIE) ||
7504 (ptype == SCTP_UNRECOG_PARAM) ||
7505 (ptype == SCTP_COOKIE_PRESERVE) ||
7506 (ptype == SCTP_SUPPORTED_ADDRTYPE) ||
7507 (ptype == SCTP_ADD_IP_ADDRESS) ||
7508 (ptype == SCTP_DEL_IP_ADDRESS) ||
7509 (ptype == SCTP_ERROR_CAUSE_IND) ||
7510 (ptype == SCTP_SUCCESS_REPORT)) {
7513 if ((ptype & 0x8000) == 0x0000) {
7515 * must stop processing the rest of the
7516 * param's. Any report bits were handled
7518 * sctp_arethere_unrecognized_parameters()
7519 * when the INIT or INIT-ACK was first seen.
7526 offset += SCTP_SIZE32(plen);
7527 if (offset >= limit) {
7530 phdr = sctp_get_next_param(m, offset, &parm_buf,
7533 /* Now check to see if we need to purge any addresses */
7534 TAILQ_FOREACH_SAFE(net, &stcb->asoc.nets, sctp_next, nnet) {
7535 if ((net->dest_state & SCTP_ADDR_NOT_IN_ASSOC) ==
7536 SCTP_ADDR_NOT_IN_ASSOC) {
7537 /* This address has been removed from the asoc */
7538 /* remove and free it */
7539 stcb->asoc.numnets--;
7540 TAILQ_REMOVE(&stcb->asoc.nets, net, sctp_next);
7541 sctp_free_remote_addr(net);
7542 if (net == stcb->asoc.primary_destination) {
7543 stcb->asoc.primary_destination = NULL;
7544 sctp_select_primary_destination(stcb);
7548 if (ecn_allowed == 0) {
7549 stcb->asoc.ecn_allowed = 0;
7551 /* validate authentication required parameters */
7552 if (got_random && got_hmacs) {
7553 stcb->asoc.peer_supports_auth = 1;
7555 stcb->asoc.peer_supports_auth = 0;
7557 if (!stcb->asoc.peer_supports_auth && got_chklist) {
7558 /* peer does not support auth but sent a chunks list? */
7561 if (!SCTP_BASE_SYSCTL(sctp_asconf_auth_nochk) && stcb->asoc.peer_supports_asconf &&
7562 !stcb->asoc.peer_supports_auth) {
7563 /* peer supports asconf but not auth? */
7565 } else if ((stcb->asoc.peer_supports_asconf) && (stcb->asoc.peer_supports_auth) &&
7566 ((saw_asconf == 0) || (saw_asconf_ack == 0))) {
7569 /* concatenate the full random key */
7570 keylen = sizeof(*p_random) + random_len + sizeof(*hmacs) + hmacs_len;
7571 if (chunks != NULL) {
7572 keylen += sizeof(*chunks) + num_chunks;
7574 new_key = sctp_alloc_key(keylen);
7575 if (new_key != NULL) {
7576 /* copy in the RANDOM */
7577 if (p_random != NULL) {
7578 keylen = sizeof(*p_random) + random_len;
7579 bcopy(p_random, new_key->key, keylen);
7581 /* append in the AUTH chunks */
7582 if (chunks != NULL) {
7583 bcopy(chunks, new_key->key + keylen,
7584 sizeof(*chunks) + num_chunks);
7585 keylen += sizeof(*chunks) + num_chunks;
7587 /* append in the HMACs */
7588 if (hmacs != NULL) {
7589 bcopy(hmacs, new_key->key + keylen,
7590 sizeof(*hmacs) + hmacs_len);
7593 /* failed to get memory for the key */
7596 if (stcb->asoc.authinfo.peer_random != NULL)
7597 sctp_free_key(stcb->asoc.authinfo.peer_random);
7598 stcb->asoc.authinfo.peer_random = new_key;
7599 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.assoc_keyid);
7600 sctp_clear_cachedkeys(stcb, stcb->asoc.authinfo.recv_keyid);
7606 sctp_set_primary_addr(struct sctp_tcb *stcb, struct sockaddr *sa,
7607 struct sctp_nets *net)
7609 /* make sure the requested primary address exists in the assoc */
7610 if (net == NULL && sa)
7611 net = sctp_findnet(stcb, sa);
7614 /* didn't find the requested primary address! */
7617 /* set the primary address */
7618 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
7619 /* Must be confirmed, so queue to set */
7620 net->dest_state |= SCTP_ADDR_REQ_PRIMARY;
7623 stcb->asoc.primary_destination = net;
7624 if (!(net->dest_state & SCTP_ADDR_PF) && (stcb->asoc.alternate)) {
7625 sctp_free_remote_addr(stcb->asoc.alternate);
7626 stcb->asoc.alternate = NULL;
7628 net = TAILQ_FIRST(&stcb->asoc.nets);
7629 if (net != stcb->asoc.primary_destination) {
7630 /* first one on the list is NOT the primary
7631 * sctp_cmpaddr() is much more efficient if
7632 * the primary is the first on the list, make it
7635 TAILQ_REMOVE(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
7636 TAILQ_INSERT_HEAD(&stcb->asoc.nets, stcb->asoc.primary_destination, sctp_next);
7643 sctp_is_vtag_good(uint32_t tag, uint16_t lport, uint16_t rport, struct timeval *now)
7646 * This function serves two purposes. It will see if a TAG can be
7647 * re-used and return 1 for yes it is ok and 0 for don't use that
7648 * tag. A secondary function it will do is purge out old tags that
7651 struct sctpvtaghead *chain;
7652 struct sctp_tagblock *twait_block;
7653 struct sctpasochead *head;
7654 struct sctp_tcb *stcb;
7657 SCTP_INP_INFO_RLOCK();
7658 head = &SCTP_BASE_INFO(sctp_asochash)[SCTP_PCBHASH_ASOC(tag,
7659 SCTP_BASE_INFO(hashasocmark))];
7662 goto skip_vtag_check;
7664 LIST_FOREACH(stcb, head, sctp_asocs) {
7665 /* We choose not to lock anything here. TCB's can't be
7666 * removed since we have the read lock, so they can't
7667 * be freed on us, same thing for the INP. I may
7668 * be wrong with this assumption, but we will go
7669 * with it for now :-)
7671 if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
7674 if (stcb->asoc.my_vtag == tag) {
7676 if (stcb->rport != rport) {
7679 if (stcb->sctp_ep->sctp_lport != lport) {
7682 /* Its a used tag set */
7683 SCTP_INP_INFO_RUNLOCK();
7689 chain = &SCTP_BASE_INFO(vtag_timewait)[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
7690 /* Now what about timed wait ? */
7691 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
7693 * Block(s) are present, lets see if we have this tag in the
7696 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
7697 if (twait_block->vtag_block[i].v_tag == 0) {
7700 } else if ((long)twait_block->vtag_block[i].tv_sec_at_expire <
7702 /* Audit expires this guy */
7703 twait_block->vtag_block[i].tv_sec_at_expire = 0;
7704 twait_block->vtag_block[i].v_tag = 0;
7705 twait_block->vtag_block[i].lport = 0;
7706 twait_block->vtag_block[i].rport = 0;
7707 } else if ((twait_block->vtag_block[i].v_tag == tag) &&
7708 (twait_block->vtag_block[i].lport == lport) &&
7709 (twait_block->vtag_block[i].rport == rport)) {
7710 /* Bad tag, sorry :< */
7711 SCTP_INP_INFO_RUNLOCK();
7716 SCTP_INP_INFO_RUNLOCK();
7721 sctp_drain_mbufs(struct sctp_tcb *stcb)
7724 * We must hunt this association for MBUF's past the cumack (i.e.
7725 * out of order data that we can renege on).
7727 struct sctp_association *asoc;
7728 struct sctp_tmit_chunk *chk, *nchk;
7729 uint32_t cumulative_tsn_p1;
7730 struct sctp_queued_to_read *ctl, *nctl;
7735 /* We look for anything larger than the cum-ack + 1 */
7738 if (asoc->cumulative_tsn == asoc->highest_tsn_inside_map) {
7739 /* none we can reneg on. */
7742 SCTP_STAT_INCR(sctps_protocol_drains_done);
7743 cumulative_tsn_p1 = asoc->cumulative_tsn + 1;
7745 /* First look in the re-assembly queue */
7746 TAILQ_FOREACH_SAFE(chk, &asoc->reasmqueue, sctp_next, nchk) {
7747 if (SCTP_TSN_GT(chk->rec.data.TSN_seq, cumulative_tsn_p1)) {
7748 /* Yep it is above cum-ack */
7750 SCTP_CALC_TSN_TO_GAP(gap, chk->rec.data.TSN_seq, asoc->mapping_array_base_tsn);
7751 asoc->size_on_reasm_queue = sctp_sbspace_sub(asoc->size_on_reasm_queue, chk->send_size);
7752 sctp_ucount_decr(asoc->cnt_on_reasm_queue);
7753 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
7754 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
7756 sctp_m_freem(chk->data);
7759 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
7762 /* Ok that was fun, now we will drain all the inbound streams? */
7763 for (strmat = 0; strmat < asoc->streamincnt; strmat++) {
7764 TAILQ_FOREACH_SAFE(ctl, &asoc->strmin[strmat].inqueue, next, nctl) {
7765 if (SCTP_TSN_GT(ctl->sinfo_tsn, cumulative_tsn_p1)) {
7766 /* Yep it is above cum-ack */
7768 SCTP_CALC_TSN_TO_GAP(gap, ctl->sinfo_tsn, asoc->mapping_array_base_tsn);
7769 asoc->size_on_all_streams = sctp_sbspace_sub(asoc->size_on_all_streams, ctl->length);
7770 sctp_ucount_decr(asoc->cnt_on_all_streams);
7771 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
7772 TAILQ_REMOVE(&asoc->strmin[strmat].inqueue, ctl, next);
7774 sctp_m_freem(ctl->data);
7777 sctp_free_remote_addr(ctl->whoFrom);
7778 SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_readq), ctl);
7779 SCTP_DECR_READQ_COUNT();
7784 /* We must back down to see what the new highest is */
7785 for (i = asoc->highest_tsn_inside_map; SCTP_TSN_GE(i, asoc->mapping_array_base_tsn); i--) {
7786 SCTP_CALC_TSN_TO_GAP(gap, i, asoc->mapping_array_base_tsn);
7787 if (SCTP_IS_TSN_PRESENT(asoc->mapping_array, gap)) {
7788 asoc->highest_tsn_inside_map = i;
7794 asoc->highest_tsn_inside_map = asoc->mapping_array_base_tsn - 1;
7798 * Question, should we go through the delivery queue? The only
7799 * reason things are on here is the app not reading OR a p-d-api up.
7800 * An attacker COULD send enough in to initiate the PD-API and then
7801 * send a bunch of stuff to other streams... these would wind up on
7802 * the delivery queue.. and then we would not get to them. But in
7803 * order to do this I then have to back-track and un-deliver
7804 * sequence numbers in streams.. el-yucko. I think for now we will
7805 * NOT look at the delivery queue and leave it to be something to
7806 * consider later. An alternative would be to abort the P-D-API with
7807 * a notification and then deliver the data.... Or another method
7808 * might be to keep track of how many times the situation occurs and
7809 * if we see a possible attack underway just abort the association.
7812 SCTPDBG(SCTP_DEBUG_PCB1, "Freed %d chunks from reneg harvest\n", cnt);
7815 * Now do we need to find a new
7816 * asoc->highest_tsn_inside_map?
7818 asoc->last_revoke_count = cnt;
7819 (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer);
7820 /*sa_ignore NO_NULL_CHK*/
7821 sctp_send_sack(stcb, SCTP_SO_NOT_LOCKED);
7822 sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_DRAIN, SCTP_SO_NOT_LOCKED);
7825 * Another issue, in un-setting the TSN's in the mapping array we
7826 * DID NOT adjust the highest_tsn marker. This will cause one of two
7827 * things to occur. It may cause us to do extra work in checking for
7828 * our mapping array movement. More importantly it may cause us to
7829 * SACK every datagram. This may not be a bad thing though since we
7830 * will recover once we get our cum-ack above and all this stuff we
7839 * We must walk the PCB lists for ALL associations here. The system
7840 * is LOW on MBUF's and needs help. This is where reneging will
7841 * occur. We really hope this does NOT happen!
7843 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000
7844 VNET_ITERATOR_DECL(vnet_iter);
7846 struct sctp_inpcb *inp;
7847 struct sctp_tcb *stcb;
7849 SCTP_STAT_INCR(sctps_protocol_drain_calls);
7850 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) {
7854 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000
7855 VNET_LIST_RLOCK_NOSLEEP();
7856 VNET_FOREACH(vnet_iter) {
7857 CURVNET_SET(vnet_iter);
7858 struct sctp_inpcb *inp;
7859 struct sctp_tcb *stcb;
7862 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000
7863 SCTP_STAT_INCR(sctps_protocol_drain_calls);
7864 if (SCTP_BASE_SYSCTL(sctp_do_drain) == 0) {
7872 SCTP_INP_INFO_RLOCK();
7873 LIST_FOREACH(inp, &SCTP_BASE_INFO(listhead), sctp_list) {
7874 /* For each endpoint */
7875 SCTP_INP_RLOCK(inp);
7876 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
7877 /* For each association */
7878 SCTP_TCB_LOCK(stcb);
7879 sctp_drain_mbufs(stcb);
7880 SCTP_TCB_UNLOCK(stcb);
7882 SCTP_INP_RUNLOCK(inp);
7884 SCTP_INP_INFO_RUNLOCK();
7885 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000
7888 VNET_LIST_RUNLOCK_NOSLEEP();
7893 * start a new iterator
7894 * iterates through all endpoints and associations based on the pcb_state
7895 * flags and asoc_state. "af" (mandatory) is executed for all matching
7896 * assocs and "ef" (optional) is executed when the iterator completes.
7897 * "inpf" (optional) is executed for each new endpoint as it is being
7898 * iterated through. inpe (optional) is called when the inp completes
7899 * its way through all the stcbs.
7902 sctp_initiate_iterator(inp_func inpf,
7906 uint32_t pcb_features,
7907 uint32_t asoc_state,
7911 struct sctp_inpcb *s_inp,
7912 uint8_t chunk_output_off)
7914 struct sctp_iterator *it = NULL;
7919 SCTP_MALLOC(it, struct sctp_iterator *, sizeof(struct sctp_iterator),
7922 SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOMEM);
7925 memset(it, 0, sizeof(*it));
7926 it->function_assoc = af;
7927 it->function_inp = inpf;
7929 it->done_current_ep = 0;
7931 it->done_current_ep = 1;
7932 it->function_atend = ef;
7935 it->pcb_flags = pcb_state;
7936 it->pcb_features = pcb_features;
7937 it->asoc_state = asoc_state;
7938 it->function_inp_end = inpe;
7939 it->no_chunk_output = chunk_output_off;
7940 #if defined(__FreeBSD__) && __FreeBSD_version >= 801000
7944 /* Assume lock is held here */
7946 SCTP_INP_INCR_REF(it->inp);
7947 it->iterator_flags = SCTP_ITERATOR_DO_SINGLE_INP;
7949 SCTP_INP_INFO_RLOCK();
7950 it->inp = LIST_FIRST(&SCTP_BASE_INFO(listhead));
7952 SCTP_INP_INCR_REF(it->inp);
7954 SCTP_INP_INFO_RUNLOCK();
7955 it->iterator_flags = SCTP_ITERATOR_DO_ALL_INP;
7958 SCTP_IPI_ITERATOR_WQ_LOCK();
7960 TAILQ_INSERT_TAIL(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr);
7961 if (sctp_it_ctl.iterator_running == 0) {
7962 sctp_wakeup_iterator();
7964 SCTP_IPI_ITERATOR_WQ_UNLOCK();
7965 /* sa_ignore MEMLEAK {memory is put on the tailq for the iterator} */