1 /* $KAME: sctp_pcb.c,v 1.37 2004/08/17 06:28:02 t-momose Exp $ */
4 * Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by Cisco Systems, Inc.
18 * 4. Neither the name of the project nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY CISCO SYSTEMS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL CISCO SYSTEMS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #if !(defined(__OpenBSD__) || defined(__APPLE__))
35 #include "opt_ipsec.h"
37 #if defined(__FreeBSD__) || defined(__DragonFly__)
38 #include "opt_compat.h"
39 #include "opt_inet6.h"
42 #if defined(__NetBSD__)
47 #elif !defined(__OpenBSD__)
51 #include <sys/param.h>
52 #include <sys/systm.h>
53 #include <sys/malloc.h>
55 #include <sys/domain.h>
56 #include <sys/protosw.h>
57 #include <sys/socket.h>
58 #include <sys/socketvar.h>
61 #include <sys/kernel.h>
62 #include <sys/sysctl.h>
63 #include <sys/thread2.h>
64 #if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__)
65 #include <sys/random.h>
67 #if defined(__NetBSD__)
70 #if defined(__OpenBSD__)
71 #include <dev/rndvar.h>
74 #if defined(__APPLE__)
75 #include <netinet/sctp_callout.h>
76 #elif defined(__OpenBSD__)
77 #include <sys/timeout.h>
79 #include <sys/callout.h>
82 #if (defined(__FreeBSD__) && __FreeBSD_version >= 500000)
83 #include <sys/limits.h>
85 #include <machine/limits.h>
87 #include <machine/cpu.h>
90 #include <net/if_types.h>
91 #include <net/route.h>
92 #include <netinet/in.h>
93 #include <netinet/in_systm.h>
94 #include <netinet/ip.h>
95 #include <netinet/in_pcb.h>
96 #include <netinet/in_var.h>
97 #include <netinet/ip_var.h>
100 #include <netinet/ip6.h>
101 #include <netinet6/ip6_var.h>
102 #include <netinet6/scope6_var.h>
103 #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
104 #include <netinet6/in6_pcb.h>
105 #elif defined(__OpenBSD__)
106 #include <netinet/in_pcb.h>
112 #include <netinet6/ipsec.h>
113 #include <netproto/key/key.h>
119 #include <netinet/sctp_var.h>
120 #include <netinet/sctp_pcb.h>
121 #include <netinet/sctputil.h>
122 #include <netinet/sctp.h>
123 #include <netinet/sctp_header.h>
124 #include <netinet/sctp_asconf.h>
125 #include <netinet/sctp_output.h>
126 #include <netinet/sctp_timer.h>
128 #ifndef SCTP_PCBHASHSIZE
129 /* default number of association hash buckets in each endpoint */
130 #define SCTP_PCBHASHSIZE 256
134 u_int32_t sctp_debug_on = 0;
135 #endif /* SCTP_DEBUG */
137 u_int32_t sctp_pegs[SCTP_NUMBER_OF_PEGS];
139 int sctp_pcbtblsize = SCTP_PCBHASHSIZE;
141 struct sctp_epinfo sctppcbinfo;
143 /* FIX: we don't handle multiple link local scopes */
144 /* "scopeless" replacement IN6_ARE_ADDR_EQUAL */
146 SCTP6_ARE_ADDR_EQUAL(struct in6_addr *a, struct in6_addr *b)
148 struct in6_addr tmp_a, tmp_b;
149 /* use a copy of a and b */
152 in6_clearscope(&tmp_a);
153 in6_clearscope(&tmp_b);
154 return (IN6_ARE_ADDR_EQUAL(&tmp_a, &tmp_b));
158 extern int ipport_firstauto;
159 extern int ipport_lastauto;
160 extern int ipport_hifirstauto;
161 extern int ipport_hilastauto;
164 #if defined(__FreeBSD__) && __FreeBSD_version > 500000
167 void sctp_validate_no_locks(void);
170 SCTP_INP_RLOCK(struct sctp_inpcb *inp)
172 struct sctp_tcb *stcb;
173 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
174 if (mtx_owned(&(stcb)->tcb_mtx))
175 panic("I own TCB lock?");
177 if (mtx_owned(&(inp)->inp_mtx))
178 panic("INP Recursive Lock-R");
179 mtx_lock(&(inp)->inp_mtx);
183 SCTP_INP_WLOCK(struct sctp_inpcb *inp)
189 SCTP_INP_INFO_RLOCK(void)
191 struct sctp_inpcb *inp;
192 struct sctp_tcb *stcb;
193 LIST_FOREACH(inp, &sctppcbinfo.listhead, sctp_list) {
194 if (mtx_owned(&(inp)->inp_mtx))
195 panic("info-lock and own inp lock?");
196 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
197 if (mtx_owned(&(stcb)->tcb_mtx))
198 panic("Info lock and own a tcb lock?");
201 if (mtx_owned(&sctppcbinfo.ipi_ep_mtx))
202 panic("INP INFO Recursive Lock-R");
203 mtx_lock(&sctppcbinfo.ipi_ep_mtx);
207 SCTP_INP_INFO_WLOCK(void)
209 SCTP_INP_INFO_RLOCK();
213 void sctp_validate_no_locks(void)
215 struct sctp_inpcb *inp;
216 struct sctp_tcb *stcb;
218 if (mtx_owned(&sctppcbinfo.ipi_ep_mtx))
219 panic("INP INFO lock is owned?");
221 LIST_FOREACH(inp, &sctppcbinfo.listhead, sctp_list) {
222 if (mtx_owned(&(inp)->inp_mtx))
223 panic("You own an INP lock?");
224 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
225 if (mtx_owned(&(stcb)->tcb_mtx))
226 panic("You own a TCB lock?");
235 sctp_fill_pcbinfo(struct sctp_pcbinfo *spcb)
237 /* We really don't need
238 * to lock this, but I will
239 * just because it does not hurt.
241 SCTP_INP_INFO_RLOCK();
242 spcb->ep_count = sctppcbinfo.ipi_count_ep;
243 spcb->asoc_count = sctppcbinfo.ipi_count_asoc;
244 spcb->laddr_count = sctppcbinfo.ipi_count_laddr;
245 spcb->raddr_count = sctppcbinfo.ipi_count_raddr;
246 spcb->chk_count = sctppcbinfo.ipi_count_chunk;
247 spcb->sockq_count = sctppcbinfo.ipi_count_sockq;
248 spcb->mbuf_track = sctppcbinfo.mbuf_track;
249 SCTP_INP_INFO_RUNLOCK();
254 * Notes on locks for FreeBSD 5 and up. All association
255 * lookups that have a definte ep, the INP structure is
256 * assumed to be locked for reading. If we need to go
257 * find the INP (ususally when a **inp is passed) then
258 * we must lock the INFO structure first and if needed
259 * lock the INP too. Note that if we lock it we must
265 * Given a endpoint, look and find in its association list any association
266 * with the "to" address given. This can be a "from" address, too, for
267 * inbound packets. For outbound packets it is a true "to" address.
269 static struct sctp_tcb *
270 sctp_tcb_special_locate(struct sctp_inpcb **inp_p, struct sockaddr *from,
271 struct sockaddr *to, struct sctp_nets **netp)
273 /**** ASSUMSES THE CALLER holds the INP_INFO_RLOCK */
276 * Note for this module care must be taken when observing what to is
277 * for. In most of the rest of the code the TO field represents my
278 * peer and the FROM field represents my address. For this module it
279 * is reversed of that.
282 * If we support the TCP model, then we must now dig through to
283 * see if we can find our endpoint in the list of tcp ep's.
285 uint16_t lport, rport;
286 struct sctppcbhead *ephead;
287 struct sctp_inpcb *inp;
288 struct sctp_laddr *laddr;
289 struct sctp_tcb *stcb;
290 struct sctp_nets *net;
292 if ((to == NULL) || (from == NULL)) {
296 if (to->sa_family == AF_INET && from->sa_family == AF_INET) {
297 lport = ((struct sockaddr_in *)to)->sin_port;
298 rport = ((struct sockaddr_in *)from)->sin_port;
299 } else if (to->sa_family == AF_INET6 && from->sa_family == AF_INET6) {
300 lport = ((struct sockaddr_in6 *)to)->sin6_port;
301 rport = ((struct sockaddr_in6 *)from)->sin6_port;
305 ephead = &sctppcbinfo.sctp_tcpephash[SCTP_PCBHASH_ALLADDR(
306 (lport + rport), sctppcbinfo.hashtcpmark)];
308 * Ok now for each of the guys in this bucket we must look
310 * - Does the remote port match.
311 * - Does there single association's addresses match this
313 * If so we update p_ep to point to this ep and return the
316 LIST_FOREACH(inp, ephead, sctp_hash) {
317 if (lport != inp->sctp_lport) {
321 /* check to see if the ep has one of the addresses */
322 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) {
323 /* We are NOT bound all, so look further */
326 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
327 if (laddr->ifa == NULL) {
329 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
330 kprintf("An ounce of prevention is worth a pound of cure\n");
335 if (laddr->ifa->ifa_addr == NULL) {
337 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
338 kprintf("ifa with a NULL address\n");
343 if (laddr->ifa->ifa_addr->sa_family ==
345 /* see if it matches */
346 struct sockaddr_in *intf_addr, *sin;
347 intf_addr = (struct sockaddr_in *)
348 laddr->ifa->ifa_addr;
349 sin = (struct sockaddr_in *)to;
350 if (from->sa_family == AF_INET) {
351 if (sin->sin_addr.s_addr ==
352 intf_addr->sin_addr.s_addr) {
354 SCTP_INP_RUNLOCK(inp);
358 struct sockaddr_in6 *intf_addr6;
359 struct sockaddr_in6 *sin6;
360 sin6 = (struct sockaddr_in6 *)
362 intf_addr6 = (struct sockaddr_in6 *)
363 laddr->ifa->ifa_addr;
365 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
366 &intf_addr6->sin6_addr)) {
368 SCTP_INP_RUNLOCK(inp);
375 /* This endpoint does not have this address */
376 SCTP_INP_RUNLOCK(inp);
381 * Ok if we hit here the ep has the address, does it hold the
385 stcb = LIST_FIRST(&inp->sctp_asoc_list);
387 SCTP_INP_RUNLOCK(inp);
391 if (stcb->rport != rport) {
392 /* remote port does not match. */
393 SCTP_TCB_UNLOCK(stcb);
394 SCTP_INP_RUNLOCK(inp);
397 /* Does this TCB have a matching address? */
398 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
399 if (net->ro._l_addr.sa.sa_family != from->sa_family) {
400 /* not the same family, can't be a match */
403 if (from->sa_family == AF_INET) {
404 struct sockaddr_in *sin, *rsin;
405 sin = (struct sockaddr_in *)&net->ro._l_addr;
406 rsin = (struct sockaddr_in *)from;
407 if (sin->sin_addr.s_addr ==
408 rsin->sin_addr.s_addr) {
413 /* Update the endpoint pointer */
415 SCTP_INP_RUNLOCK(inp);
419 struct sockaddr_in6 *sin6, *rsin6;
420 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
421 rsin6 = (struct sockaddr_in6 *)from;
422 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
423 &rsin6->sin6_addr)) {
428 /* Update the endpoint pointer */
430 SCTP_INP_RUNLOCK(inp);
435 SCTP_TCB_UNLOCK(stcb);
437 SCTP_INP_RUNLOCK(inp);
443 sctp_findassociation_ep_asconf(struct mbuf *m, int iphlen, int offset,
444 struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp)
446 struct sctp_tcb *stcb;
447 struct sockaddr_in *sin;
448 struct sockaddr_in6 *sin6;
449 struct sockaddr_storage local_store, remote_store;
451 struct sctp_paramhdr parm_buf, *phdr;
454 memset(&local_store, 0, sizeof(local_store));
455 memset(&remote_store, 0, sizeof(remote_store));
457 /* First get the destination address setup too. */
458 iph = mtod(m, struct ip *);
459 if (iph->ip_v == IPVERSION) {
461 sin = (struct sockaddr_in *)&local_store;
462 sin->sin_family = AF_INET;
463 sin->sin_len = sizeof(*sin);
464 sin->sin_port = sh->dest_port;
465 sin->sin_addr.s_addr = iph->ip_dst.s_addr ;
466 } else if (iph->ip_v == (IPV6_VERSION >> 4)) {
469 ip6 = mtod(m, struct ip6_hdr *);
470 sin6 = (struct sockaddr_in6 *)&local_store;
471 sin6->sin6_family = AF_INET6;
472 sin6->sin6_len = sizeof(*sin6);
473 sin6->sin6_port = sh->dest_port;
474 sin6->sin6_addr = ip6->ip6_dst;
479 phdr = sctp_get_next_param(m, offset + sizeof(struct sctp_asconf_chunk),
480 &parm_buf, sizeof(struct sctp_paramhdr));
483 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
484 kprintf("sctp_process_control: failed to get asconf lookup addr\n");
486 #endif /* SCTP_DEBUG */
489 ptype = (int)((u_int)ntohs(phdr->param_type));
490 /* get the correlation address */
491 if (ptype == SCTP_IPV6_ADDRESS) {
492 /* ipv6 address param */
493 struct sctp_ipv6addr_param *p6, p6_buf;
494 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv6addr_param)) {
498 p6 = (struct sctp_ipv6addr_param *)sctp_get_next_param(m,
499 offset + sizeof(struct sctp_asconf_chunk),
500 &p6_buf.ph, sizeof(*p6));
503 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
504 kprintf("sctp_process_control: failed to get asconf v6 lookup addr\n");
506 #endif /* SCTP_DEBUG */
509 sin6 = (struct sockaddr_in6 *)&remote_store;
510 sin6->sin6_family = AF_INET6;
511 sin6->sin6_len = sizeof(*sin6);
512 sin6->sin6_port = sh->src_port;
513 memcpy(&sin6->sin6_addr, &p6->addr, sizeof(struct in6_addr));
514 } else if (ptype == SCTP_IPV4_ADDRESS) {
515 /* ipv4 address param */
516 struct sctp_ipv4addr_param *p4, p4_buf;
517 if (ntohs(phdr->param_length) != sizeof(struct sctp_ipv4addr_param)) {
521 p4 = (struct sctp_ipv4addr_param *)sctp_get_next_param(m,
522 offset + sizeof(struct sctp_asconf_chunk),
523 &p4_buf.ph, sizeof(*p4));
526 if (sctp_debug_on & SCTP_DEBUG_INPUT3) {
527 kprintf("sctp_process_control: failed to get asconf v4 lookup addr\n");
529 #endif /* SCTP_DEBUG */
532 sin = (struct sockaddr_in *)&remote_store;
533 sin->sin_family = AF_INET;
534 sin->sin_len = sizeof(*sin);
535 sin->sin_port = sh->src_port;
536 memcpy(&sin->sin_addr, &p4->addr, sizeof(struct in_addr));
538 /* invalid address param type */
542 stcb = sctp_findassociation_ep_addr(inp_p,
543 (struct sockaddr *)&remote_store, netp,
544 (struct sockaddr *)&local_store, NULL);
549 sctp_findassociation_ep_addr(struct sctp_inpcb **inp_p, struct sockaddr *remote,
550 struct sctp_nets **netp, struct sockaddr *local, struct sctp_tcb *locked_tcb)
552 struct sctpasochead *head;
553 struct sctp_inpcb *inp;
554 struct sctp_tcb *stcb;
555 struct sctp_nets *net;
559 if (remote->sa_family == AF_INET) {
560 rport = (((struct sockaddr_in *)remote)->sin_port);
561 } else if (remote->sa_family == AF_INET6) {
562 rport = (((struct sockaddr_in6 *)remote)->sin6_port);
567 /* UN-lock so we can do proper locking here
568 * this occurs when called from load_addresses_from_init.
570 SCTP_TCB_UNLOCK(locked_tcb);
572 SCTP_INP_INFO_RLOCK();
573 if (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) {
575 * Now either this guy is our listner or it's the connector.
576 * If it is the one that issued the connect, then it's only
577 * chance is to be the first TCB in the list. If it is the
578 * acceptor, then do the special_lookup to hash and find the
581 if (inp->sctp_flags & SCTP_PCB_FLAGS_ACCEPTING) {
582 /* to is peer addr, from is my addr */
583 stcb = sctp_tcb_special_locate(inp_p, remote, local,
585 if ((stcb != NULL) && (locked_tcb == NULL)){
586 /* we have a locked tcb, lower refcount */
588 SCTP_INP_DECR_REF(inp);
589 SCTP_INP_WUNLOCK(inp);
591 if (locked_tcb != NULL) {
592 SCTP_INP_RLOCK(locked_tcb->sctp_ep);
593 SCTP_TCB_LOCK(locked_tcb);
594 SCTP_INP_RUNLOCK(locked_tcb->sctp_ep);
596 SCTP_TCB_UNLOCK(stcb);
598 SCTP_INP_INFO_RUNLOCK();
602 stcb = LIST_FIRST(&inp->sctp_asoc_list);
607 if (stcb->rport != rport) {
608 /* remote port does not match. */
609 SCTP_TCB_UNLOCK(stcb);
612 /* now look at the list of remote addresses */
613 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
614 if (net->ro._l_addr.sa.sa_family !=
616 /* not the same family */
619 if (remote->sa_family == AF_INET) {
620 struct sockaddr_in *sin, *rsin;
621 sin = (struct sockaddr_in *)
623 rsin = (struct sockaddr_in *)remote;
624 if (sin->sin_addr.s_addr ==
625 rsin->sin_addr.s_addr) {
630 if (locked_tcb == NULL) {
631 SCTP_INP_DECR_REF(inp);
633 SCTP_INP_WUNLOCK(inp);
634 SCTP_INP_INFO_RUNLOCK();
637 } else if (remote->sa_family == AF_INET6) {
638 struct sockaddr_in6 *sin6, *rsin6;
639 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
640 rsin6 = (struct sockaddr_in6 *)remote;
641 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
642 &rsin6->sin6_addr)) {
647 if (locked_tcb == NULL) {
648 SCTP_INP_DECR_REF(inp);
650 SCTP_INP_WUNLOCK(inp);
651 SCTP_INP_INFO_RUNLOCK();
656 SCTP_TCB_UNLOCK(stcb);
660 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(rport,
661 inp->sctp_hashmark)];
665 LIST_FOREACH(stcb, head, sctp_tcbhash) {
666 if (stcb->rport != rport) {
667 /* remote port does not match */
670 /* now look at the list of remote addresses */
672 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
673 if (net->ro._l_addr.sa.sa_family !=
675 /* not the same family */
678 if (remote->sa_family == AF_INET) {
679 struct sockaddr_in *sin, *rsin;
680 sin = (struct sockaddr_in *)
682 rsin = (struct sockaddr_in *)remote;
683 if (sin->sin_addr.s_addr ==
684 rsin->sin_addr.s_addr) {
689 if (locked_tcb == NULL) {
690 SCTP_INP_DECR_REF(inp);
692 SCTP_INP_WUNLOCK(inp);
693 SCTP_INP_INFO_RUNLOCK();
696 } else if (remote->sa_family == AF_INET6) {
697 struct sockaddr_in6 *sin6, *rsin6;
698 sin6 = (struct sockaddr_in6 *)
700 rsin6 = (struct sockaddr_in6 *)remote;
701 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
702 &rsin6->sin6_addr)) {
707 if (locked_tcb == NULL) {
708 SCTP_INP_DECR_REF(inp);
710 SCTP_INP_WUNLOCK(inp);
711 SCTP_INP_INFO_RUNLOCK();
716 SCTP_TCB_UNLOCK(stcb);
720 /* clean up for returning null */
722 if (locked_tcb->sctp_ep != inp) {
723 SCTP_INP_RLOCK(locked_tcb->sctp_ep);
724 SCTP_TCB_LOCK(locked_tcb);
725 SCTP_INP_RUNLOCK(locked_tcb->sctp_ep);
727 SCTP_TCB_LOCK(locked_tcb);
729 SCTP_INP_WUNLOCK(inp);
730 SCTP_INP_INFO_RUNLOCK();
736 * Find an association for a specific endpoint using the association id
737 * given out in the COMM_UP notification
740 sctp_findassociation_ep_asocid(struct sctp_inpcb *inp, caddr_t asoc_id)
743 * Use my the assoc_id to find a endpoint
745 struct sctpasochead *head;
746 struct sctp_tcb *stcb;
749 if (asoc_id == 0 || inp == NULL) {
752 SCTP_INP_INFO_RLOCK();
753 vtag = (u_int32_t)(uintptr_t)asoc_id;
754 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(vtag,
755 sctppcbinfo.hashasocmark)];
758 SCTP_INP_INFO_RUNLOCK();
761 LIST_FOREACH(stcb, head, sctp_asocs) {
762 SCTP_INP_RLOCK(stcb->sctp_ep);
764 SCTP_INP_RUNLOCK(stcb->sctp_ep);
765 if (stcb->asoc.my_vtag == vtag) {
767 if (inp != stcb->sctp_ep) {
768 /* some other guy has the
769 * same vtag active (vtag collision).
771 sctp_pegs[SCTP_VTAG_BOGUS]++;
772 SCTP_TCB_UNLOCK(stcb);
775 sctp_pegs[SCTP_VTAG_EXPR]++;
776 SCTP_INP_INFO_RUNLOCK();
779 SCTP_TCB_UNLOCK(stcb);
781 SCTP_INP_INFO_RUNLOCK();
785 static struct sctp_inpcb *
786 sctp_endpoint_probe(struct sockaddr *nam, struct sctppcbhead *head,
789 struct sctp_inpcb *inp;
790 struct sockaddr_in *sin;
791 struct sockaddr_in6 *sin6;
792 struct sctp_laddr *laddr;
794 /* Endpoing probe expects
795 * that the INP_INFO is locked.
797 if (nam->sa_family == AF_INET) {
798 sin = (struct sockaddr_in *)nam;
800 } else if (nam->sa_family == AF_INET6) {
801 sin6 = (struct sockaddr_in6 *)nam;
804 /* unsupported family */
810 LIST_FOREACH(inp, head, sctp_hash) {
813 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) &&
814 (inp->sctp_lport == lport)) {
816 if ((nam->sa_family == AF_INET) &&
817 (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6)) {
818 /* IPv4 on a IPv6 socket with ONLY IPv6 set */
819 SCTP_INP_RUNLOCK(inp);
822 /* A V6 address and the endpoint is NOT bound V6 */
823 if (nam->sa_family == AF_INET6 &&
824 (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) {
825 SCTP_INP_RUNLOCK(inp);
828 SCTP_INP_RUNLOCK(inp);
831 SCTP_INP_RUNLOCK(inp);
834 if ((nam->sa_family == AF_INET) &&
835 (sin->sin_addr.s_addr == INADDR_ANY)) {
836 /* Can't hunt for one that has no address specified */
838 } else if ((nam->sa_family == AF_INET6) &&
839 (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))) {
840 /* Can't hunt for one that has no address specified */
844 * ok, not bound to all so see if we can find a EP bound to this
848 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
849 kprintf("Ok, there is NO bound-all available for port:%x\n", ntohs(lport));
852 LIST_FOREACH(inp, head, sctp_hash) {
854 if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL)) {
855 SCTP_INP_RUNLOCK(inp);
859 * Ok this could be a likely candidate, look at all of
862 if (inp->sctp_lport != lport) {
863 SCTP_INP_RUNLOCK(inp);
867 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
868 kprintf("Ok, found matching local port\n");
871 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
872 if (laddr->ifa == NULL) {
874 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
875 kprintf("An ounce of prevention is worth a pound of cure\n");
881 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
882 kprintf("Ok laddr->ifa:%p is possible, ",
886 if (laddr->ifa->ifa_addr == NULL) {
888 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
889 kprintf("Huh IFA as an ifa_addr=NULL, ");
895 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
896 kprintf("Ok laddr->ifa:%p is possible, ",
897 laddr->ifa->ifa_addr);
898 sctp_print_address(laddr->ifa->ifa_addr);
899 kprintf("looking for ");
900 sctp_print_address(nam);
903 if (laddr->ifa->ifa_addr->sa_family == nam->sa_family) {
904 /* possible, see if it matches */
905 struct sockaddr_in *intf_addr;
906 intf_addr = (struct sockaddr_in *)
907 laddr->ifa->ifa_addr;
908 if (nam->sa_family == AF_INET) {
909 if (sin->sin_addr.s_addr ==
910 intf_addr->sin_addr.s_addr) {
912 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
913 kprintf("YES, return ep:%p\n", inp);
916 SCTP_INP_RUNLOCK(inp);
919 } else if (nam->sa_family == AF_INET6) {
920 struct sockaddr_in6 *intf_addr6;
921 intf_addr6 = (struct sockaddr_in6 *)
922 laddr->ifa->ifa_addr;
923 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
924 &intf_addr6->sin6_addr)) {
926 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
927 kprintf("YES, return ep:%p\n", inp);
930 SCTP_INP_RUNLOCK(inp);
935 SCTP_INP_RUNLOCK(inp);
939 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
940 kprintf("NO, Falls out to NULL\n");
948 sctp_pcb_findep(struct sockaddr *nam, int find_tcp_pool, int have_lock)
951 * First we check the hash table to see if someone has this port
952 * bound with just the port.
954 struct sctp_inpcb *inp;
955 struct sctppcbhead *head;
958 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
959 kprintf("Looking for endpoint %d :",
960 ntohs(((struct sockaddr_in *)nam)->sin_port));
961 sctp_print_address(nam);
964 if (nam->sa_family == AF_INET) {
965 lport = ((struct sockaddr_in *)nam)->sin_port;
966 } else if (nam->sa_family == AF_INET6) {
967 lport = ((struct sockaddr_in6 *)nam)->sin6_port;
969 /* unsupported family */
973 * I could cheat here and just cast to one of the types but we will
974 * do it right. It also provides the check against an Unsupported
977 /* Find the head of the ALLADDR chain */
979 SCTP_INP_INFO_RLOCK();
980 head = &sctppcbinfo.sctp_ephash[SCTP_PCBHASH_ALLADDR(lport,
981 sctppcbinfo.hashmark)];
983 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
984 kprintf("Main hash to lookup at head:%p\n", head);
987 inp = sctp_endpoint_probe(nam, head, lport);
990 * If the TCP model exists it could be that the main listening
991 * endpoint is gone but there exists a connected socket for this
992 * guy yet. If so we can return the first one that we find. This
993 * may NOT be the correct one but the sctp_findassociation_ep_addr
994 * has further code to look at all TCP models.
996 if (inp == NULL && find_tcp_pool) {
999 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
1000 kprintf("EP was NULL and TCP model is supported\n");
1003 for (i = 0; i < sctppcbinfo.hashtblsize; i++) {
1005 * This is real gross, but we do NOT have a remote
1006 * port at this point depending on who is calling. We
1007 * must therefore look for ANY one that matches our
1010 head = &sctppcbinfo.sctp_tcpephash[i];
1011 if (LIST_FIRST(head)) {
1012 inp = sctp_endpoint_probe(nam, head, lport);
1021 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
1022 kprintf("EP to return is %p\n", inp);
1025 if (have_lock == 0) {
1027 SCTP_INP_WLOCK(inp);
1028 SCTP_INP_INCR_REF(inp);
1029 SCTP_INP_WUNLOCK(inp);
1031 SCTP_INP_INFO_RUNLOCK();
1034 SCTP_INP_WLOCK(inp);
1035 SCTP_INP_INCR_REF(inp);
1036 SCTP_INP_WUNLOCK(inp);
1043 * Find an association for an endpoint with the pointer to whom you want
1044 * to send to and the endpoint pointer. The address can be IPv4 or IPv6.
1045 * We may need to change the *to to some other struct like a mbuf...
1048 sctp_findassociation_addr_sa(struct sockaddr *to, struct sockaddr *from,
1049 struct sctp_inpcb **inp_p, struct sctp_nets **netp, int find_tcp_pool)
1051 struct sctp_inpcb *inp;
1052 struct sctp_tcb *retval;
1054 SCTP_INP_INFO_RLOCK();
1055 if (find_tcp_pool) {
1056 if (inp_p != NULL) {
1057 retval = sctp_tcb_special_locate(inp_p, from, to, netp);
1059 retval = sctp_tcb_special_locate(&inp, from, to, netp);
1061 if (retval != NULL) {
1062 SCTP_INP_INFO_RUNLOCK();
1066 inp = sctp_pcb_findep(to, 0, 1);
1067 if (inp_p != NULL) {
1070 SCTP_INP_INFO_RUNLOCK();
1077 * ok, we have an endpoint, now lets find the assoc for it (if any)
1078 * we now place the source address or from in the to of the find
1079 * endpoint call. Since in reality this chain is used from the
1080 * inbound packet side.
1082 if (inp_p != NULL) {
1083 return (sctp_findassociation_ep_addr(inp_p, from, netp, to, NULL));
1085 return (sctp_findassociation_ep_addr(&inp, from, netp, to, NULL));
1091 * This routine will grub through the mbuf that is a INIT or INIT-ACK and
1092 * find all addresses that the sender has specified in any address list.
1093 * Each address will be used to lookup the TCB and see if one exits.
1095 static struct sctp_tcb *
1096 sctp_findassociation_special_addr(struct mbuf *m, int iphlen, int offset,
1097 struct sctphdr *sh, struct sctp_inpcb **inp_p, struct sctp_nets **netp,
1098 struct sockaddr *dest)
1100 struct sockaddr_in sin4;
1101 struct sockaddr_in6 sin6;
1102 struct sctp_paramhdr *phdr, parm_buf;
1103 struct sctp_tcb *retval;
1104 u_int32_t ptype, plen;
1106 memset(&sin4, 0, sizeof(sin4));
1107 memset(&sin6, 0, sizeof(sin6));
1108 sin4.sin_len = sizeof(sin4);
1109 sin4.sin_family = AF_INET;
1110 sin4.sin_port = sh->src_port;
1111 sin6.sin6_len = sizeof(sin6);
1112 sin6.sin6_family = AF_INET6;
1113 sin6.sin6_port = sh->src_port;
1116 offset += sizeof(struct sctp_init_chunk);
1118 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf));
1119 while (phdr != NULL) {
1120 /* now we must see if we want the parameter */
1121 ptype = ntohs(phdr->param_type);
1122 plen = ntohs(phdr->param_length);
1125 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
1126 kprintf("sctp_findassociation_special_addr: Impossible length in parameter\n");
1128 #endif /* SCTP_DEBUG */
1131 if (ptype == SCTP_IPV4_ADDRESS &&
1132 plen == sizeof(struct sctp_ipv4addr_param)) {
1133 /* Get the rest of the address */
1134 struct sctp_ipv4addr_param ip4_parm, *p4;
1136 phdr = sctp_get_next_param(m, offset,
1137 (struct sctp_paramhdr *)&ip4_parm, plen);
1141 p4 = (struct sctp_ipv4addr_param *)phdr;
1142 memcpy(&sin4.sin_addr, &p4->addr, sizeof(p4->addr));
1144 retval = sctp_findassociation_ep_addr(inp_p,
1145 (struct sockaddr *)&sin4, netp, dest, NULL);
1146 if (retval != NULL) {
1149 } else if (ptype == SCTP_IPV6_ADDRESS &&
1150 plen == sizeof(struct sctp_ipv6addr_param)) {
1151 /* Get the rest of the address */
1152 struct sctp_ipv6addr_param ip6_parm, *p6;
1154 phdr = sctp_get_next_param(m, offset,
1155 (struct sctp_paramhdr *)&ip6_parm, plen);
1159 p6 = (struct sctp_ipv6addr_param *)phdr;
1160 memcpy(&sin6.sin6_addr, &p6->addr, sizeof(p6->addr));
1162 retval = sctp_findassociation_ep_addr(inp_p,
1163 (struct sockaddr *)&sin6, netp, dest, NULL);
1164 if (retval != NULL) {
1168 offset += SCTP_SIZE32(plen);
1169 phdr = sctp_get_next_param(m, offset, &parm_buf,
1175 static struct sctp_tcb *
1176 sctp_findassoc_by_vtag(struct sockaddr *from, uint32_t vtag,
1177 struct sctp_inpcb **inp_p, struct sctp_nets **netp, uint16_t rport,
1181 * Use my vtag to hash. If we find it we then verify the source addr
1182 * is in the assoc. If all goes well we save a bit on rec of a packet.
1184 struct sctpasochead *head;
1185 struct sctp_nets *net;
1186 struct sctp_tcb *stcb;
1188 SCTP_INP_INFO_RLOCK();
1189 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(vtag,
1190 sctppcbinfo.hashasocmark)];
1193 SCTP_INP_INFO_RUNLOCK();
1196 LIST_FOREACH(stcb, head, sctp_asocs) {
1197 SCTP_INP_RLOCK(stcb->sctp_ep);
1198 SCTP_TCB_LOCK(stcb);
1199 SCTP_INP_RUNLOCK(stcb->sctp_ep);
1200 if (stcb->asoc.my_vtag == vtag) {
1202 if (stcb->rport != rport) {
1204 * we could remove this if vtags are unique
1205 * across the system.
1207 SCTP_TCB_UNLOCK(stcb);
1210 if (stcb->sctp_ep->sctp_lport != lport) {
1212 * we could remove this if vtags are unique
1213 * across the system.
1215 SCTP_TCB_UNLOCK(stcb);
1218 net = sctp_findnet(stcb, from);
1222 sctp_pegs[SCTP_VTAG_EXPR]++;
1223 *inp_p = stcb->sctp_ep;
1224 SCTP_INP_INFO_RUNLOCK();
1227 /* not him, this should only
1228 * happen in rare cases so
1231 sctp_pegs[SCTP_VTAG_BOGUS]++;
1234 SCTP_TCB_UNLOCK(stcb);
1236 SCTP_INP_INFO_RUNLOCK();
1241 * Find an association with the pointer to the inbound IP packet. This
1242 * can be a IPv4 or IPv6 packet.
1245 sctp_findassociation_addr(struct mbuf *m, int iphlen, int offset,
1246 struct sctphdr *sh, struct sctp_chunkhdr *ch,
1247 struct sctp_inpcb **inp_p, struct sctp_nets **netp)
1251 struct sctp_tcb *retval;
1252 struct sockaddr_storage to_store, from_store;
1253 struct sockaddr *to = (struct sockaddr *)&to_store;
1254 struct sockaddr *from = (struct sockaddr *)&from_store;
1255 struct sctp_inpcb *inp;
1258 iph = mtod(m, struct ip *);
1259 if (iph->ip_v == IPVERSION) {
1261 struct sockaddr_in *to4, *from4;
1263 to4 = (struct sockaddr_in *)&to_store;
1264 from4 = (struct sockaddr_in *)&from_store;
1265 bzero(to4, sizeof(*to4));
1266 bzero(from4, sizeof(*from4));
1267 from4->sin_family = to4->sin_family = AF_INET;
1268 from4->sin_len = to4->sin_len = sizeof(struct sockaddr_in);
1269 from4->sin_addr.s_addr = iph->ip_src.s_addr;
1270 to4->sin_addr.s_addr = iph->ip_dst.s_addr ;
1271 from4->sin_port = sh->src_port;
1272 to4->sin_port = sh->dest_port;
1273 } else if (iph->ip_v == (IPV6_VERSION >> 4)) {
1275 struct ip6_hdr *ip6;
1276 struct sockaddr_in6 *to6, *from6;
1278 ip6 = mtod(m, struct ip6_hdr *);
1279 to6 = (struct sockaddr_in6 *)&to_store;
1280 from6 = (struct sockaddr_in6 *)&from_store;
1281 bzero(to6, sizeof(*to6));
1282 bzero(from6, sizeof(*from6));
1283 from6->sin6_family = to6->sin6_family = AF_INET6;
1284 from6->sin6_len = to6->sin6_len = sizeof(struct sockaddr_in6);
1285 to6->sin6_addr = ip6->ip6_dst;
1286 from6->sin6_addr = ip6->ip6_src;
1287 from6->sin6_port = sh->src_port;
1288 to6->sin6_port = sh->dest_port;
1289 /* Get the scopes in properly to the sin6 addr's */
1290 in6_recoverscope(to6, &to6->sin6_addr, NULL);
1291 #if defined(SCTP_BASE_FREEBSD) || defined(__APPLE__) || defined(__DragonFly__)
1292 in6_embedscope(&to6->sin6_addr, to6, NULL, NULL);
1294 in6_embedscope(&to6->sin6_addr, to6);
1297 in6_recoverscope(from6, &from6->sin6_addr, NULL);
1298 #if defined(SCTP_BASE_FREEBSD) || defined(__APPLE__) || defined(__DragonFly__)
1299 in6_embedscope(&from6->sin6_addr, from6, NULL, NULL);
1301 in6_embedscope(&from6->sin6_addr, from6);
1304 /* Currently not supported. */
1308 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
1309 kprintf("Looking for port %d address :",
1310 ntohs(((struct sockaddr_in *)to)->sin_port));
1311 sctp_print_address(to);
1312 kprintf("From for port %d address :",
1313 ntohs(((struct sockaddr_in *)from)->sin_port));
1314 sctp_print_address(from);
1319 /* we only go down this path if vtag is non-zero */
1320 retval = sctp_findassoc_by_vtag(from, ntohl(sh->v_tag),
1321 inp_p, netp, sh->src_port, sh->dest_port);
1327 if ((ch->chunk_type != SCTP_INITIATION) &&
1328 (ch->chunk_type != SCTP_INITIATION_ACK) &&
1329 (ch->chunk_type != SCTP_COOKIE_ACK) &&
1330 (ch->chunk_type != SCTP_COOKIE_ECHO)) {
1331 /* Other chunk types go to the tcp pool. */
1335 retval = sctp_findassociation_addr_sa(to, from, inp_p, netp,
1339 retval = sctp_findassociation_addr_sa(to, from, &inp, netp,
1343 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
1344 kprintf("retval:%p inp:%p\n", retval, inp);
1347 if (retval == NULL && inp) {
1348 /* Found a EP but not this address */
1350 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
1351 kprintf("Found endpoint %p but no asoc - ep state:%x\n",
1352 inp, inp->sctp_flags);
1355 if ((ch->chunk_type == SCTP_INITIATION) ||
1356 (ch->chunk_type == SCTP_INITIATION_ACK)) {
1358 * special hook, we do NOT return linp or an
1359 * association that is linked to an existing
1360 * association that is under the TCP pool (i.e. no
1361 * listener exists). The endpoint finding routine
1362 * will always find a listner before examining the
1365 if (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) {
1367 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
1368 kprintf("Gak, its in the TCP pool... return NULL");
1377 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
1378 kprintf("Now doing SPECIAL find\n");
1381 retval = sctp_findassociation_special_addr(m, iphlen,
1382 offset, sh, inp_p, netp, to);
1386 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
1387 kprintf("retval is %p\n", retval);
1393 extern int sctp_max_burst_default;
1395 extern unsigned int sctp_delayed_sack_time_default;
1396 extern unsigned int sctp_heartbeat_interval_default;
1397 extern unsigned int sctp_pmtu_raise_time_default;
1398 extern unsigned int sctp_shutdown_guard_time_default;
1399 extern unsigned int sctp_secret_lifetime_default;
1401 extern unsigned int sctp_rto_max_default;
1402 extern unsigned int sctp_rto_min_default;
1403 extern unsigned int sctp_rto_initial_default;
1404 extern unsigned int sctp_init_rto_max_default;
1405 extern unsigned int sctp_valid_cookie_life_default;
1406 extern unsigned int sctp_init_rtx_max_default;
1407 extern unsigned int sctp_assoc_rtx_max_default;
1408 extern unsigned int sctp_path_rtx_max_default;
1409 extern unsigned int sctp_nr_outgoing_streams_default;
1412 * allocate a sctp_inpcb and setup a temporary binding to a port/all
1413 * addresses. This way if we don't get a bind we by default pick a ephemeral
1414 * port with all addresses bound.
1417 sctp_inpcb_alloc(struct socket *so)
1420 * we get called when a new endpoint starts up. We need to allocate
1421 * the sctp_inpcb structure from the zone and init it. Mark it as
1422 * unbound and find a port that we can use as an ephemeral with
1423 * INADDR_ANY. If the user binds later no problem we can then add
1424 * in the specific addresses. And setup the default parameters for
1428 struct sctp_inpcb *inp, *n_inp;
1430 struct timeval time;
1436 * This code audits the entire INP list to see if
1437 * any ep's that are in the GONE state are now
1438 * all free. This should not happen really since when
1439 * the last association if freed we should end up deleting
1440 * the inpcb. This code including the locks should
1441 * be taken out ... since the last set of fixes I
1442 * have not seen the "Found a GONE on list" has not
1443 * came out. But i am paranoid and we will leave this
1444 * in at the cost of efficency on allocation of PCB's.
1445 * Probably we should move this to the invariant
1448 /* #ifdef INVARIANTS*/
1449 SCTP_INP_INFO_RLOCK();
1450 inp = LIST_FIRST(&sctppcbinfo.listhead);
1452 n_inp = LIST_NEXT(inp, sctp_list);
1453 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
1454 if (LIST_FIRST(&inp->sctp_asoc_list) == NULL) {
1455 /* finish the job now */
1456 kprintf("Found a GONE on list\n");
1457 SCTP_INP_INFO_RUNLOCK();
1458 sctp_inpcb_free(inp, 1);
1459 SCTP_INP_INFO_RLOCK();
1464 SCTP_INP_INFO_RUNLOCK();
1465 /* #endif INVARIANTS*/
1467 SCTP_INP_INFO_WLOCK();
1468 inp = (struct sctp_inpcb *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_ep);
1470 kprintf("Out of SCTP-INPCB structures - no resources\n");
1471 SCTP_INP_INFO_WUNLOCK();
1476 bzero(inp, sizeof(*inp));
1478 /* bump generations */
1479 inp->ip_inp.inp.inp_socket = so;
1481 /* setup socket pointers */
1482 inp->sctp_socket = so;
1484 if (INP_CHECK_SOCKAF(so, AF_INET6))
1485 inp->ip_inp.inp.inp_af = AF_INET6;
1487 inp->ip_inp.inp.inp_af = AF_INET;
1489 /* setup inpcb socket too */
1490 inp->ip_inp.inp.inp_socket = so;
1491 inp->sctp_frag_point = SCTP_DEFAULT_MAXSEGMENT;
1493 #if !(defined(__OpenBSD__) || defined(__APPLE__))
1495 struct inpcbpolicy *pcb_sp = NULL;
1496 error = ipsec_init_policy(so, &pcb_sp);
1497 /* Arrange to share the policy */
1498 inp->ip_inp.inp.inp_sp = pcb_sp;
1499 ((struct in6pcb *)(&inp->ip_inp.inp))->in6p_sp = pcb_sp;
1502 /* not sure what to do for openbsd here */
1506 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp);
1507 SCTP_INP_INFO_WUNLOCK();
1511 sctppcbinfo.ipi_count_ep++;
1512 #if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__)
1513 inp->ip_inp.inp.inp_gencnt = ++sctppcbinfo.ipi_gencnt_ep;
1514 inp->ip_inp.inp.inp_ip_ttl = ip_defttl;
1516 inp->inp_ip_ttl = ip_defttl;
1517 inp->inp_ip_tos = 0;
1520 so->so_pcb = (caddr_t)inp;
1522 if ((so->so_type == SOCK_DGRAM) ||
1523 (so->so_type == SOCK_SEQPACKET)) {
1524 /* UDP style socket */
1525 inp->sctp_flags = (SCTP_PCB_FLAGS_UDPTYPE |
1526 SCTP_PCB_FLAGS_UNBOUND);
1527 inp->sctp_flags |= (SCTP_PCB_FLAGS_RECVDATAIOEVNT);
1528 } else if (so->so_type == SOCK_STREAM) {
1529 /* TCP style socket */
1530 inp->sctp_flags = (SCTP_PCB_FLAGS_TCPTYPE |
1531 SCTP_PCB_FLAGS_UNBOUND);
1532 inp->sctp_flags |= (SCTP_PCB_FLAGS_RECVDATAIOEVNT);
1535 * unsupported socket type (RAW, etc)- in case we missed
1538 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp);
1539 SCTP_INP_INFO_WUNLOCK();
1540 return (EOPNOTSUPP);
1542 inp->sctp_tcbhash = hashinit(sctp_pcbtblsize,
1547 #if defined(__NetBSD__) || defined(__OpenBSD__)
1550 &inp->sctp_hashmark);
1551 if (inp->sctp_tcbhash == NULL) {
1552 kprintf("Out of SCTP-INPCB->hashinit - no resources\n");
1553 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp);
1554 SCTP_INP_INFO_WUNLOCK();
1558 SCTP_INP_LOCK_INIT(inp);
1559 SCTP_ASOC_CREATE_LOCK_INIT(inp);
1560 /* lock the new ep */
1561 SCTP_INP_WLOCK(inp);
1563 /* add it to the info area */
1564 LIST_INSERT_HEAD(&sctppcbinfo.listhead, inp, sctp_list);
1565 SCTP_INP_INFO_WUNLOCK();
1567 LIST_INIT(&inp->sctp_addr_list);
1568 LIST_INIT(&inp->sctp_asoc_list);
1569 TAILQ_INIT(&inp->sctp_queue_list);
1570 /* Init the timer structure for signature change */
1571 #if defined (__FreeBSD__) && __FreeBSD_version >= 500000
1572 callout_init(&inp->sctp_ep.signature_change.timer, 0);
1574 callout_init(&inp->sctp_ep.signature_change.timer);
1576 inp->sctp_ep.signature_change.type = SCTP_TIMER_TYPE_NEWCOOKIE;
1578 /* now init the actual endpoint default data */
1581 /* setup the base timeout information */
1582 m->sctp_timeoutticks[SCTP_TIMER_SEND] = SEC_TO_TICKS(SCTP_SEND_SEC); /* needed ? */
1583 m->sctp_timeoutticks[SCTP_TIMER_INIT] = SEC_TO_TICKS(SCTP_INIT_SEC); /* needed ? */
1584 m->sctp_timeoutticks[SCTP_TIMER_RECV] = MSEC_TO_TICKS(sctp_delayed_sack_time_default);
1585 m->sctp_timeoutticks[SCTP_TIMER_HEARTBEAT] = sctp_heartbeat_interval_default; /* this is in MSEC */
1586 m->sctp_timeoutticks[SCTP_TIMER_PMTU] = SEC_TO_TICKS(sctp_pmtu_raise_time_default);
1587 m->sctp_timeoutticks[SCTP_TIMER_MAXSHUTDOWN] = SEC_TO_TICKS(sctp_shutdown_guard_time_default);
1588 m->sctp_timeoutticks[SCTP_TIMER_SIGNATURE] = SEC_TO_TICKS(sctp_secret_lifetime_default);
1589 /* all max/min max are in ms */
1590 m->sctp_maxrto = sctp_rto_max_default;
1591 m->sctp_minrto = sctp_rto_min_default;
1592 m->initial_rto = sctp_rto_initial_default;
1593 m->initial_init_rto_max = sctp_init_rto_max_default;
1595 m->max_open_streams_intome = MAX_SCTP_STREAMS;
1597 m->max_init_times = sctp_init_rtx_max_default;
1598 m->max_send_times = sctp_assoc_rtx_max_default;
1599 m->def_net_failure = sctp_path_rtx_max_default;
1600 m->sctp_sws_sender = SCTP_SWS_SENDER_DEF;
1601 m->sctp_sws_receiver = SCTP_SWS_RECEIVER_DEF;
1602 m->max_burst = sctp_max_burst_default;
1603 /* number of streams to pre-open on a association */
1604 m->pre_open_stream_count = sctp_nr_outgoing_streams_default;
1606 /* Add adaption cookie */
1607 m->adaption_layer_indicator = 0x504C5253;
1609 /* seed random number generator */
1610 m->random_counter = 1;
1611 m->store_at = SCTP_SIGNATURE_SIZE;
1612 #if (defined(__FreeBSD__) && (__FreeBSD_version < 500000)) || defined(__DragonFly__)
1613 read_random_unlimited(m->random_numbers, sizeof(m->random_numbers));
1614 #elif defined(__APPLE__) || (defined(__FreeBSD__) && (__FreeBSD_version > 500000))
1615 read_random(m->random_numbers, sizeof(m->random_numbers));
1616 #elif defined(__OpenBSD__)
1617 get_random_bytes(m->random_numbers, sizeof(m->random_numbers));
1618 #elif defined(__NetBSD__) && NRND > 0
1619 rnd_extract_data(m->random_numbers, sizeof(m->random_numbers),
1623 u_int32_t *ranm, *ranp;
1624 ranp = (u_int32_t *)&m->random_numbers;
1625 ranm = ranp + (SCTP_SIGNATURE_ALOC_SIZE/sizeof(u_int32_t));
1626 if ((u_long)ranp % 4) {
1627 /* not a even boundary? */
1628 ranp = (u_int32_t *)SCTP_SIZE32((u_long)ranp);
1630 while (ranp < ranm) {
1636 sctp_fill_random_store(m);
1638 /* Minimum cookie size */
1639 m->size_of_a_cookie = (sizeof(struct sctp_init_msg) * 2) +
1640 sizeof(struct sctp_state_cookie);
1641 m->size_of_a_cookie += SCTP_SIGNATURE_SIZE;
1643 /* Setup the initial secret */
1644 SCTP_GETTIME_TIMEVAL(&time);
1645 m->time_of_secret_change = time.tv_sec;
1647 for (i = 0; i < SCTP_NUMBER_OF_SECRETS; i++) {
1648 m->secret_key[0][i] = sctp_select_initial_TSN(m);
1650 sctp_timer_start(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL);
1652 /* How long is a cookie good for ? */
1653 m->def_cookie_life = sctp_valid_cookie_life_default;
1654 SCTP_INP_WUNLOCK(inp);
1660 sctp_move_pcb_and_assoc(struct sctp_inpcb *old_inp, struct sctp_inpcb *new_inp,
1661 struct sctp_tcb *stcb)
1663 uint16_t lport, rport;
1664 struct sctppcbhead *head;
1665 struct sctp_laddr *laddr, *oladdr;
1667 SCTP_TCB_UNLOCK(stcb);
1668 SCTP_INP_INFO_WLOCK();
1669 SCTP_INP_WLOCK(old_inp);
1670 SCTP_INP_WLOCK(new_inp);
1671 SCTP_TCB_LOCK(stcb);
1673 new_inp->sctp_ep.time_of_secret_change =
1674 old_inp->sctp_ep.time_of_secret_change;
1675 memcpy(new_inp->sctp_ep.secret_key, old_inp->sctp_ep.secret_key,
1676 sizeof(old_inp->sctp_ep.secret_key));
1677 new_inp->sctp_ep.current_secret_number =
1678 old_inp->sctp_ep.current_secret_number;
1679 new_inp->sctp_ep.last_secret_number =
1680 old_inp->sctp_ep.last_secret_number;
1681 new_inp->sctp_ep.size_of_a_cookie = old_inp->sctp_ep.size_of_a_cookie;
1683 /* Copy the port across */
1684 lport = new_inp->sctp_lport = old_inp->sctp_lport;
1685 rport = stcb->rport;
1686 /* Pull the tcb from the old association */
1687 LIST_REMOVE(stcb, sctp_tcbhash);
1688 LIST_REMOVE(stcb, sctp_tcblist);
1690 /* Now insert the new_inp into the TCP connected hash */
1691 head = &sctppcbinfo.sctp_tcpephash[SCTP_PCBHASH_ALLADDR((lport + rport),
1692 sctppcbinfo.hashtcpmark)];
1694 LIST_INSERT_HEAD(head, new_inp, sctp_hash);
1696 /* Now move the tcb into the endpoint list */
1697 LIST_INSERT_HEAD(&new_inp->sctp_asoc_list, stcb, sctp_tcblist);
1699 * Question, do we even need to worry about the ep-hash since
1700 * we only have one connection? Probably not :> so lets
1701 * get rid of it and not suck up any kernel memory in that.
1703 SCTP_INP_INFO_WUNLOCK();
1704 stcb->sctp_socket = new_inp->sctp_socket;
1705 stcb->sctp_ep = new_inp;
1706 if (new_inp->sctp_tcbhash != NULL) {
1707 hashdestroy(new_inp->sctp_tcbhash, M_PCB,
1708 new_inp->sctp_hashmark);
1709 new_inp->sctp_tcbhash = NULL;
1711 if ((new_inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) {
1712 /* Subset bound, so copy in the laddr list from the old_inp */
1713 LIST_FOREACH(oladdr, &old_inp->sctp_addr_list, sctp_nxt_addr) {
1714 laddr = (struct sctp_laddr *)SCTP_ZONE_GET(
1715 sctppcbinfo.ipi_zone_laddr);
1716 if (laddr == NULL) {
1718 * Gak, what can we do? This assoc is really
1719 * HOSED. We probably should send an abort
1723 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
1724 kprintf("Association hosed in TCP model, out of laddr memory\n");
1726 #endif /* SCTP_DEBUG */
1729 sctppcbinfo.ipi_count_laddr++;
1730 sctppcbinfo.ipi_gencnt_laddr++;
1731 bzero(laddr, sizeof(*laddr));
1732 laddr->ifa = oladdr->ifa;
1733 LIST_INSERT_HEAD(&new_inp->sctp_addr_list, laddr,
1735 new_inp->laddr_count++;
1738 SCTP_INP_WUNLOCK(new_inp);
1739 SCTP_INP_WUNLOCK(old_inp);
1743 sctp_isport_inuse(struct sctp_inpcb *inp, uint16_t lport)
1745 struct sctppcbhead *head;
1746 struct sctp_inpcb *t_inp;
1748 head = &sctppcbinfo.sctp_ephash[SCTP_PCBHASH_ALLADDR(lport,
1749 sctppcbinfo.hashmark)];
1750 LIST_FOREACH(t_inp, head, sctp_hash) {
1751 if (t_inp->sctp_lport != lport) {
1754 /* This one is in use. */
1755 /* check the v6/v4 binding issue */
1756 if (t_inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
1757 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
1758 /* collision in V6 space */
1761 /* inp is BOUND_V4 no conflict */
1765 /* t_inp is bound only V4 */
1766 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) {
1770 /* else fall through to conflict */
1778 #if (defined(__FreeBSD__) && __FreeBSD_version >= 500000) || defined(__DragonFly__)
1779 sctp_inpcb_bind(struct socket *so, struct sockaddr *addr, struct thread *p)
1781 sctp_inpcb_bind(struct socket *so, struct sockaddr *addr, struct proc *p)
1784 /* bind a ep to a socket address */
1785 struct sctppcbhead *head;
1786 struct sctp_inpcb *inp, *inp_tmp;
1787 struct inpcb *ip_inp;
1795 inp = (struct sctp_inpcb *)so->so_pcb;
1796 ip_inp = (struct inpcb *)so->so_pcb;
1798 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
1800 kprintf("Bind called port:%d\n",
1801 ntohs(((struct sockaddr_in *)addr)->sin_port));
1803 sctp_print_address(addr);
1806 #endif /* SCTP_DEBUG */
1807 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) == 0) {
1808 /* already did a bind, subsequent binds NOT allowed ! */
1813 if (addr->sa_family == AF_INET) {
1814 /* We don't support v4-mapped address */
1816 } else if (addr->sa_family == AF_INET6) {
1817 /* Only for pure IPv6 Address. (No IPv4 Mapped!) */
1818 struct sockaddr_in6 *sin6;
1820 sin6 = (struct sockaddr_in6 *)addr;
1822 if (addr->sa_len != sizeof(*sin6))
1825 lport = sin6->sin6_port;
1826 if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
1828 /* KAME hack: embed scopeid */
1829 #if defined(SCTP_BASE_FREEBSD) || defined(__APPLE__) || defined(__DragonFly__)
1830 if (in6_embedscope(&sin6->sin6_addr, sin6,
1833 #elif defined(__FreeBSD__)
1834 error = scope6_check_id(sin6, ip6_use_defzone);
1838 if (in6_embedscope(&sin6->sin6_addr, sin6) != 0) {
1843 #ifndef SCOPEDROUTING
1844 /* this must be cleared for ifa_ifwithaddr() */
1845 sin6->sin6_scope_id = 0;
1846 #endif /* SCOPEDROUTING */
1848 return (EAFNOSUPPORT);
1851 SCTP_INP_INFO_WLOCK();
1852 SCTP_INP_WLOCK(inp);
1853 /* increase our count due to the unlock we do */
1854 SCTP_INP_INCR_REF(inp);
1857 * Did the caller specify a port? if so we must see if a
1858 * ep already has this one bound.
1860 /* got to be root to get at low ports */
1861 if (ntohs(lport) < IPPORT_RESERVED) {
1864 #if __FreeBSD_version >= 500000
1865 suser_cred(p->td_ucred, 0)
1869 #elif defined(__NetBSD__) || defined(__APPLE__)
1870 suser(p->p_ucred, &p->p_acflag)
1871 #elif defined(__DragonFly__)
1872 priv_check(p, PRIV_ROOT)
1877 SCTP_INP_DECR_REF(inp);
1878 SCTP_INP_WUNLOCK(inp);
1879 SCTP_INP_INFO_WUNLOCK();
1884 SCTP_INP_DECR_REF(inp);
1885 SCTP_INP_WUNLOCK(inp);
1886 SCTP_INP_INFO_WUNLOCK();
1889 SCTP_INP_WUNLOCK(inp);
1890 inp_tmp = sctp_pcb_findep(addr, 0, 1);
1891 if (inp_tmp != NULL) {
1892 /* lock guy returned and lower count
1893 * note that we are not bound so inp_tmp
1894 * should NEVER be inp. And it is this
1895 * inp (inp_tmp) that gets the reference
1896 * bump, so we must lower it.
1898 SCTP_INP_WLOCK(inp_tmp);
1899 SCTP_INP_DECR_REF(inp_tmp);
1900 SCTP_INP_WUNLOCK(inp_tmp);
1903 SCTP_INP_INFO_WUNLOCK();
1904 return (EADDRNOTAVAIL);
1906 SCTP_INP_WLOCK(inp);
1908 /* verify that no lport is not used by a singleton */
1909 if (sctp_isport_inuse(inp, lport)) {
1910 /* Sorry someone already has this one bound */
1911 SCTP_INP_DECR_REF(inp);
1912 SCTP_INP_WUNLOCK(inp);
1913 SCTP_INP_INFO_WUNLOCK();
1914 return (EADDRNOTAVAIL);
1919 * get any port but lets make sure no one has any address
1920 * with this port bound
1924 * setup the inp to the top (I could use the union but this
1927 uint32_t port_guess;
1928 uint16_t port_attempt;
1932 port_guess = sctp_select_initial_TSN(&inp->sctp_ep);
1933 port_attempt = (port_guess & 0x0000ffff);
1934 if (port_attempt == 0) {
1937 if (port_attempt < IPPORT_RESERVED) {
1938 port_attempt += IPPORT_RESERVED;
1941 if (sctp_isport_inuse(inp, htons(port_attempt)) == 0) {
1942 /* got a port we can use */
1946 /* try upper half */
1948 port_attempt = ((port_guess >> 16) & 0x0000ffff);
1949 if (port_attempt == 0) {
1952 if (port_attempt < IPPORT_RESERVED) {
1953 port_attempt += IPPORT_RESERVED;
1955 if (sctp_isport_inuse(inp, htons(port_attempt)) == 0) {
1956 /* got a port we can use */
1960 /* try two half's added together */
1962 port_attempt = (((port_guess >> 16) & 0x0000ffff) + (port_guess & 0x0000ffff));
1963 if (port_attempt == 0) {
1964 /* get a new random number */
1967 if (port_attempt < IPPORT_RESERVED) {
1968 port_attempt += IPPORT_RESERVED;
1970 if (sctp_isport_inuse(inp, htons(port_attempt)) == 0) {
1971 /* got a port we can use */
1976 /* we don't get out of the loop until we have a port */
1977 lport = htons(port_attempt);
1979 SCTP_INP_DECR_REF(inp);
1980 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
1981 /* this really should not happen. The guy
1982 * did a non-blocking bind and then did a close
1985 SCTP_INP_WUNLOCK(inp);
1986 SCTP_INP_INFO_WUNLOCK();
1989 /* ok we look clear to give out this port, so lets setup the binding */
1991 /* binding to all addresses, so just set in the proper flags */
1992 inp->sctp_flags |= (SCTP_PCB_FLAGS_BOUNDALL |
1993 SCTP_PCB_FLAGS_DO_ASCONF);
1994 /* set the automatic addr changes from kernel flag */
1995 if (sctp_auto_asconf == 0) {
1996 inp->sctp_flags &= ~SCTP_PCB_FLAGS_AUTO_ASCONF;
1998 inp->sctp_flags |= SCTP_PCB_FLAGS_AUTO_ASCONF;
2002 * bind specific, make sure flags is off and add a new address
2003 * structure to the sctp_addr_list inside the ep structure.
2005 * We will need to allocate one and insert it at the head.
2006 * The socketopt call can just insert new addresses in there
2007 * as well. It will also have to do the embed scope kame hack
2008 * too (before adding).
2011 struct sockaddr_storage store_sa;
2013 memset(&store_sa, 0, sizeof(store_sa));
2014 if (addr->sa_family == AF_INET) {
2015 struct sockaddr_in *sin;
2017 sin = (struct sockaddr_in *)&store_sa;
2018 memcpy(sin, addr, sizeof(struct sockaddr_in));
2020 } else if (addr->sa_family == AF_INET6) {
2021 struct sockaddr_in6 *sin6;
2023 sin6 = (struct sockaddr_in6 *)&store_sa;
2024 memcpy(sin6, addr, sizeof(struct sockaddr_in6));
2025 sin6->sin6_port = 0;
2028 * first find the interface with the bound address
2029 * need to zero out the port to find the address! yuck!
2030 * can't do this earlier since need port for sctp_pcb_findep()
2032 ifa = sctp_find_ifa_by_addr((struct sockaddr *)&store_sa);
2034 /* Can't find an interface with that address */
2035 SCTP_INP_WUNLOCK(inp);
2036 SCTP_INP_INFO_WUNLOCK();
2037 return (EADDRNOTAVAIL);
2039 if (addr->sa_family == AF_INET6) {
2040 struct in6_ifaddr *ifa6;
2041 ifa6 = (struct in6_ifaddr *)ifa;
2043 * allow binding of deprecated addresses as per
2044 * RFC 2462 and ipng discussion
2046 if (ifa6->ia6_flags & (IN6_IFF_DETACHED |
2048 IN6_IFF_NOTREADY)) {
2049 /* Can't bind a non-existent addr. */
2050 SCTP_INP_WUNLOCK(inp);
2051 SCTP_INP_INFO_WUNLOCK();
2055 /* we're not bound all */
2056 inp->sctp_flags &= ~SCTP_PCB_FLAGS_BOUNDALL;
2057 #if 0 /* use sysctl now */
2058 /* don't allow automatic addr changes from kernel */
2059 inp->sctp_flags &= ~SCTP_PCB_FLAGS_AUTO_ASCONF;
2061 /* set the automatic addr changes from kernel flag */
2062 if (sctp_auto_asconf == 0) {
2063 inp->sctp_flags &= ~SCTP_PCB_FLAGS_AUTO_ASCONF;
2065 inp->sctp_flags |= SCTP_PCB_FLAGS_AUTO_ASCONF;
2067 /* allow bindx() to send ASCONF's for binding changes */
2068 inp->sctp_flags |= SCTP_PCB_FLAGS_DO_ASCONF;
2069 /* add this address to the endpoint list */
2070 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa);
2072 SCTP_INP_WUNLOCK(inp);
2073 SCTP_INP_INFO_WUNLOCK();
2078 /* find the bucket */
2079 head = &sctppcbinfo.sctp_ephash[SCTP_PCBHASH_ALLADDR(lport,
2080 sctppcbinfo.hashmark)];
2081 /* put it in the bucket */
2082 LIST_INSERT_HEAD(head, inp, sctp_hash);
2084 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
2085 kprintf("Main hash to bind at head:%p, bound port:%d\n", head, ntohs(lport));
2088 /* set in the port */
2089 inp->sctp_lport = lport;
2091 /* turn off just the unbound flag */
2092 inp->sctp_flags &= ~SCTP_PCB_FLAGS_UNBOUND;
2093 SCTP_INP_WUNLOCK(inp);
2094 SCTP_INP_INFO_WUNLOCK();
2100 sctp_iterator_inp_being_freed(struct sctp_inpcb *inp, struct sctp_inpcb *inp_next)
2102 struct sctp_iterator *it;
2103 /* We enter with the only the ITERATOR_LOCK in place and
2104 * A write lock on the inp_info stuff.
2107 /* Go through all iterators, we must do this since
2108 * it is possible that some iterator does NOT have
2109 * the lock, but is waiting for it. And the one that
2110 * had the lock has either moved in the last iteration
2111 * or we just cleared it above. We need to find all
2112 * of those guys. The list of iterators should never
2113 * be very big though.
2115 LIST_FOREACH(it, &sctppcbinfo.iteratorhead, sctp_nxt_itr) {
2116 if (it == inp->inp_starting_point_for_iterator)
2117 /* skip this guy, he's special */
2119 if (it->inp == inp) {
2120 /* This is tricky and we DON'T lock the iterator.
2121 * Reason is he's running but waiting for me since
2122 * inp->inp_starting_point_for_iterator has the lock
2123 * on me (the guy above we skipped). This tells us
2124 * its is not running but waiting for inp->inp_starting_point_for_iterator
2125 * to be released by the guy that does have our INP in a lock.
2127 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
2131 /* set him up to do the next guy not me */
2137 it = inp->inp_starting_point_for_iterator;
2139 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
2148 /* release sctp_inpcb unbind the port */
2150 sctp_inpcb_free(struct sctp_inpcb *inp, int immediate)
2153 * Here we free a endpoint. We must find it (if it is in the Hash
2154 * table) and remove it from there. Then we must also find it in
2155 * the overall list and remove it from there. After all removals are
2156 * complete then any timer has to be stopped. Then start the actual
2158 * a) Any local lists.
2159 * b) Any associations.
2160 * c) The hash of all associations.
2161 * d) finally the ep itself.
2163 struct sctp_inpcb *inp_save;
2164 struct sctp_tcb *asoc, *nasoc;
2165 struct sctp_laddr *laddr, *nladdr;
2166 struct inpcb *ip_pcb;
2168 struct sctp_socket_q_list *sq;
2169 #if !defined(__FreeBSD__) || __FreeBSD_version < 500000
2174 SCTP_ASOC_CREATE_LOCK(inp);
2175 SCTP_INP_WLOCK(inp);
2177 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) {
2178 /* been here before */
2179 kprintf("Endpoint was all gone (dup free)?\n");
2180 SCTP_INP_WUNLOCK(inp);
2181 SCTP_ASOC_CREATE_UNLOCK(inp);
2184 sctp_timer_stop(SCTP_TIMER_TYPE_NEWCOOKIE, inp, NULL, NULL);
2187 sctp_m_freem(inp->control);
2188 inp->control = NULL;
2191 sctp_m_freem(inp->pkt);
2194 so = inp->sctp_socket;
2195 ip_pcb = &inp->ip_inp.inp; /* we could just cast the main
2196 * pointer here but I will
2197 * be nice :> (i.e. ip_pcb = ep;)
2200 if (immediate == 0) {
2203 for ((asoc = LIST_FIRST(&inp->sctp_asoc_list)); asoc != NULL;
2205 nasoc = LIST_NEXT(asoc, sctp_tcblist);
2206 if ((SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_WAIT) ||
2207 (SCTP_GET_STATE(&asoc->asoc) == SCTP_STATE_COOKIE_ECHOED)) {
2208 /* Just abandon things in the front states */
2209 SCTP_TCB_LOCK(asoc);
2210 SCTP_INP_WUNLOCK(inp);
2211 sctp_free_assoc(inp, asoc);
2212 SCTP_INP_WLOCK(inp);
2215 asoc->asoc.state |= SCTP_STATE_CLOSED_SOCKET;
2217 if ((asoc->asoc.size_on_delivery_queue > 0) ||
2218 (asoc->asoc.size_on_reasm_queue > 0) ||
2219 (asoc->asoc.size_on_all_streams > 0) ||
2220 (so && (so->so_rcv.ssb_cc > 0))
2222 /* Left with Data unread */
2223 struct mbuf *op_err;
2224 MGET(op_err, MB_DONTWAIT, MT_DATA);
2226 /* Fill in the user initiated abort */
2227 struct sctp_paramhdr *ph;
2229 sizeof(struct sctp_paramhdr);
2231 struct sctp_paramhdr *);
2232 ph->param_type = htons(
2233 SCTP_CAUSE_USER_INITIATED_ABT);
2234 ph->param_length = htons(op_err->m_len);
2236 SCTP_TCB_LOCK(asoc);
2237 sctp_send_abort_tcb(asoc, op_err);
2239 SCTP_INP_WUNLOCK(inp);
2240 sctp_free_assoc(inp, asoc);
2241 SCTP_INP_WLOCK(inp);
2243 } else if (TAILQ_EMPTY(&asoc->asoc.send_queue) &&
2244 TAILQ_EMPTY(&asoc->asoc.sent_queue)) {
2245 if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_SENT) &&
2246 (SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_SHUTDOWN_ACK_SENT)) {
2247 /* there is nothing queued to send, so I send shutdown */
2248 SCTP_TCB_LOCK(asoc);
2249 sctp_send_shutdown(asoc, asoc->asoc.primary_destination);
2250 asoc->asoc.state = SCTP_STATE_SHUTDOWN_SENT;
2251 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, asoc->sctp_ep, asoc,
2252 asoc->asoc.primary_destination);
2253 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD, asoc->sctp_ep, asoc,
2254 asoc->asoc.primary_destination);
2255 sctp_chunk_output(inp, asoc, 1);
2256 SCTP_TCB_UNLOCK(asoc);
2259 /* mark into shutdown pending */
2260 asoc->asoc.state |= SCTP_STATE_SHUTDOWN_PENDING;
2264 /* now is there some left in our SHUTDOWN state? */
2266 inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_GONE;
2267 SCTP_INP_WUNLOCK(inp);
2268 SCTP_ASOC_CREATE_UNLOCK(inp);
2272 #if defined(__FreeBSD__) && __FreeBSD_version >= 503000
2273 if (inp->refcount) {
2274 sctp_timer_start(SCTP_TIMER_TYPE_INPKILL, inp, NULL, NULL);
2275 SCTP_INP_WUNLOCK(inp);
2276 SCTP_ASOC_CREATE_UNLOCK(inp);
2280 inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_ALLGONE;
2281 #if !defined(__FreeBSD__) || __FreeBSD_version < 500000
2282 rt = ip_pcb->inp_route.ro_rt;
2285 callout_stop(&inp->sctp_ep.signature_change.timer);
2288 /* First take care of socket level things */
2291 /* XXX IPsec cleanup here */
2292 if (ip_pcb->inp_tdb_in)
2293 TAILQ_REMOVE(&ip_pcb->inp_tdb_in->tdb_inp_in,
2294 ip_pcb, inp_tdb_in_next);
2295 if (ip_pcb->inp_tdb_out)
2296 TAILQ_REMOVE(&ip_pcb->inp_tdb_out->tdb_inp_out, ip_pcb,
2298 if (ip_pcb->inp_ipsec_localid)
2299 ipsp_reffree(ip_pcb->inp_ipsec_localid);
2300 if (ip_pcb->inp_ipsec_remoteid)
2301 ipsp_reffree(ip_pcb->inp_ipsec_remoteid);
2302 if (ip_pcb->inp_ipsec_localcred)
2303 ipsp_reffree(ip_pcb->inp_ipsec_localcred);
2304 if (ip_pcb->inp_ipsec_remotecred)
2305 ipsp_reffree(ip_pcb->inp_ipsec_remotecred);
2306 if (ip_pcb->inp_ipsec_localauth)
2307 ipsp_reffree(ip_pcb->inp_ipsec_localauth);
2308 if (ip_pcb->inp_ipsec_remoteauth)
2309 ipsp_reffree(ip_pcb->inp_ipsec_remoteauth);
2311 ipsec4_delete_pcbpolicy(ip_pcb);
2314 #if defined(__FreeBSD__) && __FreeBSD_version > 500000
2322 if (ip_pcb->inp_options) {
2323 m_free(ip_pcb->inp_options);
2324 ip_pcb->inp_options = 0;
2326 #if !defined(__FreeBSD__) || __FreeBSD_version < 500000
2329 ip_pcb->inp_route.ro_rt = 0;
2332 if (ip_pcb->inp_moptions) {
2333 ip_freemoptions(ip_pcb->inp_moptions);
2334 ip_pcb->inp_moptions = 0;
2337 /* Now the sctp_pcb things */
2340 * free each asoc if it is not already closed/free. we can't use
2341 * the macro here since le_next will get freed as part of the
2342 * sctp_free_assoc() call.
2345 for ((asoc = LIST_FIRST(&inp->sctp_asoc_list)); asoc != NULL;
2347 nasoc = LIST_NEXT(asoc, sctp_tcblist);
2348 SCTP_TCB_LOCK(asoc);
2349 if (SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_COOKIE_WAIT) {
2350 struct mbuf *op_err;
2351 MGET(op_err, MB_DONTWAIT, MT_DATA);
2353 /* Fill in the user initiated abort */
2354 struct sctp_paramhdr *ph;
2355 op_err->m_len = sizeof(struct sctp_paramhdr);
2356 ph = mtod(op_err, struct sctp_paramhdr *);
2357 ph->param_type = htons(
2358 SCTP_CAUSE_USER_INITIATED_ABT);
2359 ph->param_length = htons(op_err->m_len);
2361 sctp_send_abort_tcb(asoc, op_err);
2365 * sctp_free_assoc() will call sctp_inpcb_free(),
2366 * if SCTP_PCB_FLAGS_SOCKET_GONE set.
2367 * So, we clear it before sctp_free_assoc() making sure
2368 * no double sctp_inpcb_free().
2370 inp->sctp_flags &= ~SCTP_PCB_FLAGS_SOCKET_GONE;
2371 SCTP_INP_WUNLOCK(inp);
2372 sctp_free_assoc(inp, asoc);
2373 SCTP_INP_WLOCK(inp);
2375 while ((sq = TAILQ_FIRST(&inp->sctp_queue_list)) != NULL) {
2376 TAILQ_REMOVE(&inp->sctp_queue_list, sq, next_sq);
2377 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_sockq, sq);
2378 sctppcbinfo.ipi_count_sockq--;
2379 sctppcbinfo.ipi_gencnt_sockq++;
2381 inp->sctp_socket = 0;
2382 /* Now first we remove ourselves from the overall list of all EP's */
2384 /* Unlock inp first, need correct order */
2385 SCTP_INP_WUNLOCK(inp);
2386 /* now iterator lock */
2387 SCTP_ITERATOR_LOCK();
2389 SCTP_INP_INFO_WLOCK();
2390 /* now reget the inp lock */
2391 SCTP_INP_WLOCK(inp);
2393 inp_save = LIST_NEXT(inp, sctp_list);
2394 LIST_REMOVE(inp, sctp_list);
2396 * Now the question comes as to if this EP was ever bound at all.
2397 * If it was, then we must pull it out of the EP hash list.
2399 if ((inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) !=
2400 SCTP_PCB_FLAGS_UNBOUND) {
2402 * ok, this guy has been bound. It's port is somewhere
2403 * in the sctppcbinfo hash table. Remove it!
2405 LIST_REMOVE(inp, sctp_hash);
2407 /* fix any iterators only after out of the list */
2408 sctp_iterator_inp_being_freed(inp, inp_save);
2409 SCTP_ITERATOR_UNLOCK();
2411 * if we have an address list the following will free the list of
2412 * ifaddr's that are set into this ep. Again macro limitations here,
2413 * since the LIST_FOREACH could be a bad idea.
2415 for ((laddr = LIST_FIRST(&inp->sctp_addr_list)); laddr != NULL;
2417 nladdr = LIST_NEXT(laddr, sctp_nxt_addr);
2418 LIST_REMOVE(laddr, sctp_nxt_addr);
2419 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_laddr, laddr);
2420 sctppcbinfo.ipi_gencnt_laddr++;
2421 sctppcbinfo.ipi_count_laddr--;
2423 /* Now lets see about freeing the EP hash table. */
2424 if (inp->sctp_tcbhash != NULL) {
2425 hashdestroy(inp->sctp_tcbhash, M_PCB, inp->sctp_hashmark);
2426 inp->sctp_tcbhash = 0;
2428 SCTP_INP_WUNLOCK(inp);
2429 SCTP_ASOC_CREATE_UNLOCK(inp);
2430 SCTP_INP_LOCK_DESTROY(inp);
2431 SCTP_ASOC_CREATE_LOCK_DESTROY(inp);
2433 /* Now we must put the ep memory back into the zone pool */
2434 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_ep, inp);
2435 sctppcbinfo.ipi_count_ep--;
2437 SCTP_INP_INFO_WUNLOCK();
2442 sctp_findnet(struct sctp_tcb *stcb, struct sockaddr *addr)
2444 struct sctp_nets *net;
2446 struct sockaddr_in *sin;
2448 /* why do we need to check the port for a nets list on an assoc? */
2449 /* use the peer's/remote port for lookup if unspecified */
2450 sin = (struct sockaddr_in *)addr;
2451 if (stcb->rport != sin->sin_port) {
2452 /* we cheat and just a sin for this test */
2456 /* locate the address */
2457 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
2458 if (sctp_cmpaddr(addr, (struct sockaddr *)&net->ro._l_addr))
2466 * add's a remote endpoint address, done with the INIT/INIT-ACK
2467 * as well as when a ASCONF arrives that adds it. It will also
2468 * initialize all the cwnd stats of stuff.
2471 sctp_is_address_on_local_host(struct sockaddr *addr)
2475 TAILQ_FOREACH(ifn, &ifnet, if_list) {
2476 struct ifaddr_container *ifac;
2478 TAILQ_FOREACH(ifac, &ifn->if_addrheads[mycpuid], ifa_link) {
2479 struct ifaddr *ifa = ifac->ifa;
2481 if (addr->sa_family == ifa->ifa_addr->sa_family) {
2483 if (addr->sa_family == AF_INET) {
2484 struct sockaddr_in *sin, *sin_c;
2485 sin = (struct sockaddr_in *)addr;
2486 sin_c = (struct sockaddr_in *)
2488 if (sin->sin_addr.s_addr ==
2489 sin_c->sin_addr.s_addr) {
2490 /* we are on the same machine */
2493 } else if (addr->sa_family == AF_INET6) {
2494 struct sockaddr_in6 *sin6, *sin_c6;
2495 sin6 = (struct sockaddr_in6 *)addr;
2496 sin_c6 = (struct sockaddr_in6 *)
2498 if (SCTP6_ARE_ADDR_EQUAL(&sin6->sin6_addr,
2499 &sin_c6->sin6_addr)) {
2500 /* we are on the same machine */
2511 sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr,
2512 int set_scope, int from)
2515 * The following is redundant to the same lines in the
2516 * sctp_aloc_assoc() but is needed since other's call the add
2519 struct sctp_nets *net, *netfirst;
2523 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
2524 kprintf("Adding an address (from:%d) to the peer: ", from);
2525 sctp_print_address(newaddr);
2528 netfirst = sctp_findnet(stcb, newaddr);
2531 * Lie and return ok, we don't want to make the association
2532 * go away for this behavior. It will happen in the TCP model
2533 * in a connected socket. It does not reach the hash table
2534 * until after the association is built so it can't be found.
2535 * Mark as reachable, since the initial creation will have
2536 * been cleared and the NOT_IN_ASSOC flag will have been
2537 * added... and we don't want to end up removing it back out.
2539 if (netfirst->dest_state & SCTP_ADDR_UNCONFIRMED) {
2540 netfirst->dest_state = (SCTP_ADDR_REACHABLE|
2541 SCTP_ADDR_UNCONFIRMED);
2543 netfirst->dest_state = SCTP_ADDR_REACHABLE;
2549 if (newaddr->sa_family == AF_INET) {
2550 struct sockaddr_in *sin;
2551 sin = (struct sockaddr_in *)newaddr;
2552 if (sin->sin_addr.s_addr == 0) {
2553 /* Invalid address */
2556 /* zero out the bzero area */
2557 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
2559 /* assure len is set */
2560 sin->sin_len = sizeof(struct sockaddr_in);
2562 #ifdef SCTP_DONT_DO_PRIVADDR_SCOPE
2563 stcb->ipv4_local_scope = 1;
2565 if (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) {
2566 stcb->asoc.ipv4_local_scope = 1;
2568 #endif /* SCTP_DONT_DO_PRIVADDR_SCOPE */
2570 if (sctp_is_address_on_local_host(newaddr)) {
2571 stcb->asoc.loopback_scope = 1;
2572 stcb->asoc.ipv4_local_scope = 1;
2573 stcb->asoc.local_scope = 1;
2574 stcb->asoc.site_scope = 1;
2579 if (sctp_is_address_on_local_host(newaddr)) {
2580 stcb->asoc.loopback_scope = 1;
2581 stcb->asoc.ipv4_local_scope = 1;
2582 stcb->asoc.local_scope = 1;
2583 stcb->asoc.site_scope = 1;
2586 /* Validate the address is in scope */
2587 if ((IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) &&
2588 (stcb->asoc.ipv4_local_scope == 0)) {
2592 } else if (newaddr->sa_family == AF_INET6) {
2593 struct sockaddr_in6 *sin6;
2594 sin6 = (struct sockaddr_in6 *)newaddr;
2595 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
2596 /* Invalid address */
2599 /* assure len is set */
2600 sin6->sin6_len = sizeof(struct sockaddr_in6);
2602 if (sctp_is_address_on_local_host(newaddr)) {
2603 stcb->asoc.loopback_scope = 1;
2604 stcb->asoc.local_scope = 1;
2605 stcb->asoc.ipv4_local_scope = 1;
2606 stcb->asoc.site_scope = 1;
2607 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
2609 * If the new destination is a LINK_LOCAL
2610 * we must have common site scope. Don't set
2611 * the local scope since we may not share all
2612 * links, only loopback can do this.
2613 * Links on the local network would also
2614 * be on our private network for v4 too.
2616 stcb->asoc.ipv4_local_scope = 1;
2617 stcb->asoc.site_scope = 1;
2618 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
2620 * If the new destination is SITE_LOCAL
2621 * then we must have site scope in common.
2623 stcb->asoc.site_scope = 1;
2628 if (sctp_is_address_on_local_host(newaddr)) {
2629 stcb->asoc.loopback_scope = 1;
2630 stcb->asoc.ipv4_local_scope = 1;
2631 stcb->asoc.local_scope = 1;
2632 stcb->asoc.site_scope = 1;
2635 /* Validate the address is in scope */
2636 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr) &&
2637 (stcb->asoc.loopback_scope == 0)) {
2639 } else if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) &&
2640 (stcb->asoc.local_scope == 0)) {
2642 } else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr) &&
2643 (stcb->asoc.site_scope == 0)) {
2648 /* not supported family type */
2651 net = (struct sctp_nets *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_net);
2655 sctppcbinfo.ipi_count_raddr++;
2656 sctppcbinfo.ipi_gencnt_raddr++;
2657 bzero(net, sizeof(*net));
2658 memcpy(&net->ro._l_addr, newaddr, newaddr->sa_len);
2659 if (newaddr->sa_family == AF_INET) {
2660 ((struct sockaddr_in *)&net->ro._l_addr)->sin_port = stcb->rport;
2661 } else if (newaddr->sa_family == AF_INET6) {
2662 ((struct sockaddr_in6 *)&net->ro._l_addr)->sin6_port = stcb->rport;
2664 net->addr_is_local = sctp_is_address_on_local_host(newaddr);
2665 net->failure_threshold = stcb->asoc.def_net_failure;
2666 if (addr_inscope == 0) {
2668 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
2669 kprintf("Adding an address which is OUT OF SCOPE\n");
2671 #endif /* SCTP_DEBUG */
2672 net->dest_state = (SCTP_ADDR_REACHABLE |
2673 SCTP_ADDR_OUT_OF_SCOPE);
2676 /* 8 is passed by connect_x */
2677 net->dest_state = SCTP_ADDR_REACHABLE;
2679 net->dest_state = SCTP_ADDR_REACHABLE |
2680 SCTP_ADDR_UNCONFIRMED;
2682 net->RTO = stcb->asoc.initial_rto;
2683 stcb->asoc.numnets++;
2686 /* Init the timer structure */
2687 #if defined(__FreeBSD__) && __FreeBSD_version >= 500000
2688 callout_init(&net->rxt_timer.timer, 0);
2689 callout_init(&net->pmtu_timer.timer, 0);
2691 callout_init(&net->rxt_timer.timer);
2692 callout_init(&net->pmtu_timer.timer);
2695 /* Now generate a route for this guy */
2696 /* KAME hack: embed scopeid */
2697 if (newaddr->sa_family == AF_INET6) {
2698 struct sockaddr_in6 *sin6;
2699 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
2700 #if defined(SCTP_BASE_FREEBSD) || defined(__APPLE__) || defined(__DragonFly__)
2701 in6_embedscope(&sin6->sin6_addr, sin6,
2702 &stcb->sctp_ep->ip_inp.inp, NULL);
2704 in6_embedscope(&sin6->sin6_addr, sin6);
2706 #ifndef SCOPEDROUTING
2707 sin6->sin6_scope_id = 0;
2710 #if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__)
2711 rtalloc_ign((struct route *)&net->ro, 0UL);
2713 rtalloc((struct route *)&net->ro);
2715 if (newaddr->sa_family == AF_INET6) {
2716 struct sockaddr_in6 *sin6;
2717 sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
2718 in6_recoverscope(sin6, &sin6->sin6_addr, NULL);
2720 if ((net->ro.ro_rt) &&
2721 (net->ro.ro_rt->rt_ifp)) {
2722 net->mtu = net->ro.ro_rt->rt_ifp->if_mtu;
2724 stcb->asoc.smallest_mtu = net->mtu;
2726 /* start things off to match mtu of interface please. */
2727 net->ro.ro_rt->rt_rmx.rmx_mtu = net->ro.ro_rt->rt_ifp->if_mtu;
2729 net->mtu = stcb->asoc.smallest_mtu;
2731 if (stcb->asoc.smallest_mtu > net->mtu) {
2732 stcb->asoc.smallest_mtu = net->mtu;
2734 /* We take the max of the burst limit times a MTU or the INITIAL_CWND.
2735 * We then limit this to 4 MTU's of sending.
2737 net->cwnd = min((net->mtu * 4), max((stcb->asoc.max_burst * net->mtu), SCTP_INITIAL_CWND));
2739 /* we always get at LEAST 2 MTU's */
2740 if (net->cwnd < (2 * net->mtu)) {
2741 net->cwnd = 2 * net->mtu;
2744 net->ssthresh = stcb->asoc.peers_rwnd;
2746 net->src_addr_selected = 0;
2747 netfirst = TAILQ_FIRST(&stcb->asoc.nets);
2748 if (net->ro.ro_rt == NULL) {
2749 /* Since we have no route put it at the back */
2750 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net, sctp_next);
2751 } else if (netfirst == NULL) {
2752 /* We are the first one in the pool. */
2753 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
2754 } else if (netfirst->ro.ro_rt == NULL) {
2756 * First one has NO route. Place this one ahead of the
2759 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
2760 } else if (net->ro.ro_rt->rt_ifp != netfirst->ro.ro_rt->rt_ifp) {
2762 * This one has a different interface than the one at the
2763 * top of the list. Place it ahead.
2765 TAILQ_INSERT_HEAD(&stcb->asoc.nets, net, sctp_next);
2768 * Ok we have the same interface as the first one. Move
2769 * forward until we find either
2770 * a) one with a NULL route... insert ahead of that
2771 * b) one with a different ifp.. insert after that.
2772 * c) end of the list.. insert at the tail.
2774 struct sctp_nets *netlook;
2776 netlook = TAILQ_NEXT(netfirst, sctp_next);
2777 if (netlook == NULL) {
2778 /* End of the list */
2779 TAILQ_INSERT_TAIL(&stcb->asoc.nets, net,
2782 } else if (netlook->ro.ro_rt == NULL) {
2783 /* next one has NO route */
2784 TAILQ_INSERT_BEFORE(netfirst, net, sctp_next);
2786 } else if (netlook->ro.ro_rt->rt_ifp !=
2787 net->ro.ro_rt->rt_ifp) {
2788 TAILQ_INSERT_AFTER(&stcb->asoc.nets, netlook,
2794 } while (netlook != NULL);
2796 /* got to have a primary set */
2797 if (stcb->asoc.primary_destination == 0) {
2798 stcb->asoc.primary_destination = net;
2799 } else if ((stcb->asoc.primary_destination->ro.ro_rt == NULL) &&
2801 /* No route to current primary adopt new primary */
2802 stcb->asoc.primary_destination = net;
2804 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb,
2812 * allocate an association and add it to the endpoint. The caller must
2813 * be careful to add all additional addresses once they are know right
2814 * away or else the assoc will be may experience a blackout scenario.
2817 sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
2818 int for_a_init, int *error, uint32_t override_tag)
2820 struct sctp_tcb *stcb;
2821 struct sctp_association *asoc;
2822 struct sctpasochead *head;
2827 * Assumption made here:
2828 * Caller has done a sctp_findassociation_ep_addr(ep, addr's);
2829 * to make sure the address does not exist already.
2831 if (sctppcbinfo.ipi_count_asoc >= SCTP_MAX_NUM_OF_ASOC) {
2832 /* Hit max assoc, sorry no more */
2836 SCTP_INP_RLOCK(inp);
2837 if (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) {
2839 * If its in the TCP pool, its NOT allowed to create an
2840 * association. The parent listener needs to call
2841 * sctp_aloc_assoc.. or the one-2-many socket. If a
2842 * peeled off, or connected one does this.. its an error.
2844 SCTP_INP_RUNLOCK(inp);
2850 if (sctp_debug_on & SCTP_DEBUG_PCB3) {
2851 kprintf("Allocate an association for peer:");
2853 sctp_print_address(firstaddr);
2856 kprintf("Port:%d\n",
2857 ntohs(((struct sockaddr_in *)firstaddr)->sin_port));
2859 #endif /* SCTP_DEBUG */
2860 if (firstaddr->sa_family == AF_INET) {
2861 struct sockaddr_in *sin;
2862 sin = (struct sockaddr_in *)firstaddr;
2863 if ((sin->sin_port == 0) || (sin->sin_addr.s_addr == 0)) {
2864 /* Invalid address */
2866 if (sctp_debug_on & SCTP_DEBUG_PCB3) {
2867 kprintf("peer address invalid\n");
2870 SCTP_INP_RUNLOCK(inp);
2874 rport = sin->sin_port;
2875 } else if (firstaddr->sa_family == AF_INET6) {
2876 struct sockaddr_in6 *sin6;
2877 sin6 = (struct sockaddr_in6 *)firstaddr;
2878 if ((sin6->sin6_port == 0) ||
2879 (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))) {
2880 /* Invalid address */
2882 if (sctp_debug_on & SCTP_DEBUG_PCB3) {
2883 kprintf("peer address invalid\n");
2886 SCTP_INP_RUNLOCK(inp);
2890 rport = sin6->sin6_port;
2892 /* not supported family type */
2894 if (sctp_debug_on & SCTP_DEBUG_PCB3) {
2895 kprintf("BAD family %d\n", firstaddr->sa_family);
2898 SCTP_INP_RUNLOCK(inp);
2902 SCTP_INP_RUNLOCK(inp);
2903 if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) {
2905 * If you have not performed a bind, then we need to do
2906 * the ephemerial bind for you.
2909 if (sctp_debug_on & SCTP_DEBUG_PCB3) {
2910 kprintf("Doing implicit BIND\n");
2914 if ((err = sctp_inpcb_bind(inp->sctp_socket,
2916 #if (defined(__FreeBSD__) && __FreeBSD_version >= 500000) || defined(__DragonFly__)
2922 /* bind error, probably perm */
2924 if (sctp_debug_on & SCTP_DEBUG_PCB3) {
2925 kprintf("BIND FAILS ret:%d\n", err);
2933 stcb = (struct sctp_tcb *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_asoc);
2935 /* out of memory? */
2937 if (sctp_debug_on & SCTP_DEBUG_PCB3) {
2938 kprintf("aloc_assoc: no assoc mem left, stcb=NULL\n");
2944 sctppcbinfo.ipi_count_asoc++;
2945 sctppcbinfo.ipi_gencnt_asoc++;
2947 bzero(stcb, sizeof(*stcb));
2949 SCTP_TCB_LOCK_INIT(stcb);
2950 /* setup back pointer's */
2951 stcb->sctp_ep = inp;
2952 stcb->sctp_socket = inp->sctp_socket;
2953 if ((err = sctp_init_asoc(inp, asoc, for_a_init, override_tag))) {
2955 SCTP_TCB_LOCK_DESTROY (stcb);
2956 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb);
2957 sctppcbinfo.ipi_count_asoc--;
2959 if (sctp_debug_on & SCTP_DEBUG_PCB3) {
2960 kprintf("aloc_assoc: couldn't init asoc, out of mem?!\n");
2967 stcb->rport = rport;
2968 SCTP_INP_INFO_WLOCK();
2969 SCTP_INP_WLOCK(inp);
2970 if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
2971 /* inpcb freed while alloc going on */
2972 SCTP_TCB_LOCK_DESTROY (stcb);
2973 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb);
2974 SCTP_INP_WUNLOCK(inp);
2975 SCTP_INP_INFO_WUNLOCK();
2976 sctppcbinfo.ipi_count_asoc--;
2978 if (sctp_debug_on & SCTP_DEBUG_PCB3) {
2979 kprintf("aloc_assoc: couldn't init asoc, out of mem?!\n");
2985 SCTP_TCB_LOCK(stcb);
2987 /* now that my_vtag is set, add it to the hash */
2988 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(stcb->asoc.my_vtag,
2989 sctppcbinfo.hashasocmark)];
2990 /* put it in the bucket in the vtag hash of assoc's for the system */
2991 LIST_INSERT_HEAD(head, stcb, sctp_asocs);
2992 SCTP_INP_INFO_WUNLOCK();
2995 if ((err = sctp_add_remote_addr(stcb, firstaddr, 1, 1))) {
2996 /* failure.. memory error? */
2998 kfree(asoc->strmout, M_PCB);
2999 if (asoc->mapping_array)
3000 kfree(asoc->mapping_array, M_PCB);
3002 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb);
3003 sctppcbinfo.ipi_count_asoc--;
3005 if (sctp_debug_on & SCTP_DEBUG_PCB3) {
3006 kprintf("aloc_assoc: couldn't add remote addr!\n");
3009 SCTP_TCB_LOCK_DESTROY (stcb);
3013 /* Init all the timers */
3014 #if defined(__FreeBSD__) && __FreeBSD_version >= 500000
3015 callout_init(&asoc->hb_timer.timer, 0);
3016 callout_init(&asoc->dack_timer.timer, 0);
3017 callout_init(&asoc->asconf_timer.timer, 0);
3018 callout_init(&asoc->shut_guard_timer.timer, 0);
3019 callout_init(&asoc->autoclose_timer.timer, 0);
3020 callout_init(&asoc->delayed_event_timer.timer, 0);
3022 callout_init(&asoc->hb_timer.timer);
3023 callout_init(&asoc->dack_timer.timer);
3024 callout_init(&asoc->asconf_timer.timer);
3025 callout_init(&asoc->shut_guard_timer.timer);
3026 callout_init(&asoc->autoclose_timer.timer);
3027 callout_init(&asoc->delayed_event_timer.timer);
3029 LIST_INSERT_HEAD(&inp->sctp_asoc_list, stcb, sctp_tcblist);
3030 /* now file the port under the hash as well */
3031 if (inp->sctp_tcbhash != NULL) {
3032 head = &inp->sctp_tcbhash[SCTP_PCBHASH_ALLADDR(stcb->rport,
3033 inp->sctp_hashmark)];
3034 LIST_INSERT_HEAD(head, stcb, sctp_tcbhash);
3036 SCTP_INP_WUNLOCK(inp);
3038 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
3039 kprintf("Association %p now allocated\n", stcb);
3046 sctp_free_remote_addr(struct sctp_nets *net)
3051 if (net->ref_count <= 0) {
3052 /* stop timer if running */
3053 callout_stop(&net->rxt_timer.timer);
3054 callout_stop(&net->pmtu_timer.timer);
3055 net->dest_state = SCTP_ADDR_NOT_REACHABLE;
3056 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_net, net);
3057 sctppcbinfo.ipi_count_raddr--;
3062 * remove a remote endpoint address from an association, it
3063 * will fail if the address does not exist.
3066 sctp_del_remote_addr(struct sctp_tcb *stcb, struct sockaddr *remaddr)
3069 * Here we need to remove a remote address. This is quite simple, we
3070 * first find it in the list of address for the association
3071 * (tasoc->asoc.nets) and then if it is there, we do a LIST_REMOVE on
3073 * Note we do not allow it to be removed if there are no other
3076 struct sctp_association *asoc;
3077 struct sctp_nets *net, *net_tmp;
3079 if (asoc->numnets < 2) {
3080 /* Must have at LEAST two remote addresses */
3083 /* locate the address */
3084 for (net = TAILQ_FIRST(&asoc->nets); net != NULL; net = net_tmp) {
3085 net_tmp = TAILQ_NEXT(net, sctp_next);
3086 if (net->ro._l_addr.sa.sa_family != remaddr->sa_family) {
3089 if (sctp_cmpaddr((struct sockaddr *)&net->ro._l_addr,
3091 /* we found the guy */
3093 TAILQ_REMOVE(&asoc->nets, net, sctp_next);
3094 sctp_free_remote_addr(net);
3095 if (net == asoc->primary_destination) {
3097 struct sctp_nets *lnet;
3098 lnet = TAILQ_FIRST(&asoc->nets);
3099 /* Try to find a confirmed primary */
3100 asoc->primary_destination =
3101 sctp_find_alternate_net(stcb, lnet);
3103 if (net == asoc->last_data_chunk_from) {
3105 asoc->last_data_chunk_from =
3106 TAILQ_FIRST(&asoc->nets);
3108 if (net == asoc->last_control_chunk_from) {
3110 asoc->last_control_chunk_from =
3111 TAILQ_FIRST(&asoc->nets);
3113 if (net == asoc->asconf_last_sent_to) {
3115 asoc->asconf_last_sent_to =
3116 TAILQ_FIRST(&asoc->nets);
3127 sctp_add_vtag_to_timewait(struct sctp_inpcb *inp, u_int32_t tag)
3129 struct sctpvtaghead *chain;
3130 struct sctp_tagblock *twait_block;
3133 SCTP_GETTIME_TIMEVAL(&now);
3134 chain = &sctppcbinfo.vtag_timewait[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
3136 if (!LIST_EMPTY(chain)) {
3137 /* Block(s) present, lets find space, and expire on the fly */
3138 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
3139 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
3140 if ((twait_block->vtag_block[i].v_tag == 0) &&
3142 twait_block->vtag_block[0].tv_sec_at_expire =
3143 now.tv_sec + SCTP_TIME_WAIT;
3144 twait_block->vtag_block[0].v_tag = tag;
3146 } else if ((twait_block->vtag_block[i].v_tag) &&
3147 ((long)twait_block->vtag_block[i].tv_sec_at_expire >
3149 /* Audit expires this guy */
3150 twait_block->vtag_block[i].tv_sec_at_expire = 0;
3151 twait_block->vtag_block[i].v_tag = 0;
3153 /* Reuse it for my new tag */
3154 twait_block->vtag_block[0].tv_sec_at_expire = now.tv_sec + SCTP_TIME_WAIT;
3155 twait_block->vtag_block[0].v_tag = tag;
3162 * We only do up to the block where we can
3163 * place our tag for audits
3169 /* Need to add a new block to chain */
3171 twait_block = kmalloc(sizeof(struct sctp_tagblock), M_PCB,
3173 if (twait_block == NULL) {
3176 memset(twait_block, 0, sizeof(struct sctp_timewait));
3177 LIST_INSERT_HEAD(chain, twait_block, sctp_nxt_tagblock);
3178 twait_block->vtag_block[0].tv_sec_at_expire = now.tv_sec +
3180 twait_block->vtag_block[0].v_tag = tag;
3186 sctp_iterator_asoc_being_freed(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
3188 struct sctp_iterator *it;
3192 /* Unlock the tcb lock we do this so
3193 * we avoid a dead lock scenario where
3194 * the iterator is waiting on the TCB lock
3195 * and the TCB lock is waiting on the iterator
3198 SCTP_ITERATOR_LOCK();
3199 SCTP_INP_INFO_WLOCK();
3200 SCTP_INP_WLOCK(inp);
3201 SCTP_TCB_LOCK(stcb);
3203 it = stcb->asoc.stcb_starting_point_for_iterator;
3207 if (it->inp != stcb->sctp_ep) {
3208 /* hm, focused on the wrong one? */
3211 if (it->stcb != stcb) {
3214 it->stcb = LIST_NEXT(stcb, sctp_tcblist);
3215 if (it->stcb == NULL) {
3216 /* done with all asoc's in this assoc */
3217 if (it->iterator_flags & SCTP_ITERATOR_DO_SINGLE_INP) {
3221 it->inp = LIST_NEXT(inp, sctp_list);
3227 * Free the association after un-hashing the remote port.
3230 sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
3232 struct sctp_association *asoc;
3233 struct sctp_nets *net, *prev;
3234 struct sctp_laddr *laddr;
3235 struct sctp_tmit_chunk *chk;
3236 struct sctp_asconf_addr *aparam;
3237 struct sctp_socket_q_list *sq;
3239 /* first, lets purge the entry from the hash table. */
3240 if (stcb->asoc.state == 0) {
3241 kprintf("Freeing already free association:%p - huh??\n",
3247 /* now clean up any other timers */
3248 callout_stop(&asoc->hb_timer.timer);
3249 callout_stop(&asoc->dack_timer.timer);
3250 callout_stop(&asoc->asconf_timer.timer);
3251 callout_stop(&asoc->shut_guard_timer.timer);
3252 callout_stop(&asoc->autoclose_timer.timer);
3253 callout_stop(&asoc->delayed_event_timer.timer);
3254 TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
3255 callout_stop(&net->rxt_timer.timer);
3256 callout_stop(&net->pmtu_timer.timer);
3259 /* Iterator asoc being freed we send an
3260 * unlocked TCB. It returns with INP_INFO
3261 * and INP write locked and the TCB locked
3262 * too and of course the iterator lock
3263 * in place as well..
3265 SCTP_TCB_UNLOCK(stcb);
3266 sctp_iterator_asoc_being_freed(inp, stcb);
3268 /* Null all of my entry's on the socket q */
3269 TAILQ_FOREACH(sq, &inp->sctp_queue_list, next_sq) {
3270 if (sq->tcb == stcb) {
3275 if (inp->sctp_tcb_at_block == (void *)stcb) {
3276 inp->error_on_block = ECONNRESET;
3279 if (inp->sctp_tcbhash) {
3280 LIST_REMOVE(stcb, sctp_tcbhash);
3282 /* Now lets remove it from the list of ALL associations in the EP */
3283 LIST_REMOVE(stcb, sctp_tcblist);
3284 SCTP_INP_WUNLOCK(inp);
3285 SCTP_ITERATOR_UNLOCK();
3288 /* pull from vtag hash */
3289 LIST_REMOVE(stcb, sctp_asocs);
3292 * Now before we can free the assoc, we must remove all of the
3293 * networks and any other allocated space.. i.e. add removes here
3294 * before the SCTP_ZONE_FREE() of the tasoc entry.
3297 sctp_add_vtag_to_timewait(inp, asoc->my_vtag);
3298 SCTP_INP_INFO_WUNLOCK();
3300 while (!TAILQ_EMPTY(&asoc->nets)) {
3301 net = TAILQ_FIRST(&asoc->nets);
3302 /* pull from list */
3303 if ((sctppcbinfo.ipi_count_raddr == 0) || (prev == net)) {
3307 TAILQ_REMOVE(&asoc->nets, net, sctp_next);
3310 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_net, net);
3311 sctppcbinfo.ipi_count_raddr--;
3314 * The chunk lists and such SHOULD be empty but we check them
3317 /* anything on the wheel needs to be removed */
3318 while (!TAILQ_EMPTY(&asoc->out_wheel)) {
3319 struct sctp_stream_out *outs;
3320 outs = TAILQ_FIRST(&asoc->out_wheel);
3321 TAILQ_REMOVE(&asoc->out_wheel, outs, next_spoke);
3322 /* now clean up any chunks here */
3323 chk = TAILQ_FIRST(&outs->outqueue);
3325 TAILQ_REMOVE(&outs->outqueue, chk, sctp_next);
3327 sctp_m_freem(chk->data);
3332 /* Free the chunk */
3333 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
3334 sctppcbinfo.ipi_count_chunk--;
3335 sctppcbinfo.ipi_gencnt_chunk++;
3336 if ((int)sctppcbinfo.ipi_count_chunk < 0) {
3337 panic("Chunk count is negative");
3339 chk = TAILQ_FIRST(&outs->outqueue);
3341 outs = TAILQ_FIRST(&asoc->out_wheel);
3344 if (asoc->pending_reply) {
3345 kfree(asoc->pending_reply, M_PCB);
3346 asoc->pending_reply = NULL;
3348 chk = TAILQ_FIRST(&asoc->pending_reply_queue);
3350 TAILQ_REMOVE(&asoc->pending_reply_queue, chk, sctp_next);
3352 sctp_m_freem(chk->data);
3357 /* Free the chunk */
3358 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
3359 sctppcbinfo.ipi_count_chunk--;
3360 sctppcbinfo.ipi_gencnt_chunk++;
3361 if ((int)sctppcbinfo.ipi_count_chunk < 0) {
3362 panic("Chunk count is negative");
3364 chk = TAILQ_FIRST(&asoc->pending_reply_queue);
3366 /* pending send queue SHOULD be empty */
3367 if (!TAILQ_EMPTY(&asoc->send_queue)) {
3368 chk = TAILQ_FIRST(&asoc->send_queue);
3370 TAILQ_REMOVE(&asoc->send_queue, chk, sctp_next);
3372 sctp_m_freem(chk->data);
3375 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
3376 sctppcbinfo.ipi_count_chunk--;
3377 if ((int)sctppcbinfo.ipi_count_chunk < 0) {
3378 panic("Chunk count is negative");
3380 sctppcbinfo.ipi_gencnt_chunk++;
3381 chk = TAILQ_FIRST(&asoc->send_queue);
3384 /* sent queue SHOULD be empty */
3385 if (!TAILQ_EMPTY(&asoc->sent_queue)) {
3386 chk = TAILQ_FIRST(&asoc->sent_queue);
3388 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
3390 sctp_m_freem(chk->data);
3393 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
3394 sctppcbinfo.ipi_count_chunk--;
3395 if ((int)sctppcbinfo.ipi_count_chunk < 0) {
3396 panic("Chunk count is negative");
3398 sctppcbinfo.ipi_gencnt_chunk++;
3399 chk = TAILQ_FIRST(&asoc->sent_queue);
3402 /* control queue MAY not be empty */
3403 if (!TAILQ_EMPTY(&asoc->control_send_queue)) {
3404 chk = TAILQ_FIRST(&asoc->control_send_queue);
3406 TAILQ_REMOVE(&asoc->control_send_queue, chk, sctp_next);
3408 sctp_m_freem(chk->data);
3411 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
3412 sctppcbinfo.ipi_count_chunk--;
3413 if ((int)sctppcbinfo.ipi_count_chunk < 0) {
3414 panic("Chunk count is negative");
3416 sctppcbinfo.ipi_gencnt_chunk++;
3417 chk = TAILQ_FIRST(&asoc->control_send_queue);
3420 if (!TAILQ_EMPTY(&asoc->reasmqueue)) {
3421 chk = TAILQ_FIRST(&asoc->reasmqueue);
3423 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
3425 sctp_m_freem(chk->data);
3428 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
3429 sctppcbinfo.ipi_count_chunk--;
3430 if ((int)sctppcbinfo.ipi_count_chunk < 0) {
3431 panic("Chunk count is negative");
3433 sctppcbinfo.ipi_gencnt_chunk++;
3434 chk = TAILQ_FIRST(&asoc->reasmqueue);
3437 if (!TAILQ_EMPTY(&asoc->delivery_queue)) {
3438 chk = TAILQ_FIRST(&asoc->delivery_queue);
3440 TAILQ_REMOVE(&asoc->delivery_queue, chk, sctp_next);
3442 sctp_m_freem(chk->data);
3445 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
3446 sctppcbinfo.ipi_count_chunk--;
3447 if ((int)sctppcbinfo.ipi_count_chunk < 0) {
3448 panic("Chunk count is negative");
3450 sctppcbinfo.ipi_gencnt_chunk++;
3451 chk = TAILQ_FIRST(&asoc->delivery_queue);
3454 if (asoc->mapping_array) {
3455 kfree(asoc->mapping_array, M_PCB);
3456 asoc->mapping_array = NULL;
3459 /* the stream outs */
3460 if (asoc->strmout) {
3461 kfree(asoc->strmout, M_PCB);
3462 asoc->strmout = NULL;
3464 asoc->streamoutcnt = 0;
3467 for (i = 0; i < asoc->streamincnt; i++) {
3468 if (!TAILQ_EMPTY(&asoc->strmin[i].inqueue)) {
3469 /* We have somethings on the streamin queue */
3470 chk = TAILQ_FIRST(&asoc->strmin[i].inqueue);
3472 TAILQ_REMOVE(&asoc->strmin[i].inqueue,
3475 sctp_m_freem(chk->data);
3478 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk,
3480 sctppcbinfo.ipi_count_chunk--;
3481 if ((int)sctppcbinfo.ipi_count_chunk < 0) {
3482 panic("Chunk count is negative");
3484 sctppcbinfo.ipi_gencnt_chunk++;
3485 chk = TAILQ_FIRST(&asoc->strmin[i].inqueue);
3489 kfree(asoc->strmin, M_PCB);
3490 asoc->strmin = NULL;
3492 asoc->streamincnt = 0;
3493 /* local addresses, if any */
3494 while (!LIST_EMPTY(&asoc->sctp_local_addr_list)) {
3495 laddr = LIST_FIRST(&asoc->sctp_local_addr_list);
3496 LIST_REMOVE(laddr, sctp_nxt_addr);
3497 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_laddr, laddr);
3498 sctppcbinfo.ipi_count_laddr--;
3500 /* pending asconf (address) parameters */
3501 while (!TAILQ_EMPTY(&asoc->asconf_queue)) {
3502 aparam = TAILQ_FIRST(&asoc->asconf_queue);
3503 TAILQ_REMOVE(&asoc->asconf_queue, aparam, next);
3504 kfree(aparam, M_PCB);
3506 if (asoc->last_asconf_ack_sent != NULL) {
3507 sctp_m_freem(asoc->last_asconf_ack_sent);
3508 asoc->last_asconf_ack_sent = NULL;
3510 /* Insert new items here :> */
3512 /* Get rid of LOCK */
3513 SCTP_TCB_LOCK_DESTROY(stcb);
3515 /* now clean up the tasoc itself */
3516 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb);
3517 sctppcbinfo.ipi_count_asoc--;
3518 if ((inp->sctp_socket->so_snd.ssb_cc) ||
3519 (inp->sctp_socket->so_snd.ssb_mbcnt)) {
3520 /* This will happen when a abort is done */
3521 inp->sctp_socket->so_snd.ssb_cc = 0;
3522 inp->sctp_socket->so_snd.ssb_mbcnt = 0;
3524 if (inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) {
3525 if ((inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL) == 0) {
3526 if (inp->sctp_flags & SCTP_PCB_FLAGS_CONNECTED) {
3528 * For the base fd, that is NOT in TCP pool we
3529 * turn off the connected flag. This allows
3530 * non-listening endpoints to connect/shutdown/
3533 inp->sctp_flags &= ~SCTP_PCB_FLAGS_CONNECTED;
3534 soisdisconnected(inp->sctp_socket);
3537 * For those that are in the TCP pool we just leave
3538 * so it cannot be used. When they close the fd we
3543 if (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) {
3544 sctp_inpcb_free(inp, 0);
3550 * determine if a destination is "reachable" based upon the addresses
3551 * bound to the current endpoint (e.g. only v4 or v6 currently bound)
3554 * FIX: if we allow assoc-level bindx(), then this needs to be fixed
3555 * to use assoc level v4/v6 flags, as the assoc *may* not have the
3556 * same address types bound as its endpoint
3559 sctp_destination_is_reachable(struct sctp_tcb *stcb, struct sockaddr *destaddr)
3561 struct sctp_inpcb *inp;
3564 /* No locks here, the TCB, in all cases is already
3565 * locked and an assoc is up. There is either a
3566 * INP lock by the caller applied (in asconf case when
3567 * deleting an address) or NOT in the HB case, however
3568 * if HB then the INP increment is up and the INP
3569 * will not be removed (on top of the fact that
3570 * we have a TCB lock). So we only want to
3571 * read the sctp_flags, which is either bound-all
3572 * or not.. no protection needed since once an
3573 * assoc is up you can't be changing your binding.
3575 inp = stcb->sctp_ep;
3576 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
3577 /* if bound all, destination is not restricted */
3578 /* RRS: Question during lock work: Is this
3579 * correct? If you are bound-all you still
3580 * might need to obey the V4--V6 flags???
3581 * IMO this bound-all stuff needs to be removed!
3585 /* NOTE: all "scope" checks are done when local addresses are added */
3586 if (destaddr->sa_family == AF_INET6) {
3587 answer = INP_ISIPV6(&inp->ip_inp.inp);
3588 } else if (destaddr->sa_family == AF_INET) {
3589 answer = INP_ISIPV4(&inp->ip_inp.inp);
3591 /* invalid family, so it's unreachable */
3598 * Add the address to the endpoint local address list
3599 * There is nothing to be done if we are bound to all addresses
3602 sctp_add_local_addr_ep(struct sctp_inpcb *inp, struct ifaddr *ifa)
3604 struct sctp_laddr *laddr;
3608 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
3609 /* You are already bound to all. You have it already */
3612 if (ifa->ifa_addr->sa_family == AF_INET6) {
3613 struct in6_ifaddr *ifa6;
3614 ifa6 = (struct in6_ifaddr *)ifa;
3615 if (ifa6->ia6_flags & (IN6_IFF_DETACHED |
3616 IN6_IFF_DEPRECATED | IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))
3617 /* Can't bind a non-existent addr. */
3620 /* first, is it already present? */
3621 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
3622 if (laddr->ifa == ifa) {
3628 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) && (fnd == 0)) {
3629 /* Not bound to all */
3630 error = sctp_insert_laddr(&inp->sctp_addr_list, ifa);
3635 * We don't allow change of the inp_af; we don't support
3636 * v4-mapped address.
3644 * select a new (hopefully reachable) destination net
3645 * (should only be used when we deleted an ep addr that is the
3646 * only usable source address to reach the destination net)
3649 sctp_select_primary_destination(struct sctp_tcb *stcb)
3651 struct sctp_nets *net;
3653 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
3654 /* for now, we'll just pick the first reachable one we find */
3655 if (net->dest_state & SCTP_ADDR_UNCONFIRMED)
3657 if (sctp_destination_is_reachable(stcb,
3658 (struct sockaddr *)&net->ro._l_addr)) {
3659 /* found a reachable destination */
3660 stcb->asoc.primary_destination = net;
3663 /* I can't there from here! ...we're gonna die shortly... */
3668 * Delete the address from the endpoint local address list
3669 * There is nothing to be done if we are bound to all addresses
3672 sctp_del_local_addr_ep(struct sctp_inpcb *inp, struct ifaddr *ifa)
3674 struct sctp_laddr *laddr;
3677 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
3678 /* You are already bound to all. You have it already */
3682 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
3683 if (laddr->ifa == ifa) {
3688 if (fnd && (inp->laddr_count < 2)) {
3689 /* can't delete unless there are at LEAST 2 addresses */
3692 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) && (fnd)) {
3694 * clean up any use of this address
3695 * go through our associations and clear any
3696 * last_used_address that match this one
3697 * for each assoc, see if a new primary_destination is needed
3699 struct sctp_tcb *stcb;
3701 /* clean up "next_addr_touse" */
3702 if (inp->next_addr_touse == laddr)
3703 /* delete this address */
3704 inp->next_addr_touse = NULL;
3706 /* clean up "last_used_address" */
3707 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
3708 if (stcb->asoc.last_used_address == laddr)
3709 /* delete this address */
3710 stcb->asoc.last_used_address = NULL;
3711 } /* for each tcb */
3713 /* remove it from the ep list */
3714 sctp_remove_laddr(laddr);
3717 * We don't allow change of the inp_af; we don't support
3718 * v4-mapped address.
3720 /* select a new primary destination if needed */
3721 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
3722 /* presume caller (sctp_asconf.c) already owns INP lock */
3723 SCTP_TCB_LOCK(stcb);
3724 if (sctp_destination_is_reachable(stcb,
3725 (struct sockaddr *)&stcb->asoc.primary_destination->ro._l_addr) == 0) {
3726 sctp_select_primary_destination(stcb);
3728 SCTP_TCB_UNLOCK(stcb);
3729 } /* for each tcb */
3735 * Add the addr to the TCB local address list
3736 * For the BOUNDALL or dynamic case, this is a "pending" address list
3737 * (eg. addresses waiting for an ASCONF-ACK response)
3738 * For the subset binding, static case, this is a "valid" address list
3741 sctp_add_local_addr_assoc(struct sctp_tcb *stcb, struct ifaddr *ifa)
3743 struct sctp_laddr *laddr;
3746 /* Assumes TCP is locked.. and possiblye
3747 * the INP. May need to confirm/fix that if
3748 * we need it and is not the case.
3750 if (ifa->ifa_addr->sa_family == AF_INET6) {
3751 struct in6_ifaddr *ifa6;
3752 ifa6 = (struct in6_ifaddr *)ifa;
3753 if (ifa6->ia6_flags & (IN6_IFF_DETACHED |
3754 /* IN6_IFF_DEPRECATED | */
3757 /* Can't bind a non-existent addr. */
3760 /* does the address already exist? */
3761 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, sctp_nxt_addr) {
3762 if (laddr->ifa == ifa) {
3767 /* add to the list */
3768 error = sctp_insert_laddr(&stcb->asoc.sctp_local_addr_list, ifa);
3775 * insert an laddr entry with the given ifa for the desired list
3778 sctp_insert_laddr(struct sctpladdr *list, struct ifaddr *ifa) {
3779 struct sctp_laddr *laddr;
3781 laddr = (struct sctp_laddr *)SCTP_ZONE_GET(sctppcbinfo.ipi_zone_laddr);
3782 if (laddr == NULL) {
3783 /* out of memory? */
3786 sctppcbinfo.ipi_count_laddr++;
3787 sctppcbinfo.ipi_gencnt_laddr++;
3788 bzero(laddr, sizeof(*laddr));
3791 LIST_INSERT_HEAD(list, laddr, sctp_nxt_addr);
3797 * Remove an laddr entry from the local address list (on an assoc)
3800 sctp_remove_laddr(struct sctp_laddr *laddr)
3802 /* remove from the list */
3803 LIST_REMOVE(laddr, sctp_nxt_addr);
3804 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_laddr, laddr);
3805 sctppcbinfo.ipi_count_laddr--;
3806 sctppcbinfo.ipi_gencnt_laddr++;
3810 * Remove an address from the TCB local address list
3813 sctp_del_local_addr_assoc(struct sctp_tcb *stcb, struct ifaddr *ifa)
3815 struct sctp_inpcb *inp;
3816 struct sctp_laddr *laddr;
3818 /* This is called by asconf work. It is assumed that
3819 * a) The TCB is locked
3821 * b) The INP is locked.
3822 * This is true in as much as I can trace through
3823 * the entry asconf code where I did these locks.
3824 * Again, the ASCONF code is a bit different in
3825 * that it does lock the INP during its work often
3826 * times. This must be since we don't want other
3827 * proc's looking up things while what they are
3828 * looking up is changing :-D
3831 inp = stcb->sctp_ep;
3832 /* if subset bound and don't allow ASCONF's, can't delete last */
3833 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) &&
3834 ((inp->sctp_flags & SCTP_PCB_FLAGS_DO_ASCONF) == 0)) {
3835 if (stcb->asoc.numnets < 2) {
3836 /* can't delete last address */
3841 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, sctp_nxt_addr) {
3842 /* remove the address if it exists */
3843 if (laddr->ifa == NULL)
3845 if (laddr->ifa == ifa) {
3846 sctp_remove_laddr(laddr);
3851 /* address not found! */
3856 * Remove an address from the TCB local address list
3857 * lookup using a sockaddr addr
3860 sctp_del_local_addr_assoc_sa(struct sctp_tcb *stcb, struct sockaddr *sa)
3862 struct sctp_inpcb *inp;
3863 struct sctp_laddr *laddr;
3864 struct sockaddr *l_sa;
3867 * This function I find does not seem to have a caller.
3868 * As such we NEED TO DELETE this code. If we do
3869 * find a caller, the caller MUST have locked the TCB
3870 * at the least and probably the INP as well.
3872 inp = stcb->sctp_ep;
3873 /* if subset bound and don't allow ASCONF's, can't delete last */
3874 if (((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) &&
3875 ((inp->sctp_flags & SCTP_PCB_FLAGS_DO_ASCONF) == 0)) {
3876 if (stcb->asoc.numnets < 2) {
3877 /* can't delete last address */
3882 LIST_FOREACH(laddr, &stcb->asoc.sctp_local_addr_list, sctp_nxt_addr) {
3883 /* make sure the address exists */
3884 if (laddr->ifa == NULL)
3886 if (laddr->ifa->ifa_addr == NULL)
3889 l_sa = laddr->ifa->ifa_addr;
3890 if (l_sa->sa_family == AF_INET6) {
3892 struct sockaddr_in6 *sin1, *sin2;
3893 sin1 = (struct sockaddr_in6 *)l_sa;
3894 sin2 = (struct sockaddr_in6 *)sa;
3895 if (memcmp(&sin1->sin6_addr, &sin2->sin6_addr,
3896 sizeof(struct in6_addr)) == 0) {
3898 sctp_remove_laddr(laddr);
3901 } else if (l_sa->sa_family == AF_INET) {
3903 struct sockaddr_in *sin1, *sin2;
3904 sin1 = (struct sockaddr_in *)l_sa;
3905 sin2 = (struct sockaddr_in *)sa;
3906 if (sin1->sin_addr.s_addr == sin2->sin_addr.s_addr) {
3908 sctp_remove_laddr(laddr);
3912 /* invalid family */
3916 /* address not found! */
3920 static char sctp_pcb_initialized = 0;
3922 #if defined(__FreeBSD__) || defined(__APPLE__)
3924 /* not used by DragonFly SCTP_ZONE_INIT macro */
3925 static int sctp_max_number_of_assoc = SCTP_MAX_NUM_OF_ASOC;
3926 static int sctp_scale_up_for_address = SCTP_SCALE_FOR_ADDR;
3928 #endif /* FreeBSD || APPLE || DragonFly */
3930 #ifndef SCTP_TCBHASHSIZE
3931 #define SCTP_TCBHASHSIZE 1024
3934 #ifndef SCTP_CHUNKQUEUE_SCALE
3935 #define SCTP_CHUNKQUEUE_SCALE 10
3942 * SCTP initialization for the PCB structures
3943 * should be called by the sctp_init() funciton.
3946 int hashtblsize = SCTP_TCBHASHSIZE;
3948 #if defined(__FreeBSD__) || defined(__APPLE__)
3949 /* not used by DragonFly SCTP_ZONE_INIT macro */
3950 int sctp_chunkscale = SCTP_CHUNKQUEUE_SCALE;
3953 if (sctp_pcb_initialized != 0) {
3954 /* error I was called twice */
3957 sctp_pcb_initialized = 1;
3959 /* Init all peg counts */
3960 for (i = 0; i < SCTP_NUMBER_OF_PEGS; i++) {
3964 /* init the empty list of (All) Endpoints */
3965 LIST_INIT(&sctppcbinfo.listhead);
3967 /* init the iterator head */
3968 LIST_INIT(&sctppcbinfo.iteratorhead);
3970 /* init the hash table of endpoints */
3971 #if defined(__FreeBSD__)
3972 #if defined(__FreeBSD_cc_version) && __FreeBSD_cc_version >= 440000
3973 TUNABLE_INT_FETCH("net.inet.sctp.tcbhashsize", &hashtblsize);
3974 TUNABLE_INT_FETCH("net.inet.sctp.pcbhashsize", &sctp_pcbtblsize);
3975 TUNABLE_INT_FETCH("net.inet.sctp.chunkscale", &sctp_chunkscale);
3977 TUNABLE_INT_FETCH("net.inet.sctp.tcbhashsize", SCTP_TCBHASHSIZE,
3979 TUNABLE_INT_FETCH("net.inet.sctp.pcbhashsize", SCTP_PCBHASHSIZE,
3981 TUNABLE_INT_FETCH("net.inet.sctp.chunkscale", SCTP_CHUNKQUEUE_SCALE,
3986 sctppcbinfo.sctp_asochash = hashinit((hashtblsize * 31),
3991 #if defined(__NetBSD__) || defined(__OpenBSD__)
3994 &sctppcbinfo.hashasocmark);
3996 sctppcbinfo.sctp_ephash = hashinit(hashtblsize,
4001 #if defined(__NetBSD__) || defined(__OpenBSD__)
4004 &sctppcbinfo.hashmark);
4006 sctppcbinfo.sctp_tcpephash = hashinit(hashtblsize,
4011 #if defined(__NetBSD__) || defined(__OpenBSD__)
4014 &sctppcbinfo.hashtcpmark);
4016 sctppcbinfo.hashtblsize = hashtblsize;
4018 /* init the zones */
4020 * FIX ME: Should check for NULL returns, but if it does fail we
4021 * are doomed to panic anyways... add later maybe.
4023 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_ep, "sctp_ep",
4024 sizeof(struct sctp_inpcb), maxsockets);
4026 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_asoc, "sctp_asoc",
4027 sizeof(struct sctp_tcb), sctp_max_number_of_assoc);
4029 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_laddr, "sctp_laddr",
4030 sizeof(struct sctp_laddr),
4031 (sctp_max_number_of_assoc * sctp_scale_up_for_address));
4033 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_net, "sctp_raddr",
4034 sizeof(struct sctp_nets),
4035 (sctp_max_number_of_assoc * sctp_scale_up_for_address));
4037 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_chunk, "sctp_chunk",
4038 sizeof(struct sctp_tmit_chunk),
4039 (sctp_max_number_of_assoc * sctp_scale_up_for_address *
4042 SCTP_ZONE_INIT(sctppcbinfo.ipi_zone_sockq, "sctp_sockq",
4043 sizeof(struct sctp_socket_q_list),
4044 (sctp_max_number_of_assoc * sctp_scale_up_for_address *
4047 /* Master Lock INIT for info structure */
4048 SCTP_INP_INFO_LOCK_INIT();
4049 SCTP_ITERATOR_LOCK_INIT();
4050 /* not sure if we need all the counts */
4051 sctppcbinfo.ipi_count_ep = 0;
4052 sctppcbinfo.ipi_gencnt_ep = 0;
4053 /* assoc/tcb zone info */
4054 sctppcbinfo.ipi_count_asoc = 0;
4055 sctppcbinfo.ipi_gencnt_asoc = 0;
4056 /* local addrlist zone info */
4057 sctppcbinfo.ipi_count_laddr = 0;
4058 sctppcbinfo.ipi_gencnt_laddr = 0;
4059 /* remote addrlist zone info */
4060 sctppcbinfo.ipi_count_raddr = 0;
4061 sctppcbinfo.ipi_gencnt_raddr = 0;
4063 sctppcbinfo.ipi_count_chunk = 0;
4064 sctppcbinfo.ipi_gencnt_chunk = 0;
4066 /* socket queue zone info */
4067 sctppcbinfo.ipi_count_sockq = 0;
4068 sctppcbinfo.ipi_gencnt_sockq = 0;
4071 sctppcbinfo.mbuf_track = 0;
4073 #if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__APPLE__) \
4074 || defined(__DragonFly__)
4075 sctppcbinfo.lastlow = ipport_firstauto;
4077 sctppcbinfo.lastlow = anonportmin;
4079 /* Init the TIMEWAIT list */
4080 for (i = 0; i < SCTP_STACK_VTAG_HASH_SIZE; i++) {
4081 LIST_INIT(&sctppcbinfo.vtag_timewait[i]);
4084 #if defined(_SCTP_NEEDS_CALLOUT_) && !defined(__APPLE__)
4085 TAILQ_INIT(&sctppcbinfo.callqueue);
4091 sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
4092 int iphlen, int offset, int limit, struct sctphdr *sh,
4093 struct sockaddr *altsa)
4096 * grub through the INIT pulling addresses and
4097 * loading them to the nets structure in the asoc.
4098 * The from address in the mbuf should also be loaded
4099 * (if it is not already). This routine can be called
4100 * with either INIT or INIT-ACK's as long as the
4101 * m points to the IP packet and the offset points
4102 * to the beginning of the parameters.
4104 struct sctp_inpcb *inp, *l_inp;
4105 struct sctp_nets *net, *net_tmp;
4107 struct sctp_paramhdr *phdr, parm_buf;
4108 struct sctp_tcb *stcb_tmp;
4109 u_int16_t ptype, plen;
4110 struct sockaddr *sa;
4111 struct sockaddr_storage dest_store;
4112 struct sockaddr *local_sa = (struct sockaddr *)&dest_store;
4113 struct sockaddr_in sin;
4114 struct sockaddr_in6 sin6;
4116 /* First get the destination address setup too. */
4117 memset(&sin, 0, sizeof(sin));
4118 memset(&sin6, 0, sizeof(sin6));
4120 sin.sin_family = AF_INET;
4121 sin.sin_len = sizeof(sin);
4122 sin.sin_port = stcb->rport;
4124 sin6.sin6_family = AF_INET6;
4125 sin6.sin6_len = sizeof(struct sockaddr_in6);
4126 sin6.sin6_port = stcb->rport;
4127 if (altsa == NULL) {
4128 iph = mtod(m, struct ip *);
4129 if (iph->ip_v == IPVERSION) {
4131 struct sockaddr_in *sin_2;
4132 sin_2 = (struct sockaddr_in *)(local_sa);
4133 memset(sin_2, 0, sizeof(sin));
4134 sin_2->sin_family = AF_INET;
4135 sin_2->sin_len = sizeof(sin);
4136 sin_2->sin_port = sh->dest_port;
4137 sin_2->sin_addr.s_addr = iph->ip_dst.s_addr ;
4138 sin.sin_addr = iph->ip_src;
4139 sa = (struct sockaddr *)&sin;
4140 } else if (iph->ip_v == (IPV6_VERSION >> 4)) {
4142 struct ip6_hdr *ip6;
4143 struct sockaddr_in6 *sin6_2;
4145 ip6 = mtod(m, struct ip6_hdr *);
4146 sin6_2 = (struct sockaddr_in6 *)(local_sa);
4147 memset(sin6_2, 0, sizeof(sin6));
4148 sin6_2->sin6_family = AF_INET6;
4149 sin6_2->sin6_len = sizeof(struct sockaddr_in6);
4150 sin6_2->sin6_port = sh->dest_port;
4151 sin6.sin6_addr = ip6->ip6_src;
4152 sa = (struct sockaddr *)&sin6;
4158 * For cookies we use the src address NOT from the packet
4159 * but from the original INIT
4163 /* Turn off ECN until we get through all params */
4164 stcb->asoc.ecn_allowed = 0;
4166 TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
4167 /* mark all addresses that we have currently on the list */
4168 net->dest_state |= SCTP_ADDR_NOT_IN_ASSOC;
4170 /* does the source address already exist? if so skip it */
4171 l_inp = inp = stcb->sctp_ep;
4172 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net_tmp, local_sa, stcb);
4173 if ((stcb_tmp == NULL && inp == stcb->sctp_ep) || inp == NULL) {
4174 /* we must add the source address */
4175 /* no scope set here since we have a tcb already. */
4176 if ((sa->sa_family == AF_INET) &&
4177 (stcb->asoc.ipv4_addr_legal)) {
4178 if (sctp_add_remote_addr(stcb, sa, 0, 2)) {
4181 } else if ((sa->sa_family == AF_INET6) &&
4182 (stcb->asoc.ipv6_addr_legal)) {
4183 if (sctp_add_remote_addr(stcb, sa, 0, 3)) {
4188 if (net_tmp != NULL && stcb_tmp == stcb) {
4189 net_tmp->dest_state &= ~SCTP_ADDR_NOT_IN_ASSOC;
4190 } else if (stcb_tmp != stcb) {
4191 /* It belongs to another association? */
4195 /* since a unlock occured we must check the
4196 * TCB's state and the pcb's gone flags.
4198 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
4199 /* the user freed the ep */
4202 if (stcb->asoc.state == 0) {
4203 /* the assoc was freed? */
4207 /* now we must go through each of the params. */
4208 phdr = sctp_get_next_param(m, offset, &parm_buf, sizeof(parm_buf));
4210 ptype = ntohs(phdr->param_type);
4211 plen = ntohs(phdr->param_length);
4212 /*kprintf("ptype => %d, plen => %d\n", ptype, plen);*/
4213 if (offset + plen > limit) {
4219 if ((ptype == SCTP_IPV4_ADDRESS) &&
4220 (stcb->asoc.ipv4_addr_legal)) {
4221 struct sctp_ipv4addr_param *p4, p4_buf;
4222 /* ok get the v4 address and check/add */
4223 phdr = sctp_get_next_param(m, offset,
4224 (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf));
4225 if (plen != sizeof(struct sctp_ipv4addr_param) ||
4229 p4 = (struct sctp_ipv4addr_param *)phdr;
4230 sin.sin_addr.s_addr = p4->addr;
4231 sa = (struct sockaddr *)&sin;
4232 inp = stcb->sctp_ep;
4233 stcb_tmp = sctp_findassociation_ep_addr(&inp, sa, &net,
4236 if ((stcb_tmp== NULL && inp == stcb->sctp_ep) ||
4238 /* we must add the source address */
4239 /* no scope set since we have a tcb already */
4241 /* we must validate the state again here */
4242 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
4243 /* the user freed the ep */
4246 if (stcb->asoc.state == 0) {
4247 /* the assoc was freed? */
4250 if (sctp_add_remote_addr(stcb, sa, 0, 4)) {
4253 } else if (stcb_tmp == stcb) {
4254 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
4255 /* the user freed the ep */
4258 if (stcb->asoc.state == 0) {
4259 /* the assoc was freed? */
4265 ~SCTP_ADDR_NOT_IN_ASSOC;
4268 /* strange, address is in another assoc?
4269 * straighten out locks.
4271 SCTP_TCB_UNLOCK(stcb_tmp);
4272 SCTP_INP_RLOCK(inp);
4273 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
4274 /* the user freed the ep */
4275 SCTP_INP_RUNLOCK(l_inp);
4278 if (stcb->asoc.state == 0) {
4279 /* the assoc was freed? */
4280 SCTP_INP_RUNLOCK(l_inp);
4283 SCTP_TCB_LOCK(stcb);
4284 SCTP_INP_RUNLOCK(stcb->sctp_ep);
4287 } else if ((ptype == SCTP_IPV6_ADDRESS) &&
4288 (stcb->asoc.ipv6_addr_legal)) {
4289 /* ok get the v6 address and check/add */
4290 struct sctp_ipv6addr_param *p6, p6_buf;
4291 phdr = sctp_get_next_param(m, offset,
4292 (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf));
4293 if (plen != sizeof(struct sctp_ipv6addr_param) ||
4297 p6 = (struct sctp_ipv6addr_param *)phdr;
4298 memcpy((caddr_t)&sin6.sin6_addr, p6->addr,
4300 sa = (struct sockaddr *)&sin6;
4301 inp = stcb->sctp_ep;
4302 stcb_tmp= sctp_findassociation_ep_addr(&inp, sa, &net,
4304 if (stcb_tmp == NULL && (inp == stcb->sctp_ep ||
4306 /* we must validate the state again here */
4307 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
4308 /* the user freed the ep */
4311 if (stcb->asoc.state == 0) {
4312 /* the assoc was freed? */
4315 /* we must add the address, no scope set */
4316 if (sctp_add_remote_addr(stcb, sa, 0, 5)) {
4319 } else if (stcb_tmp == stcb) {
4320 /* we must validate the state again here */
4321 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
4322 /* the user freed the ep */
4325 if (stcb->asoc.state == 0) {
4326 /* the assoc was freed? */
4332 ~SCTP_ADDR_NOT_IN_ASSOC;
4335 /* strange, address is in another assoc?
4336 * straighten out locks.
4338 SCTP_TCB_UNLOCK(stcb_tmp);
4339 SCTP_INP_RLOCK(l_inp);
4340 /* we must validate the state again here */
4341 if (l_inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE|SCTP_PCB_FLAGS_SOCKET_ALLGONE)) {
4342 /* the user freed the ep */
4343 SCTP_INP_RUNLOCK(l_inp);
4346 if (stcb->asoc.state == 0) {
4347 /* the assoc was freed? */
4348 SCTP_INP_RUNLOCK(l_inp);
4351 SCTP_TCB_LOCK(stcb);
4352 SCTP_INP_RUNLOCK(l_inp);
4355 } else if (ptype == SCTP_ECN_CAPABLE) {
4356 stcb->asoc.ecn_allowed = 1;
4357 } else if (ptype == SCTP_ULP_ADAPTION) {
4358 if (stcb->asoc.state != SCTP_STATE_OPEN) {
4359 struct sctp_adaption_layer_indication ai, *aip;
4361 phdr = sctp_get_next_param(m, offset,
4362 (struct sctp_paramhdr *)&ai, sizeof(ai));
4363 aip = (struct sctp_adaption_layer_indication *)phdr;
4364 sctp_ulp_notify(SCTP_NOTIFY_ADAPTION_INDICATION,
4365 stcb, ntohl(aip->indication), NULL);
4367 } else if (ptype == SCTP_SET_PRIM_ADDR) {
4368 struct sctp_asconf_addr_param lstore, *fee;
4369 struct sctp_asconf_addrv4_param *fii;
4371 struct sockaddr *lsa = NULL;
4373 stcb->asoc.peer_supports_asconf = 1;
4374 stcb->asoc.peer_supports_asconf_setprim = 1;
4375 if (plen > sizeof(lstore)) {
4378 phdr = sctp_get_next_param(m, offset,
4379 (struct sctp_paramhdr *)&lstore, plen);
4384 fee = (struct sctp_asconf_addr_param *)phdr;
4385 lptype = ntohs(fee->addrp.ph.param_type);
4386 if (lptype == SCTP_IPV4_ADDRESS) {
4388 sizeof(struct sctp_asconf_addrv4_param)) {
4389 kprintf("Sizeof setprim in init/init ack not %d but %d - ignored\n",
4390 (int)sizeof(struct sctp_asconf_addrv4_param),
4393 fii = (struct sctp_asconf_addrv4_param *)fee;
4394 sin.sin_addr.s_addr = fii->addrp.addr;
4395 lsa = (struct sockaddr *)&sin;
4397 } else if (lptype == SCTP_IPV6_ADDRESS) {
4399 sizeof(struct sctp_asconf_addr_param)) {
4400 kprintf("Sizeof setprim (v6) in init/init ack not %d but %d - ignored\n",
4401 (int)sizeof(struct sctp_asconf_addr_param),
4404 memcpy(sin6.sin6_addr.s6_addr,
4406 sizeof(fee->addrp.addr));
4407 lsa = (struct sockaddr *)&sin6;
4411 sctp_set_primary_addr(stcb, sa, NULL);
4414 } else if (ptype == SCTP_PRSCTP_SUPPORTED) {
4415 /* Peer supports pr-sctp */
4416 stcb->asoc.peer_supports_prsctp = 1;
4417 } else if (ptype == SCTP_SUPPORTED_CHUNK_EXT) {
4418 /* A supported extension chunk */
4419 struct sctp_supported_chunk_types_param *pr_supported;
4420 uint8_t local_store[128];
4423 phdr = sctp_get_next_param(m, offset,
4424 (struct sctp_paramhdr *)&local_store, plen);
4428 stcb->asoc.peer_supports_asconf = 0;
4429 stcb->asoc.peer_supports_asconf_setprim = 0;
4430 stcb->asoc.peer_supports_prsctp = 0;
4431 stcb->asoc.peer_supports_pktdrop = 0;
4432 stcb->asoc.peer_supports_strreset = 0;
4433 pr_supported = (struct sctp_supported_chunk_types_param *)phdr;
4434 num_ent = plen - sizeof(struct sctp_paramhdr);
4435 for (i=0; i<num_ent; i++) {
4436 switch (pr_supported->chunk_types[i]) {
4438 stcb->asoc.peer_supports_asconf = 1;
4439 stcb->asoc.peer_supports_asconf_setprim = 1;
4441 case SCTP_ASCONF_ACK:
4442 stcb->asoc.peer_supports_asconf = 1;
4443 stcb->asoc.peer_supports_asconf_setprim = 1;
4445 case SCTP_FORWARD_CUM_TSN:
4446 stcb->asoc.peer_supports_prsctp = 1;
4448 case SCTP_PACKET_DROPPED:
4449 stcb->asoc.peer_supports_pktdrop = 1;
4451 case SCTP_STREAM_RESET:
4452 stcb->asoc.peer_supports_strreset = 1;
4455 /* one I have not learned yet */
4460 } else if (ptype == SCTP_ECN_NONCE_SUPPORTED) {
4461 /* Peer supports ECN-nonce */
4462 stcb->asoc.peer_supports_ecn_nonce = 1;
4463 stcb->asoc.ecn_nonce_allowed = 1;
4464 } else if ((ptype == SCTP_HEARTBEAT_INFO) ||
4465 (ptype == SCTP_STATE_COOKIE) ||
4466 (ptype == SCTP_UNRECOG_PARAM) ||
4467 (ptype == SCTP_COOKIE_PRESERVE) ||
4468 (ptype == SCTP_SUPPORTED_ADDRTYPE) ||
4469 (ptype == SCTP_ADD_IP_ADDRESS) ||
4470 (ptype == SCTP_DEL_IP_ADDRESS) ||
4471 (ptype == SCTP_ERROR_CAUSE_IND) ||
4472 (ptype == SCTP_SUCCESS_REPORT)) {
4475 if ((ptype & 0x8000) == 0x0000) {
4476 /* must stop processing the rest of
4477 * the param's. Any report bits were
4478 * handled with the call to sctp_arethere_unrecognized_parameters()
4479 * when the INIT or INIT-ACK was first seen.
4484 offset += SCTP_SIZE32(plen);
4485 if (offset >= limit) {
4488 phdr = sctp_get_next_param(m, offset, &parm_buf,
4491 /* Now check to see if we need to purge any addresses */
4492 for (net = TAILQ_FIRST(&stcb->asoc.nets); net != NULL; net = net_tmp) {
4493 net_tmp = TAILQ_NEXT(net, sctp_next);
4494 if ((net->dest_state & SCTP_ADDR_NOT_IN_ASSOC) ==
4495 SCTP_ADDR_NOT_IN_ASSOC) {
4496 /* This address has been removed from the asoc */
4497 /* remove and free it */
4498 stcb->asoc.numnets--;
4499 TAILQ_REMOVE(&stcb->asoc.nets, net, sctp_next);
4500 sctp_free_remote_addr(net);
4501 if (net == stcb->asoc.primary_destination) {
4502 stcb->asoc.primary_destination = NULL;
4503 sctp_select_primary_destination(stcb);
4511 sctp_set_primary_addr(struct sctp_tcb *stcb, struct sockaddr *sa,
4512 struct sctp_nets *net)
4514 /* make sure the requested primary address exists in the assoc */
4515 if (net == NULL && sa)
4516 net = sctp_findnet(stcb, sa);
4519 /* didn't find the requested primary address! */
4522 /* set the primary address */
4523 if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
4524 /* Must be confirmed */
4527 stcb->asoc.primary_destination = net;
4528 net->dest_state &= ~SCTP_ADDR_WAS_PRIMARY;
4535 sctp_is_vtag_good(struct sctp_inpcb *inp, u_int32_t tag, struct timeval *now)
4538 * This function serves two purposes. It will see if a TAG can be
4539 * re-used and return 1 for yes it is ok and 0 for don't use that
4541 * A secondary function it will do is purge out old tags that can
4544 struct sctpasochead *head;
4545 struct sctpvtaghead *chain;
4546 struct sctp_tagblock *twait_block;
4547 struct sctp_tcb *stcb;
4550 SCTP_INP_INFO_WLOCK();
4551 chain = &sctppcbinfo.vtag_timewait[(tag % SCTP_STACK_VTAG_HASH_SIZE)];
4552 /* First is the vtag in use ? */
4554 head = &sctppcbinfo.sctp_asochash[SCTP_PCBHASH_ASOC(tag,
4555 sctppcbinfo.hashasocmark)];
4557 SCTP_INP_INFO_WUNLOCK();
4560 LIST_FOREACH(stcb, head, sctp_asocs) {
4561 if (stcb->asoc.my_vtag == tag) {
4562 /* We should remove this if and
4563 * return 0 always if we want vtags
4564 * unique across all endpoints. For
4565 * now within a endpoint is ok.
4567 if (inp == stcb->sctp_ep) {
4568 /* bad tag, in use */
4569 SCTP_INP_INFO_WUNLOCK();
4574 if (!LIST_EMPTY(chain)) {
4576 * Block(s) are present, lets see if we have this tag in
4579 LIST_FOREACH(twait_block, chain, sctp_nxt_tagblock) {
4580 for (i = 0; i < SCTP_NUMBER_IN_VTAG_BLOCK; i++) {
4581 if (twait_block->vtag_block[i].v_tag == 0) {
4584 } else if ((long)twait_block->vtag_block[i].tv_sec_at_expire >
4586 /* Audit expires this guy */
4587 twait_block->vtag_block[i].tv_sec_at_expire = 0;
4588 twait_block->vtag_block[i].v_tag = 0;
4589 } else if (twait_block->vtag_block[i].v_tag ==
4591 /* Bad tag, sorry :< */
4592 SCTP_INP_INFO_WUNLOCK();
4598 /* Not found, ok to use the tag */
4599 SCTP_INP_INFO_WUNLOCK();
4605 * Delete the address from the endpoint local address list
4606 * Lookup using a sockaddr address (ie. not an ifaddr)
4609 sctp_del_local_addr_ep_sa(struct sctp_inpcb *inp, struct sockaddr *sa)
4611 struct sctp_laddr *laddr;
4612 struct sockaddr *l_sa;
4614 /* Here is another function I cannot find a
4615 * caller for. As such we SHOULD delete it
4616 * if we have no users. If we find a user that
4617 * user MUST have the INP locked.
4621 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
4622 /* You are already bound to all. You have it already */
4626 LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
4627 /* make sure the address exists */
4628 if (laddr->ifa == NULL)
4630 if (laddr->ifa->ifa_addr == NULL)
4633 l_sa = laddr->ifa->ifa_addr;
4634 if (l_sa->sa_family == AF_INET6) {
4636 struct sockaddr_in6 *sin1, *sin2;
4637 sin1 = (struct sockaddr_in6 *)l_sa;
4638 sin2 = (struct sockaddr_in6 *)sa;
4639 if (memcmp(&sin1->sin6_addr, &sin2->sin6_addr,
4640 sizeof(struct in6_addr)) == 0) {
4645 } else if (l_sa->sa_family == AF_INET) {
4647 struct sockaddr_in *sin1, *sin2;
4648 sin1 = (struct sockaddr_in *)l_sa;
4649 sin2 = (struct sockaddr_in *)sa;
4650 if (sin1->sin_addr.s_addr == sin2->sin_addr.s_addr) {
4656 /* invalid family */
4661 if (found && inp->laddr_count < 2) {
4662 /* can't delete unless there are at LEAST 2 addresses */
4666 if (found && (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) {
4668 * remove it from the ep list, this should NOT be
4669 * done until its really gone from the interface list and
4670 * we won't be receiving more of these. Probably right
4671 * away. If we do allow a removal of an address from
4672 * an association (sub-set bind) than this should NOT
4673 * be called until the all ASCONF come back from this
4676 sctp_remove_laddr(laddr);
4684 sctp_drain_mbufs(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
4687 * We must hunt this association for MBUF's past the cumack
4688 * (i.e. out of order data that we can renege on).
4690 struct sctp_association *asoc;
4691 struct sctp_tmit_chunk *chk, *nchk;
4692 u_int32_t cumulative_tsn_p1, tsn;
4693 int cnt, strmat, gap;
4694 /* We look for anything larger than the cum-ack + 1 */
4697 cumulative_tsn_p1 = asoc->cumulative_tsn + 1;
4699 /* First look in the re-assembly queue */
4700 chk = TAILQ_FIRST(&asoc->reasmqueue);
4702 /* Get the next one */
4703 nchk = TAILQ_NEXT(chk, sctp_next);
4704 if (compare_with_wrap(chk->rec.data.TSN_seq,
4705 cumulative_tsn_p1, MAX_TSN)) {
4706 /* Yep it is above cum-ack */
4708 tsn = chk->rec.data.TSN_seq;
4709 if (tsn >= asoc->mapping_array_base_tsn) {
4710 gap = tsn - asoc->mapping_array_base_tsn;
4712 gap = (MAX_TSN - asoc->mapping_array_base_tsn) +
4715 asoc->size_on_reasm_queue -= chk->send_size;
4716 asoc->cnt_on_reasm_queue--;
4717 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array, gap);
4718 TAILQ_REMOVE(&asoc->reasmqueue, chk, sctp_next);
4720 sctp_m_freem(chk->data);
4723 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
4724 sctppcbinfo.ipi_count_chunk--;
4725 if ((int)sctppcbinfo.ipi_count_chunk < 0) {
4726 panic("Chunk count is negative");
4728 sctppcbinfo.ipi_gencnt_chunk++;
4732 /* Ok that was fun, now we will drain all the inbound streams? */
4733 for (strmat = 0; strmat < asoc->streamincnt; strmat++) {
4734 chk = TAILQ_FIRST(&asoc->strmin[strmat].inqueue);
4736 nchk = TAILQ_NEXT(chk, sctp_next);
4737 if (compare_with_wrap(chk->rec.data.TSN_seq,
4738 cumulative_tsn_p1, MAX_TSN)) {
4739 /* Yep it is above cum-ack */
4741 tsn = chk->rec.data.TSN_seq;
4742 if (tsn >= asoc->mapping_array_base_tsn) {
4744 asoc->mapping_array_base_tsn;
4747 asoc->mapping_array_base_tsn) +
4750 asoc->size_on_all_streams -= chk->send_size;
4751 asoc->cnt_on_all_streams--;
4753 SCTP_UNSET_TSN_PRESENT(asoc->mapping_array,
4755 TAILQ_REMOVE(&asoc->strmin[strmat].inqueue,
4758 sctp_m_freem(chk->data);
4761 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_chunk, chk);
4762 sctppcbinfo.ipi_count_chunk--;
4763 if ((int)sctppcbinfo.ipi_count_chunk < 0) {
4764 panic("Chunk count is negative");
4766 sctppcbinfo.ipi_gencnt_chunk++;
4772 * Question, should we go through the delivery queue?
4773 * The only reason things are on here is the app not reading OR a
4774 * p-d-api up. An attacker COULD send enough in to initiate the
4775 * PD-API and then send a bunch of stuff to other streams... these
4776 * would wind up on the delivery queue.. and then we would not get
4777 * to them. But in order to do this I then have to back-track and
4778 * un-deliver sequence numbers in streams.. el-yucko. I think for
4779 * now we will NOT look at the delivery queue and leave it to be
4780 * something to consider later. An alternative would be to abort
4781 * the P-D-API with a notification and then deliver the data....
4782 * Or another method might be to keep track of how many times the
4783 * situation occurs and if we see a possible attack underway just
4784 * abort the association.
4787 if (sctp_debug_on & SCTP_DEBUG_PCB1) {
4789 kprintf("Freed %d chunks from reneg harvest\n", cnt);
4792 #endif /* SCTP_DEBUG */
4795 * Another issue, in un-setting the TSN's in the mapping array we
4796 * DID NOT adjust the higest_tsn marker. This will cause one of
4797 * two things to occur. It may cause us to do extra work in checking
4798 * for our mapping array movement. More importantly it may cause us
4799 * to SACK every datagram. This may not be a bad thing though since
4800 * we will recover once we get our cum-ack above and all this stuff
4801 * we dumped recovered.
4809 * We must walk the PCB lists for ALL associations here. The system
4810 * is LOW on MBUF's and needs help. This is where reneging will
4811 * occur. We really hope this does NOT happen!
4813 struct sctp_inpcb *inp;
4814 struct sctp_tcb *stcb;
4816 SCTP_INP_INFO_RLOCK();
4817 LIST_FOREACH(inp, &sctppcbinfo.listhead, sctp_list) {
4818 /* For each endpoint */
4819 SCTP_INP_RLOCK(inp);
4820 LIST_FOREACH(stcb, &inp->sctp_asoc_list, sctp_tcblist) {
4821 /* For each association */
4822 SCTP_TCB_LOCK(stcb);
4823 sctp_drain_mbufs(inp, stcb);
4824 SCTP_TCB_UNLOCK(stcb);
4826 SCTP_INP_RUNLOCK(inp);
4828 SCTP_INP_INFO_RUNLOCK();
4832 sctp_add_to_socket_q(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
4834 struct sctp_socket_q_list *sq;
4836 /* write lock on INP assumed */
4837 if ((inp == NULL) || (stcb == NULL)) {
4841 sq = (struct sctp_socket_q_list *)SCTP_ZONE_GET(
4842 sctppcbinfo.ipi_zone_sockq);
4844 /* out of sq structs */
4847 sctppcbinfo.ipi_count_sockq++;
4848 sctppcbinfo.ipi_gencnt_sockq++;
4850 stcb->asoc.cnt_msg_on_sb++;
4852 TAILQ_INSERT_TAIL(&inp->sctp_queue_list, sq, next_sq);
4858 sctp_remove_from_socket_q(struct sctp_inpcb *inp)
4860 struct sctp_tcb *stcb = NULL;
4861 struct sctp_socket_q_list *sq;
4863 /* W-Lock on INP assumed held */
4864 sq = TAILQ_FIRST(&inp->sctp_queue_list);
4869 TAILQ_REMOVE(&inp->sctp_queue_list, sq, next_sq);
4870 SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_sockq, sq);
4871 sctppcbinfo.ipi_count_sockq--;
4872 sctppcbinfo.ipi_gencnt_sockq++;
4874 stcb->asoc.cnt_msg_on_sb--;
4880 sctp_initiate_iterator(asoc_func af, uint32_t pcb_state, uint32_t asoc_state,
4881 void *argp, uint32_t argi, end_func ef,
4882 struct sctp_inpcb *s_inp)
4884 struct sctp_iterator *it=NULL;
4889 it = kmalloc(sizeof(struct sctp_iterator), M_PCB, M_WAITOK);
4890 memset(it, 0, sizeof(*it));
4891 it->function_toapply = af;
4892 it->function_atend = ef;
4895 it->pcb_flags = pcb_state;
4896 it->asoc_state = asoc_state;
4899 it->iterator_flags = SCTP_ITERATOR_DO_SINGLE_INP;
4901 SCTP_INP_INFO_RLOCK();
4902 it->inp = LIST_FIRST(&sctppcbinfo.listhead);
4903 SCTP_INP_INFO_RUNLOCK();
4904 it->iterator_flags = SCTP_ITERATOR_DO_ALL_INP;
4907 /* Init the timer */
4908 #if defined(__FreeBSD__) && __FreeBSD_version >= 500000
4909 callout_init(&it->tmr.timer, 0);
4911 callout_init(&it->tmr.timer);
4913 /* add to the list of all iterators */
4914 SCTP_INP_INFO_WLOCK();
4915 LIST_INSERT_HEAD(&sctppcbinfo.iteratorhead, it, sctp_nxt_itr);
4916 SCTP_INP_INFO_WUNLOCK();
4917 sctp_iterator_timer(it);
4923 * Callout/Timer routines for OS that doesn't have them
4925 #ifdef _SCTP_NEEDS_CALLOUT_
4931 callout_init(struct callout *c)
4933 bzero(c, sizeof(*c));
4937 callout_reset(struct callout *c, int to_ticks, void (*ftn)(void *), void *arg)
4939 if (c->c_flags & CALLOUT_PENDING)
4943 * We could spl down here and back up at the TAILQ_INSERT_TAIL,
4944 * but there's no point since doing this setup doesn't take much
4951 c->c_flags = (CALLOUT_ACTIVE | CALLOUT_PENDING);
4954 c->c_time = to_ticks; /* just store the requested timeout */
4955 timeout(ftn, arg, to_ticks);
4957 c->c_time = ticks + to_ticks;
4958 TAILQ_INSERT_TAIL(&sctppcbinfo.callqueue, c, tqe);
4963 callout_stop(struct callout *c)
4966 * Don't attempt to delete a callout that's not on the queue.
4968 if (!(c->c_flags & CALLOUT_PENDING)) {
4969 c->c_flags &= ~CALLOUT_ACTIVE;
4972 c->c_flags &= ~(CALLOUT_ACTIVE | CALLOUT_PENDING| CALLOUT_FIRED);
4974 /* thread_call_cancel(c->c_call); */
4975 untimeout(c->c_func, c->c_arg);
4977 TAILQ_REMOVE(&sctppcbinfo.callqueue, c, tqe);
4983 #if !defined(__APPLE__)
4987 struct callout *c, *n;
4988 struct calloutlist locallist;
4991 /* run through and subtract and mark all callouts */
4992 c = TAILQ_FIRST(&sctppcbinfo.callqueue);
4994 n = TAILQ_NEXT(c, tqe);
4995 if (c->c_time <= ticks) {
4996 c->c_flags |= CALLOUT_FIRED;
4998 TAILQ_REMOVE(&sctppcbinfo.callqueue, c, tqe);
5000 TAILQ_INIT(&locallist);
5003 /* move off of main list */
5004 TAILQ_INSERT_TAIL(&locallist, c, tqe);
5008 /* Now all the ones on the locallist must be called */
5010 c = TAILQ_FIRST(&locallist);
5013 TAILQ_REMOVE(&locallist, c, tqe);
5014 /* now validate that it did not get canceled */
5015 if (c->c_flags & CALLOUT_FIRED) {
5016 c->c_flags &= ~CALLOUT_PENDING;
5017 (*c->c_func)(c->c_arg);
5019 c = TAILQ_FIRST(&locallist);
5024 #endif /* _SCTP_NEEDS_CALLOUT_ */