/*
* Called from sctp_input_data() to add one error chunk to the error
* chunks list. The error chunks list will be processed at the end
* of sctp_input_data() by calling sctp_process_err().
*/
void
sctp_add_err(sctp_t *sctp, uint16_t serror, void *details, size_t len,
sctp_faddr_t *dest)
{
sctp_stack_t *sctps = sctp->sctp_sctps;
mblk_t *emp;
uint32_t emp_len;
uint32_t mss;
mblk_t *sendmp;
sctp_faddr_t *fp;
emp = sctp_make_err(sctp, serror, details, len);
if (emp == NULL)
return;
emp_len = MBLKL(emp);
if (sctp->sctp_err_chunks != NULL) {
fp = SCTP_CHUNK_DEST(sctp->sctp_err_chunks);
} else {
fp = dest;
SCTP_SET_CHUNK_DEST(emp, dest);
}
mss = fp->sf_pmss;
/*
* If the current output packet cannot include the new error chunk,
* send out the current packet and then add the new error chunk
* to the new output packet.
*/
if (sctp->sctp_err_len + emp_len > mss) {
if ((sendmp = sctp_make_mp(sctp, fp, 0)) == NULL) {
SCTP_KSTAT(sctps, sctp_send_err_failed);
/* Just free the latest error chunk. */
freeb(emp);
return;
}
sendmp->b_cont = sctp->sctp_err_chunks;
sctp_set_iplen(sctp, sendmp, fp->sf_ixa);
(void) conn_ip_output(sendmp, fp->sf_ixa);
BUMP_LOCAL(sctp->sctp_opkts);
sctp->sctp_err_chunks = emp;
sctp->sctp_err_len = emp_len;
SCTP_SET_CHUNK_DEST(emp, dest);
} else {
if (sctp->sctp_err_chunks != NULL)
linkb(sctp->sctp_err_chunks, emp);
else
sctp->sctp_err_chunks = emp;
sctp->sctp_err_len += emp_len;
}
/* Assume that we will send it out... */
BUMP_LOCAL(sctp->sctp_obchunks);
}
/*
* Called from sctp_input_data() to send out error chunks created during
* the processing of all the chunks in an incoming packet.
*/
void
sctp_process_err(sctp_t *sctp)
{
sctp_stack_t *sctps = sctp->sctp_sctps;
mblk_t *errmp;
mblk_t *sendmp;
sctp_faddr_t *fp;
ASSERT(sctp->sctp_err_chunks != NULL);
errmp = sctp->sctp_err_chunks;
fp = SCTP_CHUNK_DEST(errmp);
if ((sendmp = sctp_make_mp(sctp, fp, 0)) == NULL) {
SCTP_KSTAT(sctps, sctp_send_err_failed);
freemsg(errmp);
goto done;
}
sendmp->b_cont = errmp;
sctp_set_iplen(sctp, sendmp, fp->sf_ixa);
(void) conn_ip_output(sendmp, fp->sf_ixa);
BUMP_LOCAL(sctp->sctp_opkts);
done:
sctp->sctp_err_chunks = NULL;
sctp->sctp_err_len = 0;
}
/*
* tcp_time_wait_processing() handles processing of incoming packets when
* the tcp_t is in the TIME_WAIT state.
*
* A TIME_WAIT tcp_t that has an associated open TCP end point (not in
* detached state) is never put on the time wait list.
*/
void
tcp_time_wait_processing(tcp_t *tcp, mblk_t *mp, uint32_t seg_seq,
uint32_t seg_ack, int seg_len, tcpha_t *tcpha, ip_recv_attr_t *ira)
{
int32_t bytes_acked;
int32_t gap;
int32_t rgap;
tcp_opt_t tcpopt;
uint_t flags;
uint32_t new_swnd = 0;
conn_t *nconnp;
conn_t *connp = tcp->tcp_connp;
tcp_stack_t *tcps = tcp->tcp_tcps;
BUMP_LOCAL(tcp->tcp_ibsegs);
DTRACE_PROBE2(tcp__trace__recv, mblk_t *, mp, tcp_t *, tcp);
flags = (unsigned int)tcpha->tha_flags & 0xFF;
new_swnd = ntohs(tcpha->tha_win) <<
((tcpha->tha_flags & TH_SYN) ? 0 : tcp->tcp_snd_ws);
if (tcp->tcp_snd_ts_ok) {
if (!tcp_paws_check(tcp, tcpha, &tcpopt)) {
tcp_xmit_ctl(NULL, tcp, tcp->tcp_snxt,
tcp->tcp_rnxt, TH_ACK);
goto done;
}
}
gap = seg_seq - tcp->tcp_rnxt;
rgap = tcp->tcp_rwnd - (gap + seg_len);
if (gap < 0) {
TCPS_BUMP_MIB(tcps, tcpInDataDupSegs);
TCPS_UPDATE_MIB(tcps, tcpInDataDupBytes,
(seg_len > -gap ? -gap : seg_len));
seg_len += gap;
if (seg_len < 0 || (seg_len == 0 && !(flags & TH_FIN))) {
if (flags & TH_RST) {
goto done;
}
if ((flags & TH_FIN) && seg_len == -1) {
/*
* When TCP receives a duplicate FIN in
* TIME_WAIT state, restart the 2 MSL timer.
* See page 73 in RFC 793. Make sure this TCP
* is already on the TIME_WAIT list. If not,
* just restart the timer.
*/
if (TCP_IS_DETACHED(tcp)) {
if (tcp_time_wait_remove(tcp, NULL) ==
B_TRUE) {
tcp_time_wait_append(tcp);
TCP_DBGSTAT(tcps,
tcp_rput_time_wait);
}
} else {
ASSERT(tcp != NULL);
TCP_TIMER_RESTART(tcp,
tcps->tcps_time_wait_interval);
}
tcp_xmit_ctl(NULL, tcp, tcp->tcp_snxt,
tcp->tcp_rnxt, TH_ACK);
goto done;
}
flags |= TH_ACK_NEEDED;
seg_len = 0;
goto process_ack;
}
/* Fix seg_seq, and chew the gap off the front. */
seg_seq = tcp->tcp_rnxt;
}
if ((flags & TH_SYN) && gap > 0 && rgap < 0) {
/*
* Make sure that when we accept the connection, pick
* an ISS greater than (tcp_snxt + ISS_INCR/2) for the
* old connection.
*
* The next ISS generated is equal to tcp_iss_incr_extra
* + ISS_INCR/2 + other components depending on the
* value of tcp_strong_iss. We pre-calculate the new
* ISS here and compare with tcp_snxt to determine if
* we need to make adjustment to tcp_iss_incr_extra.
*
* The above calculation is ugly and is a
* waste of CPU cycles...
*/
uint32_t new_iss = tcps->tcps_iss_incr_extra;
int32_t adj;
ip_stack_t *ipst = tcps->tcps_netstack->netstack_ip;
switch (tcps->tcps_strong_iss) {
case 2: {
/* Add time and MD5 components. */
uint32_t answer[4];
struct {
uint32_t ports;
in6_addr_t src;
in6_addr_t dst;
} arg;
MD5_CTX context;
mutex_enter(&tcps->tcps_iss_key_lock);
context = tcps->tcps_iss_key;
mutex_exit(&tcps->tcps_iss_key_lock);
arg.ports = connp->conn_ports;
/* We use MAPPED addresses in tcp_iss_init */
arg.src = connp->conn_laddr_v6;
arg.dst = connp->conn_faddr_v6;
MD5Update(&context, (uchar_t *)&arg,
sizeof (arg));
MD5Final((uchar_t *)answer, &context);
answer[0] ^= answer[1] ^ answer[2] ^ answer[3];
new_iss += (gethrtime() >> ISS_NSEC_SHT) + answer[0];
break;
}
case 1:
/* Add time component and min random (i.e. 1). */
new_iss += (gethrtime() >> ISS_NSEC_SHT) + 1;
break;
default:
/* Add only time component. */
new_iss += (uint32_t)gethrestime_sec() * ISS_INCR;
break;
}
if ((adj = (int32_t)(tcp->tcp_snxt - new_iss)) > 0) {
/*
* New ISS not guaranteed to be ISS_INCR/2
* ahead of the current tcp_snxt, so add the
* difference to tcp_iss_incr_extra.
*/
tcps->tcps_iss_incr_extra += adj;
}
/*
* If tcp_clean_death() can not perform the task now,
* drop the SYN packet and let the other side re-xmit.
* Otherwise pass the SYN packet back in, since the
* old tcp state has been cleaned up or freed.
*/
if (tcp_clean_death(tcp, 0) == -1)
goto done;
nconnp = ipcl_classify(mp, ira, ipst);
if (nconnp != NULL) {
TCP_STAT(tcps, tcp_time_wait_syn_success);
/* Drops ref on nconnp */
tcp_reinput(nconnp, mp, ira, ipst);
return;
}
goto done;
}
void
sctp_wput_asconf(sctp_t *sctp, sctp_faddr_t *fp)
{
#define SCTP_SET_SENT_FLAG(mp) ((mp)->b_flag = SCTP_CHUNK_FLAG_SENT)
mblk_t *mp;
mblk_t *ipmp;
uint32_t *snp;
sctp_parm_hdr_t *ph;
boolean_t isv4;
sctp_stack_t *sctps = sctp->sctp_sctps;
boolean_t saddr_set;
if (sctp->sctp_cchunk_pend || sctp->sctp_cxmit_list == NULL ||
/* Queue it for later transmission if not yet established */
sctp->sctp_state < SCTPS_ESTABLISHED) {
ip2dbg(("sctp_wput_asconf: cchunk pending? (%d) or null "\
"sctp_cxmit_list? (%s) or incorrect state? (%x)\n",
sctp->sctp_cchunk_pend, sctp->sctp_cxmit_list == NULL ?
"yes" : "no", sctp->sctp_state));
return;
}
if (fp == NULL)
fp = sctp->sctp_current;
/* OK to send */
ipmp = sctp_make_mp(sctp, fp, 0);
if (ipmp == NULL) {
SCTP_FADDR_RC_TIMER_RESTART(sctp, fp, fp->rto);
SCTP_KSTAT(sctps, sctp_send_asconf_failed);
return;
}
mp = sctp->sctp_cxmit_list;
/* Fill in the mandatory Address Parameter TLV */
isv4 = (fp != NULL) ? fp->isv4 : sctp->sctp_current->isv4;
ph = (sctp_parm_hdr_t *)(mp->b_rptr + sizeof (sctp_chunk_hdr_t) +
sizeof (uint32_t));
if (isv4) {
ipha_t *ipha = (ipha_t *)ipmp->b_rptr;
in6_addr_t ipaddr;
ipaddr_t addr4;
ph->sph_type = htons(PARM_ADDR4);
ph->sph_len = htons(PARM_ADDR4_LEN);
if (ipha->ipha_src != INADDR_ANY) {
bcopy(&ipha->ipha_src, ph + 1, IP_ADDR_LEN);
} else {
ipaddr = sctp_get_valid_addr(sctp, B_FALSE, &saddr_set);
/*
* All the addresses are down.
* Maybe we might have better luck next time.
*/
if (!saddr_set) {
SCTP_FADDR_RC_TIMER_RESTART(sctp, fp, fp->rto);
freeb(ipmp);
return;
}
IN6_V4MAPPED_TO_IPADDR(&ipaddr, addr4);
bcopy(&addr4, ph + 1, IP_ADDR_LEN);
}
} else {
ip6_t *ip6 = (ip6_t *)ipmp->b_rptr;
in6_addr_t ipaddr;
ph->sph_type = htons(PARM_ADDR6);
ph->sph_len = htons(PARM_ADDR6_LEN);
if (!IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
bcopy(&ip6->ip6_src, ph + 1, IPV6_ADDR_LEN);
} else {
ipaddr = sctp_get_valid_addr(sctp, B_TRUE, &saddr_set);
/*
* All the addresses are down.
* Maybe we might have better luck next time.
*/
if (!saddr_set) {
SCTP_FADDR_RC_TIMER_RESTART(sctp, fp, fp->rto);
freeb(ipmp);
return;
}
bcopy(&ipaddr, ph + 1, IPV6_ADDR_LEN);
}
}
/* Don't exceed CWND */
if ((MBLKL(mp) > (fp->cwnd - fp->suna)) ||
((mp = dupb(sctp->sctp_cxmit_list)) == NULL)) {
SCTP_FADDR_RC_TIMER_RESTART(sctp, fp, fp->rto);
freeb(ipmp);
return;
}
/* Set the serial number now, if sending for the first time */
if (!SCTP_CHUNK_WANT_REXMIT(mp)) {
snp = (uint32_t *)(mp->b_rptr + sizeof (sctp_chunk_hdr_t));
*snp = htonl(sctp->sctp_lcsn++);
}
SCTP_CHUNK_CLEAR_FLAGS(mp);
fp->suna += MBLKL(mp);
/* Attach the header and send the chunk */
ipmp->b_cont = mp;
sctp->sctp_cchunk_pend = 1;
SCTP_SET_SENT_FLAG(sctp->sctp_cxmit_list);
SCTP_SET_CHUNK_DEST(sctp->sctp_cxmit_list, fp);
sctp_set_iplen(sctp, ipmp, fp->ixa);
(void) conn_ip_output(ipmp, fp->ixa);
BUMP_LOCAL(sctp->sctp_opkts);
SCTP_FADDR_RC_TIMER_RESTART(sctp, fp, fp->rto);
#undef SCTP_SET_SENT_FLAG
}
void
sctp_input_asconf(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp)
{
const dispatch_t *dp;
mblk_t *hmp;
mblk_t *mp;
uint32_t *idp;
uint32_t *hidp;
ssize_t rlen;
sctp_parm_hdr_t *ph;
sctp_chunk_hdr_t *ach;
int cont;
int act;
uint16_t plen;
uchar_t *alist = NULL;
size_t asize = 0;
uchar_t *dlist = NULL;
size_t dsize = 0;
uchar_t *aptr = NULL;
uchar_t *dptr = NULL;
int acount = 0;
int dcount = 0;
sctp_stack_t *sctps = sctp->sctp_sctps;
ASSERT(ch->sch_id == CHUNK_ASCONF);
idp = (uint32_t *)(ch + 1);
rlen = ntohs(ch->sch_len) - sizeof (*ch) - sizeof (*idp);
if (rlen < 0 || rlen < sizeof (*idp)) {
/* nothing there; bail out */
return;
}
/* Check for duplicates */
*idp = ntohl(*idp);
if (*idp == (sctp->sctp_fcsn + 1)) {
act = 1;
} else if (*idp == sctp->sctp_fcsn) {
act = 0;
} else {
/* stale or malicious packet; drop */
return;
}
/* Create the ASCONF_ACK header */
hmp = sctp_make_mp(sctp, fp, sizeof (*ach) + sizeof (*idp));
if (hmp == NULL) {
/* Let the peer retransmit */
SCTP_KSTAT(sctps, sctp_send_asconf_ack_failed);
return;
}
ach = (sctp_chunk_hdr_t *)hmp->b_wptr;
ach->sch_id = CHUNK_ASCONF_ACK;
ach->sch_flags = 0;
/* Set the length later */
hidp = (uint32_t *)(ach + 1);
*hidp = htonl(*idp);
hmp->b_wptr = (uchar_t *)(hidp + 1);
/* Move to the Address Parameter */
ph = (sctp_parm_hdr_t *)(idp + 1);
if (rlen <= ntohs(ph->sph_len)) {
freeb(hmp);
return;
}
/*
* We already have the association here, so this address parameter
* doesn't seem to be very useful, should we make sure this is part
* of the association and send an error, if not?
* Ignore it for now.
*/
rlen -= ntohs(ph->sph_len);
ph = (sctp_parm_hdr_t *)((char *)ph + ntohs(ph->sph_len));
/*
* We need to pre-allocate buffer before processing the ASCONF
* chunk. We don't want to fail allocating buffers after processing
* the ASCONF chunk. So, we walk the list and get the number of
* addresses added and/or deleted.
*/
if (cl_sctp_assoc_change != NULL) {
sctp_parm_hdr_t *oph = ph;
ssize_t orlen = rlen;
/*
* This not very efficient, but there is no better way of
* doing it. It should be fine since normally the param list
* will not be very long.
*/
while (orlen > 0) {
/* Sanity checks */
if (orlen < sizeof (*oph))
break;
plen = ntohs(oph->sph_len);
if (plen < sizeof (*oph) || plen > orlen)
break;
if (oph->sph_type == htons(PARM_ADD_IP))
acount++;
if (oph->sph_type == htons(PARM_DEL_IP))
dcount++;
oph = sctp_next_parm(oph, &orlen);
if (oph == NULL)
break;
}
if (acount > 0 || dcount > 0) {
if (acount > 0) {
asize = sizeof (in6_addr_t) * acount;
alist = kmem_alloc(asize, KM_NOSLEEP);
if (alist == NULL) {
freeb(hmp);
SCTP_KSTAT(sctps, sctp_cl_assoc_change);
return;
}
}
if (dcount > 0) {
dsize = sizeof (in6_addr_t) * dcount;
dlist = kmem_alloc(dsize, KM_NOSLEEP);
if (dlist == NULL) {
if (acount > 0)
kmem_free(alist, asize);
freeb(hmp);
SCTP_KSTAT(sctps, sctp_cl_assoc_change);
return;
}
}
aptr = alist;
dptr = dlist;
/*
* We will get the actual count when we process
* the chunk.
*/
acount = 0;
dcount = 0;
}
}
cont = 1;
while (rlen > 0 && cont) {
in6_addr_t addr;
/* Sanity checks */
if (rlen < sizeof (*ph))
break;
plen = ntohs(ph->sph_len);
if (plen < sizeof (*ph) || plen > rlen) {
break;
}
idp = (uint32_t *)(ph + 1);
dp = sctp_lookup_asconf_dispatch(ntohs(ph->sph_type));
ASSERT(dp);
if (dp->asconf) {
mp = dp->asconf(sctp, ph, *idp, fp, &cont, act, &addr);
if (cont == -1) {
/*
* Not even enough memory to create
* an out-of-resources error. Free
* everything and return; the peer
* should retransmit.
*/
freemsg(hmp);
if (alist != NULL)
kmem_free(alist, asize);
if (dlist != NULL)
kmem_free(dlist, dsize);
return;
}
if (mp != NULL) {
linkb(hmp, mp);
} else if (act != 0) {
/* update the add/delete list */
if (cl_sctp_assoc_change != NULL) {
if (ph->sph_type ==
htons(PARM_ADD_IP)) {
ASSERT(alist != NULL);
bcopy(&addr, aptr,
sizeof (addr));
aptr += sizeof (addr);
acount++;
} else if (ph->sph_type ==
htons(PARM_DEL_IP)) {
ASSERT(dlist != NULL);
bcopy(&addr, dptr,
sizeof (addr));
dptr += sizeof (addr);
dcount++;
}
}
}
}
ph = sctp_next_parm(ph, &rlen);
if (ph == NULL)
break;
}
/*
* Update clustering's state for this assoc. Note acount/dcount
* could be zero (i.e. if the add/delete address(es) were not
* processed successfully). Regardless, if the ?size is > 0,
* it is the clustering module's responsibility to free the lists.
*/
if (cl_sctp_assoc_change != NULL) {
(*cl_sctp_assoc_change)(sctp->sctp_connp->conn_family,
alist, asize,
acount, dlist, dsize, dcount, SCTP_CL_PADDR,
(cl_sctp_handle_t)sctp);
/* alist and dlist will be freed by the clustering module */
}
/* Now that the params have been processed, increment the fcsn */
if (act) {
sctp->sctp_fcsn++;
}
BUMP_LOCAL(sctp->sctp_obchunks);
if (fp->isv4)
ach->sch_len = htons(msgdsize(hmp) - sctp->sctp_hdr_len);
else
ach->sch_len = htons(msgdsize(hmp) - sctp->sctp_hdr6_len);
sctp_set_iplen(sctp, hmp, fp->ixa);
(void) conn_ip_output(hmp, fp->ixa);
BUMP_LOCAL(sctp->sctp_opkts);
sctp_validate_peer(sctp);
}
static int
sctp_asconf_send(sctp_t *sctp, sctp_asconf_t *asc, sctp_faddr_t *fp,
sctp_cl_ainfo_t *ainfo)
{
mblk_t *mp, *nmp;
sctp_chunk_hdr_t *ch;
boolean_t isv4;
size_t msgsize;
ASSERT(asc != NULL && asc->head != NULL);
isv4 = (fp != NULL) ? fp->isv4 : sctp->sctp_current->isv4;
/* SCTP chunk header + Serial Number + Address Param TLV */
msgsize = sizeof (*ch) + sizeof (uint32_t) +
(isv4 ? PARM_ADDR4_LEN : PARM_ADDR6_LEN);
mp = allocb(msgsize, BPRI_MED);
if (mp == NULL)
return (ENOMEM);
mp->b_wptr += msgsize;
mp->b_cont = asc->head;
ch = (sctp_chunk_hdr_t *)mp->b_rptr;
ch->sch_id = CHUNK_ASCONF;
ch->sch_flags = 0;
ch->sch_len = htons(msgdsize(mp));
nmp = msgpullup(mp, -1);
if (nmp == NULL) {
freeb(mp);
return (ENOMEM);
}
/*
* Stash the address list and the count so that when the operation
* completes, i.e. when as get an ACK, we can update the clustering's
* state for this association.
*/
if (ainfo != NULL) {
ASSERT(cl_sctp_assoc_change != NULL);
ASSERT(nmp->b_prev == NULL);
nmp->b_prev = (mblk_t *)ainfo;
}
/* Clean up the temporary mblk chain */
freemsg(mp);
asc->head = NULL;
asc->cid = 0;
/* Queue it ... */
if (sctp->sctp_cxmit_list == NULL) {
sctp->sctp_cxmit_list = nmp;
} else {
linkb(sctp->sctp_cxmit_list, nmp);
}
BUMP_LOCAL(sctp->sctp_obchunks);
/* And try to send it. */
sctp_wput_asconf(sctp, fp);
return (0);
}
/*
* Connect to a peer - this function inserts the sctp in the
* bind and conn fanouts, sends the INIT, and replies to the client
* with an OK ack.
*/
int
sctp_connect(sctp_t *sctp, const struct sockaddr *dst, uint32_t addrlen,
cred_t *cr, pid_t pid)
{
sin_t *sin;
sin6_t *sin6;
in6_addr_t dstaddr;
in_port_t dstport;
mblk_t *initmp;
sctp_tf_t *tbf;
sctp_t *lsctp;
char buf[INET6_ADDRSTRLEN];
int sleep = sctp->sctp_cansleep ? KM_SLEEP : KM_NOSLEEP;
int err;
sctp_faddr_t *cur_fp;
sctp_stack_t *sctps = sctp->sctp_sctps;
conn_t *connp = sctp->sctp_connp;
uint_t scope_id = 0;
ip_xmit_attr_t *ixa;
/*
* Determine packet type based on type of address passed in
* the request should contain an IPv4 or IPv6 address.
* Make sure that address family matches the type of
* family of the address passed down.
*/
if (addrlen < sizeof (sin_t)) {
return (EINVAL);
}
switch (dst->sa_family) {
case AF_INET:
sin = (sin_t *)dst;
/* Check for attempt to connect to non-unicast */
if (CLASSD(sin->sin_addr.s_addr) ||
(sin->sin_addr.s_addr == INADDR_BROADCAST)) {
ip0dbg(("sctp_connect: non-unicast\n"));
return (EINVAL);
}
if (connp->conn_ipv6_v6only)
return (EAFNOSUPPORT);
/* convert to v6 mapped */
/* Check for attempt to connect to INADDR_ANY */
if (sin->sin_addr.s_addr == INADDR_ANY) {
struct in_addr v4_addr;
/*
* SunOS 4.x and 4.3 BSD allow an application
* to connect a TCP socket to INADDR_ANY.
* When they do this, the kernel picks the
* address of one interface and uses it
* instead. The kernel usually ends up
* picking the address of the loopback
* interface. This is an undocumented feature.
* However, we provide the same thing here
* in case any TCP apps that use this feature
* are being ported to SCTP...
*/
v4_addr.s_addr = htonl(INADDR_LOOPBACK);
IN6_INADDR_TO_V4MAPPED(&v4_addr, &dstaddr);
} else {
IN6_INADDR_TO_V4MAPPED(&sin->sin_addr, &dstaddr);
}
dstport = sin->sin_port;
break;
case AF_INET6:
sin6 = (sin6_t *)dst;
/* Check for attempt to connect to non-unicast. */
if ((addrlen < sizeof (sin6_t)) ||
IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
ip0dbg(("sctp_connect: non-unicast\n"));
return (EINVAL);
}
if (connp->conn_ipv6_v6only &&
IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
return (EAFNOSUPPORT);
}
/* check for attempt to connect to unspec */
if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
dstaddr = ipv6_loopback;
} else {
dstaddr = sin6->sin6_addr;
if (IN6_IS_ADDR_LINKLOCAL(&dstaddr)) {
sctp->sctp_linklocal = 1;
scope_id = sin6->sin6_scope_id;
}
}
dstport = sin6->sin6_port;
connp->conn_flowinfo = sin6->sin6_flowinfo;
break;
default:
dprint(1, ("sctp_connect: unknown family %d\n",
dst->sa_family));
return (EAFNOSUPPORT);
}
(void) inet_ntop(AF_INET6, &dstaddr, buf, sizeof (buf));
dprint(1, ("sctp_connect: attempting connect to %s...\n", buf));
RUN_SCTP(sctp);
if (connp->conn_family != dst->sa_family ||
(connp->conn_state_flags & CONN_CLOSING)) {
WAKE_SCTP(sctp);
return (EINVAL);
}
/* We update our cred/cpid based on the caller of connect */
if (connp->conn_cred != cr) {
crhold(cr);
crfree(connp->conn_cred);
connp->conn_cred = cr;
}
connp->conn_cpid = pid;
/* Cache things in conn_ixa without any refhold */
ixa = connp->conn_ixa;
ixa->ixa_cred = cr;
ixa->ixa_cpid = pid;
if (is_system_labeled()) {
/* We need to restart with a label based on the cred */
ip_xmit_attr_restore_tsl(ixa, ixa->ixa_cred);
}
switch (sctp->sctp_state) {
case SCTPS_IDLE: {
struct sockaddr_storage ss;
/*
* We support a quick connect capability here, allowing
* clients to transition directly from IDLE to COOKIE_WAIT.
* sctp_bindi will pick an unused port, insert the connection
* in the bind hash and transition to BOUND state. SCTP
* picks and uses what it considers the optimal local address
* set (just like specifiying INADDR_ANY to bind()).
*/
dprint(1, ("sctp_connect: idle, attempting bind...\n"));
ASSERT(sctp->sctp_nsaddrs == 0);
bzero(&ss, sizeof (ss));
ss.ss_family = connp->conn_family;
WAKE_SCTP(sctp);
if ((err = sctp_bind(sctp, (struct sockaddr *)&ss,
sizeof (ss))) != 0) {
return (err);
}
RUN_SCTP(sctp);
/* FALLTHRU */
}
case SCTPS_BOUND:
ASSERT(sctp->sctp_nsaddrs > 0);
/* do the connect */
/* XXX check for attempt to connect to self */
connp->conn_fport = dstport;
ASSERT(sctp->sctp_iphc);
ASSERT(sctp->sctp_iphc6);
/*
* Don't allow this connection to completely duplicate
* an existing connection.
*
* Ensure that the duplicate check and insertion is atomic.
*/
sctp_conn_hash_remove(sctp);
tbf = &sctps->sctps_conn_fanout[SCTP_CONN_HASH(sctps,
connp->conn_ports)];
mutex_enter(&tbf->tf_lock);
lsctp = sctp_lookup(sctp, &dstaddr, tbf, &connp->conn_ports,
SCTPS_COOKIE_WAIT);
if (lsctp != NULL) {
/* found a duplicate connection */
mutex_exit(&tbf->tf_lock);
SCTP_REFRELE(lsctp);
WAKE_SCTP(sctp);
return (EADDRINUSE);
}
/*
* OK; set up the peer addr (this may grow after we get
* the INIT ACK from the peer with additional addresses).
*/
if ((err = sctp_add_faddr(sctp, &dstaddr, sleep,
B_FALSE)) != 0) {
mutex_exit(&tbf->tf_lock);
WAKE_SCTP(sctp);
return (err);
}
cur_fp = sctp->sctp_faddrs;
ASSERT(cur_fp->ixa != NULL);
/* No valid src addr, return. */
if (cur_fp->state == SCTP_FADDRS_UNREACH) {
mutex_exit(&tbf->tf_lock);
WAKE_SCTP(sctp);
return (EADDRNOTAVAIL);
}
sctp->sctp_primary = cur_fp;
sctp->sctp_current = cur_fp;
sctp->sctp_mss = cur_fp->sfa_pmss;
sctp_conn_hash_insert(tbf, sctp, 1);
mutex_exit(&tbf->tf_lock);
ixa = cur_fp->ixa;
ASSERT(ixa->ixa_cred != NULL);
if (scope_id != 0) {
ixa->ixa_flags |= IXAF_SCOPEID_SET;
ixa->ixa_scopeid = scope_id;
} else {
ixa->ixa_flags &= ~IXAF_SCOPEID_SET;
}
/* initialize composite headers */
if ((err = sctp_set_hdraddrs(sctp)) != 0) {
sctp_conn_hash_remove(sctp);
WAKE_SCTP(sctp);
return (err);
}
if ((err = sctp_build_hdrs(sctp, KM_SLEEP)) != 0) {
sctp_conn_hash_remove(sctp);
WAKE_SCTP(sctp);
return (err);
}
/*
* Turn off the don't fragment bit on the (only) faddr,
* so that if one of the messages exchanged during the
* initialization sequence exceeds the path mtu, it
* at least has a chance to get there. SCTP does no
* fragmentation of initialization messages. The DF bit
* will be turned on again in sctp_send_cookie_echo()
* (but the cookie echo will still be sent with the df bit
* off).
*/
cur_fp->df = B_FALSE;
/* Mark this address as alive */
cur_fp->state = SCTP_FADDRS_ALIVE;
/* Send the INIT to the peer */
SCTP_FADDR_TIMER_RESTART(sctp, cur_fp, cur_fp->rto);
sctp->sctp_state = SCTPS_COOKIE_WAIT;
/*
* sctp_init_mp() could result in modifying the source
* address list, so take the hash lock.
*/
mutex_enter(&tbf->tf_lock);
initmp = sctp_init_mp(sctp, cur_fp);
if (initmp == NULL) {
mutex_exit(&tbf->tf_lock);
/*
* It may happen that all the source addresses
* (loopback/link local) are removed. In that case,
* faile the connect.
*/
if (sctp->sctp_nsaddrs == 0) {
sctp_conn_hash_remove(sctp);
SCTP_FADDR_TIMER_STOP(cur_fp);
WAKE_SCTP(sctp);
return (EADDRNOTAVAIL);
}
/* Otherwise, let the retransmission timer retry */
WAKE_SCTP(sctp);
goto notify_ulp;
}
mutex_exit(&tbf->tf_lock);
/*
* On a clustered note send this notification to the clustering
* subsystem.
*/
if (cl_sctp_connect != NULL) {
uchar_t *slist;
uchar_t *flist;
size_t ssize;
size_t fsize;
fsize = sizeof (in6_addr_t) * sctp->sctp_nfaddrs;
ssize = sizeof (in6_addr_t) * sctp->sctp_nsaddrs;
slist = kmem_alloc(ssize, KM_SLEEP);
flist = kmem_alloc(fsize, KM_SLEEP);
/* The clustering module frees the lists */
sctp_get_saddr_list(sctp, slist, ssize);
sctp_get_faddr_list(sctp, flist, fsize);
(*cl_sctp_connect)(connp->conn_family, slist,
sctp->sctp_nsaddrs, connp->conn_lport,
flist, sctp->sctp_nfaddrs, connp->conn_fport,
B_TRUE, (cl_sctp_handle_t)sctp);
}
ASSERT(ixa->ixa_cred != NULL);
ASSERT(ixa->ixa_ire != NULL);
(void) conn_ip_output(initmp, ixa);
BUMP_LOCAL(sctp->sctp_opkts);
WAKE_SCTP(sctp);
notify_ulp:
sctp_set_ulp_prop(sctp);
return (0);
default:
ip0dbg(("sctp_connect: invalid state. %d\n", sctp->sctp_state));
WAKE_SCTP(sctp);
return (EINVAL);
}
}
mblk_t *
sctp_init_mp(sctp_t *sctp, sctp_faddr_t *fp)
{
mblk_t *mp;
uchar_t *p;
size_t initlen;
sctp_init_chunk_t *icp;
sctp_chunk_hdr_t *chp;
uint16_t schlen;
int supp_af;
sctp_stack_t *sctps = sctp->sctp_sctps;
conn_t *connp = sctp->sctp_connp;
if (connp->conn_family == AF_INET) {
supp_af = PARM_SUPP_V4;
} else {
if (sctp->sctp_connp->conn_ipv6_v6only)
supp_af = PARM_SUPP_V6;
else
supp_af = PARM_SUPP_V6 | PARM_SUPP_V4;
}
initlen = sizeof (*chp) + sizeof (*icp);
if (sctp->sctp_send_adaptation) {
initlen += (sizeof (sctp_parm_hdr_t) + sizeof (uint32_t));
}
initlen += sctp_supaddr_param_len(sctp);
initlen += sctp_addr_params(sctp, supp_af, NULL, B_TRUE);
if (sctp->sctp_prsctp_aware && sctps->sctps_prsctp_enabled)
initlen += sctp_options_param_len(sctp, SCTP_PRSCTP_OPTION);
/*
* This could be a INIT retransmission in which case sh_verf may
* be non-zero, zero it out just to be sure.
*/
sctp->sctp_sctph->sh_verf = 0;
sctp->sctp_sctph6->sh_verf = 0;
mp = sctp_make_mp(sctp, fp, initlen);
if (mp == NULL) {
SCTP_KSTAT(sctps, sctp_send_init_failed);
return (NULL);
}
/* sctp_make_mp could have discovered we have no usable sources */
if (sctp->sctp_nsaddrs == 0) {
freemsg(mp);
SCTP_KSTAT(sctps, sctp_send_init_failed);
return (NULL);
}
/* Lay in a new INIT chunk, starting with the chunk header */
chp = (sctp_chunk_hdr_t *)mp->b_wptr;
chp->sch_id = CHUNK_INIT;
chp->sch_flags = 0;
schlen = (uint16_t)initlen;
U16_TO_ABE16(schlen, &(chp->sch_len));
mp->b_wptr += initlen;
icp = (sctp_init_chunk_t *)(chp + 1);
icp->sic_inittag = sctp->sctp_lvtag;
U32_TO_ABE32(sctp->sctp_rwnd, &(icp->sic_a_rwnd));
U16_TO_ABE16(sctp->sctp_num_ostr, &(icp->sic_outstr));
U16_TO_ABE16(sctp->sctp_num_istr, &(icp->sic_instr));
U32_TO_ABE32(sctp->sctp_ltsn, &(icp->sic_inittsn));
p = (uchar_t *)(icp + 1);
/* Adaptation layer param */
p += sctp_adaptation_code_param(sctp, p);
/* Add supported address types parameter */
p += sctp_supaddr_param(sctp, p);
/* Add address parameters */
p += sctp_addr_params(sctp, supp_af, p, B_FALSE);
/* Add Forward-TSN-Supported param */
if (sctp->sctp_prsctp_aware && sctps->sctps_prsctp_enabled)
p += sctp_options_param(sctp, p, SCTP_PRSCTP_OPTION);
BUMP_LOCAL(sctp->sctp_obchunks);
sctp_set_iplen(sctp, mp, fp->sf_ixa);
return (mp);
}
void
sctp_user_abort(sctp_t *sctp, mblk_t *data)
{
mblk_t *mp;
int len, hdrlen;
char *cause;
sctp_faddr_t *fp = sctp->sctp_current;
ip_xmit_attr_t *ixa = fp->sf_ixa;
sctp_stack_t *sctps = sctp->sctp_sctps;
/*
* Don't need notification if connection is not yet setup,
* call sctp_clean_death() to reclaim resources.
* Any pending connect call(s) will error out.
*/
if (sctp->sctp_state < SCTPS_COOKIE_WAIT) {
sctp_clean_death(sctp, ECONNABORTED);
return;
}
mp = sctp_make_mp(sctp, fp, 0);
if (mp == NULL) {
SCTP_KSTAT(sctps, sctp_send_user_abort_failed);
return;
}
/*
* Create abort chunk.
*/
if (data) {
if (fp->sf_isv4) {
hdrlen = sctp->sctp_hdr_len;
} else {
hdrlen = sctp->sctp_hdr6_len;
}
hdrlen += sizeof (sctp_chunk_hdr_t) + sizeof (sctp_parm_hdr_t);
cause = (char *)data->b_rptr;
len = data->b_wptr - data->b_rptr;
if (len + hdrlen > fp->sf_pmss) {
len = fp->sf_pmss - hdrlen;
}
} else {
cause = NULL;
len = 0;
}
/*
* Since it is a user abort, we should have the sctp_t and hence
* the correct verification tag. So we should not set the T-bit
* in the ABORT.
*/
if ((len = sctp_link_abort(mp, SCTP_ERR_USER_ABORT, cause, len, 0,
B_FALSE)) < 0) {
freemsg(mp);
return;
}
SCTPS_BUMP_MIB(sctps, sctpAborted);
BUMP_LOCAL(sctp->sctp_opkts);
BUMP_LOCAL(sctp->sctp_obchunks);
sctp_set_iplen(sctp, mp, ixa);
ASSERT(ixa->ixa_ire != NULL);
ASSERT(ixa->ixa_cred != NULL);
(void) conn_ip_output(mp, ixa);
sctp_assoc_event(sctp, SCTP_COMM_LOST, 0, NULL);
sctp_clean_death(sctp, ECONNABORTED);
}
/*
* If iserror == 0, sends an abort. If iserror != 0, sends an error.
*/
void
sctp_send_abort(sctp_t *sctp, uint32_t vtag, uint16_t serror, char *details,
size_t len, mblk_t *inmp, int iserror, boolean_t tbit, ip_recv_attr_t *ira)
{
mblk_t *hmp;
uint32_t ip_hdr_len;
ipha_t *iniph;
ipha_t *ahiph = NULL;
ip6_t *inip6h;
ip6_t *ahip6h = NULL;
sctp_hdr_t *sh;
sctp_hdr_t *insh;
size_t ahlen;
uchar_t *p;
ssize_t alen;
int isv4;
conn_t *connp = sctp->sctp_connp;
sctp_stack_t *sctps = sctp->sctp_sctps;
ip_xmit_attr_t *ixa;
isv4 = (IPH_HDR_VERSION(inmp->b_rptr) == IPV4_VERSION);
if (isv4) {
ahlen = sctp->sctp_hdr_len;
} else {
ahlen = sctp->sctp_hdr6_len;
}
/*
* If this is a labeled system, then check to see if we're allowed to
* send a response to this particular sender. If not, then just drop.
*/
if (is_system_labeled() && !tsol_can_reply_error(inmp, ira))
return;
hmp = allocb(sctps->sctps_wroff_xtra + ahlen, BPRI_MED);
if (hmp == NULL) {
/* XXX no resources */
return;
}
/* copy in the IP / SCTP header */
p = hmp->b_rptr + sctps->sctps_wroff_xtra;
hmp->b_rptr = p;
hmp->b_wptr = p + ahlen;
if (isv4) {
bcopy(sctp->sctp_iphc, p, sctp->sctp_hdr_len);
/*
* Composite is likely incomplete at this point, so pull
* info from the incoming IP / SCTP headers.
*/
ahiph = (ipha_t *)p;
iniph = (ipha_t *)inmp->b_rptr;
ip_hdr_len = IPH_HDR_LENGTH(inmp->b_rptr);
sh = (sctp_hdr_t *)(p + sctp->sctp_ip_hdr_len);
ASSERT(OK_32PTR(sh));
insh = (sctp_hdr_t *)((uchar_t *)iniph + ip_hdr_len);
ASSERT(OK_32PTR(insh));
/* Copy in the peer's IP addr */
ahiph->ipha_dst = iniph->ipha_src;
ahiph->ipha_src = iniph->ipha_dst;
} else {
bcopy(sctp->sctp_iphc6, p, sctp->sctp_hdr6_len);
ahip6h = (ip6_t *)p;
inip6h = (ip6_t *)inmp->b_rptr;
ip_hdr_len = ip_hdr_length_v6(inmp, inip6h);
sh = (sctp_hdr_t *)(p + sctp->sctp_ip_hdr6_len);
ASSERT(OK_32PTR(sh));
insh = (sctp_hdr_t *)((uchar_t *)inip6h + ip_hdr_len);
ASSERT(OK_32PTR(insh));
/* Copy in the peer's IP addr */
ahip6h->ip6_dst = inip6h->ip6_src;
ahip6h->ip6_src = inip6h->ip6_dst;
}
/* Fill in the holes in the SCTP common header */
sh->sh_sport = insh->sh_dport;
sh->sh_dport = insh->sh_sport;
sh->sh_verf = vtag;
/* Link in the abort chunk */
if ((alen = sctp_link_abort(hmp, serror, details, len, iserror, tbit))
< 0) {
freemsg(hmp);
return;
}
/*
* Base the transmission on any routing-related socket options
* that have been set on the listener/connection.
*/
ixa = conn_get_ixa_exclusive(connp);
if (ixa == NULL) {
freemsg(hmp);
return;
}
ixa->ixa_flags &= ~IXAF_VERIFY_PMTU;
ixa->ixa_pktlen = ahlen + alen;
if (isv4) {
ixa->ixa_flags |= IXAF_IS_IPV4;
ahiph->ipha_length = htons(ixa->ixa_pktlen);
ixa->ixa_ip_hdr_length = sctp->sctp_ip_hdr_len;
} else {
ixa->ixa_flags &= ~IXAF_IS_IPV4;
ahip6h->ip6_plen = htons(ixa->ixa_pktlen - IPV6_HDR_LEN);
ixa->ixa_ip_hdr_length = sctp->sctp_ip_hdr6_len;
}
SCTPS_BUMP_MIB(sctps, sctpAborted);
BUMP_LOCAL(sctp->sctp_obchunks);
if (is_system_labeled() && ixa->ixa_tsl != NULL) {
ASSERT(ira->ira_tsl != NULL);
ixa->ixa_tsl = ira->ira_tsl; /* A multi-level responder */
}
if (ira->ira_flags & IRAF_IPSEC_SECURE) {
/*
* Apply IPsec based on how IPsec was applied to
* the packet that caused the abort.
*/
if (!ipsec_in_to_out(ira, ixa, hmp, ahiph, ahip6h)) {
ip_stack_t *ipst = sctps->sctps_netstack->netstack_ip;
BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
/* Note: mp already consumed and ip_drop_packet done */
ixa_refrele(ixa);
return;
}
} else {
ixa->ixa_flags |= IXAF_NO_IPSEC;
}
BUMP_LOCAL(sctp->sctp_opkts);
BUMP_LOCAL(sctp->sctp_obchunks);
(void) ip_output_simple(hmp, ixa);
ixa_refrele(ixa);
}
