search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
docs/how-to-build.md: use proper markup for directory names
[unleashed/tickless.git] / kernel / net / sctp / sctp_bind.c
blob008c6fd4fdb527c231e8af0226bc50a25cf1ec79
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 #include <sys/types.h>
27 #include <sys/systm.h>
28 #include <sys/stream.h>
29 #include <sys/cmn_err.h>
30 #include <sys/kmem.h>
31 #define _SUN_TPI_VERSION 2
32 #include <sys/tihdr.h>
33 #include <sys/stropts.h>
34 #include <sys/socket.h>
35 #include <sys/random.h>
36 #include <sys/policy.h>
37
38 #include <netinet/in.h>
39 #include <netinet/ip6.h>
40
41 #include <inet/common.h>
42 #include <inet/ip.h>
43 #include <inet/ip6.h>
44 #include <inet/ipclassifier.h>
45 #include <inet/sctp/sctp_impl.h>
46 #include <inet/sctp/sctp_asconf.h>
47 #include <inet/sctp/sctp_addr.h>
48
49 /*
50 * Minimum number of associations which can be created per listener. Used
51 * when the listener association count is in effect.
52 */
53 static uint32_t sctp_min_assoc_listener = 2;
54
55 /*
56 * Returns 0 on success, EACCES on permission failure.
57 */
58 static int
59 sctp_select_port(sctp_t *sctp, in_port_t *requested_port, int *user_specified)
60 {
61 sctp_stack_t *sctps = sctp->sctp_sctps;
62 conn_t *connp = sctp->sctp_connp;
63
64 /*
65 * Get a valid port (within the anonymous range and should not
66 * be a privileged one) to use if the user has not given a port.
67 * If multiple threads are here, they may all start with
68 * with the same initial port. But, it should be fine as long as
69 * sctp_bindi will ensure that no two threads will be assigned
70 * the same port.
71 */
72 if (*requested_port == 0) {
73 *requested_port = sctp_update_next_port(
74 sctps->sctps_next_port_to_try,
75 crgetzone(connp->conn_cred), sctps);
76 if (*requested_port == 0)
77 return (EACCES);
78 *user_specified = 0;
79 } else {
80 int i;
81 boolean_t priv = B_FALSE;
82
83 /*
84 * If the requested_port is in the well-known privileged range,
85 * verify that the stream was opened by a privileged user.
86 * Note: No locks are held when inspecting sctp_g_*epriv_ports
87 * but instead the code relies on:
88 * - the fact that the address of the array and its size never
89 * changes
90 * - the atomic assignment of the elements of the array
91 */
92 if (*requested_port < sctps->sctps_smallest_nonpriv_port) {
93 priv = B_TRUE;
94 } else {
95 for (i = 0; i < sctps->sctps_g_num_epriv_ports; i++) {
96 if (*requested_port ==
97 sctps->sctps_g_epriv_ports[i]) {
98 priv = B_TRUE;
99 break;
100 }
101 }
102 }
103 if (priv) {
104 /*
105 * sctp_bind() should take a cred_t argument so that
106 * we can use it here.
107 */
108 if (secpolicy_net_privaddr(connp->conn_cred,
109 *requested_port, IPPROTO_SCTP) != 0) {
110 dprint(1,
111 ("sctp_bind(x): no prive for port %d",
112 *requested_port));
113 return (EACCES);
114 }
115 }
116 *user_specified = 1;
117 }
118
119 return (0);
120 }
121
122 int
123 sctp_listen(sctp_t *sctp)
124 {
125 sctp_tf_t *tf;
126 sctp_stack_t *sctps = sctp->sctp_sctps;
127 conn_t *connp = sctp->sctp_connp;
128
129 RUN_SCTP(sctp);
130 /*
131 * TCP handles listen() increasing the backlog, need to check
132 * if it should be handled here too
133 */
134 if (sctp->sctp_state > SCTPS_BOUND ||
135 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) {
136 WAKE_SCTP(sctp);
137 return (EINVAL);
138 }
139
140 /* Do an anonymous bind for unbound socket doing listen(). */
141 if (sctp->sctp_nsaddrs == 0) {
142 struct sockaddr_storage ss;
143 int ret;
144
145 bzero(&ss, sizeof (ss));
146 ss.ss_family = connp->conn_family;
147
148 WAKE_SCTP(sctp);
149 if ((ret = sctp_bind(sctp, (struct sockaddr *)&ss,
150 sizeof (ss))) != 0)
151 return (ret);
152 RUN_SCTP(sctp)
153 }
154
155 /* Cache things in the ixa without any refhold */
156 ASSERT(!(connp->conn_ixa->ixa_free_flags & IXA_FREE_CRED));
157 connp->conn_ixa->ixa_cred = connp->conn_cred;
158 connp->conn_ixa->ixa_cpid = connp->conn_cpid;
159
160 sctp->sctp_state = SCTPS_LISTEN;
161 (void) random_get_pseudo_bytes(sctp->sctp_secret, SCTP_SECRET_LEN);
162 sctp->sctp_last_secret_update = ddi_get_lbolt64();
163 bzero(sctp->sctp_old_secret, SCTP_SECRET_LEN);
164
165 /*
166 * If there is an association limit, allocate and initialize
167 * the counter struct. Note that since listen can be called
168 * multiple times, the struct may have been allready allocated.
169 */
170 if (!list_is_empty(&sctps->sctps_listener_conf) &&
171 sctp->sctp_listen_cnt == NULL) {
172 sctp_listen_cnt_t *slc;
173 uint32_t ratio;
174
175 ratio = sctp_find_listener_conf(sctps,
176 ntohs(connp->conn_lport));
177 if (ratio != 0) {
178 uint32_t mem_ratio, tot_buf;
179
180 slc = kmem_alloc(sizeof (sctp_listen_cnt_t), KM_SLEEP);
181 /*
182 * Calculate the connection limit based on
183 * the configured ratio and maxusers. Maxusers
184 * are calculated based on memory size,
185 * ~ 1 user per MB. Note that the conn_rcvbuf
186 * and conn_sndbuf may change after a
187 * connection is accepted. So what we have
188 * is only an approximation.
189 */
190 if ((tot_buf = connp->conn_rcvbuf +
191 connp->conn_sndbuf) < MB) {
192 mem_ratio = MB / tot_buf;
193 slc->slc_max = maxusers / ratio * mem_ratio;
194 } else {
195 mem_ratio = tot_buf / MB;
196 slc->slc_max = maxusers / ratio / mem_ratio;
197 }
198 /* At least we should allow some associations! */
199 if (slc->slc_max < sctp_min_assoc_listener)
200 slc->slc_max = sctp_min_assoc_listener;
201 slc->slc_cnt = 1;
202 slc->slc_drop = 0;
203 sctp->sctp_listen_cnt = slc;
204 }
205 }
206
207
208 tf = &sctps->sctps_listen_fanout[SCTP_LISTEN_HASH(
209 ntohs(connp->conn_lport))];
210 sctp_listen_hash_insert(tf, sctp);
211
212 WAKE_SCTP(sctp);
213 return (0);
214 }
215
216 /*
217 * Bind the sctp_t to a sockaddr, which includes an address and other
218 * information, such as port or flowinfo.
219 */
220 int
221 sctp_bind(sctp_t *sctp, struct sockaddr *sa, socklen_t len)
222 {
223 int user_specified;
224 boolean_t bind_to_req_port_only;
225 in_port_t requested_port;
226 in_port_t allocated_port;
227 int err = 0;
228 conn_t *connp = sctp->sctp_connp;
229 uint_t scope_id;
230 sin_t *sin;
231 sin6_t *sin6;
232
233 ASSERT(sctp != NULL);
234
235 RUN_SCTP(sctp);
236
237 if ((sctp->sctp_state >= SCTPS_BOUND) ||
238 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING) ||
239 (sa == NULL || len == 0)) {
240 /*
241 * Multiple binds not allowed for any SCTP socket
242 * Also binding with null address is not supported.
243 */
244 err = EINVAL;
245 goto done;
246 }
247
248 switch (sa->sa_family) {
249 case AF_INET:
250 sin = (sin_t *)sa;
251 if (len < sizeof (struct sockaddr_in) ||
252 connp->conn_family == AF_INET6) {
253 err = EINVAL;
254 goto done;
255 }
256 requested_port = ntohs(sin->sin_port);
257 break;
258 case AF_INET6:
259 sin6 = (sin6_t *)sa;
260 if (len < sizeof (struct sockaddr_in6) ||
261 connp->conn_family == AF_INET) {
262 err = EINVAL;
263 goto done;
264 }
265 requested_port = ntohs(sin6->sin6_port);
266 /* Set the flowinfo. */
267 connp->conn_flowinfo =
268 sin6->sin6_flowinfo & ~IPV6_VERS_AND_FLOW_MASK;
269
270 scope_id = sin6->sin6_scope_id;
271 if (scope_id != 0 && IN6_IS_ADDR_LINKSCOPE(&sin6->sin6_addr)) {
272 connp->conn_ixa->ixa_flags |= IXAF_SCOPEID_SET;
273 connp->conn_ixa->ixa_scopeid = scope_id;
274 connp->conn_incoming_ifindex = scope_id;
275 } else {
276 connp->conn_ixa->ixa_flags &= ~IXAF_SCOPEID_SET;
277 connp->conn_incoming_ifindex = connp->conn_bound_if;
278 }
279 break;
280 default:
281 err = EAFNOSUPPORT;
282 goto done;
283 }
284 bind_to_req_port_only = requested_port == 0 ? B_FALSE : B_TRUE;
285
286 err = sctp_select_port(sctp, &requested_port, &user_specified);
287 if (err != 0)
288 goto done;
289
290 if ((err = sctp_bind_add(sctp, sa, 1, B_TRUE)) != 0) {
291 goto done;
292 }
293 err = sctp_bindi(sctp, requested_port, bind_to_req_port_only,
294 user_specified, &allocated_port);
295 if (err != 0) {
296 sctp_free_saddrs(sctp);
297 } else {
298 ASSERT(sctp->sctp_state == SCTPS_BOUND);
299 }
300 done:
301 WAKE_SCTP(sctp);
302 return (err);
303 }
304
305 /*
306 * Perform bind/unbind operation of a list of addresses on a sctp_t
307 */
308 int
309 sctp_bindx(sctp_t *sctp, const void *addrs, int addrcnt, int bindop)
310 {
311 ASSERT(sctp != NULL);
312 ASSERT(addrs != NULL);
313 ASSERT(addrcnt > 0);
314
315 switch (bindop) {
316 case SCTP_BINDX_ADD_ADDR:
317 return (sctp_bind_add(sctp, addrs, addrcnt, B_FALSE));
318 case SCTP_BINDX_REM_ADDR:
319 return (sctp_bind_del(sctp, addrs, addrcnt, B_FALSE));
320 default:
321 return (EINVAL);
322 }
323 }
324
325 /*
326 * Add a list of addresses to a sctp_t.
327 */
328 int
329 sctp_bind_add(sctp_t *sctp, const void *addrs, uint32_t addrcnt,
330 boolean_t caller_hold_lock)
331 {
332 int err = 0;
333 boolean_t do_asconf = B_FALSE;
334 sctp_stack_t *sctps = sctp->sctp_sctps;
335
336 if (!caller_hold_lock)
337 RUN_SCTP(sctp);
338
339 if (sctp->sctp_state > SCTPS_ESTABLISHED ||
340 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) {
341 if (!caller_hold_lock)
342 WAKE_SCTP(sctp);
343 return (EINVAL);
344 }
345
346 if (sctp->sctp_state > SCTPS_LISTEN) {
347 /*
348 * Let's do some checking here rather than undoing the
349 * add later (for these reasons).
350 */
351 if (!sctps->sctps_addip_enabled ||
352 !sctp->sctp_understands_asconf ||
353 !sctp->sctp_understands_addip) {
354 if (!caller_hold_lock)
355 WAKE_SCTP(sctp);
356 return (EINVAL);
357 }
358 do_asconf = B_TRUE;
359 }
360 err = sctp_valid_addr_list(sctp, addrs, addrcnt, NULL, 0);
361 if (err != 0) {
362 if (!caller_hold_lock)
363 WAKE_SCTP(sctp);
364 return (err);
365 }
366 /* Need to send ASCONF messages */
367 if (do_asconf) {
368 err = sctp_add_ip(sctp, addrs, addrcnt);
369 if (err != 0) {
370 sctp_del_saddr_list(sctp, addrs, addrcnt, B_FALSE);
371 if (!caller_hold_lock)
372 WAKE_SCTP(sctp);
373 return (err);
374 }
375 }
376 if (!caller_hold_lock)
377 WAKE_SCTP(sctp);
378 return (0);
379 }
380
381 /*
382 * Remove one or more addresses bound to the sctp_t.
383 */
384 int
385 sctp_bind_del(sctp_t *sctp, const void *addrs, uint32_t addrcnt,
386 boolean_t caller_hold_lock)
387 {
388 int error = 0;
389 sctp_stack_t *sctps = sctp->sctp_sctps;
390
391 if (!caller_hold_lock)
392 RUN_SCTP(sctp);
393
394 if (sctp->sctp_state > SCTPS_ESTABLISHED ||
395 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) {
396 if (!caller_hold_lock)
397 WAKE_SCTP(sctp);
398 return (EINVAL);
399 }
400 /*
401 * Fail the remove if we are beyond listen, but can't send this
402 * to the peer.
403 */
404 if (sctp->sctp_state > SCTPS_LISTEN) {
405 if (!sctps->sctps_addip_enabled ||
406 !sctp->sctp_understands_asconf ||
407 !sctp->sctp_understands_addip) {
408 if (!caller_hold_lock)
409 WAKE_SCTP(sctp);
410 return (EINVAL);
411 }
412 }
413
414 /* Can't delete the last address nor all of the addresses */
415 if (sctp->sctp_nsaddrs == 1 || addrcnt >= sctp->sctp_nsaddrs) {
416 if (!caller_hold_lock)
417 WAKE_SCTP(sctp);
418 return (EINVAL);
419 }
420
421 error = sctp_del_ip(sctp, addrs, addrcnt);
422 if (error != 0) {
423 if (!caller_hold_lock)
424 WAKE_SCTP(sctp);
425 return (error);
426 }
427 if (!caller_hold_lock)
428 WAKE_SCTP(sctp);
429 return (error);
430 }
431
432 /*
433 * Returns 0 for success, errno value otherwise.
434 *
435 * If the "bind_to_req_port_only" parameter is set and the requested port
436 * number is available, then set allocated_port to it. If not available,
437 * return an error.
438 *
439 * If the "bind_to_req_port_only" parameter is not set and the requested port
440 * number is available, then set allocated_port to it. If not available,
441 * find the first anonymous port we can and set allocated_port to that. If no
442 * anonymous ports are available, return an error.
443 *
444 * In either case, when succeeding, update the sctp_t to record the port number
445 * and insert it in the bind hash table.
446 */
447 int
448 sctp_bindi(sctp_t *sctp, in_port_t port, boolean_t bind_to_req_port_only,
449 int user_specified, in_port_t *allocated_port)
450 {
451 /* number of times we have run around the loop */
452 int count = 0;
453 /* maximum number of times to run around the loop */
454 int loopmax;
455 sctp_stack_t *sctps = sctp->sctp_sctps;
456 conn_t *connp = sctp->sctp_connp;
457 zone_t *zone = crgetzone(connp->conn_cred);
458 zoneid_t zoneid = connp->conn_zoneid;
459
460 /*
461 * Lookup for free addresses is done in a loop and "loopmax"
462 * influences how long we spin in the loop
463 */
464 if (bind_to_req_port_only) {
465 /*
466 * If the requested port is busy, don't bother to look
467 * for a new one. Setting loop maximum count to 1 has
468 * that effect.
469 */
470 loopmax = 1;
471 } else {
472 /*
473 * If the requested port is busy, look for a free one
474 * in the anonymous port range.
475 * Set loopmax appropriately so that one does not look
476 * forever in the case all of the anonymous ports are in use.
477 */
478 loopmax = (sctps->sctps_largest_anon_port -
479 sctps->sctps_smallest_anon_port + 1);
480 }
481 do {
482 uint16_t lport;
483 sctp_tf_t *tbf;
484 sctp_t *lsctp;
485 int addrcmp;
486
487 lport = htons(port);
488
489 /*
490 * Ensure that the sctp_t is not currently in the bind hash.
491 * Hold the lock on the hash bucket to ensure that
492 * the duplicate check plus the insertion is an atomic
493 * operation.
494 *
495 * This function does an inline lookup on the bind hash list
496 * Make sure that we access only members of sctp_t
497 * and that we don't look at sctp_sctp, since we are not
498 * doing a SCTPB_REFHOLD. For more details please see the notes
499 * in sctp_compress()
500 */
501 sctp_bind_hash_remove(sctp);
502 tbf = &sctps->sctps_bind_fanout[SCTP_BIND_HASH(port)];
503 mutex_enter(&tbf->tf_lock);
504 for (lsctp = tbf->tf_sctp; lsctp != NULL;
505 lsctp = lsctp->sctp_bind_hash) {
506 conn_t *lconnp = lsctp->sctp_connp;
507
508 if (lport != lconnp->conn_lport ||
509 lsctp->sctp_state < SCTPS_BOUND)
510 continue;
511
512 if (lconnp->conn_zoneid != zoneid)
513 continue;
514
515 addrcmp = sctp_compare_saddrs(sctp, lsctp);
516 if (addrcmp != SCTP_ADDR_DISJOINT) {
517 if (!connp->conn_reuseaddr) {
518 /* in use */
519 break;
520 } else if (lsctp->sctp_state == SCTPS_BOUND ||
521 lsctp->sctp_state == SCTPS_LISTEN) {
522 /*
523 * socket option SO_REUSEADDR is set
524 * on the binding sctp_t.
525 *
526 * We have found a match of IP source
527 * address and source port, which is
528 * refused regardless of the
529 * SO_REUSEADDR setting, so we break.
530 */
531 break;
532 }
533 }
534 }
535 if (lsctp != NULL) {
536 /* The port number is busy */
537 mutex_exit(&tbf->tf_lock);
538 } else {
539 /*
540 * This port is ours. Insert in fanout and mark as
541 * bound to prevent others from getting the port
542 * number.
543 */
544 sctp->sctp_state = SCTPS_BOUND;
545 connp->conn_lport = lport;
546
547 ASSERT(&sctps->sctps_bind_fanout[
548 SCTP_BIND_HASH(port)] == tbf);
549 sctp_bind_hash_insert(tbf, sctp, 1);
550
551 mutex_exit(&tbf->tf_lock);
552
553 /*
554 * We don't want sctp_next_port_to_try to "inherit"
555 * a port number supplied by the user in a bind.
556 *
557 * This is the only place where sctp_next_port_to_try
558 * is updated. After the update, it may or may not
559 * be in the valid range.
560 */
561 if (user_specified == 0)
562 sctps->sctps_next_port_to_try = port + 1;
563
564 *allocated_port = port;
565
566 return (0);
567 }
568
569 if ((count == 0) && (user_specified)) {
570 /*
571 * We may have to return an anonymous port. So
572 * get one to start with.
573 */
574 port = sctp_update_next_port(
575 sctps->sctps_next_port_to_try,
576 zone, sctps);
577 user_specified = 0;
578 } else {
579 port = sctp_update_next_port(port + 1, zone, sctps);
580 }
581 if (port == 0)
582 break;
583
584 /*
585 * Don't let this loop run forever in the case where
586 * all of the anonymous ports are in use.
587 */
588 } while (++count < loopmax);
589
590 return (bind_to_req_port_only ? EADDRINUSE : EADDRNOTAVAIL);
591 }
592
593 /*
594 * Don't let port fall into the privileged range.
595 * Since the extra privileged ports can be arbitrary we also
596 * ensure that we exclude those from consideration.
597 * sctp_g_epriv_ports is not sorted thus we loop over it until
598 * there are no changes.
599 *
600 * Note: No locks are held when inspecting sctp_g_*epriv_ports
601 * but instead the code relies on:
602 * - the fact that the address of the array and its size never changes
603 * - the atomic assignment of the elements of the array
604 */
605 in_port_t
606 sctp_update_next_port(in_port_t port, zone_t *zone, sctp_stack_t *sctps)
607 {
608 int i;
609 boolean_t restart = B_FALSE;
610
611 retry:
612 if (port < sctps->sctps_smallest_anon_port)
613 port = sctps->sctps_smallest_anon_port;
614
615 if (port > sctps->sctps_largest_anon_port) {
616 if (restart)
617 return (0);
618 restart = B_TRUE;
619 port = sctps->sctps_smallest_anon_port;
620 }
621
622 if (port < sctps->sctps_smallest_nonpriv_port)
623 port = sctps->sctps_smallest_nonpriv_port;
624
625 for (i = 0; i < sctps->sctps_g_num_epriv_ports; i++) {
626 if (port == sctps->sctps_g_epriv_ports[i]) {
627 port++;
628 /*
629 * Make sure whether the port is in the
630 * valid range.
631 *
632 * XXX Note that if sctp_g_epriv_ports contains
633 * all the anonymous ports this will be an
634 * infinite loop.
635 */
636 goto retry;
637 }
638 }
639
640 return (port);
641 }
unleashed repo fork