4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
26 #include <sys/types.h>
27 #include <sys/systm.h>
28 #include <sys/stream.h>
29 #include <sys/cmn_err.h>
32 #include <sys/strsubr.h>
33 #include <sys/random.h>
35 #include <netinet/in.h>
36 #include <netinet/ip6.h>
38 #include <inet/common.h>
41 #include <inet/ipsec_impl.h>
42 #include <inet/sctp_ip.h>
43 #include <inet/ipclassifier.h>
44 #include <inet/sctp/sctp_impl.h>
47 * From RFC 2104. This should probably go into libmd5 (and while
48 * we're at it, maybe we should make a libdigest so we can later
49 * add SHA1 and others, esp. since some weaknesses have been found
52 * text IN pointer to data stream
53 * text_len IN length of data stream
54 * key IN pointer to authentication key
55 * key_len IN length of authentication key
56 * digest OUT caller digest to be filled in
59 hmac_md5(uchar_t
*text
, size_t text_len
, uchar_t
*key
, size_t key_len
,
63 uchar_t k_ipad
[65]; /* inner padding - key XORd with ipad */
64 uchar_t k_opad
[65]; /* outer padding - key XORd with opad */
68 /* if key is longer than 64 bytes reset it to key=MD5(key) */
73 MD5Update(&tctx
, key
, key_len
);
81 * the HMAC_MD5 transform looks like:
83 * MD5(K XOR opad, MD5(K XOR ipad, text))
85 * where K is an n byte key
86 * ipad is the byte 0x36 repeated 64 times
87 * opad is the byte 0x5c repeated 64 times
88 * and text is the data being protected
91 /* start out by storing key in pads */
92 bzero(k_ipad
, sizeof (k_ipad
));
93 bzero(k_opad
, sizeof (k_opad
));
94 bcopy(key
, k_ipad
, key_len
);
95 bcopy(key
, k_opad
, key_len
);
97 /* XOR key with ipad and opad values */
98 for (i
= 0; i
< 64; i
++) {
105 MD5Init(&context
); /* init context for 1st */
107 MD5Update(&context
, k_ipad
, 64); /* start with inner pad */
108 MD5Update(&context
, text
, text_len
); /* then text of datagram */
109 MD5Final(digest
, &context
); /* finish up 1st pass */
113 MD5Init(&context
); /* init context for 2nd */
115 MD5Update(&context
, k_opad
, 64); /* start with outer pad */
116 MD5Update(&context
, digest
, 16); /* then results of 1st */
118 MD5Final(digest
, &context
); /* finish up 2nd pass */
122 * If inmp is non-NULL, and we need to abort, it will use the IP/SCTP
123 * info in initmp to send the abort. Otherwise, no abort will be sent.
125 * When called from stcp_send_initack() while processing parameters
126 * from a received INIT_CHUNK want_cookie will be NULL.
128 * When called from sctp_send_cookie_echo() while processing an INIT_ACK,
129 * want_cookie contains a pointer to a pointer of type *sctp_parm_hdr_t.
130 * However, this last pointer will be NULL until the cookie is processed
131 * at which time it will be set to point to a sctp_parm_hdr_t that contains
134 * Note: an INIT_ACK is expected to contain a cookie.
136 * When processing an INIT_ACK, an ERROR chunk and chain of one or more
137 * error CAUSE blocks will be created if unrecognized parameters marked by
138 * the sender as reportable are found.
140 * When processing an INIT chunk, a chain of one or more error CAUSE blocks
141 * will be created if unrecognized parameters marked by the sender as
142 * reportable are found. These are appended directly to the INIT_ACK chunk.
144 * In both cases the error chain is visible to the caller via *errmp.
146 * Returns 1 if the parameters are OK (or if there are no optional
147 * parameters), returns 0 otherwise.
150 validate_init_params(sctp_t
*sctp
, sctp_chunk_hdr_t
*ch
,
151 sctp_init_chunk_t
*init
, mblk_t
*inmp
, sctp_parm_hdr_t
**want_cookie
,
152 mblk_t
**errmp
, int *supp_af
, uint_t
*sctp_options
, ip_recv_attr_t
*ira
)
154 sctp_parm_hdr_t
*cph
;
155 sctp_init_chunk_t
*ic
;
158 char *details
= NULL
;
160 boolean_t got_cookie
= B_FALSE
;
161 boolean_t got_errchunk
= B_FALSE
;
164 conn_t
*connp
= sctp
->sctp_connp
;
167 ASSERT(errmp
!= NULL
);
169 if (sctp_options
!= NULL
)
172 /* First validate stream parameters */
173 if (init
->sic_instr
== 0 || init
->sic_outstr
== 0) {
174 serror
= SCTP_ERR_BAD_MANDPARM
;
175 dprint(1, ("validate_init_params: bad sid, is=%d os=%d\n",
176 htons(init
->sic_instr
), htons(init
->sic_outstr
)));
179 if (ntohl(init
->sic_inittag
) == 0) {
180 serror
= SCTP_ERR_BAD_MANDPARM
;
181 dprint(1, ("validate_init_params: inittag = 0\n"));
185 remaining
= ntohs(ch
->sch_len
) - sizeof (*ch
);
186 ic
= (sctp_init_chunk_t
*)(ch
+ 1);
187 remaining
-= sizeof (*ic
);
188 if (remaining
< sizeof (*cph
)) {
190 * When processing a received INIT_ACK, a cookie is
191 * expected, if missing there is nothing to validate.
193 if (want_cookie
!= NULL
)
198 cph
= (sctp_parm_hdr_t
*)(ic
+ 1);
200 while (cph
!= NULL
) {
201 ptype
= ntohs(cph
->sph_type
);
204 case PARM_UNRECOGNIZED
:
206 /* just ignore them */
208 case PARM_FORWARD_TSN
:
209 if (sctp_options
!= NULL
)
210 *sctp_options
|= SCTP_PRSCTP_OPTION
;
215 * Processing a received INIT_ACK, we have a cookie
216 * and a valid pointer in our caller to attach it to.
218 if (want_cookie
!= NULL
) {
223 *supp_af
|= PARM_SUPP_V4
;
226 *supp_af
|= PARM_SUPP_V6
;
228 case PARM_COOKIE_PRESERVE
:
229 case PARM_ADAPT_LAYER_IND
:
232 case PARM_ADDR_HOST_NAME
:
233 /* Don't support this; abort the association */
234 serror
= SCTP_ERR_BAD_ADDR
;
235 details
= (char *)cph
;
236 errlen
= ntohs(cph
->sph_len
);
237 dprint(1, ("sctp:validate_init_params: host addr\n"));
239 case PARM_SUPP_ADDRS
: {
240 /* Make sure we have a supported addr intersection */
241 uint16_t *p
, addrtype
;
244 plen
= ntohs(cph
->sph_len
);
245 p
= (uint16_t *)(cph
+ 1);
247 addrtype
= ntohs(*p
);
250 *supp_af
|= PARM_SUPP_V6
;
253 *supp_af
|= PARM_SUPP_V4
;
257 * Do nothing, silently ignore hostname
269 * Handle any unrecognized params, the two high order
270 * bits of ptype define how the remote wants them
273 * 1. Continue processing other params in the chunk
274 * 0. Stop processing params after this one.
276 * 1. Must report this unrecognized param to remote
277 * 0. Obey the top bit silently.
279 if (ptype
& SCTP_REPORT_THIS_PARAM
) {
280 if (!got_errchunk
&& want_cookie
!= NULL
) {
282 * The incoming pointer want_cookie is
283 * NULL so processing an INIT_ACK.
284 * This is the first reportable param,
285 * create an ERROR chunk and populate
286 * it with a CAUSE block for this parm.
288 *errmp
= sctp_make_err(sctp
,
291 ntohs(cph
->sph_len
));
292 got_errchunk
= B_TRUE
;
295 * If processing an INIT_ACK, we already
296 * have an ERROR chunk, just add a new
297 * CAUSE block and update ERROR chunk
299 * If processing an INIT chunk add a new
300 * CAUSE block to the INIT_ACK, in this
301 * case there is no ERROR chunk thus
302 * got_errchunk will be B_FALSE. Chunk
303 * length is computed by our caller.
305 sctp_add_unrec_parm(cph
, errmp
,
309 if (ptype
& SCTP_CONT_PROC_PARAMS
) {
311 * Continue processing params after this
318 * Stop processing params, report any reportable
319 * unrecognized params found so far.
324 cph
= sctp_next_parm(cph
, &remaining
);
328 * Some sanity checks. The following should not fail unless the
329 * other side is broken.
331 * 1. If this is a V4 endpoint but V4 address is not
333 * 2. If this is a V6 only endpoint but V6 address is
334 * not supported, abort. This assumes that a V6
335 * endpoint can use both V4 and V6 addresses.
336 * We only care about supp_af when processing INIT, i.e want_cookie
339 if (want_cookie
== NULL
&&
340 ((connp
->conn_family
== AF_INET
&& !(*supp_af
& PARM_SUPP_V4
)) ||
341 (connp
->conn_family
== AF_INET6
&& !(*supp_af
& PARM_SUPP_V6
) &&
342 sctp
->sctp_connp
->conn_ipv6_v6only
))) {
343 dprint(1, ("sctp:validate_init_params: supp addr\n"));
344 serror
= SCTP_ERR_BAD_ADDR
;
348 if (want_cookie
!= NULL
&& !got_cookie
) {
350 /* Will populate the CAUSE block in the ABORT chunk. */
351 mpc
.mpc_num
= htons(1);
352 mpc
.mpc_param
= htons(PARM_COOKIE
);
355 dprint(1, ("validate_init_params: cookie absent\n"));
356 sctp_send_abort(sctp
, sctp_init2vtag(ch
), SCTP_ERR_MISSING_PARM
,
357 (char *)&mpc
, sizeof (sctp_mpc_t
), inmp
, 0, B_FALSE
, ira
);
365 if (want_cookie
!= NULL
)
368 sctp_send_abort(sctp
, sctp_init2vtag(ch
), serror
, details
,
369 errlen
, inmp
, 0, B_FALSE
, ira
);
374 * Initialize params from the INIT and INIT-ACK when the assoc. is
378 sctp_initialize_params(sctp_t
*sctp
, sctp_init_chunk_t
*init
,
379 sctp_init_chunk_t
*iack
)
381 /* Get initial TSN */
382 sctp
->sctp_ftsn
= ntohl(init
->sic_inittsn
);
383 sctp
->sctp_lastacked
= sctp
->sctp_ftsn
- 1;
385 /* Serial number is initialized to the same value as the TSN */
386 sctp
->sctp_fcsn
= sctp
->sctp_lastacked
;
389 * Get verification tags; no byteordering is necessary, since
390 * verfication tags are never processed except for byte-by-byte
393 sctp
->sctp_fvtag
= init
->sic_inittag
;
394 sctp
->sctp_sctph
->sh_verf
= init
->sic_inittag
;
395 sctp
->sctp_sctph6
->sh_verf
= init
->sic_inittag
;
396 sctp
->sctp_lvtag
= iack
->sic_inittag
;
398 /* Get the peer's rwnd */
399 sctp
->sctp_frwnd
= ntohl(init
->sic_a_rwnd
);
401 /* Allocate the in/out-stream counters */
402 sctp
->sctp_num_ostr
= iack
->sic_outstr
;
403 sctp
->sctp_ostrcntrs
= kmem_zalloc(sizeof (uint16_t) *
404 sctp
->sctp_num_ostr
, KM_NOSLEEP
);
405 if (sctp
->sctp_ostrcntrs
== NULL
)
408 sctp
->sctp_num_istr
= iack
->sic_instr
;
409 sctp
->sctp_instr
= kmem_zalloc(sizeof (*sctp
->sctp_instr
) *
410 sctp
->sctp_num_istr
, KM_NOSLEEP
);
411 if (sctp
->sctp_instr
== NULL
) {
412 kmem_free(sctp
->sctp_ostrcntrs
, sizeof (uint16_t) *
413 sctp
->sctp_num_ostr
);
414 sctp
->sctp_ostrcntrs
= NULL
;
420 #define SCTP_CALC_COOKIE_LEN(initcp) \
421 sizeof (int64_t) + /* timestamp */ \
422 sizeof (uint32_t) + /* cookie lifetime */ \
423 sizeof (sctp_init_chunk_t) + /* INIT ACK */ \
424 sizeof (in6_addr_t) + /* peer's original source */ \
425 ntohs((initcp)->sch_len) + /* peer's INIT */ \
426 sizeof (uint32_t) + /* local tie-tag */ \
427 sizeof (uint32_t) + /* peer tie-tag */ \
428 sizeof (sctp_parm_hdr_t) + /* param header */ \
432 * Note that sctp is the listener, hence we shouldn't modify it.
435 sctp_send_initack(sctp_t
*sctp
, sctp_hdr_t
*initsh
, sctp_chunk_hdr_t
*ch
,
436 mblk_t
*initmp
, ip_recv_attr_t
*ira
)
440 ipha_t
*iackiph
= NULL
;
441 ip6_t
*iackip6h
= NULL
;
442 sctp_chunk_hdr_t
*iack_ch
;
443 sctp_init_chunk_t
*iack
;
444 sctp_init_chunk_t
*init
;
450 sctp_parm_hdr_t
*cookieph
;
463 mblk_t
*errmp
= NULL
;
464 boolean_t initcollision
= B_FALSE
;
465 boolean_t linklocal
= B_FALSE
;
466 sctp_stack_t
*sctps
= sctp
->sctp_sctps
;
467 conn_t
*connp
= sctp
->sctp_connp
;
469 ip_xmit_attr_t
*ixa
= NULL
;
471 BUMP_LOCAL(sctp
->sctp_ibchunks
);
472 isv4
= (IPH_HDR_VERSION(initmp
->b_rptr
) == IPV4_VERSION
);
474 /* Extract the INIT chunk */
476 initiph
= (ipha_t
*)initmp
->b_rptr
;
477 ipsctplen
= sctp
->sctp_ip_hdr_len
;
478 supp_af
|= PARM_SUPP_V4
;
480 initip6h
= (ip6_t
*)initmp
->b_rptr
;
481 ipsctplen
= sctp
->sctp_ip_hdr6_len
;
482 if (IN6_IS_ADDR_LINKLOCAL(&initip6h
->ip6_src
) ||
483 IN6_IS_ADDR_LINKLOCAL(&initip6h
->ip6_dst
))
485 supp_af
|= PARM_SUPP_V6
;
486 if (!sctp
->sctp_connp
->conn_ipv6_v6only
)
487 supp_af
|= PARM_SUPP_V4
;
489 ASSERT(OK_32PTR(initsh
));
490 init
= (sctp_init_chunk_t
*)((char *)(initsh
+ 1) + sizeof (*iack_ch
));
492 /* Make sure we like the peer's parameters */
493 if (validate_init_params(sctp
, ch
, init
, initmp
, NULL
, &errmp
,
494 &supp_af
, &sctp_options
, ira
) == 0) {
498 errlen
= msgdsize(errmp
);
499 if (connp
->conn_family
== AF_INET
) {
501 * Regardless of the supported address in the INIT, v4
504 supp_af
= PARM_SUPP_V4
;
506 if (sctp
->sctp_state
<= SCTPS_LISTEN
) {
507 /* normal, expected INIT: generate new vtag and itsn */
508 (void) random_get_pseudo_bytes((uint8_t *)&itag
, sizeof (itag
));
510 itag
= (uint32_t)gethrtime();
513 } else if (sctp
->sctp_state
== SCTPS_COOKIE_WAIT
||
514 sctp
->sctp_state
== SCTPS_COOKIE_ECHOED
) {
515 /* init collision; copy vtag and itsn from sctp */
516 itag
= sctp
->sctp_lvtag
;
517 itsn
= sctp
->sctp_ltsn
;
519 * In addition we need to send all the params that was sent
520 * in our INIT chunk. Essentially, it is only the supported
521 * address params that we need to add.
523 initcollision
= B_TRUE
;
525 * When we sent the INIT, we should have set linklocal in
526 * the sctp which should be good enough.
531 /* peer restart; generate new vtag but keep everything else */
532 (void) random_get_pseudo_bytes((uint8_t *)&itag
, sizeof (itag
));
534 itag
= (uint32_t)gethrtime();
536 itsn
= sctp
->sctp_ltsn
;
540 * Allocate a mblk for the INIT ACK, consisting of the link layer
541 * header, the IP header, the SCTP common header, and INIT ACK chunk,
542 * and finally the COOKIE parameter.
544 cookielen
= SCTP_CALC_COOKIE_LEN(ch
);
545 iacklen
= sizeof (*iack_ch
) + sizeof (*iack
) + cookielen
;
546 if (sctp
->sctp_send_adaptation
)
547 iacklen
+= (sizeof (sctp_parm_hdr_t
) + sizeof (uint32_t));
548 if (((sctp_options
& SCTP_PRSCTP_OPTION
) || initcollision
) &&
549 sctp
->sctp_prsctp_aware
&& sctps
->sctps_prsctp_enabled
) {
550 iacklen
+= sctp_options_param_len(sctp
, SCTP_PRSCTP_OPTION
);
553 iacklen
+= sctp_supaddr_param_len(sctp
);
555 iacklen
+= sctp_addr_params(sctp
, supp_af
, NULL
, B_FALSE
);
556 ipsctplen
+= sizeof (*iacksh
) + iacklen
;
559 * Padding is applied after the cookie which is the end of chunk
560 * unless CAUSE blocks are appended when the pad must also be
561 * accounted for in iacklen.
563 if ((pad
= ipsctplen
% SCTP_ALIGN
) != 0) {
564 pad
= SCTP_ALIGN
- pad
;
571 * Base the transmission on any routing-related socket options
572 * that have been set on the listener.
574 ixa
= conn_get_ixa_exclusive(connp
);
576 sctp_send_abort(sctp
, sctp_init2vtag(ch
),
577 SCTP_ERR_NO_RESOURCES
, NULL
, 0, initmp
, 0, B_FALSE
, ira
);
580 ixa
->ixa_flags
&= ~IXAF_VERIFY_PMTU
;
583 ixa
->ixa_flags
|= IXAF_IS_IPV4
;
585 ixa
->ixa_flags
&= ~IXAF_IS_IPV4
;
587 iackmp
= allocb(ipsctplen
+ sctps
->sctps_wroff_xtra
, BPRI_MED
);
588 if (iackmp
== NULL
) {
589 sctp_send_abort(sctp
, sctp_init2vtag(ch
),
590 SCTP_ERR_NO_RESOURCES
, NULL
, 0, initmp
, 0, B_FALSE
, ira
);
595 /* Copy in the [imcomplete] IP/SCTP composite header */
596 p
= (char *)(iackmp
->b_rptr
+ sctps
->sctps_wroff_xtra
);
597 iackmp
->b_rptr
= (uchar_t
*)p
;
599 bcopy(sctp
->sctp_iphc
, p
, sctp
->sctp_hdr_len
);
600 iackiph
= (ipha_t
*)p
;
602 /* Copy the peer's IP addr */
603 iackiph
->ipha_dst
= initiph
->ipha_src
;
604 iackiph
->ipha_src
= initiph
->ipha_dst
;
605 iackiph
->ipha_length
= htons(ipsctplen
+ errlen
);
606 iacksh
= (sctp_hdr_t
*)(p
+ sctp
->sctp_ip_hdr_len
);
607 ixa
->ixa_ip_hdr_length
= sctp
->sctp_ip_hdr_len
;
609 bcopy(sctp
->sctp_iphc6
, p
, sctp
->sctp_hdr6_len
);
610 iackip6h
= (ip6_t
*)p
;
612 /* Copy the peer's IP addr */
613 iackip6h
->ip6_dst
= initip6h
->ip6_src
;
614 iackip6h
->ip6_src
= initip6h
->ip6_dst
;
615 iackip6h
->ip6_plen
= htons(ipsctplen
+ errlen
- IPV6_HDR_LEN
);
616 iacksh
= (sctp_hdr_t
*)(p
+ sctp
->sctp_ip_hdr6_len
);
617 ixa
->ixa_ip_hdr_length
= sctp
->sctp_ip_hdr6_len
;
619 ixa
->ixa_pktlen
= ipsctplen
+ errlen
;
621 ASSERT(OK_32PTR(iacksh
));
623 /* Fill in the holes in the SCTP common header */
624 iacksh
->sh_sport
= initsh
->sh_dport
;
625 iacksh
->sh_dport
= initsh
->sh_sport
;
626 iacksh
->sh_verf
= init
->sic_inittag
;
628 /* INIT ACK chunk header */
629 iack_ch
= (sctp_chunk_hdr_t
*)(iacksh
+ 1);
630 iack_ch
->sch_id
= CHUNK_INIT_ACK
;
631 iack_ch
->sch_flags
= 0;
632 iack_ch
->sch_len
= htons(iacklen
);
634 /* The INIT ACK itself */
635 iack
= (sctp_init_chunk_t
*)(iack_ch
+ 1);
636 iack
->sic_inittag
= itag
; /* already in network byteorder */
637 iack
->sic_inittsn
= htonl(itsn
);
639 iack
->sic_a_rwnd
= htonl(sctp
->sctp_rwnd
);
640 /* Advertise what we would want to have as stream #'s */
641 iack
->sic_outstr
= htons(MIN(sctp
->sctp_num_ostr
,
642 ntohs(init
->sic_instr
)));
643 iack
->sic_instr
= htons(sctp
->sctp_num_istr
);
645 p
= (char *)(iack
+ 1);
646 p
+= sctp_adaptation_code_param(sctp
, (uchar_t
*)p
);
648 p
+= sctp_supaddr_param(sctp
, (uchar_t
*)p
);
650 p
+= sctp_addr_params(sctp
, supp_af
, (uchar_t
*)p
, B_FALSE
);
651 if (((sctp_options
& SCTP_PRSCTP_OPTION
) || initcollision
) &&
652 sctp
->sctp_prsctp_aware
&& sctps
->sctps_prsctp_enabled
) {
653 p
+= sctp_options_param(sctp
, p
, SCTP_PRSCTP_OPTION
);
656 * Generate and lay in the COOKIE parameter.
658 * The cookie consists of:
659 * 1. The relative timestamp for the cookie (lbolt64)
660 * 2. The cookie lifetime (uint32_t) in tick
661 * 3. The local tie-tag
662 * 4. The peer tie-tag
663 * 5. Peer's original src, used to confirm the validity of address.
664 * 6. Our INIT ACK chunk, less any parameters
665 * 7. The INIT chunk (may contain parameters)
666 * 8. 128-bit MD5 signature.
668 * Since the timestamp values will only be evaluated locally, we
669 * don't need to worry about byte-ordering them.
671 cookieph
= (sctp_parm_hdr_t
*)p
;
672 cookieph
->sph_type
= htons(PARM_COOKIE
);
673 cookieph
->sph_len
= htons(cookielen
);
676 now
= (int64_t *)(cookieph
+ 1);
677 nowt
= LBOLT_FASTPATH64
;
678 bcopy(&nowt
, now
, sizeof (*now
));
680 /* cookie lifetime -- need configuration */
681 lifetime
= (uint32_t *)(now
+ 1);
682 *lifetime
= sctp
->sctp_cookie_lifetime
;
684 /* Set the tie-tags */
685 ttag
= (uint32_t *)(lifetime
+ 1);
686 if (sctp
->sctp_state
<= SCTPS_COOKIE_WAIT
) {
692 /* local tie-tag (network byte-order) */
693 *ttag
= sctp
->sctp_lvtag
;
695 /* peer tie-tag (network byte-order) */
696 *ttag
= sctp
->sctp_fvtag
;
700 * Copy in peer's original source address so that we can confirm
701 * the reachability later.
705 in6_addr_t peer_addr
;
707 IN6_IPADDR_TO_V4MAPPED(iackiph
->ipha_dst
, &peer_addr
);
708 bcopy(&peer_addr
, p
, sizeof (in6_addr_t
));
710 bcopy(&iackip6h
->ip6_dst
, p
, sizeof (in6_addr_t
));
712 p
+= sizeof (in6_addr_t
);
713 /* Copy in our INIT ACK chunk */
714 bcopy(iack
, p
, sizeof (*iack
));
715 iack
= (sctp_init_chunk_t
*)p
;
716 /* Set the # of streams we'll end up using */
717 iack
->sic_outstr
= MIN(sctp
->sctp_num_ostr
, ntohs(init
->sic_instr
));
718 iack
->sic_instr
= MIN(sctp
->sctp_num_istr
, ntohs(init
->sic_outstr
));
721 /* Copy in the peer's INIT chunk */
722 bcopy(ch
, p
, ntohs(ch
->sch_len
));
723 p
+= ntohs(ch
->sch_len
);
726 * Calculate the HMAC ICV into the digest slot in buf.
727 * First, generate a new secret if the current secret is
728 * older than the new secret lifetime parameter permits,
729 * copying the current secret to sctp_old_secret.
731 if (sctps
->sctps_new_secret_interval
> 0 &&
732 (sctp
->sctp_last_secret_update
+
733 MSEC_TO_TICK(sctps
->sctps_new_secret_interval
)) <= nowt
) {
734 bcopy(sctp
->sctp_secret
, sctp
->sctp_old_secret
,
736 (void) random_get_pseudo_bytes(sctp
->sctp_secret
,
738 sctp
->sctp_last_secret_update
= nowt
;
741 hmac_md5((uchar_t
*)now
, cookielen
- sizeof (*cookieph
) - 16,
742 (uchar_t
*)sctp
->sctp_secret
, SCTP_SECRET_LEN
, (uchar_t
*)p
);
744 iackmp
->b_wptr
= iackmp
->b_rptr
+ ipsctplen
;
746 bzero((iackmp
->b_wptr
- pad
), pad
);
748 iackmp
->b_cont
= errmp
; /* OK if NULL */
750 BUMP_LOCAL(sctp
->sctp_opkts
);
751 BUMP_LOCAL(sctp
->sctp_obchunks
);
753 (void) ip_output_simple(iackmp
, ixa
);
758 sctp_send_cookie_ack(sctp_t
*sctp
)
760 sctp_chunk_hdr_t
*cach
;
762 sctp_stack_t
*sctps
= sctp
->sctp_sctps
;
764 camp
= sctp_make_mp(sctp
, sctp
->sctp_current
, sizeof (*cach
));
766 /* XXX should abort, but don't have the inmp anymore */
767 SCTP_KSTAT(sctps
, sctp_send_cookie_ack_failed
);
771 cach
= (sctp_chunk_hdr_t
*)camp
->b_wptr
;
772 camp
->b_wptr
= (uchar_t
*)(cach
+ 1);
773 cach
->sch_id
= CHUNK_COOKIE_ACK
;
775 cach
->sch_len
= htons(sizeof (*cach
));
777 BUMP_LOCAL(sctp
->sctp_obchunks
);
779 sctp_set_iplen(sctp
, camp
, sctp
->sctp_current
->sf_ixa
);
780 (void) conn_ip_output(camp
, sctp
->sctp_current
->sf_ixa
);
781 BUMP_LOCAL(sctp
->sctp_opkts
);
785 sctp_find_al_ind(sctp_parm_hdr_t
*sph
, ssize_t len
, uint32_t *adaptation_code
)
788 if (len
< sizeof (*sph
))
790 while (sph
!= NULL
) {
791 if (sph
->sph_type
== htons(PARM_ADAPT_LAYER_IND
) &&
792 ntohs(sph
->sph_len
) >= (sizeof (*sph
) +
793 sizeof (uint32_t))) {
794 *adaptation_code
= *(uint32_t *)(sph
+ 1);
797 sph
= sctp_next_parm(sph
, &len
);
803 sctp_send_cookie_echo(sctp_t
*sctp
, sctp_chunk_hdr_t
*iackch
, mblk_t
*iackmp
,
811 sctp_chunk_hdr_t
*cech
;
812 sctp_init_chunk_t
*iack
;
816 sctp_parm_hdr_t
*cph
;
817 sctp_data_hdr_t
*sdc
;
821 mblk_t
*errmp
= NULL
;
824 uint16_t old_num_str
;
825 sctp_stack_t
*sctps
= sctp
->sctp_sctps
;
827 iack
= (sctp_init_chunk_t
*)(iackch
+ 1);
830 if (validate_init_params(sctp
, iackch
, iack
, iackmp
, &cph
, &errmp
,
831 &pad
, &sctp_options
, ira
) == 0) { /* result in 'pad' ignored */
832 SCTPS_BUMP_MIB(sctps
, sctpAborted
);
833 sctp_assoc_event(sctp
, SCTP_CANT_STR_ASSOC
, 0, NULL
);
834 sctp_clean_death(sctp
, ECONNABORTED
);
839 ASSERT(sctp
->sctp_cookie_mp
== NULL
);
841 /* Got a cookie to echo back; allocate an mblk */
842 ceclen
= sizeof (*cech
) + ntohs(cph
->sph_len
) - sizeof (*cph
);
843 if ((pad
= ceclen
& (SCTP_ALIGN
- 1)) != 0)
844 pad
= SCTP_ALIGN
- pad
;
846 if (IPH_HDR_VERSION(iackmp
->b_rptr
) == IPV4_VERSION
)
847 hdrlen
= sctp
->sctp_hdr_len
;
849 hdrlen
= sctp
->sctp_hdr6_len
;
851 cemp
= allocb(sctps
->sctps_wroff_xtra
+ hdrlen
+ ceclen
+ pad
,
854 SCTP_FADDR_TIMER_RESTART(sctp
, sctp
->sctp_current
,
855 sctp
->sctp_current
->sf_rto
);
860 cemp
->b_rptr
+= (sctps
->sctps_wroff_xtra
+ hdrlen
);
862 /* Process the INIT ACK */
863 sctp
->sctp_sctph
->sh_verf
= iack
->sic_inittag
;
864 sctp
->sctp_sctph6
->sh_verf
= iack
->sic_inittag
;
865 sctp
->sctp_fvtag
= iack
->sic_inittag
;
866 sctp
->sctp_ftsn
= ntohl(iack
->sic_inittsn
);
867 sctp
->sctp_lastacked
= sctp
->sctp_ftsn
- 1;
868 sctp
->sctp_fcsn
= sctp
->sctp_lastacked
;
869 sctp
->sctp_frwnd
= ntohl(iack
->sic_a_rwnd
);
872 * Populate sctp with addresses given in the INIT ACK or IP header.
873 * Need to set the df bit in the current fp as it has been cleared
876 sctp
->sctp_current
->sf_df
= B_TRUE
;
877 sctp
->sctp_ipha
->ipha_fragment_offset_and_flags
|= IPH_DF_HTONS
;
880 * Since IP uses this info during the fanout process, we need to hold
881 * the lock for this hash line while performing this operation.
883 /* XXX sctp_conn_fanout + SCTP_CONN_HASH(sctps, connp->conn_ports); */
884 ASSERT(sctp
->sctp_conn_tfp
!= NULL
);
885 tf
= sctp
->sctp_conn_tfp
;
886 /* sctp isn't a listener so only need to hold conn fanout lock */
887 mutex_enter(&tf
->tf_lock
);
888 if (sctp_get_addrparams(sctp
, NULL
, iackmp
, iackch
, NULL
) != 0) {
889 mutex_exit(&tf
->tf_lock
);
891 SCTP_FADDR_TIMER_RESTART(sctp
, sctp
->sctp_current
,
892 sctp
->sctp_current
->sf_rto
);
897 mutex_exit(&tf
->tf_lock
);
899 fp
= sctp
->sctp_current
;
902 * There could be a case when we get an INIT-ACK again, if the INIT
903 * is re-transmitted, for e.g., which means we would have already
904 * allocated this resource earlier (also for sctp_instr). In this
905 * case we check and re-allocate, if necessary.
907 old_num_str
= sctp
->sctp_num_ostr
;
908 if (ntohs(iack
->sic_instr
) < sctp
->sctp_num_ostr
)
909 sctp
->sctp_num_ostr
= ntohs(iack
->sic_instr
);
910 if (sctp
->sctp_ostrcntrs
== NULL
) {
911 sctp
->sctp_ostrcntrs
= kmem_zalloc(sizeof (uint16_t) *
912 sctp
->sctp_num_ostr
, KM_NOSLEEP
);
914 ASSERT(old_num_str
> 0);
915 if (old_num_str
!= sctp
->sctp_num_ostr
) {
916 kmem_free(sctp
->sctp_ostrcntrs
, sizeof (uint16_t) *
918 sctp
->sctp_ostrcntrs
= kmem_zalloc(sizeof (uint16_t) *
919 sctp
->sctp_num_ostr
, KM_NOSLEEP
);
922 if (sctp
->sctp_ostrcntrs
== NULL
) {
924 SCTP_FADDR_TIMER_RESTART(sctp
, fp
, fp
->sf_rto
);
931 * Allocate the in stream tracking array. Comments for sctp_ostrcntrs
934 old_num_str
= sctp
->sctp_num_istr
;
935 if (ntohs(iack
->sic_outstr
) < sctp
->sctp_num_istr
)
936 sctp
->sctp_num_istr
= ntohs(iack
->sic_outstr
);
937 if (sctp
->sctp_instr
== NULL
) {
938 sctp
->sctp_instr
= kmem_zalloc(sizeof (*sctp
->sctp_instr
) *
939 sctp
->sctp_num_istr
, KM_NOSLEEP
);
941 ASSERT(old_num_str
> 0);
942 if (old_num_str
!= sctp
->sctp_num_istr
) {
943 kmem_free(sctp
->sctp_instr
,
944 sizeof (*sctp
->sctp_instr
) * old_num_str
);
945 sctp
->sctp_instr
= kmem_zalloc(
946 sizeof (*sctp
->sctp_instr
) * sctp
->sctp_num_istr
,
950 if (sctp
->sctp_instr
== NULL
) {
951 kmem_free(sctp
->sctp_ostrcntrs
,
952 sizeof (uint16_t) * sctp
->sctp_num_ostr
);
954 SCTP_FADDR_TIMER_RESTART(sctp
, fp
, fp
->sf_rto
);
960 if (!(sctp_options
& SCTP_PRSCTP_OPTION
) && sctp
->sctp_prsctp_aware
)
961 sctp
->sctp_prsctp_aware
= B_FALSE
;
963 if (sctp_find_al_ind((sctp_parm_hdr_t
*)(iack
+ 1),
964 ntohs(iackch
->sch_len
) - (sizeof (*iackch
) + sizeof (*iack
)),
965 &sctp
->sctp_rx_adaptation_code
) == 0) {
966 sctp
->sctp_recv_adaptation
= 1;
969 cech
= (sctp_chunk_hdr_t
*)cemp
->b_rptr
;
970 ASSERT(OK_32PTR(cech
));
971 cech
->sch_id
= CHUNK_COOKIE
;
973 cech
->sch_len
= htons(ceclen
);
975 /* Copy the cookie (less the parm hdr) to the chunk */
976 bcopy(cph
+ 1, cech
+ 1, ceclen
- sizeof (*cph
));
978 cemp
->b_wptr
= cemp
->b_rptr
+ ceclen
;
980 if (sctp
->sctp_unsent
> 0) {
985 mp
= sctp
->sctp_xmit_unsent
;
987 smh
= (sctp_msg_hdr_t
*)mp
->b_rptr
;
988 if (smh
->smh_sid
>= sctp
->sctp_num_ostr
) {
989 unsent
+= smh
->smh_msglen
;
991 prev
->b_next
= mp
->b_next
;
993 sctp
->sctp_xmit_unsent
= mp
->b_next
;
995 sctp_sendfail_event(sctp
, mp
, SCTP_ERR_BAD_SID
,
1000 mp
= sctp
->sctp_xmit_unsent
;
1005 } while (mp
!= NULL
);
1007 ASSERT(sctp
->sctp_unsent
>= unsent
);
1008 sctp
->sctp_unsent
-= unsent
;
1010 * Update ULP the amount of queued data, which is
1011 * sent-unack'ed + unsent.
1012 * This is not necessary, but doesn't harm, we
1013 * just use unsent instead of sent-unack'ed +
1014 * unsent, since there won't be any sent-unack'ed
1017 if (!SCTP_IS_DETACHED(sctp
))
1018 SCTP_TXQ_UPDATE(sctp
);
1020 if (sctp
->sctp_xmit_unsent
== NULL
)
1021 sctp
->sctp_xmit_unsent_tail
= NULL
;
1024 cansend
= MIN(sctp
->sctp_unsent
, sctp
->sctp_frwnd
);
1025 meta
= sctp_get_msg_to_send(sctp
, &mp
, NULL
, &error
, ceclen
,
1028 * The error cannot be anything else since we could have an non-zero
1029 * error only if sctp_get_msg_to_send() tries to send a Forward
1030 * TSN which will not happen here.
1035 sctp
->sctp_xmit_tail
= meta
;
1036 sdc
= (sctp_data_hdr_t
*)mp
->b_rptr
;
1037 seglen
= ntohs(sdc
->sdh_len
);
1038 if ((ceclen
+ seglen
) > fp
->sf_pmss
||
1039 (seglen
- sizeof (*sdc
)) > cansend
) {
1042 /* OK, if this fails */
1043 cemp
->b_cont
= dupmsg(mp
);
1045 head
= sctp_add_proto_hdr(sctp
, fp
, cemp
, 0, NULL
);
1048 SCTP_FADDR_TIMER_RESTART(sctp
, fp
, fp
->sf_rto
);
1051 SCTP_KSTAT(sctps
, sctp_send_cookie_failed
);
1055 * Even if cookie-echo exceeds MTU for one of the hops, it'll
1056 * have a chance of getting there.
1059 ipha_t
*iph
= (ipha_t
*)head
->b_rptr
;
1060 iph
->ipha_fragment_offset_and_flags
= 0;
1062 BUMP_LOCAL(sctp
->sctp_obchunks
);
1064 sctp
->sctp_cookie_mp
= dupmsg(head
);
1065 /* Don't bundle, we will just resend init if this cookie is lost. */
1066 if (sctp
->sctp_cookie_mp
== NULL
) {
1067 if (cemp
->b_cont
!= NULL
) {
1068 freemsg(cemp
->b_cont
);
1069 cemp
->b_cont
= NULL
;
1071 } else if (cemp
->b_cont
!= NULL
) {
1072 ASSERT(mp
!= NULL
&& mp
== meta
->b_cont
);
1073 SCTP_CHUNK_CLEAR_FLAGS(cemp
->b_cont
);
1074 cemp
->b_wptr
+= pad
;
1075 seglen
-= sizeof (*sdc
);
1076 SCTP_CHUNK_SENT(sctp
, mp
, sdc
, fp
, seglen
, meta
);
1078 if (errmp
!= NULL
) {
1079 if (cemp
->b_cont
== NULL
)
1080 cemp
->b_wptr
+= pad
;
1083 sctp
->sctp_state
= SCTPS_COOKIE_ECHOED
;
1084 SCTP_FADDR_TIMER_RESTART(sctp
, fp
, fp
->sf_rto
);
1086 sctp_set_iplen(sctp
, head
, fp
->sf_ixa
);
1087 (void) conn_ip_output(head
, fp
->sf_ixa
);
1088 BUMP_LOCAL(sctp
->sctp_opkts
);
1092 sctp_process_cookie(sctp_t
*sctp
, sctp_chunk_hdr_t
*ch
, mblk_t
*cmp
,
1093 sctp_init_chunk_t
**iackpp
, sctp_hdr_t
*insctph
, int *recv_adaptation
,
1094 in6_addr_t
*peer_addr
, ip_recv_attr_t
*ira
)
1099 uchar_t
*given_hash
;
1100 uchar_t needed_hash
[16];
1104 sctp_init_chunk_t
*iack
;
1105 sctp_chunk_hdr_t
*initch
;
1106 sctp_init_chunk_t
*init
;
1110 sctp_stack_t
*sctps
= sctp
->sctp_sctps
;
1111 conn_t
*connp
= sctp
->sctp_connp
;
1113 BUMP_LOCAL(sctp
->sctp_ibchunks
);
1114 /* Verify the ICV */
1115 clen
= ntohs(ch
->sch_len
) - sizeof (*ch
) - 16;
1117 dprint(1, ("invalid cookie chunk length %d\n",
1118 ntohs(ch
->sch_len
)));
1122 p
= (uchar_t
*)(ch
+ 1);
1124 hmac_md5(p
, clen
, (uchar_t
*)sctp
->sctp_secret
, SCTP_SECRET_LEN
,
1127 /* The given hash follows the cookie data */
1128 given_hash
= p
+ clen
;
1130 if (bcmp(given_hash
, needed_hash
, 16) != 0) {
1131 /* The secret may have changed; try the old secret */
1132 hmac_md5(p
, clen
, (uchar_t
*)sctp
->sctp_old_secret
,
1133 SCTP_SECRET_LEN
, needed_hash
);
1134 if (bcmp(given_hash
, needed_hash
, 16) != 0) {
1139 /* Timestamp is int64_t, and we only guarantee 32-bit alignment */
1140 bcopy(p
, &ts
, sizeof (ts
));
1141 /* Cookie life time, uint32_t */
1142 lt
= (uint32_t *)(p
+ sizeof (ts
));
1145 * To quote PRC, "this is our baby", so let's continue.
1146 * We need to pull out the encapsulated INIT ACK and
1147 * INIT chunks. Note that we don't process these until
1148 * we have verified the timestamp, but we need them before
1149 * processing the timestamp since if the time check fails,
1150 * we need to get the verification tag from the INIT in order
1151 * to send a stale cookie error.
1153 lttag
= (uint32_t *)(lt
+ 1);
1155 if (peer_addr
!= NULL
)
1156 bcopy(fttag
+ 1, peer_addr
, sizeof (in6_addr_t
));
1157 iack
= (sctp_init_chunk_t
*)((char *)(fttag
+ 1) + sizeof (in6_addr_t
));
1158 initch
= (sctp_chunk_hdr_t
*)(iack
+ 1);
1159 init
= (sctp_init_chunk_t
*)(initch
+ 1);
1160 initplen
= ntohs(initch
->sch_len
) - (sizeof (*init
) + sizeof (*initch
));
1162 *recv_adaptation
= 0;
1165 * Check the staleness of the Cookie, specified in 3.3.10.3 of
1168 * The mesaure of staleness is the difference, in microseconds,
1169 * between the current time and the time the State Cookie expires.
1170 * So it is lbolt64 - (ts + *lt). If it is positive, it means
1171 * that the Cookie has expired.
1173 diff
= LBOLT_FASTPATH64
- (ts
+ *lt
);
1174 if (diff
> 0 && (init
->sic_inittag
!= sctp
->sctp_fvtag
||
1175 iack
->sic_inittag
!= sctp
->sctp_lvtag
)) {
1178 staleness
= TICK_TO_USEC(diff
);
1179 staleness
= htonl(staleness
);
1180 sctp_send_abort(sctp
, init
->sic_inittag
, SCTP_ERR_STALE_COOKIE
,
1181 (char *)&staleness
, sizeof (staleness
), cmp
, 1, B_FALSE
,
1184 dprint(1, ("stale cookie %d\n", staleness
));
1189 /* Check for attack by adding addresses to a restart */
1190 bcopy(insctph
, &ports
, sizeof (ports
));
1191 if (sctp_secure_restart_check(cmp
, initch
, ports
, KM_NOSLEEP
,
1196 /* Look for adaptation code if there any parms in the INIT chunk */
1197 if ((initplen
>= sizeof (sctp_parm_hdr_t
)) &&
1198 (sctp_find_al_ind((sctp_parm_hdr_t
*)(init
+ 1), initplen
,
1199 &sctp
->sctp_rx_adaptation_code
) == 0)) {
1200 *recv_adaptation
= 1;
1203 /* Examine tie-tags */
1205 if (sctp
->sctp_state
>= SCTPS_COOKIE_WAIT
) {
1206 if (sctp
->sctp_state
== SCTPS_ESTABLISHED
&&
1207 init
->sic_inittag
== sctp
->sctp_fvtag
&&
1208 iack
->sic_inittag
== sctp
->sctp_lvtag
&&
1209 *fttag
== 0 && *lttag
== 0) {
1211 dprint(1, ("duplicate cookie from %x:%x:%x:%x (%d)\n",
1212 SCTP_PRINTADDR(sctp
->sctp_current
->sf_faddr
),
1213 (int)(connp
->conn_fport
)));
1217 if (init
->sic_inittag
!= sctp
->sctp_fvtag
&&
1218 iack
->sic_inittag
!= sctp
->sctp_lvtag
&&
1219 *fttag
== sctp
->sctp_fvtag
&&
1220 *lttag
== sctp
->sctp_lvtag
) {
1223 /* Section 5.2.4 case A: restart */
1224 sctp
->sctp_fvtag
= init
->sic_inittag
;
1225 sctp
->sctp_lvtag
= iack
->sic_inittag
;
1227 sctp
->sctp_sctph
->sh_verf
= init
->sic_inittag
;
1228 sctp
->sctp_sctph6
->sh_verf
= init
->sic_inittag
;
1230 sctp
->sctp_ftsn
= ntohl(init
->sic_inittsn
);
1231 sctp
->sctp_lastacked
= sctp
->sctp_ftsn
- 1;
1232 sctp
->sctp_frwnd
= ntohl(init
->sic_a_rwnd
);
1233 sctp
->sctp_fcsn
= sctp
->sctp_lastacked
;
1235 if (sctp
->sctp_state
< SCTPS_ESTABLISHED
)
1236 SCTP_ASSOC_EST(sctps
, sctp
);
1238 dprint(1, ("sctp peer %x:%x:%x:%x (%d) restarted\n",
1239 SCTP_PRINTADDR(sctp
->sctp_current
->sf_faddr
),
1240 (int)(connp
->conn_fport
)));
1241 /* reset parameters */
1242 sctp_congest_reset(sctp
);
1244 /* reset stream bookkeeping */
1245 sctp_instream_cleanup(sctp
, B_FALSE
);
1247 sctp
->sctp_istr_nmsgs
= 0;
1248 sctp
->sctp_rxqueued
= 0;
1249 for (i
= 0; i
< sctp
->sctp_num_ostr
; i
++) {
1250 sctp
->sctp_ostrcntrs
[i
] = 0;
1252 /* XXX flush xmit_list? */
1255 } else if (init
->sic_inittag
!= sctp
->sctp_fvtag
&&
1256 iack
->sic_inittag
== sctp
->sctp_lvtag
) {
1258 /* Section 5.2.4 case B: INIT collision */
1259 if (sctp
->sctp_state
< SCTPS_ESTABLISHED
) {
1260 if (!sctp_initialize_params(sctp
, init
, iack
))
1261 return (-1); /* Drop? */
1262 SCTP_ASSOC_EST(sctps
, sctp
);
1265 dprint(1, ("init collision with %x:%x:%x:%x (%d)\n",
1266 SCTP_PRINTADDR(sctp
->sctp_current
->sf_faddr
),
1267 (int)(connp
->conn_fport
)));
1270 } else if (iack
->sic_inittag
!= sctp
->sctp_lvtag
&&
1271 init
->sic_inittag
== sctp
->sctp_fvtag
&&
1272 *fttag
== 0 && *lttag
== 0) {
1274 /* Section 5.2.4 case C: late COOKIE */
1275 dprint(1, ("late cookie from %x:%x:%x:%x (%d)\n",
1276 SCTP_PRINTADDR(sctp
->sctp_current
->sf_faddr
),
1277 (int)(connp
->conn_fport
)));
1279 } else if (init
->sic_inittag
== sctp
->sctp_fvtag
&&
1280 iack
->sic_inittag
== sctp
->sctp_lvtag
) {
1283 * Section 5.2.4 case D: COOKIE ECHO retransmit
1284 * Don't check cookie lifetime
1286 dprint(1, ("cookie tags match from %x:%x:%x:%x (%d)\n",
1287 SCTP_PRINTADDR(sctp
->sctp_current
->sf_faddr
),
1288 (int)(connp
->conn_fport
)));
1289 if (sctp
->sctp_state
< SCTPS_ESTABLISHED
) {
1290 if (!sctp_initialize_params(sctp
, init
, iack
))
1291 return (-1); /* Drop? */
1292 SCTP_ASSOC_EST(sctps
, sctp
);
1296 /* unrecognized case -- silently drop it */
1305 * Similar to ip_fanout_sctp, except that the src addr(s) are drawn
1306 * from address parameters in an INIT ACK's address list. This
1307 * function is used when an INIT ACK is received but IP's fanout
1308 * function could not find a sctp via the normal lookup routine.
1309 * This can happen when a host sends an INIT ACK from a different
1310 * address than the INIT was sent to.
1312 * Returns the sctp_t if found, or NULL if not found.
1315 sctp_addrlist2sctp(mblk_t
*mp
, sctp_hdr_t
*sctph
, sctp_chunk_hdr_t
*ich
,
1316 zoneid_t zoneid
, sctp_stack_t
*sctps
)
1322 in6_addr_t src
, *srcp
= &src
;
1323 sctp_parm_hdr_t
*ph
;
1325 sctp_init_chunk_t
*iack
;
1327 sctp_t
*sctp
= NULL
;
1329 ASSERT(ich
->sch_id
== CHUNK_INIT_ACK
);
1331 isv4
= (IPH_HDR_VERSION(mp
->b_rptr
) == IPV4_VERSION
);
1333 iph
= (ipha_t
*)mp
->b_rptr
;
1334 IN6_IPADDR_TO_V4MAPPED(iph
->ipha_dst
, &dst
);
1336 ip6h
= (ip6_t
*)mp
->b_rptr
;
1337 dst
= ip6h
->ip6_dst
;
1340 ports
= *(uint32_t *)sctph
;
1342 dprint(1, ("sctp_addrlist2sctp: ports=%u, dst = %x:%x:%x:%x\n",
1343 ports
, SCTP_PRINTADDR(dst
)));
1345 /* pull out any address parameters */
1346 remaining
= ntohs(ich
->sch_len
) - sizeof (*ich
) - sizeof (*iack
);
1347 if (remaining
< sizeof (*ph
)) {
1351 iack
= (sctp_init_chunk_t
*)(ich
+ 1);
1352 ph
= (sctp_parm_hdr_t
*)(iack
+ 1);
1354 while (ph
!= NULL
) {
1356 * params have been verified in sctp_check_input(),
1357 * so no need to do it again here.
1359 * According to RFC4960 :
1360 * All integer fields in an SCTP packet MUST be transmitted
1361 * in network byte order, unless otherwise stated.
1362 * Therefore convert the param type to network byte order.
1364 if (ph
->sph_type
== htons(PARM_ADDR4
)) {
1365 IN6_INADDR_TO_V4MAPPED((struct in_addr
*)(ph
+ 1),
1368 sctp
= sctp_conn_match(&srcp
, 1, &dst
, ports
, zoneid
,
1372 ("sctp_addrlist2sctp: src=%x:%x:%x:%x, sctp=%p\n",
1373 SCTP_PRINTADDR(src
), (void *)sctp
));
1379 } else if (ph
->sph_type
== htons(PARM_ADDR6
)) {
1380 srcp
= (in6_addr_t
*)(ph
+ 1);
1381 sctp
= sctp_conn_match(&srcp
, 1, &dst
, ports
, zoneid
,
1385 ("sctp_addrlist2sctp: src=%x:%x:%x:%x, sctp=%p\n",
1386 SCTP_PRINTADDR(src
), (void *)sctp
));
1393 ph
= sctp_next_parm(ph
, &remaining
);