1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/systm.h> 28 #include <sys/stream.h> 29 #include <sys/cmn_err.h> 30 #include <sys/kmem.h> 31 #define _SUN_TPI_VERSION 2 32 #include <sys/tihdr.h> 33 #include <sys/stropts.h> 34 #include <sys/socket.h> 35 #include <sys/random.h> 36 #include <sys/policy.h> 37 #include <sys/tsol/tndb.h> 38 #include <sys/tsol/tnet.h> 39 40 #include <netinet/in.h> 41 #include <netinet/ip6.h> 42 43 #include <inet/common.h> 44 #include <inet/ip.h> 45 #include <inet/ip6.h> 46 #include <inet/ipclassifier.h> 47 #include "sctp_impl.h" 48 #include "sctp_asconf.h" 49 #include "sctp_addr.h" 50 51 /* 52 * Minimum number of associations which can be created per listener. Used 53 * when the listener association count is in effect. 54 */ 55 static uint32_t sctp_min_assoc_listener = 2; 56 57 /* 58 * Returns 0 on success, EACCES on permission failure. 59 */ 60 static int 61 sctp_select_port(sctp_t *sctp, in_port_t *requested_port, int *user_specified) 62 { 63 sctp_stack_t *sctps = sctp->sctp_sctps; 64 conn_t *connp = sctp->sctp_connp; 65 66 /* 67 * Get a valid port (within the anonymous range and should not 68 * be a privileged one) to use if the user has not given a port. 69 * If multiple threads are here, they may all start with 70 * with the same initial port. But, it should be fine as long as 71 * sctp_bindi will ensure that no two threads will be assigned 72 * the same port. 73 */ 74 if (*requested_port == 0) { 75 *requested_port = sctp_update_next_port( 76 sctps->sctps_next_port_to_try, 77 crgetzone(connp->conn_cred), sctps); 78 if (*requested_port == 0) 79 return (EACCES); 80 *user_specified = 0; 81 } else { 82 int i; 83 boolean_t priv = B_FALSE; 84 85 /* 86 * If the requested_port is in the well-known privileged range, 87 * verify that the stream was opened by a privileged user. 88 * Note: No locks are held when inspecting sctp_g_*epriv_ports 89 * but instead the code relies on: 90 * - the fact that the address of the array and its size never 91 * changes 92 * - the atomic assignment of the elements of the array 93 */ 94 if (*requested_port < sctps->sctps_smallest_nonpriv_port) { 95 priv = B_TRUE; 96 } else { 97 for (i = 0; i < sctps->sctps_g_num_epriv_ports; i++) { 98 if (*requested_port == 99 sctps->sctps_g_epriv_ports[i]) { 100 priv = B_TRUE; 101 break; 102 } 103 } 104 } 105 if (priv) { 106 /* 107 * sctp_bind() should take a cred_t argument so that 108 * we can use it here. 109 */ 110 if (secpolicy_net_privaddr(connp->conn_cred, 111 *requested_port, IPPROTO_SCTP) != 0) { 112 dprint(1, 113 ("sctp_bind(x): no prive for port %d", 114 *requested_port)); 115 return (EACCES); 116 } 117 } 118 *user_specified = 1; 119 } 120 121 return (0); 122 } 123 124 int 125 sctp_listen(sctp_t *sctp) 126 { 127 sctp_tf_t *tf; 128 sctp_stack_t *sctps = sctp->sctp_sctps; 129 conn_t *connp = sctp->sctp_connp; 130 131 RUN_SCTP(sctp); 132 /* 133 * TCP handles listen() increasing the backlog, need to check 134 * if it should be handled here too 135 */ 136 if (sctp->sctp_state > SCTPS_BOUND || 137 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) { 138 WAKE_SCTP(sctp); 139 return (EINVAL); 140 } 141 142 /* Do an anonymous bind for unbound socket doing listen(). */ 143 if (sctp->sctp_nsaddrs == 0) { 144 struct sockaddr_storage ss; 145 int ret; 146 147 bzero(&ss, sizeof (ss)); 148 ss.ss_family = connp->conn_family; 149 150 WAKE_SCTP(sctp); 151 if ((ret = sctp_bind(sctp, (struct sockaddr *)&ss, 152 sizeof (ss))) != 0) 153 return (ret); 154 RUN_SCTP(sctp) 155 } 156 157 /* Cache things in the ixa without any refhold */ 158 ASSERT(!(connp->conn_ixa->ixa_free_flags & IXA_FREE_CRED)); 159 connp->conn_ixa->ixa_cred = connp->conn_cred; 160 connp->conn_ixa->ixa_cpid = connp->conn_cpid; 161 if (is_system_labeled()) 162 connp->conn_ixa->ixa_tsl = crgetlabel(connp->conn_cred); 163 164 sctp->sctp_state = SCTPS_LISTEN; 165 DTRACE_SCTP6(state__change, void, NULL, ip_xmit_attr_t *, 166 connp->conn_ixa, void, NULL, sctp_t *, sctp, void, NULL, 167 int32_t, SCTPS_BOUND); 168 (void) random_get_pseudo_bytes(sctp->sctp_secret, SCTP_SECRET_LEN); 169 sctp->sctp_last_secret_update = ddi_get_lbolt64(); 170 bzero(sctp->sctp_old_secret, SCTP_SECRET_LEN); 171 172 /* 173 * If there is an association limit, allocate and initialize 174 * the counter struct. Note that since listen can be called 175 * multiple times, the struct may have been allready allocated. 176 */ 177 if (!list_is_empty(&sctps->sctps_listener_conf) && 178 sctp->sctp_listen_cnt == NULL) { 179 sctp_listen_cnt_t *slc; 180 uint32_t ratio; 181 182 ratio = sctp_find_listener_conf(sctps, 183 ntohs(connp->conn_lport)); 184 if (ratio != 0) { 185 uint32_t mem_ratio, tot_buf; 186 187 slc = kmem_alloc(sizeof (sctp_listen_cnt_t), KM_SLEEP); 188 /* 189 * Calculate the connection limit based on 190 * the configured ratio and maxusers. Maxusers 191 * are calculated based on memory size, 192 * ~ 1 user per MB. Note that the conn_rcvbuf 193 * and conn_sndbuf may change after a 194 * connection is accepted. So what we have 195 * is only an approximation. 196 */ 197 if ((tot_buf = connp->conn_rcvbuf + 198 connp->conn_sndbuf) < MB) { 199 mem_ratio = MB / tot_buf; 200 slc->slc_max = maxusers / ratio * mem_ratio; 201 } else { 202 mem_ratio = tot_buf / MB; 203 slc->slc_max = maxusers / ratio / mem_ratio; 204 } 205 /* At least we should allow some associations! */ 206 if (slc->slc_max < sctp_min_assoc_listener) 207 slc->slc_max = sctp_min_assoc_listener; 208 slc->slc_cnt = 1; 209 slc->slc_drop = 0; 210 sctp->sctp_listen_cnt = slc; 211 } 212 } 213 214 215 tf = &sctps->sctps_listen_fanout[SCTP_LISTEN_HASH( 216 ntohs(connp->conn_lport))]; 217 sctp_listen_hash_insert(tf, sctp); 218 219 WAKE_SCTP(sctp); 220 return (0); 221 } 222 223 /* 224 * Bind the sctp_t to a sockaddr, which includes an address and other 225 * information, such as port or flowinfo. 226 */ 227 int 228 sctp_bind(sctp_t *sctp, struct sockaddr *sa, socklen_t len) 229 { 230 int user_specified; 231 boolean_t bind_to_req_port_only; 232 in_port_t requested_port; 233 in_port_t allocated_port; 234 int err = 0; 235 conn_t *connp = sctp->sctp_connp; 236 uint_t scope_id; 237 sin_t *sin; 238 sin6_t *sin6; 239 240 ASSERT(sctp != NULL); 241 242 RUN_SCTP(sctp); 243 244 if ((sctp->sctp_state >= SCTPS_BOUND) || 245 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING) || 246 (sa == NULL || len == 0)) { 247 /* 248 * Multiple binds not allowed for any SCTP socket 249 * Also binding with null address is not supported. 250 */ 251 err = EINVAL; 252 goto done; 253 } 254 255 switch (sa->sa_family) { 256 case AF_INET: 257 sin = (sin_t *)sa; 258 if (len < sizeof (struct sockaddr_in) || 259 connp->conn_family == AF_INET6) { 260 err = EINVAL; 261 goto done; 262 } 263 requested_port = ntohs(sin->sin_port); 264 break; 265 case AF_INET6: 266 sin6 = (sin6_t *)sa; 267 if (len < sizeof (struct sockaddr_in6) || 268 connp->conn_family == AF_INET) { 269 err = EINVAL; 270 goto done; 271 } 272 requested_port = ntohs(sin6->sin6_port); 273 /* Set the flowinfo. */ 274 connp->conn_flowinfo = 275 sin6->sin6_flowinfo & ~IPV6_VERS_AND_FLOW_MASK; 276 277 scope_id = sin6->sin6_scope_id; 278 if (scope_id != 0 && IN6_IS_ADDR_LINKSCOPE(&sin6->sin6_addr)) { 279 connp->conn_ixa->ixa_flags |= IXAF_SCOPEID_SET; 280 connp->conn_ixa->ixa_scopeid = scope_id; 281 connp->conn_incoming_ifindex = scope_id; 282 } else { 283 connp->conn_ixa->ixa_flags &= ~IXAF_SCOPEID_SET; 284 connp->conn_incoming_ifindex = connp->conn_bound_if; 285 } 286 break; 287 default: 288 err = EAFNOSUPPORT; 289 goto done; 290 } 291 bind_to_req_port_only = requested_port == 0 ? B_FALSE : B_TRUE; 292 293 err = sctp_select_port(sctp, &requested_port, &user_specified); 294 if (err != 0) 295 goto done; 296 297 if ((err = sctp_bind_add(sctp, sa, 1, B_TRUE, 298 user_specified == 1 ? htons(requested_port) : 0)) != 0) { 299 goto done; 300 } 301 err = sctp_bindi(sctp, requested_port, bind_to_req_port_only, 302 user_specified, &allocated_port); 303 if (err != 0) { 304 sctp_free_saddrs(sctp); 305 } else { 306 ASSERT(sctp->sctp_state == SCTPS_BOUND); 307 } 308 done: 309 WAKE_SCTP(sctp); 310 return (err); 311 } 312 313 /* 314 * Perform bind/unbind operation of a list of addresses on a sctp_t 315 */ 316 int 317 sctp_bindx(sctp_t *sctp, const void *addrs, int addrcnt, int bindop) 318 { 319 ASSERT(sctp != NULL); 320 ASSERT(addrs != NULL); 321 ASSERT(addrcnt > 0); 322 323 switch (bindop) { 324 case SCTP_BINDX_ADD_ADDR: 325 return (sctp_bind_add(sctp, addrs, addrcnt, B_FALSE, 326 sctp->sctp_connp->conn_lport)); 327 case SCTP_BINDX_REM_ADDR: 328 return (sctp_bind_del(sctp, addrs, addrcnt, B_FALSE)); 329 default: 330 return (EINVAL); 331 } 332 } 333 334 /* 335 * Add a list of addresses to a sctp_t. 336 */ 337 int 338 sctp_bind_add(sctp_t *sctp, const void *addrs, uint32_t addrcnt, 339 boolean_t caller_hold_lock, in_port_t port) 340 { 341 int err = 0; 342 boolean_t do_asconf = B_FALSE; 343 sctp_stack_t *sctps = sctp->sctp_sctps; 344 conn_t *connp = sctp->sctp_connp; 345 346 if (!caller_hold_lock) 347 RUN_SCTP(sctp); 348 349 if (sctp->sctp_state > SCTPS_ESTABLISHED || 350 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) { 351 if (!caller_hold_lock) 352 WAKE_SCTP(sctp); 353 return (EINVAL); 354 } 355 356 if (sctp->sctp_state > SCTPS_LISTEN) { 357 /* 358 * Let's do some checking here rather than undoing the 359 * add later (for these reasons). 360 */ 361 if (!sctps->sctps_addip_enabled || 362 !sctp->sctp_understands_asconf || 363 !sctp->sctp_understands_addip) { 364 if (!caller_hold_lock) 365 WAKE_SCTP(sctp); 366 return (EINVAL); 367 } 368 do_asconf = B_TRUE; 369 } 370 /* 371 * On a clustered node, for an inaddr_any bind, we will pass the list 372 * of all the addresses in the global list, minus any address on the 373 * loopback interface, and expect the clustering susbsystem to give us 374 * the correct list for the 'port'. For explicit binds we give the 375 * list of addresses and the clustering module validates it for the 376 * 'port'. 377 * 378 * On a non-clustered node, cl_sctp_check_addrs will be NULL and 379 * we proceed as usual. 380 */ 381 if (cl_sctp_check_addrs != NULL) { 382 uchar_t *addrlist = NULL; 383 size_t size = 0; 384 int unspec = 0; 385 boolean_t do_listen; 386 uchar_t *llist = NULL; 387 size_t lsize = 0; 388 389 /* 390 * If we are adding addresses after listening, but before 391 * an association is established, we need to update the 392 * clustering module with this info. 393 */ 394 do_listen = !do_asconf && sctp->sctp_state > SCTPS_BOUND && 395 cl_sctp_listen != NULL; 396 397 err = sctp_get_addrlist(sctp, addrs, &addrcnt, &addrlist, 398 &unspec, &size); 399 if (err != 0) { 400 ASSERT(addrlist == NULL); 401 ASSERT(addrcnt == 0); 402 ASSERT(size == 0); 403 if (!caller_hold_lock) 404 WAKE_SCTP(sctp); 405 SCTP_KSTAT(sctps, sctp_cl_check_addrs); 406 return (err); 407 } 408 ASSERT(addrlist != NULL); 409 (*cl_sctp_check_addrs)(connp->conn_family, port, &addrlist, 410 size, &addrcnt, unspec == 1); 411 if (addrcnt == 0) { 412 /* We free the list */ 413 kmem_free(addrlist, size); 414 if (!caller_hold_lock) 415 WAKE_SCTP(sctp); 416 return (EINVAL); 417 } 418 if (do_listen) { 419 lsize = sizeof (in6_addr_t) * addrcnt; 420 llist = kmem_alloc(lsize, KM_SLEEP); 421 } 422 err = sctp_valid_addr_list(sctp, addrlist, addrcnt, llist, 423 lsize); 424 if (err == 0 && do_listen) { 425 (*cl_sctp_listen)(connp->conn_family, llist, 426 addrcnt, connp->conn_lport); 427 /* list will be freed by the clustering module */ 428 } else if (err != 0 && llist != NULL) { 429 kmem_free(llist, lsize); 430 } 431 /* free the list we allocated */ 432 kmem_free(addrlist, size); 433 } else { 434 err = sctp_valid_addr_list(sctp, addrs, addrcnt, NULL, 0); 435 } 436 if (err != 0) { 437 if (!caller_hold_lock) 438 WAKE_SCTP(sctp); 439 return (err); 440 } 441 /* Need to send ASCONF messages */ 442 if (do_asconf) { 443 err = sctp_add_ip(sctp, addrs, addrcnt); 444 if (err != 0) { 445 sctp_del_saddr_list(sctp, addrs, addrcnt, B_FALSE); 446 if (!caller_hold_lock) 447 WAKE_SCTP(sctp); 448 return (err); 449 } 450 } 451 if (!caller_hold_lock) 452 WAKE_SCTP(sctp); 453 return (0); 454 } 455 456 /* 457 * Remove one or more addresses bound to the sctp_t. 458 */ 459 int 460 sctp_bind_del(sctp_t *sctp, const void *addrs, uint32_t addrcnt, 461 boolean_t caller_hold_lock) 462 { 463 int error = 0; 464 boolean_t do_asconf = B_FALSE; 465 uchar_t *ulist = NULL; 466 size_t usize = 0; 467 sctp_stack_t *sctps = sctp->sctp_sctps; 468 conn_t *connp = sctp->sctp_connp; 469 470 if (!caller_hold_lock) 471 RUN_SCTP(sctp); 472 473 if (sctp->sctp_state > SCTPS_ESTABLISHED || 474 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) { 475 if (!caller_hold_lock) 476 WAKE_SCTP(sctp); 477 return (EINVAL); 478 } 479 /* 480 * Fail the remove if we are beyond listen, but can't send this 481 * to the peer. 482 */ 483 if (sctp->sctp_state > SCTPS_LISTEN) { 484 if (!sctps->sctps_addip_enabled || 485 !sctp->sctp_understands_asconf || 486 !sctp->sctp_understands_addip) { 487 if (!caller_hold_lock) 488 WAKE_SCTP(sctp); 489 return (EINVAL); 490 } 491 do_asconf = B_TRUE; 492 } 493 494 /* Can't delete the last address nor all of the addresses */ 495 if (sctp->sctp_nsaddrs == 1 || addrcnt >= sctp->sctp_nsaddrs) { 496 if (!caller_hold_lock) 497 WAKE_SCTP(sctp); 498 return (EINVAL); 499 } 500 501 if (cl_sctp_unlisten != NULL && !do_asconf && 502 sctp->sctp_state > SCTPS_BOUND) { 503 usize = sizeof (in6_addr_t) * addrcnt; 504 ulist = kmem_alloc(usize, KM_SLEEP); 505 } 506 507 error = sctp_del_ip(sctp, addrs, addrcnt, ulist, usize); 508 if (error != 0) { 509 if (ulist != NULL) 510 kmem_free(ulist, usize); 511 if (!caller_hold_lock) 512 WAKE_SCTP(sctp); 513 return (error); 514 } 515 /* ulist will be non-NULL only if cl_sctp_unlisten is non-NULL */ 516 if (ulist != NULL) { 517 ASSERT(cl_sctp_unlisten != NULL); 518 (*cl_sctp_unlisten)(connp->conn_family, ulist, addrcnt, 519 connp->conn_lport); 520 /* ulist will be freed by the clustering module */ 521 } 522 if (!caller_hold_lock) 523 WAKE_SCTP(sctp); 524 return (error); 525 } 526 527 /* 528 * Returns 0 for success, errno value otherwise. 529 * 530 * If the "bind_to_req_port_only" parameter is set and the requested port 531 * number is available, then set allocated_port to it. If not available, 532 * return an error. 533 * 534 * If the "bind_to_req_port_only" parameter is not set and the requested port 535 * number is available, then set allocated_port to it. If not available, 536 * find the first anonymous port we can and set allocated_port to that. If no 537 * anonymous ports are available, return an error. 538 * 539 * In either case, when succeeding, update the sctp_t to record the port number 540 * and insert it in the bind hash table. 541 */ 542 int 543 sctp_bindi(sctp_t *sctp, in_port_t port, boolean_t bind_to_req_port_only, 544 int user_specified, in_port_t *allocated_port) 545 { 546 /* number of times we have run around the loop */ 547 int count = 0; 548 /* maximum number of times to run around the loop */ 549 int loopmax; 550 sctp_stack_t *sctps = sctp->sctp_sctps; 551 conn_t *connp = sctp->sctp_connp; 552 zone_t *zone = crgetzone(connp->conn_cred); 553 zoneid_t zoneid = connp->conn_zoneid; 554 555 /* 556 * Lookup for free addresses is done in a loop and "loopmax" 557 * influences how long we spin in the loop 558 */ 559 if (bind_to_req_port_only) { 560 /* 561 * If the requested port is busy, don't bother to look 562 * for a new one. Setting loop maximum count to 1 has 563 * that effect. 564 */ 565 loopmax = 1; 566 } else { 567 /* 568 * If the requested port is busy, look for a free one 569 * in the anonymous port range. 570 * Set loopmax appropriately so that one does not look 571 * forever in the case all of the anonymous ports are in use. 572 */ 573 loopmax = (sctps->sctps_largest_anon_port - 574 sctps->sctps_smallest_anon_port + 1); 575 } 576 do { 577 uint16_t lport; 578 sctp_tf_t *tbf; 579 sctp_t *lsctp; 580 int addrcmp; 581 582 lport = htons(port); 583 584 /* 585 * Ensure that the sctp_t is not currently in the bind hash. 586 * Hold the lock on the hash bucket to ensure that 587 * the duplicate check plus the insertion is an atomic 588 * operation. 589 * 590 * This function does an inline lookup on the bind hash list 591 * Make sure that we access only members of sctp_t 592 * and that we don't look at sctp_sctp, since we are not 593 * doing a SCTPB_REFHOLD. For more details please see the notes 594 * in sctp_compress() 595 */ 596 sctp_bind_hash_remove(sctp); 597 tbf = &sctps->sctps_bind_fanout[SCTP_BIND_HASH(port)]; 598 mutex_enter(&tbf->tf_lock); 599 for (lsctp = tbf->tf_sctp; lsctp != NULL; 600 lsctp = lsctp->sctp_bind_hash) { 601 conn_t *lconnp = lsctp->sctp_connp; 602 603 if (lport != lconnp->conn_lport || 604 lsctp->sctp_state < SCTPS_BOUND) 605 continue; 606 607 /* 608 * On a labeled system, we must treat bindings to ports 609 * on shared IP addresses by sockets with MAC exemption 610 * privilege as being in all zones, as there's 611 * otherwise no way to identify the right receiver. 612 */ 613 if (lconnp->conn_zoneid != zoneid && 614 lconnp->conn_mac_mode == CONN_MAC_DEFAULT && 615 connp->conn_mac_mode == CONN_MAC_DEFAULT) 616 continue; 617 618 addrcmp = sctp_compare_saddrs(sctp, lsctp); 619 if (addrcmp != SCTP_ADDR_DISJOINT) { 620 if (!connp->conn_reuseaddr) { 621 /* in use */ 622 break; 623 } else if (lsctp->sctp_state == SCTPS_BOUND || 624 lsctp->sctp_state == SCTPS_LISTEN) { 625 /* 626 * socket option SO_REUSEADDR is set 627 * on the binding sctp_t. 628 * 629 * We have found a match of IP source 630 * address and source port, which is 631 * refused regardless of the 632 * SO_REUSEADDR setting, so we break. 633 */ 634 break; 635 } 636 } 637 } 638 if (lsctp != NULL) { 639 /* The port number is busy */ 640 mutex_exit(&tbf->tf_lock); 641 } else { 642 if (is_system_labeled()) { 643 mlp_type_t addrtype, mlptype; 644 uint_t ipversion; 645 646 /* 647 * On a labeled system we must check the type 648 * of the binding requested by the user (either 649 * MLP or SLP on shared and private addresses), 650 * and that the user's requested binding 651 * is permitted. 652 */ 653 if (connp->conn_family == AF_INET) 654 ipversion = IPV4_VERSION; 655 else 656 ipversion = IPV6_VERSION; 657 658 addrtype = tsol_mlp_addr_type( 659 connp->conn_allzones ? ALL_ZONES : 660 zone->zone_id, 661 ipversion, 662 connp->conn_family == AF_INET ? 663 (void *)&sctp->sctp_ipha->ipha_src : 664 (void *)&sctp->sctp_ip6h->ip6_src, 665 sctps->sctps_netstack->netstack_ip); 666 667 /* 668 * tsol_mlp_addr_type returns the possibilities 669 * for the selected address. Since all local 670 * addresses are either private or shared, the 671 * return value mlptSingle means "local address 672 * not valid (interface not present)." 673 */ 674 if (addrtype == mlptSingle) { 675 mutex_exit(&tbf->tf_lock); 676 return (EADDRNOTAVAIL); 677 } 678 mlptype = tsol_mlp_port_type(zone, IPPROTO_SCTP, 679 port, addrtype); 680 if (mlptype != mlptSingle) { 681 if (secpolicy_net_bindmlp(connp-> 682 conn_cred) != 0) { 683 mutex_exit(&tbf->tf_lock); 684 return (EACCES); 685 } 686 /* 687 * If we're binding a shared MLP, then 688 * make sure that this zone is the one 689 * that owns that MLP. Shared MLPs can 690 * be owned by at most one zone. 691 * 692 * No need to handle exclusive-stack 693 * zones since ALL_ZONES only applies 694 * to the shared stack. 695 */ 696 697 if (mlptype == mlptShared && 698 addrtype == mlptShared && 699 connp->conn_zoneid != 700 tsol_mlp_findzone(IPPROTO_SCTP, 701 lport)) { 702 mutex_exit(&tbf->tf_lock); 703 return (EACCES); 704 } 705 connp->conn_mlp_type = mlptype; 706 } 707 } 708 /* 709 * This port is ours. Insert in fanout and mark as 710 * bound to prevent others from getting the port 711 * number. 712 */ 713 sctp->sctp_state = SCTPS_BOUND; 714 DTRACE_SCTP6(state__change, void, NULL, 715 ip_xmit_attr_t *, connp->conn_ixa, void, NULL, 716 scpt_t *, sctp, void, NULL, 717 int32_t, SCTPS_IDLE); 718 connp->conn_lport = lport; 719 720 ASSERT(&sctps->sctps_bind_fanout[ 721 SCTP_BIND_HASH(port)] == tbf); 722 sctp_bind_hash_insert(tbf, sctp, 1); 723 724 mutex_exit(&tbf->tf_lock); 725 726 /* 727 * We don't want sctp_next_port_to_try to "inherit" 728 * a port number supplied by the user in a bind. 729 * 730 * This is the only place where sctp_next_port_to_try 731 * is updated. After the update, it may or may not 732 * be in the valid range. 733 */ 734 if (user_specified == 0) 735 sctps->sctps_next_port_to_try = port + 1; 736 737 *allocated_port = port; 738 739 return (0); 740 } 741 742 if ((count == 0) && (user_specified)) { 743 /* 744 * We may have to return an anonymous port. So 745 * get one to start with. 746 */ 747 port = sctp_update_next_port( 748 sctps->sctps_next_port_to_try, 749 zone, sctps); 750 user_specified = 0; 751 } else { 752 port = sctp_update_next_port(port + 1, zone, sctps); 753 } 754 if (port == 0) 755 break; 756 757 /* 758 * Don't let this loop run forever in the case where 759 * all of the anonymous ports are in use. 760 */ 761 } while (++count < loopmax); 762 763 return (bind_to_req_port_only ? EADDRINUSE : EADDRNOTAVAIL); 764 } 765 766 /* 767 * Don't let port fall into the privileged range. 768 * Since the extra privileged ports can be arbitrary we also 769 * ensure that we exclude those from consideration. 770 * sctp_g_epriv_ports is not sorted thus we loop over it until 771 * there are no changes. 772 * 773 * Note: No locks are held when inspecting sctp_g_*epriv_ports 774 * but instead the code relies on: 775 * - the fact that the address of the array and its size never changes 776 * - the atomic assignment of the elements of the array 777 */ 778 in_port_t 779 sctp_update_next_port(in_port_t port, zone_t *zone, sctp_stack_t *sctps) 780 { 781 int i; 782 boolean_t restart = B_FALSE; 783 784 retry: 785 if (port < sctps->sctps_smallest_anon_port) 786 port = sctps->sctps_smallest_anon_port; 787 788 if (port > sctps->sctps_largest_anon_port) { 789 if (restart) 790 return (0); 791 restart = B_TRUE; 792 port = sctps->sctps_smallest_anon_port; 793 } 794 795 if (port < sctps->sctps_smallest_nonpriv_port) 796 port = sctps->sctps_smallest_nonpriv_port; 797 798 for (i = 0; i < sctps->sctps_g_num_epriv_ports; i++) { 799 if (port == sctps->sctps_g_epriv_ports[i]) { 800 port++; 801 /* 802 * Make sure whether the port is in the 803 * valid range. 804 * 805 * XXX Note that if sctp_g_epriv_ports contains 806 * all the anonymous ports this will be an 807 * infinite loop. 808 */ 809 goto retry; 810 } 811 } 812 813 if (is_system_labeled() && 814 (i = tsol_next_port(zone, port, IPPROTO_SCTP, B_TRUE)) != 0) { 815 port = i; 816 goto retry; 817 } 818 819 return (port); 820 }