1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 #include <sys/types.h>
27 #include <sys/systm.h>
28 #include <sys/stream.h>
29 #include <sys/cmn_err.h>
30 #include <sys/kmem.h>
31 #define _SUN_TPI_VERSION 2
32 #include <sys/tihdr.h>
33 #include <sys/stropts.h>
34 #include <sys/socket.h>
35 #include <sys/random.h>
36 #include <sys/policy.h>
37 #include <sys/tsol/tndb.h>
38 #include <sys/tsol/tnet.h>
39
40 #include <netinet/in.h>
41 #include <netinet/ip6.h>
42
43 #include <inet/common.h>
44 #include <inet/ip.h>
45 #include <inet/ip6.h>
46 #include <inet/ipclassifier.h>
47 #include "sctp_impl.h"
48 #include "sctp_asconf.h"
49 #include "sctp_addr.h"
50
51 /*
52 * Minimum number of associations which can be created per listener. Used
53 * when the listener association count is in effect.
54 */
55 static uint32_t sctp_min_assoc_listener = 2;
56
57 /*
58 * Returns 0 on success, EACCES on permission failure.
59 */
60 static int
61 sctp_select_port(sctp_t *sctp, in_port_t *requested_port, int *user_specified)
62 {
63 sctp_stack_t *sctps = sctp->sctp_sctps;
64 conn_t *connp = sctp->sctp_connp;
65
66 /*
67 * Get a valid port (within the anonymous range and should not
68 * be a privileged one) to use if the user has not given a port.
69 * If multiple threads are here, they may all start with
70 * with the same initial port. But, it should be fine as long as
71 * sctp_bindi will ensure that no two threads will be assigned
72 * the same port.
73 */
74 if (*requested_port == 0) {
75 *requested_port = sctp_update_next_port(
76 sctps->sctps_next_port_to_try,
77 crgetzone(connp->conn_cred), sctps);
78 if (*requested_port == 0)
79 return (EACCES);
80 *user_specified = 0;
81 } else {
82 int i;
83 boolean_t priv = B_FALSE;
84
85 /*
86 * If the requested_port is in the well-known privileged range,
87 * verify that the stream was opened by a privileged user.
88 * Note: No locks are held when inspecting sctp_g_*epriv_ports
89 * but instead the code relies on:
90 * - the fact that the address of the array and its size never
91 * changes
92 * - the atomic assignment of the elements of the array
93 */
94 if (*requested_port < sctps->sctps_smallest_nonpriv_port) {
95 priv = B_TRUE;
96 } else {
97 for (i = 0; i < sctps->sctps_g_num_epriv_ports; i++) {
98 if (*requested_port ==
99 sctps->sctps_g_epriv_ports[i]) {
100 priv = B_TRUE;
101 break;
102 }
103 }
104 }
105 if (priv) {
106 /*
107 * sctp_bind() should take a cred_t argument so that
108 * we can use it here.
109 */
110 if (secpolicy_net_privaddr(connp->conn_cred,
111 *requested_port, IPPROTO_SCTP) != 0) {
112 dprint(1,
113 ("sctp_bind(x): no prive for port %d",
114 *requested_port));
115 return (EACCES);
116 }
117 }
118 *user_specified = 1;
119 }
120
121 return (0);
122 }
123
124 int
125 sctp_listen(sctp_t *sctp)
126 {
127 sctp_tf_t *tf;
128 sctp_stack_t *sctps = sctp->sctp_sctps;
129 conn_t *connp = sctp->sctp_connp;
130
131 RUN_SCTP(sctp);
132 /*
133 * TCP handles listen() increasing the backlog, need to check
134 * if it should be handled here too
135 */
136 if (sctp->sctp_state > SCTPS_BOUND ||
137 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) {
138 WAKE_SCTP(sctp);
139 return (EINVAL);
140 }
141
142 /* Do an anonymous bind for unbound socket doing listen(). */
143 if (sctp->sctp_nsaddrs == 0) {
144 struct sockaddr_storage ss;
145 int ret;
146
147 bzero(&ss, sizeof (ss));
148 ss.ss_family = connp->conn_family;
149
150 WAKE_SCTP(sctp);
151 if ((ret = sctp_bind(sctp, (struct sockaddr *)&ss,
152 sizeof (ss))) != 0)
153 return (ret);
154 RUN_SCTP(sctp)
155 }
156
157 /* Cache things in the ixa without any refhold */
158 ASSERT(!(connp->conn_ixa->ixa_free_flags & IXA_FREE_CRED));
159 connp->conn_ixa->ixa_cred = connp->conn_cred;
160 connp->conn_ixa->ixa_cpid = connp->conn_cpid;
161 if (is_system_labeled())
162 connp->conn_ixa->ixa_tsl = crgetlabel(connp->conn_cred);
163
164 sctp->sctp_state = SCTPS_LISTEN;
165 DTRACE_SCTP6(state__change, void, NULL, ip_xmit_attr_t *,
166 connp->conn_ixa, void, NULL, sctp_t *, sctp, void, NULL,
167 int32_t, SCTPS_BOUND);
168 (void) random_get_pseudo_bytes(sctp->sctp_secret, SCTP_SECRET_LEN);
169 sctp->sctp_last_secret_update = ddi_get_lbolt64();
170 bzero(sctp->sctp_old_secret, SCTP_SECRET_LEN);
171
172 /*
173 * If there is an association limit, allocate and initialize
174 * the counter struct. Note that since listen can be called
175 * multiple times, the struct may have been allready allocated.
176 */
177 if (!list_is_empty(&sctps->sctps_listener_conf) &&
178 sctp->sctp_listen_cnt == NULL) {
179 sctp_listen_cnt_t *slc;
180 uint32_t ratio;
181
182 ratio = sctp_find_listener_conf(sctps,
183 ntohs(connp->conn_lport));
184 if (ratio != 0) {
185 uint32_t mem_ratio, tot_buf;
186
187 slc = kmem_alloc(sizeof (sctp_listen_cnt_t), KM_SLEEP);
188 /*
189 * Calculate the connection limit based on
190 * the configured ratio and maxusers. Maxusers
191 * are calculated based on memory size,
192 * ~ 1 user per MB. Note that the conn_rcvbuf
193 * and conn_sndbuf may change after a
194 * connection is accepted. So what we have
195 * is only an approximation.
196 */
197 if ((tot_buf = connp->conn_rcvbuf +
198 connp->conn_sndbuf) < MB) {
199 mem_ratio = MB / tot_buf;
200 slc->slc_max = maxusers / ratio * mem_ratio;
201 } else {
202 mem_ratio = tot_buf / MB;
203 slc->slc_max = maxusers / ratio / mem_ratio;
204 }
205 /* At least we should allow some associations! */
206 if (slc->slc_max < sctp_min_assoc_listener)
207 slc->slc_max = sctp_min_assoc_listener;
208 slc->slc_cnt = 1;
209 slc->slc_drop = 0;
210 sctp->sctp_listen_cnt = slc;
211 }
212 }
213
214
215 tf = &sctps->sctps_listen_fanout[SCTP_LISTEN_HASH(
216 ntohs(connp->conn_lport))];
217 sctp_listen_hash_insert(tf, sctp);
218
219 WAKE_SCTP(sctp);
220 return (0);
221 }
222
223 /*
224 * Bind the sctp_t to a sockaddr, which includes an address and other
225 * information, such as port or flowinfo.
226 */
227 int
228 sctp_bind(sctp_t *sctp, struct sockaddr *sa, socklen_t len)
229 {
230 int user_specified;
231 boolean_t bind_to_req_port_only;
232 in_port_t requested_port;
233 in_port_t allocated_port;
234 int err = 0;
235 conn_t *connp = sctp->sctp_connp;
236 uint_t scope_id;
237 sin_t *sin;
238 sin6_t *sin6;
239
240 ASSERT(sctp != NULL);
241
242 RUN_SCTP(sctp);
243
244 if ((sctp->sctp_state >= SCTPS_BOUND) ||
245 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING) ||
246 (sa == NULL || len == 0)) {
247 /*
248 * Multiple binds not allowed for any SCTP socket
249 * Also binding with null address is not supported.
250 */
251 err = EINVAL;
252 goto done;
253 }
254
255 switch (sa->sa_family) {
256 case AF_INET:
257 sin = (sin_t *)sa;
258 if (len < sizeof (struct sockaddr_in) ||
259 connp->conn_family == AF_INET6) {
260 err = EINVAL;
261 goto done;
262 }
263 requested_port = ntohs(sin->sin_port);
264 break;
265 case AF_INET6:
266 sin6 = (sin6_t *)sa;
267 if (len < sizeof (struct sockaddr_in6) ||
268 connp->conn_family == AF_INET) {
269 err = EINVAL;
270 goto done;
271 }
272 requested_port = ntohs(sin6->sin6_port);
273 /* Set the flowinfo. */
274 connp->conn_flowinfo =
275 sin6->sin6_flowinfo & ~IPV6_VERS_AND_FLOW_MASK;
276
277 scope_id = sin6->sin6_scope_id;
278 if (scope_id != 0 && IN6_IS_ADDR_LINKSCOPE(&sin6->sin6_addr)) {
279 connp->conn_ixa->ixa_flags |= IXAF_SCOPEID_SET;
280 connp->conn_ixa->ixa_scopeid = scope_id;
281 connp->conn_incoming_ifindex = scope_id;
282 } else {
283 connp->conn_ixa->ixa_flags &= ~IXAF_SCOPEID_SET;
284 connp->conn_incoming_ifindex = connp->conn_bound_if;
285 }
286 break;
287 default:
288 err = EAFNOSUPPORT;
289 goto done;
290 }
291 bind_to_req_port_only = requested_port == 0 ? B_FALSE : B_TRUE;
292
293 err = sctp_select_port(sctp, &requested_port, &user_specified);
294 if (err != 0)
295 goto done;
296
297 if ((err = sctp_bind_add(sctp, sa, 1, B_TRUE,
298 user_specified == 1 ? htons(requested_port) : 0)) != 0) {
299 goto done;
300 }
301 err = sctp_bindi(sctp, requested_port, bind_to_req_port_only,
302 user_specified, &allocated_port);
303 if (err != 0) {
304 sctp_free_saddrs(sctp);
305 } else {
306 ASSERT(sctp->sctp_state == SCTPS_BOUND);
307 }
308 done:
309 WAKE_SCTP(sctp);
310 return (err);
311 }
312
313 /*
314 * Perform bind/unbind operation of a list of addresses on a sctp_t
315 */
316 int
317 sctp_bindx(sctp_t *sctp, const void *addrs, int addrcnt, int bindop)
318 {
319 ASSERT(sctp != NULL);
320 ASSERT(addrs != NULL);
321 ASSERT(addrcnt > 0);
322
323 switch (bindop) {
324 case SCTP_BINDX_ADD_ADDR:
325 return (sctp_bind_add(sctp, addrs, addrcnt, B_FALSE,
326 sctp->sctp_connp->conn_lport));
327 case SCTP_BINDX_REM_ADDR:
328 return (sctp_bind_del(sctp, addrs, addrcnt, B_FALSE));
329 default:
330 return (EINVAL);
331 }
332 }
333
334 /*
335 * Add a list of addresses to a sctp_t.
336 */
337 int
338 sctp_bind_add(sctp_t *sctp, const void *addrs, uint32_t addrcnt,
339 boolean_t caller_hold_lock, in_port_t port)
340 {
341 int err = 0;
342 boolean_t do_asconf = B_FALSE;
343 sctp_stack_t *sctps = sctp->sctp_sctps;
344 conn_t *connp = sctp->sctp_connp;
345
346 if (!caller_hold_lock)
347 RUN_SCTP(sctp);
348
349 if (sctp->sctp_state > SCTPS_ESTABLISHED ||
350 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) {
351 if (!caller_hold_lock)
352 WAKE_SCTP(sctp);
353 return (EINVAL);
354 }
355
356 if (sctp->sctp_state > SCTPS_LISTEN) {
357 /*
358 * Let's do some checking here rather than undoing the
359 * add later (for these reasons).
360 */
361 if (!sctps->sctps_addip_enabled ||
362 !sctp->sctp_understands_asconf ||
363 !sctp->sctp_understands_addip) {
364 if (!caller_hold_lock)
365 WAKE_SCTP(sctp);
366 return (EINVAL);
367 }
368 do_asconf = B_TRUE;
369 }
370 /*
371 * On a clustered node, for an inaddr_any bind, we will pass the list
372 * of all the addresses in the global list, minus any address on the
373 * loopback interface, and expect the clustering susbsystem to give us
374 * the correct list for the 'port'. For explicit binds we give the
375 * list of addresses and the clustering module validates it for the
376 * 'port'.
377 *
378 * On a non-clustered node, cl_sctp_check_addrs will be NULL and
379 * we proceed as usual.
380 */
381 if (cl_sctp_check_addrs != NULL) {
382 uchar_t *addrlist = NULL;
383 size_t size = 0;
384 int unspec = 0;
385 boolean_t do_listen;
386 uchar_t *llist = NULL;
387 size_t lsize = 0;
388
389 /*
390 * If we are adding addresses after listening, but before
391 * an association is established, we need to update the
392 * clustering module with this info.
393 */
394 do_listen = !do_asconf && sctp->sctp_state > SCTPS_BOUND &&
395 cl_sctp_listen != NULL;
396
397 err = sctp_get_addrlist(sctp, addrs, &addrcnt, &addrlist,
398 &unspec, &size);
399 if (err != 0) {
400 ASSERT(addrlist == NULL);
401 ASSERT(addrcnt == 0);
402 ASSERT(size == 0);
403 if (!caller_hold_lock)
404 WAKE_SCTP(sctp);
405 SCTP_KSTAT(sctps, sctp_cl_check_addrs);
406 return (err);
407 }
408 ASSERT(addrlist != NULL);
409 (*cl_sctp_check_addrs)(connp->conn_family, port, &addrlist,
410 size, &addrcnt, unspec == 1);
411 if (addrcnt == 0) {
412 /* We free the list */
413 kmem_free(addrlist, size);
414 if (!caller_hold_lock)
415 WAKE_SCTP(sctp);
416 return (EINVAL);
417 }
418 if (do_listen) {
419 lsize = sizeof (in6_addr_t) * addrcnt;
420 llist = kmem_alloc(lsize, KM_SLEEP);
421 }
422 err = sctp_valid_addr_list(sctp, addrlist, addrcnt, llist,
423 lsize);
424 if (err == 0 && do_listen) {
425 (*cl_sctp_listen)(connp->conn_family, llist,
426 addrcnt, connp->conn_lport);
427 /* list will be freed by the clustering module */
428 } else if (err != 0 && llist != NULL) {
429 kmem_free(llist, lsize);
430 }
431 /* free the list we allocated */
432 kmem_free(addrlist, size);
433 } else {
434 err = sctp_valid_addr_list(sctp, addrs, addrcnt, NULL, 0);
435 }
436 if (err != 0) {
437 if (!caller_hold_lock)
438 WAKE_SCTP(sctp);
439 return (err);
440 }
441 /* Need to send ASCONF messages */
442 if (do_asconf) {
443 err = sctp_add_ip(sctp, addrs, addrcnt);
444 if (err != 0) {
445 sctp_del_saddr_list(sctp, addrs, addrcnt, B_FALSE);
446 if (!caller_hold_lock)
447 WAKE_SCTP(sctp);
448 return (err);
449 }
450 }
451 if (!caller_hold_lock)
452 WAKE_SCTP(sctp);
453 return (0);
454 }
455
456 /*
457 * Remove one or more addresses bound to the sctp_t.
458 */
459 int
460 sctp_bind_del(sctp_t *sctp, const void *addrs, uint32_t addrcnt,
461 boolean_t caller_hold_lock)
462 {
463 int error = 0;
464 boolean_t do_asconf = B_FALSE;
465 uchar_t *ulist = NULL;
466 size_t usize = 0;
467 sctp_stack_t *sctps = sctp->sctp_sctps;
468 conn_t *connp = sctp->sctp_connp;
469
470 if (!caller_hold_lock)
471 RUN_SCTP(sctp);
472
473 if (sctp->sctp_state > SCTPS_ESTABLISHED ||
474 (sctp->sctp_connp->conn_state_flags & CONN_CLOSING)) {
475 if (!caller_hold_lock)
476 WAKE_SCTP(sctp);
477 return (EINVAL);
478 }
479 /*
480 * Fail the remove if we are beyond listen, but can't send this
481 * to the peer.
482 */
483 if (sctp->sctp_state > SCTPS_LISTEN) {
484 if (!sctps->sctps_addip_enabled ||
485 !sctp->sctp_understands_asconf ||
486 !sctp->sctp_understands_addip) {
487 if (!caller_hold_lock)
488 WAKE_SCTP(sctp);
489 return (EINVAL);
490 }
491 do_asconf = B_TRUE;
492 }
493
494 /* Can't delete the last address nor all of the addresses */
495 if (sctp->sctp_nsaddrs == 1 || addrcnt >= sctp->sctp_nsaddrs) {
496 if (!caller_hold_lock)
497 WAKE_SCTP(sctp);
498 return (EINVAL);
499 }
500
501 if (cl_sctp_unlisten != NULL && !do_asconf &&
502 sctp->sctp_state > SCTPS_BOUND) {
503 usize = sizeof (in6_addr_t) * addrcnt;
504 ulist = kmem_alloc(usize, KM_SLEEP);
505 }
506
507 error = sctp_del_ip(sctp, addrs, addrcnt, ulist, usize);
508 if (error != 0) {
509 if (ulist != NULL)
510 kmem_free(ulist, usize);
511 if (!caller_hold_lock)
512 WAKE_SCTP(sctp);
513 return (error);
514 }
515 /* ulist will be non-NULL only if cl_sctp_unlisten is non-NULL */
516 if (ulist != NULL) {
517 ASSERT(cl_sctp_unlisten != NULL);
518 (*cl_sctp_unlisten)(connp->conn_family, ulist, addrcnt,
519 connp->conn_lport);
520 /* ulist will be freed by the clustering module */
521 }
522 if (!caller_hold_lock)
523 WAKE_SCTP(sctp);
524 return (error);
525 }
526
527 /*
528 * Returns 0 for success, errno value otherwise.
529 *
530 * If the "bind_to_req_port_only" parameter is set and the requested port
531 * number is available, then set allocated_port to it. If not available,
532 * return an error.
533 *
534 * If the "bind_to_req_port_only" parameter is not set and the requested port
535 * number is available, then set allocated_port to it. If not available,
536 * find the first anonymous port we can and set allocated_port to that. If no
537 * anonymous ports are available, return an error.
538 *
539 * In either case, when succeeding, update the sctp_t to record the port number
540 * and insert it in the bind hash table.
541 */
542 int
543 sctp_bindi(sctp_t *sctp, in_port_t port, boolean_t bind_to_req_port_only,
544 int user_specified, in_port_t *allocated_port)
545 {
546 /* number of times we have run around the loop */
547 int count = 0;
548 /* maximum number of times to run around the loop */
549 int loopmax;
550 sctp_stack_t *sctps = sctp->sctp_sctps;
551 conn_t *connp = sctp->sctp_connp;
552 zone_t *zone = crgetzone(connp->conn_cred);
553 zoneid_t zoneid = connp->conn_zoneid;
554
555 /*
556 * Lookup for free addresses is done in a loop and "loopmax"
557 * influences how long we spin in the loop
558 */
559 if (bind_to_req_port_only) {
560 /*
561 * If the requested port is busy, don't bother to look
562 * for a new one. Setting loop maximum count to 1 has
563 * that effect.
564 */
565 loopmax = 1;
566 } else {
567 /*
568 * If the requested port is busy, look for a free one
569 * in the anonymous port range.
570 * Set loopmax appropriately so that one does not look
571 * forever in the case all of the anonymous ports are in use.
572 */
573 loopmax = (sctps->sctps_largest_anon_port -
574 sctps->sctps_smallest_anon_port + 1);
575 }
576 do {
577 uint16_t lport;
578 sctp_tf_t *tbf;
579 sctp_t *lsctp;
580 int addrcmp;
581
582 lport = htons(port);
583
584 /*
585 * Ensure that the sctp_t is not currently in the bind hash.
586 * Hold the lock on the hash bucket to ensure that
587 * the duplicate check plus the insertion is an atomic
588 * operation.
589 *
590 * This function does an inline lookup on the bind hash list
591 * Make sure that we access only members of sctp_t
592 * and that we don't look at sctp_sctp, since we are not
593 * doing a SCTPB_REFHOLD. For more details please see the notes
594 * in sctp_compress()
595 */
596 sctp_bind_hash_remove(sctp);
597 tbf = &sctps->sctps_bind_fanout[SCTP_BIND_HASH(port)];
598 mutex_enter(&tbf->tf_lock);
599 for (lsctp = tbf->tf_sctp; lsctp != NULL;
600 lsctp = lsctp->sctp_bind_hash) {
601 conn_t *lconnp = lsctp->sctp_connp;
602
603 if (lport != lconnp->conn_lport ||
604 lsctp->sctp_state < SCTPS_BOUND)
605 continue;
606
607 /*
608 * On a labeled system, we must treat bindings to ports
609 * on shared IP addresses by sockets with MAC exemption
610 * privilege as being in all zones, as there's
611 * otherwise no way to identify the right receiver.
612 */
613 if (lconnp->conn_zoneid != zoneid &&
614 lconnp->conn_mac_mode == CONN_MAC_DEFAULT &&
615 connp->conn_mac_mode == CONN_MAC_DEFAULT)
616 continue;
617
618 addrcmp = sctp_compare_saddrs(sctp, lsctp);
619 if (addrcmp != SCTP_ADDR_DISJOINT) {
620 if (!connp->conn_reuseaddr) {
621 /* in use */
622 break;
623 } else if (lsctp->sctp_state == SCTPS_BOUND ||
624 lsctp->sctp_state == SCTPS_LISTEN) {
625 /*
626 * socket option SO_REUSEADDR is set
627 * on the binding sctp_t.
628 *
629 * We have found a match of IP source
630 * address and source port, which is
631 * refused regardless of the
632 * SO_REUSEADDR setting, so we break.
633 */
634 break;
635 }
636 }
637 }
638 if (lsctp != NULL) {
639 /* The port number is busy */
640 mutex_exit(&tbf->tf_lock);
641 } else {
642 if (is_system_labeled()) {
643 mlp_type_t addrtype, mlptype;
644 uint_t ipversion;
645
646 /*
647 * On a labeled system we must check the type
648 * of the binding requested by the user (either
649 * MLP or SLP on shared and private addresses),
650 * and that the user's requested binding
651 * is permitted.
652 */
653 if (connp->conn_family == AF_INET)
654 ipversion = IPV4_VERSION;
655 else
656 ipversion = IPV6_VERSION;
657
658 addrtype = tsol_mlp_addr_type(
659 connp->conn_allzones ? ALL_ZONES :
660 zone->zone_id,
661 ipversion,
662 connp->conn_family == AF_INET ?
663 (void *)&sctp->sctp_ipha->ipha_src :
664 (void *)&sctp->sctp_ip6h->ip6_src,
665 sctps->sctps_netstack->netstack_ip);
666
667 /*
668 * tsol_mlp_addr_type returns the possibilities
669 * for the selected address. Since all local
670 * addresses are either private or shared, the
671 * return value mlptSingle means "local address
672 * not valid (interface not present)."
673 */
674 if (addrtype == mlptSingle) {
675 mutex_exit(&tbf->tf_lock);
676 return (EADDRNOTAVAIL);
677 }
678 mlptype = tsol_mlp_port_type(zone, IPPROTO_SCTP,
679 port, addrtype);
680 if (mlptype != mlptSingle) {
681 if (secpolicy_net_bindmlp(connp->
682 conn_cred) != 0) {
683 mutex_exit(&tbf->tf_lock);
684 return (EACCES);
685 }
686 /*
687 * If we're binding a shared MLP, then
688 * make sure that this zone is the one
689 * that owns that MLP. Shared MLPs can
690 * be owned by at most one zone.
691 *
692 * No need to handle exclusive-stack
693 * zones since ALL_ZONES only applies
694 * to the shared stack.
695 */
696
697 if (mlptype == mlptShared &&
698 addrtype == mlptShared &&
699 connp->conn_zoneid !=
700 tsol_mlp_findzone(IPPROTO_SCTP,
701 lport)) {
702 mutex_exit(&tbf->tf_lock);
703 return (EACCES);
704 }
705 connp->conn_mlp_type = mlptype;
706 }
707 }
708 /*
709 * This port is ours. Insert in fanout and mark as
710 * bound to prevent others from getting the port
711 * number.
712 */
713 sctp->sctp_state = SCTPS_BOUND;
714 DTRACE_SCTP6(state__change, void, NULL,
715 ip_xmit_attr_t *, connp->conn_ixa, void, NULL,
716 scpt_t *, sctp, void, NULL,
717 int32_t, SCTPS_IDLE);
718 connp->conn_lport = lport;
719
720 ASSERT(&sctps->sctps_bind_fanout[
721 SCTP_BIND_HASH(port)] == tbf);
722 sctp_bind_hash_insert(tbf, sctp, 1);
723
724 mutex_exit(&tbf->tf_lock);
725
726 /*
727 * We don't want sctp_next_port_to_try to "inherit"
728 * a port number supplied by the user in a bind.
729 *
730 * This is the only place where sctp_next_port_to_try
731 * is updated. After the update, it may or may not
732 * be in the valid range.
733 */
734 if (user_specified == 0)
735 sctps->sctps_next_port_to_try = port + 1;
736
737 *allocated_port = port;
738
739 return (0);
740 }
741
742 if ((count == 0) && (user_specified)) {
743 /*
744 * We may have to return an anonymous port. So
745 * get one to start with.
746 */
747 port = sctp_update_next_port(
748 sctps->sctps_next_port_to_try,
749 zone, sctps);
750 user_specified = 0;
751 } else {
752 port = sctp_update_next_port(port + 1, zone, sctps);
753 }
754 if (port == 0)
755 break;
756
757 /*
758 * Don't let this loop run forever in the case where
759 * all of the anonymous ports are in use.
760 */
761 } while (++count < loopmax);
762
763 return (bind_to_req_port_only ? EADDRINUSE : EADDRNOTAVAIL);
764 }
765
766 /*
767 * Don't let port fall into the privileged range.
768 * Since the extra privileged ports can be arbitrary we also
769 * ensure that we exclude those from consideration.
770 * sctp_g_epriv_ports is not sorted thus we loop over it until
771 * there are no changes.
772 *
773 * Note: No locks are held when inspecting sctp_g_*epriv_ports
774 * but instead the code relies on:
775 * - the fact that the address of the array and its size never changes
776 * - the atomic assignment of the elements of the array
777 */
778 in_port_t
779 sctp_update_next_port(in_port_t port, zone_t *zone, sctp_stack_t *sctps)
780 {
781 int i;
782 boolean_t restart = B_FALSE;
783
784 retry:
785 if (port < sctps->sctps_smallest_anon_port)
786 port = sctps->sctps_smallest_anon_port;
787
788 if (port > sctps->sctps_largest_anon_port) {
789 if (restart)
790 return (0);
791 restart = B_TRUE;
792 port = sctps->sctps_smallest_anon_port;
793 }
794
795 if (port < sctps->sctps_smallest_nonpriv_port)
796 port = sctps->sctps_smallest_nonpriv_port;
797
798 for (i = 0; i < sctps->sctps_g_num_epriv_ports; i++) {
799 if (port == sctps->sctps_g_epriv_ports[i]) {
800 port++;
801 /*
802 * Make sure whether the port is in the
803 * valid range.
804 *
805 * XXX Note that if sctp_g_epriv_ports contains
806 * all the anonymous ports this will be an
807 * infinite loop.
808 */
809 goto retry;
810 }
811 }
812
813 if (is_system_labeled() &&
814 (i = tsol_next_port(zone, port, IPPROTO_SCTP, B_TRUE)) != 0) {
815 port = i;
816 goto retry;
817 }
818
819 return (port);
820 }