diff options
Diffstat (limited to 'freebsd/sys/netinet/sctputil.c')
-rw-r--r-- | freebsd/sys/netinet/sctputil.c | 138 |
1 files changed, 90 insertions, 48 deletions
diff --git a/freebsd/sys/netinet/sctputil.c b/freebsd/sys/netinet/sctputil.c index 15928d8b..6cd82739 100644 --- a/freebsd/sys/netinet/sctputil.c +++ b/freebsd/sys/netinet/sctputil.c @@ -2604,7 +2604,7 @@ sctp_notify_assoc_change(uint16_t state, struct sctp_tcb *stcb, if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVASSOCEVNT)) { notif_len = sizeof(struct sctp_assoc_change); if (abort != NULL) { - abort_len = htons(abort->ch.chunk_length); + abort_len = ntohs(abort->ch.chunk_length); } else { abort_len = 0; } @@ -2624,6 +2624,7 @@ sctp_notify_assoc_change(uint16_t state, struct sctp_tcb *stcb, } SCTP_BUF_NEXT(m_notify) = NULL; sac = mtod(m_notify, struct sctp_assoc_change *); + memset(sac, 0, notif_len); sac->sac_type = SCTP_ASSOC_CHANGE; sac->sac_flags = 0; sac->sac_length = sizeof(struct sctp_assoc_change); @@ -2837,21 +2838,21 @@ sctp_notify_send_failed(struct sctp_tcb *stcb, uint8_t sent, uint32_t error, if (m_notify == NULL) /* no space left */ return; - length += chk->send_size; - length -= sizeof(struct sctp_data_chunk); SCTP_BUF_LEN(m_notify) = 0; if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { ssfe = mtod(m_notify, struct sctp_send_failed_event *); + memset(ssfe, 0, length); ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; if (sent) { ssfe->ssfe_flags = SCTP_DATA_SENT; } else { ssfe->ssfe_flags = SCTP_DATA_UNSENT; } + length += chk->send_size; + length -= sizeof(struct sctp_data_chunk); ssfe->ssfe_length = length; ssfe->ssfe_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssfe->ssfe_info, sizeof(ssfe->ssfe_info)); ssfe->ssfe_info.snd_sid = chk->rec.data.stream_number; ssfe->ssfe_info.snd_flags = chk->rec.data.rcv_flags; ssfe->ssfe_info.snd_ppid = chk->rec.data.payloadtype; @@ -2861,12 +2862,15 @@ sctp_notify_send_failed(struct sctp_tcb *stcb, uint8_t sent, uint32_t error, SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed_event); } else { ssf = mtod(m_notify, struct sctp_send_failed *); + memset(ssf, 0, length); ssf->ssf_type = SCTP_SEND_FAILED; if (sent) { ssf->ssf_flags = SCTP_DATA_SENT; } else { ssf->ssf_flags = SCTP_DATA_UNSENT; } + length += chk->send_size; + length -= sizeof(struct sctp_data_chunk); ssf->ssf_length = length; ssf->ssf_error = error; /* not exactly what the user sent in, but should be close :) */ @@ -2950,16 +2954,16 @@ sctp_notify_send_failed2(struct sctp_tcb *stcb, uint32_t error, /* no space left */ return; } - length += sp->length; SCTP_BUF_LEN(m_notify) = 0; if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { ssfe = mtod(m_notify, struct sctp_send_failed_event *); + memset(ssfe, 0, length); ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; ssfe->ssfe_flags = SCTP_DATA_UNSENT; + length += sp->length; ssfe->ssfe_length = length; ssfe->ssfe_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssfe->ssfe_info, sizeof(ssfe->ssfe_info)); ssfe->ssfe_info.snd_sid = sp->stream; if (sp->some_taken) { ssfe->ssfe_info.snd_flags = SCTP_DATA_LAST_FRAG; @@ -2973,12 +2977,13 @@ sctp_notify_send_failed2(struct sctp_tcb *stcb, uint32_t error, SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed_event); } else { ssf = mtod(m_notify, struct sctp_send_failed *); + memset(ssf, 0, length); ssf->ssf_type = SCTP_SEND_FAILED; ssf->ssf_flags = SCTP_DATA_UNSENT; + length += sp->length; ssf->ssf_length = length; ssf->ssf_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssf->ssf_info, sizeof(ssf->ssf_info)); ssf->ssf_info.sinfo_stream = sp->stream; ssf->ssf_info.sinfo_ssn = 0; if (sp->some_taken) { @@ -3040,6 +3045,7 @@ sctp_notify_adaptation_layer(struct sctp_tcb *stcb) return; SCTP_BUF_LEN(m_notify) = 0; sai = mtod(m_notify, struct sctp_adaptation_event *); + memset(sai, 0, sizeof(struct sctp_adaptation_event)); sai->sai_type = SCTP_ADAPTATION_INDICATION; sai->sai_flags = 0; sai->sai_length = sizeof(struct sctp_adaptation_event); @@ -3095,6 +3101,7 @@ sctp_notify_partial_delivery_indication(struct sctp_tcb *stcb, uint32_t error, return; SCTP_BUF_LEN(m_notify) = 0; pdapi = mtod(m_notify, struct sctp_pdapi_event *); + memset(pdapi, 0, sizeof(struct sctp_pdapi_event)); pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; pdapi->pdapi_flags = 0; pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); @@ -3204,6 +3211,7 @@ sctp_notify_shutdown_event(struct sctp_tcb *stcb) /* no space left */ return; sse = mtod(m_notify, struct sctp_shutdown_event *); + memset(sse, 0, sizeof(struct sctp_shutdown_event)); sse->sse_type = SCTP_SHUTDOWN_EVENT; sse->sse_flags = 0; sse->sse_length = sizeof(struct sctp_shutdown_event); @@ -3254,6 +3262,7 @@ sctp_notify_sender_dry_event(struct sctp_tcb *stcb, } SCTP_BUF_LEN(m_notify) = 0; event = mtod(m_notify, struct sctp_sender_dry_event *); + memset(event, 0, sizeof(struct sctp_sender_dry_event)); event->sender_dry_type = SCTP_SENDER_DRY_EVENT; event->sender_dry_flags = 0; event->sender_dry_length = sizeof(struct sctp_sender_dry_event); @@ -3286,7 +3295,6 @@ sctp_notify_stream_reset_add(struct sctp_tcb *stcb, uint16_t numberin, uint16_t struct mbuf *m_notify; struct sctp_queued_to_read *control; struct sctp_stream_change_event *stradd; - int len; if ((stcb == NULL) || (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_CHANGEEVNT))) { @@ -3299,25 +3307,20 @@ sctp_notify_stream_reset_add(struct sctp_tcb *stcb, uint16_t numberin, uint16_t return; } stcb->asoc.peer_req_out = 0; - m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_stream_change_event), 0, M_DONTWAIT, 1, MT_DATA); if (m_notify == NULL) /* no space left */ return; SCTP_BUF_LEN(m_notify) = 0; - len = sizeof(struct sctp_stream_change_event); - if (len > M_TRAILINGSPACE(m_notify)) { - /* never enough room */ - sctp_m_freem(m_notify); - return; - } stradd = mtod(m_notify, struct sctp_stream_change_event *); + memset(stradd, 0, sizeof(struct sctp_stream_change_event)); stradd->strchange_type = SCTP_STREAM_CHANGE_EVENT; stradd->strchange_flags = flag; - stradd->strchange_length = len; + stradd->strchange_length = sizeof(struct sctp_stream_change_event); stradd->strchange_assoc_id = sctp_get_associd(stcb); stradd->strchange_instrms = numberin; stradd->strchange_outstrms = numberout; - SCTP_BUF_LEN(m_notify) = len; + SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_stream_change_event); SCTP_BUF_NEXT(m_notify) = NULL; if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { /* no space */ @@ -3348,32 +3351,26 @@ sctp_notify_stream_reset_tsn(struct sctp_tcb *stcb, uint32_t sending_tsn, uint32 struct mbuf *m_notify; struct sctp_queued_to_read *control; struct sctp_assoc_reset_event *strasoc; - int len; if ((stcb == NULL) || (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ASSOC_RESETEVNT))) { /* event not enabled */ return; } - m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_reset_event), 0, M_DONTWAIT, 1, MT_DATA); if (m_notify == NULL) /* no space left */ return; SCTP_BUF_LEN(m_notify) = 0; - len = sizeof(struct sctp_assoc_reset_event); - if (len > M_TRAILINGSPACE(m_notify)) { - /* never enough room */ - sctp_m_freem(m_notify); - return; - } strasoc = mtod(m_notify, struct sctp_assoc_reset_event *); + memset(strasoc, 0, sizeof(struct sctp_assoc_reset_event)); strasoc->assocreset_type = SCTP_ASSOC_RESET_EVENT; strasoc->assocreset_flags = flag; - strasoc->assocreset_length = len; + strasoc->assocreset_length = sizeof(struct sctp_assoc_reset_event); strasoc->assocreset_assoc_id = sctp_get_associd(stcb); strasoc->assocreset_local_tsn = sending_tsn; strasoc->assocreset_remote_tsn = recv_tsn; - SCTP_BUF_LEN(m_notify) = len; + SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_reset_event); SCTP_BUF_NEXT(m_notify) = NULL; if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { /* no space */ @@ -3426,6 +3423,7 @@ sctp_notify_stream_reset(struct sctp_tcb *stcb, return; } strreset = mtod(m_notify, struct sctp_stream_reset_event *); + memset(strreset, 0, len); strreset->strreset_type = SCTP_STREAM_RESET_EVENT; strreset->strreset_flags = flag; strreset->strreset_length = len; @@ -3476,7 +3474,7 @@ sctp_notify_remote_error(struct sctp_tcb *stcb, uint16_t error, struct sctp_erro return; } if (chunk != NULL) { - chunk_len = htons(chunk->ch.chunk_length); + chunk_len = ntohs(chunk->ch.chunk_length); } else { chunk_len = 0; } @@ -4020,6 +4018,7 @@ void sctp_handle_ootb(struct mbuf *m, int iphlen, int offset, struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, struct sctp_inpcb *inp, + struct mbuf *cause, uint8_t use_mflowid, uint32_t mflowid, uint32_t vrf_id, uint16_t port) { @@ -4048,9 +4047,6 @@ sctp_handle_ootb(struct mbuf *m, int iphlen, int offset, case SCTP_INIT: contains_init_chunk = 1; break; - case SCTP_COOKIE_ECHO: - /* We hit here only if the assoc is being freed */ - return; case SCTP_PACKET_DROPPED: /* we don't respond to pkt-dropped */ return; @@ -4078,7 +4074,7 @@ sctp_handle_ootb(struct mbuf *m, int iphlen, int offset, if ((SCTP_BASE_SYSCTL(sctp_blackhole) == 0) || ((SCTP_BASE_SYSCTL(sctp_blackhole) == 1) && (contains_init_chunk == 0))) { - sctp_send_abort(m, iphlen, src, dst, sh, 0, NULL, + sctp_send_abort(m, iphlen, src, dst, sh, 0, cause, use_mflowid, mflowid, vrf_id, port); } @@ -4633,19 +4629,43 @@ get_out: */ struct mbuf * -sctp_generate_invmanparam(int err) +sctp_generate_cause(uint16_t code, char *info) { - /* Return a MBUF with a invalid mandatory parameter */ struct mbuf *m; + struct sctp_gen_error_cause *cause; + size_t info_len, len; - m = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), 0, M_DONTWAIT, 1, MT_DATA); - if (m) { - struct sctp_paramhdr *ph; + if ((code == 0) || (info == NULL)) { + return (NULL); + } + info_len = strlen(info); + len = sizeof(struct sctp_paramhdr) + info_len; + m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); + if (m != NULL) { + SCTP_BUF_LEN(m) = len; + cause = mtod(m, struct sctp_gen_error_cause *); + cause->code = htons(code); + cause->length = htons((uint16_t) len); + memcpy(cause->info, info, info_len); + } + return (m); +} - SCTP_BUF_LEN(m) = sizeof(struct sctp_paramhdr); - ph = mtod(m, struct sctp_paramhdr *); - ph->param_length = htons(sizeof(struct sctp_paramhdr)); - ph->param_type = htons(err); +struct mbuf * +sctp_generate_no_user_data_cause(uint32_t tsn) +{ + struct mbuf *m; + struct sctp_error_no_user_data *no_user_data_cause; + size_t len; + + len = sizeof(struct sctp_error_no_user_data); + m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA); + if (m != NULL) { + SCTP_BUF_LEN(m) = len; + no_user_data_cause = mtod(m, struct sctp_error_no_user_data *); + no_user_data_cause->cause.code = htons(SCTP_CAUSE_NO_USER_DATA); + no_user_data_cause->cause.length = htons((uint16_t) len); + no_user_data_cause->tsn = tsn; /* tsn is passed in as NBO */ } return (m); } @@ -4835,7 +4855,6 @@ sctp_release_pr_sctp_chunk(struct sctp_tcb *stcb, struct sctp_tmit_chunk *tp1, atomic_add_int(&chk->whoTo->ref_count, 1); chk->rec.data.TSN_seq = atomic_fetchadd_int(&stcb->asoc.sending_seq, 1); stcb->asoc.pr_sctp_cnt++; - chk->pr_sctp_on = 1; TAILQ_INSERT_TAIL(&stcb->asoc.sent_queue, chk, sctp_next); stcb->asoc.sent_queue_cnt++; stcb->asoc.pr_sctp_cnt++; @@ -5871,8 +5890,8 @@ get_more_data: goto release; } if ((uio->uio_resid == 0) || - ((in_eeor_mode) && (copied_so_far >= max(so->so_rcv.sb_lowat, 1))) - ) { + ((in_eeor_mode) && + (copied_so_far >= (uint32_t) max(so->so_rcv.sb_lowat, 1)))) { goto release; } /* @@ -6217,9 +6236,12 @@ sctp_soreceive(struct socket *so, fromlen = 0; } + if (filling_sinfo) { + memset(&sinfo, 0, sizeof(struct sctp_extrcvinfo)); + } error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, flagsp, (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); - if ((controlp) && (filling_sinfo)) { + if (controlp != NULL) { /* copy back the sinfo in a CMSG format */ if (filling_sinfo) *controlp = sctp_build_ctl_nchunk(inp, @@ -6615,8 +6637,16 @@ sctp_bindx_delete_address(struct sctp_inpcb *inp, int sctp_local_addr_count(struct sctp_tcb *stcb) { - int loopback_scope, ipv4_local_scope, local_scope, site_scope; - int ipv4_addr_legal, ipv6_addr_legal; + int loopback_scope; + +#if defined(INET) + int ipv4_local_scope, ipv4_addr_legal; + +#endif +#if defined (INET6) + int local_scope, site_scope, ipv6_addr_legal; + +#endif struct sctp_vrf *vrf; struct sctp_ifn *sctp_ifn; struct sctp_ifa *sctp_ifa; @@ -6624,11 +6654,15 @@ sctp_local_addr_count(struct sctp_tcb *stcb) /* Turn on all the appropriate scopes */ loopback_scope = stcb->asoc.scope.loopback_scope; +#if defined(INET) ipv4_local_scope = stcb->asoc.scope.ipv4_local_scope; + ipv4_addr_legal = stcb->asoc.scope.ipv4_addr_legal; +#endif +#if defined(INET6) local_scope = stcb->asoc.scope.local_scope; site_scope = stcb->asoc.scope.site_scope; - ipv4_addr_legal = stcb->asoc.scope.ipv4_addr_legal; ipv6_addr_legal = stcb->asoc.scope.ipv6_addr_legal; +#endif SCTP_IPI_ADDR_RLOCK(); vrf = sctp_find_vrf(stcb->asoc.vrf_id); if (vrf == NULL) { @@ -6662,6 +6696,10 @@ sctp_local_addr_count(struct sctp_tcb *stcb) */ continue; } + if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, + &sin->sin_addr) != 0) { + continue; + } if ((ipv4_local_scope == 0) && (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { continue; @@ -6682,6 +6720,10 @@ sctp_local_addr_count(struct sctp_tcb *stcb) if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { continue; } + if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, + &sin6->sin6_addr) != 0) { + continue; + } if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { if (local_scope == 0) continue; |