1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #include <sys/types.h>
28 #include <sys/systm.h>
29 #include <sys/stream.h>
30 #include <sys/cmn_err.h>
31 #include <sys/kmem.h>
32 #define	_SUN_TPI_VERSION 2
33 #include <sys/tihdr.h>
34 #include <sys/stropts.h>
35 #include <sys/strsubr.h>
36 #include <sys/socket.h>
37 #include <sys/tsol/tndb.h>
38 
39 #include <netinet/in.h>
40 #include <netinet/ip6.h>
41 
42 #include <inet/common.h>
43 #include <inet/ip.h>
44 #include <inet/ip6.h>
45 #include <inet/ipclassifier.h>
46 #include <inet/ipsec_impl.h>
47 
48 #include "sctp_impl.h"
49 #include "sctp_addr.h"
50 
51 /*
52  * Common accept code.  Called by sctp_conn_request.
53  * cr_pkt is the INIT / INIT ACK packet.
54  */
55 static int
56 sctp_accept_comm(sctp_t *listener, sctp_t *acceptor, mblk_t *cr_pkt,
57     uint_t ip_hdr_len, sctp_init_chunk_t *iack)
58 {
59 
60 	sctp_hdr_t		*sctph;
61 	sctp_chunk_hdr_t	*ich;
62 	sctp_init_chunk_t	*init;
63 	int			err;
64 	uint_t			sctp_options;
65 	conn_t			*aconnp;
66 	conn_t			*lconnp;
67 	sctp_stack_t	*sctps = listener->sctp_sctps;
68 
69 	sctph = (sctp_hdr_t *)(cr_pkt->b_rptr + ip_hdr_len);
70 	ASSERT(OK_32PTR(sctph));
71 
72 	aconnp = acceptor->sctp_connp;
73 	lconnp = listener->sctp_connp;
74 	aconnp->conn_lport = lconnp->conn_lport;
75 	aconnp->conn_fport = sctph->sh_sport;
76 
77 	ich = (sctp_chunk_hdr_t *)(iack + 1);
78 	init = (sctp_init_chunk_t *)(ich + 1);
79 
80 	/* acceptor isn't in any fanouts yet, so don't need to hold locks */
81 	ASSERT(acceptor->sctp_faddrs == NULL);
82 	err = sctp_get_addrparams(acceptor, listener, cr_pkt, ich,
83 	    &sctp_options);
84 	if (err != 0)
85 		return (err);
86 
87 	if ((err = sctp_set_hdraddrs(acceptor)) != 0)
88 		return (err);
89 
90 	if ((err = sctp_build_hdrs(acceptor, KM_NOSLEEP)) != 0)
91 		return (err);
92 
93 	if ((sctp_options & SCTP_PRSCTP_OPTION) &&
94 	    listener->sctp_prsctp_aware && sctps->sctps_prsctp_enabled) {
95 		acceptor->sctp_prsctp_aware = B_TRUE;
96 	} else {
97 		acceptor->sctp_prsctp_aware = B_FALSE;
98 	}
99 
100 	/* Get  initial TSNs */
101 	acceptor->sctp_ltsn = ntohl(iack->sic_inittsn);
102 	acceptor->sctp_recovery_tsn = acceptor->sctp_lastack_rxd =
103 	    acceptor->sctp_ltsn - 1;
104 	acceptor->sctp_adv_pap = acceptor->sctp_lastack_rxd;
105 	/* Serial numbers are initialized to the same value as the TSNs */
106 	acceptor->sctp_lcsn = acceptor->sctp_ltsn;
107 
108 	if (!sctp_initialize_params(acceptor, init, iack))
109 		return (ENOMEM);
110 
111 	/*
112 	 * Copy sctp_secret from the listener in case we need to validate
113 	 * a possibly delayed cookie.
114 	 */
115 	bcopy(listener->sctp_secret, acceptor->sctp_secret, SCTP_SECRET_LEN);
116 	bcopy(listener->sctp_old_secret, acceptor->sctp_old_secret,
117 	    SCTP_SECRET_LEN);
118 	acceptor->sctp_last_secret_update = ddi_get_lbolt64();
119 
120 	/*
121 	 * After acceptor is inserted in the hash list, it can be found.
122 	 * So we need to lock it here.
123 	 */
124 	RUN_SCTP(acceptor);
125 
126 	sctp_conn_hash_insert(&sctps->sctps_conn_fanout[
127 	    SCTP_CONN_HASH(sctps, aconnp->conn_ports)], acceptor, 0);
128 	sctp_bind_hash_insert(&sctps->sctps_bind_fanout[
129 	    SCTP_BIND_HASH(ntohs(aconnp->conn_lport))], acceptor, 0);
130 
131 	/*
132 	 * No need to check for multicast destination since ip will only pass
133 	 * up multicasts to those that have expressed interest
134 	 * TODO: what about rejecting broadcasts?
135 	 * Also check that source is not a multicast or broadcast address.
136 	 */
137 	/* XXXSCTP */
138 	acceptor->sctp_state = SCTPS_ESTABLISHED;
139 	acceptor->sctp_assoc_start_time = (uint32_t)ddi_get_lbolt();
140 	/*
141 	 * listener->sctp_rwnd should be the default window size or a
142 	 * window size changed via SO_RCVBUF option.
143 	 */
144 	acceptor->sctp_rwnd = listener->sctp_rwnd;
145 	acceptor->sctp_irwnd = acceptor->sctp_rwnd;
146 	acceptor->sctp_pd_point = acceptor->sctp_rwnd;
147 	acceptor->sctp_upcalls = listener->sctp_upcalls;
148 
149 	return (0);
150 }
151 
152 /* Process the COOKIE packet, mp, directed at the listener 'sctp' */
153 sctp_t *
154 sctp_conn_request(sctp_t *sctp, mblk_t *mp, uint_t ifindex, uint_t ip_hdr_len,
155     sctp_init_chunk_t *iack, ip_recv_attr_t *ira)
156 {
157 	sctp_t	*eager;
158 	ip6_t	*ip6h;
159 	int	err;
160 	conn_t	*connp, *econnp;
161 	sctp_stack_t	*sctps;
162 	struct sock_proto_props sopp;
163 	cred_t		*cr;
164 	pid_t		cpid;
165 	in6_addr_t	faddr, laddr;
166 	ip_xmit_attr_t	*ixa;
167 
168 	/*
169 	 * No need to check for duplicate as this is the listener
170 	 * and we are holding the lock.  This means that no new
171 	 * connection can be created out of it.  And since the
172 	 * fanout already done cannot find a match, it means that
173 	 * there is no duplicate.
174 	 */
175 	ASSERT(OK_32PTR(mp->b_rptr));
176 
177 	if ((eager = sctp_create_eager(sctp)) == NULL) {
178 		return (NULL);
179 	}
180 
181 	connp = sctp->sctp_connp;
182 	sctps = sctp->sctp_sctps;
183 	econnp = eager->sctp_connp;
184 
185 	if (connp->conn_policy != NULL) {
186 		/* Inherit the policy from the listener; use actions from ira */
187 		if (!ip_ipsec_policy_inherit(econnp, connp, ira)) {
188 			sctp_close_eager(eager);
189 			BUMP_MIB(&sctps->sctps_mib, sctpListenDrop);
190 			return (NULL);
191 		}
192 	}
193 
194 	ip6h = (ip6_t *)mp->b_rptr;
195 	if (ira->ira_flags & IXAF_IS_IPV4) {
196 		ipha_t	*ipha;
197 
198 		ipha = (ipha_t *)ip6h;
199 		IN6_IPADDR_TO_V4MAPPED(ipha->ipha_dst, &laddr);
200 		IN6_IPADDR_TO_V4MAPPED(ipha->ipha_src, &faddr);
201 	} else {
202 		laddr = ip6h->ip6_dst;
203 		faddr = ip6h->ip6_src;
204 	}
205 
206 	if (ira->ira_flags & IRAF_IPSEC_SECURE) {
207 		/*
208 		 * XXX need to fix the cached policy issue here.
209 		 * We temporarily set the conn_laddr/conn_faddr here so
210 		 * that IPsec can use it for the latched policy
211 		 * selector.  This is obvioursly wrong as SCTP can
212 		 * use different addresses...
213 		 */
214 		econnp->conn_laddr_v6 = laddr;
215 		econnp->conn_faddr_v6 = faddr;
216 		econnp->conn_saddr_v6 = laddr;
217 	}
218 	if (ipsec_conn_cache_policy(econnp,
219 	    (ira->ira_flags & IRAF_IS_IPV4) != 0) != 0) {
220 		sctp_close_eager(eager);
221 		BUMP_MIB(&sctps->sctps_mib, sctpListenDrop);
222 		return (NULL);
223 	}
224 
225 	/* Save for getpeerucred */
226 	cr = ira->ira_cred;
227 	cpid = ira->ira_cpid;
228 
229 	if (is_system_labeled()) {
230 		ip_xmit_attr_t *ixa = econnp->conn_ixa;
231 
232 		ASSERT(ira->ira_tsl != NULL);
233 
234 		/* Discard any old label */
235 		if (ixa->ixa_free_flags & IXA_FREE_TSL) {
236 			ASSERT(ixa->ixa_tsl != NULL);
237 			label_rele(ixa->ixa_tsl);
238 			ixa->ixa_free_flags &= ~IXA_FREE_TSL;
239 			ixa->ixa_tsl = NULL;
240 		}
241 
242 		if ((connp->conn_mlp_type != mlptSingle ||
243 		    connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
244 		    ira->ira_tsl != NULL) {
245 			/*
246 			 * If this is an MLP connection or a MAC-Exempt
247 			 * connection with an unlabeled node, packets are to be
248 			 * exchanged using the security label of the received
249 			 * Cookie packet instead of the server application's
250 			 * label.
251 			 * tsol_check_dest called from ip_set_destination
252 			 * might later update TSF_UNLABELED by replacing
253 			 * ixa_tsl with a new label.
254 			 */
255 			label_hold(ira->ira_tsl);
256 			ip_xmit_attr_replace_tsl(ixa, ira->ira_tsl);
257 		} else {
258 			ixa->ixa_tsl = crgetlabel(econnp->conn_cred);
259 		}
260 	}
261 
262 	err = sctp_accept_comm(sctp, eager, mp, ip_hdr_len, iack);
263 	if (err != 0) {
264 		sctp_close_eager(eager);
265 		BUMP_MIB(&sctps->sctps_mib, sctpListenDrop);
266 		return (NULL);
267 	}
268 
269 	ASSERT(eager->sctp_current->ixa != NULL);
270 
271 	ixa = eager->sctp_current->ixa;
272 	if (!(ira->ira_flags & IXAF_IS_IPV4)) {
273 		ASSERT(!(ixa->ixa_flags & IXAF_IS_IPV4));
274 
275 		if (IN6_IS_ADDR_LINKLOCAL(&ip6h->ip6_src) ||
276 		    IN6_IS_ADDR_LINKLOCAL(&ip6h->ip6_dst)) {
277 			eager->sctp_linklocal = 1;
278 
279 			ixa->ixa_flags |= IXAF_SCOPEID_SET;
280 			ixa->ixa_scopeid = ifindex;
281 			econnp->conn_incoming_ifindex = ifindex;
282 		}
283 	}
284 
285 	/*
286 	 * On a clustered note send this notification to the clustering
287 	 * subsystem.
288 	 */
289 	if (cl_sctp_connect != NULL) {
290 		uchar_t	*slist;
291 		uchar_t	*flist;
292 		size_t	fsize;
293 		size_t	ssize;
294 
295 		fsize = sizeof (in6_addr_t) * eager->sctp_nfaddrs;
296 		ssize = sizeof (in6_addr_t) * eager->sctp_nsaddrs;
297 		slist = kmem_alloc(ssize, KM_NOSLEEP);
298 		flist = kmem_alloc(fsize, KM_NOSLEEP);
299 		if (slist == NULL || flist == NULL) {
300 			if (slist != NULL)
301 				kmem_free(slist, ssize);
302 			if (flist != NULL)
303 				kmem_free(flist, fsize);
304 			sctp_close_eager(eager);
305 			BUMP_MIB(&sctps->sctps_mib, sctpListenDrop);
306 			SCTP_KSTAT(sctps, sctp_cl_connect);
307 			return (NULL);
308 		}
309 		/* The clustering module frees these list */
310 		sctp_get_saddr_list(eager, slist, ssize);
311 		sctp_get_faddr_list(eager, flist, fsize);
312 		(*cl_sctp_connect)(econnp->conn_family, slist,
313 		    eager->sctp_nsaddrs, econnp->conn_lport, flist,
314 		    eager->sctp_nfaddrs, econnp->conn_fport, B_FALSE,
315 		    (cl_sctp_handle_t)eager);
316 	}
317 
318 	/* Connection established, so send up the conn_ind */
319 	if ((eager->sctp_ulpd = sctp->sctp_ulp_newconn(sctp->sctp_ulpd,
320 	    (sock_lower_handle_t)eager, NULL, cr, cpid,
321 	    &eager->sctp_upcalls)) == NULL) {
322 		sctp_close_eager(eager);
323 		BUMP_MIB(&sctps->sctps_mib, sctpListenDrop);
324 		return (NULL);
325 	}
326 	ASSERT(SCTP_IS_DETACHED(eager));
327 	eager->sctp_detached = B_FALSE;
328 	bzero(&sopp, sizeof (sopp));
329 	sopp.sopp_flags = SOCKOPT_MAXBLK|SOCKOPT_WROFF;
330 	sopp.sopp_maxblk = strmsgsz;
331 	if (econnp->conn_family == AF_INET) {
332 		sopp.sopp_wroff = sctps->sctps_wroff_xtra +
333 		    sizeof (sctp_data_hdr_t) + sctp->sctp_hdr_len;
334 	} else {
335 		sopp.sopp_wroff = sctps->sctps_wroff_xtra +
336 		    sizeof (sctp_data_hdr_t) + sctp->sctp_hdr6_len;
337 	}
338 	eager->sctp_ulp_prop(eager->sctp_ulpd, &sopp);
339 	return (eager);
340 }
341 
342 /*
343  * Connect to a peer - this function inserts the sctp in the
344  * bind and conn fanouts, sends the INIT, and replies to the client
345  * with an OK ack.
346  */
347 int
348 sctp_connect(sctp_t *sctp, const struct sockaddr *dst, uint32_t addrlen,
349     cred_t *cr, pid_t pid)
350 {
351 	sin_t		*sin;
352 	sin6_t		*sin6;
353 	in6_addr_t	dstaddr;
354 	in_port_t	dstport;
355 	mblk_t		*initmp;
356 	sctp_tf_t	*tbf;
357 	sctp_t		*lsctp;
358 	char		buf[INET6_ADDRSTRLEN];
359 	int		sleep = sctp->sctp_cansleep ? KM_SLEEP : KM_NOSLEEP;
360 	int		err;
361 	sctp_faddr_t	*cur_fp;
362 	sctp_stack_t	*sctps = sctp->sctp_sctps;
363 	conn_t		*connp = sctp->sctp_connp;
364 	uint_t		scope_id = 0;
365 	ip_xmit_attr_t	*ixa;
366 
367 	/*
368 	 * Determine packet type based on type of address passed in
369 	 * the request should contain an IPv4 or IPv6 address.
370 	 * Make sure that address family matches the type of
371 	 * family of the address passed down.
372 	 */
373 	if (addrlen < sizeof (sin_t)) {
374 		return (EINVAL);
375 	}
376 	switch (dst->sa_family) {
377 	case AF_INET:
378 		sin = (sin_t *)dst;
379 
380 		/* Check for attempt to connect to non-unicast */
381 		if (CLASSD(sin->sin_addr.s_addr) ||
382 		    (sin->sin_addr.s_addr == INADDR_BROADCAST)) {
383 			ip0dbg(("sctp_connect: non-unicast\n"));
384 			return (EINVAL);
385 		}
386 		if (connp->conn_ipv6_v6only)
387 			return (EAFNOSUPPORT);
388 
389 		/* convert to v6 mapped */
390 		/* Check for attempt to connect to INADDR_ANY */
391 		if (sin->sin_addr.s_addr == INADDR_ANY)  {
392 			struct in_addr v4_addr;
393 			/*
394 			 * SunOS 4.x and 4.3 BSD allow an application
395 			 * to connect a TCP socket to INADDR_ANY.
396 			 * When they do this, the kernel picks the
397 			 * address of one interface and uses it
398 			 * instead.  The kernel usually ends up
399 			 * picking the address of the loopback
400 			 * interface.  This is an undocumented feature.
401 			 * However, we provide the same thing here
402 			 * in case any TCP apps that use this feature
403 			 * are being ported to SCTP...
404 			 */
405 			v4_addr.s_addr = htonl(INADDR_LOOPBACK);
406 			IN6_INADDR_TO_V4MAPPED(&v4_addr, &dstaddr);
407 		} else {
408 			IN6_INADDR_TO_V4MAPPED(&sin->sin_addr, &dstaddr);
409 		}
410 		dstport = sin->sin_port;
411 		break;
412 	case AF_INET6:
413 		sin6 = (sin6_t *)dst;
414 		/* Check for attempt to connect to non-unicast. */
415 		if ((addrlen < sizeof (sin6_t)) ||
416 		    IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
417 			ip0dbg(("sctp_connect: non-unicast\n"));
418 			return (EINVAL);
419 		}
420 		if (connp->conn_ipv6_v6only &&
421 		    IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
422 			return (EAFNOSUPPORT);
423 		}
424 		/* check for attempt to connect to unspec */
425 		if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
426 			dstaddr = ipv6_loopback;
427 		} else {
428 			dstaddr = sin6->sin6_addr;
429 			if (IN6_IS_ADDR_LINKLOCAL(&dstaddr)) {
430 				sctp->sctp_linklocal = 1;
431 				scope_id = sin6->sin6_scope_id;
432 			}
433 		}
434 		dstport = sin6->sin6_port;
435 		connp->conn_flowinfo = sin6->sin6_flowinfo;
436 		break;
437 	default:
438 		dprint(1, ("sctp_connect: unknown family %d\n",
439 		    dst->sa_family));
440 		return (EAFNOSUPPORT);
441 	}
442 
443 	(void) inet_ntop(AF_INET6, &dstaddr, buf, sizeof (buf));
444 	dprint(1, ("sctp_connect: attempting connect to %s...\n", buf));
445 
446 	RUN_SCTP(sctp);
447 
448 	if (connp->conn_family != dst->sa_family ||
449 	    (connp->conn_state_flags & CONN_CLOSING)) {
450 		WAKE_SCTP(sctp);
451 		return (EINVAL);
452 	}
453 
454 	/* We update our cred/cpid based on the caller of connect */
455 	if (connp->conn_cred != cr) {
456 		crhold(cr);
457 		crfree(connp->conn_cred);
458 		connp->conn_cred = cr;
459 	}
460 	connp->conn_cpid = pid;
461 
462 	/* Cache things in conn_ixa without any refhold */
463 	ixa = connp->conn_ixa;
464 	ASSERT(!(ixa->ixa_free_flags & IXA_FREE_CRED));
465 	ixa->ixa_cred = cr;
466 	ixa->ixa_cpid = pid;
467 	if (is_system_labeled()) {
468 		/* We need to restart with a label based on the cred */
469 		ip_xmit_attr_restore_tsl(ixa, ixa->ixa_cred);
470 	}
471 
472 	switch (sctp->sctp_state) {
473 	case SCTPS_IDLE: {
474 		struct sockaddr_storage	ss;
475 
476 		/*
477 		 * We support a quick connect capability here, allowing
478 		 * clients to transition directly from IDLE to COOKIE_WAIT.
479 		 * sctp_bindi will pick an unused port, insert the connection
480 		 * in the bind hash and transition to BOUND state. SCTP
481 		 * picks and uses what it considers the optimal local address
482 		 * set (just like specifiying INADDR_ANY to bind()).
483 		 */
484 		dprint(1, ("sctp_connect: idle, attempting bind...\n"));
485 		ASSERT(sctp->sctp_nsaddrs == 0);
486 
487 		bzero(&ss, sizeof (ss));
488 		ss.ss_family = connp->conn_family;
489 		WAKE_SCTP(sctp);
490 		if ((err = sctp_bind(sctp, (struct sockaddr *)&ss,
491 		    sizeof (ss))) != 0) {
492 			return (err);
493 		}
494 		RUN_SCTP(sctp);
495 		/* FALLTHRU */
496 	}
497 
498 	case SCTPS_BOUND:
499 		ASSERT(sctp->sctp_nsaddrs > 0);
500 
501 		/* do the connect */
502 		/* XXX check for attempt to connect to self */
503 		connp->conn_fport = dstport;
504 
505 		ASSERT(sctp->sctp_iphc);
506 		ASSERT(sctp->sctp_iphc6);
507 
508 		/*
509 		 * Don't allow this connection to completely duplicate
510 		 * an existing connection.
511 		 *
512 		 * Ensure that the duplicate check and insertion is atomic.
513 		 */
514 		sctp_conn_hash_remove(sctp);
515 		tbf = &sctps->sctps_conn_fanout[SCTP_CONN_HASH(sctps,
516 		    connp->conn_ports)];
517 		mutex_enter(&tbf->tf_lock);
518 		lsctp = sctp_lookup(sctp, &dstaddr, tbf, &connp->conn_ports,
519 		    SCTPS_COOKIE_WAIT);
520 		if (lsctp != NULL) {
521 			/* found a duplicate connection */
522 			mutex_exit(&tbf->tf_lock);
523 			SCTP_REFRELE(lsctp);
524 			WAKE_SCTP(sctp);
525 			return (EADDRINUSE);
526 		}
527 
528 		/*
529 		 * OK; set up the peer addr (this may grow after we get
530 		 * the INIT ACK from the peer with additional addresses).
531 		 */
532 		if ((err = sctp_add_faddr(sctp, &dstaddr, sleep,
533 		    B_FALSE)) != 0) {
534 			mutex_exit(&tbf->tf_lock);
535 			WAKE_SCTP(sctp);
536 			return (err);
537 		}
538 		cur_fp = sctp->sctp_faddrs;
539 		ASSERT(cur_fp->ixa != NULL);
540 
541 		/* No valid src addr, return. */
542 		if (cur_fp->state == SCTP_FADDRS_UNREACH) {
543 			mutex_exit(&tbf->tf_lock);
544 			WAKE_SCTP(sctp);
545 			return (EADDRNOTAVAIL);
546 		}
547 
548 		sctp->sctp_primary = cur_fp;
549 		sctp->sctp_current = cur_fp;
550 		sctp->sctp_mss = cur_fp->sfa_pmss;
551 		sctp_conn_hash_insert(tbf, sctp, 1);
552 		mutex_exit(&tbf->tf_lock);
553 
554 		ixa = cur_fp->ixa;
555 		ASSERT(ixa->ixa_cred != NULL);
556 
557 		if (scope_id != 0) {
558 			ixa->ixa_flags |= IXAF_SCOPEID_SET;
559 			ixa->ixa_scopeid = scope_id;
560 		} else {
561 			ixa->ixa_flags &= ~IXAF_SCOPEID_SET;
562 		}
563 
564 		/* initialize composite headers */
565 		if ((err = sctp_set_hdraddrs(sctp)) != 0) {
566 			sctp_conn_hash_remove(sctp);
567 			WAKE_SCTP(sctp);
568 			return (err);
569 		}
570 
571 		if ((err = sctp_build_hdrs(sctp, KM_SLEEP)) != 0) {
572 			sctp_conn_hash_remove(sctp);
573 			WAKE_SCTP(sctp);
574 			return (err);
575 		}
576 
577 		/*
578 		 * Turn off the don't fragment bit on the (only) faddr,
579 		 * so that if one of the messages exchanged during the
580 		 * initialization sequence exceeds the path mtu, it
581 		 * at least has a chance to get there. SCTP does no
582 		 * fragmentation of initialization messages.  The DF bit
583 		 * will be turned on again in sctp_send_cookie_echo()
584 		 * (but the cookie echo will still be sent with the df bit
585 		 * off).
586 		 */
587 		cur_fp->df = B_FALSE;
588 
589 		/* Mark this address as alive */
590 		cur_fp->state = SCTP_FADDRS_ALIVE;
591 
592 		/* Send the INIT to the peer */
593 		SCTP_FADDR_TIMER_RESTART(sctp, cur_fp, cur_fp->rto);
594 		sctp->sctp_state = SCTPS_COOKIE_WAIT;
595 		/*
596 		 * sctp_init_mp() could result in modifying the source
597 		 * address list, so take the hash lock.
598 		 */
599 		mutex_enter(&tbf->tf_lock);
600 		initmp = sctp_init_mp(sctp, cur_fp);
601 		if (initmp == NULL) {
602 			mutex_exit(&tbf->tf_lock);
603 			/*
604 			 * It may happen that all the source addresses
605 			 * (loopback/link local) are removed.  In that case,
606 			 * faile the connect.
607 			 */
608 			if (sctp->sctp_nsaddrs == 0) {
609 				sctp_conn_hash_remove(sctp);
610 				SCTP_FADDR_TIMER_STOP(cur_fp);
611 				WAKE_SCTP(sctp);
612 				return (EADDRNOTAVAIL);
613 			}
614 
615 			/* Otherwise, let the retransmission timer retry */
616 			WAKE_SCTP(sctp);
617 			goto notify_ulp;
618 		}
619 		mutex_exit(&tbf->tf_lock);
620 
621 		/*
622 		 * On a clustered note send this notification to the clustering
623 		 * subsystem.
624 		 */
625 		if (cl_sctp_connect != NULL) {
626 			uchar_t		*slist;
627 			uchar_t		*flist;
628 			size_t		ssize;
629 			size_t		fsize;
630 
631 			fsize = sizeof (in6_addr_t) * sctp->sctp_nfaddrs;
632 			ssize = sizeof (in6_addr_t) * sctp->sctp_nsaddrs;
633 			slist = kmem_alloc(ssize, KM_SLEEP);
634 			flist = kmem_alloc(fsize, KM_SLEEP);
635 			/* The clustering module frees the lists */
636 			sctp_get_saddr_list(sctp, slist, ssize);
637 			sctp_get_faddr_list(sctp, flist, fsize);
638 			(*cl_sctp_connect)(connp->conn_family, slist,
639 			    sctp->sctp_nsaddrs, connp->conn_lport,
640 			    flist, sctp->sctp_nfaddrs, connp->conn_fport,
641 			    B_TRUE, (cl_sctp_handle_t)sctp);
642 		}
643 		ASSERT(ixa->ixa_cred != NULL);
644 		ASSERT(ixa->ixa_ire != NULL);
645 
646 		(void) conn_ip_output(initmp, ixa);
647 		BUMP_LOCAL(sctp->sctp_opkts);
648 		WAKE_SCTP(sctp);
649 
650 notify_ulp:
651 		sctp_set_ulp_prop(sctp);
652 
653 		return (0);
654 	default:
655 		ip0dbg(("sctp_connect: invalid state. %d\n", sctp->sctp_state));
656 		WAKE_SCTP(sctp);
657 		return (EINVAL);
658 	}
659 }
660