netwerk/sctp/src/netinet/sctp_output.c
author Ted Campbell <tcampbell@mozilla.com>
Thu, 26 Jan 2023 15:53:21 +0000
changeset 650660 4af274d4ee613437631074174934b5739d002880
parent 639478 1d383d85d64870de7af46054de8a4425f7c8bb98
permissions -rw-r--r--
Bug 1811411 - Add profiler marker when discarding JitCode r=jandem Similar to the Discard marker, it seems useful to have a profile marker for discard events since they can toss a lot of Jit code. Differential Revision: https://phabricator.services.mozilla.com/D167896

/*-
 * SPDX-License-Identifier: BSD-3-Clause
 *
 * Copyright (c) 2001-2008, by Cisco Systems, Inc. All rights reserved.
 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * a) Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *
 * b) Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the distribution.
 *
 * c) Neither the name of Cisco Systems, Inc. nor the names of its
 *    contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
 * THE POSSIBILITY OF SUCH DAMAGE.
 */

#if defined(__FreeBSD__) && !defined(__Userspace__)
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#endif

#include <netinet/sctp_os.h>
#if defined(__FreeBSD__) && !defined(__Userspace__)
#include <sys/proc.h>
#endif
#include <netinet/sctp_var.h>
#include <netinet/sctp_sysctl.h>
#include <netinet/sctp_header.h>
#include <netinet/sctp_pcb.h>
#include <netinet/sctputil.h>
#include <netinet/sctp_output.h>
#include <netinet/sctp_uio.h>
#include <netinet/sctputil.h>
#include <netinet/sctp_auth.h>
#include <netinet/sctp_timer.h>
#include <netinet/sctp_asconf.h>
#include <netinet/sctp_indata.h>
#include <netinet/sctp_bsd_addr.h>
#include <netinet/sctp_input.h>
#include <netinet/sctp_crc32.h>
#if defined(__FreeBSD__) && !defined(__Userspace__)
#include <netinet/sctp_kdtrace.h>
#endif
#if defined(__linux__)
#define __FAVOR_BSD    /* (on Ubuntu at least) enables UDP header field names like BSD in RFC 768 */
#endif
#if defined(INET) || defined(INET6)
#if !defined(_WIN32)
#include <netinet/udp.h>
#endif
#endif
#if !defined(__Userspace__)
#if defined(__APPLE__)
#include <netinet/in.h>
#endif
#if defined(__FreeBSD__) && !defined(__Userspace__)
#include <netinet/udp_var.h>
#include <machine/in_cksum.h>
#endif
#endif
#if defined(__Userspace__) && defined(INET6)
#include <netinet6/sctp6_var.h>
#endif
#if defined(__APPLE__) && !defined(__Userspace__)
#if !(defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD))
#define SCTP_MAX_LINKHDR 16
#endif
#endif

#define SCTP_MAX_GAPS_INARRAY 4
struct sack_track {
	uint8_t right_edge;	/* mergable on the right edge */
	uint8_t left_edge;	/* mergable on the left edge */
	uint8_t num_entries;
	uint8_t spare;
	struct sctp_gap_ack_block gaps[SCTP_MAX_GAPS_INARRAY];
};

const struct sack_track sack_array[256] = {
	{0, 0, 0, 0,		/* 0x00 */
		{{0, 0},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 1, 0,		/* 0x01 */
		{{0, 0},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x02 */
		{{1, 1},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 1, 0,		/* 0x03 */
		{{0, 1},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x04 */
		{{2, 2},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x05 */
		{{0, 0},
		{2, 2},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x06 */
		{{1, 2},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 1, 0,		/* 0x07 */
		{{0, 2},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x08 */
		{{3, 3},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x09 */
		{{0, 0},
		{3, 3},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x0a */
		{{1, 1},
		{3, 3},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x0b */
		{{0, 1},
		{3, 3},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x0c */
		{{2, 3},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x0d */
		{{0, 0},
		{2, 3},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x0e */
		{{1, 3},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 1, 0,		/* 0x0f */
		{{0, 3},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x10 */
		{{4, 4},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x11 */
		{{0, 0},
		{4, 4},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x12 */
		{{1, 1},
		{4, 4},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x13 */
		{{0, 1},
		{4, 4},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x14 */
		{{2, 2},
		{4, 4},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x15 */
		{{0, 0},
		{2, 2},
		{4, 4},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x16 */
		{{1, 2},
		{4, 4},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x17 */
		{{0, 2},
		{4, 4},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x18 */
		{{3, 4},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x19 */
		{{0, 0},
		{3, 4},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x1a */
		{{1, 1},
		{3, 4},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x1b */
		{{0, 1},
		{3, 4},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x1c */
		{{2, 4},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x1d */
		{{0, 0},
		{2, 4},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x1e */
		{{1, 4},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 1, 0,		/* 0x1f */
		{{0, 4},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x20 */
		{{5, 5},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x21 */
		{{0, 0},
		{5, 5},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x22 */
		{{1, 1},
		{5, 5},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x23 */
		{{0, 1},
		{5, 5},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x24 */
		{{2, 2},
		{5, 5},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x25 */
		{{0, 0},
		{2, 2},
		{5, 5},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x26 */
		{{1, 2},
		{5, 5},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x27 */
		{{0, 2},
		{5, 5},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x28 */
		{{3, 3},
		{5, 5},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x29 */
		{{0, 0},
		{3, 3},
		{5, 5},
		{0, 0}
		}
	},
	{0, 0, 3, 0,		/* 0x2a */
		{{1, 1},
		{3, 3},
		{5, 5},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x2b */
		{{0, 1},
		{3, 3},
		{5, 5},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x2c */
		{{2, 3},
		{5, 5},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x2d */
		{{0, 0},
		{2, 3},
		{5, 5},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x2e */
		{{1, 3},
		{5, 5},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x2f */
		{{0, 3},
		{5, 5},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x30 */
		{{4, 5},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x31 */
		{{0, 0},
		{4, 5},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x32 */
		{{1, 1},
		{4, 5},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x33 */
		{{0, 1},
		{4, 5},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x34 */
		{{2, 2},
		{4, 5},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x35 */
		{{0, 0},
		{2, 2},
		{4, 5},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x36 */
		{{1, 2},
		{4, 5},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x37 */
		{{0, 2},
		{4, 5},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x38 */
		{{3, 5},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x39 */
		{{0, 0},
		{3, 5},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x3a */
		{{1, 1},
		{3, 5},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x3b */
		{{0, 1},
		{3, 5},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x3c */
		{{2, 5},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x3d */
		{{0, 0},
		{2, 5},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x3e */
		{{1, 5},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 1, 0,		/* 0x3f */
		{{0, 5},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x40 */
		{{6, 6},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x41 */
		{{0, 0},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x42 */
		{{1, 1},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x43 */
		{{0, 1},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x44 */
		{{2, 2},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x45 */
		{{0, 0},
		{2, 2},
		{6, 6},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x46 */
		{{1, 2},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x47 */
		{{0, 2},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x48 */
		{{3, 3},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x49 */
		{{0, 0},
		{3, 3},
		{6, 6},
		{0, 0}
		}
	},
	{0, 0, 3, 0,		/* 0x4a */
		{{1, 1},
		{3, 3},
		{6, 6},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x4b */
		{{0, 1},
		{3, 3},
		{6, 6},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x4c */
		{{2, 3},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x4d */
		{{0, 0},
		{2, 3},
		{6, 6},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x4e */
		{{1, 3},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x4f */
		{{0, 3},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x50 */
		{{4, 4},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x51 */
		{{0, 0},
		{4, 4},
		{6, 6},
		{0, 0}
		}
	},
	{0, 0, 3, 0,		/* 0x52 */
		{{1, 1},
		{4, 4},
		{6, 6},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x53 */
		{{0, 1},
		{4, 4},
		{6, 6},
		{0, 0}
		}
	},
	{0, 0, 3, 0,		/* 0x54 */
		{{2, 2},
		{4, 4},
		{6, 6},
		{0, 0}
		}
	},
	{1, 0, 4, 0,		/* 0x55 */
		{{0, 0},
		{2, 2},
		{4, 4},
		{6, 6}
		}
	},
	{0, 0, 3, 0,		/* 0x56 */
		{{1, 2},
		{4, 4},
		{6, 6},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x57 */
		{{0, 2},
		{4, 4},
		{6, 6},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x58 */
		{{3, 4},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x59 */
		{{0, 0},
		{3, 4},
		{6, 6},
		{0, 0}
		}
	},
	{0, 0, 3, 0,		/* 0x5a */
		{{1, 1},
		{3, 4},
		{6, 6},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x5b */
		{{0, 1},
		{3, 4},
		{6, 6},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x5c */
		{{2, 4},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x5d */
		{{0, 0},
		{2, 4},
		{6, 6},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x5e */
		{{1, 4},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x5f */
		{{0, 4},
		{6, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x60 */
		{{5, 6},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x61 */
		{{0, 0},
		{5, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x62 */
		{{1, 1},
		{5, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x63 */
		{{0, 1},
		{5, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x64 */
		{{2, 2},
		{5, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x65 */
		{{0, 0},
		{2, 2},
		{5, 6},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x66 */
		{{1, 2},
		{5, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x67 */
		{{0, 2},
		{5, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x68 */
		{{3, 3},
		{5, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x69 */
		{{0, 0},
		{3, 3},
		{5, 6},
		{0, 0}
		}
	},
	{0, 0, 3, 0,		/* 0x6a */
		{{1, 1},
		{3, 3},
		{5, 6},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x6b */
		{{0, 1},
		{3, 3},
		{5, 6},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x6c */
		{{2, 3},
		{5, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x6d */
		{{0, 0},
		{2, 3},
		{5, 6},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x6e */
		{{1, 3},
		{5, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x6f */
		{{0, 3},
		{5, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x70 */
		{{4, 6},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x71 */
		{{0, 0},
		{4, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x72 */
		{{1, 1},
		{4, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x73 */
		{{0, 1},
		{4, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x74 */
		{{2, 2},
		{4, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 3, 0,		/* 0x75 */
		{{0, 0},
		{2, 2},
		{4, 6},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x76 */
		{{1, 2},
		{4, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x77 */
		{{0, 2},
		{4, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x78 */
		{{3, 6},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x79 */
		{{0, 0},
		{3, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 2, 0,		/* 0x7a */
		{{1, 1},
		{3, 6},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x7b */
		{{0, 1},
		{3, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x7c */
		{{2, 6},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 2, 0,		/* 0x7d */
		{{0, 0},
		{2, 6},
		{0, 0},
		{0, 0}
		}
	},
	{0, 0, 1, 0,		/* 0x7e */
		{{1, 6},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 0, 1, 0,		/* 0x7f */
		{{0, 6},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 1, 0,		/* 0x80 */
		{{7, 7},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0x81 */
		{{0, 0},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0x82 */
		{{1, 1},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0x83 */
		{{0, 1},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0x84 */
		{{2, 2},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0x85 */
		{{0, 0},
		{2, 2},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0x86 */
		{{1, 2},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0x87 */
		{{0, 2},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0x88 */
		{{3, 3},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0x89 */
		{{0, 0},
		{3, 3},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0x8a */
		{{1, 1},
		{3, 3},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0x8b */
		{{0, 1},
		{3, 3},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0x8c */
		{{2, 3},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0x8d */
		{{0, 0},
		{2, 3},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0x8e */
		{{1, 3},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0x8f */
		{{0, 3},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0x90 */
		{{4, 4},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0x91 */
		{{0, 0},
		{4, 4},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0x92 */
		{{1, 1},
		{4, 4},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0x93 */
		{{0, 1},
		{4, 4},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0x94 */
		{{2, 2},
		{4, 4},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 4, 0,		/* 0x95 */
		{{0, 0},
		{2, 2},
		{4, 4},
		{7, 7}
		}
	},
	{0, 1, 3, 0,		/* 0x96 */
		{{1, 2},
		{4, 4},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0x97 */
		{{0, 2},
		{4, 4},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0x98 */
		{{3, 4},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0x99 */
		{{0, 0},
		{3, 4},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0x9a */
		{{1, 1},
		{3, 4},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0x9b */
		{{0, 1},
		{3, 4},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0x9c */
		{{2, 4},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0x9d */
		{{0, 0},
		{2, 4},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0x9e */
		{{1, 4},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0x9f */
		{{0, 4},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xa0 */
		{{5, 5},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xa1 */
		{{0, 0},
		{5, 5},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0xa2 */
		{{1, 1},
		{5, 5},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xa3 */
		{{0, 1},
		{5, 5},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0xa4 */
		{{2, 2},
		{5, 5},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 4, 0,		/* 0xa5 */
		{{0, 0},
		{2, 2},
		{5, 5},
		{7, 7}
		}
	},
	{0, 1, 3, 0,		/* 0xa6 */
		{{1, 2},
		{5, 5},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xa7 */
		{{0, 2},
		{5, 5},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0xa8 */
		{{3, 3},
		{5, 5},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 4, 0,		/* 0xa9 */
		{{0, 0},
		{3, 3},
		{5, 5},
		{7, 7}
		}
	},
	{0, 1, 4, 0,		/* 0xaa */
		{{1, 1},
		{3, 3},
		{5, 5},
		{7, 7}
		}
	},
	{1, 1, 4, 0,		/* 0xab */
		{{0, 1},
		{3, 3},
		{5, 5},
		{7, 7}
		}
	},
	{0, 1, 3, 0,		/* 0xac */
		{{2, 3},
		{5, 5},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 4, 0,		/* 0xad */
		{{0, 0},
		{2, 3},
		{5, 5},
		{7, 7}
		}
	},
	{0, 1, 3, 0,		/* 0xae */
		{{1, 3},
		{5, 5},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xaf */
		{{0, 3},
		{5, 5},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xb0 */
		{{4, 5},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xb1 */
		{{0, 0},
		{4, 5},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0xb2 */
		{{1, 1},
		{4, 5},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xb3 */
		{{0, 1},
		{4, 5},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0xb4 */
		{{2, 2},
		{4, 5},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 4, 0,		/* 0xb5 */
		{{0, 0},
		{2, 2},
		{4, 5},
		{7, 7}
		}
	},
	{0, 1, 3, 0,		/* 0xb6 */
		{{1, 2},
		{4, 5},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xb7 */
		{{0, 2},
		{4, 5},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xb8 */
		{{3, 5},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xb9 */
		{{0, 0},
		{3, 5},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0xba */
		{{1, 1},
		{3, 5},
		{7, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xbb */
		{{0, 1},
		{3, 5},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xbc */
		{{2, 5},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xbd */
		{{0, 0},
		{2, 5},
		{7, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xbe */
		{{1, 5},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xbf */
		{{0, 5},
		{7, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 1, 0,		/* 0xc0 */
		{{6, 7},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xc1 */
		{{0, 0},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xc2 */
		{{1, 1},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xc3 */
		{{0, 1},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xc4 */
		{{2, 2},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xc5 */
		{{0, 0},
		{2, 2},
		{6, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xc6 */
		{{1, 2},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xc7 */
		{{0, 2},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xc8 */
		{{3, 3},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xc9 */
		{{0, 0},
		{3, 3},
		{6, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0xca */
		{{1, 1},
		{3, 3},
		{6, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xcb */
		{{0, 1},
		{3, 3},
		{6, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xcc */
		{{2, 3},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xcd */
		{{0, 0},
		{2, 3},
		{6, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xce */
		{{1, 3},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xcf */
		{{0, 3},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xd0 */
		{{4, 4},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xd1 */
		{{0, 0},
		{4, 4},
		{6, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0xd2 */
		{{1, 1},
		{4, 4},
		{6, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xd3 */
		{{0, 1},
		{4, 4},
		{6, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0xd4 */
		{{2, 2},
		{4, 4},
		{6, 7},
		{0, 0}
		}
	},
	{1, 1, 4, 0,		/* 0xd5 */
		{{0, 0},
		{2, 2},
		{4, 4},
		{6, 7}
		}
	},
	{0, 1, 3, 0,		/* 0xd6 */
		{{1, 2},
		{4, 4},
		{6, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xd7 */
		{{0, 2},
		{4, 4},
		{6, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xd8 */
		{{3, 4},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xd9 */
		{{0, 0},
		{3, 4},
		{6, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0xda */
		{{1, 1},
		{3, 4},
		{6, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xdb */
		{{0, 1},
		{3, 4},
		{6, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xdc */
		{{2, 4},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xdd */
		{{0, 0},
		{2, 4},
		{6, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xde */
		{{1, 4},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xdf */
		{{0, 4},
		{6, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 1, 0,		/* 0xe0 */
		{{5, 7},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xe1 */
		{{0, 0},
		{5, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xe2 */
		{{1, 1},
		{5, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xe3 */
		{{0, 1},
		{5, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xe4 */
		{{2, 2},
		{5, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xe5 */
		{{0, 0},
		{2, 2},
		{5, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xe6 */
		{{1, 2},
		{5, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xe7 */
		{{0, 2},
		{5, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xe8 */
		{{3, 3},
		{5, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xe9 */
		{{0, 0},
		{3, 3},
		{5, 7},
		{0, 0}
		}
	},
	{0, 1, 3, 0,		/* 0xea */
		{{1, 1},
		{3, 3},
		{5, 7},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xeb */
		{{0, 1},
		{3, 3},
		{5, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xec */
		{{2, 3},
		{5, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xed */
		{{0, 0},
		{2, 3},
		{5, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xee */
		{{1, 3},
		{5, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xef */
		{{0, 3},
		{5, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 1, 0,		/* 0xf0 */
		{{4, 7},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xf1 */
		{{0, 0},
		{4, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xf2 */
		{{1, 1},
		{4, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xf3 */
		{{0, 1},
		{4, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xf4 */
		{{2, 2},
		{4, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 3, 0,		/* 0xf5 */
		{{0, 0},
		{2, 2},
		{4, 7},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xf6 */
		{{1, 2},
		{4, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xf7 */
		{{0, 2},
		{4, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 1, 0,		/* 0xf8 */
		{{3, 7},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xf9 */
		{{0, 0},
		{3, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 2, 0,		/* 0xfa */
		{{1, 1},
		{3, 7},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xfb */
		{{0, 1},
		{3, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 1, 0,		/* 0xfc */
		{{2, 7},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 2, 0,		/* 0xfd */
		{{0, 0},
		{2, 7},
		{0, 0},
		{0, 0}
		}
	},
	{0, 1, 1, 0,		/* 0xfe */
		{{1, 7},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	},
	{1, 1, 1, 0,		/* 0xff */
		{{0, 7},
		{0, 0},
		{0, 0},
		{0, 0}
		}
	}
};

int
sctp_is_address_in_scope(struct sctp_ifa *ifa,
                         struct sctp_scoping *scope,
                         int do_update)
{
	if ((scope->loopback_scope == 0) &&
	    (ifa->ifn_p) && SCTP_IFN_IS_IFT_LOOP(ifa->ifn_p)) {
		/*
		 * skip loopback if not in scope *
		 */
		return (0);
	}
	switch (ifa->address.sa.sa_family) {
#ifdef INET
	case AF_INET:
		if (scope->ipv4_addr_legal) {
			struct sockaddr_in *sin;

			sin = &ifa->address.sin;
			if (sin->sin_addr.s_addr == 0) {
				/* not in scope , unspecified */
				return (0);
			}
			if ((scope->ipv4_local_scope == 0) &&
			    (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) {
				/* private address not in scope */
				return (0);
			}
		} else {
			return (0);
		}
		break;
#endif
#ifdef INET6
	case AF_INET6:
		if (scope->ipv6_addr_legal) {
			struct sockaddr_in6 *sin6;

			/* Must update the flags,  bummer, which
			 * means any IFA locks must now be applied HERE <->
			 */
			if (do_update) {
				sctp_gather_internal_ifa_flags(ifa);
			}
			if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
				return (0);
			}
			/* ok to use deprecated addresses? */
			sin6 = &ifa->address.sin6;
			if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
				/* skip unspecified addresses */
				return (0);
			}
			if (		/* (local_scope == 0) && */
			    (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) {
				return (0);
			}
			if ((scope->site_scope == 0) &&
			    (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr))) {
				return (0);
			}
		} else {
			return (0);
		}
		break;
#endif
#if defined(__Userspace__)
	case AF_CONN:
		if (!scope->conn_addr_legal) {
			return (0);
		}
		break;
#endif
	default:
		return (0);
	}
	return (1);
}

static struct mbuf *
sctp_add_addr_to_mbuf(struct mbuf *m, struct sctp_ifa *ifa, uint16_t *len)
{
#if defined(INET) || defined(INET6)
	struct sctp_paramhdr *paramh;
	struct mbuf *mret;
	uint16_t plen;
#endif

	switch (ifa->address.sa.sa_family) {
#ifdef INET
	case AF_INET:
		plen = (uint16_t)sizeof(struct sctp_ipv4addr_param);
		break;
#endif
#ifdef INET6
	case AF_INET6:
		plen = (uint16_t)sizeof(struct sctp_ipv6addr_param);
		break;
#endif
	default:
		return (m);
	}
#if defined(INET) || defined(INET6)
	if (M_TRAILINGSPACE(m) >= plen) {
		/* easy side we just drop it on the end */
		paramh = (struct sctp_paramhdr *)(SCTP_BUF_AT(m, SCTP_BUF_LEN(m)));
		mret = m;
	} else {
		/* Need more space */
		mret = m;
		while (SCTP_BUF_NEXT(mret) != NULL) {
			mret = SCTP_BUF_NEXT(mret);
		}
		SCTP_BUF_NEXT(mret) = sctp_get_mbuf_for_msg(plen, 0, M_NOWAIT, 1, MT_DATA);
		if (SCTP_BUF_NEXT(mret) == NULL) {
			/* We are hosed, can't add more addresses */
			return (m);
		}
		mret = SCTP_BUF_NEXT(mret);
		paramh = mtod(mret, struct sctp_paramhdr *);
	}
	/* now add the parameter */
	switch (ifa->address.sa.sa_family) {
#ifdef INET
	case AF_INET:
	{
		struct sctp_ipv4addr_param *ipv4p;
		struct sockaddr_in *sin;

		sin = &ifa->address.sin;
		ipv4p = (struct sctp_ipv4addr_param *)paramh;
		paramh->param_type = htons(SCTP_IPV4_ADDRESS);
		paramh->param_length = htons(plen);
		ipv4p->addr = sin->sin_addr.s_addr;
		SCTP_BUF_LEN(mret) += plen;
		break;
	}
#endif
#ifdef INET6
	case AF_INET6:
	{
		struct sctp_ipv6addr_param *ipv6p;
		struct sockaddr_in6 *sin6;

		sin6 = &ifa->address.sin6;
		ipv6p = (struct sctp_ipv6addr_param *)paramh;
		paramh->param_type = htons(SCTP_IPV6_ADDRESS);
		paramh->param_length = htons(plen);
		memcpy(ipv6p->addr, &sin6->sin6_addr,
		    sizeof(ipv6p->addr));
#if defined(SCTP_EMBEDDED_V6_SCOPE)
		/* clear embedded scope in the address */
		in6_clearscope((struct in6_addr *)ipv6p->addr);
#endif
		SCTP_BUF_LEN(mret) += plen;
		break;
	}
#endif
	default:
		return (m);
	}
	if (len != NULL) {
		*len += plen;
	}
	return (mret);
#endif
}

struct mbuf *
sctp_add_addresses_to_i_ia(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
                           struct sctp_scoping *scope,
			   struct mbuf *m_at, int cnt_inits_to,
			   uint16_t *padding_len, uint16_t *chunk_len)
{
	struct sctp_vrf *vrf = NULL;
	int cnt, limit_out = 0, total_count;
	uint32_t vrf_id;

	vrf_id = inp->def_vrf_id;
	SCTP_IPI_ADDR_RLOCK();
	vrf = sctp_find_vrf(vrf_id);
	if (vrf == NULL) {
		SCTP_IPI_ADDR_RUNLOCK();
		return (m_at);
	}
	if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
		struct sctp_ifa *sctp_ifap;
		struct sctp_ifn *sctp_ifnp;

		cnt = cnt_inits_to;
		if (vrf->total_ifa_count > SCTP_COUNT_LIMIT) {
			limit_out = 1;
			cnt = SCTP_ADDRESS_LIMIT;
			goto skip_count;
		}
		LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) {
			if ((scope->loopback_scope == 0) &&
			    SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) {
				/*
				 * Skip loopback devices if loopback_scope
				 * not set
				 */
				continue;
			}
			LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
				if ((sctp_ifap->address.sa.sa_family == AF_INET) &&
				    (prison_check_ip4(inp->ip_inp.inp.inp_cred,
				                      &sctp_ifap->address.sin.sin_addr) != 0)) {
					continue;
				}
#endif
#ifdef INET6
				if ((sctp_ifap->address.sa.sa_family == AF_INET6) &&
				    (prison_check_ip6(inp->ip_inp.inp.inp_cred,
				                      &sctp_ifap->address.sin6.sin6_addr) != 0)) {
					continue;
				}
#endif
#endif
				if (sctp_is_addr_restricted(stcb, sctp_ifap)) {
					continue;
				}
#if defined(__Userspace__)
				if (sctp_ifap->address.sa.sa_family == AF_CONN) {
					continue;
				}
#endif
				if (sctp_is_address_in_scope(sctp_ifap, scope, 1) == 0) {
					continue;
				}
				cnt++;
				if (cnt > SCTP_ADDRESS_LIMIT) {
					break;
				}
			}
			if (cnt > SCTP_ADDRESS_LIMIT) {
				break;
			}
		}
	skip_count:
		if (cnt > 1) {
			total_count = 0;
			LIST_FOREACH(sctp_ifnp, &vrf->ifnlist, next_ifn) {
				cnt = 0;
				if ((scope->loopback_scope == 0) &&
				    SCTP_IFN_IS_IFT_LOOP(sctp_ifnp)) {
					/*
					 * Skip loopback devices if
					 * loopback_scope not set
					 */
					continue;
				}
				LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
					if ((sctp_ifap->address.sa.sa_family == AF_INET) &&
					    (prison_check_ip4(inp->ip_inp.inp.inp_cred,
					                      &sctp_ifap->address.sin.sin_addr) != 0)) {
						continue;
					}
#endif
#ifdef INET6
					if ((sctp_ifap->address.sa.sa_family == AF_INET6) &&
					    (prison_check_ip6(inp->ip_inp.inp.inp_cred,
					                      &sctp_ifap->address.sin6.sin6_addr) != 0)) {
						continue;
					}
#endif
#endif
					if (sctp_is_addr_restricted(stcb, sctp_ifap)) {
						continue;
					}
#if defined(__Userspace__)
					if (sctp_ifap->address.sa.sa_family == AF_CONN) {
						continue;
					}
#endif
					if (sctp_is_address_in_scope(sctp_ifap,
								     scope, 0) == 0) {
						continue;
					}
					if ((chunk_len != NULL) &&
					    (padding_len != NULL) &&
					    (*padding_len > 0)) {
						memset(mtod(m_at, caddr_t) + *chunk_len, 0, *padding_len);
						SCTP_BUF_LEN(m_at) += *padding_len;
						*chunk_len += *padding_len;
						*padding_len = 0;
					}
					m_at = sctp_add_addr_to_mbuf(m_at, sctp_ifap, chunk_len);
					if (limit_out) {
						cnt++;
						total_count++;
						if (cnt >= 2) {
							/* two from each address */
							break;
						}
						if (total_count > SCTP_ADDRESS_LIMIT) {
							/* No more addresses */
							break;
						}
					}
				}
			}
		}
	} else {
		struct sctp_laddr *laddr;

		cnt = cnt_inits_to;
		/* First, how many ? */
		LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
			if (laddr->ifa == NULL) {
				continue;
			}
			if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED)
				/* Address being deleted by the system, dont
				 * list.
				 */
				continue;
			if (laddr->action == SCTP_DEL_IP_ADDRESS) {
				/* Address being deleted on this ep
				 * don't list.
				 */
				continue;
			}
#if defined(__Userspace__)
			if (laddr->ifa->address.sa.sa_family == AF_CONN) {
				continue;
			}
#endif
			if (sctp_is_address_in_scope(laddr->ifa,
						     scope, 1) == 0) {
				continue;
			}
			cnt++;
		}
		/*
		 * To get through a NAT we only list addresses if we have
		 * more than one. That way if you just bind a single address
		 * we let the source of the init dictate our address.
		 */
		if (cnt > 1) {
			cnt = cnt_inits_to;
			LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
				if (laddr->ifa == NULL) {
					continue;
				}
				if (laddr->ifa->localifa_flags & SCTP_BEING_DELETED) {
					continue;
				}
#if defined(__Userspace__)
				if (laddr->ifa->address.sa.sa_family == AF_CONN) {
					continue;
				}
#endif
				if (sctp_is_address_in_scope(laddr->ifa,
							     scope, 0) == 0) {
					continue;
				}
				if ((chunk_len != NULL) &&
				    (padding_len != NULL) &&
				    (*padding_len > 0)) {
					memset(mtod(m_at, caddr_t) + *chunk_len, 0, *padding_len);
					SCTP_BUF_LEN(m_at) += *padding_len;
					*chunk_len += *padding_len;
					*padding_len = 0;
				}
				m_at = sctp_add_addr_to_mbuf(m_at, laddr->ifa, chunk_len);
				cnt++;
				if (cnt >= SCTP_ADDRESS_LIMIT) {
					break;
				}
			}
		}
	}
	SCTP_IPI_ADDR_RUNLOCK();
	return (m_at);
}

static struct sctp_ifa *
sctp_is_ifa_addr_preferred(struct sctp_ifa *ifa,
			   uint8_t dest_is_loop,
			   uint8_t dest_is_priv,
			   sa_family_t fam)
{
	uint8_t dest_is_global = 0;
	/* dest_is_priv is true if destination is a private address */
	/* dest_is_loop is true if destination is a loopback addresses */

	/**
	 * Here we determine if its a preferred address. A preferred address
	 * means it is the same scope or higher scope then the destination.
	 * L = loopback, P = private, G = global
	 * -----------------------------------------
	 *    src    |  dest | result
	 *  ----------------------------------------
	 *     L     |    L  |    yes
	 *  -----------------------------------------
	 *     P     |    L  |    yes-v4 no-v6
	 *  -----------------------------------------
	 *     G     |    L  |    yes-v4 no-v6
	 *  -----------------------------------------
	 *     L     |    P  |    no
	 *  -----------------------------------------
	 *     P     |    P  |    yes
	 *  -----------------------------------------
	 *     G     |    P  |    no
	 *   -----------------------------------------
	 *     L     |    G  |    no
	 *   -----------------------------------------
	 *     P     |    G  |    no
	 *    -----------------------------------------
	 *     G     |    G  |    yes
	 *    -----------------------------------------
	 */

	if (ifa->address.sa.sa_family != fam) {
		/* forget mis-matched family */
		return (NULL);
	}
	if ((dest_is_priv == 0) && (dest_is_loop == 0)) {
		dest_is_global = 1;
	}
	SCTPDBG(SCTP_DEBUG_OUTPUT2, "Is destination preferred:");
	SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &ifa->address.sa);
	/* Ok the address may be ok */
#ifdef INET6
	if (fam == AF_INET6) {
		/* ok to use deprecated addresses? no lets not! */
		if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
			SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:1\n");
			return (NULL);
		}
		if (ifa->src_is_priv && !ifa->src_is_loop) {
			if (dest_is_loop) {
				SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:2\n");
				return (NULL);
			}
		}
		if (ifa->src_is_glob) {
			if (dest_is_loop) {
				SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:3\n");
				return (NULL);
			}
		}
	}
#endif
	/* Now that we know what is what, implement or table
	 * this could in theory be done slicker (it used to be), but this
	 * is straightforward and easier to validate :-)
	 */
	SCTPDBG(SCTP_DEBUG_OUTPUT3, "src_loop:%d src_priv:%d src_glob:%d\n",
		ifa->src_is_loop, ifa->src_is_priv, ifa->src_is_glob);
	SCTPDBG(SCTP_DEBUG_OUTPUT3, "dest_loop:%d dest_priv:%d dest_glob:%d\n",
		dest_is_loop, dest_is_priv, dest_is_global);

	if ((ifa->src_is_loop) && (dest_is_priv)) {
		SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:4\n");
		return (NULL);
	}
	if ((ifa->src_is_glob) && (dest_is_priv)) {
		SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:5\n");
		return (NULL);
	}
	if ((ifa->src_is_loop) && (dest_is_global)) {
		SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:6\n");
		return (NULL);
	}
	if ((ifa->src_is_priv) && (dest_is_global)) {
		SCTPDBG(SCTP_DEBUG_OUTPUT3, "NO:7\n");
		return (NULL);
	}
	SCTPDBG(SCTP_DEBUG_OUTPUT3, "YES\n");
	/* its a preferred address */
	return (ifa);
}

static struct sctp_ifa *
sctp_is_ifa_addr_acceptable(struct sctp_ifa *ifa,
			    uint8_t dest_is_loop,
			    uint8_t dest_is_priv,
			    sa_family_t fam)
{
	uint8_t dest_is_global = 0;

	/**
	 * Here we determine if its a acceptable address. A acceptable
	 * address means it is the same scope or higher scope but we can
	 * allow for NAT which means its ok to have a global dest and a
	 * private src.
	 *
	 * L = loopback, P = private, G = global
	 * -----------------------------------------
	 *  src    |  dest | result
	 * -----------------------------------------
	 *   L     |   L   |    yes
	 *  -----------------------------------------
	 *   P     |   L   |    yes-v4 no-v6
	 *  -----------------------------------------
	 *   G     |   L   |    yes
	 * -----------------------------------------
	 *   L     |   P   |    no
	 * -----------------------------------------
	 *   P     |   P   |    yes
	 * -----------------------------------------
	 *   G     |   P   |    yes - May not work
	 * -----------------------------------------
	 *   L     |   G   |    no
	 * -----------------------------------------
	 *   P     |   G   |    yes - May not work
	 * -----------------------------------------
	 *   G     |   G   |    yes
	 * -----------------------------------------
	 */

	if (ifa->address.sa.sa_family != fam) {
		/* forget non matching family */
		SCTPDBG(SCTP_DEBUG_OUTPUT3, "ifa_fam:%d fam:%d\n",
			ifa->address.sa.sa_family, fam);
		return (NULL);
	}
	/* Ok the address may be ok */
	SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, &ifa->address.sa);
	SCTPDBG(SCTP_DEBUG_OUTPUT3, "dst_is_loop:%d dest_is_priv:%d\n",
		dest_is_loop, dest_is_priv);
	if ((dest_is_loop == 0) && (dest_is_priv == 0)) {
		dest_is_global = 1;
	}
#ifdef INET6
	if (fam == AF_INET6) {
		/* ok to use deprecated addresses? */
		if (ifa->localifa_flags & SCTP_ADDR_IFA_UNUSEABLE) {
			return (NULL);
		}
		if (ifa->src_is_priv) {
			/* Special case, linklocal to loop */
			if (dest_is_loop)
				return (NULL);
		}
	}
#endif
	/*
	 * Now that we know what is what, implement our table.
	 * This could in theory be done slicker (it used to be), but this
	 * is straightforward and easier to validate :-)
	 */
	SCTPDBG(SCTP_DEBUG_OUTPUT3, "ifa->src_is_loop:%d dest_is_priv:%d\n",
		ifa->src_is_loop,
		dest_is_priv);
	if ((ifa->src_is_loop == 1) && (dest_is_priv)) {
		return (NULL);
	}
	SCTPDBG(SCTP_DEBUG_OUTPUT3, "ifa->src_is_loop:%d dest_is_glob:%d\n",
		ifa->src_is_loop,
		dest_is_global);
	if ((ifa->src_is_loop == 1) && (dest_is_global)) {
		return (NULL);
	}
	SCTPDBG(SCTP_DEBUG_OUTPUT3, "address is acceptable\n");
	/* its an acceptable address */
	return (ifa);
}

int
sctp_is_addr_restricted(struct sctp_tcb *stcb, struct sctp_ifa *ifa)
{
	struct sctp_laddr *laddr;

	if (stcb == NULL) {
		/* There are no restrictions, no TCB :-) */
		return (0);
	}
	LIST_FOREACH(laddr, &stcb->asoc.sctp_restricted_addrs, sctp_nxt_addr) {
		if (laddr->ifa == NULL) {
			SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n",
				__func__);
			continue;
		}
		if (laddr->ifa == ifa) {
			/* Yes it is on the list */
			return (1);
		}
	}
	return (0);
}

int
sctp_is_addr_in_ep(struct sctp_inpcb *inp, struct sctp_ifa *ifa)
{
	struct sctp_laddr *laddr;

	if (ifa == NULL)
		return (0);
	LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) {
		if (laddr->ifa == NULL) {
			SCTPDBG(SCTP_DEBUG_OUTPUT1, "%s: NULL ifa\n",
				__func__);
			continue;
		}
		if ((laddr->ifa == ifa) && laddr->action == 0)
			/* same pointer */
			return (1);
	}
	return (0);
}

static struct sctp_ifa *
sctp_choose_boundspecific_inp(struct sctp_inpcb *inp,
			      sctp_route_t *ro,
			      uint32_t vrf_id,
			      int non_asoc_addr_ok,
			      uint8_t dest_is_priv,
			      uint8_t dest_is_loop,
			      sa_family_t fam)
{
	struct sctp_laddr *laddr, *starting_point;
	void *ifn;
	int resettotop = 0;
	struct sctp_ifn *sctp_ifn;
	struct sctp_ifa *sctp_ifa, *sifa;
	struct sctp_vrf *vrf;
	uint32_t ifn_index;

	vrf = sctp_find_vrf(vrf_id);
	if (vrf == NULL)
		return (NULL);

	ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
	ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro);
	sctp_ifn = sctp_find_ifn(ifn, ifn_index);
	/*
	 * first question, is the ifn we will emit on in our list, if so, we
	 * want such an address. Note that we first looked for a
	 * preferred address.
	 */
	if (sctp_ifn) {
		/* is a preferred one on the interface we route out? */
		LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
			if ((sctp_ifa->address.sa.sa_family == AF_INET) &&
			    (prison_check_ip4(inp->ip_inp.inp.inp_cred,
			                      &sctp_ifa->address.sin.sin_addr) != 0)) {
				continue;
			}
#endif
#ifdef INET6
			if ((sctp_ifa->address.sa.sa_family == AF_INET6) &&
			    (prison_check_ip6(inp->ip_inp.inp.inp_cred,
			                      &sctp_ifa->address.sin6.sin6_addr) != 0)) {
				continue;
			}
#endif
#endif
			if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
			    (non_asoc_addr_ok == 0))
				continue;
			sifa = sctp_is_ifa_addr_preferred(sctp_ifa,
							  dest_is_loop,
							  dest_is_priv, fam);
			if (sifa == NULL)
				continue;
			if (sctp_is_addr_in_ep(inp, sifa)) {
				atomic_add_int(&sifa->refcount, 1);
				return (sifa);
			}
		}
	}
	/*
	 * ok, now we now need to find one on the list of the addresses.
	 * We can't get one on the emitting interface so let's find first
	 * a preferred one. If not that an acceptable one otherwise...
	 * we return NULL.
	 */
	starting_point = inp->next_addr_touse;
 once_again:
	if (inp->next_addr_touse == NULL) {
		inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list);
		resettotop = 1;
	}
	for (laddr = inp->next_addr_touse; laddr;
	     laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
		if (laddr->ifa == NULL) {
			/* address has been removed */
			continue;
		}
		if (laddr->action == SCTP_DEL_IP_ADDRESS) {
			/* address is being deleted */
			continue;
		}
		sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop,
						  dest_is_priv, fam);
		if (sifa == NULL)
			continue;
		atomic_add_int(&sifa->refcount, 1);
		return (sifa);
	}
	if (resettotop == 0) {
		inp->next_addr_touse = NULL;
		goto once_again;
	}

	inp->next_addr_touse = starting_point;
	resettotop = 0;
 once_again_too:
	if (inp->next_addr_touse == NULL) {
		inp->next_addr_touse = LIST_FIRST(&inp->sctp_addr_list);
		resettotop = 1;
	}

	/* ok, what about an acceptable address in the inp */
	for (laddr = inp->next_addr_touse; laddr;
	     laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
		if (laddr->ifa == NULL) {
			/* address has been removed */
			continue;
		}
		if (laddr->action == SCTP_DEL_IP_ADDRESS) {
			/* address is being deleted */
			continue;
		}
		sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop,
						   dest_is_priv, fam);
		if (sifa == NULL)
			continue;
		atomic_add_int(&sifa->refcount, 1);
		return (sifa);
	}
	if (resettotop == 0) {
		inp->next_addr_touse = NULL;
		goto once_again_too;
	}

	/*
	 * no address bound can be a source for the destination we are in
	 * trouble
	 */
	return (NULL);
}

static struct sctp_ifa *
sctp_choose_boundspecific_stcb(struct sctp_inpcb *inp,
			       struct sctp_tcb *stcb,
			       sctp_route_t *ro,
			       uint32_t vrf_id,
			       uint8_t dest_is_priv,
			       uint8_t dest_is_loop,
			       int non_asoc_addr_ok,
			       sa_family_t fam)
{
	struct sctp_laddr *laddr, *starting_point;
	void *ifn;
	struct sctp_ifn *sctp_ifn;
	struct sctp_ifa *sctp_ifa, *sifa;
	uint8_t start_at_beginning = 0;
	struct sctp_vrf *vrf;
	uint32_t ifn_index;

	/*
	 * first question, is the ifn we will emit on in our list, if so, we
	 * want that one.
	 */
	vrf = sctp_find_vrf(vrf_id);
	if (vrf == NULL)
		return (NULL);

	ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
	ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro);
	sctp_ifn = sctp_find_ifn(ifn, ifn_index);

	/*
	 * first question, is the ifn we will emit on in our list?  If so,
	 * we want that one. First we look for a preferred. Second, we go
	 * for an acceptable.
	 */
	if (sctp_ifn) {
		/* first try for a preferred address on the ep */
		LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
			if ((sctp_ifa->address.sa.sa_family == AF_INET) &&
			    (prison_check_ip4(inp->ip_inp.inp.inp_cred,
			                      &sctp_ifa->address.sin.sin_addr) != 0)) {
				continue;
			}
#endif
#ifdef INET6
			if ((sctp_ifa->address.sa.sa_family == AF_INET6) &&
			    (prison_check_ip6(inp->ip_inp.inp.inp_cred,
			                      &sctp_ifa->address.sin6.sin6_addr) != 0)) {
				continue;
			}
#endif
#endif
			if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0))
				continue;
			if (sctp_is_addr_in_ep(inp, sctp_ifa)) {
				sifa = sctp_is_ifa_addr_preferred(sctp_ifa, dest_is_loop, dest_is_priv, fam);
				if (sifa == NULL)
					continue;
				if (((non_asoc_addr_ok == 0) &&
				     (sctp_is_addr_restricted(stcb, sifa))) ||
				    (non_asoc_addr_ok &&
				     (sctp_is_addr_restricted(stcb, sifa)) &&
				     (!sctp_is_addr_pending(stcb, sifa)))) {
					/* on the no-no list */
					continue;
				}
				atomic_add_int(&sifa->refcount, 1);
				return (sifa);
			}
		}
		/* next try for an acceptable address on the ep */
		LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
			if ((sctp_ifa->address.sa.sa_family == AF_INET) &&
			    (prison_check_ip4(inp->ip_inp.inp.inp_cred,
			                      &sctp_ifa->address.sin.sin_addr) != 0)) {
				continue;
			}
#endif
#ifdef INET6
			if ((sctp_ifa->address.sa.sa_family == AF_INET6) &&
			    (prison_check_ip6(inp->ip_inp.inp.inp_cred,
			                      &sctp_ifa->address.sin6.sin6_addr) != 0)) {
				continue;
			}
#endif
#endif
			if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0))
				continue;
			if (sctp_is_addr_in_ep(inp, sctp_ifa)) {
				sifa= sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop, dest_is_priv,fam);
				if (sifa == NULL)
					continue;
				if (((non_asoc_addr_ok == 0) &&
				     (sctp_is_addr_restricted(stcb, sifa))) ||
				    (non_asoc_addr_ok &&
				     (sctp_is_addr_restricted(stcb, sifa)) &&
				     (!sctp_is_addr_pending(stcb, sifa)))) {
					/* on the no-no list */
					continue;
				}
				atomic_add_int(&sifa->refcount, 1);
				return (sifa);
			}
		}
	}
	/*
	 * if we can't find one like that then we must look at all
	 * addresses bound to pick one at first preferable then
	 * secondly acceptable.
	 */
	starting_point = stcb->asoc.last_used_address;
 sctp_from_the_top:
	if (stcb->asoc.last_used_address == NULL) {
		start_at_beginning = 1;
		stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list);
	}
	/* search beginning with the last used address */
	for (laddr = stcb->asoc.last_used_address; laddr;
	     laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
		if (laddr->ifa == NULL) {
			/* address has been removed */
			continue;
		}
		if (laddr->action == SCTP_DEL_IP_ADDRESS) {
			/* address is being deleted */
			continue;
		}
		sifa = sctp_is_ifa_addr_preferred(laddr->ifa, dest_is_loop, dest_is_priv, fam);
		if (sifa == NULL)
			continue;
		if (((non_asoc_addr_ok == 0) &&
		     (sctp_is_addr_restricted(stcb, sifa))) ||
		    (non_asoc_addr_ok &&
		     (sctp_is_addr_restricted(stcb, sifa)) &&
		     (!sctp_is_addr_pending(stcb, sifa)))) {
			/* on the no-no list */
			continue;
		}
		stcb->asoc.last_used_address = laddr;
		atomic_add_int(&sifa->refcount, 1);
		return (sifa);
	}
	if (start_at_beginning == 0) {
		stcb->asoc.last_used_address = NULL;
		goto sctp_from_the_top;
	}
	/* now try for any higher scope than the destination */
	stcb->asoc.last_used_address = starting_point;
	start_at_beginning = 0;
 sctp_from_the_top2:
	if (stcb->asoc.last_used_address == NULL) {
		start_at_beginning = 1;
		stcb->asoc.last_used_address = LIST_FIRST(&inp->sctp_addr_list);
	}
	/* search beginning with the last used address */
	for (laddr = stcb->asoc.last_used_address; laddr;
	     laddr = LIST_NEXT(laddr, sctp_nxt_addr)) {
		if (laddr->ifa == NULL) {
			/* address has been removed */
			continue;
		}
		if (laddr->action == SCTP_DEL_IP_ADDRESS) {
			/* address is being deleted */
			continue;
		}
		sifa = sctp_is_ifa_addr_acceptable(laddr->ifa, dest_is_loop,
						   dest_is_priv, fam);
		if (sifa == NULL)
			continue;
		if (((non_asoc_addr_ok == 0) &&
		     (sctp_is_addr_restricted(stcb, sifa))) ||
		    (non_asoc_addr_ok &&
		     (sctp_is_addr_restricted(stcb, sifa)) &&
		     (!sctp_is_addr_pending(stcb, sifa)))) {
			/* on the no-no list */
			continue;
		}
		stcb->asoc.last_used_address = laddr;
		atomic_add_int(&sifa->refcount, 1);
		return (sifa);
	}
	if (start_at_beginning == 0) {
		stcb->asoc.last_used_address = NULL;
		goto sctp_from_the_top2;
	}
	return (NULL);
}

static struct sctp_ifa *
sctp_select_nth_preferred_addr_from_ifn_boundall(struct sctp_ifn *ifn,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                                                 struct sctp_inpcb *inp,
#else
                                                 struct sctp_inpcb *inp SCTP_UNUSED,
#endif
                                                 struct sctp_tcb *stcb,
                                                 int non_asoc_addr_ok,
                                                 uint8_t dest_is_loop,
                                                 uint8_t dest_is_priv,
                                                 int addr_wanted,
                                                 sa_family_t fam,
                                                 sctp_route_t *ro)
{
	struct sctp_ifa *ifa, *sifa;
	int num_eligible_addr = 0;
#ifdef INET6
#ifdef SCTP_EMBEDDED_V6_SCOPE
	struct sockaddr_in6 sin6, lsa6;

	if (fam == AF_INET6) {
		memcpy(&sin6, &ro->ro_dst, sizeof(struct sockaddr_in6));
#ifdef SCTP_KAME
		(void)sa6_recoverscope(&sin6);
#else
		(void)in6_recoverscope(&sin6, &sin6.sin6_addr, NULL);
#endif  /* SCTP_KAME */
	}
#endif  /* SCTP_EMBEDDED_V6_SCOPE */
#endif	/* INET6 */
	LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
		if ((ifa->address.sa.sa_family == AF_INET) &&
		    (prison_check_ip4(inp->ip_inp.inp.inp_cred,
		                      &ifa->address.sin.sin_addr) != 0)) {
			continue;
		}
#endif
#ifdef INET6
		if ((ifa->address.sa.sa_family == AF_INET6) &&
		    (prison_check_ip6(inp->ip_inp.inp.inp_cred,
		                      &ifa->address.sin6.sin6_addr) != 0)) {
			continue;
		}
#endif
#endif
		if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
		    (non_asoc_addr_ok == 0))
			continue;
		sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop,
						  dest_is_priv, fam);
		if (sifa == NULL)
			continue;
#ifdef INET6
		if (fam == AF_INET6 &&
		    dest_is_loop &&
		    sifa->src_is_loop && sifa->src_is_priv) {
			/* don't allow fe80::1 to be a src on loop ::1, we don't list it
			 * to the peer so we will get an abort.
			 */
			continue;
		}
#ifdef SCTP_EMBEDDED_V6_SCOPE
		if (fam == AF_INET6 &&
		    IN6_IS_ADDR_LINKLOCAL(&sifa->address.sin6.sin6_addr) &&
		    IN6_IS_ADDR_LINKLOCAL(&sin6.sin6_addr)) {
			/* link-local <-> link-local must belong to the same scope. */
			memcpy(&lsa6, &sifa->address.sin6, sizeof(struct sockaddr_in6));
#ifdef SCTP_KAME
			(void)sa6_recoverscope(&lsa6);
#else
			(void)in6_recoverscope(&lsa6, &lsa6.sin6_addr, NULL);
#endif  /* SCTP_KAME */
			if (sin6.sin6_scope_id != lsa6.sin6_scope_id) {
				continue;
			}
		}
#endif  /* SCTP_EMBEDDED_V6_SCOPE */
#endif	/* INET6 */

#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__Userspace__)
		/* Check if the IPv6 address matches to next-hop.
		   In the mobile case, old IPv6 address may be not deleted
		   from the interface. Then, the interface has previous and
		   new addresses.  We should use one corresponding to the
		   next-hop.  (by micchie)
		 */
#ifdef INET6
		if (stcb && fam == AF_INET6 &&
		    sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) {
			if (sctp_v6src_match_nexthop(&sifa->address.sin6, ro) == 0) {
				continue;
			}
		}
#endif
#ifdef INET
		/* Avoid topologically incorrect IPv4 address */
		if (stcb && fam == AF_INET &&
		    sctp_is_mobility_feature_on(stcb->sctp_ep, SCTP_MOBILITY_BASE)) {
			if (sctp_v4src_match_nexthop(sifa, ro) == 0) {
				continue;
			}
		}
#endif
#endif
		if (stcb) {
			if (sctp_is_address_in_scope(ifa, &stcb->asoc.scope, 0) == 0) {
				continue;
			}
			if (((non_asoc_addr_ok == 0) &&
			     (sctp_is_addr_restricted(stcb, sifa))) ||
			    (non_asoc_addr_ok &&
			     (sctp_is_addr_restricted(stcb, sifa)) &&
			     (!sctp_is_addr_pending(stcb, sifa)))) {
				/*
				 * It is restricted for some reason..
				 * probably not yet added.
				 */
				continue;
			}
		}
		if (num_eligible_addr >= addr_wanted) {
			return (sifa);
		}
		num_eligible_addr++;
	}
	return (NULL);
}

static int
sctp_count_num_preferred_boundall(struct sctp_ifn *ifn,
#if defined(__FreeBSD__) && !defined(__Userspace__)
                                  struct sctp_inpcb *inp,
#else
                                  struct sctp_inpcb *inp SCTP_UNUSED,
#endif
				  struct sctp_tcb *stcb,
				  int non_asoc_addr_ok,
				  uint8_t dest_is_loop,
				  uint8_t dest_is_priv,
				  sa_family_t fam)
{
	struct sctp_ifa *ifa, *sifa;
	int num_eligible_addr = 0;

	LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
		if ((ifa->address.sa.sa_family == AF_INET) &&
		    (prison_check_ip4(inp->ip_inp.inp.inp_cred,
		                      &ifa->address.sin.sin_addr) != 0)) {
			continue;
		}
#endif
#ifdef INET6
		if ((ifa->address.sa.sa_family == AF_INET6) &&
		    (stcb != NULL) &&
		    (prison_check_ip6(inp->ip_inp.inp.inp_cred,
		                      &ifa->address.sin6.sin6_addr) != 0)) {
			continue;
		}
#endif
#endif
		if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
		    (non_asoc_addr_ok == 0)) {
			continue;
		}
		sifa = sctp_is_ifa_addr_preferred(ifa, dest_is_loop,
						  dest_is_priv, fam);
		if (sifa == NULL) {
			continue;
		}
		if (stcb) {
			if (sctp_is_address_in_scope(ifa, &stcb->asoc.scope, 0) == 0) {
				continue;
			}
			if (((non_asoc_addr_ok == 0) &&
			     (sctp_is_addr_restricted(stcb, sifa))) ||
			    (non_asoc_addr_ok &&
			     (sctp_is_addr_restricted(stcb, sifa)) &&
			     (!sctp_is_addr_pending(stcb, sifa)))) {
				/*
				 * It is restricted for some reason..
				 * probably not yet added.
				 */
				continue;
			}
		}
		num_eligible_addr++;
	}
	return (num_eligible_addr);
}

static struct sctp_ifa *
sctp_choose_boundall(struct sctp_inpcb *inp,
                     struct sctp_tcb *stcb,
		     struct sctp_nets *net,
		     sctp_route_t *ro,
		     uint32_t vrf_id,
		     uint8_t dest_is_priv,
		     uint8_t dest_is_loop,
		     int non_asoc_addr_ok,
		     sa_family_t fam)
{
	int cur_addr_num = 0, num_preferred = 0;
	void *ifn;
	struct sctp_ifn *sctp_ifn, *looked_at = NULL, *emit_ifn;
	struct sctp_ifa *sctp_ifa, *sifa;
	uint32_t ifn_index;
	struct sctp_vrf *vrf;
#ifdef INET
	int retried = 0;
#endif

	/*-
	 * For boundall we can use any address in the association.
	 * If non_asoc_addr_ok is set we can use any address (at least in
	 * theory). So we look for preferred addresses first. If we find one,
	 * we use it. Otherwise we next try to get an address on the
	 * interface, which we should be able to do (unless non_asoc_addr_ok
	 * is false and we are routed out that way). In these cases where we
	 * can't use the address of the interface we go through all the
	 * ifn's looking for an address we can use and fill that in. Punting
	 * means we send back address 0, which will probably cause problems
	 * actually since then IP will fill in the address of the route ifn,
	 * which means we probably already rejected it.. i.e. here comes an
	 * abort :-<.
	 */
	vrf = sctp_find_vrf(vrf_id);
	if (vrf == NULL)
		return (NULL);

	ifn = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
	ifn_index = SCTP_GET_IF_INDEX_FROM_ROUTE(ro);
	SCTPDBG(SCTP_DEBUG_OUTPUT2,"ifn from route:%p ifn_index:%d\n", ifn, ifn_index);
	emit_ifn = looked_at = sctp_ifn = sctp_find_ifn(ifn, ifn_index);
	if (sctp_ifn == NULL) {
		/* ?? We don't have this guy ?? */
		SCTPDBG(SCTP_DEBUG_OUTPUT2,"No ifn emit interface?\n");
		goto bound_all_plan_b;
	}
	SCTPDBG(SCTP_DEBUG_OUTPUT2,"ifn_index:%d name:%s is emit interface\n",
		ifn_index, sctp_ifn->ifn_name);

	if (net) {
		cur_addr_num = net->indx_of_eligible_next_to_use;
	}
	num_preferred = sctp_count_num_preferred_boundall(sctp_ifn,
							  inp, stcb,
							  non_asoc_addr_ok,
							  dest_is_loop,
							  dest_is_priv, fam);
	SCTPDBG(SCTP_DEBUG_OUTPUT2, "Found %d preferred source addresses for intf:%s\n",
		num_preferred, sctp_ifn->ifn_name);
	if (num_preferred == 0) {
		/*
		 * no eligible addresses, we must use some other interface
		 * address if we can find one.
		 */
		goto bound_all_plan_b;
	}
	/*
	 * Ok we have num_eligible_addr set with how many we can use, this
	 * may vary from call to call due to addresses being deprecated
	 * etc..
	 */
	if (cur_addr_num >= num_preferred) {
		cur_addr_num = 0;
	}
	/*
	 * select the nth address from the list (where cur_addr_num is the
	 * nth) and 0 is the first one, 1 is the second one etc...
	 */
	SCTPDBG(SCTP_DEBUG_OUTPUT2, "cur_addr_num:%d\n", cur_addr_num);

	sctp_ifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok, dest_is_loop,
                                                                    dest_is_priv, cur_addr_num, fam, ro);

	/* if sctp_ifa is NULL something changed??, fall to plan b. */
	if (sctp_ifa) {
		atomic_add_int(&sctp_ifa->refcount, 1);
		if (net) {
			/* save off where the next one we will want */
			net->indx_of_eligible_next_to_use = cur_addr_num + 1;
		}
		return (sctp_ifa);
	}
	/*
	 * plan_b: Look at all interfaces and find a preferred address. If
	 * no preferred fall through to plan_c.
	 */
 bound_all_plan_b:
	SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan B\n");
	LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
		SCTPDBG(SCTP_DEBUG_OUTPUT2, "Examine interface %s\n",
			sctp_ifn->ifn_name);
		if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
			/* wrong base scope */
			SCTPDBG(SCTP_DEBUG_OUTPUT2, "skip\n");
			continue;
		}
		if ((sctp_ifn == looked_at) && looked_at) {
			/* already looked at this guy */
			SCTPDBG(SCTP_DEBUG_OUTPUT2, "already seen\n");
			continue;
		}
		num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok,
                                                                  dest_is_loop, dest_is_priv, fam);
		SCTPDBG(SCTP_DEBUG_OUTPUT2,
			"Found ifn:%p %d preferred source addresses\n",
			ifn, num_preferred);
		if (num_preferred == 0) {
			/* None on this interface. */
			SCTPDBG(SCTP_DEBUG_OUTPUT2, "No preferred -- skipping to next\n");
			continue;
		}
		SCTPDBG(SCTP_DEBUG_OUTPUT2,
			"num preferred:%d on interface:%p cur_addr_num:%d\n",
			num_preferred, (void *)sctp_ifn, cur_addr_num);

		/*
		 * Ok we have num_eligible_addr set with how many we can
		 * use, this may vary from call to call due to addresses
		 * being deprecated etc..
		 */
		if (cur_addr_num >= num_preferred) {
			cur_addr_num = 0;
		}
		sifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok, dest_is_loop,
                                                                        dest_is_priv, cur_addr_num, fam, ro);
		if (sifa == NULL)
			continue;
		if (net) {
			net->indx_of_eligible_next_to_use = cur_addr_num + 1;
			SCTPDBG(SCTP_DEBUG_OUTPUT2, "we selected %d\n",
				cur_addr_num);
			SCTPDBG(SCTP_DEBUG_OUTPUT2, "Source:");
			SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &sifa->address.sa);
			SCTPDBG(SCTP_DEBUG_OUTPUT2, "Dest:");
			SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, &net->ro._l_addr.sa);
		}
		atomic_add_int(&sifa->refcount, 1);
		return (sifa);
	}
#ifdef INET
again_with_private_addresses_allowed:
#endif
	/* plan_c: do we have an acceptable address on the emit interface */
	sifa = NULL;
	SCTPDBG(SCTP_DEBUG_OUTPUT2,"Trying Plan C: find acceptable on interface\n");
	if (emit_ifn == NULL) {
		SCTPDBG(SCTP_DEBUG_OUTPUT2,"Jump to Plan D - no emit_ifn\n");
		goto plan_d;
	}
	LIST_FOREACH(sctp_ifa, &emit_ifn->ifalist, next_ifa) {
		SCTPDBG(SCTP_DEBUG_OUTPUT2, "ifa:%p\n", (void *)sctp_ifa);
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
		if ((sctp_ifa->address.sa.sa_family == AF_INET) &&
		    (prison_check_ip4(inp->ip_inp.inp.inp_cred,
		                      &sctp_ifa->address.sin.sin_addr) != 0)) {
			SCTPDBG(SCTP_DEBUG_OUTPUT2,"Jailed\n");
			continue;
		}
#endif
#ifdef INET6
		if ((sctp_ifa->address.sa.sa_family == AF_INET6) &&
		    (prison_check_ip6(inp->ip_inp.inp.inp_cred,
		                      &sctp_ifa->address.sin6.sin6_addr) != 0)) {
			SCTPDBG(SCTP_DEBUG_OUTPUT2,"Jailed\n");
			continue;
		}
#endif
#endif
		if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
		    (non_asoc_addr_ok == 0)) {
			SCTPDBG(SCTP_DEBUG_OUTPUT2,"Defer\n");
			continue;
		}
		sifa = sctp_is_ifa_addr_acceptable(sctp_ifa, dest_is_loop,
						   dest_is_priv, fam);
		if (sifa == NULL) {
			SCTPDBG(SCTP_DEBUG_OUTPUT2, "IFA not acceptable\n");
			continue;
		}
		if (stcb) {
			if (sctp_is_address_in_scope(sifa, &stcb->asoc.scope, 0) == 0) {
				SCTPDBG(SCTP_DEBUG_OUTPUT2, "NOT in scope\n");
				sifa = NULL;
				continue;
			}
			if (((non_asoc_addr_ok == 0) &&
			     (sctp_is_addr_restricted(stcb, sifa))) ||
			    (non_asoc_addr_ok &&
			     (sctp_is_addr_restricted(stcb, sifa)) &&
			     (!sctp_is_addr_pending(stcb, sifa)))) {
				/*
				 * It is restricted for some
				 * reason.. probably not yet added.
				 */
				SCTPDBG(SCTP_DEBUG_OUTPUT2, "Its restricted\n");
				sifa = NULL;
				continue;
			}
		}
		atomic_add_int(&sifa->refcount, 1);
		goto out;
	}
 plan_d:
	/*
	 * plan_d: We are in trouble. No preferred address on the emit
	 * interface. And not even a preferred address on all interfaces.
	 * Go out and see if we can find an acceptable address somewhere
	 * amongst all interfaces.
	 */
	SCTPDBG(SCTP_DEBUG_OUTPUT2, "Trying Plan D looked_at is %p\n", (void *)looked_at);
	LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
		if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
			/* wrong base scope */
			continue;
		}
		LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
			if ((sctp_ifa->address.sa.sa_family == AF_INET) &&
			    (prison_check_ip4(inp->ip_inp.inp.inp_cred,
			                      &sctp_ifa->address.sin.sin_addr) != 0)) {
				continue;
			}
#endif
#ifdef INET6
			if ((sctp_ifa->address.sa.sa_family == AF_INET6) &&
			    (prison_check_ip6(inp->ip_inp.inp.inp_cred,
			                      &sctp_ifa->address.sin6.sin6_addr) != 0)) {
				continue;
			}
#endif
#endif
			if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
			    (non_asoc_addr_ok == 0))
				continue;
			sifa = sctp_is_ifa_addr_acceptable(sctp_ifa,
							   dest_is_loop,
							   dest_is_priv, fam);
			if (sifa == NULL)
				continue;
			if (stcb) {
				if (sctp_is_address_in_scope(sifa, &stcb->asoc.scope, 0) == 0) {
					sifa = NULL;
					continue;
				}
				if (((non_asoc_addr_ok == 0) &&
				     (sctp_is_addr_restricted(stcb, sifa))) ||
				    (non_asoc_addr_ok &&
				     (sctp_is_addr_restricted(stcb, sifa)) &&
				     (!sctp_is_addr_pending(stcb, sifa)))) {
					/*
					 * It is restricted for some
					 * reason.. probably not yet added.
					 */
					sifa = NULL;
					continue;
				}
			}
			goto out;
		}
	}
#ifdef INET
	if (stcb) {
		if ((retried == 0) && (stcb->asoc.scope.ipv4_local_scope == 0)) {
			stcb->asoc.scope.ipv4_local_scope = 1;
			retried = 1;
			goto again_with_private_addresses_allowed;
		} else if (retried == 1) {
			stcb->asoc.scope.ipv4_local_scope = 0;
		}
	}
#endif
out:
#ifdef INET
	if (sifa) {
		if (retried == 1) {
			LIST_FOREACH(sctp_ifn, &vrf->ifnlist, next_ifn) {
				if (dest_is_loop == 0 && SCTP_IFN_IS_IFT_LOOP(sctp_ifn)) {
					/* wrong base scope */
					continue;
				}
				LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) {
					struct sctp_ifa *tmp_sifa;

#if defined(__FreeBSD__) && !defined(__Userspace__)
#ifdef INET
					if ((sctp_ifa->address.sa.sa_family == AF_INET) &&
					    (prison_check_ip4(inp->ip_inp.inp.inp_cred,
					                      &sctp_ifa->address.sin.sin_addr) != 0)) {
						continue;
					}
#endif
#ifdef INET6
					if ((sctp_ifa->address.sa.sa_family == AF_INET6) &&
					    (prison_check_ip6(inp->ip_inp.inp.inp_cred,
					                      &sctp_ifa->address.sin6.sin6_addr) != 0)) {
						continue;
					}
#endif
#endif
					if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) &&
					    (non_asoc_addr_ok == 0))
						continue;
					tmp_sifa = sctp_is_ifa_addr_acceptable(sctp_ifa,
					                                       dest_is_loop,
					                                       dest_is_priv, fam);
					if (tmp_sifa == NULL) {
						continue;
					}
					if (tmp_sifa == sifa) {
						continue;
					}
					if (stcb) {
						if (sctp_is_address_in_scope(tmp_sifa,
						                             &stcb->asoc.scope, 0) == 0) {
							continue;
						}
						if (((non_asoc_addr_ok == 0) &&
						     (sctp_is_addr_restricted(stcb, tmp_sifa))) ||
						    (non_asoc_addr_ok &&
						     (sctp_is_addr_restricted(stcb, tmp_sifa)) &&
						     (!sctp_is_addr_pending(stcb, tmp_sifa)))) {
							/*
							 * It is restricted for some
							 * reason.. probably not yet added.
							 */
							continue;
						}
					}
					if ((tmp_sifa->address.sin.sin_family == AF_INET) &&
					    (IN4_ISPRIVATE_ADDRESS(&(tmp_sifa->address.sin.sin_addr)))) {
						sctp_add_local_addr_restricted(stcb, tmp_sifa);
					}
				}
			}
		}
		atomic_add_int(&sifa->refcount, 1);
	}
#endif
	return (sifa);
}

/* tcb may be NULL */
struct sctp_ifa *
sctp_source_address_selection(struct sctp_inpcb *inp,
			      struct sctp_tcb *stcb,
			      sctp_route_t *ro,
			      struct sctp_nets *net,
			      int non_asoc_addr_ok, uint32_t vrf_id)
{
	struct sctp_ifa *answer;
	uint8_t dest_is_priv, dest_is_loop;
	sa_family_t fam;
#ifdef INET
	struct sockaddr_in *to = (struct sockaddr_in *)&ro->ro_dst;
#endif
#ifdef INET6
	struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&ro->ro_dst;
#endif

	/**
	 * Rules:
	 * - Find the route if needed, cache if I can.
	 * - Look at interface address in route, Is it in the bound list. If so we
	 *   have the best source.
	 * - If not we must rotate amongst the addresses.
	 *
	 * Caveats and issues
	 *
	 * Do we need to pay attention to scope. We can have a private address
	 * or a global address we are sourcing or sending to. So if we draw
	 * it out
	 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
	 * For V4
	 * ------------------------------------------
	 *      source     *      dest  *  result
	 * -----------------------------------------
	 * <a>  Private    *    Global  *  NAT
	 * -----------------------------------------
	 * <b>  Private    *    Private *  No problem
	 * -----------------------------------------
	 * <c>  Global     *    Private *  Huh, How will this work?
	 * -----------------------------------------
	 * <d>  Global     *    Global  *  No Problem
	 *------------------------------------------
	 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
	 * For V6
	 *------------------------------------------
	 *      source     *      dest  *  result
	 * -----------------------------------------
	 * <a>  Linklocal  *    Global  *
	 * -----------------------------------------
	 * <b>  Linklocal  * Linklocal  *  No problem
	 * -----------------------------------------
	 * <c>  Global     * Linklocal  *  Huh, How will this work?
	 * -----------------------------------------
	 * <d>  Global     *    Global  *  No Problem
	 *------------------------------------------
	 * zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
	 *
	 * And then we add to that what happens if there are multiple addresses
	 * assigned to an interface. Remember the ifa on a ifn is a linked
	 * list of addresses. So one interface can have more than one IP
	 * address. What happens if we have both a private and a global
	 * address? Do we then use context of destination to sort out which
	 * one is best? And what about NAT's sending P->G may get you a NAT
	 * translation, or should you select the G thats on the interface in
	 * preference.
	 *
	 * Decisions:
	 *
	 * - count the number of addresses on the interface.
	 * - if it is one, no problem except case <c>.
	 *   For <a> we will assume a NAT out there.
	 * - if there are more than one, then we need to worry about scope P
	 *   or G. We should prefer G -> G and P -> P if possible.
	 *   Then as a secondary fall back to mixed types G->P being a last
	 *   ditch one.
	 * - The above all works for bound all, but bound specific we need to
	 *   use the same concept but instead only consider the bound
	 *   addresses. If the bound set is NOT assigned to the interface then
	 *   we must use rotation amongst the bound addresses..
	 */
#if defined(__FreeBSD__) && !defined(__Userspace__)
	if (ro->ro_nh == NULL) {
#else
	if (ro->ro_rt == NULL) {
#endif
		/*
		 * Need a route to cache.
		 */
		SCTP_RTALLOC(ro, vrf_id, inp->fibnum);
	}
#if defined(__FreeBSD__) && !defined(__Userspace__)
	if (ro->ro_nh == NULL) {
#else
	if (ro->ro_rt == NULL) {
#endif
		return (NULL);
	}
#if defined(_WIN32)
	/* On Windows the sa_family is U_SHORT or ADDRESS_FAMILY */
	fam = (sa_family_t)ro->ro_dst.sa_family;
#else
	fam = ro->ro_dst.sa_family;
#endif
	dest_is_priv = dest_is_loop = 0;
	/* Setup our scopes for the destination */
	switch (fam) {
#ifdef INET
	case AF_INET:
		/* Scope based on outbound address */
		if (IN4_ISLOOPBACK_ADDRESS(&to->sin_addr)) {
			dest_is_loop = 1;
			if (net != NULL) {
				/* mark it as local */
				net->addr_is_local = 1;
			}
		} else if ((IN4_ISPRIVATE_ADDRESS(&to->sin_addr))) {
			dest_is_priv = 1;
		}
		break;
#endif
#ifdef INET6
	case AF_INET6:
		/* Scope based on outbound address */
#if defined(_WIN32)
		if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr)) {
#else
		if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr) ||
		    SCTP_ROUTE_IS_REAL_LOOP(ro)) {
#endif
			/*
			 * If the address is a loopback address, which
			 * consists of "::1" OR "fe80::1%lo0", we are loopback
			 * scope. But we don't use dest_is_priv (link local
			 * addresses).
			 */
			dest_is_loop = 1;
			if (net != NULL) {
				/* mark it as local */
				net->addr_is_local = 1;
			}
		} else if (IN6_IS_ADDR_LINKLOCAL(&to6->sin6_addr)) {
			dest_is_priv = 1;
		}
		break;
#endif
	}
	SCTPDBG(SCTP_DEBUG_OUTPUT2, "Select source addr for:");
	SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT2, (struct sockaddr *)&ro->ro_dst);
	SCTP_IPI_ADDR_RLOCK();
	if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) {
		/*
		 * Bound all case
		 */
		answer = sctp_choose_boundall(inp, stcb, net, ro, vrf_id,
					      dest_is_priv, dest_is_loop,
					      non_asoc_addr_ok, fam);
		SCTP_IPI_ADDR_RUNLOCK();
		return (answer);
	}
	/*
	 * Subset bound case
	 */
	if (stcb) {
		answer = sctp_choose_boundspecific_stcb(inp, stcb, ro,
							vrf_id,	dest_is_priv,
							dest_is_loop,
							non_asoc_addr_ok, fam);
	} else {
		answer = sctp_choose_boundspecific_inp(inp, ro, vrf_id,
						       non_asoc_addr_ok,
						       dest_is_priv,
						       dest_is_loop, fam);
	}
	SCTP_IPI_ADDR_RUNLOCK();
	return (answer);
}

static bool
sctp_find_cmsg(int c_type, void *data, struct mbuf *control, size_t cpsize)
{
#if defined(_WIN32)
	WSACMSGHDR cmh;
#else
	struct cmsghdr cmh;
#endif
	struct sctp_sndinfo sndinfo;
	struct sctp_prinfo prinfo;
	struct sctp_authinfo authinfo;
	int tot_len, rem_len, cmsg_data_len, cmsg_data_off, off;
	bool found;

	/*
	 * Independent of how many mbufs, find the c_type inside the control
	 * structure and copy out the data.
	 */
	found = false;
	tot_len = SCTP_BUF_LEN(control);
	for (off = 0; off < tot_len; off += CMSG_ALIGN(cmh.cmsg_len)) {
		rem_len = tot_len - off;
		if (rem_len < (int)CMSG_ALIGN(sizeof(cmh))) {
			/* There is not enough room for one more. */
			return (found);
		}
		m_copydata(control, off, sizeof(cmh), (caddr_t)&cmh);
		if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) {
			/* We dont't have a complete CMSG header. */
			return (found);
		}
		if ((cmh.cmsg_len > INT_MAX) || ((int)cmh.cmsg_len > rem_len)) {
			/* We don't have the complete CMSG. */
			return (found);
		}
		cmsg_data_len = (int)cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh));
		cmsg_data_off = off + CMSG_ALIGN(sizeof(cmh));
		if ((cmh.cmsg_level == IPPROTO_SCTP) &&
		    ((c_type == cmh.cmsg_type) ||
		     ((c_type == SCTP_SNDRCV) &&
		      ((cmh.cmsg_type == SCTP_SNDINFO) ||
		       (cmh.cmsg_type == SCTP_PRINFO) ||
		       (cmh.cmsg_type == SCTP_AUTHINFO))))) {
			if (c_type == cmh.cmsg_type) {
				if (cpsize > INT_MAX) {
					return (found);
				}
				if (cmsg_data_len < (int)cpsize) {
					return (found);
				}
				/* It is exactly what we want. Copy it out. */
				m_copydata(control, cmsg_data_off, (int)cpsize, (caddr_t)data);
				return (1);
			} else {
				struct sctp_sndrcvinfo *sndrcvinfo;

				sndrcvinfo = (struct sctp_sndrcvinfo *)data;
				if (!found) {
					if (cpsize < sizeof(struct sctp_sndrcvinfo)) {
						return (found);
					}
					memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo));
				}
				switch (cmh.cmsg_type) {
				case SCTP_SNDINFO:
					if (cmsg_data_len < (int)sizeof(struct sctp_sndinfo)) {
						return (found);
					}
					m_copydata(control, cmsg_data_off, sizeof(struct sctp_sndinfo), (caddr_t)&sndinfo);
					sndrcvinfo->sinfo_stream = sndinfo.snd_sid;
					sndrcvinfo->sinfo_flags = sndinfo.snd_flags;
					sndrcvinfo->sinfo_ppid = sndinfo.snd_ppid;
					sndrcvinfo->sinfo_context = sndinfo.snd_context;
					sndrcvinfo->sinfo_assoc_id = sndinfo.snd_assoc_id;
					break;
				case SCTP_PRINFO:
					if (cmsg_data_len < (int)sizeof(struct sctp_prinfo)) {
						return (found);
					}
					m_copydata(control, cmsg_data_off, sizeof(struct sctp_prinfo), (caddr_t)&prinfo);
					if (prinfo.pr_policy != SCTP_PR_SCTP_NONE) {
						sndrcvinfo->sinfo_timetolive = prinfo.pr_value;
					} else {
						sndrcvinfo->sinfo_timetolive = 0;
					}
					sndrcvinfo->sinfo_flags |= prinfo.pr_policy;
					break;
				case SCTP_AUTHINFO:
					if (cmsg_data_len < (int)sizeof(struct sctp_authinfo)) {
						return (found);
					}
					m_copydata(control, cmsg_data_off, sizeof(struct sctp_authinfo), (caddr_t)&authinfo);
					sndrcvinfo->sinfo_keynumber_valid = 1;
					sndrcvinfo->sinfo_keynumber = authinfo.auth_keynumber;
					break;
				default:
					return (found);
				}
				found = true;
			}
		}
	}
	return (found);
}

static int
sctp_process_cmsgs_for_init(struct sctp_tcb *stcb, struct mbuf *control, int *error)
{
#if defined(_WIN32)
	WSACMSGHDR cmh;
#else
	struct cmsghdr cmh;
#endif
	struct sctp_initmsg initmsg;
#ifdef INET
	struct sockaddr_in sin;
#endif
#ifdef INET6
	struct sockaddr_in6 sin6;
#endif
	int tot_len, rem_len, cmsg_data_len, cmsg_data_off, off;

	tot_len = SCTP_BUF_LEN(control);
	for (off = 0; off < tot_len; off += CMSG_ALIGN(cmh.cmsg_len)) {
		rem_len = tot_len - off;
		if (rem_len < (int)CMSG_ALIGN(sizeof(cmh))) {
			/* There is not enough room for one more. */
			*error = EINVAL;
			return (1);
		}
		m_copydata(control, off, sizeof(cmh), (caddr_t)&cmh);
		if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) {
			/* We dont't have a complete CMSG header. */
			*error = EINVAL;
			return (1);
		}
		if ((cmh.cmsg_len > INT_MAX) || ((int)cmh.cmsg_len > rem_len)) {
			/* We don't have the complete CMSG. */
			*error = EINVAL;
			return (1);
		}
		cmsg_data_len = (int)cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh));
		cmsg_data_off = off + CMSG_ALIGN(sizeof(cmh));
		if (cmh.cmsg_level == IPPROTO_SCTP) {
			switch (cmh.cmsg_type) {
			case SCTP_INIT:
				if (cmsg_data_len < (int)sizeof(struct sctp_initmsg)) {
					*error = EINVAL;
					return (1);
				}
				m_copydata(control, cmsg_data_off, sizeof(struct sctp_initmsg), (caddr_t)&initmsg);
				if (initmsg.sinit_max_attempts)
					stcb->asoc.max_init_times = initmsg.sinit_max_attempts;
				if (initmsg.sinit_num_ostreams)
					stcb->asoc.pre_open_streams = initmsg.sinit_num_ostreams;
				if (initmsg.sinit_max_instreams)
					stcb->asoc.max_inbound_streams = initmsg.sinit_max_instreams;
				if (initmsg.sinit_max_init_timeo)
					stcb->asoc.initial_init_rto_max = initmsg.sinit_max_init_timeo;
				if (stcb->asoc.streamoutcnt < stcb->asoc.pre_open_streams) {
					struct sctp_stream_out *tmp_str;
					unsigned int i;
#if defined(SCTP_DETAILED_STR_STATS)
					int j;
#endif

					/* Default is NOT correct */
					SCTPDBG(SCTP_DEBUG_OUTPUT1, "Ok, default:%d pre_open:%d\n",
						stcb->asoc.streamoutcnt, stcb->asoc.pre_open_streams);
					SCTP_TCB_UNLOCK(stcb);
					SCTP_MALLOC(tmp_str,
					            struct sctp_stream_out *,
					            (stcb->asoc.pre_open_streams * sizeof(struct sctp_stream_out)),
					            SCTP_M_STRMO);
					SCTP_TCB_LOCK(stcb);
					if (tmp_str != NULL) {
						SCTP_FREE(stcb->asoc.strmout, SCTP_M_STRMO);
						stcb->asoc.strmout = tmp_str;
						stcb->asoc.strm_realoutsize = stcb->asoc.streamoutcnt = stcb->asoc.pre_open_streams;
					} else {
						stcb->asoc.pre_open_streams = stcb->asoc.streamoutcnt;
					}
					for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
						TAILQ_INIT(&stcb->asoc.strmout[i].outqueue);
						stcb->asoc.ss_functions.sctp_ss_init_stream(stcb, &stcb->asoc.strmout[i], NULL);
						stcb->asoc.strmout[i].chunks_on_queues = 0;
#if defined(SCTP_DETAILED_STR_STATS)
						for (j = 0; j < SCTP_PR_SCTP_MAX + 1; j++) {
							stcb->asoc.strmout[i].abandoned_sent[j] = 0;
							stcb->asoc.strmout[i].abandoned_unsent[j] = 0;
						}
#else
						stcb->asoc.strmout[i].abandoned_sent[0] = 0;
						stcb->asoc.strmout[i].abandoned_unsent[0] = 0;
#endif
						stcb->asoc.strmout[i].next_mid_ordered = 0;
						stcb->asoc.strmout[i].next_mid_unordered = 0;
						stcb->asoc.strmout[i].sid = i;
						stcb->asoc.strmout[i].last_msg_incomplete = 0;
						stcb->asoc.strmout[i].state = SCTP_STREAM_OPENING;
					}
				}
				break;
#ifdef INET
			case SCTP_DSTADDRV4:
				if (cmsg_data_len < (int)sizeof(struct in_addr)) {
					*error = EINVAL;
					return (1);
				}
				memset(&sin, 0, sizeof(struct sockaddr_in));
				sin.sin_family = AF_INET;
#ifdef HAVE_SIN_LEN
				sin.sin_len = sizeof(struct sockaddr_in);
#endif
				sin.sin_port = stcb->rport;
				m_copydata(control, cmsg_data_off, sizeof(struct in_addr), (caddr_t)&sin.sin_addr);
				if ((sin.sin_addr.s_addr == INADDR_ANY) ||
				    (sin.sin_addr.s_addr == INADDR_BROADCAST) ||
				    IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) {
					*error = EINVAL;
					return (1);
				}
				if (sctp_add_remote_addr(stcb, (struct sockaddr *)&sin, NULL, stcb->asoc.port,
				                         SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) {
					*error = ENOBUFS;
					return (1);
				}
				break;
#endif
#ifdef INET6
			case SCTP_DSTADDRV6:
				if (cmsg_data_len < (int)sizeof(struct in6_addr)) {
					*error = EINVAL;
					return (1);
				}
				memset(&sin6, 0, sizeof(struct sockaddr_in6));
				sin6.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
				sin6.sin6_len = sizeof(struct sockaddr_in6);
#endif
				sin6.sin6_port = stcb->rport;
				m_copydata(control, cmsg_data_off, sizeof(struct in6_addr), (caddr_t)&sin6.sin6_addr);
				if (IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr) ||
				    IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) {
					*error = EINVAL;
					return (1);
				}
#ifdef INET
				if (IN6_IS_ADDR_V4MAPPED(&sin6.sin6_addr)) {
					in6_sin6_2_sin(&sin, &sin6);
					if ((sin.sin_addr.s_addr == INADDR_ANY) ||
					    (sin.sin_addr.s_addr == INADDR_BROADCAST) ||
					    IN_MULTICAST(ntohl(sin.sin_addr.s_addr))) {
						*error = EINVAL;
						return (1);
					}
					if (sctp_add_remote_addr(stcb, (struct sockaddr *)&sin, NULL, stcb->asoc.port,
					                         SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) {
						*error = ENOBUFS;
						return (1);
					}
				} else
#endif
					if (sctp_add_remote_addr(stcb, (struct sockaddr *)&sin6, NULL, stcb->asoc.port,
					                         SCTP_DONOT_SETSCOPE, SCTP_ADDR_IS_CONFIRMED)) {
						*error = ENOBUFS;
						return (1);
					}
				break;
#endif
			default:
				break;
			}
		}
	}
	return (0);
}

#if defined(INET) || defined(INET6)
static struct sctp_tcb *
sctp_findassociation_cmsgs(struct sctp_inpcb **inp_p,
                           uint16_t port,
                           struct mbuf *control,
                           struct sctp_nets **net_p,
                           int *error)
{
#if defined(_WIN32)
	WSACMSGHDR cmh;
#else
	struct cmsghdr cmh;
#endif
	struct sctp_tcb *stcb;
	struct sockaddr *addr;
#ifdef INET
	struct sockaddr_in sin;
#endif
#ifdef INET6
	struct sockaddr_in6 sin6;
#endif
	int tot_len, rem_len, cmsg_data_len, cmsg_data_off, off;

	tot_len = SCTP_BUF_LEN(control);
	for (off = 0; off < tot_len; off += CMSG_ALIGN(cmh.cmsg_len)) {
		rem_len = tot_len - off;
		if (rem_len < (int)CMSG_ALIGN(sizeof(cmh))) {
			/* There is not enough room for one more. */
			*error = EINVAL;
			return (NULL);
		}
		m_copydata(control, off, sizeof(cmh), (caddr_t)&cmh);
		if (cmh.cmsg_len < CMSG_ALIGN(sizeof(cmh))) {
			/* We dont't have a complete CMSG header. */
			*error = EINVAL;
			return (NULL);
		}
		if ((cmh.cmsg_len > INT_MAX) || ((int)cmh.cmsg_len > rem_len)) {
			/* We don't have the complete CMSG. */
			*error = EINVAL;
			return (NULL);
		}
		cmsg_data_len = (int)cmh.cmsg_len - CMSG_ALIGN(sizeof(cmh));
		cmsg_data_off = off + CMSG_ALIGN(sizeof(cmh));
		if (cmh.cmsg_level == IPPROTO_SCTP) {
			switch (cmh.cmsg_type) {
#ifdef INET
			case SCTP_DSTADDRV4:
				if (cmsg_data_len < (int)sizeof(struct in_addr)) {
					*error = EINVAL;
					return (NULL);
				}
				memset(&sin, 0, sizeof(struct sockaddr_in));
				sin.sin_family = AF_INET;
#ifdef HAVE_SIN_LEN
				sin.sin_len = sizeof(struct sockaddr_in);
#endif
				sin.sin_port = port;
				m_copydata(control, cmsg_data_off, sizeof(struct in_addr), (caddr_t)&sin.sin_addr);
				addr = (struct sockaddr *)&sin;
				break;
#endif
#ifdef INET6
			case SCTP_DSTADDRV6:
				if (cmsg_data_len < (int)sizeof(struct in6_addr)) {
					*error = EINVAL;
					return (NULL);
				}
				memset(&sin6, 0, sizeof(struct sockaddr_in6));
				sin6.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
				sin6.sin6_len = sizeof(struct sockaddr_in6);
#endif
				sin6.sin6_port = port;
				m_copydata(control, cmsg_data_off, sizeof(struct in6_addr), (caddr_t)&sin6.sin6_addr);
#ifdef INET
				if (IN6_IS_ADDR_V4MAPPED(&sin6.sin6_addr)) {
					in6_sin6_2_sin(&sin, &sin6);
					addr = (struct sockaddr *)&sin;
				} else
#endif
					addr = (struct sockaddr *)&sin6;
				break;
#endif
			default:
				addr = NULL;
				break;
			}
			if (addr) {
				stcb = sctp_findassociation_ep_addr(inp_p, addr, net_p, NULL, NULL);
				if (stcb != NULL) {
					return (stcb);
				}
			}
		}
	}
	return (NULL);
}
#endif

static struct mbuf *
sctp_add_cookie(struct mbuf *init, int init_offset,
    struct mbuf *initack, int initack_offset, struct sctp_state_cookie *stc_in, uint8_t **signature)
{
	struct mbuf *copy_init, *copy_initack, *m_at, *sig, *mret;
	struct sctp_state_cookie *stc;
	struct sctp_paramhdr *ph;
	uint16_t cookie_sz;

	mret = sctp_get_mbuf_for_msg((sizeof(struct sctp_state_cookie) +
				      sizeof(struct sctp_paramhdr)), 0,
				     M_NOWAIT, 1, MT_DATA);
	if (mret == NULL) {
		return (NULL);
	}
	copy_init = SCTP_M_COPYM(init, init_offset, M_COPYALL, M_NOWAIT);
	if (copy_init == NULL) {
		sctp_m_freem(mret);
		return (NULL);
	}
#ifdef SCTP_MBUF_LOGGING
	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
		sctp_log_mbc(copy_init, SCTP_MBUF_ICOPY);
	}
#endif
	copy_initack = SCTP_M_COPYM(initack, initack_offset, M_COPYALL,
	    M_NOWAIT);
	if (copy_initack == NULL) {
		sctp_m_freem(mret);
		sctp_m_freem(copy_init);
		return (NULL);
	}
#ifdef SCTP_MBUF_LOGGING
	if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MBUF_LOGGING_ENABLE) {
		sctp_log_mbc(copy_initack, SCTP_MBUF_ICOPY);
	}
#endif
	/* easy side we just drop it on the end */
	ph = mtod(mret, struct sctp_paramhdr *);
	SCTP_BUF_LEN(mret) = sizeof(struct sctp_state_cookie) +
	    sizeof(struct sctp_paramhdr);
	stc = (struct sctp_state_cookie *)((caddr_t)ph +
	    sizeof(struct sctp_paramhdr));
	ph->param_type = htons(SCTP_STATE_COOKIE);
	ph->param_length = 0;	/* fill in at the end */
	/* Fill in the stc cookie data */
	memcpy(stc, stc_in, sizeof(struct sctp_state_cookie));

	/* tack the INIT and then the INIT-ACK onto the chain */
	cookie_sz = 0;
	for (m_at = mret; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
		cookie_sz += SCTP_BUF_LEN(m_at);
		if (SCTP_BUF_NEXT(m_at) == NULL) {
			SCTP_BUF_NEXT(m_at) = copy_init;
			break;
		}
	}
	for (m_at = copy_init; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
		cookie_sz += SCTP_BUF_LEN(m_at);
		if (SCTP_BUF_NEXT(m_at) == NULL) {
			SCTP_BUF_NEXT(m_at) = copy_initack;
			break;
		}
	}
	for (m_at = copy_initack; m_at; m_at = SCTP_BUF_NEXT(m_at)) {
		cookie_sz += SCTP_BUF_LEN(m_at);
		if (SCTP_BUF_NEXT(m_at) == NULL) {
			break;
		}
	}
	sig = sctp_get_mbuf_for_msg(SCTP_SIGNATURE_SIZE, 0, M_NOWAIT, 1, MT_DATA);
	if (sig == NULL) {
		/* no space, so free the entire chain */
		sctp_m_freem(mret);
		return (NULL);
	}
	SCTP_BUF_NEXT(m_at) = sig;
	SCTP_BUF_LEN(sig) = SCTP_SIGNATURE_SIZE;
	cookie_sz += SCTP_SIGNATURE_SIZE;
	ph->param_length = htons(cookie_sz);
	*signature = (uint8_t *)mtod(sig, caddr_t);
	memset(*signature, 0, SCTP_SIGNATURE_SIZE);
	return (mret);
}

static uint8_t
sctp_get_ect(struct sctp_tcb *stcb)
{
	if ((stcb != NULL) && (stcb->asoc.ecn_supported == 1)) {
		return (SCTP_ECT0_BIT);
	} else {
		return (0);
	}
}

#if defined(INET) || defined(INET6)
static void
sctp_handle_no_route(struct sctp_tcb *stcb,
                     struct sctp_nets *net,
                     int so_locked)
{
	SCTPDBG(SCTP_DEBUG_OUTPUT1, "dropped packet - no valid source addr\n");

	if (net) {
		SCTPDBG(SCTP_DEBUG_OUTPUT1, "Destination was ");
		SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT1, &net->ro._l_addr.sa);
		if (net->dest_state & SCTP_ADDR_CONFIRMED) {
			if ((net->dest_state & SCTP_ADDR_REACHABLE) && stcb) {
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "no route takes interface %p down\n", (void *)net);
				sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN,
			                        stcb, 0,
			                        (void *)net,
			                        so_locked);
				net->dest_state &= ~SCTP_ADDR_REACHABLE;
				net->dest_state &= ~SCTP_ADDR_PF;
			}
		}
		if (stcb) {
			if (net == stcb->asoc.primary_destination) {
				/* need a new primary */
				struct sctp_nets *alt;

				alt = sctp_find_alternate_net(stcb, net, 0);
				if (alt != net) {
					if (stcb->asoc.alternate) {
						sctp_free_remote_addr(stcb->asoc.alternate);
					}
					stcb->asoc.alternate = alt;
					atomic_add_int(&stcb->asoc.alternate->ref_count, 1);
					if (net->ro._s_addr) {
						sctp_free_ifa(net->ro._s_addr);
						net->ro._s_addr = NULL;
					}
					net->src_addr_selected = 0;
				}
			}
		}
	}
}
#endif

static int
sctp_lowlevel_chunk_output(struct sctp_inpcb *inp,
    struct sctp_tcb *stcb,	/* may be NULL */
    struct sctp_nets *net,
    struct sockaddr *to,
    struct mbuf *m,
    uint32_t auth_offset,
    struct sctp_auth_chunk *auth,
    uint16_t auth_keyid,
    int nofragment_flag,
    int ecn_ok,
    int out_of_asoc_ok,
    uint16_t src_port,
    uint16_t dest_port,
    uint32_t v_tag,
    uint16_t port,
    union sctp_sockstore *over_addr,
#if defined(__FreeBSD__) && !defined(__Userspace__)
    uint8_t mflowtype, uint32_t mflowid,
#endif
int so_locked)
/* nofragment_flag to tell if IP_DF should be set (IPv4 only) */
{
	/**
	 * Given a mbuf chain (via SCTP_BUF_NEXT()) that holds a packet header
	 * WITH an SCTPHDR but no IP header, endpoint inp and sa structure:
	 * - fill in the HMAC digest of any AUTH chunk in the packet.
	 * - calculate and fill in the SCTP checksum.
	 * - prepend an IP address header.
	 * - if boundall use INADDR_ANY.
	 * - if boundspecific do source address selection.
	 * - set fragmentation option for ipV4.
	 * - On return from IP output, check/adjust mtu size of output
	 *   interface and smallest_mtu size as well.
	 */
	/* Will need ifdefs around this */
	struct mbuf *newm;
	struct sctphdr *sctphdr;
	int packet_length;
	int ret;
#if defined(INET) || defined(INET6)
	uint32_t vrf_id;
#endif
#if defined(INET) || defined(INET6)
	struct mbuf *o_pak;
	sctp_route_t *ro = NULL;
	struct udphdr *udp = NULL;
#endif
	uint8_t tos_value;
#if defined(__APPLE__) && !defined(__Userspace__)
	struct socket *so = NULL;
#endif

#if defined(__APPLE__) && !defined(__Userspace__)
	if (so_locked) {
		sctp_lock_assert(SCTP_INP_SO(inp));
		SCTP_TCB_LOCK_ASSERT(stcb);
	} else {
		sctp_unlock_assert(SCTP_INP_SO(inp));
	}
#endif
	if ((net) && (net->dest_state & SCTP_ADDR_OUT_OF_SCOPE)) {
		SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT);
		sctp_m_freem(m);
		return (EFAULT);
	}
#if defined(INET) || defined(INET6)
	if (stcb) {
		vrf_id = stcb->asoc.vrf_id;
	} else {
		vrf_id = inp->def_vrf_id;
	}
#endif
	/* fill in the HMAC digest for any AUTH chunk in the packet */
	if ((auth != NULL) && (stcb != NULL)) {
		sctp_fill_hmac_digest_m(m, auth_offset, auth, stcb, auth_keyid);
	}

	if (net) {
		tos_value = net->dscp;
	} else if (stcb) {
		tos_value = stcb->asoc.default_dscp;
	} else {
		tos_value = inp->sctp_ep.default_dscp;
	}

	switch (to->sa_family) {
#ifdef INET
	case AF_INET:
	{
		struct ip *ip = NULL;
		sctp_route_t iproute;
		int len;

		len = SCTP_MIN_V4_OVERHEAD;
		if (port) {
			len += sizeof(struct udphdr);
		}
		newm = sctp_get_mbuf_for_msg(len, 1, M_NOWAIT, 1, MT_DATA);
		if (newm == NULL) {
			sctp_m_freem(m);
			SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
			return (ENOMEM);
		}
		SCTP_ALIGN_TO_END(newm, len);
		SCTP_BUF_LEN(newm) = len;
		SCTP_BUF_NEXT(newm) = m;
		m = newm;
#if defined(__FreeBSD__) && !defined(__Userspace__)
		if (net != NULL) {
			m->m_pkthdr.flowid = net->flowid;
			M_HASHTYPE_SET(m, net->flowtype);
		} else {
			m->m_pkthdr.flowid = mflowid;
			M_HASHTYPE_SET(m, mflowtype);
 		}
#endif
		packet_length = sctp_calculate_len(m);
		ip = mtod(m, struct ip *);
		ip->ip_v = IPVERSION;
		ip->ip_hl = (sizeof(struct ip) >> 2);
		if (tos_value == 0) {
			/*
			 * This means especially, that it is not set at the
			 * SCTP layer. So use the value from the IP layer.
			 */
			tos_value = inp->ip_inp.inp.inp_ip_tos;
		}
		tos_value &= 0xfc;
		if (ecn_ok) {
			tos_value |= sctp_get_ect(stcb);
		}
		if ((nofragment_flag) && (port == 0)) {
#if defined(__FreeBSD__) && !defined(__Userspace__)
			ip->ip_off = htons(IP_DF);
#elif defined(WITH_CONVERT_IP_OFF) || defined(__APPLE__)
			ip->ip_off = IP_DF;
#else
			ip->ip_off = htons(IP_DF);
#endif
		} else {
#if defined(__FreeBSD__) && !defined(__Userspace__)
			ip->ip_off = htons(0);
#else
			ip->ip_off = 0;
#endif
		}
#if defined(__Userspace__)
		ip->ip_id = htons(SCTP_IP_ID(inp)++);
#elif defined(__FreeBSD__)
		/* FreeBSD has a function for ip_id's */
		ip_fillid(ip);
#elif defined(__APPLE__)
#if RANDOM_IP_ID
		ip->ip_id = ip_randomid();
#else
		ip->ip_id = htons(ip_id++);
#endif
#else
		ip->ip_id = SCTP_IP_ID(inp)++;
#endif

		ip->ip_ttl = inp->ip_inp.inp.inp_ip_ttl;
#if defined(__FreeBSD__) && !defined(__Userspace__)
		ip->ip_len = htons(packet_length);
#else
		ip->ip_len = packet_length;
#endif
		ip->ip_tos = tos_value;
		if (port) {
			ip->ip_p = IPPROTO_UDP;
		} else {
			ip->ip_p = IPPROTO_SCTP;
		}
		ip->ip_sum = 0;
		if (net == NULL) {
			ro = &iproute;
			memset(&iproute, 0, sizeof(iproute));
#ifdef HAVE_SA_LEN
			memcpy(&ro->ro_dst, to, to->sa_len);
#else
			memcpy(&ro->ro_dst, to, sizeof(struct sockaddr_in));
#endif
		} else {
			ro = (sctp_route_t *)&net->ro;
		}
		/* Now the address selection part */
		ip->ip_dst.s_addr = ((struct sockaddr_in *)to)->sin_addr.s_addr;

		/* call the routine to select the src address */
		if (net && out_of_asoc_ok == 0) {
			if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED|SCTP_ADDR_IFA_UNUSEABLE))) {
				sctp_free_ifa(net->ro._s_addr);
				net->ro._s_addr = NULL;
				net->src_addr_selected = 0;
#if defined(__FreeBSD__) && !defined(__Userspace__)
				RO_NHFREE(ro);
#else
				if (ro->ro_rt) {
					RTFREE(ro->ro_rt);
					ro->ro_rt = NULL;
				}
#endif
			}
			if (net->src_addr_selected == 0) {
				/* Cache the source address */
				net->ro._s_addr = sctp_source_address_selection(inp,stcb,
										ro, net, 0,
										vrf_id);
				net->src_addr_selected = 1;
			}
			if (net->ro._s_addr == NULL) {
				/* No route to host */
				net->src_addr_selected = 0;
				sctp_handle_no_route(stcb, net, so_locked);
				SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
				sctp_m_freem(m);
				return (EHOSTUNREACH);
			}
			ip->ip_src = net->ro._s_addr->address.sin.sin_addr;
		} else {
			if (over_addr == NULL) {
				struct sctp_ifa *_lsrc;

				_lsrc = sctp_source_address_selection(inp, stcb, ro,
				                                      net,
				                                      out_of_asoc_ok,
				                                      vrf_id);
				if (_lsrc == NULL) {
					sctp_handle_no_route(stcb, net, so_locked);
					SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
					sctp_m_freem(m);
					return (EHOSTUNREACH);
				}
				ip->ip_src = _lsrc->address.sin.sin_addr;
				sctp_free_ifa(_lsrc);
			} else {
				ip->ip_src = over_addr->sin.sin_addr;
				SCTP_RTALLOC(ro, vrf_id, inp->fibnum);
			}
		}
		if (port) {
			if (htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)) == 0) {
				sctp_handle_no_route(stcb, net, so_locked);
				SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
				sctp_m_freem(m);
				return (EHOSTUNREACH);
			}
			udp = (struct udphdr *)((caddr_t)ip + sizeof(struct ip));
			udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
			udp->uh_dport = port;
			udp->uh_ulen = htons((uint16_t)(packet_length - sizeof(struct ip)));
#if !defined(__Userspace__)
#if defined(__FreeBSD__)
			if (V_udp_cksum) {
				udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
			} else {
				udp->uh_sum = 0;
			}
#else
			udp->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, udp->uh_ulen + htons(IPPROTO_UDP));
#endif
#else
			udp->uh_sum = 0;
#endif
			sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr));
		} else {
			sctphdr = (struct sctphdr *)((caddr_t)ip + sizeof(struct ip));
		}

		sctphdr->src_port = src_port;
		sctphdr->dest_port = dest_port;
		sctphdr->v_tag = v_tag;
		sctphdr->checksum = 0;

		/*
		 * If source address selection fails and we find no route
		 * then the ip_output should fail as well with a
		 * NO_ROUTE_TO_HOST type error. We probably should catch
		 * that somewhere and abort the association right away
		 * (assuming this is an INIT being sent).
		 */
#if defined(__FreeBSD__) && !defined(__Userspace__)
		if (ro->ro_nh == NULL) {
#else
		if (ro->ro_rt == NULL) {
#endif
			/*
			 * src addr selection failed to find a route (or
			 * valid source addr), so we can't get there from
			 * here (yet)!
			 */
			sctp_handle_no_route(stcb, net, so_locked);
			SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
			sctp_m_freem(m);
			return (EHOSTUNREACH);
		}
		if (ro != &iproute) {
			memcpy(&iproute, ro, sizeof(*ro));
		}
		SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv4 output routine from low level src addr:%x\n",
			(uint32_t) (ntohl(ip->ip_src.s_addr)));
		SCTPDBG(SCTP_DEBUG_OUTPUT3, "Destination is %x\n",
			(uint32_t)(ntohl(ip->ip_dst.s_addr)));
#if defined(__FreeBSD__) && !defined(__Userspace__)
		SCTPDBG(SCTP_DEBUG_OUTPUT3, "RTP route is %p through\n",
			(void *)ro->ro_nh);
#else
		SCTPDBG(SCTP_DEBUG_OUTPUT3, "RTP route is %p through\n",
			(void *)ro->ro_rt);
#endif

		if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
			/* failed to prepend data, give up */
			SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
			sctp_m_freem(m);
			return (ENOMEM);
		}
		SCTP_ATTACH_CHAIN(o_pak, m, packet_length);
		if (port) {
			sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip) + sizeof(struct udphdr));
			SCTP_STAT_INCR(sctps_sendswcrc);
#if !defined(__Userspace__)
#if defined(__FreeBSD__)
			if (V_udp_cksum) {
				SCTP_ENABLE_UDP_CSUM(o_pak);
			}
#else
			SCTP_ENABLE_UDP_CSUM(o_pak);
#endif
#endif
		} else {
#if defined(__FreeBSD__) && !defined(__Userspace__)
			m->m_pkthdr.csum_flags = CSUM_SCTP;
			m->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum);
			SCTP_STAT_INCR(sctps_sendhwcrc);
#else
			if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
			      (stcb) && (stcb->asoc.scope.loopback_scope))) {
				sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip));
				SCTP_STAT_INCR(sctps_sendswcrc);
			} else {
				SCTP_STAT_INCR(sctps_sendhwcrc);
			}
#endif
		}
#ifdef SCTP_PACKET_LOGGING
		if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
			sctp_packet_log(o_pak);
#endif
		/* send it out.  table id is taken from stcb */
#if defined(__APPLE__) && !defined(__Userspace__)
		if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
			so = SCTP_INP_SO(inp);
			SCTP_SOCKET_UNLOCK(so, 0);
		}
#endif
#if defined(__FreeBSD__) && !defined(__Userspace__)
		SCTP_PROBE5(send, NULL, stcb, ip, stcb, sctphdr);
#endif
		SCTP_IP_OUTPUT(ret, o_pak, ro, inp, vrf_id);
#if defined(__APPLE__) && !defined(__Userspace__)
		if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
			atomic_add_int(&stcb->asoc.refcnt, 1);
			SCTP_TCB_UNLOCK(stcb);
			SCTP_SOCKET_LOCK(so, 0);
			SCTP_TCB_LOCK(stcb);
			atomic_subtract_int(&stcb->asoc.refcnt, 1);
		}
#endif
#if defined(__FreeBSD__) && !defined(__Userspace__)
		if (port) {
			UDPSTAT_INC(udps_opackets);
		}
#endif
		SCTP_STAT_INCR(sctps_sendpackets);
		SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
		if (ret)
			SCTP_STAT_INCR(sctps_senderrors);

		SCTPDBG(SCTP_DEBUG_OUTPUT3, "IP output returns %d\n", ret);
		if (net == NULL) {
			/* free tempy routes */
#if defined(__FreeBSD__) && !defined(__Userspace__)
			RO_NHFREE(ro);
#else
			if (ro->ro_rt) {
				RTFREE(ro->ro_rt);
				ro->ro_rt = NULL;
			}
#endif
		} else {
#if defined(__FreeBSD__) && !defined(__Userspace__)
			if ((ro->ro_nh != NULL) && (net->ro._s_addr) &&
#else
			if ((ro->ro_rt != NULL) && (net->ro._s_addr) &&
#endif
			    ((net->dest_state & SCTP_ADDR_NO_PMTUD) == 0)) {
				uint32_t mtu;

#if defined(__FreeBSD__) && !defined(__Userspace__)
				mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_nh);
#else
				mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt);
#endif
				if (mtu > 0) {
					if (net->port) {
						mtu -= sizeof(struct udphdr);
					}
					if (mtu < net->mtu) {
						net->mtu = mtu;
						if ((stcb != NULL) && (stcb->asoc.smallest_mtu > mtu)) {
							sctp_pathmtu_adjustment(stcb, mtu, true);
						}
					}
				}
#if defined(__FreeBSD__) && !defined(__Userspace__)
			} else if (ro->ro_nh == NULL) {
#else
			} else if (ro->ro_rt == NULL) {
#endif
				/* route was freed */
				if (net->ro._s_addr &&
				    net->src_addr_selected) {
					sctp_free_ifa(net->ro._s_addr);
					net->ro._s_addr = NULL;
				}
				net->src_addr_selected = 0;
			}
		}
		return (ret);
	}
#endif
#ifdef INET6
	case AF_INET6:
	{
		uint32_t flowlabel, flowinfo;
		struct ip6_hdr *ip6h;
		struct route_in6 ip6route;
#if !defined(__Userspace__)
		struct ifnet *ifp;
#endif
		struct sockaddr_in6 *sin6, tmp, *lsa6, lsa6_tmp;
		int prev_scope = 0;
#ifdef SCTP_EMBEDDED_V6_SCOPE
		struct sockaddr_in6 lsa6_storage;
		int error;
#endif
		u_short prev_port = 0;
		int len;

		if (net) {
			flowlabel = net->flowlabel;
		} else if (stcb) {
			flowlabel = stcb->asoc.default_flowlabel;
		} else {
			flowlabel = inp->sctp_ep.default_flowlabel;
		}
		if (flowlabel == 0) {
			/*
			 * This means especially, that it is not set at the
			 * SCTP layer. So use the value from the IP layer.
			 */
#if defined(__APPLE__) && !defined(__Userspace__) && (!defined(APPLE_LEOPARD) && !defined(APPLE_SNOWLEOPARD) && !defined(APPLE_LION) && !defined(APPLE_MOUNTAINLION))
			flowlabel = ntohl(inp->ip_inp.inp.inp_flow);
#else
			flowlabel = ntohl(((struct inpcb *)inp)->inp_flow);
#endif
		}
		flowlabel &= 0x000fffff;
		len = SCTP_MIN_OVERHEAD;
		if (port) {
			len += sizeof(struct udphdr);
		}
		newm = sctp_get_mbuf_for_msg(len, 1, M_NOWAIT, 1, MT_DATA);
		if (newm == NULL) {
			sctp_m_freem(m);
			SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
			return (ENOMEM);
		}
		SCTP_ALIGN_TO_END(newm, len);
		SCTP_BUF_LEN(newm) = len;
		SCTP_BUF_NEXT(newm) = m;
		m = newm;
#if defined(__FreeBSD__) && !defined(__Userspace__)
		if (net != NULL) {
			m->m_pkthdr.flowid = net->flowid;
			M_HASHTYPE_SET(m, net->flowtype);
		} else {
			m->m_pkthdr.flowid = mflowid;
			M_HASHTYPE_SET(m, mflowtype);
 		}
#endif
		packet_length = sctp_calculate_len(m);

		ip6h = mtod(m, struct ip6_hdr *);
		/* protect *sin6 from overwrite */
		sin6 = (struct sockaddr_in6 *)to;
		tmp = *sin6;
		sin6 = &tmp;

#ifdef SCTP_EMBEDDED_V6_SCOPE
		/* KAME hack: embed scopeid */
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
		if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL) != 0)
#else
		if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL, NULL) != 0)
#endif
#elif defined(SCTP_KAME)
		if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0)
#else
		if (in6_embedscope(&sin6->sin6_addr, sin6) != 0)
#endif
		{
			SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
			sctp_m_freem(m);
			return (EINVAL);
		}
#endif /* SCTP_EMBEDDED_V6_SCOPE */
		if (net == NULL) {
			memset(&ip6route, 0, sizeof(ip6route));
			ro = (sctp_route_t *)&ip6route;
#ifdef HAVE_SIN6_LEN
			memcpy(&ro->ro_dst, sin6, sin6->sin6_len);
#else
			memcpy(&ro->ro_dst, sin6, sizeof(struct sockaddr_in6));
#endif
		} else {
			ro = (sctp_route_t *)&net->ro;
		}
		/*
		 * We assume here that inp_flow is in host byte order within
		 * the TCB!
		 */
		if (tos_value == 0) {
			/*
			 * This means especially, that it is not set at the
			 * SCTP layer. So use the value from the IP layer.
			 */
#if defined(__APPLE__) && !defined(__Userspace__) && (!defined(APPLE_LEOPARD) && !defined(APPLE_SNOWLEOPARD) && !defined(APPLE_LION) && !defined(APPLE_MOUNTAINLION))
			tos_value = (ntohl(inp->ip_inp.inp.inp_flow) >> 20) & 0xff;
#else
			tos_value = (ntohl(((struct inpcb *)inp)->inp_flow) >> 20) & 0xff;
#endif
		}
		tos_value &= 0xfc;
		if (ecn_ok) {
			tos_value |= sctp_get_ect(stcb);
		}
		flowinfo = 0x06;
		flowinfo <<= 8;
		flowinfo |= tos_value;
		flowinfo <<= 20;
		flowinfo |= flowlabel;
		ip6h->ip6_flow = htonl(flowinfo);
		if (port) {
			ip6h->ip6_nxt = IPPROTO_UDP;
		} else {
			ip6h->ip6_nxt = IPPROTO_SCTP;
		}
		ip6h->ip6_plen = htons((uint16_t)(packet_length - sizeof(struct ip6_hdr)));
		ip6h->ip6_dst = sin6->sin6_addr;

		/*
		 * Add SRC address selection here: we can only reuse to a
		 * limited degree the kame src-addr-sel, since we can try
		 * their selection but it may not be bound.
		 */
		memset(&lsa6_tmp, 0, sizeof(lsa6_tmp));
		lsa6_tmp.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
		lsa6_tmp.sin6_len = sizeof(lsa6_tmp);
#endif
		lsa6 = &lsa6_tmp;
		if (net && out_of_asoc_ok == 0) {
			if (net->ro._s_addr && (net->ro._s_addr->localifa_flags & (SCTP_BEING_DELETED|SCTP_ADDR_IFA_UNUSEABLE))) {
				sctp_free_ifa(net->ro._s_addr);
				net->ro._s_addr = NULL;
				net->src_addr_selected = 0;
#if defined(__FreeBSD__) && !defined(__Userspace__)
				RO_NHFREE(ro);
#else
				if (ro->ro_rt) {
					RTFREE(ro->ro_rt);
					ro->ro_rt = NULL;
				}
#endif
			}
			if (net->src_addr_selected == 0) {
#ifdef SCTP_EMBEDDED_V6_SCOPE
				sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
				/* KAME hack: embed scopeid */
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
				if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL) != 0)
#else
				if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL, NULL) != 0)
#endif
#elif defined(SCTP_KAME)
				if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0)
#else
				if (in6_embedscope(&sin6->sin6_addr, sin6) != 0)
#endif
				{
					SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
					sctp_m_freem(m);
					return (EINVAL);
				}
#endif /* SCTP_EMBEDDED_V6_SCOPE */
				/* Cache the source address */
				net->ro._s_addr = sctp_source_address_selection(inp,
										stcb,
										ro,
										net,
										0,
										vrf_id);
#ifdef SCTP_EMBEDDED_V6_SCOPE
#ifdef SCTP_KAME
				(void)sa6_recoverscope(sin6);
#else
				(void)in6_recoverscope(sin6, &sin6->sin6_addr, NULL);
#endif	/* SCTP_KAME */
#endif	/* SCTP_EMBEDDED_V6_SCOPE */
				net->src_addr_selected = 1;
			}
			if (net->ro._s_addr == NULL) {
				SCTPDBG(SCTP_DEBUG_OUTPUT3, "V6:No route to host\n");
				net->src_addr_selected = 0;
				sctp_handle_no_route(stcb, net, so_locked);
				SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
				sctp_m_freem(m);
				return (EHOSTUNREACH);
			}
			lsa6->sin6_addr = net->ro._s_addr->address.sin6.sin6_addr;
		} else {
#ifdef SCTP_EMBEDDED_V6_SCOPE
			sin6 = (struct sockaddr_in6 *)&ro->ro_dst;
			/* KAME hack: embed scopeid */
#if defined(__APPLE__) && !defined(__Userspace__)
#if defined(APPLE_LEOPARD) || defined(APPLE_SNOWLEOPARD)
			if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL) != 0)
#else
			if (in6_embedscope(&sin6->sin6_addr, sin6, NULL, NULL, NULL) != 0)
#endif
#elif defined(SCTP_KAME)
			if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0)
#else
			if (in6_embedscope(&sin6->sin6_addr, sin6) != 0)
#endif
			  {
				SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
				sctp_m_freem(m);
				return (EINVAL);
			  }
#endif /* SCTP_EMBEDDED_V6_SCOPE */
			if (over_addr == NULL) {
				struct sctp_ifa *_lsrc;

				_lsrc = sctp_source_address_selection(inp, stcb, ro,
				                                      net,
				                                      out_of_asoc_ok,
				                                      vrf_id);
				if (_lsrc == NULL) {
					sctp_handle_no_route(stcb, net, so_locked);
					SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
					sctp_m_freem(m);
					return (EHOSTUNREACH);
				}
				lsa6->sin6_addr = _lsrc->address.sin6.sin6_addr;
				sctp_free_ifa(_lsrc);
			} else {
				lsa6->sin6_addr = over_addr->sin6.sin6_addr;
				SCTP_RTALLOC(ro, vrf_id, inp->fibnum);
			}
#ifdef SCTP_EMBEDDED_V6_SCOPE
#ifdef SCTP_KAME
			(void)sa6_recoverscope(sin6);
#else
			(void)in6_recoverscope(sin6, &sin6->sin6_addr, NULL);
#endif	/* SCTP_KAME */
#endif	/* SCTP_EMBEDDED_V6_SCOPE */
		}
		lsa6->sin6_port = inp->sctp_lport;

#if defined(__FreeBSD__) && !defined(__Userspace__)
		if (ro->ro_nh == NULL) {
#else
		if (ro->ro_rt == NULL) {
#endif
			/*
			 * src addr selection failed to find a route (or
			 * valid source addr), so we can't get there from
			 * here!
			 */
			sctp_handle_no_route(stcb, net, so_locked);
			SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
			sctp_m_freem(m);
			return (EHOSTUNREACH);
		}
#ifndef SCOPEDROUTING
#ifdef SCTP_EMBEDDED_V6_SCOPE
		/*
		 * XXX: sa6 may not have a valid sin6_scope_id in the
		 * non-SCOPEDROUTING case.
		 */
		memset(&lsa6_storage, 0, sizeof(lsa6_storage));
		lsa6_storage.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
		lsa6_storage.sin6_len = sizeof(lsa6_storage);
#endif
#ifdef SCTP_KAME
		lsa6_storage.sin6_addr = lsa6->sin6_addr;
		if ((error = sa6_recoverscope(&lsa6_storage)) != 0) {
#else
		if ((error = in6_recoverscope(&lsa6_storage, &lsa6->sin6_addr,
		    NULL)) != 0) {
#endif				/* SCTP_KAME */
			SCTPDBG(SCTP_DEBUG_OUTPUT3, "recover scope fails error %d\n", error);
			sctp_m_freem(m);
			return (error);
		}
		/* XXX */
		lsa6_storage.sin6_addr = lsa6->sin6_addr;
		lsa6_storage.sin6_port = inp->sctp_lport;
		lsa6 = &lsa6_storage;
#endif /* SCTP_EMBEDDED_V6_SCOPE */
#endif /* SCOPEDROUTING */
		ip6h->ip6_src = lsa6->sin6_addr;

		if (port) {
			if (htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port)) == 0) {
				sctp_handle_no_route(stcb, net, so_locked);
				SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EHOSTUNREACH);
				sctp_m_freem(m);
				return (EHOSTUNREACH);
			}
			udp = (struct udphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr));
			udp->uh_sport = htons(SCTP_BASE_SYSCTL(sctp_udp_tunneling_port));
			udp->uh_dport = port;
			udp->uh_ulen = htons((uint16_t)(packet_length - sizeof(struct ip6_hdr)));
			udp->uh_sum = 0;
			sctphdr = (struct sctphdr *)((caddr_t)udp + sizeof(struct udphdr));
		} else {
			sctphdr = (struct sctphdr *)((caddr_t)ip6h + sizeof(struct ip6_hdr));
		}

		sctphdr->src_port = src_port;
		sctphdr->dest_port = dest_port;
		sctphdr->v_tag = v_tag;
		sctphdr->checksum = 0;

		/*
		 * We set the hop limit now since there is a good chance
		 * that our ro pointer is now filled
		 */
		ip6h->ip6_hlim = SCTP_GET_HLIM(inp, ro);
#if !defined(__Userspace__)
		ifp = SCTP_GET_IFN_VOID_FROM_ROUTE(ro);
#endif

#ifdef SCTP_DEBUG
		/* Copy to be sure something bad is not happening */
		sin6->sin6_addr = ip6h->ip6_dst;
		lsa6->sin6_addr = ip6h->ip6_src;
#endif

		SCTPDBG(SCTP_DEBUG_OUTPUT3, "Calling ipv6 output routine from low level\n");
		SCTPDBG(SCTP_DEBUG_OUTPUT3, "src: ");
		SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)lsa6);
		SCTPDBG(SCTP_DEBUG_OUTPUT3, "dst: ");
		SCTPDBG_ADDR(SCTP_DEBUG_OUTPUT3, (struct sockaddr *)sin6);
		if (net) {
			sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
			/* preserve the port and scope for link local send */
			prev_scope = sin6->sin6_scope_id;
			prev_port = sin6->sin6_port;
		}

		if (SCTP_GET_HEADER_FOR_OUTPUT(o_pak)) {
			/* failed to prepend data, give up */
			sctp_m_freem(m);
			SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
			return (ENOMEM);
		}
		SCTP_ATTACH_CHAIN(o_pak, m, packet_length);
		if (port) {
			sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip6_hdr) + sizeof(struct udphdr));
			SCTP_STAT_INCR(sctps_sendswcrc);
#if !defined(__Userspace__)
#if defined(_WIN32)
			udp->uh_sum = 0;
#else
			if ((udp->uh_sum = in6_cksum(o_pak, IPPROTO_UDP, sizeof(struct ip6_hdr), packet_length - sizeof(struct ip6_hdr))) == 0) {
				udp->uh_sum = 0xffff;
			}
#endif
#endif
		} else {
#if defined(__FreeBSD__) && !defined(__Userspace__)
			m->m_pkthdr.csum_flags = CSUM_SCTP_IPV6;
			m->m_pkthdr.csum_data = offsetof(struct sctphdr, checksum);
			SCTP_STAT_INCR(sctps_sendhwcrc);
#else
			if (!(SCTP_BASE_SYSCTL(sctp_no_csum_on_loopback) &&
			      (stcb) && (stcb->asoc.scope.loopback_scope))) {
				sctphdr->checksum = sctp_calculate_cksum(m, sizeof(struct ip6_hdr));
				SCTP_STAT_INCR(sctps_sendswcrc);
			} else {
				SCTP_STAT_INCR(sctps_sendhwcrc);
			}
#endif
		}
		/* send it out. table id is taken from stcb */
#if defined(__APPLE__) && !defined(__Userspace__)
		if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
			so = SCTP_INP_SO(inp);
			SCTP_SOCKET_UNLOCK(so, 0);
		}
#endif
#ifdef SCTP_PACKET_LOGGING
		if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_LAST_PACKET_TRACING)
			sctp_packet_log(o_pak);
#endif
#if !defined(__Userspace__)
#if defined(__FreeBSD__)
		SCTP_PROBE5(send, NULL, stcb, ip6h, stcb, sctphdr);
#endif
		SCTP_IP6_OUTPUT(ret, o_pak, (struct route_in6 *)ro, &ifp, inp, vrf_id);
#else
		SCTP_IP6_OUTPUT(ret, o_pak, (struct route_in6 *)ro, NULL, inp, vrf_id);
#endif
#if defined(__APPLE__) && !defined(__Userspace__)
		if ((SCTP_BASE_SYSCTL(sctp_output_unlocked)) && (so_locked)) {
			atomic_add_int(&stcb->asoc.refcnt, 1);
			SCTP_TCB_UNLOCK(stcb);
			SCTP_SOCKET_LOCK(so, 0);
			SCTP_TCB_LOCK(stcb);
			atomic_subtract_int(&stcb->asoc.refcnt, 1);
		}
#endif
		if (net) {
			/* for link local this must be done */
			sin6->sin6_scope_id = prev_scope;
			sin6->sin6_port = prev_port;
		}
		SCTPDBG(SCTP_DEBUG_OUTPUT3, "return from send is %d\n", ret);
#if defined(__FreeBSD__) && !defined(__Userspace__)
		if (port) {
			UDPSTAT_INC(udps_opackets);
		}
#endif
		SCTP_STAT_INCR(sctps_sendpackets);
		SCTP_STAT_INCR_COUNTER64(sctps_outpackets);
		if (ret) {
			SCTP_STAT_INCR(sctps_senderrors);
		}
		if (net == NULL) {
			/* Now if we had a temp route free it */
#if defined(__FreeBSD__) && !defined(__Userspace__)
			RO_NHFREE(ro);
#else
			if (ro->ro_rt) {
				RTFREE(ro->ro_rt);
				ro->ro_rt = NULL;
			}
#endif
		} else {
			/* PMTU check versus smallest asoc MTU goes here */
#if defined(__FreeBSD__) && !defined(__Userspace__)
			if (ro->ro_nh == NULL) {
#else
			if (ro->ro_rt == NULL) {
#endif
				/* Route was freed */
				if (net->ro._s_addr &&
				    net->src_addr_selected) {
					sctp_free_ifa(net->ro._s_addr);
					net->ro._s_addr = NULL;
				}
				net->src_addr_selected = 0;
			}
#if defined(__FreeBSD__) && !defined(__Userspace__)
			if ((ro->ro_nh != NULL) && (net->ro._s_addr) &&
#else
			if ((ro->ro_rt != NULL) && (net->ro._s_addr) &&
#endif
			    ((net->dest_state & SCTP_ADDR_NO_PMTUD) == 0)) {
				uint32_t mtu;

#if defined(__FreeBSD__) && !defined(__Userspace__)
				mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_nh);
#else
				mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._l_addr.sa, ro->ro_rt);
#endif
				if (mtu > 0) {
					if (net->port) {
						mtu -= sizeof(struct udphdr);
					}
					if (mtu < net->mtu) {
						net->mtu = mtu;
						if ((stcb != NULL) && (stcb->asoc.smallest_mtu > mtu)) {
							sctp_pathmtu_adjustment(stcb, mtu, false);
						}
					}
				}
			}
#if !defined(__Userspace__)
			else if (ifp != NULL) {
#if defined(_WIN32)
#define ND_IFINFO(ifp)	(ifp)
#define linkmtu		if_mtu
#endif
				if ((ND_IFINFO(ifp)->linkmtu > 0) &&
				    (stcb->asoc.smallest_mtu > ND_IFINFO(ifp)->linkmtu)) {
					sctp_pathmtu_adjustment(stcb, ND_IFINFO(ifp)->linkmtu, false);
				}
			}
#endif
		}
		return (ret);
	}
#endif
#if defined(__Userspace__)
	case AF_CONN:
	{
		char *buffer;
		struct sockaddr_conn *sconn;
		int len;

		sconn = (struct sockaddr_conn *)to;
		len = sizeof(struct sctphdr);
		newm = sctp_get_mbuf_for_msg(len, 1, M_NOWAIT, 1, MT_DATA);
		if (newm == NULL) {
			sctp_m_freem(m);
			SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
			return (ENOMEM);
		}
		SCTP_ALIGN_TO_END(newm, len);
		SCTP_BUF_LEN(newm) = len;
		SCTP_BUF_NEXT(newm) = m;
		m = newm;
		packet_length = sctp_calculate_len(m);
		m->m_pkthdr.len = packet_length;
		sctphdr = mtod(m, struct sctphdr *);
		sctphdr->src_port = src_port;
		sctphdr->dest_port = dest_port;
		sctphdr->v_tag = v_tag;
		sctphdr->checksum = 0;
		if (SCTP_BASE_VAR(crc32c_offloaded) == 0) {
			sctphdr->checksum = sctp_calculate_cksum(m, 0);
			SCTP_STAT_INCR(sctps_sendswcrc);
		} else {
			SCTP_STAT_INCR(sctps_sendhwcrc);
		}
		if (tos_value == 0) {
			tos_value = inp->ip_inp.inp.inp_ip_tos;
		}
		tos_value &= 0xfc;
		if (ecn_ok) {
			tos_value |= sctp_get_ect(stcb);
		}
		/* Don't alloc/free for each packet */
		if ((buffer = malloc(packet_length)) != NULL) {
			m_copydata(m, 0, packet_length, buffer);
			ret = SCTP_BASE_VAR(conn_output)(sconn->sconn_addr, buffer, packet_length, tos_value, nofragment_flag);
			free(buffer);
		} else {
			ret = ENOMEM;
		}
		sctp_m_freem(m);
		return (ret);
	}
#endif
	default:
		SCTPDBG(SCTP_DEBUG_OUTPUT1, "Unknown protocol (TSNH) type %d\n",
		        ((struct sockaddr *)to)->sa_family);
		sctp_m_freem(m);
		SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EFAULT);
		return (EFAULT);
	}
}

void
sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int so_locked)
{
	struct mbuf *m, *m_last;
	struct sctp_nets *net;
	struct sctp_init_chunk *init;
	struct sctp_supported_addr_param *sup_addr;
	struct sctp_adaptation_layer_indication *ali;
	struct sctp_supported_chunk_types_param *pr_supported;
	struct sctp_paramhdr *ph;
	int cnt_inits_to = 0;
	int error;
	uint16_t num_ext, chunk_len, padding_len, parameter_len;

#if defined(__APPLE__) && !defined(__Userspace__)
	if (so_locked) {
		sctp_lock_assert(SCTP_INP_SO(inp));
	} else {
		sctp_unlock_assert(SCTP_INP_SO(inp));
	}
#endif
	/* INIT's always go to the primary (and usually ONLY address) */
	net = stcb->asoc.primary_destination;
	if (net == NULL) {
		net = TAILQ_FIRST(&stcb->asoc.nets);
		if (net == NULL) {
			/* TSNH */
			return;
		}
		/* we confirm any address we send an INIT to */
		net->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
		(void)sctp_set_primary_addr(stcb, NULL, net);
	} else {
		/* we confirm any address we send an INIT to */
		net->dest_state &= ~SCTP_ADDR_UNCONFIRMED;
	}
	SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT\n");
#ifdef INET6
	if (net->ro._l_addr.sa.sa_family == AF_INET6) {
		/*
		 * special hook, if we are sending to link local it will not
		 * show up in our private address count.
		 */
		if (IN6_IS_ADDR_LINKLOCAL(&net->ro._l_addr.sin6.sin6_addr))
			cnt_inits_to = 1;
	}
#endif
	if (SCTP_OS_TIMER_PENDING(&net->rxt_timer.timer)) {
		/* This case should not happen */
		SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - failed timer?\n");
		return;
	}
	/* start the INIT timer */
	sctp_timer_start(SCTP_TIMER_TYPE_INIT, inp, stcb, net);

	m = sctp_get_mbuf_for_msg(MCLBYTES, 1, M_NOWAIT, 1, MT_DATA);
	if (m == NULL) {
		/* No memory, INIT timer will re-attempt. */
		SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - mbuf?\n");
		return;
	}
	chunk_len = (uint16_t)sizeof(struct sctp_init_chunk);
	padding_len = 0;
	/* Now lets put the chunk header in place */
	init = mtod(m, struct sctp_init_chunk *);
	/* now the chunk header */
	init->ch.chunk_type = SCTP_INITIATION;
	init->ch.chunk_flags = 0;
	/* fill in later from mbuf we build */
	init->ch.chunk_length = 0;
	/* place in my tag */
	init->init.initiate_tag = htonl(stcb->asoc.my_vtag);
	/* set up some of the credits. */
	init->init.a_rwnd = htonl(max(inp->sctp_socket?SCTP_SB_LIMIT_RCV(inp->sctp_socket):0,
	                              SCTP_MINIMAL_RWND));
	init->init.num_outbound_streams = htons(stcb->asoc.pre_open_streams);
	init->init.num_inbound_streams = htons(stcb->asoc.max_inbound_streams);
	init->init.initial_tsn = htonl(stcb->asoc.init_seq_number);

	/* Adaptation layer indication parameter */
	if (inp->sctp_ep.adaptation_layer_indicator_provided) {
		parameter_len = (uint16_t)sizeof(struct sctp_adaptation_layer_indication);
		ali = (struct sctp_adaptation_layer_indication *)(mtod(m, caddr_t) + chunk_len);
		ali->ph.param_type = htons(SCTP_ULP_ADAPTATION);
		ali->ph.param_length = htons(parameter_len);
		ali->indication = htonl(inp->sctp_ep.adaptation_layer_indicator);
		chunk_len += parameter_len;
	}

	/* ECN parameter */
	if (stcb->asoc.ecn_supported == 1) {
		parameter_len = (uint16_t)sizeof(struct sctp_paramhdr);
		ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len);
		ph->param_type = htons(SCTP_ECN_CAPABLE);
		ph->param_length = htons(parameter_len);
		chunk_len += parameter_len;
	}

	/* PR-SCTP supported parameter */
	if (stcb->asoc.prsctp_supported == 1) {
		parameter_len = (uint16_t)sizeof(struct sctp_paramhdr);
		ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len);
		ph->param_type = htons(SCTP_PRSCTP_SUPPORTED);
		ph->param_length = htons(parameter_len);
		chunk_len += parameter_len;
	}

	/* Add NAT friendly parameter. */
	if (SCTP_BASE_SYSCTL(sctp_inits_include_nat_friendly)) {
		parameter_len = (uint16_t)sizeof(struct sctp_paramhdr);
		ph = (struct sctp_paramhdr *)(mtod(m, caddr_t) + chunk_len);
		ph->param_type = htons(SCTP_HAS_NAT_SUPPORT);
		ph->param_length = htons(parameter_len);
		chunk_len += parameter_len;
	}

	/* And now tell the peer which extensions we support */
	num_ext = 0;
	pr_supported = (struct sctp_supported_chunk_types_param *)(mtod(m, caddr_t) + chunk_len);
	if (stcb->asoc.prsctp_supported == 1) {
		pr_supported->chunk_types[num_ext++] = SCTP_FORWARD_CUM_TSN;
		if (stcb->asoc.idata_supported) {
			pr_supported->chunk_types[num_ext++] = SCTP_IFORWARD_CUM_TSN;
		}
	}
	if (stcb->asoc.auth_supported == 1) {
		pr_supported->chunk_types[num_ext++] = SCTP_AUTHENTICATION;
	}
	if (stcb->asoc.asconf_supported == 1) {
		pr_supported->chunk_types[num_ext++] = SCTP_ASCONF;
		pr_supported->chunk_types[num_ext++] = SCTP_ASCONF_ACK;
	}
	if (stcb->asoc.reconfig_supported == 1) {
		pr_supported->chunk_types[num_ext++] = SCTP_STREAM_RESET;
	}
	if (stcb->asoc.idata_supported) {
		pr_supported->chunk_types[num_ext++] = SCTP_IDATA;
	}
	if (stcb->asoc.nrsack_supported == 1) {
		pr_supported->chunk_types[num_ext++] = SCTP_NR_SELECTIVE_ACK;
	}
	if (stcb->asoc.pktdrop_supported == 1) {
		pr_supported->chunk_types[num_ext++] = SCTP_PACKET_DROPPED;
	}
	if (num_ext > 0) {
		parameter_len = (uint16_t)sizeof(struct sctp_supported_chunk_types_param) + num_ext;
		pr_supported->ph.param_type = htons(SCTP_SUPPORTED_CHUNK_EXT);
		pr_supported->ph.param_length = htons(parameter_len);
		padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
		chunk_len += parameter_len;
	}
	/* add authentication parameters */
	if (stcb->asoc.auth_supported) {
		/* attach RANDOM parameter, if available */
		if (stcb->asoc.authinfo.random != NULL) {
			struct sctp_auth_random *randp;

			if (padding_len > 0) {
				memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
				chunk_len += padding_len;
				padding_len = 0;
			}
			randp = (struct sctp_auth_random *)(mtod(m, caddr_t) + chunk_len);
			parameter_len = (uint16_t)sizeof(struct sctp_auth_random) + stcb->asoc.authinfo.random_len;
			/* random key already contains the header */
			memcpy(randp, stcb->asoc.authinfo.random->key, parameter_len);
			padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
			chunk_len += parameter_len;
		}
		/* add HMAC_ALGO parameter */
		if (stcb->asoc.local_hmacs != NULL) {
			struct sctp_auth_hmac_algo *hmacs;

			if (padding_len > 0) {
				memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
				chunk_len += padding_len;
				padding_len = 0;
			}
			hmacs = (struct sctp_auth_hmac_algo *)(mtod(m, caddr_t) + chunk_len);
			parameter_len = (uint16_t)(sizeof(struct sctp_auth_hmac_algo) +
			                           stcb->asoc.local_hmacs->num_algo * sizeof(uint16_t));
			hmacs->ph.param_type = htons(SCTP_HMAC_LIST);
			hmacs->ph.param_length = htons(parameter_len);
			sctp_serialize_hmaclist(stcb->asoc.local_hmacs, (uint8_t *)hmacs->hmac_ids);
			padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
			chunk_len += parameter_len;
		}
		/* add CHUNKS parameter */
		if (stcb->asoc.local_auth_chunks != NULL) {
			struct sctp_auth_chunk_list *chunks;

			if (padding_len > 0) {
				memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
				chunk_len += padding_len;
				padding_len = 0;
			}
			chunks = (struct sctp_auth_chunk_list *)(mtod(m, caddr_t) + chunk_len);
			parameter_len = (uint16_t)(sizeof(struct sctp_auth_chunk_list) +
			                           sctp_auth_get_chklist_size(stcb->asoc.local_auth_chunks));
			chunks->ph.param_type = htons(SCTP_CHUNK_LIST);
			chunks->ph.param_length = htons(parameter_len);
			sctp_serialize_auth_chunks(stcb->asoc.local_auth_chunks, chunks->chunk_types);
			padding_len = SCTP_SIZE32(parameter_len) - parameter_len;
			chunk_len += parameter_len;
		}
	}

	/* now any cookie time extensions */
	if (stcb->asoc.cookie_preserve_req > 0) {
		struct sctp_cookie_perserve_param *cookie_preserve;

		if (padding_len > 0) {
			memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
			chunk_len += padding_len;
			padding_len = 0;
		}
		parameter_len = (uint16_t)sizeof(struct sctp_cookie_perserve_param);
		cookie_preserve = (struct sctp_cookie_perserve_param *)(mtod(m, caddr_t) + chunk_len);
		cookie_preserve->ph.param_type = htons(SCTP_COOKIE_PRESERVE);
		cookie_preserve->ph.param_length = htons(parameter_len);
		cookie_preserve->time = htonl(stcb->asoc.cookie_preserve_req);
		stcb->asoc.cookie_preserve_req = 0;
		chunk_len += parameter_len;
	}

	if (stcb->asoc.scope.ipv4_addr_legal || stcb->asoc.scope.ipv6_addr_legal) {
		uint8_t i;

		if (padding_len > 0) {
			memset(mtod(m, caddr_t) + chunk_len, 0, padding_len);
			chunk_len += padding_len;
			padding_len = 0;
		}
		parameter_len = (uint16_t)sizeof(struct sctp_paramhdr);
		if (stcb->asoc.scope.ipv4_addr_legal) {
			parameter_len += (uint16_t)sizeof(uint16_t);
		}
		if (stcb->asoc.scope.ipv6_addr_legal) {
			parameter_len += (uint16_t)sizeof(uint16_t);
		}
		sup_addr = (struct sctp_supported_addr_param *)(mtod(m, caddr_t) + chunk_len);
		sup_addr->ph.param_type = htons(SCTP_SUPPORTED_ADDRTYPE);
		sup_addr->ph.param_length = htons(parameter_len);
		i = 0;
		if (stcb->asoc.scope.ipv4_addr_legal) {
			sup_addr->addr_type[i++] = htons(SCTP_IPV4_ADDRESS);
		}
		if (stcb->asoc.scope.ipv6_addr_legal) {
			sup_addr->addr_type[i++] = htons(SCTP_IPV6_ADDRESS);
		}
		padding_len = 4 - 2 * i;
		chunk_len += parameter_len;
	}

	SCTP_BUF_LEN(m) = chunk_len;
	/* now the addresses */
	/* To optimize this we could put the scoping stuff
	 * into a structure and remove the individual uint8's from
	 * the assoc structure. Then we could just sifa in the
	 * address within the stcb. But for now this is a quick
	 * hack to get the address stuff teased apart.
	 */
	m_last = sctp_add_addresses_to_i_ia(inp, stcb, &stcb->asoc.scope,
	                                    m, cnt_inits_to,
	                                    &padding_len, &chunk_len);

	init->ch.chunk_length = htons(chunk_len);
	if (padding_len > 0) {
		if (sctp_add_pad_tombuf(m_last, padding_len) == NULL) {
			sctp_m_freem(m);
			return;
		}
	}
	SCTPDBG(SCTP_DEBUG_OUTPUT4, "Sending INIT - calls lowlevel_output\n");
	if ((error = sctp_lowlevel_chunk_output(inp, stcb, net,
	                                        (struct sockaddr *)&net->ro._l_addr,
	                                        m, 0, NULL, 0, 0, 0, 0,
	                                        inp->sctp_lport, stcb->rport, htonl(0),
	                                        net->port, NULL,
#if defined(__FreeBSD__) && !defined(__Userspace__)
	                                        0, 0,
#endif
	                                        so_locked))) {
		SCTPDBG(SCTP_DEBUG_OUTPUT4, "Gak send error %d\n", error);
		if (error == ENOBUFS) {
			stcb->asoc.ifp_had_enobuf = 1;
			SCTP_STAT_INCR(sctps_lowlevelerr);
		}
	} else {
		stcb->asoc.ifp_had_enobuf = 0;
	}
	SCTP_STAT_INCR_COUNTER64(sctps_outcontrolchunks);
	(void)SCTP_GETTIME_TIMEVAL(&net->last_sent_time);
}

struct mbuf *
sctp_arethere_unrecognized_parameters(struct mbuf *in_initpkt,
                                      int param_offset, int *abort_processing,
                                      struct sctp_chunkhdr *cp,
                                      int *nat_friendly,
                                      int *cookie_found)
{
	/*
	 * Given a mbuf containing an INIT or INIT-ACK with the param_offset
	 * being equal to the beginning of the params i.e. (iphlen +
	 * sizeof(struct sctp_init_msg) parse through the parameters to the
	 * end of the mbuf verifying that all parameters are known.
	 *
	 * For unknown parameters build and return a mbuf with
	 * UNRECOGNIZED_PARAMETER errors. If the flags indicate to stop
	 * processing this chunk stop, and set *abort_processing to 1.
	 *
	 * By having param_offset be pre-set to where parameters begin it is
	 * hoped that this routine may be reused in the future by new
	 * features.
	 */
	struct sctp_paramhdr *phdr, params;

	struct mbuf *mat, *m_tmp, *op_err, *op_err_last;
	int at, limit, pad_needed;
	uint16_t ptype, plen, padded_size;

	*abort_processing = 0;
	if (cookie_found != NULL) {
		*cookie_found = 0;
	}
	mat = in_initpkt;
	limit = ntohs(cp->chunk_length) - sizeof(struct sctp_init_chunk);
	at = param_offset;
	op_err = NULL;
	op_err_last = NULL;
	pad_needed = 0;
	SCTPDBG(SCTP_DEBUG_OUTPUT1, "Check for unrecognized param's\n");
	phdr = sctp_get_next_param(mat, at, &params, sizeof(params));
	while ((phdr != NULL) && ((size_t)limit >= sizeof(struct sctp_paramhdr))) {
		ptype = ntohs(phdr->param_type);
		plen = ntohs(phdr->param_length);
		if ((plen > limit) || (plen < sizeof(struct sctp_paramhdr))) {
			/* wacked parameter */
			SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error %d\n", plen);
			goto invalid_size;
		}
		limit -= SCTP_SIZE32(plen);
		/*-
		 * All parameters for all chunks that we know/understand are
		 * listed here. We process them other places and make
		 * appropriate stop actions per the upper bits. However this
		 * is the generic routine processor's can call to get back
		 * an operr.. to either incorporate (init-ack) or send.
		 */
		padded_size = SCTP_SIZE32(plen);
		switch (ptype) {
			/* Param's with variable size */
		case SCTP_HEARTBEAT_INFO:
		case SCTP_UNRECOG_PARAM:
		case SCTP_ERROR_CAUSE_IND:
			/* ok skip fwd */
			at += padded_size;
			break;
		case SCTP_STATE_COOKIE:
			if (cookie_found != NULL) {
				*cookie_found = 1;
			}
			at += padded_size;
			break;
			/* Param's with variable size within a range */
		case SCTP_CHUNK_LIST:
		case SCTP_SUPPORTED_CHUNK_EXT:
			if (padded_size > (sizeof(struct sctp_supported_chunk_types_param) + (sizeof(uint8_t) * SCTP_MAX_SUPPORTED_EXT))) {
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error chklist %d\n", plen);
				goto invalid_size;
			}
			at += padded_size;
			break;
		case SCTP_SUPPORTED_ADDRTYPE:
			if (padded_size > SCTP_MAX_ADDR_PARAMS_SIZE) {
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error supaddrtype %d\n", plen);
				goto invalid_size;
			}
			at += padded_size;
			break;
		case SCTP_RANDOM:
			if (padded_size > (sizeof(struct sctp_auth_random) + SCTP_RANDOM_MAX_SIZE)) {
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error random %d\n", plen);
				goto invalid_size;
			}
			at += padded_size;
			break;
		case SCTP_SET_PRIM_ADDR:
		case SCTP_DEL_IP_ADDRESS:
		case SCTP_ADD_IP_ADDRESS:
			if ((padded_size != sizeof(struct sctp_asconf_addrv4_param)) &&
			    (padded_size != sizeof(struct sctp_asconf_addr_param))) {
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error setprim %d\n", plen);
				goto invalid_size;
			}
			at += padded_size;
			break;
			/* Param's with a fixed size */
		case SCTP_IPV4_ADDRESS:
			if (padded_size != sizeof(struct sctp_ipv4addr_param)) {
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv4 addr %d\n", plen);
				goto invalid_size;
			}
			at += padded_size;
			break;
		case SCTP_IPV6_ADDRESS:
			if (padded_size != sizeof(struct sctp_ipv6addr_param)) {
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ipv6 addr %d\n", plen);
				goto invalid_size;
			}
			at += padded_size;
			break;
		case SCTP_COOKIE_PRESERVE:
			if (padded_size != sizeof(struct sctp_cookie_perserve_param)) {
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error cookie-preserve %d\n", plen);
				goto invalid_size;
			}
			at += padded_size;
			break;
		case SCTP_HAS_NAT_SUPPORT:
			*nat_friendly = 1;
			/* fall through */
		case SCTP_PRSCTP_SUPPORTED:
			if (padded_size != sizeof(struct sctp_paramhdr)) {
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error prsctp/nat support %d\n", plen);
				goto invalid_size;
			}
			at += padded_size;
			break;
		case SCTP_ECN_CAPABLE:
			if (padded_size != sizeof(struct sctp_paramhdr)) {
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error ecn %d\n", plen);
				goto invalid_size;
			}
			at += padded_size;
			break;
		case SCTP_ULP_ADAPTATION:
			if (padded_size != sizeof(struct sctp_adaptation_layer_indication)) {
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error adapatation %d\n", plen);
				goto invalid_size;
			}
			at += padded_size;
			break;
		case SCTP_SUCCESS_REPORT:
			if (padded_size != sizeof(struct sctp_asconf_paramhdr)) {
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "Invalid size - error success %d\n", plen);
				goto invalid_size;
			}
			at += padded_size;
			break;
		case SCTP_HOSTNAME_ADDRESS:
		{
			/* Hostname parameters are deprecated. */
			struct sctp_gen_error_cause *cause;
			int l_len;

			SCTPDBG(SCTP_DEBUG_OUTPUT1, "Can't handle hostname addresses.. abort processing\n");
			*abort_processing = 1;
			sctp_m_freem(op_err);
			op_err = NULL;
			op_err_last = NULL;
#ifdef INET6
			l_len = SCTP_MIN_OVERHEAD;
#else
			l_len = SCTP_MIN_V4_OVERHEAD;
#endif
			l_len += sizeof(struct sctp_chunkhdr);
			l_len += sizeof(struct sctp_gen_error_cause);
			op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA);
			if (op_err != NULL) {
				/*
				 * Pre-reserve space for IP, SCTP, and
				 * chunk header.
				 */
#ifdef INET6
				SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
#else
				SCTP_BUF_RESV_UF(op_err, sizeof(struct ip));
#endif
				SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
				SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
				SCTP_BUF_LEN(op_err) = sizeof(struct sctp_gen_error_cause);
				cause = mtod(op_err, struct sctp_gen_error_cause *);
				cause->code = htons(SCTP_CAUSE_UNRESOLVABLE_ADDR);
				cause->length = htons((uint16_t)(sizeof(struct sctp_gen_error_cause) + plen));
				SCTP_BUF_NEXT(op_err) = SCTP_M_COPYM(mat, at, plen, M_NOWAIT);
				if (SCTP_BUF_NEXT(op_err) == NULL) {
					sctp_m_freem(op_err);
					op_err = NULL;
					op_err_last = NULL;
				}
			}
			return (op_err);
		}
		default:
			/*
			 * we do not recognize the parameter figure out what
			 * we do.
			 */
			SCTPDBG(SCTP_DEBUG_OUTPUT1, "Hit default param %x\n", ptype);
			if ((ptype & 0x4000) == 0x4000) {
				/* Report bit is set?? */
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "report op err\n");
				if (op_err == NULL) {
					int l_len;
					/* Ok need to try to get an mbuf */
#ifdef INET6
					l_len = SCTP_MIN_OVERHEAD;
#else
					l_len = SCTP_MIN_V4_OVERHEAD;
#endif
					l_len += sizeof(struct sctp_chunkhdr);
					l_len += sizeof(struct sctp_paramhdr);
					op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA);
					if (op_err) {
						SCTP_BUF_LEN(op_err) = 0;
#ifdef INET6
						SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
#else
						SCTP_BUF_RESV_UF(op_err, sizeof(struct ip));
#endif
						SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
						SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
						op_err_last = op_err;
					}
				}
				if (op_err != NULL) {
					/* If we have space */
					struct sctp_paramhdr *param;

					if (pad_needed > 0) {
						op_err_last = sctp_add_pad_tombuf(op_err_last, pad_needed);
					}
					if (op_err_last == NULL) {
						sctp_m_freem(op_err);
						op_err = NULL;
						op_err_last = NULL;
						goto more_processing;
					}
					if (M_TRAILINGSPACE(op_err_last) < (int)sizeof(struct sctp_paramhdr)) {
						m_tmp = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), 0, M_NOWAIT, 1, MT_DATA);
						if (m_tmp == NULL) {
							sctp_m_freem(op_err);
							op_err = NULL;
							op_err_last = NULL;
							goto more_processing;
						}
						SCTP_BUF_LEN(m_tmp) = 0;
						SCTP_BUF_NEXT(m_tmp) = NULL;
						SCTP_BUF_NEXT(op_err_last) = m_tmp;
						op_err_last = m_tmp;
					}
					param = (struct sctp_paramhdr *)(mtod(op_err_last, caddr_t) + SCTP_BUF_LEN(op_err_last));
					param->param_type = htons(SCTP_UNRECOG_PARAM);
					param->param_length = htons((uint16_t)sizeof(struct sctp_paramhdr) + plen);
					SCTP_BUF_LEN(op_err_last) += sizeof(struct sctp_paramhdr);
					SCTP_BUF_NEXT(op_err_last) = SCTP_M_COPYM(mat, at, plen, M_NOWAIT);
					if (SCTP_BUF_NEXT(op_err_last) == NULL) {
						sctp_m_freem(op_err);
						op_err = NULL;
						op_err_last = NULL;
						goto more_processing;
					} else {
						while (SCTP_BUF_NEXT(op_err_last) != NULL) {
							op_err_last = SCTP_BUF_NEXT(op_err_last);
						}
					}
					if (plen % 4 != 0) {
						pad_needed = 4 - (plen % 4);
					} else {
						pad_needed = 0;
					}
				}
			}
		more_processing:
			if ((ptype & 0x8000) == 0x0000) {
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "stop proc\n");
				return (op_err);
			} else {
				/* skip this chunk and continue processing */
				SCTPDBG(SCTP_DEBUG_OUTPUT1, "move on\n");
				at += SCTP_SIZE32(plen);
			}
			break;
		}
		phdr = sctp_get_next_param(mat, at, &params, sizeof(params));
	}
	return (op_err);
 invalid_size:
	SCTPDBG(SCTP_DEBUG_OUTPUT1, "abort flag set\n");
	*abort_processing = 1;
	sctp_m_freem(op_err);
	op_err = NULL;
	op_err_last = NULL;
	if (phdr != NULL) {
		struct sctp_paramhdr *param;
		int l_len;
#ifdef INET6
		l_len = SCTP_MIN_OVERHEAD;
#else
		l_len = SCTP_MIN_V4_OVERHEAD;
#endif
		l_len += sizeof(struct sctp_chunkhdr);
		l_len += (2 * sizeof(struct sctp_paramhdr));
		op_err = sctp_get_mbuf_for_msg(l_len, 0, M_NOWAIT, 1, MT_DATA);
		if (op_err) {
			SCTP_BUF_LEN(op_err) = 0;
#ifdef INET6
			SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr));
#else
			SCTP_BUF_RESV_UF(op_err, sizeof(struct ip));
#endif
			SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr));
			SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr));
			SCTP_BUF_LEN(op_err) = 2 * sizeof(struct sctp_paramhdr);
			param = mtod(op_err, struct sctp_paramhdr *);
			param->param_type = htons(SCTP_CAUSE_PROTOCOL_VIOLATION);
			param->param_length = htons(2 * sizeof(struct sctp_paramhdr));
			param++;
			param->param_type = htons(ptype);
			param->param_length = htons(plen);
		}
	}
	return (op_err);
}

/*
 * Given a INIT chunk, look through the parameters to verify that there
 * are no new addresses.
 * Return true, if there is a new address or there is a problem parsing
   the parameters. Provide an optional error cause used when sending an ABORT.
 * Return false, if there are no new addresses and there is no problem in
   parameter processing.
 */
static bool
sctp_are_there_new_addresses(struct sctp_association *asoc,
    struct mbuf *in_initpkt, int offset, int limit, struct sockaddr *src,
    struct mbuf **op_err)
{
	struct sockaddr *sa_touse;
	struct sockaddr *sa;
	struct sctp_paramhdr *phdr, params;
	struct sctp_nets *net;
#ifdef INET
	struct sockaddr_in sin4, *sa4;
#endif
#ifdef INET6
	struct sockaddr_in6 sin6, *sa6;
#endif
#if defined(__Userspace__)
	struct sockaddr_conn *sac;
#endif
	uint16_t ptype, plen;
	bool fnd, check_src;

	*op_err = NULL;
#ifdef INET
	memset(&sin4, 0, sizeof(sin4));
	sin4.sin_family = AF_INET;
#ifdef HAVE_SIN_LEN
	sin4.sin_len = sizeof(sin4);
#endif
#endif
#ifdef INET6
	memset(&sin6, 0, sizeof(sin6));
	sin6.sin6_family = AF_INET6;
#ifdef HAVE_SIN6_LEN
	sin6.sin6_len = sizeof(sin6);
#endif
#endif
	/* First what about the src address of the pkt ? */
	check_src = false;
	switch (src->sa_family) {
#ifdef INET
	case AF_INET:
		if (asoc->scope.ipv4_addr_legal) {
			check_src = true;
		}
		break;
#endif
#ifdef INET6
	case AF_INET6:
		if (asoc->scope.ipv6_addr_legal) {
			check_src = true;
		}
		break;
#endif
#if defined(__Userspace__)
	case AF_CONN:
		if (asoc->scope.conn_addr_legal) {
			check_src = true;
		}
		break;
#endif
	default:
		/* TSNH */
		break;
	}
	if (check_src) {
		fnd = false;
		TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
			sa = (struct sockaddr *)&net->ro._l_addr;
			if (sa->sa_family == src->sa_family) {
#ifdef INET
				if (sa->sa_family == AF_INET) {
					struct sockaddr_in *src4;

					sa4 = (struct sockaddr_in *)sa;
					src4 = (struct sockaddr_in *)src;
					if (sa4->sin_addr.s_addr == src4->sin_addr.s_addr) {
						fnd = true;
						break;
					}
				}
#endif
#ifdef INET6
				if (sa->sa_family == AF_INET6) {
					struct sockaddr_in6 *src6;

					sa6 = (struct sockaddr_in6 *)sa;
					src6 = (struct sockaddr_in6 *)src;
					if (SCTP6_ARE_ADDR_EQUAL(sa6, src6)) {
						fnd = true;
						break;
					}
				}
#endif
#if defined(__Userspace__)
				if (sa->sa_family == AF_CONN) {
					struct sockaddr_conn *srcc;

					sac = (struct sockaddr_conn *)sa;
					srcc = (struct sockaddr_conn *)src;
					if (sac->sconn_addr == srcc->sconn_addr) {
						fnd = true;
						break;
					}
				}
#endif
			}
		}
		if (!fnd) {
			/*
			 * If sending an ABORT in case of an additional address,
			 * don't use the new address error cause.
			 * This looks no different than if no listener was
			 * present.
			 */
			*op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), "Address added");
			return (true);
		}
	}
	/* Ok so far lets munge through the rest of the packet */
	offset += sizeof(struct sctp_init_chunk);
	phdr = sctp_get_next_param(in_initpkt, offset, &params, sizeof(params));
	while (phdr) {
		sa_touse = NULL;
		ptype = ntohs(phdr->param_type);
		plen = ntohs(phdr->param_length);
		if (offset + plen > limit) {
			*op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, "Partial parameter");
			return (true);
		}
		if (plen < sizeof(struct sctp_paramhdr)) {
			*op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, "Parameter length too small");
			return (true);
		}
		switch (ptype) {
#ifdef INET
		case SCTP_IPV4_ADDRESS:
		{
			struct sctp_ipv4addr_param *p4, p4_buf;

			if (plen != sizeof(struct sctp_ipv4addr_param)) {
				*op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, "Parameter length illegal");
				return (true);
			}
			phdr = sctp_get_next_param(in_initpkt, offset,
			    (struct sctp_paramhdr *)&p4_buf, sizeof(p4_buf));
			if (phdr == NULL) {
				*op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, "");
				return (true);
			}
			if (asoc->scope.ipv4_addr_legal) {
				p4 = (struct sctp_ipv4addr_param *)phdr;
				sin4.sin_addr.s_addr = p4->addr;
				sa_touse = (struct sockaddr *)&sin4;
			}
			break;
		}
#endif
#ifdef INET6
		case SCTP_IPV6_ADDRESS:
		{
			struct sctp_ipv6addr_param *p6, p6_buf;

			if (plen != sizeof(struct sctp_ipv6addr_param)) {
				*op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, "Parameter length illegal");
				return (true);
			}
			phdr = sctp_get_next_param(in_initpkt, offset,
			    (struct sctp_paramhdr *)&p6_buf, sizeof(p6_buf));
			if (phdr == NULL) {
				*op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, "");
				return (true);
			}
			if (asoc->scope.ipv6_addr_legal) {
				p6 = (struct sctp_ipv6addr_param *)phdr;
				memcpy((caddr_t)&sin6.sin6_addr, p6->addr,
				       sizeof(p6->addr));
				sa_touse = (struct sockaddr *)&sin6;
			}
			break;
		}
#endif
		default:
			sa_touse = NULL;
			break;
		}
		if (sa_touse) {
			/* ok, sa_touse points to one to check */
			fnd = false;
			TAILQ_FOREACH(net, &asoc->nets, sctp_next) {
				sa = (struct sockaddr *)&net->ro._l_addr;
				if (sa->sa_family != sa_touse->sa_family) {
					continue;
				}
#ifdef INET
				if (sa->sa_family == AF_INET) {
					sa4 = (struct sockaddr_in *)sa;
					if (sa4->sin_addr.s_addr ==
					    sin4.sin_addr.