1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright (c) 1990 Mentat Inc. 25 * Copyright (c) 2011 Joyent, Inc. All rights reserved. 26 */ 27 28 #include <sys/types.h> 29 #include <sys/stream.h> 30 #include <sys/dlpi.h> 31 #include <sys/stropts.h> 32 #include <sys/sysmacros.h> 33 #include <sys/strsubr.h> 34 #include <sys/strlog.h> 35 #include <sys/strsun.h> 36 #include <sys/zone.h> 37 #define _SUN_TPI_VERSION 2 38 #include <sys/tihdr.h> 39 #include <sys/xti_inet.h> 40 #include <sys/ddi.h> 41 #include <sys/suntpi.h> 42 #include <sys/cmn_err.h> 43 #include <sys/debug.h> 44 #include <sys/kobj.h> 45 #include <sys/modctl.h> 46 #include <sys/atomic.h> 47 #include <sys/policy.h> 48 #include <sys/priv.h> 49 #include <sys/taskq.h> 50 51 #include <sys/systm.h> 52 #include <sys/param.h> 53 #include <sys/kmem.h> 54 #include <sys/sdt.h> 55 #include <sys/socket.h> 56 #include <sys/vtrace.h> 57 #include <sys/isa_defs.h> 58 #include <sys/mac.h> 59 #include <net/if.h> 60 #include <net/if_arp.h> 61 #include <net/route.h> 62 #include <sys/sockio.h> 63 #include <netinet/in.h> 64 #include <net/if_dl.h> 65 66 #include <inet/common.h> 67 #include <inet/mi.h> 68 #include <inet/mib2.h> 69 #include <inet/nd.h> 70 #include <inet/arp.h> 71 #include <inet/snmpcom.h> 72 #include <inet/optcom.h> 73 #include <inet/kstatcom.h> 74 75 #include <netinet/igmp_var.h> 76 #include <netinet/ip6.h> 77 #include <netinet/icmp6.h> 78 #include <netinet/sctp.h> 79 80 #include <inet/ip.h> 81 #include <inet/ip_impl.h> 82 #include <inet/ip6.h> 83 #include <inet/ip6_asp.h> 84 #include <inet/tcp.h> 85 #include <inet/tcp_impl.h> 86 #include <inet/ip_multi.h> 87 #include <inet/ip_if.h> 88 #include <inet/ip_ire.h> 89 #include <inet/ip_ftable.h> 90 #include <inet/ip_rts.h> 91 #include <inet/ip_ndp.h> 92 #include <inet/ip_listutils.h> 93 #include <netinet/igmp.h> 94 #include <netinet/ip_mroute.h> 95 #include <inet/ipp_common.h> 96 97 #include <net/pfkeyv2.h> 98 #include <inet/sadb.h> 99 #include <inet/ipsec_impl.h> 100 #include <inet/iptun/iptun_impl.h> 101 #include <inet/ipdrop.h> 102 #include <inet/ip_netinfo.h> 103 #include <inet/ilb_ip.h> 104 105 #include <sys/ethernet.h> 106 #include <net/if_types.h> 107 #include <sys/cpuvar.h> 108 109 #include <ipp/ipp.h> 110 #include <ipp/ipp_impl.h> 111 #include <ipp/ipgpc/ipgpc.h> 112 113 #include <sys/pattr.h> 114 #include <inet/dccp.h> 115 #include <inet/dccp_impl.h> 116 #include <inet/dccp_ip.h> 117 #include <inet/ipclassifier.h> 118 #include <inet/sctp_ip.h> 119 #include <inet/sctp/sctp_impl.h> 120 #include <inet/udp_impl.h> 121 #include <inet/rawip_impl.h> 122 #include <inet/rts_impl.h> 123 124 #include <sys/tsol/label.h> 125 #include <sys/tsol/tnet.h> 126 127 #include <sys/squeue_impl.h> 128 #include <inet/ip_arp.h> 129 130 #include <sys/clock_impl.h> /* For LBOLT_FASTPATH{,64} */ 131 132 /* 133 * Values for squeue switch: 134 * IP_SQUEUE_ENTER_NODRAIN: SQ_NODRAIN 135 * IP_SQUEUE_ENTER: SQ_PROCESS 136 * IP_SQUEUE_FILL: SQ_FILL 137 */ 138 int ip_squeue_enter = IP_SQUEUE_ENTER; /* Setable in /etc/system */ 139 140 int ip_squeue_flag; 141 142 /* 143 * Setable in /etc/system 144 */ 145 int ip_poll_normal_ms = 100; 146 int ip_poll_normal_ticks = 0; 147 int ip_modclose_ackwait_ms = 3000; 148 149 /* 150 * It would be nice to have these present only in DEBUG systems, but the 151 * current design of the global symbol checking logic requires them to be 152 * unconditionally present. 153 */ 154 uint_t ip_thread_data; /* TSD key for debug support */ 155 krwlock_t ip_thread_rwlock; 156 list_t ip_thread_list; 157 158 /* 159 * Structure to represent a linked list of msgblks. Used by ip_snmp_ functions. 160 */ 161 162 struct listptr_s { 163 mblk_t *lp_head; /* pointer to the head of the list */ 164 mblk_t *lp_tail; /* pointer to the tail of the list */ 165 }; 166 167 typedef struct listptr_s listptr_t; 168 169 /* 170 * This is used by ip_snmp_get_mib2_ip_route_media and 171 * ip_snmp_get_mib2_ip6_route_media to carry the lists of return data. 172 */ 173 typedef struct iproutedata_s { 174 uint_t ird_idx; 175 uint_t ird_flags; /* see below */ 176 listptr_t ird_route; /* ipRouteEntryTable */ 177 listptr_t ird_netmedia; /* ipNetToMediaEntryTable */ 178 listptr_t ird_attrs; /* ipRouteAttributeTable */ 179 } iproutedata_t; 180 181 /* Include ire_testhidden and IRE_IF_CLONE routes */ 182 #define IRD_REPORT_ALL 0x01 183 184 /* 185 * Cluster specific hooks. These should be NULL when booted as a non-cluster 186 */ 187 188 /* 189 * Hook functions to enable cluster networking 190 * On non-clustered systems these vectors must always be NULL. 191 * 192 * Hook function to Check ip specified ip address is a shared ip address 193 * in the cluster 194 * 195 */ 196 int (*cl_inet_isclusterwide)(netstackid_t stack_id, uint8_t protocol, 197 sa_family_t addr_family, uint8_t *laddrp, void *args) = NULL; 198 199 /* 200 * Hook function to generate cluster wide ip fragment identifier 201 */ 202 uint32_t (*cl_inet_ipident)(netstackid_t stack_id, uint8_t protocol, 203 sa_family_t addr_family, uint8_t *laddrp, uint8_t *faddrp, 204 void *args) = NULL; 205 206 /* 207 * Hook function to generate cluster wide SPI. 208 */ 209 void (*cl_inet_getspi)(netstackid_t, uint8_t, uint8_t *, size_t, 210 void *) = NULL; 211 212 /* 213 * Hook function to verify if the SPI is already utlized. 214 */ 215 216 int (*cl_inet_checkspi)(netstackid_t, uint8_t, uint32_t, void *) = NULL; 217 218 /* 219 * Hook function to delete the SPI from the cluster wide repository. 220 */ 221 222 void (*cl_inet_deletespi)(netstackid_t, uint8_t, uint32_t, void *) = NULL; 223 224 /* 225 * Hook function to inform the cluster when packet received on an IDLE SA 226 */ 227 228 void (*cl_inet_idlesa)(netstackid_t, uint8_t, uint32_t, sa_family_t, 229 in6_addr_t, in6_addr_t, void *) = NULL; 230 231 /* 232 * Synchronization notes: 233 * 234 * IP is a fully D_MP STREAMS module/driver. Thus it does not depend on any 235 * MT level protection given by STREAMS. IP uses a combination of its own 236 * internal serialization mechanism and standard Solaris locking techniques. 237 * The internal serialization is per phyint. This is used to serialize 238 * plumbing operations, IPMP operations, most set ioctls, etc. 239 * 240 * Plumbing is a long sequence of operations involving message 241 * exchanges between IP, ARP and device drivers. Many set ioctls are typically 242 * involved in plumbing operations. A natural model is to serialize these 243 * ioctls one per ill. For example plumbing of hme0 and qfe0 can go on in 244 * parallel without any interference. But various set ioctls on hme0 are best 245 * serialized, along with IPMP operations and processing of DLPI control 246 * messages received from drivers on a per phyint basis. This serialization is 247 * provided by the ipsq_t and primitives operating on this. Details can 248 * be found in ip_if.c above the core primitives operating on ipsq_t. 249 * 250 * Lookups of an ipif or ill by a thread return a refheld ipif / ill. 251 * Simiarly lookup of an ire by a thread also returns a refheld ire. 252 * In addition ipif's and ill's referenced by the ire are also indirectly 253 * refheld. Thus no ipif or ill can vanish as long as an ipif is refheld 254 * directly or indirectly. For example an SIOCSLIFADDR ioctl that changes the 255 * address of an ipif has to go through the ipsq_t. This ensures that only 256 * one such exclusive operation proceeds at any time on the ipif. It then 257 * waits for all refcnts 258 * associated with this ipif to come down to zero. The address is changed 259 * only after the ipif has been quiesced. Then the ipif is brought up again. 260 * More details are described above the comment in ip_sioctl_flags. 261 * 262 * Packet processing is based mostly on IREs and are fully multi-threaded 263 * using standard Solaris MT techniques. 264 * 265 * There are explicit locks in IP to handle: 266 * - The ip_g_head list maintained by mi_open_link() and friends. 267 * 268 * - The reassembly data structures (one lock per hash bucket) 269 * 270 * - conn_lock is meant to protect conn_t fields. The fields actually 271 * protected by conn_lock are documented in the conn_t definition. 272 * 273 * - ire_lock to protect some of the fields of the ire, IRE tables 274 * (one lock per hash bucket). Refer to ip_ire.c for details. 275 * 276 * - ndp_g_lock and ncec_lock for protecting NCEs. 277 * 278 * - ill_lock protects fields of the ill and ipif. Details in ip.h 279 * 280 * - ill_g_lock: This is a global reader/writer lock. Protects the following 281 * * The AVL tree based global multi list of all ills. 282 * * The linked list of all ipifs of an ill 283 * * The <ipsq-xop> mapping 284 * * <ill-phyint> association 285 * Insertion/deletion of an ill in the system, insertion/deletion of an ipif 286 * into an ill, changing the <ipsq-xop> mapping of an ill, changing the 287 * <ill-phyint> assoc of an ill will all have to hold the ill_g_lock as 288 * writer for the actual duration of the insertion/deletion/change. 289 * 290 * - ill_lock: This is a per ill mutex. 291 * It protects some members of the ill_t struct; see ip.h for details. 292 * It also protects the <ill-phyint> assoc. 293 * It also protects the list of ipifs hanging off the ill. 294 * 295 * - ipsq_lock: This is a per ipsq_t mutex lock. 296 * This protects some members of the ipsq_t struct; see ip.h for details. 297 * It also protects the <ipsq-ipxop> mapping 298 * 299 * - ipx_lock: This is a per ipxop_t mutex lock. 300 * This protects some members of the ipxop_t struct; see ip.h for details. 301 * 302 * - phyint_lock: This is a per phyint mutex lock. Protects just the 303 * phyint_flags 304 * 305 * - ip_addr_avail_lock: This is used to ensure the uniqueness of IP addresses. 306 * This lock is held in ipif_up_done and the ipif is marked IPIF_UP and the 307 * uniqueness check also done atomically. 308 * 309 * - ill_g_usesrc_lock: This readers/writer lock protects the usesrc 310 * group list linked by ill_usesrc_grp_next. It also protects the 311 * ill_usesrc_ifindex field. It is taken as a writer when a member of the 312 * group is being added or deleted. This lock is taken as a reader when 313 * walking the list/group(eg: to get the number of members in a usesrc group). 314 * Note, it is only necessary to take this lock if the ill_usesrc_grp_next 315 * field is changing state i.e from NULL to non-NULL or vice-versa. For 316 * example, it is not necessary to take this lock in the initial portion 317 * of ip_sioctl_slifusesrc or at all in ip_sioctl_flags since these 318 * operations are executed exclusively and that ensures that the "usesrc 319 * group state" cannot change. The "usesrc group state" change can happen 320 * only in the latter part of ip_sioctl_slifusesrc and in ill_delete. 321 * 322 * Changing <ill-phyint>, <ipsq-xop> assocications: 323 * 324 * To change the <ill-phyint> association, the ill_g_lock must be held 325 * as writer, and the ill_locks of both the v4 and v6 instance of the ill 326 * must be held. 327 * 328 * To change the <ipsq-xop> association, the ill_g_lock must be held as 329 * writer, the ipsq_lock must be held, and one must be writer on the ipsq. 330 * This is only done when ills are added or removed from IPMP groups. 331 * 332 * To add or delete an ipif from the list of ipifs hanging off the ill, 333 * ill_g_lock (writer) and ill_lock must be held and the thread must be 334 * a writer on the associated ipsq. 335 * 336 * To add or delete an ill to the system, the ill_g_lock must be held as 337 * writer and the thread must be a writer on the associated ipsq. 338 * 339 * To add or delete an ilm to an ill, the ill_lock must be held and the thread 340 * must be a writer on the associated ipsq. 341 * 342 * Lock hierarchy 343 * 344 * Some lock hierarchy scenarios are listed below. 345 * 346 * ill_g_lock -> conn_lock -> ill_lock -> ipsq_lock -> ipx_lock 347 * ill_g_lock -> ill_lock(s) -> phyint_lock 348 * ill_g_lock -> ndp_g_lock -> ill_lock -> ncec_lock 349 * ill_g_lock -> ip_addr_avail_lock 350 * conn_lock -> irb_lock -> ill_lock -> ire_lock 351 * ill_g_lock -> ip_g_nd_lock 352 * ill_g_lock -> ips_ipmp_lock -> ill_lock -> nce_lock 353 * ill_g_lock -> ndp_g_lock -> ill_lock -> ncec_lock -> nce_lock 354 * arl_lock -> ill_lock 355 * ips_ire_dep_lock -> irb_lock 356 * 357 * When more than 1 ill lock is needed to be held, all ill lock addresses 358 * are sorted on address and locked starting from highest addressed lock 359 * downward. 360 * 361 * Multicast scenarios 362 * ips_ill_g_lock -> ill_mcast_lock 363 * conn_ilg_lock -> ips_ill_g_lock -> ill_lock 364 * ill_mcast_serializer -> ill_mcast_lock -> ips_ipmp_lock -> ill_lock 365 * ill_mcast_serializer -> ill_mcast_lock -> connf_lock -> conn_lock 366 * ill_mcast_serializer -> ill_mcast_lock -> conn_ilg_lock 367 * ill_mcast_serializer -> ill_mcast_lock -> ips_igmp_timer_lock 368 * 369 * IPsec scenarios 370 * 371 * ipsa_lock -> ill_g_lock -> ill_lock 372 * ill_g_usesrc_lock -> ill_g_lock -> ill_lock 373 * 374 * Trusted Solaris scenarios 375 * 376 * igsa_lock -> gcgrp_rwlock -> gcgrp_lock 377 * igsa_lock -> gcdb_lock 378 * gcgrp_rwlock -> ire_lock 379 * gcgrp_rwlock -> gcdb_lock 380 * 381 * squeue(sq_lock), flow related (ft_lock, fe_lock) locking 382 * 383 * cpu_lock --> ill_lock --> sqset_lock --> sq_lock 384 * sq_lock -> conn_lock -> QLOCK(q) 385 * ill_lock -> ft_lock -> fe_lock 386 * 387 * Routing/forwarding table locking notes: 388 * 389 * Lock acquisition order: Radix tree lock, irb_lock. 390 * Requirements: 391 * i. Walker must not hold any locks during the walker callback. 392 * ii Walker must not see a truncated tree during the walk because of any node 393 * deletion. 394 * iii Existing code assumes ire_bucket is valid if it is non-null and is used 395 * in many places in the code to walk the irb list. Thus even if all the 396 * ires in a bucket have been deleted, we still can't free the radix node 397 * until the ires have actually been inactive'd (freed). 398 * 399 * Tree traversal - Need to hold the global tree lock in read mode. 400 * Before dropping the global tree lock, need to either increment the ire_refcnt 401 * to ensure that the radix node can't be deleted. 402 * 403 * Tree add - Need to hold the global tree lock in write mode to add a 404 * radix node. To prevent the node from being deleted, increment the 405 * irb_refcnt, after the node is added to the tree. The ire itself is 406 * added later while holding the irb_lock, but not the tree lock. 407 * 408 * Tree delete - Need to hold the global tree lock and irb_lock in write mode. 409 * All associated ires must be inactive (i.e. freed), and irb_refcnt 410 * must be zero. 411 * 412 * Walker - Increment irb_refcnt before calling the walker callback. Hold the 413 * global tree lock (read mode) for traversal. 414 * 415 * IRE dependencies - In some cases we hold ips_ire_dep_lock across ire_refrele 416 * hence we will acquire irb_lock while holding ips_ire_dep_lock. 417 * 418 * IPsec notes : 419 * 420 * IP interacts with the IPsec code (AH/ESP) by storing IPsec attributes 421 * in the ip_xmit_attr_t ip_recv_attr_t. For outbound datagrams, the 422 * ip_xmit_attr_t has the 423 * information used by the IPsec code for applying the right level of 424 * protection. The information initialized by IP in the ip_xmit_attr_t 425 * is determined by the per-socket policy or global policy in the system. 426 * For inbound datagrams, the ip_recv_attr_t 427 * starts out with nothing in it. It gets filled 428 * with the right information if it goes through the AH/ESP code, which 429 * happens if the incoming packet is secure. The information initialized 430 * by AH/ESP, is later used by IP (during fanouts to ULP) to see whether 431 * the policy requirements needed by per-socket policy or global policy 432 * is met or not. 433 * 434 * For fully connected sockets i.e dst, src [addr, port] is known, 435 * conn_policy_cached is set indicating that policy has been cached. 436 * conn_in_enforce_policy may or may not be set depending on whether 437 * there is a global policy match or per-socket policy match. 438 * Policy inheriting happpens in ip_policy_set once the destination is known. 439 * Once the right policy is set on the conn_t, policy cannot change for 440 * this socket. This makes life simpler for TCP (UDP ?) where 441 * re-transmissions go out with the same policy. For symmetry, policy 442 * is cached for fully connected UDP sockets also. Thus if policy is cached, 443 * it also implies that policy is latched i.e policy cannot change 444 * on these sockets. As we have the right policy on the conn, we don't 445 * have to lookup global policy for every outbound and inbound datagram 446 * and thus serving as an optimization. Note that a global policy change 447 * does not affect fully connected sockets if they have policy. If fully 448 * connected sockets did not have any policy associated with it, global 449 * policy change may affect them. 450 * 451 * IP Flow control notes: 452 * --------------------- 453 * Non-TCP streams are flow controlled by IP. The way this is accomplished 454 * differs when ILL_CAPAB_DLD_DIRECT is enabled for that IP instance. When 455 * ILL_DIRECT_CAPABLE(ill) is TRUE, IP can do direct function calls into 456 * GLDv3. Otherwise packets are sent down to lower layers using STREAMS 457 * functions. 458 * 459 * Per Tx ring udp flow control: 460 * This is applicable only when ILL_CAPAB_DLD_DIRECT capability is set in 461 * the ill (i.e. ILL_DIRECT_CAPABLE(ill) is true). 462 * 463 * The underlying link can expose multiple Tx rings to the GLDv3 mac layer. 464 * To achieve best performance, outgoing traffic need to be fanned out among 465 * these Tx ring. mac_tx() is called (via str_mdata_fastpath_put()) to send 466 * traffic out of the NIC and it takes a fanout hint. UDP connections pass 467 * the address of connp as fanout hint to mac_tx(). Under flow controlled 468 * condition, mac_tx() returns a non-NULL cookie (ip_mac_tx_cookie_t). This 469 * cookie points to a specific Tx ring that is blocked. The cookie is used to 470 * hash into an idl_tx_list[] entry in idl_tx_list[] array. Each idl_tx_list_t 471 * point to drain_lists (idl_t's). These drain list will store the blocked UDP 472 * connp's. The drain list is not a single list but a configurable number of 473 * lists. 474 * 475 * The diagram below shows idl_tx_list_t's and their drain_lists. ip_stack_t 476 * has an array of idl_tx_list_t. The size of the array is TX_FANOUT_SIZE 477 * which is equal to 128. This array in turn contains a pointer to idl_t[], 478 * the ip drain list. The idl_t[] array size is MIN(max_ncpus, 8). The drain 479 * list will point to the list of connp's that are flow controlled. 480 * 481 * --------------- ------- ------- ------- 482 * |->|drain_list[0]|-->|connp|-->|connp|-->|connp|--> 483 * | --------------- ------- ------- ------- 484 * | --------------- ------- ------- ------- 485 * |->|drain_list[1]|-->|connp|-->|connp|-->|connp|--> 486 * ---------------- | --------------- ------- ------- ------- 487 * |idl_tx_list[0]|->| --------------- ------- ------- ------- 488 * ---------------- |->|drain_list[2]|-->|connp|-->|connp|-->|connp|--> 489 * | --------------- ------- ------- ------- 490 * . . . . . 491 * | --------------- ------- ------- ------- 492 * |->|drain_list[n]|-->|connp|-->|connp|-->|connp|--> 493 * --------------- ------- ------- ------- 494 * --------------- ------- ------- ------- 495 * |->|drain_list[0]|-->|connp|-->|connp|-->|connp|--> 496 * | --------------- ------- ------- ------- 497 * | --------------- ------- ------- ------- 498 * ---------------- |->|drain_list[1]|-->|connp|-->|connp|-->|connp|--> 499 * |idl_tx_list[1]|->| --------------- ------- ------- ------- 500 * ---------------- | . . . . 501 * | --------------- ------- ------- ------- 502 * |->|drain_list[n]|-->|connp|-->|connp|-->|connp|--> 503 * --------------- ------- ------- ------- 504 * ..... 505 * ---------------- 506 * |idl_tx_list[n]|-> ... 507 * ---------------- 508 * 509 * When mac_tx() returns a cookie, the cookie is hashed into an index into 510 * ips_idl_tx_list[], and conn_drain_insert() is called with the idl_tx_list 511 * to insert the conn onto. conn_drain_insert() asserts flow control for the 512 * sockets via su_txq_full() (non-STREAMS) or QFULL on conn_wq (STREAMS). 513 * Further, conn_blocked is set to indicate that the conn is blocked. 514 * 515 * GLDv3 calls ill_flow_enable() when flow control is relieved. The cookie 516 * passed in the call to ill_flow_enable() identifies the blocked Tx ring and 517 * is again hashed to locate the appropriate idl_tx_list, which is then 518 * drained via conn_walk_drain(). conn_walk_drain() goes through each conn in 519 * the drain list and calls conn_drain_remove() to clear flow control (via 520 * calling su_txq_full() or clearing QFULL), and remove the conn from the 521 * drain list. 522 * 523 * Note that the drain list is not a single list but a (configurable) array of 524 * lists (8 elements by default). Synchronization between drain insertion and 525 * flow control wakeup is handled by using idl_txl->txl_lock, and only 526 * conn_drain_insert() and conn_drain_remove() manipulate the drain list. 527 * 528 * Flow control via STREAMS is used when ILL_DIRECT_CAPABLE() returns FALSE. 529 * On the send side, if the packet cannot be sent down to the driver by IP 530 * (canput() fails), ip_xmit() drops the packet and returns EWOULDBLOCK to the 531 * caller, who may then invoke ixa_check_drain_insert() to insert the conn on 532 * the 0'th drain list. When ip_wsrv() runs on the ill_wq because flow 533 * control has been relieved, the blocked conns in the 0'th drain list are 534 * drained as in the non-STREAMS case. 535 * 536 * In both the STREAMS and non-STREAMS cases, the sockfs upcall to set QFULL 537 * is done when the conn is inserted into the drain list (conn_drain_insert()) 538 * and cleared when the conn is removed from the it (conn_drain_remove()). 539 * 540 * IPQOS notes: 541 * 542 * IPQoS Policies are applied to packets using IPPF (IP Policy framework) 543 * and IPQoS modules. IPPF includes hooks in IP at different control points 544 * (callout positions) which direct packets to IPQoS modules for policy 545 * processing. Policies, if present, are global. 546 * 547 * The callout positions are located in the following paths: 548 * o local_in (packets destined for this host) 549 * o local_out (packets orginating from this host ) 550 * o fwd_in (packets forwarded by this m/c - inbound) 551 * o fwd_out (packets forwarded by this m/c - outbound) 552 * Hooks at these callout points can be enabled/disabled using the ndd variable 553 * ip_policy_mask (a bit mask with the 4 LSB indicating the callout positions). 554 * By default all the callout positions are enabled. 555 * 556 * Outbound (local_out) 557 * Hooks are placed in ire_send_wire_v4 and ire_send_wire_v6. 558 * 559 * Inbound (local_in) 560 * Hooks are placed in ip_fanout_v4 and ip_fanout_v6. 561 * 562 * Forwarding (in and out) 563 * Hooks are placed in ire_recv_forward_v4/v6. 564 * 565 * IP Policy Framework processing (IPPF processing) 566 * Policy processing for a packet is initiated by ip_process, which ascertains 567 * that the classifier (ipgpc) is loaded and configured, failing which the 568 * packet resumes normal processing in IP. If the clasifier is present, the 569 * packet is acted upon by one or more IPQoS modules (action instances), per 570 * filters configured in ipgpc and resumes normal IP processing thereafter. 571 * An action instance can drop a packet in course of its processing. 572 * 573 * Zones notes: 574 * 575 * The partitioning rules for networking are as follows: 576 * 1) Packets coming from a zone must have a source address belonging to that 577 * zone. 578 * 2) Packets coming from a zone can only be sent on a physical interface on 579 * which the zone has an IP address. 580 * 3) Between two zones on the same machine, packet delivery is only allowed if 581 * there's a matching route for the destination and zone in the forwarding 582 * table. 583 * 4) The TCP and UDP port spaces are per-zone; that is, two processes in 584 * different zones can bind to the same port with the wildcard address 585 * (INADDR_ANY). 586 * 587 * The granularity of interface partitioning is at the logical interface level. 588 * Therefore, every zone has its own IP addresses, and incoming packets can be 589 * attributed to a zone unambiguously. A logical interface is placed into a zone 590 * using the SIOCSLIFZONE ioctl; this sets the ipif_zoneid field in the ipif_t 591 * structure. Rule (1) is implemented by modifying the source address selection 592 * algorithm so that the list of eligible addresses is filtered based on the 593 * sending process zone. 594 * 595 * The Internet Routing Entries (IREs) are either exclusive to a zone or shared 596 * across all zones, depending on their type. Here is the break-up: 597 * 598 * IRE type Shared/exclusive 599 * -------- ---------------- 600 * IRE_BROADCAST Exclusive 601 * IRE_DEFAULT (default routes) Shared (*) 602 * IRE_LOCAL Exclusive (x) 603 * IRE_LOOPBACK Exclusive 604 * IRE_PREFIX (net routes) Shared (*) 605 * IRE_IF_NORESOLVER (interface routes) Exclusive 606 * IRE_IF_RESOLVER (interface routes) Exclusive 607 * IRE_IF_CLONE (interface routes) Exclusive 608 * IRE_HOST (host routes) Shared (*) 609 * 610 * (*) A zone can only use a default or off-subnet route if the gateway is 611 * directly reachable from the zone, that is, if the gateway's address matches 612 * one of the zone's logical interfaces. 613 * 614 * (x) IRE_LOCAL are handled a bit differently. 615 * When ip_restrict_interzone_loopback is set (the default), 616 * ire_route_recursive restricts loopback using an IRE_LOCAL 617 * between zone to the case when L2 would have conceptually looped the packet 618 * back, i.e. the loopback which is required since neither Ethernet drivers 619 * nor Ethernet hardware loops them back. This is the case when the normal 620 * routes (ignoring IREs with different zoneids) would send out the packet on 621 * the same ill as the ill with which is IRE_LOCAL is associated. 622 * 623 * Multiple zones can share a common broadcast address; typically all zones 624 * share the 255.255.255.255 address. Incoming as well as locally originated 625 * broadcast packets must be dispatched to all the zones on the broadcast 626 * network. For directed broadcasts (e.g. 10.16.72.255) this is not trivial 627 * since some zones may not be on the 10.16.72/24 network. To handle this, each 628 * zone has its own set of IRE_BROADCAST entries; then, broadcast packets are 629 * sent to every zone that has an IRE_BROADCAST entry for the destination 630 * address on the input ill, see ip_input_broadcast(). 631 * 632 * Applications in different zones can join the same multicast group address. 633 * The same logic applies for multicast as for broadcast. ip_input_multicast 634 * dispatches packets to all zones that have members on the physical interface. 635 */ 636 637 /* 638 * Squeue Fanout flags: 639 * 0: No fanout. 640 * 1: Fanout across all squeues 641 */ 642 boolean_t ip_squeue_fanout = 0; 643 644 /* 645 * Maximum dups allowed per packet. 646 */ 647 uint_t ip_max_frag_dups = 10; 648 649 static int ip_open(queue_t *q, dev_t *devp, int flag, int sflag, 650 cred_t *credp, boolean_t isv6); 651 static mblk_t *ip_xmit_attach_llhdr(mblk_t *, nce_t *); 652 653 static boolean_t icmp_inbound_verify_v4(mblk_t *, icmph_t *, ip_recv_attr_t *); 654 static void icmp_inbound_too_big_v4(icmph_t *, ip_recv_attr_t *); 655 static void icmp_inbound_error_fanout_v4(mblk_t *, icmph_t *, 656 ip_recv_attr_t *); 657 static void icmp_options_update(ipha_t *); 658 static void icmp_param_problem(mblk_t *, uint8_t, ip_recv_attr_t *); 659 static void icmp_pkt(mblk_t *, void *, size_t, ip_recv_attr_t *); 660 static mblk_t *icmp_pkt_err_ok(mblk_t *, ip_recv_attr_t *); 661 static void icmp_redirect_v4(mblk_t *mp, ipha_t *, icmph_t *, 662 ip_recv_attr_t *); 663 static void icmp_send_redirect(mblk_t *, ipaddr_t, ip_recv_attr_t *); 664 static void icmp_send_reply_v4(mblk_t *, ipha_t *, icmph_t *, 665 ip_recv_attr_t *); 666 667 mblk_t *ip_dlpi_alloc(size_t, t_uscalar_t); 668 char *ip_dot_addr(ipaddr_t, char *); 669 mblk_t *ip_carve_mp(mblk_t **, ssize_t); 670 int ip_close(queue_t *, int); 671 static char *ip_dot_saddr(uchar_t *, char *); 672 static void ip_lrput(queue_t *, mblk_t *); 673 ipaddr_t ip_net_mask(ipaddr_t); 674 char *ip_nv_lookup(nv_t *, int); 675 void ip_rput(queue_t *, mblk_t *); 676 static void ip_rput_dlpi_writer(ipsq_t *dummy_sq, queue_t *q, mblk_t *mp, 677 void *dummy_arg); 678 int ip_snmp_get(queue_t *, mblk_t *, int, boolean_t); 679 static mblk_t *ip_snmp_get_mib2_ip(queue_t *, mblk_t *, 680 mib2_ipIfStatsEntry_t *, ip_stack_t *, boolean_t); 681 static mblk_t *ip_snmp_get_mib2_ip_traffic_stats(queue_t *, mblk_t *, 682 ip_stack_t *, boolean_t); 683 static mblk_t *ip_snmp_get_mib2_ip6(queue_t *, mblk_t *, ip_stack_t *, 684 boolean_t); 685 static mblk_t *ip_snmp_get_mib2_icmp(queue_t *, mblk_t *, ip_stack_t *ipst); 686 static mblk_t *ip_snmp_get_mib2_icmp6(queue_t *, mblk_t *, ip_stack_t *ipst); 687 static mblk_t *ip_snmp_get_mib2_igmp(queue_t *, mblk_t *, ip_stack_t *ipst); 688 static mblk_t *ip_snmp_get_mib2_multi(queue_t *, mblk_t *, ip_stack_t *ipst); 689 static mblk_t *ip_snmp_get_mib2_ip_addr(queue_t *, mblk_t *, 690 ip_stack_t *ipst, boolean_t); 691 static mblk_t *ip_snmp_get_mib2_ip6_addr(queue_t *, mblk_t *, 692 ip_stack_t *ipst, boolean_t); 693 static mblk_t *ip_snmp_get_mib2_ip_group_src(queue_t *, mblk_t *, 694 ip_stack_t *ipst); 695 static mblk_t *ip_snmp_get_mib2_ip6_group_src(queue_t *, mblk_t *, 696 ip_stack_t *ipst); 697 static mblk_t *ip_snmp_get_mib2_ip_group_mem(queue_t *, mblk_t *, 698 ip_stack_t *ipst); 699 static mblk_t *ip_snmp_get_mib2_ip6_group_mem(queue_t *, mblk_t *, 700 ip_stack_t *ipst); 701 static mblk_t *ip_snmp_get_mib2_virt_multi(queue_t *, mblk_t *, 702 ip_stack_t *ipst); 703 static mblk_t *ip_snmp_get_mib2_multi_rtable(queue_t *, mblk_t *, 704 ip_stack_t *ipst); 705 static mblk_t *ip_snmp_get_mib2_ip_route_media(queue_t *, mblk_t *, int, 706 ip_stack_t *ipst); 707 static mblk_t *ip_snmp_get_mib2_ip6_route_media(queue_t *, mblk_t *, int, 708 ip_stack_t *ipst); 709 static void ip_snmp_get2_v4(ire_t *, iproutedata_t *); 710 static void ip_snmp_get2_v6_route(ire_t *, iproutedata_t *); 711 static int ip_snmp_get2_v4_media(ncec_t *, iproutedata_t *); 712 static int ip_snmp_get2_v6_media(ncec_t *, iproutedata_t *); 713 int ip_snmp_set(queue_t *, int, int, uchar_t *, int); 714 715 static mblk_t *ip_fragment_copyhdr(uchar_t *, int, int, ip_stack_t *, 716 mblk_t *); 717 718 static void conn_drain_init(ip_stack_t *); 719 static void conn_drain_fini(ip_stack_t *); 720 static void conn_drain(conn_t *connp, boolean_t closing); 721 722 static void conn_walk_drain(ip_stack_t *, idl_tx_list_t *); 723 static void conn_walk_sctp(pfv_t, void *, zoneid_t, netstack_t *); 724 725 static void *ip_stack_init(netstackid_t stackid, netstack_t *ns); 726 static void ip_stack_shutdown(netstackid_t stackid, void *arg); 727 static void ip_stack_fini(netstackid_t stackid, void *arg); 728 729 static int ip_multirt_apply_membership(int (*fn)(conn_t *, boolean_t, 730 const in6_addr_t *, ipaddr_t, uint_t, mcast_record_t, const in6_addr_t *), 731 ire_t *, conn_t *, boolean_t, const in6_addr_t *, mcast_record_t, 732 const in6_addr_t *); 733 734 static int ip_squeue_switch(int); 735 736 static void *ip_kstat_init(netstackid_t, ip_stack_t *); 737 static void ip_kstat_fini(netstackid_t, kstat_t *); 738 static int ip_kstat_update(kstat_t *kp, int rw); 739 static void *icmp_kstat_init(netstackid_t); 740 static void icmp_kstat_fini(netstackid_t, kstat_t *); 741 static int icmp_kstat_update(kstat_t *kp, int rw); 742 static void *ip_kstat2_init(netstackid_t, ip_stat_t *); 743 static void ip_kstat2_fini(netstackid_t, kstat_t *); 744 745 static void ipobs_init(ip_stack_t *); 746 static void ipobs_fini(ip_stack_t *); 747 748 static int ip_tp_cpu_update(cpu_setup_t, int, void *); 749 750 ipaddr_t ip_g_all_ones = IP_HOST_MASK; 751 752 static long ip_rput_pullups; 753 int dohwcksum = 1; /* use h/w cksum if supported by the hardware */ 754 755 vmem_t *ip_minor_arena_sa; /* for minor nos. from INET_MIN_DEV+2 thru 2^^18-1 */ 756 vmem_t *ip_minor_arena_la; /* for minor nos. from 2^^18 thru 2^^32-1 */ 757 758 int ip_debug; 759 760 /* 761 * Multirouting/CGTP stuff 762 */ 763 int ip_cgtp_filter_rev = CGTP_FILTER_REV; /* CGTP hooks version */ 764 765 /* 766 * IP tunables related declarations. Definitions are in ip_tunables.c 767 */ 768 extern mod_prop_info_t ip_propinfo_tbl[]; 769 extern int ip_propinfo_count; 770 771 /* 772 * Table of IP ioctls encoding the various properties of the ioctl and 773 * indexed based on the last byte of the ioctl command. Occasionally there 774 * is a clash, and there is more than 1 ioctl with the same last byte. 775 * In such a case 1 ioctl is encoded in the ndx table and the remaining 776 * ioctls are encoded in the misc table. An entry in the ndx table is 777 * retrieved by indexing on the last byte of the ioctl command and comparing 778 * the ioctl command with the value in the ndx table. In the event of a 779 * mismatch the misc table is then searched sequentially for the desired 780 * ioctl command. 781 * 782 * Entry: <command> <copyin_size> <flags> <cmd_type> <function> <restart_func> 783 */ 784 ip_ioctl_cmd_t ip_ndx_ioctl_table[] = { 785 /* 000 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 786 /* 001 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 787 /* 002 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 788 /* 003 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 789 /* 004 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 790 /* 005 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 791 /* 006 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 792 /* 007 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 793 /* 008 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 794 /* 009 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 795 796 /* 010 */ { SIOCADDRT, sizeof (struct rtentry), IPI_PRIV, 797 MISC_CMD, ip_siocaddrt, NULL }, 798 /* 011 */ { SIOCDELRT, sizeof (struct rtentry), IPI_PRIV, 799 MISC_CMD, ip_siocdelrt, NULL }, 800 801 /* 012 */ { SIOCSIFADDR, sizeof (struct ifreq), IPI_PRIV | IPI_WR, 802 IF_CMD, ip_sioctl_addr, ip_sioctl_addr_restart }, 803 /* 013 */ { SIOCGIFADDR, sizeof (struct ifreq), IPI_GET_CMD, 804 IF_CMD, ip_sioctl_get_addr, NULL }, 805 806 /* 014 */ { SIOCSIFDSTADDR, sizeof (struct ifreq), IPI_PRIV | IPI_WR, 807 IF_CMD, ip_sioctl_dstaddr, ip_sioctl_dstaddr_restart }, 808 /* 015 */ { SIOCGIFDSTADDR, sizeof (struct ifreq), 809 IPI_GET_CMD, IF_CMD, ip_sioctl_get_dstaddr, NULL }, 810 811 /* 016 */ { SIOCSIFFLAGS, sizeof (struct ifreq), 812 IPI_PRIV | IPI_WR, 813 IF_CMD, ip_sioctl_flags, ip_sioctl_flags_restart }, 814 /* 017 */ { SIOCGIFFLAGS, sizeof (struct ifreq), 815 IPI_MODOK | IPI_GET_CMD, 816 IF_CMD, ip_sioctl_get_flags, NULL }, 817 818 /* 018 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 819 /* 019 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 820 821 /* copyin size cannot be coded for SIOCGIFCONF */ 822 /* 020 */ { O_SIOCGIFCONF, 0, IPI_GET_CMD, 823 MISC_CMD, ip_sioctl_get_ifconf, NULL }, 824 825 /* 021 */ { SIOCSIFMTU, sizeof (struct ifreq), IPI_PRIV | IPI_WR, 826 IF_CMD, ip_sioctl_mtu, NULL }, 827 /* 022 */ { SIOCGIFMTU, sizeof (struct ifreq), IPI_GET_CMD, 828 IF_CMD, ip_sioctl_get_mtu, NULL }, 829 /* 023 */ { SIOCGIFBRDADDR, sizeof (struct ifreq), 830 IPI_GET_CMD, IF_CMD, ip_sioctl_get_brdaddr, NULL }, 831 /* 024 */ { SIOCSIFBRDADDR, sizeof (struct ifreq), IPI_PRIV | IPI_WR, 832 IF_CMD, ip_sioctl_brdaddr, NULL }, 833 /* 025 */ { SIOCGIFNETMASK, sizeof (struct ifreq), 834 IPI_GET_CMD, IF_CMD, ip_sioctl_get_netmask, NULL }, 835 /* 026 */ { SIOCSIFNETMASK, sizeof (struct ifreq), IPI_PRIV | IPI_WR, 836 IF_CMD, ip_sioctl_netmask, ip_sioctl_netmask_restart }, 837 /* 027 */ { SIOCGIFMETRIC, sizeof (struct ifreq), 838 IPI_GET_CMD, IF_CMD, ip_sioctl_get_metric, NULL }, 839 /* 028 */ { SIOCSIFMETRIC, sizeof (struct ifreq), IPI_PRIV, 840 IF_CMD, ip_sioctl_metric, NULL }, 841 /* 029 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 842 843 /* See 166-168 below for extended SIOC*XARP ioctls */ 844 /* 030 */ { SIOCSARP, sizeof (struct arpreq), IPI_PRIV | IPI_WR, 845 ARP_CMD, ip_sioctl_arp, NULL }, 846 /* 031 */ { SIOCGARP, sizeof (struct arpreq), IPI_GET_CMD, 847 ARP_CMD, ip_sioctl_arp, NULL }, 848 /* 032 */ { SIOCDARP, sizeof (struct arpreq), IPI_PRIV | IPI_WR, 849 ARP_CMD, ip_sioctl_arp, NULL }, 850 851 /* 033 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 852 /* 034 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 853 /* 035 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 854 /* 036 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 855 /* 037 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 856 /* 038 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 857 /* 039 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 858 /* 040 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 859 /* 041 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 860 /* 042 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 861 /* 043 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 862 /* 044 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 863 /* 045 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 864 /* 046 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 865 /* 047 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 866 /* 048 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 867 /* 049 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 868 /* 050 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 869 /* 051 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 870 /* 052 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 871 /* 053 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 872 873 /* 054 */ { IF_UNITSEL, sizeof (int), IPI_PRIV | IPI_WR | IPI_MODOK, 874 MISC_CMD, if_unitsel, if_unitsel_restart }, 875 876 /* 055 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 877 /* 056 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 878 /* 057 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 879 /* 058 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 880 /* 059 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 881 /* 060 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 882 /* 061 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 883 /* 062 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 884 /* 063 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 885 /* 064 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 886 /* 065 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 887 /* 066 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 888 /* 067 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 889 /* 068 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 890 /* 069 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 891 /* 070 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 892 /* 071 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 893 /* 072 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 894 895 /* 073 */ { SIOCSIFNAME, sizeof (struct ifreq), 896 IPI_PRIV | IPI_WR | IPI_MODOK, 897 IF_CMD, ip_sioctl_sifname, NULL }, 898 899 /* 074 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 900 /* 075 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 901 /* 076 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 902 /* 077 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 903 /* 078 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 904 /* 079 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 905 /* 080 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 906 /* 081 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 907 /* 082 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 908 /* 083 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 909 /* 084 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 910 /* 085 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 911 /* 086 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 912 913 /* 087 */ { SIOCGIFNUM, sizeof (int), IPI_GET_CMD, 914 MISC_CMD, ip_sioctl_get_ifnum, NULL }, 915 /* 088 */ { SIOCGIFMUXID, sizeof (struct ifreq), IPI_GET_CMD, 916 IF_CMD, ip_sioctl_get_muxid, NULL }, 917 /* 089 */ { SIOCSIFMUXID, sizeof (struct ifreq), 918 IPI_PRIV | IPI_WR, IF_CMD, ip_sioctl_muxid, NULL }, 919 920 /* Both if and lif variants share same func */ 921 /* 090 */ { SIOCGIFINDEX, sizeof (struct ifreq), IPI_GET_CMD, 922 IF_CMD, ip_sioctl_get_lifindex, NULL }, 923 /* Both if and lif variants share same func */ 924 /* 091 */ { SIOCSIFINDEX, sizeof (struct ifreq), 925 IPI_PRIV | IPI_WR, IF_CMD, ip_sioctl_slifindex, NULL }, 926 927 /* copyin size cannot be coded for SIOCGIFCONF */ 928 /* 092 */ { SIOCGIFCONF, 0, IPI_GET_CMD, 929 MISC_CMD, ip_sioctl_get_ifconf, NULL }, 930 /* 093 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 931 /* 094 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 932 /* 095 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 933 /* 096 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 934 /* 097 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 935 /* 098 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 936 /* 099 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 937 /* 100 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 938 /* 101 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 939 /* 102 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 940 /* 103 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 941 /* 104 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 942 /* 105 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 943 /* 106 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 944 /* 107 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 945 /* 108 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 946 /* 109 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 947 948 /* 110 */ { SIOCLIFREMOVEIF, sizeof (struct lifreq), 949 IPI_PRIV | IPI_WR, LIF_CMD, ip_sioctl_removeif, 950 ip_sioctl_removeif_restart }, 951 /* 111 */ { SIOCLIFADDIF, sizeof (struct lifreq), 952 IPI_GET_CMD | IPI_PRIV | IPI_WR, 953 LIF_CMD, ip_sioctl_addif, NULL }, 954 #define SIOCLIFADDR_NDX 112 955 /* 112 */ { SIOCSLIFADDR, sizeof (struct lifreq), IPI_PRIV | IPI_WR, 956 LIF_CMD, ip_sioctl_addr, ip_sioctl_addr_restart }, 957 /* 113 */ { SIOCGLIFADDR, sizeof (struct lifreq), 958 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_addr, NULL }, 959 /* 114 */ { SIOCSLIFDSTADDR, sizeof (struct lifreq), IPI_PRIV | IPI_WR, 960 LIF_CMD, ip_sioctl_dstaddr, ip_sioctl_dstaddr_restart }, 961 /* 115 */ { SIOCGLIFDSTADDR, sizeof (struct lifreq), 962 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_dstaddr, NULL }, 963 /* 116 */ { SIOCSLIFFLAGS, sizeof (struct lifreq), 964 IPI_PRIV | IPI_WR, 965 LIF_CMD, ip_sioctl_flags, ip_sioctl_flags_restart }, 966 /* 117 */ { SIOCGLIFFLAGS, sizeof (struct lifreq), 967 IPI_GET_CMD | IPI_MODOK, 968 LIF_CMD, ip_sioctl_get_flags, NULL }, 969 970 /* 118 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 971 /* 119 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 972 973 /* 120 */ { O_SIOCGLIFCONF, 0, IPI_GET_CMD, MISC_CMD, 974 ip_sioctl_get_lifconf, NULL }, 975 /* 121 */ { SIOCSLIFMTU, sizeof (struct lifreq), IPI_PRIV | IPI_WR, 976 LIF_CMD, ip_sioctl_mtu, NULL }, 977 /* 122 */ { SIOCGLIFMTU, sizeof (struct lifreq), IPI_GET_CMD, 978 LIF_CMD, ip_sioctl_get_mtu, NULL }, 979 /* 123 */ { SIOCGLIFBRDADDR, sizeof (struct lifreq), 980 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_brdaddr, NULL }, 981 /* 124 */ { SIOCSLIFBRDADDR, sizeof (struct lifreq), IPI_PRIV | IPI_WR, 982 LIF_CMD, ip_sioctl_brdaddr, NULL }, 983 /* 125 */ { SIOCGLIFNETMASK, sizeof (struct lifreq), 984 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_netmask, NULL }, 985 /* 126 */ { SIOCSLIFNETMASK, sizeof (struct lifreq), IPI_PRIV | IPI_WR, 986 LIF_CMD, ip_sioctl_netmask, ip_sioctl_netmask_restart }, 987 /* 127 */ { SIOCGLIFMETRIC, sizeof (struct lifreq), 988 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_metric, NULL }, 989 /* 128 */ { SIOCSLIFMETRIC, sizeof (struct lifreq), IPI_PRIV | IPI_WR, 990 LIF_CMD, ip_sioctl_metric, NULL }, 991 /* 129 */ { SIOCSLIFNAME, sizeof (struct lifreq), 992 IPI_PRIV | IPI_WR | IPI_MODOK, 993 LIF_CMD, ip_sioctl_slifname, 994 ip_sioctl_slifname_restart }, 995 996 /* 130 */ { SIOCGLIFNUM, sizeof (struct lifnum), IPI_GET_CMD, 997 MISC_CMD, ip_sioctl_get_lifnum, NULL }, 998 /* 131 */ { SIOCGLIFMUXID, sizeof (struct lifreq), 999 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_muxid, NULL }, 1000 /* 132 */ { SIOCSLIFMUXID, sizeof (struct lifreq), 1001 IPI_PRIV | IPI_WR, LIF_CMD, ip_sioctl_muxid, NULL }, 1002 /* 133 */ { SIOCGLIFINDEX, sizeof (struct lifreq), 1003 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_lifindex, 0 }, 1004 /* 134 */ { SIOCSLIFINDEX, sizeof (struct lifreq), 1005 IPI_PRIV | IPI_WR, LIF_CMD, ip_sioctl_slifindex, 0 }, 1006 /* 135 */ { SIOCSLIFTOKEN, sizeof (struct lifreq), IPI_PRIV | IPI_WR, 1007 LIF_CMD, ip_sioctl_token, NULL }, 1008 /* 136 */ { SIOCGLIFTOKEN, sizeof (struct lifreq), 1009 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_token, NULL }, 1010 /* 137 */ { SIOCSLIFSUBNET, sizeof (struct lifreq), IPI_PRIV | IPI_WR, 1011 LIF_CMD, ip_sioctl_subnet, ip_sioctl_subnet_restart }, 1012 /* 138 */ { SIOCGLIFSUBNET, sizeof (struct lifreq), 1013 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_subnet, NULL }, 1014 /* 139 */ { SIOCSLIFLNKINFO, sizeof (struct lifreq), IPI_PRIV | IPI_WR, 1015 LIF_CMD, ip_sioctl_lnkinfo, NULL }, 1016 1017 /* 140 */ { SIOCGLIFLNKINFO, sizeof (struct lifreq), 1018 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_lnkinfo, NULL }, 1019 /* 141 */ { SIOCLIFDELND, sizeof (struct lifreq), IPI_PRIV, 1020 LIF_CMD, ip_siocdelndp_v6, NULL }, 1021 /* 142 */ { SIOCLIFGETND, sizeof (struct lifreq), IPI_GET_CMD, 1022 LIF_CMD, ip_siocqueryndp_v6, NULL }, 1023 /* 143 */ { SIOCLIFSETND, sizeof (struct lifreq), IPI_PRIV, 1024 LIF_CMD, ip_siocsetndp_v6, NULL }, 1025 /* 144 */ { SIOCTMYADDR, sizeof (struct sioc_addrreq), IPI_GET_CMD, 1026 MISC_CMD, ip_sioctl_tmyaddr, NULL }, 1027 /* 145 */ { SIOCTONLINK, sizeof (struct sioc_addrreq), IPI_GET_CMD, 1028 MISC_CMD, ip_sioctl_tonlink, NULL }, 1029 /* 146 */ { SIOCTMYSITE, sizeof (struct sioc_addrreq), 0, 1030 MISC_CMD, ip_sioctl_tmysite, NULL }, 1031 /* 147 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 1032 /* 148 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 1033 /* IPSECioctls handled in ip_sioctl_copyin_setup itself */ 1034 /* 149 */ { SIOCFIPSECONFIG, 0, IPI_PRIV, MISC_CMD, NULL, NULL }, 1035 /* 150 */ { SIOCSIPSECONFIG, 0, IPI_PRIV, MISC_CMD, NULL, NULL }, 1036 /* 151 */ { SIOCDIPSECONFIG, 0, IPI_PRIV, MISC_CMD, NULL, NULL }, 1037 /* 152 */ { SIOCLIPSECONFIG, 0, IPI_PRIV, MISC_CMD, NULL, NULL }, 1038 1039 /* 153 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 1040 1041 /* 154 */ { SIOCGLIFBINDING, sizeof (struct lifreq), IPI_GET_CMD, 1042 LIF_CMD, ip_sioctl_get_binding, NULL }, 1043 /* 155 */ { SIOCSLIFGROUPNAME, sizeof (struct lifreq), 1044 IPI_PRIV | IPI_WR, 1045 LIF_CMD, ip_sioctl_groupname, ip_sioctl_groupname }, 1046 /* 156 */ { SIOCGLIFGROUPNAME, sizeof (struct lifreq), 1047 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_groupname, NULL }, 1048 /* 157 */ { SIOCGLIFGROUPINFO, sizeof (lifgroupinfo_t), 1049 IPI_GET_CMD, MISC_CMD, ip_sioctl_groupinfo, NULL }, 1050 1051 /* Leave 158-160 unused; used to be SIOC*IFARP ioctls */ 1052 /* 158 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 1053 /* 159 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 1054 /* 160 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 1055 1056 /* 161 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 1057 1058 /* These are handled in ip_sioctl_copyin_setup itself */ 1059 /* 162 */ { SIOCGIP6ADDRPOLICY, 0, IPI_NULL_BCONT, 1060 MISC_CMD, NULL, NULL }, 1061 /* 163 */ { SIOCSIP6ADDRPOLICY, 0, IPI_PRIV | IPI_NULL_BCONT, 1062 MISC_CMD, NULL, NULL }, 1063 /* 164 */ { SIOCGDSTINFO, 0, IPI_GET_CMD, MISC_CMD, NULL, NULL }, 1064 1065 /* 165 */ { SIOCGLIFCONF, 0, IPI_GET_CMD, MISC_CMD, 1066 ip_sioctl_get_lifconf, NULL }, 1067 1068 /* 166 */ { SIOCSXARP, sizeof (struct xarpreq), IPI_PRIV | IPI_WR, 1069 XARP_CMD, ip_sioctl_arp, NULL }, 1070 /* 167 */ { SIOCGXARP, sizeof (struct xarpreq), IPI_GET_CMD, 1071 XARP_CMD, ip_sioctl_arp, NULL }, 1072 /* 168 */ { SIOCDXARP, sizeof (struct xarpreq), IPI_PRIV | IPI_WR, 1073 XARP_CMD, ip_sioctl_arp, NULL }, 1074 1075 /* SIOCPOPSOCKFS is not handled by IP */ 1076 /* 169 */ { IPI_DONTCARE /* SIOCPOPSOCKFS */, 0, 0, 0, NULL, NULL }, 1077 1078 /* 170 */ { SIOCGLIFZONE, sizeof (struct lifreq), 1079 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_lifzone, NULL }, 1080 /* 171 */ { SIOCSLIFZONE, sizeof (struct lifreq), 1081 IPI_PRIV | IPI_WR, LIF_CMD, ip_sioctl_slifzone, 1082 ip_sioctl_slifzone_restart }, 1083 /* 172-174 are SCTP ioctls and not handled by IP */ 1084 /* 172 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 1085 /* 173 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 1086 /* 174 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 1087 /* 175 */ { SIOCGLIFUSESRC, sizeof (struct lifreq), 1088 IPI_GET_CMD, LIF_CMD, 1089 ip_sioctl_get_lifusesrc, 0 }, 1090 /* 176 */ { SIOCSLIFUSESRC, sizeof (struct lifreq), 1091 IPI_PRIV | IPI_WR, 1092 LIF_CMD, ip_sioctl_slifusesrc, 1093 NULL }, 1094 /* 177 */ { SIOCGLIFSRCOF, 0, IPI_GET_CMD, MISC_CMD, 1095 ip_sioctl_get_lifsrcof, NULL }, 1096 /* 178 */ { SIOCGMSFILTER, sizeof (struct group_filter), IPI_GET_CMD, 1097 MSFILT_CMD, ip_sioctl_msfilter, NULL }, 1098 /* 179 */ { SIOCSMSFILTER, sizeof (struct group_filter), 0, 1099 MSFILT_CMD, ip_sioctl_msfilter, NULL }, 1100 /* 180 */ { SIOCGIPMSFILTER, sizeof (struct ip_msfilter), IPI_GET_CMD, 1101 MSFILT_CMD, ip_sioctl_msfilter, NULL }, 1102 /* 181 */ { SIOCSIPMSFILTER, sizeof (struct ip_msfilter), 0, 1103 MSFILT_CMD, ip_sioctl_msfilter, NULL }, 1104 /* 182 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL }, 1105 /* SIOCSENABLESDP is handled by SDP */ 1106 /* 183 */ { IPI_DONTCARE /* SIOCSENABLESDP */, 0, 0, 0, NULL, NULL }, 1107 /* 184 */ { IPI_DONTCARE /* SIOCSQPTR */, 0, 0, 0, NULL, NULL }, 1108 /* 185 */ { SIOCGIFHWADDR, sizeof (struct ifreq), IPI_GET_CMD, 1109 IF_CMD, ip_sioctl_get_ifhwaddr, NULL }, 1110 /* 186 */ { IPI_DONTCARE /* SIOCGSTAMP */, 0, 0, 0, NULL, NULL }, 1111 /* 187 */ { SIOCILB, 0, IPI_PRIV | IPI_GET_CMD, MISC_CMD, 1112 ip_sioctl_ilb_cmd, NULL }, 1113 /* 188 */ { SIOCGETPROP, 0, IPI_GET_CMD, 0, NULL, NULL }, 1114 /* 189 */ { SIOCSETPROP, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL}, 1115 /* 190 */ { SIOCGLIFDADSTATE, sizeof (struct lifreq), 1116 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_dadstate, NULL }, 1117 /* 191 */ { SIOCSLIFPREFIX, sizeof (struct lifreq), IPI_PRIV | IPI_WR, 1118 LIF_CMD, ip_sioctl_prefix, ip_sioctl_prefix_restart }, 1119 /* 192 */ { SIOCGLIFHWADDR, sizeof (struct lifreq), IPI_GET_CMD, 1120 LIF_CMD, ip_sioctl_get_lifhwaddr, NULL } 1121 }; 1122 1123 int ip_ndx_ioctl_count = sizeof (ip_ndx_ioctl_table) / sizeof (ip_ioctl_cmd_t); 1124 1125 ip_ioctl_cmd_t ip_misc_ioctl_table[] = { 1126 { I_LINK, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL }, 1127 { I_UNLINK, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL }, 1128 { I_PLINK, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL }, 1129 { I_PUNLINK, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL }, 1130 { ND_GET, 0, 0, 0, NULL, NULL }, 1131 { ND_SET, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL }, 1132 { IP_IOCTL, 0, 0, 0, NULL, NULL }, 1133 { SIOCGETVIFCNT, sizeof (struct sioc_vif_req), IPI_GET_CMD, 1134 MISC_CMD, mrt_ioctl}, 1135 { SIOCGETSGCNT, sizeof (struct sioc_sg_req), IPI_GET_CMD, 1136 MISC_CMD, mrt_ioctl}, 1137 { SIOCGETLSGCNT, sizeof (struct sioc_lsg_req), IPI_GET_CMD, 1138 MISC_CMD, mrt_ioctl} 1139 }; 1140 1141 int ip_misc_ioctl_count = 1142 sizeof (ip_misc_ioctl_table) / sizeof (ip_ioctl_cmd_t); 1143 1144 int conn_drain_nthreads; /* Number of drainers reqd. */ 1145 /* Settable in /etc/system */ 1146 /* Defined in ip_ire.c */ 1147 extern uint32_t ip_ire_max_bucket_cnt, ip6_ire_max_bucket_cnt; 1148 extern uint32_t ip_ire_min_bucket_cnt, ip6_ire_min_bucket_cnt; 1149 extern uint32_t ip_ire_mem_ratio, ip_ire_cpu_ratio; 1150 1151 static nv_t ire_nv_arr[] = { 1152 { IRE_BROADCAST, "BROADCAST" }, 1153 { IRE_LOCAL, "LOCAL" }, 1154 { IRE_LOOPBACK, "LOOPBACK" }, 1155 { IRE_DEFAULT, "DEFAULT" }, 1156 { IRE_PREFIX, "PREFIX" }, 1157 { IRE_IF_NORESOLVER, "IF_NORESOL" }, 1158 { IRE_IF_RESOLVER, "IF_RESOLV" }, 1159 { IRE_IF_CLONE, "IF_CLONE" }, 1160 { IRE_HOST, "HOST" }, 1161 { IRE_MULTICAST, "MULTICAST" }, 1162 { IRE_NOROUTE, "NOROUTE" }, 1163 { 0 } 1164 }; 1165 1166 nv_t *ire_nv_tbl = ire_nv_arr; 1167 1168 /* Simple ICMP IP Header Template */ 1169 static ipha_t icmp_ipha = { 1170 IP_SIMPLE_HDR_VERSION, 0, 0, 0, 0, 0, IPPROTO_ICMP 1171 }; 1172 1173 struct module_info ip_mod_info = { 1174 IP_MOD_ID, IP_MOD_NAME, IP_MOD_MINPSZ, IP_MOD_MAXPSZ, IP_MOD_HIWAT, 1175 IP_MOD_LOWAT 1176 }; 1177 1178 /* 1179 * Duplicate static symbols within a module confuses mdb; so we avoid the 1180 * problem by making the symbols here distinct from those in udp.c. 1181 */ 1182 1183 /* 1184 * Entry points for IP as a device and as a module. 1185 * We have separate open functions for the /dev/ip and /dev/ip6 devices. 1186 */ 1187 static struct qinit iprinitv4 = { 1188 (pfi_t)ip_rput, NULL, ip_openv4, ip_close, NULL, 1189 &ip_mod_info 1190 }; 1191 1192 struct qinit iprinitv6 = { 1193 (pfi_t)ip_rput_v6, NULL, ip_openv6, ip_close, NULL, 1194 &ip_mod_info 1195 }; 1196 1197 static struct qinit ipwinit = { 1198 (pfi_t)ip_wput_nondata, (pfi_t)ip_wsrv, NULL, NULL, NULL, 1199 &ip_mod_info 1200 }; 1201 1202 static struct qinit iplrinit = { 1203 (pfi_t)ip_lrput, NULL, ip_openv4, ip_close, NULL, 1204 &ip_mod_info 1205 }; 1206 1207 static struct qinit iplwinit = { 1208 (pfi_t)ip_lwput, NULL, NULL, NULL, NULL, 1209 &ip_mod_info 1210 }; 1211 1212 /* For AF_INET aka /dev/ip */ 1213 struct streamtab ipinfov4 = { 1214 &iprinitv4, &ipwinit, &iplrinit, &iplwinit 1215 }; 1216 1217 /* For AF_INET6 aka /dev/ip6 */ 1218 struct streamtab ipinfov6 = { 1219 &iprinitv6, &ipwinit, &iplrinit, &iplwinit 1220 }; 1221 1222 #ifdef DEBUG 1223 boolean_t skip_sctp_cksum = B_FALSE; 1224 #endif 1225 1226 /* 1227 * Generate an ICMP fragmentation needed message. 1228 * When called from ip_output side a minimal ip_recv_attr_t needs to be 1229 * constructed by the caller. 1230 */ 1231 void 1232 icmp_frag_needed(mblk_t *mp, int mtu, ip_recv_attr_t *ira) 1233 { 1234 icmph_t icmph; 1235 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 1236 1237 mp = icmp_pkt_err_ok(mp, ira); 1238 if (mp == NULL) 1239 return; 1240 1241 bzero(&icmph, sizeof (icmph_t)); 1242 icmph.icmph_type = ICMP_DEST_UNREACHABLE; 1243 icmph.icmph_code = ICMP_FRAGMENTATION_NEEDED; 1244 icmph.icmph_du_mtu = htons((uint16_t)mtu); 1245 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutFragNeeded); 1246 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDestUnreachs); 1247 1248 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira); 1249 } 1250 1251 /* 1252 * icmp_inbound_v4 deals with ICMP messages that are handled by IP. 1253 * If the ICMP message is consumed by IP, i.e., it should not be delivered 1254 * to any IPPROTO_ICMP raw sockets, then it returns NULL. 1255 * Likewise, if the ICMP error is misformed (too short, etc), then it 1256 * returns NULL. The caller uses this to determine whether or not to send 1257 * to raw sockets. 1258 * 1259 * All error messages are passed to the matching transport stream. 1260 * 1261 * The following cases are handled by icmp_inbound: 1262 * 1) It needs to send a reply back and possibly delivering it 1263 * to the "interested" upper clients. 1264 * 2) Return the mblk so that the caller can pass it to the RAW socket clients. 1265 * 3) It needs to change some values in IP only. 1266 * 4) It needs to change some values in IP and upper layers e.g TCP 1267 * by delivering an error to the upper layers. 1268 * 1269 * We handle the above three cases in the context of IPsec in the 1270 * following way : 1271 * 1272 * 1) Send the reply back in the same way as the request came in. 1273 * If it came in encrypted, it goes out encrypted. If it came in 1274 * clear, it goes out in clear. Thus, this will prevent chosen 1275 * plain text attack. 1276 * 2) The client may or may not expect things to come in secure. 1277 * If it comes in secure, the policy constraints are checked 1278 * before delivering it to the upper layers. If it comes in 1279 * clear, ipsec_inbound_accept_clear will decide whether to 1280 * accept this in clear or not. In both the cases, if the returned 1281 * message (IP header + 8 bytes) that caused the icmp message has 1282 * AH/ESP headers, it is sent up to AH/ESP for validation before 1283 * sending up. If there are only 8 bytes of returned message, then 1284 * upper client will not be notified. 1285 * 3) Check with global policy to see whether it matches the constaints. 1286 * But this will be done only if icmp_accept_messages_in_clear is 1287 * zero. 1288 * 4) If we need to change both in IP and ULP, then the decision taken 1289 * while affecting the values in IP and while delivering up to TCP 1290 * should be the same. 1291 * 1292 * There are two cases. 1293 * 1294 * a) If we reject data at the IP layer (ipsec_check_global_policy() 1295 * failed), we will not deliver it to the ULP, even though they 1296 * are *willing* to accept in *clear*. This is fine as our global 1297 * disposition to icmp messages asks us reject the datagram. 1298 * 1299 * b) If we accept data at the IP layer (ipsec_check_global_policy() 1300 * succeeded or icmp_accept_messages_in_clear is 1), and not able 1301 * to deliver it to ULP (policy failed), it can lead to 1302 * consistency problems. The cases known at this time are 1303 * ICMP_DESTINATION_UNREACHABLE messages with following code 1304 * values : 1305 * 1306 * - ICMP_FRAGMENTATION_NEEDED : IP adapts to the new value 1307 * and Upper layer rejects. Then the communication will 1308 * come to a stop. This is solved by making similar decisions 1309 * at both levels. Currently, when we are unable to deliver 1310 * to the Upper Layer (due to policy failures) while IP has 1311 * adjusted dce_pmtu, the next outbound datagram would 1312 * generate a local ICMP_FRAGMENTATION_NEEDED message - which 1313 * will be with the right level of protection. Thus the right 1314 * value will be communicated even if we are not able to 1315 * communicate when we get from the wire initially. But this 1316 * assumes there would be at least one outbound datagram after 1317 * IP has adjusted its dce_pmtu value. To make things 1318 * simpler, we accept in clear after the validation of 1319 * AH/ESP headers. 1320 * 1321 * - Other ICMP ERRORS : We may not be able to deliver it to the 1322 * upper layer depending on the level of protection the upper 1323 * layer expects and the disposition in ipsec_inbound_accept_clear(). 1324 * ipsec_inbound_accept_clear() decides whether a given ICMP error 1325 * should be accepted in clear when the Upper layer expects secure. 1326 * Thus the communication may get aborted by some bad ICMP 1327 * packets. 1328 */ 1329 mblk_t * 1330 icmp_inbound_v4(mblk_t *mp, ip_recv_attr_t *ira) 1331 { 1332 icmph_t *icmph; 1333 ipha_t *ipha; /* Outer header */ 1334 int ip_hdr_length; /* Outer header length */ 1335 boolean_t interested; 1336 ipif_t *ipif; 1337 uint32_t ts; 1338 uint32_t *tsp; 1339 timestruc_t now; 1340 ill_t *ill = ira->ira_ill; 1341 ip_stack_t *ipst = ill->ill_ipst; 1342 zoneid_t zoneid = ira->ira_zoneid; 1343 int len_needed; 1344 mblk_t *mp_ret = NULL; 1345 1346 ipha = (ipha_t *)mp->b_rptr; 1347 1348 BUMP_MIB(&ipst->ips_icmp_mib, icmpInMsgs); 1349 1350 ip_hdr_length = ira->ira_ip_hdr_length; 1351 if ((mp->b_wptr - mp->b_rptr) < (ip_hdr_length + ICMPH_SIZE)) { 1352 if (ira->ira_pktlen < (ip_hdr_length + ICMPH_SIZE)) { 1353 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts); 1354 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill); 1355 freemsg(mp); 1356 return (NULL); 1357 } 1358 /* Last chance to get real. */ 1359 ipha = ip_pullup(mp, ip_hdr_length + ICMPH_SIZE, ira); 1360 if (ipha == NULL) { 1361 BUMP_MIB(&ipst->ips_icmp_mib, icmpInErrors); 1362 freemsg(mp); 1363 return (NULL); 1364 } 1365 } 1366 1367 /* The IP header will always be a multiple of four bytes */ 1368 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length]; 1369 ip2dbg(("icmp_inbound_v4: type %d code %d\n", icmph->icmph_type, 1370 icmph->icmph_code)); 1371 1372 /* 1373 * We will set "interested" to "true" if we should pass a copy to 1374 * the transport or if we handle the packet locally. 1375 */ 1376 interested = B_FALSE; 1377 switch (icmph->icmph_type) { 1378 case ICMP_ECHO_REPLY: 1379 BUMP_MIB(&ipst->ips_icmp_mib, icmpInEchoReps); 1380 break; 1381 case ICMP_DEST_UNREACHABLE: 1382 if (icmph->icmph_code == ICMP_FRAGMENTATION_NEEDED) 1383 BUMP_MIB(&ipst->ips_icmp_mib, icmpInFragNeeded); 1384 interested = B_TRUE; /* Pass up to transport */ 1385 BUMP_MIB(&ipst->ips_icmp_mib, icmpInDestUnreachs); 1386 break; 1387 case ICMP_SOURCE_QUENCH: 1388 interested = B_TRUE; /* Pass up to transport */ 1389 BUMP_MIB(&ipst->ips_icmp_mib, icmpInSrcQuenchs); 1390 break; 1391 case ICMP_REDIRECT: 1392 if (!ipst->ips_ip_ignore_redirect) 1393 interested = B_TRUE; 1394 BUMP_MIB(&ipst->ips_icmp_mib, icmpInRedirects); 1395 break; 1396 case ICMP_ECHO_REQUEST: 1397 /* 1398 * Whether to respond to echo requests that come in as IP 1399 * broadcasts or as IP multicast is subject to debate 1400 * (what isn't?). We aim to please, you pick it. 1401 * Default is do it. 1402 */ 1403 if (ira->ira_flags & IRAF_MULTICAST) { 1404 /* multicast: respond based on tunable */ 1405 interested = ipst->ips_ip_g_resp_to_echo_mcast; 1406 } else if (ira->ira_flags & IRAF_BROADCAST) { 1407 /* broadcast: respond based on tunable */ 1408 interested = ipst->ips_ip_g_resp_to_echo_bcast; 1409 } else { 1410 /* unicast: always respond */ 1411 interested = B_TRUE; 1412 } 1413 BUMP_MIB(&ipst->ips_icmp_mib, icmpInEchos); 1414 if (!interested) { 1415 /* We never pass these to RAW sockets */ 1416 freemsg(mp); 1417 return (NULL); 1418 } 1419 1420 /* Check db_ref to make sure we can modify the packet. */ 1421 if (mp->b_datap->db_ref > 1) { 1422 mblk_t *mp1; 1423 1424 mp1 = copymsg(mp); 1425 freemsg(mp); 1426 if (!mp1) { 1427 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops); 1428 return (NULL); 1429 } 1430 mp = mp1; 1431 ipha = (ipha_t *)mp->b_rptr; 1432 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length]; 1433 } 1434 icmph->icmph_type = ICMP_ECHO_REPLY; 1435 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutEchoReps); 1436 icmp_send_reply_v4(mp, ipha, icmph, ira); 1437 return (NULL); 1438 1439 case ICMP_ROUTER_ADVERTISEMENT: 1440 case ICMP_ROUTER_SOLICITATION: 1441 break; 1442 case ICMP_TIME_EXCEEDED: 1443 interested = B_TRUE; /* Pass up to transport */ 1444 BUMP_MIB(&ipst->ips_icmp_mib, icmpInTimeExcds); 1445 break; 1446 case ICMP_PARAM_PROBLEM: 1447 interested = B_TRUE; /* Pass up to transport */ 1448 BUMP_MIB(&ipst->ips_icmp_mib, icmpInParmProbs); 1449 break; 1450 case ICMP_TIME_STAMP_REQUEST: 1451 /* Response to Time Stamp Requests is local policy. */ 1452 if (ipst->ips_ip_g_resp_to_timestamp) { 1453 if (ira->ira_flags & IRAF_MULTIBROADCAST) 1454 interested = 1455 ipst->ips_ip_g_resp_to_timestamp_bcast; 1456 else 1457 interested = B_TRUE; 1458 } 1459 if (!interested) { 1460 /* We never pass these to RAW sockets */ 1461 freemsg(mp); 1462 return (NULL); 1463 } 1464 1465 /* Make sure we have enough of the packet */ 1466 len_needed = ip_hdr_length + ICMPH_SIZE + 1467 3 * sizeof (uint32_t); 1468 1469 if (mp->b_wptr - mp->b_rptr < len_needed) { 1470 ipha = ip_pullup(mp, len_needed, ira); 1471 if (ipha == NULL) { 1472 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 1473 ip_drop_input("ipIfStatsInDiscards - ip_pullup", 1474 mp, ill); 1475 freemsg(mp); 1476 return (NULL); 1477 } 1478 /* Refresh following the pullup. */ 1479 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length]; 1480 } 1481 BUMP_MIB(&ipst->ips_icmp_mib, icmpInTimestamps); 1482 /* Check db_ref to make sure we can modify the packet. */ 1483 if (mp->b_datap->db_ref > 1) { 1484 mblk_t *mp1; 1485 1486 mp1 = copymsg(mp); 1487 freemsg(mp); 1488 if (!mp1) { 1489 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops); 1490 return (NULL); 1491 } 1492 mp = mp1; 1493 ipha = (ipha_t *)mp->b_rptr; 1494 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length]; 1495 } 1496 icmph->icmph_type = ICMP_TIME_STAMP_REPLY; 1497 tsp = (uint32_t *)&icmph[1]; 1498 tsp++; /* Skip past 'originate time' */ 1499 /* Compute # of milliseconds since midnight */ 1500 gethrestime(&now); 1501 ts = (now.tv_sec % (24 * 60 * 60)) * 1000 + 1502 now.tv_nsec / (NANOSEC / MILLISEC); 1503 *tsp++ = htonl(ts); /* Lay in 'receive time' */ 1504 *tsp++ = htonl(ts); /* Lay in 'send time' */ 1505 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutTimestampReps); 1506 icmp_send_reply_v4(mp, ipha, icmph, ira); 1507 return (NULL); 1508 1509 case ICMP_TIME_STAMP_REPLY: 1510 BUMP_MIB(&ipst->ips_icmp_mib, icmpInTimestampReps); 1511 break; 1512 case ICMP_INFO_REQUEST: 1513 /* Per RFC 1122 3.2.2.7, ignore this. */ 1514 case ICMP_INFO_REPLY: 1515 break; 1516 case ICMP_ADDRESS_MASK_REQUEST: 1517 if (ira->ira_flags & IRAF_MULTIBROADCAST) { 1518 interested = 1519 ipst->ips_ip_respond_to_address_mask_broadcast; 1520 } else { 1521 interested = B_TRUE; 1522 } 1523 if (!interested) { 1524 /* We never pass these to RAW sockets */ 1525 freemsg(mp); 1526 return (NULL); 1527 } 1528 len_needed = ip_hdr_length + ICMPH_SIZE + IP_ADDR_LEN; 1529 if (mp->b_wptr - mp->b_rptr < len_needed) { 1530 ipha = ip_pullup(mp, len_needed, ira); 1531 if (ipha == NULL) { 1532 BUMP_MIB(ill->ill_ip_mib, 1533 ipIfStatsInTruncatedPkts); 1534 ip_drop_input("ipIfStatsInTruncatedPkts", mp, 1535 ill); 1536 freemsg(mp); 1537 return (NULL); 1538 } 1539 /* Refresh following the pullup. */ 1540 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length]; 1541 } 1542 BUMP_MIB(&ipst->ips_icmp_mib, icmpInAddrMasks); 1543 /* Check db_ref to make sure we can modify the packet. */ 1544 if (mp->b_datap->db_ref > 1) { 1545 mblk_t *mp1; 1546 1547 mp1 = copymsg(mp); 1548 freemsg(mp); 1549 if (!mp1) { 1550 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops); 1551 return (NULL); 1552 } 1553 mp = mp1; 1554 ipha = (ipha_t *)mp->b_rptr; 1555 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length]; 1556 } 1557 /* 1558 * Need the ipif with the mask be the same as the source 1559 * address of the mask reply. For unicast we have a specific 1560 * ipif. For multicast/broadcast we only handle onlink 1561 * senders, and use the source address to pick an ipif. 1562 */ 1563 ipif = ipif_lookup_addr(ipha->ipha_dst, ill, zoneid, ipst); 1564 if (ipif == NULL) { 1565 /* Broadcast or multicast */ 1566 ipif = ipif_lookup_remote(ill, ipha->ipha_src, zoneid); 1567 if (ipif == NULL) { 1568 freemsg(mp); 1569 return (NULL); 1570 } 1571 } 1572 icmph->icmph_type = ICMP_ADDRESS_MASK_REPLY; 1573 bcopy(&ipif->ipif_net_mask, &icmph[1], IP_ADDR_LEN); 1574 ipif_refrele(ipif); 1575 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutAddrMaskReps); 1576 icmp_send_reply_v4(mp, ipha, icmph, ira); 1577 return (NULL); 1578 1579 case ICMP_ADDRESS_MASK_REPLY: 1580 BUMP_MIB(&ipst->ips_icmp_mib, icmpInAddrMaskReps); 1581 break; 1582 default: 1583 interested = B_TRUE; /* Pass up to transport */ 1584 BUMP_MIB(&ipst->ips_icmp_mib, icmpInUnknowns); 1585 break; 1586 } 1587 /* 1588 * See if there is an ICMP client to avoid an extra copymsg/freemsg 1589 * if there isn't one. 1590 */ 1591 if (ipst->ips_ipcl_proto_fanout_v4[IPPROTO_ICMP].connf_head != NULL) { 1592 /* If there is an ICMP client and we want one too, copy it. */ 1593 1594 if (!interested) { 1595 /* Caller will deliver to RAW sockets */ 1596 return (mp); 1597 } 1598 mp_ret = copymsg(mp); 1599 if (mp_ret == NULL) { 1600 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 1601 ip_drop_input("ipIfStatsInDiscards - copymsg", mp, ill); 1602 } 1603 } else if (!interested) { 1604 /* Neither we nor raw sockets are interested. Drop packet now */ 1605 freemsg(mp); 1606 return (NULL); 1607 } 1608 1609 /* 1610 * ICMP error or redirect packet. Make sure we have enough of 1611 * the header and that db_ref == 1 since we might end up modifying 1612 * the packet. 1613 */ 1614 if (mp->b_cont != NULL) { 1615 if (ip_pullup(mp, -1, ira) == NULL) { 1616 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 1617 ip_drop_input("ipIfStatsInDiscards - ip_pullup", 1618 mp, ill); 1619 freemsg(mp); 1620 return (mp_ret); 1621 } 1622 } 1623 1624 if (mp->b_datap->db_ref > 1) { 1625 mblk_t *mp1; 1626 1627 mp1 = copymsg(mp); 1628 if (mp1 == NULL) { 1629 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 1630 ip_drop_input("ipIfStatsInDiscards - copymsg", mp, ill); 1631 freemsg(mp); 1632 return (mp_ret); 1633 } 1634 freemsg(mp); 1635 mp = mp1; 1636 } 1637 1638 /* 1639 * In case mp has changed, verify the message before any further 1640 * processes. 1641 */ 1642 ipha = (ipha_t *)mp->b_rptr; 1643 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length]; 1644 if (!icmp_inbound_verify_v4(mp, icmph, ira)) { 1645 freemsg(mp); 1646 return (mp_ret); 1647 } 1648 1649 switch (icmph->icmph_type) { 1650 case ICMP_REDIRECT: 1651 icmp_redirect_v4(mp, ipha, icmph, ira); 1652 break; 1653 case ICMP_DEST_UNREACHABLE: 1654 if (icmph->icmph_code == ICMP_FRAGMENTATION_NEEDED) { 1655 /* Update DCE and adjust MTU is icmp header if needed */ 1656 icmp_inbound_too_big_v4(icmph, ira); 1657 } 1658 /* FALLTHRU */ 1659 default: 1660 icmp_inbound_error_fanout_v4(mp, icmph, ira); 1661 break; 1662 } 1663 return (mp_ret); 1664 } 1665 1666 /* 1667 * Send an ICMP echo, timestamp or address mask reply. 1668 * The caller has already updated the payload part of the packet. 1669 * We handle the ICMP checksum, IP source address selection and feed 1670 * the packet into ip_output_simple. 1671 */ 1672 static void 1673 icmp_send_reply_v4(mblk_t *mp, ipha_t *ipha, icmph_t *icmph, 1674 ip_recv_attr_t *ira) 1675 { 1676 uint_t ip_hdr_length = ira->ira_ip_hdr_length; 1677 ill_t *ill = ira->ira_ill; 1678 ip_stack_t *ipst = ill->ill_ipst; 1679 ip_xmit_attr_t ixas; 1680 1681 /* Send out an ICMP packet */ 1682 icmph->icmph_checksum = 0; 1683 icmph->icmph_checksum = IP_CSUM(mp, ip_hdr_length, 0); 1684 /* Reset time to live. */ 1685 ipha->ipha_ttl = ipst->ips_ip_def_ttl; 1686 { 1687 /* Swap source and destination addresses */ 1688 ipaddr_t tmp; 1689 1690 tmp = ipha->ipha_src; 1691 ipha->ipha_src = ipha->ipha_dst; 1692 ipha->ipha_dst = tmp; 1693 } 1694 ipha->ipha_ident = 0; 1695 if (!IS_SIMPLE_IPH(ipha)) 1696 icmp_options_update(ipha); 1697 1698 bzero(&ixas, sizeof (ixas)); 1699 ixas.ixa_flags = IXAF_BASIC_SIMPLE_V4; 1700 ixas.ixa_zoneid = ira->ira_zoneid; 1701 ixas.ixa_cred = kcred; 1702 ixas.ixa_cpid = NOPID; 1703 ixas.ixa_tsl = ira->ira_tsl; /* Behave as a multi-level responder */ 1704 ixas.ixa_ifindex = 0; 1705 ixas.ixa_ipst = ipst; 1706 ixas.ixa_multicast_ttl = IP_DEFAULT_MULTICAST_TTL; 1707 1708 if (!(ira->ira_flags & IRAF_IPSEC_SECURE)) { 1709 /* 1710 * This packet should go out the same way as it 1711 * came in i.e in clear, independent of the IPsec policy 1712 * for transmitting packets. 1713 */ 1714 ixas.ixa_flags |= IXAF_NO_IPSEC; 1715 } else { 1716 if (!ipsec_in_to_out(ira, &ixas, mp, ipha, NULL)) { 1717 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 1718 /* Note: mp already consumed and ip_drop_packet done */ 1719 return; 1720 } 1721 } 1722 if (ira->ira_flags & IRAF_MULTIBROADCAST) { 1723 /* 1724 * Not one or our addresses (IRE_LOCALs), thus we let 1725 * ip_output_simple pick the source. 1726 */ 1727 ipha->ipha_src = INADDR_ANY; 1728 ixas.ixa_flags |= IXAF_SET_SOURCE; 1729 } 1730 /* Should we send with DF and use dce_pmtu? */ 1731 if (ipst->ips_ipv4_icmp_return_pmtu) { 1732 ixas.ixa_flags |= IXAF_PMTU_DISCOVERY; 1733 ipha->ipha_fragment_offset_and_flags |= IPH_DF_HTONS; 1734 } 1735 1736 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutMsgs); 1737 1738 (void) ip_output_simple(mp, &ixas); 1739 ixa_cleanup(&ixas); 1740 } 1741 1742 /* 1743 * Verify the ICMP messages for either for ICMP error or redirect packet. 1744 * The caller should have fully pulled up the message. If it's a redirect 1745 * packet, only basic checks on IP header will be done; otherwise, verify 1746 * the packet by looking at the included ULP header. 1747 * 1748 * Called before icmp_inbound_error_fanout_v4 is called. 1749 */ 1750 static boolean_t 1751 icmp_inbound_verify_v4(mblk_t *mp, icmph_t *icmph, ip_recv_attr_t *ira) 1752 { 1753 ill_t *ill = ira->ira_ill; 1754 int hdr_length; 1755 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 1756 conn_t *connp; 1757 ipha_t *ipha; /* Inner IP header */ 1758 1759 ipha = (ipha_t *)&icmph[1]; 1760 if ((uchar_t *)ipha + IP_SIMPLE_HDR_LENGTH > mp->b_wptr) 1761 goto truncated; 1762 1763 hdr_length = IPH_HDR_LENGTH(ipha); 1764 1765 if ((IPH_HDR_VERSION(ipha) != IPV4_VERSION)) 1766 goto discard_pkt; 1767 1768 if (hdr_length < sizeof (ipha_t)) 1769 goto truncated; 1770 1771 if ((uchar_t *)ipha + hdr_length > mp->b_wptr) 1772 goto truncated; 1773 1774 /* 1775 * Stop here for ICMP_REDIRECT. 1776 */ 1777 if (icmph->icmph_type == ICMP_REDIRECT) 1778 return (B_TRUE); 1779 1780 /* 1781 * ICMP errors only. 1782 */ 1783 switch (ipha->ipha_protocol) { 1784 case IPPROTO_UDP: 1785 /* 1786 * Verify we have at least ICMP_MIN_TP_HDR_LEN bytes of 1787 * transport header. 1788 */ 1789 if ((uchar_t *)ipha + hdr_length + ICMP_MIN_TP_HDR_LEN > 1790 mp->b_wptr) 1791 goto truncated; 1792 break; 1793 case IPPROTO_TCP: { 1794 tcpha_t *tcpha; 1795 1796 /* 1797 * Verify we have at least ICMP_MIN_TP_HDR_LEN bytes of 1798 * transport header. 1799 */ 1800 if ((uchar_t *)ipha + hdr_length + ICMP_MIN_TP_HDR_LEN > 1801 mp->b_wptr) 1802 goto truncated; 1803 1804 tcpha = (tcpha_t *)((uchar_t *)ipha + hdr_length); 1805 connp = ipcl_tcp_lookup_reversed_ipv4(ipha, tcpha, TCPS_LISTEN, 1806 ipst); 1807 if (connp == NULL) 1808 goto discard_pkt; 1809 1810 if ((connp->conn_verifyicmp != NULL) && 1811 !connp->conn_verifyicmp(connp, tcpha, icmph, NULL, ira)) { 1812 CONN_DEC_REF(connp); 1813 goto discard_pkt; 1814 } 1815 CONN_DEC_REF(connp); 1816 break; 1817 } 1818 case IPPROTO_SCTP: 1819 /* 1820 * Verify we have at least ICMP_MIN_TP_HDR_LEN bytes of 1821 * transport header. 1822 */ 1823 if ((uchar_t *)ipha + hdr_length + ICMP_MIN_TP_HDR_LEN > 1824 mp->b_wptr) 1825 goto truncated; 1826 break; 1827 case IPPROTO_ESP: 1828 case IPPROTO_AH: 1829 break; 1830 case IPPROTO_ENCAP: 1831 if ((uchar_t *)ipha + hdr_length + sizeof (ipha_t) > 1832 mp->b_wptr) 1833 goto truncated; 1834 break; 1835 default: 1836 break; 1837 } 1838 1839 return (B_TRUE); 1840 1841 discard_pkt: 1842 /* Bogus ICMP error. */ 1843 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 1844 return (B_FALSE); 1845 1846 truncated: 1847 /* We pulled up everthing already. Must be truncated */ 1848 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts); 1849 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill); 1850 return (B_FALSE); 1851 } 1852 1853 /* Table from RFC 1191 */ 1854 static int icmp_frag_size_table[] = 1855 { 32000, 17914, 8166, 4352, 2002, 1496, 1006, 508, 296, 68 }; 1856 1857 /* 1858 * Process received ICMP Packet too big. 1859 * Just handles the DCE create/update, including using the above table of 1860 * PMTU guesses. The caller is responsible for validating the packet before 1861 * passing it in and also to fanout the ICMP error to any matching transport 1862 * conns. Assumes the message has been fully pulled up and verified. 1863 * 1864 * Before getting here, the caller has called icmp_inbound_verify_v4() 1865 * that should have verified with ULP to prevent undoing the changes we're 1866 * going to make to DCE. For example, TCP might have verified that the packet 1867 * which generated error is in the send window. 1868 * 1869 * In some cases modified this MTU in the ICMP header packet; the caller 1870 * should pass to the matching ULP after this returns. 1871 */ 1872 static void 1873 icmp_inbound_too_big_v4(icmph_t *icmph, ip_recv_attr_t *ira) 1874 { 1875 dce_t *dce; 1876 int old_mtu; 1877 int mtu, orig_mtu; 1878 ipaddr_t dst; 1879 boolean_t disable_pmtud; 1880 ill_t *ill = ira->ira_ill; 1881 ip_stack_t *ipst = ill->ill_ipst; 1882 uint_t hdr_length; 1883 ipha_t *ipha; 1884 1885 /* Caller already pulled up everything. */ 1886 ipha = (ipha_t *)&icmph[1]; 1887 ASSERT(icmph->icmph_type == ICMP_DEST_UNREACHABLE && 1888 icmph->icmph_code == ICMP_FRAGMENTATION_NEEDED); 1889 ASSERT(ill != NULL); 1890 1891 hdr_length = IPH_HDR_LENGTH(ipha); 1892 1893 /* 1894 * We handle path MTU for source routed packets since the DCE 1895 * is looked up using the final destination. 1896 */ 1897 dst = ip_get_dst(ipha); 1898 1899 dce = dce_lookup_and_add_v4(dst, ipst); 1900 if (dce == NULL) { 1901 /* Couldn't add a unique one - ENOMEM */ 1902 ip1dbg(("icmp_inbound_too_big_v4: no dce for 0x%x\n", 1903 ntohl(dst))); 1904 return; 1905 } 1906 1907 /* Check for MTU discovery advice as described in RFC 1191 */ 1908 mtu = ntohs(icmph->icmph_du_mtu); 1909 orig_mtu = mtu; 1910 disable_pmtud = B_FALSE; 1911 1912 mutex_enter(&dce->dce_lock); 1913 if (dce->dce_flags & DCEF_PMTU) 1914 old_mtu = dce->dce_pmtu; 1915 else 1916 old_mtu = ill->ill_mtu; 1917 1918 if (icmph->icmph_du_zero != 0 || mtu < ipst->ips_ip_pmtu_min) { 1919 uint32_t length; 1920 int i; 1921 1922 /* 1923 * Use the table from RFC 1191 to figure out 1924 * the next "plateau" based on the length in 1925 * the original IP packet. 1926 */ 1927 length = ntohs(ipha->ipha_length); 1928 DTRACE_PROBE2(ip4__pmtu__guess, dce_t *, dce, 1929 uint32_t, length); 1930 if (old_mtu <= length && 1931 old_mtu >= length - hdr_length) { 1932 /* 1933 * Handle broken BSD 4.2 systems that 1934 * return the wrong ipha_length in ICMP 1935 * errors. 1936 */ 1937 ip1dbg(("Wrong mtu: sent %d, dce %d\n", 1938 length, old_mtu)); 1939 length -= hdr_length; 1940 } 1941 for (i = 0; i < A_CNT(icmp_frag_size_table); i++) { 1942 if (length > icmp_frag_size_table[i]) 1943 break; 1944 } 1945 if (i == A_CNT(icmp_frag_size_table)) { 1946 /* Smaller than IP_MIN_MTU! */ 1947 ip1dbg(("Too big for packet size %d\n", 1948 length)); 1949 disable_pmtud = B_TRUE; 1950 mtu = ipst->ips_ip_pmtu_min; 1951 } else { 1952 mtu = icmp_frag_size_table[i]; 1953 ip1dbg(("Calculated mtu %d, packet size %d, " 1954 "before %d\n", mtu, length, old_mtu)); 1955 if (mtu < ipst->ips_ip_pmtu_min) { 1956 mtu = ipst->ips_ip_pmtu_min; 1957 disable_pmtud = B_TRUE; 1958 } 1959 } 1960 } 1961 if (disable_pmtud) 1962 dce->dce_flags |= DCEF_TOO_SMALL_PMTU; 1963 else 1964 dce->dce_flags &= ~DCEF_TOO_SMALL_PMTU; 1965 1966 dce->dce_pmtu = MIN(old_mtu, mtu); 1967 /* Prepare to send the new max frag size for the ULP. */ 1968 icmph->icmph_du_zero = 0; 1969 icmph->icmph_du_mtu = htons((uint16_t)dce->dce_pmtu); 1970 DTRACE_PROBE4(ip4__pmtu__change, icmph_t *, icmph, dce_t *, 1971 dce, int, orig_mtu, int, mtu); 1972 1973 /* We now have a PMTU for sure */ 1974 dce->dce_flags |= DCEF_PMTU; 1975 dce->dce_last_change_time = TICK_TO_SEC(ddi_get_lbolt64()); 1976 mutex_exit(&dce->dce_lock); 1977 /* 1978 * After dropping the lock the new value is visible to everyone. 1979 * Then we bump the generation number so any cached values reinspect 1980 * the dce_t. 1981 */ 1982 dce_increment_generation(dce); 1983 dce_refrele(dce); 1984 } 1985 1986 /* 1987 * If the packet in error is Self-Encapsulated, icmp_inbound_error_fanout_v4 1988 * calls this function. 1989 */ 1990 static mblk_t * 1991 icmp_inbound_self_encap_error_v4(mblk_t *mp, ipha_t *ipha, ipha_t *in_ipha) 1992 { 1993 int length; 1994 1995 ASSERT(mp->b_datap->db_type == M_DATA); 1996 1997 /* icmp_inbound_v4 has already pulled up the whole error packet */ 1998 ASSERT(mp->b_cont == NULL); 1999 2000 /* 2001 * The length that we want to overlay is the inner header 2002 * and what follows it. 2003 */ 2004 length = msgdsize(mp) - ((uchar_t *)in_ipha - mp->b_rptr); 2005 2006 /* 2007 * Overlay the inner header and whatever follows it over the 2008 * outer header. 2009 */ 2010 bcopy((uchar_t *)in_ipha, (uchar_t *)ipha, length); 2011 2012 /* Adjust for what we removed */ 2013 mp->b_wptr -= (uchar_t *)in_ipha - (uchar_t *)ipha; 2014 return (mp); 2015 } 2016 2017 /* 2018 * Try to pass the ICMP message upstream in case the ULP cares. 2019 * 2020 * If the packet that caused the ICMP error is secure, we send 2021 * it to AH/ESP to make sure that the attached packet has a 2022 * valid association. ipha in the code below points to the 2023 * IP header of the packet that caused the error. 2024 * 2025 * For IPsec cases, we let the next-layer-up (which has access to 2026 * cached policy on the conn_t, or can query the SPD directly) 2027 * subtract out any IPsec overhead if they must. We therefore make no 2028 * adjustments here for IPsec overhead. 2029 * 2030 * IFN could have been generated locally or by some router. 2031 * 2032 * LOCAL : ire_send_wire (before calling ipsec_out_process) can call 2033 * icmp_frag_needed/icmp_pkt2big_v6 to generated a local IFN. 2034 * This happens because IP adjusted its value of MTU on an 2035 * earlier IFN message and could not tell the upper layer, 2036 * the new adjusted value of MTU e.g. Packet was encrypted 2037 * or there was not enough information to fanout to upper 2038 * layers. Thus on the next outbound datagram, ire_send_wire 2039 * generates the IFN, where IPsec processing has *not* been 2040 * done. 2041 * 2042 * Note that we retain ixa_fragsize across IPsec thus once 2043 * we have picking ixa_fragsize and entered ipsec_out_process we do 2044 * no change the fragsize even if the path MTU changes before 2045 * we reach ip_output_post_ipsec. 2046 * 2047 * In the local case, IRAF_LOOPBACK will be set indicating 2048 * that IFN was generated locally. 2049 * 2050 * ROUTER : IFN could be secure or non-secure. 2051 * 2052 * * SECURE : We use the IPSEC_IN to fanout to AH/ESP if the 2053 * packet in error has AH/ESP headers to validate the AH/ESP 2054 * headers. AH/ESP will verify whether there is a valid SA or 2055 * not and send it back. We will fanout again if we have more 2056 * data in the packet. 2057 * 2058 * If the packet in error does not have AH/ESP, we handle it 2059 * like any other case. 2060 * 2061 * * NON_SECURE : If the packet in error has AH/ESP headers, we send it 2062 * up to AH/ESP for validation. AH/ESP will verify whether there is a 2063 * valid SA or not and send it back. We will fanout again if 2064 * we have more data in the packet. 2065 * 2066 * If the packet in error does not have AH/ESP, we handle it 2067 * like any other case. 2068 * 2069 * The caller must have called icmp_inbound_verify_v4. 2070 */ 2071 static void 2072 icmp_inbound_error_fanout_v4(mblk_t *mp, icmph_t *icmph, ip_recv_attr_t *ira) 2073 { 2074 uint16_t *up; /* Pointer to ports in ULP header */ 2075 uint32_t ports; /* reversed ports for fanout */ 2076 ipha_t ripha; /* With reversed addresses */ 2077 ipha_t *ipha; /* Inner IP header */ 2078 uint_t hdr_length; /* Inner IP header length */ 2079 tcpha_t *tcpha; 2080 conn_t *connp; 2081 ill_t *ill = ira->ira_ill; 2082 ip_stack_t *ipst = ill->ill_ipst; 2083 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec; 2084 ill_t *rill = ira->ira_rill; 2085 2086 /* Caller already pulled up everything. */ 2087 ipha = (ipha_t *)&icmph[1]; 2088 ASSERT((uchar_t *)&ipha[1] <= mp->b_wptr); 2089 ASSERT(mp->b_cont == NULL); 2090 2091 hdr_length = IPH_HDR_LENGTH(ipha); 2092 ira->ira_protocol = ipha->ipha_protocol; 2093 2094 /* 2095 * We need a separate IP header with the source and destination 2096 * addresses reversed to do fanout/classification because the ipha in 2097 * the ICMP error is in the form we sent it out. 2098 */ 2099 ripha.ipha_src = ipha->ipha_dst; 2100 ripha.ipha_dst = ipha->ipha_src; 2101 ripha.ipha_protocol = ipha->ipha_protocol; 2102 ripha.ipha_version_and_hdr_length = ipha->ipha_version_and_hdr_length; 2103 2104 ip2dbg(("icmp_inbound_error_v4: proto %d %x to %x: %d/%d\n", 2105 ripha.ipha_protocol, ntohl(ipha->ipha_src), 2106 ntohl(ipha->ipha_dst), 2107 icmph->icmph_type, icmph->icmph_code)); 2108 2109 switch (ipha->ipha_protocol) { 2110 case IPPROTO_UDP: 2111 up = (uint16_t *)((uchar_t *)ipha + hdr_length); 2112 2113 /* Attempt to find a client stream based on port. */ 2114 ip2dbg(("icmp_inbound_error_v4: UDP ports %d to %d\n", 2115 ntohs(up[0]), ntohs(up[1]))); 2116 2117 /* Note that we send error to all matches. */ 2118 ira->ira_flags |= IRAF_ICMP_ERROR; 2119 ip_fanout_udp_multi_v4(mp, &ripha, up[0], up[1], ira); 2120 ira->ira_flags &= ~IRAF_ICMP_ERROR; 2121 return; 2122 2123 case IPPROTO_TCP: 2124 /* 2125 * Find a TCP client stream for this packet. 2126 * Note that we do a reverse lookup since the header is 2127 * in the form we sent it out. 2128 */ 2129 tcpha = (tcpha_t *)((uchar_t *)ipha + hdr_length); 2130 connp = ipcl_tcp_lookup_reversed_ipv4(ipha, tcpha, TCPS_LISTEN, 2131 ipst); 2132 if (connp == NULL) 2133 goto discard_pkt; 2134 2135 if (CONN_INBOUND_POLICY_PRESENT(connp, ipss) || 2136 (ira->ira_flags & IRAF_IPSEC_SECURE)) { 2137 mp = ipsec_check_inbound_policy(mp, connp, 2138 ipha, NULL, ira); 2139 if (mp == NULL) { 2140 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 2141 /* Note that mp is NULL */ 2142 ip_drop_input("ipIfStatsInDiscards", mp, ill); 2143 CONN_DEC_REF(connp); 2144 return; 2145 } 2146 } 2147 2148 ira->ira_flags |= IRAF_ICMP_ERROR; 2149 ira->ira_ill = ira->ira_rill = NULL; 2150 if (IPCL_IS_TCP(connp)) { 2151 SQUEUE_ENTER_ONE(connp->conn_sqp, mp, 2152 connp->conn_recvicmp, connp, ira, SQ_FILL, 2153 SQTAG_TCP_INPUT_ICMP_ERR); 2154 } else { 2155 /* Not TCP; must be SOCK_RAW, IPPROTO_TCP */ 2156 (connp->conn_recv)(connp, mp, NULL, ira); 2157 CONN_DEC_REF(connp); 2158 } 2159 ira->ira_ill = ill; 2160 ira->ira_rill = rill; 2161 ira->ira_flags &= ~IRAF_ICMP_ERROR; 2162 return; 2163 2164 case IPPROTO_SCTP: 2165 up = (uint16_t *)((uchar_t *)ipha + hdr_length); 2166 /* Find a SCTP client stream for this packet. */ 2167 ((uint16_t *)&ports)[0] = up[1]; 2168 ((uint16_t *)&ports)[1] = up[0]; 2169 2170 ira->ira_flags |= IRAF_ICMP_ERROR; 2171 ip_fanout_sctp(mp, &ripha, NULL, ports, ira); 2172 ira->ira_flags &= ~IRAF_ICMP_ERROR; 2173 return; 2174 2175 case IPPROTO_ESP: 2176 case IPPROTO_AH: 2177 if (!ipsec_loaded(ipss)) { 2178 ip_proto_not_sup(mp, ira); 2179 return; 2180 } 2181 2182 if (ipha->ipha_protocol == IPPROTO_ESP) 2183 mp = ipsecesp_icmp_error(mp, ira); 2184 else 2185 mp = ipsecah_icmp_error(mp, ira); 2186 if (mp == NULL) 2187 return; 2188 2189 /* Just in case ipsec didn't preserve the NULL b_cont */ 2190 if (mp->b_cont != NULL) { 2191 if (!pullupmsg(mp, -1)) 2192 goto discard_pkt; 2193 } 2194 2195 /* 2196 * Note that ira_pktlen and ira_ip_hdr_length are no longer 2197 * correct, but we don't use them any more here. 2198 * 2199 * If succesful, the mp has been modified to not include 2200 * the ESP/AH header so we can fanout to the ULP's icmp 2201 * error handler. 2202 */ 2203 if (mp->b_wptr - mp->b_rptr < IP_SIMPLE_HDR_LENGTH) 2204 goto truncated; 2205 2206 /* Verify the modified message before any further processes. */ 2207 ipha = (ipha_t *)mp->b_rptr; 2208 hdr_length = IPH_HDR_LENGTH(ipha); 2209 icmph = (icmph_t *)&mp->b_rptr[hdr_length]; 2210 if (!icmp_inbound_verify_v4(mp, icmph, ira)) { 2211 freemsg(mp); 2212 return; 2213 } 2214 2215 icmp_inbound_error_fanout_v4(mp, icmph, ira); 2216 return; 2217 2218 case IPPROTO_ENCAP: { 2219 /* Look for self-encapsulated packets that caused an error */ 2220 ipha_t *in_ipha; 2221 2222 /* 2223 * Caller has verified that length has to be 2224 * at least the size of IP header. 2225 */ 2226 ASSERT(hdr_length >= sizeof (ipha_t)); 2227 /* 2228 * Check the sanity of the inner IP header like 2229 * we did for the outer header. 2230 */ 2231 in_ipha = (ipha_t *)((uchar_t *)ipha + hdr_length); 2232 if ((IPH_HDR_VERSION(in_ipha) != IPV4_VERSION)) { 2233 goto discard_pkt; 2234 } 2235 if (IPH_HDR_LENGTH(in_ipha) < sizeof (ipha_t)) { 2236 goto discard_pkt; 2237 } 2238 /* Check for Self-encapsulated tunnels */ 2239 if (in_ipha->ipha_src == ipha->ipha_src && 2240 in_ipha->ipha_dst == ipha->ipha_dst) { 2241 2242 mp = icmp_inbound_self_encap_error_v4(mp, ipha, 2243 in_ipha); 2244 if (mp == NULL) 2245 goto discard_pkt; 2246 2247 /* 2248 * Just in case self_encap didn't preserve the NULL 2249 * b_cont 2250 */ 2251 if (mp->b_cont != NULL) { 2252 if (!pullupmsg(mp, -1)) 2253 goto discard_pkt; 2254 } 2255 /* 2256 * Note that ira_pktlen and ira_ip_hdr_length are no 2257 * longer correct, but we don't use them any more here. 2258 */ 2259 if (mp->b_wptr - mp->b_rptr < IP_SIMPLE_HDR_LENGTH) 2260 goto truncated; 2261 2262 /* 2263 * Verify the modified message before any further 2264 * processes. 2265 */ 2266 ipha = (ipha_t *)mp->b_rptr; 2267 hdr_length = IPH_HDR_LENGTH(ipha); 2268 icmph = (icmph_t *)&mp->b_rptr[hdr_length]; 2269 if (!icmp_inbound_verify_v4(mp, icmph, ira)) { 2270 freemsg(mp); 2271 return; 2272 } 2273 2274 /* 2275 * The packet in error is self-encapsualted. 2276 * And we are finding it further encapsulated 2277 * which we could not have possibly generated. 2278 */ 2279 if (ipha->ipha_protocol == IPPROTO_ENCAP) { 2280 goto discard_pkt; 2281 } 2282 icmp_inbound_error_fanout_v4(mp, icmph, ira); 2283 return; 2284 } 2285 /* No self-encapsulated */ 2286 /* FALLTHRU */ 2287 } 2288 case IPPROTO_IPV6: 2289 if ((connp = ipcl_iptun_classify_v4(&ripha.ipha_src, 2290 &ripha.ipha_dst, ipst)) != NULL) { 2291 ira->ira_flags |= IRAF_ICMP_ERROR; 2292 connp->conn_recvicmp(connp, mp, NULL, ira); 2293 CONN_DEC_REF(connp); 2294 ira->ira_flags &= ~IRAF_ICMP_ERROR; 2295 return; 2296 } 2297 /* 2298 * No IP tunnel is interested, fallthrough and see 2299 * if a raw socket will want it. 2300 */ 2301 /* FALLTHRU */ 2302 default: 2303 ira->ira_flags |= IRAF_ICMP_ERROR; 2304 ip_fanout_proto_v4(mp, &ripha, ira); 2305 ira->ira_flags &= ~IRAF_ICMP_ERROR; 2306 return; 2307 } 2308 /* NOTREACHED */ 2309 discard_pkt: 2310 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 2311 ip1dbg(("icmp_inbound_error_fanout_v4: drop pkt\n")); 2312 ip_drop_input("ipIfStatsInDiscards", mp, ill); 2313 freemsg(mp); 2314 return; 2315 2316 truncated: 2317 /* We pulled up everthing already. Must be truncated */ 2318 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts); 2319 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill); 2320 freemsg(mp); 2321 } 2322 2323 /* 2324 * Common IP options parser. 2325 * 2326 * Setup routine: fill in *optp with options-parsing state, then 2327 * tail-call ipoptp_next to return the first option. 2328 */ 2329 uint8_t 2330 ipoptp_first(ipoptp_t *optp, ipha_t *ipha) 2331 { 2332 uint32_t totallen; /* total length of all options */ 2333 2334 totallen = ipha->ipha_version_and_hdr_length - 2335 (uint8_t)((IP_VERSION << 4) + IP_SIMPLE_HDR_LENGTH_IN_WORDS); 2336 totallen <<= 2; 2337 optp->ipoptp_next = (uint8_t *)(&ipha[1]); 2338 optp->ipoptp_end = optp->ipoptp_next + totallen; 2339 optp->ipoptp_flags = 0; 2340 return (ipoptp_next(optp)); 2341 } 2342 2343 /* Like above but without an ipha_t */ 2344 uint8_t 2345 ipoptp_first2(ipoptp_t *optp, uint32_t totallen, uint8_t *opt) 2346 { 2347 optp->ipoptp_next = opt; 2348 optp->ipoptp_end = optp->ipoptp_next + totallen; 2349 optp->ipoptp_flags = 0; 2350 return (ipoptp_next(optp)); 2351 } 2352 2353 /* 2354 * Common IP options parser: extract next option. 2355 */ 2356 uint8_t 2357 ipoptp_next(ipoptp_t *optp) 2358 { 2359 uint8_t *end = optp->ipoptp_end; 2360 uint8_t *cur = optp->ipoptp_next; 2361 uint8_t opt, len, pointer; 2362 2363 /* 2364 * If cur > end already, then the ipoptp_end or ipoptp_next pointer 2365 * has been corrupted. 2366 */ 2367 ASSERT(cur <= end); 2368 2369 if (cur == end) 2370 return (IPOPT_EOL); 2371 2372 opt = cur[IPOPT_OPTVAL]; 2373 2374 /* 2375 * Skip any NOP options. 2376 */ 2377 while (opt == IPOPT_NOP) { 2378 cur++; 2379 if (cur == end) 2380 return (IPOPT_EOL); 2381 opt = cur[IPOPT_OPTVAL]; 2382 } 2383 2384 if (opt == IPOPT_EOL) 2385 return (IPOPT_EOL); 2386 2387 /* 2388 * Option requiring a length. 2389 */ 2390 if ((cur + 1) >= end) { 2391 optp->ipoptp_flags |= IPOPTP_ERROR; 2392 return (IPOPT_EOL); 2393 } 2394 len = cur[IPOPT_OLEN]; 2395 if (len < 2) { 2396 optp->ipoptp_flags |= IPOPTP_ERROR; 2397 return (IPOPT_EOL); 2398 } 2399 optp->ipoptp_cur = cur; 2400 optp->ipoptp_len = len; 2401 optp->ipoptp_next = cur + len; 2402 if (cur + len > end) { 2403 optp->ipoptp_flags |= IPOPTP_ERROR; 2404 return (IPOPT_EOL); 2405 } 2406 2407 /* 2408 * For the options which require a pointer field, make sure 2409 * its there, and make sure it points to either something 2410 * inside this option, or the end of the option. 2411 */ 2412 switch (opt) { 2413 case IPOPT_RR: 2414 case IPOPT_TS: 2415 case IPOPT_LSRR: 2416 case IPOPT_SSRR: 2417 if (len <= IPOPT_OFFSET) { 2418 optp->ipoptp_flags |= IPOPTP_ERROR; 2419 return (opt); 2420 } 2421 pointer = cur[IPOPT_OFFSET]; 2422 if (pointer - 1 > len) { 2423 optp->ipoptp_flags |= IPOPTP_ERROR; 2424 return (opt); 2425 } 2426 break; 2427 } 2428 2429 /* 2430 * Sanity check the pointer field based on the type of the 2431 * option. 2432 */ 2433 switch (opt) { 2434 case IPOPT_RR: 2435 case IPOPT_SSRR: 2436 case IPOPT_LSRR: 2437 if (pointer < IPOPT_MINOFF_SR) 2438 optp->ipoptp_flags |= IPOPTP_ERROR; 2439 break; 2440 case IPOPT_TS: 2441 if (pointer < IPOPT_MINOFF_IT) 2442 optp->ipoptp_flags |= IPOPTP_ERROR; 2443 /* 2444 * Note that the Internet Timestamp option also 2445 * contains two four bit fields (the Overflow field, 2446 * and the Flag field), which follow the pointer 2447 * field. We don't need to check that these fields 2448 * fall within the length of the option because this 2449 * was implicitely done above. We've checked that the 2450 * pointer value is at least IPOPT_MINOFF_IT, and that 2451 * it falls within the option. Since IPOPT_MINOFF_IT > 2452 * IPOPT_POS_OV_FLG, we don't need the explicit check. 2453 */ 2454 ASSERT(len > IPOPT_POS_OV_FLG); 2455 break; 2456 } 2457 2458 return (opt); 2459 } 2460 2461 /* 2462 * Use the outgoing IP header to create an IP_OPTIONS option the way 2463 * it was passed down from the application. 2464 * 2465 * This is compatible with BSD in that it returns 2466 * the reverse source route with the final destination 2467 * as the last entry. The first 4 bytes of the option 2468 * will contain the final destination. 2469 */ 2470 int 2471 ip_opt_get_user(conn_t *connp, uchar_t *buf) 2472 { 2473 ipoptp_t opts; 2474 uchar_t *opt; 2475 uint8_t optval; 2476 uint8_t optlen; 2477 uint32_t len = 0; 2478 uchar_t *buf1 = buf; 2479 uint32_t totallen; 2480 ipaddr_t dst; 2481 ip_pkt_t *ipp = &connp->conn_xmit_ipp; 2482 2483 if (!(ipp->ipp_fields & IPPF_IPV4_OPTIONS)) 2484 return (0); 2485 2486 totallen = ipp->ipp_ipv4_options_len; 2487 if (totallen & 0x3) 2488 return (0); 2489 2490 buf += IP_ADDR_LEN; /* Leave room for final destination */ 2491 len += IP_ADDR_LEN; 2492 bzero(buf1, IP_ADDR_LEN); 2493 2494 dst = connp->conn_faddr_v4; 2495 2496 for (optval = ipoptp_first2(&opts, totallen, ipp->ipp_ipv4_options); 2497 optval != IPOPT_EOL; 2498 optval = ipoptp_next(&opts)) { 2499 int off; 2500 2501 opt = opts.ipoptp_cur; 2502 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) { 2503 break; 2504 } 2505 optlen = opts.ipoptp_len; 2506 2507 switch (optval) { 2508 case IPOPT_SSRR: 2509 case IPOPT_LSRR: 2510 2511 /* 2512 * Insert destination as the first entry in the source 2513 * route and move down the entries on step. 2514 * The last entry gets placed at buf1. 2515 */ 2516 buf[IPOPT_OPTVAL] = optval; 2517 buf[IPOPT_OLEN] = optlen; 2518 buf[IPOPT_OFFSET] = optlen; 2519 2520 off = optlen - IP_ADDR_LEN; 2521 if (off < 0) { 2522 /* No entries in source route */ 2523 break; 2524 } 2525 /* Last entry in source route if not already set */ 2526 if (dst == INADDR_ANY) 2527 bcopy(opt + off, buf1, IP_ADDR_LEN); 2528 off -= IP_ADDR_LEN; 2529 2530 while (off > 0) { 2531 bcopy(opt + off, 2532 buf + off + IP_ADDR_LEN, 2533 IP_ADDR_LEN); 2534 off -= IP_ADDR_LEN; 2535 } 2536 /* ipha_dst into first slot */ 2537 bcopy(&dst, buf + off + IP_ADDR_LEN, 2538 IP_ADDR_LEN); 2539 buf += optlen; 2540 len += optlen; 2541 break; 2542 2543 default: 2544 bcopy(opt, buf, optlen); 2545 buf += optlen; 2546 len += optlen; 2547 break; 2548 } 2549 } 2550 done: 2551 /* Pad the resulting options */ 2552 while (len & 0x3) { 2553 *buf++ = IPOPT_EOL; 2554 len++; 2555 } 2556 return (len); 2557 } 2558 2559 /* 2560 * Update any record route or timestamp options to include this host. 2561 * Reverse any source route option. 2562 * This routine assumes that the options are well formed i.e. that they 2563 * have already been checked. 2564 */ 2565 static void 2566 icmp_options_update(ipha_t *ipha) 2567 { 2568 ipoptp_t opts; 2569 uchar_t *opt; 2570 uint8_t optval; 2571 ipaddr_t src; /* Our local address */ 2572 ipaddr_t dst; 2573 2574 ip2dbg(("icmp_options_update\n")); 2575 src = ipha->ipha_src; 2576 dst = ipha->ipha_dst; 2577 2578 for (optval = ipoptp_first(&opts, ipha); 2579 optval != IPOPT_EOL; 2580 optval = ipoptp_next(&opts)) { 2581 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0); 2582 opt = opts.ipoptp_cur; 2583 ip2dbg(("icmp_options_update: opt %d, len %d\n", 2584 optval, opts.ipoptp_len)); 2585 switch (optval) { 2586 int off1, off2; 2587 case IPOPT_SSRR: 2588 case IPOPT_LSRR: 2589 /* 2590 * Reverse the source route. The first entry 2591 * should be the next to last one in the current 2592 * source route (the last entry is our address). 2593 * The last entry should be the final destination. 2594 */ 2595 off1 = IPOPT_MINOFF_SR - 1; 2596 off2 = opt[IPOPT_OFFSET] - IP_ADDR_LEN - 1; 2597 if (off2 < 0) { 2598 /* No entries in source route */ 2599 ip1dbg(( 2600 "icmp_options_update: bad src route\n")); 2601 break; 2602 } 2603 bcopy((char *)opt + off2, &dst, IP_ADDR_LEN); 2604 bcopy(&ipha->ipha_dst, (char *)opt + off2, IP_ADDR_LEN); 2605 bcopy(&dst, &ipha->ipha_dst, IP_ADDR_LEN); 2606 off2 -= IP_ADDR_LEN; 2607 2608 while (off1 < off2) { 2609 bcopy((char *)opt + off1, &src, IP_ADDR_LEN); 2610 bcopy((char *)opt + off2, (char *)opt + off1, 2611 IP_ADDR_LEN); 2612 bcopy(&src, (char *)opt + off2, IP_ADDR_LEN); 2613 off1 += IP_ADDR_LEN; 2614 off2 -= IP_ADDR_LEN; 2615 } 2616 opt[IPOPT_OFFSET] = IPOPT_MINOFF_SR; 2617 break; 2618 } 2619 } 2620 } 2621 2622 /* 2623 * Process received ICMP Redirect messages. 2624 * Assumes the caller has verified that the headers are in the pulled up mblk. 2625 * Consumes mp. 2626 */ 2627 static void 2628 icmp_redirect_v4(mblk_t *mp, ipha_t *ipha, icmph_t *icmph, ip_recv_attr_t *ira) 2629 { 2630 ire_t *ire, *nire; 2631 ire_t *prev_ire; 2632 ipaddr_t src, dst, gateway; 2633 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 2634 ipha_t *inner_ipha; /* Inner IP header */ 2635 2636 /* Caller already pulled up everything. */ 2637 inner_ipha = (ipha_t *)&icmph[1]; 2638 src = ipha->ipha_src; 2639 dst = inner_ipha->ipha_dst; 2640 gateway = icmph->icmph_rd_gateway; 2641 /* Make sure the new gateway is reachable somehow. */ 2642 ire = ire_ftable_lookup_v4(gateway, 0, 0, IRE_ONLINK, NULL, 2643 ALL_ZONES, NULL, MATCH_IRE_TYPE, 0, ipst, NULL); 2644 /* 2645 * Make sure we had a route for the dest in question and that 2646 * that route was pointing to the old gateway (the source of the 2647 * redirect packet.) 2648 * We do longest match and then compare ire_gateway_addr below. 2649 */ 2650 prev_ire = ire_ftable_lookup_v4(dst, 0, 0, 0, NULL, ALL_ZONES, 2651 NULL, MATCH_IRE_DSTONLY, 0, ipst, NULL); 2652 /* 2653 * Check that 2654 * the redirect was not from ourselves 2655 * the new gateway and the old gateway are directly reachable 2656 */ 2657 if (prev_ire == NULL || ire == NULL || 2658 (prev_ire->ire_type & (IRE_LOCAL|IRE_LOOPBACK)) || 2659 (prev_ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) || 2660 !(ire->ire_type & IRE_IF_ALL) || 2661 prev_ire->ire_gateway_addr != src) { 2662 BUMP_MIB(&ipst->ips_icmp_mib, icmpInBadRedirects); 2663 ip_drop_input("icmpInBadRedirects - ire", mp, ira->ira_ill); 2664 freemsg(mp); 2665 if (ire != NULL) 2666 ire_refrele(ire); 2667 if (prev_ire != NULL) 2668 ire_refrele(prev_ire); 2669 return; 2670 } 2671 2672 ire_refrele(prev_ire); 2673 ire_refrele(ire); 2674 2675 /* 2676 * TODO: more precise handling for cases 0, 2, 3, the latter two 2677 * require TOS routing 2678 */ 2679 switch (icmph->icmph_code) { 2680 case 0: 2681 case 1: 2682 /* TODO: TOS specificity for cases 2 and 3 */ 2683 case 2: 2684 case 3: 2685 break; 2686 default: 2687 BUMP_MIB(&ipst->ips_icmp_mib, icmpInBadRedirects); 2688 ip_drop_input("icmpInBadRedirects - code", mp, ira->ira_ill); 2689 freemsg(mp); 2690 return; 2691 } 2692 /* 2693 * Create a Route Association. This will allow us to remember that 2694 * someone we believe told us to use the particular gateway. 2695 */ 2696 ire = ire_create( 2697 (uchar_t *)&dst, /* dest addr */ 2698 (uchar_t *)&ip_g_all_ones, /* mask */ 2699 (uchar_t *)&gateway, /* gateway addr */ 2700 IRE_HOST, 2701 NULL, /* ill */ 2702 ALL_ZONES, 2703 (RTF_DYNAMIC | RTF_GATEWAY | RTF_HOST), 2704 NULL, /* tsol_gc_t */ 2705 ipst); 2706 2707 if (ire == NULL) { 2708 freemsg(mp); 2709 return; 2710 } 2711 nire = ire_add(ire); 2712 /* Check if it was a duplicate entry */ 2713 if (nire != NULL && nire != ire) { 2714 ASSERT(nire->ire_identical_ref > 1); 2715 ire_delete(nire); 2716 ire_refrele(nire); 2717 nire = NULL; 2718 } 2719 ire = nire; 2720 if (ire != NULL) { 2721 ire_refrele(ire); /* Held in ire_add */ 2722 2723 /* tell routing sockets that we received a redirect */ 2724 ip_rts_change(RTM_REDIRECT, dst, gateway, IP_HOST_MASK, 0, src, 2725 (RTF_DYNAMIC | RTF_GATEWAY | RTF_HOST), 0, 2726 (RTA_DST | RTA_GATEWAY | RTA_NETMASK | RTA_AUTHOR), ipst); 2727 } 2728 2729 /* 2730 * Delete any existing IRE_HOST type redirect ires for this destination. 2731 * This together with the added IRE has the effect of 2732 * modifying an existing redirect. 2733 */ 2734 prev_ire = ire_ftable_lookup_v4(dst, 0, src, IRE_HOST, NULL, 2735 ALL_ZONES, NULL, (MATCH_IRE_GW | MATCH_IRE_TYPE), 0, ipst, NULL); 2736 if (prev_ire != NULL) { 2737 if (prev_ire ->ire_flags & RTF_DYNAMIC) 2738 ire_delete(prev_ire); 2739 ire_refrele(prev_ire); 2740 } 2741 2742 freemsg(mp); 2743 } 2744 2745 /* 2746 * Generate an ICMP parameter problem message. 2747 * When called from ip_output side a minimal ip_recv_attr_t needs to be 2748 * constructed by the caller. 2749 */ 2750 static void 2751 icmp_param_problem(mblk_t *mp, uint8_t ptr, ip_recv_attr_t *ira) 2752 { 2753 icmph_t icmph; 2754 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 2755 2756 mp = icmp_pkt_err_ok(mp, ira); 2757 if (mp == NULL) 2758 return; 2759 2760 bzero(&icmph, sizeof (icmph_t)); 2761 icmph.icmph_type = ICMP_PARAM_PROBLEM; 2762 icmph.icmph_pp_ptr = ptr; 2763 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutParmProbs); 2764 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira); 2765 } 2766 2767 /* 2768 * Build and ship an IPv4 ICMP message using the packet data in mp, and 2769 * the ICMP header pointed to by "stuff". (May be called as writer.) 2770 * Note: assumes that icmp_pkt_err_ok has been called to verify that 2771 * an icmp error packet can be sent. 2772 * Assigns an appropriate source address to the packet. If ipha_dst is 2773 * one of our addresses use it for source. Otherwise let ip_output_simple 2774 * pick the source address. 2775 */ 2776 static void 2777 icmp_pkt(mblk_t *mp, void *stuff, size_t len, ip_recv_attr_t *ira) 2778 { 2779 ipaddr_t dst; 2780 icmph_t *icmph; 2781 ipha_t *ipha; 2782 uint_t len_needed; 2783 size_t msg_len; 2784 mblk_t *mp1; 2785 ipaddr_t src; 2786 ire_t *ire; 2787 ip_xmit_attr_t ixas; 2788 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 2789 2790 ipha = (ipha_t *)mp->b_rptr; 2791 2792 bzero(&ixas, sizeof (ixas)); 2793 ixas.ixa_flags = IXAF_BASIC_SIMPLE_V4; 2794 ixas.ixa_zoneid = ira->ira_zoneid; 2795 ixas.ixa_ifindex = 0; 2796 ixas.ixa_ipst = ipst; 2797 ixas.ixa_cred = kcred; 2798 ixas.ixa_cpid = NOPID; 2799 ixas.ixa_tsl = ira->ira_tsl; /* Behave as a multi-level responder */ 2800 ixas.ixa_multicast_ttl = IP_DEFAULT_MULTICAST_TTL; 2801 2802 if (ira->ira_flags & IRAF_IPSEC_SECURE) { 2803 /* 2804 * Apply IPsec based on how IPsec was applied to 2805 * the packet that had the error. 2806 * 2807 * If it was an outbound packet that caused the ICMP 2808 * error, then the caller will have setup the IRA 2809 * appropriately. 2810 */ 2811 if (!ipsec_in_to_out(ira, &ixas, mp, ipha, NULL)) { 2812 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 2813 /* Note: mp already consumed and ip_drop_packet done */ 2814 return; 2815 } 2816 } else { 2817 /* 2818 * This is in clear. The icmp message we are building 2819 * here should go out in clear, independent of our policy. 2820 */ 2821 ixas.ixa_flags |= IXAF_NO_IPSEC; 2822 } 2823 2824 /* Remember our eventual destination */ 2825 dst = ipha->ipha_src; 2826 2827 /* 2828 * If the packet was for one of our unicast addresses, make 2829 * sure we respond with that as the source. Otherwise 2830 * have ip_output_simple pick the source address. 2831 */ 2832 ire = ire_ftable_lookup_v4(ipha->ipha_dst, 0, 0, 2833 (IRE_LOCAL|IRE_LOOPBACK), NULL, ira->ira_zoneid, NULL, 2834 MATCH_IRE_TYPE|MATCH_IRE_ZONEONLY, 0, ipst, NULL); 2835 if (ire != NULL) { 2836 ire_refrele(ire); 2837 src = ipha->ipha_dst; 2838 } else { 2839 src = INADDR_ANY; 2840 ixas.ixa_flags |= IXAF_SET_SOURCE; 2841 } 2842 2843 /* 2844 * Check if we can send back more then 8 bytes in addition to 2845 * the IP header. We try to send 64 bytes of data and the internal 2846 * header in the special cases of ipv4 encapsulated ipv4 or ipv6. 2847 */ 2848 len_needed = IPH_HDR_LENGTH(ipha); 2849 if (ipha->ipha_protocol == IPPROTO_ENCAP || 2850 ipha->ipha_protocol == IPPROTO_IPV6) { 2851 if (!pullupmsg(mp, -1)) { 2852 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 2853 ip_drop_output("ipIfStatsOutDiscards", mp, NULL); 2854 freemsg(mp); 2855 return; 2856 } 2857 ipha = (ipha_t *)mp->b_rptr; 2858 2859 if (ipha->ipha_protocol == IPPROTO_ENCAP) { 2860 len_needed += IPH_HDR_LENGTH(((uchar_t *)ipha + 2861 len_needed)); 2862 } else { 2863 ip6_t *ip6h = (ip6_t *)((uchar_t *)ipha + len_needed); 2864 2865 ASSERT(ipha->ipha_protocol == IPPROTO_IPV6); 2866 len_needed += ip_hdr_length_v6(mp, ip6h); 2867 } 2868 } 2869 len_needed += ipst->ips_ip_icmp_return; 2870 msg_len = msgdsize(mp); 2871 if (msg_len > len_needed) { 2872 (void) adjmsg(mp, len_needed - msg_len); 2873 msg_len = len_needed; 2874 } 2875 mp1 = allocb(sizeof (icmp_ipha) + len, BPRI_MED); 2876 if (mp1 == NULL) { 2877 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutErrors); 2878 freemsg(mp); 2879 return; 2880 } 2881 mp1->b_cont = mp; 2882 mp = mp1; 2883 2884 /* 2885 * Set IXAF_TRUSTED_ICMP so we can let the ICMP messages this 2886 * node generates be accepted in peace by all on-host destinations. 2887 * If we do NOT assume that all on-host destinations trust 2888 * self-generated ICMP messages, then rework here, ip6.c, and spd.c. 2889 * (Look for IXAF_TRUSTED_ICMP). 2890 */ 2891 ixas.ixa_flags |= IXAF_TRUSTED_ICMP; 2892 2893 ipha = (ipha_t *)mp->b_rptr; 2894 mp1->b_wptr = (uchar_t *)ipha + (sizeof (icmp_ipha) + len); 2895 *ipha = icmp_ipha; 2896 ipha->ipha_src = src; 2897 ipha->ipha_dst = dst; 2898 ipha->ipha_ttl = ipst->ips_ip_def_ttl; 2899 msg_len += sizeof (icmp_ipha) + len; 2900 if (msg_len > IP_MAXPACKET) { 2901 (void) adjmsg(mp, IP_MAXPACKET - msg_len); 2902 msg_len = IP_MAXPACKET; 2903 } 2904 ipha->ipha_length = htons((uint16_t)msg_len); 2905 icmph = (icmph_t *)&ipha[1]; 2906 bcopy(stuff, icmph, len); 2907 icmph->icmph_checksum = 0; 2908 icmph->icmph_checksum = IP_CSUM(mp, (int32_t)sizeof (ipha_t), 0); 2909 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutMsgs); 2910 2911 (void) ip_output_simple(mp, &ixas); 2912 ixa_cleanup(&ixas); 2913 } 2914 2915 /* 2916 * Determine if an ICMP error packet can be sent given the rate limit. 2917 * The limit consists of an average frequency (icmp_pkt_err_interval measured 2918 * in milliseconds) and a burst size. Burst size number of packets can 2919 * be sent arbitrarely closely spaced. 2920 * The state is tracked using two variables to implement an approximate 2921 * token bucket filter: 2922 * icmp_pkt_err_last - lbolt value when the last burst started 2923 * icmp_pkt_err_sent - number of packets sent in current burst 2924 */ 2925 boolean_t 2926 icmp_err_rate_limit(ip_stack_t *ipst) 2927 { 2928 clock_t now = TICK_TO_MSEC(ddi_get_lbolt()); 2929 uint_t refilled; /* Number of packets refilled in tbf since last */ 2930 /* Guard against changes by loading into local variable */ 2931 uint_t err_interval = ipst->ips_ip_icmp_err_interval; 2932 2933 if (err_interval == 0) 2934 return (B_FALSE); 2935 2936 if (ipst->ips_icmp_pkt_err_last > now) { 2937 /* 100HZ lbolt in ms for 32bit arch wraps every 49.7 days */ 2938 ipst->ips_icmp_pkt_err_last = 0; 2939 ipst->ips_icmp_pkt_err_sent = 0; 2940 } 2941 /* 2942 * If we are in a burst update the token bucket filter. 2943 * Update the "last" time to be close to "now" but make sure 2944 * we don't loose precision. 2945 */ 2946 if (ipst->ips_icmp_pkt_err_sent != 0) { 2947 refilled = (now - ipst->ips_icmp_pkt_err_last)/err_interval; 2948 if (refilled > ipst->ips_icmp_pkt_err_sent) { 2949 ipst->ips_icmp_pkt_err_sent = 0; 2950 } else { 2951 ipst->ips_icmp_pkt_err_sent -= refilled; 2952 ipst->ips_icmp_pkt_err_last += refilled * err_interval; 2953 } 2954 } 2955 if (ipst->ips_icmp_pkt_err_sent == 0) { 2956 /* Start of new burst */ 2957 ipst->ips_icmp_pkt_err_last = now; 2958 } 2959 if (ipst->ips_icmp_pkt_err_sent < ipst->ips_ip_icmp_err_burst) { 2960 ipst->ips_icmp_pkt_err_sent++; 2961 ip1dbg(("icmp_err_rate_limit: %d sent in burst\n", 2962 ipst->ips_icmp_pkt_err_sent)); 2963 return (B_FALSE); 2964 } 2965 ip1dbg(("icmp_err_rate_limit: dropped\n")); 2966 return (B_TRUE); 2967 } 2968 2969 /* 2970 * Check if it is ok to send an IPv4 ICMP error packet in 2971 * response to the IPv4 packet in mp. 2972 * Free the message and return null if no 2973 * ICMP error packet should be sent. 2974 */ 2975 static mblk_t * 2976 icmp_pkt_err_ok(mblk_t *mp, ip_recv_attr_t *ira) 2977 { 2978 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 2979 icmph_t *icmph; 2980 ipha_t *ipha; 2981 uint_t len_needed; 2982 2983 if (!mp) 2984 return (NULL); 2985 ipha = (ipha_t *)mp->b_rptr; 2986 if (ip_csum_hdr(ipha)) { 2987 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInCksumErrs); 2988 ip_drop_input("ipIfStatsInCksumErrs", mp, NULL); 2989 freemsg(mp); 2990 return (NULL); 2991 } 2992 if (ip_type_v4(ipha->ipha_dst, ipst) == IRE_BROADCAST || 2993 ip_type_v4(ipha->ipha_src, ipst) == IRE_BROADCAST || 2994 CLASSD(ipha->ipha_dst) || 2995 CLASSD(ipha->ipha_src) || 2996 (ntohs(ipha->ipha_fragment_offset_and_flags) & IPH_OFFSET)) { 2997 /* Note: only errors to the fragment with offset 0 */ 2998 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops); 2999 freemsg(mp); 3000 return (NULL); 3001 } 3002 if (ipha->ipha_protocol == IPPROTO_ICMP) { 3003 /* 3004 * Check the ICMP type. RFC 1122 sez: don't send ICMP 3005 * errors in response to any ICMP errors. 3006 */ 3007 len_needed = IPH_HDR_LENGTH(ipha) + ICMPH_SIZE; 3008 if (mp->b_wptr - mp->b_rptr < len_needed) { 3009 if (!pullupmsg(mp, len_needed)) { 3010 BUMP_MIB(&ipst->ips_icmp_mib, icmpInErrors); 3011 freemsg(mp); 3012 return (NULL); 3013 } 3014 ipha = (ipha_t *)mp->b_rptr; 3015 } 3016 icmph = (icmph_t *) 3017 (&((char *)ipha)[IPH_HDR_LENGTH(ipha)]); 3018 switch (icmph->icmph_type) { 3019 case ICMP_DEST_UNREACHABLE: 3020 case ICMP_SOURCE_QUENCH: 3021 case ICMP_TIME_EXCEEDED: 3022 case ICMP_PARAM_PROBLEM: 3023 case ICMP_REDIRECT: 3024 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops); 3025 freemsg(mp); 3026 return (NULL); 3027 default: 3028 break; 3029 } 3030 } 3031 /* 3032 * If this is a labeled system, then check to see if we're allowed to 3033 * send a response to this particular sender. If not, then just drop. 3034 */ 3035 if (is_system_labeled() && !tsol_can_reply_error(mp, ira)) { 3036 ip2dbg(("icmp_pkt_err_ok: can't respond to packet\n")); 3037 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops); 3038 freemsg(mp); 3039 return (NULL); 3040 } 3041 if (icmp_err_rate_limit(ipst)) { 3042 /* 3043 * Only send ICMP error packets every so often. 3044 * This should be done on a per port/source basis, 3045 * but for now this will suffice. 3046 */ 3047 freemsg(mp); 3048 return (NULL); 3049 } 3050 return (mp); 3051 } 3052 3053 /* 3054 * Called when a packet was sent out the same link that it arrived on. 3055 * Check if it is ok to send a redirect and then send it. 3056 */ 3057 void 3058 ip_send_potential_redirect_v4(mblk_t *mp, ipha_t *ipha, ire_t *ire, 3059 ip_recv_attr_t *ira) 3060 { 3061 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 3062 ipaddr_t src, nhop; 3063 mblk_t *mp1; 3064 ire_t *nhop_ire; 3065 3066 /* 3067 * Check the source address to see if it originated 3068 * on the same logical subnet it is going back out on. 3069 * If so, we should be able to send it a redirect. 3070 * Avoid sending a redirect if the destination 3071 * is directly connected (i.e., we matched an IRE_ONLINK), 3072 * or if the packet was source routed out this interface. 3073 * 3074 * We avoid sending a redirect if the 3075 * destination is directly connected 3076 * because it is possible that multiple 3077 * IP subnets may have been configured on 3078 * the link, and the source may not 3079 * be on the same subnet as ip destination, 3080 * even though they are on the same 3081 * physical link. 3082 */ 3083 if ((ire->ire_type & IRE_ONLINK) || 3084 ip_source_routed(ipha, ipst)) 3085 return; 3086 3087 nhop_ire = ire_nexthop(ire); 3088 if (nhop_ire == NULL) 3089 return; 3090 3091 nhop = nhop_ire->ire_addr; 3092 3093 if (nhop_ire->ire_type & IRE_IF_CLONE) { 3094 ire_t *ire2; 3095 3096 /* Follow ire_dep_parent to find non-clone IRE_INTERFACE */ 3097 mutex_enter(&nhop_ire->ire_lock); 3098 ire2 = nhop_ire->ire_dep_parent; 3099 if (ire2 != NULL) 3100 ire_refhold(ire2); 3101 mutex_exit(&nhop_ire->ire_lock); 3102 ire_refrele(nhop_ire); 3103 nhop_ire = ire2; 3104 } 3105 if (nhop_ire == NULL) 3106 return; 3107 3108 ASSERT(!(nhop_ire->ire_type & IRE_IF_CLONE)); 3109 3110 src = ipha->ipha_src; 3111 3112 /* 3113 * We look at the interface ire for the nexthop, 3114 * to see if ipha_src is in the same subnet 3115 * as the nexthop. 3116 */ 3117 if ((src & nhop_ire->ire_mask) == (nhop & nhop_ire->ire_mask)) { 3118 /* 3119 * The source is directly connected. 3120 */ 3121 mp1 = copymsg(mp); 3122 if (mp1 != NULL) { 3123 icmp_send_redirect(mp1, nhop, ira); 3124 } 3125 } 3126 ire_refrele(nhop_ire); 3127 } 3128 3129 /* 3130 * Generate an ICMP redirect message. 3131 */ 3132 static void 3133 icmp_send_redirect(mblk_t *mp, ipaddr_t gateway, ip_recv_attr_t *ira) 3134 { 3135 icmph_t icmph; 3136 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 3137 3138 mp = icmp_pkt_err_ok(mp, ira); 3139 if (mp == NULL) 3140 return; 3141 3142 bzero(&icmph, sizeof (icmph_t)); 3143 icmph.icmph_type = ICMP_REDIRECT; 3144 icmph.icmph_code = 1; 3145 icmph.icmph_rd_gateway = gateway; 3146 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutRedirects); 3147 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira); 3148 } 3149 3150 /* 3151 * Generate an ICMP time exceeded message. 3152 */ 3153 void 3154 icmp_time_exceeded(mblk_t *mp, uint8_t code, ip_recv_attr_t *ira) 3155 { 3156 icmph_t icmph; 3157 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 3158 3159 mp = icmp_pkt_err_ok(mp, ira); 3160 if (mp == NULL) 3161 return; 3162 3163 bzero(&icmph, sizeof (icmph_t)); 3164 icmph.icmph_type = ICMP_TIME_EXCEEDED; 3165 icmph.icmph_code = code; 3166 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutTimeExcds); 3167 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira); 3168 } 3169 3170 /* 3171 * Generate an ICMP unreachable message. 3172 * When called from ip_output side a minimal ip_recv_attr_t needs to be 3173 * constructed by the caller. 3174 */ 3175 void 3176 icmp_unreachable(mblk_t *mp, uint8_t code, ip_recv_attr_t *ira) 3177 { 3178 icmph_t icmph; 3179 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 3180 3181 mp = icmp_pkt_err_ok(mp, ira); 3182 if (mp == NULL) 3183 return; 3184 3185 bzero(&icmph, sizeof (icmph_t)); 3186 icmph.icmph_type = ICMP_DEST_UNREACHABLE; 3187 icmph.icmph_code = code; 3188 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDestUnreachs); 3189 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira); 3190 } 3191 3192 /* 3193 * Latch in the IPsec state for a stream based the policy in the listener 3194 * and the actions in the ip_recv_attr_t. 3195 * Called directly from TCP and SCTP. 3196 */ 3197 boolean_t 3198 ip_ipsec_policy_inherit(conn_t *connp, conn_t *lconnp, ip_recv_attr_t *ira) 3199 { 3200 ASSERT(lconnp->conn_policy != NULL); 3201 ASSERT(connp->conn_policy == NULL); 3202 3203 IPPH_REFHOLD(lconnp->conn_policy); 3204 connp->conn_policy = lconnp->conn_policy; 3205 3206 if (ira->ira_ipsec_action != NULL) { 3207 if (connp->conn_latch == NULL) { 3208 connp->conn_latch = iplatch_create(); 3209 if (connp->conn_latch == NULL) 3210 return (B_FALSE); 3211 } 3212 ipsec_latch_inbound(connp, ira); 3213 } 3214 return (B_TRUE); 3215 } 3216 3217 /* 3218 * Verify whether or not the IP address is a valid local address. 3219 * Could be a unicast, including one for a down interface. 3220 * If allow_mcbc then a multicast or broadcast address is also 3221 * acceptable. 3222 * 3223 * In the case of a broadcast/multicast address, however, the 3224 * upper protocol is expected to reset the src address 3225 * to zero when we return IPVL_MCAST/IPVL_BCAST so that 3226 * no packets are emitted with broadcast/multicast address as 3227 * source address (that violates hosts requirements RFC 1122) 3228 * The addresses valid for bind are: 3229 * (1) - INADDR_ANY (0) 3230 * (2) - IP address of an UP interface 3231 * (3) - IP address of a DOWN interface 3232 * (4) - valid local IP broadcast addresses. In this case 3233 * the conn will only receive packets destined to 3234 * the specified broadcast address. 3235 * (5) - a multicast address. In this case 3236 * the conn will only receive packets destined to 3237 * the specified multicast address. Note: the 3238 * application still has to issue an 3239 * IP_ADD_MEMBERSHIP socket option. 3240 * 3241 * In all the above cases, the bound address must be valid in the current zone. 3242 * When the address is loopback, multicast or broadcast, there might be many 3243 * matching IREs so bind has to look up based on the zone. 3244 */ 3245 ip_laddr_t 3246 ip_laddr_verify_v4(ipaddr_t src_addr, zoneid_t zoneid, 3247 ip_stack_t *ipst, boolean_t allow_mcbc) 3248 { 3249 ire_t *src_ire; 3250 3251 ASSERT(src_addr != INADDR_ANY); 3252 3253 src_ire = ire_ftable_lookup_v4(src_addr, 0, 0, 0, 3254 NULL, zoneid, NULL, MATCH_IRE_ZONEONLY, 0, ipst, NULL); 3255 3256 /* 3257 * If an address other than in6addr_any is requested, 3258 * we verify that it is a valid address for bind 3259 * Note: Following code is in if-else-if form for 3260 * readability compared to a condition check. 3261 */ 3262 if (src_ire != NULL && (src_ire->ire_type & (IRE_LOCAL|IRE_LOOPBACK))) { 3263 /* 3264 * (2) Bind to address of local UP interface 3265 */ 3266 ire_refrele(src_ire); 3267 return (IPVL_UNICAST_UP); 3268 } else if (src_ire != NULL && src_ire->ire_type & IRE_BROADCAST) { 3269 /* 3270 * (4) Bind to broadcast address 3271 */ 3272 ire_refrele(src_ire); 3273 if (allow_mcbc) 3274 return (IPVL_BCAST); 3275 else 3276 return (IPVL_BAD); 3277 } else if (CLASSD(src_addr)) { 3278 /* (5) bind to multicast address. */ 3279 if (src_ire != NULL) 3280 ire_refrele(src_ire); 3281 3282 if (allow_mcbc) 3283 return (IPVL_MCAST); 3284 else 3285 return (IPVL_BAD); 3286 } else { 3287 ipif_t *ipif; 3288 3289 /* 3290 * (3) Bind to address of local DOWN interface? 3291 * (ipif_lookup_addr() looks up all interfaces 3292 * but we do not get here for UP interfaces 3293 * - case (2) above) 3294 */ 3295 if (src_ire != NULL) 3296 ire_refrele(src_ire); 3297 3298 ipif = ipif_lookup_addr(src_addr, NULL, zoneid, ipst); 3299 if (ipif == NULL) 3300 return (IPVL_BAD); 3301 3302 /* Not a useful source? */ 3303 if (ipif->ipif_flags & (IPIF_NOLOCAL | IPIF_ANYCAST)) { 3304 ipif_refrele(ipif); 3305 return (IPVL_BAD); 3306 } 3307 ipif_refrele(ipif); 3308 return (IPVL_UNICAST_DOWN); 3309 } 3310 } 3311 3312 /* 3313 * Insert in the bind fanout for IPv4 and IPv6. 3314 * The caller should already have used ip_laddr_verify_v*() before calling 3315 * this. 3316 */ 3317 int 3318 ip_laddr_fanout_insert(conn_t *connp) 3319 { 3320 int error; 3321 3322 /* 3323 * Allow setting new policies. For example, disconnects result 3324 * in us being called. As we would have set conn_policy_cached 3325 * to B_TRUE before, we should set it to B_FALSE, so that policy 3326 * can change after the disconnect. 3327 */ 3328 connp->conn_policy_cached = B_FALSE; 3329 3330 error = ipcl_bind_insert(connp); 3331 if (error != 0) { 3332 if (connp->conn_anon_port) { 3333 (void) tsol_mlp_anon(crgetzone(connp->conn_cred), 3334 connp->conn_mlp_type, connp->conn_proto, 3335 ntohs(connp->conn_lport), B_FALSE); 3336 } 3337 connp->conn_mlp_type = mlptSingle; 3338 } 3339 return (error); 3340 } 3341 3342 /* 3343 * Verify that both the source and destination addresses are valid. If 3344 * IPDF_VERIFY_DST is not set, then the destination address may be unreachable, 3345 * i.e. have no route to it. Protocols like TCP want to verify destination 3346 * reachability, while tunnels do not. 3347 * 3348 * Determine the route, the interface, and (optionally) the source address 3349 * to use to reach a given destination. 3350 * Note that we allow connect to broadcast and multicast addresses when 3351 * IPDF_ALLOW_MCBC is set. 3352 * first_hop and dst_addr are normally the same, but if source routing 3353 * they will differ; in that case the first_hop is what we'll use for the 3354 * routing lookup but the dce and label checks will be done on dst_addr, 3355 * 3356 * If uinfo is set, then we fill in the best available information 3357 * we have for the destination. This is based on (in priority order) any 3358 * metrics and path MTU stored in a dce_t, route metrics, and finally the 3359 * ill_mtu/ill_mc_mtu. 3360 * 3361 * Tsol note: If we have a source route then dst_addr != firsthop. But we 3362 * always do the label check on dst_addr. 3363 */ 3364 int 3365 ip_set_destination_v4(ipaddr_t *src_addrp, ipaddr_t dst_addr, ipaddr_t firsthop, 3366 ip_xmit_attr_t *ixa, iulp_t *uinfo, uint32_t flags, uint_t mac_mode) 3367 { 3368 ire_t *ire = NULL; 3369 int error = 0; 3370 ipaddr_t setsrc; /* RTF_SETSRC */ 3371 zoneid_t zoneid = ixa->ixa_zoneid; /* Honors SO_ALLZONES */ 3372 ip_stack_t *ipst = ixa->ixa_ipst; 3373 dce_t *dce; 3374 uint_t pmtu; 3375 uint_t generation; 3376 nce_t *nce; 3377 ill_t *ill = NULL; 3378 boolean_t multirt = B_FALSE; 3379 3380 ASSERT(ixa->ixa_flags & IXAF_IS_IPV4); 3381 3382 /* 3383 * We never send to zero; the ULPs map it to the loopback address. 3384 * We can't allow it since we use zero to mean unitialized in some 3385 * places. 3386 */ 3387 ASSERT(dst_addr != INADDR_ANY); 3388 3389 if (is_system_labeled()) { 3390 ts_label_t *tsl = NULL; 3391 3392 error = tsol_check_dest(ixa->ixa_tsl, &dst_addr, IPV4_VERSION, 3393 mac_mode, (flags & IPDF_ZONE_IS_GLOBAL) != 0, &tsl); 3394 if (error != 0) 3395 return (error); 3396 if (tsl != NULL) { 3397 /* Update the label */ 3398 ip_xmit_attr_replace_tsl(ixa, tsl); 3399 } 3400 } 3401 3402 setsrc = INADDR_ANY; 3403 /* 3404 * Select a route; For IPMP interfaces, we would only select 3405 * a "hidden" route (i.e., going through a specific under_ill) 3406 * if ixa_ifindex has been specified. 3407 */ 3408 ire = ip_select_route_v4(firsthop, *src_addrp, ixa, 3409 &generation, &setsrc, &error, &multirt); 3410 ASSERT(ire != NULL); /* IRE_NOROUTE if none found */ 3411 if (error != 0) 3412 goto bad_addr; 3413 3414 /* 3415 * ire can't be a broadcast or multicast unless IPDF_ALLOW_MCBC is set. 3416 * If IPDF_VERIFY_DST is set, the destination must be reachable; 3417 * Otherwise the destination needn't be reachable. 3418 * 3419 * If we match on a reject or black hole, then we've got a 3420 * local failure. May as well fail out the connect() attempt, 3421 * since it's never going to succeed. 3422 */ 3423 if (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) { 3424 /* 3425 * If we're verifying destination reachability, we always want 3426 * to complain here. 3427 * 3428 * If we're not verifying destination reachability but the 3429 * destination has a route, we still want to fail on the 3430 * temporary address and broadcast address tests. 3431 * 3432 * In both cases do we let the code continue so some reasonable 3433 * information is returned to the caller. That enables the 3434 * caller to use (and even cache) the IRE. conn_ip_ouput will 3435 * use the generation mismatch path to check for the unreachable 3436 * case thereby avoiding any specific check in the main path. 3437 */ 3438 ASSERT(generation == IRE_GENERATION_VERIFY); 3439 if (flags & IPDF_VERIFY_DST) { 3440 /* 3441 * Set errno but continue to set up ixa_ire to be 3442 * the RTF_REJECT|RTF_BLACKHOLE IRE. 3443 * That allows callers to use ip_output to get an 3444 * ICMP error back. 3445 */ 3446 if (!(ire->ire_type & IRE_HOST)) 3447 error = ENETUNREACH; 3448 else 3449 error = EHOSTUNREACH; 3450 } 3451 } 3452 3453 if ((ire->ire_type & (IRE_BROADCAST|IRE_MULTICAST)) && 3454 !(flags & IPDF_ALLOW_MCBC)) { 3455 ire_refrele(ire); 3456 ire = ire_reject(ipst, B_FALSE); 3457 generation = IRE_GENERATION_VERIFY; 3458 error = ENETUNREACH; 3459 } 3460 3461 /* Cache things */ 3462 if (ixa->ixa_ire != NULL) 3463 ire_refrele_notr(ixa->ixa_ire); 3464 #ifdef DEBUG 3465 ire_refhold_notr(ire); 3466 ire_refrele(ire); 3467 #endif 3468 ixa->ixa_ire = ire; 3469 ixa->ixa_ire_generation = generation; 3470 3471 /* 3472 * Ensure that ixa_dce is always set any time that ixa_ire is set, 3473 * since some callers will send a packet to conn_ip_output() even if 3474 * there's an error. 3475 */ 3476 if (flags & IPDF_UNIQUE_DCE) { 3477 /* Fallback to the default dce if allocation fails */ 3478 dce = dce_lookup_and_add_v4(dst_addr, ipst); 3479 if (dce != NULL) 3480 generation = dce->dce_generation; 3481 else 3482 dce = dce_lookup_v4(dst_addr, ipst, &generation); 3483 } else { 3484 dce = dce_lookup_v4(dst_addr, ipst, &generation); 3485 } 3486 ASSERT(dce != NULL); 3487 if (ixa->ixa_dce != NULL) 3488 dce_refrele_notr(ixa->ixa_dce); 3489 #ifdef DEBUG 3490 dce_refhold_notr(dce); 3491 dce_refrele(dce); 3492 #endif 3493 ixa->ixa_dce = dce; 3494 ixa->ixa_dce_generation = generation; 3495 3496 /* 3497 * For multicast with multirt we have a flag passed back from 3498 * ire_lookup_multi_ill_v4 since we don't have an IRE for each 3499 * possible multicast address. 3500 * We also need a flag for multicast since we can't check 3501 * whether RTF_MULTIRT is set in ixa_ire for multicast. 3502 */ 3503 if (multirt) { 3504 ixa->ixa_postfragfn = ip_postfrag_multirt_v4; 3505 ixa->ixa_flags |= IXAF_MULTIRT_MULTICAST; 3506 } else { 3507 ixa->ixa_postfragfn = ire->ire_postfragfn; 3508 ixa->ixa_flags &= ~IXAF_MULTIRT_MULTICAST; 3509 } 3510 if (!(ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE))) { 3511 /* Get an nce to cache. */ 3512 nce = ire_to_nce(ire, firsthop, NULL); 3513 if (nce == NULL) { 3514 /* Allocation failure? */ 3515 ixa->ixa_ire_generation = IRE_GENERATION_VERIFY; 3516 } else { 3517 if (ixa->ixa_nce != NULL) 3518 nce_refrele(ixa->ixa_nce); 3519 ixa->ixa_nce = nce; 3520 } 3521 } 3522 3523 /* 3524 * If the source address is a loopback address, the 3525 * destination had best be local or multicast. 3526 * If we are sending to an IRE_LOCAL using a loopback source then 3527 * it had better be the same zoneid. 3528 */ 3529 if (*src_addrp == htonl(INADDR_LOOPBACK)) { 3530 if ((ire->ire_type & IRE_LOCAL) && ire->ire_zoneid != zoneid) { 3531 ire = NULL; /* Stored in ixa_ire */ 3532 error = EADDRNOTAVAIL; 3533 goto bad_addr; 3534 } 3535 if (!(ire->ire_type & (IRE_LOOPBACK|IRE_LOCAL|IRE_MULTICAST))) { 3536 ire = NULL; /* Stored in ixa_ire */ 3537 error = EADDRNOTAVAIL; 3538 goto bad_addr; 3539 } 3540 } 3541 if (ire->ire_type & IRE_BROADCAST) { 3542 /* 3543 * If the ULP didn't have a specified source, then we 3544 * make sure we reselect the source when sending 3545 * broadcasts out different interfaces. 3546 */ 3547 if (flags & IPDF_SELECT_SRC) 3548 ixa->ixa_flags |= IXAF_SET_SOURCE; 3549 else 3550 ixa->ixa_flags &= ~IXAF_SET_SOURCE; 3551 } 3552 3553 /* 3554 * Does the caller want us to pick a source address? 3555 */ 3556 if (flags & IPDF_SELECT_SRC) { 3557 ipaddr_t src_addr; 3558 3559 /* 3560 * We use use ire_nexthop_ill to avoid the under ipmp 3561 * interface for source address selection. Note that for ipmp 3562 * probe packets, ixa_ifindex would have been specified, and 3563 * the ip_select_route() invocation would have picked an ire 3564 * will ire_ill pointing at an under interface. 3565 */ 3566 ill = ire_nexthop_ill(ire); 3567 3568 /* If unreachable we have no ill but need some source */ 3569 if (ill == NULL) { 3570 src_addr = htonl(INADDR_LOOPBACK); 3571 /* Make sure we look for a better source address */ 3572 generation = SRC_GENERATION_VERIFY; 3573 } else { 3574 error = ip_select_source_v4(ill, setsrc, dst_addr, 3575 ixa->ixa_multicast_ifaddr, zoneid, 3576 ipst, &src_addr, &generation, NULL); 3577 if (error != 0) { 3578 ire = NULL; /* Stored in ixa_ire */ 3579 goto bad_addr; 3580 } 3581 } 3582 3583 /* 3584 * We allow the source address to to down. 3585 * However, we check that we don't use the loopback address 3586 * as a source when sending out on the wire. 3587 */ 3588 if ((src_addr == htonl(INADDR_LOOPBACK)) && 3589 !(ire->ire_type & (IRE_LOCAL|IRE_LOOPBACK|IRE_MULTICAST)) && 3590 !(ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE))) { 3591 ire = NULL; /* Stored in ixa_ire */ 3592 error = EADDRNOTAVAIL; 3593 goto bad_addr; 3594 } 3595 3596 *src_addrp = src_addr; 3597 ixa->ixa_src_generation = generation; 3598 } 3599 3600 /* 3601 * Make sure we don't leave an unreachable ixa_nce in place 3602 * since ip_select_route is used when we unplumb i.e., remove 3603 * references on ixa_ire, ixa_nce, and ixa_dce. 3604 */ 3605 nce = ixa->ixa_nce; 3606 if (nce != NULL && nce->nce_is_condemned) { 3607 nce_refrele(nce); 3608 ixa->ixa_nce = NULL; 3609 ixa->ixa_ire_generation = IRE_GENERATION_VERIFY; 3610 } 3611 3612 /* 3613 * The caller has set IXAF_PMTU_DISCOVERY if path MTU is desired. 3614 * However, we can't do it for IPv4 multicast or broadcast. 3615 */ 3616 if (ire->ire_type & (IRE_BROADCAST|IRE_MULTICAST)) 3617 ixa->ixa_flags &= ~IXAF_PMTU_DISCOVERY; 3618 3619 /* 3620 * Set initial value for fragmentation limit. Either conn_ip_output 3621 * or ULP might updates it when there are routing changes. 3622 * Handles a NULL ixa_ire->ire_ill or a NULL ixa_nce for RTF_REJECT. 3623 */ 3624 pmtu = ip_get_pmtu(ixa); 3625 ixa->ixa_fragsize = pmtu; 3626 /* Make sure ixa_fragsize and ixa_pmtu remain identical */ 3627 if (ixa->ixa_flags & IXAF_VERIFY_PMTU) 3628 ixa->ixa_pmtu = pmtu; 3629 3630 /* 3631 * Extract information useful for some transports. 3632 * First we look for DCE metrics. Then we take what we have in 3633 * the metrics in the route, where the offlink is used if we have 3634 * one. 3635 */ 3636 if (uinfo != NULL) { 3637 bzero(uinfo, sizeof (*uinfo)); 3638 3639 if (dce->dce_flags & DCEF_UINFO) 3640 *uinfo = dce->dce_uinfo; 3641 3642 rts_merge_metrics(uinfo, &ire->ire_metrics); 3643 3644 /* Allow ire_metrics to decrease the path MTU from above */ 3645 if (uinfo->iulp_mtu == 0 || uinfo->iulp_mtu > pmtu) 3646 uinfo->iulp_mtu = pmtu; 3647 3648 uinfo->iulp_localnet = (ire->ire_type & IRE_ONLINK) != 0; 3649 uinfo->iulp_loopback = (ire->ire_type & IRE_LOOPBACK) != 0; 3650 uinfo->iulp_local = (ire->ire_type & IRE_LOCAL) != 0; 3651 } 3652 3653 if (ill != NULL) 3654 ill_refrele(ill); 3655 3656 return (error); 3657 3658 bad_addr: 3659 if (ire != NULL) 3660 ire_refrele(ire); 3661 3662 if (ill != NULL) 3663 ill_refrele(ill); 3664 3665 /* 3666 * Make sure we don't leave an unreachable ixa_nce in place 3667 * since ip_select_route is used when we unplumb i.e., remove 3668 * references on ixa_ire, ixa_nce, and ixa_dce. 3669 */ 3670 nce = ixa->ixa_nce; 3671 if (nce != NULL && nce->nce_is_condemned) { 3672 nce_refrele(nce); 3673 ixa->ixa_nce = NULL; 3674 ixa->ixa_ire_generation = IRE_GENERATION_VERIFY; 3675 } 3676 3677 return (error); 3678 } 3679 3680 3681 /* 3682 * Get the base MTU for the case when path MTU discovery is not used. 3683 * Takes the MTU of the IRE into account. 3684 */ 3685 uint_t 3686 ip_get_base_mtu(ill_t *ill, ire_t *ire) 3687 { 3688 uint_t mtu; 3689 uint_t iremtu = ire->ire_metrics.iulp_mtu; 3690 3691 if (ire->ire_type & (IRE_MULTICAST|IRE_BROADCAST)) 3692 mtu = ill->ill_mc_mtu; 3693 else 3694 mtu = ill->ill_mtu; 3695 3696 if (iremtu != 0 && iremtu < mtu) 3697 mtu = iremtu; 3698 3699 return (mtu); 3700 } 3701 3702 /* 3703 * Get the PMTU for the attributes. Handles both IPv4 and IPv6. 3704 * Assumes that ixa_ire, dce, and nce have already been set up. 3705 * 3706 * The caller has set IXAF_PMTU_DISCOVERY if path MTU discovery is desired. 3707 * We avoid path MTU discovery if it is disabled with ndd. 3708 * Furtermore, if the path MTU is too small, then we don't set DF for IPv4. 3709 * 3710 * NOTE: We also used to turn it off for source routed packets. That 3711 * is no longer required since the dce is per final destination. 3712 */ 3713 uint_t 3714 ip_get_pmtu(ip_xmit_attr_t *ixa) 3715 { 3716 ip_stack_t *ipst = ixa->ixa_ipst; 3717 dce_t *dce; 3718 nce_t *nce; 3719 ire_t *ire; 3720 uint_t pmtu; 3721 3722 ire = ixa->ixa_ire; 3723 dce = ixa->ixa_dce; 3724 nce = ixa->ixa_nce; 3725 3726 /* 3727 * If path MTU discovery has been turned off by ndd, then we ignore 3728 * any dce_pmtu and for IPv4 we will not set DF. 3729 */ 3730 if (!ipst->ips_ip_path_mtu_discovery) 3731 ixa->ixa_flags &= ~IXAF_PMTU_DISCOVERY; 3732 3733 pmtu = IP_MAXPACKET; 3734 /* 3735 * Decide whether whether IPv4 sets DF 3736 * For IPv6 "no DF" means to use the 1280 mtu 3737 */ 3738 if (ixa->ixa_flags & IXAF_PMTU_DISCOVERY) { 3739 ixa->ixa_flags |= IXAF_PMTU_IPV4_DF; 3740 } else { 3741 ixa->ixa_flags &= ~IXAF_PMTU_IPV4_DF; 3742 if (!(ixa->ixa_flags & IXAF_IS_IPV4)) 3743 pmtu = IPV6_MIN_MTU; 3744 } 3745 3746 /* Check if the PMTU is to old before we use it */ 3747 if ((dce->dce_flags & DCEF_PMTU) && 3748 TICK_TO_SEC(ddi_get_lbolt64()) - dce->dce_last_change_time > 3749 ipst->ips_ip_pathmtu_interval) { 3750 /* 3751 * Older than 20 minutes. Drop the path MTU information. 3752 */ 3753 mutex_enter(&dce->dce_lock); 3754 dce->dce_flags &= ~(DCEF_PMTU|DCEF_TOO_SMALL_PMTU); 3755 dce->dce_last_change_time = TICK_TO_SEC(ddi_get_lbolt64()); 3756 mutex_exit(&dce->dce_lock); 3757 dce_increment_generation(dce); 3758 } 3759 3760 /* The metrics on the route can lower the path MTU */ 3761 if (ire->ire_metrics.iulp_mtu != 0 && 3762 ire->ire_metrics.iulp_mtu < pmtu) 3763 pmtu = ire->ire_metrics.iulp_mtu; 3764 3765 /* 3766 * If the path MTU is smaller than some minimum, we still use dce_pmtu 3767 * above (would be 576 for IPv4 and 1280 for IPv6), but we clear 3768 * IXAF_PMTU_IPV4_DF so that we avoid setting DF for IPv4. 3769 */ 3770 if (ixa->ixa_flags & IXAF_PMTU_DISCOVERY) { 3771 if (dce->dce_flags & DCEF_PMTU) { 3772 if (dce->dce_pmtu < pmtu) 3773 pmtu = dce->dce_pmtu; 3774 3775 if (dce->dce_flags & DCEF_TOO_SMALL_PMTU) { 3776 ixa->ixa_flags |= IXAF_PMTU_TOO_SMALL; 3777 ixa->ixa_flags &= ~IXAF_PMTU_IPV4_DF; 3778 } else { 3779 ixa->ixa_flags &= ~IXAF_PMTU_TOO_SMALL; 3780 ixa->ixa_flags |= IXAF_PMTU_IPV4_DF; 3781 } 3782 } else { 3783 ixa->ixa_flags &= ~IXAF_PMTU_TOO_SMALL; 3784 ixa->ixa_flags |= IXAF_PMTU_IPV4_DF; 3785 } 3786 } 3787 3788 /* 3789 * If we have an IRE_LOCAL we use the loopback mtu instead of 3790 * the ill for going out the wire i.e., IRE_LOCAL gets the same 3791 * mtu as IRE_LOOPBACK. 3792 */ 3793 if (ire->ire_type & (IRE_LOCAL|IRE_LOOPBACK)) { 3794 uint_t loopback_mtu; 3795 3796 loopback_mtu = (ire->ire_ipversion == IPV6_VERSION) ? 3797 ip_loopback_mtu_v6plus : ip_loopback_mtuplus; 3798 3799 if (loopback_mtu < pmtu) 3800 pmtu = loopback_mtu; 3801 } else if (nce != NULL) { 3802 /* 3803 * Make sure we don't exceed the interface MTU. 3804 * In the case of RTF_REJECT or RTF_BLACKHOLE we might not have 3805 * an ill. We'd use the above IP_MAXPACKET in that case just 3806 * to tell the transport something larger than zero. 3807 */ 3808 if (ire->ire_type & (IRE_MULTICAST|IRE_BROADCAST)) { 3809 if (nce->nce_common->ncec_ill->ill_mc_mtu < pmtu) 3810 pmtu = nce->nce_common->ncec_ill->ill_mc_mtu; 3811 if (nce->nce_common->ncec_ill != nce->nce_ill && 3812 nce->nce_ill->ill_mc_mtu < pmtu) { 3813 /* 3814 * for interfaces in an IPMP group, the mtu of 3815 * the nce_ill (under_ill) could be different 3816 * from the mtu of the ncec_ill, so we take the 3817 * min of the two. 3818 */ 3819 pmtu = nce->nce_ill->ill_mc_mtu; 3820 } 3821 } else { 3822 if (nce->nce_common->ncec_ill->ill_mtu < pmtu) 3823 pmtu = nce->nce_common->ncec_ill->ill_mtu; 3824 if (nce->nce_common->ncec_ill != nce->nce_ill && 3825 nce->nce_ill->ill_mtu < pmtu) { 3826 /* 3827 * for interfaces in an IPMP group, the mtu of 3828 * the nce_ill (under_ill) could be different 3829 * from the mtu of the ncec_ill, so we take the 3830 * min of the two. 3831 */ 3832 pmtu = nce->nce_ill->ill_mtu; 3833 } 3834 } 3835 } 3836 3837 /* 3838 * Handle the IPV6_USE_MIN_MTU socket option or ancillary data. 3839 * Only applies to IPv6. 3840 */ 3841 if (!(ixa->ixa_flags & IXAF_IS_IPV4)) { 3842 if (ixa->ixa_flags & IXAF_USE_MIN_MTU) { 3843 switch (ixa->ixa_use_min_mtu) { 3844 case IPV6_USE_MIN_MTU_MULTICAST: 3845 if (ire->ire_type & IRE_MULTICAST) 3846 pmtu = IPV6_MIN_MTU; 3847 break; 3848 case IPV6_USE_MIN_MTU_ALWAYS: 3849 pmtu = IPV6_MIN_MTU; 3850 break; 3851 case IPV6_USE_MIN_MTU_NEVER: 3852 break; 3853 } 3854 } else { 3855 /* Default is IPV6_USE_MIN_MTU_MULTICAST */ 3856 if (ire->ire_type & IRE_MULTICAST) 3857 pmtu = IPV6_MIN_MTU; 3858 } 3859 } 3860 3861 /* 3862 * After receiving an ICMPv6 "packet too big" message with a 3863 * MTU < 1280, and for multirouted IPv6 packets, the IP layer 3864 * will insert a 8-byte fragment header in every packet. We compensate 3865 * for those cases by returning a smaller path MTU to the ULP. 3866 * 3867 * In the case of CGTP then ip_output will add a fragment header. 3868 * Make sure there is room for it by telling a smaller number 3869 * to the transport. 3870 * 3871 * When IXAF_IPV6_ADDR_FRAGHDR we subtract the frag hdr here 3872 * so the ULPs consistently see a iulp_pmtu and ip_get_pmtu() 3873 * which is the size of the packets it can send. 3874 */ 3875 if (!(ixa->ixa_flags & IXAF_IS_IPV4)) { 3876 if ((dce->dce_flags & DCEF_TOO_SMALL_PMTU) || 3877 (ire->ire_flags & RTF_MULTIRT) || 3878 (ixa->ixa_flags & IXAF_MULTIRT_MULTICAST)) { 3879 pmtu -= sizeof (ip6_frag_t); 3880 ixa->ixa_flags |= IXAF_IPV6_ADD_FRAGHDR; 3881 } 3882 } 3883 3884 return (pmtu); 3885 } 3886 3887 /* 3888 * Carve "len" bytes out of an mblk chain, consuming any we empty, and duping 3889 * the final piece where we don't. Return a pointer to the first mblk in the 3890 * result, and update the pointer to the next mblk to chew on. If anything 3891 * goes wrong (i.e., dupb fails), we waste everything in sight and return a 3892 * NULL pointer. 3893 */ 3894 mblk_t * 3895 ip_carve_mp(mblk_t **mpp, ssize_t len) 3896 { 3897 mblk_t *mp0; 3898 mblk_t *mp1; 3899 mblk_t *mp2; 3900 3901 if (!len || !mpp || !(mp0 = *mpp)) 3902 return (NULL); 3903 /* If we aren't going to consume the first mblk, we need a dup. */ 3904 if (mp0->b_wptr - mp0->b_rptr > len) { 3905 mp1 = dupb(mp0); 3906 if (mp1) { 3907 /* Partition the data between the two mblks. */ 3908 mp1->b_wptr = mp1->b_rptr + len; 3909 mp0->b_rptr = mp1->b_wptr; 3910 /* 3911 * after adjustments if mblk not consumed is now 3912 * unaligned, try to align it. If this fails free 3913 * all messages and let upper layer recover. 3914 */ 3915 if (!OK_32PTR(mp0->b_rptr)) { 3916 if (!pullupmsg(mp0, -1)) { 3917 freemsg(mp0); 3918 freemsg(mp1); 3919 *mpp = NULL; 3920 return (NULL); 3921 } 3922 } 3923 } 3924 return (mp1); 3925 } 3926 /* Eat through as many mblks as we need to get len bytes. */ 3927 len -= mp0->b_wptr - mp0->b_rptr; 3928 for (mp2 = mp1 = mp0; (mp2 = mp2->b_cont) != 0 && len; mp1 = mp2) { 3929 if (mp2->b_wptr - mp2->b_rptr > len) { 3930 /* 3931 * We won't consume the entire last mblk. Like 3932 * above, dup and partition it. 3933 */ 3934 mp1->b_cont = dupb(mp2); 3935 mp1 = mp1->b_cont; 3936 if (!mp1) { 3937 /* 3938 * Trouble. Rather than go to a lot of 3939 * trouble to clean up, we free the messages. 3940 * This won't be any worse than losing it on 3941 * the wire. 3942 */ 3943 freemsg(mp0); 3944 freemsg(mp2); 3945 *mpp = NULL; 3946 return (NULL); 3947 } 3948 mp1->b_wptr = mp1->b_rptr + len; 3949 mp2->b_rptr = mp1->b_wptr; 3950 /* 3951 * after adjustments if mblk not consumed is now 3952 * unaligned, try to align it. If this fails free 3953 * all messages and let upper layer recover. 3954 */ 3955 if (!OK_32PTR(mp2->b_rptr)) { 3956 if (!pullupmsg(mp2, -1)) { 3957 freemsg(mp0); 3958 freemsg(mp2); 3959 *mpp = NULL; 3960 return (NULL); 3961 } 3962 } 3963 *mpp = mp2; 3964 return (mp0); 3965 } 3966 /* Decrement len by the amount we just got. */ 3967 len -= mp2->b_wptr - mp2->b_rptr; 3968 } 3969 /* 3970 * len should be reduced to zero now. If not our caller has 3971 * screwed up. 3972 */ 3973 if (len) { 3974 /* Shouldn't happen! */ 3975 freemsg(mp0); 3976 *mpp = NULL; 3977 return (NULL); 3978 } 3979 /* 3980 * We consumed up to exactly the end of an mblk. Detach the part 3981 * we are returning from the rest of the chain. 3982 */ 3983 mp1->b_cont = NULL; 3984 *mpp = mp2; 3985 return (mp0); 3986 } 3987 3988 /* The ill stream is being unplumbed. Called from ip_close */ 3989 int 3990 ip_modclose(ill_t *ill) 3991 { 3992 boolean_t success; 3993 ipsq_t *ipsq; 3994 ipif_t *ipif; 3995 queue_t *q = ill->ill_rq; 3996 ip_stack_t *ipst = ill->ill_ipst; 3997 int i; 3998 arl_ill_common_t *ai = ill->ill_common; 3999 4000 /* 4001 * The punlink prior to this may have initiated a capability 4002 * negotiation. But ipsq_enter will block until that finishes or 4003 * times out. 4004 */ 4005 success = ipsq_enter(ill, B_FALSE, NEW_OP); 4006 4007 /* 4008 * Open/close/push/pop is guaranteed to be single threaded 4009 * per stream by STREAMS. FS guarantees that all references 4010 * from top are gone before close is called. So there can't 4011 * be another close thread that has set CONDEMNED on this ill. 4012 * and cause ipsq_enter to return failure. 4013 */ 4014 ASSERT(success); 4015 ipsq = ill->ill_phyint->phyint_ipsq; 4016 4017 /* 4018 * Mark it condemned. No new reference will be made to this ill. 4019 * Lookup functions will return an error. Threads that try to 4020 * increment the refcnt must check for ILL_CAN_LOOKUP. This ensures 4021 * that the refcnt will drop down to zero. 4022 */ 4023 mutex_enter(&ill->ill_lock); 4024 ill->ill_state_flags |= ILL_CONDEMNED; 4025 for (ipif = ill->ill_ipif; ipif != NULL; 4026 ipif = ipif->ipif_next) { 4027 ipif->ipif_state_flags |= IPIF_CONDEMNED; 4028 } 4029 /* 4030 * Wake up anybody waiting to enter the ipsq. ipsq_enter 4031 * returns error if ILL_CONDEMNED is set 4032 */ 4033 cv_broadcast(&ill->ill_cv); 4034 mutex_exit(&ill->ill_lock); 4035 4036 /* 4037 * Send all the deferred DLPI messages downstream which came in 4038 * during the small window right before ipsq_enter(). We do this 4039 * without waiting for the ACKs because all the ACKs for M_PROTO 4040 * messages are ignored in ip_rput() when ILL_CONDEMNED is set. 4041 */ 4042 ill_dlpi_send_deferred(ill); 4043 4044 /* 4045 * Shut down fragmentation reassembly. 4046 * ill_frag_timer won't start a timer again. 4047 * Now cancel any existing timer 4048 */ 4049 (void) untimeout(ill->ill_frag_timer_id); 4050 (void) ill_frag_timeout(ill, 0); 4051 4052 /* 4053 * Call ill_delete to bring down the ipifs, ilms and ill on 4054 * this ill. Then wait for the refcnts to drop to zero. 4055 * ill_is_freeable checks whether the ill is really quiescent. 4056 * Then make sure that threads that are waiting to enter the 4057 * ipsq have seen the error returned by ipsq_enter and have 4058 * gone away. Then we call ill_delete_tail which does the 4059 * DL_UNBIND_REQ with the driver and then qprocsoff. 4060 */ 4061 ill_delete(ill); 4062 mutex_enter(&ill->ill_lock); 4063 while (!ill_is_freeable(ill)) 4064 cv_wait(&ill->ill_cv, &ill->ill_lock); 4065 4066 while (ill->ill_waiters) 4067 cv_wait(&ill->ill_cv, &ill->ill_lock); 4068 4069 mutex_exit(&ill->ill_lock); 4070 4071 /* 4072 * ill_delete_tail drops reference on ill_ipst, but we need to keep 4073 * it held until the end of the function since the cleanup 4074 * below needs to be able to use the ip_stack_t. 4075 */ 4076 netstack_hold(ipst->ips_netstack); 4077 4078 /* qprocsoff is done via ill_delete_tail */ 4079 ill_delete_tail(ill); 4080 /* 4081 * synchronously wait for arp stream to unbind. After this, we 4082 * cannot get any data packets up from the driver. 4083 */ 4084 arp_unbind_complete(ill); 4085 ASSERT(ill->ill_ipst == NULL); 4086 4087 /* 4088 * Walk through all conns and qenable those that have queued data. 4089 * Close synchronization needs this to 4090 * be done to ensure that all upper layers blocked 4091 * due to flow control to the closing device 4092 * get unblocked. 4093 */ 4094 ip1dbg(("ip_wsrv: walking\n")); 4095 for (i = 0; i < TX_FANOUT_SIZE; i++) { 4096 conn_walk_drain(ipst, &ipst->ips_idl_tx_list[i]); 4097 } 4098 4099 /* 4100 * ai can be null if this is an IPv6 ill, or if the IPv4 4101 * stream is being torn down before ARP was plumbed (e.g., 4102 * /sbin/ifconfig plumbing a stream twice, and encountering 4103 * an error 4104 */ 4105 if (ai != NULL) { 4106 ASSERT(!ill->ill_isv6); 4107 mutex_enter(&ai->ai_lock); 4108 ai->ai_ill = NULL; 4109 if (ai->ai_arl == NULL) { 4110 mutex_destroy(&ai->ai_lock); 4111 kmem_free(ai, sizeof (*ai)); 4112 } else { 4113 cv_signal(&ai->ai_ill_unplumb_done); 4114 mutex_exit(&ai->ai_lock); 4115 } 4116 } 4117 4118 mutex_enter(&ipst->ips_ip_mi_lock); 4119 mi_close_unlink(&ipst->ips_ip_g_head, (IDP)ill); 4120 mutex_exit(&ipst->ips_ip_mi_lock); 4121 4122 /* 4123 * credp could be null if the open didn't succeed and ip_modopen 4124 * itself calls ip_close. 4125 */ 4126 if (ill->ill_credp != NULL) 4127 crfree(ill->ill_credp); 4128 4129 mutex_destroy(&ill->ill_saved_ire_lock); 4130 mutex_destroy(&ill->ill_lock); 4131 rw_destroy(&ill->ill_mcast_lock); 4132 mutex_destroy(&ill->ill_mcast_serializer); 4133 list_destroy(&ill->ill_nce); 4134 4135 /* 4136 * Now we are done with the module close pieces that 4137 * need the netstack_t. 4138 */ 4139 netstack_rele(ipst->ips_netstack); 4140 4141 mi_close_free((IDP)ill); 4142 q->q_ptr = WR(q)->q_ptr = NULL; 4143 4144 ipsq_exit(ipsq); 4145 4146 return (0); 4147 } 4148 4149 /* 4150 * This is called as part of close() for IP, UDP, ICMP, and RTS 4151 * in order to quiesce the conn. 4152 */ 4153 void 4154 ip_quiesce_conn(conn_t *connp) 4155 { 4156 boolean_t drain_cleanup_reqd = B_FALSE; 4157 boolean_t conn_ioctl_cleanup_reqd = B_FALSE; 4158 boolean_t ilg_cleanup_reqd = B_FALSE; 4159 ip_stack_t *ipst; 4160 4161 ASSERT(!IPCL_IS_TCP(connp)); 4162 ipst = connp->conn_netstack->netstack_ip; 4163 4164 /* 4165 * Mark the conn as closing, and this conn must not be 4166 * inserted in future into any list. Eg. conn_drain_insert(), 4167 * won't insert this conn into the conn_drain_list. 4168 * 4169 * conn_idl, and conn_ilg cannot get set henceforth. 4170 */ 4171 mutex_enter(&connp->conn_lock); 4172 ASSERT(!(connp->conn_state_flags & CONN_QUIESCED)); 4173 connp->conn_state_flags |= CONN_CLOSING; 4174 if (connp->conn_idl != NULL) 4175 drain_cleanup_reqd = B_TRUE; 4176 if (connp->conn_oper_pending_ill != NULL) 4177 conn_ioctl_cleanup_reqd = B_TRUE; 4178 if (connp->conn_dhcpinit_ill != NULL) { 4179 ASSERT(connp->conn_dhcpinit_ill->ill_dhcpinit != 0); 4180 atomic_dec_32(&connp->conn_dhcpinit_ill->ill_dhcpinit); 4181 ill_set_inputfn(connp->conn_dhcpinit_ill); 4182 connp->conn_dhcpinit_ill = NULL; 4183 } 4184 if (connp->conn_ilg != NULL) 4185 ilg_cleanup_reqd = B_TRUE; 4186 mutex_exit(&connp->conn_lock); 4187 4188 if (conn_ioctl_cleanup_reqd) 4189 conn_ioctl_cleanup(connp); 4190 4191 if (is_system_labeled() && connp->conn_anon_port) { 4192 (void) tsol_mlp_anon(crgetzone(connp->conn_cred), 4193 connp->conn_mlp_type, connp->conn_proto, 4194 ntohs(connp->conn_lport), B_FALSE); 4195 connp->conn_anon_port = 0; 4196 } 4197 connp->conn_mlp_type = mlptSingle; 4198 4199 /* 4200 * Remove this conn from any fanout list it is on. 4201 * and then wait for any threads currently operating 4202 * on this endpoint to finish 4203 */ 4204 ipcl_hash_remove(connp); 4205 4206 /* 4207 * Remove this conn from the drain list, and do any other cleanup that 4208 * may be required. (TCP conns are never flow controlled, and 4209 * conn_idl will be NULL.) 4210 */ 4211 if (drain_cleanup_reqd && connp->conn_idl != NULL) { 4212 idl_t *idl = connp->conn_idl; 4213 4214 mutex_enter(&idl->idl_lock); 4215 conn_drain(connp, B_TRUE); 4216 mutex_exit(&idl->idl_lock); 4217 } 4218 4219 if (connp == ipst->ips_ip_g_mrouter) 4220 (void) ip_mrouter_done(ipst); 4221 4222 if (ilg_cleanup_reqd) 4223 ilg_delete_all(connp); 4224 4225 /* 4226 * Now conn refcnt can increase only thru CONN_INC_REF_LOCKED. 4227 * callers from write side can't be there now because close 4228 * is in progress. The only other caller is ipcl_walk 4229 * which checks for the condemned flag. 4230 */ 4231 mutex_enter(&connp->conn_lock); 4232 connp->conn_state_flags |= CONN_CONDEMNED; 4233 while (connp->conn_ref != 1) 4234 cv_wait(&connp->conn_cv, &connp->conn_lock); 4235 connp->conn_state_flags |= CONN_QUIESCED; 4236 mutex_exit(&connp->conn_lock); 4237 } 4238 4239 /* ARGSUSED */ 4240 int 4241 ip_close(queue_t *q, int flags) 4242 { 4243 conn_t *connp; 4244 4245 /* 4246 * Call the appropriate delete routine depending on whether this is 4247 * a module or device. 4248 */ 4249 if (WR(q)->q_next != NULL) { 4250 /* This is a module close */ 4251 return (ip_modclose((ill_t *)q->q_ptr)); 4252 } 4253 4254 connp = q->q_ptr; 4255 ip_quiesce_conn(connp); 4256 4257 qprocsoff(q); 4258 4259 /* 4260 * Now we are truly single threaded on this stream, and can 4261 * delete the things hanging off the connp, and finally the connp. 4262 * We removed this connp from the fanout list, it cannot be 4263 * accessed thru the fanouts, and we already waited for the 4264 * conn_ref to drop to 0. We are already in close, so 4265 * there cannot be any other thread from the top. qprocsoff 4266 * has completed, and service has completed or won't run in 4267 * future. 4268 */ 4269 ASSERT(connp->conn_ref == 1); 4270 4271 inet_minor_free(connp->conn_minor_arena, connp->conn_dev); 4272 4273 connp->conn_ref--; 4274 ipcl_conn_destroy(connp); 4275 4276 q->q_ptr = WR(q)->q_ptr = NULL; 4277 return (0); 4278 } 4279 4280 /* 4281 * Wapper around putnext() so that ip_rts_request can merely use 4282 * conn_recv. 4283 */ 4284 /*ARGSUSED2*/ 4285 static void 4286 ip_conn_input(void *arg1, mblk_t *mp, void *arg2, ip_recv_attr_t *ira) 4287 { 4288 conn_t *connp = (conn_t *)arg1; 4289 4290 putnext(connp->conn_rq, mp); 4291 } 4292 4293 /* Dummy in case ICMP error delivery is attempted to a /dev/ip instance */ 4294 /* ARGSUSED */ 4295 static void 4296 ip_conn_input_icmp(void *arg1, mblk_t *mp, void *arg2, ip_recv_attr_t *ira) 4297 { 4298 freemsg(mp); 4299 } 4300 4301 /* 4302 * Called when the module is about to be unloaded 4303 */ 4304 void 4305 ip_ddi_destroy(void) 4306 { 4307 /* This needs to be called before destroying any transports. */ 4308 mutex_enter(&cpu_lock); 4309 unregister_cpu_setup_func(ip_tp_cpu_update, NULL); 4310 mutex_exit(&cpu_lock); 4311 4312 tnet_fini(); 4313 4314 icmp_ddi_g_destroy(); 4315 rts_ddi_g_destroy(); 4316 udp_ddi_g_destroy(); 4317 dccp_ddi_g_destroy(); 4318 sctp_ddi_g_destroy(); 4319 tcp_ddi_g_destroy(); 4320 ilb_ddi_g_destroy(); 4321 dce_g_destroy(); 4322 ipsec_policy_g_destroy(); 4323 ipcl_g_destroy(); 4324 ip_net_g_destroy(); 4325 ip_ire_g_fini(); 4326 inet_minor_destroy(ip_minor_arena_sa); 4327 #if defined(_LP64) 4328 inet_minor_destroy(ip_minor_arena_la); 4329 #endif 4330 4331 #ifdef DEBUG 4332 list_destroy(&ip_thread_list); 4333 rw_destroy(&ip_thread_rwlock); 4334 tsd_destroy(&ip_thread_data); 4335 #endif 4336 4337 netstack_unregister(NS_IP); 4338 } 4339 4340 /* 4341 * First step in cleanup. 4342 */ 4343 /* ARGSUSED */ 4344 static void 4345 ip_stack_shutdown(netstackid_t stackid, void *arg) 4346 { 4347 ip_stack_t *ipst = (ip_stack_t *)arg; 4348 4349 #ifdef NS_DEBUG 4350 printf("ip_stack_shutdown(%p, stack %d)\n", (void *)ipst, stackid); 4351 #endif 4352 4353 /* 4354 * Perform cleanup for special interfaces (loopback and IPMP). 4355 */ 4356 ip_interface_cleanup(ipst); 4357 4358 /* 4359 * The *_hook_shutdown()s start the process of notifying any 4360 * consumers that things are going away.... nothing is destroyed. 4361 */ 4362 ipv4_hook_shutdown(ipst); 4363 ipv6_hook_shutdown(ipst); 4364 arp_hook_shutdown(ipst); 4365 4366 mutex_enter(&ipst->ips_capab_taskq_lock); 4367 ipst->ips_capab_taskq_quit = B_TRUE; 4368 cv_signal(&ipst->ips_capab_taskq_cv); 4369 mutex_exit(&ipst->ips_capab_taskq_lock); 4370 } 4371 4372 /* 4373 * Free the IP stack instance. 4374 */ 4375 static void 4376 ip_stack_fini(netstackid_t stackid, void *arg) 4377 { 4378 ip_stack_t *ipst = (ip_stack_t *)arg; 4379 int ret; 4380 4381 #ifdef NS_DEBUG 4382 printf("ip_stack_fini(%p, stack %d)\n", (void *)ipst, stackid); 4383 #endif 4384 /* 4385 * At this point, all of the notifications that the events and 4386 * protocols are going away have been run, meaning that we can 4387 * now set about starting to clean things up. 4388 */ 4389 ipobs_fini(ipst); 4390 ipv4_hook_destroy(ipst); 4391 ipv6_hook_destroy(ipst); 4392 arp_hook_destroy(ipst); 4393 ip_net_destroy(ipst); 4394 4395 ipmp_destroy(ipst); 4396 4397 ip_kstat_fini(stackid, ipst->ips_ip_mibkp); 4398 ipst->ips_ip_mibkp = NULL; 4399 icmp_kstat_fini(stackid, ipst->ips_icmp_mibkp); 4400 ipst->ips_icmp_mibkp = NULL; 4401 ip_kstat2_fini(stackid, ipst->ips_ip_kstat); 4402 ipst->ips_ip_kstat = NULL; 4403 bzero(&ipst->ips_ip_statistics, sizeof (ipst->ips_ip_statistics)); 4404 ip6_kstat_fini(stackid, ipst->ips_ip6_kstat); 4405 ipst->ips_ip6_kstat = NULL; 4406 bzero(&ipst->ips_ip6_statistics, sizeof (ipst->ips_ip6_statistics)); 4407 4408 kmem_free(ipst->ips_propinfo_tbl, 4409 ip_propinfo_count * sizeof (mod_prop_info_t)); 4410 ipst->ips_propinfo_tbl = NULL; 4411 4412 dce_stack_destroy(ipst); 4413 ip_mrouter_stack_destroy(ipst); 4414 4415 ret = untimeout(ipst->ips_igmp_timeout_id); 4416 if (ret == -1) { 4417 ASSERT(ipst->ips_igmp_timeout_id == 0); 4418 } else { 4419 ASSERT(ipst->ips_igmp_timeout_id != 0); 4420 ipst->ips_igmp_timeout_id = 0; 4421 } 4422 ret = untimeout(ipst->ips_igmp_slowtimeout_id); 4423 if (ret == -1) { 4424 ASSERT(ipst->ips_igmp_slowtimeout_id == 0); 4425 } else { 4426 ASSERT(ipst->ips_igmp_slowtimeout_id != 0); 4427 ipst->ips_igmp_slowtimeout_id = 0; 4428 } 4429 ret = untimeout(ipst->ips_mld_timeout_id); 4430 if (ret == -1) { 4431 ASSERT(ipst->ips_mld_timeout_id == 0); 4432 } else { 4433 ASSERT(ipst->ips_mld_timeout_id != 0); 4434 ipst->ips_mld_timeout_id = 0; 4435 } 4436 ret = untimeout(ipst->ips_mld_slowtimeout_id); 4437 if (ret == -1) { 4438 ASSERT(ipst->ips_mld_slowtimeout_id == 0); 4439 } else { 4440 ASSERT(ipst->ips_mld_slowtimeout_id != 0); 4441 ipst->ips_mld_slowtimeout_id = 0; 4442 } 4443 4444 ip_ire_fini(ipst); 4445 ip6_asp_free(ipst); 4446 conn_drain_fini(ipst); 4447 ipcl_destroy(ipst); 4448 4449 mutex_destroy(&ipst->ips_ndp4->ndp_g_lock); 4450 mutex_destroy(&ipst->ips_ndp6->ndp_g_lock); 4451 kmem_free(ipst->ips_ndp4, sizeof (ndp_g_t)); 4452 ipst->ips_ndp4 = NULL; 4453 kmem_free(ipst->ips_ndp6, sizeof (ndp_g_t)); 4454 ipst->ips_ndp6 = NULL; 4455 4456 if (ipst->ips_loopback_ksp != NULL) { 4457 kstat_delete_netstack(ipst->ips_loopback_ksp, stackid); 4458 ipst->ips_loopback_ksp = NULL; 4459 } 4460 4461 mutex_destroy(&ipst->ips_capab_taskq_lock); 4462 cv_destroy(&ipst->ips_capab_taskq_cv); 4463 4464 rw_destroy(&ipst->ips_srcid_lock); 4465 4466 mutex_destroy(&ipst->ips_ip_mi_lock); 4467 rw_destroy(&ipst->ips_ill_g_usesrc_lock); 4468 4469 mutex_destroy(&ipst->ips_igmp_timer_lock); 4470 mutex_destroy(&ipst->ips_mld_timer_lock); 4471 mutex_destroy(&ipst->ips_igmp_slowtimeout_lock); 4472 mutex_destroy(&ipst->ips_mld_slowtimeout_lock); 4473 mutex_destroy(&ipst->ips_ip_addr_avail_lock); 4474 rw_destroy(&ipst->ips_ill_g_lock); 4475 4476 kmem_free(ipst->ips_phyint_g_list, sizeof (phyint_list_t)); 4477 ipst->ips_phyint_g_list = NULL; 4478 kmem_free(ipst->ips_ill_g_heads, sizeof (ill_g_head_t) * MAX_G_HEADS); 4479 ipst->ips_ill_g_heads = NULL; 4480 4481 ldi_ident_release(ipst->ips_ldi_ident); 4482 kmem_free(ipst, sizeof (*ipst)); 4483 } 4484 4485 /* 4486 * This function is called from the TSD destructor, and is used to debug 4487 * reference count issues in IP. See block comment in <inet/ip_if.h> for 4488 * details. 4489 */ 4490 static void 4491 ip_thread_exit(void *phash) 4492 { 4493 th_hash_t *thh = phash; 4494 4495 rw_enter(&ip_thread_rwlock, RW_WRITER); 4496 list_remove(&ip_thread_list, thh); 4497 rw_exit(&ip_thread_rwlock); 4498 mod_hash_destroy_hash(thh->thh_hash); 4499 kmem_free(thh, sizeof (*thh)); 4500 } 4501 4502 /* 4503 * Called when the IP kernel module is loaded into the kernel 4504 */ 4505 void 4506 ip_ddi_init(void) 4507 { 4508 ip_squeue_flag = ip_squeue_switch(ip_squeue_enter); 4509 4510 /* 4511 * For IP and TCP the minor numbers should start from 2 since we have 4 4512 * initial devices: ip, ip6, tcp, tcp6. 4513 */ 4514 /* 4515 * If this is a 64-bit kernel, then create two separate arenas - 4516 * one for TLIs in the range of INET_MIN_DEV+2 through 2^^18-1, and the 4517 * other for socket apps in the range 2^^18 through 2^^32-1. 4518 */ 4519 ip_minor_arena_la = NULL; 4520 ip_minor_arena_sa = NULL; 4521 #if defined(_LP64) 4522 if ((ip_minor_arena_sa = inet_minor_create("ip_minor_arena_sa", 4523 INET_MIN_DEV + 2, MAXMIN32, KM_SLEEP)) == NULL) { 4524 cmn_err(CE_PANIC, 4525 "ip_ddi_init: ip_minor_arena_sa creation failed\n"); 4526 } 4527 if ((ip_minor_arena_la = inet_minor_create("ip_minor_arena_la", 4528 MAXMIN32 + 1, MAXMIN64, KM_SLEEP)) == NULL) { 4529 cmn_err(CE_PANIC, 4530 "ip_ddi_init: ip_minor_arena_la creation failed\n"); 4531 } 4532 #else 4533 if ((ip_minor_arena_sa = inet_minor_create("ip_minor_arena_sa", 4534 INET_MIN_DEV + 2, MAXMIN, KM_SLEEP)) == NULL) { 4535 cmn_err(CE_PANIC, 4536 "ip_ddi_init: ip_minor_arena_sa creation failed\n"); 4537 } 4538 #endif 4539 ip_poll_normal_ticks = MSEC_TO_TICK_ROUNDUP(ip_poll_normal_ms); 4540 4541 ipcl_g_init(); 4542 ip_ire_g_init(); 4543 ip_net_g_init(); 4544 4545 #ifdef DEBUG 4546 tsd_create(&ip_thread_data, ip_thread_exit); 4547 rw_init(&ip_thread_rwlock, NULL, RW_DEFAULT, NULL); 4548 list_create(&ip_thread_list, sizeof (th_hash_t), 4549 offsetof(th_hash_t, thh_link)); 4550 #endif 4551 ipsec_policy_g_init(); 4552 tcp_ddi_g_init(); 4553 sctp_ddi_g_init(); 4554 dccp_ddi_g_init(); 4555 dce_g_init(); 4556 4557 /* 4558 * We want to be informed each time a stack is created or 4559 * destroyed in the kernel, so we can maintain the 4560 * set of udp_stack_t's. 4561 */ 4562 netstack_register(NS_IP, ip_stack_init, ip_stack_shutdown, 4563 ip_stack_fini); 4564 4565 tnet_init(); 4566 4567 udp_ddi_g_init(); 4568 rts_ddi_g_init(); 4569 icmp_ddi_g_init(); 4570 ilb_ddi_g_init(); 4571 4572 /* This needs to be called after all transports are initialized. */ 4573 mutex_enter(&cpu_lock); 4574 register_cpu_setup_func(ip_tp_cpu_update, NULL); 4575 mutex_exit(&cpu_lock); 4576 } 4577 4578 /* 4579 * Initialize the IP stack instance. 4580 */ 4581 static void * 4582 ip_stack_init(netstackid_t stackid, netstack_t *ns) 4583 { 4584 ip_stack_t *ipst; 4585 size_t arrsz; 4586 major_t major; 4587 4588 #ifdef NS_DEBUG 4589 printf("ip_stack_init(stack %d)\n", stackid); 4590 #endif 4591 4592 ipst = (ip_stack_t *)kmem_zalloc(sizeof (*ipst), KM_SLEEP); 4593 ipst->ips_netstack = ns; 4594 4595 ipst->ips_ill_g_heads = kmem_zalloc(sizeof (ill_g_head_t) * MAX_G_HEADS, 4596 KM_SLEEP); 4597 ipst->ips_phyint_g_list = kmem_zalloc(sizeof (phyint_list_t), 4598 KM_SLEEP); 4599 ipst->ips_ndp4 = kmem_zalloc(sizeof (ndp_g_t), KM_SLEEP); 4600 ipst->ips_ndp6 = kmem_zalloc(sizeof (ndp_g_t), KM_SLEEP); 4601 mutex_init(&ipst->ips_ndp4->ndp_g_lock, NULL, MUTEX_DEFAULT, NULL); 4602 mutex_init(&ipst->ips_ndp6->ndp_g_lock, NULL, MUTEX_DEFAULT, NULL); 4603 4604 mutex_init(&ipst->ips_igmp_timer_lock, NULL, MUTEX_DEFAULT, NULL); 4605 ipst->ips_igmp_deferred_next = INFINITY; 4606 mutex_init(&ipst->ips_mld_timer_lock, NULL, MUTEX_DEFAULT, NULL); 4607 ipst->ips_mld_deferred_next = INFINITY; 4608 mutex_init(&ipst->ips_igmp_slowtimeout_lock, NULL, MUTEX_DEFAULT, NULL); 4609 mutex_init(&ipst->ips_mld_slowtimeout_lock, NULL, MUTEX_DEFAULT, NULL); 4610 mutex_init(&ipst->ips_ip_mi_lock, NULL, MUTEX_DEFAULT, NULL); 4611 mutex_init(&ipst->ips_ip_addr_avail_lock, NULL, MUTEX_DEFAULT, NULL); 4612 rw_init(&ipst->ips_ill_g_lock, NULL, RW_DEFAULT, NULL); 4613 rw_init(&ipst->ips_ill_g_usesrc_lock, NULL, RW_DEFAULT, NULL); 4614 4615 ipcl_init(ipst); 4616 ip_ire_init(ipst); 4617 ip6_asp_init(ipst); 4618 ipif_init(ipst); 4619 conn_drain_init(ipst); 4620 ip_mrouter_stack_init(ipst); 4621 dce_stack_init(ipst); 4622 4623 ipst->ips_ip_multirt_log_interval = 1000; 4624 4625 ipst->ips_ill_index = 1; 4626 4627 ipst->ips_saved_ip_forwarding = -1; 4628 ipst->ips_reg_vif_num = ALL_VIFS; /* Index to Register vif */ 4629 4630 arrsz = ip_propinfo_count * sizeof (mod_prop_info_t); 4631 ipst->ips_propinfo_tbl = (mod_prop_info_t *)kmem_alloc(arrsz, KM_SLEEP); 4632 bcopy(ip_propinfo_tbl, ipst->ips_propinfo_tbl, arrsz); 4633 4634 ipst->ips_ip_mibkp = ip_kstat_init(stackid, ipst); 4635 ipst->ips_icmp_mibkp = icmp_kstat_init(stackid); 4636 ipst->ips_ip_kstat = ip_kstat2_init(stackid, &ipst->ips_ip_statistics); 4637 ipst->ips_ip6_kstat = 4638 ip6_kstat_init(stackid, &ipst->ips_ip6_statistics); 4639 4640 ipst->ips_ip_src_id = 1; 4641 rw_init(&ipst->ips_srcid_lock, NULL, RW_DEFAULT, NULL); 4642 4643 ipst->ips_src_generation = SRC_GENERATION_INITIAL; 4644 4645 ip_net_init(ipst, ns); 4646 ipv4_hook_init(ipst); 4647 ipv6_hook_init(ipst); 4648 arp_hook_init(ipst); 4649 ipmp_init(ipst); 4650 ipobs_init(ipst); 4651 4652 /* 4653 * Create the taskq dispatcher thread and initialize related stuff. 4654 */ 4655 mutex_init(&ipst->ips_capab_taskq_lock, NULL, MUTEX_DEFAULT, NULL); 4656 cv_init(&ipst->ips_capab_taskq_cv, NULL, CV_DEFAULT, NULL); 4657 ipst->ips_capab_taskq_thread = thread_create(NULL, 0, 4658 ill_taskq_dispatch, ipst, 0, &p0, TS_RUN, minclsyspri); 4659 4660 major = mod_name_to_major(INET_NAME); 4661 (void) ldi_ident_from_major(major, &ipst->ips_ldi_ident); 4662 return (ipst); 4663 } 4664 4665 /* 4666 * Allocate and initialize a DLPI template of the specified length. (May be 4667 * called as writer.) 4668 */ 4669 mblk_t * 4670 ip_dlpi_alloc(size_t len, t_uscalar_t prim) 4671 { 4672 mblk_t *mp; 4673 4674 mp = allocb(len, BPRI_MED); 4675 if (!mp) 4676 return (NULL); 4677 4678 /* 4679 * DLPIv2 says that DL_INFO_REQ and DL_TOKEN_REQ (the latter 4680 * of which we don't seem to use) are sent with M_PCPROTO, and 4681 * that other DLPI are M_PROTO. 4682 */ 4683 if (prim == DL_INFO_REQ) { 4684 mp->b_datap->db_type = M_PCPROTO; 4685 } else { 4686 mp->b_datap->db_type = M_PROTO; 4687 } 4688 4689 mp->b_wptr = mp->b_rptr + len; 4690 bzero(mp->b_rptr, len); 4691 ((dl_unitdata_req_t *)mp->b_rptr)->dl_primitive = prim; 4692 return (mp); 4693 } 4694 4695 /* 4696 * Allocate and initialize a DLPI notification. (May be called as writer.) 4697 */ 4698 mblk_t * 4699 ip_dlnotify_alloc(uint_t notification, uint_t data) 4700 { 4701 dl_notify_ind_t *notifyp; 4702 mblk_t *mp; 4703 4704 if ((mp = ip_dlpi_alloc(DL_NOTIFY_IND_SIZE, DL_NOTIFY_IND)) == NULL) 4705 return (NULL); 4706 4707 notifyp = (dl_notify_ind_t *)mp->b_rptr; 4708 notifyp->dl_notification = notification; 4709 notifyp->dl_data = data; 4710 return (mp); 4711 } 4712 4713 mblk_t * 4714 ip_dlnotify_alloc2(uint_t notification, uint_t data1, uint_t data2) 4715 { 4716 dl_notify_ind_t *notifyp; 4717 mblk_t *mp; 4718 4719 if ((mp = ip_dlpi_alloc(DL_NOTIFY_IND_SIZE, DL_NOTIFY_IND)) == NULL) 4720 return (NULL); 4721 4722 notifyp = (dl_notify_ind_t *)mp->b_rptr; 4723 notifyp->dl_notification = notification; 4724 notifyp->dl_data1 = data1; 4725 notifyp->dl_data2 = data2; 4726 return (mp); 4727 } 4728 4729 /* 4730 * Debug formatting routine. Returns a character string representation of the 4731 * addr in buf, of the form xxx.xxx.xxx.xxx. This routine takes the address 4732 * in the form of a ipaddr_t and calls ip_dot_saddr with a pointer. 4733 * 4734 * Once the ndd table-printing interfaces are removed, this can be changed to 4735 * standard dotted-decimal form. 4736 */ 4737 char * 4738 ip_dot_addr(ipaddr_t addr, char *buf) 4739 { 4740 uint8_t *ap = (uint8_t *)&addr; 4741 4742 (void) mi_sprintf(buf, "%03d.%03d.%03d.%03d", 4743 ap[0] & 0xFF, ap[1] & 0xFF, ap[2] & 0xFF, ap[3] & 0xFF); 4744 return (buf); 4745 } 4746 4747 /* 4748 * Write the given MAC address as a printable string in the usual colon- 4749 * separated format. 4750 */ 4751 const char * 4752 mac_colon_addr(const uint8_t *addr, size_t alen, char *buf, size_t buflen) 4753 { 4754 char *bp; 4755 4756 if (alen == 0 || buflen < 4) 4757 return ("?"); 4758 bp = buf; 4759 for (;;) { 4760 /* 4761 * If there are more MAC address bytes available, but we won't 4762 * have any room to print them, then add "..." to the string 4763 * instead. See below for the 'magic number' explanation. 4764 */ 4765 if ((alen == 2 && buflen < 6) || (alen > 2 && buflen < 7)) { 4766 (void) strcpy(bp, "..."); 4767 break; 4768 } 4769 (void) sprintf(bp, "%02x", *addr++); 4770 bp += 2; 4771 if (--alen == 0) 4772 break; 4773 *bp++ = ':'; 4774 buflen -= 3; 4775 /* 4776 * At this point, based on the first 'if' statement above, 4777 * either alen == 1 and buflen >= 3, or alen > 1 and 4778 * buflen >= 4. The first case leaves room for the final "xx" 4779 * number and trailing NUL byte. The second leaves room for at 4780 * least "...". Thus the apparently 'magic' numbers chosen for 4781 * that statement. 4782 */ 4783 } 4784 return (buf); 4785 } 4786 4787 /* 4788 * Called when it is conceptually a ULP that would sent the packet 4789 * e.g., port unreachable and protocol unreachable. Check that the packet 4790 * would have passed the IPsec global policy before sending the error. 4791 * 4792 * Send an ICMP error after patching up the packet appropriately. 4793 * Uses ip_drop_input and bumps the appropriate MIB. 4794 */ 4795 void 4796 ip_fanout_send_icmp_v4(mblk_t *mp, uint_t icmp_type, uint_t icmp_code, 4797 ip_recv_attr_t *ira) 4798 { 4799 ipha_t *ipha; 4800 boolean_t secure; 4801 ill_t *ill = ira->ira_ill; 4802 ip_stack_t *ipst = ill->ill_ipst; 4803 netstack_t *ns = ipst->ips_netstack; 4804 ipsec_stack_t *ipss = ns->netstack_ipsec; 4805 4806 secure = ira->ira_flags & IRAF_IPSEC_SECURE; 4807 4808 /* 4809 * We are generating an icmp error for some inbound packet. 4810 * Called from all ip_fanout_(udp, tcp, proto) functions. 4811 * Before we generate an error, check with global policy 4812 * to see whether this is allowed to enter the system. As 4813 * there is no "conn", we are checking with global policy. 4814 */ 4815 ipha = (ipha_t *)mp->b_rptr; 4816 if (secure || ipss->ipsec_inbound_v4_policy_present) { 4817 mp = ipsec_check_global_policy(mp, NULL, ipha, NULL, ira, ns); 4818 if (mp == NULL) 4819 return; 4820 } 4821 4822 /* We never send errors for protocols that we do implement */ 4823 if (ira->ira_protocol == IPPROTO_ICMP || 4824 ira->ira_protocol == IPPROTO_IGMP) { 4825 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 4826 ip_drop_input("ip_fanout_send_icmp_v4", mp, ill); 4827 freemsg(mp); 4828 return; 4829 } 4830 /* 4831 * Have to correct checksum since 4832 * the packet might have been 4833 * fragmented and the reassembly code in ip_rput 4834 * does not restore the IP checksum. 4835 */ 4836 ipha->ipha_hdr_checksum = 0; 4837 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha); 4838 4839 switch (icmp_type) { 4840 case ICMP_DEST_UNREACHABLE: 4841 switch (icmp_code) { 4842 case ICMP_PROTOCOL_UNREACHABLE: 4843 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInUnknownProtos); 4844 ip_drop_input("ipIfStatsInUnknownProtos", mp, ill); 4845 break; 4846 case ICMP_PORT_UNREACHABLE: 4847 BUMP_MIB(ill->ill_ip_mib, udpIfStatsNoPorts); 4848 ip_drop_input("ipIfStatsNoPorts", mp, ill); 4849 break; 4850 } 4851 4852 icmp_unreachable(mp, icmp_code, ira); 4853 break; 4854 default: 4855 #ifdef DEBUG 4856 panic("ip_fanout_send_icmp_v4: wrong type"); 4857 /*NOTREACHED*/ 4858 #else 4859 freemsg(mp); 4860 break; 4861 #endif 4862 } 4863 } 4864 4865 /* 4866 * Used to send an ICMP error message when a packet is received for 4867 * a protocol that is not supported. The mblk passed as argument 4868 * is consumed by this function. 4869 */ 4870 void 4871 ip_proto_not_sup(mblk_t *mp, ip_recv_attr_t *ira) 4872 { 4873 ipha_t *ipha; 4874 4875 ipha = (ipha_t *)mp->b_rptr; 4876 if (ira->ira_flags & IRAF_IS_IPV4) { 4877 ASSERT(IPH_HDR_VERSION(ipha) == IP_VERSION); 4878 ip_fanout_send_icmp_v4(mp, ICMP_DEST_UNREACHABLE, 4879 ICMP_PROTOCOL_UNREACHABLE, ira); 4880 } else { 4881 ASSERT(IPH_HDR_VERSION(ipha) == IPV6_VERSION); 4882 ip_fanout_send_icmp_v6(mp, ICMP6_PARAM_PROB, 4883 ICMP6_PARAMPROB_NEXTHEADER, ira); 4884 } 4885 } 4886 4887 /* 4888 * Deliver a rawip packet to the given conn, possibly applying ipsec policy. 4889 * Handles IPv4 and IPv6. 4890 * We are responsible for disposing of mp, such as by freemsg() or putnext() 4891 * Caller is responsible for dropping references to the conn. 4892 */ 4893 void 4894 ip_fanout_proto_conn(conn_t *connp, mblk_t *mp, ipha_t *ipha, ip6_t *ip6h, 4895 ip_recv_attr_t *ira) 4896 { 4897 ill_t *ill = ira->ira_ill; 4898 ip_stack_t *ipst = ill->ill_ipst; 4899 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec; 4900 boolean_t secure; 4901 uint_t protocol = ira->ira_protocol; 4902 iaflags_t iraflags = ira->ira_flags; 4903 queue_t *rq; 4904 4905 secure = iraflags & IRAF_IPSEC_SECURE; 4906 4907 rq = connp->conn_rq; 4908 if (IPCL_IS_NONSTR(connp) ? connp->conn_flow_cntrld : !canputnext(rq)) { 4909 switch (protocol) { 4910 case IPPROTO_ICMPV6: 4911 BUMP_MIB(ill->ill_icmp6_mib, ipv6IfIcmpInOverflows); 4912 break; 4913 case IPPROTO_ICMP: 4914 BUMP_MIB(&ipst->ips_icmp_mib, icmpInOverflows); 4915 break; 4916 default: 4917 BUMP_MIB(ill->ill_ip_mib, rawipIfStatsInOverflows); 4918 break; 4919 } 4920 freemsg(mp); 4921 return; 4922 } 4923 4924 ASSERT(!(IPCL_IS_IPTUN(connp))); 4925 4926 if (((iraflags & IRAF_IS_IPV4) ? 4927 CONN_INBOUND_POLICY_PRESENT(connp, ipss) : 4928 CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss)) || 4929 secure) { 4930 mp = ipsec_check_inbound_policy(mp, connp, ipha, 4931 ip6h, ira); 4932 if (mp == NULL) { 4933 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 4934 /* Note that mp is NULL */ 4935 ip_drop_input("ipIfStatsInDiscards", mp, ill); 4936 return; 4937 } 4938 } 4939 4940 if (iraflags & IRAF_ICMP_ERROR) { 4941 (connp->conn_recvicmp)(connp, mp, NULL, ira); 4942 } else { 4943 ill_t *rill = ira->ira_rill; 4944 4945 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers); 4946 ira->ira_ill = ira->ira_rill = NULL; 4947 /* Send it upstream */ 4948 (connp->conn_recv)(connp, mp, NULL, ira); 4949 ira->ira_ill = ill; 4950 ira->ira_rill = rill; 4951 } 4952 } 4953 4954 /* 4955 * Handle protocols with which IP is less intimate. There 4956 * can be more than one stream bound to a particular 4957 * protocol. When this is the case, normally each one gets a copy 4958 * of any incoming packets. 4959 * 4960 * IPsec NOTE : 4961 * 4962 * Don't allow a secure packet going up a non-secure connection. 4963 * We don't allow this because 4964 * 4965 * 1) Reply might go out in clear which will be dropped at 4966 * the sending side. 4967 * 2) If the reply goes out in clear it will give the 4968 * adversary enough information for getting the key in 4969 * most of the cases. 4970 * 4971 * Moreover getting a secure packet when we expect clear 4972 * implies that SA's were added without checking for 4973 * policy on both ends. This should not happen once ISAKMP 4974 * is used to negotiate SAs as SAs will be added only after 4975 * verifying the policy. 4976 * 4977 * Zones notes: 4978 * Earlier in ip_input on a system with multiple shared-IP zones we 4979 * duplicate the multicast and broadcast packets and send them up 4980 * with each explicit zoneid that exists on that ill. 4981 * This means that here we can match the zoneid with SO_ALLZONES being special. 4982 */ 4983 void 4984 ip_fanout_proto_v4(mblk_t *mp, ipha_t *ipha, ip_recv_attr_t *ira) 4985 { 4986 mblk_t *mp1; 4987 ipaddr_t laddr; 4988 conn_t *connp, *first_connp, *next_connp; 4989 connf_t *connfp; 4990 ill_t *ill = ira->ira_ill; 4991 ip_stack_t *ipst = ill->ill_ipst; 4992 4993 laddr = ipha->ipha_dst; 4994 4995 connfp = &ipst->ips_ipcl_proto_fanout_v4[ira->ira_protocol]; 4996 mutex_enter(&connfp->connf_lock); 4997 connp = connfp->connf_head; 4998 for (connp = connfp->connf_head; connp != NULL; 4999 connp = connp->conn_next) { 5000 /* Note: IPCL_PROTO_MATCH includes conn_wantpacket */ 5001 if (IPCL_PROTO_MATCH(connp, ira, ipha) && 5002 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) || 5003 tsol_receive_local(mp, &laddr, IPV4_VERSION, ira, connp))) { 5004 break; 5005 } 5006 } 5007 5008 if (connp == NULL) { 5009 /* 5010 * No one bound to these addresses. Is 5011 * there a client that wants all 5012 * unclaimed datagrams? 5013 */ 5014 mutex_exit(&connfp->connf_lock); 5015 ip_fanout_send_icmp_v4(mp, ICMP_DEST_UNREACHABLE, 5016 ICMP_PROTOCOL_UNREACHABLE, ira); 5017 return; 5018 } 5019 5020 ASSERT(IPCL_IS_NONSTR(connp) || connp->conn_rq != NULL); 5021 5022 CONN_INC_REF(connp); 5023 first_connp = connp; 5024 connp = connp->conn_next; 5025 5026 for (;;) { 5027 while (connp != NULL) { 5028 /* Note: IPCL_PROTO_MATCH includes conn_wantpacket */ 5029 if (IPCL_PROTO_MATCH(connp, ira, ipha) && 5030 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) || 5031 tsol_receive_local(mp, &laddr, IPV4_VERSION, 5032 ira, connp))) 5033 break; 5034 connp = connp->conn_next; 5035 } 5036 5037 if (connp == NULL) { 5038 /* No more interested clients */ 5039 connp = first_connp; 5040 break; 5041 } 5042 if (((mp1 = dupmsg(mp)) == NULL) && 5043 ((mp1 = copymsg(mp)) == NULL)) { 5044 /* Memory allocation failed */ 5045 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 5046 ip_drop_input("ipIfStatsInDiscards", mp, ill); 5047 connp = first_connp; 5048 break; 5049 } 5050 5051 CONN_INC_REF(connp); 5052 mutex_exit(&connfp->connf_lock); 5053 5054 ip_fanout_proto_conn(connp, mp1, (ipha_t *)mp1->b_rptr, NULL, 5055 ira); 5056 5057 mutex_enter(&connfp->connf_lock); 5058 /* Follow the next pointer before releasing the conn. */ 5059 next_connp = connp->conn_next; 5060 CONN_DEC_REF(connp); 5061 connp = next_connp; 5062 } 5063 5064 /* Last one. Send it upstream. */ 5065 mutex_exit(&connfp->connf_lock); 5066 5067 ip_fanout_proto_conn(connp, mp, ipha, NULL, ira); 5068 5069 CONN_DEC_REF(connp); 5070 } 5071 5072 /* 5073 * If we have a IPsec NAT-Traversal packet, strip the zero-SPI or 5074 * pass it along to ESP if the SPI is non-zero. Returns the mblk if the mblk 5075 * is not consumed. 5076 * 5077 * One of three things can happen, all of which affect the passed-in mblk: 5078 * 5079 * 1.) The packet is stock UDP and gets its zero-SPI stripped. Return mblk.. 5080 * 5081 * 2.) The packet is ESP-in-UDP, gets transformed into an equivalent 5082 * ESP packet, and is passed along to ESP for consumption. Return NULL. 5083 * 5084 * 3.) The packet is an ESP-in-UDP Keepalive. Drop it and return NULL. 5085 */ 5086 mblk_t * 5087 zero_spi_check(mblk_t *mp, ip_recv_attr_t *ira) 5088 { 5089 int shift, plen, iph_len; 5090 ipha_t *ipha; 5091 udpha_t *udpha; 5092 uint32_t *spi; 5093 uint32_t esp_ports; 5094 uint8_t *orptr; 5095 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 5096 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec; 5097 5098 ipha = (ipha_t *)mp->b_rptr; 5099 iph_len = ira->ira_ip_hdr_length; 5100 plen = ira->ira_pktlen; 5101 5102 if (plen - iph_len - sizeof (udpha_t) < sizeof (uint32_t)) { 5103 /* 5104 * Most likely a keepalive for the benefit of an intervening 5105 * NAT. These aren't for us, per se, so drop it. 5106 * 5107 * RFC 3947/8 doesn't say for sure what to do for 2-3 5108 * byte packets (keepalives are 1-byte), but we'll drop them 5109 * also. 5110 */ 5111 ip_drop_packet(mp, B_TRUE, ira->ira_ill, 5112 DROPPER(ipss, ipds_esp_nat_t_ka), &ipss->ipsec_dropper); 5113 return (NULL); 5114 } 5115 5116 if (MBLKL(mp) < iph_len + sizeof (udpha_t) + sizeof (*spi)) { 5117 /* might as well pull it all up - it might be ESP. */ 5118 if (!pullupmsg(mp, -1)) { 5119 ip_drop_packet(mp, B_TRUE, ira->ira_ill, 5120 DROPPER(ipss, ipds_esp_nomem), 5121 &ipss->ipsec_dropper); 5122 return (NULL); 5123 } 5124 5125 ipha = (ipha_t *)mp->b_rptr; 5126 } 5127 spi = (uint32_t *)(mp->b_rptr + iph_len + sizeof (udpha_t)); 5128 if (*spi == 0) { 5129 /* UDP packet - remove 0-spi. */ 5130 shift = sizeof (uint32_t); 5131 } else { 5132 /* ESP-in-UDP packet - reduce to ESP. */ 5133 ipha->ipha_protocol = IPPROTO_ESP; 5134 shift = sizeof (udpha_t); 5135 } 5136 5137 /* Fix IP header */ 5138 ira->ira_pktlen = (plen - shift); 5139 ipha->ipha_length = htons(ira->ira_pktlen); 5140 ipha->ipha_hdr_checksum = 0; 5141 5142 orptr = mp->b_rptr; 5143 mp->b_rptr += shift; 5144 5145 udpha = (udpha_t *)(orptr + iph_len); 5146 if (*spi == 0) { 5147 ASSERT((uint8_t *)ipha == orptr); 5148 udpha->uha_length = htons(plen - shift - iph_len); 5149 iph_len += sizeof (udpha_t); /* For the call to ovbcopy(). */ 5150 esp_ports = 0; 5151 } else { 5152 esp_ports = *((uint32_t *)udpha); 5153 ASSERT(esp_ports != 0); 5154 } 5155 ovbcopy(orptr, orptr + shift, iph_len); 5156 if (esp_ports != 0) /* Punt up for ESP processing. */ { 5157 ipha = (ipha_t *)(orptr + shift); 5158 5159 ira->ira_flags |= IRAF_ESP_UDP_PORTS; 5160 ira->ira_esp_udp_ports = esp_ports; 5161 ip_fanout_v4(mp, ipha, ira); 5162 return (NULL); 5163 } 5164 return (mp); 5165 } 5166 5167 /* 5168 * Deliver a udp packet to the given conn, possibly applying ipsec policy. 5169 * Handles IPv4 and IPv6. 5170 * We are responsible for disposing of mp, such as by freemsg() or putnext() 5171 * Caller is responsible for dropping references to the conn. 5172 */ 5173 void 5174 ip_fanout_udp_conn(conn_t *connp, mblk_t *mp, ipha_t *ipha, ip6_t *ip6h, 5175 ip_recv_attr_t *ira) 5176 { 5177 ill_t *ill = ira->ira_ill; 5178 ip_stack_t *ipst = ill->ill_ipst; 5179 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec; 5180 boolean_t secure; 5181 iaflags_t iraflags = ira->ira_flags; 5182 5183 secure = iraflags & IRAF_IPSEC_SECURE; 5184 5185 if (IPCL_IS_NONSTR(connp) ? connp->conn_flow_cntrld : 5186 !canputnext(connp->conn_rq)) { 5187 BUMP_MIB(ill->ill_ip_mib, udpIfStatsInOverflows); 5188 freemsg(mp); 5189 return; 5190 } 5191 5192 if (((iraflags & IRAF_IS_IPV4) ? 5193 CONN_INBOUND_POLICY_PRESENT(connp, ipss) : 5194 CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss)) || 5195 secure) { 5196 mp = ipsec_check_inbound_policy(mp, connp, ipha, 5197 ip6h, ira); 5198 if (mp == NULL) { 5199 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 5200 /* Note that mp is NULL */ 5201 ip_drop_input("ipIfStatsInDiscards", mp, ill); 5202 return; 5203 } 5204 } 5205 5206 /* 5207 * Since this code is not used for UDP unicast we don't need a NAT_T 5208 * check. Only ip_fanout_v4 has that check. 5209 */ 5210 if (ira->ira_flags & IRAF_ICMP_ERROR) { 5211 (connp->conn_recvicmp)(connp, mp, NULL, ira); 5212 } else { 5213 ill_t *rill = ira->ira_rill; 5214 5215 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers); 5216 ira->ira_ill = ira->ira_rill = NULL; 5217 /* Send it upstream */ 5218 (connp->conn_recv)(connp, mp, NULL, ira); 5219 ira->ira_ill = ill; 5220 ira->ira_rill = rill; 5221 } 5222 } 5223 5224 /* 5225 * Fanout for UDP packets that are multicast or broadcast, and ICMP errors. 5226 * (Unicast fanout is handled in ip_input_v4.) 5227 * 5228 * If SO_REUSEADDR is set all multicast and broadcast packets 5229 * will be delivered to all conns bound to the same port. 5230 * 5231 * If there is at least one matching AF_INET receiver, then we will 5232 * ignore any AF_INET6 receivers. 5233 * In the special case where an AF_INET socket binds to 0.0.0.0/<port> and an 5234 * AF_INET6 socket binds to ::/<port>, only the AF_INET socket receives the IPv4 5235 * packets. 5236 * 5237 * Zones notes: 5238 * Earlier in ip_input on a system with multiple shared-IP zones we 5239 * duplicate the multicast and broadcast packets and send them up 5240 * with each explicit zoneid that exists on that ill. 5241 * This means that here we can match the zoneid with SO_ALLZONES being special. 5242 */ 5243 void 5244 ip_fanout_udp_multi_v4(mblk_t *mp, ipha_t *ipha, uint16_t lport, uint16_t fport, 5245 ip_recv_attr_t *ira) 5246 { 5247 ipaddr_t laddr; 5248 in6_addr_t v6faddr; 5249 conn_t *connp; 5250 connf_t *connfp; 5251 ipaddr_t faddr; 5252 ill_t *ill = ira->ira_ill; 5253 ip_stack_t *ipst = ill->ill_ipst; 5254 5255 ASSERT(ira->ira_flags & (IRAF_MULTIBROADCAST|IRAF_ICMP_ERROR)); 5256 5257 laddr = ipha->ipha_dst; 5258 faddr = ipha->ipha_src; 5259 5260 connfp = &ipst->ips_ipcl_udp_fanout[IPCL_UDP_HASH(lport, ipst)]; 5261 mutex_enter(&connfp->connf_lock); 5262 connp = connfp->connf_head; 5263 5264 /* 5265 * If SO_REUSEADDR has been set on the first we send the 5266 * packet to all clients that have joined the group and 5267 * match the port. 5268 */ 5269 while (connp != NULL) { 5270 if ((IPCL_UDP_MATCH(connp, lport, laddr, fport, faddr)) && 5271 conn_wantpacket(connp, ira, ipha) && 5272 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) || 5273 tsol_receive_local(mp, &laddr, IPV4_VERSION, ira, connp))) 5274 break; 5275 connp = connp->conn_next; 5276 } 5277 5278 if (connp == NULL) 5279 goto notfound; 5280 5281 CONN_INC_REF(connp); 5282 5283 if (connp->conn_reuseaddr) { 5284 conn_t *first_connp = connp; 5285 conn_t *next_connp; 5286 mblk_t *mp1; 5287 5288 connp = connp->conn_next; 5289 for (;;) { 5290 while (connp != NULL) { 5291 if (IPCL_UDP_MATCH(connp, lport, laddr, 5292 fport, faddr) && 5293 conn_wantpacket(connp, ira, ipha) && 5294 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) || 5295 tsol_receive_local(mp, &laddr, IPV4_VERSION, 5296 ira, connp))) 5297 break; 5298 connp = connp->conn_next; 5299 } 5300 if (connp == NULL) { 5301 /* No more interested clients */ 5302 connp = first_connp; 5303 break; 5304 } 5305 if (((mp1 = dupmsg(mp)) == NULL) && 5306 ((mp1 = copymsg(mp)) == NULL)) { 5307 /* Memory allocation failed */ 5308 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 5309 ip_drop_input("ipIfStatsInDiscards", mp, ill); 5310 connp = first_connp; 5311 break; 5312 } 5313 CONN_INC_REF(connp); 5314 mutex_exit(&connfp->connf_lock); 5315 5316 IP_STAT(ipst, ip_udp_fanmb); 5317 ip_fanout_udp_conn(connp, mp1, (ipha_t *)mp1->b_rptr, 5318 NULL, ira); 5319 mutex_enter(&connfp->connf_lock); 5320 /* Follow the next pointer before releasing the conn */ 5321 next_connp = connp->conn_next; 5322 CONN_DEC_REF(connp); 5323 connp = next_connp; 5324 } 5325 } 5326 5327 /* Last one. Send it upstream. */ 5328 mutex_exit(&connfp->connf_lock); 5329 IP_STAT(ipst, ip_udp_fanmb); 5330 ip_fanout_udp_conn(connp, mp, ipha, NULL, ira); 5331 CONN_DEC_REF(connp); 5332 return; 5333 5334 notfound: 5335 mutex_exit(&connfp->connf_lock); 5336 /* 5337 * IPv6 endpoints bound to multicast IPv4-mapped addresses 5338 * have already been matched above, since they live in the IPv4 5339 * fanout tables. This implies we only need to 5340 * check for IPv6 in6addr_any endpoints here. 5341 * Thus we compare using ipv6_all_zeros instead of the destination 5342 * address, except for the multicast group membership lookup which 5343 * uses the IPv4 destination. 5344 */ 5345 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_src, &v6faddr); 5346 connfp = &ipst->ips_ipcl_udp_fanout[IPCL_UDP_HASH(lport, ipst)]; 5347 mutex_enter(&connfp->connf_lock); 5348 connp = connfp->connf_head; 5349 /* 5350 * IPv4 multicast packet being delivered to an AF_INET6 5351 * in6addr_any endpoint. 5352 * Need to check conn_wantpacket(). Note that we use conn_wantpacket() 5353 * and not conn_wantpacket_v6() since any multicast membership is 5354 * for an IPv4-mapped multicast address. 5355 */ 5356 while (connp != NULL) { 5357 if (IPCL_UDP_MATCH_V6(connp, lport, ipv6_all_zeros, 5358 fport, v6faddr) && 5359 conn_wantpacket(connp, ira, ipha) && 5360 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) || 5361 tsol_receive_local(mp, &laddr, IPV4_VERSION, ira, connp))) 5362 break; 5363 connp = connp->conn_next; 5364 } 5365 5366 if (connp == NULL) { 5367 /* 5368 * No one bound to this port. Is 5369 * there a client that wants all 5370 * unclaimed datagrams? 5371 */ 5372 mutex_exit(&connfp->connf_lock); 5373 5374 if (ipst->ips_ipcl_proto_fanout_v4[IPPROTO_UDP].connf_head != 5375 NULL) { 5376 ASSERT(ira->ira_protocol == IPPROTO_UDP); 5377 ip_fanout_proto_v4(mp, ipha, ira); 5378 } else { 5379 /* 5380 * We used to attempt to send an icmp error here, but 5381 * since this is known to be a multicast packet 5382 * and we don't send icmp errors in response to 5383 * multicast, just drop the packet and give up sooner. 5384 */ 5385 BUMP_MIB(ill->ill_ip_mib, udpIfStatsNoPorts); 5386 freemsg(mp); 5387 } 5388 return; 5389 } 5390 ASSERT(IPCL_IS_NONSTR(connp) || connp->conn_rq != NULL); 5391 5392 /* 5393 * If SO_REUSEADDR has been set on the first we send the 5394 * packet to all clients that have joined the group and 5395 * match the port. 5396 */ 5397 if (connp->conn_reuseaddr) { 5398 conn_t *first_connp = connp; 5399 conn_t *next_connp; 5400 mblk_t *mp1; 5401 5402 CONN_INC_REF(connp); 5403 connp = connp->conn_next; 5404 for (;;) { 5405 while (connp != NULL) { 5406 if (IPCL_UDP_MATCH_V6(connp, lport, 5407 ipv6_all_zeros, fport, v6faddr) && 5408 conn_wantpacket(connp, ira, ipha) && 5409 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) || 5410 tsol_receive_local(mp, &laddr, IPV4_VERSION, 5411 ira, connp))) 5412 break; 5413 connp = connp->conn_next; 5414 } 5415 if (connp == NULL) { 5416 /* No more interested clients */ 5417 connp = first_connp; 5418 break; 5419 } 5420 if (((mp1 = dupmsg(mp)) == NULL) && 5421 ((mp1 = copymsg(mp)) == NULL)) { 5422 /* Memory allocation failed */ 5423 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 5424 ip_drop_input("ipIfStatsInDiscards", mp, ill); 5425 connp = first_connp; 5426 break; 5427 } 5428 CONN_INC_REF(connp); 5429 mutex_exit(&connfp->connf_lock); 5430 5431 IP_STAT(ipst, ip_udp_fanmb); 5432 ip_fanout_udp_conn(connp, mp1, (ipha_t *)mp1->b_rptr, 5433 NULL, ira); 5434 mutex_enter(&connfp->connf_lock); 5435 /* Follow the next pointer before releasing the conn */ 5436 next_connp = connp->conn_next; 5437 CONN_DEC_REF(connp); 5438 connp = next_connp; 5439 } 5440 } 5441 5442 /* Last one. Send it upstream. */ 5443 mutex_exit(&connfp->connf_lock); 5444 IP_STAT(ipst, ip_udp_fanmb); 5445 ip_fanout_udp_conn(connp, mp, ipha, NULL, ira); 5446 CONN_DEC_REF(connp); 5447 } 5448 5449 /* 5450 * Split an incoming packet's IPv4 options into the label and the other options. 5451 * If 'allocate' is set it does memory allocation for the ip_pkt_t, including 5452 * clearing out any leftover label or options. 5453 * Otherwise it just makes ipp point into the packet. 5454 * 5455 * Returns zero if ok; ENOMEM if the buffer couldn't be allocated. 5456 */ 5457 int 5458 ip_find_hdr_v4(ipha_t *ipha, ip_pkt_t *ipp, boolean_t allocate) 5459 { 5460 uchar_t *opt; 5461 uint32_t totallen; 5462 uint32_t optval; 5463 uint32_t optlen; 5464 5465 ipp->ipp_fields |= IPPF_HOPLIMIT | IPPF_TCLASS | IPPF_ADDR; 5466 ipp->ipp_hoplimit = ipha->ipha_ttl; 5467 ipp->ipp_type_of_service = ipha->ipha_type_of_service; 5468 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_dst, &ipp->ipp_addr); 5469 5470 /* 5471 * Get length (in 4 byte octets) of IP header options. 5472 */ 5473 totallen = ipha->ipha_version_and_hdr_length - 5474 (uint8_t)((IP_VERSION << 4) + IP_SIMPLE_HDR_LENGTH_IN_WORDS); 5475 5476 if (totallen == 0) { 5477 if (!allocate) 5478 return (0); 5479 5480 /* Clear out anything from a previous packet */ 5481 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) { 5482 kmem_free(ipp->ipp_ipv4_options, 5483 ipp->ipp_ipv4_options_len); 5484 ipp->ipp_ipv4_options = NULL; 5485 ipp->ipp_ipv4_options_len = 0; 5486 ipp->ipp_fields &= ~IPPF_IPV4_OPTIONS; 5487 } 5488 if (ipp->ipp_fields & IPPF_LABEL_V4) { 5489 kmem_free(ipp->ipp_label_v4, ipp->ipp_label_len_v4); 5490 ipp->ipp_label_v4 = NULL; 5491 ipp->ipp_label_len_v4 = 0; 5492 ipp->ipp_fields &= ~IPPF_LABEL_V4; 5493 } 5494 return (0); 5495 } 5496 5497 totallen <<= 2; 5498 opt = (uchar_t *)&ipha[1]; 5499 if (!is_system_labeled()) { 5500 5501 copyall: 5502 if (!allocate) { 5503 if (totallen != 0) { 5504 ipp->ipp_ipv4_options = opt; 5505 ipp->ipp_ipv4_options_len = totallen; 5506 ipp->ipp_fields |= IPPF_IPV4_OPTIONS; 5507 } 5508 return (0); 5509 } 5510 /* Just copy all of options */ 5511 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) { 5512 if (totallen == ipp->ipp_ipv4_options_len) { 5513 bcopy(opt, ipp->ipp_ipv4_options, totallen); 5514 return (0); 5515 } 5516 kmem_free(ipp->ipp_ipv4_options, 5517 ipp->ipp_ipv4_options_len); 5518 ipp->ipp_ipv4_options = NULL; 5519 ipp->ipp_ipv4_options_len = 0; 5520 ipp->ipp_fields &= ~IPPF_IPV4_OPTIONS; 5521 } 5522 if (totallen == 0) 5523 return (0); 5524 5525 ipp->ipp_ipv4_options = kmem_alloc(totallen, KM_NOSLEEP); 5526 if (ipp->ipp_ipv4_options == NULL) 5527 return (ENOMEM); 5528 ipp->ipp_ipv4_options_len = totallen; 5529 ipp->ipp_fields |= IPPF_IPV4_OPTIONS; 5530 bcopy(opt, ipp->ipp_ipv4_options, totallen); 5531 return (0); 5532 } 5533 5534 if (allocate && (ipp->ipp_fields & IPPF_LABEL_V4)) { 5535 kmem_free(ipp->ipp_label_v4, ipp->ipp_label_len_v4); 5536 ipp->ipp_label_v4 = NULL; 5537 ipp->ipp_label_len_v4 = 0; 5538 ipp->ipp_fields &= ~IPPF_LABEL_V4; 5539 } 5540 5541 /* 5542 * Search for CIPSO option. 5543 * We assume CIPSO is first in options if it is present. 5544 * If it isn't, then ipp_opt_ipv4_options will not include the options 5545 * prior to the CIPSO option. 5546 */ 5547 while (totallen != 0) { 5548 switch (optval = opt[IPOPT_OPTVAL]) { 5549 case IPOPT_EOL: 5550 return (0); 5551 case IPOPT_NOP: 5552 optlen = 1; 5553 break; 5554 default: 5555 if (totallen <= IPOPT_OLEN) 5556 return (EINVAL); 5557 optlen = opt[IPOPT_OLEN]; 5558 if (optlen < 2) 5559 return (EINVAL); 5560 } 5561 if (optlen > totallen) 5562 return (EINVAL); 5563 5564 switch (optval) { 5565 case IPOPT_COMSEC: 5566 if (!allocate) { 5567 ipp->ipp_label_v4 = opt; 5568 ipp->ipp_label_len_v4 = optlen; 5569 ipp->ipp_fields |= IPPF_LABEL_V4; 5570 } else { 5571 ipp->ipp_label_v4 = kmem_alloc(optlen, 5572 KM_NOSLEEP); 5573 if (ipp->ipp_label_v4 == NULL) 5574 return (ENOMEM); 5575 ipp->ipp_label_len_v4 = optlen; 5576 ipp->ipp_fields |= IPPF_LABEL_V4; 5577 bcopy(opt, ipp->ipp_label_v4, optlen); 5578 } 5579 totallen -= optlen; 5580 opt += optlen; 5581 5582 /* Skip padding bytes until we get to a multiple of 4 */ 5583 while ((totallen & 3) != 0 && opt[0] == IPOPT_NOP) { 5584 totallen--; 5585 opt++; 5586 } 5587 /* Remaining as ipp_ipv4_options */ 5588 goto copyall; 5589 } 5590 totallen -= optlen; 5591 opt += optlen; 5592 } 5593 /* No CIPSO found; return everything as ipp_ipv4_options */ 5594 totallen = ipha->ipha_version_and_hdr_length - 5595 (uint8_t)((IP_VERSION << 4) + IP_SIMPLE_HDR_LENGTH_IN_WORDS); 5596 totallen <<= 2; 5597 opt = (uchar_t *)&ipha[1]; 5598 goto copyall; 5599 } 5600 5601 /* 5602 * Efficient versions of lookup for an IRE when we only 5603 * match the address. 5604 * For RTF_REJECT or BLACKHOLE we return IRE_NOROUTE. 5605 * Does not handle multicast addresses. 5606 */ 5607 uint_t 5608 ip_type_v4(ipaddr_t addr, ip_stack_t *ipst) 5609 { 5610 ire_t *ire; 5611 uint_t result; 5612 5613 ire = ire_ftable_lookup_simple_v4(addr, 0, ipst, NULL); 5614 ASSERT(ire != NULL); 5615 if (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) 5616 result = IRE_NOROUTE; 5617 else 5618 result = ire->ire_type; 5619 ire_refrele(ire); 5620 return (result); 5621 } 5622 5623 /* 5624 * Efficient versions of lookup for an IRE when we only 5625 * match the address. 5626 * For RTF_REJECT or BLACKHOLE we return IRE_NOROUTE. 5627 * Does not handle multicast addresses. 5628 */ 5629 uint_t 5630 ip_type_v6(const in6_addr_t *addr, ip_stack_t *ipst) 5631 { 5632 ire_t *ire; 5633 uint_t result; 5634 5635 ire = ire_ftable_lookup_simple_v6(addr, 0, ipst, NULL); 5636 ASSERT(ire != NULL); 5637 if (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) 5638 result = IRE_NOROUTE; 5639 else 5640 result = ire->ire_type; 5641 ire_refrele(ire); 5642 return (result); 5643 } 5644 5645 /* 5646 * Nobody should be sending 5647 * packets up this stream 5648 */ 5649 static void 5650 ip_lrput(queue_t *q, mblk_t *mp) 5651 { 5652 switch (mp->b_datap->db_type) { 5653 case M_FLUSH: 5654 /* Turn around */ 5655 if (*mp->b_rptr & FLUSHW) { 5656 *mp->b_rptr &= ~FLUSHR; 5657 qreply(q, mp); 5658 return; 5659 } 5660 break; 5661 } 5662 freemsg(mp); 5663 } 5664 5665 /* Nobody should be sending packets down this stream */ 5666 /* ARGSUSED */ 5667 void 5668 ip_lwput(queue_t *q, mblk_t *mp) 5669 { 5670 freemsg(mp); 5671 } 5672 5673 /* 5674 * Move the first hop in any source route to ipha_dst and remove that part of 5675 * the source route. Called by other protocols. Errors in option formatting 5676 * are ignored - will be handled by ip_output_options. Return the final 5677 * destination (either ipha_dst or the last entry in a source route.) 5678 */ 5679 ipaddr_t 5680 ip_massage_options(ipha_t *ipha, netstack_t *ns) 5681 { 5682 ipoptp_t opts; 5683 uchar_t *opt; 5684 uint8_t optval; 5685 uint8_t optlen; 5686 ipaddr_t dst; 5687 int i; 5688 ip_stack_t *ipst = ns->netstack_ip; 5689 5690 ip2dbg(("ip_massage_options\n")); 5691 dst = ipha->ipha_dst; 5692 for (optval = ipoptp_first(&opts, ipha); 5693 optval != IPOPT_EOL; 5694 optval = ipoptp_next(&opts)) { 5695 opt = opts.ipoptp_cur; 5696 switch (optval) { 5697 uint8_t off; 5698 case IPOPT_SSRR: 5699 case IPOPT_LSRR: 5700 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) { 5701 ip1dbg(("ip_massage_options: bad src route\n")); 5702 break; 5703 } 5704 optlen = opts.ipoptp_len; 5705 off = opt[IPOPT_OFFSET]; 5706 off--; 5707 redo_srr: 5708 if (optlen < IP_ADDR_LEN || 5709 off > optlen - IP_ADDR_LEN) { 5710 /* End of source route */ 5711 ip1dbg(("ip_massage_options: end of SR\n")); 5712 break; 5713 } 5714 bcopy((char *)opt + off, &dst, IP_ADDR_LEN); 5715 ip1dbg(("ip_massage_options: next hop 0x%x\n", 5716 ntohl(dst))); 5717 /* 5718 * Check if our address is present more than 5719 * once as consecutive hops in source route. 5720 * XXX verify per-interface ip_forwarding 5721 * for source route? 5722 */ 5723 if (ip_type_v4(dst, ipst) == IRE_LOCAL) { 5724 off += IP_ADDR_LEN; 5725 goto redo_srr; 5726 } 5727 if (dst == htonl(INADDR_LOOPBACK)) { 5728 ip1dbg(("ip_massage_options: loopback addr in " 5729 "source route!\n")); 5730 break; 5731 } 5732 /* 5733 * Update ipha_dst to be the first hop and remove the 5734 * first hop from the source route (by overwriting 5735 * part of the option with NOP options). 5736 */ 5737 ipha->ipha_dst = dst; 5738 /* Put the last entry in dst */ 5739 off = ((optlen - IP_ADDR_LEN - 3) & ~(IP_ADDR_LEN-1)) + 5740 3; 5741 bcopy(&opt[off], &dst, IP_ADDR_LEN); 5742 5743 ip1dbg(("ip_massage_options: last hop 0x%x\n", 5744 ntohl(dst))); 5745 /* Move down and overwrite */ 5746 opt[IP_ADDR_LEN] = opt[0]; 5747 opt[IP_ADDR_LEN+1] = opt[IPOPT_OLEN] - IP_ADDR_LEN; 5748 opt[IP_ADDR_LEN+2] = opt[IPOPT_OFFSET]; 5749 for (i = 0; i < IP_ADDR_LEN; i++) 5750 opt[i] = IPOPT_NOP; 5751 break; 5752 } 5753 } 5754 return (dst); 5755 } 5756 5757 /* 5758 * Return the network mask 5759 * associated with the specified address. 5760 */ 5761 ipaddr_t 5762 ip_net_mask(ipaddr_t addr) 5763 { 5764 uchar_t *up = (uchar_t *)&addr; 5765 ipaddr_t mask = 0; 5766 uchar_t *maskp = (uchar_t *)&mask; 5767 5768 #if defined(__i386) || defined(__amd64) 5769 #define TOTALLY_BRAIN_DAMAGED_C_COMPILER 5770 #endif 5771 #ifdef TOTALLY_BRAIN_DAMAGED_C_COMPILER 5772 maskp[0] = maskp[1] = maskp[2] = maskp[3] = 0; 5773 #endif 5774 if (CLASSD(addr)) { 5775 maskp[0] = 0xF0; 5776 return (mask); 5777 } 5778 5779 /* We assume Class E default netmask to be 32 */ 5780 if (CLASSE(addr)) 5781 return (0xffffffffU); 5782 5783 if (addr == 0) 5784 return (0); 5785 maskp[0] = 0xFF; 5786 if ((up[0] & 0x80) == 0) 5787 return (mask); 5788 5789 maskp[1] = 0xFF; 5790 if ((up[0] & 0xC0) == 0x80) 5791 return (mask); 5792 5793 maskp[2] = 0xFF; 5794 if ((up[0] & 0xE0) == 0xC0) 5795 return (mask); 5796 5797 /* Otherwise return no mask */ 5798 return ((ipaddr_t)0); 5799 } 5800 5801 /* Name/Value Table Lookup Routine */ 5802 char * 5803 ip_nv_lookup(nv_t *nv, int value) 5804 { 5805 if (!nv) 5806 return (NULL); 5807 for (; nv->nv_name; nv++) { 5808 if (nv->nv_value == value) 5809 return (nv->nv_name); 5810 } 5811 return ("unknown"); 5812 } 5813 5814 static int 5815 ip_wait_for_info_ack(ill_t *ill) 5816 { 5817 int err; 5818 5819 mutex_enter(&ill->ill_lock); 5820 while (ill->ill_state_flags & ILL_LL_SUBNET_PENDING) { 5821 /* 5822 * Return value of 0 indicates a pending signal. 5823 */ 5824 err = cv_wait_sig(&ill->ill_cv, &ill->ill_lock); 5825 if (err == 0) { 5826 mutex_exit(&ill->ill_lock); 5827 return (EINTR); 5828 } 5829 } 5830 mutex_exit(&ill->ill_lock); 5831 /* 5832 * ip_rput_other could have set an error in ill_error on 5833 * receipt of M_ERROR. 5834 */ 5835 return (ill->ill_error); 5836 } 5837 5838 /* 5839 * This is a module open, i.e. this is a control stream for access 5840 * to a DLPI device. We allocate an ill_t as the instance data in 5841 * this case. 5842 */ 5843 static int 5844 ip_modopen(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 5845 { 5846 ill_t *ill; 5847 int err; 5848 zoneid_t zoneid; 5849 netstack_t *ns; 5850 ip_stack_t *ipst; 5851 5852 /* 5853 * Prevent unprivileged processes from pushing IP so that 5854 * they can't send raw IP. 5855 */ 5856 if (secpolicy_net_rawaccess(credp) != 0) 5857 return (EPERM); 5858 5859 ns = netstack_find_by_cred(credp); 5860 ASSERT(ns != NULL); 5861 ipst = ns->netstack_ip; 5862 ASSERT(ipst != NULL); 5863 5864 /* 5865 * For exclusive stacks we set the zoneid to zero 5866 * to make IP operate as if in the global zone. 5867 */ 5868 if (ipst->ips_netstack->netstack_stackid != GLOBAL_NETSTACKID) 5869 zoneid = GLOBAL_ZONEID; 5870 else 5871 zoneid = crgetzoneid(credp); 5872 5873 ill = (ill_t *)mi_open_alloc_sleep(sizeof (ill_t)); 5874 q->q_ptr = WR(q)->q_ptr = ill; 5875 ill->ill_ipst = ipst; 5876 ill->ill_zoneid = zoneid; 5877 5878 /* 5879 * ill_init initializes the ill fields and then sends down 5880 * down a DL_INFO_REQ after calling qprocson. 5881 */ 5882 err = ill_init(q, ill); 5883 5884 if (err != 0) { 5885 mi_free(ill); 5886 netstack_rele(ipst->ips_netstack); 5887 q->q_ptr = NULL; 5888 WR(q)->q_ptr = NULL; 5889 return (err); 5890 } 5891 5892 /* 5893 * Wait for the DL_INFO_ACK if a DL_INFO_REQ was sent. 5894 * 5895 * ill_init initializes the ipsq marking this thread as 5896 * writer 5897 */ 5898 ipsq_exit(ill->ill_phyint->phyint_ipsq); 5899 err = ip_wait_for_info_ack(ill); 5900 if (err == 0) 5901 ill->ill_credp = credp; 5902 else 5903 goto fail; 5904 5905 crhold(credp); 5906 5907 mutex_enter(&ipst->ips_ip_mi_lock); 5908 err = mi_open_link(&ipst->ips_ip_g_head, (IDP)q->q_ptr, devp, flag, 5909 sflag, credp); 5910 mutex_exit(&ipst->ips_ip_mi_lock); 5911 fail: 5912 if (err) { 5913 (void) ip_close(q, 0); 5914 return (err); 5915 } 5916 return (0); 5917 } 5918 5919 /* For /dev/ip aka AF_INET open */ 5920 int 5921 ip_openv4(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 5922 { 5923 return (ip_open(q, devp, flag, sflag, credp, B_FALSE)); 5924 } 5925 5926 /* For /dev/ip6 aka AF_INET6 open */ 5927 int 5928 ip_openv6(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 5929 { 5930 return (ip_open(q, devp, flag, sflag, credp, B_TRUE)); 5931 } 5932 5933 /* IP open routine. */ 5934 int 5935 ip_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp, 5936 boolean_t isv6) 5937 { 5938 conn_t *connp; 5939 major_t maj; 5940 zoneid_t zoneid; 5941 netstack_t *ns; 5942 ip_stack_t *ipst; 5943 5944 /* Allow reopen. */ 5945 if (q->q_ptr != NULL) 5946 return (0); 5947 5948 if (sflag & MODOPEN) { 5949 /* This is a module open */ 5950 return (ip_modopen(q, devp, flag, sflag, credp)); 5951 } 5952 5953 if ((flag & ~(FKLYR)) == IP_HELPER_STR) { 5954 /* 5955 * Non streams based socket looking for a stream 5956 * to access IP 5957 */ 5958 return (ip_helper_stream_setup(q, devp, flag, sflag, 5959 credp, isv6)); 5960 } 5961 5962 ns = netstack_find_by_cred(credp); 5963 ASSERT(ns != NULL); 5964 ipst = ns->netstack_ip; 5965 ASSERT(ipst != NULL); 5966 5967 /* 5968 * For exclusive stacks we set the zoneid to zero 5969 * to make IP operate as if in the global zone. 5970 */ 5971 if (ipst->ips_netstack->netstack_stackid != GLOBAL_NETSTACKID) 5972 zoneid = GLOBAL_ZONEID; 5973 else 5974 zoneid = crgetzoneid(credp); 5975 5976 /* 5977 * We are opening as a device. This is an IP client stream, and we 5978 * allocate an conn_t as the instance data. 5979 */ 5980 connp = ipcl_conn_create(IPCL_IPCCONN, KM_SLEEP, ipst->ips_netstack); 5981 5982 /* 5983 * ipcl_conn_create did a netstack_hold. Undo the hold that was 5984 * done by netstack_find_by_cred() 5985 */ 5986 netstack_rele(ipst->ips_netstack); 5987 5988 connp->conn_ixa->ixa_flags |= IXAF_MULTICAST_LOOP | IXAF_SET_ULP_CKSUM; 5989 /* conn_allzones can not be set this early, hence no IPCL_ZONEID */ 5990 connp->conn_ixa->ixa_zoneid = zoneid; 5991 connp->conn_zoneid = zoneid; 5992 5993 connp->conn_rq = q; 5994 q->q_ptr = WR(q)->q_ptr = connp; 5995 5996 /* Minor tells us which /dev entry was opened */ 5997 if (isv6) { 5998 connp->conn_family = AF_INET6; 5999 connp->conn_ipversion = IPV6_VERSION; 6000 connp->conn_ixa->ixa_flags &= ~IXAF_IS_IPV4; 6001 connp->conn_ixa->ixa_src_preferences = IPV6_PREFER_SRC_DEFAULT; 6002 } else { 6003 connp->conn_family = AF_INET; 6004 connp->conn_ipversion = IPV4_VERSION; 6005 connp->conn_ixa->ixa_flags |= IXAF_IS_IPV4; 6006 } 6007 6008 if ((ip_minor_arena_la != NULL) && (flag & SO_SOCKSTR) && 6009 ((connp->conn_dev = inet_minor_alloc(ip_minor_arena_la)) != 0)) { 6010 connp->conn_minor_arena = ip_minor_arena_la; 6011 } else { 6012 /* 6013 * Either minor numbers in the large arena were exhausted 6014 * or a non socket application is doing the open. 6015 * Try to allocate from the small arena. 6016 */ 6017 if ((connp->conn_dev = 6018 inet_minor_alloc(ip_minor_arena_sa)) == 0) { 6019 /* CONN_DEC_REF takes care of netstack_rele() */ 6020 q->q_ptr = WR(q)->q_ptr = NULL; 6021 CONN_DEC_REF(connp); 6022 return (EBUSY); 6023 } 6024 connp->conn_minor_arena = ip_minor_arena_sa; 6025 } 6026 6027 maj = getemajor(*devp); 6028 *devp = makedevice(maj, (minor_t)connp->conn_dev); 6029 6030 /* 6031 * connp->conn_cred is crfree()ed in ipcl_conn_destroy() 6032 */ 6033 connp->conn_cred = credp; 6034 connp->conn_cpid = curproc->p_pid; 6035 /* Cache things in ixa without an extra refhold */ 6036 ASSERT(!(connp->conn_ixa->ixa_free_flags & IXA_FREE_CRED)); 6037 connp->conn_ixa->ixa_cred = connp->conn_cred; 6038 connp->conn_ixa->ixa_cpid = connp->conn_cpid; 6039 if (is_system_labeled()) 6040 connp->conn_ixa->ixa_tsl = crgetlabel(connp->conn_cred); 6041 6042 /* 6043 * Handle IP_IOC_RTS_REQUEST and other ioctls which use conn_recv 6044 */ 6045 connp->conn_recv = ip_conn_input; 6046 connp->conn_recvicmp = ip_conn_input_icmp; 6047 6048 crhold(connp->conn_cred); 6049 6050 /* 6051 * If the caller has the process-wide flag set, then default to MAC 6052 * exempt mode. This allows read-down to unlabeled hosts. 6053 */ 6054 if (getpflags(NET_MAC_AWARE, credp) != 0) 6055 connp->conn_mac_mode = CONN_MAC_AWARE; 6056 6057 connp->conn_zone_is_global = (crgetzoneid(credp) == GLOBAL_ZONEID); 6058 6059 connp->conn_rq = q; 6060 connp->conn_wq = WR(q); 6061 6062 /* Non-zero default values */ 6063 connp->conn_ixa->ixa_flags |= IXAF_MULTICAST_LOOP; 6064 6065 /* 6066 * Make the conn globally visible to walkers 6067 */ 6068 ASSERT(connp->conn_ref == 1); 6069 mutex_enter(&connp->conn_lock); 6070 connp->conn_state_flags &= ~CONN_INCIPIENT; 6071 mutex_exit(&connp->conn_lock); 6072 6073 qprocson(q); 6074 6075 return (0); 6076 } 6077 6078 /* 6079 * Set IPsec policy from an ipsec_req_t. If the req is not "zero" and valid, 6080 * all of them are copied to the conn_t. If the req is "zero", the policy is 6081 * zeroed out. A "zero" policy has zero ipsr_{ah,req,self_encap}_req 6082 * fields. 6083 * We keep only the latest setting of the policy and thus policy setting 6084 * is not incremental/cumulative. 6085 * 6086 * Requests to set policies with multiple alternative actions will 6087 * go through a different API. 6088 */ 6089 int 6090 ipsec_set_req(cred_t *cr, conn_t *connp, ipsec_req_t *req) 6091 { 6092 uint_t ah_req = 0; 6093 uint_t esp_req = 0; 6094 uint_t se_req = 0; 6095 ipsec_act_t *actp = NULL; 6096 uint_t nact; 6097 ipsec_policy_head_t *ph; 6098 boolean_t is_pol_reset, is_pol_inserted = B_FALSE; 6099 int error = 0; 6100 netstack_t *ns = connp->conn_netstack; 6101 ip_stack_t *ipst = ns->netstack_ip; 6102 ipsec_stack_t *ipss = ns->netstack_ipsec; 6103 6104 #define REQ_MASK (IPSEC_PREF_REQUIRED|IPSEC_PREF_NEVER) 6105 6106 /* 6107 * The IP_SEC_OPT option does not allow variable length parameters, 6108 * hence a request cannot be NULL. 6109 */ 6110 if (req == NULL) 6111 return (EINVAL); 6112 6113 ah_req = req->ipsr_ah_req; 6114 esp_req = req->ipsr_esp_req; 6115 se_req = req->ipsr_self_encap_req; 6116 6117 /* Don't allow setting self-encap without one or more of AH/ESP. */ 6118 if (se_req != 0 && esp_req == 0 && ah_req == 0) 6119 return (EINVAL); 6120 6121 /* 6122 * Are we dealing with a request to reset the policy (i.e. 6123 * zero requests). 6124 */ 6125 is_pol_reset = ((ah_req & REQ_MASK) == 0 && 6126 (esp_req & REQ_MASK) == 0 && 6127 (se_req & REQ_MASK) == 0); 6128 6129 if (!is_pol_reset) { 6130 /* 6131 * If we couldn't load IPsec, fail with "protocol 6132 * not supported". 6133 * IPsec may not have been loaded for a request with zero 6134 * policies, so we don't fail in this case. 6135 */ 6136 mutex_enter(&ipss->ipsec_loader_lock); 6137 if (ipss->ipsec_loader_state != IPSEC_LOADER_SUCCEEDED) { 6138 mutex_exit(&ipss->ipsec_loader_lock); 6139 return (EPROTONOSUPPORT); 6140 } 6141 mutex_exit(&ipss->ipsec_loader_lock); 6142 6143 /* 6144 * Test for valid requests. Invalid algorithms 6145 * need to be tested by IPsec code because new 6146 * algorithms can be added dynamically. 6147 */ 6148 if ((ah_req & ~(REQ_MASK|IPSEC_PREF_UNIQUE)) != 0 || 6149 (esp_req & ~(REQ_MASK|IPSEC_PREF_UNIQUE)) != 0 || 6150 (se_req & ~(REQ_MASK|IPSEC_PREF_UNIQUE)) != 0) { 6151 return (EINVAL); 6152 } 6153 6154 /* 6155 * Only privileged users can issue these 6156 * requests. 6157 */ 6158 if (((ah_req & IPSEC_PREF_NEVER) || 6159 (esp_req & IPSEC_PREF_NEVER) || 6160 (se_req & IPSEC_PREF_NEVER)) && 6161 secpolicy_ip_config(cr, B_FALSE) != 0) { 6162 return (EPERM); 6163 } 6164 6165 /* 6166 * The IPSEC_PREF_REQUIRED and IPSEC_PREF_NEVER 6167 * are mutually exclusive. 6168 */ 6169 if (((ah_req & REQ_MASK) == REQ_MASK) || 6170 ((esp_req & REQ_MASK) == REQ_MASK) || 6171 ((se_req & REQ_MASK) == REQ_MASK)) { 6172 /* Both of them are set */ 6173 return (EINVAL); 6174 } 6175 } 6176 6177 ASSERT(MUTEX_HELD(&connp->conn_lock)); 6178 6179 /* 6180 * If we have already cached policies in conn_connect(), don't 6181 * let them change now. We cache policies for connections 6182 * whose src,dst [addr, port] is known. 6183 */ 6184 if (connp->conn_policy_cached) { 6185 return (EINVAL); 6186 } 6187 6188 /* 6189 * We have a zero policies, reset the connection policy if already 6190 * set. This will cause the connection to inherit the 6191 * global policy, if any. 6192 */ 6193 if (is_pol_reset) { 6194 if (connp->conn_policy != NULL) { 6195 IPPH_REFRELE(connp->conn_policy, ipst->ips_netstack); 6196 connp->conn_policy = NULL; 6197 } 6198 connp->conn_in_enforce_policy = B_FALSE; 6199 connp->conn_out_enforce_policy = B_FALSE; 6200 return (0); 6201 } 6202 6203 ph = connp->conn_policy = ipsec_polhead_split(connp->conn_policy, 6204 ipst->ips_netstack); 6205 if (ph == NULL) 6206 goto enomem; 6207 6208 ipsec_actvec_from_req(req, &actp, &nact, ipst->ips_netstack); 6209 if (actp == NULL) 6210 goto enomem; 6211 6212 /* 6213 * Always insert IPv4 policy entries, since they can also apply to 6214 * ipv6 sockets being used in ipv4-compat mode. 6215 */ 6216 if (!ipsec_polhead_insert(ph, actp, nact, IPSEC_AF_V4, 6217 IPSEC_TYPE_INBOUND, ns)) 6218 goto enomem; 6219 is_pol_inserted = B_TRUE; 6220 if (!ipsec_polhead_insert(ph, actp, nact, IPSEC_AF_V4, 6221 IPSEC_TYPE_OUTBOUND, ns)) 6222 goto enomem; 6223 6224 /* 6225 * We're looking at a v6 socket, also insert the v6-specific 6226 * entries. 6227 */ 6228 if (connp->conn_family == AF_INET6) { 6229 if (!ipsec_polhead_insert(ph, actp, nact, IPSEC_AF_V6, 6230 IPSEC_TYPE_INBOUND, ns)) 6231 goto enomem; 6232 if (!ipsec_polhead_insert(ph, actp, nact, IPSEC_AF_V6, 6233 IPSEC_TYPE_OUTBOUND, ns)) 6234 goto enomem; 6235 } 6236 6237 ipsec_actvec_free(actp, nact); 6238 6239 /* 6240 * If the requests need security, set enforce_policy. 6241 * If the requests are IPSEC_PREF_NEVER, one should 6242 * still set conn_out_enforce_policy so that ip_set_destination 6243 * marks the ip_xmit_attr_t appropriatly. This is needed so that 6244 * for connections that we don't cache policy in at connect time, 6245 * if global policy matches in ip_output_attach_policy, we 6246 * don't wrongly inherit global policy. Similarly, we need 6247 * to set conn_in_enforce_policy also so that we don't verify 6248 * policy wrongly. 6249 */ 6250 if ((ah_req & REQ_MASK) != 0 || 6251 (esp_req & REQ_MASK) != 0 || 6252 (se_req & REQ_MASK) != 0) { 6253 connp->conn_in_enforce_policy = B_TRUE; 6254 connp->conn_out_enforce_policy = B_TRUE; 6255 } 6256 6257 return (error); 6258 #undef REQ_MASK 6259 6260 /* 6261 * Common memory-allocation-failure exit path. 6262 */ 6263 enomem: 6264 if (actp != NULL) 6265 ipsec_actvec_free(actp, nact); 6266 if (is_pol_inserted) 6267 ipsec_polhead_flush(ph, ns); 6268 return (ENOMEM); 6269 } 6270 6271 /* 6272 * Set socket options for joining and leaving multicast groups. 6273 * Common to IPv4 and IPv6; inet6 indicates the type of socket. 6274 * The caller has already check that the option name is consistent with 6275 * the address family of the socket. 6276 */ 6277 int 6278 ip_opt_set_multicast_group(conn_t *connp, t_scalar_t name, 6279 uchar_t *invalp, boolean_t inet6, boolean_t checkonly) 6280 { 6281 int *i1 = (int *)invalp; 6282 int error = 0; 6283 ip_stack_t *ipst = connp->conn_netstack->netstack_ip; 6284 struct ip_mreq *v4_mreqp; 6285 struct ipv6_mreq *v6_mreqp; 6286 struct group_req *greqp; 6287 ire_t *ire; 6288 boolean_t done = B_FALSE; 6289 ipaddr_t ifaddr; 6290 in6_addr_t v6group; 6291 uint_t ifindex; 6292 boolean_t mcast_opt = B_TRUE; 6293 mcast_record_t fmode; 6294 int (*optfn)(conn_t *, boolean_t, const in6_addr_t *, 6295 ipaddr_t, uint_t, mcast_record_t, const in6_addr_t *); 6296 6297 switch (name) { 6298 case IP_ADD_MEMBERSHIP: 6299 case IPV6_JOIN_GROUP: 6300 mcast_opt = B_FALSE; 6301 /* FALLTHRU */ 6302 case MCAST_JOIN_GROUP: 6303 fmode = MODE_IS_EXCLUDE; 6304 optfn = ip_opt_add_group; 6305 break; 6306 6307 case IP_DROP_MEMBERSHIP: 6308 case IPV6_LEAVE_GROUP: 6309 mcast_opt = B_FALSE; 6310 /* FALLTHRU */ 6311 case MCAST_LEAVE_GROUP: 6312 fmode = MODE_IS_INCLUDE; 6313 optfn = ip_opt_delete_group; 6314 break; 6315 default: 6316 ASSERT(0); 6317 } 6318 6319 if (mcast_opt) { 6320 struct sockaddr_in *sin; 6321 struct sockaddr_in6 *sin6; 6322 6323 greqp = (struct group_req *)i1; 6324 if (greqp->gr_group.ss_family == AF_INET) { 6325 sin = (struct sockaddr_in *)&(greqp->gr_group); 6326 IN6_INADDR_TO_V4MAPPED(&sin->sin_addr, &v6group); 6327 } else { 6328 if (!inet6) 6329 return (EINVAL); /* Not on INET socket */ 6330 6331 sin6 = (struct sockaddr_in6 *)&(greqp->gr_group); 6332 v6group = sin6->sin6_addr; 6333 } 6334 ifaddr = INADDR_ANY; 6335 ifindex = greqp->gr_interface; 6336 } else if (inet6) { 6337 v6_mreqp = (struct ipv6_mreq *)i1; 6338 v6group = v6_mreqp->ipv6mr_multiaddr; 6339 ifaddr = INADDR_ANY; 6340 ifindex = v6_mreqp->ipv6mr_interface; 6341 } else { 6342 v4_mreqp = (struct ip_mreq *)i1; 6343 IN6_INADDR_TO_V4MAPPED(&v4_mreqp->imr_multiaddr, &v6group); 6344 ifaddr = (ipaddr_t)v4_mreqp->imr_interface.s_addr; 6345 ifindex = 0; 6346 } 6347 6348 /* 6349 * In the multirouting case, we need to replicate 6350 * the request on all interfaces that will take part 6351 * in replication. We do so because multirouting is 6352 * reflective, thus we will probably receive multi- 6353 * casts on those interfaces. 6354 * The ip_multirt_apply_membership() succeeds if 6355 * the operation succeeds on at least one interface. 6356 */ 6357 if (IN6_IS_ADDR_V4MAPPED(&v6group)) { 6358 ipaddr_t group; 6359 6360 IN6_V4MAPPED_TO_IPADDR(&v6group, group); 6361 6362 ire = ire_ftable_lookup_v4(group, IP_HOST_MASK, 0, 6363 IRE_HOST | IRE_INTERFACE, NULL, ALL_ZONES, NULL, 6364 MATCH_IRE_MASK | MATCH_IRE_TYPE, 0, ipst, NULL); 6365 } else { 6366 ire = ire_ftable_lookup_v6(&v6group, &ipv6_all_ones, 0, 6367 IRE_HOST | IRE_INTERFACE, NULL, ALL_ZONES, NULL, 6368 MATCH_IRE_MASK | MATCH_IRE_TYPE, 0, ipst, NULL); 6369 } 6370 if (ire != NULL) { 6371 if (ire->ire_flags & RTF_MULTIRT) { 6372 error = ip_multirt_apply_membership(optfn, ire, connp, 6373 checkonly, &v6group, fmode, &ipv6_all_zeros); 6374 done = B_TRUE; 6375 } 6376 ire_refrele(ire); 6377 } 6378 6379 if (!done) { 6380 error = optfn(connp, checkonly, &v6group, ifaddr, ifindex, 6381 fmode, &ipv6_all_zeros); 6382 } 6383 return (error); 6384 } 6385 6386 /* 6387 * Set socket options for joining and leaving multicast groups 6388 * for specific sources. 6389 * Common to IPv4 and IPv6; inet6 indicates the type of socket. 6390 * The caller has already check that the option name is consistent with 6391 * the address family of the socket. 6392 */ 6393 int 6394 ip_opt_set_multicast_sources(conn_t *connp, t_scalar_t name, 6395 uchar_t *invalp, boolean_t inet6, boolean_t checkonly) 6396 { 6397 int *i1 = (int *)invalp; 6398 int error = 0; 6399 ip_stack_t *ipst = connp->conn_netstack->netstack_ip; 6400 struct ip_mreq_source *imreqp; 6401 struct group_source_req *gsreqp; 6402 in6_addr_t v6group, v6src; 6403 uint32_t ifindex; 6404 ipaddr_t ifaddr; 6405 boolean_t mcast_opt = B_TRUE; 6406 mcast_record_t fmode; 6407 ire_t *ire; 6408 boolean_t done = B_FALSE; 6409 int (*optfn)(conn_t *, boolean_t, const in6_addr_t *, 6410 ipaddr_t, uint_t, mcast_record_t, const in6_addr_t *); 6411 6412 switch (name) { 6413 case IP_BLOCK_SOURCE: 6414 mcast_opt = B_FALSE; 6415 /* FALLTHRU */ 6416 case MCAST_BLOCK_SOURCE: 6417 fmode = MODE_IS_EXCLUDE; 6418 optfn = ip_opt_add_group; 6419 break; 6420 6421 case IP_UNBLOCK_SOURCE: 6422 mcast_opt = B_FALSE; 6423 /* FALLTHRU */ 6424 case MCAST_UNBLOCK_SOURCE: 6425 fmode = MODE_IS_EXCLUDE; 6426 optfn = ip_opt_delete_group; 6427 break; 6428 6429 case IP_ADD_SOURCE_MEMBERSHIP: 6430 mcast_opt = B_FALSE; 6431 /* FALLTHRU */ 6432 case MCAST_JOIN_SOURCE_GROUP: 6433 fmode = MODE_IS_INCLUDE; 6434 optfn = ip_opt_add_group; 6435 break; 6436 6437 case IP_DROP_SOURCE_MEMBERSHIP: 6438 mcast_opt = B_FALSE; 6439 /* FALLTHRU */ 6440 case MCAST_LEAVE_SOURCE_GROUP: 6441 fmode = MODE_IS_INCLUDE; 6442 optfn = ip_opt_delete_group; 6443 break; 6444 default: 6445 ASSERT(0); 6446 } 6447 6448 if (mcast_opt) { 6449 gsreqp = (struct group_source_req *)i1; 6450 ifindex = gsreqp->gsr_interface; 6451 if (gsreqp->gsr_group.ss_family == AF_INET) { 6452 struct sockaddr_in *s; 6453 s = (struct sockaddr_in *)&gsreqp->gsr_group; 6454 IN6_INADDR_TO_V4MAPPED(&s->sin_addr, &v6group); 6455 s = (struct sockaddr_in *)&gsreqp->gsr_source; 6456 IN6_INADDR_TO_V4MAPPED(&s->sin_addr, &v6src); 6457 } else { 6458 struct sockaddr_in6 *s6; 6459 6460 if (!inet6) 6461 return (EINVAL); /* Not on INET socket */ 6462 6463 s6 = (struct sockaddr_in6 *)&gsreqp->gsr_group; 6464 v6group = s6->sin6_addr; 6465 s6 = (struct sockaddr_in6 *)&gsreqp->gsr_source; 6466 v6src = s6->sin6_addr; 6467 } 6468 ifaddr = INADDR_ANY; 6469 } else { 6470 imreqp = (struct ip_mreq_source *)i1; 6471 IN6_INADDR_TO_V4MAPPED(&imreqp->imr_multiaddr, &v6group); 6472 IN6_INADDR_TO_V4MAPPED(&imreqp->imr_sourceaddr, &v6src); 6473 ifaddr = (ipaddr_t)imreqp->imr_interface.s_addr; 6474 ifindex = 0; 6475 } 6476 6477 /* 6478 * Handle src being mapped INADDR_ANY by changing it to unspecified. 6479 */ 6480 if (IN6_IS_ADDR_V4MAPPED_ANY(&v6src)) 6481 v6src = ipv6_all_zeros; 6482 6483 /* 6484 * In the multirouting case, we need to replicate 6485 * the request as noted in the mcast cases above. 6486 */ 6487 if (IN6_IS_ADDR_V4MAPPED(&v6group)) { 6488 ipaddr_t group; 6489 6490 IN6_V4MAPPED_TO_IPADDR(&v6group, group); 6491 6492 ire = ire_ftable_lookup_v4(group, IP_HOST_MASK, 0, 6493 IRE_HOST | IRE_INTERFACE, NULL, ALL_ZONES, NULL, 6494 MATCH_IRE_MASK | MATCH_IRE_TYPE, 0, ipst, NULL); 6495 } else { 6496 ire = ire_ftable_lookup_v6(&v6group, &ipv6_all_ones, 0, 6497 IRE_HOST | IRE_INTERFACE, NULL, ALL_ZONES, NULL, 6498 MATCH_IRE_MASK | MATCH_IRE_TYPE, 0, ipst, NULL); 6499 } 6500 if (ire != NULL) { 6501 if (ire->ire_flags & RTF_MULTIRT) { 6502 error = ip_multirt_apply_membership(optfn, ire, connp, 6503 checkonly, &v6group, fmode, &v6src); 6504 done = B_TRUE; 6505 } 6506 ire_refrele(ire); 6507 } 6508 if (!done) { 6509 error = optfn(connp, checkonly, &v6group, ifaddr, ifindex, 6510 fmode, &v6src); 6511 } 6512 return (error); 6513 } 6514 6515 /* 6516 * Given a destination address and a pointer to where to put the information 6517 * this routine fills in the mtuinfo. 6518 * The socket must be connected. 6519 * For sctp conn_faddr is the primary address. 6520 */ 6521 int 6522 ip_fill_mtuinfo(conn_t *connp, ip_xmit_attr_t *ixa, struct ip6_mtuinfo *mtuinfo) 6523 { 6524 uint32_t pmtu = IP_MAXPACKET; 6525 uint_t scopeid; 6526 6527 if (IN6_IS_ADDR_UNSPECIFIED(&connp->conn_faddr_v6)) 6528 return (-1); 6529 6530 /* In case we never sent or called ip_set_destination_v4/v6 */ 6531 if (ixa->ixa_ire != NULL) 6532 pmtu = ip_get_pmtu(ixa); 6533 6534 if (ixa->ixa_flags & IXAF_SCOPEID_SET) 6535 scopeid = ixa->ixa_scopeid; 6536 else 6537 scopeid = 0; 6538 6539 bzero(mtuinfo, sizeof (*mtuinfo)); 6540 mtuinfo->ip6m_addr.sin6_family = AF_INET6; 6541 mtuinfo->ip6m_addr.sin6_port = connp->conn_fport; 6542 mtuinfo->ip6m_addr.sin6_addr = connp->conn_faddr_v6; 6543 mtuinfo->ip6m_addr.sin6_scope_id = scopeid; 6544 mtuinfo->ip6m_mtu = pmtu; 6545 6546 return (sizeof (struct ip6_mtuinfo)); 6547 } 6548 6549 /* 6550 * When the src multihoming is changed from weak to [strong, preferred] 6551 * ip_ire_rebind_walker is called to walk the list of all ire_t entries 6552 * and identify routes that were created by user-applications in the 6553 * unbound state (i.e., without RTA_IFP), and for which an ire_ill is not 6554 * currently defined. These routes are then 'rebound', i.e., their ire_ill 6555 * is selected by finding an interface route for the gateway. 6556 */ 6557 /* ARGSUSED */ 6558 void 6559 ip_ire_rebind_walker(ire_t *ire, void *notused) 6560 { 6561 if (!ire->ire_unbound || ire->ire_ill != NULL) 6562 return; 6563 ire_rebind(ire); 6564 ire_delete(ire); 6565 } 6566 6567 /* 6568 * When the src multihoming is changed from [strong, preferred] to weak, 6569 * ip_ire_unbind_walker is called to walk the list of all ire_t entries, and 6570 * set any entries that were created by user-applications in the unbound state 6571 * (i.e., without RTA_IFP) back to having a NULL ire_ill. 6572 */ 6573 /* ARGSUSED */ 6574 void 6575 ip_ire_unbind_walker(ire_t *ire, void *notused) 6576 { 6577 ire_t *new_ire; 6578 6579 if (!ire->ire_unbound || ire->ire_ill == NULL) 6580 return; 6581 if (ire->ire_ipversion == IPV6_VERSION) { 6582 new_ire = ire_create_v6(&ire->ire_addr_v6, &ire->ire_mask_v6, 6583 &ire->ire_gateway_addr_v6, ire->ire_type, NULL, 6584 ire->ire_zoneid, ire->ire_flags, NULL, ire->ire_ipst); 6585 } else { 6586 new_ire = ire_create((uchar_t *)&ire->ire_addr, 6587 (uchar_t *)&ire->ire_mask, 6588 (uchar_t *)&ire->ire_gateway_addr, ire->ire_type, NULL, 6589 ire->ire_zoneid, ire->ire_flags, NULL, ire->ire_ipst); 6590 } 6591 if (new_ire == NULL) 6592 return; 6593 new_ire->ire_unbound = B_TRUE; 6594 /* 6595 * The bound ire must first be deleted so that we don't return 6596 * the existing one on the attempt to add the unbound new_ire. 6597 */ 6598 ire_delete(ire); 6599 new_ire = ire_add(new_ire); 6600 if (new_ire != NULL) 6601 ire_refrele(new_ire); 6602 } 6603 6604 /* 6605 * When the settings of ip*_strict_src_multihoming tunables are changed, 6606 * all cached routes need to be recomputed. This recomputation needs to be 6607 * done when going from weaker to stronger modes so that the cached ire 6608 * for the connection does not violate the current ip*_strict_src_multihoming 6609 * setting. It also needs to be done when going from stronger to weaker modes, 6610 * so that we fall back to matching on the longest-matching-route (as opposed 6611 * to a shorter match that may have been selected in the strong mode 6612 * to satisfy src_multihoming settings). 6613 * 6614 * The cached ixa_ire entires for all conn_t entries are marked as 6615 * "verify" so that they will be recomputed for the next packet. 6616 */ 6617 void 6618 conn_ire_revalidate(conn_t *connp, void *arg) 6619 { 6620 boolean_t isv6 = (boolean_t)arg; 6621 6622 if ((isv6 && connp->conn_ipversion != IPV6_VERSION) || 6623 (!isv6 && connp->conn_ipversion != IPV4_VERSION)) 6624 return; 6625 connp->conn_ixa->ixa_ire_generation = IRE_GENERATION_VERIFY; 6626 } 6627 6628 /* 6629 * Handles both IPv4 and IPv6 reassembly - doing the out-of-order cases, 6630 * When an ipf is passed here for the first time, if 6631 * we already have in-order fragments on the queue, we convert from the fast- 6632 * path reassembly scheme to the hard-case scheme. From then on, additional 6633 * fragments are reassembled here. We keep track of the start and end offsets 6634 * of each piece, and the number of holes in the chain. When the hole count 6635 * goes to zero, we are done! 6636 * 6637 * The ipf_count will be updated to account for any mblk(s) added (pointed to 6638 * by mp) or subtracted (freeb()ed dups), upon return the caller must update 6639 * ipfb_count and ill_frag_count by the difference of ipf_count before and 6640 * after the call to ip_reassemble(). 6641 */ 6642 int 6643 ip_reassemble(mblk_t *mp, ipf_t *ipf, uint_t start, boolean_t more, ill_t *ill, 6644 size_t msg_len) 6645 { 6646 uint_t end; 6647 mblk_t *next_mp; 6648 mblk_t *mp1; 6649 uint_t offset; 6650 boolean_t incr_dups = B_TRUE; 6651 boolean_t offset_zero_seen = B_FALSE; 6652 boolean_t pkt_boundary_checked = B_FALSE; 6653 6654 /* If start == 0 then ipf_nf_hdr_len has to be set. */ 6655 ASSERT(start != 0 || ipf->ipf_nf_hdr_len != 0); 6656 6657 /* Add in byte count */ 6658 ipf->ipf_count += msg_len; 6659 if (ipf->ipf_end) { 6660 /* 6661 * We were part way through in-order reassembly, but now there 6662 * is a hole. We walk through messages already queued, and 6663 * mark them for hard case reassembly. We know that up till 6664 * now they were in order starting from offset zero. 6665 */ 6666 offset = 0; 6667 for (mp1 = ipf->ipf_mp->b_cont; mp1; mp1 = mp1->b_cont) { 6668 IP_REASS_SET_START(mp1, offset); 6669 if (offset == 0) { 6670 ASSERT(ipf->ipf_nf_hdr_len != 0); 6671 offset = -ipf->ipf_nf_hdr_len; 6672 } 6673 offset += mp1->b_wptr - mp1->b_rptr; 6674 IP_REASS_SET_END(mp1, offset); 6675 } 6676 /* One hole at the end. */ 6677 ipf->ipf_hole_cnt = 1; 6678 /* Brand it as a hard case, forever. */ 6679 ipf->ipf_end = 0; 6680 } 6681 /* Walk through all the new pieces. */ 6682 do { 6683 end = start + (mp->b_wptr - mp->b_rptr); 6684 /* 6685 * If start is 0, decrease 'end' only for the first mblk of 6686 * the fragment. Otherwise 'end' can get wrong value in the 6687 * second pass of the loop if first mblk is exactly the 6688 * size of ipf_nf_hdr_len. 6689 */ 6690 if (start == 0 && !offset_zero_seen) { 6691 /* First segment */ 6692 ASSERT(ipf->ipf_nf_hdr_len != 0); 6693 end -= ipf->ipf_nf_hdr_len; 6694 offset_zero_seen = B_TRUE; 6695 } 6696 next_mp = mp->b_cont; 6697 /* 6698 * We are checking to see if there is any interesing data 6699 * to process. If there isn't and the mblk isn't the 6700 * one which carries the unfragmentable header then we 6701 * drop it. It's possible to have just the unfragmentable 6702 * header come through without any data. That needs to be 6703 * saved. 6704 * 6705 * If the assert at the top of this function holds then the 6706 * term "ipf->ipf_nf_hdr_len != 0" isn't needed. This code 6707 * is infrequently traveled enough that the test is left in 6708 * to protect against future code changes which break that 6709 * invariant. 6710 */ 6711 if (start == end && start != 0 && ipf->ipf_nf_hdr_len != 0) { 6712 /* Empty. Blast it. */ 6713 IP_REASS_SET_START(mp, 0); 6714 IP_REASS_SET_END(mp, 0); 6715 /* 6716 * If the ipf points to the mblk we are about to free, 6717 * update ipf to point to the next mblk (or NULL 6718 * if none). 6719 */ 6720 if (ipf->ipf_mp->b_cont == mp) 6721 ipf->ipf_mp->b_cont = next_mp; 6722 freeb(mp); 6723 continue; 6724 } 6725 mp->b_cont = NULL; 6726 IP_REASS_SET_START(mp, start); 6727 IP_REASS_SET_END(mp, end); 6728 if (!ipf->ipf_tail_mp) { 6729 ipf->ipf_tail_mp = mp; 6730 ipf->ipf_mp->b_cont = mp; 6731 if (start == 0 || !more) { 6732 ipf->ipf_hole_cnt = 1; 6733 /* 6734 * if the first fragment comes in more than one 6735 * mblk, this loop will be executed for each 6736 * mblk. Need to adjust hole count so exiting 6737 * this routine will leave hole count at 1. 6738 */ 6739 if (next_mp) 6740 ipf->ipf_hole_cnt++; 6741 } else 6742 ipf->ipf_hole_cnt = 2; 6743 continue; 6744 } else if (ipf->ipf_last_frag_seen && !more && 6745 !pkt_boundary_checked) { 6746 /* 6747 * We check datagram boundary only if this fragment 6748 * claims to be the last fragment and we have seen a 6749 * last fragment in the past too. We do this only 6750 * once for a given fragment. 6751 * 6752 * start cannot be 0 here as fragments with start=0 6753 * and MF=0 gets handled as a complete packet. These 6754 * fragments should not reach here. 6755 */ 6756 6757 if (start + msgdsize(mp) != 6758 IP_REASS_END(ipf->ipf_tail_mp)) { 6759 /* 6760 * We have two fragments both of which claim 6761 * to be the last fragment but gives conflicting 6762 * information about the whole datagram size. 6763 * Something fishy is going on. Drop the 6764 * fragment and free up the reassembly list. 6765 */ 6766 return (IP_REASS_FAILED); 6767 } 6768 6769 /* 6770 * We shouldn't come to this code block again for this 6771 * particular fragment. 6772 */ 6773 pkt_boundary_checked = B_TRUE; 6774 } 6775 6776 /* New stuff at or beyond tail? */ 6777 offset = IP_REASS_END(ipf->ipf_tail_mp); 6778 if (start >= offset) { 6779 if (ipf->ipf_last_frag_seen) { 6780 /* current fragment is beyond last fragment */ 6781 return (IP_REASS_FAILED); 6782 } 6783 /* Link it on end. */ 6784 ipf->ipf_tail_mp->b_cont = mp; 6785 ipf->ipf_tail_mp = mp; 6786 if (more) { 6787 if (start != offset) 6788 ipf->ipf_hole_cnt++; 6789 } else if (start == offset && next_mp == NULL) 6790 ipf->ipf_hole_cnt--; 6791 continue; 6792 } 6793 mp1 = ipf->ipf_mp->b_cont; 6794 offset = IP_REASS_START(mp1); 6795 /* New stuff at the front? */ 6796 if (start < offset) { 6797 if (start == 0) { 6798 if (end >= offset) { 6799 /* Nailed the hole at the begining. */ 6800 ipf->ipf_hole_cnt--; 6801 } 6802 } else if (end < offset) { 6803 /* 6804 * A hole, stuff, and a hole where there used 6805 * to be just a hole. 6806 */ 6807 ipf->ipf_hole_cnt++; 6808 } 6809 mp->b_cont = mp1; 6810 /* Check for overlap. */ 6811 while (end > offset) { 6812 if (end < IP_REASS_END(mp1)) { 6813 mp->b_wptr -= end - offset; 6814 IP_REASS_SET_END(mp, offset); 6815 BUMP_MIB(ill->ill_ip_mib, 6816 ipIfStatsReasmPartDups); 6817 break; 6818 } 6819 /* Did we cover another hole? */ 6820 if ((mp1->b_cont && 6821 IP_REASS_END(mp1) != 6822 IP_REASS_START(mp1->b_cont) && 6823 end >= IP_REASS_START(mp1->b_cont)) || 6824 (!ipf->ipf_last_frag_seen && !more)) { 6825 ipf->ipf_hole_cnt--; 6826 } 6827 /* Clip out mp1. */ 6828 if ((mp->b_cont = mp1->b_cont) == NULL) { 6829 /* 6830 * After clipping out mp1, this guy 6831 * is now hanging off the end. 6832 */ 6833 ipf->ipf_tail_mp = mp; 6834 } 6835 IP_REASS_SET_START(mp1, 0); 6836 IP_REASS_SET_END(mp1, 0); 6837 /* Subtract byte count */ 6838 ipf->ipf_count -= mp1->b_datap->db_lim - 6839 mp1->b_datap->db_base; 6840 freeb(mp1); 6841 BUMP_MIB(ill->ill_ip_mib, 6842 ipIfStatsReasmPartDups); 6843 mp1 = mp->b_cont; 6844 if (!mp1) 6845 break; 6846 offset = IP_REASS_START(mp1); 6847 } 6848 ipf->ipf_mp->b_cont = mp; 6849 continue; 6850 } 6851 /* 6852 * The new piece starts somewhere between the start of the head 6853 * and before the end of the tail. 6854 */ 6855 for (; mp1; mp1 = mp1->b_cont) { 6856 offset = IP_REASS_END(mp1); 6857 if (start < offset) { 6858 if (end <= offset) { 6859 /* Nothing new. */ 6860 IP_REASS_SET_START(mp, 0); 6861 IP_REASS_SET_END(mp, 0); 6862 /* Subtract byte count */ 6863 ipf->ipf_count -= mp->b_datap->db_lim - 6864 mp->b_datap->db_base; 6865 if (incr_dups) { 6866 ipf->ipf_num_dups++; 6867 incr_dups = B_FALSE; 6868 } 6869 freeb(mp); 6870 BUMP_MIB(ill->ill_ip_mib, 6871 ipIfStatsReasmDuplicates); 6872 break; 6873 } 6874 /* 6875 * Trim redundant stuff off beginning of new 6876 * piece. 6877 */ 6878 IP_REASS_SET_START(mp, offset); 6879 mp->b_rptr += offset - start; 6880 BUMP_MIB(ill->ill_ip_mib, 6881 ipIfStatsReasmPartDups); 6882 start = offset; 6883 if (!mp1->b_cont) { 6884 /* 6885 * After trimming, this guy is now 6886 * hanging off the end. 6887 */ 6888 mp1->b_cont = mp; 6889 ipf->ipf_tail_mp = mp; 6890 if (!more) { 6891 ipf->ipf_hole_cnt--; 6892 } 6893 break; 6894 } 6895 } 6896 if (start >= IP_REASS_START(mp1->b_cont)) 6897 continue; 6898 /* Fill a hole */ 6899 if (start > offset) 6900 ipf->ipf_hole_cnt++; 6901 mp->b_cont = mp1->b_cont; 6902 mp1->b_cont = mp; 6903 mp1 = mp->b_cont; 6904 offset = IP_REASS_START(mp1); 6905 if (end >= offset) { 6906 ipf->ipf_hole_cnt--; 6907 /* Check for overlap. */ 6908 while (end > offset) { 6909 if (end < IP_REASS_END(mp1)) { 6910 mp->b_wptr -= end - offset; 6911 IP_REASS_SET_END(mp, offset); 6912 /* 6913 * TODO we might bump 6914 * this up twice if there is 6915 * overlap at both ends. 6916 */ 6917 BUMP_MIB(ill->ill_ip_mib, 6918 ipIfStatsReasmPartDups); 6919 break; 6920 } 6921 /* Did we cover another hole? */ 6922 if ((mp1->b_cont && 6923 IP_REASS_END(mp1) 6924 != IP_REASS_START(mp1->b_cont) && 6925 end >= 6926 IP_REASS_START(mp1->b_cont)) || 6927 (!ipf->ipf_last_frag_seen && 6928 !more)) { 6929 ipf->ipf_hole_cnt--; 6930 } 6931 /* Clip out mp1. */ 6932 if ((mp->b_cont = mp1->b_cont) == 6933 NULL) { 6934 /* 6935 * After clipping out mp1, 6936 * this guy is now hanging 6937 * off the end. 6938 */ 6939 ipf->ipf_tail_mp = mp; 6940 } 6941 IP_REASS_SET_START(mp1, 0); 6942 IP_REASS_SET_END(mp1, 0); 6943 /* Subtract byte count */ 6944 ipf->ipf_count -= 6945 mp1->b_datap->db_lim - 6946 mp1->b_datap->db_base; 6947 freeb(mp1); 6948 BUMP_MIB(ill->ill_ip_mib, 6949 ipIfStatsReasmPartDups); 6950 mp1 = mp->b_cont; 6951 if (!mp1) 6952 break; 6953 offset = IP_REASS_START(mp1); 6954 } 6955 } 6956 break; 6957 } 6958 } while (start = end, mp = next_mp); 6959 6960 /* Fragment just processed could be the last one. Remember this fact */ 6961 if (!more) 6962 ipf->ipf_last_frag_seen = B_TRUE; 6963 6964 /* Still got holes? */ 6965 if (ipf->ipf_hole_cnt) 6966 return (IP_REASS_PARTIAL); 6967 /* Clean up overloaded fields to avoid upstream disasters. */ 6968 for (mp1 = ipf->ipf_mp->b_cont; mp1; mp1 = mp1->b_cont) { 6969 IP_REASS_SET_START(mp1, 0); 6970 IP_REASS_SET_END(mp1, 0); 6971 } 6972 return (IP_REASS_COMPLETE); 6973 } 6974 6975 /* 6976 * Fragmentation reassembly. Each ILL has a hash table for 6977 * queuing packets undergoing reassembly for all IPIFs 6978 * associated with the ILL. The hash is based on the packet 6979 * IP ident field. The ILL frag hash table was allocated 6980 * as a timer block at the time the ILL was created. Whenever 6981 * there is anything on the reassembly queue, the timer will 6982 * be running. Returns the reassembled packet if reassembly completes. 6983 */ 6984 mblk_t * 6985 ip_input_fragment(mblk_t *mp, ipha_t *ipha, ip_recv_attr_t *ira) 6986 { 6987 uint32_t frag_offset_flags; 6988 mblk_t *t_mp; 6989 ipaddr_t dst; 6990 uint8_t proto = ipha->ipha_protocol; 6991 uint32_t sum_val; 6992 uint16_t sum_flags; 6993 ipf_t *ipf; 6994 ipf_t **ipfp; 6995 ipfb_t *ipfb; 6996 uint16_t ident; 6997 uint32_t offset; 6998 ipaddr_t src; 6999 uint_t hdr_length; 7000 uint32_t end; 7001 mblk_t *mp1; 7002 mblk_t *tail_mp; 7003 size_t count; 7004 size_t msg_len; 7005 uint8_t ecn_info = 0; 7006 uint32_t packet_size; 7007 boolean_t pruned = B_FALSE; 7008 ill_t *ill = ira->ira_ill; 7009 ip_stack_t *ipst = ill->ill_ipst; 7010 7011 /* 7012 * Drop the fragmented as early as possible, if 7013 * we don't have resource(s) to re-assemble. 7014 */ 7015 if (ipst->ips_ip_reass_queue_bytes == 0) { 7016 freemsg(mp); 7017 return (NULL); 7018 } 7019 7020 /* Check for fragmentation offset; return if there's none */ 7021 if ((frag_offset_flags = ntohs(ipha->ipha_fragment_offset_and_flags) & 7022 (IPH_MF | IPH_OFFSET)) == 0) 7023 return (mp); 7024 7025 /* 7026 * We utilize hardware computed checksum info only for UDP since 7027 * IP fragmentation is a normal occurrence for the protocol. In 7028 * addition, checksum offload support for IP fragments carrying 7029 * UDP payload is commonly implemented across network adapters. 7030 */ 7031 ASSERT(ira->ira_rill != NULL); 7032 if (proto == IPPROTO_UDP && dohwcksum && 7033 ILL_HCKSUM_CAPABLE(ira->ira_rill) && 7034 (DB_CKSUMFLAGS(mp) & (HCK_FULLCKSUM | HCK_PARTIALCKSUM))) { 7035 mblk_t *mp1 = mp->b_cont; 7036 int32_t len; 7037 7038 /* Record checksum information from the packet */ 7039 sum_val = (uint32_t)DB_CKSUM16(mp); 7040 sum_flags = DB_CKSUMFLAGS(mp); 7041 7042 /* IP payload offset from beginning of mblk */ 7043 offset = ((uchar_t *)ipha + IPH_HDR_LENGTH(ipha)) - mp->b_rptr; 7044 7045 if ((sum_flags & HCK_PARTIALCKSUM) && 7046 (mp1 == NULL || mp1->b_cont == NULL) && 7047 offset >= DB_CKSUMSTART(mp) && 7048 ((len = offset - DB_CKSUMSTART(mp)) & 1) == 0) { 7049 uint32_t adj; 7050 /* 7051 * Partial checksum has been calculated by hardware 7052 * and attached to the packet; in addition, any 7053 * prepended extraneous data is even byte aligned. 7054 * If any such data exists, we adjust the checksum; 7055 * this would also handle any postpended data. 7056 */ 7057 IP_ADJCKSUM_PARTIAL(mp->b_rptr + DB_CKSUMSTART(mp), 7058 mp, mp1, len, adj); 7059 7060 /* One's complement subtract extraneous checksum */ 7061 if (adj >= sum_val) 7062 sum_val = ~(adj - sum_val) & 0xFFFF; 7063 else 7064 sum_val -= adj; 7065 } 7066 } else { 7067 sum_val = 0; 7068 sum_flags = 0; 7069 } 7070 7071 /* Clear hardware checksumming flag */ 7072 DB_CKSUMFLAGS(mp) = 0; 7073 7074 ident = ipha->ipha_ident; 7075 offset = (frag_offset_flags << 3) & 0xFFFF; 7076 src = ipha->ipha_src; 7077 dst = ipha->ipha_dst; 7078 hdr_length = IPH_HDR_LENGTH(ipha); 7079 end = ntohs(ipha->ipha_length) - hdr_length; 7080 7081 /* If end == 0 then we have a packet with no data, so just free it */ 7082 if (end == 0) { 7083 freemsg(mp); 7084 return (NULL); 7085 } 7086 7087 /* Record the ECN field info. */ 7088 ecn_info = (ipha->ipha_type_of_service & 0x3); 7089 if (offset != 0) { 7090 /* 7091 * If this isn't the first piece, strip the header, and 7092 * add the offset to the end value. 7093 */ 7094 mp->b_rptr += hdr_length; 7095 end += offset; 7096 } 7097 7098 /* Handle vnic loopback of fragments */ 7099 if (mp->b_datap->db_ref > 2) 7100 msg_len = 0; 7101 else 7102 msg_len = MBLKSIZE(mp); 7103 7104 tail_mp = mp; 7105 while (tail_mp->b_cont != NULL) { 7106 tail_mp = tail_mp->b_cont; 7107 if (tail_mp->b_datap->db_ref <= 2) 7108 msg_len += MBLKSIZE(tail_mp); 7109 } 7110 7111 /* If the reassembly list for this ILL will get too big, prune it */ 7112 if ((msg_len + sizeof (*ipf) + ill->ill_frag_count) >= 7113 ipst->ips_ip_reass_queue_bytes) { 7114 DTRACE_PROBE3(ip_reass_queue_bytes, uint_t, msg_len, 7115 uint_t, ill->ill_frag_count, 7116 uint_t, ipst->ips_ip_reass_queue_bytes); 7117 ill_frag_prune(ill, 7118 (ipst->ips_ip_reass_queue_bytes < msg_len) ? 0 : 7119 (ipst->ips_ip_reass_queue_bytes - msg_len)); 7120 pruned = B_TRUE; 7121 } 7122 7123 ipfb = &ill->ill_frag_hash_tbl[ILL_FRAG_HASH(src, ident)]; 7124 mutex_enter(&ipfb->ipfb_lock); 7125 7126 ipfp = &ipfb->ipfb_ipf; 7127 /* Try to find an existing fragment queue for this packet. */ 7128 for (;;) { 7129 ipf = ipfp[0]; 7130 if (ipf != NULL) { 7131 /* 7132 * It has to match on ident and src/dst address. 7133 */ 7134 if (ipf->ipf_ident == ident && 7135 ipf->ipf_src == src && 7136 ipf->ipf_dst == dst && 7137 ipf->ipf_protocol == proto) { 7138 /* 7139 * If we have received too many 7140 * duplicate fragments for this packet 7141 * free it. 7142 */ 7143 if (ipf->ipf_num_dups > ip_max_frag_dups) { 7144 ill_frag_free_pkts(ill, ipfb, ipf, 1); 7145 freemsg(mp); 7146 mutex_exit(&ipfb->ipfb_lock); 7147 return (NULL); 7148 } 7149 /* Found it. */ 7150 break; 7151 } 7152 ipfp = &ipf->ipf_hash_next; 7153 continue; 7154 } 7155 7156 /* 7157 * If we pruned the list, do we want to store this new 7158 * fragment?. We apply an optimization here based on the 7159 * fact that most fragments will be received in order. 7160 * So if the offset of this incoming fragment is zero, 7161 * it is the first fragment of a new packet. We will 7162 * keep it. Otherwise drop the fragment, as we have 7163 * probably pruned the packet already (since the 7164 * packet cannot be found). 7165 */ 7166 if (pruned && offset != 0) { 7167 mutex_exit(&ipfb->ipfb_lock); 7168 freemsg(mp); 7169 return (NULL); 7170 } 7171 7172 if (ipfb->ipfb_frag_pkts >= MAX_FRAG_PKTS(ipst)) { 7173 /* 7174 * Too many fragmented packets in this hash 7175 * bucket. Free the oldest. 7176 */ 7177 ill_frag_free_pkts(ill, ipfb, ipfb->ipfb_ipf, 1); 7178 } 7179 7180 /* New guy. Allocate a frag message. */ 7181 mp1 = allocb(sizeof (*ipf), BPRI_MED); 7182 if (mp1 == NULL) { 7183 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 7184 ip_drop_input("ipIfStatsInDiscards", mp, ill); 7185 freemsg(mp); 7186 reass_done: 7187 mutex_exit(&ipfb->ipfb_lock); 7188 return (NULL); 7189 } 7190 7191 BUMP_MIB(ill->ill_ip_mib, ipIfStatsReasmReqds); 7192 mp1->b_cont = mp; 7193 7194 /* Initialize the fragment header. */ 7195 ipf = (ipf_t *)mp1->b_rptr; 7196 ipf->ipf_mp = mp1; 7197 ipf->ipf_ptphn = ipfp; 7198 ipfp[0] = ipf; 7199 ipf->ipf_hash_next = NULL; 7200 ipf->ipf_ident = ident; 7201 ipf->ipf_protocol = proto; 7202 ipf->ipf_src = src; 7203 ipf->ipf_dst = dst; 7204 ipf->ipf_nf_hdr_len = 0; 7205 /* Record reassembly start time. */ 7206 ipf->ipf_timestamp = gethrestime_sec(); 7207 /* Record ipf generation and account for frag header */ 7208 ipf->ipf_gen = ill->ill_ipf_gen++; 7209 ipf->ipf_count = MBLKSIZE(mp1); 7210 ipf->ipf_last_frag_seen = B_FALSE; 7211 ipf->ipf_ecn = ecn_info; 7212 ipf->ipf_num_dups = 0; 7213 ipfb->ipfb_frag_pkts++; 7214 ipf->ipf_checksum = 0; 7215 ipf->ipf_checksum_flags = 0; 7216 7217 /* Store checksum value in fragment header */ 7218 if (sum_flags != 0) { 7219 sum_val = (sum_val & 0xFFFF) + (sum_val >> 16); 7220 sum_val = (sum_val & 0xFFFF) + (sum_val >> 16); 7221 ipf->ipf_checksum = sum_val; 7222 ipf->ipf_checksum_flags = sum_flags; 7223 } 7224 7225 /* 7226 * We handle reassembly two ways. In the easy case, 7227 * where all the fragments show up in order, we do 7228 * minimal bookkeeping, and just clip new pieces on 7229 * the end. If we ever see a hole, then we go off 7230 * to ip_reassemble which has to mark the pieces and 7231 * keep track of the number of holes, etc. Obviously, 7232 * the point of having both mechanisms is so we can 7233 * handle the easy case as efficiently as possible. 7234 */ 7235 if (offset == 0) { 7236 /* Easy case, in-order reassembly so far. */ 7237 ipf->ipf_count += msg_len; 7238 ipf->ipf_tail_mp = tail_mp; 7239 /* 7240 * Keep track of next expected offset in 7241 * ipf_end. 7242 */ 7243 ipf->ipf_end = end; 7244 ipf->ipf_nf_hdr_len = hdr_length; 7245 } else { 7246 /* Hard case, hole at the beginning. */ 7247 ipf->ipf_tail_mp = NULL; 7248 /* 7249 * ipf_end == 0 means that we have given up 7250 * on easy reassembly. 7251 */ 7252 ipf->ipf_end = 0; 7253 7254 /* Forget checksum offload from now on */ 7255 ipf->ipf_checksum_flags = 0; 7256 7257 /* 7258 * ipf_hole_cnt is set by ip_reassemble. 7259 * ipf_count is updated by ip_reassemble. 7260 * No need to check for return value here 7261 * as we don't expect reassembly to complete 7262 * or fail for the first fragment itself. 7263 */ 7264 (void) ip_reassemble(mp, ipf, 7265 (frag_offset_flags & IPH_OFFSET) << 3, 7266 (frag_offset_flags & IPH_MF), ill, msg_len); 7267 } 7268 /* Update per ipfb and ill byte counts */ 7269 ipfb->ipfb_count += ipf->ipf_count; 7270 ASSERT(ipfb->ipfb_count > 0); /* Wraparound */ 7271 atomic_add_32(&ill->ill_frag_count, ipf->ipf_count); 7272 /* If the frag timer wasn't already going, start it. */ 7273 mutex_enter(&ill->ill_lock); 7274 ill_frag_timer_start(ill); 7275 mutex_exit(&ill->ill_lock); 7276 goto reass_done; 7277 } 7278 7279 /* 7280 * If the packet's flag has changed (it could be coming up 7281 * from an interface different than the previous, therefore 7282 * possibly different checksum capability), then forget about 7283 * any stored checksum states. Otherwise add the value to 7284 * the existing one stored in the fragment header. 7285 */ 7286 if (sum_flags != 0 && sum_flags == ipf->ipf_checksum_flags) { 7287 sum_val += ipf->ipf_checksum; 7288 sum_val = (sum_val & 0xFFFF) + (sum_val >> 16); 7289 sum_val = (sum_val & 0xFFFF) + (sum_val >> 16); 7290 ipf->ipf_checksum = sum_val; 7291 } else if (ipf->ipf_checksum_flags != 0) { 7292 /* Forget checksum offload from now on */ 7293 ipf->ipf_checksum_flags = 0; 7294 } 7295 7296 /* 7297 * We have a new piece of a datagram which is already being 7298 * reassembled. Update the ECN info if all IP fragments 7299 * are ECN capable. If there is one which is not, clear 7300 * all the info. If there is at least one which has CE 7301 * code point, IP needs to report that up to transport. 7302 */ 7303 if (ecn_info != IPH_ECN_NECT && ipf->ipf_ecn != IPH_ECN_NECT) { 7304 if (ecn_info == IPH_ECN_CE) 7305 ipf->ipf_ecn = IPH_ECN_CE; 7306 } else { 7307 ipf->ipf_ecn = IPH_ECN_NECT; 7308 } 7309 if (offset && ipf->ipf_end == offset) { 7310 /* The new fragment fits at the end */ 7311 ipf->ipf_tail_mp->b_cont = mp; 7312 /* Update the byte count */ 7313 ipf->ipf_count += msg_len; 7314 /* Update per ipfb and ill byte counts */ 7315 ipfb->ipfb_count += msg_len; 7316 ASSERT(ipfb->ipfb_count > 0); /* Wraparound */ 7317 atomic_add_32(&ill->ill_frag_count, msg_len); 7318 if (frag_offset_flags & IPH_MF) { 7319 /* More to come. */ 7320 ipf->ipf_end = end; 7321 ipf->ipf_tail_mp = tail_mp; 7322 goto reass_done; 7323 } 7324 } else { 7325 /* Go do the hard cases. */ 7326 int ret; 7327 7328 if (offset == 0) 7329 ipf->ipf_nf_hdr_len = hdr_length; 7330 7331 /* Save current byte count */ 7332 count = ipf->ipf_count; 7333 ret = ip_reassemble(mp, ipf, 7334 (frag_offset_flags & IPH_OFFSET) << 3, 7335 (frag_offset_flags & IPH_MF), ill, msg_len); 7336 /* Count of bytes added and subtracted (freeb()ed) */ 7337 count = ipf->ipf_count - count; 7338 if (count) { 7339 /* Update per ipfb and ill byte counts */ 7340 ipfb->ipfb_count += count; 7341 ASSERT(ipfb->ipfb_count > 0); /* Wraparound */ 7342 atomic_add_32(&ill->ill_frag_count, count); 7343 } 7344 if (ret == IP_REASS_PARTIAL) { 7345 goto reass_done; 7346 } else if (ret == IP_REASS_FAILED) { 7347 /* Reassembly failed. Free up all resources */ 7348 ill_frag_free_pkts(ill, ipfb, ipf, 1); 7349 for (t_mp = mp; t_mp != NULL; t_mp = t_mp->b_cont) { 7350 IP_REASS_SET_START(t_mp, 0); 7351 IP_REASS_SET_END(t_mp, 0); 7352 } 7353 freemsg(mp); 7354 goto reass_done; 7355 } 7356 /* We will reach here iff 'ret' is IP_REASS_COMPLETE */ 7357 } 7358 /* 7359 * We have completed reassembly. Unhook the frag header from 7360 * the reassembly list. 7361 * 7362 * Before we free the frag header, record the ECN info 7363 * to report back to the transport. 7364 */ 7365 ecn_info = ipf->ipf_ecn; 7366 BUMP_MIB(ill->ill_ip_mib, ipIfStatsReasmOKs); 7367 ipfp = ipf->ipf_ptphn; 7368 7369 /* We need to supply these to caller */ 7370 if ((sum_flags = ipf->ipf_checksum_flags) != 0) 7371 sum_val = ipf->ipf_checksum; 7372 else 7373 sum_val = 0; 7374 7375 mp1 = ipf->ipf_mp; 7376 count = ipf->ipf_count; 7377 ipf = ipf->ipf_hash_next; 7378 if (ipf != NULL) 7379 ipf->ipf_ptphn = ipfp; 7380 ipfp[0] = ipf; 7381 atomic_add_32(&ill->ill_frag_count, -count); 7382 ASSERT(ipfb->ipfb_count >= count); 7383 ipfb->ipfb_count -= count; 7384 ipfb->ipfb_frag_pkts--; 7385 mutex_exit(&ipfb->ipfb_lock); 7386 /* Ditch the frag header. */ 7387 mp = mp1->b_cont; 7388 7389 freeb(mp1); 7390 7391 /* Restore original IP length in header. */ 7392 packet_size = (uint32_t)msgdsize(mp); 7393 if (packet_size > IP_MAXPACKET) { 7394 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors); 7395 ip_drop_input("Reassembled packet too large", mp, ill); 7396 freemsg(mp); 7397 return (NULL); 7398 } 7399 7400 if (DB_REF(mp) > 1) { 7401 mblk_t *mp2 = copymsg(mp); 7402 7403 if (mp2 == NULL) { 7404 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 7405 ip_drop_input("ipIfStatsInDiscards", mp, ill); 7406 freemsg(mp); 7407 return (NULL); 7408 } 7409 freemsg(mp); 7410 mp = mp2; 7411 } 7412 ipha = (ipha_t *)mp->b_rptr; 7413 7414 ipha->ipha_length = htons((uint16_t)packet_size); 7415 /* We're now complete, zip the frag state */ 7416 ipha->ipha_fragment_offset_and_flags = 0; 7417 /* Record the ECN info. */ 7418 ipha->ipha_type_of_service &= 0xFC; 7419 ipha->ipha_type_of_service |= ecn_info; 7420 7421 /* Update the receive attributes */ 7422 ira->ira_pktlen = packet_size; 7423 ira->ira_ip_hdr_length = IPH_HDR_LENGTH(ipha); 7424 7425 /* Reassembly is successful; set checksum information in packet */ 7426 DB_CKSUM16(mp) = (uint16_t)sum_val; 7427 DB_CKSUMFLAGS(mp) = sum_flags; 7428 DB_CKSUMSTART(mp) = ira->ira_ip_hdr_length; 7429 7430 return (mp); 7431 } 7432 7433 /* 7434 * Pullup function that should be used for IP input in order to 7435 * ensure we do not loose the L2 source address; we need the l2 source 7436 * address for IP_RECVSLLA and for ndp_input. 7437 * 7438 * We return either NULL or b_rptr. 7439 */ 7440 void * 7441 ip_pullup(mblk_t *mp, ssize_t len, ip_recv_attr_t *ira) 7442 { 7443 ill_t *ill = ira->ira_ill; 7444 7445 if (ip_rput_pullups++ == 0) { 7446 (void) mi_strlog(ill->ill_rq, 1, SL_ERROR|SL_TRACE, 7447 "ip_pullup: %s forced us to " 7448 " pullup pkt, hdr len %ld, hdr addr %p", 7449 ill->ill_name, len, (void *)mp->b_rptr); 7450 } 7451 if (!(ira->ira_flags & IRAF_L2SRC_SET)) 7452 ip_setl2src(mp, ira, ira->ira_rill); 7453 ASSERT(ira->ira_flags & IRAF_L2SRC_SET); 7454 if (!pullupmsg(mp, len)) 7455 return (NULL); 7456 else 7457 return (mp->b_rptr); 7458 } 7459 7460 /* 7461 * Make sure ira_l2src has an address. If we don't have one fill with zeros. 7462 * When called from the ULP ira_rill will be NULL hence the caller has to 7463 * pass in the ill. 7464 */ 7465 /* ARGSUSED */ 7466 void 7467 ip_setl2src(mblk_t *mp, ip_recv_attr_t *ira, ill_t *ill) 7468 { 7469 const uchar_t *addr; 7470 int alen; 7471 7472 if (ira->ira_flags & IRAF_L2SRC_SET) 7473 return; 7474 7475 ASSERT(ill != NULL); 7476 alen = ill->ill_phys_addr_length; 7477 ASSERT(alen <= sizeof (ira->ira_l2src)); 7478 if (ira->ira_mhip != NULL && 7479 (addr = ira->ira_mhip->mhi_saddr) != NULL) { 7480 bcopy(addr, ira->ira_l2src, alen); 7481 } else if ((ira->ira_flags & IRAF_L2SRC_LOOPBACK) && 7482 (addr = ill->ill_phys_addr) != NULL) { 7483 bcopy(addr, ira->ira_l2src, alen); 7484 } else { 7485 bzero(ira->ira_l2src, alen); 7486 } 7487 ira->ira_flags |= IRAF_L2SRC_SET; 7488 } 7489 7490 /* 7491 * check ip header length and align it. 7492 */ 7493 mblk_t * 7494 ip_check_and_align_header(mblk_t *mp, uint_t min_size, ip_recv_attr_t *ira) 7495 { 7496 ill_t *ill = ira->ira_ill; 7497 ssize_t len; 7498 7499 len = MBLKL(mp); 7500 7501 if (!OK_32PTR(mp->b_rptr)) 7502 IP_STAT(ill->ill_ipst, ip_notaligned); 7503 else 7504 IP_STAT(ill->ill_ipst, ip_recv_pullup); 7505 7506 /* Guard against bogus device drivers */ 7507 if (len < 0) { 7508 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors); 7509 ip_drop_input("ipIfStatsInHdrErrors", mp, ill); 7510 freemsg(mp); 7511 return (NULL); 7512 } 7513 7514 if (len == 0) { 7515 /* GLD sometimes sends up mblk with b_rptr == b_wptr! */ 7516 mblk_t *mp1 = mp->b_cont; 7517 7518 if (!(ira->ira_flags & IRAF_L2SRC_SET)) 7519 ip_setl2src(mp, ira, ira->ira_rill); 7520 ASSERT(ira->ira_flags & IRAF_L2SRC_SET); 7521 7522 freeb(mp); 7523 mp = mp1; 7524 if (mp == NULL) 7525 return (NULL); 7526 7527 if (OK_32PTR(mp->b_rptr) && MBLKL(mp) >= min_size) 7528 return (mp); 7529 } 7530 if (ip_pullup(mp, min_size, ira) == NULL) { 7531 if (msgdsize(mp) < min_size) { 7532 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors); 7533 ip_drop_input("ipIfStatsInHdrErrors", mp, ill); 7534 } else { 7535 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 7536 ip_drop_input("ipIfStatsInDiscards", mp, ill); 7537 } 7538 freemsg(mp); 7539 return (NULL); 7540 } 7541 return (mp); 7542 } 7543 7544 /* 7545 * Common code for IPv4 and IPv6 to check and pullup multi-mblks 7546 */ 7547 mblk_t * 7548 ip_check_length(mblk_t *mp, uchar_t *rptr, ssize_t len, uint_t pkt_len, 7549 uint_t min_size, ip_recv_attr_t *ira) 7550 { 7551 ill_t *ill = ira->ira_ill; 7552 7553 /* 7554 * Make sure we have data length consistent 7555 * with the IP header. 7556 */ 7557 if (mp->b_cont == NULL) { 7558 /* pkt_len is based on ipha_len, not the mblk length */ 7559 if (pkt_len < min_size) { 7560 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors); 7561 ip_drop_input("ipIfStatsInHdrErrors", mp, ill); 7562 freemsg(mp); 7563 return (NULL); 7564 } 7565 if (len < 0) { 7566 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts); 7567 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill); 7568 freemsg(mp); 7569 return (NULL); 7570 } 7571 /* Drop any pad */ 7572 mp->b_wptr = rptr + pkt_len; 7573 } else if ((len += msgdsize(mp->b_cont)) != 0) { 7574 ASSERT(pkt_len >= min_size); 7575 if (pkt_len < min_size) { 7576 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors); 7577 ip_drop_input("ipIfStatsInHdrErrors", mp, ill); 7578 freemsg(mp); 7579 return (NULL); 7580 } 7581 if (len < 0) { 7582 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts); 7583 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill); 7584 freemsg(mp); 7585 return (NULL); 7586 } 7587 /* Drop any pad */ 7588 (void) adjmsg(mp, -len); 7589 /* 7590 * adjmsg may have freed an mblk from the chain, hence 7591 * invalidate any hw checksum here. This will force IP to 7592 * calculate the checksum in sw, but only for this packet. 7593 */ 7594 DB_CKSUMFLAGS(mp) = 0; 7595 IP_STAT(ill->ill_ipst, ip_multimblk); 7596 } 7597 return (mp); 7598 } 7599 7600 /* 7601 * Check that the IPv4 opt_len is consistent with the packet and pullup 7602 * the options. 7603 */ 7604 mblk_t * 7605 ip_check_optlen(mblk_t *mp, ipha_t *ipha, uint_t opt_len, uint_t pkt_len, 7606 ip_recv_attr_t *ira) 7607 { 7608 ill_t *ill = ira->ira_ill; 7609 ssize_t len; 7610 7611 /* Assume no IPv6 packets arrive over the IPv4 queue */ 7612 if (IPH_HDR_VERSION(ipha) != IPV4_VERSION) { 7613 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors); 7614 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInWrongIPVersion); 7615 ip_drop_input("IPvN packet on IPv4 ill", mp, ill); 7616 freemsg(mp); 7617 return (NULL); 7618 } 7619 7620 if (opt_len > (15 - IP_SIMPLE_HDR_LENGTH_IN_WORDS)) { 7621 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors); 7622 ip_drop_input("ipIfStatsInHdrErrors", mp, ill); 7623 freemsg(mp); 7624 return (NULL); 7625 } 7626 /* 7627 * Recompute complete header length and make sure we 7628 * have access to all of it. 7629 */ 7630 len = ((size_t)opt_len + IP_SIMPLE_HDR_LENGTH_IN_WORDS) << 2; 7631 if (len > (mp->b_wptr - mp->b_rptr)) { 7632 if (len > pkt_len) { 7633 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors); 7634 ip_drop_input("ipIfStatsInHdrErrors", mp, ill); 7635 freemsg(mp); 7636 return (NULL); 7637 } 7638 if (ip_pullup(mp, len, ira) == NULL) { 7639 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 7640 ip_drop_input("ipIfStatsInDiscards", mp, ill); 7641 freemsg(mp); 7642 return (NULL); 7643 } 7644 } 7645 return (mp); 7646 } 7647 7648 /* 7649 * Returns a new ire, or the same ire, or NULL. 7650 * If a different IRE is returned, then it is held; the caller 7651 * needs to release it. 7652 * In no case is there any hold/release on the ire argument. 7653 */ 7654 ire_t * 7655 ip_check_multihome(void *addr, ire_t *ire, ill_t *ill) 7656 { 7657 ire_t *new_ire; 7658 ill_t *ire_ill; 7659 uint_t ifindex; 7660 ip_stack_t *ipst = ill->ill_ipst; 7661 boolean_t strict_check = B_FALSE; 7662 7663 /* 7664 * IPMP common case: if IRE and ILL are in the same group, there's no 7665 * issue (e.g. packet received on an underlying interface matched an 7666 * IRE_LOCAL on its associated group interface). 7667 */ 7668 ASSERT(ire->ire_ill != NULL); 7669 if (IS_IN_SAME_ILLGRP(ill, ire->ire_ill)) 7670 return (ire); 7671 7672 /* 7673 * Do another ire lookup here, using the ingress ill, to see if the 7674 * interface is in a usesrc group. 7675 * As long as the ills belong to the same group, we don't consider 7676 * them to be arriving on the wrong interface. Thus, if the switch 7677 * is doing inbound load spreading, we won't drop packets when the 7678 * ip*_strict_dst_multihoming switch is on. 7679 * We also need to check for IPIF_UNNUMBERED point2point interfaces 7680 * where the local address may not be unique. In this case we were 7681 * at the mercy of the initial ire lookup and the IRE_LOCAL it 7682 * actually returned. The new lookup, which is more specific, should 7683 * only find the IRE_LOCAL associated with the ingress ill if one 7684 * exists. 7685 */ 7686 if (ire->ire_ipversion == IPV4_VERSION) { 7687 if (ipst->ips_ip_strict_dst_multihoming) 7688 strict_check = B_TRUE; 7689 new_ire = ire_ftable_lookup_v4(*((ipaddr_t *)addr), 0, 0, 7690 IRE_LOCAL, ill, ALL_ZONES, NULL, 7691 (MATCH_IRE_TYPE|MATCH_IRE_ILL), 0, ipst, NULL); 7692 } else { 7693 ASSERT(!IN6_IS_ADDR_MULTICAST((in6_addr_t *)addr)); 7694 if (ipst->ips_ipv6_strict_dst_multihoming) 7695 strict_check = B_TRUE; 7696 new_ire = ire_ftable_lookup_v6((in6_addr_t *)addr, NULL, NULL, 7697 IRE_LOCAL, ill, ALL_ZONES, NULL, 7698 (MATCH_IRE_TYPE|MATCH_IRE_ILL), 0, ipst, NULL); 7699 } 7700 /* 7701 * If the same ire that was returned in ip_input() is found then this 7702 * is an indication that usesrc groups are in use. The packet 7703 * arrived on a different ill in the group than the one associated with 7704 * the destination address. If a different ire was found then the same 7705 * IP address must be hosted on multiple ills. This is possible with 7706 * unnumbered point2point interfaces. We switch to use this new ire in 7707 * order to have accurate interface statistics. 7708 */ 7709 if (new_ire != NULL) { 7710 /* Note: held in one case but not the other? Caller handles */ 7711 if (new_ire != ire) 7712 return (new_ire); 7713 /* Unchanged */ 7714 ire_refrele(new_ire); 7715 return (ire); 7716 } 7717 7718 /* 7719 * Chase pointers once and store locally. 7720 */ 7721 ASSERT(ire->ire_ill != NULL); 7722 ire_ill = ire->ire_ill; 7723 ifindex = ill->ill_usesrc_ifindex; 7724 7725 /* 7726 * Check if it's a legal address on the 'usesrc' interface. 7727 * For IPMP data addresses the IRE_LOCAL is the upper, hence we 7728 * can just check phyint_ifindex. 7729 */ 7730 if (ifindex != 0 && ifindex == ire_ill->ill_phyint->phyint_ifindex) { 7731 return (ire); 7732 } 7733 7734 /* 7735 * If the ip*_strict_dst_multihoming switch is on then we can 7736 * only accept this packet if the interface is marked as routing. 7737 */ 7738 if (!(strict_check)) 7739 return (ire); 7740 7741 if ((ill->ill_flags & ire->ire_ill->ill_flags & ILLF_ROUTER) != 0) { 7742 return (ire); 7743 } 7744 return (NULL); 7745 } 7746 7747 /* 7748 * This function is used to construct a mac_header_info_s from a 7749 * DL_UNITDATA_IND message. 7750 * The address fields in the mhi structure points into the message, 7751 * thus the caller can't use those fields after freeing the message. 7752 * 7753 * We determine whether the packet received is a non-unicast packet 7754 * and in doing so, determine whether or not it is broadcast vs multicast. 7755 * For it to be a broadcast packet, we must have the appropriate mblk_t 7756 * hanging off the ill_t. If this is either not present or doesn't match 7757 * the destination mac address in the DL_UNITDATA_IND, the packet is deemed 7758 * to be multicast. Thus NICs that have no broadcast address (or no 7759 * capability for one, such as point to point links) cannot return as 7760 * the packet being broadcast. 7761 */ 7762 void 7763 ip_dlur_to_mhi(ill_t *ill, mblk_t *mb, struct mac_header_info_s *mhip) 7764 { 7765 dl_unitdata_ind_t *ind = (dl_unitdata_ind_t *)mb->b_rptr; 7766 mblk_t *bmp; 7767 uint_t extra_offset; 7768 7769 bzero(mhip, sizeof (struct mac_header_info_s)); 7770 7771 mhip->mhi_dsttype = MAC_ADDRTYPE_UNICAST; 7772 7773 if (ill->ill_sap_length < 0) 7774 extra_offset = 0; 7775 else 7776 extra_offset = ill->ill_sap_length; 7777 7778 mhip->mhi_daddr = (uchar_t *)ind + ind->dl_dest_addr_offset + 7779 extra_offset; 7780 mhip->mhi_saddr = (uchar_t *)ind + ind->dl_src_addr_offset + 7781 extra_offset; 7782 7783 if (!ind->dl_group_address) 7784 return; 7785 7786 /* Multicast or broadcast */ 7787 mhip->mhi_dsttype = MAC_ADDRTYPE_MULTICAST; 7788 7789 if (ind->dl_dest_addr_offset > sizeof (*ind) && 7790 ind->dl_dest_addr_offset + ind->dl_dest_addr_length < MBLKL(mb) && 7791 (bmp = ill->ill_bcast_mp) != NULL) { 7792 dl_unitdata_req_t *dlur; 7793 uint8_t *bphys_addr; 7794 7795 dlur = (dl_unitdata_req_t *)bmp->b_rptr; 7796 bphys_addr = (uchar_t *)dlur + dlur->dl_dest_addr_offset + 7797 extra_offset; 7798 7799 if (bcmp(mhip->mhi_daddr, bphys_addr, 7800 ind->dl_dest_addr_length) == 0) 7801 mhip->mhi_dsttype = MAC_ADDRTYPE_BROADCAST; 7802 } 7803 } 7804 7805 /* 7806 * This function is used to construct a mac_header_info_s from a 7807 * M_DATA fastpath message from a DLPI driver. 7808 * The address fields in the mhi structure points into the message, 7809 * thus the caller can't use those fields after freeing the message. 7810 * 7811 * We determine whether the packet received is a non-unicast packet 7812 * and in doing so, determine whether or not it is broadcast vs multicast. 7813 * For it to be a broadcast packet, we must have the appropriate mblk_t 7814 * hanging off the ill_t. If this is either not present or doesn't match 7815 * the destination mac address in the DL_UNITDATA_IND, the packet is deemed 7816 * to be multicast. Thus NICs that have no broadcast address (or no 7817 * capability for one, such as point to point links) cannot return as 7818 * the packet being broadcast. 7819 */ 7820 void 7821 ip_mdata_to_mhi(ill_t *ill, mblk_t *mp, struct mac_header_info_s *mhip) 7822 { 7823 mblk_t *bmp; 7824 struct ether_header *pether; 7825 7826 bzero(mhip, sizeof (struct mac_header_info_s)); 7827 7828 mhip->mhi_dsttype = MAC_ADDRTYPE_UNICAST; 7829 7830 pether = (struct ether_header *)((char *)mp->b_rptr 7831 - sizeof (struct ether_header)); 7832 7833 /* 7834 * Make sure the interface is an ethernet type, since we don't 7835 * know the header format for anything but Ethernet. Also make 7836 * sure we are pointing correctly above db_base. 7837 */ 7838 if (ill->ill_type != IFT_ETHER) 7839 return; 7840 7841 retry: 7842 if ((uchar_t *)pether < mp->b_datap->db_base) 7843 return; 7844 7845 /* Is there a VLAN tag? */ 7846 if (ill->ill_isv6) { 7847 if (pether->ether_type != htons(ETHERTYPE_IPV6)) { 7848 pether = (struct ether_header *)((char *)pether - 4); 7849 goto retry; 7850 } 7851 } else { 7852 if (pether->ether_type != htons(ETHERTYPE_IP)) { 7853 pether = (struct ether_header *)((char *)pether - 4); 7854 goto retry; 7855 } 7856 } 7857 mhip->mhi_daddr = (uchar_t *)&pether->ether_dhost; 7858 mhip->mhi_saddr = (uchar_t *)&pether->ether_shost; 7859 7860 if (!(mhip->mhi_daddr[0] & 0x01)) 7861 return; 7862 7863 /* Multicast or broadcast */ 7864 mhip->mhi_dsttype = MAC_ADDRTYPE_MULTICAST; 7865 7866 if ((bmp = ill->ill_bcast_mp) != NULL) { 7867 dl_unitdata_req_t *dlur; 7868 uint8_t *bphys_addr; 7869 uint_t addrlen; 7870 7871 dlur = (dl_unitdata_req_t *)bmp->b_rptr; 7872 addrlen = dlur->dl_dest_addr_length; 7873 if (ill->ill_sap_length < 0) { 7874 bphys_addr = (uchar_t *)dlur + 7875 dlur->dl_dest_addr_offset; 7876 addrlen += ill->ill_sap_length; 7877 } else { 7878 bphys_addr = (uchar_t *)dlur + 7879 dlur->dl_dest_addr_offset + 7880 ill->ill_sap_length; 7881 addrlen -= ill->ill_sap_length; 7882 } 7883 if (bcmp(mhip->mhi_daddr, bphys_addr, addrlen) == 0) 7884 mhip->mhi_dsttype = MAC_ADDRTYPE_BROADCAST; 7885 } 7886 } 7887 7888 /* 7889 * Handle anything but M_DATA messages 7890 * We see the DL_UNITDATA_IND which are part 7891 * of the data path, and also the other messages from the driver. 7892 */ 7893 void 7894 ip_rput_notdata(ill_t *ill, mblk_t *mp) 7895 { 7896 mblk_t *first_mp; 7897 struct iocblk *iocp; 7898 struct mac_header_info_s mhi; 7899 7900 switch (DB_TYPE(mp)) { 7901 case M_PROTO: 7902 case M_PCPROTO: { 7903 if (((dl_unitdata_ind_t *)mp->b_rptr)->dl_primitive != 7904 DL_UNITDATA_IND) { 7905 /* Go handle anything other than data elsewhere. */ 7906 ip_rput_dlpi(ill, mp); 7907 return; 7908 } 7909 7910 first_mp = mp; 7911 mp = first_mp->b_cont; 7912 first_mp->b_cont = NULL; 7913 7914 if (mp == NULL) { 7915 freeb(first_mp); 7916 return; 7917 } 7918 ip_dlur_to_mhi(ill, first_mp, &mhi); 7919 if (ill->ill_isv6) 7920 ip_input_v6(ill, NULL, mp, &mhi); 7921 else 7922 ip_input(ill, NULL, mp, &mhi); 7923 7924 /* Ditch the DLPI header. */ 7925 freeb(first_mp); 7926 return; 7927 } 7928 case M_IOCACK: 7929 iocp = (struct iocblk *)mp->b_rptr; 7930 switch (iocp->ioc_cmd) { 7931 case DL_IOC_HDR_INFO: 7932 ill_fastpath_ack(ill, mp); 7933 return; 7934 default: 7935 putnext(ill->ill_rq, mp); 7936 return; 7937 } 7938 /* FALLTHRU */ 7939 case M_ERROR: 7940 case M_HANGUP: 7941 mutex_enter(&ill->ill_lock); 7942 if (ill->ill_state_flags & ILL_CONDEMNED) { 7943 mutex_exit(&ill->ill_lock); 7944 freemsg(mp); 7945 return; 7946 } 7947 ill_refhold_locked(ill); 7948 mutex_exit(&ill->ill_lock); 7949 qwriter_ip(ill, ill->ill_rq, mp, ip_rput_other, CUR_OP, 7950 B_FALSE); 7951 return; 7952 case M_CTL: 7953 putnext(ill->ill_rq, mp); 7954 return; 7955 case M_IOCNAK: 7956 ip1dbg(("got iocnak ")); 7957 iocp = (struct iocblk *)mp->b_rptr; 7958 switch (iocp->ioc_cmd) { 7959 case DL_IOC_HDR_INFO: 7960 ip_rput_other(NULL, ill->ill_rq, mp, NULL); 7961 return; 7962 default: 7963 break; 7964 } 7965 /* FALLTHRU */ 7966 default: 7967 putnext(ill->ill_rq, mp); 7968 return; 7969 } 7970 } 7971 7972 /* Read side put procedure. Packets coming from the wire arrive here. */ 7973 void 7974 ip_rput(queue_t *q, mblk_t *mp) 7975 { 7976 ill_t *ill; 7977 union DL_primitives *dl; 7978 7979 ill = (ill_t *)q->q_ptr; 7980 7981 if (ill->ill_state_flags & (ILL_CONDEMNED | ILL_LL_SUBNET_PENDING)) { 7982 /* 7983 * If things are opening or closing, only accept high-priority 7984 * DLPI messages. (On open ill->ill_ipif has not yet been 7985 * created; on close, things hanging off the ill may have been 7986 * freed already.) 7987 */ 7988 dl = (union DL_primitives *)mp->b_rptr; 7989 if (DB_TYPE(mp) != M_PCPROTO || 7990 dl->dl_primitive == DL_UNITDATA_IND) { 7991 inet_freemsg(mp); 7992 return; 7993 } 7994 } 7995 if (DB_TYPE(mp) == M_DATA) { 7996 struct mac_header_info_s mhi; 7997 7998 ip_mdata_to_mhi(ill, mp, &mhi); 7999 ip_input(ill, NULL, mp, &mhi); 8000 } else { 8001 ip_rput_notdata(ill, mp); 8002 } 8003 } 8004 8005 /* 8006 * Move the information to a copy. 8007 */ 8008 mblk_t * 8009 ip_fix_dbref(mblk_t *mp, ip_recv_attr_t *ira) 8010 { 8011 mblk_t *mp1; 8012 ill_t *ill = ira->ira_ill; 8013 ip_stack_t *ipst = ill->ill_ipst; 8014 8015 IP_STAT(ipst, ip_db_ref); 8016 8017 /* Make sure we have ira_l2src before we loose the original mblk */ 8018 if (!(ira->ira_flags & IRAF_L2SRC_SET)) 8019 ip_setl2src(mp, ira, ira->ira_rill); 8020 8021 mp1 = copymsg(mp); 8022 if (mp1 == NULL) { 8023 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 8024 ip_drop_input("ipIfStatsInDiscards", mp, ill); 8025 freemsg(mp); 8026 return (NULL); 8027 } 8028 /* preserve the hardware checksum flags and data, if present */ 8029 if (DB_CKSUMFLAGS(mp) != 0) { 8030 DB_CKSUMFLAGS(mp1) = DB_CKSUMFLAGS(mp); 8031 DB_CKSUMSTART(mp1) = DB_CKSUMSTART(mp); 8032 DB_CKSUMSTUFF(mp1) = DB_CKSUMSTUFF(mp); 8033 DB_CKSUMEND(mp1) = DB_CKSUMEND(mp); 8034 DB_CKSUM16(mp1) = DB_CKSUM16(mp); 8035 } 8036 freemsg(mp); 8037 return (mp1); 8038 } 8039 8040 static void 8041 ip_dlpi_error(ill_t *ill, t_uscalar_t prim, t_uscalar_t dl_err, 8042 t_uscalar_t err) 8043 { 8044 if (dl_err == DL_SYSERR) { 8045 (void) mi_strlog(ill->ill_rq, 1, SL_CONSOLE|SL_ERROR|SL_TRACE, 8046 "%s: %s failed: DL_SYSERR (errno %u)\n", 8047 ill->ill_name, dl_primstr(prim), err); 8048 return; 8049 } 8050 8051 (void) mi_strlog(ill->ill_rq, 1, SL_CONSOLE|SL_ERROR|SL_TRACE, 8052 "%s: %s failed: %s\n", ill->ill_name, dl_primstr(prim), 8053 dl_errstr(dl_err)); 8054 } 8055 8056 /* 8057 * ip_rput_dlpi is called by ip_rput to handle all DLPI messages other 8058 * than DL_UNITDATA_IND messages. If we need to process this message 8059 * exclusively, we call qwriter_ip, in which case we also need to call 8060 * ill_refhold before that, since qwriter_ip does an ill_refrele. 8061 */ 8062 void 8063 ip_rput_dlpi(ill_t *ill, mblk_t *mp) 8064 { 8065 dl_ok_ack_t *dloa = (dl_ok_ack_t *)mp->b_rptr; 8066 dl_error_ack_t *dlea = (dl_error_ack_t *)dloa; 8067 queue_t *q = ill->ill_rq; 8068 t_uscalar_t prim = dloa->dl_primitive; 8069 t_uscalar_t reqprim = DL_PRIM_INVAL; 8070 8071 DTRACE_PROBE3(ill__dlpi, char *, "ip_rput_dlpi", 8072 char *, dl_primstr(prim), ill_t *, ill); 8073 ip1dbg(("ip_rput_dlpi")); 8074 8075 /* 8076 * If we received an ACK but didn't send a request for it, then it 8077 * can't be part of any pending operation; discard up-front. 8078 */ 8079 switch (prim) { 8080 case DL_ERROR_ACK: 8081 reqprim = dlea->dl_error_primitive; 8082 ip2dbg(("ip_rput_dlpi(%s): DL_ERROR_ACK for %s (0x%x): %s " 8083 "(0x%x), unix %u\n", ill->ill_name, dl_primstr(reqprim), 8084 reqprim, dl_errstr(dlea->dl_errno), dlea->dl_errno, 8085 dlea->dl_unix_errno)); 8086 break; 8087 case DL_OK_ACK: 8088 reqprim = dloa->dl_correct_primitive; 8089 break; 8090 case DL_INFO_ACK: 8091 reqprim = DL_INFO_REQ; 8092 break; 8093 case DL_BIND_ACK: 8094 reqprim = DL_BIND_REQ; 8095 break; 8096 case DL_PHYS_ADDR_ACK: 8097 reqprim = DL_PHYS_ADDR_REQ; 8098 break; 8099 case DL_NOTIFY_ACK: 8100 reqprim = DL_NOTIFY_REQ; 8101 break; 8102 case DL_CAPABILITY_ACK: 8103 reqprim = DL_CAPABILITY_REQ; 8104 break; 8105 } 8106 8107 if (prim != DL_NOTIFY_IND) { 8108 if (reqprim == DL_PRIM_INVAL || 8109 !ill_dlpi_pending(ill, reqprim)) { 8110 /* Not a DLPI message we support or expected */ 8111 freemsg(mp); 8112 return; 8113 } 8114 ip1dbg(("ip_rput: received %s for %s\n", dl_primstr(prim), 8115 dl_primstr(reqprim))); 8116 } 8117 8118 switch (reqprim) { 8119 case DL_UNBIND_REQ: 8120 /* 8121 * NOTE: we mark the unbind as complete even if we got a 8122 * DL_ERROR_ACK, since there's not much else we can do. 8123 */ 8124 mutex_enter(&ill->ill_lock); 8125 ill->ill_state_flags &= ~ILL_DL_UNBIND_IN_PROGRESS; 8126 cv_signal(&ill->ill_cv); 8127 mutex_exit(&ill->ill_lock); 8128 break; 8129 8130 case DL_ENABMULTI_REQ: 8131 if (prim == DL_OK_ACK) { 8132 if (ill->ill_dlpi_multicast_state == IDS_INPROGRESS) 8133 ill->ill_dlpi_multicast_state = IDS_OK; 8134 } 8135 break; 8136 } 8137 8138 /* 8139 * The message is one we're waiting for (or DL_NOTIFY_IND), but we 8140 * need to become writer to continue to process it. Because an 8141 * exclusive operation doesn't complete until replies to all queued 8142 * DLPI messages have been received, we know we're in the middle of an 8143 * exclusive operation and pass CUR_OP (except for DL_NOTIFY_IND). 8144 * 8145 * As required by qwriter_ip(), we refhold the ill; it will refrele. 8146 * Since this is on the ill stream we unconditionally bump up the 8147 * refcount without doing ILL_CAN_LOOKUP(). 8148 */ 8149 ill_refhold(ill); 8150 if (prim == DL_NOTIFY_IND) 8151 qwriter_ip(ill, q, mp, ip_rput_dlpi_writer, NEW_OP, B_FALSE); 8152 else 8153 qwriter_ip(ill, q, mp, ip_rput_dlpi_writer, CUR_OP, B_FALSE); 8154 } 8155 8156 /* 8157 * Handling of DLPI messages that require exclusive access to the ipsq. 8158 * 8159 * Need to do ipsq_pending_mp_get on ioctl completion, which could 8160 * happen here. (along with mi_copy_done) 8161 */ 8162 /* ARGSUSED */ 8163 static void 8164 ip_rput_dlpi_writer(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *dummy_arg) 8165 { 8166 dl_ok_ack_t *dloa = (dl_ok_ack_t *)mp->b_rptr; 8167 dl_error_ack_t *dlea = (dl_error_ack_t *)dloa; 8168 int err = 0; 8169 ill_t *ill = (ill_t *)q->q_ptr; 8170 ipif_t *ipif = NULL; 8171 mblk_t *mp1 = NULL; 8172 conn_t *connp = NULL; 8173 t_uscalar_t paddrreq; 8174 mblk_t *mp_hw; 8175 boolean_t success; 8176 boolean_t ioctl_aborted = B_FALSE; 8177 boolean_t log = B_TRUE; 8178 8179 DTRACE_PROBE3(ill__dlpi, char *, "ip_rput_dlpi_writer", 8180 char *, dl_primstr(dloa->dl_primitive), ill_t *, ill); 8181 8182 ip1dbg(("ip_rput_dlpi_writer ..")); 8183 ASSERT(ipsq->ipsq_xop == ill->ill_phyint->phyint_ipsq->ipsq_xop); 8184 ASSERT(IAM_WRITER_ILL(ill)); 8185 8186 ipif = ipsq->ipsq_xop->ipx_pending_ipif; 8187 /* 8188 * The current ioctl could have been aborted by the user and a new 8189 * ioctl to bring up another ill could have started. We could still 8190 * get a response from the driver later. 8191 */ 8192 if (ipif != NULL && ipif->ipif_ill != ill) 8193 ioctl_aborted = B_TRUE; 8194 8195 switch (dloa->dl_primitive) { 8196 case DL_ERROR_ACK: 8197 ip1dbg(("ip_rput_dlpi_writer: got DL_ERROR_ACK for %s\n", 8198 dl_primstr(dlea->dl_error_primitive))); 8199 8200 DTRACE_PROBE3(ill__dlpi, char *, "ip_rput_dlpi_writer error", 8201 char *, dl_primstr(dlea->dl_error_primitive), 8202 ill_t *, ill); 8203 8204 switch (dlea->dl_error_primitive) { 8205 case DL_DISABMULTI_REQ: 8206 ill_dlpi_done(ill, dlea->dl_error_primitive); 8207 break; 8208 case DL_PROMISCON_REQ: 8209 case DL_PROMISCOFF_REQ: 8210 case DL_UNBIND_REQ: 8211 case DL_ATTACH_REQ: 8212 case DL_INFO_REQ: 8213 ill_dlpi_done(ill, dlea->dl_error_primitive); 8214 break; 8215 case DL_NOTIFY_REQ: 8216 ill_dlpi_done(ill, DL_NOTIFY_REQ); 8217 log = B_FALSE; 8218 break; 8219 case DL_PHYS_ADDR_REQ: 8220 /* 8221 * For IPv6 only, there are two additional 8222 * phys_addr_req's sent to the driver to get the 8223 * IPv6 token and lla. This allows IP to acquire 8224 * the hardware address format for a given interface 8225 * without having built in knowledge of the hardware 8226 * address. ill_phys_addr_pend keeps track of the last 8227 * DL_PAR sent so we know which response we are 8228 * dealing with. ill_dlpi_done will update 8229 * ill_phys_addr_pend when it sends the next req. 8230 * We don't complete the IOCTL until all three DL_PARs 8231 * have been attempted, so set *_len to 0 and break. 8232 */ 8233 paddrreq = ill->ill_phys_addr_pend; 8234 ill_dlpi_done(ill, DL_PHYS_ADDR_REQ); 8235 if (paddrreq == DL_IPV6_TOKEN) { 8236 ill->ill_token_length = 0; 8237 log = B_FALSE; 8238 break; 8239 } else if (paddrreq == DL_IPV6_LINK_LAYER_ADDR) { 8240 ill->ill_nd_lla_len = 0; 8241 log = B_FALSE; 8242 break; 8243 } 8244 /* 8245 * Something went wrong with the DL_PHYS_ADDR_REQ. 8246 * We presumably have an IOCTL hanging out waiting 8247 * for completion. Find it and complete the IOCTL 8248 * with the error noted. 8249 * However, ill_dl_phys was called on an ill queue 8250 * (from SIOCSLIFNAME), thus conn_pending_ill is not 8251 * set. But the ioctl is known to be pending on ill_wq. 8252 */ 8253 if (!ill->ill_ifname_pending) 8254 break; 8255 ill->ill_ifname_pending = 0; 8256 if (!ioctl_aborted) 8257 mp1 = ipsq_pending_mp_get(ipsq, &connp); 8258 if (mp1 != NULL) { 8259 /* 8260 * This operation (SIOCSLIFNAME) must have 8261 * happened on the ill. Assert there is no conn 8262 */ 8263 ASSERT(connp == NULL); 8264 q = ill->ill_wq; 8265 } 8266 break; 8267 case DL_BIND_REQ: 8268 ill_dlpi_done(ill, DL_BIND_REQ); 8269 if (ill->ill_ifname_pending) 8270 break; 8271 mutex_enter(&ill->ill_lock); 8272 ill->ill_state_flags &= ~ILL_DOWN_IN_PROGRESS; 8273 mutex_exit(&ill->ill_lock); 8274 /* 8275 * Something went wrong with the bind. We presumably 8276 * have an IOCTL hanging out waiting for completion. 8277 * Find it, take down the interface that was coming 8278 * up, and complete the IOCTL with the error noted. 8279 */ 8280 if (!ioctl_aborted) 8281 mp1 = ipsq_pending_mp_get(ipsq, &connp); 8282 if (mp1 != NULL) { 8283 /* 8284 * This might be a result of a DL_NOTE_REPLUMB 8285 * notification. In that case, connp is NULL. 8286 */ 8287 if (connp != NULL) 8288 q = CONNP_TO_WQ(connp); 8289 8290 (void) ipif_down(ipif, NULL, NULL); 8291 /* error is set below the switch */ 8292 } 8293 break; 8294 case DL_ENABMULTI_REQ: 8295 ill_dlpi_done(ill, DL_ENABMULTI_REQ); 8296 8297 if (ill->ill_dlpi_multicast_state == IDS_INPROGRESS) 8298 ill->ill_dlpi_multicast_state = IDS_FAILED; 8299 if (ill->ill_dlpi_multicast_state == IDS_FAILED) { 8300 8301 printf("ip: joining multicasts failed (%d)" 8302 " on %s - will use link layer " 8303 "broadcasts for multicast\n", 8304 dlea->dl_errno, ill->ill_name); 8305 8306 /* 8307 * Set up for multi_bcast; We are the 8308 * writer, so ok to access ill->ill_ipif 8309 * without any lock. 8310 */ 8311 mutex_enter(&ill->ill_phyint->phyint_lock); 8312 ill->ill_phyint->phyint_flags |= 8313 PHYI_MULTI_BCAST; 8314 mutex_exit(&ill->ill_phyint->phyint_lock); 8315 8316 } 8317 freemsg(mp); /* Don't want to pass this up */ 8318 return; 8319 case DL_CAPABILITY_REQ: 8320 ip1dbg(("ip_rput_dlpi_writer: got DL_ERROR_ACK for " 8321 "DL_CAPABILITY REQ\n")); 8322 if (ill->ill_dlpi_capab_state == IDCS_PROBE_SENT) 8323 ill->ill_dlpi_capab_state = IDCS_FAILED; 8324 ill_capability_done(ill); 8325 freemsg(mp); 8326 return; 8327 } 8328 /* 8329 * Note the error for IOCTL completion (mp1 is set when 8330 * ready to complete ioctl). If ill_ifname_pending_err is 8331 * set, an error occured during plumbing (ill_ifname_pending), 8332 * so we want to report that error. 8333 * 8334 * NOTE: there are two addtional DL_PHYS_ADDR_REQ's 8335 * (DL_IPV6_TOKEN and DL_IPV6_LINK_LAYER_ADDR) that are 8336 * expected to get errack'd if the driver doesn't support 8337 * these flags (e.g. ethernet). log will be set to B_FALSE 8338 * if these error conditions are encountered. 8339 */ 8340 if (mp1 != NULL) { 8341 if (ill->ill_ifname_pending_err != 0) { 8342 err = ill->ill_ifname_pending_err; 8343 ill->ill_ifname_pending_err = 0; 8344 } else { 8345 err = dlea->dl_unix_errno ? 8346 dlea->dl_unix_errno : ENXIO; 8347 } 8348 /* 8349 * If we're plumbing an interface and an error hasn't already 8350 * been saved, set ill_ifname_pending_err to the error passed 8351 * up. Ignore the error if log is B_FALSE (see comment above). 8352 */ 8353 } else if (log && ill->ill_ifname_pending && 8354 ill->ill_ifname_pending_err == 0) { 8355 ill->ill_ifname_pending_err = dlea->dl_unix_errno ? 8356 dlea->dl_unix_errno : ENXIO; 8357 } 8358 8359 if (log) 8360 ip_dlpi_error(ill, dlea->dl_error_primitive, 8361 dlea->dl_errno, dlea->dl_unix_errno); 8362 break; 8363 case DL_CAPABILITY_ACK: 8364 ill_capability_ack(ill, mp); 8365 /* 8366 * The message has been handed off to ill_capability_ack 8367 * and must not be freed below 8368 */ 8369 mp = NULL; 8370 break; 8371 8372 case DL_INFO_ACK: 8373 /* Call a routine to handle this one. */ 8374 ill_dlpi_done(ill, DL_INFO_REQ); 8375 ip_ll_subnet_defaults(ill, mp); 8376 ASSERT(!MUTEX_HELD(&ill->ill_phyint->phyint_ipsq->ipsq_lock)); 8377 return; 8378 case DL_BIND_ACK: 8379 /* 8380 * We should have an IOCTL waiting on this unless 8381 * sent by ill_dl_phys, in which case just return 8382 */ 8383 ill_dlpi_done(ill, DL_BIND_REQ); 8384 8385 if (ill->ill_ifname_pending) { 8386 DTRACE_PROBE2(ip__rput__dlpi__ifname__pending, 8387 ill_t *, ill, mblk_t *, mp); 8388 break; 8389 } 8390 mutex_enter(&ill->ill_lock); 8391 ill->ill_dl_up = 1; 8392 ill->ill_state_flags &= ~ILL_DOWN_IN_PROGRESS; 8393 mutex_exit(&ill->ill_lock); 8394 8395 if (!ioctl_aborted) 8396 mp1 = ipsq_pending_mp_get(ipsq, &connp); 8397 if (mp1 == NULL) { 8398 DTRACE_PROBE1(ip__rput__dlpi__no__mblk, ill_t *, ill); 8399 break; 8400 } 8401 /* 8402 * mp1 was added by ill_dl_up(). if that is a result of 8403 * a DL_NOTE_REPLUMB notification, connp could be NULL. 8404 */ 8405 if (connp != NULL) 8406 q = CONNP_TO_WQ(connp); 8407 /* 8408 * We are exclusive. So nothing can change even after 8409 * we get the pending mp. 8410 */ 8411 ip1dbg(("ip_rput_dlpi: bind_ack %s\n", ill->ill_name)); 8412 DTRACE_PROBE1(ip__rput__dlpi__bind__ack, ill_t *, ill); 8413 ill_nic_event_dispatch(ill, 0, NE_UP, NULL, 0); 8414 8415 /* 8416 * Now bring up the resolver; when that is complete, we'll 8417 * create IREs. Note that we intentionally mirror what 8418 * ipif_up() would have done, because we got here by way of 8419 * ill_dl_up(), which stopped ipif_up()'s processing. 8420 */ 8421 if (ill->ill_isv6) { 8422 /* 8423 * v6 interfaces. 8424 * Unlike ARP which has to do another bind 8425 * and attach, once we get here we are 8426 * done with NDP 8427 */ 8428 (void) ipif_resolver_up(ipif, Res_act_initial); 8429 if ((err = ipif_ndp_up(ipif, B_TRUE)) == 0) 8430 err = ipif_up_done_v6(ipif); 8431 } else if (ill->ill_net_type == IRE_IF_RESOLVER) { 8432 /* 8433 * ARP and other v4 external resolvers. 8434 * Leave the pending mblk intact so that 8435 * the ioctl completes in ip_rput(). 8436 */ 8437 if (connp != NULL) 8438 mutex_enter(&connp->conn_lock); 8439 mutex_enter(&ill->ill_lock); 8440 success = ipsq_pending_mp_add(connp, ipif, q, mp1, 0); 8441 mutex_exit(&ill->ill_lock); 8442 if (connp != NULL) 8443 mutex_exit(&connp->conn_lock); 8444 if (success) { 8445 err = ipif_resolver_up(ipif, Res_act_initial); 8446 if (err == EINPROGRESS) { 8447 freemsg(mp); 8448 return; 8449 } 8450 mp1 = ipsq_pending_mp_get(ipsq, &connp); 8451 } else { 8452 /* The conn has started closing */ 8453 err = EINTR; 8454 } 8455 } else { 8456 /* 8457 * This one is complete. Reply to pending ioctl. 8458 */ 8459 (void) ipif_resolver_up(ipif, Res_act_initial); 8460 err = ipif_up_done(ipif); 8461 } 8462 8463 if ((err == 0) && (ill->ill_up_ipifs)) { 8464 err = ill_up_ipifs(ill, q, mp1); 8465 if (err == EINPROGRESS) { 8466 freemsg(mp); 8467 return; 8468 } 8469 } 8470 8471 /* 8472 * If we have a moved ipif to bring up, and everything has 8473 * succeeded to this point, bring it up on the IPMP ill. 8474 * Otherwise, leave it down -- the admin can try to bring it 8475 * up by hand if need be. 8476 */ 8477 if (ill->ill_move_ipif != NULL) { 8478 if (err != 0) { 8479 ill->ill_move_ipif = NULL; 8480 } else { 8481 ipif = ill->ill_move_ipif; 8482 ill->ill_move_ipif = NULL; 8483 err = ipif_up(ipif, q, mp1); 8484 if (err == EINPROGRESS) { 8485 freemsg(mp); 8486 return; 8487 } 8488 } 8489 } 8490 break; 8491 8492 case DL_NOTIFY_IND: { 8493 dl_notify_ind_t *notify = (dl_notify_ind_t *)mp->b_rptr; 8494 uint_t orig_mtu, orig_mc_mtu; 8495 8496 switch (notify->dl_notification) { 8497 case DL_NOTE_PHYS_ADDR: 8498 err = ill_set_phys_addr(ill, mp); 8499 break; 8500 8501 case DL_NOTE_REPLUMB: 8502 /* 8503 * Directly return after calling ill_replumb(). 8504 * Note that we should not free mp as it is reused 8505 * in the ill_replumb() function. 8506 */ 8507 err = ill_replumb(ill, mp); 8508 return; 8509 8510 case DL_NOTE_FASTPATH_FLUSH: 8511 nce_flush(ill, B_FALSE); 8512 break; 8513 8514 case DL_NOTE_SDU_SIZE: 8515 case DL_NOTE_SDU_SIZE2: 8516 /* 8517 * The dce and fragmentation code can cope with 8518 * this changing while packets are being sent. 8519 * When packets are sent ip_output will discover 8520 * a change. 8521 * 8522 * Change the MTU size of the interface. 8523 */ 8524 mutex_enter(&ill->ill_lock); 8525 orig_mtu = ill->ill_mtu; 8526 orig_mc_mtu = ill->ill_mc_mtu; 8527 switch (notify->dl_notification) { 8528 case DL_NOTE_SDU_SIZE: 8529 ill->ill_current_frag = 8530 (uint_t)notify->dl_data; 8531 ill->ill_mc_mtu = (uint_t)notify->dl_data; 8532 break; 8533 case DL_NOTE_SDU_SIZE2: 8534 ill->ill_current_frag = 8535 (uint_t)notify->dl_data1; 8536 ill->ill_mc_mtu = (uint_t)notify->dl_data2; 8537 break; 8538 } 8539 if (ill->ill_current_frag > ill->ill_max_frag) 8540 ill->ill_max_frag = ill->ill_current_frag; 8541 8542 if (!(ill->ill_flags & ILLF_FIXEDMTU)) { 8543 ill->ill_mtu = ill->ill_current_frag; 8544 8545 /* 8546 * If ill_user_mtu was set (via 8547 * SIOCSLIFLNKINFO), clamp ill_mtu at it. 8548 */ 8549 if (ill->ill_user_mtu != 0 && 8550 ill->ill_user_mtu < ill->ill_mtu) 8551 ill->ill_mtu = ill->ill_user_mtu; 8552 8553 if (ill->ill_user_mtu != 0 && 8554 ill->ill_user_mtu < ill->ill_mc_mtu) 8555 ill->ill_mc_mtu = ill->ill_user_mtu; 8556 8557 if (ill->ill_isv6) { 8558 if (ill->ill_mtu < IPV6_MIN_MTU) 8559 ill->ill_mtu = IPV6_MIN_MTU; 8560 if (ill->ill_mc_mtu < IPV6_MIN_MTU) 8561 ill->ill_mc_mtu = IPV6_MIN_MTU; 8562 } else { 8563 if (ill->ill_mtu < IP_MIN_MTU) 8564 ill->ill_mtu = IP_MIN_MTU; 8565 if (ill->ill_mc_mtu < IP_MIN_MTU) 8566 ill->ill_mc_mtu = IP_MIN_MTU; 8567 } 8568 } else if (ill->ill_mc_mtu > ill->ill_mtu) { 8569 ill->ill_mc_mtu = ill->ill_mtu; 8570 } 8571 8572 mutex_exit(&ill->ill_lock); 8573 /* 8574 * Make sure all dce_generation checks find out 8575 * that ill_mtu/ill_mc_mtu has changed. 8576 */ 8577 if (orig_mtu != ill->ill_mtu || 8578 orig_mc_mtu != ill->ill_mc_mtu) { 8579 dce_increment_all_generations(ill->ill_isv6, 8580 ill->ill_ipst); 8581 } 8582 8583 /* 8584 * Refresh IPMP meta-interface MTU if necessary. 8585 */ 8586 if (IS_UNDER_IPMP(ill)) 8587 ipmp_illgrp_refresh_mtu(ill->ill_grp); 8588 break; 8589 8590 case DL_NOTE_LINK_UP: 8591 case DL_NOTE_LINK_DOWN: { 8592 /* 8593 * We are writer. ill / phyint / ipsq assocs stable. 8594 * The RUNNING flag reflects the state of the link. 8595 */ 8596 phyint_t *phyint = ill->ill_phyint; 8597 uint64_t new_phyint_flags; 8598 boolean_t changed = B_FALSE; 8599 boolean_t went_up; 8600 8601 went_up = notify->dl_notification == DL_NOTE_LINK_UP; 8602 mutex_enter(&phyint->phyint_lock); 8603 8604 new_phyint_flags = went_up ? 8605 phyint->phyint_flags | PHYI_RUNNING : 8606 phyint->phyint_flags & ~PHYI_RUNNING; 8607 8608 if (IS_IPMP(ill)) { 8609 new_phyint_flags = went_up ? 8610 new_phyint_flags & ~PHYI_FAILED : 8611 new_phyint_flags | PHYI_FAILED; 8612 } 8613 8614 if (new_phyint_flags != phyint->phyint_flags) { 8615 phyint->phyint_flags = new_phyint_flags; 8616 changed = B_TRUE; 8617 } 8618 mutex_exit(&phyint->phyint_lock); 8619 /* 8620 * ill_restart_dad handles the DAD restart and routing 8621 * socket notification logic. 8622 */ 8623 if (changed) { 8624 ill_restart_dad(phyint->phyint_illv4, went_up); 8625 ill_restart_dad(phyint->phyint_illv6, went_up); 8626 } 8627 break; 8628 } 8629 case DL_NOTE_PROMISC_ON_PHYS: { 8630 phyint_t *phyint = ill->ill_phyint; 8631 8632 mutex_enter(&phyint->phyint_lock); 8633 phyint->phyint_flags |= PHYI_PROMISC; 8634 mutex_exit(&phyint->phyint_lock); 8635 break; 8636 } 8637 case DL_NOTE_PROMISC_OFF_PHYS: { 8638 phyint_t *phyint = ill->ill_phyint; 8639 8640 mutex_enter(&phyint->phyint_lock); 8641 phyint->phyint_flags &= ~PHYI_PROMISC; 8642 mutex_exit(&phyint->phyint_lock); 8643 break; 8644 } 8645 case DL_NOTE_CAPAB_RENEG: 8646 /* 8647 * Something changed on the driver side. 8648 * It wants us to renegotiate the capabilities 8649 * on this ill. One possible cause is the aggregation 8650 * interface under us where a port got added or 8651 * went away. 8652 * 8653 * If the capability negotiation is already done 8654 * or is in progress, reset the capabilities and 8655 * mark the ill's ill_capab_reneg to be B_TRUE, 8656 * so that when the ack comes back, we can start 8657 * the renegotiation process. 8658 * 8659 * Note that if ill_capab_reneg is already B_TRUE 8660 * (ill_dlpi_capab_state is IDS_UNKNOWN in this case), 8661 * the capability resetting request has been sent 8662 * and the renegotiation has not been started yet; 8663 * nothing needs to be done in this case. 8664 */ 8665 ipsq_current_start(ipsq, ill->ill_ipif, 0); 8666 ill_capability_reset(ill, B_TRUE); 8667 ipsq_current_finish(ipsq); 8668 break; 8669 8670 case DL_NOTE_ALLOWED_IPS: 8671 ill_set_allowed_ips(ill, mp); 8672 break; 8673 default: 8674 ip0dbg(("ip_rput_dlpi_writer: unknown notification " 8675 "type 0x%x for DL_NOTIFY_IND\n", 8676 notify->dl_notification)); 8677 break; 8678 } 8679 8680 /* 8681 * As this is an asynchronous operation, we 8682 * should not call ill_dlpi_done 8683 */ 8684 break; 8685 } 8686 case DL_NOTIFY_ACK: { 8687 dl_notify_ack_t *noteack = (dl_notify_ack_t *)mp->b_rptr; 8688 8689 if (noteack->dl_notifications & DL_NOTE_LINK_UP) 8690 ill->ill_note_link = 1; 8691 ill_dlpi_done(ill, DL_NOTIFY_REQ); 8692 break; 8693 } 8694 case DL_PHYS_ADDR_ACK: { 8695 /* 8696 * As part of plumbing the interface via SIOCSLIFNAME, 8697 * ill_dl_phys() will queue a series of DL_PHYS_ADDR_REQs, 8698 * whose answers we receive here. As each answer is received, 8699 * we call ill_dlpi_done() to dispatch the next request as 8700 * we're processing the current one. Once all answers have 8701 * been received, we use ipsq_pending_mp_get() to dequeue the 8702 * outstanding IOCTL and reply to it. (Because ill_dl_phys() 8703 * is invoked from an ill queue, conn_oper_pending_ill is not 8704 * available, but we know the ioctl is pending on ill_wq.) 8705 */ 8706 uint_t paddrlen, paddroff; 8707 uint8_t *addr; 8708 8709 paddrreq = ill->ill_phys_addr_pend; 8710 paddrlen = ((dl_phys_addr_ack_t *)mp->b_rptr)->dl_addr_length; 8711 paddroff = ((dl_phys_addr_ack_t *)mp->b_rptr)->dl_addr_offset; 8712 addr = mp->b_rptr + paddroff; 8713 8714 ill_dlpi_done(ill, DL_PHYS_ADDR_REQ); 8715 if (paddrreq == DL_IPV6_TOKEN) { 8716 /* 8717 * bcopy to low-order bits of ill_token 8718 * 8719 * XXX Temporary hack - currently, all known tokens 8720 * are 64 bits, so I'll cheat for the moment. 8721 */ 8722 bcopy(addr, &ill->ill_token.s6_addr32[2], paddrlen); 8723 ill->ill_token_length = paddrlen; 8724 break; 8725 } else if (paddrreq == DL_IPV6_LINK_LAYER_ADDR) { 8726 ASSERT(ill->ill_nd_lla_mp == NULL); 8727 ill_set_ndmp(ill, mp, paddroff, paddrlen); 8728 mp = NULL; 8729 break; 8730 } else if (paddrreq == DL_CURR_DEST_ADDR) { 8731 ASSERT(ill->ill_dest_addr_mp == NULL); 8732 ill->ill_dest_addr_mp = mp; 8733 ill->ill_dest_addr = addr; 8734 mp = NULL; 8735 if (ill->ill_isv6) { 8736 ill_setdesttoken(ill); 8737 ipif_setdestlinklocal(ill->ill_ipif); 8738 } 8739 break; 8740 } 8741 8742 ASSERT(paddrreq == DL_CURR_PHYS_ADDR); 8743 ASSERT(ill->ill_phys_addr_mp == NULL); 8744 if (!ill->ill_ifname_pending) 8745 break; 8746 ill->ill_ifname_pending = 0; 8747 if (!ioctl_aborted) 8748 mp1 = ipsq_pending_mp_get(ipsq, &connp); 8749 if (mp1 != NULL) { 8750 ASSERT(connp == NULL); 8751 q = ill->ill_wq; 8752 } 8753 /* 8754 * If any error acks received during the plumbing sequence, 8755 * ill_ifname_pending_err will be set. Break out and send up 8756 * the error to the pending ioctl. 8757 */ 8758 if (ill->ill_ifname_pending_err != 0) { 8759 err = ill->ill_ifname_pending_err; 8760 ill->ill_ifname_pending_err = 0; 8761 break; 8762 } 8763 8764 ill->ill_phys_addr_mp = mp; 8765 ill->ill_phys_addr = (paddrlen == 0 ? NULL : addr); 8766 mp = NULL; 8767 8768 /* 8769 * If paddrlen or ill_phys_addr_length is zero, the DLPI 8770 * provider doesn't support physical addresses. We check both 8771 * paddrlen and ill_phys_addr_length because sppp (PPP) does 8772 * not have physical addresses, but historically adversises a 8773 * physical address length of 0 in its DL_INFO_ACK, but 6 in 8774 * its DL_PHYS_ADDR_ACK. 8775 */ 8776 if (paddrlen == 0 || ill->ill_phys_addr_length == 0) { 8777 ill->ill_phys_addr = NULL; 8778 } else if (paddrlen != ill->ill_phys_addr_length) { 8779 ip0dbg(("DL_PHYS_ADDR_ACK: got addrlen %d, expected %d", 8780 paddrlen, ill->ill_phys_addr_length)); 8781 err = EINVAL; 8782 break; 8783 } 8784 8785 if (ill->ill_nd_lla_mp == NULL) { 8786 if ((mp_hw = copyb(ill->ill_phys_addr_mp)) == NULL) { 8787 err = ENOMEM; 8788 break; 8789 } 8790 ill_set_ndmp(ill, mp_hw, paddroff, paddrlen); 8791 } 8792 8793 if (ill->ill_isv6) { 8794 ill_setdefaulttoken(ill); 8795 ipif_setlinklocal(ill->ill_ipif); 8796 } 8797 break; 8798 } 8799 case DL_OK_ACK: 8800 ip2dbg(("DL_OK_ACK %s (0x%x)\n", 8801 dl_primstr((int)dloa->dl_correct_primitive), 8802 dloa->dl_correct_primitive)); 8803 DTRACE_PROBE3(ill__dlpi, char *, "ip_rput_dlpi_writer ok", 8804 char *, dl_primstr(dloa->dl_correct_primitive), 8805 ill_t *, ill); 8806 8807 switch (dloa->dl_correct_primitive) { 8808 case DL_ENABMULTI_REQ: 8809 case DL_DISABMULTI_REQ: 8810 ill_dlpi_done(ill, dloa->dl_correct_primitive); 8811 break; 8812 case DL_PROMISCON_REQ: 8813 case DL_PROMISCOFF_REQ: 8814 case DL_UNBIND_REQ: 8815 case DL_ATTACH_REQ: 8816 ill_dlpi_done(ill, dloa->dl_correct_primitive); 8817 break; 8818 } 8819 break; 8820 default: 8821 break; 8822 } 8823 8824 freemsg(mp); 8825 if (mp1 == NULL) 8826 return; 8827 8828 /* 8829 * The operation must complete without EINPROGRESS since 8830 * ipsq_pending_mp_get() has removed the mblk (mp1). Otherwise, 8831 * the operation will be stuck forever inside the IPSQ. 8832 */ 8833 ASSERT(err != EINPROGRESS); 8834 8835 DTRACE_PROBE4(ipif__ioctl, char *, "ip_rput_dlpi_writer finish", 8836 int, ipsq->ipsq_xop->ipx_current_ioctl, ill_t *, ill, 8837 ipif_t *, NULL); 8838 8839 switch (ipsq->ipsq_xop->ipx_current_ioctl) { 8840 case 0: 8841 ipsq_current_finish(ipsq); 8842 break; 8843 8844 case SIOCSLIFNAME: 8845 case IF_UNITSEL: { 8846 ill_t *ill_other = ILL_OTHER(ill); 8847 8848 /* 8849 * If SIOCSLIFNAME or IF_UNITSEL is about to succeed, and the 8850 * ill has a peer which is in an IPMP group, then place ill 8851 * into the same group. One catch: although ifconfig plumbs 8852 * the appropriate IPMP meta-interface prior to plumbing this 8853 * ill, it is possible for multiple ifconfig applications to 8854 * race (or for another application to adjust plumbing), in 8855 * which case the IPMP meta-interface we need will be missing. 8856 * If so, kick the phyint out of the group. 8857 */ 8858 if (err == 0 && ill_other != NULL && IS_UNDER_IPMP(ill_other)) { 8859 ipmp_grp_t *grp = ill->ill_phyint->phyint_grp; 8860 ipmp_illgrp_t *illg; 8861 8862 illg = ill->ill_isv6 ? grp->gr_v6 : grp->gr_v4; 8863 if (illg == NULL) 8864 ipmp_phyint_leave_grp(ill->ill_phyint); 8865 else 8866 ipmp_ill_join_illgrp(ill, illg); 8867 } 8868 8869 if (ipsq->ipsq_xop->ipx_current_ioctl == IF_UNITSEL) 8870 ip_ioctl_finish(q, mp1, err, NO_COPYOUT, ipsq); 8871 else 8872 ip_ioctl_finish(q, mp1, err, COPYOUT, ipsq); 8873 break; 8874 } 8875 case SIOCLIFADDIF: 8876 ip_ioctl_finish(q, mp1, err, COPYOUT, ipsq); 8877 break; 8878 8879 default: 8880 ip_ioctl_finish(q, mp1, err, NO_COPYOUT, ipsq); 8881 break; 8882 } 8883 } 8884 8885 /* 8886 * ip_rput_other is called by ip_rput to handle messages modifying the global 8887 * state in IP. If 'ipsq' is non-NULL, caller is writer on it. 8888 */ 8889 /* ARGSUSED */ 8890 void 8891 ip_rput_other(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *dummy_arg) 8892 { 8893 ill_t *ill = q->q_ptr; 8894 struct iocblk *iocp; 8895 8896 ip1dbg(("ip_rput_other ")); 8897 if (ipsq != NULL) { 8898 ASSERT(IAM_WRITER_IPSQ(ipsq)); 8899 ASSERT(ipsq->ipsq_xop == 8900 ill->ill_phyint->phyint_ipsq->ipsq_xop); 8901 } 8902 8903 switch (mp->b_datap->db_type) { 8904 case M_ERROR: 8905 case M_HANGUP: 8906 /* 8907 * The device has a problem. We force the ILL down. It can 8908 * be brought up again manually using SIOCSIFFLAGS (via 8909 * ifconfig or equivalent). 8910 */ 8911 ASSERT(ipsq != NULL); 8912 if (mp->b_rptr < mp->b_wptr) 8913 ill->ill_error = (int)(*mp->b_rptr & 0xFF); 8914 if (ill->ill_error == 0) 8915 ill->ill_error = ENXIO; 8916 if (!ill_down_start(q, mp)) 8917 return; 8918 ipif_all_down_tail(ipsq, q, mp, NULL); 8919 break; 8920 case M_IOCNAK: { 8921 iocp = (struct iocblk *)mp->b_rptr; 8922 8923 ASSERT(iocp->ioc_cmd == DL_IOC_HDR_INFO); 8924 /* 8925 * If this was the first attempt, turn off the fastpath 8926 * probing. 8927 */ 8928 mutex_enter(&ill->ill_lock); 8929 if (ill->ill_dlpi_fastpath_state == IDS_INPROGRESS) { 8930 ill->ill_dlpi_fastpath_state = IDS_FAILED; 8931 mutex_exit(&ill->ill_lock); 8932 /* 8933 * don't flush the nce_t entries: we use them 8934 * as an index to the ncec itself. 8935 */ 8936 ip1dbg(("ip_rput: DLPI fastpath off on interface %s\n", 8937 ill->ill_name)); 8938 } else { 8939 mutex_exit(&ill->ill_lock); 8940 } 8941 freemsg(mp); 8942 break; 8943 } 8944 default: 8945 ASSERT(0); 8946 break; 8947 } 8948 } 8949 8950 /* 8951 * Update any source route, record route or timestamp options 8952 * When it fails it has consumed the message and BUMPed the MIB. 8953 */ 8954 boolean_t 8955 ip_forward_options(mblk_t *mp, ipha_t *ipha, ill_t *dst_ill, 8956 ip_recv_attr_t *ira) 8957 { 8958 ipoptp_t opts; 8959 uchar_t *opt; 8960 uint8_t optval; 8961 uint8_t optlen; 8962 ipaddr_t dst; 8963 ipaddr_t ifaddr; 8964 uint32_t ts; 8965 timestruc_t now; 8966 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 8967 8968 ip2dbg(("ip_forward_options\n")); 8969 dst = ipha->ipha_dst; 8970 for (optval = ipoptp_first(&opts, ipha); 8971 optval != IPOPT_EOL; 8972 optval = ipoptp_next(&opts)) { 8973 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0); 8974 opt = opts.ipoptp_cur; 8975 optlen = opts.ipoptp_len; 8976 ip2dbg(("ip_forward_options: opt %d, len %d\n", 8977 optval, opts.ipoptp_len)); 8978 switch (optval) { 8979 uint32_t off; 8980 case IPOPT_SSRR: 8981 case IPOPT_LSRR: 8982 /* Check if adminstratively disabled */ 8983 if (!ipst->ips_ip_forward_src_routed) { 8984 BUMP_MIB(dst_ill->ill_ip_mib, 8985 ipIfStatsForwProhibits); 8986 ip_drop_input("ICMP_SOURCE_ROUTE_FAILED", 8987 mp, dst_ill); 8988 icmp_unreachable(mp, ICMP_SOURCE_ROUTE_FAILED, 8989 ira); 8990 return (B_FALSE); 8991 } 8992 if (ip_type_v4(dst, ipst) != IRE_LOCAL) { 8993 /* 8994 * Must be partial since ip_input_options 8995 * checked for strict. 8996 */ 8997 break; 8998 } 8999 off = opt[IPOPT_OFFSET]; 9000 off--; 9001 redo_srr: 9002 if (optlen < IP_ADDR_LEN || 9003 off > optlen - IP_ADDR_LEN) { 9004 /* End of source route */ 9005 ip1dbg(( 9006 "ip_forward_options: end of SR\n")); 9007 break; 9008 } 9009 /* Pick a reasonable address on the outbound if */ 9010 ASSERT(dst_ill != NULL); 9011 if (ip_select_source_v4(dst_ill, INADDR_ANY, dst, 9012 INADDR_ANY, ALL_ZONES, ipst, &ifaddr, NULL, 9013 NULL) != 0) { 9014 /* No source! Shouldn't happen */ 9015 ifaddr = INADDR_ANY; 9016 } 9017 bcopy((char *)opt + off, &dst, IP_ADDR_LEN); 9018 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN); 9019 ip1dbg(("ip_forward_options: next hop 0x%x\n", 9020 ntohl(dst))); 9021 9022 /* 9023 * Check if our address is present more than 9024 * once as consecutive hops in source route. 9025 */ 9026 if (ip_type_v4(dst, ipst) == IRE_LOCAL) { 9027 off += IP_ADDR_LEN; 9028 opt[IPOPT_OFFSET] += IP_ADDR_LEN; 9029 goto redo_srr; 9030 } 9031 ipha->ipha_dst = dst; 9032 opt[IPOPT_OFFSET] += IP_ADDR_LEN; 9033 break; 9034 case IPOPT_RR: 9035 off = opt[IPOPT_OFFSET]; 9036 off--; 9037 if (optlen < IP_ADDR_LEN || 9038 off > optlen - IP_ADDR_LEN) { 9039 /* No more room - ignore */ 9040 ip1dbg(( 9041 "ip_forward_options: end of RR\n")); 9042 break; 9043 } 9044 /* Pick a reasonable address on the outbound if */ 9045 ASSERT(dst_ill != NULL); 9046 if (ip_select_source_v4(dst_ill, INADDR_ANY, dst, 9047 INADDR_ANY, ALL_ZONES, ipst, &ifaddr, NULL, 9048 NULL) != 0) { 9049 /* No source! Shouldn't happen */ 9050 ifaddr = INADDR_ANY; 9051 } 9052 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN); 9053 opt[IPOPT_OFFSET] += IP_ADDR_LEN; 9054 break; 9055 case IPOPT_TS: 9056 /* Insert timestamp if there is room */ 9057 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) { 9058 case IPOPT_TS_TSONLY: 9059 off = IPOPT_TS_TIMELEN; 9060 break; 9061 case IPOPT_TS_PRESPEC: 9062 case IPOPT_TS_PRESPEC_RFC791: 9063 /* Verify that the address matched */ 9064 off = opt[IPOPT_OFFSET] - 1; 9065 bcopy((char *)opt + off, &dst, IP_ADDR_LEN); 9066 if (ip_type_v4(dst, ipst) != IRE_LOCAL) { 9067 /* Not for us */ 9068 break; 9069 } 9070 /* FALLTHRU */ 9071 case IPOPT_TS_TSANDADDR: 9072 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN; 9073 break; 9074 default: 9075 /* 9076 * ip_*put_options should have already 9077 * dropped this packet. 9078 */ 9079 cmn_err(CE_PANIC, "ip_forward_options: " 9080 "unknown IT - bug in ip_input_options?\n"); 9081 return (B_TRUE); /* Keep "lint" happy */ 9082 } 9083 if (opt[IPOPT_OFFSET] - 1 + off > optlen) { 9084 /* Increase overflow counter */ 9085 off = (opt[IPOPT_POS_OV_FLG] >> 4) + 1; 9086 opt[IPOPT_POS_OV_FLG] = 9087 (uint8_t)((opt[IPOPT_POS_OV_FLG] & 0x0F) | 9088 (off << 4)); 9089 break; 9090 } 9091 off = opt[IPOPT_OFFSET] - 1; 9092 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) { 9093 case IPOPT_TS_PRESPEC: 9094 case IPOPT_TS_PRESPEC_RFC791: 9095 case IPOPT_TS_TSANDADDR: 9096 /* Pick a reasonable addr on the outbound if */ 9097 ASSERT(dst_ill != NULL); 9098 if (ip_select_source_v4(dst_ill, INADDR_ANY, 9099 dst, INADDR_ANY, ALL_ZONES, ipst, &ifaddr, 9100 NULL, NULL) != 0) { 9101 /* No source! Shouldn't happen */ 9102 ifaddr = INADDR_ANY; 9103 } 9104 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN); 9105 opt[IPOPT_OFFSET] += IP_ADDR_LEN; 9106 /* FALLTHRU */ 9107 case IPOPT_TS_TSONLY: 9108 off = opt[IPOPT_OFFSET] - 1; 9109 /* Compute # of milliseconds since midnight */ 9110 gethrestime(&now); 9111 ts = (now.tv_sec % (24 * 60 * 60)) * 1000 + 9112 now.tv_nsec / (NANOSEC / MILLISEC); 9113 bcopy(&ts, (char *)opt + off, IPOPT_TS_TIMELEN); 9114 opt[IPOPT_OFFSET] += IPOPT_TS_TIMELEN; 9115 break; 9116 } 9117 break; 9118 } 9119 } 9120 return (B_TRUE); 9121 } 9122 9123 /* 9124 * Call ill_frag_timeout to do garbage collection. ill_frag_timeout 9125 * returns 'true' if there are still fragments left on the queue, in 9126 * which case we restart the timer. 9127 */ 9128 void 9129 ill_frag_timer(void *arg) 9130 { 9131 ill_t *ill = (ill_t *)arg; 9132 boolean_t frag_pending; 9133 ip_stack_t *ipst = ill->ill_ipst; 9134 time_t timeout; 9135 9136 mutex_enter(&ill->ill_lock); 9137 ASSERT(!ill->ill_fragtimer_executing); 9138 if (ill->ill_state_flags & ILL_CONDEMNED) { 9139 ill->ill_frag_timer_id = 0; 9140 mutex_exit(&ill->ill_lock); 9141 return; 9142 } 9143 ill->ill_fragtimer_executing = 1; 9144 mutex_exit(&ill->ill_lock); 9145 9146 timeout = (ill->ill_isv6 ? ipst->ips_ipv6_reassembly_timeout : 9147 ipst->ips_ip_reassembly_timeout); 9148 9149 frag_pending = ill_frag_timeout(ill, timeout); 9150 9151 /* 9152 * Restart the timer, if we have fragments pending or if someone 9153 * wanted us to be scheduled again. 9154 */ 9155 mutex_enter(&ill->ill_lock); 9156 ill->ill_fragtimer_executing = 0; 9157 ill->ill_frag_timer_id = 0; 9158 if (frag_pending || ill->ill_fragtimer_needrestart) 9159 ill_frag_timer_start(ill); 9160 mutex_exit(&ill->ill_lock); 9161 } 9162 9163 void 9164 ill_frag_timer_start(ill_t *ill) 9165 { 9166 ip_stack_t *ipst = ill->ill_ipst; 9167 clock_t timeo_ms; 9168 9169 ASSERT(MUTEX_HELD(&ill->ill_lock)); 9170 9171 /* If the ill is closing or opening don't proceed */ 9172 if (ill->ill_state_flags & ILL_CONDEMNED) 9173 return; 9174 9175 if (ill->ill_fragtimer_executing) { 9176 /* 9177 * ill_frag_timer is currently executing. Just record the 9178 * the fact that we want the timer to be restarted. 9179 * ill_frag_timer will post a timeout before it returns, 9180 * ensuring it will be called again. 9181 */ 9182 ill->ill_fragtimer_needrestart = 1; 9183 return; 9184 } 9185 9186 if (ill->ill_frag_timer_id == 0) { 9187 timeo_ms = (ill->ill_isv6 ? ipst->ips_ipv6_reassembly_timeout : 9188 ipst->ips_ip_reassembly_timeout) * SECONDS; 9189 9190 /* 9191 * The timer is neither running nor is the timeout handler 9192 * executing. Post a timeout so that ill_frag_timer will be 9193 * called 9194 */ 9195 ill->ill_frag_timer_id = timeout(ill_frag_timer, ill, 9196 MSEC_TO_TICK(timeo_ms >> 1)); 9197 ill->ill_fragtimer_needrestart = 0; 9198 } 9199 } 9200 9201 /* 9202 * Update any source route, record route or timestamp options. 9203 * Check that we are at end of strict source route. 9204 * The options have already been checked for sanity in ip_input_options(). 9205 */ 9206 boolean_t 9207 ip_input_local_options(mblk_t *mp, ipha_t *ipha, ip_recv_attr_t *ira) 9208 { 9209 ipoptp_t opts; 9210 uchar_t *opt; 9211 uint8_t optval; 9212 uint8_t optlen; 9213 ipaddr_t dst; 9214 ipaddr_t ifaddr; 9215 uint32_t ts; 9216 timestruc_t now; 9217 ill_t *ill = ira->ira_ill; 9218 ip_stack_t *ipst = ill->ill_ipst; 9219 9220 ip2dbg(("ip_input_local_options\n")); 9221 9222 for (optval = ipoptp_first(&opts, ipha); 9223 optval != IPOPT_EOL; 9224 optval = ipoptp_next(&opts)) { 9225 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0); 9226 opt = opts.ipoptp_cur; 9227 optlen = opts.ipoptp_len; 9228 ip2dbg(("ip_input_local_options: opt %d, len %d\n", 9229 optval, optlen)); 9230 switch (optval) { 9231 uint32_t off; 9232 case IPOPT_SSRR: 9233 case IPOPT_LSRR: 9234 off = opt[IPOPT_OFFSET]; 9235 off--; 9236 if (optlen < IP_ADDR_LEN || 9237 off > optlen - IP_ADDR_LEN) { 9238 /* End of source route */ 9239 ip1dbg(("ip_input_local_options: end of SR\n")); 9240 break; 9241 } 9242 /* 9243 * This will only happen if two consecutive entries 9244 * in the source route contains our address or if 9245 * it is a packet with a loose source route which 9246 * reaches us before consuming the whole source route 9247 */ 9248 ip1dbg(("ip_input_local_options: not end of SR\n")); 9249 if (optval == IPOPT_SSRR) { 9250 goto bad_src_route; 9251 } 9252 /* 9253 * Hack: instead of dropping the packet truncate the 9254 * source route to what has been used by filling the 9255 * rest with IPOPT_NOP. 9256 */ 9257 opt[IPOPT_OLEN] = (uint8_t)off; 9258 while (off < optlen) { 9259 opt[off++] = IPOPT_NOP; 9260 } 9261 break; 9262 case IPOPT_RR: 9263 off = opt[IPOPT_OFFSET]; 9264 off--; 9265 if (optlen < IP_ADDR_LEN || 9266 off > optlen - IP_ADDR_LEN) { 9267 /* No more room - ignore */ 9268 ip1dbg(( 9269 "ip_input_local_options: end of RR\n")); 9270 break; 9271 } 9272 /* Pick a reasonable address on the outbound if */ 9273 if (ip_select_source_v4(ill, INADDR_ANY, ipha->ipha_dst, 9274 INADDR_ANY, ALL_ZONES, ipst, &ifaddr, NULL, 9275 NULL) != 0) { 9276 /* No source! Shouldn't happen */ 9277 ifaddr = INADDR_ANY; 9278 } 9279 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN); 9280 opt[IPOPT_OFFSET] += IP_ADDR_LEN; 9281 break; 9282 case IPOPT_TS: 9283 /* Insert timestamp if there is romm */ 9284 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) { 9285 case IPOPT_TS_TSONLY: 9286 off = IPOPT_TS_TIMELEN; 9287 break; 9288 case IPOPT_TS_PRESPEC: 9289 case IPOPT_TS_PRESPEC_RFC791: 9290 /* Verify that the address matched */ 9291 off = opt[IPOPT_OFFSET] - 1; 9292 bcopy((char *)opt + off, &dst, IP_ADDR_LEN); 9293 if (ip_type_v4(dst, ipst) != IRE_LOCAL) { 9294 /* Not for us */ 9295 break; 9296 } 9297 /* FALLTHRU */ 9298 case IPOPT_TS_TSANDADDR: 9299 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN; 9300 break; 9301 default: 9302 /* 9303 * ip_*put_options should have already 9304 * dropped this packet. 9305 */ 9306 cmn_err(CE_PANIC, "ip_input_local_options: " 9307 "unknown IT - bug in ip_input_options?\n"); 9308 return (B_TRUE); /* Keep "lint" happy */ 9309 } 9310 if (opt[IPOPT_OFFSET] - 1 + off > optlen) { 9311 /* Increase overflow counter */ 9312 off = (opt[IPOPT_POS_OV_FLG] >> 4) + 1; 9313 opt[IPOPT_POS_OV_FLG] = 9314 (uint8_t)((opt[IPOPT_POS_OV_FLG] & 0x0F) | 9315 (off << 4)); 9316 break; 9317 } 9318 off = opt[IPOPT_OFFSET] - 1; 9319 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) { 9320 case IPOPT_TS_PRESPEC: 9321 case IPOPT_TS_PRESPEC_RFC791: 9322 case IPOPT_TS_TSANDADDR: 9323 /* Pick a reasonable addr on the outbound if */ 9324 if (ip_select_source_v4(ill, INADDR_ANY, 9325 ipha->ipha_dst, INADDR_ANY, ALL_ZONES, ipst, 9326 &ifaddr, NULL, NULL) != 0) { 9327 /* No source! Shouldn't happen */ 9328 ifaddr = INADDR_ANY; 9329 } 9330 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN); 9331 opt[IPOPT_OFFSET] += IP_ADDR_LEN; 9332 /* FALLTHRU */ 9333 case IPOPT_TS_TSONLY: 9334 off = opt[IPOPT_OFFSET] - 1; 9335 /* Compute # of milliseconds since midnight */ 9336 gethrestime(&now); 9337 ts = (now.tv_sec % (24 * 60 * 60)) * 1000 + 9338 now.tv_nsec / (NANOSEC / MILLISEC); 9339 bcopy(&ts, (char *)opt + off, IPOPT_TS_TIMELEN); 9340 opt[IPOPT_OFFSET] += IPOPT_TS_TIMELEN; 9341 break; 9342 } 9343 break; 9344 } 9345 } 9346 return (B_TRUE); 9347 9348 bad_src_route: 9349 /* make sure we clear any indication of a hardware checksum */ 9350 DB_CKSUMFLAGS(mp) = 0; 9351 ip_drop_input("ICMP_SOURCE_ROUTE_FAILED", mp, ill); 9352 icmp_unreachable(mp, ICMP_SOURCE_ROUTE_FAILED, ira); 9353 return (B_FALSE); 9354 9355 } 9356 9357 /* 9358 * Process IP options in an inbound packet. Always returns the nexthop. 9359 * Normally this is the passed in nexthop, but if there is an option 9360 * that effects the nexthop (such as a source route) that will be returned. 9361 * Sets *errorp if there is an error, in which case an ICMP error has been sent 9362 * and mp freed. 9363 */ 9364 ipaddr_t 9365 ip_input_options(ipha_t *ipha, ipaddr_t dst, mblk_t *mp, 9366 ip_recv_attr_t *ira, int *errorp) 9367 { 9368 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 9369 ipoptp_t opts; 9370 uchar_t *opt; 9371 uint8_t optval; 9372 uint8_t optlen; 9373 intptr_t code = 0; 9374 ire_t *ire; 9375 9376 ip2dbg(("ip_input_options\n")); 9377 *errorp = 0; 9378 for (optval = ipoptp_first(&opts, ipha); 9379 optval != IPOPT_EOL; 9380 optval = ipoptp_next(&opts)) { 9381 opt = opts.ipoptp_cur; 9382 optlen = opts.ipoptp_len; 9383 ip2dbg(("ip_input_options: opt %d, len %d\n", 9384 optval, optlen)); 9385 /* 9386 * Note: we need to verify the checksum before we 9387 * modify anything thus this routine only extracts the next 9388 * hop dst from any source route. 9389 */ 9390 switch (optval) { 9391 uint32_t off; 9392 case IPOPT_SSRR: 9393 case IPOPT_LSRR: 9394 if (ip_type_v4(dst, ipst) != IRE_LOCAL) { 9395 if (optval == IPOPT_SSRR) { 9396 ip1dbg(("ip_input_options: not next" 9397 " strict source route 0x%x\n", 9398 ntohl(dst))); 9399 code = (char *)&ipha->ipha_dst - 9400 (char *)ipha; 9401 goto param_prob; /* RouterReq's */ 9402 } 9403 ip2dbg(("ip_input_options: " 9404 "not next source route 0x%x\n", 9405 ntohl(dst))); 9406 break; 9407 } 9408 9409 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) { 9410 ip1dbg(( 9411 "ip_input_options: bad option offset\n")); 9412 code = (char *)&opt[IPOPT_OLEN] - 9413 (char *)ipha; 9414 goto param_prob; 9415 } 9416 off = opt[IPOPT_OFFSET]; 9417 off--; 9418 redo_srr: 9419 if (optlen < IP_ADDR_LEN || 9420 off > optlen - IP_ADDR_LEN) { 9421 /* End of source route */ 9422 ip1dbg(("ip_input_options: end of SR\n")); 9423 break; 9424 } 9425 bcopy((char *)opt + off, &dst, IP_ADDR_LEN); 9426 ip1dbg(("ip_input_options: next hop 0x%x\n", 9427 ntohl(dst))); 9428 9429 /* 9430 * Check if our address is present more than 9431 * once as consecutive hops in source route. 9432 * XXX verify per-interface ip_forwarding 9433 * for source route? 9434 */ 9435 if (ip_type_v4(dst, ipst) == IRE_LOCAL) { 9436 off += IP_ADDR_LEN; 9437 goto redo_srr; 9438 } 9439 9440 if (dst == htonl(INADDR_LOOPBACK)) { 9441 ip1dbg(("ip_input_options: loopback addr in " 9442 "source route!\n")); 9443 goto bad_src_route; 9444 } 9445 /* 9446 * For strict: verify that dst is directly 9447 * reachable. 9448 */ 9449 if (optval == IPOPT_SSRR) { 9450 ire = ire_ftable_lookup_v4(dst, 0, 0, 9451 IRE_INTERFACE, NULL, ALL_ZONES, 9452 ira->ira_tsl, 9453 MATCH_IRE_TYPE | MATCH_IRE_SECATTR, 0, ipst, 9454 NULL); 9455 if (ire == NULL) { 9456 ip1dbg(("ip_input_options: SSRR not " 9457 "directly reachable: 0x%x\n", 9458 ntohl(dst))); 9459 goto bad_src_route; 9460 } 9461 ire_refrele(ire); 9462 } 9463 /* 9464 * Defer update of the offset and the record route 9465 * until the packet is forwarded. 9466 */ 9467 break; 9468 case IPOPT_RR: 9469 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) { 9470 ip1dbg(( 9471 "ip_input_options: bad option offset\n")); 9472 code = (char *)&opt[IPOPT_OLEN] - 9473 (char *)ipha; 9474 goto param_prob; 9475 } 9476 break; 9477 case IPOPT_TS: 9478 /* 9479 * Verify that length >= 5 and that there is either 9480 * room for another timestamp or that the overflow 9481 * counter is not maxed out. 9482 */ 9483 code = (char *)&opt[IPOPT_OLEN] - (char *)ipha; 9484 if (optlen < IPOPT_MINLEN_IT) { 9485 goto param_prob; 9486 } 9487 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) { 9488 ip1dbg(( 9489 "ip_input_options: bad option offset\n")); 9490 code = (char *)&opt[IPOPT_OFFSET] - 9491 (char *)ipha; 9492 goto param_prob; 9493 } 9494 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) { 9495 case IPOPT_TS_TSONLY: 9496 off = IPOPT_TS_TIMELEN; 9497 break; 9498 case IPOPT_TS_TSANDADDR: 9499 case IPOPT_TS_PRESPEC: 9500 case IPOPT_TS_PRESPEC_RFC791: 9501 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN; 9502 break; 9503 default: 9504 code = (char *)&opt[IPOPT_POS_OV_FLG] - 9505 (char *)ipha; 9506 goto param_prob; 9507 } 9508 if (opt[IPOPT_OFFSET] - 1 + off > optlen && 9509 (opt[IPOPT_POS_OV_FLG] & 0xF0) == 0xF0) { 9510 /* 9511 * No room and the overflow counter is 15 9512 * already. 9513 */ 9514 goto param_prob; 9515 } 9516 break; 9517 } 9518 } 9519 9520 if ((opts.ipoptp_flags & IPOPTP_ERROR) == 0) { 9521 return (dst); 9522 } 9523 9524 ip1dbg(("ip_input_options: error processing IP options.")); 9525 code = (char *)&opt[IPOPT_OFFSET] - (char *)ipha; 9526 9527 param_prob: 9528 /* make sure we clear any indication of a hardware checksum */ 9529 DB_CKSUMFLAGS(mp) = 0; 9530 ip_drop_input("ICMP_PARAM_PROBLEM", mp, ira->ira_ill); 9531 icmp_param_problem(mp, (uint8_t)code, ira); 9532 *errorp = -1; 9533 return (dst); 9534 9535 bad_src_route: 9536 /* make sure we clear any indication of a hardware checksum */ 9537 DB_CKSUMFLAGS(mp) = 0; 9538 ip_drop_input("ICMP_SOURCE_ROUTE_FAILED", mp, ira->ira_ill); 9539 icmp_unreachable(mp, ICMP_SOURCE_ROUTE_FAILED, ira); 9540 *errorp = -1; 9541 return (dst); 9542 } 9543 9544 /* 9545 * IP & ICMP info in >=14 msg's ... 9546 * - ip fixed part (mib2_ip_t) 9547 * - icmp fixed part (mib2_icmp_t) 9548 * - ipAddrEntryTable (ip 20) all IPv4 ipifs 9549 * - ipRouteEntryTable (ip 21) all IPv4 IREs 9550 * - ipNetToMediaEntryTable (ip 22) all IPv4 Neighbor Cache entries 9551 * - ipRouteAttributeTable (ip 102) labeled routes 9552 * - ip multicast membership (ip_member_t) 9553 * - ip multicast source filtering (ip_grpsrc_t) 9554 * - igmp fixed part (struct igmpstat) 9555 * - multicast routing stats (struct mrtstat) 9556 * - multicast routing vifs (array of struct vifctl) 9557 * - multicast routing routes (array of struct mfcctl) 9558 * - ip6 fixed part (mib2_ipv6IfStatsEntry_t) 9559 * One per ill plus one generic 9560 * - icmp6 fixed part (mib2_ipv6IfIcmpEntry_t) 9561 * One per ill plus one generic 9562 * - ipv6RouteEntry all IPv6 IREs 9563 * - ipv6RouteAttributeTable (ip6 102) labeled routes 9564 * - ipv6NetToMediaEntry all IPv6 Neighbor Cache entries 9565 * - ipv6AddrEntry all IPv6 ipifs 9566 * - ipv6 multicast membership (ipv6_member_t) 9567 * - ipv6 multicast source filtering (ipv6_grpsrc_t) 9568 * 9569 * NOTE: original mpctl is copied for msg's 2..N, since its ctl part is 9570 * already filled in by the caller. 9571 * If legacy_req is true then MIB structures needs to be truncated to their 9572 * legacy sizes before being returned. 9573 * Return value of 0 indicates that no messages were sent and caller 9574 * should free mpctl. 9575 */ 9576 int 9577 ip_snmp_get(queue_t *q, mblk_t *mpctl, int level, boolean_t legacy_req) 9578 { 9579 ip_stack_t *ipst; 9580 sctp_stack_t *sctps; 9581 9582 if (q->q_next != NULL) { 9583 ipst = ILLQ_TO_IPST(q); 9584 } else { 9585 ipst = CONNQ_TO_IPST(q); 9586 } 9587 ASSERT(ipst != NULL); 9588 sctps = ipst->ips_netstack->netstack_sctp; 9589 9590 if (mpctl == NULL || mpctl->b_cont == NULL) { 9591 return (0); 9592 } 9593 9594 /* 9595 * For the purposes of the (broken) packet shell use 9596 * of the level we make sure MIB2_TCP/MIB2_UDP can be used 9597 * to make TCP and UDP appear first in the list of mib items. 9598 * TBD: We could expand this and use it in netstat so that 9599 * the kernel doesn't have to produce large tables (connections, 9600 * routes, etc) when netstat only wants the statistics or a particular 9601 * table. 9602 */ 9603 if (!(level == MIB2_TCP || level == MIB2_UDP)) { 9604 if ((mpctl = icmp_snmp_get(q, mpctl)) == NULL) { 9605 return (1); 9606 } 9607 } 9608 9609 if (level != MIB2_TCP) { 9610 if ((mpctl = udp_snmp_get(q, mpctl, legacy_req)) == NULL) { 9611 return (1); 9612 } 9613 } 9614 9615 if (level != MIB2_UDP) { 9616 if ((mpctl = tcp_snmp_get(q, mpctl, legacy_req)) == NULL) { 9617 return (1); 9618 } 9619 } 9620 9621 if ((mpctl = ip_snmp_get_mib2_ip_traffic_stats(q, mpctl, 9622 ipst, legacy_req)) == NULL) { 9623 return (1); 9624 } 9625 9626 if ((mpctl = ip_snmp_get_mib2_ip6(q, mpctl, ipst, 9627 legacy_req)) == NULL) { 9628 return (1); 9629 } 9630 9631 if ((mpctl = ip_snmp_get_mib2_icmp(q, mpctl, ipst)) == NULL) { 9632 return (1); 9633 } 9634 9635 if ((mpctl = ip_snmp_get_mib2_icmp6(q, mpctl, ipst)) == NULL) { 9636 return (1); 9637 } 9638 9639 if ((mpctl = ip_snmp_get_mib2_igmp(q, mpctl, ipst)) == NULL) { 9640 return (1); 9641 } 9642 9643 if ((mpctl = ip_snmp_get_mib2_multi(q, mpctl, ipst)) == NULL) { 9644 return (1); 9645 } 9646 9647 if ((mpctl = ip_snmp_get_mib2_ip_addr(q, mpctl, ipst, 9648 legacy_req)) == NULL) { 9649 return (1); 9650 } 9651 9652 if ((mpctl = ip_snmp_get_mib2_ip6_addr(q, mpctl, ipst, 9653 legacy_req)) == NULL) { 9654 return (1); 9655 } 9656 9657 if ((mpctl = ip_snmp_get_mib2_ip_group_mem(q, mpctl, ipst)) == NULL) { 9658 return (1); 9659 } 9660 9661 if ((mpctl = ip_snmp_get_mib2_ip6_group_mem(q, mpctl, ipst)) == NULL) { 9662 return (1); 9663 } 9664 9665 if ((mpctl = ip_snmp_get_mib2_ip_group_src(q, mpctl, ipst)) == NULL) { 9666 return (1); 9667 } 9668 9669 if ((mpctl = ip_snmp_get_mib2_ip6_group_src(q, mpctl, ipst)) == NULL) { 9670 return (1); 9671 } 9672 9673 if ((mpctl = ip_snmp_get_mib2_virt_multi(q, mpctl, ipst)) == NULL) { 9674 return (1); 9675 } 9676 9677 if ((mpctl = ip_snmp_get_mib2_multi_rtable(q, mpctl, ipst)) == NULL) { 9678 return (1); 9679 } 9680 9681 mpctl = ip_snmp_get_mib2_ip_route_media(q, mpctl, level, ipst); 9682 if (mpctl == NULL) 9683 return (1); 9684 9685 mpctl = ip_snmp_get_mib2_ip6_route_media(q, mpctl, level, ipst); 9686 if (mpctl == NULL) 9687 return (1); 9688 9689 if ((mpctl = sctp_snmp_get_mib2(q, mpctl, sctps)) == NULL) { 9690 return (1); 9691 } 9692 9693 if ((mpctl = ip_snmp_get_mib2_ip_dce(q, mpctl, ipst)) == NULL) { 9694 return (1); 9695 } 9696 9697 if ((mpctl = dccp_snmp_get(q, mpctl, legacy_req)) == NULL) { 9698 return (1); 9699 } 9700 9701 freemsg(mpctl); 9702 return (1); 9703 } 9704 9705 /* Get global (legacy) IPv4 statistics */ 9706 static mblk_t * 9707 ip_snmp_get_mib2_ip(queue_t *q, mblk_t *mpctl, mib2_ipIfStatsEntry_t *ipmib, 9708 ip_stack_t *ipst, boolean_t legacy_req) 9709 { 9710 mib2_ip_t old_ip_mib; 9711 struct opthdr *optp; 9712 mblk_t *mp2ctl; 9713 mib2_ipAddrEntry_t mae; 9714 9715 /* 9716 * make a copy of the original message 9717 */ 9718 mp2ctl = copymsg(mpctl); 9719 9720 /* fixed length IP structure... */ 9721 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 9722 optp->level = MIB2_IP; 9723 optp->name = 0; 9724 SET_MIB(old_ip_mib.ipForwarding, 9725 (WE_ARE_FORWARDING(ipst) ? 1 : 2)); 9726 SET_MIB(old_ip_mib.ipDefaultTTL, 9727 (uint32_t)ipst->ips_ip_def_ttl); 9728 SET_MIB(old_ip_mib.ipReasmTimeout, 9729 ipst->ips_ip_reassembly_timeout); 9730 SET_MIB(old_ip_mib.ipAddrEntrySize, 9731 (legacy_req) ? LEGACY_MIB_SIZE(&mae, mib2_ipAddrEntry_t) : 9732 sizeof (mib2_ipAddrEntry_t)); 9733 SET_MIB(old_ip_mib.ipRouteEntrySize, 9734 sizeof (mib2_ipRouteEntry_t)); 9735 SET_MIB(old_ip_mib.ipNetToMediaEntrySize, 9736 sizeof (mib2_ipNetToMediaEntry_t)); 9737 SET_MIB(old_ip_mib.ipMemberEntrySize, sizeof (ip_member_t)); 9738 SET_MIB(old_ip_mib.ipGroupSourceEntrySize, sizeof (ip_grpsrc_t)); 9739 SET_MIB(old_ip_mib.ipRouteAttributeSize, 9740 sizeof (mib2_ipAttributeEntry_t)); 9741 SET_MIB(old_ip_mib.transportMLPSize, sizeof (mib2_transportMLPEntry_t)); 9742 SET_MIB(old_ip_mib.ipDestEntrySize, sizeof (dest_cache_entry_t)); 9743 9744 /* 9745 * Grab the statistics from the new IP MIB 9746 */ 9747 SET_MIB(old_ip_mib.ipInReceives, 9748 (uint32_t)ipmib->ipIfStatsHCInReceives); 9749 SET_MIB(old_ip_mib.ipInHdrErrors, ipmib->ipIfStatsInHdrErrors); 9750 SET_MIB(old_ip_mib.ipInAddrErrors, ipmib->ipIfStatsInAddrErrors); 9751 SET_MIB(old_ip_mib.ipForwDatagrams, 9752 (uint32_t)ipmib->ipIfStatsHCOutForwDatagrams); 9753 SET_MIB(old_ip_mib.ipInUnknownProtos, 9754 ipmib->ipIfStatsInUnknownProtos); 9755 SET_MIB(old_ip_mib.ipInDiscards, ipmib->ipIfStatsInDiscards); 9756 SET_MIB(old_ip_mib.ipInDelivers, 9757 (uint32_t)ipmib->ipIfStatsHCInDelivers); 9758 SET_MIB(old_ip_mib.ipOutRequests, 9759 (uint32_t)ipmib->ipIfStatsHCOutRequests); 9760 SET_MIB(old_ip_mib.ipOutDiscards, ipmib->ipIfStatsOutDiscards); 9761 SET_MIB(old_ip_mib.ipOutNoRoutes, ipmib->ipIfStatsOutNoRoutes); 9762 SET_MIB(old_ip_mib.ipReasmReqds, ipmib->ipIfStatsReasmReqds); 9763 SET_MIB(old_ip_mib.ipReasmOKs, ipmib->ipIfStatsReasmOKs); 9764 SET_MIB(old_ip_mib.ipReasmFails, ipmib->ipIfStatsReasmFails); 9765 SET_MIB(old_ip_mib.ipFragOKs, ipmib->ipIfStatsOutFragOKs); 9766 SET_MIB(old_ip_mib.ipFragFails, ipmib->ipIfStatsOutFragFails); 9767 SET_MIB(old_ip_mib.ipFragCreates, ipmib->ipIfStatsOutFragCreates); 9768 9769 /* ipRoutingDiscards is not being used */ 9770 SET_MIB(old_ip_mib.ipRoutingDiscards, 0); 9771 SET_MIB(old_ip_mib.tcpInErrs, ipmib->tcpIfStatsInErrs); 9772 SET_MIB(old_ip_mib.udpNoPorts, ipmib->udpIfStatsNoPorts); 9773 SET_MIB(old_ip_mib.ipInCksumErrs, ipmib->ipIfStatsInCksumErrs); 9774 SET_MIB(old_ip_mib.ipReasmDuplicates, 9775 ipmib->ipIfStatsReasmDuplicates); 9776 SET_MIB(old_ip_mib.ipReasmPartDups, ipmib->ipIfStatsReasmPartDups); 9777 SET_MIB(old_ip_mib.ipForwProhibits, ipmib->ipIfStatsForwProhibits); 9778 SET_MIB(old_ip_mib.udpInCksumErrs, ipmib->udpIfStatsInCksumErrs); 9779 SET_MIB(old_ip_mib.udpInOverflows, ipmib->udpIfStatsInOverflows); 9780 SET_MIB(old_ip_mib.rawipInOverflows, 9781 ipmib->rawipIfStatsInOverflows); 9782 9783 SET_MIB(old_ip_mib.ipsecInSucceeded, ipmib->ipsecIfStatsInSucceeded); 9784 SET_MIB(old_ip_mib.ipsecInFailed, ipmib->ipsecIfStatsInFailed); 9785 SET_MIB(old_ip_mib.ipInIPv6, ipmib->ipIfStatsInWrongIPVersion); 9786 SET_MIB(old_ip_mib.ipOutIPv6, ipmib->ipIfStatsOutWrongIPVersion); 9787 SET_MIB(old_ip_mib.ipOutSwitchIPv6, 9788 ipmib->ipIfStatsOutSwitchIPVersion); 9789 9790 if (!snmp_append_data(mpctl->b_cont, (char *)&old_ip_mib, 9791 (int)sizeof (old_ip_mib))) { 9792 ip1dbg(("ip_snmp_get_mib2_ip: failed to allocate %u bytes\n", 9793 (uint_t)sizeof (old_ip_mib))); 9794 } 9795 9796 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 9797 ip3dbg(("ip_snmp_get_mib2_ip: level %d, name %d, len %d\n", 9798 (int)optp->level, (int)optp->name, (int)optp->len)); 9799 qreply(q, mpctl); 9800 return (mp2ctl); 9801 } 9802 9803 /* Per interface IPv4 statistics */ 9804 static mblk_t * 9805 ip_snmp_get_mib2_ip_traffic_stats(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst, 9806 boolean_t legacy_req) 9807 { 9808 struct opthdr *optp; 9809 mblk_t *mp2ctl; 9810 ill_t *ill; 9811 ill_walk_context_t ctx; 9812 mblk_t *mp_tail = NULL; 9813 mib2_ipIfStatsEntry_t global_ip_mib; 9814 mib2_ipAddrEntry_t mae; 9815 9816 /* 9817 * Make a copy of the original message 9818 */ 9819 mp2ctl = copymsg(mpctl); 9820 9821 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 9822 optp->level = MIB2_IP; 9823 optp->name = MIB2_IP_TRAFFIC_STATS; 9824 /* Include "unknown interface" ip_mib */ 9825 ipst->ips_ip_mib.ipIfStatsIPVersion = MIB2_INETADDRESSTYPE_ipv4; 9826 ipst->ips_ip_mib.ipIfStatsIfIndex = 9827 MIB2_UNKNOWN_INTERFACE; /* Flag to netstat */ 9828 SET_MIB(ipst->ips_ip_mib.ipIfStatsForwarding, 9829 (ipst->ips_ip_forwarding ? 1 : 2)); 9830 SET_MIB(ipst->ips_ip_mib.ipIfStatsDefaultTTL, 9831 (uint32_t)ipst->ips_ip_def_ttl); 9832 SET_MIB(ipst->ips_ip_mib.ipIfStatsEntrySize, 9833 sizeof (mib2_ipIfStatsEntry_t)); 9834 SET_MIB(ipst->ips_ip_mib.ipIfStatsAddrEntrySize, 9835 sizeof (mib2_ipAddrEntry_t)); 9836 SET_MIB(ipst->ips_ip_mib.ipIfStatsRouteEntrySize, 9837 sizeof (mib2_ipRouteEntry_t)); 9838 SET_MIB(ipst->ips_ip_mib.ipIfStatsNetToMediaEntrySize, 9839 sizeof (mib2_ipNetToMediaEntry_t)); 9840 SET_MIB(ipst->ips_ip_mib.ipIfStatsMemberEntrySize, 9841 sizeof (ip_member_t)); 9842 SET_MIB(ipst->ips_ip_mib.ipIfStatsGroupSourceEntrySize, 9843 sizeof (ip_grpsrc_t)); 9844 9845 bcopy(&ipst->ips_ip_mib, &global_ip_mib, sizeof (global_ip_mib)); 9846 9847 if (legacy_req) { 9848 SET_MIB(global_ip_mib.ipIfStatsAddrEntrySize, 9849 LEGACY_MIB_SIZE(&mae, mib2_ipAddrEntry_t)); 9850 } 9851 9852 if (!snmp_append_data2(mpctl->b_cont, &mp_tail, 9853 (char *)&global_ip_mib, (int)sizeof (global_ip_mib))) { 9854 ip1dbg(("ip_snmp_get_mib2_ip_traffic_stats: " 9855 "failed to allocate %u bytes\n", 9856 (uint_t)sizeof (global_ip_mib))); 9857 } 9858 9859 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 9860 ill = ILL_START_WALK_V4(&ctx, ipst); 9861 for (; ill != NULL; ill = ill_next(&ctx, ill)) { 9862 ill->ill_ip_mib->ipIfStatsIfIndex = 9863 ill->ill_phyint->phyint_ifindex; 9864 SET_MIB(ill->ill_ip_mib->ipIfStatsForwarding, 9865 (ipst->ips_ip_forwarding ? 1 : 2)); 9866 SET_MIB(ill->ill_ip_mib->ipIfStatsDefaultTTL, 9867 (uint32_t)ipst->ips_ip_def_ttl); 9868 9869 ip_mib2_add_ip_stats(&global_ip_mib, ill->ill_ip_mib); 9870 if (!snmp_append_data2(mpctl->b_cont, &mp_tail, 9871 (char *)ill->ill_ip_mib, 9872 (int)sizeof (*ill->ill_ip_mib))) { 9873 ip1dbg(("ip_snmp_get_mib2_ip_traffic_stats: " 9874 "failed to allocate %u bytes\n", 9875 (uint_t)sizeof (*ill->ill_ip_mib))); 9876 } 9877 } 9878 rw_exit(&ipst->ips_ill_g_lock); 9879 9880 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 9881 ip3dbg(("ip_snmp_get_mib2_ip_traffic_stats: " 9882 "level %d, name %d, len %d\n", 9883 (int)optp->level, (int)optp->name, (int)optp->len)); 9884 qreply(q, mpctl); 9885 9886 if (mp2ctl == NULL) 9887 return (NULL); 9888 9889 return (ip_snmp_get_mib2_ip(q, mp2ctl, &global_ip_mib, ipst, 9890 legacy_req)); 9891 } 9892 9893 /* Global IPv4 ICMP statistics */ 9894 static mblk_t * 9895 ip_snmp_get_mib2_icmp(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst) 9896 { 9897 struct opthdr *optp; 9898 mblk_t *mp2ctl; 9899 9900 /* 9901 * Make a copy of the original message 9902 */ 9903 mp2ctl = copymsg(mpctl); 9904 9905 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 9906 optp->level = MIB2_ICMP; 9907 optp->name = 0; 9908 if (!snmp_append_data(mpctl->b_cont, (char *)&ipst->ips_icmp_mib, 9909 (int)sizeof (ipst->ips_icmp_mib))) { 9910 ip1dbg(("ip_snmp_get_mib2_icmp: failed to allocate %u bytes\n", 9911 (uint_t)sizeof (ipst->ips_icmp_mib))); 9912 } 9913 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 9914 ip3dbg(("ip_snmp_get_mib2_icmp: level %d, name %d, len %d\n", 9915 (int)optp->level, (int)optp->name, (int)optp->len)); 9916 qreply(q, mpctl); 9917 return (mp2ctl); 9918 } 9919 9920 /* Global IPv4 IGMP statistics */ 9921 static mblk_t * 9922 ip_snmp_get_mib2_igmp(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst) 9923 { 9924 struct opthdr *optp; 9925 mblk_t *mp2ctl; 9926 9927 /* 9928 * make a copy of the original message 9929 */ 9930 mp2ctl = copymsg(mpctl); 9931 9932 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 9933 optp->level = EXPER_IGMP; 9934 optp->name = 0; 9935 if (!snmp_append_data(mpctl->b_cont, (char *)&ipst->ips_igmpstat, 9936 (int)sizeof (ipst->ips_igmpstat))) { 9937 ip1dbg(("ip_snmp_get_mib2_igmp: failed to allocate %u bytes\n", 9938 (uint_t)sizeof (ipst->ips_igmpstat))); 9939 } 9940 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 9941 ip3dbg(("ip_snmp_get_mib2_igmp: level %d, name %d, len %d\n", 9942 (int)optp->level, (int)optp->name, (int)optp->len)); 9943 qreply(q, mpctl); 9944 return (mp2ctl); 9945 } 9946 9947 /* Global IPv4 Multicast Routing statistics */ 9948 static mblk_t * 9949 ip_snmp_get_mib2_multi(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst) 9950 { 9951 struct opthdr *optp; 9952 mblk_t *mp2ctl; 9953 9954 /* 9955 * make a copy of the original message 9956 */ 9957 mp2ctl = copymsg(mpctl); 9958 9959 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 9960 optp->level = EXPER_DVMRP; 9961 optp->name = 0; 9962 if (!ip_mroute_stats(mpctl->b_cont, ipst)) { 9963 ip0dbg(("ip_mroute_stats: failed\n")); 9964 } 9965 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 9966 ip3dbg(("ip_snmp_get_mib2_multi: level %d, name %d, len %d\n", 9967 (int)optp->level, (int)optp->name, (int)optp->len)); 9968 qreply(q, mpctl); 9969 return (mp2ctl); 9970 } 9971 9972 /* IPv4 address information */ 9973 static mblk_t * 9974 ip_snmp_get_mib2_ip_addr(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst, 9975 boolean_t legacy_req) 9976 { 9977 struct opthdr *optp; 9978 mblk_t *mp2ctl; 9979 mblk_t *mp_tail = NULL; 9980 ill_t *ill; 9981 ipif_t *ipif; 9982 uint_t bitval; 9983 mib2_ipAddrEntry_t mae; 9984 size_t mae_size; 9985 zoneid_t zoneid; 9986 ill_walk_context_t ctx; 9987 9988 /* 9989 * make a copy of the original message 9990 */ 9991 mp2ctl = copymsg(mpctl); 9992 9993 mae_size = (legacy_req) ? LEGACY_MIB_SIZE(&mae, mib2_ipAddrEntry_t) : 9994 sizeof (mib2_ipAddrEntry_t); 9995 9996 /* ipAddrEntryTable */ 9997 9998 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 9999 optp->level = MIB2_IP; 10000 optp->name = MIB2_IP_ADDR; 10001 zoneid = Q_TO_CONN(q)->conn_zoneid; 10002 10003 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 10004 ill = ILL_START_WALK_V4(&ctx, ipst); 10005 for (; ill != NULL; ill = ill_next(&ctx, ill)) { 10006 for (ipif = ill->ill_ipif; ipif != NULL; 10007 ipif = ipif->ipif_next) { 10008 if (ipif->ipif_zoneid != zoneid && 10009 ipif->ipif_zoneid != ALL_ZONES) 10010 continue; 10011 /* Sum of count from dead IRE_LO* and our current */ 10012 mae.ipAdEntInfo.ae_ibcnt = ipif->ipif_ib_pkt_count; 10013 if (ipif->ipif_ire_local != NULL) { 10014 mae.ipAdEntInfo.ae_ibcnt += 10015 ipif->ipif_ire_local->ire_ib_pkt_count; 10016 } 10017 mae.ipAdEntInfo.ae_obcnt = 0; 10018 mae.ipAdEntInfo.ae_focnt = 0; 10019 10020 ipif_get_name(ipif, mae.ipAdEntIfIndex.o_bytes, 10021 OCTET_LENGTH); 10022 mae.ipAdEntIfIndex.o_length = 10023 mi_strlen(mae.ipAdEntIfIndex.o_bytes); 10024 mae.ipAdEntAddr = ipif->ipif_lcl_addr; 10025 mae.ipAdEntNetMask = ipif->ipif_net_mask; 10026 mae.ipAdEntInfo.ae_subnet = ipif->ipif_subnet; 10027 mae.ipAdEntInfo.ae_subnet_len = 10028 ip_mask_to_plen(ipif->ipif_net_mask); 10029 mae.ipAdEntInfo.ae_src_addr = ipif->ipif_lcl_addr; 10030 for (bitval = 1; 10031 bitval && 10032 !(bitval & ipif->ipif_brd_addr); 10033 bitval <<= 1) 10034 noop; 10035 mae.ipAdEntBcastAddr = bitval; 10036 mae.ipAdEntReasmMaxSize = IP_MAXPACKET; 10037 mae.ipAdEntInfo.ae_mtu = ipif->ipif_ill->ill_mtu; 10038 mae.ipAdEntInfo.ae_metric = ipif->ipif_ill->ill_metric; 10039 mae.ipAdEntInfo.ae_broadcast_addr = 10040 ipif->ipif_brd_addr; 10041 mae.ipAdEntInfo.ae_pp_dst_addr = 10042 ipif->ipif_pp_dst_addr; 10043 mae.ipAdEntInfo.ae_flags = ipif->ipif_flags | 10044 ill->ill_flags | ill->ill_phyint->phyint_flags; 10045 mae.ipAdEntRetransmitTime = 10046 ill->ill_reachable_retrans_time; 10047 10048 if (!snmp_append_data2(mpctl->b_cont, &mp_tail, 10049 (char *)&mae, (int)mae_size)) { 10050 ip1dbg(("ip_snmp_get_mib2_ip_addr: failed to " 10051 "allocate %u bytes\n", (uint_t)mae_size)); 10052 } 10053 } 10054 } 10055 rw_exit(&ipst->ips_ill_g_lock); 10056 10057 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 10058 ip3dbg(("ip_snmp_get_mib2_ip_addr: level %d, name %d, len %d\n", 10059 (int)optp->level, (int)optp->name, (int)optp->len)); 10060 qreply(q, mpctl); 10061 return (mp2ctl); 10062 } 10063 10064 /* IPv6 address information */ 10065 static mblk_t * 10066 ip_snmp_get_mib2_ip6_addr(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst, 10067 boolean_t legacy_req) 10068 { 10069 struct opthdr *optp; 10070 mblk_t *mp2ctl; 10071 mblk_t *mp_tail = NULL; 10072 ill_t *ill; 10073 ipif_t *ipif; 10074 mib2_ipv6AddrEntry_t mae6; 10075 size_t mae6_size; 10076 zoneid_t zoneid; 10077 ill_walk_context_t ctx; 10078 10079 /* 10080 * make a copy of the original message 10081 */ 10082 mp2ctl = copymsg(mpctl); 10083 10084 mae6_size = (legacy_req) ? 10085 LEGACY_MIB_SIZE(&mae6, mib2_ipv6AddrEntry_t) : 10086 sizeof (mib2_ipv6AddrEntry_t); 10087 10088 /* ipv6AddrEntryTable */ 10089 10090 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 10091 optp->level = MIB2_IP6; 10092 optp->name = MIB2_IP6_ADDR; 10093 zoneid = Q_TO_CONN(q)->conn_zoneid; 10094 10095 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 10096 ill = ILL_START_WALK_V6(&ctx, ipst); 10097 for (; ill != NULL; ill = ill_next(&ctx, ill)) { 10098 for (ipif = ill->ill_ipif; ipif != NULL; 10099 ipif = ipif->ipif_next) { 10100 if (ipif->ipif_zoneid != zoneid && 10101 ipif->ipif_zoneid != ALL_ZONES) 10102 continue; 10103 /* Sum of count from dead IRE_LO* and our current */ 10104 mae6.ipv6AddrInfo.ae_ibcnt = ipif->ipif_ib_pkt_count; 10105 if (ipif->ipif_ire_local != NULL) { 10106 mae6.ipv6AddrInfo.ae_ibcnt += 10107 ipif->ipif_ire_local->ire_ib_pkt_count; 10108 } 10109 mae6.ipv6AddrInfo.ae_obcnt = 0; 10110 mae6.ipv6AddrInfo.ae_focnt = 0; 10111 10112 ipif_get_name(ipif, mae6.ipv6AddrIfIndex.o_bytes, 10113 OCTET_LENGTH); 10114 mae6.ipv6AddrIfIndex.o_length = 10115 mi_strlen(mae6.ipv6AddrIfIndex.o_bytes); 10116 mae6.ipv6AddrAddress = ipif->ipif_v6lcl_addr; 10117 mae6.ipv6AddrPfxLength = 10118 ip_mask_to_plen_v6(&ipif->ipif_v6net_mask); 10119 mae6.ipv6AddrInfo.ae_subnet = ipif->ipif_v6subnet; 10120 mae6.ipv6AddrInfo.ae_subnet_len = 10121 mae6.ipv6AddrPfxLength; 10122 mae6.ipv6AddrInfo.ae_src_addr = ipif->ipif_v6lcl_addr; 10123 10124 /* Type: stateless(1), stateful(2), unknown(3) */ 10125 if (ipif->ipif_flags & IPIF_ADDRCONF) 10126 mae6.ipv6AddrType = 1; 10127 else 10128 mae6.ipv6AddrType = 2; 10129 /* Anycast: true(1), false(2) */ 10130 if (ipif->ipif_flags & IPIF_ANYCAST) 10131 mae6.ipv6AddrAnycastFlag = 1; 10132 else 10133 mae6.ipv6AddrAnycastFlag = 2; 10134 10135 /* 10136 * Address status: preferred(1), deprecated(2), 10137 * invalid(3), inaccessible(4), unknown(5) 10138 */ 10139 if (ipif->ipif_flags & IPIF_NOLOCAL) 10140 mae6.ipv6AddrStatus = 3; 10141 else if (ipif->ipif_flags & IPIF_DEPRECATED) 10142 mae6.ipv6AddrStatus = 2; 10143 else 10144 mae6.ipv6AddrStatus = 1; 10145 mae6.ipv6AddrInfo.ae_mtu = ipif->ipif_ill->ill_mtu; 10146 mae6.ipv6AddrInfo.ae_metric = 10147 ipif->ipif_ill->ill_metric; 10148 mae6.ipv6AddrInfo.ae_pp_dst_addr = 10149 ipif->ipif_v6pp_dst_addr; 10150 mae6.ipv6AddrInfo.ae_flags = ipif->ipif_flags | 10151 ill->ill_flags | ill->ill_phyint->phyint_flags; 10152 mae6.ipv6AddrReasmMaxSize = IP_MAXPACKET; 10153 mae6.ipv6AddrIdentifier = ill->ill_token; 10154 mae6.ipv6AddrIdentifierLen = ill->ill_token_length; 10155 mae6.ipv6AddrReachableTime = ill->ill_reachable_time; 10156 mae6.ipv6AddrRetransmitTime = 10157 ill->ill_reachable_retrans_time; 10158 if (!snmp_append_data2(mpctl->b_cont, &mp_tail, 10159 (char *)&mae6, (int)mae6_size)) { 10160 ip1dbg(("ip_snmp_get_mib2_ip6_addr: failed to " 10161 "allocate %u bytes\n", 10162 (uint_t)mae6_size)); 10163 } 10164 } 10165 } 10166 rw_exit(&ipst->ips_ill_g_lock); 10167 10168 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 10169 ip3dbg(("ip_snmp_get_mib2_ip6_addr: level %d, name %d, len %d\n", 10170 (int)optp->level, (int)optp->name, (int)optp->len)); 10171 qreply(q, mpctl); 10172 return (mp2ctl); 10173 } 10174 10175 /* IPv4 multicast group membership. */ 10176 static mblk_t * 10177 ip_snmp_get_mib2_ip_group_mem(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst) 10178 { 10179 struct opthdr *optp; 10180 mblk_t *mp2ctl; 10181 ill_t *ill; 10182 ipif_t *ipif; 10183 ilm_t *ilm; 10184 ip_member_t ipm; 10185 mblk_t *mp_tail = NULL; 10186 ill_walk_context_t ctx; 10187 zoneid_t zoneid; 10188 10189 /* 10190 * make a copy of the original message 10191 */ 10192 mp2ctl = copymsg(mpctl); 10193 zoneid = Q_TO_CONN(q)->conn_zoneid; 10194 10195 /* ipGroupMember table */ 10196 optp = (struct opthdr *)&mpctl->b_rptr[ 10197 sizeof (struct T_optmgmt_ack)]; 10198 optp->level = MIB2_IP; 10199 optp->name = EXPER_IP_GROUP_MEMBERSHIP; 10200 10201 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 10202 ill = ILL_START_WALK_V4(&ctx, ipst); 10203 for (; ill != NULL; ill = ill_next(&ctx, ill)) { 10204 /* Make sure the ill isn't going away. */ 10205 if (!ill_check_and_refhold(ill)) 10206 continue; 10207 rw_exit(&ipst->ips_ill_g_lock); 10208 rw_enter(&ill->ill_mcast_lock, RW_READER); 10209 for (ilm = ill->ill_ilm; ilm; ilm = ilm->ilm_next) { 10210 if (ilm->ilm_zoneid != zoneid && 10211 ilm->ilm_zoneid != ALL_ZONES) 10212 continue; 10213 10214 /* Is there an ipif for ilm_ifaddr? */ 10215 for (ipif = ill->ill_ipif; ipif != NULL; 10216 ipif = ipif->ipif_next) { 10217 if (!IPIF_IS_CONDEMNED(ipif) && 10218 ipif->ipif_lcl_addr == ilm->ilm_ifaddr && 10219 ilm->ilm_ifaddr != INADDR_ANY) 10220 break; 10221 } 10222 if (ipif != NULL) { 10223 ipif_get_name(ipif, 10224 ipm.ipGroupMemberIfIndex.o_bytes, 10225 OCTET_LENGTH); 10226 } else { 10227 ill_get_name(ill, 10228 ipm.ipGroupMemberIfIndex.o_bytes, 10229 OCTET_LENGTH); 10230 } 10231 ipm.ipGroupMemberIfIndex.o_length = 10232 mi_strlen(ipm.ipGroupMemberIfIndex.o_bytes); 10233 10234 ipm.ipGroupMemberAddress = ilm->ilm_addr; 10235 ipm.ipGroupMemberRefCnt = ilm->ilm_refcnt; 10236 ipm.ipGroupMemberFilterMode = ilm->ilm_fmode; 10237 if (!snmp_append_data2(mpctl->b_cont, &mp_tail, 10238 (char *)&ipm, (int)sizeof (ipm))) { 10239 ip1dbg(("ip_snmp_get_mib2_ip_group: " 10240 "failed to allocate %u bytes\n", 10241 (uint_t)sizeof (ipm))); 10242 } 10243 } 10244 rw_exit(&ill->ill_mcast_lock); 10245 ill_refrele(ill); 10246 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 10247 } 10248 rw_exit(&ipst->ips_ill_g_lock); 10249 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 10250 ip3dbg(("ip_snmp_get: level %d, name %d, len %d\n", 10251 (int)optp->level, (int)optp->name, (int)optp->len)); 10252 qreply(q, mpctl); 10253 return (mp2ctl); 10254 } 10255 10256 /* IPv6 multicast group membership. */ 10257 static mblk_t * 10258 ip_snmp_get_mib2_ip6_group_mem(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst) 10259 { 10260 struct opthdr *optp; 10261 mblk_t *mp2ctl; 10262 ill_t *ill; 10263 ilm_t *ilm; 10264 ipv6_member_t ipm6; 10265 mblk_t *mp_tail = NULL; 10266 ill_walk_context_t ctx; 10267 zoneid_t zoneid; 10268 10269 /* 10270 * make a copy of the original message 10271 */ 10272 mp2ctl = copymsg(mpctl); 10273 zoneid = Q_TO_CONN(q)->conn_zoneid; 10274 10275 /* ip6GroupMember table */ 10276 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 10277 optp->level = MIB2_IP6; 10278 optp->name = EXPER_IP6_GROUP_MEMBERSHIP; 10279 10280 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 10281 ill = ILL_START_WALK_V6(&ctx, ipst); 10282 for (; ill != NULL; ill = ill_next(&ctx, ill)) { 10283 /* Make sure the ill isn't going away. */ 10284 if (!ill_check_and_refhold(ill)) 10285 continue; 10286 rw_exit(&ipst->ips_ill_g_lock); 10287 /* 10288 * Normally we don't have any members on under IPMP interfaces. 10289 * We report them as a debugging aid. 10290 */ 10291 rw_enter(&ill->ill_mcast_lock, RW_READER); 10292 ipm6.ipv6GroupMemberIfIndex = ill->ill_phyint->phyint_ifindex; 10293 for (ilm = ill->ill_ilm; ilm; ilm = ilm->ilm_next) { 10294 if (ilm->ilm_zoneid != zoneid && 10295 ilm->ilm_zoneid != ALL_ZONES) 10296 continue; /* not this zone */ 10297 ipm6.ipv6GroupMemberAddress = ilm->ilm_v6addr; 10298 ipm6.ipv6GroupMemberRefCnt = ilm->ilm_refcnt; 10299 ipm6.ipv6GroupMemberFilterMode = ilm->ilm_fmode; 10300 if (!snmp_append_data2(mpctl->b_cont, 10301 &mp_tail, 10302 (char *)&ipm6, (int)sizeof (ipm6))) { 10303 ip1dbg(("ip_snmp_get_mib2_ip6_group: " 10304 "failed to allocate %u bytes\n", 10305 (uint_t)sizeof (ipm6))); 10306 } 10307 } 10308 rw_exit(&ill->ill_mcast_lock); 10309 ill_refrele(ill); 10310 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 10311 } 10312 rw_exit(&ipst->ips_ill_g_lock); 10313 10314 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 10315 ip3dbg(("ip_snmp_get: level %d, name %d, len %d\n", 10316 (int)optp->level, (int)optp->name, (int)optp->len)); 10317 qreply(q, mpctl); 10318 return (mp2ctl); 10319 } 10320 10321 /* IP multicast filtered sources */ 10322 static mblk_t * 10323 ip_snmp_get_mib2_ip_group_src(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst) 10324 { 10325 struct opthdr *optp; 10326 mblk_t *mp2ctl; 10327 ill_t *ill; 10328 ipif_t *ipif; 10329 ilm_t *ilm; 10330 ip_grpsrc_t ips; 10331 mblk_t *mp_tail = NULL; 10332 ill_walk_context_t ctx; 10333 zoneid_t zoneid; 10334 int i; 10335 slist_t *sl; 10336 10337 /* 10338 * make a copy of the original message 10339 */ 10340 mp2ctl = copymsg(mpctl); 10341 zoneid = Q_TO_CONN(q)->conn_zoneid; 10342 10343 /* ipGroupSource table */ 10344 optp = (struct opthdr *)&mpctl->b_rptr[ 10345 sizeof (struct T_optmgmt_ack)]; 10346 optp->level = MIB2_IP; 10347 optp->name = EXPER_IP_GROUP_SOURCES; 10348 10349 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 10350 ill = ILL_START_WALK_V4(&ctx, ipst); 10351 for (; ill != NULL; ill = ill_next(&ctx, ill)) { 10352 /* Make sure the ill isn't going away. */ 10353 if (!ill_check_and_refhold(ill)) 10354 continue; 10355 rw_exit(&ipst->ips_ill_g_lock); 10356 rw_enter(&ill->ill_mcast_lock, RW_READER); 10357 for (ilm = ill->ill_ilm; ilm; ilm = ilm->ilm_next) { 10358 sl = ilm->ilm_filter; 10359 if (ilm->ilm_zoneid != zoneid && 10360 ilm->ilm_zoneid != ALL_ZONES) 10361 continue; 10362 if (SLIST_IS_EMPTY(sl)) 10363 continue; 10364 10365 /* Is there an ipif for ilm_ifaddr? */ 10366 for (ipif = ill->ill_ipif; ipif != NULL; 10367 ipif = ipif->ipif_next) { 10368 if (!IPIF_IS_CONDEMNED(ipif) && 10369 ipif->ipif_lcl_addr == ilm->ilm_ifaddr && 10370 ilm->ilm_ifaddr != INADDR_ANY) 10371 break; 10372 } 10373 if (ipif != NULL) { 10374 ipif_get_name(ipif, 10375 ips.ipGroupSourceIfIndex.o_bytes, 10376 OCTET_LENGTH); 10377 } else { 10378 ill_get_name(ill, 10379 ips.ipGroupSourceIfIndex.o_bytes, 10380 OCTET_LENGTH); 10381 } 10382 ips.ipGroupSourceIfIndex.o_length = 10383 mi_strlen(ips.ipGroupSourceIfIndex.o_bytes); 10384 10385 ips.ipGroupSourceGroup = ilm->ilm_addr; 10386 for (i = 0; i < sl->sl_numsrc; i++) { 10387 if (!IN6_IS_ADDR_V4MAPPED(&sl->sl_addr[i])) 10388 continue; 10389 IN6_V4MAPPED_TO_IPADDR(&sl->sl_addr[i], 10390 ips.ipGroupSourceAddress); 10391 if (snmp_append_data2(mpctl->b_cont, &mp_tail, 10392 (char *)&ips, (int)sizeof (ips)) == 0) { 10393 ip1dbg(("ip_snmp_get_mib2_ip_group_src:" 10394 " failed to allocate %u bytes\n", 10395 (uint_t)sizeof (ips))); 10396 } 10397 } 10398 } 10399 rw_exit(&ill->ill_mcast_lock); 10400 ill_refrele(ill); 10401 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 10402 } 10403 rw_exit(&ipst->ips_ill_g_lock); 10404 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 10405 ip3dbg(("ip_snmp_get: level %d, name %d, len %d\n", 10406 (int)optp->level, (int)optp->name, (int)optp->len)); 10407 qreply(q, mpctl); 10408 return (mp2ctl); 10409 } 10410 10411 /* IPv6 multicast filtered sources. */ 10412 static mblk_t * 10413 ip_snmp_get_mib2_ip6_group_src(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst) 10414 { 10415 struct opthdr *optp; 10416 mblk_t *mp2ctl; 10417 ill_t *ill; 10418 ilm_t *ilm; 10419 ipv6_grpsrc_t ips6; 10420 mblk_t *mp_tail = NULL; 10421 ill_walk_context_t ctx; 10422 zoneid_t zoneid; 10423 int i; 10424 slist_t *sl; 10425 10426 /* 10427 * make a copy of the original message 10428 */ 10429 mp2ctl = copymsg(mpctl); 10430 zoneid = Q_TO_CONN(q)->conn_zoneid; 10431 10432 /* ip6GroupMember table */ 10433 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 10434 optp->level = MIB2_IP6; 10435 optp->name = EXPER_IP6_GROUP_SOURCES; 10436 10437 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 10438 ill = ILL_START_WALK_V6(&ctx, ipst); 10439 for (; ill != NULL; ill = ill_next(&ctx, ill)) { 10440 /* Make sure the ill isn't going away. */ 10441 if (!ill_check_and_refhold(ill)) 10442 continue; 10443 rw_exit(&ipst->ips_ill_g_lock); 10444 /* 10445 * Normally we don't have any members on under IPMP interfaces. 10446 * We report them as a debugging aid. 10447 */ 10448 rw_enter(&ill->ill_mcast_lock, RW_READER); 10449 ips6.ipv6GroupSourceIfIndex = ill->ill_phyint->phyint_ifindex; 10450 for (ilm = ill->ill_ilm; ilm; ilm = ilm->ilm_next) { 10451 sl = ilm->ilm_filter; 10452 if (ilm->ilm_zoneid != zoneid && 10453 ilm->ilm_zoneid != ALL_ZONES) 10454 continue; 10455 if (SLIST_IS_EMPTY(sl)) 10456 continue; 10457 ips6.ipv6GroupSourceGroup = ilm->ilm_v6addr; 10458 for (i = 0; i < sl->sl_numsrc; i++) { 10459 ips6.ipv6GroupSourceAddress = sl->sl_addr[i]; 10460 if (!snmp_append_data2(mpctl->b_cont, &mp_tail, 10461 (char *)&ips6, (int)sizeof (ips6))) { 10462 ip1dbg(("ip_snmp_get_mib2_ip6_" 10463 "group_src: failed to allocate " 10464 "%u bytes\n", 10465 (uint_t)sizeof (ips6))); 10466 } 10467 } 10468 } 10469 rw_exit(&ill->ill_mcast_lock); 10470 ill_refrele(ill); 10471 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 10472 } 10473 rw_exit(&ipst->ips_ill_g_lock); 10474 10475 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 10476 ip3dbg(("ip_snmp_get: level %d, name %d, len %d\n", 10477 (int)optp->level, (int)optp->name, (int)optp->len)); 10478 qreply(q, mpctl); 10479 return (mp2ctl); 10480 } 10481 10482 /* Multicast routing virtual interface table. */ 10483 static mblk_t * 10484 ip_snmp_get_mib2_virt_multi(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst) 10485 { 10486 struct opthdr *optp; 10487 mblk_t *mp2ctl; 10488 10489 /* 10490 * make a copy of the original message 10491 */ 10492 mp2ctl = copymsg(mpctl); 10493 10494 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 10495 optp->level = EXPER_DVMRP; 10496 optp->name = EXPER_DVMRP_VIF; 10497 if (!ip_mroute_vif(mpctl->b_cont, ipst)) { 10498 ip0dbg(("ip_mroute_vif: failed\n")); 10499 } 10500 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 10501 ip3dbg(("ip_snmp_get_mib2_virt_multi: level %d, name %d, len %d\n", 10502 (int)optp->level, (int)optp->name, (int)optp->len)); 10503 qreply(q, mpctl); 10504 return (mp2ctl); 10505 } 10506 10507 /* Multicast routing table. */ 10508 static mblk_t * 10509 ip_snmp_get_mib2_multi_rtable(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst) 10510 { 10511 struct opthdr *optp; 10512 mblk_t *mp2ctl; 10513 10514 /* 10515 * make a copy of the original message 10516 */ 10517 mp2ctl = copymsg(mpctl); 10518 10519 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 10520 optp->level = EXPER_DVMRP; 10521 optp->name = EXPER_DVMRP_MRT; 10522 if (!ip_mroute_mrt(mpctl->b_cont, ipst)) { 10523 ip0dbg(("ip_mroute_mrt: failed\n")); 10524 } 10525 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 10526 ip3dbg(("ip_snmp_get_mib2_multi_rtable: level %d, name %d, len %d\n", 10527 (int)optp->level, (int)optp->name, (int)optp->len)); 10528 qreply(q, mpctl); 10529 return (mp2ctl); 10530 } 10531 10532 /* 10533 * Return ipRouteEntryTable, ipNetToMediaEntryTable, and ipRouteAttributeTable 10534 * in one IRE walk. 10535 */ 10536 static mblk_t * 10537 ip_snmp_get_mib2_ip_route_media(queue_t *q, mblk_t *mpctl, int level, 10538 ip_stack_t *ipst) 10539 { 10540 struct opthdr *optp; 10541 mblk_t *mp2ctl; /* Returned */ 10542 mblk_t *mp3ctl; /* nettomedia */ 10543 mblk_t *mp4ctl; /* routeattrs */ 10544 iproutedata_t ird; 10545 zoneid_t zoneid; 10546 10547 /* 10548 * make copies of the original message 10549 * - mp2ctl is returned unchanged to the caller for his use 10550 * - mpctl is sent upstream as ipRouteEntryTable 10551 * - mp3ctl is sent upstream as ipNetToMediaEntryTable 10552 * - mp4ctl is sent upstream as ipRouteAttributeTable 10553 */ 10554 mp2ctl = copymsg(mpctl); 10555 mp3ctl = copymsg(mpctl); 10556 mp4ctl = copymsg(mpctl); 10557 if (mp3ctl == NULL || mp4ctl == NULL) { 10558 freemsg(mp4ctl); 10559 freemsg(mp3ctl); 10560 freemsg(mp2ctl); 10561 freemsg(mpctl); 10562 return (NULL); 10563 } 10564 10565 bzero(&ird, sizeof (ird)); 10566 10567 ird.ird_route.lp_head = mpctl->b_cont; 10568 ird.ird_netmedia.lp_head = mp3ctl->b_cont; 10569 ird.ird_attrs.lp_head = mp4ctl->b_cont; 10570 /* 10571 * If the level has been set the special EXPER_IP_AND_ALL_IRES value, 10572 * then also include ire_testhidden IREs and IRE_IF_CLONE. This is 10573 * intended a temporary solution until a proper MIB API is provided 10574 * that provides complete filtering/caller-opt-in. 10575 */ 10576 if (level == EXPER_IP_AND_ALL_IRES) 10577 ird.ird_flags |= IRD_REPORT_ALL; 10578 10579 zoneid = Q_TO_CONN(q)->conn_zoneid; 10580 ire_walk_v4(ip_snmp_get2_v4, &ird, zoneid, ipst); 10581 10582 /* ipRouteEntryTable in mpctl */ 10583 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 10584 optp->level = MIB2_IP; 10585 optp->name = MIB2_IP_ROUTE; 10586 optp->len = msgdsize(ird.ird_route.lp_head); 10587 ip3dbg(("ip_snmp_get_mib2_ip_route_media: level %d, name %d, len %d\n", 10588 (int)optp->level, (int)optp->name, (int)optp->len)); 10589 qreply(q, mpctl); 10590 10591 /* ipNetToMediaEntryTable in mp3ctl */ 10592 ncec_walk(NULL, ip_snmp_get2_v4_media, &ird, ipst); 10593 10594 optp = (struct opthdr *)&mp3ctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 10595 optp->level = MIB2_IP; 10596 optp->name = MIB2_IP_MEDIA; 10597 optp->len = msgdsize(ird.ird_netmedia.lp_head); 10598 ip3dbg(("ip_snmp_get_mib2_ip_route_media: level %d, name %d, len %d\n", 10599 (int)optp->level, (int)optp->name, (int)optp->len)); 10600 qreply(q, mp3ctl); 10601 10602 /* ipRouteAttributeTable in mp4ctl */ 10603 optp = (struct opthdr *)&mp4ctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 10604 optp->level = MIB2_IP; 10605 optp->name = EXPER_IP_RTATTR; 10606 optp->len = msgdsize(ird.ird_attrs.lp_head); 10607 ip3dbg(("ip_snmp_get_mib2_ip_route_media: level %d, name %d, len %d\n", 10608 (int)optp->level, (int)optp->name, (int)optp->len)); 10609 if (optp->len == 0) 10610 freemsg(mp4ctl); 10611 else 10612 qreply(q, mp4ctl); 10613 10614 return (mp2ctl); 10615 } 10616 10617 /* 10618 * Return ipv6RouteEntryTable and ipv6RouteAttributeTable in one IRE walk, and 10619 * ipv6NetToMediaEntryTable in an NDP walk. 10620 */ 10621 static mblk_t * 10622 ip_snmp_get_mib2_ip6_route_media(queue_t *q, mblk_t *mpctl, int level, 10623 ip_stack_t *ipst) 10624 { 10625 struct opthdr *optp; 10626 mblk_t *mp2ctl; /* Returned */ 10627 mblk_t *mp3ctl; /* nettomedia */ 10628 mblk_t *mp4ctl; /* routeattrs */ 10629 iproutedata_t ird; 10630 zoneid_t zoneid; 10631 10632 /* 10633 * make copies of the original message 10634 * - mp2ctl is returned unchanged to the caller for his use 10635 * - mpctl is sent upstream as ipv6RouteEntryTable 10636 * - mp3ctl is sent upstream as ipv6NetToMediaEntryTable 10637 * - mp4ctl is sent upstream as ipv6RouteAttributeTable 10638 */ 10639 mp2ctl = copymsg(mpctl); 10640 mp3ctl = copymsg(mpctl); 10641 mp4ctl = copymsg(mpctl); 10642 if (mp3ctl == NULL || mp4ctl == NULL) { 10643 freemsg(mp4ctl); 10644 freemsg(mp3ctl); 10645 freemsg(mp2ctl); 10646 freemsg(mpctl); 10647 return (NULL); 10648 } 10649 10650 bzero(&ird, sizeof (ird)); 10651 10652 ird.ird_route.lp_head = mpctl->b_cont; 10653 ird.ird_netmedia.lp_head = mp3ctl->b_cont; 10654 ird.ird_attrs.lp_head = mp4ctl->b_cont; 10655 /* 10656 * If the level has been set the special EXPER_IP_AND_ALL_IRES value, 10657 * then also include ire_testhidden IREs and IRE_IF_CLONE. This is 10658 * intended a temporary solution until a proper MIB API is provided 10659 * that provides complete filtering/caller-opt-in. 10660 */ 10661 if (level == EXPER_IP_AND_ALL_IRES) 10662 ird.ird_flags |= IRD_REPORT_ALL; 10663 10664 zoneid = Q_TO_CONN(q)->conn_zoneid; 10665 ire_walk_v6(ip_snmp_get2_v6_route, &ird, zoneid, ipst); 10666 10667 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 10668 optp->level = MIB2_IP6; 10669 optp->name = MIB2_IP6_ROUTE; 10670 optp->len = msgdsize(ird.ird_route.lp_head); 10671 ip3dbg(("ip_snmp_get_mib2_ip6_route_media: level %d, name %d, len %d\n", 10672 (int)optp->level, (int)optp->name, (int)optp->len)); 10673 qreply(q, mpctl); 10674 10675 /* ipv6NetToMediaEntryTable in mp3ctl */ 10676 ncec_walk(NULL, ip_snmp_get2_v6_media, &ird, ipst); 10677 10678 optp = (struct opthdr *)&mp3ctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 10679 optp->level = MIB2_IP6; 10680 optp->name = MIB2_IP6_MEDIA; 10681 optp->len = msgdsize(ird.ird_netmedia.lp_head); 10682 ip3dbg(("ip_snmp_get_mib2_ip6_route_media: level %d, name %d, len %d\n", 10683 (int)optp->level, (int)optp->name, (int)optp->len)); 10684 qreply(q, mp3ctl); 10685 10686 /* ipv6RouteAttributeTable in mp4ctl */ 10687 optp = (struct opthdr *)&mp4ctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 10688 optp->level = MIB2_IP6; 10689 optp->name = EXPER_IP_RTATTR; 10690 optp->len = msgdsize(ird.ird_attrs.lp_head); 10691 ip3dbg(("ip_snmp_get_mib2_ip6_route_media: level %d, name %d, len %d\n", 10692 (int)optp->level, (int)optp->name, (int)optp->len)); 10693 if (optp->len == 0) 10694 freemsg(mp4ctl); 10695 else 10696 qreply(q, mp4ctl); 10697 10698 return (mp2ctl); 10699 } 10700 10701 /* 10702 * IPv6 mib: One per ill 10703 */ 10704 static mblk_t * 10705 ip_snmp_get_mib2_ip6(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst, 10706 boolean_t legacy_req) 10707 { 10708 struct opthdr *optp; 10709 mblk_t *mp2ctl; 10710 ill_t *ill; 10711 ill_walk_context_t ctx; 10712 mblk_t *mp_tail = NULL; 10713 mib2_ipv6AddrEntry_t mae6; 10714 mib2_ipIfStatsEntry_t *ise; 10715 size_t ise_size, iae_size; 10716 10717 /* 10718 * Make a copy of the original message 10719 */ 10720 mp2ctl = copymsg(mpctl); 10721 10722 /* fixed length IPv6 structure ... */ 10723 10724 if (legacy_req) { 10725 ise_size = LEGACY_MIB_SIZE(&ipst->ips_ip6_mib, 10726 mib2_ipIfStatsEntry_t); 10727 iae_size = LEGACY_MIB_SIZE(&mae6, mib2_ipv6AddrEntry_t); 10728 } else { 10729 ise_size = sizeof (mib2_ipIfStatsEntry_t); 10730 iae_size = sizeof (mib2_ipv6AddrEntry_t); 10731 } 10732 10733 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 10734 optp->level = MIB2_IP6; 10735 optp->name = 0; 10736 /* Include "unknown interface" ip6_mib */ 10737 ipst->ips_ip6_mib.ipIfStatsIPVersion = MIB2_INETADDRESSTYPE_ipv6; 10738 ipst->ips_ip6_mib.ipIfStatsIfIndex = 10739 MIB2_UNKNOWN_INTERFACE; /* Flag to netstat */ 10740 SET_MIB(ipst->ips_ip6_mib.ipIfStatsForwarding, 10741 ipst->ips_ipv6_forwarding ? 1 : 2); 10742 SET_MIB(ipst->ips_ip6_mib.ipIfStatsDefaultHopLimit, 10743 ipst->ips_ipv6_def_hops); 10744 SET_MIB(ipst->ips_ip6_mib.ipIfStatsEntrySize, 10745 sizeof (mib2_ipIfStatsEntry_t)); 10746 SET_MIB(ipst->ips_ip6_mib.ipIfStatsAddrEntrySize, 10747 sizeof (mib2_ipv6AddrEntry_t)); 10748 SET_MIB(ipst->ips_ip6_mib.ipIfStatsRouteEntrySize, 10749 sizeof (mib2_ipv6RouteEntry_t)); 10750 SET_MIB(ipst->ips_ip6_mib.ipIfStatsNetToMediaEntrySize, 10751 sizeof (mib2_ipv6NetToMediaEntry_t)); 10752 SET_MIB(ipst->ips_ip6_mib.ipIfStatsMemberEntrySize, 10753 sizeof (ipv6_member_t)); 10754 SET_MIB(ipst->ips_ip6_mib.ipIfStatsGroupSourceEntrySize, 10755 sizeof (ipv6_grpsrc_t)); 10756 10757 /* 10758 * Synchronize 64- and 32-bit counters 10759 */ 10760 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsInReceives, 10761 ipIfStatsHCInReceives); 10762 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsInDelivers, 10763 ipIfStatsHCInDelivers); 10764 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsOutRequests, 10765 ipIfStatsHCOutRequests); 10766 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsOutForwDatagrams, 10767 ipIfStatsHCOutForwDatagrams); 10768 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsOutMcastPkts, 10769 ipIfStatsHCOutMcastPkts); 10770 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsInMcastPkts, 10771 ipIfStatsHCInMcastPkts); 10772 10773 if (!snmp_append_data2(mpctl->b_cont, &mp_tail, 10774 (char *)&ipst->ips_ip6_mib, (int)ise_size)) { 10775 ip1dbg(("ip_snmp_get_mib2_ip6: failed to allocate %u bytes\n", 10776 (uint_t)ise_size)); 10777 } else if (legacy_req) { 10778 /* Adjust the EntrySize fields for legacy requests. */ 10779 ise = 10780 (mib2_ipIfStatsEntry_t *)(mp_tail->b_wptr - (int)ise_size); 10781 SET_MIB(ise->ipIfStatsEntrySize, ise_size); 10782 SET_MIB(ise->ipIfStatsAddrEntrySize, iae_size); 10783 } 10784 10785 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 10786 ill = ILL_START_WALK_V6(&ctx, ipst); 10787 for (; ill != NULL; ill = ill_next(&ctx, ill)) { 10788 ill->ill_ip_mib->ipIfStatsIfIndex = 10789 ill->ill_phyint->phyint_ifindex; 10790 SET_MIB(ill->ill_ip_mib->ipIfStatsForwarding, 10791 ipst->ips_ipv6_forwarding ? 1 : 2); 10792 SET_MIB(ill->ill_ip_mib->ipIfStatsDefaultHopLimit, 10793 ill->ill_max_hops); 10794 10795 /* 10796 * Synchronize 64- and 32-bit counters 10797 */ 10798 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsInReceives, 10799 ipIfStatsHCInReceives); 10800 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsInDelivers, 10801 ipIfStatsHCInDelivers); 10802 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsOutRequests, 10803 ipIfStatsHCOutRequests); 10804 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsOutForwDatagrams, 10805 ipIfStatsHCOutForwDatagrams); 10806 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsOutMcastPkts, 10807 ipIfStatsHCOutMcastPkts); 10808 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsInMcastPkts, 10809 ipIfStatsHCInMcastPkts); 10810 10811 if (!snmp_append_data2(mpctl->b_cont, &mp_tail, 10812 (char *)ill->ill_ip_mib, (int)ise_size)) { 10813 ip1dbg(("ip_snmp_get_mib2_ip6: failed to allocate " 10814 "%u bytes\n", (uint_t)ise_size)); 10815 } else if (legacy_req) { 10816 /* Adjust the EntrySize fields for legacy requests. */ 10817 ise = (mib2_ipIfStatsEntry_t *)(mp_tail->b_wptr - 10818 (int)ise_size); 10819 SET_MIB(ise->ipIfStatsEntrySize, ise_size); 10820 SET_MIB(ise->ipIfStatsAddrEntrySize, iae_size); 10821 } 10822 } 10823 rw_exit(&ipst->ips_ill_g_lock); 10824 10825 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 10826 ip3dbg(("ip_snmp_get_mib2_ip6: level %d, name %d, len %d\n", 10827 (int)optp->level, (int)optp->name, (int)optp->len)); 10828 qreply(q, mpctl); 10829 return (mp2ctl); 10830 } 10831 10832 /* 10833 * ICMPv6 mib: One per ill 10834 */ 10835 static mblk_t * 10836 ip_snmp_get_mib2_icmp6(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst) 10837 { 10838 struct opthdr *optp; 10839 mblk_t *mp2ctl; 10840 ill_t *ill; 10841 ill_walk_context_t ctx; 10842 mblk_t *mp_tail = NULL; 10843 /* 10844 * Make a copy of the original message 10845 */ 10846 mp2ctl = copymsg(mpctl); 10847 10848 /* fixed length ICMPv6 structure ... */ 10849 10850 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 10851 optp->level = MIB2_ICMP6; 10852 optp->name = 0; 10853 /* Include "unknown interface" icmp6_mib */ 10854 ipst->ips_icmp6_mib.ipv6IfIcmpIfIndex = 10855 MIB2_UNKNOWN_INTERFACE; /* netstat flag */ 10856 ipst->ips_icmp6_mib.ipv6IfIcmpEntrySize = 10857 sizeof (mib2_ipv6IfIcmpEntry_t); 10858 if (!snmp_append_data2(mpctl->b_cont, &mp_tail, 10859 (char *)&ipst->ips_icmp6_mib, 10860 (int)sizeof (ipst->ips_icmp6_mib))) { 10861 ip1dbg(("ip_snmp_get_mib2_icmp6: failed to allocate %u bytes\n", 10862 (uint_t)sizeof (ipst->ips_icmp6_mib))); 10863 } 10864 10865 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 10866 ill = ILL_START_WALK_V6(&ctx, ipst); 10867 for (; ill != NULL; ill = ill_next(&ctx, ill)) { 10868 ill->ill_icmp6_mib->ipv6IfIcmpIfIndex = 10869 ill->ill_phyint->phyint_ifindex; 10870 if (!snmp_append_data2(mpctl->b_cont, &mp_tail, 10871 (char *)ill->ill_icmp6_mib, 10872 (int)sizeof (*ill->ill_icmp6_mib))) { 10873 ip1dbg(("ip_snmp_get_mib2_icmp6: failed to allocate " 10874 "%u bytes\n", 10875 (uint_t)sizeof (*ill->ill_icmp6_mib))); 10876 } 10877 } 10878 rw_exit(&ipst->ips_ill_g_lock); 10879 10880 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont); 10881 ip3dbg(("ip_snmp_get_mib2_icmp6: level %d, name %d, len %d\n", 10882 (int)optp->level, (int)optp->name, (int)optp->len)); 10883 qreply(q, mpctl); 10884 return (mp2ctl); 10885 } 10886 10887 /* 10888 * ire_walk routine to create both ipRouteEntryTable and 10889 * ipRouteAttributeTable in one IRE walk 10890 */ 10891 static void 10892 ip_snmp_get2_v4(ire_t *ire, iproutedata_t *ird) 10893 { 10894 ill_t *ill; 10895 mib2_ipRouteEntry_t *re; 10896 mib2_ipAttributeEntry_t iaes; 10897 tsol_ire_gw_secattr_t *attrp; 10898 tsol_gc_t *gc = NULL; 10899 tsol_gcgrp_t *gcgrp = NULL; 10900 ip_stack_t *ipst = ire->ire_ipst; 10901 10902 ASSERT(ire->ire_ipversion == IPV4_VERSION); 10903 10904 if (!(ird->ird_flags & IRD_REPORT_ALL)) { 10905 if (ire->ire_testhidden) 10906 return; 10907 if (ire->ire_type & IRE_IF_CLONE) 10908 return; 10909 } 10910 10911 if ((re = kmem_zalloc(sizeof (*re), KM_NOSLEEP)) == NULL) 10912 return; 10913 10914 if ((attrp = ire->ire_gw_secattr) != NULL) { 10915 mutex_enter(&attrp->igsa_lock); 10916 if ((gc = attrp->igsa_gc) != NULL) { 10917 gcgrp = gc->gc_grp; 10918 ASSERT(gcgrp != NULL); 10919 rw_enter(&gcgrp->gcgrp_rwlock, RW_READER); 10920 } 10921 mutex_exit(&attrp->igsa_lock); 10922 } 10923 /* 10924 * Return all IRE types for route table... let caller pick and choose 10925 */ 10926 re->ipRouteDest = ire->ire_addr; 10927 ill = ire->ire_ill; 10928 re->ipRouteIfIndex.o_length = 0; 10929 if (ill != NULL) { 10930 ill_get_name(ill, re->ipRouteIfIndex.o_bytes, OCTET_LENGTH); 10931 re->ipRouteIfIndex.o_length = 10932 mi_strlen(re->ipRouteIfIndex.o_bytes); 10933 } 10934 re->ipRouteMetric1 = -1; 10935 re->ipRouteMetric2 = -1; 10936 re->ipRouteMetric3 = -1; 10937 re->ipRouteMetric4 = -1; 10938 10939 re->ipRouteNextHop = ire->ire_gateway_addr; 10940 /* indirect(4), direct(3), or invalid(2) */ 10941 if (ire->ire_flags & (RTF_REJECT | RTF_BLACKHOLE)) 10942 re->ipRouteType = 2; 10943 else if (ire->ire_type & IRE_ONLINK) 10944 re->ipRouteType = 3; 10945 else 10946 re->ipRouteType = 4; 10947 10948 re->ipRouteProto = -1; 10949 re->ipRouteAge = gethrestime_sec() - ire->ire_create_time; 10950 re->ipRouteMask = ire->ire_mask; 10951 re->ipRouteMetric5 = -1; 10952 re->ipRouteInfo.re_max_frag = ire->ire_metrics.iulp_mtu; 10953 if (ire->ire_ill != NULL && re->ipRouteInfo.re_max_frag == 0) 10954 re->ipRouteInfo.re_max_frag = ire->ire_ill->ill_mtu; 10955 10956 re->ipRouteInfo.re_frag_flag = 0; 10957 re->ipRouteInfo.re_rtt = 0; 10958 re->ipRouteInfo.re_src_addr = 0; 10959 re->ipRouteInfo.re_ref = ire->ire_refcnt; 10960 re->ipRouteInfo.re_obpkt = ire->ire_ob_pkt_count; 10961 re->ipRouteInfo.re_ibpkt = ire->ire_ib_pkt_count; 10962 re->ipRouteInfo.re_flags = ire->ire_flags; 10963 10964 /* Add the IRE_IF_CLONE's counters to their parent IRE_INTERFACE */ 10965 if (ire->ire_type & IRE_INTERFACE) { 10966 ire_t *child; 10967 10968 rw_enter(&ipst->ips_ire_dep_lock, RW_READER); 10969 child = ire->ire_dep_children; 10970 while (child != NULL) { 10971 re->ipRouteInfo.re_obpkt += child->ire_ob_pkt_count; 10972 re->ipRouteInfo.re_ibpkt += child->ire_ib_pkt_count; 10973 child = child->ire_dep_sib_next; 10974 } 10975 rw_exit(&ipst->ips_ire_dep_lock); 10976 } 10977 10978 if (ire->ire_flags & RTF_DYNAMIC) { 10979 re->ipRouteInfo.re_ire_type = IRE_HOST_REDIRECT; 10980 } else { 10981 re->ipRouteInfo.re_ire_type = ire->ire_type; 10982 } 10983 10984 if (!snmp_append_data2(ird->ird_route.lp_head, &ird->ird_route.lp_tail, 10985 (char *)re, (int)sizeof (*re))) { 10986 ip1dbg(("ip_snmp_get2_v4: failed to allocate %u bytes\n", 10987 (uint_t)sizeof (*re))); 10988 } 10989 10990 if (gc != NULL) { 10991 iaes.iae_routeidx = ird->ird_idx; 10992 iaes.iae_doi = gc->gc_db->gcdb_doi; 10993 iaes.iae_slrange = gc->gc_db->gcdb_slrange; 10994 10995 if (!snmp_append_data2(ird->ird_attrs.lp_head, 10996 &ird->ird_attrs.lp_tail, (char *)&iaes, sizeof (iaes))) { 10997 ip1dbg(("ip_snmp_get2_v4: failed to allocate %u " 10998 "bytes\n", (uint_t)sizeof (iaes))); 10999 } 11000 } 11001 11002 /* bump route index for next pass */ 11003 ird->ird_idx++; 11004 11005 kmem_free(re, sizeof (*re)); 11006 if (gcgrp != NULL) 11007 rw_exit(&gcgrp->gcgrp_rwlock); 11008 } 11009 11010 /* 11011 * ire_walk routine to create ipv6RouteEntryTable and ipRouteEntryTable. 11012 */ 11013 static void 11014 ip_snmp_get2_v6_route(ire_t *ire, iproutedata_t *ird) 11015 { 11016 ill_t *ill; 11017 mib2_ipv6RouteEntry_t *re; 11018 mib2_ipAttributeEntry_t iaes; 11019 tsol_ire_gw_secattr_t *attrp; 11020 tsol_gc_t *gc = NULL; 11021 tsol_gcgrp_t *gcgrp = NULL; 11022 ip_stack_t *ipst = ire->ire_ipst; 11023 11024 ASSERT(ire->ire_ipversion == IPV6_VERSION); 11025 11026 if (!(ird->ird_flags & IRD_REPORT_ALL)) { 11027 if (ire->ire_testhidden) 11028 return; 11029 if (ire->ire_type & IRE_IF_CLONE) 11030 return; 11031 } 11032 11033 if ((re = kmem_zalloc(sizeof (*re), KM_NOSLEEP)) == NULL) 11034 return; 11035 11036 if ((attrp = ire->ire_gw_secattr) != NULL) { 11037 mutex_enter(&attrp->igsa_lock); 11038 if ((gc = attrp->igsa_gc) != NULL) { 11039 gcgrp = gc->gc_grp; 11040 ASSERT(gcgrp != NULL); 11041 rw_enter(&gcgrp->gcgrp_rwlock, RW_READER); 11042 } 11043 mutex_exit(&attrp->igsa_lock); 11044 } 11045 /* 11046 * Return all IRE types for route table... let caller pick and choose 11047 */ 11048 re->ipv6RouteDest = ire->ire_addr_v6; 11049 re->ipv6RoutePfxLength = ip_mask_to_plen_v6(&ire->ire_mask_v6); 11050 re->ipv6RouteIndex = 0; /* Unique when multiple with same dest/plen */ 11051 re->ipv6RouteIfIndex.o_length = 0; 11052 ill = ire->ire_ill; 11053 if (ill != NULL) { 11054 ill_get_name(ill, re->ipv6RouteIfIndex.o_bytes, OCTET_LENGTH); 11055 re->ipv6RouteIfIndex.o_length = 11056 mi_strlen(re->ipv6RouteIfIndex.o_bytes); 11057 } 11058 11059 ASSERT(!(ire->ire_type & IRE_BROADCAST)); 11060 11061 mutex_enter(&ire->ire_lock); 11062 re->ipv6RouteNextHop = ire->ire_gateway_addr_v6; 11063 mutex_exit(&ire->ire_lock); 11064 11065 /* remote(4), local(3), or discard(2) */ 11066 if (ire->ire_flags & (RTF_REJECT | RTF_BLACKHOLE)) 11067 re->ipv6RouteType = 2; 11068 else if (ire->ire_type & IRE_ONLINK) 11069 re->ipv6RouteType = 3; 11070 else 11071 re->ipv6RouteType = 4; 11072 11073 re->ipv6RouteProtocol = -1; 11074 re->ipv6RoutePolicy = 0; 11075 re->ipv6RouteAge = gethrestime_sec() - ire->ire_create_time; 11076 re->ipv6RouteNextHopRDI = 0; 11077 re->ipv6RouteWeight = 0; 11078 re->ipv6RouteMetric = 0; 11079 re->ipv6RouteInfo.re_max_frag = ire->ire_metrics.iulp_mtu; 11080 if (ire->ire_ill != NULL && re->ipv6RouteInfo.re_max_frag == 0) 11081 re->ipv6RouteInfo.re_max_frag = ire->ire_ill->ill_mtu; 11082 11083 re->ipv6RouteInfo.re_frag_flag = 0; 11084 re->ipv6RouteInfo.re_rtt = 0; 11085 re->ipv6RouteInfo.re_src_addr = ipv6_all_zeros; 11086 re->ipv6RouteInfo.re_obpkt = ire->ire_ob_pkt_count; 11087 re->ipv6RouteInfo.re_ibpkt = ire->ire_ib_pkt_count; 11088 re->ipv6RouteInfo.re_ref = ire->ire_refcnt; 11089 re->ipv6RouteInfo.re_flags = ire->ire_flags; 11090 11091 /* Add the IRE_IF_CLONE's counters to their parent IRE_INTERFACE */ 11092 if (ire->ire_type & IRE_INTERFACE) { 11093 ire_t *child; 11094 11095 rw_enter(&ipst->ips_ire_dep_lock, RW_READER); 11096 child = ire->ire_dep_children; 11097 while (child != NULL) { 11098 re->ipv6RouteInfo.re_obpkt += child->ire_ob_pkt_count; 11099 re->ipv6RouteInfo.re_ibpkt += child->ire_ib_pkt_count; 11100 child = child->ire_dep_sib_next; 11101 } 11102 rw_exit(&ipst->ips_ire_dep_lock); 11103 } 11104 if (ire->ire_flags & RTF_DYNAMIC) { 11105 re->ipv6RouteInfo.re_ire_type = IRE_HOST_REDIRECT; 11106 } else { 11107 re->ipv6RouteInfo.re_ire_type = ire->ire_type; 11108 } 11109 11110 if (!snmp_append_data2(ird->ird_route.lp_head, &ird->ird_route.lp_tail, 11111 (char *)re, (int)sizeof (*re))) { 11112 ip1dbg(("ip_snmp_get2_v6: failed to allocate %u bytes\n", 11113 (uint_t)sizeof (*re))); 11114 } 11115 11116 if (gc != NULL) { 11117 iaes.iae_routeidx = ird->ird_idx; 11118 iaes.iae_doi = gc->gc_db->gcdb_doi; 11119 iaes.iae_slrange = gc->gc_db->gcdb_slrange; 11120 11121 if (!snmp_append_data2(ird->ird_attrs.lp_head, 11122 &ird->ird_attrs.lp_tail, (char *)&iaes, sizeof (iaes))) { 11123 ip1dbg(("ip_snmp_get2_v6: failed to allocate %u " 11124 "bytes\n", (uint_t)sizeof (iaes))); 11125 } 11126 } 11127 11128 /* bump route index for next pass */ 11129 ird->ird_idx++; 11130 11131 kmem_free(re, sizeof (*re)); 11132 if (gcgrp != NULL) 11133 rw_exit(&gcgrp->gcgrp_rwlock); 11134 } 11135 11136 /* 11137 * ncec_walk routine to create ipv6NetToMediaEntryTable 11138 */ 11139 static int 11140 ip_snmp_get2_v6_media(ncec_t *ncec, iproutedata_t *ird) 11141 { 11142 ill_t *ill; 11143 mib2_ipv6NetToMediaEntry_t ntme; 11144 11145 ill = ncec->ncec_ill; 11146 /* skip arpce entries, and loopback ncec entries */ 11147 if (ill->ill_isv6 == B_FALSE || ill->ill_net_type == IRE_LOOPBACK) 11148 return (0); 11149 /* 11150 * Neighbor cache entry attached to IRE with on-link 11151 * destination. 11152 * We report all IPMP groups on ncec_ill which is normally the upper. 11153 */ 11154 ntme.ipv6NetToMediaIfIndex = ill->ill_phyint->phyint_ifindex; 11155 ntme.ipv6NetToMediaNetAddress = ncec->ncec_addr; 11156 ntme.ipv6NetToMediaPhysAddress.o_length = ill->ill_phys_addr_length; 11157 if (ncec->ncec_lladdr != NULL) { 11158 bcopy(ncec->ncec_lladdr, ntme.ipv6NetToMediaPhysAddress.o_bytes, 11159 ntme.ipv6NetToMediaPhysAddress.o_length); 11160 } 11161 /* 11162 * Note: Returns ND_* states. Should be: 11163 * reachable(1), stale(2), delay(3), probe(4), 11164 * invalid(5), unknown(6) 11165 */ 11166 ntme.ipv6NetToMediaState = ncec->ncec_state; 11167 ntme.ipv6NetToMediaLastUpdated = 0; 11168 11169 /* other(1), dynamic(2), static(3), local(4) */ 11170 if (NCE_MYADDR(ncec)) { 11171 ntme.ipv6NetToMediaType = 4; 11172 } else if (ncec->ncec_flags & NCE_F_PUBLISH) { 11173 ntme.ipv6NetToMediaType = 1; /* proxy */ 11174 } else if (ncec->ncec_flags & NCE_F_STATIC) { 11175 ntme.ipv6NetToMediaType = 3; 11176 } else if (ncec->ncec_flags & (NCE_F_MCAST|NCE_F_BCAST)) { 11177 ntme.ipv6NetToMediaType = 1; 11178 } else { 11179 ntme.ipv6NetToMediaType = 2; 11180 } 11181 11182 if (!snmp_append_data2(ird->ird_netmedia.lp_head, 11183 &ird->ird_netmedia.lp_tail, (char *)&ntme, sizeof (ntme))) { 11184 ip1dbg(("ip_snmp_get2_v6_media: failed to allocate %u bytes\n", 11185 (uint_t)sizeof (ntme))); 11186 } 11187 return (0); 11188 } 11189 11190 int 11191 nce2ace(ncec_t *ncec) 11192 { 11193 int flags = 0; 11194 11195 if (NCE_ISREACHABLE(ncec)) 11196 flags |= ACE_F_RESOLVED; 11197 if (ncec->ncec_flags & NCE_F_AUTHORITY) 11198 flags |= ACE_F_AUTHORITY; 11199 if (ncec->ncec_flags & NCE_F_PUBLISH) 11200 flags |= ACE_F_PUBLISH; 11201 if ((ncec->ncec_flags & NCE_F_NONUD) != 0) 11202 flags |= ACE_F_PERMANENT; 11203 if (NCE_MYADDR(ncec)) 11204 flags |= (ACE_F_MYADDR | ACE_F_AUTHORITY); 11205 if (ncec->ncec_flags & NCE_F_UNVERIFIED) 11206 flags |= ACE_F_UNVERIFIED; 11207 if (ncec->ncec_flags & NCE_F_AUTHORITY) 11208 flags |= ACE_F_AUTHORITY; 11209 if (ncec->ncec_flags & NCE_F_DELAYED) 11210 flags |= ACE_F_DELAYED; 11211 return (flags); 11212 } 11213 11214 /* 11215 * ncec_walk routine to create ipNetToMediaEntryTable 11216 */ 11217 static int 11218 ip_snmp_get2_v4_media(ncec_t *ncec, iproutedata_t *ird) 11219 { 11220 ill_t *ill; 11221 mib2_ipNetToMediaEntry_t ntme; 11222 const char *name = "unknown"; 11223 ipaddr_t ncec_addr; 11224 11225 ill = ncec->ncec_ill; 11226 if (ill->ill_isv6 || (ncec->ncec_flags & NCE_F_BCAST) || 11227 ill->ill_net_type == IRE_LOOPBACK) 11228 return (0); 11229 11230 /* We report all IPMP groups on ncec_ill which is normally the upper. */ 11231 name = ill->ill_name; 11232 /* Based on RFC 4293: other(1), inval(2), dyn(3), stat(4) */ 11233 if (NCE_MYADDR(ncec)) { 11234 ntme.ipNetToMediaType = 4; 11235 } else if (ncec->ncec_flags & (NCE_F_MCAST|NCE_F_BCAST|NCE_F_PUBLISH)) { 11236 ntme.ipNetToMediaType = 1; 11237 } else { 11238 ntme.ipNetToMediaType = 3; 11239 } 11240 ntme.ipNetToMediaIfIndex.o_length = MIN(OCTET_LENGTH, strlen(name)); 11241 bcopy(name, ntme.ipNetToMediaIfIndex.o_bytes, 11242 ntme.ipNetToMediaIfIndex.o_length); 11243 11244 IN6_V4MAPPED_TO_IPADDR(&ncec->ncec_addr, ncec_addr); 11245 bcopy(&ncec_addr, &ntme.ipNetToMediaNetAddress, sizeof (ncec_addr)); 11246 11247 ntme.ipNetToMediaInfo.ntm_mask.o_length = sizeof (ipaddr_t); 11248 ncec_addr = INADDR_BROADCAST; 11249 bcopy(&ncec_addr, ntme.ipNetToMediaInfo.ntm_mask.o_bytes, 11250 sizeof (ncec_addr)); 11251 /* 11252 * map all the flags to the ACE counterpart. 11253 */ 11254 ntme.ipNetToMediaInfo.ntm_flags = nce2ace(ncec); 11255 11256 ntme.ipNetToMediaPhysAddress.o_length = 11257 MIN(OCTET_LENGTH, ill->ill_phys_addr_length); 11258 11259 if (!NCE_ISREACHABLE(ncec)) 11260 ntme.ipNetToMediaPhysAddress.o_length = 0; 11261 else { 11262 if (ncec->ncec_lladdr != NULL) { 11263 bcopy(ncec->ncec_lladdr, 11264 ntme.ipNetToMediaPhysAddress.o_bytes, 11265 ntme.ipNetToMediaPhysAddress.o_length); 11266 } 11267 } 11268 11269 if (!snmp_append_data2(ird->ird_netmedia.lp_head, 11270 &ird->ird_netmedia.lp_tail, (char *)&ntme, sizeof (ntme))) { 11271 ip1dbg(("ip_snmp_get2_v4_media: failed to allocate %u bytes\n", 11272 (uint_t)sizeof (ntme))); 11273 } 11274 return (0); 11275 } 11276 11277 /* 11278 * return (0) if invalid set request, 1 otherwise, including non-tcp requests 11279 */ 11280 /* ARGSUSED */ 11281 int 11282 ip_snmp_set(queue_t *q, int level, int name, uchar_t *ptr, int len) 11283 { 11284 switch (level) { 11285 case MIB2_IP: 11286 case MIB2_ICMP: 11287 switch (name) { 11288 default: 11289 break; 11290 } 11291 return (1); 11292 default: 11293 return (1); 11294 } 11295 } 11296 11297 /* 11298 * When there exists both a 64- and 32-bit counter of a particular type 11299 * (i.e., InReceives), only the 64-bit counters are added. 11300 */ 11301 void 11302 ip_mib2_add_ip_stats(mib2_ipIfStatsEntry_t *o1, mib2_ipIfStatsEntry_t *o2) 11303 { 11304 UPDATE_MIB(o1, ipIfStatsInHdrErrors, o2->ipIfStatsInHdrErrors); 11305 UPDATE_MIB(o1, ipIfStatsInTooBigErrors, o2->ipIfStatsInTooBigErrors); 11306 UPDATE_MIB(o1, ipIfStatsInNoRoutes, o2->ipIfStatsInNoRoutes); 11307 UPDATE_MIB(o1, ipIfStatsInAddrErrors, o2->ipIfStatsInAddrErrors); 11308 UPDATE_MIB(o1, ipIfStatsInUnknownProtos, o2->ipIfStatsInUnknownProtos); 11309 UPDATE_MIB(o1, ipIfStatsInTruncatedPkts, o2->ipIfStatsInTruncatedPkts); 11310 UPDATE_MIB(o1, ipIfStatsInDiscards, o2->ipIfStatsInDiscards); 11311 UPDATE_MIB(o1, ipIfStatsOutDiscards, o2->ipIfStatsOutDiscards); 11312 UPDATE_MIB(o1, ipIfStatsOutFragOKs, o2->ipIfStatsOutFragOKs); 11313 UPDATE_MIB(o1, ipIfStatsOutFragFails, o2->ipIfStatsOutFragFails); 11314 UPDATE_MIB(o1, ipIfStatsOutFragCreates, o2->ipIfStatsOutFragCreates); 11315 UPDATE_MIB(o1, ipIfStatsReasmReqds, o2->ipIfStatsReasmReqds); 11316 UPDATE_MIB(o1, ipIfStatsReasmOKs, o2->ipIfStatsReasmOKs); 11317 UPDATE_MIB(o1, ipIfStatsReasmFails, o2->ipIfStatsReasmFails); 11318 UPDATE_MIB(o1, ipIfStatsOutNoRoutes, o2->ipIfStatsOutNoRoutes); 11319 UPDATE_MIB(o1, ipIfStatsReasmDuplicates, o2->ipIfStatsReasmDuplicates); 11320 UPDATE_MIB(o1, ipIfStatsReasmPartDups, o2->ipIfStatsReasmPartDups); 11321 UPDATE_MIB(o1, ipIfStatsForwProhibits, o2->ipIfStatsForwProhibits); 11322 UPDATE_MIB(o1, udpInCksumErrs, o2->udpInCksumErrs); 11323 UPDATE_MIB(o1, udpInOverflows, o2->udpInOverflows); 11324 UPDATE_MIB(o1, rawipInOverflows, o2->rawipInOverflows); 11325 UPDATE_MIB(o1, ipIfStatsInWrongIPVersion, 11326 o2->ipIfStatsInWrongIPVersion); 11327 UPDATE_MIB(o1, ipIfStatsOutWrongIPVersion, 11328 o2->ipIfStatsInWrongIPVersion); 11329 UPDATE_MIB(o1, ipIfStatsOutSwitchIPVersion, 11330 o2->ipIfStatsOutSwitchIPVersion); 11331 UPDATE_MIB(o1, ipIfStatsHCInReceives, o2->ipIfStatsHCInReceives); 11332 UPDATE_MIB(o1, ipIfStatsHCInOctets, o2->ipIfStatsHCInOctets); 11333 UPDATE_MIB(o1, ipIfStatsHCInForwDatagrams, 11334 o2->ipIfStatsHCInForwDatagrams); 11335 UPDATE_MIB(o1, ipIfStatsHCInDelivers, o2->ipIfStatsHCInDelivers); 11336 UPDATE_MIB(o1, ipIfStatsHCOutRequests, o2->ipIfStatsHCOutRequests); 11337 UPDATE_MIB(o1, ipIfStatsHCOutForwDatagrams, 11338 o2->ipIfStatsHCOutForwDatagrams); 11339 UPDATE_MIB(o1, ipIfStatsOutFragReqds, o2->ipIfStatsOutFragReqds); 11340 UPDATE_MIB(o1, ipIfStatsHCOutTransmits, o2->ipIfStatsHCOutTransmits); 11341 UPDATE_MIB(o1, ipIfStatsHCOutOctets, o2->ipIfStatsHCOutOctets); 11342 UPDATE_MIB(o1, ipIfStatsHCInMcastPkts, o2->ipIfStatsHCInMcastPkts); 11343 UPDATE_MIB(o1, ipIfStatsHCInMcastOctets, o2->ipIfStatsHCInMcastOctets); 11344 UPDATE_MIB(o1, ipIfStatsHCOutMcastPkts, o2->ipIfStatsHCOutMcastPkts); 11345 UPDATE_MIB(o1, ipIfStatsHCOutMcastOctets, 11346 o2->ipIfStatsHCOutMcastOctets); 11347 UPDATE_MIB(o1, ipIfStatsHCInBcastPkts, o2->ipIfStatsHCInBcastPkts); 11348 UPDATE_MIB(o1, ipIfStatsHCOutBcastPkts, o2->ipIfStatsHCOutBcastPkts); 11349 UPDATE_MIB(o1, ipsecInSucceeded, o2->ipsecInSucceeded); 11350 UPDATE_MIB(o1, ipsecInFailed, o2->ipsecInFailed); 11351 UPDATE_MIB(o1, ipInCksumErrs, o2->ipInCksumErrs); 11352 UPDATE_MIB(o1, tcpInErrs, o2->tcpInErrs); 11353 UPDATE_MIB(o1, udpNoPorts, o2->udpNoPorts); 11354 } 11355 11356 void 11357 ip_mib2_add_icmp6_stats(mib2_ipv6IfIcmpEntry_t *o1, mib2_ipv6IfIcmpEntry_t *o2) 11358 { 11359 UPDATE_MIB(o1, ipv6IfIcmpInMsgs, o2->ipv6IfIcmpInMsgs); 11360 UPDATE_MIB(o1, ipv6IfIcmpInErrors, o2->ipv6IfIcmpInErrors); 11361 UPDATE_MIB(o1, ipv6IfIcmpInDestUnreachs, o2->ipv6IfIcmpInDestUnreachs); 11362 UPDATE_MIB(o1, ipv6IfIcmpInAdminProhibs, o2->ipv6IfIcmpInAdminProhibs); 11363 UPDATE_MIB(o1, ipv6IfIcmpInTimeExcds, o2->ipv6IfIcmpInTimeExcds); 11364 UPDATE_MIB(o1, ipv6IfIcmpInParmProblems, o2->ipv6IfIcmpInParmProblems); 11365 UPDATE_MIB(o1, ipv6IfIcmpInPktTooBigs, o2->ipv6IfIcmpInPktTooBigs); 11366 UPDATE_MIB(o1, ipv6IfIcmpInEchos, o2->ipv6IfIcmpInEchos); 11367 UPDATE_MIB(o1, ipv6IfIcmpInEchoReplies, o2->ipv6IfIcmpInEchoReplies); 11368 UPDATE_MIB(o1, ipv6IfIcmpInRouterSolicits, 11369 o2->ipv6IfIcmpInRouterSolicits); 11370 UPDATE_MIB(o1, ipv6IfIcmpInRouterAdvertisements, 11371 o2->ipv6IfIcmpInRouterAdvertisements); 11372 UPDATE_MIB(o1, ipv6IfIcmpInNeighborSolicits, 11373 o2->ipv6IfIcmpInNeighborSolicits); 11374 UPDATE_MIB(o1, ipv6IfIcmpInNeighborAdvertisements, 11375 o2->ipv6IfIcmpInNeighborAdvertisements); 11376 UPDATE_MIB(o1, ipv6IfIcmpInRedirects, o2->ipv6IfIcmpInRedirects); 11377 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembQueries, 11378 o2->ipv6IfIcmpInGroupMembQueries); 11379 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembResponses, 11380 o2->ipv6IfIcmpInGroupMembResponses); 11381 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembReductions, 11382 o2->ipv6IfIcmpInGroupMembReductions); 11383 UPDATE_MIB(o1, ipv6IfIcmpOutMsgs, o2->ipv6IfIcmpOutMsgs); 11384 UPDATE_MIB(o1, ipv6IfIcmpOutErrors, o2->ipv6IfIcmpOutErrors); 11385 UPDATE_MIB(o1, ipv6IfIcmpOutDestUnreachs, 11386 o2->ipv6IfIcmpOutDestUnreachs); 11387 UPDATE_MIB(o1, ipv6IfIcmpOutAdminProhibs, 11388 o2->ipv6IfIcmpOutAdminProhibs); 11389 UPDATE_MIB(o1, ipv6IfIcmpOutTimeExcds, o2->ipv6IfIcmpOutTimeExcds); 11390 UPDATE_MIB(o1, ipv6IfIcmpOutParmProblems, 11391 o2->ipv6IfIcmpOutParmProblems); 11392 UPDATE_MIB(o1, ipv6IfIcmpOutPktTooBigs, o2->ipv6IfIcmpOutPktTooBigs); 11393 UPDATE_MIB(o1, ipv6IfIcmpOutEchos, o2->ipv6IfIcmpOutEchos); 11394 UPDATE_MIB(o1, ipv6IfIcmpOutEchoReplies, o2->ipv6IfIcmpOutEchoReplies); 11395 UPDATE_MIB(o1, ipv6IfIcmpOutRouterSolicits, 11396 o2->ipv6IfIcmpOutRouterSolicits); 11397 UPDATE_MIB(o1, ipv6IfIcmpOutRouterAdvertisements, 11398 o2->ipv6IfIcmpOutRouterAdvertisements); 11399 UPDATE_MIB(o1, ipv6IfIcmpOutNeighborSolicits, 11400 o2->ipv6IfIcmpOutNeighborSolicits); 11401 UPDATE_MIB(o1, ipv6IfIcmpOutNeighborAdvertisements, 11402 o2->ipv6IfIcmpOutNeighborAdvertisements); 11403 UPDATE_MIB(o1, ipv6IfIcmpOutRedirects, o2->ipv6IfIcmpOutRedirects); 11404 UPDATE_MIB(o1, ipv6IfIcmpOutGroupMembQueries, 11405 o2->ipv6IfIcmpOutGroupMembQueries); 11406 UPDATE_MIB(o1, ipv6IfIcmpOutGroupMembResponses, 11407 o2->ipv6IfIcmpOutGroupMembResponses); 11408 UPDATE_MIB(o1, ipv6IfIcmpOutGroupMembReductions, 11409 o2->ipv6IfIcmpOutGroupMembReductions); 11410 UPDATE_MIB(o1, ipv6IfIcmpInOverflows, o2->ipv6IfIcmpInOverflows); 11411 UPDATE_MIB(o1, ipv6IfIcmpBadHoplimit, o2->ipv6IfIcmpBadHoplimit); 11412 UPDATE_MIB(o1, ipv6IfIcmpInBadNeighborAdvertisements, 11413 o2->ipv6IfIcmpInBadNeighborAdvertisements); 11414 UPDATE_MIB(o1, ipv6IfIcmpInBadNeighborSolicitations, 11415 o2->ipv6IfIcmpInBadNeighborSolicitations); 11416 UPDATE_MIB(o1, ipv6IfIcmpInBadRedirects, o2->ipv6IfIcmpInBadRedirects); 11417 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembTotal, 11418 o2->ipv6IfIcmpInGroupMembTotal); 11419 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembBadQueries, 11420 o2->ipv6IfIcmpInGroupMembBadQueries); 11421 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembBadReports, 11422 o2->ipv6IfIcmpInGroupMembBadReports); 11423 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembOurReports, 11424 o2->ipv6IfIcmpInGroupMembOurReports); 11425 } 11426 11427 /* 11428 * Called before the options are updated to check if this packet will 11429 * be source routed from here. 11430 * This routine assumes that the options are well formed i.e. that they 11431 * have already been checked. 11432 */ 11433 boolean_t 11434 ip_source_routed(ipha_t *ipha, ip_stack_t *ipst) 11435 { 11436 ipoptp_t opts; 11437 uchar_t *opt; 11438 uint8_t optval; 11439 uint8_t optlen; 11440 ipaddr_t dst; 11441 11442 if (IS_SIMPLE_IPH(ipha)) { 11443 ip2dbg(("not source routed\n")); 11444 return (B_FALSE); 11445 } 11446 dst = ipha->ipha_dst; 11447 for (optval = ipoptp_first(&opts, ipha); 11448 optval != IPOPT_EOL; 11449 optval = ipoptp_next(&opts)) { 11450 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0); 11451 opt = opts.ipoptp_cur; 11452 optlen = opts.ipoptp_len; 11453 ip2dbg(("ip_source_routed: opt %d, len %d\n", 11454 optval, optlen)); 11455 switch (optval) { 11456 uint32_t off; 11457 case IPOPT_SSRR: 11458 case IPOPT_LSRR: 11459 /* 11460 * If dst is one of our addresses and there are some 11461 * entries left in the source route return (true). 11462 */ 11463 if (ip_type_v4(dst, ipst) != IRE_LOCAL) { 11464 ip2dbg(("ip_source_routed: not next" 11465 " source route 0x%x\n", 11466 ntohl(dst))); 11467 return (B_FALSE); 11468 } 11469 off = opt[IPOPT_OFFSET]; 11470 off--; 11471 if (optlen < IP_ADDR_LEN || 11472 off > optlen - IP_ADDR_LEN) { 11473 /* End of source route */ 11474 ip1dbg(("ip_source_routed: end of SR\n")); 11475 return (B_FALSE); 11476 } 11477 return (B_TRUE); 11478 } 11479 } 11480 ip2dbg(("not source routed\n")); 11481 return (B_FALSE); 11482 } 11483 11484 /* 11485 * ip_unbind is called by the transports to remove a conn from 11486 * the fanout table. 11487 */ 11488 void 11489 ip_unbind(conn_t *connp) 11490 { 11491 11492 ASSERT(!MUTEX_HELD(&connp->conn_lock)); 11493 11494 if (is_system_labeled() && connp->conn_anon_port) { 11495 (void) tsol_mlp_anon(crgetzone(connp->conn_cred), 11496 connp->conn_mlp_type, connp->conn_proto, 11497 ntohs(connp->conn_lport), B_FALSE); 11498 connp->conn_anon_port = 0; 11499 } 11500 connp->conn_mlp_type = mlptSingle; 11501 11502 ipcl_hash_remove(connp); 11503 } 11504 11505 /* 11506 * Used for deciding the MSS size for the upper layer. Thus 11507 * we need to check the outbound policy values in the conn. 11508 */ 11509 int 11510 conn_ipsec_length(conn_t *connp) 11511 { 11512 ipsec_latch_t *ipl; 11513 11514 ipl = connp->conn_latch; 11515 if (ipl == NULL) 11516 return (0); 11517 11518 if (connp->conn_ixa->ixa_ipsec_policy == NULL) 11519 return (0); 11520 11521 return (connp->conn_ixa->ixa_ipsec_policy->ipsp_act->ipa_ovhd); 11522 } 11523 11524 /* 11525 * Returns an estimate of the IPsec headers size. This is used if 11526 * we don't want to call into IPsec to get the exact size. 11527 */ 11528 int 11529 ipsec_out_extra_length(ip_xmit_attr_t *ixa) 11530 { 11531 ipsec_action_t *a; 11532 11533 if (!(ixa->ixa_flags & IXAF_IPSEC_SECURE)) 11534 return (0); 11535 11536 a = ixa->ixa_ipsec_action; 11537 if (a == NULL) { 11538 ASSERT(ixa->ixa_ipsec_policy != NULL); 11539 a = ixa->ixa_ipsec_policy->ipsp_act; 11540 } 11541 ASSERT(a != NULL); 11542 11543 return (a->ipa_ovhd); 11544 } 11545 11546 /* 11547 * If there are any source route options, return the true final 11548 * destination. Otherwise, return the destination. 11549 */ 11550 ipaddr_t 11551 ip_get_dst(ipha_t *ipha) 11552 { 11553 ipoptp_t opts; 11554 uchar_t *opt; 11555 uint8_t optval; 11556 uint8_t optlen; 11557 ipaddr_t dst; 11558 uint32_t off; 11559 11560 dst = ipha->ipha_dst; 11561 11562 if (IS_SIMPLE_IPH(ipha)) 11563 return (dst); 11564 11565 for (optval = ipoptp_first(&opts, ipha); 11566 optval != IPOPT_EOL; 11567 optval = ipoptp_next(&opts)) { 11568 opt = opts.ipoptp_cur; 11569 optlen = opts.ipoptp_len; 11570 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0); 11571 switch (optval) { 11572 case IPOPT_SSRR: 11573 case IPOPT_LSRR: 11574 off = opt[IPOPT_OFFSET]; 11575 /* 11576 * If one of the conditions is true, it means 11577 * end of options and dst already has the right 11578 * value. 11579 */ 11580 if (!(optlen < IP_ADDR_LEN || off > optlen - 3)) { 11581 off = optlen - IP_ADDR_LEN; 11582 bcopy(&opt[off], &dst, IP_ADDR_LEN); 11583 } 11584 return (dst); 11585 default: 11586 break; 11587 } 11588 } 11589 11590 return (dst); 11591 } 11592 11593 /* 11594 * Outbound IP fragmentation routine. 11595 * Assumes the caller has checked whether or not fragmentation should 11596 * be allowed. Here we copy the DF bit from the header to all the generated 11597 * fragments. 11598 */ 11599 int 11600 ip_fragment_v4(mblk_t *mp_orig, nce_t *nce, iaflags_t ixaflags, 11601 uint_t pkt_len, uint32_t max_frag, uint32_t xmit_hint, zoneid_t szone, 11602 zoneid_t nolzid, pfirepostfrag_t postfragfn, uintptr_t *ixa_cookie) 11603 { 11604 int i1; 11605 int hdr_len; 11606 mblk_t *hdr_mp; 11607 ipha_t *ipha; 11608 int ip_data_end; 11609 int len; 11610 mblk_t *mp = mp_orig; 11611 int offset; 11612 ill_t *ill = nce->nce_ill; 11613 ip_stack_t *ipst = ill->ill_ipst; 11614 mblk_t *carve_mp; 11615 uint32_t frag_flag; 11616 uint_t priority = mp->b_band; 11617 int error = 0; 11618 11619 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragReqds); 11620 11621 if (pkt_len != msgdsize(mp)) { 11622 ip0dbg(("Packet length mismatch: %d, %ld\n", 11623 pkt_len, msgdsize(mp))); 11624 freemsg(mp); 11625 return (EINVAL); 11626 } 11627 11628 if (max_frag == 0) { 11629 ip1dbg(("ip_fragment_v4: max_frag is zero. Dropping packet\n")); 11630 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails); 11631 ip_drop_output("FragFails: zero max_frag", mp, ill); 11632 freemsg(mp); 11633 return (EINVAL); 11634 } 11635 11636 ASSERT(MBLKL(mp) >= sizeof (ipha_t)); 11637 ipha = (ipha_t *)mp->b_rptr; 11638 ASSERT(ntohs(ipha->ipha_length) == pkt_len); 11639 frag_flag = ntohs(ipha->ipha_fragment_offset_and_flags) & IPH_DF; 11640 11641 /* 11642 * Establish the starting offset. May not be zero if we are fragging 11643 * a fragment that is being forwarded. 11644 */ 11645 offset = ntohs(ipha->ipha_fragment_offset_and_flags) & IPH_OFFSET; 11646 11647 /* TODO why is this test needed? */ 11648 if (((max_frag - ntohs(ipha->ipha_length)) & ~7) < 8) { 11649 /* TODO: notify ulp somehow */ 11650 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails); 11651 ip_drop_output("FragFails: bad starting offset", mp, ill); 11652 freemsg(mp); 11653 return (EINVAL); 11654 } 11655 11656 hdr_len = IPH_HDR_LENGTH(ipha); 11657 ipha->ipha_hdr_checksum = 0; 11658 11659 /* 11660 * Establish the number of bytes maximum per frag, after putting 11661 * in the header. 11662 */ 11663 len = (max_frag - hdr_len) & ~7; 11664 11665 /* Get a copy of the header for the trailing frags */ 11666 hdr_mp = ip_fragment_copyhdr((uchar_t *)ipha, hdr_len, offset, ipst, 11667 mp); 11668 if (hdr_mp == NULL) { 11669 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails); 11670 ip_drop_output("FragFails: no hdr_mp", mp, ill); 11671 freemsg(mp); 11672 return (ENOBUFS); 11673 } 11674 11675 /* Store the starting offset, with the MoreFrags flag. */ 11676 i1 = offset | IPH_MF | frag_flag; 11677 ipha->ipha_fragment_offset_and_flags = htons((uint16_t)i1); 11678 11679 /* Establish the ending byte offset, based on the starting offset. */ 11680 offset <<= 3; 11681 ip_data_end = offset + ntohs(ipha->ipha_length) - hdr_len; 11682 11683 /* Store the length of the first fragment in the IP header. */ 11684 i1 = len + hdr_len; 11685 ASSERT(i1 <= IP_MAXPACKET); 11686 ipha->ipha_length = htons((uint16_t)i1); 11687 11688 /* 11689 * Compute the IP header checksum for the first frag. We have to 11690 * watch out that we stop at the end of the header. 11691 */ 11692 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha); 11693 11694 /* 11695 * Now carve off the first frag. Note that this will include the 11696 * original IP header. 11697 */ 11698 if (!(mp = ip_carve_mp(&mp_orig, i1))) { 11699 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails); 11700 ip_drop_output("FragFails: could not carve mp", mp_orig, ill); 11701 freeb(hdr_mp); 11702 freemsg(mp_orig); 11703 return (ENOBUFS); 11704 } 11705 11706 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragCreates); 11707 11708 error = postfragfn(mp, nce, ixaflags, i1, xmit_hint, szone, nolzid, 11709 ixa_cookie); 11710 if (error != 0 && error != EWOULDBLOCK) { 11711 /* No point in sending the other fragments */ 11712 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails); 11713 ip_drop_output("FragFails: postfragfn failed", mp_orig, ill); 11714 freeb(hdr_mp); 11715 freemsg(mp_orig); 11716 return (error); 11717 } 11718 11719 /* No need to redo state machine in loop */ 11720 ixaflags &= ~IXAF_REACH_CONF; 11721 11722 /* Advance the offset to the second frag starting point. */ 11723 offset += len; 11724 /* 11725 * Update hdr_len from the copied header - there might be less options 11726 * in the later fragments. 11727 */ 11728 hdr_len = IPH_HDR_LENGTH(hdr_mp->b_rptr); 11729 /* Loop until done. */ 11730 for (;;) { 11731 uint16_t offset_and_flags; 11732 uint16_t ip_len; 11733 11734 if (ip_data_end - offset > len) { 11735 /* 11736 * Carve off the appropriate amount from the original 11737 * datagram. 11738 */ 11739 if (!(carve_mp = ip_carve_mp(&mp_orig, len))) { 11740 mp = NULL; 11741 break; 11742 } 11743 /* 11744 * More frags after this one. Get another copy 11745 * of the header. 11746 */ 11747 if (carve_mp->b_datap->db_ref == 1 && 11748 hdr_mp->b_wptr - hdr_mp->b_rptr < 11749 carve_mp->b_rptr - carve_mp->b_datap->db_base) { 11750 /* Inline IP header */ 11751 carve_mp->b_rptr -= hdr_mp->b_wptr - 11752 hdr_mp->b_rptr; 11753 bcopy(hdr_mp->b_rptr, carve_mp->b_rptr, 11754 hdr_mp->b_wptr - hdr_mp->b_rptr); 11755 mp = carve_mp; 11756 } else { 11757 if (!(mp = copyb(hdr_mp))) { 11758 freemsg(carve_mp); 11759 break; 11760 } 11761 /* Get priority marking, if any. */ 11762 mp->b_band = priority; 11763 mp->b_cont = carve_mp; 11764 } 11765 ipha = (ipha_t *)mp->b_rptr; 11766 offset_and_flags = IPH_MF; 11767 } else { 11768 /* 11769 * Last frag. Consume the header. Set len to 11770 * the length of this last piece. 11771 */ 11772 len = ip_data_end - offset; 11773 11774 /* 11775 * Carve off the appropriate amount from the original 11776 * datagram. 11777 */ 11778 if (!(carve_mp = ip_carve_mp(&mp_orig, len))) { 11779 mp = NULL; 11780 break; 11781 } 11782 if (carve_mp->b_datap->db_ref == 1 && 11783 hdr_mp->b_wptr - hdr_mp->b_rptr < 11784 carve_mp->b_rptr - carve_mp->b_datap->db_base) { 11785 /* Inline IP header */ 11786 carve_mp->b_rptr -= hdr_mp->b_wptr - 11787 hdr_mp->b_rptr; 11788 bcopy(hdr_mp->b_rptr, carve_mp->b_rptr, 11789 hdr_mp->b_wptr - hdr_mp->b_rptr); 11790 mp = carve_mp; 11791 freeb(hdr_mp); 11792 hdr_mp = mp; 11793 } else { 11794 mp = hdr_mp; 11795 /* Get priority marking, if any. */ 11796 mp->b_band = priority; 11797 mp->b_cont = carve_mp; 11798 } 11799 ipha = (ipha_t *)mp->b_rptr; 11800 /* A frag of a frag might have IPH_MF non-zero */ 11801 offset_and_flags = 11802 ntohs(ipha->ipha_fragment_offset_and_flags) & 11803 IPH_MF; 11804 } 11805 offset_and_flags |= (uint16_t)(offset >> 3); 11806 offset_and_flags |= (uint16_t)frag_flag; 11807 /* Store the offset and flags in the IP header. */ 11808 ipha->ipha_fragment_offset_and_flags = htons(offset_and_flags); 11809 11810 /* Store the length in the IP header. */ 11811 ip_len = (uint16_t)(len + hdr_len); 11812 ipha->ipha_length = htons(ip_len); 11813 11814 /* 11815 * Set the IP header checksum. Note that mp is just 11816 * the header, so this is easy to pass to ip_csum. 11817 */ 11818 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha); 11819 11820 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragCreates); 11821 11822 error = postfragfn(mp, nce, ixaflags, ip_len, xmit_hint, szone, 11823 nolzid, ixa_cookie); 11824 /* All done if we just consumed the hdr_mp. */ 11825 if (mp == hdr_mp) { 11826 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragOKs); 11827 return (error); 11828 } 11829 if (error != 0 && error != EWOULDBLOCK) { 11830 DTRACE_PROBE2(ip__xmit__frag__fail, ill_t *, ill, 11831 mblk_t *, hdr_mp); 11832 /* No point in sending the other fragments */ 11833 break; 11834 } 11835 11836 /* Otherwise, advance and loop. */ 11837 offset += len; 11838 } 11839 /* Clean up following allocation failure. */ 11840 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails); 11841 ip_drop_output("FragFails: loop ended", NULL, ill); 11842 if (mp != hdr_mp) 11843 freeb(hdr_mp); 11844 if (mp != mp_orig) 11845 freemsg(mp_orig); 11846 return (error); 11847 } 11848 11849 /* 11850 * Copy the header plus those options which have the copy bit set 11851 */ 11852 static mblk_t * 11853 ip_fragment_copyhdr(uchar_t *rptr, int hdr_len, int offset, ip_stack_t *ipst, 11854 mblk_t *src) 11855 { 11856 mblk_t *mp; 11857 uchar_t *up; 11858 11859 /* 11860 * Quick check if we need to look for options without the copy bit 11861 * set 11862 */ 11863 mp = allocb_tmpl(ipst->ips_ip_wroff_extra + hdr_len, src); 11864 if (!mp) 11865 return (mp); 11866 mp->b_rptr += ipst->ips_ip_wroff_extra; 11867 if (hdr_len == IP_SIMPLE_HDR_LENGTH || offset != 0) { 11868 bcopy(rptr, mp->b_rptr, hdr_len); 11869 mp->b_wptr += hdr_len + ipst->ips_ip_wroff_extra; 11870 return (mp); 11871 } 11872 up = mp->b_rptr; 11873 bcopy(rptr, up, IP_SIMPLE_HDR_LENGTH); 11874 up += IP_SIMPLE_HDR_LENGTH; 11875 rptr += IP_SIMPLE_HDR_LENGTH; 11876 hdr_len -= IP_SIMPLE_HDR_LENGTH; 11877 while (hdr_len > 0) { 11878 uint32_t optval; 11879 uint32_t optlen; 11880 11881 optval = *rptr; 11882 if (optval == IPOPT_EOL) 11883 break; 11884 if (optval == IPOPT_NOP) 11885 optlen = 1; 11886 else 11887 optlen = rptr[1]; 11888 if (optval & IPOPT_COPY) { 11889 bcopy(rptr, up, optlen); 11890 up += optlen; 11891 } 11892 rptr += optlen; 11893 hdr_len -= optlen; 11894 } 11895 /* 11896 * Make sure that we drop an even number of words by filling 11897 * with EOL to the next word boundary. 11898 */ 11899 for (hdr_len = up - (mp->b_rptr + IP_SIMPLE_HDR_LENGTH); 11900 hdr_len & 0x3; hdr_len++) 11901 *up++ = IPOPT_EOL; 11902 mp->b_wptr = up; 11903 /* Update header length */ 11904 mp->b_rptr[0] = (uint8_t)((IP_VERSION << 4) | ((up - mp->b_rptr) >> 2)); 11905 return (mp); 11906 } 11907 11908 /* 11909 * Update any source route, record route, or timestamp options when 11910 * sending a packet back to ourselves. 11911 * Check that we are at end of strict source route. 11912 * The options have been sanity checked by ip_output_options(). 11913 */ 11914 void 11915 ip_output_local_options(ipha_t *ipha, ip_stack_t *ipst) 11916 { 11917 ipoptp_t opts; 11918 uchar_t *opt; 11919 uint8_t optval; 11920 uint8_t optlen; 11921 ipaddr_t dst; 11922 uint32_t ts; 11923 timestruc_t now; 11924 11925 for (optval = ipoptp_first(&opts, ipha); 11926 optval != IPOPT_EOL; 11927 optval = ipoptp_next(&opts)) { 11928 opt = opts.ipoptp_cur; 11929 optlen = opts.ipoptp_len; 11930 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0); 11931 switch (optval) { 11932 uint32_t off; 11933 case IPOPT_SSRR: 11934 case IPOPT_LSRR: 11935 off = opt[IPOPT_OFFSET]; 11936 off--; 11937 if (optlen < IP_ADDR_LEN || 11938 off > optlen - IP_ADDR_LEN) { 11939 /* End of source route */ 11940 break; 11941 } 11942 /* 11943 * This will only happen if two consecutive entries 11944 * in the source route contains our address or if 11945 * it is a packet with a loose source route which 11946 * reaches us before consuming the whole source route 11947 */ 11948 11949 if (optval == IPOPT_SSRR) { 11950 return; 11951 } 11952 /* 11953 * Hack: instead of dropping the packet truncate the 11954 * source route to what has been used by filling the 11955 * rest with IPOPT_NOP. 11956 */ 11957 opt[IPOPT_OLEN] = (uint8_t)off; 11958 while (off < optlen) { 11959 opt[off++] = IPOPT_NOP; 11960 } 11961 break; 11962 case IPOPT_RR: 11963 off = opt[IPOPT_OFFSET]; 11964 off--; 11965 if (optlen < IP_ADDR_LEN || 11966 off > optlen - IP_ADDR_LEN) { 11967 /* No more room - ignore */ 11968 ip1dbg(( 11969 "ip_output_local_options: end of RR\n")); 11970 break; 11971 } 11972 dst = htonl(INADDR_LOOPBACK); 11973 bcopy(&dst, (char *)opt + off, IP_ADDR_LEN); 11974 opt[IPOPT_OFFSET] += IP_ADDR_LEN; 11975 break; 11976 case IPOPT_TS: 11977 /* Insert timestamp if there is romm */ 11978 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) { 11979 case IPOPT_TS_TSONLY: 11980 off = IPOPT_TS_TIMELEN; 11981 break; 11982 case IPOPT_TS_PRESPEC: 11983 case IPOPT_TS_PRESPEC_RFC791: 11984 /* Verify that the address matched */ 11985 off = opt[IPOPT_OFFSET] - 1; 11986 bcopy((char *)opt + off, &dst, IP_ADDR_LEN); 11987 if (ip_type_v4(dst, ipst) != IRE_LOCAL) { 11988 /* Not for us */ 11989 break; 11990 } 11991 /* FALLTHRU */ 11992 case IPOPT_TS_TSANDADDR: 11993 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN; 11994 break; 11995 default: 11996 /* 11997 * ip_*put_options should have already 11998 * dropped this packet. 11999 */ 12000 cmn_err(CE_PANIC, "ip_output_local_options: " 12001 "unknown IT - bug in ip_output_options?\n"); 12002 return; /* Keep "lint" happy */ 12003 } 12004 if (opt[IPOPT_OFFSET] - 1 + off > optlen) { 12005 /* Increase overflow counter */ 12006 off = (opt[IPOPT_POS_OV_FLG] >> 4) + 1; 12007 opt[IPOPT_POS_OV_FLG] = (uint8_t) 12008 (opt[IPOPT_POS_OV_FLG] & 0x0F) | 12009 (off << 4); 12010 break; 12011 } 12012 off = opt[IPOPT_OFFSET] - 1; 12013 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) { 12014 case IPOPT_TS_PRESPEC: 12015 case IPOPT_TS_PRESPEC_RFC791: 12016 case IPOPT_TS_TSANDADDR: 12017 dst = htonl(INADDR_LOOPBACK); 12018 bcopy(&dst, (char *)opt + off, IP_ADDR_LEN); 12019 opt[IPOPT_OFFSET] += IP_ADDR_LEN; 12020 /* FALLTHRU */ 12021 case IPOPT_TS_TSONLY: 12022 off = opt[IPOPT_OFFSET] - 1; 12023 /* Compute # of milliseconds since midnight */ 12024 gethrestime(&now); 12025 ts = (now.tv_sec % (24 * 60 * 60)) * 1000 + 12026 now.tv_nsec / (NANOSEC / MILLISEC); 12027 bcopy(&ts, (char *)opt + off, IPOPT_TS_TIMELEN); 12028 opt[IPOPT_OFFSET] += IPOPT_TS_TIMELEN; 12029 break; 12030 } 12031 break; 12032 } 12033 } 12034 } 12035 12036 /* 12037 * Prepend an M_DATA fastpath header, and if none present prepend a 12038 * DL_UNITDATA_REQ. Frees the mblk on failure. 12039 * 12040 * nce_dlur_mp and nce_fp_mp can not disappear once they have been set. 12041 * If there is a change to them, the nce will be deleted (condemned) and 12042 * a new nce_t will be created when packets are sent. Thus we need no locks 12043 * to access those fields. 12044 * 12045 * We preserve b_band to support IPQoS. If a DL_UNITDATA_REQ is prepended 12046 * we place b_band in dl_priority.dl_max. 12047 */ 12048 static mblk_t * 12049 ip_xmit_attach_llhdr(mblk_t *mp, nce_t *nce) 12050 { 12051 uint_t hlen; 12052 mblk_t *mp1; 12053 uint_t priority; 12054 uchar_t *rptr; 12055 12056 rptr = mp->b_rptr; 12057 12058 ASSERT(DB_TYPE(mp) == M_DATA); 12059 priority = mp->b_band; 12060 12061 ASSERT(nce != NULL); 12062 if ((mp1 = nce->nce_fp_mp) != NULL) { 12063 hlen = MBLKL(mp1); 12064 /* 12065 * Check if we have enough room to prepend fastpath 12066 * header 12067 */ 12068 if (hlen != 0 && (rptr - mp->b_datap->db_base) >= hlen) { 12069 rptr -= hlen; 12070 bcopy(mp1->b_rptr, rptr, hlen); 12071 /* 12072 * Set the b_rptr to the start of the link layer 12073 * header 12074 */ 12075 mp->b_rptr = rptr; 12076 return (mp); 12077 } 12078 mp1 = copyb(mp1); 12079 if (mp1 == NULL) { 12080 ill_t *ill = nce->nce_ill; 12081 12082 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 12083 ip_drop_output("ipIfStatsOutDiscards", mp, ill); 12084 freemsg(mp); 12085 return (NULL); 12086 } 12087 mp1->b_band = priority; 12088 mp1->b_cont = mp; 12089 DB_CKSUMSTART(mp1) = DB_CKSUMSTART(mp); 12090 DB_CKSUMSTUFF(mp1) = DB_CKSUMSTUFF(mp); 12091 DB_CKSUMEND(mp1) = DB_CKSUMEND(mp); 12092 DB_CKSUMFLAGS(mp1) = DB_CKSUMFLAGS(mp); 12093 DB_LSOMSS(mp1) = DB_LSOMSS(mp); 12094 DTRACE_PROBE1(ip__xmit__copyb, (mblk_t *), mp1); 12095 /* 12096 * XXX disable ICK_VALID and compute checksum 12097 * here; can happen if nce_fp_mp changes and 12098 * it can't be copied now due to insufficient 12099 * space. (unlikely, fp mp can change, but it 12100 * does not increase in length) 12101 */ 12102 return (mp1); 12103 } 12104 mp1 = copyb(nce->nce_dlur_mp); 12105 12106 if (mp1 == NULL) { 12107 ill_t *ill = nce->nce_ill; 12108 12109 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 12110 ip_drop_output("ipIfStatsOutDiscards", mp, ill); 12111 freemsg(mp); 12112 return (NULL); 12113 } 12114 mp1->b_cont = mp; 12115 if (priority != 0) { 12116 mp1->b_band = priority; 12117 ((dl_unitdata_req_t *)(mp1->b_rptr))->dl_priority.dl_max = 12118 priority; 12119 } 12120 return (mp1); 12121 #undef rptr 12122 } 12123 12124 /* 12125 * Finish the outbound IPsec processing. This function is called from 12126 * ipsec_out_process() if the IPsec packet was processed 12127 * synchronously, or from {ah,esp}_kcf_callback_outbound() if it was processed 12128 * asynchronously. 12129 * 12130 * This is common to IPv4 and IPv6. 12131 */ 12132 int 12133 ip_output_post_ipsec(mblk_t *mp, ip_xmit_attr_t *ixa) 12134 { 12135 iaflags_t ixaflags = ixa->ixa_flags; 12136 uint_t pktlen; 12137 12138 12139 /* AH/ESP don't update ixa_pktlen when they modify the packet */ 12140 if (ixaflags & IXAF_IS_IPV4) { 12141 ipha_t *ipha = (ipha_t *)mp->b_rptr; 12142 12143 ASSERT(IPH_HDR_VERSION(ipha) == IPV4_VERSION); 12144 pktlen = ntohs(ipha->ipha_length); 12145 } else { 12146 ip6_t *ip6h = (ip6_t *)mp->b_rptr; 12147 12148 ASSERT(IPH_HDR_VERSION(mp->b_rptr) == IPV6_VERSION); 12149 pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 12150 } 12151 12152 /* 12153 * We release any hard reference on the SAs here to make 12154 * sure the SAs can be garbage collected. ipsr_sa has a soft reference 12155 * on the SAs. 12156 * If in the future we want the hard latching of the SAs in the 12157 * ip_xmit_attr_t then we should remove this. 12158 */ 12159 if (ixa->ixa_ipsec_esp_sa != NULL) { 12160 IPSA_REFRELE(ixa->ixa_ipsec_esp_sa); 12161 ixa->ixa_ipsec_esp_sa = NULL; 12162 } 12163 if (ixa->ixa_ipsec_ah_sa != NULL) { 12164 IPSA_REFRELE(ixa->ixa_ipsec_ah_sa); 12165 ixa->ixa_ipsec_ah_sa = NULL; 12166 } 12167 12168 /* Do we need to fragment? */ 12169 if ((ixa->ixa_flags & IXAF_IPV6_ADD_FRAGHDR) || 12170 pktlen > ixa->ixa_fragsize) { 12171 if (ixaflags & IXAF_IS_IPV4) { 12172 ASSERT(!(ixa->ixa_flags & IXAF_IPV6_ADD_FRAGHDR)); 12173 /* 12174 * We check for the DF case in ipsec_out_process 12175 * hence this only handles the non-DF case. 12176 */ 12177 return (ip_fragment_v4(mp, ixa->ixa_nce, ixa->ixa_flags, 12178 pktlen, ixa->ixa_fragsize, 12179 ixa->ixa_xmit_hint, ixa->ixa_zoneid, 12180 ixa->ixa_no_loop_zoneid, ixa->ixa_postfragfn, 12181 &ixa->ixa_cookie)); 12182 } else { 12183 mp = ip_fraghdr_add_v6(mp, ixa->ixa_ident, ixa); 12184 if (mp == NULL) { 12185 /* MIB and ip_drop_output already done */ 12186 return (ENOMEM); 12187 } 12188 pktlen += sizeof (ip6_frag_t); 12189 if (pktlen > ixa->ixa_fragsize) { 12190 return (ip_fragment_v6(mp, ixa->ixa_nce, 12191 ixa->ixa_flags, pktlen, 12192 ixa->ixa_fragsize, ixa->ixa_xmit_hint, 12193 ixa->ixa_zoneid, ixa->ixa_no_loop_zoneid, 12194 ixa->ixa_postfragfn, &ixa->ixa_cookie)); 12195 } 12196 } 12197 } 12198 return ((ixa->ixa_postfragfn)(mp, ixa->ixa_nce, ixa->ixa_flags, 12199 pktlen, ixa->ixa_xmit_hint, ixa->ixa_zoneid, 12200 ixa->ixa_no_loop_zoneid, NULL)); 12201 } 12202 12203 /* 12204 * Finish the inbound IPsec processing. This function is called from 12205 * ipsec_out_process() if the IPsec packet was processed 12206 * synchronously, or from {ah,esp}_kcf_callback_outbound() if it was processed 12207 * asynchronously. 12208 * 12209 * This is common to IPv4 and IPv6. 12210 */ 12211 void 12212 ip_input_post_ipsec(mblk_t *mp, ip_recv_attr_t *ira) 12213 { 12214 iaflags_t iraflags = ira->ira_flags; 12215 12216 /* Length might have changed */ 12217 if (iraflags & IRAF_IS_IPV4) { 12218 ipha_t *ipha = (ipha_t *)mp->b_rptr; 12219 12220 ASSERT(IPH_HDR_VERSION(ipha) == IPV4_VERSION); 12221 ira->ira_pktlen = ntohs(ipha->ipha_length); 12222 ira->ira_ip_hdr_length = IPH_HDR_LENGTH(ipha); 12223 ira->ira_protocol = ipha->ipha_protocol; 12224 12225 ip_fanout_v4(mp, ipha, ira); 12226 } else { 12227 ip6_t *ip6h = (ip6_t *)mp->b_rptr; 12228 uint8_t *nexthdrp; 12229 12230 ASSERT(IPH_HDR_VERSION(mp->b_rptr) == IPV6_VERSION); 12231 ira->ira_pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 12232 if (!ip_hdr_length_nexthdr_v6(mp, ip6h, &ira->ira_ip_hdr_length, 12233 &nexthdrp)) { 12234 /* Malformed packet */ 12235 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards); 12236 ip_drop_input("ipIfStatsInDiscards", mp, ira->ira_ill); 12237 freemsg(mp); 12238 return; 12239 } 12240 ira->ira_protocol = *nexthdrp; 12241 ip_fanout_v6(mp, ip6h, ira); 12242 } 12243 } 12244 12245 /* 12246 * Select which AH & ESP SA's to use (if any) for the outbound packet. 12247 * 12248 * If this function returns B_TRUE, the requested SA's have been filled 12249 * into the ixa_ipsec_*_sa pointers. 12250 * 12251 * If the function returns B_FALSE, the packet has been "consumed", most 12252 * likely by an ACQUIRE sent up via PF_KEY to a key management daemon. 12253 * 12254 * The SA references created by the protocol-specific "select" 12255 * function will be released in ip_output_post_ipsec. 12256 */ 12257 static boolean_t 12258 ipsec_out_select_sa(mblk_t *mp, ip_xmit_attr_t *ixa) 12259 { 12260 boolean_t need_ah_acquire = B_FALSE, need_esp_acquire = B_FALSE; 12261 ipsec_policy_t *pp; 12262 ipsec_action_t *ap; 12263 12264 ASSERT(ixa->ixa_flags & IXAF_IPSEC_SECURE); 12265 ASSERT((ixa->ixa_ipsec_policy != NULL) || 12266 (ixa->ixa_ipsec_action != NULL)); 12267 12268 ap = ixa->ixa_ipsec_action; 12269 if (ap == NULL) { 12270 pp = ixa->ixa_ipsec_policy; 12271 ASSERT(pp != NULL); 12272 ap = pp->ipsp_act; 12273 ASSERT(ap != NULL); 12274 } 12275 12276 /* 12277 * We have an action. now, let's select SA's. 12278 * A side effect of setting ixa_ipsec_*_sa is that it will 12279 * be cached in the conn_t. 12280 */ 12281 if (ap->ipa_want_esp) { 12282 if (ixa->ixa_ipsec_esp_sa == NULL) { 12283 need_esp_acquire = !ipsec_outbound_sa(mp, ixa, 12284 IPPROTO_ESP); 12285 } 12286 ASSERT(need_esp_acquire || ixa->ixa_ipsec_esp_sa != NULL); 12287 } 12288 12289 if (ap->ipa_want_ah) { 12290 if (ixa->ixa_ipsec_ah_sa == NULL) { 12291 need_ah_acquire = !ipsec_outbound_sa(mp, ixa, 12292 IPPROTO_AH); 12293 } 12294 ASSERT(need_ah_acquire || ixa->ixa_ipsec_ah_sa != NULL); 12295 /* 12296 * The ESP and AH processing order needs to be preserved 12297 * when both protocols are required (ESP should be applied 12298 * before AH for an outbound packet). Force an ESP ACQUIRE 12299 * when both ESP and AH are required, and an AH ACQUIRE 12300 * is needed. 12301 */ 12302 if (ap->ipa_want_esp && need_ah_acquire) 12303 need_esp_acquire = B_TRUE; 12304 } 12305 12306 /* 12307 * Send an ACQUIRE (extended, regular, or both) if we need one. 12308 * Release SAs that got referenced, but will not be used until we 12309 * acquire _all_ of the SAs we need. 12310 */ 12311 if (need_ah_acquire || need_esp_acquire) { 12312 if (ixa->ixa_ipsec_ah_sa != NULL) { 12313 IPSA_REFRELE(ixa->ixa_ipsec_ah_sa); 12314 ixa->ixa_ipsec_ah_sa = NULL; 12315 } 12316 if (ixa->ixa_ipsec_esp_sa != NULL) { 12317 IPSA_REFRELE(ixa->ixa_ipsec_esp_sa); 12318 ixa->ixa_ipsec_esp_sa = NULL; 12319 } 12320 12321 sadb_acquire(mp, ixa, need_ah_acquire, need_esp_acquire); 12322 return (B_FALSE); 12323 } 12324 12325 return (B_TRUE); 12326 } 12327 12328 /* 12329 * Handle IPsec output processing. 12330 * This function is only entered once for a given packet. 12331 * We try to do things synchronously, but if we need to have user-level 12332 * set up SAs, or ESP or AH uses asynchronous kEF, then the operation 12333 * will be completed 12334 * - when the SAs are added in esp_add_sa_finish/ah_add_sa_finish 12335 * - when asynchronous ESP is done it will do AH 12336 * 12337 * In all cases we come back in ip_output_post_ipsec() to fragment and 12338 * send out the packet. 12339 */ 12340 int 12341 ipsec_out_process(mblk_t *mp, ip_xmit_attr_t *ixa) 12342 { 12343 ill_t *ill = ixa->ixa_nce->nce_ill; 12344 ip_stack_t *ipst = ixa->ixa_ipst; 12345 ipsec_stack_t *ipss; 12346 ipsec_policy_t *pp; 12347 ipsec_action_t *ap; 12348 12349 ASSERT(ixa->ixa_flags & IXAF_IPSEC_SECURE); 12350 12351 ASSERT((ixa->ixa_ipsec_policy != NULL) || 12352 (ixa->ixa_ipsec_action != NULL)); 12353 12354 ipss = ipst->ips_netstack->netstack_ipsec; 12355 if (!ipsec_loaded(ipss)) { 12356 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 12357 ip_drop_packet(mp, B_TRUE, ill, 12358 DROPPER(ipss, ipds_ip_ipsec_not_loaded), 12359 &ipss->ipsec_dropper); 12360 return (ENOTSUP); 12361 } 12362 12363 ap = ixa->ixa_ipsec_action; 12364 if (ap == NULL) { 12365 pp = ixa->ixa_ipsec_policy; 12366 ASSERT(pp != NULL); 12367 ap = pp->ipsp_act; 12368 ASSERT(ap != NULL); 12369 } 12370 12371 /* Handle explicit drop action and bypass. */ 12372 switch (ap->ipa_act.ipa_type) { 12373 case IPSEC_ACT_DISCARD: 12374 case IPSEC_ACT_REJECT: 12375 ip_drop_packet(mp, B_FALSE, ill, 12376 DROPPER(ipss, ipds_spd_explicit), &ipss->ipsec_spd_dropper); 12377 return (EHOSTUNREACH); /* IPsec policy failure */ 12378 case IPSEC_ACT_BYPASS: 12379 return (ip_output_post_ipsec(mp, ixa)); 12380 } 12381 12382 /* 12383 * The order of processing is first insert a IP header if needed. 12384 * Then insert the ESP header and then the AH header. 12385 */ 12386 if ((ixa->ixa_flags & IXAF_IS_IPV4) && ap->ipa_want_se) { 12387 /* 12388 * First get the outer IP header before sending 12389 * it to ESP. 12390 */ 12391 ipha_t *oipha, *iipha; 12392 mblk_t *outer_mp, *inner_mp; 12393 12394 if ((outer_mp = allocb(sizeof (ipha_t), BPRI_HI)) == NULL) { 12395 (void) mi_strlog(ill->ill_rq, 0, 12396 SL_ERROR|SL_TRACE|SL_CONSOLE, 12397 "ipsec_out_process: " 12398 "Self-Encapsulation failed: Out of memory\n"); 12399 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 12400 ip_drop_output("ipIfStatsOutDiscards", mp, ill); 12401 freemsg(mp); 12402 return (ENOBUFS); 12403 } 12404 inner_mp = mp; 12405 ASSERT(inner_mp->b_datap->db_type == M_DATA); 12406 oipha = (ipha_t *)outer_mp->b_rptr; 12407 iipha = (ipha_t *)inner_mp->b_rptr; 12408 *oipha = *iipha; 12409 outer_mp->b_wptr += sizeof (ipha_t); 12410 oipha->ipha_length = htons(ntohs(iipha->ipha_length) + 12411 sizeof (ipha_t)); 12412 oipha->ipha_protocol = IPPROTO_ENCAP; 12413 oipha->ipha_version_and_hdr_length = 12414 IP_SIMPLE_HDR_VERSION; 12415 oipha->ipha_hdr_checksum = 0; 12416 oipha->ipha_hdr_checksum = ip_csum_hdr(oipha); 12417 outer_mp->b_cont = inner_mp; 12418 mp = outer_mp; 12419 12420 ixa->ixa_flags |= IXAF_IPSEC_TUNNEL; 12421 } 12422 12423 /* If we need to wait for a SA then we can't return any errno */ 12424 if (((ap->ipa_want_ah && (ixa->ixa_ipsec_ah_sa == NULL)) || 12425 (ap->ipa_want_esp && (ixa->ixa_ipsec_esp_sa == NULL))) && 12426 !ipsec_out_select_sa(mp, ixa)) 12427 return (0); 12428 12429 /* 12430 * By now, we know what SA's to use. Toss over to ESP & AH 12431 * to do the heavy lifting. 12432 */ 12433 if (ap->ipa_want_esp) { 12434 ASSERT(ixa->ixa_ipsec_esp_sa != NULL); 12435 12436 mp = ixa->ixa_ipsec_esp_sa->ipsa_output_func(mp, ixa); 12437 if (mp == NULL) { 12438 /* 12439 * Either it failed or is pending. In the former case 12440 * ipIfStatsInDiscards was increased. 12441 */ 12442 return (0); 12443 } 12444 } 12445 12446 if (ap->ipa_want_ah) { 12447 ASSERT(ixa->ixa_ipsec_ah_sa != NULL); 12448 12449 mp = ixa->ixa_ipsec_ah_sa->ipsa_output_func(mp, ixa); 12450 if (mp == NULL) { 12451 /* 12452 * Either it failed or is pending. In the former case 12453 * ipIfStatsInDiscards was increased. 12454 */ 12455 return (0); 12456 } 12457 } 12458 /* 12459 * We are done with IPsec processing. Send it over 12460 * the wire. 12461 */ 12462 return (ip_output_post_ipsec(mp, ixa)); 12463 } 12464 12465 /* 12466 * ioctls that go through a down/up sequence may need to wait for the down 12467 * to complete. This involves waiting for the ire and ipif refcnts to go down 12468 * to zero. Subsequently the ioctl is restarted from ipif_ill_refrele_tail. 12469 */ 12470 /* ARGSUSED */ 12471 void 12472 ip_reprocess_ioctl(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *dummy_arg) 12473 { 12474 struct iocblk *iocp; 12475 mblk_t *mp1; 12476 ip_ioctl_cmd_t *ipip; 12477 int err; 12478 sin_t *sin; 12479 struct lifreq *lifr; 12480 struct ifreq *ifr; 12481 12482 iocp = (struct iocblk *)mp->b_rptr; 12483 ASSERT(ipsq != NULL); 12484 /* Existence of mp1 verified in ip_wput_nondata */ 12485 mp1 = mp->b_cont->b_cont; 12486 ipip = ip_sioctl_lookup(iocp->ioc_cmd); 12487 if (ipip->ipi_cmd == SIOCSLIFNAME || ipip->ipi_cmd == IF_UNITSEL) { 12488 /* 12489 * Special case where ipx_current_ipif is not set: 12490 * ill_phyint_reinit merged the v4 and v6 into a single ipsq. 12491 * We are here as were not able to complete the operation in 12492 * ipif_set_values because we could not become exclusive on 12493 * the new ipsq. 12494 */ 12495 ill_t *ill = q->q_ptr; 12496 ipsq_current_start(ipsq, ill->ill_ipif, ipip->ipi_cmd); 12497 } 12498 ASSERT(ipsq->ipsq_xop->ipx_current_ipif != NULL); 12499 12500 if (ipip->ipi_cmd_type == IF_CMD) { 12501 /* This a old style SIOC[GS]IF* command */ 12502 ifr = (struct ifreq *)mp1->b_rptr; 12503 sin = (sin_t *)&ifr->ifr_addr; 12504 } else if (ipip->ipi_cmd_type == LIF_CMD) { 12505 /* This a new style SIOC[GS]LIF* command */ 12506 lifr = (struct lifreq *)mp1->b_rptr; 12507 sin = (sin_t *)&lifr->lifr_addr; 12508 } else { 12509 sin = NULL; 12510 } 12511 12512 err = (*ipip->ipi_func_restart)(ipsq->ipsq_xop->ipx_current_ipif, sin, 12513 q, mp, ipip, mp1->b_rptr); 12514 12515 DTRACE_PROBE4(ipif__ioctl, char *, "ip_reprocess_ioctl finish", 12516 int, ipip->ipi_cmd, 12517 ill_t *, ipsq->ipsq_xop->ipx_current_ipif->ipif_ill, 12518 ipif_t *, ipsq->ipsq_xop->ipx_current_ipif); 12519 12520 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), ipsq); 12521 } 12522 12523 /* 12524 * ioctl processing 12525 * 12526 * ioctl processing starts with ip_sioctl_copyin_setup(), which looks up 12527 * the ioctl command in the ioctl tables, determines the copyin data size 12528 * from the ipi_copyin_size field, and does an mi_copyin() of that size. 12529 * 12530 * ioctl processing then continues when the M_IOCDATA makes its way down to 12531 * ip_wput_nondata(). The ioctl is looked up again in the ioctl table, its 12532 * associated 'conn' is refheld till the end of the ioctl and the general 12533 * ioctl processing function ip_process_ioctl() is called to extract the 12534 * arguments and process the ioctl. To simplify extraction, ioctl commands 12535 * are "typed" based on the arguments they take (e.g., LIF_CMD which takes a 12536 * `struct lifreq'), and a common extract function (e.g., ip_extract_lifreq()) 12537 * is used to extract the ioctl's arguments. 12538 * 12539 * ip_process_ioctl determines if the ioctl needs to be serialized, and if 12540 * so goes thru the serialization primitive ipsq_try_enter. Then the 12541 * appropriate function to handle the ioctl is called based on the entry in 12542 * the ioctl table. ioctl completion is encapsulated in ip_ioctl_finish 12543 * which also refreleases the 'conn' that was refheld at the start of the 12544 * ioctl. Finally ipsq_exit is called if needed to exit the ipsq. 12545 * 12546 * Many exclusive ioctls go thru an internal down up sequence as part of 12547 * the operation. For example an attempt to change the IP address of an 12548 * ipif entails ipif_down, set address, ipif_up. Bringing down the interface 12549 * does all the cleanup such as deleting all ires that use this address. 12550 * Then we need to wait till all references to the interface go away. 12551 */ 12552 void 12553 ip_process_ioctl(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *arg) 12554 { 12555 struct iocblk *iocp = (struct iocblk *)mp->b_rptr; 12556 ip_ioctl_cmd_t *ipip = arg; 12557 ip_extract_func_t *extract_funcp; 12558 cmd_info_t ci; 12559 int err; 12560 boolean_t entered_ipsq = B_FALSE; 12561 12562 ip3dbg(("ip_process_ioctl: ioctl %X\n", iocp->ioc_cmd)); 12563 12564 if (ipip == NULL) 12565 ipip = ip_sioctl_lookup(iocp->ioc_cmd); 12566 12567 /* 12568 * SIOCLIFADDIF needs to go thru a special path since the 12569 * ill may not exist yet. This happens in the case of lo0 12570 * which is created using this ioctl. 12571 */ 12572 if (ipip->ipi_cmd == SIOCLIFADDIF) { 12573 err = ip_sioctl_addif(NULL, NULL, q, mp, NULL, NULL); 12574 DTRACE_PROBE4(ipif__ioctl, char *, "ip_process_ioctl finish", 12575 int, ipip->ipi_cmd, ill_t *, NULL, ipif_t *, NULL); 12576 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), NULL); 12577 return; 12578 } 12579 12580 ci.ci_ipif = NULL; 12581 switch (ipip->ipi_cmd_type) { 12582 case MISC_CMD: 12583 case MSFILT_CMD: 12584 /* 12585 * All MISC_CMD ioctls come in here -- e.g. SIOCGLIFCONF. 12586 */ 12587 if (ipip->ipi_cmd == IF_UNITSEL) { 12588 /* ioctl comes down the ill */ 12589 ci.ci_ipif = ((ill_t *)q->q_ptr)->ill_ipif; 12590 ipif_refhold(ci.ci_ipif); 12591 } 12592 err = 0; 12593 ci.ci_sin = NULL; 12594 ci.ci_sin6 = NULL; 12595 ci.ci_lifr = NULL; 12596 extract_funcp = NULL; 12597 break; 12598 12599 case IF_CMD: 12600 case LIF_CMD: 12601 extract_funcp = ip_extract_lifreq; 12602 break; 12603 12604 case ARP_CMD: 12605 case XARP_CMD: 12606 extract_funcp = ip_extract_arpreq; 12607 break; 12608 12609 default: 12610 ASSERT(0); 12611 } 12612 12613 if (extract_funcp != NULL) { 12614 err = (*extract_funcp)(q, mp, ipip, &ci); 12615 if (err != 0) { 12616 DTRACE_PROBE4(ipif__ioctl, 12617 char *, "ip_process_ioctl finish err", 12618 int, ipip->ipi_cmd, ill_t *, NULL, ipif_t *, NULL); 12619 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), NULL); 12620 return; 12621 } 12622 12623 /* 12624 * All of the extraction functions return a refheld ipif. 12625 */ 12626 ASSERT(ci.ci_ipif != NULL); 12627 } 12628 12629 if (!(ipip->ipi_flags & IPI_WR)) { 12630 /* 12631 * A return value of EINPROGRESS means the ioctl is 12632 * either queued and waiting for some reason or has 12633 * already completed. 12634 */ 12635 err = (*ipip->ipi_func)(ci.ci_ipif, ci.ci_sin, q, mp, ipip, 12636 ci.ci_lifr); 12637 if (ci.ci_ipif != NULL) { 12638 DTRACE_PROBE4(ipif__ioctl, 12639 char *, "ip_process_ioctl finish RD", 12640 int, ipip->ipi_cmd, ill_t *, ci.ci_ipif->ipif_ill, 12641 ipif_t *, ci.ci_ipif); 12642 ipif_refrele(ci.ci_ipif); 12643 } else { 12644 DTRACE_PROBE4(ipif__ioctl, 12645 char *, "ip_process_ioctl finish RD", 12646 int, ipip->ipi_cmd, ill_t *, NULL, ipif_t *, NULL); 12647 } 12648 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), NULL); 12649 return; 12650 } 12651 12652 ASSERT(ci.ci_ipif != NULL); 12653 12654 /* 12655 * If ipsq is non-NULL, we are already being called exclusively 12656 */ 12657 ASSERT(ipsq == NULL || IAM_WRITER_IPSQ(ipsq)); 12658 if (ipsq == NULL) { 12659 ipsq = ipsq_try_enter(ci.ci_ipif, NULL, q, mp, ip_process_ioctl, 12660 NEW_OP, B_TRUE); 12661 if (ipsq == NULL) { 12662 ipif_refrele(ci.ci_ipif); 12663 return; 12664 } 12665 entered_ipsq = B_TRUE; 12666 } 12667 /* 12668 * Release the ipif so that ipif_down and friends that wait for 12669 * references to go away are not misled about the current ipif_refcnt 12670 * values. We are writer so we can access the ipif even after releasing 12671 * the ipif. 12672 */ 12673 ipif_refrele(ci.ci_ipif); 12674 12675 ipsq_current_start(ipsq, ci.ci_ipif, ipip->ipi_cmd); 12676 12677 /* 12678 * A return value of EINPROGRESS means the ioctl is 12679 * either queued and waiting for some reason or has 12680 * already completed. 12681 */ 12682 err = (*ipip->ipi_func)(ci.ci_ipif, ci.ci_sin, q, mp, ipip, ci.ci_lifr); 12683 12684 DTRACE_PROBE4(ipif__ioctl, char *, "ip_process_ioctl finish WR", 12685 int, ipip->ipi_cmd, 12686 ill_t *, ci.ci_ipif == NULL ? NULL : ci.ci_ipif->ipif_ill, 12687 ipif_t *, ci.ci_ipif); 12688 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), ipsq); 12689 12690 if (entered_ipsq) 12691 ipsq_exit(ipsq); 12692 } 12693 12694 /* 12695 * Complete the ioctl. Typically ioctls use the mi package and need to 12696 * do mi_copyout/mi_copy_done. 12697 */ 12698 void 12699 ip_ioctl_finish(queue_t *q, mblk_t *mp, int err, int mode, ipsq_t *ipsq) 12700 { 12701 conn_t *connp = NULL; 12702 12703 if (err == EINPROGRESS) 12704 return; 12705 12706 if (CONN_Q(q)) { 12707 connp = Q_TO_CONN(q); 12708 ASSERT(connp->conn_ref >= 2); 12709 } 12710 12711 switch (mode) { 12712 case COPYOUT: 12713 if (err == 0) 12714 mi_copyout(q, mp); 12715 else 12716 mi_copy_done(q, mp, err); 12717 break; 12718 12719 case NO_COPYOUT: 12720 mi_copy_done(q, mp, err); 12721 break; 12722 12723 default: 12724 ASSERT(mode == CONN_CLOSE); /* aborted through CONN_CLOSE */ 12725 break; 12726 } 12727 12728 /* 12729 * The conn refhold and ioctlref placed on the conn at the start of the 12730 * ioctl are released here. 12731 */ 12732 if (connp != NULL) { 12733 CONN_DEC_IOCTLREF(connp); 12734 CONN_OPER_PENDING_DONE(connp); 12735 } 12736 12737 if (ipsq != NULL) 12738 ipsq_current_finish(ipsq); 12739 } 12740 12741 /* Handles all non data messages */ 12742 void 12743 ip_wput_nondata(queue_t *q, mblk_t *mp) 12744 { 12745 mblk_t *mp1; 12746 struct iocblk *iocp; 12747 ip_ioctl_cmd_t *ipip; 12748 conn_t *connp; 12749 cred_t *cr; 12750 char *proto_str; 12751 12752 if (CONN_Q(q)) 12753 connp = Q_TO_CONN(q); 12754 else 12755 connp = NULL; 12756 12757 switch (DB_TYPE(mp)) { 12758 case M_IOCTL: 12759 /* 12760 * IOCTL processing begins in ip_sioctl_copyin_setup which 12761 * will arrange to copy in associated control structures. 12762 */ 12763 ip_sioctl_copyin_setup(q, mp); 12764 return; 12765 case M_IOCDATA: 12766 /* 12767 * Ensure that this is associated with one of our trans- 12768 * parent ioctls. If it's not ours, discard it if we're 12769 * running as a driver, or pass it on if we're a module. 12770 */ 12771 iocp = (struct iocblk *)mp->b_rptr; 12772 ipip = ip_sioctl_lookup(iocp->ioc_cmd); 12773 if (ipip == NULL) { 12774 if (q->q_next == NULL) { 12775 goto nak; 12776 } else { 12777 putnext(q, mp); 12778 } 12779 return; 12780 } 12781 if ((q->q_next != NULL) && !(ipip->ipi_flags & IPI_MODOK)) { 12782 /* 12783 * The ioctl is one we recognise, but is not consumed 12784 * by IP as a module and we are a module, so we drop 12785 */ 12786 goto nak; 12787 } 12788 12789 /* IOCTL continuation following copyin or copyout. */ 12790 if (mi_copy_state(q, mp, NULL) == -1) { 12791 /* 12792 * The copy operation failed. mi_copy_state already 12793 * cleaned up, so we're out of here. 12794 */ 12795 return; 12796 } 12797 /* 12798 * If we just completed a copy in, we become writer and 12799 * continue processing in ip_sioctl_copyin_done. If it 12800 * was a copy out, we call mi_copyout again. If there is 12801 * nothing more to copy out, it will complete the IOCTL. 12802 */ 12803 if (MI_COPY_DIRECTION(mp) == MI_COPY_IN) { 12804 if (!(mp1 = mp->b_cont) || !(mp1 = mp1->b_cont)) { 12805 mi_copy_done(q, mp, EPROTO); 12806 return; 12807 } 12808 /* 12809 * Check for cases that need more copying. A return 12810 * value of 0 means a second copyin has been started, 12811 * so we return; a return value of 1 means no more 12812 * copying is needed, so we continue. 12813 */ 12814 if (ipip->ipi_cmd_type == MSFILT_CMD && 12815 MI_COPY_COUNT(mp) == 1) { 12816 if (ip_copyin_msfilter(q, mp) == 0) 12817 return; 12818 } 12819 /* 12820 * Refhold the conn, till the ioctl completes. This is 12821 * needed in case the ioctl ends up in the pending mp 12822 * list. Every mp in the ipx_pending_mp list must have 12823 * a refhold on the conn to resume processing. The 12824 * refhold is released when the ioctl completes 12825 * (whether normally or abnormally). An ioctlref is also 12826 * placed on the conn to prevent TCP from removing the 12827 * queue needed to send the ioctl reply back. 12828 * In all cases ip_ioctl_finish is called to finish 12829 * the ioctl and release the refholds. 12830 */ 12831 if (connp != NULL) { 12832 /* This is not a reentry */ 12833 CONN_INC_REF(connp); 12834 CONN_INC_IOCTLREF(connp); 12835 } else { 12836 if (!(ipip->ipi_flags & IPI_MODOK)) { 12837 mi_copy_done(q, mp, EINVAL); 12838 return; 12839 } 12840 } 12841 12842 ip_process_ioctl(NULL, q, mp, ipip); 12843 12844 } else { 12845 mi_copyout(q, mp); 12846 } 12847 return; 12848 12849 case M_IOCNAK: 12850 /* 12851 * The only way we could get here is if a resolver didn't like 12852 * an IOCTL we sent it. This shouldn't happen. 12853 */ 12854 (void) mi_strlog(q, 1, SL_ERROR|SL_TRACE, 12855 "ip_wput_nondata: unexpected M_IOCNAK, ioc_cmd 0x%x", 12856 ((struct iocblk *)mp->b_rptr)->ioc_cmd); 12857 freemsg(mp); 12858 return; 12859 case M_IOCACK: 12860 /* /dev/ip shouldn't see this */ 12861 goto nak; 12862 case M_FLUSH: 12863 if (*mp->b_rptr & FLUSHW) 12864 flushq(q, FLUSHALL); 12865 if (q->q_next) { 12866 putnext(q, mp); 12867 return; 12868 } 12869 if (*mp->b_rptr & FLUSHR) { 12870 *mp->b_rptr &= ~FLUSHW; 12871 qreply(q, mp); 12872 return; 12873 } 12874 freemsg(mp); 12875 return; 12876 case M_CTL: 12877 break; 12878 case M_PROTO: 12879 case M_PCPROTO: 12880 /* 12881 * The only PROTO messages we expect are SNMP-related. 12882 */ 12883 switch (((union T_primitives *)mp->b_rptr)->type) { 12884 case T_SVR4_OPTMGMT_REQ: 12885 ip2dbg(("ip_wput_nondata: T_SVR4_OPTMGMT_REQ " 12886 "flags %x\n", 12887 ((struct T_optmgmt_req *)mp->b_rptr)->MGMT_flags)); 12888 12889 if (connp == NULL) { 12890 proto_str = "T_SVR4_OPTMGMT_REQ"; 12891 goto protonak; 12892 } 12893 12894 /* 12895 * All Solaris components should pass a db_credp 12896 * for this TPI message, hence we ASSERT. 12897 * But in case there is some other M_PROTO that looks 12898 * like a TPI message sent by some other kernel 12899 * component, we check and return an error. 12900 */ 12901 cr = msg_getcred(mp, NULL); 12902 ASSERT(cr != NULL); 12903 if (cr == NULL) { 12904 mp = mi_tpi_err_ack_alloc(mp, TSYSERR, EINVAL); 12905 if (mp != NULL) 12906 qreply(q, mp); 12907 return; 12908 } 12909 12910 if (!snmpcom_req(q, mp, ip_snmp_set, ip_snmp_get, cr)) { 12911 proto_str = "Bad SNMPCOM request?"; 12912 goto protonak; 12913 } 12914 return; 12915 default: 12916 ip1dbg(("ip_wput_nondata: dropping M_PROTO prim %u\n", 12917 (int)*(uint_t *)mp->b_rptr)); 12918 freemsg(mp); 12919 return; 12920 } 12921 default: 12922 break; 12923 } 12924 if (q->q_next) { 12925 putnext(q, mp); 12926 } else 12927 freemsg(mp); 12928 return; 12929 12930 nak: 12931 iocp->ioc_error = EINVAL; 12932 mp->b_datap->db_type = M_IOCNAK; 12933 iocp->ioc_count = 0; 12934 qreply(q, mp); 12935 return; 12936 12937 protonak: 12938 cmn_err(CE_NOTE, "IP doesn't process %s as a module", proto_str); 12939 if ((mp = mi_tpi_err_ack_alloc(mp, TPROTO, EINVAL)) != NULL) 12940 qreply(q, mp); 12941 } 12942 12943 /* 12944 * Process IP options in an outbound packet. Verify that the nexthop in a 12945 * strict source route is onlink. 12946 * Returns non-zero if something fails in which case an ICMP error has been 12947 * sent and mp freed. 12948 * 12949 * Assumes the ULP has called ip_massage_options to move nexthop into ipha_dst. 12950 */ 12951 int 12952 ip_output_options(mblk_t *mp, ipha_t *ipha, ip_xmit_attr_t *ixa, ill_t *ill) 12953 { 12954 ipoptp_t opts; 12955 uchar_t *opt; 12956 uint8_t optval; 12957 uint8_t optlen; 12958 ipaddr_t dst; 12959 intptr_t code = 0; 12960 ire_t *ire; 12961 ip_stack_t *ipst = ixa->ixa_ipst; 12962 ip_recv_attr_t iras; 12963 12964 ip2dbg(("ip_output_options\n")); 12965 12966 dst = ipha->ipha_dst; 12967 for (optval = ipoptp_first(&opts, ipha); 12968 optval != IPOPT_EOL; 12969 optval = ipoptp_next(&opts)) { 12970 opt = opts.ipoptp_cur; 12971 optlen = opts.ipoptp_len; 12972 ip2dbg(("ip_output_options: opt %d, len %d\n", 12973 optval, optlen)); 12974 switch (optval) { 12975 uint32_t off; 12976 case IPOPT_SSRR: 12977 case IPOPT_LSRR: 12978 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) { 12979 ip1dbg(( 12980 "ip_output_options: bad option offset\n")); 12981 code = (char *)&opt[IPOPT_OLEN] - 12982 (char *)ipha; 12983 goto param_prob; 12984 } 12985 off = opt[IPOPT_OFFSET]; 12986 ip1dbg(("ip_output_options: next hop 0x%x\n", 12987 ntohl(dst))); 12988 /* 12989 * For strict: verify that dst is directly 12990 * reachable. 12991 */ 12992 if (optval == IPOPT_SSRR) { 12993 ire = ire_ftable_lookup_v4(dst, 0, 0, 12994 IRE_INTERFACE, NULL, ALL_ZONES, 12995 ixa->ixa_tsl, 12996 MATCH_IRE_TYPE | MATCH_IRE_SECATTR, 0, ipst, 12997 NULL); 12998 if (ire == NULL) { 12999 ip1dbg(("ip_output_options: SSRR not" 13000 " directly reachable: 0x%x\n", 13001 ntohl(dst))); 13002 goto bad_src_route; 13003 } 13004 ire_refrele(ire); 13005 } 13006 break; 13007 case IPOPT_RR: 13008 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) { 13009 ip1dbg(( 13010 "ip_output_options: bad option offset\n")); 13011 code = (char *)&opt[IPOPT_OLEN] - 13012 (char *)ipha; 13013 goto param_prob; 13014 } 13015 break; 13016 case IPOPT_TS: 13017 /* 13018 * Verify that length >=5 and that there is either 13019 * room for another timestamp or that the overflow 13020 * counter is not maxed out. 13021 */ 13022 code = (char *)&opt[IPOPT_OLEN] - (char *)ipha; 13023 if (optlen < IPOPT_MINLEN_IT) { 13024 goto param_prob; 13025 } 13026 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) { 13027 ip1dbg(( 13028 "ip_output_options: bad option offset\n")); 13029 code = (char *)&opt[IPOPT_OFFSET] - 13030 (char *)ipha; 13031 goto param_prob; 13032 } 13033 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) { 13034 case IPOPT_TS_TSONLY: 13035 off = IPOPT_TS_TIMELEN; 13036 break; 13037 case IPOPT_TS_TSANDADDR: 13038 case IPOPT_TS_PRESPEC: 13039 case IPOPT_TS_PRESPEC_RFC791: 13040 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN; 13041 break; 13042 default: 13043 code = (char *)&opt[IPOPT_POS_OV_FLG] - 13044 (char *)ipha; 13045 goto param_prob; 13046 } 13047 if (opt[IPOPT_OFFSET] - 1 + off > optlen && 13048 (opt[IPOPT_POS_OV_FLG] & 0xF0) == 0xF0) { 13049 /* 13050 * No room and the overflow counter is 15 13051 * already. 13052 */ 13053 goto param_prob; 13054 } 13055 break; 13056 } 13057 } 13058 13059 if ((opts.ipoptp_flags & IPOPTP_ERROR) == 0) 13060 return (0); 13061 13062 ip1dbg(("ip_output_options: error processing IP options.")); 13063 code = (char *)&opt[IPOPT_OFFSET] - (char *)ipha; 13064 13065 param_prob: 13066 bzero(&iras, sizeof (iras)); 13067 iras.ira_ill = iras.ira_rill = ill; 13068 iras.ira_ruifindex = ill->ill_phyint->phyint_ifindex; 13069 iras.ira_rifindex = iras.ira_ruifindex; 13070 iras.ira_flags = IRAF_IS_IPV4; 13071 13072 ip_drop_output("ip_output_options", mp, ill); 13073 icmp_param_problem(mp, (uint8_t)code, &iras); 13074 ASSERT(!(iras.ira_flags & IRAF_IPSEC_SECURE)); 13075 return (-1); 13076 13077 bad_src_route: 13078 bzero(&iras, sizeof (iras)); 13079 iras.ira_ill = iras.ira_rill = ill; 13080 iras.ira_ruifindex = ill->ill_phyint->phyint_ifindex; 13081 iras.ira_rifindex = iras.ira_ruifindex; 13082 iras.ira_flags = IRAF_IS_IPV4; 13083 13084 ip_drop_input("ICMP_SOURCE_ROUTE_FAILED", mp, ill); 13085 icmp_unreachable(mp, ICMP_SOURCE_ROUTE_FAILED, &iras); 13086 ASSERT(!(iras.ira_flags & IRAF_IPSEC_SECURE)); 13087 return (-1); 13088 } 13089 13090 /* 13091 * The maximum value of conn_drain_list_cnt is CONN_MAXDRAINCNT. 13092 * conn_drain_list_cnt can be changed by setting conn_drain_nthreads 13093 * thru /etc/system. 13094 */ 13095 #define CONN_MAXDRAINCNT 64 13096 13097 static void 13098 conn_drain_init(ip_stack_t *ipst) 13099 { 13100 int i, j; 13101 idl_tx_list_t *itl_tx; 13102 13103 ipst->ips_conn_drain_list_cnt = conn_drain_nthreads; 13104 13105 if ((ipst->ips_conn_drain_list_cnt == 0) || 13106 (ipst->ips_conn_drain_list_cnt > CONN_MAXDRAINCNT)) { 13107 /* 13108 * Default value of the number of drainers is the 13109 * number of cpus, subject to maximum of 8 drainers. 13110 */ 13111 if (boot_max_ncpus != -1) 13112 ipst->ips_conn_drain_list_cnt = MIN(boot_max_ncpus, 8); 13113 else 13114 ipst->ips_conn_drain_list_cnt = MIN(max_ncpus, 8); 13115 } 13116 13117 ipst->ips_idl_tx_list = 13118 kmem_zalloc(TX_FANOUT_SIZE * sizeof (idl_tx_list_t), KM_SLEEP); 13119 for (i = 0; i < TX_FANOUT_SIZE; i++) { 13120 itl_tx = &ipst->ips_idl_tx_list[i]; 13121 itl_tx->txl_drain_list = 13122 kmem_zalloc(ipst->ips_conn_drain_list_cnt * 13123 sizeof (idl_t), KM_SLEEP); 13124 mutex_init(&itl_tx->txl_lock, NULL, MUTEX_DEFAULT, NULL); 13125 for (j = 0; j < ipst->ips_conn_drain_list_cnt; j++) { 13126 mutex_init(&itl_tx->txl_drain_list[j].idl_lock, NULL, 13127 MUTEX_DEFAULT, NULL); 13128 itl_tx->txl_drain_list[j].idl_itl = itl_tx; 13129 } 13130 } 13131 } 13132 13133 static void 13134 conn_drain_fini(ip_stack_t *ipst) 13135 { 13136 int i; 13137 idl_tx_list_t *itl_tx; 13138 13139 for (i = 0; i < TX_FANOUT_SIZE; i++) { 13140 itl_tx = &ipst->ips_idl_tx_list[i]; 13141 kmem_free(itl_tx->txl_drain_list, 13142 ipst->ips_conn_drain_list_cnt * sizeof (idl_t)); 13143 } 13144 kmem_free(ipst->ips_idl_tx_list, 13145 TX_FANOUT_SIZE * sizeof (idl_tx_list_t)); 13146 ipst->ips_idl_tx_list = NULL; 13147 } 13148 13149 /* 13150 * Flow control has blocked us from proceeding. Insert the given conn in one 13151 * of the conn drain lists. When flow control is unblocked, either ip_wsrv() 13152 * (STREAMS) or ill_flow_enable() (direct) will be called back, which in turn 13153 * will call conn_walk_drain(). See the flow control notes at the top of this 13154 * file for more details. 13155 */ 13156 void 13157 conn_drain_insert(conn_t *connp, idl_tx_list_t *tx_list) 13158 { 13159 idl_t *idl = tx_list->txl_drain_list; 13160 uint_t index; 13161 ip_stack_t *ipst = connp->conn_netstack->netstack_ip; 13162 13163 mutex_enter(&connp->conn_lock); 13164 if (connp->conn_state_flags & CONN_CLOSING) { 13165 /* 13166 * The conn is closing as a result of which CONN_CLOSING 13167 * is set. Return. 13168 */ 13169 mutex_exit(&connp->conn_lock); 13170 return; 13171 } else if (connp->conn_idl == NULL) { 13172 /* 13173 * Assign the next drain list round robin. We dont' use 13174 * a lock, and thus it may not be strictly round robin. 13175 * Atomicity of load/stores is enough to make sure that 13176 * conn_drain_list_index is always within bounds. 13177 */ 13178 index = tx_list->txl_drain_index; 13179 ASSERT(index < ipst->ips_conn_drain_list_cnt); 13180 connp->conn_idl = &tx_list->txl_drain_list[index]; 13181 index++; 13182 if (index == ipst->ips_conn_drain_list_cnt) 13183 index = 0; 13184 tx_list->txl_drain_index = index; 13185 } else { 13186 ASSERT(connp->conn_idl->idl_itl == tx_list); 13187 } 13188 mutex_exit(&connp->conn_lock); 13189 13190 idl = connp->conn_idl; 13191 mutex_enter(&idl->idl_lock); 13192 if ((connp->conn_drain_prev != NULL) || 13193 (connp->conn_state_flags & CONN_CLOSING)) { 13194 /* 13195 * The conn is either already in the drain list or closing. 13196 * (We needed to check for CONN_CLOSING again since close can 13197 * sneak in between dropping conn_lock and acquiring idl_lock.) 13198 */ 13199 mutex_exit(&idl->idl_lock); 13200 return; 13201 } 13202 13203 /* 13204 * The conn is not in the drain list. Insert it at the 13205 * tail of the drain list. The drain list is circular 13206 * and doubly linked. idl_conn points to the 1st element 13207 * in the list. 13208 */ 13209 if (idl->idl_conn == NULL) { 13210 idl->idl_conn = connp; 13211 connp->conn_drain_next = connp; 13212 connp->conn_drain_prev = connp; 13213 } else { 13214 conn_t *head = idl->idl_conn; 13215 13216 connp->conn_drain_next = head; 13217 connp->conn_drain_prev = head->conn_drain_prev; 13218 head->conn_drain_prev->conn_drain_next = connp; 13219 head->conn_drain_prev = connp; 13220 } 13221 /* 13222 * For non streams based sockets assert flow control. 13223 */ 13224 conn_setqfull(connp, NULL); 13225 mutex_exit(&idl->idl_lock); 13226 } 13227 13228 static void 13229 conn_drain_remove(conn_t *connp) 13230 { 13231 idl_t *idl = connp->conn_idl; 13232 13233 if (idl != NULL) { 13234 /* 13235 * Remove ourself from the drain list. 13236 */ 13237 if (connp->conn_drain_next == connp) { 13238 /* Singleton in the list */ 13239 ASSERT(connp->conn_drain_prev == connp); 13240 idl->idl_conn = NULL; 13241 } else { 13242 connp->conn_drain_prev->conn_drain_next = 13243 connp->conn_drain_next; 13244 connp->conn_drain_next->conn_drain_prev = 13245 connp->conn_drain_prev; 13246 if (idl->idl_conn == connp) 13247 idl->idl_conn = connp->conn_drain_next; 13248 } 13249 13250 /* 13251 * NOTE: because conn_idl is associated with a specific drain 13252 * list which in turn is tied to the index the TX ring 13253 * (txl_cookie) hashes to, and because the TX ring can change 13254 * over the lifetime of the conn_t, we must clear conn_idl so 13255 * a subsequent conn_drain_insert() will set conn_idl again 13256 * based on the latest txl_cookie. 13257 */ 13258 connp->conn_idl = NULL; 13259 } 13260 connp->conn_drain_next = NULL; 13261 connp->conn_drain_prev = NULL; 13262 13263 conn_clrqfull(connp, NULL); 13264 /* 13265 * For streams based sockets open up flow control. 13266 */ 13267 if (!IPCL_IS_NONSTR(connp)) 13268 enableok(connp->conn_wq); 13269 } 13270 13271 /* 13272 * This conn is closing, and we are called from ip_close. OR 13273 * this conn is draining because flow-control on the ill has been relieved. 13274 * 13275 * We must also need to remove conn's on this idl from the list, and also 13276 * inform the sockfs upcalls about the change in flow-control. 13277 */ 13278 static void 13279 conn_drain(conn_t *connp, boolean_t closing) 13280 { 13281 idl_t *idl; 13282 conn_t *next_connp; 13283 13284 /* 13285 * connp->conn_idl is stable at this point, and no lock is needed 13286 * to check it. If we are called from ip_close, close has already 13287 * set CONN_CLOSING, thus freezing the value of conn_idl, and 13288 * called us only because conn_idl is non-null. If we are called thru 13289 * service, conn_idl could be null, but it cannot change because 13290 * service is single-threaded per queue, and there cannot be another 13291 * instance of service trying to call conn_drain_insert on this conn 13292 * now. 13293 */ 13294 ASSERT(!closing || connp == NULL || connp->conn_idl != NULL); 13295 13296 /* 13297 * If the conn doesn't exist or is not on a drain list, bail. 13298 */ 13299 if (connp == NULL || connp->conn_idl == NULL || 13300 connp->conn_drain_prev == NULL) { 13301 return; 13302 } 13303 13304 idl = connp->conn_idl; 13305 ASSERT(MUTEX_HELD(&idl->idl_lock)); 13306 13307 if (!closing) { 13308 next_connp = connp->conn_drain_next; 13309 while (next_connp != connp) { 13310 conn_t *delconnp = next_connp; 13311 13312 next_connp = next_connp->conn_drain_next; 13313 conn_drain_remove(delconnp); 13314 } 13315 ASSERT(connp->conn_drain_next == idl->idl_conn); 13316 } 13317 conn_drain_remove(connp); 13318 } 13319 13320 /* 13321 * Write service routine. Shared perimeter entry point. 13322 * The device queue's messages has fallen below the low water mark and STREAMS 13323 * has backenabled the ill_wq. Send sockfs notification about flow-control on 13324 * each waiting conn. 13325 */ 13326 void 13327 ip_wsrv(queue_t *q) 13328 { 13329 ill_t *ill; 13330 13331 ill = (ill_t *)q->q_ptr; 13332 if (ill->ill_state_flags == 0) { 13333 ip_stack_t *ipst = ill->ill_ipst; 13334 13335 /* 13336 * The device flow control has opened up. 13337 * Walk through conn drain lists and qenable the 13338 * first conn in each list. This makes sense only 13339 * if the stream is fully plumbed and setup. 13340 * Hence the ill_state_flags check above. 13341 */ 13342 ip1dbg(("ip_wsrv: walking\n")); 13343 conn_walk_drain(ipst, &ipst->ips_idl_tx_list[0]); 13344 enableok(ill->ill_wq); 13345 } 13346 } 13347 13348 /* 13349 * Callback to disable flow control in IP. 13350 * 13351 * This is a mac client callback added when the DLD_CAPAB_DIRECT capability 13352 * is enabled. 13353 * 13354 * When MAC_TX() is not able to send any more packets, dld sets its queue 13355 * to QFULL and enable the STREAMS flow control. Later, when the underlying 13356 * driver is able to continue to send packets, it calls mac_tx_(ring_)update() 13357 * function and wakes up corresponding mac worker threads, which in turn 13358 * calls this callback function, and disables flow control. 13359 */ 13360 void 13361 ill_flow_enable(void *arg, ip_mac_tx_cookie_t cookie) 13362 { 13363 ill_t *ill = (ill_t *)arg; 13364 ip_stack_t *ipst = ill->ill_ipst; 13365 idl_tx_list_t *idl_txl; 13366 13367 idl_txl = &ipst->ips_idl_tx_list[IDLHASHINDEX(cookie)]; 13368 mutex_enter(&idl_txl->txl_lock); 13369 /* add code to to set a flag to indicate idl_txl is enabled */ 13370 conn_walk_drain(ipst, idl_txl); 13371 mutex_exit(&idl_txl->txl_lock); 13372 } 13373 13374 /* 13375 * Flow control has been relieved and STREAMS has backenabled us; drain 13376 * all the conn lists on `tx_list'. 13377 */ 13378 static void 13379 conn_walk_drain(ip_stack_t *ipst, idl_tx_list_t *tx_list) 13380 { 13381 int i; 13382 idl_t *idl; 13383 13384 IP_STAT(ipst, ip_conn_walk_drain); 13385 13386 for (i = 0; i < ipst->ips_conn_drain_list_cnt; i++) { 13387 idl = &tx_list->txl_drain_list[i]; 13388 mutex_enter(&idl->idl_lock); 13389 conn_drain(idl->idl_conn, B_FALSE); 13390 mutex_exit(&idl->idl_lock); 13391 } 13392 } 13393 13394 /* 13395 * Determine if the ill and multicast aspects of that packets 13396 * "matches" the conn. 13397 */ 13398 boolean_t 13399 conn_wantpacket(conn_t *connp, ip_recv_attr_t *ira, ipha_t *ipha) 13400 { 13401 ill_t *ill = ira->ira_rill; 13402 zoneid_t zoneid = ira->ira_zoneid; 13403 uint_t in_ifindex; 13404 ipaddr_t dst, src; 13405 13406 dst = ipha->ipha_dst; 13407 src = ipha->ipha_src; 13408 13409 /* 13410 * conn_incoming_ifindex is set by IP_BOUND_IF which limits 13411 * unicast, broadcast and multicast reception to 13412 * conn_incoming_ifindex. 13413 * conn_wantpacket is called for unicast, broadcast and 13414 * multicast packets. 13415 */ 13416 in_ifindex = connp->conn_incoming_ifindex; 13417 13418 /* mpathd can bind to the under IPMP interface, which we allow */ 13419 if (in_ifindex != 0 && in_ifindex != ill->ill_phyint->phyint_ifindex) { 13420 if (!IS_UNDER_IPMP(ill)) 13421 return (B_FALSE); 13422 13423 if (in_ifindex != ipmp_ill_get_ipmp_ifindex(ill)) 13424 return (B_FALSE); 13425 } 13426 13427 if (!IPCL_ZONE_MATCH(connp, zoneid)) 13428 return (B_FALSE); 13429 13430 if (!(ira->ira_flags & IRAF_MULTICAST)) 13431 return (B_TRUE); 13432 13433 if (connp->conn_multi_router) { 13434 /* multicast packet and multicast router socket: send up */ 13435 return (B_TRUE); 13436 } 13437 13438 if (ipha->ipha_protocol == IPPROTO_PIM || 13439 ipha->ipha_protocol == IPPROTO_RSVP) 13440 return (B_TRUE); 13441 13442 return (conn_hasmembers_ill_withsrc_v4(connp, dst, src, ira->ira_ill)); 13443 } 13444 13445 void 13446 conn_setqfull(conn_t *connp, boolean_t *flow_stopped) 13447 { 13448 if (IPCL_IS_NONSTR(connp)) { 13449 (*connp->conn_upcalls->su_txq_full) 13450 (connp->conn_upper_handle, B_TRUE); 13451 if (flow_stopped != NULL) 13452 *flow_stopped = B_TRUE; 13453 } else { 13454 queue_t *q = connp->conn_wq; 13455 13456 ASSERT(q != NULL); 13457 if (!(q->q_flag & QFULL)) { 13458 mutex_enter(QLOCK(q)); 13459 if (!(q->q_flag & QFULL)) { 13460 /* still need to set QFULL */ 13461 q->q_flag |= QFULL; 13462 /* set flow_stopped to true under QLOCK */ 13463 if (flow_stopped != NULL) 13464 *flow_stopped = B_TRUE; 13465 mutex_exit(QLOCK(q)); 13466 } else { 13467 /* flow_stopped is left unchanged */ 13468 mutex_exit(QLOCK(q)); 13469 } 13470 } 13471 } 13472 } 13473 13474 void 13475 conn_clrqfull(conn_t *connp, boolean_t *flow_stopped) 13476 { 13477 if (IPCL_IS_NONSTR(connp)) { 13478 (*connp->conn_upcalls->su_txq_full) 13479 (connp->conn_upper_handle, B_FALSE); 13480 if (flow_stopped != NULL) 13481 *flow_stopped = B_FALSE; 13482 } else { 13483 queue_t *q = connp->conn_wq; 13484 13485 ASSERT(q != NULL); 13486 if (q->q_flag & QFULL) { 13487 mutex_enter(QLOCK(q)); 13488 if (q->q_flag & QFULL) { 13489 q->q_flag &= ~QFULL; 13490 /* set flow_stopped to false under QLOCK */ 13491 if (flow_stopped != NULL) 13492 *flow_stopped = B_FALSE; 13493 mutex_exit(QLOCK(q)); 13494 if (q->q_flag & QWANTW) 13495 qbackenable(q, 0); 13496 } else { 13497 /* flow_stopped is left unchanged */ 13498 mutex_exit(QLOCK(q)); 13499 } 13500 } 13501 } 13502 13503 mutex_enter(&connp->conn_lock); 13504 connp->conn_blocked = B_FALSE; 13505 mutex_exit(&connp->conn_lock); 13506 } 13507 13508 /* 13509 * Return the length in bytes of the IPv4 headers (base header, label, and 13510 * other IP options) that will be needed based on the 13511 * ip_pkt_t structure passed by the caller. 13512 * 13513 * The returned length does not include the length of the upper level 13514 * protocol (ULP) header. 13515 * The caller needs to check that the length doesn't exceed the max for IPv4. 13516 */ 13517 int 13518 ip_total_hdrs_len_v4(const ip_pkt_t *ipp) 13519 { 13520 int len; 13521 13522 len = IP_SIMPLE_HDR_LENGTH; 13523 if (ipp->ipp_fields & IPPF_LABEL_V4) { 13524 ASSERT(ipp->ipp_label_len_v4 != 0); 13525 /* We need to round up here */ 13526 len += (ipp->ipp_label_len_v4 + 3) & ~3; 13527 } 13528 13529 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) { 13530 ASSERT(ipp->ipp_ipv4_options_len != 0); 13531 ASSERT((ipp->ipp_ipv4_options_len & 3) == 0); 13532 len += ipp->ipp_ipv4_options_len; 13533 } 13534 return (len); 13535 } 13536 13537 /* 13538 * All-purpose routine to build an IPv4 header with options based 13539 * on the abstract ip_pkt_t. 13540 * 13541 * The caller has to set the source and destination address as well as 13542 * ipha_length. The caller has to massage any source route and compensate 13543 * for the ULP pseudo-header checksum due to the source route. 13544 */ 13545 void 13546 ip_build_hdrs_v4(uchar_t *buf, uint_t buf_len, const ip_pkt_t *ipp, 13547 uint8_t protocol) 13548 { 13549 ipha_t *ipha = (ipha_t *)buf; 13550 uint8_t *cp; 13551 13552 /* Initialize IPv4 header */ 13553 ipha->ipha_type_of_service = ipp->ipp_type_of_service; 13554 ipha->ipha_length = 0; /* Caller will set later */ 13555 ipha->ipha_ident = 0; 13556 ipha->ipha_fragment_offset_and_flags = 0; 13557 ipha->ipha_ttl = ipp->ipp_unicast_hops; 13558 ipha->ipha_protocol = protocol; 13559 ipha->ipha_hdr_checksum = 0; 13560 13561 if ((ipp->ipp_fields & IPPF_ADDR) && 13562 IN6_IS_ADDR_V4MAPPED(&ipp->ipp_addr)) 13563 ipha->ipha_src = ipp->ipp_addr_v4; 13564 13565 cp = (uint8_t *)&ipha[1]; 13566 if (ipp->ipp_fields & IPPF_LABEL_V4) { 13567 ASSERT(ipp->ipp_label_len_v4 != 0); 13568 bcopy(ipp->ipp_label_v4, cp, ipp->ipp_label_len_v4); 13569 cp += ipp->ipp_label_len_v4; 13570 /* We need to round up here */ 13571 while ((uintptr_t)cp & 0x3) { 13572 *cp++ = IPOPT_NOP; 13573 } 13574 } 13575 13576 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) { 13577 ASSERT(ipp->ipp_ipv4_options_len != 0); 13578 ASSERT((ipp->ipp_ipv4_options_len & 3) == 0); 13579 bcopy(ipp->ipp_ipv4_options, cp, ipp->ipp_ipv4_options_len); 13580 cp += ipp->ipp_ipv4_options_len; 13581 } 13582 ipha->ipha_version_and_hdr_length = 13583 (uint8_t)((IP_VERSION << 4) + buf_len / 4); 13584 13585 ASSERT((int)(cp - buf) == buf_len); 13586 } 13587 13588 /* Allocate the private structure */ 13589 static int 13590 ip_priv_alloc(void **bufp) 13591 { 13592 void *buf; 13593 13594 if ((buf = kmem_alloc(sizeof (ip_priv_t), KM_NOSLEEP)) == NULL) 13595 return (ENOMEM); 13596 13597 *bufp = buf; 13598 return (0); 13599 } 13600 13601 /* Function to delete the private structure */ 13602 void 13603 ip_priv_free(void *buf) 13604 { 13605 ASSERT(buf != NULL); 13606 kmem_free(buf, sizeof (ip_priv_t)); 13607 } 13608 13609 /* 13610 * The entry point for IPPF processing. 13611 * If the classifier (IPGPC_CLASSIFY) is not loaded and configured, the 13612 * routine just returns. 13613 * 13614 * When called, ip_process generates an ipp_packet_t structure 13615 * which holds the state information for this packet and invokes the 13616 * the classifier (via ipp_packet_process). The classification, depending on 13617 * configured filters, results in a list of actions for this packet. Invoking 13618 * an action may cause the packet to be dropped, in which case we return NULL. 13619 * proc indicates the callout position for 13620 * this packet and ill is the interface this packet arrived on or will leave 13621 * on (inbound and outbound resp.). 13622 * 13623 * We do the processing on the rill (mapped to the upper if ipmp), but MIB 13624 * on the ill corrsponding to the destination IP address. 13625 */ 13626 mblk_t * 13627 ip_process(ip_proc_t proc, mblk_t *mp, ill_t *rill, ill_t *ill) 13628 { 13629 ip_priv_t *priv; 13630 ipp_action_id_t aid; 13631 int rc = 0; 13632 ipp_packet_t *pp; 13633 13634 /* If the classifier is not loaded, return */ 13635 if ((aid = ipp_action_lookup(IPGPC_CLASSIFY)) == IPP_ACTION_INVAL) { 13636 return (mp); 13637 } 13638 13639 ASSERT(mp != NULL); 13640 13641 /* Allocate the packet structure */ 13642 rc = ipp_packet_alloc(&pp, "ip", aid); 13643 if (rc != 0) 13644 goto drop; 13645 13646 /* Allocate the private structure */ 13647 rc = ip_priv_alloc((void **)&priv); 13648 if (rc != 0) { 13649 ipp_packet_free(pp); 13650 goto drop; 13651 } 13652 priv->proc = proc; 13653 priv->ill_index = ill_get_upper_ifindex(rill); 13654 13655 ipp_packet_set_private(pp, priv, ip_priv_free); 13656 ipp_packet_set_data(pp, mp); 13657 13658 /* Invoke the classifier */ 13659 rc = ipp_packet_process(&pp); 13660 if (pp != NULL) { 13661 mp = ipp_packet_get_data(pp); 13662 ipp_packet_free(pp); 13663 if (rc != 0) 13664 goto drop; 13665 return (mp); 13666 } else { 13667 /* No mp to trace in ip_drop_input/ip_drop_output */ 13668 mp = NULL; 13669 } 13670 drop: 13671 if (proc == IPP_LOCAL_IN || proc == IPP_FWD_IN) { 13672 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 13673 ip_drop_input("ip_process", mp, ill); 13674 } else { 13675 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 13676 ip_drop_output("ip_process", mp, ill); 13677 } 13678 freemsg(mp); 13679 return (NULL); 13680 } 13681 13682 /* 13683 * Propagate a multicast group membership operation (add/drop) on 13684 * all the interfaces crossed by the related multirt routes. 13685 * The call is considered successful if the operation succeeds 13686 * on at least one interface. 13687 * 13688 * This assumes that a set of IRE_HOST/RTF_MULTIRT has been created for the 13689 * multicast addresses with the ire argument being the first one. 13690 * We walk the bucket to find all the of those. 13691 * 13692 * Common to IPv4 and IPv6. 13693 */ 13694 static int 13695 ip_multirt_apply_membership(int (*fn)(conn_t *, boolean_t, 13696 const in6_addr_t *, ipaddr_t, uint_t, mcast_record_t, const in6_addr_t *), 13697 ire_t *ire, conn_t *connp, boolean_t checkonly, const in6_addr_t *v6group, 13698 mcast_record_t fmode, const in6_addr_t *v6src) 13699 { 13700 ire_t *ire_gw; 13701 irb_t *irb; 13702 int ifindex; 13703 int error = 0; 13704 int result; 13705 ip_stack_t *ipst = ire->ire_ipst; 13706 ipaddr_t group; 13707 boolean_t isv6; 13708 int match_flags; 13709 13710 if (IN6_IS_ADDR_V4MAPPED(v6group)) { 13711 IN6_V4MAPPED_TO_IPADDR(v6group, group); 13712 isv6 = B_FALSE; 13713 } else { 13714 isv6 = B_TRUE; 13715 } 13716 13717 irb = ire->ire_bucket; 13718 ASSERT(irb != NULL); 13719 13720 result = 0; 13721 irb_refhold(irb); 13722 for (; ire != NULL; ire = ire->ire_next) { 13723 if ((ire->ire_flags & RTF_MULTIRT) == 0) 13724 continue; 13725 13726 /* We handle -ifp routes by matching on the ill if set */ 13727 match_flags = MATCH_IRE_TYPE; 13728 if (ire->ire_ill != NULL) 13729 match_flags |= MATCH_IRE_ILL; 13730 13731 if (isv6) { 13732 if (!IN6_ARE_ADDR_EQUAL(&ire->ire_addr_v6, v6group)) 13733 continue; 13734 13735 ire_gw = ire_ftable_lookup_v6(&ire->ire_gateway_addr_v6, 13736 0, 0, IRE_INTERFACE, ire->ire_ill, ALL_ZONES, NULL, 13737 match_flags, 0, ipst, NULL); 13738 } else { 13739 if (ire->ire_addr != group) 13740 continue; 13741 13742 ire_gw = ire_ftable_lookup_v4(ire->ire_gateway_addr, 13743 0, 0, IRE_INTERFACE, ire->ire_ill, ALL_ZONES, NULL, 13744 match_flags, 0, ipst, NULL); 13745 } 13746 /* No interface route exists for the gateway; skip this ire. */ 13747 if (ire_gw == NULL) 13748 continue; 13749 if (ire_gw->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) { 13750 ire_refrele(ire_gw); 13751 continue; 13752 } 13753 ASSERT(ire_gw->ire_ill != NULL); /* IRE_INTERFACE */ 13754 ifindex = ire_gw->ire_ill->ill_phyint->phyint_ifindex; 13755 13756 /* 13757 * The operation is considered a success if 13758 * it succeeds at least once on any one interface. 13759 */ 13760 error = fn(connp, checkonly, v6group, INADDR_ANY, ifindex, 13761 fmode, v6src); 13762 if (error == 0) 13763 result = CGTP_MCAST_SUCCESS; 13764 13765 ire_refrele(ire_gw); 13766 } 13767 irb_refrele(irb); 13768 /* 13769 * Consider the call as successful if we succeeded on at least 13770 * one interface. Otherwise, return the last encountered error. 13771 */ 13772 return (result == CGTP_MCAST_SUCCESS ? 0 : error); 13773 } 13774 13775 /* 13776 * Return the expected CGTP hooks version number. 13777 */ 13778 int 13779 ip_cgtp_filter_supported(void) 13780 { 13781 return (ip_cgtp_filter_rev); 13782 } 13783 13784 /* 13785 * CGTP hooks can be registered by invoking this function. 13786 * Checks that the version number matches. 13787 */ 13788 int 13789 ip_cgtp_filter_register(netstackid_t stackid, cgtp_filter_ops_t *ops) 13790 { 13791 netstack_t *ns; 13792 ip_stack_t *ipst; 13793 13794 if (ops->cfo_filter_rev != CGTP_FILTER_REV) 13795 return (ENOTSUP); 13796 13797 ns = netstack_find_by_stackid(stackid); 13798 if (ns == NULL) 13799 return (EINVAL); 13800 ipst = ns->netstack_ip; 13801 ASSERT(ipst != NULL); 13802 13803 if (ipst->ips_ip_cgtp_filter_ops != NULL) { 13804 netstack_rele(ns); 13805 return (EALREADY); 13806 } 13807 13808 ipst->ips_ip_cgtp_filter_ops = ops; 13809 13810 ill_set_inputfn_all(ipst); 13811 13812 netstack_rele(ns); 13813 return (0); 13814 } 13815 13816 /* 13817 * CGTP hooks can be unregistered by invoking this function. 13818 * Returns ENXIO if there was no registration. 13819 * Returns EBUSY if the ndd variable has not been turned off. 13820 */ 13821 int 13822 ip_cgtp_filter_unregister(netstackid_t stackid) 13823 { 13824 netstack_t *ns; 13825 ip_stack_t *ipst; 13826 13827 ns = netstack_find_by_stackid(stackid); 13828 if (ns == NULL) 13829 return (EINVAL); 13830 ipst = ns->netstack_ip; 13831 ASSERT(ipst != NULL); 13832 13833 if (ipst->ips_ip_cgtp_filter) { 13834 netstack_rele(ns); 13835 return (EBUSY); 13836 } 13837 13838 if (ipst->ips_ip_cgtp_filter_ops == NULL) { 13839 netstack_rele(ns); 13840 return (ENXIO); 13841 } 13842 ipst->ips_ip_cgtp_filter_ops = NULL; 13843 13844 ill_set_inputfn_all(ipst); 13845 13846 netstack_rele(ns); 13847 return (0); 13848 } 13849 13850 /* 13851 * Check whether there is a CGTP filter registration. 13852 * Returns non-zero if there is a registration, otherwise returns zero. 13853 * Note: returns zero if bad stackid. 13854 */ 13855 int 13856 ip_cgtp_filter_is_registered(netstackid_t stackid) 13857 { 13858 netstack_t *ns; 13859 ip_stack_t *ipst; 13860 int ret; 13861 13862 ns = netstack_find_by_stackid(stackid); 13863 if (ns == NULL) 13864 return (0); 13865 ipst = ns->netstack_ip; 13866 ASSERT(ipst != NULL); 13867 13868 if (ipst->ips_ip_cgtp_filter_ops != NULL) 13869 ret = 1; 13870 else 13871 ret = 0; 13872 13873 netstack_rele(ns); 13874 return (ret); 13875 } 13876 13877 static int 13878 ip_squeue_switch(int val) 13879 { 13880 int rval; 13881 13882 switch (val) { 13883 case IP_SQUEUE_ENTER_NODRAIN: 13884 rval = SQ_NODRAIN; 13885 break; 13886 case IP_SQUEUE_ENTER: 13887 rval = SQ_PROCESS; 13888 break; 13889 case IP_SQUEUE_FILL: 13890 default: 13891 rval = SQ_FILL; 13892 break; 13893 } 13894 return (rval); 13895 } 13896 13897 static void * 13898 ip_kstat2_init(netstackid_t stackid, ip_stat_t *ip_statisticsp) 13899 { 13900 kstat_t *ksp; 13901 13902 ip_stat_t template = { 13903 { "ip_udp_fannorm", KSTAT_DATA_UINT64 }, 13904 { "ip_udp_fanmb", KSTAT_DATA_UINT64 }, 13905 { "ip_recv_pullup", KSTAT_DATA_UINT64 }, 13906 { "ip_db_ref", KSTAT_DATA_UINT64 }, 13907 { "ip_notaligned", KSTAT_DATA_UINT64 }, 13908 { "ip_multimblk", KSTAT_DATA_UINT64 }, 13909 { "ip_opt", KSTAT_DATA_UINT64 }, 13910 { "ipsec_proto_ahesp", KSTAT_DATA_UINT64 }, 13911 { "ip_conn_flputbq", KSTAT_DATA_UINT64 }, 13912 { "ip_conn_walk_drain", KSTAT_DATA_UINT64 }, 13913 { "ip_out_sw_cksum", KSTAT_DATA_UINT64 }, 13914 { "ip_out_sw_cksum_bytes", KSTAT_DATA_UINT64 }, 13915 { "ip_in_sw_cksum", KSTAT_DATA_UINT64 }, 13916 { "ip_ire_reclaim_calls", KSTAT_DATA_UINT64 }, 13917 { "ip_ire_reclaim_deleted", KSTAT_DATA_UINT64 }, 13918 { "ip_nce_reclaim_calls", KSTAT_DATA_UINT64 }, 13919 { "ip_nce_reclaim_deleted", KSTAT_DATA_UINT64 }, 13920 { "ip_dce_reclaim_calls", KSTAT_DATA_UINT64 }, 13921 { "ip_dce_reclaim_deleted", KSTAT_DATA_UINT64 }, 13922 { "ip_tcp_in_full_hw_cksum_err", KSTAT_DATA_UINT64 }, 13923 { "ip_tcp_in_part_hw_cksum_err", KSTAT_DATA_UINT64 }, 13924 { "ip_tcp_in_sw_cksum_err", KSTAT_DATA_UINT64 }, 13925 { "ip_udp_in_full_hw_cksum_err", KSTAT_DATA_UINT64 }, 13926 { "ip_udp_in_part_hw_cksum_err", KSTAT_DATA_UINT64 }, 13927 { "ip_udp_in_sw_cksum_err", KSTAT_DATA_UINT64 }, 13928 { "conn_in_recvdstaddr", KSTAT_DATA_UINT64 }, 13929 { "conn_in_recvopts", KSTAT_DATA_UINT64 }, 13930 { "conn_in_recvif", KSTAT_DATA_UINT64 }, 13931 { "conn_in_recvslla", KSTAT_DATA_UINT64 }, 13932 { "conn_in_recvucred", KSTAT_DATA_UINT64 }, 13933 { "conn_in_recvttl", KSTAT_DATA_UINT64 }, 13934 { "conn_in_recvhopopts", KSTAT_DATA_UINT64 }, 13935 { "conn_in_recvhoplimit", KSTAT_DATA_UINT64 }, 13936 { "conn_in_recvdstopts", KSTAT_DATA_UINT64 }, 13937 { "conn_in_recvrthdrdstopts", KSTAT_DATA_UINT64 }, 13938 { "conn_in_recvrthdr", KSTAT_DATA_UINT64 }, 13939 { "conn_in_recvpktinfo", KSTAT_DATA_UINT64 }, 13940 { "conn_in_recvtclass", KSTAT_DATA_UINT64 }, 13941 { "conn_in_timestamp", KSTAT_DATA_UINT64 }, 13942 }; 13943 13944 ksp = kstat_create_netstack("ip", 0, "ipstat", "net", 13945 KSTAT_TYPE_NAMED, sizeof (template) / sizeof (kstat_named_t), 13946 KSTAT_FLAG_VIRTUAL, stackid); 13947 13948 if (ksp == NULL) 13949 return (NULL); 13950 13951 bcopy(&template, ip_statisticsp, sizeof (template)); 13952 ksp->ks_data = (void *)ip_statisticsp; 13953 ksp->ks_private = (void *)(uintptr_t)stackid; 13954 13955 kstat_install(ksp); 13956 return (ksp); 13957 } 13958 13959 static void 13960 ip_kstat2_fini(netstackid_t stackid, kstat_t *ksp) 13961 { 13962 if (ksp != NULL) { 13963 ASSERT(stackid == (netstackid_t)(uintptr_t)ksp->ks_private); 13964 kstat_delete_netstack(ksp, stackid); 13965 } 13966 } 13967 13968 static void * 13969 ip_kstat_init(netstackid_t stackid, ip_stack_t *ipst) 13970 { 13971 kstat_t *ksp; 13972 13973 ip_named_kstat_t template = { 13974 { "forwarding", KSTAT_DATA_UINT32, 0 }, 13975 { "defaultTTL", KSTAT_DATA_UINT32, 0 }, 13976 { "inReceives", KSTAT_DATA_UINT64, 0 }, 13977 { "inHdrErrors", KSTAT_DATA_UINT32, 0 }, 13978 { "inAddrErrors", KSTAT_DATA_UINT32, 0 }, 13979 { "forwDatagrams", KSTAT_DATA_UINT64, 0 }, 13980 { "inUnknownProtos", KSTAT_DATA_UINT32, 0 }, 13981 { "inDiscards", KSTAT_DATA_UINT32, 0 }, 13982 { "inDelivers", KSTAT_DATA_UINT64, 0 }, 13983 { "outRequests", KSTAT_DATA_UINT64, 0 }, 13984 { "outDiscards", KSTAT_DATA_UINT32, 0 }, 13985 { "outNoRoutes", KSTAT_DATA_UINT32, 0 }, 13986 { "reasmTimeout", KSTAT_DATA_UINT32, 0 }, 13987 { "reasmReqds", KSTAT_DATA_UINT32, 0 }, 13988 { "reasmOKs", KSTAT_DATA_UINT32, 0 }, 13989 { "reasmFails", KSTAT_DATA_UINT32, 0 }, 13990 { "fragOKs", KSTAT_DATA_UINT32, 0 }, 13991 { "fragFails", KSTAT_DATA_UINT32, 0 }, 13992 { "fragCreates", KSTAT_DATA_UINT32, 0 }, 13993 { "addrEntrySize", KSTAT_DATA_INT32, 0 }, 13994 { "routeEntrySize", KSTAT_DATA_INT32, 0 }, 13995 { "netToMediaEntrySize", KSTAT_DATA_INT32, 0 }, 13996 { "routingDiscards", KSTAT_DATA_UINT32, 0 }, 13997 { "inErrs", KSTAT_DATA_UINT32, 0 }, 13998 { "noPorts", KSTAT_DATA_UINT32, 0 }, 13999 { "inCksumErrs", KSTAT_DATA_UINT32, 0 }, 14000 { "reasmDuplicates", KSTAT_DATA_UINT32, 0 }, 14001 { "reasmPartDups", KSTAT_DATA_UINT32, 0 }, 14002 { "forwProhibits", KSTAT_DATA_UINT32, 0 }, 14003 { "udpInCksumErrs", KSTAT_DATA_UINT32, 0 }, 14004 { "udpInOverflows", KSTAT_DATA_UINT32, 0 }, 14005 { "rawipInOverflows", KSTAT_DATA_UINT32, 0 }, 14006 { "ipsecInSucceeded", KSTAT_DATA_UINT32, 0 }, 14007 { "ipsecInFailed", KSTAT_DATA_INT32, 0 }, 14008 { "memberEntrySize", KSTAT_DATA_INT32, 0 }, 14009 { "inIPv6", KSTAT_DATA_UINT32, 0 }, 14010 { "outIPv6", KSTAT_DATA_UINT32, 0 }, 14011 { "outSwitchIPv6", KSTAT_DATA_UINT32, 0 }, 14012 }; 14013 14014 ksp = kstat_create_netstack("ip", 0, "ip", "mib2", KSTAT_TYPE_NAMED, 14015 NUM_OF_FIELDS(ip_named_kstat_t), 0, stackid); 14016 if (ksp == NULL || ksp->ks_data == NULL) 14017 return (NULL); 14018 14019 template.forwarding.value.ui32 = WE_ARE_FORWARDING(ipst) ? 1:2; 14020 template.defaultTTL.value.ui32 = (uint32_t)ipst->ips_ip_def_ttl; 14021 template.reasmTimeout.value.ui32 = ipst->ips_ip_reassembly_timeout; 14022 template.addrEntrySize.value.i32 = sizeof (mib2_ipAddrEntry_t); 14023 template.routeEntrySize.value.i32 = sizeof (mib2_ipRouteEntry_t); 14024 14025 template.netToMediaEntrySize.value.i32 = 14026 sizeof (mib2_ipNetToMediaEntry_t); 14027 14028 template.memberEntrySize.value.i32 = sizeof (ipv6_member_t); 14029 14030 bcopy(&template, ksp->ks_data, sizeof (template)); 14031 ksp->ks_update = ip_kstat_update; 14032 ksp->ks_private = (void *)(uintptr_t)stackid; 14033 14034 kstat_install(ksp); 14035 return (ksp); 14036 } 14037 14038 static void 14039 ip_kstat_fini(netstackid_t stackid, kstat_t *ksp) 14040 { 14041 if (ksp != NULL) { 14042 ASSERT(stackid == (netstackid_t)(uintptr_t)ksp->ks_private); 14043 kstat_delete_netstack(ksp, stackid); 14044 } 14045 } 14046 14047 static int 14048 ip_kstat_update(kstat_t *kp, int rw) 14049 { 14050 ip_named_kstat_t *ipkp; 14051 mib2_ipIfStatsEntry_t ipmib; 14052 ill_walk_context_t ctx; 14053 ill_t *ill; 14054 netstackid_t stackid = (zoneid_t)(uintptr_t)kp->ks_private; 14055 netstack_t *ns; 14056 ip_stack_t *ipst; 14057 14058 if (kp == NULL || kp->ks_data == NULL) 14059 return (EIO); 14060 14061 if (rw == KSTAT_WRITE) 14062 return (EACCES); 14063 14064 ns = netstack_find_by_stackid(stackid); 14065 if (ns == NULL) 14066 return (-1); 14067 ipst = ns->netstack_ip; 14068 if (ipst == NULL) { 14069 netstack_rele(ns); 14070 return (-1); 14071 } 14072 ipkp = (ip_named_kstat_t *)kp->ks_data; 14073 14074 bcopy(&ipst->ips_ip_mib, &ipmib, sizeof (ipmib)); 14075 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 14076 ill = ILL_START_WALK_V4(&ctx, ipst); 14077 for (; ill != NULL; ill = ill_next(&ctx, ill)) 14078 ip_mib2_add_ip_stats(&ipmib, ill->ill_ip_mib); 14079 rw_exit(&ipst->ips_ill_g_lock); 14080 14081 ipkp->forwarding.value.ui32 = ipmib.ipIfStatsForwarding; 14082 ipkp->defaultTTL.value.ui32 = ipmib.ipIfStatsDefaultTTL; 14083 ipkp->inReceives.value.ui64 = ipmib.ipIfStatsHCInReceives; 14084 ipkp->inHdrErrors.value.ui32 = ipmib.ipIfStatsInHdrErrors; 14085 ipkp->inAddrErrors.value.ui32 = ipmib.ipIfStatsInAddrErrors; 14086 ipkp->forwDatagrams.value.ui64 = ipmib.ipIfStatsHCOutForwDatagrams; 14087 ipkp->inUnknownProtos.value.ui32 = ipmib.ipIfStatsInUnknownProtos; 14088 ipkp->inDiscards.value.ui32 = ipmib.ipIfStatsInDiscards; 14089 ipkp->inDelivers.value.ui64 = ipmib.ipIfStatsHCInDelivers; 14090 ipkp->outRequests.value.ui64 = ipmib.ipIfStatsHCOutRequests; 14091 ipkp->outDiscards.value.ui32 = ipmib.ipIfStatsOutDiscards; 14092 ipkp->outNoRoutes.value.ui32 = ipmib.ipIfStatsOutNoRoutes; 14093 ipkp->reasmTimeout.value.ui32 = ipst->ips_ip_reassembly_timeout; 14094 ipkp->reasmReqds.value.ui32 = ipmib.ipIfStatsReasmReqds; 14095 ipkp->reasmOKs.value.ui32 = ipmib.ipIfStatsReasmOKs; 14096 ipkp->reasmFails.value.ui32 = ipmib.ipIfStatsReasmFails; 14097 ipkp->fragOKs.value.ui32 = ipmib.ipIfStatsOutFragOKs; 14098 ipkp->fragFails.value.ui32 = ipmib.ipIfStatsOutFragFails; 14099 ipkp->fragCreates.value.ui32 = ipmib.ipIfStatsOutFragCreates; 14100 14101 ipkp->routingDiscards.value.ui32 = 0; 14102 ipkp->inErrs.value.ui32 = ipmib.tcpIfStatsInErrs; 14103 ipkp->noPorts.value.ui32 = ipmib.udpIfStatsNoPorts; 14104 ipkp->inCksumErrs.value.ui32 = ipmib.ipIfStatsInCksumErrs; 14105 ipkp->reasmDuplicates.value.ui32 = ipmib.ipIfStatsReasmDuplicates; 14106 ipkp->reasmPartDups.value.ui32 = ipmib.ipIfStatsReasmPartDups; 14107 ipkp->forwProhibits.value.ui32 = ipmib.ipIfStatsForwProhibits; 14108 ipkp->udpInCksumErrs.value.ui32 = ipmib.udpIfStatsInCksumErrs; 14109 ipkp->udpInOverflows.value.ui32 = ipmib.udpIfStatsInOverflows; 14110 ipkp->rawipInOverflows.value.ui32 = ipmib.rawipIfStatsInOverflows; 14111 ipkp->ipsecInSucceeded.value.ui32 = ipmib.ipsecIfStatsInSucceeded; 14112 ipkp->ipsecInFailed.value.i32 = ipmib.ipsecIfStatsInFailed; 14113 14114 ipkp->inIPv6.value.ui32 = ipmib.ipIfStatsInWrongIPVersion; 14115 ipkp->outIPv6.value.ui32 = ipmib.ipIfStatsOutWrongIPVersion; 14116 ipkp->outSwitchIPv6.value.ui32 = ipmib.ipIfStatsOutSwitchIPVersion; 14117 14118 netstack_rele(ns); 14119 14120 return (0); 14121 } 14122 14123 static void * 14124 icmp_kstat_init(netstackid_t stackid) 14125 { 14126 kstat_t *ksp; 14127 14128 icmp_named_kstat_t template = { 14129 { "inMsgs", KSTAT_DATA_UINT32 }, 14130 { "inErrors", KSTAT_DATA_UINT32 }, 14131 { "inDestUnreachs", KSTAT_DATA_UINT32 }, 14132 { "inTimeExcds", KSTAT_DATA_UINT32 }, 14133 { "inParmProbs", KSTAT_DATA_UINT32 }, 14134 { "inSrcQuenchs", KSTAT_DATA_UINT32 }, 14135 { "inRedirects", KSTAT_DATA_UINT32 }, 14136 { "inEchos", KSTAT_DATA_UINT32 }, 14137 { "inEchoReps", KSTAT_DATA_UINT32 }, 14138 { "inTimestamps", KSTAT_DATA_UINT32 }, 14139 { "inTimestampReps", KSTAT_DATA_UINT32 }, 14140 { "inAddrMasks", KSTAT_DATA_UINT32 }, 14141 { "inAddrMaskReps", KSTAT_DATA_UINT32 }, 14142 { "outMsgs", KSTAT_DATA_UINT32 }, 14143 { "outErrors", KSTAT_DATA_UINT32 }, 14144 { "outDestUnreachs", KSTAT_DATA_UINT32 }, 14145 { "outTimeExcds", KSTAT_DATA_UINT32 }, 14146 { "outParmProbs", KSTAT_DATA_UINT32 }, 14147 { "outSrcQuenchs", KSTAT_DATA_UINT32 }, 14148 { "outRedirects", KSTAT_DATA_UINT32 }, 14149 { "outEchos", KSTAT_DATA_UINT32 }, 14150 { "outEchoReps", KSTAT_DATA_UINT32 }, 14151 { "outTimestamps", KSTAT_DATA_UINT32 }, 14152 { "outTimestampReps", KSTAT_DATA_UINT32 }, 14153 { "outAddrMasks", KSTAT_DATA_UINT32 }, 14154 { "outAddrMaskReps", KSTAT_DATA_UINT32 }, 14155 { "inChksumErrs", KSTAT_DATA_UINT32 }, 14156 { "inUnknowns", KSTAT_DATA_UINT32 }, 14157 { "inFragNeeded", KSTAT_DATA_UINT32 }, 14158 { "outFragNeeded", KSTAT_DATA_UINT32 }, 14159 { "outDrops", KSTAT_DATA_UINT32 }, 14160 { "inOverFlows", KSTAT_DATA_UINT32 }, 14161 { "inBadRedirects", KSTAT_DATA_UINT32 }, 14162 }; 14163 14164 ksp = kstat_create_netstack("ip", 0, "icmp", "mib2", KSTAT_TYPE_NAMED, 14165 NUM_OF_FIELDS(icmp_named_kstat_t), 0, stackid); 14166 if (ksp == NULL || ksp->ks_data == NULL) 14167 return (NULL); 14168 14169 bcopy(&template, ksp->ks_data, sizeof (template)); 14170 14171 ksp->ks_update = icmp_kstat_update; 14172 ksp->ks_private = (void *)(uintptr_t)stackid; 14173 14174 kstat_install(ksp); 14175 return (ksp); 14176 } 14177 14178 static void 14179 icmp_kstat_fini(netstackid_t stackid, kstat_t *ksp) 14180 { 14181 if (ksp != NULL) { 14182 ASSERT(stackid == (netstackid_t)(uintptr_t)ksp->ks_private); 14183 kstat_delete_netstack(ksp, stackid); 14184 } 14185 } 14186 14187 static int 14188 icmp_kstat_update(kstat_t *kp, int rw) 14189 { 14190 icmp_named_kstat_t *icmpkp; 14191 netstackid_t stackid = (zoneid_t)(uintptr_t)kp->ks_private; 14192 netstack_t *ns; 14193 ip_stack_t *ipst; 14194 14195 if ((kp == NULL) || (kp->ks_data == NULL)) 14196 return (EIO); 14197 14198 if (rw == KSTAT_WRITE) 14199 return (EACCES); 14200 14201 ns = netstack_find_by_stackid(stackid); 14202 if (ns == NULL) 14203 return (-1); 14204 ipst = ns->netstack_ip; 14205 if (ipst == NULL) { 14206 netstack_rele(ns); 14207 return (-1); 14208 } 14209 icmpkp = (icmp_named_kstat_t *)kp->ks_data; 14210 14211 icmpkp->inMsgs.value.ui32 = ipst->ips_icmp_mib.icmpInMsgs; 14212 icmpkp->inErrors.value.ui32 = ipst->ips_icmp_mib.icmpInErrors; 14213 icmpkp->inDestUnreachs.value.ui32 = 14214 ipst->ips_icmp_mib.icmpInDestUnreachs; 14215 icmpkp->inTimeExcds.value.ui32 = ipst->ips_icmp_mib.icmpInTimeExcds; 14216 icmpkp->inParmProbs.value.ui32 = ipst->ips_icmp_mib.icmpInParmProbs; 14217 icmpkp->inSrcQuenchs.value.ui32 = ipst->ips_icmp_mib.icmpInSrcQuenchs; 14218 icmpkp->inRedirects.value.ui32 = ipst->ips_icmp_mib.icmpInRedirects; 14219 icmpkp->inEchos.value.ui32 = ipst->ips_icmp_mib.icmpInEchos; 14220 icmpkp->inEchoReps.value.ui32 = ipst->ips_icmp_mib.icmpInEchoReps; 14221 icmpkp->inTimestamps.value.ui32 = ipst->ips_icmp_mib.icmpInTimestamps; 14222 icmpkp->inTimestampReps.value.ui32 = 14223 ipst->ips_icmp_mib.icmpInTimestampReps; 14224 icmpkp->inAddrMasks.value.ui32 = ipst->ips_icmp_mib.icmpInAddrMasks; 14225 icmpkp->inAddrMaskReps.value.ui32 = 14226 ipst->ips_icmp_mib.icmpInAddrMaskReps; 14227 icmpkp->outMsgs.value.ui32 = ipst->ips_icmp_mib.icmpOutMsgs; 14228 icmpkp->outErrors.value.ui32 = ipst->ips_icmp_mib.icmpOutErrors; 14229 icmpkp->outDestUnreachs.value.ui32 = 14230 ipst->ips_icmp_mib.icmpOutDestUnreachs; 14231 icmpkp->outTimeExcds.value.ui32 = ipst->ips_icmp_mib.icmpOutTimeExcds; 14232 icmpkp->outParmProbs.value.ui32 = ipst->ips_icmp_mib.icmpOutParmProbs; 14233 icmpkp->outSrcQuenchs.value.ui32 = 14234 ipst->ips_icmp_mib.icmpOutSrcQuenchs; 14235 icmpkp->outRedirects.value.ui32 = ipst->ips_icmp_mib.icmpOutRedirects; 14236 icmpkp->outEchos.value.ui32 = ipst->ips_icmp_mib.icmpOutEchos; 14237 icmpkp->outEchoReps.value.ui32 = ipst->ips_icmp_mib.icmpOutEchoReps; 14238 icmpkp->outTimestamps.value.ui32 = 14239 ipst->ips_icmp_mib.icmpOutTimestamps; 14240 icmpkp->outTimestampReps.value.ui32 = 14241 ipst->ips_icmp_mib.icmpOutTimestampReps; 14242 icmpkp->outAddrMasks.value.ui32 = 14243 ipst->ips_icmp_mib.icmpOutAddrMasks; 14244 icmpkp->outAddrMaskReps.value.ui32 = 14245 ipst->ips_icmp_mib.icmpOutAddrMaskReps; 14246 icmpkp->inCksumErrs.value.ui32 = ipst->ips_icmp_mib.icmpInCksumErrs; 14247 icmpkp->inUnknowns.value.ui32 = ipst->ips_icmp_mib.icmpInUnknowns; 14248 icmpkp->inFragNeeded.value.ui32 = ipst->ips_icmp_mib.icmpInFragNeeded; 14249 icmpkp->outFragNeeded.value.ui32 = 14250 ipst->ips_icmp_mib.icmpOutFragNeeded; 14251 icmpkp->outDrops.value.ui32 = ipst->ips_icmp_mib.icmpOutDrops; 14252 icmpkp->inOverflows.value.ui32 = ipst->ips_icmp_mib.icmpInOverflows; 14253 icmpkp->inBadRedirects.value.ui32 = 14254 ipst->ips_icmp_mib.icmpInBadRedirects; 14255 14256 netstack_rele(ns); 14257 return (0); 14258 } 14259 14260 /* 14261 * This is the fanout function for raw socket opened for SCTP. Note 14262 * that it is called after SCTP checks that there is no socket which 14263 * wants a packet. Then before SCTP handles this out of the blue packet, 14264 * this function is called to see if there is any raw socket for SCTP. 14265 * If there is and it is bound to the correct address, the packet will 14266 * be sent to that socket. Note that only one raw socket can be bound to 14267 * a port. This is assured in ipcl_sctp_hash_insert(); 14268 */ 14269 void 14270 ip_fanout_sctp_raw(mblk_t *mp, ipha_t *ipha, ip6_t *ip6h, uint32_t ports, 14271 ip_recv_attr_t *ira) 14272 { 14273 conn_t *connp; 14274 queue_t *rq; 14275 boolean_t secure; 14276 ill_t *ill = ira->ira_ill; 14277 ip_stack_t *ipst = ill->ill_ipst; 14278 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec; 14279 sctp_stack_t *sctps = ipst->ips_netstack->netstack_sctp; 14280 iaflags_t iraflags = ira->ira_flags; 14281 ill_t *rill = ira->ira_rill; 14282 14283 secure = iraflags & IRAF_IPSEC_SECURE; 14284 14285 connp = ipcl_classify_raw(mp, IPPROTO_SCTP, ports, ipha, ip6h, 14286 ira, ipst); 14287 if (connp == NULL) { 14288 /* 14289 * Although raw sctp is not summed, OOB chunks must be. 14290 * Drop the packet here if the sctp checksum failed. 14291 */ 14292 if (iraflags & IRAF_SCTP_CSUM_ERR) { 14293 SCTPS_BUMP_MIB(sctps, sctpChecksumError); 14294 freemsg(mp); 14295 return; 14296 } 14297 ira->ira_ill = ira->ira_rill = NULL; 14298 sctp_ootb_input(mp, ira, ipst); 14299 ira->ira_ill = ill; 14300 ira->ira_rill = rill; 14301 return; 14302 } 14303 rq = connp->conn_rq; 14304 if (IPCL_IS_NONSTR(connp) ? connp->conn_flow_cntrld : !canputnext(rq)) { 14305 CONN_DEC_REF(connp); 14306 BUMP_MIB(ill->ill_ip_mib, rawipIfStatsInOverflows); 14307 freemsg(mp); 14308 return; 14309 } 14310 if (((iraflags & IRAF_IS_IPV4) ? 14311 CONN_INBOUND_POLICY_PRESENT(connp, ipss) : 14312 CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss)) || 14313 secure) { 14314 mp = ipsec_check_inbound_policy(mp, connp, ipha, 14315 ip6h, ira); 14316 if (mp == NULL) { 14317 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 14318 /* Note that mp is NULL */ 14319 ip_drop_input("ipIfStatsInDiscards", mp, ill); 14320 CONN_DEC_REF(connp); 14321 return; 14322 } 14323 } 14324 14325 if (iraflags & IRAF_ICMP_ERROR) { 14326 (connp->conn_recvicmp)(connp, mp, NULL, ira); 14327 } else { 14328 ill_t *rill = ira->ira_rill; 14329 14330 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers); 14331 /* This is the SOCK_RAW, IPPROTO_SCTP case. */ 14332 ira->ira_ill = ira->ira_rill = NULL; 14333 (connp->conn_recv)(connp, mp, NULL, ira); 14334 ira->ira_ill = ill; 14335 ira->ira_rill = rill; 14336 } 14337 CONN_DEC_REF(connp); 14338 } 14339 14340 /* 14341 * Free a packet that has the link-layer dl_unitdata_req_t or fast-path 14342 * header before the ip payload. 14343 */ 14344 static void 14345 ip_xmit_flowctl_drop(ill_t *ill, mblk_t *mp, boolean_t is_fp_mp, int fp_mp_len) 14346 { 14347 int len = (mp->b_wptr - mp->b_rptr); 14348 mblk_t *ip_mp; 14349 14350 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 14351 if (is_fp_mp || len != fp_mp_len) { 14352 if (len > fp_mp_len) { 14353 /* 14354 * fastpath header and ip header in the first mblk 14355 */ 14356 mp->b_rptr += fp_mp_len; 14357 } else { 14358 /* 14359 * ip_xmit_attach_llhdr had to prepend an mblk to 14360 * attach the fastpath header before ip header. 14361 */ 14362 ip_mp = mp->b_cont; 14363 freeb(mp); 14364 mp = ip_mp; 14365 mp->b_rptr += (fp_mp_len - len); 14366 } 14367 } else { 14368 ip_mp = mp->b_cont; 14369 freeb(mp); 14370 mp = ip_mp; 14371 } 14372 ip_drop_output("ipIfStatsOutDiscards - flow ctl", mp, ill); 14373 freemsg(mp); 14374 } 14375 14376 /* 14377 * Normal post fragmentation function. 14378 * 14379 * Send a packet using the passed in nce. This handles both IPv4 and IPv6 14380 * using the same state machine. 14381 * 14382 * We return an error on failure. In particular we return EWOULDBLOCK 14383 * when the driver flow controls. In that case this ensures that ip_wsrv runs 14384 * (currently by canputnext failure resulting in backenabling from GLD.) 14385 * This allows the callers of conn_ip_output() to use EWOULDBLOCK as an 14386 * indication that they can flow control until ip_wsrv() tells then to restart. 14387 * 14388 * If the nce passed by caller is incomplete, this function 14389 * queues the packet and if necessary, sends ARP request and bails. 14390 * If the Neighbor Cache passed is fully resolved, we simply prepend 14391 * the link-layer header to the packet, do ipsec hw acceleration 14392 * work if necessary, and send the packet out on the wire. 14393 */ 14394 /* ARGSUSED6 */ 14395 int 14396 ip_xmit(mblk_t *mp, nce_t *nce, iaflags_t ixaflags, uint_t pkt_len, 14397 uint32_t xmit_hint, zoneid_t szone, zoneid_t nolzid, uintptr_t *ixacookie) 14398 { 14399 queue_t *wq; 14400 ill_t *ill = nce->nce_ill; 14401 ip_stack_t *ipst = ill->ill_ipst; 14402 uint64_t delta; 14403 boolean_t isv6 = ill->ill_isv6; 14404 boolean_t fp_mp; 14405 ncec_t *ncec = nce->nce_common; 14406 int64_t now = LBOLT_FASTPATH64; 14407 boolean_t is_probe; 14408 14409 DTRACE_PROBE1(ip__xmit, nce_t *, nce); 14410 14411 ASSERT(mp != NULL); 14412 ASSERT(mp->b_datap->db_type == M_DATA); 14413 ASSERT(pkt_len == msgdsize(mp)); 14414 14415 /* 14416 * If we have already been here and are coming back after ARP/ND. 14417 * the IXAF_NO_TRACE flag is set. We skip FW_HOOKS, DTRACE and ipobs 14418 * in that case since they have seen the packet when it came here 14419 * the first time. 14420 */ 14421 if (ixaflags & IXAF_NO_TRACE) 14422 goto sendit; 14423 14424 if (ixaflags & IXAF_IS_IPV4) { 14425 ipha_t *ipha = (ipha_t *)mp->b_rptr; 14426 14427 ASSERT(!isv6); 14428 ASSERT(pkt_len == ntohs(((ipha_t *)mp->b_rptr)->ipha_length)); 14429 if (HOOKS4_INTERESTED_PHYSICAL_OUT(ipst) && 14430 !(ixaflags & IXAF_NO_PFHOOK)) { 14431 int error; 14432 14433 FW_HOOKS(ipst->ips_ip4_physical_out_event, 14434 ipst->ips_ipv4firewall_physical_out, 14435 NULL, ill, ipha, mp, mp, 0, ipst, error); 14436 DTRACE_PROBE1(ip4__physical__out__end, 14437 mblk_t *, mp); 14438 if (mp == NULL) 14439 return (error); 14440 14441 /* The length could have changed */ 14442 pkt_len = msgdsize(mp); 14443 } 14444 if (ipst->ips_ip4_observe.he_interested) { 14445 /* 14446 * Note that for TX the zoneid is the sending 14447 * zone, whether or not MLP is in play. 14448 * Since the szone argument is the IP zoneid (i.e., 14449 * zero for exclusive-IP zones) and ipobs wants 14450 * the system zoneid, we map it here. 14451 */ 14452 szone = IP_REAL_ZONEID(szone, ipst); 14453 14454 /* 14455 * On the outbound path the destination zone will be 14456 * unknown as we're sending this packet out on the 14457 * wire. 14458 */ 14459 ipobs_hook(mp, IPOBS_HOOK_OUTBOUND, szone, ALL_ZONES, 14460 ill, ipst); 14461 } 14462 DTRACE_IP7(send, mblk_t *, mp, conn_t *, NULL, 14463 void_ip_t *, ipha, __dtrace_ipsr_ill_t *, ill, 14464 ipha_t *, ipha, ip6_t *, NULL, int, 0); 14465 } else { 14466 ip6_t *ip6h = (ip6_t *)mp->b_rptr; 14467 14468 ASSERT(isv6); 14469 ASSERT(pkt_len == 14470 ntohs(((ip6_t *)mp->b_rptr)->ip6_plen) + IPV6_HDR_LEN); 14471 if (HOOKS6_INTERESTED_PHYSICAL_OUT(ipst) && 14472 !(ixaflags & IXAF_NO_PFHOOK)) { 14473 int error; 14474 14475 FW_HOOKS6(ipst->ips_ip6_physical_out_event, 14476 ipst->ips_ipv6firewall_physical_out, 14477 NULL, ill, ip6h, mp, mp, 0, ipst, error); 14478 DTRACE_PROBE1(ip6__physical__out__end, 14479 mblk_t *, mp); 14480 if (mp == NULL) 14481 return (error); 14482 14483 /* The length could have changed */ 14484 pkt_len = msgdsize(mp); 14485 } 14486 if (ipst->ips_ip6_observe.he_interested) { 14487 /* See above */ 14488 szone = IP_REAL_ZONEID(szone, ipst); 14489 14490 ipobs_hook(mp, IPOBS_HOOK_OUTBOUND, szone, ALL_ZONES, 14491 ill, ipst); 14492 } 14493 DTRACE_IP7(send, mblk_t *, mp, conn_t *, NULL, 14494 void_ip_t *, ip6h, __dtrace_ipsr_ill_t *, ill, 14495 ipha_t *, NULL, ip6_t *, ip6h, int, 0); 14496 } 14497 14498 sendit: 14499 /* 14500 * We check the state without a lock because the state can never 14501 * move "backwards" to initial or incomplete. 14502 */ 14503 switch (ncec->ncec_state) { 14504 case ND_REACHABLE: 14505 case ND_STALE: 14506 case ND_DELAY: 14507 case ND_PROBE: 14508 mp = ip_xmit_attach_llhdr(mp, nce); 14509 if (mp == NULL) { 14510 /* 14511 * ip_xmit_attach_llhdr has increased 14512 * ipIfStatsOutDiscards and called ip_drop_output() 14513 */ 14514 return (ENOBUFS); 14515 } 14516 /* 14517 * check if nce_fastpath completed and we tagged on a 14518 * copy of nce_fp_mp in ip_xmit_attach_llhdr(). 14519 */ 14520 fp_mp = (mp->b_datap->db_type == M_DATA); 14521 14522 if (fp_mp && 14523 (ill->ill_capabilities & ILL_CAPAB_DLD_DIRECT)) { 14524 ill_dld_direct_t *idd; 14525 14526 idd = &ill->ill_dld_capab->idc_direct; 14527 /* 14528 * Send the packet directly to DLD, where it 14529 * may be queued depending on the availability 14530 * of transmit resources at the media layer. 14531 * Return value should be taken into 14532 * account and flow control the TCP. 14533 */ 14534 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutTransmits); 14535 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCOutOctets, 14536 pkt_len); 14537 14538 if (ixaflags & IXAF_NO_DEV_FLOW_CTL) { 14539 (void) idd->idd_tx_df(idd->idd_tx_dh, mp, 14540 (uintptr_t)xmit_hint, IP_DROP_ON_NO_DESC); 14541 } else { 14542 uintptr_t cookie; 14543 14544 if ((cookie = idd->idd_tx_df(idd->idd_tx_dh, 14545 mp, (uintptr_t)xmit_hint, 0)) != 0) { 14546 if (ixacookie != NULL) 14547 *ixacookie = cookie; 14548 return (EWOULDBLOCK); 14549 } 14550 } 14551 } else { 14552 wq = ill->ill_wq; 14553 14554 if (!(ixaflags & IXAF_NO_DEV_FLOW_CTL) && 14555 !canputnext(wq)) { 14556 if (ixacookie != NULL) 14557 *ixacookie = 0; 14558 ip_xmit_flowctl_drop(ill, mp, fp_mp, 14559 nce->nce_fp_mp != NULL ? 14560 MBLKL(nce->nce_fp_mp) : 0); 14561 return (EWOULDBLOCK); 14562 } 14563 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutTransmits); 14564 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCOutOctets, 14565 pkt_len); 14566 putnext(wq, mp); 14567 } 14568 14569 /* 14570 * The rest of this function implements Neighbor Unreachability 14571 * detection. Determine if the ncec is eligible for NUD. 14572 */ 14573 if (ncec->ncec_flags & NCE_F_NONUD) 14574 return (0); 14575 14576 ASSERT(ncec->ncec_state != ND_INCOMPLETE); 14577 14578 /* 14579 * Check for upper layer advice 14580 */ 14581 if (ixaflags & IXAF_REACH_CONF) { 14582 timeout_id_t tid; 14583 14584 /* 14585 * It should be o.k. to check the state without 14586 * a lock here, at most we lose an advice. 14587 */ 14588 ncec->ncec_last = TICK_TO_MSEC(now); 14589 if (ncec->ncec_state != ND_REACHABLE) { 14590 mutex_enter(&ncec->ncec_lock); 14591 ncec->ncec_state = ND_REACHABLE; 14592 tid = ncec->ncec_timeout_id; 14593 ncec->ncec_timeout_id = 0; 14594 mutex_exit(&ncec->ncec_lock); 14595 (void) untimeout(tid); 14596 if (ip_debug > 2) { 14597 /* ip1dbg */ 14598 pr_addr_dbg("ip_xmit: state" 14599 " for %s changed to" 14600 " REACHABLE\n", AF_INET6, 14601 &ncec->ncec_addr); 14602 } 14603 } 14604 return (0); 14605 } 14606 14607 delta = TICK_TO_MSEC(now) - ncec->ncec_last; 14608 ip1dbg(("ip_xmit: delta = %" PRId64 14609 " ill_reachable_time = %d \n", delta, 14610 ill->ill_reachable_time)); 14611 if (delta > (uint64_t)ill->ill_reachable_time) { 14612 mutex_enter(&ncec->ncec_lock); 14613 switch (ncec->ncec_state) { 14614 case ND_REACHABLE: 14615 ASSERT((ncec->ncec_flags & NCE_F_NONUD) == 0); 14616 /* FALLTHROUGH */ 14617 case ND_STALE: 14618 /* 14619 * ND_REACHABLE is identical to 14620 * ND_STALE in this specific case. If 14621 * reachable time has expired for this 14622 * neighbor (delta is greater than 14623 * reachable time), conceptually, the 14624 * neighbor cache is no longer in 14625 * REACHABLE state, but already in 14626 * STALE state. So the correct 14627 * transition here is to ND_DELAY. 14628 */ 14629 ncec->ncec_state = ND_DELAY; 14630 mutex_exit(&ncec->ncec_lock); 14631 nce_restart_timer(ncec, 14632 ipst->ips_delay_first_probe_time); 14633 if (ip_debug > 3) { 14634 /* ip2dbg */ 14635 pr_addr_dbg("ip_xmit: state" 14636 " for %s changed to" 14637 " DELAY\n", AF_INET6, 14638 &ncec->ncec_addr); 14639 } 14640 break; 14641 case ND_DELAY: 14642 case ND_PROBE: 14643 mutex_exit(&ncec->ncec_lock); 14644 /* Timers have already started */ 14645 break; 14646 case ND_UNREACHABLE: 14647 /* 14648 * nce_timer has detected that this ncec 14649 * is unreachable and initiated deleting 14650 * this ncec. 14651 * This is a harmless race where we found the 14652 * ncec before it was deleted and have 14653 * just sent out a packet using this 14654 * unreachable ncec. 14655 */ 14656 mutex_exit(&ncec->ncec_lock); 14657 break; 14658 default: 14659 ASSERT(0); 14660 mutex_exit(&ncec->ncec_lock); 14661 } 14662 } 14663 return (0); 14664 14665 case ND_INCOMPLETE: 14666 /* 14667 * the state could have changed since we didn't hold the lock. 14668 * Re-verify state under lock. 14669 */ 14670 is_probe = ipmp_packet_is_probe(mp, nce->nce_ill); 14671 mutex_enter(&ncec->ncec_lock); 14672 if (NCE_ISREACHABLE(ncec)) { 14673 mutex_exit(&ncec->ncec_lock); 14674 goto sendit; 14675 } 14676 /* queue the packet */ 14677 nce_queue_mp(ncec, mp, is_probe); 14678 mutex_exit(&ncec->ncec_lock); 14679 DTRACE_PROBE2(ip__xmit__incomplete, 14680 (ncec_t *), ncec, (mblk_t *), mp); 14681 return (0); 14682 14683 case ND_INITIAL: 14684 /* 14685 * State could have changed since we didn't hold the lock, so 14686 * re-verify state. 14687 */ 14688 is_probe = ipmp_packet_is_probe(mp, nce->nce_ill); 14689 mutex_enter(&ncec->ncec_lock); 14690 if (NCE_ISREACHABLE(ncec)) { 14691 mutex_exit(&ncec->ncec_lock); 14692 goto sendit; 14693 } 14694 nce_queue_mp(ncec, mp, is_probe); 14695 if (ncec->ncec_state == ND_INITIAL) { 14696 ncec->ncec_state = ND_INCOMPLETE; 14697 mutex_exit(&ncec->ncec_lock); 14698 /* 14699 * figure out the source we want to use 14700 * and resolve it. 14701 */ 14702 ip_ndp_resolve(ncec); 14703 } else { 14704 mutex_exit(&ncec->ncec_lock); 14705 } 14706 return (0); 14707 14708 case ND_UNREACHABLE: 14709 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 14710 ip_drop_output("ipIfStatsOutDiscards - ND_UNREACHABLE", 14711 mp, ill); 14712 freemsg(mp); 14713 return (0); 14714 14715 default: 14716 ASSERT(0); 14717 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 14718 ip_drop_output("ipIfStatsOutDiscards - ND_other", 14719 mp, ill); 14720 freemsg(mp); 14721 return (ENETUNREACH); 14722 } 14723 } 14724 14725 /* 14726 * Return B_TRUE if the buffers differ in length or content. 14727 * This is used for comparing extension header buffers. 14728 * Note that an extension header would be declared different 14729 * even if all that changed was the next header value in that header i.e. 14730 * what really changed is the next extension header. 14731 */ 14732 boolean_t 14733 ip_cmpbuf(const void *abuf, uint_t alen, boolean_t b_valid, const void *bbuf, 14734 uint_t blen) 14735 { 14736 if (!b_valid) 14737 blen = 0; 14738 14739 if (alen != blen) 14740 return (B_TRUE); 14741 if (alen == 0) 14742 return (B_FALSE); /* Both zero length */ 14743 return (bcmp(abuf, bbuf, alen)); 14744 } 14745 14746 /* 14747 * Preallocate memory for ip_savebuf(). Returns B_TRUE if ok. 14748 * Return B_FALSE if memory allocation fails - don't change any state! 14749 */ 14750 boolean_t 14751 ip_allocbuf(void **dstp, uint_t *dstlenp, boolean_t src_valid, 14752 const void *src, uint_t srclen) 14753 { 14754 void *dst; 14755 14756 if (!src_valid) 14757 srclen = 0; 14758 14759 ASSERT(*dstlenp == 0); 14760 if (src != NULL && srclen != 0) { 14761 dst = mi_alloc(srclen, BPRI_MED); 14762 if (dst == NULL) 14763 return (B_FALSE); 14764 } else { 14765 dst = NULL; 14766 } 14767 if (*dstp != NULL) 14768 mi_free(*dstp); 14769 *dstp = dst; 14770 *dstlenp = dst == NULL ? 0 : srclen; 14771 return (B_TRUE); 14772 } 14773 14774 /* 14775 * Replace what is in *dst, *dstlen with the source. 14776 * Assumes ip_allocbuf has already been called. 14777 */ 14778 void 14779 ip_savebuf(void **dstp, uint_t *dstlenp, boolean_t src_valid, 14780 const void *src, uint_t srclen) 14781 { 14782 if (!src_valid) 14783 srclen = 0; 14784 14785 ASSERT(*dstlenp == srclen); 14786 if (src != NULL && srclen != 0) 14787 bcopy(src, *dstp, srclen); 14788 } 14789 14790 /* 14791 * Free the storage pointed to by the members of an ip_pkt_t. 14792 */ 14793 void 14794 ip_pkt_free(ip_pkt_t *ipp) 14795 { 14796 uint_t fields = ipp->ipp_fields; 14797 14798 if (fields & IPPF_HOPOPTS) { 14799 kmem_free(ipp->ipp_hopopts, ipp->ipp_hopoptslen); 14800 ipp->ipp_hopopts = NULL; 14801 ipp->ipp_hopoptslen = 0; 14802 } 14803 if (fields & IPPF_RTHDRDSTOPTS) { 14804 kmem_free(ipp->ipp_rthdrdstopts, ipp->ipp_rthdrdstoptslen); 14805 ipp->ipp_rthdrdstopts = NULL; 14806 ipp->ipp_rthdrdstoptslen = 0; 14807 } 14808 if (fields & IPPF_DSTOPTS) { 14809 kmem_free(ipp->ipp_dstopts, ipp->ipp_dstoptslen); 14810 ipp->ipp_dstopts = NULL; 14811 ipp->ipp_dstoptslen = 0; 14812 } 14813 if (fields & IPPF_RTHDR) { 14814 kmem_free(ipp->ipp_rthdr, ipp->ipp_rthdrlen); 14815 ipp->ipp_rthdr = NULL; 14816 ipp->ipp_rthdrlen = 0; 14817 } 14818 if (fields & IPPF_IPV4_OPTIONS) { 14819 kmem_free(ipp->ipp_ipv4_options, ipp->ipp_ipv4_options_len); 14820 ipp->ipp_ipv4_options = NULL; 14821 ipp->ipp_ipv4_options_len = 0; 14822 } 14823 if (fields & IPPF_LABEL_V4) { 14824 kmem_free(ipp->ipp_label_v4, ipp->ipp_label_len_v4); 14825 ipp->ipp_label_v4 = NULL; 14826 ipp->ipp_label_len_v4 = 0; 14827 } 14828 if (fields & IPPF_LABEL_V6) { 14829 kmem_free(ipp->ipp_label_v6, ipp->ipp_label_len_v6); 14830 ipp->ipp_label_v6 = NULL; 14831 ipp->ipp_label_len_v6 = 0; 14832 } 14833 ipp->ipp_fields &= ~(IPPF_HOPOPTS | IPPF_RTHDRDSTOPTS | IPPF_DSTOPTS | 14834 IPPF_RTHDR | IPPF_IPV4_OPTIONS | IPPF_LABEL_V4 | IPPF_LABEL_V6); 14835 } 14836 14837 /* 14838 * Copy from src to dst and allocate as needed. 14839 * Returns zero or ENOMEM. 14840 * 14841 * The caller must initialize dst to zero. 14842 */ 14843 int 14844 ip_pkt_copy(ip_pkt_t *src, ip_pkt_t *dst, int kmflag) 14845 { 14846 uint_t fields = src->ipp_fields; 14847 14848 /* Start with fields that don't require memory allocation */ 14849 dst->ipp_fields = fields & 14850 ~(IPPF_HOPOPTS | IPPF_RTHDRDSTOPTS | IPPF_DSTOPTS | 14851 IPPF_RTHDR | IPPF_IPV4_OPTIONS | IPPF_LABEL_V4 | IPPF_LABEL_V6); 14852 14853 dst->ipp_addr = src->ipp_addr; 14854 dst->ipp_unicast_hops = src->ipp_unicast_hops; 14855 dst->ipp_hoplimit = src->ipp_hoplimit; 14856 dst->ipp_tclass = src->ipp_tclass; 14857 dst->ipp_type_of_service = src->ipp_type_of_service; 14858 14859 if (!(fields & (IPPF_HOPOPTS | IPPF_RTHDRDSTOPTS | IPPF_DSTOPTS | 14860 IPPF_RTHDR | IPPF_IPV4_OPTIONS | IPPF_LABEL_V4 | IPPF_LABEL_V6))) 14861 return (0); 14862 14863 if (fields & IPPF_HOPOPTS) { 14864 dst->ipp_hopopts = kmem_alloc(src->ipp_hopoptslen, kmflag); 14865 if (dst->ipp_hopopts == NULL) { 14866 ip_pkt_free(dst); 14867 return (ENOMEM); 14868 } 14869 dst->ipp_fields |= IPPF_HOPOPTS; 14870 bcopy(src->ipp_hopopts, dst->ipp_hopopts, 14871 src->ipp_hopoptslen); 14872 dst->ipp_hopoptslen = src->ipp_hopoptslen; 14873 } 14874 if (fields & IPPF_RTHDRDSTOPTS) { 14875 dst->ipp_rthdrdstopts = kmem_alloc(src->ipp_rthdrdstoptslen, 14876 kmflag); 14877 if (dst->ipp_rthdrdstopts == NULL) { 14878 ip_pkt_free(dst); 14879 return (ENOMEM); 14880 } 14881 dst->ipp_fields |= IPPF_RTHDRDSTOPTS; 14882 bcopy(src->ipp_rthdrdstopts, dst->ipp_rthdrdstopts, 14883 src->ipp_rthdrdstoptslen); 14884 dst->ipp_rthdrdstoptslen = src->ipp_rthdrdstoptslen; 14885 } 14886 if (fields & IPPF_DSTOPTS) { 14887 dst->ipp_dstopts = kmem_alloc(src->ipp_dstoptslen, kmflag); 14888 if (dst->ipp_dstopts == NULL) { 14889 ip_pkt_free(dst); 14890 return (ENOMEM); 14891 } 14892 dst->ipp_fields |= IPPF_DSTOPTS; 14893 bcopy(src->ipp_dstopts, dst->ipp_dstopts, 14894 src->ipp_dstoptslen); 14895 dst->ipp_dstoptslen = src->ipp_dstoptslen; 14896 } 14897 if (fields & IPPF_RTHDR) { 14898 dst->ipp_rthdr = kmem_alloc(src->ipp_rthdrlen, kmflag); 14899 if (dst->ipp_rthdr == NULL) { 14900 ip_pkt_free(dst); 14901 return (ENOMEM); 14902 } 14903 dst->ipp_fields |= IPPF_RTHDR; 14904 bcopy(src->ipp_rthdr, dst->ipp_rthdr, 14905 src->ipp_rthdrlen); 14906 dst->ipp_rthdrlen = src->ipp_rthdrlen; 14907 } 14908 if (fields & IPPF_IPV4_OPTIONS) { 14909 dst->ipp_ipv4_options = kmem_alloc(src->ipp_ipv4_options_len, 14910 kmflag); 14911 if (dst->ipp_ipv4_options == NULL) { 14912 ip_pkt_free(dst); 14913 return (ENOMEM); 14914 } 14915 dst->ipp_fields |= IPPF_IPV4_OPTIONS; 14916 bcopy(src->ipp_ipv4_options, dst->ipp_ipv4_options, 14917 src->ipp_ipv4_options_len); 14918 dst->ipp_ipv4_options_len = src->ipp_ipv4_options_len; 14919 } 14920 if (fields & IPPF_LABEL_V4) { 14921 dst->ipp_label_v4 = kmem_alloc(src->ipp_label_len_v4, kmflag); 14922 if (dst->ipp_label_v4 == NULL) { 14923 ip_pkt_free(dst); 14924 return (ENOMEM); 14925 } 14926 dst->ipp_fields |= IPPF_LABEL_V4; 14927 bcopy(src->ipp_label_v4, dst->ipp_label_v4, 14928 src->ipp_label_len_v4); 14929 dst->ipp_label_len_v4 = src->ipp_label_len_v4; 14930 } 14931 if (fields & IPPF_LABEL_V6) { 14932 dst->ipp_label_v6 = kmem_alloc(src->ipp_label_len_v6, kmflag); 14933 if (dst->ipp_label_v6 == NULL) { 14934 ip_pkt_free(dst); 14935 return (ENOMEM); 14936 } 14937 dst->ipp_fields |= IPPF_LABEL_V6; 14938 bcopy(src->ipp_label_v6, dst->ipp_label_v6, 14939 src->ipp_label_len_v6); 14940 dst->ipp_label_len_v6 = src->ipp_label_len_v6; 14941 } 14942 if (fields & IPPF_FRAGHDR) { 14943 dst->ipp_fraghdr = kmem_alloc(src->ipp_fraghdrlen, kmflag); 14944 if (dst->ipp_fraghdr == NULL) { 14945 ip_pkt_free(dst); 14946 return (ENOMEM); 14947 } 14948 dst->ipp_fields |= IPPF_FRAGHDR; 14949 bcopy(src->ipp_fraghdr, dst->ipp_fraghdr, 14950 src->ipp_fraghdrlen); 14951 dst->ipp_fraghdrlen = src->ipp_fraghdrlen; 14952 } 14953 return (0); 14954 } 14955 14956 /* 14957 * Returns INADDR_ANY if no source route 14958 */ 14959 ipaddr_t 14960 ip_pkt_source_route_v4(const ip_pkt_t *ipp) 14961 { 14962 ipaddr_t nexthop = INADDR_ANY; 14963 ipoptp_t opts; 14964 uchar_t *opt; 14965 uint8_t optval; 14966 uint8_t optlen; 14967 uint32_t totallen; 14968 14969 if (!(ipp->ipp_fields & IPPF_IPV4_OPTIONS)) 14970 return (INADDR_ANY); 14971 14972 totallen = ipp->ipp_ipv4_options_len; 14973 if (totallen & 0x3) 14974 return (INADDR_ANY); 14975 14976 for (optval = ipoptp_first2(&opts, totallen, ipp->ipp_ipv4_options); 14977 optval != IPOPT_EOL; 14978 optval = ipoptp_next(&opts)) { 14979 opt = opts.ipoptp_cur; 14980 switch (optval) { 14981 uint8_t off; 14982 case IPOPT_SSRR: 14983 case IPOPT_LSRR: 14984 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) { 14985 break; 14986 } 14987 optlen = opts.ipoptp_len; 14988 off = opt[IPOPT_OFFSET]; 14989 off--; 14990 if (optlen < IP_ADDR_LEN || 14991 off > optlen - IP_ADDR_LEN) { 14992 /* End of source route */ 14993 break; 14994 } 14995 bcopy((char *)opt + off, &nexthop, IP_ADDR_LEN); 14996 if (nexthop == htonl(INADDR_LOOPBACK)) { 14997 /* Ignore */ 14998 nexthop = INADDR_ANY; 14999 break; 15000 } 15001 break; 15002 } 15003 } 15004 return (nexthop); 15005 } 15006 15007 /* 15008 * Reverse a source route. 15009 */ 15010 void 15011 ip_pkt_source_route_reverse_v4(ip_pkt_t *ipp) 15012 { 15013 ipaddr_t tmp; 15014 ipoptp_t opts; 15015 uchar_t *opt; 15016 uint8_t optval; 15017 uint32_t totallen; 15018 15019 if (!(ipp->ipp_fields & IPPF_IPV4_OPTIONS)) 15020 return; 15021 15022 totallen = ipp->ipp_ipv4_options_len; 15023 if (totallen & 0x3) 15024 return; 15025 15026 for (optval = ipoptp_first2(&opts, totallen, ipp->ipp_ipv4_options); 15027 optval != IPOPT_EOL; 15028 optval = ipoptp_next(&opts)) { 15029 uint8_t off1, off2; 15030 15031 opt = opts.ipoptp_cur; 15032 switch (optval) { 15033 case IPOPT_SSRR: 15034 case IPOPT_LSRR: 15035 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) { 15036 break; 15037 } 15038 off1 = IPOPT_MINOFF_SR - 1; 15039 off2 = opt[IPOPT_OFFSET] - IP_ADDR_LEN - 1; 15040 while (off2 > off1) { 15041 bcopy(opt + off2, &tmp, IP_ADDR_LEN); 15042 bcopy(opt + off1, opt + off2, IP_ADDR_LEN); 15043 bcopy(&tmp, opt + off2, IP_ADDR_LEN); 15044 off2 -= IP_ADDR_LEN; 15045 off1 += IP_ADDR_LEN; 15046 } 15047 opt[IPOPT_OFFSET] = IPOPT_MINOFF_SR; 15048 break; 15049 } 15050 } 15051 } 15052 15053 /* 15054 * Returns NULL if no routing header 15055 */ 15056 in6_addr_t * 15057 ip_pkt_source_route_v6(const ip_pkt_t *ipp) 15058 { 15059 in6_addr_t *nexthop = NULL; 15060 ip6_rthdr0_t *rthdr; 15061 15062 if (!(ipp->ipp_fields & IPPF_RTHDR)) 15063 return (NULL); 15064 15065 rthdr = (ip6_rthdr0_t *)ipp->ipp_rthdr; 15066 if (rthdr->ip6r0_segleft == 0) 15067 return (NULL); 15068 15069 nexthop = (in6_addr_t *)((char *)rthdr + sizeof (*rthdr)); 15070 return (nexthop); 15071 } 15072 15073 zoneid_t 15074 ip_get_zoneid_v4(ipaddr_t addr, mblk_t *mp, ip_recv_attr_t *ira, 15075 zoneid_t lookup_zoneid) 15076 { 15077 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 15078 ire_t *ire; 15079 int ire_flags = MATCH_IRE_TYPE; 15080 zoneid_t zoneid = ALL_ZONES; 15081 15082 if (is_system_labeled() && !tsol_can_accept_raw(mp, ira, B_FALSE)) 15083 return (ALL_ZONES); 15084 15085 if (lookup_zoneid != ALL_ZONES) 15086 ire_flags |= MATCH_IRE_ZONEONLY; 15087 ire = ire_ftable_lookup_v4(addr, NULL, NULL, IRE_LOCAL | IRE_LOOPBACK, 15088 NULL, lookup_zoneid, NULL, ire_flags, 0, ipst, NULL); 15089 if (ire != NULL) { 15090 zoneid = IP_REAL_ZONEID(ire->ire_zoneid, ipst); 15091 ire_refrele(ire); 15092 } 15093 return (zoneid); 15094 } 15095 15096 zoneid_t 15097 ip_get_zoneid_v6(in6_addr_t *addr, mblk_t *mp, const ill_t *ill, 15098 ip_recv_attr_t *ira, zoneid_t lookup_zoneid) 15099 { 15100 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 15101 ire_t *ire; 15102 int ire_flags = MATCH_IRE_TYPE; 15103 zoneid_t zoneid = ALL_ZONES; 15104 15105 if (is_system_labeled() && !tsol_can_accept_raw(mp, ira, B_FALSE)) 15106 return (ALL_ZONES); 15107 15108 if (IN6_IS_ADDR_LINKLOCAL(addr)) 15109 ire_flags |= MATCH_IRE_ILL; 15110 15111 if (lookup_zoneid != ALL_ZONES) 15112 ire_flags |= MATCH_IRE_ZONEONLY; 15113 ire = ire_ftable_lookup_v6(addr, NULL, NULL, IRE_LOCAL | IRE_LOOPBACK, 15114 ill, lookup_zoneid, NULL, ire_flags, 0, ipst, NULL); 15115 if (ire != NULL) { 15116 zoneid = IP_REAL_ZONEID(ire->ire_zoneid, ipst); 15117 ire_refrele(ire); 15118 } 15119 return (zoneid); 15120 } 15121 15122 /* 15123 * IP obserability hook support functions. 15124 */ 15125 static void 15126 ipobs_init(ip_stack_t *ipst) 15127 { 15128 netid_t id; 15129 15130 id = net_getnetidbynetstackid(ipst->ips_netstack->netstack_stackid); 15131 15132 ipst->ips_ip4_observe_pr = net_protocol_lookup(id, NHF_INET); 15133 VERIFY(ipst->ips_ip4_observe_pr != NULL); 15134 15135 ipst->ips_ip6_observe_pr = net_protocol_lookup(id, NHF_INET6); 15136 VERIFY(ipst->ips_ip6_observe_pr != NULL); 15137 } 15138 15139 static void 15140 ipobs_fini(ip_stack_t *ipst) 15141 { 15142 15143 VERIFY(net_protocol_release(ipst->ips_ip4_observe_pr) == 0); 15144 VERIFY(net_protocol_release(ipst->ips_ip6_observe_pr) == 0); 15145 } 15146 15147 /* 15148 * hook_pkt_observe_t is composed in network byte order so that the 15149 * entire mblk_t chain handed into hook_run can be used as-is. 15150 * The caveat is that use of the fields, such as the zone fields, 15151 * requires conversion into host byte order first. 15152 */ 15153 void 15154 ipobs_hook(mblk_t *mp, int htype, zoneid_t zsrc, zoneid_t zdst, 15155 const ill_t *ill, ip_stack_t *ipst) 15156 { 15157 hook_pkt_observe_t *hdr; 15158 uint64_t grifindex; 15159 mblk_t *imp; 15160 15161 imp = allocb(sizeof (*hdr), BPRI_HI); 15162 if (imp == NULL) 15163 return; 15164 15165 hdr = (hook_pkt_observe_t *)imp->b_rptr; 15166 /* 15167 * b_wptr is set to make the apparent size of the data in the mblk_t 15168 * to exclude the pointers at the end of hook_pkt_observer_t. 15169 */ 15170 imp->b_wptr = imp->b_rptr + sizeof (dl_ipnetinfo_t); 15171 imp->b_cont = mp; 15172 15173 ASSERT(DB_TYPE(mp) == M_DATA); 15174 15175 if (IS_UNDER_IPMP(ill)) 15176 grifindex = ipmp_ill_get_ipmp_ifindex(ill); 15177 else 15178 grifindex = 0; 15179 15180 hdr->hpo_version = 1; 15181 hdr->hpo_htype = htons(htype); 15182 hdr->hpo_pktlen = htonl((ulong_t)msgdsize(mp)); 15183 hdr->hpo_ifindex = htonl(ill->ill_phyint->phyint_ifindex); 15184 hdr->hpo_grifindex = htonl(grifindex); 15185 hdr->hpo_zsrc = htonl(zsrc); 15186 hdr->hpo_zdst = htonl(zdst); 15187 hdr->hpo_pkt = imp; 15188 hdr->hpo_ctx = ipst->ips_netstack; 15189 15190 if (ill->ill_isv6) { 15191 hdr->hpo_family = AF_INET6; 15192 (void) hook_run(ipst->ips_ipv6_net_data->netd_hooks, 15193 ipst->ips_ipv6observing, (hook_data_t)hdr); 15194 } else { 15195 hdr->hpo_family = AF_INET; 15196 (void) hook_run(ipst->ips_ipv4_net_data->netd_hooks, 15197 ipst->ips_ipv4observing, (hook_data_t)hdr); 15198 } 15199 15200 imp->b_cont = NULL; 15201 freemsg(imp); 15202 } 15203 15204 /* 15205 * Utility routine that checks if `v4srcp' is a valid address on underlying 15206 * interface `ill'. If `ipifp' is non-NULL, it's set to a held ipif 15207 * associated with `v4srcp' on success. NOTE: if this is not called from 15208 * inside the IPSQ (ill_g_lock is not held), `ill' may be removed from the 15209 * group during or after this lookup. 15210 */ 15211 boolean_t 15212 ipif_lookup_testaddr_v4(ill_t *ill, const in_addr_t *v4srcp, ipif_t **ipifp) 15213 { 15214 ipif_t *ipif; 15215 15216 ipif = ipif_lookup_addr_exact(*v4srcp, ill, ill->ill_ipst); 15217 if (ipif != NULL) { 15218 if (ipifp != NULL) 15219 *ipifp = ipif; 15220 else 15221 ipif_refrele(ipif); 15222 return (B_TRUE); 15223 } 15224 15225 ip1dbg(("ipif_lookup_testaddr_v4: cannot find ipif for src %x\n", 15226 *v4srcp)); 15227 return (B_FALSE); 15228 } 15229 15230 /* 15231 * Transport protocol call back function for CPU state change. 15232 */ 15233 /* ARGSUSED */ 15234 static int 15235 ip_tp_cpu_update(cpu_setup_t what, int id, void *arg) 15236 { 15237 processorid_t cpu_seqid; 15238 netstack_handle_t nh; 15239 netstack_t *ns; 15240 15241 ASSERT(MUTEX_HELD(&cpu_lock)); 15242 15243 switch (what) { 15244 case CPU_CONFIG: 15245 case CPU_ON: 15246 case CPU_INIT: 15247 case CPU_CPUPART_IN: 15248 cpu_seqid = cpu[id]->cpu_seqid; 15249 netstack_next_init(&nh); 15250 while ((ns = netstack_next(&nh)) != NULL) { 15251 dccp_stack_cpu_add(ns->netstack_dccp, cpu_seqid); 15252 tcp_stack_cpu_add(ns->netstack_tcp, cpu_seqid); 15253 sctp_stack_cpu_add(ns->netstack_sctp, cpu_seqid); 15254 udp_stack_cpu_add(ns->netstack_udp, cpu_seqid); 15255 netstack_rele(ns); 15256 } 15257 netstack_next_fini(&nh); 15258 break; 15259 case CPU_UNCONFIG: 15260 case CPU_OFF: 15261 case CPU_CPUPART_OUT: 15262 /* 15263 * Nothing to do. We don't remove the per CPU stats from 15264 * the IP stack even when the CPU goes offline. 15265 */ 15266 break; 15267 default: 15268 break; 15269 } 15270 return (0); 15271 }