1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright (c) 1990 Mentat Inc.
25 * Copyright (c) 2011 Joyent, Inc. All rights reserved.
26 */
27
28 #include <sys/types.h>
29 #include <sys/stream.h>
30 #include <sys/dlpi.h>
31 #include <sys/stropts.h>
32 #include <sys/sysmacros.h>
33 #include <sys/strsubr.h>
34 #include <sys/strlog.h>
35 #include <sys/strsun.h>
36 #include <sys/zone.h>
37 #define _SUN_TPI_VERSION 2
38 #include <sys/tihdr.h>
39 #include <sys/xti_inet.h>
40 #include <sys/ddi.h>
41 #include <sys/suntpi.h>
42 #include <sys/cmn_err.h>
43 #include <sys/debug.h>
44 #include <sys/kobj.h>
45 #include <sys/modctl.h>
46 #include <sys/atomic.h>
47 #include <sys/policy.h>
48 #include <sys/priv.h>
49 #include <sys/taskq.h>
50
51 #include <sys/systm.h>
52 #include <sys/param.h>
53 #include <sys/kmem.h>
54 #include <sys/sdt.h>
55 #include <sys/socket.h>
56 #include <sys/vtrace.h>
57 #include <sys/isa_defs.h>
58 #include <sys/mac.h>
59 #include <net/if.h>
60 #include <net/if_arp.h>
61 #include <net/route.h>
62 #include <sys/sockio.h>
63 #include <netinet/in.h>
64 #include <net/if_dl.h>
65
66 #include <inet/common.h>
67 #include <inet/mi.h>
68 #include <inet/mib2.h>
69 #include <inet/nd.h>
70 #include <inet/arp.h>
71 #include <inet/snmpcom.h>
72 #include <inet/optcom.h>
73 #include <inet/kstatcom.h>
74
75 #include <netinet/igmp_var.h>
76 #include <netinet/ip6.h>
77 #include <netinet/icmp6.h>
78 #include <netinet/sctp.h>
79
80 #include <inet/ip.h>
81 #include <inet/ip_impl.h>
82 #include <inet/ip6.h>
83 #include <inet/ip6_asp.h>
84 #include <inet/tcp.h>
85 #include <inet/tcp_impl.h>
86 #include <inet/ip_multi.h>
87 #include <inet/ip_if.h>
88 #include <inet/ip_ire.h>
89 #include <inet/ip_ftable.h>
90 #include <inet/ip_rts.h>
91 #include <inet/ip_ndp.h>
92 #include <inet/ip_listutils.h>
93 #include <netinet/igmp.h>
94 #include <netinet/ip_mroute.h>
95 #include <inet/ipp_common.h>
96
97 #include <net/pfkeyv2.h>
98 #include <inet/sadb.h>
99 #include <inet/ipsec_impl.h>
100 #include <inet/iptun/iptun_impl.h>
101 #include <inet/ipdrop.h>
102 #include <inet/ip_netinfo.h>
103 #include <inet/ilb_ip.h>
104
105 #include <sys/ethernet.h>
106 #include <net/if_types.h>
107 #include <sys/cpuvar.h>
108
109 #include <ipp/ipp.h>
110 #include <ipp/ipp_impl.h>
111 #include <ipp/ipgpc/ipgpc.h>
112
113 #include <sys/pattr.h>
114 #include <inet/dccp.h>
115 #include <inet/dccp_impl.h>
116 #include <inet/dccp_ip.h>
117 #include <inet/ipclassifier.h>
118 #include <inet/sctp_ip.h>
119 #include <inet/sctp/sctp_impl.h>
120 #include <inet/udp_impl.h>
121 #include <inet/rawip_impl.h>
122 #include <inet/rts_impl.h>
123
124 #include <sys/tsol/label.h>
125 #include <sys/tsol/tnet.h>
126
127 #include <sys/squeue_impl.h>
128 #include <inet/ip_arp.h>
129
130 #include <sys/clock_impl.h> /* For LBOLT_FASTPATH{,64} */
131
132 /*
133 * Values for squeue switch:
134 * IP_SQUEUE_ENTER_NODRAIN: SQ_NODRAIN
135 * IP_SQUEUE_ENTER: SQ_PROCESS
136 * IP_SQUEUE_FILL: SQ_FILL
137 */
138 int ip_squeue_enter = IP_SQUEUE_ENTER; /* Setable in /etc/system */
139
140 int ip_squeue_flag;
141
142 /*
143 * Setable in /etc/system
144 */
145 int ip_poll_normal_ms = 100;
146 int ip_poll_normal_ticks = 0;
147 int ip_modclose_ackwait_ms = 3000;
148
149 /*
150 * It would be nice to have these present only in DEBUG systems, but the
151 * current design of the global symbol checking logic requires them to be
152 * unconditionally present.
153 */
154 uint_t ip_thread_data; /* TSD key for debug support */
155 krwlock_t ip_thread_rwlock;
156 list_t ip_thread_list;
157
158 /*
159 * Structure to represent a linked list of msgblks. Used by ip_snmp_ functions.
160 */
161
162 struct listptr_s {
163 mblk_t *lp_head; /* pointer to the head of the list */
164 mblk_t *lp_tail; /* pointer to the tail of the list */
165 };
166
167 typedef struct listptr_s listptr_t;
168
169 /*
170 * This is used by ip_snmp_get_mib2_ip_route_media and
171 * ip_snmp_get_mib2_ip6_route_media to carry the lists of return data.
172 */
173 typedef struct iproutedata_s {
174 uint_t ird_idx;
175 uint_t ird_flags; /* see below */
176 listptr_t ird_route; /* ipRouteEntryTable */
177 listptr_t ird_netmedia; /* ipNetToMediaEntryTable */
178 listptr_t ird_attrs; /* ipRouteAttributeTable */
179 } iproutedata_t;
180
181 /* Include ire_testhidden and IRE_IF_CLONE routes */
182 #define IRD_REPORT_ALL 0x01
183
184 /*
185 * Cluster specific hooks. These should be NULL when booted as a non-cluster
186 */
187
188 /*
189 * Hook functions to enable cluster networking
190 * On non-clustered systems these vectors must always be NULL.
191 *
192 * Hook function to Check ip specified ip address is a shared ip address
193 * in the cluster
194 *
195 */
196 int (*cl_inet_isclusterwide)(netstackid_t stack_id, uint8_t protocol,
197 sa_family_t addr_family, uint8_t *laddrp, void *args) = NULL;
198
199 /*
200 * Hook function to generate cluster wide ip fragment identifier
201 */
202 uint32_t (*cl_inet_ipident)(netstackid_t stack_id, uint8_t protocol,
203 sa_family_t addr_family, uint8_t *laddrp, uint8_t *faddrp,
204 void *args) = NULL;
205
206 /*
207 * Hook function to generate cluster wide SPI.
208 */
209 void (*cl_inet_getspi)(netstackid_t, uint8_t, uint8_t *, size_t,
210 void *) = NULL;
211
212 /*
213 * Hook function to verify if the SPI is already utlized.
214 */
215
216 int (*cl_inet_checkspi)(netstackid_t, uint8_t, uint32_t, void *) = NULL;
217
218 /*
219 * Hook function to delete the SPI from the cluster wide repository.
220 */
221
222 void (*cl_inet_deletespi)(netstackid_t, uint8_t, uint32_t, void *) = NULL;
223
224 /*
225 * Hook function to inform the cluster when packet received on an IDLE SA
226 */
227
228 void (*cl_inet_idlesa)(netstackid_t, uint8_t, uint32_t, sa_family_t,
229 in6_addr_t, in6_addr_t, void *) = NULL;
230
231 /*
232 * Synchronization notes:
233 *
234 * IP is a fully D_MP STREAMS module/driver. Thus it does not depend on any
235 * MT level protection given by STREAMS. IP uses a combination of its own
236 * internal serialization mechanism and standard Solaris locking techniques.
237 * The internal serialization is per phyint. This is used to serialize
238 * plumbing operations, IPMP operations, most set ioctls, etc.
239 *
240 * Plumbing is a long sequence of operations involving message
241 * exchanges between IP, ARP and device drivers. Many set ioctls are typically
242 * involved in plumbing operations. A natural model is to serialize these
243 * ioctls one per ill. For example plumbing of hme0 and qfe0 can go on in
244 * parallel without any interference. But various set ioctls on hme0 are best
245 * serialized, along with IPMP operations and processing of DLPI control
246 * messages received from drivers on a per phyint basis. This serialization is
247 * provided by the ipsq_t and primitives operating on this. Details can
248 * be found in ip_if.c above the core primitives operating on ipsq_t.
249 *
250 * Lookups of an ipif or ill by a thread return a refheld ipif / ill.
251 * Simiarly lookup of an ire by a thread also returns a refheld ire.
252 * In addition ipif's and ill's referenced by the ire are also indirectly
253 * refheld. Thus no ipif or ill can vanish as long as an ipif is refheld
254 * directly or indirectly. For example an SIOCSLIFADDR ioctl that changes the
255 * address of an ipif has to go through the ipsq_t. This ensures that only
256 * one such exclusive operation proceeds at any time on the ipif. It then
257 * waits for all refcnts
258 * associated with this ipif to come down to zero. The address is changed
259 * only after the ipif has been quiesced. Then the ipif is brought up again.
260 * More details are described above the comment in ip_sioctl_flags.
261 *
262 * Packet processing is based mostly on IREs and are fully multi-threaded
263 * using standard Solaris MT techniques.
264 *
265 * There are explicit locks in IP to handle:
266 * - The ip_g_head list maintained by mi_open_link() and friends.
267 *
268 * - The reassembly data structures (one lock per hash bucket)
269 *
270 * - conn_lock is meant to protect conn_t fields. The fields actually
271 * protected by conn_lock are documented in the conn_t definition.
272 *
273 * - ire_lock to protect some of the fields of the ire, IRE tables
274 * (one lock per hash bucket). Refer to ip_ire.c for details.
275 *
276 * - ndp_g_lock and ncec_lock for protecting NCEs.
277 *
278 * - ill_lock protects fields of the ill and ipif. Details in ip.h
279 *
280 * - ill_g_lock: This is a global reader/writer lock. Protects the following
281 * * The AVL tree based global multi list of all ills.
282 * * The linked list of all ipifs of an ill
283 * * The <ipsq-xop> mapping
284 * * <ill-phyint> association
285 * Insertion/deletion of an ill in the system, insertion/deletion of an ipif
286 * into an ill, changing the <ipsq-xop> mapping of an ill, changing the
287 * <ill-phyint> assoc of an ill will all have to hold the ill_g_lock as
288 * writer for the actual duration of the insertion/deletion/change.
289 *
290 * - ill_lock: This is a per ill mutex.
291 * It protects some members of the ill_t struct; see ip.h for details.
292 * It also protects the <ill-phyint> assoc.
293 * It also protects the list of ipifs hanging off the ill.
294 *
295 * - ipsq_lock: This is a per ipsq_t mutex lock.
296 * This protects some members of the ipsq_t struct; see ip.h for details.
297 * It also protects the <ipsq-ipxop> mapping
298 *
299 * - ipx_lock: This is a per ipxop_t mutex lock.
300 * This protects some members of the ipxop_t struct; see ip.h for details.
301 *
302 * - phyint_lock: This is a per phyint mutex lock. Protects just the
303 * phyint_flags
304 *
305 * - ip_addr_avail_lock: This is used to ensure the uniqueness of IP addresses.
306 * This lock is held in ipif_up_done and the ipif is marked IPIF_UP and the
307 * uniqueness check also done atomically.
308 *
309 * - ill_g_usesrc_lock: This readers/writer lock protects the usesrc
310 * group list linked by ill_usesrc_grp_next. It also protects the
311 * ill_usesrc_ifindex field. It is taken as a writer when a member of the
312 * group is being added or deleted. This lock is taken as a reader when
313 * walking the list/group(eg: to get the number of members in a usesrc group).
314 * Note, it is only necessary to take this lock if the ill_usesrc_grp_next
315 * field is changing state i.e from NULL to non-NULL or vice-versa. For
316 * example, it is not necessary to take this lock in the initial portion
317 * of ip_sioctl_slifusesrc or at all in ip_sioctl_flags since these
318 * operations are executed exclusively and that ensures that the "usesrc
319 * group state" cannot change. The "usesrc group state" change can happen
320 * only in the latter part of ip_sioctl_slifusesrc and in ill_delete.
321 *
322 * Changing <ill-phyint>, <ipsq-xop> assocications:
323 *
324 * To change the <ill-phyint> association, the ill_g_lock must be held
325 * as writer, and the ill_locks of both the v4 and v6 instance of the ill
326 * must be held.
327 *
328 * To change the <ipsq-xop> association, the ill_g_lock must be held as
329 * writer, the ipsq_lock must be held, and one must be writer on the ipsq.
330 * This is only done when ills are added or removed from IPMP groups.
331 *
332 * To add or delete an ipif from the list of ipifs hanging off the ill,
333 * ill_g_lock (writer) and ill_lock must be held and the thread must be
334 * a writer on the associated ipsq.
335 *
336 * To add or delete an ill to the system, the ill_g_lock must be held as
337 * writer and the thread must be a writer on the associated ipsq.
338 *
339 * To add or delete an ilm to an ill, the ill_lock must be held and the thread
340 * must be a writer on the associated ipsq.
341 *
342 * Lock hierarchy
343 *
344 * Some lock hierarchy scenarios are listed below.
345 *
346 * ill_g_lock -> conn_lock -> ill_lock -> ipsq_lock -> ipx_lock
347 * ill_g_lock -> ill_lock(s) -> phyint_lock
348 * ill_g_lock -> ndp_g_lock -> ill_lock -> ncec_lock
349 * ill_g_lock -> ip_addr_avail_lock
350 * conn_lock -> irb_lock -> ill_lock -> ire_lock
351 * ill_g_lock -> ip_g_nd_lock
352 * ill_g_lock -> ips_ipmp_lock -> ill_lock -> nce_lock
353 * ill_g_lock -> ndp_g_lock -> ill_lock -> ncec_lock -> nce_lock
354 * arl_lock -> ill_lock
355 * ips_ire_dep_lock -> irb_lock
356 *
357 * When more than 1 ill lock is needed to be held, all ill lock addresses
358 * are sorted on address and locked starting from highest addressed lock
359 * downward.
360 *
361 * Multicast scenarios
362 * ips_ill_g_lock -> ill_mcast_lock
363 * conn_ilg_lock -> ips_ill_g_lock -> ill_lock
364 * ill_mcast_serializer -> ill_mcast_lock -> ips_ipmp_lock -> ill_lock
365 * ill_mcast_serializer -> ill_mcast_lock -> connf_lock -> conn_lock
366 * ill_mcast_serializer -> ill_mcast_lock -> conn_ilg_lock
367 * ill_mcast_serializer -> ill_mcast_lock -> ips_igmp_timer_lock
368 *
369 * IPsec scenarios
370 *
371 * ipsa_lock -> ill_g_lock -> ill_lock
372 * ill_g_usesrc_lock -> ill_g_lock -> ill_lock
373 *
374 * Trusted Solaris scenarios
375 *
376 * igsa_lock -> gcgrp_rwlock -> gcgrp_lock
377 * igsa_lock -> gcdb_lock
378 * gcgrp_rwlock -> ire_lock
379 * gcgrp_rwlock -> gcdb_lock
380 *
381 * squeue(sq_lock), flow related (ft_lock, fe_lock) locking
382 *
383 * cpu_lock --> ill_lock --> sqset_lock --> sq_lock
384 * sq_lock -> conn_lock -> QLOCK(q)
385 * ill_lock -> ft_lock -> fe_lock
386 *
387 * Routing/forwarding table locking notes:
388 *
389 * Lock acquisition order: Radix tree lock, irb_lock.
390 * Requirements:
391 * i. Walker must not hold any locks during the walker callback.
392 * ii Walker must not see a truncated tree during the walk because of any node
393 * deletion.
394 * iii Existing code assumes ire_bucket is valid if it is non-null and is used
395 * in many places in the code to walk the irb list. Thus even if all the
396 * ires in a bucket have been deleted, we still can't free the radix node
397 * until the ires have actually been inactive'd (freed).
398 *
399 * Tree traversal - Need to hold the global tree lock in read mode.
400 * Before dropping the global tree lock, need to either increment the ire_refcnt
401 * to ensure that the radix node can't be deleted.
402 *
403 * Tree add - Need to hold the global tree lock in write mode to add a
404 * radix node. To prevent the node from being deleted, increment the
405 * irb_refcnt, after the node is added to the tree. The ire itself is
406 * added later while holding the irb_lock, but not the tree lock.
407 *
408 * Tree delete - Need to hold the global tree lock and irb_lock in write mode.
409 * All associated ires must be inactive (i.e. freed), and irb_refcnt
410 * must be zero.
411 *
412 * Walker - Increment irb_refcnt before calling the walker callback. Hold the
413 * global tree lock (read mode) for traversal.
414 *
415 * IRE dependencies - In some cases we hold ips_ire_dep_lock across ire_refrele
416 * hence we will acquire irb_lock while holding ips_ire_dep_lock.
417 *
418 * IPsec notes :
419 *
420 * IP interacts with the IPsec code (AH/ESP) by storing IPsec attributes
421 * in the ip_xmit_attr_t ip_recv_attr_t. For outbound datagrams, the
422 * ip_xmit_attr_t has the
423 * information used by the IPsec code for applying the right level of
424 * protection. The information initialized by IP in the ip_xmit_attr_t
425 * is determined by the per-socket policy or global policy in the system.
426 * For inbound datagrams, the ip_recv_attr_t
427 * starts out with nothing in it. It gets filled
428 * with the right information if it goes through the AH/ESP code, which
429 * happens if the incoming packet is secure. The information initialized
430 * by AH/ESP, is later used by IP (during fanouts to ULP) to see whether
431 * the policy requirements needed by per-socket policy or global policy
432 * is met or not.
433 *
434 * For fully connected sockets i.e dst, src [addr, port] is known,
435 * conn_policy_cached is set indicating that policy has been cached.
436 * conn_in_enforce_policy may or may not be set depending on whether
437 * there is a global policy match or per-socket policy match.
438 * Policy inheriting happpens in ip_policy_set once the destination is known.
439 * Once the right policy is set on the conn_t, policy cannot change for
440 * this socket. This makes life simpler for TCP (UDP ?) where
441 * re-transmissions go out with the same policy. For symmetry, policy
442 * is cached for fully connected UDP sockets also. Thus if policy is cached,
443 * it also implies that policy is latched i.e policy cannot change
444 * on these sockets. As we have the right policy on the conn, we don't
445 * have to lookup global policy for every outbound and inbound datagram
446 * and thus serving as an optimization. Note that a global policy change
447 * does not affect fully connected sockets if they have policy. If fully
448 * connected sockets did not have any policy associated with it, global
449 * policy change may affect them.
450 *
451 * IP Flow control notes:
452 * ---------------------
453 * Non-TCP streams are flow controlled by IP. The way this is accomplished
454 * differs when ILL_CAPAB_DLD_DIRECT is enabled for that IP instance. When
455 * ILL_DIRECT_CAPABLE(ill) is TRUE, IP can do direct function calls into
456 * GLDv3. Otherwise packets are sent down to lower layers using STREAMS
457 * functions.
458 *
459 * Per Tx ring udp flow control:
460 * This is applicable only when ILL_CAPAB_DLD_DIRECT capability is set in
461 * the ill (i.e. ILL_DIRECT_CAPABLE(ill) is true).
462 *
463 * The underlying link can expose multiple Tx rings to the GLDv3 mac layer.
464 * To achieve best performance, outgoing traffic need to be fanned out among
465 * these Tx ring. mac_tx() is called (via str_mdata_fastpath_put()) to send
466 * traffic out of the NIC and it takes a fanout hint. UDP connections pass
467 * the address of connp as fanout hint to mac_tx(). Under flow controlled
468 * condition, mac_tx() returns a non-NULL cookie (ip_mac_tx_cookie_t). This
469 * cookie points to a specific Tx ring that is blocked. The cookie is used to
470 * hash into an idl_tx_list[] entry in idl_tx_list[] array. Each idl_tx_list_t
471 * point to drain_lists (idl_t's). These drain list will store the blocked UDP
472 * connp's. The drain list is not a single list but a configurable number of
473 * lists.
474 *
475 * The diagram below shows idl_tx_list_t's and their drain_lists. ip_stack_t
476 * has an array of idl_tx_list_t. The size of the array is TX_FANOUT_SIZE
477 * which is equal to 128. This array in turn contains a pointer to idl_t[],
478 * the ip drain list. The idl_t[] array size is MIN(max_ncpus, 8). The drain
479 * list will point to the list of connp's that are flow controlled.
480 *
481 * --------------- ------- ------- -------
482 * |->|drain_list[0]|-->|connp|-->|connp|-->|connp|-->
483 * | --------------- ------- ------- -------
484 * | --------------- ------- ------- -------
485 * |->|drain_list[1]|-->|connp|-->|connp|-->|connp|-->
486 * ---------------- | --------------- ------- ------- -------
487 * |idl_tx_list[0]|->| --------------- ------- ------- -------
488 * ---------------- |->|drain_list[2]|-->|connp|-->|connp|-->|connp|-->
489 * | --------------- ------- ------- -------
490 * . . . . .
491 * | --------------- ------- ------- -------
492 * |->|drain_list[n]|-->|connp|-->|connp|-->|connp|-->
493 * --------------- ------- ------- -------
494 * --------------- ------- ------- -------
495 * |->|drain_list[0]|-->|connp|-->|connp|-->|connp|-->
496 * | --------------- ------- ------- -------
497 * | --------------- ------- ------- -------
498 * ---------------- |->|drain_list[1]|-->|connp|-->|connp|-->|connp|-->
499 * |idl_tx_list[1]|->| --------------- ------- ------- -------
500 * ---------------- | . . . .
501 * | --------------- ------- ------- -------
502 * |->|drain_list[n]|-->|connp|-->|connp|-->|connp|-->
503 * --------------- ------- ------- -------
504 * .....
505 * ----------------
506 * |idl_tx_list[n]|-> ...
507 * ----------------
508 *
509 * When mac_tx() returns a cookie, the cookie is hashed into an index into
510 * ips_idl_tx_list[], and conn_drain_insert() is called with the idl_tx_list
511 * to insert the conn onto. conn_drain_insert() asserts flow control for the
512 * sockets via su_txq_full() (non-STREAMS) or QFULL on conn_wq (STREAMS).
513 * Further, conn_blocked is set to indicate that the conn is blocked.
514 *
515 * GLDv3 calls ill_flow_enable() when flow control is relieved. The cookie
516 * passed in the call to ill_flow_enable() identifies the blocked Tx ring and
517 * is again hashed to locate the appropriate idl_tx_list, which is then
518 * drained via conn_walk_drain(). conn_walk_drain() goes through each conn in
519 * the drain list and calls conn_drain_remove() to clear flow control (via
520 * calling su_txq_full() or clearing QFULL), and remove the conn from the
521 * drain list.
522 *
523 * Note that the drain list is not a single list but a (configurable) array of
524 * lists (8 elements by default). Synchronization between drain insertion and
525 * flow control wakeup is handled by using idl_txl->txl_lock, and only
526 * conn_drain_insert() and conn_drain_remove() manipulate the drain list.
527 *
528 * Flow control via STREAMS is used when ILL_DIRECT_CAPABLE() returns FALSE.
529 * On the send side, if the packet cannot be sent down to the driver by IP
530 * (canput() fails), ip_xmit() drops the packet and returns EWOULDBLOCK to the
531 * caller, who may then invoke ixa_check_drain_insert() to insert the conn on
532 * the 0'th drain list. When ip_wsrv() runs on the ill_wq because flow
533 * control has been relieved, the blocked conns in the 0'th drain list are
534 * drained as in the non-STREAMS case.
535 *
536 * In both the STREAMS and non-STREAMS cases, the sockfs upcall to set QFULL
537 * is done when the conn is inserted into the drain list (conn_drain_insert())
538 * and cleared when the conn is removed from the it (conn_drain_remove()).
539 *
540 * IPQOS notes:
541 *
542 * IPQoS Policies are applied to packets using IPPF (IP Policy framework)
543 * and IPQoS modules. IPPF includes hooks in IP at different control points
544 * (callout positions) which direct packets to IPQoS modules for policy
545 * processing. Policies, if present, are global.
546 *
547 * The callout positions are located in the following paths:
548 * o local_in (packets destined for this host)
549 * o local_out (packets orginating from this host )
550 * o fwd_in (packets forwarded by this m/c - inbound)
551 * o fwd_out (packets forwarded by this m/c - outbound)
552 * Hooks at these callout points can be enabled/disabled using the ndd variable
553 * ip_policy_mask (a bit mask with the 4 LSB indicating the callout positions).
554 * By default all the callout positions are enabled.
555 *
556 * Outbound (local_out)
557 * Hooks are placed in ire_send_wire_v4 and ire_send_wire_v6.
558 *
559 * Inbound (local_in)
560 * Hooks are placed in ip_fanout_v4 and ip_fanout_v6.
561 *
562 * Forwarding (in and out)
563 * Hooks are placed in ire_recv_forward_v4/v6.
564 *
565 * IP Policy Framework processing (IPPF processing)
566 * Policy processing for a packet is initiated by ip_process, which ascertains
567 * that the classifier (ipgpc) is loaded and configured, failing which the
568 * packet resumes normal processing in IP. If the clasifier is present, the
569 * packet is acted upon by one or more IPQoS modules (action instances), per
570 * filters configured in ipgpc and resumes normal IP processing thereafter.
571 * An action instance can drop a packet in course of its processing.
572 *
573 * Zones notes:
574 *
575 * The partitioning rules for networking are as follows:
576 * 1) Packets coming from a zone must have a source address belonging to that
577 * zone.
578 * 2) Packets coming from a zone can only be sent on a physical interface on
579 * which the zone has an IP address.
580 * 3) Between two zones on the same machine, packet delivery is only allowed if
581 * there's a matching route for the destination and zone in the forwarding
582 * table.
583 * 4) The TCP and UDP port spaces are per-zone; that is, two processes in
584 * different zones can bind to the same port with the wildcard address
585 * (INADDR_ANY).
586 *
587 * The granularity of interface partitioning is at the logical interface level.
588 * Therefore, every zone has its own IP addresses, and incoming packets can be
589 * attributed to a zone unambiguously. A logical interface is placed into a zone
590 * using the SIOCSLIFZONE ioctl; this sets the ipif_zoneid field in the ipif_t
591 * structure. Rule (1) is implemented by modifying the source address selection
592 * algorithm so that the list of eligible addresses is filtered based on the
593 * sending process zone.
594 *
595 * The Internet Routing Entries (IREs) are either exclusive to a zone or shared
596 * across all zones, depending on their type. Here is the break-up:
597 *
598 * IRE type Shared/exclusive
599 * -------- ----------------
600 * IRE_BROADCAST Exclusive
601 * IRE_DEFAULT (default routes) Shared (*)
602 * IRE_LOCAL Exclusive (x)
603 * IRE_LOOPBACK Exclusive
604 * IRE_PREFIX (net routes) Shared (*)
605 * IRE_IF_NORESOLVER (interface routes) Exclusive
606 * IRE_IF_RESOLVER (interface routes) Exclusive
607 * IRE_IF_CLONE (interface routes) Exclusive
608 * IRE_HOST (host routes) Shared (*)
609 *
610 * (*) A zone can only use a default or off-subnet route if the gateway is
611 * directly reachable from the zone, that is, if the gateway's address matches
612 * one of the zone's logical interfaces.
613 *
614 * (x) IRE_LOCAL are handled a bit differently.
615 * When ip_restrict_interzone_loopback is set (the default),
616 * ire_route_recursive restricts loopback using an IRE_LOCAL
617 * between zone to the case when L2 would have conceptually looped the packet
618 * back, i.e. the loopback which is required since neither Ethernet drivers
619 * nor Ethernet hardware loops them back. This is the case when the normal
620 * routes (ignoring IREs with different zoneids) would send out the packet on
621 * the same ill as the ill with which is IRE_LOCAL is associated.
622 *
623 * Multiple zones can share a common broadcast address; typically all zones
624 * share the 255.255.255.255 address. Incoming as well as locally originated
625 * broadcast packets must be dispatched to all the zones on the broadcast
626 * network. For directed broadcasts (e.g. 10.16.72.255) this is not trivial
627 * since some zones may not be on the 10.16.72/24 network. To handle this, each
628 * zone has its own set of IRE_BROADCAST entries; then, broadcast packets are
629 * sent to every zone that has an IRE_BROADCAST entry for the destination
630 * address on the input ill, see ip_input_broadcast().
631 *
632 * Applications in different zones can join the same multicast group address.
633 * The same logic applies for multicast as for broadcast. ip_input_multicast
634 * dispatches packets to all zones that have members on the physical interface.
635 */
636
637 /*
638 * Squeue Fanout flags:
639 * 0: No fanout.
640 * 1: Fanout across all squeues
641 */
642 boolean_t ip_squeue_fanout = 0;
643
644 /*
645 * Maximum dups allowed per packet.
646 */
647 uint_t ip_max_frag_dups = 10;
648
649 static int ip_open(queue_t *q, dev_t *devp, int flag, int sflag,
650 cred_t *credp, boolean_t isv6);
651 static mblk_t *ip_xmit_attach_llhdr(mblk_t *, nce_t *);
652
653 static boolean_t icmp_inbound_verify_v4(mblk_t *, icmph_t *, ip_recv_attr_t *);
654 static void icmp_inbound_too_big_v4(icmph_t *, ip_recv_attr_t *);
655 static void icmp_inbound_error_fanout_v4(mblk_t *, icmph_t *,
656 ip_recv_attr_t *);
657 static void icmp_options_update(ipha_t *);
658 static void icmp_param_problem(mblk_t *, uint8_t, ip_recv_attr_t *);
659 static void icmp_pkt(mblk_t *, void *, size_t, ip_recv_attr_t *);
660 static mblk_t *icmp_pkt_err_ok(mblk_t *, ip_recv_attr_t *);
661 static void icmp_redirect_v4(mblk_t *mp, ipha_t *, icmph_t *,
662 ip_recv_attr_t *);
663 static void icmp_send_redirect(mblk_t *, ipaddr_t, ip_recv_attr_t *);
664 static void icmp_send_reply_v4(mblk_t *, ipha_t *, icmph_t *,
665 ip_recv_attr_t *);
666
667 mblk_t *ip_dlpi_alloc(size_t, t_uscalar_t);
668 char *ip_dot_addr(ipaddr_t, char *);
669 mblk_t *ip_carve_mp(mblk_t **, ssize_t);
670 int ip_close(queue_t *, int);
671 static char *ip_dot_saddr(uchar_t *, char *);
672 static void ip_lrput(queue_t *, mblk_t *);
673 ipaddr_t ip_net_mask(ipaddr_t);
674 char *ip_nv_lookup(nv_t *, int);
675 void ip_rput(queue_t *, mblk_t *);
676 static void ip_rput_dlpi_writer(ipsq_t *dummy_sq, queue_t *q, mblk_t *mp,
677 void *dummy_arg);
678 int ip_snmp_get(queue_t *, mblk_t *, int, boolean_t);
679 static mblk_t *ip_snmp_get_mib2_ip(queue_t *, mblk_t *,
680 mib2_ipIfStatsEntry_t *, ip_stack_t *, boolean_t);
681 static mblk_t *ip_snmp_get_mib2_ip_traffic_stats(queue_t *, mblk_t *,
682 ip_stack_t *, boolean_t);
683 static mblk_t *ip_snmp_get_mib2_ip6(queue_t *, mblk_t *, ip_stack_t *,
684 boolean_t);
685 static mblk_t *ip_snmp_get_mib2_icmp(queue_t *, mblk_t *, ip_stack_t *ipst);
686 static mblk_t *ip_snmp_get_mib2_icmp6(queue_t *, mblk_t *, ip_stack_t *ipst);
687 static mblk_t *ip_snmp_get_mib2_igmp(queue_t *, mblk_t *, ip_stack_t *ipst);
688 static mblk_t *ip_snmp_get_mib2_multi(queue_t *, mblk_t *, ip_stack_t *ipst);
689 static mblk_t *ip_snmp_get_mib2_ip_addr(queue_t *, mblk_t *,
690 ip_stack_t *ipst, boolean_t);
691 static mblk_t *ip_snmp_get_mib2_ip6_addr(queue_t *, mblk_t *,
692 ip_stack_t *ipst, boolean_t);
693 static mblk_t *ip_snmp_get_mib2_ip_group_src(queue_t *, mblk_t *,
694 ip_stack_t *ipst);
695 static mblk_t *ip_snmp_get_mib2_ip6_group_src(queue_t *, mblk_t *,
696 ip_stack_t *ipst);
697 static mblk_t *ip_snmp_get_mib2_ip_group_mem(queue_t *, mblk_t *,
698 ip_stack_t *ipst);
699 static mblk_t *ip_snmp_get_mib2_ip6_group_mem(queue_t *, mblk_t *,
700 ip_stack_t *ipst);
701 static mblk_t *ip_snmp_get_mib2_virt_multi(queue_t *, mblk_t *,
702 ip_stack_t *ipst);
703 static mblk_t *ip_snmp_get_mib2_multi_rtable(queue_t *, mblk_t *,
704 ip_stack_t *ipst);
705 static mblk_t *ip_snmp_get_mib2_ip_route_media(queue_t *, mblk_t *, int,
706 ip_stack_t *ipst);
707 static mblk_t *ip_snmp_get_mib2_ip6_route_media(queue_t *, mblk_t *, int,
708 ip_stack_t *ipst);
709 static void ip_snmp_get2_v4(ire_t *, iproutedata_t *);
710 static void ip_snmp_get2_v6_route(ire_t *, iproutedata_t *);
711 static int ip_snmp_get2_v4_media(ncec_t *, iproutedata_t *);
712 static int ip_snmp_get2_v6_media(ncec_t *, iproutedata_t *);
713 int ip_snmp_set(queue_t *, int, int, uchar_t *, int);
714
715 static mblk_t *ip_fragment_copyhdr(uchar_t *, int, int, ip_stack_t *,
716 mblk_t *);
717
718 static void conn_drain_init(ip_stack_t *);
719 static void conn_drain_fini(ip_stack_t *);
720 static void conn_drain(conn_t *connp, boolean_t closing);
721
722 static void conn_walk_drain(ip_stack_t *, idl_tx_list_t *);
723 static void conn_walk_sctp(pfv_t, void *, zoneid_t, netstack_t *);
724
725 static void *ip_stack_init(netstackid_t stackid, netstack_t *ns);
726 static void ip_stack_shutdown(netstackid_t stackid, void *arg);
727 static void ip_stack_fini(netstackid_t stackid, void *arg);
728
729 static int ip_multirt_apply_membership(int (*fn)(conn_t *, boolean_t,
730 const in6_addr_t *, ipaddr_t, uint_t, mcast_record_t, const in6_addr_t *),
731 ire_t *, conn_t *, boolean_t, const in6_addr_t *, mcast_record_t,
732 const in6_addr_t *);
733
734 static int ip_squeue_switch(int);
735
736 static void *ip_kstat_init(netstackid_t, ip_stack_t *);
737 static void ip_kstat_fini(netstackid_t, kstat_t *);
738 static int ip_kstat_update(kstat_t *kp, int rw);
739 static void *icmp_kstat_init(netstackid_t);
740 static void icmp_kstat_fini(netstackid_t, kstat_t *);
741 static int icmp_kstat_update(kstat_t *kp, int rw);
742 static void *ip_kstat2_init(netstackid_t, ip_stat_t *);
743 static void ip_kstat2_fini(netstackid_t, kstat_t *);
744
745 static void ipobs_init(ip_stack_t *);
746 static void ipobs_fini(ip_stack_t *);
747
748 static int ip_tp_cpu_update(cpu_setup_t, int, void *);
749
750 ipaddr_t ip_g_all_ones = IP_HOST_MASK;
751
752 static long ip_rput_pullups;
753 int dohwcksum = 1; /* use h/w cksum if supported by the hardware */
754
755 vmem_t *ip_minor_arena_sa; /* for minor nos. from INET_MIN_DEV+2 thru 2^^18-1 */
756 vmem_t *ip_minor_arena_la; /* for minor nos. from 2^^18 thru 2^^32-1 */
757
758 int ip_debug;
759
760 /*
761 * Multirouting/CGTP stuff
762 */
763 int ip_cgtp_filter_rev = CGTP_FILTER_REV; /* CGTP hooks version */
764
765 /*
766 * IP tunables related declarations. Definitions are in ip_tunables.c
767 */
768 extern mod_prop_info_t ip_propinfo_tbl[];
769 extern int ip_propinfo_count;
770
771 /*
772 * Table of IP ioctls encoding the various properties of the ioctl and
773 * indexed based on the last byte of the ioctl command. Occasionally there
774 * is a clash, and there is more than 1 ioctl with the same last byte.
775 * In such a case 1 ioctl is encoded in the ndx table and the remaining
776 * ioctls are encoded in the misc table. An entry in the ndx table is
777 * retrieved by indexing on the last byte of the ioctl command and comparing
778 * the ioctl command with the value in the ndx table. In the event of a
779 * mismatch the misc table is then searched sequentially for the desired
780 * ioctl command.
781 *
782 * Entry: <command> <copyin_size> <flags> <cmd_type> <function> <restart_func>
783 */
784 ip_ioctl_cmd_t ip_ndx_ioctl_table[] = {
785 /* 000 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
786 /* 001 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
787 /* 002 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
788 /* 003 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
789 /* 004 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
790 /* 005 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
791 /* 006 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
792 /* 007 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
793 /* 008 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
794 /* 009 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
795
796 /* 010 */ { SIOCADDRT, sizeof (struct rtentry), IPI_PRIV,
797 MISC_CMD, ip_siocaddrt, NULL },
798 /* 011 */ { SIOCDELRT, sizeof (struct rtentry), IPI_PRIV,
799 MISC_CMD, ip_siocdelrt, NULL },
800
801 /* 012 */ { SIOCSIFADDR, sizeof (struct ifreq), IPI_PRIV | IPI_WR,
802 IF_CMD, ip_sioctl_addr, ip_sioctl_addr_restart },
803 /* 013 */ { SIOCGIFADDR, sizeof (struct ifreq), IPI_GET_CMD,
804 IF_CMD, ip_sioctl_get_addr, NULL },
805
806 /* 014 */ { SIOCSIFDSTADDR, sizeof (struct ifreq), IPI_PRIV | IPI_WR,
807 IF_CMD, ip_sioctl_dstaddr, ip_sioctl_dstaddr_restart },
808 /* 015 */ { SIOCGIFDSTADDR, sizeof (struct ifreq),
809 IPI_GET_CMD, IF_CMD, ip_sioctl_get_dstaddr, NULL },
810
811 /* 016 */ { SIOCSIFFLAGS, sizeof (struct ifreq),
812 IPI_PRIV | IPI_WR,
813 IF_CMD, ip_sioctl_flags, ip_sioctl_flags_restart },
814 /* 017 */ { SIOCGIFFLAGS, sizeof (struct ifreq),
815 IPI_MODOK | IPI_GET_CMD,
816 IF_CMD, ip_sioctl_get_flags, NULL },
817
818 /* 018 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
819 /* 019 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
820
821 /* copyin size cannot be coded for SIOCGIFCONF */
822 /* 020 */ { O_SIOCGIFCONF, 0, IPI_GET_CMD,
823 MISC_CMD, ip_sioctl_get_ifconf, NULL },
824
825 /* 021 */ { SIOCSIFMTU, sizeof (struct ifreq), IPI_PRIV | IPI_WR,
826 IF_CMD, ip_sioctl_mtu, NULL },
827 /* 022 */ { SIOCGIFMTU, sizeof (struct ifreq), IPI_GET_CMD,
828 IF_CMD, ip_sioctl_get_mtu, NULL },
829 /* 023 */ { SIOCGIFBRDADDR, sizeof (struct ifreq),
830 IPI_GET_CMD, IF_CMD, ip_sioctl_get_brdaddr, NULL },
831 /* 024 */ { SIOCSIFBRDADDR, sizeof (struct ifreq), IPI_PRIV | IPI_WR,
832 IF_CMD, ip_sioctl_brdaddr, NULL },
833 /* 025 */ { SIOCGIFNETMASK, sizeof (struct ifreq),
834 IPI_GET_CMD, IF_CMD, ip_sioctl_get_netmask, NULL },
835 /* 026 */ { SIOCSIFNETMASK, sizeof (struct ifreq), IPI_PRIV | IPI_WR,
836 IF_CMD, ip_sioctl_netmask, ip_sioctl_netmask_restart },
837 /* 027 */ { SIOCGIFMETRIC, sizeof (struct ifreq),
838 IPI_GET_CMD, IF_CMD, ip_sioctl_get_metric, NULL },
839 /* 028 */ { SIOCSIFMETRIC, sizeof (struct ifreq), IPI_PRIV,
840 IF_CMD, ip_sioctl_metric, NULL },
841 /* 029 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
842
843 /* See 166-168 below for extended SIOC*XARP ioctls */
844 /* 030 */ { SIOCSARP, sizeof (struct arpreq), IPI_PRIV | IPI_WR,
845 ARP_CMD, ip_sioctl_arp, NULL },
846 /* 031 */ { SIOCGARP, sizeof (struct arpreq), IPI_GET_CMD,
847 ARP_CMD, ip_sioctl_arp, NULL },
848 /* 032 */ { SIOCDARP, sizeof (struct arpreq), IPI_PRIV | IPI_WR,
849 ARP_CMD, ip_sioctl_arp, NULL },
850
851 /* 033 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
852 /* 034 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
853 /* 035 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
854 /* 036 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
855 /* 037 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
856 /* 038 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
857 /* 039 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
858 /* 040 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
859 /* 041 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
860 /* 042 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
861 /* 043 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
862 /* 044 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
863 /* 045 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
864 /* 046 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
865 /* 047 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
866 /* 048 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
867 /* 049 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
868 /* 050 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
869 /* 051 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
870 /* 052 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
871 /* 053 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
872
873 /* 054 */ { IF_UNITSEL, sizeof (int), IPI_PRIV | IPI_WR | IPI_MODOK,
874 MISC_CMD, if_unitsel, if_unitsel_restart },
875
876 /* 055 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
877 /* 056 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
878 /* 057 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
879 /* 058 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
880 /* 059 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
881 /* 060 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
882 /* 061 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
883 /* 062 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
884 /* 063 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
885 /* 064 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
886 /* 065 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
887 /* 066 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
888 /* 067 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
889 /* 068 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
890 /* 069 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
891 /* 070 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
892 /* 071 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
893 /* 072 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
894
895 /* 073 */ { SIOCSIFNAME, sizeof (struct ifreq),
896 IPI_PRIV | IPI_WR | IPI_MODOK,
897 IF_CMD, ip_sioctl_sifname, NULL },
898
899 /* 074 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
900 /* 075 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
901 /* 076 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
902 /* 077 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
903 /* 078 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
904 /* 079 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
905 /* 080 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
906 /* 081 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
907 /* 082 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
908 /* 083 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
909 /* 084 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
910 /* 085 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
911 /* 086 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
912
913 /* 087 */ { SIOCGIFNUM, sizeof (int), IPI_GET_CMD,
914 MISC_CMD, ip_sioctl_get_ifnum, NULL },
915 /* 088 */ { SIOCGIFMUXID, sizeof (struct ifreq), IPI_GET_CMD,
916 IF_CMD, ip_sioctl_get_muxid, NULL },
917 /* 089 */ { SIOCSIFMUXID, sizeof (struct ifreq),
918 IPI_PRIV | IPI_WR, IF_CMD, ip_sioctl_muxid, NULL },
919
920 /* Both if and lif variants share same func */
921 /* 090 */ { SIOCGIFINDEX, sizeof (struct ifreq), IPI_GET_CMD,
922 IF_CMD, ip_sioctl_get_lifindex, NULL },
923 /* Both if and lif variants share same func */
924 /* 091 */ { SIOCSIFINDEX, sizeof (struct ifreq),
925 IPI_PRIV | IPI_WR, IF_CMD, ip_sioctl_slifindex, NULL },
926
927 /* copyin size cannot be coded for SIOCGIFCONF */
928 /* 092 */ { SIOCGIFCONF, 0, IPI_GET_CMD,
929 MISC_CMD, ip_sioctl_get_ifconf, NULL },
930 /* 093 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
931 /* 094 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
932 /* 095 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
933 /* 096 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
934 /* 097 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
935 /* 098 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
936 /* 099 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
937 /* 100 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
938 /* 101 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
939 /* 102 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
940 /* 103 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
941 /* 104 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
942 /* 105 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
943 /* 106 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
944 /* 107 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
945 /* 108 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
946 /* 109 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
947
948 /* 110 */ { SIOCLIFREMOVEIF, sizeof (struct lifreq),
949 IPI_PRIV | IPI_WR, LIF_CMD, ip_sioctl_removeif,
950 ip_sioctl_removeif_restart },
951 /* 111 */ { SIOCLIFADDIF, sizeof (struct lifreq),
952 IPI_GET_CMD | IPI_PRIV | IPI_WR,
953 LIF_CMD, ip_sioctl_addif, NULL },
954 #define SIOCLIFADDR_NDX 112
955 /* 112 */ { SIOCSLIFADDR, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
956 LIF_CMD, ip_sioctl_addr, ip_sioctl_addr_restart },
957 /* 113 */ { SIOCGLIFADDR, sizeof (struct lifreq),
958 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_addr, NULL },
959 /* 114 */ { SIOCSLIFDSTADDR, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
960 LIF_CMD, ip_sioctl_dstaddr, ip_sioctl_dstaddr_restart },
961 /* 115 */ { SIOCGLIFDSTADDR, sizeof (struct lifreq),
962 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_dstaddr, NULL },
963 /* 116 */ { SIOCSLIFFLAGS, sizeof (struct lifreq),
964 IPI_PRIV | IPI_WR,
965 LIF_CMD, ip_sioctl_flags, ip_sioctl_flags_restart },
966 /* 117 */ { SIOCGLIFFLAGS, sizeof (struct lifreq),
967 IPI_GET_CMD | IPI_MODOK,
968 LIF_CMD, ip_sioctl_get_flags, NULL },
969
970 /* 118 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
971 /* 119 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
972
973 /* 120 */ { O_SIOCGLIFCONF, 0, IPI_GET_CMD, MISC_CMD,
974 ip_sioctl_get_lifconf, NULL },
975 /* 121 */ { SIOCSLIFMTU, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
976 LIF_CMD, ip_sioctl_mtu, NULL },
977 /* 122 */ { SIOCGLIFMTU, sizeof (struct lifreq), IPI_GET_CMD,
978 LIF_CMD, ip_sioctl_get_mtu, NULL },
979 /* 123 */ { SIOCGLIFBRDADDR, sizeof (struct lifreq),
980 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_brdaddr, NULL },
981 /* 124 */ { SIOCSLIFBRDADDR, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
982 LIF_CMD, ip_sioctl_brdaddr, NULL },
983 /* 125 */ { SIOCGLIFNETMASK, sizeof (struct lifreq),
984 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_netmask, NULL },
985 /* 126 */ { SIOCSLIFNETMASK, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
986 LIF_CMD, ip_sioctl_netmask, ip_sioctl_netmask_restart },
987 /* 127 */ { SIOCGLIFMETRIC, sizeof (struct lifreq),
988 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_metric, NULL },
989 /* 128 */ { SIOCSLIFMETRIC, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
990 LIF_CMD, ip_sioctl_metric, NULL },
991 /* 129 */ { SIOCSLIFNAME, sizeof (struct lifreq),
992 IPI_PRIV | IPI_WR | IPI_MODOK,
993 LIF_CMD, ip_sioctl_slifname,
994 ip_sioctl_slifname_restart },
995
996 /* 130 */ { SIOCGLIFNUM, sizeof (struct lifnum), IPI_GET_CMD,
997 MISC_CMD, ip_sioctl_get_lifnum, NULL },
998 /* 131 */ { SIOCGLIFMUXID, sizeof (struct lifreq),
999 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_muxid, NULL },
1000 /* 132 */ { SIOCSLIFMUXID, sizeof (struct lifreq),
1001 IPI_PRIV | IPI_WR, LIF_CMD, ip_sioctl_muxid, NULL },
1002 /* 133 */ { SIOCGLIFINDEX, sizeof (struct lifreq),
1003 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_lifindex, 0 },
1004 /* 134 */ { SIOCSLIFINDEX, sizeof (struct lifreq),
1005 IPI_PRIV | IPI_WR, LIF_CMD, ip_sioctl_slifindex, 0 },
1006 /* 135 */ { SIOCSLIFTOKEN, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
1007 LIF_CMD, ip_sioctl_token, NULL },
1008 /* 136 */ { SIOCGLIFTOKEN, sizeof (struct lifreq),
1009 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_token, NULL },
1010 /* 137 */ { SIOCSLIFSUBNET, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
1011 LIF_CMD, ip_sioctl_subnet, ip_sioctl_subnet_restart },
1012 /* 138 */ { SIOCGLIFSUBNET, sizeof (struct lifreq),
1013 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_subnet, NULL },
1014 /* 139 */ { SIOCSLIFLNKINFO, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
1015 LIF_CMD, ip_sioctl_lnkinfo, NULL },
1016
1017 /* 140 */ { SIOCGLIFLNKINFO, sizeof (struct lifreq),
1018 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_lnkinfo, NULL },
1019 /* 141 */ { SIOCLIFDELND, sizeof (struct lifreq), IPI_PRIV,
1020 LIF_CMD, ip_siocdelndp_v6, NULL },
1021 /* 142 */ { SIOCLIFGETND, sizeof (struct lifreq), IPI_GET_CMD,
1022 LIF_CMD, ip_siocqueryndp_v6, NULL },
1023 /* 143 */ { SIOCLIFSETND, sizeof (struct lifreq), IPI_PRIV,
1024 LIF_CMD, ip_siocsetndp_v6, NULL },
1025 /* 144 */ { SIOCTMYADDR, sizeof (struct sioc_addrreq), IPI_GET_CMD,
1026 MISC_CMD, ip_sioctl_tmyaddr, NULL },
1027 /* 145 */ { SIOCTONLINK, sizeof (struct sioc_addrreq), IPI_GET_CMD,
1028 MISC_CMD, ip_sioctl_tonlink, NULL },
1029 /* 146 */ { SIOCTMYSITE, sizeof (struct sioc_addrreq), 0,
1030 MISC_CMD, ip_sioctl_tmysite, NULL },
1031 /* 147 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1032 /* 148 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1033 /* IPSECioctls handled in ip_sioctl_copyin_setup itself */
1034 /* 149 */ { SIOCFIPSECONFIG, 0, IPI_PRIV, MISC_CMD, NULL, NULL },
1035 /* 150 */ { SIOCSIPSECONFIG, 0, IPI_PRIV, MISC_CMD, NULL, NULL },
1036 /* 151 */ { SIOCDIPSECONFIG, 0, IPI_PRIV, MISC_CMD, NULL, NULL },
1037 /* 152 */ { SIOCLIPSECONFIG, 0, IPI_PRIV, MISC_CMD, NULL, NULL },
1038
1039 /* 153 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1040
1041 /* 154 */ { SIOCGLIFBINDING, sizeof (struct lifreq), IPI_GET_CMD,
1042 LIF_CMD, ip_sioctl_get_binding, NULL },
1043 /* 155 */ { SIOCSLIFGROUPNAME, sizeof (struct lifreq),
1044 IPI_PRIV | IPI_WR,
1045 LIF_CMD, ip_sioctl_groupname, ip_sioctl_groupname },
1046 /* 156 */ { SIOCGLIFGROUPNAME, sizeof (struct lifreq),
1047 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_groupname, NULL },
1048 /* 157 */ { SIOCGLIFGROUPINFO, sizeof (lifgroupinfo_t),
1049 IPI_GET_CMD, MISC_CMD, ip_sioctl_groupinfo, NULL },
1050
1051 /* Leave 158-160 unused; used to be SIOC*IFARP ioctls */
1052 /* 158 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1053 /* 159 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1054 /* 160 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1055
1056 /* 161 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1057
1058 /* These are handled in ip_sioctl_copyin_setup itself */
1059 /* 162 */ { SIOCGIP6ADDRPOLICY, 0, IPI_NULL_BCONT,
1060 MISC_CMD, NULL, NULL },
1061 /* 163 */ { SIOCSIP6ADDRPOLICY, 0, IPI_PRIV | IPI_NULL_BCONT,
1062 MISC_CMD, NULL, NULL },
1063 /* 164 */ { SIOCGDSTINFO, 0, IPI_GET_CMD, MISC_CMD, NULL, NULL },
1064
1065 /* 165 */ { SIOCGLIFCONF, 0, IPI_GET_CMD, MISC_CMD,
1066 ip_sioctl_get_lifconf, NULL },
1067
1068 /* 166 */ { SIOCSXARP, sizeof (struct xarpreq), IPI_PRIV | IPI_WR,
1069 XARP_CMD, ip_sioctl_arp, NULL },
1070 /* 167 */ { SIOCGXARP, sizeof (struct xarpreq), IPI_GET_CMD,
1071 XARP_CMD, ip_sioctl_arp, NULL },
1072 /* 168 */ { SIOCDXARP, sizeof (struct xarpreq), IPI_PRIV | IPI_WR,
1073 XARP_CMD, ip_sioctl_arp, NULL },
1074
1075 /* SIOCPOPSOCKFS is not handled by IP */
1076 /* 169 */ { IPI_DONTCARE /* SIOCPOPSOCKFS */, 0, 0, 0, NULL, NULL },
1077
1078 /* 170 */ { SIOCGLIFZONE, sizeof (struct lifreq),
1079 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_lifzone, NULL },
1080 /* 171 */ { SIOCSLIFZONE, sizeof (struct lifreq),
1081 IPI_PRIV | IPI_WR, LIF_CMD, ip_sioctl_slifzone,
1082 ip_sioctl_slifzone_restart },
1083 /* 172-174 are SCTP ioctls and not handled by IP */
1084 /* 172 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1085 /* 173 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1086 /* 174 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1087 /* 175 */ { SIOCGLIFUSESRC, sizeof (struct lifreq),
1088 IPI_GET_CMD, LIF_CMD,
1089 ip_sioctl_get_lifusesrc, 0 },
1090 /* 176 */ { SIOCSLIFUSESRC, sizeof (struct lifreq),
1091 IPI_PRIV | IPI_WR,
1092 LIF_CMD, ip_sioctl_slifusesrc,
1093 NULL },
1094 /* 177 */ { SIOCGLIFSRCOF, 0, IPI_GET_CMD, MISC_CMD,
1095 ip_sioctl_get_lifsrcof, NULL },
1096 /* 178 */ { SIOCGMSFILTER, sizeof (struct group_filter), IPI_GET_CMD,
1097 MSFILT_CMD, ip_sioctl_msfilter, NULL },
1098 /* 179 */ { SIOCSMSFILTER, sizeof (struct group_filter), 0,
1099 MSFILT_CMD, ip_sioctl_msfilter, NULL },
1100 /* 180 */ { SIOCGIPMSFILTER, sizeof (struct ip_msfilter), IPI_GET_CMD,
1101 MSFILT_CMD, ip_sioctl_msfilter, NULL },
1102 /* 181 */ { SIOCSIPMSFILTER, sizeof (struct ip_msfilter), 0,
1103 MSFILT_CMD, ip_sioctl_msfilter, NULL },
1104 /* 182 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1105 /* SIOCSENABLESDP is handled by SDP */
1106 /* 183 */ { IPI_DONTCARE /* SIOCSENABLESDP */, 0, 0, 0, NULL, NULL },
1107 /* 184 */ { IPI_DONTCARE /* SIOCSQPTR */, 0, 0, 0, NULL, NULL },
1108 /* 185 */ { SIOCGIFHWADDR, sizeof (struct ifreq), IPI_GET_CMD,
1109 IF_CMD, ip_sioctl_get_ifhwaddr, NULL },
1110 /* 186 */ { IPI_DONTCARE /* SIOCGSTAMP */, 0, 0, 0, NULL, NULL },
1111 /* 187 */ { SIOCILB, 0, IPI_PRIV | IPI_GET_CMD, MISC_CMD,
1112 ip_sioctl_ilb_cmd, NULL },
1113 /* 188 */ { SIOCGETPROP, 0, IPI_GET_CMD, 0, NULL, NULL },
1114 /* 189 */ { SIOCSETPROP, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL},
1115 /* 190 */ { SIOCGLIFDADSTATE, sizeof (struct lifreq),
1116 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_dadstate, NULL },
1117 /* 191 */ { SIOCSLIFPREFIX, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
1118 LIF_CMD, ip_sioctl_prefix, ip_sioctl_prefix_restart },
1119 /* 192 */ { SIOCGLIFHWADDR, sizeof (struct lifreq), IPI_GET_CMD,
1120 LIF_CMD, ip_sioctl_get_lifhwaddr, NULL }
1121 };
1122
1123 int ip_ndx_ioctl_count = sizeof (ip_ndx_ioctl_table) / sizeof (ip_ioctl_cmd_t);
1124
1125 ip_ioctl_cmd_t ip_misc_ioctl_table[] = {
1126 { I_LINK, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL },
1127 { I_UNLINK, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL },
1128 { I_PLINK, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL },
1129 { I_PUNLINK, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL },
1130 { ND_GET, 0, 0, 0, NULL, NULL },
1131 { ND_SET, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL },
1132 { IP_IOCTL, 0, 0, 0, NULL, NULL },
1133 { SIOCGETVIFCNT, sizeof (struct sioc_vif_req), IPI_GET_CMD,
1134 MISC_CMD, mrt_ioctl},
1135 { SIOCGETSGCNT, sizeof (struct sioc_sg_req), IPI_GET_CMD,
1136 MISC_CMD, mrt_ioctl},
1137 { SIOCGETLSGCNT, sizeof (struct sioc_lsg_req), IPI_GET_CMD,
1138 MISC_CMD, mrt_ioctl}
1139 };
1140
1141 int ip_misc_ioctl_count =
1142 sizeof (ip_misc_ioctl_table) / sizeof (ip_ioctl_cmd_t);
1143
1144 int conn_drain_nthreads; /* Number of drainers reqd. */
1145 /* Settable in /etc/system */
1146 /* Defined in ip_ire.c */
1147 extern uint32_t ip_ire_max_bucket_cnt, ip6_ire_max_bucket_cnt;
1148 extern uint32_t ip_ire_min_bucket_cnt, ip6_ire_min_bucket_cnt;
1149 extern uint32_t ip_ire_mem_ratio, ip_ire_cpu_ratio;
1150
1151 static nv_t ire_nv_arr[] = {
1152 { IRE_BROADCAST, "BROADCAST" },
1153 { IRE_LOCAL, "LOCAL" },
1154 { IRE_LOOPBACK, "LOOPBACK" },
1155 { IRE_DEFAULT, "DEFAULT" },
1156 { IRE_PREFIX, "PREFIX" },
1157 { IRE_IF_NORESOLVER, "IF_NORESOL" },
1158 { IRE_IF_RESOLVER, "IF_RESOLV" },
1159 { IRE_IF_CLONE, "IF_CLONE" },
1160 { IRE_HOST, "HOST" },
1161 { IRE_MULTICAST, "MULTICAST" },
1162 { IRE_NOROUTE, "NOROUTE" },
1163 { 0 }
1164 };
1165
1166 nv_t *ire_nv_tbl = ire_nv_arr;
1167
1168 /* Simple ICMP IP Header Template */
1169 static ipha_t icmp_ipha = {
1170 IP_SIMPLE_HDR_VERSION, 0, 0, 0, 0, 0, IPPROTO_ICMP
1171 };
1172
1173 struct module_info ip_mod_info = {
1174 IP_MOD_ID, IP_MOD_NAME, IP_MOD_MINPSZ, IP_MOD_MAXPSZ, IP_MOD_HIWAT,
1175 IP_MOD_LOWAT
1176 };
1177
1178 /*
1179 * Duplicate static symbols within a module confuses mdb; so we avoid the
1180 * problem by making the symbols here distinct from those in udp.c.
1181 */
1182
1183 /*
1184 * Entry points for IP as a device and as a module.
1185 * We have separate open functions for the /dev/ip and /dev/ip6 devices.
1186 */
1187 static struct qinit iprinitv4 = {
1188 (pfi_t)ip_rput, NULL, ip_openv4, ip_close, NULL,
1189 &ip_mod_info
1190 };
1191
1192 struct qinit iprinitv6 = {
1193 (pfi_t)ip_rput_v6, NULL, ip_openv6, ip_close, NULL,
1194 &ip_mod_info
1195 };
1196
1197 static struct qinit ipwinit = {
1198 (pfi_t)ip_wput_nondata, (pfi_t)ip_wsrv, NULL, NULL, NULL,
1199 &ip_mod_info
1200 };
1201
1202 static struct qinit iplrinit = {
1203 (pfi_t)ip_lrput, NULL, ip_openv4, ip_close, NULL,
1204 &ip_mod_info
1205 };
1206
1207 static struct qinit iplwinit = {
1208 (pfi_t)ip_lwput, NULL, NULL, NULL, NULL,
1209 &ip_mod_info
1210 };
1211
1212 /* For AF_INET aka /dev/ip */
1213 struct streamtab ipinfov4 = {
1214 &iprinitv4, &ipwinit, &iplrinit, &iplwinit
1215 };
1216
1217 /* For AF_INET6 aka /dev/ip6 */
1218 struct streamtab ipinfov6 = {
1219 &iprinitv6, &ipwinit, &iplrinit, &iplwinit
1220 };
1221
1222 #ifdef DEBUG
1223 boolean_t skip_sctp_cksum = B_FALSE;
1224 #endif
1225
1226 /*
1227 * Generate an ICMP fragmentation needed message.
1228 * When called from ip_output side a minimal ip_recv_attr_t needs to be
1229 * constructed by the caller.
1230 */
1231 void
1232 icmp_frag_needed(mblk_t *mp, int mtu, ip_recv_attr_t *ira)
1233 {
1234 icmph_t icmph;
1235 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
1236
1237 mp = icmp_pkt_err_ok(mp, ira);
1238 if (mp == NULL)
1239 return;
1240
1241 bzero(&icmph, sizeof (icmph_t));
1242 icmph.icmph_type = ICMP_DEST_UNREACHABLE;
1243 icmph.icmph_code = ICMP_FRAGMENTATION_NEEDED;
1244 icmph.icmph_du_mtu = htons((uint16_t)mtu);
1245 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutFragNeeded);
1246 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDestUnreachs);
1247
1248 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira);
1249 }
1250
1251 /*
1252 * icmp_inbound_v4 deals with ICMP messages that are handled by IP.
1253 * If the ICMP message is consumed by IP, i.e., it should not be delivered
1254 * to any IPPROTO_ICMP raw sockets, then it returns NULL.
1255 * Likewise, if the ICMP error is misformed (too short, etc), then it
1256 * returns NULL. The caller uses this to determine whether or not to send
1257 * to raw sockets.
1258 *
1259 * All error messages are passed to the matching transport stream.
1260 *
1261 * The following cases are handled by icmp_inbound:
1262 * 1) It needs to send a reply back and possibly delivering it
1263 * to the "interested" upper clients.
1264 * 2) Return the mblk so that the caller can pass it to the RAW socket clients.
1265 * 3) It needs to change some values in IP only.
1266 * 4) It needs to change some values in IP and upper layers e.g TCP
1267 * by delivering an error to the upper layers.
1268 *
1269 * We handle the above three cases in the context of IPsec in the
1270 * following way :
1271 *
1272 * 1) Send the reply back in the same way as the request came in.
1273 * If it came in encrypted, it goes out encrypted. If it came in
1274 * clear, it goes out in clear. Thus, this will prevent chosen
1275 * plain text attack.
1276 * 2) The client may or may not expect things to come in secure.
1277 * If it comes in secure, the policy constraints are checked
1278 * before delivering it to the upper layers. If it comes in
1279 * clear, ipsec_inbound_accept_clear will decide whether to
1280 * accept this in clear or not. In both the cases, if the returned
1281 * message (IP header + 8 bytes) that caused the icmp message has
1282 * AH/ESP headers, it is sent up to AH/ESP for validation before
1283 * sending up. If there are only 8 bytes of returned message, then
1284 * upper client will not be notified.
1285 * 3) Check with global policy to see whether it matches the constaints.
1286 * But this will be done only if icmp_accept_messages_in_clear is
1287 * zero.
1288 * 4) If we need to change both in IP and ULP, then the decision taken
1289 * while affecting the values in IP and while delivering up to TCP
1290 * should be the same.
1291 *
1292 * There are two cases.
1293 *
1294 * a) If we reject data at the IP layer (ipsec_check_global_policy()
1295 * failed), we will not deliver it to the ULP, even though they
1296 * are *willing* to accept in *clear*. This is fine as our global
1297 * disposition to icmp messages asks us reject the datagram.
1298 *
1299 * b) If we accept data at the IP layer (ipsec_check_global_policy()
1300 * succeeded or icmp_accept_messages_in_clear is 1), and not able
1301 * to deliver it to ULP (policy failed), it can lead to
1302 * consistency problems. The cases known at this time are
1303 * ICMP_DESTINATION_UNREACHABLE messages with following code
1304 * values :
1305 *
1306 * - ICMP_FRAGMENTATION_NEEDED : IP adapts to the new value
1307 * and Upper layer rejects. Then the communication will
1308 * come to a stop. This is solved by making similar decisions
1309 * at both levels. Currently, when we are unable to deliver
1310 * to the Upper Layer (due to policy failures) while IP has
1311 * adjusted dce_pmtu, the next outbound datagram would
1312 * generate a local ICMP_FRAGMENTATION_NEEDED message - which
1313 * will be with the right level of protection. Thus the right
1314 * value will be communicated even if we are not able to
1315 * communicate when we get from the wire initially. But this
1316 * assumes there would be at least one outbound datagram after
1317 * IP has adjusted its dce_pmtu value. To make things
1318 * simpler, we accept in clear after the validation of
1319 * AH/ESP headers.
1320 *
1321 * - Other ICMP ERRORS : We may not be able to deliver it to the
1322 * upper layer depending on the level of protection the upper
1323 * layer expects and the disposition in ipsec_inbound_accept_clear().
1324 * ipsec_inbound_accept_clear() decides whether a given ICMP error
1325 * should be accepted in clear when the Upper layer expects secure.
1326 * Thus the communication may get aborted by some bad ICMP
1327 * packets.
1328 */
1329 mblk_t *
1330 icmp_inbound_v4(mblk_t *mp, ip_recv_attr_t *ira)
1331 {
1332 icmph_t *icmph;
1333 ipha_t *ipha; /* Outer header */
1334 int ip_hdr_length; /* Outer header length */
1335 boolean_t interested;
1336 ipif_t *ipif;
1337 uint32_t ts;
1338 uint32_t *tsp;
1339 timestruc_t now;
1340 ill_t *ill = ira->ira_ill;
1341 ip_stack_t *ipst = ill->ill_ipst;
1342 zoneid_t zoneid = ira->ira_zoneid;
1343 int len_needed;
1344 mblk_t *mp_ret = NULL;
1345
1346 ipha = (ipha_t *)mp->b_rptr;
1347
1348 BUMP_MIB(&ipst->ips_icmp_mib, icmpInMsgs);
1349
1350 ip_hdr_length = ira->ira_ip_hdr_length;
1351 if ((mp->b_wptr - mp->b_rptr) < (ip_hdr_length + ICMPH_SIZE)) {
1352 if (ira->ira_pktlen < (ip_hdr_length + ICMPH_SIZE)) {
1353 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts);
1354 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill);
1355 freemsg(mp);
1356 return (NULL);
1357 }
1358 /* Last chance to get real. */
1359 ipha = ip_pullup(mp, ip_hdr_length + ICMPH_SIZE, ira);
1360 if (ipha == NULL) {
1361 BUMP_MIB(&ipst->ips_icmp_mib, icmpInErrors);
1362 freemsg(mp);
1363 return (NULL);
1364 }
1365 }
1366
1367 /* The IP header will always be a multiple of four bytes */
1368 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1369 ip2dbg(("icmp_inbound_v4: type %d code %d\n", icmph->icmph_type,
1370 icmph->icmph_code));
1371
1372 /*
1373 * We will set "interested" to "true" if we should pass a copy to
1374 * the transport or if we handle the packet locally.
1375 */
1376 interested = B_FALSE;
1377 switch (icmph->icmph_type) {
1378 case ICMP_ECHO_REPLY:
1379 BUMP_MIB(&ipst->ips_icmp_mib, icmpInEchoReps);
1380 break;
1381 case ICMP_DEST_UNREACHABLE:
1382 if (icmph->icmph_code == ICMP_FRAGMENTATION_NEEDED)
1383 BUMP_MIB(&ipst->ips_icmp_mib, icmpInFragNeeded);
1384 interested = B_TRUE; /* Pass up to transport */
1385 BUMP_MIB(&ipst->ips_icmp_mib, icmpInDestUnreachs);
1386 break;
1387 case ICMP_SOURCE_QUENCH:
1388 interested = B_TRUE; /* Pass up to transport */
1389 BUMP_MIB(&ipst->ips_icmp_mib, icmpInSrcQuenchs);
1390 break;
1391 case ICMP_REDIRECT:
1392 if (!ipst->ips_ip_ignore_redirect)
1393 interested = B_TRUE;
1394 BUMP_MIB(&ipst->ips_icmp_mib, icmpInRedirects);
1395 break;
1396 case ICMP_ECHO_REQUEST:
1397 /*
1398 * Whether to respond to echo requests that come in as IP
1399 * broadcasts or as IP multicast is subject to debate
1400 * (what isn't?). We aim to please, you pick it.
1401 * Default is do it.
1402 */
1403 if (ira->ira_flags & IRAF_MULTICAST) {
1404 /* multicast: respond based on tunable */
1405 interested = ipst->ips_ip_g_resp_to_echo_mcast;
1406 } else if (ira->ira_flags & IRAF_BROADCAST) {
1407 /* broadcast: respond based on tunable */
1408 interested = ipst->ips_ip_g_resp_to_echo_bcast;
1409 } else {
1410 /* unicast: always respond */
1411 interested = B_TRUE;
1412 }
1413 BUMP_MIB(&ipst->ips_icmp_mib, icmpInEchos);
1414 if (!interested) {
1415 /* We never pass these to RAW sockets */
1416 freemsg(mp);
1417 return (NULL);
1418 }
1419
1420 /* Check db_ref to make sure we can modify the packet. */
1421 if (mp->b_datap->db_ref > 1) {
1422 mblk_t *mp1;
1423
1424 mp1 = copymsg(mp);
1425 freemsg(mp);
1426 if (!mp1) {
1427 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops);
1428 return (NULL);
1429 }
1430 mp = mp1;
1431 ipha = (ipha_t *)mp->b_rptr;
1432 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1433 }
1434 icmph->icmph_type = ICMP_ECHO_REPLY;
1435 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutEchoReps);
1436 icmp_send_reply_v4(mp, ipha, icmph, ira);
1437 return (NULL);
1438
1439 case ICMP_ROUTER_ADVERTISEMENT:
1440 case ICMP_ROUTER_SOLICITATION:
1441 break;
1442 case ICMP_TIME_EXCEEDED:
1443 interested = B_TRUE; /* Pass up to transport */
1444 BUMP_MIB(&ipst->ips_icmp_mib, icmpInTimeExcds);
1445 break;
1446 case ICMP_PARAM_PROBLEM:
1447 interested = B_TRUE; /* Pass up to transport */
1448 BUMP_MIB(&ipst->ips_icmp_mib, icmpInParmProbs);
1449 break;
1450 case ICMP_TIME_STAMP_REQUEST:
1451 /* Response to Time Stamp Requests is local policy. */
1452 if (ipst->ips_ip_g_resp_to_timestamp) {
1453 if (ira->ira_flags & IRAF_MULTIBROADCAST)
1454 interested =
1455 ipst->ips_ip_g_resp_to_timestamp_bcast;
1456 else
1457 interested = B_TRUE;
1458 }
1459 if (!interested) {
1460 /* We never pass these to RAW sockets */
1461 freemsg(mp);
1462 return (NULL);
1463 }
1464
1465 /* Make sure we have enough of the packet */
1466 len_needed = ip_hdr_length + ICMPH_SIZE +
1467 3 * sizeof (uint32_t);
1468
1469 if (mp->b_wptr - mp->b_rptr < len_needed) {
1470 ipha = ip_pullup(mp, len_needed, ira);
1471 if (ipha == NULL) {
1472 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1473 ip_drop_input("ipIfStatsInDiscards - ip_pullup",
1474 mp, ill);
1475 freemsg(mp);
1476 return (NULL);
1477 }
1478 /* Refresh following the pullup. */
1479 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1480 }
1481 BUMP_MIB(&ipst->ips_icmp_mib, icmpInTimestamps);
1482 /* Check db_ref to make sure we can modify the packet. */
1483 if (mp->b_datap->db_ref > 1) {
1484 mblk_t *mp1;
1485
1486 mp1 = copymsg(mp);
1487 freemsg(mp);
1488 if (!mp1) {
1489 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops);
1490 return (NULL);
1491 }
1492 mp = mp1;
1493 ipha = (ipha_t *)mp->b_rptr;
1494 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1495 }
1496 icmph->icmph_type = ICMP_TIME_STAMP_REPLY;
1497 tsp = (uint32_t *)&icmph[1];
1498 tsp++; /* Skip past 'originate time' */
1499 /* Compute # of milliseconds since midnight */
1500 gethrestime(&now);
1501 ts = (now.tv_sec % (24 * 60 * 60)) * 1000 +
1502 now.tv_nsec / (NANOSEC / MILLISEC);
1503 *tsp++ = htonl(ts); /* Lay in 'receive time' */
1504 *tsp++ = htonl(ts); /* Lay in 'send time' */
1505 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutTimestampReps);
1506 icmp_send_reply_v4(mp, ipha, icmph, ira);
1507 return (NULL);
1508
1509 case ICMP_TIME_STAMP_REPLY:
1510 BUMP_MIB(&ipst->ips_icmp_mib, icmpInTimestampReps);
1511 break;
1512 case ICMP_INFO_REQUEST:
1513 /* Per RFC 1122 3.2.2.7, ignore this. */
1514 case ICMP_INFO_REPLY:
1515 break;
1516 case ICMP_ADDRESS_MASK_REQUEST:
1517 if (ira->ira_flags & IRAF_MULTIBROADCAST) {
1518 interested =
1519 ipst->ips_ip_respond_to_address_mask_broadcast;
1520 } else {
1521 interested = B_TRUE;
1522 }
1523 if (!interested) {
1524 /* We never pass these to RAW sockets */
1525 freemsg(mp);
1526 return (NULL);
1527 }
1528 len_needed = ip_hdr_length + ICMPH_SIZE + IP_ADDR_LEN;
1529 if (mp->b_wptr - mp->b_rptr < len_needed) {
1530 ipha = ip_pullup(mp, len_needed, ira);
1531 if (ipha == NULL) {
1532 BUMP_MIB(ill->ill_ip_mib,
1533 ipIfStatsInTruncatedPkts);
1534 ip_drop_input("ipIfStatsInTruncatedPkts", mp,
1535 ill);
1536 freemsg(mp);
1537 return (NULL);
1538 }
1539 /* Refresh following the pullup. */
1540 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1541 }
1542 BUMP_MIB(&ipst->ips_icmp_mib, icmpInAddrMasks);
1543 /* Check db_ref to make sure we can modify the packet. */
1544 if (mp->b_datap->db_ref > 1) {
1545 mblk_t *mp1;
1546
1547 mp1 = copymsg(mp);
1548 freemsg(mp);
1549 if (!mp1) {
1550 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops);
1551 return (NULL);
1552 }
1553 mp = mp1;
1554 ipha = (ipha_t *)mp->b_rptr;
1555 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1556 }
1557 /*
1558 * Need the ipif with the mask be the same as the source
1559 * address of the mask reply. For unicast we have a specific
1560 * ipif. For multicast/broadcast we only handle onlink
1561 * senders, and use the source address to pick an ipif.
1562 */
1563 ipif = ipif_lookup_addr(ipha->ipha_dst, ill, zoneid, ipst);
1564 if (ipif == NULL) {
1565 /* Broadcast or multicast */
1566 ipif = ipif_lookup_remote(ill, ipha->ipha_src, zoneid);
1567 if (ipif == NULL) {
1568 freemsg(mp);
1569 return (NULL);
1570 }
1571 }
1572 icmph->icmph_type = ICMP_ADDRESS_MASK_REPLY;
1573 bcopy(&ipif->ipif_net_mask, &icmph[1], IP_ADDR_LEN);
1574 ipif_refrele(ipif);
1575 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutAddrMaskReps);
1576 icmp_send_reply_v4(mp, ipha, icmph, ira);
1577 return (NULL);
1578
1579 case ICMP_ADDRESS_MASK_REPLY:
1580 BUMP_MIB(&ipst->ips_icmp_mib, icmpInAddrMaskReps);
1581 break;
1582 default:
1583 interested = B_TRUE; /* Pass up to transport */
1584 BUMP_MIB(&ipst->ips_icmp_mib, icmpInUnknowns);
1585 break;
1586 }
1587 /*
1588 * See if there is an ICMP client to avoid an extra copymsg/freemsg
1589 * if there isn't one.
1590 */
1591 if (ipst->ips_ipcl_proto_fanout_v4[IPPROTO_ICMP].connf_head != NULL) {
1592 /* If there is an ICMP client and we want one too, copy it. */
1593
1594 if (!interested) {
1595 /* Caller will deliver to RAW sockets */
1596 return (mp);
1597 }
1598 mp_ret = copymsg(mp);
1599 if (mp_ret == NULL) {
1600 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1601 ip_drop_input("ipIfStatsInDiscards - copymsg", mp, ill);
1602 }
1603 } else if (!interested) {
1604 /* Neither we nor raw sockets are interested. Drop packet now */
1605 freemsg(mp);
1606 return (NULL);
1607 }
1608
1609 /*
1610 * ICMP error or redirect packet. Make sure we have enough of
1611 * the header and that db_ref == 1 since we might end up modifying
1612 * the packet.
1613 */
1614 if (mp->b_cont != NULL) {
1615 if (ip_pullup(mp, -1, ira) == NULL) {
1616 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1617 ip_drop_input("ipIfStatsInDiscards - ip_pullup",
1618 mp, ill);
1619 freemsg(mp);
1620 return (mp_ret);
1621 }
1622 }
1623
1624 if (mp->b_datap->db_ref > 1) {
1625 mblk_t *mp1;
1626
1627 mp1 = copymsg(mp);
1628 if (mp1 == NULL) {
1629 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1630 ip_drop_input("ipIfStatsInDiscards - copymsg", mp, ill);
1631 freemsg(mp);
1632 return (mp_ret);
1633 }
1634 freemsg(mp);
1635 mp = mp1;
1636 }
1637
1638 /*
1639 * In case mp has changed, verify the message before any further
1640 * processes.
1641 */
1642 ipha = (ipha_t *)mp->b_rptr;
1643 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1644 if (!icmp_inbound_verify_v4(mp, icmph, ira)) {
1645 freemsg(mp);
1646 return (mp_ret);
1647 }
1648
1649 switch (icmph->icmph_type) {
1650 case ICMP_REDIRECT:
1651 icmp_redirect_v4(mp, ipha, icmph, ira);
1652 break;
1653 case ICMP_DEST_UNREACHABLE:
1654 if (icmph->icmph_code == ICMP_FRAGMENTATION_NEEDED) {
1655 /* Update DCE and adjust MTU is icmp header if needed */
1656 icmp_inbound_too_big_v4(icmph, ira);
1657 }
1658 /* FALLTHRU */
1659 default:
1660 icmp_inbound_error_fanout_v4(mp, icmph, ira);
1661 break;
1662 }
1663 return (mp_ret);
1664 }
1665
1666 /*
1667 * Send an ICMP echo, timestamp or address mask reply.
1668 * The caller has already updated the payload part of the packet.
1669 * We handle the ICMP checksum, IP source address selection and feed
1670 * the packet into ip_output_simple.
1671 */
1672 static void
1673 icmp_send_reply_v4(mblk_t *mp, ipha_t *ipha, icmph_t *icmph,
1674 ip_recv_attr_t *ira)
1675 {
1676 uint_t ip_hdr_length = ira->ira_ip_hdr_length;
1677 ill_t *ill = ira->ira_ill;
1678 ip_stack_t *ipst = ill->ill_ipst;
1679 ip_xmit_attr_t ixas;
1680
1681 /* Send out an ICMP packet */
1682 icmph->icmph_checksum = 0;
1683 icmph->icmph_checksum = IP_CSUM(mp, ip_hdr_length, 0);
1684 /* Reset time to live. */
1685 ipha->ipha_ttl = ipst->ips_ip_def_ttl;
1686 {
1687 /* Swap source and destination addresses */
1688 ipaddr_t tmp;
1689
1690 tmp = ipha->ipha_src;
1691 ipha->ipha_src = ipha->ipha_dst;
1692 ipha->ipha_dst = tmp;
1693 }
1694 ipha->ipha_ident = 0;
1695 if (!IS_SIMPLE_IPH(ipha))
1696 icmp_options_update(ipha);
1697
1698 bzero(&ixas, sizeof (ixas));
1699 ixas.ixa_flags = IXAF_BASIC_SIMPLE_V4;
1700 ixas.ixa_zoneid = ira->ira_zoneid;
1701 ixas.ixa_cred = kcred;
1702 ixas.ixa_cpid = NOPID;
1703 ixas.ixa_tsl = ira->ira_tsl; /* Behave as a multi-level responder */
1704 ixas.ixa_ifindex = 0;
1705 ixas.ixa_ipst = ipst;
1706 ixas.ixa_multicast_ttl = IP_DEFAULT_MULTICAST_TTL;
1707
1708 if (!(ira->ira_flags & IRAF_IPSEC_SECURE)) {
1709 /*
1710 * This packet should go out the same way as it
1711 * came in i.e in clear, independent of the IPsec policy
1712 * for transmitting packets.
1713 */
1714 ixas.ixa_flags |= IXAF_NO_IPSEC;
1715 } else {
1716 if (!ipsec_in_to_out(ira, &ixas, mp, ipha, NULL)) {
1717 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1718 /* Note: mp already consumed and ip_drop_packet done */
1719 return;
1720 }
1721 }
1722 if (ira->ira_flags & IRAF_MULTIBROADCAST) {
1723 /*
1724 * Not one or our addresses (IRE_LOCALs), thus we let
1725 * ip_output_simple pick the source.
1726 */
1727 ipha->ipha_src = INADDR_ANY;
1728 ixas.ixa_flags |= IXAF_SET_SOURCE;
1729 }
1730 /* Should we send with DF and use dce_pmtu? */
1731 if (ipst->ips_ipv4_icmp_return_pmtu) {
1732 ixas.ixa_flags |= IXAF_PMTU_DISCOVERY;
1733 ipha->ipha_fragment_offset_and_flags |= IPH_DF_HTONS;
1734 }
1735
1736 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutMsgs);
1737
1738 (void) ip_output_simple(mp, &ixas);
1739 ixa_cleanup(&ixas);
1740 }
1741
1742 /*
1743 * Verify the ICMP messages for either for ICMP error or redirect packet.
1744 * The caller should have fully pulled up the message. If it's a redirect
1745 * packet, only basic checks on IP header will be done; otherwise, verify
1746 * the packet by looking at the included ULP header.
1747 *
1748 * Called before icmp_inbound_error_fanout_v4 is called.
1749 */
1750 static boolean_t
1751 icmp_inbound_verify_v4(mblk_t *mp, icmph_t *icmph, ip_recv_attr_t *ira)
1752 {
1753 ill_t *ill = ira->ira_ill;
1754 int hdr_length;
1755 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
1756 conn_t *connp;
1757 ipha_t *ipha; /* Inner IP header */
1758
1759 ipha = (ipha_t *)&icmph[1];
1760 if ((uchar_t *)ipha + IP_SIMPLE_HDR_LENGTH > mp->b_wptr)
1761 goto truncated;
1762
1763 hdr_length = IPH_HDR_LENGTH(ipha);
1764
1765 if ((IPH_HDR_VERSION(ipha) != IPV4_VERSION))
1766 goto discard_pkt;
1767
1768 if (hdr_length < sizeof (ipha_t))
1769 goto truncated;
1770
1771 if ((uchar_t *)ipha + hdr_length > mp->b_wptr)
1772 goto truncated;
1773
1774 /*
1775 * Stop here for ICMP_REDIRECT.
1776 */
1777 if (icmph->icmph_type == ICMP_REDIRECT)
1778 return (B_TRUE);
1779
1780 /*
1781 * ICMP errors only.
1782 */
1783 switch (ipha->ipha_protocol) {
1784 case IPPROTO_UDP:
1785 /*
1786 * Verify we have at least ICMP_MIN_TP_HDR_LEN bytes of
1787 * transport header.
1788 */
1789 if ((uchar_t *)ipha + hdr_length + ICMP_MIN_TP_HDR_LEN >
1790 mp->b_wptr)
1791 goto truncated;
1792 break;
1793 case IPPROTO_TCP: {
1794 tcpha_t *tcpha;
1795
1796 /*
1797 * Verify we have at least ICMP_MIN_TP_HDR_LEN bytes of
1798 * transport header.
1799 */
1800 if ((uchar_t *)ipha + hdr_length + ICMP_MIN_TP_HDR_LEN >
1801 mp->b_wptr)
1802 goto truncated;
1803
1804 tcpha = (tcpha_t *)((uchar_t *)ipha + hdr_length);
1805 connp = ipcl_tcp_lookup_reversed_ipv4(ipha, tcpha, TCPS_LISTEN,
1806 ipst);
1807 if (connp == NULL)
1808 goto discard_pkt;
1809
1810 if ((connp->conn_verifyicmp != NULL) &&
1811 !connp->conn_verifyicmp(connp, tcpha, icmph, NULL, ira)) {
1812 CONN_DEC_REF(connp);
1813 goto discard_pkt;
1814 }
1815 CONN_DEC_REF(connp);
1816 break;
1817 }
1818 case IPPROTO_SCTP:
1819 /*
1820 * Verify we have at least ICMP_MIN_TP_HDR_LEN bytes of
1821 * transport header.
1822 */
1823 if ((uchar_t *)ipha + hdr_length + ICMP_MIN_TP_HDR_LEN >
1824 mp->b_wptr)
1825 goto truncated;
1826 break;
1827 case IPPROTO_ESP:
1828 case IPPROTO_AH:
1829 break;
1830 case IPPROTO_ENCAP:
1831 if ((uchar_t *)ipha + hdr_length + sizeof (ipha_t) >
1832 mp->b_wptr)
1833 goto truncated;
1834 break;
1835 default:
1836 break;
1837 }
1838
1839 return (B_TRUE);
1840
1841 discard_pkt:
1842 /* Bogus ICMP error. */
1843 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1844 return (B_FALSE);
1845
1846 truncated:
1847 /* We pulled up everthing already. Must be truncated */
1848 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts);
1849 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill);
1850 return (B_FALSE);
1851 }
1852
1853 /* Table from RFC 1191 */
1854 static int icmp_frag_size_table[] =
1855 { 32000, 17914, 8166, 4352, 2002, 1496, 1006, 508, 296, 68 };
1856
1857 /*
1858 * Process received ICMP Packet too big.
1859 * Just handles the DCE create/update, including using the above table of
1860 * PMTU guesses. The caller is responsible for validating the packet before
1861 * passing it in and also to fanout the ICMP error to any matching transport
1862 * conns. Assumes the message has been fully pulled up and verified.
1863 *
1864 * Before getting here, the caller has called icmp_inbound_verify_v4()
1865 * that should have verified with ULP to prevent undoing the changes we're
1866 * going to make to DCE. For example, TCP might have verified that the packet
1867 * which generated error is in the send window.
1868 *
1869 * In some cases modified this MTU in the ICMP header packet; the caller
1870 * should pass to the matching ULP after this returns.
1871 */
1872 static void
1873 icmp_inbound_too_big_v4(icmph_t *icmph, ip_recv_attr_t *ira)
1874 {
1875 dce_t *dce;
1876 int old_mtu;
1877 int mtu, orig_mtu;
1878 ipaddr_t dst;
1879 boolean_t disable_pmtud;
1880 ill_t *ill = ira->ira_ill;
1881 ip_stack_t *ipst = ill->ill_ipst;
1882 uint_t hdr_length;
1883 ipha_t *ipha;
1884
1885 /* Caller already pulled up everything. */
1886 ipha = (ipha_t *)&icmph[1];
1887 ASSERT(icmph->icmph_type == ICMP_DEST_UNREACHABLE &&
1888 icmph->icmph_code == ICMP_FRAGMENTATION_NEEDED);
1889 ASSERT(ill != NULL);
1890
1891 hdr_length = IPH_HDR_LENGTH(ipha);
1892
1893 /*
1894 * We handle path MTU for source routed packets since the DCE
1895 * is looked up using the final destination.
1896 */
1897 dst = ip_get_dst(ipha);
1898
1899 dce = dce_lookup_and_add_v4(dst, ipst);
1900 if (dce == NULL) {
1901 /* Couldn't add a unique one - ENOMEM */
1902 ip1dbg(("icmp_inbound_too_big_v4: no dce for 0x%x\n",
1903 ntohl(dst)));
1904 return;
1905 }
1906
1907 /* Check for MTU discovery advice as described in RFC 1191 */
1908 mtu = ntohs(icmph->icmph_du_mtu);
1909 orig_mtu = mtu;
1910 disable_pmtud = B_FALSE;
1911
1912 mutex_enter(&dce->dce_lock);
1913 if (dce->dce_flags & DCEF_PMTU)
1914 old_mtu = dce->dce_pmtu;
1915 else
1916 old_mtu = ill->ill_mtu;
1917
1918 if (icmph->icmph_du_zero != 0 || mtu < ipst->ips_ip_pmtu_min) {
1919 uint32_t length;
1920 int i;
1921
1922 /*
1923 * Use the table from RFC 1191 to figure out
1924 * the next "plateau" based on the length in
1925 * the original IP packet.
1926 */
1927 length = ntohs(ipha->ipha_length);
1928 DTRACE_PROBE2(ip4__pmtu__guess, dce_t *, dce,
1929 uint32_t, length);
1930 if (old_mtu <= length &&
1931 old_mtu >= length - hdr_length) {
1932 /*
1933 * Handle broken BSD 4.2 systems that
1934 * return the wrong ipha_length in ICMP
1935 * errors.
1936 */
1937 ip1dbg(("Wrong mtu: sent %d, dce %d\n",
1938 length, old_mtu));
1939 length -= hdr_length;
1940 }
1941 for (i = 0; i < A_CNT(icmp_frag_size_table); i++) {
1942 if (length > icmp_frag_size_table[i])
1943 break;
1944 }
1945 if (i == A_CNT(icmp_frag_size_table)) {
1946 /* Smaller than IP_MIN_MTU! */
1947 ip1dbg(("Too big for packet size %d\n",
1948 length));
1949 disable_pmtud = B_TRUE;
1950 mtu = ipst->ips_ip_pmtu_min;
1951 } else {
1952 mtu = icmp_frag_size_table[i];
1953 ip1dbg(("Calculated mtu %d, packet size %d, "
1954 "before %d\n", mtu, length, old_mtu));
1955 if (mtu < ipst->ips_ip_pmtu_min) {
1956 mtu = ipst->ips_ip_pmtu_min;
1957 disable_pmtud = B_TRUE;
1958 }
1959 }
1960 }
1961 if (disable_pmtud)
1962 dce->dce_flags |= DCEF_TOO_SMALL_PMTU;
1963 else
1964 dce->dce_flags &= ~DCEF_TOO_SMALL_PMTU;
1965
1966 dce->dce_pmtu = MIN(old_mtu, mtu);
1967 /* Prepare to send the new max frag size for the ULP. */
1968 icmph->icmph_du_zero = 0;
1969 icmph->icmph_du_mtu = htons((uint16_t)dce->dce_pmtu);
1970 DTRACE_PROBE4(ip4__pmtu__change, icmph_t *, icmph, dce_t *,
1971 dce, int, orig_mtu, int, mtu);
1972
1973 /* We now have a PMTU for sure */
1974 dce->dce_flags |= DCEF_PMTU;
1975 dce->dce_last_change_time = TICK_TO_SEC(ddi_get_lbolt64());
1976 mutex_exit(&dce->dce_lock);
1977 /*
1978 * After dropping the lock the new value is visible to everyone.
1979 * Then we bump the generation number so any cached values reinspect
1980 * the dce_t.
1981 */
1982 dce_increment_generation(dce);
1983 dce_refrele(dce);
1984 }
1985
1986 /*
1987 * If the packet in error is Self-Encapsulated, icmp_inbound_error_fanout_v4
1988 * calls this function.
1989 */
1990 static mblk_t *
1991 icmp_inbound_self_encap_error_v4(mblk_t *mp, ipha_t *ipha, ipha_t *in_ipha)
1992 {
1993 int length;
1994
1995 ASSERT(mp->b_datap->db_type == M_DATA);
1996
1997 /* icmp_inbound_v4 has already pulled up the whole error packet */
1998 ASSERT(mp->b_cont == NULL);
1999
2000 /*
2001 * The length that we want to overlay is the inner header
2002 * and what follows it.
2003 */
2004 length = msgdsize(mp) - ((uchar_t *)in_ipha - mp->b_rptr);
2005
2006 /*
2007 * Overlay the inner header and whatever follows it over the
2008 * outer header.
2009 */
2010 bcopy((uchar_t *)in_ipha, (uchar_t *)ipha, length);
2011
2012 /* Adjust for what we removed */
2013 mp->b_wptr -= (uchar_t *)in_ipha - (uchar_t *)ipha;
2014 return (mp);
2015 }
2016
2017 /*
2018 * Try to pass the ICMP message upstream in case the ULP cares.
2019 *
2020 * If the packet that caused the ICMP error is secure, we send
2021 * it to AH/ESP to make sure that the attached packet has a
2022 * valid association. ipha in the code below points to the
2023 * IP header of the packet that caused the error.
2024 *
2025 * For IPsec cases, we let the next-layer-up (which has access to
2026 * cached policy on the conn_t, or can query the SPD directly)
2027 * subtract out any IPsec overhead if they must. We therefore make no
2028 * adjustments here for IPsec overhead.
2029 *
2030 * IFN could have been generated locally or by some router.
2031 *
2032 * LOCAL : ire_send_wire (before calling ipsec_out_process) can call
2033 * icmp_frag_needed/icmp_pkt2big_v6 to generated a local IFN.
2034 * This happens because IP adjusted its value of MTU on an
2035 * earlier IFN message and could not tell the upper layer,
2036 * the new adjusted value of MTU e.g. Packet was encrypted
2037 * or there was not enough information to fanout to upper
2038 * layers. Thus on the next outbound datagram, ire_send_wire
2039 * generates the IFN, where IPsec processing has *not* been
2040 * done.
2041 *
2042 * Note that we retain ixa_fragsize across IPsec thus once
2043 * we have picking ixa_fragsize and entered ipsec_out_process we do
2044 * no change the fragsize even if the path MTU changes before
2045 * we reach ip_output_post_ipsec.
2046 *
2047 * In the local case, IRAF_LOOPBACK will be set indicating
2048 * that IFN was generated locally.
2049 *
2050 * ROUTER : IFN could be secure or non-secure.
2051 *
2052 * * SECURE : We use the IPSEC_IN to fanout to AH/ESP if the
2053 * packet in error has AH/ESP headers to validate the AH/ESP
2054 * headers. AH/ESP will verify whether there is a valid SA or
2055 * not and send it back. We will fanout again if we have more
2056 * data in the packet.
2057 *
2058 * If the packet in error does not have AH/ESP, we handle it
2059 * like any other case.
2060 *
2061 * * NON_SECURE : If the packet in error has AH/ESP headers, we send it
2062 * up to AH/ESP for validation. AH/ESP will verify whether there is a
2063 * valid SA or not and send it back. We will fanout again if
2064 * we have more data in the packet.
2065 *
2066 * If the packet in error does not have AH/ESP, we handle it
2067 * like any other case.
2068 *
2069 * The caller must have called icmp_inbound_verify_v4.
2070 */
2071 static void
2072 icmp_inbound_error_fanout_v4(mblk_t *mp, icmph_t *icmph, ip_recv_attr_t *ira)
2073 {
2074 uint16_t *up; /* Pointer to ports in ULP header */
2075 uint32_t ports; /* reversed ports for fanout */
2076 ipha_t ripha; /* With reversed addresses */
2077 ipha_t *ipha; /* Inner IP header */
2078 uint_t hdr_length; /* Inner IP header length */
2079 tcpha_t *tcpha;
2080 conn_t *connp;
2081 ill_t *ill = ira->ira_ill;
2082 ip_stack_t *ipst = ill->ill_ipst;
2083 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec;
2084 ill_t *rill = ira->ira_rill;
2085
2086 /* Caller already pulled up everything. */
2087 ipha = (ipha_t *)&icmph[1];
2088 ASSERT((uchar_t *)&ipha[1] <= mp->b_wptr);
2089 ASSERT(mp->b_cont == NULL);
2090
2091 hdr_length = IPH_HDR_LENGTH(ipha);
2092 ira->ira_protocol = ipha->ipha_protocol;
2093
2094 /*
2095 * We need a separate IP header with the source and destination
2096 * addresses reversed to do fanout/classification because the ipha in
2097 * the ICMP error is in the form we sent it out.
2098 */
2099 ripha.ipha_src = ipha->ipha_dst;
2100 ripha.ipha_dst = ipha->ipha_src;
2101 ripha.ipha_protocol = ipha->ipha_protocol;
2102 ripha.ipha_version_and_hdr_length = ipha->ipha_version_and_hdr_length;
2103
2104 ip2dbg(("icmp_inbound_error_v4: proto %d %x to %x: %d/%d\n",
2105 ripha.ipha_protocol, ntohl(ipha->ipha_src),
2106 ntohl(ipha->ipha_dst),
2107 icmph->icmph_type, icmph->icmph_code));
2108
2109 switch (ipha->ipha_protocol) {
2110 case IPPROTO_UDP:
2111 up = (uint16_t *)((uchar_t *)ipha + hdr_length);
2112
2113 /* Attempt to find a client stream based on port. */
2114 ip2dbg(("icmp_inbound_error_v4: UDP ports %d to %d\n",
2115 ntohs(up[0]), ntohs(up[1])));
2116
2117 /* Note that we send error to all matches. */
2118 ira->ira_flags |= IRAF_ICMP_ERROR;
2119 ip_fanout_udp_multi_v4(mp, &ripha, up[0], up[1], ira);
2120 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2121 return;
2122
2123 case IPPROTO_TCP:
2124 /*
2125 * Find a TCP client stream for this packet.
2126 * Note that we do a reverse lookup since the header is
2127 * in the form we sent it out.
2128 */
2129 tcpha = (tcpha_t *)((uchar_t *)ipha + hdr_length);
2130 connp = ipcl_tcp_lookup_reversed_ipv4(ipha, tcpha, TCPS_LISTEN,
2131 ipst);
2132 if (connp == NULL)
2133 goto discard_pkt;
2134
2135 if (CONN_INBOUND_POLICY_PRESENT(connp, ipss) ||
2136 (ira->ira_flags & IRAF_IPSEC_SECURE)) {
2137 mp = ipsec_check_inbound_policy(mp, connp,
2138 ipha, NULL, ira);
2139 if (mp == NULL) {
2140 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
2141 /* Note that mp is NULL */
2142 ip_drop_input("ipIfStatsInDiscards", mp, ill);
2143 CONN_DEC_REF(connp);
2144 return;
2145 }
2146 }
2147
2148 ira->ira_flags |= IRAF_ICMP_ERROR;
2149 ira->ira_ill = ira->ira_rill = NULL;
2150 if (IPCL_IS_TCP(connp)) {
2151 SQUEUE_ENTER_ONE(connp->conn_sqp, mp,
2152 connp->conn_recvicmp, connp, ira, SQ_FILL,
2153 SQTAG_TCP_INPUT_ICMP_ERR);
2154 } else {
2155 /* Not TCP; must be SOCK_RAW, IPPROTO_TCP */
2156 (connp->conn_recv)(connp, mp, NULL, ira);
2157 CONN_DEC_REF(connp);
2158 }
2159 ira->ira_ill = ill;
2160 ira->ira_rill = rill;
2161 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2162 return;
2163
2164 case IPPROTO_SCTP:
2165 up = (uint16_t *)((uchar_t *)ipha + hdr_length);
2166 /* Find a SCTP client stream for this packet. */
2167 ((uint16_t *)&ports)[0] = up[1];
2168 ((uint16_t *)&ports)[1] = up[0];
2169
2170 ira->ira_flags |= IRAF_ICMP_ERROR;
2171 ip_fanout_sctp(mp, &ripha, NULL, ports, ira);
2172 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2173 return;
2174
2175 case IPPROTO_ESP:
2176 case IPPROTO_AH:
2177 if (!ipsec_loaded(ipss)) {
2178 ip_proto_not_sup(mp, ira);
2179 return;
2180 }
2181
2182 if (ipha->ipha_protocol == IPPROTO_ESP)
2183 mp = ipsecesp_icmp_error(mp, ira);
2184 else
2185 mp = ipsecah_icmp_error(mp, ira);
2186 if (mp == NULL)
2187 return;
2188
2189 /* Just in case ipsec didn't preserve the NULL b_cont */
2190 if (mp->b_cont != NULL) {
2191 if (!pullupmsg(mp, -1))
2192 goto discard_pkt;
2193 }
2194
2195 /*
2196 * Note that ira_pktlen and ira_ip_hdr_length are no longer
2197 * correct, but we don't use them any more here.
2198 *
2199 * If succesful, the mp has been modified to not include
2200 * the ESP/AH header so we can fanout to the ULP's icmp
2201 * error handler.
2202 */
2203 if (mp->b_wptr - mp->b_rptr < IP_SIMPLE_HDR_LENGTH)
2204 goto truncated;
2205
2206 /* Verify the modified message before any further processes. */
2207 ipha = (ipha_t *)mp->b_rptr;
2208 hdr_length = IPH_HDR_LENGTH(ipha);
2209 icmph = (icmph_t *)&mp->b_rptr[hdr_length];
2210 if (!icmp_inbound_verify_v4(mp, icmph, ira)) {
2211 freemsg(mp);
2212 return;
2213 }
2214
2215 icmp_inbound_error_fanout_v4(mp, icmph, ira);
2216 return;
2217
2218 case IPPROTO_ENCAP: {
2219 /* Look for self-encapsulated packets that caused an error */
2220 ipha_t *in_ipha;
2221
2222 /*
2223 * Caller has verified that length has to be
2224 * at least the size of IP header.
2225 */
2226 ASSERT(hdr_length >= sizeof (ipha_t));
2227 /*
2228 * Check the sanity of the inner IP header like
2229 * we did for the outer header.
2230 */
2231 in_ipha = (ipha_t *)((uchar_t *)ipha + hdr_length);
2232 if ((IPH_HDR_VERSION(in_ipha) != IPV4_VERSION)) {
2233 goto discard_pkt;
2234 }
2235 if (IPH_HDR_LENGTH(in_ipha) < sizeof (ipha_t)) {
2236 goto discard_pkt;
2237 }
2238 /* Check for Self-encapsulated tunnels */
2239 if (in_ipha->ipha_src == ipha->ipha_src &&
2240 in_ipha->ipha_dst == ipha->ipha_dst) {
2241
2242 mp = icmp_inbound_self_encap_error_v4(mp, ipha,
2243 in_ipha);
2244 if (mp == NULL)
2245 goto discard_pkt;
2246
2247 /*
2248 * Just in case self_encap didn't preserve the NULL
2249 * b_cont
2250 */
2251 if (mp->b_cont != NULL) {
2252 if (!pullupmsg(mp, -1))
2253 goto discard_pkt;
2254 }
2255 /*
2256 * Note that ira_pktlen and ira_ip_hdr_length are no
2257 * longer correct, but we don't use them any more here.
2258 */
2259 if (mp->b_wptr - mp->b_rptr < IP_SIMPLE_HDR_LENGTH)
2260 goto truncated;
2261
2262 /*
2263 * Verify the modified message before any further
2264 * processes.
2265 */
2266 ipha = (ipha_t *)mp->b_rptr;
2267 hdr_length = IPH_HDR_LENGTH(ipha);
2268 icmph = (icmph_t *)&mp->b_rptr[hdr_length];
2269 if (!icmp_inbound_verify_v4(mp, icmph, ira)) {
2270 freemsg(mp);
2271 return;
2272 }
2273
2274 /*
2275 * The packet in error is self-encapsualted.
2276 * And we are finding it further encapsulated
2277 * which we could not have possibly generated.
2278 */
2279 if (ipha->ipha_protocol == IPPROTO_ENCAP) {
2280 goto discard_pkt;
2281 }
2282 icmp_inbound_error_fanout_v4(mp, icmph, ira);
2283 return;
2284 }
2285 /* No self-encapsulated */
2286 /* FALLTHRU */
2287 }
2288 case IPPROTO_IPV6:
2289 if ((connp = ipcl_iptun_classify_v4(&ripha.ipha_src,
2290 &ripha.ipha_dst, ipst)) != NULL) {
2291 ira->ira_flags |= IRAF_ICMP_ERROR;
2292 connp->conn_recvicmp(connp, mp, NULL, ira);
2293 CONN_DEC_REF(connp);
2294 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2295 return;
2296 }
2297 /*
2298 * No IP tunnel is interested, fallthrough and see
2299 * if a raw socket will want it.
2300 */
2301 /* FALLTHRU */
2302 default:
2303 ira->ira_flags |= IRAF_ICMP_ERROR;
2304 ip_fanout_proto_v4(mp, &ripha, ira);
2305 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2306 return;
2307 }
2308 /* NOTREACHED */
2309 discard_pkt:
2310 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
2311 ip1dbg(("icmp_inbound_error_fanout_v4: drop pkt\n"));
2312 ip_drop_input("ipIfStatsInDiscards", mp, ill);
2313 freemsg(mp);
2314 return;
2315
2316 truncated:
2317 /* We pulled up everthing already. Must be truncated */
2318 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts);
2319 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill);
2320 freemsg(mp);
2321 }
2322
2323 /*
2324 * Common IP options parser.
2325 *
2326 * Setup routine: fill in *optp with options-parsing state, then
2327 * tail-call ipoptp_next to return the first option.
2328 */
2329 uint8_t
2330 ipoptp_first(ipoptp_t *optp, ipha_t *ipha)
2331 {
2332 uint32_t totallen; /* total length of all options */
2333
2334 totallen = ipha->ipha_version_and_hdr_length -
2335 (uint8_t)((IP_VERSION << 4) + IP_SIMPLE_HDR_LENGTH_IN_WORDS);
2336 totallen <<= 2;
2337 optp->ipoptp_next = (uint8_t *)(&ipha[1]);
2338 optp->ipoptp_end = optp->ipoptp_next + totallen;
2339 optp->ipoptp_flags = 0;
2340 return (ipoptp_next(optp));
2341 }
2342
2343 /* Like above but without an ipha_t */
2344 uint8_t
2345 ipoptp_first2(ipoptp_t *optp, uint32_t totallen, uint8_t *opt)
2346 {
2347 optp->ipoptp_next = opt;
2348 optp->ipoptp_end = optp->ipoptp_next + totallen;
2349 optp->ipoptp_flags = 0;
2350 return (ipoptp_next(optp));
2351 }
2352
2353 /*
2354 * Common IP options parser: extract next option.
2355 */
2356 uint8_t
2357 ipoptp_next(ipoptp_t *optp)
2358 {
2359 uint8_t *end = optp->ipoptp_end;
2360 uint8_t *cur = optp->ipoptp_next;
2361 uint8_t opt, len, pointer;
2362
2363 /*
2364 * If cur > end already, then the ipoptp_end or ipoptp_next pointer
2365 * has been corrupted.
2366 */
2367 ASSERT(cur <= end);
2368
2369 if (cur == end)
2370 return (IPOPT_EOL);
2371
2372 opt = cur[IPOPT_OPTVAL];
2373
2374 /*
2375 * Skip any NOP options.
2376 */
2377 while (opt == IPOPT_NOP) {
2378 cur++;
2379 if (cur == end)
2380 return (IPOPT_EOL);
2381 opt = cur[IPOPT_OPTVAL];
2382 }
2383
2384 if (opt == IPOPT_EOL)
2385 return (IPOPT_EOL);
2386
2387 /*
2388 * Option requiring a length.
2389 */
2390 if ((cur + 1) >= end) {
2391 optp->ipoptp_flags |= IPOPTP_ERROR;
2392 return (IPOPT_EOL);
2393 }
2394 len = cur[IPOPT_OLEN];
2395 if (len < 2) {
2396 optp->ipoptp_flags |= IPOPTP_ERROR;
2397 return (IPOPT_EOL);
2398 }
2399 optp->ipoptp_cur = cur;
2400 optp->ipoptp_len = len;
2401 optp->ipoptp_next = cur + len;
2402 if (cur + len > end) {
2403 optp->ipoptp_flags |= IPOPTP_ERROR;
2404 return (IPOPT_EOL);
2405 }
2406
2407 /*
2408 * For the options which require a pointer field, make sure
2409 * its there, and make sure it points to either something
2410 * inside this option, or the end of the option.
2411 */
2412 switch (opt) {
2413 case IPOPT_RR:
2414 case IPOPT_TS:
2415 case IPOPT_LSRR:
2416 case IPOPT_SSRR:
2417 if (len <= IPOPT_OFFSET) {
2418 optp->ipoptp_flags |= IPOPTP_ERROR;
2419 return (opt);
2420 }
2421 pointer = cur[IPOPT_OFFSET];
2422 if (pointer - 1 > len) {
2423 optp->ipoptp_flags |= IPOPTP_ERROR;
2424 return (opt);
2425 }
2426 break;
2427 }
2428
2429 /*
2430 * Sanity check the pointer field based on the type of the
2431 * option.
2432 */
2433 switch (opt) {
2434 case IPOPT_RR:
2435 case IPOPT_SSRR:
2436 case IPOPT_LSRR:
2437 if (pointer < IPOPT_MINOFF_SR)
2438 optp->ipoptp_flags |= IPOPTP_ERROR;
2439 break;
2440 case IPOPT_TS:
2441 if (pointer < IPOPT_MINOFF_IT)
2442 optp->ipoptp_flags |= IPOPTP_ERROR;
2443 /*
2444 * Note that the Internet Timestamp option also
2445 * contains two four bit fields (the Overflow field,
2446 * and the Flag field), which follow the pointer
2447 * field. We don't need to check that these fields
2448 * fall within the length of the option because this
2449 * was implicitely done above. We've checked that the
2450 * pointer value is at least IPOPT_MINOFF_IT, and that
2451 * it falls within the option. Since IPOPT_MINOFF_IT >
2452 * IPOPT_POS_OV_FLG, we don't need the explicit check.
2453 */
2454 ASSERT(len > IPOPT_POS_OV_FLG);
2455 break;
2456 }
2457
2458 return (opt);
2459 }
2460
2461 /*
2462 * Use the outgoing IP header to create an IP_OPTIONS option the way
2463 * it was passed down from the application.
2464 *
2465 * This is compatible with BSD in that it returns
2466 * the reverse source route with the final destination
2467 * as the last entry. The first 4 bytes of the option
2468 * will contain the final destination.
2469 */
2470 int
2471 ip_opt_get_user(conn_t *connp, uchar_t *buf)
2472 {
2473 ipoptp_t opts;
2474 uchar_t *opt;
2475 uint8_t optval;
2476 uint8_t optlen;
2477 uint32_t len = 0;
2478 uchar_t *buf1 = buf;
2479 uint32_t totallen;
2480 ipaddr_t dst;
2481 ip_pkt_t *ipp = &connp->conn_xmit_ipp;
2482
2483 if (!(ipp->ipp_fields & IPPF_IPV4_OPTIONS))
2484 return (0);
2485
2486 totallen = ipp->ipp_ipv4_options_len;
2487 if (totallen & 0x3)
2488 return (0);
2489
2490 buf += IP_ADDR_LEN; /* Leave room for final destination */
2491 len += IP_ADDR_LEN;
2492 bzero(buf1, IP_ADDR_LEN);
2493
2494 dst = connp->conn_faddr_v4;
2495
2496 for (optval = ipoptp_first2(&opts, totallen, ipp->ipp_ipv4_options);
2497 optval != IPOPT_EOL;
2498 optval = ipoptp_next(&opts)) {
2499 int off;
2500
2501 opt = opts.ipoptp_cur;
2502 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
2503 break;
2504 }
2505 optlen = opts.ipoptp_len;
2506
2507 switch (optval) {
2508 case IPOPT_SSRR:
2509 case IPOPT_LSRR:
2510
2511 /*
2512 * Insert destination as the first entry in the source
2513 * route and move down the entries on step.
2514 * The last entry gets placed at buf1.
2515 */
2516 buf[IPOPT_OPTVAL] = optval;
2517 buf[IPOPT_OLEN] = optlen;
2518 buf[IPOPT_OFFSET] = optlen;
2519
2520 off = optlen - IP_ADDR_LEN;
2521 if (off < 0) {
2522 /* No entries in source route */
2523 break;
2524 }
2525 /* Last entry in source route if not already set */
2526 if (dst == INADDR_ANY)
2527 bcopy(opt + off, buf1, IP_ADDR_LEN);
2528 off -= IP_ADDR_LEN;
2529
2530 while (off > 0) {
2531 bcopy(opt + off,
2532 buf + off + IP_ADDR_LEN,
2533 IP_ADDR_LEN);
2534 off -= IP_ADDR_LEN;
2535 }
2536 /* ipha_dst into first slot */
2537 bcopy(&dst, buf + off + IP_ADDR_LEN,
2538 IP_ADDR_LEN);
2539 buf += optlen;
2540 len += optlen;
2541 break;
2542
2543 default:
2544 bcopy(opt, buf, optlen);
2545 buf += optlen;
2546 len += optlen;
2547 break;
2548 }
2549 }
2550 done:
2551 /* Pad the resulting options */
2552 while (len & 0x3) {
2553 *buf++ = IPOPT_EOL;
2554 len++;
2555 }
2556 return (len);
2557 }
2558
2559 /*
2560 * Update any record route or timestamp options to include this host.
2561 * Reverse any source route option.
2562 * This routine assumes that the options are well formed i.e. that they
2563 * have already been checked.
2564 */
2565 static void
2566 icmp_options_update(ipha_t *ipha)
2567 {
2568 ipoptp_t opts;
2569 uchar_t *opt;
2570 uint8_t optval;
2571 ipaddr_t src; /* Our local address */
2572 ipaddr_t dst;
2573
2574 ip2dbg(("icmp_options_update\n"));
2575 src = ipha->ipha_src;
2576 dst = ipha->ipha_dst;
2577
2578 for (optval = ipoptp_first(&opts, ipha);
2579 optval != IPOPT_EOL;
2580 optval = ipoptp_next(&opts)) {
2581 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0);
2582 opt = opts.ipoptp_cur;
2583 ip2dbg(("icmp_options_update: opt %d, len %d\n",
2584 optval, opts.ipoptp_len));
2585 switch (optval) {
2586 int off1, off2;
2587 case IPOPT_SSRR:
2588 case IPOPT_LSRR:
2589 /*
2590 * Reverse the source route. The first entry
2591 * should be the next to last one in the current
2592 * source route (the last entry is our address).
2593 * The last entry should be the final destination.
2594 */
2595 off1 = IPOPT_MINOFF_SR - 1;
2596 off2 = opt[IPOPT_OFFSET] - IP_ADDR_LEN - 1;
2597 if (off2 < 0) {
2598 /* No entries in source route */
2599 ip1dbg((
2600 "icmp_options_update: bad src route\n"));
2601 break;
2602 }
2603 bcopy((char *)opt + off2, &dst, IP_ADDR_LEN);
2604 bcopy(&ipha->ipha_dst, (char *)opt + off2, IP_ADDR_LEN);
2605 bcopy(&dst, &ipha->ipha_dst, IP_ADDR_LEN);
2606 off2 -= IP_ADDR_LEN;
2607
2608 while (off1 < off2) {
2609 bcopy((char *)opt + off1, &src, IP_ADDR_LEN);
2610 bcopy((char *)opt + off2, (char *)opt + off1,
2611 IP_ADDR_LEN);
2612 bcopy(&src, (char *)opt + off2, IP_ADDR_LEN);
2613 off1 += IP_ADDR_LEN;
2614 off2 -= IP_ADDR_LEN;
2615 }
2616 opt[IPOPT_OFFSET] = IPOPT_MINOFF_SR;
2617 break;
2618 }
2619 }
2620 }
2621
2622 /*
2623 * Process received ICMP Redirect messages.
2624 * Assumes the caller has verified that the headers are in the pulled up mblk.
2625 * Consumes mp.
2626 */
2627 static void
2628 icmp_redirect_v4(mblk_t *mp, ipha_t *ipha, icmph_t *icmph, ip_recv_attr_t *ira)
2629 {
2630 ire_t *ire, *nire;
2631 ire_t *prev_ire;
2632 ipaddr_t src, dst, gateway;
2633 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
2634 ipha_t *inner_ipha; /* Inner IP header */
2635
2636 /* Caller already pulled up everything. */
2637 inner_ipha = (ipha_t *)&icmph[1];
2638 src = ipha->ipha_src;
2639 dst = inner_ipha->ipha_dst;
2640 gateway = icmph->icmph_rd_gateway;
2641 /* Make sure the new gateway is reachable somehow. */
2642 ire = ire_ftable_lookup_v4(gateway, 0, 0, IRE_ONLINK, NULL,
2643 ALL_ZONES, NULL, MATCH_IRE_TYPE, 0, ipst, NULL);
2644 /*
2645 * Make sure we had a route for the dest in question and that
2646 * that route was pointing to the old gateway (the source of the
2647 * redirect packet.)
2648 * We do longest match and then compare ire_gateway_addr below.
2649 */
2650 prev_ire = ire_ftable_lookup_v4(dst, 0, 0, 0, NULL, ALL_ZONES,
2651 NULL, MATCH_IRE_DSTONLY, 0, ipst, NULL);
2652 /*
2653 * Check that
2654 * the redirect was not from ourselves
2655 * the new gateway and the old gateway are directly reachable
2656 */
2657 if (prev_ire == NULL || ire == NULL ||
2658 (prev_ire->ire_type & (IRE_LOCAL|IRE_LOOPBACK)) ||
2659 (prev_ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) ||
2660 !(ire->ire_type & IRE_IF_ALL) ||
2661 prev_ire->ire_gateway_addr != src) {
2662 BUMP_MIB(&ipst->ips_icmp_mib, icmpInBadRedirects);
2663 ip_drop_input("icmpInBadRedirects - ire", mp, ira->ira_ill);
2664 freemsg(mp);
2665 if (ire != NULL)
2666 ire_refrele(ire);
2667 if (prev_ire != NULL)
2668 ire_refrele(prev_ire);
2669 return;
2670 }
2671
2672 ire_refrele(prev_ire);
2673 ire_refrele(ire);
2674
2675 /*
2676 * TODO: more precise handling for cases 0, 2, 3, the latter two
2677 * require TOS routing
2678 */
2679 switch (icmph->icmph_code) {
2680 case 0:
2681 case 1:
2682 /* TODO: TOS specificity for cases 2 and 3 */
2683 case 2:
2684 case 3:
2685 break;
2686 default:
2687 BUMP_MIB(&ipst->ips_icmp_mib, icmpInBadRedirects);
2688 ip_drop_input("icmpInBadRedirects - code", mp, ira->ira_ill);
2689 freemsg(mp);
2690 return;
2691 }
2692 /*
2693 * Create a Route Association. This will allow us to remember that
2694 * someone we believe told us to use the particular gateway.
2695 */
2696 ire = ire_create(
2697 (uchar_t *)&dst, /* dest addr */
2698 (uchar_t *)&ip_g_all_ones, /* mask */
2699 (uchar_t *)&gateway, /* gateway addr */
2700 IRE_HOST,
2701 NULL, /* ill */
2702 ALL_ZONES,
2703 (RTF_DYNAMIC | RTF_GATEWAY | RTF_HOST),
2704 NULL, /* tsol_gc_t */
2705 ipst);
2706
2707 if (ire == NULL) {
2708 freemsg(mp);
2709 return;
2710 }
2711 nire = ire_add(ire);
2712 /* Check if it was a duplicate entry */
2713 if (nire != NULL && nire != ire) {
2714 ASSERT(nire->ire_identical_ref > 1);
2715 ire_delete(nire);
2716 ire_refrele(nire);
2717 nire = NULL;
2718 }
2719 ire = nire;
2720 if (ire != NULL) {
2721 ire_refrele(ire); /* Held in ire_add */
2722
2723 /* tell routing sockets that we received a redirect */
2724 ip_rts_change(RTM_REDIRECT, dst, gateway, IP_HOST_MASK, 0, src,
2725 (RTF_DYNAMIC | RTF_GATEWAY | RTF_HOST), 0,
2726 (RTA_DST | RTA_GATEWAY | RTA_NETMASK | RTA_AUTHOR), ipst);
2727 }
2728
2729 /*
2730 * Delete any existing IRE_HOST type redirect ires for this destination.
2731 * This together with the added IRE has the effect of
2732 * modifying an existing redirect.
2733 */
2734 prev_ire = ire_ftable_lookup_v4(dst, 0, src, IRE_HOST, NULL,
2735 ALL_ZONES, NULL, (MATCH_IRE_GW | MATCH_IRE_TYPE), 0, ipst, NULL);
2736 if (prev_ire != NULL) {
2737 if (prev_ire ->ire_flags & RTF_DYNAMIC)
2738 ire_delete(prev_ire);
2739 ire_refrele(prev_ire);
2740 }
2741
2742 freemsg(mp);
2743 }
2744
2745 /*
2746 * Generate an ICMP parameter problem message.
2747 * When called from ip_output side a minimal ip_recv_attr_t needs to be
2748 * constructed by the caller.
2749 */
2750 static void
2751 icmp_param_problem(mblk_t *mp, uint8_t ptr, ip_recv_attr_t *ira)
2752 {
2753 icmph_t icmph;
2754 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
2755
2756 mp = icmp_pkt_err_ok(mp, ira);
2757 if (mp == NULL)
2758 return;
2759
2760 bzero(&icmph, sizeof (icmph_t));
2761 icmph.icmph_type = ICMP_PARAM_PROBLEM;
2762 icmph.icmph_pp_ptr = ptr;
2763 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutParmProbs);
2764 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira);
2765 }
2766
2767 /*
2768 * Build and ship an IPv4 ICMP message using the packet data in mp, and
2769 * the ICMP header pointed to by "stuff". (May be called as writer.)
2770 * Note: assumes that icmp_pkt_err_ok has been called to verify that
2771 * an icmp error packet can be sent.
2772 * Assigns an appropriate source address to the packet. If ipha_dst is
2773 * one of our addresses use it for source. Otherwise let ip_output_simple
2774 * pick the source address.
2775 */
2776 static void
2777 icmp_pkt(mblk_t *mp, void *stuff, size_t len, ip_recv_attr_t *ira)
2778 {
2779 ipaddr_t dst;
2780 icmph_t *icmph;
2781 ipha_t *ipha;
2782 uint_t len_needed;
2783 size_t msg_len;
2784 mblk_t *mp1;
2785 ipaddr_t src;
2786 ire_t *ire;
2787 ip_xmit_attr_t ixas;
2788 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
2789
2790 ipha = (ipha_t *)mp->b_rptr;
2791
2792 bzero(&ixas, sizeof (ixas));
2793 ixas.ixa_flags = IXAF_BASIC_SIMPLE_V4;
2794 ixas.ixa_zoneid = ira->ira_zoneid;
2795 ixas.ixa_ifindex = 0;
2796 ixas.ixa_ipst = ipst;
2797 ixas.ixa_cred = kcred;
2798 ixas.ixa_cpid = NOPID;
2799 ixas.ixa_tsl = ira->ira_tsl; /* Behave as a multi-level responder */
2800 ixas.ixa_multicast_ttl = IP_DEFAULT_MULTICAST_TTL;
2801
2802 if (ira->ira_flags & IRAF_IPSEC_SECURE) {
2803 /*
2804 * Apply IPsec based on how IPsec was applied to
2805 * the packet that had the error.
2806 *
2807 * If it was an outbound packet that caused the ICMP
2808 * error, then the caller will have setup the IRA
2809 * appropriately.
2810 */
2811 if (!ipsec_in_to_out(ira, &ixas, mp, ipha, NULL)) {
2812 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
2813 /* Note: mp already consumed and ip_drop_packet done */
2814 return;
2815 }
2816 } else {
2817 /*
2818 * This is in clear. The icmp message we are building
2819 * here should go out in clear, independent of our policy.
2820 */
2821 ixas.ixa_flags |= IXAF_NO_IPSEC;
2822 }
2823
2824 /* Remember our eventual destination */
2825 dst = ipha->ipha_src;
2826
2827 /*
2828 * If the packet was for one of our unicast addresses, make
2829 * sure we respond with that as the source. Otherwise
2830 * have ip_output_simple pick the source address.
2831 */
2832 ire = ire_ftable_lookup_v4(ipha->ipha_dst, 0, 0,
2833 (IRE_LOCAL|IRE_LOOPBACK), NULL, ira->ira_zoneid, NULL,
2834 MATCH_IRE_TYPE|MATCH_IRE_ZONEONLY, 0, ipst, NULL);
2835 if (ire != NULL) {
2836 ire_refrele(ire);
2837 src = ipha->ipha_dst;
2838 } else {
2839 src = INADDR_ANY;
2840 ixas.ixa_flags |= IXAF_SET_SOURCE;
2841 }
2842
2843 /*
2844 * Check if we can send back more then 8 bytes in addition to
2845 * the IP header. We try to send 64 bytes of data and the internal
2846 * header in the special cases of ipv4 encapsulated ipv4 or ipv6.
2847 */
2848 len_needed = IPH_HDR_LENGTH(ipha);
2849 if (ipha->ipha_protocol == IPPROTO_ENCAP ||
2850 ipha->ipha_protocol == IPPROTO_IPV6) {
2851 if (!pullupmsg(mp, -1)) {
2852 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
2853 ip_drop_output("ipIfStatsOutDiscards", mp, NULL);
2854 freemsg(mp);
2855 return;
2856 }
2857 ipha = (ipha_t *)mp->b_rptr;
2858
2859 if (ipha->ipha_protocol == IPPROTO_ENCAP) {
2860 len_needed += IPH_HDR_LENGTH(((uchar_t *)ipha +
2861 len_needed));
2862 } else {
2863 ip6_t *ip6h = (ip6_t *)((uchar_t *)ipha + len_needed);
2864
2865 ASSERT(ipha->ipha_protocol == IPPROTO_IPV6);
2866 len_needed += ip_hdr_length_v6(mp, ip6h);
2867 }
2868 }
2869 len_needed += ipst->ips_ip_icmp_return;
2870 msg_len = msgdsize(mp);
2871 if (msg_len > len_needed) {
2872 (void) adjmsg(mp, len_needed - msg_len);
2873 msg_len = len_needed;
2874 }
2875 mp1 = allocb(sizeof (icmp_ipha) + len, BPRI_MED);
2876 if (mp1 == NULL) {
2877 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutErrors);
2878 freemsg(mp);
2879 return;
2880 }
2881 mp1->b_cont = mp;
2882 mp = mp1;
2883
2884 /*
2885 * Set IXAF_TRUSTED_ICMP so we can let the ICMP messages this
2886 * node generates be accepted in peace by all on-host destinations.
2887 * If we do NOT assume that all on-host destinations trust
2888 * self-generated ICMP messages, then rework here, ip6.c, and spd.c.
2889 * (Look for IXAF_TRUSTED_ICMP).
2890 */
2891 ixas.ixa_flags |= IXAF_TRUSTED_ICMP;
2892
2893 ipha = (ipha_t *)mp->b_rptr;
2894 mp1->b_wptr = (uchar_t *)ipha + (sizeof (icmp_ipha) + len);
2895 *ipha = icmp_ipha;
2896 ipha->ipha_src = src;
2897 ipha->ipha_dst = dst;
2898 ipha->ipha_ttl = ipst->ips_ip_def_ttl;
2899 msg_len += sizeof (icmp_ipha) + len;
2900 if (msg_len > IP_MAXPACKET) {
2901 (void) adjmsg(mp, IP_MAXPACKET - msg_len);
2902 msg_len = IP_MAXPACKET;
2903 }
2904 ipha->ipha_length = htons((uint16_t)msg_len);
2905 icmph = (icmph_t *)&ipha[1];
2906 bcopy(stuff, icmph, len);
2907 icmph->icmph_checksum = 0;
2908 icmph->icmph_checksum = IP_CSUM(mp, (int32_t)sizeof (ipha_t), 0);
2909 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutMsgs);
2910
2911 (void) ip_output_simple(mp, &ixas);
2912 ixa_cleanup(&ixas);
2913 }
2914
2915 /*
2916 * Determine if an ICMP error packet can be sent given the rate limit.
2917 * The limit consists of an average frequency (icmp_pkt_err_interval measured
2918 * in milliseconds) and a burst size. Burst size number of packets can
2919 * be sent arbitrarely closely spaced.
2920 * The state is tracked using two variables to implement an approximate
2921 * token bucket filter:
2922 * icmp_pkt_err_last - lbolt value when the last burst started
2923 * icmp_pkt_err_sent - number of packets sent in current burst
2924 */
2925 boolean_t
2926 icmp_err_rate_limit(ip_stack_t *ipst)
2927 {
2928 clock_t now = TICK_TO_MSEC(ddi_get_lbolt());
2929 uint_t refilled; /* Number of packets refilled in tbf since last */
2930 /* Guard against changes by loading into local variable */
2931 uint_t err_interval = ipst->ips_ip_icmp_err_interval;
2932
2933 if (err_interval == 0)
2934 return (B_FALSE);
2935
2936 if (ipst->ips_icmp_pkt_err_last > now) {
2937 /* 100HZ lbolt in ms for 32bit arch wraps every 49.7 days */
2938 ipst->ips_icmp_pkt_err_last = 0;
2939 ipst->ips_icmp_pkt_err_sent = 0;
2940 }
2941 /*
2942 * If we are in a burst update the token bucket filter.
2943 * Update the "last" time to be close to "now" but make sure
2944 * we don't loose precision.
2945 */
2946 if (ipst->ips_icmp_pkt_err_sent != 0) {
2947 refilled = (now - ipst->ips_icmp_pkt_err_last)/err_interval;
2948 if (refilled > ipst->ips_icmp_pkt_err_sent) {
2949 ipst->ips_icmp_pkt_err_sent = 0;
2950 } else {
2951 ipst->ips_icmp_pkt_err_sent -= refilled;
2952 ipst->ips_icmp_pkt_err_last += refilled * err_interval;
2953 }
2954 }
2955 if (ipst->ips_icmp_pkt_err_sent == 0) {
2956 /* Start of new burst */
2957 ipst->ips_icmp_pkt_err_last = now;
2958 }
2959 if (ipst->ips_icmp_pkt_err_sent < ipst->ips_ip_icmp_err_burst) {
2960 ipst->ips_icmp_pkt_err_sent++;
2961 ip1dbg(("icmp_err_rate_limit: %d sent in burst\n",
2962 ipst->ips_icmp_pkt_err_sent));
2963 return (B_FALSE);
2964 }
2965 ip1dbg(("icmp_err_rate_limit: dropped\n"));
2966 return (B_TRUE);
2967 }
2968
2969 /*
2970 * Check if it is ok to send an IPv4 ICMP error packet in
2971 * response to the IPv4 packet in mp.
2972 * Free the message and return null if no
2973 * ICMP error packet should be sent.
2974 */
2975 static mblk_t *
2976 icmp_pkt_err_ok(mblk_t *mp, ip_recv_attr_t *ira)
2977 {
2978 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
2979 icmph_t *icmph;
2980 ipha_t *ipha;
2981 uint_t len_needed;
2982
2983 if (!mp)
2984 return (NULL);
2985 ipha = (ipha_t *)mp->b_rptr;
2986 if (ip_csum_hdr(ipha)) {
2987 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInCksumErrs);
2988 ip_drop_input("ipIfStatsInCksumErrs", mp, NULL);
2989 freemsg(mp);
2990 return (NULL);
2991 }
2992 if (ip_type_v4(ipha->ipha_dst, ipst) == IRE_BROADCAST ||
2993 ip_type_v4(ipha->ipha_src, ipst) == IRE_BROADCAST ||
2994 CLASSD(ipha->ipha_dst) ||
2995 CLASSD(ipha->ipha_src) ||
2996 (ntohs(ipha->ipha_fragment_offset_and_flags) & IPH_OFFSET)) {
2997 /* Note: only errors to the fragment with offset 0 */
2998 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops);
2999 freemsg(mp);
3000 return (NULL);
3001 }
3002 if (ipha->ipha_protocol == IPPROTO_ICMP) {
3003 /*
3004 * Check the ICMP type. RFC 1122 sez: don't send ICMP
3005 * errors in response to any ICMP errors.
3006 */
3007 len_needed = IPH_HDR_LENGTH(ipha) + ICMPH_SIZE;
3008 if (mp->b_wptr - mp->b_rptr < len_needed) {
3009 if (!pullupmsg(mp, len_needed)) {
3010 BUMP_MIB(&ipst->ips_icmp_mib, icmpInErrors);
3011 freemsg(mp);
3012 return (NULL);
3013 }
3014 ipha = (ipha_t *)mp->b_rptr;
3015 }
3016 icmph = (icmph_t *)
3017 (&((char *)ipha)[IPH_HDR_LENGTH(ipha)]);
3018 switch (icmph->icmph_type) {
3019 case ICMP_DEST_UNREACHABLE:
3020 case ICMP_SOURCE_QUENCH:
3021 case ICMP_TIME_EXCEEDED:
3022 case ICMP_PARAM_PROBLEM:
3023 case ICMP_REDIRECT:
3024 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops);
3025 freemsg(mp);
3026 return (NULL);
3027 default:
3028 break;
3029 }
3030 }
3031 /*
3032 * If this is a labeled system, then check to see if we're allowed to
3033 * send a response to this particular sender. If not, then just drop.
3034 */
3035 if (is_system_labeled() && !tsol_can_reply_error(mp, ira)) {
3036 ip2dbg(("icmp_pkt_err_ok: can't respond to packet\n"));
3037 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops);
3038 freemsg(mp);
3039 return (NULL);
3040 }
3041 if (icmp_err_rate_limit(ipst)) {
3042 /*
3043 * Only send ICMP error packets every so often.
3044 * This should be done on a per port/source basis,
3045 * but for now this will suffice.
3046 */
3047 freemsg(mp);
3048 return (NULL);
3049 }
3050 return (mp);
3051 }
3052
3053 /*
3054 * Called when a packet was sent out the same link that it arrived on.
3055 * Check if it is ok to send a redirect and then send it.
3056 */
3057 void
3058 ip_send_potential_redirect_v4(mblk_t *mp, ipha_t *ipha, ire_t *ire,
3059 ip_recv_attr_t *ira)
3060 {
3061 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
3062 ipaddr_t src, nhop;
3063 mblk_t *mp1;
3064 ire_t *nhop_ire;
3065
3066 /*
3067 * Check the source address to see if it originated
3068 * on the same logical subnet it is going back out on.
3069 * If so, we should be able to send it a redirect.
3070 * Avoid sending a redirect if the destination
3071 * is directly connected (i.e., we matched an IRE_ONLINK),
3072 * or if the packet was source routed out this interface.
3073 *
3074 * We avoid sending a redirect if the
3075 * destination is directly connected
3076 * because it is possible that multiple
3077 * IP subnets may have been configured on
3078 * the link, and the source may not
3079 * be on the same subnet as ip destination,
3080 * even though they are on the same
3081 * physical link.
3082 */
3083 if ((ire->ire_type & IRE_ONLINK) ||
3084 ip_source_routed(ipha, ipst))
3085 return;
3086
3087 nhop_ire = ire_nexthop(ire);
3088 if (nhop_ire == NULL)
3089 return;
3090
3091 nhop = nhop_ire->ire_addr;
3092
3093 if (nhop_ire->ire_type & IRE_IF_CLONE) {
3094 ire_t *ire2;
3095
3096 /* Follow ire_dep_parent to find non-clone IRE_INTERFACE */
3097 mutex_enter(&nhop_ire->ire_lock);
3098 ire2 = nhop_ire->ire_dep_parent;
3099 if (ire2 != NULL)
3100 ire_refhold(ire2);
3101 mutex_exit(&nhop_ire->ire_lock);
3102 ire_refrele(nhop_ire);
3103 nhop_ire = ire2;
3104 }
3105 if (nhop_ire == NULL)
3106 return;
3107
3108 ASSERT(!(nhop_ire->ire_type & IRE_IF_CLONE));
3109
3110 src = ipha->ipha_src;
3111
3112 /*
3113 * We look at the interface ire for the nexthop,
3114 * to see if ipha_src is in the same subnet
3115 * as the nexthop.
3116 */
3117 if ((src & nhop_ire->ire_mask) == (nhop & nhop_ire->ire_mask)) {
3118 /*
3119 * The source is directly connected.
3120 */
3121 mp1 = copymsg(mp);
3122 if (mp1 != NULL) {
3123 icmp_send_redirect(mp1, nhop, ira);
3124 }
3125 }
3126 ire_refrele(nhop_ire);
3127 }
3128
3129 /*
3130 * Generate an ICMP redirect message.
3131 */
3132 static void
3133 icmp_send_redirect(mblk_t *mp, ipaddr_t gateway, ip_recv_attr_t *ira)
3134 {
3135 icmph_t icmph;
3136 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
3137
3138 mp = icmp_pkt_err_ok(mp, ira);
3139 if (mp == NULL)
3140 return;
3141
3142 bzero(&icmph, sizeof (icmph_t));
3143 icmph.icmph_type = ICMP_REDIRECT;
3144 icmph.icmph_code = 1;
3145 icmph.icmph_rd_gateway = gateway;
3146 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutRedirects);
3147 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira);
3148 }
3149
3150 /*
3151 * Generate an ICMP time exceeded message.
3152 */
3153 void
3154 icmp_time_exceeded(mblk_t *mp, uint8_t code, ip_recv_attr_t *ira)
3155 {
3156 icmph_t icmph;
3157 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
3158
3159 mp = icmp_pkt_err_ok(mp, ira);
3160 if (mp == NULL)
3161 return;
3162
3163 bzero(&icmph, sizeof (icmph_t));
3164 icmph.icmph_type = ICMP_TIME_EXCEEDED;
3165 icmph.icmph_code = code;
3166 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutTimeExcds);
3167 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira);
3168 }
3169
3170 /*
3171 * Generate an ICMP unreachable message.
3172 * When called from ip_output side a minimal ip_recv_attr_t needs to be
3173 * constructed by the caller.
3174 */
3175 void
3176 icmp_unreachable(mblk_t *mp, uint8_t code, ip_recv_attr_t *ira)
3177 {
3178 icmph_t icmph;
3179 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
3180
3181 mp = icmp_pkt_err_ok(mp, ira);
3182 if (mp == NULL)
3183 return;
3184
3185 bzero(&icmph, sizeof (icmph_t));
3186 icmph.icmph_type = ICMP_DEST_UNREACHABLE;
3187 icmph.icmph_code = code;
3188 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDestUnreachs);
3189 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira);
3190 }
3191
3192 /*
3193 * Latch in the IPsec state for a stream based the policy in the listener
3194 * and the actions in the ip_recv_attr_t.
3195 * Called directly from TCP and SCTP.
3196 */
3197 boolean_t
3198 ip_ipsec_policy_inherit(conn_t *connp, conn_t *lconnp, ip_recv_attr_t *ira)
3199 {
3200 ASSERT(lconnp->conn_policy != NULL);
3201 ASSERT(connp->conn_policy == NULL);
3202
3203 IPPH_REFHOLD(lconnp->conn_policy);
3204 connp->conn_policy = lconnp->conn_policy;
3205
3206 if (ira->ira_ipsec_action != NULL) {
3207 if (connp->conn_latch == NULL) {
3208 connp->conn_latch = iplatch_create();
3209 if (connp->conn_latch == NULL)
3210 return (B_FALSE);
3211 }
3212 ipsec_latch_inbound(connp, ira);
3213 }
3214 return (B_TRUE);
3215 }
3216
3217 /*
3218 * Verify whether or not the IP address is a valid local address.
3219 * Could be a unicast, including one for a down interface.
3220 * If allow_mcbc then a multicast or broadcast address is also
3221 * acceptable.
3222 *
3223 * In the case of a broadcast/multicast address, however, the
3224 * upper protocol is expected to reset the src address
3225 * to zero when we return IPVL_MCAST/IPVL_BCAST so that
3226 * no packets are emitted with broadcast/multicast address as
3227 * source address (that violates hosts requirements RFC 1122)
3228 * The addresses valid for bind are:
3229 * (1) - INADDR_ANY (0)
3230 * (2) - IP address of an UP interface
3231 * (3) - IP address of a DOWN interface
3232 * (4) - valid local IP broadcast addresses. In this case
3233 * the conn will only receive packets destined to
3234 * the specified broadcast address.
3235 * (5) - a multicast address. In this case
3236 * the conn will only receive packets destined to
3237 * the specified multicast address. Note: the
3238 * application still has to issue an
3239 * IP_ADD_MEMBERSHIP socket option.
3240 *
3241 * In all the above cases, the bound address must be valid in the current zone.
3242 * When the address is loopback, multicast or broadcast, there might be many
3243 * matching IREs so bind has to look up based on the zone.
3244 */
3245 ip_laddr_t
3246 ip_laddr_verify_v4(ipaddr_t src_addr, zoneid_t zoneid,
3247 ip_stack_t *ipst, boolean_t allow_mcbc)
3248 {
3249 ire_t *src_ire;
3250
3251 ASSERT(src_addr != INADDR_ANY);
3252
3253 src_ire = ire_ftable_lookup_v4(src_addr, 0, 0, 0,
3254 NULL, zoneid, NULL, MATCH_IRE_ZONEONLY, 0, ipst, NULL);
3255
3256 /*
3257 * If an address other than in6addr_any is requested,
3258 * we verify that it is a valid address for bind
3259 * Note: Following code is in if-else-if form for
3260 * readability compared to a condition check.
3261 */
3262 if (src_ire != NULL && (src_ire->ire_type & (IRE_LOCAL|IRE_LOOPBACK))) {
3263 /*
3264 * (2) Bind to address of local UP interface
3265 */
3266 ire_refrele(src_ire);
3267 return (IPVL_UNICAST_UP);
3268 } else if (src_ire != NULL && src_ire->ire_type & IRE_BROADCAST) {
3269 /*
3270 * (4) Bind to broadcast address
3271 */
3272 ire_refrele(src_ire);
3273 if (allow_mcbc)
3274 return (IPVL_BCAST);
3275 else
3276 return (IPVL_BAD);
3277 } else if (CLASSD(src_addr)) {
3278 /* (5) bind to multicast address. */
3279 if (src_ire != NULL)
3280 ire_refrele(src_ire);
3281
3282 if (allow_mcbc)
3283 return (IPVL_MCAST);
3284 else
3285 return (IPVL_BAD);
3286 } else {
3287 ipif_t *ipif;
3288
3289 /*
3290 * (3) Bind to address of local DOWN interface?
3291 * (ipif_lookup_addr() looks up all interfaces
3292 * but we do not get here for UP interfaces
3293 * - case (2) above)
3294 */
3295 if (src_ire != NULL)
3296 ire_refrele(src_ire);
3297
3298 ipif = ipif_lookup_addr(src_addr, NULL, zoneid, ipst);
3299 if (ipif == NULL)
3300 return (IPVL_BAD);
3301
3302 /* Not a useful source? */
3303 if (ipif->ipif_flags & (IPIF_NOLOCAL | IPIF_ANYCAST)) {
3304 ipif_refrele(ipif);
3305 return (IPVL_BAD);
3306 }
3307 ipif_refrele(ipif);
3308 return (IPVL_UNICAST_DOWN);
3309 }
3310 }
3311
3312 /*
3313 * Insert in the bind fanout for IPv4 and IPv6.
3314 * The caller should already have used ip_laddr_verify_v*() before calling
3315 * this.
3316 */
3317 int
3318 ip_laddr_fanout_insert(conn_t *connp)
3319 {
3320 int error;
3321
3322 /*
3323 * Allow setting new policies. For example, disconnects result
3324 * in us being called. As we would have set conn_policy_cached
3325 * to B_TRUE before, we should set it to B_FALSE, so that policy
3326 * can change after the disconnect.
3327 */
3328 connp->conn_policy_cached = B_FALSE;
3329
3330 error = ipcl_bind_insert(connp);
3331 if (error != 0) {
3332 if (connp->conn_anon_port) {
3333 (void) tsol_mlp_anon(crgetzone(connp->conn_cred),
3334 connp->conn_mlp_type, connp->conn_proto,
3335 ntohs(connp->conn_lport), B_FALSE);
3336 }
3337 connp->conn_mlp_type = mlptSingle;
3338 }
3339 return (error);
3340 }
3341
3342 /*
3343 * Verify that both the source and destination addresses are valid. If
3344 * IPDF_VERIFY_DST is not set, then the destination address may be unreachable,
3345 * i.e. have no route to it. Protocols like TCP want to verify destination
3346 * reachability, while tunnels do not.
3347 *
3348 * Determine the route, the interface, and (optionally) the source address
3349 * to use to reach a given destination.
3350 * Note that we allow connect to broadcast and multicast addresses when
3351 * IPDF_ALLOW_MCBC is set.
3352 * first_hop and dst_addr are normally the same, but if source routing
3353 * they will differ; in that case the first_hop is what we'll use for the
3354 * routing lookup but the dce and label checks will be done on dst_addr,
3355 *
3356 * If uinfo is set, then we fill in the best available information
3357 * we have for the destination. This is based on (in priority order) any
3358 * metrics and path MTU stored in a dce_t, route metrics, and finally the
3359 * ill_mtu/ill_mc_mtu.
3360 *
3361 * Tsol note: If we have a source route then dst_addr != firsthop. But we
3362 * always do the label check on dst_addr.
3363 */
3364 int
3365 ip_set_destination_v4(ipaddr_t *src_addrp, ipaddr_t dst_addr, ipaddr_t firsthop,
3366 ip_xmit_attr_t *ixa, iulp_t *uinfo, uint32_t flags, uint_t mac_mode)
3367 {
3368 ire_t *ire = NULL;
3369 int error = 0;
3370 ipaddr_t setsrc; /* RTF_SETSRC */
3371 zoneid_t zoneid = ixa->ixa_zoneid; /* Honors SO_ALLZONES */
3372 ip_stack_t *ipst = ixa->ixa_ipst;
3373 dce_t *dce;
3374 uint_t pmtu;
3375 uint_t generation;
3376 nce_t *nce;
3377 ill_t *ill = NULL;
3378 boolean_t multirt = B_FALSE;
3379
3380 ASSERT(ixa->ixa_flags & IXAF_IS_IPV4);
3381
3382 /*
3383 * We never send to zero; the ULPs map it to the loopback address.
3384 * We can't allow it since we use zero to mean unitialized in some
3385 * places.
3386 */
3387 ASSERT(dst_addr != INADDR_ANY);
3388
3389 if (is_system_labeled()) {
3390 ts_label_t *tsl = NULL;
3391
3392 error = tsol_check_dest(ixa->ixa_tsl, &dst_addr, IPV4_VERSION,
3393 mac_mode, (flags & IPDF_ZONE_IS_GLOBAL) != 0, &tsl);
3394 if (error != 0)
3395 return (error);
3396 if (tsl != NULL) {
3397 /* Update the label */
3398 ip_xmit_attr_replace_tsl(ixa, tsl);
3399 }
3400 }
3401
3402 setsrc = INADDR_ANY;
3403 /*
3404 * Select a route; For IPMP interfaces, we would only select
3405 * a "hidden" route (i.e., going through a specific under_ill)
3406 * if ixa_ifindex has been specified.
3407 */
3408 ire = ip_select_route_v4(firsthop, *src_addrp, ixa,
3409 &generation, &setsrc, &error, &multirt);
3410 ASSERT(ire != NULL); /* IRE_NOROUTE if none found */
3411 if (error != 0)
3412 goto bad_addr;
3413
3414 /*
3415 * ire can't be a broadcast or multicast unless IPDF_ALLOW_MCBC is set.
3416 * If IPDF_VERIFY_DST is set, the destination must be reachable;
3417 * Otherwise the destination needn't be reachable.
3418 *
3419 * If we match on a reject or black hole, then we've got a
3420 * local failure. May as well fail out the connect() attempt,
3421 * since it's never going to succeed.
3422 */
3423 if (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) {
3424 /*
3425 * If we're verifying destination reachability, we always want
3426 * to complain here.
3427 *
3428 * If we're not verifying destination reachability but the
3429 * destination has a route, we still want to fail on the
3430 * temporary address and broadcast address tests.
3431 *
3432 * In both cases do we let the code continue so some reasonable
3433 * information is returned to the caller. That enables the
3434 * caller to use (and even cache) the IRE. conn_ip_ouput will
3435 * use the generation mismatch path to check for the unreachable
3436 * case thereby avoiding any specific check in the main path.
3437 */
3438 ASSERT(generation == IRE_GENERATION_VERIFY);
3439 if (flags & IPDF_VERIFY_DST) {
3440 /*
3441 * Set errno but continue to set up ixa_ire to be
3442 * the RTF_REJECT|RTF_BLACKHOLE IRE.
3443 * That allows callers to use ip_output to get an
3444 * ICMP error back.
3445 */
3446 if (!(ire->ire_type & IRE_HOST))
3447 error = ENETUNREACH;
3448 else
3449 error = EHOSTUNREACH;
3450 }
3451 }
3452
3453 if ((ire->ire_type & (IRE_BROADCAST|IRE_MULTICAST)) &&
3454 !(flags & IPDF_ALLOW_MCBC)) {
3455 ire_refrele(ire);
3456 ire = ire_reject(ipst, B_FALSE);
3457 generation = IRE_GENERATION_VERIFY;
3458 error = ENETUNREACH;
3459 }
3460
3461 /* Cache things */
3462 if (ixa->ixa_ire != NULL)
3463 ire_refrele_notr(ixa->ixa_ire);
3464 #ifdef DEBUG
3465 ire_refhold_notr(ire);
3466 ire_refrele(ire);
3467 #endif
3468 ixa->ixa_ire = ire;
3469 ixa->ixa_ire_generation = generation;
3470
3471 /*
3472 * Ensure that ixa_dce is always set any time that ixa_ire is set,
3473 * since some callers will send a packet to conn_ip_output() even if
3474 * there's an error.
3475 */
3476 if (flags & IPDF_UNIQUE_DCE) {
3477 /* Fallback to the default dce if allocation fails */
3478 dce = dce_lookup_and_add_v4(dst_addr, ipst);
3479 if (dce != NULL)
3480 generation = dce->dce_generation;
3481 else
3482 dce = dce_lookup_v4(dst_addr, ipst, &generation);
3483 } else {
3484 dce = dce_lookup_v4(dst_addr, ipst, &generation);
3485 }
3486 ASSERT(dce != NULL);
3487 if (ixa->ixa_dce != NULL)
3488 dce_refrele_notr(ixa->ixa_dce);
3489 #ifdef DEBUG
3490 dce_refhold_notr(dce);
3491 dce_refrele(dce);
3492 #endif
3493 ixa->ixa_dce = dce;
3494 ixa->ixa_dce_generation = generation;
3495
3496 /*
3497 * For multicast with multirt we have a flag passed back from
3498 * ire_lookup_multi_ill_v4 since we don't have an IRE for each
3499 * possible multicast address.
3500 * We also need a flag for multicast since we can't check
3501 * whether RTF_MULTIRT is set in ixa_ire for multicast.
3502 */
3503 if (multirt) {
3504 ixa->ixa_postfragfn = ip_postfrag_multirt_v4;
3505 ixa->ixa_flags |= IXAF_MULTIRT_MULTICAST;
3506 } else {
3507 ixa->ixa_postfragfn = ire->ire_postfragfn;
3508 ixa->ixa_flags &= ~IXAF_MULTIRT_MULTICAST;
3509 }
3510 if (!(ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE))) {
3511 /* Get an nce to cache. */
3512 nce = ire_to_nce(ire, firsthop, NULL);
3513 if (nce == NULL) {
3514 /* Allocation failure? */
3515 ixa->ixa_ire_generation = IRE_GENERATION_VERIFY;
3516 } else {
3517 if (ixa->ixa_nce != NULL)
3518 nce_refrele(ixa->ixa_nce);
3519 ixa->ixa_nce = nce;
3520 }
3521 }
3522
3523 /*
3524 * If the source address is a loopback address, the
3525 * destination had best be local or multicast.
3526 * If we are sending to an IRE_LOCAL using a loopback source then
3527 * it had better be the same zoneid.
3528 */
3529 if (*src_addrp == htonl(INADDR_LOOPBACK)) {
3530 if ((ire->ire_type & IRE_LOCAL) && ire->ire_zoneid != zoneid) {
3531 ire = NULL; /* Stored in ixa_ire */
3532 error = EADDRNOTAVAIL;
3533 goto bad_addr;
3534 }
3535 if (!(ire->ire_type & (IRE_LOOPBACK|IRE_LOCAL|IRE_MULTICAST))) {
3536 ire = NULL; /* Stored in ixa_ire */
3537 error = EADDRNOTAVAIL;
3538 goto bad_addr;
3539 }
3540 }
3541 if (ire->ire_type & IRE_BROADCAST) {
3542 /*
3543 * If the ULP didn't have a specified source, then we
3544 * make sure we reselect the source when sending
3545 * broadcasts out different interfaces.
3546 */
3547 if (flags & IPDF_SELECT_SRC)
3548 ixa->ixa_flags |= IXAF_SET_SOURCE;
3549 else
3550 ixa->ixa_flags &= ~IXAF_SET_SOURCE;
3551 }
3552
3553 /*
3554 * Does the caller want us to pick a source address?
3555 */
3556 if (flags & IPDF_SELECT_SRC) {
3557 ipaddr_t src_addr;
3558
3559 /*
3560 * We use use ire_nexthop_ill to avoid the under ipmp
3561 * interface for source address selection. Note that for ipmp
3562 * probe packets, ixa_ifindex would have been specified, and
3563 * the ip_select_route() invocation would have picked an ire
3564 * will ire_ill pointing at an under interface.
3565 */
3566 ill = ire_nexthop_ill(ire);
3567
3568 /* If unreachable we have no ill but need some source */
3569 if (ill == NULL) {
3570 src_addr = htonl(INADDR_LOOPBACK);
3571 /* Make sure we look for a better source address */
3572 generation = SRC_GENERATION_VERIFY;
3573 } else {
3574 error = ip_select_source_v4(ill, setsrc, dst_addr,
3575 ixa->ixa_multicast_ifaddr, zoneid,
3576 ipst, &src_addr, &generation, NULL);
3577 if (error != 0) {
3578 ire = NULL; /* Stored in ixa_ire */
3579 goto bad_addr;
3580 }
3581 }
3582
3583 /*
3584 * We allow the source address to to down.
3585 * However, we check that we don't use the loopback address
3586 * as a source when sending out on the wire.
3587 */
3588 if ((src_addr == htonl(INADDR_LOOPBACK)) &&
3589 !(ire->ire_type & (IRE_LOCAL|IRE_LOOPBACK|IRE_MULTICAST)) &&
3590 !(ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE))) {
3591 ire = NULL; /* Stored in ixa_ire */
3592 error = EADDRNOTAVAIL;
3593 goto bad_addr;
3594 }
3595
3596 *src_addrp = src_addr;
3597 ixa->ixa_src_generation = generation;
3598 }
3599
3600 /*
3601 * Make sure we don't leave an unreachable ixa_nce in place
3602 * since ip_select_route is used when we unplumb i.e., remove
3603 * references on ixa_ire, ixa_nce, and ixa_dce.
3604 */
3605 nce = ixa->ixa_nce;
3606 if (nce != NULL && nce->nce_is_condemned) {
3607 nce_refrele(nce);
3608 ixa->ixa_nce = NULL;
3609 ixa->ixa_ire_generation = IRE_GENERATION_VERIFY;
3610 }
3611
3612 /*
3613 * The caller has set IXAF_PMTU_DISCOVERY if path MTU is desired.
3614 * However, we can't do it for IPv4 multicast or broadcast.
3615 */
3616 if (ire->ire_type & (IRE_BROADCAST|IRE_MULTICAST))
3617 ixa->ixa_flags &= ~IXAF_PMTU_DISCOVERY;
3618
3619 /*
3620 * Set initial value for fragmentation limit. Either conn_ip_output
3621 * or ULP might updates it when there are routing changes.
3622 * Handles a NULL ixa_ire->ire_ill or a NULL ixa_nce for RTF_REJECT.
3623 */
3624 pmtu = ip_get_pmtu(ixa);
3625 ixa->ixa_fragsize = pmtu;
3626 /* Make sure ixa_fragsize and ixa_pmtu remain identical */
3627 if (ixa->ixa_flags & IXAF_VERIFY_PMTU)
3628 ixa->ixa_pmtu = pmtu;
3629
3630 /*
3631 * Extract information useful for some transports.
3632 * First we look for DCE metrics. Then we take what we have in
3633 * the metrics in the route, where the offlink is used if we have
3634 * one.
3635 */
3636 if (uinfo != NULL) {
3637 bzero(uinfo, sizeof (*uinfo));
3638
3639 if (dce->dce_flags & DCEF_UINFO)
3640 *uinfo = dce->dce_uinfo;
3641
3642 rts_merge_metrics(uinfo, &ire->ire_metrics);
3643
3644 /* Allow ire_metrics to decrease the path MTU from above */
3645 if (uinfo->iulp_mtu == 0 || uinfo->iulp_mtu > pmtu)
3646 uinfo->iulp_mtu = pmtu;
3647
3648 uinfo->iulp_localnet = (ire->ire_type & IRE_ONLINK) != 0;
3649 uinfo->iulp_loopback = (ire->ire_type & IRE_LOOPBACK) != 0;
3650 uinfo->iulp_local = (ire->ire_type & IRE_LOCAL) != 0;
3651 }
3652
3653 if (ill != NULL)
3654 ill_refrele(ill);
3655
3656 return (error);
3657
3658 bad_addr:
3659 if (ire != NULL)
3660 ire_refrele(ire);
3661
3662 if (ill != NULL)
3663 ill_refrele(ill);
3664
3665 /*
3666 * Make sure we don't leave an unreachable ixa_nce in place
3667 * since ip_select_route is used when we unplumb i.e., remove
3668 * references on ixa_ire, ixa_nce, and ixa_dce.
3669 */
3670 nce = ixa->ixa_nce;
3671 if (nce != NULL && nce->nce_is_condemned) {
3672 nce_refrele(nce);
3673 ixa->ixa_nce = NULL;
3674 ixa->ixa_ire_generation = IRE_GENERATION_VERIFY;
3675 }
3676
3677 return (error);
3678 }
3679
3680
3681 /*
3682 * Get the base MTU for the case when path MTU discovery is not used.
3683 * Takes the MTU of the IRE into account.
3684 */
3685 uint_t
3686 ip_get_base_mtu(ill_t *ill, ire_t *ire)
3687 {
3688 uint_t mtu;
3689 uint_t iremtu = ire->ire_metrics.iulp_mtu;
3690
3691 if (ire->ire_type & (IRE_MULTICAST|IRE_BROADCAST))
3692 mtu = ill->ill_mc_mtu;
3693 else
3694 mtu = ill->ill_mtu;
3695
3696 if (iremtu != 0 && iremtu < mtu)
3697 mtu = iremtu;
3698
3699 return (mtu);
3700 }
3701
3702 /*
3703 * Get the PMTU for the attributes. Handles both IPv4 and IPv6.
3704 * Assumes that ixa_ire, dce, and nce have already been set up.
3705 *
3706 * The caller has set IXAF_PMTU_DISCOVERY if path MTU discovery is desired.
3707 * We avoid path MTU discovery if it is disabled with ndd.
3708 * Furtermore, if the path MTU is too small, then we don't set DF for IPv4.
3709 *
3710 * NOTE: We also used to turn it off for source routed packets. That
3711 * is no longer required since the dce is per final destination.
3712 */
3713 uint_t
3714 ip_get_pmtu(ip_xmit_attr_t *ixa)
3715 {
3716 ip_stack_t *ipst = ixa->ixa_ipst;
3717 dce_t *dce;
3718 nce_t *nce;
3719 ire_t *ire;
3720 uint_t pmtu;
3721
3722 ire = ixa->ixa_ire;
3723 dce = ixa->ixa_dce;
3724 nce = ixa->ixa_nce;
3725
3726 /*
3727 * If path MTU discovery has been turned off by ndd, then we ignore
3728 * any dce_pmtu and for IPv4 we will not set DF.
3729 */
3730 if (!ipst->ips_ip_path_mtu_discovery)
3731 ixa->ixa_flags &= ~IXAF_PMTU_DISCOVERY;
3732
3733 pmtu = IP_MAXPACKET;
3734 /*
3735 * Decide whether whether IPv4 sets DF
3736 * For IPv6 "no DF" means to use the 1280 mtu
3737 */
3738 if (ixa->ixa_flags & IXAF_PMTU_DISCOVERY) {
3739 ixa->ixa_flags |= IXAF_PMTU_IPV4_DF;
3740 } else {
3741 ixa->ixa_flags &= ~IXAF_PMTU_IPV4_DF;
3742 if (!(ixa->ixa_flags & IXAF_IS_IPV4))
3743 pmtu = IPV6_MIN_MTU;
3744 }
3745
3746 /* Check if the PMTU is to old before we use it */
3747 if ((dce->dce_flags & DCEF_PMTU) &&
3748 TICK_TO_SEC(ddi_get_lbolt64()) - dce->dce_last_change_time >
3749 ipst->ips_ip_pathmtu_interval) {
3750 /*
3751 * Older than 20 minutes. Drop the path MTU information.
3752 */
3753 mutex_enter(&dce->dce_lock);
3754 dce->dce_flags &= ~(DCEF_PMTU|DCEF_TOO_SMALL_PMTU);
3755 dce->dce_last_change_time = TICK_TO_SEC(ddi_get_lbolt64());
3756 mutex_exit(&dce->dce_lock);
3757 dce_increment_generation(dce);
3758 }
3759
3760 /* The metrics on the route can lower the path MTU */
3761 if (ire->ire_metrics.iulp_mtu != 0 &&
3762 ire->ire_metrics.iulp_mtu < pmtu)
3763 pmtu = ire->ire_metrics.iulp_mtu;
3764
3765 /*
3766 * If the path MTU is smaller than some minimum, we still use dce_pmtu
3767 * above (would be 576 for IPv4 and 1280 for IPv6), but we clear
3768 * IXAF_PMTU_IPV4_DF so that we avoid setting DF for IPv4.
3769 */
3770 if (ixa->ixa_flags & IXAF_PMTU_DISCOVERY) {
3771 if (dce->dce_flags & DCEF_PMTU) {
3772 if (dce->dce_pmtu < pmtu)
3773 pmtu = dce->dce_pmtu;
3774
3775 if (dce->dce_flags & DCEF_TOO_SMALL_PMTU) {
3776 ixa->ixa_flags |= IXAF_PMTU_TOO_SMALL;
3777 ixa->ixa_flags &= ~IXAF_PMTU_IPV4_DF;
3778 } else {
3779 ixa->ixa_flags &= ~IXAF_PMTU_TOO_SMALL;
3780 ixa->ixa_flags |= IXAF_PMTU_IPV4_DF;
3781 }
3782 } else {
3783 ixa->ixa_flags &= ~IXAF_PMTU_TOO_SMALL;
3784 ixa->ixa_flags |= IXAF_PMTU_IPV4_DF;
3785 }
3786 }
3787
3788 /*
3789 * If we have an IRE_LOCAL we use the loopback mtu instead of
3790 * the ill for going out the wire i.e., IRE_LOCAL gets the same
3791 * mtu as IRE_LOOPBACK.
3792 */
3793 if (ire->ire_type & (IRE_LOCAL|IRE_LOOPBACK)) {
3794 uint_t loopback_mtu;
3795
3796 loopback_mtu = (ire->ire_ipversion == IPV6_VERSION) ?
3797 ip_loopback_mtu_v6plus : ip_loopback_mtuplus;
3798
3799 if (loopback_mtu < pmtu)
3800 pmtu = loopback_mtu;
3801 } else if (nce != NULL) {
3802 /*
3803 * Make sure we don't exceed the interface MTU.
3804 * In the case of RTF_REJECT or RTF_BLACKHOLE we might not have
3805 * an ill. We'd use the above IP_MAXPACKET in that case just
3806 * to tell the transport something larger than zero.
3807 */
3808 if (ire->ire_type & (IRE_MULTICAST|IRE_BROADCAST)) {
3809 if (nce->nce_common->ncec_ill->ill_mc_mtu < pmtu)
3810 pmtu = nce->nce_common->ncec_ill->ill_mc_mtu;
3811 if (nce->nce_common->ncec_ill != nce->nce_ill &&
3812 nce->nce_ill->ill_mc_mtu < pmtu) {
3813 /*
3814 * for interfaces in an IPMP group, the mtu of
3815 * the nce_ill (under_ill) could be different
3816 * from the mtu of the ncec_ill, so we take the
3817 * min of the two.
3818 */
3819 pmtu = nce->nce_ill->ill_mc_mtu;
3820 }
3821 } else {
3822 if (nce->nce_common->ncec_ill->ill_mtu < pmtu)
3823 pmtu = nce->nce_common->ncec_ill->ill_mtu;
3824 if (nce->nce_common->ncec_ill != nce->nce_ill &&
3825 nce->nce_ill->ill_mtu < pmtu) {
3826 /*
3827 * for interfaces in an IPMP group, the mtu of
3828 * the nce_ill (under_ill) could be different
3829 * from the mtu of the ncec_ill, so we take the
3830 * min of the two.
3831 */
3832 pmtu = nce->nce_ill->ill_mtu;
3833 }
3834 }
3835 }
3836
3837 /*
3838 * Handle the IPV6_USE_MIN_MTU socket option or ancillary data.
3839 * Only applies to IPv6.
3840 */
3841 if (!(ixa->ixa_flags & IXAF_IS_IPV4)) {
3842 if (ixa->ixa_flags & IXAF_USE_MIN_MTU) {
3843 switch (ixa->ixa_use_min_mtu) {
3844 case IPV6_USE_MIN_MTU_MULTICAST:
3845 if (ire->ire_type & IRE_MULTICAST)
3846 pmtu = IPV6_MIN_MTU;
3847 break;
3848 case IPV6_USE_MIN_MTU_ALWAYS:
3849 pmtu = IPV6_MIN_MTU;
3850 break;
3851 case IPV6_USE_MIN_MTU_NEVER:
3852 break;
3853 }
3854 } else {
3855 /* Default is IPV6_USE_MIN_MTU_MULTICAST */
3856 if (ire->ire_type & IRE_MULTICAST)
3857 pmtu = IPV6_MIN_MTU;
3858 }
3859 }
3860
3861 /*
3862 * After receiving an ICMPv6 "packet too big" message with a
3863 * MTU < 1280, and for multirouted IPv6 packets, the IP layer
3864 * will insert a 8-byte fragment header in every packet. We compensate
3865 * for those cases by returning a smaller path MTU to the ULP.
3866 *
3867 * In the case of CGTP then ip_output will add a fragment header.
3868 * Make sure there is room for it by telling a smaller number
3869 * to the transport.
3870 *
3871 * When IXAF_IPV6_ADDR_FRAGHDR we subtract the frag hdr here
3872 * so the ULPs consistently see a iulp_pmtu and ip_get_pmtu()
3873 * which is the size of the packets it can send.
3874 */
3875 if (!(ixa->ixa_flags & IXAF_IS_IPV4)) {
3876 if ((dce->dce_flags & DCEF_TOO_SMALL_PMTU) ||
3877 (ire->ire_flags & RTF_MULTIRT) ||
3878 (ixa->ixa_flags & IXAF_MULTIRT_MULTICAST)) {
3879 pmtu -= sizeof (ip6_frag_t);
3880 ixa->ixa_flags |= IXAF_IPV6_ADD_FRAGHDR;
3881 }
3882 }
3883
3884 return (pmtu);
3885 }
3886
3887 /*
3888 * Carve "len" bytes out of an mblk chain, consuming any we empty, and duping
3889 * the final piece where we don't. Return a pointer to the first mblk in the
3890 * result, and update the pointer to the next mblk to chew on. If anything
3891 * goes wrong (i.e., dupb fails), we waste everything in sight and return a
3892 * NULL pointer.
3893 */
3894 mblk_t *
3895 ip_carve_mp(mblk_t **mpp, ssize_t len)
3896 {
3897 mblk_t *mp0;
3898 mblk_t *mp1;
3899 mblk_t *mp2;
3900
3901 if (!len || !mpp || !(mp0 = *mpp))
3902 return (NULL);
3903 /* If we aren't going to consume the first mblk, we need a dup. */
3904 if (mp0->b_wptr - mp0->b_rptr > len) {
3905 mp1 = dupb(mp0);
3906 if (mp1) {
3907 /* Partition the data between the two mblks. */
3908 mp1->b_wptr = mp1->b_rptr + len;
3909 mp0->b_rptr = mp1->b_wptr;
3910 /*
3911 * after adjustments if mblk not consumed is now
3912 * unaligned, try to align it. If this fails free
3913 * all messages and let upper layer recover.
3914 */
3915 if (!OK_32PTR(mp0->b_rptr)) {
3916 if (!pullupmsg(mp0, -1)) {
3917 freemsg(mp0);
3918 freemsg(mp1);
3919 *mpp = NULL;
3920 return (NULL);
3921 }
3922 }
3923 }
3924 return (mp1);
3925 }
3926 /* Eat through as many mblks as we need to get len bytes. */
3927 len -= mp0->b_wptr - mp0->b_rptr;
3928 for (mp2 = mp1 = mp0; (mp2 = mp2->b_cont) != 0 && len; mp1 = mp2) {
3929 if (mp2->b_wptr - mp2->b_rptr > len) {
3930 /*
3931 * We won't consume the entire last mblk. Like
3932 * above, dup and partition it.
3933 */
3934 mp1->b_cont = dupb(mp2);
3935 mp1 = mp1->b_cont;
3936 if (!mp1) {
3937 /*
3938 * Trouble. Rather than go to a lot of
3939 * trouble to clean up, we free the messages.
3940 * This won't be any worse than losing it on
3941 * the wire.
3942 */
3943 freemsg(mp0);
3944 freemsg(mp2);
3945 *mpp = NULL;
3946 return (NULL);
3947 }
3948 mp1->b_wptr = mp1->b_rptr + len;
3949 mp2->b_rptr = mp1->b_wptr;
3950 /*
3951 * after adjustments if mblk not consumed is now
3952 * unaligned, try to align it. If this fails free
3953 * all messages and let upper layer recover.
3954 */
3955 if (!OK_32PTR(mp2->b_rptr)) {
3956 if (!pullupmsg(mp2, -1)) {
3957 freemsg(mp0);
3958 freemsg(mp2);
3959 *mpp = NULL;
3960 return (NULL);
3961 }
3962 }
3963 *mpp = mp2;
3964 return (mp0);
3965 }
3966 /* Decrement len by the amount we just got. */
3967 len -= mp2->b_wptr - mp2->b_rptr;
3968 }
3969 /*
3970 * len should be reduced to zero now. If not our caller has
3971 * screwed up.
3972 */
3973 if (len) {
3974 /* Shouldn't happen! */
3975 freemsg(mp0);
3976 *mpp = NULL;
3977 return (NULL);
3978 }
3979 /*
3980 * We consumed up to exactly the end of an mblk. Detach the part
3981 * we are returning from the rest of the chain.
3982 */
3983 mp1->b_cont = NULL;
3984 *mpp = mp2;
3985 return (mp0);
3986 }
3987
3988 /* The ill stream is being unplumbed. Called from ip_close */
3989 int
3990 ip_modclose(ill_t *ill)
3991 {
3992 boolean_t success;
3993 ipsq_t *ipsq;
3994 ipif_t *ipif;
3995 queue_t *q = ill->ill_rq;
3996 ip_stack_t *ipst = ill->ill_ipst;
3997 int i;
3998 arl_ill_common_t *ai = ill->ill_common;
3999
4000 /*
4001 * The punlink prior to this may have initiated a capability
4002 * negotiation. But ipsq_enter will block until that finishes or
4003 * times out.
4004 */
4005 success = ipsq_enter(ill, B_FALSE, NEW_OP);
4006
4007 /*
4008 * Open/close/push/pop is guaranteed to be single threaded
4009 * per stream by STREAMS. FS guarantees that all references
4010 * from top are gone before close is called. So there can't
4011 * be another close thread that has set CONDEMNED on this ill.
4012 * and cause ipsq_enter to return failure.
4013 */
4014 ASSERT(success);
4015 ipsq = ill->ill_phyint->phyint_ipsq;
4016
4017 /*
4018 * Mark it condemned. No new reference will be made to this ill.
4019 * Lookup functions will return an error. Threads that try to
4020 * increment the refcnt must check for ILL_CAN_LOOKUP. This ensures
4021 * that the refcnt will drop down to zero.
4022 */
4023 mutex_enter(&ill->ill_lock);
4024 ill->ill_state_flags |= ILL_CONDEMNED;
4025 for (ipif = ill->ill_ipif; ipif != NULL;
4026 ipif = ipif->ipif_next) {
4027 ipif->ipif_state_flags |= IPIF_CONDEMNED;
4028 }
4029 /*
4030 * Wake up anybody waiting to enter the ipsq. ipsq_enter
4031 * returns error if ILL_CONDEMNED is set
4032 */
4033 cv_broadcast(&ill->ill_cv);
4034 mutex_exit(&ill->ill_lock);
4035
4036 /*
4037 * Send all the deferred DLPI messages downstream which came in
4038 * during the small window right before ipsq_enter(). We do this
4039 * without waiting for the ACKs because all the ACKs for M_PROTO
4040 * messages are ignored in ip_rput() when ILL_CONDEMNED is set.
4041 */
4042 ill_dlpi_send_deferred(ill);
4043
4044 /*
4045 * Shut down fragmentation reassembly.
4046 * ill_frag_timer won't start a timer again.
4047 * Now cancel any existing timer
4048 */
4049 (void) untimeout(ill->ill_frag_timer_id);
4050 (void) ill_frag_timeout(ill, 0);
4051
4052 /*
4053 * Call ill_delete to bring down the ipifs, ilms and ill on
4054 * this ill. Then wait for the refcnts to drop to zero.
4055 * ill_is_freeable checks whether the ill is really quiescent.
4056 * Then make sure that threads that are waiting to enter the
4057 * ipsq have seen the error returned by ipsq_enter and have
4058 * gone away. Then we call ill_delete_tail which does the
4059 * DL_UNBIND_REQ with the driver and then qprocsoff.
4060 */
4061 ill_delete(ill);
4062 mutex_enter(&ill->ill_lock);
4063 while (!ill_is_freeable(ill))
4064 cv_wait(&ill->ill_cv, &ill->ill_lock);
4065
4066 while (ill->ill_waiters)
4067 cv_wait(&ill->ill_cv, &ill->ill_lock);
4068
4069 mutex_exit(&ill->ill_lock);
4070
4071 /*
4072 * ill_delete_tail drops reference on ill_ipst, but we need to keep
4073 * it held until the end of the function since the cleanup
4074 * below needs to be able to use the ip_stack_t.
4075 */
4076 netstack_hold(ipst->ips_netstack);
4077
4078 /* qprocsoff is done via ill_delete_tail */
4079 ill_delete_tail(ill);
4080 /*
4081 * synchronously wait for arp stream to unbind. After this, we
4082 * cannot get any data packets up from the driver.
4083 */
4084 arp_unbind_complete(ill);
4085 ASSERT(ill->ill_ipst == NULL);
4086
4087 /*
4088 * Walk through all conns and qenable those that have queued data.
4089 * Close synchronization needs this to
4090 * be done to ensure that all upper layers blocked
4091 * due to flow control to the closing device
4092 * get unblocked.
4093 */
4094 ip1dbg(("ip_wsrv: walking\n"));
4095 for (i = 0; i < TX_FANOUT_SIZE; i++) {
4096 conn_walk_drain(ipst, &ipst->ips_idl_tx_list[i]);
4097 }
4098
4099 /*
4100 * ai can be null if this is an IPv6 ill, or if the IPv4
4101 * stream is being torn down before ARP was plumbed (e.g.,
4102 * /sbin/ifconfig plumbing a stream twice, and encountering
4103 * an error
4104 */
4105 if (ai != NULL) {
4106 ASSERT(!ill->ill_isv6);
4107 mutex_enter(&ai->ai_lock);
4108 ai->ai_ill = NULL;
4109 if (ai->ai_arl == NULL) {
4110 mutex_destroy(&ai->ai_lock);
4111 kmem_free(ai, sizeof (*ai));
4112 } else {
4113 cv_signal(&ai->ai_ill_unplumb_done);
4114 mutex_exit(&ai->ai_lock);
4115 }
4116 }
4117
4118 mutex_enter(&ipst->ips_ip_mi_lock);
4119 mi_close_unlink(&ipst->ips_ip_g_head, (IDP)ill);
4120 mutex_exit(&ipst->ips_ip_mi_lock);
4121
4122 /*
4123 * credp could be null if the open didn't succeed and ip_modopen
4124 * itself calls ip_close.
4125 */
4126 if (ill->ill_credp != NULL)
4127 crfree(ill->ill_credp);
4128
4129 mutex_destroy(&ill->ill_saved_ire_lock);
4130 mutex_destroy(&ill->ill_lock);
4131 rw_destroy(&ill->ill_mcast_lock);
4132 mutex_destroy(&ill->ill_mcast_serializer);
4133 list_destroy(&ill->ill_nce);
4134
4135 /*
4136 * Now we are done with the module close pieces that
4137 * need the netstack_t.
4138 */
4139 netstack_rele(ipst->ips_netstack);
4140
4141 mi_close_free((IDP)ill);
4142 q->q_ptr = WR(q)->q_ptr = NULL;
4143
4144 ipsq_exit(ipsq);
4145
4146 return (0);
4147 }
4148
4149 /*
4150 * This is called as part of close() for IP, UDP, ICMP, and RTS
4151 * in order to quiesce the conn.
4152 */
4153 void
4154 ip_quiesce_conn(conn_t *connp)
4155 {
4156 boolean_t drain_cleanup_reqd = B_FALSE;
4157 boolean_t conn_ioctl_cleanup_reqd = B_FALSE;
4158 boolean_t ilg_cleanup_reqd = B_FALSE;
4159 ip_stack_t *ipst;
4160
4161 ASSERT(!IPCL_IS_TCP(connp));
4162 ipst = connp->conn_netstack->netstack_ip;
4163
4164 /*
4165 * Mark the conn as closing, and this conn must not be
4166 * inserted in future into any list. Eg. conn_drain_insert(),
4167 * won't insert this conn into the conn_drain_list.
4168 *
4169 * conn_idl, and conn_ilg cannot get set henceforth.
4170 */
4171 mutex_enter(&connp->conn_lock);
4172 ASSERT(!(connp->conn_state_flags & CONN_QUIESCED));
4173 connp->conn_state_flags |= CONN_CLOSING;
4174 if (connp->conn_idl != NULL)
4175 drain_cleanup_reqd = B_TRUE;
4176 if (connp->conn_oper_pending_ill != NULL)
4177 conn_ioctl_cleanup_reqd = B_TRUE;
4178 if (connp->conn_dhcpinit_ill != NULL) {
4179 ASSERT(connp->conn_dhcpinit_ill->ill_dhcpinit != 0);
4180 atomic_dec_32(&connp->conn_dhcpinit_ill->ill_dhcpinit);
4181 ill_set_inputfn(connp->conn_dhcpinit_ill);
4182 connp->conn_dhcpinit_ill = NULL;
4183 }
4184 if (connp->conn_ilg != NULL)
4185 ilg_cleanup_reqd = B_TRUE;
4186 mutex_exit(&connp->conn_lock);
4187
4188 if (conn_ioctl_cleanup_reqd)
4189 conn_ioctl_cleanup(connp);
4190
4191 if (is_system_labeled() && connp->conn_anon_port) {
4192 (void) tsol_mlp_anon(crgetzone(connp->conn_cred),
4193 connp->conn_mlp_type, connp->conn_proto,
4194 ntohs(connp->conn_lport), B_FALSE);
4195 connp->conn_anon_port = 0;
4196 }
4197 connp->conn_mlp_type = mlptSingle;
4198
4199 /*
4200 * Remove this conn from any fanout list it is on.
4201 * and then wait for any threads currently operating
4202 * on this endpoint to finish
4203 */
4204 ipcl_hash_remove(connp);
4205
4206 /*
4207 * Remove this conn from the drain list, and do any other cleanup that
4208 * may be required. (TCP conns are never flow controlled, and
4209 * conn_idl will be NULL.)
4210 */
4211 if (drain_cleanup_reqd && connp->conn_idl != NULL) {
4212 idl_t *idl = connp->conn_idl;
4213
4214 mutex_enter(&idl->idl_lock);
4215 conn_drain(connp, B_TRUE);
4216 mutex_exit(&idl->idl_lock);
4217 }
4218
4219 if (connp == ipst->ips_ip_g_mrouter)
4220 (void) ip_mrouter_done(ipst);
4221
4222 if (ilg_cleanup_reqd)
4223 ilg_delete_all(connp);
4224
4225 /*
4226 * Now conn refcnt can increase only thru CONN_INC_REF_LOCKED.
4227 * callers from write side can't be there now because close
4228 * is in progress. The only other caller is ipcl_walk
4229 * which checks for the condemned flag.
4230 */
4231 mutex_enter(&connp->conn_lock);
4232 connp->conn_state_flags |= CONN_CONDEMNED;
4233 while (connp->conn_ref != 1)
4234 cv_wait(&connp->conn_cv, &connp->conn_lock);
4235 connp->conn_state_flags |= CONN_QUIESCED;
4236 mutex_exit(&connp->conn_lock);
4237 }
4238
4239 /* ARGSUSED */
4240 int
4241 ip_close(queue_t *q, int flags)
4242 {
4243 conn_t *connp;
4244
4245 /*
4246 * Call the appropriate delete routine depending on whether this is
4247 * a module or device.
4248 */
4249 if (WR(q)->q_next != NULL) {
4250 /* This is a module close */
4251 return (ip_modclose((ill_t *)q->q_ptr));
4252 }
4253
4254 connp = q->q_ptr;
4255 ip_quiesce_conn(connp);
4256
4257 qprocsoff(q);
4258
4259 /*
4260 * Now we are truly single threaded on this stream, and can
4261 * delete the things hanging off the connp, and finally the connp.
4262 * We removed this connp from the fanout list, it cannot be
4263 * accessed thru the fanouts, and we already waited for the
4264 * conn_ref to drop to 0. We are already in close, so
4265 * there cannot be any other thread from the top. qprocsoff
4266 * has completed, and service has completed or won't run in
4267 * future.
4268 */
4269 ASSERT(connp->conn_ref == 1);
4270
4271 inet_minor_free(connp->conn_minor_arena, connp->conn_dev);
4272
4273 connp->conn_ref--;
4274 ipcl_conn_destroy(connp);
4275
4276 q->q_ptr = WR(q)->q_ptr = NULL;
4277 return (0);
4278 }
4279
4280 /*
4281 * Wapper around putnext() so that ip_rts_request can merely use
4282 * conn_recv.
4283 */
4284 /*ARGSUSED2*/
4285 static void
4286 ip_conn_input(void *arg1, mblk_t *mp, void *arg2, ip_recv_attr_t *ira)
4287 {
4288 conn_t *connp = (conn_t *)arg1;
4289
4290 putnext(connp->conn_rq, mp);
4291 }
4292
4293 /* Dummy in case ICMP error delivery is attempted to a /dev/ip instance */
4294 /* ARGSUSED */
4295 static void
4296 ip_conn_input_icmp(void *arg1, mblk_t *mp, void *arg2, ip_recv_attr_t *ira)
4297 {
4298 freemsg(mp);
4299 }
4300
4301 /*
4302 * Called when the module is about to be unloaded
4303 */
4304 void
4305 ip_ddi_destroy(void)
4306 {
4307 /* This needs to be called before destroying any transports. */
4308 mutex_enter(&cpu_lock);
4309 unregister_cpu_setup_func(ip_tp_cpu_update, NULL);
4310 mutex_exit(&cpu_lock);
4311
4312 tnet_fini();
4313
4314 icmp_ddi_g_destroy();
4315 rts_ddi_g_destroy();
4316 udp_ddi_g_destroy();
4317 dccp_ddi_g_destroy();
4318 sctp_ddi_g_destroy();
4319 tcp_ddi_g_destroy();
4320 ilb_ddi_g_destroy();
4321 dce_g_destroy();
4322 ipsec_policy_g_destroy();
4323 ipcl_g_destroy();
4324 ip_net_g_destroy();
4325 ip_ire_g_fini();
4326 inet_minor_destroy(ip_minor_arena_sa);
4327 #if defined(_LP64)
4328 inet_minor_destroy(ip_minor_arena_la);
4329 #endif
4330
4331 #ifdef DEBUG
4332 list_destroy(&ip_thread_list);
4333 rw_destroy(&ip_thread_rwlock);
4334 tsd_destroy(&ip_thread_data);
4335 #endif
4336
4337 netstack_unregister(NS_IP);
4338 }
4339
4340 /*
4341 * First step in cleanup.
4342 */
4343 /* ARGSUSED */
4344 static void
4345 ip_stack_shutdown(netstackid_t stackid, void *arg)
4346 {
4347 ip_stack_t *ipst = (ip_stack_t *)arg;
4348
4349 #ifdef NS_DEBUG
4350 printf("ip_stack_shutdown(%p, stack %d)\n", (void *)ipst, stackid);
4351 #endif
4352
4353 /*
4354 * Perform cleanup for special interfaces (loopback and IPMP).
4355 */
4356 ip_interface_cleanup(ipst);
4357
4358 /*
4359 * The *_hook_shutdown()s start the process of notifying any
4360 * consumers that things are going away.... nothing is destroyed.
4361 */
4362 ipv4_hook_shutdown(ipst);
4363 ipv6_hook_shutdown(ipst);
4364 arp_hook_shutdown(ipst);
4365
4366 mutex_enter(&ipst->ips_capab_taskq_lock);
4367 ipst->ips_capab_taskq_quit = B_TRUE;
4368 cv_signal(&ipst->ips_capab_taskq_cv);
4369 mutex_exit(&ipst->ips_capab_taskq_lock);
4370 }
4371
4372 /*
4373 * Free the IP stack instance.
4374 */
4375 static void
4376 ip_stack_fini(netstackid_t stackid, void *arg)
4377 {
4378 ip_stack_t *ipst = (ip_stack_t *)arg;
4379 int ret;
4380
4381 #ifdef NS_DEBUG
4382 printf("ip_stack_fini(%p, stack %d)\n", (void *)ipst, stackid);
4383 #endif
4384 /*
4385 * At this point, all of the notifications that the events and
4386 * protocols are going away have been run, meaning that we can
4387 * now set about starting to clean things up.
4388 */
4389 ipobs_fini(ipst);
4390 ipv4_hook_destroy(ipst);
4391 ipv6_hook_destroy(ipst);
4392 arp_hook_destroy(ipst);
4393 ip_net_destroy(ipst);
4394
4395 ipmp_destroy(ipst);
4396
4397 ip_kstat_fini(stackid, ipst->ips_ip_mibkp);
4398 ipst->ips_ip_mibkp = NULL;
4399 icmp_kstat_fini(stackid, ipst->ips_icmp_mibkp);
4400 ipst->ips_icmp_mibkp = NULL;
4401 ip_kstat2_fini(stackid, ipst->ips_ip_kstat);
4402 ipst->ips_ip_kstat = NULL;
4403 bzero(&ipst->ips_ip_statistics, sizeof (ipst->ips_ip_statistics));
4404 ip6_kstat_fini(stackid, ipst->ips_ip6_kstat);
4405 ipst->ips_ip6_kstat = NULL;
4406 bzero(&ipst->ips_ip6_statistics, sizeof (ipst->ips_ip6_statistics));
4407
4408 kmem_free(ipst->ips_propinfo_tbl,
4409 ip_propinfo_count * sizeof (mod_prop_info_t));
4410 ipst->ips_propinfo_tbl = NULL;
4411
4412 dce_stack_destroy(ipst);
4413 ip_mrouter_stack_destroy(ipst);
4414
4415 ret = untimeout(ipst->ips_igmp_timeout_id);
4416 if (ret == -1) {
4417 ASSERT(ipst->ips_igmp_timeout_id == 0);
4418 } else {
4419 ASSERT(ipst->ips_igmp_timeout_id != 0);
4420 ipst->ips_igmp_timeout_id = 0;
4421 }
4422 ret = untimeout(ipst->ips_igmp_slowtimeout_id);
4423 if (ret == -1) {
4424 ASSERT(ipst->ips_igmp_slowtimeout_id == 0);
4425 } else {
4426 ASSERT(ipst->ips_igmp_slowtimeout_id != 0);
4427 ipst->ips_igmp_slowtimeout_id = 0;
4428 }
4429 ret = untimeout(ipst->ips_mld_timeout_id);
4430 if (ret == -1) {
4431 ASSERT(ipst->ips_mld_timeout_id == 0);
4432 } else {
4433 ASSERT(ipst->ips_mld_timeout_id != 0);
4434 ipst->ips_mld_timeout_id = 0;
4435 }
4436 ret = untimeout(ipst->ips_mld_slowtimeout_id);
4437 if (ret == -1) {
4438 ASSERT(ipst->ips_mld_slowtimeout_id == 0);
4439 } else {
4440 ASSERT(ipst->ips_mld_slowtimeout_id != 0);
4441 ipst->ips_mld_slowtimeout_id = 0;
4442 }
4443
4444 ip_ire_fini(ipst);
4445 ip6_asp_free(ipst);
4446 conn_drain_fini(ipst);
4447 ipcl_destroy(ipst);
4448
4449 mutex_destroy(&ipst->ips_ndp4->ndp_g_lock);
4450 mutex_destroy(&ipst->ips_ndp6->ndp_g_lock);
4451 kmem_free(ipst->ips_ndp4, sizeof (ndp_g_t));
4452 ipst->ips_ndp4 = NULL;
4453 kmem_free(ipst->ips_ndp6, sizeof (ndp_g_t));
4454 ipst->ips_ndp6 = NULL;
4455
4456 if (ipst->ips_loopback_ksp != NULL) {
4457 kstat_delete_netstack(ipst->ips_loopback_ksp, stackid);
4458 ipst->ips_loopback_ksp = NULL;
4459 }
4460
4461 mutex_destroy(&ipst->ips_capab_taskq_lock);
4462 cv_destroy(&ipst->ips_capab_taskq_cv);
4463
4464 rw_destroy(&ipst->ips_srcid_lock);
4465
4466 mutex_destroy(&ipst->ips_ip_mi_lock);
4467 rw_destroy(&ipst->ips_ill_g_usesrc_lock);
4468
4469 mutex_destroy(&ipst->ips_igmp_timer_lock);
4470 mutex_destroy(&ipst->ips_mld_timer_lock);
4471 mutex_destroy(&ipst->ips_igmp_slowtimeout_lock);
4472 mutex_destroy(&ipst->ips_mld_slowtimeout_lock);
4473 mutex_destroy(&ipst->ips_ip_addr_avail_lock);
4474 rw_destroy(&ipst->ips_ill_g_lock);
4475
4476 kmem_free(ipst->ips_phyint_g_list, sizeof (phyint_list_t));
4477 ipst->ips_phyint_g_list = NULL;
4478 kmem_free(ipst->ips_ill_g_heads, sizeof (ill_g_head_t) * MAX_G_HEADS);
4479 ipst->ips_ill_g_heads = NULL;
4480
4481 ldi_ident_release(ipst->ips_ldi_ident);
4482 kmem_free(ipst, sizeof (*ipst));
4483 }
4484
4485 /*
4486 * This function is called from the TSD destructor, and is used to debug
4487 * reference count issues in IP. See block comment in <inet/ip_if.h> for
4488 * details.
4489 */
4490 static void
4491 ip_thread_exit(void *phash)
4492 {
4493 th_hash_t *thh = phash;
4494
4495 rw_enter(&ip_thread_rwlock, RW_WRITER);
4496 list_remove(&ip_thread_list, thh);
4497 rw_exit(&ip_thread_rwlock);
4498 mod_hash_destroy_hash(thh->thh_hash);
4499 kmem_free(thh, sizeof (*thh));
4500 }
4501
4502 /*
4503 * Called when the IP kernel module is loaded into the kernel
4504 */
4505 void
4506 ip_ddi_init(void)
4507 {
4508 ip_squeue_flag = ip_squeue_switch(ip_squeue_enter);
4509
4510 /*
4511 * For IP and TCP the minor numbers should start from 2 since we have 4
4512 * initial devices: ip, ip6, tcp, tcp6.
4513 */
4514 /*
4515 * If this is a 64-bit kernel, then create two separate arenas -
4516 * one for TLIs in the range of INET_MIN_DEV+2 through 2^^18-1, and the
4517 * other for socket apps in the range 2^^18 through 2^^32-1.
4518 */
4519 ip_minor_arena_la = NULL;
4520 ip_minor_arena_sa = NULL;
4521 #if defined(_LP64)
4522 if ((ip_minor_arena_sa = inet_minor_create("ip_minor_arena_sa",
4523 INET_MIN_DEV + 2, MAXMIN32, KM_SLEEP)) == NULL) {
4524 cmn_err(CE_PANIC,
4525 "ip_ddi_init: ip_minor_arena_sa creation failed\n");
4526 }
4527 if ((ip_minor_arena_la = inet_minor_create("ip_minor_arena_la",
4528 MAXMIN32 + 1, MAXMIN64, KM_SLEEP)) == NULL) {
4529 cmn_err(CE_PANIC,
4530 "ip_ddi_init: ip_minor_arena_la creation failed\n");
4531 }
4532 #else
4533 if ((ip_minor_arena_sa = inet_minor_create("ip_minor_arena_sa",
4534 INET_MIN_DEV + 2, MAXMIN, KM_SLEEP)) == NULL) {
4535 cmn_err(CE_PANIC,
4536 "ip_ddi_init: ip_minor_arena_sa creation failed\n");
4537 }
4538 #endif
4539 ip_poll_normal_ticks = MSEC_TO_TICK_ROUNDUP(ip_poll_normal_ms);
4540
4541 ipcl_g_init();
4542 ip_ire_g_init();
4543 ip_net_g_init();
4544
4545 #ifdef DEBUG
4546 tsd_create(&ip_thread_data, ip_thread_exit);
4547 rw_init(&ip_thread_rwlock, NULL, RW_DEFAULT, NULL);
4548 list_create(&ip_thread_list, sizeof (th_hash_t),
4549 offsetof(th_hash_t, thh_link));
4550 #endif
4551 ipsec_policy_g_init();
4552 tcp_ddi_g_init();
4553 sctp_ddi_g_init();
4554 dccp_ddi_g_init();
4555 dce_g_init();
4556
4557 /*
4558 * We want to be informed each time a stack is created or
4559 * destroyed in the kernel, so we can maintain the
4560 * set of udp_stack_t's.
4561 */
4562 netstack_register(NS_IP, ip_stack_init, ip_stack_shutdown,
4563 ip_stack_fini);
4564
4565 tnet_init();
4566
4567 udp_ddi_g_init();
4568 rts_ddi_g_init();
4569 icmp_ddi_g_init();
4570 ilb_ddi_g_init();
4571
4572 /* This needs to be called after all transports are initialized. */
4573 mutex_enter(&cpu_lock);
4574 register_cpu_setup_func(ip_tp_cpu_update, NULL);
4575 mutex_exit(&cpu_lock);
4576 }
4577
4578 /*
4579 * Initialize the IP stack instance.
4580 */
4581 static void *
4582 ip_stack_init(netstackid_t stackid, netstack_t *ns)
4583 {
4584 ip_stack_t *ipst;
4585 size_t arrsz;
4586 major_t major;
4587
4588 #ifdef NS_DEBUG
4589 printf("ip_stack_init(stack %d)\n", stackid);
4590 #endif
4591
4592 ipst = (ip_stack_t *)kmem_zalloc(sizeof (*ipst), KM_SLEEP);
4593 ipst->ips_netstack = ns;
4594
4595 ipst->ips_ill_g_heads = kmem_zalloc(sizeof (ill_g_head_t) * MAX_G_HEADS,
4596 KM_SLEEP);
4597 ipst->ips_phyint_g_list = kmem_zalloc(sizeof (phyint_list_t),
4598 KM_SLEEP);
4599 ipst->ips_ndp4 = kmem_zalloc(sizeof (ndp_g_t), KM_SLEEP);
4600 ipst->ips_ndp6 = kmem_zalloc(sizeof (ndp_g_t), KM_SLEEP);
4601 mutex_init(&ipst->ips_ndp4->ndp_g_lock, NULL, MUTEX_DEFAULT, NULL);
4602 mutex_init(&ipst->ips_ndp6->ndp_g_lock, NULL, MUTEX_DEFAULT, NULL);
4603
4604 mutex_init(&ipst->ips_igmp_timer_lock, NULL, MUTEX_DEFAULT, NULL);
4605 ipst->ips_igmp_deferred_next = INFINITY;
4606 mutex_init(&ipst->ips_mld_timer_lock, NULL, MUTEX_DEFAULT, NULL);
4607 ipst->ips_mld_deferred_next = INFINITY;
4608 mutex_init(&ipst->ips_igmp_slowtimeout_lock, NULL, MUTEX_DEFAULT, NULL);
4609 mutex_init(&ipst->ips_mld_slowtimeout_lock, NULL, MUTEX_DEFAULT, NULL);
4610 mutex_init(&ipst->ips_ip_mi_lock, NULL, MUTEX_DEFAULT, NULL);
4611 mutex_init(&ipst->ips_ip_addr_avail_lock, NULL, MUTEX_DEFAULT, NULL);
4612 rw_init(&ipst->ips_ill_g_lock, NULL, RW_DEFAULT, NULL);
4613 rw_init(&ipst->ips_ill_g_usesrc_lock, NULL, RW_DEFAULT, NULL);
4614
4615 ipcl_init(ipst);
4616 ip_ire_init(ipst);
4617 ip6_asp_init(ipst);
4618 ipif_init(ipst);
4619 conn_drain_init(ipst);
4620 ip_mrouter_stack_init(ipst);
4621 dce_stack_init(ipst);
4622
4623 ipst->ips_ip_multirt_log_interval = 1000;
4624
4625 ipst->ips_ill_index = 1;
4626
4627 ipst->ips_saved_ip_forwarding = -1;
4628 ipst->ips_reg_vif_num = ALL_VIFS; /* Index to Register vif */
4629
4630 arrsz = ip_propinfo_count * sizeof (mod_prop_info_t);
4631 ipst->ips_propinfo_tbl = (mod_prop_info_t *)kmem_alloc(arrsz, KM_SLEEP);
4632 bcopy(ip_propinfo_tbl, ipst->ips_propinfo_tbl, arrsz);
4633
4634 ipst->ips_ip_mibkp = ip_kstat_init(stackid, ipst);
4635 ipst->ips_icmp_mibkp = icmp_kstat_init(stackid);
4636 ipst->ips_ip_kstat = ip_kstat2_init(stackid, &ipst->ips_ip_statistics);
4637 ipst->ips_ip6_kstat =
4638 ip6_kstat_init(stackid, &ipst->ips_ip6_statistics);
4639
4640 ipst->ips_ip_src_id = 1;
4641 rw_init(&ipst->ips_srcid_lock, NULL, RW_DEFAULT, NULL);
4642
4643 ipst->ips_src_generation = SRC_GENERATION_INITIAL;
4644
4645 ip_net_init(ipst, ns);
4646 ipv4_hook_init(ipst);
4647 ipv6_hook_init(ipst);
4648 arp_hook_init(ipst);
4649 ipmp_init(ipst);
4650 ipobs_init(ipst);
4651
4652 /*
4653 * Create the taskq dispatcher thread and initialize related stuff.
4654 */
4655 mutex_init(&ipst->ips_capab_taskq_lock, NULL, MUTEX_DEFAULT, NULL);
4656 cv_init(&ipst->ips_capab_taskq_cv, NULL, CV_DEFAULT, NULL);
4657 ipst->ips_capab_taskq_thread = thread_create(NULL, 0,
4658 ill_taskq_dispatch, ipst, 0, &p0, TS_RUN, minclsyspri);
4659
4660 major = mod_name_to_major(INET_NAME);
4661 (void) ldi_ident_from_major(major, &ipst->ips_ldi_ident);
4662 return (ipst);
4663 }
4664
4665 /*
4666 * Allocate and initialize a DLPI template of the specified length. (May be
4667 * called as writer.)
4668 */
4669 mblk_t *
4670 ip_dlpi_alloc(size_t len, t_uscalar_t prim)
4671 {
4672 mblk_t *mp;
4673
4674 mp = allocb(len, BPRI_MED);
4675 if (!mp)
4676 return (NULL);
4677
4678 /*
4679 * DLPIv2 says that DL_INFO_REQ and DL_TOKEN_REQ (the latter
4680 * of which we don't seem to use) are sent with M_PCPROTO, and
4681 * that other DLPI are M_PROTO.
4682 */
4683 if (prim == DL_INFO_REQ) {
4684 mp->b_datap->db_type = M_PCPROTO;
4685 } else {
4686 mp->b_datap->db_type = M_PROTO;
4687 }
4688
4689 mp->b_wptr = mp->b_rptr + len;
4690 bzero(mp->b_rptr, len);
4691 ((dl_unitdata_req_t *)mp->b_rptr)->dl_primitive = prim;
4692 return (mp);
4693 }
4694
4695 /*
4696 * Allocate and initialize a DLPI notification. (May be called as writer.)
4697 */
4698 mblk_t *
4699 ip_dlnotify_alloc(uint_t notification, uint_t data)
4700 {
4701 dl_notify_ind_t *notifyp;
4702 mblk_t *mp;
4703
4704 if ((mp = ip_dlpi_alloc(DL_NOTIFY_IND_SIZE, DL_NOTIFY_IND)) == NULL)
4705 return (NULL);
4706
4707 notifyp = (dl_notify_ind_t *)mp->b_rptr;
4708 notifyp->dl_notification = notification;
4709 notifyp->dl_data = data;
4710 return (mp);
4711 }
4712
4713 mblk_t *
4714 ip_dlnotify_alloc2(uint_t notification, uint_t data1, uint_t data2)
4715 {
4716 dl_notify_ind_t *notifyp;
4717 mblk_t *mp;
4718
4719 if ((mp = ip_dlpi_alloc(DL_NOTIFY_IND_SIZE, DL_NOTIFY_IND)) == NULL)
4720 return (NULL);
4721
4722 notifyp = (dl_notify_ind_t *)mp->b_rptr;
4723 notifyp->dl_notification = notification;
4724 notifyp->dl_data1 = data1;
4725 notifyp->dl_data2 = data2;
4726 return (mp);
4727 }
4728
4729 /*
4730 * Debug formatting routine. Returns a character string representation of the
4731 * addr in buf, of the form xxx.xxx.xxx.xxx. This routine takes the address
4732 * in the form of a ipaddr_t and calls ip_dot_saddr with a pointer.
4733 *
4734 * Once the ndd table-printing interfaces are removed, this can be changed to
4735 * standard dotted-decimal form.
4736 */
4737 char *
4738 ip_dot_addr(ipaddr_t addr, char *buf)
4739 {
4740 uint8_t *ap = (uint8_t *)&addr;
4741
4742 (void) mi_sprintf(buf, "%03d.%03d.%03d.%03d",
4743 ap[0] & 0xFF, ap[1] & 0xFF, ap[2] & 0xFF, ap[3] & 0xFF);
4744 return (buf);
4745 }
4746
4747 /*
4748 * Write the given MAC address as a printable string in the usual colon-
4749 * separated format.
4750 */
4751 const char *
4752 mac_colon_addr(const uint8_t *addr, size_t alen, char *buf, size_t buflen)
4753 {
4754 char *bp;
4755
4756 if (alen == 0 || buflen < 4)
4757 return ("?");
4758 bp = buf;
4759 for (;;) {
4760 /*
4761 * If there are more MAC address bytes available, but we won't
4762 * have any room to print them, then add "..." to the string
4763 * instead. See below for the 'magic number' explanation.
4764 */
4765 if ((alen == 2 && buflen < 6) || (alen > 2 && buflen < 7)) {
4766 (void) strcpy(bp, "...");
4767 break;
4768 }
4769 (void) sprintf(bp, "%02x", *addr++);
4770 bp += 2;
4771 if (--alen == 0)
4772 break;
4773 *bp++ = ':';
4774 buflen -= 3;
4775 /*
4776 * At this point, based on the first 'if' statement above,
4777 * either alen == 1 and buflen >= 3, or alen > 1 and
4778 * buflen >= 4. The first case leaves room for the final "xx"
4779 * number and trailing NUL byte. The second leaves room for at
4780 * least "...". Thus the apparently 'magic' numbers chosen for
4781 * that statement.
4782 */
4783 }
4784 return (buf);
4785 }
4786
4787 /*
4788 * Called when it is conceptually a ULP that would sent the packet
4789 * e.g., port unreachable and protocol unreachable. Check that the packet
4790 * would have passed the IPsec global policy before sending the error.
4791 *
4792 * Send an ICMP error after patching up the packet appropriately.
4793 * Uses ip_drop_input and bumps the appropriate MIB.
4794 */
4795 void
4796 ip_fanout_send_icmp_v4(mblk_t *mp, uint_t icmp_type, uint_t icmp_code,
4797 ip_recv_attr_t *ira)
4798 {
4799 ipha_t *ipha;
4800 boolean_t secure;
4801 ill_t *ill = ira->ira_ill;
4802 ip_stack_t *ipst = ill->ill_ipst;
4803 netstack_t *ns = ipst->ips_netstack;
4804 ipsec_stack_t *ipss = ns->netstack_ipsec;
4805
4806 secure = ira->ira_flags & IRAF_IPSEC_SECURE;
4807
4808 /*
4809 * We are generating an icmp error for some inbound packet.
4810 * Called from all ip_fanout_(udp, tcp, proto) functions.
4811 * Before we generate an error, check with global policy
4812 * to see whether this is allowed to enter the system. As
4813 * there is no "conn", we are checking with global policy.
4814 */
4815 ipha = (ipha_t *)mp->b_rptr;
4816 if (secure || ipss->ipsec_inbound_v4_policy_present) {
4817 mp = ipsec_check_global_policy(mp, NULL, ipha, NULL, ira, ns);
4818 if (mp == NULL)
4819 return;
4820 }
4821
4822 /* We never send errors for protocols that we do implement */
4823 if (ira->ira_protocol == IPPROTO_ICMP ||
4824 ira->ira_protocol == IPPROTO_IGMP) {
4825 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
4826 ip_drop_input("ip_fanout_send_icmp_v4", mp, ill);
4827 freemsg(mp);
4828 return;
4829 }
4830 /*
4831 * Have to correct checksum since
4832 * the packet might have been
4833 * fragmented and the reassembly code in ip_rput
4834 * does not restore the IP checksum.
4835 */
4836 ipha->ipha_hdr_checksum = 0;
4837 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha);
4838
4839 switch (icmp_type) {
4840 case ICMP_DEST_UNREACHABLE:
4841 switch (icmp_code) {
4842 case ICMP_PROTOCOL_UNREACHABLE:
4843 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInUnknownProtos);
4844 ip_drop_input("ipIfStatsInUnknownProtos", mp, ill);
4845 break;
4846 case ICMP_PORT_UNREACHABLE:
4847 BUMP_MIB(ill->ill_ip_mib, udpIfStatsNoPorts);
4848 ip_drop_input("ipIfStatsNoPorts", mp, ill);
4849 break;
4850 }
4851
4852 icmp_unreachable(mp, icmp_code, ira);
4853 break;
4854 default:
4855 #ifdef DEBUG
4856 panic("ip_fanout_send_icmp_v4: wrong type");
4857 /*NOTREACHED*/
4858 #else
4859 freemsg(mp);
4860 break;
4861 #endif
4862 }
4863 }
4864
4865 /*
4866 * Used to send an ICMP error message when a packet is received for
4867 * a protocol that is not supported. The mblk passed as argument
4868 * is consumed by this function.
4869 */
4870 void
4871 ip_proto_not_sup(mblk_t *mp, ip_recv_attr_t *ira)
4872 {
4873 ipha_t *ipha;
4874
4875 ipha = (ipha_t *)mp->b_rptr;
4876 if (ira->ira_flags & IRAF_IS_IPV4) {
4877 ASSERT(IPH_HDR_VERSION(ipha) == IP_VERSION);
4878 ip_fanout_send_icmp_v4(mp, ICMP_DEST_UNREACHABLE,
4879 ICMP_PROTOCOL_UNREACHABLE, ira);
4880 } else {
4881 ASSERT(IPH_HDR_VERSION(ipha) == IPV6_VERSION);
4882 ip_fanout_send_icmp_v6(mp, ICMP6_PARAM_PROB,
4883 ICMP6_PARAMPROB_NEXTHEADER, ira);
4884 }
4885 }
4886
4887 /*
4888 * Deliver a rawip packet to the given conn, possibly applying ipsec policy.
4889 * Handles IPv4 and IPv6.
4890 * We are responsible for disposing of mp, such as by freemsg() or putnext()
4891 * Caller is responsible for dropping references to the conn.
4892 */
4893 void
4894 ip_fanout_proto_conn(conn_t *connp, mblk_t *mp, ipha_t *ipha, ip6_t *ip6h,
4895 ip_recv_attr_t *ira)
4896 {
4897 ill_t *ill = ira->ira_ill;
4898 ip_stack_t *ipst = ill->ill_ipst;
4899 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec;
4900 boolean_t secure;
4901 uint_t protocol = ira->ira_protocol;
4902 iaflags_t iraflags = ira->ira_flags;
4903 queue_t *rq;
4904
4905 secure = iraflags & IRAF_IPSEC_SECURE;
4906
4907 rq = connp->conn_rq;
4908 if (IPCL_IS_NONSTR(connp) ? connp->conn_flow_cntrld : !canputnext(rq)) {
4909 switch (protocol) {
4910 case IPPROTO_ICMPV6:
4911 BUMP_MIB(ill->ill_icmp6_mib, ipv6IfIcmpInOverflows);
4912 break;
4913 case IPPROTO_ICMP:
4914 BUMP_MIB(&ipst->ips_icmp_mib, icmpInOverflows);
4915 break;
4916 default:
4917 BUMP_MIB(ill->ill_ip_mib, rawipIfStatsInOverflows);
4918 break;
4919 }
4920 freemsg(mp);
4921 return;
4922 }
4923
4924 ASSERT(!(IPCL_IS_IPTUN(connp)));
4925
4926 if (((iraflags & IRAF_IS_IPV4) ?
4927 CONN_INBOUND_POLICY_PRESENT(connp, ipss) :
4928 CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss)) ||
4929 secure) {
4930 mp = ipsec_check_inbound_policy(mp, connp, ipha,
4931 ip6h, ira);
4932 if (mp == NULL) {
4933 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
4934 /* Note that mp is NULL */
4935 ip_drop_input("ipIfStatsInDiscards", mp, ill);
4936 return;
4937 }
4938 }
4939
4940 if (iraflags & IRAF_ICMP_ERROR) {
4941 (connp->conn_recvicmp)(connp, mp, NULL, ira);
4942 } else {
4943 ill_t *rill = ira->ira_rill;
4944
4945 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers);
4946 ira->ira_ill = ira->ira_rill = NULL;
4947 /* Send it upstream */
4948 (connp->conn_recv)(connp, mp, NULL, ira);
4949 ira->ira_ill = ill;
4950 ira->ira_rill = rill;
4951 }
4952 }
4953
4954 /*
4955 * Handle protocols with which IP is less intimate. There
4956 * can be more than one stream bound to a particular
4957 * protocol. When this is the case, normally each one gets a copy
4958 * of any incoming packets.
4959 *
4960 * IPsec NOTE :
4961 *
4962 * Don't allow a secure packet going up a non-secure connection.
4963 * We don't allow this because
4964 *
4965 * 1) Reply might go out in clear which will be dropped at
4966 * the sending side.
4967 * 2) If the reply goes out in clear it will give the
4968 * adversary enough information for getting the key in
4969 * most of the cases.
4970 *
4971 * Moreover getting a secure packet when we expect clear
4972 * implies that SA's were added without checking for
4973 * policy on both ends. This should not happen once ISAKMP
4974 * is used to negotiate SAs as SAs will be added only after
4975 * verifying the policy.
4976 *
4977 * Zones notes:
4978 * Earlier in ip_input on a system with multiple shared-IP zones we
4979 * duplicate the multicast and broadcast packets and send them up
4980 * with each explicit zoneid that exists on that ill.
4981 * This means that here we can match the zoneid with SO_ALLZONES being special.
4982 */
4983 void
4984 ip_fanout_proto_v4(mblk_t *mp, ipha_t *ipha, ip_recv_attr_t *ira)
4985 {
4986 mblk_t *mp1;
4987 ipaddr_t laddr;
4988 conn_t *connp, *first_connp, *next_connp;
4989 connf_t *connfp;
4990 ill_t *ill = ira->ira_ill;
4991 ip_stack_t *ipst = ill->ill_ipst;
4992
4993 laddr = ipha->ipha_dst;
4994
4995 connfp = &ipst->ips_ipcl_proto_fanout_v4[ira->ira_protocol];
4996 mutex_enter(&connfp->connf_lock);
4997 connp = connfp->connf_head;
4998 for (connp = connfp->connf_head; connp != NULL;
4999 connp = connp->conn_next) {
5000 /* Note: IPCL_PROTO_MATCH includes conn_wantpacket */
5001 if (IPCL_PROTO_MATCH(connp, ira, ipha) &&
5002 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) ||
5003 tsol_receive_local(mp, &laddr, IPV4_VERSION, ira, connp))) {
5004 break;
5005 }
5006 }
5007
5008 if (connp == NULL) {
5009 /*
5010 * No one bound to these addresses. Is
5011 * there a client that wants all
5012 * unclaimed datagrams?
5013 */
5014 mutex_exit(&connfp->connf_lock);
5015 ip_fanout_send_icmp_v4(mp, ICMP_DEST_UNREACHABLE,
5016 ICMP_PROTOCOL_UNREACHABLE, ira);
5017 return;
5018 }
5019
5020 ASSERT(IPCL_IS_NONSTR(connp) || connp->conn_rq != NULL);
5021
5022 CONN_INC_REF(connp);
5023 first_connp = connp;
5024 connp = connp->conn_next;
5025
5026 for (;;) {
5027 while (connp != NULL) {
5028 /* Note: IPCL_PROTO_MATCH includes conn_wantpacket */
5029 if (IPCL_PROTO_MATCH(connp, ira, ipha) &&
5030 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) ||
5031 tsol_receive_local(mp, &laddr, IPV4_VERSION,
5032 ira, connp)))
5033 break;
5034 connp = connp->conn_next;
5035 }
5036
5037 if (connp == NULL) {
5038 /* No more interested clients */
5039 connp = first_connp;
5040 break;
5041 }
5042 if (((mp1 = dupmsg(mp)) == NULL) &&
5043 ((mp1 = copymsg(mp)) == NULL)) {
5044 /* Memory allocation failed */
5045 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
5046 ip_drop_input("ipIfStatsInDiscards", mp, ill);
5047 connp = first_connp;
5048 break;
5049 }
5050
5051 CONN_INC_REF(connp);
5052 mutex_exit(&connfp->connf_lock);
5053
5054 ip_fanout_proto_conn(connp, mp1, (ipha_t *)mp1->b_rptr, NULL,
5055 ira);
5056
5057 mutex_enter(&connfp->connf_lock);
5058 /* Follow the next pointer before releasing the conn. */
5059 next_connp = connp->conn_next;
5060 CONN_DEC_REF(connp);
5061 connp = next_connp;
5062 }
5063
5064 /* Last one. Send it upstream. */
5065 mutex_exit(&connfp->connf_lock);
5066
5067 ip_fanout_proto_conn(connp, mp, ipha, NULL, ira);
5068
5069 CONN_DEC_REF(connp);
5070 }
5071
5072 /*
5073 * If we have a IPsec NAT-Traversal packet, strip the zero-SPI or
5074 * pass it along to ESP if the SPI is non-zero. Returns the mblk if the mblk
5075 * is not consumed.
5076 *
5077 * One of three things can happen, all of which affect the passed-in mblk:
5078 *
5079 * 1.) The packet is stock UDP and gets its zero-SPI stripped. Return mblk..
5080 *
5081 * 2.) The packet is ESP-in-UDP, gets transformed into an equivalent
5082 * ESP packet, and is passed along to ESP for consumption. Return NULL.
5083 *
5084 * 3.) The packet is an ESP-in-UDP Keepalive. Drop it and return NULL.
5085 */
5086 mblk_t *
5087 zero_spi_check(mblk_t *mp, ip_recv_attr_t *ira)
5088 {
5089 int shift, plen, iph_len;
5090 ipha_t *ipha;
5091 udpha_t *udpha;
5092 uint32_t *spi;
5093 uint32_t esp_ports;
5094 uint8_t *orptr;
5095 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
5096 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec;
5097
5098 ipha = (ipha_t *)mp->b_rptr;
5099 iph_len = ira->ira_ip_hdr_length;
5100 plen = ira->ira_pktlen;
5101
5102 if (plen - iph_len - sizeof (udpha_t) < sizeof (uint32_t)) {
5103 /*
5104 * Most likely a keepalive for the benefit of an intervening
5105 * NAT. These aren't for us, per se, so drop it.
5106 *
5107 * RFC 3947/8 doesn't say for sure what to do for 2-3
5108 * byte packets (keepalives are 1-byte), but we'll drop them
5109 * also.
5110 */
5111 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
5112 DROPPER(ipss, ipds_esp_nat_t_ka), &ipss->ipsec_dropper);
5113 return (NULL);
5114 }
5115
5116 if (MBLKL(mp) < iph_len + sizeof (udpha_t) + sizeof (*spi)) {
5117 /* might as well pull it all up - it might be ESP. */
5118 if (!pullupmsg(mp, -1)) {
5119 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
5120 DROPPER(ipss, ipds_esp_nomem),
5121 &ipss->ipsec_dropper);
5122 return (NULL);
5123 }
5124
5125 ipha = (ipha_t *)mp->b_rptr;
5126 }
5127 spi = (uint32_t *)(mp->b_rptr + iph_len + sizeof (udpha_t));
5128 if (*spi == 0) {
5129 /* UDP packet - remove 0-spi. */
5130 shift = sizeof (uint32_t);
5131 } else {
5132 /* ESP-in-UDP packet - reduce to ESP. */
5133 ipha->ipha_protocol = IPPROTO_ESP;
5134 shift = sizeof (udpha_t);
5135 }
5136
5137 /* Fix IP header */
5138 ira->ira_pktlen = (plen - shift);
5139 ipha->ipha_length = htons(ira->ira_pktlen);
5140 ipha->ipha_hdr_checksum = 0;
5141
5142 orptr = mp->b_rptr;
5143 mp->b_rptr += shift;
5144
5145 udpha = (udpha_t *)(orptr + iph_len);
5146 if (*spi == 0) {
5147 ASSERT((uint8_t *)ipha == orptr);
5148 udpha->uha_length = htons(plen - shift - iph_len);
5149 iph_len += sizeof (udpha_t); /* For the call to ovbcopy(). */
5150 esp_ports = 0;
5151 } else {
5152 esp_ports = *((uint32_t *)udpha);
5153 ASSERT(esp_ports != 0);
5154 }
5155 ovbcopy(orptr, orptr + shift, iph_len);
5156 if (esp_ports != 0) /* Punt up for ESP processing. */ {
5157 ipha = (ipha_t *)(orptr + shift);
5158
5159 ira->ira_flags |= IRAF_ESP_UDP_PORTS;
5160 ira->ira_esp_udp_ports = esp_ports;
5161 ip_fanout_v4(mp, ipha, ira);
5162 return (NULL);
5163 }
5164 return (mp);
5165 }
5166
5167 /*
5168 * Deliver a udp packet to the given conn, possibly applying ipsec policy.
5169 * Handles IPv4 and IPv6.
5170 * We are responsible for disposing of mp, such as by freemsg() or putnext()
5171 * Caller is responsible for dropping references to the conn.
5172 */
5173 void
5174 ip_fanout_udp_conn(conn_t *connp, mblk_t *mp, ipha_t *ipha, ip6_t *ip6h,
5175 ip_recv_attr_t *ira)
5176 {
5177 ill_t *ill = ira->ira_ill;
5178 ip_stack_t *ipst = ill->ill_ipst;
5179 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec;
5180 boolean_t secure;
5181 iaflags_t iraflags = ira->ira_flags;
5182
5183 secure = iraflags & IRAF_IPSEC_SECURE;
5184
5185 if (IPCL_IS_NONSTR(connp) ? connp->conn_flow_cntrld :
5186 !canputnext(connp->conn_rq)) {
5187 BUMP_MIB(ill->ill_ip_mib, udpIfStatsInOverflows);
5188 freemsg(mp);
5189 return;
5190 }
5191
5192 if (((iraflags & IRAF_IS_IPV4) ?
5193 CONN_INBOUND_POLICY_PRESENT(connp, ipss) :
5194 CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss)) ||
5195 secure) {
5196 mp = ipsec_check_inbound_policy(mp, connp, ipha,
5197 ip6h, ira);
5198 if (mp == NULL) {
5199 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
5200 /* Note that mp is NULL */
5201 ip_drop_input("ipIfStatsInDiscards", mp, ill);
5202 return;
5203 }
5204 }
5205
5206 /*
5207 * Since this code is not used for UDP unicast we don't need a NAT_T
5208 * check. Only ip_fanout_v4 has that check.
5209 */
5210 if (ira->ira_flags & IRAF_ICMP_ERROR) {
5211 (connp->conn_recvicmp)(connp, mp, NULL, ira);
5212 } else {
5213 ill_t *rill = ira->ira_rill;
5214
5215 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers);
5216 ira->ira_ill = ira->ira_rill = NULL;
5217 /* Send it upstream */
5218 (connp->conn_recv)(connp, mp, NULL, ira);
5219 ira->ira_ill = ill;
5220 ira->ira_rill = rill;
5221 }
5222 }
5223
5224 /*
5225 * Fanout for UDP packets that are multicast or broadcast, and ICMP errors.
5226 * (Unicast fanout is handled in ip_input_v4.)
5227 *
5228 * If SO_REUSEADDR is set all multicast and broadcast packets
5229 * will be delivered to all conns bound to the same port.
5230 *
5231 * If there is at least one matching AF_INET receiver, then we will
5232 * ignore any AF_INET6 receivers.
5233 * In the special case where an AF_INET socket binds to 0.0.0.0/<port> and an
5234 * AF_INET6 socket binds to ::/<port>, only the AF_INET socket receives the IPv4
5235 * packets.
5236 *
5237 * Zones notes:
5238 * Earlier in ip_input on a system with multiple shared-IP zones we
5239 * duplicate the multicast and broadcast packets and send them up
5240 * with each explicit zoneid that exists on that ill.
5241 * This means that here we can match the zoneid with SO_ALLZONES being special.
5242 */
5243 void
5244 ip_fanout_udp_multi_v4(mblk_t *mp, ipha_t *ipha, uint16_t lport, uint16_t fport,
5245 ip_recv_attr_t *ira)
5246 {
5247 ipaddr_t laddr;
5248 in6_addr_t v6faddr;
5249 conn_t *connp;
5250 connf_t *connfp;
5251 ipaddr_t faddr;
5252 ill_t *ill = ira->ira_ill;
5253 ip_stack_t *ipst = ill->ill_ipst;
5254
5255 ASSERT(ira->ira_flags & (IRAF_MULTIBROADCAST|IRAF_ICMP_ERROR));
5256
5257 laddr = ipha->ipha_dst;
5258 faddr = ipha->ipha_src;
5259
5260 connfp = &ipst->ips_ipcl_udp_fanout[IPCL_UDP_HASH(lport, ipst)];
5261 mutex_enter(&connfp->connf_lock);
5262 connp = connfp->connf_head;
5263
5264 /*
5265 * If SO_REUSEADDR has been set on the first we send the
5266 * packet to all clients that have joined the group and
5267 * match the port.
5268 */
5269 while (connp != NULL) {
5270 if ((IPCL_UDP_MATCH(connp, lport, laddr, fport, faddr)) &&
5271 conn_wantpacket(connp, ira, ipha) &&
5272 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) ||
5273 tsol_receive_local(mp, &laddr, IPV4_VERSION, ira, connp)))
5274 break;
5275 connp = connp->conn_next;
5276 }
5277
5278 if (connp == NULL)
5279 goto notfound;
5280
5281 CONN_INC_REF(connp);
5282
5283 if (connp->conn_reuseaddr) {
5284 conn_t *first_connp = connp;
5285 conn_t *next_connp;
5286 mblk_t *mp1;
5287
5288 connp = connp->conn_next;
5289 for (;;) {
5290 while (connp != NULL) {
5291 if (IPCL_UDP_MATCH(connp, lport, laddr,
5292 fport, faddr) &&
5293 conn_wantpacket(connp, ira, ipha) &&
5294 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) ||
5295 tsol_receive_local(mp, &laddr, IPV4_VERSION,
5296 ira, connp)))
5297 break;
5298 connp = connp->conn_next;
5299 }
5300 if (connp == NULL) {
5301 /* No more interested clients */
5302 connp = first_connp;
5303 break;
5304 }
5305 if (((mp1 = dupmsg(mp)) == NULL) &&
5306 ((mp1 = copymsg(mp)) == NULL)) {
5307 /* Memory allocation failed */
5308 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
5309 ip_drop_input("ipIfStatsInDiscards", mp, ill);
5310 connp = first_connp;
5311 break;
5312 }
5313 CONN_INC_REF(connp);
5314 mutex_exit(&connfp->connf_lock);
5315
5316 IP_STAT(ipst, ip_udp_fanmb);
5317 ip_fanout_udp_conn(connp, mp1, (ipha_t *)mp1->b_rptr,
5318 NULL, ira);
5319 mutex_enter(&connfp->connf_lock);
5320 /* Follow the next pointer before releasing the conn */
5321 next_connp = connp->conn_next;
5322 CONN_DEC_REF(connp);
5323 connp = next_connp;
5324 }
5325 }
5326
5327 /* Last one. Send it upstream. */
5328 mutex_exit(&connfp->connf_lock);
5329 IP_STAT(ipst, ip_udp_fanmb);
5330 ip_fanout_udp_conn(connp, mp, ipha, NULL, ira);
5331 CONN_DEC_REF(connp);
5332 return;
5333
5334 notfound:
5335 mutex_exit(&connfp->connf_lock);
5336 /*
5337 * IPv6 endpoints bound to multicast IPv4-mapped addresses
5338 * have already been matched above, since they live in the IPv4
5339 * fanout tables. This implies we only need to
5340 * check for IPv6 in6addr_any endpoints here.
5341 * Thus we compare using ipv6_all_zeros instead of the destination
5342 * address, except for the multicast group membership lookup which
5343 * uses the IPv4 destination.
5344 */
5345 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_src, &v6faddr);
5346 connfp = &ipst->ips_ipcl_udp_fanout[IPCL_UDP_HASH(lport, ipst)];
5347 mutex_enter(&connfp->connf_lock);
5348 connp = connfp->connf_head;
5349 /*
5350 * IPv4 multicast packet being delivered to an AF_INET6
5351 * in6addr_any endpoint.
5352 * Need to check conn_wantpacket(). Note that we use conn_wantpacket()
5353 * and not conn_wantpacket_v6() since any multicast membership is
5354 * for an IPv4-mapped multicast address.
5355 */
5356 while (connp != NULL) {
5357 if (IPCL_UDP_MATCH_V6(connp, lport, ipv6_all_zeros,
5358 fport, v6faddr) &&
5359 conn_wantpacket(connp, ira, ipha) &&
5360 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) ||
5361 tsol_receive_local(mp, &laddr, IPV4_VERSION, ira, connp)))
5362 break;
5363 connp = connp->conn_next;
5364 }
5365
5366 if (connp == NULL) {
5367 /*
5368 * No one bound to this port. Is
5369 * there a client that wants all
5370 * unclaimed datagrams?
5371 */
5372 mutex_exit(&connfp->connf_lock);
5373
5374 if (ipst->ips_ipcl_proto_fanout_v4[IPPROTO_UDP].connf_head !=
5375 NULL) {
5376 ASSERT(ira->ira_protocol == IPPROTO_UDP);
5377 ip_fanout_proto_v4(mp, ipha, ira);
5378 } else {
5379 /*
5380 * We used to attempt to send an icmp error here, but
5381 * since this is known to be a multicast packet
5382 * and we don't send icmp errors in response to
5383 * multicast, just drop the packet and give up sooner.
5384 */
5385 BUMP_MIB(ill->ill_ip_mib, udpIfStatsNoPorts);
5386 freemsg(mp);
5387 }
5388 return;
5389 }
5390 ASSERT(IPCL_IS_NONSTR(connp) || connp->conn_rq != NULL);
5391
5392 /*
5393 * If SO_REUSEADDR has been set on the first we send the
5394 * packet to all clients that have joined the group and
5395 * match the port.
5396 */
5397 if (connp->conn_reuseaddr) {
5398 conn_t *first_connp = connp;
5399 conn_t *next_connp;
5400 mblk_t *mp1;
5401
5402 CONN_INC_REF(connp);
5403 connp = connp->conn_next;
5404 for (;;) {
5405 while (connp != NULL) {
5406 if (IPCL_UDP_MATCH_V6(connp, lport,
5407 ipv6_all_zeros, fport, v6faddr) &&
5408 conn_wantpacket(connp, ira, ipha) &&
5409 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) ||
5410 tsol_receive_local(mp, &laddr, IPV4_VERSION,
5411 ira, connp)))
5412 break;
5413 connp = connp->conn_next;
5414 }
5415 if (connp == NULL) {
5416 /* No more interested clients */
5417 connp = first_connp;
5418 break;
5419 }
5420 if (((mp1 = dupmsg(mp)) == NULL) &&
5421 ((mp1 = copymsg(mp)) == NULL)) {
5422 /* Memory allocation failed */
5423 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
5424 ip_drop_input("ipIfStatsInDiscards", mp, ill);
5425 connp = first_connp;
5426 break;
5427 }
5428 CONN_INC_REF(connp);
5429 mutex_exit(&connfp->connf_lock);
5430
5431 IP_STAT(ipst, ip_udp_fanmb);
5432 ip_fanout_udp_conn(connp, mp1, (ipha_t *)mp1->b_rptr,
5433 NULL, ira);
5434 mutex_enter(&connfp->connf_lock);
5435 /* Follow the next pointer before releasing the conn */
5436 next_connp = connp->conn_next;
5437 CONN_DEC_REF(connp);
5438 connp = next_connp;
5439 }
5440 }
5441
5442 /* Last one. Send it upstream. */
5443 mutex_exit(&connfp->connf_lock);
5444 IP_STAT(ipst, ip_udp_fanmb);
5445 ip_fanout_udp_conn(connp, mp, ipha, NULL, ira);
5446 CONN_DEC_REF(connp);
5447 }
5448
5449 /*
5450 * Split an incoming packet's IPv4 options into the label and the other options.
5451 * If 'allocate' is set it does memory allocation for the ip_pkt_t, including
5452 * clearing out any leftover label or options.
5453 * Otherwise it just makes ipp point into the packet.
5454 *
5455 * Returns zero if ok; ENOMEM if the buffer couldn't be allocated.
5456 */
5457 int
5458 ip_find_hdr_v4(ipha_t *ipha, ip_pkt_t *ipp, boolean_t allocate)
5459 {
5460 uchar_t *opt;
5461 uint32_t totallen;
5462 uint32_t optval;
5463 uint32_t optlen;
5464
5465 ipp->ipp_fields |= IPPF_HOPLIMIT | IPPF_TCLASS | IPPF_ADDR;
5466 ipp->ipp_hoplimit = ipha->ipha_ttl;
5467 ipp->ipp_type_of_service = ipha->ipha_type_of_service;
5468 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_dst, &ipp->ipp_addr);
5469
5470 /*
5471 * Get length (in 4 byte octets) of IP header options.
5472 */
5473 totallen = ipha->ipha_version_and_hdr_length -
5474 (uint8_t)((IP_VERSION << 4) + IP_SIMPLE_HDR_LENGTH_IN_WORDS);
5475
5476 if (totallen == 0) {
5477 if (!allocate)
5478 return (0);
5479
5480 /* Clear out anything from a previous packet */
5481 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) {
5482 kmem_free(ipp->ipp_ipv4_options,
5483 ipp->ipp_ipv4_options_len);
5484 ipp->ipp_ipv4_options = NULL;
5485 ipp->ipp_ipv4_options_len = 0;
5486 ipp->ipp_fields &= ~IPPF_IPV4_OPTIONS;
5487 }
5488 if (ipp->ipp_fields & IPPF_LABEL_V4) {
5489 kmem_free(ipp->ipp_label_v4, ipp->ipp_label_len_v4);
5490 ipp->ipp_label_v4 = NULL;
5491 ipp->ipp_label_len_v4 = 0;
5492 ipp->ipp_fields &= ~IPPF_LABEL_V4;
5493 }
5494 return (0);
5495 }
5496
5497 totallen <<= 2;
5498 opt = (uchar_t *)&ipha[1];
5499 if (!is_system_labeled()) {
5500
5501 copyall:
5502 if (!allocate) {
5503 if (totallen != 0) {
5504 ipp->ipp_ipv4_options = opt;
5505 ipp->ipp_ipv4_options_len = totallen;
5506 ipp->ipp_fields |= IPPF_IPV4_OPTIONS;
5507 }
5508 return (0);
5509 }
5510 /* Just copy all of options */
5511 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) {
5512 if (totallen == ipp->ipp_ipv4_options_len) {
5513 bcopy(opt, ipp->ipp_ipv4_options, totallen);
5514 return (0);
5515 }
5516 kmem_free(ipp->ipp_ipv4_options,
5517 ipp->ipp_ipv4_options_len);
5518 ipp->ipp_ipv4_options = NULL;
5519 ipp->ipp_ipv4_options_len = 0;
5520 ipp->ipp_fields &= ~IPPF_IPV4_OPTIONS;
5521 }
5522 if (totallen == 0)
5523 return (0);
5524
5525 ipp->ipp_ipv4_options = kmem_alloc(totallen, KM_NOSLEEP);
5526 if (ipp->ipp_ipv4_options == NULL)
5527 return (ENOMEM);
5528 ipp->ipp_ipv4_options_len = totallen;
5529 ipp->ipp_fields |= IPPF_IPV4_OPTIONS;
5530 bcopy(opt, ipp->ipp_ipv4_options, totallen);
5531 return (0);
5532 }
5533
5534 if (allocate && (ipp->ipp_fields & IPPF_LABEL_V4)) {
5535 kmem_free(ipp->ipp_label_v4, ipp->ipp_label_len_v4);
5536 ipp->ipp_label_v4 = NULL;
5537 ipp->ipp_label_len_v4 = 0;
5538 ipp->ipp_fields &= ~IPPF_LABEL_V4;
5539 }
5540
5541 /*
5542 * Search for CIPSO option.
5543 * We assume CIPSO is first in options if it is present.
5544 * If it isn't, then ipp_opt_ipv4_options will not include the options
5545 * prior to the CIPSO option.
5546 */
5547 while (totallen != 0) {
5548 switch (optval = opt[IPOPT_OPTVAL]) {
5549 case IPOPT_EOL:
5550 return (0);
5551 case IPOPT_NOP:
5552 optlen = 1;
5553 break;
5554 default:
5555 if (totallen <= IPOPT_OLEN)
5556 return (EINVAL);
5557 optlen = opt[IPOPT_OLEN];
5558 if (optlen < 2)
5559 return (EINVAL);
5560 }
5561 if (optlen > totallen)
5562 return (EINVAL);
5563
5564 switch (optval) {
5565 case IPOPT_COMSEC:
5566 if (!allocate) {
5567 ipp->ipp_label_v4 = opt;
5568 ipp->ipp_label_len_v4 = optlen;
5569 ipp->ipp_fields |= IPPF_LABEL_V4;
5570 } else {
5571 ipp->ipp_label_v4 = kmem_alloc(optlen,
5572 KM_NOSLEEP);
5573 if (ipp->ipp_label_v4 == NULL)
5574 return (ENOMEM);
5575 ipp->ipp_label_len_v4 = optlen;
5576 ipp->ipp_fields |= IPPF_LABEL_V4;
5577 bcopy(opt, ipp->ipp_label_v4, optlen);
5578 }
5579 totallen -= optlen;
5580 opt += optlen;
5581
5582 /* Skip padding bytes until we get to a multiple of 4 */
5583 while ((totallen & 3) != 0 && opt[0] == IPOPT_NOP) {
5584 totallen--;
5585 opt++;
5586 }
5587 /* Remaining as ipp_ipv4_options */
5588 goto copyall;
5589 }
5590 totallen -= optlen;
5591 opt += optlen;
5592 }
5593 /* No CIPSO found; return everything as ipp_ipv4_options */
5594 totallen = ipha->ipha_version_and_hdr_length -
5595 (uint8_t)((IP_VERSION << 4) + IP_SIMPLE_HDR_LENGTH_IN_WORDS);
5596 totallen <<= 2;
5597 opt = (uchar_t *)&ipha[1];
5598 goto copyall;
5599 }
5600
5601 /*
5602 * Efficient versions of lookup for an IRE when we only
5603 * match the address.
5604 * For RTF_REJECT or BLACKHOLE we return IRE_NOROUTE.
5605 * Does not handle multicast addresses.
5606 */
5607 uint_t
5608 ip_type_v4(ipaddr_t addr, ip_stack_t *ipst)
5609 {
5610 ire_t *ire;
5611 uint_t result;
5612
5613 ire = ire_ftable_lookup_simple_v4(addr, 0, ipst, NULL);
5614 ASSERT(ire != NULL);
5615 if (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE))
5616 result = IRE_NOROUTE;
5617 else
5618 result = ire->ire_type;
5619 ire_refrele(ire);
5620 return (result);
5621 }
5622
5623 /*
5624 * Efficient versions of lookup for an IRE when we only
5625 * match the address.
5626 * For RTF_REJECT or BLACKHOLE we return IRE_NOROUTE.
5627 * Does not handle multicast addresses.
5628 */
5629 uint_t
5630 ip_type_v6(const in6_addr_t *addr, ip_stack_t *ipst)
5631 {
5632 ire_t *ire;
5633 uint_t result;
5634
5635 ire = ire_ftable_lookup_simple_v6(addr, 0, ipst, NULL);
5636 ASSERT(ire != NULL);
5637 if (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE))
5638 result = IRE_NOROUTE;
5639 else
5640 result = ire->ire_type;
5641 ire_refrele(ire);
5642 return (result);
5643 }
5644
5645 /*
5646 * Nobody should be sending
5647 * packets up this stream
5648 */
5649 static void
5650 ip_lrput(queue_t *q, mblk_t *mp)
5651 {
5652 switch (mp->b_datap->db_type) {
5653 case M_FLUSH:
5654 /* Turn around */
5655 if (*mp->b_rptr & FLUSHW) {
5656 *mp->b_rptr &= ~FLUSHR;
5657 qreply(q, mp);
5658 return;
5659 }
5660 break;
5661 }
5662 freemsg(mp);
5663 }
5664
5665 /* Nobody should be sending packets down this stream */
5666 /* ARGSUSED */
5667 void
5668 ip_lwput(queue_t *q, mblk_t *mp)
5669 {
5670 freemsg(mp);
5671 }
5672
5673 /*
5674 * Move the first hop in any source route to ipha_dst and remove that part of
5675 * the source route. Called by other protocols. Errors in option formatting
5676 * are ignored - will be handled by ip_output_options. Return the final
5677 * destination (either ipha_dst or the last entry in a source route.)
5678 */
5679 ipaddr_t
5680 ip_massage_options(ipha_t *ipha, netstack_t *ns)
5681 {
5682 ipoptp_t opts;
5683 uchar_t *opt;
5684 uint8_t optval;
5685 uint8_t optlen;
5686 ipaddr_t dst;
5687 int i;
5688 ip_stack_t *ipst = ns->netstack_ip;
5689
5690 ip2dbg(("ip_massage_options\n"));
5691 dst = ipha->ipha_dst;
5692 for (optval = ipoptp_first(&opts, ipha);
5693 optval != IPOPT_EOL;
5694 optval = ipoptp_next(&opts)) {
5695 opt = opts.ipoptp_cur;
5696 switch (optval) {
5697 uint8_t off;
5698 case IPOPT_SSRR:
5699 case IPOPT_LSRR:
5700 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
5701 ip1dbg(("ip_massage_options: bad src route\n"));
5702 break;
5703 }
5704 optlen = opts.ipoptp_len;
5705 off = opt[IPOPT_OFFSET];
5706 off--;
5707 redo_srr:
5708 if (optlen < IP_ADDR_LEN ||
5709 off > optlen - IP_ADDR_LEN) {
5710 /* End of source route */
5711 ip1dbg(("ip_massage_options: end of SR\n"));
5712 break;
5713 }
5714 bcopy((char *)opt + off, &dst, IP_ADDR_LEN);
5715 ip1dbg(("ip_massage_options: next hop 0x%x\n",
5716 ntohl(dst)));
5717 /*
5718 * Check if our address is present more than
5719 * once as consecutive hops in source route.
5720 * XXX verify per-interface ip_forwarding
5721 * for source route?
5722 */
5723 if (ip_type_v4(dst, ipst) == IRE_LOCAL) {
5724 off += IP_ADDR_LEN;
5725 goto redo_srr;
5726 }
5727 if (dst == htonl(INADDR_LOOPBACK)) {
5728 ip1dbg(("ip_massage_options: loopback addr in "
5729 "source route!\n"));
5730 break;
5731 }
5732 /*
5733 * Update ipha_dst to be the first hop and remove the
5734 * first hop from the source route (by overwriting
5735 * part of the option with NOP options).
5736 */
5737 ipha->ipha_dst = dst;
5738 /* Put the last entry in dst */
5739 off = ((optlen - IP_ADDR_LEN - 3) & ~(IP_ADDR_LEN-1)) +
5740 3;
5741 bcopy(&opt[off], &dst, IP_ADDR_LEN);
5742
5743 ip1dbg(("ip_massage_options: last hop 0x%x\n",
5744 ntohl(dst)));
5745 /* Move down and overwrite */
5746 opt[IP_ADDR_LEN] = opt[0];
5747 opt[IP_ADDR_LEN+1] = opt[IPOPT_OLEN] - IP_ADDR_LEN;
5748 opt[IP_ADDR_LEN+2] = opt[IPOPT_OFFSET];
5749 for (i = 0; i < IP_ADDR_LEN; i++)
5750 opt[i] = IPOPT_NOP;
5751 break;
5752 }
5753 }
5754 return (dst);
5755 }
5756
5757 /*
5758 * Return the network mask
5759 * associated with the specified address.
5760 */
5761 ipaddr_t
5762 ip_net_mask(ipaddr_t addr)
5763 {
5764 uchar_t *up = (uchar_t *)&addr;
5765 ipaddr_t mask = 0;
5766 uchar_t *maskp = (uchar_t *)&mask;
5767
5768 #if defined(__i386) || defined(__amd64)
5769 #define TOTALLY_BRAIN_DAMAGED_C_COMPILER
5770 #endif
5771 #ifdef TOTALLY_BRAIN_DAMAGED_C_COMPILER
5772 maskp[0] = maskp[1] = maskp[2] = maskp[3] = 0;
5773 #endif
5774 if (CLASSD(addr)) {
5775 maskp[0] = 0xF0;
5776 return (mask);
5777 }
5778
5779 /* We assume Class E default netmask to be 32 */
5780 if (CLASSE(addr))
5781 return (0xffffffffU);
5782
5783 if (addr == 0)
5784 return (0);
5785 maskp[0] = 0xFF;
5786 if ((up[0] & 0x80) == 0)
5787 return (mask);
5788
5789 maskp[1] = 0xFF;
5790 if ((up[0] & 0xC0) == 0x80)
5791 return (mask);
5792
5793 maskp[2] = 0xFF;
5794 if ((up[0] & 0xE0) == 0xC0)
5795 return (mask);
5796
5797 /* Otherwise return no mask */
5798 return ((ipaddr_t)0);
5799 }
5800
5801 /* Name/Value Table Lookup Routine */
5802 char *
5803 ip_nv_lookup(nv_t *nv, int value)
5804 {
5805 if (!nv)
5806 return (NULL);
5807 for (; nv->nv_name; nv++) {
5808 if (nv->nv_value == value)
5809 return (nv->nv_name);
5810 }
5811 return ("unknown");
5812 }
5813
5814 static int
5815 ip_wait_for_info_ack(ill_t *ill)
5816 {
5817 int err;
5818
5819 mutex_enter(&ill->ill_lock);
5820 while (ill->ill_state_flags & ILL_LL_SUBNET_PENDING) {
5821 /*
5822 * Return value of 0 indicates a pending signal.
5823 */
5824 err = cv_wait_sig(&ill->ill_cv, &ill->ill_lock);
5825 if (err == 0) {
5826 mutex_exit(&ill->ill_lock);
5827 return (EINTR);
5828 }
5829 }
5830 mutex_exit(&ill->ill_lock);
5831 /*
5832 * ip_rput_other could have set an error in ill_error on
5833 * receipt of M_ERROR.
5834 */
5835 return (ill->ill_error);
5836 }
5837
5838 /*
5839 * This is a module open, i.e. this is a control stream for access
5840 * to a DLPI device. We allocate an ill_t as the instance data in
5841 * this case.
5842 */
5843 static int
5844 ip_modopen(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
5845 {
5846 ill_t *ill;
5847 int err;
5848 zoneid_t zoneid;
5849 netstack_t *ns;
5850 ip_stack_t *ipst;
5851
5852 /*
5853 * Prevent unprivileged processes from pushing IP so that
5854 * they can't send raw IP.
5855 */
5856 if (secpolicy_net_rawaccess(credp) != 0)
5857 return (EPERM);
5858
5859 ns = netstack_find_by_cred(credp);
5860 ASSERT(ns != NULL);
5861 ipst = ns->netstack_ip;
5862 ASSERT(ipst != NULL);
5863
5864 /*
5865 * For exclusive stacks we set the zoneid to zero
5866 * to make IP operate as if in the global zone.
5867 */
5868 if (ipst->ips_netstack->netstack_stackid != GLOBAL_NETSTACKID)
5869 zoneid = GLOBAL_ZONEID;
5870 else
5871 zoneid = crgetzoneid(credp);
5872
5873 ill = (ill_t *)mi_open_alloc_sleep(sizeof (ill_t));
5874 q->q_ptr = WR(q)->q_ptr = ill;
5875 ill->ill_ipst = ipst;
5876 ill->ill_zoneid = zoneid;
5877
5878 /*
5879 * ill_init initializes the ill fields and then sends down
5880 * down a DL_INFO_REQ after calling qprocson.
5881 */
5882 err = ill_init(q, ill);
5883
5884 if (err != 0) {
5885 mi_free(ill);
5886 netstack_rele(ipst->ips_netstack);
5887 q->q_ptr = NULL;
5888 WR(q)->q_ptr = NULL;
5889 return (err);
5890 }
5891
5892 /*
5893 * Wait for the DL_INFO_ACK if a DL_INFO_REQ was sent.
5894 *
5895 * ill_init initializes the ipsq marking this thread as
5896 * writer
5897 */
5898 ipsq_exit(ill->ill_phyint->phyint_ipsq);
5899 err = ip_wait_for_info_ack(ill);
5900 if (err == 0)
5901 ill->ill_credp = credp;
5902 else
5903 goto fail;
5904
5905 crhold(credp);
5906
5907 mutex_enter(&ipst->ips_ip_mi_lock);
5908 err = mi_open_link(&ipst->ips_ip_g_head, (IDP)q->q_ptr, devp, flag,
5909 sflag, credp);
5910 mutex_exit(&ipst->ips_ip_mi_lock);
5911 fail:
5912 if (err) {
5913 (void) ip_close(q, 0);
5914 return (err);
5915 }
5916 return (0);
5917 }
5918
5919 /* For /dev/ip aka AF_INET open */
5920 int
5921 ip_openv4(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
5922 {
5923 return (ip_open(q, devp, flag, sflag, credp, B_FALSE));
5924 }
5925
5926 /* For /dev/ip6 aka AF_INET6 open */
5927 int
5928 ip_openv6(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
5929 {
5930 return (ip_open(q, devp, flag, sflag, credp, B_TRUE));
5931 }
5932
5933 /* IP open routine. */
5934 int
5935 ip_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp,
5936 boolean_t isv6)
5937 {
5938 conn_t *connp;
5939 major_t maj;
5940 zoneid_t zoneid;
5941 netstack_t *ns;
5942 ip_stack_t *ipst;
5943
5944 /* Allow reopen. */
5945 if (q->q_ptr != NULL)
5946 return (0);
5947
5948 if (sflag & MODOPEN) {
5949 /* This is a module open */
5950 return (ip_modopen(q, devp, flag, sflag, credp));
5951 }
5952
5953 if ((flag & ~(FKLYR)) == IP_HELPER_STR) {
5954 /*
5955 * Non streams based socket looking for a stream
5956 * to access IP
5957 */
5958 return (ip_helper_stream_setup(q, devp, flag, sflag,
5959 credp, isv6));
5960 }
5961
5962 ns = netstack_find_by_cred(credp);
5963 ASSERT(ns != NULL);
5964 ipst = ns->netstack_ip;
5965 ASSERT(ipst != NULL);
5966
5967 /*
5968 * For exclusive stacks we set the zoneid to zero
5969 * to make IP operate as if in the global zone.
5970 */
5971 if (ipst->ips_netstack->netstack_stackid != GLOBAL_NETSTACKID)
5972 zoneid = GLOBAL_ZONEID;
5973 else
5974 zoneid = crgetzoneid(credp);
5975
5976 /*
5977 * We are opening as a device. This is an IP client stream, and we
5978 * allocate an conn_t as the instance data.
5979 */
5980 connp = ipcl_conn_create(IPCL_IPCCONN, KM_SLEEP, ipst->ips_netstack);
5981
5982 /*
5983 * ipcl_conn_create did a netstack_hold. Undo the hold that was
5984 * done by netstack_find_by_cred()
5985 */
5986 netstack_rele(ipst->ips_netstack);
5987
5988 connp->conn_ixa->ixa_flags |= IXAF_MULTICAST_LOOP | IXAF_SET_ULP_CKSUM;
5989 /* conn_allzones can not be set this early, hence no IPCL_ZONEID */
5990 connp->conn_ixa->ixa_zoneid = zoneid;
5991 connp->conn_zoneid = zoneid;
5992
5993 connp->conn_rq = q;
5994 q->q_ptr = WR(q)->q_ptr = connp;
5995
5996 /* Minor tells us which /dev entry was opened */
5997 if (isv6) {
5998 connp->conn_family = AF_INET6;
5999 connp->conn_ipversion = IPV6_VERSION;
6000 connp->conn_ixa->ixa_flags &= ~IXAF_IS_IPV4;
6001 connp->conn_ixa->ixa_src_preferences = IPV6_PREFER_SRC_DEFAULT;
6002 } else {
6003 connp->conn_family = AF_INET;
6004 connp->conn_ipversion = IPV4_VERSION;
6005 connp->conn_ixa->ixa_flags |= IXAF_IS_IPV4;
6006 }
6007
6008 if ((ip_minor_arena_la != NULL) && (flag & SO_SOCKSTR) &&
6009 ((connp->conn_dev = inet_minor_alloc(ip_minor_arena_la)) != 0)) {
6010 connp->conn_minor_arena = ip_minor_arena_la;
6011 } else {
6012 /*
6013 * Either minor numbers in the large arena were exhausted
6014 * or a non socket application is doing the open.
6015 * Try to allocate from the small arena.
6016 */
6017 if ((connp->conn_dev =
6018 inet_minor_alloc(ip_minor_arena_sa)) == 0) {
6019 /* CONN_DEC_REF takes care of netstack_rele() */
6020 q->q_ptr = WR(q)->q_ptr = NULL;
6021 CONN_DEC_REF(connp);
6022 return (EBUSY);
6023 }
6024 connp->conn_minor_arena = ip_minor_arena_sa;
6025 }
6026
6027 maj = getemajor(*devp);
6028 *devp = makedevice(maj, (minor_t)connp->conn_dev);
6029
6030 /*
6031 * connp->conn_cred is crfree()ed in ipcl_conn_destroy()
6032 */
6033 connp->conn_cred = credp;
6034 connp->conn_cpid = curproc->p_pid;
6035 /* Cache things in ixa without an extra refhold */
6036 ASSERT(!(connp->conn_ixa->ixa_free_flags & IXA_FREE_CRED));
6037 connp->conn_ixa->ixa_cred = connp->conn_cred;
6038 connp->conn_ixa->ixa_cpid = connp->conn_cpid;
6039 if (is_system_labeled())
6040 connp->conn_ixa->ixa_tsl = crgetlabel(connp->conn_cred);
6041
6042 /*
6043 * Handle IP_IOC_RTS_REQUEST and other ioctls which use conn_recv
6044 */
6045 connp->conn_recv = ip_conn_input;
6046 connp->conn_recvicmp = ip_conn_input_icmp;
6047
6048 crhold(connp->conn_cred);
6049
6050 /*
6051 * If the caller has the process-wide flag set, then default to MAC
6052 * exempt mode. This allows read-down to unlabeled hosts.
6053 */
6054 if (getpflags(NET_MAC_AWARE, credp) != 0)
6055 connp->conn_mac_mode = CONN_MAC_AWARE;
6056
6057 connp->conn_zone_is_global = (crgetzoneid(credp) == GLOBAL_ZONEID);
6058
6059 connp->conn_rq = q;
6060 connp->conn_wq = WR(q);
6061
6062 /* Non-zero default values */
6063 connp->conn_ixa->ixa_flags |= IXAF_MULTICAST_LOOP;
6064
6065 /*
6066 * Make the conn globally visible to walkers
6067 */
6068 ASSERT(connp->conn_ref == 1);
6069 mutex_enter(&connp->conn_lock);
6070 connp->conn_state_flags &= ~CONN_INCIPIENT;
6071 mutex_exit(&connp->conn_lock);
6072
6073 qprocson(q);
6074
6075 return (0);
6076 }
6077
6078 /*
6079 * Set IPsec policy from an ipsec_req_t. If the req is not "zero" and valid,
6080 * all of them are copied to the conn_t. If the req is "zero", the policy is
6081 * zeroed out. A "zero" policy has zero ipsr_{ah,req,self_encap}_req
6082 * fields.
6083 * We keep only the latest setting of the policy and thus policy setting
6084 * is not incremental/cumulative.
6085 *
6086 * Requests to set policies with multiple alternative actions will
6087 * go through a different API.
6088 */
6089 int
6090 ipsec_set_req(cred_t *cr, conn_t *connp, ipsec_req_t *req)
6091 {
6092 uint_t ah_req = 0;
6093 uint_t esp_req = 0;
6094 uint_t se_req = 0;
6095 ipsec_act_t *actp = NULL;
6096 uint_t nact;
6097 ipsec_policy_head_t *ph;
6098 boolean_t is_pol_reset, is_pol_inserted = B_FALSE;
6099 int error = 0;
6100 netstack_t *ns = connp->conn_netstack;
6101 ip_stack_t *ipst = ns->netstack_ip;
6102 ipsec_stack_t *ipss = ns->netstack_ipsec;
6103
6104 #define REQ_MASK (IPSEC_PREF_REQUIRED|IPSEC_PREF_NEVER)
6105
6106 /*
6107 * The IP_SEC_OPT option does not allow variable length parameters,
6108 * hence a request cannot be NULL.
6109 */
6110 if (req == NULL)
6111 return (EINVAL);
6112
6113 ah_req = req->ipsr_ah_req;
6114 esp_req = req->ipsr_esp_req;
6115 se_req = req->ipsr_self_encap_req;
6116
6117 /* Don't allow setting self-encap without one or more of AH/ESP. */
6118 if (se_req != 0 && esp_req == 0 && ah_req == 0)
6119 return (EINVAL);
6120
6121 /*
6122 * Are we dealing with a request to reset the policy (i.e.
6123 * zero requests).
6124 */
6125 is_pol_reset = ((ah_req & REQ_MASK) == 0 &&
6126 (esp_req & REQ_MASK) == 0 &&
6127 (se_req & REQ_MASK) == 0);
6128
6129 if (!is_pol_reset) {
6130 /*
6131 * If we couldn't load IPsec, fail with "protocol
6132 * not supported".
6133 * IPsec may not have been loaded for a request with zero
6134 * policies, so we don't fail in this case.
6135 */
6136 mutex_enter(&ipss->ipsec_loader_lock);
6137 if (ipss->ipsec_loader_state != IPSEC_LOADER_SUCCEEDED) {
6138 mutex_exit(&ipss->ipsec_loader_lock);
6139 return (EPROTONOSUPPORT);
6140 }
6141 mutex_exit(&ipss->ipsec_loader_lock);
6142
6143 /*
6144 * Test for valid requests. Invalid algorithms
6145 * need to be tested by IPsec code because new
6146 * algorithms can be added dynamically.
6147 */
6148 if ((ah_req & ~(REQ_MASK|IPSEC_PREF_UNIQUE)) != 0 ||
6149 (esp_req & ~(REQ_MASK|IPSEC_PREF_UNIQUE)) != 0 ||
6150 (se_req & ~(REQ_MASK|IPSEC_PREF_UNIQUE)) != 0) {
6151 return (EINVAL);
6152 }
6153
6154 /*
6155 * Only privileged users can issue these
6156 * requests.
6157 */
6158 if (((ah_req & IPSEC_PREF_NEVER) ||
6159 (esp_req & IPSEC_PREF_NEVER) ||
6160 (se_req & IPSEC_PREF_NEVER)) &&
6161 secpolicy_ip_config(cr, B_FALSE) != 0) {
6162 return (EPERM);
6163 }
6164
6165 /*
6166 * The IPSEC_PREF_REQUIRED and IPSEC_PREF_NEVER
6167 * are mutually exclusive.
6168 */
6169 if (((ah_req & REQ_MASK) == REQ_MASK) ||
6170 ((esp_req & REQ_MASK) == REQ_MASK) ||
6171 ((se_req & REQ_MASK) == REQ_MASK)) {
6172 /* Both of them are set */
6173 return (EINVAL);
6174 }
6175 }
6176
6177 ASSERT(MUTEX_HELD(&connp->conn_lock));
6178
6179 /*
6180 * If we have already cached policies in conn_connect(), don't
6181 * let them change now. We cache policies for connections
6182 * whose src,dst [addr, port] is known.
6183 */
6184 if (connp->conn_policy_cached) {
6185 return (EINVAL);
6186 }
6187
6188 /*
6189 * We have a zero policies, reset the connection policy if already
6190 * set. This will cause the connection to inherit the
6191 * global policy, if any.
6192 */
6193 if (is_pol_reset) {
6194 if (connp->conn_policy != NULL) {
6195 IPPH_REFRELE(connp->conn_policy, ipst->ips_netstack);
6196 connp->conn_policy = NULL;
6197 }
6198 connp->conn_in_enforce_policy = B_FALSE;
6199 connp->conn_out_enforce_policy = B_FALSE;
6200 return (0);
6201 }
6202
6203 ph = connp->conn_policy = ipsec_polhead_split(connp->conn_policy,
6204 ipst->ips_netstack);
6205 if (ph == NULL)
6206 goto enomem;
6207
6208 ipsec_actvec_from_req(req, &actp, &nact, ipst->ips_netstack);
6209 if (actp == NULL)
6210 goto enomem;
6211
6212 /*
6213 * Always insert IPv4 policy entries, since they can also apply to
6214 * ipv6 sockets being used in ipv4-compat mode.
6215 */
6216 if (!ipsec_polhead_insert(ph, actp, nact, IPSEC_AF_V4,
6217 IPSEC_TYPE_INBOUND, ns))
6218 goto enomem;
6219 is_pol_inserted = B_TRUE;
6220 if (!ipsec_polhead_insert(ph, actp, nact, IPSEC_AF_V4,
6221 IPSEC_TYPE_OUTBOUND, ns))
6222 goto enomem;
6223
6224 /*
6225 * We're looking at a v6 socket, also insert the v6-specific
6226 * entries.
6227 */
6228 if (connp->conn_family == AF_INET6) {
6229 if (!ipsec_polhead_insert(ph, actp, nact, IPSEC_AF_V6,
6230 IPSEC_TYPE_INBOUND, ns))
6231 goto enomem;
6232 if (!ipsec_polhead_insert(ph, actp, nact, IPSEC_AF_V6,
6233 IPSEC_TYPE_OUTBOUND, ns))
6234 goto enomem;
6235 }
6236
6237 ipsec_actvec_free(actp, nact);
6238
6239 /*
6240 * If the requests need security, set enforce_policy.
6241 * If the requests are IPSEC_PREF_NEVER, one should
6242 * still set conn_out_enforce_policy so that ip_set_destination
6243 * marks the ip_xmit_attr_t appropriatly. This is needed so that
6244 * for connections that we don't cache policy in at connect time,
6245 * if global policy matches in ip_output_attach_policy, we
6246 * don't wrongly inherit global policy. Similarly, we need
6247 * to set conn_in_enforce_policy also so that we don't verify
6248 * policy wrongly.
6249 */
6250 if ((ah_req & REQ_MASK) != 0 ||
6251 (esp_req & REQ_MASK) != 0 ||
6252 (se_req & REQ_MASK) != 0) {
6253 connp->conn_in_enforce_policy = B_TRUE;
6254 connp->conn_out_enforce_policy = B_TRUE;
6255 }
6256
6257 return (error);
6258 #undef REQ_MASK
6259
6260 /*
6261 * Common memory-allocation-failure exit path.
6262 */
6263 enomem:
6264 if (actp != NULL)
6265 ipsec_actvec_free(actp, nact);
6266 if (is_pol_inserted)
6267 ipsec_polhead_flush(ph, ns);
6268 return (ENOMEM);
6269 }
6270
6271 /*
6272 * Set socket options for joining and leaving multicast groups.
6273 * Common to IPv4 and IPv6; inet6 indicates the type of socket.
6274 * The caller has already check that the option name is consistent with
6275 * the address family of the socket.
6276 */
6277 int
6278 ip_opt_set_multicast_group(conn_t *connp, t_scalar_t name,
6279 uchar_t *invalp, boolean_t inet6, boolean_t checkonly)
6280 {
6281 int *i1 = (int *)invalp;
6282 int error = 0;
6283 ip_stack_t *ipst = connp->conn_netstack->netstack_ip;
6284 struct ip_mreq *v4_mreqp;
6285 struct ipv6_mreq *v6_mreqp;
6286 struct group_req *greqp;
6287 ire_t *ire;
6288 boolean_t done = B_FALSE;
6289 ipaddr_t ifaddr;
6290 in6_addr_t v6group;
6291 uint_t ifindex;
6292 boolean_t mcast_opt = B_TRUE;
6293 mcast_record_t fmode;
6294 int (*optfn)(conn_t *, boolean_t, const in6_addr_t *,
6295 ipaddr_t, uint_t, mcast_record_t, const in6_addr_t *);
6296
6297 switch (name) {
6298 case IP_ADD_MEMBERSHIP:
6299 case IPV6_JOIN_GROUP:
6300 mcast_opt = B_FALSE;
6301 /* FALLTHRU */
6302 case MCAST_JOIN_GROUP:
6303 fmode = MODE_IS_EXCLUDE;
6304 optfn = ip_opt_add_group;
6305 break;
6306
6307 case IP_DROP_MEMBERSHIP:
6308 case IPV6_LEAVE_GROUP:
6309 mcast_opt = B_FALSE;
6310 /* FALLTHRU */
6311 case MCAST_LEAVE_GROUP:
6312 fmode = MODE_IS_INCLUDE;
6313 optfn = ip_opt_delete_group;
6314 break;
6315 default:
6316 ASSERT(0);
6317 }
6318
6319 if (mcast_opt) {
6320 struct sockaddr_in *sin;
6321 struct sockaddr_in6 *sin6;
6322
6323 greqp = (struct group_req *)i1;
6324 if (greqp->gr_group.ss_family == AF_INET) {
6325 sin = (struct sockaddr_in *)&(greqp->gr_group);
6326 IN6_INADDR_TO_V4MAPPED(&sin->sin_addr, &v6group);
6327 } else {
6328 if (!inet6)
6329 return (EINVAL); /* Not on INET socket */
6330
6331 sin6 = (struct sockaddr_in6 *)&(greqp->gr_group);
6332 v6group = sin6->sin6_addr;
6333 }
6334 ifaddr = INADDR_ANY;
6335 ifindex = greqp->gr_interface;
6336 } else if (inet6) {
6337 v6_mreqp = (struct ipv6_mreq *)i1;
6338 v6group = v6_mreqp->ipv6mr_multiaddr;
6339 ifaddr = INADDR_ANY;
6340 ifindex = v6_mreqp->ipv6mr_interface;
6341 } else {
6342 v4_mreqp = (struct ip_mreq *)i1;
6343 IN6_INADDR_TO_V4MAPPED(&v4_mreqp->imr_multiaddr, &v6group);
6344 ifaddr = (ipaddr_t)v4_mreqp->imr_interface.s_addr;
6345 ifindex = 0;
6346 }
6347
6348 /*
6349 * In the multirouting case, we need to replicate
6350 * the request on all interfaces that will take part
6351 * in replication. We do so because multirouting is
6352 * reflective, thus we will probably receive multi-
6353 * casts on those interfaces.
6354 * The ip_multirt_apply_membership() succeeds if
6355 * the operation succeeds on at least one interface.
6356 */
6357 if (IN6_IS_ADDR_V4MAPPED(&v6group)) {
6358 ipaddr_t group;
6359
6360 IN6_V4MAPPED_TO_IPADDR(&v6group, group);
6361
6362 ire = ire_ftable_lookup_v4(group, IP_HOST_MASK, 0,
6363 IRE_HOST | IRE_INTERFACE, NULL, ALL_ZONES, NULL,
6364 MATCH_IRE_MASK | MATCH_IRE_TYPE, 0, ipst, NULL);
6365 } else {
6366 ire = ire_ftable_lookup_v6(&v6group, &ipv6_all_ones, 0,
6367 IRE_HOST | IRE_INTERFACE, NULL, ALL_ZONES, NULL,
6368 MATCH_IRE_MASK | MATCH_IRE_TYPE, 0, ipst, NULL);
6369 }
6370 if (ire != NULL) {
6371 if (ire->ire_flags & RTF_MULTIRT) {
6372 error = ip_multirt_apply_membership(optfn, ire, connp,
6373 checkonly, &v6group, fmode, &ipv6_all_zeros);
6374 done = B_TRUE;
6375 }
6376 ire_refrele(ire);
6377 }
6378
6379 if (!done) {
6380 error = optfn(connp, checkonly, &v6group, ifaddr, ifindex,
6381 fmode, &ipv6_all_zeros);
6382 }
6383 return (error);
6384 }
6385
6386 /*
6387 * Set socket options for joining and leaving multicast groups
6388 * for specific sources.
6389 * Common to IPv4 and IPv6; inet6 indicates the type of socket.
6390 * The caller has already check that the option name is consistent with
6391 * the address family of the socket.
6392 */
6393 int
6394 ip_opt_set_multicast_sources(conn_t *connp, t_scalar_t name,
6395 uchar_t *invalp, boolean_t inet6, boolean_t checkonly)
6396 {
6397 int *i1 = (int *)invalp;
6398 int error = 0;
6399 ip_stack_t *ipst = connp->conn_netstack->netstack_ip;
6400 struct ip_mreq_source *imreqp;
6401 struct group_source_req *gsreqp;
6402 in6_addr_t v6group, v6src;
6403 uint32_t ifindex;
6404 ipaddr_t ifaddr;
6405 boolean_t mcast_opt = B_TRUE;
6406 mcast_record_t fmode;
6407 ire_t *ire;
6408 boolean_t done = B_FALSE;
6409 int (*optfn)(conn_t *, boolean_t, const in6_addr_t *,
6410 ipaddr_t, uint_t, mcast_record_t, const in6_addr_t *);
6411
6412 switch (name) {
6413 case IP_BLOCK_SOURCE:
6414 mcast_opt = B_FALSE;
6415 /* FALLTHRU */
6416 case MCAST_BLOCK_SOURCE:
6417 fmode = MODE_IS_EXCLUDE;
6418 optfn = ip_opt_add_group;
6419 break;
6420
6421 case IP_UNBLOCK_SOURCE:
6422 mcast_opt = B_FALSE;
6423 /* FALLTHRU */
6424 case MCAST_UNBLOCK_SOURCE:
6425 fmode = MODE_IS_EXCLUDE;
6426 optfn = ip_opt_delete_group;
6427 break;
6428
6429 case IP_ADD_SOURCE_MEMBERSHIP:
6430 mcast_opt = B_FALSE;
6431 /* FALLTHRU */
6432 case MCAST_JOIN_SOURCE_GROUP:
6433 fmode = MODE_IS_INCLUDE;
6434 optfn = ip_opt_add_group;
6435 break;
6436
6437 case IP_DROP_SOURCE_MEMBERSHIP:
6438 mcast_opt = B_FALSE;
6439 /* FALLTHRU */
6440 case MCAST_LEAVE_SOURCE_GROUP:
6441 fmode = MODE_IS_INCLUDE;
6442 optfn = ip_opt_delete_group;
6443 break;
6444 default:
6445 ASSERT(0);
6446 }
6447
6448 if (mcast_opt) {
6449 gsreqp = (struct group_source_req *)i1;
6450 ifindex = gsreqp->gsr_interface;
6451 if (gsreqp->gsr_group.ss_family == AF_INET) {
6452 struct sockaddr_in *s;
6453 s = (struct sockaddr_in *)&gsreqp->gsr_group;
6454 IN6_INADDR_TO_V4MAPPED(&s->sin_addr, &v6group);
6455 s = (struct sockaddr_in *)&gsreqp->gsr_source;
6456 IN6_INADDR_TO_V4MAPPED(&s->sin_addr, &v6src);
6457 } else {
6458 struct sockaddr_in6 *s6;
6459
6460 if (!inet6)
6461 return (EINVAL); /* Not on INET socket */
6462
6463 s6 = (struct sockaddr_in6 *)&gsreqp->gsr_group;
6464 v6group = s6->sin6_addr;
6465 s6 = (struct sockaddr_in6 *)&gsreqp->gsr_source;
6466 v6src = s6->sin6_addr;
6467 }
6468 ifaddr = INADDR_ANY;
6469 } else {
6470 imreqp = (struct ip_mreq_source *)i1;
6471 IN6_INADDR_TO_V4MAPPED(&imreqp->imr_multiaddr, &v6group);
6472 IN6_INADDR_TO_V4MAPPED(&imreqp->imr_sourceaddr, &v6src);
6473 ifaddr = (ipaddr_t)imreqp->imr_interface.s_addr;
6474 ifindex = 0;
6475 }
6476
6477 /*
6478 * Handle src being mapped INADDR_ANY by changing it to unspecified.
6479 */
6480 if (IN6_IS_ADDR_V4MAPPED_ANY(&v6src))
6481 v6src = ipv6_all_zeros;
6482
6483 /*
6484 * In the multirouting case, we need to replicate
6485 * the request as noted in the mcast cases above.
6486 */
6487 if (IN6_IS_ADDR_V4MAPPED(&v6group)) {
6488 ipaddr_t group;
6489
6490 IN6_V4MAPPED_TO_IPADDR(&v6group, group);
6491
6492 ire = ire_ftable_lookup_v4(group, IP_HOST_MASK, 0,
6493 IRE_HOST | IRE_INTERFACE, NULL, ALL_ZONES, NULL,
6494 MATCH_IRE_MASK | MATCH_IRE_TYPE, 0, ipst, NULL);
6495 } else {
6496 ire = ire_ftable_lookup_v6(&v6group, &ipv6_all_ones, 0,
6497 IRE_HOST | IRE_INTERFACE, NULL, ALL_ZONES, NULL,
6498 MATCH_IRE_MASK | MATCH_IRE_TYPE, 0, ipst, NULL);
6499 }
6500 if (ire != NULL) {
6501 if (ire->ire_flags & RTF_MULTIRT) {
6502 error = ip_multirt_apply_membership(optfn, ire, connp,
6503 checkonly, &v6group, fmode, &v6src);
6504 done = B_TRUE;
6505 }
6506 ire_refrele(ire);
6507 }
6508 if (!done) {
6509 error = optfn(connp, checkonly, &v6group, ifaddr, ifindex,
6510 fmode, &v6src);
6511 }
6512 return (error);
6513 }
6514
6515 /*
6516 * Given a destination address and a pointer to where to put the information
6517 * this routine fills in the mtuinfo.
6518 * The socket must be connected.
6519 * For sctp conn_faddr is the primary address.
6520 */
6521 int
6522 ip_fill_mtuinfo(conn_t *connp, ip_xmit_attr_t *ixa, struct ip6_mtuinfo *mtuinfo)
6523 {
6524 uint32_t pmtu = IP_MAXPACKET;
6525 uint_t scopeid;
6526
6527 if (IN6_IS_ADDR_UNSPECIFIED(&connp->conn_faddr_v6))
6528 return (-1);
6529
6530 /* In case we never sent or called ip_set_destination_v4/v6 */
6531 if (ixa->ixa_ire != NULL)
6532 pmtu = ip_get_pmtu(ixa);
6533
6534 if (ixa->ixa_flags & IXAF_SCOPEID_SET)
6535 scopeid = ixa->ixa_scopeid;
6536 else
6537 scopeid = 0;
6538
6539 bzero(mtuinfo, sizeof (*mtuinfo));
6540 mtuinfo->ip6m_addr.sin6_family = AF_INET6;
6541 mtuinfo->ip6m_addr.sin6_port = connp->conn_fport;
6542 mtuinfo->ip6m_addr.sin6_addr = connp->conn_faddr_v6;
6543 mtuinfo->ip6m_addr.sin6_scope_id = scopeid;
6544 mtuinfo->ip6m_mtu = pmtu;
6545
6546 return (sizeof (struct ip6_mtuinfo));
6547 }
6548
6549 /*
6550 * When the src multihoming is changed from weak to [strong, preferred]
6551 * ip_ire_rebind_walker is called to walk the list of all ire_t entries
6552 * and identify routes that were created by user-applications in the
6553 * unbound state (i.e., without RTA_IFP), and for which an ire_ill is not
6554 * currently defined. These routes are then 'rebound', i.e., their ire_ill
6555 * is selected by finding an interface route for the gateway.
6556 */
6557 /* ARGSUSED */
6558 void
6559 ip_ire_rebind_walker(ire_t *ire, void *notused)
6560 {
6561 if (!ire->ire_unbound || ire->ire_ill != NULL)
6562 return;
6563 ire_rebind(ire);
6564 ire_delete(ire);
6565 }
6566
6567 /*
6568 * When the src multihoming is changed from [strong, preferred] to weak,
6569 * ip_ire_unbind_walker is called to walk the list of all ire_t entries, and
6570 * set any entries that were created by user-applications in the unbound state
6571 * (i.e., without RTA_IFP) back to having a NULL ire_ill.
6572 */
6573 /* ARGSUSED */
6574 void
6575 ip_ire_unbind_walker(ire_t *ire, void *notused)
6576 {
6577 ire_t *new_ire;
6578
6579 if (!ire->ire_unbound || ire->ire_ill == NULL)
6580 return;
6581 if (ire->ire_ipversion == IPV6_VERSION) {
6582 new_ire = ire_create_v6(&ire->ire_addr_v6, &ire->ire_mask_v6,
6583 &ire->ire_gateway_addr_v6, ire->ire_type, NULL,
6584 ire->ire_zoneid, ire->ire_flags, NULL, ire->ire_ipst);
6585 } else {
6586 new_ire = ire_create((uchar_t *)&ire->ire_addr,
6587 (uchar_t *)&ire->ire_mask,
6588 (uchar_t *)&ire->ire_gateway_addr, ire->ire_type, NULL,
6589 ire->ire_zoneid, ire->ire_flags, NULL, ire->ire_ipst);
6590 }
6591 if (new_ire == NULL)
6592 return;
6593 new_ire->ire_unbound = B_TRUE;
6594 /*
6595 * The bound ire must first be deleted so that we don't return
6596 * the existing one on the attempt to add the unbound new_ire.
6597 */
6598 ire_delete(ire);
6599 new_ire = ire_add(new_ire);
6600 if (new_ire != NULL)
6601 ire_refrele(new_ire);
6602 }
6603
6604 /*
6605 * When the settings of ip*_strict_src_multihoming tunables are changed,
6606 * all cached routes need to be recomputed. This recomputation needs to be
6607 * done when going from weaker to stronger modes so that the cached ire
6608 * for the connection does not violate the current ip*_strict_src_multihoming
6609 * setting. It also needs to be done when going from stronger to weaker modes,
6610 * so that we fall back to matching on the longest-matching-route (as opposed
6611 * to a shorter match that may have been selected in the strong mode
6612 * to satisfy src_multihoming settings).
6613 *
6614 * The cached ixa_ire entires for all conn_t entries are marked as
6615 * "verify" so that they will be recomputed for the next packet.
6616 */
6617 void
6618 conn_ire_revalidate(conn_t *connp, void *arg)
6619 {
6620 boolean_t isv6 = (boolean_t)arg;
6621
6622 if ((isv6 && connp->conn_ipversion != IPV6_VERSION) ||
6623 (!isv6 && connp->conn_ipversion != IPV4_VERSION))
6624 return;
6625 connp->conn_ixa->ixa_ire_generation = IRE_GENERATION_VERIFY;
6626 }
6627
6628 /*
6629 * Handles both IPv4 and IPv6 reassembly - doing the out-of-order cases,
6630 * When an ipf is passed here for the first time, if
6631 * we already have in-order fragments on the queue, we convert from the fast-
6632 * path reassembly scheme to the hard-case scheme. From then on, additional
6633 * fragments are reassembled here. We keep track of the start and end offsets
6634 * of each piece, and the number of holes in the chain. When the hole count
6635 * goes to zero, we are done!
6636 *
6637 * The ipf_count will be updated to account for any mblk(s) added (pointed to
6638 * by mp) or subtracted (freeb()ed dups), upon return the caller must update
6639 * ipfb_count and ill_frag_count by the difference of ipf_count before and
6640 * after the call to ip_reassemble().
6641 */
6642 int
6643 ip_reassemble(mblk_t *mp, ipf_t *ipf, uint_t start, boolean_t more, ill_t *ill,
6644 size_t msg_len)
6645 {
6646 uint_t end;
6647 mblk_t *next_mp;
6648 mblk_t *mp1;
6649 uint_t offset;
6650 boolean_t incr_dups = B_TRUE;
6651 boolean_t offset_zero_seen = B_FALSE;
6652 boolean_t pkt_boundary_checked = B_FALSE;
6653
6654 /* If start == 0 then ipf_nf_hdr_len has to be set. */
6655 ASSERT(start != 0 || ipf->ipf_nf_hdr_len != 0);
6656
6657 /* Add in byte count */
6658 ipf->ipf_count += msg_len;
6659 if (ipf->ipf_end) {
6660 /*
6661 * We were part way through in-order reassembly, but now there
6662 * is a hole. We walk through messages already queued, and
6663 * mark them for hard case reassembly. We know that up till
6664 * now they were in order starting from offset zero.
6665 */
6666 offset = 0;
6667 for (mp1 = ipf->ipf_mp->b_cont; mp1; mp1 = mp1->b_cont) {
6668 IP_REASS_SET_START(mp1, offset);
6669 if (offset == 0) {
6670 ASSERT(ipf->ipf_nf_hdr_len != 0);
6671 offset = -ipf->ipf_nf_hdr_len;
6672 }
6673 offset += mp1->b_wptr - mp1->b_rptr;
6674 IP_REASS_SET_END(mp1, offset);
6675 }
6676 /* One hole at the end. */
6677 ipf->ipf_hole_cnt = 1;
6678 /* Brand it as a hard case, forever. */
6679 ipf->ipf_end = 0;
6680 }
6681 /* Walk through all the new pieces. */
6682 do {
6683 end = start + (mp->b_wptr - mp->b_rptr);
6684 /*
6685 * If start is 0, decrease 'end' only for the first mblk of
6686 * the fragment. Otherwise 'end' can get wrong value in the
6687 * second pass of the loop if first mblk is exactly the
6688 * size of ipf_nf_hdr_len.
6689 */
6690 if (start == 0 && !offset_zero_seen) {
6691 /* First segment */
6692 ASSERT(ipf->ipf_nf_hdr_len != 0);
6693 end -= ipf->ipf_nf_hdr_len;
6694 offset_zero_seen = B_TRUE;
6695 }
6696 next_mp = mp->b_cont;
6697 /*
6698 * We are checking to see if there is any interesing data
6699 * to process. If there isn't and the mblk isn't the
6700 * one which carries the unfragmentable header then we
6701 * drop it. It's possible to have just the unfragmentable
6702 * header come through without any data. That needs to be
6703 * saved.
6704 *
6705 * If the assert at the top of this function holds then the
6706 * term "ipf->ipf_nf_hdr_len != 0" isn't needed. This code
6707 * is infrequently traveled enough that the test is left in
6708 * to protect against future code changes which break that
6709 * invariant.
6710 */
6711 if (start == end && start != 0 && ipf->ipf_nf_hdr_len != 0) {
6712 /* Empty. Blast it. */
6713 IP_REASS_SET_START(mp, 0);
6714 IP_REASS_SET_END(mp, 0);
6715 /*
6716 * If the ipf points to the mblk we are about to free,
6717 * update ipf to point to the next mblk (or NULL
6718 * if none).
6719 */
6720 if (ipf->ipf_mp->b_cont == mp)
6721 ipf->ipf_mp->b_cont = next_mp;
6722 freeb(mp);
6723 continue;
6724 }
6725 mp->b_cont = NULL;
6726 IP_REASS_SET_START(mp, start);
6727 IP_REASS_SET_END(mp, end);
6728 if (!ipf->ipf_tail_mp) {
6729 ipf->ipf_tail_mp = mp;
6730 ipf->ipf_mp->b_cont = mp;
6731 if (start == 0 || !more) {
6732 ipf->ipf_hole_cnt = 1;
6733 /*
6734 * if the first fragment comes in more than one
6735 * mblk, this loop will be executed for each
6736 * mblk. Need to adjust hole count so exiting
6737 * this routine will leave hole count at 1.
6738 */
6739 if (next_mp)
6740 ipf->ipf_hole_cnt++;
6741 } else
6742 ipf->ipf_hole_cnt = 2;
6743 continue;
6744 } else if (ipf->ipf_last_frag_seen && !more &&
6745 !pkt_boundary_checked) {
6746 /*
6747 * We check datagram boundary only if this fragment
6748 * claims to be the last fragment and we have seen a
6749 * last fragment in the past too. We do this only
6750 * once for a given fragment.
6751 *
6752 * start cannot be 0 here as fragments with start=0
6753 * and MF=0 gets handled as a complete packet. These
6754 * fragments should not reach here.
6755 */
6756
6757 if (start + msgdsize(mp) !=
6758 IP_REASS_END(ipf->ipf_tail_mp)) {
6759 /*
6760 * We have two fragments both of which claim
6761 * to be the last fragment but gives conflicting
6762 * information about the whole datagram size.
6763 * Something fishy is going on. Drop the
6764 * fragment and free up the reassembly list.
6765 */
6766 return (IP_REASS_FAILED);
6767 }
6768
6769 /*
6770 * We shouldn't come to this code block again for this
6771 * particular fragment.
6772 */
6773 pkt_boundary_checked = B_TRUE;
6774 }
6775
6776 /* New stuff at or beyond tail? */
6777 offset = IP_REASS_END(ipf->ipf_tail_mp);
6778 if (start >= offset) {
6779 if (ipf->ipf_last_frag_seen) {
6780 /* current fragment is beyond last fragment */
6781 return (IP_REASS_FAILED);
6782 }
6783 /* Link it on end. */
6784 ipf->ipf_tail_mp->b_cont = mp;
6785 ipf->ipf_tail_mp = mp;
6786 if (more) {
6787 if (start != offset)
6788 ipf->ipf_hole_cnt++;
6789 } else if (start == offset && next_mp == NULL)
6790 ipf->ipf_hole_cnt--;
6791 continue;
6792 }
6793 mp1 = ipf->ipf_mp->b_cont;
6794 offset = IP_REASS_START(mp1);
6795 /* New stuff at the front? */
6796 if (start < offset) {
6797 if (start == 0) {
6798 if (end >= offset) {
6799 /* Nailed the hole at the begining. */
6800 ipf->ipf_hole_cnt--;
6801 }
6802 } else if (end < offset) {
6803 /*
6804 * A hole, stuff, and a hole where there used
6805 * to be just a hole.
6806 */
6807 ipf->ipf_hole_cnt++;
6808 }
6809 mp->b_cont = mp1;
6810 /* Check for overlap. */
6811 while (end > offset) {
6812 if (end < IP_REASS_END(mp1)) {
6813 mp->b_wptr -= end - offset;
6814 IP_REASS_SET_END(mp, offset);
6815 BUMP_MIB(ill->ill_ip_mib,
6816 ipIfStatsReasmPartDups);
6817 break;
6818 }
6819 /* Did we cover another hole? */
6820 if ((mp1->b_cont &&
6821 IP_REASS_END(mp1) !=
6822 IP_REASS_START(mp1->b_cont) &&
6823 end >= IP_REASS_START(mp1->b_cont)) ||
6824 (!ipf->ipf_last_frag_seen && !more)) {
6825 ipf->ipf_hole_cnt--;
6826 }
6827 /* Clip out mp1. */
6828 if ((mp->b_cont = mp1->b_cont) == NULL) {
6829 /*
6830 * After clipping out mp1, this guy
6831 * is now hanging off the end.
6832 */
6833 ipf->ipf_tail_mp = mp;
6834 }
6835 IP_REASS_SET_START(mp1, 0);
6836 IP_REASS_SET_END(mp1, 0);
6837 /* Subtract byte count */
6838 ipf->ipf_count -= mp1->b_datap->db_lim -
6839 mp1->b_datap->db_base;
6840 freeb(mp1);
6841 BUMP_MIB(ill->ill_ip_mib,
6842 ipIfStatsReasmPartDups);
6843 mp1 = mp->b_cont;
6844 if (!mp1)
6845 break;
6846 offset = IP_REASS_START(mp1);
6847 }
6848 ipf->ipf_mp->b_cont = mp;
6849 continue;
6850 }
6851 /*
6852 * The new piece starts somewhere between the start of the head
6853 * and before the end of the tail.
6854 */
6855 for (; mp1; mp1 = mp1->b_cont) {
6856 offset = IP_REASS_END(mp1);
6857 if (start < offset) {
6858 if (end <= offset) {
6859 /* Nothing new. */
6860 IP_REASS_SET_START(mp, 0);
6861 IP_REASS_SET_END(mp, 0);
6862 /* Subtract byte count */
6863 ipf->ipf_count -= mp->b_datap->db_lim -
6864 mp->b_datap->db_base;
6865 if (incr_dups) {
6866 ipf->ipf_num_dups++;
6867 incr_dups = B_FALSE;
6868 }
6869 freeb(mp);
6870 BUMP_MIB(ill->ill_ip_mib,
6871 ipIfStatsReasmDuplicates);
6872 break;
6873 }
6874 /*
6875 * Trim redundant stuff off beginning of new
6876 * piece.
6877 */
6878 IP_REASS_SET_START(mp, offset);
6879 mp->b_rptr += offset - start;
6880 BUMP_MIB(ill->ill_ip_mib,
6881 ipIfStatsReasmPartDups);
6882 start = offset;
6883 if (!mp1->b_cont) {
6884 /*
6885 * After trimming, this guy is now
6886 * hanging off the end.
6887 */
6888 mp1->b_cont = mp;
6889 ipf->ipf_tail_mp = mp;
6890 if (!more) {
6891 ipf->ipf_hole_cnt--;
6892 }
6893 break;
6894 }
6895 }
6896 if (start >= IP_REASS_START(mp1->b_cont))
6897 continue;
6898 /* Fill a hole */
6899 if (start > offset)
6900 ipf->ipf_hole_cnt++;
6901 mp->b_cont = mp1->b_cont;
6902 mp1->b_cont = mp;
6903 mp1 = mp->b_cont;
6904 offset = IP_REASS_START(mp1);
6905 if (end >= offset) {
6906 ipf->ipf_hole_cnt--;
6907 /* Check for overlap. */
6908 while (end > offset) {
6909 if (end < IP_REASS_END(mp1)) {
6910 mp->b_wptr -= end - offset;
6911 IP_REASS_SET_END(mp, offset);
6912 /*
6913 * TODO we might bump
6914 * this up twice if there is
6915 * overlap at both ends.
6916 */
6917 BUMP_MIB(ill->ill_ip_mib,
6918 ipIfStatsReasmPartDups);
6919 break;
6920 }
6921 /* Did we cover another hole? */
6922 if ((mp1->b_cont &&
6923 IP_REASS_END(mp1)
6924 != IP_REASS_START(mp1->b_cont) &&
6925 end >=
6926 IP_REASS_START(mp1->b_cont)) ||
6927 (!ipf->ipf_last_frag_seen &&
6928 !more)) {
6929 ipf->ipf_hole_cnt--;
6930 }
6931 /* Clip out mp1. */
6932 if ((mp->b_cont = mp1->b_cont) ==
6933 NULL) {
6934 /*
6935 * After clipping out mp1,
6936 * this guy is now hanging
6937 * off the end.
6938 */
6939 ipf->ipf_tail_mp = mp;
6940 }
6941 IP_REASS_SET_START(mp1, 0);
6942 IP_REASS_SET_END(mp1, 0);
6943 /* Subtract byte count */
6944 ipf->ipf_count -=
6945 mp1->b_datap->db_lim -
6946 mp1->b_datap->db_base;
6947 freeb(mp1);
6948 BUMP_MIB(ill->ill_ip_mib,
6949 ipIfStatsReasmPartDups);
6950 mp1 = mp->b_cont;
6951 if (!mp1)
6952 break;
6953 offset = IP_REASS_START(mp1);
6954 }
6955 }
6956 break;
6957 }
6958 } while (start = end, mp = next_mp);
6959
6960 /* Fragment just processed could be the last one. Remember this fact */
6961 if (!more)
6962 ipf->ipf_last_frag_seen = B_TRUE;
6963
6964 /* Still got holes? */
6965 if (ipf->ipf_hole_cnt)
6966 return (IP_REASS_PARTIAL);
6967 /* Clean up overloaded fields to avoid upstream disasters. */
6968 for (mp1 = ipf->ipf_mp->b_cont; mp1; mp1 = mp1->b_cont) {
6969 IP_REASS_SET_START(mp1, 0);
6970 IP_REASS_SET_END(mp1, 0);
6971 }
6972 return (IP_REASS_COMPLETE);
6973 }
6974
6975 /*
6976 * Fragmentation reassembly. Each ILL has a hash table for
6977 * queuing packets undergoing reassembly for all IPIFs
6978 * associated with the ILL. The hash is based on the packet
6979 * IP ident field. The ILL frag hash table was allocated
6980 * as a timer block at the time the ILL was created. Whenever
6981 * there is anything on the reassembly queue, the timer will
6982 * be running. Returns the reassembled packet if reassembly completes.
6983 */
6984 mblk_t *
6985 ip_input_fragment(mblk_t *mp, ipha_t *ipha, ip_recv_attr_t *ira)
6986 {
6987 uint32_t frag_offset_flags;
6988 mblk_t *t_mp;
6989 ipaddr_t dst;
6990 uint8_t proto = ipha->ipha_protocol;
6991 uint32_t sum_val;
6992 uint16_t sum_flags;
6993 ipf_t *ipf;
6994 ipf_t **ipfp;
6995 ipfb_t *ipfb;
6996 uint16_t ident;
6997 uint32_t offset;
6998 ipaddr_t src;
6999 uint_t hdr_length;
7000 uint32_t end;
7001 mblk_t *mp1;
7002 mblk_t *tail_mp;
7003 size_t count;
7004 size_t msg_len;
7005 uint8_t ecn_info = 0;
7006 uint32_t packet_size;
7007 boolean_t pruned = B_FALSE;
7008 ill_t *ill = ira->ira_ill;
7009 ip_stack_t *ipst = ill->ill_ipst;
7010
7011 /*
7012 * Drop the fragmented as early as possible, if
7013 * we don't have resource(s) to re-assemble.
7014 */
7015 if (ipst->ips_ip_reass_queue_bytes == 0) {
7016 freemsg(mp);
7017 return (NULL);
7018 }
7019
7020 /* Check for fragmentation offset; return if there's none */
7021 if ((frag_offset_flags = ntohs(ipha->ipha_fragment_offset_and_flags) &
7022 (IPH_MF | IPH_OFFSET)) == 0)
7023 return (mp);
7024
7025 /*
7026 * We utilize hardware computed checksum info only for UDP since
7027 * IP fragmentation is a normal occurrence for the protocol. In
7028 * addition, checksum offload support for IP fragments carrying
7029 * UDP payload is commonly implemented across network adapters.
7030 */
7031 ASSERT(ira->ira_rill != NULL);
7032 if (proto == IPPROTO_UDP && dohwcksum &&
7033 ILL_HCKSUM_CAPABLE(ira->ira_rill) &&
7034 (DB_CKSUMFLAGS(mp) & (HCK_FULLCKSUM | HCK_PARTIALCKSUM))) {
7035 mblk_t *mp1 = mp->b_cont;
7036 int32_t len;
7037
7038 /* Record checksum information from the packet */
7039 sum_val = (uint32_t)DB_CKSUM16(mp);
7040 sum_flags = DB_CKSUMFLAGS(mp);
7041
7042 /* IP payload offset from beginning of mblk */
7043 offset = ((uchar_t *)ipha + IPH_HDR_LENGTH(ipha)) - mp->b_rptr;
7044
7045 if ((sum_flags & HCK_PARTIALCKSUM) &&
7046 (mp1 == NULL || mp1->b_cont == NULL) &&
7047 offset >= DB_CKSUMSTART(mp) &&
7048 ((len = offset - DB_CKSUMSTART(mp)) & 1) == 0) {
7049 uint32_t adj;
7050 /*
7051 * Partial checksum has been calculated by hardware
7052 * and attached to the packet; in addition, any
7053 * prepended extraneous data is even byte aligned.
7054 * If any such data exists, we adjust the checksum;
7055 * this would also handle any postpended data.
7056 */
7057 IP_ADJCKSUM_PARTIAL(mp->b_rptr + DB_CKSUMSTART(mp),
7058 mp, mp1, len, adj);
7059
7060 /* One's complement subtract extraneous checksum */
7061 if (adj >= sum_val)
7062 sum_val = ~(adj - sum_val) & 0xFFFF;
7063 else
7064 sum_val -= adj;
7065 }
7066 } else {
7067 sum_val = 0;
7068 sum_flags = 0;
7069 }
7070
7071 /* Clear hardware checksumming flag */
7072 DB_CKSUMFLAGS(mp) = 0;
7073
7074 ident = ipha->ipha_ident;
7075 offset = (frag_offset_flags << 3) & 0xFFFF;
7076 src = ipha->ipha_src;
7077 dst = ipha->ipha_dst;
7078 hdr_length = IPH_HDR_LENGTH(ipha);
7079 end = ntohs(ipha->ipha_length) - hdr_length;
7080
7081 /* If end == 0 then we have a packet with no data, so just free it */
7082 if (end == 0) {
7083 freemsg(mp);
7084 return (NULL);
7085 }
7086
7087 /* Record the ECN field info. */
7088 ecn_info = (ipha->ipha_type_of_service & 0x3);
7089 if (offset != 0) {
7090 /*
7091 * If this isn't the first piece, strip the header, and
7092 * add the offset to the end value.
7093 */
7094 mp->b_rptr += hdr_length;
7095 end += offset;
7096 }
7097
7098 /* Handle vnic loopback of fragments */
7099 if (mp->b_datap->db_ref > 2)
7100 msg_len = 0;
7101 else
7102 msg_len = MBLKSIZE(mp);
7103
7104 tail_mp = mp;
7105 while (tail_mp->b_cont != NULL) {
7106 tail_mp = tail_mp->b_cont;
7107 if (tail_mp->b_datap->db_ref <= 2)
7108 msg_len += MBLKSIZE(tail_mp);
7109 }
7110
7111 /* If the reassembly list for this ILL will get too big, prune it */
7112 if ((msg_len + sizeof (*ipf) + ill->ill_frag_count) >=
7113 ipst->ips_ip_reass_queue_bytes) {
7114 DTRACE_PROBE3(ip_reass_queue_bytes, uint_t, msg_len,
7115 uint_t, ill->ill_frag_count,
7116 uint_t, ipst->ips_ip_reass_queue_bytes);
7117 ill_frag_prune(ill,
7118 (ipst->ips_ip_reass_queue_bytes < msg_len) ? 0 :
7119 (ipst->ips_ip_reass_queue_bytes - msg_len));
7120 pruned = B_TRUE;
7121 }
7122
7123 ipfb = &ill->ill_frag_hash_tbl[ILL_FRAG_HASH(src, ident)];
7124 mutex_enter(&ipfb->ipfb_lock);
7125
7126 ipfp = &ipfb->ipfb_ipf;
7127 /* Try to find an existing fragment queue for this packet. */
7128 for (;;) {
7129 ipf = ipfp[0];
7130 if (ipf != NULL) {
7131 /*
7132 * It has to match on ident and src/dst address.
7133 */
7134 if (ipf->ipf_ident == ident &&
7135 ipf->ipf_src == src &&
7136 ipf->ipf_dst == dst &&
7137 ipf->ipf_protocol == proto) {
7138 /*
7139 * If we have received too many
7140 * duplicate fragments for this packet
7141 * free it.
7142 */
7143 if (ipf->ipf_num_dups > ip_max_frag_dups) {
7144 ill_frag_free_pkts(ill, ipfb, ipf, 1);
7145 freemsg(mp);
7146 mutex_exit(&ipfb->ipfb_lock);
7147 return (NULL);
7148 }
7149 /* Found it. */
7150 break;
7151 }
7152 ipfp = &ipf->ipf_hash_next;
7153 continue;
7154 }
7155
7156 /*
7157 * If we pruned the list, do we want to store this new
7158 * fragment?. We apply an optimization here based on the
7159 * fact that most fragments will be received in order.
7160 * So if the offset of this incoming fragment is zero,
7161 * it is the first fragment of a new packet. We will
7162 * keep it. Otherwise drop the fragment, as we have
7163 * probably pruned the packet already (since the
7164 * packet cannot be found).
7165 */
7166 if (pruned && offset != 0) {
7167 mutex_exit(&ipfb->ipfb_lock);
7168 freemsg(mp);
7169 return (NULL);
7170 }
7171
7172 if (ipfb->ipfb_frag_pkts >= MAX_FRAG_PKTS(ipst)) {
7173 /*
7174 * Too many fragmented packets in this hash
7175 * bucket. Free the oldest.
7176 */
7177 ill_frag_free_pkts(ill, ipfb, ipfb->ipfb_ipf, 1);
7178 }
7179
7180 /* New guy. Allocate a frag message. */
7181 mp1 = allocb(sizeof (*ipf), BPRI_MED);
7182 if (mp1 == NULL) {
7183 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
7184 ip_drop_input("ipIfStatsInDiscards", mp, ill);
7185 freemsg(mp);
7186 reass_done:
7187 mutex_exit(&ipfb->ipfb_lock);
7188 return (NULL);
7189 }
7190
7191 BUMP_MIB(ill->ill_ip_mib, ipIfStatsReasmReqds);
7192 mp1->b_cont = mp;
7193
7194 /* Initialize the fragment header. */
7195 ipf = (ipf_t *)mp1->b_rptr;
7196 ipf->ipf_mp = mp1;
7197 ipf->ipf_ptphn = ipfp;
7198 ipfp[0] = ipf;
7199 ipf->ipf_hash_next = NULL;
7200 ipf->ipf_ident = ident;
7201 ipf->ipf_protocol = proto;
7202 ipf->ipf_src = src;
7203 ipf->ipf_dst = dst;
7204 ipf->ipf_nf_hdr_len = 0;
7205 /* Record reassembly start time. */
7206 ipf->ipf_timestamp = gethrestime_sec();
7207 /* Record ipf generation and account for frag header */
7208 ipf->ipf_gen = ill->ill_ipf_gen++;
7209 ipf->ipf_count = MBLKSIZE(mp1);
7210 ipf->ipf_last_frag_seen = B_FALSE;
7211 ipf->ipf_ecn = ecn_info;
7212 ipf->ipf_num_dups = 0;
7213 ipfb->ipfb_frag_pkts++;
7214 ipf->ipf_checksum = 0;
7215 ipf->ipf_checksum_flags = 0;
7216
7217 /* Store checksum value in fragment header */
7218 if (sum_flags != 0) {
7219 sum_val = (sum_val & 0xFFFF) + (sum_val >> 16);
7220 sum_val = (sum_val & 0xFFFF) + (sum_val >> 16);
7221 ipf->ipf_checksum = sum_val;
7222 ipf->ipf_checksum_flags = sum_flags;
7223 }
7224
7225 /*
7226 * We handle reassembly two ways. In the easy case,
7227 * where all the fragments show up in order, we do
7228 * minimal bookkeeping, and just clip new pieces on
7229 * the end. If we ever see a hole, then we go off
7230 * to ip_reassemble which has to mark the pieces and
7231 * keep track of the number of holes, etc. Obviously,
7232 * the point of having both mechanisms is so we can
7233 * handle the easy case as efficiently as possible.
7234 */
7235 if (offset == 0) {
7236 /* Easy case, in-order reassembly so far. */
7237 ipf->ipf_count += msg_len;
7238 ipf->ipf_tail_mp = tail_mp;
7239 /*
7240 * Keep track of next expected offset in
7241 * ipf_end.
7242 */
7243 ipf->ipf_end = end;
7244 ipf->ipf_nf_hdr_len = hdr_length;
7245 } else {
7246 /* Hard case, hole at the beginning. */
7247 ipf->ipf_tail_mp = NULL;
7248 /*
7249 * ipf_end == 0 means that we have given up
7250 * on easy reassembly.
7251 */
7252 ipf->ipf_end = 0;
7253
7254 /* Forget checksum offload from now on */
7255 ipf->ipf_checksum_flags = 0;
7256
7257 /*
7258 * ipf_hole_cnt is set by ip_reassemble.
7259 * ipf_count is updated by ip_reassemble.
7260 * No need to check for return value here
7261 * as we don't expect reassembly to complete
7262 * or fail for the first fragment itself.
7263 */
7264 (void) ip_reassemble(mp, ipf,
7265 (frag_offset_flags & IPH_OFFSET) << 3,
7266 (frag_offset_flags & IPH_MF), ill, msg_len);
7267 }
7268 /* Update per ipfb and ill byte counts */
7269 ipfb->ipfb_count += ipf->ipf_count;
7270 ASSERT(ipfb->ipfb_count > 0); /* Wraparound */
7271 atomic_add_32(&ill->ill_frag_count, ipf->ipf_count);
7272 /* If the frag timer wasn't already going, start it. */
7273 mutex_enter(&ill->ill_lock);
7274 ill_frag_timer_start(ill);
7275 mutex_exit(&ill->ill_lock);
7276 goto reass_done;
7277 }
7278
7279 /*
7280 * If the packet's flag has changed (it could be coming up
7281 * from an interface different than the previous, therefore
7282 * possibly different checksum capability), then forget about
7283 * any stored checksum states. Otherwise add the value to
7284 * the existing one stored in the fragment header.
7285 */
7286 if (sum_flags != 0 && sum_flags == ipf->ipf_checksum_flags) {
7287 sum_val += ipf->ipf_checksum;
7288 sum_val = (sum_val & 0xFFFF) + (sum_val >> 16);
7289 sum_val = (sum_val & 0xFFFF) + (sum_val >> 16);
7290 ipf->ipf_checksum = sum_val;
7291 } else if (ipf->ipf_checksum_flags != 0) {
7292 /* Forget checksum offload from now on */
7293 ipf->ipf_checksum_flags = 0;
7294 }
7295
7296 /*
7297 * We have a new piece of a datagram which is already being
7298 * reassembled. Update the ECN info if all IP fragments
7299 * are ECN capable. If there is one which is not, clear
7300 * all the info. If there is at least one which has CE
7301 * code point, IP needs to report that up to transport.
7302 */
7303 if (ecn_info != IPH_ECN_NECT && ipf->ipf_ecn != IPH_ECN_NECT) {
7304 if (ecn_info == IPH_ECN_CE)
7305 ipf->ipf_ecn = IPH_ECN_CE;
7306 } else {
7307 ipf->ipf_ecn = IPH_ECN_NECT;
7308 }
7309 if (offset && ipf->ipf_end == offset) {
7310 /* The new fragment fits at the end */
7311 ipf->ipf_tail_mp->b_cont = mp;
7312 /* Update the byte count */
7313 ipf->ipf_count += msg_len;
7314 /* Update per ipfb and ill byte counts */
7315 ipfb->ipfb_count += msg_len;
7316 ASSERT(ipfb->ipfb_count > 0); /* Wraparound */
7317 atomic_add_32(&ill->ill_frag_count, msg_len);
7318 if (frag_offset_flags & IPH_MF) {
7319 /* More to come. */
7320 ipf->ipf_end = end;
7321 ipf->ipf_tail_mp = tail_mp;
7322 goto reass_done;
7323 }
7324 } else {
7325 /* Go do the hard cases. */
7326 int ret;
7327
7328 if (offset == 0)
7329 ipf->ipf_nf_hdr_len = hdr_length;
7330
7331 /* Save current byte count */
7332 count = ipf->ipf_count;
7333 ret = ip_reassemble(mp, ipf,
7334 (frag_offset_flags & IPH_OFFSET) << 3,
7335 (frag_offset_flags & IPH_MF), ill, msg_len);
7336 /* Count of bytes added and subtracted (freeb()ed) */
7337 count = ipf->ipf_count - count;
7338 if (count) {
7339 /* Update per ipfb and ill byte counts */
7340 ipfb->ipfb_count += count;
7341 ASSERT(ipfb->ipfb_count > 0); /* Wraparound */
7342 atomic_add_32(&ill->ill_frag_count, count);
7343 }
7344 if (ret == IP_REASS_PARTIAL) {
7345 goto reass_done;
7346 } else if (ret == IP_REASS_FAILED) {
7347 /* Reassembly failed. Free up all resources */
7348 ill_frag_free_pkts(ill, ipfb, ipf, 1);
7349 for (t_mp = mp; t_mp != NULL; t_mp = t_mp->b_cont) {
7350 IP_REASS_SET_START(t_mp, 0);
7351 IP_REASS_SET_END(t_mp, 0);
7352 }
7353 freemsg(mp);
7354 goto reass_done;
7355 }
7356 /* We will reach here iff 'ret' is IP_REASS_COMPLETE */
7357 }
7358 /*
7359 * We have completed reassembly. Unhook the frag header from
7360 * the reassembly list.
7361 *
7362 * Before we free the frag header, record the ECN info
7363 * to report back to the transport.
7364 */
7365 ecn_info = ipf->ipf_ecn;
7366 BUMP_MIB(ill->ill_ip_mib, ipIfStatsReasmOKs);
7367 ipfp = ipf->ipf_ptphn;
7368
7369 /* We need to supply these to caller */
7370 if ((sum_flags = ipf->ipf_checksum_flags) != 0)
7371 sum_val = ipf->ipf_checksum;
7372 else
7373 sum_val = 0;
7374
7375 mp1 = ipf->ipf_mp;
7376 count = ipf->ipf_count;
7377 ipf = ipf->ipf_hash_next;
7378 if (ipf != NULL)
7379 ipf->ipf_ptphn = ipfp;
7380 ipfp[0] = ipf;
7381 atomic_add_32(&ill->ill_frag_count, -count);
7382 ASSERT(ipfb->ipfb_count >= count);
7383 ipfb->ipfb_count -= count;
7384 ipfb->ipfb_frag_pkts--;
7385 mutex_exit(&ipfb->ipfb_lock);
7386 /* Ditch the frag header. */
7387 mp = mp1->b_cont;
7388
7389 freeb(mp1);
7390
7391 /* Restore original IP length in header. */
7392 packet_size = (uint32_t)msgdsize(mp);
7393 if (packet_size > IP_MAXPACKET) {
7394 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7395 ip_drop_input("Reassembled packet too large", mp, ill);
7396 freemsg(mp);
7397 return (NULL);
7398 }
7399
7400 if (DB_REF(mp) > 1) {
7401 mblk_t *mp2 = copymsg(mp);
7402
7403 if (mp2 == NULL) {
7404 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
7405 ip_drop_input("ipIfStatsInDiscards", mp, ill);
7406 freemsg(mp);
7407 return (NULL);
7408 }
7409 freemsg(mp);
7410 mp = mp2;
7411 }
7412 ipha = (ipha_t *)mp->b_rptr;
7413
7414 ipha->ipha_length = htons((uint16_t)packet_size);
7415 /* We're now complete, zip the frag state */
7416 ipha->ipha_fragment_offset_and_flags = 0;
7417 /* Record the ECN info. */
7418 ipha->ipha_type_of_service &= 0xFC;
7419 ipha->ipha_type_of_service |= ecn_info;
7420
7421 /* Update the receive attributes */
7422 ira->ira_pktlen = packet_size;
7423 ira->ira_ip_hdr_length = IPH_HDR_LENGTH(ipha);
7424
7425 /* Reassembly is successful; set checksum information in packet */
7426 DB_CKSUM16(mp) = (uint16_t)sum_val;
7427 DB_CKSUMFLAGS(mp) = sum_flags;
7428 DB_CKSUMSTART(mp) = ira->ira_ip_hdr_length;
7429
7430 return (mp);
7431 }
7432
7433 /*
7434 * Pullup function that should be used for IP input in order to
7435 * ensure we do not loose the L2 source address; we need the l2 source
7436 * address for IP_RECVSLLA and for ndp_input.
7437 *
7438 * We return either NULL or b_rptr.
7439 */
7440 void *
7441 ip_pullup(mblk_t *mp, ssize_t len, ip_recv_attr_t *ira)
7442 {
7443 ill_t *ill = ira->ira_ill;
7444
7445 if (ip_rput_pullups++ == 0) {
7446 (void) mi_strlog(ill->ill_rq, 1, SL_ERROR|SL_TRACE,
7447 "ip_pullup: %s forced us to "
7448 " pullup pkt, hdr len %ld, hdr addr %p",
7449 ill->ill_name, len, (void *)mp->b_rptr);
7450 }
7451 if (!(ira->ira_flags & IRAF_L2SRC_SET))
7452 ip_setl2src(mp, ira, ira->ira_rill);
7453 ASSERT(ira->ira_flags & IRAF_L2SRC_SET);
7454 if (!pullupmsg(mp, len))
7455 return (NULL);
7456 else
7457 return (mp->b_rptr);
7458 }
7459
7460 /*
7461 * Make sure ira_l2src has an address. If we don't have one fill with zeros.
7462 * When called from the ULP ira_rill will be NULL hence the caller has to
7463 * pass in the ill.
7464 */
7465 /* ARGSUSED */
7466 void
7467 ip_setl2src(mblk_t *mp, ip_recv_attr_t *ira, ill_t *ill)
7468 {
7469 const uchar_t *addr;
7470 int alen;
7471
7472 if (ira->ira_flags & IRAF_L2SRC_SET)
7473 return;
7474
7475 ASSERT(ill != NULL);
7476 alen = ill->ill_phys_addr_length;
7477 ASSERT(alen <= sizeof (ira->ira_l2src));
7478 if (ira->ira_mhip != NULL &&
7479 (addr = ira->ira_mhip->mhi_saddr) != NULL) {
7480 bcopy(addr, ira->ira_l2src, alen);
7481 } else if ((ira->ira_flags & IRAF_L2SRC_LOOPBACK) &&
7482 (addr = ill->ill_phys_addr) != NULL) {
7483 bcopy(addr, ira->ira_l2src, alen);
7484 } else {
7485 bzero(ira->ira_l2src, alen);
7486 }
7487 ira->ira_flags |= IRAF_L2SRC_SET;
7488 }
7489
7490 /*
7491 * check ip header length and align it.
7492 */
7493 mblk_t *
7494 ip_check_and_align_header(mblk_t *mp, uint_t min_size, ip_recv_attr_t *ira)
7495 {
7496 ill_t *ill = ira->ira_ill;
7497 ssize_t len;
7498
7499 len = MBLKL(mp);
7500
7501 if (!OK_32PTR(mp->b_rptr))
7502 IP_STAT(ill->ill_ipst, ip_notaligned);
7503 else
7504 IP_STAT(ill->ill_ipst, ip_recv_pullup);
7505
7506 /* Guard against bogus device drivers */
7507 if (len < 0) {
7508 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7509 ip_drop_input("ipIfStatsInHdrErrors", mp, ill);
7510 freemsg(mp);
7511 return (NULL);
7512 }
7513
7514 if (len == 0) {
7515 /* GLD sometimes sends up mblk with b_rptr == b_wptr! */
7516 mblk_t *mp1 = mp->b_cont;
7517
7518 if (!(ira->ira_flags & IRAF_L2SRC_SET))
7519 ip_setl2src(mp, ira, ira->ira_rill);
7520 ASSERT(ira->ira_flags & IRAF_L2SRC_SET);
7521
7522 freeb(mp);
7523 mp = mp1;
7524 if (mp == NULL)
7525 return (NULL);
7526
7527 if (OK_32PTR(mp->b_rptr) && MBLKL(mp) >= min_size)
7528 return (mp);
7529 }
7530 if (ip_pullup(mp, min_size, ira) == NULL) {
7531 if (msgdsize(mp) < min_size) {
7532 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7533 ip_drop_input("ipIfStatsInHdrErrors", mp, ill);
7534 } else {
7535 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
7536 ip_drop_input("ipIfStatsInDiscards", mp, ill);
7537 }
7538 freemsg(mp);
7539 return (NULL);
7540 }
7541 return (mp);
7542 }
7543
7544 /*
7545 * Common code for IPv4 and IPv6 to check and pullup multi-mblks
7546 */
7547 mblk_t *
7548 ip_check_length(mblk_t *mp, uchar_t *rptr, ssize_t len, uint_t pkt_len,
7549 uint_t min_size, ip_recv_attr_t *ira)
7550 {
7551 ill_t *ill = ira->ira_ill;
7552
7553 /*
7554 * Make sure we have data length consistent
7555 * with the IP header.
7556 */
7557 if (mp->b_cont == NULL) {
7558 /* pkt_len is based on ipha_len, not the mblk length */
7559 if (pkt_len < min_size) {
7560 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7561 ip_drop_input("ipIfStatsInHdrErrors", mp, ill);
7562 freemsg(mp);
7563 return (NULL);
7564 }
7565 if (len < 0) {
7566 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts);
7567 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill);
7568 freemsg(mp);
7569 return (NULL);
7570 }
7571 /* Drop any pad */
7572 mp->b_wptr = rptr + pkt_len;
7573 } else if ((len += msgdsize(mp->b_cont)) != 0) {
7574 ASSERT(pkt_len >= min_size);
7575 if (pkt_len < min_size) {
7576 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7577 ip_drop_input("ipIfStatsInHdrErrors", mp, ill);
7578 freemsg(mp);
7579 return (NULL);
7580 }
7581 if (len < 0) {
7582 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts);
7583 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill);
7584 freemsg(mp);
7585 return (NULL);
7586 }
7587 /* Drop any pad */
7588 (void) adjmsg(mp, -len);
7589 /*
7590 * adjmsg may have freed an mblk from the chain, hence
7591 * invalidate any hw checksum here. This will force IP to
7592 * calculate the checksum in sw, but only for this packet.
7593 */
7594 DB_CKSUMFLAGS(mp) = 0;
7595 IP_STAT(ill->ill_ipst, ip_multimblk);
7596 }
7597 return (mp);
7598 }
7599
7600 /*
7601 * Check that the IPv4 opt_len is consistent with the packet and pullup
7602 * the options.
7603 */
7604 mblk_t *
7605 ip_check_optlen(mblk_t *mp, ipha_t *ipha, uint_t opt_len, uint_t pkt_len,
7606 ip_recv_attr_t *ira)
7607 {
7608 ill_t *ill = ira->ira_ill;
7609 ssize_t len;
7610
7611 /* Assume no IPv6 packets arrive over the IPv4 queue */
7612 if (IPH_HDR_VERSION(ipha) != IPV4_VERSION) {
7613 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7614 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInWrongIPVersion);
7615 ip_drop_input("IPvN packet on IPv4 ill", mp, ill);
7616 freemsg(mp);
7617 return (NULL);
7618 }
7619
7620 if (opt_len > (15 - IP_SIMPLE_HDR_LENGTH_IN_WORDS)) {
7621 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7622 ip_drop_input("ipIfStatsInHdrErrors", mp, ill);
7623 freemsg(mp);
7624 return (NULL);
7625 }
7626 /*
7627 * Recompute complete header length and make sure we
7628 * have access to all of it.
7629 */
7630 len = ((size_t)opt_len + IP_SIMPLE_HDR_LENGTH_IN_WORDS) << 2;
7631 if (len > (mp->b_wptr - mp->b_rptr)) {
7632 if (len > pkt_len) {
7633 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7634 ip_drop_input("ipIfStatsInHdrErrors", mp, ill);
7635 freemsg(mp);
7636 return (NULL);
7637 }
7638 if (ip_pullup(mp, len, ira) == NULL) {
7639 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
7640 ip_drop_input("ipIfStatsInDiscards", mp, ill);
7641 freemsg(mp);
7642 return (NULL);
7643 }
7644 }
7645 return (mp);
7646 }
7647
7648 /*
7649 * Returns a new ire, or the same ire, or NULL.
7650 * If a different IRE is returned, then it is held; the caller
7651 * needs to release it.
7652 * In no case is there any hold/release on the ire argument.
7653 */
7654 ire_t *
7655 ip_check_multihome(void *addr, ire_t *ire, ill_t *ill)
7656 {
7657 ire_t *new_ire;
7658 ill_t *ire_ill;
7659 uint_t ifindex;
7660 ip_stack_t *ipst = ill->ill_ipst;
7661 boolean_t strict_check = B_FALSE;
7662
7663 /*
7664 * IPMP common case: if IRE and ILL are in the same group, there's no
7665 * issue (e.g. packet received on an underlying interface matched an
7666 * IRE_LOCAL on its associated group interface).
7667 */
7668 ASSERT(ire->ire_ill != NULL);
7669 if (IS_IN_SAME_ILLGRP(ill, ire->ire_ill))
7670 return (ire);
7671
7672 /*
7673 * Do another ire lookup here, using the ingress ill, to see if the
7674 * interface is in a usesrc group.
7675 * As long as the ills belong to the same group, we don't consider
7676 * them to be arriving on the wrong interface. Thus, if the switch
7677 * is doing inbound load spreading, we won't drop packets when the
7678 * ip*_strict_dst_multihoming switch is on.
7679 * We also need to check for IPIF_UNNUMBERED point2point interfaces
7680 * where the local address may not be unique. In this case we were
7681 * at the mercy of the initial ire lookup and the IRE_LOCAL it
7682 * actually returned. The new lookup, which is more specific, should
7683 * only find the IRE_LOCAL associated with the ingress ill if one
7684 * exists.
7685 */
7686 if (ire->ire_ipversion == IPV4_VERSION) {
7687 if (ipst->ips_ip_strict_dst_multihoming)
7688 strict_check = B_TRUE;
7689 new_ire = ire_ftable_lookup_v4(*((ipaddr_t *)addr), 0, 0,
7690 IRE_LOCAL, ill, ALL_ZONES, NULL,
7691 (MATCH_IRE_TYPE|MATCH_IRE_ILL), 0, ipst, NULL);
7692 } else {
7693 ASSERT(!IN6_IS_ADDR_MULTICAST((in6_addr_t *)addr));
7694 if (ipst->ips_ipv6_strict_dst_multihoming)
7695 strict_check = B_TRUE;
7696 new_ire = ire_ftable_lookup_v6((in6_addr_t *)addr, NULL, NULL,
7697 IRE_LOCAL, ill, ALL_ZONES, NULL,
7698 (MATCH_IRE_TYPE|MATCH_IRE_ILL), 0, ipst, NULL);
7699 }
7700 /*
7701 * If the same ire that was returned in ip_input() is found then this
7702 * is an indication that usesrc groups are in use. The packet
7703 * arrived on a different ill in the group than the one associated with
7704 * the destination address. If a different ire was found then the same
7705 * IP address must be hosted on multiple ills. This is possible with
7706 * unnumbered point2point interfaces. We switch to use this new ire in
7707 * order to have accurate interface statistics.
7708 */
7709 if (new_ire != NULL) {
7710 /* Note: held in one case but not the other? Caller handles */
7711 if (new_ire != ire)
7712 return (new_ire);
7713 /* Unchanged */
7714 ire_refrele(new_ire);
7715 return (ire);
7716 }
7717
7718 /*
7719 * Chase pointers once and store locally.
7720 */
7721 ASSERT(ire->ire_ill != NULL);
7722 ire_ill = ire->ire_ill;
7723 ifindex = ill->ill_usesrc_ifindex;
7724
7725 /*
7726 * Check if it's a legal address on the 'usesrc' interface.
7727 * For IPMP data addresses the IRE_LOCAL is the upper, hence we
7728 * can just check phyint_ifindex.
7729 */
7730 if (ifindex != 0 && ifindex == ire_ill->ill_phyint->phyint_ifindex) {
7731 return (ire);
7732 }
7733
7734 /*
7735 * If the ip*_strict_dst_multihoming switch is on then we can
7736 * only accept this packet if the interface is marked as routing.
7737 */
7738 if (!(strict_check))
7739 return (ire);
7740
7741 if ((ill->ill_flags & ire->ire_ill->ill_flags & ILLF_ROUTER) != 0) {
7742 return (ire);
7743 }
7744 return (NULL);
7745 }
7746
7747 /*
7748 * This function is used to construct a mac_header_info_s from a
7749 * DL_UNITDATA_IND message.
7750 * The address fields in the mhi structure points into the message,
7751 * thus the caller can't use those fields after freeing the message.
7752 *
7753 * We determine whether the packet received is a non-unicast packet
7754 * and in doing so, determine whether or not it is broadcast vs multicast.
7755 * For it to be a broadcast packet, we must have the appropriate mblk_t
7756 * hanging off the ill_t. If this is either not present or doesn't match
7757 * the destination mac address in the DL_UNITDATA_IND, the packet is deemed
7758 * to be multicast. Thus NICs that have no broadcast address (or no
7759 * capability for one, such as point to point links) cannot return as
7760 * the packet being broadcast.
7761 */
7762 void
7763 ip_dlur_to_mhi(ill_t *ill, mblk_t *mb, struct mac_header_info_s *mhip)
7764 {
7765 dl_unitdata_ind_t *ind = (dl_unitdata_ind_t *)mb->b_rptr;
7766 mblk_t *bmp;
7767 uint_t extra_offset;
7768
7769 bzero(mhip, sizeof (struct mac_header_info_s));
7770
7771 mhip->mhi_dsttype = MAC_ADDRTYPE_UNICAST;
7772
7773 if (ill->ill_sap_length < 0)
7774 extra_offset = 0;
7775 else
7776 extra_offset = ill->ill_sap_length;
7777
7778 mhip->mhi_daddr = (uchar_t *)ind + ind->dl_dest_addr_offset +
7779 extra_offset;
7780 mhip->mhi_saddr = (uchar_t *)ind + ind->dl_src_addr_offset +
7781 extra_offset;
7782
7783 if (!ind->dl_group_address)
7784 return;
7785
7786 /* Multicast or broadcast */
7787 mhip->mhi_dsttype = MAC_ADDRTYPE_MULTICAST;
7788
7789 if (ind->dl_dest_addr_offset > sizeof (*ind) &&
7790 ind->dl_dest_addr_offset + ind->dl_dest_addr_length < MBLKL(mb) &&
7791 (bmp = ill->ill_bcast_mp) != NULL) {
7792 dl_unitdata_req_t *dlur;
7793 uint8_t *bphys_addr;
7794
7795 dlur = (dl_unitdata_req_t *)bmp->b_rptr;
7796 bphys_addr = (uchar_t *)dlur + dlur->dl_dest_addr_offset +
7797 extra_offset;
7798
7799 if (bcmp(mhip->mhi_daddr, bphys_addr,
7800 ind->dl_dest_addr_length) == 0)
7801 mhip->mhi_dsttype = MAC_ADDRTYPE_BROADCAST;
7802 }
7803 }
7804
7805 /*
7806 * This function is used to construct a mac_header_info_s from a
7807 * M_DATA fastpath message from a DLPI driver.
7808 * The address fields in the mhi structure points into the message,
7809 * thus the caller can't use those fields after freeing the message.
7810 *
7811 * We determine whether the packet received is a non-unicast packet
7812 * and in doing so, determine whether or not it is broadcast vs multicast.
7813 * For it to be a broadcast packet, we must have the appropriate mblk_t
7814 * hanging off the ill_t. If this is either not present or doesn't match
7815 * the destination mac address in the DL_UNITDATA_IND, the packet is deemed
7816 * to be multicast. Thus NICs that have no broadcast address (or no
7817 * capability for one, such as point to point links) cannot return as
7818 * the packet being broadcast.
7819 */
7820 void
7821 ip_mdata_to_mhi(ill_t *ill, mblk_t *mp, struct mac_header_info_s *mhip)
7822 {
7823 mblk_t *bmp;
7824 struct ether_header *pether;
7825
7826 bzero(mhip, sizeof (struct mac_header_info_s));
7827
7828 mhip->mhi_dsttype = MAC_ADDRTYPE_UNICAST;
7829
7830 pether = (struct ether_header *)((char *)mp->b_rptr
7831 - sizeof (struct ether_header));
7832
7833 /*
7834 * Make sure the interface is an ethernet type, since we don't
7835 * know the header format for anything but Ethernet. Also make
7836 * sure we are pointing correctly above db_base.
7837 */
7838 if (ill->ill_type != IFT_ETHER)
7839 return;
7840
7841 retry:
7842 if ((uchar_t *)pether < mp->b_datap->db_base)
7843 return;
7844
7845 /* Is there a VLAN tag? */
7846 if (ill->ill_isv6) {
7847 if (pether->ether_type != htons(ETHERTYPE_IPV6)) {
7848 pether = (struct ether_header *)((char *)pether - 4);
7849 goto retry;
7850 }
7851 } else {
7852 if (pether->ether_type != htons(ETHERTYPE_IP)) {
7853 pether = (struct ether_header *)((char *)pether - 4);
7854 goto retry;
7855 }
7856 }
7857 mhip->mhi_daddr = (uchar_t *)&pether->ether_dhost;
7858 mhip->mhi_saddr = (uchar_t *)&pether->ether_shost;
7859
7860 if (!(mhip->mhi_daddr[0] & 0x01))
7861 return;
7862
7863 /* Multicast or broadcast */
7864 mhip->mhi_dsttype = MAC_ADDRTYPE_MULTICAST;
7865
7866 if ((bmp = ill->ill_bcast_mp) != NULL) {
7867 dl_unitdata_req_t *dlur;
7868 uint8_t *bphys_addr;
7869 uint_t addrlen;
7870
7871 dlur = (dl_unitdata_req_t *)bmp->b_rptr;
7872 addrlen = dlur->dl_dest_addr_length;
7873 if (ill->ill_sap_length < 0) {
7874 bphys_addr = (uchar_t *)dlur +
7875 dlur->dl_dest_addr_offset;
7876 addrlen += ill->ill_sap_length;
7877 } else {
7878 bphys_addr = (uchar_t *)dlur +
7879 dlur->dl_dest_addr_offset +
7880 ill->ill_sap_length;
7881 addrlen -= ill->ill_sap_length;
7882 }
7883 if (bcmp(mhip->mhi_daddr, bphys_addr, addrlen) == 0)
7884 mhip->mhi_dsttype = MAC_ADDRTYPE_BROADCAST;
7885 }
7886 }
7887
7888 /*
7889 * Handle anything but M_DATA messages
7890 * We see the DL_UNITDATA_IND which are part
7891 * of the data path, and also the other messages from the driver.
7892 */
7893 void
7894 ip_rput_notdata(ill_t *ill, mblk_t *mp)
7895 {
7896 mblk_t *first_mp;
7897 struct iocblk *iocp;
7898 struct mac_header_info_s mhi;
7899
7900 switch (DB_TYPE(mp)) {
7901 case M_PROTO:
7902 case M_PCPROTO: {
7903 if (((dl_unitdata_ind_t *)mp->b_rptr)->dl_primitive !=
7904 DL_UNITDATA_IND) {
7905 /* Go handle anything other than data elsewhere. */
7906 ip_rput_dlpi(ill, mp);
7907 return;
7908 }
7909
7910 first_mp = mp;
7911 mp = first_mp->b_cont;
7912 first_mp->b_cont = NULL;
7913
7914 if (mp == NULL) {
7915 freeb(first_mp);
7916 return;
7917 }
7918 ip_dlur_to_mhi(ill, first_mp, &mhi);
7919 if (ill->ill_isv6)
7920 ip_input_v6(ill, NULL, mp, &mhi);
7921 else
7922 ip_input(ill, NULL, mp, &mhi);
7923
7924 /* Ditch the DLPI header. */
7925 freeb(first_mp);
7926 return;
7927 }
7928 case M_IOCACK:
7929 iocp = (struct iocblk *)mp->b_rptr;
7930 switch (iocp->ioc_cmd) {
7931 case DL_IOC_HDR_INFO:
7932 ill_fastpath_ack(ill, mp);
7933 return;
7934 default:
7935 putnext(ill->ill_rq, mp);
7936 return;
7937 }
7938 /* FALLTHRU */
7939 case M_ERROR:
7940 case M_HANGUP:
7941 mutex_enter(&ill->ill_lock);
7942 if (ill->ill_state_flags & ILL_CONDEMNED) {
7943 mutex_exit(&ill->ill_lock);
7944 freemsg(mp);
7945 return;
7946 }
7947 ill_refhold_locked(ill);
7948 mutex_exit(&ill->ill_lock);
7949 qwriter_ip(ill, ill->ill_rq, mp, ip_rput_other, CUR_OP,
7950 B_FALSE);
7951 return;
7952 case M_CTL:
7953 putnext(ill->ill_rq, mp);
7954 return;
7955 case M_IOCNAK:
7956 ip1dbg(("got iocnak "));
7957 iocp = (struct iocblk *)mp->b_rptr;
7958 switch (iocp->ioc_cmd) {
7959 case DL_IOC_HDR_INFO:
7960 ip_rput_other(NULL, ill->ill_rq, mp, NULL);
7961 return;
7962 default:
7963 break;
7964 }
7965 /* FALLTHRU */
7966 default:
7967 putnext(ill->ill_rq, mp);
7968 return;
7969 }
7970 }
7971
7972 /* Read side put procedure. Packets coming from the wire arrive here. */
7973 void
7974 ip_rput(queue_t *q, mblk_t *mp)
7975 {
7976 ill_t *ill;
7977 union DL_primitives *dl;
7978
7979 ill = (ill_t *)q->q_ptr;
7980
7981 if (ill->ill_state_flags & (ILL_CONDEMNED | ILL_LL_SUBNET_PENDING)) {
7982 /*
7983 * If things are opening or closing, only accept high-priority
7984 * DLPI messages. (On open ill->ill_ipif has not yet been
7985 * created; on close, things hanging off the ill may have been
7986 * freed already.)
7987 */
7988 dl = (union DL_primitives *)mp->b_rptr;
7989 if (DB_TYPE(mp) != M_PCPROTO ||
7990 dl->dl_primitive == DL_UNITDATA_IND) {
7991 inet_freemsg(mp);
7992 return;
7993 }
7994 }
7995 if (DB_TYPE(mp) == M_DATA) {
7996 struct mac_header_info_s mhi;
7997
7998 ip_mdata_to_mhi(ill, mp, &mhi);
7999 ip_input(ill, NULL, mp, &mhi);
8000 } else {
8001 ip_rput_notdata(ill, mp);
8002 }
8003 }
8004
8005 /*
8006 * Move the information to a copy.
8007 */
8008 mblk_t *
8009 ip_fix_dbref(mblk_t *mp, ip_recv_attr_t *ira)
8010 {
8011 mblk_t *mp1;
8012 ill_t *ill = ira->ira_ill;
8013 ip_stack_t *ipst = ill->ill_ipst;
8014
8015 IP_STAT(ipst, ip_db_ref);
8016
8017 /* Make sure we have ira_l2src before we loose the original mblk */
8018 if (!(ira->ira_flags & IRAF_L2SRC_SET))
8019 ip_setl2src(mp, ira, ira->ira_rill);
8020
8021 mp1 = copymsg(mp);
8022 if (mp1 == NULL) {
8023 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
8024 ip_drop_input("ipIfStatsInDiscards", mp, ill);
8025 freemsg(mp);
8026 return (NULL);
8027 }
8028 /* preserve the hardware checksum flags and data, if present */
8029 if (DB_CKSUMFLAGS(mp) != 0) {
8030 DB_CKSUMFLAGS(mp1) = DB_CKSUMFLAGS(mp);
8031 DB_CKSUMSTART(mp1) = DB_CKSUMSTART(mp);
8032 DB_CKSUMSTUFF(mp1) = DB_CKSUMSTUFF(mp);
8033 DB_CKSUMEND(mp1) = DB_CKSUMEND(mp);
8034 DB_CKSUM16(mp1) = DB_CKSUM16(mp);
8035 }
8036 freemsg(mp);
8037 return (mp1);
8038 }
8039
8040 static void
8041 ip_dlpi_error(ill_t *ill, t_uscalar_t prim, t_uscalar_t dl_err,
8042 t_uscalar_t err)
8043 {
8044 if (dl_err == DL_SYSERR) {
8045 (void) mi_strlog(ill->ill_rq, 1, SL_CONSOLE|SL_ERROR|SL_TRACE,
8046 "%s: %s failed: DL_SYSERR (errno %u)\n",
8047 ill->ill_name, dl_primstr(prim), err);
8048 return;
8049 }
8050
8051 (void) mi_strlog(ill->ill_rq, 1, SL_CONSOLE|SL_ERROR|SL_TRACE,
8052 "%s: %s failed: %s\n", ill->ill_name, dl_primstr(prim),
8053 dl_errstr(dl_err));
8054 }
8055
8056 /*
8057 * ip_rput_dlpi is called by ip_rput to handle all DLPI messages other
8058 * than DL_UNITDATA_IND messages. If we need to process this message
8059 * exclusively, we call qwriter_ip, in which case we also need to call
8060 * ill_refhold before that, since qwriter_ip does an ill_refrele.
8061 */
8062 void
8063 ip_rput_dlpi(ill_t *ill, mblk_t *mp)
8064 {
8065 dl_ok_ack_t *dloa = (dl_ok_ack_t *)mp->b_rptr;
8066 dl_error_ack_t *dlea = (dl_error_ack_t *)dloa;
8067 queue_t *q = ill->ill_rq;
8068 t_uscalar_t prim = dloa->dl_primitive;
8069 t_uscalar_t reqprim = DL_PRIM_INVAL;
8070
8071 DTRACE_PROBE3(ill__dlpi, char *, "ip_rput_dlpi",
8072 char *, dl_primstr(prim), ill_t *, ill);
8073 ip1dbg(("ip_rput_dlpi"));
8074
8075 /*
8076 * If we received an ACK but didn't send a request for it, then it
8077 * can't be part of any pending operation; discard up-front.
8078 */
8079 switch (prim) {
8080 case DL_ERROR_ACK:
8081 reqprim = dlea->dl_error_primitive;
8082 ip2dbg(("ip_rput_dlpi(%s): DL_ERROR_ACK for %s (0x%x): %s "
8083 "(0x%x), unix %u\n", ill->ill_name, dl_primstr(reqprim),
8084 reqprim, dl_errstr(dlea->dl_errno), dlea->dl_errno,
8085 dlea->dl_unix_errno));
8086 break;
8087 case DL_OK_ACK:
8088 reqprim = dloa->dl_correct_primitive;
8089 break;
8090 case DL_INFO_ACK:
8091 reqprim = DL_INFO_REQ;
8092 break;
8093 case DL_BIND_ACK:
8094 reqprim = DL_BIND_REQ;
8095 break;
8096 case DL_PHYS_ADDR_ACK:
8097 reqprim = DL_PHYS_ADDR_REQ;
8098 break;
8099 case DL_NOTIFY_ACK:
8100 reqprim = DL_NOTIFY_REQ;
8101 break;
8102 case DL_CAPABILITY_ACK:
8103 reqprim = DL_CAPABILITY_REQ;
8104 break;
8105 }
8106
8107 if (prim != DL_NOTIFY_IND) {
8108 if (reqprim == DL_PRIM_INVAL ||
8109 !ill_dlpi_pending(ill, reqprim)) {
8110 /* Not a DLPI message we support or expected */
8111 freemsg(mp);
8112 return;
8113 }
8114 ip1dbg(("ip_rput: received %s for %s\n", dl_primstr(prim),
8115 dl_primstr(reqprim)));
8116 }
8117
8118 switch (reqprim) {
8119 case DL_UNBIND_REQ:
8120 /*
8121 * NOTE: we mark the unbind as complete even if we got a
8122 * DL_ERROR_ACK, since there's not much else we can do.
8123 */
8124 mutex_enter(&ill->ill_lock);
8125 ill->ill_state_flags &= ~ILL_DL_UNBIND_IN_PROGRESS;
8126 cv_signal(&ill->ill_cv);
8127 mutex_exit(&ill->ill_lock);
8128 break;
8129
8130 case DL_ENABMULTI_REQ:
8131 if (prim == DL_OK_ACK) {
8132 if (ill->ill_dlpi_multicast_state == IDS_INPROGRESS)
8133 ill->ill_dlpi_multicast_state = IDS_OK;
8134 }
8135 break;
8136 }
8137
8138 /*
8139 * The message is one we're waiting for (or DL_NOTIFY_IND), but we
8140 * need to become writer to continue to process it. Because an
8141 * exclusive operation doesn't complete until replies to all queued
8142 * DLPI messages have been received, we know we're in the middle of an
8143 * exclusive operation and pass CUR_OP (except for DL_NOTIFY_IND).
8144 *
8145 * As required by qwriter_ip(), we refhold the ill; it will refrele.
8146 * Since this is on the ill stream we unconditionally bump up the
8147 * refcount without doing ILL_CAN_LOOKUP().
8148 */
8149 ill_refhold(ill);
8150 if (prim == DL_NOTIFY_IND)
8151 qwriter_ip(ill, q, mp, ip_rput_dlpi_writer, NEW_OP, B_FALSE);
8152 else
8153 qwriter_ip(ill, q, mp, ip_rput_dlpi_writer, CUR_OP, B_FALSE);
8154 }
8155
8156 /*
8157 * Handling of DLPI messages that require exclusive access to the ipsq.
8158 *
8159 * Need to do ipsq_pending_mp_get on ioctl completion, which could
8160 * happen here. (along with mi_copy_done)
8161 */
8162 /* ARGSUSED */
8163 static void
8164 ip_rput_dlpi_writer(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *dummy_arg)
8165 {
8166 dl_ok_ack_t *dloa = (dl_ok_ack_t *)mp->b_rptr;
8167 dl_error_ack_t *dlea = (dl_error_ack_t *)dloa;
8168 int err = 0;
8169 ill_t *ill = (ill_t *)q->q_ptr;
8170 ipif_t *ipif = NULL;
8171 mblk_t *mp1 = NULL;
8172 conn_t *connp = NULL;
8173 t_uscalar_t paddrreq;
8174 mblk_t *mp_hw;
8175 boolean_t success;
8176 boolean_t ioctl_aborted = B_FALSE;
8177 boolean_t log = B_TRUE;
8178
8179 DTRACE_PROBE3(ill__dlpi, char *, "ip_rput_dlpi_writer",
8180 char *, dl_primstr(dloa->dl_primitive), ill_t *, ill);
8181
8182 ip1dbg(("ip_rput_dlpi_writer .."));
8183 ASSERT(ipsq->ipsq_xop == ill->ill_phyint->phyint_ipsq->ipsq_xop);
8184 ASSERT(IAM_WRITER_ILL(ill));
8185
8186 ipif = ipsq->ipsq_xop->ipx_pending_ipif;
8187 /*
8188 * The current ioctl could have been aborted by the user and a new
8189 * ioctl to bring up another ill could have started. We could still
8190 * get a response from the driver later.
8191 */
8192 if (ipif != NULL && ipif->ipif_ill != ill)
8193 ioctl_aborted = B_TRUE;
8194
8195 switch (dloa->dl_primitive) {
8196 case DL_ERROR_ACK:
8197 ip1dbg(("ip_rput_dlpi_writer: got DL_ERROR_ACK for %s\n",
8198 dl_primstr(dlea->dl_error_primitive)));
8199
8200 DTRACE_PROBE3(ill__dlpi, char *, "ip_rput_dlpi_writer error",
8201 char *, dl_primstr(dlea->dl_error_primitive),
8202 ill_t *, ill);
8203
8204 switch (dlea->dl_error_primitive) {
8205 case DL_DISABMULTI_REQ:
8206 ill_dlpi_done(ill, dlea->dl_error_primitive);
8207 break;
8208 case DL_PROMISCON_REQ:
8209 case DL_PROMISCOFF_REQ:
8210 case DL_UNBIND_REQ:
8211 case DL_ATTACH_REQ:
8212 case DL_INFO_REQ:
8213 ill_dlpi_done(ill, dlea->dl_error_primitive);
8214 break;
8215 case DL_NOTIFY_REQ:
8216 ill_dlpi_done(ill, DL_NOTIFY_REQ);
8217 log = B_FALSE;
8218 break;
8219 case DL_PHYS_ADDR_REQ:
8220 /*
8221 * For IPv6 only, there are two additional
8222 * phys_addr_req's sent to the driver to get the
8223 * IPv6 token and lla. This allows IP to acquire
8224 * the hardware address format for a given interface
8225 * without having built in knowledge of the hardware
8226 * address. ill_phys_addr_pend keeps track of the last
8227 * DL_PAR sent so we know which response we are
8228 * dealing with. ill_dlpi_done will update
8229 * ill_phys_addr_pend when it sends the next req.
8230 * We don't complete the IOCTL until all three DL_PARs
8231 * have been attempted, so set *_len to 0 and break.
8232 */
8233 paddrreq = ill->ill_phys_addr_pend;
8234 ill_dlpi_done(ill, DL_PHYS_ADDR_REQ);
8235 if (paddrreq == DL_IPV6_TOKEN) {
8236 ill->ill_token_length = 0;
8237 log = B_FALSE;
8238 break;
8239 } else if (paddrreq == DL_IPV6_LINK_LAYER_ADDR) {
8240 ill->ill_nd_lla_len = 0;
8241 log = B_FALSE;
8242 break;
8243 }
8244 /*
8245 * Something went wrong with the DL_PHYS_ADDR_REQ.
8246 * We presumably have an IOCTL hanging out waiting
8247 * for completion. Find it and complete the IOCTL
8248 * with the error noted.
8249 * However, ill_dl_phys was called on an ill queue
8250 * (from SIOCSLIFNAME), thus conn_pending_ill is not
8251 * set. But the ioctl is known to be pending on ill_wq.
8252 */
8253 if (!ill->ill_ifname_pending)
8254 break;
8255 ill->ill_ifname_pending = 0;
8256 if (!ioctl_aborted)
8257 mp1 = ipsq_pending_mp_get(ipsq, &connp);
8258 if (mp1 != NULL) {
8259 /*
8260 * This operation (SIOCSLIFNAME) must have
8261 * happened on the ill. Assert there is no conn
8262 */
8263 ASSERT(connp == NULL);
8264 q = ill->ill_wq;
8265 }
8266 break;
8267 case DL_BIND_REQ:
8268 ill_dlpi_done(ill, DL_BIND_REQ);
8269 if (ill->ill_ifname_pending)
8270 break;
8271 mutex_enter(&ill->ill_lock);
8272 ill->ill_state_flags &= ~ILL_DOWN_IN_PROGRESS;
8273 mutex_exit(&ill->ill_lock);
8274 /*
8275 * Something went wrong with the bind. We presumably
8276 * have an IOCTL hanging out waiting for completion.
8277 * Find it, take down the interface that was coming
8278 * up, and complete the IOCTL with the error noted.
8279 */
8280 if (!ioctl_aborted)
8281 mp1 = ipsq_pending_mp_get(ipsq, &connp);
8282 if (mp1 != NULL) {
8283 /*
8284 * This might be a result of a DL_NOTE_REPLUMB
8285 * notification. In that case, connp is NULL.
8286 */
8287 if (connp != NULL)
8288 q = CONNP_TO_WQ(connp);
8289
8290 (void) ipif_down(ipif, NULL, NULL);
8291 /* error is set below the switch */
8292 }
8293 break;
8294 case DL_ENABMULTI_REQ:
8295 ill_dlpi_done(ill, DL_ENABMULTI_REQ);
8296
8297 if (ill->ill_dlpi_multicast_state == IDS_INPROGRESS)
8298 ill->ill_dlpi_multicast_state = IDS_FAILED;
8299 if (ill->ill_dlpi_multicast_state == IDS_FAILED) {
8300
8301 printf("ip: joining multicasts failed (%d)"
8302 " on %s - will use link layer "
8303 "broadcasts for multicast\n",
8304 dlea->dl_errno, ill->ill_name);
8305
8306 /*
8307 * Set up for multi_bcast; We are the
8308 * writer, so ok to access ill->ill_ipif
8309 * without any lock.
8310 */
8311 mutex_enter(&ill->ill_phyint->phyint_lock);
8312 ill->ill_phyint->phyint_flags |=
8313 PHYI_MULTI_BCAST;
8314 mutex_exit(&ill->ill_phyint->phyint_lock);
8315
8316 }
8317 freemsg(mp); /* Don't want to pass this up */
8318 return;
8319 case DL_CAPABILITY_REQ:
8320 ip1dbg(("ip_rput_dlpi_writer: got DL_ERROR_ACK for "
8321 "DL_CAPABILITY REQ\n"));
8322 if (ill->ill_dlpi_capab_state == IDCS_PROBE_SENT)
8323 ill->ill_dlpi_capab_state = IDCS_FAILED;
8324 ill_capability_done(ill);
8325 freemsg(mp);
8326 return;
8327 }
8328 /*
8329 * Note the error for IOCTL completion (mp1 is set when
8330 * ready to complete ioctl). If ill_ifname_pending_err is
8331 * set, an error occured during plumbing (ill_ifname_pending),
8332 * so we want to report that error.
8333 *
8334 * NOTE: there are two addtional DL_PHYS_ADDR_REQ's
8335 * (DL_IPV6_TOKEN and DL_IPV6_LINK_LAYER_ADDR) that are
8336 * expected to get errack'd if the driver doesn't support
8337 * these flags (e.g. ethernet). log will be set to B_FALSE
8338 * if these error conditions are encountered.
8339 */
8340 if (mp1 != NULL) {
8341 if (ill->ill_ifname_pending_err != 0) {
8342 err = ill->ill_ifname_pending_err;
8343 ill->ill_ifname_pending_err = 0;
8344 } else {
8345 err = dlea->dl_unix_errno ?
8346 dlea->dl_unix_errno : ENXIO;
8347 }
8348 /*
8349 * If we're plumbing an interface and an error hasn't already
8350 * been saved, set ill_ifname_pending_err to the error passed
8351 * up. Ignore the error if log is B_FALSE (see comment above).
8352 */
8353 } else if (log && ill->ill_ifname_pending &&
8354 ill->ill_ifname_pending_err == 0) {
8355 ill->ill_ifname_pending_err = dlea->dl_unix_errno ?
8356 dlea->dl_unix_errno : ENXIO;
8357 }
8358
8359 if (log)
8360 ip_dlpi_error(ill, dlea->dl_error_primitive,
8361 dlea->dl_errno, dlea->dl_unix_errno);
8362 break;
8363 case DL_CAPABILITY_ACK:
8364 ill_capability_ack(ill, mp);
8365 /*
8366 * The message has been handed off to ill_capability_ack
8367 * and must not be freed below
8368 */
8369 mp = NULL;
8370 break;
8371
8372 case DL_INFO_ACK:
8373 /* Call a routine to handle this one. */
8374 ill_dlpi_done(ill, DL_INFO_REQ);
8375 ip_ll_subnet_defaults(ill, mp);
8376 ASSERT(!MUTEX_HELD(&ill->ill_phyint->phyint_ipsq->ipsq_lock));
8377 return;
8378 case DL_BIND_ACK:
8379 /*
8380 * We should have an IOCTL waiting on this unless
8381 * sent by ill_dl_phys, in which case just return
8382 */
8383 ill_dlpi_done(ill, DL_BIND_REQ);
8384
8385 if (ill->ill_ifname_pending) {
8386 DTRACE_PROBE2(ip__rput__dlpi__ifname__pending,
8387 ill_t *, ill, mblk_t *, mp);
8388 break;
8389 }
8390 mutex_enter(&ill->ill_lock);
8391 ill->ill_dl_up = 1;
8392 ill->ill_state_flags &= ~ILL_DOWN_IN_PROGRESS;
8393 mutex_exit(&ill->ill_lock);
8394
8395 if (!ioctl_aborted)
8396 mp1 = ipsq_pending_mp_get(ipsq, &connp);
8397 if (mp1 == NULL) {
8398 DTRACE_PROBE1(ip__rput__dlpi__no__mblk, ill_t *, ill);
8399 break;
8400 }
8401 /*
8402 * mp1 was added by ill_dl_up(). if that is a result of
8403 * a DL_NOTE_REPLUMB notification, connp could be NULL.
8404 */
8405 if (connp != NULL)
8406 q = CONNP_TO_WQ(connp);
8407 /*
8408 * We are exclusive. So nothing can change even after
8409 * we get the pending mp.
8410 */
8411 ip1dbg(("ip_rput_dlpi: bind_ack %s\n", ill->ill_name));
8412 DTRACE_PROBE1(ip__rput__dlpi__bind__ack, ill_t *, ill);
8413 ill_nic_event_dispatch(ill, 0, NE_UP, NULL, 0);
8414
8415 /*
8416 * Now bring up the resolver; when that is complete, we'll
8417 * create IREs. Note that we intentionally mirror what
8418 * ipif_up() would have done, because we got here by way of
8419 * ill_dl_up(), which stopped ipif_up()'s processing.
8420 */
8421 if (ill->ill_isv6) {
8422 /*
8423 * v6 interfaces.
8424 * Unlike ARP which has to do another bind
8425 * and attach, once we get here we are
8426 * done with NDP
8427 */
8428 (void) ipif_resolver_up(ipif, Res_act_initial);
8429 if ((err = ipif_ndp_up(ipif, B_TRUE)) == 0)
8430 err = ipif_up_done_v6(ipif);
8431 } else if (ill->ill_net_type == IRE_IF_RESOLVER) {
8432 /*
8433 * ARP and other v4 external resolvers.
8434 * Leave the pending mblk intact so that
8435 * the ioctl completes in ip_rput().
8436 */
8437 if (connp != NULL)
8438 mutex_enter(&connp->conn_lock);
8439 mutex_enter(&ill->ill_lock);
8440 success = ipsq_pending_mp_add(connp, ipif, q, mp1, 0);
8441 mutex_exit(&ill->ill_lock);
8442 if (connp != NULL)
8443 mutex_exit(&connp->conn_lock);
8444 if (success) {
8445 err = ipif_resolver_up(ipif, Res_act_initial);
8446 if (err == EINPROGRESS) {
8447 freemsg(mp);
8448 return;
8449 }
8450 mp1 = ipsq_pending_mp_get(ipsq, &connp);
8451 } else {
8452 /* The conn has started closing */
8453 err = EINTR;
8454 }
8455 } else {
8456 /*
8457 * This one is complete. Reply to pending ioctl.
8458 */
8459 (void) ipif_resolver_up(ipif, Res_act_initial);
8460 err = ipif_up_done(ipif);
8461 }
8462
8463 if ((err == 0) && (ill->ill_up_ipifs)) {
8464 err = ill_up_ipifs(ill, q, mp1);
8465 if (err == EINPROGRESS) {
8466 freemsg(mp);
8467 return;
8468 }
8469 }
8470
8471 /*
8472 * If we have a moved ipif to bring up, and everything has
8473 * succeeded to this point, bring it up on the IPMP ill.
8474 * Otherwise, leave it down -- the admin can try to bring it
8475 * up by hand if need be.
8476 */
8477 if (ill->ill_move_ipif != NULL) {
8478 if (err != 0) {
8479 ill->ill_move_ipif = NULL;
8480 } else {
8481 ipif = ill->ill_move_ipif;
8482 ill->ill_move_ipif = NULL;
8483 err = ipif_up(ipif, q, mp1);
8484 if (err == EINPROGRESS) {
8485 freemsg(mp);
8486 return;
8487 }
8488 }
8489 }
8490 break;
8491
8492 case DL_NOTIFY_IND: {
8493 dl_notify_ind_t *notify = (dl_notify_ind_t *)mp->b_rptr;
8494 uint_t orig_mtu, orig_mc_mtu;
8495
8496 switch (notify->dl_notification) {
8497 case DL_NOTE_PHYS_ADDR:
8498 err = ill_set_phys_addr(ill, mp);
8499 break;
8500
8501 case DL_NOTE_REPLUMB:
8502 /*
8503 * Directly return after calling ill_replumb().
8504 * Note that we should not free mp as it is reused
8505 * in the ill_replumb() function.
8506 */
8507 err = ill_replumb(ill, mp);
8508 return;
8509
8510 case DL_NOTE_FASTPATH_FLUSH:
8511 nce_flush(ill, B_FALSE);
8512 break;
8513
8514 case DL_NOTE_SDU_SIZE:
8515 case DL_NOTE_SDU_SIZE2:
8516 /*
8517 * The dce and fragmentation code can cope with
8518 * this changing while packets are being sent.
8519 * When packets are sent ip_output will discover
8520 * a change.
8521 *
8522 * Change the MTU size of the interface.
8523 */
8524 mutex_enter(&ill->ill_lock);
8525 orig_mtu = ill->ill_mtu;
8526 orig_mc_mtu = ill->ill_mc_mtu;
8527 switch (notify->dl_notification) {
8528 case DL_NOTE_SDU_SIZE:
8529 ill->ill_current_frag =
8530 (uint_t)notify->dl_data;
8531 ill->ill_mc_mtu = (uint_t)notify->dl_data;
8532 break;
8533 case DL_NOTE_SDU_SIZE2:
8534 ill->ill_current_frag =
8535 (uint_t)notify->dl_data1;
8536 ill->ill_mc_mtu = (uint_t)notify->dl_data2;
8537 break;
8538 }
8539 if (ill->ill_current_frag > ill->ill_max_frag)
8540 ill->ill_max_frag = ill->ill_current_frag;
8541
8542 if (!(ill->ill_flags & ILLF_FIXEDMTU)) {
8543 ill->ill_mtu = ill->ill_current_frag;
8544
8545 /*
8546 * If ill_user_mtu was set (via
8547 * SIOCSLIFLNKINFO), clamp ill_mtu at it.
8548 */
8549 if (ill->ill_user_mtu != 0 &&
8550 ill->ill_user_mtu < ill->ill_mtu)
8551 ill->ill_mtu = ill->ill_user_mtu;
8552
8553 if (ill->ill_user_mtu != 0 &&
8554 ill->ill_user_mtu < ill->ill_mc_mtu)
8555 ill->ill_mc_mtu = ill->ill_user_mtu;
8556
8557 if (ill->ill_isv6) {
8558 if (ill->ill_mtu < IPV6_MIN_MTU)
8559 ill->ill_mtu = IPV6_MIN_MTU;
8560 if (ill->ill_mc_mtu < IPV6_MIN_MTU)
8561 ill->ill_mc_mtu = IPV6_MIN_MTU;
8562 } else {
8563 if (ill->ill_mtu < IP_MIN_MTU)
8564 ill->ill_mtu = IP_MIN_MTU;
8565 if (ill->ill_mc_mtu < IP_MIN_MTU)
8566 ill->ill_mc_mtu = IP_MIN_MTU;
8567 }
8568 } else if (ill->ill_mc_mtu > ill->ill_mtu) {
8569 ill->ill_mc_mtu = ill->ill_mtu;
8570 }
8571
8572 mutex_exit(&ill->ill_lock);
8573 /*
8574 * Make sure all dce_generation checks find out
8575 * that ill_mtu/ill_mc_mtu has changed.
8576 */
8577 if (orig_mtu != ill->ill_mtu ||
8578 orig_mc_mtu != ill->ill_mc_mtu) {
8579 dce_increment_all_generations(ill->ill_isv6,
8580 ill->ill_ipst);
8581 }
8582
8583 /*
8584 * Refresh IPMP meta-interface MTU if necessary.
8585 */
8586 if (IS_UNDER_IPMP(ill))
8587 ipmp_illgrp_refresh_mtu(ill->ill_grp);
8588 break;
8589
8590 case DL_NOTE_LINK_UP:
8591 case DL_NOTE_LINK_DOWN: {
8592 /*
8593 * We are writer. ill / phyint / ipsq assocs stable.
8594 * The RUNNING flag reflects the state of the link.
8595 */
8596 phyint_t *phyint = ill->ill_phyint;
8597 uint64_t new_phyint_flags;
8598 boolean_t changed = B_FALSE;
8599 boolean_t went_up;
8600
8601 went_up = notify->dl_notification == DL_NOTE_LINK_UP;
8602 mutex_enter(&phyint->phyint_lock);
8603
8604 new_phyint_flags = went_up ?
8605 phyint->phyint_flags | PHYI_RUNNING :
8606 phyint->phyint_flags & ~PHYI_RUNNING;
8607
8608 if (IS_IPMP(ill)) {
8609 new_phyint_flags = went_up ?
8610 new_phyint_flags & ~PHYI_FAILED :
8611 new_phyint_flags | PHYI_FAILED;
8612 }
8613
8614 if (new_phyint_flags != phyint->phyint_flags) {
8615 phyint->phyint_flags = new_phyint_flags;
8616 changed = B_TRUE;
8617 }
8618 mutex_exit(&phyint->phyint_lock);
8619 /*
8620 * ill_restart_dad handles the DAD restart and routing
8621 * socket notification logic.
8622 */
8623 if (changed) {
8624 ill_restart_dad(phyint->phyint_illv4, went_up);
8625 ill_restart_dad(phyint->phyint_illv6, went_up);
8626 }
8627 break;
8628 }
8629 case DL_NOTE_PROMISC_ON_PHYS: {
8630 phyint_t *phyint = ill->ill_phyint;
8631
8632 mutex_enter(&phyint->phyint_lock);
8633 phyint->phyint_flags |= PHYI_PROMISC;
8634 mutex_exit(&phyint->phyint_lock);
8635 break;
8636 }
8637 case DL_NOTE_PROMISC_OFF_PHYS: {
8638 phyint_t *phyint = ill->ill_phyint;
8639
8640 mutex_enter(&phyint->phyint_lock);
8641 phyint->phyint_flags &= ~PHYI_PROMISC;
8642 mutex_exit(&phyint->phyint_lock);
8643 break;
8644 }
8645 case DL_NOTE_CAPAB_RENEG:
8646 /*
8647 * Something changed on the driver side.
8648 * It wants us to renegotiate the capabilities
8649 * on this ill. One possible cause is the aggregation
8650 * interface under us where a port got added or
8651 * went away.
8652 *
8653 * If the capability negotiation is already done
8654 * or is in progress, reset the capabilities and
8655 * mark the ill's ill_capab_reneg to be B_TRUE,
8656 * so that when the ack comes back, we can start
8657 * the renegotiation process.
8658 *
8659 * Note that if ill_capab_reneg is already B_TRUE
8660 * (ill_dlpi_capab_state is IDS_UNKNOWN in this case),
8661 * the capability resetting request has been sent
8662 * and the renegotiation has not been started yet;
8663 * nothing needs to be done in this case.
8664 */
8665 ipsq_current_start(ipsq, ill->ill_ipif, 0);
8666 ill_capability_reset(ill, B_TRUE);
8667 ipsq_current_finish(ipsq);
8668 break;
8669
8670 case DL_NOTE_ALLOWED_IPS:
8671 ill_set_allowed_ips(ill, mp);
8672 break;
8673 default:
8674 ip0dbg(("ip_rput_dlpi_writer: unknown notification "
8675 "type 0x%x for DL_NOTIFY_IND\n",
8676 notify->dl_notification));
8677 break;
8678 }
8679
8680 /*
8681 * As this is an asynchronous operation, we
8682 * should not call ill_dlpi_done
8683 */
8684 break;
8685 }
8686 case DL_NOTIFY_ACK: {
8687 dl_notify_ack_t *noteack = (dl_notify_ack_t *)mp->b_rptr;
8688
8689 if (noteack->dl_notifications & DL_NOTE_LINK_UP)
8690 ill->ill_note_link = 1;
8691 ill_dlpi_done(ill, DL_NOTIFY_REQ);
8692 break;
8693 }
8694 case DL_PHYS_ADDR_ACK: {
8695 /*
8696 * As part of plumbing the interface via SIOCSLIFNAME,
8697 * ill_dl_phys() will queue a series of DL_PHYS_ADDR_REQs,
8698 * whose answers we receive here. As each answer is received,
8699 * we call ill_dlpi_done() to dispatch the next request as
8700 * we're processing the current one. Once all answers have
8701 * been received, we use ipsq_pending_mp_get() to dequeue the
8702 * outstanding IOCTL and reply to it. (Because ill_dl_phys()
8703 * is invoked from an ill queue, conn_oper_pending_ill is not
8704 * available, but we know the ioctl is pending on ill_wq.)
8705 */
8706 uint_t paddrlen, paddroff;
8707 uint8_t *addr;
8708
8709 paddrreq = ill->ill_phys_addr_pend;
8710 paddrlen = ((dl_phys_addr_ack_t *)mp->b_rptr)->dl_addr_length;
8711 paddroff = ((dl_phys_addr_ack_t *)mp->b_rptr)->dl_addr_offset;
8712 addr = mp->b_rptr + paddroff;
8713
8714 ill_dlpi_done(ill, DL_PHYS_ADDR_REQ);
8715 if (paddrreq == DL_IPV6_TOKEN) {
8716 /*
8717 * bcopy to low-order bits of ill_token
8718 *
8719 * XXX Temporary hack - currently, all known tokens
8720 * are 64 bits, so I'll cheat for the moment.
8721 */
8722 bcopy(addr, &ill->ill_token.s6_addr32[2], paddrlen);
8723 ill->ill_token_length = paddrlen;
8724 break;
8725 } else if (paddrreq == DL_IPV6_LINK_LAYER_ADDR) {
8726 ASSERT(ill->ill_nd_lla_mp == NULL);
8727 ill_set_ndmp(ill, mp, paddroff, paddrlen);
8728 mp = NULL;
8729 break;
8730 } else if (paddrreq == DL_CURR_DEST_ADDR) {
8731 ASSERT(ill->ill_dest_addr_mp == NULL);
8732 ill->ill_dest_addr_mp = mp;
8733 ill->ill_dest_addr = addr;
8734 mp = NULL;
8735 if (ill->ill_isv6) {
8736 ill_setdesttoken(ill);
8737 ipif_setdestlinklocal(ill->ill_ipif);
8738 }
8739 break;
8740 }
8741
8742 ASSERT(paddrreq == DL_CURR_PHYS_ADDR);
8743 ASSERT(ill->ill_phys_addr_mp == NULL);
8744 if (!ill->ill_ifname_pending)
8745 break;
8746 ill->ill_ifname_pending = 0;
8747 if (!ioctl_aborted)
8748 mp1 = ipsq_pending_mp_get(ipsq, &connp);
8749 if (mp1 != NULL) {
8750 ASSERT(connp == NULL);
8751 q = ill->ill_wq;
8752 }
8753 /*
8754 * If any error acks received during the plumbing sequence,
8755 * ill_ifname_pending_err will be set. Break out and send up
8756 * the error to the pending ioctl.
8757 */
8758 if (ill->ill_ifname_pending_err != 0) {
8759 err = ill->ill_ifname_pending_err;
8760 ill->ill_ifname_pending_err = 0;
8761 break;
8762 }
8763
8764 ill->ill_phys_addr_mp = mp;
8765 ill->ill_phys_addr = (paddrlen == 0 ? NULL : addr);
8766 mp = NULL;
8767
8768 /*
8769 * If paddrlen or ill_phys_addr_length is zero, the DLPI
8770 * provider doesn't support physical addresses. We check both
8771 * paddrlen and ill_phys_addr_length because sppp (PPP) does
8772 * not have physical addresses, but historically adversises a
8773 * physical address length of 0 in its DL_INFO_ACK, but 6 in
8774 * its DL_PHYS_ADDR_ACK.
8775 */
8776 if (paddrlen == 0 || ill->ill_phys_addr_length == 0) {
8777 ill->ill_phys_addr = NULL;
8778 } else if (paddrlen != ill->ill_phys_addr_length) {
8779 ip0dbg(("DL_PHYS_ADDR_ACK: got addrlen %d, expected %d",
8780 paddrlen, ill->ill_phys_addr_length));
8781 err = EINVAL;
8782 break;
8783 }
8784
8785 if (ill->ill_nd_lla_mp == NULL) {
8786 if ((mp_hw = copyb(ill->ill_phys_addr_mp)) == NULL) {
8787 err = ENOMEM;
8788 break;
8789 }
8790 ill_set_ndmp(ill, mp_hw, paddroff, paddrlen);
8791 }
8792
8793 if (ill->ill_isv6) {
8794 ill_setdefaulttoken(ill);
8795 ipif_setlinklocal(ill->ill_ipif);
8796 }
8797 break;
8798 }
8799 case DL_OK_ACK:
8800 ip2dbg(("DL_OK_ACK %s (0x%x)\n",
8801 dl_primstr((int)dloa->dl_correct_primitive),
8802 dloa->dl_correct_primitive));
8803 DTRACE_PROBE3(ill__dlpi, char *, "ip_rput_dlpi_writer ok",
8804 char *, dl_primstr(dloa->dl_correct_primitive),
8805 ill_t *, ill);
8806
8807 switch (dloa->dl_correct_primitive) {
8808 case DL_ENABMULTI_REQ:
8809 case DL_DISABMULTI_REQ:
8810 ill_dlpi_done(ill, dloa->dl_correct_primitive);
8811 break;
8812 case DL_PROMISCON_REQ:
8813 case DL_PROMISCOFF_REQ:
8814 case DL_UNBIND_REQ:
8815 case DL_ATTACH_REQ:
8816 ill_dlpi_done(ill, dloa->dl_correct_primitive);
8817 break;
8818 }
8819 break;
8820 default:
8821 break;
8822 }
8823
8824 freemsg(mp);
8825 if (mp1 == NULL)
8826 return;
8827
8828 /*
8829 * The operation must complete without EINPROGRESS since
8830 * ipsq_pending_mp_get() has removed the mblk (mp1). Otherwise,
8831 * the operation will be stuck forever inside the IPSQ.
8832 */
8833 ASSERT(err != EINPROGRESS);
8834
8835 DTRACE_PROBE4(ipif__ioctl, char *, "ip_rput_dlpi_writer finish",
8836 int, ipsq->ipsq_xop->ipx_current_ioctl, ill_t *, ill,
8837 ipif_t *, NULL);
8838
8839 switch (ipsq->ipsq_xop->ipx_current_ioctl) {
8840 case 0:
8841 ipsq_current_finish(ipsq);
8842 break;
8843
8844 case SIOCSLIFNAME:
8845 case IF_UNITSEL: {
8846 ill_t *ill_other = ILL_OTHER(ill);
8847
8848 /*
8849 * If SIOCSLIFNAME or IF_UNITSEL is about to succeed, and the
8850 * ill has a peer which is in an IPMP group, then place ill
8851 * into the same group. One catch: although ifconfig plumbs
8852 * the appropriate IPMP meta-interface prior to plumbing this
8853 * ill, it is possible for multiple ifconfig applications to
8854 * race (or for another application to adjust plumbing), in
8855 * which case the IPMP meta-interface we need will be missing.
8856 * If so, kick the phyint out of the group.
8857 */
8858 if (err == 0 && ill_other != NULL && IS_UNDER_IPMP(ill_other)) {
8859 ipmp_grp_t *grp = ill->ill_phyint->phyint_grp;
8860 ipmp_illgrp_t *illg;
8861
8862 illg = ill->ill_isv6 ? grp->gr_v6 : grp->gr_v4;
8863 if (illg == NULL)
8864 ipmp_phyint_leave_grp(ill->ill_phyint);
8865 else
8866 ipmp_ill_join_illgrp(ill, illg);
8867 }
8868
8869 if (ipsq->ipsq_xop->ipx_current_ioctl == IF_UNITSEL)
8870 ip_ioctl_finish(q, mp1, err, NO_COPYOUT, ipsq);
8871 else
8872 ip_ioctl_finish(q, mp1, err, COPYOUT, ipsq);
8873 break;
8874 }
8875 case SIOCLIFADDIF:
8876 ip_ioctl_finish(q, mp1, err, COPYOUT, ipsq);
8877 break;
8878
8879 default:
8880 ip_ioctl_finish(q, mp1, err, NO_COPYOUT, ipsq);
8881 break;
8882 }
8883 }
8884
8885 /*
8886 * ip_rput_other is called by ip_rput to handle messages modifying the global
8887 * state in IP. If 'ipsq' is non-NULL, caller is writer on it.
8888 */
8889 /* ARGSUSED */
8890 void
8891 ip_rput_other(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *dummy_arg)
8892 {
8893 ill_t *ill = q->q_ptr;
8894 struct iocblk *iocp;
8895
8896 ip1dbg(("ip_rput_other "));
8897 if (ipsq != NULL) {
8898 ASSERT(IAM_WRITER_IPSQ(ipsq));
8899 ASSERT(ipsq->ipsq_xop ==
8900 ill->ill_phyint->phyint_ipsq->ipsq_xop);
8901 }
8902
8903 switch (mp->b_datap->db_type) {
8904 case M_ERROR:
8905 case M_HANGUP:
8906 /*
8907 * The device has a problem. We force the ILL down. It can
8908 * be brought up again manually using SIOCSIFFLAGS (via
8909 * ifconfig or equivalent).
8910 */
8911 ASSERT(ipsq != NULL);
8912 if (mp->b_rptr < mp->b_wptr)
8913 ill->ill_error = (int)(*mp->b_rptr & 0xFF);
8914 if (ill->ill_error == 0)
8915 ill->ill_error = ENXIO;
8916 if (!ill_down_start(q, mp))
8917 return;
8918 ipif_all_down_tail(ipsq, q, mp, NULL);
8919 break;
8920 case M_IOCNAK: {
8921 iocp = (struct iocblk *)mp->b_rptr;
8922
8923 ASSERT(iocp->ioc_cmd == DL_IOC_HDR_INFO);
8924 /*
8925 * If this was the first attempt, turn off the fastpath
8926 * probing.
8927 */
8928 mutex_enter(&ill->ill_lock);
8929 if (ill->ill_dlpi_fastpath_state == IDS_INPROGRESS) {
8930 ill->ill_dlpi_fastpath_state = IDS_FAILED;
8931 mutex_exit(&ill->ill_lock);
8932 /*
8933 * don't flush the nce_t entries: we use them
8934 * as an index to the ncec itself.
8935 */
8936 ip1dbg(("ip_rput: DLPI fastpath off on interface %s\n",
8937 ill->ill_name));
8938 } else {
8939 mutex_exit(&ill->ill_lock);
8940 }
8941 freemsg(mp);
8942 break;
8943 }
8944 default:
8945 ASSERT(0);
8946 break;
8947 }
8948 }
8949
8950 /*
8951 * Update any source route, record route or timestamp options
8952 * When it fails it has consumed the message and BUMPed the MIB.
8953 */
8954 boolean_t
8955 ip_forward_options(mblk_t *mp, ipha_t *ipha, ill_t *dst_ill,
8956 ip_recv_attr_t *ira)
8957 {
8958 ipoptp_t opts;
8959 uchar_t *opt;
8960 uint8_t optval;
8961 uint8_t optlen;
8962 ipaddr_t dst;
8963 ipaddr_t ifaddr;
8964 uint32_t ts;
8965 timestruc_t now;
8966 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
8967
8968 ip2dbg(("ip_forward_options\n"));
8969 dst = ipha->ipha_dst;
8970 for (optval = ipoptp_first(&opts, ipha);
8971 optval != IPOPT_EOL;
8972 optval = ipoptp_next(&opts)) {
8973 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0);
8974 opt = opts.ipoptp_cur;
8975 optlen = opts.ipoptp_len;
8976 ip2dbg(("ip_forward_options: opt %d, len %d\n",
8977 optval, opts.ipoptp_len));
8978 switch (optval) {
8979 uint32_t off;
8980 case IPOPT_SSRR:
8981 case IPOPT_LSRR:
8982 /* Check if adminstratively disabled */
8983 if (!ipst->ips_ip_forward_src_routed) {
8984 BUMP_MIB(dst_ill->ill_ip_mib,
8985 ipIfStatsForwProhibits);
8986 ip_drop_input("ICMP_SOURCE_ROUTE_FAILED",
8987 mp, dst_ill);
8988 icmp_unreachable(mp, ICMP_SOURCE_ROUTE_FAILED,
8989 ira);
8990 return (B_FALSE);
8991 }
8992 if (ip_type_v4(dst, ipst) != IRE_LOCAL) {
8993 /*
8994 * Must be partial since ip_input_options
8995 * checked for strict.
8996 */
8997 break;
8998 }
8999 off = opt[IPOPT_OFFSET];
9000 off--;
9001 redo_srr:
9002 if (optlen < IP_ADDR_LEN ||
9003 off > optlen - IP_ADDR_LEN) {
9004 /* End of source route */
9005 ip1dbg((
9006 "ip_forward_options: end of SR\n"));
9007 break;
9008 }
9009 /* Pick a reasonable address on the outbound if */
9010 ASSERT(dst_ill != NULL);
9011 if (ip_select_source_v4(dst_ill, INADDR_ANY, dst,
9012 INADDR_ANY, ALL_ZONES, ipst, &ifaddr, NULL,
9013 NULL) != 0) {
9014 /* No source! Shouldn't happen */
9015 ifaddr = INADDR_ANY;
9016 }
9017 bcopy((char *)opt + off, &dst, IP_ADDR_LEN);
9018 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN);
9019 ip1dbg(("ip_forward_options: next hop 0x%x\n",
9020 ntohl(dst)));
9021
9022 /*
9023 * Check if our address is present more than
9024 * once as consecutive hops in source route.
9025 */
9026 if (ip_type_v4(dst, ipst) == IRE_LOCAL) {
9027 off += IP_ADDR_LEN;
9028 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
9029 goto redo_srr;
9030 }
9031 ipha->ipha_dst = dst;
9032 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
9033 break;
9034 case IPOPT_RR:
9035 off = opt[IPOPT_OFFSET];
9036 off--;
9037 if (optlen < IP_ADDR_LEN ||
9038 off > optlen - IP_ADDR_LEN) {
9039 /* No more room - ignore */
9040 ip1dbg((
9041 "ip_forward_options: end of RR\n"));
9042 break;
9043 }
9044 /* Pick a reasonable address on the outbound if */
9045 ASSERT(dst_ill != NULL);
9046 if (ip_select_source_v4(dst_ill, INADDR_ANY, dst,
9047 INADDR_ANY, ALL_ZONES, ipst, &ifaddr, NULL,
9048 NULL) != 0) {
9049 /* No source! Shouldn't happen */
9050 ifaddr = INADDR_ANY;
9051 }
9052 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN);
9053 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
9054 break;
9055 case IPOPT_TS:
9056 /* Insert timestamp if there is room */
9057 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
9058 case IPOPT_TS_TSONLY:
9059 off = IPOPT_TS_TIMELEN;
9060 break;
9061 case IPOPT_TS_PRESPEC:
9062 case IPOPT_TS_PRESPEC_RFC791:
9063 /* Verify that the address matched */
9064 off = opt[IPOPT_OFFSET] - 1;
9065 bcopy((char *)opt + off, &dst, IP_ADDR_LEN);
9066 if (ip_type_v4(dst, ipst) != IRE_LOCAL) {
9067 /* Not for us */
9068 break;
9069 }
9070 /* FALLTHRU */
9071 case IPOPT_TS_TSANDADDR:
9072 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN;
9073 break;
9074 default:
9075 /*
9076 * ip_*put_options should have already
9077 * dropped this packet.
9078 */
9079 cmn_err(CE_PANIC, "ip_forward_options: "
9080 "unknown IT - bug in ip_input_options?\n");
9081 return (B_TRUE); /* Keep "lint" happy */
9082 }
9083 if (opt[IPOPT_OFFSET] - 1 + off > optlen) {
9084 /* Increase overflow counter */
9085 off = (opt[IPOPT_POS_OV_FLG] >> 4) + 1;
9086 opt[IPOPT_POS_OV_FLG] =
9087 (uint8_t)((opt[IPOPT_POS_OV_FLG] & 0x0F) |
9088 (off << 4));
9089 break;
9090 }
9091 off = opt[IPOPT_OFFSET] - 1;
9092 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
9093 case IPOPT_TS_PRESPEC:
9094 case IPOPT_TS_PRESPEC_RFC791:
9095 case IPOPT_TS_TSANDADDR:
9096 /* Pick a reasonable addr on the outbound if */
9097 ASSERT(dst_ill != NULL);
9098 if (ip_select_source_v4(dst_ill, INADDR_ANY,
9099 dst, INADDR_ANY, ALL_ZONES, ipst, &ifaddr,
9100 NULL, NULL) != 0) {
9101 /* No source! Shouldn't happen */
9102 ifaddr = INADDR_ANY;
9103 }
9104 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN);
9105 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
9106 /* FALLTHRU */
9107 case IPOPT_TS_TSONLY:
9108 off = opt[IPOPT_OFFSET] - 1;
9109 /* Compute # of milliseconds since midnight */
9110 gethrestime(&now);
9111 ts = (now.tv_sec % (24 * 60 * 60)) * 1000 +
9112 now.tv_nsec / (NANOSEC / MILLISEC);
9113 bcopy(&ts, (char *)opt + off, IPOPT_TS_TIMELEN);
9114 opt[IPOPT_OFFSET] += IPOPT_TS_TIMELEN;
9115 break;
9116 }
9117 break;
9118 }
9119 }
9120 return (B_TRUE);
9121 }
9122
9123 /*
9124 * Call ill_frag_timeout to do garbage collection. ill_frag_timeout
9125 * returns 'true' if there are still fragments left on the queue, in
9126 * which case we restart the timer.
9127 */
9128 void
9129 ill_frag_timer(void *arg)
9130 {
9131 ill_t *ill = (ill_t *)arg;
9132 boolean_t frag_pending;
9133 ip_stack_t *ipst = ill->ill_ipst;
9134 time_t timeout;
9135
9136 mutex_enter(&ill->ill_lock);
9137 ASSERT(!ill->ill_fragtimer_executing);
9138 if (ill->ill_state_flags & ILL_CONDEMNED) {
9139 ill->ill_frag_timer_id = 0;
9140 mutex_exit(&ill->ill_lock);
9141 return;
9142 }
9143 ill->ill_fragtimer_executing = 1;
9144 mutex_exit(&ill->ill_lock);
9145
9146 timeout = (ill->ill_isv6 ? ipst->ips_ipv6_reassembly_timeout :
9147 ipst->ips_ip_reassembly_timeout);
9148
9149 frag_pending = ill_frag_timeout(ill, timeout);
9150
9151 /*
9152 * Restart the timer, if we have fragments pending or if someone
9153 * wanted us to be scheduled again.
9154 */
9155 mutex_enter(&ill->ill_lock);
9156 ill->ill_fragtimer_executing = 0;
9157 ill->ill_frag_timer_id = 0;
9158 if (frag_pending || ill->ill_fragtimer_needrestart)
9159 ill_frag_timer_start(ill);
9160 mutex_exit(&ill->ill_lock);
9161 }
9162
9163 void
9164 ill_frag_timer_start(ill_t *ill)
9165 {
9166 ip_stack_t *ipst = ill->ill_ipst;
9167 clock_t timeo_ms;
9168
9169 ASSERT(MUTEX_HELD(&ill->ill_lock));
9170
9171 /* If the ill is closing or opening don't proceed */
9172 if (ill->ill_state_flags & ILL_CONDEMNED)
9173 return;
9174
9175 if (ill->ill_fragtimer_executing) {
9176 /*
9177 * ill_frag_timer is currently executing. Just record the
9178 * the fact that we want the timer to be restarted.
9179 * ill_frag_timer will post a timeout before it returns,
9180 * ensuring it will be called again.
9181 */
9182 ill->ill_fragtimer_needrestart = 1;
9183 return;
9184 }
9185
9186 if (ill->ill_frag_timer_id == 0) {
9187 timeo_ms = (ill->ill_isv6 ? ipst->ips_ipv6_reassembly_timeout :
9188 ipst->ips_ip_reassembly_timeout) * SECONDS;
9189
9190 /*
9191 * The timer is neither running nor is the timeout handler
9192 * executing. Post a timeout so that ill_frag_timer will be
9193 * called
9194 */
9195 ill->ill_frag_timer_id = timeout(ill_frag_timer, ill,
9196 MSEC_TO_TICK(timeo_ms >> 1));
9197 ill->ill_fragtimer_needrestart = 0;
9198 }
9199 }
9200
9201 /*
9202 * Update any source route, record route or timestamp options.
9203 * Check that we are at end of strict source route.
9204 * The options have already been checked for sanity in ip_input_options().
9205 */
9206 boolean_t
9207 ip_input_local_options(mblk_t *mp, ipha_t *ipha, ip_recv_attr_t *ira)
9208 {
9209 ipoptp_t opts;
9210 uchar_t *opt;
9211 uint8_t optval;
9212 uint8_t optlen;
9213 ipaddr_t dst;
9214 ipaddr_t ifaddr;
9215 uint32_t ts;
9216 timestruc_t now;
9217 ill_t *ill = ira->ira_ill;
9218 ip_stack_t *ipst = ill->ill_ipst;
9219
9220 ip2dbg(("ip_input_local_options\n"));
9221
9222 for (optval = ipoptp_first(&opts, ipha);
9223 optval != IPOPT_EOL;
9224 optval = ipoptp_next(&opts)) {
9225 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0);
9226 opt = opts.ipoptp_cur;
9227 optlen = opts.ipoptp_len;
9228 ip2dbg(("ip_input_local_options: opt %d, len %d\n",
9229 optval, optlen));
9230 switch (optval) {
9231 uint32_t off;
9232 case IPOPT_SSRR:
9233 case IPOPT_LSRR:
9234 off = opt[IPOPT_OFFSET];
9235 off--;
9236 if (optlen < IP_ADDR_LEN ||
9237 off > optlen - IP_ADDR_LEN) {
9238 /* End of source route */
9239 ip1dbg(("ip_input_local_options: end of SR\n"));
9240 break;
9241 }
9242 /*
9243 * This will only happen if two consecutive entries
9244 * in the source route contains our address or if
9245 * it is a packet with a loose source route which
9246 * reaches us before consuming the whole source route
9247 */
9248 ip1dbg(("ip_input_local_options: not end of SR\n"));
9249 if (optval == IPOPT_SSRR) {
9250 goto bad_src_route;
9251 }
9252 /*
9253 * Hack: instead of dropping the packet truncate the
9254 * source route to what has been used by filling the
9255 * rest with IPOPT_NOP.
9256 */
9257 opt[IPOPT_OLEN] = (uint8_t)off;
9258 while (off < optlen) {
9259 opt[off++] = IPOPT_NOP;
9260 }
9261 break;
9262 case IPOPT_RR:
9263 off = opt[IPOPT_OFFSET];
9264 off--;
9265 if (optlen < IP_ADDR_LEN ||
9266 off > optlen - IP_ADDR_LEN) {
9267 /* No more room - ignore */
9268 ip1dbg((
9269 "ip_input_local_options: end of RR\n"));
9270 break;
9271 }
9272 /* Pick a reasonable address on the outbound if */
9273 if (ip_select_source_v4(ill, INADDR_ANY, ipha->ipha_dst,
9274 INADDR_ANY, ALL_ZONES, ipst, &ifaddr, NULL,
9275 NULL) != 0) {
9276 /* No source! Shouldn't happen */
9277 ifaddr = INADDR_ANY;
9278 }
9279 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN);
9280 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
9281 break;
9282 case IPOPT_TS:
9283 /* Insert timestamp if there is romm */
9284 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
9285 case IPOPT_TS_TSONLY:
9286 off = IPOPT_TS_TIMELEN;
9287 break;
9288 case IPOPT_TS_PRESPEC:
9289 case IPOPT_TS_PRESPEC_RFC791:
9290 /* Verify that the address matched */
9291 off = opt[IPOPT_OFFSET] - 1;
9292 bcopy((char *)opt + off, &dst, IP_ADDR_LEN);
9293 if (ip_type_v4(dst, ipst) != IRE_LOCAL) {
9294 /* Not for us */
9295 break;
9296 }
9297 /* FALLTHRU */
9298 case IPOPT_TS_TSANDADDR:
9299 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN;
9300 break;
9301 default:
9302 /*
9303 * ip_*put_options should have already
9304 * dropped this packet.
9305 */
9306 cmn_err(CE_PANIC, "ip_input_local_options: "
9307 "unknown IT - bug in ip_input_options?\n");
9308 return (B_TRUE); /* Keep "lint" happy */
9309 }
9310 if (opt[IPOPT_OFFSET] - 1 + off > optlen) {
9311 /* Increase overflow counter */
9312 off = (opt[IPOPT_POS_OV_FLG] >> 4) + 1;
9313 opt[IPOPT_POS_OV_FLG] =
9314 (uint8_t)((opt[IPOPT_POS_OV_FLG] & 0x0F) |
9315 (off << 4));
9316 break;
9317 }
9318 off = opt[IPOPT_OFFSET] - 1;
9319 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
9320 case IPOPT_TS_PRESPEC:
9321 case IPOPT_TS_PRESPEC_RFC791:
9322 case IPOPT_TS_TSANDADDR:
9323 /* Pick a reasonable addr on the outbound if */
9324 if (ip_select_source_v4(ill, INADDR_ANY,
9325 ipha->ipha_dst, INADDR_ANY, ALL_ZONES, ipst,
9326 &ifaddr, NULL, NULL) != 0) {
9327 /* No source! Shouldn't happen */
9328 ifaddr = INADDR_ANY;
9329 }
9330 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN);
9331 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
9332 /* FALLTHRU */
9333 case IPOPT_TS_TSONLY:
9334 off = opt[IPOPT_OFFSET] - 1;
9335 /* Compute # of milliseconds since midnight */
9336 gethrestime(&now);
9337 ts = (now.tv_sec % (24 * 60 * 60)) * 1000 +
9338 now.tv_nsec / (NANOSEC / MILLISEC);
9339 bcopy(&ts, (char *)opt + off, IPOPT_TS_TIMELEN);
9340 opt[IPOPT_OFFSET] += IPOPT_TS_TIMELEN;
9341 break;
9342 }
9343 break;
9344 }
9345 }
9346 return (B_TRUE);
9347
9348 bad_src_route:
9349 /* make sure we clear any indication of a hardware checksum */
9350 DB_CKSUMFLAGS(mp) = 0;
9351 ip_drop_input("ICMP_SOURCE_ROUTE_FAILED", mp, ill);
9352 icmp_unreachable(mp, ICMP_SOURCE_ROUTE_FAILED, ira);
9353 return (B_FALSE);
9354
9355 }
9356
9357 /*
9358 * Process IP options in an inbound packet. Always returns the nexthop.
9359 * Normally this is the passed in nexthop, but if there is an option
9360 * that effects the nexthop (such as a source route) that will be returned.
9361 * Sets *errorp if there is an error, in which case an ICMP error has been sent
9362 * and mp freed.
9363 */
9364 ipaddr_t
9365 ip_input_options(ipha_t *ipha, ipaddr_t dst, mblk_t *mp,
9366 ip_recv_attr_t *ira, int *errorp)
9367 {
9368 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
9369 ipoptp_t opts;
9370 uchar_t *opt;
9371 uint8_t optval;
9372 uint8_t optlen;
9373 intptr_t code = 0;
9374 ire_t *ire;
9375
9376 ip2dbg(("ip_input_options\n"));
9377 *errorp = 0;
9378 for (optval = ipoptp_first(&opts, ipha);
9379 optval != IPOPT_EOL;
9380 optval = ipoptp_next(&opts)) {
9381 opt = opts.ipoptp_cur;
9382 optlen = opts.ipoptp_len;
9383 ip2dbg(("ip_input_options: opt %d, len %d\n",
9384 optval, optlen));
9385 /*
9386 * Note: we need to verify the checksum before we
9387 * modify anything thus this routine only extracts the next
9388 * hop dst from any source route.
9389 */
9390 switch (optval) {
9391 uint32_t off;
9392 case IPOPT_SSRR:
9393 case IPOPT_LSRR:
9394 if (ip_type_v4(dst, ipst) != IRE_LOCAL) {
9395 if (optval == IPOPT_SSRR) {
9396 ip1dbg(("ip_input_options: not next"
9397 " strict source route 0x%x\n",
9398 ntohl(dst)));
9399 code = (char *)&ipha->ipha_dst -
9400 (char *)ipha;
9401 goto param_prob; /* RouterReq's */
9402 }
9403 ip2dbg(("ip_input_options: "
9404 "not next source route 0x%x\n",
9405 ntohl(dst)));
9406 break;
9407 }
9408
9409 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
9410 ip1dbg((
9411 "ip_input_options: bad option offset\n"));
9412 code = (char *)&opt[IPOPT_OLEN] -
9413 (char *)ipha;
9414 goto param_prob;
9415 }
9416 off = opt[IPOPT_OFFSET];
9417 off--;
9418 redo_srr:
9419 if (optlen < IP_ADDR_LEN ||
9420 off > optlen - IP_ADDR_LEN) {
9421 /* End of source route */
9422 ip1dbg(("ip_input_options: end of SR\n"));
9423 break;
9424 }
9425 bcopy((char *)opt + off, &dst, IP_ADDR_LEN);
9426 ip1dbg(("ip_input_options: next hop 0x%x\n",
9427 ntohl(dst)));
9428
9429 /*
9430 * Check if our address is present more than
9431 * once as consecutive hops in source route.
9432 * XXX verify per-interface ip_forwarding
9433 * for source route?
9434 */
9435 if (ip_type_v4(dst, ipst) == IRE_LOCAL) {
9436 off += IP_ADDR_LEN;
9437 goto redo_srr;
9438 }
9439
9440 if (dst == htonl(INADDR_LOOPBACK)) {
9441 ip1dbg(("ip_input_options: loopback addr in "
9442 "source route!\n"));
9443 goto bad_src_route;
9444 }
9445 /*
9446 * For strict: verify that dst is directly
9447 * reachable.
9448 */
9449 if (optval == IPOPT_SSRR) {
9450 ire = ire_ftable_lookup_v4(dst, 0, 0,
9451 IRE_INTERFACE, NULL, ALL_ZONES,
9452 ira->ira_tsl,
9453 MATCH_IRE_TYPE | MATCH_IRE_SECATTR, 0, ipst,
9454 NULL);
9455 if (ire == NULL) {
9456 ip1dbg(("ip_input_options: SSRR not "
9457 "directly reachable: 0x%x\n",
9458 ntohl(dst)));
9459 goto bad_src_route;
9460 }
9461 ire_refrele(ire);
9462 }
9463 /*
9464 * Defer update of the offset and the record route
9465 * until the packet is forwarded.
9466 */
9467 break;
9468 case IPOPT_RR:
9469 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
9470 ip1dbg((
9471 "ip_input_options: bad option offset\n"));
9472 code = (char *)&opt[IPOPT_OLEN] -
9473 (char *)ipha;
9474 goto param_prob;
9475 }
9476 break;
9477 case IPOPT_TS:
9478 /*
9479 * Verify that length >= 5 and that there is either
9480 * room for another timestamp or that the overflow
9481 * counter is not maxed out.
9482 */
9483 code = (char *)&opt[IPOPT_OLEN] - (char *)ipha;
9484 if (optlen < IPOPT_MINLEN_IT) {
9485 goto param_prob;
9486 }
9487 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
9488 ip1dbg((
9489 "ip_input_options: bad option offset\n"));
9490 code = (char *)&opt[IPOPT_OFFSET] -
9491 (char *)ipha;
9492 goto param_prob;
9493 }
9494 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
9495 case IPOPT_TS_TSONLY:
9496 off = IPOPT_TS_TIMELEN;
9497 break;
9498 case IPOPT_TS_TSANDADDR:
9499 case IPOPT_TS_PRESPEC:
9500 case IPOPT_TS_PRESPEC_RFC791:
9501 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN;
9502 break;
9503 default:
9504 code = (char *)&opt[IPOPT_POS_OV_FLG] -
9505 (char *)ipha;
9506 goto param_prob;
9507 }
9508 if (opt[IPOPT_OFFSET] - 1 + off > optlen &&
9509 (opt[IPOPT_POS_OV_FLG] & 0xF0) == 0xF0) {
9510 /*
9511 * No room and the overflow counter is 15
9512 * already.
9513 */
9514 goto param_prob;
9515 }
9516 break;
9517 }
9518 }
9519
9520 if ((opts.ipoptp_flags & IPOPTP_ERROR) == 0) {
9521 return (dst);
9522 }
9523
9524 ip1dbg(("ip_input_options: error processing IP options."));
9525 code = (char *)&opt[IPOPT_OFFSET] - (char *)ipha;
9526
9527 param_prob:
9528 /* make sure we clear any indication of a hardware checksum */
9529 DB_CKSUMFLAGS(mp) = 0;
9530 ip_drop_input("ICMP_PARAM_PROBLEM", mp, ira->ira_ill);
9531 icmp_param_problem(mp, (uint8_t)code, ira);
9532 *errorp = -1;
9533 return (dst);
9534
9535 bad_src_route:
9536 /* make sure we clear any indication of a hardware checksum */
9537 DB_CKSUMFLAGS(mp) = 0;
9538 ip_drop_input("ICMP_SOURCE_ROUTE_FAILED", mp, ira->ira_ill);
9539 icmp_unreachable(mp, ICMP_SOURCE_ROUTE_FAILED, ira);
9540 *errorp = -1;
9541 return (dst);
9542 }
9543
9544 /*
9545 * IP & ICMP info in >=14 msg's ...
9546 * - ip fixed part (mib2_ip_t)
9547 * - icmp fixed part (mib2_icmp_t)
9548 * - ipAddrEntryTable (ip 20) all IPv4 ipifs
9549 * - ipRouteEntryTable (ip 21) all IPv4 IREs
9550 * - ipNetToMediaEntryTable (ip 22) all IPv4 Neighbor Cache entries
9551 * - ipRouteAttributeTable (ip 102) labeled routes
9552 * - ip multicast membership (ip_member_t)
9553 * - ip multicast source filtering (ip_grpsrc_t)
9554 * - igmp fixed part (struct igmpstat)
9555 * - multicast routing stats (struct mrtstat)
9556 * - multicast routing vifs (array of struct vifctl)
9557 * - multicast routing routes (array of struct mfcctl)
9558 * - ip6 fixed part (mib2_ipv6IfStatsEntry_t)
9559 * One per ill plus one generic
9560 * - icmp6 fixed part (mib2_ipv6IfIcmpEntry_t)
9561 * One per ill plus one generic
9562 * - ipv6RouteEntry all IPv6 IREs
9563 * - ipv6RouteAttributeTable (ip6 102) labeled routes
9564 * - ipv6NetToMediaEntry all IPv6 Neighbor Cache entries
9565 * - ipv6AddrEntry all IPv6 ipifs
9566 * - ipv6 multicast membership (ipv6_member_t)
9567 * - ipv6 multicast source filtering (ipv6_grpsrc_t)
9568 *
9569 * NOTE: original mpctl is copied for msg's 2..N, since its ctl part is
9570 * already filled in by the caller.
9571 * If legacy_req is true then MIB structures needs to be truncated to their
9572 * legacy sizes before being returned.
9573 * Return value of 0 indicates that no messages were sent and caller
9574 * should free mpctl.
9575 */
9576 int
9577 ip_snmp_get(queue_t *q, mblk_t *mpctl, int level, boolean_t legacy_req)
9578 {
9579 ip_stack_t *ipst;
9580 sctp_stack_t *sctps;
9581
9582 if (q->q_next != NULL) {
9583 ipst = ILLQ_TO_IPST(q);
9584 } else {
9585 ipst = CONNQ_TO_IPST(q);
9586 }
9587 ASSERT(ipst != NULL);
9588 sctps = ipst->ips_netstack->netstack_sctp;
9589
9590 if (mpctl == NULL || mpctl->b_cont == NULL) {
9591 return (0);
9592 }
9593
9594 /*
9595 * For the purposes of the (broken) packet shell use
9596 * of the level we make sure MIB2_TCP/MIB2_UDP can be used
9597 * to make TCP and UDP appear first in the list of mib items.
9598 * TBD: We could expand this and use it in netstat so that
9599 * the kernel doesn't have to produce large tables (connections,
9600 * routes, etc) when netstat only wants the statistics or a particular
9601 * table.
9602 */
9603 if (!(level == MIB2_TCP || level == MIB2_UDP)) {
9604 if ((mpctl = icmp_snmp_get(q, mpctl)) == NULL) {
9605 return (1);
9606 }
9607 }
9608
9609 if (level != MIB2_TCP) {
9610 if ((mpctl = udp_snmp_get(q, mpctl, legacy_req)) == NULL) {
9611 return (1);
9612 }
9613 }
9614
9615 if (level != MIB2_UDP) {
9616 if ((mpctl = tcp_snmp_get(q, mpctl, legacy_req)) == NULL) {
9617 return (1);
9618 }
9619 }
9620
9621 if ((mpctl = ip_snmp_get_mib2_ip_traffic_stats(q, mpctl,
9622 ipst, legacy_req)) == NULL) {
9623 return (1);
9624 }
9625
9626 if ((mpctl = ip_snmp_get_mib2_ip6(q, mpctl, ipst,
9627 legacy_req)) == NULL) {
9628 return (1);
9629 }
9630
9631 if ((mpctl = ip_snmp_get_mib2_icmp(q, mpctl, ipst)) == NULL) {
9632 return (1);
9633 }
9634
9635 if ((mpctl = ip_snmp_get_mib2_icmp6(q, mpctl, ipst)) == NULL) {
9636 return (1);
9637 }
9638
9639 if ((mpctl = ip_snmp_get_mib2_igmp(q, mpctl, ipst)) == NULL) {
9640 return (1);
9641 }
9642
9643 if ((mpctl = ip_snmp_get_mib2_multi(q, mpctl, ipst)) == NULL) {
9644 return (1);
9645 }
9646
9647 if ((mpctl = ip_snmp_get_mib2_ip_addr(q, mpctl, ipst,
9648 legacy_req)) == NULL) {
9649 return (1);
9650 }
9651
9652 if ((mpctl = ip_snmp_get_mib2_ip6_addr(q, mpctl, ipst,
9653 legacy_req)) == NULL) {
9654 return (1);
9655 }
9656
9657 if ((mpctl = ip_snmp_get_mib2_ip_group_mem(q, mpctl, ipst)) == NULL) {
9658 return (1);
9659 }
9660
9661 if ((mpctl = ip_snmp_get_mib2_ip6_group_mem(q, mpctl, ipst)) == NULL) {
9662 return (1);
9663 }
9664
9665 if ((mpctl = ip_snmp_get_mib2_ip_group_src(q, mpctl, ipst)) == NULL) {
9666 return (1);
9667 }
9668
9669 if ((mpctl = ip_snmp_get_mib2_ip6_group_src(q, mpctl, ipst)) == NULL) {
9670 return (1);
9671 }
9672
9673 if ((mpctl = ip_snmp_get_mib2_virt_multi(q, mpctl, ipst)) == NULL) {
9674 return (1);
9675 }
9676
9677 if ((mpctl = ip_snmp_get_mib2_multi_rtable(q, mpctl, ipst)) == NULL) {
9678 return (1);
9679 }
9680
9681 mpctl = ip_snmp_get_mib2_ip_route_media(q, mpctl, level, ipst);
9682 if (mpctl == NULL)
9683 return (1);
9684
9685 mpctl = ip_snmp_get_mib2_ip6_route_media(q, mpctl, level, ipst);
9686 if (mpctl == NULL)
9687 return (1);
9688
9689 if ((mpctl = sctp_snmp_get_mib2(q, mpctl, sctps)) == NULL) {
9690 return (1);
9691 }
9692
9693 if ((mpctl = ip_snmp_get_mib2_ip_dce(q, mpctl, ipst)) == NULL) {
9694 return (1);
9695 }
9696
9697 if ((mpctl = dccp_snmp_get(q, mpctl, legacy_req)) == NULL) {
9698 return (1);
9699 }
9700
9701 freemsg(mpctl);
9702 return (1);
9703 }
9704
9705 /* Get global (legacy) IPv4 statistics */
9706 static mblk_t *
9707 ip_snmp_get_mib2_ip(queue_t *q, mblk_t *mpctl, mib2_ipIfStatsEntry_t *ipmib,
9708 ip_stack_t *ipst, boolean_t legacy_req)
9709 {
9710 mib2_ip_t old_ip_mib;
9711 struct opthdr *optp;
9712 mblk_t *mp2ctl;
9713 mib2_ipAddrEntry_t mae;
9714
9715 /*
9716 * make a copy of the original message
9717 */
9718 mp2ctl = copymsg(mpctl);
9719
9720 /* fixed length IP structure... */
9721 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
9722 optp->level = MIB2_IP;
9723 optp->name = 0;
9724 SET_MIB(old_ip_mib.ipForwarding,
9725 (WE_ARE_FORWARDING(ipst) ? 1 : 2));
9726 SET_MIB(old_ip_mib.ipDefaultTTL,
9727 (uint32_t)ipst->ips_ip_def_ttl);
9728 SET_MIB(old_ip_mib.ipReasmTimeout,
9729 ipst->ips_ip_reassembly_timeout);
9730 SET_MIB(old_ip_mib.ipAddrEntrySize,
9731 (legacy_req) ? LEGACY_MIB_SIZE(&mae, mib2_ipAddrEntry_t) :
9732 sizeof (mib2_ipAddrEntry_t));
9733 SET_MIB(old_ip_mib.ipRouteEntrySize,
9734 sizeof (mib2_ipRouteEntry_t));
9735 SET_MIB(old_ip_mib.ipNetToMediaEntrySize,
9736 sizeof (mib2_ipNetToMediaEntry_t));
9737 SET_MIB(old_ip_mib.ipMemberEntrySize, sizeof (ip_member_t));
9738 SET_MIB(old_ip_mib.ipGroupSourceEntrySize, sizeof (ip_grpsrc_t));
9739 SET_MIB(old_ip_mib.ipRouteAttributeSize,
9740 sizeof (mib2_ipAttributeEntry_t));
9741 SET_MIB(old_ip_mib.transportMLPSize, sizeof (mib2_transportMLPEntry_t));
9742 SET_MIB(old_ip_mib.ipDestEntrySize, sizeof (dest_cache_entry_t));
9743
9744 /*
9745 * Grab the statistics from the new IP MIB
9746 */
9747 SET_MIB(old_ip_mib.ipInReceives,
9748 (uint32_t)ipmib->ipIfStatsHCInReceives);
9749 SET_MIB(old_ip_mib.ipInHdrErrors, ipmib->ipIfStatsInHdrErrors);
9750 SET_MIB(old_ip_mib.ipInAddrErrors, ipmib->ipIfStatsInAddrErrors);
9751 SET_MIB(old_ip_mib.ipForwDatagrams,
9752 (uint32_t)ipmib->ipIfStatsHCOutForwDatagrams);
9753 SET_MIB(old_ip_mib.ipInUnknownProtos,
9754 ipmib->ipIfStatsInUnknownProtos);
9755 SET_MIB(old_ip_mib.ipInDiscards, ipmib->ipIfStatsInDiscards);
9756 SET_MIB(old_ip_mib.ipInDelivers,
9757 (uint32_t)ipmib->ipIfStatsHCInDelivers);
9758 SET_MIB(old_ip_mib.ipOutRequests,
9759 (uint32_t)ipmib->ipIfStatsHCOutRequests);
9760 SET_MIB(old_ip_mib.ipOutDiscards, ipmib->ipIfStatsOutDiscards);
9761 SET_MIB(old_ip_mib.ipOutNoRoutes, ipmib->ipIfStatsOutNoRoutes);
9762 SET_MIB(old_ip_mib.ipReasmReqds, ipmib->ipIfStatsReasmReqds);
9763 SET_MIB(old_ip_mib.ipReasmOKs, ipmib->ipIfStatsReasmOKs);
9764 SET_MIB(old_ip_mib.ipReasmFails, ipmib->ipIfStatsReasmFails);
9765 SET_MIB(old_ip_mib.ipFragOKs, ipmib->ipIfStatsOutFragOKs);
9766 SET_MIB(old_ip_mib.ipFragFails, ipmib->ipIfStatsOutFragFails);
9767 SET_MIB(old_ip_mib.ipFragCreates, ipmib->ipIfStatsOutFragCreates);
9768
9769 /* ipRoutingDiscards is not being used */
9770 SET_MIB(old_ip_mib.ipRoutingDiscards, 0);
9771 SET_MIB(old_ip_mib.tcpInErrs, ipmib->tcpIfStatsInErrs);
9772 SET_MIB(old_ip_mib.udpNoPorts, ipmib->udpIfStatsNoPorts);
9773 SET_MIB(old_ip_mib.ipInCksumErrs, ipmib->ipIfStatsInCksumErrs);
9774 SET_MIB(old_ip_mib.ipReasmDuplicates,
9775 ipmib->ipIfStatsReasmDuplicates);
9776 SET_MIB(old_ip_mib.ipReasmPartDups, ipmib->ipIfStatsReasmPartDups);
9777 SET_MIB(old_ip_mib.ipForwProhibits, ipmib->ipIfStatsForwProhibits);
9778 SET_MIB(old_ip_mib.udpInCksumErrs, ipmib->udpIfStatsInCksumErrs);
9779 SET_MIB(old_ip_mib.udpInOverflows, ipmib->udpIfStatsInOverflows);
9780 SET_MIB(old_ip_mib.rawipInOverflows,
9781 ipmib->rawipIfStatsInOverflows);
9782
9783 SET_MIB(old_ip_mib.ipsecInSucceeded, ipmib->ipsecIfStatsInSucceeded);
9784 SET_MIB(old_ip_mib.ipsecInFailed, ipmib->ipsecIfStatsInFailed);
9785 SET_MIB(old_ip_mib.ipInIPv6, ipmib->ipIfStatsInWrongIPVersion);
9786 SET_MIB(old_ip_mib.ipOutIPv6, ipmib->ipIfStatsOutWrongIPVersion);
9787 SET_MIB(old_ip_mib.ipOutSwitchIPv6,
9788 ipmib->ipIfStatsOutSwitchIPVersion);
9789
9790 if (!snmp_append_data(mpctl->b_cont, (char *)&old_ip_mib,
9791 (int)sizeof (old_ip_mib))) {
9792 ip1dbg(("ip_snmp_get_mib2_ip: failed to allocate %u bytes\n",
9793 (uint_t)sizeof (old_ip_mib)));
9794 }
9795
9796 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
9797 ip3dbg(("ip_snmp_get_mib2_ip: level %d, name %d, len %d\n",
9798 (int)optp->level, (int)optp->name, (int)optp->len));
9799 qreply(q, mpctl);
9800 return (mp2ctl);
9801 }
9802
9803 /* Per interface IPv4 statistics */
9804 static mblk_t *
9805 ip_snmp_get_mib2_ip_traffic_stats(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst,
9806 boolean_t legacy_req)
9807 {
9808 struct opthdr *optp;
9809 mblk_t *mp2ctl;
9810 ill_t *ill;
9811 ill_walk_context_t ctx;
9812 mblk_t *mp_tail = NULL;
9813 mib2_ipIfStatsEntry_t global_ip_mib;
9814 mib2_ipAddrEntry_t mae;
9815
9816 /*
9817 * Make a copy of the original message
9818 */
9819 mp2ctl = copymsg(mpctl);
9820
9821 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
9822 optp->level = MIB2_IP;
9823 optp->name = MIB2_IP_TRAFFIC_STATS;
9824 /* Include "unknown interface" ip_mib */
9825 ipst->ips_ip_mib.ipIfStatsIPVersion = MIB2_INETADDRESSTYPE_ipv4;
9826 ipst->ips_ip_mib.ipIfStatsIfIndex =
9827 MIB2_UNKNOWN_INTERFACE; /* Flag to netstat */
9828 SET_MIB(ipst->ips_ip_mib.ipIfStatsForwarding,
9829 (ipst->ips_ip_forwarding ? 1 : 2));
9830 SET_MIB(ipst->ips_ip_mib.ipIfStatsDefaultTTL,
9831 (uint32_t)ipst->ips_ip_def_ttl);
9832 SET_MIB(ipst->ips_ip_mib.ipIfStatsEntrySize,
9833 sizeof (mib2_ipIfStatsEntry_t));
9834 SET_MIB(ipst->ips_ip_mib.ipIfStatsAddrEntrySize,
9835 sizeof (mib2_ipAddrEntry_t));
9836 SET_MIB(ipst->ips_ip_mib.ipIfStatsRouteEntrySize,
9837 sizeof (mib2_ipRouteEntry_t));
9838 SET_MIB(ipst->ips_ip_mib.ipIfStatsNetToMediaEntrySize,
9839 sizeof (mib2_ipNetToMediaEntry_t));
9840 SET_MIB(ipst->ips_ip_mib.ipIfStatsMemberEntrySize,
9841 sizeof (ip_member_t));
9842 SET_MIB(ipst->ips_ip_mib.ipIfStatsGroupSourceEntrySize,
9843 sizeof (ip_grpsrc_t));
9844
9845 bcopy(&ipst->ips_ip_mib, &global_ip_mib, sizeof (global_ip_mib));
9846
9847 if (legacy_req) {
9848 SET_MIB(global_ip_mib.ipIfStatsAddrEntrySize,
9849 LEGACY_MIB_SIZE(&mae, mib2_ipAddrEntry_t));
9850 }
9851
9852 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
9853 (char *)&global_ip_mib, (int)sizeof (global_ip_mib))) {
9854 ip1dbg(("ip_snmp_get_mib2_ip_traffic_stats: "
9855 "failed to allocate %u bytes\n",
9856 (uint_t)sizeof (global_ip_mib)));
9857 }
9858
9859 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
9860 ill = ILL_START_WALK_V4(&ctx, ipst);
9861 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
9862 ill->ill_ip_mib->ipIfStatsIfIndex =
9863 ill->ill_phyint->phyint_ifindex;
9864 SET_MIB(ill->ill_ip_mib->ipIfStatsForwarding,
9865 (ipst->ips_ip_forwarding ? 1 : 2));
9866 SET_MIB(ill->ill_ip_mib->ipIfStatsDefaultTTL,
9867 (uint32_t)ipst->ips_ip_def_ttl);
9868
9869 ip_mib2_add_ip_stats(&global_ip_mib, ill->ill_ip_mib);
9870 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
9871 (char *)ill->ill_ip_mib,
9872 (int)sizeof (*ill->ill_ip_mib))) {
9873 ip1dbg(("ip_snmp_get_mib2_ip_traffic_stats: "
9874 "failed to allocate %u bytes\n",
9875 (uint_t)sizeof (*ill->ill_ip_mib)));
9876 }
9877 }
9878 rw_exit(&ipst->ips_ill_g_lock);
9879
9880 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
9881 ip3dbg(("ip_snmp_get_mib2_ip_traffic_stats: "
9882 "level %d, name %d, len %d\n",
9883 (int)optp->level, (int)optp->name, (int)optp->len));
9884 qreply(q, mpctl);
9885
9886 if (mp2ctl == NULL)
9887 return (NULL);
9888
9889 return (ip_snmp_get_mib2_ip(q, mp2ctl, &global_ip_mib, ipst,
9890 legacy_req));
9891 }
9892
9893 /* Global IPv4 ICMP statistics */
9894 static mblk_t *
9895 ip_snmp_get_mib2_icmp(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
9896 {
9897 struct opthdr *optp;
9898 mblk_t *mp2ctl;
9899
9900 /*
9901 * Make a copy of the original message
9902 */
9903 mp2ctl = copymsg(mpctl);
9904
9905 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
9906 optp->level = MIB2_ICMP;
9907 optp->name = 0;
9908 if (!snmp_append_data(mpctl->b_cont, (char *)&ipst->ips_icmp_mib,
9909 (int)sizeof (ipst->ips_icmp_mib))) {
9910 ip1dbg(("ip_snmp_get_mib2_icmp: failed to allocate %u bytes\n",
9911 (uint_t)sizeof (ipst->ips_icmp_mib)));
9912 }
9913 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
9914 ip3dbg(("ip_snmp_get_mib2_icmp: level %d, name %d, len %d\n",
9915 (int)optp->level, (int)optp->name, (int)optp->len));
9916 qreply(q, mpctl);
9917 return (mp2ctl);
9918 }
9919
9920 /* Global IPv4 IGMP statistics */
9921 static mblk_t *
9922 ip_snmp_get_mib2_igmp(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
9923 {
9924 struct opthdr *optp;
9925 mblk_t *mp2ctl;
9926
9927 /*
9928 * make a copy of the original message
9929 */
9930 mp2ctl = copymsg(mpctl);
9931
9932 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
9933 optp->level = EXPER_IGMP;
9934 optp->name = 0;
9935 if (!snmp_append_data(mpctl->b_cont, (char *)&ipst->ips_igmpstat,
9936 (int)sizeof (ipst->ips_igmpstat))) {
9937 ip1dbg(("ip_snmp_get_mib2_igmp: failed to allocate %u bytes\n",
9938 (uint_t)sizeof (ipst->ips_igmpstat)));
9939 }
9940 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
9941 ip3dbg(("ip_snmp_get_mib2_igmp: level %d, name %d, len %d\n",
9942 (int)optp->level, (int)optp->name, (int)optp->len));
9943 qreply(q, mpctl);
9944 return (mp2ctl);
9945 }
9946
9947 /* Global IPv4 Multicast Routing statistics */
9948 static mblk_t *
9949 ip_snmp_get_mib2_multi(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
9950 {
9951 struct opthdr *optp;
9952 mblk_t *mp2ctl;
9953
9954 /*
9955 * make a copy of the original message
9956 */
9957 mp2ctl = copymsg(mpctl);
9958
9959 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
9960 optp->level = EXPER_DVMRP;
9961 optp->name = 0;
9962 if (!ip_mroute_stats(mpctl->b_cont, ipst)) {
9963 ip0dbg(("ip_mroute_stats: failed\n"));
9964 }
9965 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
9966 ip3dbg(("ip_snmp_get_mib2_multi: level %d, name %d, len %d\n",
9967 (int)optp->level, (int)optp->name, (int)optp->len));
9968 qreply(q, mpctl);
9969 return (mp2ctl);
9970 }
9971
9972 /* IPv4 address information */
9973 static mblk_t *
9974 ip_snmp_get_mib2_ip_addr(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst,
9975 boolean_t legacy_req)
9976 {
9977 struct opthdr *optp;
9978 mblk_t *mp2ctl;
9979 mblk_t *mp_tail = NULL;
9980 ill_t *ill;
9981 ipif_t *ipif;
9982 uint_t bitval;
9983 mib2_ipAddrEntry_t mae;
9984 size_t mae_size;
9985 zoneid_t zoneid;
9986 ill_walk_context_t ctx;
9987
9988 /*
9989 * make a copy of the original message
9990 */
9991 mp2ctl = copymsg(mpctl);
9992
9993 mae_size = (legacy_req) ? LEGACY_MIB_SIZE(&mae, mib2_ipAddrEntry_t) :
9994 sizeof (mib2_ipAddrEntry_t);
9995
9996 /* ipAddrEntryTable */
9997
9998 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
9999 optp->level = MIB2_IP;
10000 optp->name = MIB2_IP_ADDR;
10001 zoneid = Q_TO_CONN(q)->conn_zoneid;
10002
10003 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10004 ill = ILL_START_WALK_V4(&ctx, ipst);
10005 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10006 for (ipif = ill->ill_ipif; ipif != NULL;
10007 ipif = ipif->ipif_next) {
10008 if (ipif->ipif_zoneid != zoneid &&
10009 ipif->ipif_zoneid != ALL_ZONES)
10010 continue;
10011 /* Sum of count from dead IRE_LO* and our current */
10012 mae.ipAdEntInfo.ae_ibcnt = ipif->ipif_ib_pkt_count;
10013 if (ipif->ipif_ire_local != NULL) {
10014 mae.ipAdEntInfo.ae_ibcnt +=
10015 ipif->ipif_ire_local->ire_ib_pkt_count;
10016 }
10017 mae.ipAdEntInfo.ae_obcnt = 0;
10018 mae.ipAdEntInfo.ae_focnt = 0;
10019
10020 ipif_get_name(ipif, mae.ipAdEntIfIndex.o_bytes,
10021 OCTET_LENGTH);
10022 mae.ipAdEntIfIndex.o_length =
10023 mi_strlen(mae.ipAdEntIfIndex.o_bytes);
10024 mae.ipAdEntAddr = ipif->ipif_lcl_addr;
10025 mae.ipAdEntNetMask = ipif->ipif_net_mask;
10026 mae.ipAdEntInfo.ae_subnet = ipif->ipif_subnet;
10027 mae.ipAdEntInfo.ae_subnet_len =
10028 ip_mask_to_plen(ipif->ipif_net_mask);
10029 mae.ipAdEntInfo.ae_src_addr = ipif->ipif_lcl_addr;
10030 for (bitval = 1;
10031 bitval &&
10032 !(bitval & ipif->ipif_brd_addr);
10033 bitval <<= 1)
10034 noop;
10035 mae.ipAdEntBcastAddr = bitval;
10036 mae.ipAdEntReasmMaxSize = IP_MAXPACKET;
10037 mae.ipAdEntInfo.ae_mtu = ipif->ipif_ill->ill_mtu;
10038 mae.ipAdEntInfo.ae_metric = ipif->ipif_ill->ill_metric;
10039 mae.ipAdEntInfo.ae_broadcast_addr =
10040 ipif->ipif_brd_addr;
10041 mae.ipAdEntInfo.ae_pp_dst_addr =
10042 ipif->ipif_pp_dst_addr;
10043 mae.ipAdEntInfo.ae_flags = ipif->ipif_flags |
10044 ill->ill_flags | ill->ill_phyint->phyint_flags;
10045 mae.ipAdEntRetransmitTime =
10046 ill->ill_reachable_retrans_time;
10047
10048 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10049 (char *)&mae, (int)mae_size)) {
10050 ip1dbg(("ip_snmp_get_mib2_ip_addr: failed to "
10051 "allocate %u bytes\n", (uint_t)mae_size));
10052 }
10053 }
10054 }
10055 rw_exit(&ipst->ips_ill_g_lock);
10056
10057 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10058 ip3dbg(("ip_snmp_get_mib2_ip_addr: level %d, name %d, len %d\n",
10059 (int)optp->level, (int)optp->name, (int)optp->len));
10060 qreply(q, mpctl);
10061 return (mp2ctl);
10062 }
10063
10064 /* IPv6 address information */
10065 static mblk_t *
10066 ip_snmp_get_mib2_ip6_addr(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst,
10067 boolean_t legacy_req)
10068 {
10069 struct opthdr *optp;
10070 mblk_t *mp2ctl;
10071 mblk_t *mp_tail = NULL;
10072 ill_t *ill;
10073 ipif_t *ipif;
10074 mib2_ipv6AddrEntry_t mae6;
10075 size_t mae6_size;
10076 zoneid_t zoneid;
10077 ill_walk_context_t ctx;
10078
10079 /*
10080 * make a copy of the original message
10081 */
10082 mp2ctl = copymsg(mpctl);
10083
10084 mae6_size = (legacy_req) ?
10085 LEGACY_MIB_SIZE(&mae6, mib2_ipv6AddrEntry_t) :
10086 sizeof (mib2_ipv6AddrEntry_t);
10087
10088 /* ipv6AddrEntryTable */
10089
10090 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10091 optp->level = MIB2_IP6;
10092 optp->name = MIB2_IP6_ADDR;
10093 zoneid = Q_TO_CONN(q)->conn_zoneid;
10094
10095 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10096 ill = ILL_START_WALK_V6(&ctx, ipst);
10097 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10098 for (ipif = ill->ill_ipif; ipif != NULL;
10099 ipif = ipif->ipif_next) {
10100 if (ipif->ipif_zoneid != zoneid &&
10101 ipif->ipif_zoneid != ALL_ZONES)
10102 continue;
10103 /* Sum of count from dead IRE_LO* and our current */
10104 mae6.ipv6AddrInfo.ae_ibcnt = ipif->ipif_ib_pkt_count;
10105 if (ipif->ipif_ire_local != NULL) {
10106 mae6.ipv6AddrInfo.ae_ibcnt +=
10107 ipif->ipif_ire_local->ire_ib_pkt_count;
10108 }
10109 mae6.ipv6AddrInfo.ae_obcnt = 0;
10110 mae6.ipv6AddrInfo.ae_focnt = 0;
10111
10112 ipif_get_name(ipif, mae6.ipv6AddrIfIndex.o_bytes,
10113 OCTET_LENGTH);
10114 mae6.ipv6AddrIfIndex.o_length =
10115 mi_strlen(mae6.ipv6AddrIfIndex.o_bytes);
10116 mae6.ipv6AddrAddress = ipif->ipif_v6lcl_addr;
10117 mae6.ipv6AddrPfxLength =
10118 ip_mask_to_plen_v6(&ipif->ipif_v6net_mask);
10119 mae6.ipv6AddrInfo.ae_subnet = ipif->ipif_v6subnet;
10120 mae6.ipv6AddrInfo.ae_subnet_len =
10121 mae6.ipv6AddrPfxLength;
10122 mae6.ipv6AddrInfo.ae_src_addr = ipif->ipif_v6lcl_addr;
10123
10124 /* Type: stateless(1), stateful(2), unknown(3) */
10125 if (ipif->ipif_flags & IPIF_ADDRCONF)
10126 mae6.ipv6AddrType = 1;
10127 else
10128 mae6.ipv6AddrType = 2;
10129 /* Anycast: true(1), false(2) */
10130 if (ipif->ipif_flags & IPIF_ANYCAST)
10131 mae6.ipv6AddrAnycastFlag = 1;
10132 else
10133 mae6.ipv6AddrAnycastFlag = 2;
10134
10135 /*
10136 * Address status: preferred(1), deprecated(2),
10137 * invalid(3), inaccessible(4), unknown(5)
10138 */
10139 if (ipif->ipif_flags & IPIF_NOLOCAL)
10140 mae6.ipv6AddrStatus = 3;
10141 else if (ipif->ipif_flags & IPIF_DEPRECATED)
10142 mae6.ipv6AddrStatus = 2;
10143 else
10144 mae6.ipv6AddrStatus = 1;
10145 mae6.ipv6AddrInfo.ae_mtu = ipif->ipif_ill->ill_mtu;
10146 mae6.ipv6AddrInfo.ae_metric =
10147 ipif->ipif_ill->ill_metric;
10148 mae6.ipv6AddrInfo.ae_pp_dst_addr =
10149 ipif->ipif_v6pp_dst_addr;
10150 mae6.ipv6AddrInfo.ae_flags = ipif->ipif_flags |
10151 ill->ill_flags | ill->ill_phyint->phyint_flags;
10152 mae6.ipv6AddrReasmMaxSize = IP_MAXPACKET;
10153 mae6.ipv6AddrIdentifier = ill->ill_token;
10154 mae6.ipv6AddrIdentifierLen = ill->ill_token_length;
10155 mae6.ipv6AddrReachableTime = ill->ill_reachable_time;
10156 mae6.ipv6AddrRetransmitTime =
10157 ill->ill_reachable_retrans_time;
10158 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10159 (char *)&mae6, (int)mae6_size)) {
10160 ip1dbg(("ip_snmp_get_mib2_ip6_addr: failed to "
10161 "allocate %u bytes\n",
10162 (uint_t)mae6_size));
10163 }
10164 }
10165 }
10166 rw_exit(&ipst->ips_ill_g_lock);
10167
10168 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10169 ip3dbg(("ip_snmp_get_mib2_ip6_addr: level %d, name %d, len %d\n",
10170 (int)optp->level, (int)optp->name, (int)optp->len));
10171 qreply(q, mpctl);
10172 return (mp2ctl);
10173 }
10174
10175 /* IPv4 multicast group membership. */
10176 static mblk_t *
10177 ip_snmp_get_mib2_ip_group_mem(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10178 {
10179 struct opthdr *optp;
10180 mblk_t *mp2ctl;
10181 ill_t *ill;
10182 ipif_t *ipif;
10183 ilm_t *ilm;
10184 ip_member_t ipm;
10185 mblk_t *mp_tail = NULL;
10186 ill_walk_context_t ctx;
10187 zoneid_t zoneid;
10188
10189 /*
10190 * make a copy of the original message
10191 */
10192 mp2ctl = copymsg(mpctl);
10193 zoneid = Q_TO_CONN(q)->conn_zoneid;
10194
10195 /* ipGroupMember table */
10196 optp = (struct opthdr *)&mpctl->b_rptr[
10197 sizeof (struct T_optmgmt_ack)];
10198 optp->level = MIB2_IP;
10199 optp->name = EXPER_IP_GROUP_MEMBERSHIP;
10200
10201 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10202 ill = ILL_START_WALK_V4(&ctx, ipst);
10203 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10204 /* Make sure the ill isn't going away. */
10205 if (!ill_check_and_refhold(ill))
10206 continue;
10207 rw_exit(&ipst->ips_ill_g_lock);
10208 rw_enter(&ill->ill_mcast_lock, RW_READER);
10209 for (ilm = ill->ill_ilm; ilm; ilm = ilm->ilm_next) {
10210 if (ilm->ilm_zoneid != zoneid &&
10211 ilm->ilm_zoneid != ALL_ZONES)
10212 continue;
10213
10214 /* Is there an ipif for ilm_ifaddr? */
10215 for (ipif = ill->ill_ipif; ipif != NULL;
10216 ipif = ipif->ipif_next) {
10217 if (!IPIF_IS_CONDEMNED(ipif) &&
10218 ipif->ipif_lcl_addr == ilm->ilm_ifaddr &&
10219 ilm->ilm_ifaddr != INADDR_ANY)
10220 break;
10221 }
10222 if (ipif != NULL) {
10223 ipif_get_name(ipif,
10224 ipm.ipGroupMemberIfIndex.o_bytes,
10225 OCTET_LENGTH);
10226 } else {
10227 ill_get_name(ill,
10228 ipm.ipGroupMemberIfIndex.o_bytes,
10229 OCTET_LENGTH);
10230 }
10231 ipm.ipGroupMemberIfIndex.o_length =
10232 mi_strlen(ipm.ipGroupMemberIfIndex.o_bytes);
10233
10234 ipm.ipGroupMemberAddress = ilm->ilm_addr;
10235 ipm.ipGroupMemberRefCnt = ilm->ilm_refcnt;
10236 ipm.ipGroupMemberFilterMode = ilm->ilm_fmode;
10237 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10238 (char *)&ipm, (int)sizeof (ipm))) {
10239 ip1dbg(("ip_snmp_get_mib2_ip_group: "
10240 "failed to allocate %u bytes\n",
10241 (uint_t)sizeof (ipm)));
10242 }
10243 }
10244 rw_exit(&ill->ill_mcast_lock);
10245 ill_refrele(ill);
10246 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10247 }
10248 rw_exit(&ipst->ips_ill_g_lock);
10249 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10250 ip3dbg(("ip_snmp_get: level %d, name %d, len %d\n",
10251 (int)optp->level, (int)optp->name, (int)optp->len));
10252 qreply(q, mpctl);
10253 return (mp2ctl);
10254 }
10255
10256 /* IPv6 multicast group membership. */
10257 static mblk_t *
10258 ip_snmp_get_mib2_ip6_group_mem(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10259 {
10260 struct opthdr *optp;
10261 mblk_t *mp2ctl;
10262 ill_t *ill;
10263 ilm_t *ilm;
10264 ipv6_member_t ipm6;
10265 mblk_t *mp_tail = NULL;
10266 ill_walk_context_t ctx;
10267 zoneid_t zoneid;
10268
10269 /*
10270 * make a copy of the original message
10271 */
10272 mp2ctl = copymsg(mpctl);
10273 zoneid = Q_TO_CONN(q)->conn_zoneid;
10274
10275 /* ip6GroupMember table */
10276 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10277 optp->level = MIB2_IP6;
10278 optp->name = EXPER_IP6_GROUP_MEMBERSHIP;
10279
10280 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10281 ill = ILL_START_WALK_V6(&ctx, ipst);
10282 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10283 /* Make sure the ill isn't going away. */
10284 if (!ill_check_and_refhold(ill))
10285 continue;
10286 rw_exit(&ipst->ips_ill_g_lock);
10287 /*
10288 * Normally we don't have any members on under IPMP interfaces.
10289 * We report them as a debugging aid.
10290 */
10291 rw_enter(&ill->ill_mcast_lock, RW_READER);
10292 ipm6.ipv6GroupMemberIfIndex = ill->ill_phyint->phyint_ifindex;
10293 for (ilm = ill->ill_ilm; ilm; ilm = ilm->ilm_next) {
10294 if (ilm->ilm_zoneid != zoneid &&
10295 ilm->ilm_zoneid != ALL_ZONES)
10296 continue; /* not this zone */
10297 ipm6.ipv6GroupMemberAddress = ilm->ilm_v6addr;
10298 ipm6.ipv6GroupMemberRefCnt = ilm->ilm_refcnt;
10299 ipm6.ipv6GroupMemberFilterMode = ilm->ilm_fmode;
10300 if (!snmp_append_data2(mpctl->b_cont,
10301 &mp_tail,
10302 (char *)&ipm6, (int)sizeof (ipm6))) {
10303 ip1dbg(("ip_snmp_get_mib2_ip6_group: "
10304 "failed to allocate %u bytes\n",
10305 (uint_t)sizeof (ipm6)));
10306 }
10307 }
10308 rw_exit(&ill->ill_mcast_lock);
10309 ill_refrele(ill);
10310 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10311 }
10312 rw_exit(&ipst->ips_ill_g_lock);
10313
10314 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10315 ip3dbg(("ip_snmp_get: level %d, name %d, len %d\n",
10316 (int)optp->level, (int)optp->name, (int)optp->len));
10317 qreply(q, mpctl);
10318 return (mp2ctl);
10319 }
10320
10321 /* IP multicast filtered sources */
10322 static mblk_t *
10323 ip_snmp_get_mib2_ip_group_src(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10324 {
10325 struct opthdr *optp;
10326 mblk_t *mp2ctl;
10327 ill_t *ill;
10328 ipif_t *ipif;
10329 ilm_t *ilm;
10330 ip_grpsrc_t ips;
10331 mblk_t *mp_tail = NULL;
10332 ill_walk_context_t ctx;
10333 zoneid_t zoneid;
10334 int i;
10335 slist_t *sl;
10336
10337 /*
10338 * make a copy of the original message
10339 */
10340 mp2ctl = copymsg(mpctl);
10341 zoneid = Q_TO_CONN(q)->conn_zoneid;
10342
10343 /* ipGroupSource table */
10344 optp = (struct opthdr *)&mpctl->b_rptr[
10345 sizeof (struct T_optmgmt_ack)];
10346 optp->level = MIB2_IP;
10347 optp->name = EXPER_IP_GROUP_SOURCES;
10348
10349 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10350 ill = ILL_START_WALK_V4(&ctx, ipst);
10351 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10352 /* Make sure the ill isn't going away. */
10353 if (!ill_check_and_refhold(ill))
10354 continue;
10355 rw_exit(&ipst->ips_ill_g_lock);
10356 rw_enter(&ill->ill_mcast_lock, RW_READER);
10357 for (ilm = ill->ill_ilm; ilm; ilm = ilm->ilm_next) {
10358 sl = ilm->ilm_filter;
10359 if (ilm->ilm_zoneid != zoneid &&
10360 ilm->ilm_zoneid != ALL_ZONES)
10361 continue;
10362 if (SLIST_IS_EMPTY(sl))
10363 continue;
10364
10365 /* Is there an ipif for ilm_ifaddr? */
10366 for (ipif = ill->ill_ipif; ipif != NULL;
10367 ipif = ipif->ipif_next) {
10368 if (!IPIF_IS_CONDEMNED(ipif) &&
10369 ipif->ipif_lcl_addr == ilm->ilm_ifaddr &&
10370 ilm->ilm_ifaddr != INADDR_ANY)
10371 break;
10372 }
10373 if (ipif != NULL) {
10374 ipif_get_name(ipif,
10375 ips.ipGroupSourceIfIndex.o_bytes,
10376 OCTET_LENGTH);
10377 } else {
10378 ill_get_name(ill,
10379 ips.ipGroupSourceIfIndex.o_bytes,
10380 OCTET_LENGTH);
10381 }
10382 ips.ipGroupSourceIfIndex.o_length =
10383 mi_strlen(ips.ipGroupSourceIfIndex.o_bytes);
10384
10385 ips.ipGroupSourceGroup = ilm->ilm_addr;
10386 for (i = 0; i < sl->sl_numsrc; i++) {
10387 if (!IN6_IS_ADDR_V4MAPPED(&sl->sl_addr[i]))
10388 continue;
10389 IN6_V4MAPPED_TO_IPADDR(&sl->sl_addr[i],
10390 ips.ipGroupSourceAddress);
10391 if (snmp_append_data2(mpctl->b_cont, &mp_tail,
10392 (char *)&ips, (int)sizeof (ips)) == 0) {
10393 ip1dbg(("ip_snmp_get_mib2_ip_group_src:"
10394 " failed to allocate %u bytes\n",
10395 (uint_t)sizeof (ips)));
10396 }
10397 }
10398 }
10399 rw_exit(&ill->ill_mcast_lock);
10400 ill_refrele(ill);
10401 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10402 }
10403 rw_exit(&ipst->ips_ill_g_lock);
10404 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10405 ip3dbg(("ip_snmp_get: level %d, name %d, len %d\n",
10406 (int)optp->level, (int)optp->name, (int)optp->len));
10407 qreply(q, mpctl);
10408 return (mp2ctl);
10409 }
10410
10411 /* IPv6 multicast filtered sources. */
10412 static mblk_t *
10413 ip_snmp_get_mib2_ip6_group_src(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10414 {
10415 struct opthdr *optp;
10416 mblk_t *mp2ctl;
10417 ill_t *ill;
10418 ilm_t *ilm;
10419 ipv6_grpsrc_t ips6;
10420 mblk_t *mp_tail = NULL;
10421 ill_walk_context_t ctx;
10422 zoneid_t zoneid;
10423 int i;
10424 slist_t *sl;
10425
10426 /*
10427 * make a copy of the original message
10428 */
10429 mp2ctl = copymsg(mpctl);
10430 zoneid = Q_TO_CONN(q)->conn_zoneid;
10431
10432 /* ip6GroupMember table */
10433 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10434 optp->level = MIB2_IP6;
10435 optp->name = EXPER_IP6_GROUP_SOURCES;
10436
10437 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10438 ill = ILL_START_WALK_V6(&ctx, ipst);
10439 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10440 /* Make sure the ill isn't going away. */
10441 if (!ill_check_and_refhold(ill))
10442 continue;
10443 rw_exit(&ipst->ips_ill_g_lock);
10444 /*
10445 * Normally we don't have any members on under IPMP interfaces.
10446 * We report them as a debugging aid.
10447 */
10448 rw_enter(&ill->ill_mcast_lock, RW_READER);
10449 ips6.ipv6GroupSourceIfIndex = ill->ill_phyint->phyint_ifindex;
10450 for (ilm = ill->ill_ilm; ilm; ilm = ilm->ilm_next) {
10451 sl = ilm->ilm_filter;
10452 if (ilm->ilm_zoneid != zoneid &&
10453 ilm->ilm_zoneid != ALL_ZONES)
10454 continue;
10455 if (SLIST_IS_EMPTY(sl))
10456 continue;
10457 ips6.ipv6GroupSourceGroup = ilm->ilm_v6addr;
10458 for (i = 0; i < sl->sl_numsrc; i++) {
10459 ips6.ipv6GroupSourceAddress = sl->sl_addr[i];
10460 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10461 (char *)&ips6, (int)sizeof (ips6))) {
10462 ip1dbg(("ip_snmp_get_mib2_ip6_"
10463 "group_src: failed to allocate "
10464 "%u bytes\n",
10465 (uint_t)sizeof (ips6)));
10466 }
10467 }
10468 }
10469 rw_exit(&ill->ill_mcast_lock);
10470 ill_refrele(ill);
10471 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10472 }
10473 rw_exit(&ipst->ips_ill_g_lock);
10474
10475 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10476 ip3dbg(("ip_snmp_get: level %d, name %d, len %d\n",
10477 (int)optp->level, (int)optp->name, (int)optp->len));
10478 qreply(q, mpctl);
10479 return (mp2ctl);
10480 }
10481
10482 /* Multicast routing virtual interface table. */
10483 static mblk_t *
10484 ip_snmp_get_mib2_virt_multi(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10485 {
10486 struct opthdr *optp;
10487 mblk_t *mp2ctl;
10488
10489 /*
10490 * make a copy of the original message
10491 */
10492 mp2ctl = copymsg(mpctl);
10493
10494 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10495 optp->level = EXPER_DVMRP;
10496 optp->name = EXPER_DVMRP_VIF;
10497 if (!ip_mroute_vif(mpctl->b_cont, ipst)) {
10498 ip0dbg(("ip_mroute_vif: failed\n"));
10499 }
10500 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10501 ip3dbg(("ip_snmp_get_mib2_virt_multi: level %d, name %d, len %d\n",
10502 (int)optp->level, (int)optp->name, (int)optp->len));
10503 qreply(q, mpctl);
10504 return (mp2ctl);
10505 }
10506
10507 /* Multicast routing table. */
10508 static mblk_t *
10509 ip_snmp_get_mib2_multi_rtable(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10510 {
10511 struct opthdr *optp;
10512 mblk_t *mp2ctl;
10513
10514 /*
10515 * make a copy of the original message
10516 */
10517 mp2ctl = copymsg(mpctl);
10518
10519 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10520 optp->level = EXPER_DVMRP;
10521 optp->name = EXPER_DVMRP_MRT;
10522 if (!ip_mroute_mrt(mpctl->b_cont, ipst)) {
10523 ip0dbg(("ip_mroute_mrt: failed\n"));
10524 }
10525 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10526 ip3dbg(("ip_snmp_get_mib2_multi_rtable: level %d, name %d, len %d\n",
10527 (int)optp->level, (int)optp->name, (int)optp->len));
10528 qreply(q, mpctl);
10529 return (mp2ctl);
10530 }
10531
10532 /*
10533 * Return ipRouteEntryTable, ipNetToMediaEntryTable, and ipRouteAttributeTable
10534 * in one IRE walk.
10535 */
10536 static mblk_t *
10537 ip_snmp_get_mib2_ip_route_media(queue_t *q, mblk_t *mpctl, int level,
10538 ip_stack_t *ipst)
10539 {
10540 struct opthdr *optp;
10541 mblk_t *mp2ctl; /* Returned */
10542 mblk_t *mp3ctl; /* nettomedia */
10543 mblk_t *mp4ctl; /* routeattrs */
10544 iproutedata_t ird;
10545 zoneid_t zoneid;
10546
10547 /*
10548 * make copies of the original message
10549 * - mp2ctl is returned unchanged to the caller for his use
10550 * - mpctl is sent upstream as ipRouteEntryTable
10551 * - mp3ctl is sent upstream as ipNetToMediaEntryTable
10552 * - mp4ctl is sent upstream as ipRouteAttributeTable
10553 */
10554 mp2ctl = copymsg(mpctl);
10555 mp3ctl = copymsg(mpctl);
10556 mp4ctl = copymsg(mpctl);
10557 if (mp3ctl == NULL || mp4ctl == NULL) {
10558 freemsg(mp4ctl);
10559 freemsg(mp3ctl);
10560 freemsg(mp2ctl);
10561 freemsg(mpctl);
10562 return (NULL);
10563 }
10564
10565 bzero(&ird, sizeof (ird));
10566
10567 ird.ird_route.lp_head = mpctl->b_cont;
10568 ird.ird_netmedia.lp_head = mp3ctl->b_cont;
10569 ird.ird_attrs.lp_head = mp4ctl->b_cont;
10570 /*
10571 * If the level has been set the special EXPER_IP_AND_ALL_IRES value,
10572 * then also include ire_testhidden IREs and IRE_IF_CLONE. This is
10573 * intended a temporary solution until a proper MIB API is provided
10574 * that provides complete filtering/caller-opt-in.
10575 */
10576 if (level == EXPER_IP_AND_ALL_IRES)
10577 ird.ird_flags |= IRD_REPORT_ALL;
10578
10579 zoneid = Q_TO_CONN(q)->conn_zoneid;
10580 ire_walk_v4(ip_snmp_get2_v4, &ird, zoneid, ipst);
10581
10582 /* ipRouteEntryTable in mpctl */
10583 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10584 optp->level = MIB2_IP;
10585 optp->name = MIB2_IP_ROUTE;
10586 optp->len = msgdsize(ird.ird_route.lp_head);
10587 ip3dbg(("ip_snmp_get_mib2_ip_route_media: level %d, name %d, len %d\n",
10588 (int)optp->level, (int)optp->name, (int)optp->len));
10589 qreply(q, mpctl);
10590
10591 /* ipNetToMediaEntryTable in mp3ctl */
10592 ncec_walk(NULL, ip_snmp_get2_v4_media, &ird, ipst);
10593
10594 optp = (struct opthdr *)&mp3ctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10595 optp->level = MIB2_IP;
10596 optp->name = MIB2_IP_MEDIA;
10597 optp->len = msgdsize(ird.ird_netmedia.lp_head);
10598 ip3dbg(("ip_snmp_get_mib2_ip_route_media: level %d, name %d, len %d\n",
10599 (int)optp->level, (int)optp->name, (int)optp->len));
10600 qreply(q, mp3ctl);
10601
10602 /* ipRouteAttributeTable in mp4ctl */
10603 optp = (struct opthdr *)&mp4ctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10604 optp->level = MIB2_IP;
10605 optp->name = EXPER_IP_RTATTR;
10606 optp->len = msgdsize(ird.ird_attrs.lp_head);
10607 ip3dbg(("ip_snmp_get_mib2_ip_route_media: level %d, name %d, len %d\n",
10608 (int)optp->level, (int)optp->name, (int)optp->len));
10609 if (optp->len == 0)
10610 freemsg(mp4ctl);
10611 else
10612 qreply(q, mp4ctl);
10613
10614 return (mp2ctl);
10615 }
10616
10617 /*
10618 * Return ipv6RouteEntryTable and ipv6RouteAttributeTable in one IRE walk, and
10619 * ipv6NetToMediaEntryTable in an NDP walk.
10620 */
10621 static mblk_t *
10622 ip_snmp_get_mib2_ip6_route_media(queue_t *q, mblk_t *mpctl, int level,
10623 ip_stack_t *ipst)
10624 {
10625 struct opthdr *optp;
10626 mblk_t *mp2ctl; /* Returned */
10627 mblk_t *mp3ctl; /* nettomedia */
10628 mblk_t *mp4ctl; /* routeattrs */
10629 iproutedata_t ird;
10630 zoneid_t zoneid;
10631
10632 /*
10633 * make copies of the original message
10634 * - mp2ctl is returned unchanged to the caller for his use
10635 * - mpctl is sent upstream as ipv6RouteEntryTable
10636 * - mp3ctl is sent upstream as ipv6NetToMediaEntryTable
10637 * - mp4ctl is sent upstream as ipv6RouteAttributeTable
10638 */
10639 mp2ctl = copymsg(mpctl);
10640 mp3ctl = copymsg(mpctl);
10641 mp4ctl = copymsg(mpctl);
10642 if (mp3ctl == NULL || mp4ctl == NULL) {
10643 freemsg(mp4ctl);
10644 freemsg(mp3ctl);
10645 freemsg(mp2ctl);
10646 freemsg(mpctl);
10647 return (NULL);
10648 }
10649
10650 bzero(&ird, sizeof (ird));
10651
10652 ird.ird_route.lp_head = mpctl->b_cont;
10653 ird.ird_netmedia.lp_head = mp3ctl->b_cont;
10654 ird.ird_attrs.lp_head = mp4ctl->b_cont;
10655 /*
10656 * If the level has been set the special EXPER_IP_AND_ALL_IRES value,
10657 * then also include ire_testhidden IREs and IRE_IF_CLONE. This is
10658 * intended a temporary solution until a proper MIB API is provided
10659 * that provides complete filtering/caller-opt-in.
10660 */
10661 if (level == EXPER_IP_AND_ALL_IRES)
10662 ird.ird_flags |= IRD_REPORT_ALL;
10663
10664 zoneid = Q_TO_CONN(q)->conn_zoneid;
10665 ire_walk_v6(ip_snmp_get2_v6_route, &ird, zoneid, ipst);
10666
10667 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10668 optp->level = MIB2_IP6;
10669 optp->name = MIB2_IP6_ROUTE;
10670 optp->len = msgdsize(ird.ird_route.lp_head);
10671 ip3dbg(("ip_snmp_get_mib2_ip6_route_media: level %d, name %d, len %d\n",
10672 (int)optp->level, (int)optp->name, (int)optp->len));
10673 qreply(q, mpctl);
10674
10675 /* ipv6NetToMediaEntryTable in mp3ctl */
10676 ncec_walk(NULL, ip_snmp_get2_v6_media, &ird, ipst);
10677
10678 optp = (struct opthdr *)&mp3ctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10679 optp->level = MIB2_IP6;
10680 optp->name = MIB2_IP6_MEDIA;
10681 optp->len = msgdsize(ird.ird_netmedia.lp_head);
10682 ip3dbg(("ip_snmp_get_mib2_ip6_route_media: level %d, name %d, len %d\n",
10683 (int)optp->level, (int)optp->name, (int)optp->len));
10684 qreply(q, mp3ctl);
10685
10686 /* ipv6RouteAttributeTable in mp4ctl */
10687 optp = (struct opthdr *)&mp4ctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10688 optp->level = MIB2_IP6;
10689 optp->name = EXPER_IP_RTATTR;
10690 optp->len = msgdsize(ird.ird_attrs.lp_head);
10691 ip3dbg(("ip_snmp_get_mib2_ip6_route_media: level %d, name %d, len %d\n",
10692 (int)optp->level, (int)optp->name, (int)optp->len));
10693 if (optp->len == 0)
10694 freemsg(mp4ctl);
10695 else
10696 qreply(q, mp4ctl);
10697
10698 return (mp2ctl);
10699 }
10700
10701 /*
10702 * IPv6 mib: One per ill
10703 */
10704 static mblk_t *
10705 ip_snmp_get_mib2_ip6(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst,
10706 boolean_t legacy_req)
10707 {
10708 struct opthdr *optp;
10709 mblk_t *mp2ctl;
10710 ill_t *ill;
10711 ill_walk_context_t ctx;
10712 mblk_t *mp_tail = NULL;
10713 mib2_ipv6AddrEntry_t mae6;
10714 mib2_ipIfStatsEntry_t *ise;
10715 size_t ise_size, iae_size;
10716
10717 /*
10718 * Make a copy of the original message
10719 */
10720 mp2ctl = copymsg(mpctl);
10721
10722 /* fixed length IPv6 structure ... */
10723
10724 if (legacy_req) {
10725 ise_size = LEGACY_MIB_SIZE(&ipst->ips_ip6_mib,
10726 mib2_ipIfStatsEntry_t);
10727 iae_size = LEGACY_MIB_SIZE(&mae6, mib2_ipv6AddrEntry_t);
10728 } else {
10729 ise_size = sizeof (mib2_ipIfStatsEntry_t);
10730 iae_size = sizeof (mib2_ipv6AddrEntry_t);
10731 }
10732
10733 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10734 optp->level = MIB2_IP6;
10735 optp->name = 0;
10736 /* Include "unknown interface" ip6_mib */
10737 ipst->ips_ip6_mib.ipIfStatsIPVersion = MIB2_INETADDRESSTYPE_ipv6;
10738 ipst->ips_ip6_mib.ipIfStatsIfIndex =
10739 MIB2_UNKNOWN_INTERFACE; /* Flag to netstat */
10740 SET_MIB(ipst->ips_ip6_mib.ipIfStatsForwarding,
10741 ipst->ips_ipv6_forwarding ? 1 : 2);
10742 SET_MIB(ipst->ips_ip6_mib.ipIfStatsDefaultHopLimit,
10743 ipst->ips_ipv6_def_hops);
10744 SET_MIB(ipst->ips_ip6_mib.ipIfStatsEntrySize,
10745 sizeof (mib2_ipIfStatsEntry_t));
10746 SET_MIB(ipst->ips_ip6_mib.ipIfStatsAddrEntrySize,
10747 sizeof (mib2_ipv6AddrEntry_t));
10748 SET_MIB(ipst->ips_ip6_mib.ipIfStatsRouteEntrySize,
10749 sizeof (mib2_ipv6RouteEntry_t));
10750 SET_MIB(ipst->ips_ip6_mib.ipIfStatsNetToMediaEntrySize,
10751 sizeof (mib2_ipv6NetToMediaEntry_t));
10752 SET_MIB(ipst->ips_ip6_mib.ipIfStatsMemberEntrySize,
10753 sizeof (ipv6_member_t));
10754 SET_MIB(ipst->ips_ip6_mib.ipIfStatsGroupSourceEntrySize,
10755 sizeof (ipv6_grpsrc_t));
10756
10757 /*
10758 * Synchronize 64- and 32-bit counters
10759 */
10760 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsInReceives,
10761 ipIfStatsHCInReceives);
10762 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsInDelivers,
10763 ipIfStatsHCInDelivers);
10764 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsOutRequests,
10765 ipIfStatsHCOutRequests);
10766 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsOutForwDatagrams,
10767 ipIfStatsHCOutForwDatagrams);
10768 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsOutMcastPkts,
10769 ipIfStatsHCOutMcastPkts);
10770 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsInMcastPkts,
10771 ipIfStatsHCInMcastPkts);
10772
10773 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10774 (char *)&ipst->ips_ip6_mib, (int)ise_size)) {
10775 ip1dbg(("ip_snmp_get_mib2_ip6: failed to allocate %u bytes\n",
10776 (uint_t)ise_size));
10777 } else if (legacy_req) {
10778 /* Adjust the EntrySize fields for legacy requests. */
10779 ise =
10780 (mib2_ipIfStatsEntry_t *)(mp_tail->b_wptr - (int)ise_size);
10781 SET_MIB(ise->ipIfStatsEntrySize, ise_size);
10782 SET_MIB(ise->ipIfStatsAddrEntrySize, iae_size);
10783 }
10784
10785 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10786 ill = ILL_START_WALK_V6(&ctx, ipst);
10787 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10788 ill->ill_ip_mib->ipIfStatsIfIndex =
10789 ill->ill_phyint->phyint_ifindex;
10790 SET_MIB(ill->ill_ip_mib->ipIfStatsForwarding,
10791 ipst->ips_ipv6_forwarding ? 1 : 2);
10792 SET_MIB(ill->ill_ip_mib->ipIfStatsDefaultHopLimit,
10793 ill->ill_max_hops);
10794
10795 /*
10796 * Synchronize 64- and 32-bit counters
10797 */
10798 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsInReceives,
10799 ipIfStatsHCInReceives);
10800 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsInDelivers,
10801 ipIfStatsHCInDelivers);
10802 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsOutRequests,
10803 ipIfStatsHCOutRequests);
10804 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsOutForwDatagrams,
10805 ipIfStatsHCOutForwDatagrams);
10806 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsOutMcastPkts,
10807 ipIfStatsHCOutMcastPkts);
10808 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsInMcastPkts,
10809 ipIfStatsHCInMcastPkts);
10810
10811 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10812 (char *)ill->ill_ip_mib, (int)ise_size)) {
10813 ip1dbg(("ip_snmp_get_mib2_ip6: failed to allocate "
10814 "%u bytes\n", (uint_t)ise_size));
10815 } else if (legacy_req) {
10816 /* Adjust the EntrySize fields for legacy requests. */
10817 ise = (mib2_ipIfStatsEntry_t *)(mp_tail->b_wptr -
10818 (int)ise_size);
10819 SET_MIB(ise->ipIfStatsEntrySize, ise_size);
10820 SET_MIB(ise->ipIfStatsAddrEntrySize, iae_size);
10821 }
10822 }
10823 rw_exit(&ipst->ips_ill_g_lock);
10824
10825 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10826 ip3dbg(("ip_snmp_get_mib2_ip6: level %d, name %d, len %d\n",
10827 (int)optp->level, (int)optp->name, (int)optp->len));
10828 qreply(q, mpctl);
10829 return (mp2ctl);
10830 }
10831
10832 /*
10833 * ICMPv6 mib: One per ill
10834 */
10835 static mblk_t *
10836 ip_snmp_get_mib2_icmp6(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10837 {
10838 struct opthdr *optp;
10839 mblk_t *mp2ctl;
10840 ill_t *ill;
10841 ill_walk_context_t ctx;
10842 mblk_t *mp_tail = NULL;
10843 /*
10844 * Make a copy of the original message
10845 */
10846 mp2ctl = copymsg(mpctl);
10847
10848 /* fixed length ICMPv6 structure ... */
10849
10850 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10851 optp->level = MIB2_ICMP6;
10852 optp->name = 0;
10853 /* Include "unknown interface" icmp6_mib */
10854 ipst->ips_icmp6_mib.ipv6IfIcmpIfIndex =
10855 MIB2_UNKNOWN_INTERFACE; /* netstat flag */
10856 ipst->ips_icmp6_mib.ipv6IfIcmpEntrySize =
10857 sizeof (mib2_ipv6IfIcmpEntry_t);
10858 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10859 (char *)&ipst->ips_icmp6_mib,
10860 (int)sizeof (ipst->ips_icmp6_mib))) {
10861 ip1dbg(("ip_snmp_get_mib2_icmp6: failed to allocate %u bytes\n",
10862 (uint_t)sizeof (ipst->ips_icmp6_mib)));
10863 }
10864
10865 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10866 ill = ILL_START_WALK_V6(&ctx, ipst);
10867 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10868 ill->ill_icmp6_mib->ipv6IfIcmpIfIndex =
10869 ill->ill_phyint->phyint_ifindex;
10870 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10871 (char *)ill->ill_icmp6_mib,
10872 (int)sizeof (*ill->ill_icmp6_mib))) {
10873 ip1dbg(("ip_snmp_get_mib2_icmp6: failed to allocate "
10874 "%u bytes\n",
10875 (uint_t)sizeof (*ill->ill_icmp6_mib)));
10876 }
10877 }
10878 rw_exit(&ipst->ips_ill_g_lock);
10879
10880 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10881 ip3dbg(("ip_snmp_get_mib2_icmp6: level %d, name %d, len %d\n",
10882 (int)optp->level, (int)optp->name, (int)optp->len));
10883 qreply(q, mpctl);
10884 return (mp2ctl);
10885 }
10886
10887 /*
10888 * ire_walk routine to create both ipRouteEntryTable and
10889 * ipRouteAttributeTable in one IRE walk
10890 */
10891 static void
10892 ip_snmp_get2_v4(ire_t *ire, iproutedata_t *ird)
10893 {
10894 ill_t *ill;
10895 mib2_ipRouteEntry_t *re;
10896 mib2_ipAttributeEntry_t iaes;
10897 tsol_ire_gw_secattr_t *attrp;
10898 tsol_gc_t *gc = NULL;
10899 tsol_gcgrp_t *gcgrp = NULL;
10900 ip_stack_t *ipst = ire->ire_ipst;
10901
10902 ASSERT(ire->ire_ipversion == IPV4_VERSION);
10903
10904 if (!(ird->ird_flags & IRD_REPORT_ALL)) {
10905 if (ire->ire_testhidden)
10906 return;
10907 if (ire->ire_type & IRE_IF_CLONE)
10908 return;
10909 }
10910
10911 if ((re = kmem_zalloc(sizeof (*re), KM_NOSLEEP)) == NULL)
10912 return;
10913
10914 if ((attrp = ire->ire_gw_secattr) != NULL) {
10915 mutex_enter(&attrp->igsa_lock);
10916 if ((gc = attrp->igsa_gc) != NULL) {
10917 gcgrp = gc->gc_grp;
10918 ASSERT(gcgrp != NULL);
10919 rw_enter(&gcgrp->gcgrp_rwlock, RW_READER);
10920 }
10921 mutex_exit(&attrp->igsa_lock);
10922 }
10923 /*
10924 * Return all IRE types for route table... let caller pick and choose
10925 */
10926 re->ipRouteDest = ire->ire_addr;
10927 ill = ire->ire_ill;
10928 re->ipRouteIfIndex.o_length = 0;
10929 if (ill != NULL) {
10930 ill_get_name(ill, re->ipRouteIfIndex.o_bytes, OCTET_LENGTH);
10931 re->ipRouteIfIndex.o_length =
10932 mi_strlen(re->ipRouteIfIndex.o_bytes);
10933 }
10934 re->ipRouteMetric1 = -1;
10935 re->ipRouteMetric2 = -1;
10936 re->ipRouteMetric3 = -1;
10937 re->ipRouteMetric4 = -1;
10938
10939 re->ipRouteNextHop = ire->ire_gateway_addr;
10940 /* indirect(4), direct(3), or invalid(2) */
10941 if (ire->ire_flags & (RTF_REJECT | RTF_BLACKHOLE))
10942 re->ipRouteType = 2;
10943 else if (ire->ire_type & IRE_ONLINK)
10944 re->ipRouteType = 3;
10945 else
10946 re->ipRouteType = 4;
10947
10948 re->ipRouteProto = -1;
10949 re->ipRouteAge = gethrestime_sec() - ire->ire_create_time;
10950 re->ipRouteMask = ire->ire_mask;
10951 re->ipRouteMetric5 = -1;
10952 re->ipRouteInfo.re_max_frag = ire->ire_metrics.iulp_mtu;
10953 if (ire->ire_ill != NULL && re->ipRouteInfo.re_max_frag == 0)
10954 re->ipRouteInfo.re_max_frag = ire->ire_ill->ill_mtu;
10955
10956 re->ipRouteInfo.re_frag_flag = 0;
10957 re->ipRouteInfo.re_rtt = 0;
10958 re->ipRouteInfo.re_src_addr = 0;
10959 re->ipRouteInfo.re_ref = ire->ire_refcnt;
10960 re->ipRouteInfo.re_obpkt = ire->ire_ob_pkt_count;
10961 re->ipRouteInfo.re_ibpkt = ire->ire_ib_pkt_count;
10962 re->ipRouteInfo.re_flags = ire->ire_flags;
10963
10964 /* Add the IRE_IF_CLONE's counters to their parent IRE_INTERFACE */
10965 if (ire->ire_type & IRE_INTERFACE) {
10966 ire_t *child;
10967
10968 rw_enter(&ipst->ips_ire_dep_lock, RW_READER);
10969 child = ire->ire_dep_children;
10970 while (child != NULL) {
10971 re->ipRouteInfo.re_obpkt += child->ire_ob_pkt_count;
10972 re->ipRouteInfo.re_ibpkt += child->ire_ib_pkt_count;
10973 child = child->ire_dep_sib_next;
10974 }
10975 rw_exit(&ipst->ips_ire_dep_lock);
10976 }
10977
10978 if (ire->ire_flags & RTF_DYNAMIC) {
10979 re->ipRouteInfo.re_ire_type = IRE_HOST_REDIRECT;
10980 } else {
10981 re->ipRouteInfo.re_ire_type = ire->ire_type;
10982 }
10983
10984 if (!snmp_append_data2(ird->ird_route.lp_head, &ird->ird_route.lp_tail,
10985 (char *)re, (int)sizeof (*re))) {
10986 ip1dbg(("ip_snmp_get2_v4: failed to allocate %u bytes\n",
10987 (uint_t)sizeof (*re)));
10988 }
10989
10990 if (gc != NULL) {
10991 iaes.iae_routeidx = ird->ird_idx;
10992 iaes.iae_doi = gc->gc_db->gcdb_doi;
10993 iaes.iae_slrange = gc->gc_db->gcdb_slrange;
10994
10995 if (!snmp_append_data2(ird->ird_attrs.lp_head,
10996 &ird->ird_attrs.lp_tail, (char *)&iaes, sizeof (iaes))) {
10997 ip1dbg(("ip_snmp_get2_v4: failed to allocate %u "
10998 "bytes\n", (uint_t)sizeof (iaes)));
10999 }
11000 }
11001
11002 /* bump route index for next pass */
11003 ird->ird_idx++;
11004
11005 kmem_free(re, sizeof (*re));
11006 if (gcgrp != NULL)
11007 rw_exit(&gcgrp->gcgrp_rwlock);
11008 }
11009
11010 /*
11011 * ire_walk routine to create ipv6RouteEntryTable and ipRouteEntryTable.
11012 */
11013 static void
11014 ip_snmp_get2_v6_route(ire_t *ire, iproutedata_t *ird)
11015 {
11016 ill_t *ill;
11017 mib2_ipv6RouteEntry_t *re;
11018 mib2_ipAttributeEntry_t iaes;
11019 tsol_ire_gw_secattr_t *attrp;
11020 tsol_gc_t *gc = NULL;
11021 tsol_gcgrp_t *gcgrp = NULL;
11022 ip_stack_t *ipst = ire->ire_ipst;
11023
11024 ASSERT(ire->ire_ipversion == IPV6_VERSION);
11025
11026 if (!(ird->ird_flags & IRD_REPORT_ALL)) {
11027 if (ire->ire_testhidden)
11028 return;
11029 if (ire->ire_type & IRE_IF_CLONE)
11030 return;
11031 }
11032
11033 if ((re = kmem_zalloc(sizeof (*re), KM_NOSLEEP)) == NULL)
11034 return;
11035
11036 if ((attrp = ire->ire_gw_secattr) != NULL) {
11037 mutex_enter(&attrp->igsa_lock);
11038 if ((gc = attrp->igsa_gc) != NULL) {
11039 gcgrp = gc->gc_grp;
11040 ASSERT(gcgrp != NULL);
11041 rw_enter(&gcgrp->gcgrp_rwlock, RW_READER);
11042 }
11043 mutex_exit(&attrp->igsa_lock);
11044 }
11045 /*
11046 * Return all IRE types for route table... let caller pick and choose
11047 */
11048 re->ipv6RouteDest = ire->ire_addr_v6;
11049 re->ipv6RoutePfxLength = ip_mask_to_plen_v6(&ire->ire_mask_v6);
11050 re->ipv6RouteIndex = 0; /* Unique when multiple with same dest/plen */
11051 re->ipv6RouteIfIndex.o_length = 0;
11052 ill = ire->ire_ill;
11053 if (ill != NULL) {
11054 ill_get_name(ill, re->ipv6RouteIfIndex.o_bytes, OCTET_LENGTH);
11055 re->ipv6RouteIfIndex.o_length =
11056 mi_strlen(re->ipv6RouteIfIndex.o_bytes);
11057 }
11058
11059 ASSERT(!(ire->ire_type & IRE_BROADCAST));
11060
11061 mutex_enter(&ire->ire_lock);
11062 re->ipv6RouteNextHop = ire->ire_gateway_addr_v6;
11063 mutex_exit(&ire->ire_lock);
11064
11065 /* remote(4), local(3), or discard(2) */
11066 if (ire->ire_flags & (RTF_REJECT | RTF_BLACKHOLE))
11067 re->ipv6RouteType = 2;
11068 else if (ire->ire_type & IRE_ONLINK)
11069 re->ipv6RouteType = 3;
11070 else
11071 re->ipv6RouteType = 4;
11072
11073 re->ipv6RouteProtocol = -1;
11074 re->ipv6RoutePolicy = 0;
11075 re->ipv6RouteAge = gethrestime_sec() - ire->ire_create_time;
11076 re->ipv6RouteNextHopRDI = 0;
11077 re->ipv6RouteWeight = 0;
11078 re->ipv6RouteMetric = 0;
11079 re->ipv6RouteInfo.re_max_frag = ire->ire_metrics.iulp_mtu;
11080 if (ire->ire_ill != NULL && re->ipv6RouteInfo.re_max_frag == 0)
11081 re->ipv6RouteInfo.re_max_frag = ire->ire_ill->ill_mtu;
11082
11083 re->ipv6RouteInfo.re_frag_flag = 0;
11084 re->ipv6RouteInfo.re_rtt = 0;
11085 re->ipv6RouteInfo.re_src_addr = ipv6_all_zeros;
11086 re->ipv6RouteInfo.re_obpkt = ire->ire_ob_pkt_count;
11087 re->ipv6RouteInfo.re_ibpkt = ire->ire_ib_pkt_count;
11088 re->ipv6RouteInfo.re_ref = ire->ire_refcnt;
11089 re->ipv6RouteInfo.re_flags = ire->ire_flags;
11090
11091 /* Add the IRE_IF_CLONE's counters to their parent IRE_INTERFACE */
11092 if (ire->ire_type & IRE_INTERFACE) {
11093 ire_t *child;
11094
11095 rw_enter(&ipst->ips_ire_dep_lock, RW_READER);
11096 child = ire->ire_dep_children;
11097 while (child != NULL) {
11098 re->ipv6RouteInfo.re_obpkt += child->ire_ob_pkt_count;
11099 re->ipv6RouteInfo.re_ibpkt += child->ire_ib_pkt_count;
11100 child = child->ire_dep_sib_next;
11101 }
11102 rw_exit(&ipst->ips_ire_dep_lock);
11103 }
11104 if (ire->ire_flags & RTF_DYNAMIC) {
11105 re->ipv6RouteInfo.re_ire_type = IRE_HOST_REDIRECT;
11106 } else {
11107 re->ipv6RouteInfo.re_ire_type = ire->ire_type;
11108 }
11109
11110 if (!snmp_append_data2(ird->ird_route.lp_head, &ird->ird_route.lp_tail,
11111 (char *)re, (int)sizeof (*re))) {
11112 ip1dbg(("ip_snmp_get2_v6: failed to allocate %u bytes\n",
11113 (uint_t)sizeof (*re)));
11114 }
11115
11116 if (gc != NULL) {
11117 iaes.iae_routeidx = ird->ird_idx;
11118 iaes.iae_doi = gc->gc_db->gcdb_doi;
11119 iaes.iae_slrange = gc->gc_db->gcdb_slrange;
11120
11121 if (!snmp_append_data2(ird->ird_attrs.lp_head,
11122 &ird->ird_attrs.lp_tail, (char *)&iaes, sizeof (iaes))) {
11123 ip1dbg(("ip_snmp_get2_v6: failed to allocate %u "
11124 "bytes\n", (uint_t)sizeof (iaes)));
11125 }
11126 }
11127
11128 /* bump route index for next pass */
11129 ird->ird_idx++;
11130
11131 kmem_free(re, sizeof (*re));
11132 if (gcgrp != NULL)
11133 rw_exit(&gcgrp->gcgrp_rwlock);
11134 }
11135
11136 /*
11137 * ncec_walk routine to create ipv6NetToMediaEntryTable
11138 */
11139 static int
11140 ip_snmp_get2_v6_media(ncec_t *ncec, iproutedata_t *ird)
11141 {
11142 ill_t *ill;
11143 mib2_ipv6NetToMediaEntry_t ntme;
11144
11145 ill = ncec->ncec_ill;
11146 /* skip arpce entries, and loopback ncec entries */
11147 if (ill->ill_isv6 == B_FALSE || ill->ill_net_type == IRE_LOOPBACK)
11148 return (0);
11149 /*
11150 * Neighbor cache entry attached to IRE with on-link
11151 * destination.
11152 * We report all IPMP groups on ncec_ill which is normally the upper.
11153 */
11154 ntme.ipv6NetToMediaIfIndex = ill->ill_phyint->phyint_ifindex;
11155 ntme.ipv6NetToMediaNetAddress = ncec->ncec_addr;
11156 ntme.ipv6NetToMediaPhysAddress.o_length = ill->ill_phys_addr_length;
11157 if (ncec->ncec_lladdr != NULL) {
11158 bcopy(ncec->ncec_lladdr, ntme.ipv6NetToMediaPhysAddress.o_bytes,
11159 ntme.ipv6NetToMediaPhysAddress.o_length);
11160 }
11161 /*
11162 * Note: Returns ND_* states. Should be:
11163 * reachable(1), stale(2), delay(3), probe(4),
11164 * invalid(5), unknown(6)
11165 */
11166 ntme.ipv6NetToMediaState = ncec->ncec_state;
11167 ntme.ipv6NetToMediaLastUpdated = 0;
11168
11169 /* other(1), dynamic(2), static(3), local(4) */
11170 if (NCE_MYADDR(ncec)) {
11171 ntme.ipv6NetToMediaType = 4;
11172 } else if (ncec->ncec_flags & NCE_F_PUBLISH) {
11173 ntme.ipv6NetToMediaType = 1; /* proxy */
11174 } else if (ncec->ncec_flags & NCE_F_STATIC) {
11175 ntme.ipv6NetToMediaType = 3;
11176 } else if (ncec->ncec_flags & (NCE_F_MCAST|NCE_F_BCAST)) {
11177 ntme.ipv6NetToMediaType = 1;
11178 } else {
11179 ntme.ipv6NetToMediaType = 2;
11180 }
11181
11182 if (!snmp_append_data2(ird->ird_netmedia.lp_head,
11183 &ird->ird_netmedia.lp_tail, (char *)&ntme, sizeof (ntme))) {
11184 ip1dbg(("ip_snmp_get2_v6_media: failed to allocate %u bytes\n",
11185 (uint_t)sizeof (ntme)));
11186 }
11187 return (0);
11188 }
11189
11190 int
11191 nce2ace(ncec_t *ncec)
11192 {
11193 int flags = 0;
11194
11195 if (NCE_ISREACHABLE(ncec))
11196 flags |= ACE_F_RESOLVED;
11197 if (ncec->ncec_flags & NCE_F_AUTHORITY)
11198 flags |= ACE_F_AUTHORITY;
11199 if (ncec->ncec_flags & NCE_F_PUBLISH)
11200 flags |= ACE_F_PUBLISH;
11201 if ((ncec->ncec_flags & NCE_F_NONUD) != 0)
11202 flags |= ACE_F_PERMANENT;
11203 if (NCE_MYADDR(ncec))
11204 flags |= (ACE_F_MYADDR | ACE_F_AUTHORITY);
11205 if (ncec->ncec_flags & NCE_F_UNVERIFIED)
11206 flags |= ACE_F_UNVERIFIED;
11207 if (ncec->ncec_flags & NCE_F_AUTHORITY)
11208 flags |= ACE_F_AUTHORITY;
11209 if (ncec->ncec_flags & NCE_F_DELAYED)
11210 flags |= ACE_F_DELAYED;
11211 return (flags);
11212 }
11213
11214 /*
11215 * ncec_walk routine to create ipNetToMediaEntryTable
11216 */
11217 static int
11218 ip_snmp_get2_v4_media(ncec_t *ncec, iproutedata_t *ird)
11219 {
11220 ill_t *ill;
11221 mib2_ipNetToMediaEntry_t ntme;
11222 const char *name = "unknown";
11223 ipaddr_t ncec_addr;
11224
11225 ill = ncec->ncec_ill;
11226 if (ill->ill_isv6 || (ncec->ncec_flags & NCE_F_BCAST) ||
11227 ill->ill_net_type == IRE_LOOPBACK)
11228 return (0);
11229
11230 /* We report all IPMP groups on ncec_ill which is normally the upper. */
11231 name = ill->ill_name;
11232 /* Based on RFC 4293: other(1), inval(2), dyn(3), stat(4) */
11233 if (NCE_MYADDR(ncec)) {
11234 ntme.ipNetToMediaType = 4;
11235 } else if (ncec->ncec_flags & (NCE_F_MCAST|NCE_F_BCAST|NCE_F_PUBLISH)) {
11236 ntme.ipNetToMediaType = 1;
11237 } else {
11238 ntme.ipNetToMediaType = 3;
11239 }
11240 ntme.ipNetToMediaIfIndex.o_length = MIN(OCTET_LENGTH, strlen(name));
11241 bcopy(name, ntme.ipNetToMediaIfIndex.o_bytes,
11242 ntme.ipNetToMediaIfIndex.o_length);
11243
11244 IN6_V4MAPPED_TO_IPADDR(&ncec->ncec_addr, ncec_addr);
11245 bcopy(&ncec_addr, &ntme.ipNetToMediaNetAddress, sizeof (ncec_addr));
11246
11247 ntme.ipNetToMediaInfo.ntm_mask.o_length = sizeof (ipaddr_t);
11248 ncec_addr = INADDR_BROADCAST;
11249 bcopy(&ncec_addr, ntme.ipNetToMediaInfo.ntm_mask.o_bytes,
11250 sizeof (ncec_addr));
11251 /*
11252 * map all the flags to the ACE counterpart.
11253 */
11254 ntme.ipNetToMediaInfo.ntm_flags = nce2ace(ncec);
11255
11256 ntme.ipNetToMediaPhysAddress.o_length =
11257 MIN(OCTET_LENGTH, ill->ill_phys_addr_length);
11258
11259 if (!NCE_ISREACHABLE(ncec))
11260 ntme.ipNetToMediaPhysAddress.o_length = 0;
11261 else {
11262 if (ncec->ncec_lladdr != NULL) {
11263 bcopy(ncec->ncec_lladdr,
11264 ntme.ipNetToMediaPhysAddress.o_bytes,
11265 ntme.ipNetToMediaPhysAddress.o_length);
11266 }
11267 }
11268
11269 if (!snmp_append_data2(ird->ird_netmedia.lp_head,
11270 &ird->ird_netmedia.lp_tail, (char *)&ntme, sizeof (ntme))) {
11271 ip1dbg(("ip_snmp_get2_v4_media: failed to allocate %u bytes\n",
11272 (uint_t)sizeof (ntme)));
11273 }
11274 return (0);
11275 }
11276
11277 /*
11278 * return (0) if invalid set request, 1 otherwise, including non-tcp requests
11279 */
11280 /* ARGSUSED */
11281 int
11282 ip_snmp_set(queue_t *q, int level, int name, uchar_t *ptr, int len)
11283 {
11284 switch (level) {
11285 case MIB2_IP:
11286 case MIB2_ICMP:
11287 switch (name) {
11288 default:
11289 break;
11290 }
11291 return (1);
11292 default:
11293 return (1);
11294 }
11295 }
11296
11297 /*
11298 * When there exists both a 64- and 32-bit counter of a particular type
11299 * (i.e., InReceives), only the 64-bit counters are added.
11300 */
11301 void
11302 ip_mib2_add_ip_stats(mib2_ipIfStatsEntry_t *o1, mib2_ipIfStatsEntry_t *o2)
11303 {
11304 UPDATE_MIB(o1, ipIfStatsInHdrErrors, o2->ipIfStatsInHdrErrors);
11305 UPDATE_MIB(o1, ipIfStatsInTooBigErrors, o2->ipIfStatsInTooBigErrors);
11306 UPDATE_MIB(o1, ipIfStatsInNoRoutes, o2->ipIfStatsInNoRoutes);
11307 UPDATE_MIB(o1, ipIfStatsInAddrErrors, o2->ipIfStatsInAddrErrors);
11308 UPDATE_MIB(o1, ipIfStatsInUnknownProtos, o2->ipIfStatsInUnknownProtos);
11309 UPDATE_MIB(o1, ipIfStatsInTruncatedPkts, o2->ipIfStatsInTruncatedPkts);
11310 UPDATE_MIB(o1, ipIfStatsInDiscards, o2->ipIfStatsInDiscards);
11311 UPDATE_MIB(o1, ipIfStatsOutDiscards, o2->ipIfStatsOutDiscards);
11312 UPDATE_MIB(o1, ipIfStatsOutFragOKs, o2->ipIfStatsOutFragOKs);
11313 UPDATE_MIB(o1, ipIfStatsOutFragFails, o2->ipIfStatsOutFragFails);
11314 UPDATE_MIB(o1, ipIfStatsOutFragCreates, o2->ipIfStatsOutFragCreates);
11315 UPDATE_MIB(o1, ipIfStatsReasmReqds, o2->ipIfStatsReasmReqds);
11316 UPDATE_MIB(o1, ipIfStatsReasmOKs, o2->ipIfStatsReasmOKs);
11317 UPDATE_MIB(o1, ipIfStatsReasmFails, o2->ipIfStatsReasmFails);
11318 UPDATE_MIB(o1, ipIfStatsOutNoRoutes, o2->ipIfStatsOutNoRoutes);
11319 UPDATE_MIB(o1, ipIfStatsReasmDuplicates, o2->ipIfStatsReasmDuplicates);
11320 UPDATE_MIB(o1, ipIfStatsReasmPartDups, o2->ipIfStatsReasmPartDups);
11321 UPDATE_MIB(o1, ipIfStatsForwProhibits, o2->ipIfStatsForwProhibits);
11322 UPDATE_MIB(o1, udpInCksumErrs, o2->udpInCksumErrs);
11323 UPDATE_MIB(o1, udpInOverflows, o2->udpInOverflows);
11324 UPDATE_MIB(o1, rawipInOverflows, o2->rawipInOverflows);
11325 UPDATE_MIB(o1, ipIfStatsInWrongIPVersion,
11326 o2->ipIfStatsInWrongIPVersion);
11327 UPDATE_MIB(o1, ipIfStatsOutWrongIPVersion,
11328 o2->ipIfStatsInWrongIPVersion);
11329 UPDATE_MIB(o1, ipIfStatsOutSwitchIPVersion,
11330 o2->ipIfStatsOutSwitchIPVersion);
11331 UPDATE_MIB(o1, ipIfStatsHCInReceives, o2->ipIfStatsHCInReceives);
11332 UPDATE_MIB(o1, ipIfStatsHCInOctets, o2->ipIfStatsHCInOctets);
11333 UPDATE_MIB(o1, ipIfStatsHCInForwDatagrams,
11334 o2->ipIfStatsHCInForwDatagrams);
11335 UPDATE_MIB(o1, ipIfStatsHCInDelivers, o2->ipIfStatsHCInDelivers);
11336 UPDATE_MIB(o1, ipIfStatsHCOutRequests, o2->ipIfStatsHCOutRequests);
11337 UPDATE_MIB(o1, ipIfStatsHCOutForwDatagrams,
11338 o2->ipIfStatsHCOutForwDatagrams);
11339 UPDATE_MIB(o1, ipIfStatsOutFragReqds, o2->ipIfStatsOutFragReqds);
11340 UPDATE_MIB(o1, ipIfStatsHCOutTransmits, o2->ipIfStatsHCOutTransmits);
11341 UPDATE_MIB(o1, ipIfStatsHCOutOctets, o2->ipIfStatsHCOutOctets);
11342 UPDATE_MIB(o1, ipIfStatsHCInMcastPkts, o2->ipIfStatsHCInMcastPkts);
11343 UPDATE_MIB(o1, ipIfStatsHCInMcastOctets, o2->ipIfStatsHCInMcastOctets);
11344 UPDATE_MIB(o1, ipIfStatsHCOutMcastPkts, o2->ipIfStatsHCOutMcastPkts);
11345 UPDATE_MIB(o1, ipIfStatsHCOutMcastOctets,
11346 o2->ipIfStatsHCOutMcastOctets);
11347 UPDATE_MIB(o1, ipIfStatsHCInBcastPkts, o2->ipIfStatsHCInBcastPkts);
11348 UPDATE_MIB(o1, ipIfStatsHCOutBcastPkts, o2->ipIfStatsHCOutBcastPkts);
11349 UPDATE_MIB(o1, ipsecInSucceeded, o2->ipsecInSucceeded);
11350 UPDATE_MIB(o1, ipsecInFailed, o2->ipsecInFailed);
11351 UPDATE_MIB(o1, ipInCksumErrs, o2->ipInCksumErrs);
11352 UPDATE_MIB(o1, tcpInErrs, o2->tcpInErrs);
11353 UPDATE_MIB(o1, udpNoPorts, o2->udpNoPorts);
11354 }
11355
11356 void
11357 ip_mib2_add_icmp6_stats(mib2_ipv6IfIcmpEntry_t *o1, mib2_ipv6IfIcmpEntry_t *o2)
11358 {
11359 UPDATE_MIB(o1, ipv6IfIcmpInMsgs, o2->ipv6IfIcmpInMsgs);
11360 UPDATE_MIB(o1, ipv6IfIcmpInErrors, o2->ipv6IfIcmpInErrors);
11361 UPDATE_MIB(o1, ipv6IfIcmpInDestUnreachs, o2->ipv6IfIcmpInDestUnreachs);
11362 UPDATE_MIB(o1, ipv6IfIcmpInAdminProhibs, o2->ipv6IfIcmpInAdminProhibs);
11363 UPDATE_MIB(o1, ipv6IfIcmpInTimeExcds, o2->ipv6IfIcmpInTimeExcds);
11364 UPDATE_MIB(o1, ipv6IfIcmpInParmProblems, o2->ipv6IfIcmpInParmProblems);
11365 UPDATE_MIB(o1, ipv6IfIcmpInPktTooBigs, o2->ipv6IfIcmpInPktTooBigs);
11366 UPDATE_MIB(o1, ipv6IfIcmpInEchos, o2->ipv6IfIcmpInEchos);
11367 UPDATE_MIB(o1, ipv6IfIcmpInEchoReplies, o2->ipv6IfIcmpInEchoReplies);
11368 UPDATE_MIB(o1, ipv6IfIcmpInRouterSolicits,
11369 o2->ipv6IfIcmpInRouterSolicits);
11370 UPDATE_MIB(o1, ipv6IfIcmpInRouterAdvertisements,
11371 o2->ipv6IfIcmpInRouterAdvertisements);
11372 UPDATE_MIB(o1, ipv6IfIcmpInNeighborSolicits,
11373 o2->ipv6IfIcmpInNeighborSolicits);
11374 UPDATE_MIB(o1, ipv6IfIcmpInNeighborAdvertisements,
11375 o2->ipv6IfIcmpInNeighborAdvertisements);
11376 UPDATE_MIB(o1, ipv6IfIcmpInRedirects, o2->ipv6IfIcmpInRedirects);
11377 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembQueries,
11378 o2->ipv6IfIcmpInGroupMembQueries);
11379 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembResponses,
11380 o2->ipv6IfIcmpInGroupMembResponses);
11381 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembReductions,
11382 o2->ipv6IfIcmpInGroupMembReductions);
11383 UPDATE_MIB(o1, ipv6IfIcmpOutMsgs, o2->ipv6IfIcmpOutMsgs);
11384 UPDATE_MIB(o1, ipv6IfIcmpOutErrors, o2->ipv6IfIcmpOutErrors);
11385 UPDATE_MIB(o1, ipv6IfIcmpOutDestUnreachs,
11386 o2->ipv6IfIcmpOutDestUnreachs);
11387 UPDATE_MIB(o1, ipv6IfIcmpOutAdminProhibs,
11388 o2->ipv6IfIcmpOutAdminProhibs);
11389 UPDATE_MIB(o1, ipv6IfIcmpOutTimeExcds, o2->ipv6IfIcmpOutTimeExcds);
11390 UPDATE_MIB(o1, ipv6IfIcmpOutParmProblems,
11391 o2->ipv6IfIcmpOutParmProblems);
11392 UPDATE_MIB(o1, ipv6IfIcmpOutPktTooBigs, o2->ipv6IfIcmpOutPktTooBigs);
11393 UPDATE_MIB(o1, ipv6IfIcmpOutEchos, o2->ipv6IfIcmpOutEchos);
11394 UPDATE_MIB(o1, ipv6IfIcmpOutEchoReplies, o2->ipv6IfIcmpOutEchoReplies);
11395 UPDATE_MIB(o1, ipv6IfIcmpOutRouterSolicits,
11396 o2->ipv6IfIcmpOutRouterSolicits);
11397 UPDATE_MIB(o1, ipv6IfIcmpOutRouterAdvertisements,
11398 o2->ipv6IfIcmpOutRouterAdvertisements);
11399 UPDATE_MIB(o1, ipv6IfIcmpOutNeighborSolicits,
11400 o2->ipv6IfIcmpOutNeighborSolicits);
11401 UPDATE_MIB(o1, ipv6IfIcmpOutNeighborAdvertisements,
11402 o2->ipv6IfIcmpOutNeighborAdvertisements);
11403 UPDATE_MIB(o1, ipv6IfIcmpOutRedirects, o2->ipv6IfIcmpOutRedirects);
11404 UPDATE_MIB(o1, ipv6IfIcmpOutGroupMembQueries,
11405 o2->ipv6IfIcmpOutGroupMembQueries);
11406 UPDATE_MIB(o1, ipv6IfIcmpOutGroupMembResponses,
11407 o2->ipv6IfIcmpOutGroupMembResponses);
11408 UPDATE_MIB(o1, ipv6IfIcmpOutGroupMembReductions,
11409 o2->ipv6IfIcmpOutGroupMembReductions);
11410 UPDATE_MIB(o1, ipv6IfIcmpInOverflows, o2->ipv6IfIcmpInOverflows);
11411 UPDATE_MIB(o1, ipv6IfIcmpBadHoplimit, o2->ipv6IfIcmpBadHoplimit);
11412 UPDATE_MIB(o1, ipv6IfIcmpInBadNeighborAdvertisements,
11413 o2->ipv6IfIcmpInBadNeighborAdvertisements);
11414 UPDATE_MIB(o1, ipv6IfIcmpInBadNeighborSolicitations,
11415 o2->ipv6IfIcmpInBadNeighborSolicitations);
11416 UPDATE_MIB(o1, ipv6IfIcmpInBadRedirects, o2->ipv6IfIcmpInBadRedirects);
11417 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembTotal,
11418 o2->ipv6IfIcmpInGroupMembTotal);
11419 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembBadQueries,
11420 o2->ipv6IfIcmpInGroupMembBadQueries);
11421 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembBadReports,
11422 o2->ipv6IfIcmpInGroupMembBadReports);
11423 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembOurReports,
11424 o2->ipv6IfIcmpInGroupMembOurReports);
11425 }
11426
11427 /*
11428 * Called before the options are updated to check if this packet will
11429 * be source routed from here.
11430 * This routine assumes that the options are well formed i.e. that they
11431 * have already been checked.
11432 */
11433 boolean_t
11434 ip_source_routed(ipha_t *ipha, ip_stack_t *ipst)
11435 {
11436 ipoptp_t opts;
11437 uchar_t *opt;
11438 uint8_t optval;
11439 uint8_t optlen;
11440 ipaddr_t dst;
11441
11442 if (IS_SIMPLE_IPH(ipha)) {
11443 ip2dbg(("not source routed\n"));
11444 return (B_FALSE);
11445 }
11446 dst = ipha->ipha_dst;
11447 for (optval = ipoptp_first(&opts, ipha);
11448 optval != IPOPT_EOL;
11449 optval = ipoptp_next(&opts)) {
11450 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0);
11451 opt = opts.ipoptp_cur;
11452 optlen = opts.ipoptp_len;
11453 ip2dbg(("ip_source_routed: opt %d, len %d\n",
11454 optval, optlen));
11455 switch (optval) {
11456 uint32_t off;
11457 case IPOPT_SSRR:
11458 case IPOPT_LSRR:
11459 /*
11460 * If dst is one of our addresses and there are some
11461 * entries left in the source route return (true).
11462 */
11463 if (ip_type_v4(dst, ipst) != IRE_LOCAL) {
11464 ip2dbg(("ip_source_routed: not next"
11465 " source route 0x%x\n",
11466 ntohl(dst)));
11467 return (B_FALSE);
11468 }
11469 off = opt[IPOPT_OFFSET];
11470 off--;
11471 if (optlen < IP_ADDR_LEN ||
11472 off > optlen - IP_ADDR_LEN) {
11473 /* End of source route */
11474 ip1dbg(("ip_source_routed: end of SR\n"));
11475 return (B_FALSE);
11476 }
11477 return (B_TRUE);
11478 }
11479 }
11480 ip2dbg(("not source routed\n"));
11481 return (B_FALSE);
11482 }
11483
11484 /*
11485 * ip_unbind is called by the transports to remove a conn from
11486 * the fanout table.
11487 */
11488 void
11489 ip_unbind(conn_t *connp)
11490 {
11491
11492 ASSERT(!MUTEX_HELD(&connp->conn_lock));
11493
11494 if (is_system_labeled() && connp->conn_anon_port) {
11495 (void) tsol_mlp_anon(crgetzone(connp->conn_cred),
11496 connp->conn_mlp_type, connp->conn_proto,
11497 ntohs(connp->conn_lport), B_FALSE);
11498 connp->conn_anon_port = 0;
11499 }
11500 connp->conn_mlp_type = mlptSingle;
11501
11502 ipcl_hash_remove(connp);
11503 }
11504
11505 /*
11506 * Used for deciding the MSS size for the upper layer. Thus
11507 * we need to check the outbound policy values in the conn.
11508 */
11509 int
11510 conn_ipsec_length(conn_t *connp)
11511 {
11512 ipsec_latch_t *ipl;
11513
11514 ipl = connp->conn_latch;
11515 if (ipl == NULL)
11516 return (0);
11517
11518 if (connp->conn_ixa->ixa_ipsec_policy == NULL)
11519 return (0);
11520
11521 return (connp->conn_ixa->ixa_ipsec_policy->ipsp_act->ipa_ovhd);
11522 }
11523
11524 /*
11525 * Returns an estimate of the IPsec headers size. This is used if
11526 * we don't want to call into IPsec to get the exact size.
11527 */
11528 int
11529 ipsec_out_extra_length(ip_xmit_attr_t *ixa)
11530 {
11531 ipsec_action_t *a;
11532
11533 if (!(ixa->ixa_flags & IXAF_IPSEC_SECURE))
11534 return (0);
11535
11536 a = ixa->ixa_ipsec_action;
11537 if (a == NULL) {
11538 ASSERT(ixa->ixa_ipsec_policy != NULL);
11539 a = ixa->ixa_ipsec_policy->ipsp_act;
11540 }
11541 ASSERT(a != NULL);
11542
11543 return (a->ipa_ovhd);
11544 }
11545
11546 /*
11547 * If there are any source route options, return the true final
11548 * destination. Otherwise, return the destination.
11549 */
11550 ipaddr_t
11551 ip_get_dst(ipha_t *ipha)
11552 {
11553 ipoptp_t opts;
11554 uchar_t *opt;
11555 uint8_t optval;
11556 uint8_t optlen;
11557 ipaddr_t dst;
11558 uint32_t off;
11559
11560 dst = ipha->ipha_dst;
11561
11562 if (IS_SIMPLE_IPH(ipha))
11563 return (dst);
11564
11565 for (optval = ipoptp_first(&opts, ipha);
11566 optval != IPOPT_EOL;
11567 optval = ipoptp_next(&opts)) {
11568 opt = opts.ipoptp_cur;
11569 optlen = opts.ipoptp_len;
11570 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0);
11571 switch (optval) {
11572 case IPOPT_SSRR:
11573 case IPOPT_LSRR:
11574 off = opt[IPOPT_OFFSET];
11575 /*
11576 * If one of the conditions is true, it means
11577 * end of options and dst already has the right
11578 * value.
11579 */
11580 if (!(optlen < IP_ADDR_LEN || off > optlen - 3)) {
11581 off = optlen - IP_ADDR_LEN;
11582 bcopy(&opt[off], &dst, IP_ADDR_LEN);
11583 }
11584 return (dst);
11585 default:
11586 break;
11587 }
11588 }
11589
11590 return (dst);
11591 }
11592
11593 /*
11594 * Outbound IP fragmentation routine.
11595 * Assumes the caller has checked whether or not fragmentation should
11596 * be allowed. Here we copy the DF bit from the header to all the generated
11597 * fragments.
11598 */
11599 int
11600 ip_fragment_v4(mblk_t *mp_orig, nce_t *nce, iaflags_t ixaflags,
11601 uint_t pkt_len, uint32_t max_frag, uint32_t xmit_hint, zoneid_t szone,
11602 zoneid_t nolzid, pfirepostfrag_t postfragfn, uintptr_t *ixa_cookie)
11603 {
11604 int i1;
11605 int hdr_len;
11606 mblk_t *hdr_mp;
11607 ipha_t *ipha;
11608 int ip_data_end;
11609 int len;
11610 mblk_t *mp = mp_orig;
11611 int offset;
11612 ill_t *ill = nce->nce_ill;
11613 ip_stack_t *ipst = ill->ill_ipst;
11614 mblk_t *carve_mp;
11615 uint32_t frag_flag;
11616 uint_t priority = mp->b_band;
11617 int error = 0;
11618
11619 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragReqds);
11620
11621 if (pkt_len != msgdsize(mp)) {
11622 ip0dbg(("Packet length mismatch: %d, %ld\n",
11623 pkt_len, msgdsize(mp)));
11624 freemsg(mp);
11625 return (EINVAL);
11626 }
11627
11628 if (max_frag == 0) {
11629 ip1dbg(("ip_fragment_v4: max_frag is zero. Dropping packet\n"));
11630 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails);
11631 ip_drop_output("FragFails: zero max_frag", mp, ill);
11632 freemsg(mp);
11633 return (EINVAL);
11634 }
11635
11636 ASSERT(MBLKL(mp) >= sizeof (ipha_t));
11637 ipha = (ipha_t *)mp->b_rptr;
11638 ASSERT(ntohs(ipha->ipha_length) == pkt_len);
11639 frag_flag = ntohs(ipha->ipha_fragment_offset_and_flags) & IPH_DF;
11640
11641 /*
11642 * Establish the starting offset. May not be zero if we are fragging
11643 * a fragment that is being forwarded.
11644 */
11645 offset = ntohs(ipha->ipha_fragment_offset_and_flags) & IPH_OFFSET;
11646
11647 /* TODO why is this test needed? */
11648 if (((max_frag - ntohs(ipha->ipha_length)) & ~7) < 8) {
11649 /* TODO: notify ulp somehow */
11650 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails);
11651 ip_drop_output("FragFails: bad starting offset", mp, ill);
11652 freemsg(mp);
11653 return (EINVAL);
11654 }
11655
11656 hdr_len = IPH_HDR_LENGTH(ipha);
11657 ipha->ipha_hdr_checksum = 0;
11658
11659 /*
11660 * Establish the number of bytes maximum per frag, after putting
11661 * in the header.
11662 */
11663 len = (max_frag - hdr_len) & ~7;
11664
11665 /* Get a copy of the header for the trailing frags */
11666 hdr_mp = ip_fragment_copyhdr((uchar_t *)ipha, hdr_len, offset, ipst,
11667 mp);
11668 if (hdr_mp == NULL) {
11669 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails);
11670 ip_drop_output("FragFails: no hdr_mp", mp, ill);
11671 freemsg(mp);
11672 return (ENOBUFS);
11673 }
11674
11675 /* Store the starting offset, with the MoreFrags flag. */
11676 i1 = offset | IPH_MF | frag_flag;
11677 ipha->ipha_fragment_offset_and_flags = htons((uint16_t)i1);
11678
11679 /* Establish the ending byte offset, based on the starting offset. */
11680 offset <<= 3;
11681 ip_data_end = offset + ntohs(ipha->ipha_length) - hdr_len;
11682
11683 /* Store the length of the first fragment in the IP header. */
11684 i1 = len + hdr_len;
11685 ASSERT(i1 <= IP_MAXPACKET);
11686 ipha->ipha_length = htons((uint16_t)i1);
11687
11688 /*
11689 * Compute the IP header checksum for the first frag. We have to
11690 * watch out that we stop at the end of the header.
11691 */
11692 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha);
11693
11694 /*
11695 * Now carve off the first frag. Note that this will include the
11696 * original IP header.
11697 */
11698 if (!(mp = ip_carve_mp(&mp_orig, i1))) {
11699 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails);
11700 ip_drop_output("FragFails: could not carve mp", mp_orig, ill);
11701 freeb(hdr_mp);
11702 freemsg(mp_orig);
11703 return (ENOBUFS);
11704 }
11705
11706 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragCreates);
11707
11708 error = postfragfn(mp, nce, ixaflags, i1, xmit_hint, szone, nolzid,
11709 ixa_cookie);
11710 if (error != 0 && error != EWOULDBLOCK) {
11711 /* No point in sending the other fragments */
11712 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails);
11713 ip_drop_output("FragFails: postfragfn failed", mp_orig, ill);
11714 freeb(hdr_mp);
11715 freemsg(mp_orig);
11716 return (error);
11717 }
11718
11719 /* No need to redo state machine in loop */
11720 ixaflags &= ~IXAF_REACH_CONF;
11721
11722 /* Advance the offset to the second frag starting point. */
11723 offset += len;
11724 /*
11725 * Update hdr_len from the copied header - there might be less options
11726 * in the later fragments.
11727 */
11728 hdr_len = IPH_HDR_LENGTH(hdr_mp->b_rptr);
11729 /* Loop until done. */
11730 for (;;) {
11731 uint16_t offset_and_flags;
11732 uint16_t ip_len;
11733
11734 if (ip_data_end - offset > len) {
11735 /*
11736 * Carve off the appropriate amount from the original
11737 * datagram.
11738 */
11739 if (!(carve_mp = ip_carve_mp(&mp_orig, len))) {
11740 mp = NULL;
11741 break;
11742 }
11743 /*
11744 * More frags after this one. Get another copy
11745 * of the header.
11746 */
11747 if (carve_mp->b_datap->db_ref == 1 &&
11748 hdr_mp->b_wptr - hdr_mp->b_rptr <
11749 carve_mp->b_rptr - carve_mp->b_datap->db_base) {
11750 /* Inline IP header */
11751 carve_mp->b_rptr -= hdr_mp->b_wptr -
11752 hdr_mp->b_rptr;
11753 bcopy(hdr_mp->b_rptr, carve_mp->b_rptr,
11754 hdr_mp->b_wptr - hdr_mp->b_rptr);
11755 mp = carve_mp;
11756 } else {
11757 if (!(mp = copyb(hdr_mp))) {
11758 freemsg(carve_mp);
11759 break;
11760 }
11761 /* Get priority marking, if any. */
11762 mp->b_band = priority;
11763 mp->b_cont = carve_mp;
11764 }
11765 ipha = (ipha_t *)mp->b_rptr;
11766 offset_and_flags = IPH_MF;
11767 } else {
11768 /*
11769 * Last frag. Consume the header. Set len to
11770 * the length of this last piece.
11771 */
11772 len = ip_data_end - offset;
11773
11774 /*
11775 * Carve off the appropriate amount from the original
11776 * datagram.
11777 */
11778 if (!(carve_mp = ip_carve_mp(&mp_orig, len))) {
11779 mp = NULL;
11780 break;
11781 }
11782 if (carve_mp->b_datap->db_ref == 1 &&
11783 hdr_mp->b_wptr - hdr_mp->b_rptr <
11784 carve_mp->b_rptr - carve_mp->b_datap->db_base) {
11785 /* Inline IP header */
11786 carve_mp->b_rptr -= hdr_mp->b_wptr -
11787 hdr_mp->b_rptr;
11788 bcopy(hdr_mp->b_rptr, carve_mp->b_rptr,
11789 hdr_mp->b_wptr - hdr_mp->b_rptr);
11790 mp = carve_mp;
11791 freeb(hdr_mp);
11792 hdr_mp = mp;
11793 } else {
11794 mp = hdr_mp;
11795 /* Get priority marking, if any. */
11796 mp->b_band = priority;
11797 mp->b_cont = carve_mp;
11798 }
11799 ipha = (ipha_t *)mp->b_rptr;
11800 /* A frag of a frag might have IPH_MF non-zero */
11801 offset_and_flags =
11802 ntohs(ipha->ipha_fragment_offset_and_flags) &
11803 IPH_MF;
11804 }
11805 offset_and_flags |= (uint16_t)(offset >> 3);
11806 offset_and_flags |= (uint16_t)frag_flag;
11807 /* Store the offset and flags in the IP header. */
11808 ipha->ipha_fragment_offset_and_flags = htons(offset_and_flags);
11809
11810 /* Store the length in the IP header. */
11811 ip_len = (uint16_t)(len + hdr_len);
11812 ipha->ipha_length = htons(ip_len);
11813
11814 /*
11815 * Set the IP header checksum. Note that mp is just
11816 * the header, so this is easy to pass to ip_csum.
11817 */
11818 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha);
11819
11820 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragCreates);
11821
11822 error = postfragfn(mp, nce, ixaflags, ip_len, xmit_hint, szone,
11823 nolzid, ixa_cookie);
11824 /* All done if we just consumed the hdr_mp. */
11825 if (mp == hdr_mp) {
11826 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragOKs);
11827 return (error);
11828 }
11829 if (error != 0 && error != EWOULDBLOCK) {
11830 DTRACE_PROBE2(ip__xmit__frag__fail, ill_t *, ill,
11831 mblk_t *, hdr_mp);
11832 /* No point in sending the other fragments */
11833 break;
11834 }
11835
11836 /* Otherwise, advance and loop. */
11837 offset += len;
11838 }
11839 /* Clean up following allocation failure. */
11840 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails);
11841 ip_drop_output("FragFails: loop ended", NULL, ill);
11842 if (mp != hdr_mp)
11843 freeb(hdr_mp);
11844 if (mp != mp_orig)
11845 freemsg(mp_orig);
11846 return (error);
11847 }
11848
11849 /*
11850 * Copy the header plus those options which have the copy bit set
11851 */
11852 static mblk_t *
11853 ip_fragment_copyhdr(uchar_t *rptr, int hdr_len, int offset, ip_stack_t *ipst,
11854 mblk_t *src)
11855 {
11856 mblk_t *mp;
11857 uchar_t *up;
11858
11859 /*
11860 * Quick check if we need to look for options without the copy bit
11861 * set
11862 */
11863 mp = allocb_tmpl(ipst->ips_ip_wroff_extra + hdr_len, src);
11864 if (!mp)
11865 return (mp);
11866 mp->b_rptr += ipst->ips_ip_wroff_extra;
11867 if (hdr_len == IP_SIMPLE_HDR_LENGTH || offset != 0) {
11868 bcopy(rptr, mp->b_rptr, hdr_len);
11869 mp->b_wptr += hdr_len + ipst->ips_ip_wroff_extra;
11870 return (mp);
11871 }
11872 up = mp->b_rptr;
11873 bcopy(rptr, up, IP_SIMPLE_HDR_LENGTH);
11874 up += IP_SIMPLE_HDR_LENGTH;
11875 rptr += IP_SIMPLE_HDR_LENGTH;
11876 hdr_len -= IP_SIMPLE_HDR_LENGTH;
11877 while (hdr_len > 0) {
11878 uint32_t optval;
11879 uint32_t optlen;
11880
11881 optval = *rptr;
11882 if (optval == IPOPT_EOL)
11883 break;
11884 if (optval == IPOPT_NOP)
11885 optlen = 1;
11886 else
11887 optlen = rptr[1];
11888 if (optval & IPOPT_COPY) {
11889 bcopy(rptr, up, optlen);
11890 up += optlen;
11891 }
11892 rptr += optlen;
11893 hdr_len -= optlen;
11894 }
11895 /*
11896 * Make sure that we drop an even number of words by filling
11897 * with EOL to the next word boundary.
11898 */
11899 for (hdr_len = up - (mp->b_rptr + IP_SIMPLE_HDR_LENGTH);
11900 hdr_len & 0x3; hdr_len++)
11901 *up++ = IPOPT_EOL;
11902 mp->b_wptr = up;
11903 /* Update header length */
11904 mp->b_rptr[0] = (uint8_t)((IP_VERSION << 4) | ((up - mp->b_rptr) >> 2));
11905 return (mp);
11906 }
11907
11908 /*
11909 * Update any source route, record route, or timestamp options when
11910 * sending a packet back to ourselves.
11911 * Check that we are at end of strict source route.
11912 * The options have been sanity checked by ip_output_options().
11913 */
11914 void
11915 ip_output_local_options(ipha_t *ipha, ip_stack_t *ipst)
11916 {
11917 ipoptp_t opts;
11918 uchar_t *opt;
11919 uint8_t optval;
11920 uint8_t optlen;
11921 ipaddr_t dst;
11922 uint32_t ts;
11923 timestruc_t now;
11924
11925 for (optval = ipoptp_first(&opts, ipha);
11926 optval != IPOPT_EOL;
11927 optval = ipoptp_next(&opts)) {
11928 opt = opts.ipoptp_cur;
11929 optlen = opts.ipoptp_len;
11930 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0);
11931 switch (optval) {
11932 uint32_t off;
11933 case IPOPT_SSRR:
11934 case IPOPT_LSRR:
11935 off = opt[IPOPT_OFFSET];
11936 off--;
11937 if (optlen < IP_ADDR_LEN ||
11938 off > optlen - IP_ADDR_LEN) {
11939 /* End of source route */
11940 break;
11941 }
11942 /*
11943 * This will only happen if two consecutive entries
11944 * in the source route contains our address or if
11945 * it is a packet with a loose source route which
11946 * reaches us before consuming the whole source route
11947 */
11948
11949 if (optval == IPOPT_SSRR) {
11950 return;
11951 }
11952 /*
11953 * Hack: instead of dropping the packet truncate the
11954 * source route to what has been used by filling the
11955 * rest with IPOPT_NOP.
11956 */
11957 opt[IPOPT_OLEN] = (uint8_t)off;
11958 while (off < optlen) {
11959 opt[off++] = IPOPT_NOP;
11960 }
11961 break;
11962 case IPOPT_RR:
11963 off = opt[IPOPT_OFFSET];
11964 off--;
11965 if (optlen < IP_ADDR_LEN ||
11966 off > optlen - IP_ADDR_LEN) {
11967 /* No more room - ignore */
11968 ip1dbg((
11969 "ip_output_local_options: end of RR\n"));
11970 break;
11971 }
11972 dst = htonl(INADDR_LOOPBACK);
11973 bcopy(&dst, (char *)opt + off, IP_ADDR_LEN);
11974 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
11975 break;
11976 case IPOPT_TS:
11977 /* Insert timestamp if there is romm */
11978 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
11979 case IPOPT_TS_TSONLY:
11980 off = IPOPT_TS_TIMELEN;
11981 break;
11982 case IPOPT_TS_PRESPEC:
11983 case IPOPT_TS_PRESPEC_RFC791:
11984 /* Verify that the address matched */
11985 off = opt[IPOPT_OFFSET] - 1;
11986 bcopy((char *)opt + off, &dst, IP_ADDR_LEN);
11987 if (ip_type_v4(dst, ipst) != IRE_LOCAL) {
11988 /* Not for us */
11989 break;
11990 }
11991 /* FALLTHRU */
11992 case IPOPT_TS_TSANDADDR:
11993 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN;
11994 break;
11995 default:
11996 /*
11997 * ip_*put_options should have already
11998 * dropped this packet.
11999 */
12000 cmn_err(CE_PANIC, "ip_output_local_options: "
12001 "unknown IT - bug in ip_output_options?\n");
12002 return; /* Keep "lint" happy */
12003 }
12004 if (opt[IPOPT_OFFSET] - 1 + off > optlen) {
12005 /* Increase overflow counter */
12006 off = (opt[IPOPT_POS_OV_FLG] >> 4) + 1;
12007 opt[IPOPT_POS_OV_FLG] = (uint8_t)
12008 (opt[IPOPT_POS_OV_FLG] & 0x0F) |
12009 (off << 4);
12010 break;
12011 }
12012 off = opt[IPOPT_OFFSET] - 1;
12013 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
12014 case IPOPT_TS_PRESPEC:
12015 case IPOPT_TS_PRESPEC_RFC791:
12016 case IPOPT_TS_TSANDADDR:
12017 dst = htonl(INADDR_LOOPBACK);
12018 bcopy(&dst, (char *)opt + off, IP_ADDR_LEN);
12019 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
12020 /* FALLTHRU */
12021 case IPOPT_TS_TSONLY:
12022 off = opt[IPOPT_OFFSET] - 1;
12023 /* Compute # of milliseconds since midnight */
12024 gethrestime(&now);
12025 ts = (now.tv_sec % (24 * 60 * 60)) * 1000 +
12026 now.tv_nsec / (NANOSEC / MILLISEC);
12027 bcopy(&ts, (char *)opt + off, IPOPT_TS_TIMELEN);
12028 opt[IPOPT_OFFSET] += IPOPT_TS_TIMELEN;
12029 break;
12030 }
12031 break;
12032 }
12033 }
12034 }
12035
12036 /*
12037 * Prepend an M_DATA fastpath header, and if none present prepend a
12038 * DL_UNITDATA_REQ. Frees the mblk on failure.
12039 *
12040 * nce_dlur_mp and nce_fp_mp can not disappear once they have been set.
12041 * If there is a change to them, the nce will be deleted (condemned) and
12042 * a new nce_t will be created when packets are sent. Thus we need no locks
12043 * to access those fields.
12044 *
12045 * We preserve b_band to support IPQoS. If a DL_UNITDATA_REQ is prepended
12046 * we place b_band in dl_priority.dl_max.
12047 */
12048 static mblk_t *
12049 ip_xmit_attach_llhdr(mblk_t *mp, nce_t *nce)
12050 {
12051 uint_t hlen;
12052 mblk_t *mp1;
12053 uint_t priority;
12054 uchar_t *rptr;
12055
12056 rptr = mp->b_rptr;
12057
12058 ASSERT(DB_TYPE(mp) == M_DATA);
12059 priority = mp->b_band;
12060
12061 ASSERT(nce != NULL);
12062 if ((mp1 = nce->nce_fp_mp) != NULL) {
12063 hlen = MBLKL(mp1);
12064 /*
12065 * Check if we have enough room to prepend fastpath
12066 * header
12067 */
12068 if (hlen != 0 && (rptr - mp->b_datap->db_base) >= hlen) {
12069 rptr -= hlen;
12070 bcopy(mp1->b_rptr, rptr, hlen);
12071 /*
12072 * Set the b_rptr to the start of the link layer
12073 * header
12074 */
12075 mp->b_rptr = rptr;
12076 return (mp);
12077 }
12078 mp1 = copyb(mp1);
12079 if (mp1 == NULL) {
12080 ill_t *ill = nce->nce_ill;
12081
12082 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
12083 ip_drop_output("ipIfStatsOutDiscards", mp, ill);
12084 freemsg(mp);
12085 return (NULL);
12086 }
12087 mp1->b_band = priority;
12088 mp1->b_cont = mp;
12089 DB_CKSUMSTART(mp1) = DB_CKSUMSTART(mp);
12090 DB_CKSUMSTUFF(mp1) = DB_CKSUMSTUFF(mp);
12091 DB_CKSUMEND(mp1) = DB_CKSUMEND(mp);
12092 DB_CKSUMFLAGS(mp1) = DB_CKSUMFLAGS(mp);
12093 DB_LSOMSS(mp1) = DB_LSOMSS(mp);
12094 DTRACE_PROBE1(ip__xmit__copyb, (mblk_t *), mp1);
12095 /*
12096 * XXX disable ICK_VALID and compute checksum
12097 * here; can happen if nce_fp_mp changes and
12098 * it can't be copied now due to insufficient
12099 * space. (unlikely, fp mp can change, but it
12100 * does not increase in length)
12101 */
12102 return (mp1);
12103 }
12104 mp1 = copyb(nce->nce_dlur_mp);
12105
12106 if (mp1 == NULL) {
12107 ill_t *ill = nce->nce_ill;
12108
12109 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
12110 ip_drop_output("ipIfStatsOutDiscards", mp, ill);
12111 freemsg(mp);
12112 return (NULL);
12113 }
12114 mp1->b_cont = mp;
12115 if (priority != 0) {
12116 mp1->b_band = priority;
12117 ((dl_unitdata_req_t *)(mp1->b_rptr))->dl_priority.dl_max =
12118 priority;
12119 }
12120 return (mp1);
12121 #undef rptr
12122 }
12123
12124 /*
12125 * Finish the outbound IPsec processing. This function is called from
12126 * ipsec_out_process() if the IPsec packet was processed
12127 * synchronously, or from {ah,esp}_kcf_callback_outbound() if it was processed
12128 * asynchronously.
12129 *
12130 * This is common to IPv4 and IPv6.
12131 */
12132 int
12133 ip_output_post_ipsec(mblk_t *mp, ip_xmit_attr_t *ixa)
12134 {
12135 iaflags_t ixaflags = ixa->ixa_flags;
12136 uint_t pktlen;
12137
12138
12139 /* AH/ESP don't update ixa_pktlen when they modify the packet */
12140 if (ixaflags & IXAF_IS_IPV4) {
12141 ipha_t *ipha = (ipha_t *)mp->b_rptr;
12142
12143 ASSERT(IPH_HDR_VERSION(ipha) == IPV4_VERSION);
12144 pktlen = ntohs(ipha->ipha_length);
12145 } else {
12146 ip6_t *ip6h = (ip6_t *)mp->b_rptr;
12147
12148 ASSERT(IPH_HDR_VERSION(mp->b_rptr) == IPV6_VERSION);
12149 pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN;
12150 }
12151
12152 /*
12153 * We release any hard reference on the SAs here to make
12154 * sure the SAs can be garbage collected. ipsr_sa has a soft reference
12155 * on the SAs.
12156 * If in the future we want the hard latching of the SAs in the
12157 * ip_xmit_attr_t then we should remove this.
12158 */
12159 if (ixa->ixa_ipsec_esp_sa != NULL) {
12160 IPSA_REFRELE(ixa->ixa_ipsec_esp_sa);
12161 ixa->ixa_ipsec_esp_sa = NULL;
12162 }
12163 if (ixa->ixa_ipsec_ah_sa != NULL) {
12164 IPSA_REFRELE(ixa->ixa_ipsec_ah_sa);
12165 ixa->ixa_ipsec_ah_sa = NULL;
12166 }
12167
12168 /* Do we need to fragment? */
12169 if ((ixa->ixa_flags & IXAF_IPV6_ADD_FRAGHDR) ||
12170 pktlen > ixa->ixa_fragsize) {
12171 if (ixaflags & IXAF_IS_IPV4) {
12172 ASSERT(!(ixa->ixa_flags & IXAF_IPV6_ADD_FRAGHDR));
12173 /*
12174 * We check for the DF case in ipsec_out_process
12175 * hence this only handles the non-DF case.
12176 */
12177 return (ip_fragment_v4(mp, ixa->ixa_nce, ixa->ixa_flags,
12178 pktlen, ixa->ixa_fragsize,
12179 ixa->ixa_xmit_hint, ixa->ixa_zoneid,
12180 ixa->ixa_no_loop_zoneid, ixa->ixa_postfragfn,
12181 &ixa->ixa_cookie));
12182 } else {
12183 mp = ip_fraghdr_add_v6(mp, ixa->ixa_ident, ixa);
12184 if (mp == NULL) {
12185 /* MIB and ip_drop_output already done */
12186 return (ENOMEM);
12187 }
12188 pktlen += sizeof (ip6_frag_t);
12189 if (pktlen > ixa->ixa_fragsize) {
12190 return (ip_fragment_v6(mp, ixa->ixa_nce,
12191 ixa->ixa_flags, pktlen,
12192 ixa->ixa_fragsize, ixa->ixa_xmit_hint,
12193 ixa->ixa_zoneid, ixa->ixa_no_loop_zoneid,
12194 ixa->ixa_postfragfn, &ixa->ixa_cookie));
12195 }
12196 }
12197 }
12198 return ((ixa->ixa_postfragfn)(mp, ixa->ixa_nce, ixa->ixa_flags,
12199 pktlen, ixa->ixa_xmit_hint, ixa->ixa_zoneid,
12200 ixa->ixa_no_loop_zoneid, NULL));
12201 }
12202
12203 /*
12204 * Finish the inbound IPsec processing. This function is called from
12205 * ipsec_out_process() if the IPsec packet was processed
12206 * synchronously, or from {ah,esp}_kcf_callback_outbound() if it was processed
12207 * asynchronously.
12208 *
12209 * This is common to IPv4 and IPv6.
12210 */
12211 void
12212 ip_input_post_ipsec(mblk_t *mp, ip_recv_attr_t *ira)
12213 {
12214 iaflags_t iraflags = ira->ira_flags;
12215
12216 /* Length might have changed */
12217 if (iraflags & IRAF_IS_IPV4) {
12218 ipha_t *ipha = (ipha_t *)mp->b_rptr;
12219
12220 ASSERT(IPH_HDR_VERSION(ipha) == IPV4_VERSION);
12221 ira->ira_pktlen = ntohs(ipha->ipha_length);
12222 ira->ira_ip_hdr_length = IPH_HDR_LENGTH(ipha);
12223 ira->ira_protocol = ipha->ipha_protocol;
12224
12225 ip_fanout_v4(mp, ipha, ira);
12226 } else {
12227 ip6_t *ip6h = (ip6_t *)mp->b_rptr;
12228 uint8_t *nexthdrp;
12229
12230 ASSERT(IPH_HDR_VERSION(mp->b_rptr) == IPV6_VERSION);
12231 ira->ira_pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN;
12232 if (!ip_hdr_length_nexthdr_v6(mp, ip6h, &ira->ira_ip_hdr_length,
12233 &nexthdrp)) {
12234 /* Malformed packet */
12235 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
12236 ip_drop_input("ipIfStatsInDiscards", mp, ira->ira_ill);
12237 freemsg(mp);
12238 return;
12239 }
12240 ira->ira_protocol = *nexthdrp;
12241 ip_fanout_v6(mp, ip6h, ira);
12242 }
12243 }
12244
12245 /*
12246 * Select which AH & ESP SA's to use (if any) for the outbound packet.
12247 *
12248 * If this function returns B_TRUE, the requested SA's have been filled
12249 * into the ixa_ipsec_*_sa pointers.
12250 *
12251 * If the function returns B_FALSE, the packet has been "consumed", most
12252 * likely by an ACQUIRE sent up via PF_KEY to a key management daemon.
12253 *
12254 * The SA references created by the protocol-specific "select"
12255 * function will be released in ip_output_post_ipsec.
12256 */
12257 static boolean_t
12258 ipsec_out_select_sa(mblk_t *mp, ip_xmit_attr_t *ixa)
12259 {
12260 boolean_t need_ah_acquire = B_FALSE, need_esp_acquire = B_FALSE;
12261 ipsec_policy_t *pp;
12262 ipsec_action_t *ap;
12263
12264 ASSERT(ixa->ixa_flags & IXAF_IPSEC_SECURE);
12265 ASSERT((ixa->ixa_ipsec_policy != NULL) ||
12266 (ixa->ixa_ipsec_action != NULL));
12267
12268 ap = ixa->ixa_ipsec_action;
12269 if (ap == NULL) {
12270 pp = ixa->ixa_ipsec_policy;
12271 ASSERT(pp != NULL);
12272 ap = pp->ipsp_act;
12273 ASSERT(ap != NULL);
12274 }
12275
12276 /*
12277 * We have an action. now, let's select SA's.
12278 * A side effect of setting ixa_ipsec_*_sa is that it will
12279 * be cached in the conn_t.
12280 */
12281 if (ap->ipa_want_esp) {
12282 if (ixa->ixa_ipsec_esp_sa == NULL) {
12283 need_esp_acquire = !ipsec_outbound_sa(mp, ixa,
12284 IPPROTO_ESP);
12285 }
12286 ASSERT(need_esp_acquire || ixa->ixa_ipsec_esp_sa != NULL);
12287 }
12288
12289 if (ap->ipa_want_ah) {
12290 if (ixa->ixa_ipsec_ah_sa == NULL) {
12291 need_ah_acquire = !ipsec_outbound_sa(mp, ixa,
12292 IPPROTO_AH);
12293 }
12294 ASSERT(need_ah_acquire || ixa->ixa_ipsec_ah_sa != NULL);
12295 /*
12296 * The ESP and AH processing order needs to be preserved
12297 * when both protocols are required (ESP should be applied
12298 * before AH for an outbound packet). Force an ESP ACQUIRE
12299 * when both ESP and AH are required, and an AH ACQUIRE
12300 * is needed.
12301 */
12302 if (ap->ipa_want_esp && need_ah_acquire)
12303 need_esp_acquire = B_TRUE;
12304 }
12305
12306 /*
12307 * Send an ACQUIRE (extended, regular, or both) if we need one.
12308 * Release SAs that got referenced, but will not be used until we
12309 * acquire _all_ of the SAs we need.
12310 */
12311 if (need_ah_acquire || need_esp_acquire) {
12312 if (ixa->ixa_ipsec_ah_sa != NULL) {
12313 IPSA_REFRELE(ixa->ixa_ipsec_ah_sa);
12314 ixa->ixa_ipsec_ah_sa = NULL;
12315 }
12316 if (ixa->ixa_ipsec_esp_sa != NULL) {
12317 IPSA_REFRELE(ixa->ixa_ipsec_esp_sa);
12318 ixa->ixa_ipsec_esp_sa = NULL;
12319 }
12320
12321 sadb_acquire(mp, ixa, need_ah_acquire, need_esp_acquire);
12322 return (B_FALSE);
12323 }
12324
12325 return (B_TRUE);
12326 }
12327
12328 /*
12329 * Handle IPsec output processing.
12330 * This function is only entered once for a given packet.
12331 * We try to do things synchronously, but if we need to have user-level
12332 * set up SAs, or ESP or AH uses asynchronous kEF, then the operation
12333 * will be completed
12334 * - when the SAs are added in esp_add_sa_finish/ah_add_sa_finish
12335 * - when asynchronous ESP is done it will do AH
12336 *
12337 * In all cases we come back in ip_output_post_ipsec() to fragment and
12338 * send out the packet.
12339 */
12340 int
12341 ipsec_out_process(mblk_t *mp, ip_xmit_attr_t *ixa)
12342 {
12343 ill_t *ill = ixa->ixa_nce->nce_ill;
12344 ip_stack_t *ipst = ixa->ixa_ipst;
12345 ipsec_stack_t *ipss;
12346 ipsec_policy_t *pp;
12347 ipsec_action_t *ap;
12348
12349 ASSERT(ixa->ixa_flags & IXAF_IPSEC_SECURE);
12350
12351 ASSERT((ixa->ixa_ipsec_policy != NULL) ||
12352 (ixa->ixa_ipsec_action != NULL));
12353
12354 ipss = ipst->ips_netstack->netstack_ipsec;
12355 if (!ipsec_loaded(ipss)) {
12356 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
12357 ip_drop_packet(mp, B_TRUE, ill,
12358 DROPPER(ipss, ipds_ip_ipsec_not_loaded),
12359 &ipss->ipsec_dropper);
12360 return (ENOTSUP);
12361 }
12362
12363 ap = ixa->ixa_ipsec_action;
12364 if (ap == NULL) {
12365 pp = ixa->ixa_ipsec_policy;
12366 ASSERT(pp != NULL);
12367 ap = pp->ipsp_act;
12368 ASSERT(ap != NULL);
12369 }
12370
12371 /* Handle explicit drop action and bypass. */
12372 switch (ap->ipa_act.ipa_type) {
12373 case IPSEC_ACT_DISCARD:
12374 case IPSEC_ACT_REJECT:
12375 ip_drop_packet(mp, B_FALSE, ill,
12376 DROPPER(ipss, ipds_spd_explicit), &ipss->ipsec_spd_dropper);
12377 return (EHOSTUNREACH); /* IPsec policy failure */
12378 case IPSEC_ACT_BYPASS:
12379 return (ip_output_post_ipsec(mp, ixa));
12380 }
12381
12382 /*
12383 * The order of processing is first insert a IP header if needed.
12384 * Then insert the ESP header and then the AH header.
12385 */
12386 if ((ixa->ixa_flags & IXAF_IS_IPV4) && ap->ipa_want_se) {
12387 /*
12388 * First get the outer IP header before sending
12389 * it to ESP.
12390 */
12391 ipha_t *oipha, *iipha;
12392 mblk_t *outer_mp, *inner_mp;
12393
12394 if ((outer_mp = allocb(sizeof (ipha_t), BPRI_HI)) == NULL) {
12395 (void) mi_strlog(ill->ill_rq, 0,
12396 SL_ERROR|SL_TRACE|SL_CONSOLE,
12397 "ipsec_out_process: "
12398 "Self-Encapsulation failed: Out of memory\n");
12399 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
12400 ip_drop_output("ipIfStatsOutDiscards", mp, ill);
12401 freemsg(mp);
12402 return (ENOBUFS);
12403 }
12404 inner_mp = mp;
12405 ASSERT(inner_mp->b_datap->db_type == M_DATA);
12406 oipha = (ipha_t *)outer_mp->b_rptr;
12407 iipha = (ipha_t *)inner_mp->b_rptr;
12408 *oipha = *iipha;
12409 outer_mp->b_wptr += sizeof (ipha_t);
12410 oipha->ipha_length = htons(ntohs(iipha->ipha_length) +
12411 sizeof (ipha_t));
12412 oipha->ipha_protocol = IPPROTO_ENCAP;
12413 oipha->ipha_version_and_hdr_length =
12414 IP_SIMPLE_HDR_VERSION;
12415 oipha->ipha_hdr_checksum = 0;
12416 oipha->ipha_hdr_checksum = ip_csum_hdr(oipha);
12417 outer_mp->b_cont = inner_mp;
12418 mp = outer_mp;
12419
12420 ixa->ixa_flags |= IXAF_IPSEC_TUNNEL;
12421 }
12422
12423 /* If we need to wait for a SA then we can't return any errno */
12424 if (((ap->ipa_want_ah && (ixa->ixa_ipsec_ah_sa == NULL)) ||
12425 (ap->ipa_want_esp && (ixa->ixa_ipsec_esp_sa == NULL))) &&
12426 !ipsec_out_select_sa(mp, ixa))
12427 return (0);
12428
12429 /*
12430 * By now, we know what SA's to use. Toss over to ESP & AH
12431 * to do the heavy lifting.
12432 */
12433 if (ap->ipa_want_esp) {
12434 ASSERT(ixa->ixa_ipsec_esp_sa != NULL);
12435
12436 mp = ixa->ixa_ipsec_esp_sa->ipsa_output_func(mp, ixa);
12437 if (mp == NULL) {
12438 /*
12439 * Either it failed or is pending. In the former case
12440 * ipIfStatsInDiscards was increased.
12441 */
12442 return (0);
12443 }
12444 }
12445
12446 if (ap->ipa_want_ah) {
12447 ASSERT(ixa->ixa_ipsec_ah_sa != NULL);
12448
12449 mp = ixa->ixa_ipsec_ah_sa->ipsa_output_func(mp, ixa);
12450 if (mp == NULL) {
12451 /*
12452 * Either it failed or is pending. In the former case
12453 * ipIfStatsInDiscards was increased.
12454 */
12455 return (0);
12456 }
12457 }
12458 /*
12459 * We are done with IPsec processing. Send it over
12460 * the wire.
12461 */
12462 return (ip_output_post_ipsec(mp, ixa));
12463 }
12464
12465 /*
12466 * ioctls that go through a down/up sequence may need to wait for the down
12467 * to complete. This involves waiting for the ire and ipif refcnts to go down
12468 * to zero. Subsequently the ioctl is restarted from ipif_ill_refrele_tail.
12469 */
12470 /* ARGSUSED */
12471 void
12472 ip_reprocess_ioctl(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *dummy_arg)
12473 {
12474 struct iocblk *iocp;
12475 mblk_t *mp1;
12476 ip_ioctl_cmd_t *ipip;
12477 int err;
12478 sin_t *sin;
12479 struct lifreq *lifr;
12480 struct ifreq *ifr;
12481
12482 iocp = (struct iocblk *)mp->b_rptr;
12483 ASSERT(ipsq != NULL);
12484 /* Existence of mp1 verified in ip_wput_nondata */
12485 mp1 = mp->b_cont->b_cont;
12486 ipip = ip_sioctl_lookup(iocp->ioc_cmd);
12487 if (ipip->ipi_cmd == SIOCSLIFNAME || ipip->ipi_cmd == IF_UNITSEL) {
12488 /*
12489 * Special case where ipx_current_ipif is not set:
12490 * ill_phyint_reinit merged the v4 and v6 into a single ipsq.
12491 * We are here as were not able to complete the operation in
12492 * ipif_set_values because we could not become exclusive on
12493 * the new ipsq.
12494 */
12495 ill_t *ill = q->q_ptr;
12496 ipsq_current_start(ipsq, ill->ill_ipif, ipip->ipi_cmd);
12497 }
12498 ASSERT(ipsq->ipsq_xop->ipx_current_ipif != NULL);
12499
12500 if (ipip->ipi_cmd_type == IF_CMD) {
12501 /* This a old style SIOC[GS]IF* command */
12502 ifr = (struct ifreq *)mp1->b_rptr;
12503 sin = (sin_t *)&ifr->ifr_addr;
12504 } else if (ipip->ipi_cmd_type == LIF_CMD) {
12505 /* This a new style SIOC[GS]LIF* command */
12506 lifr = (struct lifreq *)mp1->b_rptr;
12507 sin = (sin_t *)&lifr->lifr_addr;
12508 } else {
12509 sin = NULL;
12510 }
12511
12512 err = (*ipip->ipi_func_restart)(ipsq->ipsq_xop->ipx_current_ipif, sin,
12513 q, mp, ipip, mp1->b_rptr);
12514
12515 DTRACE_PROBE4(ipif__ioctl, char *, "ip_reprocess_ioctl finish",
12516 int, ipip->ipi_cmd,
12517 ill_t *, ipsq->ipsq_xop->ipx_current_ipif->ipif_ill,
12518 ipif_t *, ipsq->ipsq_xop->ipx_current_ipif);
12519
12520 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), ipsq);
12521 }
12522
12523 /*
12524 * ioctl processing
12525 *
12526 * ioctl processing starts with ip_sioctl_copyin_setup(), which looks up
12527 * the ioctl command in the ioctl tables, determines the copyin data size
12528 * from the ipi_copyin_size field, and does an mi_copyin() of that size.
12529 *
12530 * ioctl processing then continues when the M_IOCDATA makes its way down to
12531 * ip_wput_nondata(). The ioctl is looked up again in the ioctl table, its
12532 * associated 'conn' is refheld till the end of the ioctl and the general
12533 * ioctl processing function ip_process_ioctl() is called to extract the
12534 * arguments and process the ioctl. To simplify extraction, ioctl commands
12535 * are "typed" based on the arguments they take (e.g., LIF_CMD which takes a
12536 * `struct lifreq'), and a common extract function (e.g., ip_extract_lifreq())
12537 * is used to extract the ioctl's arguments.
12538 *
12539 * ip_process_ioctl determines if the ioctl needs to be serialized, and if
12540 * so goes thru the serialization primitive ipsq_try_enter. Then the
12541 * appropriate function to handle the ioctl is called based on the entry in
12542 * the ioctl table. ioctl completion is encapsulated in ip_ioctl_finish
12543 * which also refreleases the 'conn' that was refheld at the start of the
12544 * ioctl. Finally ipsq_exit is called if needed to exit the ipsq.
12545 *
12546 * Many exclusive ioctls go thru an internal down up sequence as part of
12547 * the operation. For example an attempt to change the IP address of an
12548 * ipif entails ipif_down, set address, ipif_up. Bringing down the interface
12549 * does all the cleanup such as deleting all ires that use this address.
12550 * Then we need to wait till all references to the interface go away.
12551 */
12552 void
12553 ip_process_ioctl(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *arg)
12554 {
12555 struct iocblk *iocp = (struct iocblk *)mp->b_rptr;
12556 ip_ioctl_cmd_t *ipip = arg;
12557 ip_extract_func_t *extract_funcp;
12558 cmd_info_t ci;
12559 int err;
12560 boolean_t entered_ipsq = B_FALSE;
12561
12562 ip3dbg(("ip_process_ioctl: ioctl %X\n", iocp->ioc_cmd));
12563
12564 if (ipip == NULL)
12565 ipip = ip_sioctl_lookup(iocp->ioc_cmd);
12566
12567 /*
12568 * SIOCLIFADDIF needs to go thru a special path since the
12569 * ill may not exist yet. This happens in the case of lo0
12570 * which is created using this ioctl.
12571 */
12572 if (ipip->ipi_cmd == SIOCLIFADDIF) {
12573 err = ip_sioctl_addif(NULL, NULL, q, mp, NULL, NULL);
12574 DTRACE_PROBE4(ipif__ioctl, char *, "ip_process_ioctl finish",
12575 int, ipip->ipi_cmd, ill_t *, NULL, ipif_t *, NULL);
12576 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), NULL);
12577 return;
12578 }
12579
12580 ci.ci_ipif = NULL;
12581 switch (ipip->ipi_cmd_type) {
12582 case MISC_CMD:
12583 case MSFILT_CMD:
12584 /*
12585 * All MISC_CMD ioctls come in here -- e.g. SIOCGLIFCONF.
12586 */
12587 if (ipip->ipi_cmd == IF_UNITSEL) {
12588 /* ioctl comes down the ill */
12589 ci.ci_ipif = ((ill_t *)q->q_ptr)->ill_ipif;
12590 ipif_refhold(ci.ci_ipif);
12591 }
12592 err = 0;
12593 ci.ci_sin = NULL;
12594 ci.ci_sin6 = NULL;
12595 ci.ci_lifr = NULL;
12596 extract_funcp = NULL;
12597 break;
12598
12599 case IF_CMD:
12600 case LIF_CMD:
12601 extract_funcp = ip_extract_lifreq;
12602 break;
12603
12604 case ARP_CMD:
12605 case XARP_CMD:
12606 extract_funcp = ip_extract_arpreq;
12607 break;
12608
12609 default:
12610 ASSERT(0);
12611 }
12612
12613 if (extract_funcp != NULL) {
12614 err = (*extract_funcp)(q, mp, ipip, &ci);
12615 if (err != 0) {
12616 DTRACE_PROBE4(ipif__ioctl,
12617 char *, "ip_process_ioctl finish err",
12618 int, ipip->ipi_cmd, ill_t *, NULL, ipif_t *, NULL);
12619 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), NULL);
12620 return;
12621 }
12622
12623 /*
12624 * All of the extraction functions return a refheld ipif.
12625 */
12626 ASSERT(ci.ci_ipif != NULL);
12627 }
12628
12629 if (!(ipip->ipi_flags & IPI_WR)) {
12630 /*
12631 * A return value of EINPROGRESS means the ioctl is
12632 * either queued and waiting for some reason or has
12633 * already completed.
12634 */
12635 err = (*ipip->ipi_func)(ci.ci_ipif, ci.ci_sin, q, mp, ipip,
12636 ci.ci_lifr);
12637 if (ci.ci_ipif != NULL) {
12638 DTRACE_PROBE4(ipif__ioctl,
12639 char *, "ip_process_ioctl finish RD",
12640 int, ipip->ipi_cmd, ill_t *, ci.ci_ipif->ipif_ill,
12641 ipif_t *, ci.ci_ipif);
12642 ipif_refrele(ci.ci_ipif);
12643 } else {
12644 DTRACE_PROBE4(ipif__ioctl,
12645 char *, "ip_process_ioctl finish RD",
12646 int, ipip->ipi_cmd, ill_t *, NULL, ipif_t *, NULL);
12647 }
12648 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), NULL);
12649 return;
12650 }
12651
12652 ASSERT(ci.ci_ipif != NULL);
12653
12654 /*
12655 * If ipsq is non-NULL, we are already being called exclusively
12656 */
12657 ASSERT(ipsq == NULL || IAM_WRITER_IPSQ(ipsq));
12658 if (ipsq == NULL) {
12659 ipsq = ipsq_try_enter(ci.ci_ipif, NULL, q, mp, ip_process_ioctl,
12660 NEW_OP, B_TRUE);
12661 if (ipsq == NULL) {
12662 ipif_refrele(ci.ci_ipif);
12663 return;
12664 }
12665 entered_ipsq = B_TRUE;
12666 }
12667 /*
12668 * Release the ipif so that ipif_down and friends that wait for
12669 * references to go away are not misled about the current ipif_refcnt
12670 * values. We are writer so we can access the ipif even after releasing
12671 * the ipif.
12672 */
12673 ipif_refrele(ci.ci_ipif);
12674
12675 ipsq_current_start(ipsq, ci.ci_ipif, ipip->ipi_cmd);
12676
12677 /*
12678 * A return value of EINPROGRESS means the ioctl is
12679 * either queued and waiting for some reason or has
12680 * already completed.
12681 */
12682 err = (*ipip->ipi_func)(ci.ci_ipif, ci.ci_sin, q, mp, ipip, ci.ci_lifr);
12683
12684 DTRACE_PROBE4(ipif__ioctl, char *, "ip_process_ioctl finish WR",
12685 int, ipip->ipi_cmd,
12686 ill_t *, ci.ci_ipif == NULL ? NULL : ci.ci_ipif->ipif_ill,
12687 ipif_t *, ci.ci_ipif);
12688 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), ipsq);
12689
12690 if (entered_ipsq)
12691 ipsq_exit(ipsq);
12692 }
12693
12694 /*
12695 * Complete the ioctl. Typically ioctls use the mi package and need to
12696 * do mi_copyout/mi_copy_done.
12697 */
12698 void
12699 ip_ioctl_finish(queue_t *q, mblk_t *mp, int err, int mode, ipsq_t *ipsq)
12700 {
12701 conn_t *connp = NULL;
12702
12703 if (err == EINPROGRESS)
12704 return;
12705
12706 if (CONN_Q(q)) {
12707 connp = Q_TO_CONN(q);
12708 ASSERT(connp->conn_ref >= 2);
12709 }
12710
12711 switch (mode) {
12712 case COPYOUT:
12713 if (err == 0)
12714 mi_copyout(q, mp);
12715 else
12716 mi_copy_done(q, mp, err);
12717 break;
12718
12719 case NO_COPYOUT:
12720 mi_copy_done(q, mp, err);
12721 break;
12722
12723 default:
12724 ASSERT(mode == CONN_CLOSE); /* aborted through CONN_CLOSE */
12725 break;
12726 }
12727
12728 /*
12729 * The conn refhold and ioctlref placed on the conn at the start of the
12730 * ioctl are released here.
12731 */
12732 if (connp != NULL) {
12733 CONN_DEC_IOCTLREF(connp);
12734 CONN_OPER_PENDING_DONE(connp);
12735 }
12736
12737 if (ipsq != NULL)
12738 ipsq_current_finish(ipsq);
12739 }
12740
12741 /* Handles all non data messages */
12742 void
12743 ip_wput_nondata(queue_t *q, mblk_t *mp)
12744 {
12745 mblk_t *mp1;
12746 struct iocblk *iocp;
12747 ip_ioctl_cmd_t *ipip;
12748 conn_t *connp;
12749 cred_t *cr;
12750 char *proto_str;
12751
12752 if (CONN_Q(q))
12753 connp = Q_TO_CONN(q);
12754 else
12755 connp = NULL;
12756
12757 switch (DB_TYPE(mp)) {
12758 case M_IOCTL:
12759 /*
12760 * IOCTL processing begins in ip_sioctl_copyin_setup which
12761 * will arrange to copy in associated control structures.
12762 */
12763 ip_sioctl_copyin_setup(q, mp);
12764 return;
12765 case M_IOCDATA:
12766 /*
12767 * Ensure that this is associated with one of our trans-
12768 * parent ioctls. If it's not ours, discard it if we're
12769 * running as a driver, or pass it on if we're a module.
12770 */
12771 iocp = (struct iocblk *)mp->b_rptr;
12772 ipip = ip_sioctl_lookup(iocp->ioc_cmd);
12773 if (ipip == NULL) {
12774 if (q->q_next == NULL) {
12775 goto nak;
12776 } else {
12777 putnext(q, mp);
12778 }
12779 return;
12780 }
12781 if ((q->q_next != NULL) && !(ipip->ipi_flags & IPI_MODOK)) {
12782 /*
12783 * The ioctl is one we recognise, but is not consumed
12784 * by IP as a module and we are a module, so we drop
12785 */
12786 goto nak;
12787 }
12788
12789 /* IOCTL continuation following copyin or copyout. */
12790 if (mi_copy_state(q, mp, NULL) == -1) {
12791 /*
12792 * The copy operation failed. mi_copy_state already
12793 * cleaned up, so we're out of here.
12794 */
12795 return;
12796 }
12797 /*
12798 * If we just completed a copy in, we become writer and
12799 * continue processing in ip_sioctl_copyin_done. If it
12800 * was a copy out, we call mi_copyout again. If there is
12801 * nothing more to copy out, it will complete the IOCTL.
12802 */
12803 if (MI_COPY_DIRECTION(mp) == MI_COPY_IN) {
12804 if (!(mp1 = mp->b_cont) || !(mp1 = mp1->b_cont)) {
12805 mi_copy_done(q, mp, EPROTO);
12806 return;
12807 }
12808 /*
12809 * Check for cases that need more copying. A return
12810 * value of 0 means a second copyin has been started,
12811 * so we return; a return value of 1 means no more
12812 * copying is needed, so we continue.
12813 */
12814 if (ipip->ipi_cmd_type == MSFILT_CMD &&
12815 MI_COPY_COUNT(mp) == 1) {
12816 if (ip_copyin_msfilter(q, mp) == 0)
12817 return;
12818 }
12819 /*
12820 * Refhold the conn, till the ioctl completes. This is
12821 * needed in case the ioctl ends up in the pending mp
12822 * list. Every mp in the ipx_pending_mp list must have
12823 * a refhold on the conn to resume processing. The
12824 * refhold is released when the ioctl completes
12825 * (whether normally or abnormally). An ioctlref is also
12826 * placed on the conn to prevent TCP from removing the
12827 * queue needed to send the ioctl reply back.
12828 * In all cases ip_ioctl_finish is called to finish
12829 * the ioctl and release the refholds.
12830 */
12831 if (connp != NULL) {
12832 /* This is not a reentry */
12833 CONN_INC_REF(connp);
12834 CONN_INC_IOCTLREF(connp);
12835 } else {
12836 if (!(ipip->ipi_flags & IPI_MODOK)) {
12837 mi_copy_done(q, mp, EINVAL);
12838 return;
12839 }
12840 }
12841
12842 ip_process_ioctl(NULL, q, mp, ipip);
12843
12844 } else {
12845 mi_copyout(q, mp);
12846 }
12847 return;
12848
12849 case M_IOCNAK:
12850 /*
12851 * The only way we could get here is if a resolver didn't like
12852 * an IOCTL we sent it. This shouldn't happen.
12853 */
12854 (void) mi_strlog(q, 1, SL_ERROR|SL_TRACE,
12855 "ip_wput_nondata: unexpected M_IOCNAK, ioc_cmd 0x%x",
12856 ((struct iocblk *)mp->b_rptr)->ioc_cmd);
12857 freemsg(mp);
12858 return;
12859 case M_IOCACK:
12860 /* /dev/ip shouldn't see this */
12861 goto nak;
12862 case M_FLUSH:
12863 if (*mp->b_rptr & FLUSHW)
12864 flushq(q, FLUSHALL);
12865 if (q->q_next) {
12866 putnext(q, mp);
12867 return;
12868 }
12869 if (*mp->b_rptr & FLUSHR) {
12870 *mp->b_rptr &= ~FLUSHW;
12871 qreply(q, mp);
12872 return;
12873 }
12874 freemsg(mp);
12875 return;
12876 case M_CTL:
12877 break;
12878 case M_PROTO:
12879 case M_PCPROTO:
12880 /*
12881 * The only PROTO messages we expect are SNMP-related.
12882 */
12883 switch (((union T_primitives *)mp->b_rptr)->type) {
12884 case T_SVR4_OPTMGMT_REQ:
12885 ip2dbg(("ip_wput_nondata: T_SVR4_OPTMGMT_REQ "
12886 "flags %x\n",
12887 ((struct T_optmgmt_req *)mp->b_rptr)->MGMT_flags));
12888
12889 if (connp == NULL) {
12890 proto_str = "T_SVR4_OPTMGMT_REQ";
12891 goto protonak;
12892 }
12893
12894 /*
12895 * All Solaris components should pass a db_credp
12896 * for this TPI message, hence we ASSERT.
12897 * But in case there is some other M_PROTO that looks
12898 * like a TPI message sent by some other kernel
12899 * component, we check and return an error.
12900 */
12901 cr = msg_getcred(mp, NULL);
12902 ASSERT(cr != NULL);
12903 if (cr == NULL) {
12904 mp = mi_tpi_err_ack_alloc(mp, TSYSERR, EINVAL);
12905 if (mp != NULL)
12906 qreply(q, mp);
12907 return;
12908 }
12909
12910 if (!snmpcom_req(q, mp, ip_snmp_set, ip_snmp_get, cr)) {
12911 proto_str = "Bad SNMPCOM request?";
12912 goto protonak;
12913 }
12914 return;
12915 default:
12916 ip1dbg(("ip_wput_nondata: dropping M_PROTO prim %u\n",
12917 (int)*(uint_t *)mp->b_rptr));
12918 freemsg(mp);
12919 return;
12920 }
12921 default:
12922 break;
12923 }
12924 if (q->q_next) {
12925 putnext(q, mp);
12926 } else
12927 freemsg(mp);
12928 return;
12929
12930 nak:
12931 iocp->ioc_error = EINVAL;
12932 mp->b_datap->db_type = M_IOCNAK;
12933 iocp->ioc_count = 0;
12934 qreply(q, mp);
12935 return;
12936
12937 protonak:
12938 cmn_err(CE_NOTE, "IP doesn't process %s as a module", proto_str);
12939 if ((mp = mi_tpi_err_ack_alloc(mp, TPROTO, EINVAL)) != NULL)
12940 qreply(q, mp);
12941 }
12942
12943 /*
12944 * Process IP options in an outbound packet. Verify that the nexthop in a
12945 * strict source route is onlink.
12946 * Returns non-zero if something fails in which case an ICMP error has been
12947 * sent and mp freed.
12948 *
12949 * Assumes the ULP has called ip_massage_options to move nexthop into ipha_dst.
12950 */
12951 int
12952 ip_output_options(mblk_t *mp, ipha_t *ipha, ip_xmit_attr_t *ixa, ill_t *ill)
12953 {
12954 ipoptp_t opts;
12955 uchar_t *opt;
12956 uint8_t optval;
12957 uint8_t optlen;
12958 ipaddr_t dst;
12959 intptr_t code = 0;
12960 ire_t *ire;
12961 ip_stack_t *ipst = ixa->ixa_ipst;
12962 ip_recv_attr_t iras;
12963
12964 ip2dbg(("ip_output_options\n"));
12965
12966 dst = ipha->ipha_dst;
12967 for (optval = ipoptp_first(&opts, ipha);
12968 optval != IPOPT_EOL;
12969 optval = ipoptp_next(&opts)) {
12970 opt = opts.ipoptp_cur;
12971 optlen = opts.ipoptp_len;
12972 ip2dbg(("ip_output_options: opt %d, len %d\n",
12973 optval, optlen));
12974 switch (optval) {
12975 uint32_t off;
12976 case IPOPT_SSRR:
12977 case IPOPT_LSRR:
12978 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
12979 ip1dbg((
12980 "ip_output_options: bad option offset\n"));
12981 code = (char *)&opt[IPOPT_OLEN] -
12982 (char *)ipha;
12983 goto param_prob;
12984 }
12985 off = opt[IPOPT_OFFSET];
12986 ip1dbg(("ip_output_options: next hop 0x%x\n",
12987 ntohl(dst)));
12988 /*
12989 * For strict: verify that dst is directly
12990 * reachable.
12991 */
12992 if (optval == IPOPT_SSRR) {
12993 ire = ire_ftable_lookup_v4(dst, 0, 0,
12994 IRE_INTERFACE, NULL, ALL_ZONES,
12995 ixa->ixa_tsl,
12996 MATCH_IRE_TYPE | MATCH_IRE_SECATTR, 0, ipst,
12997 NULL);
12998 if (ire == NULL) {
12999 ip1dbg(("ip_output_options: SSRR not"
13000 " directly reachable: 0x%x\n",
13001 ntohl(dst)));
13002 goto bad_src_route;
13003 }
13004 ire_refrele(ire);
13005 }
13006 break;
13007 case IPOPT_RR:
13008 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
13009 ip1dbg((
13010 "ip_output_options: bad option offset\n"));
13011 code = (char *)&opt[IPOPT_OLEN] -
13012 (char *)ipha;
13013 goto param_prob;
13014 }
13015 break;
13016 case IPOPT_TS:
13017 /*
13018 * Verify that length >=5 and that there is either
13019 * room for another timestamp or that the overflow
13020 * counter is not maxed out.
13021 */
13022 code = (char *)&opt[IPOPT_OLEN] - (char *)ipha;
13023 if (optlen < IPOPT_MINLEN_IT) {
13024 goto param_prob;
13025 }
13026 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
13027 ip1dbg((
13028 "ip_output_options: bad option offset\n"));
13029 code = (char *)&opt[IPOPT_OFFSET] -
13030 (char *)ipha;
13031 goto param_prob;
13032 }
13033 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
13034 case IPOPT_TS_TSONLY:
13035 off = IPOPT_TS_TIMELEN;
13036 break;
13037 case IPOPT_TS_TSANDADDR:
13038 case IPOPT_TS_PRESPEC:
13039 case IPOPT_TS_PRESPEC_RFC791:
13040 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN;
13041 break;
13042 default:
13043 code = (char *)&opt[IPOPT_POS_OV_FLG] -
13044 (char *)ipha;
13045 goto param_prob;
13046 }
13047 if (opt[IPOPT_OFFSET] - 1 + off > optlen &&
13048 (opt[IPOPT_POS_OV_FLG] & 0xF0) == 0xF0) {
13049 /*
13050 * No room and the overflow counter is 15
13051 * already.
13052 */
13053 goto param_prob;
13054 }
13055 break;
13056 }
13057 }
13058
13059 if ((opts.ipoptp_flags & IPOPTP_ERROR) == 0)
13060 return (0);
13061
13062 ip1dbg(("ip_output_options: error processing IP options."));
13063 code = (char *)&opt[IPOPT_OFFSET] - (char *)ipha;
13064
13065 param_prob:
13066 bzero(&iras, sizeof (iras));
13067 iras.ira_ill = iras.ira_rill = ill;
13068 iras.ira_ruifindex = ill->ill_phyint->phyint_ifindex;
13069 iras.ira_rifindex = iras.ira_ruifindex;
13070 iras.ira_flags = IRAF_IS_IPV4;
13071
13072 ip_drop_output("ip_output_options", mp, ill);
13073 icmp_param_problem(mp, (uint8_t)code, &iras);
13074 ASSERT(!(iras.ira_flags & IRAF_IPSEC_SECURE));
13075 return (-1);
13076
13077 bad_src_route:
13078 bzero(&iras, sizeof (iras));
13079 iras.ira_ill = iras.ira_rill = ill;
13080 iras.ira_ruifindex = ill->ill_phyint->phyint_ifindex;
13081 iras.ira_rifindex = iras.ira_ruifindex;
13082 iras.ira_flags = IRAF_IS_IPV4;
13083
13084 ip_drop_input("ICMP_SOURCE_ROUTE_FAILED", mp, ill);
13085 icmp_unreachable(mp, ICMP_SOURCE_ROUTE_FAILED, &iras);
13086 ASSERT(!(iras.ira_flags & IRAF_IPSEC_SECURE));
13087 return (-1);
13088 }
13089
13090 /*
13091 * The maximum value of conn_drain_list_cnt is CONN_MAXDRAINCNT.
13092 * conn_drain_list_cnt can be changed by setting conn_drain_nthreads
13093 * thru /etc/system.
13094 */
13095 #define CONN_MAXDRAINCNT 64
13096
13097 static void
13098 conn_drain_init(ip_stack_t *ipst)
13099 {
13100 int i, j;
13101 idl_tx_list_t *itl_tx;
13102
13103 ipst->ips_conn_drain_list_cnt = conn_drain_nthreads;
13104
13105 if ((ipst->ips_conn_drain_list_cnt == 0) ||
13106 (ipst->ips_conn_drain_list_cnt > CONN_MAXDRAINCNT)) {
13107 /*
13108 * Default value of the number of drainers is the
13109 * number of cpus, subject to maximum of 8 drainers.
13110 */
13111 if (boot_max_ncpus != -1)
13112 ipst->ips_conn_drain_list_cnt = MIN(boot_max_ncpus, 8);
13113 else
13114 ipst->ips_conn_drain_list_cnt = MIN(max_ncpus, 8);
13115 }
13116
13117 ipst->ips_idl_tx_list =
13118 kmem_zalloc(TX_FANOUT_SIZE * sizeof (idl_tx_list_t), KM_SLEEP);
13119 for (i = 0; i < TX_FANOUT_SIZE; i++) {
13120 itl_tx = &ipst->ips_idl_tx_list[i];
13121 itl_tx->txl_drain_list =
13122 kmem_zalloc(ipst->ips_conn_drain_list_cnt *
13123 sizeof (idl_t), KM_SLEEP);
13124 mutex_init(&itl_tx->txl_lock, NULL, MUTEX_DEFAULT, NULL);
13125 for (j = 0; j < ipst->ips_conn_drain_list_cnt; j++) {
13126 mutex_init(&itl_tx->txl_drain_list[j].idl_lock, NULL,
13127 MUTEX_DEFAULT, NULL);
13128 itl_tx->txl_drain_list[j].idl_itl = itl_tx;
13129 }
13130 }
13131 }
13132
13133 static void
13134 conn_drain_fini(ip_stack_t *ipst)
13135 {
13136 int i;
13137 idl_tx_list_t *itl_tx;
13138
13139 for (i = 0; i < TX_FANOUT_SIZE; i++) {
13140 itl_tx = &ipst->ips_idl_tx_list[i];
13141 kmem_free(itl_tx->txl_drain_list,
13142 ipst->ips_conn_drain_list_cnt * sizeof (idl_t));
13143 }
13144 kmem_free(ipst->ips_idl_tx_list,
13145 TX_FANOUT_SIZE * sizeof (idl_tx_list_t));
13146 ipst->ips_idl_tx_list = NULL;
13147 }
13148
13149 /*
13150 * Flow control has blocked us from proceeding. Insert the given conn in one
13151 * of the conn drain lists. When flow control is unblocked, either ip_wsrv()
13152 * (STREAMS) or ill_flow_enable() (direct) will be called back, which in turn
13153 * will call conn_walk_drain(). See the flow control notes at the top of this
13154 * file for more details.
13155 */
13156 void
13157 conn_drain_insert(conn_t *connp, idl_tx_list_t *tx_list)
13158 {
13159 idl_t *idl = tx_list->txl_drain_list;
13160 uint_t index;
13161 ip_stack_t *ipst = connp->conn_netstack->netstack_ip;
13162
13163 mutex_enter(&connp->conn_lock);
13164 if (connp->conn_state_flags & CONN_CLOSING) {
13165 /*
13166 * The conn is closing as a result of which CONN_CLOSING
13167 * is set. Return.
13168 */
13169 mutex_exit(&connp->conn_lock);
13170 return;
13171 } else if (connp->conn_idl == NULL) {
13172 /*
13173 * Assign the next drain list round robin. We dont' use
13174 * a lock, and thus it may not be strictly round robin.
13175 * Atomicity of load/stores is enough to make sure that
13176 * conn_drain_list_index is always within bounds.
13177 */
13178 index = tx_list->txl_drain_index;
13179 ASSERT(index < ipst->ips_conn_drain_list_cnt);
13180 connp->conn_idl = &tx_list->txl_drain_list[index];
13181 index++;
13182 if (index == ipst->ips_conn_drain_list_cnt)
13183 index = 0;
13184 tx_list->txl_drain_index = index;
13185 } else {
13186 ASSERT(connp->conn_idl->idl_itl == tx_list);
13187 }
13188 mutex_exit(&connp->conn_lock);
13189
13190 idl = connp->conn_idl;
13191 mutex_enter(&idl->idl_lock);
13192 if ((connp->conn_drain_prev != NULL) ||
13193 (connp->conn_state_flags & CONN_CLOSING)) {
13194 /*
13195 * The conn is either already in the drain list or closing.
13196 * (We needed to check for CONN_CLOSING again since close can
13197 * sneak in between dropping conn_lock and acquiring idl_lock.)
13198 */
13199 mutex_exit(&idl->idl_lock);
13200 return;
13201 }
13202
13203 /*
13204 * The conn is not in the drain list. Insert it at the
13205 * tail of the drain list. The drain list is circular
13206 * and doubly linked. idl_conn points to the 1st element
13207 * in the list.
13208 */
13209 if (idl->idl_conn == NULL) {
13210 idl->idl_conn = connp;
13211 connp->conn_drain_next = connp;
13212 connp->conn_drain_prev = connp;
13213 } else {
13214 conn_t *head = idl->idl_conn;
13215
13216 connp->conn_drain_next = head;
13217 connp->conn_drain_prev = head->conn_drain_prev;
13218 head->conn_drain_prev->conn_drain_next = connp;
13219 head->conn_drain_prev = connp;
13220 }
13221 /*
13222 * For non streams based sockets assert flow control.
13223 */
13224 conn_setqfull(connp, NULL);
13225 mutex_exit(&idl->idl_lock);
13226 }
13227
13228 static void
13229 conn_drain_remove(conn_t *connp)
13230 {
13231 idl_t *idl = connp->conn_idl;
13232
13233 if (idl != NULL) {
13234 /*
13235 * Remove ourself from the drain list.
13236 */
13237 if (connp->conn_drain_next == connp) {
13238 /* Singleton in the list */
13239 ASSERT(connp->conn_drain_prev == connp);
13240 idl->idl_conn = NULL;
13241 } else {
13242 connp->conn_drain_prev->conn_drain_next =
13243 connp->conn_drain_next;
13244 connp->conn_drain_next->conn_drain_prev =
13245 connp->conn_drain_prev;
13246 if (idl->idl_conn == connp)
13247 idl->idl_conn = connp->conn_drain_next;
13248 }
13249
13250 /*
13251 * NOTE: because conn_idl is associated with a specific drain
13252 * list which in turn is tied to the index the TX ring
13253 * (txl_cookie) hashes to, and because the TX ring can change
13254 * over the lifetime of the conn_t, we must clear conn_idl so
13255 * a subsequent conn_drain_insert() will set conn_idl again
13256 * based on the latest txl_cookie.
13257 */
13258 connp->conn_idl = NULL;
13259 }
13260 connp->conn_drain_next = NULL;
13261 connp->conn_drain_prev = NULL;
13262
13263 conn_clrqfull(connp, NULL);
13264 /*
13265 * For streams based sockets open up flow control.
13266 */
13267 if (!IPCL_IS_NONSTR(connp))
13268 enableok(connp->conn_wq);
13269 }
13270
13271 /*
13272 * This conn is closing, and we are called from ip_close. OR
13273 * this conn is draining because flow-control on the ill has been relieved.
13274 *
13275 * We must also need to remove conn's on this idl from the list, and also
13276 * inform the sockfs upcalls about the change in flow-control.
13277 */
13278 static void
13279 conn_drain(conn_t *connp, boolean_t closing)
13280 {
13281 idl_t *idl;
13282 conn_t *next_connp;
13283
13284 /*
13285 * connp->conn_idl is stable at this point, and no lock is needed
13286 * to check it. If we are called from ip_close, close has already
13287 * set CONN_CLOSING, thus freezing the value of conn_idl, and
13288 * called us only because conn_idl is non-null. If we are called thru
13289 * service, conn_idl could be null, but it cannot change because
13290 * service is single-threaded per queue, and there cannot be another
13291 * instance of service trying to call conn_drain_insert on this conn
13292 * now.
13293 */
13294 ASSERT(!closing || connp == NULL || connp->conn_idl != NULL);
13295
13296 /*
13297 * If the conn doesn't exist or is not on a drain list, bail.
13298 */
13299 if (connp == NULL || connp->conn_idl == NULL ||
13300 connp->conn_drain_prev == NULL) {
13301 return;
13302 }
13303
13304 idl = connp->conn_idl;
13305 ASSERT(MUTEX_HELD(&idl->idl_lock));
13306
13307 if (!closing) {
13308 next_connp = connp->conn_drain_next;
13309 while (next_connp != connp) {
13310 conn_t *delconnp = next_connp;
13311
13312 next_connp = next_connp->conn_drain_next;
13313 conn_drain_remove(delconnp);
13314 }
13315 ASSERT(connp->conn_drain_next == idl->idl_conn);
13316 }
13317 conn_drain_remove(connp);
13318 }
13319
13320 /*
13321 * Write service routine. Shared perimeter entry point.
13322 * The device queue's messages has fallen below the low water mark and STREAMS
13323 * has backenabled the ill_wq. Send sockfs notification about flow-control on
13324 * each waiting conn.
13325 */
13326 void
13327 ip_wsrv(queue_t *q)
13328 {
13329 ill_t *ill;
13330
13331 ill = (ill_t *)q->q_ptr;
13332 if (ill->ill_state_flags == 0) {
13333 ip_stack_t *ipst = ill->ill_ipst;
13334
13335 /*
13336 * The device flow control has opened up.
13337 * Walk through conn drain lists and qenable the
13338 * first conn in each list. This makes sense only
13339 * if the stream is fully plumbed and setup.
13340 * Hence the ill_state_flags check above.
13341 */
13342 ip1dbg(("ip_wsrv: walking\n"));
13343 conn_walk_drain(ipst, &ipst->ips_idl_tx_list[0]);
13344 enableok(ill->ill_wq);
13345 }
13346 }
13347
13348 /*
13349 * Callback to disable flow control in IP.
13350 *
13351 * This is a mac client callback added when the DLD_CAPAB_DIRECT capability
13352 * is enabled.
13353 *
13354 * When MAC_TX() is not able to send any more packets, dld sets its queue
13355 * to QFULL and enable the STREAMS flow control. Later, when the underlying
13356 * driver is able to continue to send packets, it calls mac_tx_(ring_)update()
13357 * function and wakes up corresponding mac worker threads, which in turn
13358 * calls this callback function, and disables flow control.
13359 */
13360 void
13361 ill_flow_enable(void *arg, ip_mac_tx_cookie_t cookie)
13362 {
13363 ill_t *ill = (ill_t *)arg;
13364 ip_stack_t *ipst = ill->ill_ipst;
13365 idl_tx_list_t *idl_txl;
13366
13367 idl_txl = &ipst->ips_idl_tx_list[IDLHASHINDEX(cookie)];
13368 mutex_enter(&idl_txl->txl_lock);
13369 /* add code to to set a flag to indicate idl_txl is enabled */
13370 conn_walk_drain(ipst, idl_txl);
13371 mutex_exit(&idl_txl->txl_lock);
13372 }
13373
13374 /*
13375 * Flow control has been relieved and STREAMS has backenabled us; drain
13376 * all the conn lists on `tx_list'.
13377 */
13378 static void
13379 conn_walk_drain(ip_stack_t *ipst, idl_tx_list_t *tx_list)
13380 {
13381 int i;
13382 idl_t *idl;
13383
13384 IP_STAT(ipst, ip_conn_walk_drain);
13385
13386 for (i = 0; i < ipst->ips_conn_drain_list_cnt; i++) {
13387 idl = &tx_list->txl_drain_list[i];
13388 mutex_enter(&idl->idl_lock);
13389 conn_drain(idl->idl_conn, B_FALSE);
13390 mutex_exit(&idl->idl_lock);
13391 }
13392 }
13393
13394 /*
13395 * Determine if the ill and multicast aspects of that packets
13396 * "matches" the conn.
13397 */
13398 boolean_t
13399 conn_wantpacket(conn_t *connp, ip_recv_attr_t *ira, ipha_t *ipha)
13400 {
13401 ill_t *ill = ira->ira_rill;
13402 zoneid_t zoneid = ira->ira_zoneid;
13403 uint_t in_ifindex;
13404 ipaddr_t dst, src;
13405
13406 dst = ipha->ipha_dst;
13407 src = ipha->ipha_src;
13408
13409 /*
13410 * conn_incoming_ifindex is set by IP_BOUND_IF which limits
13411 * unicast, broadcast and multicast reception to
13412 * conn_incoming_ifindex.
13413 * conn_wantpacket is called for unicast, broadcast and
13414 * multicast packets.
13415 */
13416 in_ifindex = connp->conn_incoming_ifindex;
13417
13418 /* mpathd can bind to the under IPMP interface, which we allow */
13419 if (in_ifindex != 0 && in_ifindex != ill->ill_phyint->phyint_ifindex) {
13420 if (!IS_UNDER_IPMP(ill))
13421 return (B_FALSE);
13422
13423 if (in_ifindex != ipmp_ill_get_ipmp_ifindex(ill))
13424 return (B_FALSE);
13425 }
13426
13427 if (!IPCL_ZONE_MATCH(connp, zoneid))
13428 return (B_FALSE);
13429
13430 if (!(ira->ira_flags & IRAF_MULTICAST))
13431 return (B_TRUE);
13432
13433 if (connp->conn_multi_router) {
13434 /* multicast packet and multicast router socket: send up */
13435 return (B_TRUE);
13436 }
13437
13438 if (ipha->ipha_protocol == IPPROTO_PIM ||
13439 ipha->ipha_protocol == IPPROTO_RSVP)
13440 return (B_TRUE);
13441
13442 return (conn_hasmembers_ill_withsrc_v4(connp, dst, src, ira->ira_ill));
13443 }
13444
13445 void
13446 conn_setqfull(conn_t *connp, boolean_t *flow_stopped)
13447 {
13448 if (IPCL_IS_NONSTR(connp)) {
13449 (*connp->conn_upcalls->su_txq_full)
13450 (connp->conn_upper_handle, B_TRUE);
13451 if (flow_stopped != NULL)
13452 *flow_stopped = B_TRUE;
13453 } else {
13454 queue_t *q = connp->conn_wq;
13455
13456 ASSERT(q != NULL);
13457 if (!(q->q_flag & QFULL)) {
13458 mutex_enter(QLOCK(q));
13459 if (!(q->q_flag & QFULL)) {
13460 /* still need to set QFULL */
13461 q->q_flag |= QFULL;
13462 /* set flow_stopped to true under QLOCK */
13463 if (flow_stopped != NULL)
13464 *flow_stopped = B_TRUE;
13465 mutex_exit(QLOCK(q));
13466 } else {
13467 /* flow_stopped is left unchanged */
13468 mutex_exit(QLOCK(q));
13469 }
13470 }
13471 }
13472 }
13473
13474 void
13475 conn_clrqfull(conn_t *connp, boolean_t *flow_stopped)
13476 {
13477 if (IPCL_IS_NONSTR(connp)) {
13478 (*connp->conn_upcalls->su_txq_full)
13479 (connp->conn_upper_handle, B_FALSE);
13480 if (flow_stopped != NULL)
13481 *flow_stopped = B_FALSE;
13482 } else {
13483 queue_t *q = connp->conn_wq;
13484
13485 ASSERT(q != NULL);
13486 if (q->q_flag & QFULL) {
13487 mutex_enter(QLOCK(q));
13488 if (q->q_flag & QFULL) {
13489 q->q_flag &= ~QFULL;
13490 /* set flow_stopped to false under QLOCK */
13491 if (flow_stopped != NULL)
13492 *flow_stopped = B_FALSE;
13493 mutex_exit(QLOCK(q));
13494 if (q->q_flag & QWANTW)
13495 qbackenable(q, 0);
13496 } else {
13497 /* flow_stopped is left unchanged */
13498 mutex_exit(QLOCK(q));
13499 }
13500 }
13501 }
13502
13503 mutex_enter(&connp->conn_lock);
13504 connp->conn_blocked = B_FALSE;
13505 mutex_exit(&connp->conn_lock);
13506 }
13507
13508 /*
13509 * Return the length in bytes of the IPv4 headers (base header, label, and
13510 * other IP options) that will be needed based on the
13511 * ip_pkt_t structure passed by the caller.
13512 *
13513 * The returned length does not include the length of the upper level
13514 * protocol (ULP) header.
13515 * The caller needs to check that the length doesn't exceed the max for IPv4.
13516 */
13517 int
13518 ip_total_hdrs_len_v4(const ip_pkt_t *ipp)
13519 {
13520 int len;
13521
13522 len = IP_SIMPLE_HDR_LENGTH;
13523 if (ipp->ipp_fields & IPPF_LABEL_V4) {
13524 ASSERT(ipp->ipp_label_len_v4 != 0);
13525 /* We need to round up here */
13526 len += (ipp->ipp_label_len_v4 + 3) & ~3;
13527 }
13528
13529 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) {
13530 ASSERT(ipp->ipp_ipv4_options_len != 0);
13531 ASSERT((ipp->ipp_ipv4_options_len & 3) == 0);
13532 len += ipp->ipp_ipv4_options_len;
13533 }
13534 return (len);
13535 }
13536
13537 /*
13538 * All-purpose routine to build an IPv4 header with options based
13539 * on the abstract ip_pkt_t.
13540 *
13541 * The caller has to set the source and destination address as well as
13542 * ipha_length. The caller has to massage any source route and compensate
13543 * for the ULP pseudo-header checksum due to the source route.
13544 */
13545 void
13546 ip_build_hdrs_v4(uchar_t *buf, uint_t buf_len, const ip_pkt_t *ipp,
13547 uint8_t protocol)
13548 {
13549 ipha_t *ipha = (ipha_t *)buf;
13550 uint8_t *cp;
13551
13552 /* Initialize IPv4 header */
13553 ipha->ipha_type_of_service = ipp->ipp_type_of_service;
13554 ipha->ipha_length = 0; /* Caller will set later */
13555 ipha->ipha_ident = 0;
13556 ipha->ipha_fragment_offset_and_flags = 0;
13557 ipha->ipha_ttl = ipp->ipp_unicast_hops;
13558 ipha->ipha_protocol = protocol;
13559 ipha->ipha_hdr_checksum = 0;
13560
13561 if ((ipp->ipp_fields & IPPF_ADDR) &&
13562 IN6_IS_ADDR_V4MAPPED(&ipp->ipp_addr))
13563 ipha->ipha_src = ipp->ipp_addr_v4;
13564
13565 cp = (uint8_t *)&ipha[1];
13566 if (ipp->ipp_fields & IPPF_LABEL_V4) {
13567 ASSERT(ipp->ipp_label_len_v4 != 0);
13568 bcopy(ipp->ipp_label_v4, cp, ipp->ipp_label_len_v4);
13569 cp += ipp->ipp_label_len_v4;
13570 /* We need to round up here */
13571 while ((uintptr_t)cp & 0x3) {
13572 *cp++ = IPOPT_NOP;
13573 }
13574 }
13575
13576 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) {
13577 ASSERT(ipp->ipp_ipv4_options_len != 0);
13578 ASSERT((ipp->ipp_ipv4_options_len & 3) == 0);
13579 bcopy(ipp->ipp_ipv4_options, cp, ipp->ipp_ipv4_options_len);
13580 cp += ipp->ipp_ipv4_options_len;
13581 }
13582 ipha->ipha_version_and_hdr_length =
13583 (uint8_t)((IP_VERSION << 4) + buf_len / 4);
13584
13585 ASSERT((int)(cp - buf) == buf_len);
13586 }
13587
13588 /* Allocate the private structure */
13589 static int
13590 ip_priv_alloc(void **bufp)
13591 {
13592 void *buf;
13593
13594 if ((buf = kmem_alloc(sizeof (ip_priv_t), KM_NOSLEEP)) == NULL)
13595 return (ENOMEM);
13596
13597 *bufp = buf;
13598 return (0);
13599 }
13600
13601 /* Function to delete the private structure */
13602 void
13603 ip_priv_free(void *buf)
13604 {
13605 ASSERT(buf != NULL);
13606 kmem_free(buf, sizeof (ip_priv_t));
13607 }
13608
13609 /*
13610 * The entry point for IPPF processing.
13611 * If the classifier (IPGPC_CLASSIFY) is not loaded and configured, the
13612 * routine just returns.
13613 *
13614 * When called, ip_process generates an ipp_packet_t structure
13615 * which holds the state information for this packet and invokes the
13616 * the classifier (via ipp_packet_process). The classification, depending on
13617 * configured filters, results in a list of actions for this packet. Invoking
13618 * an action may cause the packet to be dropped, in which case we return NULL.
13619 * proc indicates the callout position for
13620 * this packet and ill is the interface this packet arrived on or will leave
13621 * on (inbound and outbound resp.).
13622 *
13623 * We do the processing on the rill (mapped to the upper if ipmp), but MIB
13624 * on the ill corrsponding to the destination IP address.
13625 */
13626 mblk_t *
13627 ip_process(ip_proc_t proc, mblk_t *mp, ill_t *rill, ill_t *ill)
13628 {
13629 ip_priv_t *priv;
13630 ipp_action_id_t aid;
13631 int rc = 0;
13632 ipp_packet_t *pp;
13633
13634 /* If the classifier is not loaded, return */
13635 if ((aid = ipp_action_lookup(IPGPC_CLASSIFY)) == IPP_ACTION_INVAL) {
13636 return (mp);
13637 }
13638
13639 ASSERT(mp != NULL);
13640
13641 /* Allocate the packet structure */
13642 rc = ipp_packet_alloc(&pp, "ip", aid);
13643 if (rc != 0)
13644 goto drop;
13645
13646 /* Allocate the private structure */
13647 rc = ip_priv_alloc((void **)&priv);
13648 if (rc != 0) {
13649 ipp_packet_free(pp);
13650 goto drop;
13651 }
13652 priv->proc = proc;
13653 priv->ill_index = ill_get_upper_ifindex(rill);
13654
13655 ipp_packet_set_private(pp, priv, ip_priv_free);
13656 ipp_packet_set_data(pp, mp);
13657
13658 /* Invoke the classifier */
13659 rc = ipp_packet_process(&pp);
13660 if (pp != NULL) {
13661 mp = ipp_packet_get_data(pp);
13662 ipp_packet_free(pp);
13663 if (rc != 0)
13664 goto drop;
13665 return (mp);
13666 } else {
13667 /* No mp to trace in ip_drop_input/ip_drop_output */
13668 mp = NULL;
13669 }
13670 drop:
13671 if (proc == IPP_LOCAL_IN || proc == IPP_FWD_IN) {
13672 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
13673 ip_drop_input("ip_process", mp, ill);
13674 } else {
13675 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
13676 ip_drop_output("ip_process", mp, ill);
13677 }
13678 freemsg(mp);
13679 return (NULL);
13680 }
13681
13682 /*
13683 * Propagate a multicast group membership operation (add/drop) on
13684 * all the interfaces crossed by the related multirt routes.
13685 * The call is considered successful if the operation succeeds
13686 * on at least one interface.
13687 *
13688 * This assumes that a set of IRE_HOST/RTF_MULTIRT has been created for the
13689 * multicast addresses with the ire argument being the first one.
13690 * We walk the bucket to find all the of those.
13691 *
13692 * Common to IPv4 and IPv6.
13693 */
13694 static int
13695 ip_multirt_apply_membership(int (*fn)(conn_t *, boolean_t,
13696 const in6_addr_t *, ipaddr_t, uint_t, mcast_record_t, const in6_addr_t *),
13697 ire_t *ire, conn_t *connp, boolean_t checkonly, const in6_addr_t *v6group,
13698 mcast_record_t fmode, const in6_addr_t *v6src)
13699 {
13700 ire_t *ire_gw;
13701 irb_t *irb;
13702 int ifindex;
13703 int error = 0;
13704 int result;
13705 ip_stack_t *ipst = ire->ire_ipst;
13706 ipaddr_t group;
13707 boolean_t isv6;
13708 int match_flags;
13709
13710 if (IN6_IS_ADDR_V4MAPPED(v6group)) {
13711 IN6_V4MAPPED_TO_IPADDR(v6group, group);
13712 isv6 = B_FALSE;
13713 } else {
13714 isv6 = B_TRUE;
13715 }
13716
13717 irb = ire->ire_bucket;
13718 ASSERT(irb != NULL);
13719
13720 result = 0;
13721 irb_refhold(irb);
13722 for (; ire != NULL; ire = ire->ire_next) {
13723 if ((ire->ire_flags & RTF_MULTIRT) == 0)
13724 continue;
13725
13726 /* We handle -ifp routes by matching on the ill if set */
13727 match_flags = MATCH_IRE_TYPE;
13728 if (ire->ire_ill != NULL)
13729 match_flags |= MATCH_IRE_ILL;
13730
13731 if (isv6) {
13732 if (!IN6_ARE_ADDR_EQUAL(&ire->ire_addr_v6, v6group))
13733 continue;
13734
13735 ire_gw = ire_ftable_lookup_v6(&ire->ire_gateway_addr_v6,
13736 0, 0, IRE_INTERFACE, ire->ire_ill, ALL_ZONES, NULL,
13737 match_flags, 0, ipst, NULL);
13738 } else {
13739 if (ire->ire_addr != group)
13740 continue;
13741
13742 ire_gw = ire_ftable_lookup_v4(ire->ire_gateway_addr,
13743 0, 0, IRE_INTERFACE, ire->ire_ill, ALL_ZONES, NULL,
13744 match_flags, 0, ipst, NULL);
13745 }
13746 /* No interface route exists for the gateway; skip this ire. */
13747 if (ire_gw == NULL)
13748 continue;
13749 if (ire_gw->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) {
13750 ire_refrele(ire_gw);
13751 continue;
13752 }
13753 ASSERT(ire_gw->ire_ill != NULL); /* IRE_INTERFACE */
13754 ifindex = ire_gw->ire_ill->ill_phyint->phyint_ifindex;
13755
13756 /*
13757 * The operation is considered a success if
13758 * it succeeds at least once on any one interface.
13759 */
13760 error = fn(connp, checkonly, v6group, INADDR_ANY, ifindex,
13761 fmode, v6src);
13762 if (error == 0)
13763 result = CGTP_MCAST_SUCCESS;
13764
13765 ire_refrele(ire_gw);
13766 }
13767 irb_refrele(irb);
13768 /*
13769 * Consider the call as successful if we succeeded on at least
13770 * one interface. Otherwise, return the last encountered error.
13771 */
13772 return (result == CGTP_MCAST_SUCCESS ? 0 : error);
13773 }
13774
13775 /*
13776 * Return the expected CGTP hooks version number.
13777 */
13778 int
13779 ip_cgtp_filter_supported(void)
13780 {
13781 return (ip_cgtp_filter_rev);
13782 }
13783
13784 /*
13785 * CGTP hooks can be registered by invoking this function.
13786 * Checks that the version number matches.
13787 */
13788 int
13789 ip_cgtp_filter_register(netstackid_t stackid, cgtp_filter_ops_t *ops)
13790 {
13791 netstack_t *ns;
13792 ip_stack_t *ipst;
13793
13794 if (ops->cfo_filter_rev != CGTP_FILTER_REV)
13795 return (ENOTSUP);
13796
13797 ns = netstack_find_by_stackid(stackid);
13798 if (ns == NULL)
13799 return (EINVAL);
13800 ipst = ns->netstack_ip;
13801 ASSERT(ipst != NULL);
13802
13803 if (ipst->ips_ip_cgtp_filter_ops != NULL) {
13804 netstack_rele(ns);
13805 return (EALREADY);
13806 }
13807
13808 ipst->ips_ip_cgtp_filter_ops = ops;
13809
13810 ill_set_inputfn_all(ipst);
13811
13812 netstack_rele(ns);
13813 return (0);
13814 }
13815
13816 /*
13817 * CGTP hooks can be unregistered by invoking this function.
13818 * Returns ENXIO if there was no registration.
13819 * Returns EBUSY if the ndd variable has not been turned off.
13820 */
13821 int
13822 ip_cgtp_filter_unregister(netstackid_t stackid)
13823 {
13824 netstack_t *ns;
13825 ip_stack_t *ipst;
13826
13827 ns = netstack_find_by_stackid(stackid);
13828 if (ns == NULL)
13829 return (EINVAL);
13830 ipst = ns->netstack_ip;
13831 ASSERT(ipst != NULL);
13832
13833 if (ipst->ips_ip_cgtp_filter) {
13834 netstack_rele(ns);
13835 return (EBUSY);
13836 }
13837
13838 if (ipst->ips_ip_cgtp_filter_ops == NULL) {
13839 netstack_rele(ns);
13840 return (ENXIO);
13841 }
13842 ipst->ips_ip_cgtp_filter_ops = NULL;
13843
13844 ill_set_inputfn_all(ipst);
13845
13846 netstack_rele(ns);
13847 return (0);
13848 }
13849
13850 /*
13851 * Check whether there is a CGTP filter registration.
13852 * Returns non-zero if there is a registration, otherwise returns zero.
13853 * Note: returns zero if bad stackid.
13854 */
13855 int
13856 ip_cgtp_filter_is_registered(netstackid_t stackid)
13857 {
13858 netstack_t *ns;
13859 ip_stack_t *ipst;
13860 int ret;
13861
13862 ns = netstack_find_by_stackid(stackid);
13863 if (ns == NULL)
13864 return (0);
13865 ipst = ns->netstack_ip;
13866 ASSERT(ipst != NULL);
13867
13868 if (ipst->ips_ip_cgtp_filter_ops != NULL)
13869 ret = 1;
13870 else
13871 ret = 0;
13872
13873 netstack_rele(ns);
13874 return (ret);
13875 }
13876
13877 static int
13878 ip_squeue_switch(int val)
13879 {
13880 int rval;
13881
13882 switch (val) {
13883 case IP_SQUEUE_ENTER_NODRAIN:
13884 rval = SQ_NODRAIN;
13885 break;
13886 case IP_SQUEUE_ENTER:
13887 rval = SQ_PROCESS;
13888 break;
13889 case IP_SQUEUE_FILL:
13890 default:
13891 rval = SQ_FILL;
13892 break;
13893 }
13894 return (rval);
13895 }
13896
13897 static void *
13898 ip_kstat2_init(netstackid_t stackid, ip_stat_t *ip_statisticsp)
13899 {
13900 kstat_t *ksp;
13901
13902 ip_stat_t template = {
13903 { "ip_udp_fannorm", KSTAT_DATA_UINT64 },
13904 { "ip_udp_fanmb", KSTAT_DATA_UINT64 },
13905 { "ip_recv_pullup", KSTAT_DATA_UINT64 },
13906 { "ip_db_ref", KSTAT_DATA_UINT64 },
13907 { "ip_notaligned", KSTAT_DATA_UINT64 },
13908 { "ip_multimblk", KSTAT_DATA_UINT64 },
13909 { "ip_opt", KSTAT_DATA_UINT64 },
13910 { "ipsec_proto_ahesp", KSTAT_DATA_UINT64 },
13911 { "ip_conn_flputbq", KSTAT_DATA_UINT64 },
13912 { "ip_conn_walk_drain", KSTAT_DATA_UINT64 },
13913 { "ip_out_sw_cksum", KSTAT_DATA_UINT64 },
13914 { "ip_out_sw_cksum_bytes", KSTAT_DATA_UINT64 },
13915 { "ip_in_sw_cksum", KSTAT_DATA_UINT64 },
13916 { "ip_ire_reclaim_calls", KSTAT_DATA_UINT64 },
13917 { "ip_ire_reclaim_deleted", KSTAT_DATA_UINT64 },
13918 { "ip_nce_reclaim_calls", KSTAT_DATA_UINT64 },
13919 { "ip_nce_reclaim_deleted", KSTAT_DATA_UINT64 },
13920 { "ip_dce_reclaim_calls", KSTAT_DATA_UINT64 },
13921 { "ip_dce_reclaim_deleted", KSTAT_DATA_UINT64 },
13922 { "ip_tcp_in_full_hw_cksum_err", KSTAT_DATA_UINT64 },
13923 { "ip_tcp_in_part_hw_cksum_err", KSTAT_DATA_UINT64 },
13924 { "ip_tcp_in_sw_cksum_err", KSTAT_DATA_UINT64 },
13925 { "ip_udp_in_full_hw_cksum_err", KSTAT_DATA_UINT64 },
13926 { "ip_udp_in_part_hw_cksum_err", KSTAT_DATA_UINT64 },
13927 { "ip_udp_in_sw_cksum_err", KSTAT_DATA_UINT64 },
13928 { "conn_in_recvdstaddr", KSTAT_DATA_UINT64 },
13929 { "conn_in_recvopts", KSTAT_DATA_UINT64 },
13930 { "conn_in_recvif", KSTAT_DATA_UINT64 },
13931 { "conn_in_recvslla", KSTAT_DATA_UINT64 },
13932 { "conn_in_recvucred", KSTAT_DATA_UINT64 },
13933 { "conn_in_recvttl", KSTAT_DATA_UINT64 },
13934 { "conn_in_recvhopopts", KSTAT_DATA_UINT64 },
13935 { "conn_in_recvhoplimit", KSTAT_DATA_UINT64 },
13936 { "conn_in_recvdstopts", KSTAT_DATA_UINT64 },
13937 { "conn_in_recvrthdrdstopts", KSTAT_DATA_UINT64 },
13938 { "conn_in_recvrthdr", KSTAT_DATA_UINT64 },
13939 { "conn_in_recvpktinfo", KSTAT_DATA_UINT64 },
13940 { "conn_in_recvtclass", KSTAT_DATA_UINT64 },
13941 { "conn_in_timestamp", KSTAT_DATA_UINT64 },
13942 };
13943
13944 ksp = kstat_create_netstack("ip", 0, "ipstat", "net",
13945 KSTAT_TYPE_NAMED, sizeof (template) / sizeof (kstat_named_t),
13946 KSTAT_FLAG_VIRTUAL, stackid);
13947
13948 if (ksp == NULL)
13949 return (NULL);
13950
13951 bcopy(&template, ip_statisticsp, sizeof (template));
13952 ksp->ks_data = (void *)ip_statisticsp;
13953 ksp->ks_private = (void *)(uintptr_t)stackid;
13954
13955 kstat_install(ksp);
13956 return (ksp);
13957 }
13958
13959 static void
13960 ip_kstat2_fini(netstackid_t stackid, kstat_t *ksp)
13961 {
13962 if (ksp != NULL) {
13963 ASSERT(stackid == (netstackid_t)(uintptr_t)ksp->ks_private);
13964 kstat_delete_netstack(ksp, stackid);
13965 }
13966 }
13967
13968 static void *
13969 ip_kstat_init(netstackid_t stackid, ip_stack_t *ipst)
13970 {
13971 kstat_t *ksp;
13972
13973 ip_named_kstat_t template = {
13974 { "forwarding", KSTAT_DATA_UINT32, 0 },
13975 { "defaultTTL", KSTAT_DATA_UINT32, 0 },
13976 { "inReceives", KSTAT_DATA_UINT64, 0 },
13977 { "inHdrErrors", KSTAT_DATA_UINT32, 0 },
13978 { "inAddrErrors", KSTAT_DATA_UINT32, 0 },
13979 { "forwDatagrams", KSTAT_DATA_UINT64, 0 },
13980 { "inUnknownProtos", KSTAT_DATA_UINT32, 0 },
13981 { "inDiscards", KSTAT_DATA_UINT32, 0 },
13982 { "inDelivers", KSTAT_DATA_UINT64, 0 },
13983 { "outRequests", KSTAT_DATA_UINT64, 0 },
13984 { "outDiscards", KSTAT_DATA_UINT32, 0 },
13985 { "outNoRoutes", KSTAT_DATA_UINT32, 0 },
13986 { "reasmTimeout", KSTAT_DATA_UINT32, 0 },
13987 { "reasmReqds", KSTAT_DATA_UINT32, 0 },
13988 { "reasmOKs", KSTAT_DATA_UINT32, 0 },
13989 { "reasmFails", KSTAT_DATA_UINT32, 0 },
13990 { "fragOKs", KSTAT_DATA_UINT32, 0 },
13991 { "fragFails", KSTAT_DATA_UINT32, 0 },
13992 { "fragCreates", KSTAT_DATA_UINT32, 0 },
13993 { "addrEntrySize", KSTAT_DATA_INT32, 0 },
13994 { "routeEntrySize", KSTAT_DATA_INT32, 0 },
13995 { "netToMediaEntrySize", KSTAT_DATA_INT32, 0 },
13996 { "routingDiscards", KSTAT_DATA_UINT32, 0 },
13997 { "inErrs", KSTAT_DATA_UINT32, 0 },
13998 { "noPorts", KSTAT_DATA_UINT32, 0 },
13999 { "inCksumErrs", KSTAT_DATA_UINT32, 0 },
14000 { "reasmDuplicates", KSTAT_DATA_UINT32, 0 },
14001 { "reasmPartDups", KSTAT_DATA_UINT32, 0 },
14002 { "forwProhibits", KSTAT_DATA_UINT32, 0 },
14003 { "udpInCksumErrs", KSTAT_DATA_UINT32, 0 },
14004 { "udpInOverflows", KSTAT_DATA_UINT32, 0 },
14005 { "rawipInOverflows", KSTAT_DATA_UINT32, 0 },
14006 { "ipsecInSucceeded", KSTAT_DATA_UINT32, 0 },
14007 { "ipsecInFailed", KSTAT_DATA_INT32, 0 },
14008 { "memberEntrySize", KSTAT_DATA_INT32, 0 },
14009 { "inIPv6", KSTAT_DATA_UINT32, 0 },
14010 { "outIPv6", KSTAT_DATA_UINT32, 0 },
14011 { "outSwitchIPv6", KSTAT_DATA_UINT32, 0 },
14012 };
14013
14014 ksp = kstat_create_netstack("ip", 0, "ip", "mib2", KSTAT_TYPE_NAMED,
14015 NUM_OF_FIELDS(ip_named_kstat_t), 0, stackid);
14016 if (ksp == NULL || ksp->ks_data == NULL)
14017 return (NULL);
14018
14019 template.forwarding.value.ui32 = WE_ARE_FORWARDING(ipst) ? 1:2;
14020 template.defaultTTL.value.ui32 = (uint32_t)ipst->ips_ip_def_ttl;
14021 template.reasmTimeout.value.ui32 = ipst->ips_ip_reassembly_timeout;
14022 template.addrEntrySize.value.i32 = sizeof (mib2_ipAddrEntry_t);
14023 template.routeEntrySize.value.i32 = sizeof (mib2_ipRouteEntry_t);
14024
14025 template.netToMediaEntrySize.value.i32 =
14026 sizeof (mib2_ipNetToMediaEntry_t);
14027
14028 template.memberEntrySize.value.i32 = sizeof (ipv6_member_t);
14029
14030 bcopy(&template, ksp->ks_data, sizeof (template));
14031 ksp->ks_update = ip_kstat_update;
14032 ksp->ks_private = (void *)(uintptr_t)stackid;
14033
14034 kstat_install(ksp);
14035 return (ksp);
14036 }
14037
14038 static void
14039 ip_kstat_fini(netstackid_t stackid, kstat_t *ksp)
14040 {
14041 if (ksp != NULL) {
14042 ASSERT(stackid == (netstackid_t)(uintptr_t)ksp->ks_private);
14043 kstat_delete_netstack(ksp, stackid);
14044 }
14045 }
14046
14047 static int
14048 ip_kstat_update(kstat_t *kp, int rw)
14049 {
14050 ip_named_kstat_t *ipkp;
14051 mib2_ipIfStatsEntry_t ipmib;
14052 ill_walk_context_t ctx;
14053 ill_t *ill;
14054 netstackid_t stackid = (zoneid_t)(uintptr_t)kp->ks_private;
14055 netstack_t *ns;
14056 ip_stack_t *ipst;
14057
14058 if (kp == NULL || kp->ks_data == NULL)
14059 return (EIO);
14060
14061 if (rw == KSTAT_WRITE)
14062 return (EACCES);
14063
14064 ns = netstack_find_by_stackid(stackid);
14065 if (ns == NULL)
14066 return (-1);
14067 ipst = ns->netstack_ip;
14068 if (ipst == NULL) {
14069 netstack_rele(ns);
14070 return (-1);
14071 }
14072 ipkp = (ip_named_kstat_t *)kp->ks_data;
14073
14074 bcopy(&ipst->ips_ip_mib, &ipmib, sizeof (ipmib));
14075 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
14076 ill = ILL_START_WALK_V4(&ctx, ipst);
14077 for (; ill != NULL; ill = ill_next(&ctx, ill))
14078 ip_mib2_add_ip_stats(&ipmib, ill->ill_ip_mib);
14079 rw_exit(&ipst->ips_ill_g_lock);
14080
14081 ipkp->forwarding.value.ui32 = ipmib.ipIfStatsForwarding;
14082 ipkp->defaultTTL.value.ui32 = ipmib.ipIfStatsDefaultTTL;
14083 ipkp->inReceives.value.ui64 = ipmib.ipIfStatsHCInReceives;
14084 ipkp->inHdrErrors.value.ui32 = ipmib.ipIfStatsInHdrErrors;
14085 ipkp->inAddrErrors.value.ui32 = ipmib.ipIfStatsInAddrErrors;
14086 ipkp->forwDatagrams.value.ui64 = ipmib.ipIfStatsHCOutForwDatagrams;
14087 ipkp->inUnknownProtos.value.ui32 = ipmib.ipIfStatsInUnknownProtos;
14088 ipkp->inDiscards.value.ui32 = ipmib.ipIfStatsInDiscards;
14089 ipkp->inDelivers.value.ui64 = ipmib.ipIfStatsHCInDelivers;
14090 ipkp->outRequests.value.ui64 = ipmib.ipIfStatsHCOutRequests;
14091 ipkp->outDiscards.value.ui32 = ipmib.ipIfStatsOutDiscards;
14092 ipkp->outNoRoutes.value.ui32 = ipmib.ipIfStatsOutNoRoutes;
14093 ipkp->reasmTimeout.value.ui32 = ipst->ips_ip_reassembly_timeout;
14094 ipkp->reasmReqds.value.ui32 = ipmib.ipIfStatsReasmReqds;
14095 ipkp->reasmOKs.value.ui32 = ipmib.ipIfStatsReasmOKs;
14096 ipkp->reasmFails.value.ui32 = ipmib.ipIfStatsReasmFails;
14097 ipkp->fragOKs.value.ui32 = ipmib.ipIfStatsOutFragOKs;
14098 ipkp->fragFails.value.ui32 = ipmib.ipIfStatsOutFragFails;
14099 ipkp->fragCreates.value.ui32 = ipmib.ipIfStatsOutFragCreates;
14100
14101 ipkp->routingDiscards.value.ui32 = 0;
14102 ipkp->inErrs.value.ui32 = ipmib.tcpIfStatsInErrs;
14103 ipkp->noPorts.value.ui32 = ipmib.udpIfStatsNoPorts;
14104 ipkp->inCksumErrs.value.ui32 = ipmib.ipIfStatsInCksumErrs;
14105 ipkp->reasmDuplicates.value.ui32 = ipmib.ipIfStatsReasmDuplicates;
14106 ipkp->reasmPartDups.value.ui32 = ipmib.ipIfStatsReasmPartDups;
14107 ipkp->forwProhibits.value.ui32 = ipmib.ipIfStatsForwProhibits;
14108 ipkp->udpInCksumErrs.value.ui32 = ipmib.udpIfStatsInCksumErrs;
14109 ipkp->udpInOverflows.value.ui32 = ipmib.udpIfStatsInOverflows;
14110 ipkp->rawipInOverflows.value.ui32 = ipmib.rawipIfStatsInOverflows;
14111 ipkp->ipsecInSucceeded.value.ui32 = ipmib.ipsecIfStatsInSucceeded;
14112 ipkp->ipsecInFailed.value.i32 = ipmib.ipsecIfStatsInFailed;
14113
14114 ipkp->inIPv6.value.ui32 = ipmib.ipIfStatsInWrongIPVersion;
14115 ipkp->outIPv6.value.ui32 = ipmib.ipIfStatsOutWrongIPVersion;
14116 ipkp->outSwitchIPv6.value.ui32 = ipmib.ipIfStatsOutSwitchIPVersion;
14117
14118 netstack_rele(ns);
14119
14120 return (0);
14121 }
14122
14123 static void *
14124 icmp_kstat_init(netstackid_t stackid)
14125 {
14126 kstat_t *ksp;
14127
14128 icmp_named_kstat_t template = {
14129 { "inMsgs", KSTAT_DATA_UINT32 },
14130 { "inErrors", KSTAT_DATA_UINT32 },
14131 { "inDestUnreachs", KSTAT_DATA_UINT32 },
14132 { "inTimeExcds", KSTAT_DATA_UINT32 },
14133 { "inParmProbs", KSTAT_DATA_UINT32 },
14134 { "inSrcQuenchs", KSTAT_DATA_UINT32 },
14135 { "inRedirects", KSTAT_DATA_UINT32 },
14136 { "inEchos", KSTAT_DATA_UINT32 },
14137 { "inEchoReps", KSTAT_DATA_UINT32 },
14138 { "inTimestamps", KSTAT_DATA_UINT32 },
14139 { "inTimestampReps", KSTAT_DATA_UINT32 },
14140 { "inAddrMasks", KSTAT_DATA_UINT32 },
14141 { "inAddrMaskReps", KSTAT_DATA_UINT32 },
14142 { "outMsgs", KSTAT_DATA_UINT32 },
14143 { "outErrors", KSTAT_DATA_UINT32 },
14144 { "outDestUnreachs", KSTAT_DATA_UINT32 },
14145 { "outTimeExcds", KSTAT_DATA_UINT32 },
14146 { "outParmProbs", KSTAT_DATA_UINT32 },
14147 { "outSrcQuenchs", KSTAT_DATA_UINT32 },
14148 { "outRedirects", KSTAT_DATA_UINT32 },
14149 { "outEchos", KSTAT_DATA_UINT32 },
14150 { "outEchoReps", KSTAT_DATA_UINT32 },
14151 { "outTimestamps", KSTAT_DATA_UINT32 },
14152 { "outTimestampReps", KSTAT_DATA_UINT32 },
14153 { "outAddrMasks", KSTAT_DATA_UINT32 },
14154 { "outAddrMaskReps", KSTAT_DATA_UINT32 },
14155 { "inChksumErrs", KSTAT_DATA_UINT32 },
14156 { "inUnknowns", KSTAT_DATA_UINT32 },
14157 { "inFragNeeded", KSTAT_DATA_UINT32 },
14158 { "outFragNeeded", KSTAT_DATA_UINT32 },
14159 { "outDrops", KSTAT_DATA_UINT32 },
14160 { "inOverFlows", KSTAT_DATA_UINT32 },
14161 { "inBadRedirects", KSTAT_DATA_UINT32 },
14162 };
14163
14164 ksp = kstat_create_netstack("ip", 0, "icmp", "mib2", KSTAT_TYPE_NAMED,
14165 NUM_OF_FIELDS(icmp_named_kstat_t), 0, stackid);
14166 if (ksp == NULL || ksp->ks_data == NULL)
14167 return (NULL);
14168
14169 bcopy(&template, ksp->ks_data, sizeof (template));
14170
14171 ksp->ks_update = icmp_kstat_update;
14172 ksp->ks_private = (void *)(uintptr_t)stackid;
14173
14174 kstat_install(ksp);
14175 return (ksp);
14176 }
14177
14178 static void
14179 icmp_kstat_fini(netstackid_t stackid, kstat_t *ksp)
14180 {
14181 if (ksp != NULL) {
14182 ASSERT(stackid == (netstackid_t)(uintptr_t)ksp->ks_private);
14183 kstat_delete_netstack(ksp, stackid);
14184 }
14185 }
14186
14187 static int
14188 icmp_kstat_update(kstat_t *kp, int rw)
14189 {
14190 icmp_named_kstat_t *icmpkp;
14191 netstackid_t stackid = (zoneid_t)(uintptr_t)kp->ks_private;
14192 netstack_t *ns;
14193 ip_stack_t *ipst;
14194
14195 if ((kp == NULL) || (kp->ks_data == NULL))
14196 return (EIO);
14197
14198 if (rw == KSTAT_WRITE)
14199 return (EACCES);
14200
14201 ns = netstack_find_by_stackid(stackid);
14202 if (ns == NULL)
14203 return (-1);
14204 ipst = ns->netstack_ip;
14205 if (ipst == NULL) {
14206 netstack_rele(ns);
14207 return (-1);
14208 }
14209 icmpkp = (icmp_named_kstat_t *)kp->ks_data;
14210
14211 icmpkp->inMsgs.value.ui32 = ipst->ips_icmp_mib.icmpInMsgs;
14212 icmpkp->inErrors.value.ui32 = ipst->ips_icmp_mib.icmpInErrors;
14213 icmpkp->inDestUnreachs.value.ui32 =
14214 ipst->ips_icmp_mib.icmpInDestUnreachs;
14215 icmpkp->inTimeExcds.value.ui32 = ipst->ips_icmp_mib.icmpInTimeExcds;
14216 icmpkp->inParmProbs.value.ui32 = ipst->ips_icmp_mib.icmpInParmProbs;
14217 icmpkp->inSrcQuenchs.value.ui32 = ipst->ips_icmp_mib.icmpInSrcQuenchs;
14218 icmpkp->inRedirects.value.ui32 = ipst->ips_icmp_mib.icmpInRedirects;
14219 icmpkp->inEchos.value.ui32 = ipst->ips_icmp_mib.icmpInEchos;
14220 icmpkp->inEchoReps.value.ui32 = ipst->ips_icmp_mib.icmpInEchoReps;
14221 icmpkp->inTimestamps.value.ui32 = ipst->ips_icmp_mib.icmpInTimestamps;
14222 icmpkp->inTimestampReps.value.ui32 =
14223 ipst->ips_icmp_mib.icmpInTimestampReps;
14224 icmpkp->inAddrMasks.value.ui32 = ipst->ips_icmp_mib.icmpInAddrMasks;
14225 icmpkp->inAddrMaskReps.value.ui32 =
14226 ipst->ips_icmp_mib.icmpInAddrMaskReps;
14227 icmpkp->outMsgs.value.ui32 = ipst->ips_icmp_mib.icmpOutMsgs;
14228 icmpkp->outErrors.value.ui32 = ipst->ips_icmp_mib.icmpOutErrors;
14229 icmpkp->outDestUnreachs.value.ui32 =
14230 ipst->ips_icmp_mib.icmpOutDestUnreachs;
14231 icmpkp->outTimeExcds.value.ui32 = ipst->ips_icmp_mib.icmpOutTimeExcds;
14232 icmpkp->outParmProbs.value.ui32 = ipst->ips_icmp_mib.icmpOutParmProbs;
14233 icmpkp->outSrcQuenchs.value.ui32 =
14234 ipst->ips_icmp_mib.icmpOutSrcQuenchs;
14235 icmpkp->outRedirects.value.ui32 = ipst->ips_icmp_mib.icmpOutRedirects;
14236 icmpkp->outEchos.value.ui32 = ipst->ips_icmp_mib.icmpOutEchos;
14237 icmpkp->outEchoReps.value.ui32 = ipst->ips_icmp_mib.icmpOutEchoReps;
14238 icmpkp->outTimestamps.value.ui32 =
14239 ipst->ips_icmp_mib.icmpOutTimestamps;
14240 icmpkp->outTimestampReps.value.ui32 =
14241 ipst->ips_icmp_mib.icmpOutTimestampReps;
14242 icmpkp->outAddrMasks.value.ui32 =
14243 ipst->ips_icmp_mib.icmpOutAddrMasks;
14244 icmpkp->outAddrMaskReps.value.ui32 =
14245 ipst->ips_icmp_mib.icmpOutAddrMaskReps;
14246 icmpkp->inCksumErrs.value.ui32 = ipst->ips_icmp_mib.icmpInCksumErrs;
14247 icmpkp->inUnknowns.value.ui32 = ipst->ips_icmp_mib.icmpInUnknowns;
14248 icmpkp->inFragNeeded.value.ui32 = ipst->ips_icmp_mib.icmpInFragNeeded;
14249 icmpkp->outFragNeeded.value.ui32 =
14250 ipst->ips_icmp_mib.icmpOutFragNeeded;
14251 icmpkp->outDrops.value.ui32 = ipst->ips_icmp_mib.icmpOutDrops;
14252 icmpkp->inOverflows.value.ui32 = ipst->ips_icmp_mib.icmpInOverflows;
14253 icmpkp->inBadRedirects.value.ui32 =
14254 ipst->ips_icmp_mib.icmpInBadRedirects;
14255
14256 netstack_rele(ns);
14257 return (0);
14258 }
14259
14260 /*
14261 * This is the fanout function for raw socket opened for SCTP. Note
14262 * that it is called after SCTP checks that there is no socket which
14263 * wants a packet. Then before SCTP handles this out of the blue packet,
14264 * this function is called to see if there is any raw socket for SCTP.
14265 * If there is and it is bound to the correct address, the packet will
14266 * be sent to that socket. Note that only one raw socket can be bound to
14267 * a port. This is assured in ipcl_sctp_hash_insert();
14268 */
14269 void
14270 ip_fanout_sctp_raw(mblk_t *mp, ipha_t *ipha, ip6_t *ip6h, uint32_t ports,
14271 ip_recv_attr_t *ira)
14272 {
14273 conn_t *connp;
14274 queue_t *rq;
14275 boolean_t secure;
14276 ill_t *ill = ira->ira_ill;
14277 ip_stack_t *ipst = ill->ill_ipst;
14278 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec;
14279 sctp_stack_t *sctps = ipst->ips_netstack->netstack_sctp;
14280 iaflags_t iraflags = ira->ira_flags;
14281 ill_t *rill = ira->ira_rill;
14282
14283 secure = iraflags & IRAF_IPSEC_SECURE;
14284
14285 connp = ipcl_classify_raw(mp, IPPROTO_SCTP, ports, ipha, ip6h,
14286 ira, ipst);
14287 if (connp == NULL) {
14288 /*
14289 * Although raw sctp is not summed, OOB chunks must be.
14290 * Drop the packet here if the sctp checksum failed.
14291 */
14292 if (iraflags & IRAF_SCTP_CSUM_ERR) {
14293 SCTPS_BUMP_MIB(sctps, sctpChecksumError);
14294 freemsg(mp);
14295 return;
14296 }
14297 ira->ira_ill = ira->ira_rill = NULL;
14298 sctp_ootb_input(mp, ira, ipst);
14299 ira->ira_ill = ill;
14300 ira->ira_rill = rill;
14301 return;
14302 }
14303 rq = connp->conn_rq;
14304 if (IPCL_IS_NONSTR(connp) ? connp->conn_flow_cntrld : !canputnext(rq)) {
14305 CONN_DEC_REF(connp);
14306 BUMP_MIB(ill->ill_ip_mib, rawipIfStatsInOverflows);
14307 freemsg(mp);
14308 return;
14309 }
14310 if (((iraflags & IRAF_IS_IPV4) ?
14311 CONN_INBOUND_POLICY_PRESENT(connp, ipss) :
14312 CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss)) ||
14313 secure) {
14314 mp = ipsec_check_inbound_policy(mp, connp, ipha,
14315 ip6h, ira);
14316 if (mp == NULL) {
14317 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
14318 /* Note that mp is NULL */
14319 ip_drop_input("ipIfStatsInDiscards", mp, ill);
14320 CONN_DEC_REF(connp);
14321 return;
14322 }
14323 }
14324
14325 if (iraflags & IRAF_ICMP_ERROR) {
14326 (connp->conn_recvicmp)(connp, mp, NULL, ira);
14327 } else {
14328 ill_t *rill = ira->ira_rill;
14329
14330 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers);
14331 /* This is the SOCK_RAW, IPPROTO_SCTP case. */
14332 ira->ira_ill = ira->ira_rill = NULL;
14333 (connp->conn_recv)(connp, mp, NULL, ira);
14334 ira->ira_ill = ill;
14335 ira->ira_rill = rill;
14336 }
14337 CONN_DEC_REF(connp);
14338 }
14339
14340 /*
14341 * Free a packet that has the link-layer dl_unitdata_req_t or fast-path
14342 * header before the ip payload.
14343 */
14344 static void
14345 ip_xmit_flowctl_drop(ill_t *ill, mblk_t *mp, boolean_t is_fp_mp, int fp_mp_len)
14346 {
14347 int len = (mp->b_wptr - mp->b_rptr);
14348 mblk_t *ip_mp;
14349
14350 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
14351 if (is_fp_mp || len != fp_mp_len) {
14352 if (len > fp_mp_len) {
14353 /*
14354 * fastpath header and ip header in the first mblk
14355 */
14356 mp->b_rptr += fp_mp_len;
14357 } else {
14358 /*
14359 * ip_xmit_attach_llhdr had to prepend an mblk to
14360 * attach the fastpath header before ip header.
14361 */
14362 ip_mp = mp->b_cont;
14363 freeb(mp);
14364 mp = ip_mp;
14365 mp->b_rptr += (fp_mp_len - len);
14366 }
14367 } else {
14368 ip_mp = mp->b_cont;
14369 freeb(mp);
14370 mp = ip_mp;
14371 }
14372 ip_drop_output("ipIfStatsOutDiscards - flow ctl", mp, ill);
14373 freemsg(mp);
14374 }
14375
14376 /*
14377 * Normal post fragmentation function.
14378 *
14379 * Send a packet using the passed in nce. This handles both IPv4 and IPv6
14380 * using the same state machine.
14381 *
14382 * We return an error on failure. In particular we return EWOULDBLOCK
14383 * when the driver flow controls. In that case this ensures that ip_wsrv runs
14384 * (currently by canputnext failure resulting in backenabling from GLD.)
14385 * This allows the callers of conn_ip_output() to use EWOULDBLOCK as an
14386 * indication that they can flow control until ip_wsrv() tells then to restart.
14387 *
14388 * If the nce passed by caller is incomplete, this function
14389 * queues the packet and if necessary, sends ARP request and bails.
14390 * If the Neighbor Cache passed is fully resolved, we simply prepend
14391 * the link-layer header to the packet, do ipsec hw acceleration
14392 * work if necessary, and send the packet out on the wire.
14393 */
14394 /* ARGSUSED6 */
14395 int
14396 ip_xmit(mblk_t *mp, nce_t *nce, iaflags_t ixaflags, uint_t pkt_len,
14397 uint32_t xmit_hint, zoneid_t szone, zoneid_t nolzid, uintptr_t *ixacookie)
14398 {
14399 queue_t *wq;
14400 ill_t *ill = nce->nce_ill;
14401 ip_stack_t *ipst = ill->ill_ipst;
14402 uint64_t delta;
14403 boolean_t isv6 = ill->ill_isv6;
14404 boolean_t fp_mp;
14405 ncec_t *ncec = nce->nce_common;
14406 int64_t now = LBOLT_FASTPATH64;
14407 boolean_t is_probe;
14408
14409 DTRACE_PROBE1(ip__xmit, nce_t *, nce);
14410
14411 ASSERT(mp != NULL);
14412 ASSERT(mp->b_datap->db_type == M_DATA);
14413 ASSERT(pkt_len == msgdsize(mp));
14414
14415 /*
14416 * If we have already been here and are coming back after ARP/ND.
14417 * the IXAF_NO_TRACE flag is set. We skip FW_HOOKS, DTRACE and ipobs
14418 * in that case since they have seen the packet when it came here
14419 * the first time.
14420 */
14421 if (ixaflags & IXAF_NO_TRACE)
14422 goto sendit;
14423
14424 if (ixaflags & IXAF_IS_IPV4) {
14425 ipha_t *ipha = (ipha_t *)mp->b_rptr;
14426
14427 ASSERT(!isv6);
14428 ASSERT(pkt_len == ntohs(((ipha_t *)mp->b_rptr)->ipha_length));
14429 if (HOOKS4_INTERESTED_PHYSICAL_OUT(ipst) &&
14430 !(ixaflags & IXAF_NO_PFHOOK)) {
14431 int error;
14432
14433 FW_HOOKS(ipst->ips_ip4_physical_out_event,
14434 ipst->ips_ipv4firewall_physical_out,
14435 NULL, ill, ipha, mp, mp, 0, ipst, error);
14436 DTRACE_PROBE1(ip4__physical__out__end,
14437 mblk_t *, mp);
14438 if (mp == NULL)
14439 return (error);
14440
14441 /* The length could have changed */
14442 pkt_len = msgdsize(mp);
14443 }
14444 if (ipst->ips_ip4_observe.he_interested) {
14445 /*
14446 * Note that for TX the zoneid is the sending
14447 * zone, whether or not MLP is in play.
14448 * Since the szone argument is the IP zoneid (i.e.,
14449 * zero for exclusive-IP zones) and ipobs wants
14450 * the system zoneid, we map it here.
14451 */
14452 szone = IP_REAL_ZONEID(szone, ipst);
14453
14454 /*
14455 * On the outbound path the destination zone will be
14456 * unknown as we're sending this packet out on the
14457 * wire.
14458 */
14459 ipobs_hook(mp, IPOBS_HOOK_OUTBOUND, szone, ALL_ZONES,
14460 ill, ipst);
14461 }
14462 DTRACE_IP7(send, mblk_t *, mp, conn_t *, NULL,
14463 void_ip_t *, ipha, __dtrace_ipsr_ill_t *, ill,
14464 ipha_t *, ipha, ip6_t *, NULL, int, 0);
14465 } else {
14466 ip6_t *ip6h = (ip6_t *)mp->b_rptr;
14467
14468 ASSERT(isv6);
14469 ASSERT(pkt_len ==
14470 ntohs(((ip6_t *)mp->b_rptr)->ip6_plen) + IPV6_HDR_LEN);
14471 if (HOOKS6_INTERESTED_PHYSICAL_OUT(ipst) &&
14472 !(ixaflags & IXAF_NO_PFHOOK)) {
14473 int error;
14474
14475 FW_HOOKS6(ipst->ips_ip6_physical_out_event,
14476 ipst->ips_ipv6firewall_physical_out,
14477 NULL, ill, ip6h, mp, mp, 0, ipst, error);
14478 DTRACE_PROBE1(ip6__physical__out__end,
14479 mblk_t *, mp);
14480 if (mp == NULL)
14481 return (error);
14482
14483 /* The length could have changed */
14484 pkt_len = msgdsize(mp);
14485 }
14486 if (ipst->ips_ip6_observe.he_interested) {
14487 /* See above */
14488 szone = IP_REAL_ZONEID(szone, ipst);
14489
14490 ipobs_hook(mp, IPOBS_HOOK_OUTBOUND, szone, ALL_ZONES,
14491 ill, ipst);
14492 }
14493 DTRACE_IP7(send, mblk_t *, mp, conn_t *, NULL,
14494 void_ip_t *, ip6h, __dtrace_ipsr_ill_t *, ill,
14495 ipha_t *, NULL, ip6_t *, ip6h, int, 0);
14496 }
14497
14498 sendit:
14499 /*
14500 * We check the state without a lock because the state can never
14501 * move "backwards" to initial or incomplete.
14502 */
14503 switch (ncec->ncec_state) {
14504 case ND_REACHABLE:
14505 case ND_STALE:
14506 case ND_DELAY:
14507 case ND_PROBE:
14508 mp = ip_xmit_attach_llhdr(mp, nce);
14509 if (mp == NULL) {
14510 /*
14511 * ip_xmit_attach_llhdr has increased
14512 * ipIfStatsOutDiscards and called ip_drop_output()
14513 */
14514 return (ENOBUFS);
14515 }
14516 /*
14517 * check if nce_fastpath completed and we tagged on a
14518 * copy of nce_fp_mp in ip_xmit_attach_llhdr().
14519 */
14520 fp_mp = (mp->b_datap->db_type == M_DATA);
14521
14522 if (fp_mp &&
14523 (ill->ill_capabilities & ILL_CAPAB_DLD_DIRECT)) {
14524 ill_dld_direct_t *idd;
14525
14526 idd = &ill->ill_dld_capab->idc_direct;
14527 /*
14528 * Send the packet directly to DLD, where it
14529 * may be queued depending on the availability
14530 * of transmit resources at the media layer.
14531 * Return value should be taken into
14532 * account and flow control the TCP.
14533 */
14534 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutTransmits);
14535 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCOutOctets,
14536 pkt_len);
14537
14538 if (ixaflags & IXAF_NO_DEV_FLOW_CTL) {
14539 (void) idd->idd_tx_df(idd->idd_tx_dh, mp,
14540 (uintptr_t)xmit_hint, IP_DROP_ON_NO_DESC);
14541 } else {
14542 uintptr_t cookie;
14543
14544 if ((cookie = idd->idd_tx_df(idd->idd_tx_dh,
14545 mp, (uintptr_t)xmit_hint, 0)) != 0) {
14546 if (ixacookie != NULL)
14547 *ixacookie = cookie;
14548 return (EWOULDBLOCK);
14549 }
14550 }
14551 } else {
14552 wq = ill->ill_wq;
14553
14554 if (!(ixaflags & IXAF_NO_DEV_FLOW_CTL) &&
14555 !canputnext(wq)) {
14556 if (ixacookie != NULL)
14557 *ixacookie = 0;
14558 ip_xmit_flowctl_drop(ill, mp, fp_mp,
14559 nce->nce_fp_mp != NULL ?
14560 MBLKL(nce->nce_fp_mp) : 0);
14561 return (EWOULDBLOCK);
14562 }
14563 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutTransmits);
14564 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCOutOctets,
14565 pkt_len);
14566 putnext(wq, mp);
14567 }
14568
14569 /*
14570 * The rest of this function implements Neighbor Unreachability
14571 * detection. Determine if the ncec is eligible for NUD.
14572 */
14573 if (ncec->ncec_flags & NCE_F_NONUD)
14574 return (0);
14575
14576 ASSERT(ncec->ncec_state != ND_INCOMPLETE);
14577
14578 /*
14579 * Check for upper layer advice
14580 */
14581 if (ixaflags & IXAF_REACH_CONF) {
14582 timeout_id_t tid;
14583
14584 /*
14585 * It should be o.k. to check the state without
14586 * a lock here, at most we lose an advice.
14587 */
14588 ncec->ncec_last = TICK_TO_MSEC(now);
14589 if (ncec->ncec_state != ND_REACHABLE) {
14590 mutex_enter(&ncec->ncec_lock);
14591 ncec->ncec_state = ND_REACHABLE;
14592 tid = ncec->ncec_timeout_id;
14593 ncec->ncec_timeout_id = 0;
14594 mutex_exit(&ncec->ncec_lock);
14595 (void) untimeout(tid);
14596 if (ip_debug > 2) {
14597 /* ip1dbg */
14598 pr_addr_dbg("ip_xmit: state"
14599 " for %s changed to"
14600 " REACHABLE\n", AF_INET6,
14601 &ncec->ncec_addr);
14602 }
14603 }
14604 return (0);
14605 }
14606
14607 delta = TICK_TO_MSEC(now) - ncec->ncec_last;
14608 ip1dbg(("ip_xmit: delta = %" PRId64
14609 " ill_reachable_time = %d \n", delta,
14610 ill->ill_reachable_time));
14611 if (delta > (uint64_t)ill->ill_reachable_time) {
14612 mutex_enter(&ncec->ncec_lock);
14613 switch (ncec->ncec_state) {
14614 case ND_REACHABLE:
14615 ASSERT((ncec->ncec_flags & NCE_F_NONUD) == 0);
14616 /* FALLTHROUGH */
14617 case ND_STALE:
14618 /*
14619 * ND_REACHABLE is identical to
14620 * ND_STALE in this specific case. If
14621 * reachable time has expired for this
14622 * neighbor (delta is greater than
14623 * reachable time), conceptually, the
14624 * neighbor cache is no longer in
14625 * REACHABLE state, but already in
14626 * STALE state. So the correct
14627 * transition here is to ND_DELAY.
14628 */
14629 ncec->ncec_state = ND_DELAY;
14630 mutex_exit(&ncec->ncec_lock);
14631 nce_restart_timer(ncec,
14632 ipst->ips_delay_first_probe_time);
14633 if (ip_debug > 3) {
14634 /* ip2dbg */
14635 pr_addr_dbg("ip_xmit: state"
14636 " for %s changed to"
14637 " DELAY\n", AF_INET6,
14638 &ncec->ncec_addr);
14639 }
14640 break;
14641 case ND_DELAY:
14642 case ND_PROBE:
14643 mutex_exit(&ncec->ncec_lock);
14644 /* Timers have already started */
14645 break;
14646 case ND_UNREACHABLE:
14647 /*
14648 * nce_timer has detected that this ncec
14649 * is unreachable and initiated deleting
14650 * this ncec.
14651 * This is a harmless race where we found the
14652 * ncec before it was deleted and have
14653 * just sent out a packet using this
14654 * unreachable ncec.
14655 */
14656 mutex_exit(&ncec->ncec_lock);
14657 break;
14658 default:
14659 ASSERT(0);
14660 mutex_exit(&ncec->ncec_lock);
14661 }
14662 }
14663 return (0);
14664
14665 case ND_INCOMPLETE:
14666 /*
14667 * the state could have changed since we didn't hold the lock.
14668 * Re-verify state under lock.
14669 */
14670 is_probe = ipmp_packet_is_probe(mp, nce->nce_ill);
14671 mutex_enter(&ncec->ncec_lock);
14672 if (NCE_ISREACHABLE(ncec)) {
14673 mutex_exit(&ncec->ncec_lock);
14674 goto sendit;
14675 }
14676 /* queue the packet */
14677 nce_queue_mp(ncec, mp, is_probe);
14678 mutex_exit(&ncec->ncec_lock);
14679 DTRACE_PROBE2(ip__xmit__incomplete,
14680 (ncec_t *), ncec, (mblk_t *), mp);
14681 return (0);
14682
14683 case ND_INITIAL:
14684 /*
14685 * State could have changed since we didn't hold the lock, so
14686 * re-verify state.
14687 */
14688 is_probe = ipmp_packet_is_probe(mp, nce->nce_ill);
14689 mutex_enter(&ncec->ncec_lock);
14690 if (NCE_ISREACHABLE(ncec)) {
14691 mutex_exit(&ncec->ncec_lock);
14692 goto sendit;
14693 }
14694 nce_queue_mp(ncec, mp, is_probe);
14695 if (ncec->ncec_state == ND_INITIAL) {
14696 ncec->ncec_state = ND_INCOMPLETE;
14697 mutex_exit(&ncec->ncec_lock);
14698 /*
14699 * figure out the source we want to use
14700 * and resolve it.
14701 */
14702 ip_ndp_resolve(ncec);
14703 } else {
14704 mutex_exit(&ncec->ncec_lock);
14705 }
14706 return (0);
14707
14708 case ND_UNREACHABLE:
14709 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
14710 ip_drop_output("ipIfStatsOutDiscards - ND_UNREACHABLE",
14711 mp, ill);
14712 freemsg(mp);
14713 return (0);
14714
14715 default:
14716 ASSERT(0);
14717 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
14718 ip_drop_output("ipIfStatsOutDiscards - ND_other",
14719 mp, ill);
14720 freemsg(mp);
14721 return (ENETUNREACH);
14722 }
14723 }
14724
14725 /*
14726 * Return B_TRUE if the buffers differ in length or content.
14727 * This is used for comparing extension header buffers.
14728 * Note that an extension header would be declared different
14729 * even if all that changed was the next header value in that header i.e.
14730 * what really changed is the next extension header.
14731 */
14732 boolean_t
14733 ip_cmpbuf(const void *abuf, uint_t alen, boolean_t b_valid, const void *bbuf,
14734 uint_t blen)
14735 {
14736 if (!b_valid)
14737 blen = 0;
14738
14739 if (alen != blen)
14740 return (B_TRUE);
14741 if (alen == 0)
14742 return (B_FALSE); /* Both zero length */
14743 return (bcmp(abuf, bbuf, alen));
14744 }
14745
14746 /*
14747 * Preallocate memory for ip_savebuf(). Returns B_TRUE if ok.
14748 * Return B_FALSE if memory allocation fails - don't change any state!
14749 */
14750 boolean_t
14751 ip_allocbuf(void **dstp, uint_t *dstlenp, boolean_t src_valid,
14752 const void *src, uint_t srclen)
14753 {
14754 void *dst;
14755
14756 if (!src_valid)
14757 srclen = 0;
14758
14759 ASSERT(*dstlenp == 0);
14760 if (src != NULL && srclen != 0) {
14761 dst = mi_alloc(srclen, BPRI_MED);
14762 if (dst == NULL)
14763 return (B_FALSE);
14764 } else {
14765 dst = NULL;
14766 }
14767 if (*dstp != NULL)
14768 mi_free(*dstp);
14769 *dstp = dst;
14770 *dstlenp = dst == NULL ? 0 : srclen;
14771 return (B_TRUE);
14772 }
14773
14774 /*
14775 * Replace what is in *dst, *dstlen with the source.
14776 * Assumes ip_allocbuf has already been called.
14777 */
14778 void
14779 ip_savebuf(void **dstp, uint_t *dstlenp, boolean_t src_valid,
14780 const void *src, uint_t srclen)
14781 {
14782 if (!src_valid)
14783 srclen = 0;
14784
14785 ASSERT(*dstlenp == srclen);
14786 if (src != NULL && srclen != 0)
14787 bcopy(src, *dstp, srclen);
14788 }
14789
14790 /*
14791 * Free the storage pointed to by the members of an ip_pkt_t.
14792 */
14793 void
14794 ip_pkt_free(ip_pkt_t *ipp)
14795 {
14796 uint_t fields = ipp->ipp_fields;
14797
14798 if (fields & IPPF_HOPOPTS) {
14799 kmem_free(ipp->ipp_hopopts, ipp->ipp_hopoptslen);
14800 ipp->ipp_hopopts = NULL;
14801 ipp->ipp_hopoptslen = 0;
14802 }
14803 if (fields & IPPF_RTHDRDSTOPTS) {
14804 kmem_free(ipp->ipp_rthdrdstopts, ipp->ipp_rthdrdstoptslen);
14805 ipp->ipp_rthdrdstopts = NULL;
14806 ipp->ipp_rthdrdstoptslen = 0;
14807 }
14808 if (fields & IPPF_DSTOPTS) {
14809 kmem_free(ipp->ipp_dstopts, ipp->ipp_dstoptslen);
14810 ipp->ipp_dstopts = NULL;
14811 ipp->ipp_dstoptslen = 0;
14812 }
14813 if (fields & IPPF_RTHDR) {
14814 kmem_free(ipp->ipp_rthdr, ipp->ipp_rthdrlen);
14815 ipp->ipp_rthdr = NULL;
14816 ipp->ipp_rthdrlen = 0;
14817 }
14818 if (fields & IPPF_IPV4_OPTIONS) {
14819 kmem_free(ipp->ipp_ipv4_options, ipp->ipp_ipv4_options_len);
14820 ipp->ipp_ipv4_options = NULL;
14821 ipp->ipp_ipv4_options_len = 0;
14822 }
14823 if (fields & IPPF_LABEL_V4) {
14824 kmem_free(ipp->ipp_label_v4, ipp->ipp_label_len_v4);
14825 ipp->ipp_label_v4 = NULL;
14826 ipp->ipp_label_len_v4 = 0;
14827 }
14828 if (fields & IPPF_LABEL_V6) {
14829 kmem_free(ipp->ipp_label_v6, ipp->ipp_label_len_v6);
14830 ipp->ipp_label_v6 = NULL;
14831 ipp->ipp_label_len_v6 = 0;
14832 }
14833 ipp->ipp_fields &= ~(IPPF_HOPOPTS | IPPF_RTHDRDSTOPTS | IPPF_DSTOPTS |
14834 IPPF_RTHDR | IPPF_IPV4_OPTIONS | IPPF_LABEL_V4 | IPPF_LABEL_V6);
14835 }
14836
14837 /*
14838 * Copy from src to dst and allocate as needed.
14839 * Returns zero or ENOMEM.
14840 *
14841 * The caller must initialize dst to zero.
14842 */
14843 int
14844 ip_pkt_copy(ip_pkt_t *src, ip_pkt_t *dst, int kmflag)
14845 {
14846 uint_t fields = src->ipp_fields;
14847
14848 /* Start with fields that don't require memory allocation */
14849 dst->ipp_fields = fields &
14850 ~(IPPF_HOPOPTS | IPPF_RTHDRDSTOPTS | IPPF_DSTOPTS |
14851 IPPF_RTHDR | IPPF_IPV4_OPTIONS | IPPF_LABEL_V4 | IPPF_LABEL_V6);
14852
14853 dst->ipp_addr = src->ipp_addr;
14854 dst->ipp_unicast_hops = src->ipp_unicast_hops;
14855 dst->ipp_hoplimit = src->ipp_hoplimit;
14856 dst->ipp_tclass = src->ipp_tclass;
14857 dst->ipp_type_of_service = src->ipp_type_of_service;
14858
14859 if (!(fields & (IPPF_HOPOPTS | IPPF_RTHDRDSTOPTS | IPPF_DSTOPTS |
14860 IPPF_RTHDR | IPPF_IPV4_OPTIONS | IPPF_LABEL_V4 | IPPF_LABEL_V6)))
14861 return (0);
14862
14863 if (fields & IPPF_HOPOPTS) {
14864 dst->ipp_hopopts = kmem_alloc(src->ipp_hopoptslen, kmflag);
14865 if (dst->ipp_hopopts == NULL) {
14866 ip_pkt_free(dst);
14867 return (ENOMEM);
14868 }
14869 dst->ipp_fields |= IPPF_HOPOPTS;
14870 bcopy(src->ipp_hopopts, dst->ipp_hopopts,
14871 src->ipp_hopoptslen);
14872 dst->ipp_hopoptslen = src->ipp_hopoptslen;
14873 }
14874 if (fields & IPPF_RTHDRDSTOPTS) {
14875 dst->ipp_rthdrdstopts = kmem_alloc(src->ipp_rthdrdstoptslen,
14876 kmflag);
14877 if (dst->ipp_rthdrdstopts == NULL) {
14878 ip_pkt_free(dst);
14879 return (ENOMEM);
14880 }
14881 dst->ipp_fields |= IPPF_RTHDRDSTOPTS;
14882 bcopy(src->ipp_rthdrdstopts, dst->ipp_rthdrdstopts,
14883 src->ipp_rthdrdstoptslen);
14884 dst->ipp_rthdrdstoptslen = src->ipp_rthdrdstoptslen;
14885 }
14886 if (fields & IPPF_DSTOPTS) {
14887 dst->ipp_dstopts = kmem_alloc(src->ipp_dstoptslen, kmflag);
14888 if (dst->ipp_dstopts == NULL) {
14889 ip_pkt_free(dst);
14890 return (ENOMEM);
14891 }
14892 dst->ipp_fields |= IPPF_DSTOPTS;
14893 bcopy(src->ipp_dstopts, dst->ipp_dstopts,
14894 src->ipp_dstoptslen);
14895 dst->ipp_dstoptslen = src->ipp_dstoptslen;
14896 }
14897 if (fields & IPPF_RTHDR) {
14898 dst->ipp_rthdr = kmem_alloc(src->ipp_rthdrlen, kmflag);
14899 if (dst->ipp_rthdr == NULL) {
14900 ip_pkt_free(dst);
14901 return (ENOMEM);
14902 }
14903 dst->ipp_fields |= IPPF_RTHDR;
14904 bcopy(src->ipp_rthdr, dst->ipp_rthdr,
14905 src->ipp_rthdrlen);
14906 dst->ipp_rthdrlen = src->ipp_rthdrlen;
14907 }
14908 if (fields & IPPF_IPV4_OPTIONS) {
14909 dst->ipp_ipv4_options = kmem_alloc(src->ipp_ipv4_options_len,
14910 kmflag);
14911 if (dst->ipp_ipv4_options == NULL) {
14912 ip_pkt_free(dst);
14913 return (ENOMEM);
14914 }
14915 dst->ipp_fields |= IPPF_IPV4_OPTIONS;
14916 bcopy(src->ipp_ipv4_options, dst->ipp_ipv4_options,
14917 src->ipp_ipv4_options_len);
14918 dst->ipp_ipv4_options_len = src->ipp_ipv4_options_len;
14919 }
14920 if (fields & IPPF_LABEL_V4) {
14921 dst->ipp_label_v4 = kmem_alloc(src->ipp_label_len_v4, kmflag);
14922 if (dst->ipp_label_v4 == NULL) {
14923 ip_pkt_free(dst);
14924 return (ENOMEM);
14925 }
14926 dst->ipp_fields |= IPPF_LABEL_V4;
14927 bcopy(src->ipp_label_v4, dst->ipp_label_v4,
14928 src->ipp_label_len_v4);
14929 dst->ipp_label_len_v4 = src->ipp_label_len_v4;
14930 }
14931 if (fields & IPPF_LABEL_V6) {
14932 dst->ipp_label_v6 = kmem_alloc(src->ipp_label_len_v6, kmflag);
14933 if (dst->ipp_label_v6 == NULL) {
14934 ip_pkt_free(dst);
14935 return (ENOMEM);
14936 }
14937 dst->ipp_fields |= IPPF_LABEL_V6;
14938 bcopy(src->ipp_label_v6, dst->ipp_label_v6,
14939 src->ipp_label_len_v6);
14940 dst->ipp_label_len_v6 = src->ipp_label_len_v6;
14941 }
14942 if (fields & IPPF_FRAGHDR) {
14943 dst->ipp_fraghdr = kmem_alloc(src->ipp_fraghdrlen, kmflag);
14944 if (dst->ipp_fraghdr == NULL) {
14945 ip_pkt_free(dst);
14946 return (ENOMEM);
14947 }
14948 dst->ipp_fields |= IPPF_FRAGHDR;
14949 bcopy(src->ipp_fraghdr, dst->ipp_fraghdr,
14950 src->ipp_fraghdrlen);
14951 dst->ipp_fraghdrlen = src->ipp_fraghdrlen;
14952 }
14953 return (0);
14954 }
14955
14956 /*
14957 * Returns INADDR_ANY if no source route
14958 */
14959 ipaddr_t
14960 ip_pkt_source_route_v4(const ip_pkt_t *ipp)
14961 {
14962 ipaddr_t nexthop = INADDR_ANY;
14963 ipoptp_t opts;
14964 uchar_t *opt;
14965 uint8_t optval;
14966 uint8_t optlen;
14967 uint32_t totallen;
14968
14969 if (!(ipp->ipp_fields & IPPF_IPV4_OPTIONS))
14970 return (INADDR_ANY);
14971
14972 totallen = ipp->ipp_ipv4_options_len;
14973 if (totallen & 0x3)
14974 return (INADDR_ANY);
14975
14976 for (optval = ipoptp_first2(&opts, totallen, ipp->ipp_ipv4_options);
14977 optval != IPOPT_EOL;
14978 optval = ipoptp_next(&opts)) {
14979 opt = opts.ipoptp_cur;
14980 switch (optval) {
14981 uint8_t off;
14982 case IPOPT_SSRR:
14983 case IPOPT_LSRR:
14984 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
14985 break;
14986 }
14987 optlen = opts.ipoptp_len;
14988 off = opt[IPOPT_OFFSET];
14989 off--;
14990 if (optlen < IP_ADDR_LEN ||
14991 off > optlen - IP_ADDR_LEN) {
14992 /* End of source route */
14993 break;
14994 }
14995 bcopy((char *)opt + off, &nexthop, IP_ADDR_LEN);
14996 if (nexthop == htonl(INADDR_LOOPBACK)) {
14997 /* Ignore */
14998 nexthop = INADDR_ANY;
14999 break;
15000 }
15001 break;
15002 }
15003 }
15004 return (nexthop);
15005 }
15006
15007 /*
15008 * Reverse a source route.
15009 */
15010 void
15011 ip_pkt_source_route_reverse_v4(ip_pkt_t *ipp)
15012 {
15013 ipaddr_t tmp;
15014 ipoptp_t opts;
15015 uchar_t *opt;
15016 uint8_t optval;
15017 uint32_t totallen;
15018
15019 if (!(ipp->ipp_fields & IPPF_IPV4_OPTIONS))
15020 return;
15021
15022 totallen = ipp->ipp_ipv4_options_len;
15023 if (totallen & 0x3)
15024 return;
15025
15026 for (optval = ipoptp_first2(&opts, totallen, ipp->ipp_ipv4_options);
15027 optval != IPOPT_EOL;
15028 optval = ipoptp_next(&opts)) {
15029 uint8_t off1, off2;
15030
15031 opt = opts.ipoptp_cur;
15032 switch (optval) {
15033 case IPOPT_SSRR:
15034 case IPOPT_LSRR:
15035 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
15036 break;
15037 }
15038 off1 = IPOPT_MINOFF_SR - 1;
15039 off2 = opt[IPOPT_OFFSET] - IP_ADDR_LEN - 1;
15040 while (off2 > off1) {
15041 bcopy(opt + off2, &tmp, IP_ADDR_LEN);
15042 bcopy(opt + off1, opt + off2, IP_ADDR_LEN);
15043 bcopy(&tmp, opt + off2, IP_ADDR_LEN);
15044 off2 -= IP_ADDR_LEN;
15045 off1 += IP_ADDR_LEN;
15046 }
15047 opt[IPOPT_OFFSET] = IPOPT_MINOFF_SR;
15048 break;
15049 }
15050 }
15051 }
15052
15053 /*
15054 * Returns NULL if no routing header
15055 */
15056 in6_addr_t *
15057 ip_pkt_source_route_v6(const ip_pkt_t *ipp)
15058 {
15059 in6_addr_t *nexthop = NULL;
15060 ip6_rthdr0_t *rthdr;
15061
15062 if (!(ipp->ipp_fields & IPPF_RTHDR))
15063 return (NULL);
15064
15065 rthdr = (ip6_rthdr0_t *)ipp->ipp_rthdr;
15066 if (rthdr->ip6r0_segleft == 0)
15067 return (NULL);
15068
15069 nexthop = (in6_addr_t *)((char *)rthdr + sizeof (*rthdr));
15070 return (nexthop);
15071 }
15072
15073 zoneid_t
15074 ip_get_zoneid_v4(ipaddr_t addr, mblk_t *mp, ip_recv_attr_t *ira,
15075 zoneid_t lookup_zoneid)
15076 {
15077 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
15078 ire_t *ire;
15079 int ire_flags = MATCH_IRE_TYPE;
15080 zoneid_t zoneid = ALL_ZONES;
15081
15082 if (is_system_labeled() && !tsol_can_accept_raw(mp, ira, B_FALSE))
15083 return (ALL_ZONES);
15084
15085 if (lookup_zoneid != ALL_ZONES)
15086 ire_flags |= MATCH_IRE_ZONEONLY;
15087 ire = ire_ftable_lookup_v4(addr, NULL, NULL, IRE_LOCAL | IRE_LOOPBACK,
15088 NULL, lookup_zoneid, NULL, ire_flags, 0, ipst, NULL);
15089 if (ire != NULL) {
15090 zoneid = IP_REAL_ZONEID(ire->ire_zoneid, ipst);
15091 ire_refrele(ire);
15092 }
15093 return (zoneid);
15094 }
15095
15096 zoneid_t
15097 ip_get_zoneid_v6(in6_addr_t *addr, mblk_t *mp, const ill_t *ill,
15098 ip_recv_attr_t *ira, zoneid_t lookup_zoneid)
15099 {
15100 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
15101 ire_t *ire;
15102 int ire_flags = MATCH_IRE_TYPE;
15103 zoneid_t zoneid = ALL_ZONES;
15104
15105 if (is_system_labeled() && !tsol_can_accept_raw(mp, ira, B_FALSE))
15106 return (ALL_ZONES);
15107
15108 if (IN6_IS_ADDR_LINKLOCAL(addr))
15109 ire_flags |= MATCH_IRE_ILL;
15110
15111 if (lookup_zoneid != ALL_ZONES)
15112 ire_flags |= MATCH_IRE_ZONEONLY;
15113 ire = ire_ftable_lookup_v6(addr, NULL, NULL, IRE_LOCAL | IRE_LOOPBACK,
15114 ill, lookup_zoneid, NULL, ire_flags, 0, ipst, NULL);
15115 if (ire != NULL) {
15116 zoneid = IP_REAL_ZONEID(ire->ire_zoneid, ipst);
15117 ire_refrele(ire);
15118 }
15119 return (zoneid);
15120 }
15121
15122 /*
15123 * IP obserability hook support functions.
15124 */
15125 static void
15126 ipobs_init(ip_stack_t *ipst)
15127 {
15128 netid_t id;
15129
15130 id = net_getnetidbynetstackid(ipst->ips_netstack->netstack_stackid);
15131
15132 ipst->ips_ip4_observe_pr = net_protocol_lookup(id, NHF_INET);
15133 VERIFY(ipst->ips_ip4_observe_pr != NULL);
15134
15135 ipst->ips_ip6_observe_pr = net_protocol_lookup(id, NHF_INET6);
15136 VERIFY(ipst->ips_ip6_observe_pr != NULL);
15137 }
15138
15139 static void
15140 ipobs_fini(ip_stack_t *ipst)
15141 {
15142
15143 VERIFY(net_protocol_release(ipst->ips_ip4_observe_pr) == 0);
15144 VERIFY(net_protocol_release(ipst->ips_ip6_observe_pr) == 0);
15145 }
15146
15147 /*
15148 * hook_pkt_observe_t is composed in network byte order so that the
15149 * entire mblk_t chain handed into hook_run can be used as-is.
15150 * The caveat is that use of the fields, such as the zone fields,
15151 * requires conversion into host byte order first.
15152 */
15153 void
15154 ipobs_hook(mblk_t *mp, int htype, zoneid_t zsrc, zoneid_t zdst,
15155 const ill_t *ill, ip_stack_t *ipst)
15156 {
15157 hook_pkt_observe_t *hdr;
15158 uint64_t grifindex;
15159 mblk_t *imp;
15160
15161 imp = allocb(sizeof (*hdr), BPRI_HI);
15162 if (imp == NULL)
15163 return;
15164
15165 hdr = (hook_pkt_observe_t *)imp->b_rptr;
15166 /*
15167 * b_wptr is set to make the apparent size of the data in the mblk_t
15168 * to exclude the pointers at the end of hook_pkt_observer_t.
15169 */
15170 imp->b_wptr = imp->b_rptr + sizeof (dl_ipnetinfo_t);
15171 imp->b_cont = mp;
15172
15173 ASSERT(DB_TYPE(mp) == M_DATA);
15174
15175 if (IS_UNDER_IPMP(ill))
15176 grifindex = ipmp_ill_get_ipmp_ifindex(ill);
15177 else
15178 grifindex = 0;
15179
15180 hdr->hpo_version = 1;
15181 hdr->hpo_htype = htons(htype);
15182 hdr->hpo_pktlen = htonl((ulong_t)msgdsize(mp));
15183 hdr->hpo_ifindex = htonl(ill->ill_phyint->phyint_ifindex);
15184 hdr->hpo_grifindex = htonl(grifindex);
15185 hdr->hpo_zsrc = htonl(zsrc);
15186 hdr->hpo_zdst = htonl(zdst);
15187 hdr->hpo_pkt = imp;
15188 hdr->hpo_ctx = ipst->ips_netstack;
15189
15190 if (ill->ill_isv6) {
15191 hdr->hpo_family = AF_INET6;
15192 (void) hook_run(ipst->ips_ipv6_net_data->netd_hooks,
15193 ipst->ips_ipv6observing, (hook_data_t)hdr);
15194 } else {
15195 hdr->hpo_family = AF_INET;
15196 (void) hook_run(ipst->ips_ipv4_net_data->netd_hooks,
15197 ipst->ips_ipv4observing, (hook_data_t)hdr);
15198 }
15199
15200 imp->b_cont = NULL;
15201 freemsg(imp);
15202 }
15203
15204 /*
15205 * Utility routine that checks if `v4srcp' is a valid address on underlying
15206 * interface `ill'. If `ipifp' is non-NULL, it's set to a held ipif
15207 * associated with `v4srcp' on success. NOTE: if this is not called from
15208 * inside the IPSQ (ill_g_lock is not held), `ill' may be removed from the
15209 * group during or after this lookup.
15210 */
15211 boolean_t
15212 ipif_lookup_testaddr_v4(ill_t *ill, const in_addr_t *v4srcp, ipif_t **ipifp)
15213 {
15214 ipif_t *ipif;
15215
15216 ipif = ipif_lookup_addr_exact(*v4srcp, ill, ill->ill_ipst);
15217 if (ipif != NULL) {
15218 if (ipifp != NULL)
15219 *ipifp = ipif;
15220 else
15221 ipif_refrele(ipif);
15222 return (B_TRUE);
15223 }
15224
15225 ip1dbg(("ipif_lookup_testaddr_v4: cannot find ipif for src %x\n",
15226 *v4srcp));
15227 return (B_FALSE);
15228 }
15229
15230 /*
15231 * Transport protocol call back function for CPU state change.
15232 */
15233 /* ARGSUSED */
15234 static int
15235 ip_tp_cpu_update(cpu_setup_t what, int id, void *arg)
15236 {
15237 processorid_t cpu_seqid;
15238 netstack_handle_t nh;
15239 netstack_t *ns;
15240
15241 ASSERT(MUTEX_HELD(&cpu_lock));
15242
15243 switch (what) {
15244 case CPU_CONFIG:
15245 case CPU_ON:
15246 case CPU_INIT:
15247 case CPU_CPUPART_IN:
15248 cpu_seqid = cpu[id]->cpu_seqid;
15249 netstack_next_init(&nh);
15250 while ((ns = netstack_next(&nh)) != NULL) {
15251 dccp_stack_cpu_add(ns->netstack_dccp, cpu_seqid);
15252 tcp_stack_cpu_add(ns->netstack_tcp, cpu_seqid);
15253 sctp_stack_cpu_add(ns->netstack_sctp, cpu_seqid);
15254 udp_stack_cpu_add(ns->netstack_udp, cpu_seqid);
15255 netstack_rele(ns);
15256 }
15257 netstack_next_fini(&nh);
15258 break;
15259 case CPU_UNCONFIG:
15260 case CPU_OFF:
15261 case CPU_CPUPART_OUT:
15262 /*
15263 * Nothing to do. We don't remove the per CPU stats from
15264 * the IP stack even when the CPU goes offline.
15265 */
15266 break;
15267 default:
15268 break;
15269 }
15270 return (0);
15271 }