94 #include <netinet/ip_mroute.h>
95 #include <inet/ipp_common.h>
96
97 #include <net/pfkeyv2.h>
98 #include <inet/sadb.h>
99 #include <inet/ipsec_impl.h>
100 #include <inet/iptun/iptun_impl.h>
101 #include <inet/ipdrop.h>
102 #include <inet/ip_netinfo.h>
103 #include <inet/ilb_ip.h>
104
105 #include <sys/ethernet.h>
106 #include <net/if_types.h>
107 #include <sys/cpuvar.h>
108
109 #include <ipp/ipp.h>
110 #include <ipp/ipp_impl.h>
111 #include <ipp/ipgpc/ipgpc.h>
112
113 #include <sys/pattr.h>
114 #include <inet/ipclassifier.h>
115 #include <inet/sctp_ip.h>
116 #include <inet/sctp/sctp_impl.h>
117 #include <inet/udp_impl.h>
118 #include <inet/rawip_impl.h>
119 #include <inet/rts_impl.h>
120
121 #include <sys/tsol/label.h>
122 #include <sys/tsol/tnet.h>
123
124 #include <sys/squeue_impl.h>
125 #include <inet/ip_arp.h>
126
127 #include <sys/clock_impl.h> /* For LBOLT_FASTPATH{,64} */
128
129 /*
130 * Values for squeue switch:
131 * IP_SQUEUE_ENTER_NODRAIN: SQ_NODRAIN
132 * IP_SQUEUE_ENTER: SQ_PROCESS
133 * IP_SQUEUE_FILL: SQ_FILL
1804 if (connp == NULL)
1805 goto discard_pkt;
1806
1807 if ((connp->conn_verifyicmp != NULL) &&
1808 !connp->conn_verifyicmp(connp, tcpha, icmph, NULL, ira)) {
1809 CONN_DEC_REF(connp);
1810 goto discard_pkt;
1811 }
1812 CONN_DEC_REF(connp);
1813 break;
1814 }
1815 case IPPROTO_SCTP:
1816 /*
1817 * Verify we have at least ICMP_MIN_TP_HDR_LEN bytes of
1818 * transport header.
1819 */
1820 if ((uchar_t *)ipha + hdr_length + ICMP_MIN_TP_HDR_LEN >
1821 mp->b_wptr)
1822 goto truncated;
1823 break;
1824 case IPPROTO_ESP:
1825 case IPPROTO_AH:
1826 break;
1827 case IPPROTO_ENCAP:
1828 if ((uchar_t *)ipha + hdr_length + sizeof (ipha_t) >
1829 mp->b_wptr)
1830 goto truncated;
1831 break;
1832 default:
1833 break;
1834 }
1835
1836 return (B_TRUE);
1837
1838 discard_pkt:
1839 /* Bogus ICMP error. */
1840 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1841 return (B_FALSE);
1842
1843 truncated:
2152 /* Not TCP; must be SOCK_RAW, IPPROTO_TCP */
2153 (connp->conn_recv)(connp, mp, NULL, ira);
2154 CONN_DEC_REF(connp);
2155 }
2156 ira->ira_ill = ill;
2157 ira->ira_rill = rill;
2158 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2159 return;
2160
2161 case IPPROTO_SCTP:
2162 up = (uint16_t *)((uchar_t *)ipha + hdr_length);
2163 /* Find a SCTP client stream for this packet. */
2164 ((uint16_t *)&ports)[0] = up[1];
2165 ((uint16_t *)&ports)[1] = up[0];
2166
2167 ira->ira_flags |= IRAF_ICMP_ERROR;
2168 ip_fanout_sctp(mp, &ripha, NULL, ports, ira);
2169 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2170 return;
2171
2172 case IPPROTO_ESP:
2173 case IPPROTO_AH:
2174 if (!ipsec_loaded(ipss)) {
2175 ip_proto_not_sup(mp, ira);
2176 return;
2177 }
2178
2179 if (ipha->ipha_protocol == IPPROTO_ESP)
2180 mp = ipsecesp_icmp_error(mp, ira);
2181 else
2182 mp = ipsecah_icmp_error(mp, ira);
2183 if (mp == NULL)
2184 return;
2185
2186 /* Just in case ipsec didn't preserve the NULL b_cont */
2187 if (mp->b_cont != NULL) {
2188 if (!pullupmsg(mp, -1))
2189 goto discard_pkt;
2190 }
2191
4294 {
4295 freemsg(mp);
4296 }
4297
4298 /*
4299 * Called when the module is about to be unloaded
4300 */
4301 void
4302 ip_ddi_destroy(void)
4303 {
4304 /* This needs to be called before destroying any transports. */
4305 mutex_enter(&cpu_lock);
4306 unregister_cpu_setup_func(ip_tp_cpu_update, NULL);
4307 mutex_exit(&cpu_lock);
4308
4309 tnet_fini();
4310
4311 icmp_ddi_g_destroy();
4312 rts_ddi_g_destroy();
4313 udp_ddi_g_destroy();
4314 sctp_ddi_g_destroy();
4315 tcp_ddi_g_destroy();
4316 ilb_ddi_g_destroy();
4317 dce_g_destroy();
4318 ipsec_policy_g_destroy();
4319 ipcl_g_destroy();
4320 ip_net_g_destroy();
4321 ip_ire_g_fini();
4322 inet_minor_destroy(ip_minor_arena_sa);
4323 #if defined(_LP64)
4324 inet_minor_destroy(ip_minor_arena_la);
4325 #endif
4326
4327 #ifdef DEBUG
4328 list_destroy(&ip_thread_list);
4329 rw_destroy(&ip_thread_rwlock);
4330 tsd_destroy(&ip_thread_data);
4331 #endif
4332
4333 netstack_unregister(NS_IP);
4530 INET_MIN_DEV + 2, MAXMIN, KM_SLEEP)) == NULL) {
4531 cmn_err(CE_PANIC,
4532 "ip_ddi_init: ip_minor_arena_sa creation failed\n");
4533 }
4534 #endif
4535 ip_poll_normal_ticks = MSEC_TO_TICK_ROUNDUP(ip_poll_normal_ms);
4536
4537 ipcl_g_init();
4538 ip_ire_g_init();
4539 ip_net_g_init();
4540
4541 #ifdef DEBUG
4542 tsd_create(&ip_thread_data, ip_thread_exit);
4543 rw_init(&ip_thread_rwlock, NULL, RW_DEFAULT, NULL);
4544 list_create(&ip_thread_list, sizeof (th_hash_t),
4545 offsetof(th_hash_t, thh_link));
4546 #endif
4547 ipsec_policy_g_init();
4548 tcp_ddi_g_init();
4549 sctp_ddi_g_init();
4550 dce_g_init();
4551
4552 /*
4553 * We want to be informed each time a stack is created or
4554 * destroyed in the kernel, so we can maintain the
4555 * set of udp_stack_t's.
4556 */
4557 netstack_register(NS_IP, ip_stack_init, ip_stack_shutdown,
4558 ip_stack_fini);
4559
4560 tnet_init();
4561
4562 udp_ddi_g_init();
4563 rts_ddi_g_init();
4564 icmp_ddi_g_init();
4565 ilb_ddi_g_init();
4566
4567 /* This needs to be called after all transports are initialized. */
4568 mutex_enter(&cpu_lock);
4569 register_cpu_setup_func(ip_tp_cpu_update, NULL);
9667
9668 if ((mpctl = ip_snmp_get_mib2_virt_multi(q, mpctl, ipst)) == NULL) {
9669 return (1);
9670 }
9671
9672 if ((mpctl = ip_snmp_get_mib2_multi_rtable(q, mpctl, ipst)) == NULL) {
9673 return (1);
9674 }
9675
9676 mpctl = ip_snmp_get_mib2_ip_route_media(q, mpctl, level, ipst);
9677 if (mpctl == NULL)
9678 return (1);
9679
9680 mpctl = ip_snmp_get_mib2_ip6_route_media(q, mpctl, level, ipst);
9681 if (mpctl == NULL)
9682 return (1);
9683
9684 if ((mpctl = sctp_snmp_get_mib2(q, mpctl, sctps)) == NULL) {
9685 return (1);
9686 }
9687 if ((mpctl = ip_snmp_get_mib2_ip_dce(q, mpctl, ipst)) == NULL) {
9688 return (1);
9689 }
9690 freemsg(mpctl);
9691 return (1);
9692 }
9693
9694 /* Get global (legacy) IPv4 statistics */
9695 static mblk_t *
9696 ip_snmp_get_mib2_ip(queue_t *q, mblk_t *mpctl, mib2_ipIfStatsEntry_t *ipmib,
9697 ip_stack_t *ipst, boolean_t legacy_req)
9698 {
9699 mib2_ip_t old_ip_mib;
9700 struct opthdr *optp;
9701 mblk_t *mp2ctl;
9702 mib2_ipAddrEntry_t mae;
9703
9704 /*
9705 * make a copy of the original message
9706 */
9707 mp2ctl = copymsg(mpctl);
9708
9709 /* fixed length IP structure... */
15220 * Transport protocol call back function for CPU state change.
15221 */
15222 /* ARGSUSED */
15223 static int
15224 ip_tp_cpu_update(cpu_setup_t what, int id, void *arg)
15225 {
15226 processorid_t cpu_seqid;
15227 netstack_handle_t nh;
15228 netstack_t *ns;
15229
15230 ASSERT(MUTEX_HELD(&cpu_lock));
15231
15232 switch (what) {
15233 case CPU_CONFIG:
15234 case CPU_ON:
15235 case CPU_INIT:
15236 case CPU_CPUPART_IN:
15237 cpu_seqid = cpu[id]->cpu_seqid;
15238 netstack_next_init(&nh);
15239 while ((ns = netstack_next(&nh)) != NULL) {
15240 tcp_stack_cpu_add(ns->netstack_tcp, cpu_seqid);
15241 sctp_stack_cpu_add(ns->netstack_sctp, cpu_seqid);
15242 udp_stack_cpu_add(ns->netstack_udp, cpu_seqid);
15243 netstack_rele(ns);
15244 }
15245 netstack_next_fini(&nh);
15246 break;
15247 case CPU_UNCONFIG:
15248 case CPU_OFF:
15249 case CPU_CPUPART_OUT:
15250 /*
15251 * Nothing to do. We don't remove the per CPU stats from
15252 * the IP stack even when the CPU goes offline.
15253 */
15254 break;
15255 default:
15256 break;
15257 }
15258 return (0);
15259 }
|
94 #include <netinet/ip_mroute.h>
95 #include <inet/ipp_common.h>
96
97 #include <net/pfkeyv2.h>
98 #include <inet/sadb.h>
99 #include <inet/ipsec_impl.h>
100 #include <inet/iptun/iptun_impl.h>
101 #include <inet/ipdrop.h>
102 #include <inet/ip_netinfo.h>
103 #include <inet/ilb_ip.h>
104
105 #include <sys/ethernet.h>
106 #include <net/if_types.h>
107 #include <sys/cpuvar.h>
108
109 #include <ipp/ipp.h>
110 #include <ipp/ipp_impl.h>
111 #include <ipp/ipgpc/ipgpc.h>
112
113 #include <sys/pattr.h>
114 #include <inet/dccp.h>
115 #include <inet/dccp_impl.h>
116 #include <inet/dccp_ip.h>
117 #include <inet/ipclassifier.h>
118 #include <inet/sctp_ip.h>
119 #include <inet/sctp/sctp_impl.h>
120 #include <inet/udp_impl.h>
121 #include <inet/rawip_impl.h>
122 #include <inet/rts_impl.h>
123
124 #include <sys/tsol/label.h>
125 #include <sys/tsol/tnet.h>
126
127 #include <sys/squeue_impl.h>
128 #include <inet/ip_arp.h>
129
130 #include <sys/clock_impl.h> /* For LBOLT_FASTPATH{,64} */
131
132 /*
133 * Values for squeue switch:
134 * IP_SQUEUE_ENTER_NODRAIN: SQ_NODRAIN
135 * IP_SQUEUE_ENTER: SQ_PROCESS
136 * IP_SQUEUE_FILL: SQ_FILL
1807 if (connp == NULL)
1808 goto discard_pkt;
1809
1810 if ((connp->conn_verifyicmp != NULL) &&
1811 !connp->conn_verifyicmp(connp, tcpha, icmph, NULL, ira)) {
1812 CONN_DEC_REF(connp);
1813 goto discard_pkt;
1814 }
1815 CONN_DEC_REF(connp);
1816 break;
1817 }
1818 case IPPROTO_SCTP:
1819 /*
1820 * Verify we have at least ICMP_MIN_TP_HDR_LEN bytes of
1821 * transport header.
1822 */
1823 if ((uchar_t *)ipha + hdr_length + ICMP_MIN_TP_HDR_LEN >
1824 mp->b_wptr)
1825 goto truncated;
1826 break;
1827 case IPPROTO_DCCP: {
1828 dccpha_t *dccpha;
1829
1830 /*
1831 * Verify we have at least ICMP_MIN_TP_HDR_LEN bytes of
1832 * transport header.
1833 */
1834 if ((uchar_t *)ipha + hdr_length + ICMP_MIN_TP_HDR_LEN >
1835 mp->b_wptr)
1836 goto truncated;
1837
1838 cmn_err(CE_NOTE, "icmp_inbound_verify_v4");
1839
1840 dccpha = (dccpha_t *)((uchar_t *)ipha + hdr_length);
1841 /* XXX:DCCP */
1842 /*
1843 connp = ipcl_dccp_lookup_reversed_ipv4(ipha, dccpha,
1844 DCCPS_LISTEN, ipst);
1845 if (connp == NULL) {
1846 goto discard_pkt;
1847 }
1848
1849 if ((connp->conn_verifyicmp != NULL) &&
1850 !connp->conn_verifyicmp(connp, dccpha, icmph, NULL, ira)) {
1851 CONN_DEC_REF(connp);
1852 goto discard_pkt;
1853 }
1854
1855 CONN_DEC_REF(connp);
1856 */
1857 break;
1858 }
1859 case IPPROTO_ESP:
1860 case IPPROTO_AH:
1861 break;
1862 case IPPROTO_ENCAP:
1863 if ((uchar_t *)ipha + hdr_length + sizeof (ipha_t) >
1864 mp->b_wptr)
1865 goto truncated;
1866 break;
1867 default:
1868 break;
1869 }
1870
1871 return (B_TRUE);
1872
1873 discard_pkt:
1874 /* Bogus ICMP error. */
1875 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1876 return (B_FALSE);
1877
1878 truncated:
2187 /* Not TCP; must be SOCK_RAW, IPPROTO_TCP */
2188 (connp->conn_recv)(connp, mp, NULL, ira);
2189 CONN_DEC_REF(connp);
2190 }
2191 ira->ira_ill = ill;
2192 ira->ira_rill = rill;
2193 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2194 return;
2195
2196 case IPPROTO_SCTP:
2197 up = (uint16_t *)((uchar_t *)ipha + hdr_length);
2198 /* Find a SCTP client stream for this packet. */
2199 ((uint16_t *)&ports)[0] = up[1];
2200 ((uint16_t *)&ports)[1] = up[0];
2201
2202 ira->ira_flags |= IRAF_ICMP_ERROR;
2203 ip_fanout_sctp(mp, &ripha, NULL, ports, ira);
2204 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2205 return;
2206
2207 case IPPROTO_DCCP:
2208 cmn_err(CE_NOTE, "icmp_inbound_error_fanout_v4");
2209 return;
2210
2211 case IPPROTO_ESP:
2212 case IPPROTO_AH:
2213 if (!ipsec_loaded(ipss)) {
2214 ip_proto_not_sup(mp, ira);
2215 return;
2216 }
2217
2218 if (ipha->ipha_protocol == IPPROTO_ESP)
2219 mp = ipsecesp_icmp_error(mp, ira);
2220 else
2221 mp = ipsecah_icmp_error(mp, ira);
2222 if (mp == NULL)
2223 return;
2224
2225 /* Just in case ipsec didn't preserve the NULL b_cont */
2226 if (mp->b_cont != NULL) {
2227 if (!pullupmsg(mp, -1))
2228 goto discard_pkt;
2229 }
2230
4333 {
4334 freemsg(mp);
4335 }
4336
4337 /*
4338 * Called when the module is about to be unloaded
4339 */
4340 void
4341 ip_ddi_destroy(void)
4342 {
4343 /* This needs to be called before destroying any transports. */
4344 mutex_enter(&cpu_lock);
4345 unregister_cpu_setup_func(ip_tp_cpu_update, NULL);
4346 mutex_exit(&cpu_lock);
4347
4348 tnet_fini();
4349
4350 icmp_ddi_g_destroy();
4351 rts_ddi_g_destroy();
4352 udp_ddi_g_destroy();
4353 dccp_ddi_g_destroy();
4354 sctp_ddi_g_destroy();
4355 tcp_ddi_g_destroy();
4356 ilb_ddi_g_destroy();
4357 dce_g_destroy();
4358 ipsec_policy_g_destroy();
4359 ipcl_g_destroy();
4360 ip_net_g_destroy();
4361 ip_ire_g_fini();
4362 inet_minor_destroy(ip_minor_arena_sa);
4363 #if defined(_LP64)
4364 inet_minor_destroy(ip_minor_arena_la);
4365 #endif
4366
4367 #ifdef DEBUG
4368 list_destroy(&ip_thread_list);
4369 rw_destroy(&ip_thread_rwlock);
4370 tsd_destroy(&ip_thread_data);
4371 #endif
4372
4373 netstack_unregister(NS_IP);
4570 INET_MIN_DEV + 2, MAXMIN, KM_SLEEP)) == NULL) {
4571 cmn_err(CE_PANIC,
4572 "ip_ddi_init: ip_minor_arena_sa creation failed\n");
4573 }
4574 #endif
4575 ip_poll_normal_ticks = MSEC_TO_TICK_ROUNDUP(ip_poll_normal_ms);
4576
4577 ipcl_g_init();
4578 ip_ire_g_init();
4579 ip_net_g_init();
4580
4581 #ifdef DEBUG
4582 tsd_create(&ip_thread_data, ip_thread_exit);
4583 rw_init(&ip_thread_rwlock, NULL, RW_DEFAULT, NULL);
4584 list_create(&ip_thread_list, sizeof (th_hash_t),
4585 offsetof(th_hash_t, thh_link));
4586 #endif
4587 ipsec_policy_g_init();
4588 tcp_ddi_g_init();
4589 sctp_ddi_g_init();
4590 dccp_ddi_g_init();
4591 dce_g_init();
4592
4593 /*
4594 * We want to be informed each time a stack is created or
4595 * destroyed in the kernel, so we can maintain the
4596 * set of udp_stack_t's.
4597 */
4598 netstack_register(NS_IP, ip_stack_init, ip_stack_shutdown,
4599 ip_stack_fini);
4600
4601 tnet_init();
4602
4603 udp_ddi_g_init();
4604 rts_ddi_g_init();
4605 icmp_ddi_g_init();
4606 ilb_ddi_g_init();
4607
4608 /* This needs to be called after all transports are initialized. */
4609 mutex_enter(&cpu_lock);
4610 register_cpu_setup_func(ip_tp_cpu_update, NULL);
9708
9709 if ((mpctl = ip_snmp_get_mib2_virt_multi(q, mpctl, ipst)) == NULL) {
9710 return (1);
9711 }
9712
9713 if ((mpctl = ip_snmp_get_mib2_multi_rtable(q, mpctl, ipst)) == NULL) {
9714 return (1);
9715 }
9716
9717 mpctl = ip_snmp_get_mib2_ip_route_media(q, mpctl, level, ipst);
9718 if (mpctl == NULL)
9719 return (1);
9720
9721 mpctl = ip_snmp_get_mib2_ip6_route_media(q, mpctl, level, ipst);
9722 if (mpctl == NULL)
9723 return (1);
9724
9725 if ((mpctl = sctp_snmp_get_mib2(q, mpctl, sctps)) == NULL) {
9726 return (1);
9727 }
9728
9729 if ((mpctl = ip_snmp_get_mib2_ip_dce(q, mpctl, ipst)) == NULL) {
9730 return (1);
9731 }
9732
9733 if ((mpctl = dccp_snmp_get(q, mpctl, legacy_req)) == NULL) {
9734 return (1);
9735 }
9736
9737 freemsg(mpctl);
9738 return (1);
9739 }
9740
9741 /* Get global (legacy) IPv4 statistics */
9742 static mblk_t *
9743 ip_snmp_get_mib2_ip(queue_t *q, mblk_t *mpctl, mib2_ipIfStatsEntry_t *ipmib,
9744 ip_stack_t *ipst, boolean_t legacy_req)
9745 {
9746 mib2_ip_t old_ip_mib;
9747 struct opthdr *optp;
9748 mblk_t *mp2ctl;
9749 mib2_ipAddrEntry_t mae;
9750
9751 /*
9752 * make a copy of the original message
9753 */
9754 mp2ctl = copymsg(mpctl);
9755
9756 /* fixed length IP structure... */
15267 * Transport protocol call back function for CPU state change.
15268 */
15269 /* ARGSUSED */
15270 static int
15271 ip_tp_cpu_update(cpu_setup_t what, int id, void *arg)
15272 {
15273 processorid_t cpu_seqid;
15274 netstack_handle_t nh;
15275 netstack_t *ns;
15276
15277 ASSERT(MUTEX_HELD(&cpu_lock));
15278
15279 switch (what) {
15280 case CPU_CONFIG:
15281 case CPU_ON:
15282 case CPU_INIT:
15283 case CPU_CPUPART_IN:
15284 cpu_seqid = cpu[id]->cpu_seqid;
15285 netstack_next_init(&nh);
15286 while ((ns = netstack_next(&nh)) != NULL) {
15287 dccp_stack_cpu_add(ns->netstack_dccp, cpu_seqid);
15288 tcp_stack_cpu_add(ns->netstack_tcp, cpu_seqid);
15289 sctp_stack_cpu_add(ns->netstack_sctp, cpu_seqid);
15290 udp_stack_cpu_add(ns->netstack_udp, cpu_seqid);
15291 netstack_rele(ns);
15292 }
15293 netstack_next_fini(&nh);
15294 break;
15295 case CPU_UNCONFIG:
15296 case CPU_OFF:
15297 case CPU_CPUPART_OUT:
15298 /*
15299 * Nothing to do. We don't remove the per CPU stats from
15300 * the IP stack even when the CPU goes offline.
15301 */
15302 break;
15303 default:
15304 break;
15305 }
15306 return (0);
15307 }
|