1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2020 OmniOS Community Edition (OmniOSce) Association.
25 */
26 /* Copyright (c) 1990 Mentat Inc. */
27
28 #include <sys/types.h>
29 #include <sys/stream.h>
30 #include <sys/strsun.h>
31 #define _SUN_TPI_VERSION 2
32 #include <sys/tihdr.h>
33 #include <sys/xti_inet.h>
34 #include <sys/ucred.h>
35 #include <sys/zone.h>
36 #include <sys/ddi.h>
37 #include <sys/sunddi.h>
38 #include <sys/cmn_err.h>
39 #include <sys/debug.h>
40 #include <sys/atomic.h>
41 #include <sys/policy.h>
42
43 #include <sys/systm.h>
44 #include <sys/param.h>
45 #include <sys/kmem.h>
46 #include <sys/sdt.h>
47 #include <sys/socket.h>
48 #include <sys/ethernet.h>
49 #include <sys/mac.h>
50 #include <net/if.h>
51 #include <net/if_types.h>
52 #include <net/if_arp.h>
53 #include <net/route.h>
54 #include <sys/sockio.h>
55 #include <netinet/in.h>
56 #include <net/if_dl.h>
57
58 #include <inet/common.h>
59 #include <inet/mi.h>
60 #include <inet/mib2.h>
61 #include <inet/nd.h>
62 #include <inet/arp.h>
63 #include <inet/snmpcom.h>
64 #include <inet/kstatcom.h>
65
66 #include <netinet/igmp_var.h>
67 #include <netinet/ip6.h>
68 #include <netinet/icmp6.h>
69 #include <netinet/sctp.h>
70
71 #include <inet/ip.h>
72 #include <inet/ip_impl.h>
73 #include <inet/ip6.h>
74 #include <inet/ip6_asp.h>
75 #include <inet/tcp.h>
76 #include <inet/ip_multi.h>
77 #include <inet/ip_if.h>
78 #include <inet/ip_ire.h>
79 #include <inet/ip_ftable.h>
80 #include <inet/ip_rts.h>
81 #include <inet/optcom.h>
82 #include <inet/ip_ndp.h>
83 #include <inet/ip_listutils.h>
84 #include <netinet/igmp.h>
85 #include <netinet/ip_mroute.h>
86 #include <netinet/udp.h>
87 #include <inet/ipp_common.h>
88
89 #include <net/pfkeyv2.h>
90 #include <inet/sadb.h>
91 #include <inet/ipsec_impl.h>
92 #include <inet/ipdrop.h>
93 #include <inet/ip_netinfo.h>
94
95 #include <inet/ipclassifier.h>
96 #include <inet/sctp_ip.h>
97 #include <inet/sctp/sctp_impl.h>
98 #include <inet/udp_impl.h>
99 #include <sys/sunddi.h>
100
101 #include <sys/tsol/label.h>
102 #include <sys/tsol/tnet.h>
103
104 /*
105 * Return how much size is needed for the different ancillary data items
106 */
107 uint_t
108 conn_recvancillary_size(conn_t *connp, crb_t recv_ancillary,
109 ip_recv_attr_t *ira, mblk_t *mp, ip_pkt_t *ipp)
110 {
111 uint_t ancil_size;
112 ip_stack_t *ipst = connp->conn_netstack->netstack_ip;
113
114 /*
115 * If IP_RECVDSTADDR is set we include the destination IP
116 * address as an option. With IP_RECVOPTS we include all
117 * the IP options.
118 */
119 ancil_size = 0;
120 if (recv_ancillary.crb_recvdstaddr &&
121 (ira->ira_flags & IRAF_IS_IPV4)) {
122 ancil_size += sizeof (struct T_opthdr) +
123 sizeof (struct in_addr);
124 IP_STAT(ipst, conn_in_recvdstaddr);
125 }
126
127 /*
128 * ip_recvpktinfo is used for both AF_INET and AF_INET6 but
129 * are different
130 */
131 if (recv_ancillary.crb_ip_recvpktinfo &&
132 connp->conn_family == AF_INET) {
133 ancil_size += sizeof (struct T_opthdr) +
134 sizeof (struct in_pktinfo);
135 IP_STAT(ipst, conn_in_recvpktinfo);
136 }
137
138 if ((recv_ancillary.crb_recvopts) &&
139 (ipp->ipp_fields & IPPF_IPV4_OPTIONS)) {
140 ancil_size += sizeof (struct T_opthdr) +
141 ipp->ipp_ipv4_options_len;
142 IP_STAT(ipst, conn_in_recvopts);
143 }
144
145 if (recv_ancillary.crb_recvslla) {
146 ip_stack_t *ipst = connp->conn_netstack->netstack_ip;
147 ill_t *ill;
148
149 /* Make sure ira_l2src is setup if not already */
150 if (!(ira->ira_flags & IRAF_L2SRC_SET)) {
151 ill = ill_lookup_on_ifindex(ira->ira_rifindex, B_FALSE,
152 ipst);
153 if (ill != NULL) {
154 ip_setl2src(mp, ira, ill);
155 ill_refrele(ill);
156 }
157 }
158 ancil_size += sizeof (struct T_opthdr) +
159 sizeof (struct sockaddr_dl);
160 IP_STAT(ipst, conn_in_recvslla);
161 }
162
163 if (recv_ancillary.crb_recvif) {
164 ancil_size += sizeof (struct T_opthdr) + sizeof (uint_t);
165 IP_STAT(ipst, conn_in_recvif);
166 }
167
168 /*
169 * ip_recvpktinfo is used for both AF_INET and AF_INET6 but
170 * are different
171 */
172 if (recv_ancillary.crb_ip_recvpktinfo &&
173 connp->conn_family == AF_INET6) {
174 ancil_size += sizeof (struct T_opthdr) +
175 sizeof (struct in6_pktinfo);
176 IP_STAT(ipst, conn_in_recvpktinfo);
177 }
178
179 if (recv_ancillary.crb_ipv6_recvhoplimit) {
180 ancil_size += sizeof (struct T_opthdr) + sizeof (int);
181 IP_STAT(ipst, conn_in_recvhoplimit);
182 }
183
184 if (recv_ancillary.crb_ipv6_recvtclass) {
185 ancil_size += sizeof (struct T_opthdr) + sizeof (int);
186 IP_STAT(ipst, conn_in_recvtclass);
187 }
188
189 if (recv_ancillary.crb_ipv6_recvhopopts &&
190 (ipp->ipp_fields & IPPF_HOPOPTS)) {
191 ancil_size += sizeof (struct T_opthdr) + ipp->ipp_hopoptslen;
192 IP_STAT(ipst, conn_in_recvhopopts);
193 }
194 /*
195 * To honor RFC3542 when an application asks for both IPV6_RECVDSTOPTS
196 * and IPV6_RECVRTHDR, we pass up the item rthdrdstopts (the destination
197 * options that appear before a routing header.
198 * We also pass them up if IPV6_RECVRTHDRDSTOPTS is set.
199 */
200 if (ipp->ipp_fields & IPPF_RTHDRDSTOPTS) {
201 if (recv_ancillary.crb_ipv6_recvrthdrdstopts ||
202 (recv_ancillary.crb_ipv6_recvdstopts &&
203 recv_ancillary.crb_ipv6_recvrthdr)) {
204 ancil_size += sizeof (struct T_opthdr) +
205 ipp->ipp_rthdrdstoptslen;
206 IP_STAT(ipst, conn_in_recvrthdrdstopts);
207 }
208 }
209 if ((recv_ancillary.crb_ipv6_recvrthdr) &&
210 (ipp->ipp_fields & IPPF_RTHDR)) {
211 ancil_size += sizeof (struct T_opthdr) + ipp->ipp_rthdrlen;
212 IP_STAT(ipst, conn_in_recvrthdr);
213 }
214 if ((recv_ancillary.crb_ipv6_recvdstopts ||
215 recv_ancillary.crb_old_ipv6_recvdstopts) &&
216 (ipp->ipp_fields & IPPF_DSTOPTS)) {
217 ancil_size += sizeof (struct T_opthdr) + ipp->ipp_dstoptslen;
218 IP_STAT(ipst, conn_in_recvdstopts);
219 }
220 if (recv_ancillary.crb_recvucred && ira->ira_cred != NULL) {
221 ancil_size += sizeof (struct T_opthdr) +
222 ucredminsize(ira->ira_cred);
223 IP_STAT(ipst, conn_in_recvucred);
224 }
225
226 /*
227 * If SO_TIMESTAMP is set allocate the appropriate sized
228 * buffer. Since gethrestime() expects a pointer aligned
229 * argument, we allocate space necessary for extra
230 * alignment (even though it might not be used).
231 */
232 if (recv_ancillary.crb_timestamp) {
233 ancil_size += sizeof (struct T_opthdr) +
234 sizeof (timestruc_t) + _POINTER_ALIGNMENT;
235 IP_STAT(ipst, conn_in_timestamp);
236 }
237
238 /*
239 * If IP_RECVTOS is set allocate the appropriately sized buffer
240 */
241 if (recv_ancillary.crb_recvtos &&
242 (ira->ira_flags & IRAF_IS_IPV4)) {
243 ancil_size += sizeof (struct T_opthdr) +
244 P2ROUNDUP(sizeof (uint8_t), __TPI_ALIGN_SIZE);
245 IP_STAT(ipst, conn_in_recvtos);
246 }
247
248 /*
249 * If IP_RECVTTL is set allocate the appropriate sized buffer
250 */
251 if (recv_ancillary.crb_recvttl &&
252 (ira->ira_flags & IRAF_IS_IPV4)) {
253 ancil_size += sizeof (struct T_opthdr) +
254 P2ROUNDUP(sizeof (uint8_t), __TPI_ALIGN_SIZE);
255 IP_STAT(ipst, conn_in_recvttl);
256 }
257
258 return (ancil_size);
259 }
260
261 /*
262 * Lay down the ancillary data items at "ancil_buf".
263 * Assumes caller has used conn_recvancillary_size to allocate a sufficiently
264 * large buffer - ancil_size.
265 */
266 void
267 conn_recvancillary_add(conn_t *connp, crb_t recv_ancillary,
268 ip_recv_attr_t *ira, ip_pkt_t *ipp, uchar_t *ancil_buf, uint_t ancil_size)
269 {
270 /*
271 * Copy in destination address before options to avoid
272 * any padding issues.
273 */
274 if (recv_ancillary.crb_recvdstaddr &&
275 (ira->ira_flags & IRAF_IS_IPV4)) {
276 struct T_opthdr *toh;
277 ipaddr_t *dstptr;
278
279 toh = (struct T_opthdr *)ancil_buf;
280 toh->level = IPPROTO_IP;
281 toh->name = IP_RECVDSTADDR;
282 toh->len = sizeof (struct T_opthdr) + sizeof (ipaddr_t);
283 toh->status = 0;
284 ancil_buf += sizeof (struct T_opthdr);
285 dstptr = (ipaddr_t *)ancil_buf;
286 *dstptr = ipp->ipp_addr_v4;
287 ancil_buf += sizeof (ipaddr_t);
288 ancil_size -= toh->len;
289 }
290
291 /*
292 * ip_recvpktinfo is used for both AF_INET and AF_INET6 but
293 * are different
294 */
295 if (recv_ancillary.crb_ip_recvpktinfo &&
296 connp->conn_family == AF_INET) {
297 ip_stack_t *ipst = connp->conn_netstack->netstack_ip;
298 struct T_opthdr *toh;
299 struct in_pktinfo *pktinfop;
300 ill_t *ill;
301 ipif_t *ipif;
302
303 toh = (struct T_opthdr *)ancil_buf;
304 toh->level = IPPROTO_IP;
305 toh->name = IP_PKTINFO;
306 toh->len = sizeof (struct T_opthdr) + sizeof (*pktinfop);
307 toh->status = 0;
308 ancil_buf += sizeof (struct T_opthdr);
309 pktinfop = (struct in_pktinfo *)ancil_buf;
310
311 pktinfop->ipi_ifindex = ira->ira_ruifindex;
312 pktinfop->ipi_spec_dst.s_addr = INADDR_ANY;
313
314 /* Find a good address to report */
315 ill = ill_lookup_on_ifindex(ira->ira_ruifindex, B_FALSE, ipst);
316 if (ill != NULL) {
317 ipif = ipif_good_addr(ill, IPCL_ZONEID(connp));
318 if (ipif != NULL) {
319 pktinfop->ipi_spec_dst.s_addr =
320 ipif->ipif_lcl_addr;
321 ipif_refrele(ipif);
322 }
323 ill_refrele(ill);
324 }
325 pktinfop->ipi_addr.s_addr = ipp->ipp_addr_v4;
326 ancil_buf += sizeof (struct in_pktinfo);
327 ancil_size -= toh->len;
328 }
329
330 if ((recv_ancillary.crb_recvopts) &&
331 (ipp->ipp_fields & IPPF_IPV4_OPTIONS)) {
332 struct T_opthdr *toh;
333
334 toh = (struct T_opthdr *)ancil_buf;
335 toh->level = IPPROTO_IP;
336 toh->name = IP_RECVOPTS;
337 toh->len = sizeof (struct T_opthdr) + ipp->ipp_ipv4_options_len;
338 toh->status = 0;
339 ancil_buf += sizeof (struct T_opthdr);
340 bcopy(ipp->ipp_ipv4_options, ancil_buf,
341 ipp->ipp_ipv4_options_len);
342 ancil_buf += ipp->ipp_ipv4_options_len;
343 ancil_size -= toh->len;
344 }
345
346 if (recv_ancillary.crb_recvslla) {
347 ip_stack_t *ipst = connp->conn_netstack->netstack_ip;
348 struct T_opthdr *toh;
349 struct sockaddr_dl *dstptr;
350 ill_t *ill;
351 int alen = 0;
352
353 ill = ill_lookup_on_ifindex(ira->ira_rifindex, B_FALSE, ipst);
354 if (ill != NULL)
355 alen = ill->ill_phys_addr_length;
356
357 /*
358 * For loopback multicast and broadcast the packet arrives
359 * with ira_ruifdex being the physical interface, but
360 * ira_l2src is all zero since ip_postfrag_loopback doesn't
361 * know our l2src. We don't report the address in that case.
362 */
363 if (ira->ira_flags & IRAF_LOOPBACK)
364 alen = 0;
365
366 toh = (struct T_opthdr *)ancil_buf;
367 toh->level = IPPROTO_IP;
368 toh->name = IP_RECVSLLA;
369 toh->len = sizeof (struct T_opthdr) +
370 sizeof (struct sockaddr_dl);
371 toh->status = 0;
372 ancil_buf += sizeof (struct T_opthdr);
373 dstptr = (struct sockaddr_dl *)ancil_buf;
374 dstptr->sdl_family = AF_LINK;
375 dstptr->sdl_index = ira->ira_ruifindex;
376 if (ill != NULL)
377 dstptr->sdl_type = ill->ill_type;
378 else
379 dstptr->sdl_type = 0;
380 dstptr->sdl_nlen = 0;
381 dstptr->sdl_alen = alen;
382 dstptr->sdl_slen = 0;
383 bcopy(ira->ira_l2src, dstptr->sdl_data, alen);
384 ancil_buf += sizeof (struct sockaddr_dl);
385 ancil_size -= toh->len;
386 if (ill != NULL)
387 ill_refrele(ill);
388 }
389
390 if (recv_ancillary.crb_recvif) {
391 struct T_opthdr *toh;
392 uint_t *dstptr;
393
394 toh = (struct T_opthdr *)ancil_buf;
395 toh->level = IPPROTO_IP;
396 toh->name = IP_RECVIF;
397 toh->len = sizeof (struct T_opthdr) + sizeof (uint_t);
398 toh->status = 0;
399 ancil_buf += sizeof (struct T_opthdr);
400 dstptr = (uint_t *)ancil_buf;
401 *dstptr = ira->ira_ruifindex;
402 ancil_buf += sizeof (uint_t);
403 ancil_size -= toh->len;
404 }
405
406 /*
407 * ip_recvpktinfo is used for both AF_INET and AF_INET6 but
408 * are different
409 */
410 if (recv_ancillary.crb_ip_recvpktinfo &&
411 connp->conn_family == AF_INET6) {
412 struct T_opthdr *toh;
413 struct in6_pktinfo *pkti;
414
415 toh = (struct T_opthdr *)ancil_buf;
416 toh->level = IPPROTO_IPV6;
417 toh->name = IPV6_PKTINFO;
418 toh->len = sizeof (struct T_opthdr) + sizeof (*pkti);
419 toh->status = 0;
420 ancil_buf += sizeof (struct T_opthdr);
421 pkti = (struct in6_pktinfo *)ancil_buf;
422 if (ira->ira_flags & IRAF_IS_IPV4) {
423 IN6_IPADDR_TO_V4MAPPED(ipp->ipp_addr_v4,
424 &pkti->ipi6_addr);
425 } else {
426 pkti->ipi6_addr = ipp->ipp_addr;
427 }
428 pkti->ipi6_ifindex = ira->ira_ruifindex;
429
430 ancil_buf += sizeof (*pkti);
431 ancil_size -= toh->len;
432 }
433 if (recv_ancillary.crb_ipv6_recvhoplimit) {
434 struct T_opthdr *toh;
435
436 toh = (struct T_opthdr *)ancil_buf;
437 toh->level = IPPROTO_IPV6;
438 toh->name = IPV6_HOPLIMIT;
439 toh->len = sizeof (struct T_opthdr) + sizeof (uint_t);
440 toh->status = 0;
441 ancil_buf += sizeof (struct T_opthdr);
442 *(uint_t *)ancil_buf = ipp->ipp_hoplimit;
443 ancil_buf += sizeof (uint_t);
444 ancil_size -= toh->len;
445 }
446 if (recv_ancillary.crb_ipv6_recvtclass) {
447 struct T_opthdr *toh;
448
449 toh = (struct T_opthdr *)ancil_buf;
450 toh->level = IPPROTO_IPV6;
451 toh->name = IPV6_TCLASS;
452 toh->len = sizeof (struct T_opthdr) + sizeof (uint_t);
453 toh->status = 0;
454 ancil_buf += sizeof (struct T_opthdr);
455
456 if (ira->ira_flags & IRAF_IS_IPV4)
457 *(uint_t *)ancil_buf = ipp->ipp_type_of_service;
458 else
459 *(uint_t *)ancil_buf = ipp->ipp_tclass;
460 ancil_buf += sizeof (uint_t);
461 ancil_size -= toh->len;
462 }
463 if (recv_ancillary.crb_ipv6_recvhopopts &&
464 (ipp->ipp_fields & IPPF_HOPOPTS)) {
465 struct T_opthdr *toh;
466
467 toh = (struct T_opthdr *)ancil_buf;
468 toh->level = IPPROTO_IPV6;
469 toh->name = IPV6_HOPOPTS;
470 toh->len = sizeof (struct T_opthdr) + ipp->ipp_hopoptslen;
471 toh->status = 0;
472 ancil_buf += sizeof (struct T_opthdr);
473 bcopy(ipp->ipp_hopopts, ancil_buf, ipp->ipp_hopoptslen);
474 ancil_buf += ipp->ipp_hopoptslen;
475 ancil_size -= toh->len;
476 }
477 /*
478 * To honor RFC3542 when an application asks for both IPV6_RECVDSTOPTS
479 * and IPV6_RECVRTHDR, we pass up the item rthdrdstopts (the destination
480 * options that appear before a routing header.
481 * We also pass them up if IPV6_RECVRTHDRDSTOPTS is set.
482 */
483 if (ipp->ipp_fields & IPPF_RTHDRDSTOPTS) {
484 if (recv_ancillary.crb_ipv6_recvrthdrdstopts ||
485 (recv_ancillary.crb_ipv6_recvdstopts &&
486 recv_ancillary.crb_ipv6_recvrthdr)) {
487 struct T_opthdr *toh;
488
489 toh = (struct T_opthdr *)ancil_buf;
490 toh->level = IPPROTO_IPV6;
491 toh->name = IPV6_DSTOPTS;
492 toh->len = sizeof (struct T_opthdr) +
493 ipp->ipp_rthdrdstoptslen;
494 toh->status = 0;
495 ancil_buf += sizeof (struct T_opthdr);
496 bcopy(ipp->ipp_rthdrdstopts, ancil_buf,
497 ipp->ipp_rthdrdstoptslen);
498 ancil_buf += ipp->ipp_rthdrdstoptslen;
499 ancil_size -= toh->len;
500 }
501 }
502 if (recv_ancillary.crb_ipv6_recvrthdr &&
503 (ipp->ipp_fields & IPPF_RTHDR)) {
504 struct T_opthdr *toh;
505
506 toh = (struct T_opthdr *)ancil_buf;
507 toh->level = IPPROTO_IPV6;
508 toh->name = IPV6_RTHDR;
509 toh->len = sizeof (struct T_opthdr) + ipp->ipp_rthdrlen;
510 toh->status = 0;
511 ancil_buf += sizeof (struct T_opthdr);
512 bcopy(ipp->ipp_rthdr, ancil_buf, ipp->ipp_rthdrlen);
513 ancil_buf += ipp->ipp_rthdrlen;
514 ancil_size -= toh->len;
515 }
516 if ((recv_ancillary.crb_ipv6_recvdstopts ||
517 recv_ancillary.crb_old_ipv6_recvdstopts) &&
518 (ipp->ipp_fields & IPPF_DSTOPTS)) {
519 struct T_opthdr *toh;
520
521 toh = (struct T_opthdr *)ancil_buf;
522 toh->level = IPPROTO_IPV6;
523 toh->name = IPV6_DSTOPTS;
524 toh->len = sizeof (struct T_opthdr) + ipp->ipp_dstoptslen;
525 toh->status = 0;
526 ancil_buf += sizeof (struct T_opthdr);
527 bcopy(ipp->ipp_dstopts, ancil_buf, ipp->ipp_dstoptslen);
528 ancil_buf += ipp->ipp_dstoptslen;
529 ancil_size -= toh->len;
530 }
531
532 if (recv_ancillary.crb_recvucred && ira->ira_cred != NULL) {
533 struct T_opthdr *toh;
534 cred_t *rcr = connp->conn_cred;
535
536 toh = (struct T_opthdr *)ancil_buf;
537 toh->level = SOL_SOCKET;
538 toh->name = SCM_UCRED;
539 toh->len = sizeof (struct T_opthdr) +
540 ucredminsize(ira->ira_cred);
541 toh->status = 0;
542 (void) cred2ucred(ira->ira_cred, ira->ira_cpid, &toh[1], rcr);
543 ancil_buf += toh->len;
544 ancil_size -= toh->len;
545 }
546 if (recv_ancillary.crb_timestamp) {
547 struct T_opthdr *toh;
548
549 toh = (struct T_opthdr *)ancil_buf;
550 toh->level = SOL_SOCKET;
551 toh->name = SCM_TIMESTAMP;
552 toh->len = sizeof (struct T_opthdr) +
553 sizeof (timestruc_t) + _POINTER_ALIGNMENT;
554 toh->status = 0;
555 ancil_buf += sizeof (struct T_opthdr);
556 /* Align for gethrestime() */
557 ancil_buf = (uchar_t *)P2ROUNDUP((intptr_t)ancil_buf,
558 sizeof (intptr_t));
559 gethrestime((timestruc_t *)ancil_buf);
560 ancil_buf = (uchar_t *)toh + toh->len;
561 ancil_size -= toh->len;
562 }
563
564 if (recv_ancillary.crb_recvtos &&
565 (ira->ira_flags & IRAF_IS_IPV4)) {
566 struct T_opthdr *toh;
567 uint8_t *dstptr;
568
569 toh = (struct T_opthdr *)ancil_buf;
570 toh->level = IPPROTO_IP;
571 toh->name = IP_RECVTOS;
572 toh->len = sizeof (struct T_opthdr) +
573 P2ROUNDUP(sizeof (uint8_t), __TPI_ALIGN_SIZE);
574 toh->status = 0;
575 ancil_buf += sizeof (struct T_opthdr);
576 dstptr = (uint8_t *)ancil_buf;
577 *dstptr = ipp->ipp_type_of_service;
578 ancil_buf = (uchar_t *)toh + toh->len;
579 ancil_size -= toh->len;
580 ASSERT(__TPI_TOPT_ISALIGNED(toh));
581 }
582
583 if (recv_ancillary.crb_recvttl &&
584 (ira->ira_flags & IRAF_IS_IPV4)) {
585 struct T_opthdr *toh;
586 uint8_t *dstptr;
587
588 toh = (struct T_opthdr *)ancil_buf;
589 toh->level = IPPROTO_IP;
590 toh->name = IP_RECVTTL;
591 toh->len = sizeof (struct T_opthdr) +
592 P2ROUNDUP(sizeof (uint8_t), __TPI_ALIGN_SIZE);
593 toh->status = 0;
594 ancil_buf += sizeof (struct T_opthdr);
595 dstptr = (uint8_t *)ancil_buf;
596 *dstptr = ipp->ipp_hoplimit;
597 ancil_buf = (uchar_t *)toh + toh->len;
598 ancil_size -= toh->len;
599 ASSERT(__TPI_TOPT_ISALIGNED(toh));
600 }
601
602 /* Consumed all of allocated space */
603 ASSERT(ancil_size == 0);
604
605 }
606
607 /*
608 * This routine retrieves the current status of socket options.
609 * It returns the size of the option retrieved, or -1.
610 */
611 int
612 conn_opt_get(conn_opt_arg_t *coa, t_scalar_t level, t_scalar_t name,
613 uchar_t *ptr)
614 {
615 int *i1 = (int *)ptr;
616 conn_t *connp = coa->coa_connp;
617 ip_xmit_attr_t *ixa = coa->coa_ixa;
618 ip_pkt_t *ipp = coa->coa_ipp;
619 ip_stack_t *ipst = ixa->ixa_ipst;
620 uint_t len;
621
622 ASSERT(MUTEX_HELD(&coa->coa_connp->conn_lock));
623
624 switch (level) {
625 case SOL_SOCKET:
626 switch (name) {
627 case SO_DEBUG:
628 *i1 = connp->conn_debug ? SO_DEBUG : 0;
629 break; /* goto sizeof (int) option return */
630 case SO_KEEPALIVE:
631 *i1 = connp->conn_keepalive ? SO_KEEPALIVE : 0;
632 break;
633 case SO_LINGER: {
634 struct linger *lgr = (struct linger *)ptr;
635
636 lgr->l_onoff = connp->conn_linger ? SO_LINGER : 0;
637 lgr->l_linger = connp->conn_lingertime;
638 }
639 return (sizeof (struct linger));
640
641 case SO_OOBINLINE:
642 *i1 = connp->conn_oobinline ? SO_OOBINLINE : 0;
643 break;
644 case SO_REUSEADDR:
645 *i1 = connp->conn_reuseaddr ? SO_REUSEADDR : 0;
646 break; /* goto sizeof (int) option return */
647 case SO_TYPE:
648 *i1 = connp->conn_so_type;
649 break; /* goto sizeof (int) option return */
650 case SO_DONTROUTE:
651 *i1 = (ixa->ixa_flags & IXAF_DONTROUTE) ?
652 SO_DONTROUTE : 0;
653 break; /* goto sizeof (int) option return */
654 case SO_USELOOPBACK:
655 *i1 = connp->conn_useloopback ? SO_USELOOPBACK : 0;
656 break; /* goto sizeof (int) option return */
657 case SO_BROADCAST:
658 *i1 = connp->conn_broadcast ? SO_BROADCAST : 0;
659 break; /* goto sizeof (int) option return */
660
661 case SO_SNDBUF:
662 *i1 = connp->conn_sndbuf;
663 break; /* goto sizeof (int) option return */
664 case SO_RCVBUF:
665 *i1 = connp->conn_rcvbuf;
666 break; /* goto sizeof (int) option return */
667 case SO_RCVTIMEO:
668 case SO_SNDTIMEO:
669 /*
670 * Pass these two options in order for third part
671 * protocol usage. Here just return directly.
672 */
673 *i1 = 0;
674 break;
675 case SO_DGRAM_ERRIND:
676 *i1 = connp->conn_dgram_errind ? SO_DGRAM_ERRIND : 0;
677 break; /* goto sizeof (int) option return */
678 case SO_RECVUCRED:
679 *i1 = connp->conn_recv_ancillary.crb_recvucred;
680 break; /* goto sizeof (int) option return */
681 case SO_TIMESTAMP:
682 *i1 = connp->conn_recv_ancillary.crb_timestamp;
683 break; /* goto sizeof (int) option return */
684 case SO_VRRP:
685 *i1 = connp->conn_isvrrp;
686 break; /* goto sizeof (int) option return */
687 case SO_ANON_MLP:
688 *i1 = connp->conn_anon_mlp;
689 break; /* goto sizeof (int) option return */
690 case SO_MAC_EXEMPT:
691 *i1 = (connp->conn_mac_mode == CONN_MAC_AWARE);
692 break; /* goto sizeof (int) option return */
693 case SO_MAC_IMPLICIT:
694 *i1 = (connp->conn_mac_mode == CONN_MAC_IMPLICIT);
695 break; /* goto sizeof (int) option return */
696 case SO_ALLZONES:
697 *i1 = connp->conn_allzones;
698 break; /* goto sizeof (int) option return */
699 case SO_EXCLBIND:
700 *i1 = connp->conn_exclbind ? SO_EXCLBIND : 0;
701 break;
702 case SO_PROTOTYPE:
703 *i1 = connp->conn_proto;
704 break;
705
706 case SO_DOMAIN:
707 *i1 = connp->conn_family;
708 break;
709 default:
710 return (-1);
711 }
712 break;
713 case IPPROTO_IP:
714 if (connp->conn_family != AF_INET)
715 return (-1);
716 switch (name) {
717 case IP_OPTIONS:
718 case T_IP_OPTIONS:
719 if (!(ipp->ipp_fields & IPPF_IPV4_OPTIONS))
720 return (0);
721
722 len = ipp->ipp_ipv4_options_len;
723 if (len > 0) {
724 bcopy(ipp->ipp_ipv4_options, ptr, len);
725 }
726 return (len);
727
728 case IP_PKTINFO: {
729 /*
730 * This also handles IP_RECVPKTINFO.
731 * IP_PKTINFO and IP_RECVPKTINFO have same value.
732 * Differentiation is based on the size of the
733 * argument passed in.
734 */
735 struct in_pktinfo *pktinfo;
736
737 #ifdef notdef
738 /* optcom doesn't provide a length with "get" */
739 if (inlen == sizeof (int)) {
740 /* This is IP_RECVPKTINFO option. */
741 *i1 = connp->conn_recv_ancillary.
742 crb_ip_recvpktinfo;
743 return (sizeof (int));
744 }
745 #endif
746 /* XXX assumes that caller has room for max size! */
747
748 pktinfo = (struct in_pktinfo *)ptr;
749 pktinfo->ipi_ifindex = ixa->ixa_ifindex;
750 if (ipp->ipp_fields & IPPF_ADDR)
751 pktinfo->ipi_spec_dst.s_addr = ipp->ipp_addr_v4;
752 else
753 pktinfo->ipi_spec_dst.s_addr = INADDR_ANY;
754 return (sizeof (struct in_pktinfo));
755 }
756 case IP_DONTFRAG:
757 *i1 = (ixa->ixa_flags & IXAF_DONTFRAG) != 0;
758 return (sizeof (int));
759 case IP_TOS:
760 case T_IP_TOS:
761 *i1 = (int)ipp->ipp_type_of_service;
762 break; /* goto sizeof (int) option return */
763 case IP_TTL:
764 *i1 = (int)ipp->ipp_unicast_hops;
765 break; /* goto sizeof (int) option return */
766 case IP_DHCPINIT_IF:
767 return (-1);
768 case IP_NEXTHOP:
769 if (ixa->ixa_flags & IXAF_NEXTHOP_SET) {
770 *(ipaddr_t *)ptr = ixa->ixa_nexthop_v4;
771 return (sizeof (ipaddr_t));
772 } else {
773 return (0);
774 }
775
776 case IP_MULTICAST_IF:
777 /* 0 address if not set */
778 *(ipaddr_t *)ptr = ixa->ixa_multicast_ifaddr;
779 return (sizeof (ipaddr_t));
780 case IP_MULTICAST_TTL:
781 *(uchar_t *)ptr = ixa->ixa_multicast_ttl;
782 return (sizeof (uchar_t));
783 case IP_MULTICAST_LOOP:
784 *ptr = (ixa->ixa_flags & IXAF_MULTICAST_LOOP) ? 1 : 0;
785 return (sizeof (uint8_t));
786 case IP_RECVOPTS:
787 *i1 = connp->conn_recv_ancillary.crb_recvopts;
788 break; /* goto sizeof (int) option return */
789 case IP_RECVDSTADDR:
790 *i1 = connp->conn_recv_ancillary.crb_recvdstaddr;
791 break; /* goto sizeof (int) option return */
792 case IP_RECVIF:
793 *i1 = connp->conn_recv_ancillary.crb_recvif;
794 break; /* goto sizeof (int) option return */
795 case IP_RECVSLLA:
796 *i1 = connp->conn_recv_ancillary.crb_recvslla;
797 break; /* goto sizeof (int) option return */
798 case IP_RECVTTL:
799 *i1 = connp->conn_recv_ancillary.crb_recvttl;
800 break; /* goto sizeof (int) option return */
801 case IP_RECVTOS:
802 *i1 = connp->conn_recv_ancillary.crb_recvtos;
803 break; /* goto sizeof (int) option return */
804 case IP_ADD_MEMBERSHIP:
805 case IP_DROP_MEMBERSHIP:
806 case MCAST_JOIN_GROUP:
807 case MCAST_LEAVE_GROUP:
808 case IP_BLOCK_SOURCE:
809 case IP_UNBLOCK_SOURCE:
810 case IP_ADD_SOURCE_MEMBERSHIP:
811 case IP_DROP_SOURCE_MEMBERSHIP:
812 case MCAST_BLOCK_SOURCE:
813 case MCAST_UNBLOCK_SOURCE:
814 case MCAST_JOIN_SOURCE_GROUP:
815 case MCAST_LEAVE_SOURCE_GROUP:
816 case MRT_INIT:
817 case MRT_DONE:
818 case MRT_ADD_VIF:
819 case MRT_DEL_VIF:
820 case MRT_ADD_MFC:
821 case MRT_DEL_MFC:
822 /* cannot "get" the value for these */
823 return (-1);
824 case MRT_VERSION:
825 case MRT_ASSERT:
826 (void) ip_mrouter_get(name, connp, ptr);
827 return (sizeof (int));
828 case IP_SEC_OPT:
829 return (ipsec_req_from_conn(connp, (ipsec_req_t *)ptr,
830 IPSEC_AF_V4));
831 case IP_BOUND_IF:
832 /* Zero if not set */
833 *i1 = connp->conn_bound_if;
834 break; /* goto sizeof (int) option return */
835 case IP_UNSPEC_SRC:
836 *i1 = connp->conn_unspec_src;
837 break; /* goto sizeof (int) option return */
838 case IP_BROADCAST_TTL:
839 if (ixa->ixa_flags & IXAF_BROADCAST_TTL_SET)
840 *(uchar_t *)ptr = ixa->ixa_broadcast_ttl;
841 else
842 *(uchar_t *)ptr = ipst->ips_ip_broadcast_ttl;
843 return (sizeof (uchar_t));
844 default:
845 return (-1);
846 }
847 break;
848 case IPPROTO_IPV6:
849 if (connp->conn_family != AF_INET6)
850 return (-1);
851 switch (name) {
852 case IPV6_UNICAST_HOPS:
853 *i1 = (int)ipp->ipp_unicast_hops;
854 break; /* goto sizeof (int) option return */
855 case IPV6_MULTICAST_IF:
856 /* 0 index if not set */
857 *i1 = ixa->ixa_multicast_ifindex;
858 break; /* goto sizeof (int) option return */
859 case IPV6_MULTICAST_HOPS:
860 *i1 = ixa->ixa_multicast_ttl;
861 break; /* goto sizeof (int) option return */
862 case IPV6_MULTICAST_LOOP:
863 *i1 = (ixa->ixa_flags & IXAF_MULTICAST_LOOP) ? 1 : 0;
864 break; /* goto sizeof (int) option return */
865 case IPV6_JOIN_GROUP:
866 case IPV6_LEAVE_GROUP:
867 case MCAST_JOIN_GROUP:
868 case MCAST_LEAVE_GROUP:
869 case MCAST_BLOCK_SOURCE:
870 case MCAST_UNBLOCK_SOURCE:
871 case MCAST_JOIN_SOURCE_GROUP:
872 case MCAST_LEAVE_SOURCE_GROUP:
873 /* cannot "get" the value for these */
874 return (-1);
875 case IPV6_BOUND_IF:
876 /* Zero if not set */
877 *i1 = connp->conn_bound_if;
878 break; /* goto sizeof (int) option return */
879 case IPV6_UNSPEC_SRC:
880 *i1 = connp->conn_unspec_src;
881 break; /* goto sizeof (int) option return */
882 case IPV6_RECVPKTINFO:
883 *i1 = connp->conn_recv_ancillary.crb_ip_recvpktinfo;
884 break; /* goto sizeof (int) option return */
885 case IPV6_RECVTCLASS:
886 *i1 = connp->conn_recv_ancillary.crb_ipv6_recvtclass;
887 break; /* goto sizeof (int) option return */
888 case IPV6_RECVPATHMTU:
889 *i1 = connp->conn_ipv6_recvpathmtu;
890 break; /* goto sizeof (int) option return */
891 case IPV6_RECVHOPLIMIT:
892 *i1 = connp->conn_recv_ancillary.crb_ipv6_recvhoplimit;
893 break; /* goto sizeof (int) option return */
894 case IPV6_RECVHOPOPTS:
895 *i1 = connp->conn_recv_ancillary.crb_ipv6_recvhopopts;
896 break; /* goto sizeof (int) option return */
897 case IPV6_RECVDSTOPTS:
898 *i1 = connp->conn_recv_ancillary.crb_ipv6_recvdstopts;
899 break; /* goto sizeof (int) option return */
900 case _OLD_IPV6_RECVDSTOPTS:
901 *i1 =
902 connp->conn_recv_ancillary.crb_old_ipv6_recvdstopts;
903 break; /* goto sizeof (int) option return */
904 case IPV6_RECVRTHDRDSTOPTS:
905 *i1 = connp->conn_recv_ancillary.
906 crb_ipv6_recvrthdrdstopts;
907 break; /* goto sizeof (int) option return */
908 case IPV6_RECVRTHDR:
909 *i1 = connp->conn_recv_ancillary.crb_ipv6_recvrthdr;
910 break; /* goto sizeof (int) option return */
911 case IPV6_PKTINFO: {
912 /* XXX assumes that caller has room for max size! */
913 struct in6_pktinfo *pkti;
914
915 pkti = (struct in6_pktinfo *)ptr;
916 pkti->ipi6_ifindex = ixa->ixa_ifindex;
917 if (ipp->ipp_fields & IPPF_ADDR)
918 pkti->ipi6_addr = ipp->ipp_addr;
919 else
920 pkti->ipi6_addr = ipv6_all_zeros;
921 return (sizeof (struct in6_pktinfo));
922 }
923 case IPV6_TCLASS:
924 *i1 = ipp->ipp_tclass;
925 break; /* goto sizeof (int) option return */
926 case IPV6_NEXTHOP: {
927 sin6_t *sin6 = (sin6_t *)ptr;
928
929 if (ixa->ixa_flags & IXAF_NEXTHOP_SET)
930 return (0);
931
932 *sin6 = sin6_null;
933 sin6->sin6_family = AF_INET6;
934 sin6->sin6_addr = ixa->ixa_nexthop_v6;
935
936 return (sizeof (sin6_t));
937 }
938 case IPV6_HOPOPTS:
939 if (!(ipp->ipp_fields & IPPF_HOPOPTS))
940 return (0);
941 bcopy(ipp->ipp_hopopts, ptr,
942 ipp->ipp_hopoptslen);
943 return (ipp->ipp_hopoptslen);
944 case IPV6_RTHDRDSTOPTS:
945 if (!(ipp->ipp_fields & IPPF_RTHDRDSTOPTS))
946 return (0);
947 bcopy(ipp->ipp_rthdrdstopts, ptr,
948 ipp->ipp_rthdrdstoptslen);
949 return (ipp->ipp_rthdrdstoptslen);
950 case IPV6_RTHDR:
951 if (!(ipp->ipp_fields & IPPF_RTHDR))
952 return (0);
953 bcopy(ipp->ipp_rthdr, ptr, ipp->ipp_rthdrlen);
954 return (ipp->ipp_rthdrlen);
955 case IPV6_DSTOPTS:
956 if (!(ipp->ipp_fields & IPPF_DSTOPTS))
957 return (0);
958 bcopy(ipp->ipp_dstopts, ptr, ipp->ipp_dstoptslen);
959 return (ipp->ipp_dstoptslen);
960 case IPV6_PATHMTU:
961 return (ip_fill_mtuinfo(connp, ixa,
962 (struct ip6_mtuinfo *)ptr));
963 case IPV6_SEC_OPT:
964 return (ipsec_req_from_conn(connp, (ipsec_req_t *)ptr,
965 IPSEC_AF_V6));
966 case IPV6_SRC_PREFERENCES:
967 return (ip6_get_src_preferences(ixa, (uint32_t *)ptr));
968 case IPV6_DONTFRAG:
969 *i1 = (ixa->ixa_flags & IXAF_DONTFRAG) != 0;
970 return (sizeof (int));
971 case IPV6_USE_MIN_MTU:
972 if (ixa->ixa_flags & IXAF_USE_MIN_MTU)
973 *i1 = ixa->ixa_use_min_mtu;
974 else
975 *i1 = IPV6_USE_MIN_MTU_MULTICAST;
976 break;
977 case IPV6_V6ONLY:
978 *i1 = connp->conn_ipv6_v6only;
979 return (sizeof (int));
980 default:
981 return (-1);
982 }
983 break;
984 case IPPROTO_UDP:
985 switch (name) {
986 case UDP_ANONPRIVBIND:
987 *i1 = connp->conn_anon_priv_bind;
988 break;
989 case UDP_EXCLBIND:
990 *i1 = connp->conn_exclbind ? UDP_EXCLBIND : 0;
991 break;
992 default:
993 return (-1);
994 }
995 break;
996 case IPPROTO_TCP:
997 switch (name) {
998 case TCP_RECVDSTADDR:
999 *i1 = connp->conn_recv_ancillary.crb_recvdstaddr;
1000 break;
1001 case TCP_ANONPRIVBIND:
1002 *i1 = connp->conn_anon_priv_bind;
1003 break;
1004 case TCP_EXCLBIND:
1005 *i1 = connp->conn_exclbind ? TCP_EXCLBIND : 0;
1006 break;
1007 default:
1008 return (-1);
1009 }
1010 break;
1011 default:
1012 return (-1);
1013 }
1014 return (sizeof (int));
1015 }
1016
1017 static int conn_opt_set_socket(conn_opt_arg_t *coa, t_scalar_t name,
1018 uint_t inlen, uchar_t *invalp, boolean_t checkonly, cred_t *cr);
1019 static int conn_opt_set_ip(conn_opt_arg_t *coa, t_scalar_t name,
1020 uint_t inlen, uchar_t *invalp, boolean_t checkonly, cred_t *cr);
1021 static int conn_opt_set_ipv6(conn_opt_arg_t *coa, t_scalar_t name,
1022 uint_t inlen, uchar_t *invalp, boolean_t checkonly, cred_t *cr);
1023 static int conn_opt_set_udp(conn_opt_arg_t *coa, t_scalar_t name,
1024 uint_t inlen, uchar_t *invalp, boolean_t checkonly, cred_t *cr);
1025 static int conn_opt_set_tcp(conn_opt_arg_t *coa, t_scalar_t name,
1026 uint_t inlen, uchar_t *invalp, boolean_t checkonly, cred_t *cr);
1027
1028 /*
1029 * This routine sets the most common socket options including some
1030 * that are transport/ULP specific.
1031 * It returns errno or zero.
1032 *
1033 * For fixed length options, there is no sanity check
1034 * of passed in length is done. It is assumed *_optcom_req()
1035 * routines do the right thing.
1036 */
1037 int
1038 conn_opt_set(conn_opt_arg_t *coa, t_scalar_t level, t_scalar_t name,
1039 uint_t inlen, uchar_t *invalp, boolean_t checkonly, cred_t *cr)
1040 {
1041 ASSERT(MUTEX_NOT_HELD(&coa->coa_connp->conn_lock));
1042
1043 /* We have different functions for different levels */
1044 switch (level) {
1045 case SOL_SOCKET:
1046 return (conn_opt_set_socket(coa, name, inlen, invalp,
1047 checkonly, cr));
1048 case IPPROTO_IP:
1049 return (conn_opt_set_ip(coa, name, inlen, invalp,
1050 checkonly, cr));
1051 case IPPROTO_IPV6:
1052 return (conn_opt_set_ipv6(coa, name, inlen, invalp,
1053 checkonly, cr));
1054 case IPPROTO_UDP:
1055 return (conn_opt_set_udp(coa, name, inlen, invalp,
1056 checkonly, cr));
1057 case IPPROTO_TCP:
1058 return (conn_opt_set_tcp(coa, name, inlen, invalp,
1059 checkonly, cr));
1060 default:
1061 return (0);
1062 }
1063 }
1064
1065 /*
1066 * Handle SOL_SOCKET
1067 * Note that we do not handle SO_PROTOTYPE here. The ULPs that support
1068 * it implement their own checks and setting of conn_proto.
1069 */
1070 /* ARGSUSED1 */
1071 static int
1072 conn_opt_set_socket(conn_opt_arg_t *coa, t_scalar_t name, uint_t inlen,
1073 uchar_t *invalp, boolean_t checkonly, cred_t *cr)
1074 {
1075 conn_t *connp = coa->coa_connp;
1076 ip_xmit_attr_t *ixa = coa->coa_ixa;
1077 int *i1 = (int *)invalp;
1078 boolean_t onoff = (*i1 == 0) ? 0 : 1;
1079
1080 switch (name) {
1081 case SO_ALLZONES:
1082 if (IPCL_IS_BOUND(connp))
1083 return (EINVAL);
1084 break;
1085 case SO_VRRP:
1086 if (secpolicy_ip_config(cr, checkonly) != 0)
1087 return (EACCES);
1088 break;
1089 case SO_MAC_EXEMPT:
1090 if (secpolicy_net_mac_aware(cr) != 0)
1091 return (EACCES);
1092 if (IPCL_IS_BOUND(connp))
1093 return (EINVAL);
1094 break;
1095 case SO_MAC_IMPLICIT:
1096 if (secpolicy_net_mac_implicit(cr) != 0)
1097 return (EACCES);
1098 break;
1099 }
1100 if (checkonly)
1101 return (0);
1102
1103 mutex_enter(&connp->conn_lock);
1104 /* Here we set the actual option value */
1105 switch (name) {
1106 case SO_DEBUG:
1107 connp->conn_debug = onoff;
1108 break;
1109 case SO_KEEPALIVE:
1110 connp->conn_keepalive = onoff;
1111 break;
1112 case SO_LINGER: {
1113 struct linger *lgr = (struct linger *)invalp;
1114
1115 if (lgr->l_onoff) {
1116 connp->conn_linger = 1;
1117 connp->conn_lingertime = lgr->l_linger;
1118 } else {
1119 connp->conn_linger = 0;
1120 connp->conn_lingertime = 0;
1121 }
1122 break;
1123 }
1124 case SO_OOBINLINE:
1125 connp->conn_oobinline = onoff;
1126 coa->coa_changed |= COA_OOBINLINE_CHANGED;
1127 break;
1128 case SO_REUSEADDR:
1129 connp->conn_reuseaddr = onoff;
1130 break;
1131 case SO_DONTROUTE:
1132 if (onoff)
1133 ixa->ixa_flags |= IXAF_DONTROUTE;
1134 else
1135 ixa->ixa_flags &= ~IXAF_DONTROUTE;
1136 coa->coa_changed |= COA_ROUTE_CHANGED;
1137 break;
1138 case SO_USELOOPBACK:
1139 connp->conn_useloopback = onoff;
1140 break;
1141 case SO_BROADCAST:
1142 connp->conn_broadcast = onoff;
1143 break;
1144 case SO_SNDBUF:
1145 /* ULP has range checked the value */
1146 connp->conn_sndbuf = *i1;
1147 coa->coa_changed |= COA_SNDBUF_CHANGED;
1148 break;
1149 case SO_RCVBUF:
1150 /* ULP has range checked the value */
1151 connp->conn_rcvbuf = *i1;
1152 coa->coa_changed |= COA_RCVBUF_CHANGED;
1153 break;
1154 case SO_RCVTIMEO:
1155 case SO_SNDTIMEO:
1156 /*
1157 * Pass these two options in order for third part
1158 * protocol usage.
1159 */
1160 break;
1161 case SO_DGRAM_ERRIND:
1162 connp->conn_dgram_errind = onoff;
1163 break;
1164 case SO_RECVUCRED:
1165 connp->conn_recv_ancillary.crb_recvucred = onoff;
1166 break;
1167 case SO_ALLZONES:
1168 connp->conn_allzones = onoff;
1169 coa->coa_changed |= COA_ROUTE_CHANGED;
1170 if (onoff)
1171 ixa->ixa_zoneid = ALL_ZONES;
1172 else
1173 ixa->ixa_zoneid = connp->conn_zoneid;
1174 break;
1175 case SO_TIMESTAMP:
1176 connp->conn_recv_ancillary.crb_timestamp = onoff;
1177 break;
1178 case SO_VRRP:
1179 connp->conn_isvrrp = onoff;
1180 break;
1181 case SO_ANON_MLP:
1182 connp->conn_anon_mlp = onoff;
1183 break;
1184 case SO_MAC_EXEMPT:
1185 connp->conn_mac_mode = onoff ?
1186 CONN_MAC_AWARE : CONN_MAC_DEFAULT;
1187 break;
1188 case SO_MAC_IMPLICIT:
1189 connp->conn_mac_mode = onoff ?
1190 CONN_MAC_IMPLICIT : CONN_MAC_DEFAULT;
1191 break;
1192 case SO_EXCLBIND:
1193 connp->conn_exclbind = onoff;
1194 break;
1195 }
1196 mutex_exit(&connp->conn_lock);
1197 return (0);
1198 }
1199
1200 /* Handle IPPROTO_IP */
1201 static int
1202 conn_opt_set_ip(conn_opt_arg_t *coa, t_scalar_t name, uint_t inlen,
1203 uchar_t *invalp, boolean_t checkonly, cred_t *cr)
1204 {
1205 conn_t *connp = coa->coa_connp;
1206 ip_xmit_attr_t *ixa = coa->coa_ixa;
1207 ip_pkt_t *ipp = coa->coa_ipp;
1208 int *i1 = (int *)invalp;
1209 boolean_t onoff = (*i1 == 0) ? 0 : 1;
1210 ipaddr_t addr = (ipaddr_t)*i1;
1211 uint_t ifindex;
1212 zoneid_t zoneid = IPCL_ZONEID(connp);
1213 ipif_t *ipif;
1214 ip_stack_t *ipst = connp->conn_netstack->netstack_ip;
1215 int error;
1216
1217 if (connp->conn_family != AF_INET)
1218 return (EINVAL);
1219
1220 ifindex = UINT_MAX;
1221 switch (name) {
1222 case IP_TTL:
1223 /* Don't allow zero */
1224 if (*i1 < 1 || *i1 > 255)
1225 return (EINVAL);
1226 break;
1227 case IP_MULTICAST_IF:
1228 if (addr == INADDR_ANY) {
1229 /* Clear */
1230 ifindex = 0;
1231 break;
1232 }
1233 ipif = ipif_lookup_addr(addr, NULL, zoneid, ipst);
1234 if (ipif == NULL)
1235 return (EHOSTUNREACH);
1236 /* not supported by the virtual network iface */
1237 if (IS_VNI(ipif->ipif_ill)) {
1238 ipif_refrele(ipif);
1239 return (EINVAL);
1240 }
1241 ifindex = ipif->ipif_ill->ill_phyint->phyint_ifindex;
1242 ipif_refrele(ipif);
1243 break;
1244 case IP_NEXTHOP: {
1245 ire_t *ire;
1246
1247 if (addr == INADDR_ANY) {
1248 /* Clear */
1249 break;
1250 }
1251 /* Verify that the next-hop is on-link */
1252 ire = ire_ftable_lookup_v4(addr, 0, 0, IRE_ONLINK, NULL, zoneid,
1253 NULL, MATCH_IRE_TYPE, 0, ipst, NULL);
1254 if (ire == NULL)
1255 return (EHOSTUNREACH);
1256 ire_refrele(ire);
1257 break;
1258 }
1259 case IP_OPTIONS:
1260 case T_IP_OPTIONS: {
1261 uint_t newlen;
1262
1263 if (ipp->ipp_fields & IPPF_LABEL_V4)
1264 newlen = inlen + (ipp->ipp_label_len_v4 + 3) & ~3;
1265 else
1266 newlen = inlen;
1267 if ((inlen & 0x3) || newlen > IP_MAX_OPT_LENGTH) {
1268 return (EINVAL);
1269 }
1270 break;
1271 }
1272 case IP_PKTINFO: {
1273 struct in_pktinfo *pktinfo;
1274
1275 /* Two different valid lengths */
1276 if (inlen != sizeof (int) &&
1277 inlen != sizeof (struct in_pktinfo))
1278 return (EINVAL);
1279 if (inlen == sizeof (int))
1280 break;
1281
1282 pktinfo = (struct in_pktinfo *)invalp;
1283 if (pktinfo->ipi_spec_dst.s_addr != INADDR_ANY) {
1284 switch (ip_laddr_verify_v4(pktinfo->ipi_spec_dst.s_addr,
1285 zoneid, ipst, B_FALSE)) {
1286 case IPVL_UNICAST_UP:
1287 case IPVL_UNICAST_DOWN:
1288 break;
1289 default:
1290 return (EADDRNOTAVAIL);
1291 }
1292 }
1293 if (!ip_xmit_ifindex_valid(pktinfo->ipi_ifindex, zoneid,
1294 B_FALSE, ipst))
1295 return (ENXIO);
1296 break;
1297 }
1298 case IP_BOUND_IF:
1299 ifindex = *(uint_t *)i1;
1300
1301 /* Just check it is ok. */
1302 if (!ip_xmit_ifindex_valid(ifindex, zoneid, B_FALSE, ipst))
1303 return (ENXIO);
1304 break;
1305 }
1306 if (checkonly)
1307 return (0);
1308
1309 /* Here we set the actual option value */
1310 /*
1311 * conn_lock protects the bitfields, and is used to
1312 * set the fields atomically. Not needed for ixa settings since
1313 * the caller has an exclusive copy of the ixa.
1314 * We can not hold conn_lock across the multicast options though.
1315 */
1316 switch (name) {
1317 case IP_OPTIONS:
1318 case T_IP_OPTIONS:
1319 /* Save options for use by IP. */
1320 mutex_enter(&connp->conn_lock);
1321 error = optcom_pkt_set(invalp, inlen,
1322 (uchar_t **)&ipp->ipp_ipv4_options,
1323 &ipp->ipp_ipv4_options_len);
1324 if (error != 0) {
1325 mutex_exit(&connp->conn_lock);
1326 return (error);
1327 }
1328 if (ipp->ipp_ipv4_options_len == 0) {
1329 ipp->ipp_fields &= ~IPPF_IPV4_OPTIONS;
1330 } else {
1331 ipp->ipp_fields |= IPPF_IPV4_OPTIONS;
1332 }
1333 mutex_exit(&connp->conn_lock);
1334 coa->coa_changed |= COA_HEADER_CHANGED;
1335 coa->coa_changed |= COA_WROFF_CHANGED;
1336 break;
1337
1338 case IP_TTL:
1339 mutex_enter(&connp->conn_lock);
1340 ipp->ipp_unicast_hops = *i1;
1341 mutex_exit(&connp->conn_lock);
1342 coa->coa_changed |= COA_HEADER_CHANGED;
1343 break;
1344 case IP_TOS:
1345 case T_IP_TOS:
1346 mutex_enter(&connp->conn_lock);
1347 if (*i1 == -1) {
1348 ipp->ipp_type_of_service = 0;
1349 } else {
1350 ipp->ipp_type_of_service = *i1;
1351 }
1352 mutex_exit(&connp->conn_lock);
1353 coa->coa_changed |= COA_HEADER_CHANGED;
1354 break;
1355 case IP_MULTICAST_IF:
1356 ixa->ixa_multicast_ifindex = ifindex;
1357 ixa->ixa_multicast_ifaddr = addr;
1358 coa->coa_changed |= COA_ROUTE_CHANGED;
1359 break;
1360 case IP_MULTICAST_TTL:
1361 ixa->ixa_multicast_ttl = *invalp;
1362 /* Handled automatically by ip_output */
1363 break;
1364 case IP_MULTICAST_LOOP:
1365 if (*invalp != 0)
1366 ixa->ixa_flags |= IXAF_MULTICAST_LOOP;
1367 else
1368 ixa->ixa_flags &= ~IXAF_MULTICAST_LOOP;
1369 /* Handled automatically by ip_output */
1370 break;
1371 case IP_RECVOPTS:
1372 mutex_enter(&connp->conn_lock);
1373 connp->conn_recv_ancillary.crb_recvopts = onoff;
1374 mutex_exit(&connp->conn_lock);
1375 break;
1376 case IP_RECVDSTADDR:
1377 mutex_enter(&connp->conn_lock);
1378 connp->conn_recv_ancillary.crb_recvdstaddr = onoff;
1379 mutex_exit(&connp->conn_lock);
1380 break;
1381 case IP_RECVIF:
1382 mutex_enter(&connp->conn_lock);
1383 connp->conn_recv_ancillary.crb_recvif = onoff;
1384 mutex_exit(&connp->conn_lock);
1385 break;
1386 case IP_RECVSLLA:
1387 mutex_enter(&connp->conn_lock);
1388 connp->conn_recv_ancillary.crb_recvslla = onoff;
1389 mutex_exit(&connp->conn_lock);
1390 break;
1391 case IP_RECVTTL:
1392 mutex_enter(&connp->conn_lock);
1393 connp->conn_recv_ancillary.crb_recvttl = onoff;
1394 mutex_exit(&connp->conn_lock);
1395 break;
1396 case IP_RECVTOS:
1397 mutex_enter(&connp->conn_lock);
1398 connp->conn_recv_ancillary.crb_recvtos = onoff;
1399 mutex_exit(&connp->conn_lock);
1400 break;
1401 case IP_PKTINFO: {
1402 /*
1403 * This also handles IP_RECVPKTINFO.
1404 * IP_PKTINFO and IP_RECVPKTINFO have same value.
1405 * Differentiation is based on the size of the
1406 * argument passed in.
1407 */
1408 struct in_pktinfo *pktinfo;
1409
1410 if (inlen == sizeof (int)) {
1411 /* This is IP_RECVPKTINFO option. */
1412 mutex_enter(&connp->conn_lock);
1413 connp->conn_recv_ancillary.crb_ip_recvpktinfo =
1414 onoff;
1415 mutex_exit(&connp->conn_lock);
1416 break;
1417 }
1418
1419 /* This is IP_PKTINFO option. */
1420 mutex_enter(&connp->conn_lock);
1421 pktinfo = (struct in_pktinfo *)invalp;
1422 if (pktinfo->ipi_spec_dst.s_addr != INADDR_ANY) {
1423 ipp->ipp_fields |= IPPF_ADDR;
1424 IN6_INADDR_TO_V4MAPPED(&pktinfo->ipi_spec_dst,
1425 &ipp->ipp_addr);
1426 } else {
1427 ipp->ipp_fields &= ~IPPF_ADDR;
1428 ipp->ipp_addr = ipv6_all_zeros;
1429 }
1430 mutex_exit(&connp->conn_lock);
1431 ixa->ixa_ifindex = pktinfo->ipi_ifindex;
1432 coa->coa_changed |= COA_ROUTE_CHANGED;
1433 coa->coa_changed |= COA_HEADER_CHANGED;
1434 break;
1435 }
1436 case IP_DONTFRAG:
1437 if (onoff) {
1438 ixa->ixa_flags |= (IXAF_DONTFRAG | IXAF_PMTU_IPV4_DF);
1439 ixa->ixa_flags &= ~IXAF_PMTU_DISCOVERY;
1440 } else {
1441 ixa->ixa_flags &= ~(IXAF_DONTFRAG | IXAF_PMTU_IPV4_DF);
1442 ixa->ixa_flags |= IXAF_PMTU_DISCOVERY;
1443 }
1444 /* Need to redo ip_attr_connect */
1445 coa->coa_changed |= COA_ROUTE_CHANGED;
1446 break;
1447 case IP_ADD_MEMBERSHIP:
1448 case IP_DROP_MEMBERSHIP:
1449 case MCAST_JOIN_GROUP:
1450 case MCAST_LEAVE_GROUP:
1451 return (ip_opt_set_multicast_group(connp, name,
1452 invalp, B_FALSE, checkonly));
1453
1454 case IP_BLOCK_SOURCE:
1455 case IP_UNBLOCK_SOURCE:
1456 case IP_ADD_SOURCE_MEMBERSHIP:
1457 case IP_DROP_SOURCE_MEMBERSHIP:
1458 case MCAST_BLOCK_SOURCE:
1459 case MCAST_UNBLOCK_SOURCE:
1460 case MCAST_JOIN_SOURCE_GROUP:
1461 case MCAST_LEAVE_SOURCE_GROUP:
1462 return (ip_opt_set_multicast_sources(connp, name,
1463 invalp, B_FALSE, checkonly));
1464
1465 case IP_SEC_OPT:
1466 mutex_enter(&connp->conn_lock);
1467 error = ipsec_set_req(cr, connp, (ipsec_req_t *)invalp);
1468 mutex_exit(&connp->conn_lock);
1469 if (error != 0) {
1470 return (error);
1471 }
1472 /* This is an IPsec policy change - redo ip_attr_connect */
1473 coa->coa_changed |= COA_ROUTE_CHANGED;
1474 break;
1475 case IP_NEXTHOP:
1476 ixa->ixa_nexthop_v4 = addr;
1477 if (addr != INADDR_ANY)
1478 ixa->ixa_flags |= IXAF_NEXTHOP_SET;
1479 else
1480 ixa->ixa_flags &= ~IXAF_NEXTHOP_SET;
1481 coa->coa_changed |= COA_ROUTE_CHANGED;
1482 break;
1483
1484 case IP_BOUND_IF:
1485 ixa->ixa_ifindex = ifindex; /* Send */
1486 mutex_enter(&connp->conn_lock);
1487 connp->conn_incoming_ifindex = ifindex; /* Receive */
1488 connp->conn_bound_if = ifindex; /* getsockopt */
1489 mutex_exit(&connp->conn_lock);
1490 coa->coa_changed |= COA_ROUTE_CHANGED;
1491 break;
1492 case IP_UNSPEC_SRC:
1493 mutex_enter(&connp->conn_lock);
1494 connp->conn_unspec_src = onoff;
1495 if (onoff)
1496 ixa->ixa_flags &= ~IXAF_VERIFY_SOURCE;
1497 else
1498 ixa->ixa_flags |= IXAF_VERIFY_SOURCE;
1499
1500 mutex_exit(&connp->conn_lock);
1501 break;
1502 case IP_BROADCAST_TTL:
1503 ixa->ixa_broadcast_ttl = *invalp;
1504 ixa->ixa_flags |= IXAF_BROADCAST_TTL_SET;
1505 /* Handled automatically by ip_output */
1506 break;
1507 case MRT_INIT:
1508 case MRT_DONE:
1509 case MRT_ADD_VIF:
1510 case MRT_DEL_VIF:
1511 case MRT_ADD_MFC:
1512 case MRT_DEL_MFC:
1513 case MRT_ASSERT:
1514 if ((error = secpolicy_ip_config(cr, B_FALSE)) != 0) {
1515 return (error);
1516 }
1517 error = ip_mrouter_set((int)name, connp, checkonly,
1518 (uchar_t *)invalp, inlen);
1519 if (error) {
1520 return (error);
1521 }
1522 return (0);
1523
1524 }
1525 return (0);
1526 }
1527
1528 /* Handle IPPROTO_IPV6 */
1529 static int
1530 conn_opt_set_ipv6(conn_opt_arg_t *coa, t_scalar_t name, uint_t inlen,
1531 uchar_t *invalp, boolean_t checkonly, cred_t *cr)
1532 {
1533 conn_t *connp = coa->coa_connp;
1534 ip_xmit_attr_t *ixa = coa->coa_ixa;
1535 ip_pkt_t *ipp = coa->coa_ipp;
1536 int *i1 = (int *)invalp;
1537 boolean_t onoff = (*i1 == 0) ? 0 : 1;
1538 uint_t ifindex;
1539 zoneid_t zoneid = IPCL_ZONEID(connp);
1540 ip_stack_t *ipst = connp->conn_netstack->netstack_ip;
1541 int error;
1542
1543 if (connp->conn_family != AF_INET6)
1544 return (EINVAL);
1545
1546 ifindex = UINT_MAX;
1547 switch (name) {
1548 case IPV6_MULTICAST_IF:
1549 /*
1550 * The only possible error is EINVAL.
1551 * We call this option on both V4 and V6
1552 * If both fail, then this call returns
1553 * EINVAL. If at least one of them succeeds we
1554 * return success.
1555 */
1556 ifindex = *(uint_t *)i1;
1557
1558 if (!ip_xmit_ifindex_valid(ifindex, zoneid, B_TRUE, ipst) &&
1559 !ip_xmit_ifindex_valid(ifindex, zoneid, B_FALSE, ipst))
1560 return (EINVAL);
1561 break;
1562 case IPV6_UNICAST_HOPS:
1563 /* Don't allow zero. -1 means to use default */
1564 if (*i1 < -1 || *i1 == 0 || *i1 > IPV6_MAX_HOPS)
1565 return (EINVAL);
1566 break;
1567 case IPV6_MULTICAST_HOPS:
1568 /* -1 means use default */
1569 if (*i1 < -1 || *i1 > IPV6_MAX_HOPS)
1570 return (EINVAL);
1571 break;
1572 case IPV6_MULTICAST_LOOP:
1573 if (*i1 != 0 && *i1 != 1)
1574 return (EINVAL);
1575 break;
1576 case IPV6_BOUND_IF:
1577 ifindex = *(uint_t *)i1;
1578
1579 if (!ip_xmit_ifindex_valid(ifindex, zoneid, B_TRUE, ipst))
1580 return (ENXIO);
1581 break;
1582 case IPV6_PKTINFO: {
1583 struct in6_pktinfo *pkti;
1584 boolean_t isv6;
1585
1586 if (inlen != 0 && inlen != sizeof (struct in6_pktinfo))
1587 return (EINVAL);
1588 if (inlen == 0)
1589 break; /* Clear values below */
1590
1591 /*
1592 * Verify the source address and ifindex. Privileged users
1593 * can use any source address.
1594 */
1595 pkti = (struct in6_pktinfo *)invalp;
1596
1597 /*
1598 * For link-local addresses we use the ipi6_ifindex when
1599 * we verify the local address.
1600 * If net_rawaccess then any source address can be used.
1601 */
1602 if (!IN6_IS_ADDR_UNSPECIFIED(&pkti->ipi6_addr) &&
1603 secpolicy_net_rawaccess(cr) != 0) {
1604 uint_t scopeid = 0;
1605 in6_addr_t *v6src = &pkti->ipi6_addr;
1606 ipaddr_t v4src;
1607 ip_laddr_t laddr_type = IPVL_UNICAST_UP;
1608
1609 if (IN6_IS_ADDR_V4MAPPED(v6src)) {
1610 IN6_V4MAPPED_TO_IPADDR(v6src, v4src);
1611 if (v4src != INADDR_ANY) {
1612 laddr_type = ip_laddr_verify_v4(v4src,
1613 zoneid, ipst, B_FALSE);
1614 }
1615 } else {
1616 if (IN6_IS_ADDR_LINKSCOPE(v6src))
1617 scopeid = pkti->ipi6_ifindex;
1618
1619 laddr_type = ip_laddr_verify_v6(v6src, zoneid,
1620 ipst, B_FALSE, scopeid);
1621 }
1622 switch (laddr_type) {
1623 case IPVL_UNICAST_UP:
1624 case IPVL_UNICAST_DOWN:
1625 break;
1626 default:
1627 return (EADDRNOTAVAIL);
1628 }
1629 ixa->ixa_flags |= IXAF_VERIFY_SOURCE;
1630 } else if (!IN6_IS_ADDR_UNSPECIFIED(&pkti->ipi6_addr)) {
1631 /* Allow any source */
1632 ixa->ixa_flags &= ~IXAF_VERIFY_SOURCE;
1633 }
1634 isv6 = !(IN6_IS_ADDR_V4MAPPED(&pkti->ipi6_addr));
1635 if (!ip_xmit_ifindex_valid(pkti->ipi6_ifindex, zoneid, isv6,
1636 ipst))
1637 return (ENXIO);
1638 break;
1639 }
1640 case IPV6_HOPLIMIT:
1641 /* It is only allowed as ancilary data */
1642 if (!coa->coa_ancillary)
1643 return (EINVAL);
1644
1645 if (inlen != 0 && inlen != sizeof (int))
1646 return (EINVAL);
1647 if (inlen == sizeof (int)) {
1648 if (*i1 > 255 || *i1 < -1 || *i1 == 0)
1649 return (EINVAL);
1650 }
1651 break;
1652 case IPV6_TCLASS:
1653 if (inlen != 0 && inlen != sizeof (int))
1654 return (EINVAL);
1655 if (inlen == sizeof (int)) {
1656 if (*i1 > 255 || *i1 < -1)
1657 return (EINVAL);
1658 }
1659 break;
1660 case IPV6_NEXTHOP:
1661 if (inlen != 0 && inlen != sizeof (sin6_t))
1662 return (EINVAL);
1663 if (inlen == sizeof (sin6_t)) {
1664 sin6_t *sin6 = (sin6_t *)invalp;
1665 ire_t *ire;
1666
1667 if (sin6->sin6_family != AF_INET6)
1668 return (EAFNOSUPPORT);
1669 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr))
1670 return (EADDRNOTAVAIL);
1671
1672 /* Verify that the next-hop is on-link */
1673 ire = ire_ftable_lookup_v6(&sin6->sin6_addr,
1674 0, 0, IRE_ONLINK, NULL, zoneid,
1675 NULL, MATCH_IRE_TYPE, 0, ipst, NULL);
1676 if (ire == NULL)
1677 return (EHOSTUNREACH);
1678 ire_refrele(ire);
1679 break;
1680 }
1681 break;
1682 case IPV6_RTHDR:
1683 case IPV6_DSTOPTS:
1684 case IPV6_RTHDRDSTOPTS:
1685 case IPV6_HOPOPTS: {
1686 /* All have the length field in the same place */
1687 ip6_hbh_t *hopts = (ip6_hbh_t *)invalp;
1688 /*
1689 * Sanity checks - minimum size, size a multiple of
1690 * eight bytes, and matching size passed in.
1691 */
1692 if (inlen != 0 &&
1693 inlen != (8 * (hopts->ip6h_len + 1)))
1694 return (EINVAL);
1695 break;
1696 }
1697 case IPV6_PATHMTU:
1698 /* Can't be set */
1699 return (EINVAL);
1700
1701 case IPV6_USE_MIN_MTU:
1702 if (inlen != sizeof (int))
1703 return (EINVAL);
1704 if (*i1 < -1 || *i1 > 1)
1705 return (EINVAL);
1706 break;
1707 case IPV6_SRC_PREFERENCES:
1708 if (inlen != sizeof (uint32_t))
1709 return (EINVAL);
1710 break;
1711 case IPV6_V6ONLY:
1712 if (*i1 < 0 || *i1 > 1) {
1713 return (EINVAL);
1714 }
1715 break;
1716 }
1717 if (checkonly)
1718 return (0);
1719
1720 /* Here we set the actual option value */
1721 /*
1722 * conn_lock protects the bitfields, and is used to
1723 * set the fields atomically. Not needed for ixa settings since
1724 * the caller has an exclusive copy of the ixa.
1725 * We can not hold conn_lock across the multicast options though.
1726 */
1727 ASSERT(MUTEX_NOT_HELD(&coa->coa_connp->conn_lock));
1728 switch (name) {
1729 case IPV6_MULTICAST_IF:
1730 ixa->ixa_multicast_ifindex = ifindex;
1731 /* Need to redo ip_attr_connect */
1732 coa->coa_changed |= COA_ROUTE_CHANGED;
1733 break;
1734 case IPV6_UNICAST_HOPS:
1735 /* -1 means use default */
1736 mutex_enter(&connp->conn_lock);
1737 if (*i1 == -1) {
1738 ipp->ipp_unicast_hops = connp->conn_default_ttl;
1739 } else {
1740 ipp->ipp_unicast_hops = (uint8_t)*i1;
1741 }
1742 mutex_exit(&connp->conn_lock);
1743 coa->coa_changed |= COA_HEADER_CHANGED;
1744 break;
1745 case IPV6_MULTICAST_HOPS:
1746 /* -1 means use default */
1747 if (*i1 == -1) {
1748 ixa->ixa_multicast_ttl = IP_DEFAULT_MULTICAST_TTL;
1749 } else {
1750 ixa->ixa_multicast_ttl = (uint8_t)*i1;
1751 }
1752 /* Handled automatically by ip_output */
1753 break;
1754 case IPV6_MULTICAST_LOOP:
1755 if (*i1 != 0)
1756 ixa->ixa_flags |= IXAF_MULTICAST_LOOP;
1757 else
1758 ixa->ixa_flags &= ~IXAF_MULTICAST_LOOP;
1759 /* Handled automatically by ip_output */
1760 break;
1761 case IPV6_JOIN_GROUP:
1762 case IPV6_LEAVE_GROUP:
1763 case MCAST_JOIN_GROUP:
1764 case MCAST_LEAVE_GROUP:
1765 return (ip_opt_set_multicast_group(connp, name,
1766 invalp, B_TRUE, checkonly));
1767
1768 case MCAST_BLOCK_SOURCE:
1769 case MCAST_UNBLOCK_SOURCE:
1770 case MCAST_JOIN_SOURCE_GROUP:
1771 case MCAST_LEAVE_SOURCE_GROUP:
1772 return (ip_opt_set_multicast_sources(connp, name,
1773 invalp, B_TRUE, checkonly));
1774
1775 case IPV6_BOUND_IF:
1776 ixa->ixa_ifindex = ifindex; /* Send */
1777 mutex_enter(&connp->conn_lock);
1778 connp->conn_incoming_ifindex = ifindex; /* Receive */
1779 connp->conn_bound_if = ifindex; /* getsockopt */
1780 mutex_exit(&connp->conn_lock);
1781 coa->coa_changed |= COA_ROUTE_CHANGED;
1782 break;
1783 case IPV6_UNSPEC_SRC:
1784 mutex_enter(&connp->conn_lock);
1785 connp->conn_unspec_src = onoff;
1786 if (onoff)
1787 ixa->ixa_flags &= ~IXAF_VERIFY_SOURCE;
1788 else
1789 ixa->ixa_flags |= IXAF_VERIFY_SOURCE;
1790 mutex_exit(&connp->conn_lock);
1791 break;
1792 case IPV6_RECVPKTINFO:
1793 mutex_enter(&connp->conn_lock);
1794 connp->conn_recv_ancillary.crb_ip_recvpktinfo = onoff;
1795 mutex_exit(&connp->conn_lock);
1796 break;
1797 case IPV6_RECVTCLASS:
1798 mutex_enter(&connp->conn_lock);
1799 connp->conn_recv_ancillary.crb_ipv6_recvtclass = onoff;
1800 mutex_exit(&connp->conn_lock);
1801 break;
1802 case IPV6_RECVPATHMTU:
1803 mutex_enter(&connp->conn_lock);
1804 connp->conn_ipv6_recvpathmtu = onoff;
1805 mutex_exit(&connp->conn_lock);
1806 break;
1807 case IPV6_RECVHOPLIMIT:
1808 mutex_enter(&connp->conn_lock);
1809 connp->conn_recv_ancillary.crb_ipv6_recvhoplimit =
1810 onoff;
1811 mutex_exit(&connp->conn_lock);
1812 break;
1813 case IPV6_RECVHOPOPTS:
1814 mutex_enter(&connp->conn_lock);
1815 connp->conn_recv_ancillary.crb_ipv6_recvhopopts = onoff;
1816 mutex_exit(&connp->conn_lock);
1817 break;
1818 case IPV6_RECVDSTOPTS:
1819 mutex_enter(&connp->conn_lock);
1820 connp->conn_recv_ancillary.crb_ipv6_recvdstopts = onoff;
1821 mutex_exit(&connp->conn_lock);
1822 break;
1823 case _OLD_IPV6_RECVDSTOPTS:
1824 mutex_enter(&connp->conn_lock);
1825 connp->conn_recv_ancillary.crb_old_ipv6_recvdstopts =
1826 onoff;
1827 mutex_exit(&connp->conn_lock);
1828 break;
1829 case IPV6_RECVRTHDRDSTOPTS:
1830 mutex_enter(&connp->conn_lock);
1831 connp->conn_recv_ancillary.crb_ipv6_recvrthdrdstopts =
1832 onoff;
1833 mutex_exit(&connp->conn_lock);
1834 break;
1835 case IPV6_RECVRTHDR:
1836 mutex_enter(&connp->conn_lock);
1837 connp->conn_recv_ancillary.crb_ipv6_recvrthdr = onoff;
1838 mutex_exit(&connp->conn_lock);
1839 break;
1840 case IPV6_PKTINFO:
1841 mutex_enter(&connp->conn_lock);
1842 if (inlen == 0) {
1843 ipp->ipp_fields &= ~IPPF_ADDR;
1844 ipp->ipp_addr = ipv6_all_zeros;
1845 ixa->ixa_ifindex = 0;
1846 } else {
1847 struct in6_pktinfo *pkti;
1848
1849 pkti = (struct in6_pktinfo *)invalp;
1850 ipp->ipp_addr = pkti->ipi6_addr;
1851 if (!IN6_IS_ADDR_UNSPECIFIED(&ipp->ipp_addr))
1852 ipp->ipp_fields |= IPPF_ADDR;
1853 else
1854 ipp->ipp_fields &= ~IPPF_ADDR;
1855 ixa->ixa_ifindex = pkti->ipi6_ifindex;
1856 }
1857 mutex_exit(&connp->conn_lock);
1858 /* Source and ifindex might have changed */
1859 coa->coa_changed |= COA_HEADER_CHANGED;
1860 coa->coa_changed |= COA_ROUTE_CHANGED;
1861 break;
1862 case IPV6_HOPLIMIT:
1863 mutex_enter(&connp->conn_lock);
1864 if (inlen == 0 || *i1 == -1) {
1865 /* Revert to default */
1866 ipp->ipp_fields &= ~IPPF_HOPLIMIT;
1867 ixa->ixa_flags &= ~IXAF_NO_TTL_CHANGE;
1868 } else {
1869 ipp->ipp_hoplimit = *i1;
1870 ipp->ipp_fields |= IPPF_HOPLIMIT;
1871 /* Ensure that it sticks for multicast packets */
1872 ixa->ixa_flags |= IXAF_NO_TTL_CHANGE;
1873 }
1874 mutex_exit(&connp->conn_lock);
1875 coa->coa_changed |= COA_HEADER_CHANGED;
1876 break;
1877 case IPV6_TCLASS:
1878 /*
1879 * IPV6_TCLASS accepts -1 as use kernel default
1880 * and [0, 255] as the actualy traffic class.
1881 */
1882 mutex_enter(&connp->conn_lock);
1883 if (inlen == 0 || *i1 == -1) {
1884 ipp->ipp_tclass = 0;
1885 ipp->ipp_fields &= ~IPPF_TCLASS;
1886 } else {
1887 ipp->ipp_tclass = *i1;
1888 ipp->ipp_fields |= IPPF_TCLASS;
1889 }
1890 mutex_exit(&connp->conn_lock);
1891 coa->coa_changed |= COA_HEADER_CHANGED;
1892 break;
1893 case IPV6_NEXTHOP:
1894 if (inlen == 0) {
1895 ixa->ixa_flags &= ~IXAF_NEXTHOP_SET;
1896 } else {
1897 sin6_t *sin6 = (sin6_t *)invalp;
1898
1899 ixa->ixa_nexthop_v6 = sin6->sin6_addr;
1900 if (!IN6_IS_ADDR_UNSPECIFIED(&ixa->ixa_nexthop_v6))
1901 ixa->ixa_flags |= IXAF_NEXTHOP_SET;
1902 else
1903 ixa->ixa_flags &= ~IXAF_NEXTHOP_SET;
1904 }
1905 coa->coa_changed |= COA_ROUTE_CHANGED;
1906 break;
1907 case IPV6_HOPOPTS:
1908 mutex_enter(&connp->conn_lock);
1909 error = optcom_pkt_set(invalp, inlen,
1910 (uchar_t **)&ipp->ipp_hopopts, &ipp->ipp_hopoptslen);
1911 if (error != 0) {
1912 mutex_exit(&connp->conn_lock);
1913 return (error);
1914 }
1915 if (ipp->ipp_hopoptslen == 0) {
1916 ipp->ipp_fields &= ~IPPF_HOPOPTS;
1917 } else {
1918 ipp->ipp_fields |= IPPF_HOPOPTS;
1919 }
1920 mutex_exit(&connp->conn_lock);
1921 coa->coa_changed |= COA_HEADER_CHANGED;
1922 coa->coa_changed |= COA_WROFF_CHANGED;
1923 break;
1924 case IPV6_RTHDRDSTOPTS:
1925 mutex_enter(&connp->conn_lock);
1926 error = optcom_pkt_set(invalp, inlen,
1927 (uchar_t **)&ipp->ipp_rthdrdstopts,
1928 &ipp->ipp_rthdrdstoptslen);
1929 if (error != 0) {
1930 mutex_exit(&connp->conn_lock);
1931 return (error);
1932 }
1933 if (ipp->ipp_rthdrdstoptslen == 0) {
1934 ipp->ipp_fields &= ~IPPF_RTHDRDSTOPTS;
1935 } else {
1936 ipp->ipp_fields |= IPPF_RTHDRDSTOPTS;
1937 }
1938 mutex_exit(&connp->conn_lock);
1939 coa->coa_changed |= COA_HEADER_CHANGED;
1940 coa->coa_changed |= COA_WROFF_CHANGED;
1941 break;
1942 case IPV6_DSTOPTS:
1943 mutex_enter(&connp->conn_lock);
1944 error = optcom_pkt_set(invalp, inlen,
1945 (uchar_t **)&ipp->ipp_dstopts, &ipp->ipp_dstoptslen);
1946 if (error != 0) {
1947 mutex_exit(&connp->conn_lock);
1948 return (error);
1949 }
1950 if (ipp->ipp_dstoptslen == 0) {
1951 ipp->ipp_fields &= ~IPPF_DSTOPTS;
1952 } else {
1953 ipp->ipp_fields |= IPPF_DSTOPTS;
1954 }
1955 mutex_exit(&connp->conn_lock);
1956 coa->coa_changed |= COA_HEADER_CHANGED;
1957 coa->coa_changed |= COA_WROFF_CHANGED;
1958 break;
1959 case IPV6_RTHDR:
1960 mutex_enter(&connp->conn_lock);
1961 error = optcom_pkt_set(invalp, inlen,
1962 (uchar_t **)&ipp->ipp_rthdr, &ipp->ipp_rthdrlen);
1963 if (error != 0) {
1964 mutex_exit(&connp->conn_lock);
1965 return (error);
1966 }
1967 if (ipp->ipp_rthdrlen == 0) {
1968 ipp->ipp_fields &= ~IPPF_RTHDR;
1969 } else {
1970 ipp->ipp_fields |= IPPF_RTHDR;
1971 }
1972 mutex_exit(&connp->conn_lock);
1973 coa->coa_changed |= COA_HEADER_CHANGED;
1974 coa->coa_changed |= COA_WROFF_CHANGED;
1975 break;
1976
1977 case IPV6_DONTFRAG:
1978 if (onoff) {
1979 ixa->ixa_flags |= IXAF_DONTFRAG;
1980 ixa->ixa_flags &= ~IXAF_PMTU_DISCOVERY;
1981 } else {
1982 ixa->ixa_flags &= ~IXAF_DONTFRAG;
1983 ixa->ixa_flags |= IXAF_PMTU_DISCOVERY;
1984 }
1985 /* Need to redo ip_attr_connect */
1986 coa->coa_changed |= COA_ROUTE_CHANGED;
1987 break;
1988
1989 case IPV6_USE_MIN_MTU:
1990 ixa->ixa_flags |= IXAF_USE_MIN_MTU;
1991 ixa->ixa_use_min_mtu = *i1;
1992 /* Need to redo ip_attr_connect */
1993 coa->coa_changed |= COA_ROUTE_CHANGED;
1994 break;
1995
1996 case IPV6_SEC_OPT:
1997 mutex_enter(&connp->conn_lock);
1998 error = ipsec_set_req(cr, connp, (ipsec_req_t *)invalp);
1999 mutex_exit(&connp->conn_lock);
2000 if (error != 0) {
2001 return (error);
2002 }
2003 /* This is an IPsec policy change - redo ip_attr_connect */
2004 coa->coa_changed |= COA_ROUTE_CHANGED;
2005 break;
2006 case IPV6_SRC_PREFERENCES:
2007 /*
2008 * This socket option only affects connected
2009 * sockets that haven't already bound to a specific
2010 * IPv6 address. In other words, sockets that
2011 * don't call bind() with an address other than the
2012 * unspecified address and that call connect().
2013 * ip_set_destination_v6() passes these preferences
2014 * to the ipif_select_source_v6() function.
2015 */
2016 mutex_enter(&connp->conn_lock);
2017 error = ip6_set_src_preferences(ixa, *(uint32_t *)invalp);
2018 mutex_exit(&connp->conn_lock);
2019 if (error != 0) {
2020 return (error);
2021 }
2022 break;
2023 case IPV6_V6ONLY:
2024 mutex_enter(&connp->conn_lock);
2025 connp->conn_ipv6_v6only = onoff;
2026 mutex_exit(&connp->conn_lock);
2027 break;
2028 }
2029 return (0);
2030 }
2031
2032 /* Handle IPPROTO_UDP */
2033 /* ARGSUSED1 */
2034 static int
2035 conn_opt_set_udp(conn_opt_arg_t *coa, t_scalar_t name, uint_t inlen,
2036 uchar_t *invalp, boolean_t checkonly, cred_t *cr)
2037 {
2038 conn_t *connp = coa->coa_connp;
2039 int *i1 = (int *)invalp;
2040 boolean_t onoff = (*i1 == 0) ? 0 : 1;
2041 int error;
2042
2043 switch (name) {
2044 case UDP_ANONPRIVBIND:
2045 if ((error = secpolicy_net_privaddr(cr, 0, IPPROTO_UDP)) != 0) {
2046 return (error);
2047 }
2048 break;
2049 }
2050 if (checkonly)
2051 return (0);
2052
2053 /* Here we set the actual option value */
2054 mutex_enter(&connp->conn_lock);
2055 switch (name) {
2056 case UDP_ANONPRIVBIND:
2057 connp->conn_anon_priv_bind = onoff;
2058 break;
2059 case UDP_EXCLBIND:
2060 connp->conn_exclbind = onoff;
2061 break;
2062 }
2063 mutex_exit(&connp->conn_lock);
2064 return (0);
2065 }
2066
2067 /* Handle IPPROTO_TCP */
2068 /* ARGSUSED1 */
2069 static int
2070 conn_opt_set_tcp(conn_opt_arg_t *coa, t_scalar_t name, uint_t inlen,
2071 uchar_t *invalp, boolean_t checkonly, cred_t *cr)
2072 {
2073 conn_t *connp = coa->coa_connp;
2074 int *i1 = (int *)invalp;
2075 boolean_t onoff = (*i1 == 0) ? 0 : 1;
2076 int error;
2077
2078 switch (name) {
2079 case TCP_ANONPRIVBIND:
2080 if ((error = secpolicy_net_privaddr(cr, 0, IPPROTO_TCP)) != 0) {
2081 return (error);
2082 }
2083 break;
2084 }
2085 if (checkonly)
2086 return (0);
2087
2088 /* Here we set the actual option value */
2089 mutex_enter(&connp->conn_lock);
2090 switch (name) {
2091 case TCP_ANONPRIVBIND:
2092 connp->conn_anon_priv_bind = onoff;
2093 break;
2094 case TCP_EXCLBIND:
2095 connp->conn_exclbind = onoff;
2096 break;
2097 case TCP_RECVDSTADDR:
2098 connp->conn_recv_ancillary.crb_recvdstaddr = onoff;
2099 break;
2100 }
2101 mutex_exit(&connp->conn_lock);
2102 return (0);
2103 }
2104
2105 int
2106 conn_getsockname(conn_t *connp, struct sockaddr *sa, uint_t *salenp)
2107 {
2108 sin_t *sin;
2109 sin6_t *sin6;
2110
2111 if (connp->conn_family == AF_INET) {
2112 if (*salenp < sizeof (sin_t))
2113 return (EINVAL);
2114
2115 *salenp = sizeof (sin_t);
2116 /* Fill zeroes and then initialize non-zero fields */
2117 sin = (sin_t *)sa;
2118 *sin = sin_null;
2119 sin->sin_family = AF_INET;
2120 if (!IN6_IS_ADDR_V4MAPPED_ANY(&connp->conn_saddr_v6) &&
2121 !IN6_IS_ADDR_UNSPECIFIED(&connp->conn_saddr_v6)) {
2122 sin->sin_addr.s_addr = connp->conn_saddr_v4;
2123 } else {
2124 /*
2125 * INADDR_ANY
2126 * conn_saddr is not set, we might be bound to
2127 * broadcast/multicast. Use conn_bound_addr as
2128 * local address instead (that could
2129 * also still be INADDR_ANY)
2130 */
2131 sin->sin_addr.s_addr = connp->conn_bound_addr_v4;
2132 }
2133 sin->sin_port = connp->conn_lport;
2134 } else {
2135 if (*salenp < sizeof (sin6_t))
2136 return (EINVAL);
2137
2138 *salenp = sizeof (sin6_t);
2139 /* Fill zeroes and then initialize non-zero fields */
2140 sin6 = (sin6_t *)sa;
2141 *sin6 = sin6_null;
2142 sin6->sin6_family = AF_INET6;
2143 if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_saddr_v6)) {
2144 sin6->sin6_addr = connp->conn_saddr_v6;
2145 } else {
2146 /*
2147 * conn_saddr is not set, we might be bound to
2148 * broadcast/multicast. Use conn_bound_addr as
2149 * local address instead (which could
2150 * also still be unspecified)
2151 */
2152 sin6->sin6_addr = connp->conn_bound_addr_v6;
2153 }
2154 sin6->sin6_port = connp->conn_lport;
2155 if (IN6_IS_ADDR_LINKSCOPE(&sin6->sin6_addr) &&
2156 (connp->conn_ixa->ixa_flags & IXAF_SCOPEID_SET))
2157 sin6->sin6_scope_id = connp->conn_ixa->ixa_scopeid;
2158 }
2159 return (0);
2160 }
2161
2162 int
2163 conn_getpeername(conn_t *connp, struct sockaddr *sa, uint_t *salenp)
2164 {
2165 struct sockaddr_in *sin;
2166 struct sockaddr_in6 *sin6;
2167
2168 if (connp->conn_family == AF_INET) {
2169 if (*salenp < sizeof (sin_t))
2170 return (EINVAL);
2171
2172 *salenp = sizeof (sin_t);
2173 /* initialize */
2174 sin = (sin_t *)sa;
2175 *sin = sin_null;
2176 sin->sin_family = AF_INET;
2177 sin->sin_addr.s_addr = connp->conn_faddr_v4;
2178 sin->sin_port = connp->conn_fport;
2179 } else {
2180 if (*salenp < sizeof (sin6_t))
2181 return (EINVAL);
2182
2183 *salenp = sizeof (sin6_t);
2184 /* initialize */
2185 sin6 = (sin6_t *)sa;
2186 *sin6 = sin6_null;
2187 sin6->sin6_family = AF_INET6;
2188 sin6->sin6_addr = connp->conn_faddr_v6;
2189 sin6->sin6_port = connp->conn_fport;
2190 sin6->sin6_flowinfo = connp->conn_flowinfo;
2191 if (IN6_IS_ADDR_LINKSCOPE(&sin6->sin6_addr) &&
2192 (connp->conn_ixa->ixa_flags & IXAF_SCOPEID_SET))
2193 sin6->sin6_scope_id = connp->conn_ixa->ixa_scopeid;
2194 }
2195 return (0);
2196 }
2197
2198 static uint32_t cksum_massage_options_v4(ipha_t *, netstack_t *);
2199 static uint32_t cksum_massage_options_v6(ip6_t *, uint_t, netstack_t *);
2200
2201 /*
2202 * Allocate and fill in conn_ht_iphc based on the current information
2203 * in the conn.
2204 * Normally used when we bind() and connect().
2205 * Returns failure if can't allocate memory, or if there is a problem
2206 * with a routing header/option.
2207 *
2208 * We allocate space for the transport header (ulp_hdr_len + extra) and
2209 * indicate the offset of the ulp header by setting ixa_ip_hdr_length.
2210 * The extra is there for transports that want some spare room for future
2211 * options. conn_ht_iphc_allocated is what was allocated; conn_ht_iphc_len
2212 * excludes the extra part.
2213 *
2214 * We massage an routing option/header and store the ckecksum difference
2215 * in conn_sum.
2216 *
2217 * Caller needs to update conn_wroff if desired.
2218 */
2219 int
2220 conn_build_hdr_template(conn_t *connp, uint_t ulp_hdr_length, uint_t extra,
2221 const in6_addr_t *v6src, const in6_addr_t *v6dst, uint32_t flowinfo)
2222 {
2223 ip_xmit_attr_t *ixa = connp->conn_ixa;
2224 ip_pkt_t *ipp = &connp->conn_xmit_ipp;
2225 uint_t ip_hdr_length;
2226 uchar_t *hdrs;
2227 uint_t hdrs_len;
2228
2229 ASSERT(MUTEX_HELD(&connp->conn_lock));
2230
2231 if (ixa->ixa_flags & IXAF_IS_IPV4) {
2232 ip_hdr_length = ip_total_hdrs_len_v4(ipp);
2233 /* In case of TX label and IP options it can be too much */
2234 if (ip_hdr_length > IP_MAX_HDR_LENGTH) {
2235 /* Preserves existing TX errno for this */
2236 return (EHOSTUNREACH);
2237 }
2238 } else {
2239 ip_hdr_length = ip_total_hdrs_len_v6(ipp);
2240 }
2241 ixa->ixa_ip_hdr_length = ip_hdr_length;
2242 hdrs_len = ip_hdr_length + ulp_hdr_length + extra;
2243 ASSERT(hdrs_len != 0);
2244
2245 if (hdrs_len != connp->conn_ht_iphc_allocated) {
2246 /* Allocate new before we free any old */
2247 hdrs = kmem_alloc(hdrs_len, KM_NOSLEEP);
2248 if (hdrs == NULL)
2249 return (ENOMEM);
2250
2251 if (connp->conn_ht_iphc != NULL) {
2252 kmem_free(connp->conn_ht_iphc,
2253 connp->conn_ht_iphc_allocated);
2254 }
2255 connp->conn_ht_iphc = hdrs;
2256 connp->conn_ht_iphc_allocated = hdrs_len;
2257 } else {
2258 hdrs = connp->conn_ht_iphc;
2259 }
2260 hdrs_len -= extra;
2261 connp->conn_ht_iphc_len = hdrs_len;
2262
2263 connp->conn_ht_ulp = hdrs + ip_hdr_length;
2264 connp->conn_ht_ulp_len = ulp_hdr_length;
2265
2266 if (ixa->ixa_flags & IXAF_IS_IPV4) {
2267 ipha_t *ipha = (ipha_t *)hdrs;
2268
2269 IN6_V4MAPPED_TO_IPADDR(v6src, ipha->ipha_src);
2270 IN6_V4MAPPED_TO_IPADDR(v6dst, ipha->ipha_dst);
2271 ip_build_hdrs_v4(hdrs, ip_hdr_length, ipp, connp->conn_proto);
2272 ipha->ipha_length = htons(hdrs_len);
2273 if (ixa->ixa_flags & IXAF_PMTU_IPV4_DF)
2274 ipha->ipha_fragment_offset_and_flags |= IPH_DF_HTONS;
2275 else
2276 ipha->ipha_fragment_offset_and_flags &= ~IPH_DF_HTONS;
2277
2278 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) {
2279 connp->conn_sum = cksum_massage_options_v4(ipha,
2280 connp->conn_netstack);
2281 } else {
2282 connp->conn_sum = 0;
2283 }
2284 } else {
2285 ip6_t *ip6h = (ip6_t *)hdrs;
2286
2287 ip6h->ip6_src = *v6src;
2288 ip6h->ip6_dst = *v6dst;
2289 ip_build_hdrs_v6(hdrs, ip_hdr_length, ipp, connp->conn_proto,
2290 flowinfo);
2291 ip6h->ip6_plen = htons(hdrs_len - IPV6_HDR_LEN);
2292
2293 if (ipp->ipp_fields & IPPF_RTHDR) {
2294 connp->conn_sum = cksum_massage_options_v6(ip6h,
2295 ip_hdr_length, connp->conn_netstack);
2296
2297 /*
2298 * Verify that the first hop isn't a mapped address.
2299 * Routers along the path need to do this verification
2300 * for subsequent hops.
2301 */
2302 if (IN6_IS_ADDR_V4MAPPED(&ip6h->ip6_dst))
2303 return (EADDRNOTAVAIL);
2304
2305 } else {
2306 connp->conn_sum = 0;
2307 }
2308 }
2309 return (0);
2310 }
2311
2312 /*
2313 * Prepend a header template to data_mp based on the ip_pkt_t
2314 * and the passed in source, destination and protocol.
2315 *
2316 * Returns failure if can't allocate memory, in which case data_mp is freed.
2317 * We allocate space for the transport header (ulp_hdr_len) and
2318 * indicate the offset of the ulp header by setting ixa_ip_hdr_length.
2319 *
2320 * We massage an routing option/header and return the ckecksum difference
2321 * in *sump. This is in host byte order.
2322 *
2323 * Caller needs to update conn_wroff if desired.
2324 */
2325 mblk_t *
2326 conn_prepend_hdr(ip_xmit_attr_t *ixa, const ip_pkt_t *ipp,
2327 const in6_addr_t *v6src, const in6_addr_t *v6dst,
2328 uint8_t protocol, uint32_t flowinfo, uint_t ulp_hdr_length, mblk_t *data_mp,
2329 uint_t data_length, uint_t wroff_extra, uint32_t *sump, int *errorp)
2330 {
2331 uint_t ip_hdr_length;
2332 uchar_t *hdrs;
2333 uint_t hdrs_len;
2334 mblk_t *mp;
2335
2336 if (ixa->ixa_flags & IXAF_IS_IPV4) {
2337 ip_hdr_length = ip_total_hdrs_len_v4(ipp);
2338 ASSERT(ip_hdr_length <= IP_MAX_HDR_LENGTH);
2339 } else {
2340 ip_hdr_length = ip_total_hdrs_len_v6(ipp);
2341 }
2342 hdrs_len = ip_hdr_length + ulp_hdr_length;
2343 ASSERT(hdrs_len != 0);
2344
2345 ixa->ixa_ip_hdr_length = ip_hdr_length;
2346
2347 /* Can we prepend to data_mp? */
2348 if (data_mp != NULL &&
2349 data_mp->b_rptr - data_mp->b_datap->db_base >= hdrs_len &&
2350 data_mp->b_datap->db_ref == 1) {
2351 hdrs = data_mp->b_rptr - hdrs_len;
2352 data_mp->b_rptr = hdrs;
2353 mp = data_mp;
2354 } else {
2355 mp = allocb(hdrs_len + wroff_extra, BPRI_MED);
2356 if (mp == NULL) {
2357 freemsg(data_mp);
2358 *errorp = ENOMEM;
2359 return (NULL);
2360 }
2361 mp->b_wptr = mp->b_datap->db_lim;
2362 hdrs = mp->b_rptr = mp->b_wptr - hdrs_len;
2363 mp->b_cont = data_mp;
2364 }
2365
2366 /*
2367 * Set the source in the header. ip_build_hdrs_v4/v6 will overwrite it
2368 * if PKTINFO (aka IPPF_ADDR) was set.
2369 */
2370 if (ixa->ixa_flags & IXAF_IS_IPV4) {
2371 ipha_t *ipha = (ipha_t *)hdrs;
2372
2373 ASSERT(IN6_IS_ADDR_V4MAPPED(v6dst));
2374 IN6_V4MAPPED_TO_IPADDR(v6src, ipha->ipha_src);
2375 IN6_V4MAPPED_TO_IPADDR(v6dst, ipha->ipha_dst);
2376 ip_build_hdrs_v4(hdrs, ip_hdr_length, ipp, protocol);
2377 ipha->ipha_length = htons(hdrs_len + data_length);
2378 if (ixa->ixa_flags & IXAF_PMTU_IPV4_DF)
2379 ipha->ipha_fragment_offset_and_flags |= IPH_DF_HTONS;
2380 else
2381 ipha->ipha_fragment_offset_and_flags &= ~IPH_DF_HTONS;
2382
2383 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) {
2384 *sump = cksum_massage_options_v4(ipha,
2385 ixa->ixa_ipst->ips_netstack);
2386 } else {
2387 *sump = 0;
2388 }
2389 } else {
2390 ip6_t *ip6h = (ip6_t *)hdrs;
2391
2392 ip6h->ip6_src = *v6src;
2393 ip6h->ip6_dst = *v6dst;
2394 ip_build_hdrs_v6(hdrs, ip_hdr_length, ipp, protocol, flowinfo);
2395 ip6h->ip6_plen = htons(hdrs_len + data_length - IPV6_HDR_LEN);
2396
2397 if (ipp->ipp_fields & IPPF_RTHDR) {
2398 *sump = cksum_massage_options_v6(ip6h,
2399 ip_hdr_length, ixa->ixa_ipst->ips_netstack);
2400
2401 /*
2402 * Verify that the first hop isn't a mapped address.
2403 * Routers along the path need to do this verification
2404 * for subsequent hops.
2405 */
2406 if (IN6_IS_ADDR_V4MAPPED(&ip6h->ip6_dst)) {
2407 *errorp = EADDRNOTAVAIL;
2408 freemsg(mp);
2409 return (NULL);
2410 }
2411 } else {
2412 *sump = 0;
2413 }
2414 }
2415 return (mp);
2416 }
2417
2418 /*
2419 * Massage a source route if any putting the first hop
2420 * in ipha_dst. Compute a starting value for the checksum which
2421 * takes into account that the original ipha_dst should be
2422 * included in the checksum but that IP will include the
2423 * first hop from the source route in the tcp checksum.
2424 */
2425 static uint32_t
2426 cksum_massage_options_v4(ipha_t *ipha, netstack_t *ns)
2427 {
2428 in_addr_t dst;
2429 uint32_t cksum;
2430
2431 /* Get last hop then diff against first hop */
2432 cksum = ip_massage_options(ipha, ns);
2433 cksum = (cksum & 0xFFFF) + (cksum >> 16);
2434 dst = ipha->ipha_dst;
2435 cksum -= ((dst >> 16) + (dst & 0xffff));
2436 if ((int)cksum < 0)
2437 cksum--;
2438 cksum = (cksum & 0xFFFF) + (cksum >> 16);
2439 cksum = (cksum & 0xFFFF) + (cksum >> 16);
2440 ASSERT(cksum < 0x10000);
2441 return (ntohs(cksum));
2442 }
2443
2444 static uint32_t
2445 cksum_massage_options_v6(ip6_t *ip6h, uint_t ip_hdr_len, netstack_t *ns)
2446 {
2447 uint8_t *end;
2448 ip6_rthdr_t *rth;
2449 uint32_t cksum;
2450
2451 end = (uint8_t *)ip6h + ip_hdr_len;
2452 rth = ip_find_rthdr_v6(ip6h, end);
2453 if (rth == NULL)
2454 return (0);
2455
2456 cksum = ip_massage_options_v6(ip6h, rth, ns);
2457 cksum = (cksum & 0xFFFF) + (cksum >> 16);
2458 ASSERT(cksum < 0x10000);
2459 return (ntohs(cksum));
2460 }
2461
2462 /*
2463 * ULPs that change the destination address need to call this for each
2464 * change to discard any state about a previous destination that might
2465 * have been multicast or multirt.
2466 */
2467 void
2468 ip_attr_newdst(ip_xmit_attr_t *ixa)
2469 {
2470 ixa->ixa_flags &= ~(IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM |
2471 IXAF_NO_TTL_CHANGE | IXAF_IPV6_ADD_FRAGHDR |
2472 IXAF_NO_LOOP_ZONEID_SET);
2473 }
2474
2475 /*
2476 * Determine the nexthop which will be used.
2477 * Normally this is just the destination, but if a IPv4 source route, or
2478 * IPv6 routing header, is in the ip_pkt_t then we extract the nexthop from
2479 * there.
2480 */
2481 void
2482 ip_attr_nexthop(const ip_pkt_t *ipp, const ip_xmit_attr_t *ixa,
2483 const in6_addr_t *dst, in6_addr_t *nexthop)
2484 {
2485 if (!(ipp->ipp_fields & (IPPF_IPV4_OPTIONS|IPPF_RTHDR))) {
2486 *nexthop = *dst;
2487 return;
2488 }
2489 if (ixa->ixa_flags & IXAF_IS_IPV4) {
2490 ipaddr_t v4dst;
2491 ipaddr_t v4nexthop;
2492
2493 IN6_V4MAPPED_TO_IPADDR(dst, v4dst);
2494 v4nexthop = ip_pkt_source_route_v4(ipp);
2495 if (v4nexthop == INADDR_ANY)
2496 v4nexthop = v4dst;
2497
2498 IN6_IPADDR_TO_V4MAPPED(v4nexthop, nexthop);
2499 } else {
2500 const in6_addr_t *v6nexthop;
2501
2502 v6nexthop = ip_pkt_source_route_v6(ipp);
2503 if (v6nexthop == NULL)
2504 v6nexthop = dst;
2505
2506 *nexthop = *v6nexthop;
2507 }
2508 }
2509
2510 /*
2511 * Update the ip_xmit_attr_t based the addresses, conn_xmit_ipp and conn_ixa.
2512 * If IPDF_IPSEC is set we cache the IPsec policy to handle the unconnected
2513 * case (connected latching is done in conn_connect).
2514 * Note that IPsec policy lookup requires conn_proto and conn_laddr to be
2515 * set, but doesn't otherwise use the conn_t.
2516 *
2517 * Caller must set/clear IXAF_IS_IPV4 as appropriately.
2518 * Caller must use ip_attr_nexthop() to determine the nexthop argument.
2519 *
2520 * The caller must NOT hold conn_lock (to avoid problems with ill_refrele
2521 * causing the squeue to run doing ipcl_walk grabbing conn_lock.)
2522 *
2523 * Updates laddrp and uinfo if they are non-NULL.
2524 *
2525 * TSOL notes: The callers if ip_attr_connect must check if the destination
2526 * is different than before and in that case redo conn_update_label.
2527 * The callers of conn_connect do not need that since conn_connect
2528 * performs the conn_update_label.
2529 */
2530 int
2531 ip_attr_connect(const conn_t *connp, ip_xmit_attr_t *ixa,
2532 const in6_addr_t *v6src, const in6_addr_t *v6dst,
2533 const in6_addr_t *v6nexthop, in_port_t dstport, in6_addr_t *laddrp,
2534 iulp_t *uinfo, uint32_t flags)
2535 {
2536 in6_addr_t laddr = *v6src;
2537 int error;
2538
2539 ASSERT(MUTEX_NOT_HELD(&connp->conn_lock));
2540
2541 if (connp->conn_zone_is_global)
2542 flags |= IPDF_ZONE_IS_GLOBAL;
2543 else
2544 flags &= ~IPDF_ZONE_IS_GLOBAL;
2545
2546 /*
2547 * Lookup the route to determine a source address and the uinfo.
2548 * If the ULP has a source route option then the caller will
2549 * have set v6nexthop to be the first hop.
2550 */
2551 if (ixa->ixa_flags & IXAF_IS_IPV4) {
2552 ipaddr_t v4dst;
2553 ipaddr_t v4src, v4nexthop;
2554
2555 IN6_V4MAPPED_TO_IPADDR(v6dst, v4dst);
2556 IN6_V4MAPPED_TO_IPADDR(v6nexthop, v4nexthop);
2557 IN6_V4MAPPED_TO_IPADDR(v6src, v4src);
2558
2559 if (connp->conn_unspec_src || v4src != INADDR_ANY)
2560 flags &= ~IPDF_SELECT_SRC;
2561 else
2562 flags |= IPDF_SELECT_SRC;
2563
2564 error = ip_set_destination_v4(&v4src, v4dst, v4nexthop, ixa,
2565 uinfo, flags, connp->conn_mac_mode);
2566 IN6_IPADDR_TO_V4MAPPED(v4src, &laddr);
2567 } else {
2568 if (connp->conn_unspec_src || !IN6_IS_ADDR_UNSPECIFIED(v6src))
2569 flags &= ~IPDF_SELECT_SRC;
2570 else
2571 flags |= IPDF_SELECT_SRC;
2572
2573 error = ip_set_destination_v6(&laddr, v6dst, v6nexthop, ixa,
2574 uinfo, flags, connp->conn_mac_mode);
2575 }
2576 /* Pass out some address even if we hit a RTF_REJECT etc */
2577 if (laddrp != NULL)
2578 *laddrp = laddr;
2579
2580 if (error != 0)
2581 return (error);
2582
2583 if (flags & IPDF_IPSEC) {
2584 /*
2585 * Set any IPsec policy in ixa. Routine also looks at ULP
2586 * ports.
2587 */
2588 ipsec_cache_outbound_policy(connp, v6src, v6dst, dstport, ixa);
2589 }
2590 return (0);
2591 }
2592
2593 /*
2594 * Connect the conn based on the addresses, conn_xmit_ipp and conn_ixa.
2595 * Assumes that conn_faddr and conn_fport are already set. As such it is not
2596 * usable for SCTP, since SCTP has multiple faddrs.
2597 *
2598 * Caller must hold conn_lock to provide atomic constency between the
2599 * conn_t's addresses and the ixa.
2600 * NOTE: this function drops and reaquires conn_lock since it can't be
2601 * held across ip_attr_connect/ip_set_destination.
2602 *
2603 * The caller needs to handle inserting in the receive-side fanout when
2604 * appropriate after conn_connect returns.
2605 */
2606 int
2607 conn_connect(conn_t *connp, iulp_t *uinfo, uint32_t flags)
2608 {
2609 ip_xmit_attr_t *ixa = connp->conn_ixa;
2610 in6_addr_t nexthop;
2611 in6_addr_t saddr, faddr;
2612 in_port_t fport;
2613 int error;
2614
2615 ASSERT(MUTEX_HELD(&connp->conn_lock));
2616
2617 if (connp->conn_ipversion == IPV4_VERSION)
2618 ixa->ixa_flags |= IXAF_IS_IPV4;
2619 else
2620 ixa->ixa_flags &= ~IXAF_IS_IPV4;
2621
2622 /* We do IPsec latching below - hence no caching in ip_attr_connect */
2623 flags &= ~IPDF_IPSEC;
2624
2625 /* In case we had previously done an ip_attr_connect */
2626 ip_attr_newdst(ixa);
2627
2628 /*
2629 * Determine the nexthop and copy the addresses before dropping
2630 * conn_lock.
2631 */
2632 ip_attr_nexthop(&connp->conn_xmit_ipp, connp->conn_ixa,
2633 &connp->conn_faddr_v6, &nexthop);
2634 saddr = connp->conn_saddr_v6;
2635 faddr = connp->conn_faddr_v6;
2636 fport = connp->conn_fport;
2637
2638 mutex_exit(&connp->conn_lock);
2639 error = ip_attr_connect(connp, ixa, &saddr, &faddr, &nexthop, fport,
2640 &saddr, uinfo, flags | IPDF_VERIFY_DST);
2641 mutex_enter(&connp->conn_lock);
2642
2643 /* Could have changed even if an error */
2644 connp->conn_saddr_v6 = saddr;
2645 if (error != 0)
2646 return (error);
2647
2648 /*
2649 * Check whether Trusted Solaris policy allows communication with this
2650 * host, and pretend that the destination is unreachable if not.
2651 * Compute any needed label and place it in ipp_label_v4/v6.
2652 *
2653 * Later conn_build_hdr_template() takes ipp_label_v4/v6 to form
2654 * the packet.
2655 *
2656 * TSOL Note: Any concurrent threads would pick a different ixa
2657 * (and ipp if they are to change the ipp) so we
2658 * don't have to worry about concurrent threads.
2659 */
2660 if (is_system_labeled()) {
2661 if (connp->conn_mlp_type != mlptSingle)
2662 return (ECONNREFUSED);
2663
2664 /*
2665 * conn_update_label will set ipp_label* which will later
2666 * be used by conn_build_hdr_template.
2667 */
2668 error = conn_update_label(connp, ixa,
2669 &connp->conn_faddr_v6, &connp->conn_xmit_ipp);
2670 if (error != 0)
2671 return (error);
2672 }
2673
2674 /*
2675 * Ensure that we match on the selected local address.
2676 * This overrides conn_laddr in the case we had earlier bound to a
2677 * multicast or broadcast address.
2678 */
2679 connp->conn_laddr_v6 = connp->conn_saddr_v6;
2680
2681 /*
2682 * Allow setting new policies.
2683 * The addresses/ports are already set, thus the IPsec policy calls
2684 * can handle their passed-in conn's.
2685 */
2686 connp->conn_policy_cached = B_FALSE;
2687
2688 /*
2689 * Cache IPsec policy in this conn. If we have per-socket policy,
2690 * we'll cache that. If we don't, we'll inherit global policy.
2691 *
2692 * This is done before the caller inserts in the receive-side fanout.
2693 * Note that conn_policy_cached is set by ipsec_conn_cache_policy() even
2694 * for connections where we don't have a policy. This is to prevent
2695 * global policy lookups in the inbound path.
2696 *
2697 * If we insert before we set conn_policy_cached,
2698 * CONN_INBOUND_POLICY_PRESENT() check can still evaluate true
2699 * because global policy cound be non-empty. We normally call
2700 * ipsec_check_policy() for conn_policy_cached connections only if
2701 * conn_in_enforce_policy is set. But in this case,
2702 * conn_policy_cached can get set anytime since we made the
2703 * CONN_INBOUND_POLICY_PRESENT() check and ipsec_check_policy() is
2704 * called, which will make the above assumption false. Thus, we
2705 * need to insert after we set conn_policy_cached.
2706 */
2707 error = ipsec_conn_cache_policy(connp,
2708 connp->conn_ipversion == IPV4_VERSION);
2709 if (error != 0)
2710 return (error);
2711
2712 /*
2713 * We defer to do LSO check until here since now we have better idea
2714 * whether IPsec is present. If the underlying ill is LSO capable,
2715 * copy its capability in so the ULP can decide whether to enable LSO
2716 * on this connection. So far, only TCP/IPv4 is implemented, so won't
2717 * claim LSO for IPv6.
2718 *
2719 * Currently, won't enable LSO for IRE_LOOPBACK or IRE_LOCAL, because
2720 * the receiver can not handle it. Also not to enable LSO for MULTIRT.
2721 */
2722 ixa->ixa_flags &= ~IXAF_LSO_CAPAB;
2723
2724 ASSERT(ixa->ixa_ire != NULL);
2725 if (ixa->ixa_ipst->ips_ip_lso_outbound && (flags & IPDF_LSO) &&
2726 !(ixa->ixa_flags & IXAF_IPSEC_SECURE) &&
2727 !(ixa->ixa_ire->ire_type & (IRE_LOCAL | IRE_LOOPBACK)) &&
2728 !(ixa->ixa_ire->ire_flags & RTF_MULTIRT) &&
2729 (ixa->ixa_nce != NULL) &&
2730 ((ixa->ixa_flags & IXAF_IS_IPV4) ?
2731 ILL_LSO_TCP_IPV4_USABLE(ixa->ixa_nce->nce_ill) :
2732 ILL_LSO_TCP_IPV6_USABLE(ixa->ixa_nce->nce_ill))) {
2733 ixa->ixa_lso_capab = *ixa->ixa_nce->nce_ill->ill_lso_capab;
2734 ixa->ixa_flags |= IXAF_LSO_CAPAB;
2735 }
2736
2737 /* Check whether ZEROCOPY capability is usable for this connection. */
2738 ixa->ixa_flags &= ~IXAF_ZCOPY_CAPAB;
2739
2740 if ((flags & IPDF_ZCOPY) &&
2741 !(ixa->ixa_flags & IXAF_IPSEC_SECURE) &&
2742 !(ixa->ixa_ire->ire_type & (IRE_LOCAL | IRE_LOOPBACK)) &&
2743 !(ixa->ixa_ire->ire_flags & RTF_MULTIRT) &&
2744 (ixa->ixa_nce != NULL) &&
2745 ILL_ZCOPY_USABLE(ixa->ixa_nce->nce_ill)) {
2746 ixa->ixa_flags |= IXAF_ZCOPY_CAPAB;
2747 }
2748 return (0);
2749 }
2750
2751 /*
2752 * Predicates to check if the addresses match conn_last*
2753 */
2754
2755 /*
2756 * Compare the conn against an address.
2757 * If using mapped addresses on AF_INET6 sockets, use the _v6 function
2758 */
2759 boolean_t
2760 conn_same_as_last_v4(conn_t *connp, sin_t *sin)
2761 {
2762 ASSERT(connp->conn_family == AF_INET);
2763 return (sin->sin_addr.s_addr == connp->conn_v4lastdst &&
2764 sin->sin_port == connp->conn_lastdstport);
2765 }
2766
2767 /*
2768 * Compare, including for mapped addresses
2769 */
2770 boolean_t
2771 conn_same_as_last_v6(conn_t *connp, sin6_t *sin6)
2772 {
2773 return (IN6_ARE_ADDR_EQUAL(&connp->conn_v6lastdst, &sin6->sin6_addr) &&
2774 sin6->sin6_port == connp->conn_lastdstport &&
2775 sin6->sin6_flowinfo == connp->conn_lastflowinfo &&
2776 sin6->sin6_scope_id == connp->conn_lastscopeid);
2777 }
2778
2779 /*
2780 * Compute a label and place it in the ip_packet_t.
2781 * Handles IPv4 and IPv6.
2782 * The caller should have a correct ixa_tsl and ixa_zoneid and have
2783 * already called conn_connect or ip_attr_connect to ensure that tsol_check_dest
2784 * has been called.
2785 */
2786 int
2787 conn_update_label(const conn_t *connp, const ip_xmit_attr_t *ixa,
2788 const in6_addr_t *v6dst, ip_pkt_t *ipp)
2789 {
2790 int err;
2791 ipaddr_t v4dst;
2792
2793 if (IN6_IS_ADDR_V4MAPPED(v6dst)) {
2794 uchar_t opt_storage[IP_MAX_OPT_LENGTH];
2795
2796 IN6_V4MAPPED_TO_IPADDR(v6dst, v4dst);
2797
2798 err = tsol_compute_label_v4(ixa->ixa_tsl, ixa->ixa_zoneid,
2799 v4dst, opt_storage, ixa->ixa_ipst);
2800 if (err == 0) {
2801 /* Length contained in opt_storage[IPOPT_OLEN] */
2802 err = optcom_pkt_set(opt_storage,
2803 opt_storage[IPOPT_OLEN],
2804 (uchar_t **)&ipp->ipp_label_v4,
2805 &ipp->ipp_label_len_v4);
2806 }
2807 if (err != 0) {
2808 DTRACE_PROBE4(tx__ip__log__info__updatelabel,
2809 char *, "conn(1) failed to update options(2) "
2810 "on ixa(3)",
2811 conn_t *, connp, char *, opt_storage,
2812 ip_xmit_attr_t *, ixa);
2813 }
2814 if (ipp->ipp_label_len_v4 != 0)
2815 ipp->ipp_fields |= IPPF_LABEL_V4;
2816 else
2817 ipp->ipp_fields &= ~IPPF_LABEL_V4;
2818 } else {
2819 uchar_t opt_storage[TSOL_MAX_IPV6_OPTION];
2820 uint_t optlen;
2821
2822 err = tsol_compute_label_v6(ixa->ixa_tsl, ixa->ixa_zoneid,
2823 v6dst, opt_storage, ixa->ixa_ipst);
2824 if (err == 0) {
2825 /*
2826 * Note that ipp_label_v6 is just the option - not
2827 * the hopopts extension header.
2828 *
2829 * Length contained in opt_storage[IPOPT_OLEN], but
2830 * that doesn't include the two byte options header.
2831 */
2832 optlen = opt_storage[IPOPT_OLEN];
2833 if (optlen != 0)
2834 optlen += 2;
2835
2836 err = optcom_pkt_set(opt_storage, optlen,
2837 (uchar_t **)&ipp->ipp_label_v6,
2838 &ipp->ipp_label_len_v6);
2839 }
2840 if (err != 0) {
2841 DTRACE_PROBE4(tx__ip__log__info__updatelabel,
2842 char *, "conn(1) failed to update options(2) "
2843 "on ixa(3)",
2844 conn_t *, connp, char *, opt_storage,
2845 ip_xmit_attr_t *, ixa);
2846 }
2847 if (ipp->ipp_label_len_v6 != 0)
2848 ipp->ipp_fields |= IPPF_LABEL_V6;
2849 else
2850 ipp->ipp_fields &= ~IPPF_LABEL_V6;
2851 }
2852 return (err);
2853 }
2854
2855 /*
2856 * Inherit all options settings from the parent/listener to the eager.
2857 * Returns zero on success; ENOMEM if memory allocation failed.
2858 *
2859 * We assume that the eager has not had any work done i.e., the conn_ixa
2860 * and conn_xmit_ipp are all zero.
2861 * Furthermore we assume that no other thread can access the eager (because
2862 * it isn't inserted in any fanout list).
2863 */
2864 int
2865 conn_inherit_parent(conn_t *lconnp, conn_t *econnp)
2866 {
2867 cred_t *credp;
2868 int err;
2869 void *notify_cookie;
2870 uint32_t xmit_hint;
2871
2872 econnp->conn_family = lconnp->conn_family;
2873 econnp->conn_ipv6_v6only = lconnp->conn_ipv6_v6only;
2874 econnp->conn_wq = lconnp->conn_wq;
2875 econnp->conn_rq = lconnp->conn_rq;
2876
2877 /*
2878 * Make a safe copy of the transmit attributes.
2879 * conn_connect will later be used by the caller to setup the ire etc.
2880 */
2881 ASSERT(econnp->conn_ixa->ixa_refcnt == 1);
2882 ASSERT(econnp->conn_ixa->ixa_ire == NULL);
2883 ASSERT(econnp->conn_ixa->ixa_dce == NULL);
2884 ASSERT(econnp->conn_ixa->ixa_nce == NULL);
2885
2886 /* Preserve ixa_notify_cookie and xmit_hint */
2887 notify_cookie = econnp->conn_ixa->ixa_notify_cookie;
2888 xmit_hint = econnp->conn_ixa->ixa_xmit_hint;
2889 ixa_safe_copy(lconnp->conn_ixa, econnp->conn_ixa);
2890 econnp->conn_ixa->ixa_notify_cookie = notify_cookie;
2891 econnp->conn_ixa->ixa_xmit_hint = xmit_hint;
2892
2893 econnp->conn_bound_if = lconnp->conn_bound_if;
2894 econnp->conn_incoming_ifindex = lconnp->conn_incoming_ifindex;
2895
2896 /* Inherit all RECV options */
2897 econnp->conn_recv_ancillary = lconnp->conn_recv_ancillary;
2898
2899 err = ip_pkt_copy(&lconnp->conn_xmit_ipp, &econnp->conn_xmit_ipp,
2900 KM_NOSLEEP);
2901 if (err != 0)
2902 return (err);
2903
2904 econnp->conn_zoneid = lconnp->conn_zoneid;
2905 econnp->conn_allzones = lconnp->conn_allzones;
2906
2907 /* This is odd. Pick a flowlabel for each connection instead? */
2908 econnp->conn_flowinfo = lconnp->conn_flowinfo;
2909
2910 econnp->conn_default_ttl = lconnp->conn_default_ttl;
2911
2912 /*
2913 * TSOL: tsol_input_proc() needs the eager's cred before the
2914 * eager is accepted
2915 */
2916 ASSERT(lconnp->conn_cred != NULL);
2917 econnp->conn_cred = credp = lconnp->conn_cred;
2918 crhold(credp);
2919 econnp->conn_cpid = lconnp->conn_cpid;
2920 econnp->conn_open_time = ddi_get_lbolt64();
2921
2922 /*
2923 * Cache things in the ixa without any refhold.
2924 * Listener might not have set up ixa_cred
2925 */
2926 ASSERT(!(econnp->conn_ixa->ixa_free_flags & IXA_FREE_CRED));
2927 econnp->conn_ixa->ixa_cred = econnp->conn_cred;
2928 econnp->conn_ixa->ixa_cpid = econnp->conn_cpid;
2929 if (is_system_labeled())
2930 econnp->conn_ixa->ixa_tsl = crgetlabel(econnp->conn_cred);
2931
2932 /*
2933 * If the caller has the process-wide flag set, then default to MAC
2934 * exempt mode. This allows read-down to unlabeled hosts.
2935 */
2936 if (getpflags(NET_MAC_AWARE, credp) != 0)
2937 econnp->conn_mac_mode = CONN_MAC_AWARE;
2938
2939 econnp->conn_zone_is_global = lconnp->conn_zone_is_global;
2940
2941 /*
2942 * We eliminate the need for sockfs to send down a T_SVR4_OPTMGMT_REQ
2943 * via soaccept()->soinheritoptions() which essentially applies
2944 * all the listener options to the new connection. The options that we
2945 * need to take care of are:
2946 * SO_DEBUG, SO_REUSEADDR, SO_KEEPALIVE, SO_DONTROUTE, SO_BROADCAST,
2947 * SO_USELOOPBACK, SO_OOBINLINE, SO_DGRAM_ERRIND, SO_LINGER,
2948 * SO_SNDBUF, SO_RCVBUF.
2949 *
2950 * SO_RCVBUF: conn_rcvbuf is set.
2951 * SO_SNDBUF: conn_sndbuf is set.
2952 */
2953
2954 /* Could we define a struct and use a struct copy for this? */
2955 econnp->conn_sndbuf = lconnp->conn_sndbuf;
2956 econnp->conn_rcvbuf = lconnp->conn_rcvbuf;
2957 econnp->conn_sndlowat = lconnp->conn_sndlowat;
2958 econnp->conn_rcvlowat = lconnp->conn_rcvlowat;
2959 econnp->conn_dgram_errind = lconnp->conn_dgram_errind;
2960 econnp->conn_oobinline = lconnp->conn_oobinline;
2961 econnp->conn_debug = lconnp->conn_debug;
2962 econnp->conn_keepalive = lconnp->conn_keepalive;
2963 econnp->conn_linger = lconnp->conn_linger;
2964 econnp->conn_lingertime = lconnp->conn_lingertime;
2965
2966 /* Set the IP options */
2967 econnp->conn_broadcast = lconnp->conn_broadcast;
2968 econnp->conn_useloopback = lconnp->conn_useloopback;
2969 econnp->conn_reuseaddr = lconnp->conn_reuseaddr;
2970 return (0);
2971 }