1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
  23  */
  24 
  25 /*
  26  * IP PACKET CLASSIFIER
  27  *
  28  * The IP packet classifier provides mapping between IP packets and persistent
  29  * connection state for connection-oriented protocols. It also provides
  30  * interface for managing connection states.
  31  *
  32  * The connection state is kept in conn_t data structure and contains, among
  33  * other things:
  34  *
  35  *      o local/remote address and ports
  36  *      o Transport protocol
  37  *      o squeue for the connection (for TCP only)
  38  *      o reference counter
  39  *      o Connection state
  40  *      o hash table linkage
  41  *      o interface/ire information
  42  *      o credentials
  43  *      o ipsec policy
  44  *      o send and receive functions.
  45  *      o mutex lock.
  46  *
  47  * Connections use a reference counting scheme. They are freed when the
  48  * reference counter drops to zero. A reference is incremented when connection
  49  * is placed in a list or table, when incoming packet for the connection arrives
  50  * and when connection is processed via squeue (squeue processing may be
  51  * asynchronous and the reference protects the connection from being destroyed
  52  * before its processing is finished).
  53  *
  54  * conn_recv is used to pass up packets to the ULP.
  55  * For TCP conn_recv changes. It is tcp_input_listener_unbound initially for
  56  * a listener, and changes to tcp_input_listener as the listener has picked a
  57  * good squeue. For other cases it is set to tcp_input_data.
  58  *
  59  * conn_recvicmp is used to pass up ICMP errors to the ULP.
  60  *
  61  * Classifier uses several hash tables:
  62  *
  63  *      ipcl_conn_fanout:       contains all TCP connections in CONNECTED state
  64  *      ipcl_bind_fanout:       contains all connections in BOUND state
  65  *      ipcl_proto_fanout:      IPv4 protocol fanout
  66  *      ipcl_proto_fanout_v6:   IPv6 protocol fanout
  67  *      ipcl_udp_fanout:        contains all UDP connections
  68  *      ipcl_iptun_fanout:      contains all IP tunnel connections
  69  *      ipcl_globalhash_fanout: contains all connections
  70  *
  71  * The ipcl_globalhash_fanout is used for any walkers (like snmp and Clustering)
  72  * which need to view all existing connections.
  73  *
  74  * All tables are protected by per-bucket locks. When both per-bucket lock and
  75  * connection lock need to be held, the per-bucket lock should be acquired
  76  * first, followed by the connection lock.
  77  *
  78  * All functions doing search in one of these tables increment a reference
  79  * counter on the connection found (if any). This reference should be dropped
  80  * when the caller has finished processing the connection.
  81  *
  82  *
  83  * INTERFACES:
  84  * ===========
  85  *
  86  * Connection Lookup:
  87  * ------------------
  88  *
  89  * conn_t *ipcl_classify_v4(mp, protocol, hdr_len, ira, ip_stack)
  90  * conn_t *ipcl_classify_v6(mp, protocol, hdr_len, ira, ip_stack)
  91  *
  92  * Finds connection for an incoming IPv4 or IPv6 packet. Returns NULL if
  93  * it can't find any associated connection. If the connection is found, its
  94  * reference counter is incremented.
  95  *
  96  *      mp:     mblock, containing packet header. The full header should fit
  97  *              into a single mblock. It should also contain at least full IP
  98  *              and TCP or UDP header.
  99  *
 100  *      protocol: Either IPPROTO_TCP or IPPROTO_UDP.
 101  *
 102  *      hdr_len: The size of IP header. It is used to find TCP or UDP header in
 103  *               the packet.
 104  *
 105  *      ira->ira_zoneid: The zone in which the returned connection must be; the
 106  *              zoneid corresponding to the ire_zoneid on the IRE located for
 107  *              the packet's destination address.
 108  *
 109  *      ira->ira_flags: Contains the IRAF_TX_MAC_EXEMPTABLE and
 110  *              IRAF_TX_SHARED_ADDR flags
 111  *
 112  *      For TCP connections, the lookup order is as follows:
 113  *              5-tuple {src, dst, protocol, local port, remote port}
 114  *                      lookup in ipcl_conn_fanout table.
 115  *              3-tuple {dst, remote port, protocol} lookup in
 116  *                      ipcl_bind_fanout table.
 117  *
 118  *      For UDP connections, a 5-tuple {src, dst, protocol, local port,
 119  *      remote port} lookup is done on ipcl_udp_fanout. Note that,
 120  *      these interfaces do not handle cases where a packets belongs
 121  *      to multiple UDP clients, which is handled in IP itself.
 122  *
 123  * If the destination IRE is ALL_ZONES (indicated by zoneid), then we must
 124  * determine which actual zone gets the segment.  This is used only in a
 125  * labeled environment.  The matching rules are:
 126  *
 127  *      - If it's not a multilevel port, then the label on the packet selects
 128  *        the zone.  Unlabeled packets are delivered to the global zone.
 129  *
 130  *      - If it's a multilevel port, then only the zone registered to receive
 131  *        packets on that port matches.
 132  *
 133  * Also, in a labeled environment, packet labels need to be checked.  For fully
 134  * bound TCP connections, we can assume that the packet label was checked
 135  * during connection establishment, and doesn't need to be checked on each
 136  * packet.  For others, though, we need to check for strict equality or, for
 137  * multilevel ports, membership in the range or set.  This part currently does
 138  * a tnrh lookup on each packet, but could be optimized to use cached results
 139  * if that were necessary.  (SCTP doesn't come through here, but if it did,
 140  * we would apply the same rules as TCP.)
 141  *
 142  * An implication of the above is that fully-bound TCP sockets must always use
 143  * distinct 4-tuples; they can't be discriminated by label alone.
 144  *
 145  * Note that we cannot trust labels on packets sent to fully-bound UDP sockets,
 146  * as there's no connection set-up handshake and no shared state.
 147  *
 148  * Labels on looped-back packets within a single zone do not need to be
 149  * checked, as all processes in the same zone have the same label.
 150  *
 151  * Finally, for unlabeled packets received by a labeled system, special rules
 152  * apply.  We consider only the MLP if there is one.  Otherwise, we prefer a
 153  * socket in the zone whose label matches the default label of the sender, if
 154  * any.  In any event, the receiving socket must have SO_MAC_EXEMPT set and the
 155  * receiver's label must dominate the sender's default label.
 156  *
 157  * conn_t *ipcl_tcp_lookup_reversed_ipv4(ipha_t *, tcpha_t *, int, ip_stack);
 158  * conn_t *ipcl_tcp_lookup_reversed_ipv6(ip6_t *, tcpha_t *, int, uint_t,
 159  *                                       ip_stack);
 160  *
 161  *      Lookup routine to find a exact match for {src, dst, local port,
 162  *      remote port) for TCP connections in ipcl_conn_fanout. The address and
 163  *      ports are read from the IP and TCP header respectively.
 164  *
 165  * conn_t       *ipcl_lookup_listener_v4(lport, laddr, protocol,
 166  *                                       zoneid, ip_stack);
 167  * conn_t       *ipcl_lookup_listener_v6(lport, laddr, protocol, ifindex,
 168  *                                       zoneid, ip_stack);
 169  *
 170  *      Lookup routine to find a listener with the tuple {lport, laddr,
 171  *      protocol} in the ipcl_bind_fanout table. For IPv6, an additional
 172  *      parameter interface index is also compared.
 173  *
 174  * void ipcl_walk(func, arg, ip_stack)
 175  *
 176  *      Apply 'func' to every connection available. The 'func' is called as
 177  *      (*func)(connp, arg). The walk is non-atomic so connections may be
 178  *      created and destroyed during the walk. The CONN_CONDEMNED and
 179  *      CONN_INCIPIENT flags ensure that connections which are newly created
 180  *      or being destroyed are not selected by the walker.
 181  *
 182  * Table Updates
 183  * -------------
 184  *
 185  * int ipcl_conn_insert(connp);
 186  * int ipcl_conn_insert_v4(connp);
 187  * int ipcl_conn_insert_v6(connp);
 188  *
 189  *      Insert 'connp' in the ipcl_conn_fanout.
 190  *      Arguements :
 191  *              connp           conn_t to be inserted
 192  *
 193  *      Return value :
 194  *              0               if connp was inserted
 195  *              EADDRINUSE      if the connection with the same tuple
 196  *                              already exists.
 197  *
 198  * int ipcl_bind_insert(connp);
 199  * int ipcl_bind_insert_v4(connp);
 200  * int ipcl_bind_insert_v6(connp);
 201  *
 202  *      Insert 'connp' in ipcl_bind_fanout.
 203  *      Arguements :
 204  *              connp           conn_t to be inserted
 205  *
 206  *
 207  * void ipcl_hash_remove(connp);
 208  *
 209  *      Removes the 'connp' from the connection fanout table.
 210  *
 211  * Connection Creation/Destruction
 212  * -------------------------------
 213  *
 214  * conn_t *ipcl_conn_create(type, sleep, netstack_t *)
 215  *
 216  *      Creates a new conn based on the type flag, inserts it into
 217  *      globalhash table.
 218  *
 219  *      type:   This flag determines the type of conn_t which needs to be
 220  *              created i.e., which kmem_cache it comes from.
 221  *              IPCL_TCPCONN    indicates a TCP connection
 222  *              IPCL_SCTPCONN   indicates a SCTP connection
 223  *              IPCL_UDPCONN    indicates a UDP conn_t.
 224  *              IPCL_RAWIPCONN  indicates a RAWIP/ICMP conn_t.
 225  *              IPCL_RTSCONN    indicates a RTS conn_t.
 226  *              IPCL_IPCCONN    indicates all other connections.
 227  *
 228  * void ipcl_conn_destroy(connp)
 229  *
 230  *      Destroys the connection state, removes it from the global
 231  *      connection hash table and frees its memory.
 232  */
 233 
 234 #include <sys/types.h>
 235 #include <sys/stream.h>
 236 #include <sys/stropts.h>
 237 #include <sys/sysmacros.h>
 238 #include <sys/strsubr.h>
 239 #include <sys/strsun.h>
 240 #define _SUN_TPI_VERSION 2
 241 #include <sys/ddi.h>
 242 #include <sys/cmn_err.h>
 243 #include <sys/debug.h>
 244 
 245 #include <sys/systm.h>
 246 #include <sys/param.h>
 247 #include <sys/kmem.h>
 248 #include <sys/isa_defs.h>
 249 #include <inet/common.h>
 250 #include <netinet/ip6.h>
 251 #include <netinet/icmp6.h>
 252 
 253 #include <inet/ip.h>
 254 #include <inet/ip_if.h>
 255 #include <inet/ip_ire.h>
 256 #include <inet/ip6.h>
 257 #include <inet/ip_ndp.h>
 258 #include <inet/ip_impl.h>
 259 #include <inet/udp_impl.h>
 260 #include <inet/sctp_ip.h>
 261 #include <inet/sctp/sctp_impl.h>
 262 #include <inet/rawip_impl.h>
 263 #include <inet/rts_impl.h>
 264 #include <inet/iptun/iptun_impl.h>
 265 
 266 #include <sys/cpuvar.h>
 267 
 268 #include <inet/ipclassifier.h>
 269 #include <inet/tcp.h>
 270 #include <inet/ipsec_impl.h>
 271 
 272 #include <sys/tsol/tnet.h>
 273 #include <sys/sockio.h>
 274 
 275 /* Old value for compatibility. Setable in /etc/system */
 276 uint_t tcp_conn_hash_size = 0;
 277 
 278 /* New value. Zero means choose automatically.  Setable in /etc/system */
 279 uint_t ipcl_conn_hash_size = 0;
 280 uint_t ipcl_conn_hash_memfactor = 8192;
 281 uint_t ipcl_conn_hash_maxsize = 82500;
 282 
 283 /* bind/udp fanout table size */
 284 uint_t ipcl_bind_fanout_size = 512;
 285 uint_t ipcl_udp_fanout_size = 16384;
 286 
 287 /* Raw socket fanout size.  Must be a power of 2. */
 288 uint_t ipcl_raw_fanout_size = 256;
 289 
 290 /*
 291  * The IPCL_IPTUN_HASH() function works best with a prime table size.  We
 292  * expect that most large deployments would have hundreds of tunnels, and
 293  * thousands in the extreme case.
 294  */
 295 uint_t ipcl_iptun_fanout_size = 6143;
 296 
 297 /*
 298  * Power of 2^N Primes useful for hashing for N of 0-28,
 299  * these primes are the nearest prime <= 2^N - 2^(N-2).
 300  */
 301 
 302 #define P2Ps() {0, 0, 0, 5, 11, 23, 47, 89, 191, 383, 761, 1531, 3067,  \
 303                 6143, 12281, 24571, 49139, 98299, 196597, 393209,       \
 304                 786431, 1572853, 3145721, 6291449, 12582893, 25165813,  \
 305                 50331599, 100663291, 201326557, 0}
 306 
 307 /*
 308  * wrapper structure to ensure that conn and what follows it (tcp_t, etc)
 309  * are aligned on cache lines.
 310  */
 311 typedef union itc_s {
 312         conn_t  itc_conn;
 313         char    itcu_filler[CACHE_ALIGN(conn_s)];
 314 } itc_t;
 315 
 316 struct kmem_cache  *tcp_conn_cache;
 317 struct kmem_cache  *ip_conn_cache;
 318 extern struct kmem_cache  *sctp_conn_cache;
 319 struct kmem_cache  *udp_conn_cache;
 320 struct kmem_cache  *rawip_conn_cache;
 321 struct kmem_cache  *rts_conn_cache;
 322 
 323 extern void     tcp_timermp_free(tcp_t *);
 324 extern mblk_t   *tcp_timermp_alloc(int);
 325 
 326 static int      ip_conn_constructor(void *, void *, int);
 327 static void     ip_conn_destructor(void *, void *);
 328 
 329 static int      tcp_conn_constructor(void *, void *, int);
 330 static void     tcp_conn_destructor(void *, void *);
 331 
 332 static int      udp_conn_constructor(void *, void *, int);
 333 static void     udp_conn_destructor(void *, void *);
 334 
 335 static int      rawip_conn_constructor(void *, void *, int);
 336 static void     rawip_conn_destructor(void *, void *);
 337 
 338 static int      rts_conn_constructor(void *, void *, int);
 339 static void     rts_conn_destructor(void *, void *);
 340 
 341 /*
 342  * Global (for all stack instances) init routine
 343  */
 344 void
 345 ipcl_g_init(void)
 346 {
 347         ip_conn_cache = kmem_cache_create("ip_conn_cache",
 348             sizeof (conn_t), CACHE_ALIGN_SIZE,
 349             ip_conn_constructor, ip_conn_destructor,
 350             NULL, NULL, NULL, 0);
 351 
 352         tcp_conn_cache = kmem_cache_create("tcp_conn_cache",
 353             sizeof (itc_t) + sizeof (tcp_t), CACHE_ALIGN_SIZE,
 354             tcp_conn_constructor, tcp_conn_destructor,
 355             tcp_conn_reclaim, NULL, NULL, 0);
 356 
 357         udp_conn_cache = kmem_cache_create("udp_conn_cache",
 358             sizeof (itc_t) + sizeof (udp_t), CACHE_ALIGN_SIZE,
 359             udp_conn_constructor, udp_conn_destructor,
 360             NULL, NULL, NULL, 0);
 361 
 362         rawip_conn_cache = kmem_cache_create("rawip_conn_cache",
 363             sizeof (itc_t) + sizeof (icmp_t), CACHE_ALIGN_SIZE,
 364             rawip_conn_constructor, rawip_conn_destructor,
 365             NULL, NULL, NULL, 0);
 366 
 367         rts_conn_cache = kmem_cache_create("rts_conn_cache",
 368             sizeof (itc_t) + sizeof (rts_t), CACHE_ALIGN_SIZE,
 369             rts_conn_constructor, rts_conn_destructor,
 370             NULL, NULL, NULL, 0);
 371 }
 372 
 373 /*
 374  * ipclassifier intialization routine, sets up hash tables.
 375  */
 376 void
 377 ipcl_init(ip_stack_t *ipst)
 378 {
 379         int i;
 380         int sizes[] = P2Ps();
 381 
 382         /*
 383          * Calculate size of conn fanout table from /etc/system settings
 384          */
 385         if (ipcl_conn_hash_size != 0) {
 386                 ipst->ips_ipcl_conn_fanout_size = ipcl_conn_hash_size;
 387         } else if (tcp_conn_hash_size != 0) {
 388                 ipst->ips_ipcl_conn_fanout_size = tcp_conn_hash_size;
 389         } else {
 390                 extern pgcnt_t freemem;
 391 
 392                 ipst->ips_ipcl_conn_fanout_size =
 393                     (freemem * PAGESIZE) / ipcl_conn_hash_memfactor;
 394 
 395                 if (ipst->ips_ipcl_conn_fanout_size > ipcl_conn_hash_maxsize) {
 396                         ipst->ips_ipcl_conn_fanout_size =
 397                             ipcl_conn_hash_maxsize;
 398                 }
 399         }
 400 
 401         for (i = 9; i < sizeof (sizes) / sizeof (*sizes) - 1; i++) {
 402                 if (sizes[i] >= ipst->ips_ipcl_conn_fanout_size) {
 403                         break;
 404                 }
 405         }
 406         if ((ipst->ips_ipcl_conn_fanout_size = sizes[i]) == 0) {
 407                 /* Out of range, use the 2^16 value */
 408                 ipst->ips_ipcl_conn_fanout_size = sizes[16];
 409         }
 410 
 411         /* Take values from /etc/system */
 412         ipst->ips_ipcl_bind_fanout_size = ipcl_bind_fanout_size;
 413         ipst->ips_ipcl_udp_fanout_size = ipcl_udp_fanout_size;
 414         ipst->ips_ipcl_raw_fanout_size = ipcl_raw_fanout_size;
 415         ipst->ips_ipcl_iptun_fanout_size = ipcl_iptun_fanout_size;
 416 
 417         ASSERT(ipst->ips_ipcl_conn_fanout == NULL);
 418 
 419         ipst->ips_ipcl_conn_fanout = kmem_zalloc(
 420             ipst->ips_ipcl_conn_fanout_size * sizeof (connf_t), KM_SLEEP);
 421 
 422         for (i = 0; i < ipst->ips_ipcl_conn_fanout_size; i++) {
 423                 mutex_init(&ipst->ips_ipcl_conn_fanout[i].connf_lock, NULL,
 424                     MUTEX_DEFAULT, NULL);
 425         }
 426 
 427         ipst->ips_ipcl_bind_fanout = kmem_zalloc(
 428             ipst->ips_ipcl_bind_fanout_size * sizeof (connf_t), KM_SLEEP);
 429 
 430         for (i = 0; i < ipst->ips_ipcl_bind_fanout_size; i++) {
 431                 mutex_init(&ipst->ips_ipcl_bind_fanout[i].connf_lock, NULL,
 432                     MUTEX_DEFAULT, NULL);
 433         }
 434 
 435         ipst->ips_ipcl_proto_fanout_v4 = kmem_zalloc(IPPROTO_MAX *
 436             sizeof (connf_t), KM_SLEEP);
 437         for (i = 0; i < IPPROTO_MAX; i++) {
 438                 mutex_init(&ipst->ips_ipcl_proto_fanout_v4[i].connf_lock, NULL,
 439                     MUTEX_DEFAULT, NULL);
 440         }
 441 
 442         ipst->ips_ipcl_proto_fanout_v6 = kmem_zalloc(IPPROTO_MAX *
 443             sizeof (connf_t), KM_SLEEP);
 444         for (i = 0; i < IPPROTO_MAX; i++) {
 445                 mutex_init(&ipst->ips_ipcl_proto_fanout_v6[i].connf_lock, NULL,
 446                     MUTEX_DEFAULT, NULL);
 447         }
 448 
 449         ipst->ips_rts_clients = kmem_zalloc(sizeof (connf_t), KM_SLEEP);
 450         mutex_init(&ipst->ips_rts_clients->connf_lock,
 451             NULL, MUTEX_DEFAULT, NULL);
 452 
 453         ipst->ips_ipcl_udp_fanout = kmem_zalloc(
 454             ipst->ips_ipcl_udp_fanout_size * sizeof (connf_t), KM_SLEEP);
 455         for (i = 0; i < ipst->ips_ipcl_udp_fanout_size; i++) {
 456                 mutex_init(&ipst->ips_ipcl_udp_fanout[i].connf_lock, NULL,
 457                     MUTEX_DEFAULT, NULL);
 458         }
 459 
 460         ipst->ips_ipcl_iptun_fanout = kmem_zalloc(
 461             ipst->ips_ipcl_iptun_fanout_size * sizeof (connf_t), KM_SLEEP);
 462         for (i = 0; i < ipst->ips_ipcl_iptun_fanout_size; i++) {
 463                 mutex_init(&ipst->ips_ipcl_iptun_fanout[i].connf_lock, NULL,
 464                     MUTEX_DEFAULT, NULL);
 465         }
 466 
 467         ipst->ips_ipcl_raw_fanout = kmem_zalloc(
 468             ipst->ips_ipcl_raw_fanout_size * sizeof (connf_t), KM_SLEEP);
 469         for (i = 0; i < ipst->ips_ipcl_raw_fanout_size; i++) {
 470                 mutex_init(&ipst->ips_ipcl_raw_fanout[i].connf_lock, NULL,
 471                     MUTEX_DEFAULT, NULL);
 472         }
 473 
 474         ipst->ips_ipcl_globalhash_fanout = kmem_zalloc(
 475             sizeof (connf_t) * CONN_G_HASH_SIZE, KM_SLEEP);
 476         for (i = 0; i < CONN_G_HASH_SIZE; i++) {
 477                 mutex_init(&ipst->ips_ipcl_globalhash_fanout[i].connf_lock,
 478                     NULL, MUTEX_DEFAULT, NULL);
 479         }
 480 }
 481 
 482 void
 483 ipcl_g_destroy(void)
 484 {
 485         kmem_cache_destroy(ip_conn_cache);
 486         kmem_cache_destroy(tcp_conn_cache);
 487         kmem_cache_destroy(udp_conn_cache);
 488         kmem_cache_destroy(rawip_conn_cache);
 489         kmem_cache_destroy(rts_conn_cache);
 490 }
 491 
 492 /*
 493  * All user-level and kernel use of the stack must be gone
 494  * by now.
 495  */
 496 void
 497 ipcl_destroy(ip_stack_t *ipst)
 498 {
 499         int i;
 500 
 501         for (i = 0; i < ipst->ips_ipcl_conn_fanout_size; i++) {
 502                 ASSERT(ipst->ips_ipcl_conn_fanout[i].connf_head == NULL);
 503                 mutex_destroy(&ipst->ips_ipcl_conn_fanout[i].connf_lock);
 504         }
 505         kmem_free(ipst->ips_ipcl_conn_fanout, ipst->ips_ipcl_conn_fanout_size *
 506             sizeof (connf_t));
 507         ipst->ips_ipcl_conn_fanout = NULL;
 508 
 509         for (i = 0; i < ipst->ips_ipcl_bind_fanout_size; i++) {
 510                 ASSERT(ipst->ips_ipcl_bind_fanout[i].connf_head == NULL);
 511                 mutex_destroy(&ipst->ips_ipcl_bind_fanout[i].connf_lock);
 512         }
 513         kmem_free(ipst->ips_ipcl_bind_fanout, ipst->ips_ipcl_bind_fanout_size *
 514             sizeof (connf_t));
 515         ipst->ips_ipcl_bind_fanout = NULL;
 516 
 517         for (i = 0; i < IPPROTO_MAX; i++) {
 518                 ASSERT(ipst->ips_ipcl_proto_fanout_v4[i].connf_head == NULL);
 519                 mutex_destroy(&ipst->ips_ipcl_proto_fanout_v4[i].connf_lock);
 520         }
 521         kmem_free(ipst->ips_ipcl_proto_fanout_v4,
 522             IPPROTO_MAX * sizeof (connf_t));
 523         ipst->ips_ipcl_proto_fanout_v4 = NULL;
 524 
 525         for (i = 0; i < IPPROTO_MAX; i++) {
 526                 ASSERT(ipst->ips_ipcl_proto_fanout_v6[i].connf_head == NULL);
 527                 mutex_destroy(&ipst->ips_ipcl_proto_fanout_v6[i].connf_lock);
 528         }
 529         kmem_free(ipst->ips_ipcl_proto_fanout_v6,
 530             IPPROTO_MAX * sizeof (connf_t));
 531         ipst->ips_ipcl_proto_fanout_v6 = NULL;
 532 
 533         for (i = 0; i < ipst->ips_ipcl_udp_fanout_size; i++) {
 534                 ASSERT(ipst->ips_ipcl_udp_fanout[i].connf_head == NULL);
 535                 mutex_destroy(&ipst->ips_ipcl_udp_fanout[i].connf_lock);
 536         }
 537         kmem_free(ipst->ips_ipcl_udp_fanout, ipst->ips_ipcl_udp_fanout_size *
 538             sizeof (connf_t));
 539         ipst->ips_ipcl_udp_fanout = NULL;
 540 
 541         for (i = 0; i < ipst->ips_ipcl_iptun_fanout_size; i++) {
 542                 ASSERT(ipst->ips_ipcl_iptun_fanout[i].connf_head == NULL);
 543                 mutex_destroy(&ipst->ips_ipcl_iptun_fanout[i].connf_lock);
 544         }
 545         kmem_free(ipst->ips_ipcl_iptun_fanout,
 546             ipst->ips_ipcl_iptun_fanout_size * sizeof (connf_t));
 547         ipst->ips_ipcl_iptun_fanout = NULL;
 548 
 549         for (i = 0; i < ipst->ips_ipcl_raw_fanout_size; i++) {
 550                 ASSERT(ipst->ips_ipcl_raw_fanout[i].connf_head == NULL);
 551                 mutex_destroy(&ipst->ips_ipcl_raw_fanout[i].connf_lock);
 552         }
 553         kmem_free(ipst->ips_ipcl_raw_fanout, ipst->ips_ipcl_raw_fanout_size *
 554             sizeof (connf_t));
 555         ipst->ips_ipcl_raw_fanout = NULL;
 556 
 557         for (i = 0; i < CONN_G_HASH_SIZE; i++) {
 558                 ASSERT(ipst->ips_ipcl_globalhash_fanout[i].connf_head == NULL);
 559                 mutex_destroy(&ipst->ips_ipcl_globalhash_fanout[i].connf_lock);
 560         }
 561         kmem_free(ipst->ips_ipcl_globalhash_fanout,
 562             sizeof (connf_t) * CONN_G_HASH_SIZE);
 563         ipst->ips_ipcl_globalhash_fanout = NULL;
 564 
 565         ASSERT(ipst->ips_rts_clients->connf_head == NULL);
 566         mutex_destroy(&ipst->ips_rts_clients->connf_lock);
 567         kmem_free(ipst->ips_rts_clients, sizeof (connf_t));
 568         ipst->ips_rts_clients = NULL;
 569 }
 570 
 571 /*
 572  * conn creation routine. initialize the conn, sets the reference
 573  * and inserts it in the global hash table.
 574  */
 575 conn_t *
 576 ipcl_conn_create(uint32_t type, int sleep, netstack_t *ns)
 577 {
 578         conn_t  *connp;
 579         struct kmem_cache *conn_cache;
 580 
 581         switch (type) {
 582         case IPCL_SCTPCONN:
 583                 if ((connp = kmem_cache_alloc(sctp_conn_cache, sleep)) == NULL)
 584                         return (NULL);
 585                 sctp_conn_init(connp);
 586                 netstack_hold(ns);
 587                 connp->conn_netstack = ns;
 588                 connp->conn_ixa->ixa_ipst = ns->netstack_ip;
 589                 connp->conn_ixa->ixa_conn_id = (long)connp;
 590                 ipcl_globalhash_insert(connp);
 591                 return (connp);
 592 
 593         case IPCL_TCPCONN:
 594                 conn_cache = tcp_conn_cache;
 595                 break;
 596 
 597         case IPCL_UDPCONN:
 598                 conn_cache = udp_conn_cache;
 599                 break;
 600 
 601         case IPCL_RAWIPCONN:
 602                 conn_cache = rawip_conn_cache;
 603                 break;
 604 
 605         case IPCL_RTSCONN:
 606                 conn_cache = rts_conn_cache;
 607                 break;
 608 
 609         case IPCL_IPCCONN:
 610                 conn_cache = ip_conn_cache;
 611                 break;
 612 
 613         default:
 614                 connp = NULL;
 615                 ASSERT(0);
 616         }
 617 
 618         if ((connp = kmem_cache_alloc(conn_cache, sleep)) == NULL)
 619                 return (NULL);
 620 
 621         connp->conn_ref = 1;
 622         netstack_hold(ns);
 623         connp->conn_netstack = ns;
 624         connp->conn_ixa->ixa_ipst = ns->netstack_ip;
 625         connp->conn_ixa->ixa_conn_id = (long)connp;
 626         ipcl_globalhash_insert(connp);
 627         return (connp);
 628 }
 629 
 630 void
 631 ipcl_conn_destroy(conn_t *connp)
 632 {
 633         mblk_t  *mp;
 634         netstack_t      *ns = connp->conn_netstack;
 635 
 636         ASSERT(!MUTEX_HELD(&connp->conn_lock));
 637         ASSERT(connp->conn_ref == 0);
 638         ASSERT(connp->conn_ioctlref == 0);
 639 
 640         DTRACE_PROBE1(conn__destroy, conn_t *, connp);
 641 
 642         if (connp->conn_cred != NULL) {
 643                 crfree(connp->conn_cred);
 644                 connp->conn_cred = NULL;
 645                 /* ixa_cred done in ipcl_conn_cleanup below */
 646         }
 647 
 648         if (connp->conn_ht_iphc != NULL) {
 649                 kmem_free(connp->conn_ht_iphc, connp->conn_ht_iphc_allocated);
 650                 connp->conn_ht_iphc = NULL;
 651                 connp->conn_ht_iphc_allocated = 0;
 652                 connp->conn_ht_iphc_len = 0;
 653                 connp->conn_ht_ulp = NULL;
 654                 connp->conn_ht_ulp_len = 0;
 655         }
 656         ip_pkt_free(&connp->conn_xmit_ipp);
 657 
 658         ipcl_globalhash_remove(connp);
 659 
 660         if (connp->conn_latch != NULL) {
 661                 IPLATCH_REFRELE(connp->conn_latch);
 662                 connp->conn_latch = NULL;
 663         }
 664         if (connp->conn_latch_in_policy != NULL) {
 665                 IPPOL_REFRELE(connp->conn_latch_in_policy);
 666                 connp->conn_latch_in_policy = NULL;
 667         }
 668         if (connp->conn_latch_in_action != NULL) {
 669                 IPACT_REFRELE(connp->conn_latch_in_action);
 670                 connp->conn_latch_in_action = NULL;
 671         }
 672         if (connp->conn_policy != NULL) {
 673                 IPPH_REFRELE(connp->conn_policy, ns);
 674                 connp->conn_policy = NULL;
 675         }
 676 
 677         if (connp->conn_ipsec_opt_mp != NULL) {
 678                 freemsg(connp->conn_ipsec_opt_mp);
 679                 connp->conn_ipsec_opt_mp = NULL;
 680         }
 681 
 682         if (connp->conn_flags & IPCL_TCPCONN) {
 683                 tcp_t *tcp = connp->conn_tcp;
 684 
 685                 tcp_free(tcp);
 686                 mp = tcp->tcp_timercache;
 687 
 688                 tcp->tcp_tcps = NULL;
 689 
 690                 /*
 691                  * tcp_rsrv_mp can be NULL if tcp_get_conn() fails to allocate
 692                  * the mblk.
 693                  */
 694                 if (tcp->tcp_rsrv_mp != NULL) {
 695                         freeb(tcp->tcp_rsrv_mp);
 696                         tcp->tcp_rsrv_mp = NULL;
 697                         mutex_destroy(&tcp->tcp_rsrv_mp_lock);
 698                 }
 699 
 700                 ipcl_conn_cleanup(connp);
 701                 connp->conn_flags = IPCL_TCPCONN;
 702                 if (ns != NULL) {
 703                         ASSERT(tcp->tcp_tcps == NULL);
 704                         connp->conn_netstack = NULL;
 705                         connp->conn_ixa->ixa_ipst = NULL;
 706                         netstack_rele(ns);
 707                 }
 708 
 709                 bzero(tcp, sizeof (tcp_t));
 710 
 711                 tcp->tcp_timercache = mp;
 712                 tcp->tcp_connp = connp;
 713                 kmem_cache_free(tcp_conn_cache, connp);
 714                 return;
 715         }
 716 
 717         if (connp->conn_flags & IPCL_SCTPCONN) {
 718                 ASSERT(ns != NULL);
 719                 sctp_free(connp);
 720                 return;
 721         }
 722 
 723         ipcl_conn_cleanup(connp);
 724         if (ns != NULL) {
 725                 connp->conn_netstack = NULL;
 726                 connp->conn_ixa->ixa_ipst = NULL;
 727                 netstack_rele(ns);
 728         }
 729 
 730         /* leave conn_priv aka conn_udp, conn_icmp, etc in place. */
 731         if (connp->conn_flags & IPCL_UDPCONN) {
 732                 connp->conn_flags = IPCL_UDPCONN;
 733                 kmem_cache_free(udp_conn_cache, connp);
 734         } else if (connp->conn_flags & IPCL_RAWIPCONN) {
 735                 connp->conn_flags = IPCL_RAWIPCONN;
 736                 connp->conn_proto = IPPROTO_ICMP;
 737                 connp->conn_ixa->ixa_protocol = connp->conn_proto;
 738                 kmem_cache_free(rawip_conn_cache, connp);
 739         } else if (connp->conn_flags & IPCL_RTSCONN) {
 740                 connp->conn_flags = IPCL_RTSCONN;
 741                 kmem_cache_free(rts_conn_cache, connp);
 742         } else {
 743                 connp->conn_flags = IPCL_IPCCONN;
 744                 ASSERT(connp->conn_flags & IPCL_IPCCONN);
 745                 ASSERT(connp->conn_priv == NULL);
 746                 kmem_cache_free(ip_conn_cache, connp);
 747         }
 748 }
 749 
 750 /*
 751  * Running in cluster mode - deregister listener information
 752  */
 753 static void
 754 ipcl_conn_unlisten(conn_t *connp)
 755 {
 756         ASSERT((connp->conn_flags & IPCL_CL_LISTENER) != 0);
 757         ASSERT(connp->conn_lport != 0);
 758 
 759         if (cl_inet_unlisten != NULL) {
 760                 sa_family_t     addr_family;
 761                 uint8_t         *laddrp;
 762 
 763                 if (connp->conn_ipversion == IPV6_VERSION) {
 764                         addr_family = AF_INET6;
 765                         laddrp = (uint8_t *)&connp->conn_bound_addr_v6;
 766                 } else {
 767                         addr_family = AF_INET;
 768                         laddrp = (uint8_t *)&connp->conn_bound_addr_v4;
 769                 }
 770                 (*cl_inet_unlisten)(connp->conn_netstack->netstack_stackid,
 771                     IPPROTO_TCP, addr_family, laddrp, connp->conn_lport, NULL);
 772         }
 773         connp->conn_flags &= ~IPCL_CL_LISTENER;
 774 }
 775 
 776 /*
 777  * We set the IPCL_REMOVED flag (instead of clearing the flag indicating
 778  * which table the conn belonged to). So for debugging we can see which hash
 779  * table this connection was in.
 780  */
 781 #define IPCL_HASH_REMOVE(connp) {                                       \
 782         connf_t *connfp = (connp)->conn_fanout;                              \
 783         ASSERT(!MUTEX_HELD(&((connp)->conn_lock)));                      \
 784         if (connfp != NULL) {                                           \
 785                 mutex_enter(&connfp->connf_lock);                        \
 786                 if ((connp)->conn_next != NULL)                              \
 787                         (connp)->conn_next->conn_prev =                   \
 788                             (connp)->conn_prev;                              \
 789                 if ((connp)->conn_prev != NULL)                              \
 790                         (connp)->conn_prev->conn_next =                   \
 791                             (connp)->conn_next;                              \
 792                 else                                                    \
 793                         connfp->connf_head = (connp)->conn_next;  \
 794                 (connp)->conn_fanout = NULL;                         \
 795                 (connp)->conn_next = NULL;                           \
 796                 (connp)->conn_prev = NULL;                           \
 797                 (connp)->conn_flags |= IPCL_REMOVED;                 \
 798                 if (((connp)->conn_flags & IPCL_CL_LISTENER) != 0)       \
 799                         ipcl_conn_unlisten((connp));                    \
 800                 CONN_DEC_REF((connp));                                  \
 801                 mutex_exit(&connfp->connf_lock);                 \
 802         }                                                               \
 803 }
 804 
 805 void
 806 ipcl_hash_remove(conn_t *connp)
 807 {
 808         uint8_t         protocol = connp->conn_proto;
 809 
 810         IPCL_HASH_REMOVE(connp);
 811         if (protocol == IPPROTO_RSVP)
 812                 ill_set_inputfn_all(connp->conn_netstack->netstack_ip);
 813 }
 814 
 815 /*
 816  * The whole purpose of this function is allow removal of
 817  * a conn_t from the connected hash for timewait reclaim.
 818  * This is essentially a TW reclaim fastpath where timewait
 819  * collector checks under fanout lock (so no one else can
 820  * get access to the conn_t) that refcnt is 2 i.e. one for
 821  * TCP and one for the classifier hash list. If ref count
 822  * is indeed 2, we can just remove the conn under lock and
 823  * avoid cleaning up the conn under squeue. This gives us
 824  * improved performance.
 825  */
 826 void
 827 ipcl_hash_remove_locked(conn_t *connp, connf_t  *connfp)
 828 {
 829         ASSERT(MUTEX_HELD(&connfp->connf_lock));
 830         ASSERT(MUTEX_HELD(&connp->conn_lock));
 831         ASSERT((connp->conn_flags & IPCL_CL_LISTENER) == 0);
 832 
 833         if ((connp)->conn_next != NULL) {
 834                 (connp)->conn_next->conn_prev = (connp)->conn_prev;
 835         }
 836         if ((connp)->conn_prev != NULL) {
 837                 (connp)->conn_prev->conn_next = (connp)->conn_next;
 838         } else {
 839                 connfp->connf_head = (connp)->conn_next;
 840         }
 841         (connp)->conn_fanout = NULL;
 842         (connp)->conn_next = NULL;
 843         (connp)->conn_prev = NULL;
 844         (connp)->conn_flags |= IPCL_REMOVED;
 845         ASSERT((connp)->conn_ref == 2);
 846         (connp)->conn_ref--;
 847 }
 848 
 849 #define IPCL_HASH_INSERT_CONNECTED_LOCKED(connfp, connp) {              \
 850         ASSERT((connp)->conn_fanout == NULL);                                \
 851         ASSERT((connp)->conn_next == NULL);                          \
 852         ASSERT((connp)->conn_prev == NULL);                          \
 853         if ((connfp)->connf_head != NULL) {                          \
 854                 (connfp)->connf_head->conn_prev = (connp);                \
 855                 (connp)->conn_next = (connfp)->connf_head;                \
 856         }                                                               \
 857         (connp)->conn_fanout = (connfp);                             \
 858         (connfp)->connf_head = (connp);                                      \
 859         (connp)->conn_flags = ((connp)->conn_flags & ~IPCL_REMOVED) | \
 860             IPCL_CONNECTED;                                             \
 861         CONN_INC_REF(connp);                                            \
 862 }
 863 
 864 #define IPCL_HASH_INSERT_CONNECTED(connfp, connp) {                     \
 865         IPCL_HASH_REMOVE((connp));                                      \
 866         mutex_enter(&(connfp)->connf_lock);                              \
 867         IPCL_HASH_INSERT_CONNECTED_LOCKED(connfp, connp);               \
 868         mutex_exit(&(connfp)->connf_lock);                               \
 869 }
 870 
 871 #define IPCL_HASH_INSERT_BOUND(connfp, connp) {                         \
 872         conn_t *pconnp = NULL, *nconnp;                                 \
 873         IPCL_HASH_REMOVE((connp));                                      \
 874         mutex_enter(&(connfp)->connf_lock);                              \
 875         nconnp = (connfp)->connf_head;                                       \
 876         while (nconnp != NULL &&                                        \
 877             !_IPCL_V4_MATCH_ANY(nconnp->conn_laddr_v6)) {            \
 878                 pconnp = nconnp;                                        \
 879                 nconnp = nconnp->conn_next;                          \
 880         }                                                               \
 881         if (pconnp != NULL) {                                           \
 882                 pconnp->conn_next = (connp);                         \
 883                 (connp)->conn_prev = pconnp;                         \
 884         } else {                                                        \
 885                 (connfp)->connf_head = (connp);                              \
 886         }                                                               \
 887         if (nconnp != NULL) {                                           \
 888                 (connp)->conn_next = nconnp;                         \
 889                 nconnp->conn_prev = (connp);                         \
 890         }                                                               \
 891         (connp)->conn_fanout = (connfp);                             \
 892         (connp)->conn_flags = ((connp)->conn_flags & ~IPCL_REMOVED) | \
 893             IPCL_BOUND;                                                 \
 894         CONN_INC_REF(connp);                                            \
 895         mutex_exit(&(connfp)->connf_lock);                               \
 896 }
 897 
 898 #define IPCL_HASH_INSERT_WILDCARD(connfp, connp) {                      \
 899         conn_t **list, *prev, *next;                                    \
 900         boolean_t isv4mapped =                                          \
 901             IN6_IS_ADDR_V4MAPPED(&(connp)->conn_laddr_v6);               \
 902         IPCL_HASH_REMOVE((connp));                                      \
 903         mutex_enter(&(connfp)->connf_lock);                              \
 904         list = &(connfp)->connf_head;                                    \
 905         prev = NULL;                                                    \
 906         while ((next = *list) != NULL) {                                \
 907                 if (isv4mapped &&                                       \
 908                     IN6_IS_ADDR_UNSPECIFIED(&next->conn_laddr_v6) &&     \
 909                     connp->conn_zoneid == next->conn_zoneid) {            \
 910                         (connp)->conn_next = next;                   \
 911                         if (prev != NULL)                               \
 912                                 prev = next->conn_prev;                      \
 913                         next->conn_prev = (connp);                   \
 914                         break;                                          \
 915                 }                                                       \
 916                 list = &next->conn_next;                         \
 917                 prev = next;                                            \
 918         }                                                               \
 919         (connp)->conn_prev = prev;                                   \
 920         *list = (connp);                                                \
 921         (connp)->conn_fanout = (connfp);                             \
 922         (connp)->conn_flags = ((connp)->conn_flags & ~IPCL_REMOVED) | \
 923             IPCL_BOUND;                                                 \
 924         CONN_INC_REF((connp));                                          \
 925         mutex_exit(&(connfp)->connf_lock);                               \
 926 }
 927 
 928 void
 929 ipcl_hash_insert_wildcard(connf_t *connfp, conn_t *connp)
 930 {
 931         IPCL_HASH_INSERT_WILDCARD(connfp, connp);
 932 }
 933 
 934 /*
 935  * Because the classifier is used to classify inbound packets, the destination
 936  * address is meant to be our local tunnel address (tunnel source), and the
 937  * source the remote tunnel address (tunnel destination).
 938  *
 939  * Note that conn_proto can't be used for fanout since the upper protocol
 940  * can be both 41 and 4 when IPv6 and IPv4 are over the same tunnel.
 941  */
 942 conn_t *
 943 ipcl_iptun_classify_v4(ipaddr_t *src, ipaddr_t *dst, ip_stack_t *ipst)
 944 {
 945         connf_t *connfp;
 946         conn_t  *connp;
 947 
 948         /* first look for IPv4 tunnel links */
 949         connfp = &ipst->ips_ipcl_iptun_fanout[IPCL_IPTUN_HASH(*dst, *src)];
 950         mutex_enter(&connfp->connf_lock);
 951         for (connp = connfp->connf_head; connp != NULL;
 952             connp = connp->conn_next) {
 953                 if (IPCL_IPTUN_MATCH(connp, *dst, *src))
 954                         break;
 955         }
 956         if (connp != NULL)
 957                 goto done;
 958 
 959         mutex_exit(&connfp->connf_lock);
 960 
 961         /* We didn't find an IPv4 tunnel, try a 6to4 tunnel */
 962         connfp = &ipst->ips_ipcl_iptun_fanout[IPCL_IPTUN_HASH(*dst,
 963             INADDR_ANY)];
 964         mutex_enter(&connfp->connf_lock);
 965         for (connp = connfp->connf_head; connp != NULL;
 966             connp = connp->conn_next) {
 967                 if (IPCL_IPTUN_MATCH(connp, *dst, INADDR_ANY))
 968                         break;
 969         }
 970 done:
 971         if (connp != NULL)
 972                 CONN_INC_REF(connp);
 973         mutex_exit(&connfp->connf_lock);
 974         return (connp);
 975 }
 976 
 977 conn_t *
 978 ipcl_iptun_classify_v6(in6_addr_t *src, in6_addr_t *dst, ip_stack_t *ipst)
 979 {
 980         connf_t *connfp;
 981         conn_t  *connp;
 982 
 983         /* Look for an IPv6 tunnel link */
 984         connfp = &ipst->ips_ipcl_iptun_fanout[IPCL_IPTUN_HASH_V6(dst, src)];
 985         mutex_enter(&connfp->connf_lock);
 986         for (connp = connfp->connf_head; connp != NULL;
 987             connp = connp->conn_next) {
 988                 if (IPCL_IPTUN_MATCH_V6(connp, dst, src)) {
 989                         CONN_INC_REF(connp);
 990                         break;
 991                 }
 992         }
 993         mutex_exit(&connfp->connf_lock);
 994         return (connp);
 995 }
 996 
 997 /*
 998  * This function is used only for inserting SCTP raw socket now.
 999  * This may change later.
1000  *
1001  * Note that only one raw socket can be bound to a port.  The param
1002  * lport is in network byte order.
1003  */
1004 static int
1005 ipcl_sctp_hash_insert(conn_t *connp, in_port_t lport)
1006 {
1007         connf_t *connfp;
1008         conn_t  *oconnp;
1009         ip_stack_t      *ipst = connp->conn_netstack->netstack_ip;
1010 
1011         connfp = &ipst->ips_ipcl_raw_fanout[IPCL_RAW_HASH(ntohs(lport), ipst)];
1012 
1013         /* Check for existing raw socket already bound to the port. */
1014         mutex_enter(&connfp->connf_lock);
1015         for (oconnp = connfp->connf_head; oconnp != NULL;
1016             oconnp = oconnp->conn_next) {
1017                 if (oconnp->conn_lport == lport &&
1018                     oconnp->conn_zoneid == connp->conn_zoneid &&
1019                     oconnp->conn_family == connp->conn_family &&
1020                     ((IN6_IS_ADDR_UNSPECIFIED(&connp->conn_laddr_v6) ||
1021                     IN6_IS_ADDR_UNSPECIFIED(&oconnp->conn_laddr_v6) ||
1022                     IN6_IS_ADDR_V4MAPPED_ANY(&connp->conn_laddr_v6) ||
1023                     IN6_IS_ADDR_V4MAPPED_ANY(&oconnp->conn_laddr_v6)) ||
1024                     IN6_ARE_ADDR_EQUAL(&oconnp->conn_laddr_v6,
1025                     &connp->conn_laddr_v6))) {
1026                         break;
1027                 }
1028         }
1029         mutex_exit(&connfp->connf_lock);
1030         if (oconnp != NULL)
1031                 return (EADDRNOTAVAIL);
1032 
1033         if (IN6_IS_ADDR_UNSPECIFIED(&connp->conn_faddr_v6) ||
1034             IN6_IS_ADDR_V4MAPPED_ANY(&connp->conn_faddr_v6)) {
1035                 if (IN6_IS_ADDR_UNSPECIFIED(&connp->conn_laddr_v6) ||
1036                     IN6_IS_ADDR_V4MAPPED_ANY(&connp->conn_laddr_v6)) {
1037                         IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1038                 } else {
1039                         IPCL_HASH_INSERT_BOUND(connfp, connp);
1040                 }
1041         } else {
1042                 IPCL_HASH_INSERT_CONNECTED(connfp, connp);
1043         }
1044         return (0);
1045 }
1046 
1047 static int
1048 ipcl_iptun_hash_insert(conn_t *connp, ip_stack_t *ipst)
1049 {
1050         connf_t *connfp;
1051         conn_t  *tconnp;
1052         ipaddr_t laddr = connp->conn_laddr_v4;
1053         ipaddr_t faddr = connp->conn_faddr_v4;
1054 
1055         connfp = &ipst->ips_ipcl_iptun_fanout[IPCL_IPTUN_HASH(laddr, faddr)];
1056         mutex_enter(&connfp->connf_lock);
1057         for (tconnp = connfp->connf_head; tconnp != NULL;
1058             tconnp = tconnp->conn_next) {
1059                 if (IPCL_IPTUN_MATCH(tconnp, laddr, faddr)) {
1060                         /* A tunnel is already bound to these addresses. */
1061                         mutex_exit(&connfp->connf_lock);
1062                         return (EADDRINUSE);
1063                 }
1064         }
1065         IPCL_HASH_INSERT_CONNECTED_LOCKED(connfp, connp);
1066         mutex_exit(&connfp->connf_lock);
1067         return (0);
1068 }
1069 
1070 static int
1071 ipcl_iptun_hash_insert_v6(conn_t *connp, ip_stack_t *ipst)
1072 {
1073         connf_t *connfp;
1074         conn_t  *tconnp;
1075         in6_addr_t *laddr = &connp->conn_laddr_v6;
1076         in6_addr_t *faddr = &connp->conn_faddr_v6;
1077 
1078         connfp = &ipst->ips_ipcl_iptun_fanout[IPCL_IPTUN_HASH_V6(laddr, faddr)];
1079         mutex_enter(&connfp->connf_lock);
1080         for (tconnp = connfp->connf_head; tconnp != NULL;
1081             tconnp = tconnp->conn_next) {
1082                 if (IPCL_IPTUN_MATCH_V6(tconnp, laddr, faddr)) {
1083                         /* A tunnel is already bound to these addresses. */
1084                         mutex_exit(&connfp->connf_lock);
1085                         return (EADDRINUSE);
1086                 }
1087         }
1088         IPCL_HASH_INSERT_CONNECTED_LOCKED(connfp, connp);
1089         mutex_exit(&connfp->connf_lock);
1090         return (0);
1091 }
1092 
1093 /*
1094  * Check for a MAC exemption conflict on a labeled system.  Note that for
1095  * protocols that use port numbers (UDP, TCP, SCTP), we do this check up in the
1096  * transport layer.  This check is for binding all other protocols.
1097  *
1098  * Returns true if there's a conflict.
1099  */
1100 static boolean_t
1101 check_exempt_conflict_v4(conn_t *connp, ip_stack_t *ipst)
1102 {
1103         connf_t *connfp;
1104         conn_t *tconn;
1105 
1106         connfp = &ipst->ips_ipcl_proto_fanout_v4[connp->conn_proto];
1107         mutex_enter(&connfp->connf_lock);
1108         for (tconn = connfp->connf_head; tconn != NULL;
1109             tconn = tconn->conn_next) {
1110                 /* We don't allow v4 fallback for v6 raw socket */
1111                 if (connp->conn_family != tconn->conn_family)
1112                         continue;
1113                 /* If neither is exempt, then there's no conflict */
1114                 if ((connp->conn_mac_mode == CONN_MAC_DEFAULT) &&
1115                     (tconn->conn_mac_mode == CONN_MAC_DEFAULT))
1116                         continue;
1117                 /* We are only concerned about sockets for a different zone */
1118                 if (connp->conn_zoneid == tconn->conn_zoneid)
1119                         continue;
1120                 /* If both are bound to different specific addrs, ok */
1121                 if (connp->conn_laddr_v4 != INADDR_ANY &&
1122                     tconn->conn_laddr_v4 != INADDR_ANY &&
1123                     connp->conn_laddr_v4 != tconn->conn_laddr_v4)
1124                         continue;
1125                 /* These two conflict; fail */
1126                 break;
1127         }
1128         mutex_exit(&connfp->connf_lock);
1129         return (tconn != NULL);
1130 }
1131 
1132 static boolean_t
1133 check_exempt_conflict_v6(conn_t *connp, ip_stack_t *ipst)
1134 {
1135         connf_t *connfp;
1136         conn_t *tconn;
1137 
1138         connfp = &ipst->ips_ipcl_proto_fanout_v6[connp->conn_proto];
1139         mutex_enter(&connfp->connf_lock);
1140         for (tconn = connfp->connf_head; tconn != NULL;
1141             tconn = tconn->conn_next) {
1142                 /* We don't allow v4 fallback for v6 raw socket */
1143                 if (connp->conn_family != tconn->conn_family)
1144                         continue;
1145                 /* If neither is exempt, then there's no conflict */
1146                 if ((connp->conn_mac_mode == CONN_MAC_DEFAULT) &&
1147                     (tconn->conn_mac_mode == CONN_MAC_DEFAULT))
1148                         continue;
1149                 /* We are only concerned about sockets for a different zone */
1150                 if (connp->conn_zoneid == tconn->conn_zoneid)
1151                         continue;
1152                 /* If both are bound to different addrs, ok */
1153                 if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_laddr_v6) &&
1154                     !IN6_IS_ADDR_UNSPECIFIED(&tconn->conn_laddr_v6) &&
1155                     !IN6_ARE_ADDR_EQUAL(&connp->conn_laddr_v6,
1156                     &tconn->conn_laddr_v6))
1157                         continue;
1158                 /* These two conflict; fail */
1159                 break;
1160         }
1161         mutex_exit(&connfp->connf_lock);
1162         return (tconn != NULL);
1163 }
1164 
1165 /*
1166  * (v4, v6) bind hash insertion routines
1167  * The caller has already setup the conn (conn_proto, conn_laddr_v6, conn_lport)
1168  */
1169 
1170 int
1171 ipcl_bind_insert(conn_t *connp)
1172 {
1173         if (connp->conn_ipversion == IPV6_VERSION)
1174                 return (ipcl_bind_insert_v6(connp));
1175         else
1176                 return (ipcl_bind_insert_v4(connp));
1177 }
1178 
1179 int
1180 ipcl_bind_insert_v4(conn_t *connp)
1181 {
1182         connf_t *connfp;
1183         int     ret = 0;
1184         ip_stack_t      *ipst = connp->conn_netstack->netstack_ip;
1185         uint16_t        lport = connp->conn_lport;
1186         uint8_t         protocol = connp->conn_proto;
1187 
1188         if (IPCL_IS_IPTUN(connp))
1189                 return (ipcl_iptun_hash_insert(connp, ipst));
1190 
1191         switch (protocol) {
1192         default:
1193                 if (is_system_labeled() &&
1194                     check_exempt_conflict_v4(connp, ipst))
1195                         return (EADDRINUSE);
1196                 /* FALLTHROUGH */
1197         case IPPROTO_UDP:
1198                 if (protocol == IPPROTO_UDP) {
1199                         connfp = &ipst->ips_ipcl_udp_fanout[
1200                             IPCL_UDP_HASH(lport, ipst)];
1201                 } else {
1202                         connfp = &ipst->ips_ipcl_proto_fanout_v4[protocol];
1203                 }
1204 
1205                 if (connp->conn_faddr_v4 != INADDR_ANY) {
1206                         IPCL_HASH_INSERT_CONNECTED(connfp, connp);
1207                 } else if (connp->conn_laddr_v4 != INADDR_ANY) {
1208                         IPCL_HASH_INSERT_BOUND(connfp, connp);
1209                 } else {
1210                         IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1211                 }
1212                 if (protocol == IPPROTO_RSVP)
1213                         ill_set_inputfn_all(ipst);
1214                 break;
1215 
1216         case IPPROTO_TCP:
1217                 /* Insert it in the Bind Hash */
1218                 ASSERT(connp->conn_zoneid != ALL_ZONES);
1219                 connfp = &ipst->ips_ipcl_bind_fanout[
1220                     IPCL_BIND_HASH(lport, ipst)];
1221                 if (connp->conn_laddr_v4 != INADDR_ANY) {
1222                         IPCL_HASH_INSERT_BOUND(connfp, connp);
1223                 } else {
1224                         IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1225                 }
1226                 if (cl_inet_listen != NULL) {
1227                         ASSERT(connp->conn_ipversion == IPV4_VERSION);
1228                         connp->conn_flags |= IPCL_CL_LISTENER;
1229                         (*cl_inet_listen)(
1230                             connp->conn_netstack->netstack_stackid,
1231                             IPPROTO_TCP, AF_INET,
1232                             (uint8_t *)&connp->conn_bound_addr_v4, lport, NULL);
1233                 }
1234                 break;
1235 
1236         case IPPROTO_SCTP:
1237                 ret = ipcl_sctp_hash_insert(connp, lport);
1238                 break;
1239         }
1240 
1241         return (ret);
1242 }
1243 
1244 int
1245 ipcl_bind_insert_v6(conn_t *connp)
1246 {
1247         connf_t         *connfp;
1248         int             ret = 0;
1249         ip_stack_t      *ipst = connp->conn_netstack->netstack_ip;
1250         uint16_t        lport = connp->conn_lport;
1251         uint8_t         protocol = connp->conn_proto;
1252 
1253         if (IPCL_IS_IPTUN(connp)) {
1254                 return (ipcl_iptun_hash_insert_v6(connp, ipst));
1255         }
1256 
1257         switch (protocol) {
1258         default:
1259                 if (is_system_labeled() &&
1260                     check_exempt_conflict_v6(connp, ipst))
1261                         return (EADDRINUSE);
1262                 /* FALLTHROUGH */
1263         case IPPROTO_UDP:
1264                 if (protocol == IPPROTO_UDP) {
1265                         connfp = &ipst->ips_ipcl_udp_fanout[
1266                             IPCL_UDP_HASH(lport, ipst)];
1267                 } else {
1268                         connfp = &ipst->ips_ipcl_proto_fanout_v6[protocol];
1269                 }
1270 
1271                 if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_faddr_v6)) {
1272                         IPCL_HASH_INSERT_CONNECTED(connfp, connp);
1273                 } else if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_laddr_v6)) {
1274                         IPCL_HASH_INSERT_BOUND(connfp, connp);
1275                 } else {
1276                         IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1277                 }
1278                 break;
1279 
1280         case IPPROTO_TCP:
1281                 /* Insert it in the Bind Hash */
1282                 ASSERT(connp->conn_zoneid != ALL_ZONES);
1283                 connfp = &ipst->ips_ipcl_bind_fanout[
1284                     IPCL_BIND_HASH(lport, ipst)];
1285                 if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_laddr_v6)) {
1286                         IPCL_HASH_INSERT_BOUND(connfp, connp);
1287                 } else {
1288                         IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1289                 }
1290                 if (cl_inet_listen != NULL) {
1291                         sa_family_t     addr_family;
1292                         uint8_t         *laddrp;
1293 
1294                         if (connp->conn_ipversion == IPV6_VERSION) {
1295                                 addr_family = AF_INET6;
1296                                 laddrp =
1297                                     (uint8_t *)&connp->conn_bound_addr_v6;
1298                         } else {
1299                                 addr_family = AF_INET;
1300                                 laddrp = (uint8_t *)&connp->conn_bound_addr_v4;
1301                         }
1302                         connp->conn_flags |= IPCL_CL_LISTENER;
1303                         (*cl_inet_listen)(
1304                             connp->conn_netstack->netstack_stackid,
1305                             IPPROTO_TCP, addr_family, laddrp, lport, NULL);
1306                 }
1307                 break;
1308 
1309         case IPPROTO_SCTP:
1310                 ret = ipcl_sctp_hash_insert(connp, lport);
1311                 break;
1312         }
1313 
1314         return (ret);
1315 }
1316 
1317 /*
1318  * ipcl_conn_hash insertion routines.
1319  * The caller has already set conn_proto and the addresses/ports in the conn_t.
1320  */
1321 
1322 int
1323 ipcl_conn_insert(conn_t *connp)
1324 {
1325         if (connp->conn_ipversion == IPV6_VERSION)
1326                 return (ipcl_conn_insert_v6(connp));
1327         else
1328                 return (ipcl_conn_insert_v4(connp));
1329 }
1330 
1331 int
1332 ipcl_conn_insert_v4(conn_t *connp)
1333 {
1334         connf_t         *connfp;
1335         conn_t          *tconnp;
1336         int             ret = 0;
1337         ip_stack_t      *ipst = connp->conn_netstack->netstack_ip;
1338         uint16_t        lport = connp->conn_lport;
1339         uint8_t         protocol = connp->conn_proto;
1340 
1341         if (IPCL_IS_IPTUN(connp))
1342                 return (ipcl_iptun_hash_insert(connp, ipst));
1343 
1344         switch (protocol) {
1345         case IPPROTO_TCP:
1346                 /*
1347                  * For TCP, we check whether the connection tuple already
1348                  * exists before allowing the connection to proceed.  We
1349                  * also allow indexing on the zoneid. This is to allow
1350                  * multiple shared stack zones to have the same tcp
1351                  * connection tuple. In practice this only happens for
1352                  * INADDR_LOOPBACK as it's the only local address which
1353                  * doesn't have to be unique.
1354                  */
1355                 connfp = &ipst->ips_ipcl_conn_fanout[
1356                     IPCL_CONN_HASH(connp->conn_faddr_v4,
1357                     connp->conn_ports, ipst)];
1358                 mutex_enter(&connfp->connf_lock);
1359                 for (tconnp = connfp->connf_head; tconnp != NULL;
1360                     tconnp = tconnp->conn_next) {
1361                         if (IPCL_CONN_MATCH(tconnp, connp->conn_proto,
1362                             connp->conn_faddr_v4, connp->conn_laddr_v4,
1363                             connp->conn_ports) &&
1364                             IPCL_ZONE_MATCH(tconnp, connp->conn_zoneid)) {
1365                                 /* Already have a conn. bail out */
1366                                 mutex_exit(&connfp->connf_lock);
1367                                 return (EADDRINUSE);
1368                         }
1369                 }
1370                 if (connp->conn_fanout != NULL) {
1371                         /*
1372                          * Probably a XTI/TLI application trying to do a
1373                          * rebind. Let it happen.
1374                          */
1375                         mutex_exit(&connfp->connf_lock);
1376                         IPCL_HASH_REMOVE(connp);
1377                         mutex_enter(&connfp->connf_lock);
1378                 }
1379 
1380                 ASSERT(connp->conn_recv != NULL);
1381                 ASSERT(connp->conn_recvicmp != NULL);
1382 
1383                 IPCL_HASH_INSERT_CONNECTED_LOCKED(connfp, connp);
1384                 mutex_exit(&connfp->connf_lock);
1385                 break;
1386 
1387         case IPPROTO_SCTP:
1388                 /*
1389                  * The raw socket may have already been bound, remove it
1390                  * from the hash first.
1391                  */
1392                 IPCL_HASH_REMOVE(connp);
1393                 ret = ipcl_sctp_hash_insert(connp, lport);
1394                 break;
1395 
1396         default:
1397                 /*
1398                  * Check for conflicts among MAC exempt bindings.  For
1399                  * transports with port numbers, this is done by the upper
1400                  * level per-transport binding logic.  For all others, it's
1401                  * done here.
1402                  */
1403                 if (is_system_labeled() &&
1404                     check_exempt_conflict_v4(connp, ipst))
1405                         return (EADDRINUSE);
1406                 /* FALLTHROUGH */
1407 
1408         case IPPROTO_UDP:
1409                 if (protocol == IPPROTO_UDP) {
1410                         connfp = &ipst->ips_ipcl_udp_fanout[
1411                             IPCL_UDP_HASH(lport, ipst)];
1412                 } else {
1413                         connfp = &ipst->ips_ipcl_proto_fanout_v4[protocol];
1414                 }
1415 
1416                 if (connp->conn_faddr_v4 != INADDR_ANY) {
1417                         IPCL_HASH_INSERT_CONNECTED(connfp, connp);
1418                 } else if (connp->conn_laddr_v4 != INADDR_ANY) {
1419                         IPCL_HASH_INSERT_BOUND(connfp, connp);
1420                 } else {
1421                         IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1422                 }
1423                 break;
1424         }
1425 
1426         return (ret);
1427 }
1428 
1429 int
1430 ipcl_conn_insert_v6(conn_t *connp)
1431 {
1432         connf_t         *connfp;
1433         conn_t          *tconnp;
1434         int             ret = 0;
1435         ip_stack_t      *ipst = connp->conn_netstack->netstack_ip;
1436         uint16_t        lport = connp->conn_lport;
1437         uint8_t         protocol = connp->conn_proto;
1438         uint_t          ifindex = connp->conn_bound_if;
1439 
1440         if (IPCL_IS_IPTUN(connp))
1441                 return (ipcl_iptun_hash_insert_v6(connp, ipst));
1442 
1443         switch (protocol) {
1444         case IPPROTO_TCP:
1445 
1446                 /*
1447                  * For tcp, we check whether the connection tuple already
1448                  * exists before allowing the connection to proceed.  We
1449                  * also allow indexing on the zoneid. This is to allow
1450                  * multiple shared stack zones to have the same tcp
1451                  * connection tuple. In practice this only happens for
1452                  * ipv6_loopback as it's the only local address which
1453                  * doesn't have to be unique.
1454                  */
1455                 connfp = &ipst->ips_ipcl_conn_fanout[
1456                     IPCL_CONN_HASH_V6(connp->conn_faddr_v6, connp->conn_ports,
1457                     ipst)];
1458                 mutex_enter(&connfp->connf_lock);
1459                 for (tconnp = connfp->connf_head; tconnp != NULL;
1460                     tconnp = tconnp->conn_next) {
1461                         /* NOTE: need to match zoneid. Bug in onnv-gate */
1462                         if (IPCL_CONN_MATCH_V6(tconnp, connp->conn_proto,
1463                             connp->conn_faddr_v6, connp->conn_laddr_v6,
1464                             connp->conn_ports) &&
1465                             (tconnp->conn_bound_if == 0 ||
1466                             tconnp->conn_bound_if == ifindex) &&
1467                             IPCL_ZONE_MATCH(tconnp, connp->conn_zoneid)) {
1468                                 /* Already have a conn. bail out */
1469                                 mutex_exit(&connfp->connf_lock);
1470                                 return (EADDRINUSE);
1471                         }
1472                 }
1473                 if (connp->conn_fanout != NULL) {
1474                         /*
1475                          * Probably a XTI/TLI application trying to do a
1476                          * rebind. Let it happen.
1477                          */
1478                         mutex_exit(&connfp->connf_lock);
1479                         IPCL_HASH_REMOVE(connp);
1480                         mutex_enter(&connfp->connf_lock);
1481                 }
1482                 IPCL_HASH_INSERT_CONNECTED_LOCKED(connfp, connp);
1483                 mutex_exit(&connfp->connf_lock);
1484                 break;
1485 
1486         case IPPROTO_SCTP:
1487                 IPCL_HASH_REMOVE(connp);
1488                 ret = ipcl_sctp_hash_insert(connp, lport);
1489                 break;
1490 
1491         default:
1492                 if (is_system_labeled() &&
1493                     check_exempt_conflict_v6(connp, ipst))
1494                         return (EADDRINUSE);
1495                 /* FALLTHROUGH */
1496         case IPPROTO_UDP:
1497                 if (protocol == IPPROTO_UDP) {
1498                         connfp = &ipst->ips_ipcl_udp_fanout[
1499                             IPCL_UDP_HASH(lport, ipst)];
1500                 } else {
1501                         connfp = &ipst->ips_ipcl_proto_fanout_v6[protocol];
1502                 }
1503 
1504                 if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_faddr_v6)) {
1505                         IPCL_HASH_INSERT_CONNECTED(connfp, connp);
1506                 } else if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_laddr_v6)) {
1507                         IPCL_HASH_INSERT_BOUND(connfp, connp);
1508                 } else {
1509                         IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1510                 }
1511                 break;
1512         }
1513 
1514         return (ret);
1515 }
1516 
1517 /*
1518  * v4 packet classifying function. looks up the fanout table to
1519  * find the conn, the packet belongs to. returns the conn with
1520  * the reference held, null otherwise.
1521  *
1522  * If zoneid is ALL_ZONES, then the search rules described in the "Connection
1523  * Lookup" comment block are applied.  Labels are also checked as described
1524  * above.  If the packet is from the inside (looped back), and is from the same
1525  * zone, then label checks are omitted.
1526  */
1527 conn_t *
1528 ipcl_classify_v4(mblk_t *mp, uint8_t protocol, uint_t hdr_len,
1529     ip_recv_attr_t *ira, ip_stack_t *ipst)
1530 {
1531         ipha_t  *ipha;
1532         connf_t *connfp, *bind_connfp;
1533         uint16_t lport;
1534         uint16_t fport;
1535         uint32_t ports;
1536         conn_t  *connp;
1537         uint16_t  *up;
1538         zoneid_t        zoneid = ira->ira_zoneid;
1539 
1540         ipha = (ipha_t *)mp->b_rptr;
1541         up = (uint16_t *)((uchar_t *)ipha + hdr_len + TCP_PORTS_OFFSET);
1542 
1543         switch (protocol) {
1544         case IPPROTO_TCP:
1545                 ports = *(uint32_t *)up;
1546                 connfp =
1547                     &ipst->ips_ipcl_conn_fanout[IPCL_CONN_HASH(ipha->ipha_src,
1548                     ports, ipst)];
1549                 mutex_enter(&connfp->connf_lock);
1550                 for (connp = connfp->connf_head; connp != NULL;
1551                     connp = connp->conn_next) {
1552                         if (IPCL_CONN_MATCH(connp, protocol,
1553                             ipha->ipha_src, ipha->ipha_dst, ports) &&
1554                             (connp->conn_zoneid == zoneid ||
1555                             connp->conn_allzones ||
1556                             ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1557                             (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE) &&
1558                             (ira->ira_flags & IRAF_TX_SHARED_ADDR))))
1559                                 break;
1560                 }
1561 
1562                 if (connp != NULL) {
1563                         /*
1564                          * We have a fully-bound TCP connection.
1565                          *
1566                          * For labeled systems, there's no need to check the
1567                          * label here.  It's known to be good as we checked
1568                          * before allowing the connection to become bound.
1569                          */
1570                         CONN_INC_REF(connp);
1571                         mutex_exit(&connfp->connf_lock);
1572                         return (connp);
1573                 }
1574 
1575                 mutex_exit(&connfp->connf_lock);
1576                 lport = up[1];
1577                 bind_connfp =
1578                     &ipst->ips_ipcl_bind_fanout[IPCL_BIND_HASH(lport, ipst)];
1579                 mutex_enter(&bind_connfp->connf_lock);
1580                 for (connp = bind_connfp->connf_head; connp != NULL;
1581                     connp = connp->conn_next) {
1582                         if (IPCL_BIND_MATCH(connp, protocol, ipha->ipha_dst,
1583                             lport) &&
1584                             (connp->conn_zoneid == zoneid ||
1585                             connp->conn_allzones ||
1586                             ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1587                             (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE) &&
1588                             (ira->ira_flags & IRAF_TX_SHARED_ADDR))))
1589                                 break;
1590                 }
1591 
1592                 /*
1593                  * If the matching connection is SLP on a private address, then
1594                  * the label on the packet must match the local zone's label.
1595                  * Otherwise, it must be in the label range defined by tnrh.
1596                  * This is ensured by tsol_receive_local.
1597                  *
1598                  * Note that we don't check tsol_receive_local for
1599                  * the connected case.
1600                  */
1601                 if (connp != NULL && (ira->ira_flags & IRAF_SYSTEM_LABELED) &&
1602                     !tsol_receive_local(mp, &ipha->ipha_dst, IPV4_VERSION,
1603                     ira, connp)) {
1604                         DTRACE_PROBE3(tx__ip__log__info__classify__tcp,
1605                             char *, "connp(1) could not receive mp(2)",
1606                             conn_t *, connp, mblk_t *, mp);
1607                         connp = NULL;
1608                 }
1609 
1610                 if (connp != NULL) {
1611                         /* Have a listener at least */
1612                         CONN_INC_REF(connp);
1613                         mutex_exit(&bind_connfp->connf_lock);
1614                         return (connp);
1615                 }
1616 
1617                 mutex_exit(&bind_connfp->connf_lock);
1618                 break;
1619 
1620         case IPPROTO_UDP:
1621                 lport = up[1];
1622                 fport = up[0];
1623                 connfp = &ipst->ips_ipcl_udp_fanout[IPCL_UDP_HASH(lport, ipst)];
1624                 mutex_enter(&connfp->connf_lock);
1625                 for (connp = connfp->connf_head; connp != NULL;
1626                     connp = connp->conn_next) {
1627                         if (IPCL_UDP_MATCH(connp, lport, ipha->ipha_dst,
1628                             fport, ipha->ipha_src) &&
1629                             (connp->conn_zoneid == zoneid ||
1630                             connp->conn_allzones ||
1631                             ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1632                             (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE))))
1633                                 break;
1634                 }
1635 
1636                 if (connp != NULL && (ira->ira_flags & IRAF_SYSTEM_LABELED) &&
1637                     !tsol_receive_local(mp, &ipha->ipha_dst, IPV4_VERSION,
1638                     ira, connp)) {
1639                         DTRACE_PROBE3(tx__ip__log__info__classify__udp,
1640                             char *, "connp(1) could not receive mp(2)",
1641                             conn_t *, connp, mblk_t *, mp);
1642                         connp = NULL;
1643                 }
1644 
1645                 if (connp != NULL) {
1646                         CONN_INC_REF(connp);
1647                         mutex_exit(&connfp->connf_lock);
1648                         return (connp);
1649                 }
1650 
1651                 /*
1652                  * We shouldn't come here for multicast/broadcast packets
1653                  */
1654                 mutex_exit(&connfp->connf_lock);
1655 
1656                 break;
1657 
1658         case IPPROTO_ENCAP:
1659         case IPPROTO_IPV6:
1660                 return (ipcl_iptun_classify_v4(&ipha->ipha_src,
1661                     &ipha->ipha_dst, ipst));
1662         }
1663 
1664         return (NULL);
1665 }
1666 
1667 conn_t *
1668 ipcl_classify_v6(mblk_t *mp, uint8_t protocol, uint_t hdr_len,
1669     ip_recv_attr_t *ira, ip_stack_t *ipst)
1670 {
1671         ip6_t           *ip6h;
1672         connf_t         *connfp, *bind_connfp;
1673         uint16_t        lport;
1674         uint16_t        fport;
1675         tcpha_t         *tcpha;
1676         uint32_t        ports;
1677         conn_t          *connp;
1678         uint16_t        *up;
1679         zoneid_t        zoneid = ira->ira_zoneid;
1680 
1681         ip6h = (ip6_t *)mp->b_rptr;
1682 
1683         switch (protocol) {
1684         case IPPROTO_TCP:
1685                 tcpha = (tcpha_t *)&mp->b_rptr[hdr_len];
1686                 up = &tcpha->tha_lport;
1687                 ports = *(uint32_t *)up;
1688 
1689                 connfp =
1690                     &ipst->ips_ipcl_conn_fanout[IPCL_CONN_HASH_V6(ip6h->ip6_src,
1691                     ports, ipst)];
1692                 mutex_enter(&connfp->connf_lock);
1693                 for (connp = connfp->connf_head; connp != NULL;
1694                     connp = connp->conn_next) {
1695                         if (IPCL_CONN_MATCH_V6(connp, protocol,
1696                             ip6h->ip6_src, ip6h->ip6_dst, ports) &&
1697                             (connp->conn_zoneid == zoneid ||
1698                             connp->conn_allzones ||
1699                             ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1700                             (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE) &&
1701                             (ira->ira_flags & IRAF_TX_SHARED_ADDR))))
1702                                 break;
1703                 }
1704 
1705                 if (connp != NULL) {
1706                         /*
1707                          * We have a fully-bound TCP connection.
1708                          *
1709                          * For labeled systems, there's no need to check the
1710                          * label here.  It's known to be good as we checked
1711                          * before allowing the connection to become bound.
1712                          */
1713                         CONN_INC_REF(connp);
1714                         mutex_exit(&connfp->connf_lock);
1715                         return (connp);
1716                 }
1717 
1718                 mutex_exit(&connfp->connf_lock);
1719 
1720                 lport = up[1];
1721                 bind_connfp =
1722                     &ipst->ips_ipcl_bind_fanout[IPCL_BIND_HASH(lport, ipst)];
1723                 mutex_enter(&bind_connfp->connf_lock);
1724                 for (connp = bind_connfp->connf_head; connp != NULL;
1725                     connp = connp->conn_next) {
1726                         if (IPCL_BIND_MATCH_V6(connp, protocol,
1727                             ip6h->ip6_dst, lport) &&
1728                             (connp->conn_zoneid == zoneid ||
1729                             connp->conn_allzones ||
1730                             ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1731                             (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE) &&
1732                             (ira->ira_flags & IRAF_TX_SHARED_ADDR))))
1733                                 break;
1734                 }
1735 
1736                 if (connp != NULL && (ira->ira_flags & IRAF_SYSTEM_LABELED) &&
1737                     !tsol_receive_local(mp, &ip6h->ip6_dst, IPV6_VERSION,
1738                     ira, connp)) {
1739                         DTRACE_PROBE3(tx__ip__log__info__classify__tcp6,
1740                             char *, "connp(1) could not receive mp(2)",
1741                             conn_t *, connp, mblk_t *, mp);
1742                         connp = NULL;
1743                 }
1744 
1745                 if (connp != NULL) {
1746                         /* Have a listner at least */
1747                         CONN_INC_REF(connp);
1748                         mutex_exit(&bind_connfp->connf_lock);
1749                         return (connp);
1750                 }
1751 
1752                 mutex_exit(&bind_connfp->connf_lock);
1753                 break;
1754 
1755         case IPPROTO_UDP:
1756                 up = (uint16_t *)&mp->b_rptr[hdr_len];
1757                 lport = up[1];
1758                 fport = up[0];
1759                 connfp = &ipst->ips_ipcl_udp_fanout[IPCL_UDP_HASH(lport, ipst)];
1760                 mutex_enter(&connfp->connf_lock);
1761                 for (connp = connfp->connf_head; connp != NULL;
1762                     connp = connp->conn_next) {
1763                         if (IPCL_UDP_MATCH_V6(connp, lport, ip6h->ip6_dst,
1764                             fport, ip6h->ip6_src) &&
1765                             (connp->conn_zoneid == zoneid ||
1766                             connp->conn_allzones ||
1767                             ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1768                             (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE) &&
1769                             (ira->ira_flags & IRAF_TX_SHARED_ADDR))))
1770                                 break;
1771                 }
1772 
1773                 if (connp != NULL && (ira->ira_flags & IRAF_SYSTEM_LABELED) &&
1774                     !tsol_receive_local(mp, &ip6h->ip6_dst, IPV6_VERSION,
1775                     ira, connp)) {
1776                         DTRACE_PROBE3(tx__ip__log__info__classify__udp6,
1777                             char *, "connp(1) could not receive mp(2)",
1778                             conn_t *, connp, mblk_t *, mp);
1779                         connp = NULL;
1780                 }
1781 
1782                 if (connp != NULL) {
1783                         CONN_INC_REF(connp);
1784                         mutex_exit(&connfp->connf_lock);
1785                         return (connp);
1786                 }
1787 
1788                 /*
1789                  * We shouldn't come here for multicast/broadcast packets
1790                  */
1791                 mutex_exit(&connfp->connf_lock);
1792                 break;
1793         case IPPROTO_ENCAP:
1794         case IPPROTO_IPV6:
1795                 return (ipcl_iptun_classify_v6(&ip6h->ip6_src,
1796                     &ip6h->ip6_dst, ipst));
1797         }
1798 
1799         return (NULL);
1800 }
1801 
1802 /*
1803  * wrapper around ipcl_classify_(v4,v6) routines.
1804  */
1805 conn_t *
1806 ipcl_classify(mblk_t *mp, ip_recv_attr_t *ira, ip_stack_t *ipst)
1807 {
1808         if (ira->ira_flags & IRAF_IS_IPV4) {
1809                 return (ipcl_classify_v4(mp, ira->ira_protocol,
1810                     ira->ira_ip_hdr_length, ira, ipst));
1811         } else {
1812                 return (ipcl_classify_v6(mp, ira->ira_protocol,
1813                     ira->ira_ip_hdr_length, ira, ipst));
1814         }
1815 }
1816 
1817 /*
1818  * Only used to classify SCTP RAW sockets
1819  */
1820 conn_t *
1821 ipcl_classify_raw(mblk_t *mp, uint8_t protocol, uint32_t ports,
1822     ipha_t *ipha, ip6_t *ip6h, ip_recv_attr_t *ira, ip_stack_t *ipst)
1823 {
1824         connf_t         *connfp;
1825         conn_t          *connp;
1826         in_port_t       lport;
1827         int             ipversion;
1828         const void      *dst;
1829         zoneid_t        zoneid = ira->ira_zoneid;
1830 
1831         lport = ((uint16_t *)&ports)[1];
1832         if (ira->ira_flags & IRAF_IS_IPV4) {
1833                 dst = (const void *)&ipha->ipha_dst;
1834                 ipversion = IPV4_VERSION;
1835         } else {
1836                 dst = (const void *)&ip6h->ip6_dst;
1837                 ipversion = IPV6_VERSION;
1838         }
1839 
1840         connfp = &ipst->ips_ipcl_raw_fanout[IPCL_RAW_HASH(ntohs(lport), ipst)];
1841         mutex_enter(&connfp->connf_lock);
1842         for (connp = connfp->connf_head; connp != NULL;
1843             connp = connp->conn_next) {
1844                 /* We don't allow v4 fallback for v6 raw socket. */
1845                 if (ipversion != connp->conn_ipversion)
1846                         continue;
1847                 if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_faddr_v6) &&
1848                     !IN6_IS_ADDR_V4MAPPED_ANY(&connp->conn_faddr_v6)) {
1849                         if (ipversion == IPV4_VERSION) {
1850                                 if (!IPCL_CONN_MATCH(connp, protocol,
1851                                     ipha->ipha_src, ipha->ipha_dst, ports))
1852                                         continue;
1853                         } else {
1854                                 if (!IPCL_CONN_MATCH_V6(connp, protocol,
1855                                     ip6h->ip6_src, ip6h->ip6_dst, ports))
1856                                         continue;
1857                         }
1858                 } else {
1859                         if (ipversion == IPV4_VERSION) {
1860                                 if (!IPCL_BIND_MATCH(connp, protocol,
1861                                     ipha->ipha_dst, lport))
1862                                         continue;
1863                         } else {
1864                                 if (!IPCL_BIND_MATCH_V6(connp, protocol,
1865                                     ip6h->ip6_dst, lport))
1866                                         continue;
1867                         }
1868                 }
1869 
1870                 if (connp->conn_zoneid == zoneid ||
1871                     connp->conn_allzones ||
1872                     ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1873                     (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE) &&
1874                     (ira->ira_flags & IRAF_TX_SHARED_ADDR)))
1875                         break;
1876         }
1877 
1878         if (connp != NULL && (ira->ira_flags & IRAF_SYSTEM_LABELED) &&
1879             !tsol_receive_local(mp, dst, ipversion, ira, connp)) {
1880                 DTRACE_PROBE3(tx__ip__log__info__classify__rawip,
1881                     char *, "connp(1) could not receive mp(2)",
1882                     conn_t *, connp, mblk_t *, mp);
1883                 connp = NULL;
1884         }
1885 
1886         if (connp != NULL)
1887                 goto found;
1888         mutex_exit(&connfp->connf_lock);
1889 
1890         /* Try to look for a wildcard SCTP RAW socket match. */
1891         connfp = &ipst->ips_ipcl_raw_fanout[IPCL_RAW_HASH(0, ipst)];
1892         mutex_enter(&connfp->connf_lock);
1893         for (connp = connfp->connf_head; connp != NULL;
1894             connp = connp->conn_next) {
1895                 /* We don't allow v4 fallback for v6 raw socket. */
1896                 if (ipversion != connp->conn_ipversion)
1897                         continue;
1898                 if (!IPCL_ZONE_MATCH(connp, zoneid))
1899                         continue;
1900 
1901                 if (ipversion == IPV4_VERSION) {
1902                         if (IPCL_RAW_MATCH(connp, protocol, ipha->ipha_dst))
1903                                 break;
1904                 } else {
1905                         if (IPCL_RAW_MATCH_V6(connp, protocol, ip6h->ip6_dst)) {
1906                                 break;
1907                         }
1908                 }
1909         }
1910 
1911         if (connp != NULL)
1912                 goto found;
1913 
1914         mutex_exit(&connfp->connf_lock);
1915         return (NULL);
1916 
1917 found:
1918         ASSERT(connp != NULL);
1919         CONN_INC_REF(connp);
1920         mutex_exit(&connfp->connf_lock);
1921         return (connp);
1922 }
1923 
1924 /* ARGSUSED */
1925 static int
1926 tcp_conn_constructor(void *buf, void *cdrarg, int kmflags)
1927 {
1928         itc_t   *itc = (itc_t *)buf;
1929         conn_t  *connp = &itc->itc_conn;
1930         tcp_t   *tcp = (tcp_t *)&itc[1];
1931 
1932         bzero(connp, sizeof (conn_t));
1933         bzero(tcp, sizeof (tcp_t));
1934 
1935         mutex_init(&connp->conn_lock, NULL, MUTEX_DEFAULT, NULL);
1936         cv_init(&connp->conn_cv, NULL, CV_DEFAULT, NULL);
1937         cv_init(&connp->conn_sq_cv, NULL, CV_DEFAULT, NULL);
1938         tcp->tcp_timercache = tcp_timermp_alloc(kmflags);
1939         if (tcp->tcp_timercache == NULL)
1940                 return (ENOMEM);
1941         connp->conn_tcp = tcp;
1942         connp->conn_flags = IPCL_TCPCONN;
1943         connp->conn_proto = IPPROTO_TCP;
1944         tcp->tcp_connp = connp;
1945         rw_init(&connp->conn_ilg_lock, NULL, RW_DEFAULT, NULL);
1946 
1947         connp->conn_ixa = kmem_zalloc(sizeof (ip_xmit_attr_t), kmflags);
1948         if (connp->conn_ixa == NULL) {
1949                 tcp_timermp_free(tcp);
1950                 return (ENOMEM);
1951         }
1952         connp->conn_ixa->ixa_refcnt = 1;
1953         connp->conn_ixa->ixa_protocol = connp->conn_proto;
1954         connp->conn_ixa->ixa_xmit_hint = CONN_TO_XMIT_HINT(connp);
1955         return (0);
1956 }
1957 
1958 /* ARGSUSED */
1959 static void
1960 tcp_conn_destructor(void *buf, void *cdrarg)
1961 {
1962         itc_t   *itc = (itc_t *)buf;
1963         conn_t  *connp = &itc->itc_conn;
1964         tcp_t   *tcp = (tcp_t *)&itc[1];
1965 
1966         ASSERT(connp->conn_flags & IPCL_TCPCONN);
1967         ASSERT(tcp->tcp_connp == connp);
1968         ASSERT(connp->conn_tcp == tcp);
1969         tcp_timermp_free(tcp);
1970         mutex_destroy(&connp->conn_lock);
1971         cv_destroy(&connp->conn_cv);
1972         cv_destroy(&connp->conn_sq_cv);
1973         rw_destroy(&connp->conn_ilg_lock);
1974 
1975         /* Can be NULL if constructor failed */
1976         if (connp->conn_ixa != NULL) {
1977                 ASSERT(connp->conn_ixa->ixa_refcnt == 1);
1978                 ASSERT(connp->conn_ixa->ixa_ire == NULL);
1979                 ASSERT(connp->conn_ixa->ixa_nce == NULL);
1980                 ixa_refrele(connp->conn_ixa);
1981         }
1982 }
1983 
1984 /* ARGSUSED */
1985 static int
1986 ip_conn_constructor(void *buf, void *cdrarg, int kmflags)
1987 {
1988         itc_t   *itc = (itc_t *)buf;
1989         conn_t  *connp = &itc->itc_conn;
1990 
1991         bzero(connp, sizeof (conn_t));
1992         mutex_init(&connp->conn_lock, NULL, MUTEX_DEFAULT, NULL);
1993         cv_init(&connp->conn_cv, NULL, CV_DEFAULT, NULL);
1994         connp->conn_flags = IPCL_IPCCONN;
1995         rw_init(&connp->conn_ilg_lock, NULL, RW_DEFAULT, NULL);
1996 
1997         connp->conn_ixa = kmem_zalloc(sizeof (ip_xmit_attr_t), kmflags);
1998         if (connp->conn_ixa == NULL)
1999                 return (ENOMEM);
2000         connp->conn_ixa->ixa_refcnt = 1;
2001         connp->conn_ixa->ixa_xmit_hint = CONN_TO_XMIT_HINT(connp);
2002         return (0);
2003 }
2004 
2005 /* ARGSUSED */
2006 static void
2007 ip_conn_destructor(void *buf, void *cdrarg)
2008 {
2009         itc_t   *itc = (itc_t *)buf;
2010         conn_t  *connp = &itc->itc_conn;
2011 
2012         ASSERT(connp->conn_flags & IPCL_IPCCONN);
2013         ASSERT(connp->conn_priv == NULL);
2014         mutex_destroy(&connp->conn_lock);
2015         cv_destroy(&connp->conn_cv);
2016         rw_destroy(&connp->conn_ilg_lock);
2017 
2018         /* Can be NULL if constructor failed */
2019         if (connp->conn_ixa != NULL) {
2020                 ASSERT(connp->conn_ixa->ixa_refcnt == 1);
2021                 ASSERT(connp->conn_ixa->ixa_ire == NULL);
2022                 ASSERT(connp->conn_ixa->ixa_nce == NULL);
2023                 ixa_refrele(connp->conn_ixa);
2024         }
2025 }
2026 
2027 /* ARGSUSED */
2028 static int
2029 udp_conn_constructor(void *buf, void *cdrarg, int kmflags)
2030 {
2031         itc_t   *itc = (itc_t *)buf;
2032         conn_t  *connp = &itc->itc_conn;
2033         udp_t   *udp = (udp_t *)&itc[1];
2034 
2035         bzero(connp, sizeof (conn_t));
2036         bzero(udp, sizeof (udp_t));
2037 
2038         mutex_init(&connp->conn_lock, NULL, MUTEX_DEFAULT, NULL);
2039         cv_init(&connp->conn_cv, NULL, CV_DEFAULT, NULL);
2040         connp->conn_udp = udp;
2041         connp->conn_flags = IPCL_UDPCONN;
2042         connp->conn_proto = IPPROTO_UDP;
2043         udp->udp_connp = connp;
2044         rw_init(&connp->conn_ilg_lock, NULL, RW_DEFAULT, NULL);
2045         connp->conn_ixa = kmem_zalloc(sizeof (ip_xmit_attr_t), kmflags);
2046         if (connp->conn_ixa == NULL)
2047                 return (ENOMEM);
2048         connp->conn_ixa->ixa_refcnt = 1;
2049         connp->conn_ixa->ixa_protocol = connp->conn_proto;
2050         connp->conn_ixa->ixa_xmit_hint = CONN_TO_XMIT_HINT(connp);
2051         return (0);
2052 }
2053 
2054 /* ARGSUSED */
2055 static void
2056 udp_conn_destructor(void *buf, void *cdrarg)
2057 {
2058         itc_t   *itc = (itc_t *)buf;
2059         conn_t  *connp = &itc->itc_conn;
2060         udp_t   *udp = (udp_t *)&itc[1];
2061 
2062         ASSERT(connp->conn_flags & IPCL_UDPCONN);
2063         ASSERT(udp->udp_connp == connp);
2064         ASSERT(connp->conn_udp == udp);
2065         mutex_destroy(&connp->conn_lock);
2066         cv_destroy(&connp->conn_cv);
2067         rw_destroy(&connp->conn_ilg_lock);
2068 
2069         /* Can be NULL if constructor failed */
2070         if (connp->conn_ixa != NULL) {
2071                 ASSERT(connp->conn_ixa->ixa_refcnt == 1);
2072                 ASSERT(connp->conn_ixa->ixa_ire == NULL);
2073                 ASSERT(connp->conn_ixa->ixa_nce == NULL);
2074                 ixa_refrele(connp->conn_ixa);
2075         }
2076 }
2077 
2078 /* ARGSUSED */
2079 static int
2080 rawip_conn_constructor(void *buf, void *cdrarg, int kmflags)
2081 {
2082         itc_t   *itc = (itc_t *)buf;
2083         conn_t  *connp = &itc->itc_conn;
2084         icmp_t  *icmp = (icmp_t *)&itc[1];
2085 
2086         bzero(connp, sizeof (conn_t));
2087         bzero(icmp, sizeof (icmp_t));
2088 
2089         mutex_init(&connp->conn_lock, NULL, MUTEX_DEFAULT, NULL);
2090         cv_init(&connp->conn_cv, NULL, CV_DEFAULT, NULL);
2091         connp->conn_icmp = icmp;
2092         connp->conn_flags = IPCL_RAWIPCONN;
2093         connp->conn_proto = IPPROTO_ICMP;
2094         icmp->icmp_connp = connp;
2095         rw_init(&connp->conn_ilg_lock, NULL, RW_DEFAULT, NULL);
2096         connp->conn_ixa = kmem_zalloc(sizeof (ip_xmit_attr_t), kmflags);
2097         if (connp->conn_ixa == NULL)
2098                 return (ENOMEM);
2099         connp->conn_ixa->ixa_refcnt = 1;
2100         connp->conn_ixa->ixa_protocol = connp->conn_proto;
2101         connp->conn_ixa->ixa_xmit_hint = CONN_TO_XMIT_HINT(connp);
2102         return (0);
2103 }
2104 
2105 /* ARGSUSED */
2106 static void
2107 rawip_conn_destructor(void *buf, void *cdrarg)
2108 {
2109         itc_t   *itc = (itc_t *)buf;
2110         conn_t  *connp = &itc->itc_conn;
2111         icmp_t  *icmp = (icmp_t *)&itc[1];
2112 
2113         ASSERT(connp->conn_flags & IPCL_RAWIPCONN);
2114         ASSERT(icmp->icmp_connp == connp);
2115         ASSERT(connp->conn_icmp == icmp);
2116         mutex_destroy(&connp->conn_lock);
2117         cv_destroy(&connp->conn_cv);
2118         rw_destroy(&connp->conn_ilg_lock);
2119 
2120         /* Can be NULL if constructor failed */
2121         if (connp->conn_ixa != NULL) {
2122                 ASSERT(connp->conn_ixa->ixa_refcnt == 1);
2123                 ASSERT(connp->conn_ixa->ixa_ire == NULL);
2124                 ASSERT(connp->conn_ixa->ixa_nce == NULL);
2125                 ixa_refrele(connp->conn_ixa);
2126         }
2127 }
2128 
2129 /* ARGSUSED */
2130 static int
2131 rts_conn_constructor(void *buf, void *cdrarg, int kmflags)
2132 {
2133         itc_t   *itc = (itc_t *)buf;
2134         conn_t  *connp = &itc->itc_conn;
2135         rts_t   *rts = (rts_t *)&itc[1];
2136 
2137         bzero(connp, sizeof (conn_t));
2138         bzero(rts, sizeof (rts_t));
2139 
2140         mutex_init(&connp->conn_lock, NULL, MUTEX_DEFAULT, NULL);
2141         cv_init(&connp->conn_cv, NULL, CV_DEFAULT, NULL);
2142         connp->conn_rts = rts;
2143         connp->conn_flags = IPCL_RTSCONN;
2144         rts->rts_connp = connp;
2145         rw_init(&connp->conn_ilg_lock, NULL, RW_DEFAULT, NULL);
2146         connp->conn_ixa = kmem_zalloc(sizeof (ip_xmit_attr_t), kmflags);
2147         if (connp->conn_ixa == NULL)
2148                 return (ENOMEM);
2149         connp->conn_ixa->ixa_refcnt = 1;
2150         connp->conn_ixa->ixa_xmit_hint = CONN_TO_XMIT_HINT(connp);
2151         return (0);
2152 }
2153 
2154 /* ARGSUSED */
2155 static void
2156 rts_conn_destructor(void *buf, void *cdrarg)
2157 {
2158         itc_t   *itc = (itc_t *)buf;
2159         conn_t  *connp = &itc->itc_conn;
2160         rts_t   *rts = (rts_t *)&itc[1];
2161 
2162         ASSERT(connp->conn_flags & IPCL_RTSCONN);
2163         ASSERT(rts->rts_connp == connp);
2164         ASSERT(connp->conn_rts == rts);
2165         mutex_destroy(&connp->conn_lock);
2166         cv_destroy(&connp->conn_cv);
2167         rw_destroy(&connp->conn_ilg_lock);
2168 
2169         /* Can be NULL if constructor failed */
2170         if (connp->conn_ixa != NULL) {
2171                 ASSERT(connp->conn_ixa->ixa_refcnt == 1);
2172                 ASSERT(connp->conn_ixa->ixa_ire == NULL);
2173                 ASSERT(connp->conn_ixa->ixa_nce == NULL);
2174                 ixa_refrele(connp->conn_ixa);
2175         }
2176 }
2177 
2178 /*
2179  * Called as part of ipcl_conn_destroy to assert and clear any pointers
2180  * in the conn_t.
2181  *
2182  * Below we list all the pointers in the conn_t as a documentation aid.
2183  * The ones that we can not ASSERT to be NULL are #ifdef'ed out.
2184  * If you add any pointers to the conn_t please add an ASSERT here
2185  * and #ifdef it out if it can't be actually asserted to be NULL.
2186  * In any case, we bzero most of the conn_t at the end of the function.
2187  */
2188 void
2189 ipcl_conn_cleanup(conn_t *connp)
2190 {
2191         ip_xmit_attr_t  *ixa;
2192 
2193         ASSERT(connp->conn_latch == NULL);
2194         ASSERT(connp->conn_latch_in_policy == NULL);
2195         ASSERT(connp->conn_latch_in_action == NULL);
2196 #ifdef notdef
2197         ASSERT(connp->conn_rq == NULL);
2198         ASSERT(connp->conn_wq == NULL);
2199 #endif
2200         ASSERT(connp->conn_cred == NULL);
2201         ASSERT(connp->conn_g_fanout == NULL);
2202         ASSERT(connp->conn_g_next == NULL);
2203         ASSERT(connp->conn_g_prev == NULL);
2204         ASSERT(connp->conn_policy == NULL);
2205         ASSERT(connp->conn_fanout == NULL);
2206         ASSERT(connp->conn_next == NULL);
2207         ASSERT(connp->conn_prev == NULL);
2208         ASSERT(connp->conn_oper_pending_ill == NULL);
2209         ASSERT(connp->conn_ilg == NULL);
2210         ASSERT(connp->conn_drain_next == NULL);
2211         ASSERT(connp->conn_drain_prev == NULL);
2212 #ifdef notdef
2213         /* conn_idl is not cleared when removed from idl list */
2214         ASSERT(connp->conn_idl == NULL);
2215 #endif
2216         ASSERT(connp->conn_ipsec_opt_mp == NULL);
2217 #ifdef notdef
2218         /* conn_netstack is cleared by the caller; needed by ixa_cleanup */
2219         ASSERT(connp->conn_netstack == NULL);
2220 #endif
2221 
2222         ASSERT(connp->conn_helper_info == NULL);
2223         ASSERT(connp->conn_ixa != NULL);
2224         ixa = connp->conn_ixa;
2225         ASSERT(ixa->ixa_refcnt == 1);
2226         /* Need to preserve ixa_protocol */
2227         ixa_cleanup(ixa);
2228         ixa->ixa_flags = 0;
2229 
2230         /* Clear out the conn_t fields that are not preserved */
2231         bzero(&connp->conn_start_clr,
2232             sizeof (conn_t) -
2233             ((uchar_t *)&connp->conn_start_clr - (uchar_t *)connp));
2234 }
2235 
2236 /*
2237  * All conns are inserted in a global multi-list for the benefit of
2238  * walkers. The walk is guaranteed to walk all open conns at the time
2239  * of the start of the walk exactly once. This property is needed to
2240  * achieve some cleanups during unplumb of interfaces. This is achieved
2241  * as follows.
2242  *
2243  * ipcl_conn_create and ipcl_conn_destroy are the only functions that
2244  * call the insert and delete functions below at creation and deletion
2245  * time respectively. The conn never moves or changes its position in this
2246  * multi-list during its lifetime. CONN_CONDEMNED ensures that the refcnt
2247  * won't increase due to walkers, once the conn deletion has started. Note
2248  * that we can't remove the conn from the global list and then wait for
2249  * the refcnt to drop to zero, since walkers would then see a truncated
2250  * list. CONN_INCIPIENT ensures that walkers don't start looking at
2251  * conns until ip_open is ready to make them globally visible.
2252  * The global round robin multi-list locks are held only to get the
2253  * next member/insertion/deletion and contention should be negligible
2254  * if the multi-list is much greater than the number of cpus.
2255  */
2256 void
2257 ipcl_globalhash_insert(conn_t *connp)
2258 {
2259         int     index;
2260         struct connf_s  *connfp;
2261         ip_stack_t      *ipst = connp->conn_netstack->netstack_ip;
2262 
2263         /*
2264          * No need for atomic here. Approximate even distribution
2265          * in the global lists is sufficient.
2266          */
2267         ipst->ips_conn_g_index++;
2268         index = ipst->ips_conn_g_index & (CONN_G_HASH_SIZE - 1);
2269 
2270         connp->conn_g_prev = NULL;
2271         /*
2272          * Mark as INCIPIENT, so that walkers will ignore this
2273          * for now, till ip_open is ready to make it visible globally.
2274          */
2275         connp->conn_state_flags |= CONN_INCIPIENT;
2276 
2277         connfp = &ipst->ips_ipcl_globalhash_fanout[index];
2278         /* Insert at the head of the list */
2279         mutex_enter(&connfp->connf_lock);
2280         connp->conn_g_next = connfp->connf_head;
2281         if (connp->conn_g_next != NULL)
2282                 connp->conn_g_next->conn_g_prev = connp;
2283         connfp->connf_head = connp;
2284 
2285         /* The fanout bucket this conn points to */
2286         connp->conn_g_fanout = connfp;
2287 
2288         mutex_exit(&connfp->connf_lock);
2289 }
2290 
2291 void
2292 ipcl_globalhash_remove(conn_t *connp)
2293 {
2294         struct connf_s  *connfp;
2295 
2296         /*
2297          * We were never inserted in the global multi list.
2298          * IPCL_NONE variety is never inserted in the global multilist
2299          * since it is presumed to not need any cleanup and is transient.
2300          */
2301         if (connp->conn_g_fanout == NULL)
2302                 return;
2303 
2304         connfp = connp->conn_g_fanout;
2305         mutex_enter(&connfp->connf_lock);
2306         if (connp->conn_g_prev != NULL)
2307                 connp->conn_g_prev->conn_g_next = connp->conn_g_next;
2308         else
2309                 connfp->connf_head = connp->conn_g_next;
2310         if (connp->conn_g_next != NULL)
2311                 connp->conn_g_next->conn_g_prev = connp->conn_g_prev;
2312         mutex_exit(&connfp->connf_lock);
2313 
2314         /* Better to stumble on a null pointer than to corrupt memory */
2315         connp->conn_g_next = NULL;
2316         connp->conn_g_prev = NULL;
2317         connp->conn_g_fanout = NULL;
2318 }
2319 
2320 /*
2321  * Walk the list of all conn_t's in the system, calling the function provided
2322  * With the specified argument for each.
2323  * Applies to both IPv4 and IPv6.
2324  *
2325  * CONNs may hold pointers to ills (conn_dhcpinit_ill and
2326  * conn_oper_pending_ill). To guard against stale pointers
2327  * ipcl_walk() is called to cleanup the conn_t's, typically when an interface is
2328  * unplumbed or removed. New conn_t's that are created while we are walking
2329  * may be missed by this walk, because they are not necessarily inserted
2330  * at the tail of the list. They are new conn_t's and thus don't have any
2331  * stale pointers. The CONN_CLOSING flag ensures that no new reference
2332  * is created to the struct that is going away.
2333  */
2334 void
2335 ipcl_walk(pfv_t func, void *arg, ip_stack_t *ipst)
2336 {
2337         int     i;
2338         conn_t  *connp;
2339         conn_t  *prev_connp;
2340 
2341         for (i = 0; i < CONN_G_HASH_SIZE; i++) {
2342                 mutex_enter(&ipst->ips_ipcl_globalhash_fanout[i].connf_lock);
2343                 prev_connp = NULL;
2344                 connp = ipst->ips_ipcl_globalhash_fanout[i].connf_head;
2345                 while (connp != NULL) {
2346                         mutex_enter(&connp->conn_lock);
2347                         if (connp->conn_state_flags &
2348                             (CONN_CONDEMNED | CONN_INCIPIENT)) {
2349                                 mutex_exit(&connp->conn_lock);
2350                                 connp = connp->conn_g_next;
2351                                 continue;
2352                         }
2353                         CONN_INC_REF_LOCKED(connp);
2354                         mutex_exit(&connp->conn_lock);
2355                         mutex_exit(
2356                             &ipst->ips_ipcl_globalhash_fanout[i].connf_lock);
2357                         (*func)(connp, arg);
2358                         if (prev_connp != NULL)
2359                                 CONN_DEC_REF(prev_connp);
2360                         mutex_enter(
2361                             &ipst->ips_ipcl_globalhash_fanout[i].connf_lock);
2362                         prev_connp = connp;
2363                         connp = connp->conn_g_next;
2364                 }
2365                 mutex_exit(&ipst->ips_ipcl_globalhash_fanout[i].connf_lock);
2366                 if (prev_connp != NULL)
2367                         CONN_DEC_REF(prev_connp);
2368         }
2369 }
2370 
2371 /*
2372  * Search for a peer TCP/IPv4 loopback conn by doing a reverse lookup on
2373  * the {src, dst, lport, fport} quadruplet.  Returns with conn reference
2374  * held; caller must call CONN_DEC_REF.  Only checks for connected entries
2375  * (peer tcp in ESTABLISHED state).
2376  */
2377 conn_t *
2378 ipcl_conn_tcp_lookup_reversed_ipv4(conn_t *connp, ipha_t *ipha, tcpha_t *tcpha,
2379     ip_stack_t *ipst)
2380 {
2381         uint32_t ports;
2382         uint16_t *pports = (uint16_t *)&ports;
2383         connf_t *connfp;
2384         conn_t  *tconnp;
2385         boolean_t zone_chk;
2386 
2387         /*
2388          * If either the source of destination address is loopback, then
2389          * both endpoints must be in the same Zone.  Otherwise, both of
2390          * the addresses are system-wide unique (tcp is in ESTABLISHED
2391          * state) and the endpoints may reside in different Zones.
2392          */
2393         zone_chk = (ipha->ipha_src == htonl(INADDR_LOOPBACK) ||
2394             ipha->ipha_dst == htonl(INADDR_LOOPBACK));
2395 
2396         pports[0] = tcpha->tha_fport;
2397         pports[1] = tcpha->tha_lport;
2398 
2399         connfp = &ipst->ips_ipcl_conn_fanout[IPCL_CONN_HASH(ipha->ipha_dst,
2400             ports, ipst)];
2401 
2402         mutex_enter(&connfp->connf_lock);
2403         for (tconnp = connfp->connf_head; tconnp != NULL;
2404             tconnp = tconnp->conn_next) {
2405 
2406                 if (IPCL_CONN_MATCH(tconnp, IPPROTO_TCP,
2407                     ipha->ipha_dst, ipha->ipha_src, ports) &&
2408                     tconnp->conn_tcp->tcp_state == TCPS_ESTABLISHED &&
2409                     (!zone_chk || tconnp->conn_zoneid == connp->conn_zoneid)) {
2410 
2411                         ASSERT(tconnp != connp);
2412                         CONN_INC_REF(tconnp);
2413                         mutex_exit(&connfp->connf_lock);
2414                         return (tconnp);
2415                 }
2416         }
2417         mutex_exit(&connfp->connf_lock);
2418         return (NULL);
2419 }
2420 
2421 /*
2422  * Search for a peer TCP/IPv6 loopback conn by doing a reverse lookup on
2423  * the {src, dst, lport, fport} quadruplet.  Returns with conn reference
2424  * held; caller must call CONN_DEC_REF.  Only checks for connected entries
2425  * (peer tcp in ESTABLISHED state).
2426  */
2427 conn_t *
2428 ipcl_conn_tcp_lookup_reversed_ipv6(conn_t *connp, ip6_t *ip6h, tcpha_t *tcpha,
2429     ip_stack_t *ipst)
2430 {
2431         uint32_t ports;
2432         uint16_t *pports = (uint16_t *)&ports;
2433         connf_t *connfp;
2434         conn_t  *tconnp;
2435         boolean_t zone_chk;
2436 
2437         /*
2438          * If either the source of destination address is loopback, then
2439          * both endpoints must be in the same Zone.  Otherwise, both of
2440          * the addresses are system-wide unique (tcp is in ESTABLISHED
2441          * state) and the endpoints may reside in different Zones.  We
2442          * don't do Zone check for link local address(es) because the
2443          * current Zone implementation treats each link local address as
2444          * being unique per system node, i.e. they belong to global Zone.
2445          */
2446         zone_chk = (IN6_IS_ADDR_LOOPBACK(&ip6h->ip6_src) ||
2447             IN6_IS_ADDR_LOOPBACK(&ip6h->ip6_dst));
2448 
2449         pports[0] = tcpha->tha_fport;
2450         pports[1] = tcpha->tha_lport;
2451 
2452         connfp = &ipst->ips_ipcl_conn_fanout[IPCL_CONN_HASH_V6(ip6h->ip6_dst,
2453             ports, ipst)];
2454 
2455         mutex_enter(&connfp->connf_lock);
2456         for (tconnp = connfp->connf_head; tconnp != NULL;
2457             tconnp = tconnp->conn_next) {
2458 
2459                 /* We skip conn_bound_if check here as this is loopback tcp */
2460                 if (IPCL_CONN_MATCH_V6(tconnp, IPPROTO_TCP,
2461                     ip6h->ip6_dst, ip6h->ip6_src, ports) &&
2462                     tconnp->conn_tcp->tcp_state == TCPS_ESTABLISHED &&
2463                     (!zone_chk || tconnp->conn_zoneid == connp->conn_zoneid)) {
2464 
2465                         ASSERT(tconnp != connp);
2466                         CONN_INC_REF(tconnp);
2467                         mutex_exit(&connfp->connf_lock);
2468                         return (tconnp);
2469                 }
2470         }
2471         mutex_exit(&connfp->connf_lock);
2472         return (NULL);
2473 }
2474 
2475 /*
2476  * Find an exact {src, dst, lport, fport} match for a bounced datagram.
2477  * Returns with conn reference held. Caller must call CONN_DEC_REF.
2478  * Only checks for connected entries i.e. no INADDR_ANY checks.
2479  */
2480 conn_t *
2481 ipcl_tcp_lookup_reversed_ipv4(ipha_t *ipha, tcpha_t *tcpha, int min_state,
2482     ip_stack_t *ipst)
2483 {
2484         uint32_t ports;
2485         uint16_t *pports;
2486         connf_t *connfp;
2487         conn_t  *tconnp;
2488 
2489         pports = (uint16_t *)&ports;
2490         pports[0] = tcpha->tha_fport;
2491         pports[1] = tcpha->tha_lport;
2492 
2493         connfp = &ipst->ips_ipcl_conn_fanout[IPCL_CONN_HASH(ipha->ipha_dst,
2494             ports, ipst)];
2495 
2496         mutex_enter(&connfp->connf_lock);
2497         for (tconnp = connfp->connf_head; tconnp != NULL;
2498             tconnp = tconnp->conn_next) {
2499 
2500                 if (IPCL_CONN_MATCH(tconnp, IPPROTO_TCP,
2501                     ipha->ipha_dst, ipha->ipha_src, ports) &&
2502                     tconnp->conn_tcp->tcp_state >= min_state) {
2503 
2504                         CONN_INC_REF(tconnp);
2505                         mutex_exit(&connfp->connf_lock);
2506                         return (tconnp);
2507                 }
2508         }
2509         mutex_exit(&connfp->connf_lock);
2510         return (NULL);
2511 }
2512 
2513 /*
2514  * Find an exact {src, dst, lport, fport} match for a bounced datagram.
2515  * Returns with conn reference held. Caller must call CONN_DEC_REF.
2516  * Only checks for connected entries i.e. no INADDR_ANY checks.
2517  * Match on ifindex in addition to addresses.
2518  */
2519 conn_t *
2520 ipcl_tcp_lookup_reversed_ipv6(ip6_t *ip6h, tcpha_t *tcpha, int min_state,
2521     uint_t ifindex, ip_stack_t *ipst)
2522 {
2523         tcp_t   *tcp;
2524         uint32_t ports;
2525         uint16_t *pports;
2526         connf_t *connfp;
2527         conn_t  *tconnp;
2528 
2529         pports = (uint16_t *)&ports;
2530         pports[0] = tcpha->tha_fport;
2531         pports[1] = tcpha->tha_lport;
2532 
2533         connfp = &ipst->ips_ipcl_conn_fanout[IPCL_CONN_HASH_V6(ip6h->ip6_dst,
2534             ports, ipst)];
2535 
2536         mutex_enter(&connfp->connf_lock);
2537         for (tconnp = connfp->connf_head; tconnp != NULL;
2538             tconnp = tconnp->conn_next) {
2539 
2540                 tcp = tconnp->conn_tcp;
2541                 if (IPCL_CONN_MATCH_V6(tconnp, IPPROTO_TCP,
2542                     ip6h->ip6_dst, ip6h->ip6_src, ports) &&
2543                     tcp->tcp_state >= min_state &&
2544                     (tconnp->conn_bound_if == 0 ||
2545                     tconnp->conn_bound_if == ifindex)) {
2546 
2547                         CONN_INC_REF(tconnp);
2548                         mutex_exit(&connfp->connf_lock);
2549                         return (tconnp);
2550                 }
2551         }
2552         mutex_exit(&connfp->connf_lock);
2553         return (NULL);
2554 }
2555 
2556 /*
2557  * Finds a TCP/IPv4 listening connection; called by tcp_disconnect to locate
2558  * a listener when changing state.
2559  */
2560 conn_t *
2561 ipcl_lookup_listener_v4(uint16_t lport, ipaddr_t laddr, zoneid_t zoneid,
2562     ip_stack_t *ipst)
2563 {
2564         connf_t         *bind_connfp;
2565         conn_t          *connp;
2566         tcp_t           *tcp;
2567 
2568         /*
2569          * Avoid false matches for packets sent to an IP destination of
2570          * all zeros.
2571          */
2572         if (laddr == 0)
2573                 return (NULL);
2574 
2575         ASSERT(zoneid != ALL_ZONES);
2576 
2577         bind_connfp = &ipst->ips_ipcl_bind_fanout[IPCL_BIND_HASH(lport, ipst)];
2578         mutex_enter(&bind_connfp->connf_lock);
2579         for (connp = bind_connfp->connf_head; connp != NULL;
2580             connp = connp->conn_next) {
2581                 tcp = connp->conn_tcp;
2582                 if (IPCL_BIND_MATCH(connp, IPPROTO_TCP, laddr, lport) &&
2583                     IPCL_ZONE_MATCH(connp, zoneid) &&
2584                     (tcp->tcp_listener == NULL)) {
2585                         CONN_INC_REF(connp);
2586                         mutex_exit(&bind_connfp->connf_lock);
2587                         return (connp);
2588                 }
2589         }
2590         mutex_exit(&bind_connfp->connf_lock);
2591         return (NULL);
2592 }
2593 
2594 /*
2595  * Finds a TCP/IPv6 listening connection; called by tcp_disconnect to locate
2596  * a listener when changing state.
2597  */
2598 conn_t *
2599 ipcl_lookup_listener_v6(uint16_t lport, in6_addr_t *laddr, uint_t ifindex,
2600     zoneid_t zoneid, ip_stack_t *ipst)
2601 {
2602         connf_t         *bind_connfp;
2603         conn_t          *connp = NULL;
2604         tcp_t           *tcp;
2605 
2606         /*
2607          * Avoid false matches for packets sent to an IP destination of
2608          * all zeros.
2609          */
2610         if (IN6_IS_ADDR_UNSPECIFIED(laddr))
2611                 return (NULL);
2612 
2613         ASSERT(zoneid != ALL_ZONES);
2614 
2615         bind_connfp = &ipst->ips_ipcl_bind_fanout[IPCL_BIND_HASH(lport, ipst)];
2616         mutex_enter(&bind_connfp->connf_lock);
2617         for (connp = bind_connfp->connf_head; connp != NULL;
2618             connp = connp->conn_next) {
2619                 tcp = connp->conn_tcp;
2620                 if (IPCL_BIND_MATCH_V6(connp, IPPROTO_TCP, *laddr, lport) &&
2621                     IPCL_ZONE_MATCH(connp, zoneid) &&
2622                     (connp->conn_bound_if == 0 ||
2623                     connp->conn_bound_if == ifindex) &&
2624                     tcp->tcp_listener == NULL) {
2625                         CONN_INC_REF(connp);
2626                         mutex_exit(&bind_connfp->connf_lock);
2627                         return (connp);
2628                 }
2629         }
2630         mutex_exit(&bind_connfp->connf_lock);
2631         return (NULL);
2632 }
2633 
2634 /*
2635  * ipcl_get_next_conn
2636  *      get the next entry in the conn global list
2637  *      and put a reference on the next_conn.
2638  *      decrement the reference on the current conn.
2639  *
2640  * This is an iterator based walker function that also provides for
2641  * some selection by the caller. It walks through the conn_hash bucket
2642  * searching for the next valid connp in the list, and selects connections
2643  * that are neither closed nor condemned. It also REFHOLDS the conn
2644  * thus ensuring that the conn exists when the caller uses the conn.
2645  */
2646 conn_t *
2647 ipcl_get_next_conn(connf_t *connfp, conn_t *connp, uint32_t conn_flags)
2648 {
2649         conn_t  *next_connp;
2650 
2651         if (connfp == NULL)
2652                 return (NULL);
2653 
2654         mutex_enter(&connfp->connf_lock);
2655 
2656         next_connp = (connp == NULL) ?
2657             connfp->connf_head : connp->conn_g_next;
2658 
2659         while (next_connp != NULL) {
2660                 mutex_enter(&next_connp->conn_lock);
2661                 if (!(next_connp->conn_flags & conn_flags) ||
2662                     (next_connp->conn_state_flags &
2663                     (CONN_CONDEMNED | CONN_INCIPIENT))) {
2664                         /*
2665                          * This conn has been condemned or
2666                          * is closing, or the flags don't match
2667                          */
2668                         mutex_exit(&next_connp->conn_lock);
2669                         next_connp = next_connp->conn_g_next;
2670                         continue;
2671                 }
2672                 CONN_INC_REF_LOCKED(next_connp);
2673                 mutex_exit(&next_connp->conn_lock);
2674                 break;
2675         }
2676 
2677         mutex_exit(&connfp->connf_lock);
2678 
2679         if (connp != NULL)
2680                 CONN_DEC_REF(connp);
2681 
2682         return (next_connp);
2683 }
2684 
2685 #ifdef CONN_DEBUG
2686 /*
2687  * Trace of the last NBUF refhold/refrele
2688  */
2689 int
2690 conn_trace_ref(conn_t *connp)
2691 {
2692         int     last;
2693         conn_trace_t    *ctb;
2694 
2695         ASSERT(MUTEX_HELD(&connp->conn_lock));
2696         last = connp->conn_trace_last;
2697         last++;
2698         if (last == CONN_TRACE_MAX)
2699                 last = 0;
2700 
2701         ctb = &connp->conn_trace_buf[last];
2702         ctb->ctb_depth = getpcstack(ctb->ctb_stack, CONN_STACK_DEPTH);
2703         connp->conn_trace_last = last;
2704         return (1);
2705 }
2706 
2707 int
2708 conn_untrace_ref(conn_t *connp)
2709 {
2710         int     last;
2711         conn_trace_t    *ctb;
2712 
2713         ASSERT(MUTEX_HELD(&connp->conn_lock));
2714         last = connp->conn_trace_last;
2715         last++;
2716         if (last == CONN_TRACE_MAX)
2717                 last = 0;
2718 
2719         ctb = &connp->conn_trace_buf[last];
2720         ctb->ctb_depth = getpcstack(ctb->ctb_stack, CONN_STACK_DEPTH);
2721         connp->conn_trace_last = last;
2722         return (1);
2723 }
2724 #endif
2725 
2726 mblk_t *
2727 conn_get_pid_mblk(conn_t *connp)
2728 {
2729         mblk_t *mblk;
2730         conn_pid_info_t *cpi;
2731 
2732         /*
2733          * If the connection is closing, it is not safe to make an upcall or
2734          * access the stream associated with the connection.
2735          */
2736         if (!(connp->conn_state_flags & CONN_CLOSING)) {
2737                 if (connp->conn_upper_handle != NULL) {
2738                         return (*connp->conn_upcalls->su_get_sock_pid_mblk)
2739                             (connp->conn_upper_handle);
2740                 } else if (!IPCL_IS_NONSTR(connp) && connp->conn_rq != NULL &&
2741                     connp->conn_rq->q_stream != NULL) {
2742                         return (sh_get_pid_mblk(connp->conn_rq->q_stream));
2743                 }
2744         }
2745 
2746         /* return an empty mblk */
2747         if ((mblk = allocb(sizeof (conn_pid_info_t), BPRI_HI)) == NULL)
2748                 return (NULL);
2749         mblk->b_wptr += sizeof (conn_pid_info_t);
2750         cpi = (conn_pid_info_t *)mblk->b_datap->db_base;
2751         cpi->cpi_contents = CONN_PID_INFO_NON;
2752         cpi->cpi_pids_cnt = 0;
2753         cpi->cpi_tot_size = sizeof (conn_pid_info_t);
2754         cpi->cpi_pids[0] = 0;
2755         return (mblk);
2756 }