1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 * Copyright 2017 OmniTI Computer Consulting, Inc. All rights reserved.
26 * Copyright 2018 Joyent, Inc.
27 * Copyright 2024 Oxide Computer Company
28 * Copyright 2025 Bill Sommerfeld <sommerfeld@hamachi.org>
29 */
30 /* Copyright (c) 1990 Mentat Inc. */
31
32 #include <sys/types.h>
33 #include <sys/stream.h>
34 #include <sys/strsubr.h>
35 #include <sys/dlpi.h>
36 #include <sys/strsun.h>
37 #include <sys/zone.h>
38 #include <sys/ddi.h>
39 #include <sys/sunddi.h>
40 #include <sys/cmn_err.h>
41 #include <sys/debug.h>
42 #include <sys/atomic.h>
43
44 #include <sys/systm.h>
45 #include <sys/param.h>
46 #include <sys/kmem.h>
47 #include <sys/sdt.h>
48 #include <sys/socket.h>
49 #include <sys/mac.h>
50 #include <net/if.h>
51 #include <net/if_arp.h>
52 #include <net/route.h>
53 #include <sys/sockio.h>
54 #include <netinet/in.h>
55 #include <net/if_dl.h>
56
57 #include <inet/common.h>
58 #include <inet/mi.h>
59 #include <inet/mib2.h>
60 #include <inet/nd.h>
61 #include <inet/arp.h>
62 #include <inet/snmpcom.h>
63 #include <inet/kstatcom.h>
64
65 #include <netinet/igmp_var.h>
66 #include <netinet/ip6.h>
67 #include <netinet/icmp6.h>
68 #include <netinet/sctp.h>
69
70 #include <inet/ip.h>
71 #include <inet/ip_impl.h>
72 #include <inet/ip6.h>
73 #include <inet/ip6_asp.h>
74 #include <inet/tcp.h>
75 #include <inet/ip_multi.h>
76 #include <inet/ip_if.h>
77 #include <inet/ip_ire.h>
78 #include <inet/ip_ftable.h>
79 #include <inet/ip_rts.h>
80 #include <inet/optcom.h>
81 #include <inet/ip_ndp.h>
82 #include <inet/ip_listutils.h>
83 #include <netinet/igmp.h>
84 #include <netinet/ip_mroute.h>
85 #include <inet/ipp_common.h>
86
87 #include <net/pfkeyv2.h>
88 #include <inet/sadb.h>
89 #include <inet/ipsec_impl.h>
90 #include <inet/ipdrop.h>
91 #include <inet/ip_netinfo.h>
92
93 #include <sys/pattr.h>
94 #include <inet/ipclassifier.h>
95 #include <inet/sctp_ip.h>
96 #include <inet/sctp/sctp_impl.h>
97 #include <inet/udp_impl.h>
98 #include <sys/sunddi.h>
99
100 #include <sys/tsol/label.h>
101 #include <sys/tsol/tnet.h>
102
103 #ifdef DEBUG
104 extern boolean_t skip_sctp_cksum;
105 #endif
106
107 int
ip_output_simple_v6(mblk_t * mp,ip_xmit_attr_t * ixa)108 ip_output_simple_v6(mblk_t *mp, ip_xmit_attr_t *ixa)
109 {
110 ip6_t *ip6h;
111 in6_addr_t firsthop; /* In IP header */
112 in6_addr_t dst; /* End of source route, or ip6_dst if none */
113 ire_t *ire;
114 in6_addr_t setsrc;
115 int error;
116 ill_t *ill = NULL;
117 dce_t *dce = NULL;
118 nce_t *nce;
119 iaflags_t ixaflags = ixa->ixa_flags;
120 ip_stack_t *ipst = ixa->ixa_ipst;
121 uint8_t *nexthdrp;
122 boolean_t repeat = B_FALSE;
123 boolean_t multirt = B_FALSE;
124 uint_t ifindex;
125 int64_t now;
126
127 ip6h = (ip6_t *)mp->b_rptr;
128 ASSERT(IPH_HDR_VERSION(ip6h) == IPV6_VERSION);
129
130 ASSERT(ixa->ixa_nce == NULL);
131
132 ixa->ixa_pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN;
133 ASSERT(ixa->ixa_pktlen == msgdsize(mp));
134 if (!ip_hdr_length_nexthdr_v6(mp, ip6h, &ixa->ixa_ip_hdr_length,
135 &nexthdrp)) {
136 /* Malformed packet */
137 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests);
138 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
139 ip_drop_output("ipIfStatsOutDiscards", mp, NULL);
140 freemsg(mp);
141 return (EINVAL);
142 }
143 ixa->ixa_protocol = *nexthdrp;
144
145 /*
146 * Assumes that source routed packets have already been massaged by
147 * the ULP (ip_massage_options_v6) and as a result ip6_dst is the next
148 * hop in the source route. The final destination is used for IPsec
149 * policy and DCE lookup.
150 */
151 firsthop = ip6h->ip6_dst;
152 dst = ip_get_dst_v6(ip6h, mp, NULL);
153
154 repeat_ire:
155 error = 0;
156 setsrc = ipv6_all_zeros;
157 ire = ip_select_route_v6(&firsthop, ip6h->ip6_src, ixa, NULL, &setsrc,
158 &error, &multirt);
159 ASSERT(ire != NULL); /* IRE_NOROUTE if none found */
160 if (error != 0) {
161 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests);
162 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
163 ip_drop_output("ipIfStatsOutDiscards", mp, NULL);
164 freemsg(mp);
165 goto done;
166 }
167
168 if (ire->ire_flags & (RTF_BLACKHOLE|RTF_REJECT)) {
169 /* ire_ill might be NULL hence need to skip some code */
170 if (ixaflags & IXAF_SET_SOURCE)
171 ip6h->ip6_src = ipv6_loopback;
172 ixa->ixa_fragsize = IP_MAXPACKET;
173 ire->ire_ob_pkt_count++;
174 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests);
175 /* No dce yet; use default one */
176 error = (ire->ire_sendfn)(ire, mp, ip6h, ixa,
177 &ipst->ips_dce_default->dce_ident);
178 goto done;
179 }
180
181 /* Note that ip6_dst is only used for IRE_MULTICAST */
182 nce = ire_to_nce(ire, INADDR_ANY, &ip6h->ip6_dst);
183 if (nce == NULL) {
184 /* Allocation failure? */
185 ip_drop_output("ire_to_nce", mp, ill);
186 freemsg(mp);
187 error = ENOBUFS;
188 goto done;
189 }
190 if (nce->nce_is_condemned) {
191 nce_t *nce1;
192
193 nce1 = ire_handle_condemned_nce(nce, ire, NULL, ip6h, B_TRUE);
194 nce_refrele(nce);
195 if (nce1 == NULL) {
196 if (!repeat) {
197 /* Try finding a better IRE */
198 repeat = B_TRUE;
199 ire_refrele(ire);
200 goto repeat_ire;
201 }
202 /* Tried twice - drop packet */
203 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
204 ip_drop_output("No nce", mp, ill);
205 freemsg(mp);
206 error = ENOBUFS;
207 goto done;
208 }
209 nce = nce1;
210 }
211 /*
212 * For multicast with multirt we have a flag passed back from
213 * ire_lookup_multi_ill_v6 since we don't have an IRE for each
214 * possible multicast address.
215 * We also need a flag for multicast since we can't check
216 * whether RTF_MULTIRT is set in ixa_ire for multicast.
217 */
218 if (multirt) {
219 ixa->ixa_postfragfn = ip_postfrag_multirt_v6;
220 ixa->ixa_flags |= IXAF_MULTIRT_MULTICAST;
221 } else {
222 ixa->ixa_postfragfn = ire->ire_postfragfn;
223 ixa->ixa_flags &= ~IXAF_MULTIRT_MULTICAST;
224 }
225 ASSERT(ixa->ixa_nce == NULL);
226 ixa->ixa_nce = nce;
227
228 /*
229 * Check for a dce_t with a path mtu.
230 */
231 ifindex = 0;
232 if (IN6_IS_ADDR_LINKSCOPE(&dst))
233 ifindex = nce->nce_common->ncec_ill->ill_phyint->phyint_ifindex;
234
235 dce = dce_lookup_v6(&dst, ifindex, ipst, NULL);
236 ASSERT(dce != NULL);
237
238 if (!(ixaflags & IXAF_PMTU_DISCOVERY)) {
239 ixa->ixa_fragsize = IPV6_MIN_MTU;
240 } else if (dce->dce_flags & DCEF_PMTU) {
241 /*
242 * To avoid a periodic timer to increase the path MTU we
243 * look at dce_last_change_time each time we send a packet.
244 */
245 now = ddi_get_lbolt64();
246 if (TICK_TO_SEC(now) - dce->dce_last_change_time >
247 ipst->ips_ip_pathmtu_interval) {
248 /*
249 * Older than 20 minutes. Drop the path MTU information.
250 */
251 mutex_enter(&dce->dce_lock);
252 dce->dce_flags &= ~DCEF_PMTU;
253 dce->dce_last_change_time = TICK_TO_SEC(now);
254 mutex_exit(&dce->dce_lock);
255 dce_increment_generation(dce);
256 ixa->ixa_fragsize = ip_get_base_mtu(nce->nce_ill, ire);
257 } else {
258 uint_t fragsize;
259
260 fragsize = ip_get_base_mtu(nce->nce_ill, ire);
261 if (fragsize > dce->dce_pmtu)
262 fragsize = dce->dce_pmtu;
263 ixa->ixa_fragsize = fragsize;
264 }
265 } else {
266 ixa->ixa_fragsize = ip_get_base_mtu(nce->nce_ill, ire);
267 }
268
269 /*
270 * We use use ire_nexthop_ill (and not ncec_ill) to avoid the under ipmp
271 * interface for source address selection.
272 */
273 ill = ire_nexthop_ill(ire);
274
275 if (ixaflags & IXAF_SET_SOURCE) {
276 in6_addr_t src;
277
278 /*
279 * We use the final destination to get
280 * correct selection for source routed packets
281 */
282
283 /* If unreachable we have no ill but need some source */
284 if (ill == NULL) {
285 src = ipv6_loopback;
286 error = 0;
287 } else {
288 error = ip_select_source_v6(ill, &setsrc, &dst,
289 ixa->ixa_zoneid, ipst, B_FALSE,
290 ixa->ixa_src_preferences, &src, NULL, NULL);
291 }
292 if (error != 0) {
293 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutRequests);
294 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
295 ip_drop_output("ipIfStatsOutDiscards - no source",
296 mp, ill);
297 freemsg(mp);
298 goto done;
299 }
300 ip6h->ip6_src = src;
301 } else if (ixaflags & IXAF_VERIFY_SOURCE) {
302 /* Check if the IP source is assigned to the host. */
303 if (!ip_verify_src(mp, ixa, NULL)) {
304 /* Don't send a packet with a source that isn't ours */
305 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests);
306 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
307 ip_drop_output("ipIfStatsOutDiscards - invalid source",
308 mp, ill);
309 freemsg(mp);
310 error = EADDRNOTAVAIL;
311 goto done;
312 }
313 }
314
315 /*
316 * Check against global IPsec policy to set the AH/ESP attributes.
317 * IPsec will set IXAF_IPSEC_* and ixa_ipsec_* as appropriate.
318 */
319 if (!(ixaflags & (IXAF_NO_IPSEC|IXAF_IPSEC_SECURE))) {
320 ASSERT(ixa->ixa_ipsec_policy == NULL);
321 mp = ip_output_attach_policy(mp, NULL, ip6h, NULL, ixa);
322 if (mp == NULL) {
323 /* MIB and ip_drop_packet already done */
324 return (EHOSTUNREACH); /* IPsec policy failure */
325 }
326 }
327
328 if (ill != NULL) {
329 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutRequests);
330 } else {
331 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests);
332 }
333
334 /*
335 * We update the statistics on the most specific IRE i.e., the first
336 * one we found.
337 * We don't have an IRE when we fragment, hence ire_ob_pkt_count
338 * can only count the use prior to fragmentation. However the MIB
339 * counters on the ill will be incremented in post fragmentation.
340 */
341 ire->ire_ob_pkt_count++;
342
343 /*
344 * Based on ire_type and ire_flags call one of:
345 * ire_send_local_v6 - for IRE_LOCAL and IRE_LOOPBACK
346 * ire_send_multirt_v6 - if RTF_MULTIRT
347 * ire_send_noroute_v6 - if RTF_REJECT or RTF_BLACHOLE
348 * ire_send_multicast_v6 - for IRE_MULTICAST
349 * ire_send_wire_v6 - for the rest.
350 */
351 error = (ire->ire_sendfn)(ire, mp, ip6h, ixa, &dce->dce_ident);
352 done:
353 ire_refrele(ire);
354 if (dce != NULL)
355 dce_refrele(dce);
356 if (ill != NULL)
357 ill_refrele(ill);
358 if (ixa->ixa_nce != NULL)
359 nce_refrele(ixa->ixa_nce);
360 ixa->ixa_nce = NULL;
361 return (error);
362 }
363
364 /*
365 * ire_sendfn() functions.
366 * These functions use the following xmit_attr:
367 * - ixa_fragsize - read to determine whether or not to fragment
368 * - IXAF_IPSEC_SECURE - to determine whether or not to invoke IPsec
369 * - ixa_ipsec_* are used inside IPsec
370 * - IXAF_LOOPBACK_COPY - for multicast
371 */
372
373
374 /*
375 * ire_sendfn for IRE_LOCAL and IRE_LOOPBACK
376 *
377 * The checks for restrict_interzone_loopback are done in ire_route_recursive.
378 */
379 /* ARGSUSED4 */
380 int
ire_send_local_v6(ire_t * ire,mblk_t * mp,void * iph_arg,ip_xmit_attr_t * ixa,uint32_t * identp)381 ire_send_local_v6(ire_t *ire, mblk_t *mp, void *iph_arg,
382 ip_xmit_attr_t *ixa, uint32_t *identp)
383 {
384 ip6_t *ip6h = (ip6_t *)iph_arg;
385 ip_stack_t *ipst = ixa->ixa_ipst;
386 ill_t *ill = ire->ire_ill;
387 ip_recv_attr_t iras; /* NOTE: No bzero for performance */
388 uint_t pktlen = ixa->ixa_pktlen;
389
390 /*
391 * No fragmentation, no nce, and no application of IPsec.
392 *
393 *
394 * Note different order between IP provider and FW_HOOKS than in
395 * send_wire case.
396 */
397
398 /*
399 * DTrace this as ip:::send. A packet blocked by FW_HOOKS will fire the
400 * send probe, but not the receive probe.
401 */
402 DTRACE_IP7(send, mblk_t *, mp, conn_t *, NULL, void_ip_t *,
403 ip6h, __dtrace_ipsr_ill_t *, ill, ipha_t *, NULL, ip6_t *, ip6h,
404 int, 1);
405
406 DTRACE_PROBE4(ip6__loopback__out__start,
407 ill_t *, NULL, ill_t *, ill,
408 ip6_t *, ip6h, mblk_t *, mp);
409
410 if (HOOKS6_INTERESTED_LOOPBACK_OUT(ipst)) {
411 int error;
412
413 FW_HOOKS(ipst->ips_ip6_loopback_out_event,
414 ipst->ips_ipv6firewall_loopback_out,
415 NULL, ill, ip6h, mp, mp, 0, ipst, error);
416
417 DTRACE_PROBE1(ip6__loopback__out__end, mblk_t *, mp);
418 if (mp == NULL)
419 return (error);
420
421 /*
422 * Even if the destination was changed by the filter we use the
423 * forwarding decision that was made based on the address
424 * in ip_output/ip_set_destination.
425 */
426 /* Length could be different */
427 ip6h = (ip6_t *)mp->b_rptr;
428 pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN;
429 }
430
431 /*
432 * If a callback is enabled then we need to know the
433 * source and destination zoneids for the packet. We already
434 * have those handy.
435 */
436 if (ipst->ips_ip6_observe.he_interested) {
437 zoneid_t szone, dzone;
438 zoneid_t stackzoneid;
439
440 stackzoneid = netstackid_to_zoneid(
441 ipst->ips_netstack->netstack_stackid);
442
443 if (stackzoneid == GLOBAL_ZONEID) {
444 /* Shared-IP zone */
445 dzone = ire->ire_zoneid;
446 szone = ixa->ixa_zoneid;
447 } else {
448 szone = dzone = stackzoneid;
449 }
450 ipobs_hook(mp, IPOBS_HOOK_LOCAL, szone, dzone, ill, ipst);
451 }
452
453 /* Handle lo0 stats */
454 ipst->ips_loopback_packets++;
455
456 /*
457 * Update output mib stats. Note that we can't move into the icmp
458 * sender (icmp_output etc) since they don't know the ill and the
459 * stats are per ill.
460 */
461 if (ixa->ixa_protocol == IPPROTO_ICMPV6) {
462 icmp6_t *icmp6;
463
464 icmp6 = (icmp6_t *)((uchar_t *)ip6h + ixa->ixa_ip_hdr_length);
465 icmp_update_out_mib_v6(ill, icmp6);
466 }
467
468 DTRACE_PROBE4(ip6__loopback__in__start,
469 ill_t *, ill, ill_t *, NULL,
470 ip6_t *, ip6h, mblk_t *, mp);
471
472 if (HOOKS6_INTERESTED_LOOPBACK_IN(ipst)) {
473 int error;
474
475 FW_HOOKS(ipst->ips_ip6_loopback_in_event,
476 ipst->ips_ipv6firewall_loopback_in,
477 ill, NULL, ip6h, mp, mp, 0, ipst, error);
478
479 DTRACE_PROBE1(ip6__loopback__in__end, mblk_t *, mp);
480 if (mp == NULL)
481 return (error);
482
483 /*
484 * Even if the destination was changed by the filter we use the
485 * forwarding decision that was made based on the address
486 * in ip_output/ip_set_destination.
487 */
488 /* Length could be different */
489 ip6h = (ip6_t *)mp->b_rptr;
490 pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN;
491 }
492
493 DTRACE_IP7(receive, mblk_t *, mp, conn_t *, NULL, void_ip_t *,
494 ip6h, __dtrace_ipsr_ill_t *, ill, ipha_t *, NULL, ip6_t *, ip6h,
495 int, 1);
496
497 /* Map ixa to ira including IPsec policies */
498 ipsec_out_to_in(ixa, ill, &iras);
499 iras.ira_pktlen = pktlen;
500 iras.ira_ttl = ip6h->ip6_hlim;
501
502 ire->ire_ib_pkt_count++;
503 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInReceives);
504 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCInOctets, pktlen);
505
506 /* Destined to ire_zoneid - use that for fanout */
507 iras.ira_zoneid = ire->ire_zoneid;
508
509 if (is_system_labeled()) {
510 iras.ira_flags |= IRAF_SYSTEM_LABELED;
511
512 /*
513 * This updates ira_cred, ira_tsl and ira_free_flags based
514 * on the label. We don't expect this to ever fail for
515 * loopback packets, so we silently drop the packet should it
516 * fail.
517 */
518 if (!tsol_get_pkt_label(mp, IPV6_VERSION, &iras)) {
519 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
520 ip_drop_input("tsol_get_pkt_label", mp, ill);
521 freemsg(mp);
522 return (0);
523 }
524 ASSERT(iras.ira_tsl != NULL);
525
526 /* tsol_get_pkt_label sometimes does pullupmsg */
527 ip6h = (ip6_t *)mp->b_rptr;
528 }
529
530 ip_fanout_v6(mp, ip6h, &iras);
531
532 /* We moved any IPsec refs from ixa to iras */
533 ira_cleanup(&iras, B_FALSE);
534 return (0);
535 }
536
537 static void
multirt_check_v6(ire_t * ire,ip6_t * ip6h,ip_xmit_attr_t * ixa)538 multirt_check_v6(ire_t *ire, ip6_t *ip6h, ip_xmit_attr_t *ixa)
539 {
540 ip_stack_t *ipst = ixa->ixa_ipst;
541
542 /* Limit the TTL on multirt packets. Do this even if IPV6_HOPLIMIT */
543 if (ire->ire_type & IRE_MULTICAST) {
544 if (ip6h->ip6_hops > 1) {
545 ip2dbg(("ire_send_multirt_v6: forcing multicast "
546 "multirt TTL to 1 (was %d)\n", ip6h->ip6_hops));
547 ip6h->ip6_hops = 1;
548 }
549 ixa->ixa_flags |= IXAF_NO_TTL_CHANGE;
550 } else if ((ipst->ips_ip_multirt_ttl > 0) &&
551 (ip6h->ip6_hops > ipst->ips_ip_multirt_ttl)) {
552 ip6h->ip6_hops = ipst->ips_ip_multirt_ttl;
553 /*
554 * Need to ensure we don't increase the ttl should we go through
555 * ire_send_multicast.
556 */
557 ixa->ixa_flags |= IXAF_NO_TTL_CHANGE;
558 }
559
560 /* For IPv6 this also needs to insert a fragment header */
561 ixa->ixa_flags |= IXAF_IPV6_ADD_FRAGHDR;
562 }
563
564 /*
565 * ire_sendfn for IRE_MULTICAST
566 *
567 * Note that we do path MTU discovery by default for IPv6 multicast. But
568 * since unconnected UDP and RAW sockets don't set IXAF_PMTU_DISCOVERY
569 * only connected sockets get this by default.
570 */
571 int
ire_send_multicast_v6(ire_t * ire,mblk_t * mp,void * iph_arg,ip_xmit_attr_t * ixa,uint32_t * identp)572 ire_send_multicast_v6(ire_t *ire, mblk_t *mp, void *iph_arg,
573 ip_xmit_attr_t *ixa, uint32_t *identp)
574 {
575 ip6_t *ip6h = (ip6_t *)iph_arg;
576 ip_stack_t *ipst = ixa->ixa_ipst;
577 ill_t *ill = ire->ire_ill;
578 iaflags_t ixaflags = ixa->ixa_flags;
579
580 /*
581 * The IRE_MULTICAST is the same whether or not multirt is in use.
582 * Hence we need special-case code.
583 */
584 if (ixaflags & IXAF_MULTIRT_MULTICAST)
585 multirt_check_v6(ire, ip6h, ixa);
586
587 /*
588 * Check if anything in ip_input_v6 wants a copy of the transmitted
589 * packet (after IPsec and fragmentation)
590 *
591 * 1. Multicast routers always need a copy unless SO_DONTROUTE is set
592 * RSVP and the rsvp daemon is an example of a
593 * protocol and user level process that
594 * handles it's own routing. Hence, it uses the
595 * SO_DONTROUTE option to accomplish this.
596 * 2. If the sender has set IP_MULTICAST_LOOP, then we just
597 * check whether there are any receivers for the group on the ill
598 * (ignoring the zoneid).
599 * 3. If IP_MULTICAST_LOOP is not set, then we check if there are
600 * any members in other shared-IP zones.
601 * If such members exist, then we indicate that the sending zone
602 * shouldn't get a loopback copy to preserve the IP_MULTICAST_LOOP
603 * behavior.
604 *
605 * When we loopback we skip hardware checksum to make sure loopback
606 * copy is checksumed.
607 *
608 * Note that ire_ill is the upper in the case of IPMP.
609 */
610 ixa->ixa_flags &= ~(IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM);
611 if (ipst->ips_ip_g_mrouter && ill->ill_mrouter_cnt > 0 &&
612 !(ixaflags & IXAF_DONTROUTE)) {
613 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM;
614 } else if (ixaflags & IXAF_MULTICAST_LOOP) {
615 /*
616 * If this zone or any other zone has members then loopback
617 * a copy.
618 */
619 if (ill_hasmembers_v6(ill, &ip6h->ip6_dst))
620 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM;
621 } else if (ipst->ips_netstack->netstack_numzones > 1) {
622 /*
623 * This zone should not have a copy. But there are some other
624 * zones which might have members.
625 */
626 if (ill_hasmembers_otherzones_v6(ill, &ip6h->ip6_dst,
627 ixa->ixa_zoneid)) {
628 ixa->ixa_flags |= IXAF_NO_LOOP_ZONEID_SET;
629 ixa->ixa_no_loop_zoneid = ixa->ixa_zoneid;
630 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM;
631 }
632 }
633
634 /*
635 * Unless IPV6_HOPLIMIT or ire_send_multirt_v6 already set a ttl,
636 * force the ttl to the IP_MULTICAST_TTL value
637 */
638 if (!(ixaflags & IXAF_NO_TTL_CHANGE)) {
639 ip6h->ip6_hops = ixa->ixa_multicast_ttl;
640 }
641
642 return (ire_send_wire_v6(ire, mp, ip6h, ixa, identp));
643 }
644
645 /*
646 * ire_sendfn for IREs with RTF_MULTIRT
647 */
648 int
ire_send_multirt_v6(ire_t * ire,mblk_t * mp,void * iph_arg,ip_xmit_attr_t * ixa,uint32_t * identp)649 ire_send_multirt_v6(ire_t *ire, mblk_t *mp, void *iph_arg,
650 ip_xmit_attr_t *ixa, uint32_t *identp)
651 {
652 ip6_t *ip6h = (ip6_t *)iph_arg;
653
654 multirt_check_v6(ire, ip6h, ixa);
655
656 if (ire->ire_type & IRE_MULTICAST)
657 return (ire_send_multicast_v6(ire, mp, ip6h, ixa, identp));
658 else
659 return (ire_send_wire_v6(ire, mp, ip6h, ixa, identp));
660 }
661
662 /*
663 * ire_sendfn for IREs with RTF_REJECT/RTF_BLACKHOLE, including IRE_NOROUTE
664 */
665 /* ARGSUSED4 */
666 int
ire_send_noroute_v6(ire_t * ire,mblk_t * mp,void * iph_arg,ip_xmit_attr_t * ixa,uint32_t * identp)667 ire_send_noroute_v6(ire_t *ire, mblk_t *mp, void *iph_arg,
668 ip_xmit_attr_t *ixa, uint32_t *identp)
669 {
670 ip6_t *ip6h = (ip6_t *)iph_arg;
671 ip_stack_t *ipst = ixa->ixa_ipst;
672 ill_t *ill;
673 ip_recv_attr_t iras;
674 boolean_t dummy;
675
676 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutNoRoutes);
677
678 if (ire->ire_type & IRE_NOROUTE) {
679 /* A lack of a route as opposed to RTF_REJECT|BLACKHOLE */
680 ip_rts_change_v6(RTM_MISS, &ip6h->ip6_dst, 0, 0, 0, 0, 0, 0,
681 RTA_DST, ipst);
682 }
683
684 if (ire->ire_flags & RTF_BLACKHOLE) {
685 ip_drop_output("ipIfStatsOutNoRoutes RTF_BLACKHOLE", mp, NULL);
686 freemsg(mp);
687 /* No error even for local senders - silent blackhole */
688 return (0);
689 }
690 ip_drop_output("ipIfStatsOutNoRoutes RTF_REJECT", mp, NULL);
691
692 /*
693 * We need an ill_t for the ip_recv_attr_t even though this packet
694 * was never received and icmp_unreachable doesn't currently use
695 * ira_ill.
696 */
697 ill = ill_lookup_on_name("lo0", B_FALSE,
698 !(ixa->ixa_flags & IRAF_IS_IPV4), &dummy, ipst);
699 if (ill == NULL) {
700 freemsg(mp);
701 return (EHOSTUNREACH);
702 }
703
704 bzero(&iras, sizeof (iras));
705 /* Map ixa to ira including IPsec policies */
706 ipsec_out_to_in(ixa, ill, &iras);
707
708 icmp_unreachable_v6(mp, ICMP6_DST_UNREACH_NOROUTE, B_FALSE, &iras);
709 /* We moved any IPsec refs from ixa to iras */
710 ira_cleanup(&iras, B_FALSE);
711
712 ill_refrele(ill);
713 return (EHOSTUNREACH);
714 }
715
716 /*
717 * Calculate a checksum ignoring any hardware capabilities
718 *
719 * Returns B_FALSE if the packet was too short for the checksum. Caller
720 * should free and do stats.
721 */
722 static boolean_t
ip_output_sw_cksum_v6(mblk_t * mp,ip6_t * ip6h,ip_xmit_attr_t * ixa)723 ip_output_sw_cksum_v6(mblk_t *mp, ip6_t *ip6h, ip_xmit_attr_t *ixa)
724 {
725 ip_stack_t *ipst = ixa->ixa_ipst;
726 uint_t pktlen = ixa->ixa_pktlen;
727 uint16_t *cksump;
728 uint32_t cksum;
729 uint8_t protocol = ixa->ixa_protocol;
730 uint16_t ip_hdr_length = ixa->ixa_ip_hdr_length;
731
732 #define iphs ((uint16_t *)ip6h)
733
734 /* Just in case it contained garbage */
735 DB_CKSUMFLAGS(mp) &= ~HCK_FLAGS;
736
737 /*
738 * Calculate ULP checksum
739 */
740 if (protocol == IPPROTO_TCP) {
741 cksump = IPH_TCPH_CHECKSUMP(ip6h, ip_hdr_length);
742 cksum = IP_TCP_CSUM_COMP;
743 } else if (protocol == IPPROTO_UDP) {
744 cksump = IPH_UDPH_CHECKSUMP(ip6h, ip_hdr_length);
745 cksum = IP_UDP_CSUM_COMP;
746 } else if (protocol == IPPROTO_SCTP) {
747 sctp_hdr_t *sctph;
748
749 ASSERT(MBLKL(mp) >= (ip_hdr_length + sizeof (*sctph)));
750 sctph = (sctp_hdr_t *)(mp->b_rptr + ip_hdr_length);
751 /*
752 * Zero out the checksum field to ensure proper
753 * checksum calculation.
754 */
755 sctph->sh_chksum = 0;
756 #ifdef DEBUG
757 if (!skip_sctp_cksum)
758 #endif
759 sctph->sh_chksum = sctp_cksum(mp, ip_hdr_length);
760 return (B_TRUE);
761 } else if (ixa->ixa_flags & IXAF_SET_RAW_CKSUM) {
762 /*
763 * icmp has placed length and routing
764 * header adjustment in the checksum field.
765 */
766 cksump = (uint16_t *)(((uint8_t *)ip6h) + ip_hdr_length +
767 ixa->ixa_raw_cksum_offset);
768 cksum = htons(protocol);
769 } else if (protocol == IPPROTO_ICMPV6) {
770 cksump = IPH_ICMPV6_CHECKSUMP(ip6h, ip_hdr_length);
771 cksum = IP_ICMPV6_CSUM_COMP; /* Pseudo-header cksum */
772 } else {
773 return (B_TRUE);
774 }
775
776 /* ULP puts the checksum field is in the first mblk */
777 ASSERT(((uchar_t *)cksump) + sizeof (uint16_t) <= mp->b_wptr);
778
779 /*
780 * We accumulate the pseudo header checksum in cksum.
781 * This is pretty hairy code, so watch close. One
782 * thing to keep in mind is that UDP and TCP have
783 * stored their respective datagram lengths in their
784 * checksum fields. This lines things up real nice.
785 */
786 cksum += iphs[4] + iphs[5] + iphs[6] + iphs[7] +
787 iphs[8] + iphs[9] + iphs[10] + iphs[11] +
788 iphs[12] + iphs[13] + iphs[14] + iphs[15] +
789 iphs[16] + iphs[17] + iphs[18] + iphs[19];
790 cksum = IP_CSUM(mp, ip_hdr_length, cksum);
791
792 /*
793 * For UDP/IPv6 a zero UDP checksum is not allowed.
794 * Change to 0xffff
795 */
796 if (protocol == IPPROTO_UDP && cksum == 0)
797 *cksump = ~cksum;
798 else
799 *cksump = cksum;
800
801 IP6_STAT(ipst, ip6_out_sw_cksum);
802 IP6_STAT_UPDATE(ipst, ip6_out_sw_cksum_bytes, pktlen);
803
804 /* No IP header checksum for IPv6 */
805
806 return (B_TRUE);
807 #undef iphs
808 }
809
810 /* There are drivers that can't do partial checksum for ICMPv6 */
811 int nxge_cksum_workaround = 1;
812
813 /*
814 * Calculate the ULP checksum - try to use hardware.
815 * In the case of MULTIRT or multicast the
816 * IXAF_NO_HW_CKSUM is set in which case we use software.
817 *
818 * Returns B_FALSE if the packet was too short for the checksum. Caller
819 * should free and do stats.
820 */
821 static boolean_t
ip_output_cksum_v6(iaflags_t ixaflags,mblk_t * mp,ip6_t * ip6h,ip_xmit_attr_t * ixa,ill_t * ill)822 ip_output_cksum_v6(iaflags_t ixaflags, mblk_t *mp, ip6_t *ip6h,
823 ip_xmit_attr_t *ixa, ill_t *ill)
824 {
825 uint_t pktlen = ixa->ixa_pktlen;
826 uint16_t *cksump;
827 uint16_t hck_flags;
828 uint32_t cksum;
829 uint8_t protocol = ixa->ixa_protocol;
830 uint16_t ip_hdr_length = ixa->ixa_ip_hdr_length;
831
832 #define iphs ((uint16_t *)ip6h)
833
834 if ((ixaflags & (IXAF_NO_HW_CKSUM|IXAF_SET_RAW_CKSUM)) ||
835 !ILL_HCKSUM_CAPABLE(ill) ||
836 !dohwcksum) {
837 return (ip_output_sw_cksum_v6(mp, ip6h, ixa));
838 }
839
840 /*
841 * Calculate ULP checksum. Note that we don't use cksump and cksum
842 * if the ill has FULL support.
843 */
844 if (protocol == IPPROTO_TCP) {
845 cksump = IPH_TCPH_CHECKSUMP(ip6h, ip_hdr_length);
846 cksum = IP_TCP_CSUM_COMP; /* Pseudo-header cksum */
847 } else if (protocol == IPPROTO_UDP) {
848 cksump = IPH_UDPH_CHECKSUMP(ip6h, ip_hdr_length);
849 cksum = IP_UDP_CSUM_COMP; /* Pseudo-header cksum */
850 } else if (protocol == IPPROTO_SCTP) {
851 sctp_hdr_t *sctph;
852
853 ASSERT(MBLKL(mp) >= (ip_hdr_length + sizeof (*sctph)));
854 sctph = (sctp_hdr_t *)(mp->b_rptr + ip_hdr_length);
855 /*
856 * Zero out the checksum field to ensure proper
857 * checksum calculation.
858 */
859 sctph->sh_chksum = 0;
860 #ifdef DEBUG
861 if (!skip_sctp_cksum)
862 #endif
863 sctph->sh_chksum = sctp_cksum(mp, ip_hdr_length);
864 goto ip_hdr_cksum;
865 } else if (protocol == IPPROTO_ICMPV6) {
866 /*
867 * Currently we assume no HW support for ICMP checksum calc.
868 *
869 * When HW support is advertised for ICMP, we'll want the
870 * following to be set:
871 * cksump = IPH_ICMPV6_CHECKSUMP(ip6h, ip_hdr_length);
872 * cksum = IP_ICMPV6_CSUM_COMP; Pseudo-header cksum
873 */
874
875 return (ip_output_sw_cksum_v6(mp, ip6h, ixa));
876 } else {
877 ip_hdr_cksum:
878 /* No IP header checksum for IPv6 */
879 return (B_TRUE);
880 }
881
882 /* ULP puts the checksum field is in the first mblk */
883 ASSERT(((uchar_t *)cksump) + sizeof (uint16_t) <= mp->b_wptr);
884
885 /*
886 * Underlying interface supports hardware checksum offload for
887 * the payload; leave the payload checksum for the hardware to
888 * calculate. N.B: We only need to set up checksum info on the
889 * first mblk.
890 */
891 hck_flags = ill->ill_hcksum_capab->ill_hcksum_txflags;
892
893 DB_CKSUMFLAGS(mp) &= ~HCK_FLAGS;
894 if (hck_flags & HCKSUM_INET_FULL_V6) {
895 /*
896 * Hardware calculates pseudo-header, header and the
897 * payload checksums, so clear the checksum field in
898 * the protocol header.
899 */
900 *cksump = 0;
901 DB_CKSUMFLAGS(mp) |= HCK_FULLCKSUM;
902 return (B_TRUE);
903 }
904 if (((hck_flags) & HCKSUM_INET_PARTIAL) &&
905 (protocol != IPPROTO_ICMPV6 || !nxge_cksum_workaround)) {
906 /*
907 * Partial checksum offload has been enabled. Fill
908 * the checksum field in the protocol header with the
909 * pseudo-header checksum value.
910 *
911 * We accumulate the pseudo header checksum in cksum.
912 * This is pretty hairy code, so watch close. One
913 * thing to keep in mind is that UDP and TCP have
914 * stored their respective datagram lengths in their
915 * checksum fields. This lines things up real nice.
916 */
917 cksum += iphs[4] + iphs[5] + iphs[6] + iphs[7] +
918 iphs[8] + iphs[9] + iphs[10] + iphs[11] +
919 iphs[12] + iphs[13] + iphs[14] + iphs[15] +
920 iphs[16] + iphs[17] + iphs[18] + iphs[19];
921 cksum += *(cksump);
922 cksum = (cksum & 0xFFFF) + (cksum >> 16);
923 *(cksump) = (cksum & 0xFFFF) + (cksum >> 16);
924
925 /*
926 * Offsets are relative to beginning of IP header.
927 */
928 DB_CKSUMSTART(mp) = ip_hdr_length;
929 DB_CKSUMSTUFF(mp) = (uint8_t *)cksump - (uint8_t *)ip6h;
930 DB_CKSUMEND(mp) = pktlen;
931 DB_CKSUMFLAGS(mp) |= HCK_PARTIALCKSUM;
932 return (B_TRUE);
933 }
934 /* Hardware capabilities include neither full nor partial IPv6 */
935 return (ip_output_sw_cksum_v6(mp, ip6h, ixa));
936 #undef iphs
937 }
938
939 /*
940 * ire_sendfn for offlink and onlink destinations.
941 * Also called from the multicast, and multirt send functions.
942 *
943 * Assumes that the caller has a hold on the ire.
944 *
945 * This function doesn't care if the IRE just became condemned since that
946 * can happen at any time.
947 */
948 /* ARGSUSED */
949 int
ire_send_wire_v6(ire_t * ire,mblk_t * mp,void * iph_arg,ip_xmit_attr_t * ixa,uint32_t * identp)950 ire_send_wire_v6(ire_t *ire, mblk_t *mp, void *iph_arg,
951 ip_xmit_attr_t *ixa, uint32_t *identp)
952 {
953 ip_stack_t *ipst = ixa->ixa_ipst;
954 ip6_t *ip6h = (ip6_t *)iph_arg;
955 iaflags_t ixaflags = ixa->ixa_flags;
956 ill_t *ill;
957 uint32_t pktlen = ixa->ixa_pktlen;
958
959 ASSERT(ixa->ixa_nce != NULL);
960 ill = ixa->ixa_nce->nce_ill;
961
962 /*
963 * Update output mib stats. Note that we can't move into the icmp
964 * sender (icmp_output etc) since they don't know the ill and the
965 * stats are per ill.
966 *
967 * With IPMP we record the stats on the upper ill.
968 */
969 if (ixa->ixa_protocol == IPPROTO_ICMPV6) {
970 icmp6_t *icmp6;
971
972 icmp6 = (icmp6_t *)((uchar_t *)ip6h + ixa->ixa_ip_hdr_length);
973 icmp_update_out_mib_v6(ixa->ixa_nce->nce_common->ncec_ill,
974 icmp6);
975 }
976
977 if (ixaflags & IXAF_DONTROUTE)
978 ip6h->ip6_hops = 1;
979
980 /*
981 * This might set b_band, thus the IPsec and fragmentation
982 * code in IP ensures that b_band is updated in the first mblk.
983 */
984 if (IPP_ENABLED(IPP_LOCAL_OUT, ipst)) {
985 /* ip_process translates an IS_UNDER_IPMP */
986 mp = ip_process(IPP_LOCAL_OUT, mp, ill, ill);
987 if (mp == NULL) {
988 /* ip_drop_packet and MIB done */
989 return (0); /* Might just be delayed */
990 }
991 }
992
993 /*
994 * To handle IPsec/iptun's labeling needs we need to tag packets
995 * while we still have ixa_tsl
996 */
997 if (is_system_labeled() && ixa->ixa_tsl != NULL &&
998 (ill->ill_mactype == DL_6TO4 || ill->ill_mactype == DL_IPV4 ||
999 ill->ill_mactype == DL_IPV6)) {
1000 cred_t *newcr;
1001
1002 newcr = copycred_from_tslabel(ixa->ixa_cred, ixa->ixa_tsl,
1003 KM_NOSLEEP);
1004 if (newcr == NULL) {
1005 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1006 ip_drop_output("ipIfStatsOutDiscards - newcr",
1007 mp, ill);
1008 freemsg(mp);
1009 return (ENOBUFS);
1010 }
1011 mblk_setcred(mp, newcr, NOPID);
1012 crfree(newcr); /* mblk_setcred did its own crhold */
1013 }
1014
1015 /*
1016 * IXAF_IPV6_ADD_FRAGHDR is set for CGTP so that we will add a
1017 * fragment header without fragmenting. CGTP on the receiver will
1018 * filter duplicates on the ident field.
1019 */
1020 if (pktlen > ixa->ixa_fragsize ||
1021 (ixaflags & (IXAF_IPSEC_SECURE|IXAF_IPV6_ADD_FRAGHDR))) {
1022 uint32_t ident = 0;
1023
1024 if (ixaflags & IXAF_IPSEC_SECURE)
1025 pktlen += ipsec_out_extra_length(ixa);
1026
1027 if (pktlen > IP_MAXPACKET)
1028 return (EMSGSIZE);
1029
1030 if (ixaflags & IXAF_SET_ULP_CKSUM) {
1031 /*
1032 * Compute ULP checksum using software
1033 */
1034 if (!ip_output_sw_cksum_v6(mp, ip6h, ixa)) {
1035 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1036 ip_drop_output("ipIfStatsOutDiscards", mp, ill);
1037 freemsg(mp);
1038 return (EINVAL);
1039 }
1040 /* Avoid checksum again below if we only add fraghdr */
1041 ixaflags &= ~IXAF_SET_ULP_CKSUM;
1042 }
1043
1044 /*
1045 * If we need a fragment header, pick the ident and insert
1046 * the header before IPsec to we have a place to store
1047 * the ident value.
1048 */
1049 if ((ixaflags & IXAF_IPV6_ADD_FRAGHDR) ||
1050 pktlen > ixa->ixa_fragsize) {
1051 /*
1052 * If this packet would generate a icmp_frag_needed
1053 * message, we need to handle it before we do the IPsec
1054 * processing. Otherwise, we need to strip the IPsec
1055 * headers before we send up the message to the ULPs
1056 * which becomes messy and difficult.
1057 */
1058 if ((pktlen > ixa->ixa_fragsize) &&
1059 (ixaflags & IXAF_DONTFRAG)) {
1060 /* Generate ICMP and return error */
1061 ip_recv_attr_t iras;
1062
1063 DTRACE_PROBE4(ip6__fragsize__fail,
1064 uint_t, pktlen, uint_t, ixa->ixa_fragsize,
1065 uint_t, ixa->ixa_pktlen,
1066 uint_t, ixa->ixa_pmtu);
1067
1068 bzero(&iras, sizeof (iras));
1069 /* Map ixa to ira including IPsec policies */
1070 ipsec_out_to_in(ixa, ill, &iras);
1071 iras.ira_ttl = ip6h->ip6_hlim;
1072
1073 ip_drop_output("ICMP6_PKT_TOO_BIG", mp, ill);
1074 icmp_pkt2big_v6(mp, ixa->ixa_fragsize, B_TRUE,
1075 &iras);
1076 /* We moved any IPsec refs from ixa to iras */
1077 ira_cleanup(&iras, B_FALSE);
1078 return (EMSGSIZE);
1079 }
1080 DTRACE_PROBE4(ip6__fragsize__ok, uint_t, pktlen,
1081 uint_t, ixa->ixa_fragsize, uint_t, ixa->ixa_pktlen,
1082 uint_t, ixa->ixa_pmtu);
1083 /*
1084 * Assign an ident value for this packet. There could
1085 * be other threads targeting the same destination, so
1086 * we have to arrange for a atomic increment.
1087 * Normally ixa_extra_ident is 0, but in the case of
1088 * LSO it will be the number of TCP segments that the
1089 * driver/hardware will extraly construct.
1090 *
1091 * Note that cl_inet_ipident has only been used for
1092 * IPv4. We don't use it here.
1093 */
1094 ident = atomic_add_32_nv(identp, ixa->ixa_extra_ident +
1095 1);
1096 ixa->ixa_ident = ident; /* In case we do IPsec */
1097 }
1098 if (ixaflags & IXAF_IPSEC_SECURE) {
1099 /*
1100 * Pass in sufficient information so that
1101 * IPsec can determine whether to fragment, and
1102 * which function to call after fragmentation.
1103 */
1104 return (ipsec_out_process(mp, ixa));
1105 }
1106
1107 mp = ip_fraghdr_add_v6(mp, ident, ixa);
1108 if (mp == NULL) {
1109 /* MIB and ip_drop_output already done */
1110 return (ENOMEM);
1111 }
1112 ASSERT(pktlen == ixa->ixa_pktlen);
1113 pktlen += sizeof (ip6_frag_t);
1114
1115 if (pktlen > ixa->ixa_fragsize) {
1116 return (ip_fragment_v6(mp, ixa->ixa_nce, ixaflags,
1117 pktlen, ixa->ixa_fragsize,
1118 ixa->ixa_xmit_hint, ixa->ixa_zoneid,
1119 ixa->ixa_no_loop_zoneid, ixa->ixa_postfragfn,
1120 &ixa->ixa_cookie));
1121 }
1122 }
1123 if (ixaflags & IXAF_SET_ULP_CKSUM) {
1124 /* Compute ULP checksum and IP header checksum */
1125 /* An IS_UNDER_IPMP ill is ok here */
1126 if (!ip_output_cksum_v6(ixaflags, mp, ip6h, ixa, ill)) {
1127 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1128 ip_drop_output("ipIfStatsOutDiscards", mp, ill);
1129 freemsg(mp);
1130 return (EINVAL);
1131 }
1132 }
1133 return ((ixa->ixa_postfragfn)(mp, ixa->ixa_nce, ixaflags,
1134 pktlen, ixa->ixa_xmit_hint, ixa->ixa_zoneid,
1135 ixa->ixa_no_loop_zoneid, &ixa->ixa_cookie));
1136 }
1137
1138 /*
1139 * Post fragmentation function for RTF_MULTIRT routes.
1140 * Since IRE_MULTICASTs might have RTF_MULTIRT, this function
1141 * checks IXAF_LOOPBACK_COPY.
1142 *
1143 * If no packet is sent due to failures then we return an errno, but if at
1144 * least one succeeded we return zero.
1145 */
1146 int
ip_postfrag_multirt_v6(mblk_t * mp,nce_t * nce,iaflags_t ixaflags,uint_t pkt_len,uint32_t xmit_hint,zoneid_t szone,zoneid_t nolzid,uintptr_t * ixacookie)1147 ip_postfrag_multirt_v6(mblk_t *mp, nce_t *nce, iaflags_t ixaflags,
1148 uint_t pkt_len, uint32_t xmit_hint, zoneid_t szone, zoneid_t nolzid,
1149 uintptr_t *ixacookie)
1150 {
1151 irb_t *irb;
1152 ip6_t *ip6h = (ip6_t *)mp->b_rptr;
1153 ire_t *ire;
1154 ire_t *ire1;
1155 mblk_t *mp1;
1156 nce_t *nce1;
1157 ill_t *ill = nce->nce_ill;
1158 ill_t *ill1;
1159 ip_stack_t *ipst = ill->ill_ipst;
1160 int error = 0;
1161 int num_sent = 0;
1162 int err;
1163 uint_t ire_type;
1164 in6_addr_t nexthop;
1165
1166 ASSERT(!(ixaflags & IXAF_IS_IPV4));
1167
1168 /* Check for IXAF_LOOPBACK_COPY */
1169 if (ixaflags & IXAF_LOOPBACK_COPY) {
1170 mblk_t *mp1;
1171
1172 mp1 = copymsg(mp);
1173 if (mp1 == NULL) {
1174 /* Failed to deliver the loopback copy. */
1175 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1176 ip_drop_output("ipIfStatsOutDiscards", mp, ill);
1177 error = ENOBUFS;
1178 } else {
1179 ip_postfrag_loopback(mp1, nce, ixaflags, pkt_len,
1180 nolzid);
1181 }
1182 }
1183
1184 /*
1185 * Loop over RTF_MULTIRT for ip6_dst in the same bucket. Send
1186 * a copy to each one.
1187 * Use the nce (nexthop) and ip6_dst to find the ire.
1188 *
1189 * MULTIRT is not designed to work with shared-IP zones thus we don't
1190 * need to pass a zoneid or a label to the IRE lookup.
1191 */
1192 if (IN6_ARE_ADDR_EQUAL(&nce->nce_addr, &ip6h->ip6_dst)) {
1193 /* Broadcast and multicast case */
1194 ire = ire_ftable_lookup_v6(&ip6h->ip6_dst, 0, 0, 0, NULL,
1195 ALL_ZONES, NULL, MATCH_IRE_DSTONLY, 0, ipst, NULL);
1196 } else {
1197 /* Unicast case */
1198 ire = ire_ftable_lookup_v6(&ip6h->ip6_dst, 0, &nce->nce_addr,
1199 0, NULL, ALL_ZONES, NULL, MATCH_IRE_GW, 0, ipst, NULL);
1200 }
1201
1202 if (ire == NULL ||
1203 (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) ||
1204 !(ire->ire_flags & RTF_MULTIRT)) {
1205 /* Drop */
1206 ip_drop_output("ip_postfrag_multirt didn't find route",
1207 mp, nce->nce_ill);
1208 if (ire != NULL)
1209 ire_refrele(ire);
1210 return (ENETUNREACH);
1211 }
1212
1213 irb = ire->ire_bucket;
1214 irb_refhold(irb);
1215 for (ire1 = irb->irb_ire; ire1 != NULL; ire1 = ire1->ire_next) {
1216 if (IRE_IS_CONDEMNED(ire1) ||
1217 !(ire1->ire_flags & RTF_MULTIRT))
1218 continue;
1219
1220 /* Note: When IPv6 uses radix tree we don't need this check */
1221 if (!IN6_ARE_ADDR_EQUAL(&ire->ire_addr_v6, &ire1->ire_addr_v6))
1222 continue;
1223
1224 /* Do the ire argument one after the loop */
1225 if (ire1 == ire)
1226 continue;
1227
1228 ill1 = ire_nexthop_ill(ire1);
1229 if (ill1 == NULL) {
1230 /*
1231 * This ire might not have been picked by
1232 * ire_route_recursive, in which case ire_dep might
1233 * not have been setup yet.
1234 * We kick ire_route_recursive to try to resolve
1235 * starting at ire1.
1236 */
1237 ire_t *ire2;
1238 uint_t match_flags = MATCH_IRE_DSTONLY;
1239
1240 if (ire1->ire_ill != NULL)
1241 match_flags |= MATCH_IRE_ILL;
1242 ire2 = ire_route_recursive_impl_v6(ire1,
1243 &ire1->ire_addr_v6, ire1->ire_type, ire1->ire_ill,
1244 ire1->ire_zoneid, NULL, match_flags,
1245 IRR_ALLOCATE, 0, ipst, NULL, NULL, NULL);
1246 if (ire2 != NULL)
1247 ire_refrele(ire2);
1248 ill1 = ire_nexthop_ill(ire1);
1249 }
1250 if (ill1 == NULL) {
1251 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1252 ip_drop_output("ipIfStatsOutDiscards - no ill",
1253 mp, ill);
1254 error = ENETUNREACH;
1255 continue;
1256 }
1257 /* Pick the addr and type to use for ndp_nce_init */
1258 if (nce->nce_common->ncec_flags & NCE_F_MCAST) {
1259 ire_type = IRE_MULTICAST;
1260 nexthop = ip6h->ip6_dst;
1261 } else {
1262 ire_type = ire1->ire_type; /* Doesn't matter */
1263 nexthop = ire1->ire_gateway_addr_v6;
1264 }
1265
1266 /* If IPMP meta or under, then we just drop */
1267 if (ill1->ill_grp != NULL) {
1268 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards);
1269 ip_drop_output("ipIfStatsOutDiscards - IPMP",
1270 mp, ill1);
1271 ill_refrele(ill1);
1272 error = ENETUNREACH;
1273 continue;
1274 }
1275
1276 nce1 = ndp_nce_init(ill1, &nexthop, ire_type);
1277 if (nce1 == NULL) {
1278 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards);
1279 ip_drop_output("ipIfStatsOutDiscards - no nce",
1280 mp, ill1);
1281 ill_refrele(ill1);
1282 error = ENOBUFS;
1283 continue;
1284 }
1285 mp1 = copymsg(mp);
1286 if (mp1 == NULL) {
1287 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards);
1288 ip_drop_output("ipIfStatsOutDiscards", mp, ill1);
1289 nce_refrele(nce1);
1290 ill_refrele(ill1);
1291 error = ENOBUFS;
1292 continue;
1293 }
1294 /* Preserve HW checksum for this copy */
1295 DB_CKSUMSTART(mp1) = DB_CKSUMSTART(mp);
1296 DB_CKSUMSTUFF(mp1) = DB_CKSUMSTUFF(mp);
1297 DB_CKSUMEND(mp1) = DB_CKSUMEND(mp);
1298 DB_CKSUMFLAGS(mp1) = DB_CKSUMFLAGS(mp);
1299 DB_LSOMSS(mp1) = DB_LSOMSS(mp);
1300
1301 ire1->ire_ob_pkt_count++;
1302 err = ip_xmit(mp1, nce1, ixaflags, pkt_len, xmit_hint, szone,
1303 0, ixacookie);
1304 if (err == 0)
1305 num_sent++;
1306 else
1307 error = err;
1308 nce_refrele(nce1);
1309 ill_refrele(ill1);
1310 }
1311 irb_refrele(irb);
1312 ire_refrele(ire);
1313 /* Finally, the main one */
1314 err = ip_xmit(mp, nce, ixaflags, pkt_len, xmit_hint, szone, 0,
1315 ixacookie);
1316 if (err == 0)
1317 num_sent++;
1318 else
1319 error = err;
1320 if (num_sent > 0)
1321 return (0);
1322 else
1323 return (error);
1324 }
1325