1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright (c) 1990 Mentat Inc.
25 * Copyright (c) 2017 OmniTI Computer Consulting, Inc. All rights reserved.
26 * Copyright (c) 2016 by Delphix. All rights reserved.
27 * Copyright 2020 OmniOS Community Edition (OmniOSce) Association.
28 * Copyright 2021 Joyent, Inc.
29 * Copyright 2024 Oxide Computer Company
30 */
31
32 #include <sys/types.h>
33 #include <sys/stream.h>
34 #include <sys/dlpi.h>
35 #include <sys/stropts.h>
36 #include <sys/sysmacros.h>
37 #include <sys/strsubr.h>
38 #include <sys/strlog.h>
39 #include <sys/strsun.h>
40 #include <sys/zone.h>
41 #define _SUN_TPI_VERSION 2
42 #include <sys/tihdr.h>
43 #include <sys/xti_inet.h>
44 #include <sys/ddi.h>
45 #include <sys/suntpi.h>
46 #include <sys/cmn_err.h>
47 #include <sys/debug.h>
48 #include <sys/kobj.h>
49 #include <sys/modctl.h>
50 #include <sys/atomic.h>
51 #include <sys/policy.h>
52 #include <sys/priv.h>
53 #include <sys/taskq.h>
54
55 #include <sys/systm.h>
56 #include <sys/param.h>
57 #include <sys/kmem.h>
58 #include <sys/sdt.h>
59 #include <sys/socket.h>
60 #include <sys/vtrace.h>
61 #include <sys/isa_defs.h>
62 #include <sys/mac.h>
63 #include <net/if.h>
64 #include <net/if_arp.h>
65 #include <net/route.h>
66 #include <sys/sockio.h>
67 #include <netinet/in.h>
68 #include <net/if_dl.h>
69
70 #include <inet/common.h>
71 #include <inet/mi.h>
72 #include <inet/mib2.h>
73 #include <inet/nd.h>
74 #include <inet/arp.h>
75 #include <inet/snmpcom.h>
76 #include <inet/optcom.h>
77 #include <inet/kstatcom.h>
78
79 #include <netinet/igmp_var.h>
80 #include <netinet/ip6.h>
81 #include <netinet/icmp6.h>
82 #include <netinet/sctp.h>
83
84 #include <inet/ip.h>
85 #include <inet/ip_impl.h>
86 #include <inet/ip6.h>
87 #include <inet/ip6_asp.h>
88 #include <inet/tcp.h>
89 #include <inet/tcp_impl.h>
90 #include <inet/ip_multi.h>
91 #include <inet/ip_if.h>
92 #include <inet/ip_ire.h>
93 #include <inet/ip_ftable.h>
94 #include <inet/ip_rts.h>
95 #include <inet/ip_ndp.h>
96 #include <inet/ip_listutils.h>
97 #include <netinet/igmp.h>
98 #include <netinet/ip_mroute.h>
99 #include <inet/ipp_common.h>
100 #include <inet/cc.h>
101
102 #include <net/pfkeyv2.h>
103 #include <inet/sadb.h>
104 #include <inet/ipsec_impl.h>
105 #include <inet/iptun/iptun_impl.h>
106 #include <inet/ipdrop.h>
107 #include <inet/ip_netinfo.h>
108 #include <inet/ilb_ip.h>
109
110 #include <sys/ethernet.h>
111 #include <net/if_types.h>
112 #include <sys/cpuvar.h>
113
114 #include <ipp/ipp.h>
115 #include <ipp/ipp_impl.h>
116 #include <ipp/ipgpc/ipgpc.h>
117
118 #include <sys/pattr.h>
119 #include <inet/ipclassifier.h>
120 #include <inet/sctp_ip.h>
121 #include <inet/sctp/sctp_impl.h>
122 #include <inet/udp_impl.h>
123 #include <inet/rawip_impl.h>
124 #include <inet/rts_impl.h>
125
126 #include <sys/tsol/label.h>
127 #include <sys/tsol/tnet.h>
128
129 #include <sys/squeue_impl.h>
130 #include <inet/ip_arp.h>
131
132 #include <sys/clock_impl.h> /* For LBOLT_FASTPATH{,64} */
133
134 /*
135 * Values for squeue switch:
136 * IP_SQUEUE_ENTER_NODRAIN: SQ_NODRAIN
137 * IP_SQUEUE_ENTER: SQ_PROCESS
138 * IP_SQUEUE_FILL: SQ_FILL
139 */
140 int ip_squeue_enter = IP_SQUEUE_ENTER; /* Setable in /etc/system */
141
142 int ip_squeue_flag;
143
144 /*
145 * Setable in /etc/system
146 */
147 int ip_poll_normal_ms = 100;
148 int ip_poll_normal_ticks = 0;
149 int ip_modclose_ackwait_ms = 3000;
150
151 /*
152 * It would be nice to have these present only in DEBUG systems, but the
153 * current design of the global symbol checking logic requires them to be
154 * unconditionally present.
155 */
156 uint_t ip_thread_data; /* TSD key for debug support */
157 krwlock_t ip_thread_rwlock;
158 list_t ip_thread_list;
159
160 /*
161 * Structure to represent a linked list of msgblks. Used by ip_snmp_ functions.
162 */
163
164 struct listptr_s {
165 mblk_t *lp_head; /* pointer to the head of the list */
166 mblk_t *lp_tail; /* pointer to the tail of the list */
167 };
168
169 typedef struct listptr_s listptr_t;
170
171 /*
172 * This is used by ip_snmp_get_mib2_ip_route_media and
173 * ip_snmp_get_mib2_ip6_route_media to carry the lists of return data.
174 */
175 typedef struct iproutedata_s {
176 uint_t ird_idx;
177 uint_t ird_flags; /* see below */
178 listptr_t ird_route; /* ipRouteEntryTable */
179 listptr_t ird_netmedia; /* ipNetToMediaEntryTable */
180 listptr_t ird_attrs; /* ipRouteAttributeTable */
181 } iproutedata_t;
182
183 /* Include ire_testhidden and IRE_IF_CLONE routes */
184 #define IRD_REPORT_ALL 0x01
185
186 /*
187 * Cluster specific hooks. These should be NULL when booted as a non-cluster
188 */
189
190 /*
191 * Hook functions to enable cluster networking
192 * On non-clustered systems these vectors must always be NULL.
193 *
194 * Hook function to Check ip specified ip address is a shared ip address
195 * in the cluster
196 *
197 */
198 int (*cl_inet_isclusterwide)(netstackid_t stack_id, uint8_t protocol,
199 sa_family_t addr_family, uint8_t *laddrp, void *args) = NULL;
200
201 /*
202 * Hook function to generate cluster wide ip fragment identifier
203 */
204 uint32_t (*cl_inet_ipident)(netstackid_t stack_id, uint8_t protocol,
205 sa_family_t addr_family, uint8_t *laddrp, uint8_t *faddrp,
206 void *args) = NULL;
207
208 /*
209 * Hook function to generate cluster wide SPI.
210 */
211 void (*cl_inet_getspi)(netstackid_t, uint8_t, uint8_t *, size_t,
212 void *) = NULL;
213
214 /*
215 * Hook function to verify if the SPI is already utlized.
216 */
217
218 int (*cl_inet_checkspi)(netstackid_t, uint8_t, uint32_t, void *) = NULL;
219
220 /*
221 * Hook function to delete the SPI from the cluster wide repository.
222 */
223
224 void (*cl_inet_deletespi)(netstackid_t, uint8_t, uint32_t, void *) = NULL;
225
226 /*
227 * Hook function to inform the cluster when packet received on an IDLE SA
228 */
229
230 void (*cl_inet_idlesa)(netstackid_t, uint8_t, uint32_t, sa_family_t,
231 in6_addr_t, in6_addr_t, void *) = NULL;
232
233 /*
234 * Synchronization notes:
235 *
236 * IP is a fully D_MP STREAMS module/driver. Thus it does not depend on any
237 * MT level protection given by STREAMS. IP uses a combination of its own
238 * internal serialization mechanism and standard Solaris locking techniques.
239 * The internal serialization is per phyint. This is used to serialize
240 * plumbing operations, IPMP operations, most set ioctls, etc.
241 *
242 * Plumbing is a long sequence of operations involving message
243 * exchanges between IP, ARP and device drivers. Many set ioctls are typically
244 * involved in plumbing operations. A natural model is to serialize these
245 * ioctls one per ill. For example plumbing of hme0 and qfe0 can go on in
246 * parallel without any interference. But various set ioctls on hme0 are best
247 * serialized, along with IPMP operations and processing of DLPI control
248 * messages received from drivers on a per phyint basis. This serialization is
249 * provided by the ipsq_t and primitives operating on this. Details can
250 * be found in ip_if.c above the core primitives operating on ipsq_t.
251 *
252 * Lookups of an ipif or ill by a thread return a refheld ipif / ill.
253 * Simiarly lookup of an ire by a thread also returns a refheld ire.
254 * In addition ipif's and ill's referenced by the ire are also indirectly
255 * refheld. Thus no ipif or ill can vanish as long as an ipif is refheld
256 * directly or indirectly. For example an SIOCSLIFADDR ioctl that changes the
257 * address of an ipif has to go through the ipsq_t. This ensures that only
258 * one such exclusive operation proceeds at any time on the ipif. It then
259 * waits for all refcnts
260 * associated with this ipif to come down to zero. The address is changed
261 * only after the ipif has been quiesced. Then the ipif is brought up again.
262 * More details are described above the comment in ip_sioctl_flags.
263 *
264 * Packet processing is based mostly on IREs and are fully multi-threaded
265 * using standard Solaris MT techniques.
266 *
267 * There are explicit locks in IP to handle:
268 * - The ip_g_head list maintained by mi_open_link() and friends.
269 *
270 * - The reassembly data structures (one lock per hash bucket)
271 *
272 * - conn_lock is meant to protect conn_t fields. The fields actually
273 * protected by conn_lock are documented in the conn_t definition.
274 *
275 * - ire_lock to protect some of the fields of the ire, IRE tables
276 * (one lock per hash bucket). Refer to ip_ire.c for details.
277 *
278 * - ndp_g_lock and ncec_lock for protecting NCEs.
279 *
280 * - ill_lock protects fields of the ill and ipif. Details in ip.h
281 *
282 * - ill_g_lock: This is a global reader/writer lock. Protects the following
283 * * The AVL tree based global multi list of all ills.
284 * * The linked list of all ipifs of an ill
285 * * The <ipsq-xop> mapping
286 * * <ill-phyint> association
287 * Insertion/deletion of an ill in the system, insertion/deletion of an ipif
288 * into an ill, changing the <ipsq-xop> mapping of an ill, changing the
289 * <ill-phyint> assoc of an ill will all have to hold the ill_g_lock as
290 * writer for the actual duration of the insertion/deletion/change.
291 *
292 * - ill_lock: This is a per ill mutex.
293 * It protects some members of the ill_t struct; see ip.h for details.
294 * It also protects the <ill-phyint> assoc.
295 * It also protects the list of ipifs hanging off the ill.
296 *
297 * - ipsq_lock: This is a per ipsq_t mutex lock.
298 * This protects some members of the ipsq_t struct; see ip.h for details.
299 * It also protects the <ipsq-ipxop> mapping
300 *
301 * - ipx_lock: This is a per ipxop_t mutex lock.
302 * This protects some members of the ipxop_t struct; see ip.h for details.
303 *
304 * - phyint_lock: This is a per phyint mutex lock. Protects just the
305 * phyint_flags
306 *
307 * - ip_addr_avail_lock: This is used to ensure the uniqueness of IP addresses.
308 * This lock is held in ipif_up_done and the ipif is marked IPIF_UP and the
309 * uniqueness check also done atomically.
310 *
311 * - ill_g_usesrc_lock: This readers/writer lock protects the usesrc
312 * group list linked by ill_usesrc_grp_next. It also protects the
313 * ill_usesrc_ifindex field. It is taken as a writer when a member of the
314 * group is being added or deleted. This lock is taken as a reader when
315 * walking the list/group(eg: to get the number of members in a usesrc group).
316 * Note, it is only necessary to take this lock if the ill_usesrc_grp_next
317 * field is changing state i.e from NULL to non-NULL or vice-versa. For
318 * example, it is not necessary to take this lock in the initial portion
319 * of ip_sioctl_slifusesrc or at all in ip_sioctl_flags since these
320 * operations are executed exclusively and that ensures that the "usesrc
321 * group state" cannot change. The "usesrc group state" change can happen
322 * only in the latter part of ip_sioctl_slifusesrc and in ill_delete.
323 *
324 * Changing <ill-phyint>, <ipsq-xop> assocications:
325 *
326 * To change the <ill-phyint> association, the ill_g_lock must be held
327 * as writer, and the ill_locks of both the v4 and v6 instance of the ill
328 * must be held.
329 *
330 * To change the <ipsq-xop> association, the ill_g_lock must be held as
331 * writer, the ipsq_lock must be held, and one must be writer on the ipsq.
332 * This is only done when ills are added or removed from IPMP groups.
333 *
334 * To add or delete an ipif from the list of ipifs hanging off the ill,
335 * ill_g_lock (writer) and ill_lock must be held and the thread must be
336 * a writer on the associated ipsq.
337 *
338 * To add or delete an ill to the system, the ill_g_lock must be held as
339 * writer and the thread must be a writer on the associated ipsq.
340 *
341 * To add or delete an ilm to an ill, the ill_lock must be held and the thread
342 * must be a writer on the associated ipsq.
343 *
344 * Lock hierarchy
345 *
346 * Some lock hierarchy scenarios are listed below.
347 *
348 * ill_g_lock -> conn_lock -> ill_lock -> ipsq_lock -> ipx_lock
349 * ill_g_lock -> ill_lock(s) -> phyint_lock
350 * ill_g_lock -> ndp_g_lock -> ill_lock -> ncec_lock
351 * ill_g_lock -> ip_addr_avail_lock
352 * conn_lock -> irb_lock -> ill_lock -> ire_lock
353 * ill_g_lock -> ip_g_nd_lock
354 * ill_g_lock -> ips_ipmp_lock -> ill_lock -> nce_lock
355 * ill_g_lock -> ndp_g_lock -> ill_lock -> ncec_lock -> nce_lock
356 * arl_lock -> ill_lock
357 * ips_ire_dep_lock -> irb_lock
358 *
359 * When more than 1 ill lock is needed to be held, all ill lock addresses
360 * are sorted on address and locked starting from highest addressed lock
361 * downward.
362 *
363 * Multicast scenarios
364 * ips_ill_g_lock -> ill_mcast_lock
365 * conn_ilg_lock -> ips_ill_g_lock -> ill_lock
366 * ill_mcast_serializer -> ill_mcast_lock -> ips_ipmp_lock -> ill_lock
367 * ill_mcast_serializer -> ill_mcast_lock -> connf_lock -> conn_lock
368 * ill_mcast_serializer -> ill_mcast_lock -> conn_ilg_lock
369 * ill_mcast_serializer -> ill_mcast_lock -> ips_igmp_timer_lock
370 *
371 * IPsec scenarios
372 *
373 * ipsa_lock -> ill_g_lock -> ill_lock
374 * ill_g_usesrc_lock -> ill_g_lock -> ill_lock
375 *
376 * Trusted Solaris scenarios
377 *
378 * igsa_lock -> gcgrp_rwlock -> gcgrp_lock
379 * igsa_lock -> gcdb_lock
380 * gcgrp_rwlock -> ire_lock
381 * gcgrp_rwlock -> gcdb_lock
382 *
383 * squeue(sq_lock), flow related (ft_lock, fe_lock) locking
384 *
385 * cpu_lock --> ill_lock --> sqset_lock --> sq_lock
386 * sq_lock -> conn_lock -> QLOCK(q)
387 * ill_lock -> ft_lock -> fe_lock
388 *
389 * Routing/forwarding table locking notes:
390 *
391 * Lock acquisition order: Radix tree lock, irb_lock.
392 * Requirements:
393 * i. Walker must not hold any locks during the walker callback.
394 * ii Walker must not see a truncated tree during the walk because of any node
395 * deletion.
396 * iii Existing code assumes ire_bucket is valid if it is non-null and is used
397 * in many places in the code to walk the irb list. Thus even if all the
398 * ires in a bucket have been deleted, we still can't free the radix node
399 * until the ires have actually been inactive'd (freed).
400 *
401 * Tree traversal - Need to hold the global tree lock in read mode.
402 * Before dropping the global tree lock, need to either increment the ire_refcnt
403 * to ensure that the radix node can't be deleted.
404 *
405 * Tree add - Need to hold the global tree lock in write mode to add a
406 * radix node. To prevent the node from being deleted, increment the
407 * irb_refcnt, after the node is added to the tree. The ire itself is
408 * added later while holding the irb_lock, but not the tree lock.
409 *
410 * Tree delete - Need to hold the global tree lock and irb_lock in write mode.
411 * All associated ires must be inactive (i.e. freed), and irb_refcnt
412 * must be zero.
413 *
414 * Walker - Increment irb_refcnt before calling the walker callback. Hold the
415 * global tree lock (read mode) for traversal.
416 *
417 * IRE dependencies - In some cases we hold ips_ire_dep_lock across ire_refrele
418 * hence we will acquire irb_lock while holding ips_ire_dep_lock.
419 *
420 * IPsec notes :
421 *
422 * IP interacts with the IPsec code (AH/ESP) by storing IPsec attributes
423 * in the ip_xmit_attr_t ip_recv_attr_t. For outbound datagrams, the
424 * ip_xmit_attr_t has the
425 * information used by the IPsec code for applying the right level of
426 * protection. The information initialized by IP in the ip_xmit_attr_t
427 * is determined by the per-socket policy or global policy in the system.
428 * For inbound datagrams, the ip_recv_attr_t
429 * starts out with nothing in it. It gets filled
430 * with the right information if it goes through the AH/ESP code, which
431 * happens if the incoming packet is secure. The information initialized
432 * by AH/ESP, is later used by IP (during fanouts to ULP) to see whether
433 * the policy requirements needed by per-socket policy or global policy
434 * is met or not.
435 *
436 * For fully connected sockets i.e dst, src [addr, port] is known,
437 * conn_policy_cached is set indicating that policy has been cached.
438 * conn_in_enforce_policy may or may not be set depending on whether
439 * there is a global policy match or per-socket policy match.
440 * Policy inheriting happpens in ip_policy_set once the destination is known.
441 * Once the right policy is set on the conn_t, policy cannot change for
442 * this socket. This makes life simpler for TCP (UDP ?) where
443 * re-transmissions go out with the same policy. For symmetry, policy
444 * is cached for fully connected UDP sockets also. Thus if policy is cached,
445 * it also implies that policy is latched i.e policy cannot change
446 * on these sockets. As we have the right policy on the conn, we don't
447 * have to lookup global policy for every outbound and inbound datagram
448 * and thus serving as an optimization. Note that a global policy change
449 * does not affect fully connected sockets if they have policy. If fully
450 * connected sockets did not have any policy associated with it, global
451 * policy change may affect them.
452 *
453 * IP Flow control notes:
454 * ---------------------
455 * Non-TCP streams are flow controlled by IP. The way this is accomplished
456 * differs when ILL_CAPAB_DLD_DIRECT is enabled for that IP instance. When
457 * ILL_DIRECT_CAPABLE(ill) is TRUE, IP can do direct function calls into
458 * GLDv3. Otherwise packets are sent down to lower layers using STREAMS
459 * functions.
460 *
461 * Per Tx ring udp flow control:
462 * This is applicable only when ILL_CAPAB_DLD_DIRECT capability is set in
463 * the ill (i.e. ILL_DIRECT_CAPABLE(ill) is true).
464 *
465 * The underlying link can expose multiple Tx rings to the GLDv3 mac layer.
466 * To achieve best performance, outgoing traffic need to be fanned out among
467 * these Tx ring. mac_tx() is called (via str_mdata_fastpath_put()) to send
468 * traffic out of the NIC and it takes a fanout hint. UDP connections pass
469 * the address of connp as fanout hint to mac_tx(). Under flow controlled
470 * condition, mac_tx() returns a non-NULL cookie (ip_mac_tx_cookie_t). This
471 * cookie points to a specific Tx ring that is blocked. The cookie is used to
472 * hash into an idl_tx_list[] entry in idl_tx_list[] array. Each idl_tx_list_t
473 * point to drain_lists (idl_t's). These drain list will store the blocked UDP
474 * connp's. The drain list is not a single list but a configurable number of
475 * lists.
476 *
477 * The diagram below shows idl_tx_list_t's and their drain_lists. ip_stack_t
478 * has an array of idl_tx_list_t. The size of the array is TX_FANOUT_SIZE
479 * which is equal to 128. This array in turn contains a pointer to idl_t[],
480 * the ip drain list. The idl_t[] array size is MIN(max_ncpus, 8). The drain
481 * list will point to the list of connp's that are flow controlled.
482 *
483 * --------------- ------- ------- -------
484 * |->|drain_list[0]|-->|connp|-->|connp|-->|connp|-->
485 * | --------------- ------- ------- -------
486 * | --------------- ------- ------- -------
487 * |->|drain_list[1]|-->|connp|-->|connp|-->|connp|-->
488 * ---------------- | --------------- ------- ------- -------
489 * |idl_tx_list[0]|->| --------------- ------- ------- -------
490 * ---------------- |->|drain_list[2]|-->|connp|-->|connp|-->|connp|-->
491 * | --------------- ------- ------- -------
492 * . . . . .
493 * | --------------- ------- ------- -------
494 * |->|drain_list[n]|-->|connp|-->|connp|-->|connp|-->
495 * --------------- ------- ------- -------
496 * --------------- ------- ------- -------
497 * |->|drain_list[0]|-->|connp|-->|connp|-->|connp|-->
498 * | --------------- ------- ------- -------
499 * | --------------- ------- ------- -------
500 * ---------------- |->|drain_list[1]|-->|connp|-->|connp|-->|connp|-->
501 * |idl_tx_list[1]|->| --------------- ------- ------- -------
502 * ---------------- | . . . .
503 * | --------------- ------- ------- -------
504 * |->|drain_list[n]|-->|connp|-->|connp|-->|connp|-->
505 * --------------- ------- ------- -------
506 * .....
507 * ----------------
508 * |idl_tx_list[n]|-> ...
509 * ----------------
510 *
511 * When mac_tx() returns a cookie, the cookie is hashed into an index into
512 * ips_idl_tx_list[], and conn_drain_insert() is called with the idl_tx_list
513 * to insert the conn onto. conn_drain_insert() asserts flow control for the
514 * sockets via su_txq_full() (non-STREAMS) or QFULL on conn_wq (STREAMS).
515 * Further, conn_blocked is set to indicate that the conn is blocked.
516 *
517 * GLDv3 calls ill_flow_enable() when flow control is relieved. The cookie
518 * passed in the call to ill_flow_enable() identifies the blocked Tx ring and
519 * is again hashed to locate the appropriate idl_tx_list, which is then
520 * drained via conn_walk_drain(). conn_walk_drain() goes through each conn in
521 * the drain list and calls conn_drain_remove() to clear flow control (via
522 * calling su_txq_full() or clearing QFULL), and remove the conn from the
523 * drain list.
524 *
525 * Note that the drain list is not a single list but a (configurable) array of
526 * lists (8 elements by default). Synchronization between drain insertion and
527 * flow control wakeup is handled by using idl_txl->txl_lock, and only
528 * conn_drain_insert() and conn_drain_remove() manipulate the drain list.
529 *
530 * Flow control via STREAMS is used when ILL_DIRECT_CAPABLE() returns FALSE.
531 * On the send side, if the packet cannot be sent down to the driver by IP
532 * (canput() fails), ip_xmit() drops the packet and returns EWOULDBLOCK to the
533 * caller, who may then invoke ixa_check_drain_insert() to insert the conn on
534 * the 0'th drain list. When ip_wsrv() runs on the ill_wq because flow
535 * control has been relieved, the blocked conns in the 0'th drain list are
536 * drained as in the non-STREAMS case.
537 *
538 * In both the STREAMS and non-STREAMS cases, the sockfs upcall to set QFULL
539 * is done when the conn is inserted into the drain list (conn_drain_insert())
540 * and cleared when the conn is removed from the it (conn_drain_remove()).
541 *
542 * IPQOS notes:
543 *
544 * IPQoS Policies are applied to packets using IPPF (IP Policy framework)
545 * and IPQoS modules. IPPF includes hooks in IP at different control points
546 * (callout positions) which direct packets to IPQoS modules for policy
547 * processing. Policies, if present, are global.
548 *
549 * The callout positions are located in the following paths:
550 * o local_in (packets destined for this host)
551 * o local_out (packets orginating from this host )
552 * o fwd_in (packets forwarded by this m/c - inbound)
553 * o fwd_out (packets forwarded by this m/c - outbound)
554 * Hooks at these callout points can be enabled/disabled using the ndd variable
555 * ip_policy_mask (a bit mask with the 4 LSB indicating the callout positions).
556 * By default all the callout positions are enabled.
557 *
558 * Outbound (local_out)
559 * Hooks are placed in ire_send_wire_v4 and ire_send_wire_v6.
560 *
561 * Inbound (local_in)
562 * Hooks are placed in ip_fanout_v4 and ip_fanout_v6.
563 *
564 * Forwarding (in and out)
565 * Hooks are placed in ire_recv_forward_v4/v6.
566 *
567 * IP Policy Framework processing (IPPF processing)
568 * Policy processing for a packet is initiated by ip_process, which ascertains
569 * that the classifier (ipgpc) is loaded and configured, failing which the
570 * packet resumes normal processing in IP. If the clasifier is present, the
571 * packet is acted upon by one or more IPQoS modules (action instances), per
572 * filters configured in ipgpc and resumes normal IP processing thereafter.
573 * An action instance can drop a packet in course of its processing.
574 *
575 * Zones notes:
576 *
577 * The partitioning rules for networking are as follows:
578 * 1) Packets coming from a zone must have a source address belonging to that
579 * zone.
580 * 2) Packets coming from a zone can only be sent on a physical interface on
581 * which the zone has an IP address.
582 * 3) Between two zones on the same machine, packet delivery is only allowed if
583 * there's a matching route for the destination and zone in the forwarding
584 * table.
585 * 4) The TCP and UDP port spaces are per-zone; that is, two processes in
586 * different zones can bind to the same port with the wildcard address
587 * (INADDR_ANY).
588 *
589 * The granularity of interface partitioning is at the logical interface level.
590 * Therefore, every zone has its own IP addresses, and incoming packets can be
591 * attributed to a zone unambiguously. A logical interface is placed into a zone
592 * using the SIOCSLIFZONE ioctl; this sets the ipif_zoneid field in the ipif_t
593 * structure. Rule (1) is implemented by modifying the source address selection
594 * algorithm so that the list of eligible addresses is filtered based on the
595 * sending process zone.
596 *
597 * The Internet Routing Entries (IREs) are either exclusive to a zone or shared
598 * across all zones, depending on their type. Here is the break-up:
599 *
600 * IRE type Shared/exclusive
601 * -------- ----------------
602 * IRE_BROADCAST Exclusive
603 * IRE_DEFAULT (default routes) Shared (*)
604 * IRE_LOCAL Exclusive (x)
605 * IRE_LOOPBACK Exclusive
606 * IRE_PREFIX (net routes) Shared (*)
607 * IRE_IF_NORESOLVER (interface routes) Exclusive
608 * IRE_IF_RESOLVER (interface routes) Exclusive
609 * IRE_IF_CLONE (interface routes) Exclusive
610 * IRE_HOST (host routes) Shared (*)
611 *
612 * (*) A zone can only use a default or off-subnet route if the gateway is
613 * directly reachable from the zone, that is, if the gateway's address matches
614 * one of the zone's logical interfaces.
615 *
616 * (x) IRE_LOCAL are handled a bit differently.
617 * When ip_restrict_interzone_loopback is set (the default),
618 * ire_route_recursive restricts loopback using an IRE_LOCAL
619 * between zone to the case when L2 would have conceptually looped the packet
620 * back, i.e. the loopback which is required since neither Ethernet drivers
621 * nor Ethernet hardware loops them back. This is the case when the normal
622 * routes (ignoring IREs with different zoneids) would send out the packet on
623 * the same ill as the ill with which is IRE_LOCAL is associated.
624 *
625 * Multiple zones can share a common broadcast address; typically all zones
626 * share the 255.255.255.255 address. Incoming as well as locally originated
627 * broadcast packets must be dispatched to all the zones on the broadcast
628 * network. For directed broadcasts (e.g. 10.16.72.255) this is not trivial
629 * since some zones may not be on the 10.16.72/24 network. To handle this, each
630 * zone has its own set of IRE_BROADCAST entries; then, broadcast packets are
631 * sent to every zone that has an IRE_BROADCAST entry for the destination
632 * address on the input ill, see ip_input_broadcast().
633 *
634 * Applications in different zones can join the same multicast group address.
635 * The same logic applies for multicast as for broadcast. ip_input_multicast
636 * dispatches packets to all zones that have members on the physical interface.
637 */
638
639 /*
640 * Squeue Fanout flags:
641 * 0: No fanout.
642 * 1: Fanout across all squeues
643 */
644 boolean_t ip_squeue_fanout = 0;
645
646 /*
647 * Maximum dups allowed per packet.
648 */
649 uint_t ip_max_frag_dups = 10;
650
651 static int ip_open(queue_t *q, dev_t *devp, int flag, int sflag,
652 cred_t *credp, boolean_t isv6);
653 static mblk_t *ip_xmit_attach_llhdr(mblk_t *, nce_t *);
654
655 static boolean_t icmp_inbound_verify_v4(mblk_t *, icmph_t *, ip_recv_attr_t *);
656 static void icmp_inbound_too_big_v4(icmph_t *, ip_recv_attr_t *);
657 static void icmp_inbound_error_fanout_v4(mblk_t *, icmph_t *,
658 ip_recv_attr_t *);
659 static void icmp_options_update(ipha_t *);
660 static void icmp_param_problem(mblk_t *, uint8_t, ip_recv_attr_t *);
661 static void icmp_pkt(mblk_t *, void *, size_t, ip_recv_attr_t *);
662 static mblk_t *icmp_pkt_err_ok(mblk_t *, ip_recv_attr_t *);
663 static void icmp_redirect_v4(mblk_t *mp, ipha_t *, icmph_t *,
664 ip_recv_attr_t *);
665 static void icmp_send_redirect(mblk_t *, ipaddr_t, ip_recv_attr_t *);
666 static void icmp_send_reply_v4(mblk_t *, ipha_t *, icmph_t *,
667 ip_recv_attr_t *);
668
669 mblk_t *ip_dlpi_alloc(size_t, t_uscalar_t);
670 char *ip_dot_addr(ipaddr_t, char *);
671 mblk_t *ip_carve_mp(mblk_t **, ssize_t);
672 static char *ip_dot_saddr(uchar_t *, char *);
673 static int ip_lrput(queue_t *, mblk_t *);
674 ipaddr_t ip_net_mask(ipaddr_t);
675 char *ip_nv_lookup(nv_t *, int);
676 int ip_rput(queue_t *, mblk_t *);
677 static void ip_rput_dlpi_writer(ipsq_t *dummy_sq, queue_t *q, mblk_t *mp,
678 void *dummy_arg);
679 int ip_snmp_get(queue_t *, mblk_t *, int, boolean_t);
680 static mblk_t *ip_snmp_get_mib2_ip(queue_t *, mblk_t *,
681 mib2_ipIfStatsEntry_t *, ip_stack_t *, boolean_t);
682 static mblk_t *ip_snmp_get_mib2_ip_traffic_stats(queue_t *, mblk_t *,
683 ip_stack_t *, boolean_t);
684 static mblk_t *ip_snmp_get_mib2_ip6(queue_t *, mblk_t *, ip_stack_t *,
685 boolean_t);
686 static mblk_t *ip_snmp_get_mib2_icmp(queue_t *, mblk_t *, ip_stack_t *ipst);
687 static mblk_t *ip_snmp_get_mib2_icmp6(queue_t *, mblk_t *, ip_stack_t *ipst);
688 static mblk_t *ip_snmp_get_mib2_igmp(queue_t *, mblk_t *, ip_stack_t *ipst);
689 static mblk_t *ip_snmp_get_mib2_multi(queue_t *, mblk_t *, ip_stack_t *ipst);
690 static mblk_t *ip_snmp_get_mib2_ip_addr(queue_t *, mblk_t *,
691 ip_stack_t *ipst, boolean_t);
692 static mblk_t *ip_snmp_get_mib2_ip6_addr(queue_t *, mblk_t *,
693 ip_stack_t *ipst, boolean_t);
694 static mblk_t *ip_snmp_get_mib2_ip_group_src(queue_t *, mblk_t *,
695 ip_stack_t *ipst);
696 static mblk_t *ip_snmp_get_mib2_ip6_group_src(queue_t *, mblk_t *,
697 ip_stack_t *ipst);
698 static mblk_t *ip_snmp_get_mib2_ip_group_mem(queue_t *, mblk_t *,
699 ip_stack_t *ipst);
700 static mblk_t *ip_snmp_get_mib2_ip6_group_mem(queue_t *, mblk_t *,
701 ip_stack_t *ipst);
702 static mblk_t *ip_snmp_get_mib2_virt_multi(queue_t *, mblk_t *,
703 ip_stack_t *ipst);
704 static mblk_t *ip_snmp_get_mib2_multi_rtable(queue_t *, mblk_t *,
705 ip_stack_t *ipst);
706 static mblk_t *ip_snmp_get_mib2_ip_route_media(queue_t *, mblk_t *, int,
707 ip_stack_t *ipst);
708 static mblk_t *ip_snmp_get_mib2_ip6_route_media(queue_t *, mblk_t *, int,
709 ip_stack_t *ipst);
710 static void ip_snmp_get2_v4(ire_t *, iproutedata_t *);
711 static void ip_snmp_get2_v6_route(ire_t *, iproutedata_t *);
712 static void ip_snmp_get2_v4_media(ncec_t *, void *);
713 static void ip_snmp_get2_v6_media(ncec_t *, void *);
714 int ip_snmp_set(queue_t *, int, int, uchar_t *, int);
715
716 static mblk_t *ip_fragment_copyhdr(uchar_t *, int, int, ip_stack_t *,
717 mblk_t *);
718
719 static void conn_drain_init(ip_stack_t *);
720 static void conn_drain_fini(ip_stack_t *);
721 static void conn_drain(conn_t *connp, boolean_t closing);
722
723 static void conn_walk_drain(ip_stack_t *, idl_tx_list_t *);
724 static void conn_walk_sctp(pfv_t, void *, zoneid_t, netstack_t *);
725
726 static void *ip_stack_init(netstackid_t stackid, netstack_t *ns);
727 static void ip_stack_shutdown(netstackid_t stackid, void *arg);
728 static void ip_stack_fini(netstackid_t stackid, void *arg);
729
730 static int ip_multirt_apply_membership(int (*fn)(conn_t *, boolean_t,
731 const in6_addr_t *, ipaddr_t, uint_t, mcast_record_t, const in6_addr_t *),
732 ire_t *, conn_t *, boolean_t, const in6_addr_t *, mcast_record_t,
733 const in6_addr_t *);
734
735 static int ip_squeue_switch(int);
736
737 static void *ip_kstat_init(netstackid_t, ip_stack_t *);
738 static void ip_kstat_fini(netstackid_t, kstat_t *);
739 static int ip_kstat_update(kstat_t *kp, int rw);
740 static void *icmp_kstat_init(netstackid_t);
741 static void icmp_kstat_fini(netstackid_t, kstat_t *);
742 static int icmp_kstat_update(kstat_t *kp, int rw);
743 static void *ip_kstat2_init(netstackid_t, ip_stat_t *);
744 static void ip_kstat2_fini(netstackid_t, kstat_t *);
745
746 static void ipobs_init(ip_stack_t *);
747 static void ipobs_fini(ip_stack_t *);
748
749 static int ip_tp_cpu_update(cpu_setup_t, int, void *);
750
751 ipaddr_t ip_g_all_ones = IP_HOST_MASK;
752
753 static long ip_rput_pullups;
754 int dohwcksum = 1; /* use h/w cksum if supported by the hardware */
755
756 vmem_t *ip_minor_arena_sa; /* for minor nos. from INET_MIN_DEV+2 thru 2^^18-1 */
757 vmem_t *ip_minor_arena_la; /* for minor nos. from 2^^18 thru 2^^32-1 */
758
759 int ip_debug;
760
761 /*
762 * Multirouting/CGTP stuff
763 */
764 int ip_cgtp_filter_rev = CGTP_FILTER_REV; /* CGTP hooks version */
765
766 /*
767 * IP tunables related declarations. Definitions are in ip_tunables.c
768 */
769 extern mod_prop_info_t ip_propinfo_tbl[];
770 extern int ip_propinfo_count;
771
772 /*
773 * Table of IP ioctls encoding the various properties of the ioctl and
774 * indexed based on the last byte of the ioctl command. Occasionally there
775 * is a clash, and there is more than 1 ioctl with the same last byte.
776 * In such a case 1 ioctl is encoded in the ndx table and the remaining
777 * ioctls are encoded in the misc table. An entry in the ndx table is
778 * retrieved by indexing on the last byte of the ioctl command and comparing
779 * the ioctl command with the value in the ndx table. In the event of a
780 * mismatch the misc table is then searched sequentially for the desired
781 * ioctl command.
782 *
783 * Entry: <command> <copyin_size> <flags> <cmd_type> <function> <restart_func>
784 */
785 ip_ioctl_cmd_t ip_ndx_ioctl_table[] = {
786 /* 000 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
787 /* 001 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
788 /* 002 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
789 /* 003 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
790 /* 004 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
791 /* 005 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
792 /* 006 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
793 /* 007 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
794 /* 008 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
795 /* 009 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
796
797 /* 010 */ { SIOCADDRT, sizeof (struct rtentry), IPI_PRIV,
798 MISC_CMD, ip_siocaddrt, NULL },
799 /* 011 */ { SIOCDELRT, sizeof (struct rtentry), IPI_PRIV,
800 MISC_CMD, ip_siocdelrt, NULL },
801
802 /* 012 */ { SIOCSIFADDR, sizeof (struct ifreq), IPI_PRIV | IPI_WR,
803 IF_CMD, ip_sioctl_addr, ip_sioctl_addr_restart },
804 /* 013 */ { SIOCGIFADDR, sizeof (struct ifreq), IPI_GET_CMD,
805 IF_CMD, ip_sioctl_get_addr, NULL },
806
807 /* 014 */ { SIOCSIFDSTADDR, sizeof (struct ifreq), IPI_PRIV | IPI_WR,
808 IF_CMD, ip_sioctl_dstaddr, ip_sioctl_dstaddr_restart },
809 /* 015 */ { SIOCGIFDSTADDR, sizeof (struct ifreq),
810 IPI_GET_CMD, IF_CMD, ip_sioctl_get_dstaddr, NULL },
811
812 /* 016 */ { SIOCSIFFLAGS, sizeof (struct ifreq),
813 IPI_PRIV | IPI_WR,
814 IF_CMD, ip_sioctl_flags, ip_sioctl_flags_restart },
815 /* 017 */ { SIOCGIFFLAGS, sizeof (struct ifreq),
816 IPI_MODOK | IPI_GET_CMD,
817 IF_CMD, ip_sioctl_get_flags, NULL },
818
819 /* 018 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
820 /* 019 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
821
822 /* copyin size cannot be coded for SIOCGIFCONF */
823 /* 020 */ { O_SIOCGIFCONF, 0, IPI_GET_CMD,
824 MISC_CMD, ip_sioctl_get_ifconf, NULL },
825
826 /* 021 */ { SIOCSIFMTU, sizeof (struct ifreq), IPI_PRIV | IPI_WR,
827 IF_CMD, ip_sioctl_mtu, NULL },
828 /* 022 */ { SIOCGIFMTU, sizeof (struct ifreq), IPI_GET_CMD,
829 IF_CMD, ip_sioctl_get_mtu, NULL },
830 /* 023 */ { SIOCGIFBRDADDR, sizeof (struct ifreq),
831 IPI_GET_CMD, IF_CMD, ip_sioctl_get_brdaddr, NULL },
832 /* 024 */ { SIOCSIFBRDADDR, sizeof (struct ifreq), IPI_PRIV | IPI_WR,
833 IF_CMD, ip_sioctl_brdaddr, NULL },
834 /* 025 */ { SIOCGIFNETMASK, sizeof (struct ifreq),
835 IPI_GET_CMD, IF_CMD, ip_sioctl_get_netmask, NULL },
836 /* 026 */ { SIOCSIFNETMASK, sizeof (struct ifreq), IPI_PRIV | IPI_WR,
837 IF_CMD, ip_sioctl_netmask, ip_sioctl_netmask_restart },
838 /* 027 */ { SIOCGIFMETRIC, sizeof (struct ifreq),
839 IPI_GET_CMD, IF_CMD, ip_sioctl_get_metric, NULL },
840 /* 028 */ { SIOCSIFMETRIC, sizeof (struct ifreq), IPI_PRIV,
841 IF_CMD, ip_sioctl_metric, NULL },
842 /* 029 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
843
844 /* See 166-168 below for extended SIOC*XARP ioctls */
845 /* 030 */ { SIOCSARP, sizeof (struct arpreq), IPI_PRIV | IPI_WR,
846 ARP_CMD, ip_sioctl_arp, NULL },
847 /* 031 */ { SIOCGARP, sizeof (struct arpreq), IPI_GET_CMD,
848 ARP_CMD, ip_sioctl_arp, NULL },
849 /* 032 */ { SIOCDARP, sizeof (struct arpreq), IPI_PRIV | IPI_WR,
850 ARP_CMD, ip_sioctl_arp, NULL },
851
852 /* 033 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
853 /* 034 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
854 /* 035 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
855 /* 036 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
856 /* 037 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
857 /* 038 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
858 /* 039 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
859 /* 040 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
860 /* 041 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
861 /* 042 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
862 /* 043 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
863 /* 044 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
864 /* 045 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
865 /* 046 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
866 /* 047 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
867 /* 048 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
868 /* 049 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
869 /* 050 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
870 /* 051 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
871 /* 052 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
872 /* 053 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
873
874 /* 054 */ { IF_UNITSEL, sizeof (int), IPI_PRIV | IPI_WR | IPI_MODOK,
875 MISC_CMD, if_unitsel, if_unitsel_restart },
876
877 /* 055 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
878 /* 056 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
879 /* 057 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
880 /* 058 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
881 /* 059 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
882 /* 060 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
883 /* 061 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
884 /* 062 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
885 /* 063 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
886 /* 064 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
887 /* 065 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
888 /* 066 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
889 /* 067 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
890 /* 068 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
891 /* 069 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
892 /* 070 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
893 /* 071 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
894 /* 072 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
895
896 /* 073 */ { SIOCSIFNAME, sizeof (struct ifreq),
897 IPI_PRIV | IPI_WR | IPI_MODOK,
898 IF_CMD, ip_sioctl_sifname, NULL },
899
900 /* 074 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
901 /* 075 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
902 /* 076 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
903 /* 077 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
904 /* 078 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
905 /* 079 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
906 /* 080 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
907 /* 081 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
908 /* 082 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
909 /* 083 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
910 /* 084 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
911 /* 085 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
912 /* 086 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
913
914 /* 087 */ { SIOCGIFNUM, sizeof (int), IPI_GET_CMD,
915 MISC_CMD, ip_sioctl_get_ifnum, NULL },
916 /* 088 */ { SIOCGIFMUXID, sizeof (struct ifreq), IPI_GET_CMD,
917 IF_CMD, ip_sioctl_get_muxid, NULL },
918 /* 089 */ { SIOCSIFMUXID, sizeof (struct ifreq),
919 IPI_PRIV | IPI_WR, IF_CMD, ip_sioctl_muxid, NULL },
920
921 /* Both if and lif variants share same func */
922 /* 090 */ { SIOCGIFINDEX, sizeof (struct ifreq), IPI_GET_CMD,
923 IF_CMD, ip_sioctl_get_lifindex, NULL },
924 /* Both if and lif variants share same func */
925 /* 091 */ { SIOCSIFINDEX, sizeof (struct ifreq),
926 IPI_PRIV | IPI_WR, IF_CMD, ip_sioctl_slifindex, NULL },
927
928 /* copyin size cannot be coded for SIOCGIFCONF */
929 /* 092 */ { SIOCGIFCONF, 0, IPI_GET_CMD,
930 MISC_CMD, ip_sioctl_get_ifconf, NULL },
931 /* 093 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
932 /* 094 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
933 /* 095 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
934 /* 096 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
935 /* 097 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
936 /* 098 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
937 /* 099 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
938 /* 100 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
939 /* 101 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
940 /* 102 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
941 /* 103 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
942 /* 104 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
943 /* 105 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
944 /* 106 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
945 /* 107 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
946 /* 108 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
947 /* 109 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
948
949 /* 110 */ { SIOCLIFREMOVEIF, sizeof (struct lifreq),
950 IPI_PRIV | IPI_WR, LIF_CMD, ip_sioctl_removeif,
951 ip_sioctl_removeif_restart },
952 /* 111 */ { SIOCLIFADDIF, sizeof (struct lifreq),
953 IPI_GET_CMD | IPI_PRIV | IPI_WR,
954 LIF_CMD, ip_sioctl_addif, NULL },
955 #define SIOCLIFADDR_NDX 112
956 /* 112 */ { SIOCSLIFADDR, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
957 LIF_CMD, ip_sioctl_addr, ip_sioctl_addr_restart },
958 /* 113 */ { SIOCGLIFADDR, sizeof (struct lifreq),
959 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_addr, NULL },
960 /* 114 */ { SIOCSLIFDSTADDR, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
961 LIF_CMD, ip_sioctl_dstaddr, ip_sioctl_dstaddr_restart },
962 /* 115 */ { SIOCGLIFDSTADDR, sizeof (struct lifreq),
963 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_dstaddr, NULL },
964 /* 116 */ { SIOCSLIFFLAGS, sizeof (struct lifreq),
965 IPI_PRIV | IPI_WR,
966 LIF_CMD, ip_sioctl_flags, ip_sioctl_flags_restart },
967 /* 117 */ { SIOCGLIFFLAGS, sizeof (struct lifreq),
968 IPI_GET_CMD | IPI_MODOK,
969 LIF_CMD, ip_sioctl_get_flags, NULL },
970
971 /* 118 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
972 /* 119 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
973
974 /* 120 */ { O_SIOCGLIFCONF, 0, IPI_GET_CMD, MISC_CMD,
975 ip_sioctl_get_lifconf, NULL },
976 /* 121 */ { SIOCSLIFMTU, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
977 LIF_CMD, ip_sioctl_mtu, NULL },
978 /* 122 */ { SIOCGLIFMTU, sizeof (struct lifreq), IPI_GET_CMD,
979 LIF_CMD, ip_sioctl_get_mtu, NULL },
980 /* 123 */ { SIOCGLIFBRDADDR, sizeof (struct lifreq),
981 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_brdaddr, NULL },
982 /* 124 */ { SIOCSLIFBRDADDR, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
983 LIF_CMD, ip_sioctl_brdaddr, NULL },
984 /* 125 */ { SIOCGLIFNETMASK, sizeof (struct lifreq),
985 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_netmask, NULL },
986 /* 126 */ { SIOCSLIFNETMASK, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
987 LIF_CMD, ip_sioctl_netmask, ip_sioctl_netmask_restart },
988 /* 127 */ { SIOCGLIFMETRIC, sizeof (struct lifreq),
989 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_metric, NULL },
990 /* 128 */ { SIOCSLIFMETRIC, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
991 LIF_CMD, ip_sioctl_metric, NULL },
992 /* 129 */ { SIOCSLIFNAME, sizeof (struct lifreq),
993 IPI_PRIV | IPI_WR | IPI_MODOK,
994 LIF_CMD, ip_sioctl_slifname,
995 ip_sioctl_slifname_restart },
996
997 /* 130 */ { SIOCGLIFNUM, sizeof (struct lifnum), IPI_GET_CMD,
998 MISC_CMD, ip_sioctl_get_lifnum, NULL },
999 /* 131 */ { SIOCGLIFMUXID, sizeof (struct lifreq),
1000 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_muxid, NULL },
1001 /* 132 */ { SIOCSLIFMUXID, sizeof (struct lifreq),
1002 IPI_PRIV | IPI_WR, LIF_CMD, ip_sioctl_muxid, NULL },
1003 /* 133 */ { SIOCGLIFINDEX, sizeof (struct lifreq),
1004 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_lifindex, 0 },
1005 /* 134 */ { SIOCSLIFINDEX, sizeof (struct lifreq),
1006 IPI_PRIV | IPI_WR, LIF_CMD, ip_sioctl_slifindex, 0 },
1007 /* 135 */ { SIOCSLIFTOKEN, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
1008 LIF_CMD, ip_sioctl_token, NULL },
1009 /* 136 */ { SIOCGLIFTOKEN, sizeof (struct lifreq),
1010 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_token, NULL },
1011 /* 137 */ { SIOCSLIFSUBNET, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
1012 LIF_CMD, ip_sioctl_subnet, ip_sioctl_subnet_restart },
1013 /* 138 */ { SIOCGLIFSUBNET, sizeof (struct lifreq),
1014 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_subnet, NULL },
1015 /* 139 */ { SIOCSLIFLNKINFO, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
1016 LIF_CMD, ip_sioctl_lnkinfo, NULL },
1017
1018 /* 140 */ { SIOCGLIFLNKINFO, sizeof (struct lifreq),
1019 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_lnkinfo, NULL },
1020 /* 141 */ { SIOCLIFDELND, sizeof (struct lifreq), IPI_PRIV,
1021 LIF_CMD, ip_siocdelndp_v6, NULL },
1022 /* 142 */ { SIOCLIFGETND, sizeof (struct lifreq), IPI_GET_CMD,
1023 LIF_CMD, ip_siocqueryndp_v6, NULL },
1024 /* 143 */ { SIOCLIFSETND, sizeof (struct lifreq), IPI_PRIV,
1025 LIF_CMD, ip_siocsetndp_v6, NULL },
1026 /* 144 */ { SIOCTMYADDR, sizeof (struct sioc_addrreq), IPI_GET_CMD,
1027 MISC_CMD, ip_sioctl_tmyaddr, NULL },
1028 /* 145 */ { SIOCTONLINK, sizeof (struct sioc_addrreq), IPI_GET_CMD,
1029 MISC_CMD, ip_sioctl_tonlink, NULL },
1030 /* 146 */ { SIOCTMYSITE, sizeof (struct sioc_addrreq), 0,
1031 MISC_CMD, ip_sioctl_tmysite, NULL },
1032 /* 147 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1033 /* 148 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1034
1035 /* Old *IPSECONFIG ioctls are now deprecated, now see spdsock.c */
1036 /* 149 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1037 /* 150 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1038 /* 151 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1039 /* 152 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1040
1041 /* 153 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1042
1043 /* 154 */ { SIOCGLIFBINDING, sizeof (struct lifreq), IPI_GET_CMD,
1044 LIF_CMD, ip_sioctl_get_binding, NULL },
1045 /* 155 */ { SIOCSLIFGROUPNAME, sizeof (struct lifreq),
1046 IPI_PRIV | IPI_WR,
1047 LIF_CMD, ip_sioctl_groupname, ip_sioctl_groupname },
1048 /* 156 */ { SIOCGLIFGROUPNAME, sizeof (struct lifreq),
1049 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_groupname, NULL },
1050 /* 157 */ { SIOCGLIFGROUPINFO, sizeof (lifgroupinfo_t),
1051 IPI_GET_CMD, MISC_CMD, ip_sioctl_groupinfo, NULL },
1052
1053 /* Leave 158-160 unused; used to be SIOC*IFARP ioctls */
1054 /* 158 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1055 /* 159 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1056 /* 160 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1057
1058 /* 161 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1059
1060 /* These are handled in ip_sioctl_copyin_setup itself */
1061 /* 162 */ { SIOCGIP6ADDRPOLICY, 0, IPI_NULL_BCONT,
1062 MISC_CMD, NULL, NULL },
1063 /* 163 */ { SIOCSIP6ADDRPOLICY, 0, IPI_PRIV | IPI_NULL_BCONT,
1064 MISC_CMD, NULL, NULL },
1065 /* 164 */ { SIOCGDSTINFO, 0, IPI_GET_CMD, MISC_CMD, NULL, NULL },
1066
1067 /* 165 */ { SIOCGLIFCONF, 0, IPI_GET_CMD, MISC_CMD,
1068 ip_sioctl_get_lifconf, NULL },
1069
1070 /* 166 */ { SIOCSXARP, sizeof (struct xarpreq), IPI_PRIV | IPI_WR,
1071 XARP_CMD, ip_sioctl_arp, NULL },
1072 /* 167 */ { SIOCGXARP, sizeof (struct xarpreq), IPI_GET_CMD,
1073 XARP_CMD, ip_sioctl_arp, NULL },
1074 /* 168 */ { SIOCDXARP, sizeof (struct xarpreq), IPI_PRIV | IPI_WR,
1075 XARP_CMD, ip_sioctl_arp, NULL },
1076
1077 /* SIOCPOPSOCKFS is not handled by IP */
1078 /* 169 */ { IPI_DONTCARE /* SIOCPOPSOCKFS */, 0, 0, 0, NULL, NULL },
1079
1080 /* 170 */ { SIOCGLIFZONE, sizeof (struct lifreq),
1081 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_lifzone, NULL },
1082 /* 171 */ { SIOCSLIFZONE, sizeof (struct lifreq),
1083 IPI_PRIV | IPI_WR, LIF_CMD, ip_sioctl_slifzone,
1084 ip_sioctl_slifzone_restart },
1085 /* 172-174 are SCTP ioctls and not handled by IP */
1086 /* 172 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1087 /* 173 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1088 /* 174 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1089 /* 175 */ { SIOCGLIFUSESRC, sizeof (struct lifreq),
1090 IPI_GET_CMD, LIF_CMD,
1091 ip_sioctl_get_lifusesrc, 0 },
1092 /* 176 */ { SIOCSLIFUSESRC, sizeof (struct lifreq),
1093 IPI_PRIV | IPI_WR,
1094 LIF_CMD, ip_sioctl_slifusesrc,
1095 NULL },
1096 /* 177 */ { SIOCGLIFSRCOF, 0, IPI_GET_CMD, MISC_CMD,
1097 ip_sioctl_get_lifsrcof, NULL },
1098 /* 178 */ { SIOCGMSFILTER, sizeof (struct group_filter), IPI_GET_CMD,
1099 MSFILT_CMD, ip_sioctl_msfilter, NULL },
1100 /* 179 */ { SIOCSMSFILTER, sizeof (struct group_filter), 0,
1101 MSFILT_CMD, ip_sioctl_msfilter, NULL },
1102 /* 180 */ { SIOCGIPMSFILTER, sizeof (struct ip_msfilter), IPI_GET_CMD,
1103 MSFILT_CMD, ip_sioctl_msfilter, NULL },
1104 /* 181 */ { SIOCSIPMSFILTER, sizeof (struct ip_msfilter), 0,
1105 MSFILT_CMD, ip_sioctl_msfilter, NULL },
1106 /* 182 */ { IPI_DONTCARE, 0, 0, 0, NULL, NULL },
1107 /* SIOCSENABLESDP is handled by SDP */
1108 /* 183 */ { IPI_DONTCARE /* SIOCSENABLESDP */, 0, 0, 0, NULL, NULL },
1109 /* 184 */ { IPI_DONTCARE /* SIOCSQPTR */, 0, 0, 0, NULL, NULL },
1110 /* 185 */ { SIOCGIFHWADDR, sizeof (struct ifreq), IPI_GET_CMD,
1111 IF_CMD, ip_sioctl_get_ifhwaddr, NULL },
1112 /* 186 */ { IPI_DONTCARE /* SIOCGSTAMP */, 0, 0, 0, NULL, NULL },
1113 /* 187 */ { SIOCILB, 0, IPI_PRIV | IPI_GET_CMD, MISC_CMD,
1114 ip_sioctl_ilb_cmd, NULL },
1115 /* 188 */ { SIOCGETPROP, 0, IPI_GET_CMD, 0, NULL, NULL },
1116 /* 189 */ { SIOCSETPROP, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL},
1117 /* 190 */ { SIOCGLIFDADSTATE, sizeof (struct lifreq),
1118 IPI_GET_CMD, LIF_CMD, ip_sioctl_get_dadstate, NULL },
1119 /* 191 */ { SIOCSLIFPREFIX, sizeof (struct lifreq), IPI_PRIV | IPI_WR,
1120 LIF_CMD, ip_sioctl_prefix, ip_sioctl_prefix_restart },
1121 /* 192 */ { SIOCGLIFHWADDR, sizeof (struct lifreq), IPI_GET_CMD,
1122 LIF_CMD, ip_sioctl_get_lifhwaddr, NULL }
1123 };
1124
1125 int ip_ndx_ioctl_count = sizeof (ip_ndx_ioctl_table) / sizeof (ip_ioctl_cmd_t);
1126
1127 ip_ioctl_cmd_t ip_misc_ioctl_table[] = {
1128 { I_LINK, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL },
1129 { I_UNLINK, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL },
1130 { I_PLINK, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL },
1131 { I_PUNLINK, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL },
1132 { ND_GET, 0, 0, 0, NULL, NULL },
1133 { ND_SET, 0, IPI_PRIV | IPI_WR, 0, NULL, NULL },
1134 { IP_IOCTL, 0, 0, 0, NULL, NULL },
1135 { SIOCGETVIFCNT, sizeof (struct sioc_vif_req), IPI_GET_CMD,
1136 MISC_CMD, mrt_ioctl},
1137 { SIOCGETSGCNT, sizeof (struct sioc_sg_req), IPI_GET_CMD,
1138 MISC_CMD, mrt_ioctl},
1139 { SIOCGETLSGCNT, sizeof (struct sioc_lsg_req), IPI_GET_CMD,
1140 MISC_CMD, mrt_ioctl}
1141 };
1142
1143 int ip_misc_ioctl_count =
1144 sizeof (ip_misc_ioctl_table) / sizeof (ip_ioctl_cmd_t);
1145
1146 int conn_drain_nthreads; /* Number of drainers reqd. */
1147 /* Settable in /etc/system */
1148 /* Defined in ip_ire.c */
1149 extern uint32_t ip_ire_max_bucket_cnt, ip6_ire_max_bucket_cnt;
1150 extern uint32_t ip_ire_min_bucket_cnt, ip6_ire_min_bucket_cnt;
1151 extern uint32_t ip_ire_mem_ratio, ip_ire_cpu_ratio;
1152
1153 static nv_t ire_nv_arr[] = {
1154 { IRE_BROADCAST, "BROADCAST" },
1155 { IRE_LOCAL, "LOCAL" },
1156 { IRE_LOOPBACK, "LOOPBACK" },
1157 { IRE_DEFAULT, "DEFAULT" },
1158 { IRE_PREFIX, "PREFIX" },
1159 { IRE_IF_NORESOLVER, "IF_NORESOL" },
1160 { IRE_IF_RESOLVER, "IF_RESOLV" },
1161 { IRE_IF_CLONE, "IF_CLONE" },
1162 { IRE_HOST, "HOST" },
1163 { IRE_MULTICAST, "MULTICAST" },
1164 { IRE_NOROUTE, "NOROUTE" },
1165 { 0 }
1166 };
1167
1168 nv_t *ire_nv_tbl = ire_nv_arr;
1169
1170 /* Simple ICMP IP Header Template */
1171 static ipha_t icmp_ipha = {
1172 IP_SIMPLE_HDR_VERSION, 0, 0, 0, 0, 0, IPPROTO_ICMP
1173 };
1174
1175 struct module_info ip_mod_info = {
1176 IP_MOD_ID, IP_MOD_NAME, IP_MOD_MINPSZ, IP_MOD_MAXPSZ, IP_MOD_HIWAT,
1177 IP_MOD_LOWAT
1178 };
1179
1180 /*
1181 * Duplicate static symbols within a module confuses mdb; so we avoid the
1182 * problem by making the symbols here distinct from those in udp.c.
1183 */
1184
1185 /*
1186 * Entry points for IP as a device and as a module.
1187 * We have separate open functions for the /dev/ip and /dev/ip6 devices.
1188 */
1189 static struct qinit iprinitv4 = {
1190 ip_rput, NULL, ip_openv4, ip_close, NULL, &ip_mod_info
1191 };
1192
1193 struct qinit iprinitv6 = {
1194 ip_rput_v6, NULL, ip_openv6, ip_close, NULL, &ip_mod_info
1195 };
1196
1197 static struct qinit ipwinit = {
1198 ip_wput_nondata, ip_wsrv, NULL, NULL, NULL, &ip_mod_info
1199 };
1200
1201 static struct qinit iplrinit = {
1202 ip_lrput, NULL, ip_openv4, ip_close, NULL, &ip_mod_info
1203 };
1204
1205 static struct qinit iplwinit = {
1206 ip_lwput, NULL, NULL, NULL, NULL, &ip_mod_info
1207 };
1208
1209 /* For AF_INET aka /dev/ip */
1210 struct streamtab ipinfov4 = {
1211 &iprinitv4, &ipwinit, &iplrinit, &iplwinit
1212 };
1213
1214 /* For AF_INET6 aka /dev/ip6 */
1215 struct streamtab ipinfov6 = {
1216 &iprinitv6, &ipwinit, &iplrinit, &iplwinit
1217 };
1218
1219 #ifdef DEBUG
1220 boolean_t skip_sctp_cksum = B_FALSE;
1221 #endif
1222
1223 /*
1224 * Generate an ICMP fragmentation needed message.
1225 * When called from ip_output side a minimal ip_recv_attr_t needs to be
1226 * constructed by the caller.
1227 */
1228 void
icmp_frag_needed(mblk_t * mp,int mtu,ip_recv_attr_t * ira)1229 icmp_frag_needed(mblk_t *mp, int mtu, ip_recv_attr_t *ira)
1230 {
1231 icmph_t icmph;
1232 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
1233
1234 mp = icmp_pkt_err_ok(mp, ira);
1235 if (mp == NULL)
1236 return;
1237
1238 bzero(&icmph, sizeof (icmph_t));
1239 icmph.icmph_type = ICMP_DEST_UNREACHABLE;
1240 icmph.icmph_code = ICMP_FRAGMENTATION_NEEDED;
1241 icmph.icmph_du_mtu = htons((uint16_t)mtu);
1242 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutFragNeeded);
1243 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDestUnreachs);
1244
1245 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira);
1246 }
1247
1248 /*
1249 * icmp_inbound_v4 deals with ICMP messages that are handled by IP.
1250 * If the ICMP message is consumed by IP, i.e., it should not be delivered
1251 * to any IPPROTO_ICMP raw sockets, then it returns NULL.
1252 * Likewise, if the ICMP error is misformed (too short, etc), then it
1253 * returns NULL. The caller uses this to determine whether or not to send
1254 * to raw sockets.
1255 *
1256 * All error messages are passed to the matching transport stream.
1257 *
1258 * The following cases are handled by icmp_inbound:
1259 * 1) It needs to send a reply back and possibly delivering it
1260 * to the "interested" upper clients.
1261 * 2) Return the mblk so that the caller can pass it to the RAW socket clients.
1262 * 3) It needs to change some values in IP only.
1263 * 4) It needs to change some values in IP and upper layers e.g TCP
1264 * by delivering an error to the upper layers.
1265 *
1266 * We handle the above three cases in the context of IPsec in the
1267 * following way :
1268 *
1269 * 1) Send the reply back in the same way as the request came in.
1270 * If it came in encrypted, it goes out encrypted. If it came in
1271 * clear, it goes out in clear. Thus, this will prevent chosen
1272 * plain text attack.
1273 * 2) The client may or may not expect things to come in secure.
1274 * If it comes in secure, the policy constraints are checked
1275 * before delivering it to the upper layers. If it comes in
1276 * clear, ipsec_inbound_accept_clear will decide whether to
1277 * accept this in clear or not. In both the cases, if the returned
1278 * message (IP header + 8 bytes) that caused the icmp message has
1279 * AH/ESP headers, it is sent up to AH/ESP for validation before
1280 * sending up. If there are only 8 bytes of returned message, then
1281 * upper client will not be notified.
1282 * 3) Check with global policy to see whether it matches the constaints.
1283 * But this will be done only if icmp_accept_messages_in_clear is
1284 * zero.
1285 * 4) If we need to change both in IP and ULP, then the decision taken
1286 * while affecting the values in IP and while delivering up to TCP
1287 * should be the same.
1288 *
1289 * There are two cases.
1290 *
1291 * a) If we reject data at the IP layer (ipsec_check_global_policy()
1292 * failed), we will not deliver it to the ULP, even though they
1293 * are *willing* to accept in *clear*. This is fine as our global
1294 * disposition to icmp messages asks us reject the datagram.
1295 *
1296 * b) If we accept data at the IP layer (ipsec_check_global_policy()
1297 * succeeded or icmp_accept_messages_in_clear is 1), and not able
1298 * to deliver it to ULP (policy failed), it can lead to
1299 * consistency problems. The cases known at this time are
1300 * ICMP_DESTINATION_UNREACHABLE messages with following code
1301 * values :
1302 *
1303 * - ICMP_FRAGMENTATION_NEEDED : IP adapts to the new value
1304 * and Upper layer rejects. Then the communication will
1305 * come to a stop. This is solved by making similar decisions
1306 * at both levels. Currently, when we are unable to deliver
1307 * to the Upper Layer (due to policy failures) while IP has
1308 * adjusted dce_pmtu, the next outbound datagram would
1309 * generate a local ICMP_FRAGMENTATION_NEEDED message - which
1310 * will be with the right level of protection. Thus the right
1311 * value will be communicated even if we are not able to
1312 * communicate when we get from the wire initially. But this
1313 * assumes there would be at least one outbound datagram after
1314 * IP has adjusted its dce_pmtu value. To make things
1315 * simpler, we accept in clear after the validation of
1316 * AH/ESP headers.
1317 *
1318 * - Other ICMP ERRORS : We may not be able to deliver it to the
1319 * upper layer depending on the level of protection the upper
1320 * layer expects and the disposition in ipsec_inbound_accept_clear().
1321 * ipsec_inbound_accept_clear() decides whether a given ICMP error
1322 * should be accepted in clear when the Upper layer expects secure.
1323 * Thus the communication may get aborted by some bad ICMP
1324 * packets.
1325 */
1326 mblk_t *
icmp_inbound_v4(mblk_t * mp,ip_recv_attr_t * ira)1327 icmp_inbound_v4(mblk_t *mp, ip_recv_attr_t *ira)
1328 {
1329 icmph_t *icmph;
1330 ipha_t *ipha; /* Outer header */
1331 int ip_hdr_length; /* Outer header length */
1332 boolean_t interested;
1333 ipif_t *ipif;
1334 uint32_t ts;
1335 uint32_t *tsp;
1336 timestruc_t now;
1337 ill_t *ill = ira->ira_ill;
1338 ip_stack_t *ipst = ill->ill_ipst;
1339 zoneid_t zoneid = ira->ira_zoneid;
1340 int len_needed;
1341 mblk_t *mp_ret = NULL;
1342
1343 ipha = (ipha_t *)mp->b_rptr;
1344
1345 BUMP_MIB(&ipst->ips_icmp_mib, icmpInMsgs);
1346
1347 ip_hdr_length = ira->ira_ip_hdr_length;
1348 if ((mp->b_wptr - mp->b_rptr) < (ip_hdr_length + ICMPH_SIZE)) {
1349 if (ira->ira_pktlen < (ip_hdr_length + ICMPH_SIZE)) {
1350 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts);
1351 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill);
1352 freemsg(mp);
1353 return (NULL);
1354 }
1355 /* Last chance to get real. */
1356 ipha = ip_pullup(mp, ip_hdr_length + ICMPH_SIZE, ira);
1357 if (ipha == NULL) {
1358 BUMP_MIB(&ipst->ips_icmp_mib, icmpInErrors);
1359 freemsg(mp);
1360 return (NULL);
1361 }
1362 }
1363
1364 /* The IP header will always be a multiple of four bytes */
1365 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1366 ip2dbg(("icmp_inbound_v4: type %d code %d\n", icmph->icmph_type,
1367 icmph->icmph_code));
1368
1369 /*
1370 * We will set "interested" to "true" if we should pass a copy to
1371 * the transport or if we handle the packet locally.
1372 */
1373 interested = B_FALSE;
1374 switch (icmph->icmph_type) {
1375 case ICMP_ECHO_REPLY:
1376 BUMP_MIB(&ipst->ips_icmp_mib, icmpInEchoReps);
1377 break;
1378 case ICMP_DEST_UNREACHABLE:
1379 if (icmph->icmph_code == ICMP_FRAGMENTATION_NEEDED)
1380 BUMP_MIB(&ipst->ips_icmp_mib, icmpInFragNeeded);
1381 interested = B_TRUE; /* Pass up to transport */
1382 BUMP_MIB(&ipst->ips_icmp_mib, icmpInDestUnreachs);
1383 break;
1384 case ICMP_SOURCE_QUENCH:
1385 interested = B_TRUE; /* Pass up to transport */
1386 BUMP_MIB(&ipst->ips_icmp_mib, icmpInSrcQuenchs);
1387 break;
1388 case ICMP_REDIRECT:
1389 if (!ipst->ips_ip_ignore_redirect)
1390 interested = B_TRUE;
1391 BUMP_MIB(&ipst->ips_icmp_mib, icmpInRedirects);
1392 break;
1393 case ICMP_ECHO_REQUEST:
1394 /*
1395 * Whether to respond to echo requests that come in as IP
1396 * broadcasts or as IP multicast is subject to debate
1397 * (what isn't?). We aim to please, you pick it.
1398 * Default is do it.
1399 */
1400 if (ira->ira_flags & IRAF_MULTICAST) {
1401 /* multicast: respond based on tunable */
1402 interested = ipst->ips_ip_g_resp_to_echo_mcast;
1403 } else if (ira->ira_flags & IRAF_BROADCAST) {
1404 /* broadcast: respond based on tunable */
1405 interested = ipst->ips_ip_g_resp_to_echo_bcast;
1406 } else {
1407 /* unicast: always respond */
1408 interested = B_TRUE;
1409 }
1410 BUMP_MIB(&ipst->ips_icmp_mib, icmpInEchos);
1411 if (!interested) {
1412 /* We never pass these to RAW sockets */
1413 freemsg(mp);
1414 return (NULL);
1415 }
1416
1417 /* Check db_ref to make sure we can modify the packet. */
1418 if (mp->b_datap->db_ref > 1) {
1419 mblk_t *mp1;
1420
1421 mp1 = copymsg(mp);
1422 freemsg(mp);
1423 if (!mp1) {
1424 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops);
1425 return (NULL);
1426 }
1427 mp = mp1;
1428 ipha = (ipha_t *)mp->b_rptr;
1429 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1430 }
1431 icmph->icmph_type = ICMP_ECHO_REPLY;
1432 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutEchoReps);
1433 icmp_send_reply_v4(mp, ipha, icmph, ira);
1434 return (NULL);
1435
1436 case ICMP_ROUTER_ADVERTISEMENT:
1437 case ICMP_ROUTER_SOLICITATION:
1438 break;
1439 case ICMP_TIME_EXCEEDED:
1440 interested = B_TRUE; /* Pass up to transport */
1441 BUMP_MIB(&ipst->ips_icmp_mib, icmpInTimeExcds);
1442 break;
1443 case ICMP_PARAM_PROBLEM:
1444 interested = B_TRUE; /* Pass up to transport */
1445 BUMP_MIB(&ipst->ips_icmp_mib, icmpInParmProbs);
1446 break;
1447 case ICMP_TIME_STAMP_REQUEST:
1448 /* Response to Time Stamp Requests is local policy. */
1449 if (ipst->ips_ip_g_resp_to_timestamp) {
1450 if (ira->ira_flags & IRAF_MULTIBROADCAST)
1451 interested =
1452 ipst->ips_ip_g_resp_to_timestamp_bcast;
1453 else
1454 interested = B_TRUE;
1455 }
1456 if (!interested) {
1457 /* We never pass these to RAW sockets */
1458 freemsg(mp);
1459 return (NULL);
1460 }
1461
1462 /* Make sure we have enough of the packet */
1463 len_needed = ip_hdr_length + ICMPH_SIZE +
1464 3 * sizeof (uint32_t);
1465
1466 if (mp->b_wptr - mp->b_rptr < len_needed) {
1467 ipha = ip_pullup(mp, len_needed, ira);
1468 if (ipha == NULL) {
1469 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1470 ip_drop_input("ipIfStatsInDiscards - ip_pullup",
1471 mp, ill);
1472 freemsg(mp);
1473 return (NULL);
1474 }
1475 /* Refresh following the pullup. */
1476 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1477 }
1478 BUMP_MIB(&ipst->ips_icmp_mib, icmpInTimestamps);
1479 /* Check db_ref to make sure we can modify the packet. */
1480 if (mp->b_datap->db_ref > 1) {
1481 mblk_t *mp1;
1482
1483 mp1 = copymsg(mp);
1484 freemsg(mp);
1485 if (!mp1) {
1486 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops);
1487 return (NULL);
1488 }
1489 mp = mp1;
1490 ipha = (ipha_t *)mp->b_rptr;
1491 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1492 }
1493 icmph->icmph_type = ICMP_TIME_STAMP_REPLY;
1494 tsp = (uint32_t *)&icmph[1];
1495 tsp++; /* Skip past 'originate time' */
1496 /* Compute # of milliseconds since midnight */
1497 gethrestime(&now);
1498 ts = (now.tv_sec % (24 * 60 * 60)) * 1000 +
1499 NSEC2MSEC(now.tv_nsec);
1500 *tsp++ = htonl(ts); /* Lay in 'receive time' */
1501 *tsp++ = htonl(ts); /* Lay in 'send time' */
1502 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutTimestampReps);
1503 icmp_send_reply_v4(mp, ipha, icmph, ira);
1504 return (NULL);
1505
1506 case ICMP_TIME_STAMP_REPLY:
1507 BUMP_MIB(&ipst->ips_icmp_mib, icmpInTimestampReps);
1508 break;
1509 case ICMP_INFO_REQUEST:
1510 /* Per RFC 1122 3.2.2.7, ignore this. */
1511 case ICMP_INFO_REPLY:
1512 break;
1513 case ICMP_ADDRESS_MASK_REQUEST:
1514 if (ira->ira_flags & IRAF_MULTIBROADCAST) {
1515 interested =
1516 ipst->ips_ip_respond_to_address_mask_broadcast;
1517 } else {
1518 interested = B_TRUE;
1519 }
1520 if (!interested) {
1521 /* We never pass these to RAW sockets */
1522 freemsg(mp);
1523 return (NULL);
1524 }
1525 len_needed = ip_hdr_length + ICMPH_SIZE + IP_ADDR_LEN;
1526 if (mp->b_wptr - mp->b_rptr < len_needed) {
1527 ipha = ip_pullup(mp, len_needed, ira);
1528 if (ipha == NULL) {
1529 BUMP_MIB(ill->ill_ip_mib,
1530 ipIfStatsInTruncatedPkts);
1531 ip_drop_input("ipIfStatsInTruncatedPkts", mp,
1532 ill);
1533 freemsg(mp);
1534 return (NULL);
1535 }
1536 /* Refresh following the pullup. */
1537 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1538 }
1539 BUMP_MIB(&ipst->ips_icmp_mib, icmpInAddrMasks);
1540 /* Check db_ref to make sure we can modify the packet. */
1541 if (mp->b_datap->db_ref > 1) {
1542 mblk_t *mp1;
1543
1544 mp1 = copymsg(mp);
1545 freemsg(mp);
1546 if (!mp1) {
1547 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops);
1548 return (NULL);
1549 }
1550 mp = mp1;
1551 ipha = (ipha_t *)mp->b_rptr;
1552 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1553 }
1554 /*
1555 * Need the ipif with the mask be the same as the source
1556 * address of the mask reply. For unicast we have a specific
1557 * ipif. For multicast/broadcast we only handle onlink
1558 * senders, and use the source address to pick an ipif.
1559 */
1560 ipif = ipif_lookup_addr(ipha->ipha_dst, ill, zoneid, ipst);
1561 if (ipif == NULL) {
1562 /* Broadcast or multicast */
1563 ipif = ipif_lookup_remote(ill, ipha->ipha_src, zoneid);
1564 if (ipif == NULL) {
1565 freemsg(mp);
1566 return (NULL);
1567 }
1568 }
1569 icmph->icmph_type = ICMP_ADDRESS_MASK_REPLY;
1570 bcopy(&ipif->ipif_net_mask, &icmph[1], IP_ADDR_LEN);
1571 ipif_refrele(ipif);
1572 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutAddrMaskReps);
1573 icmp_send_reply_v4(mp, ipha, icmph, ira);
1574 return (NULL);
1575
1576 case ICMP_ADDRESS_MASK_REPLY:
1577 BUMP_MIB(&ipst->ips_icmp_mib, icmpInAddrMaskReps);
1578 break;
1579 default:
1580 interested = B_TRUE; /* Pass up to transport */
1581 BUMP_MIB(&ipst->ips_icmp_mib, icmpInUnknowns);
1582 break;
1583 }
1584 /*
1585 * See if there is an ICMP client to avoid an extra copymsg/freemsg
1586 * if there isn't one.
1587 */
1588 if (ipst->ips_ipcl_proto_fanout_v4[IPPROTO_ICMP].connf_head != NULL) {
1589 /* If there is an ICMP client and we want one too, copy it. */
1590
1591 if (!interested) {
1592 /* Caller will deliver to RAW sockets */
1593 return (mp);
1594 }
1595 mp_ret = copymsg(mp);
1596 if (mp_ret == NULL) {
1597 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1598 ip_drop_input("ipIfStatsInDiscards - copymsg", mp, ill);
1599 }
1600 } else if (!interested) {
1601 /* Neither we nor raw sockets are interested. Drop packet now */
1602 freemsg(mp);
1603 return (NULL);
1604 }
1605
1606 /*
1607 * ICMP error or redirect packet. Make sure we have enough of
1608 * the header and that db_ref == 1 since we might end up modifying
1609 * the packet.
1610 */
1611 if (mp->b_cont != NULL) {
1612 if (ip_pullup(mp, -1, ira) == NULL) {
1613 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1614 ip_drop_input("ipIfStatsInDiscards - ip_pullup",
1615 mp, ill);
1616 freemsg(mp);
1617 return (mp_ret);
1618 }
1619 }
1620
1621 if (mp->b_datap->db_ref > 1) {
1622 mblk_t *mp1;
1623
1624 mp1 = copymsg(mp);
1625 if (mp1 == NULL) {
1626 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1627 ip_drop_input("ipIfStatsInDiscards - copymsg", mp, ill);
1628 freemsg(mp);
1629 return (mp_ret);
1630 }
1631 freemsg(mp);
1632 mp = mp1;
1633 }
1634
1635 /*
1636 * In case mp has changed, verify the message before any further
1637 * processes.
1638 */
1639 ipha = (ipha_t *)mp->b_rptr;
1640 icmph = (icmph_t *)&mp->b_rptr[ip_hdr_length];
1641 if (!icmp_inbound_verify_v4(mp, icmph, ira)) {
1642 freemsg(mp);
1643 return (mp_ret);
1644 }
1645
1646 switch (icmph->icmph_type) {
1647 case ICMP_REDIRECT:
1648 icmp_redirect_v4(mp, ipha, icmph, ira);
1649 break;
1650 case ICMP_DEST_UNREACHABLE:
1651 if (icmph->icmph_code == ICMP_FRAGMENTATION_NEEDED) {
1652 /* Update DCE and adjust MTU is icmp header if needed */
1653 icmp_inbound_too_big_v4(icmph, ira);
1654 }
1655 /* FALLTHROUGH */
1656 default:
1657 icmp_inbound_error_fanout_v4(mp, icmph, ira);
1658 break;
1659 }
1660 return (mp_ret);
1661 }
1662
1663 /*
1664 * Send an ICMP echo, timestamp or address mask reply.
1665 * The caller has already updated the payload part of the packet.
1666 * We handle the ICMP checksum, IP source address selection and feed
1667 * the packet into ip_output_simple.
1668 */
1669 static void
icmp_send_reply_v4(mblk_t * mp,ipha_t * ipha,icmph_t * icmph,ip_recv_attr_t * ira)1670 icmp_send_reply_v4(mblk_t *mp, ipha_t *ipha, icmph_t *icmph,
1671 ip_recv_attr_t *ira)
1672 {
1673 uint_t ip_hdr_length = ira->ira_ip_hdr_length;
1674 ill_t *ill = ira->ira_ill;
1675 ip_stack_t *ipst = ill->ill_ipst;
1676 ip_xmit_attr_t ixas;
1677
1678 /* Send out an ICMP packet */
1679 icmph->icmph_checksum = 0;
1680 icmph->icmph_checksum = IP_CSUM(mp, ip_hdr_length, 0);
1681 /* Reset time to live. */
1682 ipha->ipha_ttl = ipst->ips_ip_def_ttl;
1683 {
1684 /* Swap source and destination addresses */
1685 ipaddr_t tmp;
1686
1687 tmp = ipha->ipha_src;
1688 ipha->ipha_src = ipha->ipha_dst;
1689 ipha->ipha_dst = tmp;
1690 }
1691 ipha->ipha_ident = 0;
1692 if (!IS_SIMPLE_IPH(ipha))
1693 icmp_options_update(ipha);
1694
1695 bzero(&ixas, sizeof (ixas));
1696 ixas.ixa_flags = IXAF_BASIC_SIMPLE_V4;
1697 ixas.ixa_zoneid = ira->ira_zoneid;
1698 ixas.ixa_cred = kcred;
1699 ixas.ixa_cpid = NOPID;
1700 ixas.ixa_tsl = ira->ira_tsl; /* Behave as a multi-level responder */
1701 ixas.ixa_ifindex = 0;
1702 ixas.ixa_ipst = ipst;
1703 ixas.ixa_multicast_ttl = IP_DEFAULT_MULTICAST_TTL;
1704
1705 if (!(ira->ira_flags & IRAF_IPSEC_SECURE)) {
1706 /*
1707 * This packet should go out the same way as it
1708 * came in i.e in clear, independent of the IPsec policy
1709 * for transmitting packets.
1710 */
1711 ixas.ixa_flags |= IXAF_NO_IPSEC;
1712 } else {
1713 if (!ipsec_in_to_out(ira, &ixas, mp, ipha, NULL)) {
1714 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1715 /* Note: mp already consumed and ip_drop_packet done */
1716 return;
1717 }
1718 }
1719 if (ira->ira_flags & IRAF_MULTIBROADCAST) {
1720 /*
1721 * Not one or our addresses (IRE_LOCALs), thus we let
1722 * ip_output_simple pick the source.
1723 */
1724 ipha->ipha_src = INADDR_ANY;
1725 ixas.ixa_flags |= IXAF_SET_SOURCE;
1726 }
1727 /* Should we send with DF and use dce_pmtu? */
1728 if (ipst->ips_ipv4_icmp_return_pmtu) {
1729 ixas.ixa_flags |= IXAF_PMTU_DISCOVERY;
1730 ipha->ipha_fragment_offset_and_flags |= IPH_DF_HTONS;
1731 }
1732
1733 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutMsgs);
1734
1735 (void) ip_output_simple(mp, &ixas);
1736 ixa_cleanup(&ixas);
1737 }
1738
1739 /*
1740 * Verify the ICMP messages for either for ICMP error or redirect packet.
1741 * The caller should have fully pulled up the message. If it's a redirect
1742 * packet, only basic checks on IP header will be done; otherwise, verify
1743 * the packet by looking at the included ULP header.
1744 *
1745 * Called before icmp_inbound_error_fanout_v4 is called.
1746 */
1747 static boolean_t
icmp_inbound_verify_v4(mblk_t * mp,icmph_t * icmph,ip_recv_attr_t * ira)1748 icmp_inbound_verify_v4(mblk_t *mp, icmph_t *icmph, ip_recv_attr_t *ira)
1749 {
1750 ill_t *ill = ira->ira_ill;
1751 int hdr_length;
1752 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
1753 conn_t *connp;
1754 ipha_t *ipha; /* Inner IP header */
1755
1756 ipha = (ipha_t *)&icmph[1];
1757 if ((uchar_t *)ipha + IP_SIMPLE_HDR_LENGTH > mp->b_wptr)
1758 goto truncated;
1759
1760 hdr_length = IPH_HDR_LENGTH(ipha);
1761
1762 if ((IPH_HDR_VERSION(ipha) != IPV4_VERSION))
1763 goto discard_pkt;
1764
1765 if (hdr_length < sizeof (ipha_t))
1766 goto truncated;
1767
1768 if ((uchar_t *)ipha + hdr_length > mp->b_wptr)
1769 goto truncated;
1770
1771 /*
1772 * Stop here for ICMP_REDIRECT.
1773 */
1774 if (icmph->icmph_type == ICMP_REDIRECT)
1775 return (B_TRUE);
1776
1777 /*
1778 * ICMP errors only.
1779 */
1780 switch (ipha->ipha_protocol) {
1781 case IPPROTO_UDP:
1782 /*
1783 * Verify we have at least ICMP_MIN_TP_HDR_LEN bytes of
1784 * transport header.
1785 */
1786 if ((uchar_t *)ipha + hdr_length + ICMP_MIN_TP_HDR_LEN >
1787 mp->b_wptr)
1788 goto truncated;
1789 break;
1790 case IPPROTO_TCP: {
1791 tcpha_t *tcpha;
1792
1793 /*
1794 * Verify we have at least ICMP_MIN_TP_HDR_LEN bytes of
1795 * transport header.
1796 */
1797 if ((uchar_t *)ipha + hdr_length + ICMP_MIN_TP_HDR_LEN >
1798 mp->b_wptr)
1799 goto truncated;
1800
1801 tcpha = (tcpha_t *)((uchar_t *)ipha + hdr_length);
1802 connp = ipcl_tcp_lookup_reversed_ipv4(ipha, tcpha, TCPS_LISTEN,
1803 ipst);
1804 if (connp == NULL)
1805 goto discard_pkt;
1806
1807 if ((connp->conn_verifyicmp != NULL) &&
1808 !connp->conn_verifyicmp(connp, tcpha, icmph, NULL, ira)) {
1809 CONN_DEC_REF(connp);
1810 goto discard_pkt;
1811 }
1812 CONN_DEC_REF(connp);
1813 break;
1814 }
1815 case IPPROTO_SCTP:
1816 /*
1817 * Verify we have at least ICMP_MIN_TP_HDR_LEN bytes of
1818 * transport header.
1819 */
1820 if ((uchar_t *)ipha + hdr_length + ICMP_MIN_TP_HDR_LEN >
1821 mp->b_wptr)
1822 goto truncated;
1823 break;
1824 case IPPROTO_ESP:
1825 case IPPROTO_AH:
1826 break;
1827 case IPPROTO_ENCAP:
1828 if ((uchar_t *)ipha + hdr_length + sizeof (ipha_t) >
1829 mp->b_wptr)
1830 goto truncated;
1831 break;
1832 default:
1833 break;
1834 }
1835
1836 return (B_TRUE);
1837
1838 discard_pkt:
1839 /* Bogus ICMP error. */
1840 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
1841 return (B_FALSE);
1842
1843 truncated:
1844 /* We pulled up everthing already. Must be truncated */
1845 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts);
1846 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill);
1847 return (B_FALSE);
1848 }
1849
1850 /* Table from RFC 1191 */
1851 static int icmp_frag_size_table[] =
1852 { 32000, 17914, 8166, 4352, 2002, 1496, 1006, 508, 296, 68 };
1853
1854 /*
1855 * Process received ICMP Packet too big.
1856 * Just handles the DCE create/update, including using the above table of
1857 * PMTU guesses. The caller is responsible for validating the packet before
1858 * passing it in and also to fanout the ICMP error to any matching transport
1859 * conns. Assumes the message has been fully pulled up and verified.
1860 *
1861 * Before getting here, the caller has called icmp_inbound_verify_v4()
1862 * that should have verified with ULP to prevent undoing the changes we're
1863 * going to make to DCE. For example, TCP might have verified that the packet
1864 * which generated error is in the send window.
1865 *
1866 * In some cases modified this MTU in the ICMP header packet; the caller
1867 * should pass to the matching ULP after this returns.
1868 */
1869 static void
icmp_inbound_too_big_v4(icmph_t * icmph,ip_recv_attr_t * ira)1870 icmp_inbound_too_big_v4(icmph_t *icmph, ip_recv_attr_t *ira)
1871 {
1872 dce_t *dce;
1873 int old_mtu;
1874 int mtu, orig_mtu;
1875 ipaddr_t dst;
1876 boolean_t disable_pmtud;
1877 ill_t *ill = ira->ira_ill;
1878 ip_stack_t *ipst = ill->ill_ipst;
1879 uint_t hdr_length;
1880 ipha_t *ipha;
1881
1882 /* Caller already pulled up everything. */
1883 ipha = (ipha_t *)&icmph[1];
1884 ASSERT(icmph->icmph_type == ICMP_DEST_UNREACHABLE &&
1885 icmph->icmph_code == ICMP_FRAGMENTATION_NEEDED);
1886 ASSERT(ill != NULL);
1887
1888 hdr_length = IPH_HDR_LENGTH(ipha);
1889
1890 /*
1891 * We handle path MTU for source routed packets since the DCE
1892 * is looked up using the final destination.
1893 */
1894 dst = ip_get_dst(ipha);
1895
1896 dce = dce_lookup_and_add_v4(dst, ipst);
1897 if (dce == NULL) {
1898 /* Couldn't add a unique one - ENOMEM */
1899 ip1dbg(("icmp_inbound_too_big_v4: no dce for 0x%x\n",
1900 ntohl(dst)));
1901 return;
1902 }
1903
1904 /* Check for MTU discovery advice as described in RFC 1191 */
1905 mtu = ntohs(icmph->icmph_du_mtu);
1906 orig_mtu = mtu;
1907 disable_pmtud = B_FALSE;
1908
1909 mutex_enter(&dce->dce_lock);
1910 if (dce->dce_flags & DCEF_PMTU)
1911 old_mtu = dce->dce_pmtu;
1912 else
1913 old_mtu = ill->ill_mtu;
1914
1915 if (icmph->icmph_du_zero != 0 || mtu < ipst->ips_ip_pmtu_min) {
1916 uint32_t length;
1917 int i;
1918
1919 /*
1920 * Use the table from RFC 1191 to figure out
1921 * the next "plateau" based on the length in
1922 * the original IP packet.
1923 */
1924 length = ntohs(ipha->ipha_length);
1925 DTRACE_PROBE2(ip4__pmtu__guess, dce_t *, dce,
1926 uint32_t, length);
1927 if (old_mtu <= length &&
1928 old_mtu >= length - hdr_length) {
1929 /*
1930 * Handle broken BSD 4.2 systems that
1931 * return the wrong ipha_length in ICMP
1932 * errors.
1933 */
1934 ip1dbg(("Wrong mtu: sent %d, dce %d\n",
1935 length, old_mtu));
1936 length -= hdr_length;
1937 }
1938 for (i = 0; i < A_CNT(icmp_frag_size_table); i++) {
1939 if (length > icmp_frag_size_table[i])
1940 break;
1941 }
1942 if (i == A_CNT(icmp_frag_size_table)) {
1943 /* Smaller than IP_MIN_MTU! */
1944 ip1dbg(("Too big for packet size %d\n",
1945 length));
1946 disable_pmtud = B_TRUE;
1947 mtu = ipst->ips_ip_pmtu_min;
1948 } else {
1949 mtu = icmp_frag_size_table[i];
1950 ip1dbg(("Calculated mtu %d, packet size %d, "
1951 "before %d\n", mtu, length, old_mtu));
1952 if (mtu < ipst->ips_ip_pmtu_min) {
1953 mtu = ipst->ips_ip_pmtu_min;
1954 disable_pmtud = B_TRUE;
1955 }
1956 }
1957 }
1958 if (disable_pmtud)
1959 dce->dce_flags |= DCEF_TOO_SMALL_PMTU;
1960 else
1961 dce->dce_flags &= ~DCEF_TOO_SMALL_PMTU;
1962
1963 dce->dce_pmtu = MIN(old_mtu, mtu);
1964 /* Prepare to send the new max frag size for the ULP. */
1965 icmph->icmph_du_zero = 0;
1966 icmph->icmph_du_mtu = htons((uint16_t)dce->dce_pmtu);
1967 DTRACE_PROBE4(ip4__pmtu__change, icmph_t *, icmph, dce_t *,
1968 dce, int, orig_mtu, int, mtu);
1969
1970 /* We now have a PMTU for sure */
1971 dce->dce_flags |= DCEF_PMTU;
1972 dce->dce_last_change_time = TICK_TO_SEC(ddi_get_lbolt64());
1973 mutex_exit(&dce->dce_lock);
1974 /*
1975 * After dropping the lock the new value is visible to everyone.
1976 * Then we bump the generation number so any cached values reinspect
1977 * the dce_t.
1978 */
1979 dce_increment_generation(dce);
1980 dce_refrele(dce);
1981 }
1982
1983 /*
1984 * If the packet in error is Self-Encapsulated, icmp_inbound_error_fanout_v4
1985 * calls this function.
1986 */
1987 static mblk_t *
icmp_inbound_self_encap_error_v4(mblk_t * mp,ipha_t * ipha,ipha_t * in_ipha)1988 icmp_inbound_self_encap_error_v4(mblk_t *mp, ipha_t *ipha, ipha_t *in_ipha)
1989 {
1990 int length;
1991
1992 ASSERT(mp->b_datap->db_type == M_DATA);
1993
1994 /* icmp_inbound_v4 has already pulled up the whole error packet */
1995 ASSERT(mp->b_cont == NULL);
1996
1997 /*
1998 * The length that we want to overlay is the inner header
1999 * and what follows it.
2000 */
2001 length = msgdsize(mp) - ((uchar_t *)in_ipha - mp->b_rptr);
2002
2003 /*
2004 * Overlay the inner header and whatever follows it over the
2005 * outer header.
2006 */
2007 bcopy((uchar_t *)in_ipha, (uchar_t *)ipha, length);
2008
2009 /* Adjust for what we removed */
2010 mp->b_wptr -= (uchar_t *)in_ipha - (uchar_t *)ipha;
2011 return (mp);
2012 }
2013
2014 /*
2015 * Try to pass the ICMP message upstream in case the ULP cares.
2016 *
2017 * If the packet that caused the ICMP error is secure, we send
2018 * it to AH/ESP to make sure that the attached packet has a
2019 * valid association. ipha in the code below points to the
2020 * IP header of the packet that caused the error.
2021 *
2022 * For IPsec cases, we let the next-layer-up (which has access to
2023 * cached policy on the conn_t, or can query the SPD directly)
2024 * subtract out any IPsec overhead if they must. We therefore make no
2025 * adjustments here for IPsec overhead.
2026 *
2027 * IFN could have been generated locally or by some router.
2028 *
2029 * LOCAL : ire_send_wire (before calling ipsec_out_process) can call
2030 * icmp_frag_needed/icmp_pkt2big_v6 to generated a local IFN.
2031 * This happens because IP adjusted its value of MTU on an
2032 * earlier IFN message and could not tell the upper layer,
2033 * the new adjusted value of MTU e.g. Packet was encrypted
2034 * or there was not enough information to fanout to upper
2035 * layers. Thus on the next outbound datagram, ire_send_wire
2036 * generates the IFN, where IPsec processing has *not* been
2037 * done.
2038 *
2039 * Note that we retain ixa_fragsize across IPsec thus once
2040 * we have picking ixa_fragsize and entered ipsec_out_process we do
2041 * no change the fragsize even if the path MTU changes before
2042 * we reach ip_output_post_ipsec.
2043 *
2044 * In the local case, IRAF_LOOPBACK will be set indicating
2045 * that IFN was generated locally.
2046 *
2047 * ROUTER : IFN could be secure or non-secure.
2048 *
2049 * * SECURE : We use the IPSEC_IN to fanout to AH/ESP if the
2050 * packet in error has AH/ESP headers to validate the AH/ESP
2051 * headers. AH/ESP will verify whether there is a valid SA or
2052 * not and send it back. We will fanout again if we have more
2053 * data in the packet.
2054 *
2055 * If the packet in error does not have AH/ESP, we handle it
2056 * like any other case.
2057 *
2058 * * NON_SECURE : If the packet in error has AH/ESP headers, we send it
2059 * up to AH/ESP for validation. AH/ESP will verify whether there is a
2060 * valid SA or not and send it back. We will fanout again if
2061 * we have more data in the packet.
2062 *
2063 * If the packet in error does not have AH/ESP, we handle it
2064 * like any other case.
2065 *
2066 * The caller must have called icmp_inbound_verify_v4.
2067 */
2068 static void
icmp_inbound_error_fanout_v4(mblk_t * mp,icmph_t * icmph,ip_recv_attr_t * ira)2069 icmp_inbound_error_fanout_v4(mblk_t *mp, icmph_t *icmph, ip_recv_attr_t *ira)
2070 {
2071 uint16_t *up; /* Pointer to ports in ULP header */
2072 uint32_t ports; /* reversed ports for fanout */
2073 ipha_t ripha; /* With reversed addresses */
2074 ipha_t *ipha; /* Inner IP header */
2075 uint_t hdr_length; /* Inner IP header length */
2076 tcpha_t *tcpha;
2077 conn_t *connp;
2078 ill_t *ill = ira->ira_ill;
2079 ip_stack_t *ipst = ill->ill_ipst;
2080 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec;
2081 ill_t *rill = ira->ira_rill;
2082
2083 /* Caller already pulled up everything. */
2084 ipha = (ipha_t *)&icmph[1];
2085 ASSERT((uchar_t *)&ipha[1] <= mp->b_wptr);
2086 ASSERT(mp->b_cont == NULL);
2087
2088 hdr_length = IPH_HDR_LENGTH(ipha);
2089 ira->ira_protocol = ipha->ipha_protocol;
2090
2091 /*
2092 * We need a separate IP header with the source and destination
2093 * addresses reversed to do fanout/classification because the ipha in
2094 * the ICMP error is in the form we sent it out.
2095 */
2096 ripha.ipha_src = ipha->ipha_dst;
2097 ripha.ipha_dst = ipha->ipha_src;
2098 ripha.ipha_protocol = ipha->ipha_protocol;
2099 ripha.ipha_version_and_hdr_length = ipha->ipha_version_and_hdr_length;
2100
2101 ip2dbg(("icmp_inbound_error_v4: proto %d %x to %x: %d/%d\n",
2102 ripha.ipha_protocol, ntohl(ipha->ipha_src),
2103 ntohl(ipha->ipha_dst),
2104 icmph->icmph_type, icmph->icmph_code));
2105
2106 switch (ipha->ipha_protocol) {
2107 case IPPROTO_UDP:
2108 up = (uint16_t *)((uchar_t *)ipha + hdr_length);
2109
2110 /* Attempt to find a client stream based on port. */
2111 ip2dbg(("icmp_inbound_error_v4: UDP ports %d to %d\n",
2112 ntohs(up[0]), ntohs(up[1])));
2113
2114 /* Note that we send error to all matches. */
2115 ira->ira_flags |= IRAF_ICMP_ERROR;
2116 ip_fanout_udp_multi_v4(mp, &ripha, up[0], up[1], ira);
2117 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2118 return;
2119
2120 case IPPROTO_TCP:
2121 /*
2122 * Find a TCP client stream for this packet.
2123 * Note that we do a reverse lookup since the header is
2124 * in the form we sent it out.
2125 */
2126 tcpha = (tcpha_t *)((uchar_t *)ipha + hdr_length);
2127 connp = ipcl_tcp_lookup_reversed_ipv4(ipha, tcpha, TCPS_LISTEN,
2128 ipst);
2129 if (connp == NULL)
2130 goto discard_pkt;
2131
2132 if (connp->conn_min_ttl != 0 &&
2133 connp->conn_min_ttl > ira->ira_ttl) {
2134 CONN_DEC_REF(connp);
2135 goto discard_pkt;
2136 }
2137 if (CONN_INBOUND_POLICY_PRESENT(connp, ipss) ||
2138 (ira->ira_flags & IRAF_IPSEC_SECURE)) {
2139 mp = ipsec_check_inbound_policy(mp, connp,
2140 ipha, NULL, ira);
2141 if (mp == NULL) {
2142 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
2143 /* Note that mp is NULL */
2144 ip_drop_input("ipIfStatsInDiscards", mp, ill);
2145 CONN_DEC_REF(connp);
2146 return;
2147 }
2148 }
2149
2150 ira->ira_flags |= IRAF_ICMP_ERROR;
2151 ira->ira_ill = ira->ira_rill = NULL;
2152 if (IPCL_IS_TCP(connp)) {
2153 SQUEUE_ENTER_ONE(connp->conn_sqp, mp,
2154 connp->conn_recvicmp, connp, ira, SQ_FILL,
2155 SQTAG_TCP_INPUT_ICMP_ERR);
2156 } else {
2157 /* Not TCP; must be SOCK_RAW, IPPROTO_TCP */
2158 (connp->conn_recv)(connp, mp, NULL, ira);
2159 CONN_DEC_REF(connp);
2160 }
2161 ira->ira_ill = ill;
2162 ira->ira_rill = rill;
2163 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2164 return;
2165
2166 case IPPROTO_SCTP:
2167 up = (uint16_t *)((uchar_t *)ipha + hdr_length);
2168 /* Find a SCTP client stream for this packet. */
2169 ((uint16_t *)&ports)[0] = up[1];
2170 ((uint16_t *)&ports)[1] = up[0];
2171
2172 ira->ira_flags |= IRAF_ICMP_ERROR;
2173 ip_fanout_sctp(mp, &ripha, NULL, ports, ira);
2174 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2175 return;
2176
2177 case IPPROTO_ESP:
2178 case IPPROTO_AH:
2179 if (!ipsec_loaded(ipss)) {
2180 ip_proto_not_sup(mp, ira);
2181 return;
2182 }
2183
2184 if (ipha->ipha_protocol == IPPROTO_ESP)
2185 mp = ipsecesp_icmp_error(mp, ira);
2186 else
2187 mp = ipsecah_icmp_error(mp, ira);
2188 if (mp == NULL)
2189 return;
2190
2191 /* Just in case ipsec didn't preserve the NULL b_cont */
2192 if (mp->b_cont != NULL) {
2193 if (!pullupmsg(mp, -1))
2194 goto discard_pkt;
2195 }
2196
2197 /*
2198 * Note that ira_pktlen and ira_ip_hdr_length are no longer
2199 * correct, but we don't use them any more here.
2200 *
2201 * If succesful, the mp has been modified to not include
2202 * the ESP/AH header so we can fanout to the ULP's icmp
2203 * error handler.
2204 */
2205 if (mp->b_wptr - mp->b_rptr < IP_SIMPLE_HDR_LENGTH)
2206 goto truncated;
2207
2208 /* Verify the modified message before any further processes. */
2209 ipha = (ipha_t *)mp->b_rptr;
2210 hdr_length = IPH_HDR_LENGTH(ipha);
2211 icmph = (icmph_t *)&mp->b_rptr[hdr_length];
2212 if (!icmp_inbound_verify_v4(mp, icmph, ira)) {
2213 freemsg(mp);
2214 return;
2215 }
2216
2217 icmp_inbound_error_fanout_v4(mp, icmph, ira);
2218 return;
2219
2220 case IPPROTO_ENCAP: {
2221 /* Look for self-encapsulated packets that caused an error */
2222 ipha_t *in_ipha;
2223
2224 /*
2225 * Caller has verified that length has to be
2226 * at least the size of IP header.
2227 */
2228 ASSERT(hdr_length >= sizeof (ipha_t));
2229 /*
2230 * Check the sanity of the inner IP header like
2231 * we did for the outer header.
2232 */
2233 in_ipha = (ipha_t *)((uchar_t *)ipha + hdr_length);
2234 if ((IPH_HDR_VERSION(in_ipha) != IPV4_VERSION)) {
2235 goto discard_pkt;
2236 }
2237 if (IPH_HDR_LENGTH(in_ipha) < sizeof (ipha_t)) {
2238 goto discard_pkt;
2239 }
2240 /* Check for Self-encapsulated tunnels */
2241 if (in_ipha->ipha_src == ipha->ipha_src &&
2242 in_ipha->ipha_dst == ipha->ipha_dst) {
2243
2244 mp = icmp_inbound_self_encap_error_v4(mp, ipha,
2245 in_ipha);
2246 if (mp == NULL)
2247 goto discard_pkt;
2248
2249 /*
2250 * Just in case self_encap didn't preserve the NULL
2251 * b_cont
2252 */
2253 if (mp->b_cont != NULL) {
2254 if (!pullupmsg(mp, -1))
2255 goto discard_pkt;
2256 }
2257 /*
2258 * Note that ira_pktlen and ira_ip_hdr_length are no
2259 * longer correct, but we don't use them any more here.
2260 */
2261 if (mp->b_wptr - mp->b_rptr < IP_SIMPLE_HDR_LENGTH)
2262 goto truncated;
2263
2264 /*
2265 * Verify the modified message before any further
2266 * processes.
2267 */
2268 ipha = (ipha_t *)mp->b_rptr;
2269 hdr_length = IPH_HDR_LENGTH(ipha);
2270 icmph = (icmph_t *)&mp->b_rptr[hdr_length];
2271 if (!icmp_inbound_verify_v4(mp, icmph, ira)) {
2272 freemsg(mp);
2273 return;
2274 }
2275
2276 /*
2277 * The packet in error is self-encapsualted.
2278 * And we are finding it further encapsulated
2279 * which we could not have possibly generated.
2280 */
2281 if (ipha->ipha_protocol == IPPROTO_ENCAP) {
2282 goto discard_pkt;
2283 }
2284 icmp_inbound_error_fanout_v4(mp, icmph, ira);
2285 return;
2286 }
2287 /* No self-encapsulated */
2288 }
2289 /* FALLTHROUGH */
2290 case IPPROTO_IPV6:
2291 if ((connp = ipcl_iptun_classify_v4(&ripha.ipha_src,
2292 &ripha.ipha_dst, ipst)) != NULL) {
2293 ira->ira_flags |= IRAF_ICMP_ERROR;
2294 connp->conn_recvicmp(connp, mp, NULL, ira);
2295 CONN_DEC_REF(connp);
2296 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2297 return;
2298 }
2299 /*
2300 * No IP tunnel is interested, fallthrough and see
2301 * if a raw socket will want it.
2302 */
2303 /* FALLTHROUGH */
2304 default:
2305 ira->ira_flags |= IRAF_ICMP_ERROR;
2306 ip_fanout_proto_v4(mp, &ripha, ira);
2307 ira->ira_flags &= ~IRAF_ICMP_ERROR;
2308 return;
2309 }
2310 /* NOTREACHED */
2311 discard_pkt:
2312 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
2313 ip1dbg(("icmp_inbound_error_fanout_v4: drop pkt\n"));
2314 ip_drop_input("ipIfStatsInDiscards", mp, ill);
2315 freemsg(mp);
2316 return;
2317
2318 truncated:
2319 /* We pulled up everthing already. Must be truncated */
2320 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts);
2321 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill);
2322 freemsg(mp);
2323 }
2324
2325 /*
2326 * Common IP options parser.
2327 *
2328 * Setup routine: fill in *optp with options-parsing state, then
2329 * tail-call ipoptp_next to return the first option.
2330 */
2331 uint8_t
ipoptp_first(ipoptp_t * optp,ipha_t * ipha)2332 ipoptp_first(ipoptp_t *optp, ipha_t *ipha)
2333 {
2334 uint32_t totallen; /* total length of all options */
2335
2336 totallen = ipha->ipha_version_and_hdr_length -
2337 (uint8_t)((IP_VERSION << 4) + IP_SIMPLE_HDR_LENGTH_IN_WORDS);
2338 totallen <<= 2;
2339 optp->ipoptp_next = (uint8_t *)(&ipha[1]);
2340 optp->ipoptp_end = optp->ipoptp_next + totallen;
2341 optp->ipoptp_flags = 0;
2342 return (ipoptp_next(optp));
2343 }
2344
2345 /* Like above but without an ipha_t */
2346 uint8_t
ipoptp_first2(ipoptp_t * optp,uint32_t totallen,uint8_t * opt)2347 ipoptp_first2(ipoptp_t *optp, uint32_t totallen, uint8_t *opt)
2348 {
2349 optp->ipoptp_next = opt;
2350 optp->ipoptp_end = optp->ipoptp_next + totallen;
2351 optp->ipoptp_flags = 0;
2352 return (ipoptp_next(optp));
2353 }
2354
2355 /*
2356 * Common IP options parser: extract next option.
2357 */
2358 uint8_t
ipoptp_next(ipoptp_t * optp)2359 ipoptp_next(ipoptp_t *optp)
2360 {
2361 uint8_t *end = optp->ipoptp_end;
2362 uint8_t *cur = optp->ipoptp_next;
2363 uint8_t opt, len, pointer;
2364
2365 /*
2366 * If cur > end already, then the ipoptp_end or ipoptp_next pointer
2367 * has been corrupted.
2368 */
2369 ASSERT(cur <= end);
2370
2371 if (cur == end)
2372 return (IPOPT_EOL);
2373
2374 opt = cur[IPOPT_OPTVAL];
2375
2376 /*
2377 * Skip any NOP options.
2378 */
2379 while (opt == IPOPT_NOP) {
2380 cur++;
2381 if (cur == end)
2382 return (IPOPT_EOL);
2383 opt = cur[IPOPT_OPTVAL];
2384 }
2385
2386 if (opt == IPOPT_EOL)
2387 return (IPOPT_EOL);
2388
2389 /*
2390 * Option requiring a length.
2391 */
2392 if ((cur + 1) >= end) {
2393 optp->ipoptp_flags |= IPOPTP_ERROR;
2394 return (IPOPT_EOL);
2395 }
2396 len = cur[IPOPT_OLEN];
2397 if (len < 2) {
2398 optp->ipoptp_flags |= IPOPTP_ERROR;
2399 return (IPOPT_EOL);
2400 }
2401 optp->ipoptp_cur = cur;
2402 optp->ipoptp_len = len;
2403 optp->ipoptp_next = cur + len;
2404 if (cur + len > end) {
2405 optp->ipoptp_flags |= IPOPTP_ERROR;
2406 return (IPOPT_EOL);
2407 }
2408
2409 /*
2410 * For the options which require a pointer field, make sure
2411 * its there, and make sure it points to either something
2412 * inside this option, or the end of the option.
2413 */
2414 pointer = IPOPT_EOL;
2415 switch (opt) {
2416 case IPOPT_RR:
2417 case IPOPT_TS:
2418 case IPOPT_LSRR:
2419 case IPOPT_SSRR:
2420 if (len <= IPOPT_OFFSET) {
2421 optp->ipoptp_flags |= IPOPTP_ERROR;
2422 return (opt);
2423 }
2424 pointer = cur[IPOPT_OFFSET];
2425 if (pointer - 1 > len) {
2426 optp->ipoptp_flags |= IPOPTP_ERROR;
2427 return (opt);
2428 }
2429 break;
2430 }
2431
2432 /*
2433 * Sanity check the pointer field based on the type of the
2434 * option.
2435 */
2436 switch (opt) {
2437 case IPOPT_RR:
2438 case IPOPT_SSRR:
2439 case IPOPT_LSRR:
2440 if (pointer < IPOPT_MINOFF_SR)
2441 optp->ipoptp_flags |= IPOPTP_ERROR;
2442 break;
2443 case IPOPT_TS:
2444 if (pointer < IPOPT_MINOFF_IT)
2445 optp->ipoptp_flags |= IPOPTP_ERROR;
2446 /*
2447 * Note that the Internet Timestamp option also
2448 * contains two four bit fields (the Overflow field,
2449 * and the Flag field), which follow the pointer
2450 * field. We don't need to check that these fields
2451 * fall within the length of the option because this
2452 * was implicitely done above. We've checked that the
2453 * pointer value is at least IPOPT_MINOFF_IT, and that
2454 * it falls within the option. Since IPOPT_MINOFF_IT >
2455 * IPOPT_POS_OV_FLG, we don't need the explicit check.
2456 */
2457 ASSERT(len > IPOPT_POS_OV_FLG);
2458 break;
2459 }
2460
2461 return (opt);
2462 }
2463
2464 /*
2465 * Use the outgoing IP header to create an IP_OPTIONS option the way
2466 * it was passed down from the application.
2467 *
2468 * This is compatible with BSD in that it returns
2469 * the reverse source route with the final destination
2470 * as the last entry. The first 4 bytes of the option
2471 * will contain the final destination.
2472 */
2473 int
ip_opt_get_user(conn_t * connp,uchar_t * buf)2474 ip_opt_get_user(conn_t *connp, uchar_t *buf)
2475 {
2476 ipoptp_t opts;
2477 uchar_t *opt;
2478 uint8_t optval;
2479 uint8_t optlen;
2480 uint32_t len = 0;
2481 uchar_t *buf1 = buf;
2482 uint32_t totallen;
2483 ipaddr_t dst;
2484 ip_pkt_t *ipp = &connp->conn_xmit_ipp;
2485
2486 if (!(ipp->ipp_fields & IPPF_IPV4_OPTIONS))
2487 return (0);
2488
2489 totallen = ipp->ipp_ipv4_options_len;
2490 if (totallen & 0x3)
2491 return (0);
2492
2493 buf += IP_ADDR_LEN; /* Leave room for final destination */
2494 len += IP_ADDR_LEN;
2495 bzero(buf1, IP_ADDR_LEN);
2496
2497 dst = connp->conn_faddr_v4;
2498
2499 for (optval = ipoptp_first2(&opts, totallen, ipp->ipp_ipv4_options);
2500 optval != IPOPT_EOL;
2501 optval = ipoptp_next(&opts)) {
2502 int off;
2503
2504 opt = opts.ipoptp_cur;
2505 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
2506 break;
2507 }
2508 optlen = opts.ipoptp_len;
2509
2510 switch (optval) {
2511 case IPOPT_SSRR:
2512 case IPOPT_LSRR:
2513
2514 /*
2515 * Insert destination as the first entry in the source
2516 * route and move down the entries on step.
2517 * The last entry gets placed at buf1.
2518 */
2519 buf[IPOPT_OPTVAL] = optval;
2520 buf[IPOPT_OLEN] = optlen;
2521 buf[IPOPT_OFFSET] = optlen;
2522
2523 off = optlen - IP_ADDR_LEN;
2524 if (off < 0) {
2525 /* No entries in source route */
2526 break;
2527 }
2528 /* Last entry in source route if not already set */
2529 if (dst == INADDR_ANY)
2530 bcopy(opt + off, buf1, IP_ADDR_LEN);
2531 off -= IP_ADDR_LEN;
2532
2533 while (off > 0) {
2534 bcopy(opt + off,
2535 buf + off + IP_ADDR_LEN,
2536 IP_ADDR_LEN);
2537 off -= IP_ADDR_LEN;
2538 }
2539 /* ipha_dst into first slot */
2540 bcopy(&dst, buf + off + IP_ADDR_LEN,
2541 IP_ADDR_LEN);
2542 buf += optlen;
2543 len += optlen;
2544 break;
2545
2546 default:
2547 bcopy(opt, buf, optlen);
2548 buf += optlen;
2549 len += optlen;
2550 break;
2551 }
2552 }
2553 done:
2554 /* Pad the resulting options */
2555 while (len & 0x3) {
2556 *buf++ = IPOPT_EOL;
2557 len++;
2558 }
2559 return (len);
2560 }
2561
2562 /*
2563 * Update any record route or timestamp options to include this host.
2564 * Reverse any source route option.
2565 * This routine assumes that the options are well formed i.e. that they
2566 * have already been checked.
2567 */
2568 static void
icmp_options_update(ipha_t * ipha)2569 icmp_options_update(ipha_t *ipha)
2570 {
2571 ipoptp_t opts;
2572 uchar_t *opt;
2573 uint8_t optval;
2574 ipaddr_t src; /* Our local address */
2575 ipaddr_t dst;
2576
2577 ip2dbg(("icmp_options_update\n"));
2578 src = ipha->ipha_src;
2579 dst = ipha->ipha_dst;
2580
2581 for (optval = ipoptp_first(&opts, ipha);
2582 optval != IPOPT_EOL;
2583 optval = ipoptp_next(&opts)) {
2584 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0);
2585 opt = opts.ipoptp_cur;
2586 ip2dbg(("icmp_options_update: opt %d, len %d\n",
2587 optval, opts.ipoptp_len));
2588 switch (optval) {
2589 int off1, off2;
2590 case IPOPT_SSRR:
2591 case IPOPT_LSRR:
2592 /*
2593 * Reverse the source route. The first entry
2594 * should be the next to last one in the current
2595 * source route (the last entry is our address).
2596 * The last entry should be the final destination.
2597 */
2598 off1 = IPOPT_MINOFF_SR - 1;
2599 off2 = opt[IPOPT_OFFSET] - IP_ADDR_LEN - 1;
2600 if (off2 < 0) {
2601 /* No entries in source route */
2602 ip1dbg((
2603 "icmp_options_update: bad src route\n"));
2604 break;
2605 }
2606 bcopy((char *)opt + off2, &dst, IP_ADDR_LEN);
2607 bcopy(&ipha->ipha_dst, (char *)opt + off2, IP_ADDR_LEN);
2608 bcopy(&dst, &ipha->ipha_dst, IP_ADDR_LEN);
2609 off2 -= IP_ADDR_LEN;
2610
2611 while (off1 < off2) {
2612 bcopy((char *)opt + off1, &src, IP_ADDR_LEN);
2613 bcopy((char *)opt + off2, (char *)opt + off1,
2614 IP_ADDR_LEN);
2615 bcopy(&src, (char *)opt + off2, IP_ADDR_LEN);
2616 off1 += IP_ADDR_LEN;
2617 off2 -= IP_ADDR_LEN;
2618 }
2619 opt[IPOPT_OFFSET] = IPOPT_MINOFF_SR;
2620 break;
2621 }
2622 }
2623 }
2624
2625 /*
2626 * Process received ICMP Redirect messages.
2627 * Assumes the caller has verified that the headers are in the pulled up mblk.
2628 * Consumes mp.
2629 */
2630 static void
icmp_redirect_v4(mblk_t * mp,ipha_t * ipha,icmph_t * icmph,ip_recv_attr_t * ira)2631 icmp_redirect_v4(mblk_t *mp, ipha_t *ipha, icmph_t *icmph, ip_recv_attr_t *ira)
2632 {
2633 ire_t *ire, *nire;
2634 ire_t *prev_ire;
2635 ipaddr_t src, dst, gateway;
2636 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
2637 ipha_t *inner_ipha; /* Inner IP header */
2638
2639 /* Caller already pulled up everything. */
2640 inner_ipha = (ipha_t *)&icmph[1];
2641 src = ipha->ipha_src;
2642 dst = inner_ipha->ipha_dst;
2643 gateway = icmph->icmph_rd_gateway;
2644 /* Make sure the new gateway is reachable somehow. */
2645 ire = ire_ftable_lookup_v4(gateway, 0, 0, IRE_ONLINK, NULL,
2646 ALL_ZONES, NULL, MATCH_IRE_TYPE, 0, ipst, NULL);
2647 /*
2648 * Make sure we had a route for the dest in question and that
2649 * that route was pointing to the old gateway (the source of the
2650 * redirect packet.)
2651 * We do longest match and then compare ire_gateway_addr below.
2652 */
2653 prev_ire = ire_ftable_lookup_v4(dst, 0, 0, 0, NULL, ALL_ZONES,
2654 NULL, MATCH_IRE_DSTONLY, 0, ipst, NULL);
2655 /*
2656 * Check that
2657 * the redirect was not from ourselves
2658 * the new gateway and the old gateway are directly reachable
2659 */
2660 if (prev_ire == NULL || ire == NULL ||
2661 (prev_ire->ire_type & (IRE_LOCAL|IRE_LOOPBACK)) ||
2662 (prev_ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) ||
2663 !(ire->ire_type & IRE_IF_ALL) ||
2664 prev_ire->ire_gateway_addr != src) {
2665 BUMP_MIB(&ipst->ips_icmp_mib, icmpInBadRedirects);
2666 ip_drop_input("icmpInBadRedirects - ire", mp, ira->ira_ill);
2667 freemsg(mp);
2668 if (ire != NULL)
2669 ire_refrele(ire);
2670 if (prev_ire != NULL)
2671 ire_refrele(prev_ire);
2672 return;
2673 }
2674
2675 ire_refrele(prev_ire);
2676 ire_refrele(ire);
2677
2678 /*
2679 * TODO: more precise handling for cases 0, 2, 3, the latter two
2680 * require TOS routing
2681 */
2682 switch (icmph->icmph_code) {
2683 case 0:
2684 case 1:
2685 /* TODO: TOS specificity for cases 2 and 3 */
2686 case 2:
2687 case 3:
2688 break;
2689 default:
2690 BUMP_MIB(&ipst->ips_icmp_mib, icmpInBadRedirects);
2691 ip_drop_input("icmpInBadRedirects - code", mp, ira->ira_ill);
2692 freemsg(mp);
2693 return;
2694 }
2695 /*
2696 * Create a Route Association. This will allow us to remember that
2697 * someone we believe told us to use the particular gateway.
2698 */
2699 ire = ire_create(
2700 (uchar_t *)&dst, /* dest addr */
2701 (uchar_t *)&ip_g_all_ones, /* mask */
2702 (uchar_t *)&gateway, /* gateway addr */
2703 IRE_HOST,
2704 NULL, /* ill */
2705 ALL_ZONES,
2706 (RTF_DYNAMIC | RTF_GATEWAY | RTF_HOST),
2707 NULL, /* tsol_gc_t */
2708 ipst);
2709
2710 if (ire == NULL) {
2711 freemsg(mp);
2712 return;
2713 }
2714 nire = ire_add(ire);
2715 /* Check if it was a duplicate entry */
2716 if (nire != NULL && nire != ire) {
2717 ASSERT(nire->ire_identical_ref > 1);
2718 ire_delete(nire);
2719 ire_refrele(nire);
2720 nire = NULL;
2721 }
2722 ire = nire;
2723 if (ire != NULL) {
2724 ire_refrele(ire); /* Held in ire_add */
2725
2726 /* tell routing sockets that we received a redirect */
2727 ip_rts_change(RTM_REDIRECT, dst, gateway, IP_HOST_MASK, 0, src,
2728 (RTF_DYNAMIC | RTF_GATEWAY | RTF_HOST), 0,
2729 (RTA_DST | RTA_GATEWAY | RTA_NETMASK | RTA_AUTHOR), ipst);
2730 }
2731
2732 /*
2733 * Delete any existing IRE_HOST type redirect ires for this destination.
2734 * This together with the added IRE has the effect of
2735 * modifying an existing redirect.
2736 */
2737 prev_ire = ire_ftable_lookup_v4(dst, 0, src, IRE_HOST, NULL,
2738 ALL_ZONES, NULL, (MATCH_IRE_GW | MATCH_IRE_TYPE), 0, ipst, NULL);
2739 if (prev_ire != NULL) {
2740 if (prev_ire ->ire_flags & RTF_DYNAMIC)
2741 ire_delete(prev_ire);
2742 ire_refrele(prev_ire);
2743 }
2744
2745 freemsg(mp);
2746 }
2747
2748 /*
2749 * Generate an ICMP parameter problem message.
2750 * When called from ip_output side a minimal ip_recv_attr_t needs to be
2751 * constructed by the caller.
2752 */
2753 static void
icmp_param_problem(mblk_t * mp,uint8_t ptr,ip_recv_attr_t * ira)2754 icmp_param_problem(mblk_t *mp, uint8_t ptr, ip_recv_attr_t *ira)
2755 {
2756 icmph_t icmph;
2757 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
2758
2759 mp = icmp_pkt_err_ok(mp, ira);
2760 if (mp == NULL)
2761 return;
2762
2763 bzero(&icmph, sizeof (icmph_t));
2764 icmph.icmph_type = ICMP_PARAM_PROBLEM;
2765 icmph.icmph_pp_ptr = ptr;
2766 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutParmProbs);
2767 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira);
2768 }
2769
2770 /*
2771 * Build and ship an IPv4 ICMP message using the packet data in mp, and
2772 * the ICMP header pointed to by "stuff". (May be called as writer.)
2773 * Note: assumes that icmp_pkt_err_ok has been called to verify that
2774 * an icmp error packet can be sent.
2775 * Assigns an appropriate source address to the packet. If ipha_dst is
2776 * one of our addresses use it for source. Otherwise let ip_output_simple
2777 * pick the source address.
2778 */
2779 static void
icmp_pkt(mblk_t * mp,void * stuff,size_t len,ip_recv_attr_t * ira)2780 icmp_pkt(mblk_t *mp, void *stuff, size_t len, ip_recv_attr_t *ira)
2781 {
2782 ipaddr_t dst;
2783 icmph_t *icmph;
2784 ipha_t *ipha;
2785 uint_t len_needed;
2786 size_t msg_len;
2787 mblk_t *mp1;
2788 ipaddr_t src;
2789 ire_t *ire;
2790 ip_xmit_attr_t ixas;
2791 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
2792
2793 ipha = (ipha_t *)mp->b_rptr;
2794
2795 bzero(&ixas, sizeof (ixas));
2796 ixas.ixa_flags = IXAF_BASIC_SIMPLE_V4;
2797 ixas.ixa_zoneid = ira->ira_zoneid;
2798 ixas.ixa_ifindex = 0;
2799 ixas.ixa_ipst = ipst;
2800 ixas.ixa_cred = kcred;
2801 ixas.ixa_cpid = NOPID;
2802 ixas.ixa_tsl = ira->ira_tsl; /* Behave as a multi-level responder */
2803 ixas.ixa_multicast_ttl = IP_DEFAULT_MULTICAST_TTL;
2804
2805 if (ira->ira_flags & IRAF_IPSEC_SECURE) {
2806 /*
2807 * Apply IPsec based on how IPsec was applied to
2808 * the packet that had the error.
2809 *
2810 * If it was an outbound packet that caused the ICMP
2811 * error, then the caller will have setup the IRA
2812 * appropriately.
2813 */
2814 if (!ipsec_in_to_out(ira, &ixas, mp, ipha, NULL)) {
2815 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
2816 /* Note: mp already consumed and ip_drop_packet done */
2817 return;
2818 }
2819 } else {
2820 /*
2821 * This is in clear. The icmp message we are building
2822 * here should go out in clear, independent of our policy.
2823 */
2824 ixas.ixa_flags |= IXAF_NO_IPSEC;
2825 }
2826
2827 /* Remember our eventual destination */
2828 dst = ipha->ipha_src;
2829
2830 /*
2831 * If the packet was for one of our unicast addresses, make
2832 * sure we respond with that as the source. Otherwise
2833 * have ip_output_simple pick the source address.
2834 */
2835 ire = ire_ftable_lookup_v4(ipha->ipha_dst, 0, 0,
2836 (IRE_LOCAL|IRE_LOOPBACK), NULL, ira->ira_zoneid, NULL,
2837 MATCH_IRE_TYPE|MATCH_IRE_ZONEONLY, 0, ipst, NULL);
2838 if (ire != NULL) {
2839 ire_refrele(ire);
2840 src = ipha->ipha_dst;
2841 } else {
2842 src = INADDR_ANY;
2843 ixas.ixa_flags |= IXAF_SET_SOURCE;
2844 }
2845
2846 /*
2847 * Check if we can send back more then 8 bytes in addition to
2848 * the IP header. We try to send 64 bytes of data and the internal
2849 * header in the special cases of ipv4 encapsulated ipv4 or ipv6.
2850 */
2851 len_needed = IPH_HDR_LENGTH(ipha);
2852 if (ipha->ipha_protocol == IPPROTO_ENCAP ||
2853 ipha->ipha_protocol == IPPROTO_IPV6) {
2854 /*
2855 * NOTE: It is posssible that the inner packet is poorly
2856 * formed (e.g. IP version is corrupt, or v6 extension headers
2857 * got cut off). The receiver of the ICMP message should see
2858 * what we saw. In the absence of a sane inner-packet (which
2859 * protocol types IPPPROTO_ENCAP and IPPROTO_IPV6 indicate
2860 * would be an IP header), we should send the size of what is
2861 * normally expected to be there (either sizeof (ipha_t) or
2862 * sizeof (ip6_t). It may be useful for diagnostic purposes.
2863 *
2864 * ALSO NOTE: "inner_ip6h" is the inner packet header, v4 or v6.
2865 */
2866 ip6_t *inner_ip6h = (ip6_t *)((uchar_t *)ipha + len_needed);
2867
2868 if (!pullupmsg(mp, -1)) {
2869 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
2870 ip_drop_output("ipIfStatsOutDiscards", mp, NULL);
2871 freemsg(mp);
2872 return;
2873 }
2874 ipha = (ipha_t *)mp->b_rptr;
2875
2876 if (ipha->ipha_protocol == IPPROTO_ENCAP) {
2877 /*
2878 * Check the inner IP version here to guard against
2879 * bogons.
2880 */
2881 if (IPH_HDR_VERSION(inner_ip6h) == IPV4_VERSION) {
2882 len_needed +=
2883 IPH_HDR_LENGTH(((uchar_t *)inner_ip6h));
2884 } else {
2885 len_needed = sizeof (ipha_t);
2886 }
2887 } else {
2888 ASSERT(ipha->ipha_protocol == IPPROTO_IPV6);
2889 /* function called next-line checks inner IP version */
2890 len_needed += ip_hdr_length_v6(mp, inner_ip6h);
2891 }
2892 }
2893 len_needed += ipst->ips_ip_icmp_return;
2894 msg_len = msgdsize(mp);
2895 if (msg_len > len_needed) {
2896 (void) adjmsg(mp, len_needed - msg_len);
2897 msg_len = len_needed;
2898 }
2899 mp1 = allocb(sizeof (icmp_ipha) + len, BPRI_MED);
2900 if (mp1 == NULL) {
2901 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutErrors);
2902 freemsg(mp);
2903 return;
2904 }
2905 mp1->b_cont = mp;
2906 mp = mp1;
2907
2908 /*
2909 * Set IXAF_TRUSTED_ICMP so we can let the ICMP messages this
2910 * node generates be accepted in peace by all on-host destinations.
2911 * If we do NOT assume that all on-host destinations trust
2912 * self-generated ICMP messages, then rework here, ip6.c, and spd.c.
2913 * (Look for IXAF_TRUSTED_ICMP).
2914 */
2915 ixas.ixa_flags |= IXAF_TRUSTED_ICMP;
2916
2917 ipha = (ipha_t *)mp->b_rptr;
2918 mp1->b_wptr = (uchar_t *)ipha + (sizeof (icmp_ipha) + len);
2919 *ipha = icmp_ipha;
2920 ipha->ipha_src = src;
2921 ipha->ipha_dst = dst;
2922 ipha->ipha_ttl = ipst->ips_ip_def_ttl;
2923 msg_len += sizeof (icmp_ipha) + len;
2924 if (msg_len > IP_MAXPACKET) {
2925 (void) adjmsg(mp, IP_MAXPACKET - msg_len);
2926 msg_len = IP_MAXPACKET;
2927 }
2928 ipha->ipha_length = htons((uint16_t)msg_len);
2929 icmph = (icmph_t *)&ipha[1];
2930 bcopy(stuff, icmph, len);
2931 icmph->icmph_checksum = 0;
2932 icmph->icmph_checksum = IP_CSUM(mp, (int32_t)sizeof (ipha_t), 0);
2933 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutMsgs);
2934
2935 (void) ip_output_simple(mp, &ixas);
2936 ixa_cleanup(&ixas);
2937 }
2938
2939 /*
2940 * Determine if an ICMP error packet can be sent given the rate limit.
2941 * The limit consists of an average frequency (icmp_pkt_err_interval measured
2942 * in milliseconds) and a burst size. Burst size number of packets can
2943 * be sent arbitrarely closely spaced.
2944 * The state is tracked using two variables to implement an approximate
2945 * token bucket filter:
2946 * icmp_pkt_err_last - lbolt value when the last burst started
2947 * icmp_pkt_err_sent - number of packets sent in current burst
2948 */
2949 boolean_t
icmp_err_rate_limit(ip_stack_t * ipst)2950 icmp_err_rate_limit(ip_stack_t *ipst)
2951 {
2952 clock_t now = TICK_TO_MSEC(ddi_get_lbolt());
2953 uint_t refilled; /* Number of packets refilled in tbf since last */
2954 /* Guard against changes by loading into local variable */
2955 uint_t err_interval = ipst->ips_ip_icmp_err_interval;
2956
2957 if (err_interval == 0)
2958 return (B_FALSE);
2959
2960 if (ipst->ips_icmp_pkt_err_last > now) {
2961 /* 100HZ lbolt in ms for 32bit arch wraps every 49.7 days */
2962 ipst->ips_icmp_pkt_err_last = 0;
2963 ipst->ips_icmp_pkt_err_sent = 0;
2964 }
2965 /*
2966 * If we are in a burst update the token bucket filter.
2967 * Update the "last" time to be close to "now" but make sure
2968 * we don't loose precision.
2969 */
2970 if (ipst->ips_icmp_pkt_err_sent != 0) {
2971 refilled = (now - ipst->ips_icmp_pkt_err_last)/err_interval;
2972 if (refilled > ipst->ips_icmp_pkt_err_sent) {
2973 ipst->ips_icmp_pkt_err_sent = 0;
2974 } else {
2975 ipst->ips_icmp_pkt_err_sent -= refilled;
2976 ipst->ips_icmp_pkt_err_last += refilled * err_interval;
2977 }
2978 }
2979 if (ipst->ips_icmp_pkt_err_sent == 0) {
2980 /* Start of new burst */
2981 ipst->ips_icmp_pkt_err_last = now;
2982 }
2983 if (ipst->ips_icmp_pkt_err_sent < ipst->ips_ip_icmp_err_burst) {
2984 ipst->ips_icmp_pkt_err_sent++;
2985 ip1dbg(("icmp_err_rate_limit: %d sent in burst\n",
2986 ipst->ips_icmp_pkt_err_sent));
2987 return (B_FALSE);
2988 }
2989 ip1dbg(("icmp_err_rate_limit: dropped\n"));
2990 return (B_TRUE);
2991 }
2992
2993 /*
2994 * Check if it is ok to send an IPv4 ICMP error packet in
2995 * response to the IPv4 packet in mp.
2996 * Free the message and return null if no
2997 * ICMP error packet should be sent.
2998 */
2999 static mblk_t *
icmp_pkt_err_ok(mblk_t * mp,ip_recv_attr_t * ira)3000 icmp_pkt_err_ok(mblk_t *mp, ip_recv_attr_t *ira)
3001 {
3002 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
3003 icmph_t *icmph;
3004 ipha_t *ipha;
3005 uint_t len_needed;
3006
3007 if (!mp)
3008 return (NULL);
3009 ipha = (ipha_t *)mp->b_rptr;
3010 if (ip_csum_hdr(ipha)) {
3011 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInCksumErrs);
3012 ip_drop_input("ipIfStatsInCksumErrs", mp, NULL);
3013 freemsg(mp);
3014 return (NULL);
3015 }
3016 if (ip_type_v4(ipha->ipha_dst, ipst) == IRE_BROADCAST ||
3017 ip_type_v4(ipha->ipha_src, ipst) == IRE_BROADCAST ||
3018 CLASSD(ipha->ipha_dst) ||
3019 CLASSD(ipha->ipha_src) ||
3020 (ntohs(ipha->ipha_fragment_offset_and_flags) & IPH_OFFSET)) {
3021 /* Note: only errors to the fragment with offset 0 */
3022 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops);
3023 freemsg(mp);
3024 return (NULL);
3025 }
3026 if (ipha->ipha_protocol == IPPROTO_ICMP) {
3027 /*
3028 * Check the ICMP type. RFC 1122 sez: don't send ICMP
3029 * errors in response to any ICMP errors.
3030 */
3031 len_needed = IPH_HDR_LENGTH(ipha) + ICMPH_SIZE;
3032 if (mp->b_wptr - mp->b_rptr < len_needed) {
3033 if (!pullupmsg(mp, len_needed)) {
3034 BUMP_MIB(&ipst->ips_icmp_mib, icmpInErrors);
3035 freemsg(mp);
3036 return (NULL);
3037 }
3038 ipha = (ipha_t *)mp->b_rptr;
3039 }
3040 icmph = (icmph_t *)
3041 (&((char *)ipha)[IPH_HDR_LENGTH(ipha)]);
3042 switch (icmph->icmph_type) {
3043 case ICMP_DEST_UNREACHABLE:
3044 case ICMP_SOURCE_QUENCH:
3045 case ICMP_TIME_EXCEEDED:
3046 case ICMP_PARAM_PROBLEM:
3047 case ICMP_REDIRECT:
3048 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops);
3049 freemsg(mp);
3050 return (NULL);
3051 default:
3052 break;
3053 }
3054 }
3055 /*
3056 * If this is a labeled system, then check to see if we're allowed to
3057 * send a response to this particular sender. If not, then just drop.
3058 */
3059 if (is_system_labeled() && !tsol_can_reply_error(mp, ira)) {
3060 ip2dbg(("icmp_pkt_err_ok: can't respond to packet\n"));
3061 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDrops);
3062 freemsg(mp);
3063 return (NULL);
3064 }
3065 if (icmp_err_rate_limit(ipst)) {
3066 /*
3067 * Only send ICMP error packets every so often.
3068 * This should be done on a per port/source basis,
3069 * but for now this will suffice.
3070 */
3071 freemsg(mp);
3072 return (NULL);
3073 }
3074 return (mp);
3075 }
3076
3077 /*
3078 * Called when a packet was sent out the same link that it arrived on.
3079 * Check if it is ok to send a redirect and then send it.
3080 */
3081 void
ip_send_potential_redirect_v4(mblk_t * mp,ipha_t * ipha,ire_t * ire,ip_recv_attr_t * ira)3082 ip_send_potential_redirect_v4(mblk_t *mp, ipha_t *ipha, ire_t *ire,
3083 ip_recv_attr_t *ira)
3084 {
3085 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
3086 ipaddr_t src, nhop;
3087 mblk_t *mp1;
3088 ire_t *nhop_ire;
3089
3090 /*
3091 * Check the source address to see if it originated
3092 * on the same logical subnet it is going back out on.
3093 * If so, we should be able to send it a redirect.
3094 * Avoid sending a redirect if the destination
3095 * is directly connected (i.e., we matched an IRE_ONLINK),
3096 * or if the packet was source routed out this interface.
3097 *
3098 * We avoid sending a redirect if the
3099 * destination is directly connected
3100 * because it is possible that multiple
3101 * IP subnets may have been configured on
3102 * the link, and the source may not
3103 * be on the same subnet as ip destination,
3104 * even though they are on the same
3105 * physical link.
3106 */
3107 if ((ire->ire_type & IRE_ONLINK) ||
3108 ip_source_routed(ipha, ipst))
3109 return;
3110
3111 nhop_ire = ire_nexthop(ire);
3112 if (nhop_ire == NULL)
3113 return;
3114
3115 nhop = nhop_ire->ire_addr;
3116
3117 if (nhop_ire->ire_type & IRE_IF_CLONE) {
3118 ire_t *ire2;
3119
3120 /* Follow ire_dep_parent to find non-clone IRE_INTERFACE */
3121 mutex_enter(&nhop_ire->ire_lock);
3122 ire2 = nhop_ire->ire_dep_parent;
3123 if (ire2 != NULL)
3124 ire_refhold(ire2);
3125 mutex_exit(&nhop_ire->ire_lock);
3126 ire_refrele(nhop_ire);
3127 nhop_ire = ire2;
3128 }
3129 if (nhop_ire == NULL)
3130 return;
3131
3132 ASSERT(!(nhop_ire->ire_type & IRE_IF_CLONE));
3133
3134 src = ipha->ipha_src;
3135
3136 /*
3137 * We look at the interface ire for the nexthop,
3138 * to see if ipha_src is in the same subnet
3139 * as the nexthop.
3140 */
3141 if ((src & nhop_ire->ire_mask) == (nhop & nhop_ire->ire_mask)) {
3142 /*
3143 * The source is directly connected.
3144 */
3145 mp1 = copymsg(mp);
3146 if (mp1 != NULL) {
3147 icmp_send_redirect(mp1, nhop, ira);
3148 }
3149 }
3150 ire_refrele(nhop_ire);
3151 }
3152
3153 /*
3154 * Generate an ICMP redirect message.
3155 */
3156 static void
icmp_send_redirect(mblk_t * mp,ipaddr_t gateway,ip_recv_attr_t * ira)3157 icmp_send_redirect(mblk_t *mp, ipaddr_t gateway, ip_recv_attr_t *ira)
3158 {
3159 icmph_t icmph;
3160 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
3161
3162 mp = icmp_pkt_err_ok(mp, ira);
3163 if (mp == NULL)
3164 return;
3165
3166 bzero(&icmph, sizeof (icmph_t));
3167 icmph.icmph_type = ICMP_REDIRECT;
3168 icmph.icmph_code = 1;
3169 icmph.icmph_rd_gateway = gateway;
3170 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutRedirects);
3171 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira);
3172 }
3173
3174 /*
3175 * Generate an ICMP time exceeded message.
3176 */
3177 void
icmp_time_exceeded(mblk_t * mp,uint8_t code,ip_recv_attr_t * ira)3178 icmp_time_exceeded(mblk_t *mp, uint8_t code, ip_recv_attr_t *ira)
3179 {
3180 icmph_t icmph;
3181 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
3182
3183 mp = icmp_pkt_err_ok(mp, ira);
3184 if (mp == NULL)
3185 return;
3186
3187 bzero(&icmph, sizeof (icmph_t));
3188 icmph.icmph_type = ICMP_TIME_EXCEEDED;
3189 icmph.icmph_code = code;
3190 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutTimeExcds);
3191 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira);
3192 }
3193
3194 /*
3195 * Generate an ICMP unreachable message.
3196 * When called from ip_output side a minimal ip_recv_attr_t needs to be
3197 * constructed by the caller.
3198 */
3199 void
icmp_unreachable(mblk_t * mp,uint8_t code,ip_recv_attr_t * ira)3200 icmp_unreachable(mblk_t *mp, uint8_t code, ip_recv_attr_t *ira)
3201 {
3202 icmph_t icmph;
3203 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
3204
3205 mp = icmp_pkt_err_ok(mp, ira);
3206 if (mp == NULL)
3207 return;
3208
3209 bzero(&icmph, sizeof (icmph_t));
3210 icmph.icmph_type = ICMP_DEST_UNREACHABLE;
3211 icmph.icmph_code = code;
3212 BUMP_MIB(&ipst->ips_icmp_mib, icmpOutDestUnreachs);
3213 icmp_pkt(mp, &icmph, sizeof (icmph_t), ira);
3214 }
3215
3216 /*
3217 * Latch in the IPsec state for a stream based the policy in the listener
3218 * and the actions in the ip_recv_attr_t.
3219 * Called directly from TCP and SCTP.
3220 */
3221 boolean_t
ip_ipsec_policy_inherit(conn_t * connp,conn_t * lconnp,ip_recv_attr_t * ira)3222 ip_ipsec_policy_inherit(conn_t *connp, conn_t *lconnp, ip_recv_attr_t *ira)
3223 {
3224 ASSERT(lconnp->conn_policy != NULL);
3225 ASSERT(connp->conn_policy == NULL);
3226
3227 IPPH_REFHOLD(lconnp->conn_policy);
3228 connp->conn_policy = lconnp->conn_policy;
3229
3230 if (ira->ira_ipsec_action != NULL) {
3231 if (connp->conn_latch == NULL) {
3232 connp->conn_latch = iplatch_create();
3233 if (connp->conn_latch == NULL)
3234 return (B_FALSE);
3235 }
3236 ipsec_latch_inbound(connp, ira);
3237 }
3238 return (B_TRUE);
3239 }
3240
3241 /*
3242 * Verify whether or not the IP address is a valid local address.
3243 * Could be a unicast, including one for a down interface.
3244 * If allow_mcbc then a multicast or broadcast address is also
3245 * acceptable.
3246 *
3247 * In the case of a broadcast/multicast address, however, the
3248 * upper protocol is expected to reset the src address
3249 * to zero when we return IPVL_MCAST/IPVL_BCAST so that
3250 * no packets are emitted with broadcast/multicast address as
3251 * source address (that violates hosts requirements RFC 1122)
3252 * The addresses valid for bind are:
3253 * (1) - INADDR_ANY (0)
3254 * (2) - IP address of an UP interface
3255 * (3) - IP address of a DOWN interface
3256 * (4) - valid local IP broadcast addresses. In this case
3257 * the conn will only receive packets destined to
3258 * the specified broadcast address.
3259 * (5) - a multicast address. In this case
3260 * the conn will only receive packets destined to
3261 * the specified multicast address. Note: the
3262 * application still has to issue an
3263 * IP_ADD_MEMBERSHIP socket option.
3264 *
3265 * In all the above cases, the bound address must be valid in the current zone.
3266 * When the address is loopback, multicast or broadcast, there might be many
3267 * matching IREs so bind has to look up based on the zone.
3268 */
3269 ip_laddr_t
ip_laddr_verify_v4(ipaddr_t src_addr,zoneid_t zoneid,ip_stack_t * ipst,boolean_t allow_mcbc)3270 ip_laddr_verify_v4(ipaddr_t src_addr, zoneid_t zoneid,
3271 ip_stack_t *ipst, boolean_t allow_mcbc)
3272 {
3273 ire_t *src_ire;
3274
3275 ASSERT(src_addr != INADDR_ANY);
3276
3277 src_ire = ire_ftable_lookup_v4(src_addr, 0, 0, 0,
3278 NULL, zoneid, NULL, MATCH_IRE_ZONEONLY, 0, ipst, NULL);
3279
3280 /*
3281 * If an address other than in6addr_any is requested,
3282 * we verify that it is a valid address for bind
3283 * Note: Following code is in if-else-if form for
3284 * readability compared to a condition check.
3285 */
3286 if (src_ire != NULL && (src_ire->ire_type & (IRE_LOCAL|IRE_LOOPBACK))) {
3287 /*
3288 * (2) Bind to address of local UP interface
3289 */
3290 ire_refrele(src_ire);
3291 return (IPVL_UNICAST_UP);
3292 } else if (src_ire != NULL && src_ire->ire_type & IRE_BROADCAST) {
3293 /*
3294 * (4) Bind to broadcast address
3295 */
3296 ire_refrele(src_ire);
3297 if (allow_mcbc)
3298 return (IPVL_BCAST);
3299 else
3300 return (IPVL_BAD);
3301 } else if (CLASSD(src_addr)) {
3302 /* (5) bind to multicast address. */
3303 if (src_ire != NULL)
3304 ire_refrele(src_ire);
3305
3306 if (allow_mcbc)
3307 return (IPVL_MCAST);
3308 else
3309 return (IPVL_BAD);
3310 } else {
3311 ipif_t *ipif;
3312
3313 /*
3314 * (3) Bind to address of local DOWN interface?
3315 * (ipif_lookup_addr() looks up all interfaces
3316 * but we do not get here for UP interfaces
3317 * - case (2) above)
3318 */
3319 if (src_ire != NULL)
3320 ire_refrele(src_ire);
3321
3322 ipif = ipif_lookup_addr(src_addr, NULL, zoneid, ipst);
3323 if (ipif == NULL)
3324 return (IPVL_BAD);
3325
3326 /* Not a useful source? */
3327 if (ipif->ipif_flags & (IPIF_NOLOCAL | IPIF_ANYCAST)) {
3328 ipif_refrele(ipif);
3329 return (IPVL_BAD);
3330 }
3331 ipif_refrele(ipif);
3332 return (IPVL_UNICAST_DOWN);
3333 }
3334 }
3335
3336 /*
3337 * Insert in the bind fanout for IPv4 and IPv6.
3338 * The caller should already have used ip_laddr_verify_v*() before calling
3339 * this.
3340 */
3341 int
ip_laddr_fanout_insert(conn_t * connp)3342 ip_laddr_fanout_insert(conn_t *connp)
3343 {
3344 int error;
3345
3346 /*
3347 * Allow setting new policies. For example, disconnects result
3348 * in us being called. As we would have set conn_policy_cached
3349 * to B_TRUE before, we should set it to B_FALSE, so that policy
3350 * can change after the disconnect.
3351 */
3352 connp->conn_policy_cached = B_FALSE;
3353
3354 error = ipcl_bind_insert(connp);
3355 if (error != 0) {
3356 if (connp->conn_anon_port) {
3357 (void) tsol_mlp_anon(crgetzone(connp->conn_cred),
3358 connp->conn_mlp_type, connp->conn_proto,
3359 ntohs(connp->conn_lport), B_FALSE);
3360 }
3361 connp->conn_mlp_type = mlptSingle;
3362 }
3363 return (error);
3364 }
3365
3366 /*
3367 * Verify that both the source and destination addresses are valid. If
3368 * IPDF_VERIFY_DST is not set, then the destination address may be unreachable,
3369 * i.e. have no route to it. Protocols like TCP want to verify destination
3370 * reachability, while tunnels do not.
3371 *
3372 * Determine the route, the interface, and (optionally) the source address
3373 * to use to reach a given destination.
3374 * Note that we allow connect to broadcast and multicast addresses when
3375 * IPDF_ALLOW_MCBC is set.
3376 * first_hop and dst_addr are normally the same, but if source routing
3377 * they will differ; in that case the first_hop is what we'll use for the
3378 * routing lookup but the dce and label checks will be done on dst_addr,
3379 *
3380 * If uinfo is set, then we fill in the best available information
3381 * we have for the destination. This is based on (in priority order) any
3382 * metrics and path MTU stored in a dce_t, route metrics, and finally the
3383 * ill_mtu/ill_mc_mtu.
3384 *
3385 * Tsol note: If we have a source route then dst_addr != firsthop. But we
3386 * always do the label check on dst_addr.
3387 */
3388 int
ip_set_destination_v4(ipaddr_t * src_addrp,ipaddr_t dst_addr,ipaddr_t firsthop,ip_xmit_attr_t * ixa,iulp_t * uinfo,uint32_t flags,uint_t mac_mode)3389 ip_set_destination_v4(ipaddr_t *src_addrp, ipaddr_t dst_addr, ipaddr_t firsthop,
3390 ip_xmit_attr_t *ixa, iulp_t *uinfo, uint32_t flags, uint_t mac_mode)
3391 {
3392 ire_t *ire = NULL;
3393 int error = 0;
3394 ipaddr_t setsrc; /* RTF_SETSRC */
3395 zoneid_t zoneid = ixa->ixa_zoneid; /* Honors SO_ALLZONES */
3396 ip_stack_t *ipst = ixa->ixa_ipst;
3397 dce_t *dce;
3398 uint_t pmtu;
3399 uint_t generation;
3400 nce_t *nce;
3401 ill_t *ill = NULL;
3402 boolean_t multirt = B_FALSE;
3403
3404 ASSERT(ixa->ixa_flags & IXAF_IS_IPV4);
3405
3406 /*
3407 * We never send to zero; the ULPs map it to the loopback address.
3408 * We can't allow it since we use zero to mean unitialized in some
3409 * places.
3410 */
3411 ASSERT(dst_addr != INADDR_ANY);
3412
3413 if (is_system_labeled()) {
3414 ts_label_t *tsl = NULL;
3415
3416 error = tsol_check_dest(ixa->ixa_tsl, &dst_addr, IPV4_VERSION,
3417 mac_mode, (flags & IPDF_ZONE_IS_GLOBAL) != 0, &tsl);
3418 if (error != 0)
3419 return (error);
3420 if (tsl != NULL) {
3421 /* Update the label */
3422 ip_xmit_attr_replace_tsl(ixa, tsl);
3423 }
3424 }
3425
3426 setsrc = INADDR_ANY;
3427 /*
3428 * Select a route; For IPMP interfaces, we would only select
3429 * a "hidden" route (i.e., going through a specific under_ill)
3430 * if ixa_ifindex has been specified.
3431 */
3432 ire = ip_select_route_v4(firsthop, *src_addrp, ixa,
3433 &generation, &setsrc, &error, &multirt);
3434 ASSERT(ire != NULL); /* IRE_NOROUTE if none found */
3435 if (error != 0)
3436 goto bad_addr;
3437
3438 /*
3439 * ire can't be a broadcast or multicast unless IPDF_ALLOW_MCBC is set.
3440 * If IPDF_VERIFY_DST is set, the destination must be reachable;
3441 * Otherwise the destination needn't be reachable.
3442 *
3443 * If we match on a reject or black hole, then we've got a
3444 * local failure. May as well fail out the connect() attempt,
3445 * since it's never going to succeed.
3446 */
3447 if (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) {
3448 /*
3449 * If we're verifying destination reachability, we always want
3450 * to complain here.
3451 *
3452 * If we're not verifying destination reachability but the
3453 * destination has a route, we still want to fail on the
3454 * temporary address and broadcast address tests.
3455 *
3456 * In both cases do we let the code continue so some reasonable
3457 * information is returned to the caller. That enables the
3458 * caller to use (and even cache) the IRE. conn_ip_ouput will
3459 * use the generation mismatch path to check for the unreachable
3460 * case thereby avoiding any specific check in the main path.
3461 */
3462 ASSERT(generation == IRE_GENERATION_VERIFY);
3463 if (flags & IPDF_VERIFY_DST) {
3464 /*
3465 * Set errno but continue to set up ixa_ire to be
3466 * the RTF_REJECT|RTF_BLACKHOLE IRE.
3467 * That allows callers to use ip_output to get an
3468 * ICMP error back.
3469 */
3470 if (!(ire->ire_type & IRE_HOST))
3471 error = ENETUNREACH;
3472 else
3473 error = EHOSTUNREACH;
3474 }
3475 }
3476
3477 if ((ire->ire_type & (IRE_BROADCAST|IRE_MULTICAST)) &&
3478 !(flags & IPDF_ALLOW_MCBC)) {
3479 ire_refrele(ire);
3480 ire = ire_reject(ipst, B_FALSE);
3481 generation = IRE_GENERATION_VERIFY;
3482 error = ENETUNREACH;
3483 }
3484
3485 /* Cache things */
3486 if (ixa->ixa_ire != NULL)
3487 ire_refrele_notr(ixa->ixa_ire);
3488 #ifdef DEBUG
3489 ire_refhold_notr(ire);
3490 ire_refrele(ire);
3491 #endif
3492 ixa->ixa_ire = ire;
3493 ixa->ixa_ire_generation = generation;
3494
3495 /*
3496 * Ensure that ixa_dce is always set any time that ixa_ire is set,
3497 * since some callers will send a packet to conn_ip_output() even if
3498 * there's an error.
3499 */
3500 if (flags & IPDF_UNIQUE_DCE) {
3501 /* Fallback to the default dce if allocation fails */
3502 dce = dce_lookup_and_add_v4(dst_addr, ipst);
3503 if (dce != NULL)
3504 generation = dce->dce_generation;
3505 else
3506 dce = dce_lookup_v4(dst_addr, ipst, &generation);
3507 } else {
3508 dce = dce_lookup_v4(dst_addr, ipst, &generation);
3509 }
3510 ASSERT(dce != NULL);
3511 if (ixa->ixa_dce != NULL)
3512 dce_refrele_notr(ixa->ixa_dce);
3513 #ifdef DEBUG
3514 dce_refhold_notr(dce);
3515 dce_refrele(dce);
3516 #endif
3517 ixa->ixa_dce = dce;
3518 ixa->ixa_dce_generation = generation;
3519
3520 /*
3521 * For multicast with multirt we have a flag passed back from
3522 * ire_lookup_multi_ill_v4 since we don't have an IRE for each
3523 * possible multicast address.
3524 * We also need a flag for multicast since we can't check
3525 * whether RTF_MULTIRT is set in ixa_ire for multicast.
3526 */
3527 if (multirt) {
3528 ixa->ixa_postfragfn = ip_postfrag_multirt_v4;
3529 ixa->ixa_flags |= IXAF_MULTIRT_MULTICAST;
3530 } else {
3531 ixa->ixa_postfragfn = ire->ire_postfragfn;
3532 ixa->ixa_flags &= ~IXAF_MULTIRT_MULTICAST;
3533 }
3534 if (!(ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE))) {
3535 /* Get an nce to cache. */
3536 nce = ire_to_nce(ire, firsthop, NULL);
3537 if (nce == NULL) {
3538 /* Allocation failure? */
3539 ixa->ixa_ire_generation = IRE_GENERATION_VERIFY;
3540 } else {
3541 if (ixa->ixa_nce != NULL)
3542 nce_refrele(ixa->ixa_nce);
3543 ixa->ixa_nce = nce;
3544 }
3545 }
3546
3547 /*
3548 * If the source address is a loopback address, the
3549 * destination had best be local or multicast.
3550 * If we are sending to an IRE_LOCAL using a loopback source then
3551 * it had better be the same zoneid.
3552 */
3553 if (*src_addrp == htonl(INADDR_LOOPBACK)) {
3554 if ((ire->ire_type & IRE_LOCAL) && ire->ire_zoneid != zoneid) {
3555 ire = NULL; /* Stored in ixa_ire */
3556 error = EADDRNOTAVAIL;
3557 goto bad_addr;
3558 }
3559 if (!(ire->ire_type & (IRE_LOOPBACK|IRE_LOCAL|IRE_MULTICAST))) {
3560 ire = NULL; /* Stored in ixa_ire */
3561 error = EADDRNOTAVAIL;
3562 goto bad_addr;
3563 }
3564 }
3565 if (ire->ire_type & IRE_BROADCAST) {
3566 /*
3567 * If the ULP didn't have a specified source, then we
3568 * make sure we reselect the source when sending
3569 * broadcasts out different interfaces.
3570 */
3571 if (flags & IPDF_SELECT_SRC)
3572 ixa->ixa_flags |= IXAF_SET_SOURCE;
3573 else
3574 ixa->ixa_flags &= ~IXAF_SET_SOURCE;
3575 }
3576
3577 /*
3578 * Does the caller want us to pick a source address?
3579 */
3580 if (flags & IPDF_SELECT_SRC) {
3581 ipaddr_t src_addr;
3582
3583 /*
3584 * We use use ire_nexthop_ill to avoid the under ipmp
3585 * interface for source address selection. Note that for ipmp
3586 * probe packets, ixa_ifindex would have been specified, and
3587 * the ip_select_route() invocation would have picked an ire
3588 * will ire_ill pointing at an under interface.
3589 */
3590 ill = ire_nexthop_ill(ire);
3591
3592 /* If unreachable we have no ill but need some source */
3593 if (ill == NULL) {
3594 src_addr = htonl(INADDR_LOOPBACK);
3595 /* Make sure we look for a better source address */
3596 generation = SRC_GENERATION_VERIFY;
3597 } else {
3598 error = ip_select_source_v4(ill, setsrc, dst_addr,
3599 ixa->ixa_multicast_ifaddr, zoneid,
3600 ipst, &src_addr, &generation, NULL);
3601 if (error != 0) {
3602 ire = NULL; /* Stored in ixa_ire */
3603 goto bad_addr;
3604 }
3605 }
3606
3607 /*
3608 * We allow the source address to to down.
3609 * However, we check that we don't use the loopback address
3610 * as a source when sending out on the wire.
3611 */
3612 if ((src_addr == htonl(INADDR_LOOPBACK)) &&
3613 !(ire->ire_type & (IRE_LOCAL|IRE_LOOPBACK|IRE_MULTICAST)) &&
3614 !(ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE))) {
3615 ire = NULL; /* Stored in ixa_ire */
3616 error = EADDRNOTAVAIL;
3617 goto bad_addr;
3618 }
3619
3620 *src_addrp = src_addr;
3621 ixa->ixa_src_generation = generation;
3622 }
3623
3624 /*
3625 * Make sure we don't leave an unreachable ixa_nce in place
3626 * since ip_select_route is used when we unplumb i.e., remove
3627 * references on ixa_ire, ixa_nce, and ixa_dce.
3628 */
3629 nce = ixa->ixa_nce;
3630 if (nce != NULL && nce->nce_is_condemned) {
3631 nce_refrele(nce);
3632 ixa->ixa_nce = NULL;
3633 ixa->ixa_ire_generation = IRE_GENERATION_VERIFY;
3634 }
3635
3636 /*
3637 * The caller has set IXAF_PMTU_DISCOVERY if path MTU is desired.
3638 * However, we can't do it for IPv4 multicast or broadcast.
3639 */
3640 if (ire->ire_type & (IRE_BROADCAST|IRE_MULTICAST))
3641 ixa->ixa_flags &= ~IXAF_PMTU_DISCOVERY;
3642
3643 /*
3644 * Set initial value for fragmentation limit. Either conn_ip_output
3645 * or ULP might updates it when there are routing changes.
3646 * Handles a NULL ixa_ire->ire_ill or a NULL ixa_nce for RTF_REJECT.
3647 */
3648 pmtu = ip_get_pmtu(ixa);
3649 ixa->ixa_fragsize = pmtu;
3650 /* Make sure ixa_fragsize and ixa_pmtu remain identical */
3651 if (ixa->ixa_flags & IXAF_VERIFY_PMTU)
3652 ixa->ixa_pmtu = pmtu;
3653
3654 /*
3655 * Extract information useful for some transports.
3656 * First we look for DCE metrics. Then we take what we have in
3657 * the metrics in the route, where the offlink is used if we have
3658 * one.
3659 */
3660 if (uinfo != NULL) {
3661 bzero(uinfo, sizeof (*uinfo));
3662
3663 if (dce->dce_flags & DCEF_UINFO)
3664 *uinfo = dce->dce_uinfo;
3665
3666 rts_merge_metrics(uinfo, &ire->ire_metrics);
3667
3668 /* Allow ire_metrics to decrease the path MTU from above */
3669 if (uinfo->iulp_mtu == 0 || uinfo->iulp_mtu > pmtu)
3670 uinfo->iulp_mtu = pmtu;
3671
3672 uinfo->iulp_localnet = (ire->ire_type & IRE_ONLINK) != 0;
3673 uinfo->iulp_loopback = (ire->ire_type & IRE_LOOPBACK) != 0;
3674 uinfo->iulp_local = (ire->ire_type & IRE_LOCAL) != 0;
3675 }
3676
3677 if (ill != NULL)
3678 ill_refrele(ill);
3679
3680 return (error);
3681
3682 bad_addr:
3683 if (ire != NULL)
3684 ire_refrele(ire);
3685
3686 if (ill != NULL)
3687 ill_refrele(ill);
3688
3689 /*
3690 * Make sure we don't leave an unreachable ixa_nce in place
3691 * since ip_select_route is used when we unplumb i.e., remove
3692 * references on ixa_ire, ixa_nce, and ixa_dce.
3693 */
3694 nce = ixa->ixa_nce;
3695 if (nce != NULL && nce->nce_is_condemned) {
3696 nce_refrele(nce);
3697 ixa->ixa_nce = NULL;
3698 ixa->ixa_ire_generation = IRE_GENERATION_VERIFY;
3699 }
3700
3701 return (error);
3702 }
3703
3704
3705 /*
3706 * Get the base MTU for the case when path MTU discovery is not used.
3707 * Takes the MTU of the IRE into account.
3708 */
3709 uint_t
ip_get_base_mtu(ill_t * ill,ire_t * ire)3710 ip_get_base_mtu(ill_t *ill, ire_t *ire)
3711 {
3712 uint_t mtu;
3713 uint_t iremtu = ire->ire_metrics.iulp_mtu;
3714
3715 if (ire->ire_type & (IRE_MULTICAST|IRE_BROADCAST))
3716 mtu = ill->ill_mc_mtu;
3717 else
3718 mtu = ill->ill_mtu;
3719
3720 if (iremtu != 0 && iremtu < mtu)
3721 mtu = iremtu;
3722
3723 return (mtu);
3724 }
3725
3726 /*
3727 * Get the PMTU for the attributes. Handles both IPv4 and IPv6.
3728 * Assumes that ixa_ire, dce, and nce have already been set up.
3729 *
3730 * The caller has set IXAF_PMTU_DISCOVERY if path MTU discovery is desired.
3731 * We avoid path MTU discovery if it is disabled with ndd.
3732 * Furtermore, if the path MTU is too small, then we don't set DF for IPv4.
3733 *
3734 * NOTE: We also used to turn it off for source routed packets. That
3735 * is no longer required since the dce is per final destination.
3736 */
3737 uint_t
ip_get_pmtu(ip_xmit_attr_t * ixa)3738 ip_get_pmtu(ip_xmit_attr_t *ixa)
3739 {
3740 ip_stack_t *ipst = ixa->ixa_ipst;
3741 dce_t *dce;
3742 nce_t *nce;
3743 ire_t *ire;
3744 uint_t pmtu;
3745
3746 ire = ixa->ixa_ire;
3747 dce = ixa->ixa_dce;
3748 nce = ixa->ixa_nce;
3749
3750 /*
3751 * If path MTU discovery has been turned off by ndd, then we ignore
3752 * any dce_pmtu and for IPv4 we will not set DF.
3753 */
3754 if (!ipst->ips_ip_path_mtu_discovery)
3755 ixa->ixa_flags &= ~IXAF_PMTU_DISCOVERY;
3756
3757 pmtu = IP_MAXPACKET;
3758 /*
3759 * We need to determine if it is acceptable to set DF for IPv4 or not
3760 * and for IPv6 if we need to use the minimum MTU. If a connection has
3761 * opted into path MTU discovery, then we can use 'DF' in IPv4 and do
3762 * not have to constrain ourselves to the IPv6 minimum MTU. There is a
3763 * second consideration here: IXAF_DONTFRAG. This is set as a result of
3764 * someone setting the IP_DONTFRAG or IPV6_DONTFRAG socket option. In
3765 * such a case, it is acceptable to set DF for IPv4 and to use a larger
3766 * MTU. Note, the actual MTU is constrained by the ill_t later on in
3767 * this function.
3768 */
3769 if (ixa->ixa_flags & (IXAF_PMTU_DISCOVERY | IXAF_DONTFRAG)) {
3770 ixa->ixa_flags |= IXAF_PMTU_IPV4_DF;
3771 } else {
3772 ixa->ixa_flags &= ~IXAF_PMTU_IPV4_DF;
3773 if (!(ixa->ixa_flags & IXAF_IS_IPV4))
3774 pmtu = IPV6_MIN_MTU;
3775 }
3776
3777 /* Check if the PMTU is to old before we use it */
3778 if ((dce->dce_flags & DCEF_PMTU) &&
3779 TICK_TO_SEC(ddi_get_lbolt64()) - dce->dce_last_change_time >
3780 ipst->ips_ip_pathmtu_interval) {
3781 /*
3782 * Older than 20 minutes. Drop the path MTU information.
3783 */
3784 mutex_enter(&dce->dce_lock);
3785 dce->dce_flags &= ~(DCEF_PMTU|DCEF_TOO_SMALL_PMTU);
3786 dce->dce_last_change_time = TICK_TO_SEC(ddi_get_lbolt64());
3787 mutex_exit(&dce->dce_lock);
3788 dce_increment_generation(dce);
3789 }
3790
3791 /* The metrics on the route can lower the path MTU */
3792 if (ire->ire_metrics.iulp_mtu != 0 &&
3793 ire->ire_metrics.iulp_mtu < pmtu)
3794 pmtu = ire->ire_metrics.iulp_mtu;
3795
3796 /*
3797 * If the path MTU is smaller than some minimum, we still use dce_pmtu
3798 * above (would be 576 for IPv4 and 1280 for IPv6), but we clear
3799 * IXAF_PMTU_IPV4_DF so that we avoid setting DF for IPv4.
3800 */
3801 if (ixa->ixa_flags & IXAF_PMTU_DISCOVERY) {
3802 if (dce->dce_flags & DCEF_PMTU) {
3803 if (dce->dce_pmtu < pmtu)
3804 pmtu = dce->dce_pmtu;
3805
3806 if (dce->dce_flags & DCEF_TOO_SMALL_PMTU) {
3807 ixa->ixa_flags |= IXAF_PMTU_TOO_SMALL;
3808 ixa->ixa_flags &= ~IXAF_PMTU_IPV4_DF;
3809 } else {
3810 ixa->ixa_flags &= ~IXAF_PMTU_TOO_SMALL;
3811 ixa->ixa_flags |= IXAF_PMTU_IPV4_DF;
3812 }
3813 } else {
3814 ixa->ixa_flags &= ~IXAF_PMTU_TOO_SMALL;
3815 ixa->ixa_flags |= IXAF_PMTU_IPV4_DF;
3816 }
3817 }
3818
3819 /*
3820 * If we have an IRE_LOCAL we use the loopback mtu instead of
3821 * the ill for going out the wire i.e., IRE_LOCAL gets the same
3822 * mtu as IRE_LOOPBACK.
3823 */
3824 if (ire->ire_type & (IRE_LOCAL|IRE_LOOPBACK)) {
3825 uint_t loopback_mtu;
3826
3827 loopback_mtu = (ire->ire_ipversion == IPV6_VERSION) ?
3828 ip_loopback_mtu_v6plus : ip_loopback_mtuplus;
3829
3830 if (loopback_mtu < pmtu)
3831 pmtu = loopback_mtu;
3832 } else if (nce != NULL) {
3833 /*
3834 * Make sure we don't exceed the interface MTU.
3835 * In the case of RTF_REJECT or RTF_BLACKHOLE we might not have
3836 * an ill. We'd use the above IP_MAXPACKET in that case just
3837 * to tell the transport something larger than zero.
3838 */
3839 if (ire->ire_type & (IRE_MULTICAST|IRE_BROADCAST)) {
3840 if (nce->nce_common->ncec_ill->ill_mc_mtu < pmtu)
3841 pmtu = nce->nce_common->ncec_ill->ill_mc_mtu;
3842 if (nce->nce_common->ncec_ill != nce->nce_ill &&
3843 nce->nce_ill->ill_mc_mtu < pmtu) {
3844 /*
3845 * for interfaces in an IPMP group, the mtu of
3846 * the nce_ill (under_ill) could be different
3847 * from the mtu of the ncec_ill, so we take the
3848 * min of the two.
3849 */
3850 pmtu = nce->nce_ill->ill_mc_mtu;
3851 }
3852 } else {
3853 if (nce->nce_common->ncec_ill->ill_mtu < pmtu)
3854 pmtu = nce->nce_common->ncec_ill->ill_mtu;
3855 if (nce->nce_common->ncec_ill != nce->nce_ill &&
3856 nce->nce_ill->ill_mtu < pmtu) {
3857 /*
3858 * for interfaces in an IPMP group, the mtu of
3859 * the nce_ill (under_ill) could be different
3860 * from the mtu of the ncec_ill, so we take the
3861 * min of the two.
3862 */
3863 pmtu = nce->nce_ill->ill_mtu;
3864 }
3865 }
3866 }
3867
3868 /*
3869 * Handle the IPV6_USE_MIN_MTU socket option or ancillary data.
3870 * Only applies to IPv6.
3871 */
3872 if (!(ixa->ixa_flags & IXAF_IS_IPV4)) {
3873 if (ixa->ixa_flags & IXAF_USE_MIN_MTU) {
3874 switch (ixa->ixa_use_min_mtu) {
3875 case IPV6_USE_MIN_MTU_MULTICAST:
3876 if (ire->ire_type & IRE_MULTICAST)
3877 pmtu = IPV6_MIN_MTU;
3878 break;
3879 case IPV6_USE_MIN_MTU_ALWAYS:
3880 pmtu = IPV6_MIN_MTU;
3881 break;
3882 case IPV6_USE_MIN_MTU_NEVER:
3883 break;
3884 }
3885 } else {
3886 /* Default is IPV6_USE_MIN_MTU_MULTICAST */
3887 if (ire->ire_type & IRE_MULTICAST)
3888 pmtu = IPV6_MIN_MTU;
3889 }
3890 }
3891
3892 /*
3893 * For multirouted IPv6 packets, the IP layer will insert a 8-byte
3894 * fragment header in every packet. We compensate for those cases by
3895 * returning a smaller path MTU to the ULP.
3896 *
3897 * In the case of CGTP then ip_output will add a fragment header.
3898 * Make sure there is room for it by telling a smaller number
3899 * to the transport.
3900 *
3901 * When IXAF_IPV6_ADDR_FRAGHDR we subtract the frag hdr here
3902 * so the ULPs consistently see a iulp_pmtu and ip_get_pmtu()
3903 * which is the size of the packets it can send.
3904 */
3905 if (!(ixa->ixa_flags & IXAF_IS_IPV4)) {
3906 if ((ire->ire_flags & RTF_MULTIRT) ||
3907 (ixa->ixa_flags & IXAF_MULTIRT_MULTICAST)) {
3908 pmtu -= sizeof (ip6_frag_t);
3909 ixa->ixa_flags |= IXAF_IPV6_ADD_FRAGHDR;
3910 }
3911 }
3912
3913 return (pmtu);
3914 }
3915
3916 /*
3917 * Carve "len" bytes out of an mblk chain, consuming any we empty, and duping
3918 * the final piece where we don't. Return a pointer to the first mblk in the
3919 * result, and update the pointer to the next mblk to chew on. If anything
3920 * goes wrong (i.e., dupb fails), we waste everything in sight and return a
3921 * NULL pointer.
3922 */
3923 mblk_t *
ip_carve_mp(mblk_t ** mpp,ssize_t len)3924 ip_carve_mp(mblk_t **mpp, ssize_t len)
3925 {
3926 mblk_t *mp0;
3927 mblk_t *mp1;
3928 mblk_t *mp2;
3929
3930 if (!len || !mpp || !(mp0 = *mpp))
3931 return (NULL);
3932 /* If we aren't going to consume the first mblk, we need a dup. */
3933 if (mp0->b_wptr - mp0->b_rptr > len) {
3934 mp1 = dupb(mp0);
3935 if (mp1) {
3936 /* Partition the data between the two mblks. */
3937 mp1->b_wptr = mp1->b_rptr + len;
3938 mp0->b_rptr = mp1->b_wptr;
3939 /*
3940 * after adjustments if mblk not consumed is now
3941 * unaligned, try to align it. If this fails free
3942 * all messages and let upper layer recover.
3943 */
3944 if (!OK_32PTR(mp0->b_rptr)) {
3945 if (!pullupmsg(mp0, -1)) {
3946 freemsg(mp0);
3947 freemsg(mp1);
3948 *mpp = NULL;
3949 return (NULL);
3950 }
3951 }
3952 }
3953 return (mp1);
3954 }
3955 /* Eat through as many mblks as we need to get len bytes. */
3956 len -= mp0->b_wptr - mp0->b_rptr;
3957 for (mp2 = mp1 = mp0; (mp2 = mp2->b_cont) != 0 && len; mp1 = mp2) {
3958 if (mp2->b_wptr - mp2->b_rptr > len) {
3959 /*
3960 * We won't consume the entire last mblk. Like
3961 * above, dup and partition it.
3962 */
3963 mp1->b_cont = dupb(mp2);
3964 mp1 = mp1->b_cont;
3965 if (!mp1) {
3966 /*
3967 * Trouble. Rather than go to a lot of
3968 * trouble to clean up, we free the messages.
3969 * This won't be any worse than losing it on
3970 * the wire.
3971 */
3972 freemsg(mp0);
3973 freemsg(mp2);
3974 *mpp = NULL;
3975 return (NULL);
3976 }
3977 mp1->b_wptr = mp1->b_rptr + len;
3978 mp2->b_rptr = mp1->b_wptr;
3979 /*
3980 * after adjustments if mblk not consumed is now
3981 * unaligned, try to align it. If this fails free
3982 * all messages and let upper layer recover.
3983 */
3984 if (!OK_32PTR(mp2->b_rptr)) {
3985 if (!pullupmsg(mp2, -1)) {
3986 freemsg(mp0);
3987 freemsg(mp2);
3988 *mpp = NULL;
3989 return (NULL);
3990 }
3991 }
3992 *mpp = mp2;
3993 return (mp0);
3994 }
3995 /* Decrement len by the amount we just got. */
3996 len -= mp2->b_wptr - mp2->b_rptr;
3997 }
3998 /*
3999 * len should be reduced to zero now. If not our caller has
4000 * screwed up.
4001 */
4002 if (len) {
4003 /* Shouldn't happen! */
4004 freemsg(mp0);
4005 *mpp = NULL;
4006 return (NULL);
4007 }
4008 /*
4009 * We consumed up to exactly the end of an mblk. Detach the part
4010 * we are returning from the rest of the chain.
4011 */
4012 mp1->b_cont = NULL;
4013 *mpp = mp2;
4014 return (mp0);
4015 }
4016
4017 /* The ill stream is being unplumbed. Called from ip_close */
4018 int
ip_modclose(ill_t * ill)4019 ip_modclose(ill_t *ill)
4020 {
4021 boolean_t success;
4022 ipsq_t *ipsq;
4023 ipif_t *ipif;
4024 queue_t *q = ill->ill_rq;
4025 ip_stack_t *ipst = ill->ill_ipst;
4026 int i;
4027 arl_ill_common_t *ai = ill->ill_common;
4028
4029 /*
4030 * The punlink prior to this may have initiated a capability
4031 * negotiation. But ipsq_enter will block until that finishes or
4032 * times out.
4033 */
4034 success = ipsq_enter(ill, B_FALSE, NEW_OP);
4035
4036 /*
4037 * Open/close/push/pop is guaranteed to be single threaded
4038 * per stream by STREAMS. FS guarantees that all references
4039 * from top are gone before close is called. So there can't
4040 * be another close thread that has set CONDEMNED on this ill.
4041 * and cause ipsq_enter to return failure.
4042 */
4043 ASSERT(success);
4044 ipsq = ill->ill_phyint->phyint_ipsq;
4045
4046 /*
4047 * Mark it condemned. No new reference will be made to this ill.
4048 * Lookup functions will return an error. Threads that try to
4049 * increment the refcnt must check for ILL_CAN_LOOKUP. This ensures
4050 * that the refcnt will drop down to zero.
4051 */
4052 mutex_enter(&ill->ill_lock);
4053 ill->ill_state_flags |= ILL_CONDEMNED;
4054 for (ipif = ill->ill_ipif; ipif != NULL;
4055 ipif = ipif->ipif_next) {
4056 ipif->ipif_state_flags |= IPIF_CONDEMNED;
4057 }
4058 /*
4059 * Wake up anybody waiting to enter the ipsq. ipsq_enter
4060 * returns error if ILL_CONDEMNED is set
4061 */
4062 cv_broadcast(&ill->ill_cv);
4063 mutex_exit(&ill->ill_lock);
4064
4065 /*
4066 * Send all the deferred DLPI messages downstream which came in
4067 * during the small window right before ipsq_enter(). We do this
4068 * without waiting for the ACKs because all the ACKs for M_PROTO
4069 * messages are ignored in ip_rput() when ILL_CONDEMNED is set.
4070 */
4071 ill_dlpi_send_deferred(ill);
4072
4073 /*
4074 * Shut down fragmentation reassembly.
4075 * ill_frag_timer won't start a timer again.
4076 * Now cancel any existing timer
4077 */
4078 (void) untimeout(ill->ill_frag_timer_id);
4079 (void) ill_frag_timeout(ill, 0);
4080
4081 /*
4082 * Call ill_delete to bring down the ipifs, ilms and ill on
4083 * this ill. Then wait for the refcnts to drop to zero.
4084 * ill_is_freeable checks whether the ill is really quiescent.
4085 * Then make sure that threads that are waiting to enter the
4086 * ipsq have seen the error returned by ipsq_enter and have
4087 * gone away. Then we call ill_delete_tail which does the
4088 * DL_UNBIND_REQ with the driver and then qprocsoff.
4089 */
4090 ill_delete(ill);
4091 mutex_enter(&ill->ill_lock);
4092 while (!ill_is_freeable(ill))
4093 cv_wait(&ill->ill_cv, &ill->ill_lock);
4094
4095 while (ill->ill_waiters)
4096 cv_wait(&ill->ill_cv, &ill->ill_lock);
4097
4098 mutex_exit(&ill->ill_lock);
4099
4100 /*
4101 * ill_delete_tail drops reference on ill_ipst, but we need to keep
4102 * it held until the end of the function since the cleanup
4103 * below needs to be able to use the ip_stack_t.
4104 */
4105 netstack_hold(ipst->ips_netstack);
4106
4107 /* qprocsoff is done via ill_delete_tail */
4108 ill_delete_tail(ill);
4109 /*
4110 * synchronously wait for arp stream to unbind. After this, we
4111 * cannot get any data packets up from the driver.
4112 */
4113 arp_unbind_complete(ill);
4114 ASSERT(ill->ill_ipst == NULL);
4115
4116 /*
4117 * Walk through all conns and qenable those that have queued data.
4118 * Close synchronization needs this to
4119 * be done to ensure that all upper layers blocked
4120 * due to flow control to the closing device
4121 * get unblocked.
4122 */
4123 ip1dbg(("ip_wsrv: walking\n"));
4124 for (i = 0; i < TX_FANOUT_SIZE; i++) {
4125 conn_walk_drain(ipst, &ipst->ips_idl_tx_list[i]);
4126 }
4127
4128 /*
4129 * ai can be null if this is an IPv6 ill, or if the IPv4
4130 * stream is being torn down before ARP was plumbed (e.g.,
4131 * /sbin/ifconfig plumbing a stream twice, and encountering
4132 * an error
4133 */
4134 if (ai != NULL) {
4135 ASSERT(!ill->ill_isv6);
4136 mutex_enter(&ai->ai_lock);
4137 ai->ai_ill = NULL;
4138 if (ai->ai_arl == NULL) {
4139 mutex_destroy(&ai->ai_lock);
4140 kmem_free(ai, sizeof (*ai));
4141 } else {
4142 cv_signal(&ai->ai_ill_unplumb_done);
4143 mutex_exit(&ai->ai_lock);
4144 }
4145 }
4146
4147 mutex_enter(&ipst->ips_ip_mi_lock);
4148 mi_close_unlink(&ipst->ips_ip_g_head, (IDP)ill);
4149 mutex_exit(&ipst->ips_ip_mi_lock);
4150
4151 /*
4152 * credp could be null if the open didn't succeed and ip_modopen
4153 * itself calls ip_close.
4154 */
4155 if (ill->ill_credp != NULL)
4156 crfree(ill->ill_credp);
4157
4158 mutex_destroy(&ill->ill_saved_ire_lock);
4159 mutex_destroy(&ill->ill_lock);
4160 rw_destroy(&ill->ill_mcast_lock);
4161 mutex_destroy(&ill->ill_mcast_serializer);
4162 list_destroy(&ill->ill_nce);
4163
4164 /*
4165 * Now we are done with the module close pieces that
4166 * need the netstack_t.
4167 */
4168 netstack_rele(ipst->ips_netstack);
4169
4170 mi_close_free((IDP)ill);
4171 q->q_ptr = WR(q)->q_ptr = NULL;
4172
4173 ipsq_exit(ipsq);
4174
4175 return (0);
4176 }
4177
4178 /*
4179 * This is called as part of close() for IP, UDP, ICMP, and RTS
4180 * in order to quiesce the conn.
4181 */
4182 void
ip_quiesce_conn(conn_t * connp)4183 ip_quiesce_conn(conn_t *connp)
4184 {
4185 boolean_t drain_cleanup_reqd = B_FALSE;
4186 boolean_t conn_ioctl_cleanup_reqd = B_FALSE;
4187 boolean_t ilg_cleanup_reqd = B_FALSE;
4188 ip_stack_t *ipst;
4189
4190 ASSERT(!IPCL_IS_TCP(connp));
4191 ipst = connp->conn_netstack->netstack_ip;
4192
4193 /*
4194 * Mark the conn as closing, and this conn must not be
4195 * inserted in future into any list. Eg. conn_drain_insert(),
4196 * won't insert this conn into the conn_drain_list.
4197 *
4198 * conn_idl, and conn_ilg cannot get set henceforth.
4199 */
4200 mutex_enter(&connp->conn_lock);
4201 ASSERT(!(connp->conn_state_flags & CONN_QUIESCED));
4202 connp->conn_state_flags |= CONN_CLOSING;
4203 if (connp->conn_idl != NULL)
4204 drain_cleanup_reqd = B_TRUE;
4205 if (connp->conn_oper_pending_ill != NULL)
4206 conn_ioctl_cleanup_reqd = B_TRUE;
4207 if (connp->conn_dhcpinit_ill != NULL) {
4208 ASSERT(connp->conn_dhcpinit_ill->ill_dhcpinit != 0);
4209 atomic_dec_32(&connp->conn_dhcpinit_ill->ill_dhcpinit);
4210 ill_set_inputfn(connp->conn_dhcpinit_ill);
4211 connp->conn_dhcpinit_ill = NULL;
4212 }
4213 if (connp->conn_ilg != NULL)
4214 ilg_cleanup_reqd = B_TRUE;
4215 mutex_exit(&connp->conn_lock);
4216
4217 if (conn_ioctl_cleanup_reqd)
4218 conn_ioctl_cleanup(connp);
4219
4220 if (is_system_labeled() && connp->conn_anon_port) {
4221 (void) tsol_mlp_anon(crgetzone(connp->conn_cred),
4222 connp->conn_mlp_type, connp->conn_proto,
4223 ntohs(connp->conn_lport), B_FALSE);
4224 connp->conn_anon_port = 0;
4225 }
4226 connp->conn_mlp_type = mlptSingle;
4227
4228 /*
4229 * Remove this conn from any fanout list it is on.
4230 * and then wait for any threads currently operating
4231 * on this endpoint to finish
4232 */
4233 ipcl_hash_remove(connp);
4234
4235 /*
4236 * Remove this conn from the drain list, and do any other cleanup that
4237 * may be required. (TCP conns are never flow controlled, and
4238 * conn_idl will be NULL.)
4239 */
4240 if (drain_cleanup_reqd && connp->conn_idl != NULL) {
4241 idl_t *idl = connp->conn_idl;
4242
4243 mutex_enter(&idl->idl_lock);
4244 conn_drain(connp, B_TRUE);
4245 mutex_exit(&idl->idl_lock);
4246 }
4247
4248 if (connp == ipst->ips_ip_g_mrouter)
4249 (void) ip_mrouter_done(ipst);
4250
4251 if (ilg_cleanup_reqd)
4252 ilg_delete_all(connp);
4253
4254 /*
4255 * Now conn refcnt can increase only thru CONN_INC_REF_LOCKED.
4256 * callers from write side can't be there now because close
4257 * is in progress. The only other caller is ipcl_walk
4258 * which checks for the condemned flag.
4259 */
4260 mutex_enter(&connp->conn_lock);
4261 connp->conn_state_flags |= CONN_CONDEMNED;
4262 while (connp->conn_ref != 1)
4263 cv_wait(&connp->conn_cv, &connp->conn_lock);
4264 connp->conn_state_flags |= CONN_QUIESCED;
4265 mutex_exit(&connp->conn_lock);
4266 }
4267
4268 /* ARGSUSED */
4269 int
ip_close(queue_t * q,int flags,cred_t * credp __unused)4270 ip_close(queue_t *q, int flags, cred_t *credp __unused)
4271 {
4272 conn_t *connp;
4273
4274 /*
4275 * Call the appropriate delete routine depending on whether this is
4276 * a module or device.
4277 */
4278 if (WR(q)->q_next != NULL) {
4279 /* This is a module close */
4280 return (ip_modclose((ill_t *)q->q_ptr));
4281 }
4282
4283 connp = q->q_ptr;
4284 ip_quiesce_conn(connp);
4285
4286 qprocsoff(q);
4287
4288 /*
4289 * Now we are truly single threaded on this stream, and can
4290 * delete the things hanging off the connp, and finally the connp.
4291 * We removed this connp from the fanout list, it cannot be
4292 * accessed thru the fanouts, and we already waited for the
4293 * conn_ref to drop to 0. We are already in close, so
4294 * there cannot be any other thread from the top. qprocsoff
4295 * has completed, and service has completed or won't run in
4296 * future.
4297 */
4298 ASSERT(connp->conn_ref == 1);
4299
4300 inet_minor_free(connp->conn_minor_arena, connp->conn_dev);
4301
4302 connp->conn_ref--;
4303 ipcl_conn_destroy(connp);
4304
4305 q->q_ptr = WR(q)->q_ptr = NULL;
4306 return (0);
4307 }
4308
4309 /*
4310 * Wapper around putnext() so that ip_rts_request can merely use
4311 * conn_recv.
4312 */
4313 /*ARGSUSED2*/
4314 static void
ip_conn_input(void * arg1,mblk_t * mp,void * arg2,ip_recv_attr_t * ira)4315 ip_conn_input(void *arg1, mblk_t *mp, void *arg2, ip_recv_attr_t *ira)
4316 {
4317 conn_t *connp = (conn_t *)arg1;
4318
4319 putnext(connp->conn_rq, mp);
4320 }
4321
4322 /* Dummy in case ICMP error delivery is attempted to a /dev/ip instance */
4323 /* ARGSUSED */
4324 static void
ip_conn_input_icmp(void * arg1,mblk_t * mp,void * arg2,ip_recv_attr_t * ira)4325 ip_conn_input_icmp(void *arg1, mblk_t *mp, void *arg2, ip_recv_attr_t *ira)
4326 {
4327 freemsg(mp);
4328 }
4329
4330 /*
4331 * Called when the module is about to be unloaded
4332 */
4333 void
ip_ddi_destroy(void)4334 ip_ddi_destroy(void)
4335 {
4336 /* This needs to be called before destroying any transports. */
4337 mutex_enter(&cpu_lock);
4338 unregister_cpu_setup_func(ip_tp_cpu_update, NULL);
4339 mutex_exit(&cpu_lock);
4340
4341 tnet_fini();
4342
4343 icmp_ddi_g_destroy();
4344 rts_ddi_g_destroy();
4345 udp_ddi_g_destroy();
4346 sctp_ddi_g_destroy();
4347 tcp_ddi_g_destroy();
4348 ilb_ddi_g_destroy();
4349 dce_g_destroy();
4350 ipsec_policy_g_destroy();
4351 ipcl_g_destroy();
4352 ip_net_g_destroy();
4353 ip_ire_g_fini();
4354 inet_minor_destroy(ip_minor_arena_sa);
4355 #if defined(_LP64)
4356 inet_minor_destroy(ip_minor_arena_la);
4357 #endif
4358
4359 #ifdef DEBUG
4360 list_destroy(&ip_thread_list);
4361 rw_destroy(&ip_thread_rwlock);
4362 tsd_destroy(&ip_thread_data);
4363 #endif
4364
4365 netstack_unregister(NS_IP);
4366 }
4367
4368 /*
4369 * First step in cleanup.
4370 */
4371 /* ARGSUSED */
4372 static void
ip_stack_shutdown(netstackid_t stackid,void * arg)4373 ip_stack_shutdown(netstackid_t stackid, void *arg)
4374 {
4375 ip_stack_t *ipst = (ip_stack_t *)arg;
4376 kt_did_t ktid;
4377
4378 #ifdef NS_DEBUG
4379 printf("ip_stack_shutdown(%p, stack %d)\n", (void *)ipst, stackid);
4380 #endif
4381
4382 /*
4383 * Perform cleanup for special interfaces (loopback and IPMP).
4384 */
4385 ip_interface_cleanup(ipst);
4386
4387 /*
4388 * The *_hook_shutdown()s start the process of notifying any
4389 * consumers that things are going away.... nothing is destroyed.
4390 */
4391 ipv4_hook_shutdown(ipst);
4392 ipv6_hook_shutdown(ipst);
4393 arp_hook_shutdown(ipst);
4394
4395 mutex_enter(&ipst->ips_capab_taskq_lock);
4396 ktid = ipst->ips_capab_taskq_thread->t_did;
4397 ipst->ips_capab_taskq_quit = B_TRUE;
4398 cv_signal(&ipst->ips_capab_taskq_cv);
4399 mutex_exit(&ipst->ips_capab_taskq_lock);
4400
4401 /*
4402 * In rare occurrences, particularly on virtual hardware where CPUs can
4403 * be de-scheduled, the thread that we just signaled will not run until
4404 * after we have gotten through parts of ip_stack_fini. If that happens
4405 * then we'll try to grab the ips_capab_taskq_lock as part of returning
4406 * from cv_wait which no longer exists.
4407 */
4408 thread_join(ktid);
4409 }
4410
4411 /*
4412 * Free the IP stack instance.
4413 */
4414 static void
ip_stack_fini(netstackid_t stackid,void * arg)4415 ip_stack_fini(netstackid_t stackid, void *arg)
4416 {
4417 ip_stack_t *ipst = (ip_stack_t *)arg;
4418 int ret;
4419
4420 #ifdef NS_DEBUG
4421 printf("ip_stack_fini(%p, stack %d)\n", (void *)ipst, stackid);
4422 #endif
4423 /*
4424 * At this point, all of the notifications that the events and
4425 * protocols are going away have been run, meaning that we can
4426 * now set about starting to clean things up.
4427 */
4428 ipobs_fini(ipst);
4429 ipv4_hook_destroy(ipst);
4430 ipv6_hook_destroy(ipst);
4431 arp_hook_destroy(ipst);
4432 ip_net_destroy(ipst);
4433
4434 ipmp_destroy(ipst);
4435
4436 ip_kstat_fini(stackid, ipst->ips_ip_mibkp);
4437 ipst->ips_ip_mibkp = NULL;
4438 icmp_kstat_fini(stackid, ipst->ips_icmp_mibkp);
4439 ipst->ips_icmp_mibkp = NULL;
4440 ip_kstat2_fini(stackid, ipst->ips_ip_kstat);
4441 ipst->ips_ip_kstat = NULL;
4442 bzero(&ipst->ips_ip_statistics, sizeof (ipst->ips_ip_statistics));
4443 ip6_kstat_fini(stackid, ipst->ips_ip6_kstat);
4444 ipst->ips_ip6_kstat = NULL;
4445 bzero(&ipst->ips_ip6_statistics, sizeof (ipst->ips_ip6_statistics));
4446
4447 kmem_free(ipst->ips_propinfo_tbl,
4448 ip_propinfo_count * sizeof (mod_prop_info_t));
4449 ipst->ips_propinfo_tbl = NULL;
4450
4451 dce_stack_destroy(ipst);
4452 ip_mrouter_stack_destroy(ipst);
4453
4454 /*
4455 * Quiesce all of our timers. Note we set the quiesce flags before we
4456 * call untimeout. The slowtimers may actually kick off another instance
4457 * of the non-slow timers.
4458 */
4459 mutex_enter(&ipst->ips_igmp_timer_lock);
4460 ipst->ips_igmp_timer_quiesce = B_TRUE;
4461 mutex_exit(&ipst->ips_igmp_timer_lock);
4462
4463 mutex_enter(&ipst->ips_mld_timer_lock);
4464 ipst->ips_mld_timer_quiesce = B_TRUE;
4465 mutex_exit(&ipst->ips_mld_timer_lock);
4466
4467 mutex_enter(&ipst->ips_igmp_slowtimeout_lock);
4468 ipst->ips_igmp_slowtimeout_quiesce = B_TRUE;
4469 mutex_exit(&ipst->ips_igmp_slowtimeout_lock);
4470
4471 mutex_enter(&ipst->ips_mld_slowtimeout_lock);
4472 ipst->ips_mld_slowtimeout_quiesce = B_TRUE;
4473 mutex_exit(&ipst->ips_mld_slowtimeout_lock);
4474
4475 ret = untimeout(ipst->ips_igmp_timeout_id);
4476 if (ret == -1) {
4477 ASSERT(ipst->ips_igmp_timeout_id == 0);
4478 } else {
4479 ASSERT(ipst->ips_igmp_timeout_id != 0);
4480 ipst->ips_igmp_timeout_id = 0;
4481 }
4482 ret = untimeout(ipst->ips_igmp_slowtimeout_id);
4483 if (ret == -1) {
4484 ASSERT(ipst->ips_igmp_slowtimeout_id == 0);
4485 } else {
4486 ASSERT(ipst->ips_igmp_slowtimeout_id != 0);
4487 ipst->ips_igmp_slowtimeout_id = 0;
4488 }
4489 ret = untimeout(ipst->ips_mld_timeout_id);
4490 if (ret == -1) {
4491 ASSERT(ipst->ips_mld_timeout_id == 0);
4492 } else {
4493 ASSERT(ipst->ips_mld_timeout_id != 0);
4494 ipst->ips_mld_timeout_id = 0;
4495 }
4496 ret = untimeout(ipst->ips_mld_slowtimeout_id);
4497 if (ret == -1) {
4498 ASSERT(ipst->ips_mld_slowtimeout_id == 0);
4499 } else {
4500 ASSERT(ipst->ips_mld_slowtimeout_id != 0);
4501 ipst->ips_mld_slowtimeout_id = 0;
4502 }
4503
4504 ip_ire_fini(ipst);
4505 ip6_asp_free(ipst);
4506 conn_drain_fini(ipst);
4507 ipcl_destroy(ipst);
4508
4509 mutex_destroy(&ipst->ips_ndp4->ndp_g_lock);
4510 mutex_destroy(&ipst->ips_ndp6->ndp_g_lock);
4511 kmem_free(ipst->ips_ndp4, sizeof (ndp_g_t));
4512 ipst->ips_ndp4 = NULL;
4513 kmem_free(ipst->ips_ndp6, sizeof (ndp_g_t));
4514 ipst->ips_ndp6 = NULL;
4515
4516 if (ipst->ips_loopback_ksp != NULL) {
4517 kstat_delete_netstack(ipst->ips_loopback_ksp, stackid);
4518 ipst->ips_loopback_ksp = NULL;
4519 }
4520
4521 mutex_destroy(&ipst->ips_capab_taskq_lock);
4522 cv_destroy(&ipst->ips_capab_taskq_cv);
4523
4524 rw_destroy(&ipst->ips_srcid_lock);
4525
4526 mutex_destroy(&ipst->ips_ip_mi_lock);
4527 rw_destroy(&ipst->ips_ill_g_usesrc_lock);
4528
4529 mutex_destroy(&ipst->ips_igmp_timer_lock);
4530 mutex_destroy(&ipst->ips_mld_timer_lock);
4531 mutex_destroy(&ipst->ips_igmp_slowtimeout_lock);
4532 mutex_destroy(&ipst->ips_mld_slowtimeout_lock);
4533 mutex_destroy(&ipst->ips_ip_addr_avail_lock);
4534 rw_destroy(&ipst->ips_ill_g_lock);
4535
4536 kmem_free(ipst->ips_phyint_g_list, sizeof (phyint_list_t));
4537 ipst->ips_phyint_g_list = NULL;
4538 kmem_free(ipst->ips_ill_g_heads, sizeof (ill_g_head_t) * MAX_G_HEADS);
4539 ipst->ips_ill_g_heads = NULL;
4540
4541 ldi_ident_release(ipst->ips_ldi_ident);
4542 kmem_free(ipst, sizeof (*ipst));
4543 }
4544
4545 /*
4546 * This function is called from the TSD destructor, and is used to debug
4547 * reference count issues in IP. See block comment in <inet/ip_if.h> for
4548 * details.
4549 */
4550 static void
ip_thread_exit(void * phash)4551 ip_thread_exit(void *phash)
4552 {
4553 th_hash_t *thh = phash;
4554
4555 rw_enter(&ip_thread_rwlock, RW_WRITER);
4556 list_remove(&ip_thread_list, thh);
4557 rw_exit(&ip_thread_rwlock);
4558 mod_hash_destroy_hash(thh->thh_hash);
4559 kmem_free(thh, sizeof (*thh));
4560 }
4561
4562 /*
4563 * Called when the IP kernel module is loaded into the kernel
4564 */
4565 void
ip_ddi_init(void)4566 ip_ddi_init(void)
4567 {
4568 ip_squeue_flag = ip_squeue_switch(ip_squeue_enter);
4569
4570 /*
4571 * For IP and TCP the minor numbers should start from 2 since we have 4
4572 * initial devices: ip, ip6, tcp, tcp6.
4573 */
4574 /*
4575 * If this is a 64-bit kernel, then create two separate arenas -
4576 * one for TLIs in the range of INET_MIN_DEV+2 through 2^^18-1, and the
4577 * other for socket apps in the range 2^^18 through 2^^32-1.
4578 */
4579 ip_minor_arena_la = NULL;
4580 ip_minor_arena_sa = NULL;
4581 #if defined(_LP64)
4582 if ((ip_minor_arena_sa = inet_minor_create("ip_minor_arena_sa",
4583 INET_MIN_DEV + 2, MAXMIN32, KM_SLEEP)) == NULL) {
4584 cmn_err(CE_PANIC,
4585 "ip_ddi_init: ip_minor_arena_sa creation failed\n");
4586 }
4587 if ((ip_minor_arena_la = inet_minor_create("ip_minor_arena_la",
4588 MAXMIN32 + 1, MAXMIN64, KM_SLEEP)) == NULL) {
4589 cmn_err(CE_PANIC,
4590 "ip_ddi_init: ip_minor_arena_la creation failed\n");
4591 }
4592 #else
4593 if ((ip_minor_arena_sa = inet_minor_create("ip_minor_arena_sa",
4594 INET_MIN_DEV + 2, MAXMIN, KM_SLEEP)) == NULL) {
4595 cmn_err(CE_PANIC,
4596 "ip_ddi_init: ip_minor_arena_sa creation failed\n");
4597 }
4598 #endif
4599 ip_poll_normal_ticks = MSEC_TO_TICK_ROUNDUP(ip_poll_normal_ms);
4600
4601 ipcl_g_init();
4602 ip_ire_g_init();
4603 ip_net_g_init();
4604
4605 #ifdef DEBUG
4606 tsd_create(&ip_thread_data, ip_thread_exit);
4607 rw_init(&ip_thread_rwlock, NULL, RW_DEFAULT, NULL);
4608 list_create(&ip_thread_list, sizeof (th_hash_t),
4609 offsetof(th_hash_t, thh_link));
4610 #endif
4611 ipsec_policy_g_init();
4612 tcp_ddi_g_init();
4613 sctp_ddi_g_init();
4614 dce_g_init();
4615
4616 /*
4617 * We want to be informed each time a stack is created or
4618 * destroyed in the kernel, so we can maintain the
4619 * set of udp_stack_t's.
4620 */
4621 netstack_register(NS_IP, ip_stack_init, ip_stack_shutdown,
4622 ip_stack_fini);
4623
4624 tnet_init();
4625
4626 udp_ddi_g_init();
4627 rts_ddi_g_init();
4628 icmp_ddi_g_init();
4629 ilb_ddi_g_init();
4630
4631 /* This needs to be called after all transports are initialized. */
4632 mutex_enter(&cpu_lock);
4633 register_cpu_setup_func(ip_tp_cpu_update, NULL);
4634 mutex_exit(&cpu_lock);
4635 }
4636
4637 /*
4638 * Initialize the IP stack instance.
4639 */
4640 static void *
ip_stack_init(netstackid_t stackid,netstack_t * ns)4641 ip_stack_init(netstackid_t stackid, netstack_t *ns)
4642 {
4643 ip_stack_t *ipst;
4644 size_t arrsz;
4645 major_t major;
4646
4647 #ifdef NS_DEBUG
4648 printf("ip_stack_init(stack %d)\n", stackid);
4649 #endif
4650
4651 ipst = (ip_stack_t *)kmem_zalloc(sizeof (*ipst), KM_SLEEP);
4652 ipst->ips_netstack = ns;
4653
4654 ipst->ips_ill_g_heads = kmem_zalloc(sizeof (ill_g_head_t) * MAX_G_HEADS,
4655 KM_SLEEP);
4656 ipst->ips_phyint_g_list = kmem_zalloc(sizeof (phyint_list_t),
4657 KM_SLEEP);
4658 ipst->ips_ndp4 = kmem_zalloc(sizeof (ndp_g_t), KM_SLEEP);
4659 ipst->ips_ndp6 = kmem_zalloc(sizeof (ndp_g_t), KM_SLEEP);
4660 mutex_init(&ipst->ips_ndp4->ndp_g_lock, NULL, MUTEX_DEFAULT, NULL);
4661 mutex_init(&ipst->ips_ndp6->ndp_g_lock, NULL, MUTEX_DEFAULT, NULL);
4662
4663 mutex_init(&ipst->ips_igmp_timer_lock, NULL, MUTEX_DEFAULT, NULL);
4664 ipst->ips_igmp_deferred_next = INFINITY;
4665 mutex_init(&ipst->ips_mld_timer_lock, NULL, MUTEX_DEFAULT, NULL);
4666 ipst->ips_mld_deferred_next = INFINITY;
4667 mutex_init(&ipst->ips_igmp_slowtimeout_lock, NULL, MUTEX_DEFAULT, NULL);
4668 mutex_init(&ipst->ips_mld_slowtimeout_lock, NULL, MUTEX_DEFAULT, NULL);
4669 mutex_init(&ipst->ips_ip_mi_lock, NULL, MUTEX_DEFAULT, NULL);
4670 mutex_init(&ipst->ips_ip_addr_avail_lock, NULL, MUTEX_DEFAULT, NULL);
4671 rw_init(&ipst->ips_ill_g_lock, NULL, RW_DEFAULT, NULL);
4672 rw_init(&ipst->ips_ill_g_usesrc_lock, NULL, RW_DEFAULT, NULL);
4673
4674 ipcl_init(ipst);
4675 ip_ire_init(ipst);
4676 ip6_asp_init(ipst);
4677 ipif_init(ipst);
4678 conn_drain_init(ipst);
4679 ip_mrouter_stack_init(ipst);
4680 dce_stack_init(ipst);
4681
4682 ipst->ips_ip_multirt_log_interval = 1000;
4683
4684 ipst->ips_ill_index = 1;
4685
4686 ipst->ips_saved_ip_forwarding = -1;
4687 ipst->ips_reg_vif_num = ALL_VIFS; /* Index to Register vif */
4688
4689 arrsz = ip_propinfo_count * sizeof (mod_prop_info_t);
4690 ipst->ips_propinfo_tbl = (mod_prop_info_t *)kmem_alloc(arrsz, KM_SLEEP);
4691 bcopy(ip_propinfo_tbl, ipst->ips_propinfo_tbl, arrsz);
4692
4693 ipst->ips_ip_mibkp = ip_kstat_init(stackid, ipst);
4694 ipst->ips_icmp_mibkp = icmp_kstat_init(stackid);
4695 ipst->ips_ip_kstat = ip_kstat2_init(stackid, &ipst->ips_ip_statistics);
4696 ipst->ips_ip6_kstat =
4697 ip6_kstat_init(stackid, &ipst->ips_ip6_statistics);
4698
4699 ipst->ips_ip_src_id = 1;
4700 rw_init(&ipst->ips_srcid_lock, NULL, RW_DEFAULT, NULL);
4701
4702 ipst->ips_src_generation = SRC_GENERATION_INITIAL;
4703
4704 ip_net_init(ipst, ns);
4705 ipv4_hook_init(ipst);
4706 ipv6_hook_init(ipst);
4707 arp_hook_init(ipst);
4708 ipmp_init(ipst);
4709 ipobs_init(ipst);
4710
4711 /*
4712 * Create the taskq dispatcher thread and initialize related stuff.
4713 */
4714 mutex_init(&ipst->ips_capab_taskq_lock, NULL, MUTEX_DEFAULT, NULL);
4715 cv_init(&ipst->ips_capab_taskq_cv, NULL, CV_DEFAULT, NULL);
4716 ipst->ips_capab_taskq_thread = thread_create(NULL, 0,
4717 ill_taskq_dispatch, ipst, 0, &p0, TS_RUN, minclsyspri);
4718
4719 major = mod_name_to_major(INET_NAME);
4720 (void) ldi_ident_from_major(major, &ipst->ips_ldi_ident);
4721 return (ipst);
4722 }
4723
4724 /*
4725 * Allocate and initialize a DLPI template of the specified length. (May be
4726 * called as writer.)
4727 */
4728 mblk_t *
ip_dlpi_alloc(size_t len,t_uscalar_t prim)4729 ip_dlpi_alloc(size_t len, t_uscalar_t prim)
4730 {
4731 mblk_t *mp;
4732
4733 mp = allocb(len, BPRI_MED);
4734 if (!mp)
4735 return (NULL);
4736
4737 /*
4738 * DLPIv2 says that DL_INFO_REQ and DL_TOKEN_REQ (the latter
4739 * of which we don't seem to use) are sent with M_PCPROTO, and
4740 * that other DLPI are M_PROTO.
4741 */
4742 if (prim == DL_INFO_REQ) {
4743 mp->b_datap->db_type = M_PCPROTO;
4744 } else {
4745 mp->b_datap->db_type = M_PROTO;
4746 }
4747
4748 mp->b_wptr = mp->b_rptr + len;
4749 bzero(mp->b_rptr, len);
4750 ((dl_unitdata_req_t *)mp->b_rptr)->dl_primitive = prim;
4751 return (mp);
4752 }
4753
4754 /*
4755 * Allocate and initialize a DLPI notification. (May be called as writer.)
4756 */
4757 mblk_t *
ip_dlnotify_alloc(uint_t notification,uint_t data)4758 ip_dlnotify_alloc(uint_t notification, uint_t data)
4759 {
4760 dl_notify_ind_t *notifyp;
4761 mblk_t *mp;
4762
4763 if ((mp = ip_dlpi_alloc(DL_NOTIFY_IND_SIZE, DL_NOTIFY_IND)) == NULL)
4764 return (NULL);
4765
4766 notifyp = (dl_notify_ind_t *)mp->b_rptr;
4767 notifyp->dl_notification = notification;
4768 notifyp->dl_data = data;
4769 return (mp);
4770 }
4771
4772 mblk_t *
ip_dlnotify_alloc2(uint_t notification,uint_t data1,uint_t data2)4773 ip_dlnotify_alloc2(uint_t notification, uint_t data1, uint_t data2)
4774 {
4775 dl_notify_ind_t *notifyp;
4776 mblk_t *mp;
4777
4778 if ((mp = ip_dlpi_alloc(DL_NOTIFY_IND_SIZE, DL_NOTIFY_IND)) == NULL)
4779 return (NULL);
4780
4781 notifyp = (dl_notify_ind_t *)mp->b_rptr;
4782 notifyp->dl_notification = notification;
4783 notifyp->dl_data1 = data1;
4784 notifyp->dl_data2 = data2;
4785 return (mp);
4786 }
4787
4788 /*
4789 * Debug formatting routine. Returns a character string representation of the
4790 * addr in buf, of the form xxx.xxx.xxx.xxx. This routine takes the address
4791 * in the form of a ipaddr_t and calls ip_dot_saddr with a pointer.
4792 *
4793 * Once the ndd table-printing interfaces are removed, this can be changed to
4794 * standard dotted-decimal form.
4795 */
4796 char *
ip_dot_addr(ipaddr_t addr,char * buf)4797 ip_dot_addr(ipaddr_t addr, char *buf)
4798 {
4799 uint8_t *ap = (uint8_t *)&addr;
4800
4801 (void) mi_sprintf(buf, "%03d.%03d.%03d.%03d",
4802 ap[0] & 0xFF, ap[1] & 0xFF, ap[2] & 0xFF, ap[3] & 0xFF);
4803 return (buf);
4804 }
4805
4806 /*
4807 * Write the given MAC address as a printable string in the usual colon-
4808 * separated format.
4809 */
4810 const char *
mac_colon_addr(const uint8_t * addr,size_t alen,char * buf,size_t buflen)4811 mac_colon_addr(const uint8_t *addr, size_t alen, char *buf, size_t buflen)
4812 {
4813 char *bp;
4814
4815 if (alen == 0 || buflen < 4)
4816 return ("?");
4817 bp = buf;
4818 for (;;) {
4819 /*
4820 * If there are more MAC address bytes available, but we won't
4821 * have any room to print them, then add "..." to the string
4822 * instead. See below for the 'magic number' explanation.
4823 */
4824 if ((alen == 2 && buflen < 6) || (alen > 2 && buflen < 7)) {
4825 (void) strcpy(bp, "...");
4826 break;
4827 }
4828 (void) sprintf(bp, "%02x", *addr++);
4829 bp += 2;
4830 if (--alen == 0)
4831 break;
4832 *bp++ = ':';
4833 buflen -= 3;
4834 /*
4835 * At this point, based on the first 'if' statement above,
4836 * either alen == 1 and buflen >= 3, or alen > 1 and
4837 * buflen >= 4. The first case leaves room for the final "xx"
4838 * number and trailing NUL byte. The second leaves room for at
4839 * least "...". Thus the apparently 'magic' numbers chosen for
4840 * that statement.
4841 */
4842 }
4843 return (buf);
4844 }
4845
4846 /*
4847 * Called when it is conceptually a ULP that would sent the packet
4848 * e.g., port unreachable and protocol unreachable. Check that the packet
4849 * would have passed the IPsec global policy before sending the error.
4850 *
4851 * Send an ICMP error after patching up the packet appropriately.
4852 * Uses ip_drop_input and bumps the appropriate MIB.
4853 */
4854 void
ip_fanout_send_icmp_v4(mblk_t * mp,uint_t icmp_type,uint_t icmp_code,ip_recv_attr_t * ira)4855 ip_fanout_send_icmp_v4(mblk_t *mp, uint_t icmp_type, uint_t icmp_code,
4856 ip_recv_attr_t *ira)
4857 {
4858 ipha_t *ipha;
4859 boolean_t secure;
4860 ill_t *ill = ira->ira_ill;
4861 ip_stack_t *ipst = ill->ill_ipst;
4862 netstack_t *ns = ipst->ips_netstack;
4863 ipsec_stack_t *ipss = ns->netstack_ipsec;
4864
4865 secure = ira->ira_flags & IRAF_IPSEC_SECURE;
4866
4867 /*
4868 * We are generating an icmp error for some inbound packet.
4869 * Called from all ip_fanout_(udp, tcp, proto) functions.
4870 * Before we generate an error, check with global policy
4871 * to see whether this is allowed to enter the system. As
4872 * there is no "conn", we are checking with global policy.
4873 */
4874 ipha = (ipha_t *)mp->b_rptr;
4875 if (secure || ipss->ipsec_inbound_v4_policy_present) {
4876 mp = ipsec_check_global_policy(mp, NULL, ipha, NULL, ira, ns);
4877 if (mp == NULL)
4878 return;
4879 }
4880
4881 /* We never send errors for protocols that we do implement */
4882 if (ira->ira_protocol == IPPROTO_ICMP ||
4883 ira->ira_protocol == IPPROTO_IGMP) {
4884 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
4885 ip_drop_input("ip_fanout_send_icmp_v4", mp, ill);
4886 freemsg(mp);
4887 return;
4888 }
4889 /*
4890 * Have to correct checksum since
4891 * the packet might have been
4892 * fragmented and the reassembly code in ip_rput
4893 * does not restore the IP checksum.
4894 */
4895 ipha->ipha_hdr_checksum = 0;
4896 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha);
4897
4898 switch (icmp_type) {
4899 case ICMP_DEST_UNREACHABLE:
4900 switch (icmp_code) {
4901 case ICMP_PROTOCOL_UNREACHABLE:
4902 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInUnknownProtos);
4903 ip_drop_input("ipIfStatsInUnknownProtos", mp, ill);
4904 break;
4905 case ICMP_PORT_UNREACHABLE:
4906 BUMP_MIB(ill->ill_ip_mib, udpIfStatsNoPorts);
4907 ip_drop_input("ipIfStatsNoPorts", mp, ill);
4908 break;
4909 }
4910
4911 icmp_unreachable(mp, icmp_code, ira);
4912 break;
4913 default:
4914 #ifdef DEBUG
4915 panic("ip_fanout_send_icmp_v4: wrong type");
4916 /*NOTREACHED*/
4917 #else
4918 freemsg(mp);
4919 break;
4920 #endif
4921 }
4922 }
4923
4924 /*
4925 * Used to send an ICMP error message when a packet is received for
4926 * a protocol that is not supported. The mblk passed as argument
4927 * is consumed by this function.
4928 */
4929 void
ip_proto_not_sup(mblk_t * mp,ip_recv_attr_t * ira)4930 ip_proto_not_sup(mblk_t *mp, ip_recv_attr_t *ira)
4931 {
4932 ipha_t *ipha;
4933
4934 ipha = (ipha_t *)mp->b_rptr;
4935 if (ira->ira_flags & IRAF_IS_IPV4) {
4936 ASSERT(IPH_HDR_VERSION(ipha) == IP_VERSION);
4937 ip_fanout_send_icmp_v4(mp, ICMP_DEST_UNREACHABLE,
4938 ICMP_PROTOCOL_UNREACHABLE, ira);
4939 } else {
4940 ASSERT(IPH_HDR_VERSION(ipha) == IPV6_VERSION);
4941 ip_fanout_send_icmp_v6(mp, ICMP6_PARAM_PROB,
4942 ICMP6_PARAMPROB_NEXTHEADER, ira);
4943 }
4944 }
4945
4946 /*
4947 * Deliver a rawip packet to the given conn, possibly applying ipsec policy.
4948 * Handles IPv4 and IPv6.
4949 * We are responsible for disposing of mp, such as by freemsg() or putnext()
4950 * Caller is responsible for dropping references to the conn.
4951 */
4952 void
ip_fanout_proto_conn(conn_t * connp,mblk_t * mp,ipha_t * ipha,ip6_t * ip6h,ip_recv_attr_t * ira)4953 ip_fanout_proto_conn(conn_t *connp, mblk_t *mp, ipha_t *ipha, ip6_t *ip6h,
4954 ip_recv_attr_t *ira)
4955 {
4956 ill_t *ill = ira->ira_ill;
4957 ip_stack_t *ipst = ill->ill_ipst;
4958 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec;
4959 boolean_t secure;
4960 uint_t protocol = ira->ira_protocol;
4961 iaflags_t iraflags = ira->ira_flags;
4962 queue_t *rq;
4963
4964 secure = iraflags & IRAF_IPSEC_SECURE;
4965
4966 rq = connp->conn_rq;
4967 if (IPCL_IS_NONSTR(connp) ? connp->conn_flow_cntrld : !canputnext(rq)) {
4968 switch (protocol) {
4969 case IPPROTO_ICMPV6:
4970 BUMP_MIB(ill->ill_icmp6_mib, ipv6IfIcmpInOverflows);
4971 break;
4972 case IPPROTO_ICMP:
4973 BUMP_MIB(&ipst->ips_icmp_mib, icmpInOverflows);
4974 break;
4975 default:
4976 BUMP_MIB(ill->ill_ip_mib, rawipIfStatsInOverflows);
4977 break;
4978 }
4979 freemsg(mp);
4980 return;
4981 }
4982
4983 ASSERT(!(IPCL_IS_IPTUN(connp)));
4984
4985 if (connp->conn_min_ttl != 0 && connp->conn_min_ttl > ira->ira_ttl) {
4986 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
4987 ip_drop_input("ipIfStatsInDiscards", mp, ill);
4988 freemsg(mp);
4989 return;
4990 }
4991
4992 if (((iraflags & IRAF_IS_IPV4) ?
4993 CONN_INBOUND_POLICY_PRESENT(connp, ipss) :
4994 CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss)) ||
4995 secure) {
4996 mp = ipsec_check_inbound_policy(mp, connp, ipha,
4997 ip6h, ira);
4998 if (mp == NULL) {
4999 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
5000 /* Note that mp is NULL */
5001 ip_drop_input("ipIfStatsInDiscards", mp, ill);
5002 return;
5003 }
5004 }
5005
5006 if (iraflags & IRAF_ICMP_ERROR) {
5007 (connp->conn_recvicmp)(connp, mp, NULL, ira);
5008 } else {
5009 ill_t *rill = ira->ira_rill;
5010
5011 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers);
5012 ira->ira_ill = ira->ira_rill = NULL;
5013 /* Send it upstream */
5014 (connp->conn_recv)(connp, mp, NULL, ira);
5015 ira->ira_ill = ill;
5016 ira->ira_rill = rill;
5017 }
5018 }
5019
5020 /*
5021 * Handle protocols with which IP is less intimate. There
5022 * can be more than one stream bound to a particular
5023 * protocol. When this is the case, normally each one gets a copy
5024 * of any incoming packets.
5025 *
5026 * IPsec NOTE :
5027 *
5028 * Don't allow a secure packet going up a non-secure connection.
5029 * We don't allow this because
5030 *
5031 * 1) Reply might go out in clear which will be dropped at
5032 * the sending side.
5033 * 2) If the reply goes out in clear it will give the
5034 * adversary enough information for getting the key in
5035 * most of the cases.
5036 *
5037 * Moreover getting a secure packet when we expect clear
5038 * implies that SA's were added without checking for
5039 * policy on both ends. This should not happen once ISAKMP
5040 * is used to negotiate SAs as SAs will be added only after
5041 * verifying the policy.
5042 *
5043 * Zones notes:
5044 * Earlier in ip_input on a system with multiple shared-IP zones we
5045 * duplicate the multicast and broadcast packets and send them up
5046 * with each explicit zoneid that exists on that ill.
5047 * This means that here we can match the zoneid with SO_ALLZONES being special.
5048 */
5049 void
ip_fanout_proto_v4(mblk_t * mp,ipha_t * ipha,ip_recv_attr_t * ira)5050 ip_fanout_proto_v4(mblk_t *mp, ipha_t *ipha, ip_recv_attr_t *ira)
5051 {
5052 mblk_t *mp1;
5053 ipaddr_t laddr;
5054 conn_t *connp, *first_connp, *next_connp;
5055 connf_t *connfp;
5056 ill_t *ill = ira->ira_ill;
5057 ip_stack_t *ipst = ill->ill_ipst;
5058
5059 laddr = ipha->ipha_dst;
5060
5061 connfp = &ipst->ips_ipcl_proto_fanout_v4[ira->ira_protocol];
5062 mutex_enter(&connfp->connf_lock);
5063 connp = connfp->connf_head;
5064 for (connp = connfp->connf_head; connp != NULL;
5065 connp = connp->conn_next) {
5066 /* Note: IPCL_PROTO_MATCH includes conn_wantpacket */
5067 if (IPCL_PROTO_MATCH(connp, ira, ipha) &&
5068 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) ||
5069 tsol_receive_local(mp, &laddr, IPV4_VERSION, ira, connp))) {
5070 break;
5071 }
5072 }
5073
5074 if (connp == NULL) {
5075 /*
5076 * No one bound to these addresses. Is
5077 * there a client that wants all
5078 * unclaimed datagrams?
5079 */
5080 mutex_exit(&connfp->connf_lock);
5081 ip_fanout_send_icmp_v4(mp, ICMP_DEST_UNREACHABLE,
5082 ICMP_PROTOCOL_UNREACHABLE, ira);
5083 return;
5084 }
5085
5086 ASSERT(IPCL_IS_NONSTR(connp) || connp->conn_rq != NULL);
5087
5088 CONN_INC_REF(connp);
5089 first_connp = connp;
5090 connp = connp->conn_next;
5091
5092 for (;;) {
5093 while (connp != NULL) {
5094 /* Note: IPCL_PROTO_MATCH includes conn_wantpacket */
5095 if (IPCL_PROTO_MATCH(connp, ira, ipha) &&
5096 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) ||
5097 tsol_receive_local(mp, &laddr, IPV4_VERSION,
5098 ira, connp)))
5099 break;
5100 connp = connp->conn_next;
5101 }
5102
5103 if (connp == NULL) {
5104 /* No more interested clients */
5105 connp = first_connp;
5106 break;
5107 }
5108 if (((mp1 = dupmsg(mp)) == NULL) &&
5109 ((mp1 = copymsg(mp)) == NULL)) {
5110 /* Memory allocation failed */
5111 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
5112 ip_drop_input("ipIfStatsInDiscards", mp, ill);
5113 connp = first_connp;
5114 break;
5115 }
5116
5117 CONN_INC_REF(connp);
5118 mutex_exit(&connfp->connf_lock);
5119
5120 ip_fanout_proto_conn(connp, mp1, (ipha_t *)mp1->b_rptr, NULL,
5121 ira);
5122
5123 mutex_enter(&connfp->connf_lock);
5124 /* Follow the next pointer before releasing the conn. */
5125 next_connp = connp->conn_next;
5126 CONN_DEC_REF(connp);
5127 connp = next_connp;
5128 }
5129
5130 /* Last one. Send it upstream. */
5131 mutex_exit(&connfp->connf_lock);
5132
5133 ip_fanout_proto_conn(connp, mp, ipha, NULL, ira);
5134
5135 CONN_DEC_REF(connp);
5136 }
5137
5138 /*
5139 * If we have a IPsec NAT-Traversal packet, strip the zero-SPI or
5140 * pass it along to ESP if the SPI is non-zero. Returns the mblk if the mblk
5141 * is not consumed.
5142 *
5143 * One of three things can happen, all of which affect the passed-in mblk:
5144 *
5145 * 1.) The packet is stock UDP and gets its zero-SPI stripped. Return mblk..
5146 *
5147 * 2.) The packet is ESP-in-UDP, gets transformed into an equivalent
5148 * ESP packet, and is passed along to ESP for consumption. Return NULL.
5149 *
5150 * 3.) The packet is an ESP-in-UDP Keepalive. Drop it and return NULL.
5151 */
5152 mblk_t *
zero_spi_check(mblk_t * mp,ip_recv_attr_t * ira)5153 zero_spi_check(mblk_t *mp, ip_recv_attr_t *ira)
5154 {
5155 int shift, plen, iph_len;
5156 ipha_t *ipha;
5157 udpha_t *udpha;
5158 uint32_t *spi;
5159 uint32_t esp_ports;
5160 uint8_t *orptr;
5161 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
5162 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec;
5163
5164 ipha = (ipha_t *)mp->b_rptr;
5165 iph_len = ira->ira_ip_hdr_length;
5166 plen = ira->ira_pktlen;
5167
5168 if (plen - iph_len - sizeof (udpha_t) < sizeof (uint32_t)) {
5169 /*
5170 * Most likely a keepalive for the benefit of an intervening
5171 * NAT. These aren't for us, per se, so drop it.
5172 *
5173 * RFC 3947/8 doesn't say for sure what to do for 2-3
5174 * byte packets (keepalives are 1-byte), but we'll drop them
5175 * also.
5176 */
5177 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
5178 DROPPER(ipss, ipds_esp_nat_t_ka), &ipss->ipsec_dropper);
5179 return (NULL);
5180 }
5181
5182 if (MBLKL(mp) < iph_len + sizeof (udpha_t) + sizeof (*spi)) {
5183 /* might as well pull it all up - it might be ESP. */
5184 if (!pullupmsg(mp, -1)) {
5185 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
5186 DROPPER(ipss, ipds_esp_nomem),
5187 &ipss->ipsec_dropper);
5188 return (NULL);
5189 }
5190
5191 ipha = (ipha_t *)mp->b_rptr;
5192 }
5193 spi = (uint32_t *)(mp->b_rptr + iph_len + sizeof (udpha_t));
5194 if (*spi == 0) {
5195 /* UDP packet - remove 0-spi. */
5196 shift = sizeof (uint32_t);
5197 } else {
5198 /* ESP-in-UDP packet - reduce to ESP. */
5199 ipha->ipha_protocol = IPPROTO_ESP;
5200 shift = sizeof (udpha_t);
5201 }
5202
5203 /* Fix IP header */
5204 ira->ira_pktlen = (plen - shift);
5205 ipha->ipha_length = htons(ira->ira_pktlen);
5206 ipha->ipha_hdr_checksum = 0;
5207
5208 orptr = mp->b_rptr;
5209 mp->b_rptr += shift;
5210
5211 udpha = (udpha_t *)(orptr + iph_len);
5212 if (*spi == 0) {
5213 ASSERT((uint8_t *)ipha == orptr);
5214 udpha->uha_length = htons(plen - shift - iph_len);
5215 iph_len += sizeof (udpha_t); /* For the call to ovbcopy(). */
5216 esp_ports = 0;
5217 } else {
5218 esp_ports = *((uint32_t *)udpha);
5219 ASSERT(esp_ports != 0);
5220 }
5221 ovbcopy(orptr, orptr + shift, iph_len);
5222 if (esp_ports != 0) /* Punt up for ESP processing. */ {
5223 ipha = (ipha_t *)(orptr + shift);
5224
5225 ira->ira_flags |= IRAF_ESP_UDP_PORTS;
5226 ira->ira_esp_udp_ports = esp_ports;
5227 ip_fanout_v4(mp, ipha, ira);
5228 return (NULL);
5229 }
5230 return (mp);
5231 }
5232
5233 /*
5234 * Deliver a udp packet to the given conn, possibly applying ipsec policy.
5235 * Handles IPv4 and IPv6.
5236 * We are responsible for disposing of mp, such as by freemsg() or putnext()
5237 * Caller is responsible for dropping references to the conn.
5238 */
5239 void
ip_fanout_udp_conn(conn_t * connp,mblk_t * mp,ipha_t * ipha,ip6_t * ip6h,ip_recv_attr_t * ira)5240 ip_fanout_udp_conn(conn_t *connp, mblk_t *mp, ipha_t *ipha, ip6_t *ip6h,
5241 ip_recv_attr_t *ira)
5242 {
5243 ill_t *ill = ira->ira_ill;
5244 ip_stack_t *ipst = ill->ill_ipst;
5245 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec;
5246 boolean_t secure;
5247 iaflags_t iraflags = ira->ira_flags;
5248
5249 secure = iraflags & IRAF_IPSEC_SECURE;
5250
5251 if (connp->conn_min_ttl != 0 && connp->conn_min_ttl > ira->ira_ttl) {
5252 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
5253 ip_drop_input("ipIfStatsInDiscards", mp, ill);
5254 freemsg(mp);
5255 return;
5256 }
5257
5258 if (IPCL_IS_NONSTR(connp) ? connp->conn_flow_cntrld :
5259 !canputnext(connp->conn_rq)) {
5260 BUMP_MIB(ill->ill_ip_mib, udpIfStatsInOverflows);
5261 freemsg(mp);
5262 return;
5263 }
5264
5265 if (((iraflags & IRAF_IS_IPV4) ?
5266 CONN_INBOUND_POLICY_PRESENT(connp, ipss) :
5267 CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss)) ||
5268 secure) {
5269 mp = ipsec_check_inbound_policy(mp, connp, ipha,
5270 ip6h, ira);
5271 if (mp == NULL) {
5272 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
5273 /* Note that mp is NULL */
5274 ip_drop_input("ipIfStatsInDiscards", mp, ill);
5275 return;
5276 }
5277 }
5278
5279 /*
5280 * Since this code is not used for UDP unicast we don't need a NAT_T
5281 * check. Only ip_fanout_v4 has that check.
5282 */
5283 if (ira->ira_flags & IRAF_ICMP_ERROR) {
5284 (connp->conn_recvicmp)(connp, mp, NULL, ira);
5285 } else {
5286 ill_t *rill = ira->ira_rill;
5287
5288 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers);
5289 ira->ira_ill = ira->ira_rill = NULL;
5290 /* Send it upstream */
5291 (connp->conn_recv)(connp, mp, NULL, ira);
5292 ira->ira_ill = ill;
5293 ira->ira_rill = rill;
5294 }
5295 }
5296
5297 /*
5298 * Fanout for UDP packets that are multicast or broadcast, and ICMP errors.
5299 * (Unicast fanout is handled in ip_input_v4.)
5300 *
5301 * If SO_REUSEADDR is set all multicast and broadcast packets
5302 * will be delivered to all conns bound to the same port.
5303 *
5304 * If there is at least one matching AF_INET receiver, then we will
5305 * ignore any AF_INET6 receivers.
5306 * In the special case where an AF_INET socket binds to 0.0.0.0/<port> and an
5307 * AF_INET6 socket binds to ::/<port>, only the AF_INET socket receives the IPv4
5308 * packets.
5309 *
5310 * Zones notes:
5311 * Earlier in ip_input on a system with multiple shared-IP zones we
5312 * duplicate the multicast and broadcast packets and send them up
5313 * with each explicit zoneid that exists on that ill.
5314 * This means that here we can match the zoneid with SO_ALLZONES being special.
5315 */
5316 void
ip_fanout_udp_multi_v4(mblk_t * mp,ipha_t * ipha,uint16_t lport,uint16_t fport,ip_recv_attr_t * ira)5317 ip_fanout_udp_multi_v4(mblk_t *mp, ipha_t *ipha, uint16_t lport, uint16_t fport,
5318 ip_recv_attr_t *ira)
5319 {
5320 ipaddr_t laddr;
5321 in6_addr_t v6faddr;
5322 conn_t *connp;
5323 connf_t *connfp;
5324 ipaddr_t faddr;
5325 ill_t *ill = ira->ira_ill;
5326 ip_stack_t *ipst = ill->ill_ipst;
5327
5328 ASSERT(ira->ira_flags & (IRAF_MULTIBROADCAST|IRAF_ICMP_ERROR));
5329
5330 laddr = ipha->ipha_dst;
5331 faddr = ipha->ipha_src;
5332
5333 connfp = &ipst->ips_ipcl_udp_fanout[IPCL_UDP_HASH(lport, ipst)];
5334 mutex_enter(&connfp->connf_lock);
5335 connp = connfp->connf_head;
5336
5337 /*
5338 * If SO_REUSEADDR has been set on the first we send the
5339 * packet to all clients that have joined the group and
5340 * match the port.
5341 */
5342 while (connp != NULL) {
5343 if ((IPCL_UDP_MATCH(connp, lport, laddr, fport, faddr)) &&
5344 conn_wantpacket(connp, ira, ipha) &&
5345 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) ||
5346 tsol_receive_local(mp, &laddr, IPV4_VERSION, ira, connp)))
5347 break;
5348 connp = connp->conn_next;
5349 }
5350
5351 if (connp == NULL)
5352 goto notfound;
5353
5354 CONN_INC_REF(connp);
5355
5356 if (connp->conn_reuseaddr) {
5357 conn_t *first_connp = connp;
5358 conn_t *next_connp;
5359 mblk_t *mp1;
5360
5361 connp = connp->conn_next;
5362 for (;;) {
5363 while (connp != NULL) {
5364 if (IPCL_UDP_MATCH(connp, lport, laddr,
5365 fport, faddr) &&
5366 conn_wantpacket(connp, ira, ipha) &&
5367 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) ||
5368 tsol_receive_local(mp, &laddr, IPV4_VERSION,
5369 ira, connp)))
5370 break;
5371 connp = connp->conn_next;
5372 }
5373 if (connp == NULL) {
5374 /* No more interested clients */
5375 connp = first_connp;
5376 break;
5377 }
5378 if (((mp1 = dupmsg(mp)) == NULL) &&
5379 ((mp1 = copymsg(mp)) == NULL)) {
5380 /* Memory allocation failed */
5381 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
5382 ip_drop_input("ipIfStatsInDiscards", mp, ill);
5383 connp = first_connp;
5384 break;
5385 }
5386 CONN_INC_REF(connp);
5387 mutex_exit(&connfp->connf_lock);
5388
5389 IP_STAT(ipst, ip_udp_fanmb);
5390 ip_fanout_udp_conn(connp, mp1, (ipha_t *)mp1->b_rptr,
5391 NULL, ira);
5392 mutex_enter(&connfp->connf_lock);
5393 /* Follow the next pointer before releasing the conn */
5394 next_connp = connp->conn_next;
5395 CONN_DEC_REF(connp);
5396 connp = next_connp;
5397 }
5398 }
5399
5400 /* Last one. Send it upstream. */
5401 mutex_exit(&connfp->connf_lock);
5402 IP_STAT(ipst, ip_udp_fanmb);
5403 ip_fanout_udp_conn(connp, mp, ipha, NULL, ira);
5404 CONN_DEC_REF(connp);
5405 return;
5406
5407 notfound:
5408 mutex_exit(&connfp->connf_lock);
5409 /*
5410 * IPv6 endpoints bound to multicast IPv4-mapped addresses
5411 * have already been matched above, since they live in the IPv4
5412 * fanout tables. This implies we only need to
5413 * check for IPv6 in6addr_any endpoints here.
5414 * Thus we compare using ipv6_all_zeros instead of the destination
5415 * address, except for the multicast group membership lookup which
5416 * uses the IPv4 destination.
5417 */
5418 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_src, &v6faddr);
5419 connfp = &ipst->ips_ipcl_udp_fanout[IPCL_UDP_HASH(lport, ipst)];
5420 mutex_enter(&connfp->connf_lock);
5421 connp = connfp->connf_head;
5422 /*
5423 * IPv4 multicast packet being delivered to an AF_INET6
5424 * in6addr_any endpoint.
5425 * Need to check conn_wantpacket(). Note that we use conn_wantpacket()
5426 * and not conn_wantpacket_v6() since any multicast membership is
5427 * for an IPv4-mapped multicast address.
5428 */
5429 while (connp != NULL) {
5430 if (IPCL_UDP_MATCH_V6(connp, lport, ipv6_all_zeros,
5431 fport, v6faddr) &&
5432 conn_wantpacket(connp, ira, ipha) &&
5433 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) ||
5434 tsol_receive_local(mp, &laddr, IPV4_VERSION, ira, connp)))
5435 break;
5436 connp = connp->conn_next;
5437 }
5438
5439 if (connp == NULL) {
5440 /*
5441 * No one bound to this port. Is
5442 * there a client that wants all
5443 * unclaimed datagrams?
5444 */
5445 mutex_exit(&connfp->connf_lock);
5446
5447 if (ipst->ips_ipcl_proto_fanout_v4[IPPROTO_UDP].connf_head !=
5448 NULL) {
5449 ASSERT(ira->ira_protocol == IPPROTO_UDP);
5450 ip_fanout_proto_v4(mp, ipha, ira);
5451 } else {
5452 /*
5453 * We used to attempt to send an icmp error here, but
5454 * since this is known to be a multicast packet
5455 * and we don't send icmp errors in response to
5456 * multicast, just drop the packet and give up sooner.
5457 */
5458 BUMP_MIB(ill->ill_ip_mib, udpIfStatsNoPorts);
5459 freemsg(mp);
5460 }
5461 return;
5462 }
5463 CONN_INC_REF(connp);
5464 ASSERT(IPCL_IS_NONSTR(connp) || connp->conn_rq != NULL);
5465
5466 /*
5467 * If SO_REUSEADDR has been set on the first we send the
5468 * packet to all clients that have joined the group and
5469 * match the port.
5470 */
5471 if (connp->conn_reuseaddr) {
5472 conn_t *first_connp = connp;
5473 conn_t *next_connp;
5474 mblk_t *mp1;
5475
5476 connp = connp->conn_next;
5477 for (;;) {
5478 while (connp != NULL) {
5479 if (IPCL_UDP_MATCH_V6(connp, lport,
5480 ipv6_all_zeros, fport, v6faddr) &&
5481 conn_wantpacket(connp, ira, ipha) &&
5482 (!(ira->ira_flags & IRAF_SYSTEM_LABELED) ||
5483 tsol_receive_local(mp, &laddr, IPV4_VERSION,
5484 ira, connp)))
5485 break;
5486 connp = connp->conn_next;
5487 }
5488 if (connp == NULL) {
5489 /* No more interested clients */
5490 connp = first_connp;
5491 break;
5492 }
5493 if (((mp1 = dupmsg(mp)) == NULL) &&
5494 ((mp1 = copymsg(mp)) == NULL)) {
5495 /* Memory allocation failed */
5496 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
5497 ip_drop_input("ipIfStatsInDiscards", mp, ill);
5498 connp = first_connp;
5499 break;
5500 }
5501 CONN_INC_REF(connp);
5502 mutex_exit(&connfp->connf_lock);
5503
5504 IP_STAT(ipst, ip_udp_fanmb);
5505 ip_fanout_udp_conn(connp, mp1, (ipha_t *)mp1->b_rptr,
5506 NULL, ira);
5507 mutex_enter(&connfp->connf_lock);
5508 /* Follow the next pointer before releasing the conn */
5509 next_connp = connp->conn_next;
5510 CONN_DEC_REF(connp);
5511 connp = next_connp;
5512 }
5513 }
5514
5515 /* Last one. Send it upstream. */
5516 mutex_exit(&connfp->connf_lock);
5517 IP_STAT(ipst, ip_udp_fanmb);
5518 ip_fanout_udp_conn(connp, mp, ipha, NULL, ira);
5519 CONN_DEC_REF(connp);
5520 }
5521
5522 /*
5523 * Split an incoming packet's IPv4 options into the label and the other options.
5524 * If 'allocate' is set it does memory allocation for the ip_pkt_t, including
5525 * clearing out any leftover label or options.
5526 * Otherwise it just makes ipp point into the packet.
5527 *
5528 * Returns zero if ok; ENOMEM if the buffer couldn't be allocated.
5529 */
5530 int
ip_find_hdr_v4(ipha_t * ipha,ip_pkt_t * ipp,boolean_t allocate)5531 ip_find_hdr_v4(ipha_t *ipha, ip_pkt_t *ipp, boolean_t allocate)
5532 {
5533 uchar_t *opt;
5534 uint32_t totallen;
5535 uint32_t optval;
5536 uint32_t optlen;
5537
5538 ipp->ipp_fields |= IPPF_HOPLIMIT | IPPF_TCLASS | IPPF_ADDR;
5539 ipp->ipp_hoplimit = ipha->ipha_ttl;
5540 ipp->ipp_type_of_service = ipha->ipha_type_of_service;
5541 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_dst, &ipp->ipp_addr);
5542
5543 /*
5544 * Get length (in 4 byte octets) of IP header options.
5545 */
5546 totallen = ipha->ipha_version_and_hdr_length -
5547 (uint8_t)((IP_VERSION << 4) + IP_SIMPLE_HDR_LENGTH_IN_WORDS);
5548
5549 if (totallen == 0) {
5550 if (!allocate)
5551 return (0);
5552
5553 /* Clear out anything from a previous packet */
5554 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) {
5555 kmem_free(ipp->ipp_ipv4_options,
5556 ipp->ipp_ipv4_options_len);
5557 ipp->ipp_ipv4_options = NULL;
5558 ipp->ipp_ipv4_options_len = 0;
5559 ipp->ipp_fields &= ~IPPF_IPV4_OPTIONS;
5560 }
5561 if (ipp->ipp_fields & IPPF_LABEL_V4) {
5562 kmem_free(ipp->ipp_label_v4, ipp->ipp_label_len_v4);
5563 ipp->ipp_label_v4 = NULL;
5564 ipp->ipp_label_len_v4 = 0;
5565 ipp->ipp_fields &= ~IPPF_LABEL_V4;
5566 }
5567 return (0);
5568 }
5569
5570 totallen <<= 2;
5571 opt = (uchar_t *)&ipha[1];
5572 if (!is_system_labeled()) {
5573
5574 copyall:
5575 if (!allocate) {
5576 if (totallen != 0) {
5577 ipp->ipp_ipv4_options = opt;
5578 ipp->ipp_ipv4_options_len = totallen;
5579 ipp->ipp_fields |= IPPF_IPV4_OPTIONS;
5580 }
5581 return (0);
5582 }
5583 /* Just copy all of options */
5584 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) {
5585 if (totallen == ipp->ipp_ipv4_options_len) {
5586 bcopy(opt, ipp->ipp_ipv4_options, totallen);
5587 return (0);
5588 }
5589 kmem_free(ipp->ipp_ipv4_options,
5590 ipp->ipp_ipv4_options_len);
5591 ipp->ipp_ipv4_options = NULL;
5592 ipp->ipp_ipv4_options_len = 0;
5593 ipp->ipp_fields &= ~IPPF_IPV4_OPTIONS;
5594 }
5595 if (totallen == 0)
5596 return (0);
5597
5598 ipp->ipp_ipv4_options = kmem_alloc(totallen, KM_NOSLEEP);
5599 if (ipp->ipp_ipv4_options == NULL)
5600 return (ENOMEM);
5601 ipp->ipp_ipv4_options_len = totallen;
5602 ipp->ipp_fields |= IPPF_IPV4_OPTIONS;
5603 bcopy(opt, ipp->ipp_ipv4_options, totallen);
5604 return (0);
5605 }
5606
5607 if (allocate && (ipp->ipp_fields & IPPF_LABEL_V4)) {
5608 kmem_free(ipp->ipp_label_v4, ipp->ipp_label_len_v4);
5609 ipp->ipp_label_v4 = NULL;
5610 ipp->ipp_label_len_v4 = 0;
5611 ipp->ipp_fields &= ~IPPF_LABEL_V4;
5612 }
5613
5614 /*
5615 * Search for CIPSO option.
5616 * We assume CIPSO is first in options if it is present.
5617 * If it isn't, then ipp_opt_ipv4_options will not include the options
5618 * prior to the CIPSO option.
5619 */
5620 while (totallen != 0) {
5621 switch (optval = opt[IPOPT_OPTVAL]) {
5622 case IPOPT_EOL:
5623 return (0);
5624 case IPOPT_NOP:
5625 optlen = 1;
5626 break;
5627 default:
5628 if (totallen <= IPOPT_OLEN)
5629 return (EINVAL);
5630 optlen = opt[IPOPT_OLEN];
5631 if (optlen < 2)
5632 return (EINVAL);
5633 }
5634 if (optlen > totallen)
5635 return (EINVAL);
5636
5637 switch (optval) {
5638 case IPOPT_COMSEC:
5639 if (!allocate) {
5640 ipp->ipp_label_v4 = opt;
5641 ipp->ipp_label_len_v4 = optlen;
5642 ipp->ipp_fields |= IPPF_LABEL_V4;
5643 } else {
5644 ipp->ipp_label_v4 = kmem_alloc(optlen,
5645 KM_NOSLEEP);
5646 if (ipp->ipp_label_v4 == NULL)
5647 return (ENOMEM);
5648 ipp->ipp_label_len_v4 = optlen;
5649 ipp->ipp_fields |= IPPF_LABEL_V4;
5650 bcopy(opt, ipp->ipp_label_v4, optlen);
5651 }
5652 totallen -= optlen;
5653 opt += optlen;
5654
5655 /* Skip padding bytes until we get to a multiple of 4 */
5656 while ((totallen & 3) != 0 && opt[0] == IPOPT_NOP) {
5657 totallen--;
5658 opt++;
5659 }
5660 /* Remaining as ipp_ipv4_options */
5661 goto copyall;
5662 }
5663 totallen -= optlen;
5664 opt += optlen;
5665 }
5666 /* No CIPSO found; return everything as ipp_ipv4_options */
5667 totallen = ipha->ipha_version_and_hdr_length -
5668 (uint8_t)((IP_VERSION << 4) + IP_SIMPLE_HDR_LENGTH_IN_WORDS);
5669 totallen <<= 2;
5670 opt = (uchar_t *)&ipha[1];
5671 goto copyall;
5672 }
5673
5674 /*
5675 * Efficient versions of lookup for an IRE when we only
5676 * match the address.
5677 * For RTF_REJECT or BLACKHOLE we return IRE_NOROUTE.
5678 * Does not handle multicast addresses.
5679 */
5680 uint_t
ip_type_v4(ipaddr_t addr,ip_stack_t * ipst)5681 ip_type_v4(ipaddr_t addr, ip_stack_t *ipst)
5682 {
5683 ire_t *ire;
5684 uint_t result;
5685
5686 ire = ire_ftable_lookup_simple_v4(addr, 0, ipst, NULL);
5687 ASSERT(ire != NULL);
5688 if (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE))
5689 result = IRE_NOROUTE;
5690 else
5691 result = ire->ire_type;
5692 ire_refrele(ire);
5693 return (result);
5694 }
5695
5696 /*
5697 * Efficient versions of lookup for an IRE when we only
5698 * match the address.
5699 * For RTF_REJECT or BLACKHOLE we return IRE_NOROUTE.
5700 * Does not handle multicast addresses.
5701 */
5702 uint_t
ip_type_v6(const in6_addr_t * addr,ip_stack_t * ipst)5703 ip_type_v6(const in6_addr_t *addr, ip_stack_t *ipst)
5704 {
5705 ire_t *ire;
5706 uint_t result;
5707
5708 ire = ire_ftable_lookup_simple_v6(addr, 0, ipst, NULL);
5709 ASSERT(ire != NULL);
5710 if (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE))
5711 result = IRE_NOROUTE;
5712 else
5713 result = ire->ire_type;
5714 ire_refrele(ire);
5715 return (result);
5716 }
5717
5718 /*
5719 * Nobody should be sending
5720 * packets up this stream
5721 */
5722 static int
ip_lrput(queue_t * q,mblk_t * mp)5723 ip_lrput(queue_t *q, mblk_t *mp)
5724 {
5725 switch (mp->b_datap->db_type) {
5726 case M_FLUSH:
5727 /* Turn around */
5728 if (*mp->b_rptr & FLUSHW) {
5729 *mp->b_rptr &= ~FLUSHR;
5730 qreply(q, mp);
5731 return (0);
5732 }
5733 break;
5734 }
5735 freemsg(mp);
5736 return (0);
5737 }
5738
5739 /* Nobody should be sending packets down this stream */
5740 /* ARGSUSED */
5741 int
ip_lwput(queue_t * q,mblk_t * mp)5742 ip_lwput(queue_t *q, mblk_t *mp)
5743 {
5744 freemsg(mp);
5745 return (0);
5746 }
5747
5748 /*
5749 * Move the first hop in any source route to ipha_dst and remove that part of
5750 * the source route. Called by other protocols. Errors in option formatting
5751 * are ignored - will be handled by ip_output_options. Return the final
5752 * destination (either ipha_dst or the last entry in a source route.)
5753 */
5754 ipaddr_t
ip_massage_options(ipha_t * ipha,netstack_t * ns)5755 ip_massage_options(ipha_t *ipha, netstack_t *ns)
5756 {
5757 ipoptp_t opts;
5758 uchar_t *opt;
5759 uint8_t optval;
5760 uint8_t optlen;
5761 ipaddr_t dst;
5762 int i;
5763 ip_stack_t *ipst = ns->netstack_ip;
5764
5765 ip2dbg(("ip_massage_options\n"));
5766 dst = ipha->ipha_dst;
5767 for (optval = ipoptp_first(&opts, ipha);
5768 optval != IPOPT_EOL;
5769 optval = ipoptp_next(&opts)) {
5770 opt = opts.ipoptp_cur;
5771 switch (optval) {
5772 uint8_t off;
5773 case IPOPT_SSRR:
5774 case IPOPT_LSRR:
5775 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
5776 ip1dbg(("ip_massage_options: bad src route\n"));
5777 break;
5778 }
5779 optlen = opts.ipoptp_len;
5780 off = opt[IPOPT_OFFSET];
5781 off--;
5782 redo_srr:
5783 if (optlen < IP_ADDR_LEN ||
5784 off > optlen - IP_ADDR_LEN) {
5785 /* End of source route */
5786 ip1dbg(("ip_massage_options: end of SR\n"));
5787 break;
5788 }
5789 bcopy((char *)opt + off, &dst, IP_ADDR_LEN);
5790 ip1dbg(("ip_massage_options: next hop 0x%x\n",
5791 ntohl(dst)));
5792 /*
5793 * Check if our address is present more than
5794 * once as consecutive hops in source route.
5795 * XXX verify per-interface ip_forwarding
5796 * for source route?
5797 */
5798 if (ip_type_v4(dst, ipst) == IRE_LOCAL) {
5799 off += IP_ADDR_LEN;
5800 goto redo_srr;
5801 }
5802 if (dst == htonl(INADDR_LOOPBACK)) {
5803 ip1dbg(("ip_massage_options: loopback addr in "
5804 "source route!\n"));
5805 break;
5806 }
5807 /*
5808 * Update ipha_dst to be the first hop and remove the
5809 * first hop from the source route (by overwriting
5810 * part of the option with NOP options).
5811 */
5812 ipha->ipha_dst = dst;
5813 /* Put the last entry in dst */
5814 off = ((optlen - IP_ADDR_LEN - 3) & ~(IP_ADDR_LEN-1)) +
5815 3;
5816 bcopy(&opt[off], &dst, IP_ADDR_LEN);
5817
5818 ip1dbg(("ip_massage_options: last hop 0x%x\n",
5819 ntohl(dst)));
5820 /* Move down and overwrite */
5821 opt[IP_ADDR_LEN] = opt[0];
5822 opt[IP_ADDR_LEN+1] = opt[IPOPT_OLEN] - IP_ADDR_LEN;
5823 opt[IP_ADDR_LEN+2] = opt[IPOPT_OFFSET];
5824 for (i = 0; i < IP_ADDR_LEN; i++)
5825 opt[i] = IPOPT_NOP;
5826 break;
5827 }
5828 }
5829 return (dst);
5830 }
5831
5832 /*
5833 * Return the network mask
5834 * associated with the specified address.
5835 */
5836 ipaddr_t
ip_net_mask(ipaddr_t addr)5837 ip_net_mask(ipaddr_t addr)
5838 {
5839 uchar_t *up = (uchar_t *)&addr;
5840 ipaddr_t mask = 0;
5841 uchar_t *maskp = (uchar_t *)&mask;
5842
5843 #if defined(__x86)
5844 #define TOTALLY_BRAIN_DAMAGED_C_COMPILER
5845 #endif
5846 #ifdef TOTALLY_BRAIN_DAMAGED_C_COMPILER
5847 maskp[0] = maskp[1] = maskp[2] = maskp[3] = 0;
5848 #endif
5849 if (CLASSD(addr)) {
5850 maskp[0] = 0xF0;
5851 return (mask);
5852 }
5853
5854 /* We assume Class E default netmask to be 32 */
5855 if (CLASSE(addr))
5856 return (0xffffffffU);
5857
5858 if (addr == 0)
5859 return (0);
5860 maskp[0] = 0xFF;
5861 if ((up[0] & 0x80) == 0)
5862 return (mask);
5863
5864 maskp[1] = 0xFF;
5865 if ((up[0] & 0xC0) == 0x80)
5866 return (mask);
5867
5868 maskp[2] = 0xFF;
5869 if ((up[0] & 0xE0) == 0xC0)
5870 return (mask);
5871
5872 /* Otherwise return no mask */
5873 return ((ipaddr_t)0);
5874 }
5875
5876 /* Name/Value Table Lookup Routine */
5877 char *
ip_nv_lookup(nv_t * nv,int value)5878 ip_nv_lookup(nv_t *nv, int value)
5879 {
5880 if (!nv)
5881 return (NULL);
5882 for (; nv->nv_name; nv++) {
5883 if (nv->nv_value == value)
5884 return (nv->nv_name);
5885 }
5886 return ("unknown");
5887 }
5888
5889 static int
ip_wait_for_info_ack(ill_t * ill)5890 ip_wait_for_info_ack(ill_t *ill)
5891 {
5892 int err;
5893
5894 mutex_enter(&ill->ill_lock);
5895 while (ill->ill_state_flags & ILL_LL_SUBNET_PENDING) {
5896 /*
5897 * Return value of 0 indicates a pending signal.
5898 */
5899 err = cv_wait_sig(&ill->ill_cv, &ill->ill_lock);
5900 if (err == 0) {
5901 mutex_exit(&ill->ill_lock);
5902 return (EINTR);
5903 }
5904 }
5905 mutex_exit(&ill->ill_lock);
5906 /*
5907 * ip_rput_other could have set an error in ill_error on
5908 * receipt of M_ERROR.
5909 */
5910 return (ill->ill_error);
5911 }
5912
5913 /*
5914 * This is a module open, i.e. this is a control stream for access
5915 * to a DLPI device. We allocate an ill_t as the instance data in
5916 * this case.
5917 */
5918 static int
ip_modopen(queue_t * q,dev_t * devp,int flag,int sflag,cred_t * credp)5919 ip_modopen(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
5920 {
5921 ill_t *ill;
5922 int err;
5923 zoneid_t zoneid;
5924 netstack_t *ns;
5925 ip_stack_t *ipst;
5926
5927 /*
5928 * Prevent unprivileged processes from pushing IP so that
5929 * they can't send raw IP.
5930 */
5931 if (secpolicy_net_rawaccess(credp) != 0)
5932 return (EPERM);
5933
5934 ns = netstack_find_by_cred(credp);
5935 ASSERT(ns != NULL);
5936 ipst = ns->netstack_ip;
5937 ASSERT(ipst != NULL);
5938
5939 /*
5940 * For exclusive stacks we set the zoneid to zero
5941 * to make IP operate as if in the global zone.
5942 */
5943 if (ipst->ips_netstack->netstack_stackid != GLOBAL_NETSTACKID)
5944 zoneid = GLOBAL_ZONEID;
5945 else
5946 zoneid = crgetzoneid(credp);
5947
5948 ill = (ill_t *)mi_open_alloc_sleep(sizeof (ill_t));
5949 q->q_ptr = WR(q)->q_ptr = ill;
5950 ill->ill_ipst = ipst;
5951 ill->ill_zoneid = zoneid;
5952
5953 /*
5954 * ill_init initializes the ill fields and then sends down
5955 * down a DL_INFO_REQ after calling qprocson.
5956 */
5957 err = ill_init(q, ill);
5958
5959 if (err != 0) {
5960 mi_free(ill);
5961 netstack_rele(ipst->ips_netstack);
5962 q->q_ptr = NULL;
5963 WR(q)->q_ptr = NULL;
5964 return (err);
5965 }
5966
5967 /*
5968 * Wait for the DL_INFO_ACK if a DL_INFO_REQ was sent.
5969 *
5970 * ill_init initializes the ipsq marking this thread as
5971 * writer
5972 */
5973 ipsq_exit(ill->ill_phyint->phyint_ipsq);
5974 err = ip_wait_for_info_ack(ill);
5975 if (err == 0)
5976 ill->ill_credp = credp;
5977 else
5978 goto fail;
5979
5980 crhold(credp);
5981
5982 mutex_enter(&ipst->ips_ip_mi_lock);
5983 err = mi_open_link(&ipst->ips_ip_g_head, (IDP)q->q_ptr, devp, flag,
5984 sflag, credp);
5985 mutex_exit(&ipst->ips_ip_mi_lock);
5986 fail:
5987 if (err) {
5988 (void) ip_close(q, 0, credp);
5989 return (err);
5990 }
5991 return (0);
5992 }
5993
5994 /* For /dev/ip aka AF_INET open */
5995 int
ip_openv4(queue_t * q,dev_t * devp,int flag,int sflag,cred_t * credp)5996 ip_openv4(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
5997 {
5998 return (ip_open(q, devp, flag, sflag, credp, B_FALSE));
5999 }
6000
6001 /* For /dev/ip6 aka AF_INET6 open */
6002 int
ip_openv6(queue_t * q,dev_t * devp,int flag,int sflag,cred_t * credp)6003 ip_openv6(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
6004 {
6005 return (ip_open(q, devp, flag, sflag, credp, B_TRUE));
6006 }
6007
6008 /* IP open routine. */
6009 int
ip_open(queue_t * q,dev_t * devp,int flag,int sflag,cred_t * credp,boolean_t isv6)6010 ip_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp,
6011 boolean_t isv6)
6012 {
6013 conn_t *connp;
6014 major_t maj;
6015 zoneid_t zoneid;
6016 netstack_t *ns;
6017 ip_stack_t *ipst;
6018
6019 /* Allow reopen. */
6020 if (q->q_ptr != NULL)
6021 return (0);
6022
6023 if (sflag & MODOPEN) {
6024 /* This is a module open */
6025 return (ip_modopen(q, devp, flag, sflag, credp));
6026 }
6027
6028 if ((flag & ~(FKLYR)) == IP_HELPER_STR) {
6029 /*
6030 * Non streams based socket looking for a stream
6031 * to access IP
6032 */
6033 return (ip_helper_stream_setup(q, devp, flag, sflag,
6034 credp, isv6));
6035 }
6036
6037 ns = netstack_find_by_cred(credp);
6038 ASSERT(ns != NULL);
6039 ipst = ns->netstack_ip;
6040 ASSERT(ipst != NULL);
6041
6042 /*
6043 * For exclusive stacks we set the zoneid to zero
6044 * to make IP operate as if in the global zone.
6045 */
6046 if (ipst->ips_netstack->netstack_stackid != GLOBAL_NETSTACKID)
6047 zoneid = GLOBAL_ZONEID;
6048 else
6049 zoneid = crgetzoneid(credp);
6050
6051 /*
6052 * We are opening as a device. This is an IP client stream, and we
6053 * allocate an conn_t as the instance data.
6054 */
6055 connp = ipcl_conn_create(IPCL_IPCCONN, KM_SLEEP, ipst->ips_netstack);
6056
6057 /*
6058 * ipcl_conn_create did a netstack_hold. Undo the hold that was
6059 * done by netstack_find_by_cred()
6060 */
6061 netstack_rele(ipst->ips_netstack);
6062
6063 connp->conn_ixa->ixa_flags |= IXAF_MULTICAST_LOOP | IXAF_SET_ULP_CKSUM;
6064 /* conn_allzones can not be set this early, hence no IPCL_ZONEID */
6065 connp->conn_ixa->ixa_zoneid = zoneid;
6066 connp->conn_zoneid = zoneid;
6067
6068 connp->conn_rq = q;
6069 q->q_ptr = WR(q)->q_ptr = connp;
6070
6071 /* Minor tells us which /dev entry was opened */
6072 if (isv6) {
6073 connp->conn_family = AF_INET6;
6074 connp->conn_ipversion = IPV6_VERSION;
6075 connp->conn_ixa->ixa_flags &= ~IXAF_IS_IPV4;
6076 connp->conn_ixa->ixa_src_preferences = IPV6_PREFER_SRC_DEFAULT;
6077 } else {
6078 connp->conn_family = AF_INET;
6079 connp->conn_ipversion = IPV4_VERSION;
6080 connp->conn_ixa->ixa_flags |= IXAF_IS_IPV4;
6081 }
6082
6083 if ((ip_minor_arena_la != NULL) && (flag & SO_SOCKSTR) &&
6084 ((connp->conn_dev = inet_minor_alloc(ip_minor_arena_la)) != 0)) {
6085 connp->conn_minor_arena = ip_minor_arena_la;
6086 } else {
6087 /*
6088 * Either minor numbers in the large arena were exhausted
6089 * or a non socket application is doing the open.
6090 * Try to allocate from the small arena.
6091 */
6092 if ((connp->conn_dev =
6093 inet_minor_alloc(ip_minor_arena_sa)) == 0) {
6094 /* CONN_DEC_REF takes care of netstack_rele() */
6095 q->q_ptr = WR(q)->q_ptr = NULL;
6096 CONN_DEC_REF(connp);
6097 return (EBUSY);
6098 }
6099 connp->conn_minor_arena = ip_minor_arena_sa;
6100 }
6101
6102 maj = getemajor(*devp);
6103 *devp = makedevice(maj, (minor_t)connp->conn_dev);
6104
6105 /*
6106 * connp->conn_cred is crfree()ed in ipcl_conn_destroy()
6107 */
6108 connp->conn_cred = credp;
6109 connp->conn_cpid = curproc->p_pid;
6110 /* Cache things in ixa without an extra refhold */
6111 ASSERT(!(connp->conn_ixa->ixa_free_flags & IXA_FREE_CRED));
6112 connp->conn_ixa->ixa_cred = connp->conn_cred;
6113 connp->conn_ixa->ixa_cpid = connp->conn_cpid;
6114 if (is_system_labeled())
6115 connp->conn_ixa->ixa_tsl = crgetlabel(connp->conn_cred);
6116
6117 /*
6118 * Handle IP_IOC_RTS_REQUEST and other ioctls which use conn_recv
6119 */
6120 connp->conn_recv = ip_conn_input;
6121 connp->conn_recvicmp = ip_conn_input_icmp;
6122
6123 crhold(connp->conn_cred);
6124
6125 /*
6126 * If the caller has the process-wide flag set, then default to MAC
6127 * exempt mode. This allows read-down to unlabeled hosts.
6128 */
6129 if (getpflags(NET_MAC_AWARE, credp) != 0)
6130 connp->conn_mac_mode = CONN_MAC_AWARE;
6131
6132 connp->conn_zone_is_global = (crgetzoneid(credp) == GLOBAL_ZONEID);
6133
6134 connp->conn_rq = q;
6135 connp->conn_wq = WR(q);
6136
6137 /* Non-zero default values */
6138 connp->conn_ixa->ixa_flags |= IXAF_MULTICAST_LOOP;
6139
6140 /*
6141 * Make the conn globally visible to walkers
6142 */
6143 ASSERT(connp->conn_ref == 1);
6144 mutex_enter(&connp->conn_lock);
6145 connp->conn_state_flags &= ~CONN_INCIPIENT;
6146 mutex_exit(&connp->conn_lock);
6147
6148 qprocson(q);
6149
6150 return (0);
6151 }
6152
6153 /*
6154 * Set IPsec policy from an ipsec_req_t. If the req is not "zero" and valid,
6155 * all of them are copied to the conn_t. If the req is "zero", the policy is
6156 * zeroed out. A "zero" policy has zero ipsr_{ah,req,self_encap}_req
6157 * fields.
6158 * We keep only the latest setting of the policy and thus policy setting
6159 * is not incremental/cumulative.
6160 *
6161 * Requests to set policies with multiple alternative actions will
6162 * go through a different API.
6163 */
6164 int
ipsec_set_req(cred_t * cr,conn_t * connp,ipsec_req_t * req)6165 ipsec_set_req(cred_t *cr, conn_t *connp, ipsec_req_t *req)
6166 {
6167 uint_t ah_req = 0;
6168 uint_t esp_req = 0;
6169 uint_t se_req = 0;
6170 ipsec_act_t *actp = NULL;
6171 uint_t nact;
6172 ipsec_policy_head_t *ph;
6173 boolean_t is_pol_reset, is_pol_inserted = B_FALSE;
6174 int error = 0;
6175 netstack_t *ns = connp->conn_netstack;
6176 ip_stack_t *ipst = ns->netstack_ip;
6177 ipsec_stack_t *ipss = ns->netstack_ipsec;
6178
6179 #define REQ_MASK (IPSEC_PREF_REQUIRED|IPSEC_PREF_NEVER)
6180
6181 /*
6182 * The IP_SEC_OPT option does not allow variable length parameters,
6183 * hence a request cannot be NULL.
6184 */
6185 if (req == NULL)
6186 return (EINVAL);
6187
6188 ah_req = req->ipsr_ah_req;
6189 esp_req = req->ipsr_esp_req;
6190 se_req = req->ipsr_self_encap_req;
6191
6192 /* Don't allow setting self-encap without one or more of AH/ESP. */
6193 if (se_req != 0 && esp_req == 0 && ah_req == 0)
6194 return (EINVAL);
6195
6196 /*
6197 * Are we dealing with a request to reset the policy (i.e.
6198 * zero requests).
6199 */
6200 is_pol_reset = ((ah_req & REQ_MASK) == 0 &&
6201 (esp_req & REQ_MASK) == 0 &&
6202 (se_req & REQ_MASK) == 0);
6203
6204 if (!is_pol_reset) {
6205 /*
6206 * If we couldn't load IPsec, fail with "protocol
6207 * not supported".
6208 * IPsec may not have been loaded for a request with zero
6209 * policies, so we don't fail in this case.
6210 */
6211 mutex_enter(&ipss->ipsec_loader_lock);
6212 if (ipss->ipsec_loader_state != IPSEC_LOADER_SUCCEEDED) {
6213 mutex_exit(&ipss->ipsec_loader_lock);
6214 return (EPROTONOSUPPORT);
6215 }
6216 mutex_exit(&ipss->ipsec_loader_lock);
6217
6218 /*
6219 * Test for valid requests. Invalid algorithms
6220 * need to be tested by IPsec code because new
6221 * algorithms can be added dynamically.
6222 */
6223 if ((ah_req & ~(REQ_MASK|IPSEC_PREF_UNIQUE)) != 0 ||
6224 (esp_req & ~(REQ_MASK|IPSEC_PREF_UNIQUE)) != 0 ||
6225 (se_req & ~(REQ_MASK|IPSEC_PREF_UNIQUE)) != 0) {
6226 return (EINVAL);
6227 }
6228
6229 /*
6230 * Only privileged users can issue these
6231 * requests.
6232 */
6233 if (((ah_req & IPSEC_PREF_NEVER) ||
6234 (esp_req & IPSEC_PREF_NEVER) ||
6235 (se_req & IPSEC_PREF_NEVER)) &&
6236 secpolicy_ip_config(cr, B_FALSE) != 0) {
6237 return (EPERM);
6238 }
6239
6240 /*
6241 * The IPSEC_PREF_REQUIRED and IPSEC_PREF_NEVER
6242 * are mutually exclusive.
6243 */
6244 if (((ah_req & REQ_MASK) == REQ_MASK) ||
6245 ((esp_req & REQ_MASK) == REQ_MASK) ||
6246 ((se_req & REQ_MASK) == REQ_MASK)) {
6247 /* Both of them are set */
6248 return (EINVAL);
6249 }
6250 }
6251
6252 ASSERT(MUTEX_HELD(&connp->conn_lock));
6253
6254 /*
6255 * If we have already cached policies in conn_connect(), don't
6256 * let them change now. We cache policies for connections
6257 * whose src,dst [addr, port] is known.
6258 */
6259 if (connp->conn_policy_cached) {
6260 return (EINVAL);
6261 }
6262
6263 /*
6264 * We have a zero policies, reset the connection policy if already
6265 * set. This will cause the connection to inherit the
6266 * global policy, if any.
6267 */
6268 if (is_pol_reset) {
6269 if (connp->conn_policy != NULL) {
6270 IPPH_REFRELE(connp->conn_policy, ipst->ips_netstack);
6271 connp->conn_policy = NULL;
6272 }
6273 connp->conn_in_enforce_policy = B_FALSE;
6274 connp->conn_out_enforce_policy = B_FALSE;
6275 return (0);
6276 }
6277
6278 ph = connp->conn_policy = ipsec_polhead_split(connp->conn_policy,
6279 ipst->ips_netstack);
6280 if (ph == NULL)
6281 goto enomem;
6282
6283 ipsec_actvec_from_req(req, &actp, &nact, ipst->ips_netstack);
6284 if (actp == NULL)
6285 goto enomem;
6286
6287 /*
6288 * Always insert IPv4 policy entries, since they can also apply to
6289 * ipv6 sockets being used in ipv4-compat mode.
6290 */
6291 if (!ipsec_polhead_insert(ph, actp, nact, IPSEC_AF_V4,
6292 IPSEC_TYPE_INBOUND, ns))
6293 goto enomem;
6294 is_pol_inserted = B_TRUE;
6295 if (!ipsec_polhead_insert(ph, actp, nact, IPSEC_AF_V4,
6296 IPSEC_TYPE_OUTBOUND, ns))
6297 goto enomem;
6298
6299 /*
6300 * We're looking at a v6 socket, also insert the v6-specific
6301 * entries.
6302 */
6303 if (connp->conn_family == AF_INET6) {
6304 if (!ipsec_polhead_insert(ph, actp, nact, IPSEC_AF_V6,
6305 IPSEC_TYPE_INBOUND, ns))
6306 goto enomem;
6307 if (!ipsec_polhead_insert(ph, actp, nact, IPSEC_AF_V6,
6308 IPSEC_TYPE_OUTBOUND, ns))
6309 goto enomem;
6310 }
6311
6312 ipsec_actvec_free(actp, nact);
6313
6314 /*
6315 * If the requests need security, set enforce_policy.
6316 * If the requests are IPSEC_PREF_NEVER, one should
6317 * still set conn_out_enforce_policy so that ip_set_destination
6318 * marks the ip_xmit_attr_t appropriatly. This is needed so that
6319 * for connections that we don't cache policy in at connect time,
6320 * if global policy matches in ip_output_attach_policy, we
6321 * don't wrongly inherit global policy. Similarly, we need
6322 * to set conn_in_enforce_policy also so that we don't verify
6323 * policy wrongly.
6324 */
6325 if ((ah_req & REQ_MASK) != 0 ||
6326 (esp_req & REQ_MASK) != 0 ||
6327 (se_req & REQ_MASK) != 0) {
6328 connp->conn_in_enforce_policy = B_TRUE;
6329 connp->conn_out_enforce_policy = B_TRUE;
6330 }
6331
6332 return (error);
6333 #undef REQ_MASK
6334
6335 /*
6336 * Common memory-allocation-failure exit path.
6337 */
6338 enomem:
6339 if (actp != NULL)
6340 ipsec_actvec_free(actp, nact);
6341 if (is_pol_inserted)
6342 ipsec_polhead_flush(ph, ns);
6343 return (ENOMEM);
6344 }
6345
6346 /*
6347 * Set socket options for joining and leaving multicast groups.
6348 * Common to IPv4 and IPv6; inet6 indicates the type of socket.
6349 * The caller has already check that the option name is consistent with
6350 * the address family of the socket.
6351 */
6352 int
ip_opt_set_multicast_group(conn_t * connp,t_scalar_t name,uchar_t * invalp,boolean_t inet6,boolean_t checkonly)6353 ip_opt_set_multicast_group(conn_t *connp, t_scalar_t name,
6354 uchar_t *invalp, boolean_t inet6, boolean_t checkonly)
6355 {
6356 int *i1 = (int *)invalp;
6357 int error = 0;
6358 ip_stack_t *ipst = connp->conn_netstack->netstack_ip;
6359 struct ip_mreq *v4_mreqp;
6360 struct ipv6_mreq *v6_mreqp;
6361 struct group_req *greqp;
6362 ire_t *ire;
6363 boolean_t done = B_FALSE;
6364 ipaddr_t ifaddr;
6365 in6_addr_t v6group;
6366 uint_t ifindex;
6367 boolean_t mcast_opt = B_TRUE;
6368 mcast_record_t fmode;
6369 int (*optfn)(conn_t *, boolean_t, const in6_addr_t *,
6370 ipaddr_t, uint_t, mcast_record_t, const in6_addr_t *);
6371
6372 switch (name) {
6373 case IP_ADD_MEMBERSHIP:
6374 case IPV6_JOIN_GROUP:
6375 mcast_opt = B_FALSE;
6376 /* FALLTHROUGH */
6377 case MCAST_JOIN_GROUP:
6378 fmode = MODE_IS_EXCLUDE;
6379 optfn = ip_opt_add_group;
6380 break;
6381
6382 case IP_DROP_MEMBERSHIP:
6383 case IPV6_LEAVE_GROUP:
6384 mcast_opt = B_FALSE;
6385 /* FALLTHROUGH */
6386 case MCAST_LEAVE_GROUP:
6387 fmode = MODE_IS_INCLUDE;
6388 optfn = ip_opt_delete_group;
6389 break;
6390 default:
6391 /* Should not be reached. */
6392 fmode = MODE_IS_INCLUDE;
6393 optfn = NULL;
6394 ASSERT(0);
6395 }
6396
6397 if (mcast_opt) {
6398 struct sockaddr_in *sin;
6399 struct sockaddr_in6 *sin6;
6400
6401 greqp = (struct group_req *)i1;
6402 if (greqp->gr_group.ss_family == AF_INET) {
6403 sin = (struct sockaddr_in *)&(greqp->gr_group);
6404 IN6_INADDR_TO_V4MAPPED(&sin->sin_addr, &v6group);
6405 } else {
6406 if (!inet6)
6407 return (EINVAL); /* Not on INET socket */
6408
6409 sin6 = (struct sockaddr_in6 *)&(greqp->gr_group);
6410 v6group = sin6->sin6_addr;
6411 }
6412 ifaddr = INADDR_ANY;
6413 ifindex = greqp->gr_interface;
6414 } else if (inet6) {
6415 v6_mreqp = (struct ipv6_mreq *)i1;
6416 v6group = v6_mreqp->ipv6mr_multiaddr;
6417 ifaddr = INADDR_ANY;
6418 ifindex = v6_mreqp->ipv6mr_interface;
6419 } else {
6420 v4_mreqp = (struct ip_mreq *)i1;
6421 IN6_INADDR_TO_V4MAPPED(&v4_mreqp->imr_multiaddr, &v6group);
6422 ifaddr = (ipaddr_t)v4_mreqp->imr_interface.s_addr;
6423 ifindex = 0;
6424 }
6425
6426 /*
6427 * In the multirouting case, we need to replicate
6428 * the request on all interfaces that will take part
6429 * in replication. We do so because multirouting is
6430 * reflective, thus we will probably receive multi-
6431 * casts on those interfaces.
6432 * The ip_multirt_apply_membership() succeeds if
6433 * the operation succeeds on at least one interface.
6434 */
6435 if (IN6_IS_ADDR_V4MAPPED(&v6group)) {
6436 ipaddr_t group;
6437
6438 IN6_V4MAPPED_TO_IPADDR(&v6group, group);
6439
6440 ire = ire_ftable_lookup_v4(group, IP_HOST_MASK, 0,
6441 IRE_HOST | IRE_INTERFACE, NULL, ALL_ZONES, NULL,
6442 MATCH_IRE_MASK | MATCH_IRE_TYPE, 0, ipst, NULL);
6443 } else {
6444 ire = ire_ftable_lookup_v6(&v6group, &ipv6_all_ones, 0,
6445 IRE_HOST | IRE_INTERFACE, NULL, ALL_ZONES, NULL,
6446 MATCH_IRE_MASK | MATCH_IRE_TYPE, 0, ipst, NULL);
6447 }
6448 if (ire != NULL) {
6449 if (ire->ire_flags & RTF_MULTIRT) {
6450 error = ip_multirt_apply_membership(optfn, ire, connp,
6451 checkonly, &v6group, fmode, &ipv6_all_zeros);
6452 done = B_TRUE;
6453 }
6454 ire_refrele(ire);
6455 }
6456
6457 if (!done) {
6458 error = optfn(connp, checkonly, &v6group, ifaddr, ifindex,
6459 fmode, &ipv6_all_zeros);
6460 }
6461 return (error);
6462 }
6463
6464 /*
6465 * Set socket options for joining and leaving multicast groups
6466 * for specific sources.
6467 * Common to IPv4 and IPv6; inet6 indicates the type of socket.
6468 * The caller has already check that the option name is consistent with
6469 * the address family of the socket.
6470 */
6471 int
ip_opt_set_multicast_sources(conn_t * connp,t_scalar_t name,uchar_t * invalp,boolean_t inet6,boolean_t checkonly)6472 ip_opt_set_multicast_sources(conn_t *connp, t_scalar_t name,
6473 uchar_t *invalp, boolean_t inet6, boolean_t checkonly)
6474 {
6475 int *i1 = (int *)invalp;
6476 int error = 0;
6477 ip_stack_t *ipst = connp->conn_netstack->netstack_ip;
6478 struct ip_mreq_source *imreqp;
6479 struct group_source_req *gsreqp;
6480 in6_addr_t v6group, v6src;
6481 uint32_t ifindex;
6482 ipaddr_t ifaddr;
6483 boolean_t mcast_opt = B_TRUE;
6484 mcast_record_t fmode;
6485 ire_t *ire;
6486 boolean_t done = B_FALSE;
6487 int (*optfn)(conn_t *, boolean_t, const in6_addr_t *,
6488 ipaddr_t, uint_t, mcast_record_t, const in6_addr_t *);
6489
6490 switch (name) {
6491 case IP_BLOCK_SOURCE:
6492 mcast_opt = B_FALSE;
6493 /* FALLTHROUGH */
6494 case MCAST_BLOCK_SOURCE:
6495 fmode = MODE_IS_EXCLUDE;
6496 optfn = ip_opt_add_group;
6497 break;
6498
6499 case IP_UNBLOCK_SOURCE:
6500 mcast_opt = B_FALSE;
6501 /* FALLTHROUGH */
6502 case MCAST_UNBLOCK_SOURCE:
6503 fmode = MODE_IS_EXCLUDE;
6504 optfn = ip_opt_delete_group;
6505 break;
6506
6507 case IP_ADD_SOURCE_MEMBERSHIP:
6508 mcast_opt = B_FALSE;
6509 /* FALLTHROUGH */
6510 case MCAST_JOIN_SOURCE_GROUP:
6511 fmode = MODE_IS_INCLUDE;
6512 optfn = ip_opt_add_group;
6513 break;
6514
6515 case IP_DROP_SOURCE_MEMBERSHIP:
6516 mcast_opt = B_FALSE;
6517 /* FALLTHROUGH */
6518 case MCAST_LEAVE_SOURCE_GROUP:
6519 fmode = MODE_IS_INCLUDE;
6520 optfn = ip_opt_delete_group;
6521 break;
6522 default:
6523 /* Should not be reached. */
6524 optfn = NULL;
6525 fmode = 0;
6526 ASSERT(0);
6527 }
6528
6529 if (mcast_opt) {
6530 gsreqp = (struct group_source_req *)i1;
6531 ifindex = gsreqp->gsr_interface;
6532 if (gsreqp->gsr_group.ss_family == AF_INET) {
6533 struct sockaddr_in *s;
6534 s = (struct sockaddr_in *)&gsreqp->gsr_group;
6535 IN6_INADDR_TO_V4MAPPED(&s->sin_addr, &v6group);
6536 s = (struct sockaddr_in *)&gsreqp->gsr_source;
6537 IN6_INADDR_TO_V4MAPPED(&s->sin_addr, &v6src);
6538 } else {
6539 struct sockaddr_in6 *s6;
6540
6541 if (!inet6)
6542 return (EINVAL); /* Not on INET socket */
6543
6544 s6 = (struct sockaddr_in6 *)&gsreqp->gsr_group;
6545 v6group = s6->sin6_addr;
6546 s6 = (struct sockaddr_in6 *)&gsreqp->gsr_source;
6547 v6src = s6->sin6_addr;
6548 }
6549 ifaddr = INADDR_ANY;
6550 } else {
6551 imreqp = (struct ip_mreq_source *)i1;
6552 IN6_INADDR_TO_V4MAPPED(&imreqp->imr_multiaddr, &v6group);
6553 IN6_INADDR_TO_V4MAPPED(&imreqp->imr_sourceaddr, &v6src);
6554 ifaddr = (ipaddr_t)imreqp->imr_interface.s_addr;
6555 ifindex = 0;
6556 }
6557
6558 /*
6559 * Handle src being mapped INADDR_ANY by changing it to unspecified.
6560 */
6561 if (IN6_IS_ADDR_V4MAPPED_ANY(&v6src))
6562 v6src = ipv6_all_zeros;
6563
6564 /*
6565 * In the multirouting case, we need to replicate
6566 * the request as noted in the mcast cases above.
6567 */
6568 if (IN6_IS_ADDR_V4MAPPED(&v6group)) {
6569 ipaddr_t group;
6570
6571 IN6_V4MAPPED_TO_IPADDR(&v6group, group);
6572
6573 ire = ire_ftable_lookup_v4(group, IP_HOST_MASK, 0,
6574 IRE_HOST | IRE_INTERFACE, NULL, ALL_ZONES, NULL,
6575 MATCH_IRE_MASK | MATCH_IRE_TYPE, 0, ipst, NULL);
6576 } else {
6577 ire = ire_ftable_lookup_v6(&v6group, &ipv6_all_ones, 0,
6578 IRE_HOST | IRE_INTERFACE, NULL, ALL_ZONES, NULL,
6579 MATCH_IRE_MASK | MATCH_IRE_TYPE, 0, ipst, NULL);
6580 }
6581 if (ire != NULL) {
6582 if (ire->ire_flags & RTF_MULTIRT) {
6583 error = ip_multirt_apply_membership(optfn, ire, connp,
6584 checkonly, &v6group, fmode, &v6src);
6585 done = B_TRUE;
6586 }
6587 ire_refrele(ire);
6588 }
6589 if (!done) {
6590 error = optfn(connp, checkonly, &v6group, ifaddr, ifindex,
6591 fmode, &v6src);
6592 }
6593 return (error);
6594 }
6595
6596 /*
6597 * Given a destination address and a pointer to where to put the information
6598 * this routine fills in the mtuinfo.
6599 * The socket must be connected.
6600 * For sctp conn_faddr is the primary address.
6601 */
6602 int
ip_fill_mtuinfo(conn_t * connp,ip_xmit_attr_t * ixa,struct ip6_mtuinfo * mtuinfo)6603 ip_fill_mtuinfo(conn_t *connp, ip_xmit_attr_t *ixa, struct ip6_mtuinfo *mtuinfo)
6604 {
6605 uint32_t pmtu = IP_MAXPACKET;
6606 uint_t scopeid;
6607
6608 if (IN6_IS_ADDR_UNSPECIFIED(&connp->conn_faddr_v6))
6609 return (-1);
6610
6611 /* In case we never sent or called ip_set_destination_v4/v6 */
6612 if (ixa->ixa_ire != NULL)
6613 pmtu = ip_get_pmtu(ixa);
6614
6615 if (ixa->ixa_flags & IXAF_SCOPEID_SET)
6616 scopeid = ixa->ixa_scopeid;
6617 else
6618 scopeid = 0;
6619
6620 bzero(mtuinfo, sizeof (*mtuinfo));
6621 mtuinfo->ip6m_addr.sin6_family = AF_INET6;
6622 mtuinfo->ip6m_addr.sin6_port = connp->conn_fport;
6623 mtuinfo->ip6m_addr.sin6_addr = connp->conn_faddr_v6;
6624 mtuinfo->ip6m_addr.sin6_scope_id = scopeid;
6625 mtuinfo->ip6m_mtu = pmtu;
6626
6627 return (sizeof (struct ip6_mtuinfo));
6628 }
6629
6630 /*
6631 * When the src multihoming is changed from weak to [strong, preferred]
6632 * ip_ire_rebind_walker is called to walk the list of all ire_t entries
6633 * and identify routes that were created by user-applications in the
6634 * unbound state (i.e., without RTA_IFP), and for which an ire_ill is not
6635 * currently defined. These routes are then 'rebound', i.e., their ire_ill
6636 * is selected by finding an interface route for the gateway.
6637 */
6638 /* ARGSUSED */
6639 void
ip_ire_rebind_walker(ire_t * ire,void * notused)6640 ip_ire_rebind_walker(ire_t *ire, void *notused)
6641 {
6642 if (!ire->ire_unbound || ire->ire_ill != NULL)
6643 return;
6644 ire_rebind(ire);
6645 ire_delete(ire);
6646 }
6647
6648 /*
6649 * When the src multihoming is changed from [strong, preferred] to weak,
6650 * ip_ire_unbind_walker is called to walk the list of all ire_t entries, and
6651 * set any entries that were created by user-applications in the unbound state
6652 * (i.e., without RTA_IFP) back to having a NULL ire_ill.
6653 */
6654 /* ARGSUSED */
6655 void
ip_ire_unbind_walker(ire_t * ire,void * notused)6656 ip_ire_unbind_walker(ire_t *ire, void *notused)
6657 {
6658 ire_t *new_ire;
6659
6660 if (!ire->ire_unbound || ire->ire_ill == NULL)
6661 return;
6662 if (ire->ire_ipversion == IPV6_VERSION) {
6663 new_ire = ire_create_v6(&ire->ire_addr_v6, &ire->ire_mask_v6,
6664 &ire->ire_gateway_addr_v6, ire->ire_type, NULL,
6665 ire->ire_zoneid, ire->ire_flags, NULL, ire->ire_ipst);
6666 } else {
6667 new_ire = ire_create((uchar_t *)&ire->ire_addr,
6668 (uchar_t *)&ire->ire_mask,
6669 (uchar_t *)&ire->ire_gateway_addr, ire->ire_type, NULL,
6670 ire->ire_zoneid, ire->ire_flags, NULL, ire->ire_ipst);
6671 }
6672 if (new_ire == NULL)
6673 return;
6674 new_ire->ire_unbound = B_TRUE;
6675 /*
6676 * The bound ire must first be deleted so that we don't return
6677 * the existing one on the attempt to add the unbound new_ire.
6678 */
6679 ire_delete(ire);
6680 new_ire = ire_add(new_ire);
6681 if (new_ire != NULL)
6682 ire_refrele(new_ire);
6683 }
6684
6685 /*
6686 * When the settings of ip*_strict_src_multihoming tunables are changed,
6687 * all cached routes need to be recomputed. This recomputation needs to be
6688 * done when going from weaker to stronger modes so that the cached ire
6689 * for the connection does not violate the current ip*_strict_src_multihoming
6690 * setting. It also needs to be done when going from stronger to weaker modes,
6691 * so that we fall back to matching on the longest-matching-route (as opposed
6692 * to a shorter match that may have been selected in the strong mode
6693 * to satisfy src_multihoming settings).
6694 *
6695 * The cached ixa_ire entires for all conn_t entries are marked as
6696 * "verify" so that they will be recomputed for the next packet.
6697 */
6698 void
conn_ire_revalidate(conn_t * connp,void * arg)6699 conn_ire_revalidate(conn_t *connp, void *arg)
6700 {
6701 boolean_t isv6 = (boolean_t)arg;
6702
6703 if ((isv6 && connp->conn_ipversion != IPV6_VERSION) ||
6704 (!isv6 && connp->conn_ipversion != IPV4_VERSION))
6705 return;
6706 connp->conn_ixa->ixa_ire_generation = IRE_GENERATION_VERIFY;
6707 }
6708
6709 /*
6710 * Handles both IPv4 and IPv6 reassembly - doing the out-of-order cases,
6711 * When an ipf is passed here for the first time, if
6712 * we already have in-order fragments on the queue, we convert from the fast-
6713 * path reassembly scheme to the hard-case scheme. From then on, additional
6714 * fragments are reassembled here. We keep track of the start and end offsets
6715 * of each piece, and the number of holes in the chain. When the hole count
6716 * goes to zero, we are done!
6717 *
6718 * The ipf_count will be updated to account for any mblk(s) added (pointed to
6719 * by mp) or subtracted (freeb()ed dups), upon return the caller must update
6720 * ipfb_count and ill_frag_count by the difference of ipf_count before and
6721 * after the call to ip_reassemble().
6722 */
6723 int
ip_reassemble(mblk_t * mp,ipf_t * ipf,uint_t start,boolean_t more,ill_t * ill,size_t msg_len)6724 ip_reassemble(mblk_t *mp, ipf_t *ipf, uint_t start, boolean_t more, ill_t *ill,
6725 size_t msg_len)
6726 {
6727 uint_t end;
6728 mblk_t *next_mp;
6729 mblk_t *mp1;
6730 uint_t offset;
6731 boolean_t incr_dups = B_TRUE;
6732 boolean_t offset_zero_seen = B_FALSE;
6733 boolean_t pkt_boundary_checked = B_FALSE;
6734
6735 /* If start == 0 then ipf_nf_hdr_len has to be set. */
6736 ASSERT(start != 0 || ipf->ipf_nf_hdr_len != 0);
6737
6738 /* Add in byte count */
6739 ipf->ipf_count += msg_len;
6740 if (ipf->ipf_end) {
6741 /*
6742 * We were part way through in-order reassembly, but now there
6743 * is a hole. We walk through messages already queued, and
6744 * mark them for hard case reassembly. We know that up till
6745 * now they were in order starting from offset zero.
6746 */
6747 offset = 0;
6748 for (mp1 = ipf->ipf_mp->b_cont; mp1; mp1 = mp1->b_cont) {
6749 IP_REASS_SET_START(mp1, offset);
6750 if (offset == 0) {
6751 ASSERT(ipf->ipf_nf_hdr_len != 0);
6752 offset = -ipf->ipf_nf_hdr_len;
6753 }
6754 offset += mp1->b_wptr - mp1->b_rptr;
6755 IP_REASS_SET_END(mp1, offset);
6756 }
6757 /* One hole at the end. */
6758 ipf->ipf_hole_cnt = 1;
6759 /* Brand it as a hard case, forever. */
6760 ipf->ipf_end = 0;
6761 }
6762 /* Walk through all the new pieces. */
6763 do {
6764 end = start + (mp->b_wptr - mp->b_rptr);
6765 /*
6766 * If start is 0, decrease 'end' only for the first mblk of
6767 * the fragment. Otherwise 'end' can get wrong value in the
6768 * second pass of the loop if first mblk is exactly the
6769 * size of ipf_nf_hdr_len.
6770 */
6771 if (start == 0 && !offset_zero_seen) {
6772 /* First segment */
6773 ASSERT(ipf->ipf_nf_hdr_len != 0);
6774 end -= ipf->ipf_nf_hdr_len;
6775 offset_zero_seen = B_TRUE;
6776 }
6777 next_mp = mp->b_cont;
6778 /*
6779 * We are checking to see if there is any interesing data
6780 * to process. If there isn't and the mblk isn't the
6781 * one which carries the unfragmentable header then we
6782 * drop it. It's possible to have just the unfragmentable
6783 * header come through without any data. That needs to be
6784 * saved.
6785 *
6786 * If the assert at the top of this function holds then the
6787 * term "ipf->ipf_nf_hdr_len != 0" isn't needed. This code
6788 * is infrequently traveled enough that the test is left in
6789 * to protect against future code changes which break that
6790 * invariant.
6791 */
6792 if (start == end && start != 0 && ipf->ipf_nf_hdr_len != 0) {
6793 /* Empty. Blast it. */
6794 IP_REASS_SET_START(mp, 0);
6795 IP_REASS_SET_END(mp, 0);
6796 /*
6797 * If the ipf points to the mblk we are about to free,
6798 * update ipf to point to the next mblk (or NULL
6799 * if none).
6800 */
6801 if (ipf->ipf_mp->b_cont == mp)
6802 ipf->ipf_mp->b_cont = next_mp;
6803 freeb(mp);
6804 continue;
6805 }
6806 mp->b_cont = NULL;
6807 IP_REASS_SET_START(mp, start);
6808 IP_REASS_SET_END(mp, end);
6809 if (!ipf->ipf_tail_mp) {
6810 ipf->ipf_tail_mp = mp;
6811 ipf->ipf_mp->b_cont = mp;
6812 if (start == 0 || !more) {
6813 ipf->ipf_hole_cnt = 1;
6814 /*
6815 * if the first fragment comes in more than one
6816 * mblk, this loop will be executed for each
6817 * mblk. Need to adjust hole count so exiting
6818 * this routine will leave hole count at 1.
6819 */
6820 if (next_mp)
6821 ipf->ipf_hole_cnt++;
6822 } else
6823 ipf->ipf_hole_cnt = 2;
6824 continue;
6825 } else if (ipf->ipf_last_frag_seen && !more &&
6826 !pkt_boundary_checked) {
6827 /*
6828 * We check datagram boundary only if this fragment
6829 * claims to be the last fragment and we have seen a
6830 * last fragment in the past too. We do this only
6831 * once for a given fragment.
6832 *
6833 * start cannot be 0 here as fragments with start=0
6834 * and MF=0 gets handled as a complete packet. These
6835 * fragments should not reach here.
6836 */
6837
6838 if (start + msgdsize(mp) !=
6839 IP_REASS_END(ipf->ipf_tail_mp)) {
6840 /*
6841 * We have two fragments both of which claim
6842 * to be the last fragment but gives conflicting
6843 * information about the whole datagram size.
6844 * Something fishy is going on. Drop the
6845 * fragment and free up the reassembly list.
6846 */
6847 return (IP_REASS_FAILED);
6848 }
6849
6850 /*
6851 * We shouldn't come to this code block again for this
6852 * particular fragment.
6853 */
6854 pkt_boundary_checked = B_TRUE;
6855 }
6856
6857 /* New stuff at or beyond tail? */
6858 offset = IP_REASS_END(ipf->ipf_tail_mp);
6859 if (start >= offset) {
6860 if (ipf->ipf_last_frag_seen) {
6861 /* current fragment is beyond last fragment */
6862 return (IP_REASS_FAILED);
6863 }
6864 /* Link it on end. */
6865 ipf->ipf_tail_mp->b_cont = mp;
6866 ipf->ipf_tail_mp = mp;
6867 if (more) {
6868 if (start != offset)
6869 ipf->ipf_hole_cnt++;
6870 } else if (start == offset && next_mp == NULL)
6871 ipf->ipf_hole_cnt--;
6872 continue;
6873 }
6874 mp1 = ipf->ipf_mp->b_cont;
6875 offset = IP_REASS_START(mp1);
6876 /* New stuff at the front? */
6877 if (start < offset) {
6878 if (start == 0) {
6879 if (end >= offset) {
6880 /* Nailed the hole at the begining. */
6881 ipf->ipf_hole_cnt--;
6882 }
6883 } else if (end < offset) {
6884 /*
6885 * A hole, stuff, and a hole where there used
6886 * to be just a hole.
6887 */
6888 ipf->ipf_hole_cnt++;
6889 }
6890 mp->b_cont = mp1;
6891 /* Check for overlap. */
6892 while (end > offset) {
6893 if (end < IP_REASS_END(mp1)) {
6894 mp->b_wptr -= end - offset;
6895 IP_REASS_SET_END(mp, offset);
6896 BUMP_MIB(ill->ill_ip_mib,
6897 ipIfStatsReasmPartDups);
6898 break;
6899 }
6900 /* Did we cover another hole? */
6901 if ((mp1->b_cont &&
6902 IP_REASS_END(mp1) !=
6903 IP_REASS_START(mp1->b_cont) &&
6904 end >= IP_REASS_START(mp1->b_cont)) ||
6905 (!ipf->ipf_last_frag_seen && !more)) {
6906 ipf->ipf_hole_cnt--;
6907 }
6908 /* Clip out mp1. */
6909 if ((mp->b_cont = mp1->b_cont) == NULL) {
6910 /*
6911 * After clipping out mp1, this guy
6912 * is now hanging off the end.
6913 */
6914 ipf->ipf_tail_mp = mp;
6915 }
6916 IP_REASS_SET_START(mp1, 0);
6917 IP_REASS_SET_END(mp1, 0);
6918 /* Subtract byte count */
6919 ipf->ipf_count -= mp1->b_datap->db_lim -
6920 mp1->b_datap->db_base;
6921 freeb(mp1);
6922 BUMP_MIB(ill->ill_ip_mib,
6923 ipIfStatsReasmPartDups);
6924 mp1 = mp->b_cont;
6925 if (!mp1)
6926 break;
6927 offset = IP_REASS_START(mp1);
6928 }
6929 ipf->ipf_mp->b_cont = mp;
6930 continue;
6931 }
6932 /*
6933 * The new piece starts somewhere between the start of the head
6934 * and before the end of the tail.
6935 */
6936 for (; mp1; mp1 = mp1->b_cont) {
6937 offset = IP_REASS_END(mp1);
6938 if (start < offset) {
6939 if (end <= offset) {
6940 /* Nothing new. */
6941 IP_REASS_SET_START(mp, 0);
6942 IP_REASS_SET_END(mp, 0);
6943 /* Subtract byte count */
6944 ipf->ipf_count -= mp->b_datap->db_lim -
6945 mp->b_datap->db_base;
6946 if (incr_dups) {
6947 ipf->ipf_num_dups++;
6948 incr_dups = B_FALSE;
6949 }
6950 freeb(mp);
6951 BUMP_MIB(ill->ill_ip_mib,
6952 ipIfStatsReasmDuplicates);
6953 break;
6954 }
6955 /*
6956 * Trim redundant stuff off beginning of new
6957 * piece.
6958 */
6959 IP_REASS_SET_START(mp, offset);
6960 mp->b_rptr += offset - start;
6961 BUMP_MIB(ill->ill_ip_mib,
6962 ipIfStatsReasmPartDups);
6963 start = offset;
6964 if (!mp1->b_cont) {
6965 /*
6966 * After trimming, this guy is now
6967 * hanging off the end.
6968 */
6969 mp1->b_cont = mp;
6970 ipf->ipf_tail_mp = mp;
6971 if (!more) {
6972 ipf->ipf_hole_cnt--;
6973 }
6974 break;
6975 }
6976 }
6977 if (start >= IP_REASS_START(mp1->b_cont))
6978 continue;
6979 /* Fill a hole */
6980 if (start > offset)
6981 ipf->ipf_hole_cnt++;
6982 mp->b_cont = mp1->b_cont;
6983 mp1->b_cont = mp;
6984 mp1 = mp->b_cont;
6985 offset = IP_REASS_START(mp1);
6986 if (end >= offset) {
6987 ipf->ipf_hole_cnt--;
6988 /* Check for overlap. */
6989 while (end > offset) {
6990 if (end < IP_REASS_END(mp1)) {
6991 mp->b_wptr -= end - offset;
6992 IP_REASS_SET_END(mp, offset);
6993 /*
6994 * TODO we might bump
6995 * this up twice if there is
6996 * overlap at both ends.
6997 */
6998 BUMP_MIB(ill->ill_ip_mib,
6999 ipIfStatsReasmPartDups);
7000 break;
7001 }
7002 /* Did we cover another hole? */
7003 if ((mp1->b_cont &&
7004 IP_REASS_END(mp1)
7005 != IP_REASS_START(mp1->b_cont) &&
7006 end >=
7007 IP_REASS_START(mp1->b_cont)) ||
7008 (!ipf->ipf_last_frag_seen &&
7009 !more)) {
7010 ipf->ipf_hole_cnt--;
7011 }
7012 /* Clip out mp1. */
7013 if ((mp->b_cont = mp1->b_cont) ==
7014 NULL) {
7015 /*
7016 * After clipping out mp1,
7017 * this guy is now hanging
7018 * off the end.
7019 */
7020 ipf->ipf_tail_mp = mp;
7021 }
7022 IP_REASS_SET_START(mp1, 0);
7023 IP_REASS_SET_END(mp1, 0);
7024 /* Subtract byte count */
7025 ipf->ipf_count -=
7026 mp1->b_datap->db_lim -
7027 mp1->b_datap->db_base;
7028 freeb(mp1);
7029 BUMP_MIB(ill->ill_ip_mib,
7030 ipIfStatsReasmPartDups);
7031 mp1 = mp->b_cont;
7032 if (!mp1)
7033 break;
7034 offset = IP_REASS_START(mp1);
7035 }
7036 }
7037 break;
7038 }
7039 } while (start = end, mp = next_mp);
7040
7041 /* Fragment just processed could be the last one. Remember this fact */
7042 if (!more)
7043 ipf->ipf_last_frag_seen = B_TRUE;
7044
7045 /* Still got holes? */
7046 if (ipf->ipf_hole_cnt)
7047 return (IP_REASS_PARTIAL);
7048 /* Clean up overloaded fields to avoid upstream disasters. */
7049 for (mp1 = ipf->ipf_mp->b_cont; mp1; mp1 = mp1->b_cont) {
7050 IP_REASS_SET_START(mp1, 0);
7051 IP_REASS_SET_END(mp1, 0);
7052 }
7053 return (IP_REASS_COMPLETE);
7054 }
7055
7056 /*
7057 * Fragmentation reassembly. Each ILL has a hash table for
7058 * queuing packets undergoing reassembly for all IPIFs
7059 * associated with the ILL. The hash is based on the packet
7060 * IP ident field. The ILL frag hash table was allocated
7061 * as a timer block at the time the ILL was created. Whenever
7062 * there is anything on the reassembly queue, the timer will
7063 * be running. Returns the reassembled packet if reassembly completes.
7064 */
7065 mblk_t *
ip_input_fragment(mblk_t * mp,ipha_t * ipha,ip_recv_attr_t * ira)7066 ip_input_fragment(mblk_t *mp, ipha_t *ipha, ip_recv_attr_t *ira)
7067 {
7068 uint32_t frag_offset_flags;
7069 mblk_t *t_mp;
7070 ipaddr_t dst;
7071 uint8_t proto = ipha->ipha_protocol;
7072 uint32_t sum_val;
7073 uint16_t sum_flags;
7074 ipf_t *ipf;
7075 ipf_t **ipfp;
7076 ipfb_t *ipfb;
7077 uint16_t ident;
7078 uint32_t offset;
7079 ipaddr_t src;
7080 uint_t hdr_length;
7081 uint32_t end;
7082 mblk_t *mp1;
7083 mblk_t *tail_mp;
7084 size_t count;
7085 size_t msg_len;
7086 uint8_t ecn_info = 0;
7087 uint32_t packet_size;
7088 boolean_t pruned = B_FALSE;
7089 ill_t *ill = ira->ira_ill;
7090 ip_stack_t *ipst = ill->ill_ipst;
7091
7092 /*
7093 * Drop the fragmented as early as possible, if
7094 * we don't have resource(s) to re-assemble.
7095 */
7096 if (ipst->ips_ip_reass_queue_bytes == 0) {
7097 freemsg(mp);
7098 return (NULL);
7099 }
7100
7101 /* Check for fragmentation offset; return if there's none */
7102 if ((frag_offset_flags = ntohs(ipha->ipha_fragment_offset_and_flags) &
7103 (IPH_MF | IPH_OFFSET)) == 0)
7104 return (mp);
7105
7106 /*
7107 * We utilize hardware computed checksum info only for UDP since
7108 * IP fragmentation is a normal occurrence for the protocol. In
7109 * addition, checksum offload support for IP fragments carrying
7110 * UDP payload is commonly implemented across network adapters.
7111 */
7112 ASSERT(ira->ira_rill != NULL);
7113 if (proto == IPPROTO_UDP && dohwcksum &&
7114 ILL_HCKSUM_CAPABLE(ira->ira_rill) &&
7115 (DB_CKSUMFLAGS(mp) & (HCK_FULLCKSUM | HCK_PARTIALCKSUM))) {
7116 mblk_t *mp1 = mp->b_cont;
7117 int32_t len;
7118
7119 /* Record checksum information from the packet */
7120 sum_val = (uint32_t)DB_CKSUM16(mp);
7121 sum_flags = DB_CKSUMFLAGS(mp);
7122
7123 /* IP payload offset from beginning of mblk */
7124 offset = ((uchar_t *)ipha + IPH_HDR_LENGTH(ipha)) - mp->b_rptr;
7125
7126 if ((sum_flags & HCK_PARTIALCKSUM) &&
7127 (mp1 == NULL || mp1->b_cont == NULL) &&
7128 offset >= DB_CKSUMSTART(mp) &&
7129 ((len = offset - DB_CKSUMSTART(mp)) & 1) == 0) {
7130 uint32_t adj;
7131 /*
7132 * Partial checksum has been calculated by hardware
7133 * and attached to the packet; in addition, any
7134 * prepended extraneous data is even byte aligned.
7135 * If any such data exists, we adjust the checksum;
7136 * this would also handle any postpended data.
7137 */
7138 IP_ADJCKSUM_PARTIAL(mp->b_rptr + DB_CKSUMSTART(mp),
7139 mp, mp1, len, adj);
7140
7141 /* One's complement subtract extraneous checksum */
7142 if (adj >= sum_val)
7143 sum_val = ~(adj - sum_val) & 0xFFFF;
7144 else
7145 sum_val -= adj;
7146 }
7147 } else {
7148 sum_val = 0;
7149 sum_flags = 0;
7150 }
7151
7152 /* Clear hardware checksumming flag */
7153 DB_CKSUMFLAGS(mp) = 0;
7154
7155 ident = ipha->ipha_ident;
7156 offset = (frag_offset_flags << 3) & 0xFFFF;
7157 src = ipha->ipha_src;
7158 dst = ipha->ipha_dst;
7159 hdr_length = IPH_HDR_LENGTH(ipha);
7160 end = ntohs(ipha->ipha_length) - hdr_length;
7161
7162 /* If end == 0 then we have a packet with no data, so just free it */
7163 if (end == 0) {
7164 freemsg(mp);
7165 return (NULL);
7166 }
7167
7168 /* Record the ECN field info. */
7169 ecn_info = (ipha->ipha_type_of_service & 0x3);
7170 if (offset != 0) {
7171 /*
7172 * If this isn't the first piece, strip the header, and
7173 * add the offset to the end value.
7174 */
7175 mp->b_rptr += hdr_length;
7176 end += offset;
7177 }
7178
7179 /* Handle vnic loopback of fragments */
7180 if (mp->b_datap->db_ref > 2)
7181 msg_len = 0;
7182 else
7183 msg_len = MBLKSIZE(mp);
7184
7185 tail_mp = mp;
7186 while (tail_mp->b_cont != NULL) {
7187 tail_mp = tail_mp->b_cont;
7188 if (tail_mp->b_datap->db_ref <= 2)
7189 msg_len += MBLKSIZE(tail_mp);
7190 }
7191
7192 /* If the reassembly list for this ILL will get too big, prune it */
7193 if ((msg_len + sizeof (*ipf) + ill->ill_frag_count) >=
7194 ipst->ips_ip_reass_queue_bytes) {
7195 DTRACE_PROBE3(ip_reass_queue_bytes, uint_t, msg_len,
7196 uint_t, ill->ill_frag_count,
7197 uint_t, ipst->ips_ip_reass_queue_bytes);
7198 ill_frag_prune(ill,
7199 (ipst->ips_ip_reass_queue_bytes < msg_len) ? 0 :
7200 (ipst->ips_ip_reass_queue_bytes - msg_len));
7201 pruned = B_TRUE;
7202 }
7203
7204 ipfb = &ill->ill_frag_hash_tbl[ILL_FRAG_HASH(src, ident)];
7205 mutex_enter(&ipfb->ipfb_lock);
7206
7207 ipfp = &ipfb->ipfb_ipf;
7208 /* Try to find an existing fragment queue for this packet. */
7209 for (;;) {
7210 ipf = ipfp[0];
7211 if (ipf != NULL) {
7212 /*
7213 * It has to match on ident and src/dst address.
7214 */
7215 if (ipf->ipf_ident == ident &&
7216 ipf->ipf_src == src &&
7217 ipf->ipf_dst == dst &&
7218 ipf->ipf_protocol == proto) {
7219 /*
7220 * If we have received too many
7221 * duplicate fragments for this packet
7222 * free it.
7223 */
7224 if (ipf->ipf_num_dups > ip_max_frag_dups) {
7225 ill_frag_free_pkts(ill, ipfb, ipf, 1);
7226 freemsg(mp);
7227 mutex_exit(&ipfb->ipfb_lock);
7228 return (NULL);
7229 }
7230 /* Found it. */
7231 break;
7232 }
7233 ipfp = &ipf->ipf_hash_next;
7234 continue;
7235 }
7236
7237 /*
7238 * If we pruned the list, do we want to store this new
7239 * fragment?. We apply an optimization here based on the
7240 * fact that most fragments will be received in order.
7241 * So if the offset of this incoming fragment is zero,
7242 * it is the first fragment of a new packet. We will
7243 * keep it. Otherwise drop the fragment, as we have
7244 * probably pruned the packet already (since the
7245 * packet cannot be found).
7246 */
7247 if (pruned && offset != 0) {
7248 mutex_exit(&ipfb->ipfb_lock);
7249 freemsg(mp);
7250 return (NULL);
7251 }
7252
7253 if (ipfb->ipfb_frag_pkts >= MAX_FRAG_PKTS(ipst)) {
7254 /*
7255 * Too many fragmented packets in this hash
7256 * bucket. Free the oldest.
7257 */
7258 ill_frag_free_pkts(ill, ipfb, ipfb->ipfb_ipf, 1);
7259 }
7260
7261 /* New guy. Allocate a frag message. */
7262 mp1 = allocb(sizeof (*ipf), BPRI_MED);
7263 if (mp1 == NULL) {
7264 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
7265 ip_drop_input("ipIfStatsInDiscards", mp, ill);
7266 freemsg(mp);
7267 reass_done:
7268 mutex_exit(&ipfb->ipfb_lock);
7269 return (NULL);
7270 }
7271
7272 BUMP_MIB(ill->ill_ip_mib, ipIfStatsReasmReqds);
7273 mp1->b_cont = mp;
7274
7275 /* Initialize the fragment header. */
7276 ipf = (ipf_t *)mp1->b_rptr;
7277 ipf->ipf_mp = mp1;
7278 ipf->ipf_ptphn = ipfp;
7279 ipfp[0] = ipf;
7280 ipf->ipf_hash_next = NULL;
7281 ipf->ipf_ident = ident;
7282 ipf->ipf_protocol = proto;
7283 ipf->ipf_src = src;
7284 ipf->ipf_dst = dst;
7285 ipf->ipf_nf_hdr_len = 0;
7286 /* Record reassembly start time. */
7287 ipf->ipf_timestamp = gethrestime_sec();
7288 /* Record ipf generation and account for frag header */
7289 ipf->ipf_gen = ill->ill_ipf_gen++;
7290 ipf->ipf_count = MBLKSIZE(mp1);
7291 ipf->ipf_last_frag_seen = B_FALSE;
7292 ipf->ipf_ecn = ecn_info;
7293 ipf->ipf_num_dups = 0;
7294 ipfb->ipfb_frag_pkts++;
7295 ipf->ipf_checksum = 0;
7296 ipf->ipf_checksum_flags = 0;
7297
7298 /* Store checksum value in fragment header */
7299 if (sum_flags != 0) {
7300 sum_val = (sum_val & 0xFFFF) + (sum_val >> 16);
7301 sum_val = (sum_val & 0xFFFF) + (sum_val >> 16);
7302 ipf->ipf_checksum = sum_val;
7303 ipf->ipf_checksum_flags = sum_flags;
7304 }
7305
7306 /*
7307 * We handle reassembly two ways. In the easy case,
7308 * where all the fragments show up in order, we do
7309 * minimal bookkeeping, and just clip new pieces on
7310 * the end. If we ever see a hole, then we go off
7311 * to ip_reassemble which has to mark the pieces and
7312 * keep track of the number of holes, etc. Obviously,
7313 * the point of having both mechanisms is so we can
7314 * handle the easy case as efficiently as possible.
7315 */
7316 if (offset == 0) {
7317 /* Easy case, in-order reassembly so far. */
7318 ipf->ipf_count += msg_len;
7319 ipf->ipf_tail_mp = tail_mp;
7320 /*
7321 * Keep track of next expected offset in
7322 * ipf_end.
7323 */
7324 ipf->ipf_end = end;
7325 ipf->ipf_nf_hdr_len = hdr_length;
7326 } else {
7327 /* Hard case, hole at the beginning. */
7328 ipf->ipf_tail_mp = NULL;
7329 /*
7330 * ipf_end == 0 means that we have given up
7331 * on easy reassembly.
7332 */
7333 ipf->ipf_end = 0;
7334
7335 /* Forget checksum offload from now on */
7336 ipf->ipf_checksum_flags = 0;
7337
7338 /*
7339 * ipf_hole_cnt is set by ip_reassemble.
7340 * ipf_count is updated by ip_reassemble.
7341 * No need to check for return value here
7342 * as we don't expect reassembly to complete
7343 * or fail for the first fragment itself.
7344 */
7345 (void) ip_reassemble(mp, ipf,
7346 (frag_offset_flags & IPH_OFFSET) << 3,
7347 (frag_offset_flags & IPH_MF), ill, msg_len);
7348 }
7349 /* Update per ipfb and ill byte counts */
7350 ipfb->ipfb_count += ipf->ipf_count;
7351 ASSERT(ipfb->ipfb_count > 0); /* Wraparound */
7352 atomic_add_32(&ill->ill_frag_count, ipf->ipf_count);
7353 /* If the frag timer wasn't already going, start it. */
7354 mutex_enter(&ill->ill_lock);
7355 ill_frag_timer_start(ill);
7356 mutex_exit(&ill->ill_lock);
7357 goto reass_done;
7358 }
7359
7360 /*
7361 * If the packet's flag has changed (it could be coming up
7362 * from an interface different than the previous, therefore
7363 * possibly different checksum capability), then forget about
7364 * any stored checksum states. Otherwise add the value to
7365 * the existing one stored in the fragment header.
7366 */
7367 if (sum_flags != 0 && sum_flags == ipf->ipf_checksum_flags) {
7368 sum_val += ipf->ipf_checksum;
7369 sum_val = (sum_val & 0xFFFF) + (sum_val >> 16);
7370 sum_val = (sum_val & 0xFFFF) + (sum_val >> 16);
7371 ipf->ipf_checksum = sum_val;
7372 } else if (ipf->ipf_checksum_flags != 0) {
7373 /* Forget checksum offload from now on */
7374 ipf->ipf_checksum_flags = 0;
7375 }
7376
7377 /*
7378 * We have a new piece of a datagram which is already being
7379 * reassembled. Update the ECN info if all IP fragments
7380 * are ECN capable. If there is one which is not, clear
7381 * all the info. If there is at least one which has CE
7382 * code point, IP needs to report that up to transport.
7383 */
7384 if (ecn_info != IPH_ECN_NECT && ipf->ipf_ecn != IPH_ECN_NECT) {
7385 if (ecn_info == IPH_ECN_CE)
7386 ipf->ipf_ecn = IPH_ECN_CE;
7387 } else {
7388 ipf->ipf_ecn = IPH_ECN_NECT;
7389 }
7390 if (offset && ipf->ipf_end == offset) {
7391 /* The new fragment fits at the end */
7392 ipf->ipf_tail_mp->b_cont = mp;
7393 /* Update the byte count */
7394 ipf->ipf_count += msg_len;
7395 /* Update per ipfb and ill byte counts */
7396 ipfb->ipfb_count += msg_len;
7397 ASSERT(ipfb->ipfb_count > 0); /* Wraparound */
7398 atomic_add_32(&ill->ill_frag_count, msg_len);
7399 if (frag_offset_flags & IPH_MF) {
7400 /* More to come. */
7401 ipf->ipf_end = end;
7402 ipf->ipf_tail_mp = tail_mp;
7403 goto reass_done;
7404 }
7405 } else {
7406 /* Go do the hard cases. */
7407 int ret;
7408
7409 if (offset == 0)
7410 ipf->ipf_nf_hdr_len = hdr_length;
7411
7412 /* Save current byte count */
7413 count = ipf->ipf_count;
7414 ret = ip_reassemble(mp, ipf,
7415 (frag_offset_flags & IPH_OFFSET) << 3,
7416 (frag_offset_flags & IPH_MF), ill, msg_len);
7417 /* Count of bytes added and subtracted (freeb()ed) */
7418 count = ipf->ipf_count - count;
7419 if (count) {
7420 /* Update per ipfb and ill byte counts */
7421 ipfb->ipfb_count += count;
7422 ASSERT(ipfb->ipfb_count > 0); /* Wraparound */
7423 atomic_add_32(&ill->ill_frag_count, count);
7424 }
7425 if (ret == IP_REASS_PARTIAL) {
7426 goto reass_done;
7427 } else if (ret == IP_REASS_FAILED) {
7428 /* Reassembly failed. Free up all resources */
7429 ill_frag_free_pkts(ill, ipfb, ipf, 1);
7430 for (t_mp = mp; t_mp != NULL; t_mp = t_mp->b_cont) {
7431 IP_REASS_SET_START(t_mp, 0);
7432 IP_REASS_SET_END(t_mp, 0);
7433 }
7434 freemsg(mp);
7435 goto reass_done;
7436 }
7437 /* We will reach here iff 'ret' is IP_REASS_COMPLETE */
7438 }
7439 /*
7440 * We have completed reassembly. Unhook the frag header from
7441 * the reassembly list.
7442 *
7443 * Before we free the frag header, record the ECN info
7444 * to report back to the transport.
7445 */
7446 ecn_info = ipf->ipf_ecn;
7447 BUMP_MIB(ill->ill_ip_mib, ipIfStatsReasmOKs);
7448 ipfp = ipf->ipf_ptphn;
7449
7450 /* We need to supply these to caller */
7451 if ((sum_flags = ipf->ipf_checksum_flags) != 0)
7452 sum_val = ipf->ipf_checksum;
7453 else
7454 sum_val = 0;
7455
7456 mp1 = ipf->ipf_mp;
7457 count = ipf->ipf_count;
7458 ipf = ipf->ipf_hash_next;
7459 if (ipf != NULL)
7460 ipf->ipf_ptphn = ipfp;
7461 ipfp[0] = ipf;
7462 atomic_add_32(&ill->ill_frag_count, -count);
7463 ASSERT(ipfb->ipfb_count >= count);
7464 ipfb->ipfb_count -= count;
7465 ipfb->ipfb_frag_pkts--;
7466 mutex_exit(&ipfb->ipfb_lock);
7467 /* Ditch the frag header. */
7468 mp = mp1->b_cont;
7469
7470 freeb(mp1);
7471
7472 /* Restore original IP length in header. */
7473 packet_size = (uint32_t)msgdsize(mp);
7474 if (packet_size > IP_MAXPACKET) {
7475 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7476 ip_drop_input("Reassembled packet too large", mp, ill);
7477 freemsg(mp);
7478 return (NULL);
7479 }
7480
7481 if (DB_REF(mp) > 1) {
7482 mblk_t *mp2 = copymsg(mp);
7483
7484 if (mp2 == NULL) {
7485 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
7486 ip_drop_input("ipIfStatsInDiscards", mp, ill);
7487 freemsg(mp);
7488 return (NULL);
7489 }
7490 freemsg(mp);
7491 mp = mp2;
7492 }
7493 ipha = (ipha_t *)mp->b_rptr;
7494
7495 ipha->ipha_length = htons((uint16_t)packet_size);
7496 /* We're now complete, zip the frag state */
7497 ipha->ipha_fragment_offset_and_flags = 0;
7498 /* Record the ECN info. */
7499 ipha->ipha_type_of_service &= 0xFC;
7500 ipha->ipha_type_of_service |= ecn_info;
7501
7502 /* Update the receive attributes */
7503 ira->ira_pktlen = packet_size;
7504 ira->ira_ip_hdr_length = IPH_HDR_LENGTH(ipha);
7505
7506 /* Reassembly is successful; set checksum information in packet */
7507 DB_CKSUM16(mp) = (uint16_t)sum_val;
7508 DB_CKSUMFLAGS(mp) = sum_flags;
7509 DB_CKSUMSTART(mp) = ira->ira_ip_hdr_length;
7510
7511 return (mp);
7512 }
7513
7514 /*
7515 * Pullup function that should be used for IP input in order to
7516 * ensure we do not loose the L2 source address; we need the l2 source
7517 * address for IP_RECVSLLA and for ndp_input.
7518 *
7519 * We return either NULL or b_rptr.
7520 */
7521 void *
ip_pullup(mblk_t * mp,ssize_t len,ip_recv_attr_t * ira)7522 ip_pullup(mblk_t *mp, ssize_t len, ip_recv_attr_t *ira)
7523 {
7524 ill_t *ill = ira->ira_ill;
7525
7526 if (ip_rput_pullups++ == 0) {
7527 (void) mi_strlog(ill->ill_rq, 1, SL_ERROR|SL_TRACE,
7528 "ip_pullup: %s forced us to "
7529 " pullup pkt, hdr len %ld, hdr addr %p",
7530 ill->ill_name, len, (void *)mp->b_rptr);
7531 }
7532 if (!(ira->ira_flags & IRAF_L2SRC_SET))
7533 ip_setl2src(mp, ira, ira->ira_rill);
7534 ASSERT(ira->ira_flags & IRAF_L2SRC_SET);
7535 if (!pullupmsg(mp, len))
7536 return (NULL);
7537 else
7538 return (mp->b_rptr);
7539 }
7540
7541 /*
7542 * Make sure ira_l2src has an address. If we don't have one fill with zeros.
7543 * When called from the ULP ira_rill will be NULL hence the caller has to
7544 * pass in the ill.
7545 */
7546 /* ARGSUSED */
7547 void
ip_setl2src(mblk_t * mp,ip_recv_attr_t * ira,ill_t * ill)7548 ip_setl2src(mblk_t *mp, ip_recv_attr_t *ira, ill_t *ill)
7549 {
7550 const uchar_t *addr;
7551 int alen;
7552
7553 if (ira->ira_flags & IRAF_L2SRC_SET)
7554 return;
7555
7556 ASSERT(ill != NULL);
7557 alen = ill->ill_phys_addr_length;
7558 ASSERT(alen <= sizeof (ira->ira_l2src));
7559 if (ira->ira_mhip != NULL &&
7560 (addr = ira->ira_mhip->mhi_saddr) != NULL) {
7561 bcopy(addr, ira->ira_l2src, alen);
7562 } else if ((ira->ira_flags & IRAF_L2SRC_LOOPBACK) &&
7563 (addr = ill->ill_phys_addr) != NULL) {
7564 bcopy(addr, ira->ira_l2src, alen);
7565 } else {
7566 bzero(ira->ira_l2src, alen);
7567 }
7568 ira->ira_flags |= IRAF_L2SRC_SET;
7569 }
7570
7571 /*
7572 * check ip header length and align it.
7573 */
7574 mblk_t *
ip_check_and_align_header(mblk_t * mp,uint_t min_size,ip_recv_attr_t * ira)7575 ip_check_and_align_header(mblk_t *mp, uint_t min_size, ip_recv_attr_t *ira)
7576 {
7577 ill_t *ill = ira->ira_ill;
7578 ssize_t len;
7579
7580 len = MBLKL(mp);
7581
7582 if (!OK_32PTR(mp->b_rptr))
7583 IP_STAT(ill->ill_ipst, ip_notaligned);
7584 else
7585 IP_STAT(ill->ill_ipst, ip_recv_pullup);
7586
7587 /* Guard against bogus device drivers */
7588 if (len < 0) {
7589 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7590 ip_drop_input("ipIfStatsInHdrErrors", mp, ill);
7591 freemsg(mp);
7592 return (NULL);
7593 }
7594
7595 if (len == 0) {
7596 /* GLD sometimes sends up mblk with b_rptr == b_wptr! */
7597 mblk_t *mp1 = mp->b_cont;
7598
7599 if (!(ira->ira_flags & IRAF_L2SRC_SET))
7600 ip_setl2src(mp, ira, ira->ira_rill);
7601 ASSERT(ira->ira_flags & IRAF_L2SRC_SET);
7602
7603 freeb(mp);
7604 mp = mp1;
7605 if (mp == NULL)
7606 return (NULL);
7607
7608 if (OK_32PTR(mp->b_rptr) && MBLKL(mp) >= min_size)
7609 return (mp);
7610 }
7611 if (ip_pullup(mp, min_size, ira) == NULL) {
7612 if (msgdsize(mp) < min_size) {
7613 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7614 ip_drop_input("ipIfStatsInHdrErrors", mp, ill);
7615 } else {
7616 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
7617 ip_drop_input("ipIfStatsInDiscards", mp, ill);
7618 }
7619 freemsg(mp);
7620 return (NULL);
7621 }
7622 return (mp);
7623 }
7624
7625 /*
7626 * Common code for IPv4 and IPv6 to check and pullup multi-mblks
7627 */
7628 mblk_t *
ip_check_length(mblk_t * mp,uchar_t * rptr,ssize_t len,uint_t pkt_len,uint_t min_size,ip_recv_attr_t * ira)7629 ip_check_length(mblk_t *mp, uchar_t *rptr, ssize_t len, uint_t pkt_len,
7630 uint_t min_size, ip_recv_attr_t *ira)
7631 {
7632 ill_t *ill = ira->ira_ill;
7633
7634 /*
7635 * Make sure we have data length consistent
7636 * with the IP header.
7637 */
7638 if (mp->b_cont == NULL) {
7639 /* pkt_len is based on ipha_len, not the mblk length */
7640 if (pkt_len < min_size) {
7641 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7642 ip_drop_input("ipIfStatsInHdrErrors", mp, ill);
7643 freemsg(mp);
7644 return (NULL);
7645 }
7646 if (len < 0) {
7647 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts);
7648 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill);
7649 freemsg(mp);
7650 return (NULL);
7651 }
7652 /* Drop any pad */
7653 mp->b_wptr = rptr + pkt_len;
7654 } else if ((len += msgdsize(mp->b_cont)) != 0) {
7655 ASSERT(pkt_len >= min_size);
7656 if (pkt_len < min_size) {
7657 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7658 ip_drop_input("ipIfStatsInHdrErrors", mp, ill);
7659 freemsg(mp);
7660 return (NULL);
7661 }
7662 if (len < 0) {
7663 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts);
7664 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill);
7665 freemsg(mp);
7666 return (NULL);
7667 }
7668 /* Drop any pad */
7669 (void) adjmsg(mp, -len);
7670 /*
7671 * adjmsg may have freed an mblk from the chain, hence
7672 * invalidate any hw checksum here. This will force IP to
7673 * calculate the checksum in sw, but only for this packet.
7674 */
7675 DB_CKSUMFLAGS(mp) = 0;
7676 IP_STAT(ill->ill_ipst, ip_multimblk);
7677 }
7678 return (mp);
7679 }
7680
7681 /*
7682 * Check that the IPv4 opt_len is consistent with the packet and pullup
7683 * the options.
7684 */
7685 mblk_t *
ip_check_optlen(mblk_t * mp,ipha_t * ipha,uint_t opt_len,uint_t pkt_len,ip_recv_attr_t * ira)7686 ip_check_optlen(mblk_t *mp, ipha_t *ipha, uint_t opt_len, uint_t pkt_len,
7687 ip_recv_attr_t *ira)
7688 {
7689 ill_t *ill = ira->ira_ill;
7690 ssize_t len;
7691
7692 /* Assume no IPv6 packets arrive over the IPv4 queue */
7693 if (IPH_HDR_VERSION(ipha) != IPV4_VERSION) {
7694 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7695 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInWrongIPVersion);
7696 ip_drop_input("IPvN packet on IPv4 ill", mp, ill);
7697 freemsg(mp);
7698 return (NULL);
7699 }
7700
7701 if (opt_len > (15 - IP_SIMPLE_HDR_LENGTH_IN_WORDS)) {
7702 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7703 ip_drop_input("ipIfStatsInHdrErrors", mp, ill);
7704 freemsg(mp);
7705 return (NULL);
7706 }
7707 /*
7708 * Recompute complete header length and make sure we
7709 * have access to all of it.
7710 */
7711 len = ((size_t)opt_len + IP_SIMPLE_HDR_LENGTH_IN_WORDS) << 2;
7712 if (len > (mp->b_wptr - mp->b_rptr)) {
7713 if (len > pkt_len) {
7714 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors);
7715 ip_drop_input("ipIfStatsInHdrErrors", mp, ill);
7716 freemsg(mp);
7717 return (NULL);
7718 }
7719 if (ip_pullup(mp, len, ira) == NULL) {
7720 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
7721 ip_drop_input("ipIfStatsInDiscards", mp, ill);
7722 freemsg(mp);
7723 return (NULL);
7724 }
7725 }
7726 return (mp);
7727 }
7728
7729 /*
7730 * Returns a new ire, or the same ire, or NULL.
7731 * If a different IRE is returned, then it is held; the caller
7732 * needs to release it.
7733 * In no case is there any hold/release on the ire argument.
7734 */
7735 ire_t *
ip_check_multihome(void * addr,ire_t * ire,ill_t * ill)7736 ip_check_multihome(void *addr, ire_t *ire, ill_t *ill)
7737 {
7738 ire_t *new_ire;
7739 ill_t *ire_ill;
7740 uint_t ifindex;
7741 ip_stack_t *ipst = ill->ill_ipst;
7742 boolean_t strict_check = B_FALSE;
7743
7744 /*
7745 * IPMP common case: if IRE and ILL are in the same group, there's no
7746 * issue (e.g. packet received on an underlying interface matched an
7747 * IRE_LOCAL on its associated group interface).
7748 */
7749 ASSERT(ire->ire_ill != NULL);
7750 if (IS_IN_SAME_ILLGRP(ill, ire->ire_ill))
7751 return (ire);
7752
7753 /*
7754 * Do another ire lookup here, using the ingress ill, to see if the
7755 * interface is in a usesrc group.
7756 * As long as the ills belong to the same group, we don't consider
7757 * them to be arriving on the wrong interface. Thus, if the switch
7758 * is doing inbound load spreading, we won't drop packets when the
7759 * ip*_strict_dst_multihoming switch is on.
7760 * We also need to check for IPIF_UNNUMBERED point2point interfaces
7761 * where the local address may not be unique. In this case we were
7762 * at the mercy of the initial ire lookup and the IRE_LOCAL it
7763 * actually returned. The new lookup, which is more specific, should
7764 * only find the IRE_LOCAL associated with the ingress ill if one
7765 * exists.
7766 */
7767 if (ire->ire_ipversion == IPV4_VERSION) {
7768 if (ipst->ips_ip_strict_dst_multihoming)
7769 strict_check = B_TRUE;
7770 new_ire = ire_ftable_lookup_v4(*((ipaddr_t *)addr), 0, 0,
7771 IRE_LOCAL, ill, ALL_ZONES, NULL,
7772 (MATCH_IRE_TYPE|MATCH_IRE_ILL), 0, ipst, NULL);
7773 } else {
7774 ASSERT(!IN6_IS_ADDR_MULTICAST((in6_addr_t *)addr));
7775 if (ipst->ips_ipv6_strict_dst_multihoming)
7776 strict_check = B_TRUE;
7777 new_ire = ire_ftable_lookup_v6((in6_addr_t *)addr, NULL, NULL,
7778 IRE_LOCAL, ill, ALL_ZONES, NULL,
7779 (MATCH_IRE_TYPE|MATCH_IRE_ILL), 0, ipst, NULL);
7780 }
7781 /*
7782 * If the same ire that was returned in ip_input() is found then this
7783 * is an indication that usesrc groups are in use. The packet
7784 * arrived on a different ill in the group than the one associated with
7785 * the destination address. If a different ire was found then the same
7786 * IP address must be hosted on multiple ills. This is possible with
7787 * unnumbered point2point interfaces. We switch to use this new ire in
7788 * order to have accurate interface statistics.
7789 */
7790 if (new_ire != NULL) {
7791 /* Note: held in one case but not the other? Caller handles */
7792 if (new_ire != ire)
7793 return (new_ire);
7794 /* Unchanged */
7795 ire_refrele(new_ire);
7796 return (ire);
7797 }
7798
7799 /*
7800 * Chase pointers once and store locally.
7801 */
7802 ASSERT(ire->ire_ill != NULL);
7803 ire_ill = ire->ire_ill;
7804 ifindex = ill->ill_usesrc_ifindex;
7805
7806 /*
7807 * Check if it's a legal address on the 'usesrc' interface.
7808 * For IPMP data addresses the IRE_LOCAL is the upper, hence we
7809 * can just check phyint_ifindex.
7810 */
7811 if (ifindex != 0 && ifindex == ire_ill->ill_phyint->phyint_ifindex) {
7812 return (ire);
7813 }
7814
7815 /*
7816 * If the ip*_strict_dst_multihoming switch is on then we can
7817 * only accept this packet if the interface is marked as routing.
7818 */
7819 if (!(strict_check))
7820 return (ire);
7821
7822 if ((ill->ill_flags & ire->ire_ill->ill_flags & ILLF_ROUTER) != 0) {
7823 return (ire);
7824 }
7825 return (NULL);
7826 }
7827
7828 /*
7829 * This function is used to construct a mac_header_info_s from a
7830 * DL_UNITDATA_IND message.
7831 * The address fields in the mhi structure points into the message,
7832 * thus the caller can't use those fields after freeing the message.
7833 *
7834 * We determine whether the packet received is a non-unicast packet
7835 * and in doing so, determine whether or not it is broadcast vs multicast.
7836 * For it to be a broadcast packet, we must have the appropriate mblk_t
7837 * hanging off the ill_t. If this is either not present or doesn't match
7838 * the destination mac address in the DL_UNITDATA_IND, the packet is deemed
7839 * to be multicast. Thus NICs that have no broadcast address (or no
7840 * capability for one, such as point to point links) cannot return as
7841 * the packet being broadcast.
7842 */
7843 void
ip_dlur_to_mhi(ill_t * ill,mblk_t * mb,struct mac_header_info_s * mhip)7844 ip_dlur_to_mhi(ill_t *ill, mblk_t *mb, struct mac_header_info_s *mhip)
7845 {
7846 dl_unitdata_ind_t *ind = (dl_unitdata_ind_t *)mb->b_rptr;
7847 mblk_t *bmp;
7848 uint_t extra_offset;
7849
7850 bzero(mhip, sizeof (struct mac_header_info_s));
7851
7852 mhip->mhi_dsttype = MAC_ADDRTYPE_UNICAST;
7853
7854 if (ill->ill_sap_length < 0)
7855 extra_offset = 0;
7856 else
7857 extra_offset = ill->ill_sap_length;
7858
7859 mhip->mhi_daddr = (uchar_t *)ind + ind->dl_dest_addr_offset +
7860 extra_offset;
7861 mhip->mhi_saddr = (uchar_t *)ind + ind->dl_src_addr_offset +
7862 extra_offset;
7863
7864 if (!ind->dl_group_address)
7865 return;
7866
7867 /* Multicast or broadcast */
7868 mhip->mhi_dsttype = MAC_ADDRTYPE_MULTICAST;
7869
7870 if (ind->dl_dest_addr_offset > sizeof (*ind) &&
7871 ind->dl_dest_addr_offset + ind->dl_dest_addr_length < MBLKL(mb) &&
7872 (bmp = ill->ill_bcast_mp) != NULL) {
7873 dl_unitdata_req_t *dlur;
7874 uint8_t *bphys_addr;
7875
7876 dlur = (dl_unitdata_req_t *)bmp->b_rptr;
7877 bphys_addr = (uchar_t *)dlur + dlur->dl_dest_addr_offset +
7878 extra_offset;
7879
7880 if (bcmp(mhip->mhi_daddr, bphys_addr,
7881 ind->dl_dest_addr_length) == 0)
7882 mhip->mhi_dsttype = MAC_ADDRTYPE_BROADCAST;
7883 }
7884 }
7885
7886 /*
7887 * This function is used to construct a mac_header_info_s from a
7888 * M_DATA fastpath message from a DLPI driver.
7889 * The address fields in the mhi structure points into the message,
7890 * thus the caller can't use those fields after freeing the message.
7891 *
7892 * We determine whether the packet received is a non-unicast packet
7893 * and in doing so, determine whether or not it is broadcast vs multicast.
7894 * For it to be a broadcast packet, we must have the appropriate mblk_t
7895 * hanging off the ill_t. If this is either not present or doesn't match
7896 * the destination mac address in the DL_UNITDATA_IND, the packet is deemed
7897 * to be multicast. Thus NICs that have no broadcast address (or no
7898 * capability for one, such as point to point links) cannot return as
7899 * the packet being broadcast.
7900 */
7901 void
ip_mdata_to_mhi(ill_t * ill,mblk_t * mp,struct mac_header_info_s * mhip)7902 ip_mdata_to_mhi(ill_t *ill, mblk_t *mp, struct mac_header_info_s *mhip)
7903 {
7904 mblk_t *bmp;
7905 struct ether_header *pether;
7906
7907 bzero(mhip, sizeof (struct mac_header_info_s));
7908
7909 mhip->mhi_dsttype = MAC_ADDRTYPE_UNICAST;
7910
7911 pether = (struct ether_header *)((char *)mp->b_rptr
7912 - sizeof (struct ether_header));
7913
7914 /*
7915 * Make sure the interface is an ethernet type, since we don't
7916 * know the header format for anything but Ethernet. Also make
7917 * sure we are pointing correctly above db_base.
7918 */
7919 if (ill->ill_type != IFT_ETHER)
7920 return;
7921
7922 retry:
7923 if ((uchar_t *)pether < mp->b_datap->db_base)
7924 return;
7925
7926 /* Is there a VLAN tag? */
7927 if (ill->ill_isv6) {
7928 if (pether->ether_type != htons(ETHERTYPE_IPV6)) {
7929 pether = (struct ether_header *)((char *)pether - 4);
7930 goto retry;
7931 }
7932 } else {
7933 if (pether->ether_type != htons(ETHERTYPE_IP)) {
7934 pether = (struct ether_header *)((char *)pether - 4);
7935 goto retry;
7936 }
7937 }
7938 mhip->mhi_daddr = (uchar_t *)&pether->ether_dhost;
7939 mhip->mhi_saddr = (uchar_t *)&pether->ether_shost;
7940
7941 if (!(mhip->mhi_daddr[0] & 0x01))
7942 return;
7943
7944 /* Multicast or broadcast */
7945 mhip->mhi_dsttype = MAC_ADDRTYPE_MULTICAST;
7946
7947 if ((bmp = ill->ill_bcast_mp) != NULL) {
7948 dl_unitdata_req_t *dlur;
7949 uint8_t *bphys_addr;
7950 uint_t addrlen;
7951
7952 dlur = (dl_unitdata_req_t *)bmp->b_rptr;
7953 addrlen = dlur->dl_dest_addr_length;
7954 if (ill->ill_sap_length < 0) {
7955 bphys_addr = (uchar_t *)dlur +
7956 dlur->dl_dest_addr_offset;
7957 addrlen += ill->ill_sap_length;
7958 } else {
7959 bphys_addr = (uchar_t *)dlur +
7960 dlur->dl_dest_addr_offset +
7961 ill->ill_sap_length;
7962 addrlen -= ill->ill_sap_length;
7963 }
7964 if (bcmp(mhip->mhi_daddr, bphys_addr, addrlen) == 0)
7965 mhip->mhi_dsttype = MAC_ADDRTYPE_BROADCAST;
7966 }
7967 }
7968
7969 /*
7970 * Handle anything but M_DATA messages
7971 * We see the DL_UNITDATA_IND which are part
7972 * of the data path, and also the other messages from the driver.
7973 */
7974 void
ip_rput_notdata(ill_t * ill,mblk_t * mp)7975 ip_rput_notdata(ill_t *ill, mblk_t *mp)
7976 {
7977 mblk_t *first_mp;
7978 struct iocblk *iocp;
7979 struct mac_header_info_s mhi;
7980
7981 switch (DB_TYPE(mp)) {
7982 case M_PROTO:
7983 case M_PCPROTO: {
7984 if (((dl_unitdata_ind_t *)mp->b_rptr)->dl_primitive !=
7985 DL_UNITDATA_IND) {
7986 /* Go handle anything other than data elsewhere. */
7987 ip_rput_dlpi(ill, mp);
7988 return;
7989 }
7990
7991 first_mp = mp;
7992 mp = first_mp->b_cont;
7993 first_mp->b_cont = NULL;
7994
7995 if (mp == NULL) {
7996 freeb(first_mp);
7997 return;
7998 }
7999 ip_dlur_to_mhi(ill, first_mp, &mhi);
8000 if (ill->ill_isv6)
8001 ip_input_v6(ill, NULL, mp, &mhi);
8002 else
8003 ip_input(ill, NULL, mp, &mhi);
8004
8005 /* Ditch the DLPI header. */
8006 freeb(first_mp);
8007 return;
8008 }
8009 case M_IOCACK:
8010 iocp = (struct iocblk *)mp->b_rptr;
8011 switch (iocp->ioc_cmd) {
8012 case DL_IOC_HDR_INFO:
8013 ill_fastpath_ack(ill, mp);
8014 return;
8015 default:
8016 putnext(ill->ill_rq, mp);
8017 return;
8018 }
8019 /* FALLTHROUGH */
8020 case M_ERROR:
8021 case M_HANGUP:
8022 mutex_enter(&ill->ill_lock);
8023 if (ill->ill_state_flags & ILL_CONDEMNED) {
8024 mutex_exit(&ill->ill_lock);
8025 freemsg(mp);
8026 return;
8027 }
8028 ill_refhold_locked(ill);
8029 mutex_exit(&ill->ill_lock);
8030 qwriter_ip(ill, ill->ill_rq, mp, ip_rput_other, CUR_OP,
8031 B_FALSE);
8032 return;
8033 case M_CTL:
8034 putnext(ill->ill_rq, mp);
8035 return;
8036 case M_IOCNAK:
8037 ip1dbg(("got iocnak "));
8038 iocp = (struct iocblk *)mp->b_rptr;
8039 switch (iocp->ioc_cmd) {
8040 case DL_IOC_HDR_INFO:
8041 ip_rput_other(NULL, ill->ill_rq, mp, NULL);
8042 return;
8043 default:
8044 break;
8045 }
8046 /* FALLTHROUGH */
8047 default:
8048 putnext(ill->ill_rq, mp);
8049 return;
8050 }
8051 }
8052
8053 /* Read side put procedure. Packets coming from the wire arrive here. */
8054 int
ip_rput(queue_t * q,mblk_t * mp)8055 ip_rput(queue_t *q, mblk_t *mp)
8056 {
8057 ill_t *ill;
8058 union DL_primitives *dl;
8059
8060 ill = (ill_t *)q->q_ptr;
8061
8062 if (ill->ill_state_flags & (ILL_CONDEMNED | ILL_LL_SUBNET_PENDING)) {
8063 /*
8064 * If things are opening or closing, only accept high-priority
8065 * DLPI messages. (On open ill->ill_ipif has not yet been
8066 * created; on close, things hanging off the ill may have been
8067 * freed already.)
8068 */
8069 dl = (union DL_primitives *)mp->b_rptr;
8070 if (DB_TYPE(mp) != M_PCPROTO ||
8071 dl->dl_primitive == DL_UNITDATA_IND) {
8072 inet_freemsg(mp);
8073 return (0);
8074 }
8075 }
8076 if (DB_TYPE(mp) == M_DATA) {
8077 struct mac_header_info_s mhi;
8078
8079 ip_mdata_to_mhi(ill, mp, &mhi);
8080 ip_input(ill, NULL, mp, &mhi);
8081 } else {
8082 ip_rput_notdata(ill, mp);
8083 }
8084 return (0);
8085 }
8086
8087 /*
8088 * Move the information to a copy.
8089 */
8090 mblk_t *
ip_fix_dbref(mblk_t * mp,ip_recv_attr_t * ira)8091 ip_fix_dbref(mblk_t *mp, ip_recv_attr_t *ira)
8092 {
8093 mblk_t *mp1;
8094 ill_t *ill = ira->ira_ill;
8095 ip_stack_t *ipst = ill->ill_ipst;
8096
8097 IP_STAT(ipst, ip_db_ref);
8098
8099 /* Make sure we have ira_l2src before we loose the original mblk */
8100 if (!(ira->ira_flags & IRAF_L2SRC_SET))
8101 ip_setl2src(mp, ira, ira->ira_rill);
8102
8103 mp1 = copymsg(mp);
8104 if (mp1 == NULL) {
8105 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
8106 ip_drop_input("ipIfStatsInDiscards", mp, ill);
8107 freemsg(mp);
8108 return (NULL);
8109 }
8110 /* preserve the hardware checksum flags and data, if present */
8111 if (DB_CKSUMFLAGS(mp) != 0) {
8112 DB_CKSUMFLAGS(mp1) = DB_CKSUMFLAGS(mp);
8113 DB_CKSUMSTART(mp1) = DB_CKSUMSTART(mp);
8114 DB_CKSUMSTUFF(mp1) = DB_CKSUMSTUFF(mp);
8115 DB_CKSUMEND(mp1) = DB_CKSUMEND(mp);
8116 DB_CKSUM16(mp1) = DB_CKSUM16(mp);
8117 }
8118 freemsg(mp);
8119 return (mp1);
8120 }
8121
8122 static void
ip_dlpi_error(ill_t * ill,t_uscalar_t prim,t_uscalar_t dl_err,t_uscalar_t err)8123 ip_dlpi_error(ill_t *ill, t_uscalar_t prim, t_uscalar_t dl_err,
8124 t_uscalar_t err)
8125 {
8126 if (dl_err == DL_SYSERR) {
8127 (void) mi_strlog(ill->ill_rq, 1, SL_CONSOLE|SL_ERROR|SL_TRACE,
8128 "%s: %s failed: DL_SYSERR (errno %u)\n",
8129 ill->ill_name, dl_primstr(prim), err);
8130 return;
8131 }
8132
8133 (void) mi_strlog(ill->ill_rq, 1, SL_CONSOLE|SL_ERROR|SL_TRACE,
8134 "%s: %s failed: %s\n", ill->ill_name, dl_primstr(prim),
8135 dl_errstr(dl_err));
8136 }
8137
8138 /*
8139 * ip_rput_dlpi is called by ip_rput to handle all DLPI messages other
8140 * than DL_UNITDATA_IND messages. If we need to process this message
8141 * exclusively, we call qwriter_ip, in which case we also need to call
8142 * ill_refhold before that, since qwriter_ip does an ill_refrele.
8143 */
8144 void
ip_rput_dlpi(ill_t * ill,mblk_t * mp)8145 ip_rput_dlpi(ill_t *ill, mblk_t *mp)
8146 {
8147 dl_ok_ack_t *dloa = (dl_ok_ack_t *)mp->b_rptr;
8148 dl_error_ack_t *dlea = (dl_error_ack_t *)dloa;
8149 queue_t *q = ill->ill_rq;
8150 t_uscalar_t prim = dloa->dl_primitive;
8151 t_uscalar_t reqprim = DL_PRIM_INVAL;
8152
8153 DTRACE_PROBE3(ill__dlpi, char *, "ip_rput_dlpi",
8154 char *, dl_primstr(prim), ill_t *, ill);
8155 ip1dbg(("ip_rput_dlpi"));
8156
8157 /*
8158 * If we received an ACK but didn't send a request for it, then it
8159 * can't be part of any pending operation; discard up-front.
8160 */
8161 switch (prim) {
8162 case DL_ERROR_ACK:
8163 reqprim = dlea->dl_error_primitive;
8164 ip2dbg(("ip_rput_dlpi(%s): DL_ERROR_ACK for %s (0x%x): %s "
8165 "(0x%x), unix %u\n", ill->ill_name, dl_primstr(reqprim),
8166 reqprim, dl_errstr(dlea->dl_errno), dlea->dl_errno,
8167 dlea->dl_unix_errno));
8168 break;
8169 case DL_OK_ACK:
8170 reqprim = dloa->dl_correct_primitive;
8171 break;
8172 case DL_INFO_ACK:
8173 reqprim = DL_INFO_REQ;
8174 break;
8175 case DL_BIND_ACK:
8176 reqprim = DL_BIND_REQ;
8177 break;
8178 case DL_PHYS_ADDR_ACK:
8179 reqprim = DL_PHYS_ADDR_REQ;
8180 break;
8181 case DL_NOTIFY_ACK:
8182 reqprim = DL_NOTIFY_REQ;
8183 break;
8184 case DL_CAPABILITY_ACK:
8185 reqprim = DL_CAPABILITY_REQ;
8186 break;
8187 }
8188
8189 if (prim != DL_NOTIFY_IND) {
8190 if (reqprim == DL_PRIM_INVAL ||
8191 !ill_dlpi_pending(ill, reqprim)) {
8192 /* Not a DLPI message we support or expected */
8193 freemsg(mp);
8194 return;
8195 }
8196 ip1dbg(("ip_rput: received %s for %s\n", dl_primstr(prim),
8197 dl_primstr(reqprim)));
8198 }
8199
8200 switch (reqprim) {
8201 case DL_UNBIND_REQ:
8202 /*
8203 * NOTE: we mark the unbind as complete even if we got a
8204 * DL_ERROR_ACK, since there's not much else we can do.
8205 */
8206 mutex_enter(&ill->ill_lock);
8207 ill->ill_state_flags &= ~ILL_DL_UNBIND_IN_PROGRESS;
8208 cv_signal(&ill->ill_cv);
8209 mutex_exit(&ill->ill_lock);
8210 break;
8211
8212 case DL_ENABMULTI_REQ:
8213 if (prim == DL_OK_ACK) {
8214 if (ill->ill_dlpi_multicast_state == IDS_INPROGRESS)
8215 ill->ill_dlpi_multicast_state = IDS_OK;
8216 }
8217 break;
8218 }
8219
8220 /*
8221 * The message is one we're waiting for (or DL_NOTIFY_IND), but we
8222 * need to become writer to continue to process it. Because an
8223 * exclusive operation doesn't complete until replies to all queued
8224 * DLPI messages have been received, we know we're in the middle of an
8225 * exclusive operation and pass CUR_OP (except for DL_NOTIFY_IND).
8226 *
8227 * As required by qwriter_ip(), we refhold the ill; it will refrele.
8228 * Since this is on the ill stream we unconditionally bump up the
8229 * refcount without doing ILL_CAN_LOOKUP().
8230 */
8231 ill_refhold(ill);
8232 if (prim == DL_NOTIFY_IND)
8233 qwriter_ip(ill, q, mp, ip_rput_dlpi_writer, NEW_OP, B_FALSE);
8234 else
8235 qwriter_ip(ill, q, mp, ip_rput_dlpi_writer, CUR_OP, B_FALSE);
8236 }
8237
8238 /*
8239 * Handling of DLPI messages that require exclusive access to the ipsq.
8240 *
8241 * Need to do ipsq_pending_mp_get on ioctl completion, which could
8242 * happen here. (along with mi_copy_done)
8243 */
8244 /* ARGSUSED */
8245 static void
ip_rput_dlpi_writer(ipsq_t * ipsq,queue_t * q,mblk_t * mp,void * dummy_arg)8246 ip_rput_dlpi_writer(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *dummy_arg)
8247 {
8248 dl_ok_ack_t *dloa = (dl_ok_ack_t *)mp->b_rptr;
8249 dl_error_ack_t *dlea = (dl_error_ack_t *)dloa;
8250 int err = 0;
8251 ill_t *ill = (ill_t *)q->q_ptr;
8252 ipif_t *ipif = NULL;
8253 mblk_t *mp1 = NULL;
8254 conn_t *connp = NULL;
8255 t_uscalar_t paddrreq;
8256 mblk_t *mp_hw;
8257 boolean_t success;
8258 boolean_t ioctl_aborted = B_FALSE;
8259 boolean_t log = B_TRUE;
8260
8261 DTRACE_PROBE3(ill__dlpi, char *, "ip_rput_dlpi_writer",
8262 char *, dl_primstr(dloa->dl_primitive), ill_t *, ill);
8263
8264 ip1dbg(("ip_rput_dlpi_writer .."));
8265 ASSERT(ipsq->ipsq_xop == ill->ill_phyint->phyint_ipsq->ipsq_xop);
8266 ASSERT(IAM_WRITER_ILL(ill));
8267
8268 ipif = ipsq->ipsq_xop->ipx_pending_ipif;
8269 /*
8270 * The current ioctl could have been aborted by the user and a new
8271 * ioctl to bring up another ill could have started. We could still
8272 * get a response from the driver later.
8273 */
8274 if (ipif != NULL && ipif->ipif_ill != ill)
8275 ioctl_aborted = B_TRUE;
8276
8277 switch (dloa->dl_primitive) {
8278 case DL_ERROR_ACK:
8279 ip1dbg(("ip_rput_dlpi_writer: got DL_ERROR_ACK for %s\n",
8280 dl_primstr(dlea->dl_error_primitive)));
8281
8282 DTRACE_PROBE3(ill__dlpi, char *, "ip_rput_dlpi_writer error",
8283 char *, dl_primstr(dlea->dl_error_primitive),
8284 ill_t *, ill);
8285
8286 switch (dlea->dl_error_primitive) {
8287 case DL_DISABMULTI_REQ:
8288 ill_dlpi_done(ill, dlea->dl_error_primitive);
8289 break;
8290 case DL_PROMISCON_REQ:
8291 case DL_PROMISCOFF_REQ:
8292 case DL_UNBIND_REQ:
8293 case DL_ATTACH_REQ:
8294 case DL_INFO_REQ:
8295 ill_dlpi_done(ill, dlea->dl_error_primitive);
8296 break;
8297 case DL_NOTIFY_REQ:
8298 ill_dlpi_done(ill, DL_NOTIFY_REQ);
8299 log = B_FALSE;
8300 break;
8301 case DL_PHYS_ADDR_REQ:
8302 /*
8303 * For IPv6 only, there are two additional
8304 * phys_addr_req's sent to the driver to get the
8305 * IPv6 token and lla. This allows IP to acquire
8306 * the hardware address format for a given interface
8307 * without having built in knowledge of the hardware
8308 * address. ill_phys_addr_pend keeps track of the last
8309 * DL_PAR sent so we know which response we are
8310 * dealing with. ill_dlpi_done will update
8311 * ill_phys_addr_pend when it sends the next req.
8312 * We don't complete the IOCTL until all three DL_PARs
8313 * have been attempted, so set *_len to 0 and break.
8314 */
8315 paddrreq = ill->ill_phys_addr_pend;
8316 ill_dlpi_done(ill, DL_PHYS_ADDR_REQ);
8317 if (paddrreq == DL_IPV6_TOKEN) {
8318 ill->ill_token_length = 0;
8319 log = B_FALSE;
8320 break;
8321 } else if (paddrreq == DL_IPV6_LINK_LAYER_ADDR) {
8322 ill->ill_nd_lla_len = 0;
8323 log = B_FALSE;
8324 break;
8325 }
8326 /*
8327 * Something went wrong with the DL_PHYS_ADDR_REQ.
8328 * We presumably have an IOCTL hanging out waiting
8329 * for completion. Find it and complete the IOCTL
8330 * with the error noted.
8331 * However, ill_dl_phys was called on an ill queue
8332 * (from SIOCSLIFNAME), thus conn_pending_ill is not
8333 * set. But the ioctl is known to be pending on ill_wq.
8334 */
8335 if (!ill->ill_ifname_pending)
8336 break;
8337 ill->ill_ifname_pending = 0;
8338 if (!ioctl_aborted)
8339 mp1 = ipsq_pending_mp_get(ipsq, &connp);
8340 if (mp1 != NULL) {
8341 /*
8342 * This operation (SIOCSLIFNAME) must have
8343 * happened on the ill. Assert there is no conn
8344 */
8345 ASSERT(connp == NULL);
8346 q = ill->ill_wq;
8347 }
8348 break;
8349 case DL_BIND_REQ:
8350 ill_dlpi_done(ill, DL_BIND_REQ);
8351 if (ill->ill_ifname_pending)
8352 break;
8353 mutex_enter(&ill->ill_lock);
8354 ill->ill_state_flags &= ~ILL_DOWN_IN_PROGRESS;
8355 mutex_exit(&ill->ill_lock);
8356 /*
8357 * Something went wrong with the bind. We presumably
8358 * have an IOCTL hanging out waiting for completion.
8359 * Find it, take down the interface that was coming
8360 * up, and complete the IOCTL with the error noted.
8361 */
8362 if (!ioctl_aborted)
8363 mp1 = ipsq_pending_mp_get(ipsq, &connp);
8364 if (mp1 != NULL) {
8365 /*
8366 * This might be a result of a DL_NOTE_REPLUMB
8367 * notification. In that case, connp is NULL.
8368 */
8369 if (connp != NULL)
8370 q = CONNP_TO_WQ(connp);
8371
8372 (void) ipif_down(ipif, NULL, NULL);
8373 /* error is set below the switch */
8374 }
8375 break;
8376 case DL_ENABMULTI_REQ:
8377 ill_dlpi_done(ill, DL_ENABMULTI_REQ);
8378
8379 if (ill->ill_dlpi_multicast_state == IDS_INPROGRESS)
8380 ill->ill_dlpi_multicast_state = IDS_FAILED;
8381 if (ill->ill_dlpi_multicast_state == IDS_FAILED) {
8382
8383 printf("ip: joining multicasts failed (%d)"
8384 " on %s - will use link layer "
8385 "broadcasts for multicast\n",
8386 dlea->dl_errno, ill->ill_name);
8387
8388 /*
8389 * Set up for multi_bcast; We are the
8390 * writer, so ok to access ill->ill_ipif
8391 * without any lock.
8392 */
8393 mutex_enter(&ill->ill_phyint->phyint_lock);
8394 ill->ill_phyint->phyint_flags |=
8395 PHYI_MULTI_BCAST;
8396 mutex_exit(&ill->ill_phyint->phyint_lock);
8397
8398 }
8399 freemsg(mp); /* Don't want to pass this up */
8400 return;
8401 case DL_CAPABILITY_REQ:
8402 ip1dbg(("ip_rput_dlpi_writer: got DL_ERROR_ACK for "
8403 "DL_CAPABILITY REQ\n"));
8404 if (ill->ill_dlpi_capab_state == IDCS_PROBE_SENT)
8405 ill->ill_dlpi_capab_state = IDCS_FAILED;
8406 ill_capability_done(ill);
8407 freemsg(mp);
8408 return;
8409 }
8410 /*
8411 * Note the error for IOCTL completion (mp1 is set when
8412 * ready to complete ioctl). If ill_ifname_pending_err is
8413 * set, an error occured during plumbing (ill_ifname_pending),
8414 * so we want to report that error.
8415 *
8416 * NOTE: there are two addtional DL_PHYS_ADDR_REQ's
8417 * (DL_IPV6_TOKEN and DL_IPV6_LINK_LAYER_ADDR) that are
8418 * expected to get errack'd if the driver doesn't support
8419 * these flags (e.g. ethernet). log will be set to B_FALSE
8420 * if these error conditions are encountered.
8421 */
8422 if (mp1 != NULL) {
8423 if (ill->ill_ifname_pending_err != 0) {
8424 err = ill->ill_ifname_pending_err;
8425 ill->ill_ifname_pending_err = 0;
8426 } else {
8427 err = dlea->dl_unix_errno ?
8428 dlea->dl_unix_errno : ENXIO;
8429 }
8430 /*
8431 * If we're plumbing an interface and an error hasn't already
8432 * been saved, set ill_ifname_pending_err to the error passed
8433 * up. Ignore the error if log is B_FALSE (see comment above).
8434 */
8435 } else if (log && ill->ill_ifname_pending &&
8436 ill->ill_ifname_pending_err == 0) {
8437 ill->ill_ifname_pending_err = dlea->dl_unix_errno ?
8438 dlea->dl_unix_errno : ENXIO;
8439 }
8440
8441 if (log)
8442 ip_dlpi_error(ill, dlea->dl_error_primitive,
8443 dlea->dl_errno, dlea->dl_unix_errno);
8444 break;
8445 case DL_CAPABILITY_ACK:
8446 ill_capability_ack(ill, mp);
8447 /*
8448 * The message has been handed off to ill_capability_ack
8449 * and must not be freed below
8450 */
8451 mp = NULL;
8452 break;
8453
8454 case DL_INFO_ACK:
8455 /* Call a routine to handle this one. */
8456 ill_dlpi_done(ill, DL_INFO_REQ);
8457 ip_ll_subnet_defaults(ill, mp);
8458 ASSERT(!MUTEX_HELD(&ill->ill_phyint->phyint_ipsq->ipsq_lock));
8459 return;
8460 case DL_BIND_ACK:
8461 /*
8462 * We should have an IOCTL waiting on this unless
8463 * sent by ill_dl_phys, in which case just return
8464 */
8465 ill_dlpi_done(ill, DL_BIND_REQ);
8466
8467 if (ill->ill_ifname_pending) {
8468 DTRACE_PROBE2(ip__rput__dlpi__ifname__pending,
8469 ill_t *, ill, mblk_t *, mp);
8470 break;
8471 }
8472 mutex_enter(&ill->ill_lock);
8473 ill->ill_dl_up = 1;
8474 ill->ill_state_flags &= ~ILL_DOWN_IN_PROGRESS;
8475 mutex_exit(&ill->ill_lock);
8476
8477 if (!ioctl_aborted)
8478 mp1 = ipsq_pending_mp_get(ipsq, &connp);
8479 if (mp1 == NULL) {
8480 DTRACE_PROBE1(ip__rput__dlpi__no__mblk, ill_t *, ill);
8481 break;
8482 }
8483 /*
8484 * mp1 was added by ill_dl_up(). if that is a result of
8485 * a DL_NOTE_REPLUMB notification, connp could be NULL.
8486 */
8487 if (connp != NULL)
8488 q = CONNP_TO_WQ(connp);
8489 /*
8490 * We are exclusive. So nothing can change even after
8491 * we get the pending mp.
8492 */
8493 ip1dbg(("ip_rput_dlpi: bind_ack %s\n", ill->ill_name));
8494 DTRACE_PROBE1(ip__rput__dlpi__bind__ack, ill_t *, ill);
8495 ill_nic_event_dispatch(ill, 0, NE_UP, NULL, 0);
8496
8497 /*
8498 * Now bring up the resolver; when that is complete, we'll
8499 * create IREs. Note that we intentionally mirror what
8500 * ipif_up() would have done, because we got here by way of
8501 * ill_dl_up(), which stopped ipif_up()'s processing.
8502 */
8503 if (ill->ill_isv6) {
8504 /*
8505 * v6 interfaces.
8506 * Unlike ARP which has to do another bind
8507 * and attach, once we get here we are
8508 * done with NDP
8509 */
8510 (void) ipif_resolver_up(ipif, Res_act_initial);
8511 if ((err = ipif_ndp_up(ipif, B_TRUE)) == 0)
8512 err = ipif_up_done_v6(ipif);
8513 } else if (ill->ill_net_type == IRE_IF_RESOLVER) {
8514 /*
8515 * ARP and other v4 external resolvers.
8516 * Leave the pending mblk intact so that
8517 * the ioctl completes in ip_rput().
8518 */
8519 if (connp != NULL)
8520 mutex_enter(&connp->conn_lock);
8521 mutex_enter(&ill->ill_lock);
8522 success = ipsq_pending_mp_add(connp, ipif, q, mp1, 0);
8523 mutex_exit(&ill->ill_lock);
8524 if (connp != NULL)
8525 mutex_exit(&connp->conn_lock);
8526 if (success) {
8527 err = ipif_resolver_up(ipif, Res_act_initial);
8528 if (err == EINPROGRESS) {
8529 freemsg(mp);
8530 return;
8531 }
8532 mp1 = ipsq_pending_mp_get(ipsq, &connp);
8533 } else {
8534 /* The conn has started closing */
8535 err = EINTR;
8536 }
8537 } else {
8538 /*
8539 * This one is complete. Reply to pending ioctl.
8540 */
8541 (void) ipif_resolver_up(ipif, Res_act_initial);
8542 err = ipif_up_done(ipif);
8543 }
8544
8545 if ((err == 0) && (ill->ill_up_ipifs)) {
8546 err = ill_up_ipifs(ill, q, mp1);
8547 if (err == EINPROGRESS) {
8548 freemsg(mp);
8549 return;
8550 }
8551 }
8552
8553 /*
8554 * If we have a moved ipif to bring up, and everything has
8555 * succeeded to this point, bring it up on the IPMP ill.
8556 * Otherwise, leave it down -- the admin can try to bring it
8557 * up by hand if need be.
8558 */
8559 if (ill->ill_move_ipif != NULL) {
8560 if (err != 0) {
8561 ill->ill_move_ipif = NULL;
8562 } else {
8563 ipif = ill->ill_move_ipif;
8564 ill->ill_move_ipif = NULL;
8565 err = ipif_up(ipif, q, mp1);
8566 if (err == EINPROGRESS) {
8567 freemsg(mp);
8568 return;
8569 }
8570 }
8571 }
8572 break;
8573
8574 case DL_NOTIFY_IND: {
8575 dl_notify_ind_t *notify = (dl_notify_ind_t *)mp->b_rptr;
8576 uint_t orig_mtu, orig_mc_mtu;
8577
8578 switch (notify->dl_notification) {
8579 case DL_NOTE_PHYS_ADDR:
8580 err = ill_set_phys_addr(ill, mp);
8581 break;
8582
8583 case DL_NOTE_REPLUMB:
8584 /*
8585 * Directly return after calling ill_replumb().
8586 * Note that we should not free mp as it is reused
8587 * in the ill_replumb() function.
8588 */
8589 err = ill_replumb(ill, mp);
8590 return;
8591
8592 case DL_NOTE_FASTPATH_FLUSH:
8593 nce_flush(ill, B_FALSE);
8594 break;
8595
8596 case DL_NOTE_SDU_SIZE:
8597 case DL_NOTE_SDU_SIZE2:
8598 /*
8599 * The dce and fragmentation code can cope with
8600 * this changing while packets are being sent.
8601 * When packets are sent ip_output will discover
8602 * a change.
8603 *
8604 * Change the MTU size of the interface.
8605 */
8606 mutex_enter(&ill->ill_lock);
8607 orig_mtu = ill->ill_mtu;
8608 orig_mc_mtu = ill->ill_mc_mtu;
8609 switch (notify->dl_notification) {
8610 case DL_NOTE_SDU_SIZE:
8611 ill->ill_current_frag =
8612 (uint_t)notify->dl_data;
8613 ill->ill_mc_mtu = (uint_t)notify->dl_data;
8614 break;
8615 case DL_NOTE_SDU_SIZE2:
8616 ill->ill_current_frag =
8617 (uint_t)notify->dl_data1;
8618 ill->ill_mc_mtu = (uint_t)notify->dl_data2;
8619 break;
8620 }
8621 if (ill->ill_current_frag > ill->ill_max_frag)
8622 ill->ill_max_frag = ill->ill_current_frag;
8623
8624 if (!(ill->ill_flags & ILLF_FIXEDMTU)) {
8625 ill->ill_mtu = ill->ill_current_frag;
8626
8627 /*
8628 * If ill_user_mtu was set (via
8629 * SIOCSLIFLNKINFO), clamp ill_mtu at it.
8630 */
8631 if (ill->ill_user_mtu != 0 &&
8632 ill->ill_user_mtu < ill->ill_mtu)
8633 ill->ill_mtu = ill->ill_user_mtu;
8634
8635 if (ill->ill_user_mtu != 0 &&
8636 ill->ill_user_mtu < ill->ill_mc_mtu)
8637 ill->ill_mc_mtu = ill->ill_user_mtu;
8638
8639 if (ill->ill_isv6) {
8640 if (ill->ill_mtu < IPV6_MIN_MTU)
8641 ill->ill_mtu = IPV6_MIN_MTU;
8642 if (ill->ill_mc_mtu < IPV6_MIN_MTU)
8643 ill->ill_mc_mtu = IPV6_MIN_MTU;
8644 } else {
8645 if (ill->ill_mtu < IP_MIN_MTU)
8646 ill->ill_mtu = IP_MIN_MTU;
8647 if (ill->ill_mc_mtu < IP_MIN_MTU)
8648 ill->ill_mc_mtu = IP_MIN_MTU;
8649 }
8650 } else if (ill->ill_mc_mtu > ill->ill_mtu) {
8651 ill->ill_mc_mtu = ill->ill_mtu;
8652 }
8653
8654 mutex_exit(&ill->ill_lock);
8655 /*
8656 * Make sure all dce_generation checks find out
8657 * that ill_mtu/ill_mc_mtu has changed.
8658 */
8659 if (orig_mtu != ill->ill_mtu ||
8660 orig_mc_mtu != ill->ill_mc_mtu) {
8661 dce_increment_all_generations(ill->ill_isv6,
8662 ill->ill_ipst);
8663 }
8664
8665 /*
8666 * Refresh IPMP meta-interface MTU if necessary.
8667 */
8668 if (IS_UNDER_IPMP(ill))
8669 ipmp_illgrp_refresh_mtu(ill->ill_grp);
8670 break;
8671
8672 case DL_NOTE_LINK_UP:
8673 case DL_NOTE_LINK_DOWN: {
8674 /*
8675 * We are writer. ill / phyint / ipsq assocs stable.
8676 * The RUNNING flag reflects the state of the link.
8677 */
8678 phyint_t *phyint = ill->ill_phyint;
8679 uint64_t new_phyint_flags;
8680 boolean_t changed = B_FALSE;
8681 boolean_t went_up;
8682
8683 went_up = notify->dl_notification == DL_NOTE_LINK_UP;
8684 mutex_enter(&phyint->phyint_lock);
8685
8686 new_phyint_flags = went_up ?
8687 phyint->phyint_flags | PHYI_RUNNING :
8688 phyint->phyint_flags & ~PHYI_RUNNING;
8689
8690 if (IS_IPMP(ill)) {
8691 new_phyint_flags = went_up ?
8692 new_phyint_flags & ~PHYI_FAILED :
8693 new_phyint_flags | PHYI_FAILED;
8694 }
8695
8696 if (new_phyint_flags != phyint->phyint_flags) {
8697 phyint->phyint_flags = new_phyint_flags;
8698 changed = B_TRUE;
8699 }
8700 mutex_exit(&phyint->phyint_lock);
8701 /*
8702 * ill_restart_dad handles the DAD restart and routing
8703 * socket notification logic.
8704 */
8705 if (changed) {
8706 ill_restart_dad(phyint->phyint_illv4, went_up);
8707 ill_restart_dad(phyint->phyint_illv6, went_up);
8708 }
8709 break;
8710 }
8711 case DL_NOTE_PROMISC_ON_PHYS: {
8712 phyint_t *phyint = ill->ill_phyint;
8713
8714 mutex_enter(&phyint->phyint_lock);
8715 phyint->phyint_flags |= PHYI_PROMISC;
8716 mutex_exit(&phyint->phyint_lock);
8717 break;
8718 }
8719 case DL_NOTE_PROMISC_OFF_PHYS: {
8720 phyint_t *phyint = ill->ill_phyint;
8721
8722 mutex_enter(&phyint->phyint_lock);
8723 phyint->phyint_flags &= ~PHYI_PROMISC;
8724 mutex_exit(&phyint->phyint_lock);
8725 break;
8726 }
8727 case DL_NOTE_CAPAB_RENEG:
8728 /*
8729 * Something changed on the driver side.
8730 * It wants us to renegotiate the capabilities
8731 * on this ill. One possible cause is the aggregation
8732 * interface under us where a port got added or
8733 * went away.
8734 *
8735 * If the capability negotiation is already done
8736 * or is in progress, reset the capabilities and
8737 * mark the ill's ill_capab_reneg to be B_TRUE,
8738 * so that when the ack comes back, we can start
8739 * the renegotiation process.
8740 *
8741 * Note that if ill_capab_reneg is already B_TRUE
8742 * (ill_dlpi_capab_state is IDS_UNKNOWN in this case),
8743 * the capability resetting request has been sent
8744 * and the renegotiation has not been started yet;
8745 * nothing needs to be done in this case.
8746 */
8747 ipsq_current_start(ipsq, ill->ill_ipif, 0);
8748 ill_capability_reset(ill, B_TRUE);
8749 ipsq_current_finish(ipsq);
8750 break;
8751
8752 case DL_NOTE_ALLOWED_IPS:
8753 ill_set_allowed_ips(ill, mp);
8754 break;
8755 default:
8756 ip0dbg(("ip_rput_dlpi_writer: unknown notification "
8757 "type 0x%x for DL_NOTIFY_IND\n",
8758 notify->dl_notification));
8759 break;
8760 }
8761
8762 /*
8763 * As this is an asynchronous operation, we
8764 * should not call ill_dlpi_done
8765 */
8766 break;
8767 }
8768 case DL_NOTIFY_ACK: {
8769 dl_notify_ack_t *noteack = (dl_notify_ack_t *)mp->b_rptr;
8770
8771 if (noteack->dl_notifications & DL_NOTE_LINK_UP)
8772 ill->ill_note_link = 1;
8773 ill_dlpi_done(ill, DL_NOTIFY_REQ);
8774 break;
8775 }
8776 case DL_PHYS_ADDR_ACK: {
8777 /*
8778 * As part of plumbing the interface via SIOCSLIFNAME,
8779 * ill_dl_phys() will queue a series of DL_PHYS_ADDR_REQs,
8780 * whose answers we receive here. As each answer is received,
8781 * we call ill_dlpi_done() to dispatch the next request as
8782 * we're processing the current one. Once all answers have
8783 * been received, we use ipsq_pending_mp_get() to dequeue the
8784 * outstanding IOCTL and reply to it. (Because ill_dl_phys()
8785 * is invoked from an ill queue, conn_oper_pending_ill is not
8786 * available, but we know the ioctl is pending on ill_wq.)
8787 */
8788 uint_t paddrlen, paddroff;
8789 uint8_t *addr;
8790
8791 paddrreq = ill->ill_phys_addr_pend;
8792 paddrlen = ((dl_phys_addr_ack_t *)mp->b_rptr)->dl_addr_length;
8793 paddroff = ((dl_phys_addr_ack_t *)mp->b_rptr)->dl_addr_offset;
8794 addr = mp->b_rptr + paddroff;
8795
8796 ill_dlpi_done(ill, DL_PHYS_ADDR_REQ);
8797 if (paddrreq == DL_IPV6_TOKEN) {
8798 /*
8799 * bcopy to low-order bits of ill_token
8800 *
8801 * XXX Temporary hack - currently, all known tokens
8802 * are 64 bits, so I'll cheat for the moment.
8803 */
8804 bcopy(addr, &ill->ill_token.s6_addr32[2], paddrlen);
8805 ill->ill_token_length = paddrlen;
8806 break;
8807 } else if (paddrreq == DL_IPV6_LINK_LAYER_ADDR) {
8808 ASSERT(ill->ill_nd_lla_mp == NULL);
8809 ill_set_ndmp(ill, mp, paddroff, paddrlen);
8810 mp = NULL;
8811 break;
8812 } else if (paddrreq == DL_CURR_DEST_ADDR) {
8813 ASSERT(ill->ill_dest_addr_mp == NULL);
8814 ill->ill_dest_addr_mp = mp;
8815 ill->ill_dest_addr = addr;
8816 mp = NULL;
8817 if (ill->ill_isv6) {
8818 ill_setdesttoken(ill);
8819 ipif_setdestlinklocal(ill->ill_ipif);
8820 }
8821 break;
8822 }
8823
8824 ASSERT(paddrreq == DL_CURR_PHYS_ADDR);
8825 ASSERT(ill->ill_phys_addr_mp == NULL);
8826 if (!ill->ill_ifname_pending)
8827 break;
8828 ill->ill_ifname_pending = 0;
8829 if (!ioctl_aborted)
8830 mp1 = ipsq_pending_mp_get(ipsq, &connp);
8831 if (mp1 != NULL) {
8832 ASSERT(connp == NULL);
8833 q = ill->ill_wq;
8834 }
8835 /*
8836 * If any error acks received during the plumbing sequence,
8837 * ill_ifname_pending_err will be set. Break out and send up
8838 * the error to the pending ioctl.
8839 */
8840 if (ill->ill_ifname_pending_err != 0) {
8841 err = ill->ill_ifname_pending_err;
8842 ill->ill_ifname_pending_err = 0;
8843 break;
8844 }
8845
8846 ill->ill_phys_addr_mp = mp;
8847 ill->ill_phys_addr = (paddrlen == 0 ? NULL : addr);
8848 mp = NULL;
8849
8850 /*
8851 * If paddrlen or ill_phys_addr_length is zero, the DLPI
8852 * provider doesn't support physical addresses. We check both
8853 * paddrlen and ill_phys_addr_length because sppp (PPP) does
8854 * not have physical addresses, but historically adversises a
8855 * physical address length of 0 in its DL_INFO_ACK, but 6 in
8856 * its DL_PHYS_ADDR_ACK.
8857 */
8858 if (paddrlen == 0 || ill->ill_phys_addr_length == 0) {
8859 ill->ill_phys_addr = NULL;
8860 } else if (paddrlen != ill->ill_phys_addr_length) {
8861 ip0dbg(("DL_PHYS_ADDR_ACK: got addrlen %d, expected %d",
8862 paddrlen, ill->ill_phys_addr_length));
8863 err = EINVAL;
8864 break;
8865 }
8866
8867 if (ill->ill_nd_lla_mp == NULL) {
8868 if ((mp_hw = copyb(ill->ill_phys_addr_mp)) == NULL) {
8869 err = ENOMEM;
8870 break;
8871 }
8872 ill_set_ndmp(ill, mp_hw, paddroff, paddrlen);
8873 }
8874
8875 if (ill->ill_isv6) {
8876 ill_setdefaulttoken(ill);
8877 ipif_setlinklocal(ill->ill_ipif);
8878 }
8879 break;
8880 }
8881 case DL_OK_ACK:
8882 ip2dbg(("DL_OK_ACK %s (0x%x)\n",
8883 dl_primstr((int)dloa->dl_correct_primitive),
8884 dloa->dl_correct_primitive));
8885 DTRACE_PROBE3(ill__dlpi, char *, "ip_rput_dlpi_writer ok",
8886 char *, dl_primstr(dloa->dl_correct_primitive),
8887 ill_t *, ill);
8888
8889 switch (dloa->dl_correct_primitive) {
8890 case DL_ENABMULTI_REQ:
8891 case DL_DISABMULTI_REQ:
8892 ill_dlpi_done(ill, dloa->dl_correct_primitive);
8893 break;
8894 case DL_PROMISCON_REQ:
8895 case DL_PROMISCOFF_REQ:
8896 case DL_UNBIND_REQ:
8897 case DL_ATTACH_REQ:
8898 ill_dlpi_done(ill, dloa->dl_correct_primitive);
8899 break;
8900 }
8901 break;
8902 default:
8903 break;
8904 }
8905
8906 freemsg(mp);
8907 if (mp1 == NULL)
8908 return;
8909
8910 /*
8911 * The operation must complete without EINPROGRESS since
8912 * ipsq_pending_mp_get() has removed the mblk (mp1). Otherwise,
8913 * the operation will be stuck forever inside the IPSQ.
8914 */
8915 ASSERT(err != EINPROGRESS);
8916
8917 DTRACE_PROBE4(ipif__ioctl, char *, "ip_rput_dlpi_writer finish",
8918 int, ipsq->ipsq_xop->ipx_current_ioctl, ill_t *, ill,
8919 ipif_t *, NULL);
8920
8921 switch (ipsq->ipsq_xop->ipx_current_ioctl) {
8922 case 0:
8923 ipsq_current_finish(ipsq);
8924 break;
8925
8926 case SIOCSLIFNAME:
8927 case IF_UNITSEL: {
8928 ill_t *ill_other = ILL_OTHER(ill);
8929
8930 /*
8931 * If SIOCSLIFNAME or IF_UNITSEL is about to succeed, and the
8932 * ill has a peer which is in an IPMP group, then place ill
8933 * into the same group. One catch: although ifconfig plumbs
8934 * the appropriate IPMP meta-interface prior to plumbing this
8935 * ill, it is possible for multiple ifconfig applications to
8936 * race (or for another application to adjust plumbing), in
8937 * which case the IPMP meta-interface we need will be missing.
8938 * If so, kick the phyint out of the group.
8939 */
8940 if (err == 0 && ill_other != NULL && IS_UNDER_IPMP(ill_other)) {
8941 ipmp_grp_t *grp = ill->ill_phyint->phyint_grp;
8942 ipmp_illgrp_t *illg;
8943
8944 illg = ill->ill_isv6 ? grp->gr_v6 : grp->gr_v4;
8945 if (illg == NULL)
8946 ipmp_phyint_leave_grp(ill->ill_phyint);
8947 else
8948 ipmp_ill_join_illgrp(ill, illg);
8949 }
8950
8951 if (ipsq->ipsq_xop->ipx_current_ioctl == IF_UNITSEL)
8952 ip_ioctl_finish(q, mp1, err, NO_COPYOUT, ipsq);
8953 else
8954 ip_ioctl_finish(q, mp1, err, COPYOUT, ipsq);
8955 break;
8956 }
8957 case SIOCLIFADDIF:
8958 ip_ioctl_finish(q, mp1, err, COPYOUT, ipsq);
8959 break;
8960
8961 default:
8962 ip_ioctl_finish(q, mp1, err, NO_COPYOUT, ipsq);
8963 break;
8964 }
8965 }
8966
8967 /*
8968 * ip_rput_other is called by ip_rput to handle messages modifying the global
8969 * state in IP. If 'ipsq' is non-NULL, caller is writer on it.
8970 */
8971 /* ARGSUSED */
8972 void
ip_rput_other(ipsq_t * ipsq,queue_t * q,mblk_t * mp,void * dummy_arg)8973 ip_rput_other(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *dummy_arg)
8974 {
8975 ill_t *ill = q->q_ptr;
8976 struct iocblk *iocp;
8977
8978 ip1dbg(("ip_rput_other "));
8979 if (ipsq != NULL) {
8980 ASSERT(IAM_WRITER_IPSQ(ipsq));
8981 ASSERT(ipsq->ipsq_xop ==
8982 ill->ill_phyint->phyint_ipsq->ipsq_xop);
8983 }
8984
8985 switch (mp->b_datap->db_type) {
8986 case M_ERROR:
8987 case M_HANGUP:
8988 /*
8989 * The device has a problem. We force the ILL down. It can
8990 * be brought up again manually using SIOCSIFFLAGS (via
8991 * ifconfig or equivalent).
8992 */
8993 ASSERT(ipsq != NULL);
8994 if (mp->b_rptr < mp->b_wptr)
8995 ill->ill_error = (int)(*mp->b_rptr & 0xFF);
8996 if (ill->ill_error == 0)
8997 ill->ill_error = ENXIO;
8998 if (!ill_down_start(q, mp))
8999 return;
9000 ipif_all_down_tail(ipsq, q, mp, NULL);
9001 break;
9002 case M_IOCNAK: {
9003 iocp = (struct iocblk *)mp->b_rptr;
9004
9005 ASSERT(iocp->ioc_cmd == DL_IOC_HDR_INFO);
9006 /*
9007 * If this was the first attempt, turn off the fastpath
9008 * probing.
9009 */
9010 mutex_enter(&ill->ill_lock);
9011 if (ill->ill_dlpi_fastpath_state == IDS_INPROGRESS) {
9012 ill->ill_dlpi_fastpath_state = IDS_FAILED;
9013 mutex_exit(&ill->ill_lock);
9014 /*
9015 * don't flush the nce_t entries: we use them
9016 * as an index to the ncec itself.
9017 */
9018 ip1dbg(("ip_rput: DLPI fastpath off on interface %s\n",
9019 ill->ill_name));
9020 } else {
9021 mutex_exit(&ill->ill_lock);
9022 }
9023 freemsg(mp);
9024 break;
9025 }
9026 default:
9027 ASSERT(0);
9028 break;
9029 }
9030 }
9031
9032 /*
9033 * Update any source route, record route or timestamp options
9034 * When it fails it has consumed the message and BUMPed the MIB.
9035 */
9036 boolean_t
ip_forward_options(mblk_t * mp,ipha_t * ipha,ill_t * dst_ill,ip_recv_attr_t * ira)9037 ip_forward_options(mblk_t *mp, ipha_t *ipha, ill_t *dst_ill,
9038 ip_recv_attr_t *ira)
9039 {
9040 ipoptp_t opts;
9041 uchar_t *opt;
9042 uint8_t optval;
9043 uint8_t optlen;
9044 ipaddr_t dst;
9045 ipaddr_t ifaddr;
9046 uint32_t ts;
9047 timestruc_t now;
9048 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
9049
9050 ip2dbg(("ip_forward_options\n"));
9051 dst = ipha->ipha_dst;
9052 opt = NULL;
9053
9054 for (optval = ipoptp_first(&opts, ipha);
9055 optval != IPOPT_EOL;
9056 optval = ipoptp_next(&opts)) {
9057 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0);
9058 opt = opts.ipoptp_cur;
9059 optlen = opts.ipoptp_len;
9060 ip2dbg(("ip_forward_options: opt %d, len %d\n",
9061 optval, opts.ipoptp_len));
9062 switch (optval) {
9063 uint32_t off;
9064 case IPOPT_SSRR:
9065 case IPOPT_LSRR:
9066 /* Check if adminstratively disabled */
9067 if (!ipst->ips_ip_forward_src_routed) {
9068 BUMP_MIB(dst_ill->ill_ip_mib,
9069 ipIfStatsForwProhibits);
9070 ip_drop_input("ICMP_SOURCE_ROUTE_FAILED",
9071 mp, dst_ill);
9072 icmp_unreachable(mp, ICMP_SOURCE_ROUTE_FAILED,
9073 ira);
9074 return (B_FALSE);
9075 }
9076 if (ip_type_v4(dst, ipst) != IRE_LOCAL) {
9077 /*
9078 * Must be partial since ip_input_options
9079 * checked for strict.
9080 */
9081 break;
9082 }
9083 off = opt[IPOPT_OFFSET];
9084 off--;
9085 redo_srr:
9086 if (optlen < IP_ADDR_LEN ||
9087 off > optlen - IP_ADDR_LEN) {
9088 /* End of source route */
9089 ip1dbg((
9090 "ip_forward_options: end of SR\n"));
9091 break;
9092 }
9093 /* Pick a reasonable address on the outbound if */
9094 ASSERT(dst_ill != NULL);
9095 if (ip_select_source_v4(dst_ill, INADDR_ANY, dst,
9096 INADDR_ANY, ALL_ZONES, ipst, &ifaddr, NULL,
9097 NULL) != 0) {
9098 /* No source! Shouldn't happen */
9099 ifaddr = INADDR_ANY;
9100 }
9101 bcopy((char *)opt + off, &dst, IP_ADDR_LEN);
9102 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN);
9103 ip1dbg(("ip_forward_options: next hop 0x%x\n",
9104 ntohl(dst)));
9105
9106 /*
9107 * Check if our address is present more than
9108 * once as consecutive hops in source route.
9109 */
9110 if (ip_type_v4(dst, ipst) == IRE_LOCAL) {
9111 off += IP_ADDR_LEN;
9112 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
9113 goto redo_srr;
9114 }
9115 ipha->ipha_dst = dst;
9116 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
9117 break;
9118 case IPOPT_RR:
9119 off = opt[IPOPT_OFFSET];
9120 off--;
9121 if (optlen < IP_ADDR_LEN ||
9122 off > optlen - IP_ADDR_LEN) {
9123 /* No more room - ignore */
9124 ip1dbg((
9125 "ip_forward_options: end of RR\n"));
9126 break;
9127 }
9128 /* Pick a reasonable address on the outbound if */
9129 ASSERT(dst_ill != NULL);
9130 if (ip_select_source_v4(dst_ill, INADDR_ANY, dst,
9131 INADDR_ANY, ALL_ZONES, ipst, &ifaddr, NULL,
9132 NULL) != 0) {
9133 /* No source! Shouldn't happen */
9134 ifaddr = INADDR_ANY;
9135 }
9136 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN);
9137 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
9138 break;
9139 case IPOPT_TS:
9140 off = 0;
9141 /* Insert timestamp if there is room */
9142 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
9143 case IPOPT_TS_TSONLY:
9144 off = IPOPT_TS_TIMELEN;
9145 break;
9146 case IPOPT_TS_PRESPEC:
9147 case IPOPT_TS_PRESPEC_RFC791:
9148 /* Verify that the address matched */
9149 off = opt[IPOPT_OFFSET] - 1;
9150 bcopy((char *)opt + off, &dst, IP_ADDR_LEN);
9151 if (ip_type_v4(dst, ipst) != IRE_LOCAL) {
9152 /* Not for us */
9153 break;
9154 }
9155 /* FALLTHROUGH */
9156 case IPOPT_TS_TSANDADDR:
9157 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN;
9158 break;
9159 default:
9160 /*
9161 * ip_*put_options should have already
9162 * dropped this packet.
9163 */
9164 cmn_err(CE_PANIC, "ip_forward_options: "
9165 "unknown IT - bug in ip_input_options?\n");
9166 }
9167 if (opt[IPOPT_OFFSET] - 1 + off > optlen) {
9168 /* Increase overflow counter */
9169 off = (opt[IPOPT_POS_OV_FLG] >> 4) + 1;
9170 opt[IPOPT_POS_OV_FLG] =
9171 (uint8_t)((opt[IPOPT_POS_OV_FLG] & 0x0F) |
9172 (off << 4));
9173 break;
9174 }
9175 off = opt[IPOPT_OFFSET] - 1;
9176 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
9177 case IPOPT_TS_PRESPEC:
9178 case IPOPT_TS_PRESPEC_RFC791:
9179 case IPOPT_TS_TSANDADDR:
9180 /* Pick a reasonable addr on the outbound if */
9181 ASSERT(dst_ill != NULL);
9182 if (ip_select_source_v4(dst_ill, INADDR_ANY,
9183 dst, INADDR_ANY, ALL_ZONES, ipst, &ifaddr,
9184 NULL, NULL) != 0) {
9185 /* No source! Shouldn't happen */
9186 ifaddr = INADDR_ANY;
9187 }
9188 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN);
9189 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
9190 /* FALLTHROUGH */
9191 case IPOPT_TS_TSONLY:
9192 off = opt[IPOPT_OFFSET] - 1;
9193 /* Compute # of milliseconds since midnight */
9194 gethrestime(&now);
9195 ts = (now.tv_sec % (24 * 60 * 60)) * 1000 +
9196 NSEC2MSEC(now.tv_nsec);
9197 bcopy(&ts, (char *)opt + off, IPOPT_TS_TIMELEN);
9198 opt[IPOPT_OFFSET] += IPOPT_TS_TIMELEN;
9199 break;
9200 }
9201 break;
9202 }
9203 }
9204 return (B_TRUE);
9205 }
9206
9207 /*
9208 * Call ill_frag_timeout to do garbage collection. ill_frag_timeout
9209 * returns 'true' if there are still fragments left on the queue, in
9210 * which case we restart the timer.
9211 */
9212 void
ill_frag_timer(void * arg)9213 ill_frag_timer(void *arg)
9214 {
9215 ill_t *ill = (ill_t *)arg;
9216 boolean_t frag_pending;
9217 ip_stack_t *ipst = ill->ill_ipst;
9218 time_t timeout;
9219
9220 mutex_enter(&ill->ill_lock);
9221 ASSERT(!ill->ill_fragtimer_executing);
9222 if (ill->ill_state_flags & ILL_CONDEMNED) {
9223 ill->ill_frag_timer_id = 0;
9224 mutex_exit(&ill->ill_lock);
9225 return;
9226 }
9227 ill->ill_fragtimer_executing = 1;
9228 mutex_exit(&ill->ill_lock);
9229
9230 timeout = (ill->ill_isv6 ? ipst->ips_ipv6_reassembly_timeout :
9231 ipst->ips_ip_reassembly_timeout);
9232
9233 frag_pending = ill_frag_timeout(ill, timeout);
9234
9235 /*
9236 * Restart the timer, if we have fragments pending or if someone
9237 * wanted us to be scheduled again.
9238 */
9239 mutex_enter(&ill->ill_lock);
9240 ill->ill_fragtimer_executing = 0;
9241 ill->ill_frag_timer_id = 0;
9242 if (frag_pending || ill->ill_fragtimer_needrestart)
9243 ill_frag_timer_start(ill);
9244 mutex_exit(&ill->ill_lock);
9245 }
9246
9247 void
ill_frag_timer_start(ill_t * ill)9248 ill_frag_timer_start(ill_t *ill)
9249 {
9250 ip_stack_t *ipst = ill->ill_ipst;
9251 clock_t timeo_ms;
9252
9253 ASSERT(MUTEX_HELD(&ill->ill_lock));
9254
9255 /* If the ill is closing or opening don't proceed */
9256 if (ill->ill_state_flags & ILL_CONDEMNED)
9257 return;
9258
9259 if (ill->ill_fragtimer_executing) {
9260 /*
9261 * ill_frag_timer is currently executing. Just record the
9262 * the fact that we want the timer to be restarted.
9263 * ill_frag_timer will post a timeout before it returns,
9264 * ensuring it will be called again.
9265 */
9266 ill->ill_fragtimer_needrestart = 1;
9267 return;
9268 }
9269
9270 if (ill->ill_frag_timer_id == 0) {
9271 timeo_ms = (ill->ill_isv6 ? ipst->ips_ipv6_reassembly_timeout :
9272 ipst->ips_ip_reassembly_timeout) * SECONDS;
9273
9274 /*
9275 * The timer is neither running nor is the timeout handler
9276 * executing. Post a timeout so that ill_frag_timer will be
9277 * called
9278 */
9279 ill->ill_frag_timer_id = timeout(ill_frag_timer, ill,
9280 MSEC_TO_TICK(timeo_ms >> 1));
9281 ill->ill_fragtimer_needrestart = 0;
9282 }
9283 }
9284
9285 /*
9286 * Update any source route, record route or timestamp options.
9287 * Check that we are at end of strict source route.
9288 * The options have already been checked for sanity in ip_input_options().
9289 */
9290 boolean_t
ip_input_local_options(mblk_t * mp,ipha_t * ipha,ip_recv_attr_t * ira)9291 ip_input_local_options(mblk_t *mp, ipha_t *ipha, ip_recv_attr_t *ira)
9292 {
9293 ipoptp_t opts;
9294 uchar_t *opt;
9295 uint8_t optval;
9296 uint8_t optlen;
9297 ipaddr_t dst;
9298 ipaddr_t ifaddr;
9299 uint32_t ts;
9300 timestruc_t now;
9301 ill_t *ill = ira->ira_ill;
9302 ip_stack_t *ipst = ill->ill_ipst;
9303
9304 ip2dbg(("ip_input_local_options\n"));
9305 opt = NULL;
9306
9307 for (optval = ipoptp_first(&opts, ipha);
9308 optval != IPOPT_EOL;
9309 optval = ipoptp_next(&opts)) {
9310 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0);
9311 opt = opts.ipoptp_cur;
9312 optlen = opts.ipoptp_len;
9313 ip2dbg(("ip_input_local_options: opt %d, len %d\n",
9314 optval, optlen));
9315 switch (optval) {
9316 uint32_t off;
9317 case IPOPT_SSRR:
9318 case IPOPT_LSRR:
9319 off = opt[IPOPT_OFFSET];
9320 off--;
9321 if (optlen < IP_ADDR_LEN ||
9322 off > optlen - IP_ADDR_LEN) {
9323 /* End of source route */
9324 ip1dbg(("ip_input_local_options: end of SR\n"));
9325 break;
9326 }
9327 /*
9328 * This will only happen if two consecutive entries
9329 * in the source route contains our address or if
9330 * it is a packet with a loose source route which
9331 * reaches us before consuming the whole source route
9332 */
9333 ip1dbg(("ip_input_local_options: not end of SR\n"));
9334 if (optval == IPOPT_SSRR) {
9335 goto bad_src_route;
9336 }
9337 /*
9338 * Hack: instead of dropping the packet truncate the
9339 * source route to what has been used by filling the
9340 * rest with IPOPT_NOP.
9341 */
9342 opt[IPOPT_OLEN] = (uint8_t)off;
9343 while (off < optlen) {
9344 opt[off++] = IPOPT_NOP;
9345 }
9346 break;
9347 case IPOPT_RR:
9348 off = opt[IPOPT_OFFSET];
9349 off--;
9350 if (optlen < IP_ADDR_LEN ||
9351 off > optlen - IP_ADDR_LEN) {
9352 /* No more room - ignore */
9353 ip1dbg((
9354 "ip_input_local_options: end of RR\n"));
9355 break;
9356 }
9357 /* Pick a reasonable address on the outbound if */
9358 if (ip_select_source_v4(ill, INADDR_ANY, ipha->ipha_dst,
9359 INADDR_ANY, ALL_ZONES, ipst, &ifaddr, NULL,
9360 NULL) != 0) {
9361 /* No source! Shouldn't happen */
9362 ifaddr = INADDR_ANY;
9363 }
9364 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN);
9365 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
9366 break;
9367 case IPOPT_TS:
9368 off = 0;
9369 /* Insert timestamp if there is romm */
9370 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
9371 case IPOPT_TS_TSONLY:
9372 off = IPOPT_TS_TIMELEN;
9373 break;
9374 case IPOPT_TS_PRESPEC:
9375 case IPOPT_TS_PRESPEC_RFC791:
9376 /* Verify that the address matched */
9377 off = opt[IPOPT_OFFSET] - 1;
9378 bcopy((char *)opt + off, &dst, IP_ADDR_LEN);
9379 if (ip_type_v4(dst, ipst) != IRE_LOCAL) {
9380 /* Not for us */
9381 break;
9382 }
9383 /* FALLTHROUGH */
9384 case IPOPT_TS_TSANDADDR:
9385 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN;
9386 break;
9387 default:
9388 /*
9389 * ip_*put_options should have already
9390 * dropped this packet.
9391 */
9392 cmn_err(CE_PANIC, "ip_input_local_options: "
9393 "unknown IT - bug in ip_input_options?\n");
9394 }
9395 if (opt[IPOPT_OFFSET] - 1 + off > optlen) {
9396 /* Increase overflow counter */
9397 off = (opt[IPOPT_POS_OV_FLG] >> 4) + 1;
9398 opt[IPOPT_POS_OV_FLG] =
9399 (uint8_t)((opt[IPOPT_POS_OV_FLG] & 0x0F) |
9400 (off << 4));
9401 break;
9402 }
9403 off = opt[IPOPT_OFFSET] - 1;
9404 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
9405 case IPOPT_TS_PRESPEC:
9406 case IPOPT_TS_PRESPEC_RFC791:
9407 case IPOPT_TS_TSANDADDR:
9408 /* Pick a reasonable addr on the outbound if */
9409 if (ip_select_source_v4(ill, INADDR_ANY,
9410 ipha->ipha_dst, INADDR_ANY, ALL_ZONES, ipst,
9411 &ifaddr, NULL, NULL) != 0) {
9412 /* No source! Shouldn't happen */
9413 ifaddr = INADDR_ANY;
9414 }
9415 bcopy(&ifaddr, (char *)opt + off, IP_ADDR_LEN);
9416 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
9417 /* FALLTHROUGH */
9418 case IPOPT_TS_TSONLY:
9419 off = opt[IPOPT_OFFSET] - 1;
9420 /* Compute # of milliseconds since midnight */
9421 gethrestime(&now);
9422 ts = (now.tv_sec % (24 * 60 * 60)) * 1000 +
9423 NSEC2MSEC(now.tv_nsec);
9424 bcopy(&ts, (char *)opt + off, IPOPT_TS_TIMELEN);
9425 opt[IPOPT_OFFSET] += IPOPT_TS_TIMELEN;
9426 break;
9427 }
9428 break;
9429 }
9430 }
9431 return (B_TRUE);
9432
9433 bad_src_route:
9434 /* make sure we clear any indication of a hardware checksum */
9435 DB_CKSUMFLAGS(mp) = 0;
9436 ip_drop_input("ICMP_SOURCE_ROUTE_FAILED", mp, ill);
9437 icmp_unreachable(mp, ICMP_SOURCE_ROUTE_FAILED, ira);
9438 return (B_FALSE);
9439
9440 }
9441
9442 /*
9443 * Process IP options in an inbound packet. Always returns the nexthop.
9444 * Normally this is the passed in nexthop, but if there is an option
9445 * that effects the nexthop (such as a source route) that will be returned.
9446 * Sets *errorp if there is an error, in which case an ICMP error has been sent
9447 * and mp freed.
9448 */
9449 ipaddr_t
ip_input_options(ipha_t * ipha,ipaddr_t dst,mblk_t * mp,ip_recv_attr_t * ira,int * errorp)9450 ip_input_options(ipha_t *ipha, ipaddr_t dst, mblk_t *mp,
9451 ip_recv_attr_t *ira, int *errorp)
9452 {
9453 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
9454 ipoptp_t opts;
9455 uchar_t *opt;
9456 uint8_t optval;
9457 uint8_t optlen;
9458 intptr_t code = 0;
9459 ire_t *ire;
9460
9461 ip2dbg(("ip_input_options\n"));
9462 opt = NULL;
9463 *errorp = 0;
9464 for (optval = ipoptp_first(&opts, ipha);
9465 optval != IPOPT_EOL;
9466 optval = ipoptp_next(&opts)) {
9467 opt = opts.ipoptp_cur;
9468 optlen = opts.ipoptp_len;
9469 ip2dbg(("ip_input_options: opt %d, len %d\n",
9470 optval, optlen));
9471 /*
9472 * Note: we need to verify the checksum before we
9473 * modify anything thus this routine only extracts the next
9474 * hop dst from any source route.
9475 */
9476 switch (optval) {
9477 uint32_t off;
9478 case IPOPT_SSRR:
9479 case IPOPT_LSRR:
9480 if (ip_type_v4(dst, ipst) != IRE_LOCAL) {
9481 if (optval == IPOPT_SSRR) {
9482 ip1dbg(("ip_input_options: not next"
9483 " strict source route 0x%x\n",
9484 ntohl(dst)));
9485 code = (char *)&ipha->ipha_dst -
9486 (char *)ipha;
9487 goto param_prob; /* RouterReq's */
9488 }
9489 ip2dbg(("ip_input_options: "
9490 "not next source route 0x%x\n",
9491 ntohl(dst)));
9492 break;
9493 }
9494
9495 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
9496 ip1dbg((
9497 "ip_input_options: bad option offset\n"));
9498 code = (char *)&opt[IPOPT_OLEN] -
9499 (char *)ipha;
9500 goto param_prob;
9501 }
9502 off = opt[IPOPT_OFFSET];
9503 off--;
9504 redo_srr:
9505 if (optlen < IP_ADDR_LEN ||
9506 off > optlen - IP_ADDR_LEN) {
9507 /* End of source route */
9508 ip1dbg(("ip_input_options: end of SR\n"));
9509 break;
9510 }
9511 bcopy((char *)opt + off, &dst, IP_ADDR_LEN);
9512 ip1dbg(("ip_input_options: next hop 0x%x\n",
9513 ntohl(dst)));
9514
9515 /*
9516 * Check if our address is present more than
9517 * once as consecutive hops in source route.
9518 * XXX verify per-interface ip_forwarding
9519 * for source route?
9520 */
9521 if (ip_type_v4(dst, ipst) == IRE_LOCAL) {
9522 off += IP_ADDR_LEN;
9523 goto redo_srr;
9524 }
9525
9526 if (dst == htonl(INADDR_LOOPBACK)) {
9527 ip1dbg(("ip_input_options: loopback addr in "
9528 "source route!\n"));
9529 goto bad_src_route;
9530 }
9531 /*
9532 * For strict: verify that dst is directly
9533 * reachable.
9534 */
9535 if (optval == IPOPT_SSRR) {
9536 ire = ire_ftable_lookup_v4(dst, 0, 0,
9537 IRE_INTERFACE, NULL, ALL_ZONES,
9538 ira->ira_tsl,
9539 MATCH_IRE_TYPE | MATCH_IRE_SECATTR, 0, ipst,
9540 NULL);
9541 if (ire == NULL) {
9542 ip1dbg(("ip_input_options: SSRR not "
9543 "directly reachable: 0x%x\n",
9544 ntohl(dst)));
9545 goto bad_src_route;
9546 }
9547 ire_refrele(ire);
9548 }
9549 /*
9550 * Defer update of the offset and the record route
9551 * until the packet is forwarded.
9552 */
9553 break;
9554 case IPOPT_RR:
9555 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
9556 ip1dbg((
9557 "ip_input_options: bad option offset\n"));
9558 code = (char *)&opt[IPOPT_OLEN] -
9559 (char *)ipha;
9560 goto param_prob;
9561 }
9562 break;
9563 case IPOPT_TS:
9564 /*
9565 * Verify that length >= 5 and that there is either
9566 * room for another timestamp or that the overflow
9567 * counter is not maxed out.
9568 */
9569 code = (char *)&opt[IPOPT_OLEN] - (char *)ipha;
9570 if (optlen < IPOPT_MINLEN_IT) {
9571 goto param_prob;
9572 }
9573 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
9574 ip1dbg((
9575 "ip_input_options: bad option offset\n"));
9576 code = (char *)&opt[IPOPT_OFFSET] -
9577 (char *)ipha;
9578 goto param_prob;
9579 }
9580 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
9581 case IPOPT_TS_TSONLY:
9582 off = IPOPT_TS_TIMELEN;
9583 break;
9584 case IPOPT_TS_TSANDADDR:
9585 case IPOPT_TS_PRESPEC:
9586 case IPOPT_TS_PRESPEC_RFC791:
9587 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN;
9588 break;
9589 default:
9590 code = (char *)&opt[IPOPT_POS_OV_FLG] -
9591 (char *)ipha;
9592 goto param_prob;
9593 }
9594 if (opt[IPOPT_OFFSET] - 1 + off > optlen &&
9595 (opt[IPOPT_POS_OV_FLG] & 0xF0) == 0xF0) {
9596 /*
9597 * No room and the overflow counter is 15
9598 * already.
9599 */
9600 goto param_prob;
9601 }
9602 break;
9603 }
9604 }
9605
9606 if ((opts.ipoptp_flags & IPOPTP_ERROR) == 0) {
9607 return (dst);
9608 }
9609
9610 ip1dbg(("ip_input_options: error processing IP options."));
9611 code = (char *)&opt[IPOPT_OFFSET] - (char *)ipha;
9612
9613 param_prob:
9614 /* make sure we clear any indication of a hardware checksum */
9615 DB_CKSUMFLAGS(mp) = 0;
9616 ip_drop_input("ICMP_PARAM_PROBLEM", mp, ira->ira_ill);
9617 icmp_param_problem(mp, (uint8_t)code, ira);
9618 *errorp = -1;
9619 return (dst);
9620
9621 bad_src_route:
9622 /* make sure we clear any indication of a hardware checksum */
9623 DB_CKSUMFLAGS(mp) = 0;
9624 ip_drop_input("ICMP_SOURCE_ROUTE_FAILED", mp, ira->ira_ill);
9625 icmp_unreachable(mp, ICMP_SOURCE_ROUTE_FAILED, ira);
9626 *errorp = -1;
9627 return (dst);
9628 }
9629
9630 /*
9631 * IP & ICMP info in >=14 msg's ...
9632 * - ip fixed part (mib2_ip_t)
9633 * - icmp fixed part (mib2_icmp_t)
9634 * - ipAddrEntryTable (ip 20) all IPv4 ipifs
9635 * - ipRouteEntryTable (ip 21) all IPv4 IREs
9636 * - ipNetToMediaEntryTable (ip 22) all IPv4 Neighbor Cache entries
9637 * - ipRouteAttributeTable (ip 102) labeled routes
9638 * - ip multicast membership (ip_member_t)
9639 * - ip multicast source filtering (ip_grpsrc_t)
9640 * - igmp fixed part (struct igmpstat)
9641 * - multicast routing stats (struct mrtstat)
9642 * - multicast routing vifs (array of struct vifctl)
9643 * - multicast routing routes (array of struct mfcctl)
9644 * - ip6 fixed part (mib2_ipv6IfStatsEntry_t)
9645 * One per ill plus one generic
9646 * - icmp6 fixed part (mib2_ipv6IfIcmpEntry_t)
9647 * One per ill plus one generic
9648 * - ipv6RouteEntry all IPv6 IREs
9649 * - ipv6RouteAttributeTable (ip6 102) labeled routes
9650 * - ipv6NetToMediaEntry all IPv6 Neighbor Cache entries
9651 * - ipv6AddrEntry all IPv6 ipifs
9652 * - ipv6 multicast membership (ipv6_member_t)
9653 * - ipv6 multicast source filtering (ipv6_grpsrc_t)
9654 *
9655 * NOTE: original mpctl is copied for msg's 2..N, since its ctl part is
9656 * already filled in by the caller.
9657 * If legacy_req is true then MIB structures needs to be truncated to their
9658 * legacy sizes before being returned.
9659 * Return value of 0 indicates that no messages were sent and caller
9660 * should free mpctl.
9661 */
9662 int
ip_snmp_get(queue_t * q,mblk_t * mpctl,int level,boolean_t legacy_req)9663 ip_snmp_get(queue_t *q, mblk_t *mpctl, int level, boolean_t legacy_req)
9664 {
9665 ip_stack_t *ipst;
9666 sctp_stack_t *sctps;
9667
9668 if (q->q_next != NULL) {
9669 ipst = ILLQ_TO_IPST(q);
9670 } else {
9671 ipst = CONNQ_TO_IPST(q);
9672 }
9673 ASSERT(ipst != NULL);
9674 sctps = ipst->ips_netstack->netstack_sctp;
9675
9676 if (mpctl == NULL || mpctl->b_cont == NULL) {
9677 return (0);
9678 }
9679
9680 /*
9681 * For the purposes of the (broken) packet shell use
9682 * of the level we make sure MIB2_TCP/MIB2_UDP can be used
9683 * to make TCP and UDP appear first in the list of mib items.
9684 * TBD: We could expand this and use it in netstat so that
9685 * the kernel doesn't have to produce large tables (connections,
9686 * routes, etc) when netstat only wants the statistics or a particular
9687 * table.
9688 */
9689 if (!(level == MIB2_TCP || level == MIB2_UDP)) {
9690 if ((mpctl = icmp_snmp_get(q, mpctl)) == NULL) {
9691 return (1);
9692 }
9693 }
9694
9695 if (level != MIB2_TCP) {
9696 if ((mpctl = udp_snmp_get(q, mpctl, legacy_req)) == NULL) {
9697 return (1);
9698 }
9699 if (level == MIB2_UDP) {
9700 goto done;
9701 }
9702 }
9703
9704 if (level != MIB2_UDP) {
9705 if ((mpctl = tcp_snmp_get(q, mpctl, legacy_req)) == NULL) {
9706 return (1);
9707 }
9708 if (level == MIB2_TCP) {
9709 goto done;
9710 }
9711 }
9712
9713 if ((mpctl = ip_snmp_get_mib2_ip_traffic_stats(q, mpctl,
9714 ipst, legacy_req)) == NULL) {
9715 return (1);
9716 }
9717
9718 if ((mpctl = ip_snmp_get_mib2_ip6(q, mpctl, ipst,
9719 legacy_req)) == NULL) {
9720 return (1);
9721 }
9722
9723 if ((mpctl = ip_snmp_get_mib2_icmp(q, mpctl, ipst)) == NULL) {
9724 return (1);
9725 }
9726
9727 if ((mpctl = ip_snmp_get_mib2_icmp6(q, mpctl, ipst)) == NULL) {
9728 return (1);
9729 }
9730
9731 if ((mpctl = ip_snmp_get_mib2_igmp(q, mpctl, ipst)) == NULL) {
9732 return (1);
9733 }
9734
9735 if ((mpctl = ip_snmp_get_mib2_multi(q, mpctl, ipst)) == NULL) {
9736 return (1);
9737 }
9738
9739 if ((mpctl = ip_snmp_get_mib2_ip_addr(q, mpctl, ipst,
9740 legacy_req)) == NULL) {
9741 return (1);
9742 }
9743
9744 if ((mpctl = ip_snmp_get_mib2_ip6_addr(q, mpctl, ipst,
9745 legacy_req)) == NULL) {
9746 return (1);
9747 }
9748
9749 if ((mpctl = ip_snmp_get_mib2_ip_group_mem(q, mpctl, ipst)) == NULL) {
9750 return (1);
9751 }
9752
9753 if ((mpctl = ip_snmp_get_mib2_ip6_group_mem(q, mpctl, ipst)) == NULL) {
9754 return (1);
9755 }
9756
9757 if ((mpctl = ip_snmp_get_mib2_ip_group_src(q, mpctl, ipst)) == NULL) {
9758 return (1);
9759 }
9760
9761 if ((mpctl = ip_snmp_get_mib2_ip6_group_src(q, mpctl, ipst)) == NULL) {
9762 return (1);
9763 }
9764
9765 if ((mpctl = ip_snmp_get_mib2_virt_multi(q, mpctl, ipst)) == NULL) {
9766 return (1);
9767 }
9768
9769 if ((mpctl = ip_snmp_get_mib2_multi_rtable(q, mpctl, ipst)) == NULL) {
9770 return (1);
9771 }
9772
9773 mpctl = ip_snmp_get_mib2_ip_route_media(q, mpctl, level, ipst);
9774 if (mpctl == NULL)
9775 return (1);
9776
9777 mpctl = ip_snmp_get_mib2_ip6_route_media(q, mpctl, level, ipst);
9778 if (mpctl == NULL)
9779 return (1);
9780
9781 if ((mpctl = sctp_snmp_get_mib2(q, mpctl, sctps)) == NULL) {
9782 return (1);
9783 }
9784 if ((mpctl = ip_snmp_get_mib2_ip_dce(q, mpctl, ipst)) == NULL) {
9785 return (1);
9786 }
9787 done:
9788 freemsg(mpctl);
9789 return (1);
9790 }
9791
9792 /* Get global (legacy) IPv4 statistics */
9793 static mblk_t *
ip_snmp_get_mib2_ip(queue_t * q,mblk_t * mpctl,mib2_ipIfStatsEntry_t * ipmib,ip_stack_t * ipst,boolean_t legacy_req)9794 ip_snmp_get_mib2_ip(queue_t *q, mblk_t *mpctl, mib2_ipIfStatsEntry_t *ipmib,
9795 ip_stack_t *ipst, boolean_t legacy_req)
9796 {
9797 mib2_ip_t old_ip_mib;
9798 struct opthdr *optp;
9799 mblk_t *mp2ctl;
9800 mib2_ipAddrEntry_t mae;
9801
9802 /*
9803 * make a copy of the original message
9804 */
9805 mp2ctl = copymsg(mpctl);
9806
9807 /* fixed length IP structure... */
9808 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
9809 optp->level = MIB2_IP;
9810 optp->name = 0;
9811 SET_MIB(old_ip_mib.ipForwarding,
9812 (WE_ARE_FORWARDING(ipst) ? 1 : 2));
9813 SET_MIB(old_ip_mib.ipDefaultTTL,
9814 (uint32_t)ipst->ips_ip_def_ttl);
9815 SET_MIB(old_ip_mib.ipReasmTimeout,
9816 ipst->ips_ip_reassembly_timeout);
9817 SET_MIB(old_ip_mib.ipAddrEntrySize,
9818 (legacy_req) ? LEGACY_MIB_SIZE(&mae, mib2_ipAddrEntry_t) :
9819 sizeof (mib2_ipAddrEntry_t));
9820 SET_MIB(old_ip_mib.ipRouteEntrySize,
9821 sizeof (mib2_ipRouteEntry_t));
9822 SET_MIB(old_ip_mib.ipNetToMediaEntrySize,
9823 sizeof (mib2_ipNetToMediaEntry_t));
9824 SET_MIB(old_ip_mib.ipMemberEntrySize, sizeof (ip_member_t));
9825 SET_MIB(old_ip_mib.ipGroupSourceEntrySize, sizeof (ip_grpsrc_t));
9826 SET_MIB(old_ip_mib.ipRouteAttributeSize,
9827 sizeof (mib2_ipAttributeEntry_t));
9828 SET_MIB(old_ip_mib.transportMLPSize, sizeof (mib2_transportMLPEntry_t));
9829 SET_MIB(old_ip_mib.ipDestEntrySize, sizeof (dest_cache_entry_t));
9830
9831 /*
9832 * Grab the statistics from the new IP MIB
9833 */
9834 SET_MIB(old_ip_mib.ipInReceives,
9835 (uint32_t)ipmib->ipIfStatsHCInReceives);
9836 SET_MIB(old_ip_mib.ipInHdrErrors, ipmib->ipIfStatsInHdrErrors);
9837 SET_MIB(old_ip_mib.ipInAddrErrors, ipmib->ipIfStatsInAddrErrors);
9838 SET_MIB(old_ip_mib.ipForwDatagrams,
9839 (uint32_t)ipmib->ipIfStatsHCOutForwDatagrams);
9840 SET_MIB(old_ip_mib.ipInUnknownProtos,
9841 ipmib->ipIfStatsInUnknownProtos);
9842 SET_MIB(old_ip_mib.ipInDiscards, ipmib->ipIfStatsInDiscards);
9843 SET_MIB(old_ip_mib.ipInDelivers,
9844 (uint32_t)ipmib->ipIfStatsHCInDelivers);
9845 SET_MIB(old_ip_mib.ipOutRequests,
9846 (uint32_t)ipmib->ipIfStatsHCOutRequests);
9847 SET_MIB(old_ip_mib.ipOutDiscards, ipmib->ipIfStatsOutDiscards);
9848 SET_MIB(old_ip_mib.ipOutNoRoutes, ipmib->ipIfStatsOutNoRoutes);
9849 SET_MIB(old_ip_mib.ipReasmReqds, ipmib->ipIfStatsReasmReqds);
9850 SET_MIB(old_ip_mib.ipReasmOKs, ipmib->ipIfStatsReasmOKs);
9851 SET_MIB(old_ip_mib.ipReasmFails, ipmib->ipIfStatsReasmFails);
9852 SET_MIB(old_ip_mib.ipFragOKs, ipmib->ipIfStatsOutFragOKs);
9853 SET_MIB(old_ip_mib.ipFragFails, ipmib->ipIfStatsOutFragFails);
9854 SET_MIB(old_ip_mib.ipFragCreates, ipmib->ipIfStatsOutFragCreates);
9855
9856 /* ipRoutingDiscards is not being used */
9857 SET_MIB(old_ip_mib.ipRoutingDiscards, 0);
9858 SET_MIB(old_ip_mib.tcpInErrs, ipmib->tcpIfStatsInErrs);
9859 SET_MIB(old_ip_mib.udpNoPorts, ipmib->udpIfStatsNoPorts);
9860 SET_MIB(old_ip_mib.ipInCksumErrs, ipmib->ipIfStatsInCksumErrs);
9861 SET_MIB(old_ip_mib.ipReasmDuplicates,
9862 ipmib->ipIfStatsReasmDuplicates);
9863 SET_MIB(old_ip_mib.ipReasmPartDups, ipmib->ipIfStatsReasmPartDups);
9864 SET_MIB(old_ip_mib.ipForwProhibits, ipmib->ipIfStatsForwProhibits);
9865 SET_MIB(old_ip_mib.udpInCksumErrs, ipmib->udpIfStatsInCksumErrs);
9866 SET_MIB(old_ip_mib.udpInOverflows, ipmib->udpIfStatsInOverflows);
9867 SET_MIB(old_ip_mib.rawipInOverflows,
9868 ipmib->rawipIfStatsInOverflows);
9869
9870 SET_MIB(old_ip_mib.ipsecInSucceeded, ipmib->ipsecIfStatsInSucceeded);
9871 SET_MIB(old_ip_mib.ipsecInFailed, ipmib->ipsecIfStatsInFailed);
9872 SET_MIB(old_ip_mib.ipInIPv6, ipmib->ipIfStatsInWrongIPVersion);
9873 SET_MIB(old_ip_mib.ipOutIPv6, ipmib->ipIfStatsOutWrongIPVersion);
9874 SET_MIB(old_ip_mib.ipOutSwitchIPv6,
9875 ipmib->ipIfStatsOutSwitchIPVersion);
9876
9877 if (!snmp_append_data(mpctl->b_cont, (char *)&old_ip_mib,
9878 (int)sizeof (old_ip_mib))) {
9879 ip1dbg(("ip_snmp_get_mib2_ip: failed to allocate %u bytes\n",
9880 (uint_t)sizeof (old_ip_mib)));
9881 }
9882
9883 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
9884 ip3dbg(("ip_snmp_get_mib2_ip: level %d, name %d, len %d\n",
9885 (int)optp->level, (int)optp->name, (int)optp->len));
9886 qreply(q, mpctl);
9887 return (mp2ctl);
9888 }
9889
9890 /* Per interface IPv4 statistics */
9891 static mblk_t *
ip_snmp_get_mib2_ip_traffic_stats(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst,boolean_t legacy_req)9892 ip_snmp_get_mib2_ip_traffic_stats(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst,
9893 boolean_t legacy_req)
9894 {
9895 struct opthdr *optp;
9896 mblk_t *mp2ctl;
9897 ill_t *ill;
9898 ill_walk_context_t ctx;
9899 mblk_t *mp_tail = NULL;
9900 mib2_ipIfStatsEntry_t global_ip_mib;
9901 mib2_ipAddrEntry_t mae;
9902
9903 /*
9904 * Make a copy of the original message
9905 */
9906 mp2ctl = copymsg(mpctl);
9907
9908 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
9909 optp->level = MIB2_IP;
9910 optp->name = MIB2_IP_TRAFFIC_STATS;
9911 /* Include "unknown interface" ip_mib */
9912 ipst->ips_ip_mib.ipIfStatsIPVersion = MIB2_INETADDRESSTYPE_ipv4;
9913 ipst->ips_ip_mib.ipIfStatsIfIndex =
9914 MIB2_UNKNOWN_INTERFACE; /* Flag to netstat */
9915 SET_MIB(ipst->ips_ip_mib.ipIfStatsForwarding,
9916 (ipst->ips_ip_forwarding ? 1 : 2));
9917 SET_MIB(ipst->ips_ip_mib.ipIfStatsDefaultTTL,
9918 (uint32_t)ipst->ips_ip_def_ttl);
9919 SET_MIB(ipst->ips_ip_mib.ipIfStatsEntrySize,
9920 sizeof (mib2_ipIfStatsEntry_t));
9921 SET_MIB(ipst->ips_ip_mib.ipIfStatsAddrEntrySize,
9922 sizeof (mib2_ipAddrEntry_t));
9923 SET_MIB(ipst->ips_ip_mib.ipIfStatsRouteEntrySize,
9924 sizeof (mib2_ipRouteEntry_t));
9925 SET_MIB(ipst->ips_ip_mib.ipIfStatsNetToMediaEntrySize,
9926 sizeof (mib2_ipNetToMediaEntry_t));
9927 SET_MIB(ipst->ips_ip_mib.ipIfStatsMemberEntrySize,
9928 sizeof (ip_member_t));
9929 SET_MIB(ipst->ips_ip_mib.ipIfStatsGroupSourceEntrySize,
9930 sizeof (ip_grpsrc_t));
9931
9932 bcopy(&ipst->ips_ip_mib, &global_ip_mib, sizeof (global_ip_mib));
9933
9934 if (legacy_req) {
9935 SET_MIB(global_ip_mib.ipIfStatsAddrEntrySize,
9936 LEGACY_MIB_SIZE(&mae, mib2_ipAddrEntry_t));
9937 }
9938
9939 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
9940 (char *)&global_ip_mib, (int)sizeof (global_ip_mib))) {
9941 ip1dbg(("ip_snmp_get_mib2_ip_traffic_stats: "
9942 "failed to allocate %u bytes\n",
9943 (uint_t)sizeof (global_ip_mib)));
9944 }
9945
9946 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
9947 ill = ILL_START_WALK_V4(&ctx, ipst);
9948 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
9949 ill->ill_ip_mib->ipIfStatsIfIndex =
9950 ill->ill_phyint->phyint_ifindex;
9951 SET_MIB(ill->ill_ip_mib->ipIfStatsForwarding,
9952 (ipst->ips_ip_forwarding ? 1 : 2));
9953 SET_MIB(ill->ill_ip_mib->ipIfStatsDefaultTTL,
9954 (uint32_t)ipst->ips_ip_def_ttl);
9955
9956 ip_mib2_add_ip_stats(&global_ip_mib, ill->ill_ip_mib);
9957 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
9958 (char *)ill->ill_ip_mib,
9959 (int)sizeof (*ill->ill_ip_mib))) {
9960 ip1dbg(("ip_snmp_get_mib2_ip_traffic_stats: "
9961 "failed to allocate %u bytes\n",
9962 (uint_t)sizeof (*ill->ill_ip_mib)));
9963 }
9964 }
9965 rw_exit(&ipst->ips_ill_g_lock);
9966
9967 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
9968 ip3dbg(("ip_snmp_get_mib2_ip_traffic_stats: "
9969 "level %d, name %d, len %d\n",
9970 (int)optp->level, (int)optp->name, (int)optp->len));
9971 qreply(q, mpctl);
9972
9973 if (mp2ctl == NULL)
9974 return (NULL);
9975
9976 return (ip_snmp_get_mib2_ip(q, mp2ctl, &global_ip_mib, ipst,
9977 legacy_req));
9978 }
9979
9980 /* Global IPv4 ICMP statistics */
9981 static mblk_t *
ip_snmp_get_mib2_icmp(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst)9982 ip_snmp_get_mib2_icmp(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
9983 {
9984 struct opthdr *optp;
9985 mblk_t *mp2ctl;
9986
9987 /*
9988 * Make a copy of the original message
9989 */
9990 mp2ctl = copymsg(mpctl);
9991
9992 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
9993 optp->level = MIB2_ICMP;
9994 optp->name = 0;
9995 if (!snmp_append_data(mpctl->b_cont, (char *)&ipst->ips_icmp_mib,
9996 (int)sizeof (ipst->ips_icmp_mib))) {
9997 ip1dbg(("ip_snmp_get_mib2_icmp: failed to allocate %u bytes\n",
9998 (uint_t)sizeof (ipst->ips_icmp_mib)));
9999 }
10000 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10001 ip3dbg(("ip_snmp_get_mib2_icmp: level %d, name %d, len %d\n",
10002 (int)optp->level, (int)optp->name, (int)optp->len));
10003 qreply(q, mpctl);
10004 return (mp2ctl);
10005 }
10006
10007 /* Global IPv4 IGMP statistics */
10008 static mblk_t *
ip_snmp_get_mib2_igmp(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst)10009 ip_snmp_get_mib2_igmp(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10010 {
10011 struct opthdr *optp;
10012 mblk_t *mp2ctl;
10013
10014 /*
10015 * make a copy of the original message
10016 */
10017 mp2ctl = copymsg(mpctl);
10018
10019 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10020 optp->level = EXPER_IGMP;
10021 optp->name = 0;
10022 if (!snmp_append_data(mpctl->b_cont, (char *)&ipst->ips_igmpstat,
10023 (int)sizeof (ipst->ips_igmpstat))) {
10024 ip1dbg(("ip_snmp_get_mib2_igmp: failed to allocate %u bytes\n",
10025 (uint_t)sizeof (ipst->ips_igmpstat)));
10026 }
10027 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10028 ip3dbg(("ip_snmp_get_mib2_igmp: level %d, name %d, len %d\n",
10029 (int)optp->level, (int)optp->name, (int)optp->len));
10030 qreply(q, mpctl);
10031 return (mp2ctl);
10032 }
10033
10034 /* Global IPv4 Multicast Routing statistics */
10035 static mblk_t *
ip_snmp_get_mib2_multi(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst)10036 ip_snmp_get_mib2_multi(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10037 {
10038 struct opthdr *optp;
10039 mblk_t *mp2ctl;
10040
10041 /*
10042 * make a copy of the original message
10043 */
10044 mp2ctl = copymsg(mpctl);
10045
10046 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10047 optp->level = EXPER_DVMRP;
10048 optp->name = 0;
10049 if (!ip_mroute_stats(mpctl->b_cont, ipst)) {
10050 ip0dbg(("ip_mroute_stats: failed\n"));
10051 }
10052 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10053 ip3dbg(("ip_snmp_get_mib2_multi: level %d, name %d, len %d\n",
10054 (int)optp->level, (int)optp->name, (int)optp->len));
10055 qreply(q, mpctl);
10056 return (mp2ctl);
10057 }
10058
10059 /* IPv4 address information */
10060 static mblk_t *
ip_snmp_get_mib2_ip_addr(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst,boolean_t legacy_req)10061 ip_snmp_get_mib2_ip_addr(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst,
10062 boolean_t legacy_req)
10063 {
10064 struct opthdr *optp;
10065 mblk_t *mp2ctl;
10066 mblk_t *mp_tail = NULL;
10067 ill_t *ill;
10068 ipif_t *ipif;
10069 uint_t bitval;
10070 mib2_ipAddrEntry_t mae;
10071 size_t mae_size;
10072 zoneid_t zoneid;
10073 ill_walk_context_t ctx;
10074
10075 /*
10076 * make a copy of the original message
10077 */
10078 mp2ctl = copymsg(mpctl);
10079
10080 mae_size = (legacy_req) ? LEGACY_MIB_SIZE(&mae, mib2_ipAddrEntry_t) :
10081 sizeof (mib2_ipAddrEntry_t);
10082
10083 /* ipAddrEntryTable */
10084
10085 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10086 optp->level = MIB2_IP;
10087 optp->name = MIB2_IP_ADDR;
10088 zoneid = Q_TO_CONN(q)->conn_zoneid;
10089
10090 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10091 ill = ILL_START_WALK_V4(&ctx, ipst);
10092 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10093 for (ipif = ill->ill_ipif; ipif != NULL;
10094 ipif = ipif->ipif_next) {
10095 if (ipif->ipif_zoneid != zoneid &&
10096 ipif->ipif_zoneid != ALL_ZONES)
10097 continue;
10098 /* Sum of count from dead IRE_LO* and our current */
10099 mae.ipAdEntInfo.ae_ibcnt = ipif->ipif_ib_pkt_count;
10100 if (ipif->ipif_ire_local != NULL) {
10101 mae.ipAdEntInfo.ae_ibcnt +=
10102 ipif->ipif_ire_local->ire_ib_pkt_count;
10103 }
10104 mae.ipAdEntInfo.ae_obcnt = 0;
10105 mae.ipAdEntInfo.ae_focnt = 0;
10106
10107 ipif_get_name(ipif, mae.ipAdEntIfIndex.o_bytes,
10108 OCTET_LENGTH);
10109 mae.ipAdEntIfIndex.o_length =
10110 mi_strlen(mae.ipAdEntIfIndex.o_bytes);
10111 mae.ipAdEntAddr = ipif->ipif_lcl_addr;
10112 mae.ipAdEntNetMask = ipif->ipif_net_mask;
10113 mae.ipAdEntInfo.ae_subnet = ipif->ipif_subnet;
10114 mae.ipAdEntInfo.ae_subnet_len =
10115 ip_mask_to_plen(ipif->ipif_net_mask);
10116 mae.ipAdEntInfo.ae_src_addr = ipif->ipif_lcl_addr;
10117 for (bitval = 1;
10118 bitval &&
10119 !(bitval & ipif->ipif_brd_addr);
10120 bitval <<= 1)
10121 noop;
10122 mae.ipAdEntBcastAddr = bitval;
10123 mae.ipAdEntReasmMaxSize = IP_MAXPACKET;
10124 mae.ipAdEntInfo.ae_mtu = ipif->ipif_ill->ill_mtu;
10125 mae.ipAdEntInfo.ae_metric = ipif->ipif_ill->ill_metric;
10126 mae.ipAdEntInfo.ae_broadcast_addr =
10127 ipif->ipif_brd_addr;
10128 mae.ipAdEntInfo.ae_pp_dst_addr =
10129 ipif->ipif_pp_dst_addr;
10130 mae.ipAdEntInfo.ae_flags = ipif->ipif_flags |
10131 ill->ill_flags | ill->ill_phyint->phyint_flags;
10132 mae.ipAdEntRetransmitTime =
10133 ill->ill_reachable_retrans_time;
10134
10135 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10136 (char *)&mae, (int)mae_size)) {
10137 ip1dbg(("ip_snmp_get_mib2_ip_addr: failed to "
10138 "allocate %u bytes\n", (uint_t)mae_size));
10139 }
10140 }
10141 }
10142 rw_exit(&ipst->ips_ill_g_lock);
10143
10144 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10145 ip3dbg(("ip_snmp_get_mib2_ip_addr: level %d, name %d, len %d\n",
10146 (int)optp->level, (int)optp->name, (int)optp->len));
10147 qreply(q, mpctl);
10148 return (mp2ctl);
10149 }
10150
10151 /* IPv6 address information */
10152 static mblk_t *
ip_snmp_get_mib2_ip6_addr(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst,boolean_t legacy_req)10153 ip_snmp_get_mib2_ip6_addr(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst,
10154 boolean_t legacy_req)
10155 {
10156 struct opthdr *optp;
10157 mblk_t *mp2ctl;
10158 mblk_t *mp_tail = NULL;
10159 ill_t *ill;
10160 ipif_t *ipif;
10161 mib2_ipv6AddrEntry_t mae6;
10162 size_t mae6_size;
10163 zoneid_t zoneid;
10164 ill_walk_context_t ctx;
10165
10166 /*
10167 * make a copy of the original message
10168 */
10169 mp2ctl = copymsg(mpctl);
10170
10171 mae6_size = (legacy_req) ?
10172 LEGACY_MIB_SIZE(&mae6, mib2_ipv6AddrEntry_t) :
10173 sizeof (mib2_ipv6AddrEntry_t);
10174
10175 /* ipv6AddrEntryTable */
10176
10177 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10178 optp->level = MIB2_IP6;
10179 optp->name = MIB2_IP6_ADDR;
10180 zoneid = Q_TO_CONN(q)->conn_zoneid;
10181
10182 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10183 ill = ILL_START_WALK_V6(&ctx, ipst);
10184 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10185 for (ipif = ill->ill_ipif; ipif != NULL;
10186 ipif = ipif->ipif_next) {
10187 if (ipif->ipif_zoneid != zoneid &&
10188 ipif->ipif_zoneid != ALL_ZONES)
10189 continue;
10190 /* Sum of count from dead IRE_LO* and our current */
10191 mae6.ipv6AddrInfo.ae_ibcnt = ipif->ipif_ib_pkt_count;
10192 if (ipif->ipif_ire_local != NULL) {
10193 mae6.ipv6AddrInfo.ae_ibcnt +=
10194 ipif->ipif_ire_local->ire_ib_pkt_count;
10195 }
10196 mae6.ipv6AddrInfo.ae_obcnt = 0;
10197 mae6.ipv6AddrInfo.ae_focnt = 0;
10198
10199 ipif_get_name(ipif, mae6.ipv6AddrIfIndex.o_bytes,
10200 OCTET_LENGTH);
10201 mae6.ipv6AddrIfIndex.o_length =
10202 mi_strlen(mae6.ipv6AddrIfIndex.o_bytes);
10203 mae6.ipv6AddrAddress = ipif->ipif_v6lcl_addr;
10204 mae6.ipv6AddrPfxLength =
10205 ip_mask_to_plen_v6(&ipif->ipif_v6net_mask);
10206 mae6.ipv6AddrInfo.ae_subnet = ipif->ipif_v6subnet;
10207 mae6.ipv6AddrInfo.ae_subnet_len =
10208 mae6.ipv6AddrPfxLength;
10209 mae6.ipv6AddrInfo.ae_src_addr = ipif->ipif_v6lcl_addr;
10210
10211 /* Type: stateless(1), stateful(2), unknown(3) */
10212 if (ipif->ipif_flags & IPIF_ADDRCONF)
10213 mae6.ipv6AddrType = 1;
10214 else
10215 mae6.ipv6AddrType = 2;
10216 /* Anycast: true(1), false(2) */
10217 if (ipif->ipif_flags & IPIF_ANYCAST)
10218 mae6.ipv6AddrAnycastFlag = 1;
10219 else
10220 mae6.ipv6AddrAnycastFlag = 2;
10221
10222 /*
10223 * Address status: preferred(1), deprecated(2),
10224 * invalid(3), inaccessible(4), unknown(5)
10225 */
10226 if (ipif->ipif_flags & IPIF_NOLOCAL)
10227 mae6.ipv6AddrStatus = 3;
10228 else if (ipif->ipif_flags & IPIF_DEPRECATED)
10229 mae6.ipv6AddrStatus = 2;
10230 else
10231 mae6.ipv6AddrStatus = 1;
10232 mae6.ipv6AddrInfo.ae_mtu = ipif->ipif_ill->ill_mtu;
10233 mae6.ipv6AddrInfo.ae_metric =
10234 ipif->ipif_ill->ill_metric;
10235 mae6.ipv6AddrInfo.ae_pp_dst_addr =
10236 ipif->ipif_v6pp_dst_addr;
10237 mae6.ipv6AddrInfo.ae_flags = ipif->ipif_flags |
10238 ill->ill_flags | ill->ill_phyint->phyint_flags;
10239 mae6.ipv6AddrReasmMaxSize = IP_MAXPACKET;
10240 mae6.ipv6AddrIdentifier = ill->ill_token;
10241 mae6.ipv6AddrIdentifierLen = ill->ill_token_length;
10242 mae6.ipv6AddrReachableTime = ill->ill_reachable_time;
10243 mae6.ipv6AddrRetransmitTime =
10244 ill->ill_reachable_retrans_time;
10245 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10246 (char *)&mae6, (int)mae6_size)) {
10247 ip1dbg(("ip_snmp_get_mib2_ip6_addr: failed to "
10248 "allocate %u bytes\n",
10249 (uint_t)mae6_size));
10250 }
10251 }
10252 }
10253 rw_exit(&ipst->ips_ill_g_lock);
10254
10255 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10256 ip3dbg(("ip_snmp_get_mib2_ip6_addr: level %d, name %d, len %d\n",
10257 (int)optp->level, (int)optp->name, (int)optp->len));
10258 qreply(q, mpctl);
10259 return (mp2ctl);
10260 }
10261
10262 /* IPv4 multicast group membership. */
10263 static mblk_t *
ip_snmp_get_mib2_ip_group_mem(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst)10264 ip_snmp_get_mib2_ip_group_mem(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10265 {
10266 struct opthdr *optp;
10267 mblk_t *mp2ctl;
10268 ill_t *ill;
10269 ipif_t *ipif;
10270 ilm_t *ilm;
10271 ip_member_t ipm;
10272 mblk_t *mp_tail = NULL;
10273 ill_walk_context_t ctx;
10274 zoneid_t zoneid;
10275
10276 /*
10277 * make a copy of the original message
10278 */
10279 mp2ctl = copymsg(mpctl);
10280 zoneid = Q_TO_CONN(q)->conn_zoneid;
10281
10282 /* ipGroupMember table */
10283 optp = (struct opthdr *)&mpctl->b_rptr[
10284 sizeof (struct T_optmgmt_ack)];
10285 optp->level = MIB2_IP;
10286 optp->name = EXPER_IP_GROUP_MEMBERSHIP;
10287
10288 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10289 ill = ILL_START_WALK_V4(&ctx, ipst);
10290 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10291 /* Make sure the ill isn't going away. */
10292 if (!ill_check_and_refhold(ill))
10293 continue;
10294 rw_exit(&ipst->ips_ill_g_lock);
10295 rw_enter(&ill->ill_mcast_lock, RW_READER);
10296 for (ilm = ill->ill_ilm; ilm; ilm = ilm->ilm_next) {
10297 if (ilm->ilm_zoneid != zoneid &&
10298 ilm->ilm_zoneid != ALL_ZONES)
10299 continue;
10300
10301 /* Is there an ipif for ilm_ifaddr? */
10302 for (ipif = ill->ill_ipif; ipif != NULL;
10303 ipif = ipif->ipif_next) {
10304 if (!IPIF_IS_CONDEMNED(ipif) &&
10305 ipif->ipif_lcl_addr == ilm->ilm_ifaddr &&
10306 ilm->ilm_ifaddr != INADDR_ANY)
10307 break;
10308 }
10309 if (ipif != NULL) {
10310 ipif_get_name(ipif,
10311 ipm.ipGroupMemberIfIndex.o_bytes,
10312 OCTET_LENGTH);
10313 } else {
10314 ill_get_name(ill,
10315 ipm.ipGroupMemberIfIndex.o_bytes,
10316 OCTET_LENGTH);
10317 }
10318 ipm.ipGroupMemberIfIndex.o_length =
10319 mi_strlen(ipm.ipGroupMemberIfIndex.o_bytes);
10320
10321 ipm.ipGroupMemberAddress = ilm->ilm_addr;
10322 ipm.ipGroupMemberRefCnt = ilm->ilm_refcnt;
10323 ipm.ipGroupMemberFilterMode = ilm->ilm_fmode;
10324 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10325 (char *)&ipm, (int)sizeof (ipm))) {
10326 ip1dbg(("ip_snmp_get_mib2_ip_group: "
10327 "failed to allocate %u bytes\n",
10328 (uint_t)sizeof (ipm)));
10329 }
10330 }
10331 rw_exit(&ill->ill_mcast_lock);
10332 ill_refrele(ill);
10333 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10334 }
10335 rw_exit(&ipst->ips_ill_g_lock);
10336 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10337 ip3dbg(("ip_snmp_get: level %d, name %d, len %d\n",
10338 (int)optp->level, (int)optp->name, (int)optp->len));
10339 qreply(q, mpctl);
10340 return (mp2ctl);
10341 }
10342
10343 /* IPv6 multicast group membership. */
10344 static mblk_t *
ip_snmp_get_mib2_ip6_group_mem(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst)10345 ip_snmp_get_mib2_ip6_group_mem(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10346 {
10347 struct opthdr *optp;
10348 mblk_t *mp2ctl;
10349 ill_t *ill;
10350 ilm_t *ilm;
10351 ipv6_member_t ipm6;
10352 mblk_t *mp_tail = NULL;
10353 ill_walk_context_t ctx;
10354 zoneid_t zoneid;
10355
10356 /*
10357 * make a copy of the original message
10358 */
10359 mp2ctl = copymsg(mpctl);
10360 zoneid = Q_TO_CONN(q)->conn_zoneid;
10361
10362 /* ip6GroupMember table */
10363 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10364 optp->level = MIB2_IP6;
10365 optp->name = EXPER_IP6_GROUP_MEMBERSHIP;
10366
10367 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10368 ill = ILL_START_WALK_V6(&ctx, ipst);
10369 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10370 /* Make sure the ill isn't going away. */
10371 if (!ill_check_and_refhold(ill))
10372 continue;
10373 rw_exit(&ipst->ips_ill_g_lock);
10374 /*
10375 * Normally we don't have any members on under IPMP interfaces.
10376 * We report them as a debugging aid.
10377 */
10378 rw_enter(&ill->ill_mcast_lock, RW_READER);
10379 ipm6.ipv6GroupMemberIfIndex = ill->ill_phyint->phyint_ifindex;
10380 for (ilm = ill->ill_ilm; ilm; ilm = ilm->ilm_next) {
10381 if (ilm->ilm_zoneid != zoneid &&
10382 ilm->ilm_zoneid != ALL_ZONES)
10383 continue; /* not this zone */
10384 ipm6.ipv6GroupMemberAddress = ilm->ilm_v6addr;
10385 ipm6.ipv6GroupMemberRefCnt = ilm->ilm_refcnt;
10386 ipm6.ipv6GroupMemberFilterMode = ilm->ilm_fmode;
10387 if (!snmp_append_data2(mpctl->b_cont,
10388 &mp_tail,
10389 (char *)&ipm6, (int)sizeof (ipm6))) {
10390 ip1dbg(("ip_snmp_get_mib2_ip6_group: "
10391 "failed to allocate %u bytes\n",
10392 (uint_t)sizeof (ipm6)));
10393 }
10394 }
10395 rw_exit(&ill->ill_mcast_lock);
10396 ill_refrele(ill);
10397 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10398 }
10399 rw_exit(&ipst->ips_ill_g_lock);
10400
10401 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10402 ip3dbg(("ip_snmp_get: level %d, name %d, len %d\n",
10403 (int)optp->level, (int)optp->name, (int)optp->len));
10404 qreply(q, mpctl);
10405 return (mp2ctl);
10406 }
10407
10408 /* IP multicast filtered sources */
10409 static mblk_t *
ip_snmp_get_mib2_ip_group_src(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst)10410 ip_snmp_get_mib2_ip_group_src(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10411 {
10412 struct opthdr *optp;
10413 mblk_t *mp2ctl;
10414 ill_t *ill;
10415 ipif_t *ipif;
10416 ilm_t *ilm;
10417 ip_grpsrc_t ips;
10418 mblk_t *mp_tail = NULL;
10419 ill_walk_context_t ctx;
10420 zoneid_t zoneid;
10421 int i;
10422 slist_t *sl;
10423
10424 /*
10425 * make a copy of the original message
10426 */
10427 mp2ctl = copymsg(mpctl);
10428 zoneid = Q_TO_CONN(q)->conn_zoneid;
10429
10430 /* ipGroupSource table */
10431 optp = (struct opthdr *)&mpctl->b_rptr[
10432 sizeof (struct T_optmgmt_ack)];
10433 optp->level = MIB2_IP;
10434 optp->name = EXPER_IP_GROUP_SOURCES;
10435
10436 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10437 ill = ILL_START_WALK_V4(&ctx, ipst);
10438 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10439 /* Make sure the ill isn't going away. */
10440 if (!ill_check_and_refhold(ill))
10441 continue;
10442 rw_exit(&ipst->ips_ill_g_lock);
10443 rw_enter(&ill->ill_mcast_lock, RW_READER);
10444 for (ilm = ill->ill_ilm; ilm; ilm = ilm->ilm_next) {
10445 sl = ilm->ilm_filter;
10446 if (ilm->ilm_zoneid != zoneid &&
10447 ilm->ilm_zoneid != ALL_ZONES)
10448 continue;
10449 if (SLIST_IS_EMPTY(sl))
10450 continue;
10451
10452 /* Is there an ipif for ilm_ifaddr? */
10453 for (ipif = ill->ill_ipif; ipif != NULL;
10454 ipif = ipif->ipif_next) {
10455 if (!IPIF_IS_CONDEMNED(ipif) &&
10456 ipif->ipif_lcl_addr == ilm->ilm_ifaddr &&
10457 ilm->ilm_ifaddr != INADDR_ANY)
10458 break;
10459 }
10460 if (ipif != NULL) {
10461 ipif_get_name(ipif,
10462 ips.ipGroupSourceIfIndex.o_bytes,
10463 OCTET_LENGTH);
10464 } else {
10465 ill_get_name(ill,
10466 ips.ipGroupSourceIfIndex.o_bytes,
10467 OCTET_LENGTH);
10468 }
10469 ips.ipGroupSourceIfIndex.o_length =
10470 mi_strlen(ips.ipGroupSourceIfIndex.o_bytes);
10471
10472 ips.ipGroupSourceGroup = ilm->ilm_addr;
10473 for (i = 0; i < sl->sl_numsrc; i++) {
10474 if (!IN6_IS_ADDR_V4MAPPED(&sl->sl_addr[i]))
10475 continue;
10476 IN6_V4MAPPED_TO_IPADDR(&sl->sl_addr[i],
10477 ips.ipGroupSourceAddress);
10478 if (snmp_append_data2(mpctl->b_cont, &mp_tail,
10479 (char *)&ips, (int)sizeof (ips)) == 0) {
10480 ip1dbg(("ip_snmp_get_mib2_ip_group_src:"
10481 " failed to allocate %u bytes\n",
10482 (uint_t)sizeof (ips)));
10483 }
10484 }
10485 }
10486 rw_exit(&ill->ill_mcast_lock);
10487 ill_refrele(ill);
10488 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10489 }
10490 rw_exit(&ipst->ips_ill_g_lock);
10491 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10492 ip3dbg(("ip_snmp_get: level %d, name %d, len %d\n",
10493 (int)optp->level, (int)optp->name, (int)optp->len));
10494 qreply(q, mpctl);
10495 return (mp2ctl);
10496 }
10497
10498 /* IPv6 multicast filtered sources. */
10499 static mblk_t *
ip_snmp_get_mib2_ip6_group_src(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst)10500 ip_snmp_get_mib2_ip6_group_src(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10501 {
10502 struct opthdr *optp;
10503 mblk_t *mp2ctl;
10504 ill_t *ill;
10505 ilm_t *ilm;
10506 ipv6_grpsrc_t ips6;
10507 mblk_t *mp_tail = NULL;
10508 ill_walk_context_t ctx;
10509 zoneid_t zoneid;
10510 int i;
10511 slist_t *sl;
10512
10513 /*
10514 * make a copy of the original message
10515 */
10516 mp2ctl = copymsg(mpctl);
10517 zoneid = Q_TO_CONN(q)->conn_zoneid;
10518
10519 /* ip6GroupMember table */
10520 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10521 optp->level = MIB2_IP6;
10522 optp->name = EXPER_IP6_GROUP_SOURCES;
10523
10524 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10525 ill = ILL_START_WALK_V6(&ctx, ipst);
10526 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10527 /* Make sure the ill isn't going away. */
10528 if (!ill_check_and_refhold(ill))
10529 continue;
10530 rw_exit(&ipst->ips_ill_g_lock);
10531 /*
10532 * Normally we don't have any members on under IPMP interfaces.
10533 * We report them as a debugging aid.
10534 */
10535 rw_enter(&ill->ill_mcast_lock, RW_READER);
10536 ips6.ipv6GroupSourceIfIndex = ill->ill_phyint->phyint_ifindex;
10537 for (ilm = ill->ill_ilm; ilm; ilm = ilm->ilm_next) {
10538 sl = ilm->ilm_filter;
10539 if (ilm->ilm_zoneid != zoneid &&
10540 ilm->ilm_zoneid != ALL_ZONES)
10541 continue;
10542 if (SLIST_IS_EMPTY(sl))
10543 continue;
10544 ips6.ipv6GroupSourceGroup = ilm->ilm_v6addr;
10545 for (i = 0; i < sl->sl_numsrc; i++) {
10546 ips6.ipv6GroupSourceAddress = sl->sl_addr[i];
10547 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10548 (char *)&ips6, (int)sizeof (ips6))) {
10549 ip1dbg(("ip_snmp_get_mib2_ip6_"
10550 "group_src: failed to allocate "
10551 "%u bytes\n",
10552 (uint_t)sizeof (ips6)));
10553 }
10554 }
10555 }
10556 rw_exit(&ill->ill_mcast_lock);
10557 ill_refrele(ill);
10558 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10559 }
10560 rw_exit(&ipst->ips_ill_g_lock);
10561
10562 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10563 ip3dbg(("ip_snmp_get: level %d, name %d, len %d\n",
10564 (int)optp->level, (int)optp->name, (int)optp->len));
10565 qreply(q, mpctl);
10566 return (mp2ctl);
10567 }
10568
10569 /* Multicast routing virtual interface table. */
10570 static mblk_t *
ip_snmp_get_mib2_virt_multi(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst)10571 ip_snmp_get_mib2_virt_multi(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10572 {
10573 struct opthdr *optp;
10574 mblk_t *mp2ctl;
10575
10576 /*
10577 * make a copy of the original message
10578 */
10579 mp2ctl = copymsg(mpctl);
10580
10581 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10582 optp->level = EXPER_DVMRP;
10583 optp->name = EXPER_DVMRP_VIF;
10584 if (!ip_mroute_vif(mpctl->b_cont, ipst)) {
10585 ip0dbg(("ip_mroute_vif: failed\n"));
10586 }
10587 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10588 ip3dbg(("ip_snmp_get_mib2_virt_multi: level %d, name %d, len %d\n",
10589 (int)optp->level, (int)optp->name, (int)optp->len));
10590 qreply(q, mpctl);
10591 return (mp2ctl);
10592 }
10593
10594 /* Multicast routing table. */
10595 static mblk_t *
ip_snmp_get_mib2_multi_rtable(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst)10596 ip_snmp_get_mib2_multi_rtable(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10597 {
10598 struct opthdr *optp;
10599 mblk_t *mp2ctl;
10600
10601 /*
10602 * make a copy of the original message
10603 */
10604 mp2ctl = copymsg(mpctl);
10605
10606 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10607 optp->level = EXPER_DVMRP;
10608 optp->name = EXPER_DVMRP_MRT;
10609 if (!ip_mroute_mrt(mpctl->b_cont, ipst)) {
10610 ip0dbg(("ip_mroute_mrt: failed\n"));
10611 }
10612 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10613 ip3dbg(("ip_snmp_get_mib2_multi_rtable: level %d, name %d, len %d\n",
10614 (int)optp->level, (int)optp->name, (int)optp->len));
10615 qreply(q, mpctl);
10616 return (mp2ctl);
10617 }
10618
10619 /*
10620 * Return ipRouteEntryTable, ipNetToMediaEntryTable, and ipRouteAttributeTable
10621 * in one IRE walk.
10622 */
10623 static mblk_t *
ip_snmp_get_mib2_ip_route_media(queue_t * q,mblk_t * mpctl,int level,ip_stack_t * ipst)10624 ip_snmp_get_mib2_ip_route_media(queue_t *q, mblk_t *mpctl, int level,
10625 ip_stack_t *ipst)
10626 {
10627 struct opthdr *optp;
10628 mblk_t *mp2ctl; /* Returned */
10629 mblk_t *mp3ctl; /* nettomedia */
10630 mblk_t *mp4ctl; /* routeattrs */
10631 iproutedata_t ird;
10632 zoneid_t zoneid;
10633
10634 /*
10635 * make copies of the original message
10636 * - mp2ctl is returned unchanged to the caller for its use
10637 * - mpctl is sent upstream as ipRouteEntryTable
10638 * - mp3ctl is sent upstream as ipNetToMediaEntryTable
10639 * - mp4ctl is sent upstream as ipRouteAttributeTable
10640 */
10641 mp2ctl = copymsg(mpctl);
10642 mp3ctl = copymsg(mpctl);
10643 mp4ctl = copymsg(mpctl);
10644 if (mp3ctl == NULL || mp4ctl == NULL) {
10645 freemsg(mp4ctl);
10646 freemsg(mp3ctl);
10647 freemsg(mp2ctl);
10648 freemsg(mpctl);
10649 return (NULL);
10650 }
10651
10652 bzero(&ird, sizeof (ird));
10653
10654 ird.ird_route.lp_head = mpctl->b_cont;
10655 ird.ird_netmedia.lp_head = mp3ctl->b_cont;
10656 ird.ird_attrs.lp_head = mp4ctl->b_cont;
10657 /*
10658 * If the level has been set the special EXPER_IP_AND_ALL_IRES value,
10659 * then also include ire_testhidden IREs and IRE_IF_CLONE. This is
10660 * intended a temporary solution until a proper MIB API is provided
10661 * that provides complete filtering/caller-opt-in.
10662 */
10663 if (level == EXPER_IP_AND_ALL_IRES)
10664 ird.ird_flags |= IRD_REPORT_ALL;
10665
10666 zoneid = Q_TO_CONN(q)->conn_zoneid;
10667 ire_walk_v4(ip_snmp_get2_v4, &ird, zoneid, ipst);
10668
10669 /* ipRouteEntryTable in mpctl */
10670 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10671 optp->level = MIB2_IP;
10672 optp->name = MIB2_IP_ROUTE;
10673 optp->len = msgdsize(ird.ird_route.lp_head);
10674 ip3dbg(("ip_snmp_get_mib2_ip_route_media: level %d, name %d, len %d\n",
10675 (int)optp->level, (int)optp->name, (int)optp->len));
10676 qreply(q, mpctl);
10677
10678 /* ipNetToMediaEntryTable in mp3ctl */
10679 ncec_walk(NULL, ip_snmp_get2_v4_media, &ird, ipst);
10680
10681 optp = (struct opthdr *)&mp3ctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10682 optp->level = MIB2_IP;
10683 optp->name = MIB2_IP_MEDIA;
10684 optp->len = msgdsize(ird.ird_netmedia.lp_head);
10685 ip3dbg(("ip_snmp_get_mib2_ip_route_media: level %d, name %d, len %d\n",
10686 (int)optp->level, (int)optp->name, (int)optp->len));
10687 qreply(q, mp3ctl);
10688
10689 /* ipRouteAttributeTable in mp4ctl */
10690 optp = (struct opthdr *)&mp4ctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10691 optp->level = MIB2_IP;
10692 optp->name = EXPER_IP_RTATTR;
10693 optp->len = msgdsize(ird.ird_attrs.lp_head);
10694 ip3dbg(("ip_snmp_get_mib2_ip_route_media: level %d, name %d, len %d\n",
10695 (int)optp->level, (int)optp->name, (int)optp->len));
10696 if (optp->len == 0)
10697 freemsg(mp4ctl);
10698 else
10699 qreply(q, mp4ctl);
10700
10701 return (mp2ctl);
10702 }
10703
10704 /*
10705 * Return ipv6RouteEntryTable and ipv6RouteAttributeTable in one IRE walk, and
10706 * ipv6NetToMediaEntryTable in an NDP walk.
10707 */
10708 static mblk_t *
ip_snmp_get_mib2_ip6_route_media(queue_t * q,mblk_t * mpctl,int level,ip_stack_t * ipst)10709 ip_snmp_get_mib2_ip6_route_media(queue_t *q, mblk_t *mpctl, int level,
10710 ip_stack_t *ipst)
10711 {
10712 struct opthdr *optp;
10713 mblk_t *mp2ctl; /* Returned */
10714 mblk_t *mp3ctl; /* nettomedia */
10715 mblk_t *mp4ctl; /* routeattrs */
10716 iproutedata_t ird;
10717 zoneid_t zoneid;
10718
10719 /*
10720 * make copies of the original message
10721 * - mp2ctl is returned unchanged to the caller for its use
10722 * - mpctl is sent upstream as ipv6RouteEntryTable
10723 * - mp3ctl is sent upstream as ipv6NetToMediaEntryTable
10724 * - mp4ctl is sent upstream as ipv6RouteAttributeTable
10725 */
10726 mp2ctl = copymsg(mpctl);
10727 mp3ctl = copymsg(mpctl);
10728 mp4ctl = copymsg(mpctl);
10729 if (mp3ctl == NULL || mp4ctl == NULL) {
10730 freemsg(mp4ctl);
10731 freemsg(mp3ctl);
10732 freemsg(mp2ctl);
10733 freemsg(mpctl);
10734 return (NULL);
10735 }
10736
10737 bzero(&ird, sizeof (ird));
10738
10739 ird.ird_route.lp_head = mpctl->b_cont;
10740 ird.ird_netmedia.lp_head = mp3ctl->b_cont;
10741 ird.ird_attrs.lp_head = mp4ctl->b_cont;
10742 /*
10743 * If the level has been set the special EXPER_IP_AND_ALL_IRES value,
10744 * then also include ire_testhidden IREs and IRE_IF_CLONE. This is
10745 * intended a temporary solution until a proper MIB API is provided
10746 * that provides complete filtering/caller-opt-in.
10747 */
10748 if (level == EXPER_IP_AND_ALL_IRES)
10749 ird.ird_flags |= IRD_REPORT_ALL;
10750
10751 zoneid = Q_TO_CONN(q)->conn_zoneid;
10752 ire_walk_v6(ip_snmp_get2_v6_route, &ird, zoneid, ipst);
10753
10754 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10755 optp->level = MIB2_IP6;
10756 optp->name = MIB2_IP6_ROUTE;
10757 optp->len = msgdsize(ird.ird_route.lp_head);
10758 ip3dbg(("ip_snmp_get_mib2_ip6_route_media: level %d, name %d, len %d\n",
10759 (int)optp->level, (int)optp->name, (int)optp->len));
10760 qreply(q, mpctl);
10761
10762 /* ipv6NetToMediaEntryTable in mp3ctl */
10763 ncec_walk(NULL, ip_snmp_get2_v6_media, &ird, ipst);
10764
10765 optp = (struct opthdr *)&mp3ctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10766 optp->level = MIB2_IP6;
10767 optp->name = MIB2_IP6_MEDIA;
10768 optp->len = msgdsize(ird.ird_netmedia.lp_head);
10769 ip3dbg(("ip_snmp_get_mib2_ip6_route_media: level %d, name %d, len %d\n",
10770 (int)optp->level, (int)optp->name, (int)optp->len));
10771 qreply(q, mp3ctl);
10772
10773 /* ipv6RouteAttributeTable in mp4ctl */
10774 optp = (struct opthdr *)&mp4ctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10775 optp->level = MIB2_IP6;
10776 optp->name = EXPER_IP_RTATTR;
10777 optp->len = msgdsize(ird.ird_attrs.lp_head);
10778 ip3dbg(("ip_snmp_get_mib2_ip6_route_media: level %d, name %d, len %d\n",
10779 (int)optp->level, (int)optp->name, (int)optp->len));
10780 if (optp->len == 0)
10781 freemsg(mp4ctl);
10782 else
10783 qreply(q, mp4ctl);
10784
10785 return (mp2ctl);
10786 }
10787
10788 /*
10789 * IPv6 mib: One per ill
10790 */
10791 static mblk_t *
ip_snmp_get_mib2_ip6(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst,boolean_t legacy_req)10792 ip_snmp_get_mib2_ip6(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst,
10793 boolean_t legacy_req)
10794 {
10795 struct opthdr *optp;
10796 mblk_t *mp2ctl;
10797 ill_t *ill;
10798 ill_walk_context_t ctx;
10799 mblk_t *mp_tail = NULL;
10800 mib2_ipv6AddrEntry_t mae6;
10801 mib2_ipIfStatsEntry_t *ise;
10802 size_t ise_size, iae_size;
10803
10804 /*
10805 * Make a copy of the original message
10806 */
10807 mp2ctl = copymsg(mpctl);
10808
10809 /* fixed length IPv6 structure ... */
10810
10811 if (legacy_req) {
10812 ise_size = LEGACY_MIB_SIZE(&ipst->ips_ip6_mib,
10813 mib2_ipIfStatsEntry_t);
10814 iae_size = LEGACY_MIB_SIZE(&mae6, mib2_ipv6AddrEntry_t);
10815 } else {
10816 ise_size = sizeof (mib2_ipIfStatsEntry_t);
10817 iae_size = sizeof (mib2_ipv6AddrEntry_t);
10818 }
10819
10820 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10821 optp->level = MIB2_IP6;
10822 optp->name = 0;
10823 /* Include "unknown interface" ip6_mib */
10824 ipst->ips_ip6_mib.ipIfStatsIPVersion = MIB2_INETADDRESSTYPE_ipv6;
10825 ipst->ips_ip6_mib.ipIfStatsIfIndex =
10826 MIB2_UNKNOWN_INTERFACE; /* Flag to netstat */
10827 SET_MIB(ipst->ips_ip6_mib.ipIfStatsForwarding,
10828 ipst->ips_ipv6_forwarding ? 1 : 2);
10829 SET_MIB(ipst->ips_ip6_mib.ipIfStatsDefaultHopLimit,
10830 ipst->ips_ipv6_def_hops);
10831 SET_MIB(ipst->ips_ip6_mib.ipIfStatsEntrySize,
10832 sizeof (mib2_ipIfStatsEntry_t));
10833 SET_MIB(ipst->ips_ip6_mib.ipIfStatsAddrEntrySize,
10834 sizeof (mib2_ipv6AddrEntry_t));
10835 SET_MIB(ipst->ips_ip6_mib.ipIfStatsRouteEntrySize,
10836 sizeof (mib2_ipv6RouteEntry_t));
10837 SET_MIB(ipst->ips_ip6_mib.ipIfStatsNetToMediaEntrySize,
10838 sizeof (mib2_ipv6NetToMediaEntry_t));
10839 SET_MIB(ipst->ips_ip6_mib.ipIfStatsMemberEntrySize,
10840 sizeof (ipv6_member_t));
10841 SET_MIB(ipst->ips_ip6_mib.ipIfStatsGroupSourceEntrySize,
10842 sizeof (ipv6_grpsrc_t));
10843
10844 /*
10845 * Synchronize 64- and 32-bit counters
10846 */
10847 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsInReceives,
10848 ipIfStatsHCInReceives);
10849 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsInDelivers,
10850 ipIfStatsHCInDelivers);
10851 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsOutRequests,
10852 ipIfStatsHCOutRequests);
10853 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsOutForwDatagrams,
10854 ipIfStatsHCOutForwDatagrams);
10855 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsOutMcastPkts,
10856 ipIfStatsHCOutMcastPkts);
10857 SYNC32_MIB(&ipst->ips_ip6_mib, ipIfStatsInMcastPkts,
10858 ipIfStatsHCInMcastPkts);
10859
10860 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10861 (char *)&ipst->ips_ip6_mib, (int)ise_size)) {
10862 ip1dbg(("ip_snmp_get_mib2_ip6: failed to allocate %u bytes\n",
10863 (uint_t)ise_size));
10864 } else if (legacy_req) {
10865 /* Adjust the EntrySize fields for legacy requests. */
10866 ise =
10867 (mib2_ipIfStatsEntry_t *)(mp_tail->b_wptr - (int)ise_size);
10868 SET_MIB(ise->ipIfStatsEntrySize, ise_size);
10869 SET_MIB(ise->ipIfStatsAddrEntrySize, iae_size);
10870 }
10871
10872 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10873 ill = ILL_START_WALK_V6(&ctx, ipst);
10874 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10875 ill->ill_ip_mib->ipIfStatsIfIndex =
10876 ill->ill_phyint->phyint_ifindex;
10877 SET_MIB(ill->ill_ip_mib->ipIfStatsForwarding,
10878 ipst->ips_ipv6_forwarding ? 1 : 2);
10879 SET_MIB(ill->ill_ip_mib->ipIfStatsDefaultHopLimit,
10880 ill->ill_max_hops);
10881
10882 /*
10883 * Synchronize 64- and 32-bit counters
10884 */
10885 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsInReceives,
10886 ipIfStatsHCInReceives);
10887 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsInDelivers,
10888 ipIfStatsHCInDelivers);
10889 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsOutRequests,
10890 ipIfStatsHCOutRequests);
10891 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsOutForwDatagrams,
10892 ipIfStatsHCOutForwDatagrams);
10893 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsOutMcastPkts,
10894 ipIfStatsHCOutMcastPkts);
10895 SYNC32_MIB(ill->ill_ip_mib, ipIfStatsInMcastPkts,
10896 ipIfStatsHCInMcastPkts);
10897
10898 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10899 (char *)ill->ill_ip_mib, (int)ise_size)) {
10900 ip1dbg(("ip_snmp_get_mib2_ip6: failed to allocate "
10901 "%u bytes\n", (uint_t)ise_size));
10902 } else if (legacy_req) {
10903 /* Adjust the EntrySize fields for legacy requests. */
10904 ise = (mib2_ipIfStatsEntry_t *)(mp_tail->b_wptr -
10905 (int)ise_size);
10906 SET_MIB(ise->ipIfStatsEntrySize, ise_size);
10907 SET_MIB(ise->ipIfStatsAddrEntrySize, iae_size);
10908 }
10909 }
10910 rw_exit(&ipst->ips_ill_g_lock);
10911
10912 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10913 ip3dbg(("ip_snmp_get_mib2_ip6: level %d, name %d, len %d\n",
10914 (int)optp->level, (int)optp->name, (int)optp->len));
10915 qreply(q, mpctl);
10916 return (mp2ctl);
10917 }
10918
10919 /*
10920 * ICMPv6 mib: One per ill
10921 */
10922 static mblk_t *
ip_snmp_get_mib2_icmp6(queue_t * q,mblk_t * mpctl,ip_stack_t * ipst)10923 ip_snmp_get_mib2_icmp6(queue_t *q, mblk_t *mpctl, ip_stack_t *ipst)
10924 {
10925 struct opthdr *optp;
10926 mblk_t *mp2ctl;
10927 ill_t *ill;
10928 ill_walk_context_t ctx;
10929 mblk_t *mp_tail = NULL;
10930 /*
10931 * Make a copy of the original message
10932 */
10933 mp2ctl = copymsg(mpctl);
10934
10935 /* fixed length ICMPv6 structure ... */
10936
10937 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
10938 optp->level = MIB2_ICMP6;
10939 optp->name = 0;
10940 /* Include "unknown interface" icmp6_mib */
10941 ipst->ips_icmp6_mib.ipv6IfIcmpIfIndex =
10942 MIB2_UNKNOWN_INTERFACE; /* netstat flag */
10943 ipst->ips_icmp6_mib.ipv6IfIcmpEntrySize =
10944 sizeof (mib2_ipv6IfIcmpEntry_t);
10945 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10946 (char *)&ipst->ips_icmp6_mib,
10947 (int)sizeof (ipst->ips_icmp6_mib))) {
10948 ip1dbg(("ip_snmp_get_mib2_icmp6: failed to allocate %u bytes\n",
10949 (uint_t)sizeof (ipst->ips_icmp6_mib)));
10950 }
10951
10952 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
10953 ill = ILL_START_WALK_V6(&ctx, ipst);
10954 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
10955 ill->ill_icmp6_mib->ipv6IfIcmpIfIndex =
10956 ill->ill_phyint->phyint_ifindex;
10957 if (!snmp_append_data2(mpctl->b_cont, &mp_tail,
10958 (char *)ill->ill_icmp6_mib,
10959 (int)sizeof (*ill->ill_icmp6_mib))) {
10960 ip1dbg(("ip_snmp_get_mib2_icmp6: failed to allocate "
10961 "%u bytes\n",
10962 (uint_t)sizeof (*ill->ill_icmp6_mib)));
10963 }
10964 }
10965 rw_exit(&ipst->ips_ill_g_lock);
10966
10967 optp->len = (t_uscalar_t)msgdsize(mpctl->b_cont);
10968 ip3dbg(("ip_snmp_get_mib2_icmp6: level %d, name %d, len %d\n",
10969 (int)optp->level, (int)optp->name, (int)optp->len));
10970 qreply(q, mpctl);
10971 return (mp2ctl);
10972 }
10973
10974 /*
10975 * ire_walk routine to create both ipRouteEntryTable and
10976 * ipRouteAttributeTable in one IRE walk
10977 */
10978 static void
ip_snmp_get2_v4(ire_t * ire,iproutedata_t * ird)10979 ip_snmp_get2_v4(ire_t *ire, iproutedata_t *ird)
10980 {
10981 ill_t *ill;
10982 mib2_ipRouteEntry_t *re;
10983 mib2_ipAttributeEntry_t iaes;
10984 tsol_ire_gw_secattr_t *attrp;
10985 tsol_gc_t *gc = NULL;
10986 tsol_gcgrp_t *gcgrp = NULL;
10987 ip_stack_t *ipst = ire->ire_ipst;
10988
10989 ASSERT(ire->ire_ipversion == IPV4_VERSION);
10990
10991 if (!(ird->ird_flags & IRD_REPORT_ALL)) {
10992 if (ire->ire_testhidden)
10993 return;
10994 if (ire->ire_type & IRE_IF_CLONE)
10995 return;
10996 }
10997
10998 if ((re = kmem_zalloc(sizeof (*re), KM_NOSLEEP)) == NULL)
10999 return;
11000
11001 if ((attrp = ire->ire_gw_secattr) != NULL) {
11002 mutex_enter(&attrp->igsa_lock);
11003 if ((gc = attrp->igsa_gc) != NULL) {
11004 gcgrp = gc->gc_grp;
11005 ASSERT(gcgrp != NULL);
11006 rw_enter(&gcgrp->gcgrp_rwlock, RW_READER);
11007 }
11008 mutex_exit(&attrp->igsa_lock);
11009 }
11010 /*
11011 * Return all IRE types for route table... let caller pick and choose
11012 */
11013 re->ipRouteDest = ire->ire_addr;
11014 ill = ire->ire_ill;
11015 re->ipRouteIfIndex.o_length = 0;
11016 if (ill != NULL) {
11017 ill_get_name(ill, re->ipRouteIfIndex.o_bytes, OCTET_LENGTH);
11018 re->ipRouteIfIndex.o_length =
11019 mi_strlen(re->ipRouteIfIndex.o_bytes);
11020 }
11021 re->ipRouteMetric1 = -1;
11022 re->ipRouteMetric2 = -1;
11023 re->ipRouteMetric3 = -1;
11024 re->ipRouteMetric4 = -1;
11025
11026 re->ipRouteNextHop = ire->ire_gateway_addr;
11027 /* indirect(4), direct(3), or invalid(2) */
11028 if (ire->ire_flags & (RTF_REJECT | RTF_BLACKHOLE))
11029 re->ipRouteType = 2;
11030 else if (ire->ire_type & IRE_ONLINK)
11031 re->ipRouteType = 3;
11032 else
11033 re->ipRouteType = 4;
11034
11035 re->ipRouteProto = -1;
11036 re->ipRouteAge = gethrestime_sec() - ire->ire_create_time;
11037 re->ipRouteMask = ire->ire_mask;
11038 re->ipRouteMetric5 = -1;
11039 re->ipRouteInfo.re_max_frag = ire->ire_metrics.iulp_mtu;
11040 if (ire->ire_ill != NULL && re->ipRouteInfo.re_max_frag == 0)
11041 re->ipRouteInfo.re_max_frag = ire->ire_ill->ill_mtu;
11042
11043 re->ipRouteInfo.re_frag_flag = 0;
11044 re->ipRouteInfo.re_rtt = 0;
11045 re->ipRouteInfo.re_src_addr = 0;
11046 re->ipRouteInfo.re_ref = ire->ire_refcnt;
11047 re->ipRouteInfo.re_obpkt = ire->ire_ob_pkt_count;
11048 re->ipRouteInfo.re_ibpkt = ire->ire_ib_pkt_count;
11049 re->ipRouteInfo.re_flags = ire->ire_flags;
11050
11051 /* Add the IRE_IF_CLONE's counters to their parent IRE_INTERFACE */
11052 if (ire->ire_type & IRE_INTERFACE) {
11053 ire_t *child;
11054
11055 rw_enter(&ipst->ips_ire_dep_lock, RW_READER);
11056 child = ire->ire_dep_children;
11057 while (child != NULL) {
11058 re->ipRouteInfo.re_obpkt += child->ire_ob_pkt_count;
11059 re->ipRouteInfo.re_ibpkt += child->ire_ib_pkt_count;
11060 child = child->ire_dep_sib_next;
11061 }
11062 rw_exit(&ipst->ips_ire_dep_lock);
11063 }
11064
11065 if (ire->ire_flags & RTF_DYNAMIC) {
11066 re->ipRouteInfo.re_ire_type = IRE_HOST_REDIRECT;
11067 } else {
11068 re->ipRouteInfo.re_ire_type = ire->ire_type;
11069 }
11070
11071 if (!snmp_append_data2(ird->ird_route.lp_head, &ird->ird_route.lp_tail,
11072 (char *)re, (int)sizeof (*re))) {
11073 ip1dbg(("ip_snmp_get2_v4: failed to allocate %u bytes\n",
11074 (uint_t)sizeof (*re)));
11075 }
11076
11077 if (gc != NULL) {
11078 iaes.iae_routeidx = ird->ird_idx;
11079 iaes.iae_doi = gc->gc_db->gcdb_doi;
11080 iaes.iae_slrange = gc->gc_db->gcdb_slrange;
11081
11082 if (!snmp_append_data2(ird->ird_attrs.lp_head,
11083 &ird->ird_attrs.lp_tail, (char *)&iaes, sizeof (iaes))) {
11084 ip1dbg(("ip_snmp_get2_v4: failed to allocate %u "
11085 "bytes\n", (uint_t)sizeof (iaes)));
11086 }
11087 }
11088
11089 /* bump route index for next pass */
11090 ird->ird_idx++;
11091
11092 kmem_free(re, sizeof (*re));
11093 if (gcgrp != NULL)
11094 rw_exit(&gcgrp->gcgrp_rwlock);
11095 }
11096
11097 /*
11098 * ire_walk routine to create ipv6RouteEntryTable and ipRouteEntryTable.
11099 */
11100 static void
ip_snmp_get2_v6_route(ire_t * ire,iproutedata_t * ird)11101 ip_snmp_get2_v6_route(ire_t *ire, iproutedata_t *ird)
11102 {
11103 ill_t *ill;
11104 mib2_ipv6RouteEntry_t *re;
11105 mib2_ipAttributeEntry_t iaes;
11106 tsol_ire_gw_secattr_t *attrp;
11107 tsol_gc_t *gc = NULL;
11108 tsol_gcgrp_t *gcgrp = NULL;
11109 ip_stack_t *ipst = ire->ire_ipst;
11110
11111 ASSERT(ire->ire_ipversion == IPV6_VERSION);
11112
11113 if (!(ird->ird_flags & IRD_REPORT_ALL)) {
11114 if (ire->ire_testhidden)
11115 return;
11116 if (ire->ire_type & IRE_IF_CLONE)
11117 return;
11118 }
11119
11120 if ((re = kmem_zalloc(sizeof (*re), KM_NOSLEEP)) == NULL)
11121 return;
11122
11123 if ((attrp = ire->ire_gw_secattr) != NULL) {
11124 mutex_enter(&attrp->igsa_lock);
11125 if ((gc = attrp->igsa_gc) != NULL) {
11126 gcgrp = gc->gc_grp;
11127 ASSERT(gcgrp != NULL);
11128 rw_enter(&gcgrp->gcgrp_rwlock, RW_READER);
11129 }
11130 mutex_exit(&attrp->igsa_lock);
11131 }
11132 /*
11133 * Return all IRE types for route table... let caller pick and choose
11134 */
11135 re->ipv6RouteDest = ire->ire_addr_v6;
11136 re->ipv6RoutePfxLength = ip_mask_to_plen_v6(&ire->ire_mask_v6);
11137 re->ipv6RouteIndex = 0; /* Unique when multiple with same dest/plen */
11138 re->ipv6RouteIfIndex.o_length = 0;
11139 ill = ire->ire_ill;
11140 if (ill != NULL) {
11141 ill_get_name(ill, re->ipv6RouteIfIndex.o_bytes, OCTET_LENGTH);
11142 re->ipv6RouteIfIndex.o_length =
11143 mi_strlen(re->ipv6RouteIfIndex.o_bytes);
11144 }
11145
11146 ASSERT(!(ire->ire_type & IRE_BROADCAST));
11147
11148 mutex_enter(&ire->ire_lock);
11149 re->ipv6RouteNextHop = ire->ire_gateway_addr_v6;
11150 mutex_exit(&ire->ire_lock);
11151
11152 /* remote(4), local(3), or discard(2) */
11153 if (ire->ire_flags & (RTF_REJECT | RTF_BLACKHOLE))
11154 re->ipv6RouteType = 2;
11155 else if (ire->ire_type & IRE_ONLINK)
11156 re->ipv6RouteType = 3;
11157 else
11158 re->ipv6RouteType = 4;
11159
11160 re->ipv6RouteProtocol = -1;
11161 re->ipv6RoutePolicy = 0;
11162 re->ipv6RouteAge = gethrestime_sec() - ire->ire_create_time;
11163 re->ipv6RouteNextHopRDI = 0;
11164 re->ipv6RouteWeight = 0;
11165 re->ipv6RouteMetric = 0;
11166 re->ipv6RouteInfo.re_max_frag = ire->ire_metrics.iulp_mtu;
11167 if (ire->ire_ill != NULL && re->ipv6RouteInfo.re_max_frag == 0)
11168 re->ipv6RouteInfo.re_max_frag = ire->ire_ill->ill_mtu;
11169
11170 re->ipv6RouteInfo.re_frag_flag = 0;
11171 re->ipv6RouteInfo.re_rtt = 0;
11172 re->ipv6RouteInfo.re_src_addr = ipv6_all_zeros;
11173 re->ipv6RouteInfo.re_obpkt = ire->ire_ob_pkt_count;
11174 re->ipv6RouteInfo.re_ibpkt = ire->ire_ib_pkt_count;
11175 re->ipv6RouteInfo.re_ref = ire->ire_refcnt;
11176 re->ipv6RouteInfo.re_flags = ire->ire_flags;
11177
11178 /* Add the IRE_IF_CLONE's counters to their parent IRE_INTERFACE */
11179 if (ire->ire_type & IRE_INTERFACE) {
11180 ire_t *child;
11181
11182 rw_enter(&ipst->ips_ire_dep_lock, RW_READER);
11183 child = ire->ire_dep_children;
11184 while (child != NULL) {
11185 re->ipv6RouteInfo.re_obpkt += child->ire_ob_pkt_count;
11186 re->ipv6RouteInfo.re_ibpkt += child->ire_ib_pkt_count;
11187 child = child->ire_dep_sib_next;
11188 }
11189 rw_exit(&ipst->ips_ire_dep_lock);
11190 }
11191 if (ire->ire_flags & RTF_DYNAMIC) {
11192 re->ipv6RouteInfo.re_ire_type = IRE_HOST_REDIRECT;
11193 } else {
11194 re->ipv6RouteInfo.re_ire_type = ire->ire_type;
11195 }
11196
11197 if (!snmp_append_data2(ird->ird_route.lp_head, &ird->ird_route.lp_tail,
11198 (char *)re, (int)sizeof (*re))) {
11199 ip1dbg(("ip_snmp_get2_v6: failed to allocate %u bytes\n",
11200 (uint_t)sizeof (*re)));
11201 }
11202
11203 if (gc != NULL) {
11204 iaes.iae_routeidx = ird->ird_idx;
11205 iaes.iae_doi = gc->gc_db->gcdb_doi;
11206 iaes.iae_slrange = gc->gc_db->gcdb_slrange;
11207
11208 if (!snmp_append_data2(ird->ird_attrs.lp_head,
11209 &ird->ird_attrs.lp_tail, (char *)&iaes, sizeof (iaes))) {
11210 ip1dbg(("ip_snmp_get2_v6: failed to allocate %u "
11211 "bytes\n", (uint_t)sizeof (iaes)));
11212 }
11213 }
11214
11215 /* bump route index for next pass */
11216 ird->ird_idx++;
11217
11218 kmem_free(re, sizeof (*re));
11219 if (gcgrp != NULL)
11220 rw_exit(&gcgrp->gcgrp_rwlock);
11221 }
11222
11223 /*
11224 * ncec_walk routine to create ipv6NetToMediaEntryTable
11225 */
11226 static void
ip_snmp_get2_v6_media(ncec_t * ncec,void * ptr)11227 ip_snmp_get2_v6_media(ncec_t *ncec, void *ptr)
11228 {
11229 iproutedata_t *ird = ptr;
11230 ill_t *ill;
11231 mib2_ipv6NetToMediaEntry_t ntme;
11232
11233 ill = ncec->ncec_ill;
11234 /* skip arpce entries, and loopback ncec entries */
11235 if (ill->ill_isv6 == B_FALSE || ill->ill_net_type == IRE_LOOPBACK)
11236 return;
11237 /*
11238 * Neighbor cache entry attached to IRE with on-link
11239 * destination.
11240 * We report all IPMP groups on ncec_ill which is normally the upper.
11241 */
11242 ntme.ipv6NetToMediaIfIndex = ill->ill_phyint->phyint_ifindex;
11243 ntme.ipv6NetToMediaNetAddress = ncec->ncec_addr;
11244 ntme.ipv6NetToMediaPhysAddress.o_length = ill->ill_phys_addr_length;
11245 if (ncec->ncec_lladdr != NULL) {
11246 bcopy(ncec->ncec_lladdr, ntme.ipv6NetToMediaPhysAddress.o_bytes,
11247 ntme.ipv6NetToMediaPhysAddress.o_length);
11248 }
11249 /*
11250 * Note: Returns ND_* states. Should be:
11251 * reachable(1), stale(2), delay(3), probe(4),
11252 * invalid(5), unknown(6)
11253 */
11254 ntme.ipv6NetToMediaState = ncec->ncec_state;
11255 ntme.ipv6NetToMediaLastUpdated = 0;
11256
11257 /* other(1), dynamic(2), static(3), local(4) */
11258 if (NCE_MYADDR(ncec)) {
11259 ntme.ipv6NetToMediaType = 4;
11260 } else if (ncec->ncec_flags & NCE_F_PUBLISH) {
11261 ntme.ipv6NetToMediaType = 1; /* proxy */
11262 } else if (ncec->ncec_flags & NCE_F_STATIC) {
11263 ntme.ipv6NetToMediaType = 3;
11264 } else if (ncec->ncec_flags & (NCE_F_MCAST|NCE_F_BCAST)) {
11265 ntme.ipv6NetToMediaType = 1;
11266 } else {
11267 ntme.ipv6NetToMediaType = 2;
11268 }
11269
11270 if (!snmp_append_data2(ird->ird_netmedia.lp_head,
11271 &ird->ird_netmedia.lp_tail, (char *)&ntme, sizeof (ntme))) {
11272 ip1dbg(("ip_snmp_get2_v6_media: failed to allocate %u bytes\n",
11273 (uint_t)sizeof (ntme)));
11274 }
11275 }
11276
11277 int
nce2ace(ncec_t * ncec)11278 nce2ace(ncec_t *ncec)
11279 {
11280 int flags = 0;
11281
11282 if (NCE_ISREACHABLE(ncec))
11283 flags |= ACE_F_RESOLVED;
11284 if (ncec->ncec_flags & NCE_F_AUTHORITY)
11285 flags |= ACE_F_AUTHORITY;
11286 if (ncec->ncec_flags & NCE_F_PUBLISH)
11287 flags |= ACE_F_PUBLISH;
11288 if ((ncec->ncec_flags & NCE_F_NONUD) != 0)
11289 flags |= ACE_F_PERMANENT;
11290 if (NCE_MYADDR(ncec))
11291 flags |= (ACE_F_MYADDR | ACE_F_AUTHORITY);
11292 if (ncec->ncec_flags & NCE_F_UNVERIFIED)
11293 flags |= ACE_F_UNVERIFIED;
11294 if (ncec->ncec_flags & NCE_F_AUTHORITY)
11295 flags |= ACE_F_AUTHORITY;
11296 if (ncec->ncec_flags & NCE_F_DELAYED)
11297 flags |= ACE_F_DELAYED;
11298 return (flags);
11299 }
11300
11301 /*
11302 * ncec_walk routine to create ipNetToMediaEntryTable
11303 */
11304 static void
ip_snmp_get2_v4_media(ncec_t * ncec,void * ptr)11305 ip_snmp_get2_v4_media(ncec_t *ncec, void *ptr)
11306 {
11307 iproutedata_t *ird = ptr;
11308 ill_t *ill;
11309 mib2_ipNetToMediaEntry_t ntme;
11310 const char *name = "unknown";
11311 ipaddr_t ncec_addr;
11312
11313 ill = ncec->ncec_ill;
11314 if (ill->ill_isv6 || (ncec->ncec_flags & NCE_F_BCAST) ||
11315 ill->ill_net_type == IRE_LOOPBACK)
11316 return;
11317
11318 /* We report all IPMP groups on ncec_ill which is normally the upper. */
11319 name = ill->ill_name;
11320 /* Based on RFC 4293: other(1), inval(2), dyn(3), stat(4) */
11321 if (NCE_MYADDR(ncec)) {
11322 ntme.ipNetToMediaType = 4;
11323 } else if (ncec->ncec_flags & (NCE_F_MCAST|NCE_F_BCAST|NCE_F_PUBLISH)) {
11324 ntme.ipNetToMediaType = 1;
11325 } else {
11326 ntme.ipNetToMediaType = 3;
11327 }
11328 ntme.ipNetToMediaIfIndex.o_length = MIN(OCTET_LENGTH, strlen(name));
11329 bcopy(name, ntme.ipNetToMediaIfIndex.o_bytes,
11330 ntme.ipNetToMediaIfIndex.o_length);
11331
11332 IN6_V4MAPPED_TO_IPADDR(&ncec->ncec_addr, ncec_addr);
11333 bcopy(&ncec_addr, &ntme.ipNetToMediaNetAddress, sizeof (ncec_addr));
11334
11335 ntme.ipNetToMediaInfo.ntm_mask.o_length = sizeof (ipaddr_t);
11336 ncec_addr = INADDR_BROADCAST;
11337 bcopy(&ncec_addr, ntme.ipNetToMediaInfo.ntm_mask.o_bytes,
11338 sizeof (ncec_addr));
11339 /*
11340 * map all the flags to the ACE counterpart.
11341 */
11342 ntme.ipNetToMediaInfo.ntm_flags = nce2ace(ncec);
11343
11344 ntme.ipNetToMediaPhysAddress.o_length =
11345 MIN(OCTET_LENGTH, ill->ill_phys_addr_length);
11346
11347 if (!NCE_ISREACHABLE(ncec))
11348 ntme.ipNetToMediaPhysAddress.o_length = 0;
11349 else {
11350 if (ncec->ncec_lladdr != NULL) {
11351 bcopy(ncec->ncec_lladdr,
11352 ntme.ipNetToMediaPhysAddress.o_bytes,
11353 ntme.ipNetToMediaPhysAddress.o_length);
11354 }
11355 }
11356
11357 if (!snmp_append_data2(ird->ird_netmedia.lp_head,
11358 &ird->ird_netmedia.lp_tail, (char *)&ntme, sizeof (ntme))) {
11359 ip1dbg(("ip_snmp_get2_v4_media: failed to allocate %u bytes\n",
11360 (uint_t)sizeof (ntme)));
11361 }
11362 }
11363
11364 /*
11365 * return (0) if invalid set request, 1 otherwise, including non-tcp requests
11366 */
11367 /* ARGSUSED */
11368 int
ip_snmp_set(queue_t * q,int level,int name,uchar_t * ptr,int len)11369 ip_snmp_set(queue_t *q, int level, int name, uchar_t *ptr, int len)
11370 {
11371 switch (level) {
11372 case MIB2_IP:
11373 case MIB2_ICMP:
11374 switch (name) {
11375 default:
11376 break;
11377 }
11378 return (1);
11379 default:
11380 return (1);
11381 }
11382 }
11383
11384 /*
11385 * When there exists both a 64- and 32-bit counter of a particular type
11386 * (i.e., InReceives), only the 64-bit counters are added.
11387 */
11388 void
ip_mib2_add_ip_stats(mib2_ipIfStatsEntry_t * o1,mib2_ipIfStatsEntry_t * o2)11389 ip_mib2_add_ip_stats(mib2_ipIfStatsEntry_t *o1, mib2_ipIfStatsEntry_t *o2)
11390 {
11391 UPDATE_MIB(o1, ipIfStatsInHdrErrors, o2->ipIfStatsInHdrErrors);
11392 UPDATE_MIB(o1, ipIfStatsInTooBigErrors, o2->ipIfStatsInTooBigErrors);
11393 UPDATE_MIB(o1, ipIfStatsInNoRoutes, o2->ipIfStatsInNoRoutes);
11394 UPDATE_MIB(o1, ipIfStatsInAddrErrors, o2->ipIfStatsInAddrErrors);
11395 UPDATE_MIB(o1, ipIfStatsInUnknownProtos, o2->ipIfStatsInUnknownProtos);
11396 UPDATE_MIB(o1, ipIfStatsInTruncatedPkts, o2->ipIfStatsInTruncatedPkts);
11397 UPDATE_MIB(o1, ipIfStatsInDiscards, o2->ipIfStatsInDiscards);
11398 UPDATE_MIB(o1, ipIfStatsOutDiscards, o2->ipIfStatsOutDiscards);
11399 UPDATE_MIB(o1, ipIfStatsOutFragOKs, o2->ipIfStatsOutFragOKs);
11400 UPDATE_MIB(o1, ipIfStatsOutFragFails, o2->ipIfStatsOutFragFails);
11401 UPDATE_MIB(o1, ipIfStatsOutFragCreates, o2->ipIfStatsOutFragCreates);
11402 UPDATE_MIB(o1, ipIfStatsReasmReqds, o2->ipIfStatsReasmReqds);
11403 UPDATE_MIB(o1, ipIfStatsReasmOKs, o2->ipIfStatsReasmOKs);
11404 UPDATE_MIB(o1, ipIfStatsReasmFails, o2->ipIfStatsReasmFails);
11405 UPDATE_MIB(o1, ipIfStatsOutNoRoutes, o2->ipIfStatsOutNoRoutes);
11406 UPDATE_MIB(o1, ipIfStatsReasmDuplicates, o2->ipIfStatsReasmDuplicates);
11407 UPDATE_MIB(o1, ipIfStatsReasmPartDups, o2->ipIfStatsReasmPartDups);
11408 UPDATE_MIB(o1, ipIfStatsForwProhibits, o2->ipIfStatsForwProhibits);
11409 UPDATE_MIB(o1, udpInCksumErrs, o2->udpInCksumErrs);
11410 UPDATE_MIB(o1, udpInOverflows, o2->udpInOverflows);
11411 UPDATE_MIB(o1, rawipInOverflows, o2->rawipInOverflows);
11412 UPDATE_MIB(o1, ipIfStatsInWrongIPVersion,
11413 o2->ipIfStatsInWrongIPVersion);
11414 UPDATE_MIB(o1, ipIfStatsOutWrongIPVersion,
11415 o2->ipIfStatsInWrongIPVersion);
11416 UPDATE_MIB(o1, ipIfStatsOutSwitchIPVersion,
11417 o2->ipIfStatsOutSwitchIPVersion);
11418 UPDATE_MIB(o1, ipIfStatsHCInReceives, o2->ipIfStatsHCInReceives);
11419 UPDATE_MIB(o1, ipIfStatsHCInOctets, o2->ipIfStatsHCInOctets);
11420 UPDATE_MIB(o1, ipIfStatsHCInForwDatagrams,
11421 o2->ipIfStatsHCInForwDatagrams);
11422 UPDATE_MIB(o1, ipIfStatsHCInDelivers, o2->ipIfStatsHCInDelivers);
11423 UPDATE_MIB(o1, ipIfStatsHCOutRequests, o2->ipIfStatsHCOutRequests);
11424 UPDATE_MIB(o1, ipIfStatsHCOutForwDatagrams,
11425 o2->ipIfStatsHCOutForwDatagrams);
11426 UPDATE_MIB(o1, ipIfStatsOutFragReqds, o2->ipIfStatsOutFragReqds);
11427 UPDATE_MIB(o1, ipIfStatsHCOutTransmits, o2->ipIfStatsHCOutTransmits);
11428 UPDATE_MIB(o1, ipIfStatsHCOutOctets, o2->ipIfStatsHCOutOctets);
11429 UPDATE_MIB(o1, ipIfStatsHCInMcastPkts, o2->ipIfStatsHCInMcastPkts);
11430 UPDATE_MIB(o1, ipIfStatsHCInMcastOctets, o2->ipIfStatsHCInMcastOctets);
11431 UPDATE_MIB(o1, ipIfStatsHCOutMcastPkts, o2->ipIfStatsHCOutMcastPkts);
11432 UPDATE_MIB(o1, ipIfStatsHCOutMcastOctets,
11433 o2->ipIfStatsHCOutMcastOctets);
11434 UPDATE_MIB(o1, ipIfStatsHCInBcastPkts, o2->ipIfStatsHCInBcastPkts);
11435 UPDATE_MIB(o1, ipIfStatsHCOutBcastPkts, o2->ipIfStatsHCOutBcastPkts);
11436 UPDATE_MIB(o1, ipsecInSucceeded, o2->ipsecInSucceeded);
11437 UPDATE_MIB(o1, ipsecInFailed, o2->ipsecInFailed);
11438 UPDATE_MIB(o1, ipInCksumErrs, o2->ipInCksumErrs);
11439 UPDATE_MIB(o1, tcpInErrs, o2->tcpInErrs);
11440 UPDATE_MIB(o1, udpNoPorts, o2->udpNoPorts);
11441 }
11442
11443 void
ip_mib2_add_icmp6_stats(mib2_ipv6IfIcmpEntry_t * o1,mib2_ipv6IfIcmpEntry_t * o2)11444 ip_mib2_add_icmp6_stats(mib2_ipv6IfIcmpEntry_t *o1, mib2_ipv6IfIcmpEntry_t *o2)
11445 {
11446 UPDATE_MIB(o1, ipv6IfIcmpInMsgs, o2->ipv6IfIcmpInMsgs);
11447 UPDATE_MIB(o1, ipv6IfIcmpInErrors, o2->ipv6IfIcmpInErrors);
11448 UPDATE_MIB(o1, ipv6IfIcmpInDestUnreachs, o2->ipv6IfIcmpInDestUnreachs);
11449 UPDATE_MIB(o1, ipv6IfIcmpInAdminProhibs, o2->ipv6IfIcmpInAdminProhibs);
11450 UPDATE_MIB(o1, ipv6IfIcmpInTimeExcds, o2->ipv6IfIcmpInTimeExcds);
11451 UPDATE_MIB(o1, ipv6IfIcmpInParmProblems, o2->ipv6IfIcmpInParmProblems);
11452 UPDATE_MIB(o1, ipv6IfIcmpInPktTooBigs, o2->ipv6IfIcmpInPktTooBigs);
11453 UPDATE_MIB(o1, ipv6IfIcmpInEchos, o2->ipv6IfIcmpInEchos);
11454 UPDATE_MIB(o1, ipv6IfIcmpInEchoReplies, o2->ipv6IfIcmpInEchoReplies);
11455 UPDATE_MIB(o1, ipv6IfIcmpInRouterSolicits,
11456 o2->ipv6IfIcmpInRouterSolicits);
11457 UPDATE_MIB(o1, ipv6IfIcmpInRouterAdvertisements,
11458 o2->ipv6IfIcmpInRouterAdvertisements);
11459 UPDATE_MIB(o1, ipv6IfIcmpInNeighborSolicits,
11460 o2->ipv6IfIcmpInNeighborSolicits);
11461 UPDATE_MIB(o1, ipv6IfIcmpInNeighborAdvertisements,
11462 o2->ipv6IfIcmpInNeighborAdvertisements);
11463 UPDATE_MIB(o1, ipv6IfIcmpInRedirects, o2->ipv6IfIcmpInRedirects);
11464 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembQueries,
11465 o2->ipv6IfIcmpInGroupMembQueries);
11466 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembResponses,
11467 o2->ipv6IfIcmpInGroupMembResponses);
11468 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembReductions,
11469 o2->ipv6IfIcmpInGroupMembReductions);
11470 UPDATE_MIB(o1, ipv6IfIcmpOutMsgs, o2->ipv6IfIcmpOutMsgs);
11471 UPDATE_MIB(o1, ipv6IfIcmpOutErrors, o2->ipv6IfIcmpOutErrors);
11472 UPDATE_MIB(o1, ipv6IfIcmpOutDestUnreachs,
11473 o2->ipv6IfIcmpOutDestUnreachs);
11474 UPDATE_MIB(o1, ipv6IfIcmpOutAdminProhibs,
11475 o2->ipv6IfIcmpOutAdminProhibs);
11476 UPDATE_MIB(o1, ipv6IfIcmpOutTimeExcds, o2->ipv6IfIcmpOutTimeExcds);
11477 UPDATE_MIB(o1, ipv6IfIcmpOutParmProblems,
11478 o2->ipv6IfIcmpOutParmProblems);
11479 UPDATE_MIB(o1, ipv6IfIcmpOutPktTooBigs, o2->ipv6IfIcmpOutPktTooBigs);
11480 UPDATE_MIB(o1, ipv6IfIcmpOutEchos, o2->ipv6IfIcmpOutEchos);
11481 UPDATE_MIB(o1, ipv6IfIcmpOutEchoReplies, o2->ipv6IfIcmpOutEchoReplies);
11482 UPDATE_MIB(o1, ipv6IfIcmpOutRouterSolicits,
11483 o2->ipv6IfIcmpOutRouterSolicits);
11484 UPDATE_MIB(o1, ipv6IfIcmpOutRouterAdvertisements,
11485 o2->ipv6IfIcmpOutRouterAdvertisements);
11486 UPDATE_MIB(o1, ipv6IfIcmpOutNeighborSolicits,
11487 o2->ipv6IfIcmpOutNeighborSolicits);
11488 UPDATE_MIB(o1, ipv6IfIcmpOutNeighborAdvertisements,
11489 o2->ipv6IfIcmpOutNeighborAdvertisements);
11490 UPDATE_MIB(o1, ipv6IfIcmpOutRedirects, o2->ipv6IfIcmpOutRedirects);
11491 UPDATE_MIB(o1, ipv6IfIcmpOutGroupMembQueries,
11492 o2->ipv6IfIcmpOutGroupMembQueries);
11493 UPDATE_MIB(o1, ipv6IfIcmpOutGroupMembResponses,
11494 o2->ipv6IfIcmpOutGroupMembResponses);
11495 UPDATE_MIB(o1, ipv6IfIcmpOutGroupMembReductions,
11496 o2->ipv6IfIcmpOutGroupMembReductions);
11497 UPDATE_MIB(o1, ipv6IfIcmpInOverflows, o2->ipv6IfIcmpInOverflows);
11498 UPDATE_MIB(o1, ipv6IfIcmpBadHoplimit, o2->ipv6IfIcmpBadHoplimit);
11499 UPDATE_MIB(o1, ipv6IfIcmpInBadNeighborAdvertisements,
11500 o2->ipv6IfIcmpInBadNeighborAdvertisements);
11501 UPDATE_MIB(o1, ipv6IfIcmpInBadNeighborSolicitations,
11502 o2->ipv6IfIcmpInBadNeighborSolicitations);
11503 UPDATE_MIB(o1, ipv6IfIcmpInBadRedirects, o2->ipv6IfIcmpInBadRedirects);
11504 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembTotal,
11505 o2->ipv6IfIcmpInGroupMembTotal);
11506 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembBadQueries,
11507 o2->ipv6IfIcmpInGroupMembBadQueries);
11508 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembBadReports,
11509 o2->ipv6IfIcmpInGroupMembBadReports);
11510 UPDATE_MIB(o1, ipv6IfIcmpInGroupMembOurReports,
11511 o2->ipv6IfIcmpInGroupMembOurReports);
11512 }
11513
11514 /*
11515 * Called before the options are updated to check if this packet will
11516 * be source routed from here.
11517 * This routine assumes that the options are well formed i.e. that they
11518 * have already been checked.
11519 */
11520 boolean_t
ip_source_routed(ipha_t * ipha,ip_stack_t * ipst)11521 ip_source_routed(ipha_t *ipha, ip_stack_t *ipst)
11522 {
11523 ipoptp_t opts;
11524 uchar_t *opt;
11525 uint8_t optval;
11526 uint8_t optlen;
11527 ipaddr_t dst;
11528
11529 if (IS_SIMPLE_IPH(ipha)) {
11530 ip2dbg(("not source routed\n"));
11531 return (B_FALSE);
11532 }
11533 dst = ipha->ipha_dst;
11534 for (optval = ipoptp_first(&opts, ipha);
11535 optval != IPOPT_EOL;
11536 optval = ipoptp_next(&opts)) {
11537 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0);
11538 opt = opts.ipoptp_cur;
11539 optlen = opts.ipoptp_len;
11540 ip2dbg(("ip_source_routed: opt %d, len %d\n",
11541 optval, optlen));
11542 switch (optval) {
11543 uint32_t off;
11544 case IPOPT_SSRR:
11545 case IPOPT_LSRR:
11546 /*
11547 * If dst is one of our addresses and there are some
11548 * entries left in the source route return (true).
11549 */
11550 if (ip_type_v4(dst, ipst) != IRE_LOCAL) {
11551 ip2dbg(("ip_source_routed: not next"
11552 " source route 0x%x\n",
11553 ntohl(dst)));
11554 return (B_FALSE);
11555 }
11556 off = opt[IPOPT_OFFSET];
11557 off--;
11558 if (optlen < IP_ADDR_LEN ||
11559 off > optlen - IP_ADDR_LEN) {
11560 /* End of source route */
11561 ip1dbg(("ip_source_routed: end of SR\n"));
11562 return (B_FALSE);
11563 }
11564 return (B_TRUE);
11565 }
11566 }
11567 ip2dbg(("not source routed\n"));
11568 return (B_FALSE);
11569 }
11570
11571 /*
11572 * ip_unbind is called by the transports to remove a conn from
11573 * the fanout table.
11574 */
11575 void
ip_unbind(conn_t * connp)11576 ip_unbind(conn_t *connp)
11577 {
11578
11579 ASSERT(!MUTEX_HELD(&connp->conn_lock));
11580
11581 if (is_system_labeled() && connp->conn_anon_port) {
11582 (void) tsol_mlp_anon(crgetzone(connp->conn_cred),
11583 connp->conn_mlp_type, connp->conn_proto,
11584 ntohs(connp->conn_lport), B_FALSE);
11585 connp->conn_anon_port = 0;
11586 }
11587 connp->conn_mlp_type = mlptSingle;
11588
11589 ipcl_hash_remove(connp);
11590 }
11591
11592 /*
11593 * Used for deciding the MSS size for the upper layer. Thus
11594 * we need to check the outbound policy values in the conn.
11595 */
11596 int
conn_ipsec_length(conn_t * connp)11597 conn_ipsec_length(conn_t *connp)
11598 {
11599 ipsec_latch_t *ipl;
11600
11601 ipl = connp->conn_latch;
11602 if (ipl == NULL)
11603 return (0);
11604
11605 if (connp->conn_ixa->ixa_ipsec_policy == NULL)
11606 return (0);
11607
11608 return (connp->conn_ixa->ixa_ipsec_policy->ipsp_act->ipa_ovhd);
11609 }
11610
11611 /*
11612 * Returns an estimate of the IPsec headers size. This is used if
11613 * we don't want to call into IPsec to get the exact size.
11614 */
11615 int
ipsec_out_extra_length(ip_xmit_attr_t * ixa)11616 ipsec_out_extra_length(ip_xmit_attr_t *ixa)
11617 {
11618 ipsec_action_t *a;
11619
11620 if (!(ixa->ixa_flags & IXAF_IPSEC_SECURE))
11621 return (0);
11622
11623 a = ixa->ixa_ipsec_action;
11624 if (a == NULL) {
11625 ASSERT(ixa->ixa_ipsec_policy != NULL);
11626 a = ixa->ixa_ipsec_policy->ipsp_act;
11627 }
11628 ASSERT(a != NULL);
11629
11630 return (a->ipa_ovhd);
11631 }
11632
11633 /*
11634 * If there are any source route options, return the true final
11635 * destination. Otherwise, return the destination.
11636 */
11637 ipaddr_t
ip_get_dst(ipha_t * ipha)11638 ip_get_dst(ipha_t *ipha)
11639 {
11640 ipoptp_t opts;
11641 uchar_t *opt;
11642 uint8_t optval;
11643 uint8_t optlen;
11644 ipaddr_t dst;
11645 uint32_t off;
11646
11647 dst = ipha->ipha_dst;
11648
11649 if (IS_SIMPLE_IPH(ipha))
11650 return (dst);
11651
11652 for (optval = ipoptp_first(&opts, ipha);
11653 optval != IPOPT_EOL;
11654 optval = ipoptp_next(&opts)) {
11655 opt = opts.ipoptp_cur;
11656 optlen = opts.ipoptp_len;
11657 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0);
11658 switch (optval) {
11659 case IPOPT_SSRR:
11660 case IPOPT_LSRR:
11661 off = opt[IPOPT_OFFSET];
11662 /*
11663 * If one of the conditions is true, it means
11664 * end of options and dst already has the right
11665 * value.
11666 */
11667 if (!(optlen < IP_ADDR_LEN || off > optlen - 3)) {
11668 off = optlen - IP_ADDR_LEN;
11669 bcopy(&opt[off], &dst, IP_ADDR_LEN);
11670 }
11671 return (dst);
11672 default:
11673 break;
11674 }
11675 }
11676
11677 return (dst);
11678 }
11679
11680 /*
11681 * Outbound IP fragmentation routine.
11682 * Assumes the caller has checked whether or not fragmentation should
11683 * be allowed. Here we copy the DF bit from the header to all the generated
11684 * fragments.
11685 */
11686 int
ip_fragment_v4(mblk_t * mp_orig,nce_t * nce,iaflags_t ixaflags,uint_t pkt_len,uint32_t max_frag,uint32_t xmit_hint,zoneid_t szone,zoneid_t nolzid,pfirepostfrag_t postfragfn,uintptr_t * ixa_cookie)11687 ip_fragment_v4(mblk_t *mp_orig, nce_t *nce, iaflags_t ixaflags,
11688 uint_t pkt_len, uint32_t max_frag, uint32_t xmit_hint, zoneid_t szone,
11689 zoneid_t nolzid, pfirepostfrag_t postfragfn, uintptr_t *ixa_cookie)
11690 {
11691 int i1;
11692 int hdr_len;
11693 mblk_t *hdr_mp;
11694 ipha_t *ipha;
11695 int ip_data_end;
11696 int len;
11697 mblk_t *mp = mp_orig;
11698 int offset;
11699 ill_t *ill = nce->nce_ill;
11700 ip_stack_t *ipst = ill->ill_ipst;
11701 mblk_t *carve_mp;
11702 uint32_t frag_flag;
11703 uint_t priority = mp->b_band;
11704 int error = 0;
11705
11706 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragReqds);
11707
11708 if (pkt_len != msgdsize(mp)) {
11709 ip0dbg(("Packet length mismatch: %d, %ld\n",
11710 pkt_len, msgdsize(mp)));
11711 freemsg(mp);
11712 return (EINVAL);
11713 }
11714
11715 if (max_frag == 0) {
11716 ip1dbg(("ip_fragment_v4: max_frag is zero. Dropping packet\n"));
11717 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails);
11718 ip_drop_output("FragFails: zero max_frag", mp, ill);
11719 freemsg(mp);
11720 return (EINVAL);
11721 }
11722
11723 ASSERT(MBLKL(mp) >= sizeof (ipha_t));
11724 ipha = (ipha_t *)mp->b_rptr;
11725 ASSERT(ntohs(ipha->ipha_length) == pkt_len);
11726 frag_flag = ntohs(ipha->ipha_fragment_offset_and_flags) & IPH_DF;
11727
11728 /*
11729 * Establish the starting offset. May not be zero if we are fragging
11730 * a fragment that is being forwarded.
11731 */
11732 offset = ntohs(ipha->ipha_fragment_offset_and_flags) & IPH_OFFSET;
11733
11734 /* TODO why is this test needed? */
11735 if (((max_frag - ntohs(ipha->ipha_length)) & ~7) < 8) {
11736 /* TODO: notify ulp somehow */
11737 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails);
11738 ip_drop_output("FragFails: bad starting offset", mp, ill);
11739 freemsg(mp);
11740 return (EINVAL);
11741 }
11742
11743 hdr_len = IPH_HDR_LENGTH(ipha);
11744 ipha->ipha_hdr_checksum = 0;
11745
11746 /*
11747 * Establish the number of bytes maximum per frag, after putting
11748 * in the header.
11749 */
11750 len = (max_frag - hdr_len) & ~7;
11751
11752 /* Get a copy of the header for the trailing frags */
11753 hdr_mp = ip_fragment_copyhdr((uchar_t *)ipha, hdr_len, offset, ipst,
11754 mp);
11755 if (hdr_mp == NULL) {
11756 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails);
11757 ip_drop_output("FragFails: no hdr_mp", mp, ill);
11758 freemsg(mp);
11759 return (ENOBUFS);
11760 }
11761
11762 /* Store the starting offset, with the MoreFrags flag. */
11763 i1 = offset | IPH_MF | frag_flag;
11764 ipha->ipha_fragment_offset_and_flags = htons((uint16_t)i1);
11765
11766 /* Establish the ending byte offset, based on the starting offset. */
11767 offset <<= 3;
11768 ip_data_end = offset + ntohs(ipha->ipha_length) - hdr_len;
11769
11770 /* Store the length of the first fragment in the IP header. */
11771 i1 = len + hdr_len;
11772 ASSERT(i1 <= IP_MAXPACKET);
11773 ipha->ipha_length = htons((uint16_t)i1);
11774
11775 /*
11776 * Compute the IP header checksum for the first frag. We have to
11777 * watch out that we stop at the end of the header.
11778 */
11779 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha);
11780
11781 /*
11782 * Now carve off the first frag. Note that this will include the
11783 * original IP header.
11784 */
11785 if (!(mp = ip_carve_mp(&mp_orig, i1))) {
11786 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails);
11787 ip_drop_output("FragFails: could not carve mp", mp_orig, ill);
11788 freeb(hdr_mp);
11789 freemsg(mp_orig);
11790 return (ENOBUFS);
11791 }
11792
11793 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragCreates);
11794
11795 error = postfragfn(mp, nce, ixaflags, i1, xmit_hint, szone, nolzid,
11796 ixa_cookie);
11797 if (error != 0 && error != EWOULDBLOCK) {
11798 /* No point in sending the other fragments */
11799 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails);
11800 ip_drop_output("FragFails: postfragfn failed", mp_orig, ill);
11801 freeb(hdr_mp);
11802 freemsg(mp_orig);
11803 return (error);
11804 }
11805
11806 /* No need to redo state machine in loop */
11807 ixaflags &= ~IXAF_REACH_CONF;
11808
11809 /* Advance the offset to the second frag starting point. */
11810 offset += len;
11811 /*
11812 * Update hdr_len from the copied header - there might be less options
11813 * in the later fragments.
11814 */
11815 hdr_len = IPH_HDR_LENGTH(hdr_mp->b_rptr);
11816 /* Loop until done. */
11817 for (;;) {
11818 uint16_t offset_and_flags;
11819 uint16_t ip_len;
11820
11821 if (ip_data_end - offset > len) {
11822 /*
11823 * Carve off the appropriate amount from the original
11824 * datagram.
11825 */
11826 if (!(carve_mp = ip_carve_mp(&mp_orig, len))) {
11827 mp = NULL;
11828 break;
11829 }
11830 /*
11831 * More frags after this one. Get another copy
11832 * of the header.
11833 */
11834 if (carve_mp->b_datap->db_ref == 1 &&
11835 hdr_mp->b_wptr - hdr_mp->b_rptr <
11836 carve_mp->b_rptr - carve_mp->b_datap->db_base) {
11837 /* Inline IP header */
11838 carve_mp->b_rptr -= hdr_mp->b_wptr -
11839 hdr_mp->b_rptr;
11840 bcopy(hdr_mp->b_rptr, carve_mp->b_rptr,
11841 hdr_mp->b_wptr - hdr_mp->b_rptr);
11842 mp = carve_mp;
11843 } else {
11844 if (!(mp = copyb(hdr_mp))) {
11845 freemsg(carve_mp);
11846 break;
11847 }
11848 /* Get priority marking, if any. */
11849 mp->b_band = priority;
11850 mp->b_cont = carve_mp;
11851 }
11852 ipha = (ipha_t *)mp->b_rptr;
11853 offset_and_flags = IPH_MF;
11854 } else {
11855 /*
11856 * Last frag. Consume the header. Set len to
11857 * the length of this last piece.
11858 */
11859 len = ip_data_end - offset;
11860
11861 /*
11862 * Carve off the appropriate amount from the original
11863 * datagram.
11864 */
11865 if (!(carve_mp = ip_carve_mp(&mp_orig, len))) {
11866 mp = NULL;
11867 break;
11868 }
11869 if (carve_mp->b_datap->db_ref == 1 &&
11870 hdr_mp->b_wptr - hdr_mp->b_rptr <
11871 carve_mp->b_rptr - carve_mp->b_datap->db_base) {
11872 /* Inline IP header */
11873 carve_mp->b_rptr -= hdr_mp->b_wptr -
11874 hdr_mp->b_rptr;
11875 bcopy(hdr_mp->b_rptr, carve_mp->b_rptr,
11876 hdr_mp->b_wptr - hdr_mp->b_rptr);
11877 mp = carve_mp;
11878 freeb(hdr_mp);
11879 hdr_mp = mp;
11880 } else {
11881 mp = hdr_mp;
11882 /* Get priority marking, if any. */
11883 mp->b_band = priority;
11884 mp->b_cont = carve_mp;
11885 }
11886 ipha = (ipha_t *)mp->b_rptr;
11887 /* A frag of a frag might have IPH_MF non-zero */
11888 offset_and_flags =
11889 ntohs(ipha->ipha_fragment_offset_and_flags) &
11890 IPH_MF;
11891 }
11892 offset_and_flags |= (uint16_t)(offset >> 3);
11893 offset_and_flags |= (uint16_t)frag_flag;
11894 /* Store the offset and flags in the IP header. */
11895 ipha->ipha_fragment_offset_and_flags = htons(offset_and_flags);
11896
11897 /* Store the length in the IP header. */
11898 ip_len = (uint16_t)(len + hdr_len);
11899 ipha->ipha_length = htons(ip_len);
11900
11901 /*
11902 * Set the IP header checksum. Note that mp is just
11903 * the header, so this is easy to pass to ip_csum.
11904 */
11905 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha);
11906
11907 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragCreates);
11908
11909 error = postfragfn(mp, nce, ixaflags, ip_len, xmit_hint, szone,
11910 nolzid, ixa_cookie);
11911 /* All done if we just consumed the hdr_mp. */
11912 if (mp == hdr_mp) {
11913 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragOKs);
11914 return (error);
11915 }
11916 if (error != 0 && error != EWOULDBLOCK) {
11917 DTRACE_PROBE2(ip__xmit__frag__fail, ill_t *, ill,
11918 mblk_t *, hdr_mp);
11919 /* No point in sending the other fragments */
11920 break;
11921 }
11922
11923 /* Otherwise, advance and loop. */
11924 offset += len;
11925 }
11926 /* Clean up following allocation failure. */
11927 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutFragFails);
11928 ip_drop_output("FragFails: loop ended", NULL, ill);
11929 if (mp != hdr_mp)
11930 freeb(hdr_mp);
11931 if (mp != mp_orig)
11932 freemsg(mp_orig);
11933 return (error);
11934 }
11935
11936 /*
11937 * Copy the header plus those options which have the copy bit set
11938 */
11939 static mblk_t *
ip_fragment_copyhdr(uchar_t * rptr,int hdr_len,int offset,ip_stack_t * ipst,mblk_t * src)11940 ip_fragment_copyhdr(uchar_t *rptr, int hdr_len, int offset, ip_stack_t *ipst,
11941 mblk_t *src)
11942 {
11943 mblk_t *mp;
11944 uchar_t *up;
11945
11946 /*
11947 * Quick check if we need to look for options without the copy bit
11948 * set
11949 */
11950 mp = allocb_tmpl(ipst->ips_ip_wroff_extra + hdr_len, src);
11951 if (!mp)
11952 return (mp);
11953 mp->b_rptr += ipst->ips_ip_wroff_extra;
11954 if (hdr_len == IP_SIMPLE_HDR_LENGTH || offset != 0) {
11955 bcopy(rptr, mp->b_rptr, hdr_len);
11956 mp->b_wptr += hdr_len + ipst->ips_ip_wroff_extra;
11957 return (mp);
11958 }
11959 up = mp->b_rptr;
11960 bcopy(rptr, up, IP_SIMPLE_HDR_LENGTH);
11961 up += IP_SIMPLE_HDR_LENGTH;
11962 rptr += IP_SIMPLE_HDR_LENGTH;
11963 hdr_len -= IP_SIMPLE_HDR_LENGTH;
11964 while (hdr_len > 0) {
11965 uint32_t optval;
11966 uint32_t optlen;
11967
11968 optval = *rptr;
11969 if (optval == IPOPT_EOL)
11970 break;
11971 if (optval == IPOPT_NOP)
11972 optlen = 1;
11973 else
11974 optlen = rptr[1];
11975 if (optval & IPOPT_COPY) {
11976 bcopy(rptr, up, optlen);
11977 up += optlen;
11978 }
11979 rptr += optlen;
11980 hdr_len -= optlen;
11981 }
11982 /*
11983 * Make sure that we drop an even number of words by filling
11984 * with EOL to the next word boundary.
11985 */
11986 for (hdr_len = up - (mp->b_rptr + IP_SIMPLE_HDR_LENGTH);
11987 hdr_len & 0x3; hdr_len++)
11988 *up++ = IPOPT_EOL;
11989 mp->b_wptr = up;
11990 /* Update header length */
11991 mp->b_rptr[0] = (uint8_t)((IP_VERSION << 4) | ((up - mp->b_rptr) >> 2));
11992 return (mp);
11993 }
11994
11995 /*
11996 * Update any source route, record route, or timestamp options when
11997 * sending a packet back to ourselves.
11998 * Check that we are at end of strict source route.
11999 * The options have been sanity checked by ip_output_options().
12000 */
12001 void
ip_output_local_options(ipha_t * ipha,ip_stack_t * ipst)12002 ip_output_local_options(ipha_t *ipha, ip_stack_t *ipst)
12003 {
12004 ipoptp_t opts;
12005 uchar_t *opt;
12006 uint8_t optval;
12007 uint8_t optlen;
12008 ipaddr_t dst;
12009 uint32_t ts;
12010 timestruc_t now;
12011 uint32_t off = 0;
12012
12013 for (optval = ipoptp_first(&opts, ipha);
12014 optval != IPOPT_EOL;
12015 optval = ipoptp_next(&opts)) {
12016 opt = opts.ipoptp_cur;
12017 optlen = opts.ipoptp_len;
12018 ASSERT((opts.ipoptp_flags & IPOPTP_ERROR) == 0);
12019 switch (optval) {
12020 case IPOPT_SSRR:
12021 case IPOPT_LSRR:
12022 off = opt[IPOPT_OFFSET];
12023 off--;
12024 if (optlen < IP_ADDR_LEN ||
12025 off > optlen - IP_ADDR_LEN) {
12026 /* End of source route */
12027 break;
12028 }
12029 /*
12030 * This will only happen if two consecutive entries
12031 * in the source route contains our address or if
12032 * it is a packet with a loose source route which
12033 * reaches us before consuming the whole source route
12034 */
12035
12036 if (optval == IPOPT_SSRR) {
12037 return;
12038 }
12039 /*
12040 * Hack: instead of dropping the packet truncate the
12041 * source route to what has been used by filling the
12042 * rest with IPOPT_NOP.
12043 */
12044 opt[IPOPT_OLEN] = (uint8_t)off;
12045 while (off < optlen) {
12046 opt[off++] = IPOPT_NOP;
12047 }
12048 break;
12049 case IPOPT_RR:
12050 off = opt[IPOPT_OFFSET];
12051 off--;
12052 if (optlen < IP_ADDR_LEN ||
12053 off > optlen - IP_ADDR_LEN) {
12054 /* No more room - ignore */
12055 ip1dbg((
12056 "ip_output_local_options: end of RR\n"));
12057 break;
12058 }
12059 dst = htonl(INADDR_LOOPBACK);
12060 bcopy(&dst, (char *)opt + off, IP_ADDR_LEN);
12061 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
12062 break;
12063 case IPOPT_TS:
12064 /* Insert timestamp if there is romm */
12065 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
12066 case IPOPT_TS_TSONLY:
12067 off = IPOPT_TS_TIMELEN;
12068 break;
12069 case IPOPT_TS_PRESPEC:
12070 case IPOPT_TS_PRESPEC_RFC791:
12071 /* Verify that the address matched */
12072 off = opt[IPOPT_OFFSET] - 1;
12073 bcopy((char *)opt + off, &dst, IP_ADDR_LEN);
12074 if (ip_type_v4(dst, ipst) != IRE_LOCAL) {
12075 /* Not for us */
12076 break;
12077 }
12078 /* FALLTHROUGH */
12079 case IPOPT_TS_TSANDADDR:
12080 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN;
12081 break;
12082 default:
12083 /*
12084 * ip_*put_options should have already
12085 * dropped this packet.
12086 */
12087 cmn_err(CE_PANIC, "ip_output_local_options: "
12088 "unknown IT - bug in ip_output_options?\n");
12089 }
12090 if (opt[IPOPT_OFFSET] - 1 + off > optlen) {
12091 /* Increase overflow counter */
12092 off = (opt[IPOPT_POS_OV_FLG] >> 4) + 1;
12093 opt[IPOPT_POS_OV_FLG] = (uint8_t)
12094 (opt[IPOPT_POS_OV_FLG] & 0x0F) |
12095 (off << 4);
12096 break;
12097 }
12098 off = opt[IPOPT_OFFSET] - 1;
12099 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
12100 case IPOPT_TS_PRESPEC:
12101 case IPOPT_TS_PRESPEC_RFC791:
12102 case IPOPT_TS_TSANDADDR:
12103 dst = htonl(INADDR_LOOPBACK);
12104 bcopy(&dst, (char *)opt + off, IP_ADDR_LEN);
12105 opt[IPOPT_OFFSET] += IP_ADDR_LEN;
12106 /* FALLTHROUGH */
12107 case IPOPT_TS_TSONLY:
12108 off = opt[IPOPT_OFFSET] - 1;
12109 /* Compute # of milliseconds since midnight */
12110 gethrestime(&now);
12111 ts = (now.tv_sec % (24 * 60 * 60)) * 1000 +
12112 NSEC2MSEC(now.tv_nsec);
12113 bcopy(&ts, (char *)opt + off, IPOPT_TS_TIMELEN);
12114 opt[IPOPT_OFFSET] += IPOPT_TS_TIMELEN;
12115 break;
12116 }
12117 break;
12118 }
12119 }
12120 }
12121
12122 /*
12123 * Prepend an M_DATA fastpath header, and if none present prepend a
12124 * DL_UNITDATA_REQ. Frees the mblk on failure.
12125 *
12126 * nce_dlur_mp and nce_fp_mp can not disappear once they have been set.
12127 * If there is a change to them, the nce will be deleted (condemned) and
12128 * a new nce_t will be created when packets are sent. Thus we need no locks
12129 * to access those fields.
12130 *
12131 * We preserve b_band to support IPQoS. If a DL_UNITDATA_REQ is prepended
12132 * we place b_band in dl_priority.dl_max.
12133 */
12134 static mblk_t *
ip_xmit_attach_llhdr(mblk_t * mp,nce_t * nce)12135 ip_xmit_attach_llhdr(mblk_t *mp, nce_t *nce)
12136 {
12137 uint_t hlen;
12138 mblk_t *mp1;
12139 uint_t priority;
12140 uchar_t *rptr;
12141
12142 rptr = mp->b_rptr;
12143
12144 ASSERT(DB_TYPE(mp) == M_DATA);
12145 priority = mp->b_band;
12146
12147 ASSERT(nce != NULL);
12148 if ((mp1 = nce->nce_fp_mp) != NULL) {
12149 hlen = MBLKL(mp1);
12150 /*
12151 * Check if we have enough room to prepend fastpath
12152 * header
12153 */
12154 if (hlen != 0 && (rptr - mp->b_datap->db_base) >= hlen) {
12155 rptr -= hlen;
12156 bcopy(mp1->b_rptr, rptr, hlen);
12157 /*
12158 * Set the b_rptr to the start of the link layer
12159 * header
12160 */
12161 mp->b_rptr = rptr;
12162 return (mp);
12163 }
12164 mp1 = copyb(mp1);
12165 if (mp1 == NULL) {
12166 ill_t *ill = nce->nce_ill;
12167
12168 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
12169 ip_drop_output("ipIfStatsOutDiscards", mp, ill);
12170 freemsg(mp);
12171 return (NULL);
12172 }
12173 mp1->b_band = priority;
12174 mp1->b_cont = mp;
12175 DB_CKSUMSTART(mp1) = DB_CKSUMSTART(mp);
12176 DB_CKSUMSTUFF(mp1) = DB_CKSUMSTUFF(mp);
12177 DB_CKSUMEND(mp1) = DB_CKSUMEND(mp);
12178 DB_CKSUMFLAGS(mp1) = DB_CKSUMFLAGS(mp);
12179 DB_LSOMSS(mp1) = DB_LSOMSS(mp);
12180 DTRACE_PROBE1(ip__xmit__copyb, (mblk_t *), mp1);
12181 /*
12182 * XXX disable ICK_VALID and compute checksum
12183 * here; can happen if nce_fp_mp changes and
12184 * it can't be copied now due to insufficient
12185 * space. (unlikely, fp mp can change, but it
12186 * does not increase in length)
12187 */
12188 return (mp1);
12189 }
12190 mp1 = copyb(nce->nce_dlur_mp);
12191
12192 if (mp1 == NULL) {
12193 ill_t *ill = nce->nce_ill;
12194
12195 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
12196 ip_drop_output("ipIfStatsOutDiscards", mp, ill);
12197 freemsg(mp);
12198 return (NULL);
12199 }
12200 mp1->b_cont = mp;
12201 if (priority != 0) {
12202 mp1->b_band = priority;
12203 ((dl_unitdata_req_t *)(mp1->b_rptr))->dl_priority.dl_max =
12204 priority;
12205 }
12206 return (mp1);
12207 }
12208
12209 /*
12210 * Finish the outbound IPsec processing. This function is called from
12211 * ipsec_out_process() if the IPsec packet was processed
12212 * synchronously, or from {ah,esp}_kcf_callback_outbound() if it was processed
12213 * asynchronously.
12214 *
12215 * This is common to IPv4 and IPv6.
12216 */
12217 int
ip_output_post_ipsec(mblk_t * mp,ip_xmit_attr_t * ixa)12218 ip_output_post_ipsec(mblk_t *mp, ip_xmit_attr_t *ixa)
12219 {
12220 iaflags_t ixaflags = ixa->ixa_flags;
12221 uint_t pktlen;
12222
12223
12224 /* AH/ESP don't update ixa_pktlen when they modify the packet */
12225 if (ixaflags & IXAF_IS_IPV4) {
12226 ipha_t *ipha = (ipha_t *)mp->b_rptr;
12227
12228 ASSERT(IPH_HDR_VERSION(ipha) == IPV4_VERSION);
12229 pktlen = ntohs(ipha->ipha_length);
12230 } else {
12231 ip6_t *ip6h = (ip6_t *)mp->b_rptr;
12232
12233 ASSERT(IPH_HDR_VERSION(mp->b_rptr) == IPV6_VERSION);
12234 pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN;
12235 }
12236
12237 /*
12238 * We release any hard reference on the SAs here to make
12239 * sure the SAs can be garbage collected. ipsr_sa has a soft reference
12240 * on the SAs.
12241 * If in the future we want the hard latching of the SAs in the
12242 * ip_xmit_attr_t then we should remove this.
12243 */
12244 if (ixa->ixa_ipsec_esp_sa != NULL) {
12245 IPSA_REFRELE(ixa->ixa_ipsec_esp_sa);
12246 ixa->ixa_ipsec_esp_sa = NULL;
12247 }
12248 if (ixa->ixa_ipsec_ah_sa != NULL) {
12249 IPSA_REFRELE(ixa->ixa_ipsec_ah_sa);
12250 ixa->ixa_ipsec_ah_sa = NULL;
12251 }
12252
12253 /* Do we need to fragment? */
12254 if ((ixa->ixa_flags & IXAF_IPV6_ADD_FRAGHDR) ||
12255 pktlen > ixa->ixa_fragsize) {
12256 if (ixaflags & IXAF_IS_IPV4) {
12257 ASSERT(!(ixa->ixa_flags & IXAF_IPV6_ADD_FRAGHDR));
12258 /*
12259 * We check for the DF case in ipsec_out_process
12260 * hence this only handles the non-DF case.
12261 */
12262 return (ip_fragment_v4(mp, ixa->ixa_nce, ixa->ixa_flags,
12263 pktlen, ixa->ixa_fragsize,
12264 ixa->ixa_xmit_hint, ixa->ixa_zoneid,
12265 ixa->ixa_no_loop_zoneid, ixa->ixa_postfragfn,
12266 &ixa->ixa_cookie));
12267 } else {
12268 mp = ip_fraghdr_add_v6(mp, ixa->ixa_ident, ixa);
12269 if (mp == NULL) {
12270 /* MIB and ip_drop_output already done */
12271 return (ENOMEM);
12272 }
12273 pktlen += sizeof (ip6_frag_t);
12274 if (pktlen > ixa->ixa_fragsize) {
12275 return (ip_fragment_v6(mp, ixa->ixa_nce,
12276 ixa->ixa_flags, pktlen,
12277 ixa->ixa_fragsize, ixa->ixa_xmit_hint,
12278 ixa->ixa_zoneid, ixa->ixa_no_loop_zoneid,
12279 ixa->ixa_postfragfn, &ixa->ixa_cookie));
12280 }
12281 }
12282 }
12283 return ((ixa->ixa_postfragfn)(mp, ixa->ixa_nce, ixa->ixa_flags,
12284 pktlen, ixa->ixa_xmit_hint, ixa->ixa_zoneid,
12285 ixa->ixa_no_loop_zoneid, NULL));
12286 }
12287
12288 /*
12289 * Finish the inbound IPsec processing. This function is called from
12290 * ipsec_out_process() if the IPsec packet was processed
12291 * synchronously, or from {ah,esp}_kcf_callback_outbound() if it was processed
12292 * asynchronously.
12293 *
12294 * This is common to IPv4 and IPv6.
12295 */
12296 void
ip_input_post_ipsec(mblk_t * mp,ip_recv_attr_t * ira)12297 ip_input_post_ipsec(mblk_t *mp, ip_recv_attr_t *ira)
12298 {
12299 iaflags_t iraflags = ira->ira_flags;
12300
12301 /* Length might have changed */
12302 if (iraflags & IRAF_IS_IPV4) {
12303 ipha_t *ipha = (ipha_t *)mp->b_rptr;
12304
12305 ASSERT(IPH_HDR_VERSION(ipha) == IPV4_VERSION);
12306 ira->ira_pktlen = ntohs(ipha->ipha_length);
12307 ira->ira_ip_hdr_length = IPH_HDR_LENGTH(ipha);
12308 ira->ira_protocol = ipha->ipha_protocol;
12309
12310 ip_fanout_v4(mp, ipha, ira);
12311 } else {
12312 ip6_t *ip6h = (ip6_t *)mp->b_rptr;
12313 uint8_t *nexthdrp;
12314
12315 ASSERT(IPH_HDR_VERSION(mp->b_rptr) == IPV6_VERSION);
12316 ira->ira_pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN;
12317 if (!ip_hdr_length_nexthdr_v6(mp, ip6h, &ira->ira_ip_hdr_length,
12318 &nexthdrp)) {
12319 /* Malformed packet */
12320 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
12321 ip_drop_input("ipIfStatsInDiscards", mp, ira->ira_ill);
12322 freemsg(mp);
12323 return;
12324 }
12325 ira->ira_protocol = *nexthdrp;
12326 ip_fanout_v6(mp, ip6h, ira);
12327 }
12328 }
12329
12330 /*
12331 * Select which AH & ESP SA's to use (if any) for the outbound packet.
12332 *
12333 * If this function returns B_TRUE, the requested SA's have been filled
12334 * into the ixa_ipsec_*_sa pointers.
12335 *
12336 * If the function returns B_FALSE, the packet has been "consumed", most
12337 * likely by an ACQUIRE sent up via PF_KEY to a key management daemon.
12338 *
12339 * The SA references created by the protocol-specific "select"
12340 * function will be released in ip_output_post_ipsec.
12341 */
12342 static boolean_t
ipsec_out_select_sa(mblk_t * mp,ip_xmit_attr_t * ixa)12343 ipsec_out_select_sa(mblk_t *mp, ip_xmit_attr_t *ixa)
12344 {
12345 boolean_t need_ah_acquire = B_FALSE, need_esp_acquire = B_FALSE;
12346 ipsec_policy_t *pp;
12347 ipsec_action_t *ap;
12348
12349 ASSERT(ixa->ixa_flags & IXAF_IPSEC_SECURE);
12350 ASSERT((ixa->ixa_ipsec_policy != NULL) ||
12351 (ixa->ixa_ipsec_action != NULL));
12352
12353 ap = ixa->ixa_ipsec_action;
12354 if (ap == NULL) {
12355 pp = ixa->ixa_ipsec_policy;
12356 ASSERT(pp != NULL);
12357 ap = pp->ipsp_act;
12358 ASSERT(ap != NULL);
12359 }
12360
12361 /*
12362 * We have an action. now, let's select SA's.
12363 * A side effect of setting ixa_ipsec_*_sa is that it will
12364 * be cached in the conn_t.
12365 */
12366 if (ap->ipa_want_esp) {
12367 if (ixa->ixa_ipsec_esp_sa == NULL) {
12368 need_esp_acquire = !ipsec_outbound_sa(mp, ixa,
12369 IPPROTO_ESP);
12370 }
12371 ASSERT(need_esp_acquire || ixa->ixa_ipsec_esp_sa != NULL);
12372 }
12373
12374 if (ap->ipa_want_ah) {
12375 if (ixa->ixa_ipsec_ah_sa == NULL) {
12376 need_ah_acquire = !ipsec_outbound_sa(mp, ixa,
12377 IPPROTO_AH);
12378 }
12379 ASSERT(need_ah_acquire || ixa->ixa_ipsec_ah_sa != NULL);
12380 /*
12381 * The ESP and AH processing order needs to be preserved
12382 * when both protocols are required (ESP should be applied
12383 * before AH for an outbound packet). Force an ESP ACQUIRE
12384 * when both ESP and AH are required, and an AH ACQUIRE
12385 * is needed.
12386 */
12387 if (ap->ipa_want_esp && need_ah_acquire)
12388 need_esp_acquire = B_TRUE;
12389 }
12390
12391 /*
12392 * Send an ACQUIRE (extended, regular, or both) if we need one.
12393 * Release SAs that got referenced, but will not be used until we
12394 * acquire _all_ of the SAs we need.
12395 */
12396 if (need_ah_acquire || need_esp_acquire) {
12397 if (ixa->ixa_ipsec_ah_sa != NULL) {
12398 IPSA_REFRELE(ixa->ixa_ipsec_ah_sa);
12399 ixa->ixa_ipsec_ah_sa = NULL;
12400 }
12401 if (ixa->ixa_ipsec_esp_sa != NULL) {
12402 IPSA_REFRELE(ixa->ixa_ipsec_esp_sa);
12403 ixa->ixa_ipsec_esp_sa = NULL;
12404 }
12405
12406 sadb_acquire(mp, ixa, need_ah_acquire, need_esp_acquire);
12407 return (B_FALSE);
12408 }
12409
12410 return (B_TRUE);
12411 }
12412
12413 /*
12414 * Handle IPsec output processing.
12415 * This function is only entered once for a given packet.
12416 * We try to do things synchronously, but if we need to have user-level
12417 * set up SAs, or ESP or AH uses asynchronous kEF, then the operation
12418 * will be completed
12419 * - when the SAs are added in esp_add_sa_finish/ah_add_sa_finish
12420 * - when asynchronous ESP is done it will do AH
12421 *
12422 * In all cases we come back in ip_output_post_ipsec() to fragment and
12423 * send out the packet.
12424 */
12425 int
ipsec_out_process(mblk_t * mp,ip_xmit_attr_t * ixa)12426 ipsec_out_process(mblk_t *mp, ip_xmit_attr_t *ixa)
12427 {
12428 ill_t *ill = ixa->ixa_nce->nce_ill;
12429 ip_stack_t *ipst = ixa->ixa_ipst;
12430 ipsec_stack_t *ipss;
12431 ipsec_policy_t *pp;
12432 ipsec_action_t *ap;
12433
12434 ASSERT(ixa->ixa_flags & IXAF_IPSEC_SECURE);
12435
12436 ASSERT((ixa->ixa_ipsec_policy != NULL) ||
12437 (ixa->ixa_ipsec_action != NULL));
12438
12439 ipss = ipst->ips_netstack->netstack_ipsec;
12440 if (!ipsec_loaded(ipss)) {
12441 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
12442 ip_drop_packet(mp, B_TRUE, ill,
12443 DROPPER(ipss, ipds_ip_ipsec_not_loaded),
12444 &ipss->ipsec_dropper);
12445 return (ENOTSUP);
12446 }
12447
12448 ap = ixa->ixa_ipsec_action;
12449 if (ap == NULL) {
12450 pp = ixa->ixa_ipsec_policy;
12451 ASSERT(pp != NULL);
12452 ap = pp->ipsp_act;
12453 ASSERT(ap != NULL);
12454 }
12455
12456 /* Handle explicit drop action and bypass. */
12457 switch (ap->ipa_act.ipa_type) {
12458 case IPSEC_ACT_DISCARD:
12459 case IPSEC_ACT_REJECT:
12460 ip_drop_packet(mp, B_FALSE, ill,
12461 DROPPER(ipss, ipds_spd_explicit), &ipss->ipsec_spd_dropper);
12462 return (EHOSTUNREACH); /* IPsec policy failure */
12463 case IPSEC_ACT_BYPASS:
12464 return (ip_output_post_ipsec(mp, ixa));
12465 }
12466
12467 /*
12468 * The order of processing is first insert a IP header if needed.
12469 * Then insert the ESP header and then the AH header.
12470 */
12471 if ((ixa->ixa_flags & IXAF_IS_IPV4) && ap->ipa_want_se) {
12472 /*
12473 * First get the outer IP header before sending
12474 * it to ESP.
12475 */
12476 ipha_t *oipha, *iipha;
12477 mblk_t *outer_mp, *inner_mp;
12478
12479 if ((outer_mp = allocb(sizeof (ipha_t), BPRI_HI)) == NULL) {
12480 (void) mi_strlog(ill->ill_rq, 0,
12481 SL_ERROR|SL_TRACE|SL_CONSOLE,
12482 "ipsec_out_process: "
12483 "Self-Encapsulation failed: Out of memory\n");
12484 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
12485 ip_drop_output("ipIfStatsOutDiscards", mp, ill);
12486 freemsg(mp);
12487 return (ENOBUFS);
12488 }
12489 inner_mp = mp;
12490 ASSERT(inner_mp->b_datap->db_type == M_DATA);
12491 oipha = (ipha_t *)outer_mp->b_rptr;
12492 iipha = (ipha_t *)inner_mp->b_rptr;
12493 *oipha = *iipha;
12494 outer_mp->b_wptr += sizeof (ipha_t);
12495 oipha->ipha_length = htons(ntohs(iipha->ipha_length) +
12496 sizeof (ipha_t));
12497 oipha->ipha_protocol = IPPROTO_ENCAP;
12498 oipha->ipha_version_and_hdr_length =
12499 IP_SIMPLE_HDR_VERSION;
12500 oipha->ipha_hdr_checksum = 0;
12501 oipha->ipha_hdr_checksum = ip_csum_hdr(oipha);
12502 outer_mp->b_cont = inner_mp;
12503 mp = outer_mp;
12504
12505 ixa->ixa_flags |= IXAF_IPSEC_TUNNEL;
12506 }
12507
12508 /* If we need to wait for a SA then we can't return any errno */
12509 if (((ap->ipa_want_ah && (ixa->ixa_ipsec_ah_sa == NULL)) ||
12510 (ap->ipa_want_esp && (ixa->ixa_ipsec_esp_sa == NULL))) &&
12511 !ipsec_out_select_sa(mp, ixa))
12512 return (0);
12513
12514 /*
12515 * By now, we know what SA's to use. Toss over to ESP & AH
12516 * to do the heavy lifting.
12517 */
12518 if (ap->ipa_want_esp) {
12519 ASSERT(ixa->ixa_ipsec_esp_sa != NULL);
12520
12521 mp = ixa->ixa_ipsec_esp_sa->ipsa_output_func(mp, ixa);
12522 if (mp == NULL) {
12523 /*
12524 * Either it failed or is pending. In the former case
12525 * ipIfStatsInDiscards was increased.
12526 */
12527 return (0);
12528 }
12529 }
12530
12531 if (ap->ipa_want_ah) {
12532 ASSERT(ixa->ixa_ipsec_ah_sa != NULL);
12533
12534 mp = ixa->ixa_ipsec_ah_sa->ipsa_output_func(mp, ixa);
12535 if (mp == NULL) {
12536 /*
12537 * Either it failed or is pending. In the former case
12538 * ipIfStatsInDiscards was increased.
12539 */
12540 return (0);
12541 }
12542 }
12543 /*
12544 * We are done with IPsec processing. Send it over
12545 * the wire.
12546 */
12547 return (ip_output_post_ipsec(mp, ixa));
12548 }
12549
12550 /*
12551 * ioctls that go through a down/up sequence may need to wait for the down
12552 * to complete. This involves waiting for the ire and ipif refcnts to go down
12553 * to zero. Subsequently the ioctl is restarted from ipif_ill_refrele_tail.
12554 */
12555 /* ARGSUSED */
12556 void
ip_reprocess_ioctl(ipsq_t * ipsq,queue_t * q,mblk_t * mp,void * dummy_arg)12557 ip_reprocess_ioctl(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *dummy_arg)
12558 {
12559 struct iocblk *iocp;
12560 mblk_t *mp1;
12561 ip_ioctl_cmd_t *ipip;
12562 int err;
12563 sin_t *sin;
12564 struct lifreq *lifr;
12565 struct ifreq *ifr;
12566
12567 iocp = (struct iocblk *)mp->b_rptr;
12568 ASSERT(ipsq != NULL);
12569 /* Existence of mp1 verified in ip_wput_nondata */
12570 mp1 = mp->b_cont->b_cont;
12571 ipip = ip_sioctl_lookup(iocp->ioc_cmd);
12572 if (ipip->ipi_cmd == SIOCSLIFNAME || ipip->ipi_cmd == IF_UNITSEL) {
12573 /*
12574 * Special case where ipx_current_ipif is not set:
12575 * ill_phyint_reinit merged the v4 and v6 into a single ipsq.
12576 * We are here as were not able to complete the operation in
12577 * ipif_set_values because we could not become exclusive on
12578 * the new ipsq.
12579 */
12580 ill_t *ill = q->q_ptr;
12581 ipsq_current_start(ipsq, ill->ill_ipif, ipip->ipi_cmd);
12582 }
12583 ASSERT(ipsq->ipsq_xop->ipx_current_ipif != NULL);
12584
12585 if (ipip->ipi_cmd_type == IF_CMD) {
12586 /* This a old style SIOC[GS]IF* command */
12587 ifr = (struct ifreq *)mp1->b_rptr;
12588 sin = (sin_t *)&ifr->ifr_addr;
12589 } else if (ipip->ipi_cmd_type == LIF_CMD) {
12590 /* This a new style SIOC[GS]LIF* command */
12591 lifr = (struct lifreq *)mp1->b_rptr;
12592 sin = (sin_t *)&lifr->lifr_addr;
12593 } else {
12594 sin = NULL;
12595 }
12596
12597 err = (*ipip->ipi_func_restart)(ipsq->ipsq_xop->ipx_current_ipif, sin,
12598 q, mp, ipip, mp1->b_rptr);
12599
12600 DTRACE_PROBE4(ipif__ioctl, char *, "ip_reprocess_ioctl finish",
12601 int, ipip->ipi_cmd,
12602 ill_t *, ipsq->ipsq_xop->ipx_current_ipif->ipif_ill,
12603 ipif_t *, ipsq->ipsq_xop->ipx_current_ipif);
12604
12605 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), ipsq);
12606 }
12607
12608 /*
12609 * ioctl processing
12610 *
12611 * ioctl processing starts with ip_sioctl_copyin_setup(), which looks up
12612 * the ioctl command in the ioctl tables, determines the copyin data size
12613 * from the ipi_copyin_size field, and does an mi_copyin() of that size.
12614 *
12615 * ioctl processing then continues when the M_IOCDATA makes its way down to
12616 * ip_wput_nondata(). The ioctl is looked up again in the ioctl table, its
12617 * associated 'conn' is refheld till the end of the ioctl and the general
12618 * ioctl processing function ip_process_ioctl() is called to extract the
12619 * arguments and process the ioctl. To simplify extraction, ioctl commands
12620 * are "typed" based on the arguments they take (e.g., LIF_CMD which takes a
12621 * `struct lifreq'), and a common extract function (e.g., ip_extract_lifreq())
12622 * is used to extract the ioctl's arguments.
12623 *
12624 * ip_process_ioctl determines if the ioctl needs to be serialized, and if
12625 * so goes thru the serialization primitive ipsq_try_enter. Then the
12626 * appropriate function to handle the ioctl is called based on the entry in
12627 * the ioctl table. ioctl completion is encapsulated in ip_ioctl_finish
12628 * which also refreleases the 'conn' that was refheld at the start of the
12629 * ioctl. Finally ipsq_exit is called if needed to exit the ipsq.
12630 *
12631 * Many exclusive ioctls go thru an internal down up sequence as part of
12632 * the operation. For example an attempt to change the IP address of an
12633 * ipif entails ipif_down, set address, ipif_up. Bringing down the interface
12634 * does all the cleanup such as deleting all ires that use this address.
12635 * Then we need to wait till all references to the interface go away.
12636 */
12637 void
ip_process_ioctl(ipsq_t * ipsq,queue_t * q,mblk_t * mp,void * arg)12638 ip_process_ioctl(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *arg)
12639 {
12640 struct iocblk *iocp = (struct iocblk *)mp->b_rptr;
12641 ip_ioctl_cmd_t *ipip = arg;
12642 ip_extract_func_t *extract_funcp;
12643 cmd_info_t ci;
12644 int err;
12645 boolean_t entered_ipsq = B_FALSE;
12646
12647 ip3dbg(("ip_process_ioctl: ioctl %X\n", iocp->ioc_cmd));
12648
12649 if (ipip == NULL)
12650 ipip = ip_sioctl_lookup(iocp->ioc_cmd);
12651
12652 /*
12653 * SIOCLIFADDIF needs to go thru a special path since the
12654 * ill may not exist yet. This happens in the case of lo0
12655 * which is created using this ioctl.
12656 */
12657 if (ipip->ipi_cmd == SIOCLIFADDIF) {
12658 err = ip_sioctl_addif(NULL, NULL, q, mp, NULL, NULL);
12659 DTRACE_PROBE4(ipif__ioctl, char *, "ip_process_ioctl finish",
12660 int, ipip->ipi_cmd, ill_t *, NULL, ipif_t *, NULL);
12661 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), NULL);
12662 return;
12663 }
12664
12665 ci.ci_ipif = NULL;
12666 extract_funcp = NULL;
12667 switch (ipip->ipi_cmd_type) {
12668 case MISC_CMD:
12669 case MSFILT_CMD:
12670 /*
12671 * All MISC_CMD ioctls come in here -- e.g. SIOCGLIFCONF.
12672 */
12673 if (ipip->ipi_cmd == IF_UNITSEL) {
12674 /* ioctl comes down the ill */
12675 ci.ci_ipif = ((ill_t *)q->q_ptr)->ill_ipif;
12676 ipif_refhold(ci.ci_ipif);
12677 }
12678 err = 0;
12679 ci.ci_sin = NULL;
12680 ci.ci_sin6 = NULL;
12681 ci.ci_lifr = NULL;
12682 extract_funcp = NULL;
12683 break;
12684
12685 case IF_CMD:
12686 case LIF_CMD:
12687 extract_funcp = ip_extract_lifreq;
12688 break;
12689
12690 case ARP_CMD:
12691 case XARP_CMD:
12692 extract_funcp = ip_extract_arpreq;
12693 break;
12694
12695 default:
12696 ASSERT(0);
12697 }
12698
12699 if (extract_funcp != NULL) {
12700 err = (*extract_funcp)(q, mp, ipip, &ci);
12701 if (err != 0) {
12702 DTRACE_PROBE4(ipif__ioctl,
12703 char *, "ip_process_ioctl finish err",
12704 int, ipip->ipi_cmd, ill_t *, NULL, ipif_t *, NULL);
12705 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), NULL);
12706 return;
12707 }
12708
12709 /*
12710 * All of the extraction functions return a refheld ipif.
12711 */
12712 ASSERT(ci.ci_ipif != NULL);
12713 }
12714
12715 if (!(ipip->ipi_flags & IPI_WR)) {
12716 /*
12717 * A return value of EINPROGRESS means the ioctl is
12718 * either queued and waiting for some reason or has
12719 * already completed.
12720 */
12721 err = (*ipip->ipi_func)(ci.ci_ipif, ci.ci_sin, q, mp, ipip,
12722 ci.ci_lifr);
12723 if (ci.ci_ipif != NULL) {
12724 DTRACE_PROBE4(ipif__ioctl,
12725 char *, "ip_process_ioctl finish RD",
12726 int, ipip->ipi_cmd, ill_t *, ci.ci_ipif->ipif_ill,
12727 ipif_t *, ci.ci_ipif);
12728 ipif_refrele(ci.ci_ipif);
12729 } else {
12730 DTRACE_PROBE4(ipif__ioctl,
12731 char *, "ip_process_ioctl finish RD",
12732 int, ipip->ipi_cmd, ill_t *, NULL, ipif_t *, NULL);
12733 }
12734 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), NULL);
12735 return;
12736 }
12737
12738 ASSERT(ci.ci_ipif != NULL);
12739
12740 /*
12741 * If ipsq is non-NULL, we are already being called exclusively
12742 */
12743 ASSERT(ipsq == NULL || IAM_WRITER_IPSQ(ipsq));
12744 if (ipsq == NULL) {
12745 ipsq = ipsq_try_enter(ci.ci_ipif, NULL, q, mp, ip_process_ioctl,
12746 NEW_OP, B_TRUE);
12747 if (ipsq == NULL) {
12748 ipif_refrele(ci.ci_ipif);
12749 return;
12750 }
12751 entered_ipsq = B_TRUE;
12752 }
12753 /*
12754 * Release the ipif so that ipif_down and friends that wait for
12755 * references to go away are not misled about the current ipif_refcnt
12756 * values. We are writer so we can access the ipif even after releasing
12757 * the ipif.
12758 */
12759 ipif_refrele(ci.ci_ipif);
12760
12761 ipsq_current_start(ipsq, ci.ci_ipif, ipip->ipi_cmd);
12762
12763 /*
12764 * A return value of EINPROGRESS means the ioctl is
12765 * either queued and waiting for some reason or has
12766 * already completed.
12767 */
12768 err = (*ipip->ipi_func)(ci.ci_ipif, ci.ci_sin, q, mp, ipip, ci.ci_lifr);
12769
12770 DTRACE_PROBE4(ipif__ioctl, char *, "ip_process_ioctl finish WR",
12771 int, ipip->ipi_cmd,
12772 ill_t *, ci.ci_ipif == NULL ? NULL : ci.ci_ipif->ipif_ill,
12773 ipif_t *, ci.ci_ipif);
12774 ip_ioctl_finish(q, mp, err, IPI2MODE(ipip), ipsq);
12775
12776 if (entered_ipsq)
12777 ipsq_exit(ipsq);
12778 }
12779
12780 /*
12781 * Complete the ioctl. Typically ioctls use the mi package and need to
12782 * do mi_copyout/mi_copy_done.
12783 */
12784 void
ip_ioctl_finish(queue_t * q,mblk_t * mp,int err,int mode,ipsq_t * ipsq)12785 ip_ioctl_finish(queue_t *q, mblk_t *mp, int err, int mode, ipsq_t *ipsq)
12786 {
12787 conn_t *connp = NULL;
12788
12789 if (err == EINPROGRESS)
12790 return;
12791
12792 if (CONN_Q(q)) {
12793 connp = Q_TO_CONN(q);
12794 ASSERT(connp->conn_ref >= 2);
12795 }
12796
12797 switch (mode) {
12798 case COPYOUT:
12799 if (err == 0)
12800 mi_copyout(q, mp);
12801 else
12802 mi_copy_done(q, mp, err);
12803 break;
12804
12805 case NO_COPYOUT:
12806 mi_copy_done(q, mp, err);
12807 break;
12808
12809 default:
12810 ASSERT(mode == CONN_CLOSE); /* aborted through CONN_CLOSE */
12811 break;
12812 }
12813
12814 /*
12815 * The conn refhold and ioctlref placed on the conn at the start of the
12816 * ioctl are released here.
12817 */
12818 if (connp != NULL) {
12819 CONN_DEC_IOCTLREF(connp);
12820 CONN_OPER_PENDING_DONE(connp);
12821 }
12822
12823 if (ipsq != NULL)
12824 ipsq_current_finish(ipsq);
12825 }
12826
12827 /* Handles all non data messages */
12828 int
ip_wput_nondata(queue_t * q,mblk_t * mp)12829 ip_wput_nondata(queue_t *q, mblk_t *mp)
12830 {
12831 mblk_t *mp1;
12832 struct iocblk *iocp;
12833 ip_ioctl_cmd_t *ipip;
12834 conn_t *connp;
12835 cred_t *cr;
12836 char *proto_str;
12837
12838 if (CONN_Q(q))
12839 connp = Q_TO_CONN(q);
12840 else
12841 connp = NULL;
12842
12843 iocp = NULL;
12844 switch (DB_TYPE(mp)) {
12845 case M_IOCTL:
12846 /*
12847 * IOCTL processing begins in ip_sioctl_copyin_setup which
12848 * will arrange to copy in associated control structures.
12849 */
12850 ip_sioctl_copyin_setup(q, mp);
12851 return (0);
12852 case M_IOCDATA:
12853 /*
12854 * Ensure that this is associated with one of our trans-
12855 * parent ioctls. If it's not ours, discard it if we're
12856 * running as a driver, or pass it on if we're a module.
12857 */
12858 iocp = (struct iocblk *)mp->b_rptr;
12859 ipip = ip_sioctl_lookup(iocp->ioc_cmd);
12860 if (ipip == NULL) {
12861 if (q->q_next == NULL) {
12862 goto nak;
12863 } else {
12864 putnext(q, mp);
12865 }
12866 return (0);
12867 }
12868 if ((q->q_next != NULL) && !(ipip->ipi_flags & IPI_MODOK)) {
12869 /*
12870 * The ioctl is one we recognise, but is not consumed
12871 * by IP as a module and we are a module, so we drop
12872 */
12873 goto nak;
12874 }
12875
12876 /* IOCTL continuation following copyin or copyout. */
12877 if (mi_copy_state(q, mp, NULL) == -1) {
12878 /*
12879 * The copy operation failed. mi_copy_state already
12880 * cleaned up, so we're out of here.
12881 */
12882 return (0);
12883 }
12884 /*
12885 * If we just completed a copy in, we become writer and
12886 * continue processing in ip_sioctl_copyin_done. If it
12887 * was a copy out, we call mi_copyout again. If there is
12888 * nothing more to copy out, it will complete the IOCTL.
12889 */
12890 if (MI_COPY_DIRECTION(mp) == MI_COPY_IN) {
12891 if (!(mp1 = mp->b_cont) || !(mp1 = mp1->b_cont)) {
12892 mi_copy_done(q, mp, EPROTO);
12893 return (0);
12894 }
12895 /*
12896 * Check for cases that need more copying. A return
12897 * value of 0 means a second copyin has been started,
12898 * so we return; a return value of 1 means no more
12899 * copying is needed, so we continue.
12900 */
12901 if (ipip->ipi_cmd_type == MSFILT_CMD &&
12902 MI_COPY_COUNT(mp) == 1) {
12903 if (ip_copyin_msfilter(q, mp) == 0)
12904 return (0);
12905 }
12906 /*
12907 * Refhold the conn, till the ioctl completes. This is
12908 * needed in case the ioctl ends up in the pending mp
12909 * list. Every mp in the ipx_pending_mp list must have
12910 * a refhold on the conn to resume processing. The
12911 * refhold is released when the ioctl completes
12912 * (whether normally or abnormally). An ioctlref is also
12913 * placed on the conn to prevent TCP from removing the
12914 * queue needed to send the ioctl reply back.
12915 * In all cases ip_ioctl_finish is called to finish
12916 * the ioctl and release the refholds.
12917 */
12918 if (connp != NULL) {
12919 /* This is not a reentry */
12920 CONN_INC_REF(connp);
12921 CONN_INC_IOCTLREF(connp);
12922 } else {
12923 if (!(ipip->ipi_flags & IPI_MODOK)) {
12924 mi_copy_done(q, mp, EINVAL);
12925 return (0);
12926 }
12927 }
12928
12929 ip_process_ioctl(NULL, q, mp, ipip);
12930
12931 } else {
12932 mi_copyout(q, mp);
12933 }
12934 return (0);
12935
12936 case M_IOCNAK:
12937 /*
12938 * The only way we could get here is if a resolver didn't like
12939 * an IOCTL we sent it. This shouldn't happen.
12940 */
12941 (void) mi_strlog(q, 1, SL_ERROR|SL_TRACE,
12942 "ip_wput_nondata: unexpected M_IOCNAK, ioc_cmd 0x%x",
12943 ((struct iocblk *)mp->b_rptr)->ioc_cmd);
12944 freemsg(mp);
12945 return (0);
12946 case M_IOCACK:
12947 /* /dev/ip shouldn't see this */
12948 goto nak;
12949 case M_FLUSH:
12950 if (*mp->b_rptr & FLUSHW)
12951 flushq(q, FLUSHALL);
12952 if (q->q_next) {
12953 putnext(q, mp);
12954 return (0);
12955 }
12956 if (*mp->b_rptr & FLUSHR) {
12957 *mp->b_rptr &= ~FLUSHW;
12958 qreply(q, mp);
12959 return (0);
12960 }
12961 freemsg(mp);
12962 return (0);
12963 case M_CTL:
12964 break;
12965 case M_PROTO:
12966 case M_PCPROTO:
12967 /*
12968 * The only PROTO messages we expect are SNMP-related.
12969 */
12970 switch (((union T_primitives *)mp->b_rptr)->type) {
12971 case T_SVR4_OPTMGMT_REQ:
12972 ip2dbg(("ip_wput_nondata: T_SVR4_OPTMGMT_REQ "
12973 "flags %x\n",
12974 ((struct T_optmgmt_req *)mp->b_rptr)->MGMT_flags));
12975
12976 if (connp == NULL) {
12977 proto_str = "T_SVR4_OPTMGMT_REQ";
12978 goto protonak;
12979 }
12980
12981 /*
12982 * All Solaris components should pass a db_credp
12983 * for this TPI message, hence we ASSERT.
12984 * But in case there is some other M_PROTO that looks
12985 * like a TPI message sent by some other kernel
12986 * component, we check and return an error.
12987 */
12988 cr = msg_getcred(mp, NULL);
12989 ASSERT(cr != NULL);
12990 if (cr == NULL) {
12991 mp = mi_tpi_err_ack_alloc(mp, TSYSERR, EINVAL);
12992 if (mp != NULL)
12993 qreply(q, mp);
12994 return (0);
12995 }
12996
12997 if (!snmpcom_req(q, mp, ip_snmp_set, ip_snmp_get, cr)) {
12998 proto_str = "Bad SNMPCOM request?";
12999 goto protonak;
13000 }
13001 return (0);
13002 default:
13003 ip1dbg(("ip_wput_nondata: dropping M_PROTO prim %u\n",
13004 (int)*(uint_t *)mp->b_rptr));
13005 freemsg(mp);
13006 return (0);
13007 }
13008 default:
13009 break;
13010 }
13011 if (q->q_next) {
13012 putnext(q, mp);
13013 } else
13014 freemsg(mp);
13015 return (0);
13016
13017 nak:
13018 iocp->ioc_error = EINVAL;
13019 mp->b_datap->db_type = M_IOCNAK;
13020 iocp->ioc_count = 0;
13021 qreply(q, mp);
13022 return (0);
13023
13024 protonak:
13025 cmn_err(CE_NOTE, "IP doesn't process %s as a module", proto_str);
13026 if ((mp = mi_tpi_err_ack_alloc(mp, TPROTO, EINVAL)) != NULL)
13027 qreply(q, mp);
13028 return (0);
13029 }
13030
13031 /*
13032 * Process IP options in an outbound packet. Verify that the nexthop in a
13033 * strict source route is onlink.
13034 * Returns non-zero if something fails in which case an ICMP error has been
13035 * sent and mp freed.
13036 *
13037 * Assumes the ULP has called ip_massage_options to move nexthop into ipha_dst.
13038 */
13039 int
ip_output_options(mblk_t * mp,ipha_t * ipha,ip_xmit_attr_t * ixa,ill_t * ill)13040 ip_output_options(mblk_t *mp, ipha_t *ipha, ip_xmit_attr_t *ixa, ill_t *ill)
13041 {
13042 ipoptp_t opts;
13043 uchar_t *opt;
13044 uint8_t optval;
13045 uint8_t optlen;
13046 ipaddr_t dst;
13047 intptr_t code = 0;
13048 ire_t *ire;
13049 ip_stack_t *ipst = ixa->ixa_ipst;
13050 ip_recv_attr_t iras;
13051
13052 ip2dbg(("ip_output_options\n"));
13053
13054 opt = NULL;
13055 dst = ipha->ipha_dst;
13056 for (optval = ipoptp_first(&opts, ipha);
13057 optval != IPOPT_EOL;
13058 optval = ipoptp_next(&opts)) {
13059 opt = opts.ipoptp_cur;
13060 optlen = opts.ipoptp_len;
13061 ip2dbg(("ip_output_options: opt %d, len %d\n",
13062 optval, optlen));
13063 switch (optval) {
13064 uint32_t off;
13065 case IPOPT_SSRR:
13066 case IPOPT_LSRR:
13067 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
13068 ip1dbg((
13069 "ip_output_options: bad option offset\n"));
13070 code = (char *)&opt[IPOPT_OLEN] -
13071 (char *)ipha;
13072 goto param_prob;
13073 }
13074 off = opt[IPOPT_OFFSET];
13075 ip1dbg(("ip_output_options: next hop 0x%x\n",
13076 ntohl(dst)));
13077 /*
13078 * For strict: verify that dst is directly
13079 * reachable.
13080 */
13081 if (optval == IPOPT_SSRR) {
13082 ire = ire_ftable_lookup_v4(dst, 0, 0,
13083 IRE_INTERFACE, NULL, ALL_ZONES,
13084 ixa->ixa_tsl,
13085 MATCH_IRE_TYPE | MATCH_IRE_SECATTR, 0, ipst,
13086 NULL);
13087 if (ire == NULL) {
13088 ip1dbg(("ip_output_options: SSRR not"
13089 " directly reachable: 0x%x\n",
13090 ntohl(dst)));
13091 goto bad_src_route;
13092 }
13093 ire_refrele(ire);
13094 }
13095 break;
13096 case IPOPT_RR:
13097 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
13098 ip1dbg((
13099 "ip_output_options: bad option offset\n"));
13100 code = (char *)&opt[IPOPT_OLEN] -
13101 (char *)ipha;
13102 goto param_prob;
13103 }
13104 break;
13105 case IPOPT_TS:
13106 /*
13107 * Verify that length >=5 and that there is either
13108 * room for another timestamp or that the overflow
13109 * counter is not maxed out.
13110 */
13111 code = (char *)&opt[IPOPT_OLEN] - (char *)ipha;
13112 if (optlen < IPOPT_MINLEN_IT) {
13113 goto param_prob;
13114 }
13115 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
13116 ip1dbg((
13117 "ip_output_options: bad option offset\n"));
13118 code = (char *)&opt[IPOPT_OFFSET] -
13119 (char *)ipha;
13120 goto param_prob;
13121 }
13122 switch (opt[IPOPT_POS_OV_FLG] & 0x0F) {
13123 case IPOPT_TS_TSONLY:
13124 off = IPOPT_TS_TIMELEN;
13125 break;
13126 case IPOPT_TS_TSANDADDR:
13127 case IPOPT_TS_PRESPEC:
13128 case IPOPT_TS_PRESPEC_RFC791:
13129 off = IP_ADDR_LEN + IPOPT_TS_TIMELEN;
13130 break;
13131 default:
13132 code = (char *)&opt[IPOPT_POS_OV_FLG] -
13133 (char *)ipha;
13134 goto param_prob;
13135 }
13136 if (opt[IPOPT_OFFSET] - 1 + off > optlen &&
13137 (opt[IPOPT_POS_OV_FLG] & 0xF0) == 0xF0) {
13138 /*
13139 * No room and the overflow counter is 15
13140 * already.
13141 */
13142 goto param_prob;
13143 }
13144 break;
13145 }
13146 }
13147
13148 if ((opts.ipoptp_flags & IPOPTP_ERROR) == 0)
13149 return (0);
13150
13151 ip1dbg(("ip_output_options: error processing IP options."));
13152 code = (char *)&opt[IPOPT_OFFSET] - (char *)ipha;
13153
13154 param_prob:
13155 bzero(&iras, sizeof (iras));
13156 iras.ira_ill = iras.ira_rill = ill;
13157 iras.ira_ruifindex = ill->ill_phyint->phyint_ifindex;
13158 iras.ira_rifindex = iras.ira_ruifindex;
13159 iras.ira_flags = IRAF_IS_IPV4;
13160
13161 ip_drop_output("ip_output_options", mp, ill);
13162 icmp_param_problem(mp, (uint8_t)code, &iras);
13163 ASSERT(!(iras.ira_flags & IRAF_IPSEC_SECURE));
13164 return (-1);
13165
13166 bad_src_route:
13167 bzero(&iras, sizeof (iras));
13168 iras.ira_ill = iras.ira_rill = ill;
13169 iras.ira_ruifindex = ill->ill_phyint->phyint_ifindex;
13170 iras.ira_rifindex = iras.ira_ruifindex;
13171 iras.ira_flags = IRAF_IS_IPV4;
13172
13173 ip_drop_input("ICMP_SOURCE_ROUTE_FAILED", mp, ill);
13174 icmp_unreachable(mp, ICMP_SOURCE_ROUTE_FAILED, &iras);
13175 ASSERT(!(iras.ira_flags & IRAF_IPSEC_SECURE));
13176 return (-1);
13177 }
13178
13179 /*
13180 * The maximum value of conn_drain_list_cnt is CONN_MAXDRAINCNT.
13181 * conn_drain_list_cnt can be changed by setting conn_drain_nthreads
13182 * thru /etc/system.
13183 */
13184 #define CONN_MAXDRAINCNT 64
13185
13186 static void
conn_drain_init(ip_stack_t * ipst)13187 conn_drain_init(ip_stack_t *ipst)
13188 {
13189 int i, j;
13190 idl_tx_list_t *itl_tx;
13191
13192 ipst->ips_conn_drain_list_cnt = conn_drain_nthreads;
13193
13194 if ((ipst->ips_conn_drain_list_cnt == 0) ||
13195 (ipst->ips_conn_drain_list_cnt > CONN_MAXDRAINCNT)) {
13196 /*
13197 * Default value of the number of drainers is the
13198 * number of cpus, subject to maximum of 8 drainers.
13199 */
13200 if (boot_max_ncpus != -1)
13201 ipst->ips_conn_drain_list_cnt = MIN(boot_max_ncpus, 8);
13202 else
13203 ipst->ips_conn_drain_list_cnt = MIN(max_ncpus, 8);
13204 }
13205
13206 ipst->ips_idl_tx_list =
13207 kmem_zalloc(TX_FANOUT_SIZE * sizeof (idl_tx_list_t), KM_SLEEP);
13208 for (i = 0; i < TX_FANOUT_SIZE; i++) {
13209 itl_tx = &ipst->ips_idl_tx_list[i];
13210 itl_tx->txl_drain_list =
13211 kmem_zalloc(ipst->ips_conn_drain_list_cnt *
13212 sizeof (idl_t), KM_SLEEP);
13213 mutex_init(&itl_tx->txl_lock, NULL, MUTEX_DEFAULT, NULL);
13214 for (j = 0; j < ipst->ips_conn_drain_list_cnt; j++) {
13215 mutex_init(&itl_tx->txl_drain_list[j].idl_lock, NULL,
13216 MUTEX_DEFAULT, NULL);
13217 itl_tx->txl_drain_list[j].idl_itl = itl_tx;
13218 }
13219 }
13220 }
13221
13222 static void
conn_drain_fini(ip_stack_t * ipst)13223 conn_drain_fini(ip_stack_t *ipst)
13224 {
13225 int i;
13226 idl_tx_list_t *itl_tx;
13227
13228 for (i = 0; i < TX_FANOUT_SIZE; i++) {
13229 itl_tx = &ipst->ips_idl_tx_list[i];
13230 kmem_free(itl_tx->txl_drain_list,
13231 ipst->ips_conn_drain_list_cnt * sizeof (idl_t));
13232 }
13233 kmem_free(ipst->ips_idl_tx_list,
13234 TX_FANOUT_SIZE * sizeof (idl_tx_list_t));
13235 ipst->ips_idl_tx_list = NULL;
13236 }
13237
13238 /*
13239 * Flow control has blocked us from proceeding. Insert the given conn in one
13240 * of the conn drain lists. When flow control is unblocked, either ip_wsrv()
13241 * (STREAMS) or ill_flow_enable() (direct) will be called back, which in turn
13242 * will call conn_walk_drain(). See the flow control notes at the top of this
13243 * file for more details.
13244 */
13245 void
conn_drain_insert(conn_t * connp,idl_tx_list_t * tx_list)13246 conn_drain_insert(conn_t *connp, idl_tx_list_t *tx_list)
13247 {
13248 idl_t *idl = tx_list->txl_drain_list;
13249 uint_t index;
13250 ip_stack_t *ipst = connp->conn_netstack->netstack_ip;
13251
13252 mutex_enter(&connp->conn_lock);
13253 if (connp->conn_state_flags & CONN_CLOSING) {
13254 /*
13255 * The conn is closing as a result of which CONN_CLOSING
13256 * is set. Return.
13257 */
13258 mutex_exit(&connp->conn_lock);
13259 return;
13260 } else if (connp->conn_idl == NULL) {
13261 /*
13262 * Assign the next drain list round robin. We dont' use
13263 * a lock, and thus it may not be strictly round robin.
13264 * Atomicity of load/stores is enough to make sure that
13265 * conn_drain_list_index is always within bounds.
13266 */
13267 index = tx_list->txl_drain_index;
13268 ASSERT(index < ipst->ips_conn_drain_list_cnt);
13269 connp->conn_idl = &tx_list->txl_drain_list[index];
13270 index++;
13271 if (index == ipst->ips_conn_drain_list_cnt)
13272 index = 0;
13273 tx_list->txl_drain_index = index;
13274 } else {
13275 ASSERT(connp->conn_idl->idl_itl == tx_list);
13276 }
13277 mutex_exit(&connp->conn_lock);
13278
13279 idl = connp->conn_idl;
13280 mutex_enter(&idl->idl_lock);
13281 if ((connp->conn_drain_prev != NULL) ||
13282 (connp->conn_state_flags & CONN_CLOSING)) {
13283 /*
13284 * The conn is either already in the drain list or closing.
13285 * (We needed to check for CONN_CLOSING again since close can
13286 * sneak in between dropping conn_lock and acquiring idl_lock.)
13287 */
13288 mutex_exit(&idl->idl_lock);
13289 return;
13290 }
13291
13292 /*
13293 * The conn is not in the drain list. Insert it at the
13294 * tail of the drain list. The drain list is circular
13295 * and doubly linked. idl_conn points to the 1st element
13296 * in the list.
13297 */
13298 if (idl->idl_conn == NULL) {
13299 idl->idl_conn = connp;
13300 connp->conn_drain_next = connp;
13301 connp->conn_drain_prev = connp;
13302 } else {
13303 conn_t *head = idl->idl_conn;
13304
13305 connp->conn_drain_next = head;
13306 connp->conn_drain_prev = head->conn_drain_prev;
13307 head->conn_drain_prev->conn_drain_next = connp;
13308 head->conn_drain_prev = connp;
13309 }
13310 /*
13311 * For non streams based sockets assert flow control.
13312 */
13313 conn_setqfull(connp, NULL);
13314 mutex_exit(&idl->idl_lock);
13315 }
13316
13317 static void
conn_drain_remove(conn_t * connp)13318 conn_drain_remove(conn_t *connp)
13319 {
13320 idl_t *idl = connp->conn_idl;
13321
13322 if (idl != NULL) {
13323 /*
13324 * Remove ourself from the drain list.
13325 */
13326 if (connp->conn_drain_next == connp) {
13327 /* Singleton in the list */
13328 ASSERT(connp->conn_drain_prev == connp);
13329 idl->idl_conn = NULL;
13330 } else {
13331 connp->conn_drain_prev->conn_drain_next =
13332 connp->conn_drain_next;
13333 connp->conn_drain_next->conn_drain_prev =
13334 connp->conn_drain_prev;
13335 if (idl->idl_conn == connp)
13336 idl->idl_conn = connp->conn_drain_next;
13337 }
13338
13339 /*
13340 * NOTE: because conn_idl is associated with a specific drain
13341 * list which in turn is tied to the index the TX ring
13342 * (txl_cookie) hashes to, and because the TX ring can change
13343 * over the lifetime of the conn_t, we must clear conn_idl so
13344 * a subsequent conn_drain_insert() will set conn_idl again
13345 * based on the latest txl_cookie.
13346 */
13347 connp->conn_idl = NULL;
13348 }
13349 connp->conn_drain_next = NULL;
13350 connp->conn_drain_prev = NULL;
13351
13352 conn_clrqfull(connp, NULL);
13353 /*
13354 * For streams based sockets open up flow control.
13355 */
13356 if (!IPCL_IS_NONSTR(connp))
13357 enableok(connp->conn_wq);
13358 }
13359
13360 /*
13361 * This conn is closing, and we are called from ip_close. OR
13362 * this conn is draining because flow-control on the ill has been relieved.
13363 *
13364 * We must also need to remove conn's on this idl from the list, and also
13365 * inform the sockfs upcalls about the change in flow-control.
13366 */
13367 static void
conn_drain(conn_t * connp,boolean_t closing)13368 conn_drain(conn_t *connp, boolean_t closing)
13369 {
13370 idl_t *idl;
13371 conn_t *next_connp;
13372
13373 /*
13374 * connp->conn_idl is stable at this point, and no lock is needed
13375 * to check it. If we are called from ip_close, close has already
13376 * set CONN_CLOSING, thus freezing the value of conn_idl, and
13377 * called us only because conn_idl is non-null. If we are called thru
13378 * service, conn_idl could be null, but it cannot change because
13379 * service is single-threaded per queue, and there cannot be another
13380 * instance of service trying to call conn_drain_insert on this conn
13381 * now.
13382 */
13383 ASSERT(!closing || connp == NULL || connp->conn_idl != NULL);
13384
13385 /*
13386 * If the conn doesn't exist or is not on a drain list, bail.
13387 */
13388 if (connp == NULL || connp->conn_idl == NULL ||
13389 connp->conn_drain_prev == NULL) {
13390 return;
13391 }
13392
13393 idl = connp->conn_idl;
13394 ASSERT(MUTEX_HELD(&idl->idl_lock));
13395
13396 if (!closing) {
13397 next_connp = connp->conn_drain_next;
13398 while (next_connp != connp) {
13399 conn_t *delconnp = next_connp;
13400
13401 next_connp = next_connp->conn_drain_next;
13402 conn_drain_remove(delconnp);
13403 }
13404 ASSERT(connp->conn_drain_next == idl->idl_conn);
13405 }
13406 conn_drain_remove(connp);
13407 }
13408
13409 /*
13410 * Write service routine. Shared perimeter entry point.
13411 * The device queue's messages has fallen below the low water mark and STREAMS
13412 * has backenabled the ill_wq. Send sockfs notification about flow-control on
13413 * each waiting conn.
13414 */
13415 int
ip_wsrv(queue_t * q)13416 ip_wsrv(queue_t *q)
13417 {
13418 ill_t *ill;
13419
13420 ill = (ill_t *)q->q_ptr;
13421 if (ill->ill_state_flags == 0) {
13422 ip_stack_t *ipst = ill->ill_ipst;
13423
13424 /*
13425 * The device flow control has opened up.
13426 * Walk through conn drain lists and qenable the
13427 * first conn in each list. This makes sense only
13428 * if the stream is fully plumbed and setup.
13429 * Hence the ill_state_flags check above.
13430 */
13431 ip1dbg(("ip_wsrv: walking\n"));
13432 conn_walk_drain(ipst, &ipst->ips_idl_tx_list[0]);
13433 enableok(ill->ill_wq);
13434 }
13435 return (0);
13436 }
13437
13438 /*
13439 * Callback to disable flow control in IP.
13440 *
13441 * This is a mac client callback added when the DLD_CAPAB_DIRECT capability
13442 * is enabled.
13443 *
13444 * When MAC_TX() is not able to send any more packets, dld sets its queue
13445 * to QFULL and enable the STREAMS flow control. Later, when the underlying
13446 * driver is able to continue to send packets, it calls mac_tx_(ring_)update()
13447 * function and wakes up corresponding mac worker threads, which in turn
13448 * calls this callback function, and disables flow control.
13449 */
13450 void
ill_flow_enable(void * arg,ip_mac_tx_cookie_t cookie)13451 ill_flow_enable(void *arg, ip_mac_tx_cookie_t cookie)
13452 {
13453 ill_t *ill = (ill_t *)arg;
13454 ip_stack_t *ipst = ill->ill_ipst;
13455 idl_tx_list_t *idl_txl;
13456
13457 idl_txl = &ipst->ips_idl_tx_list[IDLHASHINDEX(cookie)];
13458 mutex_enter(&idl_txl->txl_lock);
13459 /* add code to to set a flag to indicate idl_txl is enabled */
13460 conn_walk_drain(ipst, idl_txl);
13461 mutex_exit(&idl_txl->txl_lock);
13462 }
13463
13464 /*
13465 * Flow control has been relieved and STREAMS has backenabled us; drain
13466 * all the conn lists on `tx_list'.
13467 */
13468 static void
conn_walk_drain(ip_stack_t * ipst,idl_tx_list_t * tx_list)13469 conn_walk_drain(ip_stack_t *ipst, idl_tx_list_t *tx_list)
13470 {
13471 int i;
13472 idl_t *idl;
13473
13474 IP_STAT(ipst, ip_conn_walk_drain);
13475
13476 for (i = 0; i < ipst->ips_conn_drain_list_cnt; i++) {
13477 idl = &tx_list->txl_drain_list[i];
13478 mutex_enter(&idl->idl_lock);
13479 conn_drain(idl->idl_conn, B_FALSE);
13480 mutex_exit(&idl->idl_lock);
13481 }
13482 }
13483
13484 /*
13485 * Determine if the ill and multicast aspects of that packets
13486 * "matches" the conn.
13487 */
13488 boolean_t
conn_wantpacket(conn_t * connp,ip_recv_attr_t * ira,ipha_t * ipha)13489 conn_wantpacket(conn_t *connp, ip_recv_attr_t *ira, ipha_t *ipha)
13490 {
13491 ill_t *ill = ira->ira_rill;
13492 zoneid_t zoneid = ira->ira_zoneid;
13493 uint_t in_ifindex;
13494 ipaddr_t dst, src;
13495
13496 dst = ipha->ipha_dst;
13497 src = ipha->ipha_src;
13498
13499 /*
13500 * conn_incoming_ifindex is set by IP_BOUND_IF which limits
13501 * unicast, broadcast and multicast reception to
13502 * conn_incoming_ifindex.
13503 * conn_wantpacket is called for unicast, broadcast and
13504 * multicast packets.
13505 */
13506 in_ifindex = connp->conn_incoming_ifindex;
13507
13508 /* mpathd can bind to the under IPMP interface, which we allow */
13509 if (in_ifindex != 0 && in_ifindex != ill->ill_phyint->phyint_ifindex) {
13510 if (!IS_UNDER_IPMP(ill))
13511 return (B_FALSE);
13512
13513 if (in_ifindex != ipmp_ill_get_ipmp_ifindex(ill))
13514 return (B_FALSE);
13515 }
13516
13517 if (!IPCL_ZONE_MATCH(connp, zoneid))
13518 return (B_FALSE);
13519
13520 if (!(ira->ira_flags & IRAF_MULTICAST))
13521 return (B_TRUE);
13522
13523 if (connp->conn_multi_router) {
13524 /* multicast packet and multicast router socket: send up */
13525 return (B_TRUE);
13526 }
13527
13528 if (ipha->ipha_protocol == IPPROTO_PIM ||
13529 ipha->ipha_protocol == IPPROTO_RSVP)
13530 return (B_TRUE);
13531
13532 return (conn_hasmembers_ill_withsrc_v4(connp, dst, src, ira->ira_ill));
13533 }
13534
13535 void
conn_setqfull(conn_t * connp,boolean_t * flow_stopped)13536 conn_setqfull(conn_t *connp, boolean_t *flow_stopped)
13537 {
13538 if (IPCL_IS_NONSTR(connp)) {
13539 (*connp->conn_upcalls->su_txq_full)
13540 (connp->conn_upper_handle, B_TRUE);
13541 if (flow_stopped != NULL)
13542 *flow_stopped = B_TRUE;
13543 } else {
13544 queue_t *q = connp->conn_wq;
13545
13546 ASSERT(q != NULL);
13547 if (!(q->q_flag & QFULL)) {
13548 mutex_enter(QLOCK(q));
13549 if (!(q->q_flag & QFULL)) {
13550 /* still need to set QFULL */
13551 q->q_flag |= QFULL;
13552 /* set flow_stopped to true under QLOCK */
13553 if (flow_stopped != NULL)
13554 *flow_stopped = B_TRUE;
13555 mutex_exit(QLOCK(q));
13556 } else {
13557 /* flow_stopped is left unchanged */
13558 mutex_exit(QLOCK(q));
13559 }
13560 }
13561 }
13562 }
13563
13564 void
conn_clrqfull(conn_t * connp,boolean_t * flow_stopped)13565 conn_clrqfull(conn_t *connp, boolean_t *flow_stopped)
13566 {
13567 if (IPCL_IS_NONSTR(connp)) {
13568 (*connp->conn_upcalls->su_txq_full)
13569 (connp->conn_upper_handle, B_FALSE);
13570 if (flow_stopped != NULL)
13571 *flow_stopped = B_FALSE;
13572 } else {
13573 queue_t *q = connp->conn_wq;
13574
13575 ASSERT(q != NULL);
13576 if (q->q_flag & QFULL) {
13577 mutex_enter(QLOCK(q));
13578 if (q->q_flag & QFULL) {
13579 q->q_flag &= ~QFULL;
13580 /* set flow_stopped to false under QLOCK */
13581 if (flow_stopped != NULL)
13582 *flow_stopped = B_FALSE;
13583 mutex_exit(QLOCK(q));
13584 if (q->q_flag & QWANTW)
13585 qbackenable(q, 0);
13586 } else {
13587 /* flow_stopped is left unchanged */
13588 mutex_exit(QLOCK(q));
13589 }
13590 }
13591 }
13592
13593 mutex_enter(&connp->conn_lock);
13594 connp->conn_blocked = B_FALSE;
13595 mutex_exit(&connp->conn_lock);
13596 }
13597
13598 /*
13599 * Return the length in bytes of the IPv4 headers (base header, label, and
13600 * other IP options) that will be needed based on the
13601 * ip_pkt_t structure passed by the caller.
13602 *
13603 * The returned length does not include the length of the upper level
13604 * protocol (ULP) header.
13605 * The caller needs to check that the length doesn't exceed the max for IPv4.
13606 */
13607 int
ip_total_hdrs_len_v4(const ip_pkt_t * ipp)13608 ip_total_hdrs_len_v4(const ip_pkt_t *ipp)
13609 {
13610 int len;
13611
13612 len = IP_SIMPLE_HDR_LENGTH;
13613 if (ipp->ipp_fields & IPPF_LABEL_V4) {
13614 ASSERT(ipp->ipp_label_len_v4 != 0);
13615 /* We need to round up here */
13616 len += (ipp->ipp_label_len_v4 + 3) & ~3;
13617 }
13618
13619 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) {
13620 ASSERT(ipp->ipp_ipv4_options_len != 0);
13621 ASSERT((ipp->ipp_ipv4_options_len & 3) == 0);
13622 len += ipp->ipp_ipv4_options_len;
13623 }
13624 return (len);
13625 }
13626
13627 /*
13628 * All-purpose routine to build an IPv4 header with options based
13629 * on the abstract ip_pkt_t.
13630 *
13631 * The caller has to set the source and destination address as well as
13632 * ipha_length. The caller has to massage any source route and compensate
13633 * for the ULP pseudo-header checksum due to the source route.
13634 */
13635 void
ip_build_hdrs_v4(uchar_t * buf,uint_t buf_len,const ip_pkt_t * ipp,uint8_t protocol)13636 ip_build_hdrs_v4(uchar_t *buf, uint_t buf_len, const ip_pkt_t *ipp,
13637 uint8_t protocol)
13638 {
13639 ipha_t *ipha = (ipha_t *)buf;
13640 uint8_t *cp;
13641
13642 /* Initialize IPv4 header */
13643 ipha->ipha_type_of_service = ipp->ipp_type_of_service;
13644 ipha->ipha_length = 0; /* Caller will set later */
13645 ipha->ipha_ident = 0;
13646 ipha->ipha_fragment_offset_and_flags = 0;
13647 ipha->ipha_ttl = ipp->ipp_unicast_hops;
13648 ipha->ipha_protocol = protocol;
13649 ipha->ipha_hdr_checksum = 0;
13650
13651 if ((ipp->ipp_fields & IPPF_ADDR) &&
13652 IN6_IS_ADDR_V4MAPPED(&ipp->ipp_addr))
13653 ipha->ipha_src = ipp->ipp_addr_v4;
13654
13655 cp = (uint8_t *)&ipha[1];
13656 if (ipp->ipp_fields & IPPF_LABEL_V4) {
13657 ASSERT(ipp->ipp_label_len_v4 != 0);
13658 bcopy(ipp->ipp_label_v4, cp, ipp->ipp_label_len_v4);
13659 cp += ipp->ipp_label_len_v4;
13660 /* We need to round up here */
13661 while ((uintptr_t)cp & 0x3) {
13662 *cp++ = IPOPT_NOP;
13663 }
13664 }
13665
13666 if (ipp->ipp_fields & IPPF_IPV4_OPTIONS) {
13667 ASSERT(ipp->ipp_ipv4_options_len != 0);
13668 ASSERT((ipp->ipp_ipv4_options_len & 3) == 0);
13669 bcopy(ipp->ipp_ipv4_options, cp, ipp->ipp_ipv4_options_len);
13670 cp += ipp->ipp_ipv4_options_len;
13671 }
13672 ipha->ipha_version_and_hdr_length =
13673 (uint8_t)((IP_VERSION << 4) + buf_len / 4);
13674
13675 ASSERT((int)(cp - buf) == buf_len);
13676 }
13677
13678 /* Allocate the private structure */
13679 static int
ip_priv_alloc(void ** bufp)13680 ip_priv_alloc(void **bufp)
13681 {
13682 void *buf;
13683
13684 if ((buf = kmem_alloc(sizeof (ip_priv_t), KM_NOSLEEP)) == NULL)
13685 return (ENOMEM);
13686
13687 *bufp = buf;
13688 return (0);
13689 }
13690
13691 /* Function to delete the private structure */
13692 void
ip_priv_free(void * buf)13693 ip_priv_free(void *buf)
13694 {
13695 ASSERT(buf != NULL);
13696 kmem_free(buf, sizeof (ip_priv_t));
13697 }
13698
13699 /*
13700 * The entry point for IPPF processing.
13701 * If the classifier (IPGPC_CLASSIFY) is not loaded and configured, the
13702 * routine just returns.
13703 *
13704 * When called, ip_process generates an ipp_packet_t structure
13705 * which holds the state information for this packet and invokes the
13706 * the classifier (via ipp_packet_process). The classification, depending on
13707 * configured filters, results in a list of actions for this packet. Invoking
13708 * an action may cause the packet to be dropped, in which case we return NULL.
13709 * proc indicates the callout position for
13710 * this packet and ill is the interface this packet arrived on or will leave
13711 * on (inbound and outbound resp.).
13712 *
13713 * We do the processing on the rill (mapped to the upper if ipmp), but MIB
13714 * on the ill corrsponding to the destination IP address.
13715 */
13716 mblk_t *
ip_process(ip_proc_t proc,mblk_t * mp,ill_t * rill,ill_t * ill)13717 ip_process(ip_proc_t proc, mblk_t *mp, ill_t *rill, ill_t *ill)
13718 {
13719 ip_priv_t *priv;
13720 ipp_action_id_t aid;
13721 int rc = 0;
13722 ipp_packet_t *pp;
13723
13724 /* If the classifier is not loaded, return */
13725 if ((aid = ipp_action_lookup(IPGPC_CLASSIFY)) == IPP_ACTION_INVAL) {
13726 return (mp);
13727 }
13728
13729 ASSERT(mp != NULL);
13730
13731 /* Allocate the packet structure */
13732 rc = ipp_packet_alloc(&pp, "ip", aid);
13733 if (rc != 0)
13734 goto drop;
13735
13736 /* Allocate the private structure */
13737 rc = ip_priv_alloc((void **)&priv);
13738 if (rc != 0) {
13739 ipp_packet_free(pp);
13740 goto drop;
13741 }
13742 priv->proc = proc;
13743 priv->ill_index = ill_get_upper_ifindex(rill);
13744
13745 ipp_packet_set_private(pp, priv, ip_priv_free);
13746 ipp_packet_set_data(pp, mp);
13747
13748 /* Invoke the classifier */
13749 rc = ipp_packet_process(&pp);
13750 if (pp != NULL) {
13751 mp = ipp_packet_get_data(pp);
13752 ipp_packet_free(pp);
13753 if (rc != 0)
13754 goto drop;
13755 return (mp);
13756 } else {
13757 /* No mp to trace in ip_drop_input/ip_drop_output */
13758 mp = NULL;
13759 }
13760 drop:
13761 if (proc == IPP_LOCAL_IN || proc == IPP_FWD_IN) {
13762 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
13763 ip_drop_input("ip_process", mp, ill);
13764 } else {
13765 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
13766 ip_drop_output("ip_process", mp, ill);
13767 }
13768 freemsg(mp);
13769 return (NULL);
13770 }
13771
13772 /*
13773 * Propagate a multicast group membership operation (add/drop) on
13774 * all the interfaces crossed by the related multirt routes.
13775 * The call is considered successful if the operation succeeds
13776 * on at least one interface.
13777 *
13778 * This assumes that a set of IRE_HOST/RTF_MULTIRT has been created for the
13779 * multicast addresses with the ire argument being the first one.
13780 * We walk the bucket to find all the of those.
13781 *
13782 * Common to IPv4 and IPv6.
13783 */
13784 static int
ip_multirt_apply_membership(int (* fn)(conn_t *,boolean_t,const in6_addr_t *,ipaddr_t,uint_t,mcast_record_t,const in6_addr_t *),ire_t * ire,conn_t * connp,boolean_t checkonly,const in6_addr_t * v6group,mcast_record_t fmode,const in6_addr_t * v6src)13785 ip_multirt_apply_membership(int (*fn)(conn_t *, boolean_t,
13786 const in6_addr_t *, ipaddr_t, uint_t, mcast_record_t, const in6_addr_t *),
13787 ire_t *ire, conn_t *connp, boolean_t checkonly, const in6_addr_t *v6group,
13788 mcast_record_t fmode, const in6_addr_t *v6src)
13789 {
13790 ire_t *ire_gw;
13791 irb_t *irb;
13792 int ifindex;
13793 int error = 0;
13794 int result;
13795 ip_stack_t *ipst = ire->ire_ipst;
13796 ipaddr_t group;
13797 boolean_t isv6;
13798 int match_flags;
13799
13800 if (IN6_IS_ADDR_V4MAPPED(v6group)) {
13801 IN6_V4MAPPED_TO_IPADDR(v6group, group);
13802 isv6 = B_FALSE;
13803 } else {
13804 isv6 = B_TRUE;
13805 }
13806
13807 irb = ire->ire_bucket;
13808 ASSERT(irb != NULL);
13809
13810 result = 0;
13811 irb_refhold(irb);
13812 for (; ire != NULL; ire = ire->ire_next) {
13813 if ((ire->ire_flags & RTF_MULTIRT) == 0)
13814 continue;
13815
13816 /* We handle -ifp routes by matching on the ill if set */
13817 match_flags = MATCH_IRE_TYPE;
13818 if (ire->ire_ill != NULL)
13819 match_flags |= MATCH_IRE_ILL;
13820
13821 if (isv6) {
13822 if (!IN6_ARE_ADDR_EQUAL(&ire->ire_addr_v6, v6group))
13823 continue;
13824
13825 ire_gw = ire_ftable_lookup_v6(&ire->ire_gateway_addr_v6,
13826 0, 0, IRE_INTERFACE, ire->ire_ill, ALL_ZONES, NULL,
13827 match_flags, 0, ipst, NULL);
13828 } else {
13829 if (ire->ire_addr != group)
13830 continue;
13831
13832 ire_gw = ire_ftable_lookup_v4(ire->ire_gateway_addr,
13833 0, 0, IRE_INTERFACE, ire->ire_ill, ALL_ZONES, NULL,
13834 match_flags, 0, ipst, NULL);
13835 }
13836 /* No interface route exists for the gateway; skip this ire. */
13837 if (ire_gw == NULL)
13838 continue;
13839 if (ire_gw->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) {
13840 ire_refrele(ire_gw);
13841 continue;
13842 }
13843 ASSERT(ire_gw->ire_ill != NULL); /* IRE_INTERFACE */
13844 ifindex = ire_gw->ire_ill->ill_phyint->phyint_ifindex;
13845
13846 /*
13847 * The operation is considered a success if
13848 * it succeeds at least once on any one interface.
13849 */
13850 error = fn(connp, checkonly, v6group, INADDR_ANY, ifindex,
13851 fmode, v6src);
13852 if (error == 0)
13853 result = CGTP_MCAST_SUCCESS;
13854
13855 ire_refrele(ire_gw);
13856 }
13857 irb_refrele(irb);
13858 /*
13859 * Consider the call as successful if we succeeded on at least
13860 * one interface. Otherwise, return the last encountered error.
13861 */
13862 return (result == CGTP_MCAST_SUCCESS ? 0 : error);
13863 }
13864
13865 /*
13866 * Return the expected CGTP hooks version number.
13867 */
13868 int
ip_cgtp_filter_supported(void)13869 ip_cgtp_filter_supported(void)
13870 {
13871 return (ip_cgtp_filter_rev);
13872 }
13873
13874 /*
13875 * CGTP hooks can be registered by invoking this function.
13876 * Checks that the version number matches.
13877 */
13878 int
ip_cgtp_filter_register(netstackid_t stackid,cgtp_filter_ops_t * ops)13879 ip_cgtp_filter_register(netstackid_t stackid, cgtp_filter_ops_t *ops)
13880 {
13881 netstack_t *ns;
13882 ip_stack_t *ipst;
13883
13884 if (ops->cfo_filter_rev != CGTP_FILTER_REV)
13885 return (ENOTSUP);
13886
13887 ns = netstack_find_by_stackid(stackid);
13888 if (ns == NULL)
13889 return (EINVAL);
13890 ipst = ns->netstack_ip;
13891 ASSERT(ipst != NULL);
13892
13893 if (ipst->ips_ip_cgtp_filter_ops != NULL) {
13894 netstack_rele(ns);
13895 return (EALREADY);
13896 }
13897
13898 ipst->ips_ip_cgtp_filter_ops = ops;
13899
13900 ill_set_inputfn_all(ipst);
13901
13902 netstack_rele(ns);
13903 return (0);
13904 }
13905
13906 /*
13907 * CGTP hooks can be unregistered by invoking this function.
13908 * Returns ENXIO if there was no registration.
13909 * Returns EBUSY if the ndd variable has not been turned off.
13910 */
13911 int
ip_cgtp_filter_unregister(netstackid_t stackid)13912 ip_cgtp_filter_unregister(netstackid_t stackid)
13913 {
13914 netstack_t *ns;
13915 ip_stack_t *ipst;
13916
13917 ns = netstack_find_by_stackid(stackid);
13918 if (ns == NULL)
13919 return (EINVAL);
13920 ipst = ns->netstack_ip;
13921 ASSERT(ipst != NULL);
13922
13923 if (ipst->ips_ip_cgtp_filter) {
13924 netstack_rele(ns);
13925 return (EBUSY);
13926 }
13927
13928 if (ipst->ips_ip_cgtp_filter_ops == NULL) {
13929 netstack_rele(ns);
13930 return (ENXIO);
13931 }
13932 ipst->ips_ip_cgtp_filter_ops = NULL;
13933
13934 ill_set_inputfn_all(ipst);
13935
13936 netstack_rele(ns);
13937 return (0);
13938 }
13939
13940 /*
13941 * Check whether there is a CGTP filter registration.
13942 * Returns non-zero if there is a registration, otherwise returns zero.
13943 * Note: returns zero if bad stackid.
13944 */
13945 int
ip_cgtp_filter_is_registered(netstackid_t stackid)13946 ip_cgtp_filter_is_registered(netstackid_t stackid)
13947 {
13948 netstack_t *ns;
13949 ip_stack_t *ipst;
13950 int ret;
13951
13952 ns = netstack_find_by_stackid(stackid);
13953 if (ns == NULL)
13954 return (0);
13955 ipst = ns->netstack_ip;
13956 ASSERT(ipst != NULL);
13957
13958 if (ipst->ips_ip_cgtp_filter_ops != NULL)
13959 ret = 1;
13960 else
13961 ret = 0;
13962
13963 netstack_rele(ns);
13964 return (ret);
13965 }
13966
13967 static int
ip_squeue_switch(int val)13968 ip_squeue_switch(int val)
13969 {
13970 int rval;
13971
13972 switch (val) {
13973 case IP_SQUEUE_ENTER_NODRAIN:
13974 rval = SQ_NODRAIN;
13975 break;
13976 case IP_SQUEUE_ENTER:
13977 rval = SQ_PROCESS;
13978 break;
13979 case IP_SQUEUE_FILL:
13980 default:
13981 rval = SQ_FILL;
13982 break;
13983 }
13984 return (rval);
13985 }
13986
13987 static void *
ip_kstat2_init(netstackid_t stackid,ip_stat_t * ip_statisticsp)13988 ip_kstat2_init(netstackid_t stackid, ip_stat_t *ip_statisticsp)
13989 {
13990 kstat_t *ksp;
13991
13992 ip_stat_t template = {
13993 { "ip_udp_fannorm", KSTAT_DATA_UINT64 },
13994 { "ip_udp_fanmb", KSTAT_DATA_UINT64 },
13995 { "ip_recv_pullup", KSTAT_DATA_UINT64 },
13996 { "ip_db_ref", KSTAT_DATA_UINT64 },
13997 { "ip_notaligned", KSTAT_DATA_UINT64 },
13998 { "ip_multimblk", KSTAT_DATA_UINT64 },
13999 { "ip_opt", KSTAT_DATA_UINT64 },
14000 { "ipsec_proto_ahesp", KSTAT_DATA_UINT64 },
14001 { "ip_conn_flputbq", KSTAT_DATA_UINT64 },
14002 { "ip_conn_walk_drain", KSTAT_DATA_UINT64 },
14003 { "ip_out_sw_cksum", KSTAT_DATA_UINT64 },
14004 { "ip_out_sw_cksum_bytes", KSTAT_DATA_UINT64 },
14005 { "ip_in_sw_cksum", KSTAT_DATA_UINT64 },
14006 { "ip_ire_reclaim_calls", KSTAT_DATA_UINT64 },
14007 { "ip_ire_reclaim_deleted", KSTAT_DATA_UINT64 },
14008 { "ip_nce_reclaim_calls", KSTAT_DATA_UINT64 },
14009 { "ip_nce_reclaim_deleted", KSTAT_DATA_UINT64 },
14010 { "ip_nce_mcast_reclaim_calls", KSTAT_DATA_UINT64 },
14011 { "ip_nce_mcast_reclaim_deleted", KSTAT_DATA_UINT64 },
14012 { "ip_nce_mcast_reclaim_tqfail", KSTAT_DATA_UINT64 },
14013 { "ip_dce_reclaim_calls", KSTAT_DATA_UINT64 },
14014 { "ip_dce_reclaim_deleted", KSTAT_DATA_UINT64 },
14015 { "ip_tcp_in_full_hw_cksum_err", KSTAT_DATA_UINT64 },
14016 { "ip_tcp_in_part_hw_cksum_err", KSTAT_DATA_UINT64 },
14017 { "ip_tcp_in_sw_cksum_err", KSTAT_DATA_UINT64 },
14018 { "ip_udp_in_full_hw_cksum_err", KSTAT_DATA_UINT64 },
14019 { "ip_udp_in_part_hw_cksum_err", KSTAT_DATA_UINT64 },
14020 { "ip_udp_in_sw_cksum_err", KSTAT_DATA_UINT64 },
14021 { "conn_in_recvdstaddr", KSTAT_DATA_UINT64 },
14022 { "conn_in_recvopts", KSTAT_DATA_UINT64 },
14023 { "conn_in_recvif", KSTAT_DATA_UINT64 },
14024 { "conn_in_recvslla", KSTAT_DATA_UINT64 },
14025 { "conn_in_recvucred", KSTAT_DATA_UINT64 },
14026 { "conn_in_recvttl", KSTAT_DATA_UINT64 },
14027 { "conn_in_recvtos", KSTAT_DATA_UINT64 },
14028 { "conn_in_recvhopopts", KSTAT_DATA_UINT64 },
14029 { "conn_in_recvhoplimit", KSTAT_DATA_UINT64 },
14030 { "conn_in_recvdstopts", KSTAT_DATA_UINT64 },
14031 { "conn_in_recvrthdrdstopts", KSTAT_DATA_UINT64 },
14032 { "conn_in_recvrthdr", KSTAT_DATA_UINT64 },
14033 { "conn_in_recvpktinfo", KSTAT_DATA_UINT64 },
14034 { "conn_in_recvtclass", KSTAT_DATA_UINT64 },
14035 { "conn_in_timestamp", KSTAT_DATA_UINT64 },
14036 };
14037
14038 ksp = kstat_create_netstack("ip", 0, "ipstat", "net",
14039 KSTAT_TYPE_NAMED, sizeof (template) / sizeof (kstat_named_t),
14040 KSTAT_FLAG_VIRTUAL, stackid);
14041
14042 if (ksp == NULL)
14043 return (NULL);
14044
14045 bcopy(&template, ip_statisticsp, sizeof (template));
14046 ksp->ks_data = (void *)ip_statisticsp;
14047 ksp->ks_private = (void *)(uintptr_t)stackid;
14048
14049 kstat_install(ksp);
14050 return (ksp);
14051 }
14052
14053 static void
ip_kstat2_fini(netstackid_t stackid,kstat_t * ksp)14054 ip_kstat2_fini(netstackid_t stackid, kstat_t *ksp)
14055 {
14056 if (ksp != NULL) {
14057 ASSERT(stackid == (netstackid_t)(uintptr_t)ksp->ks_private);
14058 kstat_delete_netstack(ksp, stackid);
14059 }
14060 }
14061
14062 static void *
ip_kstat_init(netstackid_t stackid,ip_stack_t * ipst)14063 ip_kstat_init(netstackid_t stackid, ip_stack_t *ipst)
14064 {
14065 kstat_t *ksp;
14066
14067 ip_named_kstat_t template = {
14068 { "forwarding", KSTAT_DATA_UINT32, 0 },
14069 { "defaultTTL", KSTAT_DATA_UINT32, 0 },
14070 { "inReceives", KSTAT_DATA_UINT64, 0 },
14071 { "inHdrErrors", KSTAT_DATA_UINT32, 0 },
14072 { "inAddrErrors", KSTAT_DATA_UINT32, 0 },
14073 { "forwDatagrams", KSTAT_DATA_UINT64, 0 },
14074 { "inUnknownProtos", KSTAT_DATA_UINT32, 0 },
14075 { "inDiscards", KSTAT_DATA_UINT32, 0 },
14076 { "inDelivers", KSTAT_DATA_UINT64, 0 },
14077 { "outRequests", KSTAT_DATA_UINT64, 0 },
14078 { "outDiscards", KSTAT_DATA_UINT32, 0 },
14079 { "outNoRoutes", KSTAT_DATA_UINT32, 0 },
14080 { "reasmTimeout", KSTAT_DATA_UINT32, 0 },
14081 { "reasmReqds", KSTAT_DATA_UINT32, 0 },
14082 { "reasmOKs", KSTAT_DATA_UINT32, 0 },
14083 { "reasmFails", KSTAT_DATA_UINT32, 0 },
14084 { "fragOKs", KSTAT_DATA_UINT32, 0 },
14085 { "fragFails", KSTAT_DATA_UINT32, 0 },
14086 { "fragCreates", KSTAT_DATA_UINT32, 0 },
14087 { "addrEntrySize", KSTAT_DATA_INT32, 0 },
14088 { "routeEntrySize", KSTAT_DATA_INT32, 0 },
14089 { "netToMediaEntrySize", KSTAT_DATA_INT32, 0 },
14090 { "routingDiscards", KSTAT_DATA_UINT32, 0 },
14091 { "inErrs", KSTAT_DATA_UINT32, 0 },
14092 { "noPorts", KSTAT_DATA_UINT32, 0 },
14093 { "inCksumErrs", KSTAT_DATA_UINT32, 0 },
14094 { "reasmDuplicates", KSTAT_DATA_UINT32, 0 },
14095 { "reasmPartDups", KSTAT_DATA_UINT32, 0 },
14096 { "forwProhibits", KSTAT_DATA_UINT32, 0 },
14097 { "udpInCksumErrs", KSTAT_DATA_UINT32, 0 },
14098 { "udpInOverflows", KSTAT_DATA_UINT32, 0 },
14099 { "rawipInOverflows", KSTAT_DATA_UINT32, 0 },
14100 { "ipsecInSucceeded", KSTAT_DATA_UINT32, 0 },
14101 { "ipsecInFailed", KSTAT_DATA_INT32, 0 },
14102 { "memberEntrySize", KSTAT_DATA_INT32, 0 },
14103 { "inIPv6", KSTAT_DATA_UINT32, 0 },
14104 { "outIPv6", KSTAT_DATA_UINT32, 0 },
14105 { "outSwitchIPv6", KSTAT_DATA_UINT32, 0 },
14106 };
14107
14108 ksp = kstat_create_netstack("ip", 0, "ip", "mib2", KSTAT_TYPE_NAMED,
14109 NUM_OF_FIELDS(ip_named_kstat_t), 0, stackid);
14110 if (ksp == NULL || ksp->ks_data == NULL)
14111 return (NULL);
14112
14113 template.forwarding.value.ui32 = WE_ARE_FORWARDING(ipst) ? 1:2;
14114 template.defaultTTL.value.ui32 = (uint32_t)ipst->ips_ip_def_ttl;
14115 template.reasmTimeout.value.ui32 = ipst->ips_ip_reassembly_timeout;
14116 template.addrEntrySize.value.i32 = sizeof (mib2_ipAddrEntry_t);
14117 template.routeEntrySize.value.i32 = sizeof (mib2_ipRouteEntry_t);
14118
14119 template.netToMediaEntrySize.value.i32 =
14120 sizeof (mib2_ipNetToMediaEntry_t);
14121
14122 template.memberEntrySize.value.i32 = sizeof (ipv6_member_t);
14123
14124 bcopy(&template, ksp->ks_data, sizeof (template));
14125 ksp->ks_update = ip_kstat_update;
14126 ksp->ks_private = (void *)(uintptr_t)stackid;
14127
14128 kstat_install(ksp);
14129 return (ksp);
14130 }
14131
14132 static void
ip_kstat_fini(netstackid_t stackid,kstat_t * ksp)14133 ip_kstat_fini(netstackid_t stackid, kstat_t *ksp)
14134 {
14135 if (ksp != NULL) {
14136 ASSERT(stackid == (netstackid_t)(uintptr_t)ksp->ks_private);
14137 kstat_delete_netstack(ksp, stackid);
14138 }
14139 }
14140
14141 static int
ip_kstat_update(kstat_t * kp,int rw)14142 ip_kstat_update(kstat_t *kp, int rw)
14143 {
14144 ip_named_kstat_t *ipkp;
14145 mib2_ipIfStatsEntry_t ipmib;
14146 ill_walk_context_t ctx;
14147 ill_t *ill;
14148 netstackid_t stackid = (zoneid_t)(uintptr_t)kp->ks_private;
14149 netstack_t *ns;
14150 ip_stack_t *ipst;
14151
14152 if (kp->ks_data == NULL)
14153 return (EIO);
14154
14155 if (rw == KSTAT_WRITE)
14156 return (EACCES);
14157
14158 ns = netstack_find_by_stackid(stackid);
14159 if (ns == NULL)
14160 return (-1);
14161 ipst = ns->netstack_ip;
14162 if (ipst == NULL) {
14163 netstack_rele(ns);
14164 return (-1);
14165 }
14166 ipkp = (ip_named_kstat_t *)kp->ks_data;
14167
14168 bcopy(&ipst->ips_ip_mib, &ipmib, sizeof (ipmib));
14169 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
14170 ill = ILL_START_WALK_V4(&ctx, ipst);
14171 for (; ill != NULL; ill = ill_next(&ctx, ill))
14172 ip_mib2_add_ip_stats(&ipmib, ill->ill_ip_mib);
14173 rw_exit(&ipst->ips_ill_g_lock);
14174
14175 ipkp->forwarding.value.ui32 = ipmib.ipIfStatsForwarding;
14176 ipkp->defaultTTL.value.ui32 = ipmib.ipIfStatsDefaultTTL;
14177 ipkp->inReceives.value.ui64 = ipmib.ipIfStatsHCInReceives;
14178 ipkp->inHdrErrors.value.ui32 = ipmib.ipIfStatsInHdrErrors;
14179 ipkp->inAddrErrors.value.ui32 = ipmib.ipIfStatsInAddrErrors;
14180 ipkp->forwDatagrams.value.ui64 = ipmib.ipIfStatsHCOutForwDatagrams;
14181 ipkp->inUnknownProtos.value.ui32 = ipmib.ipIfStatsInUnknownProtos;
14182 ipkp->inDiscards.value.ui32 = ipmib.ipIfStatsInDiscards;
14183 ipkp->inDelivers.value.ui64 = ipmib.ipIfStatsHCInDelivers;
14184 ipkp->outRequests.value.ui64 = ipmib.ipIfStatsHCOutRequests;
14185 ipkp->outDiscards.value.ui32 = ipmib.ipIfStatsOutDiscards;
14186 ipkp->outNoRoutes.value.ui32 = ipmib.ipIfStatsOutNoRoutes;
14187 ipkp->reasmTimeout.value.ui32 = ipst->ips_ip_reassembly_timeout;
14188 ipkp->reasmReqds.value.ui32 = ipmib.ipIfStatsReasmReqds;
14189 ipkp->reasmOKs.value.ui32 = ipmib.ipIfStatsReasmOKs;
14190 ipkp->reasmFails.value.ui32 = ipmib.ipIfStatsReasmFails;
14191 ipkp->fragOKs.value.ui32 = ipmib.ipIfStatsOutFragOKs;
14192 ipkp->fragFails.value.ui32 = ipmib.ipIfStatsOutFragFails;
14193 ipkp->fragCreates.value.ui32 = ipmib.ipIfStatsOutFragCreates;
14194
14195 ipkp->routingDiscards.value.ui32 = 0;
14196 ipkp->inErrs.value.ui32 = ipmib.tcpIfStatsInErrs;
14197 ipkp->noPorts.value.ui32 = ipmib.udpIfStatsNoPorts;
14198 ipkp->inCksumErrs.value.ui32 = ipmib.ipIfStatsInCksumErrs;
14199 ipkp->reasmDuplicates.value.ui32 = ipmib.ipIfStatsReasmDuplicates;
14200 ipkp->reasmPartDups.value.ui32 = ipmib.ipIfStatsReasmPartDups;
14201 ipkp->forwProhibits.value.ui32 = ipmib.ipIfStatsForwProhibits;
14202 ipkp->udpInCksumErrs.value.ui32 = ipmib.udpIfStatsInCksumErrs;
14203 ipkp->udpInOverflows.value.ui32 = ipmib.udpIfStatsInOverflows;
14204 ipkp->rawipInOverflows.value.ui32 = ipmib.rawipIfStatsInOverflows;
14205 ipkp->ipsecInSucceeded.value.ui32 = ipmib.ipsecIfStatsInSucceeded;
14206 ipkp->ipsecInFailed.value.i32 = ipmib.ipsecIfStatsInFailed;
14207
14208 ipkp->inIPv6.value.ui32 = ipmib.ipIfStatsInWrongIPVersion;
14209 ipkp->outIPv6.value.ui32 = ipmib.ipIfStatsOutWrongIPVersion;
14210 ipkp->outSwitchIPv6.value.ui32 = ipmib.ipIfStatsOutSwitchIPVersion;
14211
14212 netstack_rele(ns);
14213
14214 return (0);
14215 }
14216
14217 static void *
icmp_kstat_init(netstackid_t stackid)14218 icmp_kstat_init(netstackid_t stackid)
14219 {
14220 kstat_t *ksp;
14221
14222 icmp_named_kstat_t template = {
14223 { "inMsgs", KSTAT_DATA_UINT32 },
14224 { "inErrors", KSTAT_DATA_UINT32 },
14225 { "inDestUnreachs", KSTAT_DATA_UINT32 },
14226 { "inTimeExcds", KSTAT_DATA_UINT32 },
14227 { "inParmProbs", KSTAT_DATA_UINT32 },
14228 { "inSrcQuenchs", KSTAT_DATA_UINT32 },
14229 { "inRedirects", KSTAT_DATA_UINT32 },
14230 { "inEchos", KSTAT_DATA_UINT32 },
14231 { "inEchoReps", KSTAT_DATA_UINT32 },
14232 { "inTimestamps", KSTAT_DATA_UINT32 },
14233 { "inTimestampReps", KSTAT_DATA_UINT32 },
14234 { "inAddrMasks", KSTAT_DATA_UINT32 },
14235 { "inAddrMaskReps", KSTAT_DATA_UINT32 },
14236 { "outMsgs", KSTAT_DATA_UINT32 },
14237 { "outErrors", KSTAT_DATA_UINT32 },
14238 { "outDestUnreachs", KSTAT_DATA_UINT32 },
14239 { "outTimeExcds", KSTAT_DATA_UINT32 },
14240 { "outParmProbs", KSTAT_DATA_UINT32 },
14241 { "outSrcQuenchs", KSTAT_DATA_UINT32 },
14242 { "outRedirects", KSTAT_DATA_UINT32 },
14243 { "outEchos", KSTAT_DATA_UINT32 },
14244 { "outEchoReps", KSTAT_DATA_UINT32 },
14245 { "outTimestamps", KSTAT_DATA_UINT32 },
14246 { "outTimestampReps", KSTAT_DATA_UINT32 },
14247 { "outAddrMasks", KSTAT_DATA_UINT32 },
14248 { "outAddrMaskReps", KSTAT_DATA_UINT32 },
14249 { "inChksumErrs", KSTAT_DATA_UINT32 },
14250 { "inUnknowns", KSTAT_DATA_UINT32 },
14251 { "inFragNeeded", KSTAT_DATA_UINT32 },
14252 { "outFragNeeded", KSTAT_DATA_UINT32 },
14253 { "outDrops", KSTAT_DATA_UINT32 },
14254 { "inOverFlows", KSTAT_DATA_UINT32 },
14255 { "inBadRedirects", KSTAT_DATA_UINT32 },
14256 };
14257
14258 ksp = kstat_create_netstack("ip", 0, "icmp", "mib2", KSTAT_TYPE_NAMED,
14259 NUM_OF_FIELDS(icmp_named_kstat_t), 0, stackid);
14260 if (ksp == NULL || ksp->ks_data == NULL)
14261 return (NULL);
14262
14263 bcopy(&template, ksp->ks_data, sizeof (template));
14264
14265 ksp->ks_update = icmp_kstat_update;
14266 ksp->ks_private = (void *)(uintptr_t)stackid;
14267
14268 kstat_install(ksp);
14269 return (ksp);
14270 }
14271
14272 static void
icmp_kstat_fini(netstackid_t stackid,kstat_t * ksp)14273 icmp_kstat_fini(netstackid_t stackid, kstat_t *ksp)
14274 {
14275 if (ksp != NULL) {
14276 ASSERT(stackid == (netstackid_t)(uintptr_t)ksp->ks_private);
14277 kstat_delete_netstack(ksp, stackid);
14278 }
14279 }
14280
14281 static int
icmp_kstat_update(kstat_t * kp,int rw)14282 icmp_kstat_update(kstat_t *kp, int rw)
14283 {
14284 icmp_named_kstat_t *icmpkp;
14285 netstackid_t stackid = (zoneid_t)(uintptr_t)kp->ks_private;
14286 netstack_t *ns;
14287 ip_stack_t *ipst;
14288
14289 if (kp->ks_data == NULL)
14290 return (EIO);
14291
14292 if (rw == KSTAT_WRITE)
14293 return (EACCES);
14294
14295 ns = netstack_find_by_stackid(stackid);
14296 if (ns == NULL)
14297 return (-1);
14298 ipst = ns->netstack_ip;
14299 if (ipst == NULL) {
14300 netstack_rele(ns);
14301 return (-1);
14302 }
14303 icmpkp = (icmp_named_kstat_t *)kp->ks_data;
14304
14305 icmpkp->inMsgs.value.ui32 = ipst->ips_icmp_mib.icmpInMsgs;
14306 icmpkp->inErrors.value.ui32 = ipst->ips_icmp_mib.icmpInErrors;
14307 icmpkp->inDestUnreachs.value.ui32 =
14308 ipst->ips_icmp_mib.icmpInDestUnreachs;
14309 icmpkp->inTimeExcds.value.ui32 = ipst->ips_icmp_mib.icmpInTimeExcds;
14310 icmpkp->inParmProbs.value.ui32 = ipst->ips_icmp_mib.icmpInParmProbs;
14311 icmpkp->inSrcQuenchs.value.ui32 = ipst->ips_icmp_mib.icmpInSrcQuenchs;
14312 icmpkp->inRedirects.value.ui32 = ipst->ips_icmp_mib.icmpInRedirects;
14313 icmpkp->inEchos.value.ui32 = ipst->ips_icmp_mib.icmpInEchos;
14314 icmpkp->inEchoReps.value.ui32 = ipst->ips_icmp_mib.icmpInEchoReps;
14315 icmpkp->inTimestamps.value.ui32 = ipst->ips_icmp_mib.icmpInTimestamps;
14316 icmpkp->inTimestampReps.value.ui32 =
14317 ipst->ips_icmp_mib.icmpInTimestampReps;
14318 icmpkp->inAddrMasks.value.ui32 = ipst->ips_icmp_mib.icmpInAddrMasks;
14319 icmpkp->inAddrMaskReps.value.ui32 =
14320 ipst->ips_icmp_mib.icmpInAddrMaskReps;
14321 icmpkp->outMsgs.value.ui32 = ipst->ips_icmp_mib.icmpOutMsgs;
14322 icmpkp->outErrors.value.ui32 = ipst->ips_icmp_mib.icmpOutErrors;
14323 icmpkp->outDestUnreachs.value.ui32 =
14324 ipst->ips_icmp_mib.icmpOutDestUnreachs;
14325 icmpkp->outTimeExcds.value.ui32 = ipst->ips_icmp_mib.icmpOutTimeExcds;
14326 icmpkp->outParmProbs.value.ui32 = ipst->ips_icmp_mib.icmpOutParmProbs;
14327 icmpkp->outSrcQuenchs.value.ui32 =
14328 ipst->ips_icmp_mib.icmpOutSrcQuenchs;
14329 icmpkp->outRedirects.value.ui32 = ipst->ips_icmp_mib.icmpOutRedirects;
14330 icmpkp->outEchos.value.ui32 = ipst->ips_icmp_mib.icmpOutEchos;
14331 icmpkp->outEchoReps.value.ui32 = ipst->ips_icmp_mib.icmpOutEchoReps;
14332 icmpkp->outTimestamps.value.ui32 =
14333 ipst->ips_icmp_mib.icmpOutTimestamps;
14334 icmpkp->outTimestampReps.value.ui32 =
14335 ipst->ips_icmp_mib.icmpOutTimestampReps;
14336 icmpkp->outAddrMasks.value.ui32 =
14337 ipst->ips_icmp_mib.icmpOutAddrMasks;
14338 icmpkp->outAddrMaskReps.value.ui32 =
14339 ipst->ips_icmp_mib.icmpOutAddrMaskReps;
14340 icmpkp->inCksumErrs.value.ui32 = ipst->ips_icmp_mib.icmpInCksumErrs;
14341 icmpkp->inUnknowns.value.ui32 = ipst->ips_icmp_mib.icmpInUnknowns;
14342 icmpkp->inFragNeeded.value.ui32 = ipst->ips_icmp_mib.icmpInFragNeeded;
14343 icmpkp->outFragNeeded.value.ui32 =
14344 ipst->ips_icmp_mib.icmpOutFragNeeded;
14345 icmpkp->outDrops.value.ui32 = ipst->ips_icmp_mib.icmpOutDrops;
14346 icmpkp->inOverflows.value.ui32 = ipst->ips_icmp_mib.icmpInOverflows;
14347 icmpkp->inBadRedirects.value.ui32 =
14348 ipst->ips_icmp_mib.icmpInBadRedirects;
14349
14350 netstack_rele(ns);
14351 return (0);
14352 }
14353
14354 /*
14355 * This is the fanout function for raw socket opened for SCTP. Note
14356 * that it is called after SCTP checks that there is no socket which
14357 * wants a packet. Then before SCTP handles this out of the blue packet,
14358 * this function is called to see if there is any raw socket for SCTP.
14359 * If there is and it is bound to the correct address, the packet will
14360 * be sent to that socket. Note that only one raw socket can be bound to
14361 * a port. This is assured in ipcl_sctp_hash_insert();
14362 */
14363 void
ip_fanout_sctp_raw(mblk_t * mp,ipha_t * ipha,ip6_t * ip6h,uint32_t ports,ip_recv_attr_t * ira)14364 ip_fanout_sctp_raw(mblk_t *mp, ipha_t *ipha, ip6_t *ip6h, uint32_t ports,
14365 ip_recv_attr_t *ira)
14366 {
14367 conn_t *connp;
14368 queue_t *rq;
14369 boolean_t secure;
14370 ill_t *ill = ira->ira_ill;
14371 ip_stack_t *ipst = ill->ill_ipst;
14372 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec;
14373 sctp_stack_t *sctps = ipst->ips_netstack->netstack_sctp;
14374 iaflags_t iraflags = ira->ira_flags;
14375 ill_t *rill = ira->ira_rill;
14376
14377 secure = iraflags & IRAF_IPSEC_SECURE;
14378
14379 connp = ipcl_classify_raw(mp, IPPROTO_SCTP, ports, ipha, ip6h,
14380 ira, ipst);
14381 if (connp == NULL) {
14382 /*
14383 * Although raw sctp is not summed, OOB chunks must be.
14384 * Drop the packet here if the sctp checksum failed.
14385 */
14386 if (iraflags & IRAF_SCTP_CSUM_ERR) {
14387 SCTPS_BUMP_MIB(sctps, sctpChecksumError);
14388 freemsg(mp);
14389 return;
14390 }
14391 ira->ira_ill = ira->ira_rill = NULL;
14392 sctp_ootb_input(mp, ira, ipst);
14393 ira->ira_ill = ill;
14394 ira->ira_rill = rill;
14395 return;
14396 }
14397
14398 if (connp->conn_min_ttl != 0 && connp->conn_min_ttl > ira->ira_ttl) {
14399 CONN_DEC_REF(connp);
14400 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
14401 ip_drop_input("ipIfStatsInDiscards", mp, ill);
14402 freemsg(mp);
14403 return;
14404 }
14405
14406 rq = connp->conn_rq;
14407 if (IPCL_IS_NONSTR(connp) ? connp->conn_flow_cntrld : !canputnext(rq)) {
14408 CONN_DEC_REF(connp);
14409 BUMP_MIB(ill->ill_ip_mib, rawipIfStatsInOverflows);
14410 freemsg(mp);
14411 return;
14412 }
14413 if (((iraflags & IRAF_IS_IPV4) ?
14414 CONN_INBOUND_POLICY_PRESENT(connp, ipss) :
14415 CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss)) ||
14416 secure) {
14417 mp = ipsec_check_inbound_policy(mp, connp, ipha,
14418 ip6h, ira);
14419 if (mp == NULL) {
14420 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
14421 /* Note that mp is NULL */
14422 ip_drop_input("ipIfStatsInDiscards", mp, ill);
14423 CONN_DEC_REF(connp);
14424 return;
14425 }
14426 }
14427
14428 if (iraflags & IRAF_ICMP_ERROR) {
14429 (connp->conn_recvicmp)(connp, mp, NULL, ira);
14430 } else {
14431 ill_t *rill = ira->ira_rill;
14432
14433 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers);
14434 /* This is the SOCK_RAW, IPPROTO_SCTP case. */
14435 ira->ira_ill = ira->ira_rill = NULL;
14436 (connp->conn_recv)(connp, mp, NULL, ira);
14437 ira->ira_ill = ill;
14438 ira->ira_rill = rill;
14439 }
14440 CONN_DEC_REF(connp);
14441 }
14442
14443 /*
14444 * Free a packet that has the link-layer dl_unitdata_req_t or fast-path
14445 * header before the ip payload.
14446 */
14447 static void
ip_xmit_flowctl_drop(ill_t * ill,mblk_t * mp,boolean_t is_fp_mp,int fp_mp_len)14448 ip_xmit_flowctl_drop(ill_t *ill, mblk_t *mp, boolean_t is_fp_mp, int fp_mp_len)
14449 {
14450 int len = (mp->b_wptr - mp->b_rptr);
14451 mblk_t *ip_mp;
14452
14453 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
14454 if (is_fp_mp || len != fp_mp_len) {
14455 if (len > fp_mp_len) {
14456 /*
14457 * fastpath header and ip header in the first mblk
14458 */
14459 mp->b_rptr += fp_mp_len;
14460 } else {
14461 /*
14462 * ip_xmit_attach_llhdr had to prepend an mblk to
14463 * attach the fastpath header before ip header.
14464 */
14465 ip_mp = mp->b_cont;
14466 freeb(mp);
14467 mp = ip_mp;
14468 mp->b_rptr += (fp_mp_len - len);
14469 }
14470 } else {
14471 ip_mp = mp->b_cont;
14472 freeb(mp);
14473 mp = ip_mp;
14474 }
14475 ip_drop_output("ipIfStatsOutDiscards - flow ctl", mp, ill);
14476 freemsg(mp);
14477 }
14478
14479 /*
14480 * Normal post fragmentation function.
14481 *
14482 * Send a packet using the passed in nce. This handles both IPv4 and IPv6
14483 * using the same state machine.
14484 *
14485 * We return an error on failure. In particular we return EWOULDBLOCK
14486 * when the driver flow controls. In that case this ensures that ip_wsrv runs
14487 * (currently by canputnext failure resulting in backenabling from GLD.)
14488 * This allows the callers of conn_ip_output() to use EWOULDBLOCK as an
14489 * indication that they can flow control until ip_wsrv() tells then to restart.
14490 *
14491 * If the nce passed by caller is incomplete, this function
14492 * queues the packet and if necessary, sends ARP request and bails.
14493 * If the Neighbor Cache passed is fully resolved, we simply prepend
14494 * the link-layer header to the packet, do ipsec hw acceleration
14495 * work if necessary, and send the packet out on the wire.
14496 */
14497 /* ARGSUSED6 */
14498 int
ip_xmit(mblk_t * mp,nce_t * nce,iaflags_t ixaflags,uint_t pkt_len,uint32_t xmit_hint,zoneid_t szone,zoneid_t nolzid,uintptr_t * ixacookie)14499 ip_xmit(mblk_t *mp, nce_t *nce, iaflags_t ixaflags, uint_t pkt_len,
14500 uint32_t xmit_hint, zoneid_t szone, zoneid_t nolzid, uintptr_t *ixacookie)
14501 {
14502 queue_t *wq;
14503 ill_t *ill = nce->nce_ill;
14504 ip_stack_t *ipst = ill->ill_ipst;
14505 uint64_t delta;
14506 boolean_t isv6 = ill->ill_isv6;
14507 boolean_t fp_mp;
14508 ncec_t *ncec = nce->nce_common;
14509 int64_t now = LBOLT_FASTPATH64;
14510 boolean_t is_probe;
14511
14512 DTRACE_PROBE1(ip__xmit, nce_t *, nce);
14513
14514 ASSERT(mp != NULL);
14515 ASSERT(mp->b_datap->db_type == M_DATA);
14516 ASSERT3U(pkt_len, ==, msgdsize(mp));
14517
14518 /*
14519 * If we have already been here and are coming back after ARP/ND.
14520 * the IXAF_NO_TRACE flag is set. We skip FW_HOOKS, DTRACE and ipobs
14521 * in that case since they have seen the packet when it came here
14522 * the first time.
14523 */
14524 if (ixaflags & IXAF_NO_TRACE)
14525 goto sendit;
14526
14527 if (ixaflags & IXAF_IS_IPV4) {
14528 ipha_t *ipha = (ipha_t *)mp->b_rptr;
14529
14530 ASSERT(!isv6);
14531 ASSERT3U(pkt_len, ==,
14532 ntohs(((ipha_t *)mp->b_rptr)->ipha_length));
14533 if (HOOKS4_INTERESTED_PHYSICAL_OUT(ipst) &&
14534 !(ixaflags & IXAF_NO_PFHOOK)) {
14535 int error;
14536
14537 FW_HOOKS(ipst->ips_ip4_physical_out_event,
14538 ipst->ips_ipv4firewall_physical_out,
14539 NULL, ill, ipha, mp, mp, 0, ipst, error);
14540 DTRACE_PROBE1(ip4__physical__out__end,
14541 mblk_t *, mp);
14542 if (mp == NULL)
14543 return (error);
14544
14545 /* The length could have changed */
14546 pkt_len = msgdsize(mp);
14547 }
14548 if (ipst->ips_ip4_observe.he_interested) {
14549 /*
14550 * Note that for TX the zoneid is the sending
14551 * zone, whether or not MLP is in play.
14552 * Since the szone argument is the IP zoneid (i.e.,
14553 * zero for exclusive-IP zones) and ipobs wants
14554 * the system zoneid, we map it here.
14555 */
14556 szone = IP_REAL_ZONEID(szone, ipst);
14557
14558 /*
14559 * On the outbound path the destination zone will be
14560 * unknown as we're sending this packet out on the
14561 * wire.
14562 */
14563 ipobs_hook(mp, IPOBS_HOOK_OUTBOUND, szone, ALL_ZONES,
14564 ill, ipst);
14565 }
14566 DTRACE_IP7(send, mblk_t *, mp, conn_t *, NULL,
14567 void_ip_t *, ipha, __dtrace_ipsr_ill_t *, ill,
14568 ipha_t *, ipha, ip6_t *, NULL, int, 0);
14569 } else {
14570 ip6_t *ip6h = (ip6_t *)mp->b_rptr;
14571
14572 ASSERT(isv6);
14573 ASSERT(pkt_len ==
14574 ntohs(((ip6_t *)mp->b_rptr)->ip6_plen) + IPV6_HDR_LEN);
14575 if (HOOKS6_INTERESTED_PHYSICAL_OUT(ipst) &&
14576 !(ixaflags & IXAF_NO_PFHOOK)) {
14577 int error;
14578
14579 FW_HOOKS6(ipst->ips_ip6_physical_out_event,
14580 ipst->ips_ipv6firewall_physical_out,
14581 NULL, ill, ip6h, mp, mp, 0, ipst, error);
14582 DTRACE_PROBE1(ip6__physical__out__end,
14583 mblk_t *, mp);
14584 if (mp == NULL)
14585 return (error);
14586
14587 /* The length could have changed */
14588 pkt_len = msgdsize(mp);
14589 }
14590 if (ipst->ips_ip6_observe.he_interested) {
14591 /* See above */
14592 szone = IP_REAL_ZONEID(szone, ipst);
14593
14594 ipobs_hook(mp, IPOBS_HOOK_OUTBOUND, szone, ALL_ZONES,
14595 ill, ipst);
14596 }
14597 DTRACE_IP7(send, mblk_t *, mp, conn_t *, NULL,
14598 void_ip_t *, ip6h, __dtrace_ipsr_ill_t *, ill,
14599 ipha_t *, NULL, ip6_t *, ip6h, int, 0);
14600 }
14601
14602 sendit:
14603 /*
14604 * We check the state without a lock because the state can never
14605 * move "backwards" to initial or incomplete.
14606 */
14607 switch (ncec->ncec_state) {
14608 case ND_REACHABLE:
14609 case ND_STALE:
14610 case ND_DELAY:
14611 case ND_PROBE:
14612 mp = ip_xmit_attach_llhdr(mp, nce);
14613 if (mp == NULL) {
14614 /*
14615 * ip_xmit_attach_llhdr has increased
14616 * ipIfStatsOutDiscards and called ip_drop_output()
14617 */
14618 return (ENOBUFS);
14619 }
14620 /*
14621 * check if nce_fastpath completed and we tagged on a
14622 * copy of nce_fp_mp in ip_xmit_attach_llhdr().
14623 */
14624 fp_mp = (mp->b_datap->db_type == M_DATA);
14625
14626 if (fp_mp &&
14627 (ill->ill_capabilities & ILL_CAPAB_DLD_DIRECT)) {
14628 ill_dld_direct_t *idd;
14629
14630 idd = &ill->ill_dld_capab->idc_direct;
14631 /*
14632 * Send the packet directly to DLD, where it
14633 * may be queued depending on the availability
14634 * of transmit resources at the media layer.
14635 * Return value should be taken into
14636 * account and flow control the TCP.
14637 */
14638 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutTransmits);
14639 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCOutOctets,
14640 pkt_len);
14641
14642 if (ixaflags & IXAF_NO_DEV_FLOW_CTL) {
14643 (void) idd->idd_tx_df(idd->idd_tx_dh, mp,
14644 (uintptr_t)xmit_hint, IP_DROP_ON_NO_DESC);
14645 } else {
14646 uintptr_t cookie;
14647
14648 if ((cookie = idd->idd_tx_df(idd->idd_tx_dh,
14649 mp, (uintptr_t)xmit_hint, 0)) != 0) {
14650 if (ixacookie != NULL)
14651 *ixacookie = cookie;
14652 return (EWOULDBLOCK);
14653 }
14654 }
14655 } else {
14656 wq = ill->ill_wq;
14657
14658 if (!(ixaflags & IXAF_NO_DEV_FLOW_CTL) &&
14659 !canputnext(wq)) {
14660 if (ixacookie != NULL)
14661 *ixacookie = 0;
14662 ip_xmit_flowctl_drop(ill, mp, fp_mp,
14663 nce->nce_fp_mp != NULL ?
14664 MBLKL(nce->nce_fp_mp) : 0);
14665 return (EWOULDBLOCK);
14666 }
14667 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutTransmits);
14668 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCOutOctets,
14669 pkt_len);
14670 putnext(wq, mp);
14671 }
14672
14673 /*
14674 * The rest of this function implements Neighbor Unreachability
14675 * detection. Determine if the ncec is eligible for NUD.
14676 */
14677 if (ncec->ncec_flags & NCE_F_NONUD)
14678 return (0);
14679
14680 ASSERT(ncec->ncec_state != ND_INCOMPLETE);
14681
14682 /*
14683 * Check for upper layer advice
14684 */
14685 if (ixaflags & IXAF_REACH_CONF) {
14686 timeout_id_t tid;
14687
14688 /*
14689 * It should be o.k. to check the state without
14690 * a lock here, at most we lose an advice.
14691 */
14692 ncec->ncec_last = TICK_TO_MSEC(now);
14693 if (ncec->ncec_state != ND_REACHABLE) {
14694 mutex_enter(&ncec->ncec_lock);
14695 ncec->ncec_state = ND_REACHABLE;
14696 tid = ncec->ncec_timeout_id;
14697 ncec->ncec_timeout_id = 0;
14698 mutex_exit(&ncec->ncec_lock);
14699 (void) untimeout(tid);
14700 if (ip_debug > 2) {
14701 /* ip1dbg */
14702 pr_addr_dbg("ip_xmit: state"
14703 " for %s changed to"
14704 " REACHABLE\n", AF_INET6,
14705 &ncec->ncec_addr);
14706 }
14707 }
14708 return (0);
14709 }
14710
14711 delta = TICK_TO_MSEC(now) - ncec->ncec_last;
14712 ip1dbg(("ip_xmit: delta = %" PRId64
14713 " ill_reachable_time = %d \n", delta,
14714 ill->ill_reachable_time));
14715 if (delta > (uint64_t)ill->ill_reachable_time) {
14716 mutex_enter(&ncec->ncec_lock);
14717 switch (ncec->ncec_state) {
14718 case ND_REACHABLE:
14719 ASSERT((ncec->ncec_flags & NCE_F_NONUD) == 0);
14720 /* FALLTHROUGH */
14721 case ND_STALE:
14722 /*
14723 * ND_REACHABLE is identical to
14724 * ND_STALE in this specific case. If
14725 * reachable time has expired for this
14726 * neighbor (delta is greater than
14727 * reachable time), conceptually, the
14728 * neighbor cache is no longer in
14729 * REACHABLE state, but already in
14730 * STALE state. So the correct
14731 * transition here is to ND_DELAY.
14732 */
14733 ncec->ncec_state = ND_DELAY;
14734 mutex_exit(&ncec->ncec_lock);
14735 nce_restart_timer(ncec,
14736 ipst->ips_delay_first_probe_time);
14737 if (ip_debug > 3) {
14738 /* ip2dbg */
14739 pr_addr_dbg("ip_xmit: state"
14740 " for %s changed to"
14741 " DELAY\n", AF_INET6,
14742 &ncec->ncec_addr);
14743 }
14744 break;
14745 case ND_DELAY:
14746 case ND_PROBE:
14747 mutex_exit(&ncec->ncec_lock);
14748 /* Timers have already started */
14749 break;
14750 case ND_UNREACHABLE:
14751 /*
14752 * nce_timer has detected that this ncec
14753 * is unreachable and initiated deleting
14754 * this ncec.
14755 * This is a harmless race where we found the
14756 * ncec before it was deleted and have
14757 * just sent out a packet using this
14758 * unreachable ncec.
14759 */
14760 mutex_exit(&ncec->ncec_lock);
14761 break;
14762 default:
14763 ASSERT(0);
14764 mutex_exit(&ncec->ncec_lock);
14765 }
14766 }
14767 return (0);
14768
14769 case ND_INCOMPLETE:
14770 /*
14771 * the state could have changed since we didn't hold the lock.
14772 * Re-verify state under lock.
14773 */
14774 is_probe = ipmp_packet_is_probe(mp, nce->nce_ill);
14775 mutex_enter(&ncec->ncec_lock);
14776 if (NCE_ISREACHABLE(ncec)) {
14777 mutex_exit(&ncec->ncec_lock);
14778 goto sendit;
14779 }
14780 /* queue the packet */
14781 nce_queue_mp(ncec, mp, is_probe);
14782 mutex_exit(&ncec->ncec_lock);
14783 DTRACE_PROBE2(ip__xmit__incomplete,
14784 (ncec_t *), ncec, (mblk_t *), mp);
14785 return (0);
14786
14787 case ND_INITIAL:
14788 /*
14789 * State could have changed since we didn't hold the lock, so
14790 * re-verify state.
14791 */
14792 is_probe = ipmp_packet_is_probe(mp, nce->nce_ill);
14793 mutex_enter(&ncec->ncec_lock);
14794 if (NCE_ISREACHABLE(ncec)) {
14795 mutex_exit(&ncec->ncec_lock);
14796 goto sendit;
14797 }
14798 nce_queue_mp(ncec, mp, is_probe);
14799 if (ncec->ncec_state == ND_INITIAL) {
14800 ncec->ncec_state = ND_INCOMPLETE;
14801 mutex_exit(&ncec->ncec_lock);
14802 /*
14803 * figure out the source we want to use
14804 * and resolve it.
14805 */
14806 ip_ndp_resolve(ncec);
14807 } else {
14808 mutex_exit(&ncec->ncec_lock);
14809 }
14810 return (0);
14811
14812 case ND_UNREACHABLE:
14813 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
14814 ip_drop_output("ipIfStatsOutDiscards - ND_UNREACHABLE",
14815 mp, ill);
14816 freemsg(mp);
14817 return (0);
14818
14819 default:
14820 ASSERT(0);
14821 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
14822 ip_drop_output("ipIfStatsOutDiscards - ND_other",
14823 mp, ill);
14824 freemsg(mp);
14825 return (ENETUNREACH);
14826 }
14827 }
14828
14829 /*
14830 * Return B_TRUE if the buffers differ in length or content.
14831 * This is used for comparing extension header buffers.
14832 * Note that an extension header would be declared different
14833 * even if all that changed was the next header value in that header i.e.
14834 * what really changed is the next extension header.
14835 */
14836 boolean_t
ip_cmpbuf(const void * abuf,uint_t alen,boolean_t b_valid,const void * bbuf,uint_t blen)14837 ip_cmpbuf(const void *abuf, uint_t alen, boolean_t b_valid, const void *bbuf,
14838 uint_t blen)
14839 {
14840 if (!b_valid)
14841 blen = 0;
14842
14843 if (alen != blen)
14844 return (B_TRUE);
14845 if (alen == 0)
14846 return (B_FALSE); /* Both zero length */
14847 return (bcmp(abuf, bbuf, alen));
14848 }
14849
14850 /*
14851 * Preallocate memory for ip_savebuf(). Returns B_TRUE if ok.
14852 * Return B_FALSE if memory allocation fails - don't change any state!
14853 */
14854 boolean_t
ip_allocbuf(void ** dstp,uint_t * dstlenp,boolean_t src_valid,const void * src,uint_t srclen)14855 ip_allocbuf(void **dstp, uint_t *dstlenp, boolean_t src_valid,
14856 const void *src, uint_t srclen)
14857 {
14858 void *dst;
14859
14860 if (!src_valid)
14861 srclen = 0;
14862
14863 ASSERT(*dstlenp == 0);
14864 if (src != NULL && srclen != 0) {
14865 dst = mi_alloc(srclen, BPRI_MED);
14866 if (dst == NULL)
14867 return (B_FALSE);
14868 } else {
14869 dst = NULL;
14870 }
14871 if (*dstp != NULL)
14872 mi_free(*dstp);
14873 *dstp = dst;
14874 *dstlenp = dst == NULL ? 0 : srclen;
14875 return (B_TRUE);
14876 }
14877
14878 /*
14879 * Replace what is in *dst, *dstlen with the source.
14880 * Assumes ip_allocbuf has already been called.
14881 */
14882 void
ip_savebuf(void ** dstp,uint_t * dstlenp,boolean_t src_valid,const void * src,uint_t srclen)14883 ip_savebuf(void **dstp, uint_t *dstlenp, boolean_t src_valid,
14884 const void *src, uint_t srclen)
14885 {
14886 if (!src_valid)
14887 srclen = 0;
14888
14889 ASSERT(*dstlenp == srclen);
14890 if (src != NULL && srclen != 0)
14891 bcopy(src, *dstp, srclen);
14892 }
14893
14894 /*
14895 * Free the storage pointed to by the members of an ip_pkt_t.
14896 */
14897 void
ip_pkt_free(ip_pkt_t * ipp)14898 ip_pkt_free(ip_pkt_t *ipp)
14899 {
14900 uint_t fields = ipp->ipp_fields;
14901
14902 if (fields & IPPF_HOPOPTS) {
14903 kmem_free(ipp->ipp_hopopts, ipp->ipp_hopoptslen);
14904 ipp->ipp_hopopts = NULL;
14905 ipp->ipp_hopoptslen = 0;
14906 }
14907 if (fields & IPPF_RTHDRDSTOPTS) {
14908 kmem_free(ipp->ipp_rthdrdstopts, ipp->ipp_rthdrdstoptslen);
14909 ipp->ipp_rthdrdstopts = NULL;
14910 ipp->ipp_rthdrdstoptslen = 0;
14911 }
14912 if (fields & IPPF_DSTOPTS) {
14913 kmem_free(ipp->ipp_dstopts, ipp->ipp_dstoptslen);
14914 ipp->ipp_dstopts = NULL;
14915 ipp->ipp_dstoptslen = 0;
14916 }
14917 if (fields & IPPF_RTHDR) {
14918 kmem_free(ipp->ipp_rthdr, ipp->ipp_rthdrlen);
14919 ipp->ipp_rthdr = NULL;
14920 ipp->ipp_rthdrlen = 0;
14921 }
14922 if (fields & IPPF_IPV4_OPTIONS) {
14923 kmem_free(ipp->ipp_ipv4_options, ipp->ipp_ipv4_options_len);
14924 ipp->ipp_ipv4_options = NULL;
14925 ipp->ipp_ipv4_options_len = 0;
14926 }
14927 if (fields & IPPF_LABEL_V4) {
14928 kmem_free(ipp->ipp_label_v4, ipp->ipp_label_len_v4);
14929 ipp->ipp_label_v4 = NULL;
14930 ipp->ipp_label_len_v4 = 0;
14931 }
14932 if (fields & IPPF_LABEL_V6) {
14933 kmem_free(ipp->ipp_label_v6, ipp->ipp_label_len_v6);
14934 ipp->ipp_label_v6 = NULL;
14935 ipp->ipp_label_len_v6 = 0;
14936 }
14937 ipp->ipp_fields &= ~(IPPF_HOPOPTS | IPPF_RTHDRDSTOPTS | IPPF_DSTOPTS |
14938 IPPF_RTHDR | IPPF_IPV4_OPTIONS | IPPF_LABEL_V4 | IPPF_LABEL_V6);
14939 }
14940
14941 /*
14942 * Copy from src to dst and allocate as needed.
14943 * Returns zero or ENOMEM.
14944 *
14945 * The caller must initialize dst to zero.
14946 */
14947 int
ip_pkt_copy(ip_pkt_t * src,ip_pkt_t * dst,int kmflag)14948 ip_pkt_copy(ip_pkt_t *src, ip_pkt_t *dst, int kmflag)
14949 {
14950 uint_t fields = src->ipp_fields;
14951
14952 /* Start with fields that don't require memory allocation */
14953 dst->ipp_fields = fields &
14954 ~(IPPF_HOPOPTS | IPPF_RTHDRDSTOPTS | IPPF_DSTOPTS |
14955 IPPF_RTHDR | IPPF_IPV4_OPTIONS | IPPF_LABEL_V4 | IPPF_LABEL_V6);
14956
14957 dst->ipp_addr = src->ipp_addr;
14958 dst->ipp_unicast_hops = src->ipp_unicast_hops;
14959 dst->ipp_hoplimit = src->ipp_hoplimit;
14960 dst->ipp_tclass = src->ipp_tclass;
14961 dst->ipp_type_of_service = src->ipp_type_of_service;
14962
14963 if (!(fields & (IPPF_HOPOPTS | IPPF_RTHDRDSTOPTS | IPPF_DSTOPTS |
14964 IPPF_RTHDR | IPPF_IPV4_OPTIONS | IPPF_LABEL_V4 | IPPF_LABEL_V6)))
14965 return (0);
14966
14967 if (fields & IPPF_HOPOPTS) {
14968 dst->ipp_hopopts = kmem_alloc(src->ipp_hopoptslen, kmflag);
14969 if (dst->ipp_hopopts == NULL) {
14970 ip_pkt_free(dst);
14971 return (ENOMEM);
14972 }
14973 dst->ipp_fields |= IPPF_HOPOPTS;
14974 bcopy(src->ipp_hopopts, dst->ipp_hopopts,
14975 src->ipp_hopoptslen);
14976 dst->ipp_hopoptslen = src->ipp_hopoptslen;
14977 }
14978 if (fields & IPPF_RTHDRDSTOPTS) {
14979 dst->ipp_rthdrdstopts = kmem_alloc(src->ipp_rthdrdstoptslen,
14980 kmflag);
14981 if (dst->ipp_rthdrdstopts == NULL) {
14982 ip_pkt_free(dst);
14983 return (ENOMEM);
14984 }
14985 dst->ipp_fields |= IPPF_RTHDRDSTOPTS;
14986 bcopy(src->ipp_rthdrdstopts, dst->ipp_rthdrdstopts,
14987 src->ipp_rthdrdstoptslen);
14988 dst->ipp_rthdrdstoptslen = src->ipp_rthdrdstoptslen;
14989 }
14990 if (fields & IPPF_DSTOPTS) {
14991 dst->ipp_dstopts = kmem_alloc(src->ipp_dstoptslen, kmflag);
14992 if (dst->ipp_dstopts == NULL) {
14993 ip_pkt_free(dst);
14994 return (ENOMEM);
14995 }
14996 dst->ipp_fields |= IPPF_DSTOPTS;
14997 bcopy(src->ipp_dstopts, dst->ipp_dstopts,
14998 src->ipp_dstoptslen);
14999 dst->ipp_dstoptslen = src->ipp_dstoptslen;
15000 }
15001 if (fields & IPPF_RTHDR) {
15002 dst->ipp_rthdr = kmem_alloc(src->ipp_rthdrlen, kmflag);
15003 if (dst->ipp_rthdr == NULL) {
15004 ip_pkt_free(dst);
15005 return (ENOMEM);
15006 }
15007 dst->ipp_fields |= IPPF_RTHDR;
15008 bcopy(src->ipp_rthdr, dst->ipp_rthdr,
15009 src->ipp_rthdrlen);
15010 dst->ipp_rthdrlen = src->ipp_rthdrlen;
15011 }
15012 if (fields & IPPF_IPV4_OPTIONS) {
15013 dst->ipp_ipv4_options = kmem_alloc(src->ipp_ipv4_options_len,
15014 kmflag);
15015 if (dst->ipp_ipv4_options == NULL) {
15016 ip_pkt_free(dst);
15017 return (ENOMEM);
15018 }
15019 dst->ipp_fields |= IPPF_IPV4_OPTIONS;
15020 bcopy(src->ipp_ipv4_options, dst->ipp_ipv4_options,
15021 src->ipp_ipv4_options_len);
15022 dst->ipp_ipv4_options_len = src->ipp_ipv4_options_len;
15023 }
15024 if (fields & IPPF_LABEL_V4) {
15025 dst->ipp_label_v4 = kmem_alloc(src->ipp_label_len_v4, kmflag);
15026 if (dst->ipp_label_v4 == NULL) {
15027 ip_pkt_free(dst);
15028 return (ENOMEM);
15029 }
15030 dst->ipp_fields |= IPPF_LABEL_V4;
15031 bcopy(src->ipp_label_v4, dst->ipp_label_v4,
15032 src->ipp_label_len_v4);
15033 dst->ipp_label_len_v4 = src->ipp_label_len_v4;
15034 }
15035 if (fields & IPPF_LABEL_V6) {
15036 dst->ipp_label_v6 = kmem_alloc(src->ipp_label_len_v6, kmflag);
15037 if (dst->ipp_label_v6 == NULL) {
15038 ip_pkt_free(dst);
15039 return (ENOMEM);
15040 }
15041 dst->ipp_fields |= IPPF_LABEL_V6;
15042 bcopy(src->ipp_label_v6, dst->ipp_label_v6,
15043 src->ipp_label_len_v6);
15044 dst->ipp_label_len_v6 = src->ipp_label_len_v6;
15045 }
15046 if (fields & IPPF_FRAGHDR) {
15047 dst->ipp_fraghdr = kmem_alloc(src->ipp_fraghdrlen, kmflag);
15048 if (dst->ipp_fraghdr == NULL) {
15049 ip_pkt_free(dst);
15050 return (ENOMEM);
15051 }
15052 dst->ipp_fields |= IPPF_FRAGHDR;
15053 bcopy(src->ipp_fraghdr, dst->ipp_fraghdr,
15054 src->ipp_fraghdrlen);
15055 dst->ipp_fraghdrlen = src->ipp_fraghdrlen;
15056 }
15057 return (0);
15058 }
15059
15060 /*
15061 * Returns INADDR_ANY if no source route
15062 */
15063 ipaddr_t
ip_pkt_source_route_v4(const ip_pkt_t * ipp)15064 ip_pkt_source_route_v4(const ip_pkt_t *ipp)
15065 {
15066 ipaddr_t nexthop = INADDR_ANY;
15067 ipoptp_t opts;
15068 uchar_t *opt;
15069 uint8_t optval;
15070 uint8_t optlen;
15071 uint32_t totallen;
15072
15073 if (!(ipp->ipp_fields & IPPF_IPV4_OPTIONS))
15074 return (INADDR_ANY);
15075
15076 totallen = ipp->ipp_ipv4_options_len;
15077 if (totallen & 0x3)
15078 return (INADDR_ANY);
15079
15080 for (optval = ipoptp_first2(&opts, totallen, ipp->ipp_ipv4_options);
15081 optval != IPOPT_EOL;
15082 optval = ipoptp_next(&opts)) {
15083 opt = opts.ipoptp_cur;
15084 switch (optval) {
15085 uint8_t off;
15086 case IPOPT_SSRR:
15087 case IPOPT_LSRR:
15088 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
15089 break;
15090 }
15091 optlen = opts.ipoptp_len;
15092 off = opt[IPOPT_OFFSET];
15093 off--;
15094 if (optlen < IP_ADDR_LEN ||
15095 off > optlen - IP_ADDR_LEN) {
15096 /* End of source route */
15097 break;
15098 }
15099 bcopy((char *)opt + off, &nexthop, IP_ADDR_LEN);
15100 if (nexthop == htonl(INADDR_LOOPBACK)) {
15101 /* Ignore */
15102 nexthop = INADDR_ANY;
15103 break;
15104 }
15105 break;
15106 }
15107 }
15108 return (nexthop);
15109 }
15110
15111 /*
15112 * Reverse a source route.
15113 */
15114 void
ip_pkt_source_route_reverse_v4(ip_pkt_t * ipp)15115 ip_pkt_source_route_reverse_v4(ip_pkt_t *ipp)
15116 {
15117 ipaddr_t tmp;
15118 ipoptp_t opts;
15119 uchar_t *opt;
15120 uint8_t optval;
15121 uint32_t totallen;
15122
15123 if (!(ipp->ipp_fields & IPPF_IPV4_OPTIONS))
15124 return;
15125
15126 totallen = ipp->ipp_ipv4_options_len;
15127 if (totallen & 0x3)
15128 return;
15129
15130 for (optval = ipoptp_first2(&opts, totallen, ipp->ipp_ipv4_options);
15131 optval != IPOPT_EOL;
15132 optval = ipoptp_next(&opts)) {
15133 uint8_t off1, off2;
15134
15135 opt = opts.ipoptp_cur;
15136 switch (optval) {
15137 case IPOPT_SSRR:
15138 case IPOPT_LSRR:
15139 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
15140 break;
15141 }
15142 off1 = IPOPT_MINOFF_SR - 1;
15143 off2 = opt[IPOPT_OFFSET] - IP_ADDR_LEN - 1;
15144 while (off2 > off1) {
15145 bcopy(opt + off2, &tmp, IP_ADDR_LEN);
15146 bcopy(opt + off1, opt + off2, IP_ADDR_LEN);
15147 bcopy(&tmp, opt + off2, IP_ADDR_LEN);
15148 off2 -= IP_ADDR_LEN;
15149 off1 += IP_ADDR_LEN;
15150 }
15151 opt[IPOPT_OFFSET] = IPOPT_MINOFF_SR;
15152 break;
15153 }
15154 }
15155 }
15156
15157 /*
15158 * Returns NULL if no routing header
15159 */
15160 in6_addr_t *
ip_pkt_source_route_v6(const ip_pkt_t * ipp)15161 ip_pkt_source_route_v6(const ip_pkt_t *ipp)
15162 {
15163 in6_addr_t *nexthop = NULL;
15164 ip6_rthdr0_t *rthdr;
15165
15166 if (!(ipp->ipp_fields & IPPF_RTHDR))
15167 return (NULL);
15168
15169 rthdr = (ip6_rthdr0_t *)ipp->ipp_rthdr;
15170 if (rthdr->ip6r0_segleft == 0)
15171 return (NULL);
15172
15173 nexthop = (in6_addr_t *)((char *)rthdr + sizeof (*rthdr));
15174 return (nexthop);
15175 }
15176
15177 zoneid_t
ip_get_zoneid_v4(ipaddr_t addr,mblk_t * mp,ip_recv_attr_t * ira,zoneid_t lookup_zoneid)15178 ip_get_zoneid_v4(ipaddr_t addr, mblk_t *mp, ip_recv_attr_t *ira,
15179 zoneid_t lookup_zoneid)
15180 {
15181 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
15182 ire_t *ire;
15183 int ire_flags = MATCH_IRE_TYPE;
15184 zoneid_t zoneid = ALL_ZONES;
15185
15186 if (is_system_labeled() && !tsol_can_accept_raw(mp, ira, B_FALSE))
15187 return (ALL_ZONES);
15188
15189 if (lookup_zoneid != ALL_ZONES)
15190 ire_flags |= MATCH_IRE_ZONEONLY;
15191 ire = ire_ftable_lookup_v4(addr, 0, 0, IRE_LOCAL | IRE_LOOPBACK,
15192 NULL, lookup_zoneid, NULL, ire_flags, 0, ipst, NULL);
15193 if (ire != NULL) {
15194 zoneid = IP_REAL_ZONEID(ire->ire_zoneid, ipst);
15195 ire_refrele(ire);
15196 }
15197 return (zoneid);
15198 }
15199
15200 zoneid_t
ip_get_zoneid_v6(in6_addr_t * addr,mblk_t * mp,const ill_t * ill,ip_recv_attr_t * ira,zoneid_t lookup_zoneid)15201 ip_get_zoneid_v6(in6_addr_t *addr, mblk_t *mp, const ill_t *ill,
15202 ip_recv_attr_t *ira, zoneid_t lookup_zoneid)
15203 {
15204 ip_stack_t *ipst = ira->ira_ill->ill_ipst;
15205 ire_t *ire;
15206 int ire_flags = MATCH_IRE_TYPE;
15207 zoneid_t zoneid = ALL_ZONES;
15208
15209 if (is_system_labeled() && !tsol_can_accept_raw(mp, ira, B_FALSE))
15210 return (ALL_ZONES);
15211
15212 if (IN6_IS_ADDR_LINKLOCAL(addr))
15213 ire_flags |= MATCH_IRE_ILL;
15214
15215 if (lookup_zoneid != ALL_ZONES)
15216 ire_flags |= MATCH_IRE_ZONEONLY;
15217 ire = ire_ftable_lookup_v6(addr, NULL, NULL, IRE_LOCAL | IRE_LOOPBACK,
15218 ill, lookup_zoneid, NULL, ire_flags, 0, ipst, NULL);
15219 if (ire != NULL) {
15220 zoneid = IP_REAL_ZONEID(ire->ire_zoneid, ipst);
15221 ire_refrele(ire);
15222 }
15223 return (zoneid);
15224 }
15225
15226 /*
15227 * IP obserability hook support functions.
15228 */
15229 static void
ipobs_init(ip_stack_t * ipst)15230 ipobs_init(ip_stack_t *ipst)
15231 {
15232 netid_t id;
15233
15234 id = net_getnetidbynetstackid(ipst->ips_netstack->netstack_stackid);
15235
15236 ipst->ips_ip4_observe_pr = net_protocol_lookup(id, NHF_INET);
15237 VERIFY(ipst->ips_ip4_observe_pr != NULL);
15238
15239 ipst->ips_ip6_observe_pr = net_protocol_lookup(id, NHF_INET6);
15240 VERIFY(ipst->ips_ip6_observe_pr != NULL);
15241 }
15242
15243 static void
ipobs_fini(ip_stack_t * ipst)15244 ipobs_fini(ip_stack_t *ipst)
15245 {
15246
15247 VERIFY(net_protocol_release(ipst->ips_ip4_observe_pr) == 0);
15248 VERIFY(net_protocol_release(ipst->ips_ip6_observe_pr) == 0);
15249 }
15250
15251 /*
15252 * hook_pkt_observe_t is composed in network byte order so that the
15253 * entire mblk_t chain handed into hook_run can be used as-is.
15254 * The caveat is that use of the fields, such as the zone fields,
15255 * requires conversion into host byte order first.
15256 */
15257 void
ipobs_hook(mblk_t * mp,int htype,zoneid_t zsrc,zoneid_t zdst,const ill_t * ill,ip_stack_t * ipst)15258 ipobs_hook(mblk_t *mp, int htype, zoneid_t zsrc, zoneid_t zdst,
15259 const ill_t *ill, ip_stack_t *ipst)
15260 {
15261 hook_pkt_observe_t *hdr;
15262 uint64_t grifindex;
15263 mblk_t *imp;
15264
15265 imp = allocb(sizeof (*hdr), BPRI_HI);
15266 if (imp == NULL)
15267 return;
15268
15269 hdr = (hook_pkt_observe_t *)imp->b_rptr;
15270 /*
15271 * b_wptr is set to make the apparent size of the data in the mblk_t
15272 * to exclude the pointers at the end of hook_pkt_observer_t.
15273 */
15274 imp->b_wptr = imp->b_rptr + sizeof (dl_ipnetinfo_t);
15275 imp->b_cont = mp;
15276
15277 ASSERT(DB_TYPE(mp) == M_DATA);
15278
15279 if (IS_UNDER_IPMP(ill))
15280 grifindex = ipmp_ill_get_ipmp_ifindex(ill);
15281 else
15282 grifindex = 0;
15283
15284 hdr->hpo_version = 1;
15285 hdr->hpo_htype = htons(htype);
15286 hdr->hpo_pktlen = htonl((ulong_t)msgdsize(mp));
15287 hdr->hpo_ifindex = htonl(ill->ill_phyint->phyint_ifindex);
15288 hdr->hpo_grifindex = htonl(grifindex);
15289 hdr->hpo_zsrc = htonl(zsrc);
15290 hdr->hpo_zdst = htonl(zdst);
15291 hdr->hpo_pkt = imp;
15292 hdr->hpo_ctx = ipst->ips_netstack;
15293
15294 if (ill->ill_isv6) {
15295 hdr->hpo_family = AF_INET6;
15296 (void) hook_run(ipst->ips_ipv6_net_data->netd_hooks,
15297 ipst->ips_ipv6observing, (hook_data_t)hdr);
15298 } else {
15299 hdr->hpo_family = AF_INET;
15300 (void) hook_run(ipst->ips_ipv4_net_data->netd_hooks,
15301 ipst->ips_ipv4observing, (hook_data_t)hdr);
15302 }
15303
15304 imp->b_cont = NULL;
15305 freemsg(imp);
15306 }
15307
15308 /*
15309 * Utility routine that checks if `v4srcp' is a valid address on underlying
15310 * interface `ill'. If `ipifp' is non-NULL, it's set to a held ipif
15311 * associated with `v4srcp' on success. NOTE: if this is not called from
15312 * inside the IPSQ (ill_g_lock is not held), `ill' may be removed from the
15313 * group during or after this lookup.
15314 */
15315 boolean_t
ipif_lookup_testaddr_v4(ill_t * ill,const in_addr_t * v4srcp,ipif_t ** ipifp)15316 ipif_lookup_testaddr_v4(ill_t *ill, const in_addr_t *v4srcp, ipif_t **ipifp)
15317 {
15318 ipif_t *ipif;
15319
15320 ipif = ipif_lookup_addr_exact(*v4srcp, ill, ill->ill_ipst);
15321 if (ipif != NULL) {
15322 if (ipifp != NULL)
15323 *ipifp = ipif;
15324 else
15325 ipif_refrele(ipif);
15326 return (B_TRUE);
15327 }
15328
15329 ip1dbg(("ipif_lookup_testaddr_v4: cannot find ipif for src %x\n",
15330 *v4srcp));
15331 return (B_FALSE);
15332 }
15333
15334 /*
15335 * Transport protocol call back function for CPU state change.
15336 */
15337 /* ARGSUSED */
15338 static int
ip_tp_cpu_update(cpu_setup_t what,int id,void * arg)15339 ip_tp_cpu_update(cpu_setup_t what, int id, void *arg)
15340 {
15341 processorid_t cpu_seqid;
15342 netstack_handle_t nh;
15343 netstack_t *ns;
15344
15345 ASSERT(MUTEX_HELD(&cpu_lock));
15346
15347 switch (what) {
15348 case CPU_CONFIG:
15349 case CPU_ON:
15350 case CPU_INIT:
15351 case CPU_CPUPART_IN:
15352 cpu_seqid = cpu[id]->cpu_seqid;
15353 netstack_next_init(&nh);
15354 while ((ns = netstack_next(&nh)) != NULL) {
15355 tcp_stack_cpu_add(ns->netstack_tcp, cpu_seqid);
15356 sctp_stack_cpu_add(ns->netstack_sctp, cpu_seqid);
15357 udp_stack_cpu_add(ns->netstack_udp, cpu_seqid);
15358 netstack_rele(ns);
15359 }
15360 netstack_next_fini(&nh);
15361 break;
15362 case CPU_UNCONFIG:
15363 case CPU_OFF:
15364 case CPU_CPUPART_OUT:
15365 /*
15366 * Nothing to do. We don't remove the per CPU stats from
15367 * the IP stack even when the CPU goes offline.
15368 */
15369 break;
15370 default:
15371 break;
15372 }
15373 return (0);
15374 }
15375