165ff3638SAlexander V. Chernikov /*- 265ff3638SAlexander V. Chernikov * Copyright (c) 2015 365ff3638SAlexander V. Chernikov * Alexander V. Chernikov <melifaro@FreeBSD.org> 465ff3638SAlexander V. Chernikov * 565ff3638SAlexander V. Chernikov * Redistribution and use in source and binary forms, with or without 665ff3638SAlexander V. Chernikov * modification, are permitted provided that the following conditions 765ff3638SAlexander V. Chernikov * are met: 865ff3638SAlexander V. Chernikov * 1. Redistributions of source code must retain the above copyright 965ff3638SAlexander V. Chernikov * notice, this list of conditions and the following disclaimer. 1065ff3638SAlexander V. Chernikov * 2. Redistributions in binary form must reproduce the above copyright 1165ff3638SAlexander V. Chernikov * notice, this list of conditions and the following disclaimer in the 1265ff3638SAlexander V. Chernikov * documentation and/or other materials provided with the distribution. 13fbbd9655SWarner Losh * 3. Neither the name of the University nor the names of its contributors 1465ff3638SAlexander V. Chernikov * may be used to endorse or promote products derived from this software 1565ff3638SAlexander V. Chernikov * without specific prior written permission. 1665ff3638SAlexander V. Chernikov * 1765ff3638SAlexander V. Chernikov * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 1865ff3638SAlexander V. Chernikov * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1965ff3638SAlexander V. Chernikov * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2065ff3638SAlexander V. Chernikov * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 2165ff3638SAlexander V. Chernikov * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2265ff3638SAlexander V. Chernikov * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2365ff3638SAlexander V. Chernikov * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2465ff3638SAlexander V. Chernikov * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2565ff3638SAlexander V. Chernikov * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2665ff3638SAlexander V. Chernikov * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2765ff3638SAlexander V. Chernikov * SUCH DAMAGE. 2865ff3638SAlexander V. Chernikov */ 2965ff3638SAlexander V. Chernikov 3065ff3638SAlexander V. Chernikov #include <sys/cdefs.h> 3165ff3638SAlexander V. Chernikov __FBSDID("$FreeBSD$"); 3265ff3638SAlexander V. Chernikov 3365ff3638SAlexander V. Chernikov #include "opt_inet.h" 3465ff3638SAlexander V. Chernikov #include "opt_route.h" 3565ff3638SAlexander V. Chernikov #include "opt_mpath.h" 3665ff3638SAlexander V. Chernikov 3765ff3638SAlexander V. Chernikov #include <sys/param.h> 3865ff3638SAlexander V. Chernikov #include <sys/systm.h> 3965ff3638SAlexander V. Chernikov #include <sys/lock.h> 4020efcfc6SAndrey V. Elsukov #include <sys/rmlock.h> 4165ff3638SAlexander V. Chernikov #include <sys/malloc.h> 4265ff3638SAlexander V. Chernikov #include <sys/mbuf.h> 4365ff3638SAlexander V. Chernikov #include <sys/socket.h> 4465ff3638SAlexander V. Chernikov #include <sys/sysctl.h> 4565ff3638SAlexander V. Chernikov #include <sys/kernel.h> 4665ff3638SAlexander V. Chernikov 4765ff3638SAlexander V. Chernikov #include <net/if.h> 4865ff3638SAlexander V. Chernikov #include <net/if_var.h> 4965ff3638SAlexander V. Chernikov #include <net/if_dl.h> 5065ff3638SAlexander V. Chernikov #include <net/route.h> 5161eee0e2SAlexander V. Chernikov #include <net/route_var.h> 52*a6663252SAlexander V. Chernikov #include <net/route/nhop.h> 53*a6663252SAlexander V. Chernikov #include <net/route/shared.h> 5465ff3638SAlexander V. Chernikov #include <net/vnet.h> 5565ff3638SAlexander V. Chernikov 5665ff3638SAlexander V. Chernikov #ifdef RADIX_MPATH 5765ff3638SAlexander V. Chernikov #include <net/radix_mpath.h> 5865ff3638SAlexander V. Chernikov #endif 5965ff3638SAlexander V. Chernikov 6065ff3638SAlexander V. Chernikov #include <netinet/in.h> 6165ff3638SAlexander V. Chernikov #include <netinet/in_var.h> 6265ff3638SAlexander V. Chernikov #include <netinet/in_fib.h> 6365ff3638SAlexander V. Chernikov 6465ff3638SAlexander V. Chernikov #ifdef INET 65*a6663252SAlexander V. Chernikov static void fib4_rte_to_nh_basic(struct nhop_object *nh, struct in_addr dst, 6665ff3638SAlexander V. Chernikov uint32_t flags, struct nhop4_basic *pnh4); 67*a6663252SAlexander V. Chernikov static void fib4_rte_to_nh_extended(struct nhop_object *nh, struct in_addr dst, 6865ff3638SAlexander V. Chernikov uint32_t flags, struct nhop4_extended *pnh4); 6965ff3638SAlexander V. Chernikov 7065ff3638SAlexander V. Chernikov #define RNTORT(p) ((struct rtentry *)(p)) 7165ff3638SAlexander V. Chernikov 7265ff3638SAlexander V. Chernikov static void 73*a6663252SAlexander V. Chernikov fib4_rte_to_nh_basic(struct nhop_object *nh, struct in_addr dst, 7465ff3638SAlexander V. Chernikov uint32_t flags, struct nhop4_basic *pnh4) 7565ff3638SAlexander V. Chernikov { 7665ff3638SAlexander V. Chernikov 7765ff3638SAlexander V. Chernikov if ((flags & NHR_IFAIF) != 0) 78*a6663252SAlexander V. Chernikov pnh4->nh_ifp = nh->nh_ifa->ifa_ifp; 7965ff3638SAlexander V. Chernikov else 80*a6663252SAlexander V. Chernikov pnh4->nh_ifp = nh->nh_ifp; 81*a6663252SAlexander V. Chernikov pnh4->nh_mtu = nh->nh_mtu; 82*a6663252SAlexander V. Chernikov if (nh->nh_flags & NHF_GATEWAY) 83*a6663252SAlexander V. Chernikov pnh4->nh_addr = nh->gw4_sa.sin_addr; 84*a6663252SAlexander V. Chernikov else 8565ff3638SAlexander V. Chernikov pnh4->nh_addr = dst; 8665ff3638SAlexander V. Chernikov /* Set flags */ 87*a6663252SAlexander V. Chernikov pnh4->nh_flags = nh->nh_flags; 8865ff3638SAlexander V. Chernikov /* TODO: Handle RTF_BROADCAST here */ 8965ff3638SAlexander V. Chernikov } 9065ff3638SAlexander V. Chernikov 9165ff3638SAlexander V. Chernikov static void 92*a6663252SAlexander V. Chernikov fib4_rte_to_nh_extended(struct nhop_object *nh, struct in_addr dst, 9365ff3638SAlexander V. Chernikov uint32_t flags, struct nhop4_extended *pnh4) 9465ff3638SAlexander V. Chernikov { 9565ff3638SAlexander V. Chernikov 9645a8de88SAlexander V. Chernikov if ((flags & NHR_IFAIF) != 0) 97*a6663252SAlexander V. Chernikov pnh4->nh_ifp = nh->nh_ifa->ifa_ifp; 9845a8de88SAlexander V. Chernikov else 99*a6663252SAlexander V. Chernikov pnh4->nh_ifp = nh->nh_ifp; 100*a6663252SAlexander V. Chernikov pnh4->nh_mtu = nh->nh_mtu; 101*a6663252SAlexander V. Chernikov if (nh->nh_flags & NHF_GATEWAY) 102*a6663252SAlexander V. Chernikov pnh4->nh_addr = nh->gw4_sa.sin_addr; 103*a6663252SAlexander V. Chernikov else 10465ff3638SAlexander V. Chernikov pnh4->nh_addr = dst; 10565ff3638SAlexander V. Chernikov /* Set flags */ 106*a6663252SAlexander V. Chernikov pnh4->nh_flags = nh->nh_flags; 107*a6663252SAlexander V. Chernikov pnh4->nh_ia = ifatoia(nh->nh_ifa); 1086ca363ebSGleb Smirnoff pnh4->nh_src = IA_SIN(pnh4->nh_ia)->sin_addr; 10965ff3638SAlexander V. Chernikov } 11065ff3638SAlexander V. Chernikov 11165ff3638SAlexander V. Chernikov /* 11265ff3638SAlexander V. Chernikov * Performs IPv4 route table lookup on @dst. Returns 0 on success. 11365ff3638SAlexander V. Chernikov * Stores nexthop info provided @pnh4 structure. 11465ff3638SAlexander V. Chernikov * Note that 11565ff3638SAlexander V. Chernikov * - nh_ifp cannot be safely dereferenced 11665ff3638SAlexander V. Chernikov * - nh_ifp represents logical transmit interface (rt_ifp) (e.g. if 11765ff3638SAlexander V. Chernikov * looking up address on interface "ix0" pointer to "lo0" interface 11865ff3638SAlexander V. Chernikov * will be returned instead of "ix0") 11965ff3638SAlexander V. Chernikov * - nh_ifp represents "address" interface if NHR_IFAIF flag is passed 12065ff3638SAlexander V. Chernikov * - howewer mtu from "transmit" interface will be returned. 12165ff3638SAlexander V. Chernikov */ 12265ff3638SAlexander V. Chernikov int 12365ff3638SAlexander V. Chernikov fib4_lookup_nh_basic(uint32_t fibnum, struct in_addr dst, uint32_t flags, 12465ff3638SAlexander V. Chernikov uint32_t flowid, struct nhop4_basic *pnh4) 12565ff3638SAlexander V. Chernikov { 12620efcfc6SAndrey V. Elsukov RIB_RLOCK_TRACKER; 12761eee0e2SAlexander V. Chernikov struct rib_head *rh; 12865ff3638SAlexander V. Chernikov struct radix_node *rn; 12965ff3638SAlexander V. Chernikov struct sockaddr_in sin; 130*a6663252SAlexander V. Chernikov struct nhop_object *nh; 13165ff3638SAlexander V. Chernikov 13265ff3638SAlexander V. Chernikov KASSERT((fibnum < rt_numfibs), ("fib4_lookup_nh_basic: bad fibnum")); 13365ff3638SAlexander V. Chernikov rh = rt_tables_get_rnh(fibnum, AF_INET); 13465ff3638SAlexander V. Chernikov if (rh == NULL) 13565ff3638SAlexander V. Chernikov return (ENOENT); 13665ff3638SAlexander V. Chernikov 13765ff3638SAlexander V. Chernikov /* Prepare lookup key */ 13865ff3638SAlexander V. Chernikov memset(&sin, 0, sizeof(sin)); 13965ff3638SAlexander V. Chernikov sin.sin_len = sizeof(struct sockaddr_in); 14065ff3638SAlexander V. Chernikov sin.sin_addr = dst; 14165ff3638SAlexander V. Chernikov 14261eee0e2SAlexander V. Chernikov RIB_RLOCK(rh); 14361eee0e2SAlexander V. Chernikov rn = rh->rnh_matchaddr((void *)&sin, &rh->head); 14465ff3638SAlexander V. Chernikov if (rn != NULL && ((rn->rn_flags & RNF_ROOT) == 0)) { 145*a6663252SAlexander V. Chernikov nh = RNTORT(rn)->rt_nhop; 14665ff3638SAlexander V. Chernikov /* Ensure route & ifp is UP */ 147*a6663252SAlexander V. Chernikov if (RT_LINK_IS_UP(nh->nh_ifp)) { 148*a6663252SAlexander V. Chernikov fib4_rte_to_nh_basic(nh, dst, flags, pnh4); 14961eee0e2SAlexander V. Chernikov RIB_RUNLOCK(rh); 15065ff3638SAlexander V. Chernikov 15165ff3638SAlexander V. Chernikov return (0); 15265ff3638SAlexander V. Chernikov } 15365ff3638SAlexander V. Chernikov } 15461eee0e2SAlexander V. Chernikov RIB_RUNLOCK(rh); 15565ff3638SAlexander V. Chernikov 15665ff3638SAlexander V. Chernikov return (ENOENT); 15765ff3638SAlexander V. Chernikov } 15865ff3638SAlexander V. Chernikov 15965ff3638SAlexander V. Chernikov /* 16065ff3638SAlexander V. Chernikov * Performs IPv4 route table lookup on @dst. Returns 0 on success. 16165ff3638SAlexander V. Chernikov * Stores extende nexthop info provided @pnh4 structure. 16265ff3638SAlexander V. Chernikov * Note that 16365ff3638SAlexander V. Chernikov * - nh_ifp cannot be safely dereferenced unless NHR_REF is specified. 16465ff3638SAlexander V. Chernikov * - in that case you need to call fib4_free_nh_ext() 16565ff3638SAlexander V. Chernikov * - nh_ifp represents logical transmit interface (rt_ifp) (e.g. if 16665ff3638SAlexander V. Chernikov * looking up address of interface "ix0" pointer to "lo0" interface 16765ff3638SAlexander V. Chernikov * will be returned instead of "ix0") 16865ff3638SAlexander V. Chernikov * - nh_ifp represents "address" interface if NHR_IFAIF flag is passed 16965ff3638SAlexander V. Chernikov * - howewer mtu from "transmit" interface will be returned. 17065ff3638SAlexander V. Chernikov */ 17165ff3638SAlexander V. Chernikov int 17265d28729SAlexander V. Chernikov fib4_lookup_nh_ext(uint32_t fibnum, struct in_addr dst, uint32_t flags, 17365d28729SAlexander V. Chernikov uint32_t flowid, struct nhop4_extended *pnh4) 17465ff3638SAlexander V. Chernikov { 17520efcfc6SAndrey V. Elsukov RIB_RLOCK_TRACKER; 17661eee0e2SAlexander V. Chernikov struct rib_head *rh; 17765ff3638SAlexander V. Chernikov struct radix_node *rn; 17865ff3638SAlexander V. Chernikov struct sockaddr_in sin; 17965ff3638SAlexander V. Chernikov struct rtentry *rte; 180*a6663252SAlexander V. Chernikov struct nhop_object *nh; 18165ff3638SAlexander V. Chernikov 18265ff3638SAlexander V. Chernikov KASSERT((fibnum < rt_numfibs), ("fib4_lookup_nh_ext: bad fibnum")); 18365ff3638SAlexander V. Chernikov rh = rt_tables_get_rnh(fibnum, AF_INET); 18465ff3638SAlexander V. Chernikov if (rh == NULL) 18565ff3638SAlexander V. Chernikov return (ENOENT); 18665ff3638SAlexander V. Chernikov 18765ff3638SAlexander V. Chernikov /* Prepare lookup key */ 18865ff3638SAlexander V. Chernikov memset(&sin, 0, sizeof(sin)); 18965ff3638SAlexander V. Chernikov sin.sin_len = sizeof(struct sockaddr_in); 19065ff3638SAlexander V. Chernikov sin.sin_addr = dst; 19165ff3638SAlexander V. Chernikov 19261eee0e2SAlexander V. Chernikov RIB_RLOCK(rh); 19361eee0e2SAlexander V. Chernikov rn = rh->rnh_matchaddr((void *)&sin, &rh->head); 19465ff3638SAlexander V. Chernikov if (rn != NULL && ((rn->rn_flags & RNF_ROOT) == 0)) { 19565ff3638SAlexander V. Chernikov rte = RNTORT(rn); 19659747033SAlexander V. Chernikov #ifdef RADIX_MPATH 19759747033SAlexander V. Chernikov rte = rt_mpath_select(rte, flowid); 19859747033SAlexander V. Chernikov if (rte == NULL) { 19961eee0e2SAlexander V. Chernikov RIB_RUNLOCK(rh); 20059747033SAlexander V. Chernikov return (ENOENT); 20159747033SAlexander V. Chernikov } 20259747033SAlexander V. Chernikov #endif 203*a6663252SAlexander V. Chernikov nh = rte->rt_nhop; 20465ff3638SAlexander V. Chernikov /* Ensure route & ifp is UP */ 205*a6663252SAlexander V. Chernikov if (RT_LINK_IS_UP(nh->nh_ifp)) { 206*a6663252SAlexander V. Chernikov fib4_rte_to_nh_extended(nh, dst, flags, pnh4); 20765ff3638SAlexander V. Chernikov if ((flags & NHR_REF) != 0) { 20865ff3638SAlexander V. Chernikov /* TODO: lwref on egress ifp's ? */ 20965ff3638SAlexander V. Chernikov } 21061eee0e2SAlexander V. Chernikov RIB_RUNLOCK(rh); 21165ff3638SAlexander V. Chernikov 21265ff3638SAlexander V. Chernikov return (0); 21365ff3638SAlexander V. Chernikov } 21465ff3638SAlexander V. Chernikov } 21561eee0e2SAlexander V. Chernikov RIB_RUNLOCK(rh); 21665ff3638SAlexander V. Chernikov 21765ff3638SAlexander V. Chernikov return (ENOENT); 21865ff3638SAlexander V. Chernikov } 21965ff3638SAlexander V. Chernikov 22065ff3638SAlexander V. Chernikov void 22165ff3638SAlexander V. Chernikov fib4_free_nh_ext(uint32_t fibnum, struct nhop4_extended *pnh4) 22265ff3638SAlexander V. Chernikov { 22365ff3638SAlexander V. Chernikov 22465ff3638SAlexander V. Chernikov } 22565ff3638SAlexander V. Chernikov 226*a6663252SAlexander V. Chernikov /* 227*a6663252SAlexander V. Chernikov * Looks up path in fib @fibnum specified by @dst. 228*a6663252SAlexander V. Chernikov * Returns path nexthop on success. Nexthop is safe to use 229*a6663252SAlexander V. Chernikov * within the current network epoch. If longer lifetime is required, 230*a6663252SAlexander V. Chernikov * one needs to pass NHR_REF as a flag. This will return referenced 231*a6663252SAlexander V. Chernikov * nexthop. 232*a6663252SAlexander V. Chernikov */ 233*a6663252SAlexander V. Chernikov struct nhop_object * 234*a6663252SAlexander V. Chernikov fib4_lookup(uint32_t fibnum, struct in_addr dst, uint32_t scopeid, 235*a6663252SAlexander V. Chernikov uint32_t flags, uint32_t flowid) 236*a6663252SAlexander V. Chernikov { 237*a6663252SAlexander V. Chernikov RIB_RLOCK_TRACKER; 238*a6663252SAlexander V. Chernikov struct rib_head *rh; 239*a6663252SAlexander V. Chernikov struct radix_node *rn; 240*a6663252SAlexander V. Chernikov struct rtentry *rt; 241*a6663252SAlexander V. Chernikov struct nhop_object *nh; 242*a6663252SAlexander V. Chernikov 243*a6663252SAlexander V. Chernikov KASSERT((fibnum < rt_numfibs), ("fib4_lookup: bad fibnum")); 244*a6663252SAlexander V. Chernikov rh = rt_tables_get_rnh(fibnum, AF_INET); 245*a6663252SAlexander V. Chernikov if (rh == NULL) 246*a6663252SAlexander V. Chernikov return (NULL); 247*a6663252SAlexander V. Chernikov 248*a6663252SAlexander V. Chernikov /* Prepare lookup key */ 249*a6663252SAlexander V. Chernikov struct sockaddr_in sin4; 250*a6663252SAlexander V. Chernikov memset(&sin4, 0, sizeof(sin4)); 251*a6663252SAlexander V. Chernikov sin4.sin_family = AF_INET; 252*a6663252SAlexander V. Chernikov sin4.sin_len = sizeof(struct sockaddr_in); 253*a6663252SAlexander V. Chernikov sin4.sin_addr = dst; 254*a6663252SAlexander V. Chernikov 255*a6663252SAlexander V. Chernikov nh = NULL; 256*a6663252SAlexander V. Chernikov RIB_RLOCK(rh); 257*a6663252SAlexander V. Chernikov rn = rh->rnh_matchaddr((void *)&sin4, &rh->head); 258*a6663252SAlexander V. Chernikov if (rn != NULL && ((rn->rn_flags & RNF_ROOT) == 0)) { 259*a6663252SAlexander V. Chernikov rt = RNTORT(rn); 260*a6663252SAlexander V. Chernikov #ifdef RADIX_MPATH 261*a6663252SAlexander V. Chernikov if (rt_mpath_next(rt) != NULL) 262*a6663252SAlexander V. Chernikov rt = rt_mpath_selectrte(rt, flowid); 263*a6663252SAlexander V. Chernikov #endif 264*a6663252SAlexander V. Chernikov nh = rt->rt_nhop; 265*a6663252SAlexander V. Chernikov /* Ensure route & ifp is UP */ 266*a6663252SAlexander V. Chernikov if (RT_LINK_IS_UP(nh->nh_ifp)) { 267*a6663252SAlexander V. Chernikov if (flags & NHR_REF) 268*a6663252SAlexander V. Chernikov nhop_ref_object(nh); 269*a6663252SAlexander V. Chernikov RIB_RUNLOCK(rh); 270*a6663252SAlexander V. Chernikov return (nh); 271*a6663252SAlexander V. Chernikov } 272*a6663252SAlexander V. Chernikov } 273*a6663252SAlexander V. Chernikov RIB_RUNLOCK(rh); 274*a6663252SAlexander V. Chernikov 275*a6663252SAlexander V. Chernikov RTSTAT_INC(rts_unreach); 276*a6663252SAlexander V. Chernikov return (NULL); 277*a6663252SAlexander V. Chernikov } 278*a6663252SAlexander V. Chernikov 279*a6663252SAlexander V. Chernikov inline static int 280*a6663252SAlexander V. Chernikov check_urpf(const struct nhop_object *nh, uint32_t flags, 281*a6663252SAlexander V. Chernikov const struct ifnet *src_if) 282*a6663252SAlexander V. Chernikov { 283*a6663252SAlexander V. Chernikov 284*a6663252SAlexander V. Chernikov if (src_if != NULL && nh->nh_aifp == src_if) { 285*a6663252SAlexander V. Chernikov return (1); 286*a6663252SAlexander V. Chernikov } 287*a6663252SAlexander V. Chernikov if (src_if == NULL) { 288*a6663252SAlexander V. Chernikov if ((flags & NHR_NODEFAULT) == 0) 289*a6663252SAlexander V. Chernikov return (1); 290*a6663252SAlexander V. Chernikov else if ((nh->nh_flags & NHF_DEFAULT) == 0) 291*a6663252SAlexander V. Chernikov return (1); 292*a6663252SAlexander V. Chernikov } 293*a6663252SAlexander V. Chernikov 294*a6663252SAlexander V. Chernikov return (0); 295*a6663252SAlexander V. Chernikov } 296*a6663252SAlexander V. Chernikov 297*a6663252SAlexander V. Chernikov #ifdef RADIX_MPATH 298*a6663252SAlexander V. Chernikov inline static int 299*a6663252SAlexander V. Chernikov check_urpf_mpath(struct rtentry *rt, uint32_t flags, 300*a6663252SAlexander V. Chernikov const struct ifnet *src_if) 301*a6663252SAlexander V. Chernikov { 302*a6663252SAlexander V. Chernikov 303*a6663252SAlexander V. Chernikov while (rt != NULL) { 304*a6663252SAlexander V. Chernikov if (check_urpf(rt->rt_nhop, flags, src_if) != 0) 305*a6663252SAlexander V. Chernikov return (1); 306*a6663252SAlexander V. Chernikov rt = rt_mpath_next(rt); 307*a6663252SAlexander V. Chernikov } 308*a6663252SAlexander V. Chernikov 309*a6663252SAlexander V. Chernikov return (0); 310*a6663252SAlexander V. Chernikov } 311*a6663252SAlexander V. Chernikov #endif 312*a6663252SAlexander V. Chernikov 313*a6663252SAlexander V. Chernikov /* 314*a6663252SAlexander V. Chernikov * Performs reverse path forwarding lookup. 315*a6663252SAlexander V. Chernikov * If @src_if is non-zero, verifies that at least 1 path goes via 316*a6663252SAlexander V. Chernikov * this interface. 317*a6663252SAlexander V. Chernikov * If @src_if is zero, verifies that route exist. 318*a6663252SAlexander V. Chernikov * if @flags contains NHR_NOTDEFAULT, do not consider default route. 319*a6663252SAlexander V. Chernikov * 320*a6663252SAlexander V. Chernikov * Returns 1 if route matching conditions is found, 0 otherwise. 321*a6663252SAlexander V. Chernikov */ 322*a6663252SAlexander V. Chernikov int 323*a6663252SAlexander V. Chernikov fib4_check_urpf(uint32_t fibnum, struct in_addr dst, uint32_t scopeid, 324*a6663252SAlexander V. Chernikov uint32_t flags, const struct ifnet *src_if) 325*a6663252SAlexander V. Chernikov { 326*a6663252SAlexander V. Chernikov RIB_RLOCK_TRACKER; 327*a6663252SAlexander V. Chernikov struct rib_head *rh; 328*a6663252SAlexander V. Chernikov struct radix_node *rn; 329*a6663252SAlexander V. Chernikov struct rtentry *rt; 330*a6663252SAlexander V. Chernikov int ret; 331*a6663252SAlexander V. Chernikov 332*a6663252SAlexander V. Chernikov KASSERT((fibnum < rt_numfibs), ("fib4_check_urpf: bad fibnum")); 333*a6663252SAlexander V. Chernikov rh = rt_tables_get_rnh(fibnum, AF_INET); 334*a6663252SAlexander V. Chernikov if (rh == NULL) 335*a6663252SAlexander V. Chernikov return (0); 336*a6663252SAlexander V. Chernikov 337*a6663252SAlexander V. Chernikov /* Prepare lookup key */ 338*a6663252SAlexander V. Chernikov struct sockaddr_in sin4; 339*a6663252SAlexander V. Chernikov memset(&sin4, 0, sizeof(sin4)); 340*a6663252SAlexander V. Chernikov sin4.sin_len = sizeof(struct sockaddr_in); 341*a6663252SAlexander V. Chernikov sin4.sin_addr = dst; 342*a6663252SAlexander V. Chernikov 343*a6663252SAlexander V. Chernikov RIB_RLOCK(rh); 344*a6663252SAlexander V. Chernikov rn = rh->rnh_matchaddr((void *)&sin4, &rh->head); 345*a6663252SAlexander V. Chernikov if (rn != NULL && ((rn->rn_flags & RNF_ROOT) == 0)) { 346*a6663252SAlexander V. Chernikov rt = RNTORT(rn); 347*a6663252SAlexander V. Chernikov #ifdef RADIX_MPATH 348*a6663252SAlexander V. Chernikov ret = check_urpf_mpath(rt, flags, src_if); 349*a6663252SAlexander V. Chernikov #else 350*a6663252SAlexander V. Chernikov ret = check_urpf(rt->rt_nhop, flags, src_if); 351*a6663252SAlexander V. Chernikov #endif 352*a6663252SAlexander V. Chernikov RIB_RUNLOCK(rh); 353*a6663252SAlexander V. Chernikov return (ret); 354*a6663252SAlexander V. Chernikov } 355*a6663252SAlexander V. Chernikov RIB_RUNLOCK(rh); 356*a6663252SAlexander V. Chernikov 357*a6663252SAlexander V. Chernikov return (0); 358*a6663252SAlexander V. Chernikov } 359*a6663252SAlexander V. Chernikov 36065ff3638SAlexander V. Chernikov #endif 361