165ff3638SAlexander V. Chernikov /*- 265ff3638SAlexander V. Chernikov * Copyright (c) 2015 365ff3638SAlexander V. Chernikov * Alexander V. Chernikov <melifaro@FreeBSD.org> 465ff3638SAlexander V. Chernikov * 565ff3638SAlexander V. Chernikov * Redistribution and use in source and binary forms, with or without 665ff3638SAlexander V. Chernikov * modification, are permitted provided that the following conditions 765ff3638SAlexander V. Chernikov * are met: 865ff3638SAlexander V. Chernikov * 1. Redistributions of source code must retain the above copyright 965ff3638SAlexander V. Chernikov * notice, this list of conditions and the following disclaimer. 1065ff3638SAlexander V. Chernikov * 2. Redistributions in binary form must reproduce the above copyright 1165ff3638SAlexander V. Chernikov * notice, this list of conditions and the following disclaimer in the 1265ff3638SAlexander V. Chernikov * documentation and/or other materials provided with the distribution. 13fbbd9655SWarner Losh * 3. Neither the name of the University nor the names of its contributors 1465ff3638SAlexander V. Chernikov * may be used to endorse or promote products derived from this software 1565ff3638SAlexander V. Chernikov * without specific prior written permission. 1665ff3638SAlexander V. Chernikov * 1765ff3638SAlexander V. Chernikov * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 1865ff3638SAlexander V. Chernikov * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1965ff3638SAlexander V. Chernikov * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2065ff3638SAlexander V. Chernikov * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 2165ff3638SAlexander V. Chernikov * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2265ff3638SAlexander V. Chernikov * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2365ff3638SAlexander V. Chernikov * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2465ff3638SAlexander V. Chernikov * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2565ff3638SAlexander V. Chernikov * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2665ff3638SAlexander V. Chernikov * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2765ff3638SAlexander V. Chernikov * SUCH DAMAGE. 2865ff3638SAlexander V. Chernikov */ 2965ff3638SAlexander V. Chernikov 3065ff3638SAlexander V. Chernikov #include <sys/cdefs.h> 3165ff3638SAlexander V. Chernikov __FBSDID("$FreeBSD$"); 3265ff3638SAlexander V. Chernikov 3365ff3638SAlexander V. Chernikov #include "opt_inet.h" 3465ff3638SAlexander V. Chernikov #include "opt_route.h" 3565ff3638SAlexander V. Chernikov #include "opt_mpath.h" 3665ff3638SAlexander V. Chernikov 3765ff3638SAlexander V. Chernikov #include <sys/param.h> 3865ff3638SAlexander V. Chernikov #include <sys/systm.h> 3965ff3638SAlexander V. Chernikov #include <sys/lock.h> 4020efcfc6SAndrey V. Elsukov #include <sys/rmlock.h> 4165ff3638SAlexander V. Chernikov #include <sys/malloc.h> 4265ff3638SAlexander V. Chernikov #include <sys/mbuf.h> 4365ff3638SAlexander V. Chernikov #include <sys/socket.h> 4465ff3638SAlexander V. Chernikov #include <sys/sysctl.h> 4565ff3638SAlexander V. Chernikov #include <sys/kernel.h> 4665ff3638SAlexander V. Chernikov 4765ff3638SAlexander V. Chernikov #include <net/if.h> 4865ff3638SAlexander V. Chernikov #include <net/if_var.h> 4965ff3638SAlexander V. Chernikov #include <net/if_dl.h> 5065ff3638SAlexander V. Chernikov #include <net/route.h> 51*e7d8af4fSAlexander V. Chernikov #include <net/route/route_var.h> 52a6663252SAlexander V. Chernikov #include <net/route/nhop.h> 53a6663252SAlexander V. Chernikov #include <net/route/shared.h> 5465ff3638SAlexander V. Chernikov #include <net/vnet.h> 5565ff3638SAlexander V. Chernikov 5665ff3638SAlexander V. Chernikov #ifdef RADIX_MPATH 5765ff3638SAlexander V. Chernikov #include <net/radix_mpath.h> 5865ff3638SAlexander V. Chernikov #endif 5965ff3638SAlexander V. Chernikov 6065ff3638SAlexander V. Chernikov #include <netinet/in.h> 6165ff3638SAlexander V. Chernikov #include <netinet/in_var.h> 6265ff3638SAlexander V. Chernikov #include <netinet/in_fib.h> 6365ff3638SAlexander V. Chernikov 6465ff3638SAlexander V. Chernikov #ifdef INET 65983066f0SAlexander V. Chernikov 66983066f0SAlexander V. Chernikov /* Verify struct route compatiblity */ 67983066f0SAlexander V. Chernikov /* Assert 'struct route_in' is compatible with 'struct route' */ 68983066f0SAlexander V. Chernikov CHK_STRUCT_ROUTE_COMPAT(struct route_in, ro_dst4); 69a6663252SAlexander V. Chernikov static void fib4_rte_to_nh_basic(struct nhop_object *nh, struct in_addr dst, 7065ff3638SAlexander V. Chernikov uint32_t flags, struct nhop4_basic *pnh4); 71a6663252SAlexander V. Chernikov static void fib4_rte_to_nh_extended(struct nhop_object *nh, struct in_addr dst, 7265ff3638SAlexander V. Chernikov uint32_t flags, struct nhop4_extended *pnh4); 7365ff3638SAlexander V. Chernikov 7465ff3638SAlexander V. Chernikov #define RNTORT(p) ((struct rtentry *)(p)) 7565ff3638SAlexander V. Chernikov 7665ff3638SAlexander V. Chernikov static void 77a6663252SAlexander V. Chernikov fib4_rte_to_nh_basic(struct nhop_object *nh, struct in_addr dst, 7865ff3638SAlexander V. Chernikov uint32_t flags, struct nhop4_basic *pnh4) 7965ff3638SAlexander V. Chernikov { 8065ff3638SAlexander V. Chernikov 8165ff3638SAlexander V. Chernikov if ((flags & NHR_IFAIF) != 0) 82a6663252SAlexander V. Chernikov pnh4->nh_ifp = nh->nh_ifa->ifa_ifp; 8365ff3638SAlexander V. Chernikov else 84a6663252SAlexander V. Chernikov pnh4->nh_ifp = nh->nh_ifp; 85a6663252SAlexander V. Chernikov pnh4->nh_mtu = nh->nh_mtu; 86a6663252SAlexander V. Chernikov if (nh->nh_flags & NHF_GATEWAY) 87a6663252SAlexander V. Chernikov pnh4->nh_addr = nh->gw4_sa.sin_addr; 88a6663252SAlexander V. Chernikov else 8965ff3638SAlexander V. Chernikov pnh4->nh_addr = dst; 9065ff3638SAlexander V. Chernikov /* Set flags */ 91a6663252SAlexander V. Chernikov pnh4->nh_flags = nh->nh_flags; 9265ff3638SAlexander V. Chernikov /* TODO: Handle RTF_BROADCAST here */ 9365ff3638SAlexander V. Chernikov } 9465ff3638SAlexander V. Chernikov 9565ff3638SAlexander V. Chernikov static void 96a6663252SAlexander V. Chernikov fib4_rte_to_nh_extended(struct nhop_object *nh, struct in_addr dst, 9765ff3638SAlexander V. Chernikov uint32_t flags, struct nhop4_extended *pnh4) 9865ff3638SAlexander V. Chernikov { 9965ff3638SAlexander V. Chernikov 10045a8de88SAlexander V. Chernikov if ((flags & NHR_IFAIF) != 0) 101a6663252SAlexander V. Chernikov pnh4->nh_ifp = nh->nh_ifa->ifa_ifp; 10245a8de88SAlexander V. Chernikov else 103a6663252SAlexander V. Chernikov pnh4->nh_ifp = nh->nh_ifp; 104a6663252SAlexander V. Chernikov pnh4->nh_mtu = nh->nh_mtu; 105a6663252SAlexander V. Chernikov if (nh->nh_flags & NHF_GATEWAY) 106a6663252SAlexander V. Chernikov pnh4->nh_addr = nh->gw4_sa.sin_addr; 107a6663252SAlexander V. Chernikov else 10865ff3638SAlexander V. Chernikov pnh4->nh_addr = dst; 10965ff3638SAlexander V. Chernikov /* Set flags */ 110a6663252SAlexander V. Chernikov pnh4->nh_flags = nh->nh_flags; 111a6663252SAlexander V. Chernikov pnh4->nh_ia = ifatoia(nh->nh_ifa); 1126ca363ebSGleb Smirnoff pnh4->nh_src = IA_SIN(pnh4->nh_ia)->sin_addr; 11365ff3638SAlexander V. Chernikov } 11465ff3638SAlexander V. Chernikov 11565ff3638SAlexander V. Chernikov /* 11665ff3638SAlexander V. Chernikov * Performs IPv4 route table lookup on @dst. Returns 0 on success. 11765ff3638SAlexander V. Chernikov * Stores nexthop info provided @pnh4 structure. 11865ff3638SAlexander V. Chernikov * Note that 11965ff3638SAlexander V. Chernikov * - nh_ifp cannot be safely dereferenced 12065ff3638SAlexander V. Chernikov * - nh_ifp represents logical transmit interface (rt_ifp) (e.g. if 12165ff3638SAlexander V. Chernikov * looking up address on interface "ix0" pointer to "lo0" interface 12265ff3638SAlexander V. Chernikov * will be returned instead of "ix0") 12365ff3638SAlexander V. Chernikov * - nh_ifp represents "address" interface if NHR_IFAIF flag is passed 12465ff3638SAlexander V. Chernikov * - howewer mtu from "transmit" interface will be returned. 12565ff3638SAlexander V. Chernikov */ 12665ff3638SAlexander V. Chernikov int 12765ff3638SAlexander V. Chernikov fib4_lookup_nh_basic(uint32_t fibnum, struct in_addr dst, uint32_t flags, 12865ff3638SAlexander V. Chernikov uint32_t flowid, struct nhop4_basic *pnh4) 12965ff3638SAlexander V. Chernikov { 13020efcfc6SAndrey V. Elsukov RIB_RLOCK_TRACKER; 13161eee0e2SAlexander V. Chernikov struct rib_head *rh; 13265ff3638SAlexander V. Chernikov struct radix_node *rn; 13365ff3638SAlexander V. Chernikov struct sockaddr_in sin; 134a6663252SAlexander V. Chernikov struct nhop_object *nh; 13565ff3638SAlexander V. Chernikov 13665ff3638SAlexander V. Chernikov KASSERT((fibnum < rt_numfibs), ("fib4_lookup_nh_basic: bad fibnum")); 13765ff3638SAlexander V. Chernikov rh = rt_tables_get_rnh(fibnum, AF_INET); 13865ff3638SAlexander V. Chernikov if (rh == NULL) 13965ff3638SAlexander V. Chernikov return (ENOENT); 14065ff3638SAlexander V. Chernikov 14165ff3638SAlexander V. Chernikov /* Prepare lookup key */ 14265ff3638SAlexander V. Chernikov memset(&sin, 0, sizeof(sin)); 14365ff3638SAlexander V. Chernikov sin.sin_len = sizeof(struct sockaddr_in); 14465ff3638SAlexander V. Chernikov sin.sin_addr = dst; 14565ff3638SAlexander V. Chernikov 14661eee0e2SAlexander V. Chernikov RIB_RLOCK(rh); 14761eee0e2SAlexander V. Chernikov rn = rh->rnh_matchaddr((void *)&sin, &rh->head); 14865ff3638SAlexander V. Chernikov if (rn != NULL && ((rn->rn_flags & RNF_ROOT) == 0)) { 149a6663252SAlexander V. Chernikov nh = RNTORT(rn)->rt_nhop; 15065ff3638SAlexander V. Chernikov /* Ensure route & ifp is UP */ 151a6663252SAlexander V. Chernikov if (RT_LINK_IS_UP(nh->nh_ifp)) { 152a6663252SAlexander V. Chernikov fib4_rte_to_nh_basic(nh, dst, flags, pnh4); 15361eee0e2SAlexander V. Chernikov RIB_RUNLOCK(rh); 15465ff3638SAlexander V. Chernikov 15565ff3638SAlexander V. Chernikov return (0); 15665ff3638SAlexander V. Chernikov } 15765ff3638SAlexander V. Chernikov } 15861eee0e2SAlexander V. Chernikov RIB_RUNLOCK(rh); 15965ff3638SAlexander V. Chernikov 16065ff3638SAlexander V. Chernikov return (ENOENT); 16165ff3638SAlexander V. Chernikov } 16265ff3638SAlexander V. Chernikov 16365ff3638SAlexander V. Chernikov /* 16465ff3638SAlexander V. Chernikov * Performs IPv4 route table lookup on @dst. Returns 0 on success. 16565ff3638SAlexander V. Chernikov * Stores extende nexthop info provided @pnh4 structure. 16665ff3638SAlexander V. Chernikov * Note that 16765ff3638SAlexander V. Chernikov * - nh_ifp cannot be safely dereferenced unless NHR_REF is specified. 16865ff3638SAlexander V. Chernikov * - in that case you need to call fib4_free_nh_ext() 16965ff3638SAlexander V. Chernikov * - nh_ifp represents logical transmit interface (rt_ifp) (e.g. if 17065ff3638SAlexander V. Chernikov * looking up address of interface "ix0" pointer to "lo0" interface 17165ff3638SAlexander V. Chernikov * will be returned instead of "ix0") 17265ff3638SAlexander V. Chernikov * - nh_ifp represents "address" interface if NHR_IFAIF flag is passed 17365ff3638SAlexander V. Chernikov * - howewer mtu from "transmit" interface will be returned. 17465ff3638SAlexander V. Chernikov */ 17565ff3638SAlexander V. Chernikov int 17665d28729SAlexander V. Chernikov fib4_lookup_nh_ext(uint32_t fibnum, struct in_addr dst, uint32_t flags, 17765d28729SAlexander V. Chernikov uint32_t flowid, struct nhop4_extended *pnh4) 17865ff3638SAlexander V. Chernikov { 17920efcfc6SAndrey V. Elsukov RIB_RLOCK_TRACKER; 18061eee0e2SAlexander V. Chernikov struct rib_head *rh; 18165ff3638SAlexander V. Chernikov struct radix_node *rn; 18265ff3638SAlexander V. Chernikov struct sockaddr_in sin; 18365ff3638SAlexander V. Chernikov struct rtentry *rte; 184a6663252SAlexander V. Chernikov struct nhop_object *nh; 18565ff3638SAlexander V. Chernikov 18665ff3638SAlexander V. Chernikov KASSERT((fibnum < rt_numfibs), ("fib4_lookup_nh_ext: bad fibnum")); 18765ff3638SAlexander V. Chernikov rh = rt_tables_get_rnh(fibnum, AF_INET); 18865ff3638SAlexander V. Chernikov if (rh == NULL) 18965ff3638SAlexander V. Chernikov return (ENOENT); 19065ff3638SAlexander V. Chernikov 19165ff3638SAlexander V. Chernikov /* Prepare lookup key */ 19265ff3638SAlexander V. Chernikov memset(&sin, 0, sizeof(sin)); 19365ff3638SAlexander V. Chernikov sin.sin_len = sizeof(struct sockaddr_in); 19465ff3638SAlexander V. Chernikov sin.sin_addr = dst; 19565ff3638SAlexander V. Chernikov 19661eee0e2SAlexander V. Chernikov RIB_RLOCK(rh); 19761eee0e2SAlexander V. Chernikov rn = rh->rnh_matchaddr((void *)&sin, &rh->head); 19865ff3638SAlexander V. Chernikov if (rn != NULL && ((rn->rn_flags & RNF_ROOT) == 0)) { 19965ff3638SAlexander V. Chernikov rte = RNTORT(rn); 20059747033SAlexander V. Chernikov #ifdef RADIX_MPATH 20159747033SAlexander V. Chernikov rte = rt_mpath_select(rte, flowid); 20259747033SAlexander V. Chernikov if (rte == NULL) { 20361eee0e2SAlexander V. Chernikov RIB_RUNLOCK(rh); 20459747033SAlexander V. Chernikov return (ENOENT); 20559747033SAlexander V. Chernikov } 20659747033SAlexander V. Chernikov #endif 207a6663252SAlexander V. Chernikov nh = rte->rt_nhop; 20865ff3638SAlexander V. Chernikov /* Ensure route & ifp is UP */ 209a6663252SAlexander V. Chernikov if (RT_LINK_IS_UP(nh->nh_ifp)) { 210a6663252SAlexander V. Chernikov fib4_rte_to_nh_extended(nh, dst, flags, pnh4); 21165ff3638SAlexander V. Chernikov if ((flags & NHR_REF) != 0) { 21265ff3638SAlexander V. Chernikov /* TODO: lwref on egress ifp's ? */ 21365ff3638SAlexander V. Chernikov } 21461eee0e2SAlexander V. Chernikov RIB_RUNLOCK(rh); 21565ff3638SAlexander V. Chernikov 21665ff3638SAlexander V. Chernikov return (0); 21765ff3638SAlexander V. Chernikov } 21865ff3638SAlexander V. Chernikov } 21961eee0e2SAlexander V. Chernikov RIB_RUNLOCK(rh); 22065ff3638SAlexander V. Chernikov 22165ff3638SAlexander V. Chernikov return (ENOENT); 22265ff3638SAlexander V. Chernikov } 22365ff3638SAlexander V. Chernikov 22465ff3638SAlexander V. Chernikov void 22565ff3638SAlexander V. Chernikov fib4_free_nh_ext(uint32_t fibnum, struct nhop4_extended *pnh4) 22665ff3638SAlexander V. Chernikov { 22765ff3638SAlexander V. Chernikov 22865ff3638SAlexander V. Chernikov } 22965ff3638SAlexander V. Chernikov 230a6663252SAlexander V. Chernikov /* 231a6663252SAlexander V. Chernikov * Looks up path in fib @fibnum specified by @dst. 232a6663252SAlexander V. Chernikov * Returns path nexthop on success. Nexthop is safe to use 233a6663252SAlexander V. Chernikov * within the current network epoch. If longer lifetime is required, 234a6663252SAlexander V. Chernikov * one needs to pass NHR_REF as a flag. This will return referenced 235a6663252SAlexander V. Chernikov * nexthop. 236a6663252SAlexander V. Chernikov */ 237a6663252SAlexander V. Chernikov struct nhop_object * 238a6663252SAlexander V. Chernikov fib4_lookup(uint32_t fibnum, struct in_addr dst, uint32_t scopeid, 239a6663252SAlexander V. Chernikov uint32_t flags, uint32_t flowid) 240a6663252SAlexander V. Chernikov { 241a6663252SAlexander V. Chernikov RIB_RLOCK_TRACKER; 242a6663252SAlexander V. Chernikov struct rib_head *rh; 243a6663252SAlexander V. Chernikov struct radix_node *rn; 244a6663252SAlexander V. Chernikov struct rtentry *rt; 245a6663252SAlexander V. Chernikov struct nhop_object *nh; 246a6663252SAlexander V. Chernikov 247a6663252SAlexander V. Chernikov KASSERT((fibnum < rt_numfibs), ("fib4_lookup: bad fibnum")); 248a6663252SAlexander V. Chernikov rh = rt_tables_get_rnh(fibnum, AF_INET); 249a6663252SAlexander V. Chernikov if (rh == NULL) 250a6663252SAlexander V. Chernikov return (NULL); 251a6663252SAlexander V. Chernikov 252a6663252SAlexander V. Chernikov /* Prepare lookup key */ 253a6663252SAlexander V. Chernikov struct sockaddr_in sin4; 254a6663252SAlexander V. Chernikov memset(&sin4, 0, sizeof(sin4)); 255a6663252SAlexander V. Chernikov sin4.sin_family = AF_INET; 256a6663252SAlexander V. Chernikov sin4.sin_len = sizeof(struct sockaddr_in); 257a6663252SAlexander V. Chernikov sin4.sin_addr = dst; 258a6663252SAlexander V. Chernikov 259a6663252SAlexander V. Chernikov nh = NULL; 260a6663252SAlexander V. Chernikov RIB_RLOCK(rh); 261a6663252SAlexander V. Chernikov rn = rh->rnh_matchaddr((void *)&sin4, &rh->head); 262a6663252SAlexander V. Chernikov if (rn != NULL && ((rn->rn_flags & RNF_ROOT) == 0)) { 263a6663252SAlexander V. Chernikov rt = RNTORT(rn); 264a6663252SAlexander V. Chernikov #ifdef RADIX_MPATH 265a6663252SAlexander V. Chernikov if (rt_mpath_next(rt) != NULL) 266a6663252SAlexander V. Chernikov rt = rt_mpath_selectrte(rt, flowid); 267a6663252SAlexander V. Chernikov #endif 268a6663252SAlexander V. Chernikov nh = rt->rt_nhop; 269a6663252SAlexander V. Chernikov /* Ensure route & ifp is UP */ 270a6663252SAlexander V. Chernikov if (RT_LINK_IS_UP(nh->nh_ifp)) { 271a6663252SAlexander V. Chernikov if (flags & NHR_REF) 272a6663252SAlexander V. Chernikov nhop_ref_object(nh); 273a6663252SAlexander V. Chernikov RIB_RUNLOCK(rh); 274a6663252SAlexander V. Chernikov return (nh); 275a6663252SAlexander V. Chernikov } 276a6663252SAlexander V. Chernikov } 277a6663252SAlexander V. Chernikov RIB_RUNLOCK(rh); 278a6663252SAlexander V. Chernikov 279a6663252SAlexander V. Chernikov RTSTAT_INC(rts_unreach); 280a6663252SAlexander V. Chernikov return (NULL); 281a6663252SAlexander V. Chernikov } 282a6663252SAlexander V. Chernikov 283a6663252SAlexander V. Chernikov inline static int 284a6663252SAlexander V. Chernikov check_urpf(const struct nhop_object *nh, uint32_t flags, 285a6663252SAlexander V. Chernikov const struct ifnet *src_if) 286a6663252SAlexander V. Chernikov { 287a6663252SAlexander V. Chernikov 288a6663252SAlexander V. Chernikov if (src_if != NULL && nh->nh_aifp == src_if) { 289a6663252SAlexander V. Chernikov return (1); 290a6663252SAlexander V. Chernikov } 291a6663252SAlexander V. Chernikov if (src_if == NULL) { 292a6663252SAlexander V. Chernikov if ((flags & NHR_NODEFAULT) == 0) 293a6663252SAlexander V. Chernikov return (1); 294a6663252SAlexander V. Chernikov else if ((nh->nh_flags & NHF_DEFAULT) == 0) 295a6663252SAlexander V. Chernikov return (1); 296a6663252SAlexander V. Chernikov } 297a6663252SAlexander V. Chernikov 298a6663252SAlexander V. Chernikov return (0); 299a6663252SAlexander V. Chernikov } 300a6663252SAlexander V. Chernikov 301a6663252SAlexander V. Chernikov #ifdef RADIX_MPATH 302a6663252SAlexander V. Chernikov inline static int 303a6663252SAlexander V. Chernikov check_urpf_mpath(struct rtentry *rt, uint32_t flags, 304a6663252SAlexander V. Chernikov const struct ifnet *src_if) 305a6663252SAlexander V. Chernikov { 306a6663252SAlexander V. Chernikov 307a6663252SAlexander V. Chernikov while (rt != NULL) { 308a6663252SAlexander V. Chernikov if (check_urpf(rt->rt_nhop, flags, src_if) != 0) 309a6663252SAlexander V. Chernikov return (1); 310a6663252SAlexander V. Chernikov rt = rt_mpath_next(rt); 311a6663252SAlexander V. Chernikov } 312a6663252SAlexander V. Chernikov 313a6663252SAlexander V. Chernikov return (0); 314a6663252SAlexander V. Chernikov } 315a6663252SAlexander V. Chernikov #endif 316a6663252SAlexander V. Chernikov 317a6663252SAlexander V. Chernikov /* 318a6663252SAlexander V. Chernikov * Performs reverse path forwarding lookup. 319a6663252SAlexander V. Chernikov * If @src_if is non-zero, verifies that at least 1 path goes via 320a6663252SAlexander V. Chernikov * this interface. 321a6663252SAlexander V. Chernikov * If @src_if is zero, verifies that route exist. 322a6663252SAlexander V. Chernikov * if @flags contains NHR_NOTDEFAULT, do not consider default route. 323a6663252SAlexander V. Chernikov * 324a6663252SAlexander V. Chernikov * Returns 1 if route matching conditions is found, 0 otherwise. 325a6663252SAlexander V. Chernikov */ 326a6663252SAlexander V. Chernikov int 327a6663252SAlexander V. Chernikov fib4_check_urpf(uint32_t fibnum, struct in_addr dst, uint32_t scopeid, 328a6663252SAlexander V. Chernikov uint32_t flags, const struct ifnet *src_if) 329a6663252SAlexander V. Chernikov { 330a6663252SAlexander V. Chernikov RIB_RLOCK_TRACKER; 331a6663252SAlexander V. Chernikov struct rib_head *rh; 332a6663252SAlexander V. Chernikov struct radix_node *rn; 333a6663252SAlexander V. Chernikov struct rtentry *rt; 334a6663252SAlexander V. Chernikov int ret; 335a6663252SAlexander V. Chernikov 336a6663252SAlexander V. Chernikov KASSERT((fibnum < rt_numfibs), ("fib4_check_urpf: bad fibnum")); 337a6663252SAlexander V. Chernikov rh = rt_tables_get_rnh(fibnum, AF_INET); 338a6663252SAlexander V. Chernikov if (rh == NULL) 339a6663252SAlexander V. Chernikov return (0); 340a6663252SAlexander V. Chernikov 341a6663252SAlexander V. Chernikov /* Prepare lookup key */ 342a6663252SAlexander V. Chernikov struct sockaddr_in sin4; 343a6663252SAlexander V. Chernikov memset(&sin4, 0, sizeof(sin4)); 344a6663252SAlexander V. Chernikov sin4.sin_len = sizeof(struct sockaddr_in); 345a6663252SAlexander V. Chernikov sin4.sin_addr = dst; 346a6663252SAlexander V. Chernikov 347a6663252SAlexander V. Chernikov RIB_RLOCK(rh); 348a6663252SAlexander V. Chernikov rn = rh->rnh_matchaddr((void *)&sin4, &rh->head); 349a6663252SAlexander V. Chernikov if (rn != NULL && ((rn->rn_flags & RNF_ROOT) == 0)) { 350a6663252SAlexander V. Chernikov rt = RNTORT(rn); 351a6663252SAlexander V. Chernikov #ifdef RADIX_MPATH 352a6663252SAlexander V. Chernikov ret = check_urpf_mpath(rt, flags, src_if); 353a6663252SAlexander V. Chernikov #else 354a6663252SAlexander V. Chernikov ret = check_urpf(rt->rt_nhop, flags, src_if); 355a6663252SAlexander V. Chernikov #endif 356a6663252SAlexander V. Chernikov RIB_RUNLOCK(rh); 357a6663252SAlexander V. Chernikov return (ret); 358a6663252SAlexander V. Chernikov } 359a6663252SAlexander V. Chernikov RIB_RUNLOCK(rh); 360a6663252SAlexander V. Chernikov 361a6663252SAlexander V. Chernikov return (0); 362a6663252SAlexander V. Chernikov } 363a6663252SAlexander V. Chernikov 36455f57ca9SAlexander V. Chernikov struct nhop_object * 36555f57ca9SAlexander V. Chernikov fib4_lookup_debugnet(uint32_t fibnum, struct in_addr dst, uint32_t scopeid, 36655f57ca9SAlexander V. Chernikov uint32_t flags) 36755f57ca9SAlexander V. Chernikov { 36855f57ca9SAlexander V. Chernikov struct rib_head *rh; 36955f57ca9SAlexander V. Chernikov struct radix_node *rn; 37055f57ca9SAlexander V. Chernikov struct rtentry *rt; 37155f57ca9SAlexander V. Chernikov struct nhop_object *nh; 37255f57ca9SAlexander V. Chernikov 37355f57ca9SAlexander V. Chernikov KASSERT((fibnum < rt_numfibs), ("fib4_lookup_debugnet: bad fibnum")); 37455f57ca9SAlexander V. Chernikov rh = rt_tables_get_rnh(fibnum, AF_INET); 37555f57ca9SAlexander V. Chernikov if (rh == NULL) 37655f57ca9SAlexander V. Chernikov return (NULL); 37755f57ca9SAlexander V. Chernikov 37855f57ca9SAlexander V. Chernikov /* Prepare lookup key */ 37955f57ca9SAlexander V. Chernikov struct sockaddr_in sin4; 38055f57ca9SAlexander V. Chernikov memset(&sin4, 0, sizeof(sin4)); 38155f57ca9SAlexander V. Chernikov sin4.sin_family = AF_INET; 38255f57ca9SAlexander V. Chernikov sin4.sin_len = sizeof(struct sockaddr_in); 38355f57ca9SAlexander V. Chernikov sin4.sin_addr = dst; 38455f57ca9SAlexander V. Chernikov 38555f57ca9SAlexander V. Chernikov nh = NULL; 38655f57ca9SAlexander V. Chernikov /* unlocked lookup */ 38755f57ca9SAlexander V. Chernikov rn = rh->rnh_matchaddr((void *)&sin4, &rh->head); 38855f57ca9SAlexander V. Chernikov if (rn != NULL && ((rn->rn_flags & RNF_ROOT) == 0)) { 38955f57ca9SAlexander V. Chernikov rt = RNTORT(rn); 39055f57ca9SAlexander V. Chernikov #ifdef RADIX_MPATH 39155f57ca9SAlexander V. Chernikov if (rt_mpath_next(rt) != NULL) 39255f57ca9SAlexander V. Chernikov rt = rt_mpath_selectrte(rt, 0); 39355f57ca9SAlexander V. Chernikov #endif 39455f57ca9SAlexander V. Chernikov nh = rt->rt_nhop; 39555f57ca9SAlexander V. Chernikov /* Ensure route & ifp is UP */ 39655f57ca9SAlexander V. Chernikov if (RT_LINK_IS_UP(nh->nh_ifp)) { 39755f57ca9SAlexander V. Chernikov if (flags & NHR_REF) 39855f57ca9SAlexander V. Chernikov nhop_ref_object(nh); 39955f57ca9SAlexander V. Chernikov return (nh); 40055f57ca9SAlexander V. Chernikov } 40155f57ca9SAlexander V. Chernikov } 40255f57ca9SAlexander V. Chernikov 40355f57ca9SAlexander V. Chernikov return (NULL); 40455f57ca9SAlexander V. Chernikov } 40555f57ca9SAlexander V. Chernikov 40665ff3638SAlexander V. Chernikov #endif 407