1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved 24 * 25 * Copyright 2011 Nexenta Systems, Inc. All rights reserved. 26 * Copyright 2019 Joyent, Inc. 27 * Copyright 2024 Oxide Computer Company 28 */ 29 /* Copyright (c) 1990 Mentat Inc. */ 30 31 #include <sys/types.h> 32 #include <sys/stream.h> 33 #include <sys/dlpi.h> 34 #include <sys/stropts.h> 35 #include <sys/sysmacros.h> 36 #include <sys/strsubr.h> 37 #include <sys/strlog.h> 38 #include <sys/strsun.h> 39 #include <sys/zone.h> 40 #define _SUN_TPI_VERSION 2 41 #include <sys/tihdr.h> 42 #include <sys/xti_inet.h> 43 #include <sys/ddi.h> 44 #include <sys/sunddi.h> 45 #include <sys/cmn_err.h> 46 #include <sys/debug.h> 47 #include <sys/kobj.h> 48 #include <sys/modctl.h> 49 #include <sys/atomic.h> 50 #include <sys/policy.h> 51 #include <sys/priv.h> 52 53 #include <sys/systm.h> 54 #include <sys/param.h> 55 #include <sys/kmem.h> 56 #include <sys/sdt.h> 57 #include <sys/socket.h> 58 #include <sys/vtrace.h> 59 #include <sys/isa_defs.h> 60 #include <sys/mac.h> 61 #include <net/if.h> 62 #include <net/if_arp.h> 63 #include <net/route.h> 64 #include <sys/sockio.h> 65 #include <netinet/in.h> 66 #include <net/if_dl.h> 67 68 #include <inet/common.h> 69 #include <inet/mi.h> 70 #include <inet/mib2.h> 71 #include <inet/nd.h> 72 #include <inet/arp.h> 73 #include <inet/snmpcom.h> 74 #include <inet/kstatcom.h> 75 76 #include <netinet/igmp_var.h> 77 #include <netinet/ip6.h> 78 #include <netinet/icmp6.h> 79 #include <netinet/sctp.h> 80 81 #include <inet/ip.h> 82 #include <inet/ip_impl.h> 83 #include <inet/ip6.h> 84 #include <inet/ip6_asp.h> 85 #include <inet/optcom.h> 86 #include <inet/tcp.h> 87 #include <inet/tcp_impl.h> 88 #include <inet/ip_multi.h> 89 #include <inet/ip_if.h> 90 #include <inet/ip_ire.h> 91 #include <inet/ip_ftable.h> 92 #include <inet/ip_rts.h> 93 #include <inet/ip_ndp.h> 94 #include <inet/ip_listutils.h> 95 #include <netinet/igmp.h> 96 #include <netinet/ip_mroute.h> 97 #include <inet/ipp_common.h> 98 99 #include <net/pfkeyv2.h> 100 #include <inet/sadb.h> 101 #include <inet/ipsec_impl.h> 102 #include <inet/ipdrop.h> 103 #include <inet/ip_netinfo.h> 104 #include <inet/ilb_ip.h> 105 #include <sys/squeue_impl.h> 106 #include <sys/squeue.h> 107 108 #include <sys/ethernet.h> 109 #include <net/if_types.h> 110 #include <sys/cpuvar.h> 111 112 #include <ipp/ipp.h> 113 #include <ipp/ipp_impl.h> 114 #include <ipp/ipgpc/ipgpc.h> 115 116 #include <sys/pattr.h> 117 #include <inet/ipclassifier.h> 118 #include <inet/sctp_ip.h> 119 #include <inet/sctp/sctp_impl.h> 120 #include <inet/udp_impl.h> 121 #include <sys/sunddi.h> 122 123 #include <sys/tsol/label.h> 124 #include <sys/tsol/tnet.h> 125 126 #include <sys/clock_impl.h> /* For LBOLT_FASTPATH{,64} */ 127 128 #ifdef DEBUG 129 extern boolean_t skip_sctp_cksum; 130 #endif 131 132 static void ip_input_local_v6(ire_t *, mblk_t *, ip6_t *, ip_recv_attr_t *); 133 134 static void ip_input_multicast_v6(ire_t *, mblk_t *, ip6_t *, 135 ip_recv_attr_t *); 136 137 /* 138 * Direct read side procedure capable of dealing with chains. GLDv3 based 139 * drivers call this function directly with mblk chains while STREAMS 140 * read side procedure ip_rput() calls this for single packet with ip_ring 141 * set to NULL to process one packet at a time. 142 * 143 * The ill will always be valid if this function is called directly from 144 * the driver. 145 * 146 * If this chain is part of a VLAN stream, then the VLAN tag is 147 * stripped from the MAC header before being delivered to this 148 * function. 149 * 150 * If the IP header in packet is not 32-bit aligned, every message in the 151 * chain will be aligned before further operations. This is required on SPARC 152 * platform. 153 */ 154 void 155 ip_input_v6(ill_t *ill, ill_rx_ring_t *ip_ring, mblk_t *mp_chain, 156 struct mac_header_info_s *mhip) 157 { 158 (void) ip_input_common_v6(ill, ip_ring, mp_chain, mhip, NULL, NULL, 159 NULL); 160 } 161 162 /* 163 * ip_accept_tcp_v6() - This function is called by the squeue when it retrieves 164 * a chain of packets in the poll mode. The packets have gone through the 165 * data link processing but not IP processing. For performance and latency 166 * reasons, the squeue wants to process the chain in line instead of feeding 167 * it back via ip_input path. 168 * 169 * We set up the ip_recv_attr_t with IRAF_TARGET_SQP to that ip_fanout_v6 170 * will pass back any TCP packets matching the target sqp to 171 * ip_input_common_v6 using ira_target_sqp_mp. Other packets are handled by 172 * ip_input_v6 and ip_fanout_v6 as normal. 173 * The TCP packets that match the target squeue are returned to the caller 174 * as a b_next chain after each packet has been prepend with an mblk 175 * from ip_recv_attr_to_mblk. 176 */ 177 mblk_t * 178 ip_accept_tcp_v6(ill_t *ill, ill_rx_ring_t *ip_ring, squeue_t *target_sqp, 179 mblk_t *mp_chain, mblk_t **last, uint_t *cnt) 180 { 181 return (ip_input_common_v6(ill, ip_ring, mp_chain, NULL, target_sqp, 182 last, cnt)); 183 } 184 185 /* 186 * Used by ip_input_v6 and ip_accept_tcp_v6 187 * The last three arguments are only used by ip_accept_tcp_v6, and mhip is 188 * only used by ip_input_v6. 189 */ 190 mblk_t * 191 ip_input_common_v6(ill_t *ill, ill_rx_ring_t *ip_ring, mblk_t *mp_chain, 192 struct mac_header_info_s *mhip, squeue_t *target_sqp, 193 mblk_t **last, uint_t *cnt) 194 { 195 mblk_t *mp; 196 ip6_t *ip6h; 197 ip_recv_attr_t iras; /* Receive attributes */ 198 rtc_t rtc; 199 iaflags_t chain_flags = 0; /* Fixed for chain */ 200 mblk_t *ahead = NULL; /* Accepted head */ 201 mblk_t *atail = NULL; /* Accepted tail */ 202 uint_t acnt = 0; /* Accepted count */ 203 204 ASSERT(mp_chain != NULL); 205 ASSERT(ill != NULL); 206 207 /* These ones do not change as we loop over packets */ 208 iras.ira_ill = iras.ira_rill = ill; 209 iras.ira_ruifindex = ill->ill_phyint->phyint_ifindex; 210 iras.ira_rifindex = iras.ira_ruifindex; 211 iras.ira_sqp = NULL; 212 iras.ira_ring = ip_ring; 213 /* For ECMP and outbound transmit ring selection */ 214 iras.ira_xmit_hint = ILL_RING_TO_XMIT_HINT(ip_ring); 215 216 iras.ira_target_sqp = target_sqp; 217 iras.ira_target_sqp_mp = NULL; 218 if (target_sqp != NULL) 219 chain_flags |= IRAF_TARGET_SQP; 220 221 /* 222 * We try to have a mhip pointer when possible, but 223 * it might be NULL in some cases. In those cases we 224 * have to assume unicast. 225 */ 226 iras.ira_mhip = mhip; 227 iras.ira_flags = 0; 228 if (mhip != NULL) { 229 switch (mhip->mhi_dsttype) { 230 case MAC_ADDRTYPE_MULTICAST : 231 chain_flags |= IRAF_L2DST_MULTICAST; 232 break; 233 case MAC_ADDRTYPE_BROADCAST : 234 chain_flags |= IRAF_L2DST_BROADCAST; 235 break; 236 } 237 } 238 239 /* 240 * Initialize the one-element route cache. 241 * 242 * We do ire caching from one iteration to 243 * another. In the event the packet chain contains 244 * all packets from the same dst, this caching saves 245 * an ire_route_recursive for each of the succeeding 246 * packets in a packet chain. 247 */ 248 rtc.rtc_ire = NULL; 249 rtc.rtc_ip6addr = ipv6_all_zeros; 250 251 /* Loop over b_next */ 252 for (mp = mp_chain; mp != NULL; mp = mp_chain) { 253 mp_chain = mp->b_next; 254 mp->b_next = NULL; 255 256 /* 257 * if db_ref > 1 then copymsg and free original. Packet 258 * may be changed and we do not want the other entity 259 * who has a reference to this message to trip over the 260 * changes. This is a blind change because trying to 261 * catch all places that might change the packet is too 262 * difficult. 263 * 264 * This corresponds to the fast path case, where we have 265 * a chain of M_DATA mblks. We check the db_ref count 266 * of only the 1st data block in the mblk chain. There 267 * doesn't seem to be a reason why a device driver would 268 * send up data with varying db_ref counts in the mblk 269 * chain. In any case the Fast path is a private 270 * interface, and our drivers don't do such a thing. 271 * Given the above assumption, there is no need to walk 272 * down the entire mblk chain (which could have a 273 * potential performance problem) 274 * 275 * The "(DB_REF(mp) > 1)" check was moved from ip_rput() 276 * to here because of exclusive ip stacks and vnics. 277 * Packets transmitted from exclusive stack over vnic 278 * can have db_ref > 1 and when it gets looped back to 279 * another vnic in a different zone, you have ip_input() 280 * getting dblks with db_ref > 1. So if someone 281 * complains of TCP performance under this scenario, 282 * take a serious look here on the impact of copymsg(). 283 */ 284 if (DB_REF(mp) > 1) { 285 if ((mp = ip_fix_dbref(mp, &iras)) == NULL) 286 continue; 287 } 288 289 /* 290 * IP header ptr not aligned? 291 * OR IP header not complete in first mblk 292 */ 293 ip6h = (ip6_t *)mp->b_rptr; 294 if (!OK_32PTR(ip6h) || MBLKL(mp) < IPV6_HDR_LEN) { 295 mp = ip_check_and_align_header(mp, IPV6_HDR_LEN, &iras); 296 if (mp == NULL) 297 continue; 298 ip6h = (ip6_t *)mp->b_rptr; 299 } 300 301 /* Protect against a mix of Ethertypes and IP versions */ 302 if (IPH_HDR_VERSION(ip6h) != IPV6_VERSION) { 303 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors); 304 ip_drop_input("ipIfStatsInHdrErrors", mp, ill); 305 freemsg(mp); 306 /* mhip might point into 1st packet in the chain. */ 307 iras.ira_mhip = NULL; 308 continue; 309 } 310 311 /* 312 * Check for Martian addrs; we have to explicitly 313 * test for for zero dst since this is also used as 314 * an indication that the rtc is not used. 315 */ 316 if (IN6_IS_ADDR_UNSPECIFIED(&ip6h->ip6_dst)) { 317 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInAddrErrors); 318 ip_drop_input("ipIfStatsInAddrErrors", mp, ill); 319 freemsg(mp); 320 /* mhip might point into 1st packet in the chain. */ 321 iras.ira_mhip = NULL; 322 continue; 323 } 324 /* 325 * Keep L2SRC from a previous packet in chain since mhip 326 * might point into an earlier packet in the chain. 327 */ 328 chain_flags |= (iras.ira_flags & IRAF_L2SRC_SET); 329 330 iras.ira_flags = IRAF_VERIFY_ULP_CKSUM | chain_flags; 331 iras.ira_free_flags = 0; 332 iras.ira_cred = NULL; 333 iras.ira_cpid = NOPID; 334 iras.ira_tsl = NULL; 335 iras.ira_zoneid = ALL_ZONES; /* Default for forwarding */ 336 337 /* 338 * We must count all incoming packets, even if they end 339 * up being dropped later on. Defer counting bytes until 340 * we have the whole IP header in first mblk. 341 */ 342 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInReceives); 343 344 iras.ira_pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 345 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCInOctets, 346 iras.ira_pktlen); 347 iras.ira_ttl = ip6h->ip6_hlim; 348 349 /* 350 * Call one of: 351 * ill_input_full_v6 352 * ill_input_short_v6 353 * The former is used in the case of TX. See ill_set_inputfn(). 354 */ 355 (*ill->ill_inputfn)(mp, ip6h, &ip6h->ip6_dst, &iras, &rtc); 356 357 /* Any references to clean up? No hold on ira_ill */ 358 if (iras.ira_flags & (IRAF_IPSEC_SECURE|IRAF_SYSTEM_LABELED)) 359 ira_cleanup(&iras, B_FALSE); 360 361 if (iras.ira_target_sqp_mp != NULL) { 362 /* Better be called from ip_accept_tcp */ 363 ASSERT(target_sqp != NULL); 364 365 /* Found one packet to accept */ 366 mp = iras.ira_target_sqp_mp; 367 iras.ira_target_sqp_mp = NULL; 368 ASSERT(ip_recv_attr_is_mblk(mp)); 369 370 if (atail != NULL) 371 atail->b_next = mp; 372 else 373 ahead = mp; 374 atail = mp; 375 acnt++; 376 mp = NULL; 377 } 378 /* mhip might point into 1st packet in the chain. */ 379 iras.ira_mhip = NULL; 380 } 381 /* Any remaining references to the route cache? */ 382 if (rtc.rtc_ire != NULL) { 383 ASSERT(!IN6_IS_ADDR_UNSPECIFIED(&rtc.rtc_ip6addr)); 384 ire_refrele(rtc.rtc_ire); 385 } 386 387 if (ahead != NULL) { 388 /* Better be called from ip_accept_tcp */ 389 ASSERT(target_sqp != NULL); 390 *last = atail; 391 *cnt = acnt; 392 return (ahead); 393 } 394 395 return (NULL); 396 } 397 398 /* 399 * This input function is used when 400 * - is_system_labeled() 401 * 402 * Note that for IPv6 CGTP filtering is handled only when receiving fragment 403 * headers, and RSVP uses router alert options, thus we don't need anything 404 * extra for them. 405 */ 406 void 407 ill_input_full_v6(mblk_t *mp, void *iph_arg, void *nexthop_arg, 408 ip_recv_attr_t *ira, rtc_t *rtc) 409 { 410 ip6_t *ip6h = (ip6_t *)iph_arg; 411 in6_addr_t *nexthop = (in6_addr_t *)nexthop_arg; 412 ill_t *ill = ira->ira_ill; 413 414 ASSERT(ira->ira_tsl == NULL); 415 416 /* 417 * Attach any necessary label information to 418 * this packet 419 */ 420 if (is_system_labeled()) { 421 ira->ira_flags |= IRAF_SYSTEM_LABELED; 422 423 /* 424 * This updates ira_cred, ira_tsl and ira_free_flags based 425 * on the label. 426 */ 427 if (!tsol_get_pkt_label(mp, IPV6_VERSION, ira)) { 428 if (ip6opt_ls != 0) 429 ip0dbg(("tsol_get_pkt_label v6 failed\n")); 430 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 431 ip_drop_input("ipIfStatsInDiscards", mp, ill); 432 freemsg(mp); 433 return; 434 } 435 /* Note that ira_tsl can be NULL here. */ 436 437 /* tsol_get_pkt_label sometimes does pullupmsg */ 438 ip6h = (ip6_t *)mp->b_rptr; 439 } 440 ill_input_short_v6(mp, ip6h, nexthop, ira, rtc); 441 } 442 443 /* 444 * Check for IPv6 addresses that should not appear on the wire 445 * as either source or destination. 446 * If we ever implement Stateless IPv6 Translators (SIIT) we'd have 447 * to revisit the IPv4-mapped part. 448 */ 449 static boolean_t 450 ip6_bad_address(in6_addr_t *addr, boolean_t is_src) 451 { 452 if (IN6_IS_ADDR_V4MAPPED(addr)) { 453 ip1dbg(("ip_input_v6: pkt with IPv4-mapped addr")); 454 return (B_TRUE); 455 } 456 if (IN6_IS_ADDR_LOOPBACK(addr)) { 457 ip1dbg(("ip_input_v6: pkt with loopback addr")); 458 return (B_TRUE); 459 } 460 if (!is_src && IN6_IS_ADDR_UNSPECIFIED(addr)) { 461 /* 462 * having :: in the src is ok: it's used for DAD. 463 */ 464 ip1dbg(("ip_input_v6: pkt with unspecified addr")); 465 return (B_TRUE); 466 } 467 return (B_FALSE); 468 } 469 470 /* 471 * Routing lookup for IPv6 link-locals. 472 * First we look on the inbound interface, then we check for IPMP and 473 * look on the upper interface. 474 * We update ira_ruifindex if we find the IRE on the upper interface. 475 */ 476 static ire_t * 477 ire_linklocal(const in6_addr_t *nexthop, ill_t *ill, ip_recv_attr_t *ira, 478 uint_t irr_flags, ip_stack_t *ipst) 479 { 480 int match_flags = MATCH_IRE_SECATTR | MATCH_IRE_ILL; 481 ire_t *ire; 482 483 ASSERT(IN6_IS_ADDR_LINKLOCAL(nexthop)); 484 ire = ire_route_recursive_v6(nexthop, 0, ill, ALL_ZONES, ira->ira_tsl, 485 match_flags, irr_flags, ira->ira_xmit_hint, ipst, NULL, NULL, NULL); 486 if (!(ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) || 487 !IS_UNDER_IPMP(ill)) 488 return (ire); 489 490 /* 491 * When we are using IMP we need to look for an IRE on both the 492 * under and upper interfaces since there are different 493 * link-local addresses for the under and upper. 494 */ 495 ill = ipmp_ill_hold_ipmp_ill(ill); 496 if (ill == NULL) 497 return (ire); 498 499 ira->ira_ruifindex = ill->ill_phyint->phyint_ifindex; 500 501 ire_refrele(ire); 502 ire = ire_route_recursive_v6(nexthop, 0, ill, ALL_ZONES, ira->ira_tsl, 503 match_flags, irr_flags, ira->ira_xmit_hint, ipst, NULL, NULL, NULL); 504 ill_refrele(ill); 505 return (ire); 506 } 507 508 /* 509 * This is the tail-end of the full receive side packet handling. 510 * It can be used directly when the configuration is simple. 511 */ 512 void 513 ill_input_short_v6(mblk_t *mp, void *iph_arg, void *nexthop_arg, 514 ip_recv_attr_t *ira, rtc_t *rtc) 515 { 516 ire_t *ire; 517 ill_t *ill = ira->ira_ill; 518 ip_stack_t *ipst = ill->ill_ipst; 519 uint_t pkt_len; 520 ssize_t len; 521 ip6_t *ip6h = (ip6_t *)iph_arg; 522 in6_addr_t nexthop = *(in6_addr_t *)nexthop_arg; 523 ilb_stack_t *ilbs = ipst->ips_netstack->netstack_ilb; 524 uint_t irr_flags; 525 #define rptr ((uchar_t *)ip6h) 526 527 ASSERT(DB_TYPE(mp) == M_DATA); 528 529 /* 530 * Check for source/dest being a bad address: loopback, any, or 531 * v4mapped. All of them start with a 64 bits of zero. 532 */ 533 if (ip6h->ip6_src.s6_addr32[0] == 0 && 534 ip6h->ip6_src.s6_addr32[1] == 0) { 535 if (ip6_bad_address(&ip6h->ip6_src, B_TRUE)) { 536 ip1dbg(("ip_input_v6: pkt with bad src addr\n")); 537 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInAddrErrors); 538 ip_drop_input("ipIfStatsInAddrErrors", mp, ill); 539 freemsg(mp); 540 return; 541 } 542 } 543 if (ip6h->ip6_dst.s6_addr32[0] == 0 && 544 ip6h->ip6_dst.s6_addr32[1] == 0) { 545 if (ip6_bad_address(&ip6h->ip6_dst, B_FALSE)) { 546 ip1dbg(("ip_input_v6: pkt with bad dst addr\n")); 547 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInAddrErrors); 548 ip_drop_input("ipIfStatsInAddrErrors", mp, ill); 549 freemsg(mp); 550 return; 551 } 552 } 553 554 len = mp->b_wptr - rptr; 555 pkt_len = ira->ira_pktlen; 556 557 /* multiple mblk or too short */ 558 len -= pkt_len; 559 if (len != 0) { 560 mp = ip_check_length(mp, rptr, len, pkt_len, IPV6_HDR_LEN, ira); 561 if (mp == NULL) 562 return; 563 ip6h = (ip6_t *)mp->b_rptr; 564 } 565 566 DTRACE_IP7(receive, mblk_t *, mp, conn_t *, NULL, void_ip_t *, 567 ip6h, __dtrace_ipsr_ill_t *, ill, ipha_t *, NULL, ip6_t *, ip6h, 568 int, 0); 569 /* 570 * The event for packets being received from a 'physical' 571 * interface is placed after validation of the source and/or 572 * destination address as being local so that packets can be 573 * redirected to loopback addresses using ipnat. 574 */ 575 DTRACE_PROBE4(ip6__physical__in__start, 576 ill_t *, ill, ill_t *, NULL, 577 ip6_t *, ip6h, mblk_t *, mp); 578 579 if (HOOKS6_INTERESTED_PHYSICAL_IN(ipst)) { 580 int ll_multicast = 0; 581 int error; 582 in6_addr_t orig_dst = ip6h->ip6_dst; 583 584 if (ira->ira_flags & IRAF_L2DST_MULTICAST) 585 ll_multicast = HPE_MULTICAST; 586 else if (ira->ira_flags & IRAF_L2DST_BROADCAST) 587 ll_multicast = HPE_BROADCAST; 588 589 FW_HOOKS6(ipst->ips_ip6_physical_in_event, 590 ipst->ips_ipv6firewall_physical_in, 591 ill, NULL, ip6h, mp, mp, ll_multicast, ipst, error); 592 593 DTRACE_PROBE1(ip6__physical__in__end, mblk_t *, mp); 594 595 if (mp == NULL) 596 return; 597 598 /* The length could have changed */ 599 ip6h = (ip6_t *)mp->b_rptr; 600 ira->ira_pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 601 pkt_len = ira->ira_pktlen; 602 603 /* 604 * In case the destination changed we override any previous 605 * change to nexthop. 606 */ 607 if (!IN6_ARE_ADDR_EQUAL(&orig_dst, &ip6h->ip6_dst)) 608 nexthop = ip6h->ip6_dst; 609 610 if (IN6_IS_ADDR_UNSPECIFIED(&nexthop)) { 611 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInAddrErrors); 612 ip_drop_input("ipIfStatsInAddrErrors", mp, ill); 613 freemsg(mp); 614 return; 615 } 616 617 } 618 619 if (ipst->ips_ip6_observe.he_interested) { 620 zoneid_t dzone; 621 622 /* 623 * On the inbound path the src zone will be unknown as 624 * this packet has come from the wire. 625 */ 626 dzone = ip_get_zoneid_v6(&nexthop, mp, ill, ira, ALL_ZONES); 627 ipobs_hook(mp, IPOBS_HOOK_INBOUND, ALL_ZONES, dzone, ill, ipst); 628 } 629 630 if ((ip6h->ip6_vcf & IPV6_VERS_AND_FLOW_MASK) != 631 IPV6_DEFAULT_VERS_AND_FLOW) { 632 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInHdrErrors); 633 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInWrongIPVersion); 634 ip_drop_input("ipIfStatsInWrongIPVersion", mp, ill); 635 freemsg(mp); 636 return; 637 } 638 639 /* 640 * For IPv6 we update ira_ip_hdr_length and ira_protocol as 641 * we parse the headers, starting with the hop-by-hop options header. 642 */ 643 ira->ira_ip_hdr_length = IPV6_HDR_LEN; 644 if ((ira->ira_protocol = ip6h->ip6_nxt) == IPPROTO_HOPOPTS) { 645 ip6_hbh_t *hbhhdr; 646 uint_t ehdrlen; 647 uint8_t *optptr; 648 649 if (pkt_len < IPV6_HDR_LEN + MIN_EHDR_LEN) { 650 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts); 651 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill); 652 freemsg(mp); 653 return; 654 } 655 if (mp->b_cont != NULL && 656 rptr + IPV6_HDR_LEN + MIN_EHDR_LEN > mp->b_wptr) { 657 ip6h = ip_pullup(mp, IPV6_HDR_LEN + MIN_EHDR_LEN, ira); 658 if (ip6h == NULL) { 659 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 660 ip_drop_input("ipIfStatsInDiscards", mp, ill); 661 freemsg(mp); 662 return; 663 } 664 } 665 hbhhdr = (ip6_hbh_t *)&ip6h[1]; 666 ehdrlen = 8 * (hbhhdr->ip6h_len + 1); 667 668 if (pkt_len < IPV6_HDR_LEN + ehdrlen) { 669 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts); 670 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill); 671 freemsg(mp); 672 return; 673 } 674 if (mp->b_cont != NULL && 675 rptr + IPV6_HDR_LEN + ehdrlen > mp->b_wptr) { 676 ip6h = ip_pullup(mp, IPV6_HDR_LEN + ehdrlen, ira); 677 if (ip6h == NULL) { 678 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 679 ip_drop_input("ipIfStatsInDiscards", mp, ill); 680 freemsg(mp); 681 return; 682 } 683 hbhhdr = (ip6_hbh_t *)&ip6h[1]; 684 } 685 686 /* 687 * Update ira_ip_hdr_length to skip the hop-by-hop header 688 * once we get to ip_fanout_v6 689 */ 690 ira->ira_ip_hdr_length += ehdrlen; 691 ira->ira_protocol = hbhhdr->ip6h_nxt; 692 693 optptr = (uint8_t *)&hbhhdr[1]; 694 switch (ip_process_options_v6(mp, ip6h, optptr, 695 ehdrlen - 2, IPPROTO_HOPOPTS, ira)) { 696 case -1: 697 /* 698 * Packet has been consumed and any 699 * needed ICMP messages sent. 700 */ 701 return; 702 case 0: 703 /* no action needed */ 704 break; 705 case 1: 706 /* 707 * Known router alert. Make use handle it as local 708 * by setting the nexthop to be the all-host multicast 709 * address, and skip multicast membership filter by 710 * marking as a router alert. 711 */ 712 ira->ira_flags |= IRAF_ROUTER_ALERT; 713 nexthop = ipv6_all_hosts_mcast; 714 break; 715 } 716 } 717 718 /* 719 * Here we check to see if we machine is setup as 720 * L3 loadbalancer and if the incoming packet is for a VIP 721 * 722 * Check the following: 723 * - there is at least a rule 724 * - protocol of the packet is supported 725 * 726 * We don't load balance IPv6 link-locals. 727 */ 728 if (ilb_has_rules(ilbs) && ILB_SUPP_L4(ira->ira_protocol) && 729 !IN6_IS_ADDR_LINKLOCAL(&nexthop)) { 730 in6_addr_t lb_dst; 731 int lb_ret; 732 733 /* For convenience, we just pull up the mblk. */ 734 if (mp->b_cont != NULL) { 735 if (pullupmsg(mp, -1) == 0) { 736 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 737 ip_drop_input("ipIfStatsInDiscards - pullupmsg", 738 mp, ill); 739 freemsg(mp); 740 return; 741 } 742 ip6h = (ip6_t *)mp->b_rptr; 743 } 744 lb_ret = ilb_check_v6(ilbs, ill, mp, ip6h, ira->ira_protocol, 745 (uint8_t *)ip6h + ira->ira_ip_hdr_length, &lb_dst); 746 if (lb_ret == ILB_DROPPED) { 747 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 748 ip_drop_input("ILB_DROPPED", mp, ill); 749 freemsg(mp); 750 return; 751 } 752 if (lb_ret == ILB_BALANCED) { 753 /* Set the dst to that of the chosen server */ 754 nexthop = lb_dst; 755 DB_CKSUMFLAGS(mp) = 0; 756 } 757 } 758 759 if (ill->ill_flags & ILLF_ROUTER) 760 irr_flags = IRR_ALLOCATE; 761 else 762 irr_flags = IRR_NONE; 763 764 /* Can not use route cache with TX since the labels can differ */ 765 if (ira->ira_flags & IRAF_SYSTEM_LABELED) { 766 if (IN6_IS_ADDR_MULTICAST(&nexthop)) { 767 ire = ire_multicast(ill); 768 } else if (IN6_IS_ADDR_LINKLOCAL(&nexthop)) { 769 ire = ire_linklocal(&nexthop, ill, ira, irr_flags, 770 ipst); 771 } else { 772 /* Match destination and label */ 773 ire = ire_route_recursive_v6(&nexthop, 0, NULL, 774 ALL_ZONES, ira->ira_tsl, MATCH_IRE_SECATTR, 775 irr_flags, ira->ira_xmit_hint, ipst, NULL, NULL, 776 NULL); 777 } 778 /* Update the route cache so we do the ire_refrele */ 779 ASSERT(ire != NULL); 780 if (rtc->rtc_ire != NULL) 781 ire_refrele(rtc->rtc_ire); 782 rtc->rtc_ire = ire; 783 rtc->rtc_ip6addr = nexthop; 784 } else if (IN6_ARE_ADDR_EQUAL(&nexthop, &rtc->rtc_ip6addr) && 785 rtc->rtc_ire != NULL) { 786 /* Use the route cache */ 787 ire = rtc->rtc_ire; 788 } else { 789 /* Update the route cache */ 790 if (IN6_IS_ADDR_MULTICAST(&nexthop)) { 791 ire = ire_multicast(ill); 792 } else if (IN6_IS_ADDR_LINKLOCAL(&nexthop)) { 793 ire = ire_linklocal(&nexthop, ill, ira, irr_flags, 794 ipst); 795 } else { 796 ire = ire_route_recursive_dstonly_v6(&nexthop, 797 irr_flags, ira->ira_xmit_hint, ipst); 798 } 799 ASSERT(ire != NULL); 800 if (rtc->rtc_ire != NULL) 801 ire_refrele(rtc->rtc_ire); 802 rtc->rtc_ire = ire; 803 rtc->rtc_ip6addr = nexthop; 804 } 805 806 ire->ire_ib_pkt_count++; 807 808 /* 809 * Based on ire_type and ire_flags call one of: 810 * ire_recv_local_v6 - for IRE_LOCAL 811 * ire_recv_loopback_v6 - for IRE_LOOPBACK 812 * ire_recv_multirt_v6 - if RTF_MULTIRT 813 * ire_recv_noroute_v6 - if RTF_REJECT or RTF_BLACHOLE 814 * ire_recv_multicast_v6 - for IRE_MULTICAST 815 * ire_recv_noaccept_v6 - for ire_noaccept ones 816 * ire_recv_forward_v6 - for the rest. 817 */ 818 819 (*ire->ire_recvfn)(ire, mp, ip6h, ira); 820 } 821 #undef rptr 822 823 /* 824 * ire_recvfn for IREs that need forwarding 825 */ 826 void 827 ire_recv_forward_v6(ire_t *ire, mblk_t *mp, void *iph_arg, ip_recv_attr_t *ira) 828 { 829 ip6_t *ip6h = (ip6_t *)iph_arg; 830 ill_t *ill = ira->ira_ill; 831 ip_stack_t *ipst = ill->ill_ipst; 832 iaflags_t iraflags = ira->ira_flags; 833 ill_t *dst_ill; 834 nce_t *nce; 835 uint32_t added_tx_len; 836 uint32_t mtu, iremtu; 837 838 if (iraflags & (IRAF_L2DST_MULTICAST|IRAF_L2DST_BROADCAST)) { 839 BUMP_MIB(ill->ill_ip_mib, ipIfStatsForwProhibits); 840 ip_drop_input("l2 multicast not forwarded", mp, ill); 841 freemsg(mp); 842 return; 843 } 844 845 if (!(ill->ill_flags & ILLF_ROUTER)) { 846 BUMP_MIB(ill->ill_ip_mib, ipIfStatsForwProhibits); 847 ip_drop_input("ipIfStatsForwProhibits", mp, ill); 848 freemsg(mp); 849 return; 850 } 851 852 /* 853 * Either ire_nce_capable or ire_dep_parent would be set for the IRE 854 * when it is found by ire_route_recursive, but that some other thread 855 * could have changed the routes with the effect of clearing 856 * ire_dep_parent. In that case we'd end up dropping the packet, or 857 * finding a new nce below. 858 * Get, allocate, or update the nce. 859 * We get a refhold on ire_nce_cache as a result of this to avoid races 860 * where ire_nce_cache is deleted. 861 * 862 * This ensures that we don't forward if the interface is down since 863 * ipif_down removes all the nces. 864 */ 865 mutex_enter(&ire->ire_lock); 866 nce = ire->ire_nce_cache; 867 if (nce == NULL) { 868 /* Not yet set up - try to set one up */ 869 mutex_exit(&ire->ire_lock); 870 (void) ire_revalidate_nce(ire); 871 mutex_enter(&ire->ire_lock); 872 nce = ire->ire_nce_cache; 873 if (nce == NULL) { 874 mutex_exit(&ire->ire_lock); 875 /* The ire_dep_parent chain went bad, or no memory */ 876 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 877 ip_drop_input("No ire_dep_parent", mp, ill); 878 freemsg(mp); 879 return; 880 } 881 } 882 nce_refhold(nce); 883 mutex_exit(&ire->ire_lock); 884 885 if (nce->nce_is_condemned) { 886 nce_t *nce1; 887 888 nce1 = ire_handle_condemned_nce(nce, ire, NULL, ip6h, B_FALSE); 889 nce_refrele(nce); 890 if (nce1 == NULL) { 891 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 892 ip_drop_input("No nce", mp, ill); 893 freemsg(mp); 894 return; 895 } 896 nce = nce1; 897 } 898 dst_ill = nce->nce_ill; 899 900 /* 901 * Unless we are forwarding, drop the packet. 902 * Unlike IPv4 we don't allow source routed packets out the same 903 * interface when we are not a router. 904 * Note that ill_forward_set() will set the ILLF_ROUTER on 905 * all the group members when it gets an ipmp-ill or under-ill. 906 */ 907 if (!(dst_ill->ill_flags & ILLF_ROUTER)) { 908 BUMP_MIB(ill->ill_ip_mib, ipIfStatsForwProhibits); 909 ip_drop_input("ipIfStatsForwProhibits", mp, ill); 910 freemsg(mp); 911 nce_refrele(nce); 912 return; 913 } 914 915 if (ire->ire_zoneid != GLOBAL_ZONEID && ire->ire_zoneid != ALL_ZONES) { 916 ire->ire_ib_pkt_count--; 917 /* 918 * Should only use IREs that are visible from the 919 * global zone for forwarding. 920 * For IPv6 any source route would have already been 921 * advanced in ip_fanout_v6 922 */ 923 ire = ire_route_recursive_v6(&ip6h->ip6_dst, 0, NULL, 924 GLOBAL_ZONEID, ira->ira_tsl, MATCH_IRE_SECATTR, 925 (ill->ill_flags & ILLF_ROUTER) ? IRR_ALLOCATE : IRR_NONE, 926 ira->ira_xmit_hint, ipst, NULL, NULL, NULL); 927 ire->ire_ib_pkt_count++; 928 (*ire->ire_recvfn)(ire, mp, ip6h, ira); 929 ire_refrele(ire); 930 nce_refrele(nce); 931 return; 932 } 933 /* 934 * ipIfStatsHCInForwDatagrams should only be increment if there 935 * will be an attempt to forward the packet, which is why we 936 * increment after the above condition has been checked. 937 */ 938 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInForwDatagrams); 939 940 /* Initiate Read side IPPF processing */ 941 if (IPP_ENABLED(IPP_FWD_IN, ipst)) { 942 /* ip_process translates an IS_UNDER_IPMP */ 943 mp = ip_process(IPP_FWD_IN, mp, ill, ill); 944 if (mp == NULL) { 945 /* ip_drop_packet and MIB done */ 946 ip2dbg(("ire_recv_forward_v6: pkt dropped/deferred " 947 "during IPPF processing\n")); 948 nce_refrele(nce); 949 return; 950 } 951 } 952 953 DTRACE_PROBE4(ip6__forwarding__start, 954 ill_t *, ill, ill_t *, dst_ill, ip6_t *, ip6h, mblk_t *, mp); 955 956 if (HOOKS6_INTERESTED_FORWARDING(ipst)) { 957 int error; 958 959 FW_HOOKS(ipst->ips_ip6_forwarding_event, 960 ipst->ips_ipv6firewall_forwarding, 961 ill, dst_ill, ip6h, mp, mp, 0, ipst, error); 962 963 DTRACE_PROBE1(ip6__forwarding__end, mblk_t *, mp); 964 965 if (mp == NULL) { 966 nce_refrele(nce); 967 return; 968 } 969 /* 970 * Even if the destination was changed by the filter we use the 971 * forwarding decision that was made based on the address 972 * in ip_input. 973 */ 974 975 /* Might have changed */ 976 ip6h = (ip6_t *)mp->b_rptr; 977 ira->ira_pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 978 } 979 980 /* Packet is being forwarded. Turning off hwcksum flag. */ 981 DB_CKSUMFLAGS(mp) = 0; 982 983 /* 984 * Per RFC 3513 section 2.5.2, we must not forward packets with 985 * an unspecified source address. 986 * The loopback address check for both src and dst has already 987 * been checked in ip_input_v6 988 * In the future one can envision adding RPF checks using number 3. 989 */ 990 switch (ipst->ips_src_check) { 991 case 0: 992 break; 993 case 1: 994 case 2: 995 if (IN6_IS_ADDR_UNSPECIFIED(&ip6h->ip6_src) || 996 IN6_IS_ADDR_MULTICAST(&ip6h->ip6_src)) { 997 BUMP_MIB(ill->ill_ip_mib, ipIfStatsForwProhibits); 998 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInAddrErrors); 999 ip_drop_input("ipIfStatsInAddrErrors", mp, ill); 1000 nce_refrele(nce); 1001 freemsg(mp); 1002 return; 1003 } 1004 break; 1005 } 1006 1007 /* 1008 * Check to see if we're forwarding the packet to a 1009 * different link from which it came. If so, check the 1010 * source and destination addresses since routers must not 1011 * forward any packets with link-local source or 1012 * destination addresses to other links. Otherwise (if 1013 * we're forwarding onto the same link), conditionally send 1014 * a redirect message. 1015 */ 1016 if (!IS_ON_SAME_LAN(dst_ill, ill)) { 1017 if (IN6_IS_ADDR_LINKLOCAL(&ip6h->ip6_dst) || 1018 IN6_IS_ADDR_LINKLOCAL(&ip6h->ip6_src)) { 1019 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInAddrErrors); 1020 ip_drop_input("ipIfStatsInAddrErrors", mp, ill); 1021 freemsg(mp); 1022 nce_refrele(nce); 1023 return; 1024 } 1025 /* TBD add site-local check at site boundary? */ 1026 } else if (ipst->ips_ipv6_send_redirects) { 1027 ip_send_potential_redirect_v6(mp, ip6h, ire, ira); 1028 } 1029 1030 added_tx_len = 0; 1031 if (iraflags & IRAF_SYSTEM_LABELED) { 1032 mblk_t *mp1; 1033 uint32_t old_pkt_len = ira->ira_pktlen; 1034 1035 /* 1036 * Check if it can be forwarded and add/remove 1037 * CIPSO options as needed. 1038 */ 1039 if ((mp1 = tsol_ip_forward(ire, mp, ira)) == NULL) { 1040 BUMP_MIB(ill->ill_ip_mib, ipIfStatsForwProhibits); 1041 ip_drop_input("tsol_ip_forward", mp, ill); 1042 freemsg(mp); 1043 nce_refrele(nce); 1044 return; 1045 } 1046 /* 1047 * Size may have changed. Remember amount added in case 1048 * ip_fragment needs to send an ICMP too big. 1049 */ 1050 mp = mp1; 1051 ip6h = (ip6_t *)mp->b_rptr; 1052 ira->ira_pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 1053 ira->ira_ip_hdr_length = IPV6_HDR_LEN; 1054 ira->ira_ttl = ip6h->ip6_hlim; 1055 if (ira->ira_pktlen > old_pkt_len) 1056 added_tx_len = ira->ira_pktlen - old_pkt_len; 1057 } 1058 1059 mtu = dst_ill->ill_mtu; 1060 if ((iremtu = ire->ire_metrics.iulp_mtu) != 0 && iremtu < mtu) 1061 mtu = iremtu; 1062 ip_forward_xmit_v6(nce, mp, ip6h, ira, mtu, added_tx_len); 1063 nce_refrele(nce); 1064 return; 1065 1066 } 1067 1068 /* 1069 * Used for sending out unicast and multicast packets that are 1070 * forwarded. 1071 */ 1072 void 1073 ip_forward_xmit_v6(nce_t *nce, mblk_t *mp, ip6_t *ip6h, ip_recv_attr_t *ira, 1074 uint32_t mtu, uint32_t added_tx_len) 1075 { 1076 ill_t *dst_ill = nce->nce_ill; 1077 uint32_t pkt_len; 1078 iaflags_t iraflags = ira->ira_flags; 1079 ip_stack_t *ipst = dst_ill->ill_ipst; 1080 1081 if (ip6h->ip6_hops-- <= 1) { 1082 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards); 1083 ip_drop_input("ICMP6_TIME_EXCEED_TRANSIT", mp, ira->ira_ill); 1084 icmp_time_exceeded_v6(mp, ICMP6_TIME_EXCEED_TRANSIT, B_FALSE, 1085 ira); 1086 return; 1087 } 1088 1089 /* Initiate Write side IPPF processing before any fragmentation */ 1090 if (IPP_ENABLED(IPP_FWD_OUT, ipst)) { 1091 /* ip_process translates an IS_UNDER_IPMP */ 1092 mp = ip_process(IPP_FWD_OUT, mp, dst_ill, dst_ill); 1093 if (mp == NULL) { 1094 /* ip_drop_packet and MIB done */ 1095 ip2dbg(("ire_recv_forward_v6: pkt dropped/deferred" \ 1096 " during IPPF processing\n")); 1097 return; 1098 } 1099 } 1100 1101 pkt_len = ira->ira_pktlen; 1102 1103 BUMP_MIB(dst_ill->ill_ip_mib, ipIfStatsHCOutForwDatagrams); 1104 1105 if (pkt_len > mtu) { 1106 BUMP_MIB(dst_ill->ill_ip_mib, ipIfStatsOutFragFails); 1107 ip_drop_output("ipIfStatsOutFragFails", mp, dst_ill); 1108 if (iraflags & IRAF_SYSTEM_LABELED) { 1109 /* 1110 * Remove any CIPSO option added by 1111 * tsol_ip_forward, and make sure we report 1112 * a path MTU so that there 1113 * is room to add such a CIPSO option for future 1114 * packets. 1115 */ 1116 mtu = tsol_pmtu_adjust(mp, mtu, added_tx_len, AF_INET6); 1117 } 1118 icmp_pkt2big_v6(mp, mtu, B_TRUE, ira); 1119 return; 1120 } 1121 1122 ASSERT(pkt_len == 1123 ntohs(((ip6_t *)mp->b_rptr)->ip6_plen) + IPV6_HDR_LEN); 1124 1125 if (iraflags & IRAF_LOOPBACK_COPY) { 1126 /* 1127 * IXAF_NO_LOOP_ZONEID is not set hence 6th arg 1128 * is don't care 1129 */ 1130 (void) ip_postfrag_loopcheck(mp, nce, 1131 (IXAF_LOOPBACK_COPY | IXAF_NO_DEV_FLOW_CTL), 1132 pkt_len, ira->ira_xmit_hint, GLOBAL_ZONEID, 0, NULL); 1133 } else { 1134 (void) ip_xmit(mp, nce, IXAF_NO_DEV_FLOW_CTL, 1135 pkt_len, ira->ira_xmit_hint, GLOBAL_ZONEID, 0, NULL); 1136 } 1137 } 1138 1139 /* 1140 * ire_recvfn for RTF_REJECT and RTF_BLACKHOLE routes, including IRE_NOROUTE, 1141 * which is what ire_route_recursive returns when there is no matching ire. 1142 * Send ICMP unreachable unless blackhole. 1143 */ 1144 void 1145 ire_recv_noroute_v6(ire_t *ire, mblk_t *mp, void *iph_arg, ip_recv_attr_t *ira) 1146 { 1147 ip6_t *ip6h = (ip6_t *)iph_arg; 1148 ill_t *ill = ira->ira_ill; 1149 ip_stack_t *ipst = ill->ill_ipst; 1150 1151 /* Would we have forwarded this packet if we had a route? */ 1152 if (ira->ira_flags & (IRAF_L2DST_MULTICAST|IRAF_L2DST_BROADCAST)) { 1153 BUMP_MIB(ill->ill_ip_mib, ipIfStatsForwProhibits); 1154 ip_drop_input("l2 multicast not forwarded", mp, ill); 1155 freemsg(mp); 1156 return; 1157 } 1158 1159 if (!(ill->ill_flags & ILLF_ROUTER)) { 1160 BUMP_MIB(ill->ill_ip_mib, ipIfStatsForwProhibits); 1161 ip_drop_input("ipIfStatsForwProhibits", mp, ill); 1162 freemsg(mp); 1163 return; 1164 } 1165 /* 1166 * If we had a route this could have been forwarded. Count as such. 1167 * 1168 * ipIfStatsHCInForwDatagrams should only be increment if there 1169 * will be an attempt to forward the packet, which is why we 1170 * increment after the above condition has been checked. 1171 */ 1172 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInForwDatagrams); 1173 1174 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInNoRoutes); 1175 1176 ip_rts_change_v6(RTM_MISS, &ip6h->ip6_dst, 0, 0, 0, 0, 0, 0, RTA_DST, 1177 ipst); 1178 1179 if (ire->ire_flags & RTF_BLACKHOLE) { 1180 ip_drop_input("ipIfStatsInNoRoutes RTF_BLACKHOLE", mp, ill); 1181 freemsg(mp); 1182 } else { 1183 ip_drop_input("ipIfStatsInNoRoutes RTF_REJECT", mp, ill); 1184 1185 icmp_unreachable_v6(mp, ICMP6_DST_UNREACH_NOROUTE, B_FALSE, 1186 ira); 1187 } 1188 } 1189 1190 /* 1191 * ire_recvfn for IRE_LOCALs marked with ire_noaccept. Such IREs are used for 1192 * VRRP when in noaccept mode. 1193 * We silently drop packets except for Neighbor Solicitations and 1194 * Neighbor Advertisements. 1195 */ 1196 void 1197 ire_recv_noaccept_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 1198 ip_recv_attr_t *ira) 1199 { 1200 ip6_t *ip6h = (ip6_t *)iph_arg; 1201 ill_t *ill = ira->ira_ill; 1202 icmp6_t *icmp6; 1203 int ip_hdr_length; 1204 1205 if (ip6h->ip6_nxt != IPPROTO_ICMPV6) { 1206 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 1207 ip_drop_input("ipIfStatsInDiscards - noaccept", mp, ill); 1208 freemsg(mp); 1209 return; 1210 } 1211 ip_hdr_length = ira->ira_ip_hdr_length; 1212 if ((mp->b_wptr - mp->b_rptr) < (ip_hdr_length + ICMP6_MINLEN)) { 1213 if (ira->ira_pktlen < (ip_hdr_length + ICMP6_MINLEN)) { 1214 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts); 1215 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill); 1216 freemsg(mp); 1217 return; 1218 } 1219 ip6h = ip_pullup(mp, ip_hdr_length + ICMP6_MINLEN, ira); 1220 if (ip6h == NULL) { 1221 BUMP_MIB(ill->ill_icmp6_mib, ipv6IfIcmpInErrors); 1222 freemsg(mp); 1223 return; 1224 } 1225 } 1226 icmp6 = (icmp6_t *)(&mp->b_rptr[ip_hdr_length]); 1227 1228 if (icmp6->icmp6_type != ND_NEIGHBOR_SOLICIT && 1229 icmp6->icmp6_type != ND_NEIGHBOR_ADVERT) { 1230 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 1231 ip_drop_input("ipIfStatsInDiscards - noaccept", mp, ill); 1232 freemsg(mp); 1233 return; 1234 } 1235 ire_recv_local_v6(ire, mp, ip6h, ira); 1236 } 1237 1238 /* 1239 * ire_recvfn for IRE_MULTICAST. 1240 */ 1241 void 1242 ire_recv_multicast_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 1243 ip_recv_attr_t *ira) 1244 { 1245 ip6_t *ip6h = (ip6_t *)iph_arg; 1246 ill_t *ill = ira->ira_ill; 1247 1248 ASSERT(ire->ire_ill == ira->ira_ill); 1249 1250 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInMcastPkts); 1251 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCInMcastOctets, ira->ira_pktlen); 1252 1253 /* Tag for higher-level protocols */ 1254 ira->ira_flags |= IRAF_MULTICAST; 1255 1256 /* 1257 * So that we don't end up with dups, only one ill an IPMP group is 1258 * nominated to receive multicast traffic. 1259 * If we have no cast_ill we are liberal and accept everything. 1260 */ 1261 if (IS_UNDER_IPMP(ill)) { 1262 ip_stack_t *ipst = ill->ill_ipst; 1263 1264 /* For an under ill_grp can change under lock */ 1265 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 1266 if (!ill->ill_nom_cast && ill->ill_grp != NULL && 1267 ill->ill_grp->ig_cast_ill != NULL) { 1268 rw_exit(&ipst->ips_ill_g_lock); 1269 ip_drop_input("not on cast ill", mp, ill); 1270 freemsg(mp); 1271 return; 1272 } 1273 rw_exit(&ipst->ips_ill_g_lock); 1274 /* 1275 * We switch to the upper ill so that mrouter and hasmembers 1276 * can operate on upper here and in ip_input_multicast. 1277 */ 1278 ill = ipmp_ill_hold_ipmp_ill(ill); 1279 if (ill != NULL) { 1280 ASSERT(ill != ira->ira_ill); 1281 ASSERT(ire->ire_ill == ira->ira_ill); 1282 ira->ira_ill = ill; 1283 ira->ira_ruifindex = ill->ill_phyint->phyint_ifindex; 1284 } else { 1285 ill = ira->ira_ill; 1286 } 1287 } 1288 1289 #ifdef notdef 1290 /* 1291 * Check if we are a multicast router - send ip_mforward a copy of 1292 * the packet. 1293 * Due to mroute_decap tunnels we consider forwarding packets even if 1294 * mrouted has not joined the allmulti group on this interface. 1295 */ 1296 if (ipst->ips_ip_g_mrouter) { 1297 int retval; 1298 1299 /* 1300 * Clear the indication that this may have hardware 1301 * checksum as we are not using it for forwarding. 1302 */ 1303 DB_CKSUMFLAGS(mp) = 0; 1304 1305 /* 1306 * ip_mforward helps us make these distinctions: If received 1307 * on tunnel and not IGMP, then drop. 1308 * If IGMP packet, then don't check membership 1309 * If received on a phyint and IGMP or PIM, then 1310 * don't check membership 1311 */ 1312 retval = ip_mforward_v6(mp, ira); 1313 /* ip_mforward updates mib variables if needed */ 1314 1315 switch (retval) { 1316 case 0: 1317 /* 1318 * pkt is okay and arrived on phyint. 1319 */ 1320 break; 1321 case -1: 1322 /* pkt is mal-formed, toss it */ 1323 freemsg(mp); 1324 goto done; 1325 case 1: 1326 /* 1327 * pkt is okay and arrived on a tunnel 1328 * 1329 * If we are running a multicast router 1330 * we need to see all mld packets, which 1331 * are marked with router alerts. 1332 */ 1333 if (ira->ira_flags & IRAF_ROUTER_ALERT) 1334 goto forus; 1335 ip_drop_input("Multicast on tunnel ignored", mp, ill); 1336 freemsg(mp); 1337 goto done; 1338 } 1339 } 1340 #endif /* notdef */ 1341 1342 /* 1343 * If this was a router alert we skip the group membership check. 1344 */ 1345 if (ira->ira_flags & IRAF_ROUTER_ALERT) 1346 goto forus; 1347 1348 /* 1349 * Check if we have members on this ill. This is not necessary for 1350 * correctness because even if the NIC/GLD had a leaky filter, we 1351 * filter before passing to each conn_t. 1352 */ 1353 if (!ill_hasmembers_v6(ill, &ip6h->ip6_dst)) { 1354 /* 1355 * Nobody interested 1356 * 1357 * This might just be caused by the fact that 1358 * multiple IP Multicast addresses map to the same 1359 * link layer multicast - no need to increment counter! 1360 */ 1361 ip_drop_input("Multicast with no members", mp, ill); 1362 freemsg(mp); 1363 goto done; 1364 } 1365 forus: 1366 ip2dbg(("ire_recv_multicast_v6: multicast for us\n")); 1367 1368 /* 1369 * After reassembly and IPsec we will need to duplicate the 1370 * multicast packet for all matching zones on the ill. 1371 */ 1372 ira->ira_zoneid = ALL_ZONES; 1373 1374 /* Reassemble on the ill on which the packet arrived */ 1375 ip_input_local_v6(ire, mp, ip6h, ira); 1376 done: 1377 if (ill != ire->ire_ill) { 1378 ill_refrele(ill); 1379 ira->ira_ill = ire->ire_ill; 1380 ira->ira_ruifindex = ira->ira_ill->ill_phyint->phyint_ifindex; 1381 } 1382 } 1383 1384 /* 1385 * ire_recvfn for IRE_OFFLINK with RTF_MULTIRT. 1386 * Drop packets since we don't forward out multirt routes. 1387 */ 1388 /* ARGSUSED */ 1389 void 1390 ire_recv_multirt_v6(ire_t *ire, mblk_t *mp, void *iph_arg, ip_recv_attr_t *ira) 1391 { 1392 ill_t *ill = ira->ira_ill; 1393 1394 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInNoRoutes); 1395 ip_drop_input("Not forwarding out MULTIRT", mp, ill); 1396 freemsg(mp); 1397 } 1398 1399 /* 1400 * ire_recvfn for IRE_LOOPBACK. This is only used when a FW_HOOK 1401 * has rewritten the packet to have a loopback destination address (We 1402 * filter out packet with a loopback destination from arriving over the wire). 1403 * We don't know what zone to use, thus we always use the GLOBAL_ZONEID. 1404 */ 1405 void 1406 ire_recv_loopback_v6(ire_t *ire, mblk_t *mp, void *iph_arg, ip_recv_attr_t *ira) 1407 { 1408 ip6_t *ip6h = (ip6_t *)iph_arg; 1409 ill_t *ill = ira->ira_ill; 1410 ill_t *ire_ill = ire->ire_ill; 1411 1412 ira->ira_zoneid = GLOBAL_ZONEID; 1413 1414 /* Switch to the lo0 ill for further processing */ 1415 if (ire_ill != ill) { 1416 /* 1417 * Update ira_ill to be the ILL on which the IP address 1418 * is hosted. 1419 * No need to hold the ill since we have a hold on the ire 1420 */ 1421 ASSERT(ira->ira_ill == ira->ira_rill); 1422 ira->ira_ill = ire_ill; 1423 1424 ip_input_local_v6(ire, mp, ip6h, ira); 1425 1426 /* Restore */ 1427 ASSERT(ira->ira_ill == ire_ill); 1428 ira->ira_ill = ill; 1429 return; 1430 1431 } 1432 ip_input_local_v6(ire, mp, ip6h, ira); 1433 } 1434 1435 /* 1436 * ire_recvfn for IRE_LOCAL. 1437 */ 1438 void 1439 ire_recv_local_v6(ire_t *ire, mblk_t *mp, void *iph_arg, ip_recv_attr_t *ira) 1440 { 1441 ip6_t *ip6h = (ip6_t *)iph_arg; 1442 ill_t *ill = ira->ira_ill; 1443 ill_t *ire_ill = ire->ire_ill; 1444 1445 /* Make a note for DAD that this address is in use */ 1446 ire->ire_last_used_time = LBOLT_FASTPATH; 1447 1448 /* Only target the IRE_LOCAL with the right zoneid. */ 1449 ira->ira_zoneid = ire->ire_zoneid; 1450 1451 /* 1452 * If the packet arrived on the wrong ill, we check that 1453 * this is ok. 1454 * If it is, then we ensure that we do the reassembly on 1455 * the ill on which the address is hosted. We keep ira_rill as 1456 * the one on which the packet arrived, so that IP_PKTINFO and 1457 * friends can report this. 1458 */ 1459 if (ire_ill != ill) { 1460 ire_t *new_ire; 1461 1462 new_ire = ip_check_multihome(&ip6h->ip6_dst, ire, ill); 1463 if (new_ire == NULL) { 1464 /* Drop packet */ 1465 BUMP_MIB(ill->ill_ip_mib, ipIfStatsForwProhibits); 1466 ip_drop_input("ipIfStatsInForwProhibits", mp, ill); 1467 freemsg(mp); 1468 return; 1469 } 1470 /* 1471 * Update ira_ill to be the ILL on which the IP address 1472 * is hosted. No need to hold the ill since we have a 1473 * hold on the ire. Note that we do the switch even if 1474 * new_ire == ire (for IPMP, ire would be the one corresponding 1475 * to the IPMP ill). 1476 */ 1477 ASSERT(ira->ira_ill == ira->ira_rill); 1478 ira->ira_ill = new_ire->ire_ill; 1479 1480 /* ira_ruifindex tracks the upper for ira_rill */ 1481 if (IS_UNDER_IPMP(ill)) 1482 ira->ira_ruifindex = ill_get_upper_ifindex(ill); 1483 1484 ip_input_local_v6(new_ire, mp, ip6h, ira); 1485 1486 /* Restore */ 1487 ASSERT(ira->ira_ill == new_ire->ire_ill); 1488 ira->ira_ill = ill; 1489 ira->ira_ruifindex = ill->ill_phyint->phyint_ifindex; 1490 1491 if (new_ire != ire) 1492 ire_refrele(new_ire); 1493 return; 1494 } 1495 1496 ip_input_local_v6(ire, mp, ip6h, ira); 1497 } 1498 1499 /* 1500 * Common function for packets arriving for the host. Handles 1501 * checksum verification, reassembly checks, etc. 1502 */ 1503 static void 1504 ip_input_local_v6(ire_t *ire, mblk_t *mp, ip6_t *ip6h, ip_recv_attr_t *ira) 1505 { 1506 iaflags_t iraflags = ira->ira_flags; 1507 1508 /* 1509 * For multicast we need some extra work before 1510 * we call ip_fanout_v6(), since in the case of shared-IP zones 1511 * we need to pretend that a packet arrived for each zoneid. 1512 */ 1513 if (iraflags & IRAF_MULTICAST) { 1514 ip_input_multicast_v6(ire, mp, ip6h, ira); 1515 return; 1516 } 1517 ip_fanout_v6(mp, ip6h, ira); 1518 } 1519 1520 /* 1521 * Handle multiple zones which want to receive the same multicast packets 1522 * on this ill by delivering a packet to each of them. 1523 * 1524 * Note that for packets delivered to transports we could instead do this 1525 * as part of the fanout code, but since we need to handle icmp_inbound 1526 * it is simpler to have multicast work the same as IPv4 broadcast. 1527 * 1528 * The ip_fanout matching for multicast matches based on ilm independent of 1529 * zoneid since the zoneid restriction is applied when joining a multicast 1530 * group. 1531 */ 1532 /* ARGSUSED */ 1533 static void 1534 ip_input_multicast_v6(ire_t *ire, mblk_t *mp, ip6_t *ip6h, ip_recv_attr_t *ira) 1535 { 1536 ill_t *ill = ira->ira_ill; 1537 iaflags_t iraflags = ira->ira_flags; 1538 ip_stack_t *ipst = ill->ill_ipst; 1539 netstack_t *ns = ipst->ips_netstack; 1540 zoneid_t zoneid; 1541 mblk_t *mp1; 1542 ip6_t *ip6h1; 1543 uint_t ira_pktlen = ira->ira_pktlen; 1544 uint16_t ira_ip_hdr_length = ira->ira_ip_hdr_length; 1545 1546 /* ire_recv_multicast has switched to the upper ill for IPMP */ 1547 ASSERT(!IS_UNDER_IPMP(ill)); 1548 1549 /* 1550 * If we don't have more than one shared-IP zone, or if 1551 * there are no members in anything but the global zone, 1552 * then just set the zoneid and proceed. 1553 */ 1554 if (ns->netstack_numzones == 1 || 1555 !ill_hasmembers_otherzones_v6(ill, &ip6h->ip6_dst, 1556 GLOBAL_ZONEID)) { 1557 ira->ira_zoneid = GLOBAL_ZONEID; 1558 1559 /* If sender didn't want this zone to receive it, drop */ 1560 if ((iraflags & IRAF_NO_LOOP_ZONEID_SET) && 1561 ira->ira_no_loop_zoneid == ira->ira_zoneid) { 1562 ip_drop_input("Multicast but wrong zoneid", mp, ill); 1563 freemsg(mp); 1564 return; 1565 } 1566 ip_fanout_v6(mp, ip6h, ira); 1567 return; 1568 } 1569 1570 /* 1571 * Here we loop over all zoneids that have members in the group 1572 * and deliver a packet to ip_fanout for each zoneid. 1573 * 1574 * First find any members in the lowest numeric zoneid by looking for 1575 * first zoneid larger than -1 (ALL_ZONES). 1576 * We terminate the loop when we receive -1 (ALL_ZONES). 1577 */ 1578 zoneid = ill_hasmembers_nextzone_v6(ill, &ip6h->ip6_dst, ALL_ZONES); 1579 for (; zoneid != ALL_ZONES; 1580 zoneid = ill_hasmembers_nextzone_v6(ill, &ip6h->ip6_dst, zoneid)) { 1581 /* 1582 * Avoid an extra copymsg/freemsg by skipping global zone here 1583 * and doing that at the end. 1584 */ 1585 if (zoneid == GLOBAL_ZONEID) 1586 continue; 1587 1588 ira->ira_zoneid = zoneid; 1589 1590 /* If sender didn't want this zone to receive it, skip */ 1591 if ((iraflags & IRAF_NO_LOOP_ZONEID_SET) && 1592 ira->ira_no_loop_zoneid == ira->ira_zoneid) 1593 continue; 1594 1595 mp1 = copymsg(mp); 1596 if (mp1 == NULL) { 1597 /* Failed to deliver to one zone */ 1598 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 1599 ip_drop_input("ipIfStatsInDiscards", mp, ill); 1600 continue; 1601 } 1602 ip6h1 = (ip6_t *)mp1->b_rptr; 1603 ip_fanout_v6(mp1, ip6h1, ira); 1604 /* 1605 * IPsec might have modified ira_pktlen and ira_ip_hdr_length 1606 * so we restore them for a potential next iteration 1607 */ 1608 ira->ira_pktlen = ira_pktlen; 1609 ira->ira_ip_hdr_length = ira_ip_hdr_length; 1610 } 1611 1612 /* Do the main ire */ 1613 ira->ira_zoneid = GLOBAL_ZONEID; 1614 /* If sender didn't want this zone to receive it, drop */ 1615 if ((iraflags & IRAF_NO_LOOP_ZONEID_SET) && 1616 ira->ira_no_loop_zoneid == ira->ira_zoneid) { 1617 ip_drop_input("Multicast but wrong zoneid", mp, ill); 1618 freemsg(mp); 1619 } else { 1620 ip_fanout_v6(mp, ip6h, ira); 1621 } 1622 } 1623 1624 1625 /* 1626 * Determine the zoneid and IRAF_TX_MAC_EXEMPTABLE if trusted extensions 1627 * is in use. Updates ira_zoneid and ira_flags as a result. 1628 */ 1629 static void 1630 ip_fanout_tx_v6(mblk_t *mp, ip6_t *ip6h, uint8_t protocol, uint_t ip_hdr_length, 1631 ip_recv_attr_t *ira) 1632 { 1633 uint16_t *up; 1634 uint16_t lport; 1635 zoneid_t zoneid; 1636 1637 ASSERT(ira->ira_flags & IRAF_SYSTEM_LABELED); 1638 1639 /* 1640 * If the packet is unlabeled we might allow read-down 1641 * for MAC_EXEMPT. Below we clear this if it is a multi-level 1642 * port (MLP). 1643 * Note that ira_tsl can be NULL here. 1644 */ 1645 if (ira->ira_tsl != NULL && ira->ira_tsl->tsl_flags & TSLF_UNLABELED) 1646 ira->ira_flags |= IRAF_TX_MAC_EXEMPTABLE; 1647 1648 if (ira->ira_zoneid != ALL_ZONES) 1649 return; 1650 1651 ira->ira_flags |= IRAF_TX_SHARED_ADDR; 1652 1653 up = (uint16_t *)((uchar_t *)ip6h + ip_hdr_length); 1654 switch (protocol) { 1655 case IPPROTO_TCP: 1656 case IPPROTO_SCTP: 1657 case IPPROTO_UDP: 1658 /* Caller ensures this */ 1659 ASSERT(((uchar_t *)ip6h) + ip_hdr_length +4 <= mp->b_wptr); 1660 1661 /* 1662 * Only these transports support MLP. 1663 * We know their destination port numbers is in 1664 * the same place in the header. 1665 */ 1666 lport = up[1]; 1667 1668 /* 1669 * No need to handle exclusive-stack zones 1670 * since ALL_ZONES only applies to the shared IP instance. 1671 */ 1672 zoneid = tsol_mlp_findzone(protocol, lport); 1673 /* 1674 * If no shared MLP is found, tsol_mlp_findzone returns 1675 * ALL_ZONES. In that case, we assume it's SLP, and 1676 * search for the zone based on the packet label. 1677 * 1678 * If there is such a zone, we prefer to find a 1679 * connection in it. Otherwise, we look for a 1680 * MAC-exempt connection in any zone whose label 1681 * dominates the default label on the packet. 1682 */ 1683 if (zoneid == ALL_ZONES) 1684 zoneid = tsol_attr_to_zoneid(ira); 1685 else 1686 ira->ira_flags &= ~IRAF_TX_MAC_EXEMPTABLE; 1687 break; 1688 default: 1689 /* Handle shared address for other protocols */ 1690 zoneid = tsol_attr_to_zoneid(ira); 1691 break; 1692 } 1693 ira->ira_zoneid = zoneid; 1694 } 1695 1696 /* 1697 * Increment checksum failure statistics 1698 */ 1699 static void 1700 ip_input_cksum_err_v6(uint8_t protocol, uint16_t hck_flags, ill_t *ill) 1701 { 1702 ip_stack_t *ipst = ill->ill_ipst; 1703 1704 switch (protocol) { 1705 case IPPROTO_TCP: 1706 BUMP_MIB(ill->ill_ip_mib, tcpIfStatsInErrs); 1707 1708 if (hck_flags & HCK_FULLCKSUM) 1709 IP6_STAT(ipst, ip6_tcp_in_full_hw_cksum_err); 1710 else if (hck_flags & HCK_PARTIALCKSUM) 1711 IP6_STAT(ipst, ip6_tcp_in_part_hw_cksum_err); 1712 else 1713 IP6_STAT(ipst, ip6_tcp_in_sw_cksum_err); 1714 break; 1715 case IPPROTO_UDP: 1716 BUMP_MIB(ill->ill_ip_mib, udpIfStatsInCksumErrs); 1717 if (hck_flags & HCK_FULLCKSUM) 1718 IP6_STAT(ipst, ip6_udp_in_full_hw_cksum_err); 1719 else if (hck_flags & HCK_PARTIALCKSUM) 1720 IP6_STAT(ipst, ip6_udp_in_part_hw_cksum_err); 1721 else 1722 IP6_STAT(ipst, ip6_udp_in_sw_cksum_err); 1723 break; 1724 case IPPROTO_ICMPV6: 1725 BUMP_MIB(ill->ill_icmp6_mib, ipv6IfIcmpInMsgs); 1726 BUMP_MIB(ill->ill_icmp6_mib, ipv6IfIcmpInErrors); 1727 break; 1728 default: 1729 ASSERT(0); 1730 break; 1731 } 1732 } 1733 1734 /* Calculate the IPv6 pseudo-header checksum for TCP, UDP, and ICMPV6 */ 1735 uint32_t 1736 ip_input_cksum_pseudo_v6(ip6_t *ip6h, ip_recv_attr_t *ira) 1737 { 1738 uint_t ulp_len; 1739 uint32_t cksum; 1740 uint8_t protocol = ira->ira_protocol; 1741 uint16_t ip_hdr_length = ira->ira_ip_hdr_length; 1742 1743 #define iphs ((uint16_t *)ip6h) 1744 1745 switch (protocol) { 1746 case IPPROTO_TCP: 1747 ulp_len = ira->ira_pktlen - ip_hdr_length; 1748 1749 /* Protocol and length */ 1750 cksum = htons(ulp_len) + IP_TCP_CSUM_COMP; 1751 /* IP addresses */ 1752 cksum += iphs[4] + iphs[5] + iphs[6] + iphs[7] + 1753 iphs[8] + iphs[9] + iphs[10] + iphs[11] + 1754 iphs[12] + iphs[13] + iphs[14] + iphs[15] + 1755 iphs[16] + iphs[17] + iphs[18] + iphs[19]; 1756 break; 1757 1758 case IPPROTO_UDP: { 1759 udpha_t *udpha; 1760 1761 udpha = (udpha_t *)((uchar_t *)ip6h + ip_hdr_length); 1762 1763 /* Protocol and length */ 1764 cksum = udpha->uha_length + IP_UDP_CSUM_COMP; 1765 /* IP addresses */ 1766 cksum += iphs[4] + iphs[5] + iphs[6] + iphs[7] + 1767 iphs[8] + iphs[9] + iphs[10] + iphs[11] + 1768 iphs[12] + iphs[13] + iphs[14] + iphs[15] + 1769 iphs[16] + iphs[17] + iphs[18] + iphs[19]; 1770 break; 1771 } 1772 case IPPROTO_ICMPV6: 1773 ulp_len = ira->ira_pktlen - ip_hdr_length; 1774 1775 /* Protocol and length */ 1776 cksum = htons(ulp_len) + IP_ICMPV6_CSUM_COMP; 1777 /* IP addresses */ 1778 cksum += iphs[4] + iphs[5] + iphs[6] + iphs[7] + 1779 iphs[8] + iphs[9] + iphs[10] + iphs[11] + 1780 iphs[12] + iphs[13] + iphs[14] + iphs[15] + 1781 iphs[16] + iphs[17] + iphs[18] + iphs[19]; 1782 break; 1783 default: 1784 cksum = 0; 1785 break; 1786 } 1787 #undef iphs 1788 return (cksum); 1789 } 1790 1791 1792 /* 1793 * Software verification of the ULP checksums. 1794 * Returns B_TRUE if ok. 1795 * Increments statistics of failed. 1796 */ 1797 static boolean_t 1798 ip_input_sw_cksum_v6(mblk_t *mp, ip6_t *ip6h, ip_recv_attr_t *ira) 1799 { 1800 ip_stack_t *ipst = ira->ira_ill->ill_ipst; 1801 uint32_t cksum; 1802 uint8_t protocol = ira->ira_protocol; 1803 uint16_t ip_hdr_length = ira->ira_ip_hdr_length; 1804 1805 IP6_STAT(ipst, ip6_in_sw_cksum); 1806 1807 ASSERT(protocol == IPPROTO_TCP || protocol == IPPROTO_UDP || 1808 protocol == IPPROTO_ICMPV6); 1809 1810 cksum = ip_input_cksum_pseudo_v6(ip6h, ira); 1811 cksum = IP_CSUM(mp, ip_hdr_length, cksum); 1812 if (cksum == 0) 1813 return (B_TRUE); 1814 1815 ip_input_cksum_err_v6(protocol, 0, ira->ira_ill); 1816 return (B_FALSE); 1817 } 1818 1819 /* 1820 * Verify the ULP checksums. 1821 * Returns B_TRUE if ok, or if the ULP doesn't have a well-defined checksum 1822 * algorithm. 1823 * Increments statistics if failed. 1824 */ 1825 static boolean_t 1826 ip_input_cksum_v6(iaflags_t iraflags, mblk_t *mp, ip6_t *ip6h, 1827 ip_recv_attr_t *ira) 1828 { 1829 ill_t *ill = ira->ira_rill; 1830 uint16_t hck_flags; 1831 uint32_t cksum; 1832 mblk_t *mp1; 1833 uint_t len; 1834 uint8_t protocol = ira->ira_protocol; 1835 uint16_t ip_hdr_length = ira->ira_ip_hdr_length; 1836 1837 1838 switch (protocol) { 1839 case IPPROTO_TCP: 1840 case IPPROTO_ICMPV6: 1841 break; 1842 1843 case IPPROTO_UDP: { 1844 udpha_t *udpha; 1845 1846 udpha = (udpha_t *)((uchar_t *)ip6h + ip_hdr_length); 1847 /* 1848 * Before going through the regular checksum 1849 * calculation, make sure the received checksum 1850 * is non-zero. RFC 2460 says, a 0x0000 checksum 1851 * in a UDP packet (within IPv6 packet) is invalid 1852 * and should be replaced by 0xffff. This makes 1853 * sense as regular checksum calculation will 1854 * pass for both the cases i.e. 0x0000 and 0xffff. 1855 * Removing one of the case makes error detection 1856 * stronger. 1857 */ 1858 if (udpha->uha_checksum == 0) { 1859 /* 0x0000 checksum is invalid */ 1860 BUMP_MIB(ill->ill_ip_mib, udpIfStatsInCksumErrs); 1861 return (B_FALSE); 1862 } 1863 break; 1864 } 1865 case IPPROTO_SCTP: { 1866 sctp_hdr_t *sctph; 1867 uint32_t pktsum; 1868 1869 sctph = (sctp_hdr_t *)((uchar_t *)ip6h + ip_hdr_length); 1870 #ifdef DEBUG 1871 if (skip_sctp_cksum) 1872 return (B_TRUE); 1873 #endif 1874 pktsum = sctph->sh_chksum; 1875 sctph->sh_chksum = 0; 1876 cksum = sctp_cksum(mp, ip_hdr_length); 1877 sctph->sh_chksum = pktsum; 1878 if (cksum == pktsum) 1879 return (B_TRUE); 1880 1881 /* 1882 * Defer until later whether a bad checksum is ok 1883 * in order to allow RAW sockets to use Adler checksum 1884 * with SCTP. 1885 */ 1886 ira->ira_flags |= IRAF_SCTP_CSUM_ERR; 1887 return (B_TRUE); 1888 } 1889 1890 default: 1891 /* No ULP checksum to verify. */ 1892 return (B_TRUE); 1893 } 1894 1895 /* 1896 * Revert to software checksum calculation if the interface 1897 * isn't capable of checksum offload. 1898 * We clear DB_CKSUMFLAGS when going through IPsec in ip_fanout. 1899 * Note: IRAF_NO_HW_CKSUM is not currently used. 1900 */ 1901 ASSERT(!IS_IPMP(ill)); 1902 if ((iraflags & IRAF_NO_HW_CKSUM) || !ILL_HCKSUM_CAPABLE(ill) || 1903 !dohwcksum) { 1904 return (ip_input_sw_cksum_v6(mp, ip6h, ira)); 1905 } 1906 1907 hck_flags = DB_CKSUMFLAGS(mp); 1908 1909 /* 1910 * We apply this for all ULP protocols. Does the HW know to 1911 * not set the flags for SCTP and other protocols. 1912 */ 1913 if (hck_flags & HCK_FULLCKSUM_OK) { 1914 /* 1915 * Hardware has already verified the checksum. 1916 */ 1917 return (B_TRUE); 1918 } 1919 1920 if (hck_flags & HCK_FULLCKSUM) { 1921 /* 1922 * Full checksum has been computed by the hardware 1923 * and has been attached. If the driver wants us to 1924 * verify the correctness of the attached value, in 1925 * order to protect against faulty hardware, compare 1926 * it against -0 (0xFFFF) to see if it's valid. 1927 */ 1928 cksum = DB_CKSUM16(mp); 1929 if (cksum == 0xFFFF) 1930 return (B_TRUE); 1931 ip_input_cksum_err_v6(protocol, hck_flags, ira->ira_ill); 1932 return (B_FALSE); 1933 } 1934 1935 mp1 = mp->b_cont; 1936 if ((hck_flags & HCK_PARTIALCKSUM) && 1937 (mp1 == NULL || mp1->b_cont == NULL) && 1938 ip_hdr_length >= DB_CKSUMSTART(mp) && 1939 ((len = ip_hdr_length - DB_CKSUMSTART(mp)) & 1) == 0) { 1940 uint32_t adj; 1941 uchar_t *cksum_start; 1942 1943 cksum = ip_input_cksum_pseudo_v6(ip6h, ira); 1944 1945 cksum_start = ((uchar_t *)ip6h + DB_CKSUMSTART(mp)); 1946 1947 /* 1948 * Partial checksum has been calculated by hardware 1949 * and attached to the packet; in addition, any 1950 * prepended extraneous data is even byte aligned, 1951 * and there are at most two mblks associated with 1952 * the packet. If any such data exists, we adjust 1953 * the checksum; also take care any postpended data. 1954 */ 1955 IP_ADJCKSUM_PARTIAL(cksum_start, mp, mp1, len, adj); 1956 /* 1957 * One's complement subtract extraneous checksum 1958 */ 1959 cksum += DB_CKSUM16(mp); 1960 if (adj >= cksum) 1961 cksum = ~(adj - cksum) & 0xFFFF; 1962 else 1963 cksum -= adj; 1964 cksum = (cksum & 0xFFFF) + ((int)cksum >> 16); 1965 cksum = (cksum & 0xFFFF) + ((int)cksum >> 16); 1966 if (!(~cksum & 0xFFFF)) 1967 return (B_TRUE); 1968 1969 ip_input_cksum_err_v6(protocol, hck_flags, ira->ira_ill); 1970 return (B_FALSE); 1971 } 1972 return (ip_input_sw_cksum_v6(mp, ip6h, ira)); 1973 } 1974 1975 1976 /* 1977 * Handle fanout of received packets. 1978 * Unicast packets that are looped back (from ire_send_local_v6) and packets 1979 * from the wire are differentiated by checking IRAF_VERIFY_ULP_CKSUM. 1980 * 1981 * IPQoS Notes 1982 * Before sending it to the client, invoke IPPF processing. Policy processing 1983 * takes place only if the callout_position, IPP_LOCAL_IN, is enabled. 1984 */ 1985 void 1986 ip_fanout_v6(mblk_t *mp, ip6_t *ip6h, ip_recv_attr_t *ira) 1987 { 1988 ill_t *ill = ira->ira_ill; 1989 iaflags_t iraflags = ira->ira_flags; 1990 ip_stack_t *ipst = ill->ill_ipst; 1991 uint8_t protocol; 1992 conn_t *connp; 1993 #define rptr ((uchar_t *)ip6h) 1994 uint_t ip_hdr_length; 1995 uint_t min_ulp_header_length; 1996 int offset; 1997 ssize_t len; 1998 netstack_t *ns = ipst->ips_netstack; 1999 ipsec_stack_t *ipss = ns->netstack_ipsec; 2000 ill_t *rill = ira->ira_rill; 2001 2002 ASSERT(ira->ira_pktlen == ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN); 2003 2004 /* 2005 * We repeat this as we parse over destination options header and 2006 * fragment headers (earlier we've handled any hop-by-hop options 2007 * header.) 2008 * We update ira_protocol and ira_ip_hdr_length as we skip past 2009 * the intermediate headers; they already point past any 2010 * hop-by-hop header. 2011 */ 2012 repeat: 2013 protocol = ira->ira_protocol; 2014 ip_hdr_length = ira->ira_ip_hdr_length; 2015 2016 /* 2017 * Time for IPP once we've done reassembly and IPsec. 2018 * We skip this for loopback packets since we don't do IPQoS 2019 * on loopback. 2020 */ 2021 if (IPP_ENABLED(IPP_LOCAL_IN, ipst) && 2022 !(iraflags & IRAF_LOOPBACK) && 2023 (protocol != IPPROTO_ESP && protocol != IPPROTO_AH && 2024 protocol != IPPROTO_DSTOPTS && protocol != IPPROTO_ROUTING && 2025 protocol != IPPROTO_FRAGMENT)) { 2026 /* 2027 * Use the interface on which the packet arrived - not where 2028 * the IP address is hosted. 2029 */ 2030 /* ip_process translates an IS_UNDER_IPMP */ 2031 mp = ip_process(IPP_LOCAL_IN, mp, rill, ill); 2032 if (mp == NULL) { 2033 /* ip_drop_packet and MIB done */ 2034 return; 2035 } 2036 } 2037 2038 /* Determine the minimum required size of the upper-layer header */ 2039 /* Need to do this for at least the set of ULPs that TX handles. */ 2040 switch (protocol) { 2041 case IPPROTO_TCP: 2042 min_ulp_header_length = TCP_MIN_HEADER_LENGTH; 2043 break; 2044 case IPPROTO_SCTP: 2045 min_ulp_header_length = SCTP_COMMON_HDR_LENGTH; 2046 break; 2047 case IPPROTO_UDP: 2048 min_ulp_header_length = UDPH_SIZE; 2049 break; 2050 case IPPROTO_ICMP: 2051 case IPPROTO_ICMPV6: 2052 min_ulp_header_length = ICMPH_SIZE; 2053 break; 2054 case IPPROTO_FRAGMENT: 2055 case IPPROTO_DSTOPTS: 2056 case IPPROTO_ROUTING: 2057 min_ulp_header_length = MIN_EHDR_LEN; 2058 break; 2059 default: 2060 min_ulp_header_length = 0; 2061 break; 2062 } 2063 /* Make sure we have the min ULP header length */ 2064 len = mp->b_wptr - rptr; 2065 if (len < ip_hdr_length + min_ulp_header_length) { 2066 if (ira->ira_pktlen < ip_hdr_length + min_ulp_header_length) 2067 goto pkt_too_short; 2068 2069 IP6_STAT(ipst, ip6_recv_pullup); 2070 ip6h = ip_pullup(mp, ip_hdr_length + min_ulp_header_length, 2071 ira); 2072 if (ip6h == NULL) 2073 goto discard; 2074 len = mp->b_wptr - rptr; 2075 } 2076 2077 /* 2078 * If trusted extensions then determine the zoneid and TX specific 2079 * ira_flags. 2080 */ 2081 if (iraflags & IRAF_SYSTEM_LABELED) { 2082 /* This can update ira->ira_flags and ira->ira_zoneid */ 2083 ip_fanout_tx_v6(mp, ip6h, protocol, ip_hdr_length, ira); 2084 iraflags = ira->ira_flags; 2085 } 2086 2087 2088 /* Verify ULP checksum. Handles TCP, UDP, and SCTP */ 2089 if (iraflags & IRAF_VERIFY_ULP_CKSUM) { 2090 if (!ip_input_cksum_v6(iraflags, mp, ip6h, ira)) { 2091 /* Bad checksum. Stats are already incremented */ 2092 ip_drop_input("Bad ULP checksum", mp, ill); 2093 freemsg(mp); 2094 return; 2095 } 2096 /* IRAF_SCTP_CSUM_ERR could have been set */ 2097 iraflags = ira->ira_flags; 2098 } 2099 switch (protocol) { 2100 case IPPROTO_TCP: 2101 /* For TCP, discard multicast packets. */ 2102 if (iraflags & IRAF_MULTIBROADCAST) 2103 goto discard; 2104 2105 /* First mblk contains IP+TCP headers per above check */ 2106 ASSERT(len >= ip_hdr_length + TCP_MIN_HEADER_LENGTH); 2107 2108 /* TCP options present? */ 2109 offset = ((uchar_t *)ip6h)[ip_hdr_length + 12] >> 4; 2110 if (offset != 5) { 2111 if (offset < 5) 2112 goto discard; 2113 2114 /* 2115 * There must be TCP options. 2116 * Make sure we can grab them. 2117 */ 2118 offset <<= 2; 2119 offset += ip_hdr_length; 2120 if (len < offset) { 2121 if (ira->ira_pktlen < offset) 2122 goto pkt_too_short; 2123 2124 IP6_STAT(ipst, ip6_recv_pullup); 2125 ip6h = ip_pullup(mp, offset, ira); 2126 if (ip6h == NULL) 2127 goto discard; 2128 len = mp->b_wptr - rptr; 2129 } 2130 } 2131 2132 /* 2133 * Pass up a squeue hint to tcp. 2134 * If ira_sqp is already set (this is loopback) we leave it 2135 * alone. 2136 */ 2137 if (ira->ira_sqp == NULL) { 2138 ira->ira_sqp = ip_squeue_get(ira->ira_ring); 2139 } 2140 2141 /* Look for AF_INET or AF_INET6 that matches */ 2142 connp = ipcl_classify_v6(mp, IPPROTO_TCP, ip_hdr_length, 2143 ira, ipst); 2144 if (connp == NULL) { 2145 /* Send the TH_RST */ 2146 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers); 2147 tcp_xmit_listeners_reset(mp, ira, ipst, NULL); 2148 return; 2149 } 2150 if (connp->conn_min_ttl != 0 && 2151 connp->conn_min_ttl > ira->ira_ttl) { 2152 CONN_DEC_REF(connp); 2153 goto discard; 2154 } 2155 if (CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss) || 2156 (iraflags & IRAF_IPSEC_SECURE)) { 2157 mp = ipsec_check_inbound_policy(mp, connp, 2158 NULL, ip6h, ira); 2159 if (mp == NULL) { 2160 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 2161 /* Note that mp is NULL */ 2162 ip_drop_input("ipIfStatsInDiscards", mp, ill); 2163 CONN_DEC_REF(connp); 2164 return; 2165 } 2166 } 2167 /* Found a client; up it goes */ 2168 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers); 2169 ira->ira_ill = ira->ira_rill = NULL; 2170 if (!IPCL_IS_TCP(connp)) { 2171 /* Not TCP; must be SOCK_RAW, IPPROTO_TCP */ 2172 (connp->conn_recv)(connp, mp, NULL, ira); 2173 CONN_DEC_REF(connp); 2174 ira->ira_ill = ill; 2175 ira->ira_rill = rill; 2176 return; 2177 } 2178 2179 /* 2180 * We do different processing whether called from 2181 * ip_accept_tcp and we match the target, don't match 2182 * the target, and when we are called by ip_input. 2183 */ 2184 if (iraflags & IRAF_TARGET_SQP) { 2185 if (ira->ira_target_sqp == connp->conn_sqp) { 2186 mblk_t *attrmp; 2187 2188 attrmp = ip_recv_attr_to_mblk(ira); 2189 if (attrmp == NULL) { 2190 BUMP_MIB(ill->ill_ip_mib, 2191 ipIfStatsInDiscards); 2192 ip_drop_input("ipIfStatsInDiscards", 2193 mp, ill); 2194 freemsg(mp); 2195 CONN_DEC_REF(connp); 2196 } else { 2197 SET_SQUEUE(attrmp, connp->conn_recv, 2198 connp); 2199 attrmp->b_cont = mp; 2200 ASSERT(ira->ira_target_sqp_mp == NULL); 2201 ira->ira_target_sqp_mp = attrmp; 2202 /* 2203 * Conn ref release when drained from 2204 * the squeue. 2205 */ 2206 } 2207 } else { 2208 SQUEUE_ENTER_ONE(connp->conn_sqp, mp, 2209 connp->conn_recv, connp, ira, SQ_FILL, 2210 SQTAG_IP6_TCP_INPUT); 2211 } 2212 } else { 2213 SQUEUE_ENTER_ONE(connp->conn_sqp, mp, connp->conn_recv, 2214 connp, ira, ip_squeue_flag, SQTAG_IP6_TCP_INPUT); 2215 } 2216 ira->ira_ill = ill; 2217 ira->ira_rill = rill; 2218 return; 2219 2220 case IPPROTO_SCTP: { 2221 sctp_hdr_t *sctph; 2222 uint32_t ports; /* Source and destination ports */ 2223 sctp_stack_t *sctps = ipst->ips_netstack->netstack_sctp; 2224 2225 /* For SCTP, discard multicast packets. */ 2226 if (iraflags & IRAF_MULTIBROADCAST) 2227 goto discard; 2228 2229 /* 2230 * Since there is no SCTP h/w cksum support yet, just 2231 * clear the flag. 2232 */ 2233 DB_CKSUMFLAGS(mp) = 0; 2234 2235 /* Length ensured above */ 2236 ASSERT(MBLKL(mp) >= ip_hdr_length + SCTP_COMMON_HDR_LENGTH); 2237 sctph = (sctp_hdr_t *)(rptr + ip_hdr_length); 2238 2239 /* get the ports */ 2240 ports = *(uint32_t *)&sctph->sh_sport; 2241 2242 if (iraflags & IRAF_SCTP_CSUM_ERR) { 2243 /* 2244 * No potential sctp checksum errors go to the Sun 2245 * sctp stack however they might be Adler-32 summed 2246 * packets a userland stack bound to a raw IP socket 2247 * could reasonably use. Note though that Adler-32 is 2248 * a long deprecated algorithm and customer sctp 2249 * networks should eventually migrate to CRC-32 at 2250 * which time this facility should be removed. 2251 */ 2252 ip_fanout_sctp_raw(mp, NULL, ip6h, ports, ira); 2253 return; 2254 } 2255 connp = sctp_fanout(&ip6h->ip6_src, &ip6h->ip6_dst, ports, 2256 ira, mp, sctps, sctph); 2257 if (connp == NULL) { 2258 /* Check for raw socket or OOTB handling */ 2259 ip_fanout_sctp_raw(mp, NULL, ip6h, ports, ira); 2260 return; 2261 } 2262 if (connp->conn_incoming_ifindex != 0 && 2263 connp->conn_incoming_ifindex != ira->ira_ruifindex) { 2264 CONN_DEC_REF(connp); 2265 2266 /* Check for raw socket or OOTB handling */ 2267 ip_fanout_sctp_raw(mp, NULL, ip6h, ports, ira); 2268 return; 2269 } 2270 2271 /* Found a client; up it goes */ 2272 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers); 2273 sctp_input(connp, NULL, ip6h, mp, ira); 2274 /* sctp_input does a rele of the sctp_t */ 2275 return; 2276 } 2277 2278 case IPPROTO_UDP: 2279 /* First mblk contains IP+UDP headers as checked above */ 2280 ASSERT(MBLKL(mp) >= ip_hdr_length + UDPH_SIZE); 2281 2282 if (iraflags & IRAF_MULTIBROADCAST) { 2283 uint16_t *up; /* Pointer to ports in ULP header */ 2284 2285 up = (uint16_t *)((uchar_t *)ip6h + ip_hdr_length); 2286 2287 ip_fanout_udp_multi_v6(mp, ip6h, up[1], up[0], ira); 2288 return; 2289 } 2290 2291 /* Look for AF_INET or AF_INET6 that matches */ 2292 connp = ipcl_classify_v6(mp, IPPROTO_UDP, ip_hdr_length, 2293 ira, ipst); 2294 if (connp == NULL) { 2295 if (ipst->ips_ipcl_proto_fanout_v6[IPPROTO_UDP]. 2296 connf_head != NULL) { 2297 ASSERT(ira->ira_protocol == IPPROTO_UDP); 2298 ip_fanout_proto_v6(mp, ip6h, ira); 2299 } else { 2300 ip_fanout_send_icmp_v6(mp, ICMP6_DST_UNREACH, 2301 ICMP6_DST_UNREACH_NOPORT, ira); 2302 } 2303 return; 2304 2305 } 2306 if (connp->conn_min_ttl != 0 && 2307 connp->conn_min_ttl > ira->ira_ttl) { 2308 CONN_DEC_REF(connp); 2309 goto discard; 2310 } 2311 if (IPCL_IS_NONSTR(connp) ? connp->conn_flow_cntrld : 2312 !canputnext(connp->conn_rq)) { 2313 CONN_DEC_REF(connp); 2314 BUMP_MIB(ill->ill_ip_mib, udpIfStatsInOverflows); 2315 ip_drop_input("udpIfStatsInOverflows", mp, ill); 2316 freemsg(mp); 2317 return; 2318 } 2319 if (CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss) || 2320 (iraflags & IRAF_IPSEC_SECURE)) { 2321 mp = ipsec_check_inbound_policy(mp, connp, 2322 NULL, ip6h, ira); 2323 if (mp == NULL) { 2324 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 2325 /* Note that mp is NULL */ 2326 ip_drop_input("ipIfStatsInDiscards", mp, ill); 2327 CONN_DEC_REF(connp); 2328 return; 2329 } 2330 } 2331 2332 /* Found a client; up it goes */ 2333 IP6_STAT(ipst, ip6_udp_fannorm); 2334 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers); 2335 ira->ira_ill = ira->ira_rill = NULL; 2336 (connp->conn_recv)(connp, mp, NULL, ira); 2337 CONN_DEC_REF(connp); 2338 ira->ira_ill = ill; 2339 ira->ira_rill = rill; 2340 return; 2341 default: 2342 break; 2343 } 2344 2345 /* 2346 * Clear hardware checksumming flag as it is currently only 2347 * used by TCP and UDP. 2348 */ 2349 DB_CKSUMFLAGS(mp) = 0; 2350 2351 switch (protocol) { 2352 case IPPROTO_ICMPV6: 2353 BUMP_MIB(ill->ill_icmp6_mib, ipv6IfIcmpInMsgs); 2354 2355 /* Check variable for testing applications */ 2356 if (ipst->ips_ipv6_drop_inbound_icmpv6) { 2357 ip_drop_input("ipv6_drop_inbound_icmpv6", mp, ill); 2358 freemsg(mp); 2359 return; 2360 } 2361 /* 2362 * We need to accomodate icmp messages coming in clear 2363 * until we get everything secure from the wire. If 2364 * icmp_accept_clear_messages is zero we check with 2365 * the global policy and act accordingly. If it is 2366 * non-zero, we accept the message without any checks. 2367 * But *this does not mean* that this will be delivered 2368 * to RAW socket clients. By accepting we might send 2369 * replies back, change our MTU value etc., 2370 * but delivery to the ULP/clients depends on their 2371 * policy dispositions. 2372 */ 2373 if (ipst->ips_icmp_accept_clear_messages == 0) { 2374 mp = ipsec_check_global_policy(mp, NULL, 2375 NULL, ip6h, ira, ns); 2376 if (mp == NULL) 2377 return; 2378 } 2379 2380 /* 2381 * On a labeled system, we have to check whether the zone 2382 * itself is permitted to receive raw traffic. 2383 */ 2384 if (ira->ira_flags & IRAF_SYSTEM_LABELED) { 2385 if (!tsol_can_accept_raw(mp, ira, B_FALSE)) { 2386 BUMP_MIB(ill->ill_icmp6_mib, 2387 ipv6IfIcmpInErrors); 2388 ip_drop_input("tsol_can_accept_raw", mp, ill); 2389 freemsg(mp); 2390 return; 2391 } 2392 } 2393 2394 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers); 2395 mp = icmp_inbound_v6(mp, ira); 2396 if (mp == NULL) { 2397 /* No need to pass to RAW sockets */ 2398 return; 2399 } 2400 break; 2401 2402 case IPPROTO_DSTOPTS: { 2403 ip6_dest_t *desthdr; 2404 uint_t ehdrlen; 2405 uint8_t *optptr; 2406 2407 /* We already check for MIN_EHDR_LEN above */ 2408 2409 /* Check if AH is present and needs to be processed. */ 2410 mp = ipsec_early_ah_v6(mp, ira); 2411 if (mp == NULL) 2412 return; 2413 2414 /* 2415 * Reinitialize pointers, as ipsec_early_ah_v6() does 2416 * complete pullups. We don't have to do more pullups 2417 * as a result. 2418 */ 2419 ip6h = (ip6_t *)mp->b_rptr; 2420 2421 if (ira->ira_pktlen - ip_hdr_length < MIN_EHDR_LEN) 2422 goto pkt_too_short; 2423 2424 if (mp->b_cont != NULL && 2425 rptr + ip_hdr_length + MIN_EHDR_LEN > mp->b_wptr) { 2426 ip6h = ip_pullup(mp, ip_hdr_length + MIN_EHDR_LEN, ira); 2427 if (ip6h == NULL) 2428 goto discard; 2429 } 2430 desthdr = (ip6_dest_t *)(rptr + ip_hdr_length); 2431 ehdrlen = 8 * (desthdr->ip6d_len + 1); 2432 if (ira->ira_pktlen - ip_hdr_length < ehdrlen) 2433 goto pkt_too_short; 2434 if (mp->b_cont != NULL && 2435 rptr + IPV6_HDR_LEN + ehdrlen > mp->b_wptr) { 2436 ip6h = ip_pullup(mp, IPV6_HDR_LEN + ehdrlen, ira); 2437 if (ip6h == NULL) 2438 goto discard; 2439 2440 desthdr = (ip6_dest_t *)(rptr + ip_hdr_length); 2441 } 2442 optptr = (uint8_t *)&desthdr[1]; 2443 2444 /* 2445 * Update ira_ip_hdr_length to skip the destination header 2446 * when we repeat. 2447 */ 2448 ira->ira_ip_hdr_length += ehdrlen; 2449 2450 ira->ira_protocol = desthdr->ip6d_nxt; 2451 2452 /* 2453 * Note: XXX This code does not seem to make 2454 * distinction between Destination Options Header 2455 * being before/after Routing Header which can 2456 * happen if we are at the end of source route. 2457 * This may become significant in future. 2458 * (No real significant Destination Options are 2459 * defined/implemented yet ). 2460 */ 2461 switch (ip_process_options_v6(mp, ip6h, optptr, 2462 ehdrlen - 2, IPPROTO_DSTOPTS, ira)) { 2463 case -1: 2464 /* 2465 * Packet has been consumed and any needed 2466 * ICMP errors sent. 2467 */ 2468 return; 2469 case 0: 2470 /* No action needed continue */ 2471 break; 2472 case 1: 2473 /* 2474 * Unnexpected return value 2475 * (Router alert is a Hop-by-Hop option) 2476 */ 2477 #ifdef DEBUG 2478 panic("ip_fanout_v6: router " 2479 "alert hbh opt indication in dest opt"); 2480 /*NOTREACHED*/ 2481 #else 2482 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 2483 ip_drop_input("ipIfStatsInDiscards", mp, ill); 2484 freemsg(mp); 2485 return; 2486 #endif 2487 } 2488 goto repeat; 2489 } 2490 case IPPROTO_FRAGMENT: { 2491 ip6_frag_t *fraghdr; 2492 2493 if (ira->ira_pktlen - ip_hdr_length < sizeof (ip6_frag_t)) 2494 goto pkt_too_short; 2495 2496 if (mp->b_cont != NULL && 2497 rptr + ip_hdr_length + sizeof (ip6_frag_t) > mp->b_wptr) { 2498 ip6h = ip_pullup(mp, 2499 ip_hdr_length + sizeof (ip6_frag_t), ira); 2500 if (ip6h == NULL) 2501 goto discard; 2502 } 2503 2504 fraghdr = (ip6_frag_t *)(rptr + ip_hdr_length); 2505 BUMP_MIB(ill->ill_ip_mib, ipIfStatsReasmReqds); 2506 2507 /* 2508 * Invoke the CGTP (multirouting) filtering module to 2509 * process the incoming packet. Packets identified as 2510 * duplicates must be discarded. Filtering is active 2511 * only if the ip_cgtp_filter ndd variable is 2512 * non-zero. 2513 */ 2514 if (ipst->ips_ip_cgtp_filter && 2515 ipst->ips_ip_cgtp_filter_ops != NULL) { 2516 int cgtp_flt_pkt; 2517 netstackid_t stackid; 2518 2519 stackid = ipst->ips_netstack->netstack_stackid; 2520 2521 /* 2522 * CGTP and IPMP are mutually exclusive so 2523 * phyint_ifindex is fine here. 2524 */ 2525 cgtp_flt_pkt = 2526 ipst->ips_ip_cgtp_filter_ops->cfo_filter_v6( 2527 stackid, ill->ill_phyint->phyint_ifindex, 2528 ip6h, fraghdr); 2529 if (cgtp_flt_pkt == CGTP_IP_PKT_DUPLICATE) { 2530 ip_drop_input("CGTP_IP_PKT_DUPLICATE", mp, ill); 2531 freemsg(mp); 2532 return; 2533 } 2534 } 2535 2536 /* 2537 * Update ip_hdr_length to skip the frag header 2538 * ip_input_fragment_v6 will determine the extension header 2539 * prior to the fragment header and update its nexthdr value, 2540 * and also set ira_protocol to the nexthdr that follows the 2541 * completed fragment. 2542 */ 2543 ip_hdr_length += sizeof (ip6_frag_t); 2544 2545 /* 2546 * Make sure we have ira_l2src before we loose the original 2547 * mblk 2548 */ 2549 if (!(ira->ira_flags & IRAF_L2SRC_SET)) 2550 ip_setl2src(mp, ira, ira->ira_rill); 2551 2552 mp = ip_input_fragment_v6(mp, ip6h, fraghdr, 2553 ira->ira_pktlen - ip_hdr_length, ira); 2554 if (mp == NULL) { 2555 /* Reassembly is still pending */ 2556 return; 2557 } 2558 BUMP_MIB(ill->ill_ip_mib, ipIfStatsReasmOKs); 2559 2560 /* 2561 * The mblk chain has the frag header removed and 2562 * ira_protocol, ira_pktlen, ira_ip_hdr_length as well as the 2563 * IP header has been updated to refleact the result. 2564 */ 2565 ip6h = (ip6_t *)mp->b_rptr; 2566 ip_hdr_length = ira->ira_ip_hdr_length; 2567 goto repeat; 2568 } 2569 case IPPROTO_HOPOPTS: 2570 /* 2571 * Illegal header sequence. 2572 * (Hop-by-hop headers are processed above 2573 * and required to immediately follow IPv6 header) 2574 */ 2575 ip_drop_input("ICMP_PARAM_PROBLEM", mp, ill); 2576 icmp_param_problem_nexthdr_v6(mp, B_FALSE, ira); 2577 return; 2578 2579 case IPPROTO_ROUTING: { 2580 uint_t ehdrlen; 2581 ip6_rthdr_t *rthdr; 2582 2583 /* Check if AH is present and needs to be processed. */ 2584 mp = ipsec_early_ah_v6(mp, ira); 2585 if (mp == NULL) 2586 return; 2587 2588 /* 2589 * Reinitialize pointers, as ipsec_early_ah_v6() does 2590 * complete pullups. We don't have to do more pullups 2591 * as a result. 2592 */ 2593 ip6h = (ip6_t *)mp->b_rptr; 2594 2595 if (ira->ira_pktlen - ip_hdr_length < MIN_EHDR_LEN) 2596 goto pkt_too_short; 2597 2598 if (mp->b_cont != NULL && 2599 rptr + ip_hdr_length + MIN_EHDR_LEN > mp->b_wptr) { 2600 ip6h = ip_pullup(mp, ip_hdr_length + MIN_EHDR_LEN, ira); 2601 if (ip6h == NULL) 2602 goto discard; 2603 } 2604 rthdr = (ip6_rthdr_t *)(rptr + ip_hdr_length); 2605 protocol = ira->ira_protocol = rthdr->ip6r_nxt; 2606 ehdrlen = 8 * (rthdr->ip6r_len + 1); 2607 if (ira->ira_pktlen - ip_hdr_length < ehdrlen) 2608 goto pkt_too_short; 2609 if (mp->b_cont != NULL && 2610 rptr + IPV6_HDR_LEN + ehdrlen > mp->b_wptr) { 2611 ip6h = ip_pullup(mp, IPV6_HDR_LEN + ehdrlen, ira); 2612 if (ip6h == NULL) 2613 goto discard; 2614 rthdr = (ip6_rthdr_t *)(rptr + ip_hdr_length); 2615 } 2616 if (rthdr->ip6r_segleft != 0) { 2617 /* Not end of source route */ 2618 if (ira->ira_flags & 2619 (IRAF_L2DST_MULTICAST|IRAF_L2DST_BROADCAST)) { 2620 BUMP_MIB(ill->ill_ip_mib, 2621 ipIfStatsForwProhibits); 2622 ip_drop_input("ipIfStatsInForwProhibits", 2623 mp, ill); 2624 freemsg(mp); 2625 return; 2626 } 2627 ip_process_rthdr(mp, ip6h, rthdr, ira); 2628 return; 2629 } 2630 ira->ira_ip_hdr_length += ehdrlen; 2631 goto repeat; 2632 } 2633 2634 case IPPROTO_AH: 2635 case IPPROTO_ESP: { 2636 /* 2637 * Fast path for AH/ESP. 2638 */ 2639 netstack_t *ns = ipst->ips_netstack; 2640 ipsec_stack_t *ipss = ns->netstack_ipsec; 2641 2642 IP_STAT(ipst, ipsec_proto_ahesp); 2643 2644 if (!ipsec_loaded(ipss)) { 2645 ip_proto_not_sup(mp, ira); 2646 return; 2647 } 2648 2649 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers); 2650 /* select inbound SA and have IPsec process the pkt */ 2651 if (protocol == IPPROTO_ESP) { 2652 esph_t *esph; 2653 2654 mp = ipsec_inbound_esp_sa(mp, ira, &esph); 2655 if (mp == NULL) 2656 return; 2657 2658 ASSERT(esph != NULL); 2659 ASSERT(ira->ira_flags & IRAF_IPSEC_SECURE); 2660 ASSERT(ira->ira_ipsec_esp_sa != NULL); 2661 ASSERT(ira->ira_ipsec_esp_sa->ipsa_input_func != NULL); 2662 2663 mp = ira->ira_ipsec_esp_sa->ipsa_input_func(mp, esph, 2664 ira); 2665 } else { 2666 ah_t *ah; 2667 2668 mp = ipsec_inbound_ah_sa(mp, ira, &ah); 2669 if (mp == NULL) 2670 return; 2671 2672 ASSERT(ah != NULL); 2673 ASSERT(ira->ira_flags & IRAF_IPSEC_SECURE); 2674 ASSERT(ira->ira_ipsec_ah_sa != NULL); 2675 ASSERT(ira->ira_ipsec_ah_sa->ipsa_input_func != NULL); 2676 mp = ira->ira_ipsec_ah_sa->ipsa_input_func(mp, ah, 2677 ira); 2678 } 2679 2680 if (mp == NULL) { 2681 /* 2682 * Either it failed or is pending. In the former case 2683 * ipIfStatsInDiscards was increased. 2684 */ 2685 return; 2686 } 2687 /* we're done with IPsec processing, send it up */ 2688 ip_input_post_ipsec(mp, ira); 2689 return; 2690 } 2691 case IPPROTO_NONE: 2692 /* All processing is done. Count as "delivered". */ 2693 freemsg(mp); 2694 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers); 2695 return; 2696 2697 case IPPROTO_ENCAP: 2698 case IPPROTO_IPV6: 2699 /* iptun will verify trusted label */ 2700 connp = ipcl_classify_v6(mp, protocol, ip_hdr_length, 2701 ira, ipst); 2702 if (connp != NULL) { 2703 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInDelivers); 2704 ira->ira_ill = ira->ira_rill = NULL; 2705 connp->conn_recv(connp, mp, NULL, ira); 2706 CONN_DEC_REF(connp); 2707 ira->ira_ill = ill; 2708 ira->ira_rill = rill; 2709 return; 2710 } 2711 /* FALLTHRU */ 2712 default: 2713 /* 2714 * On a labeled system, we have to check whether the zone 2715 * itself is permitted to receive raw traffic. 2716 */ 2717 if (ira->ira_flags & IRAF_SYSTEM_LABELED) { 2718 if (!tsol_can_accept_raw(mp, ira, B_FALSE)) { 2719 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 2720 ip_drop_input("ipIfStatsInDiscards", mp, ill); 2721 freemsg(mp); 2722 return; 2723 } 2724 } 2725 break; 2726 } 2727 2728 /* 2729 * The above input functions may have returned the pulled up message. 2730 * So ip6h need to be reinitialized. 2731 */ 2732 ip6h = (ip6_t *)mp->b_rptr; 2733 ira->ira_protocol = protocol; 2734 if (ipst->ips_ipcl_proto_fanout_v6[protocol].connf_head == NULL) { 2735 /* No user-level listener for these packets packets */ 2736 ip_proto_not_sup(mp, ira); 2737 return; 2738 } 2739 2740 /* 2741 * Handle fanout to raw sockets. There 2742 * can be more than one stream bound to a particular 2743 * protocol. When this is the case, each one gets a copy 2744 * of any incoming packets. 2745 */ 2746 ASSERT(ira->ira_protocol == protocol); 2747 ip_fanout_proto_v6(mp, ip6h, ira); 2748 return; 2749 2750 pkt_too_short: 2751 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInTruncatedPkts); 2752 ip_drop_input("ipIfStatsInTruncatedPkts", mp, ill); 2753 freemsg(mp); 2754 return; 2755 2756 discard: 2757 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 2758 ip_drop_input("ipIfStatsInDiscards", mp, ill); 2759 freemsg(mp); 2760 #undef rptr 2761 } 2762