1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 * Copyright 2017 OmniTI Computer Consulting, Inc. All rights reserved.
26 * Copyright 2018 Joyent, Inc.
27 * Copyright 2024 Oxide Computer Company
28 */
29 /* Copyright (c) 1990 Mentat Inc. */
30
31 #include <sys/types.h>
32 #include <sys/stream.h>
33 #include <sys/strsubr.h>
34 #include <sys/dlpi.h>
35 #include <sys/strsun.h>
36 #include <sys/zone.h>
37 #include <sys/ddi.h>
38 #include <sys/sunddi.h>
39 #include <sys/cmn_err.h>
40 #include <sys/debug.h>
41 #include <sys/atomic.h>
42
43 #include <sys/systm.h>
44 #include <sys/param.h>
45 #include <sys/kmem.h>
46 #include <sys/sdt.h>
47 #include <sys/socket.h>
48 #include <sys/mac.h>
49 #include <net/if.h>
50 #include <net/if_arp.h>
51 #include <net/route.h>
52 #include <sys/sockio.h>
53 #include <netinet/in.h>
54 #include <net/if_dl.h>
55
56 #include <inet/common.h>
57 #include <inet/mi.h>
58 #include <inet/mib2.h>
59 #include <inet/nd.h>
60 #include <inet/arp.h>
61 #include <inet/snmpcom.h>
62 #include <inet/kstatcom.h>
63
64 #include <netinet/igmp_var.h>
65 #include <netinet/ip6.h>
66 #include <netinet/icmp6.h>
67 #include <netinet/sctp.h>
68
69 #include <inet/ip.h>
70 #include <inet/ip_impl.h>
71 #include <inet/ip6.h>
72 #include <inet/ip6_asp.h>
73 #include <inet/tcp.h>
74 #include <inet/ip_multi.h>
75 #include <inet/ip_if.h>
76 #include <inet/ip_ire.h>
77 #include <inet/ip_ftable.h>
78 #include <inet/ip_rts.h>
79 #include <inet/optcom.h>
80 #include <inet/ip_ndp.h>
81 #include <inet/ip_listutils.h>
82 #include <netinet/igmp.h>
83 #include <netinet/ip_mroute.h>
84 #include <inet/ipp_common.h>
85
86 #include <net/pfkeyv2.h>
87 #include <inet/sadb.h>
88 #include <inet/ipsec_impl.h>
89 #include <inet/ipdrop.h>
90 #include <inet/ip_netinfo.h>
91
92 #include <sys/pattr.h>
93 #include <inet/ipclassifier.h>
94 #include <inet/sctp_ip.h>
95 #include <inet/sctp/sctp_impl.h>
96 #include <inet/udp_impl.h>
97 #include <sys/sunddi.h>
98
99 #include <sys/tsol/label.h>
100 #include <sys/tsol/tnet.h>
101
102 #ifdef DEBUG
103 extern boolean_t skip_sctp_cksum;
104 #endif
105
106 int
ip_output_simple_v6(mblk_t * mp,ip_xmit_attr_t * ixa)107 ip_output_simple_v6(mblk_t *mp, ip_xmit_attr_t *ixa)
108 {
109 ip6_t *ip6h;
110 in6_addr_t firsthop; /* In IP header */
111 in6_addr_t dst; /* End of source route, or ip6_dst if none */
112 ire_t *ire;
113 in6_addr_t setsrc;
114 int error;
115 ill_t *ill = NULL;
116 dce_t *dce = NULL;
117 nce_t *nce;
118 iaflags_t ixaflags = ixa->ixa_flags;
119 ip_stack_t *ipst = ixa->ixa_ipst;
120 uint8_t *nexthdrp;
121 boolean_t repeat = B_FALSE;
122 boolean_t multirt = B_FALSE;
123 uint_t ifindex;
124 int64_t now;
125
126 ip6h = (ip6_t *)mp->b_rptr;
127 ASSERT(IPH_HDR_VERSION(ip6h) == IPV6_VERSION);
128
129 ASSERT(ixa->ixa_nce == NULL);
130
131 ixa->ixa_pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN;
132 ASSERT(ixa->ixa_pktlen == msgdsize(mp));
133 if (!ip_hdr_length_nexthdr_v6(mp, ip6h, &ixa->ixa_ip_hdr_length,
134 &nexthdrp)) {
135 /* Malformed packet */
136 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests);
137 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
138 ip_drop_output("ipIfStatsOutDiscards", mp, NULL);
139 freemsg(mp);
140 return (EINVAL);
141 }
142 ixa->ixa_protocol = *nexthdrp;
143
144 /*
145 * Assumes that source routed packets have already been massaged by
146 * the ULP (ip_massage_options_v6) and as a result ip6_dst is the next
147 * hop in the source route. The final destination is used for IPsec
148 * policy and DCE lookup.
149 */
150 firsthop = ip6h->ip6_dst;
151 dst = ip_get_dst_v6(ip6h, mp, NULL);
152
153 repeat_ire:
154 error = 0;
155 setsrc = ipv6_all_zeros;
156 ire = ip_select_route_v6(&firsthop, ip6h->ip6_src, ixa, NULL, &setsrc,
157 &error, &multirt);
158 ASSERT(ire != NULL); /* IRE_NOROUTE if none found */
159 if (error != 0) {
160 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests);
161 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
162 ip_drop_output("ipIfStatsOutDiscards", mp, NULL);
163 freemsg(mp);
164 goto done;
165 }
166
167 if (ire->ire_flags & (RTF_BLACKHOLE|RTF_REJECT)) {
168 /* ire_ill might be NULL hence need to skip some code */
169 if (ixaflags & IXAF_SET_SOURCE)
170 ip6h->ip6_src = ipv6_loopback;
171 ixa->ixa_fragsize = IP_MAXPACKET;
172 ire->ire_ob_pkt_count++;
173 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests);
174 /* No dce yet; use default one */
175 error = (ire->ire_sendfn)(ire, mp, ip6h, ixa,
176 &ipst->ips_dce_default->dce_ident);
177 goto done;
178 }
179
180 /* Note that ip6_dst is only used for IRE_MULTICAST */
181 nce = ire_to_nce(ire, INADDR_ANY, &ip6h->ip6_dst);
182 if (nce == NULL) {
183 /* Allocation failure? */
184 ip_drop_output("ire_to_nce", mp, ill);
185 freemsg(mp);
186 error = ENOBUFS;
187 goto done;
188 }
189 if (nce->nce_is_condemned) {
190 nce_t *nce1;
191
192 nce1 = ire_handle_condemned_nce(nce, ire, NULL, ip6h, B_TRUE);
193 nce_refrele(nce);
194 if (nce1 == NULL) {
195 if (!repeat) {
196 /* Try finding a better IRE */
197 repeat = B_TRUE;
198 ire_refrele(ire);
199 goto repeat_ire;
200 }
201 /* Tried twice - drop packet */
202 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
203 ip_drop_output("No nce", mp, ill);
204 freemsg(mp);
205 error = ENOBUFS;
206 goto done;
207 }
208 nce = nce1;
209 }
210 /*
211 * For multicast with multirt we have a flag passed back from
212 * ire_lookup_multi_ill_v6 since we don't have an IRE for each
213 * possible multicast address.
214 * We also need a flag for multicast since we can't check
215 * whether RTF_MULTIRT is set in ixa_ire for multicast.
216 */
217 if (multirt) {
218 ixa->ixa_postfragfn = ip_postfrag_multirt_v6;
219 ixa->ixa_flags |= IXAF_MULTIRT_MULTICAST;
220 } else {
221 ixa->ixa_postfragfn = ire->ire_postfragfn;
222 ixa->ixa_flags &= ~IXAF_MULTIRT_MULTICAST;
223 }
224 ASSERT(ixa->ixa_nce == NULL);
225 ixa->ixa_nce = nce;
226
227 /*
228 * Check for a dce_t with a path mtu.
229 */
230 ifindex = 0;
231 if (IN6_IS_ADDR_LINKSCOPE(&dst))
232 ifindex = nce->nce_common->ncec_ill->ill_phyint->phyint_ifindex;
233
234 dce = dce_lookup_v6(&dst, ifindex, ipst, NULL);
235 ASSERT(dce != NULL);
236
237 if (!(ixaflags & IXAF_PMTU_DISCOVERY)) {
238 ixa->ixa_fragsize = IPV6_MIN_MTU;
239 } else if (dce->dce_flags & DCEF_PMTU) {
240 /*
241 * To avoid a periodic timer to increase the path MTU we
242 * look at dce_last_change_time each time we send a packet.
243 */
244 now = ddi_get_lbolt64();
245 if (TICK_TO_SEC(now) - dce->dce_last_change_time >
246 ipst->ips_ip_pathmtu_interval) {
247 /*
248 * Older than 20 minutes. Drop the path MTU information.
249 */
250 mutex_enter(&dce->dce_lock);
251 dce->dce_flags &= ~DCEF_PMTU;
252 dce->dce_last_change_time = TICK_TO_SEC(now);
253 mutex_exit(&dce->dce_lock);
254 dce_increment_generation(dce);
255 ixa->ixa_fragsize = ip_get_base_mtu(nce->nce_ill, ire);
256 } else {
257 uint_t fragsize;
258
259 fragsize = ip_get_base_mtu(nce->nce_ill, ire);
260 if (fragsize > dce->dce_pmtu)
261 fragsize = dce->dce_pmtu;
262 ixa->ixa_fragsize = fragsize;
263 }
264 } else {
265 ixa->ixa_fragsize = ip_get_base_mtu(nce->nce_ill, ire);
266 }
267
268 /*
269 * We use use ire_nexthop_ill (and not ncec_ill) to avoid the under ipmp
270 * interface for source address selection.
271 */
272 ill = ire_nexthop_ill(ire);
273
274 if (ixaflags & IXAF_SET_SOURCE) {
275 in6_addr_t src;
276
277 /*
278 * We use the final destination to get
279 * correct selection for source routed packets
280 */
281
282 /* If unreachable we have no ill but need some source */
283 if (ill == NULL) {
284 src = ipv6_loopback;
285 error = 0;
286 } else {
287 error = ip_select_source_v6(ill, &setsrc, &dst,
288 ixa->ixa_zoneid, ipst, B_FALSE,
289 ixa->ixa_src_preferences, &src, NULL, NULL);
290 }
291 if (error != 0) {
292 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutRequests);
293 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
294 ip_drop_output("ipIfStatsOutDiscards - no source",
295 mp, ill);
296 freemsg(mp);
297 goto done;
298 }
299 ip6h->ip6_src = src;
300 } else if (ixaflags & IXAF_VERIFY_SOURCE) {
301 /* Check if the IP source is assigned to the host. */
302 if (!ip_verify_src(mp, ixa, NULL)) {
303 /* Don't send a packet with a source that isn't ours */
304 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests);
305 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards);
306 ip_drop_output("ipIfStatsOutDiscards - invalid source",
307 mp, ill);
308 freemsg(mp);
309 error = EADDRNOTAVAIL;
310 goto done;
311 }
312 }
313
314 /*
315 * Check against global IPsec policy to set the AH/ESP attributes.
316 * IPsec will set IXAF_IPSEC_* and ixa_ipsec_* as appropriate.
317 */
318 if (!(ixaflags & (IXAF_NO_IPSEC|IXAF_IPSEC_SECURE))) {
319 ASSERT(ixa->ixa_ipsec_policy == NULL);
320 mp = ip_output_attach_policy(mp, NULL, ip6h, NULL, ixa);
321 if (mp == NULL) {
322 /* MIB and ip_drop_packet already done */
323 return (EHOSTUNREACH); /* IPsec policy failure */
324 }
325 }
326
327 if (ill != NULL) {
328 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutRequests);
329 } else {
330 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests);
331 }
332
333 /*
334 * We update the statistics on the most specific IRE i.e., the first
335 * one we found.
336 * We don't have an IRE when we fragment, hence ire_ob_pkt_count
337 * can only count the use prior to fragmentation. However the MIB
338 * counters on the ill will be incremented in post fragmentation.
339 */
340 ire->ire_ob_pkt_count++;
341
342 /*
343 * Based on ire_type and ire_flags call one of:
344 * ire_send_local_v6 - for IRE_LOCAL and IRE_LOOPBACK
345 * ire_send_multirt_v6 - if RTF_MULTIRT
346 * ire_send_noroute_v6 - if RTF_REJECT or RTF_BLACHOLE
347 * ire_send_multicast_v6 - for IRE_MULTICAST
348 * ire_send_wire_v6 - for the rest.
349 */
350 error = (ire->ire_sendfn)(ire, mp, ip6h, ixa, &dce->dce_ident);
351 done:
352 ire_refrele(ire);
353 if (dce != NULL)
354 dce_refrele(dce);
355 if (ill != NULL)
356 ill_refrele(ill);
357 if (ixa->ixa_nce != NULL)
358 nce_refrele(ixa->ixa_nce);
359 ixa->ixa_nce = NULL;
360 return (error);
361 }
362
363 /*
364 * ire_sendfn() functions.
365 * These functions use the following xmit_attr:
366 * - ixa_fragsize - read to determine whether or not to fragment
367 * - IXAF_IPSEC_SECURE - to determine whether or not to invoke IPsec
368 * - ixa_ipsec_* are used inside IPsec
369 * - IXAF_LOOPBACK_COPY - for multicast
370 */
371
372
373 /*
374 * ire_sendfn for IRE_LOCAL and IRE_LOOPBACK
375 *
376 * The checks for restrict_interzone_loopback are done in ire_route_recursive.
377 */
378 /* ARGSUSED4 */
379 int
ire_send_local_v6(ire_t * ire,mblk_t * mp,void * iph_arg,ip_xmit_attr_t * ixa,uint32_t * identp)380 ire_send_local_v6(ire_t *ire, mblk_t *mp, void *iph_arg,
381 ip_xmit_attr_t *ixa, uint32_t *identp)
382 {
383 ip6_t *ip6h = (ip6_t *)iph_arg;
384 ip_stack_t *ipst = ixa->ixa_ipst;
385 ill_t *ill = ire->ire_ill;
386 ip_recv_attr_t iras; /* NOTE: No bzero for performance */
387 uint_t pktlen = ixa->ixa_pktlen;
388
389 /*
390 * No fragmentation, no nce, and no application of IPsec.
391 *
392 *
393 * Note different order between IP provider and FW_HOOKS than in
394 * send_wire case.
395 */
396
397 /*
398 * DTrace this as ip:::send. A packet blocked by FW_HOOKS will fire the
399 * send probe, but not the receive probe.
400 */
401 DTRACE_IP7(send, mblk_t *, mp, conn_t *, NULL, void_ip_t *,
402 ip6h, __dtrace_ipsr_ill_t *, ill, ipha_t *, NULL, ip6_t *, ip6h,
403 int, 1);
404
405 DTRACE_PROBE4(ip6__loopback__out__start,
406 ill_t *, NULL, ill_t *, ill,
407 ip6_t *, ip6h, mblk_t *, mp);
408
409 if (HOOKS6_INTERESTED_LOOPBACK_OUT(ipst)) {
410 int error;
411
412 FW_HOOKS(ipst->ips_ip6_loopback_out_event,
413 ipst->ips_ipv6firewall_loopback_out,
414 NULL, ill, ip6h, mp, mp, 0, ipst, error);
415
416 DTRACE_PROBE1(ip6__loopback__out__end, mblk_t *, mp);
417 if (mp == NULL)
418 return (error);
419
420 /*
421 * Even if the destination was changed by the filter we use the
422 * forwarding decision that was made based on the address
423 * in ip_output/ip_set_destination.
424 */
425 /* Length could be different */
426 ip6h = (ip6_t *)mp->b_rptr;
427 pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN;
428 }
429
430 /*
431 * If a callback is enabled then we need to know the
432 * source and destination zoneids for the packet. We already
433 * have those handy.
434 */
435 if (ipst->ips_ip6_observe.he_interested) {
436 zoneid_t szone, dzone;
437 zoneid_t stackzoneid;
438
439 stackzoneid = netstackid_to_zoneid(
440 ipst->ips_netstack->netstack_stackid);
441
442 if (stackzoneid == GLOBAL_ZONEID) {
443 /* Shared-IP zone */
444 dzone = ire->ire_zoneid;
445 szone = ixa->ixa_zoneid;
446 } else {
447 szone = dzone = stackzoneid;
448 }
449 ipobs_hook(mp, IPOBS_HOOK_LOCAL, szone, dzone, ill, ipst);
450 }
451
452 /* Handle lo0 stats */
453 ipst->ips_loopback_packets++;
454
455 /*
456 * Update output mib stats. Note that we can't move into the icmp
457 * sender (icmp_output etc) since they don't know the ill and the
458 * stats are per ill.
459 */
460 if (ixa->ixa_protocol == IPPROTO_ICMPV6) {
461 icmp6_t *icmp6;
462
463 icmp6 = (icmp6_t *)((uchar_t *)ip6h + ixa->ixa_ip_hdr_length);
464 icmp_update_out_mib_v6(ill, icmp6);
465 }
466
467 DTRACE_PROBE4(ip6__loopback__in__start,
468 ill_t *, ill, ill_t *, NULL,
469 ip6_t *, ip6h, mblk_t *, mp);
470
471 if (HOOKS6_INTERESTED_LOOPBACK_IN(ipst)) {
472 int error;
473
474 FW_HOOKS(ipst->ips_ip6_loopback_in_event,
475 ipst->ips_ipv6firewall_loopback_in,
476 ill, NULL, ip6h, mp, mp, 0, ipst, error);
477
478 DTRACE_PROBE1(ip6__loopback__in__end, mblk_t *, mp);
479 if (mp == NULL)
480 return (error);
481
482 /*
483 * Even if the destination was changed by the filter we use the
484 * forwarding decision that was made based on the address
485 * in ip_output/ip_set_destination.
486 */
487 /* Length could be different */
488 ip6h = (ip6_t *)mp->b_rptr;
489 pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN;
490 }
491
492 DTRACE_IP7(receive, mblk_t *, mp, conn_t *, NULL, void_ip_t *,
493 ip6h, __dtrace_ipsr_ill_t *, ill, ipha_t *, NULL, ip6_t *, ip6h,
494 int, 1);
495
496 /* Map ixa to ira including IPsec policies */
497 ipsec_out_to_in(ixa, ill, &iras);
498 iras.ira_pktlen = pktlen;
499 iras.ira_ttl = ip6h->ip6_hlim;
500
501 ire->ire_ib_pkt_count++;
502 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInReceives);
503 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCInOctets, pktlen);
504
505 /* Destined to ire_zoneid - use that for fanout */
506 iras.ira_zoneid = ire->ire_zoneid;
507
508 if (is_system_labeled()) {
509 iras.ira_flags |= IRAF_SYSTEM_LABELED;
510
511 /*
512 * This updates ira_cred, ira_tsl and ira_free_flags based
513 * on the label. We don't expect this to ever fail for
514 * loopback packets, so we silently drop the packet should it
515 * fail.
516 */
517 if (!tsol_get_pkt_label(mp, IPV6_VERSION, &iras)) {
518 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards);
519 ip_drop_input("tsol_get_pkt_label", mp, ill);
520 freemsg(mp);
521 return (0);
522 }
523 ASSERT(iras.ira_tsl != NULL);
524
525 /* tsol_get_pkt_label sometimes does pullupmsg */
526 ip6h = (ip6_t *)mp->b_rptr;
527 }
528
529 ip_fanout_v6(mp, ip6h, &iras);
530
531 /* We moved any IPsec refs from ixa to iras */
532 ira_cleanup(&iras, B_FALSE);
533 return (0);
534 }
535
536 static void
multirt_check_v6(ire_t * ire,ip6_t * ip6h,ip_xmit_attr_t * ixa)537 multirt_check_v6(ire_t *ire, ip6_t *ip6h, ip_xmit_attr_t *ixa)
538 {
539 ip_stack_t *ipst = ixa->ixa_ipst;
540
541 /* Limit the TTL on multirt packets. Do this even if IPV6_HOPLIMIT */
542 if (ire->ire_type & IRE_MULTICAST) {
543 if (ip6h->ip6_hops > 1) {
544 ip2dbg(("ire_send_multirt_v6: forcing multicast "
545 "multirt TTL to 1 (was %d)\n", ip6h->ip6_hops));
546 ip6h->ip6_hops = 1;
547 }
548 ixa->ixa_flags |= IXAF_NO_TTL_CHANGE;
549 } else if ((ipst->ips_ip_multirt_ttl > 0) &&
550 (ip6h->ip6_hops > ipst->ips_ip_multirt_ttl)) {
551 ip6h->ip6_hops = ipst->ips_ip_multirt_ttl;
552 /*
553 * Need to ensure we don't increase the ttl should we go through
554 * ire_send_multicast.
555 */
556 ixa->ixa_flags |= IXAF_NO_TTL_CHANGE;
557 }
558
559 /* For IPv6 this also needs to insert a fragment header */
560 ixa->ixa_flags |= IXAF_IPV6_ADD_FRAGHDR;
561 }
562
563 /*
564 * ire_sendfn for IRE_MULTICAST
565 *
566 * Note that we do path MTU discovery by default for IPv6 multicast. But
567 * since unconnected UDP and RAW sockets don't set IXAF_PMTU_DISCOVERY
568 * only connected sockets get this by default.
569 */
570 int
ire_send_multicast_v6(ire_t * ire,mblk_t * mp,void * iph_arg,ip_xmit_attr_t * ixa,uint32_t * identp)571 ire_send_multicast_v6(ire_t *ire, mblk_t *mp, void *iph_arg,
572 ip_xmit_attr_t *ixa, uint32_t *identp)
573 {
574 ip6_t *ip6h = (ip6_t *)iph_arg;
575 ip_stack_t *ipst = ixa->ixa_ipst;
576 ill_t *ill = ire->ire_ill;
577 iaflags_t ixaflags = ixa->ixa_flags;
578
579 /*
580 * The IRE_MULTICAST is the same whether or not multirt is in use.
581 * Hence we need special-case code.
582 */
583 if (ixaflags & IXAF_MULTIRT_MULTICAST)
584 multirt_check_v6(ire, ip6h, ixa);
585
586 /*
587 * Check if anything in ip_input_v6 wants a copy of the transmitted
588 * packet (after IPsec and fragmentation)
589 *
590 * 1. Multicast routers always need a copy unless SO_DONTROUTE is set
591 * RSVP and the rsvp daemon is an example of a
592 * protocol and user level process that
593 * handles it's own routing. Hence, it uses the
594 * SO_DONTROUTE option to accomplish this.
595 * 2. If the sender has set IP_MULTICAST_LOOP, then we just
596 * check whether there are any receivers for the group on the ill
597 * (ignoring the zoneid).
598 * 3. If IP_MULTICAST_LOOP is not set, then we check if there are
599 * any members in other shared-IP zones.
600 * If such members exist, then we indicate that the sending zone
601 * shouldn't get a loopback copy to preserve the IP_MULTICAST_LOOP
602 * behavior.
603 *
604 * When we loopback we skip hardware checksum to make sure loopback
605 * copy is checksumed.
606 *
607 * Note that ire_ill is the upper in the case of IPMP.
608 */
609 ixa->ixa_flags &= ~(IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM);
610 if (ipst->ips_ip_g_mrouter && ill->ill_mrouter_cnt > 0 &&
611 !(ixaflags & IXAF_DONTROUTE)) {
612 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM;
613 } else if (ixaflags & IXAF_MULTICAST_LOOP) {
614 /*
615 * If this zone or any other zone has members then loopback
616 * a copy.
617 */
618 if (ill_hasmembers_v6(ill, &ip6h->ip6_dst))
619 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM;
620 } else if (ipst->ips_netstack->netstack_numzones > 1) {
621 /*
622 * This zone should not have a copy. But there are some other
623 * zones which might have members.
624 */
625 if (ill_hasmembers_otherzones_v6(ill, &ip6h->ip6_dst,
626 ixa->ixa_zoneid)) {
627 ixa->ixa_flags |= IXAF_NO_LOOP_ZONEID_SET;
628 ixa->ixa_no_loop_zoneid = ixa->ixa_zoneid;
629 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM;
630 }
631 }
632
633 /*
634 * Unless IPV6_HOPLIMIT or ire_send_multirt_v6 already set a ttl,
635 * force the ttl to the IP_MULTICAST_TTL value
636 */
637 if (!(ixaflags & IXAF_NO_TTL_CHANGE)) {
638 ip6h->ip6_hops = ixa->ixa_multicast_ttl;
639 }
640
641 return (ire_send_wire_v6(ire, mp, ip6h, ixa, identp));
642 }
643
644 /*
645 * ire_sendfn for IREs with RTF_MULTIRT
646 */
647 int
ire_send_multirt_v6(ire_t * ire,mblk_t * mp,void * iph_arg,ip_xmit_attr_t * ixa,uint32_t * identp)648 ire_send_multirt_v6(ire_t *ire, mblk_t *mp, void *iph_arg,
649 ip_xmit_attr_t *ixa, uint32_t *identp)
650 {
651 ip6_t *ip6h = (ip6_t *)iph_arg;
652
653 multirt_check_v6(ire, ip6h, ixa);
654
655 if (ire->ire_type & IRE_MULTICAST)
656 return (ire_send_multicast_v6(ire, mp, ip6h, ixa, identp));
657 else
658 return (ire_send_wire_v6(ire, mp, ip6h, ixa, identp));
659 }
660
661 /*
662 * ire_sendfn for IREs with RTF_REJECT/RTF_BLACKHOLE, including IRE_NOROUTE
663 */
664 /* ARGSUSED4 */
665 int
ire_send_noroute_v6(ire_t * ire,mblk_t * mp,void * iph_arg,ip_xmit_attr_t * ixa,uint32_t * identp)666 ire_send_noroute_v6(ire_t *ire, mblk_t *mp, void *iph_arg,
667 ip_xmit_attr_t *ixa, uint32_t *identp)
668 {
669 ip6_t *ip6h = (ip6_t *)iph_arg;
670 ip_stack_t *ipst = ixa->ixa_ipst;
671 ill_t *ill;
672 ip_recv_attr_t iras;
673 boolean_t dummy;
674
675 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutNoRoutes);
676
677 if (ire->ire_type & IRE_NOROUTE) {
678 /* A lack of a route as opposed to RTF_REJECT|BLACKHOLE */
679 ip_rts_change_v6(RTM_MISS, &ip6h->ip6_dst, 0, 0, 0, 0, 0, 0,
680 RTA_DST, ipst);
681 }
682
683 if (ire->ire_flags & RTF_BLACKHOLE) {
684 ip_drop_output("ipIfStatsOutNoRoutes RTF_BLACKHOLE", mp, NULL);
685 freemsg(mp);
686 /* No error even for local senders - silent blackhole */
687 return (0);
688 }
689 ip_drop_output("ipIfStatsOutNoRoutes RTF_REJECT", mp, NULL);
690
691 /*
692 * We need an ill_t for the ip_recv_attr_t even though this packet
693 * was never received and icmp_unreachable doesn't currently use
694 * ira_ill.
695 */
696 ill = ill_lookup_on_name("lo0", B_FALSE,
697 !(ixa->ixa_flags & IRAF_IS_IPV4), &dummy, ipst);
698 if (ill == NULL) {
699 freemsg(mp);
700 return (EHOSTUNREACH);
701 }
702
703 bzero(&iras, sizeof (iras));
704 /* Map ixa to ira including IPsec policies */
705 ipsec_out_to_in(ixa, ill, &iras);
706
707 icmp_unreachable_v6(mp, ICMP6_DST_UNREACH_NOROUTE, B_FALSE, &iras);
708 /* We moved any IPsec refs from ixa to iras */
709 ira_cleanup(&iras, B_FALSE);
710
711 ill_refrele(ill);
712 return (EHOSTUNREACH);
713 }
714
715 /*
716 * Calculate a checksum ignoring any hardware capabilities
717 *
718 * Returns B_FALSE if the packet was too short for the checksum. Caller
719 * should free and do stats.
720 */
721 static boolean_t
ip_output_sw_cksum_v6(mblk_t * mp,ip6_t * ip6h,ip_xmit_attr_t * ixa)722 ip_output_sw_cksum_v6(mblk_t *mp, ip6_t *ip6h, ip_xmit_attr_t *ixa)
723 {
724 ip_stack_t *ipst = ixa->ixa_ipst;
725 uint_t pktlen = ixa->ixa_pktlen;
726 uint16_t *cksump;
727 uint32_t cksum;
728 uint8_t protocol = ixa->ixa_protocol;
729 uint16_t ip_hdr_length = ixa->ixa_ip_hdr_length;
730
731 #define iphs ((uint16_t *)ip6h)
732
733 /* Just in case it contained garbage */
734 DB_CKSUMFLAGS(mp) &= ~HCK_FLAGS;
735
736 /*
737 * Calculate ULP checksum
738 */
739 if (protocol == IPPROTO_TCP) {
740 cksump = IPH_TCPH_CHECKSUMP(ip6h, ip_hdr_length);
741 cksum = IP_TCP_CSUM_COMP;
742 } else if (protocol == IPPROTO_UDP) {
743 cksump = IPH_UDPH_CHECKSUMP(ip6h, ip_hdr_length);
744 cksum = IP_UDP_CSUM_COMP;
745 } else if (protocol == IPPROTO_SCTP) {
746 sctp_hdr_t *sctph;
747
748 ASSERT(MBLKL(mp) >= (ip_hdr_length + sizeof (*sctph)));
749 sctph = (sctp_hdr_t *)(mp->b_rptr + ip_hdr_length);
750 /*
751 * Zero out the checksum field to ensure proper
752 * checksum calculation.
753 */
754 sctph->sh_chksum = 0;
755 #ifdef DEBUG
756 if (!skip_sctp_cksum)
757 #endif
758 sctph->sh_chksum = sctp_cksum(mp, ip_hdr_length);
759 return (B_TRUE);
760 } else if (ixa->ixa_flags & IXAF_SET_RAW_CKSUM) {
761 /*
762 * icmp has placed length and routing
763 * header adjustment in the checksum field.
764 */
765 cksump = (uint16_t *)(((uint8_t *)ip6h) + ip_hdr_length +
766 ixa->ixa_raw_cksum_offset);
767 cksum = htons(protocol);
768 } else if (protocol == IPPROTO_ICMPV6) {
769 cksump = IPH_ICMPV6_CHECKSUMP(ip6h, ip_hdr_length);
770 cksum = IP_ICMPV6_CSUM_COMP; /* Pseudo-header cksum */
771 } else {
772 return (B_TRUE);
773 }
774
775 /* ULP puts the checksum field is in the first mblk */
776 ASSERT(((uchar_t *)cksump) + sizeof (uint16_t) <= mp->b_wptr);
777
778 /*
779 * We accumulate the pseudo header checksum in cksum.
780 * This is pretty hairy code, so watch close. One
781 * thing to keep in mind is that UDP and TCP have
782 * stored their respective datagram lengths in their
783 * checksum fields. This lines things up real nice.
784 */
785 cksum += iphs[4] + iphs[5] + iphs[6] + iphs[7] +
786 iphs[8] + iphs[9] + iphs[10] + iphs[11] +
787 iphs[12] + iphs[13] + iphs[14] + iphs[15] +
788 iphs[16] + iphs[17] + iphs[18] + iphs[19];
789 cksum = IP_CSUM(mp, ip_hdr_length, cksum);
790
791 /*
792 * For UDP/IPv6 a zero UDP checksum is not allowed.
793 * Change to 0xffff
794 */
795 if (protocol == IPPROTO_UDP && cksum == 0)
796 *cksump = ~cksum;
797 else
798 *cksump = cksum;
799
800 IP6_STAT(ipst, ip6_out_sw_cksum);
801 IP6_STAT_UPDATE(ipst, ip6_out_sw_cksum_bytes, pktlen);
802
803 /* No IP header checksum for IPv6 */
804
805 return (B_TRUE);
806 #undef iphs
807 }
808
809 /* There are drivers that can't do partial checksum for ICMPv6 */
810 int nxge_cksum_workaround = 1;
811
812 /*
813 * Calculate the ULP checksum - try to use hardware.
814 * In the case of MULTIRT or multicast the
815 * IXAF_NO_HW_CKSUM is set in which case we use software.
816 *
817 * Returns B_FALSE if the packet was too short for the checksum. Caller
818 * should free and do stats.
819 */
820 static boolean_t
ip_output_cksum_v6(iaflags_t ixaflags,mblk_t * mp,ip6_t * ip6h,ip_xmit_attr_t * ixa,ill_t * ill)821 ip_output_cksum_v6(iaflags_t ixaflags, mblk_t *mp, ip6_t *ip6h,
822 ip_xmit_attr_t *ixa, ill_t *ill)
823 {
824 uint_t pktlen = ixa->ixa_pktlen;
825 uint16_t *cksump;
826 uint16_t hck_flags;
827 uint32_t cksum;
828 uint8_t protocol = ixa->ixa_protocol;
829 uint16_t ip_hdr_length = ixa->ixa_ip_hdr_length;
830
831 #define iphs ((uint16_t *)ip6h)
832
833 if ((ixaflags & IXAF_NO_HW_CKSUM) || !ILL_HCKSUM_CAPABLE(ill) ||
834 !dohwcksum) {
835 return (ip_output_sw_cksum_v6(mp, ip6h, ixa));
836 }
837
838 /*
839 * Calculate ULP checksum. Note that we don't use cksump and cksum
840 * if the ill has FULL support.
841 */
842 if (protocol == IPPROTO_TCP) {
843 cksump = IPH_TCPH_CHECKSUMP(ip6h, ip_hdr_length);
844 cksum = IP_TCP_CSUM_COMP; /* Pseudo-header cksum */
845 } else if (protocol == IPPROTO_UDP) {
846 cksump = IPH_UDPH_CHECKSUMP(ip6h, ip_hdr_length);
847 cksum = IP_UDP_CSUM_COMP; /* Pseudo-header cksum */
848 } else if (protocol == IPPROTO_SCTP) {
849 sctp_hdr_t *sctph;
850
851 ASSERT(MBLKL(mp) >= (ip_hdr_length + sizeof (*sctph)));
852 sctph = (sctp_hdr_t *)(mp->b_rptr + ip_hdr_length);
853 /*
854 * Zero out the checksum field to ensure proper
855 * checksum calculation.
856 */
857 sctph->sh_chksum = 0;
858 #ifdef DEBUG
859 if (!skip_sctp_cksum)
860 #endif
861 sctph->sh_chksum = sctp_cksum(mp, ip_hdr_length);
862 goto ip_hdr_cksum;
863 } else if (ixa->ixa_flags & IXAF_SET_RAW_CKSUM) {
864 /*
865 * icmp has placed length and routing
866 * header adjustment in the checksum field.
867 */
868 cksump = (uint16_t *)(((uint8_t *)ip6h) + ip_hdr_length +
869 ixa->ixa_raw_cksum_offset);
870 cksum = htons(protocol);
871 } else if (protocol == IPPROTO_ICMPV6) {
872 /*
873 * Currently we assume no HW support for ICMP checksum calc.
874 *
875 * When HW support is advertised for ICMP, we'll want the
876 * following to be set:
877 * cksump = IPH_ICMPV6_CHECKSUMP(ip6h, ip_hdr_length);
878 * cksum = IP_ICMPV6_CSUM_COMP; Pseudo-header cksum
879 */
880
881 return (ip_output_sw_cksum_v6(mp, ip6h, ixa));
882 } else {
883 ip_hdr_cksum:
884 /* No IP header checksum for IPv6 */
885 return (B_TRUE);
886 }
887
888 /* ULP puts the checksum field is in the first mblk */
889 ASSERT(((uchar_t *)cksump) + sizeof (uint16_t) <= mp->b_wptr);
890
891 /*
892 * Underlying interface supports hardware checksum offload for
893 * the payload; leave the payload checksum for the hardware to
894 * calculate. N.B: We only need to set up checksum info on the
895 * first mblk.
896 */
897 hck_flags = ill->ill_hcksum_capab->ill_hcksum_txflags;
898
899 DB_CKSUMFLAGS(mp) &= ~HCK_FLAGS;
900 if (hck_flags & HCKSUM_INET_FULL_V6) {
901 /*
902 * Hardware calculates pseudo-header, header and the
903 * payload checksums, so clear the checksum field in
904 * the protocol header.
905 */
906 *cksump = 0;
907 DB_CKSUMFLAGS(mp) |= HCK_FULLCKSUM;
908 return (B_TRUE);
909 }
910 if (((hck_flags) & HCKSUM_INET_PARTIAL) &&
911 (protocol != IPPROTO_ICMPV6 || !nxge_cksum_workaround)) {
912 /*
913 * Partial checksum offload has been enabled. Fill
914 * the checksum field in the protocol header with the
915 * pseudo-header checksum value.
916 *
917 * We accumulate the pseudo header checksum in cksum.
918 * This is pretty hairy code, so watch close. One
919 * thing to keep in mind is that UDP and TCP have
920 * stored their respective datagram lengths in their
921 * checksum fields. This lines things up real nice.
922 */
923 cksum += iphs[4] + iphs[5] + iphs[6] + iphs[7] +
924 iphs[8] + iphs[9] + iphs[10] + iphs[11] +
925 iphs[12] + iphs[13] + iphs[14] + iphs[15] +
926 iphs[16] + iphs[17] + iphs[18] + iphs[19];
927 cksum += *(cksump);
928 cksum = (cksum & 0xFFFF) + (cksum >> 16);
929 *(cksump) = (cksum & 0xFFFF) + (cksum >> 16);
930
931 /*
932 * Offsets are relative to beginning of IP header.
933 */
934 DB_CKSUMSTART(mp) = ip_hdr_length;
935 DB_CKSUMSTUFF(mp) = (uint8_t *)cksump - (uint8_t *)ip6h;
936 DB_CKSUMEND(mp) = pktlen;
937 DB_CKSUMFLAGS(mp) |= HCK_PARTIALCKSUM;
938 return (B_TRUE);
939 }
940 /* Hardware capabilities include neither full nor partial IPv6 */
941 return (ip_output_sw_cksum_v6(mp, ip6h, ixa));
942 #undef iphs
943 }
944
945 /*
946 * ire_sendfn for offlink and onlink destinations.
947 * Also called from the multicast, and multirt send functions.
948 *
949 * Assumes that the caller has a hold on the ire.
950 *
951 * This function doesn't care if the IRE just became condemned since that
952 * can happen at any time.
953 */
954 /* ARGSUSED */
955 int
ire_send_wire_v6(ire_t * ire,mblk_t * mp,void * iph_arg,ip_xmit_attr_t * ixa,uint32_t * identp)956 ire_send_wire_v6(ire_t *ire, mblk_t *mp, void *iph_arg,
957 ip_xmit_attr_t *ixa, uint32_t *identp)
958 {
959 ip_stack_t *ipst = ixa->ixa_ipst;
960 ip6_t *ip6h = (ip6_t *)iph_arg;
961 iaflags_t ixaflags = ixa->ixa_flags;
962 ill_t *ill;
963 uint32_t pktlen = ixa->ixa_pktlen;
964
965 ASSERT(ixa->ixa_nce != NULL);
966 ill = ixa->ixa_nce->nce_ill;
967
968 /*
969 * Update output mib stats. Note that we can't move into the icmp
970 * sender (icmp_output etc) since they don't know the ill and the
971 * stats are per ill.
972 *
973 * With IPMP we record the stats on the upper ill.
974 */
975 if (ixa->ixa_protocol == IPPROTO_ICMPV6) {
976 icmp6_t *icmp6;
977
978 icmp6 = (icmp6_t *)((uchar_t *)ip6h + ixa->ixa_ip_hdr_length);
979 icmp_update_out_mib_v6(ixa->ixa_nce->nce_common->ncec_ill,
980 icmp6);
981 }
982
983 if (ixaflags & IXAF_DONTROUTE)
984 ip6h->ip6_hops = 1;
985
986 /*
987 * This might set b_band, thus the IPsec and fragmentation
988 * code in IP ensures that b_band is updated in the first mblk.
989 */
990 if (IPP_ENABLED(IPP_LOCAL_OUT, ipst)) {
991 /* ip_process translates an IS_UNDER_IPMP */
992 mp = ip_process(IPP_LOCAL_OUT, mp, ill, ill);
993 if (mp == NULL) {
994 /* ip_drop_packet and MIB done */
995 return (0); /* Might just be delayed */
996 }
997 }
998
999 /*
1000 * To handle IPsec/iptun's labeling needs we need to tag packets
1001 * while we still have ixa_tsl
1002 */
1003 if (is_system_labeled() && ixa->ixa_tsl != NULL &&
1004 (ill->ill_mactype == DL_6TO4 || ill->ill_mactype == DL_IPV4 ||
1005 ill->ill_mactype == DL_IPV6)) {
1006 cred_t *newcr;
1007
1008 newcr = copycred_from_tslabel(ixa->ixa_cred, ixa->ixa_tsl,
1009 KM_NOSLEEP);
1010 if (newcr == NULL) {
1011 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1012 ip_drop_output("ipIfStatsOutDiscards - newcr",
1013 mp, ill);
1014 freemsg(mp);
1015 return (ENOBUFS);
1016 }
1017 mblk_setcred(mp, newcr, NOPID);
1018 crfree(newcr); /* mblk_setcred did its own crhold */
1019 }
1020
1021 /*
1022 * IXAF_IPV6_ADD_FRAGHDR is set for CGTP so that we will add a
1023 * fragment header without fragmenting. CGTP on the receiver will
1024 * filter duplicates on the ident field.
1025 */
1026 if (pktlen > ixa->ixa_fragsize ||
1027 (ixaflags & (IXAF_IPSEC_SECURE|IXAF_IPV6_ADD_FRAGHDR))) {
1028 uint32_t ident = 0;
1029
1030 if (ixaflags & IXAF_IPSEC_SECURE)
1031 pktlen += ipsec_out_extra_length(ixa);
1032
1033 if (pktlen > IP_MAXPACKET)
1034 return (EMSGSIZE);
1035
1036 if (ixaflags & IXAF_SET_ULP_CKSUM) {
1037 /*
1038 * Compute ULP checksum using software
1039 */
1040 if (!ip_output_sw_cksum_v6(mp, ip6h, ixa)) {
1041 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1042 ip_drop_output("ipIfStatsOutDiscards", mp, ill);
1043 freemsg(mp);
1044 return (EINVAL);
1045 }
1046 /* Avoid checksum again below if we only add fraghdr */
1047 ixaflags &= ~IXAF_SET_ULP_CKSUM;
1048 }
1049
1050 /*
1051 * If we need a fragment header, pick the ident and insert
1052 * the header before IPsec to we have a place to store
1053 * the ident value.
1054 */
1055 if ((ixaflags & IXAF_IPV6_ADD_FRAGHDR) ||
1056 pktlen > ixa->ixa_fragsize) {
1057 /*
1058 * If this packet would generate a icmp_frag_needed
1059 * message, we need to handle it before we do the IPsec
1060 * processing. Otherwise, we need to strip the IPsec
1061 * headers before we send up the message to the ULPs
1062 * which becomes messy and difficult.
1063 */
1064 if ((pktlen > ixa->ixa_fragsize) &&
1065 (ixaflags & IXAF_DONTFRAG)) {
1066 /* Generate ICMP and return error */
1067 ip_recv_attr_t iras;
1068
1069 DTRACE_PROBE4(ip6__fragsize__fail,
1070 uint_t, pktlen, uint_t, ixa->ixa_fragsize,
1071 uint_t, ixa->ixa_pktlen,
1072 uint_t, ixa->ixa_pmtu);
1073
1074 bzero(&iras, sizeof (iras));
1075 /* Map ixa to ira including IPsec policies */
1076 ipsec_out_to_in(ixa, ill, &iras);
1077 iras.ira_ttl = ip6h->ip6_hlim;
1078
1079 ip_drop_output("ICMP6_PKT_TOO_BIG", mp, ill);
1080 icmp_pkt2big_v6(mp, ixa->ixa_fragsize, B_TRUE,
1081 &iras);
1082 /* We moved any IPsec refs from ixa to iras */
1083 ira_cleanup(&iras, B_FALSE);
1084 return (EMSGSIZE);
1085 }
1086 DTRACE_PROBE4(ip6__fragsize__ok, uint_t, pktlen,
1087 uint_t, ixa->ixa_fragsize, uint_t, ixa->ixa_pktlen,
1088 uint_t, ixa->ixa_pmtu);
1089 /*
1090 * Assign an ident value for this packet. There could
1091 * be other threads targeting the same destination, so
1092 * we have to arrange for a atomic increment.
1093 * Normally ixa_extra_ident is 0, but in the case of
1094 * LSO it will be the number of TCP segments that the
1095 * driver/hardware will extraly construct.
1096 *
1097 * Note that cl_inet_ipident has only been used for
1098 * IPv4. We don't use it here.
1099 */
1100 ident = atomic_add_32_nv(identp, ixa->ixa_extra_ident +
1101 1);
1102 ixa->ixa_ident = ident; /* In case we do IPsec */
1103 }
1104 if (ixaflags & IXAF_IPSEC_SECURE) {
1105 /*
1106 * Pass in sufficient information so that
1107 * IPsec can determine whether to fragment, and
1108 * which function to call after fragmentation.
1109 */
1110 return (ipsec_out_process(mp, ixa));
1111 }
1112
1113 mp = ip_fraghdr_add_v6(mp, ident, ixa);
1114 if (mp == NULL) {
1115 /* MIB and ip_drop_output already done */
1116 return (ENOMEM);
1117 }
1118 ASSERT(pktlen == ixa->ixa_pktlen);
1119 pktlen += sizeof (ip6_frag_t);
1120
1121 if (pktlen > ixa->ixa_fragsize) {
1122 return (ip_fragment_v6(mp, ixa->ixa_nce, ixaflags,
1123 pktlen, ixa->ixa_fragsize,
1124 ixa->ixa_xmit_hint, ixa->ixa_zoneid,
1125 ixa->ixa_no_loop_zoneid, ixa->ixa_postfragfn,
1126 &ixa->ixa_cookie));
1127 }
1128 }
1129 if (ixaflags & IXAF_SET_ULP_CKSUM) {
1130 /* Compute ULP checksum and IP header checksum */
1131 /* An IS_UNDER_IPMP ill is ok here */
1132 if (!ip_output_cksum_v6(ixaflags, mp, ip6h, ixa, ill)) {
1133 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1134 ip_drop_output("ipIfStatsOutDiscards", mp, ill);
1135 freemsg(mp);
1136 return (EINVAL);
1137 }
1138 }
1139 return ((ixa->ixa_postfragfn)(mp, ixa->ixa_nce, ixaflags,
1140 pktlen, ixa->ixa_xmit_hint, ixa->ixa_zoneid,
1141 ixa->ixa_no_loop_zoneid, &ixa->ixa_cookie));
1142 }
1143
1144 /*
1145 * Post fragmentation function for RTF_MULTIRT routes.
1146 * Since IRE_MULTICASTs might have RTF_MULTIRT, this function
1147 * checks IXAF_LOOPBACK_COPY.
1148 *
1149 * If no packet is sent due to failures then we return an errno, but if at
1150 * least one succeeded we return zero.
1151 */
1152 int
ip_postfrag_multirt_v6(mblk_t * mp,nce_t * nce,iaflags_t ixaflags,uint_t pkt_len,uint32_t xmit_hint,zoneid_t szone,zoneid_t nolzid,uintptr_t * ixacookie)1153 ip_postfrag_multirt_v6(mblk_t *mp, nce_t *nce, iaflags_t ixaflags,
1154 uint_t pkt_len, uint32_t xmit_hint, zoneid_t szone, zoneid_t nolzid,
1155 uintptr_t *ixacookie)
1156 {
1157 irb_t *irb;
1158 ip6_t *ip6h = (ip6_t *)mp->b_rptr;
1159 ire_t *ire;
1160 ire_t *ire1;
1161 mblk_t *mp1;
1162 nce_t *nce1;
1163 ill_t *ill = nce->nce_ill;
1164 ill_t *ill1;
1165 ip_stack_t *ipst = ill->ill_ipst;
1166 int error = 0;
1167 int num_sent = 0;
1168 int err;
1169 uint_t ire_type;
1170 in6_addr_t nexthop;
1171
1172 ASSERT(!(ixaflags & IXAF_IS_IPV4));
1173
1174 /* Check for IXAF_LOOPBACK_COPY */
1175 if (ixaflags & IXAF_LOOPBACK_COPY) {
1176 mblk_t *mp1;
1177
1178 mp1 = copymsg(mp);
1179 if (mp1 == NULL) {
1180 /* Failed to deliver the loopback copy. */
1181 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1182 ip_drop_output("ipIfStatsOutDiscards", mp, ill);
1183 error = ENOBUFS;
1184 } else {
1185 ip_postfrag_loopback(mp1, nce, ixaflags, pkt_len,
1186 nolzid);
1187 }
1188 }
1189
1190 /*
1191 * Loop over RTF_MULTIRT for ip6_dst in the same bucket. Send
1192 * a copy to each one.
1193 * Use the nce (nexthop) and ip6_dst to find the ire.
1194 *
1195 * MULTIRT is not designed to work with shared-IP zones thus we don't
1196 * need to pass a zoneid or a label to the IRE lookup.
1197 */
1198 if (IN6_ARE_ADDR_EQUAL(&nce->nce_addr, &ip6h->ip6_dst)) {
1199 /* Broadcast and multicast case */
1200 ire = ire_ftable_lookup_v6(&ip6h->ip6_dst, 0, 0, 0, NULL,
1201 ALL_ZONES, NULL, MATCH_IRE_DSTONLY, 0, ipst, NULL);
1202 } else {
1203 /* Unicast case */
1204 ire = ire_ftable_lookup_v6(&ip6h->ip6_dst, 0, &nce->nce_addr,
1205 0, NULL, ALL_ZONES, NULL, MATCH_IRE_GW, 0, ipst, NULL);
1206 }
1207
1208 if (ire == NULL ||
1209 (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) ||
1210 !(ire->ire_flags & RTF_MULTIRT)) {
1211 /* Drop */
1212 ip_drop_output("ip_postfrag_multirt didn't find route",
1213 mp, nce->nce_ill);
1214 if (ire != NULL)
1215 ire_refrele(ire);
1216 return (ENETUNREACH);
1217 }
1218
1219 irb = ire->ire_bucket;
1220 irb_refhold(irb);
1221 for (ire1 = irb->irb_ire; ire1 != NULL; ire1 = ire1->ire_next) {
1222 if (IRE_IS_CONDEMNED(ire1) ||
1223 !(ire1->ire_flags & RTF_MULTIRT))
1224 continue;
1225
1226 /* Note: When IPv6 uses radix tree we don't need this check */
1227 if (!IN6_ARE_ADDR_EQUAL(&ire->ire_addr_v6, &ire1->ire_addr_v6))
1228 continue;
1229
1230 /* Do the ire argument one after the loop */
1231 if (ire1 == ire)
1232 continue;
1233
1234 ill1 = ire_nexthop_ill(ire1);
1235 if (ill1 == NULL) {
1236 /*
1237 * This ire might not have been picked by
1238 * ire_route_recursive, in which case ire_dep might
1239 * not have been setup yet.
1240 * We kick ire_route_recursive to try to resolve
1241 * starting at ire1.
1242 */
1243 ire_t *ire2;
1244 uint_t match_flags = MATCH_IRE_DSTONLY;
1245
1246 if (ire1->ire_ill != NULL)
1247 match_flags |= MATCH_IRE_ILL;
1248 ire2 = ire_route_recursive_impl_v6(ire1,
1249 &ire1->ire_addr_v6, ire1->ire_type, ire1->ire_ill,
1250 ire1->ire_zoneid, NULL, match_flags,
1251 IRR_ALLOCATE, 0, ipst, NULL, NULL, NULL);
1252 if (ire2 != NULL)
1253 ire_refrele(ire2);
1254 ill1 = ire_nexthop_ill(ire1);
1255 }
1256 if (ill1 == NULL) {
1257 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1258 ip_drop_output("ipIfStatsOutDiscards - no ill",
1259 mp, ill);
1260 error = ENETUNREACH;
1261 continue;
1262 }
1263 /* Pick the addr and type to use for ndp_nce_init */
1264 if (nce->nce_common->ncec_flags & NCE_F_MCAST) {
1265 ire_type = IRE_MULTICAST;
1266 nexthop = ip6h->ip6_dst;
1267 } else {
1268 ire_type = ire1->ire_type; /* Doesn't matter */
1269 nexthop = ire1->ire_gateway_addr_v6;
1270 }
1271
1272 /* If IPMP meta or under, then we just drop */
1273 if (ill1->ill_grp != NULL) {
1274 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards);
1275 ip_drop_output("ipIfStatsOutDiscards - IPMP",
1276 mp, ill1);
1277 ill_refrele(ill1);
1278 error = ENETUNREACH;
1279 continue;
1280 }
1281
1282 nce1 = ndp_nce_init(ill1, &nexthop, ire_type);
1283 if (nce1 == NULL) {
1284 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards);
1285 ip_drop_output("ipIfStatsOutDiscards - no nce",
1286 mp, ill1);
1287 ill_refrele(ill1);
1288 error = ENOBUFS;
1289 continue;
1290 }
1291 mp1 = copymsg(mp);
1292 if (mp1 == NULL) {
1293 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards);
1294 ip_drop_output("ipIfStatsOutDiscards", mp, ill1);
1295 nce_refrele(nce1);
1296 ill_refrele(ill1);
1297 error = ENOBUFS;
1298 continue;
1299 }
1300 /* Preserve HW checksum for this copy */
1301 DB_CKSUMSTART(mp1) = DB_CKSUMSTART(mp);
1302 DB_CKSUMSTUFF(mp1) = DB_CKSUMSTUFF(mp);
1303 DB_CKSUMEND(mp1) = DB_CKSUMEND(mp);
1304 DB_CKSUMFLAGS(mp1) = DB_CKSUMFLAGS(mp);
1305 DB_LSOMSS(mp1) = DB_LSOMSS(mp);
1306
1307 ire1->ire_ob_pkt_count++;
1308 err = ip_xmit(mp1, nce1, ixaflags, pkt_len, xmit_hint, szone,
1309 0, ixacookie);
1310 if (err == 0)
1311 num_sent++;
1312 else
1313 error = err;
1314 nce_refrele(nce1);
1315 ill_refrele(ill1);
1316 }
1317 irb_refrele(irb);
1318 ire_refrele(ire);
1319 /* Finally, the main one */
1320 err = ip_xmit(mp, nce, ixaflags, pkt_len, xmit_hint, szone, 0,
1321 ixacookie);
1322 if (err == 0)
1323 num_sent++;
1324 else
1325 error = err;
1326 if (num_sent > 0)
1327 return (0);
1328 else
1329 return (error);
1330 }
1331