1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 * Copyright 2017 OmniTI Computer Consulting, Inc. All rights reserved. 26 * Copyright 2018 Joyent, Inc. 27 */ 28 /* Copyright (c) 1990 Mentat Inc. */ 29 30 #include <sys/types.h> 31 #include <sys/stream.h> 32 #include <sys/strsubr.h> 33 #include <sys/dlpi.h> 34 #include <sys/strsun.h> 35 #include <sys/zone.h> 36 #include <sys/ddi.h> 37 #include <sys/sunddi.h> 38 #include <sys/cmn_err.h> 39 #include <sys/debug.h> 40 #include <sys/atomic.h> 41 42 #include <sys/systm.h> 43 #include <sys/param.h> 44 #include <sys/kmem.h> 45 #include <sys/sdt.h> 46 #include <sys/socket.h> 47 #include <sys/mac.h> 48 #include <net/if.h> 49 #include <net/if_arp.h> 50 #include <net/route.h> 51 #include <sys/sockio.h> 52 #include <netinet/in.h> 53 #include <net/if_dl.h> 54 55 #include <inet/common.h> 56 #include <inet/mi.h> 57 #include <inet/mib2.h> 58 #include <inet/nd.h> 59 #include <inet/arp.h> 60 #include <inet/snmpcom.h> 61 #include <inet/kstatcom.h> 62 63 #include <netinet/igmp_var.h> 64 #include <netinet/ip6.h> 65 #include <netinet/icmp6.h> 66 #include <netinet/sctp.h> 67 68 #include <inet/ip.h> 69 #include <inet/ip_impl.h> 70 #include <inet/ip6.h> 71 #include <inet/ip6_asp.h> 72 #include <inet/tcp.h> 73 #include <inet/ip_multi.h> 74 #include <inet/ip_if.h> 75 #include <inet/ip_ire.h> 76 #include <inet/ip_ftable.h> 77 #include <inet/ip_rts.h> 78 #include <inet/optcom.h> 79 #include <inet/ip_ndp.h> 80 #include <inet/ip_listutils.h> 81 #include <netinet/igmp.h> 82 #include <netinet/ip_mroute.h> 83 #include <inet/ipp_common.h> 84 85 #include <net/pfkeyv2.h> 86 #include <inet/sadb.h> 87 #include <inet/ipsec_impl.h> 88 #include <inet/ipdrop.h> 89 #include <inet/ip_netinfo.h> 90 91 #include <sys/pattr.h> 92 #include <inet/ipclassifier.h> 93 #include <inet/sctp_ip.h> 94 #include <inet/sctp/sctp_impl.h> 95 #include <inet/udp_impl.h> 96 #include <sys/sunddi.h> 97 98 #include <sys/tsol/label.h> 99 #include <sys/tsol/tnet.h> 100 101 #ifdef DEBUG 102 extern boolean_t skip_sctp_cksum; 103 #endif 104 105 int 106 ip_output_simple_v6(mblk_t *mp, ip_xmit_attr_t *ixa) 107 { 108 ip6_t *ip6h; 109 in6_addr_t firsthop; /* In IP header */ 110 in6_addr_t dst; /* End of source route, or ip6_dst if none */ 111 ire_t *ire; 112 in6_addr_t setsrc; 113 int error; 114 ill_t *ill = NULL; 115 dce_t *dce = NULL; 116 nce_t *nce; 117 iaflags_t ixaflags = ixa->ixa_flags; 118 ip_stack_t *ipst = ixa->ixa_ipst; 119 uint8_t *nexthdrp; 120 boolean_t repeat = B_FALSE; 121 boolean_t multirt = B_FALSE; 122 uint_t ifindex; 123 int64_t now; 124 125 ip6h = (ip6_t *)mp->b_rptr; 126 ASSERT(IPH_HDR_VERSION(ip6h) == IPV6_VERSION); 127 128 ASSERT(ixa->ixa_nce == NULL); 129 130 ixa->ixa_pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 131 ASSERT(ixa->ixa_pktlen == msgdsize(mp)); 132 if (!ip_hdr_length_nexthdr_v6(mp, ip6h, &ixa->ixa_ip_hdr_length, 133 &nexthdrp)) { 134 /* Malformed packet */ 135 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 136 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 137 ip_drop_output("ipIfStatsOutDiscards", mp, NULL); 138 freemsg(mp); 139 return (EINVAL); 140 } 141 ixa->ixa_protocol = *nexthdrp; 142 143 /* 144 * Assumes that source routed packets have already been massaged by 145 * the ULP (ip_massage_options_v6) and as a result ip6_dst is the next 146 * hop in the source route. The final destination is used for IPsec 147 * policy and DCE lookup. 148 */ 149 firsthop = ip6h->ip6_dst; 150 dst = ip_get_dst_v6(ip6h, mp, NULL); 151 152 repeat_ire: 153 error = 0; 154 setsrc = ipv6_all_zeros; 155 ire = ip_select_route_v6(&firsthop, ip6h->ip6_src, ixa, NULL, &setsrc, 156 &error, &multirt); 157 ASSERT(ire != NULL); /* IRE_NOROUTE if none found */ 158 if (error != 0) { 159 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 160 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 161 ip_drop_output("ipIfStatsOutDiscards", mp, NULL); 162 freemsg(mp); 163 goto done; 164 } 165 166 if (ire->ire_flags & (RTF_BLACKHOLE|RTF_REJECT)) { 167 /* ire_ill might be NULL hence need to skip some code */ 168 if (ixaflags & IXAF_SET_SOURCE) 169 ip6h->ip6_src = ipv6_loopback; 170 ixa->ixa_fragsize = IP_MAXPACKET; 171 ire->ire_ob_pkt_count++; 172 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 173 /* No dce yet; use default one */ 174 error = (ire->ire_sendfn)(ire, mp, ip6h, ixa, 175 &ipst->ips_dce_default->dce_ident); 176 goto done; 177 } 178 179 /* Note that ip6_dst is only used for IRE_MULTICAST */ 180 nce = ire_to_nce(ire, INADDR_ANY, &ip6h->ip6_dst); 181 if (nce == NULL) { 182 /* Allocation failure? */ 183 ip_drop_output("ire_to_nce", mp, ill); 184 freemsg(mp); 185 error = ENOBUFS; 186 goto done; 187 } 188 if (nce->nce_is_condemned) { 189 nce_t *nce1; 190 191 nce1 = ire_handle_condemned_nce(nce, ire, NULL, ip6h, B_TRUE); 192 nce_refrele(nce); 193 if (nce1 == NULL) { 194 if (!repeat) { 195 /* Try finding a better IRE */ 196 repeat = B_TRUE; 197 ire_refrele(ire); 198 goto repeat_ire; 199 } 200 /* Tried twice - drop packet */ 201 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 202 ip_drop_output("No nce", mp, ill); 203 freemsg(mp); 204 error = ENOBUFS; 205 goto done; 206 } 207 nce = nce1; 208 } 209 /* 210 * For multicast with multirt we have a flag passed back from 211 * ire_lookup_multi_ill_v6 since we don't have an IRE for each 212 * possible multicast address. 213 * We also need a flag for multicast since we can't check 214 * whether RTF_MULTIRT is set in ixa_ire for multicast. 215 */ 216 if (multirt) { 217 ixa->ixa_postfragfn = ip_postfrag_multirt_v6; 218 ixa->ixa_flags |= IXAF_MULTIRT_MULTICAST; 219 } else { 220 ixa->ixa_postfragfn = ire->ire_postfragfn; 221 ixa->ixa_flags &= ~IXAF_MULTIRT_MULTICAST; 222 } 223 ASSERT(ixa->ixa_nce == NULL); 224 ixa->ixa_nce = nce; 225 226 /* 227 * Check for a dce_t with a path mtu. 228 */ 229 ifindex = 0; 230 if (IN6_IS_ADDR_LINKSCOPE(&dst)) 231 ifindex = nce->nce_common->ncec_ill->ill_phyint->phyint_ifindex; 232 233 dce = dce_lookup_v6(&dst, ifindex, ipst, NULL); 234 ASSERT(dce != NULL); 235 236 if (!(ixaflags & IXAF_PMTU_DISCOVERY)) { 237 ixa->ixa_fragsize = IPV6_MIN_MTU; 238 } else if (dce->dce_flags & DCEF_PMTU) { 239 /* 240 * To avoid a periodic timer to increase the path MTU we 241 * look at dce_last_change_time each time we send a packet. 242 */ 243 now = ddi_get_lbolt64(); 244 if (TICK_TO_SEC(now) - dce->dce_last_change_time > 245 ipst->ips_ip_pathmtu_interval) { 246 /* 247 * Older than 20 minutes. Drop the path MTU information. 248 */ 249 mutex_enter(&dce->dce_lock); 250 dce->dce_flags &= ~DCEF_PMTU; 251 dce->dce_last_change_time = TICK_TO_SEC(now); 252 mutex_exit(&dce->dce_lock); 253 dce_increment_generation(dce); 254 ixa->ixa_fragsize = ip_get_base_mtu(nce->nce_ill, ire); 255 } else { 256 uint_t fragsize; 257 258 fragsize = ip_get_base_mtu(nce->nce_ill, ire); 259 if (fragsize > dce->dce_pmtu) 260 fragsize = dce->dce_pmtu; 261 ixa->ixa_fragsize = fragsize; 262 } 263 } else { 264 ixa->ixa_fragsize = ip_get_base_mtu(nce->nce_ill, ire); 265 } 266 267 /* 268 * We use use ire_nexthop_ill (and not ncec_ill) to avoid the under ipmp 269 * interface for source address selection. 270 */ 271 ill = ire_nexthop_ill(ire); 272 273 if (ixaflags & IXAF_SET_SOURCE) { 274 in6_addr_t src; 275 276 /* 277 * We use the final destination to get 278 * correct selection for source routed packets 279 */ 280 281 /* If unreachable we have no ill but need some source */ 282 if (ill == NULL) { 283 src = ipv6_loopback; 284 error = 0; 285 } else { 286 error = ip_select_source_v6(ill, &setsrc, &dst, 287 ixa->ixa_zoneid, ipst, B_FALSE, 288 ixa->ixa_src_preferences, &src, NULL, NULL); 289 } 290 if (error != 0) { 291 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutRequests); 292 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 293 ip_drop_output("ipIfStatsOutDiscards - no source", 294 mp, ill); 295 freemsg(mp); 296 goto done; 297 } 298 ip6h->ip6_src = src; 299 } else if (ixaflags & IXAF_VERIFY_SOURCE) { 300 /* Check if the IP source is assigned to the host. */ 301 if (!ip_verify_src(mp, ixa, NULL)) { 302 /* Don't send a packet with a source that isn't ours */ 303 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 304 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 305 ip_drop_output("ipIfStatsOutDiscards - invalid source", 306 mp, ill); 307 freemsg(mp); 308 error = EADDRNOTAVAIL; 309 goto done; 310 } 311 } 312 313 /* 314 * Check against global IPsec policy to set the AH/ESP attributes. 315 * IPsec will set IXAF_IPSEC_* and ixa_ipsec_* as appropriate. 316 */ 317 if (!(ixaflags & (IXAF_NO_IPSEC|IXAF_IPSEC_SECURE))) { 318 ASSERT(ixa->ixa_ipsec_policy == NULL); 319 mp = ip_output_attach_policy(mp, NULL, ip6h, NULL, ixa); 320 if (mp == NULL) { 321 /* MIB and ip_drop_packet already done */ 322 return (EHOSTUNREACH); /* IPsec policy failure */ 323 } 324 } 325 326 if (ill != NULL) { 327 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutRequests); 328 } else { 329 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 330 } 331 332 /* 333 * We update the statistics on the most specific IRE i.e., the first 334 * one we found. 335 * We don't have an IRE when we fragment, hence ire_ob_pkt_count 336 * can only count the use prior to fragmentation. However the MIB 337 * counters on the ill will be incremented in post fragmentation. 338 */ 339 ire->ire_ob_pkt_count++; 340 341 /* 342 * Based on ire_type and ire_flags call one of: 343 * ire_send_local_v6 - for IRE_LOCAL and IRE_LOOPBACK 344 * ire_send_multirt_v6 - if RTF_MULTIRT 345 * ire_send_noroute_v6 - if RTF_REJECT or RTF_BLACHOLE 346 * ire_send_multicast_v6 - for IRE_MULTICAST 347 * ire_send_wire_v6 - for the rest. 348 */ 349 error = (ire->ire_sendfn)(ire, mp, ip6h, ixa, &dce->dce_ident); 350 done: 351 ire_refrele(ire); 352 if (dce != NULL) 353 dce_refrele(dce); 354 if (ill != NULL) 355 ill_refrele(ill); 356 if (ixa->ixa_nce != NULL) 357 nce_refrele(ixa->ixa_nce); 358 ixa->ixa_nce = NULL; 359 return (error); 360 } 361 362 /* 363 * ire_sendfn() functions. 364 * These functions use the following xmit_attr: 365 * - ixa_fragsize - read to determine whether or not to fragment 366 * - IXAF_IPSEC_SECURE - to determine whether or not to invoke IPsec 367 * - ixa_ipsec_* are used inside IPsec 368 * - IXAF_LOOPBACK_COPY - for multicast 369 */ 370 371 372 /* 373 * ire_sendfn for IRE_LOCAL and IRE_LOOPBACK 374 * 375 * The checks for restrict_interzone_loopback are done in ire_route_recursive. 376 */ 377 /* ARGSUSED4 */ 378 int 379 ire_send_local_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 380 ip_xmit_attr_t *ixa, uint32_t *identp) 381 { 382 ip6_t *ip6h = (ip6_t *)iph_arg; 383 ip_stack_t *ipst = ixa->ixa_ipst; 384 ill_t *ill = ire->ire_ill; 385 ip_recv_attr_t iras; /* NOTE: No bzero for performance */ 386 uint_t pktlen = ixa->ixa_pktlen; 387 388 /* 389 * No fragmentation, no nce, and no application of IPsec. 390 * 391 * 392 * Note different order between IP provider and FW_HOOKS than in 393 * send_wire case. 394 */ 395 396 /* 397 * DTrace this as ip:::send. A packet blocked by FW_HOOKS will fire the 398 * send probe, but not the receive probe. 399 */ 400 DTRACE_IP7(send, mblk_t *, mp, conn_t *, NULL, void_ip_t *, 401 ip6h, __dtrace_ipsr_ill_t *, ill, ipha_t *, NULL, ip6_t *, ip6h, 402 int, 1); 403 404 DTRACE_PROBE4(ip6__loopback__out__start, 405 ill_t *, NULL, ill_t *, ill, 406 ip6_t *, ip6h, mblk_t *, mp); 407 408 if (HOOKS6_INTERESTED_LOOPBACK_OUT(ipst)) { 409 int error; 410 411 FW_HOOKS(ipst->ips_ip6_loopback_out_event, 412 ipst->ips_ipv6firewall_loopback_out, 413 NULL, ill, ip6h, mp, mp, 0, ipst, error); 414 415 DTRACE_PROBE1(ip6__loopback__out__end, mblk_t *, mp); 416 if (mp == NULL) 417 return (error); 418 419 /* 420 * Even if the destination was changed by the filter we use the 421 * forwarding decision that was made based on the address 422 * in ip_output/ip_set_destination. 423 */ 424 /* Length could be different */ 425 ip6h = (ip6_t *)mp->b_rptr; 426 pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 427 } 428 429 /* 430 * If a callback is enabled then we need to know the 431 * source and destination zoneids for the packet. We already 432 * have those handy. 433 */ 434 if (ipst->ips_ip6_observe.he_interested) { 435 zoneid_t szone, dzone; 436 zoneid_t stackzoneid; 437 438 stackzoneid = netstackid_to_zoneid( 439 ipst->ips_netstack->netstack_stackid); 440 441 if (stackzoneid == GLOBAL_ZONEID) { 442 /* Shared-IP zone */ 443 dzone = ire->ire_zoneid; 444 szone = ixa->ixa_zoneid; 445 } else { 446 szone = dzone = stackzoneid; 447 } 448 ipobs_hook(mp, IPOBS_HOOK_LOCAL, szone, dzone, ill, ipst); 449 } 450 451 /* Handle lo0 stats */ 452 ipst->ips_loopback_packets++; 453 454 /* 455 * Update output mib stats. Note that we can't move into the icmp 456 * sender (icmp_output etc) since they don't know the ill and the 457 * stats are per ill. 458 */ 459 if (ixa->ixa_protocol == IPPROTO_ICMPV6) { 460 icmp6_t *icmp6; 461 462 icmp6 = (icmp6_t *)((uchar_t *)ip6h + ixa->ixa_ip_hdr_length); 463 icmp_update_out_mib_v6(ill, icmp6); 464 } 465 466 DTRACE_PROBE4(ip6__loopback__in__start, 467 ill_t *, ill, ill_t *, NULL, 468 ip6_t *, ip6h, mblk_t *, mp); 469 470 if (HOOKS6_INTERESTED_LOOPBACK_IN(ipst)) { 471 int error; 472 473 FW_HOOKS(ipst->ips_ip6_loopback_in_event, 474 ipst->ips_ipv6firewall_loopback_in, 475 ill, NULL, ip6h, mp, mp, 0, ipst, error); 476 477 DTRACE_PROBE1(ip6__loopback__in__end, mblk_t *, mp); 478 if (mp == NULL) 479 return (error); 480 481 /* 482 * Even if the destination was changed by the filter we use the 483 * forwarding decision that was made based on the address 484 * in ip_output/ip_set_destination. 485 */ 486 /* Length could be different */ 487 ip6h = (ip6_t *)mp->b_rptr; 488 pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 489 } 490 491 DTRACE_IP7(receive, mblk_t *, mp, conn_t *, NULL, void_ip_t *, 492 ip6h, __dtrace_ipsr_ill_t *, ill, ipha_t *, NULL, ip6_t *, ip6h, 493 int, 1); 494 495 /* Map ixa to ira including IPsec policies */ 496 ipsec_out_to_in(ixa, ill, &iras); 497 iras.ira_pktlen = pktlen; 498 499 ire->ire_ib_pkt_count++; 500 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInReceives); 501 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCInOctets, pktlen); 502 503 /* Destined to ire_zoneid - use that for fanout */ 504 iras.ira_zoneid = ire->ire_zoneid; 505 506 if (is_system_labeled()) { 507 iras.ira_flags |= IRAF_SYSTEM_LABELED; 508 509 /* 510 * This updates ira_cred, ira_tsl and ira_free_flags based 511 * on the label. We don't expect this to ever fail for 512 * loopback packets, so we silently drop the packet should it 513 * fail. 514 */ 515 if (!tsol_get_pkt_label(mp, IPV6_VERSION, &iras)) { 516 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 517 ip_drop_input("tsol_get_pkt_label", mp, ill); 518 freemsg(mp); 519 return (0); 520 } 521 ASSERT(iras.ira_tsl != NULL); 522 523 /* tsol_get_pkt_label sometimes does pullupmsg */ 524 ip6h = (ip6_t *)mp->b_rptr; 525 } 526 527 ip_fanout_v6(mp, ip6h, &iras); 528 529 /* We moved any IPsec refs from ixa to iras */ 530 ira_cleanup(&iras, B_FALSE); 531 return (0); 532 } 533 534 static void 535 multirt_check_v6(ire_t *ire, ip6_t *ip6h, ip_xmit_attr_t *ixa) 536 { 537 ip_stack_t *ipst = ixa->ixa_ipst; 538 539 /* Limit the TTL on multirt packets. Do this even if IPV6_HOPLIMIT */ 540 if (ire->ire_type & IRE_MULTICAST) { 541 if (ip6h->ip6_hops > 1) { 542 ip2dbg(("ire_send_multirt_v6: forcing multicast " 543 "multirt TTL to 1 (was %d)\n", ip6h->ip6_hops)); 544 ip6h->ip6_hops = 1; 545 } 546 ixa->ixa_flags |= IXAF_NO_TTL_CHANGE; 547 } else if ((ipst->ips_ip_multirt_ttl > 0) && 548 (ip6h->ip6_hops > ipst->ips_ip_multirt_ttl)) { 549 ip6h->ip6_hops = ipst->ips_ip_multirt_ttl; 550 /* 551 * Need to ensure we don't increase the ttl should we go through 552 * ire_send_multicast. 553 */ 554 ixa->ixa_flags |= IXAF_NO_TTL_CHANGE; 555 } 556 557 /* For IPv6 this also needs to insert a fragment header */ 558 ixa->ixa_flags |= IXAF_IPV6_ADD_FRAGHDR; 559 } 560 561 /* 562 * ire_sendfn for IRE_MULTICAST 563 * 564 * Note that we do path MTU discovery by default for IPv6 multicast. But 565 * since unconnected UDP and RAW sockets don't set IXAF_PMTU_DISCOVERY 566 * only connected sockets get this by default. 567 */ 568 int 569 ire_send_multicast_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 570 ip_xmit_attr_t *ixa, uint32_t *identp) 571 { 572 ip6_t *ip6h = (ip6_t *)iph_arg; 573 ip_stack_t *ipst = ixa->ixa_ipst; 574 ill_t *ill = ire->ire_ill; 575 iaflags_t ixaflags = ixa->ixa_flags; 576 577 /* 578 * The IRE_MULTICAST is the same whether or not multirt is in use. 579 * Hence we need special-case code. 580 */ 581 if (ixaflags & IXAF_MULTIRT_MULTICAST) 582 multirt_check_v6(ire, ip6h, ixa); 583 584 /* 585 * Check if anything in ip_input_v6 wants a copy of the transmitted 586 * packet (after IPsec and fragmentation) 587 * 588 * 1. Multicast routers always need a copy unless SO_DONTROUTE is set 589 * RSVP and the rsvp daemon is an example of a 590 * protocol and user level process that 591 * handles it's own routing. Hence, it uses the 592 * SO_DONTROUTE option to accomplish this. 593 * 2. If the sender has set IP_MULTICAST_LOOP, then we just 594 * check whether there are any receivers for the group on the ill 595 * (ignoring the zoneid). 596 * 3. If IP_MULTICAST_LOOP is not set, then we check if there are 597 * any members in other shared-IP zones. 598 * If such members exist, then we indicate that the sending zone 599 * shouldn't get a loopback copy to preserve the IP_MULTICAST_LOOP 600 * behavior. 601 * 602 * When we loopback we skip hardware checksum to make sure loopback 603 * copy is checksumed. 604 * 605 * Note that ire_ill is the upper in the case of IPMP. 606 */ 607 ixa->ixa_flags &= ~(IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM); 608 if (ipst->ips_ip_g_mrouter && ill->ill_mrouter_cnt > 0 && 609 !(ixaflags & IXAF_DONTROUTE)) { 610 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM; 611 } else if (ixaflags & IXAF_MULTICAST_LOOP) { 612 /* 613 * If this zone or any other zone has members then loopback 614 * a copy. 615 */ 616 if (ill_hasmembers_v6(ill, &ip6h->ip6_dst)) 617 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM; 618 } else if (ipst->ips_netstack->netstack_numzones > 1) { 619 /* 620 * This zone should not have a copy. But there are some other 621 * zones which might have members. 622 */ 623 if (ill_hasmembers_otherzones_v6(ill, &ip6h->ip6_dst, 624 ixa->ixa_zoneid)) { 625 ixa->ixa_flags |= IXAF_NO_LOOP_ZONEID_SET; 626 ixa->ixa_no_loop_zoneid = ixa->ixa_zoneid; 627 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM; 628 } 629 } 630 631 /* 632 * Unless IPV6_HOPLIMIT or ire_send_multirt_v6 already set a ttl, 633 * force the ttl to the IP_MULTICAST_TTL value 634 */ 635 if (!(ixaflags & IXAF_NO_TTL_CHANGE)) { 636 ip6h->ip6_hops = ixa->ixa_multicast_ttl; 637 } 638 639 return (ire_send_wire_v6(ire, mp, ip6h, ixa, identp)); 640 } 641 642 /* 643 * ire_sendfn for IREs with RTF_MULTIRT 644 */ 645 int 646 ire_send_multirt_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 647 ip_xmit_attr_t *ixa, uint32_t *identp) 648 { 649 ip6_t *ip6h = (ip6_t *)iph_arg; 650 651 multirt_check_v6(ire, ip6h, ixa); 652 653 if (ire->ire_type & IRE_MULTICAST) 654 return (ire_send_multicast_v6(ire, mp, ip6h, ixa, identp)); 655 else 656 return (ire_send_wire_v6(ire, mp, ip6h, ixa, identp)); 657 } 658 659 /* 660 * ire_sendfn for IREs with RTF_REJECT/RTF_BLACKHOLE, including IRE_NOROUTE 661 */ 662 /* ARGSUSED4 */ 663 int 664 ire_send_noroute_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 665 ip_xmit_attr_t *ixa, uint32_t *identp) 666 { 667 ip6_t *ip6h = (ip6_t *)iph_arg; 668 ip_stack_t *ipst = ixa->ixa_ipst; 669 ill_t *ill; 670 ip_recv_attr_t iras; 671 boolean_t dummy; 672 673 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutNoRoutes); 674 675 if (ire->ire_type & IRE_NOROUTE) { 676 /* A lack of a route as opposed to RTF_REJECT|BLACKHOLE */ 677 ip_rts_change_v6(RTM_MISS, &ip6h->ip6_dst, 0, 0, 0, 0, 0, 0, 678 RTA_DST, ipst); 679 } 680 681 if (ire->ire_flags & RTF_BLACKHOLE) { 682 ip_drop_output("ipIfStatsOutNoRoutes RTF_BLACKHOLE", mp, NULL); 683 freemsg(mp); 684 /* No error even for local senders - silent blackhole */ 685 return (0); 686 } 687 ip_drop_output("ipIfStatsOutNoRoutes RTF_REJECT", mp, NULL); 688 689 /* 690 * We need an ill_t for the ip_recv_attr_t even though this packet 691 * was never received and icmp_unreachable doesn't currently use 692 * ira_ill. 693 */ 694 ill = ill_lookup_on_name("lo0", B_FALSE, 695 !(ixa->ixa_flags & IRAF_IS_IPV4), &dummy, ipst); 696 if (ill == NULL) { 697 freemsg(mp); 698 return (EHOSTUNREACH); 699 } 700 701 bzero(&iras, sizeof (iras)); 702 /* Map ixa to ira including IPsec policies */ 703 ipsec_out_to_in(ixa, ill, &iras); 704 705 icmp_unreachable_v6(mp, ICMP6_DST_UNREACH_NOROUTE, B_FALSE, &iras); 706 /* We moved any IPsec refs from ixa to iras */ 707 ira_cleanup(&iras, B_FALSE); 708 709 ill_refrele(ill); 710 return (EHOSTUNREACH); 711 } 712 713 /* 714 * Calculate a checksum ignoring any hardware capabilities 715 * 716 * Returns B_FALSE if the packet was too short for the checksum. Caller 717 * should free and do stats. 718 */ 719 static boolean_t 720 ip_output_sw_cksum_v6(mblk_t *mp, ip6_t *ip6h, ip_xmit_attr_t *ixa) 721 { 722 ip_stack_t *ipst = ixa->ixa_ipst; 723 uint_t pktlen = ixa->ixa_pktlen; 724 uint16_t *cksump; 725 uint32_t cksum; 726 uint8_t protocol = ixa->ixa_protocol; 727 uint16_t ip_hdr_length = ixa->ixa_ip_hdr_length; 728 729 #define iphs ((uint16_t *)ip6h) 730 731 /* Just in case it contained garbage */ 732 DB_CKSUMFLAGS(mp) &= ~HCK_FLAGS; 733 734 /* 735 * Calculate ULP checksum 736 */ 737 if (protocol == IPPROTO_TCP) { 738 cksump = IPH_TCPH_CHECKSUMP(ip6h, ip_hdr_length); 739 cksum = IP_TCP_CSUM_COMP; 740 } else if (protocol == IPPROTO_UDP) { 741 cksump = IPH_UDPH_CHECKSUMP(ip6h, ip_hdr_length); 742 cksum = IP_UDP_CSUM_COMP; 743 } else if (protocol == IPPROTO_SCTP) { 744 sctp_hdr_t *sctph; 745 746 ASSERT(MBLKL(mp) >= (ip_hdr_length + sizeof (*sctph))); 747 sctph = (sctp_hdr_t *)(mp->b_rptr + ip_hdr_length); 748 /* 749 * Zero out the checksum field to ensure proper 750 * checksum calculation. 751 */ 752 sctph->sh_chksum = 0; 753 #ifdef DEBUG 754 if (!skip_sctp_cksum) 755 #endif 756 sctph->sh_chksum = sctp_cksum(mp, ip_hdr_length); 757 return (B_TRUE); 758 } else if (ixa->ixa_flags & IXAF_SET_RAW_CKSUM) { 759 /* 760 * icmp has placed length and routing 761 * header adjustment in the checksum field. 762 */ 763 cksump = (uint16_t *)(((uint8_t *)ip6h) + ip_hdr_length + 764 ixa->ixa_raw_cksum_offset); 765 cksum = htons(protocol); 766 } else if (protocol == IPPROTO_ICMPV6) { 767 cksump = IPH_ICMPV6_CHECKSUMP(ip6h, ip_hdr_length); 768 cksum = IP_ICMPV6_CSUM_COMP; /* Pseudo-header cksum */ 769 } else { 770 return (B_TRUE); 771 } 772 773 /* ULP puts the checksum field is in the first mblk */ 774 ASSERT(((uchar_t *)cksump) + sizeof (uint16_t) <= mp->b_wptr); 775 776 /* 777 * We accumulate the pseudo header checksum in cksum. 778 * This is pretty hairy code, so watch close. One 779 * thing to keep in mind is that UDP and TCP have 780 * stored their respective datagram lengths in their 781 * checksum fields. This lines things up real nice. 782 */ 783 cksum += iphs[4] + iphs[5] + iphs[6] + iphs[7] + 784 iphs[8] + iphs[9] + iphs[10] + iphs[11] + 785 iphs[12] + iphs[13] + iphs[14] + iphs[15] + 786 iphs[16] + iphs[17] + iphs[18] + iphs[19]; 787 cksum = IP_CSUM(mp, ip_hdr_length, cksum); 788 789 /* 790 * For UDP/IPv6 a zero UDP checksum is not allowed. 791 * Change to 0xffff 792 */ 793 if (protocol == IPPROTO_UDP && cksum == 0) 794 *cksump = ~cksum; 795 else 796 *cksump = cksum; 797 798 IP6_STAT(ipst, ip6_out_sw_cksum); 799 IP6_STAT_UPDATE(ipst, ip6_out_sw_cksum_bytes, pktlen); 800 801 /* No IP header checksum for IPv6 */ 802 803 return (B_TRUE); 804 #undef iphs 805 } 806 807 /* There are drivers that can't do partial checksum for ICMPv6 */ 808 int nxge_cksum_workaround = 1; 809 810 /* 811 * Calculate the ULP checksum - try to use hardware. 812 * In the case of MULTIRT or multicast the 813 * IXAF_NO_HW_CKSUM is set in which case we use software. 814 * 815 * Returns B_FALSE if the packet was too short for the checksum. Caller 816 * should free and do stats. 817 */ 818 static boolean_t 819 ip_output_cksum_v6(iaflags_t ixaflags, mblk_t *mp, ip6_t *ip6h, 820 ip_xmit_attr_t *ixa, ill_t *ill) 821 { 822 uint_t pktlen = ixa->ixa_pktlen; 823 uint16_t *cksump; 824 uint16_t hck_flags; 825 uint32_t cksum; 826 uint8_t protocol = ixa->ixa_protocol; 827 uint16_t ip_hdr_length = ixa->ixa_ip_hdr_length; 828 829 #define iphs ((uint16_t *)ip6h) 830 831 if ((ixaflags & IXAF_NO_HW_CKSUM) || !ILL_HCKSUM_CAPABLE(ill) || 832 !dohwcksum) { 833 return (ip_output_sw_cksum_v6(mp, ip6h, ixa)); 834 } 835 836 /* 837 * Calculate ULP checksum. Note that we don't use cksump and cksum 838 * if the ill has FULL support. 839 */ 840 if (protocol == IPPROTO_TCP) { 841 cksump = IPH_TCPH_CHECKSUMP(ip6h, ip_hdr_length); 842 cksum = IP_TCP_CSUM_COMP; /* Pseudo-header cksum */ 843 } else if (protocol == IPPROTO_UDP) { 844 cksump = IPH_UDPH_CHECKSUMP(ip6h, ip_hdr_length); 845 cksum = IP_UDP_CSUM_COMP; /* Pseudo-header cksum */ 846 } else if (protocol == IPPROTO_SCTP) { 847 sctp_hdr_t *sctph; 848 849 ASSERT(MBLKL(mp) >= (ip_hdr_length + sizeof (*sctph))); 850 sctph = (sctp_hdr_t *)(mp->b_rptr + ip_hdr_length); 851 /* 852 * Zero out the checksum field to ensure proper 853 * checksum calculation. 854 */ 855 sctph->sh_chksum = 0; 856 #ifdef DEBUG 857 if (!skip_sctp_cksum) 858 #endif 859 sctph->sh_chksum = sctp_cksum(mp, ip_hdr_length); 860 goto ip_hdr_cksum; 861 } else if (ixa->ixa_flags & IXAF_SET_RAW_CKSUM) { 862 /* 863 * icmp has placed length and routing 864 * header adjustment in the checksum field. 865 */ 866 cksump = (uint16_t *)(((uint8_t *)ip6h) + ip_hdr_length + 867 ixa->ixa_raw_cksum_offset); 868 cksum = htons(protocol); 869 } else if (protocol == IPPROTO_ICMPV6) { 870 /* 871 * Currently we assume no HW support for ICMP checksum calc. 872 * 873 * When HW support is advertised for ICMP, we'll want the 874 * following to be set: 875 * cksump = IPH_ICMPV6_CHECKSUMP(ip6h, ip_hdr_length); 876 * cksum = IP_ICMPV6_CSUM_COMP; Pseudo-header cksum 877 */ 878 879 return (ip_output_sw_cksum_v6(mp, ip6h, ixa)); 880 } else { 881 ip_hdr_cksum: 882 /* No IP header checksum for IPv6 */ 883 return (B_TRUE); 884 } 885 886 /* ULP puts the checksum field is in the first mblk */ 887 ASSERT(((uchar_t *)cksump) + sizeof (uint16_t) <= mp->b_wptr); 888 889 /* 890 * Underlying interface supports hardware checksum offload for 891 * the payload; leave the payload checksum for the hardware to 892 * calculate. N.B: We only need to set up checksum info on the 893 * first mblk. 894 */ 895 hck_flags = ill->ill_hcksum_capab->ill_hcksum_txflags; 896 897 DB_CKSUMFLAGS(mp) &= ~HCK_FLAGS; 898 if (hck_flags & HCKSUM_INET_FULL_V6) { 899 /* 900 * Hardware calculates pseudo-header, header and the 901 * payload checksums, so clear the checksum field in 902 * the protocol header. 903 */ 904 *cksump = 0; 905 DB_CKSUMFLAGS(mp) |= HCK_FULLCKSUM; 906 return (B_TRUE); 907 } 908 if (((hck_flags) & HCKSUM_INET_PARTIAL) && 909 (protocol != IPPROTO_ICMPV6 || !nxge_cksum_workaround)) { 910 /* 911 * Partial checksum offload has been enabled. Fill 912 * the checksum field in the protocol header with the 913 * pseudo-header checksum value. 914 * 915 * We accumulate the pseudo header checksum in cksum. 916 * This is pretty hairy code, so watch close. One 917 * thing to keep in mind is that UDP and TCP have 918 * stored their respective datagram lengths in their 919 * checksum fields. This lines things up real nice. 920 */ 921 cksum += iphs[4] + iphs[5] + iphs[6] + iphs[7] + 922 iphs[8] + iphs[9] + iphs[10] + iphs[11] + 923 iphs[12] + iphs[13] + iphs[14] + iphs[15] + 924 iphs[16] + iphs[17] + iphs[18] + iphs[19]; 925 cksum += *(cksump); 926 cksum = (cksum & 0xFFFF) + (cksum >> 16); 927 *(cksump) = (cksum & 0xFFFF) + (cksum >> 16); 928 929 /* 930 * Offsets are relative to beginning of IP header. 931 */ 932 DB_CKSUMSTART(mp) = ip_hdr_length; 933 DB_CKSUMSTUFF(mp) = (uint8_t *)cksump - (uint8_t *)ip6h; 934 DB_CKSUMEND(mp) = pktlen; 935 DB_CKSUMFLAGS(mp) |= HCK_PARTIALCKSUM; 936 return (B_TRUE); 937 } 938 /* Hardware capabilities include neither full nor partial IPv6 */ 939 return (ip_output_sw_cksum_v6(mp, ip6h, ixa)); 940 #undef iphs 941 } 942 943 /* 944 * ire_sendfn for offlink and onlink destinations. 945 * Also called from the multicast, and multirt send functions. 946 * 947 * Assumes that the caller has a hold on the ire. 948 * 949 * This function doesn't care if the IRE just became condemned since that 950 * can happen at any time. 951 */ 952 /* ARGSUSED */ 953 int 954 ire_send_wire_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 955 ip_xmit_attr_t *ixa, uint32_t *identp) 956 { 957 ip_stack_t *ipst = ixa->ixa_ipst; 958 ip6_t *ip6h = (ip6_t *)iph_arg; 959 iaflags_t ixaflags = ixa->ixa_flags; 960 ill_t *ill; 961 uint32_t pktlen = ixa->ixa_pktlen; 962 963 ASSERT(ixa->ixa_nce != NULL); 964 ill = ixa->ixa_nce->nce_ill; 965 966 /* 967 * Update output mib stats. Note that we can't move into the icmp 968 * sender (icmp_output etc) since they don't know the ill and the 969 * stats are per ill. 970 * 971 * With IPMP we record the stats on the upper ill. 972 */ 973 if (ixa->ixa_protocol == IPPROTO_ICMPV6) { 974 icmp6_t *icmp6; 975 976 icmp6 = (icmp6_t *)((uchar_t *)ip6h + ixa->ixa_ip_hdr_length); 977 icmp_update_out_mib_v6(ixa->ixa_nce->nce_common->ncec_ill, 978 icmp6); 979 } 980 981 if (ixaflags & IXAF_DONTROUTE) 982 ip6h->ip6_hops = 1; 983 984 /* 985 * This might set b_band, thus the IPsec and fragmentation 986 * code in IP ensures that b_band is updated in the first mblk. 987 */ 988 if (IPP_ENABLED(IPP_LOCAL_OUT, ipst)) { 989 /* ip_process translates an IS_UNDER_IPMP */ 990 mp = ip_process(IPP_LOCAL_OUT, mp, ill, ill); 991 if (mp == NULL) { 992 /* ip_drop_packet and MIB done */ 993 return (0); /* Might just be delayed */ 994 } 995 } 996 997 /* 998 * To handle IPsec/iptun's labeling needs we need to tag packets 999 * while we still have ixa_tsl 1000 */ 1001 if (is_system_labeled() && ixa->ixa_tsl != NULL && 1002 (ill->ill_mactype == DL_6TO4 || ill->ill_mactype == DL_IPV4 || 1003 ill->ill_mactype == DL_IPV6)) { 1004 cred_t *newcr; 1005 1006 newcr = copycred_from_tslabel(ixa->ixa_cred, ixa->ixa_tsl, 1007 KM_NOSLEEP); 1008 if (newcr == NULL) { 1009 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1010 ip_drop_output("ipIfStatsOutDiscards - newcr", 1011 mp, ill); 1012 freemsg(mp); 1013 return (ENOBUFS); 1014 } 1015 mblk_setcred(mp, newcr, NOPID); 1016 crfree(newcr); /* mblk_setcred did its own crhold */ 1017 } 1018 1019 /* 1020 * IXAF_IPV6_ADD_FRAGHDR is set for CGTP so that we will add a 1021 * fragment header without fragmenting. CGTP on the receiver will 1022 * filter duplicates on the ident field. 1023 */ 1024 if (pktlen > ixa->ixa_fragsize || 1025 (ixaflags & (IXAF_IPSEC_SECURE|IXAF_IPV6_ADD_FRAGHDR))) { 1026 uint32_t ident = 0; 1027 1028 if (ixaflags & IXAF_IPSEC_SECURE) 1029 pktlen += ipsec_out_extra_length(ixa); 1030 1031 if (pktlen > IP_MAXPACKET) 1032 return (EMSGSIZE); 1033 1034 if (ixaflags & IXAF_SET_ULP_CKSUM) { 1035 /* 1036 * Compute ULP checksum using software 1037 */ 1038 if (!ip_output_sw_cksum_v6(mp, ip6h, ixa)) { 1039 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1040 ip_drop_output("ipIfStatsOutDiscards", mp, ill); 1041 freemsg(mp); 1042 return (EINVAL); 1043 } 1044 /* Avoid checksum again below if we only add fraghdr */ 1045 ixaflags &= ~IXAF_SET_ULP_CKSUM; 1046 } 1047 1048 /* 1049 * If we need a fragment header, pick the ident and insert 1050 * the header before IPsec to we have a place to store 1051 * the ident value. 1052 */ 1053 if ((ixaflags & IXAF_IPV6_ADD_FRAGHDR) || 1054 pktlen > ixa->ixa_fragsize) { 1055 /* 1056 * If this packet would generate a icmp_frag_needed 1057 * message, we need to handle it before we do the IPsec 1058 * processing. Otherwise, we need to strip the IPsec 1059 * headers before we send up the message to the ULPs 1060 * which becomes messy and difficult. 1061 */ 1062 if ((pktlen > ixa->ixa_fragsize) && 1063 (ixaflags & IXAF_DONTFRAG)) { 1064 /* Generate ICMP and return error */ 1065 ip_recv_attr_t iras; 1066 1067 DTRACE_PROBE4(ip6__fragsize__fail, 1068 uint_t, pktlen, uint_t, ixa->ixa_fragsize, 1069 uint_t, ixa->ixa_pktlen, 1070 uint_t, ixa->ixa_pmtu); 1071 1072 bzero(&iras, sizeof (iras)); 1073 /* Map ixa to ira including IPsec policies */ 1074 ipsec_out_to_in(ixa, ill, &iras); 1075 1076 ip_drop_output("ICMP6_PKT_TOO_BIG", mp, ill); 1077 icmp_pkt2big_v6(mp, ixa->ixa_fragsize, B_TRUE, 1078 &iras); 1079 /* We moved any IPsec refs from ixa to iras */ 1080 ira_cleanup(&iras, B_FALSE); 1081 return (EMSGSIZE); 1082 } 1083 DTRACE_PROBE4(ip6__fragsize__ok, uint_t, pktlen, 1084 uint_t, ixa->ixa_fragsize, uint_t, ixa->ixa_pktlen, 1085 uint_t, ixa->ixa_pmtu); 1086 /* 1087 * Assign an ident value for this packet. There could 1088 * be other threads targeting the same destination, so 1089 * we have to arrange for a atomic increment. 1090 * Normally ixa_extra_ident is 0, but in the case of 1091 * LSO it will be the number of TCP segments that the 1092 * driver/hardware will extraly construct. 1093 * 1094 * Note that cl_inet_ipident has only been used for 1095 * IPv4. We don't use it here. 1096 */ 1097 ident = atomic_add_32_nv(identp, ixa->ixa_extra_ident + 1098 1); 1099 ixa->ixa_ident = ident; /* In case we do IPsec */ 1100 } 1101 if (ixaflags & IXAF_IPSEC_SECURE) { 1102 /* 1103 * Pass in sufficient information so that 1104 * IPsec can determine whether to fragment, and 1105 * which function to call after fragmentation. 1106 */ 1107 return (ipsec_out_process(mp, ixa)); 1108 } 1109 1110 mp = ip_fraghdr_add_v6(mp, ident, ixa); 1111 if (mp == NULL) { 1112 /* MIB and ip_drop_output already done */ 1113 return (ENOMEM); 1114 } 1115 ASSERT(pktlen == ixa->ixa_pktlen); 1116 pktlen += sizeof (ip6_frag_t); 1117 1118 if (pktlen > ixa->ixa_fragsize) { 1119 return (ip_fragment_v6(mp, ixa->ixa_nce, ixaflags, 1120 pktlen, ixa->ixa_fragsize, 1121 ixa->ixa_xmit_hint, ixa->ixa_zoneid, 1122 ixa->ixa_no_loop_zoneid, ixa->ixa_postfragfn, 1123 &ixa->ixa_cookie)); 1124 } 1125 } 1126 if (ixaflags & IXAF_SET_ULP_CKSUM) { 1127 /* Compute ULP checksum and IP header checksum */ 1128 /* An IS_UNDER_IPMP ill is ok here */ 1129 if (!ip_output_cksum_v6(ixaflags, mp, ip6h, ixa, ill)) { 1130 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1131 ip_drop_output("ipIfStatsOutDiscards", mp, ill); 1132 freemsg(mp); 1133 return (EINVAL); 1134 } 1135 } 1136 return ((ixa->ixa_postfragfn)(mp, ixa->ixa_nce, ixaflags, 1137 pktlen, ixa->ixa_xmit_hint, ixa->ixa_zoneid, 1138 ixa->ixa_no_loop_zoneid, &ixa->ixa_cookie)); 1139 } 1140 1141 /* 1142 * Post fragmentation function for RTF_MULTIRT routes. 1143 * Since IRE_MULTICASTs might have RTF_MULTIRT, this function 1144 * checks IXAF_LOOPBACK_COPY. 1145 * 1146 * If no packet is sent due to failures then we return an errno, but if at 1147 * least one succeeded we return zero. 1148 */ 1149 int 1150 ip_postfrag_multirt_v6(mblk_t *mp, nce_t *nce, iaflags_t ixaflags, 1151 uint_t pkt_len, uint32_t xmit_hint, zoneid_t szone, zoneid_t nolzid, 1152 uintptr_t *ixacookie) 1153 { 1154 irb_t *irb; 1155 ip6_t *ip6h = (ip6_t *)mp->b_rptr; 1156 ire_t *ire; 1157 ire_t *ire1; 1158 mblk_t *mp1; 1159 nce_t *nce1; 1160 ill_t *ill = nce->nce_ill; 1161 ill_t *ill1; 1162 ip_stack_t *ipst = ill->ill_ipst; 1163 int error = 0; 1164 int num_sent = 0; 1165 int err; 1166 uint_t ire_type; 1167 in6_addr_t nexthop; 1168 1169 ASSERT(!(ixaflags & IXAF_IS_IPV4)); 1170 1171 /* Check for IXAF_LOOPBACK_COPY */ 1172 if (ixaflags & IXAF_LOOPBACK_COPY) { 1173 mblk_t *mp1; 1174 1175 mp1 = copymsg(mp); 1176 if (mp1 == NULL) { 1177 /* Failed to deliver the loopback copy. */ 1178 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1179 ip_drop_output("ipIfStatsOutDiscards", mp, ill); 1180 error = ENOBUFS; 1181 } else { 1182 ip_postfrag_loopback(mp1, nce, ixaflags, pkt_len, 1183 nolzid); 1184 } 1185 } 1186 1187 /* 1188 * Loop over RTF_MULTIRT for ip6_dst in the same bucket. Send 1189 * a copy to each one. 1190 * Use the nce (nexthop) and ip6_dst to find the ire. 1191 * 1192 * MULTIRT is not designed to work with shared-IP zones thus we don't 1193 * need to pass a zoneid or a label to the IRE lookup. 1194 */ 1195 if (IN6_ARE_ADDR_EQUAL(&nce->nce_addr, &ip6h->ip6_dst)) { 1196 /* Broadcast and multicast case */ 1197 ire = ire_ftable_lookup_v6(&ip6h->ip6_dst, 0, 0, 0, NULL, 1198 ALL_ZONES, NULL, MATCH_IRE_DSTONLY, 0, ipst, NULL); 1199 } else { 1200 /* Unicast case */ 1201 ire = ire_ftable_lookup_v6(&ip6h->ip6_dst, 0, &nce->nce_addr, 1202 0, NULL, ALL_ZONES, NULL, MATCH_IRE_GW, 0, ipst, NULL); 1203 } 1204 1205 if (ire == NULL || 1206 (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) || 1207 !(ire->ire_flags & RTF_MULTIRT)) { 1208 /* Drop */ 1209 ip_drop_output("ip_postfrag_multirt didn't find route", 1210 mp, nce->nce_ill); 1211 if (ire != NULL) 1212 ire_refrele(ire); 1213 return (ENETUNREACH); 1214 } 1215 1216 irb = ire->ire_bucket; 1217 irb_refhold(irb); 1218 for (ire1 = irb->irb_ire; ire1 != NULL; ire1 = ire1->ire_next) { 1219 if (IRE_IS_CONDEMNED(ire1) || 1220 !(ire1->ire_flags & RTF_MULTIRT)) 1221 continue; 1222 1223 /* Note: When IPv6 uses radix tree we don't need this check */ 1224 if (!IN6_ARE_ADDR_EQUAL(&ire->ire_addr_v6, &ire1->ire_addr_v6)) 1225 continue; 1226 1227 /* Do the ire argument one after the loop */ 1228 if (ire1 == ire) 1229 continue; 1230 1231 ill1 = ire_nexthop_ill(ire1); 1232 if (ill1 == NULL) { 1233 /* 1234 * This ire might not have been picked by 1235 * ire_route_recursive, in which case ire_dep might 1236 * not have been setup yet. 1237 * We kick ire_route_recursive to try to resolve 1238 * starting at ire1. 1239 */ 1240 ire_t *ire2; 1241 uint_t match_flags = MATCH_IRE_DSTONLY; 1242 1243 if (ire1->ire_ill != NULL) 1244 match_flags |= MATCH_IRE_ILL; 1245 ire2 = ire_route_recursive_impl_v6(ire1, 1246 &ire1->ire_addr_v6, ire1->ire_type, ire1->ire_ill, 1247 ire1->ire_zoneid, NULL, match_flags, 1248 IRR_ALLOCATE, 0, ipst, NULL, NULL, NULL); 1249 if (ire2 != NULL) 1250 ire_refrele(ire2); 1251 ill1 = ire_nexthop_ill(ire1); 1252 } 1253 if (ill1 == NULL) { 1254 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1255 ip_drop_output("ipIfStatsOutDiscards - no ill", 1256 mp, ill); 1257 error = ENETUNREACH; 1258 continue; 1259 } 1260 /* Pick the addr and type to use for ndp_nce_init */ 1261 if (nce->nce_common->ncec_flags & NCE_F_MCAST) { 1262 ire_type = IRE_MULTICAST; 1263 nexthop = ip6h->ip6_dst; 1264 } else { 1265 ire_type = ire1->ire_type; /* Doesn't matter */ 1266 nexthop = ire1->ire_gateway_addr_v6; 1267 } 1268 1269 /* If IPMP meta or under, then we just drop */ 1270 if (ill1->ill_grp != NULL) { 1271 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards); 1272 ip_drop_output("ipIfStatsOutDiscards - IPMP", 1273 mp, ill1); 1274 ill_refrele(ill1); 1275 error = ENETUNREACH; 1276 continue; 1277 } 1278 1279 nce1 = ndp_nce_init(ill1, &nexthop, ire_type); 1280 if (nce1 == NULL) { 1281 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards); 1282 ip_drop_output("ipIfStatsOutDiscards - no nce", 1283 mp, ill1); 1284 ill_refrele(ill1); 1285 error = ENOBUFS; 1286 continue; 1287 } 1288 mp1 = copymsg(mp); 1289 if (mp1 == NULL) { 1290 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards); 1291 ip_drop_output("ipIfStatsOutDiscards", mp, ill1); 1292 nce_refrele(nce1); 1293 ill_refrele(ill1); 1294 error = ENOBUFS; 1295 continue; 1296 } 1297 /* Preserve HW checksum for this copy */ 1298 DB_CKSUMSTART(mp1) = DB_CKSUMSTART(mp); 1299 DB_CKSUMSTUFF(mp1) = DB_CKSUMSTUFF(mp); 1300 DB_CKSUMEND(mp1) = DB_CKSUMEND(mp); 1301 DB_CKSUMFLAGS(mp1) = DB_CKSUMFLAGS(mp); 1302 DB_LSOMSS(mp1) = DB_LSOMSS(mp); 1303 1304 ire1->ire_ob_pkt_count++; 1305 err = ip_xmit(mp1, nce1, ixaflags, pkt_len, xmit_hint, szone, 1306 0, ixacookie); 1307 if (err == 0) 1308 num_sent++; 1309 else 1310 error = err; 1311 nce_refrele(nce1); 1312 ill_refrele(ill1); 1313 } 1314 irb_refrele(irb); 1315 ire_refrele(ire); 1316 /* Finally, the main one */ 1317 err = ip_xmit(mp, nce, ixaflags, pkt_len, xmit_hint, szone, 0, 1318 ixacookie); 1319 if (err == 0) 1320 num_sent++; 1321 else 1322 error = err; 1323 if (num_sent > 0) 1324 return (0); 1325 else 1326 return (error); 1327 } 1328