1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 * Copyright 2017 OmniTI Computer Consulting, Inc. All rights reserved. 26 * Copyright 2018 Joyent, Inc. 27 * Copyright 2024 Oxide Computer Company 28 * Copyright 2025 Bill Sommerfeld <sommerfeld@hamachi.org> 29 */ 30 /* Copyright (c) 1990 Mentat Inc. */ 31 32 #include <sys/types.h> 33 #include <sys/stream.h> 34 #include <sys/strsubr.h> 35 #include <sys/dlpi.h> 36 #include <sys/strsun.h> 37 #include <sys/zone.h> 38 #include <sys/ddi.h> 39 #include <sys/sunddi.h> 40 #include <sys/cmn_err.h> 41 #include <sys/debug.h> 42 #include <sys/atomic.h> 43 44 #include <sys/systm.h> 45 #include <sys/param.h> 46 #include <sys/kmem.h> 47 #include <sys/sdt.h> 48 #include <sys/socket.h> 49 #include <sys/mac.h> 50 #include <net/if.h> 51 #include <net/if_arp.h> 52 #include <net/route.h> 53 #include <sys/sockio.h> 54 #include <netinet/in.h> 55 #include <net/if_dl.h> 56 57 #include <inet/common.h> 58 #include <inet/mi.h> 59 #include <inet/mib2.h> 60 #include <inet/nd.h> 61 #include <inet/arp.h> 62 #include <inet/snmpcom.h> 63 #include <inet/kstatcom.h> 64 65 #include <netinet/igmp_var.h> 66 #include <netinet/ip6.h> 67 #include <netinet/icmp6.h> 68 #include <netinet/sctp.h> 69 70 #include <inet/ip.h> 71 #include <inet/ip_impl.h> 72 #include <inet/ip6.h> 73 #include <inet/ip6_asp.h> 74 #include <inet/tcp.h> 75 #include <inet/ip_multi.h> 76 #include <inet/ip_if.h> 77 #include <inet/ip_ire.h> 78 #include <inet/ip_ftable.h> 79 #include <inet/ip_rts.h> 80 #include <inet/optcom.h> 81 #include <inet/ip_ndp.h> 82 #include <inet/ip_listutils.h> 83 #include <netinet/igmp.h> 84 #include <netinet/ip_mroute.h> 85 #include <inet/ipp_common.h> 86 87 #include <net/pfkeyv2.h> 88 #include <inet/sadb.h> 89 #include <inet/ipsec_impl.h> 90 #include <inet/ipdrop.h> 91 #include <inet/ip_netinfo.h> 92 93 #include <sys/pattr.h> 94 #include <inet/ipclassifier.h> 95 #include <inet/sctp_ip.h> 96 #include <inet/sctp/sctp_impl.h> 97 #include <inet/udp_impl.h> 98 #include <sys/sunddi.h> 99 100 #include <sys/tsol/label.h> 101 #include <sys/tsol/tnet.h> 102 103 #ifdef DEBUG 104 extern boolean_t skip_sctp_cksum; 105 #endif 106 107 int 108 ip_output_simple_v6(mblk_t *mp, ip_xmit_attr_t *ixa) 109 { 110 ip6_t *ip6h; 111 in6_addr_t firsthop; /* In IP header */ 112 in6_addr_t dst; /* End of source route, or ip6_dst if none */ 113 ire_t *ire; 114 in6_addr_t setsrc; 115 int error; 116 ill_t *ill = NULL; 117 dce_t *dce = NULL; 118 nce_t *nce; 119 iaflags_t ixaflags = ixa->ixa_flags; 120 ip_stack_t *ipst = ixa->ixa_ipst; 121 uint8_t *nexthdrp; 122 boolean_t repeat = B_FALSE; 123 boolean_t multirt = B_FALSE; 124 uint_t ifindex; 125 int64_t now; 126 127 ip6h = (ip6_t *)mp->b_rptr; 128 ASSERT(IPH_HDR_VERSION(ip6h) == IPV6_VERSION); 129 130 ASSERT(ixa->ixa_nce == NULL); 131 132 ixa->ixa_pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 133 ASSERT(ixa->ixa_pktlen == msgdsize(mp)); 134 if (!ip_hdr_length_nexthdr_v6(mp, ip6h, &ixa->ixa_ip_hdr_length, 135 &nexthdrp)) { 136 /* Malformed packet */ 137 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 138 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 139 ip_drop_output("ipIfStatsOutDiscards", mp, NULL); 140 freemsg(mp); 141 return (EINVAL); 142 } 143 ixa->ixa_protocol = *nexthdrp; 144 145 /* 146 * Assumes that source routed packets have already been massaged by 147 * the ULP (ip_massage_options_v6) and as a result ip6_dst is the next 148 * hop in the source route. The final destination is used for IPsec 149 * policy and DCE lookup. 150 */ 151 firsthop = ip6h->ip6_dst; 152 dst = ip_get_dst_v6(ip6h, mp, NULL); 153 154 repeat_ire: 155 error = 0; 156 setsrc = ipv6_all_zeros; 157 ire = ip_select_route_v6(&firsthop, ip6h->ip6_src, ixa, NULL, &setsrc, 158 &error, &multirt); 159 ASSERT(ire != NULL); /* IRE_NOROUTE if none found */ 160 if (error != 0) { 161 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 162 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 163 ip_drop_output("ipIfStatsOutDiscards", mp, NULL); 164 freemsg(mp); 165 goto done; 166 } 167 168 if (ire->ire_flags & (RTF_BLACKHOLE|RTF_REJECT)) { 169 /* ire_ill might be NULL hence need to skip some code */ 170 if (ixaflags & IXAF_SET_SOURCE) 171 ip6h->ip6_src = ipv6_loopback; 172 ixa->ixa_fragsize = IP_MAXPACKET; 173 ire->ire_ob_pkt_count++; 174 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 175 /* No dce yet; use default one */ 176 error = (ire->ire_sendfn)(ire, mp, ip6h, ixa, 177 &ipst->ips_dce_default->dce_ident); 178 goto done; 179 } 180 181 /* Note that ip6_dst is only used for IRE_MULTICAST */ 182 nce = ire_to_nce(ire, INADDR_ANY, &ip6h->ip6_dst); 183 if (nce == NULL) { 184 /* Allocation failure? */ 185 ip_drop_output("ire_to_nce", mp, ill); 186 freemsg(mp); 187 error = ENOBUFS; 188 goto done; 189 } 190 if (nce->nce_is_condemned) { 191 nce_t *nce1; 192 193 nce1 = ire_handle_condemned_nce(nce, ire, NULL, ip6h, B_TRUE); 194 nce_refrele(nce); 195 if (nce1 == NULL) { 196 if (!repeat) { 197 /* Try finding a better IRE */ 198 repeat = B_TRUE; 199 ire_refrele(ire); 200 goto repeat_ire; 201 } 202 /* Tried twice - drop packet */ 203 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 204 ip_drop_output("No nce", mp, ill); 205 freemsg(mp); 206 error = ENOBUFS; 207 goto done; 208 } 209 nce = nce1; 210 } 211 /* 212 * For multicast with multirt we have a flag passed back from 213 * ire_lookup_multi_ill_v6 since we don't have an IRE for each 214 * possible multicast address. 215 * We also need a flag for multicast since we can't check 216 * whether RTF_MULTIRT is set in ixa_ire for multicast. 217 */ 218 if (multirt) { 219 ixa->ixa_postfragfn = ip_postfrag_multirt_v6; 220 ixa->ixa_flags |= IXAF_MULTIRT_MULTICAST; 221 } else { 222 ixa->ixa_postfragfn = ire->ire_postfragfn; 223 ixa->ixa_flags &= ~IXAF_MULTIRT_MULTICAST; 224 } 225 ASSERT(ixa->ixa_nce == NULL); 226 ixa->ixa_nce = nce; 227 228 /* 229 * Check for a dce_t with a path mtu. 230 */ 231 ifindex = 0; 232 if (IN6_IS_ADDR_LINKSCOPE(&dst)) 233 ifindex = nce->nce_common->ncec_ill->ill_phyint->phyint_ifindex; 234 235 dce = dce_lookup_v6(&dst, ifindex, ipst, NULL); 236 ASSERT(dce != NULL); 237 238 if (!(ixaflags & IXAF_PMTU_DISCOVERY)) { 239 ixa->ixa_fragsize = IPV6_MIN_MTU; 240 } else if (dce->dce_flags & DCEF_PMTU) { 241 /* 242 * To avoid a periodic timer to increase the path MTU we 243 * look at dce_last_change_time each time we send a packet. 244 */ 245 now = ddi_get_lbolt64(); 246 if (TICK_TO_SEC(now) - dce->dce_last_change_time > 247 ipst->ips_ip_pathmtu_interval) { 248 /* 249 * Older than 20 minutes. Drop the path MTU information. 250 */ 251 mutex_enter(&dce->dce_lock); 252 dce->dce_flags &= ~DCEF_PMTU; 253 dce->dce_last_change_time = TICK_TO_SEC(now); 254 mutex_exit(&dce->dce_lock); 255 dce_increment_generation(dce); 256 ixa->ixa_fragsize = ip_get_base_mtu(nce->nce_ill, ire); 257 } else { 258 uint_t fragsize; 259 260 fragsize = ip_get_base_mtu(nce->nce_ill, ire); 261 if (fragsize > dce->dce_pmtu) 262 fragsize = dce->dce_pmtu; 263 ixa->ixa_fragsize = fragsize; 264 } 265 } else { 266 ixa->ixa_fragsize = ip_get_base_mtu(nce->nce_ill, ire); 267 } 268 269 /* 270 * We use use ire_nexthop_ill (and not ncec_ill) to avoid the under ipmp 271 * interface for source address selection. 272 */ 273 ill = ire_nexthop_ill(ire); 274 275 if (ixaflags & IXAF_SET_SOURCE) { 276 in6_addr_t src; 277 278 /* 279 * We use the final destination to get 280 * correct selection for source routed packets 281 */ 282 283 /* If unreachable we have no ill but need some source */ 284 if (ill == NULL) { 285 src = ipv6_loopback; 286 error = 0; 287 } else { 288 error = ip_select_source_v6(ill, &setsrc, &dst, 289 ixa->ixa_zoneid, ipst, B_FALSE, 290 ixa->ixa_src_preferences, &src, NULL, NULL); 291 } 292 if (error != 0) { 293 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutRequests); 294 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 295 ip_drop_output("ipIfStatsOutDiscards - no source", 296 mp, ill); 297 freemsg(mp); 298 goto done; 299 } 300 ip6h->ip6_src = src; 301 } else if (ixaflags & IXAF_VERIFY_SOURCE) { 302 /* Check if the IP source is assigned to the host. */ 303 if (!ip_verify_src(mp, ixa, NULL)) { 304 /* Don't send a packet with a source that isn't ours */ 305 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 306 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 307 ip_drop_output("ipIfStatsOutDiscards - invalid source", 308 mp, ill); 309 freemsg(mp); 310 error = EADDRNOTAVAIL; 311 goto done; 312 } 313 } 314 315 /* 316 * Check against global IPsec policy to set the AH/ESP attributes. 317 * IPsec will set IXAF_IPSEC_* and ixa_ipsec_* as appropriate. 318 */ 319 if (!(ixaflags & (IXAF_NO_IPSEC|IXAF_IPSEC_SECURE))) { 320 ASSERT(ixa->ixa_ipsec_policy == NULL); 321 mp = ip_output_attach_policy(mp, NULL, ip6h, NULL, ixa); 322 if (mp == NULL) { 323 /* MIB and ip_drop_packet already done */ 324 return (EHOSTUNREACH); /* IPsec policy failure */ 325 } 326 } 327 328 if (ill != NULL) { 329 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutRequests); 330 } else { 331 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 332 } 333 334 /* 335 * We update the statistics on the most specific IRE i.e., the first 336 * one we found. 337 * We don't have an IRE when we fragment, hence ire_ob_pkt_count 338 * can only count the use prior to fragmentation. However the MIB 339 * counters on the ill will be incremented in post fragmentation. 340 */ 341 ire->ire_ob_pkt_count++; 342 343 /* 344 * Based on ire_type and ire_flags call one of: 345 * ire_send_local_v6 - for IRE_LOCAL and IRE_LOOPBACK 346 * ire_send_multirt_v6 - if RTF_MULTIRT 347 * ire_send_noroute_v6 - if RTF_REJECT or RTF_BLACHOLE 348 * ire_send_multicast_v6 - for IRE_MULTICAST 349 * ire_send_wire_v6 - for the rest. 350 */ 351 error = (ire->ire_sendfn)(ire, mp, ip6h, ixa, &dce->dce_ident); 352 done: 353 ire_refrele(ire); 354 if (dce != NULL) 355 dce_refrele(dce); 356 if (ill != NULL) 357 ill_refrele(ill); 358 if (ixa->ixa_nce != NULL) 359 nce_refrele(ixa->ixa_nce); 360 ixa->ixa_nce = NULL; 361 return (error); 362 } 363 364 /* 365 * ire_sendfn() functions. 366 * These functions use the following xmit_attr: 367 * - ixa_fragsize - read to determine whether or not to fragment 368 * - IXAF_IPSEC_SECURE - to determine whether or not to invoke IPsec 369 * - ixa_ipsec_* are used inside IPsec 370 * - IXAF_LOOPBACK_COPY - for multicast 371 */ 372 373 374 /* 375 * ire_sendfn for IRE_LOCAL and IRE_LOOPBACK 376 * 377 * The checks for restrict_interzone_loopback are done in ire_route_recursive. 378 */ 379 /* ARGSUSED4 */ 380 int 381 ire_send_local_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 382 ip_xmit_attr_t *ixa, uint32_t *identp) 383 { 384 ip6_t *ip6h = (ip6_t *)iph_arg; 385 ip_stack_t *ipst = ixa->ixa_ipst; 386 ill_t *ill = ire->ire_ill; 387 ip_recv_attr_t iras; /* NOTE: No bzero for performance */ 388 uint_t pktlen = ixa->ixa_pktlen; 389 390 /* 391 * No fragmentation, no nce, and no application of IPsec. 392 * 393 * 394 * Note different order between IP provider and FW_HOOKS than in 395 * send_wire case. 396 */ 397 398 /* 399 * DTrace this as ip:::send. A packet blocked by FW_HOOKS will fire the 400 * send probe, but not the receive probe. 401 */ 402 DTRACE_IP7(send, mblk_t *, mp, conn_t *, NULL, void_ip_t *, 403 ip6h, __dtrace_ipsr_ill_t *, ill, ipha_t *, NULL, ip6_t *, ip6h, 404 int, 1); 405 406 DTRACE_PROBE4(ip6__loopback__out__start, 407 ill_t *, NULL, ill_t *, ill, 408 ip6_t *, ip6h, mblk_t *, mp); 409 410 if (HOOKS6_INTERESTED_LOOPBACK_OUT(ipst)) { 411 int error; 412 413 FW_HOOKS(ipst->ips_ip6_loopback_out_event, 414 ipst->ips_ipv6firewall_loopback_out, 415 NULL, ill, ip6h, mp, mp, 0, ipst, error); 416 417 DTRACE_PROBE1(ip6__loopback__out__end, mblk_t *, mp); 418 if (mp == NULL) 419 return (error); 420 421 /* 422 * Even if the destination was changed by the filter we use the 423 * forwarding decision that was made based on the address 424 * in ip_output/ip_set_destination. 425 */ 426 /* Length could be different */ 427 ip6h = (ip6_t *)mp->b_rptr; 428 pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 429 } 430 431 /* 432 * If a callback is enabled then we need to know the 433 * source and destination zoneids for the packet. We already 434 * have those handy. 435 */ 436 if (ipst->ips_ip6_observe.he_interested) { 437 zoneid_t szone, dzone; 438 zoneid_t stackzoneid; 439 440 stackzoneid = netstackid_to_zoneid( 441 ipst->ips_netstack->netstack_stackid); 442 443 if (stackzoneid == GLOBAL_ZONEID) { 444 /* Shared-IP zone */ 445 dzone = ire->ire_zoneid; 446 szone = ixa->ixa_zoneid; 447 } else { 448 szone = dzone = stackzoneid; 449 } 450 ipobs_hook(mp, IPOBS_HOOK_LOCAL, szone, dzone, ill, ipst); 451 } 452 453 /* Handle lo0 stats */ 454 ipst->ips_loopback_packets++; 455 456 /* 457 * Update output mib stats. Note that we can't move into the icmp 458 * sender (icmp_output etc) since they don't know the ill and the 459 * stats are per ill. 460 */ 461 if (ixa->ixa_protocol == IPPROTO_ICMPV6) { 462 icmp6_t *icmp6; 463 464 icmp6 = (icmp6_t *)((uchar_t *)ip6h + ixa->ixa_ip_hdr_length); 465 icmp_update_out_mib_v6(ill, icmp6); 466 } 467 468 DTRACE_PROBE4(ip6__loopback__in__start, 469 ill_t *, ill, ill_t *, NULL, 470 ip6_t *, ip6h, mblk_t *, mp); 471 472 if (HOOKS6_INTERESTED_LOOPBACK_IN(ipst)) { 473 int error; 474 475 FW_HOOKS(ipst->ips_ip6_loopback_in_event, 476 ipst->ips_ipv6firewall_loopback_in, 477 ill, NULL, ip6h, mp, mp, 0, ipst, error); 478 479 DTRACE_PROBE1(ip6__loopback__in__end, mblk_t *, mp); 480 if (mp == NULL) 481 return (error); 482 483 /* 484 * Even if the destination was changed by the filter we use the 485 * forwarding decision that was made based on the address 486 * in ip_output/ip_set_destination. 487 */ 488 /* Length could be different */ 489 ip6h = (ip6_t *)mp->b_rptr; 490 pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 491 } 492 493 DTRACE_IP7(receive, mblk_t *, mp, conn_t *, NULL, void_ip_t *, 494 ip6h, __dtrace_ipsr_ill_t *, ill, ipha_t *, NULL, ip6_t *, ip6h, 495 int, 1); 496 497 /* Map ixa to ira including IPsec policies */ 498 ipsec_out_to_in(ixa, ill, &iras); 499 iras.ira_pktlen = pktlen; 500 iras.ira_ttl = ip6h->ip6_hlim; 501 502 ire->ire_ib_pkt_count++; 503 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInReceives); 504 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCInOctets, pktlen); 505 506 /* Destined to ire_zoneid - use that for fanout */ 507 iras.ira_zoneid = ire->ire_zoneid; 508 509 if (is_system_labeled()) { 510 iras.ira_flags |= IRAF_SYSTEM_LABELED; 511 512 /* 513 * This updates ira_cred, ira_tsl and ira_free_flags based 514 * on the label. We don't expect this to ever fail for 515 * loopback packets, so we silently drop the packet should it 516 * fail. 517 */ 518 if (!tsol_get_pkt_label(mp, IPV6_VERSION, &iras)) { 519 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 520 ip_drop_input("tsol_get_pkt_label", mp, ill); 521 freemsg(mp); 522 return (0); 523 } 524 ASSERT(iras.ira_tsl != NULL); 525 526 /* tsol_get_pkt_label sometimes does pullupmsg */ 527 ip6h = (ip6_t *)mp->b_rptr; 528 } 529 530 ip_fanout_v6(mp, ip6h, &iras); 531 532 /* We moved any IPsec refs from ixa to iras */ 533 ira_cleanup(&iras, B_FALSE); 534 return (0); 535 } 536 537 static void 538 multirt_check_v6(ire_t *ire, ip6_t *ip6h, ip_xmit_attr_t *ixa) 539 { 540 ip_stack_t *ipst = ixa->ixa_ipst; 541 542 /* Limit the TTL on multirt packets. Do this even if IPV6_HOPLIMIT */ 543 if (ire->ire_type & IRE_MULTICAST) { 544 if (ip6h->ip6_hops > 1) { 545 ip2dbg(("ire_send_multirt_v6: forcing multicast " 546 "multirt TTL to 1 (was %d)\n", ip6h->ip6_hops)); 547 ip6h->ip6_hops = 1; 548 } 549 ixa->ixa_flags |= IXAF_NO_TTL_CHANGE; 550 } else if ((ipst->ips_ip_multirt_ttl > 0) && 551 (ip6h->ip6_hops > ipst->ips_ip_multirt_ttl)) { 552 ip6h->ip6_hops = ipst->ips_ip_multirt_ttl; 553 /* 554 * Need to ensure we don't increase the ttl should we go through 555 * ire_send_multicast. 556 */ 557 ixa->ixa_flags |= IXAF_NO_TTL_CHANGE; 558 } 559 560 /* For IPv6 this also needs to insert a fragment header */ 561 ixa->ixa_flags |= IXAF_IPV6_ADD_FRAGHDR; 562 } 563 564 /* 565 * ire_sendfn for IRE_MULTICAST 566 * 567 * Note that we do path MTU discovery by default for IPv6 multicast. But 568 * since unconnected UDP and RAW sockets don't set IXAF_PMTU_DISCOVERY 569 * only connected sockets get this by default. 570 */ 571 int 572 ire_send_multicast_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 573 ip_xmit_attr_t *ixa, uint32_t *identp) 574 { 575 ip6_t *ip6h = (ip6_t *)iph_arg; 576 ip_stack_t *ipst = ixa->ixa_ipst; 577 ill_t *ill = ire->ire_ill; 578 iaflags_t ixaflags = ixa->ixa_flags; 579 580 /* 581 * The IRE_MULTICAST is the same whether or not multirt is in use. 582 * Hence we need special-case code. 583 */ 584 if (ixaflags & IXAF_MULTIRT_MULTICAST) 585 multirt_check_v6(ire, ip6h, ixa); 586 587 /* 588 * Check if anything in ip_input_v6 wants a copy of the transmitted 589 * packet (after IPsec and fragmentation) 590 * 591 * 1. Multicast routers always need a copy unless SO_DONTROUTE is set 592 * RSVP and the rsvp daemon is an example of a 593 * protocol and user level process that 594 * handles it's own routing. Hence, it uses the 595 * SO_DONTROUTE option to accomplish this. 596 * 2. If the sender has set IP_MULTICAST_LOOP, then we just 597 * check whether there are any receivers for the group on the ill 598 * (ignoring the zoneid). 599 * 3. If IP_MULTICAST_LOOP is not set, then we check if there are 600 * any members in other shared-IP zones. 601 * If such members exist, then we indicate that the sending zone 602 * shouldn't get a loopback copy to preserve the IP_MULTICAST_LOOP 603 * behavior. 604 * 605 * When we loopback we skip hardware checksum to make sure loopback 606 * copy is checksumed. 607 * 608 * Note that ire_ill is the upper in the case of IPMP. 609 */ 610 ixa->ixa_flags &= ~(IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM); 611 if (ipst->ips_ip_g_mrouter && ill->ill_mrouter_cnt > 0 && 612 !(ixaflags & IXAF_DONTROUTE)) { 613 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM; 614 } else if (ixaflags & IXAF_MULTICAST_LOOP) { 615 /* 616 * If this zone or any other zone has members then loopback 617 * a copy. 618 */ 619 if (ill_hasmembers_v6(ill, &ip6h->ip6_dst)) 620 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM; 621 } else if (ipst->ips_netstack->netstack_numzones > 1) { 622 /* 623 * This zone should not have a copy. But there are some other 624 * zones which might have members. 625 */ 626 if (ill_hasmembers_otherzones_v6(ill, &ip6h->ip6_dst, 627 ixa->ixa_zoneid)) { 628 ixa->ixa_flags |= IXAF_NO_LOOP_ZONEID_SET; 629 ixa->ixa_no_loop_zoneid = ixa->ixa_zoneid; 630 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM; 631 } 632 } 633 634 /* 635 * Unless IPV6_HOPLIMIT or ire_send_multirt_v6 already set a ttl, 636 * force the ttl to the IP_MULTICAST_TTL value 637 */ 638 if (!(ixaflags & IXAF_NO_TTL_CHANGE)) { 639 ip6h->ip6_hops = ixa->ixa_multicast_ttl; 640 } 641 642 return (ire_send_wire_v6(ire, mp, ip6h, ixa, identp)); 643 } 644 645 /* 646 * ire_sendfn for IREs with RTF_MULTIRT 647 */ 648 int 649 ire_send_multirt_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 650 ip_xmit_attr_t *ixa, uint32_t *identp) 651 { 652 ip6_t *ip6h = (ip6_t *)iph_arg; 653 654 multirt_check_v6(ire, ip6h, ixa); 655 656 if (ire->ire_type & IRE_MULTICAST) 657 return (ire_send_multicast_v6(ire, mp, ip6h, ixa, identp)); 658 else 659 return (ire_send_wire_v6(ire, mp, ip6h, ixa, identp)); 660 } 661 662 /* 663 * ire_sendfn for IREs with RTF_REJECT/RTF_BLACKHOLE, including IRE_NOROUTE 664 */ 665 /* ARGSUSED4 */ 666 int 667 ire_send_noroute_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 668 ip_xmit_attr_t *ixa, uint32_t *identp) 669 { 670 ip6_t *ip6h = (ip6_t *)iph_arg; 671 ip_stack_t *ipst = ixa->ixa_ipst; 672 ill_t *ill; 673 ip_recv_attr_t iras; 674 boolean_t dummy; 675 676 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutNoRoutes); 677 678 if (ire->ire_type & IRE_NOROUTE) { 679 /* A lack of a route as opposed to RTF_REJECT|BLACKHOLE */ 680 ip_rts_change_v6(RTM_MISS, &ip6h->ip6_dst, 0, 0, 0, 0, 0, 0, 681 RTA_DST, ipst); 682 } 683 684 if (ire->ire_flags & RTF_BLACKHOLE) { 685 ip_drop_output("ipIfStatsOutNoRoutes RTF_BLACKHOLE", mp, NULL); 686 freemsg(mp); 687 /* No error even for local senders - silent blackhole */ 688 return (0); 689 } 690 ip_drop_output("ipIfStatsOutNoRoutes RTF_REJECT", mp, NULL); 691 692 /* 693 * We need an ill_t for the ip_recv_attr_t even though this packet 694 * was never received and icmp_unreachable doesn't currently use 695 * ira_ill. 696 */ 697 ill = ill_lookup_on_name("lo0", B_FALSE, 698 !(ixa->ixa_flags & IRAF_IS_IPV4), &dummy, ipst); 699 if (ill == NULL) { 700 freemsg(mp); 701 return (EHOSTUNREACH); 702 } 703 704 bzero(&iras, sizeof (iras)); 705 /* Map ixa to ira including IPsec policies */ 706 ipsec_out_to_in(ixa, ill, &iras); 707 708 icmp_unreachable_v6(mp, ICMP6_DST_UNREACH_NOROUTE, B_FALSE, &iras); 709 /* We moved any IPsec refs from ixa to iras */ 710 ira_cleanup(&iras, B_FALSE); 711 712 ill_refrele(ill); 713 return (EHOSTUNREACH); 714 } 715 716 /* 717 * Calculate a checksum ignoring any hardware capabilities 718 * 719 * Returns B_FALSE if the packet was too short for the checksum. Caller 720 * should free and do stats. 721 */ 722 static boolean_t 723 ip_output_sw_cksum_v6(mblk_t *mp, ip6_t *ip6h, ip_xmit_attr_t *ixa) 724 { 725 ip_stack_t *ipst = ixa->ixa_ipst; 726 uint_t pktlen = ixa->ixa_pktlen; 727 uint16_t *cksump; 728 uint32_t cksum; 729 uint8_t protocol = ixa->ixa_protocol; 730 uint16_t ip_hdr_length = ixa->ixa_ip_hdr_length; 731 732 #define iphs ((uint16_t *)ip6h) 733 734 /* Just in case it contained garbage */ 735 DB_CKSUMFLAGS(mp) &= ~HCK_FLAGS; 736 737 /* 738 * Calculate ULP checksum 739 */ 740 if (protocol == IPPROTO_TCP) { 741 cksump = IPH_TCPH_CHECKSUMP(ip6h, ip_hdr_length); 742 cksum = IP_TCP_CSUM_COMP; 743 } else if (protocol == IPPROTO_UDP) { 744 cksump = IPH_UDPH_CHECKSUMP(ip6h, ip_hdr_length); 745 cksum = IP_UDP_CSUM_COMP; 746 } else if (protocol == IPPROTO_SCTP) { 747 sctp_hdr_t *sctph; 748 749 ASSERT(MBLKL(mp) >= (ip_hdr_length + sizeof (*sctph))); 750 sctph = (sctp_hdr_t *)(mp->b_rptr + ip_hdr_length); 751 /* 752 * Zero out the checksum field to ensure proper 753 * checksum calculation. 754 */ 755 sctph->sh_chksum = 0; 756 #ifdef DEBUG 757 if (!skip_sctp_cksum) 758 #endif 759 sctph->sh_chksum = sctp_cksum(mp, ip_hdr_length); 760 return (B_TRUE); 761 } else if (ixa->ixa_flags & IXAF_SET_RAW_CKSUM) { 762 /* 763 * icmp has placed length and routing 764 * header adjustment in the checksum field. 765 */ 766 cksump = (uint16_t *)(((uint8_t *)ip6h) + ip_hdr_length + 767 ixa->ixa_raw_cksum_offset); 768 cksum = htons(protocol); 769 } else if (protocol == IPPROTO_ICMPV6) { 770 cksump = IPH_ICMPV6_CHECKSUMP(ip6h, ip_hdr_length); 771 cksum = IP_ICMPV6_CSUM_COMP; /* Pseudo-header cksum */ 772 } else { 773 return (B_TRUE); 774 } 775 776 /* ULP puts the checksum field is in the first mblk */ 777 ASSERT(((uchar_t *)cksump) + sizeof (uint16_t) <= mp->b_wptr); 778 779 /* 780 * We accumulate the pseudo header checksum in cksum. 781 * This is pretty hairy code, so watch close. One 782 * thing to keep in mind is that UDP and TCP have 783 * stored their respective datagram lengths in their 784 * checksum fields. This lines things up real nice. 785 */ 786 cksum += iphs[4] + iphs[5] + iphs[6] + iphs[7] + 787 iphs[8] + iphs[9] + iphs[10] + iphs[11] + 788 iphs[12] + iphs[13] + iphs[14] + iphs[15] + 789 iphs[16] + iphs[17] + iphs[18] + iphs[19]; 790 cksum = IP_CSUM(mp, ip_hdr_length, cksum); 791 792 /* 793 * For UDP/IPv6 a zero UDP checksum is not allowed. 794 * Change to 0xffff 795 */ 796 if (protocol == IPPROTO_UDP && cksum == 0) 797 *cksump = ~cksum; 798 else 799 *cksump = cksum; 800 801 IP6_STAT(ipst, ip6_out_sw_cksum); 802 IP6_STAT_UPDATE(ipst, ip6_out_sw_cksum_bytes, pktlen); 803 804 /* No IP header checksum for IPv6 */ 805 806 return (B_TRUE); 807 #undef iphs 808 } 809 810 /* There are drivers that can't do partial checksum for ICMPv6 */ 811 int nxge_cksum_workaround = 1; 812 813 /* 814 * Calculate the ULP checksum - try to use hardware. 815 * In the case of MULTIRT or multicast the 816 * IXAF_NO_HW_CKSUM is set in which case we use software. 817 * 818 * Returns B_FALSE if the packet was too short for the checksum. Caller 819 * should free and do stats. 820 */ 821 static boolean_t 822 ip_output_cksum_v6(iaflags_t ixaflags, mblk_t *mp, ip6_t *ip6h, 823 ip_xmit_attr_t *ixa, ill_t *ill) 824 { 825 uint_t pktlen = ixa->ixa_pktlen; 826 uint16_t *cksump; 827 uint16_t hck_flags; 828 uint32_t cksum; 829 uint8_t protocol = ixa->ixa_protocol; 830 uint16_t ip_hdr_length = ixa->ixa_ip_hdr_length; 831 832 #define iphs ((uint16_t *)ip6h) 833 834 if ((ixaflags & (IXAF_NO_HW_CKSUM|IXAF_SET_RAW_CKSUM)) || 835 !ILL_HCKSUM_CAPABLE(ill) || 836 !dohwcksum) { 837 return (ip_output_sw_cksum_v6(mp, ip6h, ixa)); 838 } 839 840 /* 841 * Calculate ULP checksum. Note that we don't use cksump and cksum 842 * if the ill has FULL support. 843 */ 844 if (protocol == IPPROTO_TCP) { 845 cksump = IPH_TCPH_CHECKSUMP(ip6h, ip_hdr_length); 846 cksum = IP_TCP_CSUM_COMP; /* Pseudo-header cksum */ 847 } else if (protocol == IPPROTO_UDP) { 848 cksump = IPH_UDPH_CHECKSUMP(ip6h, ip_hdr_length); 849 cksum = IP_UDP_CSUM_COMP; /* Pseudo-header cksum */ 850 } else if (protocol == IPPROTO_SCTP) { 851 sctp_hdr_t *sctph; 852 853 ASSERT(MBLKL(mp) >= (ip_hdr_length + sizeof (*sctph))); 854 sctph = (sctp_hdr_t *)(mp->b_rptr + ip_hdr_length); 855 /* 856 * Zero out the checksum field to ensure proper 857 * checksum calculation. 858 */ 859 sctph->sh_chksum = 0; 860 #ifdef DEBUG 861 if (!skip_sctp_cksum) 862 #endif 863 sctph->sh_chksum = sctp_cksum(mp, ip_hdr_length); 864 goto ip_hdr_cksum; 865 } else if (protocol == IPPROTO_ICMPV6) { 866 /* 867 * Currently we assume no HW support for ICMP checksum calc. 868 * 869 * When HW support is advertised for ICMP, we'll want the 870 * following to be set: 871 * cksump = IPH_ICMPV6_CHECKSUMP(ip6h, ip_hdr_length); 872 * cksum = IP_ICMPV6_CSUM_COMP; Pseudo-header cksum 873 */ 874 875 return (ip_output_sw_cksum_v6(mp, ip6h, ixa)); 876 } else { 877 ip_hdr_cksum: 878 /* No IP header checksum for IPv6 */ 879 return (B_TRUE); 880 } 881 882 /* ULP puts the checksum field is in the first mblk */ 883 ASSERT(((uchar_t *)cksump) + sizeof (uint16_t) <= mp->b_wptr); 884 885 /* 886 * Underlying interface supports hardware checksum offload for 887 * the payload; leave the payload checksum for the hardware to 888 * calculate. N.B: We only need to set up checksum info on the 889 * first mblk. 890 */ 891 hck_flags = ill->ill_hcksum_capab->ill_hcksum_txflags; 892 893 DB_CKSUMFLAGS(mp) &= ~HCK_FLAGS; 894 if (hck_flags & HCKSUM_INET_FULL_V6) { 895 /* 896 * Hardware calculates pseudo-header, header and the 897 * payload checksums, so clear the checksum field in 898 * the protocol header. 899 */ 900 *cksump = 0; 901 DB_CKSUMFLAGS(mp) |= HCK_FULLCKSUM; 902 return (B_TRUE); 903 } 904 if (((hck_flags) & HCKSUM_INET_PARTIAL) && 905 (protocol != IPPROTO_ICMPV6 || !nxge_cksum_workaround)) { 906 /* 907 * Partial checksum offload has been enabled. Fill 908 * the checksum field in the protocol header with the 909 * pseudo-header checksum value. 910 * 911 * We accumulate the pseudo header checksum in cksum. 912 * This is pretty hairy code, so watch close. One 913 * thing to keep in mind is that UDP and TCP have 914 * stored their respective datagram lengths in their 915 * checksum fields. This lines things up real nice. 916 */ 917 cksum += iphs[4] + iphs[5] + iphs[6] + iphs[7] + 918 iphs[8] + iphs[9] + iphs[10] + iphs[11] + 919 iphs[12] + iphs[13] + iphs[14] + iphs[15] + 920 iphs[16] + iphs[17] + iphs[18] + iphs[19]; 921 cksum += *(cksump); 922 cksum = (cksum & 0xFFFF) + (cksum >> 16); 923 *(cksump) = (cksum & 0xFFFF) + (cksum >> 16); 924 925 /* 926 * Offsets are relative to beginning of IP header. 927 */ 928 DB_CKSUMSTART(mp) = ip_hdr_length; 929 DB_CKSUMSTUFF(mp) = (uint8_t *)cksump - (uint8_t *)ip6h; 930 DB_CKSUMEND(mp) = pktlen; 931 DB_CKSUMFLAGS(mp) |= HCK_PARTIALCKSUM; 932 return (B_TRUE); 933 } 934 /* Hardware capabilities include neither full nor partial IPv6 */ 935 return (ip_output_sw_cksum_v6(mp, ip6h, ixa)); 936 #undef iphs 937 } 938 939 /* 940 * ire_sendfn for offlink and onlink destinations. 941 * Also called from the multicast, and multirt send functions. 942 * 943 * Assumes that the caller has a hold on the ire. 944 * 945 * This function doesn't care if the IRE just became condemned since that 946 * can happen at any time. 947 */ 948 /* ARGSUSED */ 949 int 950 ire_send_wire_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 951 ip_xmit_attr_t *ixa, uint32_t *identp) 952 { 953 ip_stack_t *ipst = ixa->ixa_ipst; 954 ip6_t *ip6h = (ip6_t *)iph_arg; 955 iaflags_t ixaflags = ixa->ixa_flags; 956 ill_t *ill; 957 uint32_t pktlen = ixa->ixa_pktlen; 958 959 ASSERT(ixa->ixa_nce != NULL); 960 ill = ixa->ixa_nce->nce_ill; 961 962 /* 963 * Update output mib stats. Note that we can't move into the icmp 964 * sender (icmp_output etc) since they don't know the ill and the 965 * stats are per ill. 966 * 967 * With IPMP we record the stats on the upper ill. 968 */ 969 if (ixa->ixa_protocol == IPPROTO_ICMPV6) { 970 icmp6_t *icmp6; 971 972 icmp6 = (icmp6_t *)((uchar_t *)ip6h + ixa->ixa_ip_hdr_length); 973 icmp_update_out_mib_v6(ixa->ixa_nce->nce_common->ncec_ill, 974 icmp6); 975 } 976 977 if (ixaflags & IXAF_DONTROUTE) 978 ip6h->ip6_hops = 1; 979 980 /* 981 * This might set b_band, thus the IPsec and fragmentation 982 * code in IP ensures that b_band is updated in the first mblk. 983 */ 984 if (IPP_ENABLED(IPP_LOCAL_OUT, ipst)) { 985 /* ip_process translates an IS_UNDER_IPMP */ 986 mp = ip_process(IPP_LOCAL_OUT, mp, ill, ill); 987 if (mp == NULL) { 988 /* ip_drop_packet and MIB done */ 989 return (0); /* Might just be delayed */ 990 } 991 } 992 993 /* 994 * To handle IPsec/iptun's labeling needs we need to tag packets 995 * while we still have ixa_tsl 996 */ 997 if (is_system_labeled() && ixa->ixa_tsl != NULL && 998 (ill->ill_mactype == DL_6TO4 || ill->ill_mactype == DL_IPV4 || 999 ill->ill_mactype == DL_IPV6)) { 1000 cred_t *newcr; 1001 1002 newcr = copycred_from_tslabel(ixa->ixa_cred, ixa->ixa_tsl, 1003 KM_NOSLEEP); 1004 if (newcr == NULL) { 1005 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1006 ip_drop_output("ipIfStatsOutDiscards - newcr", 1007 mp, ill); 1008 freemsg(mp); 1009 return (ENOBUFS); 1010 } 1011 mblk_setcred(mp, newcr, NOPID); 1012 crfree(newcr); /* mblk_setcred did its own crhold */ 1013 } 1014 1015 /* 1016 * IXAF_IPV6_ADD_FRAGHDR is set for CGTP so that we will add a 1017 * fragment header without fragmenting. CGTP on the receiver will 1018 * filter duplicates on the ident field. 1019 */ 1020 if (pktlen > ixa->ixa_fragsize || 1021 (ixaflags & (IXAF_IPSEC_SECURE|IXAF_IPV6_ADD_FRAGHDR))) { 1022 uint32_t ident = 0; 1023 1024 if (ixaflags & IXAF_IPSEC_SECURE) 1025 pktlen += ipsec_out_extra_length(ixa); 1026 1027 if (pktlen > IP_MAXPACKET) 1028 return (EMSGSIZE); 1029 1030 if (ixaflags & IXAF_SET_ULP_CKSUM) { 1031 /* 1032 * Compute ULP checksum using software 1033 */ 1034 if (!ip_output_sw_cksum_v6(mp, ip6h, ixa)) { 1035 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1036 ip_drop_output("ipIfStatsOutDiscards", mp, ill); 1037 freemsg(mp); 1038 return (EINVAL); 1039 } 1040 /* Avoid checksum again below if we only add fraghdr */ 1041 ixaflags &= ~IXAF_SET_ULP_CKSUM; 1042 } 1043 1044 /* 1045 * If we need a fragment header, pick the ident and insert 1046 * the header before IPsec to we have a place to store 1047 * the ident value. 1048 */ 1049 if ((ixaflags & IXAF_IPV6_ADD_FRAGHDR) || 1050 pktlen > ixa->ixa_fragsize) { 1051 /* 1052 * If this packet would generate a icmp_frag_needed 1053 * message, we need to handle it before we do the IPsec 1054 * processing. Otherwise, we need to strip the IPsec 1055 * headers before we send up the message to the ULPs 1056 * which becomes messy and difficult. 1057 */ 1058 if ((pktlen > ixa->ixa_fragsize) && 1059 (ixaflags & IXAF_DONTFRAG)) { 1060 /* Generate ICMP and return error */ 1061 ip_recv_attr_t iras; 1062 1063 DTRACE_PROBE4(ip6__fragsize__fail, 1064 uint_t, pktlen, uint_t, ixa->ixa_fragsize, 1065 uint_t, ixa->ixa_pktlen, 1066 uint_t, ixa->ixa_pmtu); 1067 1068 bzero(&iras, sizeof (iras)); 1069 /* Map ixa to ira including IPsec policies */ 1070 ipsec_out_to_in(ixa, ill, &iras); 1071 iras.ira_ttl = ip6h->ip6_hlim; 1072 1073 ip_drop_output("ICMP6_PKT_TOO_BIG", mp, ill); 1074 icmp_pkt2big_v6(mp, ixa->ixa_fragsize, B_TRUE, 1075 &iras); 1076 /* We moved any IPsec refs from ixa to iras */ 1077 ira_cleanup(&iras, B_FALSE); 1078 return (EMSGSIZE); 1079 } 1080 DTRACE_PROBE4(ip6__fragsize__ok, uint_t, pktlen, 1081 uint_t, ixa->ixa_fragsize, uint_t, ixa->ixa_pktlen, 1082 uint_t, ixa->ixa_pmtu); 1083 /* 1084 * Assign an ident value for this packet. There could 1085 * be other threads targeting the same destination, so 1086 * we have to arrange for a atomic increment. 1087 * Normally ixa_extra_ident is 0, but in the case of 1088 * LSO it will be the number of TCP segments that the 1089 * driver/hardware will extraly construct. 1090 * 1091 * Note that cl_inet_ipident has only been used for 1092 * IPv4. We don't use it here. 1093 */ 1094 ident = atomic_add_32_nv(identp, ixa->ixa_extra_ident + 1095 1); 1096 ixa->ixa_ident = ident; /* In case we do IPsec */ 1097 } 1098 if (ixaflags & IXAF_IPSEC_SECURE) { 1099 /* 1100 * Pass in sufficient information so that 1101 * IPsec can determine whether to fragment, and 1102 * which function to call after fragmentation. 1103 */ 1104 return (ipsec_out_process(mp, ixa)); 1105 } 1106 1107 mp = ip_fraghdr_add_v6(mp, ident, ixa); 1108 if (mp == NULL) { 1109 /* MIB and ip_drop_output already done */ 1110 return (ENOMEM); 1111 } 1112 ASSERT(pktlen == ixa->ixa_pktlen); 1113 pktlen += sizeof (ip6_frag_t); 1114 1115 if (pktlen > ixa->ixa_fragsize) { 1116 return (ip_fragment_v6(mp, ixa->ixa_nce, ixaflags, 1117 pktlen, ixa->ixa_fragsize, 1118 ixa->ixa_xmit_hint, ixa->ixa_zoneid, 1119 ixa->ixa_no_loop_zoneid, ixa->ixa_postfragfn, 1120 &ixa->ixa_cookie)); 1121 } 1122 } 1123 if (ixaflags & IXAF_SET_ULP_CKSUM) { 1124 /* Compute ULP checksum and IP header checksum */ 1125 /* An IS_UNDER_IPMP ill is ok here */ 1126 if (!ip_output_cksum_v6(ixaflags, mp, ip6h, ixa, ill)) { 1127 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1128 ip_drop_output("ipIfStatsOutDiscards", mp, ill); 1129 freemsg(mp); 1130 return (EINVAL); 1131 } 1132 } 1133 return ((ixa->ixa_postfragfn)(mp, ixa->ixa_nce, ixaflags, 1134 pktlen, ixa->ixa_xmit_hint, ixa->ixa_zoneid, 1135 ixa->ixa_no_loop_zoneid, &ixa->ixa_cookie)); 1136 } 1137 1138 /* 1139 * Post fragmentation function for RTF_MULTIRT routes. 1140 * Since IRE_MULTICASTs might have RTF_MULTIRT, this function 1141 * checks IXAF_LOOPBACK_COPY. 1142 * 1143 * If no packet is sent due to failures then we return an errno, but if at 1144 * least one succeeded we return zero. 1145 */ 1146 int 1147 ip_postfrag_multirt_v6(mblk_t *mp, nce_t *nce, iaflags_t ixaflags, 1148 uint_t pkt_len, uint32_t xmit_hint, zoneid_t szone, zoneid_t nolzid, 1149 uintptr_t *ixacookie) 1150 { 1151 irb_t *irb; 1152 ip6_t *ip6h = (ip6_t *)mp->b_rptr; 1153 ire_t *ire; 1154 ire_t *ire1; 1155 mblk_t *mp1; 1156 nce_t *nce1; 1157 ill_t *ill = nce->nce_ill; 1158 ill_t *ill1; 1159 ip_stack_t *ipst = ill->ill_ipst; 1160 int error = 0; 1161 int num_sent = 0; 1162 int err; 1163 uint_t ire_type; 1164 in6_addr_t nexthop; 1165 1166 ASSERT(!(ixaflags & IXAF_IS_IPV4)); 1167 1168 /* Check for IXAF_LOOPBACK_COPY */ 1169 if (ixaflags & IXAF_LOOPBACK_COPY) { 1170 mblk_t *mp1; 1171 1172 mp1 = copymsg(mp); 1173 if (mp1 == NULL) { 1174 /* Failed to deliver the loopback copy. */ 1175 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1176 ip_drop_output("ipIfStatsOutDiscards", mp, ill); 1177 error = ENOBUFS; 1178 } else { 1179 ip_postfrag_loopback(mp1, nce, ixaflags, pkt_len, 1180 nolzid); 1181 } 1182 } 1183 1184 /* 1185 * Loop over RTF_MULTIRT for ip6_dst in the same bucket. Send 1186 * a copy to each one. 1187 * Use the nce (nexthop) and ip6_dst to find the ire. 1188 * 1189 * MULTIRT is not designed to work with shared-IP zones thus we don't 1190 * need to pass a zoneid or a label to the IRE lookup. 1191 */ 1192 if (IN6_ARE_ADDR_EQUAL(&nce->nce_addr, &ip6h->ip6_dst)) { 1193 /* Broadcast and multicast case */ 1194 ire = ire_ftable_lookup_v6(&ip6h->ip6_dst, 0, 0, 0, NULL, 1195 ALL_ZONES, NULL, MATCH_IRE_DSTONLY, 0, ipst, NULL); 1196 } else { 1197 /* Unicast case */ 1198 ire = ire_ftable_lookup_v6(&ip6h->ip6_dst, 0, &nce->nce_addr, 1199 0, NULL, ALL_ZONES, NULL, MATCH_IRE_GW, 0, ipst, NULL); 1200 } 1201 1202 if (ire == NULL || 1203 (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) || 1204 !(ire->ire_flags & RTF_MULTIRT)) { 1205 /* Drop */ 1206 ip_drop_output("ip_postfrag_multirt didn't find route", 1207 mp, nce->nce_ill); 1208 if (ire != NULL) 1209 ire_refrele(ire); 1210 return (ENETUNREACH); 1211 } 1212 1213 irb = ire->ire_bucket; 1214 irb_refhold(irb); 1215 for (ire1 = irb->irb_ire; ire1 != NULL; ire1 = ire1->ire_next) { 1216 if (IRE_IS_CONDEMNED(ire1) || 1217 !(ire1->ire_flags & RTF_MULTIRT)) 1218 continue; 1219 1220 /* Note: When IPv6 uses radix tree we don't need this check */ 1221 if (!IN6_ARE_ADDR_EQUAL(&ire->ire_addr_v6, &ire1->ire_addr_v6)) 1222 continue; 1223 1224 /* Do the ire argument one after the loop */ 1225 if (ire1 == ire) 1226 continue; 1227 1228 ill1 = ire_nexthop_ill(ire1); 1229 if (ill1 == NULL) { 1230 /* 1231 * This ire might not have been picked by 1232 * ire_route_recursive, in which case ire_dep might 1233 * not have been setup yet. 1234 * We kick ire_route_recursive to try to resolve 1235 * starting at ire1. 1236 */ 1237 ire_t *ire2; 1238 uint_t match_flags = MATCH_IRE_DSTONLY; 1239 1240 if (ire1->ire_ill != NULL) 1241 match_flags |= MATCH_IRE_ILL; 1242 ire2 = ire_route_recursive_impl_v6(ire1, 1243 &ire1->ire_addr_v6, ire1->ire_type, ire1->ire_ill, 1244 ire1->ire_zoneid, NULL, match_flags, 1245 IRR_ALLOCATE, 0, ipst, NULL, NULL, NULL); 1246 if (ire2 != NULL) 1247 ire_refrele(ire2); 1248 ill1 = ire_nexthop_ill(ire1); 1249 } 1250 if (ill1 == NULL) { 1251 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1252 ip_drop_output("ipIfStatsOutDiscards - no ill", 1253 mp, ill); 1254 error = ENETUNREACH; 1255 continue; 1256 } 1257 /* Pick the addr and type to use for ndp_nce_init */ 1258 if (nce->nce_common->ncec_flags & NCE_F_MCAST) { 1259 ire_type = IRE_MULTICAST; 1260 nexthop = ip6h->ip6_dst; 1261 } else { 1262 ire_type = ire1->ire_type; /* Doesn't matter */ 1263 nexthop = ire1->ire_gateway_addr_v6; 1264 } 1265 1266 /* If IPMP meta or under, then we just drop */ 1267 if (ill1->ill_grp != NULL) { 1268 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards); 1269 ip_drop_output("ipIfStatsOutDiscards - IPMP", 1270 mp, ill1); 1271 ill_refrele(ill1); 1272 error = ENETUNREACH; 1273 continue; 1274 } 1275 1276 nce1 = ndp_nce_init(ill1, &nexthop, ire_type); 1277 if (nce1 == NULL) { 1278 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards); 1279 ip_drop_output("ipIfStatsOutDiscards - no nce", 1280 mp, ill1); 1281 ill_refrele(ill1); 1282 error = ENOBUFS; 1283 continue; 1284 } 1285 mp1 = copymsg(mp); 1286 if (mp1 == NULL) { 1287 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards); 1288 ip_drop_output("ipIfStatsOutDiscards", mp, ill1); 1289 nce_refrele(nce1); 1290 ill_refrele(ill1); 1291 error = ENOBUFS; 1292 continue; 1293 } 1294 /* Preserve HW checksum for this copy */ 1295 DB_CKSUMSTART(mp1) = DB_CKSUMSTART(mp); 1296 DB_CKSUMSTUFF(mp1) = DB_CKSUMSTUFF(mp); 1297 DB_CKSUMEND(mp1) = DB_CKSUMEND(mp); 1298 DB_CKSUMFLAGS(mp1) = DB_CKSUMFLAGS(mp); 1299 DB_LSOMSS(mp1) = DB_LSOMSS(mp); 1300 1301 ire1->ire_ob_pkt_count++; 1302 err = ip_xmit(mp1, nce1, ixaflags, pkt_len, xmit_hint, szone, 1303 0, ixacookie); 1304 if (err == 0) 1305 num_sent++; 1306 else 1307 error = err; 1308 nce_refrele(nce1); 1309 ill_refrele(ill1); 1310 } 1311 irb_refrele(irb); 1312 ire_refrele(ire); 1313 /* Finally, the main one */ 1314 err = ip_xmit(mp, nce, ixaflags, pkt_len, xmit_hint, szone, 0, 1315 ixacookie); 1316 if (err == 0) 1317 num_sent++; 1318 else 1319 error = err; 1320 if (num_sent > 0) 1321 return (0); 1322 else 1323 return (error); 1324 } 1325