1 /* 2 * sppp.c - Solaris STREAMS PPP multiplexing pseudo-driver 3 * 4 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 5 * Use is subject to license terms. 6 * Copyright (c) 2016 by Delphix. All rights reserved. 7 * 8 * Permission to use, copy, modify, and distribute this software and its 9 * documentation is hereby granted, provided that the above copyright 10 * notice appears in all copies. 11 * 12 * SUN MAKES NO REPRESENTATION OR WARRANTIES ABOUT THE SUITABILITY OF 13 * THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 14 * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 15 * PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SUN SHALL NOT BE LIABLE FOR 16 * ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR 17 * DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES 18 * 19 * Copyright (c) 1994 The Australian National University. 20 * All rights reserved. 21 * 22 * Permission to use, copy, modify, and distribute this software and its 23 * documentation is hereby granted, provided that the above copyright 24 * notice appears in all copies. This software is provided without any 25 * warranty, express or implied. The Australian National University 26 * makes no representations about the suitability of this software for 27 * any purpose. 28 * 29 * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY 30 * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES 31 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF 32 * THE AUSTRALIAN NATIONAL UNIVERSITY HAS BEEN ADVISED OF THE POSSIBILITY 33 * OF SUCH DAMAGE. 34 * 35 * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES, 36 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 37 * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS 38 * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO 39 * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, 40 * OR MODIFICATIONS. 41 * 42 * This driver is derived from the original SVR4 STREAMS PPP driver 43 * originally written by Paul Mackerras <paul.mackerras@cs.anu.edu.au>. 44 * 45 * Adi Masputra <adi.masputra@sun.com> rewrote and restructured the code 46 * for improved performance and scalability. 47 */ 48 49 #define RCSID "$Id: sppp.c,v 1.0 2000/05/08 01:10:12 masputra Exp $" 50 51 #include <sys/types.h> 52 #include <sys/debug.h> 53 #include <sys/param.h> 54 #include <sys/stat.h> 55 #include <sys/stream.h> 56 #include <sys/stropts.h> 57 #include <sys/sysmacros.h> 58 #include <sys/errno.h> 59 #include <sys/time.h> 60 #include <sys/cmn_err.h> 61 #include <sys/kmem.h> 62 #include <sys/conf.h> 63 #include <sys/dlpi.h> 64 #include <sys/ddi.h> 65 #include <sys/kstat.h> 66 #include <sys/strsun.h> 67 #include <sys/ethernet.h> 68 #include <sys/policy.h> 69 #include <sys/zone.h> 70 #include <net/ppp_defs.h> 71 #include <net/pppio.h> 72 #include "sppp.h" 73 #include "s_common.h" 74 75 /* 76 * This is used to tag official Solaris sources. Please do not define 77 * "INTERNAL_BUILD" when building this software outside of Sun Microsystems. 78 */ 79 #ifdef INTERNAL_BUILD 80 /* MODINFO is limited to 32 characters. */ 81 const char sppp_module_description[] = "PPP 4.0 mux"; 82 #else /* INTERNAL_BUILD */ 83 const char sppp_module_description[] = "ANU PPP mux"; 84 85 /* LINTED */ 86 static const char buildtime[] = "Built " __DATE__ " at " __TIME__ 87 #ifdef DEBUG 88 " DEBUG" 89 #endif 90 "\n"; 91 #endif /* INTERNAL_BUILD */ 92 93 static void sppp_inner_ioctl(queue_t *, mblk_t *); 94 static void sppp_outer_ioctl(queue_t *, mblk_t *); 95 static queue_t *sppp_send(queue_t *, mblk_t **, spppstr_t *); 96 static queue_t *sppp_recv(queue_t *, mblk_t **, spppstr_t *); 97 static void sppp_recv_nondata(queue_t *, mblk_t *, spppstr_t *); 98 static queue_t *sppp_outpkt(queue_t *, mblk_t **, int, spppstr_t *); 99 static spppstr_t *sppp_inpkt(queue_t *, mblk_t *, spppstr_t *); 100 static int sppp_kstat_update(kstat_t *, int); 101 static void sppp_release_pkts(sppa_t *, uint16_t); 102 103 /* 104 * sps_list contains the list of active per-stream instance state structures 105 * ordered on the minor device number (see sppp.h for details). All streams 106 * opened to this driver are threaded together in this list. 107 */ 108 static spppstr_t *sps_list = NULL; 109 /* 110 * ppa_list contains the list of active per-attachment instance state 111 * structures ordered on the ppa id number (see sppp.h for details). All of 112 * the ppa structures created once per PPPIO_NEWPPA ioctl are threaded together 113 * in this list. There is exactly one ppa structure for a given PPP interface, 114 * and multiple sps streams (upper streams) may share a ppa by performing 115 * an attachment explicitly (PPPIO_ATTACH) or implicitly (DL_ATTACH_REQ). 116 */ 117 static sppa_t *ppa_list = NULL; 118 119 static const char *kstats_names[] = { SPPP_KSTATS_NAMES }; 120 static const char *kstats64_names[] = { SPPP_KSTATS64_NAMES }; 121 122 /* 123 * map proto (which is an IANA defined ppp network protocol) to 124 * a bit position indicated by NP_* in ppa_npflag 125 */ 126 static uint32_t 127 sppp_ppp2np(uint16_t proto) 128 { 129 switch (proto) { 130 case PPP_IP: 131 return (NP_IP); 132 case PPP_IPV6: 133 return (NP_IPV6); 134 default: 135 return (0); 136 } 137 } 138 139 /* 140 * sppp_open() 141 * 142 * MT-Perimeters: 143 * exclusive inner, exclusive outer. 144 * 145 * Description: 146 * Common open procedure for module. 147 */ 148 /* ARGSUSED */ 149 int 150 sppp_open(queue_t *q, dev_t *devp, int oflag, int sflag, cred_t *credp) 151 { 152 spppstr_t *sps; 153 spppstr_t **nextmn; 154 minor_t mn; 155 156 ASSERT(q != NULL && devp != NULL); 157 ASSERT(sflag != MODOPEN); 158 159 if (q->q_ptr != NULL) { 160 return (0); /* already open */ 161 } 162 if (sflag != CLONEOPEN) { 163 return (OPENFAIL); 164 } 165 /* 166 * The sps list is sorted using the minor number as the key. The 167 * following code walks the list to find the lowest valued minor 168 * number available to be used. 169 */ 170 mn = 0; 171 for (nextmn = &sps_list; (sps = *nextmn) != NULL; 172 nextmn = &sps->sps_nextmn) { 173 if (sps->sps_mn_id != mn) { 174 break; 175 } 176 ++mn; 177 } 178 sps = (spppstr_t *)kmem_zalloc(sizeof (spppstr_t), KM_SLEEP); 179 ASSERT(sps != NULL); /* KM_SLEEP must never return NULL */ 180 sps->sps_nextmn = *nextmn; /* insert stream in global list */ 181 *nextmn = sps; 182 sps->sps_mn_id = mn; /* save minor id for this stream */ 183 sps->sps_rq = q; /* save read queue pointer */ 184 sps->sps_sap = -1; /* no sap bound to stream */ 185 sps->sps_dlstate = DL_UNATTACHED; /* dlpi state is unattached */ 186 sps->sps_npmode = NPMODE_DROP; /* drop all packets initially */ 187 sps->sps_zoneid = crgetzoneid(credp); 188 q->q_ptr = WR(q)->q_ptr = (caddr_t)sps; 189 /* 190 * We explicitly disable the automatic queue scheduling for the 191 * write-side to obtain complete control over queuing during transmit. 192 * Packets will be queued at the upper write queue and the service 193 * routine will not be called until it gets scheduled by having the 194 * lower write service routine call the qenable(WR(uq)) for all streams 195 * attached to the same ppa instance. 196 */ 197 noenable(WR(q)); 198 *devp = makedevice(getmajor(*devp), mn); 199 qprocson(q); 200 return (0); 201 } 202 203 /* 204 * Free storage used by a PPA. This is not called until the last PPA 205 * user closes their connection or reattaches to a different PPA. 206 */ 207 static void 208 sppp_free_ppa(sppa_t *ppa) 209 { 210 sppa_t **nextppa; 211 212 ASSERT(ppa->ppa_refcnt == 1); 213 if (ppa->ppa_kstats != NULL) { 214 kstat_delete(ppa->ppa_kstats); 215 ppa->ppa_kstats = NULL; 216 } 217 mutex_destroy(&ppa->ppa_sta_lock); 218 mutex_destroy(&ppa->ppa_npmutex); 219 rw_destroy(&ppa->ppa_sib_lock); 220 nextppa = &ppa_list; 221 while (*nextppa != NULL) { 222 if (*nextppa == ppa) { 223 *nextppa = ppa->ppa_nextppa; 224 break; 225 } 226 nextppa = &(*nextppa)->ppa_nextppa; 227 } 228 kmem_free(ppa, sizeof (*ppa)); 229 } 230 231 /* 232 * Create a new PPA. Caller must be exclusive on outer perimeter. 233 */ 234 sppa_t * 235 sppp_create_ppa(uint32_t ppa_id, zoneid_t zoneid) 236 { 237 sppa_t *ppa; 238 sppa_t *curppa; 239 sppa_t **availppa; 240 char unit[32]; /* Unit name */ 241 const char **cpp; 242 kstat_t *ksp; 243 kstat_named_t *knt; 244 245 /* 246 * NOTE: unit *must* be named for the driver 247 * name plus the ppa number so that netstat 248 * can find the statistics. 249 */ 250 (void) sprintf(unit, "%s" "%d", PPP_DRV_NAME, ppa_id); 251 /* 252 * Make sure we can allocate a buffer to 253 * contain the ppa to be sent upstream, as 254 * well as the actual ppa structure and its 255 * associated kstat structure. 256 */ 257 ppa = (sppa_t *)kmem_zalloc(sizeof (sppa_t), 258 KM_NOSLEEP); 259 ksp = kstat_create(PPP_DRV_NAME, ppa_id, unit, "net", KSTAT_TYPE_NAMED, 260 sizeof (sppp_kstats_t) / sizeof (kstat_named_t), 0); 261 262 if (ppa == NULL || ksp == NULL) { 263 if (ppa != NULL) { 264 kmem_free(ppa, sizeof (sppa_t)); 265 } 266 if (ksp != NULL) { 267 kstat_delete(ksp); 268 } 269 return (NULL); 270 } 271 ppa->ppa_kstats = ksp; /* chain kstat structure */ 272 ppa->ppa_ppa_id = ppa_id; /* record ppa id */ 273 ppa->ppa_zoneid = zoneid; /* zone that owns this PPA */ 274 ppa->ppa_mtu = PPP_MAXMTU; /* 65535-(PPP_HDRLEN+PPP_FCSLEN) */ 275 ppa->ppa_mru = PPP_MAXMRU; /* 65000 */ 276 277 mutex_init(&ppa->ppa_sta_lock, NULL, MUTEX_DRIVER, NULL); 278 mutex_init(&ppa->ppa_npmutex, NULL, MUTEX_DRIVER, NULL); 279 rw_init(&ppa->ppa_sib_lock, NULL, RW_DRIVER, NULL); 280 281 /* 282 * Prepare and install kstat counters. Note that for netstat 283 * -i to work, there needs to be "ipackets", "opackets", 284 * "ierrors", and "oerrors" kstat named variables. 285 */ 286 knt = (kstat_named_t *)ksp->ks_data; 287 for (cpp = kstats_names; cpp < kstats_names + Dim(kstats_names); 288 cpp++) { 289 kstat_named_init(knt, *cpp, KSTAT_DATA_UINT32); 290 knt++; 291 } 292 for (cpp = kstats64_names; cpp < kstats64_names + Dim(kstats64_names); 293 cpp++) { 294 kstat_named_init(knt, *cpp, KSTAT_DATA_UINT64); 295 knt++; 296 } 297 ksp->ks_update = sppp_kstat_update; 298 ksp->ks_private = (void *)ppa; 299 kstat_install(ksp); 300 301 /* link to the next ppa and insert into global list */ 302 availppa = &ppa_list; 303 while ((curppa = *availppa) != NULL) { 304 if (ppa_id < curppa->ppa_ppa_id) 305 break; 306 availppa = &curppa->ppa_nextppa; 307 } 308 ppa->ppa_nextppa = *availppa; 309 *availppa = ppa; 310 return (ppa); 311 } 312 313 /* 314 * sppp_close() 315 * 316 * MT-Perimeters: 317 * exclusive inner, exclusive outer. 318 * 319 * Description: 320 * Common close procedure for module. 321 */ 322 /* ARGSUSED */ 323 int 324 sppp_close(queue_t *q, int flags __unused, cred_t *credp __unused) 325 { 326 spppstr_t *sps; 327 spppstr_t **nextmn; 328 spppstr_t *sib; 329 sppa_t *ppa; 330 mblk_t *mp; 331 332 ASSERT(q != NULL && q->q_ptr != NULL); 333 sps = (spppstr_t *)q->q_ptr; 334 qprocsoff(q); 335 336 ppa = sps->sps_ppa; 337 if (ppa == NULL) { 338 ASSERT(!IS_SPS_CONTROL(sps)); 339 goto close_unattached; 340 } 341 if (IS_SPS_CONTROL(sps)) { 342 uint32_t cnt = 0; 343 344 ASSERT(ppa != NULL); 345 ASSERT(ppa->ppa_ctl == sps); 346 ppa->ppa_ctl = NULL; 347 /* 348 * STREAMS framework always issues I_UNLINK prior to close, 349 * since we only allow I_LINK under the control stream. 350 * A given ppa structure has at most one lower stream pointed 351 * by the ppa_lower_wq field, because we only allow a single 352 * linkage (I_LINK) to be done on the control stream. 353 */ 354 ASSERT(ppa->ppa_lower_wq == NULL); 355 /* 356 * Walk through all of sibling streams attached to this ppa, 357 * and remove all references to this ppa. We have exclusive 358 * access for the entire driver here, so there's no need 359 * to hold ppa_sib_lock. 360 */ 361 cnt++; 362 sib = ppa->ppa_streams; 363 while (sib != NULL) { 364 ASSERT(ppa == sib->sps_ppa); 365 sib->sps_npmode = NPMODE_DROP; 366 sib->sps_flags &= ~(SPS_PIOATTACH | SPS_CACHED); 367 /* 368 * There should be a preallocated hangup 369 * message here. Fetch it and send it up to 370 * the stream head. This will cause IP to 371 * mark the interface as "down." 372 */ 373 if ((mp = sib->sps_hangup) != NULL) { 374 sib->sps_hangup = NULL; 375 /* 376 * M_HANGUP works with IP, but snoop 377 * is lame and requires M_ERROR. Send 378 * up a clean error code instead. 379 * 380 * XXX if snoop is fixed, fix this, too. 381 */ 382 MTYPE(mp) = M_ERROR; 383 *mp->b_wptr++ = ENXIO; 384 putnext(sib->sps_rq, mp); 385 } 386 qenable(WR(sib->sps_rq)); 387 cnt++; 388 sib = sib->sps_nextsib; 389 } 390 ASSERT(ppa->ppa_refcnt == cnt); 391 } else { 392 ASSERT(ppa->ppa_streams != NULL); 393 ASSERT(ppa->ppa_ctl != sps); 394 mp = NULL; 395 if (sps->sps_sap == PPP_IP) { 396 ppa->ppa_ip_cache = NULL; 397 mp = create_lsmsg(PPP_LINKSTAT_IPV4_UNBOUND); 398 } else if (sps->sps_sap == PPP_IPV6) { 399 ppa->ppa_ip6_cache = NULL; 400 mp = create_lsmsg(PPP_LINKSTAT_IPV6_UNBOUND); 401 } 402 /* Tell the daemon the bad news. */ 403 if (mp != NULL && ppa->ppa_ctl != NULL && 404 (sps->sps_npmode == NPMODE_PASS || 405 sps->sps_npmode == NPMODE_QUEUE)) { 406 putnext(ppa->ppa_ctl->sps_rq, mp); 407 } else { 408 freemsg(mp); 409 } 410 /* 411 * Walk through all of sibling streams attached to the 412 * same ppa, and remove this stream from the sibling 413 * streams list. We have exclusive access for the 414 * entire driver here, so there's no need to hold 415 * ppa_sib_lock. 416 */ 417 sib = ppa->ppa_streams; 418 if (sib == sps) { 419 ppa->ppa_streams = sps->sps_nextsib; 420 } else { 421 while (sib->sps_nextsib != NULL) { 422 if (sib->sps_nextsib == sps) { 423 sib->sps_nextsib = sps->sps_nextsib; 424 break; 425 } 426 sib = sib->sps_nextsib; 427 } 428 } 429 sps->sps_nextsib = NULL; 430 freemsg(sps->sps_hangup); 431 sps->sps_hangup = NULL; 432 /* 433 * Check if this is a promiscous stream. If the SPS_PROMISC bit 434 * is still set, it means that the stream is closed without 435 * ever having issued DL_DETACH_REQ or DL_PROMISCOFF_REQ. 436 * In this case, we simply decrement the promiscous counter, 437 * and it's safe to do it without holding ppa_sib_lock since 438 * we're exclusive (inner and outer) at this point. 439 */ 440 if (IS_SPS_PROMISC(sps)) { 441 ASSERT(ppa->ppa_promicnt > 0); 442 ppa->ppa_promicnt--; 443 } 444 } 445 /* If we're the only one left, then delete now. */ 446 if (ppa->ppa_refcnt <= 1) 447 sppp_free_ppa(ppa); 448 else 449 ppa->ppa_refcnt--; 450 close_unattached: 451 q->q_ptr = WR(q)->q_ptr = NULL; 452 for (nextmn = &sps_list; *nextmn != NULL; 453 nextmn = &(*nextmn)->sps_nextmn) { 454 if (*nextmn == sps) { 455 *nextmn = sps->sps_nextmn; 456 break; 457 } 458 } 459 kmem_free(sps, sizeof (spppstr_t)); 460 return (0); 461 } 462 463 static void 464 sppp_ioctl(struct queue *q, mblk_t *mp) 465 { 466 spppstr_t *sps; 467 spppstr_t *nextsib; 468 sppa_t *ppa; 469 struct iocblk *iop; 470 mblk_t *nmp; 471 enum NPmode npmode; 472 struct ppp_idle *pip; 473 struct ppp_stats64 *psp; 474 struct ppp_comp_stats *pcsp; 475 hrtime_t hrtime; 476 int sap; 477 int count = 0; 478 int error = EINVAL; 479 480 sps = (spppstr_t *)q->q_ptr; 481 ppa = sps->sps_ppa; 482 483 iop = (struct iocblk *)mp->b_rptr; 484 switch (iop->ioc_cmd) { 485 case PPPIO_NPMODE: 486 if (!IS_SPS_CONTROL(sps)) { 487 break; /* return EINVAL */ 488 } else if (iop->ioc_count != 2 * sizeof (uint32_t) || 489 (mp->b_cont == NULL)) { 490 error = EPROTO; 491 break; 492 } 493 ASSERT(ppa != NULL); 494 ASSERT(mp->b_cont->b_rptr != NULL); 495 ASSERT(sps->sps_npmode == NPMODE_PASS); 496 sap = ((uint32_t *)mp->b_cont->b_rptr)[0]; 497 npmode = (enum NPmode)((uint32_t *)mp->b_cont->b_rptr)[1]; 498 /* 499 * Walk the sibling streams which belong to the same 500 * ppa, and try to find a stream with matching sap 501 * number. 502 */ 503 rw_enter(&ppa->ppa_sib_lock, RW_WRITER); 504 for (nextsib = ppa->ppa_streams; nextsib != NULL; 505 nextsib = nextsib->sps_nextsib) { 506 if (nextsib->sps_sap == sap) { 507 break; /* found it */ 508 } 509 } 510 if (nextsib == NULL) { 511 rw_exit(&ppa->ppa_sib_lock); 512 break; /* return EINVAL */ 513 } else { 514 nextsib->sps_npmode = npmode; 515 if ((nextsib->sps_npmode != NPMODE_QUEUE) && 516 (WR(nextsib->sps_rq)->q_first != NULL)) { 517 qenable(WR(nextsib->sps_rq)); 518 } 519 } 520 rw_exit(&ppa->ppa_sib_lock); 521 error = 0; /* return success */ 522 break; 523 case PPPIO_GIDLE: 524 if (ppa == NULL) { 525 ASSERT(!IS_SPS_CONTROL(sps)); 526 error = ENOLINK; 527 break; 528 } else if (!IS_PPA_TIMESTAMP(ppa)) { 529 break; /* return EINVAL */ 530 } 531 if ((nmp = allocb(sizeof (struct ppp_idle), 532 BPRI_MED)) == NULL) { 533 mutex_enter(&ppa->ppa_sta_lock); 534 ppa->ppa_allocbfail++; 535 mutex_exit(&ppa->ppa_sta_lock); 536 error = ENOSR; 537 break; 538 } 539 if (mp->b_cont != NULL) { 540 freemsg(mp->b_cont); 541 } 542 mp->b_cont = nmp; 543 pip = (struct ppp_idle *)nmp->b_wptr; 544 nmp->b_wptr += sizeof (struct ppp_idle); 545 /* 546 * Get current timestamp and subtract the tx and rx 547 * timestamps to get the actual idle time to be 548 * returned. 549 */ 550 hrtime = gethrtime(); 551 pip->xmit_idle = (hrtime - ppa->ppa_lasttx) / 1000000000ul; 552 pip->recv_idle = (hrtime - ppa->ppa_lastrx) / 1000000000ul; 553 count = msgsize(nmp); 554 error = 0; 555 break; /* return success (error is 0) */ 556 case PPPIO_GTYPE: 557 nmp = allocb(sizeof (uint32_t), BPRI_MED); 558 if (nmp == NULL) { 559 error = ENOSR; 560 break; 561 } 562 if (mp->b_cont != NULL) { 563 freemsg(mp->b_cont); 564 } 565 mp->b_cont = nmp; 566 /* 567 * Let the requestor know that we are the PPP 568 * multiplexer (PPPTYP_MUX). 569 */ 570 *(uint32_t *)nmp->b_wptr = PPPTYP_MUX; 571 nmp->b_wptr += sizeof (uint32_t); 572 count = msgsize(nmp); 573 error = 0; /* return success */ 574 break; 575 case PPPIO_GETSTAT64: 576 if (ppa == NULL) { 577 break; /* return EINVAL */ 578 } else if ((ppa->ppa_lower_wq != NULL) && 579 !IS_PPA_LASTMOD(ppa)) { 580 mutex_enter(&ppa->ppa_sta_lock); 581 /* 582 * We match sps_ioc_id on the M_IOC{ACK,NAK}, 583 * so if the response hasn't come back yet, 584 * new ioctls must be queued instead. 585 */ 586 if (IS_SPS_IOCQ(sps)) { 587 mutex_exit(&ppa->ppa_sta_lock); 588 if (!putq(q, mp)) { 589 error = EAGAIN; 590 break; 591 } 592 return; 593 } else { 594 ppa->ppa_ioctlsfwd++; 595 /* 596 * Record the ioctl CMD & ID - this will be 597 * used to check the ACK or NAK responses 598 * coming from below. 599 */ 600 sps->sps_ioc_id = iop->ioc_id; 601 sps->sps_flags |= SPS_IOCQ; 602 mutex_exit(&ppa->ppa_sta_lock); 603 } 604 putnext(ppa->ppa_lower_wq, mp); 605 return; /* don't ack or nak the request */ 606 } 607 nmp = allocb(sizeof (*psp), BPRI_MED); 608 if (nmp == NULL) { 609 mutex_enter(&ppa->ppa_sta_lock); 610 ppa->ppa_allocbfail++; 611 mutex_exit(&ppa->ppa_sta_lock); 612 error = ENOSR; 613 break; 614 } 615 if (mp->b_cont != NULL) { 616 freemsg(mp->b_cont); 617 } 618 mp->b_cont = nmp; 619 psp = (struct ppp_stats64 *)nmp->b_wptr; 620 /* 621 * Copy the contents of ppp_stats64 structure for this 622 * ppa and return them to the caller. 623 */ 624 mutex_enter(&ppa->ppa_sta_lock); 625 bcopy(&ppa->ppa_stats, psp, sizeof (*psp)); 626 mutex_exit(&ppa->ppa_sta_lock); 627 nmp->b_wptr += sizeof (*psp); 628 count = sizeof (*psp); 629 error = 0; /* return success */ 630 break; 631 case PPPIO_GETCSTAT: 632 if (ppa == NULL) { 633 break; /* return EINVAL */ 634 } else if ((ppa->ppa_lower_wq != NULL) && 635 !IS_PPA_LASTMOD(ppa)) { 636 mutex_enter(&ppa->ppa_sta_lock); 637 /* 638 * See comments in PPPIO_GETSTAT64 case 639 * in sppp_ioctl(). 640 */ 641 if (IS_SPS_IOCQ(sps)) { 642 mutex_exit(&ppa->ppa_sta_lock); 643 if (!putq(q, mp)) { 644 error = EAGAIN; 645 break; 646 } 647 return; 648 } else { 649 ppa->ppa_ioctlsfwd++; 650 /* 651 * Record the ioctl CMD & ID - this will be 652 * used to check the ACK or NAK responses 653 * coming from below. 654 */ 655 sps->sps_ioc_id = iop->ioc_id; 656 sps->sps_flags |= SPS_IOCQ; 657 mutex_exit(&ppa->ppa_sta_lock); 658 } 659 putnext(ppa->ppa_lower_wq, mp); 660 return; /* don't ack or nak the request */ 661 } 662 nmp = allocb(sizeof (struct ppp_comp_stats), BPRI_MED); 663 if (nmp == NULL) { 664 mutex_enter(&ppa->ppa_sta_lock); 665 ppa->ppa_allocbfail++; 666 mutex_exit(&ppa->ppa_sta_lock); 667 error = ENOSR; 668 break; 669 } 670 if (mp->b_cont != NULL) { 671 freemsg(mp->b_cont); 672 } 673 mp->b_cont = nmp; 674 pcsp = (struct ppp_comp_stats *)nmp->b_wptr; 675 nmp->b_wptr += sizeof (struct ppp_comp_stats); 676 bzero((caddr_t)pcsp, sizeof (struct ppp_comp_stats)); 677 count = msgsize(nmp); 678 error = 0; /* return success */ 679 break; 680 } 681 682 if (error == 0) { 683 /* Success; tell the user. */ 684 miocack(q, mp, count, 0); 685 } else { 686 /* Failure; send error back upstream. */ 687 miocnak(q, mp, 0, error); 688 } 689 } 690 691 /* 692 * sppp_uwput() 693 * 694 * MT-Perimeters: 695 * shared inner, shared outer. 696 * 697 * Description: 698 * Upper write-side put procedure. Messages from above arrive here. 699 */ 700 int 701 sppp_uwput(queue_t *q, mblk_t *mp) 702 { 703 queue_t *nextq; 704 spppstr_t *sps; 705 sppa_t *ppa; 706 struct iocblk *iop; 707 int error; 708 709 ASSERT(q != NULL && q->q_ptr != NULL); 710 ASSERT(mp != NULL && mp->b_rptr != NULL); 711 sps = (spppstr_t *)q->q_ptr; 712 ppa = sps->sps_ppa; 713 714 switch (MTYPE(mp)) { 715 case M_PCPROTO: 716 case M_PROTO: 717 if (IS_SPS_CONTROL(sps)) { 718 ASSERT(ppa != NULL); 719 /* 720 * Intentionally change this to a high priority 721 * message so it doesn't get queued up. M_PROTO is 722 * specifically used for signalling between pppd and its 723 * kernel-level component(s), such as ppptun, so we 724 * make sure that it doesn't get queued up behind 725 * data messages. 726 */ 727 MTYPE(mp) = M_PCPROTO; 728 if ((ppa->ppa_lower_wq != NULL) && 729 canputnext(ppa->ppa_lower_wq)) { 730 mutex_enter(&ppa->ppa_sta_lock); 731 ppa->ppa_mctlsfwd++; 732 mutex_exit(&ppa->ppa_sta_lock); 733 putnext(ppa->ppa_lower_wq, mp); 734 } else { 735 mutex_enter(&ppa->ppa_sta_lock); 736 ppa->ppa_mctlsfwderr++; 737 mutex_exit(&ppa->ppa_sta_lock); 738 freemsg(mp); 739 } 740 } else { 741 (void) sppp_mproto(q, mp, sps); 742 return (0); 743 } 744 break; 745 case M_DATA: 746 if ((nextq = sppp_send(q, &mp, sps)) != NULL) 747 putnext(nextq, mp); 748 break; 749 case M_IOCTL: 750 error = EINVAL; 751 iop = (struct iocblk *)mp->b_rptr; 752 switch (iop->ioc_cmd) { 753 case DLIOCRAW: 754 case DL_IOC_HDR_INFO: 755 case PPPIO_ATTACH: 756 case PPPIO_DEBUG: 757 case PPPIO_DETACH: 758 case PPPIO_LASTMOD: 759 case PPPIO_MRU: 760 case PPPIO_MTU: 761 case PPPIO_USETIMESTAMP: 762 case PPPIO_BLOCKNP: 763 case PPPIO_UNBLOCKNP: 764 qwriter(q, mp, sppp_inner_ioctl, PERIM_INNER); 765 return (0); 766 case I_LINK: 767 case I_UNLINK: 768 case PPPIO_NEWPPA: 769 qwriter(q, mp, sppp_outer_ioctl, PERIM_OUTER); 770 return (0); 771 case PPPIO_NPMODE: 772 case PPPIO_GIDLE: 773 case PPPIO_GTYPE: 774 case PPPIO_GETSTAT64: 775 case PPPIO_GETCSTAT: 776 /* 777 * These require additional auto variables to 778 * handle, so (for optimization reasons) 779 * they're moved off to a separate function. 780 */ 781 sppp_ioctl(q, mp); 782 return (0); 783 case PPPIO_GETSTAT: 784 break; /* 32 bit interface gone */ 785 default: 786 if (iop->ioc_cr == NULL || 787 secpolicy_ppp_config(iop->ioc_cr) != 0) { 788 error = EPERM; 789 break; 790 } else if ((ppa == NULL) || 791 (ppa->ppa_lower_wq == NULL)) { 792 break; /* return EINVAL */ 793 } 794 mutex_enter(&ppa->ppa_sta_lock); 795 /* 796 * See comments in PPPIO_GETSTAT64 case 797 * in sppp_ioctl(). 798 */ 799 if (IS_SPS_IOCQ(sps)) { 800 mutex_exit(&ppa->ppa_sta_lock); 801 if (!putq(q, mp)) { 802 error = EAGAIN; 803 break; 804 } 805 return (0); 806 } else { 807 ppa->ppa_ioctlsfwd++; 808 /* 809 * Record the ioctl CMD & ID - 810 * this will be used to check the 811 * ACK or NAK responses coming from below. 812 */ 813 sps->sps_ioc_id = iop->ioc_id; 814 sps->sps_flags |= SPS_IOCQ; 815 mutex_exit(&ppa->ppa_sta_lock); 816 } 817 putnext(ppa->ppa_lower_wq, mp); 818 return (0); /* don't ack or nak the request */ 819 } 820 /* Failure; send error back upstream. */ 821 miocnak(q, mp, 0, error); 822 break; 823 case M_FLUSH: 824 if (*mp->b_rptr & FLUSHW) { 825 flushq(q, FLUSHDATA); 826 } 827 if (*mp->b_rptr & FLUSHR) { 828 *mp->b_rptr &= ~FLUSHW; 829 qreply(q, mp); 830 } else { 831 freemsg(mp); 832 } 833 break; 834 default: 835 freemsg(mp); 836 break; 837 } 838 return (0); 839 } 840 841 /* 842 * sppp_uwsrv() 843 * 844 * MT-Perimeters: 845 * exclusive inner, shared outer. 846 * 847 * Description: 848 * Upper write-side service procedure. Note that this procedure does 849 * not get called when a message is placed on our write-side queue, since 850 * automatic queue scheduling has been turned off by noenable() when 851 * the queue was opened. We do this on purpose, as we explicitly control 852 * the write-side queue. Therefore, this procedure gets called when 853 * the lower write service procedure qenable() the upper write stream queue. 854 */ 855 int 856 sppp_uwsrv(queue_t *q) 857 { 858 spppstr_t *sps; 859 sppa_t *ppa; 860 mblk_t *mp; 861 queue_t *nextq; 862 struct iocblk *iop; 863 864 ASSERT(q != NULL && q->q_ptr != NULL); 865 sps = (spppstr_t *)q->q_ptr; 866 867 while ((mp = getq(q)) != NULL) { 868 if (MTYPE(mp) == M_IOCTL) { 869 ppa = sps->sps_ppa; 870 if ((ppa == NULL) || (ppa->ppa_lower_wq == NULL)) { 871 miocnak(q, mp, 0, EINVAL); 872 continue; 873 } 874 875 iop = (struct iocblk *)mp->b_rptr; 876 mutex_enter(&ppa->ppa_sta_lock); 877 /* 878 * See comments in PPPIO_GETSTAT64 case 879 * in sppp_ioctl(). 880 */ 881 if (IS_SPS_IOCQ(sps)) { 882 mutex_exit(&ppa->ppa_sta_lock); 883 if (putbq(q, mp) == 0) 884 miocnak(q, mp, 0, EAGAIN); 885 break; 886 } else { 887 ppa->ppa_ioctlsfwd++; 888 sps->sps_ioc_id = iop->ioc_id; 889 sps->sps_flags |= SPS_IOCQ; 890 mutex_exit(&ppa->ppa_sta_lock); 891 putnext(ppa->ppa_lower_wq, mp); 892 } 893 } else if ((nextq = 894 sppp_outpkt(q, &mp, msgdsize(mp), sps)) == NULL) { 895 if (mp != NULL) { 896 if (putbq(q, mp) == 0) 897 freemsg(mp); 898 break; 899 } 900 } else { 901 putnext(nextq, mp); 902 } 903 } 904 return (0); 905 } 906 907 void 908 sppp_remove_ppa(spppstr_t *sps) 909 { 910 spppstr_t *nextsib; 911 sppa_t *ppa = sps->sps_ppa; 912 913 rw_enter(&ppa->ppa_sib_lock, RW_WRITER); 914 if (ppa->ppa_refcnt <= 1) { 915 rw_exit(&ppa->ppa_sib_lock); 916 sppp_free_ppa(ppa); 917 } else { 918 nextsib = ppa->ppa_streams; 919 if (nextsib == sps) { 920 ppa->ppa_streams = sps->sps_nextsib; 921 } else { 922 while (nextsib->sps_nextsib != NULL) { 923 if (nextsib->sps_nextsib == sps) { 924 nextsib->sps_nextsib = 925 sps->sps_nextsib; 926 break; 927 } 928 nextsib = nextsib->sps_nextsib; 929 } 930 } 931 ppa->ppa_refcnt--; 932 /* 933 * And if this stream was marked as promiscuous 934 * (SPS_PROMISC), then we need to update the 935 * promiscuous streams count. This should only happen 936 * when DL_DETACH_REQ is issued prior to marking the 937 * stream as non-promiscuous, through 938 * DL_PROMISCOFF_REQ request. 939 */ 940 if (IS_SPS_PROMISC(sps)) { 941 ASSERT(ppa->ppa_promicnt > 0); 942 ppa->ppa_promicnt--; 943 } 944 rw_exit(&ppa->ppa_sib_lock); 945 } 946 sps->sps_nextsib = NULL; 947 sps->sps_ppa = NULL; 948 freemsg(sps->sps_hangup); 949 sps->sps_hangup = NULL; 950 } 951 952 sppa_t * 953 sppp_find_ppa(uint32_t ppa_id) 954 { 955 sppa_t *ppa; 956 957 for (ppa = ppa_list; ppa != NULL; ppa = ppa->ppa_nextppa) { 958 if (ppa->ppa_ppa_id == ppa_id) { 959 break; /* found the ppa */ 960 } 961 } 962 return (ppa); 963 } 964 965 /* 966 * sppp_inner_ioctl() 967 * 968 * MT-Perimeters: 969 * exclusive inner, shared outer 970 * 971 * Description: 972 * Called by sppp_uwput as a result of receiving ioctls which require 973 * an exclusive access at the inner perimeter. 974 */ 975 static void 976 sppp_inner_ioctl(queue_t *q, mblk_t *mp) 977 { 978 spppstr_t *sps; 979 sppa_t *ppa; 980 struct iocblk *iop; 981 mblk_t *nmp; 982 int error = EINVAL; 983 int count = 0; 984 int dbgcmd; 985 int mru, mtu; 986 uint32_t ppa_id; 987 hrtime_t hrtime; 988 uint16_t proto; 989 990 ASSERT(q != NULL && q->q_ptr != NULL); 991 ASSERT(mp != NULL && mp->b_rptr != NULL); 992 993 sps = (spppstr_t *)q->q_ptr; 994 ppa = sps->sps_ppa; 995 iop = (struct iocblk *)mp->b_rptr; 996 switch (iop->ioc_cmd) { 997 case DLIOCRAW: 998 if (IS_SPS_CONTROL(sps)) { 999 break; /* return EINVAL */ 1000 } 1001 sps->sps_flags |= SPS_RAWDATA; 1002 error = 0; /* return success */ 1003 break; 1004 case DL_IOC_HDR_INFO: 1005 if (IS_SPS_CONTROL(sps)) { 1006 break; /* return EINVAL */ 1007 } else if ((mp->b_cont == NULL) || 1008 *((t_uscalar_t *)mp->b_cont->b_rptr) != DL_UNITDATA_REQ || 1009 (MBLKL(mp->b_cont) < (sizeof (dl_unitdata_req_t) + 1010 SPPP_ADDRL))) { 1011 error = EPROTO; 1012 break; 1013 } else if (ppa == NULL) { 1014 error = ENOLINK; 1015 break; 1016 } 1017 if ((nmp = allocb(PPP_HDRLEN, BPRI_MED)) == NULL) { 1018 mutex_enter(&ppa->ppa_sta_lock); 1019 ppa->ppa_allocbfail++; 1020 mutex_exit(&ppa->ppa_sta_lock); 1021 error = ENOMEM; 1022 break; 1023 } 1024 *(uchar_t *)nmp->b_wptr++ = PPP_ALLSTATIONS; 1025 *(uchar_t *)nmp->b_wptr++ = PPP_UI; 1026 *(uchar_t *)nmp->b_wptr++ = sps->sps_sap >> 8; 1027 *(uchar_t *)nmp->b_wptr++ = sps->sps_sap & 0xff; 1028 ASSERT(MBLKL(nmp) == PPP_HDRLEN); 1029 1030 linkb(mp, nmp); 1031 sps->sps_flags |= SPS_FASTPATH; 1032 error = 0; /* return success */ 1033 count = msgsize(nmp); 1034 break; 1035 case PPPIO_ATTACH: 1036 if (IS_SPS_CONTROL(sps) || IS_SPS_PIOATTACH(sps) || 1037 (sps->sps_dlstate != DL_UNATTACHED) || 1038 (iop->ioc_count != sizeof (uint32_t))) { 1039 break; /* return EINVAL */ 1040 } else if (mp->b_cont == NULL) { 1041 error = EPROTO; 1042 break; 1043 } 1044 ASSERT(mp->b_cont->b_rptr != NULL); 1045 /* If there's something here, it's detached. */ 1046 if (ppa != NULL) { 1047 sppp_remove_ppa(sps); 1048 } 1049 ppa_id = *(uint32_t *)mp->b_cont->b_rptr; 1050 ppa = sppp_find_ppa(ppa_id); 1051 /* 1052 * If we can't find it, then it's either because the requestor 1053 * has supplied a wrong ppa_id to be attached to, or because 1054 * the control stream for the specified ppa_id has been closed 1055 * before we get here. 1056 */ 1057 if (ppa == NULL) { 1058 error = ENOENT; 1059 break; 1060 } 1061 if (iop->ioc_cr == NULL || 1062 ppa->ppa_zoneid != crgetzoneid(iop->ioc_cr)) { 1063 error = EPERM; 1064 break; 1065 } 1066 /* 1067 * Preallocate the hangup message so that we're always 1068 * able to send this upstream in the event of a 1069 * catastrophic failure. 1070 */ 1071 if ((sps->sps_hangup = allocb(1, BPRI_MED)) == NULL) { 1072 error = ENOSR; 1073 break; 1074 } 1075 /* 1076 * There are two ways to attach a stream to a ppa: one is 1077 * through DLPI (DL_ATTACH_REQ) and the other is through 1078 * PPPIO_ATTACH. This is why we need to distinguish whether or 1079 * not a stream was allocated via PPPIO_ATTACH, so that we can 1080 * properly detach it when we receive PPPIO_DETACH ioctl 1081 * request. 1082 */ 1083 sps->sps_flags |= SPS_PIOATTACH; 1084 sps->sps_ppa = ppa; 1085 /* 1086 * Add this stream to the head of the list of sibling streams 1087 * which belong to the same ppa as specified. 1088 */ 1089 rw_enter(&ppa->ppa_sib_lock, RW_WRITER); 1090 ppa->ppa_refcnt++; 1091 sps->sps_nextsib = ppa->ppa_streams; 1092 ppa->ppa_streams = sps; 1093 rw_exit(&ppa->ppa_sib_lock); 1094 error = 0; /* return success */ 1095 break; 1096 case PPPIO_BLOCKNP: 1097 case PPPIO_UNBLOCKNP: 1098 if (iop->ioc_cr == NULL || 1099 secpolicy_ppp_config(iop->ioc_cr) != 0) { 1100 error = EPERM; 1101 break; 1102 } 1103 error = miocpullup(mp, sizeof (uint16_t)); 1104 if (error != 0) 1105 break; 1106 ASSERT(mp->b_cont->b_rptr != NULL); 1107 proto = *(uint16_t *)mp->b_cont->b_rptr; 1108 if (iop->ioc_cmd == PPPIO_BLOCKNP) { 1109 uint32_t npflagpos = sppp_ppp2np(proto); 1110 /* 1111 * Mark proto as blocked in ppa_npflag until the 1112 * corresponding queues for proto have been plumbed. 1113 */ 1114 if (npflagpos != 0) { 1115 mutex_enter(&ppa->ppa_npmutex); 1116 ppa->ppa_npflag |= (1 << npflagpos); 1117 mutex_exit(&ppa->ppa_npmutex); 1118 } else { 1119 error = EINVAL; 1120 } 1121 } else { 1122 /* 1123 * reset ppa_npflag and release proto 1124 * packets that were being held in control queue. 1125 */ 1126 sppp_release_pkts(ppa, proto); 1127 } 1128 break; 1129 case PPPIO_DEBUG: 1130 if (iop->ioc_cr == NULL || 1131 secpolicy_ppp_config(iop->ioc_cr) != 0) { 1132 error = EPERM; 1133 break; 1134 } else if (iop->ioc_count != sizeof (uint32_t)) { 1135 break; /* return EINVAL */ 1136 } else if (mp->b_cont == NULL) { 1137 error = EPROTO; 1138 break; 1139 } 1140 ASSERT(mp->b_cont->b_rptr != NULL); 1141 dbgcmd = *(uint32_t *)mp->b_cont->b_rptr; 1142 /* 1143 * We accept PPPDBG_LOG + PPPDBG_DRIVER value as an indication 1144 * that SPS_KDEBUG needs to be enabled for this upper stream. 1145 */ 1146 if (dbgcmd == PPPDBG_LOG + PPPDBG_DRIVER) { 1147 sps->sps_flags |= SPS_KDEBUG; 1148 error = 0; /* return success */ 1149 break; 1150 } 1151 /* 1152 * Otherwise, for any other values, we send them down only if 1153 * there is an attachment and if the attachment has something 1154 * linked underneath it. 1155 */ 1156 if ((ppa == NULL) || (ppa->ppa_lower_wq == NULL)) { 1157 error = ENOLINK; 1158 break; 1159 } 1160 mutex_enter(&ppa->ppa_sta_lock); 1161 /* 1162 * See comments in PPPIO_GETSTAT64 case 1163 * in sppp_ioctl(). 1164 */ 1165 if (IS_SPS_IOCQ(sps)) { 1166 mutex_exit(&ppa->ppa_sta_lock); 1167 if (!putq(q, mp)) { 1168 error = EAGAIN; 1169 break; 1170 } 1171 return; 1172 } else { 1173 ppa->ppa_ioctlsfwd++; 1174 /* 1175 * Record the ioctl CMD & ID - 1176 * this will be used to check the 1177 * ACK or NAK responses coming from below. 1178 */ 1179 sps->sps_ioc_id = iop->ioc_id; 1180 sps->sps_flags |= SPS_IOCQ; 1181 mutex_exit(&ppa->ppa_sta_lock); 1182 } 1183 putnext(ppa->ppa_lower_wq, mp); 1184 return; /* don't ack or nak the request */ 1185 case PPPIO_DETACH: 1186 if (!IS_SPS_PIOATTACH(sps)) { 1187 break; /* return EINVAL */ 1188 } 1189 /* 1190 * The SPS_PIOATTACH flag set on the stream tells us that 1191 * the ppa field is still valid. In the event that the control 1192 * stream be closed prior to this stream's detachment, the 1193 * SPS_PIOATTACH flag would have been cleared from this stream 1194 * during close; in that case we won't get here. 1195 */ 1196 ASSERT(ppa != NULL); 1197 ASSERT(ppa->ppa_ctl != sps); 1198 ASSERT(sps->sps_dlstate == DL_UNATTACHED); 1199 1200 /* 1201 * We don't actually detach anything until the stream is 1202 * closed or reattached. 1203 */ 1204 1205 sps->sps_flags &= ~SPS_PIOATTACH; 1206 error = 0; /* return success */ 1207 break; 1208 case PPPIO_LASTMOD: 1209 if (!IS_SPS_CONTROL(sps)) { 1210 break; /* return EINVAL */ 1211 } 1212 ASSERT(ppa != NULL); 1213 ppa->ppa_flags |= PPA_LASTMOD; 1214 error = 0; /* return success */ 1215 break; 1216 case PPPIO_MRU: 1217 if (!IS_SPS_CONTROL(sps) || 1218 (iop->ioc_count != sizeof (uint32_t))) { 1219 break; /* return EINVAL */ 1220 } else if (mp->b_cont == NULL) { 1221 error = EPROTO; 1222 break; 1223 } 1224 ASSERT(ppa != NULL); 1225 ASSERT(mp->b_cont->b_rptr != NULL); 1226 mru = *(uint32_t *)mp->b_cont->b_rptr; 1227 if ((mru <= 0) || (mru > PPP_MAXMRU)) { 1228 error = EPROTO; 1229 break; 1230 } 1231 if (mru < PPP_MRU) { 1232 mru = PPP_MRU; 1233 } 1234 ppa->ppa_mru = (uint16_t)mru; 1235 /* 1236 * If there's something beneath this driver for the ppa, then 1237 * inform it (or them) of the MRU size. Only do this is we 1238 * are not the last PPP module on the stream. 1239 */ 1240 if (!IS_PPA_LASTMOD(ppa) && (ppa->ppa_lower_wq != NULL)) { 1241 (void) putctl4(ppa->ppa_lower_wq, M_CTL, PPPCTL_MRU, 1242 mru); 1243 } 1244 error = 0; /* return success */ 1245 break; 1246 case PPPIO_MTU: 1247 if (!IS_SPS_CONTROL(sps) || 1248 (iop->ioc_count != sizeof (uint32_t))) { 1249 break; /* return EINVAL */ 1250 } else if (mp->b_cont == NULL) { 1251 error = EPROTO; 1252 break; 1253 } 1254 ASSERT(ppa != NULL); 1255 ASSERT(mp->b_cont->b_rptr != NULL); 1256 mtu = *(uint32_t *)mp->b_cont->b_rptr; 1257 if ((mtu <= 0) || (mtu > PPP_MAXMTU)) { 1258 error = EPROTO; 1259 break; 1260 } 1261 ppa->ppa_mtu = (uint16_t)mtu; 1262 /* 1263 * If there's something beneath this driver for the ppa, then 1264 * inform it (or them) of the MTU size. Only do this if we 1265 * are not the last PPP module on the stream. 1266 */ 1267 if (!IS_PPA_LASTMOD(ppa) && (ppa->ppa_lower_wq != NULL)) { 1268 (void) putctl4(ppa->ppa_lower_wq, M_CTL, PPPCTL_MTU, 1269 mtu); 1270 } 1271 error = 0; /* return success */ 1272 break; 1273 case PPPIO_USETIMESTAMP: 1274 if (!IS_SPS_CONTROL(sps)) { 1275 break; /* return EINVAL */ 1276 } 1277 if (!IS_PPA_TIMESTAMP(ppa)) { 1278 hrtime = gethrtime(); 1279 ppa->ppa_lasttx = ppa->ppa_lastrx = hrtime; 1280 ppa->ppa_flags |= PPA_TIMESTAMP; 1281 } 1282 error = 0; 1283 break; 1284 } 1285 1286 if (error == 0) { 1287 /* Success; tell the user */ 1288 miocack(q, mp, count, 0); 1289 } else { 1290 /* Failure; send error back upstream */ 1291 miocnak(q, mp, 0, error); 1292 } 1293 } 1294 1295 /* 1296 * sppp_outer_ioctl() 1297 * 1298 * MT-Perimeters: 1299 * exclusive inner, exclusive outer 1300 * 1301 * Description: 1302 * Called by sppp_uwput as a result of receiving ioctls which require 1303 * an exclusive access at the outer perimeter. 1304 */ 1305 static void 1306 sppp_outer_ioctl(queue_t *q, mblk_t *mp) 1307 { 1308 spppstr_t *sps = q->q_ptr; 1309 spppstr_t *nextsib; 1310 queue_t *lwq; 1311 sppa_t *ppa; 1312 struct iocblk *iop; 1313 int error = EINVAL; 1314 int count = 0; 1315 uint32_t ppa_id; 1316 mblk_t *nmp; 1317 zoneid_t zoneid; 1318 1319 sps = (spppstr_t *)q->q_ptr; 1320 ppa = sps->sps_ppa; 1321 iop = (struct iocblk *)mp->b_rptr; 1322 switch (iop->ioc_cmd) { 1323 case I_LINK: 1324 if (!IS_SPS_CONTROL(sps)) { 1325 break; /* return EINVAL */ 1326 } else if (ppa->ppa_lower_wq != NULL) { 1327 error = EEXIST; 1328 break; 1329 } 1330 ASSERT(ppa->ppa_ctl != NULL); 1331 ASSERT(sps->sps_npmode == NPMODE_PASS); 1332 ASSERT(mp->b_cont != NULL && mp->b_cont->b_rptr != NULL); 1333 1334 lwq = ((struct linkblk *)mp->b_cont->b_rptr)->l_qbot; 1335 ASSERT(lwq != NULL); 1336 1337 ppa->ppa_lower_wq = lwq; 1338 lwq->q_ptr = RD(lwq)->q_ptr = (caddr_t)ppa; 1339 /* 1340 * Unblock upper network streams which now feed this lower 1341 * stream. We don't need to hold ppa_sib_lock here, since we 1342 * are writer at the outer perimeter. 1343 */ 1344 if (WR(sps->sps_rq)->q_first != NULL) 1345 qenable(WR(sps->sps_rq)); 1346 for (nextsib = ppa->ppa_streams; nextsib != NULL; 1347 nextsib = nextsib->sps_nextsib) { 1348 nextsib->sps_npmode = NPMODE_PASS; 1349 if (WR(nextsib->sps_rq)->q_first != NULL) { 1350 qenable(WR(nextsib->sps_rq)); 1351 } 1352 } 1353 1354 /* 1355 * Also unblock (run once) our lower read-side queue. This is 1356 * where packets received while doing the I_LINK may be 1357 * languishing; see sppp_lrsrv. 1358 */ 1359 qenable(RD(lwq)); 1360 1361 /* 1362 * Send useful information down to the modules which are now 1363 * linked below this driver (for this particular ppa). Only 1364 * do this if we are not the last PPP module on the stream. 1365 */ 1366 if (!IS_PPA_LASTMOD(ppa)) { 1367 (void) putctl8(lwq, M_CTL, PPPCTL_UNIT, 1368 ppa->ppa_ppa_id); 1369 (void) putctl4(lwq, M_CTL, PPPCTL_MRU, ppa->ppa_mru); 1370 (void) putctl4(lwq, M_CTL, PPPCTL_MTU, ppa->ppa_mtu); 1371 } 1372 1373 if (IS_SPS_KDEBUG(sps)) { 1374 SPDEBUG(PPP_DRV_NAME 1375 "/%d: I_LINK lwq=0x%p sps=0x%p flags=0x%b ppa=0x%p " 1376 "flags=0x%b\n", sps->sps_mn_id, 1377 (void *)ppa->ppa_lower_wq, (void *)sps, 1378 sps->sps_flags, SPS_FLAGS_STR, 1379 (void *)ppa, ppa->ppa_flags, 1380 PPA_FLAGS_STR); 1381 } 1382 error = 0; /* return success */ 1383 break; 1384 case I_UNLINK: 1385 ASSERT(IS_SPS_CONTROL(sps)); 1386 ASSERT(ppa != NULL); 1387 lwq = ppa->ppa_lower_wq; 1388 ASSERT(mp->b_cont != NULL && mp->b_cont->b_rptr != NULL); 1389 ASSERT(lwq == ((struct linkblk *)mp->b_cont->b_rptr)->l_qbot); 1390 1391 if (IS_SPS_KDEBUG(sps)) { 1392 SPDEBUG(PPP_DRV_NAME 1393 "/%d: I_UNLINK lwq=0x%p sps=0x%p flags=0x%b " 1394 "ppa=0x%p flags=0x%b\n", sps->sps_mn_id, 1395 (void *)lwq, (void *)sps, sps->sps_flags, 1396 SPS_FLAGS_STR, (void *)ppa, ppa->ppa_flags, 1397 PPA_FLAGS_STR); 1398 } 1399 /* 1400 * While accessing the outer perimeter exclusively, we 1401 * disassociate our ppa's lower_wq from the lower stream linked 1402 * beneath us, and we also disassociate our control stream from 1403 * the q_ptr of the lower stream. 1404 */ 1405 lwq->q_ptr = RD(lwq)->q_ptr = NULL; 1406 ppa->ppa_lower_wq = NULL; 1407 /* 1408 * Unblock streams which now feed back up the control stream, 1409 * and acknowledge the request. We don't need to hold 1410 * ppa_sib_lock here, since we are writer at the outer 1411 * perimeter. 1412 */ 1413 if (WR(sps->sps_rq)->q_first != NULL) 1414 qenable(WR(sps->sps_rq)); 1415 for (nextsib = ppa->ppa_streams; nextsib != NULL; 1416 nextsib = nextsib->sps_nextsib) { 1417 if (WR(nextsib->sps_rq)->q_first != NULL) { 1418 qenable(WR(nextsib->sps_rq)); 1419 } 1420 } 1421 error = 0; /* return success */ 1422 break; 1423 case PPPIO_NEWPPA: 1424 /* 1425 * Do sanity check to ensure that we don't accept PPPIO_NEWPPA 1426 * on a stream which DLPI is used (since certain DLPI messages 1427 * will cause state transition reflected in sps_dlstate, 1428 * changing it from its default DL_UNATTACHED value). In other 1429 * words, we won't allow a network/snoop stream to become 1430 * a control stream. 1431 */ 1432 if (iop->ioc_cr == NULL || 1433 secpolicy_ppp_config(iop->ioc_cr) != 0) { 1434 error = EPERM; 1435 break; 1436 } else if (IS_SPS_CONTROL(sps) || IS_SPS_PIOATTACH(sps) || 1437 (ppa != NULL) || (sps->sps_dlstate != DL_UNATTACHED)) { 1438 break; /* return EINVAL */ 1439 } 1440 /* Get requested unit number (if any) */ 1441 if (iop->ioc_count == sizeof (uint32_t) && mp->b_cont != NULL) 1442 ppa_id = *(uint32_t *)mp->b_cont->b_rptr; 1443 else 1444 ppa_id = 0; 1445 /* Get mblk to use for response message */ 1446 nmp = allocb(sizeof (uint32_t), BPRI_MED); 1447 if (nmp == NULL) { 1448 error = ENOSR; 1449 break; 1450 } 1451 if (mp->b_cont != NULL) { 1452 freemsg(mp->b_cont); 1453 } 1454 mp->b_cont = nmp; /* chain our response mblk */ 1455 /* 1456 * Walk the global ppa list and determine the lowest 1457 * available ppa_id number to be used. 1458 */ 1459 if (ppa_id == (uint32_t)-1) 1460 ppa_id = 0; 1461 zoneid = crgetzoneid(iop->ioc_cr); 1462 for (ppa = ppa_list; ppa != NULL; ppa = ppa->ppa_nextppa) { 1463 if (ppa_id == (uint32_t)-2) { 1464 if (ppa->ppa_ctl == NULL && 1465 ppa->ppa_zoneid == zoneid) 1466 break; 1467 } else { 1468 if (ppa_id < ppa->ppa_ppa_id) 1469 break; 1470 if (ppa_id == ppa->ppa_ppa_id) 1471 ++ppa_id; 1472 } 1473 } 1474 if (ppa_id == (uint32_t)-2) { 1475 if (ppa == NULL) { 1476 error = ENXIO; 1477 break; 1478 } 1479 /* Clear timestamp and lastmod flags */ 1480 ppa->ppa_flags = 0; 1481 } else { 1482 ppa = sppp_create_ppa(ppa_id, zoneid); 1483 if (ppa == NULL) { 1484 error = ENOMEM; 1485 break; 1486 } 1487 } 1488 1489 sps->sps_ppa = ppa; /* chain the ppa structure */ 1490 sps->sps_npmode = NPMODE_PASS; /* network packets may travel */ 1491 sps->sps_flags |= SPS_CONTROL; /* this is the control stream */ 1492 1493 ppa->ppa_refcnt++; /* new PPA reference */ 1494 ppa->ppa_ctl = sps; /* back ptr to upper stream */ 1495 /* 1496 * Return the newly created ppa_id to the requestor and 1497 * acnowledge the request. 1498 */ 1499 *(uint32_t *)nmp->b_wptr = ppa->ppa_ppa_id; 1500 nmp->b_wptr += sizeof (uint32_t); 1501 1502 if (IS_SPS_KDEBUG(sps)) { 1503 SPDEBUG(PPP_DRV_NAME 1504 "/%d: PPPIO_NEWPPA ppa_id=%d sps=0x%p flags=0x%b " 1505 "ppa=0x%p flags=0x%b\n", sps->sps_mn_id, ppa_id, 1506 (void *)sps, sps->sps_flags, SPS_FLAGS_STR, 1507 (void *)ppa, ppa->ppa_flags, 1508 PPA_FLAGS_STR); 1509 } 1510 count = msgsize(nmp); 1511 error = 0; 1512 break; 1513 } 1514 1515 if (error == 0) { 1516 /* Success; tell the user. */ 1517 miocack(q, mp, count, 0); 1518 } else { 1519 /* Failure; send error back upstream. */ 1520 miocnak(q, mp, 0, error); 1521 } 1522 } 1523 1524 /* 1525 * sppp_send() 1526 * 1527 * MT-Perimeters: 1528 * shared inner, shared outer. 1529 * 1530 * Description: 1531 * Called by sppp_uwput to handle M_DATA message type. Returns 1532 * queue_t for putnext, or NULL to mean that the packet was 1533 * handled internally. 1534 */ 1535 static queue_t * 1536 sppp_send(queue_t *q, mblk_t **mpp, spppstr_t *sps) 1537 { 1538 mblk_t *mp; 1539 sppa_t *ppa; 1540 int is_promisc; 1541 int msize; 1542 int error = 0; 1543 queue_t *nextq; 1544 1545 ASSERT(mpp != NULL); 1546 mp = *mpp; 1547 ASSERT(q != NULL && q->q_ptr != NULL); 1548 ASSERT(mp != NULL && mp->b_rptr != NULL); 1549 ASSERT(sps != NULL); 1550 ASSERT(q->q_ptr == sps); 1551 /* 1552 * We only let M_DATA through if the sender is either the control 1553 * stream (for PPP control packets) or one of the network streams 1554 * (for IP packets) in IP fastpath mode. If this stream is not attached 1555 * to any ppas, then discard data coming down through this stream. 1556 */ 1557 ppa = sps->sps_ppa; 1558 if (ppa == NULL) { 1559 ASSERT(!IS_SPS_CONTROL(sps)); 1560 error = ENOLINK; 1561 } else if (!IS_SPS_CONTROL(sps) && !IS_SPS_FASTPATH(sps)) { 1562 error = EPROTO; 1563 } 1564 if (error != 0) { 1565 merror(q, mp, error); 1566 return (NULL); 1567 } 1568 msize = msgdsize(mp); 1569 if (msize > (ppa->ppa_mtu + PPP_HDRLEN)) { 1570 /* Log, and send it anyway */ 1571 mutex_enter(&ppa->ppa_sta_lock); 1572 ppa->ppa_otoolongs++; 1573 mutex_exit(&ppa->ppa_sta_lock); 1574 } else if (msize < PPP_HDRLEN) { 1575 /* 1576 * Log, and send it anyway. We log it because we get things 1577 * in M_DATA form here, which tells us that the sender is 1578 * either IP in fastpath transmission mode, or pppd. In both 1579 * cases, they are currently expected to send the 4-bytes 1580 * PPP header in front of any possible payloads. 1581 */ 1582 mutex_enter(&ppa->ppa_sta_lock); 1583 ppa->ppa_orunts++; 1584 mutex_exit(&ppa->ppa_sta_lock); 1585 } 1586 1587 if (IS_SPS_KDEBUG(sps)) { 1588 SPDEBUG(PPP_DRV_NAME 1589 "/%d: M_DATA send (%d bytes) sps=0x%p flags=0x%b " 1590 "ppa=0x%p flags=0x%b\n", sps->sps_mn_id, msize, 1591 (void *)sps, sps->sps_flags, SPS_FLAGS_STR, 1592 (void *)ppa, ppa->ppa_flags, PPA_FLAGS_STR); 1593 } 1594 /* 1595 * Should there be any promiscuous stream(s), send the data up 1596 * for each promiscuous stream that we recognize. Make sure that 1597 * for fastpath, we skip the PPP header in the M_DATA mblk. We skip 1598 * the control stream as we obviously never allow the control stream 1599 * to become promiscous and bind to PPP_ALLSAP. 1600 */ 1601 rw_enter(&ppa->ppa_sib_lock, RW_READER); 1602 is_promisc = sps->sps_ppa->ppa_promicnt; 1603 if (is_promisc) { 1604 ASSERT(ppa->ppa_streams != NULL); 1605 sppp_dlprsendup(ppa->ppa_streams, mp, sps->sps_sap, B_TRUE); 1606 } 1607 rw_exit(&ppa->ppa_sib_lock); 1608 /* 1609 * Only time-stamp the packet with hrtime if the upper stream 1610 * is configured to do so. PPP control (negotiation) messages 1611 * are never considered link activity; only data is activity. 1612 */ 1613 if (!IS_SPS_CONTROL(sps) && IS_PPA_TIMESTAMP(ppa)) { 1614 ppa->ppa_lasttx = gethrtime(); 1615 } 1616 /* 1617 * If there's already a message in the write-side service queue, 1618 * then queue this message there as well, otherwise, try to send 1619 * it down to the module immediately below us. 1620 */ 1621 if (q->q_first != NULL || 1622 (nextq = sppp_outpkt(q, mpp, msize, sps)) == NULL) { 1623 mp = *mpp; 1624 if (mp != NULL && putq(q, mp) == 0) { 1625 mutex_enter(&ppa->ppa_sta_lock); 1626 ppa->ppa_oqdropped++; 1627 mutex_exit(&ppa->ppa_sta_lock); 1628 freemsg(mp); 1629 } 1630 return (NULL); 1631 } 1632 return (nextq); 1633 } 1634 1635 /* 1636 * sppp_outpkt() 1637 * 1638 * MT-Perimeters: 1639 * shared inner, shared outer (if called from sppp_wput, sppp_dlunitdatareq). 1640 * exclusive inner, shared outer (if called from sppp_wsrv). 1641 * 1642 * Description: 1643 * Called from 1) sppp_uwput when processing a M_DATA fastpath message, 1644 * or 2) sppp_uwsrv when processing the upper write-side service queue. 1645 * For both cases, it prepares to send the data to the module below 1646 * this driver if there is a lower stream linked underneath. If none, then 1647 * the data will be sent upstream via the control channel to pppd. 1648 * 1649 * Returns: 1650 * Non-NULL queue_t if message should be sent now, otherwise 1651 * if *mpp == NULL, then message was freed, otherwise put *mpp 1652 * (back) on the queue. (Does not do putq/putbq, since it's 1653 * called both from srv and put procedures.) 1654 */ 1655 static queue_t * 1656 sppp_outpkt(queue_t *q, mblk_t **mpp, int msize, spppstr_t *sps) 1657 { 1658 mblk_t *mp; 1659 sppa_t *ppa; 1660 enum NPmode npmode; 1661 mblk_t *mpnew; 1662 1663 ASSERT(mpp != NULL); 1664 mp = *mpp; 1665 ASSERT(q != NULL && q->q_ptr != NULL); 1666 ASSERT(mp != NULL && mp->b_rptr != NULL); 1667 ASSERT(sps != NULL); 1668 1669 ppa = sps->sps_ppa; 1670 npmode = sps->sps_npmode; 1671 1672 if (npmode == NPMODE_QUEUE) { 1673 ASSERT(!IS_SPS_CONTROL(sps)); 1674 return (NULL); /* queue it for later */ 1675 } else if (ppa == NULL || ppa->ppa_ctl == NULL || 1676 npmode == NPMODE_DROP || npmode == NPMODE_ERROR) { 1677 /* 1678 * This can not be the control stream, as it must always have 1679 * a valid ppa, and its npmode must always be NPMODE_PASS. 1680 */ 1681 ASSERT(!IS_SPS_CONTROL(sps)); 1682 if (npmode == NPMODE_DROP) { 1683 freemsg(mp); 1684 } else { 1685 /* 1686 * If we no longer have the control stream, or if the 1687 * mode is set to NPMODE_ERROR, then we need to tell IP 1688 * that the interface need to be marked as down. In 1689 * other words, we tell IP to be quiescent. 1690 */ 1691 merror(q, mp, EPROTO); 1692 } 1693 *mpp = NULL; 1694 return (NULL); /* don't queue it */ 1695 } 1696 /* 1697 * Do we have a driver stream linked underneath ? If not, we need to 1698 * notify pppd that the link needs to be brought up and configure 1699 * this upper stream to drop subsequent outgoing packets. This is 1700 * for demand-dialing, in which case pppd has done the IP plumbing 1701 * but hasn't linked the driver stream underneath us. Therefore, when 1702 * a packet is sent down the IP interface, a notification message 1703 * will be sent up the control stream to pppd in order for it to 1704 * establish the physical link. The driver stream is then expected 1705 * to be linked underneath after physical link establishment is done. 1706 */ 1707 if (ppa->ppa_lower_wq == NULL) { 1708 ASSERT(ppa->ppa_ctl != NULL); 1709 ASSERT(ppa->ppa_ctl->sps_rq != NULL); 1710 1711 *mpp = NULL; 1712 mpnew = create_lsmsg(PPP_LINKSTAT_NEEDUP); 1713 if (mpnew == NULL) { 1714 freemsg(mp); 1715 mutex_enter(&ppa->ppa_sta_lock); 1716 ppa->ppa_allocbfail++; 1717 mutex_exit(&ppa->ppa_sta_lock); 1718 return (NULL); /* don't queue it */ 1719 } 1720 /* Include the data in the message for logging. */ 1721 mpnew->b_cont = mp; 1722 mutex_enter(&ppa->ppa_sta_lock); 1723 ppa->ppa_lsneedup++; 1724 mutex_exit(&ppa->ppa_sta_lock); 1725 /* 1726 * We need to set the mode to NPMODE_DROP, but should only 1727 * do so when this stream is not the control stream. 1728 */ 1729 if (!IS_SPS_CONTROL(sps)) { 1730 sps->sps_npmode = NPMODE_DROP; 1731 } 1732 putnext(ppa->ppa_ctl->sps_rq, mpnew); 1733 return (NULL); /* don't queue it */ 1734 } 1735 /* 1736 * If so, then try to send it down. The lower queue is only ever 1737 * detached while holding an exclusive lock on the whole driver, 1738 * so we can be confident that the lower queue is still there. 1739 */ 1740 if (bcanputnext(ppa->ppa_lower_wq, mp->b_band)) { 1741 mutex_enter(&ppa->ppa_sta_lock); 1742 ppa->ppa_stats.p.ppp_opackets++; 1743 if (IS_SPS_CONTROL(sps)) { 1744 ppa->ppa_opkt_ctl++; 1745 } 1746 ppa->ppa_stats.p.ppp_obytes += msize; 1747 mutex_exit(&ppa->ppa_sta_lock); 1748 return (ppa->ppa_lower_wq); /* don't queue it */ 1749 } 1750 return (NULL); /* queue it for later */ 1751 } 1752 1753 /* 1754 * sppp_lwsrv() 1755 * 1756 * MT-Perimeters: 1757 * exclusive inner, shared outer. 1758 * 1759 * Description: 1760 * Lower write-side service procedure. No messages are ever placed on 1761 * the write queue here, this just back-enables all upper write side 1762 * service procedures. 1763 */ 1764 int 1765 sppp_lwsrv(queue_t *q) 1766 { 1767 sppa_t *ppa; 1768 spppstr_t *nextsib; 1769 1770 ASSERT(q != NULL && q->q_ptr != NULL); 1771 ppa = (sppa_t *)q->q_ptr; 1772 ASSERT(ppa != NULL); 1773 1774 rw_enter(&ppa->ppa_sib_lock, RW_READER); 1775 if ((nextsib = ppa->ppa_ctl) != NULL && 1776 WR(nextsib->sps_rq)->q_first != NULL) 1777 qenable(WR(nextsib->sps_rq)); 1778 for (nextsib = ppa->ppa_streams; nextsib != NULL; 1779 nextsib = nextsib->sps_nextsib) { 1780 if (WR(nextsib->sps_rq)->q_first != NULL) { 1781 qenable(WR(nextsib->sps_rq)); 1782 } 1783 } 1784 rw_exit(&ppa->ppa_sib_lock); 1785 return (0); 1786 } 1787 1788 /* 1789 * sppp_lrput() 1790 * 1791 * MT-Perimeters: 1792 * shared inner, shared outer. 1793 * 1794 * Description: 1795 * Lower read-side put procedure. Messages from below get here. 1796 * Data messages are handled separately to limit stack usage 1797 * going into IP. 1798 * 1799 * Note that during I_UNLINK processing, it's possible for a downstream 1800 * message to enable upstream data (due to pass_wput() removing the 1801 * SQ_BLOCKED flag), and thus we must protect against a NULL sppa pointer. 1802 * In this case, the only thing above us is passthru, and we might as well 1803 * discard. 1804 */ 1805 int 1806 sppp_lrput(queue_t *q, mblk_t *mp) 1807 { 1808 sppa_t *ppa; 1809 spppstr_t *sps; 1810 1811 if ((ppa = q->q_ptr) == NULL) { 1812 freemsg(mp); 1813 return (0); 1814 } 1815 1816 sps = ppa->ppa_ctl; 1817 1818 if (MTYPE(mp) != M_DATA) { 1819 sppp_recv_nondata(q, mp, sps); 1820 } else if (sps == NULL) { 1821 freemsg(mp); 1822 } else if ((q = sppp_recv(q, &mp, sps)) != NULL) { 1823 putnext(q, mp); 1824 } 1825 return (0); 1826 } 1827 1828 /* 1829 * sppp_lrsrv() 1830 * 1831 * MT-Perimeters: 1832 * exclusive inner, shared outer. 1833 * 1834 * Description: 1835 * Lower read-side service procedure. This is run once after the I_LINK 1836 * occurs in order to clean up any packets that came in while we were 1837 * transferring in the lower stream. Otherwise, it's not used. 1838 */ 1839 int 1840 sppp_lrsrv(queue_t *q) 1841 { 1842 mblk_t *mp; 1843 1844 while ((mp = getq(q)) != NULL) 1845 sppp_lrput(q, mp); 1846 return (0); 1847 } 1848 1849 /* 1850 * sppp_recv_nondata() 1851 * 1852 * MT-Perimeters: 1853 * shared inner, shared outer. 1854 * 1855 * Description: 1856 * All received non-data messages come through here. 1857 */ 1858 static void 1859 sppp_recv_nondata(queue_t *q, mblk_t *mp, spppstr_t *ctlsps) 1860 { 1861 sppa_t *ppa; 1862 spppstr_t *destsps; 1863 struct iocblk *iop; 1864 1865 ppa = (sppa_t *)q->q_ptr; 1866 ctlsps = ppa->ppa_ctl; 1867 1868 switch (MTYPE(mp)) { 1869 case M_CTL: 1870 mutex_enter(&ppa->ppa_sta_lock); 1871 if (*mp->b_rptr == PPPCTL_IERROR) { 1872 ppa->ppa_stats.p.ppp_ierrors++; 1873 ppa->ppa_ierr_low++; 1874 ppa->ppa_mctlsknown++; 1875 } else if (*mp->b_rptr == PPPCTL_OERROR) { 1876 ppa->ppa_stats.p.ppp_oerrors++; 1877 ppa->ppa_oerr_low++; 1878 ppa->ppa_mctlsknown++; 1879 } else { 1880 ppa->ppa_mctlsunknown++; 1881 } 1882 mutex_exit(&ppa->ppa_sta_lock); 1883 freemsg(mp); 1884 break; 1885 case M_IOCTL: 1886 miocnak(q, mp, 0, EINVAL); 1887 break; 1888 case M_IOCACK: 1889 case M_IOCNAK: 1890 iop = (struct iocblk *)mp->b_rptr; 1891 ASSERT(iop != NULL); 1892 /* 1893 * Attempt to match up the response with the stream that the 1894 * request came from. If ioc_id doesn't match the one that we 1895 * recorded, then discard this message. 1896 */ 1897 rw_enter(&ppa->ppa_sib_lock, RW_READER); 1898 if ((destsps = ctlsps) == NULL || 1899 destsps->sps_ioc_id != iop->ioc_id) { 1900 destsps = ppa->ppa_streams; 1901 while (destsps != NULL) { 1902 if (destsps->sps_ioc_id == iop->ioc_id) { 1903 break; /* found the upper stream */ 1904 } 1905 destsps = destsps->sps_nextsib; 1906 } 1907 } 1908 rw_exit(&ppa->ppa_sib_lock); 1909 if (destsps == NULL) { 1910 mutex_enter(&ppa->ppa_sta_lock); 1911 ppa->ppa_ioctlsfwderr++; 1912 mutex_exit(&ppa->ppa_sta_lock); 1913 freemsg(mp); 1914 break; 1915 } 1916 mutex_enter(&ppa->ppa_sta_lock); 1917 ppa->ppa_ioctlsfwdok++; 1918 1919 /* 1920 * Clear SPS_IOCQ and enable the lower write side queue, 1921 * this would allow the upper stream service routine 1922 * to start processing the queue for pending messages. 1923 * sppp_lwsrv -> sppp_uwsrv. 1924 */ 1925 destsps->sps_flags &= ~SPS_IOCQ; 1926 mutex_exit(&ppa->ppa_sta_lock); 1927 qenable(WR(destsps->sps_rq)); 1928 1929 putnext(destsps->sps_rq, mp); 1930 break; 1931 case M_HANGUP: 1932 /* 1933 * Free the original mblk_t. We don't really want to send 1934 * a M_HANGUP message upstream, so we need to translate this 1935 * message into something else. 1936 */ 1937 freemsg(mp); 1938 if (ctlsps == NULL) 1939 break; 1940 mp = create_lsmsg(PPP_LINKSTAT_HANGUP); 1941 if (mp == NULL) { 1942 mutex_enter(&ppa->ppa_sta_lock); 1943 ppa->ppa_allocbfail++; 1944 mutex_exit(&ppa->ppa_sta_lock); 1945 break; 1946 } 1947 mutex_enter(&ppa->ppa_sta_lock); 1948 ppa->ppa_lsdown++; 1949 mutex_exit(&ppa->ppa_sta_lock); 1950 putnext(ctlsps->sps_rq, mp); 1951 break; 1952 case M_FLUSH: 1953 if (*mp->b_rptr & FLUSHR) { 1954 flushq(q, FLUSHDATA); 1955 } 1956 if (*mp->b_rptr & FLUSHW) { 1957 *mp->b_rptr &= ~FLUSHR; 1958 qreply(q, mp); 1959 } else { 1960 freemsg(mp); 1961 } 1962 break; 1963 default: 1964 if (ctlsps != NULL && 1965 (queclass(mp) == QPCTL) || canputnext(ctlsps->sps_rq)) { 1966 putnext(ctlsps->sps_rq, mp); 1967 } else { 1968 mutex_enter(&ppa->ppa_sta_lock); 1969 ppa->ppa_iqdropped++; 1970 mutex_exit(&ppa->ppa_sta_lock); 1971 freemsg(mp); 1972 } 1973 break; 1974 } 1975 } 1976 1977 /* 1978 * sppp_recv() 1979 * 1980 * MT-Perimeters: 1981 * shared inner, shared outer. 1982 * 1983 * Description: 1984 * Receive function called by sppp_lrput. Finds appropriate 1985 * receive stream and does accounting. 1986 */ 1987 static queue_t * 1988 sppp_recv(queue_t *q, mblk_t **mpp, spppstr_t *ctlsps) 1989 { 1990 mblk_t *mp; 1991 int len; 1992 sppa_t *ppa; 1993 spppstr_t *destsps; 1994 mblk_t *zmp; 1995 uint32_t npflagpos; 1996 1997 ASSERT(mpp != NULL); 1998 mp = *mpp; 1999 ASSERT(q != NULL && q->q_ptr != NULL); 2000 ASSERT(mp != NULL && mp->b_rptr != NULL); 2001 ASSERT(ctlsps != NULL); 2002 ASSERT(IS_SPS_CONTROL(ctlsps)); 2003 ppa = ctlsps->sps_ppa; 2004 ASSERT(ppa != NULL && ppa->ppa_ctl != NULL); 2005 2006 len = msgdsize(mp); 2007 mutex_enter(&ppa->ppa_sta_lock); 2008 ppa->ppa_stats.p.ppp_ibytes += len; 2009 mutex_exit(&ppa->ppa_sta_lock); 2010 /* 2011 * If the entire data size of the mblk is less than the length of the 2012 * PPP header, then free it. We can't do much with such message anyway, 2013 * since we can't really determine what the PPP protocol type is. 2014 */ 2015 if (len < PPP_HDRLEN) { 2016 /* Log, and free it */ 2017 mutex_enter(&ppa->ppa_sta_lock); 2018 ppa->ppa_irunts++; 2019 mutex_exit(&ppa->ppa_sta_lock); 2020 freemsg(mp); 2021 return (NULL); 2022 } else if (len > (ppa->ppa_mru + PPP_HDRLEN)) { 2023 /* Log, and accept it anyway */ 2024 mutex_enter(&ppa->ppa_sta_lock); 2025 ppa->ppa_itoolongs++; 2026 mutex_exit(&ppa->ppa_sta_lock); 2027 } 2028 /* 2029 * We need at least be able to read the PPP protocol from the header, 2030 * so if the first message block is too small, then we concatenate the 2031 * rest of the following blocks into one message. 2032 */ 2033 if (MBLKL(mp) < PPP_HDRLEN) { 2034 zmp = msgpullup(mp, PPP_HDRLEN); 2035 freemsg(mp); 2036 mp = zmp; 2037 if (mp == NULL) { 2038 mutex_enter(&ppa->ppa_sta_lock); 2039 ppa->ppa_allocbfail++; 2040 mutex_exit(&ppa->ppa_sta_lock); 2041 return (NULL); 2042 } 2043 *mpp = mp; 2044 } 2045 /* 2046 * Hold this packet in the control-queue until 2047 * the matching network-layer upper stream for the PPP protocol (sap) 2048 * has not been plumbed and configured 2049 */ 2050 npflagpos = sppp_ppp2np(PPP_PROTOCOL(mp->b_rptr)); 2051 mutex_enter(&ppa->ppa_npmutex); 2052 if (npflagpos != 0 && (ppa->ppa_npflag & (1 << npflagpos))) { 2053 /* 2054 * proto is currently blocked; Hold up to 4 packets 2055 * in the kernel. 2056 */ 2057 if (ppa->ppa_holdpkts[npflagpos] > 3 || 2058 putq(ctlsps->sps_rq, mp) == 0) 2059 freemsg(mp); 2060 else 2061 ppa->ppa_holdpkts[npflagpos]++; 2062 mutex_exit(&ppa->ppa_npmutex); 2063 return (NULL); 2064 } 2065 mutex_exit(&ppa->ppa_npmutex); 2066 /* 2067 * Try to find a matching network-layer upper stream for the specified 2068 * PPP protocol (sap), and if none is found, send this frame up the 2069 * control stream. 2070 */ 2071 destsps = sppp_inpkt(q, mp, ctlsps); 2072 if (destsps == NULL) { 2073 mutex_enter(&ppa->ppa_sta_lock); 2074 ppa->ppa_ipkt_ctl++; 2075 mutex_exit(&ppa->ppa_sta_lock); 2076 if (canputnext(ctlsps->sps_rq)) { 2077 if (IS_SPS_KDEBUG(ctlsps)) { 2078 SPDEBUG(PPP_DRV_NAME 2079 "/%d: M_DATA recv (%d bytes) sps=0x%p " 2080 "flags=0x%b ppa=0x%p flags=0x%b\n", 2081 ctlsps->sps_mn_id, len, (void *)ctlsps, 2082 ctlsps->sps_flags, SPS_FLAGS_STR, 2083 (void *)ppa, ppa->ppa_flags, 2084 PPA_FLAGS_STR); 2085 } 2086 return (ctlsps->sps_rq); 2087 } else { 2088 mutex_enter(&ppa->ppa_sta_lock); 2089 ppa->ppa_iqdropped++; 2090 mutex_exit(&ppa->ppa_sta_lock); 2091 freemsg(mp); 2092 return (NULL); 2093 } 2094 } 2095 if (canputnext(destsps->sps_rq)) { 2096 if (IS_SPS_KDEBUG(destsps)) { 2097 SPDEBUG(PPP_DRV_NAME 2098 "/%d: M_DATA recv (%d bytes) sps=0x%p flags=0x%b " 2099 "ppa=0x%p flags=0x%b\n", destsps->sps_mn_id, len, 2100 (void *)destsps, destsps->sps_flags, 2101 SPS_FLAGS_STR, (void *)ppa, ppa->ppa_flags, 2102 PPA_FLAGS_STR); 2103 } 2104 /* 2105 * If fastpath is enabled on the network-layer stream, then 2106 * make sure we skip over the PPP header, otherwise, we wrap 2107 * the message in a DLPI message. 2108 */ 2109 if (IS_SPS_FASTPATH(destsps)) { 2110 mp->b_rptr += PPP_HDRLEN; 2111 return (destsps->sps_rq); 2112 } else { 2113 spppstr_t *uqs = (spppstr_t *)destsps->sps_rq->q_ptr; 2114 ASSERT(uqs != NULL); 2115 mp->b_rptr += PPP_HDRLEN; 2116 mp = sppp_dladdud(uqs, mp, uqs->sps_sap, B_FALSE); 2117 if (mp != NULL) { 2118 *mpp = mp; 2119 return (destsps->sps_rq); 2120 } else { 2121 mutex_enter(&ppa->ppa_sta_lock); 2122 ppa->ppa_allocbfail++; 2123 mutex_exit(&ppa->ppa_sta_lock); 2124 /* mp already freed by sppp_dladdud */ 2125 return (NULL); 2126 } 2127 } 2128 } else { 2129 mutex_enter(&ppa->ppa_sta_lock); 2130 ppa->ppa_iqdropped++; 2131 mutex_exit(&ppa->ppa_sta_lock); 2132 freemsg(mp); 2133 return (NULL); 2134 } 2135 } 2136 2137 /* 2138 * sppp_inpkt() 2139 * 2140 * MT-Perimeters: 2141 * shared inner, shared outer. 2142 * 2143 * Description: 2144 * Find the destination upper stream for the received packet, called 2145 * from sppp_recv. 2146 * 2147 * Returns: 2148 * ptr to destination upper network stream, or NULL for control stream. 2149 */ 2150 /* ARGSUSED */ 2151 static spppstr_t * 2152 sppp_inpkt(queue_t *q, mblk_t *mp, spppstr_t *ctlsps) 2153 { 2154 spppstr_t *destsps = NULL; 2155 sppa_t *ppa; 2156 uint16_t proto; 2157 int is_promisc; 2158 2159 ASSERT(q != NULL && q->q_ptr != NULL); 2160 ASSERT(mp != NULL && mp->b_rptr != NULL); 2161 ASSERT(IS_SPS_CONTROL(ctlsps)); 2162 ppa = ctlsps->sps_ppa; 2163 ASSERT(ppa != NULL); 2164 /* 2165 * From RFC 1661 (Section 2): 2166 * 2167 * The Protocol field is one or two octets, and its value identifies 2168 * the datagram encapsulated in the Information field of the packet. 2169 * The field is transmitted and received most significant octet first. 2170 * 2171 * The structure of this field is consistent with the ISO 3309 2172 * extension mechanism for address fields. All Protocols MUST be odd; 2173 * the least significant bit of the least significant octet MUST equal 2174 * "1". Also, all Protocols MUST be assigned such that the least 2175 * significant bit of the most significant octet equals "0". Frames 2176 * received which don't comply with these rules MUST be treated as 2177 * having an unrecognized Protocol. 2178 * 2179 * Protocol field values in the "0***" to "3***" range identify the 2180 * network-layer protocol of specific packets, and values in the 2181 * "8***" to "b***" range identify packets belonging to the associated 2182 * Network Control Protocols (NCPs), if any. 2183 * 2184 * Protocol field values in the "4***" to "7***" range are used for 2185 * protocols with low volume traffic which have no associated NCP. 2186 * Protocol field values in the "c***" to "f***" range identify packets 2187 * as link-layer Control Protocols (such as LCP). 2188 */ 2189 proto = PPP_PROTOCOL(mp->b_rptr); 2190 mutex_enter(&ppa->ppa_sta_lock); 2191 ppa->ppa_stats.p.ppp_ipackets++; 2192 mutex_exit(&ppa->ppa_sta_lock); 2193 /* 2194 * We check if this is not a network-layer protocol, and if so, 2195 * then send this packet up the control stream. 2196 */ 2197 if (proto > 0x7fff) { 2198 goto inpkt_done; /* send it up the control stream */ 2199 } 2200 /* 2201 * Try to grab the destination upper stream from the network-layer 2202 * stream cache for this ppa for PPP_IP (0x0021) or PPP_IPV6 (0x0057) 2203 * protocol types. Otherwise, if the type is not known to the cache, 2204 * or if its sap can't be matched with any of the upper streams, then 2205 * send this packet up the control stream so that it can be rejected. 2206 */ 2207 if (proto == PPP_IP) { 2208 destsps = ppa->ppa_ip_cache; 2209 } else if (proto == PPP_IPV6) { 2210 destsps = ppa->ppa_ip6_cache; 2211 } 2212 /* 2213 * Toss this one away up the control stream if there's no matching sap; 2214 * this way the protocol can be rejected (destsps is NULL). 2215 */ 2216 2217 inpkt_done: 2218 /* 2219 * Only time-stamp the packet with hrtime if the upper stream 2220 * is configured to do so. PPP control (negotiation) messages 2221 * are never considered link activity; only data is activity. 2222 */ 2223 if (destsps != NULL && IS_PPA_TIMESTAMP(ppa)) { 2224 ppa->ppa_lastrx = gethrtime(); 2225 } 2226 /* 2227 * Should there be any promiscuous stream(s), send the data up for 2228 * each promiscuous stream that we recognize. We skip the control 2229 * stream as we obviously never allow the control stream to become 2230 * promiscous and bind to PPP_ALLSAP. 2231 */ 2232 rw_enter(&ppa->ppa_sib_lock, RW_READER); 2233 is_promisc = ppa->ppa_promicnt; 2234 if (is_promisc) { 2235 ASSERT(ppa->ppa_streams != NULL); 2236 sppp_dlprsendup(ppa->ppa_streams, mp, proto, B_TRUE); 2237 } 2238 rw_exit(&ppa->ppa_sib_lock); 2239 return (destsps); 2240 } 2241 2242 /* 2243 * sppp_kstat_update() 2244 * 2245 * Description: 2246 * Update per-ppa kstat interface statistics. 2247 */ 2248 static int 2249 sppp_kstat_update(kstat_t *ksp, int rw) 2250 { 2251 register sppa_t *ppa; 2252 register sppp_kstats_t *pppkp; 2253 register struct pppstat64 *sp; 2254 2255 if (rw == KSTAT_WRITE) { 2256 return (EACCES); 2257 } 2258 2259 ppa = (sppa_t *)ksp->ks_private; 2260 ASSERT(ppa != NULL); 2261 2262 pppkp = (sppp_kstats_t *)ksp->ks_data; 2263 sp = &ppa->ppa_stats.p; 2264 2265 mutex_enter(&ppa->ppa_sta_lock); 2266 pppkp->allocbfail.value.ui32 = ppa->ppa_allocbfail; 2267 pppkp->mctlsfwd.value.ui32 = ppa->ppa_mctlsfwd; 2268 pppkp->mctlsfwderr.value.ui32 = ppa->ppa_mctlsfwderr; 2269 pppkp->rbytes.value.ui32 = sp->ppp_ibytes; 2270 pppkp->rbytes64.value.ui64 = sp->ppp_ibytes; 2271 pppkp->ierrors.value.ui32 = sp->ppp_ierrors; 2272 pppkp->ierrors_lower.value.ui32 = ppa->ppa_ierr_low; 2273 pppkp->ioctlsfwd.value.ui32 = ppa->ppa_ioctlsfwd; 2274 pppkp->ioctlsfwdok.value.ui32 = ppa->ppa_ioctlsfwdok; 2275 pppkp->ioctlsfwderr.value.ui32 = ppa->ppa_ioctlsfwderr; 2276 pppkp->ipackets.value.ui32 = sp->ppp_ipackets; 2277 pppkp->ipackets64.value.ui64 = sp->ppp_ipackets; 2278 pppkp->ipackets_ctl.value.ui32 = ppa->ppa_ipkt_ctl; 2279 pppkp->iqdropped.value.ui32 = ppa->ppa_iqdropped; 2280 pppkp->irunts.value.ui32 = ppa->ppa_irunts; 2281 pppkp->itoolongs.value.ui32 = ppa->ppa_itoolongs; 2282 pppkp->lsneedup.value.ui32 = ppa->ppa_lsneedup; 2283 pppkp->lsdown.value.ui32 = ppa->ppa_lsdown; 2284 pppkp->mctlsknown.value.ui32 = ppa->ppa_mctlsknown; 2285 pppkp->mctlsunknown.value.ui32 = ppa->ppa_mctlsunknown; 2286 pppkp->obytes.value.ui32 = sp->ppp_obytes; 2287 pppkp->obytes64.value.ui64 = sp->ppp_obytes; 2288 pppkp->oerrors.value.ui32 = sp->ppp_oerrors; 2289 pppkp->oerrors_lower.value.ui32 = ppa->ppa_oerr_low; 2290 pppkp->opackets.value.ui32 = sp->ppp_opackets; 2291 pppkp->opackets64.value.ui64 = sp->ppp_opackets; 2292 pppkp->opackets_ctl.value.ui32 = ppa->ppa_opkt_ctl; 2293 pppkp->oqdropped.value.ui32 = ppa->ppa_oqdropped; 2294 pppkp->otoolongs.value.ui32 = ppa->ppa_otoolongs; 2295 pppkp->orunts.value.ui32 = ppa->ppa_orunts; 2296 mutex_exit(&ppa->ppa_sta_lock); 2297 2298 return (0); 2299 } 2300 2301 /* 2302 * Turn off proto in ppa_npflag to indicate that 2303 * the corresponding network protocol has been plumbed. 2304 * Release proto packets that were being held in the control 2305 * queue in anticipation of this event. 2306 */ 2307 static void 2308 sppp_release_pkts(sppa_t *ppa, uint16_t proto) 2309 { 2310 uint32_t npflagpos = sppp_ppp2np(proto); 2311 int count; 2312 mblk_t *mp; 2313 uint16_t mp_proto; 2314 queue_t *q; 2315 spppstr_t *destsps; 2316 2317 ASSERT(ppa != NULL); 2318 2319 if (npflagpos == 0 || (ppa->ppa_npflag & (1 << npflagpos)) == 0) 2320 return; 2321 2322 mutex_enter(&ppa->ppa_npmutex); 2323 ppa->ppa_npflag &= ~(1 << npflagpos); 2324 count = ppa->ppa_holdpkts[npflagpos]; 2325 ppa->ppa_holdpkts[npflagpos] = 0; 2326 mutex_exit(&ppa->ppa_npmutex); 2327 2328 q = ppa->ppa_ctl->sps_rq; 2329 2330 while (count > 0) { 2331 mp = getq(q); 2332 ASSERT(mp != NULL); 2333 2334 mp_proto = PPP_PROTOCOL(mp->b_rptr); 2335 if (mp_proto != proto) { 2336 (void) putq(q, mp); 2337 continue; 2338 } 2339 count--; 2340 destsps = NULL; 2341 if (mp_proto == PPP_IP) { 2342 destsps = ppa->ppa_ip_cache; 2343 } else if (mp_proto == PPP_IPV6) { 2344 destsps = ppa->ppa_ip6_cache; 2345 } 2346 ASSERT(destsps != NULL); 2347 2348 if (IS_SPS_FASTPATH(destsps)) { 2349 mp->b_rptr += PPP_HDRLEN; 2350 } else { 2351 spppstr_t *uqs = (spppstr_t *)destsps->sps_rq->q_ptr; 2352 ASSERT(uqs != NULL); 2353 mp->b_rptr += PPP_HDRLEN; 2354 mp = sppp_dladdud(uqs, mp, uqs->sps_sap, B_FALSE); 2355 if (mp == NULL) { 2356 mutex_enter(&ppa->ppa_sta_lock); 2357 ppa->ppa_allocbfail++; 2358 mutex_exit(&ppa->ppa_sta_lock); 2359 /* mp already freed by sppp_dladdud */ 2360 continue; 2361 } 2362 } 2363 2364 if (canputnext(destsps->sps_rq)) { 2365 putnext(destsps->sps_rq, mp); 2366 } else { 2367 mutex_enter(&ppa->ppa_sta_lock); 2368 ppa->ppa_iqdropped++; 2369 mutex_exit(&ppa->ppa_sta_lock); 2370 freemsg(mp); 2371 continue; 2372 } 2373 } 2374 } 2375