1 /* 2 * sppp.c - Solaris STREAMS PPP multiplexing pseudo-driver 3 * 4 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 5 * Use is subject to license terms. 6 * Copyright (c) 2016 by Delphix. All rights reserved. 7 * Copyright 2019, Joyent, Inc. 8 * 9 * Permission to use, copy, modify, and distribute this software and its 10 * documentation is hereby granted, provided that the above copyright 11 * notice appears in all copies. 12 * 13 * SUN MAKES NO REPRESENTATION OR WARRANTIES ABOUT THE SUITABILITY OF 14 * THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 15 * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 16 * PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SUN SHALL NOT BE LIABLE FOR 17 * ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR 18 * DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES 19 * 20 * Copyright (c) 1994 The Australian National University. 21 * All rights reserved. 22 * 23 * Permission to use, copy, modify, and distribute this software and its 24 * documentation is hereby granted, provided that the above copyright 25 * notice appears in all copies. This software is provided without any 26 * warranty, express or implied. The Australian National University 27 * makes no representations about the suitability of this software for 28 * any purpose. 29 * 30 * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY 31 * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES 32 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF 33 * THE AUSTRALIAN NATIONAL UNIVERSITY HAS BEEN ADVISED OF THE POSSIBILITY 34 * OF SUCH DAMAGE. 35 * 36 * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES, 37 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 38 * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS 39 * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO 40 * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, 41 * OR MODIFICATIONS. 42 * 43 * This driver is derived from the original SVR4 STREAMS PPP driver 44 * originally written by Paul Mackerras <paul.mackerras@cs.anu.edu.au>. 45 * 46 * Adi Masputra <adi.masputra@sun.com> rewrote and restructured the code 47 * for improved performance and scalability. 48 */ 49 50 #define RCSID "$Id: sppp.c,v 1.0 2000/05/08 01:10:12 masputra Exp $" 51 52 #include <sys/types.h> 53 #include <sys/debug.h> 54 #include <sys/param.h> 55 #include <sys/stat.h> 56 #include <sys/stream.h> 57 #include <sys/stropts.h> 58 #include <sys/sysmacros.h> 59 #include <sys/errno.h> 60 #include <sys/time.h> 61 #include <sys/cmn_err.h> 62 #include <sys/kmem.h> 63 #include <sys/conf.h> 64 #include <sys/dlpi.h> 65 #include <sys/ddi.h> 66 #include <sys/kstat.h> 67 #include <sys/strsun.h> 68 #include <sys/ethernet.h> 69 #include <sys/policy.h> 70 #include <sys/zone.h> 71 #include <net/ppp_defs.h> 72 #include <net/pppio.h> 73 #include "sppp.h" 74 #include "s_common.h" 75 76 /* 77 * This is used to tag official Solaris sources. Please do not define 78 * "INTERNAL_BUILD" when building this software outside of Sun Microsystems. 79 */ 80 #ifdef INTERNAL_BUILD 81 /* MODINFO is limited to 32 characters. */ 82 const char sppp_module_description[] = "PPP 4.0 mux"; 83 #else /* INTERNAL_BUILD */ 84 const char sppp_module_description[] = "ANU PPP mux"; 85 86 /* LINTED */ 87 static const char buildtime[] = "Built " __DATE__ " at " __TIME__ 88 #ifdef DEBUG 89 " DEBUG" 90 #endif 91 "\n"; 92 #endif /* INTERNAL_BUILD */ 93 94 static void sppp_inner_ioctl(queue_t *, mblk_t *); 95 static void sppp_outer_ioctl(queue_t *, mblk_t *); 96 static queue_t *sppp_send(queue_t *, mblk_t **, spppstr_t *); 97 static queue_t *sppp_recv(queue_t *, mblk_t **, spppstr_t *); 98 static void sppp_recv_nondata(queue_t *, mblk_t *, spppstr_t *); 99 static queue_t *sppp_outpkt(queue_t *, mblk_t **, int, spppstr_t *); 100 static spppstr_t *sppp_inpkt(queue_t *, mblk_t *, spppstr_t *); 101 static int sppp_kstat_update(kstat_t *, int); 102 static void sppp_release_pkts(sppa_t *, uint16_t); 103 104 /* 105 * sps_list contains the list of active per-stream instance state structures 106 * ordered on the minor device number (see sppp.h for details). All streams 107 * opened to this driver are threaded together in this list. 108 */ 109 static spppstr_t *sps_list = NULL; 110 /* 111 * ppa_list contains the list of active per-attachment instance state 112 * structures ordered on the ppa id number (see sppp.h for details). All of 113 * the ppa structures created once per PPPIO_NEWPPA ioctl are threaded together 114 * in this list. There is exactly one ppa structure for a given PPP interface, 115 * and multiple sps streams (upper streams) may share a ppa by performing 116 * an attachment explicitly (PPPIO_ATTACH) or implicitly (DL_ATTACH_REQ). 117 */ 118 static sppa_t *ppa_list = NULL; 119 120 static const char *kstats_names[] = { SPPP_KSTATS_NAMES }; 121 static const char *kstats64_names[] = { SPPP_KSTATS64_NAMES }; 122 123 /* 124 * map proto (which is an IANA defined ppp network protocol) to 125 * a bit position indicated by NP_* in ppa_npflag 126 */ 127 static uint32_t 128 sppp_ppp2np(uint16_t proto) 129 { 130 switch (proto) { 131 case PPP_IP: 132 return (NP_IP); 133 case PPP_IPV6: 134 return (NP_IPV6); 135 default: 136 return (0); 137 } 138 } 139 140 /* 141 * sppp_open() 142 * 143 * MT-Perimeters: 144 * exclusive inner, exclusive outer. 145 * 146 * Description: 147 * Common open procedure for module. 148 */ 149 /* ARGSUSED */ 150 int 151 sppp_open(queue_t *q, dev_t *devp, int oflag, int sflag, cred_t *credp) 152 { 153 spppstr_t *sps; 154 spppstr_t **nextmn; 155 minor_t mn; 156 157 ASSERT(q != NULL && devp != NULL); 158 ASSERT(sflag != MODOPEN); 159 160 if (q->q_ptr != NULL) { 161 return (0); /* already open */ 162 } 163 if (sflag != CLONEOPEN) { 164 return (OPENFAIL); 165 } 166 /* 167 * The sps list is sorted using the minor number as the key. The 168 * following code walks the list to find the lowest valued minor 169 * number available to be used. 170 */ 171 mn = 0; 172 for (nextmn = &sps_list; (sps = *nextmn) != NULL; 173 nextmn = &sps->sps_nextmn) { 174 if (sps->sps_mn_id != mn) { 175 break; 176 } 177 ++mn; 178 } 179 sps = (spppstr_t *)kmem_zalloc(sizeof (spppstr_t), KM_SLEEP); 180 ASSERT(sps != NULL); /* KM_SLEEP must never return NULL */ 181 sps->sps_nextmn = *nextmn; /* insert stream in global list */ 182 *nextmn = sps; 183 sps->sps_mn_id = mn; /* save minor id for this stream */ 184 sps->sps_rq = q; /* save read queue pointer */ 185 sps->sps_sap = -1; /* no sap bound to stream */ 186 sps->sps_dlstate = DL_UNATTACHED; /* dlpi state is unattached */ 187 sps->sps_npmode = NPMODE_DROP; /* drop all packets initially */ 188 sps->sps_zoneid = crgetzoneid(credp); 189 q->q_ptr = WR(q)->q_ptr = (caddr_t)sps; 190 /* 191 * We explicitly disable the automatic queue scheduling for the 192 * write-side to obtain complete control over queuing during transmit. 193 * Packets will be queued at the upper write queue and the service 194 * routine will not be called until it gets scheduled by having the 195 * lower write service routine call the qenable(WR(uq)) for all streams 196 * attached to the same ppa instance. 197 */ 198 noenable(WR(q)); 199 *devp = makedevice(getmajor(*devp), mn); 200 qprocson(q); 201 return (0); 202 } 203 204 /* 205 * Free storage used by a PPA. This is not called until the last PPA 206 * user closes their connection or reattaches to a different PPA. 207 */ 208 static void 209 sppp_free_ppa(sppa_t *ppa) 210 { 211 sppa_t **nextppa; 212 213 ASSERT(ppa->ppa_refcnt == 1); 214 if (ppa->ppa_kstats != NULL) { 215 kstat_delete(ppa->ppa_kstats); 216 ppa->ppa_kstats = NULL; 217 } 218 mutex_destroy(&ppa->ppa_sta_lock); 219 mutex_destroy(&ppa->ppa_npmutex); 220 rw_destroy(&ppa->ppa_sib_lock); 221 nextppa = &ppa_list; 222 while (*nextppa != NULL) { 223 if (*nextppa == ppa) { 224 *nextppa = ppa->ppa_nextppa; 225 break; 226 } 227 nextppa = &(*nextppa)->ppa_nextppa; 228 } 229 kmem_free(ppa, sizeof (*ppa)); 230 } 231 232 /* 233 * Create a new PPA. Caller must be exclusive on outer perimeter. 234 */ 235 sppa_t * 236 sppp_create_ppa(uint32_t ppa_id, zoneid_t zoneid) 237 { 238 sppa_t *ppa; 239 sppa_t *curppa; 240 sppa_t **availppa; 241 char unit[32]; /* Unit name */ 242 const char **cpp; 243 kstat_t *ksp; 244 kstat_named_t *knt; 245 246 /* 247 * NOTE: unit *must* be named for the driver 248 * name plus the ppa number so that netstat 249 * can find the statistics. 250 */ 251 (void) sprintf(unit, "%s" "%d", PPP_DRV_NAME, ppa_id); 252 /* 253 * Make sure we can allocate a buffer to 254 * contain the ppa to be sent upstream, as 255 * well as the actual ppa structure and its 256 * associated kstat structure. 257 */ 258 ppa = (sppa_t *)kmem_zalloc(sizeof (sppa_t), 259 KM_NOSLEEP); 260 ksp = kstat_create(PPP_DRV_NAME, ppa_id, unit, "net", KSTAT_TYPE_NAMED, 261 sizeof (sppp_kstats_t) / sizeof (kstat_named_t), 0); 262 263 if (ppa == NULL || ksp == NULL) { 264 if (ppa != NULL) { 265 kmem_free(ppa, sizeof (sppa_t)); 266 } 267 if (ksp != NULL) { 268 kstat_delete(ksp); 269 } 270 return (NULL); 271 } 272 ppa->ppa_kstats = ksp; /* chain kstat structure */ 273 ppa->ppa_ppa_id = ppa_id; /* record ppa id */ 274 ppa->ppa_zoneid = zoneid; /* zone that owns this PPA */ 275 ppa->ppa_mtu = PPP_MAXMTU; /* 65535-(PPP_HDRLEN+PPP_FCSLEN) */ 276 ppa->ppa_mru = PPP_MAXMRU; /* 65000 */ 277 278 mutex_init(&ppa->ppa_sta_lock, NULL, MUTEX_DRIVER, NULL); 279 mutex_init(&ppa->ppa_npmutex, NULL, MUTEX_DRIVER, NULL); 280 rw_init(&ppa->ppa_sib_lock, NULL, RW_DRIVER, NULL); 281 282 /* 283 * Prepare and install kstat counters. Note that for netstat 284 * -i to work, there needs to be "ipackets", "opackets", 285 * "ierrors", and "oerrors" kstat named variables. 286 */ 287 knt = (kstat_named_t *)ksp->ks_data; 288 for (cpp = kstats_names; cpp < kstats_names + Dim(kstats_names); 289 cpp++) { 290 kstat_named_init(knt, *cpp, KSTAT_DATA_UINT32); 291 knt++; 292 } 293 for (cpp = kstats64_names; cpp < kstats64_names + Dim(kstats64_names); 294 cpp++) { 295 kstat_named_init(knt, *cpp, KSTAT_DATA_UINT64); 296 knt++; 297 } 298 ksp->ks_update = sppp_kstat_update; 299 ksp->ks_private = (void *)ppa; 300 kstat_install(ksp); 301 302 /* link to the next ppa and insert into global list */ 303 availppa = &ppa_list; 304 while ((curppa = *availppa) != NULL) { 305 if (ppa_id < curppa->ppa_ppa_id) 306 break; 307 availppa = &curppa->ppa_nextppa; 308 } 309 ppa->ppa_nextppa = *availppa; 310 *availppa = ppa; 311 return (ppa); 312 } 313 314 /* 315 * sppp_close() 316 * 317 * MT-Perimeters: 318 * exclusive inner, exclusive outer. 319 * 320 * Description: 321 * Common close procedure for module. 322 */ 323 /* ARGSUSED */ 324 int 325 sppp_close(queue_t *q, int flags __unused, cred_t *credp __unused) 326 { 327 spppstr_t *sps; 328 spppstr_t **nextmn; 329 spppstr_t *sib; 330 sppa_t *ppa; 331 mblk_t *mp; 332 333 ASSERT(q != NULL && q->q_ptr != NULL); 334 sps = (spppstr_t *)q->q_ptr; 335 qprocsoff(q); 336 337 ppa = sps->sps_ppa; 338 if (ppa == NULL) { 339 ASSERT(!IS_SPS_CONTROL(sps)); 340 goto close_unattached; 341 } 342 if (IS_SPS_CONTROL(sps)) { 343 uint32_t cnt = 0; 344 345 ASSERT(ppa != NULL); 346 ASSERT(ppa->ppa_ctl == sps); 347 ppa->ppa_ctl = NULL; 348 /* 349 * STREAMS framework always issues I_UNLINK prior to close, 350 * since we only allow I_LINK under the control stream. 351 * A given ppa structure has at most one lower stream pointed 352 * by the ppa_lower_wq field, because we only allow a single 353 * linkage (I_LINK) to be done on the control stream. 354 */ 355 ASSERT(ppa->ppa_lower_wq == NULL); 356 /* 357 * Walk through all of sibling streams attached to this ppa, 358 * and remove all references to this ppa. We have exclusive 359 * access for the entire driver here, so there's no need 360 * to hold ppa_sib_lock. 361 */ 362 cnt++; 363 sib = ppa->ppa_streams; 364 while (sib != NULL) { 365 ASSERT(ppa == sib->sps_ppa); 366 sib->sps_npmode = NPMODE_DROP; 367 sib->sps_flags &= ~(SPS_PIOATTACH | SPS_CACHED); 368 /* 369 * There should be a preallocated hangup 370 * message here. Fetch it and send it up to 371 * the stream head. This will cause IP to 372 * mark the interface as "down." 373 */ 374 if ((mp = sib->sps_hangup) != NULL) { 375 sib->sps_hangup = NULL; 376 /* 377 * M_HANGUP works with IP, but snoop 378 * is lame and requires M_ERROR. Send 379 * up a clean error code instead. 380 * 381 * XXX if snoop is fixed, fix this, too. 382 */ 383 MTYPE(mp) = M_ERROR; 384 *mp->b_wptr++ = ENXIO; 385 putnext(sib->sps_rq, mp); 386 } 387 qenable(WR(sib->sps_rq)); 388 cnt++; 389 sib = sib->sps_nextsib; 390 } 391 ASSERT(ppa->ppa_refcnt == cnt); 392 } else { 393 ASSERT(ppa->ppa_streams != NULL); 394 ASSERT(ppa->ppa_ctl != sps); 395 mp = NULL; 396 if (sps->sps_sap == PPP_IP) { 397 ppa->ppa_ip_cache = NULL; 398 mp = create_lsmsg(PPP_LINKSTAT_IPV4_UNBOUND); 399 } else if (sps->sps_sap == PPP_IPV6) { 400 ppa->ppa_ip6_cache = NULL; 401 mp = create_lsmsg(PPP_LINKSTAT_IPV6_UNBOUND); 402 } 403 /* Tell the daemon the bad news. */ 404 if (mp != NULL && ppa->ppa_ctl != NULL && 405 (sps->sps_npmode == NPMODE_PASS || 406 sps->sps_npmode == NPMODE_QUEUE)) { 407 putnext(ppa->ppa_ctl->sps_rq, mp); 408 } else { 409 freemsg(mp); 410 } 411 /* 412 * Walk through all of sibling streams attached to the 413 * same ppa, and remove this stream from the sibling 414 * streams list. We have exclusive access for the 415 * entire driver here, so there's no need to hold 416 * ppa_sib_lock. 417 */ 418 sib = ppa->ppa_streams; 419 if (sib == sps) { 420 ppa->ppa_streams = sps->sps_nextsib; 421 } else { 422 while (sib->sps_nextsib != NULL) { 423 if (sib->sps_nextsib == sps) { 424 sib->sps_nextsib = sps->sps_nextsib; 425 break; 426 } 427 sib = sib->sps_nextsib; 428 } 429 } 430 sps->sps_nextsib = NULL; 431 freemsg(sps->sps_hangup); 432 sps->sps_hangup = NULL; 433 /* 434 * Check if this is a promiscous stream. If the SPS_PROMISC bit 435 * is still set, it means that the stream is closed without 436 * ever having issued DL_DETACH_REQ or DL_PROMISCOFF_REQ. 437 * In this case, we simply decrement the promiscous counter, 438 * and it's safe to do it without holding ppa_sib_lock since 439 * we're exclusive (inner and outer) at this point. 440 */ 441 if (IS_SPS_PROMISC(sps)) { 442 ASSERT(ppa->ppa_promicnt > 0); 443 ppa->ppa_promicnt--; 444 } 445 } 446 /* If we're the only one left, then delete now. */ 447 if (ppa->ppa_refcnt <= 1) 448 sppp_free_ppa(ppa); 449 else 450 ppa->ppa_refcnt--; 451 close_unattached: 452 q->q_ptr = WR(q)->q_ptr = NULL; 453 for (nextmn = &sps_list; *nextmn != NULL; 454 nextmn = &(*nextmn)->sps_nextmn) { 455 if (*nextmn == sps) { 456 *nextmn = sps->sps_nextmn; 457 break; 458 } 459 } 460 kmem_free(sps, sizeof (spppstr_t)); 461 return (0); 462 } 463 464 static void 465 sppp_ioctl(struct queue *q, mblk_t *mp) 466 { 467 spppstr_t *sps; 468 spppstr_t *nextsib; 469 sppa_t *ppa; 470 struct iocblk *iop; 471 mblk_t *nmp; 472 enum NPmode npmode; 473 struct ppp_idle *pip; 474 struct ppp_stats64 *psp; 475 struct ppp_comp_stats *pcsp; 476 hrtime_t hrtime; 477 int sap; 478 int count = 0; 479 int error = EINVAL; 480 481 sps = (spppstr_t *)q->q_ptr; 482 ppa = sps->sps_ppa; 483 484 iop = (struct iocblk *)mp->b_rptr; 485 switch (iop->ioc_cmd) { 486 case PPPIO_NPMODE: 487 if (!IS_SPS_CONTROL(sps)) { 488 break; /* return EINVAL */ 489 } else if (iop->ioc_count != 2 * sizeof (uint32_t) || 490 (mp->b_cont == NULL)) { 491 error = EPROTO; 492 break; 493 } 494 ASSERT(ppa != NULL); 495 ASSERT(mp->b_cont->b_rptr != NULL); 496 ASSERT(sps->sps_npmode == NPMODE_PASS); 497 sap = ((uint32_t *)mp->b_cont->b_rptr)[0]; 498 npmode = (enum NPmode)((uint32_t *)mp->b_cont->b_rptr)[1]; 499 /* 500 * Walk the sibling streams which belong to the same 501 * ppa, and try to find a stream with matching sap 502 * number. 503 */ 504 rw_enter(&ppa->ppa_sib_lock, RW_WRITER); 505 for (nextsib = ppa->ppa_streams; nextsib != NULL; 506 nextsib = nextsib->sps_nextsib) { 507 if (nextsib->sps_sap == sap) { 508 break; /* found it */ 509 } 510 } 511 if (nextsib == NULL) { 512 rw_exit(&ppa->ppa_sib_lock); 513 break; /* return EINVAL */ 514 } else { 515 nextsib->sps_npmode = npmode; 516 if ((nextsib->sps_npmode != NPMODE_QUEUE) && 517 (WR(nextsib->sps_rq)->q_first != NULL)) { 518 qenable(WR(nextsib->sps_rq)); 519 } 520 } 521 rw_exit(&ppa->ppa_sib_lock); 522 error = 0; /* return success */ 523 break; 524 case PPPIO_GIDLE: 525 if (ppa == NULL) { 526 ASSERT(!IS_SPS_CONTROL(sps)); 527 error = ENOLINK; 528 break; 529 } else if (!IS_PPA_TIMESTAMP(ppa)) { 530 break; /* return EINVAL */ 531 } 532 if ((nmp = allocb(sizeof (struct ppp_idle), 533 BPRI_MED)) == NULL) { 534 mutex_enter(&ppa->ppa_sta_lock); 535 ppa->ppa_allocbfail++; 536 mutex_exit(&ppa->ppa_sta_lock); 537 error = ENOSR; 538 break; 539 } 540 if (mp->b_cont != NULL) { 541 freemsg(mp->b_cont); 542 } 543 mp->b_cont = nmp; 544 pip = (struct ppp_idle *)nmp->b_wptr; 545 nmp->b_wptr += sizeof (struct ppp_idle); 546 /* 547 * Get current timestamp and subtract the tx and rx 548 * timestamps to get the actual idle time to be 549 * returned. 550 */ 551 hrtime = gethrtime(); 552 pip->xmit_idle = (hrtime - ppa->ppa_lasttx) / 1000000000ul; 553 pip->recv_idle = (hrtime - ppa->ppa_lastrx) / 1000000000ul; 554 count = msgsize(nmp); 555 error = 0; 556 break; /* return success (error is 0) */ 557 case PPPIO_GTYPE: 558 nmp = allocb(sizeof (uint32_t), BPRI_MED); 559 if (nmp == NULL) { 560 error = ENOSR; 561 break; 562 } 563 if (mp->b_cont != NULL) { 564 freemsg(mp->b_cont); 565 } 566 mp->b_cont = nmp; 567 /* 568 * Let the requestor know that we are the PPP 569 * multiplexer (PPPTYP_MUX). 570 */ 571 *(uint32_t *)nmp->b_wptr = PPPTYP_MUX; 572 nmp->b_wptr += sizeof (uint32_t); 573 count = msgsize(nmp); 574 error = 0; /* return success */ 575 break; 576 case PPPIO_GETSTAT64: 577 if (ppa == NULL) { 578 break; /* return EINVAL */ 579 } else if ((ppa->ppa_lower_wq != NULL) && 580 !IS_PPA_LASTMOD(ppa)) { 581 mutex_enter(&ppa->ppa_sta_lock); 582 /* 583 * We match sps_ioc_id on the M_IOC{ACK,NAK}, 584 * so if the response hasn't come back yet, 585 * new ioctls must be queued instead. 586 */ 587 if (IS_SPS_IOCQ(sps)) { 588 mutex_exit(&ppa->ppa_sta_lock); 589 if (!putq(q, mp)) { 590 error = EAGAIN; 591 break; 592 } 593 return; 594 } else { 595 ppa->ppa_ioctlsfwd++; 596 /* 597 * Record the ioctl CMD & ID - this will be 598 * used to check the ACK or NAK responses 599 * coming from below. 600 */ 601 sps->sps_ioc_id = iop->ioc_id; 602 sps->sps_flags |= SPS_IOCQ; 603 mutex_exit(&ppa->ppa_sta_lock); 604 } 605 putnext(ppa->ppa_lower_wq, mp); 606 return; /* don't ack or nak the request */ 607 } 608 nmp = allocb(sizeof (*psp), BPRI_MED); 609 if (nmp == NULL) { 610 mutex_enter(&ppa->ppa_sta_lock); 611 ppa->ppa_allocbfail++; 612 mutex_exit(&ppa->ppa_sta_lock); 613 error = ENOSR; 614 break; 615 } 616 if (mp->b_cont != NULL) { 617 freemsg(mp->b_cont); 618 } 619 mp->b_cont = nmp; 620 psp = (struct ppp_stats64 *)nmp->b_wptr; 621 /* 622 * Copy the contents of ppp_stats64 structure for this 623 * ppa and return them to the caller. 624 */ 625 mutex_enter(&ppa->ppa_sta_lock); 626 bcopy(&ppa->ppa_stats, psp, sizeof (*psp)); 627 mutex_exit(&ppa->ppa_sta_lock); 628 nmp->b_wptr += sizeof (*psp); 629 count = sizeof (*psp); 630 error = 0; /* return success */ 631 break; 632 case PPPIO_GETCSTAT: 633 if (ppa == NULL) { 634 break; /* return EINVAL */ 635 } else if ((ppa->ppa_lower_wq != NULL) && 636 !IS_PPA_LASTMOD(ppa)) { 637 mutex_enter(&ppa->ppa_sta_lock); 638 /* 639 * See comments in PPPIO_GETSTAT64 case 640 * in sppp_ioctl(). 641 */ 642 if (IS_SPS_IOCQ(sps)) { 643 mutex_exit(&ppa->ppa_sta_lock); 644 if (!putq(q, mp)) { 645 error = EAGAIN; 646 break; 647 } 648 return; 649 } else { 650 ppa->ppa_ioctlsfwd++; 651 /* 652 * Record the ioctl CMD & ID - this will be 653 * used to check the ACK or NAK responses 654 * coming from below. 655 */ 656 sps->sps_ioc_id = iop->ioc_id; 657 sps->sps_flags |= SPS_IOCQ; 658 mutex_exit(&ppa->ppa_sta_lock); 659 } 660 putnext(ppa->ppa_lower_wq, mp); 661 return; /* don't ack or nak the request */ 662 } 663 nmp = allocb(sizeof (struct ppp_comp_stats), BPRI_MED); 664 if (nmp == NULL) { 665 mutex_enter(&ppa->ppa_sta_lock); 666 ppa->ppa_allocbfail++; 667 mutex_exit(&ppa->ppa_sta_lock); 668 error = ENOSR; 669 break; 670 } 671 if (mp->b_cont != NULL) { 672 freemsg(mp->b_cont); 673 } 674 mp->b_cont = nmp; 675 pcsp = (struct ppp_comp_stats *)nmp->b_wptr; 676 nmp->b_wptr += sizeof (struct ppp_comp_stats); 677 bzero((caddr_t)pcsp, sizeof (struct ppp_comp_stats)); 678 count = msgsize(nmp); 679 error = 0; /* return success */ 680 break; 681 } 682 683 if (error == 0) { 684 /* Success; tell the user. */ 685 miocack(q, mp, count, 0); 686 } else { 687 /* Failure; send error back upstream. */ 688 miocnak(q, mp, 0, error); 689 } 690 } 691 692 /* 693 * sppp_uwput() 694 * 695 * MT-Perimeters: 696 * shared inner, shared outer. 697 * 698 * Description: 699 * Upper write-side put procedure. Messages from above arrive here. 700 */ 701 int 702 sppp_uwput(queue_t *q, mblk_t *mp) 703 { 704 queue_t *nextq; 705 spppstr_t *sps; 706 sppa_t *ppa; 707 struct iocblk *iop; 708 int error; 709 710 ASSERT(q != NULL && q->q_ptr != NULL); 711 ASSERT(mp != NULL && mp->b_rptr != NULL); 712 sps = (spppstr_t *)q->q_ptr; 713 ppa = sps->sps_ppa; 714 715 switch (MTYPE(mp)) { 716 case M_PCPROTO: 717 case M_PROTO: 718 if (IS_SPS_CONTROL(sps)) { 719 ASSERT(ppa != NULL); 720 /* 721 * Intentionally change this to a high priority 722 * message so it doesn't get queued up. M_PROTO is 723 * specifically used for signalling between pppd and its 724 * kernel-level component(s), such as ppptun, so we 725 * make sure that it doesn't get queued up behind 726 * data messages. 727 */ 728 MTYPE(mp) = M_PCPROTO; 729 if ((ppa->ppa_lower_wq != NULL) && 730 canputnext(ppa->ppa_lower_wq)) { 731 mutex_enter(&ppa->ppa_sta_lock); 732 ppa->ppa_mctlsfwd++; 733 mutex_exit(&ppa->ppa_sta_lock); 734 putnext(ppa->ppa_lower_wq, mp); 735 } else { 736 mutex_enter(&ppa->ppa_sta_lock); 737 ppa->ppa_mctlsfwderr++; 738 mutex_exit(&ppa->ppa_sta_lock); 739 freemsg(mp); 740 } 741 } else { 742 (void) sppp_mproto(q, mp, sps); 743 return (0); 744 } 745 break; 746 case M_DATA: 747 if ((nextq = sppp_send(q, &mp, sps)) != NULL) 748 putnext(nextq, mp); 749 break; 750 case M_IOCTL: 751 error = EINVAL; 752 iop = (struct iocblk *)mp->b_rptr; 753 switch (iop->ioc_cmd) { 754 case DLIOCRAW: 755 case DL_IOC_HDR_INFO: 756 case PPPIO_ATTACH: 757 case PPPIO_DEBUG: 758 case PPPIO_DETACH: 759 case PPPIO_LASTMOD: 760 case PPPIO_MRU: 761 case PPPIO_MTU: 762 case PPPIO_USETIMESTAMP: 763 case PPPIO_BLOCKNP: 764 case PPPIO_UNBLOCKNP: 765 qwriter(q, mp, sppp_inner_ioctl, PERIM_INNER); 766 return (0); 767 case I_LINK: 768 case I_UNLINK: 769 case PPPIO_NEWPPA: 770 qwriter(q, mp, sppp_outer_ioctl, PERIM_OUTER); 771 return (0); 772 case PPPIO_NPMODE: 773 case PPPIO_GIDLE: 774 case PPPIO_GTYPE: 775 case PPPIO_GETSTAT64: 776 case PPPIO_GETCSTAT: 777 /* 778 * These require additional auto variables to 779 * handle, so (for optimization reasons) 780 * they're moved off to a separate function. 781 */ 782 sppp_ioctl(q, mp); 783 return (0); 784 case PPPIO_GETSTAT: 785 break; /* 32 bit interface gone */ 786 default: 787 if (iop->ioc_cr == NULL || 788 secpolicy_ppp_config(iop->ioc_cr) != 0) { 789 error = EPERM; 790 break; 791 } else if ((ppa == NULL) || 792 (ppa->ppa_lower_wq == NULL)) { 793 break; /* return EINVAL */ 794 } 795 mutex_enter(&ppa->ppa_sta_lock); 796 /* 797 * See comments in PPPIO_GETSTAT64 case 798 * in sppp_ioctl(). 799 */ 800 if (IS_SPS_IOCQ(sps)) { 801 mutex_exit(&ppa->ppa_sta_lock); 802 if (!putq(q, mp)) { 803 error = EAGAIN; 804 break; 805 } 806 return (0); 807 } else { 808 ppa->ppa_ioctlsfwd++; 809 /* 810 * Record the ioctl CMD & ID - 811 * this will be used to check the 812 * ACK or NAK responses coming from below. 813 */ 814 sps->sps_ioc_id = iop->ioc_id; 815 sps->sps_flags |= SPS_IOCQ; 816 mutex_exit(&ppa->ppa_sta_lock); 817 } 818 putnext(ppa->ppa_lower_wq, mp); 819 return (0); /* don't ack or nak the request */ 820 } 821 /* Failure; send error back upstream. */ 822 miocnak(q, mp, 0, error); 823 break; 824 case M_FLUSH: 825 if (*mp->b_rptr & FLUSHW) { 826 flushq(q, FLUSHDATA); 827 } 828 if (*mp->b_rptr & FLUSHR) { 829 *mp->b_rptr &= ~FLUSHW; 830 qreply(q, mp); 831 } else { 832 freemsg(mp); 833 } 834 break; 835 default: 836 freemsg(mp); 837 break; 838 } 839 return (0); 840 } 841 842 /* 843 * sppp_uwsrv() 844 * 845 * MT-Perimeters: 846 * exclusive inner, shared outer. 847 * 848 * Description: 849 * Upper write-side service procedure. Note that this procedure does 850 * not get called when a message is placed on our write-side queue, since 851 * automatic queue scheduling has been turned off by noenable() when 852 * the queue was opened. We do this on purpose, as we explicitly control 853 * the write-side queue. Therefore, this procedure gets called when 854 * the lower write service procedure qenable() the upper write stream queue. 855 */ 856 int 857 sppp_uwsrv(queue_t *q) 858 { 859 spppstr_t *sps; 860 sppa_t *ppa; 861 mblk_t *mp; 862 queue_t *nextq; 863 struct iocblk *iop; 864 865 ASSERT(q != NULL && q->q_ptr != NULL); 866 sps = (spppstr_t *)q->q_ptr; 867 868 while ((mp = getq(q)) != NULL) { 869 if (MTYPE(mp) == M_IOCTL) { 870 ppa = sps->sps_ppa; 871 if ((ppa == NULL) || (ppa->ppa_lower_wq == NULL)) { 872 miocnak(q, mp, 0, EINVAL); 873 continue; 874 } 875 876 iop = (struct iocblk *)mp->b_rptr; 877 mutex_enter(&ppa->ppa_sta_lock); 878 /* 879 * See comments in PPPIO_GETSTAT64 case 880 * in sppp_ioctl(). 881 */ 882 if (IS_SPS_IOCQ(sps)) { 883 mutex_exit(&ppa->ppa_sta_lock); 884 if (putbq(q, mp) == 0) 885 miocnak(q, mp, 0, EAGAIN); 886 break; 887 } else { 888 ppa->ppa_ioctlsfwd++; 889 sps->sps_ioc_id = iop->ioc_id; 890 sps->sps_flags |= SPS_IOCQ; 891 mutex_exit(&ppa->ppa_sta_lock); 892 putnext(ppa->ppa_lower_wq, mp); 893 } 894 } else if ((nextq = 895 sppp_outpkt(q, &mp, msgdsize(mp), sps)) == NULL) { 896 if (mp != NULL) { 897 if (putbq(q, mp) == 0) 898 freemsg(mp); 899 break; 900 } 901 } else { 902 putnext(nextq, mp); 903 } 904 } 905 return (0); 906 } 907 908 void 909 sppp_remove_ppa(spppstr_t *sps) 910 { 911 spppstr_t *nextsib; 912 sppa_t *ppa = sps->sps_ppa; 913 914 rw_enter(&ppa->ppa_sib_lock, RW_WRITER); 915 if (ppa->ppa_refcnt <= 1) { 916 rw_exit(&ppa->ppa_sib_lock); 917 sppp_free_ppa(ppa); 918 } else { 919 nextsib = ppa->ppa_streams; 920 if (nextsib == sps) { 921 ppa->ppa_streams = sps->sps_nextsib; 922 } else { 923 while (nextsib->sps_nextsib != NULL) { 924 if (nextsib->sps_nextsib == sps) { 925 nextsib->sps_nextsib = 926 sps->sps_nextsib; 927 break; 928 } 929 nextsib = nextsib->sps_nextsib; 930 } 931 } 932 ppa->ppa_refcnt--; 933 /* 934 * And if this stream was marked as promiscuous 935 * (SPS_PROMISC), then we need to update the 936 * promiscuous streams count. This should only happen 937 * when DL_DETACH_REQ is issued prior to marking the 938 * stream as non-promiscuous, through 939 * DL_PROMISCOFF_REQ request. 940 */ 941 if (IS_SPS_PROMISC(sps)) { 942 ASSERT(ppa->ppa_promicnt > 0); 943 ppa->ppa_promicnt--; 944 } 945 rw_exit(&ppa->ppa_sib_lock); 946 } 947 sps->sps_nextsib = NULL; 948 sps->sps_ppa = NULL; 949 freemsg(sps->sps_hangup); 950 sps->sps_hangup = NULL; 951 } 952 953 sppa_t * 954 sppp_find_ppa(uint32_t ppa_id) 955 { 956 sppa_t *ppa; 957 958 for (ppa = ppa_list; ppa != NULL; ppa = ppa->ppa_nextppa) { 959 if (ppa->ppa_ppa_id == ppa_id) { 960 break; /* found the ppa */ 961 } 962 } 963 return (ppa); 964 } 965 966 /* 967 * sppp_inner_ioctl() 968 * 969 * MT-Perimeters: 970 * exclusive inner, shared outer 971 * 972 * Description: 973 * Called by sppp_uwput as a result of receiving ioctls which require 974 * an exclusive access at the inner perimeter. 975 */ 976 static void 977 sppp_inner_ioctl(queue_t *q, mblk_t *mp) 978 { 979 spppstr_t *sps; 980 sppa_t *ppa; 981 struct iocblk *iop; 982 mblk_t *nmp; 983 int error = EINVAL; 984 int count = 0; 985 int dbgcmd; 986 int mru, mtu; 987 uint32_t ppa_id; 988 hrtime_t hrtime; 989 uint16_t proto; 990 991 ASSERT(q != NULL && q->q_ptr != NULL); 992 ASSERT(mp != NULL && mp->b_rptr != NULL); 993 994 sps = (spppstr_t *)q->q_ptr; 995 ppa = sps->sps_ppa; 996 iop = (struct iocblk *)mp->b_rptr; 997 switch (iop->ioc_cmd) { 998 case DLIOCRAW: 999 if (IS_SPS_CONTROL(sps)) { 1000 break; /* return EINVAL */ 1001 } 1002 sps->sps_flags |= SPS_RAWDATA; 1003 error = 0; /* return success */ 1004 break; 1005 case DL_IOC_HDR_INFO: 1006 if (IS_SPS_CONTROL(sps)) { 1007 break; /* return EINVAL */ 1008 } else if ((mp->b_cont == NULL) || 1009 *((t_uscalar_t *)mp->b_cont->b_rptr) != DL_UNITDATA_REQ || 1010 (MBLKL(mp->b_cont) < (sizeof (dl_unitdata_req_t) + 1011 SPPP_ADDRL))) { 1012 error = EPROTO; 1013 break; 1014 } else if (ppa == NULL) { 1015 error = ENOLINK; 1016 break; 1017 } 1018 if ((nmp = allocb(PPP_HDRLEN, BPRI_MED)) == NULL) { 1019 mutex_enter(&ppa->ppa_sta_lock); 1020 ppa->ppa_allocbfail++; 1021 mutex_exit(&ppa->ppa_sta_lock); 1022 error = ENOMEM; 1023 break; 1024 } 1025 *(uchar_t *)nmp->b_wptr++ = PPP_ALLSTATIONS; 1026 *(uchar_t *)nmp->b_wptr++ = PPP_UI; 1027 *(uchar_t *)nmp->b_wptr++ = sps->sps_sap >> 8; 1028 *(uchar_t *)nmp->b_wptr++ = sps->sps_sap & 0xff; 1029 ASSERT(MBLKL(nmp) == PPP_HDRLEN); 1030 1031 linkb(mp, nmp); 1032 sps->sps_flags |= SPS_FASTPATH; 1033 error = 0; /* return success */ 1034 count = msgsize(nmp); 1035 break; 1036 case PPPIO_ATTACH: 1037 if (IS_SPS_CONTROL(sps) || IS_SPS_PIOATTACH(sps) || 1038 (sps->sps_dlstate != DL_UNATTACHED) || 1039 (iop->ioc_count != sizeof (uint32_t))) { 1040 break; /* return EINVAL */ 1041 } else if (mp->b_cont == NULL) { 1042 error = EPROTO; 1043 break; 1044 } 1045 ASSERT(mp->b_cont->b_rptr != NULL); 1046 /* If there's something here, it's detached. */ 1047 if (ppa != NULL) { 1048 sppp_remove_ppa(sps); 1049 } 1050 ppa_id = *(uint32_t *)mp->b_cont->b_rptr; 1051 ppa = sppp_find_ppa(ppa_id); 1052 /* 1053 * If we can't find it, then it's either because the requestor 1054 * has supplied a wrong ppa_id to be attached to, or because 1055 * the control stream for the specified ppa_id has been closed 1056 * before we get here. 1057 */ 1058 if (ppa == NULL) { 1059 error = ENOENT; 1060 break; 1061 } 1062 if (iop->ioc_cr == NULL || 1063 ppa->ppa_zoneid != crgetzoneid(iop->ioc_cr)) { 1064 error = EPERM; 1065 break; 1066 } 1067 /* 1068 * Preallocate the hangup message so that we're always 1069 * able to send this upstream in the event of a 1070 * catastrophic failure. 1071 */ 1072 if ((sps->sps_hangup = allocb(1, BPRI_MED)) == NULL) { 1073 error = ENOSR; 1074 break; 1075 } 1076 /* 1077 * There are two ways to attach a stream to a ppa: one is 1078 * through DLPI (DL_ATTACH_REQ) and the other is through 1079 * PPPIO_ATTACH. This is why we need to distinguish whether or 1080 * not a stream was allocated via PPPIO_ATTACH, so that we can 1081 * properly detach it when we receive PPPIO_DETACH ioctl 1082 * request. 1083 */ 1084 sps->sps_flags |= SPS_PIOATTACH; 1085 sps->sps_ppa = ppa; 1086 /* 1087 * Add this stream to the head of the list of sibling streams 1088 * which belong to the same ppa as specified. 1089 */ 1090 rw_enter(&ppa->ppa_sib_lock, RW_WRITER); 1091 ppa->ppa_refcnt++; 1092 sps->sps_nextsib = ppa->ppa_streams; 1093 ppa->ppa_streams = sps; 1094 rw_exit(&ppa->ppa_sib_lock); 1095 error = 0; /* return success */ 1096 break; 1097 case PPPIO_BLOCKNP: 1098 case PPPIO_UNBLOCKNP: 1099 if (iop->ioc_cr == NULL || 1100 secpolicy_ppp_config(iop->ioc_cr) != 0) { 1101 error = EPERM; 1102 break; 1103 } 1104 error = miocpullup(mp, sizeof (uint16_t)); 1105 if (error != 0) 1106 break; 1107 ASSERT(mp->b_cont->b_rptr != NULL); 1108 proto = *(uint16_t *)mp->b_cont->b_rptr; 1109 if (iop->ioc_cmd == PPPIO_BLOCKNP) { 1110 uint32_t npflagpos = sppp_ppp2np(proto); 1111 /* 1112 * Mark proto as blocked in ppa_npflag until the 1113 * corresponding queues for proto have been plumbed. 1114 */ 1115 if (npflagpos != 0) { 1116 mutex_enter(&ppa->ppa_npmutex); 1117 ppa->ppa_npflag |= (1 << npflagpos); 1118 mutex_exit(&ppa->ppa_npmutex); 1119 } else { 1120 error = EINVAL; 1121 } 1122 } else { 1123 /* 1124 * reset ppa_npflag and release proto 1125 * packets that were being held in control queue. 1126 */ 1127 sppp_release_pkts(ppa, proto); 1128 } 1129 break; 1130 case PPPIO_DEBUG: 1131 if (iop->ioc_cr == NULL || 1132 secpolicy_ppp_config(iop->ioc_cr) != 0) { 1133 error = EPERM; 1134 break; 1135 } else if (iop->ioc_count != sizeof (uint32_t)) { 1136 break; /* return EINVAL */ 1137 } else if (mp->b_cont == NULL) { 1138 error = EPROTO; 1139 break; 1140 } 1141 ASSERT(mp->b_cont->b_rptr != NULL); 1142 dbgcmd = *(uint32_t *)mp->b_cont->b_rptr; 1143 /* 1144 * We accept PPPDBG_LOG + PPPDBG_DRIVER value as an indication 1145 * that SPS_KDEBUG needs to be enabled for this upper stream. 1146 */ 1147 if (dbgcmd == PPPDBG_LOG + PPPDBG_DRIVER) { 1148 sps->sps_flags |= SPS_KDEBUG; 1149 error = 0; /* return success */ 1150 break; 1151 } 1152 /* 1153 * Otherwise, for any other values, we send them down only if 1154 * there is an attachment and if the attachment has something 1155 * linked underneath it. 1156 */ 1157 if ((ppa == NULL) || (ppa->ppa_lower_wq == NULL)) { 1158 error = ENOLINK; 1159 break; 1160 } 1161 mutex_enter(&ppa->ppa_sta_lock); 1162 /* 1163 * See comments in PPPIO_GETSTAT64 case 1164 * in sppp_ioctl(). 1165 */ 1166 if (IS_SPS_IOCQ(sps)) { 1167 mutex_exit(&ppa->ppa_sta_lock); 1168 if (!putq(q, mp)) { 1169 error = EAGAIN; 1170 break; 1171 } 1172 return; 1173 } else { 1174 ppa->ppa_ioctlsfwd++; 1175 /* 1176 * Record the ioctl CMD & ID - 1177 * this will be used to check the 1178 * ACK or NAK responses coming from below. 1179 */ 1180 sps->sps_ioc_id = iop->ioc_id; 1181 sps->sps_flags |= SPS_IOCQ; 1182 mutex_exit(&ppa->ppa_sta_lock); 1183 } 1184 putnext(ppa->ppa_lower_wq, mp); 1185 return; /* don't ack or nak the request */ 1186 case PPPIO_DETACH: 1187 if (!IS_SPS_PIOATTACH(sps)) { 1188 break; /* return EINVAL */ 1189 } 1190 /* 1191 * The SPS_PIOATTACH flag set on the stream tells us that 1192 * the ppa field is still valid. In the event that the control 1193 * stream be closed prior to this stream's detachment, the 1194 * SPS_PIOATTACH flag would have been cleared from this stream 1195 * during close; in that case we won't get here. 1196 */ 1197 ASSERT(ppa != NULL); 1198 ASSERT(ppa->ppa_ctl != sps); 1199 ASSERT(sps->sps_dlstate == DL_UNATTACHED); 1200 1201 /* 1202 * We don't actually detach anything until the stream is 1203 * closed or reattached. 1204 */ 1205 1206 sps->sps_flags &= ~SPS_PIOATTACH; 1207 error = 0; /* return success */ 1208 break; 1209 case PPPIO_LASTMOD: 1210 if (!IS_SPS_CONTROL(sps)) { 1211 break; /* return EINVAL */ 1212 } 1213 ASSERT(ppa != NULL); 1214 ppa->ppa_flags |= PPA_LASTMOD; 1215 error = 0; /* return success */ 1216 break; 1217 case PPPIO_MRU: 1218 if (!IS_SPS_CONTROL(sps) || 1219 (iop->ioc_count != sizeof (uint32_t))) { 1220 break; /* return EINVAL */ 1221 } else if (mp->b_cont == NULL) { 1222 error = EPROTO; 1223 break; 1224 } 1225 ASSERT(ppa != NULL); 1226 ASSERT(mp->b_cont->b_rptr != NULL); 1227 mru = *(uint32_t *)mp->b_cont->b_rptr; 1228 if ((mru <= 0) || (mru > PPP_MAXMRU)) { 1229 error = EPROTO; 1230 break; 1231 } 1232 if (mru < PPP_MRU) { 1233 mru = PPP_MRU; 1234 } 1235 ppa->ppa_mru = (uint16_t)mru; 1236 /* 1237 * If there's something beneath this driver for the ppa, then 1238 * inform it (or them) of the MRU size. Only do this is we 1239 * are not the last PPP module on the stream. 1240 */ 1241 if (!IS_PPA_LASTMOD(ppa) && (ppa->ppa_lower_wq != NULL)) { 1242 (void) putctl4(ppa->ppa_lower_wq, M_CTL, PPPCTL_MRU, 1243 mru); 1244 } 1245 error = 0; /* return success */ 1246 break; 1247 case PPPIO_MTU: 1248 if (!IS_SPS_CONTROL(sps) || 1249 (iop->ioc_count != sizeof (uint32_t))) { 1250 break; /* return EINVAL */ 1251 } else if (mp->b_cont == NULL) { 1252 error = EPROTO; 1253 break; 1254 } 1255 ASSERT(ppa != NULL); 1256 ASSERT(mp->b_cont->b_rptr != NULL); 1257 mtu = *(uint32_t *)mp->b_cont->b_rptr; 1258 if ((mtu <= 0) || (mtu > PPP_MAXMTU)) { 1259 error = EPROTO; 1260 break; 1261 } 1262 ppa->ppa_mtu = (uint16_t)mtu; 1263 /* 1264 * If there's something beneath this driver for the ppa, then 1265 * inform it (or them) of the MTU size. Only do this if we 1266 * are not the last PPP module on the stream. 1267 */ 1268 if (!IS_PPA_LASTMOD(ppa) && (ppa->ppa_lower_wq != NULL)) { 1269 (void) putctl4(ppa->ppa_lower_wq, M_CTL, PPPCTL_MTU, 1270 mtu); 1271 } 1272 error = 0; /* return success */ 1273 break; 1274 case PPPIO_USETIMESTAMP: 1275 if (!IS_SPS_CONTROL(sps)) { 1276 break; /* return EINVAL */ 1277 } 1278 if (!IS_PPA_TIMESTAMP(ppa)) { 1279 hrtime = gethrtime(); 1280 ppa->ppa_lasttx = ppa->ppa_lastrx = hrtime; 1281 ppa->ppa_flags |= PPA_TIMESTAMP; 1282 } 1283 error = 0; 1284 break; 1285 } 1286 1287 if (error == 0) { 1288 /* Success; tell the user */ 1289 miocack(q, mp, count, 0); 1290 } else { 1291 /* Failure; send error back upstream */ 1292 miocnak(q, mp, 0, error); 1293 } 1294 } 1295 1296 /* 1297 * sppp_outer_ioctl() 1298 * 1299 * MT-Perimeters: 1300 * exclusive inner, exclusive outer 1301 * 1302 * Description: 1303 * Called by sppp_uwput as a result of receiving ioctls which require 1304 * an exclusive access at the outer perimeter. 1305 */ 1306 static void 1307 sppp_outer_ioctl(queue_t *q, mblk_t *mp) 1308 { 1309 spppstr_t *sps = q->q_ptr; 1310 spppstr_t *nextsib; 1311 queue_t *lwq; 1312 sppa_t *ppa; 1313 struct iocblk *iop; 1314 int error = EINVAL; 1315 int count = 0; 1316 uint32_t ppa_id; 1317 mblk_t *nmp; 1318 zoneid_t zoneid; 1319 1320 sps = (spppstr_t *)q->q_ptr; 1321 ppa = sps->sps_ppa; 1322 iop = (struct iocblk *)mp->b_rptr; 1323 switch (iop->ioc_cmd) { 1324 case I_LINK: 1325 if (!IS_SPS_CONTROL(sps)) { 1326 break; /* return EINVAL */ 1327 } else if (ppa->ppa_lower_wq != NULL) { 1328 error = EEXIST; 1329 break; 1330 } 1331 ASSERT(ppa->ppa_ctl != NULL); 1332 ASSERT(sps->sps_npmode == NPMODE_PASS); 1333 ASSERT(mp->b_cont != NULL && mp->b_cont->b_rptr != NULL); 1334 1335 lwq = ((struct linkblk *)mp->b_cont->b_rptr)->l_qbot; 1336 ASSERT(lwq != NULL); 1337 1338 ppa->ppa_lower_wq = lwq; 1339 lwq->q_ptr = RD(lwq)->q_ptr = (caddr_t)ppa; 1340 /* 1341 * Unblock upper network streams which now feed this lower 1342 * stream. We don't need to hold ppa_sib_lock here, since we 1343 * are writer at the outer perimeter. 1344 */ 1345 if (WR(sps->sps_rq)->q_first != NULL) 1346 qenable(WR(sps->sps_rq)); 1347 for (nextsib = ppa->ppa_streams; nextsib != NULL; 1348 nextsib = nextsib->sps_nextsib) { 1349 nextsib->sps_npmode = NPMODE_PASS; 1350 if (WR(nextsib->sps_rq)->q_first != NULL) { 1351 qenable(WR(nextsib->sps_rq)); 1352 } 1353 } 1354 1355 /* 1356 * Also unblock (run once) our lower read-side queue. This is 1357 * where packets received while doing the I_LINK may be 1358 * languishing; see sppp_lrsrv. 1359 */ 1360 qenable(RD(lwq)); 1361 1362 /* 1363 * Send useful information down to the modules which are now 1364 * linked below this driver (for this particular ppa). Only 1365 * do this if we are not the last PPP module on the stream. 1366 */ 1367 if (!IS_PPA_LASTMOD(ppa)) { 1368 (void) putctl8(lwq, M_CTL, PPPCTL_UNIT, 1369 ppa->ppa_ppa_id); 1370 (void) putctl4(lwq, M_CTL, PPPCTL_MRU, ppa->ppa_mru); 1371 (void) putctl4(lwq, M_CTL, PPPCTL_MTU, ppa->ppa_mtu); 1372 } 1373 1374 if (IS_SPS_KDEBUG(sps)) { 1375 SPDEBUG(PPP_DRV_NAME 1376 "/%d: I_LINK lwq=0x%p sps=0x%p flags=0x%b ppa=0x%p " 1377 "flags=0x%b\n", sps->sps_mn_id, 1378 (void *)ppa->ppa_lower_wq, (void *)sps, 1379 sps->sps_flags, SPS_FLAGS_STR, 1380 (void *)ppa, ppa->ppa_flags, 1381 PPA_FLAGS_STR); 1382 } 1383 error = 0; /* return success */ 1384 break; 1385 case I_UNLINK: 1386 ASSERT(IS_SPS_CONTROL(sps)); 1387 ASSERT(ppa != NULL); 1388 lwq = ppa->ppa_lower_wq; 1389 ASSERT(mp->b_cont != NULL && mp->b_cont->b_rptr != NULL); 1390 ASSERT(lwq == ((struct linkblk *)mp->b_cont->b_rptr)->l_qbot); 1391 1392 if (IS_SPS_KDEBUG(sps)) { 1393 SPDEBUG(PPP_DRV_NAME 1394 "/%d: I_UNLINK lwq=0x%p sps=0x%p flags=0x%b " 1395 "ppa=0x%p flags=0x%b\n", sps->sps_mn_id, 1396 (void *)lwq, (void *)sps, sps->sps_flags, 1397 SPS_FLAGS_STR, (void *)ppa, ppa->ppa_flags, 1398 PPA_FLAGS_STR); 1399 } 1400 /* 1401 * While accessing the outer perimeter exclusively, we 1402 * disassociate our ppa's lower_wq from the lower stream linked 1403 * beneath us, and we also disassociate our control stream from 1404 * the q_ptr of the lower stream. 1405 */ 1406 lwq->q_ptr = RD(lwq)->q_ptr = NULL; 1407 ppa->ppa_lower_wq = NULL; 1408 /* 1409 * Unblock streams which now feed back up the control stream, 1410 * and acknowledge the request. We don't need to hold 1411 * ppa_sib_lock here, since we are writer at the outer 1412 * perimeter. 1413 */ 1414 if (WR(sps->sps_rq)->q_first != NULL) 1415 qenable(WR(sps->sps_rq)); 1416 for (nextsib = ppa->ppa_streams; nextsib != NULL; 1417 nextsib = nextsib->sps_nextsib) { 1418 if (WR(nextsib->sps_rq)->q_first != NULL) { 1419 qenable(WR(nextsib->sps_rq)); 1420 } 1421 } 1422 error = 0; /* return success */ 1423 break; 1424 case PPPIO_NEWPPA: 1425 /* 1426 * Do sanity check to ensure that we don't accept PPPIO_NEWPPA 1427 * on a stream which DLPI is used (since certain DLPI messages 1428 * will cause state transition reflected in sps_dlstate, 1429 * changing it from its default DL_UNATTACHED value). In other 1430 * words, we won't allow a network/snoop stream to become 1431 * a control stream. 1432 */ 1433 if (iop->ioc_cr == NULL || 1434 secpolicy_ppp_config(iop->ioc_cr) != 0) { 1435 error = EPERM; 1436 break; 1437 } else if (IS_SPS_CONTROL(sps) || IS_SPS_PIOATTACH(sps) || 1438 (ppa != NULL) || (sps->sps_dlstate != DL_UNATTACHED)) { 1439 break; /* return EINVAL */ 1440 } 1441 /* Get requested unit number (if any) */ 1442 if (iop->ioc_count == sizeof (uint32_t) && mp->b_cont != NULL) 1443 ppa_id = *(uint32_t *)mp->b_cont->b_rptr; 1444 else 1445 ppa_id = 0; 1446 /* Get mblk to use for response message */ 1447 nmp = allocb(sizeof (uint32_t), BPRI_MED); 1448 if (nmp == NULL) { 1449 error = ENOSR; 1450 break; 1451 } 1452 if (mp->b_cont != NULL) { 1453 freemsg(mp->b_cont); 1454 } 1455 mp->b_cont = nmp; /* chain our response mblk */ 1456 /* 1457 * Walk the global ppa list and determine the lowest 1458 * available ppa_id number to be used. 1459 */ 1460 if (ppa_id == (uint32_t)-1) 1461 ppa_id = 0; 1462 zoneid = crgetzoneid(iop->ioc_cr); 1463 for (ppa = ppa_list; ppa != NULL; ppa = ppa->ppa_nextppa) { 1464 if (ppa_id == (uint32_t)-2) { 1465 if (ppa->ppa_ctl == NULL && 1466 ppa->ppa_zoneid == zoneid) 1467 break; 1468 } else { 1469 if (ppa_id < ppa->ppa_ppa_id) 1470 break; 1471 if (ppa_id == ppa->ppa_ppa_id) 1472 ++ppa_id; 1473 } 1474 } 1475 if (ppa_id == (uint32_t)-2) { 1476 if (ppa == NULL) { 1477 error = ENXIO; 1478 break; 1479 } 1480 /* Clear timestamp and lastmod flags */ 1481 ppa->ppa_flags = 0; 1482 } else { 1483 ppa = sppp_create_ppa(ppa_id, zoneid); 1484 if (ppa == NULL) { 1485 error = ENOMEM; 1486 break; 1487 } 1488 } 1489 1490 sps->sps_ppa = ppa; /* chain the ppa structure */ 1491 sps->sps_npmode = NPMODE_PASS; /* network packets may travel */ 1492 sps->sps_flags |= SPS_CONTROL; /* this is the control stream */ 1493 1494 ppa->ppa_refcnt++; /* new PPA reference */ 1495 ppa->ppa_ctl = sps; /* back ptr to upper stream */ 1496 /* 1497 * Return the newly created ppa_id to the requestor and 1498 * acnowledge the request. 1499 */ 1500 *(uint32_t *)nmp->b_wptr = ppa->ppa_ppa_id; 1501 nmp->b_wptr += sizeof (uint32_t); 1502 1503 if (IS_SPS_KDEBUG(sps)) { 1504 SPDEBUG(PPP_DRV_NAME 1505 "/%d: PPPIO_NEWPPA ppa_id=%d sps=0x%p flags=0x%b " 1506 "ppa=0x%p flags=0x%b\n", sps->sps_mn_id, ppa_id, 1507 (void *)sps, sps->sps_flags, SPS_FLAGS_STR, 1508 (void *)ppa, ppa->ppa_flags, 1509 PPA_FLAGS_STR); 1510 } 1511 count = msgsize(nmp); 1512 error = 0; 1513 break; 1514 } 1515 1516 if (error == 0) { 1517 /* Success; tell the user. */ 1518 miocack(q, mp, count, 0); 1519 } else { 1520 /* Failure; send error back upstream. */ 1521 miocnak(q, mp, 0, error); 1522 } 1523 } 1524 1525 /* 1526 * sppp_send() 1527 * 1528 * MT-Perimeters: 1529 * shared inner, shared outer. 1530 * 1531 * Description: 1532 * Called by sppp_uwput to handle M_DATA message type. Returns 1533 * queue_t for putnext, or NULL to mean that the packet was 1534 * handled internally. 1535 */ 1536 static queue_t * 1537 sppp_send(queue_t *q, mblk_t **mpp, spppstr_t *sps) 1538 { 1539 mblk_t *mp; 1540 sppa_t *ppa; 1541 int is_promisc; 1542 int msize; 1543 int error = 0; 1544 queue_t *nextq; 1545 1546 ASSERT(mpp != NULL); 1547 mp = *mpp; 1548 ASSERT(q != NULL && q->q_ptr != NULL); 1549 ASSERT(mp != NULL && mp->b_rptr != NULL); 1550 ASSERT(sps != NULL); 1551 ASSERT(q->q_ptr == sps); 1552 /* 1553 * We only let M_DATA through if the sender is either the control 1554 * stream (for PPP control packets) or one of the network streams 1555 * (for IP packets) in IP fastpath mode. If this stream is not attached 1556 * to any ppas, then discard data coming down through this stream. 1557 */ 1558 ppa = sps->sps_ppa; 1559 if (ppa == NULL) { 1560 ASSERT(!IS_SPS_CONTROL(sps)); 1561 error = ENOLINK; 1562 } else if (!IS_SPS_CONTROL(sps) && !IS_SPS_FASTPATH(sps)) { 1563 error = EPROTO; 1564 } 1565 if (error != 0) { 1566 merror(q, mp, error); 1567 return (NULL); 1568 } 1569 msize = msgdsize(mp); 1570 if (msize > (ppa->ppa_mtu + PPP_HDRLEN)) { 1571 /* Log, and send it anyway */ 1572 mutex_enter(&ppa->ppa_sta_lock); 1573 ppa->ppa_otoolongs++; 1574 mutex_exit(&ppa->ppa_sta_lock); 1575 } else if (msize < PPP_HDRLEN) { 1576 /* 1577 * Log, and send it anyway. We log it because we get things 1578 * in M_DATA form here, which tells us that the sender is 1579 * either IP in fastpath transmission mode, or pppd. In both 1580 * cases, they are currently expected to send the 4-bytes 1581 * PPP header in front of any possible payloads. 1582 */ 1583 mutex_enter(&ppa->ppa_sta_lock); 1584 ppa->ppa_orunts++; 1585 mutex_exit(&ppa->ppa_sta_lock); 1586 } 1587 1588 if (IS_SPS_KDEBUG(sps)) { 1589 SPDEBUG(PPP_DRV_NAME 1590 "/%d: M_DATA send (%d bytes) sps=0x%p flags=0x%b " 1591 "ppa=0x%p flags=0x%b\n", sps->sps_mn_id, msize, 1592 (void *)sps, sps->sps_flags, SPS_FLAGS_STR, 1593 (void *)ppa, ppa->ppa_flags, PPA_FLAGS_STR); 1594 } 1595 /* 1596 * Should there be any promiscuous stream(s), send the data up 1597 * for each promiscuous stream that we recognize. Make sure that 1598 * for fastpath, we skip the PPP header in the M_DATA mblk. We skip 1599 * the control stream as we obviously never allow the control stream 1600 * to become promiscous and bind to PPP_ALLSAP. 1601 */ 1602 rw_enter(&ppa->ppa_sib_lock, RW_READER); 1603 is_promisc = sps->sps_ppa->ppa_promicnt; 1604 if (is_promisc) { 1605 ASSERT(ppa->ppa_streams != NULL); 1606 sppp_dlprsendup(ppa->ppa_streams, mp, sps->sps_sap, B_TRUE); 1607 } 1608 rw_exit(&ppa->ppa_sib_lock); 1609 /* 1610 * Only time-stamp the packet with hrtime if the upper stream 1611 * is configured to do so. PPP control (negotiation) messages 1612 * are never considered link activity; only data is activity. 1613 */ 1614 if (!IS_SPS_CONTROL(sps) && IS_PPA_TIMESTAMP(ppa)) { 1615 ppa->ppa_lasttx = gethrtime(); 1616 } 1617 /* 1618 * If there's already a message in the write-side service queue, 1619 * then queue this message there as well, otherwise, try to send 1620 * it down to the module immediately below us. 1621 */ 1622 if (q->q_first != NULL || 1623 (nextq = sppp_outpkt(q, mpp, msize, sps)) == NULL) { 1624 mp = *mpp; 1625 if (mp != NULL && putq(q, mp) == 0) { 1626 mutex_enter(&ppa->ppa_sta_lock); 1627 ppa->ppa_oqdropped++; 1628 mutex_exit(&ppa->ppa_sta_lock); 1629 freemsg(mp); 1630 } 1631 return (NULL); 1632 } 1633 return (nextq); 1634 } 1635 1636 /* 1637 * sppp_outpkt() 1638 * 1639 * MT-Perimeters: 1640 * shared inner, shared outer (if called from sppp_wput, sppp_dlunitdatareq). 1641 * exclusive inner, shared outer (if called from sppp_wsrv). 1642 * 1643 * Description: 1644 * Called from 1) sppp_uwput when processing a M_DATA fastpath message, 1645 * or 2) sppp_uwsrv when processing the upper write-side service queue. 1646 * For both cases, it prepares to send the data to the module below 1647 * this driver if there is a lower stream linked underneath. If none, then 1648 * the data will be sent upstream via the control channel to pppd. 1649 * 1650 * Returns: 1651 * Non-NULL queue_t if message should be sent now, otherwise 1652 * if *mpp == NULL, then message was freed, otherwise put *mpp 1653 * (back) on the queue. (Does not do putq/putbq, since it's 1654 * called both from srv and put procedures.) 1655 */ 1656 static queue_t * 1657 sppp_outpkt(queue_t *q, mblk_t **mpp, int msize, spppstr_t *sps) 1658 { 1659 mblk_t *mp; 1660 sppa_t *ppa; 1661 enum NPmode npmode; 1662 mblk_t *mpnew; 1663 1664 ASSERT(mpp != NULL); 1665 mp = *mpp; 1666 ASSERT(q != NULL && q->q_ptr != NULL); 1667 ASSERT(mp != NULL && mp->b_rptr != NULL); 1668 ASSERT(sps != NULL); 1669 1670 ppa = sps->sps_ppa; 1671 npmode = sps->sps_npmode; 1672 1673 if (npmode == NPMODE_QUEUE) { 1674 ASSERT(!IS_SPS_CONTROL(sps)); 1675 return (NULL); /* queue it for later */ 1676 } else if (ppa == NULL || ppa->ppa_ctl == NULL || 1677 npmode == NPMODE_DROP || npmode == NPMODE_ERROR) { 1678 /* 1679 * This can not be the control stream, as it must always have 1680 * a valid ppa, and its npmode must always be NPMODE_PASS. 1681 */ 1682 ASSERT(!IS_SPS_CONTROL(sps)); 1683 if (npmode == NPMODE_DROP) { 1684 freemsg(mp); 1685 } else { 1686 /* 1687 * If we no longer have the control stream, or if the 1688 * mode is set to NPMODE_ERROR, then we need to tell IP 1689 * that the interface need to be marked as down. In 1690 * other words, we tell IP to be quiescent. 1691 */ 1692 merror(q, mp, EPROTO); 1693 } 1694 *mpp = NULL; 1695 return (NULL); /* don't queue it */ 1696 } 1697 /* 1698 * Do we have a driver stream linked underneath ? If not, we need to 1699 * notify pppd that the link needs to be brought up and configure 1700 * this upper stream to drop subsequent outgoing packets. This is 1701 * for demand-dialing, in which case pppd has done the IP plumbing 1702 * but hasn't linked the driver stream underneath us. Therefore, when 1703 * a packet is sent down the IP interface, a notification message 1704 * will be sent up the control stream to pppd in order for it to 1705 * establish the physical link. The driver stream is then expected 1706 * to be linked underneath after physical link establishment is done. 1707 */ 1708 if (ppa->ppa_lower_wq == NULL) { 1709 ASSERT(ppa->ppa_ctl != NULL); 1710 ASSERT(ppa->ppa_ctl->sps_rq != NULL); 1711 1712 *mpp = NULL; 1713 mpnew = create_lsmsg(PPP_LINKSTAT_NEEDUP); 1714 if (mpnew == NULL) { 1715 freemsg(mp); 1716 mutex_enter(&ppa->ppa_sta_lock); 1717 ppa->ppa_allocbfail++; 1718 mutex_exit(&ppa->ppa_sta_lock); 1719 return (NULL); /* don't queue it */ 1720 } 1721 /* Include the data in the message for logging. */ 1722 mpnew->b_cont = mp; 1723 mutex_enter(&ppa->ppa_sta_lock); 1724 ppa->ppa_lsneedup++; 1725 mutex_exit(&ppa->ppa_sta_lock); 1726 /* 1727 * We need to set the mode to NPMODE_DROP, but should only 1728 * do so when this stream is not the control stream. 1729 */ 1730 if (!IS_SPS_CONTROL(sps)) { 1731 sps->sps_npmode = NPMODE_DROP; 1732 } 1733 putnext(ppa->ppa_ctl->sps_rq, mpnew); 1734 return (NULL); /* don't queue it */ 1735 } 1736 /* 1737 * If so, then try to send it down. The lower queue is only ever 1738 * detached while holding an exclusive lock on the whole driver, 1739 * so we can be confident that the lower queue is still there. 1740 */ 1741 if (bcanputnext(ppa->ppa_lower_wq, mp->b_band)) { 1742 mutex_enter(&ppa->ppa_sta_lock); 1743 ppa->ppa_stats.p.ppp_opackets++; 1744 if (IS_SPS_CONTROL(sps)) { 1745 ppa->ppa_opkt_ctl++; 1746 } 1747 ppa->ppa_stats.p.ppp_obytes += msize; 1748 mutex_exit(&ppa->ppa_sta_lock); 1749 return (ppa->ppa_lower_wq); /* don't queue it */ 1750 } 1751 return (NULL); /* queue it for later */ 1752 } 1753 1754 /* 1755 * sppp_lwsrv() 1756 * 1757 * MT-Perimeters: 1758 * exclusive inner, shared outer. 1759 * 1760 * Description: 1761 * Lower write-side service procedure. No messages are ever placed on 1762 * the write queue here, this just back-enables all upper write side 1763 * service procedures. 1764 */ 1765 int 1766 sppp_lwsrv(queue_t *q) 1767 { 1768 sppa_t *ppa; 1769 spppstr_t *nextsib; 1770 1771 ASSERT(q != NULL && q->q_ptr != NULL); 1772 ppa = (sppa_t *)q->q_ptr; 1773 ASSERT(ppa != NULL); 1774 1775 rw_enter(&ppa->ppa_sib_lock, RW_READER); 1776 if ((nextsib = ppa->ppa_ctl) != NULL && 1777 WR(nextsib->sps_rq)->q_first != NULL) 1778 qenable(WR(nextsib->sps_rq)); 1779 for (nextsib = ppa->ppa_streams; nextsib != NULL; 1780 nextsib = nextsib->sps_nextsib) { 1781 if (WR(nextsib->sps_rq)->q_first != NULL) { 1782 qenable(WR(nextsib->sps_rq)); 1783 } 1784 } 1785 rw_exit(&ppa->ppa_sib_lock); 1786 return (0); 1787 } 1788 1789 /* 1790 * sppp_lrput() 1791 * 1792 * MT-Perimeters: 1793 * shared inner, shared outer. 1794 * 1795 * Description: 1796 * Lower read-side put procedure. Messages from below get here. 1797 * Data messages are handled separately to limit stack usage 1798 * going into IP. 1799 * 1800 * Note that during I_UNLINK processing, it's possible for a downstream 1801 * message to enable upstream data (due to pass_wput() removing the 1802 * SQ_BLOCKED flag), and thus we must protect against a NULL sppa pointer. 1803 * In this case, the only thing above us is passthru, and we might as well 1804 * discard. 1805 */ 1806 int 1807 sppp_lrput(queue_t *q, mblk_t *mp) 1808 { 1809 sppa_t *ppa; 1810 spppstr_t *sps; 1811 1812 if ((ppa = q->q_ptr) == NULL) { 1813 freemsg(mp); 1814 return (0); 1815 } 1816 1817 sps = ppa->ppa_ctl; 1818 1819 if (MTYPE(mp) != M_DATA) { 1820 sppp_recv_nondata(q, mp, sps); 1821 } else if (sps == NULL) { 1822 freemsg(mp); 1823 } else if ((q = sppp_recv(q, &mp, sps)) != NULL) { 1824 putnext(q, mp); 1825 } 1826 return (0); 1827 } 1828 1829 /* 1830 * sppp_lrsrv() 1831 * 1832 * MT-Perimeters: 1833 * exclusive inner, shared outer. 1834 * 1835 * Description: 1836 * Lower read-side service procedure. This is run once after the I_LINK 1837 * occurs in order to clean up any packets that came in while we were 1838 * transferring in the lower stream. Otherwise, it's not used. 1839 */ 1840 int 1841 sppp_lrsrv(queue_t *q) 1842 { 1843 mblk_t *mp; 1844 1845 while ((mp = getq(q)) != NULL) 1846 (void) sppp_lrput(q, mp); 1847 return (0); 1848 } 1849 1850 /* 1851 * sppp_recv_nondata() 1852 * 1853 * MT-Perimeters: 1854 * shared inner, shared outer. 1855 * 1856 * Description: 1857 * All received non-data messages come through here. 1858 */ 1859 static void 1860 sppp_recv_nondata(queue_t *q, mblk_t *mp, spppstr_t *ctlsps) 1861 { 1862 sppa_t *ppa; 1863 spppstr_t *destsps; 1864 struct iocblk *iop; 1865 1866 ppa = (sppa_t *)q->q_ptr; 1867 ctlsps = ppa->ppa_ctl; 1868 1869 switch (MTYPE(mp)) { 1870 case M_CTL: 1871 mutex_enter(&ppa->ppa_sta_lock); 1872 if (*mp->b_rptr == PPPCTL_IERROR) { 1873 ppa->ppa_stats.p.ppp_ierrors++; 1874 ppa->ppa_ierr_low++; 1875 ppa->ppa_mctlsknown++; 1876 } else if (*mp->b_rptr == PPPCTL_OERROR) { 1877 ppa->ppa_stats.p.ppp_oerrors++; 1878 ppa->ppa_oerr_low++; 1879 ppa->ppa_mctlsknown++; 1880 } else { 1881 ppa->ppa_mctlsunknown++; 1882 } 1883 mutex_exit(&ppa->ppa_sta_lock); 1884 freemsg(mp); 1885 break; 1886 case M_IOCTL: 1887 miocnak(q, mp, 0, EINVAL); 1888 break; 1889 case M_IOCACK: 1890 case M_IOCNAK: 1891 iop = (struct iocblk *)mp->b_rptr; 1892 ASSERT(iop != NULL); 1893 /* 1894 * Attempt to match up the response with the stream that the 1895 * request came from. If ioc_id doesn't match the one that we 1896 * recorded, then discard this message. 1897 */ 1898 rw_enter(&ppa->ppa_sib_lock, RW_READER); 1899 if ((destsps = ctlsps) == NULL || 1900 destsps->sps_ioc_id != iop->ioc_id) { 1901 destsps = ppa->ppa_streams; 1902 while (destsps != NULL) { 1903 if (destsps->sps_ioc_id == iop->ioc_id) { 1904 break; /* found the upper stream */ 1905 } 1906 destsps = destsps->sps_nextsib; 1907 } 1908 } 1909 rw_exit(&ppa->ppa_sib_lock); 1910 if (destsps == NULL) { 1911 mutex_enter(&ppa->ppa_sta_lock); 1912 ppa->ppa_ioctlsfwderr++; 1913 mutex_exit(&ppa->ppa_sta_lock); 1914 freemsg(mp); 1915 break; 1916 } 1917 mutex_enter(&ppa->ppa_sta_lock); 1918 ppa->ppa_ioctlsfwdok++; 1919 1920 /* 1921 * Clear SPS_IOCQ and enable the lower write side queue, 1922 * this would allow the upper stream service routine 1923 * to start processing the queue for pending messages. 1924 * sppp_lwsrv -> sppp_uwsrv. 1925 */ 1926 destsps->sps_flags &= ~SPS_IOCQ; 1927 mutex_exit(&ppa->ppa_sta_lock); 1928 qenable(WR(destsps->sps_rq)); 1929 1930 putnext(destsps->sps_rq, mp); 1931 break; 1932 case M_HANGUP: 1933 /* 1934 * Free the original mblk_t. We don't really want to send 1935 * a M_HANGUP message upstream, so we need to translate this 1936 * message into something else. 1937 */ 1938 freemsg(mp); 1939 if (ctlsps == NULL) 1940 break; 1941 mp = create_lsmsg(PPP_LINKSTAT_HANGUP); 1942 if (mp == NULL) { 1943 mutex_enter(&ppa->ppa_sta_lock); 1944 ppa->ppa_allocbfail++; 1945 mutex_exit(&ppa->ppa_sta_lock); 1946 break; 1947 } 1948 mutex_enter(&ppa->ppa_sta_lock); 1949 ppa->ppa_lsdown++; 1950 mutex_exit(&ppa->ppa_sta_lock); 1951 putnext(ctlsps->sps_rq, mp); 1952 break; 1953 case M_FLUSH: 1954 if (*mp->b_rptr & FLUSHR) { 1955 flushq(q, FLUSHDATA); 1956 } 1957 if (*mp->b_rptr & FLUSHW) { 1958 *mp->b_rptr &= ~FLUSHR; 1959 qreply(q, mp); 1960 } else { 1961 freemsg(mp); 1962 } 1963 break; 1964 default: 1965 if (ctlsps != NULL && 1966 (queclass(mp) == QPCTL) || canputnext(ctlsps->sps_rq)) { 1967 putnext(ctlsps->sps_rq, mp); 1968 } else { 1969 mutex_enter(&ppa->ppa_sta_lock); 1970 ppa->ppa_iqdropped++; 1971 mutex_exit(&ppa->ppa_sta_lock); 1972 freemsg(mp); 1973 } 1974 break; 1975 } 1976 } 1977 1978 /* 1979 * sppp_recv() 1980 * 1981 * MT-Perimeters: 1982 * shared inner, shared outer. 1983 * 1984 * Description: 1985 * Receive function called by sppp_lrput. Finds appropriate 1986 * receive stream and does accounting. 1987 */ 1988 static queue_t * 1989 sppp_recv(queue_t *q, mblk_t **mpp, spppstr_t *ctlsps) 1990 { 1991 mblk_t *mp; 1992 int len; 1993 sppa_t *ppa; 1994 spppstr_t *destsps; 1995 mblk_t *zmp; 1996 uint32_t npflagpos; 1997 1998 ASSERT(mpp != NULL); 1999 mp = *mpp; 2000 ASSERT(q != NULL && q->q_ptr != NULL); 2001 ASSERT(mp != NULL && mp->b_rptr != NULL); 2002 ASSERT(ctlsps != NULL); 2003 ASSERT(IS_SPS_CONTROL(ctlsps)); 2004 ppa = ctlsps->sps_ppa; 2005 ASSERT(ppa != NULL && ppa->ppa_ctl != NULL); 2006 2007 len = msgdsize(mp); 2008 mutex_enter(&ppa->ppa_sta_lock); 2009 ppa->ppa_stats.p.ppp_ibytes += len; 2010 mutex_exit(&ppa->ppa_sta_lock); 2011 /* 2012 * If the entire data size of the mblk is less than the length of the 2013 * PPP header, then free it. We can't do much with such message anyway, 2014 * since we can't really determine what the PPP protocol type is. 2015 */ 2016 if (len < PPP_HDRLEN) { 2017 /* Log, and free it */ 2018 mutex_enter(&ppa->ppa_sta_lock); 2019 ppa->ppa_irunts++; 2020 mutex_exit(&ppa->ppa_sta_lock); 2021 freemsg(mp); 2022 return (NULL); 2023 } else if (len > (ppa->ppa_mru + PPP_HDRLEN)) { 2024 /* Log, and accept it anyway */ 2025 mutex_enter(&ppa->ppa_sta_lock); 2026 ppa->ppa_itoolongs++; 2027 mutex_exit(&ppa->ppa_sta_lock); 2028 } 2029 /* 2030 * We need at least be able to read the PPP protocol from the header, 2031 * so if the first message block is too small, then we concatenate the 2032 * rest of the following blocks into one message. 2033 */ 2034 if (MBLKL(mp) < PPP_HDRLEN) { 2035 zmp = msgpullup(mp, PPP_HDRLEN); 2036 freemsg(mp); 2037 mp = zmp; 2038 if (mp == NULL) { 2039 mutex_enter(&ppa->ppa_sta_lock); 2040 ppa->ppa_allocbfail++; 2041 mutex_exit(&ppa->ppa_sta_lock); 2042 return (NULL); 2043 } 2044 *mpp = mp; 2045 } 2046 /* 2047 * Hold this packet in the control-queue until 2048 * the matching network-layer upper stream for the PPP protocol (sap) 2049 * has not been plumbed and configured 2050 */ 2051 npflagpos = sppp_ppp2np(PPP_PROTOCOL(mp->b_rptr)); 2052 mutex_enter(&ppa->ppa_npmutex); 2053 if (npflagpos != 0 && (ppa->ppa_npflag & (1 << npflagpos))) { 2054 /* 2055 * proto is currently blocked; Hold up to 4 packets 2056 * in the kernel. 2057 */ 2058 if (ppa->ppa_holdpkts[npflagpos] > 3 || 2059 putq(ctlsps->sps_rq, mp) == 0) 2060 freemsg(mp); 2061 else 2062 ppa->ppa_holdpkts[npflagpos]++; 2063 mutex_exit(&ppa->ppa_npmutex); 2064 return (NULL); 2065 } 2066 mutex_exit(&ppa->ppa_npmutex); 2067 /* 2068 * Try to find a matching network-layer upper stream for the specified 2069 * PPP protocol (sap), and if none is found, send this frame up the 2070 * control stream. 2071 */ 2072 destsps = sppp_inpkt(q, mp, ctlsps); 2073 if (destsps == NULL) { 2074 mutex_enter(&ppa->ppa_sta_lock); 2075 ppa->ppa_ipkt_ctl++; 2076 mutex_exit(&ppa->ppa_sta_lock); 2077 if (canputnext(ctlsps->sps_rq)) { 2078 if (IS_SPS_KDEBUG(ctlsps)) { 2079 SPDEBUG(PPP_DRV_NAME 2080 "/%d: M_DATA recv (%d bytes) sps=0x%p " 2081 "flags=0x%b ppa=0x%p flags=0x%b\n", 2082 ctlsps->sps_mn_id, len, (void *)ctlsps, 2083 ctlsps->sps_flags, SPS_FLAGS_STR, 2084 (void *)ppa, ppa->ppa_flags, 2085 PPA_FLAGS_STR); 2086 } 2087 return (ctlsps->sps_rq); 2088 } else { 2089 mutex_enter(&ppa->ppa_sta_lock); 2090 ppa->ppa_iqdropped++; 2091 mutex_exit(&ppa->ppa_sta_lock); 2092 freemsg(mp); 2093 return (NULL); 2094 } 2095 } 2096 if (canputnext(destsps->sps_rq)) { 2097 if (IS_SPS_KDEBUG(destsps)) { 2098 SPDEBUG(PPP_DRV_NAME 2099 "/%d: M_DATA recv (%d bytes) sps=0x%p flags=0x%b " 2100 "ppa=0x%p flags=0x%b\n", destsps->sps_mn_id, len, 2101 (void *)destsps, destsps->sps_flags, 2102 SPS_FLAGS_STR, (void *)ppa, ppa->ppa_flags, 2103 PPA_FLAGS_STR); 2104 } 2105 /* 2106 * If fastpath is enabled on the network-layer stream, then 2107 * make sure we skip over the PPP header, otherwise, we wrap 2108 * the message in a DLPI message. 2109 */ 2110 if (IS_SPS_FASTPATH(destsps)) { 2111 mp->b_rptr += PPP_HDRLEN; 2112 return (destsps->sps_rq); 2113 } else { 2114 spppstr_t *uqs = (spppstr_t *)destsps->sps_rq->q_ptr; 2115 ASSERT(uqs != NULL); 2116 mp->b_rptr += PPP_HDRLEN; 2117 mp = sppp_dladdud(uqs, mp, uqs->sps_sap, B_FALSE); 2118 if (mp != NULL) { 2119 *mpp = mp; 2120 return (destsps->sps_rq); 2121 } else { 2122 mutex_enter(&ppa->ppa_sta_lock); 2123 ppa->ppa_allocbfail++; 2124 mutex_exit(&ppa->ppa_sta_lock); 2125 /* mp already freed by sppp_dladdud */ 2126 return (NULL); 2127 } 2128 } 2129 } else { 2130 mutex_enter(&ppa->ppa_sta_lock); 2131 ppa->ppa_iqdropped++; 2132 mutex_exit(&ppa->ppa_sta_lock); 2133 freemsg(mp); 2134 return (NULL); 2135 } 2136 } 2137 2138 /* 2139 * sppp_inpkt() 2140 * 2141 * MT-Perimeters: 2142 * shared inner, shared outer. 2143 * 2144 * Description: 2145 * Find the destination upper stream for the received packet, called 2146 * from sppp_recv. 2147 * 2148 * Returns: 2149 * ptr to destination upper network stream, or NULL for control stream. 2150 */ 2151 /* ARGSUSED */ 2152 static spppstr_t * 2153 sppp_inpkt(queue_t *q, mblk_t *mp, spppstr_t *ctlsps) 2154 { 2155 spppstr_t *destsps = NULL; 2156 sppa_t *ppa; 2157 uint16_t proto; 2158 int is_promisc; 2159 2160 ASSERT(q != NULL && q->q_ptr != NULL); 2161 ASSERT(mp != NULL && mp->b_rptr != NULL); 2162 ASSERT(IS_SPS_CONTROL(ctlsps)); 2163 ppa = ctlsps->sps_ppa; 2164 ASSERT(ppa != NULL); 2165 /* 2166 * From RFC 1661 (Section 2): 2167 * 2168 * The Protocol field is one or two octets, and its value identifies 2169 * the datagram encapsulated in the Information field of the packet. 2170 * The field is transmitted and received most significant octet first. 2171 * 2172 * The structure of this field is consistent with the ISO 3309 2173 * extension mechanism for address fields. All Protocols MUST be odd; 2174 * the least significant bit of the least significant octet MUST equal 2175 * "1". Also, all Protocols MUST be assigned such that the least 2176 * significant bit of the most significant octet equals "0". Frames 2177 * received which don't comply with these rules MUST be treated as 2178 * having an unrecognized Protocol. 2179 * 2180 * Protocol field values in the "0***" to "3***" range identify the 2181 * network-layer protocol of specific packets, and values in the 2182 * "8***" to "b***" range identify packets belonging to the associated 2183 * Network Control Protocols (NCPs), if any. 2184 * 2185 * Protocol field values in the "4***" to "7***" range are used for 2186 * protocols with low volume traffic which have no associated NCP. 2187 * Protocol field values in the "c***" to "f***" range identify packets 2188 * as link-layer Control Protocols (such as LCP). 2189 */ 2190 proto = PPP_PROTOCOL(mp->b_rptr); 2191 mutex_enter(&ppa->ppa_sta_lock); 2192 ppa->ppa_stats.p.ppp_ipackets++; 2193 mutex_exit(&ppa->ppa_sta_lock); 2194 /* 2195 * We check if this is not a network-layer protocol, and if so, 2196 * then send this packet up the control stream. 2197 */ 2198 if (proto > 0x7fff) { 2199 goto inpkt_done; /* send it up the control stream */ 2200 } 2201 /* 2202 * Try to grab the destination upper stream from the network-layer 2203 * stream cache for this ppa for PPP_IP (0x0021) or PPP_IPV6 (0x0057) 2204 * protocol types. Otherwise, if the type is not known to the cache, 2205 * or if its sap can't be matched with any of the upper streams, then 2206 * send this packet up the control stream so that it can be rejected. 2207 */ 2208 if (proto == PPP_IP) { 2209 destsps = ppa->ppa_ip_cache; 2210 } else if (proto == PPP_IPV6) { 2211 destsps = ppa->ppa_ip6_cache; 2212 } 2213 /* 2214 * Toss this one away up the control stream if there's no matching sap; 2215 * this way the protocol can be rejected (destsps is NULL). 2216 */ 2217 2218 inpkt_done: 2219 /* 2220 * Only time-stamp the packet with hrtime if the upper stream 2221 * is configured to do so. PPP control (negotiation) messages 2222 * are never considered link activity; only data is activity. 2223 */ 2224 if (destsps != NULL && IS_PPA_TIMESTAMP(ppa)) { 2225 ppa->ppa_lastrx = gethrtime(); 2226 } 2227 /* 2228 * Should there be any promiscuous stream(s), send the data up for 2229 * each promiscuous stream that we recognize. We skip the control 2230 * stream as we obviously never allow the control stream to become 2231 * promiscous and bind to PPP_ALLSAP. 2232 */ 2233 rw_enter(&ppa->ppa_sib_lock, RW_READER); 2234 is_promisc = ppa->ppa_promicnt; 2235 if (is_promisc) { 2236 ASSERT(ppa->ppa_streams != NULL); 2237 sppp_dlprsendup(ppa->ppa_streams, mp, proto, B_TRUE); 2238 } 2239 rw_exit(&ppa->ppa_sib_lock); 2240 return (destsps); 2241 } 2242 2243 /* 2244 * sppp_kstat_update() 2245 * 2246 * Description: 2247 * Update per-ppa kstat interface statistics. 2248 */ 2249 static int 2250 sppp_kstat_update(kstat_t *ksp, int rw) 2251 { 2252 register sppa_t *ppa; 2253 register sppp_kstats_t *pppkp; 2254 register struct pppstat64 *sp; 2255 2256 if (rw == KSTAT_WRITE) { 2257 return (EACCES); 2258 } 2259 2260 ppa = (sppa_t *)ksp->ks_private; 2261 ASSERT(ppa != NULL); 2262 2263 pppkp = (sppp_kstats_t *)ksp->ks_data; 2264 sp = &ppa->ppa_stats.p; 2265 2266 mutex_enter(&ppa->ppa_sta_lock); 2267 pppkp->allocbfail.value.ui32 = ppa->ppa_allocbfail; 2268 pppkp->mctlsfwd.value.ui32 = ppa->ppa_mctlsfwd; 2269 pppkp->mctlsfwderr.value.ui32 = ppa->ppa_mctlsfwderr; 2270 pppkp->rbytes.value.ui32 = sp->ppp_ibytes; 2271 pppkp->rbytes64.value.ui64 = sp->ppp_ibytes; 2272 pppkp->ierrors.value.ui32 = sp->ppp_ierrors; 2273 pppkp->ierrors_lower.value.ui32 = ppa->ppa_ierr_low; 2274 pppkp->ioctlsfwd.value.ui32 = ppa->ppa_ioctlsfwd; 2275 pppkp->ioctlsfwdok.value.ui32 = ppa->ppa_ioctlsfwdok; 2276 pppkp->ioctlsfwderr.value.ui32 = ppa->ppa_ioctlsfwderr; 2277 pppkp->ipackets.value.ui32 = sp->ppp_ipackets; 2278 pppkp->ipackets64.value.ui64 = sp->ppp_ipackets; 2279 pppkp->ipackets_ctl.value.ui32 = ppa->ppa_ipkt_ctl; 2280 pppkp->iqdropped.value.ui32 = ppa->ppa_iqdropped; 2281 pppkp->irunts.value.ui32 = ppa->ppa_irunts; 2282 pppkp->itoolongs.value.ui32 = ppa->ppa_itoolongs; 2283 pppkp->lsneedup.value.ui32 = ppa->ppa_lsneedup; 2284 pppkp->lsdown.value.ui32 = ppa->ppa_lsdown; 2285 pppkp->mctlsknown.value.ui32 = ppa->ppa_mctlsknown; 2286 pppkp->mctlsunknown.value.ui32 = ppa->ppa_mctlsunknown; 2287 pppkp->obytes.value.ui32 = sp->ppp_obytes; 2288 pppkp->obytes64.value.ui64 = sp->ppp_obytes; 2289 pppkp->oerrors.value.ui32 = sp->ppp_oerrors; 2290 pppkp->oerrors_lower.value.ui32 = ppa->ppa_oerr_low; 2291 pppkp->opackets.value.ui32 = sp->ppp_opackets; 2292 pppkp->opackets64.value.ui64 = sp->ppp_opackets; 2293 pppkp->opackets_ctl.value.ui32 = ppa->ppa_opkt_ctl; 2294 pppkp->oqdropped.value.ui32 = ppa->ppa_oqdropped; 2295 pppkp->otoolongs.value.ui32 = ppa->ppa_otoolongs; 2296 pppkp->orunts.value.ui32 = ppa->ppa_orunts; 2297 mutex_exit(&ppa->ppa_sta_lock); 2298 2299 return (0); 2300 } 2301 2302 /* 2303 * Turn off proto in ppa_npflag to indicate that 2304 * the corresponding network protocol has been plumbed. 2305 * Release proto packets that were being held in the control 2306 * queue in anticipation of this event. 2307 */ 2308 static void 2309 sppp_release_pkts(sppa_t *ppa, uint16_t proto) 2310 { 2311 uint32_t npflagpos = sppp_ppp2np(proto); 2312 int count; 2313 mblk_t *mp; 2314 uint16_t mp_proto; 2315 queue_t *q; 2316 spppstr_t *destsps; 2317 2318 ASSERT(ppa != NULL); 2319 2320 if (npflagpos == 0 || (ppa->ppa_npflag & (1 << npflagpos)) == 0) 2321 return; 2322 2323 mutex_enter(&ppa->ppa_npmutex); 2324 ppa->ppa_npflag &= ~(1 << npflagpos); 2325 count = ppa->ppa_holdpkts[npflagpos]; 2326 ppa->ppa_holdpkts[npflagpos] = 0; 2327 mutex_exit(&ppa->ppa_npmutex); 2328 2329 q = ppa->ppa_ctl->sps_rq; 2330 2331 while (count > 0) { 2332 mp = getq(q); 2333 ASSERT(mp != NULL); 2334 2335 mp_proto = PPP_PROTOCOL(mp->b_rptr); 2336 if (mp_proto != proto) { 2337 (void) putq(q, mp); 2338 continue; 2339 } 2340 count--; 2341 destsps = NULL; 2342 if (mp_proto == PPP_IP) { 2343 destsps = ppa->ppa_ip_cache; 2344 } else if (mp_proto == PPP_IPV6) { 2345 destsps = ppa->ppa_ip6_cache; 2346 } 2347 ASSERT(destsps != NULL); 2348 2349 if (IS_SPS_FASTPATH(destsps)) { 2350 mp->b_rptr += PPP_HDRLEN; 2351 } else { 2352 spppstr_t *uqs = (spppstr_t *)destsps->sps_rq->q_ptr; 2353 ASSERT(uqs != NULL); 2354 mp->b_rptr += PPP_HDRLEN; 2355 mp = sppp_dladdud(uqs, mp, uqs->sps_sap, B_FALSE); 2356 if (mp == NULL) { 2357 mutex_enter(&ppa->ppa_sta_lock); 2358 ppa->ppa_allocbfail++; 2359 mutex_exit(&ppa->ppa_sta_lock); 2360 /* mp already freed by sppp_dladdud */ 2361 continue; 2362 } 2363 } 2364 2365 if (canputnext(destsps->sps_rq)) { 2366 putnext(destsps->sps_rq, mp); 2367 } else { 2368 mutex_enter(&ppa->ppa_sta_lock); 2369 ppa->ppa_iqdropped++; 2370 mutex_exit(&ppa->ppa_sta_lock); 2371 freemsg(mp); 2372 continue; 2373 } 2374 } 2375 } 2376