xref: /titanic_51/usr/src/uts/common/inet/ip/ip_netinfo.c (revision b72c368a02e0464faeef362bc5a1cf0fc69981da)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <sys/param.h>
27 #include <sys/types.h>
28 #include <sys/systm.h>
29 #include <sys/stream.h>
30 #include <sys/strsubr.h>
31 #include <sys/pattr.h>
32 #include <sys/dlpi.h>
33 #include <sys/atomic.h>
34 #include <sys/sunddi.h>
35 #include <sys/socket.h>
36 #include <sys/neti.h>
37 #include <sys/sdt.h>
38 #include <sys/cmn_err.h>
39 
40 #include <netinet/in.h>
41 #include <inet/ipsec_impl.h>
42 #include <inet/common.h>
43 #include <inet/mib2.h>
44 #include <inet/ip.h>
45 #include <inet/ip6.h>
46 #include <inet/ip_if.h>
47 #include <inet/ip_ire.h>
48 #include <inet/ip_impl.h>
49 #include <inet/ip_ndp.h>
50 #include <inet/ipclassifier.h>
51 #include <inet/ipp_common.h>
52 #include <inet/ip_ftable.h>
53 
54 /*
55  * IPv4 netinfo entry point declarations.
56  */
57 static int 		ip_getifname(net_handle_t, phy_if_t, char *,
58 			    const size_t);
59 static int 		ip_getmtu(net_handle_t, phy_if_t, lif_if_t);
60 static int 		ip_getpmtuenabled(net_handle_t);
61 static int 		ip_getlifaddr(net_handle_t, phy_if_t, lif_if_t,
62 			    size_t, net_ifaddr_t [], void *);
63 static int		ip_getlifzone(net_handle_t, phy_if_t, lif_if_t,
64 			    zoneid_t *);
65 static int		ip_getlifflags(net_handle_t, phy_if_t, lif_if_t,
66 			    uint64_t *);
67 static phy_if_t		ip_phygetnext(net_handle_t, phy_if_t);
68 static phy_if_t 	ip_phylookup(net_handle_t, const char *);
69 static lif_if_t 	ip_lifgetnext(net_handle_t, phy_if_t, lif_if_t);
70 static int 		ip_inject(net_handle_t, inject_t, net_inject_t *);
71 static phy_if_t 	ip_routeto(net_handle_t, struct sockaddr *,
72 			    struct sockaddr *);
73 static int 		ip_ispartialchecksum(net_handle_t, mblk_t *);
74 static int 		ip_isvalidchecksum(net_handle_t, mblk_t *);
75 
76 static int 		ipv6_getifname(net_handle_t, phy_if_t, char *,
77 			    const size_t);
78 static int 		ipv6_getmtu(net_handle_t, phy_if_t, lif_if_t);
79 static int 		ipv6_getlifaddr(net_handle_t, phy_if_t, lif_if_t,
80 			    size_t, net_ifaddr_t [], void *);
81 static int		ipv6_getlifzone(net_handle_t, phy_if_t, lif_if_t,
82 			    zoneid_t *);
83 static int		ipv6_getlifflags(net_handle_t, phy_if_t, lif_if_t,
84 			    uint64_t *);
85 static phy_if_t 	ipv6_phygetnext(net_handle_t, phy_if_t);
86 static phy_if_t 	ipv6_phylookup(net_handle_t, const char *);
87 static lif_if_t 	ipv6_lifgetnext(net_handle_t, phy_if_t, lif_if_t);
88 static int 		ipv6_inject(net_handle_t, inject_t, net_inject_t *);
89 static phy_if_t 	ipv6_routeto(net_handle_t, struct sockaddr *,
90 			    struct sockaddr *);
91 static int 		ipv6_isvalidchecksum(net_handle_t, mblk_t *);
92 
93 static int 		net_no_getmtu(net_handle_t, phy_if_t, lif_if_t);
94 static int 		net_no_getpmtuenabled(net_handle_t);
95 static lif_if_t 	net_no_lifgetnext(net_handle_t, phy_if_t, lif_if_t);
96 static int 		net_no_inject(net_handle_t, inject_t, net_inject_t *);
97 static phy_if_t 	net_no_routeto(net_handle_t, struct sockaddr *,
98 			    struct sockaddr *);
99 static int 		net_no_ispartialchecksum(net_handle_t, mblk_t *);
100 static int 		net_no_getlifaddr(net_handle_t, phy_if_t, lif_if_t,
101 			    size_t, net_ifaddr_t [], void *);
102 static int		net_no_getlifzone(net_handle_t, phy_if_t, lif_if_t,
103 			    zoneid_t *);
104 static int		net_no_getlifflags(net_handle_t, phy_if_t, lif_if_t,
105 			    uint64_t *);
106 
107 /* Netinfo private functions */
108 static	int		ip_getifname_impl(phy_if_t, char *,
109 			    const size_t, boolean_t, ip_stack_t *);
110 static	int		ip_getmtu_impl(phy_if_t, lif_if_t, boolean_t,
111 			    ip_stack_t *);
112 static	phy_if_t	ip_phylookup_impl(const char *, boolean_t,
113 			    ip_stack_t *);
114 static	lif_if_t	ip_lifgetnext_impl(phy_if_t, lif_if_t, boolean_t,
115 			    ip_stack_t *);
116 static	int		ip_inject_impl(inject_t, net_inject_t *, boolean_t,
117 			    ip_stack_t *);
118 static	int		ip_getifaddr_type(sa_family_t, ipif_t *, lif_if_t,
119 			    void *);
120 static	phy_if_t	ip_routeto_impl(struct sockaddr *, struct sockaddr *,
121 			    ip_stack_t *);
122 static	int		ip_getlifaddr_impl(sa_family_t, phy_if_t, lif_if_t,
123 			    size_t, net_ifaddr_t [], struct sockaddr *,
124 			    ip_stack_t *);
125 static	void		ip_ni_queue_in_func(void *);
126 static	void		ip_ni_queue_out_func(void *);
127 static	void		ip_ni_queue_func_impl(injection_t *,  boolean_t);
128 
129 static net_protocol_t ipv4info = {
130 	NETINFO_VERSION,
131 	NHF_INET,
132 	ip_getifname,
133 	ip_getmtu,
134 	ip_getpmtuenabled,
135 	ip_getlifaddr,
136 	ip_getlifzone,
137 	ip_getlifflags,
138 	ip_phygetnext,
139 	ip_phylookup,
140 	ip_lifgetnext,
141 	ip_inject,
142 	ip_routeto,
143 	ip_ispartialchecksum,
144 	ip_isvalidchecksum
145 };
146 
147 
148 static net_protocol_t ipv6info = {
149 	NETINFO_VERSION,
150 	NHF_INET6,
151 	ipv6_getifname,
152 	ipv6_getmtu,
153 	ip_getpmtuenabled,
154 	ipv6_getlifaddr,
155 	ipv6_getlifzone,
156 	ipv6_getlifflags,
157 	ipv6_phygetnext,
158 	ipv6_phylookup,
159 	ipv6_lifgetnext,
160 	ipv6_inject,
161 	ipv6_routeto,
162 	ip_ispartialchecksum,
163 	ipv6_isvalidchecksum
164 };
165 
166 static net_protocol_t arp_netinfo = {
167 	NETINFO_VERSION,
168 	NHF_ARP,
169 	ip_getifname,
170 	net_no_getmtu,
171 	net_no_getpmtuenabled,
172 	net_no_getlifaddr,
173 	net_no_getlifzone,
174 	net_no_getlifflags,
175 	ip_phygetnext,
176 	ip_phylookup,
177 	net_no_lifgetnext,
178 	net_no_inject,
179 	net_no_routeto,
180 	net_no_ispartialchecksum,
181 	ip_isvalidchecksum
182 };
183 
184 /*
185  * The taskq eventq_queue_in is used to process the upside inject messages.
186  * The taskq eventq_queue_out is used to process the downside inject messages.
187  * The taskq eventq_queue_nic is used to process the nic event messages.
188  */
189 static ddi_taskq_t 	*eventq_queue_in = NULL;
190 static ddi_taskq_t 	*eventq_queue_out = NULL;
191 ddi_taskq_t 	*eventq_queue_nic = NULL;
192 
193 /*
194  * Initialize queues for inject.
195  */
196 void
197 ip_net_g_init()
198 {
199 	if (eventq_queue_out == NULL) {
200 		eventq_queue_out = ddi_taskq_create(NULL,
201 		    "IP_INJECT_QUEUE_OUT", 1, TASKQ_DEFAULTPRI, 0);
202 
203 		if (eventq_queue_out == NULL)
204 			cmn_err(CE_NOTE, "ipv4_net_init: "
205 			    "ddi_taskq_create failed for IP_INJECT_QUEUE_OUT");
206 	}
207 
208 	if (eventq_queue_in == NULL) {
209 		eventq_queue_in = ddi_taskq_create(NULL,
210 		    "IP_INJECT_QUEUE_IN", 1, TASKQ_DEFAULTPRI, 0);
211 
212 		if (eventq_queue_in == NULL)
213 			cmn_err(CE_NOTE, "ipv4_net_init: "
214 			    "ddi_taskq_create failed for IP_INJECT_QUEUE_IN");
215 	}
216 
217 	if (eventq_queue_nic == NULL) {
218 		eventq_queue_nic = ddi_taskq_create(NULL,
219 		    "IP_NIC_EVENT_QUEUE", 1, TASKQ_DEFAULTPRI, 0);
220 
221 		if (eventq_queue_nic == NULL)
222 			cmn_err(CE_NOTE, "ipv4_net_init: "
223 			    "ddi_taskq_create failed for IP_NIC_EVENT_QUEUE");
224 	}
225 }
226 
227 /*
228  * Destroy inject queues
229  */
230 void
231 ip_net_g_destroy()
232 {
233 	if (eventq_queue_nic != NULL) {
234 		ddi_taskq_destroy(eventq_queue_nic);
235 		eventq_queue_nic = NULL;
236 	}
237 
238 	if (eventq_queue_in != NULL) {
239 		ddi_taskq_destroy(eventq_queue_in);
240 		eventq_queue_in = NULL;
241 	}
242 
243 	if (eventq_queue_out != NULL) {
244 		ddi_taskq_destroy(eventq_queue_out);
245 		eventq_queue_out = NULL;
246 	}
247 }
248 
249 /*
250  * Register IPv4 and IPv6 netinfo functions and initialize queues for inject.
251  */
252 void
253 ip_net_init(ip_stack_t *ipst, netstack_t *ns)
254 {
255 	netid_t id;
256 
257 	id = net_getnetidbynetstackid(ns->netstack_stackid);
258 	ASSERT(id != -1);
259 
260 	ipst->ips_ipv4_net_data = net_protocol_register(id, &ipv4info);
261 	ASSERT(ipst->ips_ipv4_net_data != NULL);
262 
263 	ipst->ips_ipv6_net_data = net_protocol_register(id, &ipv6info);
264 	ASSERT(ipst->ips_ipv6_net_data != NULL);
265 
266 	ipst->ips_arp_net_data = net_protocol_register(id, &arp_netinfo);
267 	ASSERT(ipst->ips_ipv6_net_data != NULL);
268 }
269 
270 
271 /*
272  * Unregister IPv4 and IPv6 functions.
273  */
274 void
275 ip_net_destroy(ip_stack_t *ipst)
276 {
277 	if (ipst->ips_ipv4_net_data != NULL) {
278 		if (net_protocol_unregister(ipst->ips_ipv4_net_data) == 0)
279 			ipst->ips_ipv4_net_data = NULL;
280 	}
281 
282 	if (ipst->ips_ipv6_net_data != NULL) {
283 		if (net_protocol_unregister(ipst->ips_ipv6_net_data) == 0)
284 			ipst->ips_ipv6_net_data = NULL;
285 	}
286 
287 	if (ipst->ips_arp_net_data != NULL) {
288 		if (net_protocol_unregister(ipst->ips_arp_net_data) == 0)
289 			ipst->ips_arp_net_data = NULL;
290 	}
291 }
292 
293 /*
294  * Initialize IPv4 hooks family the event
295  */
296 void
297 ipv4_hook_init(ip_stack_t *ipst)
298 {
299 	HOOK_FAMILY_INIT(&ipst->ips_ipv4root, Hn_IPV4);
300 	if (net_family_register(ipst->ips_ipv4_net_data, &ipst->ips_ipv4root)
301 	    != 0) {
302 		cmn_err(CE_NOTE, "ipv4_hook_init: "
303 		    "net_family_register failed for ipv4");
304 	}
305 
306 	HOOK_EVENT_INIT(&ipst->ips_ip4_physical_in_event, NH_PHYSICAL_IN);
307 	ipst->ips_ipv4firewall_physical_in = net_event_register(
308 	    ipst->ips_ipv4_net_data, &ipst->ips_ip4_physical_in_event);
309 	if (ipst->ips_ipv4firewall_physical_in == NULL) {
310 		cmn_err(CE_NOTE, "ipv4_hook_init: "
311 		    "net_event_register failed for ipv4/physical_in");
312 	}
313 
314 	HOOK_EVENT_INIT(&ipst->ips_ip4_physical_out_event, NH_PHYSICAL_OUT);
315 	ipst->ips_ipv4firewall_physical_out = net_event_register(
316 	    ipst->ips_ipv4_net_data, &ipst->ips_ip4_physical_out_event);
317 	if (ipst->ips_ipv4firewall_physical_out == NULL) {
318 		cmn_err(CE_NOTE, "ipv4_hook_init: "
319 		    "net_event_register failed for ipv4/physical_out");
320 	}
321 
322 	HOOK_EVENT_INIT(&ipst->ips_ip4_forwarding_event, NH_FORWARDING);
323 	ipst->ips_ipv4firewall_forwarding = net_event_register(
324 	    ipst->ips_ipv4_net_data, &ipst->ips_ip4_forwarding_event);
325 	if (ipst->ips_ipv4firewall_forwarding == NULL) {
326 		cmn_err(CE_NOTE, "ipv4_hook_init: "
327 		    "net_event_register failed for ipv4/forwarding");
328 	}
329 
330 	HOOK_EVENT_INIT(&ipst->ips_ip4_loopback_in_event, NH_LOOPBACK_IN);
331 	ipst->ips_ipv4firewall_loopback_in = net_event_register(
332 	    ipst->ips_ipv4_net_data, &ipst->ips_ip4_loopback_in_event);
333 	if (ipst->ips_ipv4firewall_loopback_in == NULL) {
334 		cmn_err(CE_NOTE, "ipv4_hook_init: "
335 		    "net_event_register failed for ipv4/loopback_in");
336 	}
337 
338 	HOOK_EVENT_INIT(&ipst->ips_ip4_loopback_out_event, NH_LOOPBACK_OUT);
339 	ipst->ips_ipv4firewall_loopback_out = net_event_register(
340 	    ipst->ips_ipv4_net_data, &ipst->ips_ip4_loopback_out_event);
341 	if (ipst->ips_ipv4firewall_loopback_out == NULL) {
342 		cmn_err(CE_NOTE, "ipv4_hook_init: "
343 		    "net_event_register failed for ipv4/loopback_out");
344 	}
345 
346 	HOOK_EVENT_INIT(&ipst->ips_ip4_nic_events, NH_NIC_EVENTS);
347 	ipst->ips_ip4_nic_events.he_flags = HOOK_RDONLY;
348 	ipst->ips_ipv4nicevents = net_event_register(
349 	    ipst->ips_ipv4_net_data, &ipst->ips_ip4_nic_events);
350 	if (ipst->ips_ipv4nicevents == NULL) {
351 		cmn_err(CE_NOTE, "ipv4_hook_init: "
352 		    "net_event_register failed for ipv4/nic_events");
353 	}
354 
355 	HOOK_EVENT_INIT(&ipst->ips_ip4_observe, NH_OBSERVE);
356 	ipst->ips_ip4_observe.he_flags = HOOK_RDONLY;
357 	ipst->ips_ipv4observing = net_event_register(
358 	    ipst->ips_ipv4_net_data, &ipst->ips_ip4_observe);
359 	if (ipst->ips_ipv4observing == NULL) {
360 		cmn_err(CE_NOTE, "ipv4_hook_init: "
361 		    "net_event_register failed for ipv4/observe");
362 	}
363 
364 }
365 
366 void
367 ipv4_hook_shutdown(ip_stack_t *ipst)
368 {
369 	if (ipst->ips_ipv4firewall_forwarding != NULL) {
370 		(void) net_event_shutdown(ipst->ips_ipv4_net_data,
371 		    &ipst->ips_ip4_forwarding_event);
372 	}
373 
374 	if (ipst->ips_ipv4firewall_physical_in != NULL) {
375 		(void) net_event_shutdown(ipst->ips_ipv4_net_data,
376 		    &ipst->ips_ip4_physical_in_event);
377 	}
378 
379 	if (ipst->ips_ipv4firewall_physical_out != NULL) {
380 		(void) net_event_shutdown(ipst->ips_ipv4_net_data,
381 		    &ipst->ips_ip4_physical_out_event);
382 	}
383 
384 	if (ipst->ips_ipv4firewall_loopback_in != NULL) {
385 		(void) net_event_shutdown(ipst->ips_ipv4_net_data,
386 		    &ipst->ips_ip4_loopback_in_event);
387 	}
388 
389 	if (ipst->ips_ipv4firewall_loopback_out != NULL) {
390 		(void) net_event_shutdown(ipst->ips_ipv4_net_data,
391 		    &ipst->ips_ip4_loopback_out_event);
392 	}
393 
394 	if (ipst->ips_ipv4nicevents != NULL) {
395 		(void) net_event_shutdown(ipst->ips_ipv4_net_data,
396 		    &ipst->ips_ip4_nic_events);
397 	}
398 
399 	if (ipst->ips_ipv4observing != NULL) {
400 		(void) net_event_shutdown(ipst->ips_ipv4_net_data,
401 		    &ipst->ips_ip4_observe);
402 	}
403 
404 	(void) net_family_shutdown(ipst->ips_ipv4_net_data,
405 	    &ipst->ips_ipv4root);
406 }
407 
408 void
409 ipv4_hook_destroy(ip_stack_t *ipst)
410 {
411 	if (ipst->ips_ipv4firewall_forwarding != NULL) {
412 		if (net_event_unregister(ipst->ips_ipv4_net_data,
413 		    &ipst->ips_ip4_forwarding_event) == 0)
414 			ipst->ips_ipv4firewall_forwarding = NULL;
415 	}
416 
417 	if (ipst->ips_ipv4firewall_physical_in != NULL) {
418 		if (net_event_unregister(ipst->ips_ipv4_net_data,
419 		    &ipst->ips_ip4_physical_in_event) == 0)
420 			ipst->ips_ipv4firewall_physical_in = NULL;
421 	}
422 
423 	if (ipst->ips_ipv4firewall_physical_out != NULL) {
424 		if (net_event_unregister(ipst->ips_ipv4_net_data,
425 		    &ipst->ips_ip4_physical_out_event) == 0)
426 			ipst->ips_ipv4firewall_physical_out = NULL;
427 	}
428 
429 	if (ipst->ips_ipv4firewall_loopback_in != NULL) {
430 		if (net_event_unregister(ipst->ips_ipv4_net_data,
431 		    &ipst->ips_ip4_loopback_in_event) == 0)
432 			ipst->ips_ipv4firewall_loopback_in = NULL;
433 	}
434 
435 	if (ipst->ips_ipv4firewall_loopback_out != NULL) {
436 		if (net_event_unregister(ipst->ips_ipv4_net_data,
437 		    &ipst->ips_ip4_loopback_out_event) == 0)
438 			ipst->ips_ipv4firewall_loopback_out = NULL;
439 	}
440 
441 	if (ipst->ips_ipv4nicevents != NULL) {
442 		if (net_event_unregister(ipst->ips_ipv4_net_data,
443 		    &ipst->ips_ip4_nic_events) == 0)
444 			ipst->ips_ipv4nicevents = NULL;
445 	}
446 
447 	if (ipst->ips_ipv4observing != NULL) {
448 		if (net_event_unregister(ipst->ips_ipv4_net_data,
449 		    &ipst->ips_ip4_observe) == 0)
450 			ipst->ips_ipv4observing = NULL;
451 	}
452 
453 	(void) net_family_unregister(ipst->ips_ipv4_net_data,
454 	    &ipst->ips_ipv4root);
455 }
456 
457 /*
458  * Initialize IPv6 hooks family and event
459  */
460 void
461 ipv6_hook_init(ip_stack_t *ipst)
462 {
463 
464 	HOOK_FAMILY_INIT(&ipst->ips_ipv6root, Hn_IPV6);
465 	if (net_family_register(ipst->ips_ipv6_net_data, &ipst->ips_ipv6root)
466 	    != 0) {
467 		cmn_err(CE_NOTE, "ipv6_hook_init: "
468 		    "net_family_register failed for ipv6");
469 	}
470 
471 	HOOK_EVENT_INIT(&ipst->ips_ip6_physical_in_event, NH_PHYSICAL_IN);
472 	ipst->ips_ipv6firewall_physical_in = net_event_register(
473 	    ipst->ips_ipv6_net_data, &ipst->ips_ip6_physical_in_event);
474 	if (ipst->ips_ipv6firewall_physical_in == NULL) {
475 		cmn_err(CE_NOTE, "ipv6_hook_init: "
476 		    "net_event_register failed for ipv6/physical_in");
477 	}
478 
479 	HOOK_EVENT_INIT(&ipst->ips_ip6_physical_out_event, NH_PHYSICAL_OUT);
480 	ipst->ips_ipv6firewall_physical_out = net_event_register(
481 	    ipst->ips_ipv6_net_data, &ipst->ips_ip6_physical_out_event);
482 	if (ipst->ips_ipv6firewall_physical_out == NULL) {
483 		cmn_err(CE_NOTE, "ipv6_hook_init: "
484 		    "net_event_register failed for ipv6/physical_out");
485 	}
486 
487 	HOOK_EVENT_INIT(&ipst->ips_ip6_forwarding_event, NH_FORWARDING);
488 	ipst->ips_ipv6firewall_forwarding = net_event_register(
489 	    ipst->ips_ipv6_net_data, &ipst->ips_ip6_forwarding_event);
490 	if (ipst->ips_ipv6firewall_forwarding == NULL) {
491 		cmn_err(CE_NOTE, "ipv6_hook_init: "
492 		    "net_event_register failed for ipv6/forwarding");
493 	}
494 
495 	HOOK_EVENT_INIT(&ipst->ips_ip6_loopback_in_event, NH_LOOPBACK_IN);
496 	ipst->ips_ipv6firewall_loopback_in = net_event_register(
497 	    ipst->ips_ipv6_net_data, &ipst->ips_ip6_loopback_in_event);
498 	if (ipst->ips_ipv6firewall_loopback_in == NULL) {
499 		cmn_err(CE_NOTE, "ipv6_hook_init: "
500 		    "net_event_register failed for ipv6/loopback_in");
501 	}
502 
503 	HOOK_EVENT_INIT(&ipst->ips_ip6_loopback_out_event, NH_LOOPBACK_OUT);
504 	ipst->ips_ipv6firewall_loopback_out = net_event_register(
505 	    ipst->ips_ipv6_net_data, &ipst->ips_ip6_loopback_out_event);
506 	if (ipst->ips_ipv6firewall_loopback_out == NULL) {
507 		cmn_err(CE_NOTE, "ipv6_hook_init: "
508 		    "net_event_register failed for ipv6/loopback_out");
509 	}
510 
511 	HOOK_EVENT_INIT(&ipst->ips_ip6_nic_events, NH_NIC_EVENTS);
512 	ipst->ips_ip6_nic_events.he_flags = HOOK_RDONLY;
513 	ipst->ips_ipv6nicevents = net_event_register(
514 	    ipst->ips_ipv6_net_data, &ipst->ips_ip6_nic_events);
515 	if (ipst->ips_ipv6nicevents == NULL) {
516 		cmn_err(CE_NOTE, "ipv6_hook_init: "
517 		    "net_event_register failed for ipv6/nic_events");
518 	}
519 
520 	HOOK_EVENT_INIT(&ipst->ips_ip6_observe, NH_OBSERVE);
521 	ipst->ips_ip6_observe.he_flags = HOOK_RDONLY;
522 	ipst->ips_ipv6observing = net_event_register(
523 	    ipst->ips_ipv6_net_data, &ipst->ips_ip6_observe);
524 	if (ipst->ips_ipv6observing == NULL) {
525 		cmn_err(CE_NOTE, "ipv6_hook_init: "
526 		    "net_event_register failed for ipv6/observe");
527 	}
528 }
529 
530 void
531 ipv6_hook_shutdown(ip_stack_t *ipst)
532 {
533 	if (ipst->ips_ipv6firewall_forwarding != NULL) {
534 		(void) net_event_shutdown(ipst->ips_ipv6_net_data,
535 		    &ipst->ips_ip6_forwarding_event);
536 	}
537 
538 	if (ipst->ips_ipv6firewall_physical_in != NULL) {
539 		(void) net_event_shutdown(ipst->ips_ipv6_net_data,
540 		    &ipst->ips_ip6_physical_in_event);
541 	}
542 
543 	if (ipst->ips_ipv6firewall_physical_out != NULL) {
544 		(void) net_event_shutdown(ipst->ips_ipv6_net_data,
545 		    &ipst->ips_ip6_physical_out_event);
546 	}
547 
548 	if (ipst->ips_ipv6firewall_loopback_in != NULL) {
549 		(void) net_event_shutdown(ipst->ips_ipv6_net_data,
550 		    &ipst->ips_ip6_loopback_in_event);
551 	}
552 
553 	if (ipst->ips_ipv6firewall_loopback_out != NULL) {
554 		(void) net_event_shutdown(ipst->ips_ipv6_net_data,
555 		    &ipst->ips_ip6_loopback_out_event);
556 	}
557 
558 	if (ipst->ips_ipv6nicevents != NULL) {
559 		(void) net_event_shutdown(ipst->ips_ipv6_net_data,
560 		    &ipst->ips_ip6_nic_events);
561 	}
562 
563 	if (ipst->ips_ipv6observing != NULL) {
564 		(void) net_event_shutdown(ipst->ips_ipv6_net_data,
565 		    &ipst->ips_ip6_observe);
566 	}
567 
568 	(void) net_family_shutdown(ipst->ips_ipv6_net_data,
569 	    &ipst->ips_ipv6root);
570 }
571 
572 void
573 ipv6_hook_destroy(ip_stack_t *ipst)
574 {
575 	if (ipst->ips_ipv6firewall_forwarding != NULL) {
576 		if (net_event_unregister(ipst->ips_ipv6_net_data,
577 		    &ipst->ips_ip6_forwarding_event) == 0)
578 			ipst->ips_ipv6firewall_forwarding = NULL;
579 	}
580 
581 	if (ipst->ips_ipv6firewall_physical_in != NULL) {
582 		if (net_event_unregister(ipst->ips_ipv6_net_data,
583 		    &ipst->ips_ip6_physical_in_event) == 0)
584 			ipst->ips_ipv6firewall_physical_in = NULL;
585 	}
586 
587 	if (ipst->ips_ipv6firewall_physical_out != NULL) {
588 		if (net_event_unregister(ipst->ips_ipv6_net_data,
589 		    &ipst->ips_ip6_physical_out_event) == 0)
590 			ipst->ips_ipv6firewall_physical_out = NULL;
591 	}
592 
593 	if (ipst->ips_ipv6firewall_loopback_in != NULL) {
594 		if (net_event_unregister(ipst->ips_ipv6_net_data,
595 		    &ipst->ips_ip6_loopback_in_event) == 0)
596 			ipst->ips_ipv6firewall_loopback_in = NULL;
597 	}
598 
599 	if (ipst->ips_ipv6firewall_loopback_out != NULL) {
600 		if (net_event_unregister(ipst->ips_ipv6_net_data,
601 		    &ipst->ips_ip6_loopback_out_event) == 0)
602 			ipst->ips_ipv6firewall_loopback_out = NULL;
603 	}
604 
605 	if (ipst->ips_ipv6nicevents != NULL) {
606 		if (net_event_unregister(ipst->ips_ipv6_net_data,
607 		    &ipst->ips_ip6_nic_events) == 0)
608 			ipst->ips_ipv6nicevents = NULL;
609 	}
610 
611 	if (ipst->ips_ipv6observing != NULL) {
612 		if (net_event_unregister(ipst->ips_ipv6_net_data,
613 		    &ipst->ips_ip6_observe) == 0)
614 			ipst->ips_ipv6observing = NULL;
615 	}
616 
617 	(void) net_family_unregister(ipst->ips_ipv6_net_data,
618 	    &ipst->ips_ipv6root);
619 }
620 
621 /*
622  * Determine the name of an IPv4 interface
623  */
624 static int
625 ip_getifname(net_handle_t neti, phy_if_t phy_ifdata, char *buffer,
626     const size_t buflen)
627 {
628 	return (ip_getifname_impl(phy_ifdata, buffer, buflen, B_FALSE,
629 	    neti->netd_stack->nts_netstack->netstack_ip));
630 }
631 
632 /*
633  * Determine the name of an IPv6 interface
634  */
635 static int
636 ipv6_getifname(net_handle_t neti, phy_if_t phy_ifdata, char *buffer,
637     const size_t buflen)
638 {
639 	return (ip_getifname_impl(phy_ifdata, buffer, buflen, B_TRUE,
640 	    neti->netd_stack->nts_netstack->netstack_ip));
641 }
642 
643 /*
644  * Shared implementation to determine the name of a given network interface
645  */
646 /* ARGSUSED */
647 static int
648 ip_getifname_impl(phy_if_t phy_ifdata,
649     char *buffer, const size_t buflen, boolean_t isv6, ip_stack_t *ipst)
650 {
651 	ill_t *ill;
652 
653 	ASSERT(buffer != NULL);
654 
655 	ill = ill_lookup_on_ifindex((uint_t)phy_ifdata, isv6, ipst);
656 	if (ill == NULL)
657 		return (1);
658 
659 	(void) strlcpy(buffer, ill->ill_name, buflen);
660 	ill_refrele(ill);
661 	return (0);
662 }
663 
664 /*
665  * Determine the MTU of an IPv4 network interface
666  */
667 static int
668 ip_getmtu(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata)
669 {
670 	netstack_t *ns;
671 
672 	ns = neti->netd_stack->nts_netstack;
673 	ASSERT(ns != NULL);
674 	return (ip_getmtu_impl(phy_ifdata, ifdata, B_FALSE, ns->netstack_ip));
675 }
676 
677 /*
678  * Determine the MTU of an IPv6 network interface
679  */
680 static int
681 ipv6_getmtu(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata)
682 {
683 	netstack_t *ns;
684 
685 	ns = neti->netd_stack->nts_netstack;
686 	ASSERT(ns != NULL);
687 	return (ip_getmtu_impl(phy_ifdata, ifdata, B_TRUE, ns->netstack_ip));
688 }
689 
690 /*
691  * Shared implementation to determine the MTU of a network interface
692  */
693 /* ARGSUSED */
694 static int
695 ip_getmtu_impl(phy_if_t phy_ifdata, lif_if_t ifdata, boolean_t isv6,
696     ip_stack_t *ipst)
697 {
698 	lif_if_t ipifid;
699 	ipif_t *ipif;
700 	int mtu;
701 
702 	ipifid = UNMAP_IPIF_ID(ifdata);
703 
704 	ipif = ipif_getby_indexes((uint_t)phy_ifdata, (uint_t)ipifid,
705 	    isv6, ipst);
706 	if (ipif == NULL)
707 		return (0);
708 
709 	mtu = ipif->ipif_ill->ill_mtu;
710 	ipif_refrele(ipif);
711 
712 	if (mtu == 0) {
713 		ill_t *ill;
714 
715 		if ((ill = ill_lookup_on_ifindex((uint_t)phy_ifdata, isv6,
716 		    ipst)) == NULL) {
717 			return (0);
718 		}
719 		mtu = ill->ill_mtu;
720 		ill_refrele(ill);
721 	}
722 
723 	return (mtu);
724 }
725 
726 /*
727  * Determine if path MTU discovery is enabled for IP
728  */
729 static int
730 ip_getpmtuenabled(net_handle_t neti)
731 {
732 	netstack_t *ns;
733 
734 	ns = neti->netd_stack->nts_netstack;
735 	ASSERT(ns != NULL);
736 	return (ns->netstack_ip->ips_ip_path_mtu_discovery);
737 }
738 
739 /*
740  * Get next interface from the current list of IPv4 physical network interfaces
741  */
742 static phy_if_t
743 ip_phygetnext(net_handle_t neti, phy_if_t phy_ifdata)
744 {
745 	netstack_t *ns;
746 
747 	ns = neti->netd_stack->nts_netstack;
748 	ASSERT(ns != NULL);
749 	return (ill_get_next_ifindex(phy_ifdata, B_FALSE, ns->netstack_ip));
750 }
751 
752 /*
753  * Get next interface from the current list of IPv6 physical network interfaces
754  */
755 static phy_if_t
756 ipv6_phygetnext(net_handle_t neti, phy_if_t phy_ifdata)
757 {
758 	netstack_t *ns;
759 
760 	ns = neti->netd_stack->nts_netstack;
761 	ASSERT(ns != NULL);
762 	return (ill_get_next_ifindex(phy_ifdata, B_TRUE, ns->netstack_ip));
763 }
764 
765 /*
766  * Determine if a network interface name exists for IPv4
767  */
768 static phy_if_t
769 ip_phylookup(net_handle_t neti, const char *name)
770 {
771 	netstack_t *ns;
772 
773 	ns = neti->netd_stack->nts_netstack;
774 	ASSERT(ns != NULL);
775 	return (ip_phylookup_impl(name, B_FALSE, ns->netstack_ip));
776 }
777 
778 /*
779  * Determine if a network interface name exists for IPv6
780  */
781 static phy_if_t
782 ipv6_phylookup(net_handle_t neti, const char *name)
783 {
784 	netstack_t *ns;
785 
786 	ns = neti->netd_stack->nts_netstack;
787 	ASSERT(ns != NULL);
788 	return (ip_phylookup_impl(name, B_TRUE, ns->netstack_ip));
789 }
790 
791 /*
792  * Implement looking up an ill_t based on the name supplied and matching
793  * it up with either IPv4 or IPv6.  ill_get_ifindex_by_name() is not used
794  * because it does not match on the address family in addition to the name.
795  */
796 static phy_if_t
797 ip_phylookup_impl(const char *name, boolean_t isv6, ip_stack_t *ipst)
798 {
799 	phy_if_t phy;
800 	ill_t *ill;
801 
802 	ill = ill_lookup_on_name((char *)name, B_FALSE, isv6, NULL, ipst);
803 	if (ill == NULL)
804 		return (0);
805 
806 	phy = ill->ill_phyint->phyint_ifindex;
807 
808 	ill_refrele(ill);
809 
810 	return (phy);
811 }
812 
813 /*
814  * Get next interface from the current list of IPv4 logical network interfaces
815  */
816 static lif_if_t
817 ip_lifgetnext(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata)
818 {
819 	netstack_t *ns;
820 
821 	ns = neti->netd_stack->nts_netstack;
822 	ASSERT(ns != NULL);
823 	return (ip_lifgetnext_impl(phy_ifdata, ifdata, B_FALSE,
824 	    ns->netstack_ip));
825 }
826 
827 /*
828  * Get next interface from the current list of IPv6 logical network interfaces
829  */
830 static lif_if_t
831 ipv6_lifgetnext(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata)
832 {
833 	netstack_t *ns;
834 
835 	ns = neti->netd_stack->nts_netstack;
836 	ASSERT(ns != NULL);
837 	return (ip_lifgetnext_impl(phy_ifdata, ifdata, B_TRUE,
838 	    ns->netstack_ip));
839 }
840 
841 /*
842  * Shared implementation to get next interface from the current list of
843  * logical network interfaces
844  */
845 static lif_if_t
846 ip_lifgetnext_impl(phy_if_t phy_ifdata, lif_if_t ifdata, boolean_t isv6,
847     ip_stack_t *ipst)
848 {
849 	lif_if_t newidx, oldidx;
850 	boolean_t nextok;
851 	ipif_t *ipif;
852 	ill_t *ill;
853 
854 	ill = ill_lookup_on_ifindex(phy_ifdata, isv6, ipst);
855 	if (ill == NULL)
856 		return (0);
857 
858 	if (ifdata != 0) {
859 		oldidx = UNMAP_IPIF_ID(ifdata);
860 		nextok = B_FALSE;
861 	} else {
862 		oldidx = 0;
863 		nextok = B_TRUE;
864 	}
865 
866 	mutex_enter(&ill->ill_lock);
867 	if (ill->ill_state_flags & ILL_CONDEMNED) {
868 		mutex_exit(&ill->ill_lock);
869 		ill_refrele(ill);
870 		return (0);
871 	}
872 
873 	/*
874 	 * It's safe to iterate the ill_ipif list when holding an ill_lock.
875 	 * And it's also safe to access ipif_id without ipif refhold.
876 	 * See the field access rules in ip.h.
877 	 */
878 	for (ipif = ill->ill_ipif; ipif != NULL; ipif = ipif->ipif_next) {
879 		if (!IPIF_CAN_LOOKUP(ipif))
880 			continue;
881 		if (nextok) {
882 			ipif_refhold_locked(ipif);
883 			break;
884 		} else if (oldidx == ipif->ipif_id) {
885 			nextok = B_TRUE;
886 		}
887 	}
888 
889 	mutex_exit(&ill->ill_lock);
890 	ill_refrele(ill);
891 
892 	if (ipif == NULL)
893 		return (0);
894 
895 	newidx = ipif->ipif_id;
896 	ipif_refrele(ipif);
897 
898 	return (MAP_IPIF_ID(newidx));
899 }
900 
901 /*
902  * Inject an IPv4 packet to or from an interface
903  */
904 static int
905 ip_inject(net_handle_t neti, inject_t style, net_inject_t *packet)
906 {
907 	netstack_t *ns;
908 
909 	ns = neti->netd_stack->nts_netstack;
910 	ASSERT(ns != NULL);
911 	return (ip_inject_impl(style, packet, B_FALSE, ns->netstack_ip));
912 }
913 
914 
915 /*
916  * Inject an IPv6 packet to or from an interface
917  */
918 static int
919 ipv6_inject(net_handle_t neti, inject_t style, net_inject_t *packet)
920 {
921 	netstack_t *ns;
922 
923 	ns = neti->netd_stack->nts_netstack;
924 	return (ip_inject_impl(style, packet, B_TRUE, ns->netstack_ip));
925 }
926 
927 /*
928  * Shared implementation to inject a packet to or from an interface
929  * Return value:
930  *   0: successful
931  *  -1: memory allocation failed
932  *   1: other errors
933  */
934 static int
935 ip_inject_impl(inject_t style, net_inject_t *packet, boolean_t isv6,
936     ip_stack_t *ipst)
937 {
938 	ddi_taskq_t *tq = NULL;
939 	void (* func)(void *);
940 	injection_t *inject;
941 	mblk_t *mp;
942 
943 	ASSERT(packet != NULL);
944 	ASSERT(packet->ni_packet != NULL);
945 	ASSERT(packet->ni_packet->b_datap->db_type == M_DATA);
946 
947 	switch (style) {
948 	case NI_QUEUE_IN:
949 		inject = kmem_alloc(sizeof (*inject), KM_NOSLEEP);
950 		if (inject == NULL)
951 			return (-1);
952 		inject->inj_data = *packet;
953 		inject->inj_isv6 = isv6;
954 		/*
955 		 * deliver up into the kernel, immitating its reception by a
956 		 * network interface, add to list and schedule timeout
957 		 */
958 		func = ip_ni_queue_in_func;
959 		tq = eventq_queue_in;
960 		break;
961 
962 	case NI_QUEUE_OUT:
963 		inject = kmem_alloc(sizeof (*inject), KM_NOSLEEP);
964 		if (inject == NULL)
965 			return (-1);
966 		inject->inj_data = *packet;
967 		inject->inj_isv6 = isv6;
968 		/*
969 		 * deliver out of the kernel, as if it were being sent via a
970 		 * raw socket so that IPFilter will see it again, add to list
971 		 * and schedule timeout
972 		 */
973 		func = ip_ni_queue_out_func;
974 		tq = eventq_queue_out;
975 		break;
976 
977 	case NI_DIRECT_OUT: {
978 		struct sockaddr *sock;
979 
980 		mp = packet->ni_packet;
981 
982 		sock = (struct sockaddr *)&packet->ni_addr;
983 		/*
984 		 * ipfil_sendpkt was provided by surya to ease the
985 		 * problems associated with sending out a packet.
986 		 */
987 		switch (ipfil_sendpkt(sock, mp, packet->ni_physical,
988 		    netstackid_to_zoneid(
989 		    ipst->ips_netstack->netstack_stackid))) {
990 		case 0 :
991 		case EINPROGRESS:
992 			return (0);
993 		case ECOMM :
994 		case ENONET :
995 			return (1);
996 		default :
997 			return (1);
998 		}
999 		/* NOTREACHED */
1000 	}
1001 	default:
1002 		freemsg(packet->ni_packet);
1003 		return (1);
1004 	}
1005 
1006 	ASSERT(tq != NULL);
1007 
1008 	inject->inj_ptr = ipst;
1009 	if (ddi_taskq_dispatch(tq, func, (void *)inject,
1010 	    DDI_SLEEP) == DDI_FAILURE) {
1011 		ip2dbg(("ip_inject:  ddi_taskq_dispatch failed\n"));
1012 		freemsg(packet->ni_packet);
1013 		return (1);
1014 	}
1015 	return (0);
1016 }
1017 
1018 /*
1019  * Find the interface used for traffic to a given IPv4 address
1020  */
1021 static phy_if_t
1022 ip_routeto(net_handle_t neti, struct sockaddr *address, struct sockaddr *next)
1023 {
1024 	netstack_t *ns;
1025 
1026 	ASSERT(address != NULL);
1027 
1028 	if (address->sa_family != AF_INET)
1029 		return (0);
1030 
1031 	ns = neti->netd_stack->nts_netstack;
1032 	ASSERT(ns != NULL);
1033 
1034 	return (ip_routeto_impl(address, next, ns->netstack_ip));
1035 }
1036 
1037 /*
1038  * Find the interface used for traffic to a given IPv6 address
1039  */
1040 static phy_if_t
1041 ipv6_routeto(net_handle_t neti, struct sockaddr *address, struct sockaddr *next)
1042 {
1043 	netstack_t *ns;
1044 
1045 	ASSERT(address != NULL);
1046 
1047 	if (address->sa_family != AF_INET6)
1048 		return (0);
1049 
1050 	ns = neti->netd_stack->nts_netstack;
1051 	ASSERT(ns != NULL);
1052 
1053 	return (ip_routeto_impl(address, next, ns->netstack_ip));
1054 }
1055 
1056 
1057 /*
1058  * Find the interface used for traffic to an address.
1059  * For lint reasons, next/next6/sin/sin6 are all declared and assigned
1060  * a value at the top.  The alternative would end up with two bunches
1061  * of assignments, with each bunch setting half to NULL.
1062  */
1063 static phy_if_t
1064 ip_routeto_impl(struct sockaddr *address, struct sockaddr *nexthop,
1065     ip_stack_t *ipst)
1066 {
1067 	struct sockaddr_in6 *next6 = (struct sockaddr_in6 *)nexthop;
1068 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)address;
1069 	struct sockaddr_in *next = (struct sockaddr_in *)nexthop;
1070 	struct sockaddr_in *sin = (struct sockaddr_in *)address;
1071 	ire_t *ire;
1072 	ire_t *nexthop_ire;
1073 	phy_if_t phy_if;
1074 	zoneid_t zoneid;
1075 
1076 	zoneid = netstackid_to_zoneid(ipst->ips_netstack->netstack_stackid);
1077 
1078 	if (address->sa_family == AF_INET6) {
1079 		ire = ire_route_recursive_v6(&sin6->sin6_addr, 0, NULL,
1080 		    zoneid, NULL, MATCH_IRE_DSTONLY, IRR_ALLOCATE, 0, ipst,
1081 		    NULL, NULL, NULL);
1082 	} else {
1083 		ire = ire_route_recursive_v4(sin->sin_addr.s_addr, 0, NULL,
1084 		    zoneid, NULL, MATCH_IRE_DSTONLY, IRR_ALLOCATE, 0, ipst,
1085 		    NULL, NULL, NULL);
1086 	}
1087 	ASSERT(ire != NULL);
1088 	/*
1089 	 * For some destinations, we have routes that are dead ends, so
1090 	 * return to indicate that no physical interface can be used to
1091 	 * reach the destination.
1092 	 */
1093 	if (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) {
1094 		ire_refrele(ire);
1095 		return (NULL);
1096 	}
1097 
1098 	nexthop_ire = ire_nexthop(ire);
1099 	if (nexthop_ire == NULL) {
1100 		ire_refrele(ire);
1101 		return (0);
1102 	}
1103 	if (nexthop_ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) {
1104 		ire_refrele(nexthop_ire);
1105 		ire_refrele(ire);
1106 		return (0);
1107 	}
1108 
1109 	ASSERT(nexthop_ire->ire_ill != NULL);
1110 
1111 	if (nexthop != NULL) {
1112 		if (address->sa_family == AF_INET6) {
1113 			next6->sin6_addr = nexthop_ire->ire_addr_v6;
1114 		} else {
1115 			next->sin_addr.s_addr = nexthop_ire->ire_addr;
1116 		}
1117 	}
1118 
1119 	phy_if = (phy_if_t)nexthop_ire->ire_ill->ill_phyint->phyint_ifindex;
1120 	ire_refrele(ire);
1121 	ire_refrele(nexthop_ire);
1122 
1123 	return (phy_if);
1124 }
1125 
1126 /*
1127  * Determine if checksumming is being used for the given packet.
1128  *
1129  * Return value:
1130  *   NET_HCK_NONE: full checksum recalculation is required
1131  *   NET_HCK_L3_FULL: full layer 3 checksum
1132  *   NET_HCK_L4_FULL: full layer 4 checksum
1133  *   NET_HCK_L4_PART: partial layer 4 checksum
1134  */
1135 /*ARGSUSED*/
1136 static int
1137 ip_ispartialchecksum(net_handle_t neti, mblk_t *mp)
1138 {
1139 	int ret = 0;
1140 
1141 	ASSERT(mp != NULL);
1142 
1143 	if ((DB_CKSUMFLAGS(mp) & HCK_FULLCKSUM) != 0) {
1144 		ret |= (int)NET_HCK_L4_FULL;
1145 		if ((DB_CKSUMFLAGS(mp) & HCK_IPV4_HDRCKSUM) != 0)
1146 			ret |= (int)NET_HCK_L3_FULL;
1147 	}
1148 	if ((DB_CKSUMFLAGS(mp) & HCK_PARTIALCKSUM) != 0) {
1149 		ret |= (int)NET_HCK_L4_PART;
1150 		if ((DB_CKSUMFLAGS(mp) & HCK_IPV4_HDRCKSUM) != 0)
1151 			ret |= (int)NET_HCK_L3_FULL;
1152 	}
1153 
1154 	return (ret);
1155 }
1156 
1157 /*
1158  * Return true or false, indicating whether the network and transport
1159  * headers are correct.  Use the capabilities flags and flags set in the
1160  * dblk_t to determine whether or not the checksum is valid.
1161  *
1162  * Return:
1163  *   0: the checksum was incorrect
1164  *   1: the original checksum was correct
1165  */
1166 /*ARGSUSED*/
1167 static int
1168 ip_isvalidchecksum(net_handle_t neti, mblk_t *mp)
1169 {
1170 	unsigned char *wptr;
1171 	ipha_t *ipha = (ipha_t *)mp->b_rptr;
1172 	int hlen;
1173 	int ret;
1174 
1175 	ASSERT(mp != NULL);
1176 
1177 	if (dohwcksum &&
1178 	    DB_CKSUM16(mp) != 0xFFFF &&
1179 	    (DB_CKSUMFLAGS(mp) & HCK_FULLCKSUM) &&
1180 	    (DB_CKSUMFLAGS(mp) & HCK_FULLCKSUM_OK) &&
1181 	    (DB_CKSUMFLAGS(mp) & HCK_IPV4_HDRCKSUM))
1182 		return (1);
1183 
1184 	hlen = (ipha->ipha_version_and_hdr_length & 0x0F) << 2;
1185 
1186 	/*
1187 	 * Check that the mblk being passed in has enough data in it
1188 	 * before blindly checking ip_cksum.
1189 	 */
1190 	if (msgdsize(mp) < hlen)
1191 		return (0);
1192 
1193 	if (mp->b_wptr < mp->b_rptr + hlen) {
1194 		if (pullupmsg(mp, hlen) == 0)
1195 			return (0);
1196 		wptr = mp->b_wptr;
1197 	} else {
1198 		wptr = mp->b_wptr;
1199 		mp->b_wptr = mp->b_rptr + hlen;
1200 	}
1201 
1202 	if (ipha->ipha_hdr_checksum == ip_cksum(mp, 0, ipha->ipha_hdr_checksum))
1203 		ret = 1;
1204 	else
1205 		ret = 0;
1206 	mp->b_wptr = wptr;
1207 
1208 	return (ret);
1209 }
1210 
1211 /*
1212  * Unsupported with IPv6
1213  */
1214 /*ARGSUSED*/
1215 static int
1216 ipv6_isvalidchecksum(net_handle_t neti, mblk_t *mp)
1217 {
1218 	return (-1);
1219 }
1220 
1221 /*
1222  * Determine the network addresses for an IPv4 interface
1223  */
1224 static int
1225 ip_getlifaddr(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata,
1226     size_t nelem, net_ifaddr_t type[], void *storage)
1227 {
1228 	netstack_t *ns;
1229 
1230 	ns = neti->netd_stack->nts_netstack;
1231 	ASSERT(ns != NULL);
1232 	return (ip_getlifaddr_impl(AF_INET, phy_ifdata, ifdata,
1233 	    nelem, type, storage, ns->netstack_ip));
1234 }
1235 
1236 /*
1237  * Determine the network addresses for an IPv6 interface
1238  */
1239 static int
1240 ipv6_getlifaddr(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata,
1241     size_t nelem, net_ifaddr_t type[], void *storage)
1242 {
1243 	netstack_t *ns;
1244 
1245 	ns = neti->netd_stack->nts_netstack;
1246 	ASSERT(ns != NULL);
1247 	return (ip_getlifaddr_impl(AF_INET6, phy_ifdata, ifdata,
1248 	    nelem, type, storage, ns->netstack_ip));
1249 }
1250 
1251 /*
1252  * Shared implementation to determine the network addresses for an interface
1253  */
1254 /* ARGSUSED */
1255 static int
1256 ip_getlifaddr_impl(sa_family_t family, phy_if_t phy_ifdata,
1257     lif_if_t ifdata, size_t nelem, net_ifaddr_t type[],
1258     struct sockaddr *storage, ip_stack_t *ipst)
1259 {
1260 	struct sockaddr_in6 *sin6;
1261 	struct sockaddr_in *sin;
1262 	lif_if_t ipifid;
1263 	ipif_t *ipif;
1264 	int i;
1265 
1266 	ASSERT(type != NULL);
1267 	ASSERT(storage != NULL);
1268 
1269 	ipifid = UNMAP_IPIF_ID(ifdata);
1270 
1271 	if (family == AF_INET) {
1272 		if ((ipif = ipif_getby_indexes((uint_t)phy_ifdata,
1273 		    (uint_t)ipifid, B_FALSE, ipst)) == NULL)
1274 			return (1);
1275 
1276 		sin = (struct sockaddr_in *)storage;
1277 		for (i = 0; i < nelem; i++, sin++) {
1278 			if (ip_getifaddr_type(AF_INET, ipif, type[i],
1279 			    &sin->sin_addr) < 0) {
1280 				ip2dbg(("ip_getlifaddr_impl failed type %d\n",
1281 				    type[i]));
1282 				ipif_refrele(ipif);
1283 				return (1);
1284 			}
1285 			sin->sin_family = AF_INET;
1286 		}
1287 	} else {
1288 		if ((ipif = ipif_getby_indexes((uint_t)phy_ifdata,
1289 		    (uint_t)ipifid, B_TRUE, ipst)) == NULL)
1290 			return (1);
1291 
1292 		sin6 = (struct sockaddr_in6 *)storage;
1293 		for (i = 0; i < nelem; i++, sin6++) {
1294 			if (ip_getifaddr_type(AF_INET6, ipif, type[i],
1295 			    &sin6->sin6_addr) < 0) {
1296 				ip2dbg(("ip_getlifaddr_impl failed type %d\n",
1297 				    type[i]));
1298 				ipif_refrele(ipif);
1299 				return (1);
1300 			}
1301 			sin6->sin6_family = AF_INET6;
1302 		}
1303 	}
1304 	ipif_refrele(ipif);
1305 	return (0);
1306 }
1307 
1308 /*
1309  * ip_getlifaddr private function
1310  */
1311 static int
1312 ip_getifaddr_type(sa_family_t family, ipif_t *ill_ipif,
1313     lif_if_t type, void *storage)
1314 {
1315 	void *src_addr;
1316 	int mem_size;
1317 
1318 	ASSERT(ill_ipif != NULL);
1319 	ASSERT(storage != NULL);
1320 
1321 	if (family == AF_INET) {
1322 		mem_size = sizeof (struct in_addr);
1323 
1324 		switch (type) {
1325 		case NA_ADDRESS:
1326 			src_addr = &(ill_ipif->ipif_lcl_addr);
1327 			break;
1328 		case NA_PEER:
1329 			src_addr = &(ill_ipif->ipif_pp_dst_addr);
1330 			break;
1331 		case NA_BROADCAST:
1332 			src_addr = &(ill_ipif->ipif_brd_addr);
1333 			break;
1334 		case NA_NETMASK:
1335 			src_addr = &(ill_ipif->ipif_net_mask);
1336 			break;
1337 		default:
1338 			return (-1);
1339 			/*NOTREACHED*/
1340 		}
1341 	} else {
1342 		mem_size = sizeof (struct in6_addr);
1343 
1344 		switch (type) {
1345 		case NA_ADDRESS:
1346 			src_addr = &(ill_ipif->ipif_v6lcl_addr);
1347 			break;
1348 		case NA_PEER:
1349 			src_addr = &(ill_ipif->ipif_v6pp_dst_addr);
1350 			break;
1351 		case NA_BROADCAST:
1352 			src_addr = &(ill_ipif->ipif_v6brd_addr);
1353 			break;
1354 		case NA_NETMASK:
1355 			src_addr = &(ill_ipif->ipif_v6net_mask);
1356 			break;
1357 		default:
1358 			return (-1);
1359 			/*NOTREACHED*/
1360 		}
1361 	}
1362 
1363 	(void) memcpy(storage, src_addr, mem_size);
1364 	return (1);
1365 }
1366 
1367 /*
1368  * Shared implementation to determine the zoneid associated with an IPv4/IPv6
1369  * address
1370  */
1371 static int
1372 ip_getlifzone_impl(sa_family_t family, phy_if_t phy_ifdata, lif_if_t ifdata,
1373     ip_stack_t *ipst, zoneid_t *zoneid)
1374 {
1375 	ipif_t  *ipif;
1376 
1377 	ipif = ipif_getby_indexes((uint_t)phy_ifdata,
1378 	    UNMAP_IPIF_ID((uint_t)ifdata), (family == AF_INET6), ipst);
1379 	if (ipif == NULL)
1380 		return (-1);
1381 	*zoneid = IP_REAL_ZONEID(ipif->ipif_zoneid, ipst);
1382 	ipif_refrele(ipif);
1383 	return (0);
1384 }
1385 
1386 /*
1387  * Determine the zoneid associated with an IPv4 address
1388  */
1389 static int
1390 ip_getlifzone(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata,
1391     zoneid_t *zoneid)
1392 {
1393 	return (ip_getlifzone_impl(AF_INET, phy_ifdata, ifdata,
1394 	    neti->netd_stack->nts_netstack->netstack_ip, zoneid));
1395 }
1396 
1397 /*
1398  * Determine the zoneid associated with an IPv6 address
1399  */
1400 static int
1401 ipv6_getlifzone(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata,
1402     zoneid_t *zoneid)
1403 {
1404 	return (ip_getlifzone_impl(AF_INET6, phy_ifdata, ifdata,
1405 	    neti->netd_stack->nts_netstack->netstack_ip, zoneid));
1406 }
1407 
1408 /*
1409  * The behaviour here mirrors that for the SIOCFLIFFLAGS ioctl where the
1410  * union of all of the relevant flags is returned.
1411  */
1412 static int
1413 ip_getlifflags_impl(sa_family_t family, phy_if_t phy_ifdata, lif_if_t ifdata,
1414     ip_stack_t *ipst, uint64_t *flags)
1415 {
1416 	phyint_t *phyi;
1417 	ipif_t *ipif;
1418 	ill_t *ill;
1419 
1420 	ill = ill_lookup_on_ifindex(phy_ifdata, (family == AF_INET6), ipst);
1421 	if (ill == NULL)
1422 		return (-1);
1423 	phyi = ill->ill_phyint;
1424 
1425 	ipif = ipif_getby_indexes((uint_t)phy_ifdata,
1426 	    UNMAP_IPIF_ID((uint_t)ifdata), (family == AF_INET6), ipst);
1427 	if (ipif == NULL) {
1428 		ill_refrele(ill);
1429 		return (-1);
1430 	}
1431 	*flags = ipif->ipif_flags | ill->ill_flags | phyi->phyint_flags;
1432 	ipif_refrele(ipif);
1433 	ill_refrele(ill);
1434 	return (0);
1435 }
1436 
1437 static int
1438 ip_getlifflags(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata,
1439     uint64_t *flags)
1440 {
1441 	return (ip_getlifflags_impl(AF_INET, phy_ifdata, ifdata,
1442 	    neti->netd_stack->nts_netstack->netstack_ip, flags));
1443 }
1444 
1445 static int
1446 ipv6_getlifflags(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata,
1447     uint64_t *flags)
1448 {
1449 	return (ip_getlifflags_impl(AF_INET6, phy_ifdata, ifdata,
1450 	    neti->netd_stack->nts_netstack->netstack_ip, flags));
1451 }
1452 
1453 /*
1454  * Deliver packet up into the kernel, immitating its reception by a
1455  * network interface.
1456  */
1457 static void
1458 ip_ni_queue_in_func(void *inject)
1459 {
1460 	ip_ni_queue_func_impl(inject, B_FALSE);
1461 }
1462 
1463 /*
1464  * Deliver out of the kernel, as if it were being sent via a
1465  * raw socket so that IPFilter will see it again.
1466  */
1467 static void
1468 ip_ni_queue_out_func(void *inject)
1469 {
1470 	ip_ni_queue_func_impl(inject, B_TRUE);
1471 }
1472 
1473 /*
1474  * Shared implementation for inject via ip_output and ip_input
1475  */
1476 static void
1477 ip_ni_queue_func_impl(injection_t *inject,  boolean_t out)
1478 {
1479 	net_inject_t *packet;
1480 	ill_t *ill;
1481 	ip_stack_t *ipst = (ip_stack_t *)inject->inj_ptr;
1482 	ip_xmit_attr_t	ixas;
1483 
1484 	ASSERT(inject != NULL);
1485 	packet = &inject->inj_data;
1486 	ASSERT(packet->ni_packet != NULL);
1487 
1488 	if (out == 0) {
1489 		ill = ill_lookup_on_ifindex((uint_t)packet->ni_physical,
1490 		    inject->inj_isv6, ipst);
1491 
1492 		if (ill == NULL) {
1493 			kmem_free(inject, sizeof (*inject));
1494 			return;
1495 		}
1496 
1497 		if (inject->inj_isv6) {
1498 			ip_input_v6(ill, NULL, packet->ni_packet, NULL);
1499 		} else {
1500 			ip_input(ill, NULL, packet->ni_packet, NULL);
1501 		}
1502 		ill_refrele(ill);
1503 	} else {
1504 		bzero(&ixas, sizeof (ixas));
1505 		ixas.ixa_ifindex = packet->ni_physical;
1506 		ixas.ixa_ipst = ipst;
1507 		if (inject->inj_isv6) {
1508 			ixas.ixa_flags = IXAF_BASIC_SIMPLE_V6;
1509 		} else {
1510 			ixas.ixa_flags = IXAF_BASIC_SIMPLE_V4;
1511 		}
1512 		(void) ip_output_simple(packet->ni_packet, &ixas);
1513 		ixa_cleanup(&ixas);
1514 	}
1515 
1516 	kmem_free(inject, sizeof (*inject));
1517 }
1518 
1519 /*
1520  * taskq function for nic events.
1521  */
1522 void
1523 ip_ne_queue_func(void *arg)
1524 {
1525 	hook_event_token_t hr;
1526 	hook_nic_event_int_t *info = (hook_nic_event_int_t *)arg;
1527 	ip_stack_t *ipst;
1528 	netstack_t *ns;
1529 
1530 	ns = netstack_find_by_stackid(info->hnei_stackid);
1531 	if (ns == NULL)
1532 		goto done;
1533 
1534 	ipst = ns->netstack_ip;
1535 	if (ipst == NULL)
1536 		goto done;
1537 
1538 	hr = (info->hnei_event.hne_protocol == ipst->ips_ipv6_net_data) ?
1539 	    ipst->ips_ipv6nicevents : ipst->ips_ipv4nicevents;
1540 	(void) hook_run(info->hnei_event.hne_protocol->netd_hooks, hr,
1541 	    (hook_data_t)&info->hnei_event);
1542 
1543 done:
1544 	if (ns != NULL)
1545 		netstack_rele(ns);
1546 	kmem_free(info->hnei_event.hne_data, info->hnei_event.hne_datalen);
1547 	kmem_free(arg, sizeof (hook_nic_event_int_t));
1548 }
1549 
1550 /*
1551  * Initialize ARP hook family and events
1552  */
1553 void
1554 arp_hook_init(ip_stack_t *ipst)
1555 {
1556 	HOOK_FAMILY_INIT(&ipst->ips_arproot, Hn_ARP);
1557 	if (net_family_register(ipst->ips_arp_net_data, &ipst->ips_arproot)
1558 	    != 0) {
1559 		cmn_err(CE_NOTE, "arp_hook_init"
1560 		    "net_family_register failed for arp");
1561 	}
1562 
1563 	HOOK_EVENT_INIT(&ipst->ips_arp_physical_in_event, NH_PHYSICAL_IN);
1564 	ipst->ips_arp_physical_in = net_event_register(ipst->ips_arp_net_data,
1565 	    &ipst->ips_arp_physical_in_event);
1566 	if (ipst->ips_arp_physical_in == NULL) {
1567 		cmn_err(CE_NOTE, "arp_hook_init: "
1568 		    "net_event_register failed for arp/physical_in");
1569 	}
1570 
1571 	HOOK_EVENT_INIT(&ipst->ips_arp_physical_out_event, NH_PHYSICAL_OUT);
1572 	ipst->ips_arp_physical_out = net_event_register(ipst->ips_arp_net_data,
1573 	    &ipst->ips_arp_physical_out_event);
1574 	if (ipst->ips_arp_physical_out == NULL) {
1575 		cmn_err(CE_NOTE, "arp_hook_init: "
1576 		    "net_event_register failed for arp/physical_out");
1577 	}
1578 
1579 	HOOK_EVENT_INIT(&ipst->ips_arp_nic_events, NH_NIC_EVENTS);
1580 	ipst->ips_arpnicevents = net_event_register(ipst->ips_arp_net_data,
1581 	    &ipst->ips_arp_nic_events);
1582 	if (ipst->ips_arpnicevents == NULL) {
1583 		cmn_err(CE_NOTE, "arp_hook_init: "
1584 		    "net_event_register failed for arp/nic_events");
1585 	}
1586 }
1587 
1588 void
1589 arp_hook_destroy(ip_stack_t *ipst)
1590 {
1591 	if (ipst->ips_arpnicevents != NULL) {
1592 		if (net_event_unregister(ipst->ips_arp_net_data,
1593 		    &ipst->ips_arp_nic_events) == 0)
1594 			ipst->ips_arpnicevents = NULL;
1595 	}
1596 
1597 	if (ipst->ips_arp_physical_out != NULL) {
1598 		if (net_event_unregister(ipst->ips_arp_net_data,
1599 		    &ipst->ips_arp_physical_out_event) == 0)
1600 			ipst->ips_arp_physical_out = NULL;
1601 	}
1602 
1603 	if (ipst->ips_arp_physical_in != NULL) {
1604 		if (net_event_unregister(ipst->ips_arp_net_data,
1605 		    &ipst->ips_arp_physical_in_event) == 0)
1606 			ipst->ips_arp_physical_in = NULL;
1607 	}
1608 
1609 	(void) net_family_unregister(ipst->ips_arp_net_data,
1610 	    &ipst->ips_arproot);
1611 }
1612 
1613 void
1614 arp_hook_shutdown(ip_stack_t *ipst)
1615 {
1616 	if (ipst->ips_arp_physical_in != NULL) {
1617 		(void) net_event_shutdown(ipst->ips_arp_net_data,
1618 		    &ipst->ips_arp_physical_in_event);
1619 	}
1620 	if (ipst->ips_arp_physical_out != NULL) {
1621 		(void) net_event_shutdown(ipst->ips_arp_net_data,
1622 		    &ipst->ips_arp_physical_out_event);
1623 	}
1624 	if (ipst->ips_arpnicevents != NULL) {
1625 		(void) net_event_shutdown(ipst->ips_arp_net_data,
1626 		    &ipst->ips_arp_nic_events);
1627 	}
1628 }
1629 
1630 /* netinfo routines for the unsupported cases */
1631 
1632 /* ARGSUSED */
1633 int
1634 net_no_getmtu(net_handle_t handle, phy_if_t phy_ifdata, lif_if_t ifdata)
1635 {
1636 	return (-1);
1637 }
1638 
1639 /* ARGSUSED */
1640 static int
1641 net_no_getpmtuenabled(net_handle_t neti)
1642 {
1643 	return (-1);
1644 }
1645 
1646 /* ARGSUSED */
1647 static lif_if_t
1648 net_no_lifgetnext(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata)
1649 {
1650 	return (-1);
1651 }
1652 
1653 /* ARGSUSED */
1654 static int
1655 net_no_inject(net_handle_t neti, inject_t style, net_inject_t *packet)
1656 {
1657 	return (-1);
1658 }
1659 
1660 /* ARGSUSED */
1661 static phy_if_t
1662 net_no_routeto(net_handle_t neti, struct sockaddr *address,
1663     struct sockaddr *next)
1664 {
1665 	return ((phy_if_t)-1);
1666 }
1667 
1668 /* ARGSUSED */
1669 static int
1670 net_no_ispartialchecksum(net_handle_t neti, mblk_t *mp)
1671 {
1672 	return (-1);
1673 }
1674 
1675 /* ARGSUSED */
1676 static int
1677 net_no_getlifaddr(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata,
1678     size_t nelem, net_ifaddr_t type[], void *storage)
1679 {
1680 	return (-1);
1681 }
1682 
1683 /* ARGSUSED */
1684 static int
1685 net_no_getlifzone(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata,
1686     zoneid_t *zoneid)
1687 {
1688 	return (-1);
1689 }
1690 
1691 /* ARGSUSED */
1692 static int
1693 net_no_getlifflags(net_handle_t neti, phy_if_t phy_ifdata, lif_if_t ifdata,
1694     uint64_t *flags)
1695 {
1696 	return (-1);
1697 }
1698