1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 /* Copyright (c) 1990 Mentat Inc. */ 27 28 #ifndef _INET_IP_H 29 #define _INET_IP_H 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 #include <sys/isa_defs.h> 36 #include <sys/types.h> 37 #include <inet/mib2.h> 38 #include <inet/nd.h> 39 #include <sys/atomic.h> 40 #include <net/if_dl.h> 41 #include <net/if.h> 42 #include <netinet/ip.h> 43 #include <netinet/igmp.h> 44 #include <sys/neti.h> 45 #include <sys/hook.h> 46 #include <sys/hook_event.h> 47 #include <sys/hook_impl.h> 48 #include <inet/ip_stack.h> 49 50 #ifdef _KERNEL 51 #include <netinet/ip6.h> 52 #include <sys/avl.h> 53 #include <sys/list.h> 54 #include <sys/vmem.h> 55 #include <sys/squeue.h> 56 #include <net/route.h> 57 #include <sys/systm.h> 58 #include <sys/multidata.h> 59 #include <sys/list.h> 60 #include <net/radix.h> 61 #include <sys/modhash.h> 62 63 #ifdef DEBUG 64 #define CONN_DEBUG 65 #endif 66 67 #define IP_DEBUG 68 /* 69 * The mt-streams(9F) flags for the IP module; put here so that other 70 * "drivers" that are actually IP (e.g., ICMP, UDP) can use the same set 71 * of flags. 72 */ 73 #define IP_DEVMTFLAGS D_MP 74 #endif /* _KERNEL */ 75 76 #define IP_MOD_NAME "ip" 77 #define IP_DEV_NAME "/dev/ip" 78 #define IP6_DEV_NAME "/dev/ip6" 79 80 #define UDP_MOD_NAME "udp" 81 #define UDP_DEV_NAME "/dev/udp" 82 #define UDP6_DEV_NAME "/dev/udp6" 83 84 #define TCP_MOD_NAME "tcp" 85 #define TCP_DEV_NAME "/dev/tcp" 86 #define TCP6_DEV_NAME "/dev/tcp6" 87 88 #define SCTP_MOD_NAME "sctp" 89 90 #ifndef _IPADDR_T 91 #define _IPADDR_T 92 typedef uint32_t ipaddr_t; 93 #endif 94 95 /* Number of bits in an address */ 96 #define IP_ABITS 32 97 #define IPV6_ABITS 128 98 99 #define IP_HOST_MASK (ipaddr_t)0xffffffffU 100 101 #define IP_CSUM(mp, off, sum) (~ip_cksum(mp, off, sum) & 0xFFFF) 102 #define IP_CSUM_PARTIAL(mp, off, sum) ip_cksum(mp, off, sum) 103 #define IP_BCSUM_PARTIAL(bp, len, sum) bcksum(bp, len, sum) 104 #define IP_MD_CSUM(pd, off, sum) (~ip_md_cksum(pd, off, sum) & 0xffff) 105 #define IP_MD_CSUM_PARTIAL(pd, off, sum) ip_md_cksum(pd, off, sum) 106 107 /* 108 * Flag to IP write side to indicate that the appln has sent in a pre-built 109 * IP header. Stored in ipha_ident (which is otherwise zero). 110 */ 111 #define IP_HDR_INCLUDED 0xFFFF 112 113 #define ILL_FRAG_HASH_TBL_COUNT ((unsigned int)64) 114 #define ILL_FRAG_HASH_TBL_SIZE (ILL_FRAG_HASH_TBL_COUNT * sizeof (ipfb_t)) 115 116 #define IPV4_ADDR_LEN 4 117 #define IP_ADDR_LEN IPV4_ADDR_LEN 118 #define IP_ARP_PROTO_TYPE 0x0800 119 120 #define IPV4_VERSION 4 121 #define IP_VERSION IPV4_VERSION 122 #define IP_SIMPLE_HDR_LENGTH_IN_WORDS 5 123 #define IP_SIMPLE_HDR_LENGTH 20 124 #define IP_MAX_HDR_LENGTH 60 125 126 #define IP_MAX_OPT_LENGTH (IP_MAX_HDR_LENGTH-IP_SIMPLE_HDR_LENGTH) 127 128 #define IP_MIN_MTU (IP_MAX_HDR_LENGTH + 8) /* 68 bytes */ 129 130 /* 131 * XXX IP_MAXPACKET is defined in <netinet/ip.h> as well. At some point the 132 * 2 files should be cleaned up to remove all redundant definitions. 133 */ 134 #define IP_MAXPACKET 65535 135 #define IP_SIMPLE_HDR_VERSION \ 136 ((IP_VERSION << 4) | IP_SIMPLE_HDR_LENGTH_IN_WORDS) 137 138 #define UDPH_SIZE 8 139 140 /* Leave room for ip_newroute to tack on the src and target addresses */ 141 #define OK_RESOLVER_MP(mp) \ 142 ((mp) && ((mp)->b_wptr - (mp)->b_rptr) >= (2 * IP_ADDR_LEN)) 143 144 /* 145 * Constants and type definitions to support IP IOCTL commands 146 */ 147 #define IP_IOCTL (('i'<<8)|'p') 148 #define IP_IOC_IRE_DELETE 4 149 #define IP_IOC_IRE_DELETE_NO_REPLY 5 150 #define IP_IOC_IRE_ADVISE_NO_REPLY 6 151 #define IP_IOC_RTS_REQUEST 7 152 153 /* Common definitions used by IP IOCTL data structures */ 154 typedef struct ipllcmd_s { 155 uint_t ipllc_cmd; 156 uint_t ipllc_name_offset; 157 uint_t ipllc_name_length; 158 } ipllc_t; 159 160 /* IP IRE Change Command Structure. */ 161 typedef struct ipic_s { 162 ipllc_t ipic_ipllc; 163 uint_t ipic_ire_type; 164 uint_t ipic_max_frag; 165 uint_t ipic_addr_offset; 166 uint_t ipic_addr_length; 167 uint_t ipic_mask_offset; 168 uint_t ipic_mask_length; 169 uint_t ipic_src_addr_offset; 170 uint_t ipic_src_addr_length; 171 uint_t ipic_ll_hdr_offset; 172 uint_t ipic_ll_hdr_length; 173 uint_t ipic_gateway_addr_offset; 174 uint_t ipic_gateway_addr_length; 175 clock_t ipic_rtt; 176 uint32_t ipic_ssthresh; 177 clock_t ipic_rtt_sd; 178 uchar_t ipic_ire_marks; 179 } ipic_t; 180 181 #define ipic_cmd ipic_ipllc.ipllc_cmd 182 #define ipic_ll_name_length ipic_ipllc.ipllc_name_length 183 #define ipic_ll_name_offset ipic_ipllc.ipllc_name_offset 184 185 /* IP IRE Delete Command Structure. */ 186 typedef struct ipid_s { 187 ipllc_t ipid_ipllc; 188 uint_t ipid_ire_type; 189 uint_t ipid_addr_offset; 190 uint_t ipid_addr_length; 191 uint_t ipid_mask_offset; 192 uint_t ipid_mask_length; 193 } ipid_t; 194 195 #define ipid_cmd ipid_ipllc.ipllc_cmd 196 197 #ifdef _KERNEL 198 /* 199 * Temporary state for ip options parser. 200 */ 201 typedef struct ipoptp_s 202 { 203 uint8_t *ipoptp_next; /* next option to look at */ 204 uint8_t *ipoptp_end; /* end of options */ 205 uint8_t *ipoptp_cur; /* start of current option */ 206 uint8_t ipoptp_len; /* length of current option */ 207 uint32_t ipoptp_flags; 208 } ipoptp_t; 209 210 /* 211 * Flag(s) for ipoptp_flags 212 */ 213 #define IPOPTP_ERROR 0x00000001 214 #endif /* _KERNEL */ 215 216 /* Controls forwarding of IP packets, set via ndd */ 217 #define IP_FORWARD_NEVER 0 218 #define IP_FORWARD_ALWAYS 1 219 220 #define WE_ARE_FORWARDING(ipst) ((ipst)->ips_ip_g_forward == IP_FORWARD_ALWAYS) 221 222 #define IPH_HDR_LENGTH(ipha) \ 223 ((int)(((ipha_t *)ipha)->ipha_version_and_hdr_length & 0xF) << 2) 224 225 #define IPH_HDR_VERSION(ipha) \ 226 ((int)(((ipha_t *)ipha)->ipha_version_and_hdr_length) >> 4) 227 228 #ifdef _KERNEL 229 /* 230 * IP reassembly macros. We hide starting and ending offsets in b_next and 231 * b_prev of messages on the reassembly queue. The messages are chained using 232 * b_cont. These macros are used in ip_reassemble() so we don't have to see 233 * the ugly casts and assignments. 234 * Note that the offsets are <= 64k i.e. a uint_t is sufficient to represent 235 * them. 236 */ 237 #define IP_REASS_START(mp) ((uint_t)(uintptr_t)((mp)->b_next)) 238 #define IP_REASS_SET_START(mp, u) \ 239 ((mp)->b_next = (mblk_t *)(uintptr_t)(u)) 240 #define IP_REASS_END(mp) ((uint_t)(uintptr_t)((mp)->b_prev)) 241 #define IP_REASS_SET_END(mp, u) \ 242 ((mp)->b_prev = (mblk_t *)(uintptr_t)(u)) 243 244 #define IP_REASS_COMPLETE 0x1 245 #define IP_REASS_PARTIAL 0x2 246 #define IP_REASS_FAILED 0x4 247 248 /* 249 * Test to determine whether this is a module instance of IP or a 250 * driver instance of IP. 251 */ 252 #define CONN_Q(q) (WR(q)->q_next == NULL) 253 254 #define Q_TO_CONN(q) ((conn_t *)(q)->q_ptr) 255 #define Q_TO_TCP(q) (Q_TO_CONN((q))->conn_tcp) 256 #define Q_TO_UDP(q) (Q_TO_CONN((q))->conn_udp) 257 #define Q_TO_ICMP(q) (Q_TO_CONN((q))->conn_icmp) 258 #define Q_TO_RTS(q) (Q_TO_CONN((q))->conn_rts) 259 260 /* 261 * The following two macros are used by IP to get the appropriate 262 * wq and rq for a conn. If it is a TCP conn, then we need 263 * tcp_wq/tcp_rq else, conn_wq/conn_rq. IP can use conn_wq and conn_rq 264 * from a conn directly if it knows that the conn is not TCP. 265 */ 266 #define CONNP_TO_WQ(connp) \ 267 (IPCL_IS_TCP(connp) ? (connp)->conn_tcp->tcp_wq : (connp)->conn_wq) 268 269 #define CONNP_TO_RQ(connp) RD(CONNP_TO_WQ(connp)) 270 271 #define GRAB_CONN_LOCK(q) { \ 272 if (q != NULL && CONN_Q(q)) \ 273 mutex_enter(&(Q_TO_CONN(q))->conn_lock); \ 274 } 275 276 #define RELEASE_CONN_LOCK(q) { \ 277 if (q != NULL && CONN_Q(q)) \ 278 mutex_exit(&(Q_TO_CONN(q))->conn_lock); \ 279 } 280 281 /* "Congestion controlled" protocol */ 282 #define IP_FLOW_CONTROLLED_ULP(p) ((p) == IPPROTO_TCP || (p) == IPPROTO_SCTP) 283 284 /* 285 * Complete the pending operation. Usually an ioctl. Can also 286 * be a bind or option management request that got enqueued 287 * in an ipsq_t. Called on completion of the operation. 288 */ 289 #define CONN_OPER_PENDING_DONE(connp) { \ 290 mutex_enter(&(connp)->conn_lock); \ 291 (connp)->conn_oper_pending_ill = NULL; \ 292 cv_broadcast(&(connp)->conn_refcv); \ 293 mutex_exit(&(connp)->conn_lock); \ 294 CONN_DEC_REF(connp); \ 295 } 296 297 /* 298 * Flags for the various ip_fanout_* routines. 299 */ 300 #define IP_FF_SEND_ICMP 0x01 /* Send an ICMP error */ 301 #define IP_FF_HDR_COMPLETE 0x02 /* Call ip_hdr_complete if error */ 302 #define IP_FF_CKSUM 0x04 /* Recompute ipha_cksum if error */ 303 #define IP_FF_RAWIP 0x08 /* Use rawip mib variable */ 304 #define IP_FF_SRC_QUENCH 0x10 /* OK to send ICMP_SOURCE_QUENCH */ 305 #define IP_FF_SYN_ADDIRE 0x20 /* Add IRE if TCP syn packet */ 306 #define IP_FF_IPINFO 0x80 /* Used for both V4 and V6 */ 307 #define IP_FF_SEND_SLLA 0x100 /* Send source link layer info ? */ 308 #define IPV6_REACHABILITY_CONFIRMATION 0x200 /* Flags for ip_xmit_v6 */ 309 #define IP_FF_NO_MCAST_LOOP 0x400 /* No multicasts for sending zone */ 310 311 /* 312 * Following flags are used by IPQoS to determine if policy processing is 313 * required. 314 */ 315 #define IP6_NO_IPPOLICY 0x800 /* Don't do IPQoS processing */ 316 #define IP6_IN_LLMCAST 0x1000 /* Multicast */ 317 318 #define IP_FF_LOOPBACK 0x2000 /* Loopback fanout */ 319 #define IP_FF_SCTP_CSUM_ERR 0x4000 /* sctp pkt has failed chksum */ 320 321 #ifndef IRE_DB_TYPE 322 #define IRE_DB_TYPE M_SIG 323 #endif 324 325 #ifndef IRE_DB_REQ_TYPE 326 #define IRE_DB_REQ_TYPE M_PCSIG 327 #endif 328 329 #ifndef IRE_ARPRESOLVE_TYPE 330 #define IRE_ARPRESOLVE_TYPE M_EVENT 331 #endif 332 333 /* 334 * Values for squeue switch: 335 */ 336 337 #define IP_SQUEUE_ENTER_NODRAIN 1 338 #define IP_SQUEUE_ENTER 2 339 /* 340 * This is part of the interface between Transport provider and 341 * IP which can be used to set policy information. This is usually 342 * accompanied with O_T_BIND_REQ/T_BIND_REQ.ip_bind assumes that 343 * only IPSEC_POLICY_SET is there when it is found in the chain. 344 * The information contained is an struct ipsec_req_t. On success 345 * or failure, either the T_BIND_ACK or the T_ERROR_ACK is returned. 346 * IPSEC_POLICY_SET is never returned. 347 */ 348 #define IPSEC_POLICY_SET M_SETOPTS 349 350 #define IRE_IS_LOCAL(ire) ((ire != NULL) && \ 351 ((ire)->ire_type & (IRE_LOCAL | IRE_LOOPBACK))) 352 353 #define IRE_IS_TARGET(ire) ((ire != NULL) && \ 354 ((ire)->ire_type != IRE_BROADCAST)) 355 356 /* IP Fragmentation Reassembly Header */ 357 typedef struct ipf_s { 358 struct ipf_s *ipf_hash_next; 359 struct ipf_s **ipf_ptphn; /* Pointer to previous hash next. */ 360 uint32_t ipf_ident; /* Ident to match. */ 361 uint8_t ipf_protocol; /* Protocol to match. */ 362 uchar_t ipf_last_frag_seen : 1; /* Last fragment seen ? */ 363 time_t ipf_timestamp; /* Reassembly start time. */ 364 mblk_t *ipf_mp; /* mblk we live in. */ 365 mblk_t *ipf_tail_mp; /* Frag queue tail pointer. */ 366 int ipf_hole_cnt; /* Number of holes (hard-case). */ 367 int ipf_end; /* Tail end offset (0 -> hard-case). */ 368 uint_t ipf_gen; /* Frag queue generation */ 369 size_t ipf_count; /* Count of bytes used by frag */ 370 uint_t ipf_nf_hdr_len; /* Length of nonfragmented header */ 371 in6_addr_t ipf_v6src; /* IPv6 source address */ 372 in6_addr_t ipf_v6dst; /* IPv6 dest address */ 373 uint_t ipf_prev_nexthdr_offset; /* Offset for nexthdr value */ 374 uint8_t ipf_ecn; /* ECN info for the fragments */ 375 uint8_t ipf_num_dups; /* Number of times dup frags recvd */ 376 uint16_t ipf_checksum_flags; /* Hardware checksum flags */ 377 uint32_t ipf_checksum; /* Partial checksum of fragment data */ 378 } ipf_t; 379 380 /* 381 * IPv4 Fragments 382 */ 383 #define IS_V4_FRAGMENT(ipha_fragment_offset_and_flags) \ 384 (((ntohs(ipha_fragment_offset_and_flags) & IPH_OFFSET) != 0) || \ 385 ((ntohs(ipha_fragment_offset_and_flags) & IPH_MF) != 0)) 386 387 #define ipf_src V4_PART_OF_V6(ipf_v6src) 388 #define ipf_dst V4_PART_OF_V6(ipf_v6dst) 389 390 typedef enum { 391 IB_PKT = 0x01, 392 OB_PKT = 0x02 393 } ip_pkt_t; 394 395 #define UPDATE_IB_PKT_COUNT(ire)\ 396 { \ 397 (ire)->ire_ib_pkt_count++; \ 398 if ((ire)->ire_ipif != NULL) { \ 399 /* \ 400 * forwarding packet \ 401 */ \ 402 if ((ire)->ire_type & (IRE_LOCAL|IRE_BROADCAST)) \ 403 atomic_add_32(&(ire)->ire_ipif->ipif_ib_pkt_count, 1);\ 404 else \ 405 atomic_add_32(&(ire)->ire_ipif->ipif_fo_pkt_count, 1);\ 406 } \ 407 } 408 409 #define UPDATE_OB_PKT_COUNT(ire)\ 410 { \ 411 (ire)->ire_ob_pkt_count++;\ 412 if ((ire)->ire_ipif != NULL) { \ 413 atomic_add_32(&(ire)->ire_ipif->ipif_ob_pkt_count, 1); \ 414 } \ 415 } 416 417 #define IP_RPUT_LOCAL(q, mp, ipha, ire, recv_ill) \ 418 { \ 419 switch (ipha->ipha_protocol) { \ 420 case IPPROTO_UDP: \ 421 ip_udp_input(q, mp, ipha, ire, recv_ill); \ 422 break; \ 423 default: \ 424 ip_proto_input(q, mp, ipha, ire, recv_ill, 0); \ 425 break; \ 426 } \ 427 } 428 429 /* 430 * NCE_EXPIRED is TRUE when we have a non-permanent nce that was 431 * found to be REACHABLE more than ip_ire_arp_interval ms ago. 432 * This macro is used to age existing nce_t entries. The 433 * nce's will get cleaned up in the following circumstances: 434 * - ip_ire_trash_reclaim will free nce's using ndp_cache_reclaim 435 * when memory is low, 436 * - ip_arp_news, when updates are received. 437 * - if the nce is NCE_EXPIRED(), it will deleted, so that a new 438 * arp request will need to be triggered from an ND_INITIAL nce. 439 * 440 * Note that the nce state transition follows the pattern: 441 * ND_INITIAL -> ND_INCOMPLETE -> ND_REACHABLE 442 * after which the nce is deleted when it has expired. 443 * 444 * nce_last is the timestamp that indicates when the nce_res_mp in the 445 * nce_t was last updated to a valid link-layer address. nce_last gets 446 * modified/updated : 447 * - when the nce is created 448 * - every time we get a sane arp response for the nce. 449 */ 450 #define NCE_EXPIRED(nce, ipst) (nce->nce_last > 0 && \ 451 ((nce->nce_flags & NCE_F_PERMANENT) == 0) && \ 452 ((TICK_TO_MSEC(lbolt64) - nce->nce_last) > \ 453 (ipst)->ips_ip_ire_arp_interval)) 454 455 #endif /* _KERNEL */ 456 457 /* ICMP types */ 458 #define ICMP_ECHO_REPLY 0 459 #define ICMP_DEST_UNREACHABLE 3 460 #define ICMP_SOURCE_QUENCH 4 461 #define ICMP_REDIRECT 5 462 #define ICMP_ECHO_REQUEST 8 463 #define ICMP_ROUTER_ADVERTISEMENT 9 464 #define ICMP_ROUTER_SOLICITATION 10 465 #define ICMP_TIME_EXCEEDED 11 466 #define ICMP_PARAM_PROBLEM 12 467 #define ICMP_TIME_STAMP_REQUEST 13 468 #define ICMP_TIME_STAMP_REPLY 14 469 #define ICMP_INFO_REQUEST 15 470 #define ICMP_INFO_REPLY 16 471 #define ICMP_ADDRESS_MASK_REQUEST 17 472 #define ICMP_ADDRESS_MASK_REPLY 18 473 474 /* Evaluates to true if the ICMP type is an ICMP error */ 475 #define ICMP_IS_ERROR(type) ( \ 476 (type) == ICMP_DEST_UNREACHABLE || \ 477 (type) == ICMP_SOURCE_QUENCH || \ 478 (type) == ICMP_TIME_EXCEEDED || \ 479 (type) == ICMP_PARAM_PROBLEM) 480 481 /* ICMP_TIME_EXCEEDED codes */ 482 #define ICMP_TTL_EXCEEDED 0 483 #define ICMP_REASSEMBLY_TIME_EXCEEDED 1 484 485 /* ICMP_DEST_UNREACHABLE codes */ 486 #define ICMP_NET_UNREACHABLE 0 487 #define ICMP_HOST_UNREACHABLE 1 488 #define ICMP_PROTOCOL_UNREACHABLE 2 489 #define ICMP_PORT_UNREACHABLE 3 490 #define ICMP_FRAGMENTATION_NEEDED 4 491 #define ICMP_SOURCE_ROUTE_FAILED 5 492 #define ICMP_DEST_NET_UNKNOWN 6 493 #define ICMP_DEST_HOST_UNKNOWN 7 494 #define ICMP_SRC_HOST_ISOLATED 8 495 #define ICMP_DEST_NET_UNREACH_ADMIN 9 496 #define ICMP_DEST_HOST_UNREACH_ADMIN 10 497 #define ICMP_DEST_NET_UNREACH_TOS 11 498 #define ICMP_DEST_HOST_UNREACH_TOS 12 499 500 /* ICMP Header Structure */ 501 typedef struct icmph_s { 502 uint8_t icmph_type; 503 uint8_t icmph_code; 504 uint16_t icmph_checksum; 505 union { 506 struct { /* ECHO request/response structure */ 507 uint16_t u_echo_ident; 508 uint16_t u_echo_seqnum; 509 } u_echo; 510 struct { /* Destination unreachable structure */ 511 uint16_t u_du_zero; 512 uint16_t u_du_mtu; 513 } u_du; 514 struct { /* Parameter problem structure */ 515 uint8_t u_pp_ptr; 516 uint8_t u_pp_rsvd[3]; 517 } u_pp; 518 struct { /* Redirect structure */ 519 ipaddr_t u_rd_gateway; 520 } u_rd; 521 } icmph_u; 522 } icmph_t; 523 524 #define icmph_echo_ident icmph_u.u_echo.u_echo_ident 525 #define icmph_echo_seqnum icmph_u.u_echo.u_echo_seqnum 526 #define icmph_du_zero icmph_u.u_du.u_du_zero 527 #define icmph_du_mtu icmph_u.u_du.u_du_mtu 528 #define icmph_pp_ptr icmph_u.u_pp.u_pp_ptr 529 #define icmph_rd_gateway icmph_u.u_rd.u_rd_gateway 530 531 #define ICMPH_SIZE 8 532 533 /* 534 * Minimum length of transport layer header included in an ICMP error 535 * message for it to be considered valid. 536 */ 537 #define ICMP_MIN_TP_HDR_LEN 8 538 539 /* Aligned IP header */ 540 typedef struct ipha_s { 541 uint8_t ipha_version_and_hdr_length; 542 uint8_t ipha_type_of_service; 543 uint16_t ipha_length; 544 uint16_t ipha_ident; 545 uint16_t ipha_fragment_offset_and_flags; 546 uint8_t ipha_ttl; 547 uint8_t ipha_protocol; 548 uint16_t ipha_hdr_checksum; 549 ipaddr_t ipha_src; 550 ipaddr_t ipha_dst; 551 } ipha_t; 552 553 /* 554 * IP Flags 555 * 556 * Some of these constant names are copied for the DTrace IP provider in 557 * usr/src/lib/libdtrace/common/{ip.d.in, ip.sed.in}, which should be kept 558 * in sync. 559 */ 560 #define IPH_DF 0x4000 /* Don't fragment */ 561 #define IPH_MF 0x2000 /* More fragments to come */ 562 #define IPH_OFFSET 0x1FFF /* Where the offset lives */ 563 #define IPH_FRAG_HDR 0x8000 /* IPv6 don't fragment bit */ 564 565 /* ECN code points for IPv4 TOS byte and IPv6 traffic class octet. */ 566 #define IPH_ECN_NECT 0x0 /* Not ECN-Capable Transport */ 567 #define IPH_ECN_ECT1 0x1 /* ECN-Capable Transport, ECT(1) */ 568 #define IPH_ECN_ECT0 0x2 /* ECN-Capable Transport, ECT(0) */ 569 #define IPH_ECN_CE 0x3 /* ECN-Congestion Experienced (CE) */ 570 571 struct ill_s; 572 573 typedef void ip_v6intfid_func_t(struct ill_s *, in6_addr_t *); 574 typedef boolean_t ip_v6mapinfo_func_t(uint_t, uint8_t *, uint8_t *, uint32_t *, 575 in6_addr_t *); 576 typedef boolean_t ip_v4mapinfo_func_t(uint_t, uint8_t *, uint8_t *, uint32_t *, 577 ipaddr_t *); 578 579 /* IP Mac info structure */ 580 typedef struct ip_m_s { 581 t_uscalar_t ip_m_mac_type; /* From <sys/dlpi.h> */ 582 int ip_m_type; /* From <net/if_types.h> */ 583 t_uscalar_t ip_m_ipv4sap; 584 t_uscalar_t ip_m_ipv6sap; 585 ip_v4mapinfo_func_t *ip_m_v4mapinfo; 586 ip_v6mapinfo_func_t *ip_m_v6mapinfo; 587 ip_v6intfid_func_t *ip_m_v6intfid; 588 ip_v6intfid_func_t *ip_m_v6destintfid; 589 } ip_m_t; 590 591 /* 592 * The following functions attempt to reduce the link layer dependency 593 * of the IP stack. The current set of link specific operations are: 594 * a. map from IPv4 class D (224.0/4) multicast address range to the link 595 * layer multicast address range. 596 * b. map from IPv6 multicast address range (ff00::/8) to the link 597 * layer multicast address range. 598 * c. derive the default IPv6 interface identifier from the interface. 599 * d. derive the default IPv6 destination interface identifier from 600 * the interface (point-to-point only). 601 */ 602 #define MEDIA_V4MINFO(ip_m, plen, bphys, maddr, hwxp, v4ptr) \ 603 (((ip_m)->ip_m_v4mapinfo != NULL) && \ 604 (*(ip_m)->ip_m_v4mapinfo)(plen, bphys, maddr, hwxp, v4ptr)) 605 #define MEDIA_V6MINFO(ip_m, plen, bphys, maddr, hwxp, v6ptr) \ 606 (((ip_m)->ip_m_v6mapinfo != NULL) && \ 607 (*(ip_m)->ip_m_v6mapinfo)(plen, bphys, maddr, hwxp, v6ptr)) 608 /* ip_m_v6*intfid return void and are never NULL */ 609 #define MEDIA_V6INTFID(ip_m, ill, v6ptr) (ip_m)->ip_m_v6intfid(ill, v6ptr) 610 #define MEDIA_V6DESTINTFID(ip_m, ill, v6ptr) \ 611 (ip_m)->ip_m_v6destintfid(ill, v6ptr) 612 613 /* Router entry types */ 614 #define IRE_BROADCAST 0x0001 /* Route entry for broadcast address */ 615 #define IRE_DEFAULT 0x0002 /* Route entry for default gateway */ 616 #define IRE_LOCAL 0x0004 /* Route entry for local address */ 617 #define IRE_LOOPBACK 0x0008 /* Route entry for loopback address */ 618 #define IRE_PREFIX 0x0010 /* Route entry for prefix routes */ 619 #define IRE_CACHE 0x0020 /* Cached Route entry */ 620 #define IRE_IF_NORESOLVER 0x0040 /* Route entry for local interface */ 621 /* net without any address mapping. */ 622 #define IRE_IF_RESOLVER 0x0080 /* Route entry for local interface */ 623 /* net with resolver. */ 624 #define IRE_HOST 0x0100 /* Host route entry */ 625 #define IRE_HOST_REDIRECT 0x0200 /* only used for T_SVR4_OPTMGMT_REQ */ 626 627 #define IRE_INTERFACE (IRE_IF_NORESOLVER | IRE_IF_RESOLVER) 628 #define IRE_OFFSUBNET (IRE_DEFAULT | IRE_PREFIX | IRE_HOST) 629 #define IRE_CACHETABLE (IRE_CACHE | IRE_BROADCAST | IRE_LOCAL | \ 630 IRE_LOOPBACK) 631 #define IRE_FORWARDTABLE (IRE_INTERFACE | IRE_OFFSUBNET) 632 633 /* 634 * If an IRE is marked with IRE_MARK_CONDEMNED, the last walker of 635 * the bucket should delete this IRE from this bucket. 636 */ 637 #define IRE_MARK_CONDEMNED 0x0001 638 639 /* 640 * An IRE with IRE_MARK_PMTU has ire_max_frag set from an ICMP error. 641 */ 642 #define IRE_MARK_PMTU 0x0002 643 644 /* 645 * An IRE with IRE_MARK_TESTHIDDEN is used by in.mpathd for test traffic. It 646 * can only be looked up by requesting MATCH_IRE_MARK_TESTHIDDEN. 647 */ 648 #define IRE_MARK_TESTHIDDEN 0x0004 649 650 /* 651 * An IRE with IRE_MARK_NOADD is created in ip_newroute_ipif when the outgoing 652 * interface is specified by e.g. IP_PKTINFO. The IRE is not added to the IRE 653 * cache table. 654 */ 655 #define IRE_MARK_NOADD 0x0008 /* Mark not to add ire in cache */ 656 657 /* 658 * IRE marked with IRE_MARK_TEMPORARY means that this IRE has been used 659 * either for forwarding a packet or has not been used for sending 660 * traffic on TCP connections terminated on this system. In both 661 * cases, this IRE is the first to go when IRE is being cleaned up. 662 */ 663 #define IRE_MARK_TEMPORARY 0x0010 664 665 /* 666 * IRE marked with IRE_MARK_USESRC_CHECK means that while adding an IRE with 667 * this mark, additional atomic checks need to be performed. For eg: by the 668 * time an IRE_CACHE is created, sent up to ARP and then comes back to IP; the 669 * usesrc grouping could have changed in which case we want to fail adding 670 * the IRE_CACHE entry 671 */ 672 #define IRE_MARK_USESRC_CHECK 0x0020 673 674 /* 675 * IRE_MARK_PRIVATE_ADDR is used for IP_NEXTHOP. When IP_NEXTHOP is set, the 676 * routing table lookup for the destination is bypassed and the packet is 677 * sent directly to the specified nexthop. The associated IRE_CACHE entries 678 * should be marked with IRE_MARK_PRIVATE_ADDR flag so that they don't show up 679 * in regular ire cache lookups. 680 */ 681 #define IRE_MARK_PRIVATE_ADDR 0x0040 682 683 /* 684 * When we send an ARP resolution query for the nexthop gateway's ire, 685 * we use esballoc to create the ire_t in the AR_ENTRY_QUERY mblk 686 * chain, and mark its ire_marks with IRE_MARK_UNCACHED. This flag 687 * indicates that information from ARP has not been transferred to a 688 * permanent IRE_CACHE entry. The flag is reset only when the 689 * information is successfully transferred to an ire_cache entry (in 690 * ire_add()). Attempting to free the AR_ENTRY_QUERY mblk chain prior 691 * to ire_add (e.g., from arp, or from ip`ip_wput_nondata) will 692 * require that the resources (incomplete ire_cache and/or nce) must 693 * be cleaned up. The free callback routine (ire_freemblk()) checks 694 * for IRE_MARK_UNCACHED to see if any resources that are pinned down 695 * will need to be cleaned up or not. 696 */ 697 698 #define IRE_MARK_UNCACHED 0x0080 699 700 /* 701 * The comment below (and for other netstack_t references) refers 702 * to the fact that we only do netstack_hold in particular cases, 703 * such as the references from open streams (ill_t and conn_t's 704 * pointers). Internally within IP we rely on IP's ability to cleanup e.g. 705 * ire_t's when an ill goes away. 706 */ 707 typedef struct ire_expire_arg_s { 708 int iea_flush_flag; 709 ip_stack_t *iea_ipst; /* Does not have a netstack_hold */ 710 } ire_expire_arg_t; 711 712 /* Flags with ire_expire routine */ 713 #define FLUSH_ARP_TIME 0x0001 /* ARP info potentially stale timer */ 714 #define FLUSH_REDIRECT_TIME 0x0002 /* Redirects potentially stale */ 715 #define FLUSH_MTU_TIME 0x0004 /* Include path MTU per RFC 1191 */ 716 717 /* Arguments to ire_flush_cache() */ 718 #define IRE_FLUSH_DELETE 0 719 #define IRE_FLUSH_ADD 1 720 721 /* 722 * Open/close synchronization flags. 723 * These are kept in a separate field in the conn and the synchronization 724 * depends on the atomic 32 bit access to that field. 725 */ 726 #define CONN_CLOSING 0x01 /* ip_close waiting for ip_wsrv */ 727 #define CONN_IPSEC_LOAD_WAIT 0x02 /* waiting for load */ 728 #define CONN_CONDEMNED 0x04 /* conn is closing, no more refs */ 729 #define CONN_INCIPIENT 0x08 /* conn not yet visible, no refs */ 730 #define CONN_QUIESCED 0x10 /* conn is now quiescent */ 731 732 /* Used to check connection state flags before caching the IRE */ 733 #define CONN_CACHE_IRE(connp) \ 734 (!((connp)->conn_state_flags & (CONN_CLOSING|CONN_CONDEMNED))) 735 736 /* 737 * Parameter to ip_output giving the identity of the caller. 738 * IP_WSRV means the packet was enqueued in the STREAMS queue 739 * due to flow control and is now being reprocessed in the context of 740 * the STREAMS service procedure, consequent to flow control relief. 741 * IRE_SEND means the packet is being reprocessed consequent to an 742 * ire cache creation and addition and this may or may not be happening 743 * in the service procedure context. Anything other than the above 2 744 * cases is identified as IP_WPUT. Most commonly this is the case of 745 * packets coming down from the application. 746 */ 747 #ifdef _KERNEL 748 #define IP_WSRV 1 /* Called from ip_wsrv */ 749 #define IP_WPUT 2 /* Called from ip_wput */ 750 #define IRE_SEND 3 /* Called from ire_send */ 751 752 /* 753 * Extra structures need for per-src-addr filtering (IGMPv3/MLDv2) 754 */ 755 #define MAX_FILTER_SIZE 64 756 757 typedef struct slist_s { 758 int sl_numsrc; 759 in6_addr_t sl_addr[MAX_FILTER_SIZE]; 760 } slist_t; 761 762 /* 763 * Following struct is used to maintain retransmission state for 764 * a multicast group. One rtx_state_t struct is an in-line field 765 * of the ilm_t struct; the slist_ts in the rtx_state_t struct are 766 * alloc'd as needed. 767 */ 768 typedef struct rtx_state_s { 769 uint_t rtx_timer; /* retrans timer */ 770 int rtx_cnt; /* retrans count */ 771 int rtx_fmode_cnt; /* retrans count for fmode change */ 772 slist_t *rtx_allow; 773 slist_t *rtx_block; 774 } rtx_state_t; 775 776 /* 777 * Used to construct list of multicast address records that will be 778 * sent in a single listener report. 779 */ 780 typedef struct mrec_s { 781 struct mrec_s *mrec_next; 782 uint8_t mrec_type; 783 uint8_t mrec_auxlen; /* currently unused */ 784 in6_addr_t mrec_group; 785 slist_t mrec_srcs; 786 } mrec_t; 787 788 /* Group membership list per upper conn */ 789 /* 790 * XXX add ilg info for ifaddr/ifindex. 791 * XXX can we make ilg survive an ifconfig unplumb + plumb 792 * by setting the ipif/ill to NULL and recover that later? 793 * 794 * ilg_ipif is used by IPv4 as multicast groups are joined using an interface 795 * address (ipif). 796 * ilg_ill is used by IPv6 as multicast groups are joined using an interface 797 * index (phyint->phyint_ifindex). 798 * ilg_ill is NULL for IPv4 and ilg_ipif is NULL for IPv6. 799 * 800 * ilg records the state of multicast memberships of a socket end point. 801 * ilm records the state of multicast memberships with the driver and is 802 * maintained per interface. 803 * 804 * There is no direct link between a given ilg and ilm. If the 805 * application has joined a group G with ifindex I, we will have 806 * an ilg with ilg_v6group and ilg_ill. There will be a corresponding 807 * ilm with ilm_ill/ilm_v6addr recording the multicast membership. 808 * To delete the membership: 809 * 810 * a) Search for ilg matching on G and I with ilg_v6group 811 * and ilg_ill. Delete ilg_ill. 812 * b) Search the corresponding ilm matching on G and I with 813 * ilm_v6addr and ilm_ill. Delete ilm. 814 * 815 * For IPv4 the only difference is that we look using ipifs, not ills. 816 */ 817 818 /* 819 * The ilg_t and ilm_t members are protected by ipsq. They can be changed only 820 * by a thread executing in the ipsq. In other words add/delete of a 821 * multicast group has to execute in the ipsq. 822 */ 823 #define ILG_DELETED 0x1 /* ilg_flags */ 824 typedef struct ilg_s { 825 in6_addr_t ilg_v6group; 826 struct ipif_s *ilg_ipif; /* Logical interface we are member on */ 827 struct ill_s *ilg_ill; /* Used by IPv6 */ 828 uint_t ilg_flags; 829 mcast_record_t ilg_fmode; /* MODE_IS_INCLUDE/MODE_IS_EXCLUDE */ 830 slist_t *ilg_filter; 831 } ilg_t; 832 833 /* 834 * Multicast address list entry for ill. 835 * ilm_ipif is used by IPv4 as multicast groups are joined using ipif. 836 * ilm_ill is used by IPv6 as multicast groups are joined using ill. 837 * ilm_ill is NULL for IPv4 and ilm_ipif is NULL for IPv6. 838 * 839 * The comment below (and for other netstack_t references) refers 840 * to the fact that we only do netstack_hold in particular cases, 841 * such as the references from open streams (ill_t and conn_t's 842 * pointers). Internally within IP we rely on IP's ability to cleanup e.g. 843 * ire_t's when an ill goes away. 844 */ 845 #define ILM_DELETED 0x1 /* ilm_flags */ 846 typedef struct ilm_s { 847 in6_addr_t ilm_v6addr; 848 int ilm_refcnt; 849 uint_t ilm_timer; /* IGMP/MLD query resp timer, in msec */ 850 struct ipif_s *ilm_ipif; /* Back pointer to ipif for IPv4 */ 851 struct ilm_s *ilm_next; /* Linked list for each ill */ 852 uint_t ilm_state; /* state of the membership */ 853 struct ill_s *ilm_ill; /* Back pointer to ill for IPv6 */ 854 uint_t ilm_flags; 855 boolean_t ilm_notify_driver; /* Need to notify the driver */ 856 zoneid_t ilm_zoneid; 857 int ilm_no_ilg_cnt; /* number of joins w/ no ilg */ 858 mcast_record_t ilm_fmode; /* MODE_IS_INCLUDE/MODE_IS_EXCLUDE */ 859 slist_t *ilm_filter; /* source filter list */ 860 slist_t *ilm_pendsrcs; /* relevant src addrs for pending req */ 861 rtx_state_t ilm_rtx; /* SCR retransmission state */ 862 ip_stack_t *ilm_ipst; /* Does not have a netstack_hold */ 863 } ilm_t; 864 865 #define ilm_addr V4_PART_OF_V6(ilm_v6addr) 866 867 typedef struct ilm_walker { 868 struct ill_s *ilw_ill; /* associated ill */ 869 struct ill_s *ilw_ipmp_ill; /* associated ipmp ill (if any) */ 870 struct ill_s *ilw_walk_ill; /* current ill being walked */ 871 } ilm_walker_t; 872 873 /* 874 * Soft reference to an IPsec SA. 875 * 876 * On relative terms, conn's can be persistent (living as long as the 877 * processes which create them), while SA's are ephemeral (dying when 878 * they hit their time-based or byte-based lifetimes). 879 * 880 * We could hold a hard reference to an SA from an ipsec_latch_t, 881 * but this would cause expired SA's to linger for a potentially 882 * unbounded time. 883 * 884 * Instead, we remember the hash bucket number and bucket generation 885 * in addition to the pointer. The bucket generation is incremented on 886 * each deletion. 887 */ 888 typedef struct ipsa_ref_s 889 { 890 struct ipsa_s *ipsr_sa; 891 struct isaf_s *ipsr_bucket; 892 uint64_t ipsr_gen; 893 } ipsa_ref_t; 894 895 /* 896 * IPsec "latching" state. 897 * 898 * In the presence of IPsec policy, fully-bound conn's bind a connection 899 * to more than just the 5-tuple, but also a specific IPsec action and 900 * identity-pair. 901 * 902 * As an optimization, we also cache soft references to IPsec SA's 903 * here so that we can fast-path around most of the work needed for 904 * outbound IPsec SA selection. 905 * 906 * Were it not for TCP's detached connections, this state would be 907 * in-line in conn_t; instead, this is in a separate structure so it 908 * can be handed off to TCP when a connection is detached. 909 */ 910 typedef struct ipsec_latch_s 911 { 912 kmutex_t ipl_lock; 913 uint32_t ipl_refcnt; 914 915 uint64_t ipl_unique; 916 struct ipsec_policy_s *ipl_in_policy; /* latched policy (in) */ 917 struct ipsec_policy_s *ipl_out_policy; /* latched policy (out) */ 918 struct ipsec_action_s *ipl_in_action; /* latched action (in) */ 919 struct ipsec_action_s *ipl_out_action; /* latched action (out) */ 920 cred_t *ipl_local_id; 921 struct ipsid_s *ipl_local_cid; 922 struct ipsid_s *ipl_remote_cid; 923 unsigned int 924 ipl_out_action_latched : 1, 925 ipl_in_action_latched : 1, 926 ipl_out_policy_latched : 1, 927 ipl_in_policy_latched : 1, 928 929 ipl_ids_latched : 1, 930 931 ipl_pad_to_bit_31 : 27; 932 933 ipsa_ref_t ipl_ref[2]; /* 0: ESP, 1: AH */ 934 935 } ipsec_latch_t; 936 937 #define IPLATCH_REFHOLD(ipl) { \ 938 atomic_add_32(&(ipl)->ipl_refcnt, 1); \ 939 ASSERT((ipl)->ipl_refcnt != 0); \ 940 } 941 942 #define IPLATCH_REFRELE(ipl, ns) { \ 943 ASSERT((ipl)->ipl_refcnt != 0); \ 944 membar_exit(); \ 945 if (atomic_add_32_nv(&(ipl)->ipl_refcnt, -1) == 0) \ 946 iplatch_free(ipl, ns); \ 947 } 948 949 /* 950 * peer identity structure. 951 */ 952 953 typedef struct conn_s conn_t; 954 955 /* 956 * The old IP client structure "ipc_t" is gone. All the data is stored in the 957 * connection structure "conn_t" now. The mapping of old and new fields looks 958 * like this: 959 * 960 * ipc_ulp conn_ulp 961 * ipc_rq conn_rq 962 * ipc_wq conn_wq 963 * 964 * ipc_laddr conn_src 965 * ipc_faddr conn_rem 966 * ipc_v6laddr conn_srcv6 967 * ipc_v6faddr conn_remv6 968 * 969 * ipc_lport conn_lport 970 * ipc_fport conn_fport 971 * ipc_ports conn_ports 972 * 973 * ipc_policy conn_policy 974 * ipc_latch conn_latch 975 * 976 * ipc_irc_lock conn_lock 977 * ipc_ire_cache conn_ire_cache 978 * 979 * ipc_state_flags conn_state_flags 980 * ipc_outgoing_ill conn_outgoing_ill 981 * 982 * ipc_dontroute conn_dontroute 983 * ipc_loopback conn_loopback 984 * ipc_broadcast conn_broadcast 985 * ipc_reuseaddr conn_reuseaddr 986 * 987 * ipc_multicast_loop conn_multicast_loop 988 * ipc_multi_router conn_multi_router 989 * ipc_draining conn_draining 990 * 991 * ipc_did_putbq conn_did_putbq 992 * ipc_unspec_src conn_unspec_src 993 * ipc_policy_cached conn_policy_cached 994 * 995 * ipc_in_enforce_policy conn_in_enforce_policy 996 * ipc_out_enforce_policy conn_out_enforce_policy 997 * ipc_af_isv6 conn_af_isv6 998 * ipc_pkt_isv6 conn_pkt_isv6 999 * 1000 * ipc_ipv6_recvpktinfo conn_ipv6_recvpktinfo 1001 * 1002 * ipc_ipv6_recvhoplimit conn_ipv6_recvhoplimit 1003 * ipc_ipv6_recvhopopts conn_ipv6_recvhopopts 1004 * ipc_ipv6_recvdstopts conn_ipv6_recvdstopts 1005 * 1006 * ipc_ipv6_recvrthdr conn_ipv6_recvrthdr 1007 * ipc_ipv6_recvrtdstopts conn_ipv6_recvrtdstopts 1008 * ipc_fully_bound conn_fully_bound 1009 * 1010 * ipc_recvif conn_recvif 1011 * 1012 * ipc_recvslla conn_recvslla 1013 * ipc_acking_unbind conn_acking_unbind 1014 * ipc_pad_to_bit_31 conn_pad_to_bit_31 1015 * 1016 * ipc_proto conn_proto 1017 * ipc_incoming_ill conn_incoming_ill 1018 * ipc_pending_ill conn_pending_ill 1019 * ipc_unbind_mp conn_unbind_mp 1020 * ipc_ilg conn_ilg 1021 * ipc_ilg_allocated conn_ilg_allocated 1022 * ipc_ilg_inuse conn_ilg_inuse 1023 * ipc_ilg_walker_cnt conn_ilg_walker_cnt 1024 * ipc_refcv conn_refcv 1025 * ipc_multicast_ipif conn_multicast_ipif 1026 * ipc_multicast_ill conn_multicast_ill 1027 * ipc_drain_next conn_drain_next 1028 * ipc_drain_prev conn_drain_prev 1029 * ipc_idl conn_idl 1030 */ 1031 1032 /* 1033 * This is used to match an inbound/outbound datagram with policy. 1034 */ 1035 typedef struct ipsec_selector { 1036 in6_addr_t ips_local_addr_v6; 1037 in6_addr_t ips_remote_addr_v6; 1038 uint16_t ips_local_port; 1039 uint16_t ips_remote_port; 1040 uint8_t ips_icmp_type; 1041 uint8_t ips_icmp_code; 1042 uint8_t ips_protocol; 1043 uint8_t ips_isv4 : 1, 1044 ips_is_icmp_inv_acq: 1; 1045 } ipsec_selector_t; 1046 1047 /* 1048 * Note that we put v4 addresses in the *first* 32-bit word of the 1049 * selector rather than the last to simplify the prefix match/mask code 1050 * in spd.c 1051 */ 1052 #define ips_local_addr_v4 ips_local_addr_v6.s6_addr32[0] 1053 #define ips_remote_addr_v4 ips_remote_addr_v6.s6_addr32[0] 1054 1055 /* Values used in IP by IPSEC Code */ 1056 #define IPSEC_OUTBOUND B_TRUE 1057 #define IPSEC_INBOUND B_FALSE 1058 1059 /* 1060 * There are two variants in policy failures. The packet may come in 1061 * secure when not needed (IPSEC_POLICY_???_NOT_NEEDED) or it may not 1062 * have the desired level of protection (IPSEC_POLICY_MISMATCH). 1063 */ 1064 #define IPSEC_POLICY_NOT_NEEDED 0 1065 #define IPSEC_POLICY_MISMATCH 1 1066 #define IPSEC_POLICY_AUTH_NOT_NEEDED 2 1067 #define IPSEC_POLICY_ENCR_NOT_NEEDED 3 1068 #define IPSEC_POLICY_SE_NOT_NEEDED 4 1069 #define IPSEC_POLICY_MAX 5 /* Always max + 1. */ 1070 1071 /* 1072 * Folowing macro is used whenever the code does not know whether there 1073 * is a M_CTL present in the front and it needs to examine the actual mp 1074 * i.e the IP header. As a M_CTL message could be in the front, this 1075 * extracts the packet into mp and the M_CTL mp into first_mp. If M_CTL 1076 * mp is not present, both first_mp and mp point to the same message. 1077 */ 1078 #define EXTRACT_PKT_MP(mp, first_mp, mctl_present) \ 1079 (first_mp) = (mp); \ 1080 if ((mp)->b_datap->db_type == M_CTL) { \ 1081 (mp) = (mp)->b_cont; \ 1082 (mctl_present) = B_TRUE; \ 1083 } else { \ 1084 (mctl_present) = B_FALSE; \ 1085 } 1086 1087 /* 1088 * Check with IPSEC inbound policy if 1089 * 1090 * 1) per-socket policy is present - indicated by conn_in_enforce_policy. 1091 * 2) Or if we have not cached policy on the conn and the global policy is 1092 * non-empty. 1093 */ 1094 #define CONN_INBOUND_POLICY_PRESENT(connp, ipss) \ 1095 ((connp)->conn_in_enforce_policy || \ 1096 (!((connp)->conn_policy_cached) && \ 1097 (ipss)->ipsec_inbound_v4_policy_present)) 1098 1099 #define CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss) \ 1100 ((connp)->conn_in_enforce_policy || \ 1101 (!(connp)->conn_policy_cached && \ 1102 (ipss)->ipsec_inbound_v6_policy_present)) 1103 1104 #define CONN_OUTBOUND_POLICY_PRESENT(connp, ipss) \ 1105 ((connp)->conn_out_enforce_policy || \ 1106 (!((connp)->conn_policy_cached) && \ 1107 (ipss)->ipsec_outbound_v4_policy_present)) 1108 1109 #define CONN_OUTBOUND_POLICY_PRESENT_V6(connp, ipss) \ 1110 ((connp)->conn_out_enforce_policy || \ 1111 (!(connp)->conn_policy_cached && \ 1112 (ipss)->ipsec_outbound_v6_policy_present)) 1113 1114 /* 1115 * Information cached in IRE for upper layer protocol (ULP). 1116 * 1117 * Notice that ire_max_frag is not included in the iulp_t structure, which 1118 * it may seem that it should. But ire_max_frag cannot really be cached. It 1119 * is fixed for each interface. For MTU found by PMTUd, we may want to cache 1120 * it. But currently, we do not do that. 1121 */ 1122 typedef struct iulp_s { 1123 boolean_t iulp_set; /* Is any metric set? */ 1124 uint32_t iulp_ssthresh; /* Slow start threshold (TCP). */ 1125 clock_t iulp_rtt; /* Guestimate in millisecs. */ 1126 clock_t iulp_rtt_sd; /* Cached value of RTT variance. */ 1127 uint32_t iulp_spipe; /* Send pipe size. */ 1128 uint32_t iulp_rpipe; /* Receive pipe size. */ 1129 uint32_t iulp_rtomax; /* Max round trip timeout. */ 1130 uint32_t iulp_sack; /* Use SACK option (TCP)? */ 1131 uint32_t 1132 iulp_tstamp_ok : 1, /* Use timestamp option (TCP)? */ 1133 iulp_wscale_ok : 1, /* Use window scale option (TCP)? */ 1134 iulp_ecn_ok : 1, /* Enable ECN (for TCP)? */ 1135 iulp_pmtud_ok : 1, /* Enable PMTUd? */ 1136 1137 iulp_not_used : 28; 1138 } iulp_t; 1139 1140 /* Zero iulp_t. */ 1141 extern const iulp_t ire_uinfo_null; 1142 1143 /* 1144 * The conn drain list structure (idl_t). 1145 * The list is protected by idl_lock. Each conn_t inserted in the list 1146 * points back at this idl_t using conn_idl. IP primes the draining of the 1147 * conns queued in these lists, by qenabling the 1st conn of each list. This 1148 * occurs when STREAMS backenables ip_wsrv on the IP module. Each conn instance 1149 * of ip_wsrv successively qenables the next conn in the list. 1150 * idl_lock protects all other members of idl_t and conn_drain_next 1151 * and conn_drain_prev of conn_t. The conn_lock protects IPCF_DRAIN_DISABLED 1152 * flag of the conn_t and conn_idl. 1153 * 1154 * The conn drain list, idl_t, itself is part of tx cookie list structure. 1155 * A tx cookie list points to a blocked Tx ring and contains the list of 1156 * all conn's that are blocked due to the flow-controlled Tx ring (via 1157 * the idl drain list). Note that a link can have multiple Tx rings. The 1158 * drain list will store the conn's blocked due to Tx ring being flow 1159 * controlled. 1160 */ 1161 1162 typedef uintptr_t ip_mac_tx_cookie_t; 1163 typedef struct idl_s idl_t; 1164 typedef struct idl_tx_list_s idl_tx_list_t; 1165 1166 struct idl_tx_list_s { 1167 ip_mac_tx_cookie_t txl_cookie; 1168 kmutex_t txl_lock; /* Lock for this list */ 1169 idl_t *txl_drain_list; 1170 int txl_drain_index; 1171 }; 1172 1173 struct idl_s { 1174 conn_t *idl_conn; /* Head of drain list */ 1175 kmutex_t idl_lock; /* Lock for this list */ 1176 conn_t *idl_conn_draining; /* conn that is draining */ 1177 uint32_t 1178 idl_repeat : 1, /* Last conn must re-enable */ 1179 /* drain list again */ 1180 idl_unused : 31; 1181 idl_tx_list_t *idl_itl; 1182 }; 1183 1184 #define CONN_DRAIN_LIST_LOCK(connp) (&((connp)->conn_idl->idl_lock)) 1185 /* 1186 * Interface route structure which holds the necessary information to recreate 1187 * routes that are tied to an interface (namely where ire_ipif != NULL). 1188 * These routes which were initially created via a routing socket or via the 1189 * SIOCADDRT ioctl may be gateway routes (RTF_GATEWAY being set) or may be 1190 * traditional interface routes. When an interface comes back up after being 1191 * marked down, this information will be used to recreate the routes. These 1192 * are part of an mblk_t chain that hangs off of the IPIF (ipif_saved_ire_mp). 1193 */ 1194 typedef struct ifrt_s { 1195 ushort_t ifrt_type; /* Type of IRE */ 1196 in6_addr_t ifrt_v6addr; /* Address IRE represents. */ 1197 in6_addr_t ifrt_v6gateway_addr; /* Gateway if IRE_OFFSUBNET */ 1198 in6_addr_t ifrt_v6src_addr; /* Src addr if RTF_SETSRC */ 1199 in6_addr_t ifrt_v6mask; /* Mask for matching IRE. */ 1200 uint32_t ifrt_flags; /* flags related to route */ 1201 uint_t ifrt_max_frag; /* MTU (next hop or path). */ 1202 iulp_t ifrt_iulp_info; /* Cached IRE ULP info. */ 1203 } ifrt_t; 1204 1205 #define ifrt_addr V4_PART_OF_V6(ifrt_v6addr) 1206 #define ifrt_gateway_addr V4_PART_OF_V6(ifrt_v6gateway_addr) 1207 #define ifrt_src_addr V4_PART_OF_V6(ifrt_v6src_addr) 1208 #define ifrt_mask V4_PART_OF_V6(ifrt_v6mask) 1209 1210 /* Number of IP addresses that can be hosted on a physical interface */ 1211 #define MAX_ADDRS_PER_IF 8192 1212 /* 1213 * Number of Source addresses to be considered for source address 1214 * selection. Used by ipif_select_source[_v6]. 1215 */ 1216 #define MAX_IPIF_SELECT_SOURCE 50 1217 1218 #ifdef IP_DEBUG 1219 /* 1220 * Trace refholds and refreles for debugging. 1221 */ 1222 #define TR_STACK_DEPTH 14 1223 typedef struct tr_buf_s { 1224 int tr_depth; 1225 clock_t tr_time; 1226 pc_t tr_stack[TR_STACK_DEPTH]; 1227 } tr_buf_t; 1228 1229 typedef struct th_trace_s { 1230 int th_refcnt; 1231 uint_t th_trace_lastref; 1232 kthread_t *th_id; 1233 #define TR_BUF_MAX 38 1234 tr_buf_t th_trbuf[TR_BUF_MAX]; 1235 } th_trace_t; 1236 1237 typedef struct th_hash_s { 1238 list_node_t thh_link; 1239 mod_hash_t *thh_hash; 1240 ip_stack_t *thh_ipst; 1241 } th_hash_t; 1242 #endif 1243 1244 /* The following are ipif_state_flags */ 1245 #define IPIF_CONDEMNED 0x1 /* The ipif is being removed */ 1246 #define IPIF_CHANGING 0x2 /* A critcal ipif field is changing */ 1247 #define IPIF_SET_LINKLOCAL 0x10 /* transient flag during bringup */ 1248 #define IPIF_ZERO_SOURCE 0x20 /* transient flag during bringup */ 1249 1250 /* IP interface structure, one per local address */ 1251 typedef struct ipif_s { 1252 struct ipif_s *ipif_next; 1253 struct ill_s *ipif_ill; /* Back pointer to our ill */ 1254 int ipif_id; /* Logical unit number */ 1255 uint_t ipif_mtu; /* Starts at ipif_ill->ill_max_frag */ 1256 in6_addr_t ipif_v6lcl_addr; /* Local IP address for this if. */ 1257 in6_addr_t ipif_v6src_addr; /* Source IP address for this if. */ 1258 in6_addr_t ipif_v6subnet; /* Subnet prefix for this if. */ 1259 in6_addr_t ipif_v6net_mask; /* Net mask for this interface. */ 1260 in6_addr_t ipif_v6brd_addr; /* Broadcast addr for this interface. */ 1261 in6_addr_t ipif_v6pp_dst_addr; /* Point-to-point dest address. */ 1262 uint64_t ipif_flags; /* Interface flags. */ 1263 uint_t ipif_metric; /* BSD if metric, for compatibility. */ 1264 uint_t ipif_ire_type; /* IRE_LOCAL or IRE_LOOPBACK */ 1265 mblk_t *ipif_arp_del_mp; /* Allocated at time arp comes up, to */ 1266 /* prevent awkward out of mem */ 1267 /* condition later */ 1268 mblk_t *ipif_saved_ire_mp; /* Allocated for each extra */ 1269 /* IRE_IF_NORESOLVER/IRE_IF_RESOLVER */ 1270 /* on this interface so that they */ 1271 /* can survive ifconfig down. */ 1272 kmutex_t ipif_saved_ire_lock; /* Protects ipif_saved_ire_mp */ 1273 1274 mrec_t *ipif_igmp_rpt; /* List of group memberships which */ 1275 /* will be reported on. Used when */ 1276 /* handling an igmp timeout. */ 1277 1278 /* 1279 * The packet counts in the ipif contain the sum of the 1280 * packet counts in dead IREs that were affiliated with 1281 * this ipif. 1282 */ 1283 uint_t ipif_fo_pkt_count; /* Forwarded thru our dead IREs */ 1284 uint_t ipif_ib_pkt_count; /* Inbound packets for our dead IREs */ 1285 uint_t ipif_ob_pkt_count; /* Outbound packets to our dead IREs */ 1286 /* Exclusive bit fields, protected by ipsq_t */ 1287 unsigned int 1288 ipif_multicast_up : 1, /* ipif_multicast_up() successful */ 1289 ipif_was_up : 1, /* ipif was up before */ 1290 ipif_addr_ready : 1, /* DAD is done */ 1291 ipif_was_dup : 1, /* DAD had failed */ 1292 1293 ipif_joined_allhosts : 1, /* allhosts joined */ 1294 ipif_added_nce : 1, /* nce added for local address */ 1295 ipif_pad_to_31 : 26; 1296 1297 uint_t ipif_seqid; /* unique index across all ills */ 1298 uint_t ipif_state_flags; /* See IPIF_* flag defs above */ 1299 uint_t ipif_refcnt; /* active consistent reader cnt */ 1300 1301 /* Number of ire's and ilm's referencing this ipif */ 1302 uint_t ipif_ire_cnt; 1303 uint_t ipif_ilm_cnt; 1304 1305 uint_t ipif_saved_ire_cnt; 1306 zoneid_t ipif_zoneid; /* zone ID number */ 1307 timeout_id_t ipif_recovery_id; /* Timer for DAD recovery */ 1308 boolean_t ipif_trace_disable; /* True when alloc fails */ 1309 /* 1310 * For an IPMP interface, ipif_bound_ill tracks the ill whose hardware 1311 * information this ipif is associated with via ARP/NDP. We can use 1312 * an ill pointer (rather than an index) because only ills that are 1313 * part of a group will be pointed to, and an ill cannot disappear 1314 * while it's in a group. 1315 */ 1316 struct ill_s *ipif_bound_ill; 1317 struct ipif_s *ipif_bound_next; /* bound ipif chain */ 1318 boolean_t ipif_bound; /* B_TRUE if we successfully bound */ 1319 } ipif_t; 1320 1321 /* 1322 * IPIF_FREE_OK() means that there are no incoming references 1323 * to the ipif. Incoming refs would prevent the ipif from being freed. 1324 */ 1325 #define IPIF_FREE_OK(ipif) \ 1326 ((ipif)->ipif_ire_cnt == 0 && (ipif)->ipif_ilm_cnt == 0) 1327 /* 1328 * IPIF_DOWN_OK() determines whether the incoming pointer reference counts 1329 * would permit the ipif to be considered quiescent. In order for 1330 * an ipif or ill to be considered quiescent, the ire and nce references 1331 * to that ipif/ill must be zero. 1332 * 1333 * We do not require the ilm references to go to zero for quiescence 1334 * because the quiescence checks are done to ensure that 1335 * outgoing packets do not use addresses from the ipif/ill after it 1336 * has been marked down, and incoming packets to addresses on a 1337 * queiscent interface are rejected. This implies that all the 1338 * ire/nce's using that source address need to be deleted and future 1339 * creation of any ires using that source address must be prevented. 1340 * Similarly incoming unicast packets destined to the 'down' address 1341 * will not be accepted once that ire is gone. However incoming 1342 * multicast packets are not destined to the downed address. 1343 * They are only related to the ill in question. Furthermore 1344 * the current API behavior allows applications to join or leave 1345 * multicast groups, i.e., IP_ADD_MEMBERSHIP / LEAVE_MEMBERSHIP, using a 1346 * down address. Therefore the ilm references are not included in 1347 * the _DOWN_OK macros. 1348 */ 1349 #define IPIF_DOWN_OK(ipif) ((ipif)->ipif_ire_cnt == 0) 1350 1351 /* 1352 * The following table lists the protection levels of the various members 1353 * of the ipif_t. The following notation is used. 1354 * 1355 * Write once - Written to only once at the time of bringing up 1356 * the interface and can be safely read after the bringup without any lock. 1357 * 1358 * ipsq - Need to execute in the ipsq to perform the indicated access. 1359 * 1360 * ill_lock - Need to hold this mutex to perform the indicated access. 1361 * 1362 * ill_g_lock - Need to hold this rw lock as reader/writer for read access or 1363 * write access respectively. 1364 * 1365 * down ill - Written to only when the ill is down (i.e all ipifs are down) 1366 * up ill - Read only when the ill is up (i.e. at least 1 ipif is up) 1367 * 1368 * Table of ipif_t members and their protection 1369 * 1370 * ipif_next ipsq + ill_lock + ipsq OR ill_lock OR 1371 * ill_g_lock ill_g_lock 1372 * ipif_ill ipsq + down ipif write once 1373 * ipif_id ipsq + down ipif write once 1374 * ipif_mtu ipsq 1375 * ipif_v6lcl_addr ipsq + down ipif up ipif 1376 * ipif_v6src_addr ipsq + down ipif up ipif 1377 * ipif_v6subnet ipsq + down ipif up ipif 1378 * ipif_v6net_mask ipsq + down ipif up ipif 1379 * 1380 * ipif_v6brd_addr 1381 * ipif_v6pp_dst_addr 1382 * ipif_flags ill_lock ill_lock 1383 * ipif_metric 1384 * ipif_ire_type ipsq + down ill up ill 1385 * 1386 * ipif_arp_del_mp ipsq ipsq 1387 * ipif_saved_ire_mp ipif_saved_ire_lock ipif_saved_ire_lock 1388 * ipif_igmp_rpt ipsq ipsq 1389 * 1390 * ipif_fo_pkt_count Approx 1391 * ipif_ib_pkt_count Approx 1392 * ipif_ob_pkt_count Approx 1393 * 1394 * bit fields ill_lock ill_lock 1395 * 1396 * ipif_seqid ipsq Write once 1397 * 1398 * ipif_state_flags ill_lock ill_lock 1399 * ipif_refcnt ill_lock ill_lock 1400 * ipif_ire_cnt ill_lock ill_lock 1401 * ipif_ilm_cnt ill_lock ill_lock 1402 * ipif_saved_ire_cnt 1403 * 1404 * ipif_bound_ill ipsq + ipmp_lock ipsq OR ipmp_lock 1405 * ipif_bound_next ipsq ipsq 1406 * ipif_bound ipsq ipsq 1407 */ 1408 1409 #define IP_TR_HASH(tid) ((((uintptr_t)tid) >> 6) & (IP_TR_HASH_MAX - 1)) 1410 1411 #ifdef DEBUG 1412 #define IPIF_TRACE_REF(ipif) ipif_trace_ref(ipif) 1413 #define ILL_TRACE_REF(ill) ill_trace_ref(ill) 1414 #define IPIF_UNTRACE_REF(ipif) ipif_untrace_ref(ipif) 1415 #define ILL_UNTRACE_REF(ill) ill_untrace_ref(ill) 1416 #else 1417 #define IPIF_TRACE_REF(ipif) 1418 #define ILL_TRACE_REF(ill) 1419 #define IPIF_UNTRACE_REF(ipif) 1420 #define ILL_UNTRACE_REF(ill) 1421 #endif 1422 1423 /* IPv4 compatibility macros */ 1424 #define ipif_lcl_addr V4_PART_OF_V6(ipif_v6lcl_addr) 1425 #define ipif_src_addr V4_PART_OF_V6(ipif_v6src_addr) 1426 #define ipif_subnet V4_PART_OF_V6(ipif_v6subnet) 1427 #define ipif_net_mask V4_PART_OF_V6(ipif_v6net_mask) 1428 #define ipif_brd_addr V4_PART_OF_V6(ipif_v6brd_addr) 1429 #define ipif_pp_dst_addr V4_PART_OF_V6(ipif_v6pp_dst_addr) 1430 1431 /* Macros for easy backreferences to the ill. */ 1432 #define ipif_wq ipif_ill->ill_wq 1433 #define ipif_rq ipif_ill->ill_rq 1434 #define ipif_net_type ipif_ill->ill_net_type 1435 #define ipif_ipif_up_count ipif_ill->ill_ipif_up_count 1436 #define ipif_type ipif_ill->ill_type 1437 #define ipif_isv6 ipif_ill->ill_isv6 1438 1439 #define SIOCLIFADDR_NDX 112 /* ndx of SIOCLIFADDR in the ndx ioctl table */ 1440 1441 /* 1442 * mode value for ip_ioctl_finish for finishing an ioctl 1443 */ 1444 #define CONN_CLOSE 1 /* No mi_copy */ 1445 #define COPYOUT 2 /* do an mi_copyout if needed */ 1446 #define NO_COPYOUT 3 /* do an mi_copy_done */ 1447 #define IPI2MODE(ipi) ((ipi)->ipi_flags & IPI_GET_CMD ? COPYOUT : NO_COPYOUT) 1448 1449 /* 1450 * The IP-MT design revolves around the serialization objects ipsq_t (IPSQ) 1451 * and ipxop_t (exclusive operation or "xop"). Becoming "writer" on an IPSQ 1452 * ensures that no other threads can become "writer" on any IPSQs sharing that 1453 * IPSQ's xop until the writer thread is done. 1454 * 1455 * Each phyint points to one IPSQ that remains fixed over the phyint's life. 1456 * Each IPSQ points to one xop that can change over the IPSQ's life. If a 1457 * phyint is *not* in an IPMP group, then its IPSQ will refer to the IPSQ's 1458 * "own" xop (ipsq_ownxop). If a phyint *is* part of an IPMP group, then its 1459 * IPSQ will refer to the "group" xop, which is shorthand for the xop of the 1460 * IPSQ of the IPMP meta-interface's phyint. Thus, all phyints that are part 1461 * of the same IPMP group will have their IPSQ's point to the group xop, and 1462 * thus becoming "writer" on any phyint in the group will prevent any other 1463 * writer on any other phyint in the group. All IPSQs sharing the same xop 1464 * are chained together through ipsq_next (in the degenerate common case, 1465 * ipsq_next simply refers to itself). Note that the group xop is guaranteed 1466 * to exist at least as long as there are members in the group, since the IPMP 1467 * meta-interface can only be destroyed if the group is empty. 1468 * 1469 * Incoming exclusive operation requests are enqueued on the IPSQ they arrived 1470 * on rather than the xop. This makes switching xop's (as would happen when a 1471 * phyint leaves an IPMP group) simple, because after the phyint leaves the 1472 * group, any operations enqueued on its IPSQ can be safely processed with 1473 * respect to its new xop, and any operations enqueued on the IPSQs of its 1474 * former group can be processed with respect to their existing group xop. 1475 * Even so, switching xops is a subtle dance; see ipsq_dq() for details. 1476 * 1477 * An IPSQ's "own" xop is embedded within the IPSQ itself since they have have 1478 * identical lifetimes, and because doing so simplifies pointer management. 1479 * While each phyint and IPSQ point to each other, it is not possible to free 1480 * the IPSQ when the phyint is freed, since we may still *inside* the IPSQ 1481 * when the phyint is being freed. Thus, ipsq_phyint is set to NULL when the 1482 * phyint is freed, and the IPSQ free is later done in ipsq_exit(). 1483 * 1484 * ipsq_t synchronization: read write 1485 * 1486 * ipsq_xopq_mphead ipx_lock ipx_lock 1487 * ipsq_xopq_mptail ipx_lock ipx_lock 1488 * ipsq_xop_switch_mp ipsq_lock ipsq_lock 1489 * ipsq_phyint write once write once 1490 * ipsq_next RW_READER ill_g_lock RW_WRITER ill_g_lock 1491 * ipsq_xop ipsq_lock or ipsq ipsq_lock + ipsq 1492 * ipsq_swxop ipsq ipsq 1493 * ipsq_ownxop see ipxop_t see ipxop_t 1494 * ipsq_ipst write once write once 1495 * 1496 * ipxop_t synchronization: read write 1497 * 1498 * ipx_writer ipx_lock ipx_lock 1499 * ipx_xop_queued ipx_lock ipx_lock 1500 * ipx_mphead ipx_lock ipx_lock 1501 * ipx_mptail ipx_lock ipx_lock 1502 * ipx_ipsq write once write once 1503 * ips_ipsq_queued ipx_lock ipx_lock 1504 * ipx_waitfor ipsq or ipx_lock ipsq + ipx_lock 1505 * ipx_reentry_cnt ipsq or ipx_lock ipsq + ipx_lock 1506 * ipx_current_done ipsq ipsq 1507 * ipx_current_ioctl ipsq ipsq 1508 * ipx_current_ipif ipsq or ipx_lock ipsq + ipx_lock 1509 * ipx_pending_ipif ipsq or ipx_lock ipsq + ipx_lock 1510 * ipx_pending_mp ipsq or ipx_lock ipsq + ipx_lock 1511 * ipx_forced ipsq ipsq 1512 * ipx_depth ipsq ipsq 1513 * ipx_stack ipsq ipsq 1514 */ 1515 typedef struct ipxop_s { 1516 kmutex_t ipx_lock; /* see above */ 1517 kthread_t *ipx_writer; /* current owner */ 1518 mblk_t *ipx_mphead; /* messages tied to this op */ 1519 mblk_t *ipx_mptail; 1520 struct ipsq_s *ipx_ipsq; /* associated ipsq */ 1521 boolean_t ipx_ipsq_queued; /* ipsq using xop has queued op */ 1522 int ipx_waitfor; /* waiting; values encoded below */ 1523 int ipx_reentry_cnt; 1524 boolean_t ipx_current_done; /* is the current operation done? */ 1525 int ipx_current_ioctl; /* current ioctl, or 0 if no ioctl */ 1526 ipif_t *ipx_current_ipif; /* ipif for current op */ 1527 ipif_t *ipx_pending_ipif; /* ipif for ipsq_pending_mp */ 1528 mblk_t *ipx_pending_mp; /* current ioctl mp while waiting */ 1529 boolean_t ipx_forced; /* debugging aid */ 1530 #ifdef DEBUG 1531 int ipx_depth; /* debugging aid */ 1532 #define IPX_STACK_DEPTH 15 1533 pc_t ipx_stack[IPX_STACK_DEPTH]; /* debugging aid */ 1534 #endif 1535 } ipxop_t; 1536 1537 typedef struct ipsq_s { 1538 kmutex_t ipsq_lock; /* see above */ 1539 mblk_t *ipsq_switch_mp; /* op to handle right after switch */ 1540 mblk_t *ipsq_xopq_mphead; /* list of excl ops (mostly ioctls) */ 1541 mblk_t *ipsq_xopq_mptail; 1542 struct phyint *ipsq_phyint; /* associated phyint */ 1543 struct ipsq_s *ipsq_next; /* next ipsq sharing ipsq_xop */ 1544 struct ipxop_s *ipsq_xop; /* current xop synchronization info */ 1545 struct ipxop_s *ipsq_swxop; /* switch xop to on ipsq_exit() */ 1546 struct ipxop_s ipsq_ownxop; /* our own xop (may not be in-use) */ 1547 ip_stack_t *ipsq_ipst; /* does not have a netstack_hold */ 1548 } ipsq_t; 1549 1550 /* 1551 * ipx_waitfor values: 1552 */ 1553 enum { 1554 IPIF_DOWN = 1, /* ipif_down() waiting for refcnts to drop */ 1555 ILL_DOWN, /* ill_down() waiting for refcnts to drop */ 1556 IPIF_FREE, /* ipif_free() waiting for refcnts to drop */ 1557 ILL_FREE /* ill unplumb waiting for refcnts to drop */ 1558 }; 1559 1560 /* Operation types for ipsq_try_enter() */ 1561 #define CUR_OP 0 /* request writer within current operation */ 1562 #define NEW_OP 1 /* request writer for a new operation */ 1563 #define SWITCH_OP 2 /* request writer once IPSQ XOP switches */ 1564 1565 /* 1566 * Kstats tracked on each IPMP meta-interface. Order here must match 1567 * ipmp_kstats[] in ip/ipmp.c. 1568 */ 1569 enum { 1570 IPMP_KSTAT_OBYTES, IPMP_KSTAT_OBYTES64, IPMP_KSTAT_RBYTES, 1571 IPMP_KSTAT_RBYTES64, IPMP_KSTAT_OPACKETS, IPMP_KSTAT_OPACKETS64, 1572 IPMP_KSTAT_OERRORS, IPMP_KSTAT_IPACKETS, IPMP_KSTAT_IPACKETS64, 1573 IPMP_KSTAT_IERRORS, IPMP_KSTAT_MULTIRCV, IPMP_KSTAT_MULTIXMT, 1574 IPMP_KSTAT_BRDCSTRCV, IPMP_KSTAT_BRDCSTXMT, IPMP_KSTAT_LINK_UP, 1575 IPMP_KSTAT_MAX /* keep last */ 1576 }; 1577 1578 /* 1579 * phyint represents state that is common to both IPv4 and IPv6 interfaces. 1580 * There is a separate ill_t representing IPv4 and IPv6 which has a 1581 * backpointer to the phyint structure for accessing common state. 1582 */ 1583 typedef struct phyint { 1584 struct ill_s *phyint_illv4; 1585 struct ill_s *phyint_illv6; 1586 uint_t phyint_ifindex; /* SIOCSLIFINDEX */ 1587 uint64_t phyint_flags; 1588 avl_node_t phyint_avl_by_index; /* avl tree by index */ 1589 avl_node_t phyint_avl_by_name; /* avl tree by name */ 1590 kmutex_t phyint_lock; 1591 struct ipsq_s *phyint_ipsq; /* back pointer to ipsq */ 1592 struct ipmp_grp_s *phyint_grp; /* associated IPMP group */ 1593 char phyint_name[LIFNAMSIZ]; /* physical interface name */ 1594 uint64_t phyint_kstats0[IPMP_KSTAT_MAX]; /* baseline kstats */ 1595 } phyint_t; 1596 1597 #define CACHE_ALIGN_SIZE 64 1598 #define CACHE_ALIGN(align_struct) P2ROUNDUP(sizeof (struct align_struct),\ 1599 CACHE_ALIGN_SIZE) 1600 struct _phyint_list_s_ { 1601 avl_tree_t phyint_list_avl_by_index; /* avl tree by index */ 1602 avl_tree_t phyint_list_avl_by_name; /* avl tree by name */ 1603 }; 1604 1605 typedef union phyint_list_u { 1606 struct _phyint_list_s_ phyint_list_s; 1607 char phyint_list_filler[CACHE_ALIGN(_phyint_list_s_)]; 1608 } phyint_list_t; 1609 1610 #define phyint_list_avl_by_index phyint_list_s.phyint_list_avl_by_index 1611 #define phyint_list_avl_by_name phyint_list_s.phyint_list_avl_by_name 1612 1613 /* 1614 * Fragmentation hash bucket 1615 */ 1616 typedef struct ipfb_s { 1617 struct ipf_s *ipfb_ipf; /* List of ... */ 1618 size_t ipfb_count; /* Count of bytes used by frag(s) */ 1619 kmutex_t ipfb_lock; /* Protect all ipf in list */ 1620 uint_t ipfb_frag_pkts; /* num of distinct fragmented pkts */ 1621 } ipfb_t; 1622 1623 /* 1624 * IRE bucket structure. Usually there is an array of such structures, 1625 * each pointing to a linked list of ires. irb_refcnt counts the number 1626 * of walkers of a given hash bucket. Usually the reference count is 1627 * bumped up if the walker wants no IRES to be DELETED while walking the 1628 * list. Bumping up does not PREVENT ADDITION. This allows walking a given 1629 * hash bucket without stumbling up on a free pointer. 1630 * 1631 * irb_t structures in ip_ftable are dynamically allocated and freed. 1632 * In order to identify the irb_t structures that can be safely kmem_free'd 1633 * we need to ensure that 1634 * - the irb_refcnt is quiescent, indicating no other walkers, 1635 * - no other threads or ire's are holding references to the irb, 1636 * i.e., irb_nire == 0, 1637 * - there are no active ire's in the bucket, i.e., irb_ire_cnt == 0 1638 */ 1639 typedef struct irb { 1640 struct ire_s *irb_ire; /* First ire in this bucket */ 1641 /* Should be first in this struct */ 1642 krwlock_t irb_lock; /* Protect this bucket */ 1643 uint_t irb_refcnt; /* Protected by irb_lock */ 1644 uchar_t irb_marks; /* CONDEMNED ires in this bucket ? */ 1645 #define IRB_MARK_CONDEMNED 0x0001 1646 #define IRB_MARK_FTABLE 0x0002 1647 uint_t irb_ire_cnt; /* Num of active IRE in this bucket */ 1648 uint_t irb_tmp_ire_cnt; /* Num of temporary IRE */ 1649 struct ire_s *irb_rr_origin; /* origin for round-robin */ 1650 int irb_nire; /* Num of ftable ire's that ref irb */ 1651 ip_stack_t *irb_ipst; /* Does not have a netstack_hold */ 1652 } irb_t; 1653 1654 #define IRB2RT(irb) (rt_t *)((caddr_t)(irb) - offsetof(rt_t, rt_irb)) 1655 1656 /* The following are return values of ip_xmit_v4() */ 1657 typedef enum { 1658 SEND_PASSED = 0, /* sent packet out on wire */ 1659 SEND_FAILED, /* sending of packet failed */ 1660 LOOKUP_IN_PROGRESS, /* ire cache found, ARP resolution in progress */ 1661 LLHDR_RESLV_FAILED /* macaddr resl of onlink dst or nexthop failed */ 1662 } ipxmit_state_t; 1663 1664 #define IP_V4_G_HEAD 0 1665 #define IP_V6_G_HEAD 1 1666 1667 #define MAX_G_HEADS 2 1668 1669 /* 1670 * unpadded ill_if structure 1671 */ 1672 struct _ill_if_s_ { 1673 union ill_if_u *illif_next; 1674 union ill_if_u *illif_prev; 1675 avl_tree_t illif_avl_by_ppa; /* AVL tree sorted on ppa */ 1676 vmem_t *illif_ppa_arena; /* ppa index space */ 1677 uint16_t illif_mcast_v1; /* hints for */ 1678 uint16_t illif_mcast_v2; /* [igmp|mld]_slowtimo */ 1679 int illif_name_len; /* name length */ 1680 char illif_name[LIFNAMSIZ]; /* name of interface type */ 1681 }; 1682 1683 /* cache aligned ill_if structure */ 1684 typedef union ill_if_u { 1685 struct _ill_if_s_ ill_if_s; 1686 char illif_filler[CACHE_ALIGN(_ill_if_s_)]; 1687 } ill_if_t; 1688 1689 #define illif_next ill_if_s.illif_next 1690 #define illif_prev ill_if_s.illif_prev 1691 #define illif_avl_by_ppa ill_if_s.illif_avl_by_ppa 1692 #define illif_ppa_arena ill_if_s.illif_ppa_arena 1693 #define illif_mcast_v1 ill_if_s.illif_mcast_v1 1694 #define illif_mcast_v2 ill_if_s.illif_mcast_v2 1695 #define illif_name ill_if_s.illif_name 1696 #define illif_name_len ill_if_s.illif_name_len 1697 1698 typedef struct ill_walk_context_s { 1699 int ctx_current_list; /* current list being searched */ 1700 int ctx_last_list; /* last list to search */ 1701 } ill_walk_context_t; 1702 1703 /* 1704 * ill_g_heads structure, one for IPV4 and one for IPV6 1705 */ 1706 struct _ill_g_head_s_ { 1707 ill_if_t *ill_g_list_head; 1708 ill_if_t *ill_g_list_tail; 1709 }; 1710 1711 typedef union ill_g_head_u { 1712 struct _ill_g_head_s_ ill_g_head_s; 1713 char ill_g_head_filler[CACHE_ALIGN(_ill_g_head_s_)]; 1714 } ill_g_head_t; 1715 1716 #define ill_g_list_head ill_g_head_s.ill_g_list_head 1717 #define ill_g_list_tail ill_g_head_s.ill_g_list_tail 1718 1719 #define IP_V4_ILL_G_LIST(ipst) \ 1720 (ipst)->ips_ill_g_heads[IP_V4_G_HEAD].ill_g_list_head 1721 #define IP_V6_ILL_G_LIST(ipst) \ 1722 (ipst)->ips_ill_g_heads[IP_V6_G_HEAD].ill_g_list_head 1723 #define IP_VX_ILL_G_LIST(i, ipst) \ 1724 (ipst)->ips_ill_g_heads[i].ill_g_list_head 1725 1726 #define ILL_START_WALK_V4(ctx_ptr, ipst) \ 1727 ill_first(IP_V4_G_HEAD, IP_V4_G_HEAD, ctx_ptr, ipst) 1728 #define ILL_START_WALK_V6(ctx_ptr, ipst) \ 1729 ill_first(IP_V6_G_HEAD, IP_V6_G_HEAD, ctx_ptr, ipst) 1730 #define ILL_START_WALK_ALL(ctx_ptr, ipst) \ 1731 ill_first(MAX_G_HEADS, MAX_G_HEADS, ctx_ptr, ipst) 1732 1733 /* 1734 * Capabilities, possible flags for ill_capabilities. 1735 */ 1736 1737 #define ILL_CAPAB_AH 0x01 /* IPsec AH acceleration */ 1738 #define ILL_CAPAB_ESP 0x02 /* IPsec ESP acceleration */ 1739 #define ILL_CAPAB_MDT 0x04 /* Multidata Transmit */ 1740 #define ILL_CAPAB_HCKSUM 0x08 /* Hardware checksumming */ 1741 #define ILL_CAPAB_ZEROCOPY 0x10 /* Zero-copy */ 1742 #define ILL_CAPAB_DLD 0x20 /* DLD capabilities */ 1743 #define ILL_CAPAB_DLD_POLL 0x40 /* Polling */ 1744 #define ILL_CAPAB_DLD_DIRECT 0x80 /* Direct function call */ 1745 #define ILL_CAPAB_DLD_LSO 0x100 /* Large Segment Offload */ 1746 1747 /* 1748 * Per-ill Multidata Transmit capabilities. 1749 */ 1750 typedef struct ill_mdt_capab_s ill_mdt_capab_t; 1751 1752 /* 1753 * Per-ill IPsec capabilities. 1754 */ 1755 typedef struct ill_ipsec_capab_s ill_ipsec_capab_t; 1756 1757 /* 1758 * Per-ill Hardware Checksumming capbilities. 1759 */ 1760 typedef struct ill_hcksum_capab_s ill_hcksum_capab_t; 1761 1762 /* 1763 * Per-ill Zero-copy capabilities. 1764 */ 1765 typedef struct ill_zerocopy_capab_s ill_zerocopy_capab_t; 1766 1767 /* 1768 * DLD capbilities. 1769 */ 1770 typedef struct ill_dld_capab_s ill_dld_capab_t; 1771 1772 /* 1773 * Per-ill polling resource map. 1774 */ 1775 typedef struct ill_rx_ring ill_rx_ring_t; 1776 1777 /* 1778 * Per-ill Large Segment Offload capabilities. 1779 */ 1780 typedef struct ill_lso_capab_s ill_lso_capab_t; 1781 1782 /* The following are ill_state_flags */ 1783 #define ILL_LL_SUBNET_PENDING 0x01 /* Waiting for DL_INFO_ACK from drv */ 1784 #define ILL_CONDEMNED 0x02 /* No more new ref's to the ILL */ 1785 #define ILL_CHANGING 0x04 /* ILL not globally visible */ 1786 #define ILL_DL_UNBIND_IN_PROGRESS 0x08 /* UNBIND_REQ is sent */ 1787 1788 /* Is this an ILL whose source address is used by other ILL's ? */ 1789 #define IS_USESRC_ILL(ill) \ 1790 (((ill)->ill_usesrc_ifindex == 0) && \ 1791 ((ill)->ill_usesrc_grp_next != NULL)) 1792 1793 /* Is this a client/consumer of the usesrc ILL ? */ 1794 #define IS_USESRC_CLI_ILL(ill) \ 1795 (((ill)->ill_usesrc_ifindex != 0) && \ 1796 ((ill)->ill_usesrc_grp_next != NULL)) 1797 1798 /* Is this an virtual network interface (vni) ILL ? */ 1799 #define IS_VNI(ill) \ 1800 (((ill) != NULL) && \ 1801 (((ill)->ill_phyint->phyint_flags & (PHYI_LOOPBACK|PHYI_VIRTUAL)) == \ 1802 PHYI_VIRTUAL)) 1803 1804 /* Is this a loopback ILL? */ 1805 #define IS_LOOPBACK(ill) \ 1806 ((ill)->ill_phyint->phyint_flags & PHYI_LOOPBACK) 1807 1808 /* Is this an IPMP meta-interface ILL? */ 1809 #define IS_IPMP(ill) \ 1810 ((ill)->ill_phyint->phyint_flags & PHYI_IPMP) 1811 1812 /* Is this ILL under an IPMP meta-interface? (aka "in a group?") */ 1813 #define IS_UNDER_IPMP(ill) \ 1814 ((ill)->ill_grp != NULL && !IS_IPMP(ill)) 1815 1816 /* Is ill1 in the same illgrp as ill2? */ 1817 #define IS_IN_SAME_ILLGRP(ill1, ill2) \ 1818 ((ill1)->ill_grp != NULL && ((ill1)->ill_grp == (ill2)->ill_grp)) 1819 1820 /* Is ill1 on the same LAN as ill2? */ 1821 #define IS_ON_SAME_LAN(ill1, ill2) \ 1822 ((ill1) == (ill2) || IS_IN_SAME_ILLGRP(ill1, ill2)) 1823 1824 #define ILL_OTHER(ill) \ 1825 ((ill)->ill_isv6 ? (ill)->ill_phyint->phyint_illv4 : \ 1826 (ill)->ill_phyint->phyint_illv6) 1827 1828 /* 1829 * IPMP group ILL state structure -- up to two per IPMP group (V4 and V6). 1830 * Created when the V4 and/or V6 IPMP meta-interface is I_PLINK'd. It is 1831 * guaranteed to persist while there are interfaces of that type in the group. 1832 * In general, most fields are accessed outside of the IPSQ (e.g., in the 1833 * datapath), and thus use locks in addition to the IPSQ for protection. 1834 * 1835 * synchronization: read write 1836 * 1837 * ig_if ipsq or ill_g_lock ipsq and ill_g_lock 1838 * ig_actif ipsq or ipmp_lock ipsq and ipmp_lock 1839 * ig_nactif ipsq or ipmp_lock ipsq and ipmp_lock 1840 * ig_next_ill ipsq or ipmp_lock ipsq and ipmp_lock 1841 * ig_ipmp_ill write once write once 1842 * ig_cast_ill ipsq or ipmp_lock ipsq and ipmp_lock 1843 * ig_arpent ipsq ipsq 1844 * ig_mtu ipsq ipsq 1845 */ 1846 typedef struct ipmp_illgrp_s { 1847 list_t ig_if; /* list of all interfaces */ 1848 list_t ig_actif; /* list of active interfaces */ 1849 uint_t ig_nactif; /* number of active interfaces */ 1850 struct ill_s *ig_next_ill; /* next active interface to use */ 1851 struct ill_s *ig_ipmp_ill; /* backpointer to IPMP meta-interface */ 1852 struct ill_s *ig_cast_ill; /* nominated ill for multi/broadcast */ 1853 list_t ig_arpent; /* list of ARP entries */ 1854 uint_t ig_mtu; /* ig_ipmp_ill->ill_max_mtu */ 1855 } ipmp_illgrp_t; 1856 1857 /* 1858 * IPMP group state structure -- one per IPMP group. Created when the 1859 * IPMP meta-interface is plumbed; it is guaranteed to persist while there 1860 * are interfaces in it. 1861 * 1862 * ipmp_grp_t synchronization: read write 1863 * 1864 * gr_name ipmp_lock ipmp_lock 1865 * gr_ifname write once write once 1866 * gr_mactype ipmp_lock ipmp_lock 1867 * gr_phyint write once write once 1868 * gr_nif ipmp_lock ipmp_lock 1869 * gr_nactif ipsq ipsq 1870 * gr_v4 ipmp_lock ipmp_lock 1871 * gr_v6 ipmp_lock ipmp_lock 1872 * gr_nv4 ipmp_lock ipmp_lock 1873 * gr_nv6 ipmp_lock ipmp_lock 1874 * gr_pendv4 ipmp_lock ipmp_lock 1875 * gr_pendv6 ipmp_lock ipmp_lock 1876 * gr_linkdownmp ipsq ipsq 1877 * gr_ksp ipmp_lock ipmp_lock 1878 * gr_kstats0 atomic atomic 1879 */ 1880 typedef struct ipmp_grp_s { 1881 char gr_name[LIFGRNAMSIZ]; /* group name */ 1882 char gr_ifname[LIFNAMSIZ]; /* interface name */ 1883 t_uscalar_t gr_mactype; /* DLPI mactype of group */ 1884 phyint_t *gr_phyint; /* IPMP group phyint */ 1885 uint_t gr_nif; /* number of interfaces in group */ 1886 uint_t gr_nactif; /* number of active interfaces */ 1887 ipmp_illgrp_t *gr_v4; /* V4 group information */ 1888 ipmp_illgrp_t *gr_v6; /* V6 group information */ 1889 uint_t gr_nv4; /* number of ills in V4 group */ 1890 uint_t gr_nv6; /* number of ills in V6 group */ 1891 uint_t gr_pendv4; /* number of pending ills in V4 group */ 1892 uint_t gr_pendv6; /* number of pending ills in V6 group */ 1893 mblk_t *gr_linkdownmp; /* message used to bring link down */ 1894 kstat_t *gr_ksp; /* group kstat pointer */ 1895 uint64_t gr_kstats0[IPMP_KSTAT_MAX]; /* baseline group kstats */ 1896 } ipmp_grp_t; 1897 1898 /* 1899 * IPMP ARP entry -- one per SIOCS*ARP entry tied to the group. Used to keep 1900 * ARP up-to-date as the active set of interfaces in the group changes. 1901 */ 1902 typedef struct ipmp_arpent_s { 1903 mblk_t *ia_area_mp; /* AR_ENTRY_ADD pointer */ 1904 ipaddr_t ia_ipaddr; /* IP address for this entry */ 1905 boolean_t ia_proxyarp; /* proxy ARP entry? */ 1906 boolean_t ia_notified; /* ARP notified about this entry? */ 1907 list_node_t ia_node; /* next ARP entry in list */ 1908 } ipmp_arpent_t; 1909 1910 /* 1911 * IP Lower level Structure. 1912 * Instance data structure in ip_open when there is a device below us. 1913 */ 1914 typedef struct ill_s { 1915 ill_if_t *ill_ifptr; /* pointer to interface type */ 1916 queue_t *ill_rq; /* Read queue. */ 1917 queue_t *ill_wq; /* Write queue. */ 1918 1919 int ill_error; /* Error value sent up by device. */ 1920 1921 ipif_t *ill_ipif; /* Interface chain for this ILL. */ 1922 1923 uint_t ill_ipif_up_count; /* Number of IPIFs currently up. */ 1924 uint_t ill_max_frag; /* Max IDU from DLPI. */ 1925 char *ill_name; /* Our name. */ 1926 uint_t ill_ipif_dup_count; /* Number of duplicate addresses. */ 1927 uint_t ill_name_length; /* Name length, incl. terminator. */ 1928 char *ill_ndd_name; /* Name + ":ip?_forwarding" for NDD. */ 1929 uint_t ill_net_type; /* IRE_IF_RESOLVER/IRE_IF_NORESOLVER. */ 1930 /* 1931 * Physical Point of Attachment num. If DLPI style 1 provider 1932 * then this is derived from the devname. 1933 */ 1934 uint_t ill_ppa; 1935 t_uscalar_t ill_sap; 1936 t_scalar_t ill_sap_length; /* Including sign (for position) */ 1937 uint_t ill_phys_addr_length; /* Excluding the sap. */ 1938 uint_t ill_bcast_addr_length; /* Only set when the DL provider */ 1939 /* supports broadcast. */ 1940 t_uscalar_t ill_mactype; 1941 uint8_t *ill_frag_ptr; /* Reassembly state. */ 1942 timeout_id_t ill_frag_timer_id; /* timeout id for the frag timer */ 1943 ipfb_t *ill_frag_hash_tbl; /* Fragment hash list head. */ 1944 ipif_t *ill_pending_ipif; /* IPIF waiting for DL operation. */ 1945 1946 ilm_t *ill_ilm; /* Multicast membership for ill */ 1947 uint_t ill_global_timer; /* for IGMPv3/MLDv2 general queries */ 1948 int ill_mcast_type; /* type of router which is querier */ 1949 /* on this interface */ 1950 uint16_t ill_mcast_v1_time; /* # slow timeouts since last v1 qry */ 1951 uint16_t ill_mcast_v2_time; /* # slow timeouts since last v2 qry */ 1952 uint8_t ill_mcast_v1_tset; /* 1 => timer is set; 0 => not set */ 1953 uint8_t ill_mcast_v2_tset; /* 1 => timer is set; 0 => not set */ 1954 1955 uint8_t ill_mcast_rv; /* IGMPv3/MLDv2 robustness variable */ 1956 int ill_mcast_qi; /* IGMPv3/MLDv2 query interval var */ 1957 1958 mblk_t *ill_pending_mp; /* IOCTL/DLPI awaiting completion. */ 1959 /* 1960 * All non-NULL cells between 'ill_first_mp_to_free' and 1961 * 'ill_last_mp_to_free' are freed in ill_delete. 1962 */ 1963 #define ill_first_mp_to_free ill_bcast_mp 1964 mblk_t *ill_bcast_mp; /* DLPI header for broadcasts. */ 1965 mblk_t *ill_resolver_mp; /* Resolver template. */ 1966 mblk_t *ill_unbind_mp; /* unbind mp from ill_dl_up() */ 1967 mblk_t *ill_promiscoff_mp; /* for ill_leave_allmulti() */ 1968 mblk_t *ill_dlpi_deferred; /* b_next chain of control messages */ 1969 mblk_t *ill_ardeact_mp; /* deact mp from ipmp_ill_activate() */ 1970 mblk_t *ill_dest_addr_mp; /* mblk which holds ill_dest_addr */ 1971 mblk_t *ill_replumb_mp; /* replumb mp from ill_replumb() */ 1972 mblk_t *ill_phys_addr_mp; /* mblk which holds ill_phys_addr */ 1973 #define ill_last_mp_to_free ill_phys_addr_mp 1974 1975 cred_t *ill_credp; /* opener's credentials */ 1976 uint8_t *ill_phys_addr; /* ill_phys_addr_mp->b_rptr + off */ 1977 uint8_t *ill_dest_addr; /* ill_dest_addr_mp->b_rptr + off */ 1978 1979 uint_t ill_state_flags; /* see ILL_* flags above */ 1980 1981 /* Following bit fields protected by ipsq_t */ 1982 uint_t 1983 ill_needs_attach : 1, 1984 ill_reserved : 1, 1985 ill_isv6 : 1, 1986 ill_dlpi_style_set : 1, 1987 1988 ill_ifname_pending : 1, 1989 ill_join_allmulti : 1, 1990 ill_logical_down : 1, 1991 ill_dl_up : 1, 1992 1993 ill_up_ipifs : 1, 1994 ill_note_link : 1, /* supports link-up notification */ 1995 ill_capab_reneg : 1, /* capability renegotiation to be done */ 1996 ill_dld_capab_inprog : 1, /* direct dld capab call in prog */ 1997 1998 ill_need_recover_multicast : 1, 1999 ill_pad_to_bit_31 : 19; 2000 2001 /* Following bit fields protected by ill_lock */ 2002 uint_t 2003 ill_fragtimer_executing : 1, 2004 ill_fragtimer_needrestart : 1, 2005 ill_ilm_cleanup_reqd : 1, 2006 ill_arp_closing : 1, 2007 2008 ill_arp_bringup_pending : 1, 2009 ill_arp_extend : 1, /* ARP has DAD extensions */ 2010 ill_manual_token : 1, /* system won't override ill_token */ 2011 ill_manual_linklocal : 1, /* system won't auto-conf linklocal */ 2012 2013 ill_pad_bit_31 : 24; 2014 2015 /* 2016 * Used in SIOCSIFMUXID and SIOCGIFMUXID for 'ifconfig unplumb'. 2017 */ 2018 int ill_arp_muxid; /* muxid returned from plink for arp */ 2019 int ill_ip_muxid; /* muxid returned from plink for ip */ 2020 2021 /* Used for IP frag reassembly throttling on a per ILL basis. */ 2022 uint_t ill_ipf_gen; /* Generation of next fragment queue */ 2023 uint_t ill_frag_count; /* Count of all reassembly mblk bytes */ 2024 uint_t ill_frag_free_num_pkts; /* num of fragmented packets to free */ 2025 clock_t ill_last_frag_clean_time; /* time when frag's were pruned */ 2026 int ill_type; /* From <net/if_types.h> */ 2027 uint_t ill_dlpi_multicast_state; /* See below IDS_* */ 2028 uint_t ill_dlpi_fastpath_state; /* See below IDS_* */ 2029 2030 /* 2031 * Capabilities related fields. 2032 */ 2033 uint_t ill_dlpi_capab_state; /* State of capability query, IDCS_* */ 2034 uint_t ill_capab_pending_cnt; 2035 uint64_t ill_capabilities; /* Enabled capabilities, ILL_CAPAB_* */ 2036 ill_mdt_capab_t *ill_mdt_capab; /* Multidata Transmit capabilities */ 2037 ill_ipsec_capab_t *ill_ipsec_capab_ah; /* IPsec AH capabilities */ 2038 ill_ipsec_capab_t *ill_ipsec_capab_esp; /* IPsec ESP capabilities */ 2039 ill_hcksum_capab_t *ill_hcksum_capab; /* H/W cksumming capabilities */ 2040 ill_zerocopy_capab_t *ill_zerocopy_capab; /* Zero-copy capabilities */ 2041 ill_dld_capab_t *ill_dld_capab; /* DLD capabilities */ 2042 ill_lso_capab_t *ill_lso_capab; /* Large Segment Offload capabilities */ 2043 mblk_t *ill_capab_reset_mp; /* Preallocated mblk for capab reset */ 2044 2045 /* 2046 * Fields for IPv6 2047 */ 2048 uint8_t ill_max_hops; /* Maximum hops for any logical interface */ 2049 uint_t ill_max_mtu; /* Maximum MTU for any logical interface */ 2050 uint_t ill_user_mtu; /* User-specified MTU via SIOCSLIFLNKINFO */ 2051 uint32_t ill_reachable_time; /* Value for ND algorithm in msec */ 2052 uint32_t ill_reachable_retrans_time; /* Value for ND algorithm msec */ 2053 uint_t ill_max_buf; /* Max # of req to buffer for ND */ 2054 in6_addr_t ill_token; /* IPv6 interface id */ 2055 in6_addr_t ill_dest_token; /* Destination IPv6 interface id */ 2056 uint_t ill_token_length; 2057 uint32_t ill_xmit_count; /* ndp max multicast xmits */ 2058 mib2_ipIfStatsEntry_t *ill_ip_mib; /* ver indep. interface mib */ 2059 mib2_ipv6IfIcmpEntry_t *ill_icmp6_mib; /* Per interface mib */ 2060 /* 2061 * Following two mblks are allocated common to all 2062 * the ipifs when the first interface is coming up. 2063 * It is sent up to arp when the last ipif is coming 2064 * down. 2065 */ 2066 mblk_t *ill_arp_down_mp; 2067 mblk_t *ill_arp_del_mapping_mp; 2068 /* 2069 * Used for implementing IFF_NOARP. As IFF_NOARP is used 2070 * to turn off for all the logicals, it is here instead 2071 * of the ipif. 2072 */ 2073 mblk_t *ill_arp_on_mp; 2074 2075 phyint_t *ill_phyint; 2076 uint64_t ill_flags; 2077 2078 kmutex_t ill_lock; /* Please see table below */ 2079 /* 2080 * The ill_nd_lla* fields handle the link layer address option 2081 * from neighbor discovery. This is used for external IPv6 2082 * address resolution. 2083 */ 2084 mblk_t *ill_nd_lla_mp; /* mblk which holds ill_nd_lla */ 2085 uint8_t *ill_nd_lla; /* Link Layer Address */ 2086 uint_t ill_nd_lla_len; /* Link Layer Address length */ 2087 /* 2088 * We have 4 phys_addr_req's sent down. This field keeps track 2089 * of which one is pending. 2090 */ 2091 t_uscalar_t ill_phys_addr_pend; /* which dl_phys_addr_req pending */ 2092 /* 2093 * Used to save errors that occur during plumbing 2094 */ 2095 uint_t ill_ifname_pending_err; 2096 avl_node_t ill_avl_byppa; /* avl node based on ppa */ 2097 void *ill_fastpath_list; /* both ire and nce hang off this */ 2098 uint_t ill_refcnt; /* active refcnt by threads */ 2099 uint_t ill_ire_cnt; /* ires associated with this ill */ 2100 kcondvar_t ill_cv; 2101 uint_t ill_ilm_walker_cnt; /* snmp ilm walkers */ 2102 uint_t ill_nce_cnt; /* nces associated with this ill */ 2103 uint_t ill_waiters; /* threads waiting in ipsq_enter */ 2104 /* 2105 * Contains the upper read queue pointer of the module immediately 2106 * beneath IP. This field allows IP to validate sub-capability 2107 * acknowledgments coming up from downstream. 2108 */ 2109 queue_t *ill_lmod_rq; /* read queue pointer of module below */ 2110 uint_t ill_lmod_cnt; /* number of modules beneath IP */ 2111 ip_m_t *ill_media; /* media specific params/functions */ 2112 t_uscalar_t ill_dlpi_pending; /* Last DLPI primitive issued */ 2113 uint_t ill_usesrc_ifindex; /* use src addr from this ILL */ 2114 struct ill_s *ill_usesrc_grp_next; /* Next ILL in the usesrc group */ 2115 boolean_t ill_trace_disable; /* True when alloc fails */ 2116 zoneid_t ill_zoneid; 2117 ip_stack_t *ill_ipst; /* Corresponds to a netstack_hold */ 2118 uint32_t ill_dhcpinit; /* IP_DHCPINIT_IFs for ill */ 2119 void *ill_flownotify_mh; /* Tx flow ctl, mac cb handle */ 2120 uint_t ill_ilm_cnt; /* ilms referencing this ill */ 2121 uint_t ill_ipallmulti_cnt; /* ip_join_allmulti() calls */ 2122 /* 2123 * IPMP fields. 2124 */ 2125 ipmp_illgrp_t *ill_grp; /* IPMP group information */ 2126 list_node_t ill_actnode; /* next active ill in group */ 2127 list_node_t ill_grpnode; /* next ill in group */ 2128 ipif_t *ill_src_ipif; /* source address selection rotor */ 2129 ipif_t *ill_move_ipif; /* ipif awaiting move to new ill */ 2130 boolean_t ill_nom_cast; /* nominated for mcast/bcast */ 2131 uint_t ill_bound_cnt; /* # of data addresses bound to ill */ 2132 ipif_t *ill_bound_ipif; /* ipif chain bound to ill */ 2133 timeout_id_t ill_refresh_tid; /* ill refresh retry timeout id */ 2134 } ill_t; 2135 2136 /* 2137 * ILL_FREE_OK() means that there are no incoming pointer references 2138 * to the ill. 2139 */ 2140 #define ILL_FREE_OK(ill) \ 2141 ((ill)->ill_ire_cnt == 0 && (ill)->ill_ilm_cnt == 0 && \ 2142 (ill)->ill_nce_cnt == 0) 2143 2144 /* 2145 * An ipif/ill can be marked down only when the ire and nce references 2146 * to that ipif/ill goes to zero. ILL_DOWN_OK() is a necessary condition 2147 * quiescence checks. See comments above IPIF_DOWN_OK for details 2148 * on why ires and nces are selectively considered for this macro. 2149 */ 2150 #define ILL_DOWN_OK(ill) (ill->ill_ire_cnt == 0 && ill->ill_nce_cnt == 0) 2151 2152 /* 2153 * The following table lists the protection levels of the various members 2154 * of the ill_t. Same notation as that used for ipif_t above is used. 2155 * 2156 * Write Read 2157 * 2158 * ill_ifptr ill_g_lock + s Write once 2159 * ill_rq ipsq Write once 2160 * ill_wq ipsq Write once 2161 * 2162 * ill_error ipsq None 2163 * ill_ipif ill_g_lock + ipsq ill_g_lock OR ipsq 2164 * ill_ipif_up_count ill_lock + ipsq ill_lock OR ipsq 2165 * ill_max_frag ipsq Write once 2166 * 2167 * ill_name ill_g_lock + ipsq Write once 2168 * ill_name_length ill_g_lock + ipsq Write once 2169 * ill_ndd_name ipsq Write once 2170 * ill_net_type ipsq Write once 2171 * ill_ppa ill_g_lock + ipsq Write once 2172 * ill_sap ipsq + down ill Write once 2173 * ill_sap_length ipsq + down ill Write once 2174 * ill_phys_addr_length ipsq + down ill Write once 2175 * 2176 * ill_bcast_addr_length ipsq ipsq 2177 * ill_mactype ipsq ipsq 2178 * ill_frag_ptr ipsq ipsq 2179 * 2180 * ill_frag_timer_id ill_lock ill_lock 2181 * ill_frag_hash_tbl ipsq up ill 2182 * ill_ilm ipsq + ill_lock ill_lock 2183 * ill_mcast_type ill_lock ill_lock 2184 * ill_mcast_v1_time ill_lock ill_lock 2185 * ill_mcast_v2_time ill_lock ill_lock 2186 * ill_mcast_v1_tset ill_lock ill_lock 2187 * ill_mcast_v2_tset ill_lock ill_lock 2188 * ill_mcast_rv ill_lock ill_lock 2189 * ill_mcast_qi ill_lock ill_lock 2190 * ill_pending_mp ill_lock ill_lock 2191 * 2192 * ill_bcast_mp ipsq ipsq 2193 * ill_resolver_mp ipsq only when ill is up 2194 * ill_down_mp ipsq ipsq 2195 * ill_dlpi_deferred ill_lock ill_lock 2196 * ill_dlpi_pending ipsq + ill_lock ipsq or ill_lock or 2197 * absence of ipsq writer. 2198 * ill_phys_addr_mp ipsq + down ill only when ill is up 2199 * ill_phys_addr ipsq + down ill only when ill is up 2200 * ill_dest_addr_mp ipsq + down ill only when ill is up 2201 * ill_dest_addr ipsq + down ill only when ill is up 2202 * 2203 * ill_state_flags ill_lock ill_lock 2204 * exclusive bit flags ipsq_t ipsq_t 2205 * shared bit flags ill_lock ill_lock 2206 * 2207 * ill_arp_muxid ipsq Not atomic 2208 * ill_ip_muxid ipsq Not atomic 2209 * 2210 * ill_ipf_gen Not atomic 2211 * ill_frag_count atomics atomics 2212 * ill_type ipsq + down ill only when ill is up 2213 * ill_dlpi_multicast_state ill_lock ill_lock 2214 * ill_dlpi_fastpath_state ill_lock ill_lock 2215 * ill_dlpi_capab_state ipsq ipsq 2216 * ill_max_hops ipsq Not atomic 2217 * 2218 * ill_max_mtu 2219 * 2220 * ill_user_mtu ipsq + ill_lock ill_lock 2221 * ill_reachable_time ipsq + ill_lock ill_lock 2222 * ill_reachable_retrans_time ipsq + ill_lock ill_lock 2223 * ill_max_buf ipsq + ill_lock ill_lock 2224 * 2225 * Next 2 fields need ill_lock because of the get ioctls. They should not 2226 * report partially updated results without executing in the ipsq. 2227 * ill_token ipsq + ill_lock ill_lock 2228 * ill_token_length ipsq + ill_lock ill_lock 2229 * ill_dest_token ipsq + down ill only when ill is up 2230 * ill_xmit_count ipsq + down ill write once 2231 * ill_ip6_mib ipsq + down ill only when ill is up 2232 * ill_icmp6_mib ipsq + down ill only when ill is up 2233 * ill_arp_down_mp ipsq ipsq 2234 * ill_arp_del_mapping_mp ipsq ipsq 2235 * ill_arp_on_mp ipsq ipsq 2236 * 2237 * ill_phyint ipsq, ill_g_lock, ill_lock Any of them 2238 * ill_flags ill_lock ill_lock 2239 * ill_nd_lla_mp ipsq + down ill only when ill is up 2240 * ill_nd_lla ipsq + down ill only when ill is up 2241 * ill_nd_lla_len ipsq + down ill only when ill is up 2242 * ill_phys_addr_pend ipsq + down ill only when ill is up 2243 * ill_ifname_pending_err ipsq ipsq 2244 * ill_avl_byppa ipsq, ill_g_lock write once 2245 * 2246 * ill_fastpath_list ill_lock ill_lock 2247 * ill_refcnt ill_lock ill_lock 2248 * ill_ire_cnt ill_lock ill_lock 2249 * ill_cv ill_lock ill_lock 2250 * ill_ilm_walker_cnt ill_lock ill_lock 2251 * ill_nce_cnt ill_lock ill_lock 2252 * ill_ilm_cnt ill_lock ill_lock 2253 * ill_src_ipif ill_g_lock ill_g_lock 2254 * ill_trace ill_lock ill_lock 2255 * ill_usesrc_grp_next ill_g_usesrc_lock ill_g_usesrc_lock 2256 * ill_dhcpinit atomics atomics 2257 * ill_flownotify_mh write once write once 2258 * ill_capab_pending_cnt ipsq ipsq 2259 * 2260 * ill_bound_cnt ipsq ipsq 2261 * ill_bound_ipif ipsq ipsq 2262 * ill_actnode ipsq + ipmp_lock ipsq OR ipmp_lock 2263 * ill_grpnode ipsq + ill_g_lock ipsq OR ill_g_lock 2264 * ill_src_ipif ill_g_lock ill_g_lock 2265 * ill_move_ipif ipsq ipsq 2266 * ill_nom_cast ipsq ipsq OR advisory 2267 * ill_refresh_tid ill_lock ill_lock 2268 * ill_grp (for IPMP ill) write once write once 2269 * ill_grp (for underlying ill) ipsq + ill_g_lock ipsq OR ill_g_lock 2270 * 2271 * NOTE: It's OK to make heuristic decisions on an underlying interface 2272 * by using IS_UNDER_IPMP() or comparing ill_grp's raw pointer value. 2273 */ 2274 2275 /* 2276 * For ioctl restart mechanism see ip_reprocess_ioctl() 2277 */ 2278 struct ip_ioctl_cmd_s; 2279 2280 typedef int (*ifunc_t)(ipif_t *, struct sockaddr_in *, queue_t *, mblk_t *, 2281 struct ip_ioctl_cmd_s *, void *); 2282 2283 typedef struct ip_ioctl_cmd_s { 2284 int ipi_cmd; 2285 size_t ipi_copyin_size; 2286 uint_t ipi_flags; 2287 uint_t ipi_cmd_type; 2288 ifunc_t ipi_func; 2289 ifunc_t ipi_func_restart; 2290 } ip_ioctl_cmd_t; 2291 2292 /* 2293 * ipi_cmd_type: 2294 * 2295 * IF_CMD 1 old style ifreq cmd 2296 * LIF_CMD 2 new style lifreq cmd 2297 * ARP_CMD 3 arpreq cmd 2298 * XARP_CMD 4 xarpreq cmd 2299 * MSFILT_CMD 5 multicast source filter cmd 2300 * MISC_CMD 6 misc cmd (not a more specific one above) 2301 */ 2302 2303 enum { IF_CMD = 1, LIF_CMD, ARP_CMD, XARP_CMD, MSFILT_CMD, MISC_CMD }; 2304 2305 #define IPI_DONTCARE 0 /* For ioctl encoded values that don't matter */ 2306 2307 /* Flag values in ipi_flags */ 2308 #define IPI_PRIV 0x1 /* Root only command */ 2309 #define IPI_MODOK 0x2 /* Permitted on mod instance of IP */ 2310 #define IPI_WR 0x4 /* Need to grab writer access */ 2311 #define IPI_GET_CMD 0x8 /* branch to mi_copyout on success */ 2312 /* unused 0x10 */ 2313 #define IPI_NULL_BCONT 0x20 /* ioctl has not data and hence no b_cont */ 2314 #define IPI_PASS_DOWN 0x40 /* pass this ioctl down when a module only */ 2315 2316 extern ip_ioctl_cmd_t ip_ndx_ioctl_table[]; 2317 extern ip_ioctl_cmd_t ip_misc_ioctl_table[]; 2318 extern int ip_ndx_ioctl_count; 2319 extern int ip_misc_ioctl_count; 2320 2321 /* Passed down by ARP to IP during I_PLINK/I_PUNLINK */ 2322 typedef struct ipmx_s { 2323 char ipmx_name[LIFNAMSIZ]; /* if name */ 2324 uint_t 2325 ipmx_arpdev_stream : 1, /* This is the arp stream */ 2326 ipmx_notused : 31; 2327 } ipmx_t; 2328 2329 /* 2330 * State for detecting if a driver supports certain features. 2331 * Support for DL_ENABMULTI_REQ uses ill_dlpi_multicast_state. 2332 * Support for DLPI M_DATA fastpath uses ill_dlpi_fastpath_state. 2333 */ 2334 #define IDS_UNKNOWN 0 /* No DLPI request sent */ 2335 #define IDS_INPROGRESS 1 /* DLPI request sent */ 2336 #define IDS_OK 2 /* DLPI request completed successfully */ 2337 #define IDS_FAILED 3 /* DLPI request failed */ 2338 2339 /* Support for DL_CAPABILITY_REQ uses ill_dlpi_capab_state. */ 2340 enum { 2341 IDCS_UNKNOWN, 2342 IDCS_PROBE_SENT, 2343 IDCS_OK, 2344 IDCS_RESET_SENT, 2345 IDCS_RENEG, 2346 IDCS_FAILED 2347 }; 2348 2349 /* Named Dispatch Parameter Management Structure */ 2350 typedef struct ipparam_s { 2351 uint_t ip_param_min; 2352 uint_t ip_param_max; 2353 uint_t ip_param_value; 2354 char *ip_param_name; 2355 } ipparam_t; 2356 2357 /* Extended NDP Management Structure */ 2358 typedef struct ipndp_s { 2359 ndgetf_t ip_ndp_getf; 2360 ndsetf_t ip_ndp_setf; 2361 caddr_t ip_ndp_data; 2362 char *ip_ndp_name; 2363 } ipndp_t; 2364 2365 /* 2366 * The kernel stores security attributes of all gateways in a database made 2367 * up of one or more tsol_gcdb_t elements. Each tsol_gcdb_t contains the 2368 * security-related credentials of the gateway. More than one gateways may 2369 * share entries in the database. 2370 * 2371 * The tsol_gc_t structure represents the gateway to credential association, 2372 * and refers to an entry in the database. One or more tsol_gc_t entities are 2373 * grouped together to form one or more tsol_gcgrp_t, each representing the 2374 * list of security attributes specific to the gateway. A gateway may be 2375 * associated with at most one credentials group. 2376 */ 2377 struct tsol_gcgrp_s; 2378 2379 extern uchar_t ip6opt_ls; /* TX IPv6 enabler */ 2380 2381 /* 2382 * Gateway security credential record. 2383 */ 2384 typedef struct tsol_gcdb_s { 2385 uint_t gcdb_refcnt; /* reference count */ 2386 struct rtsa_s gcdb_attr; /* security attributes */ 2387 #define gcdb_mask gcdb_attr.rtsa_mask 2388 #define gcdb_doi gcdb_attr.rtsa_doi 2389 #define gcdb_slrange gcdb_attr.rtsa_slrange 2390 } tsol_gcdb_t; 2391 2392 /* 2393 * Gateway to credential association. 2394 */ 2395 typedef struct tsol_gc_s { 2396 uint_t gc_refcnt; /* reference count */ 2397 struct tsol_gcgrp_s *gc_grp; /* pointer to group */ 2398 struct tsol_gc_s *gc_prev; /* previous in list */ 2399 struct tsol_gc_s *gc_next; /* next in list */ 2400 tsol_gcdb_t *gc_db; /* pointer to actual credentials */ 2401 } tsol_gc_t; 2402 2403 /* 2404 * Gateway credentials group address. 2405 */ 2406 typedef struct tsol_gcgrp_addr_s { 2407 int ga_af; /* address family */ 2408 in6_addr_t ga_addr; /* IPv4 mapped or IPv6 address */ 2409 } tsol_gcgrp_addr_t; 2410 2411 /* 2412 * Gateway credentials group. 2413 */ 2414 typedef struct tsol_gcgrp_s { 2415 uint_t gcgrp_refcnt; /* reference count */ 2416 krwlock_t gcgrp_rwlock; /* lock to protect following */ 2417 uint_t gcgrp_count; /* number of credentials */ 2418 tsol_gc_t *gcgrp_head; /* first credential in list */ 2419 tsol_gc_t *gcgrp_tail; /* last credential in list */ 2420 tsol_gcgrp_addr_t gcgrp_addr; /* next-hop gateway address */ 2421 } tsol_gcgrp_t; 2422 2423 extern kmutex_t gcgrp_lock; 2424 2425 #define GC_REFRELE(p) { \ 2426 ASSERT((p)->gc_grp != NULL); \ 2427 rw_enter(&(p)->gc_grp->gcgrp_rwlock, RW_WRITER); \ 2428 ASSERT((p)->gc_refcnt > 0); \ 2429 if (--((p)->gc_refcnt) == 0) \ 2430 gc_inactive(p); \ 2431 else \ 2432 rw_exit(&(p)->gc_grp->gcgrp_rwlock); \ 2433 } 2434 2435 #define GCGRP_REFHOLD(p) { \ 2436 mutex_enter(&gcgrp_lock); \ 2437 ++((p)->gcgrp_refcnt); \ 2438 ASSERT((p)->gcgrp_refcnt != 0); \ 2439 mutex_exit(&gcgrp_lock); \ 2440 } 2441 2442 #define GCGRP_REFRELE(p) { \ 2443 mutex_enter(&gcgrp_lock); \ 2444 ASSERT((p)->gcgrp_refcnt > 0); \ 2445 if (--((p)->gcgrp_refcnt) == 0) \ 2446 gcgrp_inactive(p); \ 2447 ASSERT(MUTEX_HELD(&gcgrp_lock)); \ 2448 mutex_exit(&gcgrp_lock); \ 2449 } 2450 2451 /* 2452 * IRE gateway security attributes structure, pointed to by tsol_ire_gw_secattr 2453 */ 2454 struct tsol_tnrhc; 2455 2456 typedef struct tsol_ire_gw_secattr_s { 2457 kmutex_t igsa_lock; /* lock to protect following */ 2458 struct tsol_tnrhc *igsa_rhc; /* host entry for gateway */ 2459 tsol_gc_t *igsa_gc; /* for prefix IREs */ 2460 tsol_gcgrp_t *igsa_gcgrp; /* for cache IREs */ 2461 } tsol_ire_gw_secattr_t; 2462 2463 /* 2464 * Following are the macros to increment/decrement the reference 2465 * count of the IREs and IRBs (ire bucket). 2466 * 2467 * 1) We bump up the reference count of an IRE to make sure that 2468 * it does not get deleted and freed while we are using it. 2469 * Typically all the lookup functions hold the bucket lock, 2470 * and look for the IRE. If it finds an IRE, it bumps up the 2471 * reference count before dropping the lock. Sometimes we *may* want 2472 * to bump up the reference count after we *looked* up i.e without 2473 * holding the bucket lock. So, the IRE_REFHOLD macro does not assert 2474 * on the bucket lock being held. Any thread trying to delete from 2475 * the hash bucket can still do so but cannot free the IRE if 2476 * ire_refcnt is not 0. 2477 * 2478 * 2) We bump up the reference count on the bucket where the IRE resides 2479 * (IRB), when we want to prevent the IREs getting deleted from a given 2480 * hash bucket. This makes life easier for ire_walk type functions which 2481 * wants to walk the IRE list, call a function, but needs to drop 2482 * the bucket lock to prevent recursive rw_enters. While the 2483 * lock is dropped, the list could be changed by other threads or 2484 * the same thread could end up deleting the ire or the ire pointed by 2485 * ire_next. IRE_REFHOLDing the ire or ire_next is not sufficient as 2486 * a delete will still remove the ire from the bucket while we have 2487 * dropped the lock and hence the ire_next would be NULL. Thus, we 2488 * need a mechanism to prevent deletions from a given bucket. 2489 * 2490 * To prevent deletions, we bump up the reference count on the 2491 * bucket. If the bucket is held, ire_delete just marks IRE_MARK_CONDEMNED 2492 * both on the ire's ire_marks and the bucket's irb_marks. When the 2493 * reference count on the bucket drops to zero, all the CONDEMNED ires 2494 * are deleted. We don't have to bump up the reference count on the 2495 * bucket if we are walking the bucket and never have to drop the bucket 2496 * lock. Note that IRB_REFHOLD does not prevent addition of new ires 2497 * in the list. It is okay because addition of new ires will not cause 2498 * ire_next to point to freed memory. We do IRB_REFHOLD only when 2499 * all of the 3 conditions are true : 2500 * 2501 * 1) The code needs to walk the IRE bucket from start to end. 2502 * 2) It may have to drop the bucket lock sometimes while doing (1) 2503 * 3) It does not want any ires to be deleted meanwhile. 2504 */ 2505 2506 /* 2507 * Bump up the reference count on the IRE. We cannot assert that the 2508 * bucket lock is being held as it is legal to bump up the reference 2509 * count after the first lookup has returned the IRE without 2510 * holding the lock. Currently ip_wput does this for caching IRE_CACHEs. 2511 */ 2512 2513 #ifdef DEBUG 2514 #define IRE_UNTRACE_REF(ire) ire_untrace_ref(ire); 2515 #define IRE_TRACE_REF(ire) ire_trace_ref(ire); 2516 #else 2517 #define IRE_UNTRACE_REF(ire) 2518 #define IRE_TRACE_REF(ire) 2519 #endif 2520 2521 #define IRE_REFHOLD_NOTR(ire) { \ 2522 atomic_add_32(&(ire)->ire_refcnt, 1); \ 2523 ASSERT((ire)->ire_refcnt != 0); \ 2524 } 2525 2526 #define IRE_REFHOLD(ire) { \ 2527 IRE_REFHOLD_NOTR(ire); \ 2528 IRE_TRACE_REF(ire); \ 2529 } 2530 2531 #define IRE_REFHOLD_LOCKED(ire) { \ 2532 IRE_TRACE_REF(ire); \ 2533 (ire)->ire_refcnt++; \ 2534 } 2535 2536 /* 2537 * Decrement the reference count on the IRE. 2538 * In architectures e.g sun4u, where atomic_add_32_nv is just 2539 * a cas, we need to maintain the right memory barrier semantics 2540 * as that of mutex_exit i.e all the loads and stores should complete 2541 * before the cas is executed. membar_exit() does that here. 2542 * 2543 * NOTE : This macro is used only in places where we want performance. 2544 * To avoid bloating the code, we use the function "ire_refrele" 2545 * which essentially calls the macro. 2546 */ 2547 #define IRE_REFRELE_NOTR(ire) { \ 2548 ASSERT((ire)->ire_refcnt != 0); \ 2549 membar_exit(); \ 2550 if (atomic_add_32_nv(&(ire)->ire_refcnt, -1) == 0) \ 2551 ire_inactive(ire); \ 2552 } 2553 2554 #define IRE_REFRELE(ire) { \ 2555 if (ire->ire_bucket != NULL) { \ 2556 IRE_UNTRACE_REF(ire); \ 2557 } \ 2558 IRE_REFRELE_NOTR(ire); \ 2559 } 2560 2561 /* 2562 * Bump up the reference count on the hash bucket - IRB to 2563 * prevent ires from being deleted in this bucket. 2564 */ 2565 #define IRB_REFHOLD(irb) { \ 2566 rw_enter(&(irb)->irb_lock, RW_WRITER); \ 2567 (irb)->irb_refcnt++; \ 2568 ASSERT((irb)->irb_refcnt != 0); \ 2569 rw_exit(&(irb)->irb_lock); \ 2570 } 2571 #define IRB_REFHOLD_LOCKED(irb) { \ 2572 ASSERT(RW_WRITE_HELD(&(irb)->irb_lock)); \ 2573 (irb)->irb_refcnt++; \ 2574 ASSERT((irb)->irb_refcnt != 0); \ 2575 } 2576 2577 void irb_refrele_ftable(irb_t *); 2578 /* 2579 * Note: when IRB_MARK_FTABLE (i.e., IRE_CACHETABLE entry), the irb_t 2580 * is statically allocated, so that when the irb_refcnt goes to 0, 2581 * we simply clean up the ire list and continue. 2582 */ 2583 #define IRB_REFRELE(irb) { \ 2584 if ((irb)->irb_marks & IRB_MARK_FTABLE) { \ 2585 irb_refrele_ftable((irb)); \ 2586 } else { \ 2587 rw_enter(&(irb)->irb_lock, RW_WRITER); \ 2588 ASSERT((irb)->irb_refcnt != 0); \ 2589 if (--(irb)->irb_refcnt == 0 && \ 2590 ((irb)->irb_marks & IRE_MARK_CONDEMNED)) { \ 2591 ire_t *ire_list; \ 2592 \ 2593 ire_list = ire_unlink(irb); \ 2594 rw_exit(&(irb)->irb_lock); \ 2595 ASSERT(ire_list != NULL); \ 2596 ire_cleanup(ire_list); \ 2597 } else { \ 2598 rw_exit(&(irb)->irb_lock); \ 2599 } \ 2600 } \ 2601 } 2602 2603 extern struct kmem_cache *rt_entry_cache; 2604 2605 /* 2606 * Lock the fast path mp for access, since the fp_mp can be deleted 2607 * due a DL_NOTE_FASTPATH_FLUSH in the case of IRE_BROADCAST 2608 */ 2609 2610 #define LOCK_IRE_FP_MP(ire) { \ 2611 if ((ire)->ire_type == IRE_BROADCAST) \ 2612 mutex_enter(&ire->ire_nce->nce_lock); \ 2613 } 2614 #define UNLOCK_IRE_FP_MP(ire) { \ 2615 if ((ire)->ire_type == IRE_BROADCAST) \ 2616 mutex_exit(&ire->ire_nce->nce_lock); \ 2617 } 2618 2619 typedef struct ire4 { 2620 ipaddr_t ire4_src_addr; /* Source address to use. */ 2621 ipaddr_t ire4_mask; /* Mask for matching this IRE. */ 2622 ipaddr_t ire4_addr; /* Address this IRE represents. */ 2623 ipaddr_t ire4_gateway_addr; /* Gateway if IRE_CACHE/IRE_OFFSUBNET */ 2624 ipaddr_t ire4_cmask; /* Mask from parent prefix route */ 2625 } ire4_t; 2626 2627 typedef struct ire6 { 2628 in6_addr_t ire6_src_addr; /* Source address to use. */ 2629 in6_addr_t ire6_mask; /* Mask for matching this IRE. */ 2630 in6_addr_t ire6_addr; /* Address this IRE represents. */ 2631 in6_addr_t ire6_gateway_addr; /* Gateway if IRE_CACHE/IRE_OFFSUBNET */ 2632 in6_addr_t ire6_cmask; /* Mask from parent prefix route */ 2633 } ire6_t; 2634 2635 typedef union ire_addr { 2636 ire6_t ire6_u; 2637 ire4_t ire4_u; 2638 } ire_addr_u_t; 2639 2640 /* Internet Routing Entry */ 2641 typedef struct ire_s { 2642 struct ire_s *ire_next; /* The hash chain must be first. */ 2643 struct ire_s **ire_ptpn; /* Pointer to previous next. */ 2644 uint32_t ire_refcnt; /* Number of references */ 2645 mblk_t *ire_mp; /* Non-null if allocated as mblk */ 2646 queue_t *ire_rfq; /* recv from this queue */ 2647 queue_t *ire_stq; /* send to this queue */ 2648 union { 2649 uint_t *max_fragp; /* Used only during ire creation */ 2650 uint_t max_frag; /* MTU (next hop or path). */ 2651 } imf_u; 2652 #define ire_max_frag imf_u.max_frag 2653 #define ire_max_fragp imf_u.max_fragp 2654 uint32_t ire_frag_flag; /* IPH_DF or zero. */ 2655 uint32_t ire_ident; /* Per IRE IP ident. */ 2656 uint32_t ire_tire_mark; /* Used for reclaim of unused. */ 2657 uchar_t ire_ipversion; /* IPv4/IPv6 version */ 2658 uchar_t ire_marks; /* IRE_MARK_CONDEMNED etc. */ 2659 ushort_t ire_type; /* Type of IRE */ 2660 uint_t ire_ib_pkt_count; /* Inbound packets for ire_addr */ 2661 uint_t ire_ob_pkt_count; /* Outbound packets to ire_addr */ 2662 uint_t ire_ll_hdr_length; /* Non-zero if we do M_DATA prepends */ 2663 time_t ire_create_time; /* Time (in secs) IRE was created. */ 2664 uint32_t ire_phandle; /* Associate prefix IREs to cache */ 2665 uint32_t ire_ihandle; /* Associate interface IREs to cache */ 2666 ipif_t *ire_ipif; /* the interface that this ire uses */ 2667 uint32_t ire_flags; /* flags related to route (RTF_*) */ 2668 /* 2669 * Neighbor Cache Entry for IPv6; arp info for IPv4 2670 */ 2671 struct nce_s *ire_nce; 2672 uint_t ire_masklen; /* # bits in ire_mask{,_v6} */ 2673 ire_addr_u_t ire_u; /* IPv4/IPv6 address info. */ 2674 2675 irb_t *ire_bucket; /* Hash bucket when ire_ptphn is set */ 2676 iulp_t ire_uinfo; /* Upper layer protocol info. */ 2677 /* 2678 * Protects ire_uinfo, ire_max_frag, and ire_frag_flag. 2679 */ 2680 kmutex_t ire_lock; 2681 uint_t ire_ipif_seqid; /* ipif_seqid of ire_ipif */ 2682 uint_t ire_ipif_ifindex; /* ifindex associated with ipif */ 2683 clock_t ire_last_used_time; /* Last used time */ 2684 tsol_ire_gw_secattr_t *ire_gw_secattr; /* gateway security attributes */ 2685 zoneid_t ire_zoneid; /* for local address discrimination */ 2686 /* 2687 * ire's that are embedded inside mblk_t and sent to the external 2688 * resolver use the ire_stq_ifindex to track the ifindex of the 2689 * ire_stq, so that the ill (if it exists) can be correctly recovered 2690 * for cleanup in the esbfree routine when arp failure occurs. 2691 * Similarly, the ire_stackid is used to recover the ip_stack_t. 2692 */ 2693 uint_t ire_stq_ifindex; 2694 netstackid_t ire_stackid; 2695 uint_t ire_defense_count; /* number of ARP conflicts */ 2696 uint_t ire_defense_time; /* last time defended (secs) */ 2697 boolean_t ire_trace_disable; /* True when alloc fails */ 2698 ip_stack_t *ire_ipst; /* Does not have a netstack_hold */ 2699 } ire_t; 2700 2701 /* IPv4 compatibility macros */ 2702 #define ire_src_addr ire_u.ire4_u.ire4_src_addr 2703 #define ire_mask ire_u.ire4_u.ire4_mask 2704 #define ire_addr ire_u.ire4_u.ire4_addr 2705 #define ire_gateway_addr ire_u.ire4_u.ire4_gateway_addr 2706 #define ire_cmask ire_u.ire4_u.ire4_cmask 2707 2708 #define ire_src_addr_v6 ire_u.ire6_u.ire6_src_addr 2709 #define ire_mask_v6 ire_u.ire6_u.ire6_mask 2710 #define ire_addr_v6 ire_u.ire6_u.ire6_addr 2711 #define ire_gateway_addr_v6 ire_u.ire6_u.ire6_gateway_addr 2712 #define ire_cmask_v6 ire_u.ire6_u.ire6_cmask 2713 2714 /* Convenient typedefs for sockaddrs */ 2715 typedef struct sockaddr_in sin_t; 2716 typedef struct sockaddr_in6 sin6_t; 2717 2718 /* Address structure used for internal bind with IP */ 2719 typedef struct ipa_conn_s { 2720 ipaddr_t ac_laddr; 2721 ipaddr_t ac_faddr; 2722 uint16_t ac_fport; 2723 uint16_t ac_lport; 2724 } ipa_conn_t; 2725 2726 typedef struct ipa6_conn_s { 2727 in6_addr_t ac6_laddr; 2728 in6_addr_t ac6_faddr; 2729 uint16_t ac6_fport; 2730 uint16_t ac6_lport; 2731 } ipa6_conn_t; 2732 2733 /* 2734 * Using ipa_conn_x_t or ipa6_conn_x_t allows us to modify the behavior of IP's 2735 * bind handler. 2736 */ 2737 typedef struct ipa_conn_extended_s { 2738 uint64_t acx_flags; 2739 ipa_conn_t acx_conn; 2740 } ipa_conn_x_t; 2741 2742 typedef struct ipa6_conn_extended_s { 2743 uint64_t ac6x_flags; 2744 ipa6_conn_t ac6x_conn; 2745 } ipa6_conn_x_t; 2746 2747 /* flag values for ipa_conn_x_t and ipa6_conn_x_t. */ 2748 #define ACX_VERIFY_DST 0x1ULL /* verify destination address is reachable */ 2749 2750 /* Name/Value Descriptor. */ 2751 typedef struct nv_s { 2752 uint64_t nv_value; 2753 char *nv_name; 2754 } nv_t; 2755 2756 #define ILL_FRAG_HASH(s, i) \ 2757 ((ntohl(s) ^ ((i) ^ ((i) >> 8))) % ILL_FRAG_HASH_TBL_COUNT) 2758 2759 /* 2760 * The MAX number of allowed fragmented packets per hash bucket 2761 * calculation is based on the most common mtu size of 1500. This limit 2762 * will work well for other mtu sizes as well. 2763 */ 2764 #define COMMON_IP_MTU 1500 2765 #define MAX_FRAG_MIN 10 2766 #define MAX_FRAG_PKTS(ipst) \ 2767 MAX(MAX_FRAG_MIN, (2 * (ipst->ips_ip_reass_queue_bytes / \ 2768 (COMMON_IP_MTU * ILL_FRAG_HASH_TBL_COUNT)))) 2769 2770 /* 2771 * Maximum dups allowed per packet. 2772 */ 2773 extern uint_t ip_max_frag_dups; 2774 2775 /* 2776 * Per-packet information for received packets and transmitted. 2777 * Used by the transport protocols when converting between the packet 2778 * and ancillary data and socket options. 2779 * 2780 * Note: This private data structure and related IPPF_* constant 2781 * definitions are exposed to enable compilation of some debugging tools 2782 * like lsof which use struct tcp_t in <inet/tcp.h>. This is intended to be 2783 * a temporary hack and long term alternate interfaces should be defined 2784 * to support the needs of such tools and private definitions moved to 2785 * private headers. 2786 */ 2787 struct ip6_pkt_s { 2788 uint_t ipp_fields; /* Which fields are valid */ 2789 uint_t ipp_sticky_ignored; /* sticky fields to ignore */ 2790 uint_t ipp_ifindex; /* pktinfo ifindex */ 2791 in6_addr_t ipp_addr; /* pktinfo src/dst addr */ 2792 uint_t ipp_unicast_hops; /* IPV6_UNICAST_HOPS */ 2793 uint_t ipp_multicast_hops; /* IPV6_MULTICAST_HOPS */ 2794 uint_t ipp_hoplimit; /* IPV6_HOPLIMIT */ 2795 uint_t ipp_hopoptslen; 2796 uint_t ipp_rtdstoptslen; 2797 uint_t ipp_rthdrlen; 2798 uint_t ipp_dstoptslen; 2799 uint_t ipp_pathmtulen; 2800 uint_t ipp_fraghdrlen; 2801 ip6_hbh_t *ipp_hopopts; 2802 ip6_dest_t *ipp_rtdstopts; 2803 ip6_rthdr_t *ipp_rthdr; 2804 ip6_dest_t *ipp_dstopts; 2805 ip6_frag_t *ipp_fraghdr; 2806 struct ip6_mtuinfo *ipp_pathmtu; 2807 in6_addr_t ipp_nexthop; /* Transmit only */ 2808 uint8_t ipp_tclass; 2809 int8_t ipp_use_min_mtu; 2810 }; 2811 typedef struct ip6_pkt_s ip6_pkt_t; 2812 2813 extern void ip6_pkt_free(ip6_pkt_t *); /* free storage inside ip6_pkt_t */ 2814 2815 /* 2816 * This struct is used by ULP_opt_set() functions to return value of IPv4 2817 * ancillary options. Currently this is only used by udp and icmp and only 2818 * IP_PKTINFO option is supported. 2819 */ 2820 typedef struct ip4_pkt_s { 2821 uint_t ip4_ill_index; /* interface index */ 2822 ipaddr_t ip4_addr; /* source address */ 2823 } ip4_pkt_t; 2824 2825 /* 2826 * Used by ULP's to pass options info to ip_output 2827 * currently only IP_PKTINFO is supported. 2828 */ 2829 typedef struct ip_opt_info_s { 2830 uint_t ip_opt_ill_index; 2831 uint_t ip_opt_flags; 2832 } ip_opt_info_t; 2833 2834 /* 2835 * value for ip_opt_flags 2836 */ 2837 #define IP_VERIFY_SRC 0x1 2838 2839 /* 2840 * This structure is used to convey information from IP and the ULP. 2841 * Currently used for the IP_RECVSLLA, IP_RECVIF and IP_RECVPKTINFO options. 2842 * The type of information field is set to IN_PKTINFO (i.e inbound pkt info) 2843 */ 2844 typedef struct ip_pktinfo { 2845 uint32_t ip_pkt_ulp_type; /* type of info sent */ 2846 uint32_t ip_pkt_flags; /* what is sent up by IP */ 2847 uint32_t ip_pkt_ifindex; /* inbound interface index */ 2848 struct sockaddr_dl ip_pkt_slla; /* has source link layer addr */ 2849 struct in_addr ip_pkt_match_addr; /* matched address */ 2850 } ip_pktinfo_t; 2851 2852 /* 2853 * flags to tell UDP what IP is sending; in_pkt_flags 2854 */ 2855 #define IPF_RECVIF 0x01 /* inbound interface index */ 2856 #define IPF_RECVSLLA 0x02 /* source link layer address */ 2857 /* 2858 * Inbound interface index + matched address. 2859 * Used only by IPV4. 2860 */ 2861 #define IPF_RECVADDR 0x04 2862 2863 /* ipp_fields values */ 2864 #define IPPF_IFINDEX 0x0001 /* Part of in6_pktinfo: ifindex */ 2865 #define IPPF_ADDR 0x0002 /* Part of in6_pktinfo: src/dst addr */ 2866 #define IPPF_SCOPE_ID 0x0004 /* Add xmit ip6i_t for sin6_scope_id */ 2867 #define IPPF_NO_CKSUM 0x0008 /* Add xmit ip6i_t for IP6I_NO_*_CKSUM */ 2868 2869 #define IPPF_RAW_CKSUM 0x0010 /* Add xmit ip6i_t for IP6I_RAW_CHECKSUM */ 2870 #define IPPF_HOPLIMIT 0x0020 2871 #define IPPF_HOPOPTS 0x0040 2872 #define IPPF_RTHDR 0x0080 2873 2874 #define IPPF_RTDSTOPTS 0x0100 2875 #define IPPF_DSTOPTS 0x0200 2876 #define IPPF_NEXTHOP 0x0400 2877 #define IPPF_PATHMTU 0x0800 2878 2879 #define IPPF_TCLASS 0x1000 2880 #define IPPF_DONTFRAG 0x2000 2881 #define IPPF_USE_MIN_MTU 0x04000 2882 #define IPPF_MULTICAST_HOPS 0x08000 2883 2884 #define IPPF_UNICAST_HOPS 0x10000 2885 #define IPPF_FRAGHDR 0x20000 2886 2887 #define IPPF_HAS_IP6I \ 2888 (IPPF_IFINDEX|IPPF_ADDR|IPPF_NEXTHOP|IPPF_SCOPE_ID| \ 2889 IPPF_NO_CKSUM|IPPF_RAW_CKSUM|IPPF_HOPLIMIT|IPPF_DONTFRAG| \ 2890 IPPF_USE_MIN_MTU|IPPF_MULTICAST_HOPS|IPPF_UNICAST_HOPS) 2891 2892 #define TCP_PORTS_OFFSET 0 2893 #define UDP_PORTS_OFFSET 0 2894 2895 /* 2896 * lookups return the ill/ipif only if the flags are clear OR Iam writer. 2897 * ill / ipif lookup functions increment the refcnt on the ill / ipif only 2898 * after calling these macros. This ensures that the refcnt on the ipif or 2899 * ill will eventually drop down to zero. 2900 */ 2901 #define ILL_LOOKUP_FAILED 1 /* Used as error code */ 2902 #define IPIF_LOOKUP_FAILED 2 /* Used as error code */ 2903 2904 #define ILL_CAN_LOOKUP(ill) \ 2905 (!((ill)->ill_state_flags & (ILL_CONDEMNED | ILL_CHANGING)) || \ 2906 IAM_WRITER_ILL(ill)) 2907 2908 #define ILL_CAN_WAIT(ill, q) \ 2909 (((q) != NULL) && !((ill)->ill_state_flags & (ILL_CONDEMNED))) 2910 2911 #define IPIF_CAN_LOOKUP(ipif) \ 2912 (!((ipif)->ipif_state_flags & (IPIF_CONDEMNED | IPIF_CHANGING)) || \ 2913 IAM_WRITER_IPIF(ipif)) 2914 2915 /* 2916 * If the parameter 'q' is NULL, the caller is not interested in wait and 2917 * restart of the operation if the ILL or IPIF cannot be looked up when it is 2918 * marked as 'CHANGING'. Typically a thread that tries to send out data will 2919 * end up passing NULLs as the last 4 parameters to ill_lookup_on_ifindex and 2920 * in this case 'q' is NULL 2921 */ 2922 #define IPIF_CAN_WAIT(ipif, q) \ 2923 (((q) != NULL) && !((ipif)->ipif_state_flags & (IPIF_CONDEMNED))) 2924 2925 #define IPIF_CAN_LOOKUP_WALKER(ipif) \ 2926 (!((ipif)->ipif_state_flags & (IPIF_CONDEMNED)) || \ 2927 IAM_WRITER_IPIF(ipif)) 2928 2929 #define ILL_UNMARK_CHANGING(ill) \ 2930 (ill)->ill_state_flags &= ~ILL_CHANGING; 2931 2932 /* Macros used to assert that this thread is a writer */ 2933 #define IAM_WRITER_IPSQ(ipsq) ((ipsq)->ipsq_xop->ipx_writer == curthread) 2934 #define IAM_WRITER_ILL(ill) IAM_WRITER_IPSQ((ill)->ill_phyint->phyint_ipsq) 2935 #define IAM_WRITER_IPIF(ipif) IAM_WRITER_ILL((ipif)->ipif_ill) 2936 2937 /* 2938 * Grab ill locks in the proper order. The order is highest addressed 2939 * ill is locked first. 2940 */ 2941 #define GRAB_ILL_LOCKS(ill_1, ill_2) \ 2942 { \ 2943 if ((ill_1) > (ill_2)) { \ 2944 if (ill_1 != NULL) \ 2945 mutex_enter(&(ill_1)->ill_lock); \ 2946 if (ill_2 != NULL) \ 2947 mutex_enter(&(ill_2)->ill_lock); \ 2948 } else { \ 2949 if (ill_2 != NULL) \ 2950 mutex_enter(&(ill_2)->ill_lock); \ 2951 if (ill_1 != NULL && ill_1 != ill_2) \ 2952 mutex_enter(&(ill_1)->ill_lock); \ 2953 } \ 2954 } 2955 2956 #define RELEASE_ILL_LOCKS(ill_1, ill_2) \ 2957 { \ 2958 if (ill_1 != NULL) \ 2959 mutex_exit(&(ill_1)->ill_lock); \ 2960 if (ill_2 != NULL && ill_2 != ill_1) \ 2961 mutex_exit(&(ill_2)->ill_lock); \ 2962 } 2963 2964 /* Get the other protocol instance ill */ 2965 #define ILL_OTHER(ill) \ 2966 ((ill)->ill_isv6 ? (ill)->ill_phyint->phyint_illv4 : \ 2967 (ill)->ill_phyint->phyint_illv6) 2968 2969 /* ioctl command info: Ioctl properties extracted and stored in here */ 2970 typedef struct cmd_info_s 2971 { 2972 ipif_t *ci_ipif; /* ipif associated with [l]ifreq ioctl's */ 2973 sin_t *ci_sin; /* the sin struct passed down */ 2974 sin6_t *ci_sin6; /* the sin6_t struct passed down */ 2975 struct lifreq *ci_lifr; /* the lifreq struct passed down */ 2976 } cmd_info_t; 2977 2978 /* 2979 * List of AH and ESP IPsec acceleration capable ills 2980 */ 2981 typedef struct ipsec_capab_ill_s { 2982 uint_t ill_index; 2983 boolean_t ill_isv6; 2984 struct ipsec_capab_ill_s *next; 2985 } ipsec_capab_ill_t; 2986 2987 extern struct kmem_cache *ire_cache; 2988 2989 extern ipaddr_t ip_g_all_ones; 2990 2991 extern uint_t ip_loopback_mtu; /* /etc/system */ 2992 2993 extern vmem_t *ip_minor_arena_sa; 2994 extern vmem_t *ip_minor_arena_la; 2995 2996 /* 2997 * ip_g_forward controls IP forwarding. It takes two values: 2998 * 0: IP_FORWARD_NEVER Don't forward packets ever. 2999 * 1: IP_FORWARD_ALWAYS Forward packets for elsewhere. 3000 * 3001 * RFC1122 says there must be a configuration switch to control forwarding, 3002 * but that the default MUST be to not forward packets ever. Implicit 3003 * control based on configuration of multiple interfaces MUST NOT be 3004 * implemented (Section 3.1). SunOS 4.1 did provide the "automatic" capability 3005 * and, in fact, it was the default. That capability is now provided in the 3006 * /etc/rc2.d/S69inet script. 3007 */ 3008 3009 #define ips_ip_respond_to_address_mask_broadcast ips_param_arr[0].ip_param_value 3010 #define ips_ip_g_resp_to_echo_bcast ips_param_arr[1].ip_param_value 3011 #define ips_ip_g_resp_to_echo_mcast ips_param_arr[2].ip_param_value 3012 #define ips_ip_g_resp_to_timestamp ips_param_arr[3].ip_param_value 3013 #define ips_ip_g_resp_to_timestamp_bcast ips_param_arr[4].ip_param_value 3014 #define ips_ip_g_send_redirects ips_param_arr[5].ip_param_value 3015 #define ips_ip_g_forward_directed_bcast ips_param_arr[6].ip_param_value 3016 #define ips_ip_mrtdebug ips_param_arr[7].ip_param_value 3017 #define ips_ip_timer_interval ips_param_arr[8].ip_param_value 3018 #define ips_ip_ire_arp_interval ips_param_arr[9].ip_param_value 3019 #define ips_ip_ire_redir_interval ips_param_arr[10].ip_param_value 3020 #define ips_ip_def_ttl ips_param_arr[11].ip_param_value 3021 #define ips_ip_forward_src_routed ips_param_arr[12].ip_param_value 3022 #define ips_ip_wroff_extra ips_param_arr[13].ip_param_value 3023 #define ips_ip_ire_pathmtu_interval ips_param_arr[14].ip_param_value 3024 #define ips_ip_icmp_return ips_param_arr[15].ip_param_value 3025 #define ips_ip_path_mtu_discovery ips_param_arr[16].ip_param_value 3026 #define ips_ip_ignore_delete_time ips_param_arr[17].ip_param_value 3027 #define ips_ip_ignore_redirect ips_param_arr[18].ip_param_value 3028 #define ips_ip_output_queue ips_param_arr[19].ip_param_value 3029 #define ips_ip_broadcast_ttl ips_param_arr[20].ip_param_value 3030 #define ips_ip_icmp_err_interval ips_param_arr[21].ip_param_value 3031 #define ips_ip_icmp_err_burst ips_param_arr[22].ip_param_value 3032 #define ips_ip_reass_queue_bytes ips_param_arr[23].ip_param_value 3033 #define ips_ip_strict_dst_multihoming ips_param_arr[24].ip_param_value 3034 #define ips_ip_addrs_per_if ips_param_arr[25].ip_param_value 3035 #define ips_ipsec_override_persocket_policy ips_param_arr[26].ip_param_value 3036 #define ips_icmp_accept_clear_messages ips_param_arr[27].ip_param_value 3037 #define ips_igmp_accept_clear_messages ips_param_arr[28].ip_param_value 3038 3039 /* IPv6 configuration knobs */ 3040 #define ips_delay_first_probe_time ips_param_arr[29].ip_param_value 3041 #define ips_max_unicast_solicit ips_param_arr[30].ip_param_value 3042 #define ips_ipv6_def_hops ips_param_arr[31].ip_param_value 3043 #define ips_ipv6_icmp_return ips_param_arr[32].ip_param_value 3044 #define ips_ipv6_forward_src_routed ips_param_arr[33].ip_param_value 3045 #define ips_ipv6_resp_echo_mcast ips_param_arr[34].ip_param_value 3046 #define ips_ipv6_send_redirects ips_param_arr[35].ip_param_value 3047 #define ips_ipv6_ignore_redirect ips_param_arr[36].ip_param_value 3048 #define ips_ipv6_strict_dst_multihoming ips_param_arr[37].ip_param_value 3049 #define ips_ip_ire_reclaim_fraction ips_param_arr[38].ip_param_value 3050 #define ips_ipsec_policy_log_interval ips_param_arr[39].ip_param_value 3051 #define ips_pim_accept_clear_messages ips_param_arr[40].ip_param_value 3052 #define ips_ip_ndp_unsolicit_interval ips_param_arr[41].ip_param_value 3053 #define ips_ip_ndp_unsolicit_count ips_param_arr[42].ip_param_value 3054 #define ips_ipv6_ignore_home_address_opt ips_param_arr[43].ip_param_value 3055 3056 /* Misc IP configuration knobs */ 3057 #define ips_ip_policy_mask ips_param_arr[44].ip_param_value 3058 #define ips_ip_multirt_resolution_interval ips_param_arr[45].ip_param_value 3059 #define ips_ip_multirt_ttl ips_param_arr[46].ip_param_value 3060 #define ips_ip_multidata_outbound ips_param_arr[47].ip_param_value 3061 #define ips_ip_ndp_defense_interval ips_param_arr[48].ip_param_value 3062 #define ips_ip_max_temp_idle ips_param_arr[49].ip_param_value 3063 #define ips_ip_max_temp_defend ips_param_arr[50].ip_param_value 3064 #define ips_ip_max_defend ips_param_arr[51].ip_param_value 3065 #define ips_ip_defend_interval ips_param_arr[52].ip_param_value 3066 #define ips_ip_dup_recovery ips_param_arr[53].ip_param_value 3067 #define ips_ip_restrict_interzone_loopback ips_param_arr[54].ip_param_value 3068 #define ips_ip_lso_outbound ips_param_arr[55].ip_param_value 3069 #define ips_igmp_max_version ips_param_arr[56].ip_param_value 3070 #define ips_mld_max_version ips_param_arr[57].ip_param_value 3071 #define ips_ip_pmtu_min ips_param_arr[58].ip_param_value 3072 #define ips_ipv6_drop_inbound_icmpv6 ips_param_arr[59].ip_param_value 3073 3074 extern int dohwcksum; /* use h/w cksum if supported by the h/w */ 3075 #ifdef ZC_TEST 3076 extern int noswcksum; 3077 #endif 3078 3079 extern char ipif_loopback_name[]; 3080 3081 extern nv_t *ire_nv_tbl; 3082 3083 extern struct module_info ip_mod_info; 3084 3085 #define HOOKS4_INTERESTED_PHYSICAL_IN(ipst) \ 3086 ((ipst)->ips_ip4_physical_in_event.he_interested) 3087 #define HOOKS6_INTERESTED_PHYSICAL_IN(ipst) \ 3088 ((ipst)->ips_ip6_physical_in_event.he_interested) 3089 #define HOOKS4_INTERESTED_PHYSICAL_OUT(ipst) \ 3090 ((ipst)->ips_ip4_physical_out_event.he_interested) 3091 #define HOOKS6_INTERESTED_PHYSICAL_OUT(ipst) \ 3092 ((ipst)->ips_ip6_physical_out_event.he_interested) 3093 #define HOOKS4_INTERESTED_FORWARDING(ipst) \ 3094 ((ipst)->ips_ip4_forwarding_event.he_interested) 3095 #define HOOKS6_INTERESTED_FORWARDING(ipst) \ 3096 ((ipst)->ips_ip6_forwarding_event.he_interested) 3097 #define HOOKS4_INTERESTED_LOOPBACK_IN(ipst) \ 3098 ((ipst)->ips_ip4_loopback_in_event.he_interested) 3099 #define HOOKS6_INTERESTED_LOOPBACK_IN(ipst) \ 3100 ((ipst)->ips_ip6_loopback_in_event.he_interested) 3101 #define HOOKS4_INTERESTED_LOOPBACK_OUT(ipst) \ 3102 ((ipst)->ips_ip4_loopback_out_event.he_interested) 3103 #define HOOKS6_INTERESTED_LOOPBACK_OUT(ipst) \ 3104 ((ipst)->ips_ip6_loopback_out_event.he_interested) 3105 3106 /* 3107 * Hooks macros used inside of ip 3108 */ 3109 #define FW_HOOKS(_hook, _event, _ilp, _olp, _iph, _fm, _m, _llm, ipst) \ 3110 \ 3111 if ((_hook).he_interested) { \ 3112 hook_pkt_event_t info; \ 3113 \ 3114 _NOTE(CONSTCOND) \ 3115 ASSERT((_ilp != NULL) || (_olp != NULL)); \ 3116 \ 3117 FW_SET_ILL_INDEX(info.hpe_ifp, (ill_t *)_ilp); \ 3118 FW_SET_ILL_INDEX(info.hpe_ofp, (ill_t *)_olp); \ 3119 info.hpe_protocol = ipst->ips_ipv4_net_data; \ 3120 info.hpe_hdr = _iph; \ 3121 info.hpe_mp = &(_fm); \ 3122 info.hpe_mb = _m; \ 3123 info.hpe_flags = _llm; \ 3124 if (hook_run(ipst->ips_ipv4_net_data->netd_hooks, \ 3125 _event, (hook_data_t)&info) != 0) { \ 3126 ip2dbg(("%s hook dropped mblk chain %p hdr %p\n",\ 3127 (_hook).he_name, (void *)_fm, (void *)_m)); \ 3128 freemsg(_fm); \ 3129 _fm = NULL; \ 3130 _iph = NULL; \ 3131 _m = NULL; \ 3132 } else { \ 3133 _iph = info.hpe_hdr; \ 3134 _m = info.hpe_mb; \ 3135 } \ 3136 } 3137 3138 #define FW_HOOKS6(_hook, _event, _ilp, _olp, _iph, _fm, _m, _llm, ipst) \ 3139 \ 3140 if ((_hook).he_interested) { \ 3141 hook_pkt_event_t info; \ 3142 \ 3143 _NOTE(CONSTCOND) \ 3144 ASSERT((_ilp != NULL) || (_olp != NULL)); \ 3145 \ 3146 FW_SET_ILL_INDEX(info.hpe_ifp, (ill_t *)_ilp); \ 3147 FW_SET_ILL_INDEX(info.hpe_ofp, (ill_t *)_olp); \ 3148 info.hpe_protocol = ipst->ips_ipv6_net_data; \ 3149 info.hpe_hdr = _iph; \ 3150 info.hpe_mp = &(_fm); \ 3151 info.hpe_mb = _m; \ 3152 info.hpe_flags = _llm; \ 3153 if (hook_run(ipst->ips_ipv6_net_data->netd_hooks, \ 3154 _event, (hook_data_t)&info) != 0) { \ 3155 ip2dbg(("%s hook dropped mblk chain %p hdr %p\n",\ 3156 (_hook).he_name, (void *)_fm, (void *)_m)); \ 3157 freemsg(_fm); \ 3158 _fm = NULL; \ 3159 _iph = NULL; \ 3160 _m = NULL; \ 3161 } else { \ 3162 _iph = info.hpe_hdr; \ 3163 _m = info.hpe_mb; \ 3164 } \ 3165 } 3166 3167 #define FW_SET_ILL_INDEX(fp, ill) \ 3168 _NOTE(CONSTCOND) \ 3169 if ((ill) == NULL || (ill)->ill_phyint == NULL) { \ 3170 (fp) = 0; \ 3171 _NOTE(CONSTCOND) \ 3172 } else if (IS_UNDER_IPMP(ill)) { \ 3173 (fp) = ipmp_ill_get_ipmp_ifindex(ill); \ 3174 } else { \ 3175 (fp) = (ill)->ill_phyint->phyint_ifindex; \ 3176 } 3177 3178 /* 3179 * Network byte order macros 3180 */ 3181 #ifdef _BIG_ENDIAN 3182 #define N_IN_CLASSA_NET IN_CLASSA_NET 3183 #define N_IN_CLASSD_NET IN_CLASSD_NET 3184 #define N_INADDR_UNSPEC_GROUP INADDR_UNSPEC_GROUP 3185 #define N_IN_LOOPBACK_NET (ipaddr_t)0x7f000000U 3186 #else /* _BIG_ENDIAN */ 3187 #define N_IN_CLASSA_NET (ipaddr_t)0x000000ffU 3188 #define N_IN_CLASSD_NET (ipaddr_t)0x000000f0U 3189 #define N_INADDR_UNSPEC_GROUP (ipaddr_t)0x000000e0U 3190 #define N_IN_LOOPBACK_NET (ipaddr_t)0x0000007fU 3191 #endif /* _BIG_ENDIAN */ 3192 #define CLASSD(addr) (((addr) & N_IN_CLASSD_NET) == N_INADDR_UNSPEC_GROUP) 3193 #define CLASSE(addr) (((addr) & N_IN_CLASSD_NET) == N_IN_CLASSD_NET) 3194 #define IP_LOOPBACK_ADDR(addr) \ 3195 (((addr) & N_IN_CLASSA_NET == N_IN_LOOPBACK_NET)) 3196 3197 #ifdef DEBUG 3198 /* IPsec HW acceleration debugging support */ 3199 3200 #define IPSECHW_CAPAB 0x0001 /* capability negotiation */ 3201 #define IPSECHW_SADB 0x0002 /* SADB exchange */ 3202 #define IPSECHW_PKT 0x0004 /* general packet flow */ 3203 #define IPSECHW_PKTIN 0x0008 /* driver in pkt processing details */ 3204 #define IPSECHW_PKTOUT 0x0010 /* driver out pkt processing details */ 3205 3206 #define IPSECHW_DEBUG(f, x) if (ipsechw_debug & (f)) { (void) printf x; } 3207 #define IPSECHW_CALL(f, r, x) if (ipsechw_debug & (f)) { (void) r x; } 3208 3209 extern uint32_t ipsechw_debug; 3210 #else 3211 #define IPSECHW_DEBUG(f, x) {} 3212 #define IPSECHW_CALL(f, r, x) {} 3213 #endif 3214 3215 extern int ip_debug; 3216 extern uint_t ip_thread_data; 3217 extern krwlock_t ip_thread_rwlock; 3218 extern list_t ip_thread_list; 3219 3220 #ifdef IP_DEBUG 3221 #include <sys/debug.h> 3222 #include <sys/promif.h> 3223 3224 #define ip0dbg(a) printf a 3225 #define ip1dbg(a) if (ip_debug > 2) printf a 3226 #define ip2dbg(a) if (ip_debug > 3) printf a 3227 #define ip3dbg(a) if (ip_debug > 4) printf a 3228 #else 3229 #define ip0dbg(a) /* */ 3230 #define ip1dbg(a) /* */ 3231 #define ip2dbg(a) /* */ 3232 #define ip3dbg(a) /* */ 3233 #endif /* IP_DEBUG */ 3234 3235 /* Default MAC-layer address string length for mac_colon_addr */ 3236 #define MAC_STR_LEN 128 3237 3238 struct ipsec_out_s; 3239 3240 struct mac_header_info_s; 3241 3242 extern void ill_frag_timer(void *); 3243 extern ill_t *ill_first(int, int, ill_walk_context_t *, ip_stack_t *); 3244 extern ill_t *ill_next(ill_walk_context_t *, ill_t *); 3245 extern void ill_frag_timer_start(ill_t *); 3246 extern void ill_nic_event_dispatch(ill_t *, lif_if_t, nic_event_t, 3247 nic_event_data_t, size_t); 3248 extern mblk_t *ip_carve_mp(mblk_t **, ssize_t); 3249 extern mblk_t *ip_dlpi_alloc(size_t, t_uscalar_t); 3250 extern mblk_t *ip_dlnotify_alloc(uint_t, uint_t); 3251 extern char *ip_dot_addr(ipaddr_t, char *); 3252 extern const char *mac_colon_addr(const uint8_t *, size_t, char *, size_t); 3253 extern void ip_lwput(queue_t *, mblk_t *); 3254 extern boolean_t icmp_err_rate_limit(ip_stack_t *); 3255 extern void icmp_time_exceeded(queue_t *, mblk_t *, uint8_t, zoneid_t, 3256 ip_stack_t *); 3257 extern void icmp_unreachable(queue_t *, mblk_t *, uint8_t, zoneid_t, 3258 ip_stack_t *); 3259 extern mblk_t *ip_add_info(mblk_t *, ill_t *, uint_t, zoneid_t, ip_stack_t *); 3260 cred_t *ip_best_cred(mblk_t *, conn_t *, pid_t *); 3261 extern mblk_t *ip_bind_v4(queue_t *, mblk_t *, conn_t *); 3262 extern boolean_t ip_bind_ipsec_policy_set(conn_t *, mblk_t *); 3263 extern int ip_bind_laddr_v4(conn_t *, mblk_t **, uint8_t, ipaddr_t, 3264 uint16_t, boolean_t); 3265 extern int ip_proto_bind_laddr_v4(conn_t *, mblk_t **, uint8_t, ipaddr_t, 3266 uint16_t, boolean_t); 3267 extern int ip_proto_bind_connected_v4(conn_t *, mblk_t **, 3268 uint8_t, ipaddr_t *, uint16_t, ipaddr_t, uint16_t, boolean_t, boolean_t, 3269 cred_t *); 3270 extern int ip_bind_connected_v4(conn_t *, mblk_t **, uint8_t, ipaddr_t *, 3271 uint16_t, ipaddr_t, uint16_t, boolean_t, boolean_t, cred_t *); 3272 extern uint_t ip_cksum(mblk_t *, int, uint32_t); 3273 extern int ip_close(queue_t *, int); 3274 extern uint16_t ip_csum_hdr(ipha_t *); 3275 extern void ip_proto_not_sup(queue_t *, mblk_t *, uint_t, zoneid_t, 3276 ip_stack_t *); 3277 extern void ip_ire_g_fini(void); 3278 extern void ip_ire_g_init(void); 3279 extern void ip_ire_fini(ip_stack_t *); 3280 extern void ip_ire_init(ip_stack_t *); 3281 extern int ip_openv4(queue_t *q, dev_t *devp, int flag, int sflag, 3282 cred_t *credp); 3283 extern int ip_openv6(queue_t *q, dev_t *devp, int flag, int sflag, 3284 cred_t *credp); 3285 extern int ip_reassemble(mblk_t *, ipf_t *, uint_t, boolean_t, ill_t *, 3286 size_t); 3287 extern int ip_opt_set_ill(conn_t *, int, boolean_t, boolean_t, 3288 int, int, mblk_t *); 3289 extern void ip_rput(queue_t *, mblk_t *); 3290 extern void ip_input(ill_t *, ill_rx_ring_t *, mblk_t *, 3291 struct mac_header_info_s *); 3292 extern mblk_t *ip_accept_tcp(ill_t *, ill_rx_ring_t *, squeue_t *, 3293 mblk_t *, mblk_t **, uint_t *cnt); 3294 extern void ip_rput_dlpi(queue_t *, mblk_t *); 3295 extern void ip_rput_forward(ire_t *, ipha_t *, mblk_t *, ill_t *); 3296 extern void ip_rput_forward_multicast(ipaddr_t, mblk_t *, ipif_t *); 3297 3298 extern void ip_mib2_add_ip_stats(mib2_ipIfStatsEntry_t *, 3299 mib2_ipIfStatsEntry_t *); 3300 extern void ip_mib2_add_icmp6_stats(mib2_ipv6IfIcmpEntry_t *, 3301 mib2_ipv6IfIcmpEntry_t *); 3302 extern void ip_udp_input(queue_t *, mblk_t *, ipha_t *, ire_t *, ill_t *); 3303 extern void ip_proto_input(queue_t *, mblk_t *, ipha_t *, ire_t *, ill_t *, 3304 uint32_t); 3305 extern void ip_rput_other(ipsq_t *, queue_t *, mblk_t *, void *); 3306 extern ire_t *ip_check_multihome(void *, ire_t *, ill_t *); 3307 extern void ip_setpktversion(conn_t *, boolean_t, boolean_t, ip_stack_t *); 3308 extern void ip_trash_ire_reclaim(void *); 3309 extern void ip_trash_timer_expire(void *); 3310 extern void ip_wput(queue_t *, mblk_t *); 3311 extern void ip_output(void *, mblk_t *, void *, int); 3312 extern void ip_output_options(void *, mblk_t *, void *, int, 3313 ip_opt_info_t *); 3314 3315 extern void ip_wput_ire(queue_t *, mblk_t *, ire_t *, conn_t *, int, 3316 zoneid_t); 3317 extern void ip_wput_local(queue_t *, ill_t *, ipha_t *, mblk_t *, ire_t *, 3318 int, zoneid_t); 3319 extern void ip_wput_multicast(queue_t *, mblk_t *, ipif_t *, zoneid_t); 3320 extern void ip_wput_nondata(ipsq_t *, queue_t *, mblk_t *, void *); 3321 extern void ip_wsrv(queue_t *); 3322 extern char *ip_nv_lookup(nv_t *, int); 3323 extern boolean_t ip_local_addr_ok_v6(const in6_addr_t *, const in6_addr_t *); 3324 extern boolean_t ip_remote_addr_ok_v6(const in6_addr_t *, const in6_addr_t *); 3325 extern ipaddr_t ip_massage_options(ipha_t *, netstack_t *); 3326 extern ipaddr_t ip_net_mask(ipaddr_t); 3327 extern void ip_newroute(queue_t *, mblk_t *, ipaddr_t, conn_t *, zoneid_t, 3328 ip_stack_t *); 3329 extern ipxmit_state_t ip_xmit_v4(mblk_t *, ire_t *, struct ipsec_out_s *, 3330 boolean_t, conn_t *); 3331 extern int ip_hdr_complete(ipha_t *, zoneid_t, ip_stack_t *); 3332 3333 extern struct qinit iprinitv6; 3334 extern struct qinit ipwinitv6; 3335 3336 extern void ipmp_init(ip_stack_t *); 3337 extern void ipmp_destroy(ip_stack_t *); 3338 extern ipmp_grp_t *ipmp_grp_create(const char *, phyint_t *); 3339 extern void ipmp_grp_destroy(ipmp_grp_t *); 3340 extern void ipmp_grp_info(const ipmp_grp_t *, lifgroupinfo_t *); 3341 extern int ipmp_grp_rename(ipmp_grp_t *, const char *); 3342 extern ipmp_grp_t *ipmp_grp_lookup(const char *, ip_stack_t *); 3343 extern int ipmp_grp_vet_phyint(ipmp_grp_t *, phyint_t *); 3344 extern ipmp_illgrp_t *ipmp_illgrp_create(ill_t *); 3345 extern void ipmp_illgrp_destroy(ipmp_illgrp_t *); 3346 extern ill_t *ipmp_illgrp_add_ipif(ipmp_illgrp_t *, ipif_t *); 3347 extern void ipmp_illgrp_del_ipif(ipmp_illgrp_t *, ipif_t *); 3348 extern ill_t *ipmp_illgrp_next_ill(ipmp_illgrp_t *); 3349 extern ill_t *ipmp_illgrp_hold_next_ill(ipmp_illgrp_t *); 3350 extern ill_t *ipmp_illgrp_cast_ill(ipmp_illgrp_t *); 3351 extern ill_t *ipmp_illgrp_hold_cast_ill(ipmp_illgrp_t *); 3352 extern ill_t *ipmp_illgrp_ipmp_ill(ipmp_illgrp_t *); 3353 extern void ipmp_illgrp_refresh_mtu(ipmp_illgrp_t *); 3354 extern ipmp_arpent_t *ipmp_illgrp_create_arpent(ipmp_illgrp_t *, mblk_t *, 3355 boolean_t); 3356 extern void ipmp_illgrp_destroy_arpent(ipmp_illgrp_t *, ipmp_arpent_t *); 3357 extern ipmp_arpent_t *ipmp_illgrp_lookup_arpent(ipmp_illgrp_t *, ipaddr_t *); 3358 extern void ipmp_illgrp_refresh_arpent(ipmp_illgrp_t *); 3359 extern void ipmp_illgrp_mark_arpent(ipmp_illgrp_t *, ipmp_arpent_t *); 3360 extern ill_t *ipmp_illgrp_find_ill(ipmp_illgrp_t *, uchar_t *, uint_t); 3361 extern void ipmp_illgrp_link_grp(ipmp_illgrp_t *, ipmp_grp_t *); 3362 extern int ipmp_illgrp_unlink_grp(ipmp_illgrp_t *); 3363 extern uint_t ipmp_ill_get_ipmp_ifindex(const ill_t *); 3364 extern void ipmp_ill_join_illgrp(ill_t *, ipmp_illgrp_t *); 3365 extern void ipmp_ill_leave_illgrp(ill_t *); 3366 extern ill_t *ipmp_ill_hold_ipmp_ill(ill_t *); 3367 extern boolean_t ipmp_ill_is_active(ill_t *); 3368 extern void ipmp_ill_refresh_active(ill_t *); 3369 extern void ipmp_phyint_join_grp(phyint_t *, ipmp_grp_t *); 3370 extern void ipmp_phyint_leave_grp(phyint_t *); 3371 extern void ipmp_phyint_refresh_active(phyint_t *); 3372 extern ill_t *ipmp_ipif_bound_ill(const ipif_t *); 3373 extern ill_t *ipmp_ipif_hold_bound_ill(const ipif_t *); 3374 extern boolean_t ipmp_ipif_is_dataaddr(const ipif_t *); 3375 extern boolean_t ipmp_ipif_is_stubaddr(const ipif_t *); 3376 3377 extern void conn_drain_insert(conn_t *, idl_tx_list_t *); 3378 extern int conn_ipsec_length(conn_t *); 3379 extern void ip_wput_ipsec_out(queue_t *, mblk_t *, ipha_t *, ill_t *, 3380 ire_t *); 3381 extern ipaddr_t ip_get_dst(ipha_t *); 3382 extern int ipsec_out_extra_length(mblk_t *); 3383 extern int ipsec_in_extra_length(mblk_t *); 3384 extern mblk_t *ipsec_in_alloc(boolean_t, netstack_t *); 3385 extern boolean_t ipsec_in_is_secure(mblk_t *); 3386 extern void ipsec_out_process(queue_t *, mblk_t *, ire_t *, uint_t); 3387 extern void ipsec_out_to_in(mblk_t *); 3388 extern void ip_fanout_proto_again(mblk_t *, ill_t *, ill_t *, ire_t *); 3389 3390 extern void ire_cleanup(ire_t *); 3391 extern void ire_inactive(ire_t *); 3392 extern boolean_t irb_inactive(irb_t *); 3393 extern ire_t *ire_unlink(irb_t *); 3394 3395 #ifdef DEBUG 3396 extern boolean_t th_trace_ref(const void *, ip_stack_t *); 3397 extern void th_trace_unref(const void *); 3398 extern void th_trace_cleanup(const void *, boolean_t); 3399 extern void ire_trace_ref(ire_t *); 3400 extern void ire_untrace_ref(ire_t *); 3401 #endif 3402 3403 extern int ip_srcid_insert(const in6_addr_t *, zoneid_t, ip_stack_t *); 3404 extern int ip_srcid_remove(const in6_addr_t *, zoneid_t, ip_stack_t *); 3405 extern void ip_srcid_find_id(uint_t, in6_addr_t *, zoneid_t, netstack_t *); 3406 extern uint_t ip_srcid_find_addr(const in6_addr_t *, zoneid_t, netstack_t *); 3407 3408 extern uint8_t ipoptp_next(ipoptp_t *); 3409 extern uint8_t ipoptp_first(ipoptp_t *, ipha_t *); 3410 extern int ip_opt_get_user(const ipha_t *, uchar_t *); 3411 extern int ipsec_req_from_conn(conn_t *, ipsec_req_t *, int); 3412 extern int ip_snmp_get(queue_t *q, mblk_t *mctl, int level); 3413 extern int ip_snmp_set(queue_t *q, int, int, uchar_t *, int); 3414 extern void ip_process_ioctl(ipsq_t *, queue_t *, mblk_t *, void *); 3415 extern void ip_quiesce_conn(conn_t *); 3416 extern void ip_reprocess_ioctl(ipsq_t *, queue_t *, mblk_t *, void *); 3417 extern void ip_restart_optmgmt(ipsq_t *, queue_t *, mblk_t *, void *); 3418 extern void ip_ioctl_finish(queue_t *, mblk_t *, int, int, ipsq_t *); 3419 3420 extern boolean_t ip_cmpbuf(const void *, uint_t, boolean_t, const void *, 3421 uint_t); 3422 extern boolean_t ip_allocbuf(void **, uint_t *, boolean_t, const void *, 3423 uint_t); 3424 extern void ip_savebuf(void **, uint_t *, boolean_t, const void *, uint_t); 3425 3426 extern boolean_t ipsq_pending_mp_cleanup(ill_t *, conn_t *); 3427 extern void conn_ioctl_cleanup(conn_t *); 3428 extern ill_t *conn_get_held_ill(conn_t *, ill_t **, int *); 3429 3430 struct tcp_stack; 3431 extern void ip_xmit_reset_serialize(mblk_t *, int, zoneid_t, struct tcp_stack *, 3432 conn_t *); 3433 3434 struct multidata_s; 3435 struct pdesc_s; 3436 3437 extern mblk_t *ip_mdinfo_alloc(ill_mdt_capab_t *); 3438 extern mblk_t *ip_mdinfo_return(ire_t *, conn_t *, char *, ill_mdt_capab_t *); 3439 extern mblk_t *ip_lsoinfo_alloc(ill_lso_capab_t *); 3440 extern mblk_t *ip_lsoinfo_return(ire_t *, conn_t *, char *, 3441 ill_lso_capab_t *); 3442 extern uint_t ip_md_cksum(struct pdesc_s *, int, uint_t); 3443 extern boolean_t ip_md_addr_attr(struct multidata_s *, struct pdesc_s *, 3444 const mblk_t *); 3445 extern boolean_t ip_md_hcksum_attr(struct multidata_s *, struct pdesc_s *, 3446 uint32_t, uint32_t, uint32_t, uint32_t); 3447 extern boolean_t ip_md_zcopy_attr(struct multidata_s *, struct pdesc_s *, 3448 uint_t); 3449 extern void ip_unbind(conn_t *); 3450 3451 extern void tnet_init(void); 3452 extern void tnet_fini(void); 3453 3454 /* Hooks for CGTP (multirt routes) filtering module */ 3455 #define CGTP_FILTER_REV_1 1 3456 #define CGTP_FILTER_REV_2 2 3457 #define CGTP_FILTER_REV_3 3 3458 #define CGTP_FILTER_REV CGTP_FILTER_REV_3 3459 3460 /* cfo_filter and cfo_filter_v6 hooks return values */ 3461 #define CGTP_IP_PKT_NOT_CGTP 0 3462 #define CGTP_IP_PKT_PREMIUM 1 3463 #define CGTP_IP_PKT_DUPLICATE 2 3464 3465 /* Version 3 of the filter interface */ 3466 typedef struct cgtp_filter_ops { 3467 int cfo_filter_rev; /* CGTP_FILTER_REV_3 */ 3468 int (*cfo_change_state)(netstackid_t, int); 3469 int (*cfo_add_dest_v4)(netstackid_t, ipaddr_t, ipaddr_t, 3470 ipaddr_t, ipaddr_t); 3471 int (*cfo_del_dest_v4)(netstackid_t, ipaddr_t, ipaddr_t); 3472 int (*cfo_add_dest_v6)(netstackid_t, in6_addr_t *, in6_addr_t *, 3473 in6_addr_t *, in6_addr_t *); 3474 int (*cfo_del_dest_v6)(netstackid_t, in6_addr_t *, in6_addr_t *); 3475 int (*cfo_filter)(netstackid_t, uint_t, mblk_t *); 3476 int (*cfo_filter_v6)(netstackid_t, uint_t, ip6_t *, 3477 ip6_frag_t *); 3478 } cgtp_filter_ops_t; 3479 3480 #define CGTP_MCAST_SUCCESS 1 3481 3482 /* 3483 * The separate CGTP module needs this global symbol so that it 3484 * can check the version and determine whether to use the old or the new 3485 * version of the filtering interface. 3486 */ 3487 extern int ip_cgtp_filter_rev; 3488 3489 extern int ip_cgtp_filter_supported(void); 3490 extern int ip_cgtp_filter_register(netstackid_t, cgtp_filter_ops_t *); 3491 extern int ip_cgtp_filter_unregister(netstackid_t); 3492 extern int ip_cgtp_filter_is_registered(netstackid_t); 3493 3494 /* Flags for ire_multirt_lookup() */ 3495 3496 #define MULTIRT_USESTAMP 0x0001 3497 #define MULTIRT_SETSTAMP 0x0002 3498 #define MULTIRT_CACHEGW 0x0004 3499 3500 /* Debug stuff for multirt route resolution. */ 3501 #if defined(DEBUG) && !defined(__lint) 3502 /* Our "don't send, rather drop" flag. */ 3503 #define MULTIRT_DEBUG_FLAG 0x8000 3504 3505 #define MULTIRT_TRACE(x) ip2dbg(x) 3506 3507 #define MULTIRT_DEBUG_TAG(mblk) \ 3508 do { \ 3509 ASSERT(mblk != NULL); \ 3510 MULTIRT_TRACE(("%s[%d]: tagging mblk %p, tag was %d\n", \ 3511 __FILE__, __LINE__, \ 3512 (void *)(mblk), (mblk)->b_flag & MULTIRT_DEBUG_FLAG)); \ 3513 (mblk)->b_flag |= MULTIRT_DEBUG_FLAG; \ 3514 } while (0) 3515 3516 #define MULTIRT_DEBUG_UNTAG(mblk) \ 3517 do { \ 3518 ASSERT(mblk != NULL); \ 3519 MULTIRT_TRACE(("%s[%d]: untagging mblk %p, tag was %d\n", \ 3520 __FILE__, __LINE__, \ 3521 (void *)(mblk), (mblk)->b_flag & MULTIRT_DEBUG_FLAG)); \ 3522 (mblk)->b_flag &= ~MULTIRT_DEBUG_FLAG; \ 3523 } while (0) 3524 3525 #define MULTIRT_DEBUG_TAGGED(mblk) \ 3526 (((mblk)->b_flag & MULTIRT_DEBUG_FLAG) ? B_TRUE : B_FALSE) 3527 #else 3528 #define MULTIRT_DEBUG_TAG(mblk) ASSERT(mblk != NULL) 3529 #define MULTIRT_DEBUG_UNTAG(mblk) ASSERT(mblk != NULL) 3530 #define MULTIRT_DEBUG_TAGGED(mblk) B_FALSE 3531 #endif 3532 3533 /* 3534 * Per-ILL Multidata Transmit capabilities. 3535 */ 3536 struct ill_mdt_capab_s { 3537 uint_t ill_mdt_version; /* interface version */ 3538 uint_t ill_mdt_on; /* on/off switch for MDT on this ILL */ 3539 uint_t ill_mdt_hdr_head; /* leading header fragment extra space */ 3540 uint_t ill_mdt_hdr_tail; /* trailing header fragment extra space */ 3541 uint_t ill_mdt_max_pld; /* maximum payload buffers per Multidata */ 3542 uint_t ill_mdt_span_limit; /* maximum payload span per packet */ 3543 }; 3544 3545 struct ill_hcksum_capab_s { 3546 uint_t ill_hcksum_version; /* interface version */ 3547 uint_t ill_hcksum_txflags; /* capabilities on transmit */ 3548 }; 3549 3550 struct ill_zerocopy_capab_s { 3551 uint_t ill_zerocopy_version; /* interface version */ 3552 uint_t ill_zerocopy_flags; /* capabilities */ 3553 }; 3554 3555 struct ill_lso_capab_s { 3556 uint_t ill_lso_on; /* on/off switch for LSO on this ILL */ 3557 uint_t ill_lso_flags; /* capabilities */ 3558 uint_t ill_lso_max; /* maximum size of payload */ 3559 }; 3560 3561 /* 3562 * rr_ring_state cycles in the order shown below from RR_FREE through 3563 * RR_FREE_IN_PROG and back to RR_FREE. 3564 */ 3565 typedef enum { 3566 RR_FREE, /* Free slot */ 3567 RR_SQUEUE_UNBOUND, /* Ring's squeue is unbound */ 3568 RR_SQUEUE_BIND_INPROG, /* Ring's squeue bind in progress */ 3569 RR_SQUEUE_BOUND, /* Ring's squeue bound to cpu */ 3570 RR_FREE_INPROG /* Ring is being freed */ 3571 } ip_ring_state_t; 3572 3573 #define ILL_MAX_RINGS 256 /* Max num of rx rings we can manage */ 3574 #define ILL_POLLING 0x01 /* Polling in use */ 3575 3576 /* 3577 * These functions pointer types are exported by the mac/dls layer. 3578 * we need to duplicate the definitions here because we cannot 3579 * include mac/dls header files here. 3580 */ 3581 typedef boolean_t (*ip_mac_intr_disable_t)(void *); 3582 typedef void (*ip_mac_intr_enable_t)(void *); 3583 typedef ip_mac_tx_cookie_t (*ip_dld_tx_t)(void *, mblk_t *, 3584 uint64_t, uint16_t); 3585 typedef void (*ip_flow_enable_t)(void *, ip_mac_tx_cookie_t); 3586 typedef void *(*ip_dld_callb_t)(void *, 3587 ip_flow_enable_t, void *); 3588