0    stevel /*
     0    stevel  * CDDL HEADER START
     0    stevel  *
     0    stevel  * The contents of this file are subject to the terms of the
  1676       jpk  * Common Development and Distribution License (the "License").
  1676       jpk  * You may not use this file except in compliance with the License.
     0    stevel  *
     0    stevel  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
     0    stevel  * or http://www.opensolaris.org/os/licensing.
     0    stevel  * See the License for the specific language governing permissions
     0    stevel  * and limitations under the License.
     0    stevel  *
     0    stevel  * When distributing Covered Code, include this CDDL HEADER in each
     0    stevel  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     0    stevel  * If applicable, add the following below this CDDL HEADER, with the
     0    stevel  * fields enclosed by brackets "[]" replaced with your own identifying
     0    stevel  * information: Portions Copyright [yyyy] [name of copyright owner]
     0    stevel  *
     0    stevel  * CDDL HEADER END
     0    stevel  */
     0    stevel /*
  8485     Peter  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
     0    stevel  * Use is subject to license terms.
     0    stevel  */
     0    stevel /* Copyright (c) 1990 Mentat Inc. */
     0    stevel 
     0    stevel /*
     0    stevel  * This file contains routines that manipulate Internet Routing Entries (IREs).
     0    stevel  */
     0    stevel 
     0    stevel #include <sys/types.h>
     0    stevel #include <sys/stream.h>
     0    stevel #include <sys/stropts.h>
  8485     Peter #include <sys/strsun.h>
  8778      Erik #include <sys/strsubr.h>
     0    stevel #include <sys/ddi.h>
     0    stevel #include <sys/cmn_err.h>
     0    stevel #include <sys/policy.h>
     0    stevel 
     0    stevel #include <sys/systm.h>
     0    stevel #include <sys/kmem.h>
     0    stevel #include <sys/param.h>
     0    stevel #include <sys/socket.h>
     0    stevel #include <net/if.h>
     0    stevel #include <net/route.h>
     0    stevel #include <netinet/in.h>
     0    stevel #include <net/if_dl.h>
     0    stevel #include <netinet/ip6.h>
     0    stevel #include <netinet/icmp6.h>
     0    stevel 
     0    stevel #include <inet/common.h>
     0    stevel #include <inet/mi.h>
     0    stevel #include <inet/ip.h>
     0    stevel #include <inet/ip6.h>
     0    stevel #include <inet/ip_ndp.h>
  2535  sangeeta #include <inet/arp.h>
     0    stevel #include <inet/ip_if.h>
     0    stevel #include <inet/ip_ire.h>
  2535  sangeeta #include <inet/ip_ftable.h>
     0    stevel #include <inet/ip_rts.h>
     0    stevel #include <inet/nd.h>
     0    stevel 
     0    stevel #include <inet/tcp.h>
     0    stevel #include <inet/ipclassifier.h>
     0    stevel #include <sys/zone.h>
  3448  dh155122 #include <sys/cpuvar.h>
  3448  dh155122 
  1676       jpk #include <sys/tsol/label.h>
  1676       jpk #include <sys/tsol/tnet.h>
     0    stevel 
  2535  sangeeta struct kmem_cache *rt_entry_cache;
  2535  sangeeta 
 11042      Erik typedef struct nce_clookup_s {
 11042      Erik 	ipaddr_t ncecl_addr;
 11042      Erik 	boolean_t ncecl_found;
 11042      Erik } nce_clookup_t;
 11042      Erik 
     0    stevel /*
     0    stevel  * Synchronization notes:
     0    stevel  *
     0    stevel  * The fields of the ire_t struct are protected in the following way :
     0    stevel  *
     0    stevel  * ire_next/ire_ptpn
     0    stevel  *
 11042      Erik  *	- bucket lock of the forwarding table in which is ire stored.
     0    stevel  *
 11042      Erik  * ire_ill, ire_u *except* ire_gateway_addr[v6], ire_mask,
 11042      Erik  * ire_type, ire_create_time, ire_masklen, ire_ipversion, ire_flags,
 11042      Erik  * ire_bucket
     0    stevel  *
     0    stevel  *	- Set in ire_create_v4/v6 and never changes after that. Thus,
     0    stevel  *	  we don't need a lock whenever these fields are accessed.
     0    stevel  *
     0    stevel  *	- ire_bucket and ire_masklen (also set in ire_create) is set in
 11042      Erik  *        ire_add before inserting in the bucket and never
     0    stevel  *        changes after that. Thus we don't need a lock whenever these
     0    stevel  *	  fields are accessed.
     0    stevel  *
     0    stevel  * ire_gateway_addr_v4[v6]
     0    stevel  *
     0    stevel  *	- ire_gateway_addr_v4[v6] is set during ire_create and later modified
     0    stevel  *	  by rts_setgwr[v6]. As ire_gateway_addr is a uint32_t, updates to
     0    stevel  *	  it assumed to be atomic and hence the other parts of the code
     0    stevel  *	  does not use any locks. ire_gateway_addr_v6 updates are not atomic
     0    stevel  *	  and hence any access to it uses ire_lock to get/set the right value.
     0    stevel  *
 11042      Erik  * ire_refcnt, ire_identical_ref
     0    stevel  *
     0    stevel  *	- Updated atomically using atomic_add_32
     0    stevel  *
     0    stevel  * ire_ssthresh, ire_rtt_sd, ire_rtt, ire_ib_pkt_count, ire_ob_pkt_count
     0    stevel  *
     0    stevel  *	- Assumes that 32 bit writes are atomic. No locks. ire_lock is
     0    stevel  *	  used to serialize updates to ire_ssthresh, ire_rtt_sd, ire_rtt.
     0    stevel  *
 11042      Erik  * ire_generation
 11042      Erik  *	- Under ire_lock
     0    stevel  *
 11042      Erik  * ire_nce_cache
 11042      Erik  *	- Under ire_lock
     0    stevel  *
 11042      Erik  * ire_dep_parent (To next IRE in recursive lookup chain)
 11042      Erik  *	- Under ips_ire_dep_lock. Write held when modifying. Read held when
 11042      Erik  *	  walking. We also hold ire_lock when modifying to allow the data path
 11042      Erik  *	  to only acquire ire_lock.
     0    stevel  *
 11042      Erik  * ire_dep_parent_generation (Generation number from ire_dep_parent)
 11042      Erik  *	- Under ips_ire_dep_lock and/or ire_lock. (A read claim on the dep_lock
 11042      Erik  *	  and ire_lock held when modifying)
     0    stevel  *
 11042      Erik  * ire_dep_children (From parent to first child)
 11042      Erik  * ire_dep_sib_next (linked list of siblings)
 11042      Erik  * ire_dep_sib_ptpn (linked list of siblings)
 11042      Erik  *	- Under ips_ire_dep_lock. Write held when modifying. Read held when
 11042      Erik  *	  walking.
     0    stevel  *
     0    stevel  * As we always hold the bucket locks in all the places while accessing
     0    stevel  * the above values, it is natural to use them for protecting them.
     0    stevel  *
 11042      Erik  * We have a forwarding table for IPv4 and IPv6. The IPv6 forwarding table
  5335   sowmini  * (ip_forwarding_table_v6) is an array of pointers to arrays of irb_t
 11042      Erik  * structures. ip_forwarding_table_v6 is allocated dynamically in
  3448  dh155122  * ire_add_v6. ire_ft_init_lock is used to serialize multiple threads
     0    stevel  * initializing the same bucket. Once a bucket is initialized, it is never
  3448  dh155122  * de-alloacted. This assumption enables us to access
  3448  dh155122  * ip_forwarding_table_v6[i] without any locks.
  5335   sowmini  *
  5335   sowmini  * The forwarding table for IPv4 is a radix tree whose leaves
  5335   sowmini  * are rt_entry structures containing the irb_t for the rt_dst. The irb_t
  5335   sowmini  * for IPv4 is dynamically allocated and freed.
     0    stevel  *
     0    stevel  * Each irb_t - ire bucket structure has a lock to protect
     0    stevel  * a bucket and the ires residing in the bucket have a back pointer to
     0    stevel  * the bucket structure. It also has a reference count for the number
     0    stevel  * of threads walking the bucket - irb_refcnt which is bumped up
 11042      Erik  * using the irb_refhold function. The flags irb_marks can be
 11042      Erik  * set to IRB_MARK_CONDEMNED indicating that there are some ires
 11042      Erik  * in this bucket that are IRE_IS_CONDEMNED and the
     0    stevel  * last thread to leave the bucket should delete the ires. Usually
 11042      Erik  * this is done by the irb_refrele function which is used to decrement
  5335   sowmini  * the reference count on a bucket. See comments above irb_t structure
  5335   sowmini  * definition in ip.h for further details.
     0    stevel  *
 11042      Erik  * The ire_refhold/ire_refrele functions operate on the ire which increments/
     0    stevel  * decrements the reference count, ire_refcnt, atomically on the ire.
 11042      Erik  * ire_refcnt is modified only using those functions. Operations on the IRE
     0    stevel  * could be described as follows :
     0    stevel  *
     0    stevel  * CREATE an ire with reference count initialized to 1.
     0    stevel  *
     0    stevel  * ADDITION of an ire holds the bucket lock, checks for duplicates
 11042      Erik  * and then adds the ire. ire_add returns the ire after
     0    stevel  * bumping up once more i.e the reference count is 2. This is to avoid
     0    stevel  * an extra lookup in the functions calling ire_add which wants to
     0    stevel  * work with the ire after adding.
     0    stevel  *
 11042      Erik  * LOOKUP of an ire bumps up the reference count using ire_refhold
 11042      Erik  * function. It is valid to bump up the referece count of the IRE,
     0    stevel  * after the lookup has returned an ire. Following are the lookup
     0    stevel  * functions that return an HELD ire :
     0    stevel  *
 11042      Erik  * ire_ftable_lookup[_v6], ire_lookup_multi_ill[_v6]
     0    stevel  *
     0    stevel  * DELETION of an ire holds the bucket lock, removes it from the list
     0    stevel  * and then decrements the reference count for having removed from the list
 11042      Erik  * by using the ire_refrele function. If some other thread has looked up
     0    stevel  * the ire, the reference count would have been bumped up and hence
     0    stevel  * this ire will not be freed once deleted. It will be freed once the
     0    stevel  * reference count drops to zero.
     0    stevel  *
     0    stevel  * Add and Delete acquires the bucket lock as RW_WRITER, while all the
     0    stevel  * lookups acquire the bucket lock as RW_READER.
     0    stevel  *
 11042      Erik  * The general rule is to do the ire_refrele in the function
     0    stevel  * that is passing the ire as an argument.
     0    stevel  *
     0    stevel  * In trying to locate ires the following points are to be noted.
     0    stevel  *
 11042      Erik  * IRE_IS_CONDEMNED signifies that the ire has been logically deleted and is
     0    stevel  * to be ignored when walking the ires using ire_next.
     0    stevel  *
     0    stevel  * Zones note:
     0    stevel  *	Walking IREs within a given zone also walks certain ires in other
     0    stevel  *	zones.  This is done intentionally.  IRE walks with a specified
     0    stevel  *	zoneid are used only when doing informational reports, and
     0    stevel  *	zone users want to see things that they can access. See block
     0    stevel  *	comment in ire_walk_ill_match().
     0    stevel  */
     0    stevel 
     0    stevel /*
     0    stevel  * The size of the forwarding table.  We will make sure that it is a
     0    stevel  * power of 2 in ip_ire_init().
  3448  dh155122  * Setable in /etc/system
     0    stevel  */
     0    stevel uint32_t ip6_ftable_hash_size = IP6_FTABLE_HASH_SIZE;
     0    stevel 
     0    stevel struct	kmem_cache	*ire_cache;
 11042      Erik struct	kmem_cache	*ncec_cache;
 11042      Erik struct	kmem_cache	*nce_cache;
 11042      Erik 
     0    stevel static ire_t	ire_null;
     0    stevel 
 11042      Erik static ire_t	*ire_add_v4(ire_t *ire);
     0    stevel static void	ire_delete_v4(ire_t *ire);
 11042      Erik static void	ire_dep_invalidate_children(ire_t *child);
  1676       jpk static void	ire_walk_ipvers(pfv_t func, void *arg, uchar_t vers,
  3448  dh155122     zoneid_t zoneid, ip_stack_t *);
     0    stevel static void	ire_walk_ill_ipvers(uint_t match_flags, uint_t ire_type,
  1676       jpk     pfv_t func, void *arg, uchar_t vers, ill_t *ill);
  5023  carlsonj #ifdef DEBUG
  5023  carlsonj static void	ire_trace_cleanup(const ire_t *);
     0    stevel #endif
     0    stevel 
     0    stevel /*
 11042      Erik  * Following are the functions to increment/decrement the reference
 11042      Erik  * count of the IREs and IRBs (ire bucket).
 11042      Erik  *
 11042      Erik  * 1) We bump up the reference count of an IRE to make sure that
 11042      Erik  *    it does not get deleted and freed while we are using it.
 11042      Erik  *    Typically all the lookup functions hold the bucket lock,
 11042      Erik  *    and look for the IRE. If it finds an IRE, it bumps up the
 11042      Erik  *    reference count before dropping the lock. Sometimes we *may* want
 11042      Erik  *    to bump up the reference count after we *looked* up i.e without
 11042      Erik  *    holding the bucket lock. So, the ire_refhold function does not assert
 11042      Erik  *    on the bucket lock being held. Any thread trying to delete from
 11042      Erik  *    the hash bucket can still do so but cannot free the IRE if
 11042      Erik  *    ire_refcnt is not 0.
 11042      Erik  *
 11042      Erik  * 2) We bump up the reference count on the bucket where the IRE resides
 11042      Erik  *    (IRB), when we want to prevent the IREs getting deleted from a given
 11042      Erik  *    hash bucket. This makes life easier for ire_walk type functions which
 11042      Erik  *    wants to walk the IRE list, call a function, but needs to drop
 11042      Erik  *    the bucket lock to prevent recursive rw_enters. While the
 11042      Erik  *    lock is dropped, the list could be changed by other threads or
 11042      Erik  *    the same thread could end up deleting the ire or the ire pointed by
 11042      Erik  *    ire_next. ire_refholding the ire or ire_next is not sufficient as
 11042      Erik  *    a delete will still remove the ire from the bucket while we have
 11042      Erik  *    dropped the lock and hence the ire_next would be NULL. Thus, we
 11042      Erik  *    need a mechanism to prevent deletions from a given bucket.
 11042      Erik  *
 11042      Erik  *    To prevent deletions, we bump up the reference count on the
 11042      Erik  *    bucket. If the bucket is held, ire_delete just marks both
 11042      Erik  *    the ire and irb as CONDEMNED. When the
 11042      Erik  *    reference count on the bucket drops to zero, all the CONDEMNED ires
 11042      Erik  *    are deleted. We don't have to bump up the reference count on the
 11042      Erik  *    bucket if we are walking the bucket and never have to drop the bucket
 11042      Erik  *    lock. Note that irb_refhold does not prevent addition of new ires
 11042      Erik  *    in the list. It is okay because addition of new ires will not cause
 11042      Erik  *    ire_next to point to freed memory. We do irb_refhold only when
 11042      Erik  *    all of the 3 conditions are true :
 11042      Erik  *
 11042      Erik  *    1) The code needs to walk the IRE bucket from start to end.
 11042      Erik  *    2) It may have to drop the bucket lock sometimes while doing (1)
 11042      Erik  *    3) It does not want any ires to be deleted meanwhile.
 11042      Erik  */
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Bump up the reference count on the hash bucket - IRB to
 11042      Erik  * prevent ires from being deleted in this bucket.
 11042      Erik  */
 11042      Erik void
 11042      Erik irb_refhold(irb_t *irb)
 11042      Erik {
 11042      Erik 	rw_enter(&irb->irb_lock, RW_WRITER);
 11042      Erik 	irb->irb_refcnt++;
 11042      Erik 	ASSERT(irb->irb_refcnt != 0);
 11042      Erik 	rw_exit(&irb->irb_lock);
 11042      Erik }
 11042      Erik 
 11042      Erik void
 11042      Erik irb_refhold_locked(irb_t *irb)
 11042      Erik {
 11042      Erik 	ASSERT(RW_WRITE_HELD(&irb->irb_lock));
 11042      Erik 	irb->irb_refcnt++;
 11042      Erik 	ASSERT(irb->irb_refcnt != 0);
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Note: when IRB_MARK_DYNAMIC is not set the irb_t
 11042      Erik  * is statically allocated, so that when the irb_refcnt goes to 0,
 11042      Erik  * we simply clean up the ire list and continue.
 11042      Erik  */
 11042      Erik void
 11042      Erik irb_refrele(irb_t *irb)
 11042      Erik {
 11042      Erik 	if (irb->irb_marks & IRB_MARK_DYNAMIC) {
 11042      Erik 		irb_refrele_ftable(irb);
 11042      Erik 	} else {
 11042      Erik 		rw_enter(&irb->irb_lock, RW_WRITER);
 11042      Erik 		ASSERT(irb->irb_refcnt != 0);
 11042      Erik 		if (--irb->irb_refcnt	== 0 &&
 11042      Erik 		    (irb->irb_marks & IRB_MARK_CONDEMNED)) {
 11042      Erik 			ire_t *ire_list;
 11042      Erik 
 11042      Erik 			ire_list = ire_unlink(irb);
 11042      Erik 			rw_exit(&irb->irb_lock);
 11042      Erik 			ASSERT(ire_list != NULL);
 11042      Erik 			ire_cleanup(ire_list);
 11042      Erik 		} else {
 11042      Erik 			rw_exit(&irb->irb_lock);
 11042      Erik 		}
 11042      Erik 	}
 11042      Erik }
 11042      Erik 
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Bump up the reference count on the IRE. We cannot assert that the
 11042      Erik  * bucket lock is being held as it is legal to bump up the reference
 11042      Erik  * count after the first lookup has returned the IRE without
 11042      Erik  * holding the lock.
 11042      Erik  */
 11042      Erik void
 11042      Erik ire_refhold(ire_t *ire)
 11042      Erik {
 11042      Erik 	atomic_add_32(&(ire)->ire_refcnt, 1);
 11042      Erik 	ASSERT((ire)->ire_refcnt != 0);
 11042      Erik #ifdef DEBUG
 11042      Erik 	ire_trace_ref(ire);
 11042      Erik #endif
 11042      Erik }
 11042      Erik 
 11042      Erik void
 11042      Erik ire_refhold_notr(ire_t *ire)
 11042      Erik {
 11042      Erik 	atomic_add_32(&(ire)->ire_refcnt, 1);
 11042      Erik 	ASSERT((ire)->ire_refcnt != 0);
 11042      Erik }
 11042      Erik 
 11042      Erik void
 11042      Erik ire_refhold_locked(ire_t *ire)
 11042      Erik {
 11042      Erik #ifdef DEBUG
 11042      Erik 	ire_trace_ref(ire);
 11042      Erik #endif
 11042      Erik 	ire->ire_refcnt++;
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Release a ref on an IRE.
     0    stevel  *
     0    stevel  * Must not be called while holding any locks. Otherwise if this is
     0    stevel  * the last reference to be released there is a chance of recursive mutex
     0    stevel  * panic due to ire_refrele -> ipif_ill_refrele_tail -> qwriter_ip trying
     0    stevel  * to restart an ioctl. The one exception is when the caller is sure that
     0    stevel  * this is not the last reference to be released. Eg. if the caller is
     0    stevel  * sure that the ire has not been deleted and won't be deleted.
 11042      Erik  *
 11042      Erik  * In architectures e.g sun4u, where atomic_add_32_nv is just
 11042      Erik  * a cas, we need to maintain the right memory barrier semantics
 11042      Erik  * as that of mutex_exit i.e all the loads and stores should complete
 11042      Erik  * before the cas is executed. membar_exit() does that here.
     0    stevel  */
     0    stevel void
     0    stevel ire_refrele(ire_t *ire)
     0    stevel {
 11042      Erik #ifdef DEBUG
 11042      Erik 	ire_untrace_ref(ire);
 11042      Erik #endif
 11042      Erik 	ASSERT((ire)->ire_refcnt != 0);
 11042      Erik 	membar_exit();
 11042      Erik 	if (atomic_add_32_nv(&(ire)->ire_refcnt, -1) == 0)
 11042      Erik 		ire_inactive(ire);
     0    stevel }
     0    stevel 
     0    stevel void
     0    stevel ire_refrele_notr(ire_t *ire)
     0    stevel {
 11042      Erik 	ASSERT((ire)->ire_refcnt != 0);
 11042      Erik 	membar_exit();
 11042      Erik 	if (atomic_add_32_nv(&(ire)->ire_refcnt, -1) == 0)
 11042      Erik 		ire_inactive(ire);
     0    stevel }
     0    stevel 
     0    stevel /*
     0    stevel  * This function is associated with the IP_IOC_IRE_DELETE[_NO_REPLY]
 11042      Erik  * IOCTL[s].  The NO_REPLY form is used by TCP to tell IP that it is
 11042      Erik  * having problems reaching a particular destination.
 11042      Erik  * This will make IP consider alternate routes (e.g., when there are
 11042      Erik  * muliple default routes), and it will also make IP discard any (potentially)
 11042      Erik  * stale redirect.
 11042      Erik  * Management processes may want to use the version that generates a reply.
     0    stevel  *
 11042      Erik  * With the use of NUD like behavior for IPv4/ARP in addition to IPv6
 11042      Erik  * this function shouldn't be necessary for IP to recover from a bad redirect,
 11042      Erik  * a bad default router (when there are multiple default routers), or
 11042      Erik  * a stale ND/ARP entry. But we retain it in any case.
 11042      Erik  * For instance, this is helpful when TCP suspects a failure before NUD does.
     0    stevel  */
     0    stevel int
     0    stevel ip_ire_delete(queue_t *q, mblk_t *mp, cred_t *ioc_cr)
     0    stevel {
  2535  sangeeta 	uchar_t		*addr_ucp;
 11042      Erik 	uint_t		ipversion;
 11042      Erik 	sin_t		*sin;
 11042      Erik 	sin6_t		*sin6;
 11042      Erik 	ipaddr_t	v4addr;
 11042      Erik 	in6_addr_t	v6addr;
  2535  sangeeta 	ire_t		*ire;
  2535  sangeeta 	ipid_t		*ipid;
     0    stevel 	zoneid_t	zoneid;
  3448  dh155122 	ip_stack_t	*ipst;
     0    stevel 
     0    stevel 	ASSERT(q->q_next == NULL);
 11042      Erik 	zoneid = IPCL_ZONEID(Q_TO_CONN(q));
  3448  dh155122 	ipst = CONNQ_TO_IPST(q);
     0    stevel 
     0    stevel 	/*
     0    stevel 	 * Check privilege using the ioctl credential; if it is NULL
     0    stevel 	 * then this is a kernel message and therefor privileged.
     0    stevel 	 */
  3448  dh155122 	if (ioc_cr != NULL && secpolicy_ip_config(ioc_cr, B_FALSE) != 0)
     0    stevel 		return (EPERM);
     0    stevel 
     0    stevel 	ipid = (ipid_t *)mp->b_rptr;
     0    stevel 
     0    stevel 	addr_ucp = mi_offset_param(mp, ipid->ipid_addr_offset,
  4714   sowmini 	    ipid->ipid_addr_length);
     0    stevel 	if (addr_ucp == NULL || !OK_32PTR(addr_ucp))
     0    stevel 		return (EINVAL);
     0    stevel 	switch (ipid->ipid_addr_length) {
 11042      Erik 	case sizeof (sin_t):
     0    stevel 		/*
     0    stevel 		 * got complete (sockaddr) address - increment addr_ucp to point
     0    stevel 		 * at the ip_addr field.
     0    stevel 		 */
     0    stevel 		sin = (sin_t *)addr_ucp;
     0    stevel 		addr_ucp = (uchar_t *)&sin->sin_addr.s_addr;
 11042      Erik 		ipversion = IPV4_VERSION;
     0    stevel 		break;
 11042      Erik 	case sizeof (sin6_t):
 11042      Erik 		/*
 11042      Erik 		 * got complete (sockaddr) address - increment addr_ucp to point
 11042      Erik 		 * at the ip_addr field.
 11042      Erik 		 */
 11042      Erik 		sin6 = (sin6_t *)addr_ucp;
 11042      Erik 		addr_ucp = (uchar_t *)&sin6->sin6_addr;
 11042      Erik 		ipversion = IPV6_VERSION;
 11042      Erik 		break;
     0    stevel 	default:
     0    stevel 		return (EINVAL);
     0    stevel 	}
 11042      Erik 	if (ipversion == IPV4_VERSION) {
 11042      Erik 		/* Extract the destination address. */
 11042      Erik 		bcopy(addr_ucp, &v4addr, IP_ADDR_LEN);
     0    stevel 
 11042      Erik 		ire = ire_ftable_lookup_v4(v4addr, 0, 0, 0, NULL,
 11042      Erik 		    zoneid, NULL, MATCH_IRE_DSTONLY, 0, ipst, NULL);
 11042      Erik 	} else {
 11042      Erik 		/* Extract the destination address. */
 11042      Erik 		bcopy(addr_ucp, &v6addr, IPV6_ADDR_LEN);
     0    stevel 
 11042      Erik 		ire = ire_ftable_lookup_v6(&v6addr, NULL, NULL, 0, NULL,
 11042      Erik 		    zoneid, NULL, MATCH_IRE_DSTONLY, 0, ipst, NULL);
 11042      Erik 	}
 11042      Erik 	if (ire != NULL) {
 11042      Erik 		if (ipversion == IPV4_VERSION) {
 11042      Erik 			ip_rts_change(RTM_LOSING, ire->ire_addr,
 11042      Erik 			    ire->ire_gateway_addr, ire->ire_mask,
 11042      Erik 			    (Q_TO_CONN(q))->conn_laddr_v4,  0, 0, 0,
 11042      Erik 			    (RTA_DST | RTA_GATEWAY | RTA_NETMASK | RTA_IFA),
 11042      Erik 			    ire->ire_ipst);
     0    stevel 		}
 11042      Erik 		(void) ire_no_good(ire);
  4714   sowmini 		ire_refrele(ire);
     0    stevel 	}
     0    stevel 	return (0);
     0    stevel }
     0    stevel 
     0    stevel /*
     0    stevel  * Initialize the ire that is specific to IPv4 part and call
     0    stevel  * ire_init_common to finish it.
 11042      Erik  * Returns zero or errno.
     0    stevel  */
 11042      Erik int
 11042      Erik ire_init_v4(ire_t *ire, uchar_t *addr, uchar_t *mask, uchar_t *gateway,
 11042      Erik     ushort_t type, ill_t *ill, zoneid_t zoneid, uint_t flags,
 11042      Erik     tsol_gc_t *gc, ip_stack_t *ipst)
  1676       jpk {
 11042      Erik 	int error;
 11042      Erik 
  1676       jpk 	/*
  1676       jpk 	 * Reject IRE security attribute creation/initialization
  1676       jpk 	 * if system is not running in Trusted mode.
  1676       jpk 	 */
 11042      Erik 	if (gc != NULL && !is_system_labeled())
 11042      Erik 		return (EINVAL);
  1676       jpk 
  3448  dh155122 	BUMP_IRE_STATS(ipst->ips_ire_stats_v4, ire_stats_alloced);
     0    stevel 
     0    stevel 	if (addr != NULL)
     0    stevel 		bcopy(addr, &ire->ire_addr, IP_ADDR_LEN);
 11042      Erik 	if (gateway != NULL)
     0    stevel 		bcopy(gateway, &ire->ire_gateway_addr, IP_ADDR_LEN);
 11042      Erik 
 11042      Erik 	/* Make sure we don't have stray values in some fields */
 11042      Erik 	switch (type) {
 11042      Erik 	case IRE_LOOPBACK:
 11042      Erik 		bcopy(&ire->ire_addr, &ire->ire_gateway_addr, IP_ADDR_LEN);
 11042      Erik 		/* FALLTHRU */
 11042      Erik 	case IRE_HOST:
 11042      Erik 	case IRE_BROADCAST:
 11042      Erik 	case IRE_LOCAL:
 11042      Erik 	case IRE_IF_CLONE:
 11042      Erik 		ire->ire_mask = IP_HOST_MASK;
 11042      Erik 		ire->ire_masklen = IPV4_ABITS;
 11042      Erik 		break;
 11042      Erik 	case IRE_PREFIX:
 11042      Erik 	case IRE_DEFAULT:
 11042      Erik 	case IRE_IF_RESOLVER:
 11042      Erik 	case IRE_IF_NORESOLVER:
 11042      Erik 		if (mask != NULL) {
 11042      Erik 			bcopy(mask, &ire->ire_mask, IP_ADDR_LEN);
 11042      Erik 			ire->ire_masklen = ip_mask_to_plen(ire->ire_mask);
 11042      Erik 		}
 11042      Erik 		break;
 11042      Erik 	case IRE_MULTICAST:
 11042      Erik 	case IRE_NOROUTE:
 11042      Erik 		ASSERT(mask == NULL);
 11042      Erik 		break;
 11042      Erik 	default:
 11042      Erik 		ASSERT(0);
 11042      Erik 		return (EINVAL);
     0    stevel 	}
     0    stevel 
 11042      Erik 	error = ire_init_common(ire, type, ill, zoneid, flags, IPV4_VERSION,
 11042      Erik 	    gc, ipst);
 11042      Erik 	if (error != NULL)
 11042      Erik 		return (error);
     0    stevel 
 11042      Erik 	/* Determine which function pointers to use */
 11042      Erik 	ire->ire_postfragfn = ip_xmit;		/* Common case */
     0    stevel 
 11042      Erik 	switch (ire->ire_type) {
 11042      Erik 	case IRE_LOCAL:
 11042      Erik 		ire->ire_sendfn = ire_send_local_v4;
 11042      Erik 		ire->ire_recvfn = ire_recv_local_v4;
 11042      Erik 		ASSERT(ire->ire_ill != NULL);
 11076     Cathy 		if (ire->ire_ill->ill_flags & ILLF_NOACCEPT)
 11042      Erik 			ire->ire_recvfn = ire_recv_noaccept_v6;
 11042      Erik 		break;
 11042      Erik 	case IRE_LOOPBACK:
 11042      Erik 		ire->ire_sendfn = ire_send_local_v4;
 11042      Erik 		ire->ire_recvfn = ire_recv_loopback_v4;
 11042      Erik 		break;
 11042      Erik 	case IRE_BROADCAST:
 11042      Erik 		ire->ire_postfragfn = ip_postfrag_loopcheck;
 11042      Erik 		ire->ire_sendfn = ire_send_broadcast_v4;
 11042      Erik 		ire->ire_recvfn = ire_recv_broadcast_v4;
 11042      Erik 		break;
 11042      Erik 	case IRE_MULTICAST:
 11042      Erik 		ire->ire_postfragfn = ip_postfrag_loopcheck;
 11042      Erik 		ire->ire_sendfn = ire_send_multicast_v4;
 11042      Erik 		ire->ire_recvfn = ire_recv_multicast_v4;
 11042      Erik 		break;
 11042      Erik 	default:
 11042      Erik 		/*
 11042      Erik 		 * For IRE_IF_ALL and IRE_OFFLINK we forward received
 11042      Erik 		 * packets by default.
 11042      Erik 		 */
 11042      Erik 		ire->ire_sendfn = ire_send_wire_v4;
 11042      Erik 		ire->ire_recvfn = ire_recv_forward_v4;
 11042      Erik 		break;
 11042      Erik 	}
 11042      Erik 	if (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) {
 11042      Erik 		ire->ire_sendfn = ire_send_noroute_v4;
 11042      Erik 		ire->ire_recvfn = ire_recv_noroute_v4;
 11042      Erik 	} else if (ire->ire_flags & RTF_MULTIRT) {
 11042      Erik 		ire->ire_postfragfn = ip_postfrag_multirt_v4;
 11042      Erik 		ire->ire_sendfn = ire_send_multirt_v4;
 11042      Erik 		/* Multirt receive of broadcast uses ire_recv_broadcast_v4 */
 11042      Erik 		if (ire->ire_type != IRE_BROADCAST)
 11042      Erik 			ire->ire_recvfn = ire_recv_multirt_v4;
 11042      Erik 	}
 11042      Erik 	ire->ire_nce_capable = ire_determine_nce_capable(ire);
 11042      Erik 	return (0);
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * Determine ire_nce_capable
     0    stevel  */
 11042      Erik boolean_t
 11042      Erik ire_determine_nce_capable(ire_t *ire)
     0    stevel {
 11042      Erik 	int max_masklen;
  2535  sangeeta 
 11042      Erik 	if ((ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) ||
 11042      Erik 	    (ire->ire_type & IRE_MULTICAST))
 11042      Erik 		return (B_TRUE);
  2535  sangeeta 
 11042      Erik 	if (ire->ire_ipversion == IPV4_VERSION)
 11042      Erik 		max_masklen = IPV4_ABITS;
 11042      Erik 	else
 11042      Erik 		max_masklen = IPV6_ABITS;
     0    stevel 
 11042      Erik 	if ((ire->ire_type & IRE_ONLINK) && ire->ire_masklen == max_masklen)
 11042      Erik 		return (B_TRUE);
 11042      Erik 	return (B_FALSE);
     0    stevel }
     0    stevel 
     0    stevel /*
     0    stevel  * ire_create is called to allocate and initialize a new IRE.
     0    stevel  *
     0    stevel  * NOTE : This is called as writer sometimes though not required
     0    stevel  * by this function.
     0    stevel  */
     0    stevel ire_t *
 11042      Erik ire_create(uchar_t *addr, uchar_t *mask, uchar_t *gateway,
 11042      Erik     ushort_t type, ill_t *ill, zoneid_t zoneid, uint_t flags, tsol_gc_t *gc,
 11042      Erik     ip_stack_t *ipst)
     0    stevel {
     0    stevel 	ire_t	*ire;
 11042      Erik 	int	error;
     0    stevel 
     0    stevel 	ire = kmem_cache_alloc(ire_cache, KM_NOSLEEP);
     0    stevel 	if (ire == NULL) {
 11042      Erik 		DTRACE_PROBE(kmem__cache__alloc);
     0    stevel 		return (NULL);
     0    stevel 	}
     0    stevel 	*ire = ire_null;
     0    stevel 
 11042      Erik 	error = ire_init_v4(ire, addr, mask, gateway, type, ill, zoneid, flags,
 11042      Erik 	    gc, ipst);
 11042      Erik 	if (error != 0) {
 11042      Erik 		DTRACE_PROBE2(ire__init, ire_t *, ire, int, error);
     0    stevel 		kmem_cache_free(ire_cache, ire);
     0    stevel 		return (NULL);
     0    stevel 	}
     0    stevel 	return (ire);
     0    stevel }
     0    stevel 
     0    stevel /*
     0    stevel  * Common to IPv4 and IPv6
 11042      Erik  * Returns zero or errno.
     0    stevel  */
 11042      Erik int
 11042      Erik ire_init_common(ire_t *ire, ushort_t type, ill_t *ill, zoneid_t zoneid,
 11042      Erik     uint_t flags, uchar_t ipversion, tsol_gc_t *gc, ip_stack_t *ipst)
     0    stevel {
 11042      Erik 	int error;
     0    stevel 
  1676       jpk #ifdef DEBUG
 11042      Erik 	if (ill != NULL) {
 11042      Erik 		if (ill->ill_isv6)
     0    stevel 			ASSERT(ipversion == IPV6_VERSION);
     0    stevel 		else
     0    stevel 			ASSERT(ipversion == IPV4_VERSION);
  1676       jpk 	}
  1676       jpk #endif /* DEBUG */
  1676       jpk 
  1676       jpk 	/*
  1676       jpk 	 * Create/initialize IRE security attribute only in Trusted mode;
 11042      Erik 	 * if the passed in gc is non-NULL, we expect that the caller
  1676       jpk 	 * has held a reference to it and will release it when this routine
  1676       jpk 	 * returns a failure, otherwise we own the reference.  We do this
  1676       jpk 	 * prior to initializing the rest IRE fields.
  1676       jpk 	 */
  1676       jpk 	if (is_system_labeled()) {
  1676       jpk 		if ((type & (IRE_LOCAL | IRE_LOOPBACK | IRE_BROADCAST |
 11042      Erik 		    IRE_IF_ALL | IRE_MULTICAST | IRE_NOROUTE)) != 0) {
  1676       jpk 			/* release references on behalf of caller */
  1676       jpk 			if (gc != NULL)
  1676       jpk 				GC_REFRELE(gc);
 11042      Erik 		} else {
 11042      Erik 			error = tsol_ire_init_gwattr(ire, ipversion, gc);
 11042      Erik 			if (error != 0)
 11042      Erik 				return (error);
  1676       jpk 		}
     0    stevel 	}
     0    stevel 
     0    stevel 	ire->ire_type = type;
     0    stevel 	ire->ire_flags = RTF_UP | flags;
     0    stevel 	ire->ire_create_time = (uint32_t)gethrestime_sec();
 11042      Erik 	ire->ire_generation = IRE_GENERATION_INITIAL;
     0    stevel 
     0    stevel 	/*
 11042      Erik 	 * The ill_ire_cnt isn't increased until
 11042      Erik 	 * the IRE is added to ensure that a walker will find
 11042      Erik 	 * all IREs that hold a reference on an ill.
     0    stevel 	 *
 11042      Erik 	 * Note that ill_ire_multicast doesn't hold a ref on the ill since
 11042      Erik 	 * ire_add() is not called for the IRE_MULTICAST.
     0    stevel 	 */
 11042      Erik 	ire->ire_ill = ill;
 11042      Erik 	ire->ire_zoneid = zoneid;
     0    stevel 	ire->ire_ipversion = ipversion;
 11042      Erik 
  2535  sangeeta 	mutex_init(&ire->ire_lock, NULL, MUTEX_DEFAULT, NULL);
     0    stevel 	ire->ire_refcnt = 1;
 11042      Erik 	ire->ire_identical_ref = 1;	/* Number of ire_delete's needed */
  3448  dh155122 	ire->ire_ipst = ipst;	/* No netstack_hold */
  5023  carlsonj 	ire->ire_trace_disable = B_FALSE;
  1676       jpk 
 11042      Erik 	return (0);
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * This creates an IRE_BROADCAST based on the arguments.
 11042      Erik  * A mirror is ire_lookup_bcast().
     0    stevel  *
 11042      Erik  * Any supression of unneeded ones is done in ire_add_v4.
 11042      Erik  * We add one IRE_BROADCAST per address. ire_send_broadcast_v4()
 11042      Erik  * takes care of generating a loopback copy of the packet.
     0    stevel  */
     0    stevel ire_t **
 11042      Erik ire_create_bcast(ill_t *ill, ipaddr_t addr, zoneid_t zoneid, ire_t **irep)
     0    stevel {
 11042      Erik 	ip_stack_t	*ipst = ill->ill_ipst;
     0    stevel 
 11042      Erik 	ASSERT(IAM_WRITER_ILL(ill));
  3448  dh155122 
     0    stevel 	*irep++ = ire_create(
     0    stevel 	    (uchar_t *)&addr,			/* dest addr */
     0    stevel 	    (uchar_t *)&ip_g_all_ones,		/* mask */
     0    stevel 	    NULL,				/* no gateway */
     0    stevel 	    IRE_BROADCAST,
 11042      Erik 	    ill,
 11042      Erik 	    zoneid,
 11042      Erik 	    RTF_KERNEL,
  4714   sowmini 	    NULL,
  4714   sowmini 	    ipst);
     0    stevel 
     0    stevel 	return (irep);
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * This looks up an IRE_BROADCAST based on the arguments.
 11042      Erik  * Mirrors ire_create_bcast().
     0    stevel  */
     0    stevel ire_t *
 11042      Erik ire_lookup_bcast(ill_t *ill, ipaddr_t addr, zoneid_t zoneid)
     0    stevel {
 11042      Erik 	ire_t		*ire;
 11042      Erik 	int		match_args;
     0    stevel 
 11042      Erik 	match_args = MATCH_IRE_TYPE | MATCH_IRE_ILL | MATCH_IRE_GW |
 11042      Erik 	    MATCH_IRE_MASK | MATCH_IRE_ZONEONLY;
     0    stevel 
 11042      Erik 	if (IS_UNDER_IPMP(ill))
 11042      Erik 		match_args |= MATCH_IRE_TESTHIDDEN;
     0    stevel 
 11042      Erik 	ire = ire_ftable_lookup_v4(
 11042      Erik 	    addr,				/* dest addr */
 11042      Erik 	    ip_g_all_ones,			/* mask */
 11042      Erik 	    0,					/* no gateway */
 11042      Erik 	    IRE_BROADCAST,
 11042      Erik 	    ill,
 11042      Erik 	    zoneid,
 11042      Erik 	    NULL,
 11042      Erik 	    match_args,
 11042      Erik 	    0,
 11042      Erik 	    ill->ill_ipst,
 11042      Erik 	    NULL);
 11042      Erik 	return (ire);
     0    stevel }
     0    stevel 
     0    stevel /* Arrange to call the specified function for every IRE in the world. */
     0    stevel void
  3448  dh155122 ire_walk(pfv_t func, void *arg, ip_stack_t *ipst)
  3448  dh155122 {
  3448  dh155122 	ire_walk_ipvers(func, arg, 0, ALL_ZONES, ipst);
  3448  dh155122 }
  3448  dh155122 
  3448  dh155122 void
  3448  dh155122 ire_walk_v4(pfv_t func, void *arg, zoneid_t zoneid, ip_stack_t *ipst)
  3448  dh155122 {
  3448  dh155122 	ire_walk_ipvers(func, arg, IPV4_VERSION, zoneid, ipst);
  3448  dh155122 }
  3448  dh155122 
  3448  dh155122 void
  3448  dh155122 ire_walk_v6(pfv_t func, void *arg, zoneid_t zoneid, ip_stack_t *ipst)
  3448  dh155122 {
  3448  dh155122 	ire_walk_ipvers(func, arg, IPV6_VERSION, zoneid, ipst);
     0    stevel }
     0    stevel 
     0    stevel /*
     0    stevel  * Walk a particular version. version == 0 means both v4 and v6.
     0    stevel  */
     0    stevel static void
  3448  dh155122 ire_walk_ipvers(pfv_t func, void *arg, uchar_t vers, zoneid_t zoneid,
  3448  dh155122     ip_stack_t *ipst)
     0    stevel {
     0    stevel 	if (vers != IPV6_VERSION) {
  2535  sangeeta 		/*
  2535  sangeeta 		 * ip_forwarding_table variable doesn't matter for IPv4 since
  3448  dh155122 		 * ire_walk_ill_tables uses ips_ip_ftable for IPv4.
  2535  sangeeta 		 */
     0    stevel 		ire_walk_ill_tables(0, 0, func, arg, IP_MASK_TABLE_SIZE,
  2535  sangeeta 		    0, NULL,
  3448  dh155122 		    NULL, zoneid, ipst);
     0    stevel 	}
     0    stevel 	if (vers != IPV4_VERSION) {
     0    stevel 		ire_walk_ill_tables(0, 0, func, arg, IP6_MASK_TABLE_SIZE,
  3448  dh155122 		    ipst->ips_ip6_ftable_hash_size,
  3448  dh155122 		    ipst->ips_ip_forwarding_table_v6,
 11042      Erik 		    NULL, zoneid, ipst);
     0    stevel 	}
     0    stevel }
     0    stevel 
     0    stevel /*
  7216      meem  * Arrange to call the specified function for every IRE that matches the ill.
     0    stevel  */
     0    stevel void
  1676       jpk ire_walk_ill(uint_t match_flags, uint_t ire_type, pfv_t func, void *arg,
     0    stevel     ill_t *ill)
     0    stevel {
  7216      meem 	uchar_t vers = (ill->ill_isv6 ? IPV6_VERSION : IPV4_VERSION);
  7216      meem 
  7216      meem 	ire_walk_ill_ipvers(match_flags, ire_type, func, arg, vers, ill);
     0    stevel }
     0    stevel 
     0    stevel /*
  7216      meem  * Walk a particular ill and version.
     0    stevel  */
     0    stevel static void
     0    stevel ire_walk_ill_ipvers(uint_t match_flags, uint_t ire_type, pfv_t func,
  1676       jpk     void *arg, uchar_t vers, ill_t *ill)
     0    stevel {
  3448  dh155122 	ip_stack_t	*ipst = ill->ill_ipst;
  3448  dh155122 
  7216      meem 	if (vers == IPV4_VERSION) {
     0    stevel 		ire_walk_ill_tables(match_flags, ire_type, func, arg,
 11042      Erik 		    IP_MASK_TABLE_SIZE,
 11042      Erik 		    0, NULL,
 11042      Erik 		    ill, ALL_ZONES, ipst);
 11042      Erik 	}
 11042      Erik 	if (vers != IPV4_VERSION) {
     0    stevel 		ire_walk_ill_tables(match_flags, ire_type, func, arg,
  3448  dh155122 		    IP6_MASK_TABLE_SIZE, ipst->ips_ip6_ftable_hash_size,
  3448  dh155122 		    ipst->ips_ip_forwarding_table_v6,
 11042      Erik 		    ill, ALL_ZONES, ipst);
     0    stevel 	}
     0    stevel }
     0    stevel 
 11042      Erik /*
 11042      Erik  * Do the specific matching of IREs to shared-IP zones.
 11042      Erik  *
 11042      Erik  * We have the same logic as in ire_match_args but implemented slightly
 11042      Erik  * differently.
 11042      Erik  */
  2535  sangeeta boolean_t
     0    stevel ire_walk_ill_match(uint_t match_flags, uint_t ire_type, ire_t *ire,
  3448  dh155122     ill_t *ill, zoneid_t zoneid, ip_stack_t *ipst)
     0    stevel {
 11131      Erik 	ill_t *dst_ill = ire->ire_ill;
     0    stevel 
     0    stevel 	ASSERT(match_flags != 0 || zoneid != ALL_ZONES);
     0    stevel 
 11042      Erik 	if (zoneid != ALL_ZONES && zoneid != ire->ire_zoneid &&
 11042      Erik 	    ire->ire_zoneid != ALL_ZONES) {
     0    stevel 		/*
     0    stevel 		 * We're walking the IREs for a specific zone. The only relevant
     0    stevel 		 * IREs are:
     0    stevel 		 * - all IREs with a matching ire_zoneid
 11042      Erik 		 * - IRE_IF_ALL IREs for interfaces with a usable source addr
     0    stevel 		 *   with a matching zone
 11042      Erik 		 * - IRE_OFFLINK with a gateway reachable from the zone
 11042      Erik 		 * Note that ealier we only did the IRE_OFFLINK check for
 11042      Erik 		 * IRE_DEFAULT (and only when we had multiple IRE_DEFAULTs).
     0    stevel 		 */
 11042      Erik 		if (ire->ire_type & IRE_ONLINK) {
 11042      Erik 			uint_t	ifindex;
 11042      Erik 
     0    stevel 			/*
 11042      Erik 			 * Note there is no IRE_INTERFACE on vniN thus
 11042      Erik 			 * can't do an IRE lookup for a matching route.
     0    stevel 			 */
 11042      Erik 			ifindex = dst_ill->ill_usesrc_ifindex;
 11042      Erik 			if (ifindex == 0)
 11042      Erik 				return (B_FALSE);
     0    stevel 
 11042      Erik 			/*
 11042      Erik 			 * If there is a usable source address in the
 11042      Erik 			 * zone, then it's ok to return an
 11042      Erik 			 * IRE_INTERFACE
 11042      Erik 			 */
 11042      Erik 			if (!ipif_zone_avail(ifindex, dst_ill->ill_isv6,
 11042      Erik 			    zoneid, ipst)) {
 11042      Erik 				return (B_FALSE);
 11042      Erik 			}
 11042      Erik 		}
 11042      Erik 		if (dst_ill != NULL && (ire->ire_type & IRE_OFFLINK)) {
 11042      Erik 			ipif_t	*tipif;
 11042      Erik 
 11042      Erik 			mutex_enter(&dst_ill->ill_lock);
 11042      Erik 			for (tipif = dst_ill->ill_ipif;
 11042      Erik 			    tipif != NULL; tipif = tipif->ipif_next) {
 11042      Erik 				if (!IPIF_IS_CONDEMNED(tipif) &&
 11042      Erik 				    (tipif->ipif_flags & IPIF_UP) &&
 11042      Erik 				    (tipif->ipif_zoneid == zoneid ||
 11042      Erik 				    tipif->ipif_zoneid == ALL_ZONES))
 11042      Erik 					break;
 11042      Erik 			}
 11042      Erik 			mutex_exit(&dst_ill->ill_lock);
 11042      Erik 			if (tipif == NULL) {
     0    stevel 				return (B_FALSE);
     0    stevel 			}
     0    stevel 		}
 11131      Erik 	}
 11131      Erik 	/*
 11131      Erik 	 * Except for ALL_ZONES, we only match the offlink routes
 11131      Erik 	 * where ire_gateway_addr has an IRE_INTERFACE for the zoneid.
 11131      Erik 	 */
 11131      Erik 	if ((ire->ire_type & IRE_OFFLINK) && zoneid != ALL_ZONES) {
 11131      Erik 		in6_addr_t gw_addr_v6;
     0    stevel 
 11131      Erik 		if (ire->ire_ipversion == IPV4_VERSION) {
 11131      Erik 			if (!ire_gateway_ok_zone_v4(ire->ire_gateway_addr,
 11131      Erik 			    zoneid, dst_ill, NULL, ipst, B_FALSE))
 11131      Erik 				return (B_FALSE);
 11131      Erik 		} else {
 11131      Erik 			ASSERT(ire->ire_ipversion == IPV6_VERSION);
 11131      Erik 			mutex_enter(&ire->ire_lock);
 11131      Erik 			gw_addr_v6 = ire->ire_gateway_addr_v6;
 11131      Erik 			mutex_exit(&ire->ire_lock);
  8485     Peter 
 11131      Erik 			if (!ire_gateway_ok_zone_v6(&gw_addr_v6, zoneid,
 11131      Erik 			    dst_ill, NULL, ipst, B_FALSE))
 11131      Erik 				return (B_FALSE);
     0    stevel 		}
     0    stevel 	}
     0    stevel 
     0    stevel 	if (((!(match_flags & MATCH_IRE_TYPE)) ||
  4714   sowmini 	    (ire->ire_type & ire_type)) &&
     0    stevel 	    ((!(match_flags & MATCH_IRE_ILL)) ||
 11042      Erik 	    (dst_ill == ill ||
 11042      Erik 	    dst_ill != NULL && IS_IN_SAME_ILLGRP(dst_ill, ill)))) {
     0    stevel 		return (B_TRUE);
     0    stevel 	}
     0    stevel 	return (B_FALSE);
     0    stevel }
     0    stevel 
  2535  sangeeta int
  2535  sangeeta rtfunc(struct radix_node *rn, void *arg)
  2535  sangeeta {
  2535  sangeeta 	struct rtfuncarg *rtf = arg;
  2535  sangeeta 	struct rt_entry *rt;
  2535  sangeeta 	irb_t *irb;
  2535  sangeeta 	ire_t *ire;
  2535  sangeeta 	boolean_t ret;
  2535  sangeeta 
  2535  sangeeta 	rt = (struct rt_entry *)rn;
  2535  sangeeta 	ASSERT(rt != NULL);
  2535  sangeeta 	irb = &rt->rt_irb;
  2535  sangeeta 	for (ire = irb->irb_ire; ire != NULL; ire = ire->ire_next) {
  2535  sangeeta 		if ((rtf->rt_match_flags != 0) ||
  2535  sangeeta 		    (rtf->rt_zoneid != ALL_ZONES)) {
  2535  sangeeta 			ret = ire_walk_ill_match(rtf->rt_match_flags,
  2535  sangeeta 			    rtf->rt_ire_type, ire,
  3448  dh155122 			    rtf->rt_ill, rtf->rt_zoneid, rtf->rt_ipst);
 11042      Erik 		} else {
  2535  sangeeta 			ret = B_TRUE;
 11042      Erik 		}
  2535  sangeeta 		if (ret)
  2535  sangeeta 			(*rtf->rt_func)(ire, rtf->rt_arg);
  2535  sangeeta 	}
  2535  sangeeta 	return (0);
  2535  sangeeta }
  2535  sangeeta 
     0    stevel /*
 11042      Erik  * Walk the ftable entries that match the ill.
     0    stevel  */
  2535  sangeeta void
     0    stevel ire_walk_ill_tables(uint_t match_flags, uint_t ire_type, pfv_t func,
  1676       jpk     void *arg, size_t ftbl_sz, size_t htbl_sz, irb_t **ipftbl,
 11042      Erik     ill_t *ill, zoneid_t zoneid,
  3448  dh155122     ip_stack_t *ipst)
     0    stevel {
     0    stevel 	irb_t	*irb_ptr;
     0    stevel 	irb_t	*irb;
     0    stevel 	ire_t	*ire;
     0    stevel 	int i, j;
     0    stevel 	boolean_t ret;
  2535  sangeeta 	struct rtfuncarg rtfarg;
     0    stevel 
  8485     Peter 	ASSERT((!(match_flags & MATCH_IRE_ILL)) || (ill != NULL));
     0    stevel 	ASSERT(!(match_flags & MATCH_IRE_TYPE) || (ire_type != 0));
 11042      Erik 
 11042      Erik 	/* knobs such that routine is called only for v6 case */
 11042      Erik 	if (ipftbl == ipst->ips_ip_forwarding_table_v6) {
 11042      Erik 		for (i = (ftbl_sz - 1);  i >= 0; i--) {
 11042      Erik 			if ((irb_ptr = ipftbl[i]) == NULL)
 11042      Erik 				continue;
 11042      Erik 			for (j = 0; j < htbl_sz; j++) {
 11042      Erik 				irb = &irb_ptr[j];
 11042      Erik 				if (irb->irb_ire == NULL)
     0    stevel 					continue;
  2535  sangeeta 
 11042      Erik 				irb_refhold(irb);
 11042      Erik 				for (ire = irb->irb_ire; ire != NULL;
 11042      Erik 				    ire = ire->ire_next) {
 11042      Erik 					if (match_flags == 0 &&
 11042      Erik 					    zoneid == ALL_ZONES) {
 11042      Erik 						ret = B_TRUE;
 11042      Erik 					} else {
 11042      Erik 						ret =
 11042      Erik 						    ire_walk_ill_match(
 11042      Erik 						    match_flags,
 11042      Erik 						    ire_type, ire, ill,
 11042      Erik 						    zoneid, ipst);
     0    stevel 					}
 11042      Erik 					if (ret)
 11042      Erik 						(*func)(ire, arg);
  2535  sangeeta 				}
 11042      Erik 				irb_refrele(irb);
  2535  sangeeta 			}
     0    stevel 		}
 11042      Erik 	} else {
 11131      Erik 		bzero(&rtfarg, sizeof (rtfarg));
 11042      Erik 		rtfarg.rt_func = func;
 11042      Erik 		rtfarg.rt_arg = arg;
 11042      Erik 		if (match_flags != 0) {
 11042      Erik 			rtfarg.rt_match_flags = match_flags;
     0    stevel 		}
 11042      Erik 		rtfarg.rt_ire_type = ire_type;
 11042      Erik 		rtfarg.rt_ill = ill;
 11042      Erik 		rtfarg.rt_zoneid = zoneid;
 11042      Erik 		rtfarg.rt_ipst = ipst;	/* No netstack_hold */
 11042      Erik 		(void) ipst->ips_ip_ftable->rnh_walktree_mt(
 11042      Erik 		    ipst->ips_ip_ftable,
 11042      Erik 		    rtfunc, &rtfarg, irb_refhold_rn, irb_refrele_rn);
     0    stevel 	}
     0    stevel }
     0    stevel 
     0    stevel /*
     0    stevel  * This function takes a mask and returns
     0    stevel  * number of bits set in the mask. If no
     0    stevel  * bit is set it returns 0.
     0    stevel  * Assumes a contiguous mask.
     0    stevel  */
     0    stevel int
     0    stevel ip_mask_to_plen(ipaddr_t mask)
     0    stevel {
     0    stevel 	return (mask == 0 ? 0 : IP_ABITS - (ffs(ntohl(mask)) -1));
     0    stevel }
     0    stevel 
     0    stevel /*
     0    stevel  * Convert length for a mask to the mask.
     0    stevel  */
     0    stevel ipaddr_t
     0    stevel ip_plen_to_mask(uint_t masklen)
     0    stevel {
 11042      Erik 	if (masklen == 0)
 11042      Erik 		return (0);
 11042      Erik 
     0    stevel 	return (htonl(IP_HOST_MASK << (IP_ABITS - masklen)));
     0    stevel }
     0    stevel 
     0    stevel void
     0    stevel ire_atomic_end(irb_t *irb_ptr, ire_t *ire)
     0    stevel {
 11042      Erik 	ill_t		*ill;
  8564     Peter 
 11042      Erik 	ill = ire->ire_ill;
 11042      Erik 	if (ill != NULL)
 11042      Erik 		mutex_exit(&ill->ill_lock);
     0    stevel 	rw_exit(&irb_ptr->irb_lock);
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * ire_add_v[46] atomically make sure that the ill associated
 11042      Erik  * with the new ire is not going away i.e., we check ILL_CONDEMNED.
     0    stevel  */
     0    stevel int
 11042      Erik ire_atomic_start(irb_t *irb_ptr, ire_t *ire)
     0    stevel {
 11042      Erik 	ill_t		*ill;
     0    stevel 
 11042      Erik 	ill = ire->ire_ill;
     0    stevel 
     0    stevel 	rw_enter(&irb_ptr->irb_lock, RW_WRITER);
 11042      Erik 	if (ill != NULL) {
 11042      Erik 		mutex_enter(&ill->ill_lock);
     0    stevel 
 11042      Erik 		/*
 11042      Erik 		 * Don't allow IRE's to be created on dying ills.
 11042      Erik 		 */
 11042      Erik 		if (ill->ill_state_flags & ILL_CONDEMNED) {
 11042      Erik 			ire_atomic_end(irb_ptr, ire);
 11042      Erik 			return (ENXIO);
     0    stevel 		}
     0    stevel 
 11042      Erik 		if (IS_UNDER_IPMP(ill)) {
 11042      Erik 			int	error = 0;
 11042      Erik 			mutex_enter(&ill->ill_phyint->phyint_lock);
 11042      Erik 			if (!ipmp_ill_is_active(ill) &&
 11042      Erik 			    IRE_HIDDEN_TYPE(ire->ire_type) &&
 11042      Erik 			    !ire->ire_testhidden) {
  8485     Peter 				error = EINVAL;
  8485     Peter 			}
 11042      Erik 			mutex_exit(&ill->ill_phyint->phyint_lock);
 11042      Erik 			if (error != 0) {
 11042      Erik 				ire_atomic_end(irb_ptr, ire);
 11042      Erik 				return (error);
 11042      Erik 			}
  8485     Peter 		}
 11042      Erik 
  8485     Peter 	}
 11042      Erik 	return (0);
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * Add a fully initialized IRE to the forwarding table.
 11042      Erik  * This returns NULL on failure, or a held IRE on success.
 11042      Erik  * Normally the returned IRE is the same as the argument. But a different
 11042      Erik  * IRE will be returned if the added IRE is deemed identical to an existing
 11042      Erik  * one. In that case ire_identical_ref will be increased.
 11042      Erik  * The caller always needs to do an ire_refrele() on the returned IRE.
  2535  sangeeta  */
 11042      Erik ire_t *
 11042      Erik ire_add(ire_t *ire)
     0    stevel {
 11042      Erik 	if (IRE_HIDDEN_TYPE(ire->ire_type) &&
 11042      Erik 	    ire->ire_ill != NULL && IS_UNDER_IPMP(ire->ire_ill)) {
  2416   jarrett 		/*
 11042      Erik 		 * IREs hosted on interfaces that are under IPMP
 11042      Erik 		 * should be hidden so that applications don't
 11042      Erik 		 * accidentally end up sending packets with test
 11042      Erik 		 * addresses as their source addresses, or
 11042      Erik 		 * sending out interfaces that are e.g. IFF_INACTIVE.
 11042      Erik 		 * Hide them here.
  2416   jarrett 		 */
 11042      Erik 		ire->ire_testhidden = B_TRUE;
     0    stevel 	}
     0    stevel 
  4823       seb 	if (ire->ire_ipversion == IPV6_VERSION)
 11042      Erik 		return (ire_add_v6(ire));
  4823       seb 	else
 11042      Erik 		return (ire_add_v4(ire));
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * Add a fully initialized IPv4 IRE to the forwarding table.
 11042      Erik  * This returns NULL on failure, or a held IRE on success.
 11042      Erik  * Normally the returned IRE is the same as the argument. But a different
 11042      Erik  * IRE will be returned if the added IRE is deemed identical to an existing
 11042      Erik  * one. In that case ire_identical_ref will be increased.
 11042      Erik  * The caller always needs to do an ire_refrele() on the returned IRE.
     0    stevel  */
 11042      Erik static ire_t *
 11042      Erik ire_add_v4(ire_t *ire)
     0    stevel {
     0    stevel 	ire_t	*ire1;
     0    stevel 	irb_t	*irb_ptr;
     0    stevel 	ire_t	**irep;
 11042      Erik 	int	match_flags;
     0    stevel 	int	error;
  3448  dh155122 	ip_stack_t	*ipst = ire->ire_ipst;
  8485     Peter 
 11042      Erik 	if (ire->ire_ill != NULL)
 11042      Erik 		ASSERT(!MUTEX_HELD(&ire->ire_ill->ill_lock));
     0    stevel 	ASSERT(ire->ire_ipversion == IPV4_VERSION);
     0    stevel 
     0    stevel 	/* Make sure the address is properly masked. */
     0    stevel 	ire->ire_addr &= ire->ire_mask;
     0    stevel 
 11042      Erik 	match_flags = (MATCH_IRE_MASK | MATCH_IRE_TYPE | MATCH_IRE_GW);
  2535  sangeeta 
 11042      Erik 	if (ire->ire_ill != NULL) {
 11042      Erik 		match_flags |= MATCH_IRE_ILL;
     0    stevel 	}
 11042      Erik 	irb_ptr = ire_get_bucket(ire);
 11042      Erik 	if (irb_ptr == NULL) {
 11042      Erik 		printf("no bucket for %p\n", (void *)ire);
 11042      Erik 		ire_delete(ire);
 11042      Erik 		return (NULL);
  2535  sangeeta 	}
     0    stevel 
     0    stevel 	/*
 11042      Erik 	 * Start the atomic add of the ire. Grab the ill lock,
 11042      Erik 	 * the bucket lock. Check for condemned.
  3448  dh155122 	 */
 11042      Erik 	error = ire_atomic_start(irb_ptr, ire);
     0    stevel 	if (error != 0) {
 11042      Erik 		printf("no ire_atomic_start for %p\n", (void *)ire);
     0    stevel 		ire_delete(ire);
 11042      Erik 		irb_refrele(irb_ptr);
 11042      Erik 		return (NULL);
     0    stevel 	}
     0    stevel 	/*
 11042      Erik 	 * If we are creating a hidden IRE, make sure we search for
 11042      Erik 	 * hidden IREs when searching for duplicates below.
 11042      Erik 	 * Otherwise, we might find an IRE on some other interface
 11042      Erik 	 * that's not marked hidden.
     0    stevel 	 */
 11042      Erik 	if (ire->ire_testhidden)
 11042      Erik 		match_flags |= MATCH_IRE_TESTHIDDEN;
     0    stevel 
     0    stevel 	/*
     0    stevel 	 * Atomically check for duplicate and insert in the table.
     0    stevel 	 */
     0    stevel 	for (ire1 = irb_ptr->irb_ire; ire1 != NULL; ire1 = ire1->ire_next) {
 11042      Erik 		if (IRE_IS_CONDEMNED(ire1))
     0    stevel 			continue;
 11042      Erik 		/*
 11042      Erik 		 * Here we need an exact match on zoneid, i.e.,
 11042      Erik 		 * ire_match_args doesn't fit.
 11042      Erik 		 */
     0    stevel 		if (ire1->ire_zoneid != ire->ire_zoneid)
     0    stevel 			continue;
 11042      Erik 
 11042      Erik 		if (ire1->ire_type != ire->ire_type)
 11042      Erik 			continue;
 11042      Erik 
 11042      Erik 		/*
 11042      Erik 		 * Note: We do not allow multiple routes that differ only
 11042      Erik 		 * in the gateway security attributes; such routes are
 11042      Erik 		 * considered duplicates.
 11042      Erik 		 * To change that we explicitly have to treat them as
 11042      Erik 		 * different here.
 11042      Erik 		 */
     0    stevel 		if (ire_match_args(ire1, ire->ire_addr, ire->ire_mask,
 11042      Erik 		    ire->ire_gateway_addr, ire->ire_type, ire->ire_ill,
 11042      Erik 		    ire->ire_zoneid, NULL, match_flags)) {
     0    stevel 			/*
     0    stevel 			 * Return the old ire after doing a REFHOLD.
     0    stevel 			 * As most of the callers continue to use the IRE
     0    stevel 			 * after adding, we return a held ire. This will
     0    stevel 			 * avoid a lookup in the caller again. If the callers
     0    stevel 			 * don't want to use it, they need to do a REFRELE.
     0    stevel 			 */
 11042      Erik 			atomic_add_32(&ire1->ire_identical_ref, 1);
 11042      Erik 			DTRACE_PROBE2(ire__add__exist, ire_t *, ire1,
 11042      Erik 			    ire_t *, ire);
 11042      Erik 			ire_refhold(ire1);
     0    stevel 			ire_atomic_end(irb_ptr, ire);
     0    stevel 			ire_delete(ire);
 11042      Erik 			irb_refrele(irb_ptr);
 11042      Erik 			return (ire1);
     0    stevel 		}
     0    stevel 	}
  8485     Peter 
     0    stevel 	/*
 11042      Erik 	 * Normally we do head insertion since most things do not care about
 11042      Erik 	 * the order of the IREs in the bucket. Note that ip_cgtp_bcast_add
 11042      Erik 	 * assumes we at least do head insertion so that its IRE_BROADCAST
 11042      Erik 	 * arrive ahead of existing IRE_HOST for the same address.
 11042      Erik 	 * However, due to shared-IP zones (and restrict_interzone_loopback)
 11042      Erik 	 * we can have an IRE_LOCAL as well as IRE_IF_CLONE for the same
 11042      Erik 	 * address. For that reason we do tail insertion for IRE_IF_CLONE.
 11042      Erik 	 * Due to the IRE_BROADCAST on cgtp0, which must be last in the bucket,
 11042      Erik 	 * we do tail insertion of IRE_BROADCASTs that do not have RTF_MULTIRT
 11042      Erik 	 * set.
     0    stevel 	 */
     0    stevel 	irep = (ire_t **)irb_ptr;
 11042      Erik 	if ((ire->ire_type & IRE_IF_CLONE) ||
 11042      Erik 	    ((ire->ire_type & IRE_BROADCAST) &&
 11042      Erik 	    !(ire->ire_flags & RTF_MULTIRT))) {
 11042      Erik 		while ((ire1 = *irep) != NULL)
     0    stevel 			irep = &ire1->ire_next;
     0    stevel 	}
     0    stevel 	/* Insert at *irep */
     0    stevel 	ire1 = *irep;
     0    stevel 	if (ire1 != NULL)
     0    stevel 		ire1->ire_ptpn = &ire->ire_next;
     0    stevel 	ire->ire_next = ire1;
     0    stevel 	/* Link the new one in. */
     0    stevel 	ire->ire_ptpn = irep;
     0    stevel 
     0    stevel 	/*
     0    stevel 	 * ire_walk routines de-reference ire_next without holding
     0    stevel 	 * a lock. Before we point to the new ire, we want to make
     0    stevel 	 * sure the store that sets the ire_next of the new ire
     0    stevel 	 * reaches global visibility, so that ire_walk routines
     0    stevel 	 * don't see a truncated list of ires i.e if the ire_next
     0    stevel 	 * of the new ire gets set after we do "*irep = ire" due
     0    stevel 	 * to re-ordering, the ire_walk thread will see a NULL
     0    stevel 	 * once it accesses the ire_next of the new ire.
     0    stevel 	 * membar_producer() makes sure that the following store
     0    stevel 	 * happens *after* all of the above stores.
     0    stevel 	 */
     0    stevel 	membar_producer();
     0    stevel 	*irep = ire;
     0    stevel 	ire->ire_bucket = irb_ptr;
     0    stevel 	/*
     0    stevel 	 * We return a bumped up IRE above. Keep it symmetrical
     0    stevel 	 * so that the callers will always have to release. This
     0    stevel 	 * helps the callers of this function because they continue
     0    stevel 	 * to use the IRE after adding and hence they don't have to
     0    stevel 	 * lookup again after we return the IRE.
     0    stevel 	 *
     0    stevel 	 * NOTE : We don't have to use atomics as this is appearing
     0    stevel 	 * in the list for the first time and no one else can bump
     0    stevel 	 * up the reference count on this yet.
     0    stevel 	 */
 11042      Erik 	ire_refhold_locked(ire);
  3448  dh155122 	BUMP_IRE_STATS(ipst->ips_ire_stats_v4, ire_stats_inserted);
  2535  sangeeta 
     0    stevel 	irb_ptr->irb_ire_cnt++;
 11042      Erik 	if (irb_ptr->irb_marks & IRB_MARK_DYNAMIC)
  2535  sangeeta 		irb_ptr->irb_nire++;
  2535  sangeeta 
 11042      Erik 	if (ire->ire_ill != NULL) {
 11042      Erik 		ire->ire_ill->ill_ire_cnt++;
 11042      Erik 		ASSERT(ire->ire_ill->ill_ire_cnt != 0);	/* Wraparound */
     0    stevel 	}
     0    stevel 
     0    stevel 	ire_atomic_end(irb_ptr, ire);
     0    stevel 
 11042      Erik 	/* Make any caching of the IREs be notified or updated */
 11042      Erik 	ire_flush_cache_v4(ire, IRE_FLUSH_ADD);
     0    stevel 
 11042      Erik 	if (ire->ire_ill != NULL)
 11042      Erik 		ASSERT(!MUTEX_HELD(&ire->ire_ill->ill_lock));
 11042      Erik 	irb_refrele(irb_ptr);
 11042      Erik 	return (ire);
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * irb_refrele is the only caller of the function. ire_unlink calls to
     0    stevel  * do the final cleanup for this ire.
     0    stevel  */
     0    stevel void
     0    stevel ire_cleanup(ire_t *ire)
     0    stevel {
     0    stevel 	ire_t *ire_next;
  3448  dh155122 	ip_stack_t *ipst = ire->ire_ipst;
     0    stevel 
     0    stevel 	ASSERT(ire != NULL);
     0    stevel 
     0    stevel 	while (ire != NULL) {
     0    stevel 		ire_next = ire->ire_next;
     0    stevel 		if (ire->ire_ipversion == IPV4_VERSION) {
     0    stevel 			ire_delete_v4(ire);
  3448  dh155122 			BUMP_IRE_STATS(ipst->ips_ire_stats_v4,
  3448  dh155122 			    ire_stats_deleted);
     0    stevel 		} else {
     0    stevel 			ASSERT(ire->ire_ipversion == IPV6_VERSION);
     0    stevel 			ire_delete_v6(ire);
  3448  dh155122 			BUMP_IRE_STATS(ipst->ips_ire_stats_v6,
  3448  dh155122 			    ire_stats_deleted);
     0    stevel 		}
     0    stevel 		/*
     0    stevel 		 * Now it's really out of the list. Before doing the
     0    stevel 		 * REFRELE, set ire_next to NULL as ire_inactive asserts
     0    stevel 		 * so.
     0    stevel 		 */
     0    stevel 		ire->ire_next = NULL;
 11042      Erik 		ire_refrele_notr(ire);
     0    stevel 		ire = ire_next;
     0    stevel 	}
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * irb_refrele is the only caller of the function. It calls to unlink
     0    stevel  * all the CONDEMNED ires from this bucket.
     0    stevel  */
     0    stevel ire_t *
     0    stevel ire_unlink(irb_t *irb)
     0    stevel {
     0    stevel 	ire_t *ire;
     0    stevel 	ire_t *ire1;
     0    stevel 	ire_t **ptpn;
     0    stevel 	ire_t *ire_list = NULL;
     0    stevel 
     0    stevel 	ASSERT(RW_WRITE_HELD(&irb->irb_lock));
 11042      Erik 	ASSERT(((irb->irb_marks & IRB_MARK_DYNAMIC) && irb->irb_refcnt == 1) ||
  2535  sangeeta 	    (irb->irb_refcnt == 0));
  2535  sangeeta 	ASSERT(irb->irb_marks & IRB_MARK_CONDEMNED);
     0    stevel 	ASSERT(irb->irb_ire != NULL);
     0    stevel 
     0    stevel 	for (ire = irb->irb_ire; ire != NULL; ire = ire1) {
     0    stevel 		ire1 = ire->ire_next;
 11042      Erik 		if (IRE_IS_CONDEMNED(ire)) {
     0    stevel 			ptpn = ire->ire_ptpn;
     0    stevel 			ire1 = ire->ire_next;
     0    stevel 			if (ire1)
     0    stevel 				ire1->ire_ptpn = ptpn;
     0    stevel 			*ptpn = ire1;
     0    stevel 			ire->ire_ptpn = NULL;
     0    stevel 			ire->ire_next = NULL;
 11042      Erik 
     0    stevel 			/*
 11042      Erik 			 * We need to call ire_delete_v4 or ire_delete_v6 to
 11042      Erik 			 * clean up dependents and the redirects pointing at
     0    stevel 			 * the default gateway. We need to drop the lock
     0    stevel 			 * as ire_flush_cache/ire_delete_host_redircts require
     0    stevel 			 * so. But we can't drop the lock, as ire_unlink needs
     0    stevel 			 * to atomically remove the ires from the list.
     0    stevel 			 * So, create a temporary list of CONDEMNED ires
     0    stevel 			 * for doing ire_delete_v4/ire_delete_v6 operations
     0    stevel 			 * later on.
     0    stevel 			 */
     0    stevel 			ire->ire_next = ire_list;
     0    stevel 			ire_list = ire;
     0    stevel 		}
     0    stevel 	}
  2535  sangeeta 	irb->irb_marks &= ~IRB_MARK_CONDEMNED;
     0    stevel 	return (ire_list);
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * Clean up the radix node for this ire. Must be called by irb_refrele
  2535  sangeeta  * when there are no ire's left in the bucket. Returns TRUE if the bucket
  2535  sangeeta  * is deleted and freed.
  2535  sangeeta  */
  2535  sangeeta boolean_t
  2535  sangeeta irb_inactive(irb_t *irb)
  2535  sangeeta {
  2535  sangeeta 	struct rt_entry *rt;
  2535  sangeeta 	struct radix_node *rn;
  3448  dh155122 	ip_stack_t *ipst = irb->irb_ipst;
  3448  dh155122 
  3448  dh155122 	ASSERT(irb->irb_ipst != NULL);
  2535  sangeeta 
  2535  sangeeta 	rt = IRB2RT(irb);
  2535  sangeeta 	rn = (struct radix_node *)rt;
  2535  sangeeta 
  2535  sangeeta 	/* first remove it from the radix tree. */
  3448  dh155122 	RADIX_NODE_HEAD_WLOCK(ipst->ips_ip_ftable);
  2535  sangeeta 	rw_enter(&irb->irb_lock, RW_WRITER);
  2535  sangeeta 	if (irb->irb_refcnt == 1 && irb->irb_nire == 0) {
  3448  dh155122 		rn = ipst->ips_ip_ftable->rnh_deladdr(rn->rn_key, rn->rn_mask,
  3448  dh155122 		    ipst->ips_ip_ftable);
  2535  sangeeta 		DTRACE_PROBE1(irb__free, rt_t *,  rt);
  2535  sangeeta 		ASSERT((void *)rn == (void *)rt);
  2535  sangeeta 		Free(rt, rt_entry_cache);
  2535  sangeeta 		/* irb_lock is freed */
  3448  dh155122 		RADIX_NODE_HEAD_UNLOCK(ipst->ips_ip_ftable);
  2535  sangeeta 		return (B_TRUE);
  2535  sangeeta 	}
  2535  sangeeta 	rw_exit(&irb->irb_lock);
  3448  dh155122 	RADIX_NODE_HEAD_UNLOCK(ipst->ips_ip_ftable);
  2535  sangeeta 	return (B_FALSE);
     0    stevel }
     0    stevel 
     0    stevel /*
     0    stevel  * Delete the specified IRE.
 11042      Erik  * We assume that if ire_bucket is not set then ire_ill->ill_ire_cnt was
 11042      Erik  * not incremented i.e., that the insertion in the bucket and the increment
 11042      Erik  * of that counter is done atomically.
     0    stevel  */
     0    stevel void
     0    stevel ire_delete(ire_t *ire)
     0    stevel {
     0    stevel 	ire_t	*ire1;
     0    stevel 	ire_t	**ptpn;
 11042      Erik 	irb_t	*irb;
 11042      Erik 	nce_t	*nce;
  3448  dh155122 	ip_stack_t	*ipst = ire->ire_ipst;
 11042      Erik 
 11042      Erik 	/* We can clear ire_nce_cache under ire_lock even if the IRE is used */
 11042      Erik 	mutex_enter(&ire->ire_lock);
 11042      Erik 	nce = ire->ire_nce_cache;
 11042      Erik 	ire->ire_nce_cache = NULL;
 11042      Erik 	mutex_exit(&ire->ire_lock);
 11042      Erik 	if (nce != NULL)
 11042      Erik 		nce_refrele(nce);
     0    stevel 
     0    stevel 	if ((irb = ire->ire_bucket) == NULL) {
  2535  sangeeta 		/*
  2535  sangeeta 		 * It was never inserted in the list. Should call REFRELE
  2535  sangeeta 		 * to free this IRE.
  2535  sangeeta 		 */
 11042      Erik 		ire_refrele_notr(ire);
     0    stevel 		return;
     0    stevel 	}
     0    stevel 
 11042      Erik 	/*
 11042      Erik 	 * Move the use counts from an IRE_IF_CLONE to its parent
 11042      Erik 	 * IRE_INTERFACE.
 11042      Erik 	 * We need to do this before acquiring irb_lock.
 11042      Erik 	 */
 11042      Erik 	if (ire->ire_type & IRE_IF_CLONE) {
 11042      Erik 		ire_t *parent;
     0    stevel 
 11042      Erik 		rw_enter(&ipst->ips_ire_dep_lock, RW_READER);
 11042      Erik 		if ((parent = ire->ire_dep_parent) != NULL) {
 11042      Erik 			parent->ire_ob_pkt_count += ire->ire_ob_pkt_count;
 11042      Erik 			parent->ire_ib_pkt_count += ire->ire_ib_pkt_count;
 11042      Erik 			ire->ire_ob_pkt_count = 0;
 11042      Erik 			ire->ire_ib_pkt_count = 0;
 11042      Erik 		}
 11042      Erik 		rw_exit(&ipst->ips_ire_dep_lock);
  2535  sangeeta 	}
  2535  sangeeta 
 11042      Erik 	rw_enter(&irb->irb_lock, RW_WRITER);
     0    stevel 	if (ire->ire_ptpn == NULL) {
     0    stevel 		/*
     0    stevel 		 * Some other thread has removed us from the list.
     0    stevel 		 * It should have done the REFRELE for us.
     0    stevel 		 */
     0    stevel 		rw_exit(&irb->irb_lock);
     0    stevel 		return;
     0    stevel 	}
     0    stevel 
 11042      Erik 	if (!IRE_IS_CONDEMNED(ire)) {
 11042      Erik 		/* Is this an IRE representing multiple duplicate entries? */
 11042      Erik 		ASSERT(ire->ire_identical_ref >= 1);
 11042      Erik 		if (atomic_add_32_nv(&ire->ire_identical_ref, -1) != 0) {
 11042      Erik 			/* Removed one of the identical parties */
 11042      Erik 			rw_exit(&irb->irb_lock);
 11042      Erik 			return;
 11042      Erik 		}
 11042      Erik 
  5388   ja97890 		irb->irb_ire_cnt--;
 11042      Erik 		ire_make_condemned(ire);
  5388   ja97890 	}
  5388   ja97890 
     0    stevel 	if (irb->irb_refcnt != 0) {
     0    stevel 		/*
     0    stevel 		 * The last thread to leave this bucket will
     0    stevel 		 * delete this ire.
     0    stevel 		 */
  2535  sangeeta 		irb->irb_marks |= IRB_MARK_CONDEMNED;
     0    stevel 		rw_exit(&irb->irb_lock);
     0    stevel 		return;
     0    stevel 	}
     0    stevel 
     0    stevel 	/*
     0    stevel 	 * Normally to delete an ire, we walk the bucket. While we
     0    stevel 	 * walk the bucket, we normally bump up irb_refcnt and hence
     0    stevel 	 * we return from above where we mark CONDEMNED and the ire
     0    stevel 	 * gets deleted from ire_unlink. This case is where somebody
     0    stevel 	 * knows the ire e.g by doing a lookup, and wants to delete the
     0    stevel 	 * IRE. irb_refcnt would be 0 in this case if nobody is walking
     0    stevel 	 * the bucket.
     0    stevel 	 */
     0    stevel 	ptpn = ire->ire_ptpn;
     0    stevel 	ire1 = ire->ire_next;
     0    stevel 	if (ire1 != NULL)
     0    stevel 		ire1->ire_ptpn = ptpn;
     0    stevel 	ASSERT(ptpn != NULL);
     0    stevel 	*ptpn = ire1;
     0    stevel 	ire->ire_ptpn = NULL;
     0    stevel 	ire->ire_next = NULL;
     0    stevel 	if (ire->ire_ipversion == IPV6_VERSION) {
  3448  dh155122 		BUMP_IRE_STATS(ipst->ips_ire_stats_v6, ire_stats_deleted);
  3448  dh155122 	} else {
  3448  dh155122 		BUMP_IRE_STATS(ipst->ips_ire_stats_v4, ire_stats_deleted);
     0    stevel 	}
     0    stevel 	rw_exit(&irb->irb_lock);
     0    stevel 
 11042      Erik 	/* Cleanup dependents and related stuff */
     0    stevel 	if (ire->ire_ipversion == IPV6_VERSION) {
     0    stevel 		ire_delete_v6(ire);
     0    stevel 	} else {
     0    stevel 		ire_delete_v4(ire);
     0    stevel 	}
     0    stevel 	/*
     0    stevel 	 * We removed it from the list. Decrement the
     0    stevel 	 * reference count.
     0    stevel 	 */
 11042      Erik 	ire_refrele_notr(ire);
     0    stevel }
     0    stevel 
     0    stevel /*
     0    stevel  * Delete the specified IRE.
     0    stevel  * All calls should use ire_delete().
     0    stevel  * Sometimes called as writer though not required by this function.
     0    stevel  *
     0    stevel  * NOTE : This function is called only if the ire was added
     0    stevel  * in the list.
     0    stevel  */
     0    stevel static void
     0    stevel ire_delete_v4(ire_t *ire)
     0    stevel {
  3448  dh155122 	ip_stack_t	*ipst = ire->ire_ipst;
  3448  dh155122 
     0    stevel 	ASSERT(ire->ire_refcnt >= 1);
     0    stevel 	ASSERT(ire->ire_ipversion == IPV4_VERSION);
     0    stevel 
 11042      Erik 	ire_flush_cache_v4(ire, IRE_FLUSH_DELETE);
     0    stevel 	if (ire->ire_type == IRE_DEFAULT) {
     0    stevel 		/*
     0    stevel 		 * when a default gateway is going away
     0    stevel 		 * delete all the host redirects pointing at that
     0    stevel 		 * gateway.
     0    stevel 		 */
  3448  dh155122 		ire_delete_host_redirects(ire->ire_gateway_addr, ipst);
     0    stevel 	}
 11042      Erik 
 11042      Erik 	/*
 11042      Erik 	 * If we are deleting an IRE_INTERFACE then we make sure we also
 11042      Erik 	 * delete any IRE_IF_CLONE that has been created from it.
 11042      Erik 	 * Those are always in ire_dep_children.
 11042      Erik 	 */
 11042      Erik 	if ((ire->ire_type & IRE_INTERFACE) && ire->ire_dep_children != NULL)
 11042      Erik 		ire_dep_delete_if_clone(ire);
 11042      Erik 
 11042      Erik 	/* Remove from parent dependencies and child */
 11042      Erik 	rw_enter(&ipst->ips_ire_dep_lock, RW_WRITER);
 11042      Erik 	if (ire->ire_dep_parent != NULL)
 11042      Erik 		ire_dep_remove(ire);
 11042      Erik 
 11042      Erik 	while (ire->ire_dep_children != NULL)
 11042      Erik 		ire_dep_remove(ire->ire_dep_children);
 11042      Erik 	rw_exit(&ipst->ips_ire_dep_lock);
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * ire_refrele is the only caller of the function. It calls
     0    stevel  * to free the ire when the reference count goes to zero.
     0    stevel  */
     0    stevel void
     0    stevel ire_inactive(ire_t *ire)
     0    stevel {
 11042      Erik 	ill_t	*ill;
  2535  sangeeta 	irb_t 	*irb;
  3448  dh155122 	ip_stack_t	*ipst = ire->ire_ipst;
     0    stevel 
     0    stevel 	ASSERT(ire->ire_refcnt == 0);
     0    stevel 	ASSERT(ire->ire_ptpn == NULL);
     0    stevel 	ASSERT(ire->ire_next == NULL);
     0    stevel 
 11042      Erik 	/* Count how many condemned ires for kmem_cache callback */
 11042      Erik 	if (IRE_IS_CONDEMNED(ire))
 11042      Erik 		atomic_add_32(&ipst->ips_num_ire_condemned, -1);
 11042      Erik 
  2535  sangeeta 	if (ire->ire_gw_secattr != NULL) {
  2535  sangeeta 		ire_gw_secattr_free(ire->ire_gw_secattr);
  2535  sangeeta 		ire->ire_gw_secattr = NULL;
  2535  sangeeta 	}
  2535  sangeeta 
 11042      Erik 	/*
 11042      Erik 	 * ire_nce_cache is cleared in ire_delete, and we make sure we don't
 11042      Erik 	 * set it once the ire is marked condemned.
 11042      Erik 	 */
 11042      Erik 	ASSERT(ire->ire_nce_cache == NULL);
     0    stevel 
     0    stevel 	/*
 11042      Erik 	 * Since any parent would have a refhold on us they would already
 11042      Erik 	 * have been removed.
     0    stevel 	 */
 11042      Erik 	ASSERT(ire->ire_dep_parent == NULL);
 11042      Erik 	ASSERT(ire->ire_dep_sib_next == NULL);
 11042      Erik 	ASSERT(ire->ire_dep_sib_ptpn == NULL);
  4823       seb 
 11042      Erik 	/*
 11042      Erik 	 * Since any children would have a refhold on us they should have
 11042      Erik 	 * already been removed.
 11042      Erik 	 */
 11042      Erik 	ASSERT(ire->ire_dep_children == NULL);
 11042      Erik 
 11042      Erik 	/*
 11042      Erik 	 * ill_ire_ref is increased when the IRE is inserted in the
 11042      Erik 	 * bucket - not when the IRE is created.
 11042      Erik 	 */
 11042      Erik 	irb = ire->ire_bucket;
 11042      Erik 	ill = ire->ire_ill;
 11042      Erik 	if (irb != NULL && ill != NULL) {
     0    stevel 		mutex_enter(&ill->ill_lock);
 11042      Erik 		ASSERT(ill->ill_ire_cnt != 0);
 11042      Erik 		DTRACE_PROBE3(ill__decr__cnt, (ill_t *), ill,
  6255   sowmini 		    (char *), "ire", (void *), ire);
 11042      Erik 		ill->ill_ire_cnt--;
 11042      Erik 		if (ILL_DOWN_OK(ill)) {
     0    stevel 			/* Drops the ill lock */
     0    stevel 			ipif_ill_refrele_tail(ill);
     0    stevel 		} else {
     0    stevel 			mutex_exit(&ill->ill_lock);
     0    stevel 		}
     0    stevel 	}
 11042      Erik 	ire->ire_ill = NULL;
 11042      Erik 
     0    stevel 	/* This should be true for both V4 and V6 */
 11042      Erik 	if (irb != NULL && (irb->irb_marks & IRB_MARK_DYNAMIC)) {
  2535  sangeeta 		rw_enter(&irb->irb_lock, RW_WRITER);
  2535  sangeeta 		irb->irb_nire--;
  2535  sangeeta 		/*
  2535  sangeeta 		 * Instead of examining the conditions for freeing
  2535  sangeeta 		 * the radix node here, we do it by calling
 11042      Erik 		 * irb_refrele which is a single point in the code
  2535  sangeeta 		 * that embeds that logic. Bump up the refcnt to
 11042      Erik 		 * be able to call irb_refrele
  2535  sangeeta 		 */
 11042      Erik 		irb_refhold_locked(irb);
  2535  sangeeta 		rw_exit(&irb->irb_lock);
 11042      Erik 		irb_refrele(irb);
  2535  sangeeta 	}
     0    stevel 
  5023  carlsonj #ifdef DEBUG
  5023  carlsonj 	ire_trace_cleanup(ire);
     0    stevel #endif
     0    stevel 	mutex_destroy(&ire->ire_lock);
     0    stevel 	if (ire->ire_ipversion == IPV6_VERSION) {
  3448  dh155122 		BUMP_IRE_STATS(ipst->ips_ire_stats_v6, ire_stats_freed);
  3448  dh155122 	} else {
  3448  dh155122 		BUMP_IRE_STATS(ipst->ips_ire_stats_v4, ire_stats_freed);
     0    stevel 	}
  2535  sangeeta 	kmem_cache_free(ire_cache, ire);
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * ire_update_generation is the callback function provided by
 11042      Erik  * ire_get_bucket() to update the generation number of any
 11042      Erik  * matching shorter route when a new route is added.
 11042      Erik  *
 11042      Erik  * This fucntion always returns a failure return (B_FALSE)
 11042      Erik  * to force the caller (rn_matchaddr_args)
 11042      Erik  * to back-track up the tree looking for shorter matches.
     0    stevel  */
 11042      Erik /* ARGSUSED */
 11042      Erik static boolean_t
 11042      Erik ire_update_generation(struct radix_node *rn, void *arg)
     0    stevel {
 11042      Erik 	struct rt_entry *rt = (struct rt_entry *)rn;
     0    stevel 
 11042      Erik 	/* We need to handle all in the same bucket */
 11042      Erik 	irb_increment_generation(&rt->rt_irb);
 11042      Erik 	return (B_FALSE);
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * Take care of all the generation numbers in the bucket.
 11042      Erik  */
 11042      Erik void
 11042      Erik irb_increment_generation(irb_t *irb)
 11042      Erik {
 11042      Erik 	ire_t *ire;
 11042      Erik 
 11042      Erik 	if (irb == NULL || irb->irb_ire_cnt == 0)
 11042      Erik 		return;
 11042      Erik 
 11042      Erik 	irb_refhold(irb);
 11042      Erik 	for (ire = irb->irb_ire; ire != NULL; ire = ire->ire_next) {
 11042      Erik 		if (!IRE_IS_CONDEMNED(ire))
 11042      Erik 			ire_increment_generation(ire);	/* Ourselves */
 11042      Erik 		ire_dep_incr_generation(ire);	/* Dependants */
 11042      Erik 	}
 11042      Erik 	irb_refrele(irb);
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * When an IRE is added or deleted this routine is called to make sure
 11042      Erik  * any caching of IRE information is notified or updated.
     0    stevel  *
     0    stevel  * The flag argument indicates if the flush request is due to addition
 11042      Erik  * of new route (IRE_FLUSH_ADD), deletion of old route (IRE_FLUSH_DELETE),
 11042      Erik  * or a change to ire_gateway_addr (IRE_FLUSH_GWCHANGE).
     0    stevel  */
     0    stevel void
     0    stevel ire_flush_cache_v4(ire_t *ire, int flag)
     0    stevel {
 11042      Erik 	irb_t *irb = ire->ire_bucket;
 11042      Erik 	struct rt_entry *rt = IRB2RT(irb);
 11042      Erik 	ip_stack_t *ipst = ire->ire_ipst;
     0    stevel 
 11042      Erik 	/*
 11042      Erik 	 * IRE_IF_CLONE ire's don't provide any new information
 11042      Erik 	 * than the parent from which they are cloned, so don't
 11042      Erik 	 * perturb the generation numbers.
 11042      Erik 	 */
 11042      Erik 	if (ire->ire_type & IRE_IF_CLONE)
  4714   sowmini 		return;
     0    stevel 
     0    stevel 	/*
 11042      Erik 	 * Ensure that an ire_add during a lookup serializes the updates of the
 11042      Erik 	 * generation numbers under the radix head lock so that the lookup gets
 11042      Erik 	 * either the old ire and old generation number, or a new ire and new
 11042      Erik 	 * generation number.
     0    stevel 	 */
 11042      Erik 	RADIX_NODE_HEAD_WLOCK(ipst->ips_ip_ftable);
 11042      Erik 
 11042      Erik 	/*
 11042      Erik 	 * If a route was just added, we need to notify everybody that
 11042      Erik 	 * has cached an IRE_NOROUTE since there might now be a better
 11042      Erik 	 * route for them.
 11042      Erik 	 */
 11042      Erik 	if (flag == IRE_FLUSH_ADD) {
 11042      Erik 		ire_increment_generation(ipst->ips_ire_reject_v4);
 11042      Erik 		ire_increment_generation(ipst->ips_ire_blackhole_v4);
 11042      Erik 	}
 11042      Erik 
 11042      Erik 	/* Adding a default can't otherwise provide a better route */
 11042      Erik 	if (ire->ire_type == IRE_DEFAULT && flag == IRE_FLUSH_ADD) {
 11042      Erik 		RADIX_NODE_HEAD_UNLOCK(ipst->ips_ip_ftable);
     0    stevel 		return;
 11042      Erik 	}
 11042      Erik 
 11042      Erik 	switch (flag) {
 11042      Erik 	case IRE_FLUSH_DELETE:
 11042      Erik 	case IRE_FLUSH_GWCHANGE:
     0    stevel 		/*
 11042      Erik 		 * Update ire_generation for all ire_dep_children chains
 11042      Erik 		 * starting with this IRE
     0    stevel 		 */
 11042      Erik 		ire_dep_incr_generation(ire);
 11042      Erik 		break;
 11042      Erik 	case IRE_FLUSH_ADD:
     0    stevel 		/*
 11042      Erik 		 * Update the generation numbers of all shorter matching routes.
 11042      Erik 		 * ire_update_generation takes care of the dependants by
 11042      Erik 		 * using ire_dep_incr_generation.
     0    stevel 		 */
 11042      Erik 		(void) ipst->ips_ip_ftable->rnh_matchaddr_args(&rt->rt_dst,
 11042      Erik 		    ipst->ips_ip_ftable, ire_update_generation, NULL);
 11042      Erik 		break;
     0    stevel 	}
 11042      Erik 	RADIX_NODE_HEAD_UNLOCK(ipst->ips_ip_ftable);
     0    stevel }
     0    stevel 
     0    stevel /*
     0    stevel  * Matches the arguments passed with the values in the ire.
     0    stevel  *
 11042      Erik  * Note: for match types that match using "ill" passed in, ill
     0    stevel  * must be checked for non-NULL before calling this routine.
     0    stevel  */
  2535  sangeeta boolean_t
     0    stevel ire_match_args(ire_t *ire, ipaddr_t addr, ipaddr_t mask, ipaddr_t gateway,
 11042      Erik     int type, const ill_t *ill, zoneid_t zoneid,
 11042      Erik     const ts_label_t *tsl, int match_flags)
     0    stevel {
     0    stevel 	ill_t *ire_ill = NULL, *dst_ill;
 11042      Erik 	ip_stack_t *ipst = ire->ire_ipst;
     0    stevel 
     0    stevel 	ASSERT(ire->ire_ipversion == IPV4_VERSION);
     0    stevel 	ASSERT((ire->ire_addr & ~ire->ire_mask) == 0);
  8485     Peter 	ASSERT((!(match_flags & MATCH_IRE_ILL)) ||
 11042      Erik 	    (ill != NULL && !ill->ill_isv6));
     0    stevel 
     0    stevel 	/*
 11042      Erik 	 * If MATCH_IRE_TESTHIDDEN is set, then only return the IRE if it is
 11042      Erik 	 * in fact hidden, to ensure the caller gets the right one.
  8485     Peter 	 */
 11042      Erik 	if (ire->ire_testhidden) {
 11042      Erik 		if (!(match_flags & MATCH_IRE_TESTHIDDEN))
  8485     Peter 			return (B_FALSE);
  8485     Peter 	}
  1095  priyanka 
  1676       jpk 	if (zoneid != ALL_ZONES && zoneid != ire->ire_zoneid &&
  1676       jpk 	    ire->ire_zoneid != ALL_ZONES) {
     0    stevel 		/*
 11042      Erik 		 * If MATCH_IRE_ZONEONLY has been set and the supplied zoneid
 11042      Erik 		 * does not match that of ire_zoneid, a failure to
     0    stevel 		 * match is reported at this point. Otherwise, since some IREs
     0    stevel 		 * that are available in the global zone can be used in local
     0    stevel 		 * zones, additional checks need to be performed:
     0    stevel 		 *
 11042      Erik 		 * IRE_LOOPBACK
     0    stevel 		 *	entries should never be matched in this situation.
 11042      Erik 		 *	Each zone has its own IRE_LOOPBACK.
     0    stevel 		 *
 11042      Erik 		 * IRE_LOCAL
 11042      Erik 		 *	We allow them for any zoneid. ire_route_recursive
 11042      Erik 		 *	does additional checks when
 11042      Erik 		 *	ip_restrict_interzone_loopback is set.
     0    stevel 		 *
 11042      Erik 		 * If ill_usesrc_ifindex is set
 11042      Erik 		 *	Then we check if the zone has a valid source address
 11042      Erik 		 *	on the usesrc ill.
     0    stevel 		 *
 11042      Erik 		 * If ire_ill is set, then check that the zone has an ipif
 11042      Erik 		 *	on that ill.
 11042      Erik 		 *
 11042      Erik 		 * Outside of this function (in ire_round_robin) we check
 11042      Erik 		 * that any IRE_OFFLINK has a gateway that reachable from the
 11042      Erik 		 * zone when we have multiple choices (ECMP).
     0    stevel 		 */
     0    stevel 		if (match_flags & MATCH_IRE_ZONEONLY)
     0    stevel 			return (B_FALSE);
 11042      Erik 		if (ire->ire_type & IRE_LOOPBACK)
     0    stevel 			return (B_FALSE);
 11042      Erik 
 11042      Erik 		if (ire->ire_type & IRE_LOCAL)
 11042      Erik 			goto matchit;
 11042      Erik 
     0    stevel 		/*
 11042      Erik 		 * The normal case of IRE_ONLINK has a matching zoneid.
 11042      Erik 		 * Here we handle the case when shared-IP zones have been
 11042      Erik 		 * configured with IP addresses on vniN. In that case it
 11042      Erik 		 * is ok for traffic from a zone to use IRE_ONLINK routes
 11042      Erik 		 * if the ill has a usesrc pointing at vniN
     0    stevel 		 */
 11042      Erik 		dst_ill = ire->ire_ill;
 11042      Erik 		if (ire->ire_type & IRE_ONLINK) {
 11042      Erik 			uint_t	ifindex;
 11042      Erik 
 11042      Erik 			/*
 11042      Erik 			 * Note there is no IRE_INTERFACE on vniN thus
 11042      Erik 			 * can't do an IRE lookup for a matching route.
 11042      Erik 			 */
 11042      Erik 			ifindex = dst_ill->ill_usesrc_ifindex;
 11042      Erik 			if (ifindex == 0)
 11042      Erik 				return (B_FALSE);
 11042      Erik 
     0    stevel 			/*
     0    stevel 			 * If there is a usable source address in the
 11042      Erik 			 * zone, then it's ok to return this IRE_INTERFACE
     0    stevel 			 */
 11042      Erik 			if (!ipif_zone_avail(ifindex, dst_ill->ill_isv6,
 11042      Erik 			    zoneid, ipst)) {
 11042      Erik 				ip3dbg(("ire_match_args: no usrsrc for zone"
     0    stevel 				    " dst_ill %p\n", (void *)dst_ill));
     0    stevel 				return (B_FALSE);
     0    stevel 			}
     0    stevel 		}
 11042      Erik 		/*
 11042      Erik 		 * For exampe, with
 11042      Erik 		 * route add 11.0.0.0 gw1 -ifp bge0
 11042      Erik 		 * route add 11.0.0.0 gw2 -ifp bge1
 11042      Erik 		 * this code would differentiate based on
 11042      Erik 		 * where the sending zone has addresses.
 11042      Erik 		 * Only if the zone has an address on bge0 can it use the first
 11042      Erik 		 * route. It isn't clear if this behavior is documented
 11042      Erik 		 * anywhere.
 11042      Erik 		 */
 11042      Erik 		if (dst_ill != NULL && (ire->ire_type & IRE_OFFLINK)) {
     0    stevel 			ipif_t	*tipif;
     0    stevel 
 11042      Erik 			mutex_enter(&dst_ill->ill_lock);
 11042      Erik 			for (tipif = dst_ill->ill_ipif;
     0    stevel 			    tipif != NULL; tipif = tipif->ipif_next) {
 11042      Erik 				if (!IPIF_IS_CONDEMNED(tipif) &&
     0    stevel 				    (tipif->ipif_flags & IPIF_UP) &&
  1676       jpk 				    (tipif->ipif_zoneid == zoneid ||
  1676       jpk 				    tipif->ipif_zoneid == ALL_ZONES))
     0    stevel 					break;
     0    stevel 			}
 11042      Erik 			mutex_exit(&dst_ill->ill_lock);
     0    stevel 			if (tipif == NULL) {
     0    stevel 				return (B_FALSE);
     0    stevel 			}
     0    stevel 		}
     0    stevel 	}
     0    stevel 
 11042      Erik matchit:
  8485     Peter 	if (match_flags & MATCH_IRE_ILL) {
 11042      Erik 		ire_ill = ire->ire_ill;
 11042      Erik 
 11042      Erik 		/*
 11042      Erik 		 * If asked to match an ill, we *must* match
 11042      Erik 		 * on the ire_ill for ipmp test addresses, or
 11042      Erik 		 * any of the ill in the group for data addresses.
 11042      Erik 		 * If we don't, we may as well fail.
 11042      Erik 		 * However, we need an exception for IRE_LOCALs to ensure
 11042      Erik 		 * we loopback packets even sent to test addresses on different
 11042      Erik 		 * interfaces in the group.
 11042      Erik 		 */
 11042      Erik 		if ((match_flags & MATCH_IRE_TESTHIDDEN) &&
 11042      Erik 		    !(ire->ire_type & IRE_LOCAL)) {
 11042      Erik 			if (ire->ire_ill != ill)
 11042      Erik 				return (B_FALSE);
 11042      Erik 		} else  {
 11042      Erik 			match_flags &= ~MATCH_IRE_TESTHIDDEN;
 11042      Erik 			/*
 11042      Erik 			 * We know that ill is not NULL, but ire_ill could be
 11042      Erik 			 * NULL
 11042      Erik 			 */
 11042      Erik 			if (ire_ill == NULL || !IS_ON_SAME_LAN(ill, ire_ill))
 11042      Erik 				return (B_FALSE);
 11042      Erik 		}
     0    stevel 	}
     0    stevel 
     0    stevel 	if ((ire->ire_addr == (addr & mask)) &&
     0    stevel 	    ((!(match_flags & MATCH_IRE_GW)) ||
  4714   sowmini 	    (ire->ire_gateway_addr == gateway)) &&
 11042      Erik 	    ((!(match_flags & MATCH_IRE_TYPE)) || (ire->ire_type & type)) &&
 11042      Erik 	    ((!(match_flags & MATCH_IRE_TESTHIDDEN)) || ire->ire_testhidden) &&
 11042      Erik 	    ((!(match_flags & MATCH_IRE_MASK)) || (ire->ire_mask == mask)) &&
  1676       jpk 	    ((!(match_flags & MATCH_IRE_SECATTR)) ||
  4714   sowmini 	    (!is_system_labeled()) ||
  4714   sowmini 	    (tsol_ire_match_gwattr(ire, tsl) == 0))) {
     0    stevel 		/* We found the matched IRE */
     0    stevel 		return (B_TRUE);
     0    stevel 	}
     0    stevel 	return (B_FALSE);
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * Check if the IRE_LOCAL uses the same ill as another route would use.
 11042      Erik  * If there is no alternate route, or the alternate is a REJECT or BLACKHOLE,
 11042      Erik  * then we don't allow this IRE_LOCAL to be used.
 11042      Erik  * We always return an IRE; will be RTF_REJECT if no route available.
     0    stevel  */
     0    stevel ire_t *
 11042      Erik ire_alt_local(ire_t *ire, zoneid_t zoneid, const ts_label_t *tsl,
 11042      Erik     const ill_t *ill, uint_t *generationp)
     0    stevel {
 11042      Erik 	ip_stack_t	*ipst = ire->ire_ipst;
 11042      Erik 	ire_t		*alt_ire;
 11042      Erik 	uint_t		ire_type;
 11042      Erik 	uint_t		generation;
 11042      Erik 	uint_t		match_flags;
 11042      Erik 
 11042      Erik 	ASSERT(ire->ire_type & IRE_LOCAL);
 11042      Erik 	ASSERT(ire->ire_ill != NULL);
     0    stevel 
     0    stevel 	/*
 11042      Erik 	 * Need to match on everything but local.
 11042      Erik 	 * This might result in the creation of a IRE_IF_CLONE for the
 11042      Erik 	 * same address as the IRE_LOCAL when restrict_interzone_loopback is
 11042      Erik 	 * set. ire_add_*() ensures that the IRE_IF_CLONE are tail inserted
 11042      Erik 	 * to make sure the IRE_LOCAL is always found first.
     0    stevel 	 */
 11042      Erik 	ire_type = (IRE_ONLINK | IRE_OFFLINK) & ~(IRE_LOCAL|IRE_LOOPBACK);
 11042      Erik 	match_flags = MATCH_IRE_TYPE | MATCH_IRE_SECATTR;
 11042      Erik 	if (ill != NULL)
 11042      Erik 		match_flags |= MATCH_IRE_ILL;
     0    stevel 
 11042      Erik 	if (ire->ire_ipversion == IPV4_VERSION) {
 11042      Erik 		alt_ire = ire_route_recursive_v4(ire->ire_addr, ire_type,
 11042      Erik 		    ill, zoneid, tsl, match_flags, B_TRUE, 0, ipst, NULL, NULL,
 11042      Erik 		    &generation);
 11042      Erik 	} else {
 11042      Erik 		alt_ire = ire_route_recursive_v6(&ire->ire_addr_v6, ire_type,
 11042      Erik 		    ill, zoneid, tsl, match_flags, B_TRUE, 0, ipst, NULL, NULL,
 11042      Erik 		    &generation);
     0    stevel 	}
 11042      Erik 	ASSERT(alt_ire != NULL);
 11042      Erik 
 11042      Erik 	if (alt_ire->ire_ill == ire->ire_ill) {
 11042      Erik 		/* Going out the same ILL - ok to send to IRE_LOCAL */
 11042      Erik 		ire_refrele(alt_ire);
 11042      Erik 	} else {
 11042      Erik 		/* Different ill - ignore IRE_LOCAL */
 11042      Erik 		ire_refrele(ire);
 11042      Erik 		ire = alt_ire;
 11042      Erik 		if (generationp != NULL)
 11042      Erik 			*generationp = generation;
     0    stevel 	}
     0    stevel 	return (ire);
     0    stevel }
  1676       jpk 
 11042      Erik boolean_t
 11042      Erik ire_find_zoneid(struct radix_node *rn, void *arg)
  1676       jpk {
 11042      Erik 	struct rt_entry *rt = (struct rt_entry *)rn;
  1676       jpk 	irb_t *irb;
  1676       jpk 	ire_t *ire;
 11042      Erik 	ire_ftable_args_t *margs = arg;
  1676       jpk 
 11042      Erik 	ASSERT(rt != NULL);
 11042      Erik 
 11042      Erik 	irb = &rt->rt_irb;
 11042      Erik 
 11042      Erik 	if (irb->irb_ire_cnt == 0)
 11042      Erik 		return (B_FALSE);
 11042      Erik 
 11042      Erik 	rw_enter(&irb->irb_lock, RW_READER);
  1676       jpk 	for (ire = irb->irb_ire; ire != NULL; ire = ire->ire_next) {
 11042      Erik 		if (IRE_IS_CONDEMNED(ire))
  1676       jpk 			continue;
  1676       jpk 
 11131      Erik 		if (!(ire->ire_type & IRE_INTERFACE))
 11131      Erik 			continue;
 11131      Erik 
 11042      Erik 		if (ire->ire_zoneid != ALL_ZONES &&
 11042      Erik 		    ire->ire_zoneid != margs->ift_zoneid)
 11042      Erik 			continue;
 11042      Erik 
 11042      Erik 		if (margs->ift_ill != NULL && margs->ift_ill != ire->ire_ill)
 11042      Erik 			continue;
 11042      Erik 
 11042      Erik 		if (is_system_labeled() &&
 11042      Erik 		    tsol_ire_match_gwattr(ire, margs->ift_tsl) != 0)
 11042      Erik 			continue;
 11042      Erik 
 11042      Erik 		rw_exit(&irb->irb_lock);
 11042      Erik 		return (B_TRUE);
 11042      Erik 	}
 11042      Erik 	rw_exit(&irb->irb_lock);
 11042      Erik 	return (B_FALSE);
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Check if the zoneid (not ALL_ZONES) has an IRE_INTERFACE for the specified
 11042      Erik  * gateway address. If ill is non-NULL we also match on it.
 11042      Erik  * The caller must hold a read lock on RADIX_NODE_HEAD if lock_held is set.
 11042      Erik  */
 11042      Erik boolean_t
 11042      Erik ire_gateway_ok_zone_v4(ipaddr_t gateway, zoneid_t zoneid, ill_t *ill,
 11042      Erik     const ts_label_t *tsl, ip_stack_t *ipst, boolean_t lock_held)
 11042      Erik {
 11042      Erik 	struct rt_sockaddr rdst;
 11042      Erik 	struct rt_entry *rt;
 11042      Erik 	ire_ftable_args_t margs;
 11042      Erik 
 11042      Erik 	ASSERT(ill == NULL || !ill->ill_isv6);
 11042      Erik 	if (lock_held)
 11042      Erik 		ASSERT(RW_READ_HELD(&ipst->ips_ip_ftable->rnh_lock));
 11042      Erik 	else
 11042      Erik 		RADIX_NODE_HEAD_RLOCK(ipst->ips_ip_ftable);
 11042      Erik 
 11131      Erik 	bzero(&rdst, sizeof (rdst));
 11042      Erik 	rdst.rt_sin_len = sizeof (rdst);
 11042      Erik 	rdst.rt_sin_family = AF_INET;
 11042      Erik 	rdst.rt_sin_addr.s_addr = gateway;
 11042      Erik 
 11042      Erik 	/*
 11042      Erik 	 * We only use margs for ill, zoneid, and tsl matching in
 11042      Erik 	 * ire_find_zoneid
 11042      Erik 	 */
 11131      Erik 	bzero(&margs, sizeof (margs));
 11042      Erik 	margs.ift_ill = ill;
 11042      Erik 	margs.ift_zoneid = zoneid;
 11042      Erik 	margs.ift_tsl = tsl;
 11042      Erik 	rt = (struct rt_entry *)ipst->ips_ip_ftable->rnh_matchaddr_args(&rdst,
 11042      Erik 	    ipst->ips_ip_ftable, ire_find_zoneid, (void *)&margs);
 11042      Erik 
 11042      Erik 	if (!lock_held)
 11042      Erik 		RADIX_NODE_HEAD_UNLOCK(ipst->ips_ip_ftable);
 11042      Erik 
 11042      Erik 	return (rt != NULL);
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * ire_walk routine to delete a fraction of redirect IREs and IRE_CLONE_IF IREs.
 11042      Erik  * The fraction argument tells us what fraction of the IREs to delete.
 11042      Erik  * Common for IPv4 and IPv6.
 11042      Erik  * Used when memory backpressure.
 11042      Erik  */
 11042      Erik static void
 11042      Erik ire_delete_reclaim(ire_t *ire, char *arg)
 11042      Erik {
 11042      Erik 	ip_stack_t	*ipst = ire->ire_ipst;
 11042      Erik 	uint_t		fraction = *(uint_t *)arg;
 11042      Erik 	uint_t		rand;
 11042      Erik 
 11042      Erik 	if ((ire->ire_flags & RTF_DYNAMIC) ||
 11042      Erik 	    (ire->ire_type & IRE_IF_CLONE)) {
 11042      Erik 
 11042      Erik 		/* Pick a random number */
 11066    rafael 		rand = (uint_t)ddi_get_lbolt() +
 11042      Erik 		    IRE_ADDR_HASH_V6(ire->ire_addr_v6, 256);
 11042      Erik 
 11042      Erik 		/* Use truncation */
 11042      Erik 		if ((rand/fraction)*fraction == rand) {
 11042      Erik 			IP_STAT(ipst, ip_ire_reclaim_deleted);
  1676       jpk 			ire_delete(ire);
  1676       jpk 		}
  1676       jpk 	}
  1676       jpk 
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * kmem_cache callback to free up memory.
 11042      Erik  *
 11042      Erik  * Free a fraction (ips_ip_ire_reclaim_fraction) of things IP added dynamically
 11042      Erik  * (RTF_DYNAMIC and IRE_IF_CLONE).
     0    stevel  */
 11042      Erik static void
 11042      Erik ip_ire_reclaim_stack(ip_stack_t *ipst)
     0    stevel {
 11042      Erik 	uint_t	fraction = ipst->ips_ip_ire_reclaim_fraction;
  7880  Jonathan 
 11042      Erik 	IP_STAT(ipst, ip_ire_reclaim_calls);
  7880  Jonathan 
 11042      Erik 	ire_walk(ire_delete_reclaim, &fraction, ipst);
 11042      Erik 
 11042      Erik 	/*
 11042      Erik 	 * Walk all CONNs that can have a reference on an ire, nce or dce.
 11042      Erik 	 * Get them to update any stale references to drop any refholds they
 11042      Erik 	 * have.
 11042      Erik 	 */
 11042      Erik 	ipcl_walk(conn_ixa_cleanup, (void *)B_FALSE, ipst);
     0    stevel }
     0    stevel 
     0    stevel /*
 11042      Erik  * Called by the memory allocator subsystem directly, when the system
 11042      Erik  * is running low on memory.
  8485     Peter  */
 11042      Erik /* ARGSUSED */
 11042      Erik void
 11042      Erik ip_ire_reclaim(void *args)
  8485     Peter {
 11042      Erik 	netstack_handle_t nh;
 11042      Erik 	netstack_t *ns;
  2733  nordmark 
 11042      Erik 	netstack_next_init(&nh);
 11042      Erik 	while ((ns = netstack_next(&nh)) != NULL) {
 11042      Erik 		ip_ire_reclaim_stack(ns->netstack_ip);
 11042      Erik 		netstack_rele(ns);
  2733  nordmark 	}
 11042      Erik 	netstack_next_fini(&nh);
     0    stevel }
     0    stevel 
     0    stevel static void
     0    stevel power2_roundup(uint32_t *value)
     0    stevel {
     0    stevel 	int i;
     0    stevel 
     0    stevel 	for (i = 1; i < 31; i++) {
     0    stevel 		if (*value <= (1 << i))
     0    stevel 			break;
     0    stevel 	}
     0    stevel 	*value = (1 << i);
     0    stevel }
     0    stevel 
  3448  dh155122 /* Global init for all zones */
  3448  dh155122 void
  3448  dh155122 ip_ire_g_init()
  3448  dh155122 {
     0    stevel 	/*
 11042      Erik 	 * Create kmem_caches.  ip_ire_reclaim() and ip_nce_reclaim()
 11042      Erik 	 * will give disposable IREs back to system when needed.
     0    stevel 	 * This needs to be done here before anything else, since
     0    stevel 	 * ire_add() expects the cache to be created.
     0    stevel 	 */
     0    stevel 	ire_cache = kmem_cache_create("ire_cache",
 11042      Erik 	    sizeof (ire_t), 0, NULL, NULL,
 11042      Erik 	    ip_ire_reclaim, NULL, NULL, 0);
 11042      Erik 
 11042      Erik 	ncec_cache = kmem_cache_create("ncec_cache",
 11042      Erik 	    sizeof (ncec_t), 0, NULL, NULL,
 11042      Erik 	    ip_nce_reclaim, NULL, NULL, 0);
 11042      Erik 	nce_cache = kmem_cache_create("nce_cache",
 11042      Erik 	    sizeof (nce_t), 0, NULL, NULL,
 11042      Erik 	    NULL, NULL, NULL, 0);
     0    stevel 
  3448  dh155122 	rt_entry_cache = kmem_cache_create("rt_entry",
  3448  dh155122 	    sizeof (struct rt_entry), 0, NULL, NULL, NULL, NULL, NULL, 0);
  3448  dh155122 
  3448  dh155122 	/*
  3448  dh155122 	 * Have radix code setup kmem caches etc.
  3448  dh155122 	 */
  3448  dh155122 	rn_init();
  3448  dh155122 }
  3448  dh155122 
  3448  dh155122 void
  3448  dh155122 ip_ire_init(ip_stack_t *ipst)
  3448  dh155122 {
 11042      Erik 	ire_t	*ire;
 11042      Erik 	int	error;
  3448  dh155122 
  3448  dh155122 	mutex_init(&ipst->ips_ire_ft_init_lock, NULL, MUTEX_DEFAULT, 0);
  3448  dh155122 
  3448  dh155122 	(void) rn_inithead((void **)&ipst->ips_ip_ftable, 32);
  3448  dh155122 
     0    stevel 	/*
     0    stevel 	 * Make sure that the forwarding table size is a power of 2.
     0    stevel 	 * The IRE*_ADDR_HASH() macroes depend on that.
     0    stevel 	 */
  3448  dh155122 	ipst->ips_ip6_ftable_hash_size = ip6_ftable_hash_size;
  3448  dh155122 	power2_roundup(&ipst->ips_ip6_ftable_hash_size);
  3448  dh155122 
 11042      Erik 	/*
 11042      Erik 	 * Allocate/initialize a pair of IRE_NOROUTEs for each of IPv4 and IPv6.
 11042      Erik 	 * The ire_reject_v* has RTF_REJECT set, and the ire_blackhole_v* has
 11042      Erik 	 * RTF_BLACKHOLE set. We use the latter for transient errors such
 11042      Erik 	 * as memory allocation failures and tripping on IRE_IS_CONDEMNED
 11042      Erik 	 * entries.
 11042      Erik 	 */
 11042      Erik 	ire = kmem_cache_alloc(ire_cache, KM_SLEEP);
 11042      Erik 	*ire = ire_null;
 11042      Erik 	error = ire_init_v4(ire, 0, 0, 0, IRE_NOROUTE, NULL, ALL_ZONES,
 11042      Erik 	    RTF_REJECT|RTF_UP, NULL, ipst);
 11042      Erik 	ASSERT(error == 0);
 11042      Erik 	ipst->ips_ire_reject_v4 = ire;
 11042      Erik 
 11042      Erik 	ire = kmem_cache_alloc(ire_cache, KM_SLEEP);
 11042      Erik 	*ire = ire_null;
 11042      Erik 	error = ire_init_v6(ire, 0, 0, 0, IRE_NOROUTE, NULL, ALL_ZONES,
 11042      Erik 	    RTF_REJECT|RTF_UP, NULL, ipst);
 11042      Erik 	ASSERT(error == 0);
 11042      Erik 	ipst->ips_ire_reject_v6 = ire;
 11042      Erik 
 11042      Erik 	ire = kmem_cache_alloc(ire_cache, KM_SLEEP);
 11042      Erik 	*ire = ire_null;
 11042      Erik 	error = ire_init_v4(ire, 0, 0, 0, IRE_NOROUTE, NULL, ALL_ZONES,
 11042      Erik 	    RTF_BLACKHOLE|RTF_UP, NULL, ipst);
 11042      Erik 	ASSERT(error == 0);
 11042      Erik 	ipst->ips_ire_blackhole_v4 = ire;
 11042      Erik 
 11042      Erik 	ire = kmem_cache_alloc(ire_cache, KM_SLEEP);
 11042      Erik 	*ire = ire_null;
 11042      Erik 	error = ire_init_v6(ire, 0, 0, 0, IRE_NOROUTE, NULL, ALL_ZONES,
 11042      Erik 	    RTF_BLACKHOLE|RTF_UP, NULL, ipst);
 11042      Erik 	ASSERT(error == 0);
 11042      Erik 	ipst->ips_ire_blackhole_v6 = ire;
 11042      Erik 
 11042      Erik 	rw_init(&ipst->ips_ip6_ire_head_lock, NULL, RW_DEFAULT, NULL);
 11042      Erik 	rw_init(&ipst->ips_ire_dep_lock, NULL, RW_DEFAULT, NULL);
  3448  dh155122 }
  3448  dh155122 
  3448  dh155122 void
  3448  dh155122 ip_ire_g_fini(void)
  3448  dh155122 {
  3448  dh155122 	kmem_cache_destroy(ire_cache);
 11042      Erik 	kmem_cache_destroy(ncec_cache);
 11042      Erik 	kmem_cache_destroy(nce_cache);
  3448  dh155122 	kmem_cache_destroy(rt_entry_cache);
  3448  dh155122 
  3448  dh155122 	rn_fini();
  3448  dh155122 }
  3448  dh155122 
  3448  dh155122 void
  3448  dh155122 ip_ire_fini(ip_stack_t *ipst)
     0    stevel {
     0    stevel 	int i;
     0    stevel 
 11042      Erik 	rw_destroy(&ipst->ips_ire_dep_lock);
 11042      Erik 	rw_destroy(&ipst->ips_ip6_ire_head_lock);
 11042      Erik 
 11042      Erik 	ire_refrele_notr(ipst->ips_ire_reject_v6);
 11042      Erik 	ipst->ips_ire_reject_v6 = NULL;
 11042      Erik 	ire_refrele_notr(ipst->ips_ire_reject_v4);
 11042      Erik 	ipst->ips_ire_reject_v4 = NULL;
 11042      Erik 	ire_refrele_notr(ipst->ips_ire_blackhole_v6);
 11042      Erik 	ipst->ips_ire_blackhole_v6 = NULL;
 11042      Erik 	ire_refrele_notr(ipst->ips_ire_blackhole_v4);
 11042      Erik 	ipst->ips_ire_blackhole_v4 = NULL;
 11042      Erik 
  3448  dh155122 	/*
  3448  dh155122 	 * Delete all IREs - assumes that the ill/ipifs have
 11042      Erik 	 * been removed so what remains are just the ftable to handle.
  3448  dh155122 	 */
  3448  dh155122 	ire_walk(ire_delete, NULL, ipst);
  3448  dh155122 
  3448  dh155122 	rn_freehead(ipst->ips_ip_ftable);
  3448  dh155122 	ipst->ips_ip_ftable = NULL;
  3448  dh155122 
  3448  dh155122 	mutex_destroy(&ipst->ips_ire_ft_init_lock);
  3448  dh155122 
  3448  dh155122 	for (i = 0; i < IP6_MASK_TABLE_SIZE; i++) {
  3448  dh155122 		irb_t *ptr;
  3448  dh155122 		int j;
  3448  dh155122 
  3448  dh155122 		if ((ptr = ipst->ips_ip_forwarding_table_v6[i]) == NULL)
  3448  dh155122 			continue;
  3448  dh155122 
  3448  dh155122 		for (j = 0; j < ipst->ips_ip6_ftable_hash_size; j++) {
  3448  dh155122 			ASSERT(ptr[j].irb_ire == NULL);
  3448  dh155122 			rw_destroy(&ptr[j].irb_lock);
  3448  dh155122 		}
  3448  dh155122 		mi_free(ptr);
  3448  dh155122 		ipst->ips_ip_forwarding_table_v6[i] = NULL;
  3448  dh155122 	}
     0    stevel }
     0    stevel 
  5023  carlsonj #ifdef DEBUG
     0    stevel void
     0    stevel ire_trace_ref(ire_t *ire)
     0    stevel {
     0    stevel 	mutex_enter(&ire->ire_lock);
  5023  carlsonj 	if (ire->ire_trace_disable) {
  5023  carlsonj 		mutex_exit(&ire->ire_lock);
  5023  carlsonj 		return;
  5023  carlsonj 	}
  5023  carlsonj 
  5023  carlsonj 	if (th_trace_ref(ire, ire->ire_ipst)) {
  5023  carlsonj 		mutex_exit(&ire->ire_lock);
  5023  carlsonj 	} else {
  5023  carlsonj 		ire->ire_trace_disable = B_TRUE;
  5023  carlsonj 		mutex_exit(&ire->ire_lock);
  5023  carlsonj 		ire_trace_cleanup(ire);
  5023  carlsonj 	}
  5023  carlsonj }
  5023  carlsonj 
  5023  carlsonj void
  5023  carlsonj ire_untrace_ref(ire_t *ire)
  5023  carlsonj {
  5023  carlsonj 	mutex_enter(&ire->ire_lock);
  5023  carlsonj 	if (!ire->ire_trace_disable)
  5023  carlsonj 		th_trace_unref(ire);
     0    stevel 	mutex_exit(&ire->ire_lock);
     0    stevel }
     0    stevel 
  5023  carlsonj static void
  5023  carlsonj ire_trace_cleanup(const ire_t *ire)
  5023  carlsonj {
  5023  carlsonj 	th_trace_cleanup(ire, ire->ire_trace_disable);
  5023  carlsonj }
  5023  carlsonj #endif /* DEBUG */
  2535  sangeeta 
  2535  sangeeta /*
 11042      Erik  * Find, or create if needed, the nce_t pointer to the neighbor cache
 11042      Erik  * entry ncec_t for an IPv4 address. The nce_t will be created on the ill_t
 11042      Erik  * in the non-IPMP case, or on the cast-ill in the IPMP bcast/mcast case, or
 11042      Erik  * on the next available under-ill (selected by the IPMP rotor) in the
 11042      Erik  * unicast IPMP case.
 11042      Erik  *
 11042      Erik  * If a neighbor-cache entry has to be created (i.e., one does not already
 11042      Erik  * exist in the nce list) the ncec_lladdr and ncec_state of the neighbor cache
 11042      Erik  * entry are initialized in nce_add_v4(). The broadcast, multicast, and
 11042      Erik  * link-layer type determine the contents of {ncec_state, ncec_lladdr} of
 11042      Erik  * the ncec_t created. The ncec_lladdr is non-null for all link types with
 11042      Erik  * non-zero ill_phys_addr_length, though the contents may be zero in cases
 11042      Erik  * where the link-layer type is not known at the time of creation
 11042      Erik  * (e.g., IRE_IFRESOLVER links)
 11042      Erik  *
 11042      Erik  * All IRE_BROADCAST entries have ncec_state = ND_REACHABLE, and the nce_lladr
 11042      Erik  * has the physical broadcast address of the outgoing interface.
 11042      Erik  * For unicast ire entries,
 11042      Erik  *   - if the outgoing interface is of type IRE_IF_RESOLVER, a newly created
 11042      Erik  *     ncec_t with 0 nce_lladr contents, and will be in the ND_INITIAL state.
 11042      Erik  *   - if the outgoing interface is a IRE_IF_NORESOLVER interface, no link
 11042      Erik  *     layer resolution is necessary, so that the ncec_t will be in the
 11042      Erik  *     ND_REACHABLE state
 11042      Erik  *
 11042      Erik  * The link layer information needed for broadcast addresses, and for
 11042      Erik  * packets sent on IRE_IF_NORESOLVER interfaces is a constant mapping that
 11042      Erik  * never needs re-verification for the lifetime of the ncec_t. These are
 11042      Erik  * therefore marked NCE_F_NONUD.
 11042      Erik  *
 11042      Erik  * The nce returned will be created such that the nce_ill == ill that
 11042      Erik  * is passed in. Note that the nce itself may not have ncec_ill == ill
 11042      Erik  * where IPMP links are involved.
 11042      Erik  */
 11042      Erik static nce_t *
 11042      Erik ire_nce_init(ill_t *ill, const void *addr, int ire_type)
 11042      Erik {
 11042      Erik 	int		err;
 11042      Erik 	nce_t		*nce = NULL;
 11042      Erik 	uint16_t	ncec_flags;
 11042      Erik 	uchar_t		*hwaddr;
 11042      Erik 	boolean_t	need_refrele = B_FALSE;
 11042      Erik 	ill_t		*in_ill = ill;
 11042      Erik 	boolean_t	is_unicast;
 11042      Erik 	uint_t		hwaddr_len;
 11042      Erik 
 11042      Erik 	is_unicast = ((ire_type & (IRE_MULTICAST|IRE_BROADCAST)) == 0);
 11042      Erik 	if (IS_IPMP(ill) ||
 11042      Erik 	    ((ire_type & IRE_BROADCAST) && IS_UNDER_IPMP(ill))) {
 11042      Erik 		if ((ill = ipmp_ill_get_xmit_ill(ill, is_unicast)) == NULL)
 11042      Erik 			return (NULL);
 11042      Erik 		need_refrele = B_TRUE;
 11042      Erik 	}
 11042      Erik 	ncec_flags = (ill->ill_flags & ILLF_NONUD) ? NCE_F_NONUD : 0;
 11042      Erik 
 11042      Erik 	switch (ire_type) {
 11042      Erik 	case IRE_BROADCAST:
 11042      Erik 		ASSERT(!ill->ill_isv6);
 11042      Erik 		ncec_flags |= (NCE_F_BCAST|NCE_F_NONUD);
 11042      Erik 		break;
 11042      Erik 	case IRE_MULTICAST:
 11042      Erik 		ncec_flags |= (NCE_F_MCAST|NCE_F_NONUD);
 11042      Erik 		break;
 11042      Erik 	}
 11042      Erik 
 11042      Erik 	if (ill->ill_net_type == IRE_IF_NORESOLVER && is_unicast) {
 11042      Erik 		hwaddr = ill->ill_dest_addr;
 11042      Erik 	} else {
 11042      Erik 		hwaddr = NULL;
 11042      Erik 	}
 11042      Erik 	hwaddr_len = ill->ill_phys_addr_length;
 11042      Erik 
 11042      Erik retry:
 11042      Erik 	/* nce_state will be computed by nce_add_common() */
 11042      Erik 	if (!ill->ill_isv6) {
 11042      Erik 		err = nce_lookup_then_add_v4(ill, hwaddr, hwaddr_len, addr,
 11042      Erik 		    ncec_flags, ND_UNCHANGED, &nce);
 11042      Erik 	} else {
 11042      Erik 		err = nce_lookup_then_add_v6(ill, hwaddr, hwaddr_len, addr,
 11042      Erik 		    ncec_flags, ND_UNCHANGED, &nce);
 11042      Erik 	}
 11042      Erik 
 11042      Erik 	switch (err) {
 11042      Erik 	case 0:
 11042      Erik 		break;
 11042      Erik 	case EEXIST:
 11042      Erik 		/*
 11042      Erik 		 * When subnets change or partially overlap what was once
 11042      Erik 		 * a broadcast address could now be a unicast, or vice versa.
 11042      Erik 		 */
 11042      Erik 		if (((ncec_flags ^ nce->nce_common->ncec_flags) &
 11042      Erik 		    NCE_F_BCAST) != 0) {
 11042      Erik 			ASSERT(!ill->ill_isv6);
 11042      Erik 			ncec_delete(nce->nce_common);
 11042      Erik 			nce_refrele(nce);
 11042      Erik 			goto retry;
 11042      Erik 		}
 11042      Erik 		break;
 11042      Erik 	default:
 11042      Erik 		DTRACE_PROBE2(nce__init__fail, ill_t *, ill, int, err);
 11042      Erik 		if (need_refrele)
 11042      Erik 			ill_refrele(ill);
 11042      Erik 		return (NULL);
 11042      Erik 	}
 11042      Erik 	/*
 11042      Erik 	 * If the ill was an under-ill of an IPMP group, we need to verify
 11042      Erik 	 * that it is still active so that we select an active interface in
 11042      Erik 	 * the group. However, since ipmp_ill_is_active ASSERTs for
 11042      Erik 	 * IS_UNDER_IPMP(), we first need to verify that the ill is an
 11042      Erik 	 * under-ill, and since this is being done in the data path, the
 11042      Erik 	 * only way to ascertain this is by holding the ill_g_lock.
 11042      Erik 	 */
 11042      Erik 	rw_enter(&ill->ill_ipst->ips_ill_g_lock, RW_READER);
 11042      Erik 	mutex_enter(&ill->ill_lock);
 11042      Erik 	mutex_enter(&ill->ill_phyint->phyint_lock);
 11042      Erik 	if (need_refrele && IS_UNDER_IPMP(ill) && !ipmp_ill_is_active(ill)) {
 11042      Erik 		/*
 11042      Erik 		 * need_refrele implies that the under ill was selected by
 11042      Erik 		 * ipmp_ill_get_xmit_ill() because either the in_ill was an
 11042      Erik 		 * ipmp_ill, or we are sending a non-unicast packet on
 11042      Erik 		 * an under_ill. However, when we get here, the ill selected by
 11042      Erik 		 * ipmp_ill_get_xmit_ill  was pulled out of the active set
 11042      Erik 		 * (for unicast)  or cast_ill nomination (for
 11042      Erik 		 * !unicast) after it was  picked as the outgoing ill.
 11042      Erik 		 * We have to pick an active interface and/or cast_ill in the
 11042      Erik 		 * group.
 11042      Erik 		 */
 11042      Erik 		mutex_exit(&ill->ill_phyint->phyint_lock);
 11042      Erik 		nce_delete(nce);
 11042      Erik 		mutex_exit(&ill->ill_lock);
 11042      Erik 		rw_exit(&ill->ill_ipst->ips_ill_g_lock);
 11042      Erik 		nce_refrele(nce);
 11042      Erik 		ill_refrele(ill);
 11042      Erik 		if ((ill = ipmp_ill_get_xmit_ill(in_ill, is_unicast)) == NULL)
 11042      Erik 			return (NULL);
 11042      Erik 		goto retry;
 11042      Erik 	} else {
 11042      Erik 		mutex_exit(&ill->ill_phyint->phyint_lock);
 11042      Erik 		mutex_exit(&ill->ill_lock);
 11042      Erik 		rw_exit(&ill->ill_ipst->ips_ill_g_lock);
 11042      Erik 	}
 11042      Erik done:
 11042      Erik 	ASSERT(nce->nce_ill == ill);
 11042      Erik 	if (need_refrele)
 11042      Erik 		ill_refrele(ill);
 11042      Erik 	return (nce);
 11042      Erik }
 11042      Erik 
 11042      Erik nce_t *
 11042      Erik arp_nce_init(ill_t *ill, in_addr_t addr4, int ire_type)
 11042      Erik {
 11042      Erik 	return (ire_nce_init(ill, &addr4, ire_type));
 11042      Erik }
 11042      Erik 
 11042      Erik nce_t *
 11042      Erik ndp_nce_init(ill_t *ill, const in6_addr_t *addr6, int ire_type)
 11042      Erik {
 11042      Erik 	ASSERT((ire_type & IRE_BROADCAST) == 0);
 11042      Erik 	return (ire_nce_init(ill, addr6, ire_type));
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * The caller should hold irb_lock as a writer if the ire is in a bucket.
  2535  sangeeta  */
  2535  sangeeta void
 11042      Erik ire_make_condemned(ire_t *ire)
  2535  sangeeta {
 11042      Erik 	ip_stack_t	*ipst = ire->ire_ipst;
  8485     Peter 
 11042      Erik 	mutex_enter(&ire->ire_lock);
 11042      Erik 	ASSERT(ire->ire_bucket == NULL ||
 11042      Erik 	    RW_WRITE_HELD(&ire->ire_bucket->irb_lock));
 11042      Erik 	ASSERT(!IRE_IS_CONDEMNED(ire));
 11042      Erik 	ire->ire_generation = IRE_GENERATION_CONDEMNED;
 11042      Erik 	/* Count how many condemned ires for kmem_cache callback */
 11042      Erik 	atomic_add_32(&ipst->ips_num_ire_condemned, 1);
 11042      Erik 	mutex_exit(&ire->ire_lock);
 11042      Erik }
  8485     Peter 
 11042      Erik /*
 11042      Erik  * Increment the generation avoiding the special condemned value
 11042      Erik  */
 11042      Erik void
 11042      Erik ire_increment_generation(ire_t *ire)
 11042      Erik {
 11042      Erik 	uint_t generation;
 11042      Erik 
 11042      Erik 	mutex_enter(&ire->ire_lock);
 11042      Erik 	/*
 11042      Erik 	 * Even though the caller has a hold it can't prevent a concurrent
 11042      Erik 	 * ire_delete marking the IRE condemned
 11042      Erik 	 */
 11042      Erik 	if (!IRE_IS_CONDEMNED(ire)) {
 11042      Erik 		generation = ire->ire_generation + 1;
 11042      Erik 		if (generation == IRE_GENERATION_CONDEMNED)
 11042      Erik 			generation = IRE_GENERATION_INITIAL;
 11042      Erik 		ASSERT(generation != IRE_GENERATION_VERIFY);
 11042      Erik 		ire->ire_generation = generation;
 11042      Erik 	}
 11042      Erik 	mutex_exit(&ire->ire_lock);
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Increment ire_generation on all the IRE_MULTICASTs
 11042      Erik  * Used when the default multicast interface (as determined by
 11042      Erik  * ill_lookup_multicast) might have changed.
 11042      Erik  *
 11042      Erik  * That includes the zoneid, IFF_ flags, the IPv6 scope of the address, and
 11042      Erik  * ill unplumb.
 11042      Erik  */
 11042      Erik void
 11042      Erik ire_increment_multicast_generation(ip_stack_t *ipst, boolean_t isv6)
 11042      Erik {
 11042      Erik 	ill_t	*ill;
 11042      Erik 	ill_walk_context_t ctx;
 11042      Erik 
 11042      Erik 	rw_enter(&ipst->ips_ill_g_lock, RW_READER);
 11042      Erik 	if (isv6)
 11042      Erik 		ill = ILL_START_WALK_V6(&ctx, ipst);
 11042      Erik 	else
 11042      Erik 		ill = ILL_START_WALK_V4(&ctx, ipst);
 11042      Erik 	for (; ill != NULL; ill = ill_next(&ctx, ill)) {
 11042      Erik 		if (ILL_IS_CONDEMNED(ill))
 11042      Erik 			continue;
 11042      Erik 		if (ill->ill_ire_multicast != NULL)
 11042      Erik 			ire_increment_generation(ill->ill_ire_multicast);
 11042      Erik 	}
 11042      Erik 	rw_exit(&ipst->ips_ill_g_lock);
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Return a held IRE_NOROUTE with RTF_REJECT set
 11042      Erik  */
 11042      Erik ire_t *
 11042      Erik ire_reject(ip_stack_t *ipst, boolean_t isv6)
 11042      Erik {
 11042      Erik 	ire_t *ire;
 11042      Erik 
 11042      Erik 	if (isv6)
 11042      Erik 		ire = ipst->ips_ire_reject_v6;
 11042      Erik 	else
 11042      Erik 		ire = ipst->ips_ire_reject_v4;
 11042      Erik 
 11042      Erik 	ASSERT(ire->ire_generation != IRE_GENERATION_CONDEMNED);
 11042      Erik 	ire_refhold(ire);
 11042      Erik 	return (ire);
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Return a held IRE_NOROUTE with RTF_BLACKHOLE set
 11042      Erik  */
 11042      Erik ire_t *
 11042      Erik ire_blackhole(ip_stack_t *ipst, boolean_t isv6)
 11042      Erik {
 11042      Erik 	ire_t *ire;
 11042      Erik 
 11042      Erik 	if (isv6)
 11042      Erik 		ire = ipst->ips_ire_blackhole_v6;
 11042      Erik 	else
 11042      Erik 		ire = ipst->ips_ire_blackhole_v4;
 11042      Erik 
 11042      Erik 	ASSERT(ire->ire_generation != IRE_GENERATION_CONDEMNED);
 11042      Erik 	ire_refhold(ire);
 11042      Erik 	return (ire);
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Return a held IRE_MULTICAST.
 11042      Erik  */
 11042      Erik ire_t *
 11042      Erik ire_multicast(ill_t *ill)
 11042      Erik {
 11042      Erik 	ire_t *ire = ill->ill_ire_multicast;
 11042      Erik 
 11042      Erik 	ASSERT(ire == NULL || ire->ire_generation != IRE_GENERATION_CONDEMNED);
 11042      Erik 	if (ire == NULL)
 11042      Erik 		ire = ire_blackhole(ill->ill_ipst, ill->ill_isv6);
 11042      Erik 	else
 11042      Erik 		ire_refhold(ire);
 11042      Erik 	return (ire);
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Given an IRE return its nexthop IRE. The nexthop IRE is an IRE_ONLINK
 11042      Erik  * that is an exact match (i.e., a /32 for IPv4 and /128 for IPv6).
 11042      Erik  * This can return an RTF_REJECT|RTF_BLACKHOLE.
 11042      Erik  * The returned IRE is held.
 11042      Erik  * The assumption is that ip_select_route() has been called and returned the
 11042      Erik  * IRE (thus ip_select_route would have set up the ire_dep* information.)
 11042      Erik  * If some IRE is deleteted then ire_dep_remove() will have been called and
 11042      Erik  * we might not find a nexthop IRE, in which case we return NULL.
 11042      Erik  */
 11042      Erik ire_t *
 11042      Erik ire_nexthop(ire_t *ire)
 11042      Erik {
 11042      Erik 	ip_stack_t	*ipst = ire->ire_ipst;
 11042      Erik 
 11042      Erik 	/* Acquire lock to walk ire_dep_parent */
 11042      Erik 	rw_enter(&ipst->ips_ire_dep_lock, RW_READER);
 11042      Erik 	while (ire != NULL) {
 11042      Erik 		if (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) {
 11042      Erik 			goto done;
 11042      Erik 		}
 11042      Erik 		/*
 11042      Erik 		 * If we find an IRE_ONLINK we are done. This includes
 11042      Erik 		 * the case of IRE_MULTICAST.
 11042      Erik 		 * Note that in order to send packets we need a host-specific
 11042      Erik 		 * IRE_IF_ALL first in the ire_dep_parent chain. Normally this
 11042      Erik 		 * is done by inserting an IRE_IF_CLONE if the IRE_INTERFACE
 11042      Erik 		 * was not host specific.
 11042      Erik 		 * However, ip_rts_request doesn't want to send packets
 11042      Erik 		 * hence doesn't want to allocate an IRE_IF_CLONE. Yet
 11042      Erik 		 * it needs an IRE_IF_ALL to get to the ill. Thus
 11042      Erik 		 * we return IRE_IF_ALL that are not host specific here.
 11042      Erik 		 */
 11042      Erik 		if (ire->ire_type & IRE_ONLINK)
 11042      Erik 			goto done;
 11042      Erik 		ire = ire->ire_dep_parent;
 11042      Erik 	}
 11042      Erik 	rw_exit(&ipst->ips_ire_dep_lock);
 11042      Erik 	return (NULL);
 11042      Erik 
 11042      Erik done:
 11042      Erik 	ire_refhold(ire);
 11042      Erik 	rw_exit(&ipst->ips_ire_dep_lock);
 11042      Erik 	return (ire);
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Find the ill used to send packets. This will be NULL in case
 11042      Erik  * of a reject or blackhole.
 11042      Erik  * The returned ill is held; caller needs to do ill_refrele when done.
 11042      Erik  */
 11042      Erik ill_t *
 11042      Erik ire_nexthop_ill(ire_t *ire)
 11042      Erik {
 11042      Erik 	ill_t		*ill;
 11042      Erik 
 11042      Erik 	ire = ire_nexthop(ire);
 11042      Erik 	if (ire == NULL)
 11042      Erik 		return (NULL);
 11042      Erik 
 11042      Erik 	/* ire_ill can not change for an existing ire */
 11042      Erik 	ill = ire->ire_ill;
 11042      Erik 	if (ill != NULL)
 11042      Erik 		ill_refhold(ill);
 11042      Erik 	ire_refrele(ire);
 11042      Erik 	return (ill);
 11042      Erik }
 11042      Erik 
 11042      Erik #ifdef DEBUG
 11042      Erik static boolean_t
 11042      Erik parent_has_child(ire_t *parent, ire_t *child)
 11042      Erik {
 11042      Erik 	ire_t	*ire;
 11042      Erik 	ire_t	*prev;
 11042      Erik 
 11042      Erik 	ire = parent->ire_dep_children;
 11042      Erik 	prev = NULL;
 11042      Erik 	while (ire != NULL) {
 11042      Erik 		if (prev == NULL) {
 11042      Erik 			ASSERT(ire->ire_dep_sib_ptpn ==
 11042      Erik 			    &(parent->ire_dep_children));
 11042      Erik 		} else {
 11042      Erik 			ASSERT(ire->ire_dep_sib_ptpn ==
 11042      Erik 			    &(prev->ire_dep_sib_next));
 11042      Erik 		}
 11042      Erik 		if (ire == child)
 11042      Erik 			return (B_TRUE);
 11042      Erik 		prev = ire;
 11042      Erik 		ire = ire->ire_dep_sib_next;
 11042      Erik 	}
 11042      Erik 	return (B_FALSE);
 11042      Erik }
 11042      Erik 
 11042      Erik static void
 11042      Erik ire_dep_verify(ire_t *ire)
 11042      Erik {
 11042      Erik 	ire_t		*parent = ire->ire_dep_parent;
 11042      Erik 	ire_t		*child = ire->ire_dep_children;
 11042      Erik 
 11042      Erik 	ASSERT(ire->ire_ipversion == IPV4_VERSION ||
 11042      Erik 	    ire->ire_ipversion == IPV6_VERSION);
 11042      Erik 	if (parent != NULL) {
 11042      Erik 		ASSERT(parent->ire_ipversion == IPV4_VERSION ||
 11042      Erik 		    parent->ire_ipversion == IPV6_VERSION);
 11042      Erik 		ASSERT(parent->ire_refcnt >= 1);
 11042      Erik 		ASSERT(parent_has_child(parent, ire));
 11042      Erik 	}
 11042      Erik 	if (child != NULL) {
 11042      Erik 		ASSERT(child->ire_ipversion == IPV4_VERSION ||
 11042      Erik 		    child->ire_ipversion == IPV6_VERSION);
 11042      Erik 		ASSERT(child->ire_dep_parent == ire);
 11042      Erik 		ASSERT(child->ire_dep_sib_ptpn != NULL);
 11042      Erik 		ASSERT(parent_has_child(ire, child));
 11042      Erik 	}
 11042      Erik }
 11042      Erik #endif /* DEBUG */
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Assumes ire_dep_parent is set. Remove this child from its parent's linkage.
 11042      Erik  */
 11042      Erik void
 11042      Erik ire_dep_remove(ire_t *ire)
 11042      Erik {
 11042      Erik 	ip_stack_t	*ipst = ire->ire_ipst;
 11042      Erik 	ire_t		*parent = ire->ire_dep_parent;
 11042      Erik 	ire_t		*next;
 11042      Erik 	nce_t		*nce;
 11042      Erik 
 11042      Erik 	ASSERT(RW_WRITE_HELD(&ipst->ips_ire_dep_lock));
 11042      Erik 	ASSERT(ire->ire_dep_parent != NULL);
 11042      Erik 	ASSERT(ire->ire_dep_sib_ptpn != NULL);
 11042      Erik 
 11042      Erik #ifdef DEBUG
 11042      Erik 	ire_dep_verify(ire);
 11042      Erik 	ire_dep_verify(parent);
 11042      Erik #endif
 11042      Erik 
 11042      Erik 	next = ire->ire_dep_sib_next;
 11042      Erik 	if (next != NULL)
 11042      Erik 		next->ire_dep_sib_ptpn = ire->ire_dep_sib_ptpn;
 11042      Erik 
 11042      Erik 	ASSERT(*(ire->ire_dep_sib_ptpn) == ire);
 11042      Erik 	*(ire->ire_dep_sib_ptpn) = ire->ire_dep_sib_next;
 11042      Erik 
 11042      Erik 	ire->ire_dep_sib_ptpn = NULL;
 11042      Erik 	ire->ire_dep_sib_next = NULL;
 11042      Erik 
 11042      Erik 	mutex_enter(&ire->ire_lock);
 11042      Erik 	parent = ire->ire_dep_parent;
 11042      Erik 	ire->ire_dep_parent = NULL;
 11042      Erik 	mutex_exit(&ire->ire_lock);
  2535  sangeeta 
  2535  sangeeta 	/*
 11042      Erik 	 * Make sure all our children, grandchildren, etc set
 11042      Erik 	 * ire_dep_parent_generation to IRE_GENERATION_VERIFY since
 11042      Erik 	 * we can no longer guarantee than the children have a current
 11042      Erik 	 * ire_nce_cache and ire_nexthop_ill().
  2535  sangeeta 	 */
 11042      Erik 	if (ire->ire_dep_children != NULL)
 11042      Erik 		ire_dep_invalidate_children(ire->ire_dep_children);
  2535  sangeeta 
  2535  sangeeta 	/*
 11042      Erik 	 * Since the parent is gone we make sure we clear ire_nce_cache.
 11042      Erik 	 * We can clear it under ire_lock even if the IRE is used
  2535  sangeeta 	 */
 11042      Erik 	mutex_enter(&ire->ire_lock);
 11042      Erik 	nce = ire->ire_nce_cache;
 11042      Erik 	ire->ire_nce_cache = NULL;
 11042      Erik 	mutex_exit(&ire->ire_lock);
 11042      Erik 	if (nce != NULL)
 11042      Erik 		nce_refrele(nce);
  2535  sangeeta 
 11042      Erik #ifdef DEBUG
 11042      Erik 	ire_dep_verify(ire);
 11042      Erik 	ire_dep_verify(parent);
 11042      Erik #endif
 11042      Erik 
 11042      Erik 	ire_refrele_notr(parent);
 11042      Erik 	ire_refrele_notr(ire);
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Insert the child in the linkage of the parent
 11042      Erik  */
 11042      Erik static void
 11042      Erik ire_dep_parent_insert(ire_t *child, ire_t *parent)
 11042      Erik {
 11042      Erik 	ip_stack_t	*ipst = child->ire_ipst;
 11042      Erik 	ire_t		*next;
 11042      Erik 
 11042      Erik 	ASSERT(RW_WRITE_HELD(&ipst->ips_ire_dep_lock));
 11042      Erik 	ASSERT(child->ire_dep_parent == NULL);
 11042      Erik 
 11042      Erik #ifdef DEBUG
 11042      Erik 	ire_dep_verify(child);
 11042      Erik 	ire_dep_verify(parent);
 11042      Erik #endif
 11042      Erik 	/* No parents => no siblings */
 11042      Erik 	ASSERT(child->ire_dep_sib_ptpn == NULL);
 11042      Erik 	ASSERT(child->ire_dep_sib_next == NULL);
 11042      Erik 
 11042      Erik 	ire_refhold_notr(parent);
 11042      Erik 	ire_refhold_notr(child);
 11042      Erik 
 11042      Erik 	/* Head insertion */
 11042      Erik 	next = parent->ire_dep_children;
 11042      Erik 	if (next != NULL) {
 11042      Erik 		ASSERT(next->ire_dep_sib_ptpn == &(parent->ire_dep_children));
 11042      Erik 		child->ire_dep_sib_next = next;
 11042      Erik 		next->ire_dep_sib_ptpn = &(child->ire_dep_sib_next);
 11042      Erik 	}
 11042      Erik 	parent->ire_dep_children = child;
 11042      Erik 	child->ire_dep_sib_ptpn = &(parent->ire_dep_children);
 11042      Erik 
 11042      Erik 	mutex_enter(&child->ire_lock);
 11042      Erik 	child->ire_dep_parent = parent;
 11042      Erik 	mutex_exit(&child->ire_lock);
 11042      Erik 
 11042      Erik #ifdef DEBUG
 11042      Erik 	ire_dep_verify(child);
 11042      Erik 	ire_dep_verify(parent);
 11042      Erik #endif
 11042      Erik }
 11042      Erik 
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Given count worth of ires and generations, build ire_dep_* relationships
 11042      Erik  * from ires[0] to ires[count-1]. Record generations[i+1] in
 11042      Erik  * ire_dep_parent_generation for ires[i].
 11042      Erik  * We graft onto an existing parent chain by making sure that we don't
 11042      Erik  * touch ire_dep_parent for ires[count-1].
 11042      Erik  *
 11042      Erik  * We check for any condemned ire_generation count and return B_FALSE in
 11042      Erik  * that case so that the caller can tear it apart.
 11042      Erik  *
 11042      Erik  * Note that generations[0] is not used. Caller handles that.
 11042      Erik  */
 11042      Erik boolean_t
 11042      Erik ire_dep_build(ire_t *ires[], uint_t generations[], uint_t count)
 11042      Erik {
 11042      Erik 	ire_t		*ire = ires[0];
 11042      Erik 	ip_stack_t	*ipst;
 11042      Erik 	uint_t		i;
 11042      Erik 
 11042      Erik 	ASSERT(count > 0);
 11042      Erik 	if (count == 1) {
 11042      Erik 		/* No work to do */
 11042      Erik 		return (B_TRUE);
 11042      Erik 	}
 11042      Erik 	ipst = ire->ire_ipst;
 11042      Erik 	rw_enter(&ipst->ips_ire_dep_lock, RW_WRITER);
 11042      Erik 	/*
 11042      Erik 	 * Do not remove the linkage for any existing parent chain i.e.,
 11042      Erik 	 * ires[count-1] is left alone.
 11042      Erik 	 */
 11042      Erik 	for (i = 0; i < count-1; i++) {
 11042      Erik 		/* Remove existing parent if we need to change it */
 11042      Erik 		if (ires[i]->ire_dep_parent != NULL &&
 11042      Erik 		    ires[i]->ire_dep_parent != ires[i+1])
 11042      Erik 			ire_dep_remove(ires[i]);
 11042      Erik 	}
 11042      Erik 
 11042      Erik 	for (i = 0; i < count - 1; i++) {
 11042      Erik 		ASSERT(ires[i]->ire_ipversion == IPV4_VERSION ||
 11042      Erik 		    ires[i]->ire_ipversion == IPV6_VERSION);
 11042      Erik 		/* Does it need to change? */
 11042      Erik 		if (ires[i]->ire_dep_parent != ires[i+1])
 11042      Erik 			ire_dep_parent_insert(ires[i], ires[i+1]);
 11042      Erik 
 11042      Erik 		mutex_enter(&ires[i+1]->ire_lock);
 11042      Erik 		if (IRE_IS_CONDEMNED(ires[i+1])) {
 11042      Erik 			mutex_exit(&ires[i+1]->ire_lock);
 11042      Erik 			rw_exit(&ipst->ips_ire_dep_lock);
 11042      Erik 			return (B_FALSE);
 11042      Erik 		}
 11042      Erik 		mutex_exit(&ires[i+1]->ire_lock);
 11042      Erik 
 11042      Erik 		mutex_enter(&ires[i]->ire_lock);
 11042      Erik 		ires[i]->ire_dep_parent_generation = generations[i+1];
 11042      Erik 		mutex_exit(&ires[i]->ire_lock);
 11042      Erik 	}
 11042      Erik 	rw_exit(&ipst->ips_ire_dep_lock);
 11042      Erik 	return (B_TRUE);
 11042      Erik }
 11042      Erik 
 11042      Erik /*
 11042      Erik  * Given count worth of ires, unbuild ire_dep_* relationships
 11042      Erik  * from ires[0] to ires[count-1].
 11042      Erik  */
 11042      Erik void
 11042      Erik ire_dep_unbuild(ire_t *ires[], uint_t count)
 11042      Erik {
 11042      Erik 	ip_stack_t	*ipst;
 11042      Erik 	uint_t		i;
 11042      Erik 
 11042      Erik 	if (count == 0) {
 11042      Erik 		/* No work to do */
  2535  sangeeta 		return;
  2535  sangeeta 	}
 11042      Erik 	ipst = ires[0]->ire_ipst;
 11042      Erik 	rw_enter(&ipst->ips_ire_dep_lock, RW_WRITER);
 11042      Erik 	for (i = 0; i < count; i++) {
 11042      Erik 		ASSERT(ires[i]->ire_ipversion == IPV4_VERSION ||
 11042      Erik 		    ires[i]->ire_ipversion == IPV6_VERSION);
 11042      Erik 		if (ires[i]->ire_dep_parent != NULL)
 11042      Erik 			ire_dep_remove(ires[i]);
 11042      Erik 		mutex_enter(&ires[i]->ire_lock);
 11042      Erik 		ires[i]->ire_dep_parent_generation = IRE_GENERATION_VERIFY;
 11042      Erik 		mutex_exit(&ires[i]->ire_lock);
 11042      Erik 	}
 11042      Erik 	rw_exit(&ipst->ips_ire_dep_lock);
 11042      Erik }
  2535  sangeeta 
 11042      Erik /*
 11042      Erik  * Both the forwarding and the outbound code paths can trip on
 11042      Erik  * a condemned NCE, in which case we call this function.
 11042      Erik  * We have two different behaviors: if the NCE was UNREACHABLE
 11042      Erik  * it is an indication that something failed. In that case
 11042      Erik  * we see if we should look for a different IRE (for example,
 11042      Erik  * delete any matching redirect IRE, or try a different
 11042      Erik  * IRE_DEFAULT (ECMP)). We mark the ire as bad so a hopefully
 11042      Erik  * different IRE will be picked next time we send/forward.
 11042      Erik  *
 11042      Erik  * If we are called by the output path then fail_if_better is set
 11042      Erik  * and we return NULL if there could be a better IRE. This is because the
 11042      Erik  * output path retries the IRE lookup. (The input/forward path can not retry.)
 11042      Erik  *
 11042      Erik  * If the NCE was not unreachable then we pick/allocate a
 11042      Erik  * new (most likely ND_INITIAL) NCE and proceed with it.
 11042      Erik  *
 11042      Erik  * ipha/ip6h are needed for multicast packets; ipha needs to be
 11042      Erik  * set for IPv4 and ip6h needs to be set for IPv6 packets.
 11042      Erik  */
 11042      Erik nce_t *
 11042      Erik ire_handle_condemned_nce(nce_t *nce, ire_t *ire, ipha_t *ipha, ip6_t *ip6h,
 11042      Erik     boolean_t fail_if_better)
 11042      Erik {
 11042      Erik 	if (nce->nce_common->ncec_state == ND_UNREACHABLE) {
 11042      Erik 		if (ire_no_good(ire) && fail_if_better) {
 11042      Erik 			/*
 11042      Erik 			 * Did some changes, or ECMP likely to exist.
 11042      Erik 			 * Make ip_output look for a different IRE
 11042      Erik 			 */
 11042      Erik 			return (NULL);
 11042      Erik 		}
 11042      Erik 	}
 11042      Erik 	if (ire_revalidate_nce(ire) == ENETUNREACH) {
 11042      Erik 		/* The ire_dep_parent chain went bad, or no memory? */
 11042      Erik 		(void) ire_no_good(ire);
 11042      Erik 		return (NULL);
 11042      Erik 	}
 11042      Erik 	if (ire->ire_ipversion == IPV4_VERSION) {
 11042      Erik 		ASSERT(ipha != NULL);
 11042      Erik 		nce = ire_to_nce(ire, ipha->ipha_dst, NULL);
 11042      Erik 	} else {
 11042      Erik 		ASSERT(ip6h != NULL);
 11042      Erik 		nce = ire_to_nce(ire, INADDR_ANY, &ip6h->ip6_dst);
  2535  sangeeta 	}
  8485     Peter 
 11042      Erik 	if (nce == NULL)
 11042      Erik 		return (NULL);
 11042      Erik 	if (nce->nce_is_condemned) {
 11042      Erik 		nce_refrele(nce);
 11042      Erik 		return (NULL);
  2535  sangeeta 	}
 11042      Erik 	return (nce);
 11042      Erik }
  2535  sangeeta 
 11042      Erik /*
 11042      Erik  * The caller has found that the ire is bad, either due to a reference to an NCE
 11042      Erik  * in ND_UNREACHABLE state, or a MULTIRT route whose gateway can't be resolved.
 11042      Erik  * We update things so a subsequent attempt to send to the destination
 11042      Erik  * is likely to find different IRE, or that a new NCE would be created.
 11042      Erik  *
 11042      Erik  * Returns B_TRUE if it is likely that a subsequent ire_ftable_lookup would
 11042      Erik  * find a different route (either due to having deleted a redirect, or there
 11042      Erik  * being ECMP routes.)
 11042      Erik  *
 11042      Erik  * If we have a redirect (RTF_DYNAMIC) we delete it.
 11042      Erik  * Otherwise we increment ire_badcnt and increment the generation number so
 11042      Erik  * that a cached ixa_ire will redo the route selection. ire_badcnt is taken
 11042      Erik  * into account in the route selection when we have multiple choices (multiple
 11042      Erik  * default routes or ECMP in general).
 11042      Erik  * Any time ip_select_route find an ire with a condemned ire_nce_cache
 11042      Erik  * (e.g., if no equal cost route to the bad one) ip_select_route will make
 11042      Erik  * sure the NCE is revalidated to avoid getting stuck on a
 11042      Erik  * NCE_F_CONDMNED ncec that caused ire_no_good to be called.
 11042      Erik  */
 11042      Erik boolean_t
 11042      Erik ire_no_good(ire_t *ire)
 11042      Erik {
 11042      Erik 	ip_stack_t	*ipst = ire->ire_ipst;
 11042      Erik 	ire_t		*ire2;
 11042      Erik 	nce_t		*nce;
 11042      Erik 
 11042      Erik 	if (ire->ire_flags & RTF_DYNAMIC) {
 11042      Erik 		ire_delete(ire);
 11042      Erik 		return (B_TRUE);
 11042      Erik 	}
 11042      Erik 	if (ire->ire_flags & RTF_INDIRECT) {
 11042      Erik 		/* Check if next IRE is a redirect */
 11042      Erik 		rw_enter(&ipst->ips_ire_dep_lock, RW_READER);
 11042      Erik 		if (ire->ire_dep_parent != NULL &&
 11042      Erik 		    (ire->ire_dep_parent->ire_flags & RTF_DYNAMIC)) {
 11042      Erik 			ire2 = ire->ire_dep_parent;
 11042      Erik 			ire_refhold(ire2);
 11042      Erik 		} else {
 11042      Erik 			ire2 = NULL;
 11042      Erik 		}
 11042      Erik 		rw_exit(&ipst->ips_ire_dep_lock);
 11042      Erik 		if (ire2 != NULL) {
 11042      Erik 			ire_delete(ire2);
 11042      Erik 			ire_refrele(ire2);
 11042      Erik 			return (B_TRUE);
 11042      Erik 		}
 11042      Erik 	}
  2535  sangeeta 	/*
 11042      Erik 	 * No redirect involved. Increment badcnt so that if we have ECMP
 11042      Erik 	 * routes we are likely to pick a different one for the next packet.
 11042      Erik 	 *
 11042      Erik 	 * If the NCE is unreachable and condemned we should drop the reference
 11042      Erik 	 * to it so that a new NCE can be created.
 11042      Erik 	 *
 11042      Erik 	 * Finally we increment the generation number so that any ixa_ire
 11042      Erik 	 * cache will be revalidated.
  2535  sangeeta 	 */
 11042      Erik 	mutex_enter(&ire->ire_lock);
 11042      Erik 	ire->ire_badcnt++;
 11066    rafael 	ire->ire_last_badcnt = TICK_TO_SEC(ddi_get_lbolt64());
 11042      Erik 	nce = ire->ire_nce_cache;
 11042      Erik 	if (nce != NULL && nce->nce_is_condemned &&
 11042      Erik 	    nce->nce_common->ncec_state == ND_UNREACHABLE)
 11042      Erik 		ire->ire_nce_cache = NULL;
 11042      Erik 	else
 11042      Erik 		nce = NULL;
 11042      Erik 	mutex_exit(&ire->ire_lock);
 11042      Erik 	if (nce != NULL)
 11042      Erik 		nce_refrele(nce);
  3448  dh155122 
 11042      Erik 	ire_increment_generation(ire);
 11042      Erik 	ire_dep_incr_generation(ire);
  2535  sangeeta 
 11042      Erik 	return (ire->ire_bucket->irb_ire_cnt > 1);
 11042      Erik }
  2535  sangeeta 
 11042      Erik /*
 11042      Erik  * Walk ire_dep_parent chain and validate that ire_dep_parent->ire_generation ==
 11042      Erik  * ire_dep_parent_generation.
 11042      Erik  * If they all match we just return ire_generation from the topmost IRE.
 11042      Erik  * Otherwise we propagate the mismatch by setting all ire_dep_parent_generation
 11042      Erik  * above the mismatch to IRE_GENERATION_VERIFY and also returning
 11042      Erik  * IRE_GENERATION_VERIFY.
 11042      Erik  */
 11042      Erik uint_t
 11042      Erik ire_dep_validate_generations(ire_t *ire)
 11042      Erik {
 11042      Erik 	ip_stack_t	*ipst = ire->ire_ipst;
 11042      Erik 	uint_t		generation;
 11042      Erik 	ire_t		*ire1;
 11042      Erik 
 11042      Erik 	rw_enter(&ipst->ips_ire_dep_lock, RW_READER);
 11042      Erik 	generation = ire->ire_generation;	/* Assuming things match */
 11042      Erik 	for (ire1 = ire; ire1 != NULL; ire1 = ire1->ire_dep_parent) {
 11042      Erik 		ASSERT(ire1->ire_ipversion == IPV4_VERSION ||
 11042      Erik 		    ire1->ire_ipversion == IPV6_VERSION);
 11042      Erik 		if (ire1->ire_dep_parent == NULL)
 11042      Erik 			break;
 11042      Erik 		if (ire1->ire_dep_parent_generation !=
 11042      Erik 		    ire1->ire_dep_parent->ire_generation)
 11042      Erik 			goto mismat