1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _INET_IPCLASSIFIER_H 27 #define _INET_IPCLASSIFIER_H 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 #include <inet/common.h> 36 #include <inet/ip.h> 37 #include <inet/mi.h> 38 #include <inet/tcp.h> 39 #include <inet/ip6.h> 40 #include <netinet/in.h> /* for IPPROTO_* constants */ 41 #include <sys/sdt.h> 42 43 typedef void (*edesc_spf)(void *, mblk_t *, void *, int); 44 typedef void (*edesc_rpf)(void *, mblk_t *, void *); 45 46 /* 47 * ============================== 48 * = The CONNECTION = 49 * ============================== 50 */ 51 52 /* 53 * The connection structure contains the common information/flags/ref needed. 54 * Implementation will keep the connection struct, the layers (with their 55 * respective data for event i.e. tcp_t if event was tcp_input) all in one 56 * contiguous memory location. 57 */ 58 59 /* Conn Flags */ 60 /* Unused 0x00020000 */ 61 /* Unused 0x00040000 */ 62 #define IPCL_FULLY_BOUND 0x00080000 /* Bound to correct squeue */ 63 #define IPCL_CHECK_POLICY 0x00100000 /* Needs policy checking */ 64 #define IPCL_SOCKET 0x00200000 /* Sockfs connection */ 65 #define IPCL_ACCEPTOR 0x00400000 /* Sockfs priv acceptor */ 66 #define IPCL_CL_LISTENER 0x00800000 /* Cluster listener */ 67 #define IPCL_EAGER 0x01000000 /* Incoming connection */ 68 /* Unused 0x02000000 */ 69 #define IPCL_TCP6 0x04000000 /* AF_INET6 TCP */ 70 #define IPCL_TCP4 0x08000000 /* IPv4 packet format TCP */ 71 /* Unused 0x10000000 */ 72 /* Unused 0x20000000 */ 73 #define IPCL_CONNECTED 0x40000000 /* Conn in connected table */ 74 #define IPCL_BOUND 0x80000000 /* Conn in bind table */ 75 76 /* Flags identifying the type of conn */ 77 #define IPCL_TCPCONN 0x00000001 /* From tcp_conn_cache */ 78 #define IPCL_SCTPCONN 0x00000002 /* From sctp_conn_cache */ 79 #define IPCL_IPCCONN 0x00000004 /* From ip_conn_cache */ 80 #define IPCL_UDPCONN 0x00000008 /* From udp_conn_cache */ 81 #define IPCL_RAWIPCONN 0x00000010 /* From rawip_conn_cache */ 82 #define IPCL_RTSCONN 0x00000020 /* From rts_conn_cache */ 83 #define IPCL_ISV6 0x00000040 /* AF_INET6 */ 84 #define IPCL_IPTUN 0x00000080 /* Has "tun" plumbed above it */ 85 86 /* Conn Masks */ 87 #define IPCL_TCP (IPCL_TCP4|IPCL_TCP6) 88 #define IPCL_REMOVED 0x00000100 89 #define IPCL_REUSED 0x00000200 90 91 /* The packet format is IPv4; could be an AF_INET or AF_INET6 socket */ 92 #define IPCL_IS_TCP4(connp) \ 93 (((connp)->conn_flags & IPCL_TCP4)) 94 95 /* Connected AF_INET with no IPsec policy */ 96 #define IPCL_IS_TCP4_CONNECTED_NO_POLICY(connp) \ 97 (((connp)->conn_flags & \ 98 (IPCL_TCP4|IPCL_CONNECTED|IPCL_CHECK_POLICY|IPCL_TCP6)) \ 99 == (IPCL_TCP4|IPCL_CONNECTED)) 100 101 #define IPCL_IS_CONNECTED(connp) \ 102 ((connp)->conn_flags & IPCL_CONNECTED) 103 104 #define IPCL_IS_BOUND(connp) \ 105 ((connp)->conn_flags & IPCL_BOUND) 106 107 /* AF_INET TCP that is bound */ 108 #define IPCL_IS_TCP4_BOUND(connp) \ 109 (((connp)->conn_flags & \ 110 (IPCL_TCP4|IPCL_BOUND|IPCL_TCP6)) == \ 111 (IPCL_TCP4|IPCL_BOUND)) 112 113 #define IPCL_IS_FULLY_BOUND(connp) \ 114 ((connp)->conn_flags & IPCL_FULLY_BOUND) 115 116 /* 117 * Can't use conn_protocol since we need to tell difference 118 * between a real TCP socket and a SOCK_RAW, IPPROTO_TCP. 119 */ 120 #define IPCL_IS_TCP(connp) \ 121 ((connp)->conn_flags & IPCL_TCPCONN) 122 123 #define IPCL_IS_SCTP(connp) \ 124 ((connp)->conn_flags & IPCL_SCTPCONN) 125 126 #define IPCL_IS_UDP(connp) \ 127 ((connp)->conn_flags & IPCL_UDPCONN) 128 129 #define IPCL_IS_RAWIP(connp) \ 130 ((connp)->conn_flags & IPCL_RAWIPCONN) 131 132 #define IPCL_IS_RTS(connp) \ 133 ((connp)->conn_flags & IPCL_RTSCONN) 134 135 /* FIXME: Isn't it sufficient to check IPCL_IPTUN? */ 136 #define IPCL_IS_IPTUN(connp) \ 137 (((connp)->conn_ulp == IPPROTO_ENCAP || \ 138 (connp)->conn_ulp == IPPROTO_IPV6) && \ 139 ((connp)->conn_flags & IPCL_IPTUN)) 140 141 typedef struct connf_s connf_t; 142 143 typedef struct 144 { 145 int ctb_depth; 146 #define CONN_STACK_DEPTH 15 147 pc_t ctb_stack[CONN_STACK_DEPTH]; 148 } conn_trace_t; 149 150 /* 151 * The initial fields in the conn_t are setup by the kmem_cache constructor, 152 * and are preserved when it is freed. Fields after that are bzero'ed when 153 * the conn_t is freed. 154 */ 155 struct conn_s { 156 kmutex_t conn_lock; 157 uint32_t conn_ref; /* Reference counter */ 158 uint32_t conn_flags; /* Conn Flags */ 159 160 161 union { 162 tcp_t *cp_tcp; /* Pointer to the tcp struct */ 163 struct udp_s *cp_udp; /* Pointer to the udp struct */ 164 struct icmp_s *cp_icmp; /* Pointer to rawip struct */ 165 struct rts_s *cp_rts; /* Pointer to rts struct */ 166 void *cp_priv; 167 } conn_proto_priv; 168 #define conn_tcp conn_proto_priv.cp_tcp 169 #define conn_udp conn_proto_priv.cp_udp 170 #define conn_icmp conn_proto_priv.cp_icmp 171 #define conn_rts conn_proto_priv.cp_rts 172 #define conn_priv conn_proto_priv.cp_priv 173 174 kcondvar_t conn_cv; 175 uint8_t conn_ulp; /* protocol type */ 176 177 edesc_rpf conn_recv; /* Pointer to recv routine */ 178 179 /* Fields after this are bzero'ed when the conn_t is freed. */ 180 181 squeue_t *conn_sqp; /* Squeue for processing */ 182 uint_t conn_state_flags; /* IP state flags */ 183 #define conn_start_clr conn_state_flags 184 185 ire_t *conn_ire_cache; /* outbound ire cache */ 186 unsigned int 187 conn_on_sqp : 1, /* Conn is being processed */ 188 conn_dontroute : 1, /* SO_DONTROUTE state */ 189 conn_loopback : 1, /* SO_LOOPBACK state */ 190 conn_broadcast : 1, /* SO_BROADCAST state */ 191 192 conn_reuseaddr : 1, /* SO_REUSEADDR state */ 193 conn_multicast_loop : 1, /* IP_MULTICAST_LOOP */ 194 conn_multi_router : 1, /* Wants all multicast pkts */ 195 conn_draining : 1, /* ip_wsrv running */ 196 197 conn_did_putbq : 1, /* ip_wput did a putbq */ 198 conn_unspec_src : 1, /* IP_UNSPEC_SRC */ 199 conn_policy_cached : 1, /* Is policy cached/latched ? */ 200 conn_in_enforce_policy : 1, /* Enforce Policy on inbound */ 201 202 conn_out_enforce_policy : 1, /* Enforce Policy on outbound */ 203 conn_af_isv6 : 1, /* ip address family ver 6 */ 204 conn_pkt_isv6 : 1, /* ip packet format ver 6 */ 205 conn_ip_recvpktinfo : 1, /* IPV*_RECVPKTINFO option */ 206 207 conn_ipv6_recvhoplimit : 1, /* IPV6_RECVHOPLIMIT option */ 208 conn_ipv6_recvhopopts : 1, /* IPV6_RECVHOPOPTS option */ 209 conn_ipv6_recvdstopts : 1, /* IPV6_RECVDSTOPTS option */ 210 conn_ipv6_recvrthdr : 1, /* IPV6_RECVRTHDR option */ 211 212 conn_ipv6_recvrtdstopts : 1, /* IPV6_RECVRTHDRDSTOPTS */ 213 conn_ipv6_v6only : 1, /* IPV6_V6ONLY */ 214 conn_ipv6_recvtclass : 1, /* IPV6_RECVTCLASS */ 215 conn_ipv6_recvpathmtu : 1, /* IPV6_RECVPATHMTU */ 216 217 conn_pathmtu_valid : 1, /* The cached mtu is valid. */ 218 conn_ipv6_dontfrag : 1, /* IPV6_DONTFRAG */ 219 conn_fully_bound : 1, /* Fully bound connection */ 220 conn_recvif : 1, /* IP_RECVIF option */ 221 222 conn_recvslla : 1, /* IP_RECVSLLA option */ 223 conn_mdt_ok : 1, /* MDT is permitted */ 224 conn_nexthop_set : 1, 225 conn_allzones : 1, /* SO_ALLZONES */ 226 227 conn_lso_ok : 1; /* LSO is usable */ 228 229 ill_t *conn_nofailover_ill; /* Failover ill */ 230 ill_t *conn_dhcpinit_ill; /* IP_DHCPINIT_IF */ 231 ipsec_latch_t *conn_latch; /* latched state */ 232 ill_t *conn_outgoing_ill; /* IP{,V6}_BOUND_IF */ 233 edesc_spf conn_send; /* Pointer to send routine */ 234 queue_t *conn_rq; /* Read queue */ 235 queue_t *conn_wq; /* Write queue */ 236 dev_t conn_dev; /* Minor number */ 237 vmem_t *conn_minor_arena; /* Minor arena */ 238 239 cred_t *conn_cred; /* Credentials */ 240 connf_t *conn_g_fanout; /* Global Hash bucket head */ 241 struct conn_s *conn_g_next; /* Global Hash chain next */ 242 struct conn_s *conn_g_prev; /* Global Hash chain prev */ 243 struct ipsec_policy_head_s *conn_policy; /* Configured policy */ 244 in6_addr_t conn_bound_source_v6; 245 #define conn_bound_source V4_PART_OF_V6(conn_bound_source_v6) 246 247 connf_t *conn_fanout; /* Hash bucket we're part of */ 248 struct conn_s *conn_next; /* Hash chain next */ 249 struct conn_s *conn_prev; /* Hash chain prev */ 250 struct { 251 in6_addr_t connua_laddr; /* Local address */ 252 in6_addr_t connua_faddr; /* Remote address */ 253 } connua_v6addr; 254 #define conn_src V4_PART_OF_V6(connua_v6addr.connua_laddr) 255 #define conn_rem V4_PART_OF_V6(connua_v6addr.connua_faddr) 256 #define conn_srcv6 connua_v6addr.connua_laddr 257 #define conn_remv6 connua_v6addr.connua_faddr 258 union { 259 /* Used for classifier match performance */ 260 uint32_t conn_ports2; 261 struct { 262 in_port_t tcpu_fport; /* Remote port */ 263 in_port_t tcpu_lport; /* Local port */ 264 } tcpu_ports; 265 } u_port; 266 #define conn_fport u_port.tcpu_ports.tcpu_fport 267 #define conn_lport u_port.tcpu_ports.tcpu_lport 268 #define conn_ports u_port.conn_ports2 269 #define conn_upq conn_rq 270 uint8_t conn_unused_byte; 271 272 uint_t conn_proto; /* SO_PROTOTYPE state */ 273 ill_t *conn_incoming_ill; /* IP{,V6}_BOUND_IF */ 274 ill_t *conn_outgoing_pill; /* IP{,V6}_BOUND_PIF */ 275 ill_t *conn_oper_pending_ill; /* pending shared ioctl */ 276 277 ilg_t *conn_ilg; /* Group memberships */ 278 int conn_ilg_allocated; /* Number allocated */ 279 int conn_ilg_inuse; /* Number currently used */ 280 int conn_ilg_walker_cnt; /* No of ilg walkers */ 281 /* XXXX get rid of this, once ilg_delete_all is fixed */ 282 kcondvar_t conn_refcv; 283 284 struct ipif_s *conn_multicast_ipif; /* IP_MULTICAST_IF */ 285 ill_t *conn_multicast_ill; /* IPV6_MULTICAST_IF */ 286 int conn_orig_bound_ifindex; /* BOUND_IF before MOVE */ 287 int conn_orig_multicast_ifindex; 288 /* IPv6 MC IF before MOVE */ 289 struct conn_s *conn_drain_next; /* Next conn in drain list */ 290 struct conn_s *conn_drain_prev; /* Prev conn in drain list */ 291 idl_t *conn_idl; /* Ptr to the drain list head */ 292 mblk_t *conn_ipsec_opt_mp; /* ipsec option mblk */ 293 uint32_t conn_src_preferences; /* prefs for src addr select */ 294 /* mtuinfo from IPV6_PACKET_TOO_BIG conditional on conn_pathmtu_valid */ 295 struct ip6_mtuinfo mtuinfo; 296 zoneid_t conn_zoneid; /* zone connection is in */ 297 in6_addr_t conn_nexthop_v6; /* nexthop IP address */ 298 uchar_t conn_broadcast_ttl; /* IP_BROADCAST_TTL */ 299 #define conn_nexthop_v4 V4_PART_OF_V6(conn_nexthop_v6) 300 cred_t *conn_peercred; /* Peer credentials, if any */ 301 302 unsigned int 303 conn_ulp_labeled : 1, /* ULP label is synced */ 304 conn_mlp_type : 2, /* mlp_type_t; tsol/tndb.h */ 305 conn_anon_mlp : 1, /* user wants anon MLP */ 306 307 conn_anon_port : 1, /* user bound anonymously */ 308 conn_mac_exempt : 1, /* unlabeled with loose MAC */ 309 conn_spare : 26; 310 netstack_t *conn_netstack; /* Corresponds to a netstack_hold */ 311 #ifdef CONN_DEBUG 312 #define CONN_TRACE_MAX 10 313 int conn_trace_last; /* ndx of last used tracebuf */ 314 conn_trace_t conn_trace_buf[CONN_TRACE_MAX]; 315 #endif 316 }; 317 318 #define CONN_CRED(connp) ((connp)->conn_peercred == NULL ? \ 319 (connp)->conn_cred : (connp)->conn_peercred) 320 #define BEST_CRED(mp, connp) ((DB_CRED(mp) != NULL && \ 321 crgetlabel(DB_CRED(mp)) != NULL) ? DB_CRED(mp) : CONN_CRED(connp)) 322 323 /* 324 * connf_t - connection fanout data. 325 * 326 * The hash tables and their linkage (conn_t.{hashnextp, hashprevp} are 327 * protected by the per-bucket lock. Each conn_t inserted in the list 328 * points back at the connf_t that heads the bucket. 329 */ 330 struct connf_s { 331 struct conn_s *connf_head; 332 kmutex_t connf_lock; 333 }; 334 335 #define CONN_INC_REF(connp) { \ 336 mutex_enter(&(connp)->conn_lock); \ 337 DTRACE_PROBE1(conn__inc__ref, conn_t *, connp); \ 338 ASSERT(conn_trace_ref(connp)); \ 339 (connp)->conn_ref++; \ 340 ASSERT((connp)->conn_ref != 0); \ 341 mutex_exit(&(connp)->conn_lock); \ 342 } 343 344 #define CONN_INC_REF_LOCKED(connp) { \ 345 DTRACE_PROBE1(conn__inc__ref, conn_t *, connp); \ 346 ASSERT(MUTEX_HELD(&(connp)->conn_lock)); \ 347 ASSERT(conn_trace_ref(connp)); \ 348 (connp)->conn_ref++; \ 349 ASSERT((connp)->conn_ref != 0); \ 350 } 351 352 #define CONN_DEC_REF(connp) { \ 353 mutex_enter(&(connp)->conn_lock); \ 354 DTRACE_PROBE1(conn__dec__ref, conn_t *, connp); \ 355 /* \ 356 * The squeue framework always does a CONN_DEC_REF after return \ 357 * from TCP. Hence the refcnt must be at least 2 if conn_on_sqp \ 358 * is B_TRUE and conn_ref is being decremented. This is to \ 359 * account for the mblk being currently processed. \ 360 */ \ 361 if ((connp)->conn_ref <= 0 || \ 362 ((connp)->conn_ref == 1 && (connp)->conn_on_sqp)) \ 363 cmn_err(CE_PANIC, "CONN_DEC_REF: connp(%p) has ref " \ 364 "= %d\n", (void *)(connp), (connp)->conn_ref); \ 365 ASSERT(conn_untrace_ref(connp)); \ 366 (connp)->conn_ref--; \ 367 if ((connp)->conn_ref == 0) { \ 368 /* Refcnt can't increase again, safe to drop lock */ \ 369 mutex_exit(&(connp)->conn_lock); \ 370 ipcl_conn_destroy(connp); \ 371 } else { \ 372 cv_broadcast(&(connp)->conn_cv); \ 373 mutex_exit(&(connp)->conn_lock); \ 374 } \ 375 } 376 377 /* 378 * For use with subsystems within ip which use ALL_ZONES as a wildcard 379 */ 380 #define IPCL_ZONEID(connp) \ 381 ((connp)->conn_allzones ? ALL_ZONES : (connp)->conn_zoneid) 382 383 /* 384 * For matching between a conn_t and a zoneid. 385 */ 386 #define IPCL_ZONE_MATCH(connp, zoneid) \ 387 (((connp)->conn_allzones) || \ 388 ((zoneid) == ALL_ZONES) || \ 389 (connp)->conn_zoneid == (zoneid)) 390 391 392 #define _IPCL_V4_MATCH(v6addr, v4addr) \ 393 (V4_PART_OF_V6((v6addr)) == (v4addr) && IN6_IS_ADDR_V4MAPPED(&(v6addr))) 394 395 #define _IPCL_V4_MATCH_ANY(addr) \ 396 (IN6_IS_ADDR_V4MAPPED_ANY(&(addr)) || IN6_IS_ADDR_UNSPECIFIED(&(addr))) 397 398 399 /* 400 * IPCL_PROTO_MATCH() only matches conns with the specified zoneid, while 401 * IPCL_PROTO_MATCH_V6() can match other conns in the multicast case, see 402 * ip_fanout_proto(). 403 */ 404 #define IPCL_PROTO_MATCH(connp, protocol, ipha, ill, \ 405 fanout_flags, zoneid) \ 406 ((((connp)->conn_src == INADDR_ANY) || \ 407 (((connp)->conn_src == ((ipha)->ipha_dst)) && \ 408 (((connp)->conn_rem == INADDR_ANY) || \ 409 ((connp)->conn_rem == ((ipha)->ipha_src))))) && \ 410 IPCL_ZONE_MATCH(connp, zoneid) && \ 411 (conn_wantpacket((connp), (ill), (ipha), (fanout_flags), \ 412 (zoneid)) || ((protocol) == IPPROTO_PIM) || \ 413 ((protocol) == IPPROTO_RSVP))) 414 415 #define IPCL_PROTO_MATCH_V6(connp, protocol, ip6h, ill, \ 416 fanout_flags, zoneid) \ 417 ((IN6_IS_ADDR_UNSPECIFIED(&(connp)->conn_srcv6) || \ 418 (IN6_ARE_ADDR_EQUAL(&(connp)->conn_srcv6, &((ip6h)->ip6_dst)) && \ 419 (IN6_IS_ADDR_UNSPECIFIED(&(connp)->conn_remv6) || \ 420 IN6_ARE_ADDR_EQUAL(&(connp)->conn_remv6, &((ip6h)->ip6_src))))) && \ 421 (conn_wantpacket_v6((connp), (ill), (ip6h), \ 422 (fanout_flags), (zoneid)) || ((protocol) == IPPROTO_RSVP))) 423 424 #define IPCL_CONN_HASH(src, ports, ipst) \ 425 ((unsigned)(ntohl((src)) ^ ((ports) >> 24) ^ ((ports) >> 16) ^ \ 426 ((ports) >> 8) ^ (ports)) % (ipst)->ips_ipcl_conn_fanout_size) 427 428 #define IPCL_CONN_HASH_V6(src, ports, ipst) \ 429 IPCL_CONN_HASH(V4_PART_OF_V6((src)), (ports), (ipst)) 430 431 #define IPCL_CONN_MATCH(connp, proto, src, dst, ports) \ 432 ((connp)->conn_ulp == (proto) && \ 433 (connp)->conn_ports == (ports) && \ 434 _IPCL_V4_MATCH((connp)->conn_remv6, (src)) && \ 435 _IPCL_V4_MATCH((connp)->conn_srcv6, (dst)) && \ 436 !(connp)->conn_ipv6_v6only) 437 438 #define IPCL_CONN_MATCH_V6(connp, proto, src, dst, ports) \ 439 ((connp)->conn_ulp == (proto) && \ 440 (connp)->conn_ports == (ports) && \ 441 IN6_ARE_ADDR_EQUAL(&(connp)->conn_remv6, &(src)) && \ 442 IN6_ARE_ADDR_EQUAL(&(connp)->conn_srcv6, &(dst))) 443 444 #define IPCL_CONN_INIT(connp, protocol, src, rem, ports) { \ 445 (connp)->conn_ulp = protocol; \ 446 IN6_IPADDR_TO_V4MAPPED(src, &(connp)->conn_srcv6); \ 447 IN6_IPADDR_TO_V4MAPPED(rem, &(connp)->conn_remv6); \ 448 (connp)->conn_ports = ports; \ 449 } 450 451 #define IPCL_CONN_INIT_V6(connp, protocol, src, rem, ports) { \ 452 (connp)->conn_ulp = protocol; \ 453 (connp)->conn_srcv6 = src; \ 454 (connp)->conn_remv6 = rem; \ 455 (connp)->conn_ports = ports; \ 456 } 457 458 #define IPCL_PORT_HASH(port, size) \ 459 ((((port) >> 8) ^ (port)) & ((size) - 1)) 460 461 #define IPCL_BIND_HASH(lport, ipst) \ 462 ((unsigned)(((lport) >> 8) ^ (lport)) % \ 463 (ipst)->ips_ipcl_bind_fanout_size) 464 465 #define IPCL_BIND_MATCH(connp, proto, laddr, lport) \ 466 ((connp)->conn_ulp == (proto) && \ 467 (connp)->conn_lport == (lport) && \ 468 (_IPCL_V4_MATCH_ANY((connp)->conn_srcv6) || \ 469 _IPCL_V4_MATCH((connp)->conn_srcv6, (laddr))) && \ 470 !(connp)->conn_ipv6_v6only) 471 472 #define IPCL_BIND_MATCH_V6(connp, proto, laddr, lport) \ 473 ((connp)->conn_ulp == (proto) && \ 474 (connp)->conn_lport == (lport) && \ 475 (IN6_ARE_ADDR_EQUAL(&(connp)->conn_srcv6, &(laddr)) || \ 476 IN6_IS_ADDR_UNSPECIFIED(&(connp)->conn_srcv6))) 477 478 #define IPCL_UDP_MATCH(connp, lport, laddr, fport, faddr) \ 479 (((connp)->conn_lport == (lport)) && \ 480 ((_IPCL_V4_MATCH_ANY((connp)->conn_srcv6) || \ 481 (_IPCL_V4_MATCH((connp)->conn_srcv6, (laddr)) && \ 482 (_IPCL_V4_MATCH_ANY((connp)->conn_remv6) || \ 483 (_IPCL_V4_MATCH((connp)->conn_remv6, (faddr)) && \ 484 (connp)->conn_fport == (fport)))))) && \ 485 !(connp)->conn_ipv6_v6only) 486 487 #define IPCL_UDP_MATCH_V6(connp, lport, laddr, fport, faddr) \ 488 (((connp)->conn_lport == (lport)) && \ 489 (IN6_IS_ADDR_UNSPECIFIED(&(connp)->conn_srcv6) || \ 490 (IN6_ARE_ADDR_EQUAL(&(connp)->conn_srcv6, &(laddr)) && \ 491 (IN6_IS_ADDR_UNSPECIFIED(&(connp)->conn_remv6) || \ 492 (IN6_ARE_ADDR_EQUAL(&(connp)->conn_remv6, &(faddr)) && \ 493 (connp)->conn_fport == (fport)))))) 494 495 #define IPCL_TCP_EAGER_INIT(connp, protocol, src, rem, ports) { \ 496 (connp)->conn_flags |= (IPCL_TCP4|IPCL_EAGER); \ 497 IN6_IPADDR_TO_V4MAPPED(src, &(connp)->conn_srcv6); \ 498 IN6_IPADDR_TO_V4MAPPED(rem, &(connp)->conn_remv6); \ 499 (connp)->conn_ports = ports; \ 500 (connp)->conn_send = ip_output; \ 501 (connp)->conn_sqp = IP_SQUEUE_GET(lbolt); \ 502 } 503 504 #define IPCL_TCP_EAGER_INIT_V6(connp, protocol, src, rem, ports) { \ 505 (connp)->conn_flags |= (IPCL_TCP6|IPCL_EAGER|IPCL_ISV6); \ 506 (connp)->conn_srcv6 = src; \ 507 (connp)->conn_remv6 = rem; \ 508 (connp)->conn_ports = ports; \ 509 (connp)->conn_send = ip_output_v6; \ 510 (connp)->conn_sqp = IP_SQUEUE_GET(lbolt); \ 511 } 512 513 #define IPCL_UDP_HASH(lport, ipst) \ 514 IPCL_PORT_HASH(lport, (ipst)->ips_ipcl_udp_fanout_size) 515 516 #define CONN_G_HASH_SIZE 1024 517 518 /* Raw socket hash function. */ 519 #define IPCL_RAW_HASH(lport, ipst) \ 520 IPCL_PORT_HASH(lport, (ipst)->ips_ipcl_raw_fanout_size) 521 522 /* 523 * This is similar to IPCL_BIND_MATCH except that the local port check 524 * is changed to a wildcard port check. 525 */ 526 #define IPCL_RAW_MATCH(connp, proto, laddr) \ 527 ((connp)->conn_ulp == (proto) && \ 528 (connp)->conn_lport == 0 && \ 529 (_IPCL_V4_MATCH_ANY((connp)->conn_srcv6) || \ 530 _IPCL_V4_MATCH((connp)->conn_srcv6, (laddr)))) 531 532 #define IPCL_RAW_MATCH_V6(connp, proto, laddr) \ 533 ((connp)->conn_ulp == (proto) && \ 534 (connp)->conn_lport == 0 && \ 535 (IN6_IS_ADDR_UNSPECIFIED(&(connp)->conn_srcv6) || \ 536 IN6_ARE_ADDR_EQUAL(&(connp)->conn_srcv6, &(laddr)))) 537 538 /* Function prototypes */ 539 extern void ipcl_g_init(void); 540 extern void ipcl_init(ip_stack_t *); 541 extern void ipcl_g_destroy(void); 542 extern void ipcl_destroy(ip_stack_t *); 543 extern conn_t *ipcl_conn_create(uint32_t, int, netstack_t *); 544 extern void ipcl_conn_destroy(conn_t *); 545 546 void ipcl_hash_insert_wildcard(connf_t *, conn_t *); 547 void ipcl_hash_remove(conn_t *); 548 void ipcl_hash_remove_locked(conn_t *connp, connf_t *connfp); 549 550 extern int ipcl_bind_insert(conn_t *, uint8_t, ipaddr_t, uint16_t); 551 extern int ipcl_bind_insert_v6(conn_t *, uint8_t, const in6_addr_t *, 552 uint16_t); 553 extern int ipcl_conn_insert(conn_t *, uint8_t, ipaddr_t, ipaddr_t, 554 uint32_t); 555 extern int ipcl_conn_insert_v6(conn_t *, uint8_t, const in6_addr_t *, 556 const in6_addr_t *, uint32_t, uint_t); 557 extern conn_t *ipcl_get_next_conn(connf_t *, conn_t *, uint32_t); 558 559 void ipcl_proto_insert(conn_t *, uint8_t); 560 void ipcl_proto_insert_v6(conn_t *, uint8_t); 561 conn_t *ipcl_classify_v4(mblk_t *, uint8_t, uint_t, zoneid_t, ip_stack_t *); 562 conn_t *ipcl_classify_v6(mblk_t *, uint8_t, uint_t, zoneid_t, ip_stack_t *); 563 conn_t *ipcl_classify(mblk_t *, zoneid_t, ip_stack_t *); 564 conn_t *ipcl_classify_raw(mblk_t *, uint8_t, zoneid_t, uint32_t, ipha_t *, 565 ip_stack_t *); 566 void ipcl_globalhash_insert(conn_t *); 567 void ipcl_globalhash_remove(conn_t *); 568 void ipcl_walk(pfv_t, void *, ip_stack_t *); 569 conn_t *ipcl_tcp_lookup_reversed_ipv4(ipha_t *, tcph_t *, int, ip_stack_t *); 570 conn_t *ipcl_tcp_lookup_reversed_ipv6(ip6_t *, tcpha_t *, int, uint_t, 571 ip_stack_t *); 572 conn_t *ipcl_lookup_listener_v4(uint16_t, ipaddr_t, zoneid_t, ip_stack_t *); 573 conn_t *ipcl_lookup_listener_v6(uint16_t, in6_addr_t *, uint_t, zoneid_t, 574 ip_stack_t *); 575 int conn_trace_ref(conn_t *); 576 int conn_untrace_ref(conn_t *); 577 void ipcl_conn_cleanup(conn_t *); 578 conn_t *ipcl_conn_tcp_lookup_reversed_ipv4(conn_t *, ipha_t *, tcph_t *, 579 ip_stack_t *); 580 conn_t *ipcl_conn_tcp_lookup_reversed_ipv6(conn_t *, ip6_t *, tcph_t *, 581 ip_stack_t *); 582 #ifdef __cplusplus 583 } 584 #endif 585 586 #endif /* _INET_IPCLASSIFIER_H */ 587
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.