1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 * Copyright 2017 OmniTI Computer Consulting, Inc. All rights reserved. 26 */ 27 /* Copyright (c) 1990 Mentat Inc. */ 28 29 #include <sys/types.h> 30 #include <sys/stream.h> 31 #include <sys/strsubr.h> 32 #include <sys/dlpi.h> 33 #include <sys/strsun.h> 34 #include <sys/zone.h> 35 #include <sys/ddi.h> 36 #include <sys/sunddi.h> 37 #include <sys/cmn_err.h> 38 #include <sys/debug.h> 39 #include <sys/atomic.h> 40 41 #include <sys/systm.h> 42 #include <sys/param.h> 43 #include <sys/kmem.h> 44 #include <sys/sdt.h> 45 #include <sys/socket.h> 46 #include <sys/mac.h> 47 #include <net/if.h> 48 #include <net/if_arp.h> 49 #include <net/route.h> 50 #include <sys/sockio.h> 51 #include <netinet/in.h> 52 #include <net/if_dl.h> 53 54 #include <inet/common.h> 55 #include <inet/mi.h> 56 #include <inet/mib2.h> 57 #include <inet/nd.h> 58 #include <inet/arp.h> 59 #include <inet/snmpcom.h> 60 #include <inet/kstatcom.h> 61 62 #include <netinet/igmp_var.h> 63 #include <netinet/ip6.h> 64 #include <netinet/icmp6.h> 65 #include <netinet/sctp.h> 66 67 #include <inet/ip.h> 68 #include <inet/ip_impl.h> 69 #include <inet/ip6.h> 70 #include <inet/ip6_asp.h> 71 #include <inet/tcp.h> 72 #include <inet/ip_multi.h> 73 #include <inet/ip_if.h> 74 #include <inet/ip_ire.h> 75 #include <inet/ip_ftable.h> 76 #include <inet/ip_rts.h> 77 #include <inet/optcom.h> 78 #include <inet/ip_ndp.h> 79 #include <inet/ip_listutils.h> 80 #include <netinet/igmp.h> 81 #include <netinet/ip_mroute.h> 82 #include <inet/ipp_common.h> 83 84 #include <net/pfkeyv2.h> 85 #include <inet/sadb.h> 86 #include <inet/ipsec_impl.h> 87 #include <inet/ipdrop.h> 88 #include <inet/ip_netinfo.h> 89 90 #include <sys/pattr.h> 91 #include <inet/ipclassifier.h> 92 #include <inet/sctp_ip.h> 93 #include <inet/sctp/sctp_impl.h> 94 #include <inet/udp_impl.h> 95 #include <sys/sunddi.h> 96 97 #include <sys/tsol/label.h> 98 #include <sys/tsol/tnet.h> 99 100 #ifdef DEBUG 101 extern boolean_t skip_sctp_cksum; 102 #endif 103 104 int 105 ip_output_simple_v6(mblk_t *mp, ip_xmit_attr_t *ixa) 106 { 107 ip6_t *ip6h; 108 in6_addr_t firsthop; /* In IP header */ 109 in6_addr_t dst; /* End of source route, or ip6_dst if none */ 110 ire_t *ire; 111 in6_addr_t setsrc; 112 int error; 113 ill_t *ill = NULL; 114 dce_t *dce = NULL; 115 nce_t *nce; 116 iaflags_t ixaflags = ixa->ixa_flags; 117 ip_stack_t *ipst = ixa->ixa_ipst; 118 uint8_t *nexthdrp; 119 boolean_t repeat = B_FALSE; 120 boolean_t multirt = B_FALSE; 121 uint_t ifindex; 122 int64_t now; 123 124 ip6h = (ip6_t *)mp->b_rptr; 125 ASSERT(IPH_HDR_VERSION(ip6h) == IPV6_VERSION); 126 127 ASSERT(ixa->ixa_nce == NULL); 128 129 ixa->ixa_pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 130 ASSERT(ixa->ixa_pktlen == msgdsize(mp)); 131 if (!ip_hdr_length_nexthdr_v6(mp, ip6h, &ixa->ixa_ip_hdr_length, 132 &nexthdrp)) { 133 /* Malformed packet */ 134 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 135 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 136 ip_drop_output("ipIfStatsOutDiscards", mp, NULL); 137 freemsg(mp); 138 return (EINVAL); 139 } 140 ixa->ixa_protocol = *nexthdrp; 141 142 /* 143 * Assumes that source routed packets have already been massaged by 144 * the ULP (ip_massage_options_v6) and as a result ip6_dst is the next 145 * hop in the source route. The final destination is used for IPsec 146 * policy and DCE lookup. 147 */ 148 firsthop = ip6h->ip6_dst; 149 dst = ip_get_dst_v6(ip6h, mp, NULL); 150 151 repeat_ire: 152 error = 0; 153 setsrc = ipv6_all_zeros; 154 ire = ip_select_route_v6(&firsthop, ip6h->ip6_src, ixa, NULL, &setsrc, 155 &error, &multirt); 156 ASSERT(ire != NULL); /* IRE_NOROUTE if none found */ 157 if (error != 0) { 158 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 159 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 160 ip_drop_output("ipIfStatsOutDiscards", mp, NULL); 161 freemsg(mp); 162 goto done; 163 } 164 165 if (ire->ire_flags & (RTF_BLACKHOLE|RTF_REJECT)) { 166 /* ire_ill might be NULL hence need to skip some code */ 167 if (ixaflags & IXAF_SET_SOURCE) 168 ip6h->ip6_src = ipv6_loopback; 169 ixa->ixa_fragsize = IP_MAXPACKET; 170 ire->ire_ob_pkt_count++; 171 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 172 /* No dce yet; use default one */ 173 error = (ire->ire_sendfn)(ire, mp, ip6h, ixa, 174 &ipst->ips_dce_default->dce_ident); 175 goto done; 176 } 177 178 /* Note that ip6_dst is only used for IRE_MULTICAST */ 179 nce = ire_to_nce(ire, INADDR_ANY, &ip6h->ip6_dst); 180 if (nce == NULL) { 181 /* Allocation failure? */ 182 ip_drop_output("ire_to_nce", mp, ill); 183 freemsg(mp); 184 error = ENOBUFS; 185 goto done; 186 } 187 if (nce->nce_is_condemned) { 188 nce_t *nce1; 189 190 nce1 = ire_handle_condemned_nce(nce, ire, NULL, ip6h, B_TRUE); 191 nce_refrele(nce); 192 if (nce1 == NULL) { 193 if (!repeat) { 194 /* Try finding a better IRE */ 195 repeat = B_TRUE; 196 ire_refrele(ire); 197 goto repeat_ire; 198 } 199 /* Tried twice - drop packet */ 200 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 201 ip_drop_output("No nce", mp, ill); 202 freemsg(mp); 203 error = ENOBUFS; 204 goto done; 205 } 206 nce = nce1; 207 } 208 /* 209 * For multicast with multirt we have a flag passed back from 210 * ire_lookup_multi_ill_v6 since we don't have an IRE for each 211 * possible multicast address. 212 * We also need a flag for multicast since we can't check 213 * whether RTF_MULTIRT is set in ixa_ire for multicast. 214 */ 215 if (multirt) { 216 ixa->ixa_postfragfn = ip_postfrag_multirt_v6; 217 ixa->ixa_flags |= IXAF_MULTIRT_MULTICAST; 218 } else { 219 ixa->ixa_postfragfn = ire->ire_postfragfn; 220 ixa->ixa_flags &= ~IXAF_MULTIRT_MULTICAST; 221 } 222 ASSERT(ixa->ixa_nce == NULL); 223 ixa->ixa_nce = nce; 224 225 /* 226 * Check for a dce_t with a path mtu. 227 */ 228 ifindex = 0; 229 if (IN6_IS_ADDR_LINKSCOPE(&dst)) 230 ifindex = nce->nce_common->ncec_ill->ill_phyint->phyint_ifindex; 231 232 dce = dce_lookup_v6(&dst, ifindex, ipst, NULL); 233 ASSERT(dce != NULL); 234 235 if (!(ixaflags & IXAF_PMTU_DISCOVERY)) { 236 ixa->ixa_fragsize = IPV6_MIN_MTU; 237 } else if (dce->dce_flags & DCEF_PMTU) { 238 /* 239 * To avoid a periodic timer to increase the path MTU we 240 * look at dce_last_change_time each time we send a packet. 241 */ 242 now = ddi_get_lbolt64(); 243 if (TICK_TO_SEC(now) - dce->dce_last_change_time > 244 ipst->ips_ip_pathmtu_interval) { 245 /* 246 * Older than 20 minutes. Drop the path MTU information. 247 */ 248 mutex_enter(&dce->dce_lock); 249 dce->dce_flags &= ~DCEF_PMTU; 250 dce->dce_last_change_time = TICK_TO_SEC(now); 251 mutex_exit(&dce->dce_lock); 252 dce_increment_generation(dce); 253 ixa->ixa_fragsize = ip_get_base_mtu(nce->nce_ill, ire); 254 } else { 255 uint_t fragsize; 256 257 fragsize = ip_get_base_mtu(nce->nce_ill, ire); 258 if (fragsize > dce->dce_pmtu) 259 fragsize = dce->dce_pmtu; 260 ixa->ixa_fragsize = fragsize; 261 } 262 } else { 263 ixa->ixa_fragsize = ip_get_base_mtu(nce->nce_ill, ire); 264 } 265 266 /* 267 * We use use ire_nexthop_ill (and not ncec_ill) to avoid the under ipmp 268 * interface for source address selection. 269 */ 270 ill = ire_nexthop_ill(ire); 271 272 if (ixaflags & IXAF_SET_SOURCE) { 273 in6_addr_t src; 274 275 /* 276 * We use the final destination to get 277 * correct selection for source routed packets 278 */ 279 280 /* If unreachable we have no ill but need some source */ 281 if (ill == NULL) { 282 src = ipv6_loopback; 283 error = 0; 284 } else { 285 error = ip_select_source_v6(ill, &setsrc, &dst, 286 ixa->ixa_zoneid, ipst, B_FALSE, 287 ixa->ixa_src_preferences, &src, NULL, NULL); 288 } 289 if (error != 0) { 290 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutRequests); 291 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 292 ip_drop_output("ipIfStatsOutDiscards - no source", 293 mp, ill); 294 freemsg(mp); 295 goto done; 296 } 297 ip6h->ip6_src = src; 298 } else if (ixaflags & IXAF_VERIFY_SOURCE) { 299 /* Check if the IP source is assigned to the host. */ 300 if (!ip_verify_src(mp, ixa, NULL)) { 301 /* Don't send a packet with a source that isn't ours */ 302 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 303 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 304 ip_drop_output("ipIfStatsOutDiscards - invalid source", 305 mp, ill); 306 freemsg(mp); 307 error = EADDRNOTAVAIL; 308 goto done; 309 } 310 } 311 312 /* 313 * Check against global IPsec policy to set the AH/ESP attributes. 314 * IPsec will set IXAF_IPSEC_* and ixa_ipsec_* as appropriate. 315 */ 316 if (!(ixaflags & (IXAF_NO_IPSEC|IXAF_IPSEC_SECURE))) { 317 ASSERT(ixa->ixa_ipsec_policy == NULL); 318 mp = ip_output_attach_policy(mp, NULL, ip6h, NULL, ixa); 319 if (mp == NULL) { 320 /* MIB and ip_drop_packet already done */ 321 return (EHOSTUNREACH); /* IPsec policy failure */ 322 } 323 } 324 325 if (ill != NULL) { 326 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutRequests); 327 } else { 328 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 329 } 330 331 /* 332 * We update the statistics on the most specific IRE i.e., the first 333 * one we found. 334 * We don't have an IRE when we fragment, hence ire_ob_pkt_count 335 * can only count the use prior to fragmentation. However the MIB 336 * counters on the ill will be incremented in post fragmentation. 337 */ 338 ire->ire_ob_pkt_count++; 339 340 /* 341 * Based on ire_type and ire_flags call one of: 342 * ire_send_local_v6 - for IRE_LOCAL and IRE_LOOPBACK 343 * ire_send_multirt_v6 - if RTF_MULTIRT 344 * ire_send_noroute_v6 - if RTF_REJECT or RTF_BLACHOLE 345 * ire_send_multicast_v6 - for IRE_MULTICAST 346 * ire_send_wire_v6 - for the rest. 347 */ 348 error = (ire->ire_sendfn)(ire, mp, ip6h, ixa, &dce->dce_ident); 349 done: 350 ire_refrele(ire); 351 if (dce != NULL) 352 dce_refrele(dce); 353 if (ill != NULL) 354 ill_refrele(ill); 355 if (ixa->ixa_nce != NULL) 356 nce_refrele(ixa->ixa_nce); 357 ixa->ixa_nce = NULL; 358 return (error); 359 } 360 361 /* 362 * ire_sendfn() functions. 363 * These functions use the following xmit_attr: 364 * - ixa_fragsize - read to determine whether or not to fragment 365 * - IXAF_IPSEC_SECURE - to determine whether or not to invoke IPsec 366 * - ixa_ipsec_* are used inside IPsec 367 * - IXAF_LOOPBACK_COPY - for multicast 368 */ 369 370 371 /* 372 * ire_sendfn for IRE_LOCAL and IRE_LOOPBACK 373 * 374 * The checks for restrict_interzone_loopback are done in ire_route_recursive. 375 */ 376 /* ARGSUSED4 */ 377 int 378 ire_send_local_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 379 ip_xmit_attr_t *ixa, uint32_t *identp) 380 { 381 ip6_t *ip6h = (ip6_t *)iph_arg; 382 ip_stack_t *ipst = ixa->ixa_ipst; 383 ill_t *ill = ire->ire_ill; 384 ip_recv_attr_t iras; /* NOTE: No bzero for performance */ 385 uint_t pktlen = ixa->ixa_pktlen; 386 387 /* 388 * No fragmentation, no nce, and no application of IPsec. 389 * 390 * 391 * Note different order between IP provider and FW_HOOKS than in 392 * send_wire case. 393 */ 394 395 /* 396 * DTrace this as ip:::send. A packet blocked by FW_HOOKS will fire the 397 * send probe, but not the receive probe. 398 */ 399 DTRACE_IP7(send, mblk_t *, mp, conn_t *, NULL, void_ip_t *, 400 ip6h, __dtrace_ipsr_ill_t *, ill, ipha_t *, NULL, ip6_t *, ip6h, 401 int, 1); 402 403 DTRACE_PROBE4(ip6__loopback__out__start, 404 ill_t *, NULL, ill_t *, ill, 405 ip6_t *, ip6h, mblk_t *, mp); 406 407 if (HOOKS6_INTERESTED_LOOPBACK_OUT(ipst)) { 408 int error; 409 410 FW_HOOKS(ipst->ips_ip6_loopback_out_event, 411 ipst->ips_ipv6firewall_loopback_out, 412 NULL, ill, ip6h, mp, mp, 0, ipst, error); 413 414 DTRACE_PROBE1(ip6__loopback__out__end, mblk_t *, mp); 415 if (mp == NULL) 416 return (error); 417 418 /* 419 * Even if the destination was changed by the filter we use the 420 * forwarding decision that was made based on the address 421 * in ip_output/ip_set_destination. 422 */ 423 /* Length could be different */ 424 ip6h = (ip6_t *)mp->b_rptr; 425 pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 426 } 427 428 /* 429 * If a callback is enabled then we need to know the 430 * source and destination zoneids for the packet. We already 431 * have those handy. 432 */ 433 if (ipst->ips_ip6_observe.he_interested) { 434 zoneid_t szone, dzone; 435 zoneid_t stackzoneid; 436 437 stackzoneid = netstackid_to_zoneid( 438 ipst->ips_netstack->netstack_stackid); 439 440 if (stackzoneid == GLOBAL_ZONEID) { 441 /* Shared-IP zone */ 442 dzone = ire->ire_zoneid; 443 szone = ixa->ixa_zoneid; 444 } else { 445 szone = dzone = stackzoneid; 446 } 447 ipobs_hook(mp, IPOBS_HOOK_LOCAL, szone, dzone, ill, ipst); 448 } 449 450 /* Handle lo0 stats */ 451 ipst->ips_loopback_packets++; 452 453 /* 454 * Update output mib stats. Note that we can't move into the icmp 455 * sender (icmp_output etc) since they don't know the ill and the 456 * stats are per ill. 457 */ 458 if (ixa->ixa_protocol == IPPROTO_ICMPV6) { 459 icmp6_t *icmp6; 460 461 icmp6 = (icmp6_t *)((uchar_t *)ip6h + ixa->ixa_ip_hdr_length); 462 icmp_update_out_mib_v6(ill, icmp6); 463 } 464 465 DTRACE_PROBE4(ip6__loopback__in__start, 466 ill_t *, ill, ill_t *, NULL, 467 ip6_t *, ip6h, mblk_t *, mp); 468 469 if (HOOKS6_INTERESTED_LOOPBACK_IN(ipst)) { 470 int error; 471 472 FW_HOOKS(ipst->ips_ip6_loopback_in_event, 473 ipst->ips_ipv6firewall_loopback_in, 474 ill, NULL, ip6h, mp, mp, 0, ipst, error); 475 476 DTRACE_PROBE1(ip6__loopback__in__end, mblk_t *, mp); 477 if (mp == NULL) 478 return (error); 479 480 /* 481 * Even if the destination was changed by the filter we use the 482 * forwarding decision that was made based on the address 483 * in ip_output/ip_set_destination. 484 */ 485 /* Length could be different */ 486 ip6h = (ip6_t *)mp->b_rptr; 487 pktlen = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 488 } 489 490 DTRACE_IP7(receive, mblk_t *, mp, conn_t *, NULL, void_ip_t *, 491 ip6h, __dtrace_ipsr_ill_t *, ill, ipha_t *, NULL, ip6_t *, ip6h, 492 int, 1); 493 494 /* Map ixa to ira including IPsec policies */ 495 ipsec_out_to_in(ixa, ill, &iras); 496 iras.ira_pktlen = pktlen; 497 498 ire->ire_ib_pkt_count++; 499 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCInReceives); 500 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCInOctets, pktlen); 501 502 /* Destined to ire_zoneid - use that for fanout */ 503 iras.ira_zoneid = ire->ire_zoneid; 504 505 if (is_system_labeled()) { 506 iras.ira_flags |= IRAF_SYSTEM_LABELED; 507 508 /* 509 * This updates ira_cred, ira_tsl and ira_free_flags based 510 * on the label. We don't expect this to ever fail for 511 * loopback packets, so we silently drop the packet should it 512 * fail. 513 */ 514 if (!tsol_get_pkt_label(mp, IPV6_VERSION, &iras)) { 515 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 516 ip_drop_input("tsol_get_pkt_label", mp, ill); 517 freemsg(mp); 518 return (0); 519 } 520 ASSERT(iras.ira_tsl != NULL); 521 522 /* tsol_get_pkt_label sometimes does pullupmsg */ 523 ip6h = (ip6_t *)mp->b_rptr; 524 } 525 526 ip_fanout_v6(mp, ip6h, &iras); 527 528 /* We moved any IPsec refs from ixa to iras */ 529 ira_cleanup(&iras, B_FALSE); 530 return (0); 531 } 532 533 static void 534 multirt_check_v6(ire_t *ire, ip6_t *ip6h, ip_xmit_attr_t *ixa) 535 { 536 ip_stack_t *ipst = ixa->ixa_ipst; 537 538 /* Limit the TTL on multirt packets. Do this even if IPV6_HOPLIMIT */ 539 if (ire->ire_type & IRE_MULTICAST) { 540 if (ip6h->ip6_hops > 1) { 541 ip2dbg(("ire_send_multirt_v6: forcing multicast " 542 "multirt TTL to 1 (was %d)\n", ip6h->ip6_hops)); 543 ip6h->ip6_hops = 1; 544 } 545 ixa->ixa_flags |= IXAF_NO_TTL_CHANGE; 546 } else if ((ipst->ips_ip_multirt_ttl > 0) && 547 (ip6h->ip6_hops > ipst->ips_ip_multirt_ttl)) { 548 ip6h->ip6_hops = ipst->ips_ip_multirt_ttl; 549 /* 550 * Need to ensure we don't increase the ttl should we go through 551 * ire_send_multicast. 552 */ 553 ixa->ixa_flags |= IXAF_NO_TTL_CHANGE; 554 } 555 556 /* For IPv6 this also needs to insert a fragment header */ 557 ixa->ixa_flags |= IXAF_IPV6_ADD_FRAGHDR; 558 } 559 560 /* 561 * ire_sendfn for IRE_MULTICAST 562 * 563 * Note that we do path MTU discovery by default for IPv6 multicast. But 564 * since unconnected UDP and RAW sockets don't set IXAF_PMTU_DISCOVERY 565 * only connected sockets get this by default. 566 */ 567 int 568 ire_send_multicast_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 569 ip_xmit_attr_t *ixa, uint32_t *identp) 570 { 571 ip6_t *ip6h = (ip6_t *)iph_arg; 572 ip_stack_t *ipst = ixa->ixa_ipst; 573 ill_t *ill = ire->ire_ill; 574 iaflags_t ixaflags = ixa->ixa_flags; 575 576 /* 577 * The IRE_MULTICAST is the same whether or not multirt is in use. 578 * Hence we need special-case code. 579 */ 580 if (ixaflags & IXAF_MULTIRT_MULTICAST) 581 multirt_check_v6(ire, ip6h, ixa); 582 583 /* 584 * Check if anything in ip_input_v6 wants a copy of the transmitted 585 * packet (after IPsec and fragmentation) 586 * 587 * 1. Multicast routers always need a copy unless SO_DONTROUTE is set 588 * RSVP and the rsvp daemon is an example of a 589 * protocol and user level process that 590 * handles it's own routing. Hence, it uses the 591 * SO_DONTROUTE option to accomplish this. 592 * 2. If the sender has set IP_MULTICAST_LOOP, then we just 593 * check whether there are any receivers for the group on the ill 594 * (ignoring the zoneid). 595 * 3. If IP_MULTICAST_LOOP is not set, then we check if there are 596 * any members in other shared-IP zones. 597 * If such members exist, then we indicate that the sending zone 598 * shouldn't get a loopback copy to preserve the IP_MULTICAST_LOOP 599 * behavior. 600 * 601 * When we loopback we skip hardware checksum to make sure loopback 602 * copy is checksumed. 603 * 604 * Note that ire_ill is the upper in the case of IPMP. 605 */ 606 ixa->ixa_flags &= ~(IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM); 607 if (ipst->ips_ip_g_mrouter && ill->ill_mrouter_cnt > 0 && 608 !(ixaflags & IXAF_DONTROUTE)) { 609 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM; 610 } else if (ixaflags & IXAF_MULTICAST_LOOP) { 611 /* 612 * If this zone or any other zone has members then loopback 613 * a copy. 614 */ 615 if (ill_hasmembers_v6(ill, &ip6h->ip6_dst)) 616 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM; 617 } else if (ipst->ips_netstack->netstack_numzones > 1) { 618 /* 619 * This zone should not have a copy. But there are some other 620 * zones which might have members. 621 */ 622 if (ill_hasmembers_otherzones_v6(ill, &ip6h->ip6_dst, 623 ixa->ixa_zoneid)) { 624 ixa->ixa_flags |= IXAF_NO_LOOP_ZONEID_SET; 625 ixa->ixa_no_loop_zoneid = ixa->ixa_zoneid; 626 ixa->ixa_flags |= IXAF_LOOPBACK_COPY | IXAF_NO_HW_CKSUM; 627 } 628 } 629 630 /* 631 * Unless IPV6_HOPLIMIT or ire_send_multirt_v6 already set a ttl, 632 * force the ttl to the IP_MULTICAST_TTL value 633 */ 634 if (!(ixaflags & IXAF_NO_TTL_CHANGE)) { 635 ip6h->ip6_hops = ixa->ixa_multicast_ttl; 636 } 637 638 return (ire_send_wire_v6(ire, mp, ip6h, ixa, identp)); 639 } 640 641 /* 642 * ire_sendfn for IREs with RTF_MULTIRT 643 */ 644 int 645 ire_send_multirt_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 646 ip_xmit_attr_t *ixa, uint32_t *identp) 647 { 648 ip6_t *ip6h = (ip6_t *)iph_arg; 649 650 multirt_check_v6(ire, ip6h, ixa); 651 652 if (ire->ire_type & IRE_MULTICAST) 653 return (ire_send_multicast_v6(ire, mp, ip6h, ixa, identp)); 654 else 655 return (ire_send_wire_v6(ire, mp, ip6h, ixa, identp)); 656 } 657 658 /* 659 * ire_sendfn for IREs with RTF_REJECT/RTF_BLACKHOLE, including IRE_NOROUTE 660 */ 661 /* ARGSUSED4 */ 662 int 663 ire_send_noroute_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 664 ip_xmit_attr_t *ixa, uint32_t *identp) 665 { 666 ip6_t *ip6h = (ip6_t *)iph_arg; 667 ip_stack_t *ipst = ixa->ixa_ipst; 668 ill_t *ill; 669 ip_recv_attr_t iras; 670 boolean_t dummy; 671 672 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutNoRoutes); 673 674 if (ire->ire_type & IRE_NOROUTE) { 675 /* A lack of a route as opposed to RTF_REJECT|BLACKHOLE */ 676 ip_rts_change_v6(RTM_MISS, &ip6h->ip6_dst, 0, 0, 0, 0, 0, 0, 677 RTA_DST, ipst); 678 } 679 680 if (ire->ire_flags & RTF_BLACKHOLE) { 681 ip_drop_output("ipIfStatsOutNoRoutes RTF_BLACKHOLE", mp, NULL); 682 freemsg(mp); 683 /* No error even for local senders - silent blackhole */ 684 return (0); 685 } 686 ip_drop_output("ipIfStatsOutNoRoutes RTF_REJECT", mp, NULL); 687 688 /* 689 * We need an ill_t for the ip_recv_attr_t even though this packet 690 * was never received and icmp_unreachable doesn't currently use 691 * ira_ill. 692 */ 693 ill = ill_lookup_on_name("lo0", B_FALSE, 694 !(ixa->ixa_flags & IRAF_IS_IPV4), &dummy, ipst); 695 if (ill == NULL) { 696 freemsg(mp); 697 return (EHOSTUNREACH); 698 } 699 700 bzero(&iras, sizeof (iras)); 701 /* Map ixa to ira including IPsec policies */ 702 ipsec_out_to_in(ixa, ill, &iras); 703 704 icmp_unreachable_v6(mp, ICMP6_DST_UNREACH_NOROUTE, B_FALSE, &iras); 705 /* We moved any IPsec refs from ixa to iras */ 706 ira_cleanup(&iras, B_FALSE); 707 708 ill_refrele(ill); 709 return (EHOSTUNREACH); 710 } 711 712 /* 713 * Calculate a checksum ignoring any hardware capabilities 714 * 715 * Returns B_FALSE if the packet was too short for the checksum. Caller 716 * should free and do stats. 717 */ 718 static boolean_t 719 ip_output_sw_cksum_v6(mblk_t *mp, ip6_t *ip6h, ip_xmit_attr_t *ixa) 720 { 721 ip_stack_t *ipst = ixa->ixa_ipst; 722 uint_t pktlen = ixa->ixa_pktlen; 723 uint16_t *cksump; 724 uint32_t cksum; 725 uint8_t protocol = ixa->ixa_protocol; 726 uint16_t ip_hdr_length = ixa->ixa_ip_hdr_length; 727 728 #define iphs ((uint16_t *)ip6h) 729 730 /* Just in case it contained garbage */ 731 DB_CKSUMFLAGS(mp) &= ~HCK_FLAGS; 732 733 /* 734 * Calculate ULP checksum 735 */ 736 if (protocol == IPPROTO_TCP) { 737 cksump = IPH_TCPH_CHECKSUMP(ip6h, ip_hdr_length); 738 cksum = IP_TCP_CSUM_COMP; 739 } else if (protocol == IPPROTO_UDP) { 740 cksump = IPH_UDPH_CHECKSUMP(ip6h, ip_hdr_length); 741 cksum = IP_UDP_CSUM_COMP; 742 } else if (protocol == IPPROTO_SCTP) { 743 sctp_hdr_t *sctph; 744 745 ASSERT(MBLKL(mp) >= (ip_hdr_length + sizeof (*sctph))); 746 sctph = (sctp_hdr_t *)(mp->b_rptr + ip_hdr_length); 747 /* 748 * Zero out the checksum field to ensure proper 749 * checksum calculation. 750 */ 751 sctph->sh_chksum = 0; 752 #ifdef DEBUG 753 if (!skip_sctp_cksum) 754 #endif 755 sctph->sh_chksum = sctp_cksum(mp, ip_hdr_length); 756 return (B_TRUE); 757 } else if (ixa->ixa_flags & IXAF_SET_RAW_CKSUM) { 758 /* 759 * icmp has placed length and routing 760 * header adjustment in the checksum field. 761 */ 762 cksump = (uint16_t *)(((uint8_t *)ip6h) + ip_hdr_length + 763 ixa->ixa_raw_cksum_offset); 764 cksum = htons(protocol); 765 } else if (protocol == IPPROTO_ICMPV6) { 766 cksump = IPH_ICMPV6_CHECKSUMP(ip6h, ip_hdr_length); 767 cksum = IP_ICMPV6_CSUM_COMP; /* Pseudo-header cksum */ 768 } else { 769 return (B_TRUE); 770 } 771 772 /* ULP puts the checksum field is in the first mblk */ 773 ASSERT(((uchar_t *)cksump) + sizeof (uint16_t) <= mp->b_wptr); 774 775 /* 776 * We accumulate the pseudo header checksum in cksum. 777 * This is pretty hairy code, so watch close. One 778 * thing to keep in mind is that UDP and TCP have 779 * stored their respective datagram lengths in their 780 * checksum fields. This lines things up real nice. 781 */ 782 cksum += iphs[4] + iphs[5] + iphs[6] + iphs[7] + 783 iphs[8] + iphs[9] + iphs[10] + iphs[11] + 784 iphs[12] + iphs[13] + iphs[14] + iphs[15] + 785 iphs[16] + iphs[17] + iphs[18] + iphs[19]; 786 cksum = IP_CSUM(mp, ip_hdr_length, cksum); 787 788 /* 789 * For UDP/IPv6 a zero UDP checksum is not allowed. 790 * Change to 0xffff 791 */ 792 if (protocol == IPPROTO_UDP && cksum == 0) 793 *cksump = ~cksum; 794 else 795 *cksump = cksum; 796 797 IP6_STAT(ipst, ip6_out_sw_cksum); 798 IP6_STAT_UPDATE(ipst, ip6_out_sw_cksum_bytes, pktlen); 799 800 /* No IP header checksum for IPv6 */ 801 802 return (B_TRUE); 803 #undef iphs 804 } 805 806 /* There are drivers that can't do partial checksum for ICMPv6 */ 807 int nxge_cksum_workaround = 1; 808 809 /* 810 * Calculate the ULP checksum - try to use hardware. 811 * In the case of MULTIRT or multicast the 812 * IXAF_NO_HW_CKSUM is set in which case we use software. 813 * 814 * Returns B_FALSE if the packet was too short for the checksum. Caller 815 * should free and do stats. 816 */ 817 static boolean_t 818 ip_output_cksum_v6(iaflags_t ixaflags, mblk_t *mp, ip6_t *ip6h, 819 ip_xmit_attr_t *ixa, ill_t *ill) 820 { 821 uint_t pktlen = ixa->ixa_pktlen; 822 uint16_t *cksump; 823 uint16_t hck_flags; 824 uint32_t cksum; 825 uint8_t protocol = ixa->ixa_protocol; 826 uint16_t ip_hdr_length = ixa->ixa_ip_hdr_length; 827 828 #define iphs ((uint16_t *)ip6h) 829 830 if ((ixaflags & IXAF_NO_HW_CKSUM) || !ILL_HCKSUM_CAPABLE(ill) || 831 !dohwcksum) { 832 return (ip_output_sw_cksum_v6(mp, ip6h, ixa)); 833 } 834 835 /* 836 * Calculate ULP checksum. Note that we don't use cksump and cksum 837 * if the ill has FULL support. 838 */ 839 if (protocol == IPPROTO_TCP) { 840 cksump = IPH_TCPH_CHECKSUMP(ip6h, ip_hdr_length); 841 cksum = IP_TCP_CSUM_COMP; /* Pseudo-header cksum */ 842 } else if (protocol == IPPROTO_UDP) { 843 cksump = IPH_UDPH_CHECKSUMP(ip6h, ip_hdr_length); 844 cksum = IP_UDP_CSUM_COMP; /* Pseudo-header cksum */ 845 } else if (protocol == IPPROTO_SCTP) { 846 sctp_hdr_t *sctph; 847 848 ASSERT(MBLKL(mp) >= (ip_hdr_length + sizeof (*sctph))); 849 sctph = (sctp_hdr_t *)(mp->b_rptr + ip_hdr_length); 850 /* 851 * Zero out the checksum field to ensure proper 852 * checksum calculation. 853 */ 854 sctph->sh_chksum = 0; 855 #ifdef DEBUG 856 if (!skip_sctp_cksum) 857 #endif 858 sctph->sh_chksum = sctp_cksum(mp, ip_hdr_length); 859 goto ip_hdr_cksum; 860 } else if (ixa->ixa_flags & IXAF_SET_RAW_CKSUM) { 861 /* 862 * icmp has placed length and routing 863 * header adjustment in the checksum field. 864 */ 865 cksump = (uint16_t *)(((uint8_t *)ip6h) + ip_hdr_length + 866 ixa->ixa_raw_cksum_offset); 867 cksum = htons(protocol); 868 } else if (protocol == IPPROTO_ICMPV6) { 869 cksump = IPH_ICMPV6_CHECKSUMP(ip6h, ip_hdr_length); 870 cksum = IP_ICMPV6_CSUM_COMP; /* Pseudo-header cksum */ 871 } else { 872 ip_hdr_cksum: 873 /* No IP header checksum for IPv6 */ 874 return (B_TRUE); 875 } 876 877 /* ULP puts the checksum field is in the first mblk */ 878 ASSERT(((uchar_t *)cksump) + sizeof (uint16_t) <= mp->b_wptr); 879 880 /* 881 * Underlying interface supports hardware checksum offload for 882 * the payload; leave the payload checksum for the hardware to 883 * calculate. N.B: We only need to set up checksum info on the 884 * first mblk. 885 */ 886 hck_flags = ill->ill_hcksum_capab->ill_hcksum_txflags; 887 888 DB_CKSUMFLAGS(mp) &= ~HCK_FLAGS; 889 if (hck_flags & HCKSUM_INET_FULL_V6) { 890 /* 891 * Hardware calculates pseudo-header, header and the 892 * payload checksums, so clear the checksum field in 893 * the protocol header. 894 */ 895 *cksump = 0; 896 DB_CKSUMFLAGS(mp) |= HCK_FULLCKSUM; 897 return (B_TRUE); 898 } 899 if (((hck_flags) & HCKSUM_INET_PARTIAL) && 900 (protocol != IPPROTO_ICMPV6 || !nxge_cksum_workaround)) { 901 /* 902 * Partial checksum offload has been enabled. Fill 903 * the checksum field in the protocol header with the 904 * pseudo-header checksum value. 905 * 906 * We accumulate the pseudo header checksum in cksum. 907 * This is pretty hairy code, so watch close. One 908 * thing to keep in mind is that UDP and TCP have 909 * stored their respective datagram lengths in their 910 * checksum fields. This lines things up real nice. 911 */ 912 cksum += iphs[4] + iphs[5] + iphs[6] + iphs[7] + 913 iphs[8] + iphs[9] + iphs[10] + iphs[11] + 914 iphs[12] + iphs[13] + iphs[14] + iphs[15] + 915 iphs[16] + iphs[17] + iphs[18] + iphs[19]; 916 cksum += *(cksump); 917 cksum = (cksum & 0xFFFF) + (cksum >> 16); 918 *(cksump) = (cksum & 0xFFFF) + (cksum >> 16); 919 920 /* 921 * Offsets are relative to beginning of IP header. 922 */ 923 DB_CKSUMSTART(mp) = ip_hdr_length; 924 DB_CKSUMSTUFF(mp) = (uint8_t *)cksump - (uint8_t *)ip6h; 925 DB_CKSUMEND(mp) = pktlen; 926 DB_CKSUMFLAGS(mp) |= HCK_PARTIALCKSUM; 927 return (B_TRUE); 928 } 929 /* Hardware capabilities include neither full nor partial IPv6 */ 930 return (ip_output_sw_cksum_v6(mp, ip6h, ixa)); 931 #undef iphs 932 } 933 934 /* 935 * ire_sendfn for offlink and onlink destinations. 936 * Also called from the multicast, and multirt send functions. 937 * 938 * Assumes that the caller has a hold on the ire. 939 * 940 * This function doesn't care if the IRE just became condemned since that 941 * can happen at any time. 942 */ 943 /* ARGSUSED */ 944 int 945 ire_send_wire_v6(ire_t *ire, mblk_t *mp, void *iph_arg, 946 ip_xmit_attr_t *ixa, uint32_t *identp) 947 { 948 ip_stack_t *ipst = ixa->ixa_ipst; 949 ip6_t *ip6h = (ip6_t *)iph_arg; 950 iaflags_t ixaflags = ixa->ixa_flags; 951 ill_t *ill; 952 uint32_t pktlen = ixa->ixa_pktlen; 953 954 ASSERT(ixa->ixa_nce != NULL); 955 ill = ixa->ixa_nce->nce_ill; 956 957 /* 958 * Update output mib stats. Note that we can't move into the icmp 959 * sender (icmp_output etc) since they don't know the ill and the 960 * stats are per ill. 961 * 962 * With IPMP we record the stats on the upper ill. 963 */ 964 if (ixa->ixa_protocol == IPPROTO_ICMPV6) { 965 icmp6_t *icmp6; 966 967 icmp6 = (icmp6_t *)((uchar_t *)ip6h + ixa->ixa_ip_hdr_length); 968 icmp_update_out_mib_v6(ixa->ixa_nce->nce_common->ncec_ill, 969 icmp6); 970 } 971 972 if (ixaflags & IXAF_DONTROUTE) 973 ip6h->ip6_hops = 1; 974 975 /* 976 * This might set b_band, thus the IPsec and fragmentation 977 * code in IP ensures that b_band is updated in the first mblk. 978 */ 979 if (IPP_ENABLED(IPP_LOCAL_OUT, ipst)) { 980 /* ip_process translates an IS_UNDER_IPMP */ 981 mp = ip_process(IPP_LOCAL_OUT, mp, ill, ill); 982 if (mp == NULL) { 983 /* ip_drop_packet and MIB done */ 984 return (0); /* Might just be delayed */ 985 } 986 } 987 988 /* 989 * To handle IPsec/iptun's labeling needs we need to tag packets 990 * while we still have ixa_tsl 991 */ 992 if (is_system_labeled() && ixa->ixa_tsl != NULL && 993 (ill->ill_mactype == DL_6TO4 || ill->ill_mactype == DL_IPV4 || 994 ill->ill_mactype == DL_IPV6)) { 995 cred_t *newcr; 996 997 newcr = copycred_from_tslabel(ixa->ixa_cred, ixa->ixa_tsl, 998 KM_NOSLEEP); 999 if (newcr == NULL) { 1000 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1001 ip_drop_output("ipIfStatsOutDiscards - newcr", 1002 mp, ill); 1003 freemsg(mp); 1004 return (ENOBUFS); 1005 } 1006 mblk_setcred(mp, newcr, NOPID); 1007 crfree(newcr); /* mblk_setcred did its own crhold */ 1008 } 1009 1010 /* 1011 * IXAF_IPV6_ADD_FRAGHDR is set for CGTP so that we will add a 1012 * fragment header without fragmenting. CGTP on the receiver will 1013 * filter duplicates on the ident field. 1014 */ 1015 if (pktlen > ixa->ixa_fragsize || 1016 (ixaflags & (IXAF_IPSEC_SECURE|IXAF_IPV6_ADD_FRAGHDR))) { 1017 uint32_t ident; 1018 1019 if (ixaflags & IXAF_IPSEC_SECURE) 1020 pktlen += ipsec_out_extra_length(ixa); 1021 1022 if (pktlen > IP_MAXPACKET) 1023 return (EMSGSIZE); 1024 1025 if (ixaflags & IXAF_SET_ULP_CKSUM) { 1026 /* 1027 * Compute ULP checksum using software 1028 */ 1029 if (!ip_output_sw_cksum_v6(mp, ip6h, ixa)) { 1030 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1031 ip_drop_output("ipIfStatsOutDiscards", mp, ill); 1032 freemsg(mp); 1033 return (EINVAL); 1034 } 1035 /* Avoid checksum again below if we only add fraghdr */ 1036 ixaflags &= ~IXAF_SET_ULP_CKSUM; 1037 } 1038 1039 /* 1040 * If we need a fragment header, pick the ident and insert 1041 * the header before IPsec to we have a place to store 1042 * the ident value. 1043 */ 1044 if ((ixaflags & IXAF_IPV6_ADD_FRAGHDR) || 1045 pktlen > ixa->ixa_fragsize) { 1046 /* 1047 * If this packet would generate a icmp_frag_needed 1048 * message, we need to handle it before we do the IPsec 1049 * processing. Otherwise, we need to strip the IPsec 1050 * headers before we send up the message to the ULPs 1051 * which becomes messy and difficult. 1052 */ 1053 if ((pktlen > ixa->ixa_fragsize) && 1054 (ixaflags & IXAF_DONTFRAG)) { 1055 /* Generate ICMP and return error */ 1056 ip_recv_attr_t iras; 1057 1058 DTRACE_PROBE4(ip6__fragsize__fail, 1059 uint_t, pktlen, uint_t, ixa->ixa_fragsize, 1060 uint_t, ixa->ixa_pktlen, 1061 uint_t, ixa->ixa_pmtu); 1062 1063 bzero(&iras, sizeof (iras)); 1064 /* Map ixa to ira including IPsec policies */ 1065 ipsec_out_to_in(ixa, ill, &iras); 1066 1067 ip_drop_output("ICMP6_PKT_TOO_BIG", mp, ill); 1068 icmp_pkt2big_v6(mp, ixa->ixa_fragsize, B_TRUE, 1069 &iras); 1070 /* We moved any IPsec refs from ixa to iras */ 1071 ira_cleanup(&iras, B_FALSE); 1072 return (EMSGSIZE); 1073 } 1074 DTRACE_PROBE4(ip6__fragsize__ok, uint_t, pktlen, 1075 uint_t, ixa->ixa_fragsize, uint_t, ixa->ixa_pktlen, 1076 uint_t, ixa->ixa_pmtu); 1077 /* 1078 * Assign an ident value for this packet. There could 1079 * be other threads targeting the same destination, so 1080 * we have to arrange for a atomic increment. 1081 * Normally ixa_extra_ident is 0, but in the case of 1082 * LSO it will be the number of TCP segments that the 1083 * driver/hardware will extraly construct. 1084 * 1085 * Note that cl_inet_ipident has only been used for 1086 * IPv4. We don't use it here. 1087 */ 1088 ident = atomic_add_32_nv(identp, ixa->ixa_extra_ident + 1089 1); 1090 ixa->ixa_ident = ident; /* In case we do IPsec */ 1091 } 1092 if (ixaflags & IXAF_IPSEC_SECURE) { 1093 /* 1094 * Pass in sufficient information so that 1095 * IPsec can determine whether to fragment, and 1096 * which function to call after fragmentation. 1097 */ 1098 return (ipsec_out_process(mp, ixa)); 1099 } 1100 1101 mp = ip_fraghdr_add_v6(mp, ident, ixa); 1102 if (mp == NULL) { 1103 /* MIB and ip_drop_output already done */ 1104 return (ENOMEM); 1105 } 1106 ASSERT(pktlen == ixa->ixa_pktlen); 1107 pktlen += sizeof (ip6_frag_t); 1108 1109 if (pktlen > ixa->ixa_fragsize) { 1110 return (ip_fragment_v6(mp, ixa->ixa_nce, ixaflags, 1111 pktlen, ixa->ixa_fragsize, 1112 ixa->ixa_xmit_hint, ixa->ixa_zoneid, 1113 ixa->ixa_no_loop_zoneid, ixa->ixa_postfragfn, 1114 &ixa->ixa_cookie)); 1115 } 1116 } 1117 if (ixaflags & IXAF_SET_ULP_CKSUM) { 1118 /* Compute ULP checksum and IP header checksum */ 1119 /* An IS_UNDER_IPMP ill is ok here */ 1120 if (!ip_output_cksum_v6(ixaflags, mp, ip6h, ixa, ill)) { 1121 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1122 ip_drop_output("ipIfStatsOutDiscards", mp, ill); 1123 freemsg(mp); 1124 return (EINVAL); 1125 } 1126 } 1127 return ((ixa->ixa_postfragfn)(mp, ixa->ixa_nce, ixaflags, 1128 pktlen, ixa->ixa_xmit_hint, ixa->ixa_zoneid, 1129 ixa->ixa_no_loop_zoneid, &ixa->ixa_cookie)); 1130 } 1131 1132 /* 1133 * Post fragmentation function for RTF_MULTIRT routes. 1134 * Since IRE_MULTICASTs might have RTF_MULTIRT, this function 1135 * checks IXAF_LOOPBACK_COPY. 1136 * 1137 * If no packet is sent due to failures then we return an errno, but if at 1138 * least one succeeded we return zero. 1139 */ 1140 int 1141 ip_postfrag_multirt_v6(mblk_t *mp, nce_t *nce, iaflags_t ixaflags, 1142 uint_t pkt_len, uint32_t xmit_hint, zoneid_t szone, zoneid_t nolzid, 1143 uintptr_t *ixacookie) 1144 { 1145 irb_t *irb; 1146 ip6_t *ip6h = (ip6_t *)mp->b_rptr; 1147 ire_t *ire; 1148 ire_t *ire1; 1149 mblk_t *mp1; 1150 nce_t *nce1; 1151 ill_t *ill = nce->nce_ill; 1152 ill_t *ill1; 1153 ip_stack_t *ipst = ill->ill_ipst; 1154 int error = 0; 1155 int num_sent = 0; 1156 int err; 1157 uint_t ire_type; 1158 in6_addr_t nexthop; 1159 1160 ASSERT(!(ixaflags & IXAF_IS_IPV4)); 1161 1162 /* Check for IXAF_LOOPBACK_COPY */ 1163 if (ixaflags & IXAF_LOOPBACK_COPY) { 1164 mblk_t *mp1; 1165 1166 mp1 = copymsg(mp); 1167 if (mp1 == NULL) { 1168 /* Failed to deliver the loopback copy. */ 1169 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1170 ip_drop_output("ipIfStatsOutDiscards", mp, ill); 1171 error = ENOBUFS; 1172 } else { 1173 ip_postfrag_loopback(mp1, nce, ixaflags, pkt_len, 1174 nolzid); 1175 } 1176 } 1177 1178 /* 1179 * Loop over RTF_MULTIRT for ip6_dst in the same bucket. Send 1180 * a copy to each one. 1181 * Use the nce (nexthop) and ip6_dst to find the ire. 1182 * 1183 * MULTIRT is not designed to work with shared-IP zones thus we don't 1184 * need to pass a zoneid or a label to the IRE lookup. 1185 */ 1186 if (IN6_ARE_ADDR_EQUAL(&nce->nce_addr, &ip6h->ip6_dst)) { 1187 /* Broadcast and multicast case */ 1188 ire = ire_ftable_lookup_v6(&ip6h->ip6_dst, 0, 0, 0, NULL, 1189 ALL_ZONES, NULL, MATCH_IRE_DSTONLY, 0, ipst, NULL); 1190 } else { 1191 /* Unicast case */ 1192 ire = ire_ftable_lookup_v6(&ip6h->ip6_dst, 0, &nce->nce_addr, 1193 0, NULL, ALL_ZONES, NULL, MATCH_IRE_GW, 0, ipst, NULL); 1194 } 1195 1196 if (ire == NULL || 1197 (ire->ire_flags & (RTF_REJECT|RTF_BLACKHOLE)) || 1198 !(ire->ire_flags & RTF_MULTIRT)) { 1199 /* Drop */ 1200 ip_drop_output("ip_postfrag_multirt didn't find route", 1201 mp, nce->nce_ill); 1202 if (ire != NULL) 1203 ire_refrele(ire); 1204 return (ENETUNREACH); 1205 } 1206 1207 irb = ire->ire_bucket; 1208 irb_refhold(irb); 1209 for (ire1 = irb->irb_ire; ire1 != NULL; ire1 = ire1->ire_next) { 1210 if (IRE_IS_CONDEMNED(ire1) || 1211 !(ire1->ire_flags & RTF_MULTIRT)) 1212 continue; 1213 1214 /* Note: When IPv6 uses radix tree we don't need this check */ 1215 if (!IN6_ARE_ADDR_EQUAL(&ire->ire_addr_v6, &ire1->ire_addr_v6)) 1216 continue; 1217 1218 /* Do the ire argument one after the loop */ 1219 if (ire1 == ire) 1220 continue; 1221 1222 ill1 = ire_nexthop_ill(ire1); 1223 if (ill1 == NULL) { 1224 /* 1225 * This ire might not have been picked by 1226 * ire_route_recursive, in which case ire_dep might 1227 * not have been setup yet. 1228 * We kick ire_route_recursive to try to resolve 1229 * starting at ire1. 1230 */ 1231 ire_t *ire2; 1232 uint_t match_flags = MATCH_IRE_DSTONLY; 1233 1234 if (ire1->ire_ill != NULL) 1235 match_flags |= MATCH_IRE_ILL; 1236 ire2 = ire_route_recursive_impl_v6(ire1, 1237 &ire1->ire_addr_v6, ire1->ire_type, ire1->ire_ill, 1238 ire1->ire_zoneid, NULL, match_flags, 1239 IRR_ALLOCATE, 0, ipst, NULL, NULL, NULL); 1240 if (ire2 != NULL) 1241 ire_refrele(ire2); 1242 ill1 = ire_nexthop_ill(ire1); 1243 } 1244 if (ill1 == NULL) { 1245 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1246 ip_drop_output("ipIfStatsOutDiscards - no ill", 1247 mp, ill); 1248 error = ENETUNREACH; 1249 continue; 1250 } 1251 /* Pick the addr and type to use for ndp_nce_init */ 1252 if (nce->nce_common->ncec_flags & NCE_F_MCAST) { 1253 ire_type = IRE_MULTICAST; 1254 nexthop = ip6h->ip6_dst; 1255 } else { 1256 ire_type = ire1->ire_type; /* Doesn't matter */ 1257 nexthop = ire1->ire_gateway_addr_v6; 1258 } 1259 1260 /* If IPMP meta or under, then we just drop */ 1261 if (ill1->ill_grp != NULL) { 1262 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards); 1263 ip_drop_output("ipIfStatsOutDiscards - IPMP", 1264 mp, ill1); 1265 ill_refrele(ill1); 1266 error = ENETUNREACH; 1267 continue; 1268 } 1269 1270 nce1 = ndp_nce_init(ill1, &nexthop, ire_type); 1271 if (nce1 == NULL) { 1272 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards); 1273 ip_drop_output("ipIfStatsOutDiscards - no nce", 1274 mp, ill1); 1275 ill_refrele(ill1); 1276 error = ENOBUFS; 1277 continue; 1278 } 1279 mp1 = copymsg(mp); 1280 if (mp1 == NULL) { 1281 BUMP_MIB(ill1->ill_ip_mib, ipIfStatsOutDiscards); 1282 ip_drop_output("ipIfStatsOutDiscards", mp, ill1); 1283 nce_refrele(nce1); 1284 ill_refrele(ill1); 1285 error = ENOBUFS; 1286 continue; 1287 } 1288 /* Preserve HW checksum for this copy */ 1289 DB_CKSUMSTART(mp1) = DB_CKSUMSTART(mp); 1290 DB_CKSUMSTUFF(mp1) = DB_CKSUMSTUFF(mp); 1291 DB_CKSUMEND(mp1) = DB_CKSUMEND(mp); 1292 DB_CKSUMFLAGS(mp1) = DB_CKSUMFLAGS(mp); 1293 DB_LSOMSS(mp1) = DB_LSOMSS(mp); 1294 1295 ire1->ire_ob_pkt_count++; 1296 err = ip_xmit(mp1, nce1, ixaflags, pkt_len, xmit_hint, szone, 1297 0, ixacookie); 1298 if (err == 0) 1299 num_sent++; 1300 else 1301 error = err; 1302 nce_refrele(nce1); 1303 ill_refrele(ill1); 1304 } 1305 irb_refrele(irb); 1306 ire_refrele(ire); 1307 /* Finally, the main one */ 1308 err = ip_xmit(mp, nce, ixaflags, pkt_len, xmit_hint, szone, 0, 1309 ixacookie); 1310 if (err == 0) 1311 num_sent++; 1312 else 1313 error = err; 1314 if (num_sent > 0) 1315 return (0); 1316 else 1317 return (error); 1318 } 1319