| blob | bb66975483fccf4032fd8e872ed517811ce09a1e |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 1990 Mentat Inc.
24 * Copyright (c) 2013 by Delphix. All rights reserved.
25 * Copyright (c) 2016, Joyent, Inc. All rights reserved.
26 * Copyright (c) 2014, OmniTI Computer Consulting, Inc. All rights reserved.
27 */
29 /*
30 * This file contains the interface control functions for IP.
31 */
33 #include <sys/types.h>
34 #include <sys/stream.h>
35 #include <sys/dlpi.h>
36 #include <sys/stropts.h>
37 #include <sys/strsun.h>
38 #include <sys/sysmacros.h>
39 #include <sys/strsubr.h>
40 #include <sys/strlog.h>
41 #include <sys/ddi.h>
42 #include <sys/sunddi.h>
43 #include <sys/cmn_err.h>
44 #include <sys/kstat.h>
45 #include <sys/debug.h>
46 #include <sys/zone.h>
47 #include <sys/sunldi.h>
48 #include <sys/file.h>
49 #include <sys/bitmap.h>
50 #include <sys/cpuvar.h>
51 #include <sys/time.h>
52 #include <sys/ctype.h>
53 #include <sys/kmem.h>
54 #include <sys/systm.h>
55 #include <sys/param.h>
56 #include <sys/socket.h>
57 #include <sys/isa_defs.h>
58 #include <net/if.h>
59 #include <net/if_arp.h>
60 #include <net/if_types.h>
61 #include <net/if_dl.h>
62 #include <net/route.h>
63 #include <sys/sockio.h>
64 #include <netinet/in.h>
65 #include <netinet/ip6.h>
66 #include <netinet/icmp6.h>
67 #include <netinet/igmp_var.h>
68 #include <sys/policy.h>
69 #include <sys/ethernet.h>
70 #include <sys/callb.h>
71 #include <sys/md5.h>
74 #include <inet/mi.h>
75 #include <inet/nd.h>
76 #include <inet/tunables.h>
77 #include <inet/arp.h>
78 #include <inet/ip_arp.h>
79 #include <inet/mib2.h>
80 #include <inet/ip.h>
81 #include <inet/ip6.h>
82 #include <inet/ip6_asp.h>
83 #include <inet/tcp.h>
84 #include <inet/ip_multi.h>
85 #include <inet/ip_ire.h>
86 #include <inet/ip_ftable.h>
87 #include <inet/ip_rts.h>
88 #include <inet/ip_ndp.h>
89 #include <inet/ip_if.h>
90 #include <inet/ip_impl.h>
91 #include <inet/sctp_ip.h>
92 #include <inet/ip_netinfo.h>
93 #include <inet/ilb_ip.h>
95 #include <netinet/igmp.h>
96 #include <inet/ip_listutils.h>
97 #include <inet/ipclassifier.h>
98 #include <sys/mac_client.h>
99 #include <sys/dld.h>
100 #include <sys/mac_flow.h>
102 #include <sys/systeminfo.h>
103 #include <sys/bootconf.h>
108 /* The character which tells where the ill_name ends */
111 /* IP ioctl function table entry */
114 pfi_t ipft_pfi;
156 boolean_t isv6);
167 ip_stack_t *);
204 dl_capability_sub_t *);
208 dl_capability_sub_t *);
218 #ifdef DEBUG
221 #endif
227 /*
228 * if we go over the memory footprint limit more than once in this msec
229 * interval, we'll start pruning aggressively.
230 */
236 IPFT_F_NO_REPLY },
239 };
241 /* Simple ICMP IP Header Template */
244 };
251 ip_nodef_v6intfid },
254 ip_nodef_v6intfid },
257 ip_nodef_v6intfid },
260 ip_nodef_v6intfid },
263 ip_nodef_v6intfid },
266 ip_nodef_v6intfid },
269 ip_ipv4_v6destintfid },
272 ip_ipv6_v6destintfid },
275 ip_nodef_v6intfid },
282 ip_nodef_v6intfid }
283 };
287 /* These are used by all IP network modules. */
291 /* When set search for unused ipif_seqid */
294 /*
295 * ppa arena is created after these many
296 * interfaces have been plumbed.
297 */
300 /*
301 * Allocate per-interface mibs.
302 * Returns true if ok. False otherwise.
303 * ipsq may not yet be allocated (loopback case ).
304 */
305 static boolean_t
307 {
308 /* Already allocated? */
313 }
316 KM_NOSLEEP);
319 }
321 /* Setup static information */
349 /*
350 * For a v4 ill, we are done at this point, because per ill
351 * icmp mibs are only used for v6.
352 */
354 }
357 KM_NOSLEEP);
362 }
363 /* static icmp info */
366 /*
367 * The ipIfStatsIfindex and ipv6IfIcmpIndex will be assigned later
368 * after the phyint merge occurs in ipif_set_values -> ill_glist_insert
369 * -> ill_phyint_reinit
370 */
372 }
374 /*
375 * Completely vaporize a lower level tap and all associated interfaces.
376 * ill_delete is called only out of ip_close when the device control
377 * stream is being closed.
378 */
379 void
381 {
386 /*
387 * ill_delete may be forcibly entering the ipsq. The previous
388 * ioctl may not have completed and may need to be aborted.
389 * ipsq_flush takes care of it. If we don't need to enter the
390 * the ipsq forcibly, the 2nd invocation of ipsq_flush in
391 * ill_delete_tail is sufficient.
392 */
395 /*
396 * Nuke all interfaces. ipif_free will take down the interface,
397 * remove it from the list, and free the data structure.
398 * Walk down the ipif list and remove the logical interfaces
399 * first before removing the main ipif. We can't unplumb
400 * zeroth interface first in the case of IPv6 as update_conn_ill
401 * -> ip_ll_multireq de-references ill_ipif for checking
402 * POINTOPOINT.
403 *
404 * If ill_ipif was not properly initialized (i.e low on memory),
405 * then no interfaces to clean up. In this case just clean up the
406 * ill.
407 */
411 /*
412 * clean out all the nce_t entries that depend on this
413 * ill for the ill_phys_addr.
414 */
417 /* Clean up msgs on pending upcalls for mrouted */
422 /*
423 * Remove multicast references added as a result of calls to
424 * ip_join_allmulti().
425 */
428 /*
429 * If the ill being deleted is under IPMP, boot it out of the illgrp.
430 */
434 /*
435 * ill_down will arrange to blow off any IRE's dependent on this
436 * ILL, and shut down fragmentation reassembly.
437 */
440 /* Let SCTP know, so that it can remove this from its list. */
443 /*
444 * Walk all CONNs that can have a reference on an ire or nce for this
445 * ill (we actually walk all that now have stale references).
446 */
449 /* With IPv6 we have dce_ifindex. Cleanup for neatness */
453 /*
454 * If an address on this ILL is being used as a source address then
455 * clear out the pointers in other ILLs that point to this ILL.
456 */
465 }
466 }
468 }
470 static void
472 {
479 }
481 }
483 /*
484 * ill_delete_tail is called from ip_modclose after all references
485 * to the closing ill are gone. The wait is done in ip_modclose
486 */
487 void
489 {
497 }
501 /*
502 * If polling capability is enabled (which signifies direct
503 * upcall into IP and driver has ill saved as a handle),
504 * we need to make sure that unbind has completed before we
505 * let the ill disappear and driver no longer has any reference
506 * to this ill.
507 */
518 /*
519 * We do an ipsq_flush once again now. New messages could have
520 * landed up from below (M_ERROR or M_HANGUP). Similarly ioctls
521 * could also have landed up if an ioctl thread had looked up
522 * the ill before we set the ILL_CONDEMNED flag, but not yet
523 * enqueued the ioctl when we did the ipsq_flush last time.
524 */
527 /*
528 * Free capabilities.
529 */
533 }
539 }
544 }
549 }
551 /* Clean up ill_allowed_ips* related state */
558 }
563 /*
564 * We have removed all references to ilm from conn and the ones joined
565 * within the kernel.
566 *
567 * We don't walk conns, mrts and ires because
568 *
569 * 1) update_conn_ill and reset_mrt_ill cleans up conns and mrts.
570 * 2) ill_down ->ill_downi walks all the ires and cleans up
571 * ill references.
572 */
574 /*
575 * If this ill is an IPMP meta-interface, blow away the illgrp. This
576 * is safe to do because the illgrp has already been unlinked from the
577 * group by I_PUNLINK, and thus SIOCSLIFGROUPNAME cannot find it.
578 */
582 }
593 }
594 }
595 /*
596 * Take us out of the list of ILLs. ill_glist_delete -> phyint_free
597 * could free the phyint. No more reference to the phyint after this
598 * point.
599 */
603 uint_t count;
607 }
611 }
614 /* Free all retained control messages. */
626 }
628 }
633 #ifdef DEBUG
635 #endif
637 /* The default multicast interface might have changed */
640 /* Drop refcnt here */
643 }
645 static void
647 {
650 /*
651 * MIB statistics must not be lost, so when an interface
652 * goes away the counter values will be added to the global
653 * MIBs.
654 */
662 }
666 }
672 }
673 }
675 /*
676 * Concatenate together a physical address and a sap.
677 *
678 * Sap_lengths are interpreted as follows:
679 * sap_length == 0 ==> no sap
680 * sap_length > 0 ==> sap is at the head of the dlpi address
681 * sap_length < 0 ==> sap is at the tail of the dlpi address
682 */
683 static void
686 {
692 else
697 else
704 else
706 }
707 }
709 /*
710 * Generate a dl_unitdata_req mblk for the device and address given.
711 * addr_length is the length of the physical portion of the address.
712 * If addr is NULL include an all zero address of the specified length.
713 * TRUE? In any case, addr_length is taken to be the entire length of the
714 * dlpi address, including the absolute value of sap_length.
715 */
716 mblk_t *
718 t_scalar_t sap_length)
719 {
726 DL_UNITDATA_REQ);
730 /* HACK: accomodate incompatible DLPI drivers */
740 }
742 /*
743 * Add the pending mp to the list. There can be only 1 pending mp
744 * in the list. Any exclusive ioctl that needs to wait for a response
745 * from another module or driver needs to use this function to set
746 * the ipx_pending_mp to the ioctl mblk and wait for the response from
747 * the other module/driver. This is also used while waiting for the
748 * ipif/ill/ire refcnts to drop to zero in bringing down an ipif.
749 */
750 boolean_t
753 {
760 /*
761 * The caller may be using a different ipif than the one passed into
762 * ipsq_current_start() (e.g., suppose an ioctl that came in on the V4
763 * ill needs to wait for the V6 ill to quiesce). So we can't ASSERT
764 * that `ipx_current_ipif == ipif'.
765 */
768 /*
769 * M_IOCDATA from ioctls, M_ERROR/M_HANGUP/M_PROTO/M_PCPROTO from the
770 * driver.
771 */
778 /*
779 * Return error if the conn has started closing. The conn
780 * could have finished cleaning up the pending mp list,
781 * If so we should not add another mp to the list negating
782 * the cleanup.
783 */
786 }
789 /*
790 * Note down the queue in b_queue. This will be returned by
791 * ipsq_pending_mp_get. Caller will then use these values to restart
792 * the processing
793 */
804 }
806 /*
807 * Retrieve the ipx_pending_mp and return it. There can be only 1 mp
808 * queued in the list.
809 */
810 mblk_t *
812 {
821 }
823 /* There can be only 1 such excl message */
832 /*
833 * This mp did a refhold on the conn, at the start of the ioctl.
834 * So we can safely return a pointer to the conn to the caller.
835 */
839 }
843 }
845 /*
846 * Cleanup the ioctl mp queued in ipx_pending_mp
847 * - Called in the ill_delete path
848 * - Called in the M_ERROR or M_HANGUP path on the ill.
849 * - Called in the conn close path.
850 *
851 * Returns success on finding the pending mblk associated with the ioctl or
852 * exclusive operation in progress, failure otherwise.
853 */
854 boolean_t
856 {
870 /*
871 * Nothing to clean since the conn that is closing
872 * does not have a matching pending mblk in
873 * ipx_pending_mp.
874 */
877 }
879 /*
880 * A non-zero ill_error signifies we are called in the
881 * M_ERROR or M_HANGUP path and we need to unconditionally
882 * abort any current ioctl and do the corresponding cleanup.
883 * A zero ill_error means we are in the ill_delete path and
884 * we do the cleanup only if there is a pending mp.
885 */
889 }
890 }
892 /* Now remove from the ipx_pending_mp */
923 }
926 }
928 }
930 /*
931 * Called in the conn close path and ill delete path
932 */
933 static void
935 {
946 else
949 /*
950 * In the case of lo0 being unplumbed, ill_wq will be NULL. Guard
951 * against this here.
952 */
957 /*
958 * Cleanup the ioctl mp's queued in ipsq_xopq_pending_mp if any.
959 * In the case of ioctl from a conn, there can be only 1 mp
960 * queued on the ipsq. If an ill is being unplumbed flush all
961 * the messages.
962 */
969 /* Unlink the mblk from the pending mp list */
975 }
978 /*
979 * Create a temporary list and release the ipsq lock
980 * New elements are added to the head of the tmp_list
981 */
986 }
987 }
1004 /*
1005 * IP-MT XXX In the case of TLI/XTI bind / optmgmt
1006 * this can't be just inet_freemsg. we have to
1007 * restart it otherwise the thread will be stuck.
1008 */
1010 }
1011 }
1012 }
1014 /*
1015 * This conn has started closing. Cleanup any pending ioctl from this conn.
1016 * STREAMS ensures that there can be at most 1 active ioctl on a stream.
1017 */
1018 void
1020 {
1023 boolean_t refheld;
1025 /*
1026 * Check for a queued ioctl. If the ioctl has not yet started, the mp
1027 * is pending in the list headed by ipsq_xopq_head. If the ioctl has
1028 * started the mp could be present in ipx_pending_mp. Note that if
1029 * conn_oper_pending_ill is NULL, the ioctl may still be in flight and
1030 * not yet queued anywhere. In this case, the conn close code will wait
1031 * until the conn_ref is dropped. If the stream was a tcp stream, then
1032 * tcp_close will wait first until all ioctls have completed for this
1033 * conn.
1034 */
1040 }
1042 /*
1043 * We may not be able to refhold the ill if the ill/ipif
1044 * is changing. But we need to make sure that the ill will
1045 * not vanish. So we just bump up the ill_waiter count.
1046 */
1052 /*
1053 * Check whether this ioctl has started and is
1054 * pending. If it is not found there then check
1055 * whether this ioctl has not even started and is in
1056 * the ipsq_xopq list.
1057 */
1063 }
1064 }
1066 /*
1067 * The ill is also closing and we could not bump up the
1068 * ill_waiter_count or we could not enter the ipsq. Leave
1069 * the cleanup to ill_delete
1070 */
1077 }
1079 /*
1080 * ipcl_walk function for cleaning up conn_*_ill fields.
1081 * Note that we leave ixa_multicast_ifindex, conn_incoming_ifindex, and
1082 * conn_bound_if in place. We prefer dropping
1083 * packets instead of sending them out the wrong interface, or accepting
1084 * packets from the wrong ifindex.
1085 */
1086 static void
1088 {
1097 }
1099 }
1101 static int
1103 {
1110 /*
1111 * ipif_down_tail will call arp_ll_down on the last ipif
1112 * and typically return EINPROGRESS when the DL_UNBIND is sent.
1113 */
1116 }
1118 }
1120 /* ARGSUSED */
1121 void
1123 {
1128 }
1130 /*
1131 * ill_down_start is called when we want to down this ill and bring it up again
1132 * It is called when we receive an M_ERROR / M_HANGUP. In this case we shut down
1133 * all interfaces, but don't tear down any plumbing.
1134 */
1135 boolean_t
1137 {
1142 /*
1143 * It is possible that some ioctl is already in progress while we
1144 * received the M_ERROR / M_HANGUP in which case, we need to abort
1145 * the ioctl. ill_down_start() is being processed as CUR_OP rather
1146 * than as NEW_OP since the cause of the M_ERROR / M_HANGUP may prevent
1147 * the in progress ioctl from ever completing.
1148 *
1149 * The thread that started the ioctl (if any) must have returned,
1150 * since we are now executing as writer. After the 2 calls below,
1151 * the state of the ipsq and the ill would reflect no trace of any
1152 * pending operation. Subsequently if there is any response to the
1153 * original ioctl from the driver, it would be discarded as an
1154 * unsolicited message from the driver.
1155 */
1164 /*
1165 * Walk all CONNs that can have a reference on an ire or nce for this
1166 * ill (we actually walk all that now have stale references).
1167 */
1170 /* With IPv6 we have dce_ifindex. Cleanup for neatness */
1176 /*
1177 * Atomically test and add the pending mp if references are active.
1178 */
1181 /* call cannot fail since `conn_t *' argument is NULL */
1186 }
1189 }
1191 static void
1193 {
1197 /*
1198 * Blow off any IREs dependent on this ILL.
1199 * The caller needs to handle conn_ixa_cleanup
1200 */
1205 /* Remove any conn_*_ill depending on this ill */
1208 /*
1209 * Free state for additional IREs.
1210 */
1217 }
1219 /*
1220 * ire_walk routine used to delete every IRE that depends on
1221 * 'ill'. (Always called as writer, and may only be called from ire_walk.)
1222 *
1223 * Note: since the routes added by the kernel are deleted separately,
1224 * this will only be 1) IRE_IF_CLONE and 2) manually added IRE_INTERFACE.
1225 *
1226 * We also remove references on ire_nce_cache entries that refer to the ill.
1227 */
1228 void
1230 {
1238 else
1244 /*
1245 * The existing interface binding for ire must be
1246 * deleted before trying to bind the route to another
1247 * interface. However, since we are using the contents of the
1248 * ire after ire_delete, the caller has to ensure that
1249 * CONDEMNED (deleted) ire's are not removed from the list
1250 * when ire_delete() returns. Currently ill_downi() is
1251 * only called as part of ire_walk*() routines, so that
1252 * the irb_refhold() done by ire_walk*() will ensure that
1253 * ire_delete() does not lead to ire_inactive().
1254 */
1259 }
1260 }
1262 /* Remove IRE_IF_CLONE on this ill */
1263 void
1265 {
1271 }
1273 /* Consume an M_IOCACK of the fastpath probe. */
1274 void
1276 {
1279 /*
1280 * If this was the first attempt turn on the fastpath probing.
1281 */
1287 /* Free the M_IOCACK mblk, hold on to the data */
1294 else
1297 }
1299 /*
1300 * Throw an M_IOCTL message downstream asking "do you know fastpath?"
1301 * The data portion of the request is a dl_unitdata_req_t template for
1302 * what we would send downstream in the absence of a fastpath confirmation.
1303 */
1304 int
1306 {
1316 /*
1317 * Driver NAKed the first fastpath ioctl - assume it doesn't
1318 * support it.
1319 */
1323 /* This is the first probe */
1328 }
1338 }
1347 }
1349 void
1351 {
1360 /*
1361 * We are starting a new cycle of capability negotiation.
1362 * Free up the capab reset messages of any previous incarnation.
1363 * We will do a fresh allocation when we get the response to our probe
1364 */
1368 }
1378 }
1380 void
1382 {
1392 /*
1393 * We turn off all capabilities except those pertaining to
1394 * direct function call capabilities viz. ILL_CAPAB_DLD*
1395 * which will be turned off by the corresponding reset functions.
1396 */
1398 }
1400 static void
1402 {
1414 }
1419 }
1424 }
1439 /*
1440 * Each handler fills in the corresponding dl_capability_sub_t
1441 * inside the mblk,
1442 */
1448 }
1450 static void
1452 {
1460 /*
1461 * Note: range checks here are not absolutely sufficient to
1462 * make us robust against malformed messages sent by drivers;
1463 * this is in keeping with the rest of IP's dlpi handling.
1464 * (Remember, it's coming from something else in the kernel
1465 * address space)
1466 */
1473 }
1484 }
1488 "isn't as expected; pass-thru module(s) detected, "
1491 }
1493 /* Process the encapsulated sub-capability */
1495 }
1497 static void
1499 {
1505 /*
1506 * The dl_capab_dld_t that follows the dl_capability_sub_t is not
1507 * initialized below since it is not used by DLD.
1508 */
1514 }
1516 static void
1518 {
1519 /*
1520 * If no ipif was brought up over this ill, this DL_CAPABILITY_REQ/ACK
1521 * is only to get the VRRP capability.
1522 *
1523 * Note that we cannot check ill_ipif_up_count here since
1524 * ill_ipif_up_count is only incremented when the resolver is setup.
1525 * That is done asynchronously, and can race with this function.
1526 */
1531 }
1548 }
1549 }
1551 /*
1552 * Process the vrrp capability received from a DLS Provider. isub must point
1553 * to the sub-capability (DL_CAPAB_VRRP) of a DL_CAPABILITY_ACK message.
1554 */
1555 static void
1557 {
1565 /*
1566 * Note: range checks here are not absolutely sufficient to
1567 * make us robust against malformed messages sent by drivers;
1568 * this is in keeping with the rest of IP's dlpi handling.
1569 * (Remember, it's coming from something else in the kernel
1570 * address space)
1571 */
1577 }
1580 /*
1581 * Compare the IP address family and set ILLF_VRRP for the right ill.
1582 */
1586 }
1587 }
1589 /*
1590 * Process a hardware checksum offload capability negotiation ack received
1591 * from a DLS Provider.isub must point to the sub-capability (DL_CAPAB_HCKSUM)
1592 * of a DL_CAPABILITY_ACK message.
1593 */
1594 static void
1596 {
1608 /*
1609 * Note: range checks here are not absolutely sufficient to
1610 * make us robust against malformed messages sent by drivers;
1611 * this is in keeping with the rest of IP's dlpi handling.
1612 * (Remember, it's coming from something else in the kernel
1613 * address space)
1614 */
1620 }
1622 /*
1623 * There are two types of acks we process here:
1624 * 1. acks in reply to a (first form) generic capability req
1625 * (no ENABLE flag set)
1626 * 2. acks in reply to a ENABLE capability req.
1627 * (ENABLE flag set)
1628 */
1633 "unsupported hardware checksum "
1637 }
1641 "checksum capability isn't as expected; pass-thru "
1644 }
1646 #define CURR_HCKSUM_CAPAB \
1647 (HCKSUM_INET_PARTIAL | HCKSUM_INET_FULL_V4 | \
1648 HCKSUM_INET_FULL_V6 | HCKSUM_IPHDRCKSUM)
1652 /* do ENABLE processing */
1655 KM_NOSLEEP);
1659 "could not enable hcksum version %d "
1663 }
1664 }
1673 /*
1674 * Enabling hardware checksum offload
1675 * Currently IP supports {TCP,UDP}/IPv4
1676 * partial and full cksum offload and
1677 * IPv4 header checksum offload.
1678 * Allocate new mblk which will
1679 * contain a new capability request
1680 * to enable hardware checksum offload.
1681 */
1682 uint_t size;
1693 }
1696 /* initialize dl_capability_req_t */
1705 /* initialize dl_capability_sub_t */
1709 /* initialize dl_capab_hcksum_t */
1716 /* Set ENABLE flag */
1720 /*
1721 * nmp points to a DL_CAPABILITY_REQ message to enable
1722 * hardware checksum acceleration.
1723 */
1729 }
1730 }
1732 static void
1734 {
1752 }
1754 static void
1756 {
1768 /*
1769 * Note: range checks here are not absolutely sufficient to
1770 * make us robust against malformed messages sent by drivers;
1771 * this is in keeping with the rest of IP's dlpi handling.
1772 * (Remember, it's coming from something else in the kernel
1773 * address space)
1774 */
1780 }
1785 "unsupported ZEROCOPY sub-capability (version %d, "
1787 ZEROCOPY_VERSION_1);
1789 }
1793 "capability isn't as expected; pass-thru module(s) "
1796 }
1802 KM_NOSLEEP);
1806 "could not enable Zero-copy version %d "
1810 }
1811 }
1815 ZEROCOPY_VERSION_1));
1824 uint_t size;
1836 }
1839 /* initialize dl_capability_req_t */
1846 /* initialize dl_capability_sub_t */
1850 /* initialize dl_capab_zerocopy_t */
1856 ZEROCOPY_VERSION_1));
1858 /* set VMSAFE_MEM flag */
1861 /* nmp points to a DL_CAPABILITY_REQ message to enable zcopy */
1863 }
1864 }
1866 static void
1868 {
1887 }
1889 /*
1890 * DLD capability
1891 * Refer to dld.h for more information regarding the purpose and usage
1892 * of this capability.
1893 */
1894 static void
1896 {
1905 /*
1906 * Note: range checks here are not absolutely sufficient to
1907 * make us robust against malformed messages sent by drivers;
1908 * this is in keeping with the rest of IP's dlpi handling.
1909 * (Remember, it's coming from something else in the kernel
1910 * address space)
1911 */
1917 }
1921 "unsupported DLD sub-capability (version %d, "
1923 DLD_CURRENT_VERSION);
1925 }
1928 "capability isn't as expected; pass-thru module(s) "
1931 }
1933 /*
1934 * Copy locally to ensure alignment.
1935 */
1942 "could not enable DLD version %d "
1946 }
1948 }
1955 }
1957 /*
1958 * Typically capability negotiation between IP and the driver happens via
1959 * DLPI message exchange. However GLD also offers a direct function call
1960 * mechanism to exchange the DLD_DIRECT_CAPAB and DLD_POLL_CAPAB capabilities,
1961 * But arbitrary function calls into IP or GLD are not permitted, since both
1962 * of them are protected by their own perimeter mechanism. The perimeter can
1963 * be viewed as a coarse lock or serialization mechanism. The hierarchy of
1964 * these perimeters is IP -> MAC. Thus for example to enable the squeue
1965 * polling, IP needs to enter its perimeter, then call ill_mac_perim_enter
1966 * to enter the mac perimeter and then do the direct function calls into
1967 * GLD to enable squeue polling. The ring related callbacks from the mac into
1968 * the stack to add, bind, quiesce, restart or cleanup a ring are all
1969 * protected by the mac perimeter.
1970 */
1971 static void
1973 {
1978 DLD_ENABLE);
1980 }
1982 static void
1984 {
1989 DLD_DISABLE);
1991 }
1993 boolean_t
1995 {
1999 DLD_QUERY));
2000 }
2002 static void
2004 {
2007 dld_capab_direct_t direct;
2017 DLD_ENABLE);
2028 /*
2029 * One time registration of flow enable callback function
2030 */
2039 }
2040 }
2042 static void
2044 {
2046 dld_capab_poll_t poll;
2059 DLD_ENABLE);
2067 }
2068 }
2070 /*
2071 * Enable the LSO capability.
2072 */
2073 static void
2075 {
2077 dld_capab_lso_t lso;
2084 KM_NOSLEEP);
2090 }
2091 }
2105 }
2106 }
2108 static void
2110 {
2111 mac_perim_handle_t mph;
2123 }
2126 }
2128 static void
2130 {
2133 mac_perim_handle_t mph;
2144 /*
2145 * For performance we avoid locks in the transmit data path
2146 * and don't maintain a count of the number of threads using
2147 * direct calls. Thus some threads could be using direct
2148 * transmit calls to GLD, even after the capability mechanism
2149 * turns it off. This is still safe since the handles used in
2150 * the direct calls continue to be valid until the unplumb is
2151 * completed. Remove the callback that was added (1-time) at
2152 * capab enable time.
2153 */
2162 }
2165 }
2172 }
2176 /*
2177 * Clear the capability flag for LSO but retain the
2178 * ill_lso_capab structure since it's possible that another
2179 * thread is still referring to it. The structure only gets
2180 * deallocated when we destroy the ill.
2181 */
2186 }
2190 }
2192 /*
2193 * Capability Negotiation protocol
2194 *
2195 * We don't wait for DLPI capability operations to finish during interface
2196 * bringup or teardown. Doing so would introduce more asynchrony and the
2197 * interface up/down operations will need multiple return and restarts.
2198 * Instead the 'ipsq_current_ipif' of the ipsq is not cleared as long as
2199 * the 'ill_dlpi_deferred' chain is non-empty. This ensures that the next
2200 * exclusive operation won't start until the DLPI operations of the previous
2201 * exclusive operation complete.
2202 *
2203 * The capability state machine is shown below.
2204 *
2205 * state next state event, action
2206 *
2207 * IDCS_UNKNOWN IDCS_PROBE_SENT ill_capability_probe
2208 * IDCS_PROBE_SENT IDCS_OK ill_capability_ack
2209 * IDCS_PROBE_SENT IDCS_FAILED ip_rput_dlpi_writer (nack)
2210 * IDCS_OK IDCS_RENEG Receipt of DL_NOTE_CAPAB_RENEG
2211 * IDCS_OK IDCS_RESET_SENT ill_capability_reset
2212 * IDCS_RESET_SENT IDCS_UNKNOWN ill_capability_ack_thr
2213 * IDCS_RENEG IDCS_PROBE_SENT ill_capability_ack_thr ->
2214 * ill_capability_probe.
2215 */
2217 /*
2218 * Dedicated thread started from ip_stack_init that handles capability
2219 * disable. This thread ensures the taskq dispatch does not fail by waiting
2220 * for resources using TQ_SLEEP. The taskq mechanism is used to ensure
2221 * that direct calls to DLD are done in a cv_waitable context.
2222 */
2223 void
2225 {
2226 callb_cpr_t cprinfo;
2233 name);
2249 }
2256 }
2261 }
2263 /*
2264 * Consume a new-style hardware capabilities negotiation ack.
2265 * Called via taskq on receipt of DL_CAPABILITY_ACK.
2266 */
2267 static void
2269 {
2274 boolean_t reneg;
2283 /*
2284 * We have received the ack for our DL_CAPAB reset request.
2285 * There isnt' anything in the message that needs processing.
2286 * All message based capabilities have been disabled, now
2287 * do the function call based capability disable.
2288 */
2295 }
2303 /* no new-style capabilities */
2305 }
2307 /* make sure the driver supplied correct dl_sub_length */
2312 }
2314 #define SC(base, offset) (dl_capability_sub_t *)(((uchar_t *)(base))+(offset))
2315 /*
2316 * There are sub-capabilities. Process the ones we know about.
2317 * Loop until we don't have room for another sub-cap header..
2318 */
2331 }
2332 }
2333 #undef SC
2334 done:
2338 }
2340 /*
2341 * This needs to be started in a taskq thread to provide a cv_waitable
2342 * context.
2343 */
2344 void
2346 {
2356 /*
2357 * The taskq dispatch failed. Signal the ill_taskq_dispatch thread
2358 * which will do the dispatch using TQ_SLEEP to guarantee success.
2359 */
2366 }
2371 }
2373 /*
2374 * This routine is called to scan the fragmentation reassembly table for
2375 * the specified ILL for any packets that are starting to smell.
2376 * dead_interval is the maximum time in seconds that will be tolerated. It
2377 * will either be the value specified in ip_g_frag_timeout, or zero if the
2378 * ILL is shutting down and it is time to blow everything off.
2379 *
2380 * It returns the number of seconds (as a time_t) that the next frag timer
2381 * should be scheduled for, 0 meaning that the timer doesn't need to be
2382 * re-started. Note that the method of calculating next_timeout isn't
2383 * entirely accurate since time will flow between the time we grab
2384 * current_time and the time we schedule the next timeout. This isn't a
2385 * big problem since this is the timer for sending an ICMP reassembly time
2386 * exceeded messages, and it doesn't have to be exactly accurate.
2387 *
2388 * This function is
2389 * sometimes called as writer, although this is not required.
2390 */
2391 time_t
2393 {
2405 ip_recv_attr_t iras;
2417 /* Walk the frag hash table. */
2427 /*
2428 * There are some outstanding fragments
2429 * that will timeout later. Make note of
2430 * the time so that we can reschedule the
2431 * next timeout appropriately.
2432 */
2437 }
2439 }
2440 /* Time's up. Get it out of here. */
2448 /* Extra points for neatness. */
2451 }
2458 /*
2459 * We do not send any icmp message from here because
2460 * we currently are holding the ipfb_lock for this
2461 * hash chain. If we try and send any icmp messages
2462 * from here we may end up via a put back into ip
2463 * trying to get the same lock, causing a recursive
2464 * mutex panic. Instead we build a list and send all
2465 * the icmp messages after we have dropped the lock.
2466 */
2473 }
2480 }
2481 }
2485 }
2487 /*
2488 * Now need to send any icmp messages that we delayed from
2489 * above.
2490 */
2499 /*
2500 * This will result in an incorrect ALL_ZONES zoneid
2501 * for multicast packets, but we
2502 * don't send ICMP errors for those in any case.
2503 */
2512 }
2514 ipaddr_t dst;
2523 /*
2524 * This will result in an incorrect ALL_ZONES zoneid
2525 * for broadcast and multicast packets, but we
2526 * don't send ICMP errors for those in any case.
2527 */
2534 }
2535 }
2536 /*
2537 * A non-dying ILL will use the return value to decide whether to
2538 * restart the frag timer, and for how long.
2539 */
2541 }
2543 /*
2544 * This routine is called when the approximate count of mblk memory used
2545 * for the specified ILL has exceeded max_count.
2546 */
2547 void
2549 {
2555 /*
2556 * If we are here within ip_min_frag_prune_time msecs remove
2557 * ill_frag_free_num_pkts oldest packets from each bucket and increment
2558 * ill_frag_free_num_pkts.
2559 */
2570 }
2574 /*
2575 * free ill_frag_free_num_pkts oldest packets from each bucket.
2576 */
2586 }
2588 }
2589 }
2590 /*
2591 * While the reassembly list for this ILL is too big, prune a fragment
2592 * queue by age, oldest first.
2593 */
2607 }
2610 }
2620 }
2622 }
2623 }
2625 /*
2626 * free 'free_cnt' fragmented packets starting at ipf.
2627 */
2628 void
2630 {
2647 }
2656 }
2661 }
2663 /*
2664 * Helper function for ill_forward_set().
2665 */
2666 static void
2668 {
2679 else
2684 /* Notify routing socket listeners of this change. */
2687 }
2689 /*
2690 * Set an ill's ILLF_ROUTER flag appropriately. Send up RTS_IFINFO routing
2691 * socket messages for each interface whose flags we change.
2692 */
2693 int
2695 {
2712 /*
2713 * Update all of the interfaces in the group.
2714 */
2720 /*
2721 * Update the IPMP meta-interface.
2722 */
2725 }
2729 }
2731 /*
2732 * Based on the ILLF_ROUTER flag of an ill, make sure all local nce's for
2733 * addresses assigned to the ill have the NCE_F_ISROUTER flag appropriately
2734 * set or clear.
2735 */
2736 static void
2738 {
2744 /*
2745 * NOTE: we match across the illgrp because nce's for
2746 * addresses on IPMP interfaces have an nce_ill that points to
2747 * the bound underlying ill.
2748 */
2755 else
2759 }
2760 }
2761 }
2763 /*
2764 * Intializes the context structure and returns the first ill in the list
2765 * cuurently start_list and end_list can have values:
2766 * MAX_G_HEADS Traverse both IPV4 and IPV6 lists.
2767 * IP_V4_G_HEAD Traverse IPV4 list only.
2768 * IP_V6_G_HEAD Traverse IPV6 list only.
2769 */
2771 /*
2772 * We don't check for CONDEMNED ills here. Caller must do that if
2773 * necessary under the ill lock.
2774 */
2775 ill_t *
2778 {
2786 /*
2787 * setup the lists to search
2788 */
2795 }
2803 /*
2804 * ill is guaranteed to be non NULL or ifp should have
2805 * not existed.
2806 */
2809 }
2811 }
2814 }
2816 /*
2817 * returns the next ill in the list. ill_first() must have been called
2818 * before calling ill_next() or bad things will happen.
2819 */
2821 /*
2822 * We don't check for CONDEMNED ills here. Caller must do that if
2823 * necessary under the ill lock.
2824 */
2825 ill_t *
2827 {
2837 }
2839 /* goto next ill_ifp in the list. */
2842 /* make sure not at end of circular list */
2848 }
2851 }
2853 /*
2854 * Check interface name for correct format: [a-zA-Z]+[a-zA-Z0-9._]*[0-9]+
2855 * The final number (PPA) must not have any leading zeros. Upon success, a
2856 * pointer to the start of the PPA is returned; otherwise NULL is returned.
2857 */
2860 {
2865 /*
2866 * Check that the first character is [a-zA-Z], and that the last
2867 * character is [0-9].
2868 */
2872 /*
2873 * Set `ppa_ndx' to the PPA start, and check for leading zeroes.
2874 */
2882 /*
2883 * Check that the intermediate characters are [a-z0-9.]
2884 */
2889 }
2890 }
2893 }
2895 /*
2896 * use avl tree to locate the ill.
2897 */
2900 {
2903 uint_t ppa;
2908 /*
2909 * get ppa ptr
2910 */
2913 else
2918 }
2927 /*
2928 * match is done on len - 1 as the name is not null
2929 * terminated it contains ppa in addition to the interface
2930 * name.
2931 */
2937 }
2938 }
2941 /*
2942 * Even the interface type does not exist.
2943 */
2945 }
2954 }
2956 }
2958 }
2960 /*
2961 * comparison function for use with avl.
2962 */
2963 static int
2965 {
2966 uint_t ppa;
2967 uint_t ill_ppa;
2973 /*
2974 * We want the ill with the lowest ppa to be on the
2975 * top.
2976 */
2982 }
2984 /*
2985 * remove an interface type from the global list.
2986 */
2987 static void
2989 {
3000 }
3002 /*
3003 * remove ill from the global list.
3004 */
3005 static void
3007 {
3016 /*
3017 * If the ill was never inserted into the AVL tree
3018 * we skip the if branch.
3019 */
3021 /*
3022 * remove from AVL tree and free ppa number
3023 */
3029 }
3032 }
3034 /*
3035 * Indicate ill is no longer in the list.
3036 */
3041 }
3043 /* Generate one last event for this ill. */
3051 /*
3052 * ill_init allocates a phyint always to store the copy
3053 * of flags relevant to phyint. At that point in time, we could
3054 * not assign the name and hence phyint_illv4/v6 could not be
3055 * initialized. Later in ipif_set_values, we assign the name to
3056 * the ill, at which point in time we assign phyint_illv4/v6.
3057 * Thus we don't rely on phyint_illv6 to be initialized always.
3058 */
3061 else
3067 }
3069 /*
3070 * There are no ills left on this phyint; pull it out of the phyint
3071 * avl trees, and free it.
3072 */
3075 phyi);
3077 phyi);
3078 }
3082 }
3084 /*
3085 * allocate a ppa, if the number of plumbed interfaces of this type are
3086 * less than ill_no_arena do a linear search to find a unused ppa.
3087 * When the number goes beyond ill_no_arena switch to using an arena.
3088 * Note: ppa value of zero cannot be allocated from vmem_arena as it
3089 * is the return value for an error condition, so allocation starts at one
3090 * and is decremented by one.
3091 */
3092 static int
3094 {
3101 /*
3102 * Create an arena.
3103 */
3107 /* allocate what has already been assigned */
3116 /* minaddr */
3118 /* maxaddr */
3127 }
3128 }
3129 }
3147 /*
3148 * Most likely the allocation failed because
3149 * the requested ppa was in use.
3150 */
3153 }
3155 }
3157 /*
3158 * No arena is in use and not enough (>ill_no_arena) interfaces have
3159 * been plumbed to create one. Do a linear search to get a unused ppa.
3160 */
3166 }
3173 else
3175 }
3177 }
3180 }
3182 /*
3183 * Insert ill into the list of configured ill's. Once this function completes,
3184 * the ill is globally visible and is available through lookups. More precisely
3185 * this happens after the caller drops the ill_g_lock.
3186 */
3187 static int
3189 {
3204 else
3208 /*
3209 * Search for interface type based on name
3210 */
3215 }
3217 }
3219 /*
3220 * Interface type not found, create one.
3221 */
3223 ill_g_head_t ghead;
3225 /*
3226 * allocate ill_if_t structure
3227 */
3231 }
3240 /*
3241 * link the structure in the back to maintain order
3242 * of configuration for ifconfig output.
3243 */
3246 }
3256 }
3258 /*
3259 * When the ppa is choosen by the system, check that there is
3260 * enough space to insert ppa. if a specific ppa was passed in this
3261 * check is not required as the interface name passed in will have
3262 * the right ppa in it.
3263 */
3265 /*
3266 * UINT_MAX - 1 should fit in 10 chars, alloc 12 chars.
3267 */
3270 /*
3271 * convert ppa to string to calculate the amount of space
3272 * required for it in the name.
3273 */
3276 /* Do we have enough space to insert ppa ? */
3279 /* Free ppa and interface type struct */
3283 }
3288 }
3289 }
3301 }
3303 /* Initialize the per phyint ipsq used for serialization */
3304 static boolean_t
3306 {
3325 #ifdef DEBUG
3327 #endif
3328 }
3330 }
3332 /*
3333 * Here we perform initialisation of the ill_t common to both regular
3334 * interface ILLs and the special loopback ILL created by ill_lookup_on_name.
3335 */
3336 static int
3338 boolean_t ipsq_enter)
3339 {
3349 ip_loopback_mtuplus;
3350 /*
3351 * No resolver here.
3352 */
3358 }
3362 /*
3363 * Allocate sufficient space to contain our fragment hash table and
3364 * the device name.
3365 */
3377 }
3383 }
3390 }
3393 }
3403 }
3405 /* Frag queue limit stuff */
3417 /*
3418 * Initialize IPv6 configuration variables. The IP module is always
3419 * opened as an IPv4 module. Instead tracking down the cases where
3420 * it switches to do ipv6, we'll just initialize the IPv6 configuration
3421 * here for convenience, this has no effect until the ill is set to do
3422 * IPv6.
3423 */
3430 }
3432 /*
3433 * ill_init is called by ip_open when a device control stream is opened.
3434 * It does a few initializations, and shoots a DL_INFO_REQ message down
3435 * to the driver. The response is later picked up in ip_rput_dlpi and
3436 * used to set up default mechanisms for talking to the driver. (Always
3437 * called as writer.)
3438 *
3439 * If this function returns error, ip_open will call ip_close which in
3440 * turn will call ill_delete to clean up any memory allocated here that
3441 * is not yet freed.
3442 *
3443 * Note: ill_ipst and ill_zoneid must be set before calling ill_init.
3444 */
3445 int
3447 {
3453 BPRI_HI);
3457 /*
3458 * For now pretend this is a v4 ill. We need to set phyint_ill*
3459 * at this point because of the following reason. If we can't
3460 * enter the ipsq at some point and cv_wait, the writer that
3461 * wakes us up tries to locate us using the list of all phyints
3462 * in an ipsq and the ills from the phyint thru the phyint_ill*.
3463 * If we don't set it now, we risk a missed wakeup.
3464 */
3468 }
3472 /* Send down the Info Request to the driver. */
3484 }
3486 /*
3487 * ill_dls_info
3488 * creates datalink socket info from the device.
3489 */
3490 int
3492 {
3508 }
3510 /*
3511 * ill_xarp_info
3512 * creates xarp info from the device.
3513 */
3514 static int
3516 {
3525 }
3527 static int
3529 {
3531 netstackid_t stackid;
3552 }
3557 }
3559 /*
3560 * Has ifindex been plumbed already?
3561 */
3562 static boolean_t
3564 {
3570 }
3572 /*
3573 * Pick a unique ifindex.
3574 * When the index counter passes IF_INDEX_MAX for the first time, the wrap
3575 * flag is set so that next time time ip_assign_ifindex() is called, it
3576 * falls through and resets the index counter back to 1, the minimum value
3577 * for the interface index. The logic below assumes that ips_ill_index
3578 * can hold a value of IF_INDEX_MAX+1 without there being any loss
3579 * (i.e. reset back to 0.)
3580 */
3581 boolean_t
3583 {
3584 uint_t loops;
3589 /*
3590 * Reached the maximum ifindex value, set the wrap
3591 * flag to indicate that it is no longer possible
3592 * to assume that a given index is unallocated.
3593 */
3595 }
3597 }
3602 /*
3603 * Start reusing unused indexes. Note that we hold the ill_g_lock
3604 * at this point and don't want to call any function that attempts
3605 * to get the lock again.
3606 */
3609 /* found unused index - use it */
3612 }
3617 }
3619 /*
3620 * all interface indicies are inuse.
3621 */
3623 }
3625 /*
3626 * Assign a unique interface index for the phyint.
3627 */
3628 static boolean_t
3630 {
3633 }
3635 /*
3636 * Initialize the flags on `phyi' as per the provided mactype.
3637 */
3638 static void
3640 {
3643 /*
3644 * Initialize PHYI_RUNNING and PHYI_FAILED. For non-IPMP interfaces,
3645 * we always presume the underlying hardware is working and set
3646 * PHYI_RUNNING (if it's not, the driver will subsequently send a
3647 * DL_NOTE_LINK_DOWN message). For IPMP interfaces, at initialization
3648 * there are no active interfaces in the group so we set PHYI_FAILED.
3649 */
3652 else
3665 }
3670 }
3672 /*
3673 * Return a pointer to the ill which matches the supplied name. Note that
3674 * the ill name length includes the null termination character. (May be
3675 * called as writer.)
3676 * If do_alloc and the interface is "lo0" it will be automatically created.
3677 * Cannot bump up reference on condemned ills. So dup detect can't be done
3678 * using this func.
3679 */
3680 ill_t *
3683 {
3688 boolean_t isloopback;
3689 in6_addr_t ov6addr;
3699 /*
3700 * Couldn't find it. Does this happen to be a lookup for the
3701 * loopback device and are we allowed to allocate it?
3702 */
3711 }
3713 /* Create the loopback device on demand */
3722 /*
3723 * For exclusive stacks we set the zoneid to zero
3724 * to make IP operate as if in the global zone.
3725 */
3737 /*
3738 * ipif_loopback_name can't be pointed at directly because its used
3739 * by both the ipv4 and ipv6 interfaces. When the ill is removed
3740 * from the glist, ill_glist_delete() sets the first character of
3741 * ill_name to '\0'.
3742 */
3746 /* Set ill_dlpi_pending for ipsq_current_finish() to work properly */
3756 /* Set up default loopback address and mask. */
3771 }
3773 /*
3774 * Chain us in at the end of the ill list. hold the ill
3775 * before we make it globally visible. 1 for the lookup.
3776 */
3784 /* Let SCTP know so that it can add this to its list */
3787 /*
3788 * We have already assigned ipif_v6lcl_addr above, but we need to
3789 * call sctp_update_ipif_addr() after SCTP_ILL_INSERT, which
3790 * requires to be after ill_glist_insert() since we need the
3791 * ill_index set. Pass on ipv6_loopback as the old address.
3792 */
3797 /*
3798 * ill_glist_insert() -> ill_phyint_reinit() may have merged IPSQs.
3799 * If so, free our original one.
3800 */
3805 /* Export loopback interface statistics */
3812 loopback_kstat_update;
3818 netstack_stackid;
3820 }
3821 }
3828 done:
3835 }
3837 }
3842 }
3845 }
3847 /*
3848 * For IPP calls - use the ip_stack_t for global stack.
3849 */
3850 ill_t *
3852 {
3863 }
3868 }
3870 /*
3871 * Return a pointer to the ill which matches the index and IP version type.
3872 */
3873 ill_t *
3875 {
3879 /*
3880 * Indexes are stored in the phyint - a common structure
3881 * to both IPv4 and IPv6.
3882 */
3895 }
3897 }
3898 }
3901 }
3903 /*
3904 * Verify whether or not an interface index is valid for the specified zoneid
3905 * to transmit packets.
3906 * It can be zero (meaning "reset") or an interface index assigned
3907 * to a non-VNI interface. (We don't use VNI interface to send packets.)
3908 */
3909 boolean_t
3912 {
3924 }
3927 }
3929 /*
3930 * Return the ifindex next in sequence after the passed in ifindex.
3931 * If there is no next ifindex for the given protocol, return 0.
3932 */
3933 uint_t
3935 {
3938 uint_t ifindex;
3949 }
3954 /*
3955 * If we're not returning the first interface in the tree
3956 * and we still haven't moved past the phyint_t that
3957 * corresponds to index, avl_walk needs to be called again
3958 */
3970 }
3971 }
3972 }
3978 else
3982 }
3984 /*
3985 * Return the ifindex for the named interface.
3986 * If there is no next ifindex for the interface, return 0.
3987 */
3988 uint_t
3990 {
3993 uint_t ifindex;
4001 }
4008 }
4010 /*
4011 * Return the ifindex to be used by upper layer protocols for instance
4012 * for IPV6_RECVPKTINFO. If IPMP this is the one for the upper ill.
4013 */
4014 uint_t
4016 {
4019 else
4021 }
4024 /*
4025 * Obtain a reference to the ill. The ill_refcnt is a dynamic refcnt
4026 * that gives a running thread a reference to the ill. This reference must be
4027 * released by the thread when it is done accessing the ill and related
4028 * objects. ill_refcnt can not be used to account for static references
4029 * such as other structures pointing to an ill. Callers must generally
4030 * check whether an ill can be refheld by using ILL_CAN_LOOKUP macros
4031 * or be sure that the ill is not being deleted or changing state before
4032 * calling the refhold functions. A non-zero ill_refcnt ensures that the
4033 * ill won't change any of its critical state such as address, netmask etc.
4034 */
4035 void
4037 {
4042 }
4044 void
4046 {
4050 }
4052 /* Returns true if we managed to get a refhold */
4053 boolean_t
4055 {
4061 }
4064 }
4066 /*
4067 * Must not be called while holding any locks. Otherwise if this is
4068 * the last reference to be released, there is a chance of recursive mutex
4069 * panic due to ill_refrele -> ipif_ill_refrele_tail -> qwriter_ip trying
4070 * to restart an ioctl.
4071 */
4072 void
4074 {
4080 /* Every ire pointing to the ill adds 1 to ill_refcnt */
4083 }
4085 /* Drops the ill_lock */
4087 }
4089 /*
4090 * Obtain a weak reference count on the ill. This reference ensures the
4091 * ill won't be freed, but the ill may change any of its critical state
4092 * such as netmask, address etc. Returns an error if the ill has started
4093 * closing.
4094 */
4095 boolean_t
4097 {
4102 }
4106 }
4108 void
4110 {
4116 }
4118 /*
4119 * ip_ll_subnet_defaults is called when we get the DL_INFO_ACK back from the
4120 * driver. We construct best guess defaults for lower level information that
4121 * we need. If an interface is brought up without injection of any overriding
4122 * information from outside, we have to be ready to go with these defaults.
4123 * When we get the first DL_INFO_ACK (from ip_open() sending a DL_INFO_REQ)
4124 * we primarely want the dl_provider_style.
4125 * The subsequent DL_INFO_ACK is received after doing a DL_ATTACH and DL_BIND
4126 * at which point we assume the other part of the information is valid.
4127 */
4128 void
4130 {
4133 t_scalar_t sap_length;
4141 /*
4142 * Till the ill is fully up the ill is not globally visible.
4143 * So no need for a lock.
4144 */
4152 }
4155 /*
4156 * When the new DLPI stuff is ready we'll pull lengths
4157 * from dlia.
4158 */
4162 brdcst_addr_length);
4165 }
4175 }
4181 /*
4182 * Synthetic DLPI types such as SUNW_DL_IPMP specify a zero SDU,
4183 * but we must ensure a minimum IP MTU is used since other bits of
4184 * IP will fly apart otherwise.
4185 */
4200 /*
4201 * Allocate the first ipif on this ill. We don't delay it
4202 * further as ioctl handling assumes at least one ipif exists.
4203 *
4204 * At this point we don't know whether the ill is v4 or v6.
4205 * We will know this whan the SIOCSLIFNAME happens and
4206 * the correct value for ill_isv6 will be assigned in
4207 * ipif_set_values(). We need to hold the ill lock and
4208 * clear the ILL_LL_SUBNET_PENDING flag and atomically do
4209 * the wakeup.
4210 */
4221 }
4223 /*
4224 * We know whether it is IPv4 or IPv6 now, as this is the
4225 * second DL_INFO_ACK we are recieving in response to the
4226 * DL_INFO_REQ sent in ipif_set_values.
4227 */
4229 /*
4230 * Clear all the flags that were set based on ill_bcast_addr_length
4231 * and ill_phys_addr_length (in ipif_set_values) as these could have
4232 * changed now and we need to re-evaluate.
4233 */
4237 /*
4238 * Free ill_bcast_mp as things could have changed now.
4239 *
4240 * NOTE: The IPMP meta-interface is special-cased because it starts
4241 * with no underlying interfaces (and thus an unknown broadcast
4242 * address length), but we enforce that an interface is broadcast-
4243 * capable as part of allowing it to join a group.
4244 */
4256 /*
4257 * Note: xresolv interfaces will eventually need NOARP
4258 * set here as well, but that will require those
4259 * external resolvers to have some knowledge of
4260 * that flag and act appropriately. Not to be changed
4261 * at present.
4262 */
4264 else
4272 /*
4273 * The underying link is point-to-point, so mark the
4274 * interface as such. We can do IP multicast over
4275 * such a link since it transmits all network-layer
4276 * packets to the remote side the same way.
4277 */
4280 }
4288 /*
4289 * Later detect lack of DLPI driver multicast
4290 * capability by catching DL_ENABMULTI errors in
4291 * ip_rput_dlpi.
4292 */
4296 }
4298 /* For IPMP, PHYI_IPMP should already be set by phyint_flags_init() */
4302 /* By default an interface does not support any CoS marking */
4305 /*
4306 * If we get QoS information in DL_INFO_ACK, the device supports
4307 * some form of CoS marking, set ILLF_COS_ENABLED.
4308 */
4313 }
4315 /* Clear any previous error indication. */
4318 }
4320 /*
4321 * Perform various checks to verify that an address would make sense as a
4322 * local, remote, or subnet interface address.
4323 */
4324 static boolean_t
4326 {
4327 ipaddr_t net_mask;
4329 /*
4330 * Don't allow all zeroes, or all ones, but allow
4331 * all ones netmask.
4332 */
4335 /* A given netmask overrides the "guess" netmask */
4341 }
4343 /*
4344 * Even if the netmask is all ones, we do not allow address to be
4345 * 255.255.255.255
4346 */
4354 }
4356 #define V6_IPIF_LINKLOCAL(p) \
4357 IN6_IS_ADDR_LINKLOCAL(&(p)->ipif_v6lcl_addr)
4359 /*
4360 * Compare two given ipifs and check if the second one is better than
4361 * the first one using the order of preference (not taking deprecated
4362 * into acount) specified in ipif_lookup_multicast().
4363 */
4364 static boolean_t
4366 {
4367 /* Check the least preferred first. */
4369 /* If both ipifs are the same, use the first one. */
4372 else
4374 }
4376 /* For IPv6, check for link local address. */
4380 /* The second one is equal or less preferred. */
4384 }
4385 }
4387 /* Then check for point to point interface. */
4395 }
4396 }
4398 /* old_ipif is a normal interface, so no need to use the new one. */
4400 }
4402 /*
4403 * Find a mulitcast-capable ipif given an IP instance and zoneid.
4404 * The ipif must be up, and its ill must multicast-capable, not
4405 * condemned, not an underlying interface in an IPMP group, and
4406 * not a VNI interface. Order of preference:
4407 *
4408 * 1a. normal
4409 * 1b. normal, but deprecated
4410 * 2a. point to point
4411 * 2b. point to point, but deprecated
4412 * 3a. link local
4413 * 3b. link local, but deprecated
4414 * 4. loopback.
4415 */
4418 {
4420 ill_walk_context_t ctx;
4428 else
4438 }
4445 }
4449 }
4451 /*
4452 * Found one candidate. If it is deprecated,
4453 * remember it in dep_ipif. If it is not deprecated,
4454 * remember it in saved_ipif.
4455 */
4460 isv6)) {
4461 /*
4462 * If the previous dep_ipif does not
4463 * belong to the same ill, we've done
4464 * a ipif_refhold() on it. So we need
4465 * to release it.
4466 */
4470 }
4472 }
4480 }
4481 }
4482 }
4483 /*
4484 * Before going to the next ill, do a ipif_refhold() on the
4485 * saved ones.
4486 */
4492 }
4495 /*
4496 * If we have only the saved_ipif, return it. But if we have both
4497 * saved_ipif and dep_ipif, check to see which one is better.
4498 */
4507 }
4508 }
4512 }
4513 }
4515 ill_t *
4517 {
4529 }
4531 /*
4532 * This function is called when an application does not specify an interface
4533 * to be used for multicast traffic (joining a group/sending data). It
4534 * calls ire_lookup_multi() to look for an interface route for the
4535 * specified multicast group. Doing this allows the administrator to add
4536 * prefix routes for multicast to indicate which interface to be used for
4537 * multicast traffic in the above scenario. The route could be for all
4538 * multicast (224.0/4), for a single multicast group (a /32 route) or
4539 * anything in between. If there is no such multicast route, we just find
4540 * any multicast capable interface and return it. The returned ipif
4541 * is refhold'ed.
4542 *
4543 * We support MULTIRT and RTF_SETSRC on the multicast routes added to the
4544 * unicast table. This is used by CGTP.
4545 */
4546 ill_t *
4549 {
4557 }
4559 /*
4560 * Look for an ipif with the specified interface address and destination.
4561 * The destination address is used only for matching point-to-point interfaces.
4562 */
4563 ipif_t *
4565 {
4568 ill_walk_context_t ctx;
4570 /*
4571 * First match all the point-to-point interfaces
4572 * before looking at non-point-to-point interfaces.
4573 * This is done to avoid returning non-point-to-point
4574 * ipif instead of unnumbered point-to-point ipif.
4575 */
4582 /* Allow the ipif to be down */
4591 }
4592 }
4593 }
4595 }
4598 /* lookup the ipif based on interface address */
4602 }
4604 /*
4605 * Common function for ipif_lookup_addr() and ipif_lookup_addr_exact().
4606 */
4610 {
4614 ill_walk_context_t ctx;
4619 /*
4620 * Repeat twice, first based on local addresses and
4621 * next time for pointopoint.
4622 */
4623 repeat:
4629 }
4641 /* Allow the ipif to be down */
4651 }
4652 }
4653 }
4655 }
4657 /* If we already did the ptp case, then we are done */
4661 }
4664 }
4666 /*
4667 * Lookup an ipif with the specified address. For point-to-point links we
4668 * look for matches on either the destination address or the local address,
4669 * but we skip the local address check if IPIF_UNNUMBERED is set. If the
4670 * `match_ill' argument is non-NULL, the lookup is restricted to that ill
4671 * (or illgrp if `match_ill' is in an IPMP group).
4672 */
4673 ipif_t *
4676 {
4679 }
4681 /*
4682 * Lookup an ipif with the specified address. Similar to ipif_lookup_addr,
4683 * except that we will only return an address if it is not marked as
4684 * IPIF_DUPLICATE
4685 */
4686 ipif_t *
4689 {
4693 }
4695 /*
4696 * Special abbreviated version of ipif_lookup_addr() that doesn't match
4697 * `match_ill' across the IPMP group. This function is only needed in some
4698 * corner-cases; almost everything should use ipif_lookup_addr().
4699 */
4700 ipif_t *
4702 {
4705 ipst));
4706 }
4708 /*
4709 * Look for an ipif with the specified address. For point-point links
4710 * we look for matches on either the destination address and the local
4711 * address, but we ignore the check on the local address if IPIF_UNNUMBERED
4712 * is set.
4713 * If the `match_ill' argument is non-NULL, the lookup is restricted to that
4714 * ill (or illgrp if `match_ill' is in an IPMP group).
4715 * Return the zoneid for the ipif which matches. ALL_ZONES if no match.
4716 */
4717 zoneid_t
4719 {
4720 zoneid_t zoneid;
4724 ill_walk_context_t ctx;
4727 /*
4728 * Repeat twice, first based on local addresses and
4729 * next time for pointopoint.
4730 */
4731 repeat:
4737 }
4741 /* Allow the ipif to be down */
4751 }
4752 }
4754 }
4756 /* If we already did the ptp case, then we are done */
4760 }
4763 }
4765 /*
4766 * Look for an ipif that matches the specified remote address i.e. the
4767 * ipif that would receive the specified packet.
4768 * First look for directly connected interfaces and then do a recursive
4769 * IRE lookup and pick the first ipif corresponding to the source address in the
4770 * ire.
4771 * Returns: held ipif
4772 *
4773 * This is only used for ICMP_ADDRESS_MASK_REQUESTs
4774 */
4775 ipif_t *
4777 {
4782 /*
4783 * Someone could be changing this ipif currently or change it
4784 * after we return this. Thus a few packets could use the old
4785 * old values. However structure updates/creates (ire, ilg, ilm etc)
4786 * will atomically be updated or cleaned up with the new value
4787 * Thus we don't need a lock to check the flags or other attrs below.
4788 */
4796 /* Allow the ipif to be down */
4804 }
4809 }
4810 }
4812 /*
4813 * For a remote destination it isn't possible to nail down a particular
4814 * ipif.
4815 */
4817 /* Pick the first interface */
4820 }
4822 /*
4823 * This func does not prevent refcnt from increasing. But if
4824 * the caller has taken steps to that effect, then this func
4825 * can be used to determine whether the ill has become quiescent
4826 */
4827 static boolean_t
4829 {
4837 }
4840 }
4842 }
4844 boolean_t
4846 {
4854 }
4855 }
4858 }
4860 }
4862 /*
4863 * This func does not prevent refcnt from increasing. But if
4864 * the caller has taken steps to that effect, then this func
4865 * can be used to determine whether the ipif has become quiescent
4866 */
4867 static boolean_t
4869 {
4881 }
4883 /* This is the last ipif going down or being deleted on this ill */
4886 }
4889 }
4891 /*
4892 * return true if the ipif can be destroyed: the ipif has to be quiescent
4893 * with zero references from ire/ilm to it.
4894 */
4895 static boolean_t
4897 {
4901 }
4903 /*
4904 * The ipif/ill/ire has been refreled. Do the tail processing.
4905 * Determine if the ipif or ill in question has become quiescent and if so
4906 * wakeup close and/or restart any queued pending ioctl that is waiting
4907 * for the ipif_down (or ill_down)
4908 */
4909 void
4911 {
4922 /* ip_modclose() may be waiting */
4924 }
4953 /*
4954 * ILL_FREE is only for loopback; normal ill teardown waits
4955 * synchronously in ip_modclose() without using ipx_waitfor,
4956 * handled by the cv_broadcast() at the top of this function.
4957 */
4964 }
4973 /*
4974 * NOTE: all of the qwriter_ip() calls below use CUR_OP since
4975 * we can only get here when the current operation decides it
4976 * it needs to quiesce via ipsq_pending_mp_add().
4977 */
4981 /*
4982 * For now, only DL_NOTIFY_IND messages can use this facility.
4983 */
4999 }
5005 B_TRUE);
5017 }
5019 unlock:
5023 }
5025 #ifdef DEBUG
5026 /* Reuse trace buffer from beginning (if reached the end) and record trace */
5027 static void
5029 {
5031 uint_t lastref;
5034 lastref++;
5041 }
5043 static void
5045 {
5050 }
5052 /*
5053 * Find or create the per-thread hash table used to track object references.
5054 * The ipst argument is NULL if we shouldn't allocate.
5055 *
5056 * Accesses per-thread data, so there's no need to lock here.
5057 */
5060 {
5074 /*
5075 * We use mod_hash_create_extended here rather than the more
5076 * obvious mod_hash_create_ptrhash because the latter has a
5077 * hard-coded KM_SLEEP, and we'd prefer to fail rather than
5078 * block.
5079 */
5089 }
5092 /*
5093 * We trace ills, ipifs, ires, and nces. All of these are
5094 * per-IP-stack, so the lock on the thread list is as well.
5095 */
5101 }
5103 }
5105 boolean_t
5107 {
5110 mod_hash_val_t val;
5115 /*
5116 * Attempt to locate the trace buffer for this obj and thread.
5117 * If it does not exist, then allocate a new trace buffer and
5118 * insert into the hash.
5119 */
5130 }
5133 }
5141 }
5143 /*
5144 * For the purpose of tracing a reference release, we assume that global
5145 * tracing is always on and that the same thread initiated the reference hold
5146 * is releasing.
5147 */
5148 void
5150 {
5154 mod_hash_val_t val;
5164 }
5166 /*
5167 * If tracing has been disabled, then we assume that the reference counts are
5168 * now useless, and we clear them out before destroying the entries.
5169 */
5170 void
5172 {
5175 mod_hash_val_t val;
5189 }
5190 }
5192 }
5194 void
5196 {
5205 }
5206 }
5208 void
5210 {
5215 }
5217 void
5219 {
5228 }
5229 }
5231 void
5233 {
5238 }
5240 /*
5241 * Called when ipif is unplumbed or when memory alloc fails. Note that on
5242 * failure, ipif_trace_disable is set.
5243 */
5244 static void
5246 {
5248 }
5250 /*
5251 * Called when ill is unplumbed or when memory alloc fails. Note that on
5252 * failure, ill_trace_disable is set.
5253 */
5254 static void
5256 {
5258 }
5261 void
5263 {
5267 }
5269 void
5271 {
5279 }
5281 /*
5282 * Must not be called while holding any locks. Otherwise if this is
5283 * the last reference to be released there is a chance of recursive mutex
5284 * panic due to ipif_refrele -> ipif_ill_refrele_tail -> qwriter_ip trying
5285 * to restart an ioctl.
5286 */
5287 void
5289 {
5301 }
5303 /* Drops the ill_lock */
5305 }
5307 ipif_t *
5309 {
5320 }
5323 }
5325 /*
5326 * TODO: make this table extendible at run time
5327 * Return a pointer to the mac type info for 'mac_type'
5328 */
5331 {
5338 }
5340 /*
5341 * Make a link layer address from the multicast IP address *addr.
5342 * To form the link layer address, invoke the ip_m_v*mapping function
5343 * associated with the link-layer type.
5344 */
5345 void
5347 {
5362 }
5365 else
5367 }
5369 /*
5370 * Returns B_FALSE if the IPv4 netmask pointed by `mask' is non-contiguous.
5371 * Otherwise returns B_TRUE.
5372 *
5373 * The netmask can be verified to be contiguous with 32 shifts and or
5374 * operations. Take the contiguous mask (in host byte order) and compute
5375 * mask | mask << 1 | mask << 2 | ... | mask << 31
5376 * the result will be the same as the 'mask' for contiguous mask.
5377 */
5378 static boolean_t
5380 {
5388 }
5390 /*
5391 * ip_rt_add is called to add an IPv4 route to the forwarding table.
5392 * ill is passed in to associate it with the correct interface.
5393 * If ire_arg is set, then we return the held IRE in that location.
5394 */
5395 int
5399 {
5403 uint_t type;
5405 boolean_t cgtp_broadcast;
5413 /* disallow non-contiguous netmasks */
5417 /*
5418 * If this is the case of RTF_HOST being set, then we set the netmask
5419 * to all ones (regardless if one was supplied).
5420 */
5424 /*
5425 * Prevent routes with a zero gateway from being created (since
5426 * interfaces can currently be plumbed and brought up no assigned
5427 * address).
5428 */
5431 /*
5432 * Get the ipif, if any, corresponding to the gw_addr
5433 * If -ifp was specified we restrict ourselves to the ill, otherwise
5434 * we match on the gatway and destination to handle unnumbered pt-pt
5435 * interfaces.
5436 */
5439 else
5445 }
5446 }
5448 /*
5449 * GateD will attempt to create routes with a loopback interface
5450 * address as the gateway and with RTF_GATEWAY set. We allow
5451 * these routes to be added, but create them as interface routes
5452 * since the gateway is an interface address.
5453 */
5464 }
5475 zoneid,
5477 ipst);
5482 }
5483 /* src address assigned by the caller? */
5489 /*
5490 * In the result of failure, ire_add() will have
5491 * already deleted the ire in question, so there
5492 * is no need to do that here.
5493 */
5496 }
5497 /*
5498 * Check if it was a duplicate entry. This handles
5499 * the case of two racing route adds for the same route
5500 */
5507 }
5510 }
5511 }
5513 /*
5514 * The routes for multicast with CGTP are quite special in that
5515 * the gateway is the local interface address, yet RTF_GATEWAY
5516 * is set. We turn off RTF_GATEWAY to provide compatibility with
5517 * this undocumented and unusual use of multicast routes.
5518 */
5522 /*
5523 * Traditionally, interface routes are ones where RTF_GATEWAY isn't set
5524 * and the gateway address provided is one of the system's interface
5525 * addresses. By using the routing socket interface and supplying an
5526 * RTA_IFP sockaddr with an interface index, an alternate method of
5527 * specifying an interface route to be created is available which uses
5528 * the interface index that specifies the outgoing interface rather than
5529 * the address of an outgoing interface (which may not be able to
5530 * uniquely identify an interface). When coupled with the RTF_GATEWAY
5531 * flag, routes can be specified which not only specify the next-hop to
5532 * be used when routing to a certain prefix, but also which outgoing
5533 * interface should be used.
5534 *
5535 * Previously, interfaces would have unique addresses assigned to them
5536 * and so the address assigned to a particular interface could be used
5537 * to identify a particular interface. One exception to this was the
5538 * case of an unnumbered interface (where IPIF_UNNUMBERED was set).
5539 *
5540 * With the advent of IPv6 and its link-local addresses, this
5541 * restriction was relaxed and interfaces could share addresses between
5542 * themselves. In fact, typically all of the link-local interfaces on
5543 * an IPv6 node or router will have the same link-local address. In
5544 * order to differentiate between these interfaces, the use of an
5545 * interface index is necessary and this index can be carried inside a
5546 * RTA_IFP sockaddr (which is actually a sockaddr_dl). One restriction
5547 * of using the interface index, however, is that all of the ipif's that
5548 * are part of an ill have the same index and so the RTA_IFP sockaddr
5549 * cannot be used to differentiate between ipif's (or logical
5550 * interfaces) that belong to the same ill (physical interface).
5551 *
5552 * For example, in the following case involving IPv4 interfaces and
5553 * logical interfaces
5554 *
5555 * 192.0.2.32 255.255.255.224 192.0.2.33 U if0
5556 * 192.0.2.32 255.255.255.224 192.0.2.34 U if0
5557 * 192.0.2.32 255.255.255.224 192.0.2.35 U if0
5558 *
5559 * the ipif's corresponding to each of these interface routes can be
5560 * uniquely identified by the "gateway" (actually interface address).
5561 *
5562 * In this case involving multiple IPv6 default routes to a particular
5563 * link-local gateway, the use of RTA_IFP is necessary to specify which
5564 * default route is of interest:
5565 *
5566 * default fe80::123:4567:89ab:cdef U if0
5567 * default fe80::123:4567:89ab:cdef U if1
5568 */
5570 /* RTF_GATEWAY not set */
5572 /*
5573 * Whether or not ill (RTA_IFP) is set, we require that
5574 * the gateway is one of our local addresses.
5575 */
5579 /*
5580 * We use MATCH_IRE_ILL here. If the caller specified an
5581 * interface (from the RTA_IFP sockaddr) we use it, otherwise
5582 * we use the ill derived from the gateway address.
5583 * We can always match the gateway address since we record it
5584 * in ire_gateway_addr.
5585 * We don't allow RTA_IFP to specify a different ill than the
5586 * one matching the ipif to make sure we can delete the route.
5587 */
5594 }
5596 /*
5597 * We check for an existing entry at this point.
5598 *
5599 * Since a netmask isn't passed in via the ioctl interface
5600 * (SIOCADDRT), we don't check for a matching netmask in that
5601 * case.
5602 */
5611 }
5613 /*
5614 * Some software (for example, GateD and Sun Cluster) attempts
5615 * to create (what amount to) IRE_PREFIX routes with the
5616 * loopback address as the gateway. This is primarily done to
5617 * set up prefixes with the RTF_REJECT flag set (for example,
5618 * when generating aggregate routes.)
5619 *
5620 * If the IRE type (as defined by ill->ill_net_type) would be
5621 * IRE_LOOPBACK, then we map the request into a
5622 * IRE_IF_NORESOLVER. We also OR in the RTF_BLACKHOLE flag as
5623 * these interface routes, by definition, can only be that.
5624 *
5625 * Needless to say, the real IRE_LOOPBACK is NOT created by this
5626 * routine, but rather using ire_create() directly.
5627 *
5628 */
5633 }
5635 /*
5636 * Create a copy of the IRE_IF_NORESOLVER or
5637 * IRE_IF_RESOLVER with the modified address, netmask, and
5638 * gateway.
5639 */
5644 type,
5645 ill,
5646 zoneid,
5647 flags,
5648 ipst);
5652 }
5654 /* src address assigned by the caller? */
5660 /*
5661 * In the result of failure, ire_add() will have
5662 * already deleted the ire in question, so there
5663 * is no need to do that here.
5664 */
5667 }
5668 /*
5669 * Check if it was a duplicate entry. This handles
5670 * the case of two racing route adds for the same route
5671 */
5677 }
5680 }
5682 /*
5683 * Get an interface IRE for the specified gateway.
5684 * If we don't have an IRE_IF_NORESOLVER or IRE_IF_RESOLVER for the
5685 * gateway, it is currently unreachable and we fail the request
5686 * accordingly. We reject any RTF_GATEWAY routes where the gateway
5687 * is an IRE_LOCAL or IRE_LOOPBACK.
5688 * If RTA_IFP was specified we look on that particular ill.
5689 */
5693 /* Check whether the gateway is reachable. */
5694 again:
5702 /*
5703 * With IPMP, we allow host routes to influence in.mpathd's
5704 * target selection. However, if the test addresses are on
5705 * their own network, the above lookup will fail since the
5706 * underlying IRE_INTERFACEs are marked hidden. So allow
5707 * hidden test IREs to be found and try again.
5708 */
5712 }
5716 }
5722 }
5728 }
5730 /*
5731 * We create one of three types of IREs as a result of this request
5732 * based on the netmask. A netmask of all ones (which is automatically
5733 * assumed when RTF_HOST is set) results in an IRE_HOST being created.
5734 * An all zeroes netmask implies a default route so an IRE_DEFAULT is
5735 * created. Otherwise, an IRE_PREFIX route is created for the
5736 * destination prefix.
5737 */
5742 else
5745 /* check for a duplicate entry */
5748 NULL);
5755 }
5757 /* Create the IRE. */
5763 ill,
5764 zoneid,
5765 flags,
5766 ipst);
5773 }
5775 /* Before we add, check if an extra CGTP broadcast is needed */
5779 /* src address assigned by the caller? */
5785 /*
5786 * POLICY: should we allow an RTF_HOST with address INADDR_ANY?
5787 * SUN/OS socket stuff does but do we really want to allow 0.0.0.0?
5788 */
5790 /* Add the new IRE. */
5793 /*
5794 * In the result of failure, ire_add() will have
5795 * already deleted the ire in question, so there
5796 * is no need to do that here.
5797 */
5802 }
5803 /*
5804 * Check if it was a duplicate entry. This handles
5805 * the case of two racing route adds for the same route
5806 */
5814 }
5818 /*
5819 * Invoke the CGTP (multirouting) filtering module
5820 * to add the dst address in the filtering database.
5821 * Replicated inbound packets coming from that address
5822 * will be filtered to discard the duplicates.
5823 * It is not necessary to call the CGTP filter hook
5824 * when the dst address is a broadcast or multicast,
5825 * because an IP source address cannot be a broadcast
5826 * or a multicast.
5827 */
5831 }
5837 /* Find the source address corresponding to gw_ire */
5851 }
5859 }
5860 }
5861 }
5863 save_ire:
5867 }
5869 /*
5870 * Save enough information so that we can recreate the IRE if
5871 * the interface goes down and then up. The metrics associated
5872 * with the route will be saved as well when rts_setmetrics() is
5873 * called after the IRE has been created. In the case where
5874 * memory cannot be allocated, none of this information will be
5875 * saved.
5876 */
5878 }
5882 /*
5883 * Store the ire that was successfully added into where ire_arg
5884 * points to so that callers don't have to look it up
5885 * themselves (but they are responsible for ire_refrele()ing
5886 * the ire when they are finished with it).
5887 */
5891 }
5895 }
5897 /*
5898 * ip_rt_delete is called to delete an IPv4 route.
5899 * ill is passed in to associate it with the correct interface.
5900 */
5901 /* ARGSUSED4 */
5902 int
5906 {
5909 uint_t type;
5914 /*
5915 * If this is the case of RTF_HOST being set, then we set the netmask
5916 * to all ones. Otherwise, we use the netmask if one was supplied.
5917 */
5923 }
5925 /*
5926 * Note that RTF_GATEWAY is never set on a delete, therefore
5927 * we check if the gateway address is one of our interfaces first,
5928 * and fall back on RTF_GATEWAY routes.
5929 *
5930 * This makes it possible to delete an original
5931 * IRE_IF_NORESOLVER/IRE_IF_RESOLVER - consistent with SunOS 4.1.
5932 * However, we have RTF_KERNEL set on the ones created by ipif_up
5933 * and those can not be deleted here.
5934 *
5935 * We use MATCH_IRE_ILL if we know the interface. If the caller
5936 * specified an interface (from the RTA_IFP sockaddr) we use it,
5937 * otherwise we use the ill derived from the gateway address.
5938 * We can always match the gateway address since we record it
5939 * in ire_gateway_addr.
5940 *
5941 * For more detail on specifying routes by gateway address and by
5942 * interface index, see the comments in ip_rt_add().
5943 */
5950 else
5958 }
5964 }
5965 /* Avoid deleting routes created by kernel from an ipif */
5969 }
5971 /* Restore in case we didn't find a match */
5973 }
5976 /*
5977 * At this point, the gateway address is not one of our own
5978 * addresses or a matching interface route was not found. We
5979 * set the IRE type to lookup based on whether
5980 * this is a host route, a default route or just a prefix.
5981 *
5982 * If an ill was passed in, then the lookup is based on an
5983 * interface index so MATCH_IRE_ILL is added to match_flags.
5984 */
5992 else
5996 }
6001 }
6007 /*
6008 * Invoke the CGTP (multirouting) filtering module
6009 * to remove the dst address from the filtering database.
6010 * Packets coming from that address will no longer be
6011 * filtered to remove duplicates.
6012 */
6017 }
6019 }
6029 }
6031 /*
6032 * ip_siocaddrt is called to complete processing of an SIOCADDRT IOCTL.
6033 */
6034 /* ARGSUSED */
6035 int
6038 {
6039 ipaddr_t dst_addr;
6040 ipaddr_t gw_addr;
6041 ipaddr_t mask;
6052 /* Existence of mp1 verified in ip_wput_nondata */
6059 /*
6060 * If the RTF_HOST flag is on, this is a request to assign a gateway
6061 * to a particular host address. In this case, we set the netmask to
6062 * all ones for the particular destination address. Otherwise,
6063 * determine the netmask to be used based on dst_addr and the interfaces
6064 * in use.
6065 */
6069 /*
6070 * Note that ip_subnet_mask returns a zero mask in the case of
6071 * default (an all-zeroes address).
6072 */
6074 }
6081 }
6083 /*
6084 * ip_siocdelrt is called to complete processing of an SIOCDELRT IOCTL.
6085 */
6086 /* ARGSUSED */
6087 int
6090 {
6091 ipaddr_t dst_addr;
6092 ipaddr_t gw_addr;
6093 ipaddr_t mask;
6104 /* Existence of mp1 verified in ip_wput_nondata */
6111 /*
6112 * If the RTF_HOST flag is on, this is a request to delete a gateway
6113 * to a particular host address. In this case, we set the netmask to
6114 * all ones for the particular destination address. Otherwise,
6115 * determine the netmask to be used based on dst_addr and the interfaces
6116 * in use.
6117 */
6121 /*
6122 * Note that ip_subnet_mask returns a zero mask in the case of
6123 * default (an all-zeroes address).
6124 */
6126 }
6134 }
6136 /*
6137 * Enqueue the mp onto the ipsq, chained by b_next.
6138 * b_prev stores the function to be executed later, and b_queue the queue
6139 * where this mp originated.
6140 */
6141 void
6144 {
6164 }
6175 }
6182 /* only one switch operation is currently allowed */
6189 }
6195 }
6196 }
6198 /*
6199 * Dequeue the next message that requested exclusive access to this IPSQ's
6200 * xop. Specifically:
6201 *
6202 * 1. If we're still processing the current operation on `ipsq', then
6203 * dequeue the next message for the operation (from ipx_mphead), or
6204 * return NULL if there are no queued messages for the operation.
6205 * These messages are queued via CUR_OP to qwriter_ip() and friends.
6206 *
6207 * 2. If the current operation on `ipsq' has completed (ipx_current_ipif is
6208 * not set) see if the ipsq has requested an xop switch. If so, switch
6209 * `ipsq' to a different xop. Xop switches only happen when joining or
6210 * leaving IPMP groups and require a careful dance -- see the comments
6211 * in-line below for details. If we're leaving a group xop or if we're
6212 * joining a group xop and become writer on it, then we proceed to (3).
6213 * Otherwise, we return NULL and exit the xop.
6214 *
6215 * 3. For each IPSQ in the xop, return any switch operation stored on
6216 * ipsq_switch_mp (set via SWITCH_OP); these must be processed before
6217 * any other messages queued on the IPSQ. Otherwise, dequeue the next
6218 * exclusive operation (queued via NEW_OP) stored on ipsq_xopq_mphead.
6219 * Note that if the phyint tied to `ipsq' is not using IPMP there will
6220 * only be one IPSQ in the xop. Otherwise, there will be one IPSQ for
6221 * each phyint in the group, including the IPMP meta-interface phyint.
6222 */
6225 {
6235 /*
6236 * Grab all the locks we need in the defined order (ill_g_lock ->
6237 * ipsq_lock -> ipx_lock); ill_g_lock is needed to use ipsq_next.
6238 */
6245 /*
6246 * Dequeue the next message associated with the current exclusive
6247 * operation, if any.
6248 */
6255 }
6261 /*
6262 * The exclusive operation that is now being completed has
6263 * requested a switch to a different xop. This happens
6264 * when an interface joins or leaves an IPMP group. Joins
6265 * happen through SIOCSLIFGROUPNAME (ip_sioctl_groupname()).
6266 * Leaves happen via SIOCSLIFGROUPNAME, interface unplumb
6267 * (phyint_free()), or interface plumb for an ill type
6268 * not in the IPMP group (ip_rput_dlpi_writer()).
6269 *
6270 * Xop switches are not allowed on the IPMP meta-interface.
6271 */
6277 /*
6278 * We're switching back to our own xop, so we have two
6279 * xop's to drain/exit: our own, and the group xop
6280 * that we are leaving.
6281 *
6282 * First, pull ourselves out of the group ipsq list.
6283 * This is safe since we're writer on ill_g_lock.
6284 */
6296 /*
6297 * Second, prepare to exit the group xop. The actual
6298 * ipsq_exit() is done at the end of this function
6299 * since we cannot hold any locks across ipsq_exit().
6300 * Note that although we drop the group's ipx_lock, no
6301 * threads can proceed since we're still ipx_writer.
6302 */
6306 /*
6307 * Third, set ipx to point to our own xop (which was
6308 * inactive and therefore can be entered).
6309 */
6315 /*
6316 * We're switching from our own xop to a group xop.
6317 * The requestor of the switch must ensure that the
6318 * group xop cannot go away (e.g. by ensuring the
6319 * phyint associated with the xop cannot go away).
6320 *
6321 * If we can become writer on our new xop, then we'll
6322 * do the drain. Otherwise, the current writer of our
6323 * new xop will do the drain when it exits.
6324 *
6325 * First, splice ourselves into the group IPSQ list.
6326 * This is safe since we're writer on ill_g_lock.
6327 */
6339 /*
6340 * Second, exit our own xop, since it's now unused.
6341 * This is safe since we've got the only reference.
6342 */
6349 /*
6350 * Third, set ipx to point to our new xop, and check
6351 * if we can become writer on it. If we cannot, then
6352 * the current writer will drain the IPSQ group when
6353 * it exits. Our ipsq_xop is guaranteed to be stable
6354 * because we're still holding ipsq_lock.
6355 */
6361 }
6362 }
6364 /*
6365 * Fourth, become writer on our new ipx before we continue
6366 * with the drain. Note that we never dropped ipsq_lock
6367 * above, so no other thread could've raced with us to
6368 * become writer first. Also, we're holding ipx_lock, so
6369 * no other thread can examine the ipx right now.
6370 */
6376 #ifdef DEBUG
6378 #endif
6379 }
6383 /*
6384 * So that other operations operate on a consistent and
6385 * complete phyint, a switch message on an IPSQ must be
6386 * handled prior to any other operations on that IPSQ.
6387 */
6393 }
6401 }
6403 empty:
6404 /*
6405 * There are no messages. Further, we are holding ipx_lock, hence no
6406 * new messages can end up on any IPSQ in the xop.
6407 */
6413 #ifdef DEBUG
6415 #endif
6416 out:
6420 /*
6421 * If we completely emptied the xop, then wake up any threads waiting
6422 * to enter any of the IPSQ's associated with it.
6423 */
6440 }
6443 /*
6444 * Now that all locks are dropped, exit the IPSQ we left.
6445 */
6450 }
6452 /*
6453 * Return completion status of previously initiated DLPI operations on
6454 * ills in the purview of an ipsq.
6455 */
6456 static boolean_t
6458 {
6467 /*
6468 * The only current users of this function are ipsq_try_enter
6469 * and ipsq_enter which have made sure that ipsq_writer is
6470 * NULL before we reach here. ill_dlpi_pending is modified
6471 * only by an ipsq writer
6472 */
6475 /*
6476 * phyi could be NULL if a phyint that is part of an
6477 * IPMP group is being unplumbed. A more detailed
6478 * comment is in ipmp_grp_update_kstats()
6479 */
6491 }
6496 }
6498 /*
6499 * Enter the ipsq corresponding to ill, by waiting synchronously till
6500 * we can enter the ipsq exclusively. Unless 'force' is used, the ipsq
6501 * will have to drain completely before ipsq_enter returns success.
6502 * ipx_current_ipif will be set if some exclusive op is in progress,
6503 * and the ipsq_exit logic will start the next enqueued op after
6504 * completion of the current op. If 'force' is used, we don't wait
6505 * for the enqueued ops. This is needed when a conn_close wants to
6506 * enter the ipsq and abort an ioctl that is somehow stuck. Unplumb
6507 * of an ill can also use this option. But we dont' use it currently.
6508 */
6509 #define ENTER_SQ_WAIT_TICKS 100
6510 boolean_t
6512 {
6518 /*
6519 * Note that the relationship between ill and ipsq is fixed as long as
6520 * the ill is not ILL_CONDEMNED. Holding ipsq_lock ensures the
6521 * relationship between the IPSQ and xop cannot change. However,
6522 * since we cannot hold ipsq_lock across the cv_wait(), it may change
6523 * while we're waiting. We wait on ill_cv and rely on ipsq_exit()
6524 * waking up all ills in the xop when it becomes available.
6525 */
6533 }
6542 waited_enough))
6557 }
6559 }
6566 #ifdef DEBUG
6568 #endif
6575 }
6577 /*
6578 * ipif_set_values() has a constraint that it cannot drop the ips_ill_g_lock
6579 * across the call to the core interface ipsq_try_enter() and hence calls this
6580 * function directly. This is explained more fully in ipif_set_values().
6581 * In order to support the above constraint, ipsq_try_enter is implemented as
6582 * a wrapper that grabs the ips_ill_g_lock and calls this function subsequently
6583 */
6587 {
6592 /*
6593 * lock ordering:
6594 * ill_g_lock -> conn_lock -> ill_lock -> ipsq_lock -> ipx_lock.
6595 *
6596 * ipx of an ipsq can't change when ipsq_lock is held.
6597 */
6606 /*
6607 * 1. Enter the ipsq if we are already writer and reentry is ok.
6608 * (Note: If the caller does not specify reentry_ok then neither
6609 * 'func' nor any of its callees must ever attempt to enter the ipsq
6610 * again. Otherwise it can lead to an infinite loop
6611 * 2. Enter the ipsq if there is no current writer and this attempted
6612 * entry is part of the current operation
6613 * 3. Enter the ipsq if there is no current writer and this is a new
6614 * operation and the operation queue is empty and there is no
6615 * operation currently in progress and if all previously initiated
6616 * DLPI operations have completed.
6617 */
6622 /* Success. */
6630 #ifdef DEBUG
6632 #endif
6634 }
6644 }
6646 /*
6647 * The ipsq_t (ipsq) is the synchronization data structure used to serialize
6648 * certain critical operations like plumbing (i.e. most set ioctls), etc.
6649 * There is one ipsq per phyint. The ipsq
6650 * serializes exclusive ioctls issued by applications on a per ipsq basis in
6651 * ipsq_xopq_mphead. It also protects against multiple threads executing in
6652 * the ipsq. Responses from the driver pertain to the current ioctl (say a
6653 * DL_BIND_ACK in response to a DL_BIND_REQ initiated as part of bringing
6654 * up the interface) and are enqueued in ipx_mphead.
6655 *
6656 * If a thread does not want to reenter the ipsq when it is already writer,
6657 * it must make sure that the specified reentry point to be called later
6658 * when the ipsq is empty, nor any code path starting from the specified reentry
6659 * point must never ever try to enter the ipsq again. Otherwise it can lead
6660 * to an infinite loop. The reentry point ip_rput_dlpi_writer is an example.
6661 * When the thread that is currently exclusive finishes, it (ipsq_exit)
6662 * dequeues the requests waiting to become exclusive in ipx_mphead and calls
6663 * the reentry point. When the list at ipx_mphead becomes empty ipsq_exit
6664 * proceeds to dequeue the next ioctl in ipsq_xopq_mphead and start the next
6665 * ioctl if the current ioctl has completed. If the current ioctl is still
6666 * in progress it simply returns. The current ioctl could be waiting for
6667 * a response from another module (the driver or could be waiting for
6668 * the ipif/ill/ire refcnts to drop to zero. In such a case the ipx_pending_mp
6669 * and ipx_pending_ipif are set. ipx_current_ipif is set throughout the
6670 * execution of the ioctl and ipsq_exit does not start the next ioctl unless
6671 * ipx_current_ipif is NULL which happens only once the ioctl is complete and
6672 * all associated DLPI operations have completed.
6673 */
6675 /*
6676 * Try to enter the IPSQ corresponding to `ipif' or `ill' exclusively (`ipif'
6677 * and `ill' cannot both be specified). Returns a pointer to the entered IPSQ
6678 * on success, or NULL on failure. The caller ensures ipif/ill is valid by
6679 * refholding it as necessary. If the IPSQ cannot be entered and `func' is
6680 * non-NULL, then `func' will be called back with `q' and `mp' once the IPSQ
6681 * can be entered. If `func' is NULL, then `q' and `mp' are ignored.
6682 */
6683 ipsq_t *
6686 {
6690 /* Only 1 of ipif or ill can be specified */
6702 }
6704 /*
6705 * Try to enter the IPSQ corresponding to `ill' as writer. The caller ensures
6706 * ill is valid by refholding it if necessary; we will refrele. If the IPSQ
6707 * cannot be entered, the mp is queued for completion.
6708 */
6709 void
6711 boolean_t reentry_ok)
6712 {
6717 /*
6718 * Drop the caller's refhold on the ill. This is safe since we either
6719 * entered the IPSQ (and thus are exclusive), or failed to enter the
6720 * IPSQ, in which case we return without accessing ill anymore. This
6721 * is needed because func needs to see the correct refcount.
6722 * e.g. removeif can work only then.
6723 */
6728 }
6729 }
6731 /*
6732 * Exit the specified IPSQ. If this is the final exit on it then drain it
6733 * prior to exiting. Caller must be writer on the specified IPSQ.
6734 */
6735 void
6737 {
6742 ipsq_func_t func;
6750 }
6757 /*
6758 * If we've changed to a new IPSQ, and the phyint associated
6759 * with the old one has gone away, free the old IPSQ. Note
6760 * that this cannot happen while the IPSQ is in a group.
6761 */
6766 }
6777 /*
6778 * If 'q' is an conn queue, it is valid, since we did a
6779 * a refhold on the conn at the start of the ioctl.
6780 * If 'q' is an ill queue, it is valid, since close of an
6781 * ill will clean up its IPSQ.
6782 */
6784 }
6785 }
6787 /*
6788 * Used to start any igmp or mld timers that could not be started
6789 * while holding ill_mcast_lock. The timers can't be started while holding
6790 * the lock, since mld/igmp_start_timers may need to call untimeout()
6791 * which can't be done while holding the lock which the timeout handler
6792 * acquires. Otherwise
6793 * there could be a deadlock since the timeout handlers
6794 * mld_timeout_handler_per_ill/igmp_timeout_handler_per_ill also acquire
6795 * ill_mcast_lock.
6796 */
6797 void
6799 {
6817 }
6819 /*
6820 * Start the current exclusive operation on `ipsq'; associate it with `ipif'
6821 * and `ioccmd'.
6822 */
6823 void
6825 {
6839 /*
6840 * Set IPIF_CHANGING on one or more ipifs associated with the
6841 * current exclusive operation. IPIF_CHANGING prevents any new
6842 * references to the ipif (so that the references will eventually
6843 * drop to zero) and also prevents any "get" operations (e.g.,
6844 * SIOCGLIFFLAGS) from being able to access the ipif until the
6845 * operation has completed and the ipif is again in a stable state.
6846 *
6847 * For ioctls, IPIF_CHANGING is set on the ipif associated with the
6848 * ioctl. For internal operations (where ioccmd is zero), all ipifs
6849 * on the ill are marked with IPIF_CHANGING since it's unclear which
6850 * ipifs will be affected.
6851 *
6852 * Note that SIOCLIFREMOVEIF is a special case as it sets
6853 * IPIF_CONDEMNED internally after identifying the right ipif to
6854 * operate on.
6855 */
6870 }
6871 }
6873 /*
6874 * Finish the current exclusive operation on `ipsq'. Usually, this will allow
6875 * the next exclusive operation to begin once we ipsq_exit(). However, if
6876 * pending DLPI operations remain, then we will wait for the queue to drain
6877 * before allowing the next exclusive operation to begin. This ensures that
6878 * DLPI operations from one exclusive operation are never improperly processed
6879 * as part of a subsequent exclusive operation.
6880 */
6881 void
6883 {
6890 /*
6891 * For SIOCLIFREMOVEIF, the ipif has been already been blown away
6892 * (but in that case, IPIF_CHANGING will already be clear and no
6893 * pending DLPI messages can remain).
6894 */
6906 }
6908 }
6917 }
6918 }
6920 /*
6921 * The ill is closing. Flush all messages on the ipsq that originated
6922 * from this ill. Usually there wont' be any messages on the ipsq_xopq_mphead
6923 * for this ill since ipsq_enter could not have entered until then.
6924 * New messages can't be queued since the CONDEMNED flag is set.
6925 */
6926 static void
6928 {
6937 /*
6938 * Flush any messages sent up by the driver.
6939 */
6945 /* dequeue mp */
6948 else
6953 }
6957 }
6958 }
6962 }
6964 /*
6965 * Parse an ifreq or lifreq struct coming down ioctls and refhold
6966 * and return the associated ipif.
6967 * Return value:
6968 * Non zero: An error has occurred. ci may not be filled out.
6969 * zero : ci is filled out with the ioctl cmd in ci.ci_name, and
6970 * a held ipif in ci.ci_ipif.
6971 */
6972 int
6975 {
6982 boolean_t isv6;
6985 zoneid_t zoneid;
7000 /* global zone can access ipifs in all zones */
7002 }
7004 }
7006 /* Has been checked in ip_wput_nondata */
7010 /* This a old style SIOC[GS]IF* command */
7012 /*
7013 * Null terminate the string to protect against buffer
7014 * overrun. String was generated by user code and may not
7015 * be trusted.
7016 */
7023 /* This a new style SIOC[GS]LIF* command */
7026 /*
7027 * Null terminate the string to protect against buffer
7028 * overrun. String was generated by user code and may not
7029 * be trusted.
7030 */
7036 }
7039 /*
7040 * The ioctl will be failed if the ioctl comes down
7041 * an conn stream
7042 */
7044 /*
7045 * Not an ill queue, return EINVAL same as the
7046 * old error code.
7047 */
7049 }
7053 /*
7054 * Ensure that ioctls don't see any internal state changes
7055 * caused by set ioctls by deferring them if IPIF_CHANGING is
7056 * set.
7057 */
7064 }
7065 }
7067 /*
7068 * Old style [GS]IFCMD does not admit IPv6 ipif
7069 */
7073 }
7077 /*
7078 * Handle a or a SIOC?IF* with a null name
7079 * during plumb (on the ill queue before the I_PLINK).
7080 */
7083 }
7093 }
7095 /*
7096 * Return the total number of ipifs.
7097 */
7098 static uint_t
7100 {
7103 ill_walk_context_t ctx;
7115 numifs++;
7116 }
7117 }
7120 }
7122 /*
7123 * Return the total number of ipifs.
7124 */
7125 static uint_t
7127 {
7131 ill_walk_context_t ctx;
7140 else
7157 IPIF_DEPRECATED)) ||
7169 numifs++;
7170 }
7171 }
7174 }
7176 uint_t
7178 {
7183 /*
7184 * ill_g_usesrc_lock protects ill_usesrc_grp_next, for example, some
7185 * other thread may be trying to relink the ILLs in this usesrc group
7186 * and adjusting the ill_usesrc_grp_next pointers
7187 */
7193 numifs++;
7194 }
7198 }
7200 /* Null values are passed in for ipif, sin, and ifreq */
7201 /* ARGSUSED */
7202 int
7205 {
7211 /* Existence of b_cont->b_cont checked in ip_wput_nondata */
7218 }
7220 /* Null values are passed in for ipif, sin, and ifreq */
7221 /* ARGSUSED */
7222 int
7225 {
7232 /* Existence checked in ip_wput_nondata */
7243 }
7249 }
7251 /* ARGSUSED */
7252 int
7255 {
7260 ill_walk_context_t ctx;
7265 zoneid_t zoneid;
7271 /* Existence verified in ip_wput_nondata */
7276 /*
7277 * The original SIOCGIFCONF passed in a struct ifconf which specified
7278 * the user buffer address and length into which the list of struct
7279 * ifreqs was to be copied. Since AT&T Streams does not seem to
7280 * allow M_COPYOUT to be used in conjunction with I_STR IOCTLS,
7281 * the SIOCGIFCONF operation was redefined to simply provide
7282 * a large output buffer into which we are supposed to jam the ifreq
7283 * array. The same ioctl command code was used, despite the fact that
7284 * both the applications and the kernel code had to change, thus making
7285 * it impossible to support both interfaces.
7286 *
7287 * For reasons not good enough to try to explain, the following
7288 * algorithm is used for deciding what to do with one of these:
7289 * If the IOCTL comes in as an I_STR, it is assumed to be of the new
7290 * form with the output buffer coming down as the continuation message.
7291 * If it arrives as a TRANSPARENT IOCTL, it is assumed to be old style,
7292 * and we have to copy in the ifconf structure to find out how big the
7293 * output buffer is and where to copy out to. Sure no problem...
7294 *
7295 */
7301 /*
7302 * Must be (better be!) continuation of a TRANSPARENT
7303 * IOCTL. We just copied in the ifconf structure.
7304 */
7308 /*
7309 * Allocate a buffer to hold requested information.
7310 *
7311 * If ifc_len is larger than what is needed, we only
7312 * allocate what we will use.
7313 *
7314 * If ifc_len is smaller than what is needed, return
7315 * EINVAL.
7316 *
7317 * XXX: the ill_t structure can hava 2 counters, for
7318 * v4 and v6 (not just ill_ipif_up_count) to store the
7319 * number of interfaces for a device, so we don't need
7320 * to count them here...
7321 */
7328 /* old behaviour */
7332 }
7333 }
7341 }
7343 /*
7344 * the SIOCGIFCONF ioctl only knows about
7345 * IPv4 addresses, so don't try to tell
7346 * it about interfaces with IPv6-only
7347 * addresses. (Last parm 'isv6' is B_FALSE)
7348 */
7364 /* old behaviour */
7369 }
7370 }
7377 ifr++;
7378 }
7379 }
7380 if_copydone:
7387 }
7389 }
7391 /*
7392 * Get the interfaces using the address hosted on the interface passed in,
7393 * as a source adddress
7394 */
7395 /* ARGSUSED */
7396 int
7399 {
7407 uint_t ifindex;
7408 zoneid_t zoneid;
7421 /* Existence verified in ip_wput_nondata */
7424 /*
7425 * Must be (better be!) continuation of a TRANSPARENT
7426 * IOCTL. We just copied in the lifsrcof structure.
7427 */
7439 ifindex));
7441 }
7443 /* Allocate a buffer to hold requested information */
7447 /* The actual size needed is always returned in lifs_len */
7450 /* If the amount we need is more than what is passed in, abort */
7454 }
7461 }
7471 /* ill_g_usesrc_lock protects ill_usesrc_grp_next */
7498 }
7499 lifr++;
7500 }
7508 }
7510 /* ARGSUSED */
7511 int
7514 {
7523 sa_family_t family;
7526 ill_walk_context_t ctx;
7529 zoneid_t zoneid;
7539 /* Existence verified in ip_wput_nondata */
7542 /*
7543 * An extended version of SIOCGIFCONF that takes an
7544 * additional address family and flags field.
7545 * AF_UNSPEC retrieve both IPv4 and IPv6.
7546 * Unless LIFC_NOXMIT is specified the IPIF_NOXMIT
7547 * interfaces are omitted.
7548 * Similarly, IPIF_TEMPORARY interfaces are omitted
7549 * unless LIFC_TEMPORARY is specified.
7550 * If LIFC_EXTERNAL_SOURCE is specified, IPIF_NOXMIT,
7551 * IPIF_NOLOCAL, PHYI_LOOPBACK, IPIF_DEPRECATED and
7552 * not IPIF_UP interfaces are omitted. LIFC_EXTERNAL_SOURCE
7553 * has priority over LIFC_NOXMIT.
7554 */
7560 /*
7561 * Must be (better be!) continuation of a TRANSPARENT
7562 * IOCTL. We just copied in the lifconf structure.
7563 */
7571 /*
7572 * walk all ILL's.
7573 */
7577 /*
7578 * walk only IPV4 ILL's.
7579 */
7583 /*
7584 * walk only IPV6 ILL's.
7585 */
7590 }
7592 /*
7593 * Allocate a buffer to hold requested information.
7594 *
7595 * If lifc_len is larger than what is needed, we only
7596 * allocate what we will use.
7597 *
7598 * If lifc_len is smaller than what is needed, return
7599 * EINVAL.
7600 */
7607 else
7609 }
7639 IPIF_DEPRECATED)) ||
7657 }
7658 }
7681 }
7682 lifr++;
7683 }
7684 }
7685 lif_copydone:
7692 }
7694 }
7696 static void
7698 {
7707 else
7710 /* These two ioctls are I_STR only */
7714 }
7718 /* The user passed us a NULL argument */
7722 /*
7723 * The user provided a table. The stream head
7724 * may have copied in the user data in chunks,
7725 * so make sure everything is pulled up
7726 * properly.
7727 */
7731 NULL) {
7734 }
7738 }
7741 }
7748 #if defined(_SYSCALL32_IMPL) && _LONG_LONG_ALIGNMENT_32 == 4
7756 /*
7757 * We need to do an in-place shrink of the array
7758 * to match the alignment attributes of the
7759 * 32-bit ABI looking at it.
7760 */
7761 /* LINTED: logical expression always true: op "||" */
7765 }
7766 #endif
7772 #if defined(_SYSCALL32_IMPL) && _LONG_LONG_ALIGNMENT_32 == 4
7773 /*
7774 * We pass in the datamodel here so that the ip6_asp_replace()
7775 * routine can handle converting from 32-bit to native formats
7776 * where necessary.
7777 *
7778 * A better way to handle this might be to convert the inbound
7779 * data structure here, and hang it off a new 'mp'; thus the
7780 * ip6_asp_replace() logic would always be dealing with native
7781 * format data structures..
7782 *
7783 * (An even simpler way to handle these ioctls is to just
7784 * add a 32-bit trailing 'pad' field to the ip6_asp_t structure
7785 * and just recompile everything that depends on it.)
7786 */
7787 #endif
7791 }
7795 }
7797 static void
7799 {
7804 ipaddr_t v4daddr;
7806 ipaddr_t v4setsrc;
7807 in6_addr_t v6setsrc;
7809 boolean_t isipv4;
7820 /*
7821 * This ioctl is I_STR only, and must have a
7822 * data mblk following the M_IOCTL mblk.
7823 */
7828 }
7836 }
7840 }
7850 /*
7851 * ip_addr_scope_v6() and ip6_asp_lookup() handle
7852 * v4 mapped addresses; ire_ftable_lookup_v6()
7853 * and ip_select_source_v6() do not.
7854 */
7868 }
7874 /* move on to next dst addr */
7876 }
7883 }
7885 /* With ipmp we most likely look at the ipmp ill here */
7889 ipaddr_t v4saddr;
7896 }
7904 }
7905 }
7913 }
7915 }
7917 /*
7918 * Check if this is an address assigned to this machine.
7919 * Skips interfaces that are down by using ire checks.
7920 * Translates mapped addresses to v4 addresses and then
7921 * treats them as such, returning true if the v4 address
7922 * associated with this mapped address is configured.
7923 * Note: Applications will have to be careful what they do
7924 * with the response; use of mapped addresses limits
7925 * what can be done with the socket, especially with
7926 * respect to socket options and ioctls - neither IPv4
7927 * options nor IPv6 sticky options/ancillary data options
7928 * may be used.
7929 */
7930 /* ARGSUSED */
7931 int
7934 {
7939 zoneid_t zoneid;
7948 /* Existence verified in ip_wput_nondata */
7957 ipaddr_t v4_addr;
7960 v4_addr);
7965 in6_addr_t v6addr;
7971 }
7973 }
7975 ipaddr_t v4addr;
7982 }
7985 }
7991 }
7993 }
7995 /*
7996 * Check if this is an address assigned on-link i.e. neighbor,
7997 * and makes sure it's reachable from the current zone.
7998 * Returns true for my addresses as well.
7999 * Translates mapped addresses to v4 addresses and then
8000 * treats them as such, returning true if the v4 address
8001 * associated with this mapped address is configured.
8002 * Note: Applications will have to be careful what they do
8003 * with the response; use of mapped addresses limits
8004 * what can be done with the socket, especially with
8005 * respect to socket options and ioctls - neither IPv4
8006 * options nor IPv6 sticky options/ancillary data options
8007 * may be used.
8008 */
8009 /* ARGSUSED */
8010 int
8013 {
8018 zoneid_t zoneid;
8027 /* Existence verified in ip_wput_nondata */
8032 /*
8033 * We check for IRE_ONLINK and exclude IRE_BROADCAST|IRE_MULTICAST
8034 * to make sure we only look at on-link unicast address.
8035 */
8041 ipaddr_t v4_addr;
8044 v4_addr);
8048 NULL);
8049 }
8051 in6_addr_t v6addr;
8057 NULL);
8058 }
8059 }
8061 }
8063 ipaddr_t v4addr;
8069 }
8071 }
8074 }
8083 }
8085 }
8087 /*
8088 * TBD: implement when kernel maintaines a list of site prefixes.
8089 */
8090 /* ARGSUSED */
8091 int
8094 {
8096 }
8098 /* ARP IOCTLs. */
8099 /* ARGSUSED */
8100 int
8103 {
8105 ipaddr_t ipaddr;
8127 /* We have a chain - M_IOCTL-->MI_COPY_MBLK-->XARPREQ_MBLK */
8134 /*
8135 * Validate against user's link layer address length
8136 * input and name and addr length limits.
8137 */
8144 }
8146 /* We have a chain - M_IOCTL-->MI_COPY_MBLK-->ARPREQ_MBLK */
8152 /*
8153 * Theoretically, the sa_family could tell us what link
8154 * layer type this operation is trying to deal with. By
8155 * common usage AF_UNSPEC means ethernet. We'll assume
8156 * any attempt to use the SIOC?ARP ioctls is for ethernet,
8157 * for now. Our new SIOC*XARP ioctls can be used more
8158 * generally.
8159 *
8160 * If the underlying media happens to have a non 6 byte
8161 * address, arp module will fail set/get, but the del
8162 * operation will succeed.
8163 */
8168 }
8169 }
8171 /* Translate ATF* flags to NCE* flags */
8180 /*
8181 * IPMP ARP special handling:
8182 *
8183 * 1. Since ARP mappings must appear consistent across the group,
8184 * prohibit changing ARP mappings on the underlying interfaces.
8185 *
8186 * 2. Since ARP mappings for IPMP data addresses are maintained by
8187 * IP itself, prohibit changing them.
8188 *
8189 * 3. For proxy ARP, use a functioning hardware address in the group,
8190 * provided one exists. If one doesn't, just add the entry as-is;
8191 * ipmp_illgrp_refresh_arpent() will refresh it if things change.
8192 */
8196 }
8210 }
8211 /* FALLTHRU */
8212 }
8213 }
8216 /*
8217 * don't match across illgrp per case (1) and (2).
8218 * XXX use IS_IPMP(ill) like ndp_sioc_update?
8219 */
8227 /*
8228 * Delete the NCE if any.
8229 */
8233 }
8234 /* Don't allow changes to arp mappings of local addresses. */
8238 }
8241 /*
8242 * Delete the nce_common which has ncec_ill set to ipmp_ill.
8243 * This will delete all the nce entries on the under_ills.
8244 */
8246 /*
8247 * Once the NCE has been deleted, then the ire_dep* consistency
8248 * mechanism will find any IRE which depended on the now
8249 * condemned NCE (as part of sending packets).
8250 * That mechanism handles redirects by deleting redirects
8251 * that refer to UNREACHABLE nces.
8252 */
8254 }
8264 }
8268 /* Don't allow changes to arp mappings of local addresses. */
8272 }
8274 /* static arp entries will undergo NUD if ATF_PERM is not set */
8285 }
8286 }
8290 }
8291 /*
8292 * NCE_F_STATIC entries will be added in state ND_REACHABLE
8293 * by nce_add_common()
8294 */
8306 }
8310 }
8314 flags);
8318 }
8319 }
8321 }
8325 }
8327 /*
8328 * If we created an IPMP ARP entry, mark that we've notified ARP.
8329 */
8334 }
8336 /*
8337 * Parse an [x]arpreq structure coming down SIOC[GSD][X]ARP ioctls, identify
8338 * the associated sin and refhold and return the associated ipif via `ci'.
8339 */
8340 int
8343 {
8350 boolean_t exists;
8356 /* ioctl comes down on a conn */
8364 /* Verified in ip_wput_nondata */
8382 }
8392 }
8394 /*
8395 * Either an SIOC[DGS]ARP or an SIOC[DGS]XARP with an sdl_nlen
8396 * of 0: use the IP address to find the ipif. If the IP
8397 * address is an IPMP test address, ire_ftable_lookup() will
8398 * find the wrong ill, so we first do an ipif_lookup_addr().
8399 */
8401 ipst);
8410 }
8415 }
8416 }
8421 }
8426 }
8428 /*
8429 * Link or unlink the illgrp on IPMP meta-interface `ill' depending on the
8430 * value of `ioccmd'. While an illgrp is linked to an ipmp_grp_t, it is
8431 * accessible from that ipmp_grp_t, which means SIOCSLIFGROUPNAME can look it
8432 * up and thus an ill can join that illgrp.
8433 *
8434 * We use I_PLINK/I_PUNLINK to do the link/unlink operations rather than
8435 * open()/close() primarily because close() is not allowed to fail or block
8436 * forever. On the other hand, I_PUNLINK *can* fail, and there's no reason
8437 * why anyone should ever need to I_PUNLINK an in-use IPMP stream. To ensure
8438 * symmetric behavior (e.g., doing an I_PLINK after and I_PUNLINK undoes the
8439 * I_PUNLINK) we defer linking to I_PLINK. Separately, we also fail attempts
8440 * to I_LINK since I_UNLINK is optional and we'd end up in an inconsistent
8441 * state if I_UNLINK didn't occur.
8442 *
8443 * Note that for each plumb/unplumb operation, we may end up here more than
8444 * once because of the way ifconfig works. However, it's OK to link the same
8445 * illgrp more than once, or unlink an illgrp that's already unlinked.
8446 */
8447 static int
8449 {
8467 /*
8468 * Require all UP ipifs be brought down prior to unlinking the
8469 * illgrp so any associated IREs (and other state) is torched.
8470 */
8474 /*
8475 * NOTE: We hold ipmp_lock across the unlink to prevent a race
8476 * with an SIOCSLIFGROUPNAME request from an ill trying to
8477 * join this group. Specifically: ills trying to join grab
8478 * ipmp_lock and bump a "pending join" counter checked by
8479 * ipmp_illgrp_unlink_grp(). During the unlink no new pending
8480 * joins can occur (since we have ipmp_lock). Once we drop
8481 * ipmp_lock, subsequent SIOCSLIFGROUPNAME requests will not
8482 * find the illgrp (since we unlinked it) and will return
8483 * EAFNOSUPPORT. This will then take them back through the
8484 * IPMP meta-interface plumbing logic in ifconfig, and thus
8485 * back through I_PLINK above.
8486 */
8493 }
8495 }
8497 /*
8498 * Do I_PLINK/I_LINK or I_PUNLINK/I_UNLINK with consistency checks and also
8499 * atomically set/clear the muxids. Also complete the ioctl by acking or
8500 * naking it. Note that the code is structured such that the link type,
8501 * whether it's persistent or not, is treated equally. ifconfig(1M) and
8502 * its clones use the persistent link, while pppd(1M) and perhaps many
8503 * other daemons may use non-persistent link. When combined with some
8504 * ill_t states, linking and unlinking lower streams may be used as
8505 * indicators of dynamic re-plumbing events [see PSARC/1999/348].
8506 */
8507 /* ARGSUSED */
8508 void
8510 {
8527 else
8530 /* Conn was refheld in ip_sioctl_copyin_setup */
8534 }
8535 }
8537 /*
8538 * Process I_{P}LINK and I_{P}UNLINK requests named by `ioccmd' and pointed to
8539 * by `mp' and `li' for the IP module stream (if li->q_bot is in fact an IP
8540 * module stream).
8541 * Returns zero on success, EINPROGRESS if the operation is still pending, or
8542 * an error code on failure.
8543 */
8544 static int
8547 {
8558 /*
8559 * Walk the lower stream to verify it's the IP module stream.
8560 * The IP module is identified by its name, wput function,
8561 * and non-NULL q_next. STREAMS ensures that the lower stream
8562 * (li->l_qbot) will not vanish until this ioctl completes.
8563 */
8571 }
8575 }
8576 }
8578 /*
8579 * If this isn't an IP module stream, bail.
8580 */
8591 }
8601 }
8603 }
8608 /*
8609 * Plumbing has to be done with IP plumbed first, arp
8610 * second, but here we have arp being plumbed first.
8611 */
8617 }
8618 }
8624 }
8629 /*
8630 * As part of I_{P}LINKing, stash the number of downstream modules and
8631 * the read queue of the module immediately below IP in the ill.
8632 * These are used during the capability negotiation below.
8633 */
8640 }
8644 /*
8645 * Mark the ipsq busy until the capability operations initiated below
8646 * complete. The PLINK/UNLINK ioctl itself completes when our caller
8647 * returns, but the capability operation may complete asynchronously
8648 * much later.
8649 */
8651 /*
8652 * If there's at least one up ipif on this ill, then we're bound to
8653 * the underlying driver via DLPI. In that case, renegotiate
8654 * capabilities to account for any possible change in modules
8655 * interposed between IP and the driver.
8656 */
8660 else
8662 }
8664 done:
8669 }
8671 /*
8672 * Search the ioctl command in the ioctl tables and return a pointer
8673 * to the ioctl command information. The ioctl command tables are
8674 * static and fully populated at compile time.
8675 */
8676 ip_ioctl_cmd_t *
8678 {
8686 /*
8687 * Do a 2 step search. First search the indexed table
8688 * based on the least significant byte of the ioctl cmd.
8689 * If we don't find a match, then search the misc table
8690 * serially.
8691 */
8696 /* Found a match in the ndx table */
8698 }
8699 }
8701 /* Search the misc table */
8705 /* Found a match in the misc table */
8707 }
8710 }
8712 /*
8713 * helper function for ip_sioctl_getsetprop(), which does some sanity checks
8714 */
8715 static boolean_t
8717 {
8721 uint_t flags;
8722 uint_t pioc_size;
8724 /* do sanity checks on various arguments */
8728 }
8732 }
8736 /* sanity checks on mpr_valsize */
8746 /*
8747 * One can either reset the value to it's default value or
8748 * change the current value or append/remove the value from
8749 * a multi-valued properties.
8750 */
8759 /*
8760 * One can retrieve only one kind of property information
8761 * at a time.
8762 */
8768 }
8771 }
8773 /*
8774 * process the SIOC{SET|GET}PROP ioctl's
8775 */
8776 /* ARGSUSED */
8777 static void
8779 {
8787 boolean_t set;
8796 }
8822 }
8828 }
8842 }
8851 }
8852 }
8854 /*
8855 * process the legacy ND_GET, ND_SET ioctl just for {ip|ip6}_forwarding
8856 * as several routing daemons have unfortunately used this 'unpublished'
8857 * but well-known ioctls.
8858 */
8859 /* ARGSUSED */
8860 static void
8862 {
8877 }
8892 }
8902 }
8905 /*
8906 * buffer will have property name and value in the following
8907 * format,
8908 * <property name>'\0'<property value>'\0', extract them;
8909 */
8911 noop;
8919 }
8924 }
8926 }
8928 /*
8929 * Wrapper function for resuming deferred ioctl processing
8930 * Used for SIOCGDSTINFO, SIOCGIP6ADDRPOLICY, SIOCGMSFILTER,
8931 * SIOCSMSFILTER, SIOCGIPMSFILTER, and SIOCSIPMSFILTER currently.
8932 */
8933 /* ARGSUSED */
8934 void
8937 {
8939 }
8941 /*
8942 * ip_sioctl_copyin_setup is called by ip_wput_nondata with any M_IOCTL message
8943 * that arrives. Most of the IOCTLs are "socket" IOCTLs which we handle
8944 * in either I_STR or TRANSPARENT form, using the mi_copy facility.
8945 * We establish here the size of the block to be copied in. mi_copyin
8946 * arranges for this to happen, an processing continues in ip_wput_nondata with
8947 * an M_IOCDATA message.
8948 */
8949 void
8951 {
8960 else
8965 /*
8966 * The ioctl is not one we understand or own.
8967 * Pass it along to be processed down stream,
8968 * if this is a module instance of IP, else nak
8969 * the ioctl.
8970 */
8976 }
8977 }
8979 /*
8980 * If this is deferred, then we will do all the checks when we
8981 * come back.
8982 */
8987 }
8989 /*
8990 * Only allow a very small subset of IP ioctls on this stream if
8991 * IP is a module and not a driver. Allowing ioctls to be processed
8992 * in this case may cause assert failures or data corruption.
8993 * Typically G[L]IFFLAGS, SLIFNAME/IF_UNITSEL are the only few
8994 * ioctls allowed on an IP module stream, after which this stream
8995 * normally becomes a multiplexor (at which time the stream head
8996 * will fail all ioctls).
8997 */
9000 }
9002 /* Make sure we have ioctl data to process. */
9006 /*
9007 * Prefer dblk credential over ioctl credential; some synthesized
9008 * ioctls have kcred set because there's no way to crhold()
9009 * a credential in some contexts. (ioc_cr is not crfree() by
9010 * the framework; the caller of ioctl needs to hold the reference
9011 * for the duration of the call).
9012 */
9017 /* Make sure normal users don't send down privileged ioctls */
9020 /* We checked the privilege earlier but log it here */
9023 }
9025 /*
9026 * The ioctl command tables can only encode fixed length
9027 * ioctl data. If the length is variable, the table will
9028 * encode the length as zero. Such special cases are handled
9029 * below in the switch.
9030 */
9034 }
9039 /*
9040 * This IOCTL is hilarious. See comments in
9041 * ip_sioctl_get_ifconf for the story.
9042 */
9046 else
9090 /*
9091 * We treat non-persistent link similarly as the persistent
9092 * link case, in terms of plumbing/unplumbing, as well as
9093 * dynamic re-plumbing events indicator. See comments
9094 * in ip_sioctl_plink() for more.
9095 *
9096 * Request can be enqueued in the 'ipsq' while waiting
9097 * to become exclusive. So bump up the conn ref.
9098 */
9102 }
9111 /* The ioctl length varies depending on the ILB command. */
9121 /* FALLTHRU */
9122 }
9123 nak:
9127 }
9132 }
9134 static void
9136 {
9161 }
9163 /*
9164 * We're done if this is not an SIOCG{X}ARP
9165 */
9172 }
9173 }
9175 /*
9176 * If /sbin/arp told us we are the authority using the "permanent"
9177 * flag, or if this is one of my addresses print "permanent"
9178 * in the /sbin/arp output.
9179 */
9189 }
9190 }
9192 /*
9193 * Create a new logical interface. If ipif_id is zero (i.e. not a logical
9194 * interface) create the next available logical interface for this
9195 * physical interface.
9196 * If ipif is NULL (i.e. the lookup didn't find one) attempt to create an
9197 * ipif with the specified name.
9198 *
9199 * If the address family is not AF_UNSPEC then set the address as well.
9200 *
9201 * If ip_sioctl_addr returns EINPROGRESS then the ioctl (the copyout)
9202 * is completed when the DL_BIND_ACK arrive in ip_rput_dlpi_writer.
9203 *
9204 * Executed as a writer on the ill.
9205 * So no lock is needed to traverse the ipif chain, or examine the
9206 * phyint flags.
9207 */
9208 /* ARGSUSED */
9209 int
9212 {
9215 boolean_t isv6;
9216 boolean_t exists;
9229 zoneid_t zoneid;
9234 /* Existence of mp1 has been checked in ip_wput_nondata */
9236 /*
9237 * Null terminate the string to protect against buffer
9238 * overrun. String was generated by user code and may not
9239 * be trusted.
9240 */
9255 /*
9256 * Allow creating lo0 using SIOCLIFADDIF.
9257 * can't be any other writer thread. So can pass null below
9258 * for the last 4 args to ipif_lookup_name.
9259 */
9262 /* Prevent any further action */
9266 /* We created the ipif now and as writer */
9273 }
9275 /* Look for a colon in the name. */
9280 /*
9281 * Reject any non-decimal aliases for plumbing
9282 * of logical interfaces. Aliases with leading
9283 * zeroes are also rejected as they introduce
9284 * ambiguity in the naming of the interfaces.
9285 * Comparing with "0" takes care of all such
9286 * cases.
9287 */
9294 }
9297 }
9298 }
9304 }
9307 B_TRUE);
9309 /*
9310 * Release the refhold due to the lookup, now that we are excl
9311 * or we are just returning
9312 */
9318 /* We are now exclusive on the IPSQ */
9322 /* Now see if there is an IPIF with this unit number. */
9328 }
9329 }
9330 }
9332 /*
9333 * We use IRE_LOCAL for lo0:1 etc. for "receive only" use
9334 * of lo0. Plumbing for lo0:0 happens in ipif_lookup_on_name()
9335 * instead.
9336 */
9340 }
9342 /* Return created name with ioctl */
9347 /* Set address */
9352 }
9354 done:
9357 }
9359 /*
9360 * Remove an existing logical interface. If ipif_id is zero (i.e. not a logical
9361 * interface) delete it based on the IP address (on this physical interface).
9362 * Otherwise delete it based on the ipif_id.
9363 * Also, special handling to allow a removeif of lo0.
9364 */
9365 /* ARGSUSED */
9366 int
9369 {
9372 boolean_t success;
9383 /*
9384 * Special case for unplumbing lo0 (the loopback physical interface).
9385 * If unplumbing lo0, the incoming address structure has been
9386 * initialized to all zeros. When unplumbing lo0, all its logical
9387 * interfaces must be removed too.
9388 *
9389 * Note that this interface may be called to remove a specific
9390 * loopback logical interface (eg, lo0:1). But in that case
9391 * ipif->ipif_id != 0 so that the code path for that case is the
9392 * same as any other interface (meaning it skips the code directly
9393 * below).
9394 */
9398 /*
9399 * Mark it condemned. No new ref. will be made to ill.
9400 */
9406 }
9410 /* unplumb the loopback interface */
9415 /* Are any references to this ill active */
9422 }
9429 else
9431 }
9432 }
9437 /* Find based on address */
9445 /* We are a writer, so we should be able to lookup */
9447 ipst);
9452 /* We are a writer, so we should be able to lookup */
9454 ipst);
9455 }
9458 }
9460 /*
9461 * It is possible for a user to send an SIOCLIFREMOVEIF with
9462 * lifr_name of the physical interface but with an ip address
9463 * lifr_addr of a logical interface plumbed over it.
9464 * So update ipx_current_ipif now that ipif points to the
9465 * correct one.
9466 */
9470 /* This is a writer */
9472 }
9474 /*
9475 * Can not delete instance zero since it is tied to the ill.
9476 */
9489 /* Are any references to this ipif active */
9497 }
9499 IPIF_FREE);
9504 else
9506 }
9508 /*
9509 * Restart the removeif ioctl. The refcnt has gone down to 0.
9510 * The ipif is already condemned. So can't find it thru lookups.
9511 */
9512 /* ARGSUSED */
9513 int
9516 {
9530 }
9537 }
9539 /*
9540 * Set the local interface address using the given prefix and ill_token.
9541 */
9542 /* ARGSUSED */
9543 int
9546 {
9548 in6_addr_t v6addr;
9578 }
9580 /*
9581 * Restart entry point to restart the address set operation after the
9582 * refcounts have dropped to zero.
9583 */
9584 /* ARGSUSED */
9585 int
9588 {
9592 }
9594 /*
9595 * Set the local interface address.
9596 * Allow an address of all zero when the interface is down.
9597 */
9598 /* ARGSUSED */
9599 int
9602 {
9604 in6_addr_t v6addr;
9626 /*
9627 * Enforce that true multicast interfaces have a link-local
9628 * address for logical unit 0.
9629 *
9630 * However for those ipif's for which link-local address was
9631 * not created by default, also allow setting :: as the address.
9632 * This scenario would arise, when we delete an address on ipif
9633 * with logical unit 0, we would want to set :: as the address.
9634 */
9641 /*
9642 * if default link-local was not created by kernel for
9643 * this ill, allow setting :: as the address on ipif:0.
9644 */
9650 }
9651 }
9653 /*
9654 * up interfaces shouldn't have the unspecified address
9655 * unless they also have the IPIF_NOLOCAL flags set and
9656 * have a subnet assigned.
9657 */
9663 }
9668 ipaddr_t addr;
9675 /* Allow INADDR_ANY as the local address. */
9681 }
9682 /*
9683 * verify that the address being configured is permitted by the
9684 * ill_allowed_ips[] for the interface.
9685 */
9691 }
9695 }
9696 }
9697 /*
9698 * Even if there is no change we redo things just to rerun
9699 * ipif_set_default.
9700 */
9702 /*
9703 * Setting a new local address, make sure
9704 * we have net and subnet bcast ire's for
9705 * the old address if we need them.
9706 */
9707 /*
9708 * If the interface is already marked up,
9709 * we call ipif_down which will take care
9710 * of ditching any IREs that have been set
9711 * up based on the old interface address.
9712 */
9718 }
9722 }
9724 int
9726 boolean_t need_up)
9727 {
9728 in6_addr_t v6addr;
9729 in6_addr_t ov6addr;
9730 ipaddr_t addr;
9735 boolean_t need_dl_down;
9736 boolean_t need_arp_down;
9745 /* Must cancel any pending timer before taking the ill_lock */
9758 }
9767 /*
9768 * If the interface was previously marked as a duplicate, then since
9769 * we've now got a "new" address, it should no longer be considered a
9770 * duplicate -- even if the "new" address is the same as the old one.
9771 * Note that if all ipifs are down, we may have a pending ARP down
9772 * event to handle. This is because we want to recover from duplicates
9773 * and thus delay tearing down ARP until the duplicates have been
9774 * removed or disabled.
9775 */
9783 }
9784 }
9788 /*
9789 * If we've just manually set the IPv6 link-local address (0th ipif),
9790 * tag the ill so that future updates to the interface ID don't result
9791 * in this address getting automatically reconfigured from under the
9792 * administrator.
9793 */
9798 }
9800 /*
9801 * When publishing an interface address change event, we only notify
9802 * the event listeners of the new address. It is assumed that if they
9803 * actively care about the addresses assigned that they will have
9804 * already discovered the previous address assigned (if there was one.)
9805 *
9806 * Don't attach nic event message for SIOCLIFADDIF ioctl.
9807 */
9811 }
9816 /*
9817 * Now bring the interface back up. If this
9818 * is the only IPIF for the ILL, ipif_up
9819 * will have to re-bind to the device, so
9820 * we may get back EINPROGRESS, in which
9821 * case, this IOCTL will get completed in
9822 * ip_rput_dlpi when we see the DL_BIND_ACK.
9823 */
9826 /* Perhaps ilgs should use this ill */
9828 }
9836 /*
9837 * The default multicast interface might have changed (for
9838 * instance if the IPv6 scope of the address changed)
9839 */
9843 }
9845 /*
9846 * Restart entry point to restart the address set operation after the
9847 * refcounts have dropped to zero.
9848 */
9849 /* ARGSUSED */
9850 int
9853 {
9859 }
9861 /* ARGSUSED */
9862 int
9865 {
9871 /*
9872 * The net mask and address can't change since we have a
9873 * reference to the ipif. So no lock is necessary.
9874 */
9882 }
9893 }
9894 }
9896 }
9898 /*
9899 * Set the destination address for a pt-pt interface.
9900 */
9901 /* ARGSUSED */
9902 int
9905 {
9907 in6_addr_t v6addr;
9926 ipaddr_t addr;
9935 }
9938 }
9944 /*
9945 * If the interface is already marked up,
9946 * we call ipif_down which will take care
9947 * of ditching any IREs that have been set
9948 * up based on the old pp dst address.
9949 */
9955 }
9956 /*
9957 * could return EINPROGRESS. If so ioctl will complete in
9958 * ip_rput_dlpi_writer
9959 */
9962 }
9964 static int
9966 boolean_t need_up)
9967 {
9968 in6_addr_t v6addr;
9971 boolean_t need_dl_down;
9972 boolean_t need_arp_down;
9977 /* Must cancel any pending timer before taking the ill_lock */
9988 ipaddr_t addr;
9992 }
9994 /* Set point to point destination address. */
9996 /*
9997 * Allow this as a means of creating logical
9998 * pt-pt interfaces on top of e.g. an Ethernet.
9999 * XXX Undocumented HACK for testing.
10000 * pt-pt interfaces are created with NUD disabled.
10001 */
10006 }
10008 /*
10009 * If the interface was previously marked as a duplicate, then since
10010 * we've now got a "new" address, it should no longer be considered a
10011 * duplicate -- even if the "new" address is the same as the old one.
10012 * Note that if all ipifs are down, we may have a pending ARP down
10013 * event to handle.
10014 */
10022 }
10023 }
10025 /*
10026 * If we've just manually set the IPv6 destination link-local address
10027 * (0th ipif), tag the ill so that future updates to the destination
10028 * interface ID (as can happen with interfaces over IP tunnels) don't
10029 * result in this address getting automatically reconfigured from
10030 * under the administrator.
10031 */
10035 /* Set the new address. */
10037 /* Make sure subnet tracks pp_dst */
10042 /*
10043 * Now bring the interface back up. If this
10044 * is the only IPIF for the ILL, ipif_up
10045 * will have to re-bind to the device, so
10046 * we may get back EINPROGRESS, in which
10047 * case, this IOCTL will get completed in
10048 * ip_rput_dlpi when we see the DL_BIND_ACK.
10049 */
10051 }
10059 }
10061 /*
10062 * Restart entry point to restart the dstaddress set operation after the
10063 * refcounts have dropped to zero.
10064 */
10065 /* ARGSUSED */
10066 int
10069 {
10074 }
10076 /* ARGSUSED */
10077 int
10080 {
10085 /*
10086 * Get point to point destination address. The addresses can't
10087 * change since we hold a reference to the ipif.
10088 */
10101 }
10103 }
10105 /*
10106 * Check which flags will change by the given flags being set
10107 * silently ignore flags which userland is not allowed to control.
10108 * (Because these flags may change between SIOCGLIFFLAGS and
10109 * SIOCSLIFFLAGS, and that's outside of userland's control,
10110 * we need to silently ignore them rather than fail.)
10111 */
10112 static void
10115 {
10130 }
10132 /*
10133 * Set interface flags. Many flags require special handling (e.g.,
10134 * bringing the interface down); see below for details.
10135 *
10136 * NOTE : We really don't enforce that ipif_id zero should be used
10137 * for setting any flags other than IFF_LOGINT_FLAGS. This
10138 * is because applications generally does SICGLIFFLAGS and
10139 * ORs in the new flags (that affects the logical) and does a
10140 * SIOCSLIFFLAGS. Thus, "flags" below could contain bits other
10141 * than IFF_LOGINT_FLAGS. One could check whether "turn_on" - the
10142 * flags that will be turned on is correct with respect to
10143 * ipif_id 0. For backward compatibility reasons, it is not done.
10144 */
10145 /* ARGSUSED */
10146 int
10149 {
10177 }
10181 /*
10182 * Have the flags been set correctly until now?
10183 */
10187 /*
10188 * Compare the new flags to the old, and partition
10189 * into those coming on and those going off.
10190 * For the 16 bit command keep the bits above bit 16 unchanged.
10191 */
10195 /*
10196 * Explicitly fail attempts to change flags that are always invalid on
10197 * an IPMP meta-interface.
10198 */
10206 /*
10207 * All test addresses must be IFF_DEPRECATED (to ensure source address
10208 * selection avoids them) -- so force IFF_DEPRECATED on, and do not
10209 * allow it to be turned off.
10210 */
10218 /*
10219 * Only vrrp control socket is allowed to change IFF_UP and
10220 * IFF_NOACCEPT flags when IFF_VRRP is set.
10221 */
10225 }
10227 /*
10228 * The IFF_NOACCEPT flag can only be set on an IFF_VRRP IP address by
10229 * VRRP control socket.
10230 */
10234 }
10239 }
10241 /*
10242 * On underlying interfaces, only allow applications to manage test
10243 * addresses -- otherwise, they may get confused when the address
10244 * moves as part of being brought up. Likewise, prevent an
10245 * application-managed test address from being converted to a data
10246 * address. To prevent migration of administratively up addresses in
10247 * the kernel, we don't allow them to be converted either.
10248 */
10258 }
10260 /*
10261 * Only allow IFF_TEMPORARY flag to be set on
10262 * IPv6 interfaces.
10263 */
10267 /*
10268 * cannot turn off IFF_NOXMIT on VNI interfaces.
10269 */
10273 /*
10274 * Don't allow the IFF_ROUTER flag to be turned on on loopback
10275 * interfaces. It makes no sense in that context.
10276 */
10280 /*
10281 * For IPv6 ipif_id 0, don't allow the interface to be up without
10282 * a link local address if IFF_NOLOCAL or IFF_ANYCAST are not set.
10283 * If the link local address isn't set, and can be set, it will get
10284 * set later on in this function.
10285 */
10292 }
10294 /*
10295 * If we modify physical interface flags, we'll potentially need to
10296 * send up two routing socket messages for the changes (one for the
10297 * IPv4 ill, and another for the IPv6 ill). Note that here.
10298 */
10302 /*
10303 * All functioning PHYI_STANDBY interfaces start life PHYI_INACTIVE
10304 * (otherwise, we'd immediately use them, defeating standby). Also,
10305 * since PHYI_INACTIVE has a separate meaning when PHYI_STANDBY is not
10306 * set, don't allow PHYI_STANDBY to be set if PHYI_INACTIVE is already
10307 * set, and clear PHYI_INACTIVE if PHYI_STANDBY is being cleared. We
10308 * also don't allow PHYI_STANDBY if VNI is enabled since its semantics
10309 * will not be honored.
10310 */
10312 /*
10313 * No need to grab ill_g_usesrc_lock here; see the
10314 * synchronization notes in ip.c.
10315 */
10322 }
10323 }
10328 }
10330 /*
10331 * PHYI_FAILED and PHYI_INACTIVE are mutually exclusive; fail if both
10332 * would end up on.
10333 */
10338 /*
10339 * If ILLF_ROUTER changes, we need to change the ip forwarding
10340 * status of the interface.
10341 */
10346 }
10348 /*
10349 * If the interface is not UP and we are not going to
10350 * bring it UP, record the flags and return. When the
10351 * interface comes UP later, the right actions will be
10352 * taken.
10353 */
10356 /* Record new flags in their respective places. */
10368 /*
10369 * PHYI_FAILED, PHYI_INACTIVE, and PHYI_OFFLINE are all the
10370 * same to the kernel: if any of them has been set by
10371 * userland, the interface cannot be used for data traffic.
10372 */
10376 /*
10377 * It's possible the ill is part of an "anonymous"
10378 * IPMP group rather than a real group. In that case,
10379 * there are no other interfaces in the group and thus
10380 * no need to call ipmp_phyint_refresh_active().
10381 */
10384 }
10390 }
10394 }
10395 }
10396 /* The default multicast interface might have changed */
10406 }
10408 /*
10409 * Disallow IPv6 interfaces coming up that have the unspecified address,
10410 * or point-to-point interfaces with an unspecified destination. We do
10411 * allow the address to be unspecified for IPIF_NOLOCAL interfaces that
10412 * have a subnet assigned, which is how in.ndpd currently manages its
10413 * onlink prefix list when no addresses are configured with those
10414 * prefixes.
10415 */
10423 }
10425 /*
10426 * Prevent IPv4 point-to-point interfaces with a 0.0.0.0 destination
10427 * from being brought up.
10428 */
10433 }
10435 /*
10436 * If we are going to change one or more of the flags that are
10437 * IPIF_UP, IPIF_DEPRECATED, IPIF_NOXMIT, IPIF_NOLOCAL, ILLF_NOARP,
10438 * ILLF_NONUD, IPIF_PRIVATE, IPIF_ANYCAST, IPIF_PREFERRED, and
10439 * IPIF_NOFAILOVER, we will take special action. This is
10440 * done by bring the ipif down, changing the flags and bringing
10441 * it back up again. For IPIF_NOFAILOVER, the act of bringing it
10442 * back up will trigger the address to be moved.
10443 *
10444 * If we are going to change IFF_NOACCEPT, we need to bring
10445 * all the ipifs down then bring them up again. The act of
10446 * bringing all the ipifs back up will trigger the local
10447 * ires being recreated with "no_accept" set/cleared.
10448 *
10449 * Note that ILLF_NOACCEPT is always set separately from the
10450 * other flags.
10451 */
10455 IPIF_NOFAILOVER)) {
10456 /*
10457 * ipif_down() will ire_delete bcast ire's for the subnet,
10458 * while the ire_identical_ref tracks the case of IRE_BROADCAST
10459 * entries shared between multiple ipifs on the same subnet.
10460 */
10466 }
10473 /*
10474 * If we can quiesce the ill, then continue. If not, then
10475 * ip_sioctl_flags_tail() will be called from
10476 * ipif_ill_refrele_tail().
10477 */
10483 boolean_t success;
10490 }
10493 }
10495 }
10497 static int
10499 {
10517 /*
10518 * IFF_UP is handled separately.
10519 */
10526 /*
10527 * Now we change the flags. Track current value of
10528 * other flags in their respective places.
10529 */
10541 }
10549 /*
10550 * PHYI_FAILED, PHYI_INACTIVE, and PHYI_OFFLINE are all the same to
10551 * the kernel: if any of them has been set by userland, the interface
10552 * cannot be used for data traffic.
10553 */
10556 /*
10557 * It's possible the ill is part of an "anonymous" IPMP group
10558 * rather than a real group. In that case, there are no other
10559 * interfaces in the group and thus no need for us to call
10560 * ipmp_phyint_refresh_active().
10561 */
10564 }
10567 /*
10568 * If the ILLF_NOACCEPT flag is changed, bring up all the
10569 * ipifs that were brought down.
10570 *
10571 * The routing sockets messages are sent as the result
10572 * of ill_up_ipifs(), further, SCTP's IPIF list was updated
10573 * as well.
10574 */
10577 /*
10578 * XXX ipif_up really does not know whether a phyint flags
10579 * was modified or not. So, it sends up information on
10580 * only one routing sockets message. As we don't bring up
10581 * the interface and also set PHYI_ flags simultaneously
10582 * it should be okay.
10583 */
10586 /*
10587 * Make sure routing socket sees all changes to the flags.
10588 * ipif_up_done* handles this when we use ipif_up.
10589 */
10594 }
10598 }
10601 }
10602 /*
10603 * Update the flags in SCTP's IPIF list, ipif_up() will do
10604 * this in need_up case.
10605 */
10607 }
10609 /* The default multicast interface might have changed */
10612 }
10614 /*
10615 * Restart the flags operation now that the refcounts have dropped to zero.
10616 */
10617 /* ARGSUSED */
10618 int
10621 {
10631 /* cast to uint16_t prevents unwanted sign extension */
10635 }
10637 /*
10638 * If this function call is a result of the ILLF_NOACCEPT flag
10639 * change, do not call ipif_down_tail(). See ip_sioctl_flags().
10640 */
10646 }
10648 /*
10649 * Can operate on either a module or a driver queue.
10650 */
10651 /* ARGSUSED */
10652 int
10655 {
10656 /*
10657 * Has the flags been set correctly till now ?
10658 */
10668 /*
10669 * Need a lock since some flags can be set even when there are
10670 * references to the ipif.
10671 */
10676 /* Get interface flags (low 16 only). */
10682 /* Get interface flags. */
10685 }
10688 }
10690 /*
10691 * We allow the MTU to be set on an ILL, but not have it be different
10692 * for different IPIFs since we don't actually send packets on IPIFs.
10693 */
10694 /* ARGSUSED */
10695 int
10698 {
10713 }
10714 /* Only allow for logical unit zero i.e. not on "bge0:17" */
10721 else
10728 }
10729 /* Avoid increasing ill_mc_mtu */
10733 /*
10734 * The dce and fragmentation code can handle changes to ill_mtu
10735 * concurrent with sending/fragmenting packets.
10736 */
10741 /*
10742 * Make sure all dce_generation checks find out
10743 * that ill_mtu/ill_mc_mtu has changed.
10744 */
10747 /*
10748 * Refresh IPMP meta-interface MTU if necessary.
10749 */
10753 /* Update the MTU in SCTP's list */
10756 }
10758 /* Get interface MTU. */
10759 /* ARGSUSED */
10760 int
10763 {
10770 /*
10771 * We allow a get on any logical interface even though the set
10772 * can only be done on logical unit 0.
10773 */
10780 }
10782 }
10784 /* Set interface broadcast address. */
10785 /* ARGSUSED2 */
10786 int
10789 {
10790 ipaddr_t addr;
10810 /*
10811 * If we are already up, make sure the new
10812 * broadcast address makes sense. If it does,
10813 * there should be an IRE for it already.
10814 */
10822 }
10823 }
10824 /*
10825 * Changing the broadcast addr for this ipif. Since the IRE_BROADCAST
10826 * needs to already exist we never need to change the set of
10827 * IRE_BROADCASTs when we are UP.
10828 */
10833 }
10835 /* Get interface broadcast address. */
10836 /* ARGSUSED */
10837 int
10840 {
10846 /* IPIF_BROADCAST not possible with IPv6 */
10852 }
10854 /*
10855 * This routine is called to handle the SIOCS*IFNETMASK IOCTL.
10856 */
10857 /* ARGSUSED */
10858 int
10861 {
10863 in6_addr_t v6mask;
10879 ipaddr_t mask;
10888 }
10890 /*
10891 * No big deal if the interface isn't already up, or the mask
10892 * isn't really changing, or this is pt-pt.
10893 */
10902 }
10904 }
10905 /*
10906 * Make sure we have valid net and subnet broadcast ire's
10907 * for the old netmask, if needed by other logical interfaces.
10908 */
10915 }
10917 static int
10919 {
10920 in6_addr_t v6mask;
10932 ipaddr_t mask;
10936 }
10942 }
10946 /*
10947 * The interface must be DL_BOUND if this packet has to
10948 * go out on the wire. Since we only go through a logical
10949 * down and are bound with the driver during an internal
10950 * down/up that is satisfied.
10951 */
10953 /* Potentially broadcast an address mask reply. */
10955 }
10956 }
10958 }
10960 /* ARGSUSED */
10961 int
10964 {
10969 }
10971 /* Get interface net mask. */
10972 /* ARGSUSED */
10973 int
10976 {
10983 /*
10984 * net mask can't change since we have a reference to the ipif.
10985 */
11000 }
11001 }
11003 }
11005 /* ARGSUSED */
11006 int
11009 {
11013 /*
11014 * Since no applications should ever be setting metrics on underlying
11015 * interfaces, we explicitly fail to smoke 'em out.
11016 */
11020 /*
11021 * Set interface metric. We don't use this for
11022 * anything but we keep track of it in case it is
11023 * important to routing applications or such.
11024 */
11035 }
11037 }
11039 /* ARGSUSED */
11040 int
11043 {
11044 /* Get interface metric. */
11058 }
11061 }
11063 /* ARGSUSED */
11064 int
11067 {
11072 /*
11073 * Set the muxid returned from I_PLINK.
11074 */
11085 }
11088 }
11090 /* ARGSUSED */
11091 int
11094 {
11099 /*
11100 * Get the muxid saved in ill for I_PUNLINK.
11101 */
11113 }
11115 }
11117 /*
11118 * Set the subnet prefix. Does not modify the broadcast address.
11119 */
11120 /* ARGSUSED */
11121 int
11124 {
11126 in6_addr_t v6addr;
11127 in6_addr_t v6mask;
11148 ipaddr_t addr;
11157 /* Add 96 bits */
11159 }
11164 /* Check if bits in the address is set past the mask */
11173 /*
11174 * If the interface is already marked up,
11175 * we call ipif_down which will take care
11176 * of ditching any IREs that have been set
11177 * up based on the old interface address.
11178 */
11184 }
11188 }
11190 static int
11193 {
11200 /* Set the new address. */
11206 }
11210 /*
11211 * Now bring the interface back up. If this
11212 * is the only IPIF for the ILL, ipif_up
11213 * will have to re-bind to the device, so
11214 * we may get back EINPROGRESS, in which
11215 * case, this IOCTL will get completed in
11216 * ip_rput_dlpi when we see the DL_BIND_ACK.
11217 */
11221 }
11223 }
11225 /* ARGSUSED */
11226 int
11229 {
11231 in6_addr_t v6addr;
11232 in6_addr_t v6mask;
11246 ipaddr_t addr;
11251 }
11255 }
11257 /* ARGSUSED */
11258 int
11261 {
11280 }
11282 }
11284 /*
11285 * Set the IPv6 address token.
11286 */
11287 /* ARGSUSED */
11288 int
11291 {
11294 in6_addr_t v6addr;
11295 in6_addr_t v6mask;
11307 /* Only allow for logical unit zero i.e. not on "le0:17" */
11319 /*
11320 * The length of the token is the length from the end. To get
11321 * the proper mask for this, compute the mask of the bits not
11322 * in the token; ie. the prefix, and then xor to get the mask.
11323 */
11328 }
11340 }
11343 }
11345 static int
11348 {
11349 in6_addr_t v6addr;
11350 in6_addr_t v6mask;
11358 /*
11359 * The length of the token is the length from the end. To get
11360 * the proper mask for this, compute the mask of the bits not
11361 * in the token; ie. the prefix, and then xor to get the mask.
11362 */
11372 /* Reconfigure the link-local address based on this new token */
11378 /*
11379 * Now bring the interface back up. If this
11380 * is the only IPIF for the ILL, ipif_up
11381 * will have to re-bind to the device, so
11382 * we may get back EINPROGRESS, in which
11383 * case, this IOCTL will get completed in
11384 * ip_rput_dlpi when we see the DL_BIND_ACK.
11385 */
11389 }
11391 }
11393 /* ARGSUSED */
11394 int
11397 {
11417 }
11419 /*
11420 * Set (hardware) link specific information that might override
11421 * what was acquired through the DL_INFO_ACK.
11422 */
11423 /* ARGSUSED */
11424 int
11427 {
11438 /* Only allow for logical unit zero i.e. not on "bge0:17" */
11442 /* Set interface MTU. */
11445 else
11448 /*
11449 * Verify values before we set anything. Allow zero to
11450 * mean unspecified.
11451 *
11452 * XXX We should be able to set the user-defined lir_mtu to some value
11453 * that is greater than ill_current_frag but less than ill_max_frag- the
11454 * ill_max_frag value tells us the max MTU that can be handled by the
11455 * datalink, whereas the ill_current_frag is dynamically computed for
11456 * some link-types like tunnels, based on the tunnel PMTU. However,
11457 * since there is currently no way of distinguishing between
11458 * administratively fixed link mtu values (e.g., those set via
11459 * /sbin/dladm) and dynamically discovered MTUs (e.g., those discovered
11460 * for tunnels) we conservatively choose the ill_current_frag as the
11461 * upper-bound.
11462 */
11475 /*
11476 * The dce and fragmentation code can handle changes to ill_mtu
11477 * concurrent with sending/fragmenting packets.
11478 */
11491 /*
11492 * ill_mtu is the actual interface MTU, obtained as the min
11493 * of user-configured mtu and the value announced by the
11494 * driver (via DL_NOTE_SDU_SIZE/DL_INFO_ACK). Note that since
11495 * we have already made the choice of requiring
11496 * ill_user_mtu < ill_current_frag by the time we get here,
11497 * the ill_mtu effectively gets assigned to the ill_user_mtu
11498 * here.
11499 */
11502 }
11505 /*
11506 * Make sure all dce_generation checks find out
11507 * that ill_mtu/ill_mc_mtu has changed.
11508 */
11512 /*
11513 * Refresh IPMP meta-interface MTU if necessary.
11514 */
11519 }
11521 /* ARGSUSED */
11522 int
11525 {
11541 }
11543 /*
11544 * Return best guess as to the subnet mask for the specified address.
11545 * Based on the subnet masks for all the configured interfaces.
11546 *
11547 * We end up returning a zero mask in the case of default, multicast or
11548 * experimental.
11549 */
11550 static ipaddr_t
11552 {
11553 ipaddr_t net_mask;
11556 ill_walk_context_t ctx;
11563 }
11565 /* Let's check to see if this is maybe a local subnet route. */
11566 /* this function only applies to IPv4 interfaces */
11579 /*
11580 * Don't trust pt-pt interfaces if there are
11581 * other interfaces.
11582 */
11587 }
11589 }
11591 /*
11592 * Fine. Just assume the same net mask as the
11593 * directly attached subnet interface is using.
11594 */
11602 }
11603 }
11605 }
11611 }
11613 /*
11614 * ip_sioctl_copyin_setup calls ip_wput_ioctl to process the IP_IOCTL ioctl.
11615 */
11616 static void
11618 {
11619 IOCP iocp;
11636 }
11638 /*
11639 * These IOCTLs provide various control capabilities to
11640 * upstream agents such as ULPs and processes. There
11641 * are currently two such IOCTLs implemented. They
11642 * are used by TCP to provide update information for
11643 * existing IREs and to forcibly delete an IRE for a
11644 * host that is not responding, thereby forcing an
11645 * attempt at a new route.
11646 */
11655 }
11656 /*
11657 * prefer credential from mblk over ioctl;
11658 * see ip_sioctl_copyin_setup
11659 */
11664 /*
11665 * Refhold the conn in case the request gets queued up in some lookup
11666 */
11676 }
11678 /*
11679 * CONN_OPER_PENDING_DONE happens in the function called
11680 * through ipft_pfi above.
11681 */
11683 }
11690 }
11693 done:
11698 }
11700 /*
11701 * Assign a unique id for the ipif. This is used by sctp_addr.c
11702 * Note: remove if sctp_addr.c is redone to not shadow ill/ipif data structures.
11703 */
11704 static void
11706 {
11710 }
11712 /*
11713 * Clone the contents of `sipif' to `dipif'. Requires that both ipifs are
11714 * administratively down (i.e., no DAD), of the same type, and locked. Note
11715 * that the clone is complete -- including the seqid -- and the expectation is
11716 * that the caller will either free or overwrite `sipif' before it's unlocked.
11717 */
11718 static void
11720 {
11735 /*
11736 * As per the comment atop the function, we assume that these sipif
11737 * fields will be changed before sipif is unlocked.
11738 */
11741 }
11743 /*
11744 * Transfer the contents of `sipif' to `dipif', and then free (if `virgipif'
11745 * is NULL) or overwrite `sipif' with `virgipif', which must be a virgin
11746 * (unreferenced) ipif. Also, if `sipif' is used by the current xop, then
11747 * transfer the xop to `dipif'. Requires that all ipifs are administratively
11748 * down (i.e., no DAD), of the same type, and unlocked.
11749 */
11750 static void
11752 {
11759 /*
11760 * Grab all of the locks that protect the ipif in a defined order.
11761 */
11768 }
11772 /*
11773 * Transfer ownership of the current xop, if necessary.
11774 */
11780 }
11784 }
11786 /*
11787 * checks if:
11788 * - <ill_name>:<ipif_id> is at most LIFNAMSIZ - 1 and
11789 * - logical interface is within the allowed range
11790 */
11791 static int
11793 {
11800 }
11802 /*
11803 * Insert the ipif, so that the list of ipifs on the ill will be sorted
11804 * with respect to ipif_id. Note that an ipif with an ipif_id of -1 will
11805 * be inserted into the first space available in the list. The value of
11806 * ipif_id will then be set to the appropriate value for its position.
11807 */
11808 static int
11810 {
11824 /*
11825 * In the case of lo0:0 we already hold the ill_g_lock.
11826 * ill_lookup_on_name (acquires ill_g_lock) -> ipif_allocate ->
11827 * ipif_insert.
11828 */
11840 id++;
11842 }
11848 }
11851 /* we have a real id; insert ipif in the right place */
11857 }
11863 }
11874 }
11876 static void
11878 {
11890 }
11891 }
11893 }
11895 /*
11896 * Allocate and initialize a new interface control structure. (Always
11897 * called as writer.)
11898 * When ipif_allocate() is called from ip_ll_subnet_defaults, the ill
11899 * is not part of the global linked list of ills. ipif_seqid is unique
11900 * in the system and to preserve the uniqueness, it is assigned only
11901 * when ill becomes part of the global list. At that point ill will
11902 * have a name. If it doesn't get assigned here, it will get assigned
11903 * in ipif_set_values() as part of SIOCSLIFNAME processing.
11904 * Aditionally, if we come here from ip_ll_subnet_defaults, we don't set
11905 * the interface flags or any other information from the DL_INFO_ACK for
11906 * DL_STYLE2 drivers (initialize == B_FALSE), since we won't have them at
11907 * this point. The flags etc. will be set in ip_ll_subnet_defaults when the
11908 * second DL_INFO_ACK comes in from the driver.
11909 */
11913 {
11929 }
11934 /*
11935 * Inherit the zoneid from the ill; for the shared stack instance
11936 * this is always the global zone
11937 */
11948 }
11949 /* -1 id should have been replaced by real id */
11952 }
11957 /*
11958 * If this is the zeroth ipif on the IPMP ill, create the illgrp
11959 * (which must not exist yet because the zeroth ipif is created once
11960 * per ill). However, do not not link it to the ipmp_grp_t until
11961 * I_PLINK is called; see ip_sioctl_plink_ipmp() for details.
11962 */
11969 }
11974 }
11975 }
11977 /*
11978 * We grab ill_lock to protect the flag changes. The ipif is still
11979 * not up and can't be looked up until the ioctl completes and the
11980 * IPIF_CHANGING flag is cleared.
11981 */
11993 /* Keep the IN6_IS_ADDR_V4MAPPED assertions happy */
12004 }
12006 /*
12007 * Don't set the interface flags etc. now, will do it in
12008 * ip_ll_subnet_defaults.
12009 */
12013 /*
12014 * NOTE: The IPMP meta-interface is special-cased because it starts
12015 * with no underlying interfaces (and thus an unknown broadcast
12016 * address length), but all interfaces that can be placed into an IPMP
12017 * group are required to be broadcast-capable.
12018 */
12020 /*
12021 * Later detect lack of DLPI driver multicast capability by
12022 * catching DL_ENABMULTI_REQ errors in ip_rput_dlpi().
12023 */
12030 /*
12031 * Note: xresolv interfaces will eventually need
12032 * NOARP set here as well, but that will require
12033 * those external resolvers to have some
12034 * knowledge of that flag and act appropriately.
12035 * Not to be changed at present.
12036 */
12038 else
12040 }
12045 /* pt-pt supports multicast. */
12049 }
12050 }
12051 }
12052 out:
12055 }
12057 /*
12058 * Remove the neighbor cache entries associated with this logical
12059 * interface.
12060 */
12061 int
12063 {
12074 /*
12075 * If this is the last ipif that is going down and there are no
12076 * duplicate addresses we may yet attempt to re-probe, then we need to
12077 * clean up ARP completely.
12078 */
12081 /*
12082 * If this was the last ipif on an IPMP interface, purge any
12083 * static ARP entries associated with it.
12084 */
12088 /* UNBIND, DETACH */
12090 }
12093 }
12095 /*
12096 * Get the resolver set up for a new IP address. (Always called as writer.)
12097 * Called both for IPv4 and IPv6 interfaces, though it only does some
12098 * basic DAD related initialization for IPv6. Honors ILLF_NOARP.
12099 *
12100 * The enumerated value res_act tunes the behavior:
12101 * * Res_act_initial: set up all the resolver structures for a new
12102 * IP address.
12103 * * Res_act_defend: tell ARP that it needs to send a single gratuitous
12104 * ARP message in defense of the address.
12105 * * Res_act_rebind: tell ARP to change the hardware address for an IP
12106 * address (and issue gratuitous ARPs). Used by ipmp_ill_bind_ipif().
12107 *
12108 * Returns zero on success, or an errno upon failure.
12109 */
12110 int
12112 {
12115 boolean_t was_dup;
12124 /*
12125 * We're bringing an interface up here. There's no way that we
12126 * should need to shut down ARP now.
12127 */
12133 }
12135 }
12142 }
12143 /* NDP will set the ipif_addr_ready flag when it's ready */
12149 }
12151 /*
12152 * This routine restarts IPv4/IPv6 duplicate address detection (DAD)
12153 * when a link has just gone back up.
12154 */
12155 static void
12157 {
12166 ipaddr_t v4addr;
12171 /*
12172 * If we can't contact ARP for some reason,
12173 * that's not really a problem. Just send
12174 * out the routing socket notification that
12175 * DAD completion would have done, and continue.
12176 */
12181 }
12185 }
12191 }
12193 /*
12194 * If we can't restart DAD for some reason, that's not really a
12195 * problem. Just send out the routing socket notification that
12196 * DAD completion would have done, and continue.
12197 */
12200 }
12202 }
12204 /*
12205 * Restart duplicate address detection on all interfaces on the given ill.
12206 *
12207 * This is called when an interface transitions from down to up
12208 * (DL_NOTE_LINK_UP) or up to down (DL_NOTE_LINK_DOWN).
12209 *
12210 * Note that since the underlying physical link has transitioned, we must cause
12211 * at least one routing socket message to be sent here, either via DAD
12212 * completion or just by default on the first ipif. (If we don't do this, then
12213 * in.mpathd will see long delays when doing link-based failure recovery.)
12214 */
12215 void
12217 {
12223 /*
12224 * If layer two doesn't support duplicate address detection, then just
12225 * send the routing socket message now and be done with it.
12226 */
12230 }
12238 /*
12239 * kick off the bring-up process now.
12240 */
12243 /*
12244 * Unfortunately, the first ipif is "special"
12245 * and represents the underlying ill in the
12246 * routing socket messages. Thus, when this
12247 * one ipif is down, we must still notify so
12248 * that the user knows the IFF_RUNNING status
12249 * change. (If the first ipif is up, then
12250 * we'll handle eventual routing socket
12251 * notification via DAD completion.)
12252 */
12255 RTSQ_DEFAULT);
12256 }
12257 }
12259 /*
12260 * After link down, we'll need to send a new routing
12261 * message when the link comes back, so clear
12262 * ipif_addr_ready.
12263 */
12265 }
12266 }
12268 /*
12269 * If we've torn down links, then notify the user right away.
12270 */
12273 }
12275 static void
12277 {
12286 }
12288 static int
12290 {
12307 }
12308 }
12309 }
12312 }
12314 /*
12315 * This function is called to bring up all the ipifs that were up before
12316 * bringing the ill down via ill_down_ipifs().
12317 */
12318 int
12320 {
12327 /*
12328 * Send down REPLUMB_DONE notification followed by the
12329 * BIND_REQ on the arp stream.
12330 */
12333 }
12339 }
12341 /*
12342 * Bring down any IPIF_UP ipifs on ill. If "logical" is B_TRUE, we bring
12343 * down the ipifs without sending DL_UNBIND_REQ to the driver.
12344 */
12345 static void
12347 {
12353 /*
12354 * We go through the ipif_down logic even if the ipif
12355 * is already down, since routes can be added based
12356 * on down ipifs. Going through ipif_down once again
12357 * will delete any IREs created based on these routes.
12358 */
12368 }
12369 }
12370 }
12372 /*
12373 * Redo source address selection. This makes IXAF_VERIFY_SOURCE take
12374 * a look again at valid source addresses.
12375 * This should be called each time after the set of source addresses has been
12376 * changed.
12377 */
12378 void
12380 {
12381 /* We skip past SRC_GENERATION_VERIFY */
12383 SRC_GENERATION_VERIFY)
12385 }
12387 /*
12388 * Finish the group join started in ip_sioctl_groupname().
12389 */
12390 /* ARGSUSED */
12391 static void
12393 {
12399 /* IS_UNDER_IPMP() won't work until ipmp_ill_join_illgrp() is called */
12408 }
12414 }
12416 }
12418 /*
12419 * Process an SIOCSLIFGROUPNAME request.
12420 */
12421 /* ARGSUSED */
12422 int
12425 {
12434 /*
12435 * Note that phyint_grp can only change here, where we're exclusive.
12436 */
12447 /*
12448 * If the name hasn't changed, there's nothing to do.
12449 */
12453 /*
12454 * Handle requests to rename an IPMP meta-interface.
12455 *
12456 * Note that creation of the IPMP meta-interface is handled in
12457 * userland through the standard plumbing sequence. As part of the
12458 * plumbing the IPMP meta-interface, its initial groupname is set to
12459 * the name of the interface (see ipif_set_values_tail()).
12460 */
12464 }
12466 /*
12467 * Handle requests to add or remove an IP interface from a group.
12468 */
12470 /*
12471 * Moves are handled by first removing the interface from
12472 * its existing group, and then adding it to another group.
12473 * So, fail if it's already in a group.
12474 */
12478 }
12484 }
12486 /*
12487 * Check if the phyint and its ills are suitable for
12488 * inclusion into the group.
12489 */
12493 /*
12494 * Checks pass; join the group, and enqueue the remaining
12495 * illgrp joins for when we've become part of the group xop
12496 * and are exclusive across its IPSQs. Since qwriter_ip()
12497 * requires an mblk_t to scribble on, and since `mp' will be
12498 * freed as part of completing the ioctl, allocate another.
12499 */
12503 }
12505 /*
12506 * Before we drop ipmp_lock, bump gr_pend* to ensure that the
12507 * IPMP meta-interface ills needed by `phyi' cannot go away
12508 * before ip_join_illgrps() is called back. See the comments
12509 * in ip_sioctl_plink_ipmp() for more.
12510 */
12524 /*
12525 * Request to remove the interface from a group. If the
12526 * interface is not in a group, this trivially succeeds.
12527 */
12532 }
12533 unlock:
12536 }
12538 /*
12539 * Process an SIOCGLIFBINDING request.
12540 */
12541 /* ARGSUSED */
12542 int
12545 {
12556 else
12560 }
12562 /*
12563 * Process an SIOCGLIFGROUPNAME request.
12564 */
12565 /* ARGSUSED */
12566 int
12569 {
12577 else
12581 }
12583 /*
12584 * Process an SIOCGLIFGROUPINFO request.
12585 */
12586 /* ARGSUSED */
12587 int
12590 {
12595 /* ip_wput_nondata() verified mp->b_cont->b_cont */
12603 }
12607 }
12609 static void
12611 {
12614 /*
12615 * The ill is down; unbind but stay attached since we're still
12616 * associated with a PPA. If we have negotiated DLPI capabilites
12617 * with the data link service provider (IDS_OK) then reset them.
12618 * The interval between unbinding and rebinding is potentially
12619 * unbounded hence we cannot assume things will be the same.
12620 * The DLPI capabilities will be probed again when the data link
12621 * is brought up.
12622 */
12628 /* Free all ilms for this ill */
12632 }
12642 /*
12643 * ip_rput does not pass up normal (M_PROTO) DLPI messages
12644 * after ILL_CONDEMNED is set. So in the unplumb case, we call
12645 * ill_capability_dld_disable disable rightaway. If this is not
12646 * an unplumb operation then the disable happens on receipt of
12647 * the capab ack via ip_rput_dlpi_writer ->
12648 * ill_capability_ack_thr. In both cases the order of
12649 * the operations seen by DLD is capability disable followed
12650 * by DL_UNBIND. Also the DLD capability disable needs a
12651 * cv_wait'able context.
12652 */
12657 }
12662 }
12664 void
12666 {
12668 t_uscalar_t prim;
12681 {
12685 }
12691 }
12693 /*
12694 * Except for the ACKs for the M_PCPROTO messages, all other ACKs
12695 * are dropped by ip_rput() if ILL_CONDEMNED is set. Therefore
12696 * we only wait for the ACK of the DL_UNBIND_REQ.
12697 */
12703 }
12710 /*
12711 * There is no ack for DL_NOTIFY_CONF messages
12712 */
12715 }
12717 /*
12718 * Helper function for ill_dlpi_send().
12719 */
12720 /* ARGSUSED */
12721 static void
12723 {
12725 }
12727 /*
12728 * Send a DLPI control message to the driver but make sure there
12729 * is only one outstanding message. Uses ill_dlpi_pending to tell
12730 * when it must queue. ip_rput_dlpi_writer calls ill_dlpi_done()
12731 * when an ACK or a NAK is received to process the next queued message.
12732 */
12733 void
12735 {
12740 /*
12741 * To ensure that any DLPI requests for current exclusive operation
12742 * are always completely sent before any DLPI messages for other
12743 * operations, require writer access before enqueuing.
12744 */
12747 /* qwriter_ip() does the ill_refrele() */
12751 }
12755 /* Must queue message. Tail insertion */
12767 }
12770 }
12772 void
12774 {
12777 }
12779 void
12781 {
12790 }
12792 /*
12793 * Send all deferred DLPI messages without waiting for their ACKs.
12794 */
12795 void
12797 {
12800 /*
12801 * Clear ill_dlpi_pending so that the message is not queued in
12802 * ill_dlpi_send().
12803 */
12814 }
12815 }
12817 /*
12818 * Clear all the deferred DLPI messages. Called on receiving an M_ERROR
12819 * or M_HANGUP
12820 */
12821 static void
12823 {
12835 }
12836 }
12838 /*
12839 * Check if the DLPI primitive `prim' is pending; print a warning if not.
12840 */
12841 boolean_t
12843 {
12844 t_uscalar_t pending;
12850 }
12852 /*
12853 * During teardown, ill_dlpi_dispatch() will send DLPI requests
12854 * without waiting, so don't print any warnings in that case.
12855 */
12859 }
12871 }
12873 }
12875 /*
12876 * Complete the current DLPI operation associated with `prim' on `ill' and
12877 * start the next queued DLPI operation (if any). If there are no queued DLPI
12878 * operations and the ill's current exclusive IPSQ operation has finished
12879 * (i.e., ipsq_current_finish() was called), then clear ipsq_current_ipif to
12880 * allow the next exclusive IPSQ operation to begin upon ipsq_exit(). See
12881 * the comments above ipsq_current_finish() for details.
12882 */
12883 void
12885 {
12905 }
12909 }
12916 }
12918 /*
12919 * Queue a (multicast) DLPI control message to be sent to the driver by
12920 * later calling ill_dlpi_send_queued.
12921 * We queue them while holding a lock (ill_mcast_lock) to ensure that they
12922 * are sent in order i.e., prevent a DL_DISABMULTI_REQ and DL_ENABMULTI_REQ
12923 * for the same group to race.
12924 * We send DLPI control messages in order using ill_lock.
12925 * For IPMP we should be called on the cast_ill.
12926 */
12927 void
12929 {
12935 /* Must queue message. Tail insertion */
12942 }
12944 /*
12945 * Send the messages that were queued. Make sure there is only
12946 * one outstanding message. ip_rput_dlpi_writer calls ill_dlpi_done()
12947 * when an ACK or a NAK is received to process the next queued message.
12948 * For IPMP we are called on the upper ill, but when send what is queued
12949 * on the cast_ill.
12950 */
12951 void
12953 {
12956 t_uscalar_t prim;
12960 /* On the upper IPMP ill. */
12963 /* Avoid ever sending anything down to the ipmpstub */
12965 }
12967 }
12971 /* Can't send. Somebody else will send it */
12974 }
12978 /*
12979 * Nobody there. All multicast addresses will be
12980 * re-joined when we get the DL_BIND_ACK bringing the
12981 * interface up.
12982 */
12985 }
12992 }
12999 }
13001 done:
13004 }
13006 /*
13007 * Queue an IP (IGMP/MLD) message to be sent by IP from
13008 * ill_mcast_send_queued
13009 * We queue them while holding a lock (ill_mcast_lock) to ensure that they
13010 * are sent in order i.e., prevent a IGMP leave and IGMP join for the same
13011 * group to race.
13012 * We send them in order using ill_lock.
13013 * For IPMP we are called on the upper ill, but we queue on the cast_ill.
13014 */
13015 void
13017 {
13024 /* On the upper IPMP ill. */
13027 /* Discard instead of queuing for the ipmp interface */
13033 }
13035 }
13038 /* Must queue message. Tail insertion */
13047 }
13049 /*
13050 * Send the IP packets that were queued by ill_mcast_queue.
13051 * These are IGMP/MLD packets.
13052 *
13053 * For IPMP we are called on the upper ill, but when send what is queued
13054 * on the cast_ill.
13055 *
13056 * Request loopback of the report if we are acting as a multicast
13057 * router, so that the process-level routing demon can hear it.
13058 * This will run multiple times for the same group if there are members
13059 * on the same group for multiple ipif's on the same ill. The
13060 * igmp_input/mld_input code will suppress this due to the loopback thus we
13061 * always loopback membership report.
13062 *
13063 * We also need to make sure that this does not get load balanced
13064 * by IPMP. We do this by passing an ill to ip_output_simple.
13065 */
13066 void
13068 {
13070 ip_xmit_attr_t ixas;
13074 /* On the upper IPMP ill. */
13077 /*
13078 * We should have no messages on the ipmp interface
13079 * but no point in trying to send them.
13080 */
13082 }
13084 }
13089 /*
13090 * Here we set ixa_ifindex. If IPMP it will be the lower ill which
13091 * makes ip_select_route pick the IRE_MULTICAST for the cast_ill.
13092 * That is necessary to handle IGMP/MLD snooping switches.
13093 */
13102 /*
13103 * Nobody there. Just drop the ip packets.
13104 * IGMP/MLD will resend later, if this is a replumb.
13105 */
13108 }
13111 /*
13112 * When the ill is getting deactivated, we only want to
13113 * send the DLPI messages, so drop IGMP/MLD packets.
13114 * DLPI messages are handled by ill_dlpi_send_queued()
13115 */
13119 }
13123 /* Check whether we are sending IPv4 or IPv6. */
13135 }
13142 }
13145 done:
13148 }
13150 /*
13151 * Take down a specific interface, but don't lose any information about it.
13152 * (Always called as writer.)
13153 * This function goes through the down sequence even if the interface is
13154 * already down. There are 2 reasons.
13155 * a. Currently we permit interface routes that depend on down interfaces
13156 * to be added. This behaviour itself is questionable. However it appears
13157 * that both Solaris and 4.3 BSD have exhibited this behaviour for a long
13158 * time. We go thru the cleanup in order to remove these routes.
13159 * b. The bringup of the interface could fail in ill_dl_up i.e. we get
13160 * DL_ERROR_ACK in response to the DL_BIND request. The interface is
13161 * down, but we need to cleanup i.e. do ill_dl_down and
13162 * ip_rput_dlpi_writer (DL_ERROR_ACK) -> ipif_down.
13163 *
13164 * IP-MT notes:
13165 *
13166 * Model of reference to interfaces.
13167 *
13168 * The following members in ipif_t track references to the ipif.
13169 * int ipif_refcnt; Active reference count
13170 *
13171 * The following members in ill_t track references to the ill.
13172 * int ill_refcnt; active refcnt
13173 * uint_t ill_ire_cnt; Number of ires referencing ill
13174 * uint_t ill_ncec_cnt; Number of ncecs referencing ill
13175 * uint_t ill_nce_cnt; Number of nces referencing ill
13176 * uint_t ill_ilm_cnt; Number of ilms referencing ill
13177 *
13178 * Reference to an ipif or ill can be obtained in any of the following ways.
13179 *
13180 * Through the lookup functions ipif_lookup_* / ill_lookup_* functions
13181 * Pointers to ipif / ill from other data structures viz ire and conn.
13182 * Implicit reference to the ipif / ill by holding a reference to the ire.
13183 *
13184 * The ipif/ill lookup functions return a reference held ipif / ill.
13185 * ipif_refcnt and ill_refcnt track the reference counts respectively.
13186 * This is a purely dynamic reference count associated with threads holding
13187 * references to the ipif / ill. Pointers from other structures do not
13188 * count towards this reference count.
13189 *
13190 * ill_ire_cnt is the number of ire's associated with the
13191 * ill. This is incremented whenever a new ire is created referencing the
13192 * ill. This is done atomically inside ire_add_v[46] where the ire is
13193 * actually added to the ire hash table. The count is decremented in
13194 * ire_inactive where the ire is destroyed.
13195 *
13196 * ill_ncec_cnt is the number of ncec's referencing the ill thru ncec_ill.
13197 * This is incremented atomically in
13198 * ndp_add_v4()/ndp_add_v6() where the nce is actually added to the
13199 * table. Similarly it is decremented in ncec_inactive() where the ncec
13200 * is destroyed.
13201 *
13202 * ill_nce_cnt is the number of nce's referencing the ill thru nce_ill. This is
13203 * incremented atomically in nce_add() where the nce is actually added to the
13204 * ill_nce. Similarly it is decremented in nce_inactive() where the nce
13205 * is destroyed.
13206 *
13207 * ill_ilm_cnt is the ilm's reference to the ill. It is incremented in
13208 * ilm_add() and decremented before the ilm is freed in ilm_delete().
13209 *
13210 * Flow of ioctls involving interface down/up
13211 *
13212 * The following is the sequence of an attempt to set some critical flags on an
13213 * up interface.
13214 * ip_sioctl_flags
13215 * ipif_down
13216 * wait for ipif to be quiescent
13217 * ipif_down_tail
13218 * ip_sioctl_flags_tail
13219 *
13220 * All set ioctls that involve down/up sequence would have a skeleton similar
13221 * to the above. All the *tail functions are called after the refcounts have
13222 * dropped to the appropriate values.
13223 *
13224 * SIOC ioctls during the IPIF_CHANGING interval.
13225 *
13226 * Threads handling SIOC set ioctls serialize on the squeue, but this
13227 * is not done for SIOC get ioctls. Since a set ioctl can cause several
13228 * steps of internal changes to the state, some of which are visible in
13229 * ipif_flags (such as IFF_UP being cleared and later set), and we want
13230 * the set ioctl to be atomic related to the get ioctls, the SIOC get code
13231 * will wait and restart ioctls if IPIF_CHANGING is set. The mblk is then
13232 * enqueued in the ipsq and the operation is restarted by ipsq_exit() when
13233 * the current exclusive operation completes. The IPIF_CHANGING check
13234 * and enqueue is atomic using the ill_lock and ipsq_lock. The
13235 * lookup is done holding the ill_lock. Hence the ill/ipif state flags can't
13236 * change while the ill_lock is held. Before dropping the ill_lock we acquire
13237 * the ipsq_lock and call ipsq_enq. This ensures that ipsq_exit can't finish
13238 * until we release the ipsq_lock, even though the ill/ipif state flags
13239 * can change after we drop the ill_lock.
13240 */
13241 int
13243 {
13246 boolean_t success;
13264 /* Update status in SCTP's list */
13268 }
13270 /*
13271 * Removal of the last ipif from an ill may result in a DL_UNBIND
13272 * being sent to the driver, and we must not send any data packets to
13273 * the driver after the DL_UNBIND_REQ. To ensure this, all the
13274 * ire and nce entries used in the data path will be cleaned
13275 * up, and we also set the ILL_DOWN_IN_PROGRESS bit to make
13276 * sure on new entries will be added until the ill is bound
13277 * again. The ILL_DOWN_IN_PROGRESS bit is turned off upon
13278 * receipt of a DL_BIND_ACK.
13279 */
13284 }
13286 /*
13287 * Blow away memberships we established in ipif_multicast_up().
13288 */
13291 /*
13292 * Remove from the mapping for __sin6_src_id. We insert only
13293 * when the address is not INADDR_ANY. As IPv4 addresses are
13294 * stored as mapped addresses, we need to check for mapped
13295 * INADDR_ANY also.
13296 */
13306 }
13307 }
13310 /* only delete if we'd added ire's before */
13313 else
13315 }
13318 /*
13319 * Since the interface is now down, it may have just become
13320 * inactive. Note that this needs to be done even for a
13321 * lll_logical_down(), or ARP entries will not get correctly
13322 * restored when the interface comes back up.
13323 */
13326 }
13328 /*
13329 * neighbor-discovery or arp entries for this interface. The ipif
13330 * has to be quiesced, so we walk all the nce's and delete those
13331 * that point at the ipif->ipif_ill. At the same time, we also
13332 * update IPMP so that ipifs for data addresses are unbound. We dont
13333 * call ipif_arp_down to DL_UNBIND the arp stream itself here, but defer
13334 * that for ipif_down_tail()
13335 */
13338 /*
13339 * If this is the last ipif on the ill, we also need to remove
13340 * any IREs with ire_ill set. Otherwise ipif_is_quiescent() will
13341 * never succeed.
13342 */
13346 /*
13347 * Walk all CONNs that can have a reference on an ire for this
13348 * ipif (we actually walk all that now have stale references).
13349 */
13352 /*
13353 * If mp is NULL the caller will wait for the appropriate refcnt.
13354 * Eg. ip_sioctl_removeif -> ipif_free -> ipif_down
13355 * and ill_delete -> ipif_free -> ipif_down
13356 */
13360 }
13367 }
13369 /*
13370 * Are there any ire's pointing to this ipif that are still active ?
13371 * If this is the last ipif going down, are there any ire's pointing
13372 * to this ill that are still active ?
13373 */
13379 }
13383 /*
13384 * Enqueue the mp atomically in ipsq_pending_mp. When the refcount
13385 * drops down, the operation will be restarted by ipif_ill_refrele_tail
13386 * which in turn is called by the last refrele on the ipif/ill/ire.
13387 */
13390 /* The conn is closing. So just return */
13395 }
13401 }
13403 int
13405 {
13412 /*
13413 * Skip any loopback interface (null wq).
13414 * If this is the last logical interface on the ill
13415 * have ill_dl_down tell the driver we are gone (unbind)
13416 * Note that lun 0 can ipif_down even though
13417 * there are other logical units that are up.
13418 * This occurs e.g. when we change a "significant" IFF_ flag.
13419 */
13424 }
13433 }
13435 /*
13436 * Bring interface logically down without bringing the physical interface
13437 * down e.g. when the netmask is changed. This avoids long lasting link
13438 * negotiations between an ethernet interface and a certain switches.
13439 */
13440 static int
13442 {
13446 /*
13447 * The ill_logical_down flag is a transient flag. It is set here
13448 * and is cleared once the down has completed in ipif_down_tail.
13449 * This flag does not indicate whether the ill stream is in the
13450 * DL_BOUND state with the driver. Instead this flag is used by
13451 * ipif_down_tail to determine whether to DL_UNBIND the stream with
13452 * the driver. The state of the ill stream i.e. whether it is
13453 * DL_BOUND with the driver or not is indicated by the ill_dl_up flag.
13454 */
13457 }
13459 /*
13460 * Initiate deallocate of an IPIF. Always called as writer. Called by
13461 * ill_delete or ip_sioctl_removeif.
13462 */
13463 static void
13465 {
13474 /*
13475 * Take down the interface. We can be called either from ill_delete
13476 * or from ip_sioctl_removeif.
13477 */
13480 /*
13481 * Now that the interface is down, there's no chance it can still
13482 * become a duplicate. Cancel any timer that may have been set while
13483 * tearing down.
13484 */
13490 /* Remove pointers to this ill in the multicast routing tables */
13492 /* If necessary, clear the cached source ipif rotor. */
13496 }
13498 static void
13500 {
13503 /*
13504 * Need to hold both ill_g_lock and ill_lock while
13505 * inserting or removing an ipif from the linked list
13506 * of ipifs hanging off the ill.
13507 */
13510 #ifdef DEBUG
13512 #endif
13514 /* Ask SCTP to take it out of it list */
13518 /* Get it out of the ILL interface list. */
13527 /* Free the memory. */
13529 }
13531 /*
13532 * Sets `buf' to an ipif name of the form "ill_name:id", or "ill_name" if "id"
13533 * is zero.
13534 */
13535 void
13537 {
13550 }
13555 }
13557 /*
13558 * Sets `buf' to an ill name.
13559 */
13560 void
13562 {
13572 }
13574 /*
13575 * Find an IPIF based on the name passed in. Names can be of the form <phys>
13576 * (e.g., le0) or <phys>:<#> (e.g., le0:1). When there is no colon, the
13577 * implied unit id is zero. <phys> must correspond to the name of an ILL.
13578 * (May be called as writer.)
13579 */
13583 {
13589 uint_t ire_type;
13593 /*
13594 * If the caller wants to us to create the ipif, make sure we have a
13595 * valid zoneid
13596 */
13601 }
13604 /* Look for a colon in the name. */
13609 }
13612 /*
13613 * Reject any non-decimal aliases for logical
13614 * interfaces. Aliases with leading zeroes
13615 * are also rejected as they introduce ambiguity
13616 * in the naming of the interfaces.
13617 * In order to confirm with existing semantics,
13618 * and to not break any programs/script relying
13619 * on that behaviour, if<0>:0 is considered to be
13620 * a valid interface.
13621 *
13622 * If alias has two or more digits and the first
13623 * is zero, fail.
13624 */
13627 }
13628 }
13632 }
13636 /*
13637 * Look up the ILL, based on the portion of the name
13638 * before the slash. ill_lookup_on_name returns a held ill.
13639 * Temporary to check whether ill exists already. If so
13640 * ill_lookup_on_name will clear it.
13641 */
13648 /* Establish the unit number in the name. */
13651 /* If there was a colon, the unit number follows. */
13652 cp++;
13656 }
13657 }
13660 /* Now see if there is an IPIF with this unit number. */
13669 }
13675 /*
13676 * Drop locks before calling ill_refrele
13677 * since it can potentially call into
13678 * ipif_ill_refrele_tail which can end up
13679 * in trying to acquire any lock.
13680 */
13683 }
13684 }
13685 }
13691 }
13693 /*
13694 * If none found, atomically allocate and return a new one.
13695 * Historically, we used IRE_LOOPBACK only for lun 0, and IRE_LOCAL
13696 * to support "receive only" use of lo0:1 etc. as is still done
13697 * below as an initial guess.
13698 * However, this is now likely to be overriden later in ipif_up_done()
13699 * when we know for sure what address has been configured on the
13700 * interface, since we might have more than one loopback interface
13701 * with a loopback address, e.g. in the case of zones, and all the
13702 * interfaces with loopback addresses need to be marked IRE_LOOPBACK.
13703 */
13706 else
13714 }
13716 /*
13717 * Variant of the above that queues the request on the ipsq when
13718 * IPIF_CHANGING is set.
13719 */
13724 {
13740 }
13742 /* Look for a colon in the name. */
13747 }
13750 /*
13751 * Reject any non-decimal aliases for logical
13752 * interfaces. Aliases with leading zeroes
13753 * are also rejected as they introduce ambiguity
13754 * in the naming of the interfaces.
13755 * In order to confirm with existing semantics,
13756 * and to not break any programs/script relying
13757 * on that behaviour, if<0>:0 is considered to be
13758 * a valid interface.
13759 *
13760 * If alias has two or more digits and the first
13761 * is zero, fail.
13762 */
13767 }
13768 }
13774 }
13776 /*
13777 * Look up the ILL, based on the portion of the name
13778 * before the slash. ill_lookup_on_name returns a held ill.
13779 * Temporary to check whether ill exists already. If so
13780 * ill_lookup_on_name will clear it.
13781 */
13788 /* Establish the unit number in the name. */
13791 /* If there was a colon, the unit number follows. */
13792 cp++;
13798 }
13799 }
13803 /* Now see if there is an IPIF with this unit number. */
13815 }
13822 /*
13823 * Drop locks before calling ill_refrele
13824 * since it can potentially call into
13825 * ipif_ill_refrele_tail which can end up
13826 * in trying to acquire any lock.
13827 */
13844 }
13845 }
13846 }
13853 }
13855 /*
13856 * This routine is called whenever a new address comes up on an ipif. If
13857 * we are configured to respond to address mask requests, then we are supposed
13858 * to broadcast an address mask reply at this time. This routine is also
13859 * called if we are already up, but a netmask change is made. This is legal
13860 * but might not make the system manager very popular. (May be called
13861 * as writer.)
13862 */
13863 void
13865 {
13870 ip_xmit_attr_t ixas;
13872 #define REPLY_LEN (sizeof (icmp_ipha) + sizeof (icmph_t) + IP_ADDR_LEN)
13877 /* ICMP mask reply is IPv4 only */
13879 /* ICMP mask reply is not for a loopback interface */
13912 #undef REPLY_LEN
13913 }
13915 /*
13916 * Join the ipif specific multicast groups.
13917 * Must be called after a mapping has been set up in the resolver. (Always
13918 * called as writer.)
13919 */
13920 void
13922 {
13947 /*
13948 * Join the all hosts multicast address. We skip this for
13949 * underlying IPMP interfaces since they should be invisible.
13950 */
13959 }
13961 }
13963 /*
13964 * Enable multicast for the solicited node multicast address.
13965 * If IPMP we need to put the membership on the upper ill.
13966 */
13969 boolean_t need_refrele;
13977 }
13991 }
13993 }
13995 }
13997 in6_addr_t v6group;
14002 /* Join the all hosts multicast address */
14011 }
14013 }
14014 }
14016 /*
14017 * Blow away any multicast groups that we joined in ipif_multicast_up().
14018 * (ilms from explicit memberships are handled in conn_update_ill.)
14019 */
14020 void
14022 {
14030 }
14034 }
14035 }
14037 /*
14038 * Used when an interface comes up to recreate any extra routes on this
14039 * interface.
14040 */
14041 int
14043 {
14055 /*
14056 * Create a copy of the IRE with the saved address and netmask.
14057 */
14064 ill,
14067 ipst);
14074 ill,
14077 ipst);
14078 }
14082 }
14090 }
14091 }
14093 /*
14094 * Some software (for example, GateD and Sun Cluster) attempts
14095 * to create (what amount to) IRE_PREFIX routes with the
14096 * loopback address as the gateway. This is primarily done to
14097 * set up prefixes with the RTF_REJECT flag set (for example,
14098 * when generating aggregate routes.)
14099 *
14100 * If the IRE type (as defined by ill->ill_net_type) is
14101 * IRE_LOOPBACK, then we map the request into a
14102 * IRE_IF_NORESOLVER.
14103 */
14107 /*
14108 * ire held by ire_add, will be refreled' towards the
14109 * the end of ipif_up_done
14110 */
14112 /*
14113 * Check if it was a duplicate entry. This handles
14114 * the case of two racing route adds for the same route
14115 */
14125 }
14128 }
14131 }
14133 /*
14134 * Used to set the netmask and broadcast address to default values when the
14135 * interface is brought up. (Always called as writer.)
14136 */
14137 static void
14139 {
14143 /*
14144 * Interface holds an IPv4 address. Default
14145 * mask is the natural netmask.
14146 */
14148 ipaddr_t v4mask;
14152 }
14154 /* ipif_subnet is ipif_pp_dst_addr for pt-pt */
14159 }
14160 /*
14161 * NOTE: SunOS 4.X does this even if the broadcast address
14162 * has been already set thus we do the same here.
14163 */
14165 ipaddr_t v4addr;
14169 }
14171 /*
14172 * Interface holds an IPv6-only address. Default
14173 * mask is all-ones.
14174 */
14178 /* ipif_subnet is ipif_pp_dst_addr for pt-pt */
14183 }
14184 }
14185 }
14187 /*
14188 * Return 0 if this address can be used as local address without causing
14189 * duplicate address problems. Otherwise, return EADDRNOTAVAIL if the address
14190 * is already up on a different ill, and EADDRINUSE if it's up on the same ill.
14191 * Note that the same IPv6 link-local address is allowed as long as the ills
14192 * are not on the same link.
14193 */
14194 int
14196 {
14197 in6_addr_t our_v6addr;
14200 ill_walk_context_t ctx;
14216 else
14242 else
14244 }
14245 }
14248 }
14250 /*
14251 * Bring up an ipif: bring up arp/ndp, bring up the DLPI stream, and add
14252 * IREs for the ipif.
14253 * When the routine returns EINPROGRESS then mp has been consumed and
14254 * the ioctl will be acked from ip_rput_dlpi.
14255 */
14256 int
14258 {
14262 boolean_t success;
14263 uint_t ipif_orig_id;
14272 /* Shouldn't get here if it is already up. */
14276 /*
14277 * If this is a request to bring up a data address on an interface
14278 * under IPMP, then move the address to its IPMP meta-interface and
14279 * try to bring it up. One complication is that the zeroth ipif for
14280 * an ill is special, in that every ill always has one, and that code
14281 * throughout IP deferences ill->ill_ipif without holding any locks.
14282 */
14288 /*
14289 * The ipif being brought up should be quiesced. If it's not,
14290 * something has gone amiss and we need to bail out. (If it's
14291 * quiesced, we know it will remain so via IPIF_CONDEMNED.)
14292 */
14297 }
14300 /*
14301 * If we're going to need to allocate ipifs, do it prior
14302 * to starting the move (and grabbing locks).
14303 */
14308 }
14313 }
14314 }
14316 /*
14317 * Grab or transfer the ipif to move. During the move, keep
14318 * ill_g_lock held to prevent any ill walker threads from
14319 * seeing things in an inconsistent state.
14320 */
14327 }
14329 /*
14330 * Place the ipif on the IPMP ill. If the zeroth ipif on
14331 * the IPMP ill is a stub (0.0.0.0 down address) then we
14332 * replace that one. Otherwise, pick the next available slot.
14333 */
14343 /*
14344 * No more available ipif_id's -- put it back
14345 * on the original ill and fail the operation.
14346 * Since we're writer on the ill, we can be
14347 * sure our old slot is still available.
14348 */
14353 NULL);
14356 }
14359 }
14360 }
14363 /*
14364 * Tell SCTP that the ipif has moved. Note that even if we
14365 * had to allocate a new ipif, the original sequence id was
14366 * preserved and therefore SCTP won't know.
14367 */
14370 /*
14371 * If the ipif being brought up was on slot zero, then we
14372 * first need to bring up the placeholder we stuck there. In
14373 * ip_rput_dlpi_writer(), arp_bringup_done(), or the recursive
14374 * call to ipif_up() itself, if we successfully bring up the
14375 * placeholder, we'll check ill_move_ipif and bring it up too.
14376 */
14385 }
14387 /*
14388 * Bring it up on the IPMP ill.
14389 */
14391 }
14393 /* Skip arp/ndp for any loopback interface. */
14399 /*
14400 * ill_dl_up is not yet set. i.e. we are yet to
14401 * DL_BIND with the driver and this is the first
14402 * logical interface on the ill to become "up".
14403 * Tell the driver to get going (via DL_BIND_REQ).
14404 * Note that changing "significant" IFF_ flags
14405 * address/netmask etc cause a down/up dance, but
14406 * does not cause an unbind (DL_UNBIND) with the driver
14407 */
14409 }
14411 /*
14412 * ipif_resolver_up may end up needeing to bind/attach
14413 * the ARP stream, which in turn necessitates a
14414 * DLPI message exchange with the driver. ioctls are
14415 * serialized and so we cannot send more than one
14416 * interface up message at a time. If ipif_resolver_up
14417 * does need to wait for the DLPI handshake for the ARP stream,
14418 * we get EINPROGRESS and we will complete in arp_bringup_done.
14419 */
14432 /*
14433 * Crank up IPv6 neighbor discovery. Unlike ARP, this should
14434 * complete when ipif_ndp_up returns.
14435 */
14438 /* We will complete it in arp_bringup_done() */
14440 }
14451 /*
14452 * Interfaces without underlying hardware don't do duplicate
14453 * address detection.
14454 */
14458 /* allocation failure? */
14461 }
14468 }
14470 }
14472 /*
14473 * Add any IREs tied to the ill. For now this is just an IRE_MULTICAST.
14474 * The identical set of IREs need to be removed in ill_delete_ires().
14475 */
14476 int
14478 {
14486 /*
14487 * provide some dummy ire_addr for creating the ire.
14488 */
14495 }
14501 }
14503 void
14505 {
14507 /*
14508 * BIND/ATTACH completed; Release the ref for ill_ire_multicast
14509 * which was taken without any th_tracing enabled.
14510 * We also mark it as condemned (note that it was never added)
14511 * so that caching conn's can move off of it.
14512 */
14516 }
14517 }
14519 /*
14520 * Perform a bind for the physical device.
14521 * When the routine returns EINPROGRESS then mp has been consumed and
14522 * the ioctl will be acked from ip_rput_dlpi.
14523 * Allocate an unbind message and save it until ipif_down.
14524 */
14525 static int
14527 {
14531 boolean_t success;
14540 /*
14541 * Make sure we have an IRE_MULTICAST in case we immediately
14542 * start receiving packets.
14543 */
14549 DL_BIND_REQ);
14555 /*
14556 * ill_unbind_mp would be non-null if the following sequence had
14557 * happened:
14558 * - send DL_BIND_REQ to driver, wait for response
14559 * - multiple ioctls that need to bring the ipif up are encountered,
14560 * but they cannot enter the ipsq due to the outstanding DL_BIND_REQ.
14561 * These ioctls will then be enqueued on the ipsq
14562 * - a DL_ERROR_ACK is returned for the DL_BIND_REQ
14563 * At this point, the pending ioctls in the ipsq will be drained, and
14564 * since ill->ill_dl_up was not set, ill_dl_up would be invoked with
14565 * a non-null ill->ill_unbind_mp
14566 */
14569 DL_UNBIND_REQ);
14572 }
14573 /*
14574 * Record state needed to complete this operation when the
14575 * DL_BIND_ACK shows up. Also remember the pre-allocated mblks.
14576 */
14587 /*
14588 * Save the unbind message for ill_dl_down(); it will be consumed when
14589 * the interface goes down.
14590 */
14595 /* Send down link-layer capabilities probe if not already done. */
14598 /*
14599 * Sysid used to rely on the fact that netboots set domainname
14600 * and the like. Now that miniroot boots aren't strictly netboots
14601 * and miniroot network configuration is driven from userland
14602 * these things still need to be set. This situation can be detected
14603 * by comparing the interface being configured here to the one
14604 * dhcifname was set to reference by the boot loader. Once sysid is
14605 * converted to use dhcp_ipc_getinfo() this call can go away.
14606 */
14612 }
14614 /*
14615 * This operation will complete in ip_rput_dlpi with either
14616 * a DL_BIND_ACK or DL_ERROR_ACK.
14617 */
14619 bad:
14625 }
14627 /* Add room for tcp+ip headers */
14630 /*
14631 * DLPI and ARP is up.
14632 * Create all the IREs associated with an interface. Bring up multicast.
14633 * Set the interface flag and finish other initialization
14634 * that potentially had to be deferred to after DL_BIND_ACK.
14635 */
14636 int
14638 {
14650 /* Check if this is a loopback interface */
14656 /*
14657 * If all other interfaces for this ill are down or DEPRECATED,
14658 * or otherwise unsuitable for source address selection,
14659 * reset the src generation numbers to make sure source
14660 * address selection gets to take this new ipif into account.
14661 * No need to hold ill_lock while traversing the ipif list since
14662 * we are writer
14663 */
14671 /* first useable pre-existing interface */
14674 }
14682 /*
14683 * lo0:1 and subsequent ipifs were marked IRE_LOCAL in
14684 * ipif_lookup_on_name(), but in the case of zones we can have
14685 * several loopback addresses on lo0. So all the interfaces with
14686 * loopback addresses need to be marked IRE_LOOPBACK.
14687 */
14691 else
14696 /* add unicast nce for the local addr */
14700 /* A shared-IP zone sees EEXIST for lo0:N */
14709 }
14710 }
14712 /* Create all the IREs associated with this interface */
14715 /*
14716 * see comments about return value from
14717 * ip_addr_availability_check() in ipif_add_ires_v4().
14718 */
14722 /*
14723 * Make IPMP aware of the deleted ipif so that
14724 * the needed ipmp cleanup (e.g., of ipif_bound_ill)
14725 * can be completed. Note that we do not want to
14726 * destroy the nce that was created on the ipmp_ill
14727 * for the active copy of the duplicate address in
14728 * use.
14729 */
14733 }
14735 }
14738 /* Recover any additional IREs entries for this ill */
14740 }
14743 /*
14744 * Need to recover all multicast memberships in the driver.
14745 * This had to be deferred until we had attached. The same
14746 * code exists in ipif_up_done_v6() to recover IPv6
14747 * memberships.
14748 *
14749 * Note that it would be preferable to unconditionally do the
14750 * ill_recover_multicast() in ill_dl_up(), but we cannot do
14751 * that since ill_join_allmulti() depends on ill_dl_up being
14752 * set, and it is not set until we receive a DL_BIND_ACK after
14753 * having called ill_dl_up().
14754 */
14756 }
14759 /*
14760 * Since the interface is now up, it may now be active.
14761 */
14765 /*
14766 * If this is an IPMP interface, we may now be able to
14767 * establish ARP entries.
14768 */
14771 }
14773 /* Join the allhosts multicast address */
14781 /* Broadcast an address mask reply. */
14783 }
14784 /* Perhaps ilgs should use this ill */
14787 /*
14788 * This had to be deferred until we had bound. Tell routing sockets and
14789 * others that this interface is up if it looks like the address has
14790 * been validated. Otherwise, if it isn't ready yet, wait for
14791 * duplicate address detection to do its thing.
14792 */
14796 }
14798 /*
14799 * Add the IREs associated with the ipif.
14800 * Those MUST be explicitly removed in ipif_delete_ires_v4.
14801 */
14802 static int
14804 {
14819 /* Register the source address for __sin6_src_id */
14825 }
14829 else
14832 /* If the interface address is set, create the local IRE. */
14842 ipst);
14851 }
14858 }
14864 }
14868 /*
14869 * If mask was not specified, use natural netmask of
14870 * interface address. Also, store this mask back into the
14871 * ipif struct.
14872 */
14878 }
14880 /* Set up the IRE_IF_RESOLVER or IRE_IF_NORESOLVER, as appropriate. */
14883 /* ipif_subnet is ipif_pp_dst_addr for pt-pt */
14889 }
14900 ill,
14904 ipst);
14909 }
14910 }
14912 /*
14913 * Create any necessary broadcast IREs.
14914 */
14919 /* If an earlier ire_create failed, get out now */
14921 irep1--;
14926 }
14927 }
14929 /*
14930 * Need to atomically check for IP address availability under
14931 * ip_addr_avail_lock. ill_g_lock is held as reader to ensure no new
14932 * ills or new ipifs can be added while we are checking availability.
14933 */
14936 /* Mark it up, and increment counters. */
14944 /*
14945 * Our address may already be up on the same ill. In this case,
14946 * the ARP entry for our ipif replaced the one for the other
14947 * ipif. So we don't want to delete it (otherwise the other ipif
14948 * would be unable to send packets).
14949 * ip_addr_availability_check() identifies this case for us and
14950 * returns EADDRINUSE; Caller should turn it into EADDRNOTAVAIL
14951 * which is the expected error code.
14952 */
14956 }
14958 /*
14959 * Add in all newly created IREs. ire_create_bcast() has
14960 * already checked for duplicates of the IRE_BROADCAST type.
14961 * We add the IRE_INTERFACE before the IRE_LOCAL to ensure
14962 * that lookups find the IRE_LOCAL even if the IRE_INTERFACE is
14963 * a /32 route.
14964 */
14970 }
14971 #ifdef DEBUG
14974 #endif
14975 }
14981 }
14982 #ifdef DEBUG
14985 #endif
14986 }
14996 /*
14997 * We first add all of them, and if that succeeds we refrele the
14998 * bunch. That enables us to delete all of them should any of the
14999 * ire_adds fail.
15000 */
15002 irep1--;
15008 }
15009 }
15012 irep1--;
15013 /* refheld by ire_add. */
15017 }
15018 }
15021 /*
15022 * If the broadcast address has been set, make sure it makes
15023 * sense based on the interface address.
15024 * Only match on ill since we are sharing broadcast addresses.
15025 */
15035 /*
15036 * If there isn't a matching broadcast IRE,
15037 * revert to the default for this netmask.
15038 */
15045 }
15046 }
15048 }
15051 bad2:
15055 bad:
15071 }
15075 }
15078 irep--;
15081 }
15082 }
15086 }
15088 /* Remove all the IREs created by ipif_add_ires_v4 */
15089 void
15091 {
15101 /*
15102 * Move count to ipif so we don't loose the count due to
15103 * a down/up dance.
15104 */
15109 }
15117 }
15119 /*
15120 * Delete the broadcast IREs.
15121 */
15125 }
15127 /*
15128 * Checks for availbility of a usable source address (if there is one) when the
15129 * destination ILL has the ill_usesrc_ifindex pointing to another ILL. Note
15130 * this selection is done regardless of the destination.
15131 */
15132 boolean_t
15135 {
15161 }
15165 }
15167 /*
15168 * Find an ipif with a good local address on the ill+zoneid.
15169 */
15170 ipif_t *
15172 {
15193 }
15196 }
15198 /*
15199 * IP source address type, sorted from worst to best. For a given type,
15200 * always prefer IP addresses on the same subnet. All-zones addresses are
15201 * suboptimal because they pose problems with unlabeled destinations.
15202 */
15204 IPIF_NONE,
15211 IPIF_LOCALADDR /* local loopback */
15214 /*
15215 * Pick the optimal ipif on `ill' for sending to destination `dst' from zone
15216 * `zoneid'. We rate usable ipifs from low -> high as per the ipif_type_t
15217 * enumeration, and return the highest-rated ipif. If there's a tie, we pick
15218 * the first one, unless IPMP is used in which case we round-robin among them;
15219 * see below for more.
15220 *
15221 * Returns NULL if there is no suitable source address for the ill.
15222 * This only occurs when there is no valid source address for the ill.
15223 */
15224 ipif_t *
15227 {
15233 boolean_t samenet;
15240 else
15242 }
15244 /*
15245 * Test addresses should never be used for source address selection,
15246 * so if we were passed one, switch to the IPMP meta-interface.
15247 */
15251 else
15253 }
15255 /*
15256 * Hold the ill_g_lock as reader. This makes sure that no ipif/ill
15257 * can be deleted. But an ipif/ill can get CONDEMNED any time.
15258 * After selecting the right ipif, under ill_lock make sure ipif is
15259 * not condemned, and increment refcnt. If ipif is CONDEMNED,
15260 * we retry. Inside the loop we still need to check for CONDEMNED,
15261 * but not under a lock.
15262 */
15264 retry:
15265 /*
15266 * For source address selection, we treat the ipif list as circular
15267 * and continue until we get back to where we started. This allows
15268 * IPMP to vary source address selection (which improves inbound load
15269 * spreading) by caching its last ending point and starting from
15270 * there. NOTE: we don't have to worry about ill_src_ipif changing
15271 * ills since that can't happen on the IPMP ill.
15272 */
15286 /* Always skip NOLOCAL and ANYCAST interfaces */
15289 /* Always skip NOACCEPT interfaces */
15299 }
15306 /*
15307 * Interfaces with 0.0.0.0 address are allowed to be UP, but
15308 * are not valid as source addresses.
15309 */
15319 IPIF_DIFFNET_DEPRECATED;
15322 IPIF_DIFFNET_ALLZONES;
15325 }
15332 }
15340 }
15343 /*
15344 * For IPMP, update the source ipif rotor to the next ipif,
15345 * provided we can look it up. (We must not use it if it's
15346 * IPIF_CONDEMNED since we may have grabbed ill_g_lock after
15347 * ipif_free() checked ill_src_ipif.)
15348 */
15353 else
15355 }
15357 }
15365 #ifdef DEBUG
15381 }
15384 }
15386 /*
15387 * Pick a source address based on the destination ill and an optional setsrc
15388 * address.
15389 * The result is stored in srcp. If generation is set, then put the source
15390 * generation number there before we look for the source address (to avoid
15391 * missing changes in the set of source addresses.
15392 * If flagsp is set, then us it to pass back ipif_flags.
15393 *
15394 * If the caller wants to cache the returned source address and detect when
15395 * that might be stale, the caller should pass in a generation argument,
15396 * which the caller can later compare against ips_src_generation
15397 *
15398 * The precedence order for selecting an IPv4 source address is:
15399 * - RTF_SETSRC on the offlink ire always wins.
15400 * - If usrsrc is set, swap the ill to be the usesrc one.
15401 * - If IPMP is used on the ill, select a random address from the most
15402 * preferred ones below:
15403 * 1. If onlink destination, same subnet and not deprecated, not ALL_ZONES
15404 * 2. Not deprecated, not ALL_ZONES
15405 * 3. If onlink destination, same subnet and not deprecated, ALL_ZONES
15406 * 4. Not deprecated, ALL_ZONES
15407 * 5. If onlink destination, same subnet and deprecated
15408 * 6. Deprecated.
15409 *
15410 * We have lower preference for ALL_ZONES IP addresses,
15411 * as they pose problems with unlabeled destinations.
15412 *
15413 * Note that when multiple IP addresses match e.g., #1 we pick
15414 * the first one if IPMP is not in use. With IPMP we randomize.
15415 */
15416 int
15418 ipaddr_t multicast_ifaddr,
15421 {
15428 /*
15429 * Need to grab the generation number before we check to
15430 * avoid a race with a change to the set of local addresses.
15431 * No lock needed since the thread which updates the set of local
15432 * addresses use ipif/ill locks and exit those (hence a store memory
15433 * barrier) before doing the atomic increase of ips_src_generation.
15434 */
15437 }
15442 }
15444 /* Was RTF_SETSRC set on the first IRE in the recursive lookup? */
15448 }
15453 else
15455 }
15461 }
15463 /* ARGSUSED */
15464 int
15467 {
15468 /*
15469 * ill_phyint_reinit merged the v4 and v6 into a single
15470 * ipsq. We might not have been able to complete the
15471 * operation in ipif_set_values, if we could not become
15472 * exclusive. If so restart it here.
15473 */
15475 }
15477 /*
15478 * Can operate on either a module or a driver queue.
15479 * Returns an error if not a module queue.
15480 */
15481 /* ARGSUSED */
15482 int
15485 {
15495 }
15506 /*
15507 * Here we are not going to delay the ioack until after
15508 * ACKs from DL_ATTACH_REQ/DL_BIND_REQ. So no need to save the
15509 * original ioctl message before sending the requests.
15510 */
15512 }
15514 /* ARGSUSED */
15515 int
15518 {
15520 }
15522 /*
15523 * Create any IRE_BROADCAST entries for `ipif', and store those entries in
15524 * `irep'. Returns a pointer to the next free `irep' entry
15525 * A mirror exists in ipif_delete_bcast_ires().
15526 *
15527 * The management of any "extra" or seemingly duplicate IRE_BROADCASTs is
15528 * done in ire_add.
15529 */
15532 {
15533 ipaddr_t addr;
15551 /*
15552 * For backward compatibility, we create net broadcast IREs based on
15553 * the old "IP address class system", since some old machines only
15554 * respond to these class derived net broadcast. However, we must not
15555 * create these net broadcast IREs if the subnetmask is shorter than
15556 * the IP address class based derived netmask. Otherwise, we may
15557 * create a net broadcast address which is the same as an IP address
15558 * on the subnet -- and then TCP will refuse to talk to that address.
15559 */
15564 }
15566 /*
15567 * Don't create IRE_BROADCAST IREs for the interface if the subnetmask
15568 * is 0xFFFFFFFF, as an IRE_LOCAL for that interface is already
15569 * created. Creating these broadcast IREs will only create confusion
15570 * as `addr' will be the same as the IP address.
15571 */
15576 }
15579 }
15581 /*
15582 * Mirror of ipif_create_bcast_ires()
15583 */
15584 static void
15586 {
15587 ipaddr_t addr;
15608 /*
15609 * For backward compatibility, we create net broadcast IREs based on
15610 * the old "IP address class system", since some old machines only
15611 * respond to these class derived net broadcast. However, we must not
15612 * create these net broadcast IREs if the subnetmask is shorter than
15613 * the IP address class based derived netmask. Otherwise, we may
15614 * create a net broadcast address which is the same as an IP address
15615 * on the subnet -- and then TCP will refuse to talk to that address.
15616 */
15625 }
15627 /*
15628 * Don't create IRE_BROADCAST IREs for the interface if the subnetmask
15629 * is 0xFFFFFFFF, as an IRE_LOCAL for that interface is already
15630 * created. Creating these broadcast IREs will only create confusion
15631 * as `addr' will be the same as the IP address.
15632 */
15641 }
15642 }
15644 /*
15645 * Extract both the flags (including IFF_CANTCHANGE) such as IFF_IPV*
15646 * from lifr_flags and the name from lifr_name.
15647 * Set IFF_IPV* and ill_isv6 prior to doing the lookup
15648 * since ipif_lookup_on_name uses the _isv6 flags when matching.
15649 * Returns EINPROGRESS when mp has been consumed by queueing it on
15650 * ipx_pending_mp and the ioctl will complete in ip_rput.
15651 *
15652 * Can operate on either a module or a driver queue.
15653 * Returns an error if not a module queue.
15654 */
15655 /* ARGSUSED */
15656 int
15659 {
15672 }
15674 /*
15675 * If we are not writer on 'q' then this interface exists already
15676 * and previous lookups (ip_extract_lifreq()) found this ipif --
15677 * so return EALREADY.
15678 */
15685 /*
15686 * If there's another ill already with the requested name, ensure
15687 * that it's of the same type. Otherwise, ill_phyint_reinit() will
15688 * fuse together two unrelated ills, which will cause chaos.
15689 */
15705 }
15706 }
15708 /*
15709 * We start off as IFF_IPV4 in ipif_allocate and become
15710 * IFF_IPV4 or IFF_IPV6 here depending on lifr_flags value.
15711 * The only flags that we read from user space are IFF_IPV4,
15712 * IFF_IPV6, and IFF_BROADCAST.
15713 *
15714 * This ill has not been inserted into the global list.
15715 * So we are still single threaded and don't need any lock
15716 *
15717 * Saniy check the flags.
15718 */
15726 }
15728 new_flags =
15735 }
15737 /*
15738 * We always start off as IPv4, so only need to check for IPv6.
15739 */
15746 }
15750 else
15753 /* We started off as V4. */
15757 }
15760 }
15762 /* ARGSUSED */
15763 int
15766 {
15767 /*
15768 * ill_phyint_reinit merged the v4 and v6 into a single
15769 * ipsq. We might not have been able to complete the
15770 * slifname in ipif_set_values, if we could not become
15771 * exclusive. If so restart it here
15772 */
15774 }
15776 /*
15777 * Return a pointer to the ipif which matches the index, IP version type and
15778 * zoneid.
15779 */
15780 ipif_t *
15783 {
15797 }
15798 }
15801 }
15803 }
15805 /*
15806 * Change an existing physical interface's index. If the new index
15807 * is acceptable we update the index and the phyint_list_avl_by_index tree.
15808 * Finally, we update other systems which may have a dependence on the
15809 * index value.
15810 */
15811 /* ARGSUSED */
15812 int
15815 {
15822 avl_index_t where;
15826 else
15829 /*
15830 * Only allow on physical interface. Also, index zero is illegal.
15831 */
15836 }
15838 /* If the index is not changing, no work to do */
15842 /*
15843 * Use phyint_exists() to determine if the new interface index
15844 * is already in use. If the index is unused then we need to
15845 * change the phyint's position in the phyint_list_avl_by_index
15846 * tree. If we do not do this, subsequent lookups (using the new
15847 * index value) will not find the phyint.
15848 */
15853 }
15855 /*
15856 * The new index is unused. Set it in the phyint. However we must not
15857 * forget to trigger NE_IFINDEX_CHANGE event before the ifindex
15858 * changes. The event must be bound to old ifindex value.
15859 */
15873 /* Update SCTP's ILL list */
15876 /* Send the routing sockets message */
15881 /* Perhaps ilgs should use this ill */
15884 }
15886 /* ARGSUSED */
15887 int
15890 {
15896 /* Get the interface index */
15901 }
15903 }
15905 /* ARGSUSED */
15906 int
15909 {
15914 /* Get the interface zone */
15918 }
15920 /*
15921 * Set the zoneid of an interface.
15922 */
15923 /* ARGSUSED */
15924 int
15927 {
15932 zone_status_t status;
15933 zoneid_t zoneid;
15939 /* cannot assign instance zero to a non-global zone */
15943 /*
15944 * Cannot assign to a zone that doesn't exist or is shutting down. In
15945 * the event of a race with the zone shutdown processing, since IP
15946 * serializes this ioctl and SIOCGLIFCONF/SIOCLIFREMOVEIF, we know the
15947 * interface will be cleaned up even if the zone is shut down
15948 * immediately after the status check. If the interface can't be brought
15949 * down right away, and the zone is shut down before the restart
15950 * function is called, we resolve the possible races by rechecking the
15951 * zone status in the restart function.
15952 */
15962 /*
15963 * If the interface is already marked up,
15964 * we call ipif_down which will take care
15965 * of ditching any IREs that have been set
15966 * up based on the old interface address.
15967 */
15973 }
15977 }
15979 static int
15982 {
15991 else
15994 /*
15995 * For exclusive stacks we don't allow a different zoneid than
15996 * global.
15997 */
16002 /* Set the new zone id. */
16005 /* Update sctp list */
16008 /* The default multicast interface might have changed */
16012 /*
16013 * Now bring the interface back up. If this
16014 * is the only IPIF for the ILL, ipif_up
16015 * will have to re-bind to the device, so
16016 * we may get back EINPROGRESS, in which
16017 * case, this IOCTL will get completed in
16018 * ip_rput_dlpi when we see the DL_BIND_ACK.
16019 */
16021 }
16023 }
16025 /* ARGSUSED */
16026 int
16029 {
16031 zoneid_t zoneid;
16033 zone_status_t status;
16042 /*
16043 * We recheck the zone status to resolve the following race condition:
16044 * 1) process sends SIOCSLIFZONE to put hme0:1 in zone "myzone";
16045 * 2) hme0:1 is up and can't be brought down right away;
16046 * ip_sioctl_slifzone() returns EINPROGRESS and the request is queued;
16047 * 3) zone "myzone" is halted; the zone status switches to
16048 * 'shutting_down' and the zones framework sends SIOCGLIFCONF to list
16049 * the interfaces to remove - hme0:1 is not returned because it's not
16050 * yet in "myzone", so it won't be removed;
16051 * 4) the restart function for SIOCSLIFZONE is called; without the
16052 * status check here, we would have hme0:1 in "myzone" after it's been
16053 * destroyed.
16054 * Note that if the status check fails, we need to bring the interface
16055 * back to its state prior to ip_sioctl_slifzone(), hence the call to
16056 * ipif_up_done[_v6]().
16057 */
16062 }
16068 }
16070 }
16075 B_TRUE));
16076 }
16078 /*
16079 * Return the number of addresses on `ill' with one or more of the values
16080 * in `set' set and all of the values in `clear' clear.
16081 */
16082 static uint_t
16084 {
16092 cnt++;
16095 }
16097 /*
16098 * Return the number of migratable addresses on `ill' that are under
16099 * application control.
16100 */
16101 uint_t
16103 {
16105 IPIF_NOFAILOVER));
16106 }
16108 /*
16109 * Return the number of point-to-point addresses on `ill'.
16110 */
16111 uint_t
16113 {
16115 }
16117 /* ARGSUSED */
16118 int
16121 {
16133 }
16135 /* Find the previous ILL in this usesrc group */
16138 {
16146 }
16148 /*
16149 * Release all members of the usesrc group. This routine is called
16150 * from ill_delete when the interface being unplumbed is the
16151 * group head.
16152 *
16153 * This silently clears the usesrc that ifconfig setup.
16154 * An alternative would be to keep that ifindex, and drop packets on the floor
16155 * since no source address can be selected.
16156 * Even if we keep the current semantics, don't need a lock and a linked list.
16157 * Can walk all the ills checking if they have a ill_usesrc_ifindex matching
16158 * the one that is being removed. Issue is how we return the usesrc users
16159 * (SIOCGLIFSRCOF). We want to be able to find the ills which have an
16160 * ill_usesrc_ifindex matching a target ill. We could also do that with an
16161 * ill walk, but the walker would need to insert in the ioctl response.
16162 */
16163 static void
16165 {
16181 }
16183 /*
16184 * Remove the client usesrc ILL from the list and relink to a new list
16185 */
16186 int
16188 {
16195 /*
16196 * Check if the usesrc client ILL passed in is not already
16197 * in use as a usesrc ILL i.e one whose source address is
16198 * in use OR a usesrc ILL is not already in use as a usesrc
16199 * client ILL
16200 */
16204 }
16209 /* Remove from the current list */
16211 /* Only two elements in the list */
16216 }
16222 }
16230 }
16232 /*
16233 * Set the ill_usesrc and ill_usesrc_head fields. See synchronization notes in
16234 * ip.c for locking details.
16235 */
16236 /* ARGSUSED */
16237 int
16240 {
16245 uint_t ifindex;
16258 /* non usesrc group interface, nothing to reset */
16260 }
16262 /* valid reset request */
16264 }
16272 }
16278 /* Operation enqueued on the ipsq of the usesrc ILL */
16280 }
16282 /* USESRC isn't currently supported with IPMP */
16286 }
16288 /*
16289 * USESRC isn't compatible with the STANDBY flag. (STANDBY is only
16290 * used by IPMP underlying interfaces, but someone might think it's
16291 * more general and try to use it independently with VNI.)
16292 */
16296 }
16298 /*
16299 * If the client is already in use as a usesrc_ill or a usesrc_ill is
16300 * already a client then return EINVAL
16301 */
16305 }
16307 /*
16308 * If the ill_usesrc_ifindex field is already set to what it needs to
16309 * be then this is a duplicate operation.
16310 */
16314 }
16320 /*
16321 * ill_g_usesrc_lock global lock protects the ill_usesrc_grp_next
16322 * and the ill_usesrc_ifindex fields
16323 */
16330 }
16333 }
16335 /*
16336 * Four possibilities to consider:
16337 * 1. Both usesrc_ill and usesrc_cli_ill are not part of any usesrc grp
16338 * 2. usesrc_ill is part of a group but usesrc_cli_ill isn't
16339 * 3. usesrc_cli_ill is part of a group but usesrc_ill isn't
16340 * 4. Both are part of their respective usesrc groups
16341 */
16351 /* Insert at head of list */
16357 ifindex);
16360 }
16363 done:
16366 /* The refrele on the lifr_name ipif is done by ip_process_ioctl */
16369 /* Let conn_ixa caching know that source address selection changed */
16373 }
16375 /* ARGSUSED */
16376 int
16379 {
16383 /*
16384 * Need a lock since IFF_UP can be set even when there are
16385 * references to the ipif.
16386 */
16390 else
16394 }
16396 /*
16397 * comparison function used by avl.
16398 */
16399 static int
16401 {
16403 uint_t index;
16408 /*
16409 * let the phyint with the lowest index be on top.
16410 */
16416 }
16418 /*
16419 * comparison function used by avl.
16420 */
16421 static int
16423 {
16431 else
16441 }
16443 /*
16444 * This function is called on the unplumb path via ill_glist_delete() when
16445 * there are no ills left on the phyint and thus the phyint can be freed.
16446 */
16447 static void
16449 {
16454 /*
16455 * If this phyint was an IPMP meta-interface, blow away the group.
16456 * This is safe to do because all of the illgrps have already been
16457 * removed by I_PUNLINK, and thus SIOCSLIFGROUPNAME cannot find us.
16458 * If we're cleaning up as a result of failed initialization,
16459 * phyint_grp may be NULL.
16460 */
16466 }
16468 /*
16469 * If this interface was under IPMP, take it out of the group.
16470 */
16474 /*
16475 * Delete the phyint and disassociate its ipsq. The ipsq itself
16476 * will be freed in ipsq_exit().
16477 */
16482 }
16484 /*
16485 * Attach the ill to the phyint structure which can be shared by both
16486 * IPv4 and IPv6 ill. ill_init allocates a phyint to just hold flags. This
16487 * function is called from ipif_set_values and ill_lookup_on_name (for
16488 * loopback) where we know the name of the ill. We lookup the ill and if
16489 * there is one present already with the name use that phyint. Otherwise
16490 * reuse the one allocated by ill_init.
16491 */
16492 static void
16494 {
16511 /*
16512 * Now that our ill has a name, set it in the phyint.
16513 */
16519 /*
16520 * 1. We grabbed the ill_g_lock before inserting this ill into
16521 * the global list of ills. So no other thread could have located
16522 * this ill and hence the ipsq of this ill is guaranteed to be empty.
16523 * 2. Now locate the other protocol instance of this ill.
16524 * 3. Now grab both ill locks in the right order, and the phyint lock of
16525 * the new ipsq. Holding ill locks + ill_g_lock ensures that the ipsq
16526 * of neither ill can change.
16527 * 4. Merge the phyint and thus the ipsq as well of this ill onto the
16528 * other ill.
16529 * 5. Release all locks.
16530 */
16532 /*
16533 * Look for IPv4 if we are initializing IPv6 or look for IPv6 if
16534 * we are initializing IPv4.
16535 */
16542 /*
16543 * We are potentially throwing away phyint_flags which
16544 * could be different from the one that we obtain from
16545 * ill_other->ill_phyint. But it is okay as we are assuming
16546 * that the state maintained within IP is correct.
16547 */
16555 }
16557 /*
16558 * Delete the old phyint and make its ipsq eligible
16559 * to be freed in ipsq_exit().
16560 */
16568 /*
16569 * We don't need to acquire any lock, since
16570 * the ill is not yet visible globally and we
16571 * have not yet released the ill_g_lock.
16572 */
16575 /* XXX We need a recovery strategy here. */
16583 phyint_list_avl_by_index,
16587 }
16589 /*
16590 * Reassigning ill_phyint automatically reassigns the ipsq also.
16591 * pending mp is not affected because that is per ill basis.
16592 */
16595 /*
16596 * Now that the phyint's ifindex has been assigned, complete the
16597 * remaining
16598 */
16606 }
16608 /*
16609 * Generate an event within the hooks framework to indicate that
16610 * a new interface has just been added to IP. For this event to
16611 * be generated, the network interface must, at least, have an
16612 * ifindex assigned to it. (We don't generate the event for
16613 * loopback since ill_lookup_on_name() has its own NE_PLUMB event.)
16614 *
16615 * This needs to be run inside the ill_g_lock perimeter to ensure
16616 * that the ordering of delivered events to listeners matches the
16617 * order of them in the kernel.
16618 */
16622 }
16625 }
16627 /*
16628 * Notify any downstream modules of the name of this interface.
16629 * An M_IOCTL is used even though we don't expect a successful reply.
16630 * Any reply message from the driver (presumably an M_IOCNAK) will
16631 * eventually get discarded somewhere upstream. The message format is
16632 * simply an SIOCSLIFNAME ioctl just as might be sent from ifconfig
16633 * to IP.
16634 */
16635 static void
16637 {
16649 }
16666 }
16668 static int
16670 {
16675 /*
16676 * Now that ill_name is set, the configuration for the IPMP
16677 * meta-interface can be performed.
16678 */
16681 /*
16682 * If phyi->phyint_grp is NULL, then this is the first IPMP
16683 * meta-interface and we need to create the IPMP group.
16684 */
16686 /*
16687 * If someone has renamed another IPMP group to have
16688 * the same name as our interface, bail.
16689 */
16693 }
16698 }
16699 }
16701 }
16703 /* Tell downstream modules where they are. */
16706 /*
16707 * ill_dl_phys returns EINPROGRESS in the usual case.
16708 * Error cases are ENOMEM ...
16709 */
16718 }
16726 }
16728 }
16731 }
16733 /*
16734 * Common routine for ppa and ifname setting. Should be called exclusive.
16735 *
16736 * Returns EINPROGRESS when mp has been consumed by queueing it on
16737 * ipx_pending_mp and the ioctl will complete in ip_rput.
16738 *
16739 * NOTE : If ppa is UNIT_MAX, we assign the next valid ppa and return
16740 * the new name and new ppa in lifr_name and lifr_ppa respectively.
16741 * For SLIFNAME, we pass these values back to the userland.
16742 */
16743 static int
16745 {
16769 /* The ppa is sent down by ifconfig or is chosen */
16772 }
16774 /*
16775 * make sure ppa passed in is same as ppa in the name.
16776 * This check is not made when ppa == UINT_MAX in that case ppa
16777 * in the name could be anything. System will choose a ppa and
16778 * update new_ppa_ptr and inter_name to contain the choosen ppa.
16779 */
16781 /* stoi changes the pointer */
16783 /*
16784 * ifconfig passed in 0 for the ppa for DLPI 1 style devices
16785 * (they don't have an externally visible ppa). We assign one
16786 * here so that we can manage the interface. Note that in
16787 * the past this value was always 0 for DLPI 1 drivers.
16788 */
16793 }
16794 /*
16795 * terminate string before ppa
16796 * save char at that location.
16797 */
16802 /*
16803 * Finish as much work now as possible before calling ill_glist_insert
16804 * which makes the ill globally visible and also merges it with the
16805 * other protocol instance of this phyint. The remaining work is
16806 * done after entering the ipsq which may happen sometime later.
16807 */
16810 /* We didn't do this when we allocated ipif in ip_ll_subnet_defaults */
16825 }
16827 /* Keep the !IN6_IS_ADDR_V4MAPPED assertions happy */
16834 /*
16835 * point-to-point or Non-mulicast capable
16836 * interfaces won't do NUD unless explicitly
16837 * configured to do so.
16838 */
16842 }
16843 /* Make sure IPv4 specific flag is not set on IPv6 if */
16845 /*
16846 * Note: xresolv interfaces will eventually need
16847 * NOARP set here as well, but that will require
16848 * those external resolvers to have some
16849 * knowledge of that flag and act appropriately.
16850 * Not to be changed at present.
16851 */
16853 }
16854 /*
16855 * Set the ILLF_ROUTER flag according to the global
16856 * IPv6 forwarding policy.
16857 */
16869 /*
16870 * Set the ILLF_ROUTER flag according to the global
16871 * IPv4 forwarding policy.
16872 */
16875 }
16879 /*
16880 * The ipIfStatsIfindex and ipv6IfIcmpIfIndex assignments will
16881 * be completed in ill_glist_insert -> ill_phyint_reinit
16882 */
16886 /*
16887 * Pick a default sap until we get the DL_INFO_ACK back from
16888 * the driver.
16889 */
16896 /*
16897 * When the first ipif comes up in ipif_up_done(), multicast groups
16898 * that were joined while this ill was not bound to the DLPI link need
16899 * to be recovered by ill_recover_multicast().
16900 */
16909 /*
16910 * undo null termination done above.
16911 */
16916 }
16920 /*
16921 * When we return the buffer pointed to by interf_name should contain
16922 * the same name as in ill_name.
16923 * If a ppa was choosen by the system (ppa passed in was UINT_MAX)
16924 * the buffer pointed to by new_ppa_ptr would not contain the right ppa
16925 * so copy full name and update the ppa ptr.
16926 * When ppa passed in != UINT_MAX all values are correct just undo
16927 * null termination, this saves a bcopy.
16928 */
16933 /*
16934 * undo null termination done above.
16935 */
16937 }
16939 /* Let SCTP know about this ILL */
16942 /*
16943 * ill_glist_insert has made the ill visible globally, and
16944 * ill_phyint_reinit could have changed the ipsq. At this point,
16945 * we need to hold the ips_ill_g_lock across the call to enter the
16946 * ipsq to enforce atomicity and prevent reordering. In the event
16947 * the ipsq has changed, and if the new ipsq is currently busy,
16948 * we need to make sure that this half-completed ioctl is ahead of
16949 * any subsequent ioctl. We achieve this by not dropping the
16950 * ips_ill_g_lock which prevents any ill lookup itself thereby
16951 * ensuring that new ioctls can't start.
16952 */
16954 B_TRUE);
16961 /*
16962 * If ill_phyint_reinit() changed our ipsq, then start on the new ipsq.
16963 */
16966 else
16972 /*
16973 * restore previous values
16974 */
16977 }
16979 }
16981 void
16983 {
16991 }
16994 ill_phyint_compare_index,
16998 ill_phyint_compare_name,
17001 }
17003 /*
17004 * Save enough information so that we can recreate the IRE if
17005 * the interface goes down and then up.
17006 */
17007 void
17009 {
17029 /* ire_gateway_addr_v6 can change due to RTM_CHANGE */
17035 }
17043 }
17044 }
17046 /*
17047 * Remove one entry from ill_saved_ire_mp.
17048 */
17049 void
17051 {
17056 /* Remove from ill_saved_ire_mp list if it is there */
17060 in6_addr_t gw_addr_v6;
17062 /*
17063 * On a given ill, the tuple of address, gateway, mask,
17064 * ire_type, and zoneid is unique for each saved IRE.
17065 */
17068 /* ire_gateway_addr_v6 can change - need lock */
17091 }
17092 }
17094 }
17096 /*
17097 * IP multirouting broadcast routes handling
17098 * Append CGTP broadcast IREs to regular ones created
17099 * at ifconfig time.
17100 * The usage is a route add <cgtp_bc> <nic_bc> -multirt i.e., both
17101 * the destination and the gateway are broadcast addresses.
17102 * The caller has verified that the destination is an IRE_BROADCAST and that
17103 * RTF_MULTIRT was set. Here if the gateway is a broadcast address, then
17104 * we create a MULTIRT IRE_BROADCAST.
17105 * Note that the IRE_HOST created by ire_rt_add doesn't get found by anything
17106 * since the IRE_BROADCAST takes precedence; ire_add_v4 does head insertion.
17107 */
17108 static void
17110 {
17118 /*
17119 * We are in the special case of broadcasts for
17120 * CGTP. We add an IRE_BROADCAST that holds
17121 * the RTF_MULTIRT flag, the destination
17122 * address and the low level
17123 * info of ire_prim. In other words, CGTP
17124 * broadcast is added to the redundant ipif.
17125 */
17138 IRE_BROADCAST,
17139 ill_prim,
17142 ipst);
17144 /*
17145 * Here we assume that ire_add does head insertion so that
17146 * the added IRE_BROADCAST comes before the existing IRE_HOST.
17147 */
17152 }
17161 }
17162 }
17164 }
17165 }
17167 /*
17168 * IP multirouting broadcast routes handling
17169 * Remove the broadcast ire.
17170 * The usage is a route delete <cgtp_bc> <nic_bc> -multirt i.e., both
17171 * the destination and the gateway are broadcast addresses.
17172 * The caller has only verified that RTF_MULTIRT was set. We check
17173 * that the destination is broadcast and that the gateway is a broadcast
17174 * address, and if so delete the IRE added by ip_cgtp_bcast_add().
17175 */
17176 static void
17178 {
17186 NULL);
17208 bcast_ire);
17211 }
17213 }
17214 }
17215 }
17217 /*
17218 * Derive an interface id from the link layer address.
17219 * Knows about IEEE 802 and IEEE EUI-64 mappings.
17220 */
17221 static void
17223 {
17226 /*
17227 * Note that some IPv6 interfaces get plumbed over links that claim to
17228 * be DL_ETHER, but don't actually have Ethernet MAC addresses (e.g.
17229 * PPP links). The ETHERADDRL check here ensures that we only set the
17230 * interface ID on IPv6 interfaces above links that actually have real
17231 * Ethernet addresses.
17232 */
17234 /* Form EUI-64 like address */
17241 }
17242 }
17244 /* ARGSUSED */
17245 static void
17247 {
17248 }
17256 /*
17257 * Construct a pseudo-random interface ID for the IPMP interface that's both
17258 * predictable and (almost) guaranteed to be unique.
17259 */
17260 static void
17262 {
17266 ulong_t hostid;
17267 MD5_CTX ctx;
17280 }
17286 /*
17287 * Map the hash to an interface ID per the basic approach in RFC3041.
17288 */
17292 }
17294 /*
17295 * Map the multicast in6_addr_t in m_ip6addr to the physaddr for ethernet.
17296 */
17297 static void
17299 {
17302 /*
17303 * Check PHYI_MULTI_BCAST and length of physical
17304 * address to determine if we use the mapping or the
17305 * broadcast address.
17306 */
17311 }
17318 }
17320 /*
17321 * Map the multicast ipaddr_t in m_ipaddr to the physaddr for ethernet.
17322 */
17323 static void
17325 {
17328 /*
17329 * Check PHYI_MULTI_BCAST and length of physical
17330 * address to determine if we use the mapping or the
17331 * broadcast address.
17332 */
17337 }
17344 }
17346 /* ARGSUSED */
17347 static void
17349 {
17350 /*
17351 * for the MULTI_BCAST case and other cases when we want to
17352 * use the link-layer broadcast address for multicast.
17353 */
17364 }
17367 }
17369 /*
17370 * Derive IPoIB interface id from the link layer address.
17371 */
17372 static void
17374 {
17380 /*
17381 * In IBA 1.1 timeframe, some vendors erroneously set the u/l bit
17382 * in the globally assigned EUI-64 GUID to 1, in violation of IEEE
17383 * rules. In these cases, the IBA considers these GUIDs to be in
17384 * "Modified EUI-64" format, and thus toggling the u/l bit is not
17385 * required; vendors are required not to assign global EUI-64's
17386 * that differ only in u/l bit values, thus guaranteeing uniqueness
17387 * of the interface identifier. Whether the GUID is in modified
17388 * or proper EUI-64 format, the ipv6 identifier must have the u/l
17389 * bit set to 1.
17390 */
17392 }
17394 /*
17395 * Map the multicast ipaddr_t in m_ipaddr to the physaddr for InfiniBand.
17396 * Note on mapping from multicast IP addresses to IPoIB multicast link
17397 * addresses. IPoIB multicast link addresses are based on IBA link addresses.
17398 * The format of an IPoIB multicast address is:
17399 *
17400 * 4 byte QPN Scope Sign. Pkey
17401 * +--------------------------------------------+
17402 * | 00FFFFFF | FF | 1X | X01B | Pkey | GroupID |
17403 * +--------------------------------------------+
17404 *
17405 * The Scope and Pkey components are properties of the IBA port and
17406 * network interface. They can be ascertained from the broadcast address.
17407 * The Sign. part is the signature, and is 401B for IPv4 and 601B for IPv6.
17408 */
17409 static void
17411 {
17420 /*
17421 * RFC 4391: IPv4 MGID is 28-bit long.
17422 */
17435 }
17436 /*
17437 * Now fill in the IBA scope/Pkey values from the broadcast address.
17438 */
17442 }
17444 static void
17446 {
17455 /*
17456 * RFC 4391: IPv4 MGID is 80-bit long.
17457 */
17466 }
17467 /*
17468 * Now fill in the IBA scope/Pkey values from the broadcast address.
17469 */
17473 }
17475 /*
17476 * Derive IPv6 interface id from an IPv4 link-layer address (e.g. from an IPv4
17477 * tunnel). The IPv4 address simply get placed in the lower 4 bytes of the
17478 * IPv6 interface id. This is a suggested mechanism described in section 3.7
17479 * of RFC4213.
17480 */
17481 static void
17483 {
17487 }
17489 /*
17490 * Derive IPv6 interface id from an IPv6 link-layer address (e.g. from an IPv6
17491 * tunnel). The lower 8 bytes of the IPv6 address simply become the interface
17492 * id.
17493 */
17494 static void
17496 {
17501 }
17503 static void
17505 {
17507 }
17509 static void
17511 {
17513 }
17515 static void
17517 {
17519 }
17521 static void
17523 {
17525 }
17527 /*
17528 * Lookup an ill and verify that the zoneid has an ipif on that ill.
17529 * Returns an held ill, or NULL.
17530 */
17531 ill_t *
17534 {
17552 }
17556 }
17558 /*
17559 * Return a pointer to an ipif_t given a combination of (ill_idx,ipif_id)
17560 * If a pointer to an ipif_t is returned then the caller will need to do
17561 * an ill_refrele().
17562 */
17563 ipif_t *
17566 {
17579 }
17587 }
17588 }
17593 }
17595 /*
17596 * Set ill_inputfn based on the current know state.
17597 * This needs to be called when any of the factors taken into
17598 * account changes.
17599 */
17600 void
17602 {
17616 else
17618 }
17619 }
17621 /*
17622 * Re-evaluate ill_inputfn for all the IPv4 ills.
17623 * Used when RSVP and CGTP comes and goes.
17624 */
17625 void
17627 {
17628 ill_walk_context_t ctx;
17637 }
17639 /*
17640 * Set the physical address information for `ill' to the contents of the
17641 * dl_notify_ind_t pointed to by `mp'. Must be called as writer, and will be
17642 * asynchronous if `ill' cannot immediately be quiesced -- in which case
17643 * EINPROGRESS will be returned.
17644 */
17645 int
17647 {
17656 /* Changing DL_IPV6_TOKEN is not yet supported */
17658 }
17660 /*
17661 * We need to store up to two copies of `mp' in `ill'. Due to the
17662 * design of ipsq_pending_mp_add(), we can't pass them as separate
17663 * arguments to ill_set_phys_addr_tail(). Instead, chain them
17664 * together here, then pull 'em apart in ill_set_phys_addr_tail().
17665 */
17669 }
17673 /*
17674 * Since we'll only do a logical down, we can't rely on ipif_down
17675 * to turn on ILL_DOWN_IN_PROGRESS, or for the DL_BIND_ACK to reset
17676 * ILL_DOWN_IN_PROGRESS. We instead manage this separately for this
17677 * case, to quiesce ire's and nce's for ill_is_quiescent.
17678 */
17681 /* no more ire/nce addition allowed */
17684 /*
17685 * If we can quiesce the ill, then set the address. If not, then
17686 * ill_set_phys_addr_tail() will be called from ipif_ill_refrele_tail().
17687 */
17691 /* call cannot fail since `conn_t *' argument is NULL */
17696 }
17701 }
17703 /*
17704 * When the allowed-ips link property is set on the datalink, IP receives a
17705 * DL_NOTE_ALLOWED_IPS notification that is processed in ill_set_allowed_ips()
17706 * to initialize the ill_allowed_ips[] array in the ill_t. This array is then
17707 * used to vet addresses passed to ip_sioctl_addr() and to ensure that the
17708 * only IP addresses configured on the ill_t are those in the ill_allowed_ips[]
17709 * array.
17710 */
17711 void
17713 {
17731 }
17736 }
17746 }
17748 /*
17749 * Once the ill associated with `q' has quiesced, set its physical address
17750 * information to the values in `addrmp'. Note that two copies of `addrmp'
17751 * are passed (linked by b_cont), since we sometimes need to save two distinct
17752 * copies in the ill_t, and our context doesn't permit sleeping or allocation
17753 * failure (we'll free the other copy if it's not needed). Since the ill_t
17754 * is quiesced, we know any stale nce's with the old address information have
17755 * already been removed, so we don't need to call nce_flush().
17756 */
17757 /* ARGSUSED */
17758 static void
17760 {
17785 }
17796 else
17801 }
17805 }
17807 /*
17808 * reset ILL_DOWN_IN_PROGRESS so that we can successfully add ires
17809 * as we bring the ipifs up again.
17810 */
17814 /*
17815 * If there are ipifs to bring up, ill_up_ipifs() will return
17816 * EINPROGRESS, and ipsq_current_finish() will be called by
17817 * ip_rput_dlpi_writer() or arp_bringup_done() when the last ipif is
17818 * brought up.
17819 */
17823 }
17825 /*
17826 * Helper routine for setting the ill_nd_lla fields.
17827 */
17828 void
17830 {
17835 }
17837 /*
17838 * Replumb the ill.
17839 */
17840 int
17842 {
17849 /*
17850 * If we can quiesce the ill, then continue. If not, then
17851 * ill_replumb_tail() will be called from ipif_ill_refrele_tail().
17852 */
17857 /* call cannot fail since `conn_t *' argument is NULL */
17862 }
17867 }
17869 /* ARGSUSED */
17870 static void
17872 {
17882 /* out of memory */
17885 }
17893 /* already closing */
17896 }
17900 /*
17901 * Successfully quiesced and brought down the interface, now we send
17902 * the DL_NOTE_REPLUMB_DONE message down to the driver. Reuse the
17903 * DL_NOTE_REPLUMB message.
17904 */
17906 DL_NOTIFY_CONF);
17909 DL_NOTE_REPLUMB_DONE;
17912 /*
17913 * For IPv4, we would usually get EINPROGRESS because the ETHERTYPE_ARP
17914 * streams have to be unbound. When all the DLPI exchanges are done,
17915 * ipsq_current_finish() will be called by arp_bringup_done(). The
17916 * remainder of ipif bringup via ill_up_ipifs() will also be done in
17917 * arp_bringup_done().
17918 */
17922 else
17928 }
17930 }
17932 /*
17933 * Issue ioctl `cmd' on `lh'; caller provides the initial payload in `buf'
17934 * which is `bufsize' bytes. On success, zero is returned and `buf' updated
17935 * as per the ioctl. On failure, an errno is returned.
17936 */
17937 static int
17939 {
17949 }
17951 /*
17952 * Issue an SIOCGLIFCONF for address family `af' and store the result into a
17953 * dynamically-allocated `lifcp' that will be `bufsizep' bytes on success.
17954 */
17955 static int
17958 {
17969 /*
17970 * Pad the interface count to account for additional interfaces that
17971 * may have been configured between the SIOCGLIFNUM and SIOCGLIFCONF.
17972 */
17984 }
17987 }
17989 /*
17990 * Helper for ip_interface_cleanup() that removes the loopback interface.
17991 */
17992 static void
17994 {
18001 /*
18002 * Attempt to remove the interface. It may legitimately not exist
18003 * (e.g. the zone administrator unplumbed it), so ignore ENXIO.
18004 */
18009 }
18010 }
18012 /*
18013 * Helper for ip_interface_cleanup() that ensures no IP interfaces are in IPMP
18014 * groups and that IPMP data addresses are down. These conditions must be met
18015 * so that IPMP interfaces can be I_PUNLINK'd, as per ip_sioctl_plink_ipmp().
18016 */
18017 static void
18019 {
18023 uint_t bufsize;
18032 }
18041 }
18051 "bring down (error %d); IPMP interface may "
18053 }
18055 /*
18056 * Check if IFF_DUPLICATE is still set -- and if so,
18057 * reset the address to clear it.
18058 */
18067 "reset DAD (error %d); IPMP interface may "
18069 }
18071 }
18078 "leave IPMP group (error %d); associated "
18082 }
18083 }
18084 }
18087 }
18092 /*
18093 * Remove the loopback interfaces and prep the IPMP interfaces to be torn down.
18094 * Non-loopback interfaces are either I_LINK'd or I_PLINK'd; the former go away
18095 * when the user-level processes in the zone are killed and the latter are
18096 * cleaned up by str_stack_shutdown().
18097 */
18098 void
18100 {
18101 ldi_handle_t lh;
18102 ldi_ident_t li;
18113 }
18118 /*
18119 * NOTE: loop executes exactly twice and is hardcoded to know that the
18120 * first iteration is IPv6. (Unrolling yields repetitious code, hence
18121 * the loop.)
18122 */
18129 }
18135 }
18139 }
18141 /*
18142 * This needs to be in-sync with nic_event_t definition
18143 */
18146 {
18166 }
18167 }
18169 void
18172 {
18177 /* create a new nic event info */
18196 }
18202 fail:
18207 }
18209 }
18213 }
18215 static int
18217 {
18231 }
18236 }
18241 /* add unicast nce for the local addr */
18244 /*
18245 * If we're here via ipif_up(), then the ipif
18246 * won't be bound yet -- add it to the group,
18247 * which will bind it if possible. (We would
18248 * add it in ipif_up(), but deleting on failure
18249 * there is gruesome.) If we're here via
18250 * ipmp_ill_bind_ipif(), then the ipif has
18251 * already been added to the group and we
18252 * just need to use the binding.
18253 */
18257 /*
18258 * We couldn't bind the ipif to an ill
18259 * yet, so we have nothing to publish.
18260 * Mark the address as ready and return.
18261 */
18264 }
18266 }
18269 }
18272 NCE_F_NONUD);
18273 /*
18274 * If this is an initial bring-up (or the ipif was never
18275 * completely brought up), do DAD. Otherwise, we're here
18276 * because IPMP has rebound an address to this ill: send
18277 * unsolicited advertisements (ARP announcements) to
18278 * inform others.
18279 */
18285 }
18287 retry:
18292 /*
18293 * note that we may encounter EEXIST if we are moving
18294 * the nce as a result of a rebind operation.
18295 */
18305 /*
18306 * A leftover nce from before this address
18307 * existed
18308 */
18313 }
18321 }
18322 /*
18323 * Duplicate local addresses are permissible for
18324 * IPIF_POINTOPOINT interfaces which will get marked
18325 * IPIF_UNNUMBERED later in
18326 * ip_addr_availability_check().
18327 *
18328 * The nce_ipif_cnt field tracks the number of
18329 * ipifs that have nce_addr as their local address.
18330 */
18339 }
18345 }
18347 /* zero address. nothing to publish */
18349 }
18352 arp_up_done:
18356 }
18358 int
18360 {
18368 /*
18369 * need to bring up ARP or setup mcast mapping only
18370 * when the first interface is coming UP.
18371 */
18376 /*
18377 * Send ATTACH + BIND
18378 */
18383 /*
18384 * Add NCE for local address. Start DAD.
18385 * we'll wait to hear that DAD has finished
18386 * before using the interface.
18387 */
18390 }
18396 }
18398 /*
18399 * Finish processing of "arp_up" after all the DLPI message
18400 * exchanges have completed between arp and the driver.
18401 */
18402 void
18404 {
18422 /*
18423 * If an IOCTL is waiting on this (ipsq_current_ioctl != 0), then we
18424 * must have an associated conn_t. Otherwise, we're bringing this
18425 * interface back up as part of handling an asynchronous event (e.g.,
18426 * physical address change).
18427 */
18434 }
18446 }
18448 }
18451 }
18457 }
18459 /*
18460 * If we have a moved ipif to bring up, and everything has succeeded
18461 * to this point, bring it up on the IPMP ill. Otherwise, leave it
18462 * down -- the admin can try to bring it up by hand if need be.
18463 */
18473 }
18474 }
18476 /*
18477 * The operation must complete without EINPROGRESS since
18478 * ipsq_pending_mp_get() has removed the mblk from ipsq_pending_mp.
18479 * Otherwise, the operation will be stuck forever in the ipsq.
18480 */
18489 }
18490 }
18492 /*
18493 * Finish processing of arp replumb after all the DLPI message
18494 * exchanges have completed between arp and the driver.
18495 */
18496 void
18498 {
18514 /* bringup was aborted by the user */
18516 }
18517 /*
18518 * If an IOCTL is waiting on this (ipsq_current_ioctl != 0), then we
18519 * must have an associated conn_t. Otherwise, we're bringing this
18520 * interface back up as part of handling an asynchronous event (e.g.,
18521 * physical address change).
18522 */
18529 }
18534 }
18535 /*
18536 * The operation must complete without EINPROGRESS since
18537 * ipsq_pending_mp_get() has removed the mblk from ipsq_pending_mp.
18538 * Otherwise, the operation will be stuck forever in the ipsq.
18539 */
18549 }
18550 }
18552 void
18554 {
18560 }
18562 /*
18563 * ILB ioctl uses cv_wait (such as deleting a rule or adding a server) and
18564 * this assumes the context is cv_wait'able. Hence it shouldnt' be used on
18565 * TPI end points with STREAMS modules pushed above. This is assured by not
18566 * having the IPI_MODOK flag for the ioctl. And IP ensures the ILB ioctl
18567 * never ends up on an ipsq, otherwise we may end up processing the ioctl
18568 * while unwinding from the ispq and that could be a thread from the bottom.
18569 */
18570 /* ARGSUSED */
18571 int
18574 {
18581 zoneid_t zoneid;
18595 }
18599 }
18608 }
18620 }
18626 NULL);
18629 NULL);
18630 }
18631 }
18633 }
18640 }
18644 }
18653 }
18659 }
18662 }
18669 }
18674 }
18681 }
18684 }
18693 }
18699 }
18704 }
18713 }
18719 }
18724 }
18730 }
18733 }
18745 }
18751 }
18764 }
18771 }
18774 }
18782 }
18788 }
18793 }
18801 }
18807 }
18812 }
18816 }
18817 done:
18819 }
18821 /* Remove all cache entries for this logical interface */
18822 void
18824 {
18833 else
18841 /*
18842 * nce may already be NULL because it was already
18843 * flushed, e.g., due to a call to nce_flush
18844 */
18846 }
18847 }
18848 /*
18849 * Make IPMP aware of the deleted data address.
18850 */
18854 /*
18855 * Remove all other nces dependent on this ill when the last ipif
18856 * is going away.
18857 */
18863 }
18864 }
18866 /*
18867 * find the first interface that uses usill for its source address.
18868 */
18869 ill_t *
18871 {
18877 /* ill_g_usesrc_lock protects ill_usesrc_grp_next */
18886 }
18887 }
18891 }
18893 /*
18894 * This comment applies to both ip_sioctl_get_ifhwaddr and
18895 * ip_sioctl_get_lifhwaddr as the basic function of these two functions
18896 * is the same.
18897 *
18898 * The goal here is to find an IP interface that corresponds to the name
18899 * provided by the caller in the ifreq/lifreq structure held in the mblk_t
18900 * chain and to fill out a sockaddr/sockaddr_storage structure with the
18901 * mac address.
18902 *
18903 * The SIOCGIFHWADDR/SIOCGLIFHWADDR ioctl may return an error for a number
18904 * of different reasons:
18905 * ENXIO - the device name is not known to IP.
18906 * EADDRNOTAVAIL - the device has no hardware address. This is indicated
18907 * by ill_phys_addr not pointing to an actual address.
18908 * EPFNOSUPPORT - this will indicate that a request is being made for a
18909 * mac address that will not fit in the data structure supplier (struct
18910 * sockaddr).
18911 *
18912 */
18913 /* ARGSUSED */
18914 int
18917 {
18928 }
18931 }
18935 /* Existence of mp1 has been checked in ip_wput_nondata */
18940 /*
18941 * The "family" field in the returned structure is set to a value
18942 * that represents the type of device to which the address belongs.
18943 * The value returned may differ to that on Linux but it will still
18944 * represent the correct symbol on Solaris.
18945 */
18950 }
18952 /*
18953 * The expection of applications using SIOCGIFHWADDR is that data will
18954 * be returned in the sa_data field of the sockaddr structure. With
18955 * SIOCGLIFHWADDR, we're breaking new ground as there is no Linux
18956 * equivalent. In light of this, struct sockaddr_dl is used as it
18957 * offers more space for address storage in sll_data.
18958 */
18959 /* ARGSUSED */
18960 int
18963 {
18974 }
18977 }
18981 /* Existence of mp1 has been checked in ip_wput_nondata */
18985 /*
18986 * sockaddr_ll is used here because it is also the structure used in
18987 * responding to the same ioctl in sockpfp. The only other choice is
18988 * sockaddr_dl which contains fields that are not required here
18989 * because its purpose is different.
18990 */
19002 }