| blob | 01417d534b47f4403138ba79a507ce81339c5e05 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 1990 Mentat Inc.
24 * Copyright (c) 2013 by Delphix. All rights reserved.
25 * Copyright (c) 2016, Joyent, Inc. All rights reserved.
26 * Copyright (c) 2014, OmniTI Computer Consulting, Inc. All rights reserved.
27 */
29 /*
30 * This file contains the interface control functions for IP.
31 */
33 #include <sys/types.h>
34 #include <sys/stream.h>
35 #include <sys/dlpi.h>
36 #include <sys/stropts.h>
37 #include <sys/strsun.h>
38 #include <sys/sysmacros.h>
39 #include <sys/strsubr.h>
40 #include <sys/strlog.h>
41 #include <sys/ddi.h>
42 #include <sys/sunddi.h>
43 #include <sys/cmn_err.h>
44 #include <sys/kstat.h>
45 #include <sys/debug.h>
46 #include <sys/zone.h>
47 #include <sys/sunldi.h>
48 #include <sys/file.h>
49 #include <sys/bitmap.h>
50 #include <sys/cpuvar.h>
51 #include <sys/time.h>
52 #include <sys/ctype.h>
53 #include <sys/kmem.h>
54 #include <sys/systm.h>
55 #include <sys/param.h>
56 #include <sys/socket.h>
57 #include <sys/isa_defs.h>
58 #include <net/if.h>
59 #include <net/if_arp.h>
60 #include <net/if_types.h>
61 #include <net/if_dl.h>
62 #include <net/route.h>
63 #include <sys/sockio.h>
64 #include <netinet/in.h>
65 #include <netinet/ip6.h>
66 #include <netinet/icmp6.h>
67 #include <netinet/igmp_var.h>
68 #include <sys/policy.h>
69 #include <sys/ethernet.h>
70 #include <sys/callb.h>
71 #include <sys/md5.h>
74 #include <inet/mi.h>
75 #include <inet/nd.h>
76 #include <inet/tunables.h>
77 #include <inet/arp.h>
78 #include <inet/ip_arp.h>
79 #include <inet/mib2.h>
80 #include <inet/ip.h>
81 #include <inet/ip6.h>
82 #include <inet/ip6_asp.h>
83 #include <inet/tcp.h>
84 #include <inet/ip_multi.h>
85 #include <inet/ip_ire.h>
86 #include <inet/ip_ftable.h>
87 #include <inet/ip_rts.h>
88 #include <inet/ip_ndp.h>
89 #include <inet/ip_if.h>
90 #include <inet/ip_impl.h>
91 #include <inet/sctp_ip.h>
92 #include <inet/ip_netinfo.h>
93 #include <inet/ilb_ip.h>
95 #include <netinet/igmp.h>
96 #include <inet/ip_listutils.h>
97 #include <inet/ipclassifier.h>
98 #include <sys/mac_client.h>
99 #include <sys/dld.h>
100 #include <sys/mac_flow.h>
102 #include <sys/systeminfo.h>
103 #include <sys/bootconf.h>
108 /* The character which tells where the ill_name ends */
111 /* IP ioctl function table entry */
114 pfi_t ipft_pfi;
156 boolean_t isv6);
167 ip_stack_t *);
202 dl_capability_sub_t *);
206 dl_capability_sub_t *);
216 #ifdef DEBUG
219 #endif
225 /*
226 * if we go over the memory footprint limit more than once in this msec
227 * interval, we'll start pruning aggressively.
228 */
234 IPFT_F_NO_REPLY },
237 };
239 /* Simple ICMP IP Header Template */
242 };
249 ip_nodef_v6intfid },
252 ip_nodef_v6intfid },
255 ip_nodef_v6intfid },
258 ip_nodef_v6intfid },
261 ip_nodef_v6intfid },
264 ip_nodef_v6intfid },
267 ip_ipv4_v6destintfid },
270 ip_ipv6_v6destintfid },
273 ip_nodef_v6intfid },
280 ip_nodef_v6intfid }
281 };
285 /* These are used by all IP network modules. */
289 /* When set search for unused ipif_seqid */
292 /*
293 * ppa arena is created after these many
294 * interfaces have been plumbed.
295 */
298 /*
299 * Allocate per-interface mibs.
300 * Returns true if ok. False otherwise.
301 * ipsq may not yet be allocated (loopback case ).
302 */
303 static boolean_t
305 {
306 /* Already allocated? */
311 }
314 KM_NOSLEEP);
317 }
319 /* Setup static information */
347 /*
348 * For a v4 ill, we are done at this point, because per ill
349 * icmp mibs are only used for v6.
350 */
352 }
355 KM_NOSLEEP);
360 }
361 /* static icmp info */
364 /*
365 * The ipIfStatsIfindex and ipv6IfIcmpIndex will be assigned later
366 * after the phyint merge occurs in ipif_set_values -> ill_glist_insert
367 * -> ill_phyint_reinit
368 */
370 }
372 /*
373 * Completely vaporize a lower level tap and all associated interfaces.
374 * ill_delete is called only out of ip_close when the device control
375 * stream is being closed.
376 */
377 void
379 {
384 /*
385 * ill_delete may be forcibly entering the ipsq. The previous
386 * ioctl may not have completed and may need to be aborted.
387 * ipsq_flush takes care of it. If we don't need to enter the
388 * the ipsq forcibly, the 2nd invocation of ipsq_flush in
389 * ill_delete_tail is sufficient.
390 */
393 /*
394 * Nuke all interfaces. ipif_free will take down the interface,
395 * remove it from the list, and free the data structure.
396 * Walk down the ipif list and remove the logical interfaces
397 * first before removing the main ipif. We can't unplumb
398 * zeroth interface first in the case of IPv6 as update_conn_ill
399 * -> ip_ll_multireq de-references ill_ipif for checking
400 * POINTOPOINT.
401 *
402 * If ill_ipif was not properly initialized (i.e low on memory),
403 * then no interfaces to clean up. In this case just clean up the
404 * ill.
405 */
409 /*
410 * clean out all the nce_t entries that depend on this
411 * ill for the ill_phys_addr.
412 */
415 /* Clean up msgs on pending upcalls for mrouted */
420 /*
421 * Remove multicast references added as a result of calls to
422 * ip_join_allmulti().
423 */
426 /*
427 * If the ill being deleted is under IPMP, boot it out of the illgrp.
428 */
432 /*
433 * ill_down will arrange to blow off any IRE's dependent on this
434 * ILL, and shut down fragmentation reassembly.
435 */
438 /* Let SCTP know, so that it can remove this from its list. */
441 /*
442 * Walk all CONNs that can have a reference on an ire or nce for this
443 * ill (we actually walk all that now have stale references).
444 */
447 /* With IPv6 we have dce_ifindex. Cleanup for neatness */
451 /*
452 * If an address on this ILL is being used as a source address then
453 * clear out the pointers in other ILLs that point to this ILL.
454 */
463 }
464 }
466 }
468 static void
470 {
477 }
479 }
481 /*
482 * ill_delete_tail is called from ip_modclose after all references
483 * to the closing ill are gone. The wait is done in ip_modclose
484 */
485 void
487 {
495 }
499 /*
500 * If polling capability is enabled (which signifies direct
501 * upcall into IP and driver has ill saved as a handle),
502 * we need to make sure that unbind has completed before we
503 * let the ill disappear and driver no longer has any reference
504 * to this ill.
505 */
516 /*
517 * We do an ipsq_flush once again now. New messages could have
518 * landed up from below (M_ERROR or M_HANGUP). Similarly ioctls
519 * could also have landed up if an ioctl thread had looked up
520 * the ill before we set the ILL_CONDEMNED flag, but not yet
521 * enqueued the ioctl when we did the ipsq_flush last time.
522 */
525 /*
526 * Free capabilities.
527 */
531 }
537 }
542 }
547 }
549 /* Clean up ill_allowed_ips* related state */
556 }
561 /*
562 * We have removed all references to ilm from conn and the ones joined
563 * within the kernel.
564 *
565 * We don't walk conns, mrts and ires because
566 *
567 * 1) update_conn_ill and reset_mrt_ill cleans up conns and mrts.
568 * 2) ill_down ->ill_downi walks all the ires and cleans up
569 * ill references.
570 */
572 /*
573 * If this ill is an IPMP meta-interface, blow away the illgrp. This
574 * is safe to do because the illgrp has already been unlinked from the
575 * group by I_PUNLINK, and thus SIOCSLIFGROUPNAME cannot find it.
576 */
580 }
591 }
592 }
593 /*
594 * Take us out of the list of ILLs. ill_glist_delete -> phyint_free
595 * could free the phyint. No more reference to the phyint after this
596 * point.
597 */
601 uint_t count;
605 }
609 }
612 /* Free all retained control messages. */
624 }
626 }
631 #ifdef DEBUG
633 #endif
635 /* The default multicast interface might have changed */
638 /* Drop refcnt here */
641 }
643 static void
645 {
648 /*
649 * MIB statistics must not be lost, so when an interface
650 * goes away the counter values will be added to the global
651 * MIBs.
652 */
660 }
664 }
670 }
671 }
673 /*
674 * Concatenate together a physical address and a sap.
675 *
676 * Sap_lengths are interpreted as follows:
677 * sap_length == 0 ==> no sap
678 * sap_length > 0 ==> sap is at the head of the dlpi address
679 * sap_length < 0 ==> sap is at the tail of the dlpi address
680 */
681 static void
684 {
690 else
695 else
702 else
704 }
705 }
707 /*
708 * Generate a dl_unitdata_req mblk for the device and address given.
709 * addr_length is the length of the physical portion of the address.
710 * If addr is NULL include an all zero address of the specified length.
711 * TRUE? In any case, addr_length is taken to be the entire length of the
712 * dlpi address, including the absolute value of sap_length.
713 */
714 mblk_t *
716 t_scalar_t sap_length)
717 {
724 DL_UNITDATA_REQ);
728 /* HACK: accomodate incompatible DLPI drivers */
738 }
740 /*
741 * Add the pending mp to the list. There can be only 1 pending mp
742 * in the list. Any exclusive ioctl that needs to wait for a response
743 * from another module or driver needs to use this function to set
744 * the ipx_pending_mp to the ioctl mblk and wait for the response from
745 * the other module/driver. This is also used while waiting for the
746 * ipif/ill/ire refcnts to drop to zero in bringing down an ipif.
747 */
748 boolean_t
751 {
758 /*
759 * The caller may be using a different ipif than the one passed into
760 * ipsq_current_start() (e.g., suppose an ioctl that came in on the V4
761 * ill needs to wait for the V6 ill to quiesce). So we can't ASSERT
762 * that `ipx_current_ipif == ipif'.
763 */
766 /*
767 * M_IOCDATA from ioctls, M_ERROR/M_HANGUP/M_PROTO/M_PCPROTO from the
768 * driver.
769 */
776 /*
777 * Return error if the conn has started closing. The conn
778 * could have finished cleaning up the pending mp list,
779 * If so we should not add another mp to the list negating
780 * the cleanup.
781 */
784 }
787 /*
788 * Note down the queue in b_queue. This will be returned by
789 * ipsq_pending_mp_get. Caller will then use these values to restart
790 * the processing
791 */
802 }
804 /*
805 * Retrieve the ipx_pending_mp and return it. There can be only 1 mp
806 * queued in the list.
807 */
808 mblk_t *
810 {
819 }
821 /* There can be only 1 such excl message */
830 /*
831 * This mp did a refhold on the conn, at the start of the ioctl.
832 * So we can safely return a pointer to the conn to the caller.
833 */
837 }
841 }
843 /*
844 * Cleanup the ioctl mp queued in ipx_pending_mp
845 * - Called in the ill_delete path
846 * - Called in the M_ERROR or M_HANGUP path on the ill.
847 * - Called in the conn close path.
848 *
849 * Returns success on finding the pending mblk associated with the ioctl or
850 * exclusive operation in progress, failure otherwise.
851 */
852 boolean_t
854 {
868 /*
869 * Nothing to clean since the conn that is closing
870 * does not have a matching pending mblk in
871 * ipx_pending_mp.
872 */
875 }
877 /*
878 * A non-zero ill_error signifies we are called in the
879 * M_ERROR or M_HANGUP path and we need to unconditionally
880 * abort any current ioctl and do the corresponding cleanup.
881 * A zero ill_error means we are in the ill_delete path and
882 * we do the cleanup only if there is a pending mp.
883 */
887 }
888 }
890 /* Now remove from the ipx_pending_mp */
921 }
924 }
926 }
928 /*
929 * Called in the conn close path and ill delete path
930 */
931 static void
933 {
944 else
947 /*
948 * In the case of lo0 being unplumbed, ill_wq will be NULL. Guard
949 * against this here.
950 */
955 /*
956 * Cleanup the ioctl mp's queued in ipsq_xopq_pending_mp if any.
957 * In the case of ioctl from a conn, there can be only 1 mp
958 * queued on the ipsq. If an ill is being unplumbed flush all
959 * the messages.
960 */
967 /* Unlink the mblk from the pending mp list */
973 }
976 /*
977 * Create a temporary list and release the ipsq lock
978 * New elements are added to the head of the tmp_list
979 */
984 }
985 }
1002 /*
1003 * IP-MT XXX In the case of TLI/XTI bind / optmgmt
1004 * this can't be just inet_freemsg. we have to
1005 * restart it otherwise the thread will be stuck.
1006 */
1008 }
1009 }
1010 }
1012 /*
1013 * This conn has started closing. Cleanup any pending ioctl from this conn.
1014 * STREAMS ensures that there can be at most 1 active ioctl on a stream.
1015 */
1016 void
1018 {
1021 boolean_t refheld;
1023 /*
1024 * Check for a queued ioctl. If the ioctl has not yet started, the mp
1025 * is pending in the list headed by ipsq_xopq_head. If the ioctl has
1026 * started the mp could be present in ipx_pending_mp. Note that if
1027 * conn_oper_pending_ill is NULL, the ioctl may still be in flight and
1028 * not yet queued anywhere. In this case, the conn close code will wait
1029 * until the conn_ref is dropped. If the stream was a tcp stream, then
1030 * tcp_close will wait first until all ioctls have completed for this
1031 * conn.
1032 */
1038 }
1040 /*
1041 * We may not be able to refhold the ill if the ill/ipif
1042 * is changing. But we need to make sure that the ill will
1043 * not vanish. So we just bump up the ill_waiter count.
1044 */
1050 /*
1051 * Check whether this ioctl has started and is
1052 * pending. If it is not found there then check
1053 * whether this ioctl has not even started and is in
1054 * the ipsq_xopq list.
1055 */
1061 }
1062 }
1064 /*
1065 * The ill is also closing and we could not bump up the
1066 * ill_waiter_count or we could not enter the ipsq. Leave
1067 * the cleanup to ill_delete
1068 */
1075 }
1077 /*
1078 * ipcl_walk function for cleaning up conn_*_ill fields.
1079 * Note that we leave ixa_multicast_ifindex, conn_incoming_ifindex, and
1080 * conn_bound_if in place. We prefer dropping
1081 * packets instead of sending them out the wrong interface, or accepting
1082 * packets from the wrong ifindex.
1083 */
1084 static void
1086 {
1095 }
1097 }
1099 static int
1101 {
1108 /*
1109 * ipif_down_tail will call arp_ll_down on the last ipif
1110 * and typically return EINPROGRESS when the DL_UNBIND is sent.
1111 */
1114 }
1116 }
1118 /* ARGSUSED */
1119 void
1121 {
1126 }
1128 /*
1129 * ill_down_start is called when we want to down this ill and bring it up again
1130 * It is called when we receive an M_ERROR / M_HANGUP. In this case we shut down
1131 * all interfaces, but don't tear down any plumbing.
1132 */
1133 boolean_t
1135 {
1140 /*
1141 * It is possible that some ioctl is already in progress while we
1142 * received the M_ERROR / M_HANGUP in which case, we need to abort
1143 * the ioctl. ill_down_start() is being processed as CUR_OP rather
1144 * than as NEW_OP since the cause of the M_ERROR / M_HANGUP may prevent
1145 * the in progress ioctl from ever completing.
1146 *
1147 * The thread that started the ioctl (if any) must have returned,
1148 * since we are now executing as writer. After the 2 calls below,
1149 * the state of the ipsq and the ill would reflect no trace of any
1150 * pending operation. Subsequently if there is any response to the
1151 * original ioctl from the driver, it would be discarded as an
1152 * unsolicited message from the driver.
1153 */
1162 /*
1163 * Walk all CONNs that can have a reference on an ire or nce for this
1164 * ill (we actually walk all that now have stale references).
1165 */
1168 /* With IPv6 we have dce_ifindex. Cleanup for neatness */
1174 /*
1175 * Atomically test and add the pending mp if references are active.
1176 */
1179 /* call cannot fail since `conn_t *' argument is NULL */
1184 }
1187 }
1189 static void
1191 {
1195 /*
1196 * Blow off any IREs dependent on this ILL.
1197 * The caller needs to handle conn_ixa_cleanup
1198 */
1203 /* Remove any conn_*_ill depending on this ill */
1206 /*
1207 * Free state for additional IREs.
1208 */
1215 }
1217 /*
1218 * ire_walk routine used to delete every IRE that depends on
1219 * 'ill'. (Always called as writer, and may only be called from ire_walk.)
1220 *
1221 * Note: since the routes added by the kernel are deleted separately,
1222 * this will only be 1) IRE_IF_CLONE and 2) manually added IRE_INTERFACE.
1223 *
1224 * We also remove references on ire_nce_cache entries that refer to the ill.
1225 */
1226 void
1228 {
1236 else
1242 /*
1243 * The existing interface binding for ire must be
1244 * deleted before trying to bind the route to another
1245 * interface. However, since we are using the contents of the
1246 * ire after ire_delete, the caller has to ensure that
1247 * CONDEMNED (deleted) ire's are not removed from the list
1248 * when ire_delete() returns. Currently ill_downi() is
1249 * only called as part of ire_walk*() routines, so that
1250 * the irb_refhold() done by ire_walk*() will ensure that
1251 * ire_delete() does not lead to ire_inactive().
1252 */
1257 }
1258 }
1260 /* Remove IRE_IF_CLONE on this ill */
1261 void
1263 {
1269 }
1271 /* Consume an M_IOCACK of the fastpath probe. */
1272 void
1274 {
1277 /*
1278 * If this was the first attempt turn on the fastpath probing.
1279 */
1285 /* Free the M_IOCACK mblk, hold on to the data */
1292 else
1295 }
1297 /*
1298 * Throw an M_IOCTL message downstream asking "do you know fastpath?"
1299 * The data portion of the request is a dl_unitdata_req_t template for
1300 * what we would send downstream in the absence of a fastpath confirmation.
1301 */
1302 int
1304 {
1314 /*
1315 * Driver NAKed the first fastpath ioctl - assume it doesn't
1316 * support it.
1317 */
1321 /* This is the first probe */
1326 }
1336 }
1345 }
1347 void
1349 {
1358 /*
1359 * We are starting a new cycle of capability negotiation.
1360 * Free up the capab reset messages of any previous incarnation.
1361 * We will do a fresh allocation when we get the response to our probe
1362 */
1366 }
1376 }
1378 void
1380 {
1390 /*
1391 * We turn off all capabilities except those pertaining to
1392 * direct function call capabilities viz. ILL_CAPAB_DLD*
1393 * which will be turned off by the corresponding reset functions.
1394 */
1396 }
1398 static void
1400 {
1412 }
1417 }
1422 }
1437 /*
1438 * Each handler fills in the corresponding dl_capability_sub_t
1439 * inside the mblk,
1440 */
1446 }
1448 static void
1450 {
1458 /*
1459 * Note: range checks here are not absolutely sufficient to
1460 * make us robust against malformed messages sent by drivers;
1461 * this is in keeping with the rest of IP's dlpi handling.
1462 * (Remember, it's coming from something else in the kernel
1463 * address space)
1464 */
1471 }
1482 }
1486 "isn't as expected; pass-thru module(s) detected, "
1489 }
1491 /* Process the encapsulated sub-capability */
1493 }
1495 static void
1497 {
1503 /*
1504 * The dl_capab_dld_t that follows the dl_capability_sub_t is not
1505 * initialized below since it is not used by DLD.
1506 */
1512 }
1514 static void
1516 {
1517 /*
1518 * If no ipif was brought up over this ill, this DL_CAPABILITY_REQ/ACK
1519 * is only to get the VRRP capability.
1520 *
1521 * Note that we cannot check ill_ipif_up_count here since
1522 * ill_ipif_up_count is only incremented when the resolver is setup.
1523 * That is done asynchronously, and can race with this function.
1524 */
1529 }
1546 }
1547 }
1549 /*
1550 * Process the vrrp capability received from a DLS Provider. isub must point
1551 * to the sub-capability (DL_CAPAB_VRRP) of a DL_CAPABILITY_ACK message.
1552 */
1553 static void
1555 {
1563 /*
1564 * Note: range checks here are not absolutely sufficient to
1565 * make us robust against malformed messages sent by drivers;
1566 * this is in keeping with the rest of IP's dlpi handling.
1567 * (Remember, it's coming from something else in the kernel
1568 * address space)
1569 */
1575 }
1578 /*
1579 * Compare the IP address family and set ILLF_VRRP for the right ill.
1580 */
1584 }
1585 }
1587 /*
1588 * Process a hardware checksum offload capability negotiation ack received
1589 * from a DLS Provider.isub must point to the sub-capability (DL_CAPAB_HCKSUM)
1590 * of a DL_CAPABILITY_ACK message.
1591 */
1592 static void
1594 {
1606 /*
1607 * Note: range checks here are not absolutely sufficient to
1608 * make us robust against malformed messages sent by drivers;
1609 * this is in keeping with the rest of IP's dlpi handling.
1610 * (Remember, it's coming from something else in the kernel
1611 * address space)
1612 */
1618 }
1620 /*
1621 * There are two types of acks we process here:
1622 * 1. acks in reply to a (first form) generic capability req
1623 * (no ENABLE flag set)
1624 * 2. acks in reply to a ENABLE capability req.
1625 * (ENABLE flag set)
1626 */
1631 "unsupported hardware checksum "
1635 }
1639 "checksum capability isn't as expected; pass-thru "
1642 }
1644 #define CURR_HCKSUM_CAPAB \
1645 (HCKSUM_INET_PARTIAL | HCKSUM_INET_FULL_V4 | \
1646 HCKSUM_INET_FULL_V6 | HCKSUM_IPHDRCKSUM)
1650 /* do ENABLE processing */
1653 KM_NOSLEEP);
1657 "could not enable hcksum version %d "
1661 }
1662 }
1671 /*
1672 * Enabling hardware checksum offload
1673 * Currently IP supports {TCP,UDP}/IPv4
1674 * partial and full cksum offload and
1675 * IPv4 header checksum offload.
1676 * Allocate new mblk which will
1677 * contain a new capability request
1678 * to enable hardware checksum offload.
1679 */
1680 uint_t size;
1691 }
1694 /* initialize dl_capability_req_t */
1703 /* initialize dl_capability_sub_t */
1707 /* initialize dl_capab_hcksum_t */
1714 /* Set ENABLE flag */
1718 /*
1719 * nmp points to a DL_CAPABILITY_REQ message to enable
1720 * hardware checksum acceleration.
1721 */
1727 }
1728 }
1730 static void
1732 {
1750 }
1752 static void
1754 {
1766 /*
1767 * Note: range checks here are not absolutely sufficient to
1768 * make us robust against malformed messages sent by drivers;
1769 * this is in keeping with the rest of IP's dlpi handling.
1770 * (Remember, it's coming from something else in the kernel
1771 * address space)
1772 */
1778 }
1783 "unsupported ZEROCOPY sub-capability (version %d, "
1785 ZEROCOPY_VERSION_1);
1787 }
1791 "capability isn't as expected; pass-thru module(s) "
1794 }
1800 KM_NOSLEEP);
1804 "could not enable Zero-copy version %d "
1808 }
1809 }
1813 ZEROCOPY_VERSION_1));
1822 uint_t size;
1834 }
1837 /* initialize dl_capability_req_t */
1844 /* initialize dl_capability_sub_t */
1848 /* initialize dl_capab_zerocopy_t */
1854 ZEROCOPY_VERSION_1));
1856 /* set VMSAFE_MEM flag */
1859 /* nmp points to a DL_CAPABILITY_REQ message to enable zcopy */
1861 }
1862 }
1864 static void
1866 {
1885 }
1887 /*
1888 * DLD capability
1889 * Refer to dld.h for more information regarding the purpose and usage
1890 * of this capability.
1891 */
1892 static void
1894 {
1903 /*
1904 * Note: range checks here are not absolutely sufficient to
1905 * make us robust against malformed messages sent by drivers;
1906 * this is in keeping with the rest of IP's dlpi handling.
1907 * (Remember, it's coming from something else in the kernel
1908 * address space)
1909 */
1915 }
1919 "unsupported DLD sub-capability (version %d, "
1921 DLD_CURRENT_VERSION);
1923 }
1926 "capability isn't as expected; pass-thru module(s) "
1929 }
1931 /*
1932 * Copy locally to ensure alignment.
1933 */
1940 "could not enable DLD version %d "
1944 }
1946 }
1953 }
1955 /*
1956 * Typically capability negotiation between IP and the driver happens via
1957 * DLPI message exchange. However GLD also offers a direct function call
1958 * mechanism to exchange the DLD_DIRECT_CAPAB and DLD_POLL_CAPAB capabilities,
1959 * But arbitrary function calls into IP or GLD are not permitted, since both
1960 * of them are protected by their own perimeter mechanism. The perimeter can
1961 * be viewed as a coarse lock or serialization mechanism. The hierarchy of
1962 * these perimeters is IP -> MAC. Thus for example to enable the squeue
1963 * polling, IP needs to enter its perimeter, then call ill_mac_perim_enter
1964 * to enter the mac perimeter and then do the direct function calls into
1965 * GLD to enable squeue polling. The ring related callbacks from the mac into
1966 * the stack to add, bind, quiesce, restart or cleanup a ring are all
1967 * protected by the mac perimeter.
1968 */
1969 static void
1971 {
1976 DLD_ENABLE);
1978 }
1980 static void
1982 {
1987 DLD_DISABLE);
1989 }
1991 boolean_t
1993 {
1997 DLD_QUERY));
1998 }
2000 static void
2002 {
2005 dld_capab_direct_t direct;
2015 DLD_ENABLE);
2026 /*
2027 * One time registration of flow enable callback function
2028 */
2037 }
2038 }
2040 static void
2042 {
2044 dld_capab_poll_t poll;
2057 DLD_ENABLE);
2065 }
2066 }
2068 /*
2069 * Enable the LSO capability.
2070 */
2071 static void
2073 {
2075 dld_capab_lso_t lso;
2082 KM_NOSLEEP);
2088 }
2089 }
2103 }
2104 }
2106 static void
2108 {
2109 mac_perim_handle_t mph;
2121 }
2124 }
2126 static void
2128 {
2131 mac_perim_handle_t mph;
2142 /*
2143 * For performance we avoid locks in the transmit data path
2144 * and don't maintain a count of the number of threads using
2145 * direct calls. Thus some threads could be using direct
2146 * transmit calls to GLD, even after the capability mechanism
2147 * turns it off. This is still safe since the handles used in
2148 * the direct calls continue to be valid until the unplumb is
2149 * completed. Remove the callback that was added (1-time) at
2150 * capab enable time.
2151 */
2160 }
2163 }
2170 }
2174 /*
2175 * Clear the capability flag for LSO but retain the
2176 * ill_lso_capab structure since it's possible that another
2177 * thread is still referring to it. The structure only gets
2178 * deallocated when we destroy the ill.
2179 */
2184 }
2188 }
2190 /*
2191 * Capability Negotiation protocol
2192 *
2193 * We don't wait for DLPI capability operations to finish during interface
2194 * bringup or teardown. Doing so would introduce more asynchrony and the
2195 * interface up/down operations will need multiple return and restarts.
2196 * Instead the 'ipsq_current_ipif' of the ipsq is not cleared as long as
2197 * the 'ill_dlpi_deferred' chain is non-empty. This ensures that the next
2198 * exclusive operation won't start until the DLPI operations of the previous
2199 * exclusive operation complete.
2200 *
2201 * The capability state machine is shown below.
2202 *
2203 * state next state event, action
2204 *
2205 * IDCS_UNKNOWN IDCS_PROBE_SENT ill_capability_probe
2206 * IDCS_PROBE_SENT IDCS_OK ill_capability_ack
2207 * IDCS_PROBE_SENT IDCS_FAILED ip_rput_dlpi_writer (nack)
2208 * IDCS_OK IDCS_RENEG Receipt of DL_NOTE_CAPAB_RENEG
2209 * IDCS_OK IDCS_RESET_SENT ill_capability_reset
2210 * IDCS_RESET_SENT IDCS_UNKNOWN ill_capability_ack_thr
2211 * IDCS_RENEG IDCS_PROBE_SENT ill_capability_ack_thr ->
2212 * ill_capability_probe.
2213 */
2215 /*
2216 * Dedicated thread started from ip_stack_init that handles capability
2217 * disable. This thread ensures the taskq dispatch does not fail by waiting
2218 * for resources using TQ_SLEEP. The taskq mechanism is used to ensure
2219 * that direct calls to DLD are done in a cv_waitable context.
2220 */
2221 void
2223 {
2224 callb_cpr_t cprinfo;
2231 name);
2247 }
2254 }
2259 }
2261 /*
2262 * Consume a new-style hardware capabilities negotiation ack.
2263 * Called via taskq on receipt of DL_CAPABILITY_ACK.
2264 */
2265 static void
2267 {
2272 boolean_t reneg;
2281 /*
2282 * We have received the ack for our DL_CAPAB reset request.
2283 * There isnt' anything in the message that needs processing.
2284 * All message based capabilities have been disabled, now
2285 * do the function call based capability disable.
2286 */
2293 }
2301 /* no new-style capabilities */
2303 }
2305 /* make sure the driver supplied correct dl_sub_length */
2310 }
2312 #define SC(base, offset) (dl_capability_sub_t *)(((uchar_t *)(base))+(offset))
2313 /*
2314 * There are sub-capabilities. Process the ones we know about.
2315 * Loop until we don't have room for another sub-cap header..
2316 */
2329 }
2330 }
2331 #undef SC
2332 done:
2336 }
2338 /*
2339 * This needs to be started in a taskq thread to provide a cv_waitable
2340 * context.
2341 */
2342 void
2344 {
2354 /*
2355 * The taskq dispatch failed. Signal the ill_taskq_dispatch thread
2356 * which will do the dispatch using TQ_SLEEP to guarantee success.
2357 */
2364 }
2369 }
2371 /*
2372 * This routine is called to scan the fragmentation reassembly table for
2373 * the specified ILL for any packets that are starting to smell.
2374 * dead_interval is the maximum time in seconds that will be tolerated. It
2375 * will either be the value specified in ip_g_frag_timeout, or zero if the
2376 * ILL is shutting down and it is time to blow everything off.
2377 *
2378 * It returns the number of seconds (as a time_t) that the next frag timer
2379 * should be scheduled for, 0 meaning that the timer doesn't need to be
2380 * re-started. Note that the method of calculating next_timeout isn't
2381 * entirely accurate since time will flow between the time we grab
2382 * current_time and the time we schedule the next timeout. This isn't a
2383 * big problem since this is the timer for sending an ICMP reassembly time
2384 * exceeded messages, and it doesn't have to be exactly accurate.
2385 *
2386 * This function is
2387 * sometimes called as writer, although this is not required.
2388 */
2389 time_t
2391 {
2403 ip_recv_attr_t iras;
2415 /* Walk the frag hash table. */
2425 /*
2426 * There are some outstanding fragments
2427 * that will timeout later. Make note of
2428 * the time so that we can reschedule the
2429 * next timeout appropriately.
2430 */
2435 }
2437 }
2438 /* Time's up. Get it out of here. */
2446 /* Extra points for neatness. */
2449 }
2456 /*
2457 * We do not send any icmp message from here because
2458 * we currently are holding the ipfb_lock for this
2459 * hash chain. If we try and send any icmp messages
2460 * from here we may end up via a put back into ip
2461 * trying to get the same lock, causing a recursive
2462 * mutex panic. Instead we build a list and send all
2463 * the icmp messages after we have dropped the lock.
2464 */
2471 }
2478 }
2479 }
2483 }
2485 /*
2486 * Now need to send any icmp messages that we delayed from
2487 * above.
2488 */
2497 /*
2498 * This will result in an incorrect ALL_ZONES zoneid
2499 * for multicast packets, but we
2500 * don't send ICMP errors for those in any case.
2501 */
2510 }
2512 ipaddr_t dst;
2521 /*
2522 * This will result in an incorrect ALL_ZONES zoneid
2523 * for broadcast and multicast packets, but we
2524 * don't send ICMP errors for those in any case.
2525 */
2532 }
2533 }
2534 /*
2535 * A non-dying ILL will use the return value to decide whether to
2536 * restart the frag timer, and for how long.
2537 */
2539 }
2541 /*
2542 * This routine is called when the approximate count of mblk memory used
2543 * for the specified ILL has exceeded max_count.
2544 */
2545 void
2547 {
2553 /*
2554 * If we are here within ip_min_frag_prune_time msecs remove
2555 * ill_frag_free_num_pkts oldest packets from each bucket and increment
2556 * ill_frag_free_num_pkts.
2557 */
2568 }
2572 /*
2573 * free ill_frag_free_num_pkts oldest packets from each bucket.
2574 */
2584 }
2586 }
2587 }
2588 /*
2589 * While the reassembly list for this ILL is too big, prune a fragment
2590 * queue by age, oldest first.
2591 */
2605 }
2608 }
2618 }
2620 }
2621 }
2623 /*
2624 * free 'free_cnt' fragmented packets starting at ipf.
2625 */
2626 void
2628 {
2645 }
2654 }
2659 }
2661 /*
2662 * Helper function for ill_forward_set().
2663 */
2664 static void
2666 {
2677 else
2682 /* Notify routing socket listeners of this change. */
2685 }
2687 /*
2688 * Set an ill's ILLF_ROUTER flag appropriately. Send up RTS_IFINFO routing
2689 * socket messages for each interface whose flags we change.
2690 */
2691 int
2693 {
2710 /*
2711 * Update all of the interfaces in the group.
2712 */
2718 /*
2719 * Update the IPMP meta-interface.
2720 */
2723 }
2727 }
2729 /*
2730 * Based on the ILLF_ROUTER flag of an ill, make sure all local nce's for
2731 * addresses assigned to the ill have the NCE_F_ISROUTER flag appropriately
2732 * set or clear.
2733 */
2734 static void
2736 {
2742 /*
2743 * NOTE: we match across the illgrp because nce's for
2744 * addresses on IPMP interfaces have an nce_ill that points to
2745 * the bound underlying ill.
2746 */
2753 else
2757 }
2758 }
2759 }
2761 /*
2762 * Intializes the context structure and returns the first ill in the list
2763 * cuurently start_list and end_list can have values:
2764 * MAX_G_HEADS Traverse both IPV4 and IPV6 lists.
2765 * IP_V4_G_HEAD Traverse IPV4 list only.
2766 * IP_V6_G_HEAD Traverse IPV6 list only.
2767 */
2769 /*
2770 * We don't check for CONDEMNED ills here. Caller must do that if
2771 * necessary under the ill lock.
2772 */
2773 ill_t *
2776 {
2784 /*
2785 * setup the lists to search
2786 */
2793 }
2801 /*
2802 * ill is guaranteed to be non NULL or ifp should have
2803 * not existed.
2804 */
2807 }
2809 }
2812 }
2814 /*
2815 * returns the next ill in the list. ill_first() must have been called
2816 * before calling ill_next() or bad things will happen.
2817 */
2819 /*
2820 * We don't check for CONDEMNED ills here. Caller must do that if
2821 * necessary under the ill lock.
2822 */
2823 ill_t *
2825 {
2835 }
2837 /* goto next ill_ifp in the list. */
2840 /* make sure not at end of circular list */
2846 }
2849 }
2851 /*
2852 * Check interface name for correct format: [a-zA-Z]+[a-zA-Z0-9._]*[0-9]+
2853 * The final number (PPA) must not have any leading zeros. Upon success, a
2854 * pointer to the start of the PPA is returned; otherwise NULL is returned.
2855 */
2858 {
2863 /*
2864 * Check that the first character is [a-zA-Z], and that the last
2865 * character is [0-9].
2866 */
2870 /*
2871 * Set `ppa_ndx' to the PPA start, and check for leading zeroes.
2872 */
2880 /*
2881 * Check that the intermediate characters are [a-z0-9.]
2882 */
2887 }
2888 }
2891 }
2893 /*
2894 * use avl tree to locate the ill.
2895 */
2898 {
2901 uint_t ppa;
2906 /*
2907 * get ppa ptr
2908 */
2911 else
2916 }
2925 /*
2926 * match is done on len - 1 as the name is not null
2927 * terminated it contains ppa in addition to the interface
2928 * name.
2929 */
2935 }
2936 }
2939 /*
2940 * Even the interface type does not exist.
2941 */
2943 }
2952 }
2954 }
2956 }
2958 /*
2959 * comparison function for use with avl.
2960 */
2961 static int
2963 {
2964 uint_t ppa;
2965 uint_t ill_ppa;
2971 /*
2972 * We want the ill with the lowest ppa to be on the
2973 * top.
2974 */
2980 }
2982 /*
2983 * remove an interface type from the global list.
2984 */
2985 static void
2987 {
2998 }
3000 /*
3001 * remove ill from the global list.
3002 */
3003 static void
3005 {
3014 /*
3015 * If the ill was never inserted into the AVL tree
3016 * we skip the if branch.
3017 */
3019 /*
3020 * remove from AVL tree and free ppa number
3021 */
3027 }
3030 }
3032 /*
3033 * Indicate ill is no longer in the list.
3034 */
3039 }
3041 /* Generate one last event for this ill. */
3049 /*
3050 * ill_init allocates a phyint always to store the copy
3051 * of flags relevant to phyint. At that point in time, we could
3052 * not assign the name and hence phyint_illv4/v6 could not be
3053 * initialized. Later in ipif_set_values, we assign the name to
3054 * the ill, at which point in time we assign phyint_illv4/v6.
3055 * Thus we don't rely on phyint_illv6 to be initialized always.
3056 */
3059 else
3065 }
3067 /*
3068 * There are no ills left on this phyint; pull it out of the phyint
3069 * avl trees, and free it.
3070 */
3073 phyi);
3075 phyi);
3076 }
3080 }
3082 /*
3083 * allocate a ppa, if the number of plumbed interfaces of this type are
3084 * less than ill_no_arena do a linear search to find a unused ppa.
3085 * When the number goes beyond ill_no_arena switch to using an arena.
3086 * Note: ppa value of zero cannot be allocated from vmem_arena as it
3087 * is the return value for an error condition, so allocation starts at one
3088 * and is decremented by one.
3089 */
3090 static int
3092 {
3099 /*
3100 * Create an arena.
3101 */
3105 /* allocate what has already been assigned */
3114 /* minaddr */
3116 /* maxaddr */
3125 }
3126 }
3127 }
3145 /*
3146 * Most likely the allocation failed because
3147 * the requested ppa was in use.
3148 */
3151 }
3153 }
3155 /*
3156 * No arena is in use and not enough (>ill_no_arena) interfaces have
3157 * been plumbed to create one. Do a linear search to get a unused ppa.
3158 */
3164 }
3171 else
3173 }
3175 }
3178 }
3180 /*
3181 * Insert ill into the list of configured ill's. Once this function completes,
3182 * the ill is globally visible and is available through lookups. More precisely
3183 * this happens after the caller drops the ill_g_lock.
3184 */
3185 static int
3187 {
3202 else
3206 /*
3207 * Search for interface type based on name
3208 */
3213 }
3215 }
3217 /*
3218 * Interface type not found, create one.
3219 */
3221 ill_g_head_t ghead;
3223 /*
3224 * allocate ill_if_t structure
3225 */
3229 }
3238 /*
3239 * link the structure in the back to maintain order
3240 * of configuration for ifconfig output.
3241 */
3244 }
3254 }
3256 /*
3257 * When the ppa is choosen by the system, check that there is
3258 * enough space to insert ppa. if a specific ppa was passed in this
3259 * check is not required as the interface name passed in will have
3260 * the right ppa in it.
3261 */
3263 /*
3264 * UINT_MAX - 1 should fit in 10 chars, alloc 12 chars.
3265 */
3268 /*
3269 * convert ppa to string to calculate the amount of space
3270 * required for it in the name.
3271 */
3274 /* Do we have enough space to insert ppa ? */
3277 /* Free ppa and interface type struct */
3281 }
3286 }
3287 }
3299 }
3301 /* Initialize the per phyint ipsq used for serialization */
3302 static boolean_t
3304 {
3323 #ifdef DEBUG
3325 #endif
3326 }
3328 }
3330 /*
3331 * Here we perform initialisation of the ill_t common to both regular
3332 * interface ILLs and the special loopback ILL created by ill_lookup_on_name.
3333 */
3334 static int
3336 boolean_t ipsq_enter)
3337 {
3347 ip_loopback_mtuplus;
3348 /*
3349 * No resolver here.
3350 */
3356 }
3360 /*
3361 * Allocate sufficient space to contain our fragment hash table and
3362 * the device name.
3363 */
3375 }
3381 }
3388 }
3391 }
3401 }
3403 /* Frag queue limit stuff */
3415 /*
3416 * Initialize IPv6 configuration variables. The IP module is always
3417 * opened as an IPv4 module. Instead tracking down the cases where
3418 * it switches to do ipv6, we'll just initialize the IPv6 configuration
3419 * here for convenience, this has no effect until the ill is set to do
3420 * IPv6.
3421 */
3428 }
3430 /*
3431 * ill_init is called by ip_open when a device control stream is opened.
3432 * It does a few initializations, and shoots a DL_INFO_REQ message down
3433 * to the driver. The response is later picked up in ip_rput_dlpi and
3434 * used to set up default mechanisms for talking to the driver. (Always
3435 * called as writer.)
3436 *
3437 * If this function returns error, ip_open will call ip_close which in
3438 * turn will call ill_delete to clean up any memory allocated here that
3439 * is not yet freed.
3440 *
3441 * Note: ill_ipst and ill_zoneid must be set before calling ill_init.
3442 */
3443 int
3445 {
3451 BPRI_HI);
3455 /*
3456 * For now pretend this is a v4 ill. We need to set phyint_ill*
3457 * at this point because of the following reason. If we can't
3458 * enter the ipsq at some point and cv_wait, the writer that
3459 * wakes us up tries to locate us using the list of all phyints
3460 * in an ipsq and the ills from the phyint thru the phyint_ill*.
3461 * If we don't set it now, we risk a missed wakeup.
3462 */
3466 }
3470 /* Send down the Info Request to the driver. */
3482 }
3484 /*
3485 * ill_dls_info
3486 * creates datalink socket info from the device.
3487 */
3488 int
3490 {
3506 }
3508 /*
3509 * ill_xarp_info
3510 * creates xarp info from the device.
3511 */
3512 static int
3514 {
3523 }
3525 static int
3527 {
3529 netstackid_t stackid;
3550 }
3555 }
3557 /*
3558 * Has ifindex been plumbed already?
3559 */
3560 static boolean_t
3562 {
3568 }
3570 /*
3571 * Pick a unique ifindex.
3572 * When the index counter passes IF_INDEX_MAX for the first time, the wrap
3573 * flag is set so that next time time ip_assign_ifindex() is called, it
3574 * falls through and resets the index counter back to 1, the minimum value
3575 * for the interface index. The logic below assumes that ips_ill_index
3576 * can hold a value of IF_INDEX_MAX+1 without there being any loss
3577 * (i.e. reset back to 0.)
3578 */
3579 boolean_t
3581 {
3582 uint_t loops;
3587 /*
3588 * Reached the maximum ifindex value, set the wrap
3589 * flag to indicate that it is no longer possible
3590 * to assume that a given index is unallocated.
3591 */
3593 }
3595 }
3600 /*
3601 * Start reusing unused indexes. Note that we hold the ill_g_lock
3602 * at this point and don't want to call any function that attempts
3603 * to get the lock again.
3604 */
3607 /* found unused index - use it */
3610 }
3615 }
3617 /*
3618 * all interface indicies are inuse.
3619 */
3621 }
3623 /*
3624 * Assign a unique interface index for the phyint.
3625 */
3626 static boolean_t
3628 {
3631 }
3633 /*
3634 * Initialize the flags on `phyi' as per the provided mactype.
3635 */
3636 static void
3638 {
3641 /*
3642 * Initialize PHYI_RUNNING and PHYI_FAILED. For non-IPMP interfaces,
3643 * we always presume the underlying hardware is working and set
3644 * PHYI_RUNNING (if it's not, the driver will subsequently send a
3645 * DL_NOTE_LINK_DOWN message). For IPMP interfaces, at initialization
3646 * there are no active interfaces in the group so we set PHYI_FAILED.
3647 */
3650 else
3663 }
3668 }
3670 /*
3671 * Return a pointer to the ill which matches the supplied name. Note that
3672 * the ill name length includes the null termination character. (May be
3673 * called as writer.)
3674 * If do_alloc and the interface is "lo0" it will be automatically created.
3675 * Cannot bump up reference on condemned ills. So dup detect can't be done
3676 * using this func.
3677 */
3678 ill_t *
3681 {
3686 boolean_t isloopback;
3687 in6_addr_t ov6addr;
3697 /*
3698 * Couldn't find it. Does this happen to be a lookup for the
3699 * loopback device and are we allowed to allocate it?
3700 */
3709 }
3711 /* Create the loopback device on demand */
3720 /*
3721 * For exclusive stacks we set the zoneid to zero
3722 * to make IP operate as if in the global zone.
3723 */
3735 /*
3736 * ipif_loopback_name can't be pointed at directly because its used
3737 * by both the ipv4 and ipv6 interfaces. When the ill is removed
3738 * from the glist, ill_glist_delete() sets the first character of
3739 * ill_name to '\0'.
3740 */
3744 /* Set ill_dlpi_pending for ipsq_current_finish() to work properly */
3754 /* Set up default loopback address and mask. */
3769 }
3771 /*
3772 * Chain us in at the end of the ill list. hold the ill
3773 * before we make it globally visible. 1 for the lookup.
3774 */
3782 /* Let SCTP know so that it can add this to its list */
3785 /*
3786 * We have already assigned ipif_v6lcl_addr above, but we need to
3787 * call sctp_update_ipif_addr() after SCTP_ILL_INSERT, which
3788 * requires to be after ill_glist_insert() since we need the
3789 * ill_index set. Pass on ipv6_loopback as the old address.
3790 */
3795 /*
3796 * ill_glist_insert() -> ill_phyint_reinit() may have merged IPSQs.
3797 * If so, free our original one.
3798 */
3803 /* Export loopback interface statistics */
3810 loopback_kstat_update;
3816 netstack_stackid;
3818 }
3819 }
3826 done:
3833 }
3835 }
3840 }
3843 }
3845 /*
3846 * For IPP calls - use the ip_stack_t for global stack.
3847 */
3848 ill_t *
3850 {
3861 }
3866 }
3868 /*
3869 * Return a pointer to the ill which matches the index and IP version type.
3870 */
3871 ill_t *
3873 {
3877 /*
3878 * Indexes are stored in the phyint - a common structure
3879 * to both IPv4 and IPv6.
3880 */
3893 }
3895 }
3896 }
3899 }
3901 /*
3902 * Verify whether or not an interface index is valid for the specified zoneid
3903 * to transmit packets.
3904 * It can be zero (meaning "reset") or an interface index assigned
3905 * to a non-VNI interface. (We don't use VNI interface to send packets.)
3906 */
3907 boolean_t
3910 {
3922 }
3925 }
3927 /*
3928 * Return the ifindex next in sequence after the passed in ifindex.
3929 * If there is no next ifindex for the given protocol, return 0.
3930 */
3931 uint_t
3933 {
3936 uint_t ifindex;
3947 }
3952 /*
3953 * If we're not returning the first interface in the tree
3954 * and we still haven't moved past the phyint_t that
3955 * corresponds to index, avl_walk needs to be called again
3956 */
3968 }
3969 }
3970 }
3976 else
3980 }
3982 /*
3983 * Return the ifindex for the named interface.
3984 * If there is no next ifindex for the interface, return 0.
3985 */
3986 uint_t
3988 {
3991 uint_t ifindex;
3999 }
4006 }
4008 /*
4009 * Return the ifindex to be used by upper layer protocols for instance
4010 * for IPV6_RECVPKTINFO. If IPMP this is the one for the upper ill.
4011 */
4012 uint_t
4014 {
4017 else
4019 }
4022 /*
4023 * Obtain a reference to the ill. The ill_refcnt is a dynamic refcnt
4024 * that gives a running thread a reference to the ill. This reference must be
4025 * released by the thread when it is done accessing the ill and related
4026 * objects. ill_refcnt can not be used to account for static references
4027 * such as other structures pointing to an ill. Callers must generally
4028 * check whether an ill can be refheld by using ILL_CAN_LOOKUP macros
4029 * or be sure that the ill is not being deleted or changing state before
4030 * calling the refhold functions. A non-zero ill_refcnt ensures that the
4031 * ill won't change any of its critical state such as address, netmask etc.
4032 */
4033 void
4035 {
4040 }
4042 void
4044 {
4048 }
4050 /* Returns true if we managed to get a refhold */
4051 boolean_t
4053 {
4059 }
4062 }
4064 /*
4065 * Must not be called while holding any locks. Otherwise if this is
4066 * the last reference to be released, there is a chance of recursive mutex
4067 * panic due to ill_refrele -> ipif_ill_refrele_tail -> qwriter_ip trying
4068 * to restart an ioctl.
4069 */
4070 void
4072 {
4078 /* Every ire pointing to the ill adds 1 to ill_refcnt */
4081 }
4083 /* Drops the ill_lock */
4085 }
4087 /*
4088 * Obtain a weak reference count on the ill. This reference ensures the
4089 * ill won't be freed, but the ill may change any of its critical state
4090 * such as netmask, address etc. Returns an error if the ill has started
4091 * closing.
4092 */
4093 boolean_t
4095 {
4100 }
4104 }
4106 void
4108 {
4114 }
4116 /*
4117 * ip_ll_subnet_defaults is called when we get the DL_INFO_ACK back from the
4118 * driver. We construct best guess defaults for lower level information that
4119 * we need. If an interface is brought up without injection of any overriding
4120 * information from outside, we have to be ready to go with these defaults.
4121 * When we get the first DL_INFO_ACK (from ip_open() sending a DL_INFO_REQ)
4122 * we primarely want the dl_provider_style.
4123 * The subsequent DL_INFO_ACK is received after doing a DL_ATTACH and DL_BIND
4124 * at which point we assume the other part of the information is valid.
4125 */
4126 void
4128 {
4131 t_scalar_t sap_length;
4139 /*
4140 * Till the ill is fully up the ill is not globally visible.
4141 * So no need for a lock.
4142 */
4150 }
4153 /*
4154 * When the new DLPI stuff is ready we'll pull lengths
4155 * from dlia.
4156 */
4160 brdcst_addr_length);
4163 }
4173 }
4179 /*
4180 * Synthetic DLPI types such as SUNW_DL_IPMP specify a zero SDU,
4181 * but we must ensure a minimum IP MTU is used since other bits of
4182 * IP will fly apart otherwise.
4183 */
4198 /*
4199 * Allocate the first ipif on this ill. We don't delay it
4200 * further as ioctl handling assumes at least one ipif exists.
4201 *
4202 * At this point we don't know whether the ill is v4 or v6.
4203 * We will know this whan the SIOCSLIFNAME happens and
4204 * the correct value for ill_isv6 will be assigned in
4205 * ipif_set_values(). We need to hold the ill lock and
4206 * clear the ILL_LL_SUBNET_PENDING flag and atomically do
4207 * the wakeup.
4208 */
4219 }
4221 /*
4222 * We know whether it is IPv4 or IPv6 now, as this is the
4223 * second DL_INFO_ACK we are recieving in response to the
4224 * DL_INFO_REQ sent in ipif_set_values.
4225 */
4227 /*
4228 * Clear all the flags that were set based on ill_bcast_addr_length
4229 * and ill_phys_addr_length (in ipif_set_values) as these could have
4230 * changed now and we need to re-evaluate.
4231 */
4235 /*
4236 * Free ill_bcast_mp as things could have changed now.
4237 *
4238 * NOTE: The IPMP meta-interface is special-cased because it starts
4239 * with no underlying interfaces (and thus an unknown broadcast
4240 * address length), but we enforce that an interface is broadcast-
4241 * capable as part of allowing it to join a group.
4242 */
4254 /*
4255 * Note: xresolv interfaces will eventually need NOARP
4256 * set here as well, but that will require those
4257 * external resolvers to have some knowledge of
4258 * that flag and act appropriately. Not to be changed
4259 * at present.
4260 */
4262 else
4270 /*
4271 * The underying link is point-to-point, so mark the
4272 * interface as such. We can do IP multicast over
4273 * such a link since it transmits all network-layer
4274 * packets to the remote side the same way.
4275 */
4278 }
4286 /*
4287 * Later detect lack of DLPI driver multicast
4288 * capability by catching DL_ENABMULTI errors in
4289 * ip_rput_dlpi.
4290 */
4294 }
4296 /* For IPMP, PHYI_IPMP should already be set by phyint_flags_init() */
4300 /* By default an interface does not support any CoS marking */
4303 /*
4304 * If we get QoS information in DL_INFO_ACK, the device supports
4305 * some form of CoS marking, set ILLF_COS_ENABLED.
4306 */
4311 }
4313 /* Clear any previous error indication. */
4316 }
4318 /*
4319 * Perform various checks to verify that an address would make sense as a
4320 * local, remote, or subnet interface address.
4321 */
4322 static boolean_t
4324 {
4325 ipaddr_t net_mask;
4327 /*
4328 * Don't allow all zeroes, or all ones, but allow
4329 * all ones netmask.
4330 */
4333 /* A given netmask overrides the "guess" netmask */
4339 }
4341 /*
4342 * Even if the netmask is all ones, we do not allow address to be
4343 * 255.255.255.255
4344 */
4352 }
4354 #define V6_IPIF_LINKLOCAL(p) \
4355 IN6_IS_ADDR_LINKLOCAL(&(p)->ipif_v6lcl_addr)
4357 /*
4358 * Compare two given ipifs and check if the second one is better than
4359 * the first one using the order of preference (not taking deprecated
4360 * into acount) specified in ipif_lookup_multicast().
4361 */
4362 static boolean_t
4364 {
4365 /* Check the least preferred first. */
4367 /* If both ipifs are the same, use the first one. */
4370 else
4372 }
4374 /* For IPv6, check for link local address. */
4378 /* The second one is equal or less preferred. */
4382 }
4383 }
4385 /* Then check for point to point interface. */
4393 }
4394 }
4396 /* old_ipif is a normal interface, so no need to use the new one. */
4398 }
4400 /*
4401 * Find a mulitcast-capable ipif given an IP instance and zoneid.
4402 * The ipif must be up, and its ill must multicast-capable, not
4403 * condemned, not an underlying interface in an IPMP group, and
4404 * not a VNI interface. Order of preference:
4405 *
4406 * 1a. normal
4407 * 1b. normal, but deprecated
4408 * 2a. point to point
4409 * 2b. point to point, but deprecated
4410 * 3a. link local
4411 * 3b. link local, but deprecated
4412 * 4. loopback.
4413 */
4416 {
4418 ill_walk_context_t ctx;
4426 else
4436 }
4443 }
4447 }
4449 /*
4450 * Found one candidate. If it is deprecated,
4451 * remember it in dep_ipif. If it is not deprecated,
4452 * remember it in saved_ipif.
4453 */
4458 isv6)) {
4459 /*
4460 * If the previous dep_ipif does not
4461 * belong to the same ill, we've done
4462 * a ipif_refhold() on it. So we need
4463 * to release it.
4464 */
4468 }
4470 }
4478 }
4479 }
4480 }
4481 /*
4482 * Before going to the next ill, do a ipif_refhold() on the
4483 * saved ones.
4484 */
4490 }
4493 /*
4494 * If we have only the saved_ipif, return it. But if we have both
4495 * saved_ipif and dep_ipif, check to see which one is better.
4496 */
4505 }
4506 }
4510 }
4511 }
4513 ill_t *
4515 {
4527 }
4529 /*
4530 * This function is called when an application does not specify an interface
4531 * to be used for multicast traffic (joining a group/sending data). It
4532 * calls ire_lookup_multi() to look for an interface route for the
4533 * specified multicast group. Doing this allows the administrator to add
4534 * prefix routes for multicast to indicate which interface to be used for
4535 * multicast traffic in the above scenario. The route could be for all
4536 * multicast (224.0/4), for a single multicast group (a /32 route) or
4537 * anything in between. If there is no such multicast route, we just find
4538 * any multicast capable interface and return it. The returned ipif
4539 * is refhold'ed.
4540 */
4541 ill_t *
4544 {
4552 }
4554 /*
4555 * Look for an ipif with the specified interface address and destination.
4556 * The destination address is used only for matching point-to-point interfaces.
4557 */
4558 ipif_t *
4560 {
4563 ill_walk_context_t ctx;
4565 /*
4566 * First match all the point-to-point interfaces
4567 * before looking at non-point-to-point interfaces.
4568 * This is done to avoid returning non-point-to-point
4569 * ipif instead of unnumbered point-to-point ipif.
4570 */
4577 /* Allow the ipif to be down */
4586 }
4587 }
4588 }
4590 }
4593 /* lookup the ipif based on interface address */
4597 }
4599 /*
4600 * Common function for ipif_lookup_addr() and ipif_lookup_addr_exact().
4601 */
4605 {
4609 ill_walk_context_t ctx;
4614 /*
4615 * Repeat twice, first based on local addresses and
4616 * next time for pointopoint.
4617 */
4618 repeat:
4624 }
4636 /* Allow the ipif to be down */
4646 }
4647 }
4648 }
4650 }
4652 /* If we already did the ptp case, then we are done */
4656 }
4659 }
4661 /*
4662 * Lookup an ipif with the specified address. For point-to-point links we
4663 * look for matches on either the destination address or the local address,
4664 * but we skip the local address check if IPIF_UNNUMBERED is set. If the
4665 * `match_ill' argument is non-NULL, the lookup is restricted to that ill
4666 * (or illgrp if `match_ill' is in an IPMP group).
4667 */
4668 ipif_t *
4671 {
4674 }
4676 /*
4677 * Lookup an ipif with the specified address. Similar to ipif_lookup_addr,
4678 * except that we will only return an address if it is not marked as
4679 * IPIF_DUPLICATE
4680 */
4681 ipif_t *
4684 {
4688 }
4690 /*
4691 * Special abbreviated version of ipif_lookup_addr() that doesn't match
4692 * `match_ill' across the IPMP group. This function is only needed in some
4693 * corner-cases; almost everything should use ipif_lookup_addr().
4694 */
4695 ipif_t *
4697 {
4700 ipst));
4701 }
4703 /*
4704 * Look for an ipif with the specified address. For point-point links
4705 * we look for matches on either the destination address and the local
4706 * address, but we ignore the check on the local address if IPIF_UNNUMBERED
4707 * is set.
4708 * If the `match_ill' argument is non-NULL, the lookup is restricted to that
4709 * ill (or illgrp if `match_ill' is in an IPMP group).
4710 * Return the zoneid for the ipif which matches. ALL_ZONES if no match.
4711 */
4712 zoneid_t
4714 {
4715 zoneid_t zoneid;
4719 ill_walk_context_t ctx;
4722 /*
4723 * Repeat twice, first based on local addresses and
4724 * next time for pointopoint.
4725 */
4726 repeat:
4732 }
4736 /* Allow the ipif to be down */
4746 }
4747 }
4749 }
4751 /* If we already did the ptp case, then we are done */
4755 }
4758 }
4760 /*
4761 * Look for an ipif that matches the specified remote address i.e. the
4762 * ipif that would receive the specified packet.
4763 * First look for directly connected interfaces and then do a recursive
4764 * IRE lookup and pick the first ipif corresponding to the source address in the
4765 * ire.
4766 * Returns: held ipif
4767 *
4768 * This is only used for ICMP_ADDRESS_MASK_REQUESTs
4769 */
4770 ipif_t *
4772 {
4777 /*
4778 * Someone could be changing this ipif currently or change it
4779 * after we return this. Thus a few packets could use the old
4780 * old values. However structure updates/creates (ire, ilg, ilm etc)
4781 * will atomically be updated or cleaned up with the new value
4782 * Thus we don't need a lock to check the flags or other attrs below.
4783 */
4791 /* Allow the ipif to be down */
4799 }
4804 }
4805 }
4807 /*
4808 * For a remote destination it isn't possible to nail down a particular
4809 * ipif.
4810 */
4812 /* Pick the first interface */
4815 }
4817 /*
4818 * This func does not prevent refcnt from increasing. But if
4819 * the caller has taken steps to that effect, then this func
4820 * can be used to determine whether the ill has become quiescent
4821 */
4822 static boolean_t
4824 {
4832 }
4835 }
4837 }
4839 boolean_t
4841 {
4849 }
4850 }
4853 }
4855 }
4857 /*
4858 * This func does not prevent refcnt from increasing. But if
4859 * the caller has taken steps to that effect, then this func
4860 * can be used to determine whether the ipif has become quiescent
4861 */
4862 static boolean_t
4864 {
4876 }
4878 /* This is the last ipif going down or being deleted on this ill */
4881 }
4884 }
4886 /*
4887 * return true if the ipif can be destroyed: the ipif has to be quiescent
4888 * with zero references from ire/ilm to it.
4889 */
4890 static boolean_t
4892 {
4896 }
4898 /*
4899 * The ipif/ill/ire has been refreled. Do the tail processing.
4900 * Determine if the ipif or ill in question has become quiescent and if so
4901 * wakeup close and/or restart any queued pending ioctl that is waiting
4902 * for the ipif_down (or ill_down)
4903 */
4904 void
4906 {
4917 /* ip_modclose() may be waiting */
4919 }
4948 /*
4949 * ILL_FREE is only for loopback; normal ill teardown waits
4950 * synchronously in ip_modclose() without using ipx_waitfor,
4951 * handled by the cv_broadcast() at the top of this function.
4952 */
4959 }
4968 /*
4969 * NOTE: all of the qwriter_ip() calls below use CUR_OP since
4970 * we can only get here when the current operation decides it
4971 * it needs to quiesce via ipsq_pending_mp_add().
4972 */
4976 /*
4977 * For now, only DL_NOTIFY_IND messages can use this facility.
4978 */
4994 }
5000 B_TRUE);
5012 }
5014 unlock:
5018 }
5020 #ifdef DEBUG
5021 /* Reuse trace buffer from beginning (if reached the end) and record trace */
5022 static void
5024 {
5026 uint_t lastref;
5029 lastref++;
5036 }
5038 static void
5040 {
5045 }
5047 /*
5048 * Find or create the per-thread hash table used to track object references.
5049 * The ipst argument is NULL if we shouldn't allocate.
5050 *
5051 * Accesses per-thread data, so there's no need to lock here.
5052 */
5055 {
5069 /*
5070 * We use mod_hash_create_extended here rather than the more
5071 * obvious mod_hash_create_ptrhash because the latter has a
5072 * hard-coded KM_SLEEP, and we'd prefer to fail rather than
5073 * block.
5074 */
5084 }
5087 /*
5088 * We trace ills, ipifs, ires, and nces. All of these are
5089 * per-IP-stack, so the lock on the thread list is as well.
5090 */
5096 }
5098 }
5100 boolean_t
5102 {
5105 mod_hash_val_t val;
5110 /*
5111 * Attempt to locate the trace buffer for this obj and thread.
5112 * If it does not exist, then allocate a new trace buffer and
5113 * insert into the hash.
5114 */
5125 }
5128 }
5136 }
5138 /*
5139 * For the purpose of tracing a reference release, we assume that global
5140 * tracing is always on and that the same thread initiated the reference hold
5141 * is releasing.
5142 */
5143 void
5145 {
5149 mod_hash_val_t val;
5159 }
5161 /*
5162 * If tracing has been disabled, then we assume that the reference counts are
5163 * now useless, and we clear them out before destroying the entries.
5164 */
5165 void
5167 {
5170 mod_hash_val_t val;
5184 }
5185 }
5187 }
5189 void
5191 {
5200 }
5201 }
5203 void
5205 {
5210 }
5212 void
5214 {
5223 }
5224 }
5226 void
5228 {
5233 }
5235 /*
5236 * Called when ipif is unplumbed or when memory alloc fails. Note that on
5237 * failure, ipif_trace_disable is set.
5238 */
5239 static void
5241 {
5243 }
5245 /*
5246 * Called when ill is unplumbed or when memory alloc fails. Note that on
5247 * failure, ill_trace_disable is set.
5248 */
5249 static void
5251 {
5253 }
5256 void
5258 {
5262 }
5264 void
5266 {
5274 }
5276 /*
5277 * Must not be called while holding any locks. Otherwise if this is
5278 * the last reference to be released there is a chance of recursive mutex
5279 * panic due to ipif_refrele -> ipif_ill_refrele_tail -> qwriter_ip trying
5280 * to restart an ioctl.
5281 */
5282 void
5284 {
5296 }
5298 /* Drops the ill_lock */
5300 }
5302 ipif_t *
5304 {
5315 }
5318 }
5320 /*
5321 * TODO: make this table extendible at run time
5322 * Return a pointer to the mac type info for 'mac_type'
5323 */
5326 {
5333 }
5335 /*
5336 * Make a link layer address from the multicast IP address *addr.
5337 * To form the link layer address, invoke the ip_m_v*mapping function
5338 * associated with the link-layer type.
5339 */
5340 void
5342 {
5357 }
5360 else
5362 }
5364 /*
5365 * Returns B_FALSE if the IPv4 netmask pointed by `mask' is non-contiguous.
5366 * Otherwise returns B_TRUE.
5367 *
5368 * The netmask can be verified to be contiguous with 32 shifts and or
5369 * operations. Take the contiguous mask (in host byte order) and compute
5370 * mask | mask << 1 | mask << 2 | ... | mask << 31
5371 * the result will be the same as the 'mask' for contiguous mask.
5372 */
5373 static boolean_t
5375 {
5383 }
5385 /*
5386 * ip_rt_add is called to add an IPv4 route to the forwarding table.
5387 * ill is passed in to associate it with the correct interface.
5388 * If ire_arg is set, then we return the held IRE in that location.
5389 */
5390 int
5394 {
5398 uint_t type;
5407 /* disallow non-contiguous netmasks */
5411 /*
5412 * If this is the case of RTF_HOST being set, then we set the netmask
5413 * to all ones (regardless if one was supplied).
5414 */
5418 /*
5419 * Prevent routes with a zero gateway from being created (since
5420 * interfaces can currently be plumbed and brought up no assigned
5421 * address).
5422 */
5425 /*
5426 * Get the ipif, if any, corresponding to the gw_addr
5427 * If -ifp was specified we restrict ourselves to the ill, otherwise
5428 * we match on the gatway and destination to handle unnumbered pt-pt
5429 * interfaces.
5430 */
5433 else
5439 }
5440 }
5442 /*
5443 * GateD will attempt to create routes with a loopback interface
5444 * address as the gateway and with RTF_GATEWAY set. We allow
5445 * these routes to be added, but create them as interface routes
5446 * since the gateway is an interface address.
5447 */
5458 }
5469 zoneid,
5471 ipst);
5476 }
5477 /* src address assigned by the caller? */
5483 /*
5484 * In the result of failure, ire_add() will have
5485 * already deleted the ire in question, so there
5486 * is no need to do that here.
5487 */
5490 }
5491 /*
5492 * Check if it was a duplicate entry. This handles
5493 * the case of two racing route adds for the same route
5494 */
5501 }
5504 }
5505 }
5507 /*
5508 * Traditionally, interface routes are ones where RTF_GATEWAY isn't set
5509 * and the gateway address provided is one of the system's interface
5510 * addresses. By using the routing socket interface and supplying an
5511 * RTA_IFP sockaddr with an interface index, an alternate method of
5512 * specifying an interface route to be created is available which uses
5513 * the interface index that specifies the outgoing interface rather than
5514 * the address of an outgoing interface (which may not be able to
5515 * uniquely identify an interface). When coupled with the RTF_GATEWAY
5516 * flag, routes can be specified which not only specify the next-hop to
5517 * be used when routing to a certain prefix, but also which outgoing
5518 * interface should be used.
5519 *
5520 * Previously, interfaces would have unique addresses assigned to them
5521 * and so the address assigned to a particular interface could be used
5522 * to identify a particular interface. One exception to this was the
5523 * case of an unnumbered interface (where IPIF_UNNUMBERED was set).
5524 *
5525 * With the advent of IPv6 and its link-local addresses, this
5526 * restriction was relaxed and interfaces could share addresses between
5527 * themselves. In fact, typically all of the link-local interfaces on
5528 * an IPv6 node or router will have the same link-local address. In
5529 * order to differentiate between these interfaces, the use of an
5530 * interface index is necessary and this index can be carried inside a
5531 * RTA_IFP sockaddr (which is actually a sockaddr_dl). One restriction
5532 * of using the interface index, however, is that all of the ipif's that
5533 * are part of an ill have the same index and so the RTA_IFP sockaddr
5534 * cannot be used to differentiate between ipif's (or logical
5535 * interfaces) that belong to the same ill (physical interface).
5536 *
5537 * For example, in the following case involving IPv4 interfaces and
5538 * logical interfaces
5539 *
5540 * 192.0.2.32 255.255.255.224 192.0.2.33 U if0
5541 * 192.0.2.32 255.255.255.224 192.0.2.34 U if0
5542 * 192.0.2.32 255.255.255.224 192.0.2.35 U if0
5543 *
5544 * the ipif's corresponding to each of these interface routes can be
5545 * uniquely identified by the "gateway" (actually interface address).
5546 *
5547 * In this case involving multiple IPv6 default routes to a particular
5548 * link-local gateway, the use of RTA_IFP is necessary to specify which
5549 * default route is of interest:
5550 *
5551 * default fe80::123:4567:89ab:cdef U if0
5552 * default fe80::123:4567:89ab:cdef U if1
5553 */
5555 /* RTF_GATEWAY not set */
5557 /*
5558 * Whether or not ill (RTA_IFP) is set, we require that
5559 * the gateway is one of our local addresses.
5560 */
5564 /*
5565 * We use MATCH_IRE_ILL here. If the caller specified an
5566 * interface (from the RTA_IFP sockaddr) we use it, otherwise
5567 * we use the ill derived from the gateway address.
5568 * We can always match the gateway address since we record it
5569 * in ire_gateway_addr.
5570 * We don't allow RTA_IFP to specify a different ill than the
5571 * one matching the ipif to make sure we can delete the route.
5572 */
5579 }
5581 /*
5582 * We check for an existing entry at this point.
5583 *
5584 * Since a netmask isn't passed in via the ioctl interface
5585 * (SIOCADDRT), we don't check for a matching netmask in that
5586 * case.
5587 */
5596 }
5598 /*
5599 * Some software (for example, GateD and Sun Cluster) attempts
5600 * to create (what amount to) IRE_PREFIX routes with the
5601 * loopback address as the gateway. This is primarily done to
5602 * set up prefixes with the RTF_REJECT flag set (for example,
5603 * when generating aggregate routes.)
5604 *
5605 * If the IRE type (as defined by ill->ill_net_type) would be
5606 * IRE_LOOPBACK, then we map the request into a
5607 * IRE_IF_NORESOLVER. We also OR in the RTF_BLACKHOLE flag as
5608 * these interface routes, by definition, can only be that.
5609 *
5610 * Needless to say, the real IRE_LOOPBACK is NOT created by this
5611 * routine, but rather using ire_create() directly.
5612 *
5613 */
5618 }
5620 /*
5621 * Create a copy of the IRE_IF_NORESOLVER or
5622 * IRE_IF_RESOLVER with the modified address, netmask, and
5623 * gateway.
5624 */
5629 type,
5630 ill,
5631 zoneid,
5632 flags,
5633 ipst);
5637 }
5639 /* src address assigned by the caller? */
5645 /*
5646 * In the result of failure, ire_add() will have
5647 * already deleted the ire in question, so there
5648 * is no need to do that here.
5649 */
5652 }
5653 /*
5654 * Check if it was a duplicate entry. This handles
5655 * the case of two racing route adds for the same route
5656 */
5662 }
5665 }
5667 /*
5668 * Get an interface IRE for the specified gateway.
5669 * If we don't have an IRE_IF_NORESOLVER or IRE_IF_RESOLVER for the
5670 * gateway, it is currently unreachable and we fail the request
5671 * accordingly. We reject any RTF_GATEWAY routes where the gateway
5672 * is an IRE_LOCAL or IRE_LOOPBACK.
5673 * If RTA_IFP was specified we look on that particular ill.
5674 */
5678 /* Check whether the gateway is reachable. */
5679 again:
5687 /*
5688 * With IPMP, we allow host routes to influence in.mpathd's
5689 * target selection. However, if the test addresses are on
5690 * their own network, the above lookup will fail since the
5691 * underlying IRE_INTERFACEs are marked hidden. So allow
5692 * hidden test IREs to be found and try again.
5693 */
5697 }
5701 }
5707 }
5713 }
5715 /*
5716 * We create one of three types of IREs as a result of this request
5717 * based on the netmask. A netmask of all ones (which is automatically
5718 * assumed when RTF_HOST is set) results in an IRE_HOST being created.
5719 * An all zeroes netmask implies a default route so an IRE_DEFAULT is
5720 * created. Otherwise, an IRE_PREFIX route is created for the
5721 * destination prefix.
5722 */
5727 else
5730 /* check for a duplicate entry */
5733 NULL);
5740 }
5742 /* Create the IRE. */
5748 ill,
5749 zoneid,
5750 flags,
5751 ipst);
5758 }
5760 /* src address assigned by the caller? */
5766 /*
5767 * POLICY: should we allow an RTF_HOST with address INADDR_ANY?
5768 * SUN/OS socket stuff does but do we really want to allow 0.0.0.0?
5769 */
5771 /* Add the new IRE. */
5774 /*
5775 * In the result of failure, ire_add() will have
5776 * already deleted the ire in question, so there
5777 * is no need to do that here.
5778 */
5783 }
5784 /*
5785 * Check if it was a duplicate entry. This handles
5786 * the case of two racing route adds for the same route
5787 */
5795 }
5798 save_ire:
5802 }
5804 /*
5805 * Save enough information so that we can recreate the IRE if
5806 * the interface goes down and then up. The metrics associated
5807 * with the route will be saved as well when rts_setmetrics() is
5808 * called after the IRE has been created. In the case where
5809 * memory cannot be allocated, none of this information will be
5810 * saved.
5811 */
5813 }
5817 /*
5818 * Store the ire that was successfully added into where ire_arg
5819 * points to so that callers don't have to look it up
5820 * themselves (but they are responsible for ire_refrele()ing
5821 * the ire when they are finished with it).
5822 */
5826 }
5830 }
5832 /*
5833 * ip_rt_delete is called to delete an IPv4 route.
5834 * ill is passed in to associate it with the correct interface.
5835 */
5836 /* ARGSUSED4 */
5837 int
5841 {
5844 uint_t type;
5849 /*
5850 * If this is the case of RTF_HOST being set, then we set the netmask
5851 * to all ones. Otherwise, we use the netmask if one was supplied.
5852 */
5858 }
5860 /*
5861 * Note that RTF_GATEWAY is never set on a delete, therefore
5862 * we check if the gateway address is one of our interfaces first,
5863 * and fall back on RTF_GATEWAY routes.
5864 *
5865 * This makes it possible to delete an original
5866 * IRE_IF_NORESOLVER/IRE_IF_RESOLVER - consistent with SunOS 4.1.
5867 * However, we have RTF_KERNEL set on the ones created by ipif_up
5868 * and those can not be deleted here.
5869 *
5870 * We use MATCH_IRE_ILL if we know the interface. If the caller
5871 * specified an interface (from the RTA_IFP sockaddr) we use it,
5872 * otherwise we use the ill derived from the gateway address.
5873 * We can always match the gateway address since we record it
5874 * in ire_gateway_addr.
5875 *
5876 * For more detail on specifying routes by gateway address and by
5877 * interface index, see the comments in ip_rt_add().
5878 */
5885 else
5893 }
5899 }
5900 /* Avoid deleting routes created by kernel from an ipif */
5904 }
5906 /* Restore in case we didn't find a match */
5908 }
5911 /*
5912 * At this point, the gateway address is not one of our own
5913 * addresses or a matching interface route was not found. We
5914 * set the IRE type to lookup based on whether
5915 * this is a host route, a default route or just a prefix.
5916 *
5917 * If an ill was passed in, then the lookup is based on an
5918 * interface index so MATCH_IRE_ILL is added to match_flags.
5919 */
5927 else
5931 }
5936 }
5949 }
5951 /*
5952 * ip_siocaddrt is called to complete processing of an SIOCADDRT IOCTL.
5953 */
5954 /* ARGSUSED */
5955 int
5958 {
5959 ipaddr_t dst_addr;
5960 ipaddr_t gw_addr;
5961 ipaddr_t mask;
5972 /* Existence of mp1 verified in ip_wput_nondata */
5979 /*
5980 * If the RTF_HOST flag is on, this is a request to assign a gateway
5981 * to a particular host address. In this case, we set the netmask to
5982 * all ones for the particular destination address. Otherwise,
5983 * determine the netmask to be used based on dst_addr and the interfaces
5984 * in use.
5985 */
5989 /*
5990 * Note that ip_subnet_mask returns a zero mask in the case of
5991 * default (an all-zeroes address).
5992 */
5994 }
6001 }
6003 /*
6004 * ip_siocdelrt is called to complete processing of an SIOCDELRT IOCTL.
6005 */
6006 /* ARGSUSED */
6007 int
6010 {
6011 ipaddr_t dst_addr;
6012 ipaddr_t gw_addr;
6013 ipaddr_t mask;
6024 /* Existence of mp1 verified in ip_wput_nondata */
6031 /*
6032 * If the RTF_HOST flag is on, this is a request to delete a gateway
6033 * to a particular host address. In this case, we set the netmask to
6034 * all ones for the particular destination address. Otherwise,
6035 * determine the netmask to be used based on dst_addr and the interfaces
6036 * in use.
6037 */
6041 /*
6042 * Note that ip_subnet_mask returns a zero mask in the case of
6043 * default (an all-zeroes address).
6044 */
6046 }
6054 }
6056 /*
6057 * Enqueue the mp onto the ipsq, chained by b_next.
6058 * b_prev stores the function to be executed later, and b_queue the queue
6059 * where this mp originated.
6060 */
6061 void
6064 {
6084 }
6095 }
6102 /* only one switch operation is currently allowed */
6109 }
6115 }
6116 }
6118 /*
6119 * Dequeue the next message that requested exclusive access to this IPSQ's
6120 * xop. Specifically:
6121 *
6122 * 1. If we're still processing the current operation on `ipsq', then
6123 * dequeue the next message for the operation (from ipx_mphead), or
6124 * return NULL if there are no queued messages for the operation.
6125 * These messages are queued via CUR_OP to qwriter_ip() and friends.
6126 *
6127 * 2. If the current operation on `ipsq' has completed (ipx_current_ipif is
6128 * not set) see if the ipsq has requested an xop switch. If so, switch
6129 * `ipsq' to a different xop. Xop switches only happen when joining or
6130 * leaving IPMP groups and require a careful dance -- see the comments
6131 * in-line below for details. If we're leaving a group xop or if we're
6132 * joining a group xop and become writer on it, then we proceed to (3).
6133 * Otherwise, we return NULL and exit the xop.
6134 *
6135 * 3. For each IPSQ in the xop, return any switch operation stored on
6136 * ipsq_switch_mp (set via SWITCH_OP); these must be processed before
6137 * any other messages queued on the IPSQ. Otherwise, dequeue the next
6138 * exclusive operation (queued via NEW_OP) stored on ipsq_xopq_mphead.
6139 * Note that if the phyint tied to `ipsq' is not using IPMP there will
6140 * only be one IPSQ in the xop. Otherwise, there will be one IPSQ for
6141 * each phyint in the group, including the IPMP meta-interface phyint.
6142 */
6145 {
6155 /*
6156 * Grab all the locks we need in the defined order (ill_g_lock ->
6157 * ipsq_lock -> ipx_lock); ill_g_lock is needed to use ipsq_next.
6158 */
6165 /*
6166 * Dequeue the next message associated with the current exclusive
6167 * operation, if any.
6168 */
6175 }
6181 /*
6182 * The exclusive operation that is now being completed has
6183 * requested a switch to a different xop. This happens
6184 * when an interface joins or leaves an IPMP group. Joins
6185 * happen through SIOCSLIFGROUPNAME (ip_sioctl_groupname()).
6186 * Leaves happen via SIOCSLIFGROUPNAME, interface unplumb
6187 * (phyint_free()), or interface plumb for an ill type
6188 * not in the IPMP group (ip_rput_dlpi_writer()).
6189 *
6190 * Xop switches are not allowed on the IPMP meta-interface.
6191 */
6197 /*
6198 * We're switching back to our own xop, so we have two
6199 * xop's to drain/exit: our own, and the group xop
6200 * that we are leaving.
6201 *
6202 * First, pull ourselves out of the group ipsq list.
6203 * This is safe since we're writer on ill_g_lock.
6204 */
6216 /*
6217 * Second, prepare to exit the group xop. The actual
6218 * ipsq_exit() is done at the end of this function
6219 * since we cannot hold any locks across ipsq_exit().
6220 * Note that although we drop the group's ipx_lock, no
6221 * threads can proceed since we're still ipx_writer.
6222 */
6226 /*
6227 * Third, set ipx to point to our own xop (which was
6228 * inactive and therefore can be entered).
6229 */
6235 /*
6236 * We're switching from our own xop to a group xop.
6237 * The requestor of the switch must ensure that the
6238 * group xop cannot go away (e.g. by ensuring the
6239 * phyint associated with the xop cannot go away).
6240 *
6241 * If we can become writer on our new xop, then we'll
6242 * do the drain. Otherwise, the current writer of our
6243 * new xop will do the drain when it exits.
6244 *
6245 * First, splice ourselves into the group IPSQ list.
6246 * This is safe since we're writer on ill_g_lock.
6247 */
6259 /*
6260 * Second, exit our own xop, since it's now unused.
6261 * This is safe since we've got the only reference.
6262 */
6269 /*
6270 * Third, set ipx to point to our new xop, and check
6271 * if we can become writer on it. If we cannot, then
6272 * the current writer will drain the IPSQ group when
6273 * it exits. Our ipsq_xop is guaranteed to be stable
6274 * because we're still holding ipsq_lock.
6275 */
6281 }
6282 }
6284 /*
6285 * Fourth, become writer on our new ipx before we continue
6286 * with the drain. Note that we never dropped ipsq_lock
6287 * above, so no other thread could've raced with us to
6288 * become writer first. Also, we're holding ipx_lock, so
6289 * no other thread can examine the ipx right now.
6290 */
6296 #ifdef DEBUG
6298 #endif
6299 }
6303 /*
6304 * So that other operations operate on a consistent and
6305 * complete phyint, a switch message on an IPSQ must be
6306 * handled prior to any other operations on that IPSQ.
6307 */
6313 }
6321 }
6323 empty:
6324 /*
6325 * There are no messages. Further, we are holding ipx_lock, hence no
6326 * new messages can end up on any IPSQ in the xop.
6327 */
6333 #ifdef DEBUG
6335 #endif
6336 out:
6340 /*
6341 * If we completely emptied the xop, then wake up any threads waiting
6342 * to enter any of the IPSQ's associated with it.
6343 */
6360 }
6363 /*
6364 * Now that all locks are dropped, exit the IPSQ we left.
6365 */
6370 }
6372 /*
6373 * Return completion status of previously initiated DLPI operations on
6374 * ills in the purview of an ipsq.
6375 */
6376 static boolean_t
6378 {
6387 /*
6388 * The only current users of this function are ipsq_try_enter
6389 * and ipsq_enter which have made sure that ipsq_writer is
6390 * NULL before we reach here. ill_dlpi_pending is modified
6391 * only by an ipsq writer
6392 */
6395 /*
6396 * phyi could be NULL if a phyint that is part of an
6397 * IPMP group is being unplumbed. A more detailed
6398 * comment is in ipmp_grp_update_kstats()
6399 */
6411 }
6416 }
6418 /*
6419 * Enter the ipsq corresponding to ill, by waiting synchronously till
6420 * we can enter the ipsq exclusively. Unless 'force' is used, the ipsq
6421 * will have to drain completely before ipsq_enter returns success.
6422 * ipx_current_ipif will be set if some exclusive op is in progress,
6423 * and the ipsq_exit logic will start the next enqueued op after
6424 * completion of the current op. If 'force' is used, we don't wait
6425 * for the enqueued ops. This is needed when a conn_close wants to
6426 * enter the ipsq and abort an ioctl that is somehow stuck. Unplumb
6427 * of an ill can also use this option. But we dont' use it currently.
6428 */
6429 #define ENTER_SQ_WAIT_TICKS 100
6430 boolean_t
6432 {
6438 /*
6439 * Note that the relationship between ill and ipsq is fixed as long as
6440 * the ill is not ILL_CONDEMNED. Holding ipsq_lock ensures the
6441 * relationship between the IPSQ and xop cannot change. However,
6442 * since we cannot hold ipsq_lock across the cv_wait(), it may change
6443 * while we're waiting. We wait on ill_cv and rely on ipsq_exit()
6444 * waking up all ills in the xop when it becomes available.
6445 */
6453 }
6462 waited_enough))
6477 }
6479 }
6486 #ifdef DEBUG
6488 #endif
6495 }
6497 /*
6498 * ipif_set_values() has a constraint that it cannot drop the ips_ill_g_lock
6499 * across the call to the core interface ipsq_try_enter() and hence calls this
6500 * function directly. This is explained more fully in ipif_set_values().
6501 * In order to support the above constraint, ipsq_try_enter is implemented as
6502 * a wrapper that grabs the ips_ill_g_lock and calls this function subsequently
6503 */
6507 {
6512 /*
6513 * lock ordering:
6514 * ill_g_lock -> conn_lock -> ill_lock -> ipsq_lock -> ipx_lock.
6515 *
6516 * ipx of an ipsq can't change when ipsq_lock is held.
6517 */
6526 /*
6527 * 1. Enter the ipsq if we are already writer and reentry is ok.
6528 * (Note: If the caller does not specify reentry_ok then neither
6529 * 'func' nor any of its callees must ever attempt to enter the ipsq
6530 * again. Otherwise it can lead to an infinite loop
6531 * 2. Enter the ipsq if there is no current writer and this attempted
6532 * entry is part of the current operation
6533 * 3. Enter the ipsq if there is no current writer and this is a new
6534 * operation and the operation queue is empty and there is no
6535 * operation currently in progress and if all previously initiated
6536 * DLPI operations have completed.
6537 */
6542 /* Success. */
6550 #ifdef DEBUG
6552 #endif
6554 }
6564 }
6566 /*
6567 * The ipsq_t (ipsq) is the synchronization data structure used to serialize
6568 * certain critical operations like plumbing (i.e. most set ioctls), etc.
6569 * There is one ipsq per phyint. The ipsq
6570 * serializes exclusive ioctls issued by applications on a per ipsq basis in
6571 * ipsq_xopq_mphead. It also protects against multiple threads executing in
6572 * the ipsq. Responses from the driver pertain to the current ioctl (say a
6573 * DL_BIND_ACK in response to a DL_BIND_REQ initiated as part of bringing
6574 * up the interface) and are enqueued in ipx_mphead.
6575 *
6576 * If a thread does not want to reenter the ipsq when it is already writer,
6577 * it must make sure that the specified reentry point to be called later
6578 * when the ipsq is empty, nor any code path starting from the specified reentry
6579 * point must never ever try to enter the ipsq again. Otherwise it can lead
6580 * to an infinite loop. The reentry point ip_rput_dlpi_writer is an example.
6581 * When the thread that is currently exclusive finishes, it (ipsq_exit)
6582 * dequeues the requests waiting to become exclusive in ipx_mphead and calls
6583 * the reentry point. When the list at ipx_mphead becomes empty ipsq_exit
6584 * proceeds to dequeue the next ioctl in ipsq_xopq_mphead and start the next
6585 * ioctl if the current ioctl has completed. If the current ioctl is still
6586 * in progress it simply returns. The current ioctl could be waiting for
6587 * a response from another module (the driver or could be waiting for
6588 * the ipif/ill/ire refcnts to drop to zero. In such a case the ipx_pending_mp
6589 * and ipx_pending_ipif are set. ipx_current_ipif is set throughout the
6590 * execution of the ioctl and ipsq_exit does not start the next ioctl unless
6591 * ipx_current_ipif is NULL which happens only once the ioctl is complete and
6592 * all associated DLPI operations have completed.
6593 */
6595 /*
6596 * Try to enter the IPSQ corresponding to `ipif' or `ill' exclusively (`ipif'
6597 * and `ill' cannot both be specified). Returns a pointer to the entered IPSQ
6598 * on success, or NULL on failure. The caller ensures ipif/ill is valid by
6599 * refholding it as necessary. If the IPSQ cannot be entered and `func' is
6600 * non-NULL, then `func' will be called back with `q' and `mp' once the IPSQ
6601 * can be entered. If `func' is NULL, then `q' and `mp' are ignored.
6602 */
6603 ipsq_t *
6606 {
6610 /* Only 1 of ipif or ill can be specified */
6622 }
6624 /*
6625 * Try to enter the IPSQ corresponding to `ill' as writer. The caller ensures
6626 * ill is valid by refholding it if necessary; we will refrele. If the IPSQ
6627 * cannot be entered, the mp is queued for completion.
6628 */
6629 void
6631 boolean_t reentry_ok)
6632 {
6637 /*
6638 * Drop the caller's refhold on the ill. This is safe since we either
6639 * entered the IPSQ (and thus are exclusive), or failed to enter the
6640 * IPSQ, in which case we return without accessing ill anymore. This
6641 * is needed because func needs to see the correct refcount.
6642 * e.g. removeif can work only then.
6643 */
6648 }
6649 }
6651 /*
6652 * Exit the specified IPSQ. If this is the final exit on it then drain it
6653 * prior to exiting. Caller must be writer on the specified IPSQ.
6654 */
6655 void
6657 {
6662 ipsq_func_t func;
6670 }
6677 /*
6678 * If we've changed to a new IPSQ, and the phyint associated
6679 * with the old one has gone away, free the old IPSQ. Note
6680 * that this cannot happen while the IPSQ is in a group.
6681 */
6686 }
6697 /*
6698 * If 'q' is an conn queue, it is valid, since we did a
6699 * a refhold on the conn at the start of the ioctl.
6700 * If 'q' is an ill queue, it is valid, since close of an
6701 * ill will clean up its IPSQ.
6702 */
6704 }
6705 }
6707 /*
6708 * Used to start any igmp or mld timers that could not be started
6709 * while holding ill_mcast_lock. The timers can't be started while holding
6710 * the lock, since mld/igmp_start_timers may need to call untimeout()
6711 * which can't be done while holding the lock which the timeout handler
6712 * acquires. Otherwise
6713 * there could be a deadlock since the timeout handlers
6714 * mld_timeout_handler_per_ill/igmp_timeout_handler_per_ill also acquire
6715 * ill_mcast_lock.
6716 */
6717 void
6719 {
6737 }
6739 /*
6740 * Start the current exclusive operation on `ipsq'; associate it with `ipif'
6741 * and `ioccmd'.
6742 */
6743 void
6745 {
6759 /*
6760 * Set IPIF_CHANGING on one or more ipifs associated with the
6761 * current exclusive operation. IPIF_CHANGING prevents any new
6762 * references to the ipif (so that the references will eventually
6763 * drop to zero) and also prevents any "get" operations (e.g.,
6764 * SIOCGLIFFLAGS) from being able to access the ipif until the
6765 * operation has completed and the ipif is again in a stable state.
6766 *
6767 * For ioctls, IPIF_CHANGING is set on the ipif associated with the
6768 * ioctl. For internal operations (where ioccmd is zero), all ipifs
6769 * on the ill are marked with IPIF_CHANGING since it's unclear which
6770 * ipifs will be affected.
6771 *
6772 * Note that SIOCLIFREMOVEIF is a special case as it sets
6773 * IPIF_CONDEMNED internally after identifying the right ipif to
6774 * operate on.
6775 */
6790 }
6791 }
6793 /*
6794 * Finish the current exclusive operation on `ipsq'. Usually, this will allow
6795 * the next exclusive operation to begin once we ipsq_exit(). However, if
6796 * pending DLPI operations remain, then we will wait for the queue to drain
6797 * before allowing the next exclusive operation to begin. This ensures that
6798 * DLPI operations from one exclusive operation are never improperly processed
6799 * as part of a subsequent exclusive operation.
6800 */
6801 void
6803 {
6810 /*
6811 * For SIOCLIFREMOVEIF, the ipif has been already been blown away
6812 * (but in that case, IPIF_CHANGING will already be clear and no
6813 * pending DLPI messages can remain).
6814 */
6826 }
6828 }
6837 }
6838 }
6840 /*
6841 * The ill is closing. Flush all messages on the ipsq that originated
6842 * from this ill. Usually there wont' be any messages on the ipsq_xopq_mphead
6843 * for this ill since ipsq_enter could not have entered until then.
6844 * New messages can't be queued since the CONDEMNED flag is set.
6845 */
6846 static void
6848 {
6857 /*
6858 * Flush any messages sent up by the driver.
6859 */
6865 /* dequeue mp */
6868 else
6873 }
6877 }
6878 }
6882 }
6884 /*
6885 * Parse an ifreq or lifreq struct coming down ioctls and refhold
6886 * and return the associated ipif.
6887 * Return value:
6888 * Non zero: An error has occurred. ci may not be filled out.
6889 * zero : ci is filled out with the ioctl cmd in ci.ci_name, and
6890 * a held ipif in ci.ci_ipif.
6891 */
6892 int
6895 {
6902 boolean_t isv6;
6905 zoneid_t zoneid;
6920 /* global zone can access ipifs in all zones */
6922 }
6924 }
6926 /* Has been checked in ip_wput_nondata */
6930 /* This a old style SIOC[GS]IF* command */
6932 /*
6933 * Null terminate the string to protect against buffer
6934 * overrun. String was generated by user code and may not
6935 * be trusted.
6936 */
6943 /* This a new style SIOC[GS]LIF* command */
6946 /*
6947 * Null terminate the string to protect against buffer
6948 * overrun. String was generated by user code and may not
6949 * be trusted.
6950 */
6956 }
6959 /*
6960 * The ioctl will be failed if the ioctl comes down
6961 * an conn stream
6962 */
6964 /*
6965 * Not an ill queue, return EINVAL same as the
6966 * old error code.
6967 */
6969 }
6973 /*
6974 * Ensure that ioctls don't see any internal state changes
6975 * caused by set ioctls by deferring them if IPIF_CHANGING is
6976 * set.
6977 */
6984 }
6985 }
6987 /*
6988 * Old style [GS]IFCMD does not admit IPv6 ipif
6989 */
6993 }
6997 /*
6998 * Handle a or a SIOC?IF* with a null name
6999 * during plumb (on the ill queue before the I_PLINK).
7000 */
7003 }
7013 }
7015 /*
7016 * Return the total number of ipifs.
7017 */
7018 static uint_t
7020 {
7023 ill_walk_context_t ctx;
7035 numifs++;
7036 }
7037 }
7040 }
7042 /*
7043 * Return the total number of ipifs.
7044 */
7045 static uint_t
7047 {
7051 ill_walk_context_t ctx;
7060 else
7077 IPIF_DEPRECATED)) ||
7089 numifs++;
7090 }
7091 }
7094 }
7096 uint_t
7098 {
7103 /*
7104 * ill_g_usesrc_lock protects ill_usesrc_grp_next, for example, some
7105 * other thread may be trying to relink the ILLs in this usesrc group
7106 * and adjusting the ill_usesrc_grp_next pointers
7107 */
7113 numifs++;
7114 }
7118 }
7120 /* Null values are passed in for ipif, sin, and ifreq */
7121 /* ARGSUSED */
7122 int
7125 {
7131 /* Existence of b_cont->b_cont checked in ip_wput_nondata */
7138 }
7140 /* Null values are passed in for ipif, sin, and ifreq */
7141 /* ARGSUSED */
7142 int
7145 {
7152 /* Existence checked in ip_wput_nondata */
7163 }
7169 }
7171 /* ARGSUSED */
7172 int
7175 {
7180 ill_walk_context_t ctx;
7185 zoneid_t zoneid;
7191 /* Existence verified in ip_wput_nondata */
7196 /*
7197 * The original SIOCGIFCONF passed in a struct ifconf which specified
7198 * the user buffer address and length into which the list of struct
7199 * ifreqs was to be copied. Since AT&T Streams does not seem to
7200 * allow M_COPYOUT to be used in conjunction with I_STR IOCTLS,
7201 * the SIOCGIFCONF operation was redefined to simply provide
7202 * a large output buffer into which we are supposed to jam the ifreq
7203 * array. The same ioctl command code was used, despite the fact that
7204 * both the applications and the kernel code had to change, thus making
7205 * it impossible to support both interfaces.
7206 *
7207 * For reasons not good enough to try to explain, the following
7208 * algorithm is used for deciding what to do with one of these:
7209 * If the IOCTL comes in as an I_STR, it is assumed to be of the new
7210 * form with the output buffer coming down as the continuation message.
7211 * If it arrives as a TRANSPARENT IOCTL, it is assumed to be old style,
7212 * and we have to copy in the ifconf structure to find out how big the
7213 * output buffer is and where to copy out to. Sure no problem...
7214 *
7215 */
7221 /*
7222 * Must be (better be!) continuation of a TRANSPARENT
7223 * IOCTL. We just copied in the ifconf structure.
7224 */
7228 /*
7229 * Allocate a buffer to hold requested information.
7230 *
7231 * If ifc_len is larger than what is needed, we only
7232 * allocate what we will use.
7233 *
7234 * If ifc_len is smaller than what is needed, return
7235 * EINVAL.
7236 *
7237 * XXX: the ill_t structure can hava 2 counters, for
7238 * v4 and v6 (not just ill_ipif_up_count) to store the
7239 * number of interfaces for a device, so we don't need
7240 * to count them here...
7241 */
7248 /* old behaviour */
7252 }
7253 }
7261 }
7263 /*
7264 * the SIOCGIFCONF ioctl only knows about
7265 * IPv4 addresses, so don't try to tell
7266 * it about interfaces with IPv6-only
7267 * addresses. (Last parm 'isv6' is B_FALSE)
7268 */
7284 /* old behaviour */
7289 }
7290 }
7297 ifr++;
7298 }
7299 }
7300 if_copydone:
7307 }
7309 }
7311 /*
7312 * Get the interfaces using the address hosted on the interface passed in,
7313 * as a source adddress
7314 */
7315 /* ARGSUSED */
7316 int
7319 {
7327 uint_t ifindex;
7328 zoneid_t zoneid;
7341 /* Existence verified in ip_wput_nondata */
7344 /*
7345 * Must be (better be!) continuation of a TRANSPARENT
7346 * IOCTL. We just copied in the lifsrcof structure.
7347 */
7359 ifindex));
7361 }
7363 /* Allocate a buffer to hold requested information */
7367 /* The actual size needed is always returned in lifs_len */
7370 /* If the amount we need is more than what is passed in, abort */
7374 }
7381 }
7391 /* ill_g_usesrc_lock protects ill_usesrc_grp_next */
7418 }
7419 lifr++;
7420 }
7428 }
7430 /* ARGSUSED */
7431 int
7434 {
7443 sa_family_t family;
7446 ill_walk_context_t ctx;
7449 zoneid_t zoneid;
7459 /* Existence verified in ip_wput_nondata */
7462 /*
7463 * An extended version of SIOCGIFCONF that takes an
7464 * additional address family and flags field.
7465 * AF_UNSPEC retrieve both IPv4 and IPv6.
7466 * Unless LIFC_NOXMIT is specified the IPIF_NOXMIT
7467 * interfaces are omitted.
7468 * Similarly, IPIF_TEMPORARY interfaces are omitted
7469 * unless LIFC_TEMPORARY is specified.
7470 * If LIFC_EXTERNAL_SOURCE is specified, IPIF_NOXMIT,
7471 * IPIF_NOLOCAL, PHYI_LOOPBACK, IPIF_DEPRECATED and
7472 * not IPIF_UP interfaces are omitted. LIFC_EXTERNAL_SOURCE
7473 * has priority over LIFC_NOXMIT.
7474 */
7480 /*
7481 * Must be (better be!) continuation of a TRANSPARENT
7482 * IOCTL. We just copied in the lifconf structure.
7483 */
7491 /*
7492 * walk all ILL's.
7493 */
7497 /*
7498 * walk only IPV4 ILL's.
7499 */
7503 /*
7504 * walk only IPV6 ILL's.
7505 */
7510 }
7512 /*
7513 * Allocate a buffer to hold requested information.
7514 *
7515 * If lifc_len is larger than what is needed, we only
7516 * allocate what we will use.
7517 *
7518 * If lifc_len is smaller than what is needed, return
7519 * EINVAL.
7520 */
7527 else
7529 }
7559 IPIF_DEPRECATED)) ||
7577 }
7578 }
7601 }
7602 lifr++;
7603 }
7604 }
7605 lif_copydone:
7612 }
7614 }
7616 static void
7618 {
7627 else
7630 /* These two ioctls are I_STR only */
7634 }
7638 /* The user passed us a NULL argument */
7642 /*
7643 * The user provided a table. The stream head
7644 * may have copied in the user data in chunks,
7645 * so make sure everything is pulled up
7646 * properly.
7647 */
7651 NULL) {
7654 }
7658 }
7661 }
7668 #if defined(_SYSCALL32_IMPL) && _LONG_LONG_ALIGNMENT_32 == 4
7676 /*
7677 * We need to do an in-place shrink of the array
7678 * to match the alignment attributes of the
7679 * 32-bit ABI looking at it.
7680 */
7681 /* LINTED: logical expression always true: op "||" */
7685 }
7686 #endif
7692 #if defined(_SYSCALL32_IMPL) && _LONG_LONG_ALIGNMENT_32 == 4
7693 /*
7694 * We pass in the datamodel here so that the ip6_asp_replace()
7695 * routine can handle converting from 32-bit to native formats
7696 * where necessary.
7697 *
7698 * A better way to handle this might be to convert the inbound
7699 * data structure here, and hang it off a new 'mp'; thus the
7700 * ip6_asp_replace() logic would always be dealing with native
7701 * format data structures..
7702 *
7703 * (An even simpler way to handle these ioctls is to just
7704 * add a 32-bit trailing 'pad' field to the ip6_asp_t structure
7705 * and just recompile everything that depends on it.)
7706 */
7707 #endif
7711 }
7715 }
7717 static void
7719 {
7724 ipaddr_t v4daddr;
7726 ipaddr_t v4setsrc;
7727 in6_addr_t v6setsrc;
7729 boolean_t isipv4;
7740 /*
7741 * This ioctl is I_STR only, and must have a
7742 * data mblk following the M_IOCTL mblk.
7743 */
7748 }
7756 }
7760 }
7770 /*
7771 * ip_addr_scope_v6() and ip6_asp_lookup() handle
7772 * v4 mapped addresses; ire_ftable_lookup_v6()
7773 * and ip_select_source_v6() do not.
7774 */
7788 }
7794 /* move on to next dst addr */
7796 }
7803 }
7805 /* With ipmp we most likely look at the ipmp ill here */
7809 ipaddr_t v4saddr;
7816 }
7824 }
7825 }
7833 }
7835 }
7837 /*
7838 * Check if this is an address assigned to this machine.
7839 * Skips interfaces that are down by using ire checks.
7840 * Translates mapped addresses to v4 addresses and then
7841 * treats them as such, returning true if the v4 address
7842 * associated with this mapped address is configured.
7843 * Note: Applications will have to be careful what they do
7844 * with the response; use of mapped addresses limits
7845 * what can be done with the socket, especially with
7846 * respect to socket options and ioctls - neither IPv4
7847 * options nor IPv6 sticky options/ancillary data options
7848 * may be used.
7849 */
7850 /* ARGSUSED */
7851 int
7854 {
7859 zoneid_t zoneid;
7868 /* Existence verified in ip_wput_nondata */
7877 ipaddr_t v4_addr;
7880 v4_addr);
7885 in6_addr_t v6addr;
7891 }
7893 }
7895 ipaddr_t v4addr;
7902 }
7905 }
7911 }
7913 }
7915 /*
7916 * Check if this is an address assigned on-link i.e. neighbor,
7917 * and makes sure it's reachable from the current zone.
7918 * Returns true for my addresses as well.
7919 * Translates mapped addresses to v4 addresses and then
7920 * treats them as such, returning true if the v4 address
7921 * associated with this mapped address is configured.
7922 * Note: Applications will have to be careful what they do
7923 * with the response; use of mapped addresses limits
7924 * what can be done with the socket, especially with
7925 * respect to socket options and ioctls - neither IPv4
7926 * options nor IPv6 sticky options/ancillary data options
7927 * may be used.
7928 */
7929 /* ARGSUSED */
7930 int
7933 {
7938 zoneid_t zoneid;
7947 /* Existence verified in ip_wput_nondata */
7952 /*
7953 * We check for IRE_ONLINK and exclude IRE_BROADCAST|IRE_MULTICAST
7954 * to make sure we only look at on-link unicast address.
7955 */
7961 ipaddr_t v4_addr;
7964 v4_addr);
7968 NULL);
7969 }
7971 in6_addr_t v6addr;
7977 NULL);
7978 }
7979 }
7981 }
7983 ipaddr_t v4addr;
7989 }
7991 }
7994 }
8003 }
8005 }
8007 /*
8008 * TBD: implement when kernel maintaines a list of site prefixes.
8009 */
8010 /* ARGSUSED */
8011 int
8014 {
8016 }
8018 /* ARP IOCTLs. */
8019 /* ARGSUSED */
8020 int
8023 {
8025 ipaddr_t ipaddr;
8047 /* We have a chain - M_IOCTL-->MI_COPY_MBLK-->XARPREQ_MBLK */
8054 /*
8055 * Validate against user's link layer address length
8056 * input and name and addr length limits.
8057 */
8064 }
8066 /* We have a chain - M_IOCTL-->MI_COPY_MBLK-->ARPREQ_MBLK */
8072 /*
8073 * Theoretically, the sa_family could tell us what link
8074 * layer type this operation is trying to deal with. By
8075 * common usage AF_UNSPEC means ethernet. We'll assume
8076 * any attempt to use the SIOC?ARP ioctls is for ethernet,
8077 * for now. Our new SIOC*XARP ioctls can be used more
8078 * generally.
8079 *
8080 * If the underlying media happens to have a non 6 byte
8081 * address, arp module will fail set/get, but the del
8082 * operation will succeed.
8083 */
8088 }
8089 }
8091 /* Translate ATF* flags to NCE* flags */
8100 /*
8101 * IPMP ARP special handling:
8102 *
8103 * 1. Since ARP mappings must appear consistent across the group,
8104 * prohibit changing ARP mappings on the underlying interfaces.
8105 *
8106 * 2. Since ARP mappings for IPMP data addresses are maintained by
8107 * IP itself, prohibit changing them.
8108 *
8109 * 3. For proxy ARP, use a functioning hardware address in the group,
8110 * provided one exists. If one doesn't, just add the entry as-is;
8111 * ipmp_illgrp_refresh_arpent() will refresh it if things change.
8112 */
8116 }
8130 }
8131 /* FALLTHRU */
8132 }
8133 }
8136 /*
8137 * don't match across illgrp per case (1) and (2).
8138 * XXX use IS_IPMP(ill) like ndp_sioc_update?
8139 */
8147 /*
8148 * Delete the NCE if any.
8149 */
8153 }
8154 /* Don't allow changes to arp mappings of local addresses. */
8158 }
8161 /*
8162 * Delete the nce_common which has ncec_ill set to ipmp_ill.
8163 * This will delete all the nce entries on the under_ills.
8164 */
8166 /*
8167 * Once the NCE has been deleted, then the ire_dep* consistency
8168 * mechanism will find any IRE which depended on the now
8169 * condemned NCE (as part of sending packets).
8170 * That mechanism handles redirects by deleting redirects
8171 * that refer to UNREACHABLE nces.
8172 */
8174 }
8184 }
8188 /* Don't allow changes to arp mappings of local addresses. */
8192 }
8194 /* static arp entries will undergo NUD if ATF_PERM is not set */
8205 }
8206 }
8210 }
8211 /*
8212 * NCE_F_STATIC entries will be added in state ND_REACHABLE
8213 * by nce_add_common()
8214 */
8226 }
8230 }
8234 flags);
8238 }
8239 }
8241 }
8245 }
8247 /*
8248 * If we created an IPMP ARP entry, mark that we've notified ARP.
8249 */
8254 }
8256 /*
8257 * Parse an [x]arpreq structure coming down SIOC[GSD][X]ARP ioctls, identify
8258 * the associated sin and refhold and return the associated ipif via `ci'.
8259 */
8260 int
8263 {
8270 boolean_t exists;
8276 /* ioctl comes down on a conn */
8284 /* Verified in ip_wput_nondata */
8302 }
8312 }
8314 /*
8315 * Either an SIOC[DGS]ARP or an SIOC[DGS]XARP with an sdl_nlen
8316 * of 0: use the IP address to find the ipif. If the IP
8317 * address is an IPMP test address, ire_ftable_lookup() will
8318 * find the wrong ill, so we first do an ipif_lookup_addr().
8319 */
8321 ipst);
8330 }
8335 }
8336 }
8341 }
8346 }
8348 /*
8349 * Link or unlink the illgrp on IPMP meta-interface `ill' depending on the
8350 * value of `ioccmd'. While an illgrp is linked to an ipmp_grp_t, it is
8351 * accessible from that ipmp_grp_t, which means SIOCSLIFGROUPNAME can look it
8352 * up and thus an ill can join that illgrp.
8353 *
8354 * We use I_PLINK/I_PUNLINK to do the link/unlink operations rather than
8355 * open()/close() primarily because close() is not allowed to fail or block
8356 * forever. On the other hand, I_PUNLINK *can* fail, and there's no reason
8357 * why anyone should ever need to I_PUNLINK an in-use IPMP stream. To ensure
8358 * symmetric behavior (e.g., doing an I_PLINK after and I_PUNLINK undoes the
8359 * I_PUNLINK) we defer linking to I_PLINK. Separately, we also fail attempts
8360 * to I_LINK since I_UNLINK is optional and we'd end up in an inconsistent
8361 * state if I_UNLINK didn't occur.
8362 *
8363 * Note that for each plumb/unplumb operation, we may end up here more than
8364 * once because of the way ifconfig works. However, it's OK to link the same
8365 * illgrp more than once, or unlink an illgrp that's already unlinked.
8366 */
8367 static int
8369 {
8387 /*
8388 * Require all UP ipifs be brought down prior to unlinking the
8389 * illgrp so any associated IREs (and other state) is torched.
8390 */
8394 /*
8395 * NOTE: We hold ipmp_lock across the unlink to prevent a race
8396 * with an SIOCSLIFGROUPNAME request from an ill trying to
8397 * join this group. Specifically: ills trying to join grab
8398 * ipmp_lock and bump a "pending join" counter checked by
8399 * ipmp_illgrp_unlink_grp(). During the unlink no new pending
8400 * joins can occur (since we have ipmp_lock). Once we drop
8401 * ipmp_lock, subsequent SIOCSLIFGROUPNAME requests will not
8402 * find the illgrp (since we unlinked it) and will return
8403 * EAFNOSUPPORT. This will then take them back through the
8404 * IPMP meta-interface plumbing logic in ifconfig, and thus
8405 * back through I_PLINK above.
8406 */
8413 }
8415 }
8417 /*
8418 * Do I_PLINK/I_LINK or I_PUNLINK/I_UNLINK with consistency checks and also
8419 * atomically set/clear the muxids. Also complete the ioctl by acking or
8420 * naking it. Note that the code is structured such that the link type,
8421 * whether it's persistent or not, is treated equally. ifconfig(8) and
8422 * its clones use the persistent link, while pppd(8) and perhaps many
8423 * other daemons may use non-persistent link. When combined with some
8424 * ill_t states, linking and unlinking lower streams may be used as
8425 * indicators of dynamic re-plumbing events [see PSARC/1999/348].
8426 */
8427 /* ARGSUSED */
8428 void
8430 {
8447 else
8450 /* Conn was refheld in ip_sioctl_copyin_setup */
8454 }
8455 }
8457 /*
8458 * Process I_{P}LINK and I_{P}UNLINK requests named by `ioccmd' and pointed to
8459 * by `mp' and `li' for the IP module stream (if li->q_bot is in fact an IP
8460 * module stream).
8461 * Returns zero on success, EINPROGRESS if the operation is still pending, or
8462 * an error code on failure.
8463 */
8464 static int
8467 {
8478 /*
8479 * Walk the lower stream to verify it's the IP module stream.
8480 * The IP module is identified by its name, wput function,
8481 * and non-NULL q_next. STREAMS ensures that the lower stream
8482 * (li->l_qbot) will not vanish until this ioctl completes.
8483 */
8491 }
8495 }
8496 }
8498 /*
8499 * If this isn't an IP module stream, bail.
8500 */
8511 }
8521 }
8523 }
8528 /*
8529 * Plumbing has to be done with IP plumbed first, arp
8530 * second, but here we have arp being plumbed first.
8531 */
8537 }
8538 }
8544 }
8549 /*
8550 * As part of I_{P}LINKing, stash the number of downstream modules and
8551 * the read queue of the module immediately below IP in the ill.
8552 * These are used during the capability negotiation below.
8553 */
8560 }
8564 /*
8565 * Mark the ipsq busy until the capability operations initiated below
8566 * complete. The PLINK/UNLINK ioctl itself completes when our caller
8567 * returns, but the capability operation may complete asynchronously
8568 * much later.
8569 */
8571 /*
8572 * If there's at least one up ipif on this ill, then we're bound to
8573 * the underlying driver via DLPI. In that case, renegotiate
8574 * capabilities to account for any possible change in modules
8575 * interposed between IP and the driver.
8576 */
8580 else
8582 }
8584 done:
8589 }
8591 /*
8592 * Search the ioctl command in the ioctl tables and return a pointer
8593 * to the ioctl command information. The ioctl command tables are
8594 * static and fully populated at compile time.
8595 */
8596 ip_ioctl_cmd_t *
8598 {
8606 /*
8607 * Do a 2 step search. First search the indexed table
8608 * based on the least significant byte of the ioctl cmd.
8609 * If we don't find a match, then search the misc table
8610 * serially.
8611 */
8616 /* Found a match in the ndx table */
8618 }
8619 }
8621 /* Search the misc table */
8625 /* Found a match in the misc table */
8627 }
8630 }
8632 /*
8633 * helper function for ip_sioctl_getsetprop(), which does some sanity checks
8634 */
8635 static boolean_t
8637 {
8640 /*
8641 * One can either reset the value to it's default value or
8642 * change the current value or append/remove the value from
8643 * a multi-valued properties.
8644 */
8653 /*
8654 * One can retrieve only one kind of property information
8655 * at a time.
8656 */
8662 }
8665 }
8667 /*
8668 * process the SIOC{SET|GET}PROP ioctl's
8669 */
8670 /* ARGSUSED */
8671 int
8674 {
8682 boolean_t set;
8715 }
8735 }
8738 }
8740 /*
8741 * process the legacy ND_GET, ND_SET ioctl just for {ip|ip6}_forwarding
8742 * as several routing daemons have unfortunately used this 'unpublished'
8743 * but well-known ioctls.
8744 */
8745 /* ARGSUSED */
8746 static void
8748 {
8763 }
8778 }
8788 }
8791 /*
8792 * buffer will have property name and value in the following
8793 * format,
8794 * <property name>'\0'<property value>'\0', extract them;
8795 */
8797 noop;
8805 }
8810 }
8812 }
8814 /*
8815 * Wrapper function for resuming deferred ioctl processing
8816 * Used for SIOCGDSTINFO, SIOCGIP6ADDRPOLICY, SIOCGMSFILTER,
8817 * SIOCSMSFILTER, SIOCGIPMSFILTER, and SIOCSIPMSFILTER currently.
8818 */
8819 /* ARGSUSED */
8820 void
8823 {
8825 }
8827 /*
8828 * ip_sioctl_copyin_setup is called by ip_wput_nondata with any M_IOCTL message
8829 * that arrives. Most of the IOCTLs are "socket" IOCTLs which we handle
8830 * in either I_STR or TRANSPARENT form, using the mi_copy facility.
8831 * We establish here the size of the block to be copied in. mi_copyin
8832 * arranges for this to happen, an processing continues in ip_wput_nondata with
8833 * an M_IOCDATA message.
8834 */
8835 void
8837 {
8846 else
8851 /*
8852 * The ioctl is not one we understand or own.
8853 * Pass it along to be processed down stream,
8854 * if this is a module instance of IP, else nak
8855 * the ioctl.
8856 */
8862 }
8863 }
8865 /*
8866 * If this is deferred, then we will do all the checks when we
8867 * come back.
8868 */
8873 }
8875 /*
8876 * Only allow a very small subset of IP ioctls on this stream if
8877 * IP is a module and not a driver. Allowing ioctls to be processed
8878 * in this case may cause assert failures or data corruption.
8879 * Typically G[L]IFFLAGS, SLIFNAME/IF_UNITSEL are the only few
8880 * ioctls allowed on an IP module stream, after which this stream
8881 * normally becomes a multiplexor (at which time the stream head
8882 * will fail all ioctls).
8883 */
8886 }
8888 /* Make sure we have ioctl data to process. */
8892 /*
8893 * Prefer dblk credential over ioctl credential; some synthesized
8894 * ioctls have kcred set because there's no way to crhold()
8895 * a credential in some contexts. (ioc_cr is not crfree() by
8896 * the framework; the caller of ioctl needs to hold the reference
8897 * for the duration of the call).
8898 */
8903 /* Make sure normal users don't send down privileged ioctls */
8906 /* We checked the privilege earlier but log it here */
8909 }
8911 /*
8912 * The ioctl command tables can only encode fixed length
8913 * ioctl data. If the length is variable, the table will
8914 * encode the length as zero. Such special cases are handled
8915 * below in the switch.
8916 */
8920 }
8925 /*
8926 * This IOCTL is hilarious. See comments in
8927 * ip_sioctl_get_ifconf for the story.
8928 */
8932 else
8971 /*
8972 * We treat non-persistent link similarly as the persistent
8973 * link case, in terms of plumbing/unplumbing, as well as
8974 * dynamic re-plumbing events indicator. See comments
8975 * in ip_sioctl_plink() for more.
8976 *
8977 * Request can be enqueued in the 'ipsq' while waiting
8978 * to become exclusive. So bump up the conn ref.
8979 */
8983 }
8992 /* The ioctl length varies depending on the ILB command. */
9002 /* FALLTHRU */
9003 }
9004 nak:
9008 }
9013 }
9015 static void
9017 {
9042 }
9044 /*
9045 * We're done if this is not an SIOCG{X}ARP
9046 */
9053 }
9054 }
9056 /*
9057 * If /sbin/arp told us we are the authority using the "permanent"
9058 * flag, or if this is one of my addresses print "permanent"
9059 * in the /sbin/arp output.
9060 */
9070 }
9071 }
9073 /*
9074 * Create a new logical interface. If ipif_id is zero (i.e. not a logical
9075 * interface) create the next available logical interface for this
9076 * physical interface.
9077 * If ipif is NULL (i.e. the lookup didn't find one) attempt to create an
9078 * ipif with the specified name.
9079 *
9080 * If the address family is not AF_UNSPEC then set the address as well.
9081 *
9082 * If ip_sioctl_addr returns EINPROGRESS then the ioctl (the copyout)
9083 * is completed when the DL_BIND_ACK arrive in ip_rput_dlpi_writer.
9084 *
9085 * Executed as a writer on the ill.
9086 * So no lock is needed to traverse the ipif chain, or examine the
9087 * phyint flags.
9088 */
9089 /* ARGSUSED */
9090 int
9093 {
9096 boolean_t isv6;
9097 boolean_t exists;
9110 zoneid_t zoneid;
9115 /* Existence of mp1 has been checked in ip_wput_nondata */
9117 /*
9118 * Null terminate the string to protect against buffer
9119 * overrun. String was generated by user code and may not
9120 * be trusted.
9121 */
9136 /*
9137 * Allow creating lo0 using SIOCLIFADDIF.
9138 * can't be any other writer thread. So can pass null below
9139 * for the last 4 args to ipif_lookup_name.
9140 */
9143 /* Prevent any further action */
9147 /* We created the ipif now and as writer */
9154 }
9156 /* Look for a colon in the name. */
9161 /*
9162 * Reject any non-decimal aliases for plumbing
9163 * of logical interfaces. Aliases with leading
9164 * zeroes are also rejected as they introduce
9165 * ambiguity in the naming of the interfaces.
9166 * Comparing with "0" takes care of all such
9167 * cases.
9168 */
9175 }
9178 }
9179 }
9185 }
9188 B_TRUE);
9190 /*
9191 * Release the refhold due to the lookup, now that we are excl
9192 * or we are just returning
9193 */
9199 /* We are now exclusive on the IPSQ */
9203 /* Now see if there is an IPIF with this unit number. */
9209 }
9210 }
9211 }
9213 /*
9214 * We use IRE_LOCAL for lo0:1 etc. for "receive only" use
9215 * of lo0. Plumbing for lo0:0 happens in ipif_lookup_on_name()
9216 * instead.
9217 */
9221 }
9223 /* Return created name with ioctl */
9228 /* Set address */
9233 }
9235 done:
9238 }
9240 /*
9241 * Remove an existing logical interface. If ipif_id is zero (i.e. not a logical
9242 * interface) delete it based on the IP address (on this physical interface).
9243 * Otherwise delete it based on the ipif_id.
9244 * Also, special handling to allow a removeif of lo0.
9245 */
9246 /* ARGSUSED */
9247 int
9250 {
9253 boolean_t success;
9264 /*
9265 * Special case for unplumbing lo0 (the loopback physical interface).
9266 * If unplumbing lo0, the incoming address structure has been
9267 * initialized to all zeros. When unplumbing lo0, all its logical
9268 * interfaces must be removed too.
9269 *
9270 * Note that this interface may be called to remove a specific
9271 * loopback logical interface (eg, lo0:1). But in that case
9272 * ipif->ipif_id != 0 so that the code path for that case is the
9273 * same as any other interface (meaning it skips the code directly
9274 * below).
9275 */
9279 /*
9280 * Mark it condemned. No new ref. will be made to ill.
9281 */
9287 }
9291 /* unplumb the loopback interface */
9296 /* Are any references to this ill active */
9303 }
9310 else
9312 }
9313 }
9318 /* Find based on address */
9326 /* We are a writer, so we should be able to lookup */
9328 ipst);
9333 /* We are a writer, so we should be able to lookup */
9335 ipst);
9336 }
9339 }
9341 /*
9342 * It is possible for a user to send an SIOCLIFREMOVEIF with
9343 * lifr_name of the physical interface but with an ip address
9344 * lifr_addr of a logical interface plumbed over it.
9345 * So update ipx_current_ipif now that ipif points to the
9346 * correct one.
9347 */
9351 /* This is a writer */
9353 }
9355 /*
9356 * Can not delete instance zero since it is tied to the ill.
9357 */
9370 /* Are any references to this ipif active */
9378 }
9380 IPIF_FREE);
9385 else
9387 }
9389 /*
9390 * Restart the removeif ioctl. The refcnt has gone down to 0.
9391 * The ipif is already condemned. So can't find it thru lookups.
9392 */
9393 /* ARGSUSED */
9394 int
9397 {
9411 }
9418 }
9420 /*
9421 * Set the local interface address using the given prefix and ill_token.
9422 */
9423 /* ARGSUSED */
9424 int
9427 {
9429 in6_addr_t v6addr;
9459 }
9461 /*
9462 * Restart entry point to restart the address set operation after the
9463 * refcounts have dropped to zero.
9464 */
9465 /* ARGSUSED */
9466 int
9469 {
9473 }
9475 /*
9476 * Set the local interface address.
9477 * Allow an address of all zero when the interface is down.
9478 */
9479 /* ARGSUSED */
9480 int
9483 {
9485 in6_addr_t v6addr;
9507 /*
9508 * Enforce that true multicast interfaces have a link-local
9509 * address for logical unit 0.
9510 *
9511 * However for those ipif's for which link-local address was
9512 * not created by default, also allow setting :: as the address.
9513 * This scenario would arise, when we delete an address on ipif
9514 * with logical unit 0, we would want to set :: as the address.
9515 */
9522 /*
9523 * if default link-local was not created by kernel for
9524 * this ill, allow setting :: as the address on ipif:0.
9525 */
9531 }
9532 }
9534 /*
9535 * up interfaces shouldn't have the unspecified address
9536 * unless they also have the IPIF_NOLOCAL flags set and
9537 * have a subnet assigned.
9538 */
9544 }
9549 ipaddr_t addr;
9556 /* Allow INADDR_ANY as the local address. */
9562 }
9563 /*
9564 * verify that the address being configured is permitted by the
9565 * ill_allowed_ips[] for the interface.
9566 */
9572 }
9576 }
9577 }
9578 /*
9579 * Even if there is no change we redo things just to rerun
9580 * ipif_set_default.
9581 */
9583 /*
9584 * Setting a new local address, make sure
9585 * we have net and subnet bcast ire's for
9586 * the old address if we need them.
9587 */
9588 /*
9589 * If the interface is already marked up,
9590 * we call ipif_down which will take care
9591 * of ditching any IREs that have been set
9592 * up based on the old interface address.
9593 */
9599 }
9603 }
9605 int
9607 boolean_t need_up)
9608 {
9609 in6_addr_t v6addr;
9610 in6_addr_t ov6addr;
9611 ipaddr_t addr;
9616 boolean_t need_dl_down;
9617 boolean_t need_arp_down;
9626 /* Must cancel any pending timer before taking the ill_lock */
9639 }
9648 /*
9649 * If the interface was previously marked as a duplicate, then since
9650 * we've now got a "new" address, it should no longer be considered a
9651 * duplicate -- even if the "new" address is the same as the old one.
9652 * Note that if all ipifs are down, we may have a pending ARP down
9653 * event to handle. This is because we want to recover from duplicates
9654 * and thus delay tearing down ARP until the duplicates have been
9655 * removed or disabled.
9656 */
9664 }
9665 }
9669 /*
9670 * If we've just manually set the IPv6 link-local address (0th ipif),
9671 * tag the ill so that future updates to the interface ID don't result
9672 * in this address getting automatically reconfigured from under the
9673 * administrator.
9674 */
9679 }
9681 /*
9682 * When publishing an interface address change event, we only notify
9683 * the event listeners of the new address. It is assumed that if they
9684 * actively care about the addresses assigned that they will have
9685 * already discovered the previous address assigned (if there was one.)
9686 *
9687 * Don't attach nic event message for SIOCLIFADDIF ioctl.
9688 */
9692 }
9697 /*
9698 * Now bring the interface back up. If this
9699 * is the only IPIF for the ILL, ipif_up
9700 * will have to re-bind to the device, so
9701 * we may get back EINPROGRESS, in which
9702 * case, this IOCTL will get completed in
9703 * ip_rput_dlpi when we see the DL_BIND_ACK.
9704 */
9707 /* Perhaps ilgs should use this ill */
9709 }
9717 /*
9718 * The default multicast interface might have changed (for
9719 * instance if the IPv6 scope of the address changed)
9720 */
9724 }
9726 /*
9727 * Restart entry point to restart the address set operation after the
9728 * refcounts have dropped to zero.
9729 */
9730 /* ARGSUSED */
9731 int
9734 {
9740 }
9742 /* ARGSUSED */
9743 int
9746 {
9752 /*
9753 * The net mask and address can't change since we have a
9754 * reference to the ipif. So no lock is necessary.
9755 */
9763 }
9774 }
9775 }
9777 }
9779 /*
9780 * Set the destination address for a pt-pt interface.
9781 */
9782 /* ARGSUSED */
9783 int
9786 {
9788 in6_addr_t v6addr;
9807 ipaddr_t addr;
9816 }
9819 }
9825 /*
9826 * If the interface is already marked up,
9827 * we call ipif_down which will take care
9828 * of ditching any IREs that have been set
9829 * up based on the old pp dst address.
9830 */
9836 }
9837 /*
9838 * could return EINPROGRESS. If so ioctl will complete in
9839 * ip_rput_dlpi_writer
9840 */
9843 }
9845 static int
9847 boolean_t need_up)
9848 {
9849 in6_addr_t v6addr;
9852 boolean_t need_dl_down;
9853 boolean_t need_arp_down;
9858 /* Must cancel any pending timer before taking the ill_lock */
9869 ipaddr_t addr;
9873 }
9875 /* Set point to point destination address. */
9877 /*
9878 * Allow this as a means of creating logical
9879 * pt-pt interfaces on top of e.g. an Ethernet.
9880 * XXX Undocumented HACK for testing.
9881 * pt-pt interfaces are created with NUD disabled.
9882 */
9887 }
9889 /*
9890 * If the interface was previously marked as a duplicate, then since
9891 * we've now got a "new" address, it should no longer be considered a
9892 * duplicate -- even if the "new" address is the same as the old one.
9893 * Note that if all ipifs are down, we may have a pending ARP down
9894 * event to handle.
9895 */
9903 }
9904 }
9906 /*
9907 * If we've just manually set the IPv6 destination link-local address
9908 * (0th ipif), tag the ill so that future updates to the destination
9909 * interface ID (as can happen with interfaces over IP tunnels) don't
9910 * result in this address getting automatically reconfigured from
9911 * under the administrator.
9912 */
9916 /* Set the new address. */
9918 /* Make sure subnet tracks pp_dst */
9923 /*
9924 * Now bring the interface back up. If this
9925 * is the only IPIF for the ILL, ipif_up
9926 * will have to re-bind to the device, so
9927 * we may get back EINPROGRESS, in which
9928 * case, this IOCTL will get completed in
9929 * ip_rput_dlpi when we see the DL_BIND_ACK.
9930 */
9932 }
9940 }
9942 /*
9943 * Restart entry point to restart the dstaddress set operation after the
9944 * refcounts have dropped to zero.
9945 */
9946 /* ARGSUSED */
9947 int
9950 {
9955 }
9957 /* ARGSUSED */
9958 int
9961 {
9966 /*
9967 * Get point to point destination address. The addresses can't
9968 * change since we hold a reference to the ipif.
9969 */
9982 }
9984 }
9986 /*
9987 * Check which flags will change by the given flags being set
9988 * silently ignore flags which userland is not allowed to control.
9989 * (Because these flags may change between SIOCGLIFFLAGS and
9990 * SIOCSLIFFLAGS, and that's outside of userland's control,
9991 * we need to silently ignore them rather than fail.)
9992 */
9993 static void
9996 {
10011 }
10013 /*
10014 * Set interface flags. Many flags require special handling (e.g.,
10015 * bringing the interface down); see below for details.
10016 *
10017 * NOTE : We really don't enforce that ipif_id zero should be used
10018 * for setting any flags other than IFF_LOGINT_FLAGS. This
10019 * is because applications generally does SICGLIFFLAGS and
10020 * ORs in the new flags (that affects the logical) and does a
10021 * SIOCSLIFFLAGS. Thus, "flags" below could contain bits other
10022 * than IFF_LOGINT_FLAGS. One could check whether "turn_on" - the
10023 * flags that will be turned on is correct with respect to
10024 * ipif_id 0. For backward compatibility reasons, it is not done.
10025 */
10026 /* ARGSUSED */
10027 int
10030 {
10058 }
10062 /*
10063 * Have the flags been set correctly until now?
10064 */
10068 /*
10069 * Compare the new flags to the old, and partition
10070 * into those coming on and those going off.
10071 * For the 16 bit command keep the bits above bit 16 unchanged.
10072 */
10076 /*
10077 * Explicitly fail attempts to change flags that are always invalid on
10078 * an IPMP meta-interface.
10079 */
10087 /*
10088 * All test addresses must be IFF_DEPRECATED (to ensure source address
10089 * selection avoids them) -- so force IFF_DEPRECATED on, and do not
10090 * allow it to be turned off.
10091 */
10099 /*
10100 * Only vrrp control socket is allowed to change IFF_UP and
10101 * IFF_NOACCEPT flags when IFF_VRRP is set.
10102 */
10106 }
10108 /*
10109 * The IFF_NOACCEPT flag can only be set on an IFF_VRRP IP address by
10110 * VRRP control socket.
10111 */
10115 }
10120 }
10122 /*
10123 * On underlying interfaces, only allow applications to manage test
10124 * addresses -- otherwise, they may get confused when the address
10125 * moves as part of being brought up. Likewise, prevent an
10126 * application-managed test address from being converted to a data
10127 * address. To prevent migration of administratively up addresses in
10128 * the kernel, we don't allow them to be converted either.
10129 */
10139 }
10141 /*
10142 * Only allow IFF_TEMPORARY flag to be set on
10143 * IPv6 interfaces.
10144 */
10148 /*
10149 * cannot turn off IFF_NOXMIT on VNI interfaces.
10150 */
10154 /*
10155 * Don't allow the IFF_ROUTER flag to be turned on on loopback
10156 * interfaces. It makes no sense in that context.
10157 */
10161 /*
10162 * For IPv6 ipif_id 0, don't allow the interface to be up without
10163 * a link local address if IFF_NOLOCAL or IFF_ANYCAST are not set.
10164 * If the link local address isn't set, and can be set, it will get
10165 * set later on in this function.
10166 */
10173 }
10175 /*
10176 * If we modify physical interface flags, we'll potentially need to
10177 * send up two routing socket messages for the changes (one for the
10178 * IPv4 ill, and another for the IPv6 ill). Note that here.
10179 */
10183 /*
10184 * All functioning PHYI_STANDBY interfaces start life PHYI_INACTIVE
10185 * (otherwise, we'd immediately use them, defeating standby). Also,
10186 * since PHYI_INACTIVE has a separate meaning when PHYI_STANDBY is not
10187 * set, don't allow PHYI_STANDBY to be set if PHYI_INACTIVE is already
10188 * set, and clear PHYI_INACTIVE if PHYI_STANDBY is being cleared. We
10189 * also don't allow PHYI_STANDBY if VNI is enabled since its semantics
10190 * will not be honored.
10191 */
10193 /*
10194 * No need to grab ill_g_usesrc_lock here; see the
10195 * synchronization notes in ip.c.
10196 */
10203 }
10204 }
10209 }
10211 /*
10212 * PHYI_FAILED and PHYI_INACTIVE are mutually exclusive; fail if both
10213 * would end up on.
10214 */
10219 /*
10220 * If ILLF_ROUTER changes, we need to change the ip forwarding
10221 * status of the interface.
10222 */
10227 }
10229 /*
10230 * If the interface is not UP and we are not going to
10231 * bring it UP, record the flags and return. When the
10232 * interface comes UP later, the right actions will be
10233 * taken.
10234 */
10237 /* Record new flags in their respective places. */
10249 /*
10250 * PHYI_FAILED, PHYI_INACTIVE, and PHYI_OFFLINE are all the
10251 * same to the kernel: if any of them has been set by
10252 * userland, the interface cannot be used for data traffic.
10253 */
10257 /*
10258 * It's possible the ill is part of an "anonymous"
10259 * IPMP group rather than a real group. In that case,
10260 * there are no other interfaces in the group and thus
10261 * no need to call ipmp_phyint_refresh_active().
10262 */
10265 }
10271 }
10275 }
10276 }
10277 /* The default multicast interface might have changed */
10287 }
10289 /*
10290 * Disallow IPv6 interfaces coming up that have the unspecified address,
10291 * or point-to-point interfaces with an unspecified destination. We do
10292 * allow the address to be unspecified for IPIF_NOLOCAL interfaces that
10293 * have a subnet assigned, which is how in.ndpd currently manages its
10294 * onlink prefix list when no addresses are configured with those
10295 * prefixes.
10296 */
10304 }
10306 /*
10307 * Prevent IPv4 point-to-point interfaces with a 0.0.0.0 destination
10308 * from being brought up.
10309 */
10314 }
10316 /*
10317 * If we are going to change one or more of the flags that are
10318 * IPIF_UP, IPIF_DEPRECATED, IPIF_NOXMIT, IPIF_NOLOCAL, ILLF_NOARP,
10319 * ILLF_NONUD, IPIF_PRIVATE, IPIF_ANYCAST, IPIF_PREFERRED, and
10320 * IPIF_NOFAILOVER, we will take special action. This is
10321 * done by bring the ipif down, changing the flags and bringing
10322 * it back up again. For IPIF_NOFAILOVER, the act of bringing it
10323 * back up will trigger the address to be moved.
10324 *
10325 * If we are going to change IFF_NOACCEPT, we need to bring
10326 * all the ipifs down then bring them up again. The act of
10327 * bringing all the ipifs back up will trigger the local
10328 * ires being recreated with "no_accept" set/cleared.
10329 *
10330 * Note that ILLF_NOACCEPT is always set separately from the
10331 * other flags.
10332 */
10336 IPIF_NOFAILOVER)) {
10337 /*
10338 * ipif_down() will ire_delete bcast ire's for the subnet,
10339 * while the ire_identical_ref tracks the case of IRE_BROADCAST
10340 * entries shared between multiple ipifs on the same subnet.
10341 */
10347 }
10354 /*
10355 * If we can quiesce the ill, then continue. If not, then
10356 * ip_sioctl_flags_tail() will be called from
10357 * ipif_ill_refrele_tail().
10358 */
10364 boolean_t success;
10371 }
10374 }
10376 }
10378 static int
10380 {
10398 /*
10399 * IFF_UP is handled separately.
10400 */
10407 /*
10408 * Now we change the flags. Track current value of
10409 * other flags in their respective places.
10410 */
10422 }
10430 /*
10431 * PHYI_FAILED, PHYI_INACTIVE, and PHYI_OFFLINE are all the same to
10432 * the kernel: if any of them has been set by userland, the interface
10433 * cannot be used for data traffic.
10434 */
10437 /*
10438 * It's possible the ill is part of an "anonymous" IPMP group
10439 * rather than a real group. In that case, there are no other
10440 * interfaces in the group and thus no need for us to call
10441 * ipmp_phyint_refresh_active().
10442 */
10445 }
10448 /*
10449 * If the ILLF_NOACCEPT flag is changed, bring up all the
10450 * ipifs that were brought down.
10451 *
10452 * The routing sockets messages are sent as the result
10453 * of ill_up_ipifs(), further, SCTP's IPIF list was updated
10454 * as well.
10455 */
10458 /*
10459 * XXX ipif_up really does not know whether a phyint flags
10460 * was modified or not. So, it sends up information on
10461 * only one routing sockets message. As we don't bring up
10462 * the interface and also set PHYI_ flags simultaneously
10463 * it should be okay.
10464 */
10467 /*
10468 * Make sure routing socket sees all changes to the flags.
10469 * ipif_up_done* handles this when we use ipif_up.
10470 */
10475 }
10479 }
10482 }
10483 /*
10484 * Update the flags in SCTP's IPIF list, ipif_up() will do
10485 * this in need_up case.
10486 */
10488 }
10490 /* The default multicast interface might have changed */
10493 }
10495 /*
10496 * Restart the flags operation now that the refcounts have dropped to zero.
10497 */
10498 /* ARGSUSED */
10499 int
10502 {
10512 /* cast to uint16_t prevents unwanted sign extension */
10516 }
10518 /*
10519 * If this function call is a result of the ILLF_NOACCEPT flag
10520 * change, do not call ipif_down_tail(). See ip_sioctl_flags().
10521 */
10527 }
10529 /*
10530 * Can operate on either a module or a driver queue.
10531 */
10532 /* ARGSUSED */
10533 int
10536 {
10537 /*
10538 * Has the flags been set correctly till now ?
10539 */
10549 /*
10550 * Need a lock since some flags can be set even when there are
10551 * references to the ipif.
10552 */
10557 /* Get interface flags (low 16 only). */
10563 /* Get interface flags. */
10566 }
10569 }
10571 /*
10572 * We allow the MTU to be set on an ILL, but not have it be different
10573 * for different IPIFs since we don't actually send packets on IPIFs.
10574 */
10575 /* ARGSUSED */
10576 int
10579 {
10594 }
10595 /* Only allow for logical unit zero i.e. not on "bge0:17" */
10602 else
10609 }
10610 /* Avoid increasing ill_mc_mtu */
10614 /*
10615 * The dce and fragmentation code can handle changes to ill_mtu
10616 * concurrent with sending/fragmenting packets.
10617 */
10622 /*
10623 * Make sure all dce_generation checks find out
10624 * that ill_mtu/ill_mc_mtu has changed.
10625 */
10628 /*
10629 * Refresh IPMP meta-interface MTU if necessary.
10630 */
10634 /* Update the MTU in SCTP's list */
10637 }
10639 /* Get interface MTU. */
10640 /* ARGSUSED */
10641 int
10644 {
10651 /*
10652 * We allow a get on any logical interface even though the set
10653 * can only be done on logical unit 0.
10654 */
10661 }
10663 }
10665 /* Set interface broadcast address. */
10666 /* ARGSUSED2 */
10667 int
10670 {
10671 ipaddr_t addr;
10691 /*
10692 * If we are already up, make sure the new
10693 * broadcast address makes sense. If it does,
10694 * there should be an IRE for it already.
10695 */
10703 }
10704 }
10705 /*
10706 * Changing the broadcast addr for this ipif. Since the IRE_BROADCAST
10707 * needs to already exist we never need to change the set of
10708 * IRE_BROADCASTs when we are UP.
10709 */
10714 }
10716 /* Get interface broadcast address. */
10717 /* ARGSUSED */
10718 int
10721 {
10727 /* IPIF_BROADCAST not possible with IPv6 */
10733 }
10735 /*
10736 * This routine is called to handle the SIOCS*IFNETMASK IOCTL.
10737 */
10738 /* ARGSUSED */
10739 int
10742 {
10744 in6_addr_t v6mask;
10760 ipaddr_t mask;
10769 }
10771 /*
10772 * No big deal if the interface isn't already up, or the mask
10773 * isn't really changing, or this is pt-pt.
10774 */
10783 }
10785 }
10786 /*
10787 * Make sure we have valid net and subnet broadcast ire's
10788 * for the old netmask, if needed by other logical interfaces.
10789 */
10796 }
10798 static int
10800 {
10801 in6_addr_t v6mask;
10813 ipaddr_t mask;
10817 }
10823 }
10827 /*
10828 * The interface must be DL_BOUND if this packet has to
10829 * go out on the wire. Since we only go through a logical
10830 * down and are bound with the driver during an internal
10831 * down/up that is satisfied.
10832 */
10834 /* Potentially broadcast an address mask reply. */
10836 }
10837 }
10839 }
10841 /* ARGSUSED */
10842 int
10845 {
10850 }
10852 /* Get interface net mask. */
10853 /* ARGSUSED */
10854 int
10857 {
10864 /*
10865 * net mask can't change since we have a reference to the ipif.
10866 */
10881 }
10882 }
10884 }
10886 /* ARGSUSED */
10887 int
10890 {
10894 /*
10895 * Since no applications should ever be setting metrics on underlying
10896 * interfaces, we explicitly fail to smoke 'em out.
10897 */
10901 /*
10902 * Set interface metric. We don't use this for
10903 * anything but we keep track of it in case it is
10904 * important to routing applications or such.
10905 */
10916 }
10918 }
10920 /* ARGSUSED */
10921 int
10924 {
10925 /* Get interface metric. */
10939 }
10942 }
10944 /* ARGSUSED */
10945 int
10948 {
10953 /*
10954 * Set the muxid returned from I_PLINK.
10955 */
10966 }
10969 }
10971 /* ARGSUSED */
10972 int
10975 {
10980 /*
10981 * Get the muxid saved in ill for I_PUNLINK.
10982 */
10994 }
10996 }
10998 /*
10999 * Set the subnet prefix. Does not modify the broadcast address.
11000 */
11001 /* ARGSUSED */
11002 int
11005 {
11007 in6_addr_t v6addr;
11008 in6_addr_t v6mask;
11029 ipaddr_t addr;
11038 /* Add 96 bits */
11040 }
11045 /* Check if bits in the address is set past the mask */
11054 /*
11055 * If the interface is already marked up,
11056 * we call ipif_down which will take care
11057 * of ditching any IREs that have been set
11058 * up based on the old interface address.
11059 */
11065 }
11069 }
11071 static int
11074 {
11081 /* Set the new address. */
11087 }
11091 /*
11092 * Now bring the interface back up. If this
11093 * is the only IPIF for the ILL, ipif_up
11094 * will have to re-bind to the device, so
11095 * we may get back EINPROGRESS, in which
11096 * case, this IOCTL will get completed in
11097 * ip_rput_dlpi when we see the DL_BIND_ACK.
11098 */
11102 }
11104 }
11106 /* ARGSUSED */
11107 int
11110 {
11112 in6_addr_t v6addr;
11113 in6_addr_t v6mask;
11127 ipaddr_t addr;
11132 }
11136 }
11138 /* ARGSUSED */
11139 int
11142 {
11161 }
11163 }
11165 /*
11166 * Set the IPv6 address token.
11167 */
11168 /* ARGSUSED */
11169 int
11172 {
11175 in6_addr_t v6addr;
11176 in6_addr_t v6mask;
11188 /* Only allow for logical unit zero i.e. not on "le0:17" */
11200 /*
11201 * The length of the token is the length from the end. To get
11202 * the proper mask for this, compute the mask of the bits not
11203 * in the token; ie. the prefix, and then xor to get the mask.
11204 */
11209 }
11221 }
11224 }
11226 static int
11229 {
11230 in6_addr_t v6addr;
11231 in6_addr_t v6mask;
11239 /*
11240 * The length of the token is the length from the end. To get
11241 * the proper mask for this, compute the mask of the bits not
11242 * in the token; ie. the prefix, and then xor to get the mask.
11243 */
11253 /* Reconfigure the link-local address based on this new token */
11259 /*
11260 * Now bring the interface back up. If this
11261 * is the only IPIF for the ILL, ipif_up
11262 * will have to re-bind to the device, so
11263 * we may get back EINPROGRESS, in which
11264 * case, this IOCTL will get completed in
11265 * ip_rput_dlpi when we see the DL_BIND_ACK.
11266 */
11270 }
11272 }
11274 /* ARGSUSED */
11275 int
11278 {
11298 }
11300 /*
11301 * Set (hardware) link specific information that might override
11302 * what was acquired through the DL_INFO_ACK.
11303 */
11304 /* ARGSUSED */
11305 int
11308 {
11319 /* Only allow for logical unit zero i.e. not on "bge0:17" */
11323 /* Set interface MTU. */
11326 else
11329 /*
11330 * Verify values before we set anything. Allow zero to
11331 * mean unspecified.
11332 *
11333 * XXX We should be able to set the user-defined lir_mtu to some value
11334 * that is greater than ill_current_frag but less than ill_max_frag- the
11335 * ill_max_frag value tells us the max MTU that can be handled by the
11336 * datalink, whereas the ill_current_frag is dynamically computed for
11337 * some link-types like tunnels, based on the tunnel PMTU. However,
11338 * since there is currently no way of distinguishing between
11339 * administratively fixed link mtu values (e.g., those set via
11340 * /sbin/dladm) and dynamically discovered MTUs (e.g., those discovered
11341 * for tunnels) we conservatively choose the ill_current_frag as the
11342 * upper-bound.
11343 */
11356 /*
11357 * The dce and fragmentation code can handle changes to ill_mtu
11358 * concurrent with sending/fragmenting packets.
11359 */
11372 /*
11373 * ill_mtu is the actual interface MTU, obtained as the min
11374 * of user-configured mtu and the value announced by the
11375 * driver (via DL_NOTE_SDU_SIZE/DL_INFO_ACK). Note that since
11376 * we have already made the choice of requiring
11377 * ill_user_mtu < ill_current_frag by the time we get here,
11378 * the ill_mtu effectively gets assigned to the ill_user_mtu
11379 * here.
11380 */
11383 }
11386 /*
11387 * Make sure all dce_generation checks find out
11388 * that ill_mtu/ill_mc_mtu has changed.
11389 */
11393 /*
11394 * Refresh IPMP meta-interface MTU if necessary.
11395 */
11400 }
11402 /* ARGSUSED */
11403 int
11406 {
11422 }
11424 /*
11425 * Return best guess as to the subnet mask for the specified address.
11426 * Based on the subnet masks for all the configured interfaces.
11427 *
11428 * We end up returning a zero mask in the case of default, multicast or
11429 * experimental.
11430 */
11431 static ipaddr_t
11433 {
11434 ipaddr_t net_mask;
11437 ill_walk_context_t ctx;
11444 }
11446 /* Let's check to see if this is maybe a local subnet route. */
11447 /* this function only applies to IPv4 interfaces */
11460 /*
11461 * Don't trust pt-pt interfaces if there are
11462 * other interfaces.
11463 */
11468 }
11470 }
11472 /*
11473 * Fine. Just assume the same net mask as the
11474 * directly attached subnet interface is using.
11475 */
11483 }
11484 }
11486 }
11492 }
11494 /*
11495 * ip_sioctl_copyin_setup calls ip_wput_ioctl to process the IP_IOCTL ioctl.
11496 */
11497 static void
11499 {
11500 IOCP iocp;
11517 }
11519 /*
11520 * These IOCTLs provide various control capabilities to
11521 * upstream agents such as ULPs and processes. There
11522 * are currently two such IOCTLs implemented. They
11523 * are used by TCP to provide update information for
11524 * existing IREs and to forcibly delete an IRE for a
11525 * host that is not responding, thereby forcing an
11526 * attempt at a new route.
11527 */
11536 }
11537 /*
11538 * prefer credential from mblk over ioctl;
11539 * see ip_sioctl_copyin_setup
11540 */
11545 /*
11546 * Refhold the conn in case the request gets queued up in some lookup
11547 */
11557 }
11559 /*
11560 * CONN_OPER_PENDING_DONE happens in the function called
11561 * through ipft_pfi above.
11562 */
11564 }
11571 }
11574 done:
11579 }
11581 /*
11582 * Assign a unique id for the ipif. This is used by sctp_addr.c
11583 * Note: remove if sctp_addr.c is redone to not shadow ill/ipif data structures.
11584 */
11585 static void
11587 {
11591 }
11593 /*
11594 * Clone the contents of `sipif' to `dipif'. Requires that both ipifs are
11595 * administratively down (i.e., no DAD), of the same type, and locked. Note
11596 * that the clone is complete -- including the seqid -- and the expectation is
11597 * that the caller will either free or overwrite `sipif' before it's unlocked.
11598 */
11599 static void
11601 {
11616 /*
11617 * As per the comment atop the function, we assume that these sipif
11618 * fields will be changed before sipif is unlocked.
11619 */
11622 }
11624 /*
11625 * Transfer the contents of `sipif' to `dipif', and then free (if `virgipif'
11626 * is NULL) or overwrite `sipif' with `virgipif', which must be a virgin
11627 * (unreferenced) ipif. Also, if `sipif' is used by the current xop, then
11628 * transfer the xop to `dipif'. Requires that all ipifs are administratively
11629 * down (i.e., no DAD), of the same type, and unlocked.
11630 */
11631 static void
11633 {
11640 /*
11641 * Grab all of the locks that protect the ipif in a defined order.
11642 */
11649 }
11653 /*
11654 * Transfer ownership of the current xop, if necessary.
11655 */
11661 }
11665 }
11667 /*
11668 * checks if:
11669 * - <ill_name>:<ipif_id> is at most LIFNAMSIZ - 1 and
11670 * - logical interface is within the allowed range
11671 */
11672 static int
11674 {
11681 }
11683 /*
11684 * Insert the ipif, so that the list of ipifs on the ill will be sorted
11685 * with respect to ipif_id. Note that an ipif with an ipif_id of -1 will
11686 * be inserted into the first space available in the list. The value of
11687 * ipif_id will then be set to the appropriate value for its position.
11688 */
11689 static int
11691 {
11705 /*
11706 * In the case of lo0:0 we already hold the ill_g_lock.
11707 * ill_lookup_on_name (acquires ill_g_lock) -> ipif_allocate ->
11708 * ipif_insert.
11709 */
11721 id++;
11723 }
11729 }
11732 /* we have a real id; insert ipif in the right place */
11738 }
11744 }
11755 }
11757 static void
11759 {
11771 }
11772 }
11774 }
11776 /*
11777 * Allocate and initialize a new interface control structure. (Always
11778 * called as writer.)
11779 * When ipif_allocate() is called from ip_ll_subnet_defaults, the ill
11780 * is not part of the global linked list of ills. ipif_seqid is unique
11781 * in the system and to preserve the uniqueness, it is assigned only
11782 * when ill becomes part of the global list. At that point ill will
11783 * have a name. If it doesn't get assigned here, it will get assigned
11784 * in ipif_set_values() as part of SIOCSLIFNAME processing.
11785 * Aditionally, if we come here from ip_ll_subnet_defaults, we don't set
11786 * the interface flags or any other information from the DL_INFO_ACK for
11787 * DL_STYLE2 drivers (initialize == B_FALSE), since we won't have them at
11788 * this point. The flags etc. will be set in ip_ll_subnet_defaults when the
11789 * second DL_INFO_ACK comes in from the driver.
11790 */
11794 {
11810 }
11815 /*
11816 * Inherit the zoneid from the ill; for the shared stack instance
11817 * this is always the global zone
11818 */
11829 }
11830 /* -1 id should have been replaced by real id */
11833 }
11838 /*
11839 * If this is the zeroth ipif on the IPMP ill, create the illgrp
11840 * (which must not exist yet because the zeroth ipif is created once
11841 * per ill). However, do not not link it to the ipmp_grp_t until
11842 * I_PLINK is called; see ip_sioctl_plink_ipmp() for details.
11843 */
11850 }
11855 }
11856 }
11858 /*
11859 * We grab ill_lock to protect the flag changes. The ipif is still
11860 * not up and can't be looked up until the ioctl completes and the
11861 * IPIF_CHANGING flag is cleared.
11862 */
11874 /* Keep the IN6_IS_ADDR_V4MAPPED assertions happy */
11885 }
11887 /*
11888 * Don't set the interface flags etc. now, will do it in
11889 * ip_ll_subnet_defaults.
11890 */
11894 /*
11895 * NOTE: The IPMP meta-interface is special-cased because it starts
11896 * with no underlying interfaces (and thus an unknown broadcast
11897 * address length), but all interfaces that can be placed into an IPMP
11898 * group are required to be broadcast-capable.
11899 */
11901 /*
11902 * Later detect lack of DLPI driver multicast capability by
11903 * catching DL_ENABMULTI_REQ errors in ip_rput_dlpi().
11904 */
11911 /*
11912 * Note: xresolv interfaces will eventually need
11913 * NOARP set here as well, but that will require
11914 * those external resolvers to have some
11915 * knowledge of that flag and act appropriately.
11916 * Not to be changed at present.
11917 */
11919 else
11921 }
11926 /* pt-pt supports multicast. */
11930 }
11931 }
11932 }
11933 out:
11936 }
11938 /*
11939 * Remove the neighbor cache entries associated with this logical
11940 * interface.
11941 */
11942 int
11944 {
11955 /*
11956 * If this is the last ipif that is going down and there are no
11957 * duplicate addresses we may yet attempt to re-probe, then we need to
11958 * clean up ARP completely.
11959 */
11962 /*
11963 * If this was the last ipif on an IPMP interface, purge any
11964 * static ARP entries associated with it.
11965 */
11969 /* UNBIND, DETACH */
11971 }
11974 }
11976 /*
11977 * Get the resolver set up for a new IP address. (Always called as writer.)
11978 * Called both for IPv4 and IPv6 interfaces, though it only does some
11979 * basic DAD related initialization for IPv6. Honors ILLF_NOARP.
11980 *
11981 * The enumerated value res_act tunes the behavior:
11982 * * Res_act_initial: set up all the resolver structures for a new
11983 * IP address.
11984 * * Res_act_defend: tell ARP that it needs to send a single gratuitous
11985 * ARP message in defense of the address.
11986 * * Res_act_rebind: tell ARP to change the hardware address for an IP
11987 * address (and issue gratuitous ARPs). Used by ipmp_ill_bind_ipif().
11988 *
11989 * Returns zero on success, or an errno upon failure.
11990 */
11991 int
11993 {
11996 boolean_t was_dup;
12005 /*
12006 * We're bringing an interface up here. There's no way that we
12007 * should need to shut down ARP now.
12008 */
12014 }
12016 }
12023 }
12024 /* NDP will set the ipif_addr_ready flag when it's ready */
12030 }
12032 /*
12033 * This routine restarts IPv4/IPv6 duplicate address detection (DAD)
12034 * when a link has just gone back up.
12035 */
12036 static void
12038 {
12047 ipaddr_t v4addr;
12052 /*
12053 * If we can't contact ARP for some reason,
12054 * that's not really a problem. Just send
12055 * out the routing socket notification that
12056 * DAD completion would have done, and continue.
12057 */
12062 }
12066 }
12072 }
12074 /*
12075 * If we can't restart DAD for some reason, that's not really a
12076 * problem. Just send out the routing socket notification that
12077 * DAD completion would have done, and continue.
12078 */
12081 }
12083 }
12085 /*
12086 * Restart duplicate address detection on all interfaces on the given ill.
12087 *
12088 * This is called when an interface transitions from down to up
12089 * (DL_NOTE_LINK_UP) or up to down (DL_NOTE_LINK_DOWN).
12090 *
12091 * Note that since the underlying physical link has transitioned, we must cause
12092 * at least one routing socket message to be sent here, either via DAD
12093 * completion or just by default on the first ipif. (If we don't do this, then
12094 * in.mpathd will see long delays when doing link-based failure recovery.)
12095 */
12096 void
12098 {
12104 /*
12105 * If layer two doesn't support duplicate address detection, then just
12106 * send the routing socket message now and be done with it.
12107 */
12111 }
12119 /*
12120 * kick off the bring-up process now.
12121 */
12124 /*
12125 * Unfortunately, the first ipif is "special"
12126 * and represents the underlying ill in the
12127 * routing socket messages. Thus, when this
12128 * one ipif is down, we must still notify so
12129 * that the user knows the IFF_RUNNING status
12130 * change. (If the first ipif is up, then
12131 * we'll handle eventual routing socket
12132 * notification via DAD completion.)
12133 */
12136 RTSQ_DEFAULT);
12137 }
12138 }
12140 /*
12141 * After link down, we'll need to send a new routing
12142 * message when the link comes back, so clear
12143 * ipif_addr_ready.
12144 */
12146 }
12147 }
12149 /*
12150 * If we've torn down links, then notify the user right away.
12151 */
12154 }
12156 static void
12158 {
12167 }
12169 static int
12171 {
12188 }
12189 }
12190 }
12193 }
12195 /*
12196 * This function is called to bring up all the ipifs that were up before
12197 * bringing the ill down via ill_down_ipifs().
12198 */
12199 int
12201 {
12208 /*
12209 * Send down REPLUMB_DONE notification followed by the
12210 * BIND_REQ on the arp stream.
12211 */
12214 }
12220 }
12222 /*
12223 * Bring down any IPIF_UP ipifs on ill. If "logical" is B_TRUE, we bring
12224 * down the ipifs without sending DL_UNBIND_REQ to the driver.
12225 */
12226 static void
12228 {
12234 /*
12235 * We go through the ipif_down logic even if the ipif
12236 * is already down, since routes can be added based
12237 * on down ipifs. Going through ipif_down once again
12238 * will delete any IREs created based on these routes.
12239 */
12249 }
12250 }
12251 }
12253 /*
12254 * Redo source address selection. This makes IXAF_VERIFY_SOURCE take
12255 * a look again at valid source addresses.
12256 * This should be called each time after the set of source addresses has been
12257 * changed.
12258 */
12259 void
12261 {
12262 /* We skip past SRC_GENERATION_VERIFY */
12264 SRC_GENERATION_VERIFY)
12266 }
12268 /*
12269 * Finish the group join started in ip_sioctl_groupname().
12270 */
12271 /* ARGSUSED */
12272 static void
12274 {
12280 /* IS_UNDER_IPMP() won't work until ipmp_ill_join_illgrp() is called */
12289 }
12295 }
12297 }
12299 /*
12300 * Process an SIOCSLIFGROUPNAME request.
12301 */
12302 /* ARGSUSED */
12303 int
12306 {
12315 /*
12316 * Note that phyint_grp can only change here, where we're exclusive.
12317 */
12328 /*
12329 * If the name hasn't changed, there's nothing to do.
12330 */
12334 /*
12335 * Handle requests to rename an IPMP meta-interface.
12336 *
12337 * Note that creation of the IPMP meta-interface is handled in
12338 * userland through the standard plumbing sequence. As part of the
12339 * plumbing the IPMP meta-interface, its initial groupname is set to
12340 * the name of the interface (see ipif_set_values_tail()).
12341 */
12345 }
12347 /*
12348 * Handle requests to add or remove an IP interface from a group.
12349 */
12351 /*
12352 * Moves are handled by first removing the interface from
12353 * its existing group, and then adding it to another group.
12354 * So, fail if it's already in a group.
12355 */
12359 }
12365 }
12367 /*
12368 * Check if the phyint and its ills are suitable for
12369 * inclusion into the group.
12370 */
12374 /*
12375 * Checks pass; join the group, and enqueue the remaining
12376 * illgrp joins for when we've become part of the group xop
12377 * and are exclusive across its IPSQs. Since qwriter_ip()
12378 * requires an mblk_t to scribble on, and since `mp' will be
12379 * freed as part of completing the ioctl, allocate another.
12380 */
12384 }
12386 /*
12387 * Before we drop ipmp_lock, bump gr_pend* to ensure that the
12388 * IPMP meta-interface ills needed by `phyi' cannot go away
12389 * before ip_join_illgrps() is called back. See the comments
12390 * in ip_sioctl_plink_ipmp() for more.
12391 */
12405 /*
12406 * Request to remove the interface from a group. If the
12407 * interface is not in a group, this trivially succeeds.
12408 */
12413 }
12414 unlock:
12417 }
12419 /*
12420 * Process an SIOCGLIFBINDING request.
12421 */
12422 /* ARGSUSED */
12423 int
12426 {
12437 else
12441 }
12443 /*
12444 * Process an SIOCGLIFGROUPNAME request.
12445 */
12446 /* ARGSUSED */
12447 int
12450 {
12458 else
12462 }
12464 /*
12465 * Process an SIOCGLIFGROUPINFO request.
12466 */
12467 /* ARGSUSED */
12468 int
12471 {
12476 /* ip_wput_nondata() verified mp->b_cont->b_cont */
12484 }
12488 }
12490 static void
12492 {
12495 /*
12496 * The ill is down; unbind but stay attached since we're still
12497 * associated with a PPA. If we have negotiated DLPI capabilites
12498 * with the data link service provider (IDS_OK) then reset them.
12499 * The interval between unbinding and rebinding is potentially
12500 * unbounded hence we cannot assume things will be the same.
12501 * The DLPI capabilities will be probed again when the data link
12502 * is brought up.
12503 */
12509 /* Free all ilms for this ill */
12513 }
12523 /*
12524 * ip_rput does not pass up normal (M_PROTO) DLPI messages
12525 * after ILL_CONDEMNED is set. So in the unplumb case, we call
12526 * ill_capability_dld_disable disable rightaway. If this is not
12527 * an unplumb operation then the disable happens on receipt of
12528 * the capab ack via ip_rput_dlpi_writer ->
12529 * ill_capability_ack_thr. In both cases the order of
12530 * the operations seen by DLD is capability disable followed
12531 * by DL_UNBIND. Also the DLD capability disable needs a
12532 * cv_wait'able context.
12533 */
12538 }
12543 }
12545 void
12547 {
12549 t_uscalar_t prim;
12562 {
12566 }
12572 }
12574 /*
12575 * Except for the ACKs for the M_PCPROTO messages, all other ACKs
12576 * are dropped by ip_rput() if ILL_CONDEMNED is set. Therefore
12577 * we only wait for the ACK of the DL_UNBIND_REQ.
12578 */
12584 }
12591 /*
12592 * There is no ack for DL_NOTIFY_CONF messages
12593 */
12596 }
12598 /*
12599 * Helper function for ill_dlpi_send().
12600 */
12601 /* ARGSUSED */
12602 static void
12604 {
12606 }
12608 /*
12609 * Send a DLPI control message to the driver but make sure there
12610 * is only one outstanding message. Uses ill_dlpi_pending to tell
12611 * when it must queue. ip_rput_dlpi_writer calls ill_dlpi_done()
12612 * when an ACK or a NAK is received to process the next queued message.
12613 */
12614 void
12616 {
12621 /*
12622 * To ensure that any DLPI requests for current exclusive operation
12623 * are always completely sent before any DLPI messages for other
12624 * operations, require writer access before enqueuing.
12625 */
12628 /* qwriter_ip() does the ill_refrele() */
12632 }
12636 /* Must queue message. Tail insertion */
12648 }
12651 }
12653 void
12655 {
12658 }
12660 void
12662 {
12671 }
12673 /*
12674 * Send all deferred DLPI messages without waiting for their ACKs.
12675 */
12676 void
12678 {
12681 /*
12682 * Clear ill_dlpi_pending so that the message is not queued in
12683 * ill_dlpi_send().
12684 */
12695 }
12696 }
12698 /*
12699 * Clear all the deferred DLPI messages. Called on receiving an M_ERROR
12700 * or M_HANGUP
12701 */
12702 static void
12704 {
12716 }
12717 }
12719 /*
12720 * Check if the DLPI primitive `prim' is pending; print a warning if not.
12721 */
12722 boolean_t
12724 {
12725 t_uscalar_t pending;
12731 }
12733 /*
12734 * During teardown, ill_dlpi_dispatch() will send DLPI requests
12735 * without waiting, so don't print any warnings in that case.
12736 */
12740 }
12752 }
12754 }
12756 /*
12757 * Complete the current DLPI operation associated with `prim' on `ill' and
12758 * start the next queued DLPI operation (if any). If there are no queued DLPI
12759 * operations and the ill's current exclusive IPSQ operation has finished
12760 * (i.e., ipsq_current_finish() was called), then clear ipsq_current_ipif to
12761 * allow the next exclusive IPSQ operation to begin upon ipsq_exit(). See
12762 * the comments above ipsq_current_finish() for details.
12763 */
12764 void
12766 {
12786 }
12790 }
12797 }
12799 /*
12800 * Queue a (multicast) DLPI control message to be sent to the driver by
12801 * later calling ill_dlpi_send_queued.
12802 * We queue them while holding a lock (ill_mcast_lock) to ensure that they
12803 * are sent in order i.e., prevent a DL_DISABMULTI_REQ and DL_ENABMULTI_REQ
12804 * for the same group to race.
12805 * We send DLPI control messages in order using ill_lock.
12806 * For IPMP we should be called on the cast_ill.
12807 */
12808 void
12810 {
12816 /* Must queue message. Tail insertion */
12823 }
12825 /*
12826 * Send the messages that were queued. Make sure there is only
12827 * one outstanding message. ip_rput_dlpi_writer calls ill_dlpi_done()
12828 * when an ACK or a NAK is received to process the next queued message.
12829 * For IPMP we are called on the upper ill, but when send what is queued
12830 * on the cast_ill.
12831 */
12832 void
12834 {
12837 t_uscalar_t prim;
12841 /* On the upper IPMP ill. */
12844 /* Avoid ever sending anything down to the ipmpstub */
12846 }
12848 }
12852 /* Can't send. Somebody else will send it */
12855 }
12859 /*
12860 * Nobody there. All multicast addresses will be
12861 * re-joined when we get the DL_BIND_ACK bringing the
12862 * interface up.
12863 */
12866 }
12873 }
12880 }
12882 done:
12885 }
12887 /*
12888 * Queue an IP (IGMP/MLD) message to be sent by IP from
12889 * ill_mcast_send_queued
12890 * We queue them while holding a lock (ill_mcast_lock) to ensure that they
12891 * are sent in order i.e., prevent a IGMP leave and IGMP join for the same
12892 * group to race.
12893 * We send them in order using ill_lock.
12894 * For IPMP we are called on the upper ill, but we queue on the cast_ill.
12895 */
12896 void
12898 {
12905 /* On the upper IPMP ill. */
12908 /* Discard instead of queuing for the ipmp interface */
12914 }
12916 }
12919 /* Must queue message. Tail insertion */
12928 }
12930 /*
12931 * Send the IP packets that were queued by ill_mcast_queue.
12932 * These are IGMP/MLD packets.
12933 *
12934 * For IPMP we are called on the upper ill, but when send what is queued
12935 * on the cast_ill.
12936 *
12937 * Request loopback of the report if we are acting as a multicast
12938 * router, so that the process-level routing demon can hear it.
12939 * This will run multiple times for the same group if there are members
12940 * on the same group for multiple ipif's on the same ill. The
12941 * igmp_input/mld_input code will suppress this due to the loopback thus we
12942 * always loopback membership report.
12943 *
12944 * We also need to make sure that this does not get load balanced
12945 * by IPMP. We do this by passing an ill to ip_output_simple.
12946 */
12947 void
12949 {
12951 ip_xmit_attr_t ixas;
12955 /* On the upper IPMP ill. */
12958 /*
12959 * We should have no messages on the ipmp interface
12960 * but no point in trying to send them.
12961 */
12963 }
12965 }
12970 /*
12971 * Here we set ixa_ifindex. If IPMP it will be the lower ill which
12972 * makes ip_select_route pick the IRE_MULTICAST for the cast_ill.
12973 * That is necessary to handle IGMP/MLD snooping switches.
12974 */
12983 /*
12984 * Nobody there. Just drop the ip packets.
12985 * IGMP/MLD will resend later, if this is a replumb.
12986 */
12989 }
12992 /*
12993 * When the ill is getting deactivated, we only want to
12994 * send the DLPI messages, so drop IGMP/MLD packets.
12995 * DLPI messages are handled by ill_dlpi_send_queued()
12996 */
13000 }
13004 /* Check whether we are sending IPv4 or IPv6. */
13016 }
13023 }
13026 done:
13029 }
13031 /*
13032 * Take down a specific interface, but don't lose any information about it.
13033 * (Always called as writer.)
13034 * This function goes through the down sequence even if the interface is
13035 * already down. There are 2 reasons.
13036 * a. Currently we permit interface routes that depend on down interfaces
13037 * to be added. This behaviour itself is questionable. However it appears
13038 * that both Solaris and 4.3 BSD have exhibited this behaviour for a long
13039 * time. We go thru the cleanup in order to remove these routes.
13040 * b. The bringup of the interface could fail in ill_dl_up i.e. we get
13041 * DL_ERROR_ACK in response to the DL_BIND request. The interface is
13042 * down, but we need to cleanup i.e. do ill_dl_down and
13043 * ip_rput_dlpi_writer (DL_ERROR_ACK) -> ipif_down.
13044 *
13045 * IP-MT notes:
13046 *
13047 * Model of reference to interfaces.
13048 *
13049 * The following members in ipif_t track references to the ipif.
13050 * int ipif_refcnt; Active reference count
13051 *
13052 * The following members in ill_t track references to the ill.
13053 * int ill_refcnt; active refcnt
13054 * uint_t ill_ire_cnt; Number of ires referencing ill
13055 * uint_t ill_ncec_cnt; Number of ncecs referencing ill
13056 * uint_t ill_nce_cnt; Number of nces referencing ill
13057 * uint_t ill_ilm_cnt; Number of ilms referencing ill
13058 *
13059 * Reference to an ipif or ill can be obtained in any of the following ways.
13060 *
13061 * Through the lookup functions ipif_lookup_* / ill_lookup_* functions
13062 * Pointers to ipif / ill from other data structures viz ire and conn.
13063 * Implicit reference to the ipif / ill by holding a reference to the ire.
13064 *
13065 * The ipif/ill lookup functions return a reference held ipif / ill.
13066 * ipif_refcnt and ill_refcnt track the reference counts respectively.
13067 * This is a purely dynamic reference count associated with threads holding
13068 * references to the ipif / ill. Pointers from other structures do not
13069 * count towards this reference count.
13070 *
13071 * ill_ire_cnt is the number of ire's associated with the
13072 * ill. This is incremented whenever a new ire is created referencing the
13073 * ill. This is done atomically inside ire_add_v[46] where the ire is
13074 * actually added to the ire hash table. The count is decremented in
13075 * ire_inactive where the ire is destroyed.
13076 *
13077 * ill_ncec_cnt is the number of ncec's referencing the ill thru ncec_ill.
13078 * This is incremented atomically in
13079 * ndp_add_v4()/ndp_add_v6() where the nce is actually added to the
13080 * table. Similarly it is decremented in ncec_inactive() where the ncec
13081 * is destroyed.
13082 *
13083 * ill_nce_cnt is the number of nce's referencing the ill thru nce_ill. This is
13084 * incremented atomically in nce_add() where the nce is actually added to the
13085 * ill_nce. Similarly it is decremented in nce_inactive() where the nce
13086 * is destroyed.
13087 *
13088 * ill_ilm_cnt is the ilm's reference to the ill. It is incremented in
13089 * ilm_add() and decremented before the ilm is freed in ilm_delete().
13090 *
13091 * Flow of ioctls involving interface down/up
13092 *
13093 * The following is the sequence of an attempt to set some critical flags on an
13094 * up interface.
13095 * ip_sioctl_flags
13096 * ipif_down
13097 * wait for ipif to be quiescent
13098 * ipif_down_tail
13099 * ip_sioctl_flags_tail
13100 *
13101 * All set ioctls that involve down/up sequence would have a skeleton similar
13102 * to the above. All the *tail functions are called after the refcounts have
13103 * dropped to the appropriate values.
13104 *
13105 * SIOC ioctls during the IPIF_CHANGING interval.
13106 *
13107 * Threads handling SIOC set ioctls serialize on the squeue, but this
13108 * is not done for SIOC get ioctls. Since a set ioctl can cause several
13109 * steps of internal changes to the state, some of which are visible in
13110 * ipif_flags (such as IFF_UP being cleared and later set), and we want
13111 * the set ioctl to be atomic related to the get ioctls, the SIOC get code
13112 * will wait and restart ioctls if IPIF_CHANGING is set. The mblk is then
13113 * enqueued in the ipsq and the operation is restarted by ipsq_exit() when
13114 * the current exclusive operation completes. The IPIF_CHANGING check
13115 * and enqueue is atomic using the ill_lock and ipsq_lock. The
13116 * lookup is done holding the ill_lock. Hence the ill/ipif state flags can't
13117 * change while the ill_lock is held. Before dropping the ill_lock we acquire
13118 * the ipsq_lock and call ipsq_enq. This ensures that ipsq_exit can't finish
13119 * until we release the ipsq_lock, even though the ill/ipif state flags
13120 * can change after we drop the ill_lock.
13121 */
13122 int
13124 {
13127 boolean_t success;
13145 /* Update status in SCTP's list */
13149 }
13151 /*
13152 * Removal of the last ipif from an ill may result in a DL_UNBIND
13153 * being sent to the driver, and we must not send any data packets to
13154 * the driver after the DL_UNBIND_REQ. To ensure this, all the
13155 * ire and nce entries used in the data path will be cleaned
13156 * up, and we also set the ILL_DOWN_IN_PROGRESS bit to make
13157 * sure on new entries will be added until the ill is bound
13158 * again. The ILL_DOWN_IN_PROGRESS bit is turned off upon
13159 * receipt of a DL_BIND_ACK.
13160 */
13165 }
13167 /*
13168 * Blow away memberships we established in ipif_multicast_up().
13169 */
13172 /*
13173 * Remove from the mapping for __sin6_src_id. We insert only
13174 * when the address is not INADDR_ANY. As IPv4 addresses are
13175 * stored as mapped addresses, we need to check for mapped
13176 * INADDR_ANY also.
13177 */
13187 }
13188 }
13191 /* only delete if we'd added ire's before */
13194 else
13196 }
13199 /*
13200 * Since the interface is now down, it may have just become
13201 * inactive. Note that this needs to be done even for a
13202 * lll_logical_down(), or ARP entries will not get correctly
13203 * restored when the interface comes back up.
13204 */
13207 }
13209 /*
13210 * neighbor-discovery or arp entries for this interface. The ipif
13211 * has to be quiesced, so we walk all the nce's and delete those
13212 * that point at the ipif->ipif_ill. At the same time, we also
13213 * update IPMP so that ipifs for data addresses are unbound. We dont
13214 * call ipif_arp_down to DL_UNBIND the arp stream itself here, but defer
13215 * that for ipif_down_tail()
13216 */
13219 /*
13220 * If this is the last ipif on the ill, we also need to remove
13221 * any IREs with ire_ill set. Otherwise ipif_is_quiescent() will
13222 * never succeed.
13223 */
13227 /*
13228 * Walk all CONNs that can have a reference on an ire for this
13229 * ipif (we actually walk all that now have stale references).
13230 */
13233 /*
13234 * If mp is NULL the caller will wait for the appropriate refcnt.
13235 * Eg. ip_sioctl_removeif -> ipif_free -> ipif_down
13236 * and ill_delete -> ipif_free -> ipif_down
13237 */
13241 }
13248 }
13250 /*
13251 * Are there any ire's pointing to this ipif that are still active ?
13252 * If this is the last ipif going down, are there any ire's pointing
13253 * to this ill that are still active ?
13254 */
13260 }
13264 /*
13265 * Enqueue the mp atomically in ipsq_pending_mp. When the refcount
13266 * drops down, the operation will be restarted by ipif_ill_refrele_tail
13267 * which in turn is called by the last refrele on the ipif/ill/ire.
13268 */
13271 /* The conn is closing. So just return */
13276 }
13282 }
13284 int
13286 {
13293 /*
13294 * Skip any loopback interface (null wq).
13295 * If this is the last logical interface on the ill
13296 * have ill_dl_down tell the driver we are gone (unbind)
13297 * Note that lun 0 can ipif_down even though
13298 * there are other logical units that are up.
13299 * This occurs e.g. when we change a "significant" IFF_ flag.
13300 */
13305 }
13314 }
13316 /*
13317 * Bring interface logically down without bringing the physical interface
13318 * down e.g. when the netmask is changed. This avoids long lasting link
13319 * negotiations between an ethernet interface and a certain switches.
13320 */
13321 static int
13323 {
13327 /*
13328 * The ill_logical_down flag is a transient flag. It is set here
13329 * and is cleared once the down has completed in ipif_down_tail.
13330 * This flag does not indicate whether the ill stream is in the
13331 * DL_BOUND state with the driver. Instead this flag is used by
13332 * ipif_down_tail to determine whether to DL_UNBIND the stream with
13333 * the driver. The state of the ill stream i.e. whether it is
13334 * DL_BOUND with the driver or not is indicated by the ill_dl_up flag.
13335 */
13338 }
13340 /*
13341 * Initiate deallocate of an IPIF. Always called as writer. Called by
13342 * ill_delete or ip_sioctl_removeif.
13343 */
13344 static void
13346 {
13355 /*
13356 * Take down the interface. We can be called either from ill_delete
13357 * or from ip_sioctl_removeif.
13358 */
13361 /*
13362 * Now that the interface is down, there's no chance it can still
13363 * become a duplicate. Cancel any timer that may have been set while
13364 * tearing down.
13365 */
13371 /* Remove pointers to this ill in the multicast routing tables */
13373 /* If necessary, clear the cached source ipif rotor. */
13377 }
13379 static void
13381 {
13384 /*
13385 * Need to hold both ill_g_lock and ill_lock while
13386 * inserting or removing an ipif from the linked list
13387 * of ipifs hanging off the ill.
13388 */
13391 #ifdef DEBUG
13393 #endif
13395 /* Ask SCTP to take it out of it list */
13399 /* Get it out of the ILL interface list. */
13408 /* Free the memory. */
13410 }
13412 /*
13413 * Sets `buf' to an ipif name of the form "ill_name:id", or "ill_name" if "id"
13414 * is zero.
13415 */
13416 void
13418 {
13431 }
13436 }
13438 /*
13439 * Sets `buf' to an ill name.
13440 */
13441 void
13443 {
13453 }
13455 /*
13456 * Find an IPIF based on the name passed in. Names can be of the form <phys>
13457 * (e.g., le0) or <phys>:<#> (e.g., le0:1). When there is no colon, the
13458 * implied unit id is zero. <phys> must correspond to the name of an ILL.
13459 * (May be called as writer.)
13460 */
13464 {
13470 uint_t ire_type;
13474 /*
13475 * If the caller wants to us to create the ipif, make sure we have a
13476 * valid zoneid
13477 */
13482 }
13485 /* Look for a colon in the name. */
13490 }
13493 /*
13494 * Reject any non-decimal aliases for logical
13495 * interfaces. Aliases with leading zeroes
13496 * are also rejected as they introduce ambiguity
13497 * in the naming of the interfaces.
13498 * In order to confirm with existing semantics,
13499 * and to not break any programs/script relying
13500 * on that behaviour, if<0>:0 is considered to be
13501 * a valid interface.
13502 *
13503 * If alias has two or more digits and the first
13504 * is zero, fail.
13505 */
13508 }
13509 }
13513 }
13517 /*
13518 * Look up the ILL, based on the portion of the name
13519 * before the slash. ill_lookup_on_name returns a held ill.
13520 * Temporary to check whether ill exists already. If so
13521 * ill_lookup_on_name will clear it.
13522 */
13529 /* Establish the unit number in the name. */
13532 /* If there was a colon, the unit number follows. */
13533 cp++;
13537 }
13538 }
13541 /* Now see if there is an IPIF with this unit number. */
13550 }
13556 /*
13557 * Drop locks before calling ill_refrele
13558 * since it can potentially call into
13559 * ipif_ill_refrele_tail which can end up
13560 * in trying to acquire any lock.
13561 */
13564 }
13565 }
13566 }
13572 }
13574 /*
13575 * If none found, atomically allocate and return a new one.
13576 * Historically, we used IRE_LOOPBACK only for lun 0, and IRE_LOCAL
13577 * to support "receive only" use of lo0:1 etc. as is still done
13578 * below as an initial guess.
13579 * However, this is now likely to be overriden later in ipif_up_done()
13580 * when we know for sure what address has been configured on the
13581 * interface, since we might have more than one loopback interface
13582 * with a loopback address, e.g. in the case of zones, and all the
13583 * interfaces with loopback addresses need to be marked IRE_LOOPBACK.
13584 */
13587 else
13595 }
13597 /*
13598 * Variant of the above that queues the request on the ipsq when
13599 * IPIF_CHANGING is set.
13600 */
13605 {
13621 }
13623 /* Look for a colon in the name. */
13628 }
13631 /*
13632 * Reject any non-decimal aliases for logical
13633 * interfaces. Aliases with leading zeroes
13634 * are also rejected as they introduce ambiguity
13635 * in the naming of the interfaces.
13636 * In order to confirm with existing semantics,
13637 * and to not break any programs/script relying
13638 * on that behaviour, if<0>:0 is considered to be
13639 * a valid interface.
13640 *
13641 * If alias has two or more digits and the first
13642 * is zero, fail.
13643 */
13648 }
13649 }
13655 }
13657 /*
13658 * Look up the ILL, based on the portion of the name
13659 * before the slash. ill_lookup_on_name returns a held ill.
13660 * Temporary to check whether ill exists already. If so
13661 * ill_lookup_on_name will clear it.
13662 */
13669 /* Establish the unit number in the name. */
13672 /* If there was a colon, the unit number follows. */
13673 cp++;
13679 }
13680 }
13684 /* Now see if there is an IPIF with this unit number. */
13696 }
13703 /*
13704 * Drop locks before calling ill_refrele
13705 * since it can potentially call into
13706 * ipif_ill_refrele_tail which can end up
13707 * in trying to acquire any lock.
13708 */
13725 }
13726 }
13727 }
13734 }
13736 /*
13737 * This routine is called whenever a new address comes up on an ipif. If
13738 * we are configured to respond to address mask requests, then we are supposed
13739 * to broadcast an address mask reply at this time. This routine is also
13740 * called if we are already up, but a netmask change is made. This is legal
13741 * but might not make the system manager very popular. (May be called
13742 * as writer.)
13743 */
13744 void
13746 {
13751 ip_xmit_attr_t ixas;
13753 #define REPLY_LEN (sizeof (icmp_ipha) + sizeof (icmph_t) + IP_ADDR_LEN)
13758 /* ICMP mask reply is IPv4 only */
13760 /* ICMP mask reply is not for a loopback interface */
13793 #undef REPLY_LEN
13794 }
13796 /*
13797 * Join the ipif specific multicast groups.
13798 * Must be called after a mapping has been set up in the resolver. (Always
13799 * called as writer.)
13800 */
13801 void
13803 {
13828 /*
13829 * Join the all hosts multicast address. We skip this for
13830 * underlying IPMP interfaces since they should be invisible.
13831 */
13840 }
13842 }
13844 /*
13845 * Enable multicast for the solicited node multicast address.
13846 * If IPMP we need to put the membership on the upper ill.
13847 */
13850 boolean_t need_refrele;
13858 }
13872 }
13874 }
13876 }
13878 in6_addr_t v6group;
13883 /* Join the all hosts multicast address */
13892 }
13894 }
13895 }
13897 /*
13898 * Blow away any multicast groups that we joined in ipif_multicast_up().
13899 * (ilms from explicit memberships are handled in conn_update_ill.)
13900 */
13901 void
13903 {
13911 }
13915 }
13916 }
13918 /*
13919 * Used when an interface comes up to recreate any extra routes on this
13920 * interface.
13921 */
13922 int
13924 {
13936 /*
13937 * Create a copy of the IRE with the saved address and netmask.
13938 */
13945 ill,
13948 ipst);
13955 ill,
13958 ipst);
13959 }
13963 }
13971 }
13972 }
13974 /*
13975 * Some software (for example, GateD and Sun Cluster) attempts
13976 * to create (what amount to) IRE_PREFIX routes with the
13977 * loopback address as the gateway. This is primarily done to
13978 * set up prefixes with the RTF_REJECT flag set (for example,
13979 * when generating aggregate routes.)
13980 *
13981 * If the IRE type (as defined by ill->ill_net_type) is
13982 * IRE_LOOPBACK, then we map the request into a
13983 * IRE_IF_NORESOLVER.
13984 */
13988 /*
13989 * ire held by ire_add, will be refreled' towards the
13990 * the end of ipif_up_done
13991 */
13993 /*
13994 * Check if it was a duplicate entry. This handles
13995 * the case of two racing route adds for the same route
13996 */
14006 }
14009 }
14012 }
14014 /*
14015 * Used to set the netmask and broadcast address to default values when the
14016 * interface is brought up. (Always called as writer.)
14017 */
14018 static void
14020 {
14024 /*
14025 * Interface holds an IPv4 address. Default
14026 * mask is the natural netmask.
14027 */
14029 ipaddr_t v4mask;
14033 }
14035 /* ipif_subnet is ipif_pp_dst_addr for pt-pt */
14040 }
14041 /*
14042 * NOTE: SunOS 4.X does this even if the broadcast address
14043 * has been already set thus we do the same here.
14044 */
14046 ipaddr_t v4addr;
14050 }
14052 /*
14053 * Interface holds an IPv6-only address. Default
14054 * mask is all-ones.
14055 */
14059 /* ipif_subnet is ipif_pp_dst_addr for pt-pt */
14064 }
14065 }
14066 }
14068 /*
14069 * Return 0 if this address can be used as local address without causing
14070 * duplicate address problems. Otherwise, return EADDRNOTAVAIL if the address
14071 * is already up on a different ill, and EADDRINUSE if it's up on the same ill.
14072 * Note that the same IPv6 link-local address is allowed as long as the ills
14073 * are not on the same link.
14074 */
14075 int
14077 {
14078 in6_addr_t our_v6addr;
14081 ill_walk_context_t ctx;
14097 else
14123 else
14125 }
14126 }
14129 }
14131 /*
14132 * Bring up an ipif: bring up arp/ndp, bring up the DLPI stream, and add
14133 * IREs for the ipif.
14134 * When the routine returns EINPROGRESS then mp has been consumed and
14135 * the ioctl will be acked from ip_rput_dlpi.
14136 */
14137 int
14139 {
14143 boolean_t success;
14144 uint_t ipif_orig_id;
14153 /* Shouldn't get here if it is already up. */
14157 /*
14158 * If this is a request to bring up a data address on an interface
14159 * under IPMP, then move the address to its IPMP meta-interface and
14160 * try to bring it up. One complication is that the zeroth ipif for
14161 * an ill is special, in that every ill always has one, and that code
14162 * throughout IP deferences ill->ill_ipif without holding any locks.
14163 */
14169 /*
14170 * The ipif being brought up should be quiesced. If it's not,
14171 * something has gone amiss and we need to bail out. (If it's
14172 * quiesced, we know it will remain so via IPIF_CONDEMNED.)
14173 */
14178 }
14181 /*
14182 * If we're going to need to allocate ipifs, do it prior
14183 * to starting the move (and grabbing locks).
14184 */
14189 }
14194 }
14195 }
14197 /*
14198 * Grab or transfer the ipif to move. During the move, keep
14199 * ill_g_lock held to prevent any ill walker threads from
14200 * seeing things in an inconsistent state.
14201 */
14208 }
14210 /*
14211 * Place the ipif on the IPMP ill. If the zeroth ipif on
14212 * the IPMP ill is a stub (0.0.0.0 down address) then we
14213 * replace that one. Otherwise, pick the next available slot.
14214 */
14224 /*
14225 * No more available ipif_id's -- put it back
14226 * on the original ill and fail the operation.
14227 * Since we're writer on the ill, we can be
14228 * sure our old slot is still available.
14229 */
14234 NULL);
14237 }
14240 }
14241 }
14244 /*
14245 * Tell SCTP that the ipif has moved. Note that even if we
14246 * had to allocate a new ipif, the original sequence id was
14247 * preserved and therefore SCTP won't know.
14248 */
14251 /*
14252 * If the ipif being brought up was on slot zero, then we
14253 * first need to bring up the placeholder we stuck there. In
14254 * ip_rput_dlpi_writer(), arp_bringup_done(), or the recursive
14255 * call to ipif_up() itself, if we successfully bring up the
14256 * placeholder, we'll check ill_move_ipif and bring it up too.
14257 */
14266 }
14268 /*
14269 * Bring it up on the IPMP ill.
14270 */
14272 }
14274 /* Skip arp/ndp for any loopback interface. */
14280 /*
14281 * ill_dl_up is not yet set. i.e. we are yet to
14282 * DL_BIND with the driver and this is the first
14283 * logical interface on the ill to become "up".
14284 * Tell the driver to get going (via DL_BIND_REQ).
14285 * Note that changing "significant" IFF_ flags
14286 * address/netmask etc cause a down/up dance, but
14287 * does not cause an unbind (DL_UNBIND) with the driver
14288 */
14290 }
14292 /*
14293 * ipif_resolver_up may end up needeing to bind/attach
14294 * the ARP stream, which in turn necessitates a
14295 * DLPI message exchange with the driver. ioctls are
14296 * serialized and so we cannot send more than one
14297 * interface up message at a time. If ipif_resolver_up
14298 * does need to wait for the DLPI handshake for the ARP stream,
14299 * we get EINPROGRESS and we will complete in arp_bringup_done.
14300 */
14313 /*
14314 * Crank up IPv6 neighbor discovery. Unlike ARP, this should
14315 * complete when ipif_ndp_up returns.
14316 */
14319 /* We will complete it in arp_bringup_done() */
14321 }
14332 /*
14333 * Interfaces without underlying hardware don't do duplicate
14334 * address detection.
14335 */
14339 /* allocation failure? */
14342 }
14349 }
14351 }
14353 /*
14354 * Add any IREs tied to the ill. For now this is just an IRE_MULTICAST.
14355 * The identical set of IREs need to be removed in ill_delete_ires().
14356 */
14357 int
14359 {
14367 /*
14368 * provide some dummy ire_addr for creating the ire.
14369 */
14376 }
14382 }
14384 void
14386 {
14388 /*
14389 * BIND/ATTACH completed; Release the ref for ill_ire_multicast
14390 * which was taken without any th_tracing enabled.
14391 * We also mark it as condemned (note that it was never added)
14392 * so that caching conn's can move off of it.
14393 */
14397 }
14398 }
14400 /*
14401 * Perform a bind for the physical device.
14402 * When the routine returns EINPROGRESS then mp has been consumed and
14403 * the ioctl will be acked from ip_rput_dlpi.
14404 * Allocate an unbind message and save it until ipif_down.
14405 */
14406 static int
14408 {
14412 boolean_t success;
14421 /*
14422 * Make sure we have an IRE_MULTICAST in case we immediately
14423 * start receiving packets.
14424 */
14430 DL_BIND_REQ);
14436 /*
14437 * ill_unbind_mp would be non-null if the following sequence had
14438 * happened:
14439 * - send DL_BIND_REQ to driver, wait for response
14440 * - multiple ioctls that need to bring the ipif up are encountered,
14441 * but they cannot enter the ipsq due to the outstanding DL_BIND_REQ.
14442 * These ioctls will then be enqueued on the ipsq
14443 * - a DL_ERROR_ACK is returned for the DL_BIND_REQ
14444 * At this point, the pending ioctls in the ipsq will be drained, and
14445 * since ill->ill_dl_up was not set, ill_dl_up would be invoked with
14446 * a non-null ill->ill_unbind_mp
14447 */
14450 DL_UNBIND_REQ);
14453 }
14454 /*
14455 * Record state needed to complete this operation when the
14456 * DL_BIND_ACK shows up. Also remember the pre-allocated mblks.
14457 */
14468 /*
14469 * Save the unbind message for ill_dl_down(); it will be consumed when
14470 * the interface goes down.
14471 */
14476 /* Send down link-layer capabilities probe if not already done. */
14479 /*
14480 * Sysid used to rely on the fact that netboots set domainname
14481 * and the like. Now that miniroot boots aren't strictly netboots
14482 * and miniroot network configuration is driven from userland
14483 * these things still need to be set. This situation can be detected
14484 * by comparing the interface being configured here to the one
14485 * dhcifname was set to reference by the boot loader. Once sysid is
14486 * converted to use dhcp_ipc_getinfo() this call can go away.
14487 */
14493 }
14495 /*
14496 * This operation will complete in ip_rput_dlpi with either
14497 * a DL_BIND_ACK or DL_ERROR_ACK.
14498 */
14500 bad:
14506 }
14508 /* Add room for tcp+ip headers */
14511 /*
14512 * DLPI and ARP is up.
14513 * Create all the IREs associated with an interface. Bring up multicast.
14514 * Set the interface flag and finish other initialization
14515 * that potentially had to be deferred to after DL_BIND_ACK.
14516 */
14517 int
14519 {
14531 /* Check if this is a loopback interface */
14537 /*
14538 * If all other interfaces for this ill are down or DEPRECATED,
14539 * or otherwise unsuitable for source address selection,
14540 * reset the src generation numbers to make sure source
14541 * address selection gets to take this new ipif into account.
14542 * No need to hold ill_lock while traversing the ipif list since
14543 * we are writer
14544 */
14552 /* first useable pre-existing interface */
14555 }
14563 /*
14564 * lo0:1 and subsequent ipifs were marked IRE_LOCAL in
14565 * ipif_lookup_on_name(), but in the case of zones we can have
14566 * several loopback addresses on lo0. So all the interfaces with
14567 * loopback addresses need to be marked IRE_LOOPBACK.
14568 */
14572 else
14577 /* add unicast nce for the local addr */
14581 /* A shared-IP zone sees EEXIST for lo0:N */
14590 }
14591 }
14593 /* Create all the IREs associated with this interface */
14596 /*
14597 * see comments about return value from
14598 * ip_addr_availability_check() in ipif_add_ires_v4().
14599 */
14603 /*
14604 * Make IPMP aware of the deleted ipif so that
14605 * the needed ipmp cleanup (e.g., of ipif_bound_ill)
14606 * can be completed. Note that we do not want to
14607 * destroy the nce that was created on the ipmp_ill
14608 * for the active copy of the duplicate address in
14609 * use.
14610 */
14614 }
14616 }
14619 /* Recover any additional IREs entries for this ill */
14621 }
14624 /*
14625 * Need to recover all multicast memberships in the driver.
14626 * This had to be deferred until we had attached. The same
14627 * code exists in ipif_up_done_v6() to recover IPv6
14628 * memberships.
14629 *
14630 * Note that it would be preferable to unconditionally do the
14631 * ill_recover_multicast() in ill_dl_up(), but we cannot do
14632 * that since ill_join_allmulti() depends on ill_dl_up being
14633 * set, and it is not set until we receive a DL_BIND_ACK after
14634 * having called ill_dl_up().
14635 */
14637 }
14640 /*
14641 * Since the interface is now up, it may now be active.
14642 */
14646 /*
14647 * If this is an IPMP interface, we may now be able to
14648 * establish ARP entries.
14649 */
14652 }
14654 /* Join the allhosts multicast address */
14662 /* Broadcast an address mask reply. */
14664 }
14665 /* Perhaps ilgs should use this ill */
14668 /*
14669 * This had to be deferred until we had bound. Tell routing sockets and
14670 * others that this interface is up if it looks like the address has
14671 * been validated. Otherwise, if it isn't ready yet, wait for
14672 * duplicate address detection to do its thing.
14673 */
14677 }
14679 /*
14680 * Add the IREs associated with the ipif.
14681 * Those MUST be explicitly removed in ipif_delete_ires_v4.
14682 */
14683 static int
14685 {
14700 /* Register the source address for __sin6_src_id */
14706 }
14710 else
14713 /* If the interface address is set, create the local IRE. */
14723 ipst);
14732 }
14739 }
14745 }
14749 /*
14750 * If mask was not specified, use natural netmask of
14751 * interface address. Also, store this mask back into the
14752 * ipif struct.
14753 */
14759 }
14761 /* Set up the IRE_IF_RESOLVER or IRE_IF_NORESOLVER, as appropriate. */
14764 /* ipif_subnet is ipif_pp_dst_addr for pt-pt */
14770 }
14781 ill,
14785 ipst);
14790 }
14791 }
14793 /*
14794 * Create any necessary broadcast IREs.
14795 */
14800 /* If an earlier ire_create failed, get out now */
14802 irep1--;
14807 }
14808 }
14810 /*
14811 * Need to atomically check for IP address availability under
14812 * ip_addr_avail_lock. ill_g_lock is held as reader to ensure no new
14813 * ills or new ipifs can be added while we are checking availability.
14814 */
14817 /* Mark it up, and increment counters. */
14825 /*
14826 * Our address may already be up on the same ill. In this case,
14827 * the ARP entry for our ipif replaced the one for the other
14828 * ipif. So we don't want to delete it (otherwise the other ipif
14829 * would be unable to send packets).
14830 * ip_addr_availability_check() identifies this case for us and
14831 * returns EADDRINUSE; Caller should turn it into EADDRNOTAVAIL
14832 * which is the expected error code.
14833 */
14837 }
14839 /*
14840 * Add in all newly created IREs. ire_create_bcast() has
14841 * already checked for duplicates of the IRE_BROADCAST type.
14842 * We add the IRE_INTERFACE before the IRE_LOCAL to ensure
14843 * that lookups find the IRE_LOCAL even if the IRE_INTERFACE is
14844 * a /32 route.
14845 */
14851 }
14852 #ifdef DEBUG
14855 #endif
14856 }
14862 }
14863 #ifdef DEBUG
14866 #endif
14867 }
14877 /*
14878 * We first add all of them, and if that succeeds we refrele the
14879 * bunch. That enables us to delete all of them should any of the
14880 * ire_adds fail.
14881 */
14883 irep1--;
14889 }
14890 }
14893 irep1--;
14894 /* refheld by ire_add. */
14898 }
14899 }
14902 /*
14903 * If the broadcast address has been set, make sure it makes
14904 * sense based on the interface address.
14905 * Only match on ill since we are sharing broadcast addresses.
14906 */
14916 /*
14917 * If there isn't a matching broadcast IRE,
14918 * revert to the default for this netmask.
14919 */
14926 }
14927 }
14929 }
14932 bad2:
14936 bad:
14952 }
14956 }
14959 irep--;
14962 }
14963 }
14967 }
14969 /* Remove all the IREs created by ipif_add_ires_v4 */
14970 void
14972 {
14982 /*
14983 * Move count to ipif so we don't loose the count due to
14984 * a down/up dance.
14985 */
14990 }
14998 }
15000 /*
15001 * Delete the broadcast IREs.
15002 */
15006 }
15008 /*
15009 * Checks for availbility of a usable source address (if there is one) when the
15010 * destination ILL has the ill_usesrc_ifindex pointing to another ILL. Note
15011 * this selection is done regardless of the destination.
15012 */
15013 boolean_t
15016 {
15042 }
15046 }
15048 /*
15049 * Find an ipif with a good local address on the ill+zoneid.
15050 */
15051 ipif_t *
15053 {
15074 }
15077 }
15079 /*
15080 * IP source address type, sorted from worst to best. For a given type,
15081 * always prefer IP addresses on the same subnet. All-zones addresses are
15082 * suboptimal because they pose problems with unlabeled destinations.
15083 */
15085 IPIF_NONE,
15092 IPIF_LOCALADDR /* local loopback */
15095 /*
15096 * Pick the optimal ipif on `ill' for sending to destination `dst' from zone
15097 * `zoneid'. We rate usable ipifs from low -> high as per the ipif_type_t
15098 * enumeration, and return the highest-rated ipif. If there's a tie, we pick
15099 * the first one, unless IPMP is used in which case we round-robin among them;
15100 * see below for more.
15101 *
15102 * Returns NULL if there is no suitable source address for the ill.
15103 * This only occurs when there is no valid source address for the ill.
15104 */
15105 ipif_t *
15108 {
15114 boolean_t samenet;
15121 else
15123 }
15125 /*
15126 * Test addresses should never be used for source address selection,
15127 * so if we were passed one, switch to the IPMP meta-interface.
15128 */
15132 else
15134 }
15136 /*
15137 * Hold the ill_g_lock as reader. This makes sure that no ipif/ill
15138 * can be deleted. But an ipif/ill can get CONDEMNED any time.
15139 * After selecting the right ipif, under ill_lock make sure ipif is
15140 * not condemned, and increment refcnt. If ipif is CONDEMNED,
15141 * we retry. Inside the loop we still need to check for CONDEMNED,
15142 * but not under a lock.
15143 */
15145 retry:
15146 /*
15147 * For source address selection, we treat the ipif list as circular
15148 * and continue until we get back to where we started. This allows
15149 * IPMP to vary source address selection (which improves inbound load
15150 * spreading) by caching its last ending point and starting from
15151 * there. NOTE: we don't have to worry about ill_src_ipif changing
15152 * ills since that can't happen on the IPMP ill.
15153 */
15167 /* Always skip NOLOCAL and ANYCAST interfaces */
15170 /* Always skip NOACCEPT interfaces */
15180 }
15187 /*
15188 * Interfaces with 0.0.0.0 address are allowed to be UP, but
15189 * are not valid as source addresses.
15190 */
15200 IPIF_DIFFNET_DEPRECATED;
15203 IPIF_DIFFNET_ALLZONES;
15206 }
15213 }
15221 }
15224 /*
15225 * For IPMP, update the source ipif rotor to the next ipif,
15226 * provided we can look it up. (We must not use it if it's
15227 * IPIF_CONDEMNED since we may have grabbed ill_g_lock after
15228 * ipif_free() checked ill_src_ipif.)
15229 */
15234 else
15236 }
15238 }
15246 #ifdef DEBUG
15262 }
15265 }
15267 /*
15268 * Pick a source address based on the destination ill and an optional setsrc
15269 * address.
15270 * The result is stored in srcp. If generation is set, then put the source
15271 * generation number there before we look for the source address (to avoid
15272 * missing changes in the set of source addresses.
15273 * If flagsp is set, then us it to pass back ipif_flags.
15274 *
15275 * If the caller wants to cache the returned source address and detect when
15276 * that might be stale, the caller should pass in a generation argument,
15277 * which the caller can later compare against ips_src_generation
15278 *
15279 * The precedence order for selecting an IPv4 source address is:
15280 * - RTF_SETSRC on the offlink ire always wins.
15281 * - If usrsrc is set, swap the ill to be the usesrc one.
15282 * - If IPMP is used on the ill, select a random address from the most
15283 * preferred ones below:
15284 * 1. If onlink destination, same subnet and not deprecated, not ALL_ZONES
15285 * 2. Not deprecated, not ALL_ZONES
15286 * 3. If onlink destination, same subnet and not deprecated, ALL_ZONES
15287 * 4. Not deprecated, ALL_ZONES
15288 * 5. If onlink destination, same subnet and deprecated
15289 * 6. Deprecated.
15290 *
15291 * We have lower preference for ALL_ZONES IP addresses,
15292 * as they pose problems with unlabeled destinations.
15293 *
15294 * Note that when multiple IP addresses match e.g., #1 we pick
15295 * the first one if IPMP is not in use. With IPMP we randomize.
15296 */
15297 int
15299 ipaddr_t multicast_ifaddr,
15302 {
15309 /*
15310 * Need to grab the generation number before we check to
15311 * avoid a race with a change to the set of local addresses.
15312 * No lock needed since the thread which updates the set of local
15313 * addresses use ipif/ill locks and exit those (hence a store memory
15314 * barrier) before doing the atomic increase of ips_src_generation.
15315 */
15318 }
15323 }
15325 /* Was RTF_SETSRC set on the first IRE in the recursive lookup? */
15329 }
15334 else
15336 }
15342 }
15344 /* ARGSUSED */
15345 int
15348 {
15349 /*
15350 * ill_phyint_reinit merged the v4 and v6 into a single
15351 * ipsq. We might not have been able to complete the
15352 * operation in ipif_set_values, if we could not become
15353 * exclusive. If so restart it here.
15354 */
15356 }
15358 /*
15359 * Can operate on either a module or a driver queue.
15360 * Returns an error if not a module queue.
15361 */
15362 /* ARGSUSED */
15363 int
15366 {
15376 }
15387 /*
15388 * Here we are not going to delay the ioack until after
15389 * ACKs from DL_ATTACH_REQ/DL_BIND_REQ. So no need to save the
15390 * original ioctl message before sending the requests.
15391 */
15393 }
15395 /* ARGSUSED */
15396 int
15399 {
15401 }
15403 /*
15404 * Create any IRE_BROADCAST entries for `ipif', and store those entries in
15405 * `irep'. Returns a pointer to the next free `irep' entry
15406 * A mirror exists in ipif_delete_bcast_ires().
15407 *
15408 * The management of any "extra" or seemingly duplicate IRE_BROADCASTs is
15409 * done in ire_add.
15410 */
15413 {
15414 ipaddr_t addr;
15432 /*
15433 * For backward compatibility, we create net broadcast IREs based on
15434 * the old "IP address class system", since some old machines only
15435 * respond to these class derived net broadcast. However, we must not
15436 * create these net broadcast IREs if the subnetmask is shorter than
15437 * the IP address class based derived netmask. Otherwise, we may
15438 * create a net broadcast address which is the same as an IP address
15439 * on the subnet -- and then TCP will refuse to talk to that address.
15440 */
15445 }
15447 /*
15448 * Don't create IRE_BROADCAST IREs for the interface if the subnetmask
15449 * is 0xFFFFFFFF, as an IRE_LOCAL for that interface is already
15450 * created. Creating these broadcast IREs will only create confusion
15451 * as `addr' will be the same as the IP address.
15452 */
15457 }
15460 }
15462 /*
15463 * Mirror of ipif_create_bcast_ires()
15464 */
15465 static void
15467 {
15468 ipaddr_t addr;
15489 /*
15490 * For backward compatibility, we create net broadcast IREs based on
15491 * the old "IP address class system", since some old machines only
15492 * respond to these class derived net broadcast. However, we must not
15493 * create these net broadcast IREs if the subnetmask is shorter than
15494 * the IP address class based derived netmask. Otherwise, we may
15495 * create a net broadcast address which is the same as an IP address
15496 * on the subnet -- and then TCP will refuse to talk to that address.
15497 */
15506 }
15508 /*
15509 * Don't create IRE_BROADCAST IREs for the interface if the subnetmask
15510 * is 0xFFFFFFFF, as an IRE_LOCAL for that interface is already
15511 * created. Creating these broadcast IREs will only create confusion
15512 * as `addr' will be the same as the IP address.
15513 */
15522 }
15523 }
15525 /*
15526 * Extract both the flags (including IFF_CANTCHANGE) such as IFF_IPV*
15527 * from lifr_flags and the name from lifr_name.
15528 * Set IFF_IPV* and ill_isv6 prior to doing the lookup
15529 * since ipif_lookup_on_name uses the _isv6 flags when matching.
15530 * Returns EINPROGRESS when mp has been consumed by queueing it on
15531 * ipx_pending_mp and the ioctl will complete in ip_rput.
15532 *
15533 * Can operate on either a module or a driver queue.
15534 * Returns an error if not a module queue.
15535 */
15536 /* ARGSUSED */
15537 int
15540 {
15553 }
15555 /*
15556 * If we are not writer on 'q' then this interface exists already
15557 * and previous lookups (ip_extract_lifreq()) found this ipif --
15558 * so return EALREADY.
15559 */
15566 /*
15567 * If there's another ill already with the requested name, ensure
15568 * that it's of the same type. Otherwise, ill_phyint_reinit() will
15569 * fuse together two unrelated ills, which will cause chaos.
15570 */
15586 }
15587 }
15589 /*
15590 * We start off as IFF_IPV4 in ipif_allocate and become
15591 * IFF_IPV4 or IFF_IPV6 here depending on lifr_flags value.
15592 * The only flags that we read from user space are IFF_IPV4,
15593 * IFF_IPV6, and IFF_BROADCAST.
15594 *
15595 * This ill has not been inserted into the global list.
15596 * So we are still single threaded and don't need any lock
15597 *
15598 * Saniy check the flags.
15599 */
15607 }
15609 new_flags =
15616 }
15618 /*
15619 * We always start off as IPv4, so only need to check for IPv6.
15620 */
15627 }
15631 else
15634 /* We started off as V4. */
15638 }
15641 }
15643 /* ARGSUSED */
15644 int
15647 {
15648 /*
15649 * ill_phyint_reinit merged the v4 and v6 into a single
15650 * ipsq. We might not have been able to complete the
15651 * slifname in ipif_set_values, if we could not become
15652 * exclusive. If so restart it here
15653 */
15655 }
15657 /*
15658 * Return a pointer to the ipif which matches the index, IP version type and
15659 * zoneid.
15660 */
15661 ipif_t *
15664 {
15678 }
15679 }
15682 }
15684 }
15686 /*
15687 * Change an existing physical interface's index. If the new index
15688 * is acceptable we update the index and the phyint_list_avl_by_index tree.
15689 * Finally, we update other systems which may have a dependence on the
15690 * index value.
15691 */
15692 /* ARGSUSED */
15693 int
15696 {
15703 avl_index_t where;
15707 else
15710 /*
15711 * Only allow on physical interface. Also, index zero is illegal.
15712 */
15717 }
15719 /* If the index is not changing, no work to do */
15723 /*
15724 * Use phyint_exists() to determine if the new interface index
15725 * is already in use. If the index is unused then we need to
15726 * change the phyint's position in the phyint_list_avl_by_index
15727 * tree. If we do not do this, subsequent lookups (using the new
15728 * index value) will not find the phyint.
15729 */
15734 }
15736 /*
15737 * The new index is unused. Set it in the phyint. However we must not
15738 * forget to trigger NE_IFINDEX_CHANGE event before the ifindex
15739 * changes. The event must be bound to old ifindex value.
15740 */
15754 /* Update SCTP's ILL list */
15757 /* Send the routing sockets message */
15762 /* Perhaps ilgs should use this ill */
15765 }
15767 /* ARGSUSED */
15768 int
15771 {
15777 /* Get the interface index */
15782 }
15784 }
15786 /* ARGSUSED */
15787 int
15790 {
15795 /* Get the interface zone */
15799 }
15801 /*
15802 * Set the zoneid of an interface.
15803 */
15804 /* ARGSUSED */
15805 int
15808 {
15813 zone_status_t status;
15814 zoneid_t zoneid;
15820 /* cannot assign instance zero to a non-global zone */
15824 /*
15825 * Cannot assign to a zone that doesn't exist or is shutting down. In
15826 * the event of a race with the zone shutdown processing, since IP
15827 * serializes this ioctl and SIOCGLIFCONF/SIOCLIFREMOVEIF, we know the
15828 * interface will be cleaned up even if the zone is shut down
15829 * immediately after the status check. If the interface can't be brought
15830 * down right away, and the zone is shut down before the restart
15831 * function is called, we resolve the possible races by rechecking the
15832 * zone status in the restart function.
15833 */
15843 /*
15844 * If the interface is already marked up,
15845 * we call ipif_down which will take care
15846 * of ditching any IREs that have been set
15847 * up based on the old interface address.
15848 */
15854 }
15858 }
15860 static int
15863 {
15872 else
15875 /*
15876 * For exclusive stacks we don't allow a different zoneid than
15877 * global.
15878 */
15883 /* Set the new zone id. */
15886 /* Update sctp list */
15889 /* The default multicast interface might have changed */
15893 /*
15894 * Now bring the interface back up. If this
15895 * is the only IPIF for the ILL, ipif_up
15896 * will have to re-bind to the device, so
15897 * we may get back EINPROGRESS, in which
15898 * case, this IOCTL will get completed in
15899 * ip_rput_dlpi when we see the DL_BIND_ACK.
15900 */
15902 }
15904 }
15906 /* ARGSUSED */
15907 int
15910 {
15912 zoneid_t zoneid;
15914 zone_status_t status;
15923 /*
15924 * We recheck the zone status to resolve the following race condition:
15925 * 1) process sends SIOCSLIFZONE to put hme0:1 in zone "myzone";
15926 * 2) hme0:1 is up and can't be brought down right away;
15927 * ip_sioctl_slifzone() returns EINPROGRESS and the request is queued;
15928 * 3) zone "myzone" is halted; the zone status switches to
15929 * 'shutting_down' and the zones framework sends SIOCGLIFCONF to list
15930 * the interfaces to remove - hme0:1 is not returned because it's not
15931 * yet in "myzone", so it won't be removed;
15932 * 4) the restart function for SIOCSLIFZONE is called; without the
15933 * status check here, we would have hme0:1 in "myzone" after it's been
15934 * destroyed.
15935 * Note that if the status check fails, we need to bring the interface
15936 * back to its state prior to ip_sioctl_slifzone(), hence the call to
15937 * ipif_up_done[_v6]().
15938 */
15943 }
15949 }
15951 }
15956 B_TRUE));
15957 }
15959 /*
15960 * Return the number of addresses on `ill' with one or more of the values
15961 * in `set' set and all of the values in `clear' clear.
15962 */
15963 static uint_t
15965 {
15973 cnt++;
15976 }
15978 /*
15979 * Return the number of migratable addresses on `ill' that are under
15980 * application control.
15981 */
15982 uint_t
15984 {
15986 IPIF_NOFAILOVER));
15987 }
15989 /*
15990 * Return the number of point-to-point addresses on `ill'.
15991 */
15992 uint_t
15994 {
15996 }
15998 /* ARGSUSED */
15999 int
16002 {
16014 }
16016 /* Find the previous ILL in this usesrc group */
16019 {
16027 }
16029 /*
16030 * Release all members of the usesrc group. This routine is called
16031 * from ill_delete when the interface being unplumbed is the
16032 * group head.
16033 *
16034 * This silently clears the usesrc that ifconfig setup.
16035 * An alternative would be to keep that ifindex, and drop packets on the floor
16036 * since no source address can be selected.
16037 * Even if we keep the current semantics, don't need a lock and a linked list.
16038 * Can walk all the ills checking if they have a ill_usesrc_ifindex matching
16039 * the one that is being removed. Issue is how we return the usesrc users
16040 * (SIOCGLIFSRCOF). We want to be able to find the ills which have an
16041 * ill_usesrc_ifindex matching a target ill. We could also do that with an
16042 * ill walk, but the walker would need to insert in the ioctl response.
16043 */
16044 static void
16046 {
16062 }
16064 /*
16065 * Remove the client usesrc ILL from the list and relink to a new list
16066 */
16067 int
16069 {
16076 /*
16077 * Check if the usesrc client ILL passed in is not already
16078 * in use as a usesrc ILL i.e one whose source address is
16079 * in use OR a usesrc ILL is not already in use as a usesrc
16080 * client ILL
16081 */
16085 }
16090 /* Remove from the current list */
16092 /* Only two elements in the list */
16097 }
16103 }
16111 }
16113 /*
16114 * Set the ill_usesrc and ill_usesrc_head fields. See synchronization notes in
16115 * ip.c for locking details.
16116 */
16117 /* ARGSUSED */
16118 int
16121 {
16126 uint_t ifindex;
16139 /* non usesrc group interface, nothing to reset */
16141 }
16143 /* valid reset request */
16145 }
16153 }
16159 /* Operation enqueued on the ipsq of the usesrc ILL */
16161 }
16163 /* USESRC isn't currently supported with IPMP */
16167 }
16169 /*
16170 * USESRC isn't compatible with the STANDBY flag. (STANDBY is only
16171 * used by IPMP underlying interfaces, but someone might think it's
16172 * more general and try to use it independently with VNI.)
16173 */
16177 }
16179 /*
16180 * If the client is already in use as a usesrc_ill or a usesrc_ill is
16181 * already a client then return EINVAL
16182 */
16186 }
16188 /*
16189 * If the ill_usesrc_ifindex field is already set to what it needs to
16190 * be then this is a duplicate operation.
16191 */
16195 }
16201 /*
16202 * ill_g_usesrc_lock global lock protects the ill_usesrc_grp_next
16203 * and the ill_usesrc_ifindex fields
16204 */
16211 }
16214 }
16216 /*
16217 * Four possibilities to consider:
16218 * 1. Both usesrc_ill and usesrc_cli_ill are not part of any usesrc grp
16219 * 2. usesrc_ill is part of a group but usesrc_cli_ill isn't
16220 * 3. usesrc_cli_ill is part of a group but usesrc_ill isn't
16221 * 4. Both are part of their respective usesrc groups
16222 */
16232 /* Insert at head of list */
16238 ifindex);
16241 }
16244 done:
16247 /* The refrele on the lifr_name ipif is done by ip_process_ioctl */
16250 /* Let conn_ixa caching know that source address selection changed */
16254 }
16256 /* ARGSUSED */
16257 int
16260 {
16264 /*
16265 * Need a lock since IFF_UP can be set even when there are
16266 * references to the ipif.
16267 */
16271 else
16275 }
16277 /*
16278 * comparison function used by avl.
16279 */
16280 static int
16282 {
16284 uint_t index;
16289 /*
16290 * let the phyint with the lowest index be on top.
16291 */
16297 }
16299 /*
16300 * comparison function used by avl.
16301 */
16302 static int
16304 {
16312 else
16322 }
16324 /*
16325 * This function is called on the unplumb path via ill_glist_delete() when
16326 * there are no ills left on the phyint and thus the phyint can be freed.
16327 */
16328 static void
16330 {
16335 /*
16336 * If this phyint was an IPMP meta-interface, blow away the group.
16337 * This is safe to do because all of the illgrps have already been
16338 * removed by I_PUNLINK, and thus SIOCSLIFGROUPNAME cannot find us.
16339 * If we're cleaning up as a result of failed initialization,
16340 * phyint_grp may be NULL.
16341 */
16347 }
16349 /*
16350 * If this interface was under IPMP, take it out of the group.
16351 */
16355 /*
16356 * Delete the phyint and disassociate its ipsq. The ipsq itself
16357 * will be freed in ipsq_exit().
16358 */
16363 }
16365 /*
16366 * Attach the ill to the phyint structure which can be shared by both
16367 * IPv4 and IPv6 ill. ill_init allocates a phyint to just hold flags. This
16368 * function is called from ipif_set_values and ill_lookup_on_name (for
16369 * loopback) where we know the name of the ill. We lookup the ill and if
16370 * there is one present already with the name use that phyint. Otherwise
16371 * reuse the one allocated by ill_init.
16372 */
16373 static void
16375 {
16392 /*
16393 * Now that our ill has a name, set it in the phyint.
16394 */
16400 /*
16401 * 1. We grabbed the ill_g_lock before inserting this ill into
16402 * the global list of ills. So no other thread could have located
16403 * this ill and hence the ipsq of this ill is guaranteed to be empty.
16404 * 2. Now locate the other protocol instance of this ill.
16405 * 3. Now grab both ill locks in the right order, and the phyint lock of
16406 * the new ipsq. Holding ill locks + ill_g_lock ensures that the ipsq
16407 * of neither ill can change.
16408 * 4. Merge the phyint and thus the ipsq as well of this ill onto the
16409 * other ill.
16410 * 5. Release all locks.
16411 */
16413 /*
16414 * Look for IPv4 if we are initializing IPv6 or look for IPv6 if
16415 * we are initializing IPv4.
16416 */
16423 /*
16424 * We are potentially throwing away phyint_flags which
16425 * could be different from the one that we obtain from
16426 * ill_other->ill_phyint. But it is okay as we are assuming
16427 * that the state maintained within IP is correct.
16428 */
16436 }
16438 /*
16439 * Delete the old phyint and make its ipsq eligible
16440 * to be freed in ipsq_exit().
16441 */
16449 /*
16450 * We don't need to acquire any lock, since
16451 * the ill is not yet visible globally and we
16452 * have not yet released the ill_g_lock.
16453 */
16456 /* XXX We need a recovery strategy here. */
16464 phyint_list_avl_by_index,
16468 }
16470 /*
16471 * Reassigning ill_phyint automatically reassigns the ipsq also.
16472 * pending mp is not affected because that is per ill basis.
16473 */
16476 /*
16477 * Now that the phyint's ifindex has been assigned, complete the
16478 * remaining
16479 */
16487 }
16489 /*
16490 * Generate an event within the hooks framework to indicate that
16491 * a new interface has just been added to IP. For this event to
16492 * be generated, the network interface must, at least, have an
16493 * ifindex assigned to it. (We don't generate the event for
16494 * loopback since ill_lookup_on_name() has its own NE_PLUMB event.)
16495 *
16496 * This needs to be run inside the ill_g_lock perimeter to ensure
16497 * that the ordering of delivered events to listeners matches the
16498 * order of them in the kernel.
16499 */
16503 }
16506 }
16508 /*
16509 * Notify any downstream modules of the name of this interface.
16510 * An M_IOCTL is used even though we don't expect a successful reply.
16511 * Any reply message from the driver (presumably an M_IOCNAK) will
16512 * eventually get discarded somewhere upstream. The message format is
16513 * simply an SIOCSLIFNAME ioctl just as might be sent from ifconfig
16514 * to IP.
16515 */
16516 static void
16518 {
16530 }
16547 }
16549 static int
16551 {
16556 /*
16557 * Now that ill_name is set, the configuration for the IPMP
16558 * meta-interface can be performed.
16559 */
16562 /*
16563 * If phyi->phyint_grp is NULL, then this is the first IPMP
16564 * meta-interface and we need to create the IPMP group.
16565 */
16567 /*
16568 * If someone has renamed another IPMP group to have
16569 * the same name as our interface, bail.
16570 */
16574 }
16579 }
16580 }
16582 }
16584 /* Tell downstream modules where they are. */
16587 /*
16588 * ill_dl_phys returns EINPROGRESS in the usual case.
16589 * Error cases are ENOMEM ...
16590 */
16599 }
16607 }
16609 }
16612 }
16614 /*
16615 * Common routine for ppa and ifname setting. Should be called exclusive.
16616 *
16617 * Returns EINPROGRESS when mp has been consumed by queueing it on
16618 * ipx_pending_mp and the ioctl will complete in ip_rput.
16619 *
16620 * NOTE : If ppa is UNIT_MAX, we assign the next valid ppa and return
16621 * the new name and new ppa in lifr_name and lifr_ppa respectively.
16622 * For SLIFNAME, we pass these values back to the userland.
16623 */
16624 static int
16626 {
16650 /* The ppa is sent down by ifconfig or is chosen */
16653 }
16655 /*
16656 * make sure ppa passed in is same as ppa in the name.
16657 * This check is not made when ppa == UINT_MAX in that case ppa
16658 * in the name could be anything. System will choose a ppa and
16659 * update new_ppa_ptr and inter_name to contain the choosen ppa.
16660 */
16662 /* stoi changes the pointer */
16664 /*
16665 * ifconfig passed in 0 for the ppa for DLPI 1 style devices
16666 * (they don't have an externally visible ppa). We assign one
16667 * here so that we can manage the interface. Note that in
16668 * the past this value was always 0 for DLPI 1 drivers.
16669 */
16674 }
16675 /*
16676 * terminate string before ppa
16677 * save char at that location.
16678 */
16683 /*
16684 * Finish as much work now as possible before calling ill_glist_insert
16685 * which makes the ill globally visible and also merges it with the
16686 * other protocol instance of this phyint. The remaining work is
16687 * done after entering the ipsq which may happen sometime later.
16688 */
16691 /* We didn't do this when we allocated ipif in ip_ll_subnet_defaults */
16706 }
16708 /* Keep the !IN6_IS_ADDR_V4MAPPED assertions happy */
16715 /*
16716 * point-to-point or Non-mulicast capable
16717 * interfaces won't do NUD unless explicitly
16718 * configured to do so.
16719 */
16723 }
16724 /* Make sure IPv4 specific flag is not set on IPv6 if */
16726 /*
16727 * Note: xresolv interfaces will eventually need
16728 * NOARP set here as well, but that will require
16729 * those external resolvers to have some
16730 * knowledge of that flag and act appropriately.
16731 * Not to be changed at present.
16732 */
16734 }
16735 /*
16736 * Set the ILLF_ROUTER flag according to the global
16737 * IPv6 forwarding policy.
16738 */
16750 /*
16751 * Set the ILLF_ROUTER flag according to the global
16752 * IPv4 forwarding policy.
16753 */
16756 }
16760 /*
16761 * The ipIfStatsIfindex and ipv6IfIcmpIfIndex assignments will
16762 * be completed in ill_glist_insert -> ill_phyint_reinit
16763 */
16767 /*
16768 * Pick a default sap until we get the DL_INFO_ACK back from
16769 * the driver.
16770 */
16777 /*
16778 * When the first ipif comes up in ipif_up_done(), multicast groups
16779 * that were joined while this ill was not bound to the DLPI link need
16780 * to be recovered by ill_recover_multicast().
16781 */
16790 /*
16791 * undo null termination done above.
16792 */
16797 }
16801 /*
16802 * When we return the buffer pointed to by interf_name should contain
16803 * the same name as in ill_name.
16804 * If a ppa was choosen by the system (ppa passed in was UINT_MAX)
16805 * the buffer pointed to by new_ppa_ptr would not contain the right ppa
16806 * so copy full name and update the ppa ptr.
16807 * When ppa passed in != UINT_MAX all values are correct just undo
16808 * null termination, this saves a bcopy.
16809 */
16814 /*
16815 * undo null termination done above.
16816 */
16818 }
16820 /* Let SCTP know about this ILL */
16823 /*
16824 * ill_glist_insert has made the ill visible globally, and
16825 * ill_phyint_reinit could have changed the ipsq. At this point,
16826 * we need to hold the ips_ill_g_lock across the call to enter the
16827 * ipsq to enforce atomicity and prevent reordering. In the event
16828 * the ipsq has changed, and if the new ipsq is currently busy,
16829 * we need to make sure that this half-completed ioctl is ahead of
16830 * any subsequent ioctl. We achieve this by not dropping the
16831 * ips_ill_g_lock which prevents any ill lookup itself thereby
16832 * ensuring that new ioctls can't start.
16833 */
16835 B_TRUE);
16842 /*
16843 * If ill_phyint_reinit() changed our ipsq, then start on the new ipsq.
16844 */
16847 else
16853 /*
16854 * restore previous values
16855 */
16858 }
16860 }
16862 void
16864 {
16872 }
16875 ill_phyint_compare_index,
16879 ill_phyint_compare_name,
16882 }
16884 /*
16885 * Save enough information so that we can recreate the IRE if
16886 * the interface goes down and then up.
16887 */
16888 void
16890 {
16910 /* ire_gateway_addr_v6 can change due to RTM_CHANGE */
16916 }
16924 }
16925 }
16927 /*
16928 * Remove one entry from ill_saved_ire_mp.
16929 */
16930 void
16932 {
16937 /* Remove from ill_saved_ire_mp list if it is there */
16941 in6_addr_t gw_addr_v6;
16943 /*
16944 * On a given ill, the tuple of address, gateway, mask,
16945 * ire_type, and zoneid is unique for each saved IRE.
16946 */
16949 /* ire_gateway_addr_v6 can change - need lock */
16972 }
16973 }
16975 }
16977 /*
16978 * Derive an interface id from the link layer address.
16979 * Knows about IEEE 802 and IEEE EUI-64 mappings.
16980 */
16981 static void
16983 {
16986 /*
16987 * Note that some IPv6 interfaces get plumbed over links that claim to
16988 * be DL_ETHER, but don't actually have Ethernet MAC addresses (e.g.
16989 * PPP links). The ETHERADDRL check here ensures that we only set the
16990 * interface ID on IPv6 interfaces above links that actually have real
16991 * Ethernet addresses.
16992 */
16994 /* Form EUI-64 like address */
17001 }
17002 }
17004 /* ARGSUSED */
17005 static void
17007 {
17008 }
17016 /*
17017 * Construct a pseudo-random interface ID for the IPMP interface that's both
17018 * predictable and (almost) guaranteed to be unique.
17019 */
17020 static void
17022 {
17026 ulong_t hostid;
17027 MD5_CTX ctx;
17040 }
17046 /*
17047 * Map the hash to an interface ID per the basic approach in RFC3041.
17048 */
17052 }
17054 /*
17055 * Map the multicast in6_addr_t in m_ip6addr to the physaddr for ethernet.
17056 */
17057 static void
17059 {
17062 /*
17063 * Check PHYI_MULTI_BCAST and length of physical
17064 * address to determine if we use the mapping or the
17065 * broadcast address.
17066 */
17071 }
17078 }
17080 /*
17081 * Map the multicast ipaddr_t in m_ipaddr to the physaddr for ethernet.
17082 */
17083 static void
17085 {
17088 /*
17089 * Check PHYI_MULTI_BCAST and length of physical
17090 * address to determine if we use the mapping or the
17091 * broadcast address.
17092 */
17097 }
17104 }
17106 /* ARGSUSED */
17107 static void
17109 {
17110 /*
17111 * for the MULTI_BCAST case and other cases when we want to
17112 * use the link-layer broadcast address for multicast.
17113 */
17124 }
17127 }
17129 /*
17130 * Derive IPoIB interface id from the link layer address.
17131 */
17132 static void
17134 {
17140 /*
17141 * In IBA 1.1 timeframe, some vendors erroneously set the u/l bit
17142 * in the globally assigned EUI-64 GUID to 1, in violation of IEEE
17143 * rules. In these cases, the IBA considers these GUIDs to be in
17144 * "Modified EUI-64" format, and thus toggling the u/l bit is not
17145 * required; vendors are required not to assign global EUI-64's
17146 * that differ only in u/l bit values, thus guaranteeing uniqueness
17147 * of the interface identifier. Whether the GUID is in modified
17148 * or proper EUI-64 format, the ipv6 identifier must have the u/l
17149 * bit set to 1.
17150 */
17152 }
17154 /*
17155 * Map the multicast ipaddr_t in m_ipaddr to the physaddr for InfiniBand.
17156 * Note on mapping from multicast IP addresses to IPoIB multicast link
17157 * addresses. IPoIB multicast link addresses are based on IBA link addresses.
17158 * The format of an IPoIB multicast address is:
17159 *
17160 * 4 byte QPN Scope Sign. Pkey
17161 * +--------------------------------------------+
17162 * | 00FFFFFF | FF | 1X | X01B | Pkey | GroupID |
17163 * +--------------------------------------------+
17164 *
17165 * The Scope and Pkey components are properties of the IBA port and
17166 * network interface. They can be ascertained from the broadcast address.
17167 * The Sign. part is the signature, and is 401B for IPv4 and 601B for IPv6.
17168 */
17169 static void
17171 {
17180 /*
17181 * RFC 4391: IPv4 MGID is 28-bit long.
17182 */
17195 }
17196 /*
17197 * Now fill in the IBA scope/Pkey values from the broadcast address.
17198 */
17202 }
17204 static void
17206 {
17215 /*
17216 * RFC 4391: IPv4 MGID is 80-bit long.
17217 */
17226 }
17227 /*
17228 * Now fill in the IBA scope/Pkey values from the broadcast address.
17229 */
17233 }
17235 /*
17236 * Derive IPv6 interface id from an IPv4 link-layer address (e.g. from an IPv4
17237 * tunnel). The IPv4 address simply get placed in the lower 4 bytes of the
17238 * IPv6 interface id. This is a suggested mechanism described in section 3.7
17239 * of RFC4213.
17240 */
17241 static void
17243 {
17247 }
17249 /*
17250 * Derive IPv6 interface id from an IPv6 link-layer address (e.g. from an IPv6
17251 * tunnel). The lower 8 bytes of the IPv6 address simply become the interface
17252 * id.
17253 */
17254 static void
17256 {
17261 }
17263 static void
17265 {
17267 }
17269 static void
17271 {
17273 }
17275 static void
17277 {
17279 }
17281 static void
17283 {
17285 }
17287 /*
17288 * Lookup an ill and verify that the zoneid has an ipif on that ill.
17289 * Returns an held ill, or NULL.
17290 */
17291 ill_t *
17294 {
17312 }
17316 }
17318 /*
17319 * Return a pointer to an ipif_t given a combination of (ill_idx,ipif_id)
17320 * If a pointer to an ipif_t is returned then the caller will need to do
17321 * an ill_refrele().
17322 */
17323 ipif_t *
17326 {
17339 }
17347 }
17348 }
17353 }
17355 /*
17356 * Set ill_inputfn based on the current know state.
17357 * This needs to be called when any of the factors taken into
17358 * account changes.
17359 */
17360 void
17362 {
17373 else
17375 }
17376 }
17378 /*
17379 * Re-evaluate ill_inputfn for all the IPv4 ills.
17380 * Used when RSVP comes and goes.
17381 */
17382 void
17384 {
17385 ill_walk_context_t ctx;
17394 }
17396 /*
17397 * Set the physical address information for `ill' to the contents of the
17398 * dl_notify_ind_t pointed to by `mp'. Must be called as writer, and will be
17399 * asynchronous if `ill' cannot immediately be quiesced -- in which case
17400 * EINPROGRESS will be returned.
17401 */
17402 int
17404 {
17413 /* Changing DL_IPV6_TOKEN is not yet supported */
17415 }
17417 /*
17418 * We need to store up to two copies of `mp' in `ill'. Due to the
17419 * design of ipsq_pending_mp_add(), we can't pass them as separate
17420 * arguments to ill_set_phys_addr_tail(). Instead, chain them
17421 * together here, then pull 'em apart in ill_set_phys_addr_tail().
17422 */
17426 }
17430 /*
17431 * Since we'll only do a logical down, we can't rely on ipif_down
17432 * to turn on ILL_DOWN_IN_PROGRESS, or for the DL_BIND_ACK to reset
17433 * ILL_DOWN_IN_PROGRESS. We instead manage this separately for this
17434 * case, to quiesce ire's and nce's for ill_is_quiescent.
17435 */
17438 /* no more ire/nce addition allowed */
17441 /*
17442 * If we can quiesce the ill, then set the address. If not, then
17443 * ill_set_phys_addr_tail() will be called from ipif_ill_refrele_tail().
17444 */
17448 /* call cannot fail since `conn_t *' argument is NULL */
17453 }
17458 }
17460 /*
17461 * When the allowed-ips link property is set on the datalink, IP receives a
17462 * DL_NOTE_ALLOWED_IPS notification that is processed in ill_set_allowed_ips()
17463 * to initialize the ill_allowed_ips[] array in the ill_t. This array is then
17464 * used to vet addresses passed to ip_sioctl_addr() and to ensure that the
17465 * only IP addresses configured on the ill_t are those in the ill_allowed_ips[]
17466 * array.
17467 */
17468 void
17470 {
17488 }
17493 }
17503 }
17505 /*
17506 * Once the ill associated with `q' has quiesced, set its physical address
17507 * information to the values in `addrmp'. Note that two copies of `addrmp'
17508 * are passed (linked by b_cont), since we sometimes need to save two distinct
17509 * copies in the ill_t, and our context doesn't permit sleeping or allocation
17510 * failure (we'll free the other copy if it's not needed). Since the ill_t
17511 * is quiesced, we know any stale nce's with the old address information have
17512 * already been removed, so we don't need to call nce_flush().
17513 */
17514 /* ARGSUSED */
17515 static void
17517 {
17542 }
17553 else
17558 }
17562 }
17564 /*
17565 * reset ILL_DOWN_IN_PROGRESS so that we can successfully add ires
17566 * as we bring the ipifs up again.
17567 */
17571 /*
17572 * If there are ipifs to bring up, ill_up_ipifs() will return
17573 * EINPROGRESS, and ipsq_current_finish() will be called by
17574 * ip_rput_dlpi_writer() or arp_bringup_done() when the last ipif is
17575 * brought up.
17576 */
17580 }
17582 /*
17583 * Helper routine for setting the ill_nd_lla fields.
17584 */
17585 void
17587 {
17592 }
17594 /*
17595 * Replumb the ill.
17596 */
17597 int
17599 {
17606 /*
17607 * If we can quiesce the ill, then continue. If not, then
17608 * ill_replumb_tail() will be called from ipif_ill_refrele_tail().
17609 */
17614 /* call cannot fail since `conn_t *' argument is NULL */
17619 }
17624 }
17626 /* ARGSUSED */
17627 static void
17629 {
17639 /* out of memory */
17642 }
17650 /* already closing */
17653 }
17657 /*
17658 * Successfully quiesced and brought down the interface, now we send
17659 * the DL_NOTE_REPLUMB_DONE message down to the driver. Reuse the
17660 * DL_NOTE_REPLUMB message.
17661 */
17663 DL_NOTIFY_CONF);
17666 DL_NOTE_REPLUMB_DONE;
17669 /*
17670 * For IPv4, we would usually get EINPROGRESS because the ETHERTYPE_ARP
17671 * streams have to be unbound. When all the DLPI exchanges are done,
17672 * ipsq_current_finish() will be called by arp_bringup_done(). The
17673 * remainder of ipif bringup via ill_up_ipifs() will also be done in
17674 * arp_bringup_done().
17675 */
17679 else
17685 }
17687 }
17689 /*
17690 * Issue ioctl `cmd' on `lh'; caller provides the initial payload in `buf'
17691 * which is `bufsize' bytes. On success, zero is returned and `buf' updated
17692 * as per the ioctl. On failure, an errno is returned.
17693 */
17694 static int
17696 {
17706 }
17708 /*
17709 * Issue an SIOCGLIFCONF for address family `af' and store the result into a
17710 * dynamically-allocated `lifcp' that will be `bufsizep' bytes on success.
17711 */
17712 static int
17715 {
17726 /*
17727 * Pad the interface count to account for additional interfaces that
17728 * may have been configured between the SIOCGLIFNUM and SIOCGLIFCONF.
17729 */
17741 }
17744 }
17746 /*
17747 * Helper for ip_interface_cleanup() that removes the loopback interface.
17748 */
17749 static void
17751 {
17758 /*
17759 * Attempt to remove the interface. It may legitimately not exist
17760 * (e.g. the zone administrator unplumbed it), so ignore ENXIO.
17761 */
17766 }
17767 }
17769 /*
17770 * Helper for ip_interface_cleanup() that ensures no IP interfaces are in IPMP
17771 * groups and that IPMP data addresses are down. These conditions must be met
17772 * so that IPMP interfaces can be I_PUNLINK'd, as per ip_sioctl_plink_ipmp().
17773 */
17774 static void
17776 {
17780 uint_t bufsize;
17789 }
17798 }
17808 "bring down (error %d); IPMP interface may "
17810 }
17812 /*
17813 * Check if IFF_DUPLICATE is still set -- and if so,
17814 * reset the address to clear it.
17815 */
17824 "reset DAD (error %d); IPMP interface may "
17826 }
17828 }
17835 "leave IPMP group (error %d); associated "
17839 }
17840 }
17841 }
17844 }
17849 /*
17850 * Remove the loopback interfaces and prep the IPMP interfaces to be torn down.
17851 * Non-loopback interfaces are either I_LINK'd or I_PLINK'd; the former go away
17852 * when the user-level processes in the zone are killed and the latter are
17853 * cleaned up by str_stack_shutdown().
17854 */
17855 void
17857 {
17858 ldi_handle_t lh;
17859 ldi_ident_t li;
17870 }
17875 /*
17876 * NOTE: loop executes exactly twice and is hardcoded to know that the
17877 * first iteration is IPv6. (Unrolling yields repetitious code, hence
17878 * the loop.)
17879 */
17886 }
17892 }
17896 }
17898 /*
17899 * This needs to be in-sync with nic_event_t definition
17900 */
17903 {
17923 }
17924 }
17926 void
17929 {
17934 /* create a new nic event info */
17953 }
17959 fail:
17964 }
17966 }
17970 }
17972 static int
17974 {
17988 }
17993 }
17998 /* add unicast nce for the local addr */
18001 /*
18002 * If we're here via ipif_up(), then the ipif
18003 * won't be bound yet -- add it to the group,
18004 * which will bind it if possible. (We would
18005 * add it in ipif_up(), but deleting on failure
18006 * there is gruesome.) If we're here via
18007 * ipmp_ill_bind_ipif(), then the ipif has
18008 * already been added to the group and we
18009 * just need to use the binding.
18010 */
18014 /*
18015 * We couldn't bind the ipif to an ill
18016 * yet, so we have nothing to publish.
18017 * Mark the address as ready and return.
18018 */
18021 }
18023 }
18026 }
18029 NCE_F_NONUD);
18030 /*
18031 * If this is an initial bring-up (or the ipif was never
18032 * completely brought up), do DAD. Otherwise, we're here
18033 * because IPMP has rebound an address to this ill: send
18034 * unsolicited advertisements (ARP announcements) to
18035 * inform others.
18036 */
18042 }
18044 retry:
18049 /*
18050 * note that we may encounter EEXIST if we are moving
18051 * the nce as a result of a rebind operation.
18052 */
18062 /*
18063 * A leftover nce from before this address
18064 * existed
18065 */
18070 }
18078 }
18079 /*
18080 * Duplicate local addresses are permissible for
18081 * IPIF_POINTOPOINT interfaces which will get marked
18082 * IPIF_UNNUMBERED later in
18083 * ip_addr_availability_check().
18084 *
18085 * The nce_ipif_cnt field tracks the number of
18086 * ipifs that have nce_addr as their local address.
18087 */
18096 }
18102 }
18104 /* zero address. nothing to publish */
18106 }
18109 arp_up_done:
18113 }
18115 int
18117 {
18125 /*
18126 * need to bring up ARP or setup mcast mapping only
18127 * when the first interface is coming UP.
18128 */
18133 /*
18134 * Send ATTACH + BIND
18135 */
18140 /*
18141 * Add NCE for local address. Start DAD.
18142 * we'll wait to hear that DAD has finished
18143 * before using the interface.
18144 */
18147 }
18153 }
18155 /*
18156 * Finish processing of "arp_up" after all the DLPI message
18157 * exchanges have completed between arp and the driver.
18158 */
18159 void
18161 {
18179 /*
18180 * If an IOCTL is waiting on this (ipsq_current_ioctl != 0), then we
18181 * must have an associated conn_t. Otherwise, we're bringing this
18182 * interface back up as part of handling an asynchronous event (e.g.,
18183 * physical address change).
18184 */
18191 }
18203 }
18205 }
18208 }
18214 }
18216 /*
18217 * If we have a moved ipif to bring up, and everything has succeeded
18218 * to this point, bring it up on the IPMP ill. Otherwise, leave it
18219 * down -- the admin can try to bring it up by hand if need be.
18220 */
18230 }
18231 }
18233 /*
18234 * The operation must complete without EINPROGRESS since
18235 * ipsq_pending_mp_get() has removed the mblk from ipsq_pending_mp.
18236 * Otherwise, the operation will be stuck forever in the ipsq.
18237 */
18246 }
18247 }
18249 /*
18250 * Finish processing of arp replumb after all the DLPI message
18251 * exchanges have completed between arp and the driver.
18252 */
18253 void
18255 {
18271 /* bringup was aborted by the user */
18273 }
18274 /*
18275 * If an IOCTL is waiting on this (ipsq_current_ioctl != 0), then we
18276 * must have an associated conn_t. Otherwise, we're bringing this
18277 * interface back up as part of handling an asynchronous event (e.g.,
18278 * physical address change).
18279 */
18286 }
18291 }
18292 /*
18293 * The operation must complete without EINPROGRESS since
18294 * ipsq_pending_mp_get() has removed the mblk from ipsq_pending_mp.
18295 * Otherwise, the operation will be stuck forever in the ipsq.
18296 */
18306 }
18307 }
18309 void
18311 {
18317 }
18319 /*
18320 * ILB ioctl uses cv_wait (such as deleting a rule or adding a server) and
18321 * this assumes the context is cv_wait'able. Hence it shouldnt' be used on
18322 * TPI end points with STREAMS modules pushed above. This is assured by not
18323 * having the IPI_MODOK flag for the ioctl. And IP ensures the ILB ioctl
18324 * never ends up on an ipsq, otherwise we may end up processing the ioctl
18325 * while unwinding from the ispq and that could be a thread from the bottom.
18326 */
18327 /* ARGSUSED */
18328 int
18331 {
18338 zoneid_t zoneid;
18352 }
18356 }
18365 }
18377 }
18383 NULL);
18386 NULL);
18387 }
18388 }
18390 }
18397 }
18401 }
18410 }
18416 }
18419 }
18426 }
18431 }
18438 }
18441 }
18450 }
18456 }
18461 }
18470 }
18476 }
18481 }
18487 }
18490 }
18502 }
18508 }
18521 }
18528 }
18531 }
18539 }
18545 }
18550 }
18558 }
18564 }
18569 }
18573 }
18574 done:
18576 }
18578 /* Remove all cache entries for this logical interface */
18579 void
18581 {
18590 else
18598 /*
18599 * nce may already be NULL because it was already
18600 * flushed, e.g., due to a call to nce_flush
18601 */
18603 }
18604 }
18605 /*
18606 * Make IPMP aware of the deleted data address.
18607 */
18611 /*
18612 * Remove all other nces dependent on this ill when the last ipif
18613 * is going away.
18614 */
18619 }
18620 }
18622 /*
18623 * find the first interface that uses usill for its source address.
18624 */
18625 ill_t *
18627 {
18633 /* ill_g_usesrc_lock protects ill_usesrc_grp_next */
18642 }
18643 }
18647 }
18649 /*
18650 * This comment applies to both ip_sioctl_get_ifhwaddr and
18651 * ip_sioctl_get_lifhwaddr as the basic function of these two functions
18652 * is the same.
18653 *
18654 * The goal here is to find an IP interface that corresponds to the name
18655 * provided by the caller in the ifreq/lifreq structure held in the mblk_t
18656 * chain and to fill out a sockaddr/sockaddr_storage structure with the
18657 * mac address.
18658 *
18659 * The SIOCGIFHWADDR/SIOCGLIFHWADDR ioctl may return an error for a number
18660 * of different reasons:
18661 * ENXIO - the device name is not known to IP.
18662 * EADDRNOTAVAIL - the device has no hardware address. This is indicated
18663 * by ill_phys_addr not pointing to an actual address.
18664 * EPFNOSUPPORT - this will indicate that a request is being made for a
18665 * mac address that will not fit in the data structure supplier (struct
18666 * sockaddr).
18667 *
18668 */
18669 /* ARGSUSED */
18670 int
18673 {
18684 }
18687 }
18691 /* Existence of mp1 has been checked in ip_wput_nondata */
18696 /*
18697 * The "family" field in the returned structure is set to a value
18698 * that represents the type of device to which the address belongs.
18699 * The value returned may differ to that on Linux but it will still
18700 * represent the correct symbol on Solaris.
18701 */
18706 }
18708 /*
18709 * The expection of applications using SIOCGIFHWADDR is that data will
18710 * be returned in the sa_data field of the sockaddr structure. With
18711 * SIOCGLIFHWADDR, we're breaking new ground as there is no Linux
18712 * equivalent. In light of this, struct sockaddr_dl is used as it
18713 * offers more space for address storage in sll_data.
18714 */
18715 /* ARGSUSED */
18716 int
18719 {
18730 }
18733 }
18737 /* Existence of mp1 has been checked in ip_wput_nondata */
18741 /*
18742 * sockaddr_ll is used here because it is also the structure used in
18743 * responding to the same ioctl in sockpfp. The only other choice is
18744 * sockaddr_dl which contains fields that are not required here
18745 * because its purpose is different.
18746 */
18758 }