1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2019 OmniOS Community Edition (OmniOSce) Association.
24  * Copyright 2022 Joyent, Inc.
25  */
26 
27 /*
28  * IP PACKET CLASSIFIER
29  *
30  * The IP packet classifier provides mapping between IP packets and persistent
31  * connection state for connection-oriented protocols. It also provides
32  * interface for managing connection states.
33  *
34  * The connection state is kept in conn_t data structure and contains, among
35  * other things:
36  *
37  *	o local/remote address and ports
38  *	o Transport protocol
39  *	o squeue for the connection (for TCP only)
40  *	o reference counter
41  *	o Connection state
42  *	o hash table linkage
43  *	o interface/ire information
44  *	o credentials
45  *	o ipsec policy
46  *	o send and receive functions.
47  *	o mutex lock.
48  *
49  * Connections use a reference counting scheme. They are freed when the
50  * reference counter drops to zero. A reference is incremented when connection
51  * is placed in a list or table, when incoming packet for the connection arrives
52  * and when connection is processed via squeue (squeue processing may be
53  * asynchronous and the reference protects the connection from being destroyed
54  * before its processing is finished).
55  *
56  * conn_recv is used to pass up packets to the ULP.
57  * For TCP conn_recv changes. It is tcp_input_listener_unbound initially for
58  * a listener, and changes to tcp_input_listener as the listener has picked a
59  * good squeue. For other cases it is set to tcp_input_data.
60  *
61  * conn_recvicmp is used to pass up ICMP errors to the ULP.
62  *
63  * Classifier uses several hash tables:
64  *
65  *	ipcl_conn_fanout:	contains all TCP connections in CONNECTED state
66  *	ipcl_bind_fanout:	contains all connections in BOUND state
67  *	ipcl_proto_fanout:	IPv4 protocol fanout
68  *	ipcl_proto_fanout_v6:	IPv6 protocol fanout
69  *	ipcl_udp_fanout:	contains all UDP connections
70  *	ipcl_iptun_fanout:	contains all IP tunnel connections
71  *	ipcl_globalhash_fanout:	contains all connections
72  *
73  * The ipcl_globalhash_fanout is used for any walkers (like snmp and Clustering)
74  * which need to view all existing connections.
75  *
76  * All tables are protected by per-bucket locks. When both per-bucket lock and
77  * connection lock need to be held, the per-bucket lock should be acquired
78  * first, followed by the connection lock.
79  *
80  * All functions doing search in one of these tables increment a reference
81  * counter on the connection found (if any). This reference should be dropped
82  * when the caller has finished processing the connection.
83  *
84  *
85  * INTERFACES:
86  * ===========
87  *
88  * Connection Lookup:
89  * ------------------
90  *
91  * conn_t *ipcl_classify_v4(mp, protocol, hdr_len, ira, ip_stack)
92  * conn_t *ipcl_classify_v6(mp, protocol, hdr_len, ira, ip_stack)
93  *
94  * Finds connection for an incoming IPv4 or IPv6 packet. Returns NULL if
95  * it can't find any associated connection. If the connection is found, its
96  * reference counter is incremented.
97  *
98  *	mp:	mblock, containing packet header. The full header should fit
99  *		into a single mblock. It should also contain at least full IP
100  *		and TCP or UDP header.
101  *
102  *	protocol: Either IPPROTO_TCP or IPPROTO_UDP.
103  *
104  *	hdr_len: The size of IP header. It is used to find TCP or UDP header in
105  *		 the packet.
106  *
107  *	ira->ira_zoneid: The zone in which the returned connection must be; the
108  *		zoneid corresponding to the ire_zoneid on the IRE located for
109  *		the packet's destination address.
110  *
111  *	ira->ira_flags: Contains the IRAF_TX_MAC_EXEMPTABLE and
112  *		IRAF_TX_SHARED_ADDR flags
113  *
114  *	For TCP connections, the lookup order is as follows:
115  *		5-tuple {src, dst, protocol, local port, remote port}
116  *			lookup in ipcl_conn_fanout table.
117  *		3-tuple {dst, remote port, protocol} lookup in
118  *			ipcl_bind_fanout table.
119  *
120  *	For UDP connections, a 5-tuple {src, dst, protocol, local port,
121  *	remote port} lookup is done on ipcl_udp_fanout. Note that,
122  *	these interfaces do not handle cases where a packets belongs
123  *	to multiple UDP clients, which is handled in IP itself.
124  *
125  * If the destination IRE is ALL_ZONES (indicated by zoneid), then we must
126  * determine which actual zone gets the segment.  This is used only in a
127  * labeled environment.  The matching rules are:
128  *
129  *	- If it's not a multilevel port, then the label on the packet selects
130  *	  the zone.  Unlabeled packets are delivered to the global zone.
131  *
132  *	- If it's a multilevel port, then only the zone registered to receive
133  *	  packets on that port matches.
134  *
135  * Also, in a labeled environment, packet labels need to be checked.  For fully
136  * bound TCP connections, we can assume that the packet label was checked
137  * during connection establishment, and doesn't need to be checked on each
138  * packet.  For others, though, we need to check for strict equality or, for
139  * multilevel ports, membership in the range or set.  This part currently does
140  * a tnrh lookup on each packet, but could be optimized to use cached results
141  * if that were necessary.  (SCTP doesn't come through here, but if it did,
142  * we would apply the same rules as TCP.)
143  *
144  * An implication of the above is that fully-bound TCP sockets must always use
145  * distinct 4-tuples; they can't be discriminated by label alone.
146  *
147  * Note that we cannot trust labels on packets sent to fully-bound UDP sockets,
148  * as there's no connection set-up handshake and no shared state.
149  *
150  * Labels on looped-back packets within a single zone do not need to be
151  * checked, as all processes in the same zone have the same label.
152  *
153  * Finally, for unlabeled packets received by a labeled system, special rules
154  * apply.  We consider only the MLP if there is one.  Otherwise, we prefer a
155  * socket in the zone whose label matches the default label of the sender, if
156  * any.  In any event, the receiving socket must have SO_MAC_EXEMPT set and the
157  * receiver's label must dominate the sender's default label.
158  *
159  * conn_t *ipcl_tcp_lookup_reversed_ipv4(ipha_t *, tcpha_t *, int, ip_stack);
160  * conn_t *ipcl_tcp_lookup_reversed_ipv6(ip6_t *, tcpha_t *, int, uint_t,
161  *					 ip_stack);
162  *
163  *	Lookup routine to find a exact match for {src, dst, local port,
164  *	remote port) for TCP connections in ipcl_conn_fanout. The address and
165  *	ports are read from the IP and TCP header respectively.
166  *
167  * conn_t	*ipcl_lookup_listener_v4(lport, laddr, protocol,
168  *					 zoneid, ip_stack);
169  * conn_t	*ipcl_lookup_listener_v6(lport, laddr, protocol, ifindex,
170  *					 zoneid, ip_stack);
171  *
172  *	Lookup routine to find a listener with the tuple {lport, laddr,
173  *	protocol} in the ipcl_bind_fanout table. For IPv6, an additional
174  *	parameter interface index is also compared.
175  *
176  * void ipcl_walk(func, arg, ip_stack)
177  *
178  *	Apply 'func' to every connection available. The 'func' is called as
179  *	(*func)(connp, arg). The walk is non-atomic so connections may be
180  *	created and destroyed during the walk. The CONN_CONDEMNED and
181  *	CONN_INCIPIENT flags ensure that connections which are newly created
182  *	or being destroyed are not selected by the walker.
183  *
184  * Table Updates
185  * -------------
186  *
187  * int ipcl_conn_insert(connp);
188  * int ipcl_conn_insert_v4(connp);
189  * int ipcl_conn_insert_v6(connp);
190  *
191  *	Insert 'connp' in the ipcl_conn_fanout.
192  *	Arguments :
193  *		connp		conn_t to be inserted
194  *
195  *	Return value :
196  *		0		if connp was inserted
197  *		EADDRINUSE	if the connection with the same tuple
198  *				already exists.
199  *
200  * int ipcl_bind_insert(connp);
201  * int ipcl_bind_insert_v4(connp);
202  * int ipcl_bind_insert_v6(connp);
203  *
204  *	Insert 'connp' in ipcl_bind_fanout.
205  *	Arguments :
206  *		connp		conn_t to be inserted
207  *
208  *
209  * void ipcl_hash_remove(connp);
210  *
211  *	Removes the 'connp' from the connection fanout table.
212  *
213  * Connection Creation/Destruction
214  * -------------------------------
215  *
216  * conn_t *ipcl_conn_create(type, sleep, netstack_t *)
217  *
218  *	Creates a new conn based on the type flag, inserts it into
219  *	globalhash table.
220  *
221  *	type:	This flag determines the type of conn_t which needs to be
222  *		created i.e., which kmem_cache it comes from.
223  *		IPCL_TCPCONN	indicates a TCP connection
224  *		IPCL_SCTPCONN	indicates a SCTP connection
225  *		IPCL_UDPCONN	indicates a UDP conn_t.
226  *		IPCL_RAWIPCONN	indicates a RAWIP/ICMP conn_t.
227  *		IPCL_RTSCONN	indicates a RTS conn_t.
228  *		IPCL_IPCCONN	indicates all other connections.
229  *
230  * void ipcl_conn_destroy(connp)
231  *
232  *	Destroys the connection state, removes it from the global
233  *	connection hash table and frees its memory.
234  */
235 
236 #include <sys/types.h>
237 #include <sys/stream.h>
238 #include <sys/stropts.h>
239 #include <sys/sysmacros.h>
240 #include <sys/strsubr.h>
241 #include <sys/strsun.h>
242 #define	_SUN_TPI_VERSION 2
243 #include <sys/ddi.h>
244 #include <sys/cmn_err.h>
245 #include <sys/debug.h>
246 
247 #include <sys/systm.h>
248 #include <sys/param.h>
249 #include <sys/kmem.h>
250 #include <sys/isa_defs.h>
251 #include <inet/common.h>
252 #include <netinet/ip6.h>
253 #include <netinet/icmp6.h>
254 
255 #include <inet/ip.h>
256 #include <inet/ip_if.h>
257 #include <inet/ip_ire.h>
258 #include <inet/ip6.h>
259 #include <inet/ip_ndp.h>
260 #include <inet/ip_impl.h>
261 #include <inet/udp_impl.h>
262 #include <inet/sctp_ip.h>
263 #include <inet/sctp/sctp_impl.h>
264 #include <inet/rawip_impl.h>
265 #include <inet/rts_impl.h>
266 #include <inet/iptun/iptun_impl.h>
267 
268 #include <sys/cpuvar.h>
269 
270 #include <inet/ipclassifier.h>
271 #include <inet/tcp.h>
272 #include <inet/ipsec_impl.h>
273 
274 #include <sys/tsol/tnet.h>
275 #include <sys/sockio.h>
276 
277 /* Old value for compatibility. Setable in /etc/system */
278 uint_t tcp_conn_hash_size = 0;
279 
280 /* New value. Zero means choose automatically.  Setable in /etc/system */
281 uint_t ipcl_conn_hash_size = 0;
282 uint_t ipcl_conn_hash_memfactor = 8192;
283 uint_t ipcl_conn_hash_maxsize = 82500;
284 
285 /* bind/udp fanout table size */
286 uint_t ipcl_bind_fanout_size = 512;
287 uint_t ipcl_udp_fanout_size = 16384;
288 
289 /* Raw socket fanout size.  Must be a power of 2. */
290 uint_t ipcl_raw_fanout_size = 256;
291 
292 /*
293  * The IPCL_IPTUN_HASH() function works best with a prime table size.  We
294  * expect that most large deployments would have hundreds of tunnels, and
295  * thousands in the extreme case.
296  */
297 uint_t ipcl_iptun_fanout_size = 6143;
298 
299 /*
300  * Power of 2^N Primes useful for hashing for N of 0-28,
301  * these primes are the nearest prime <= 2^N - 2^(N-2).
302  */
303 
304 #define	P2Ps() {0, 0, 0, 5, 11, 23, 47, 89, 191, 383, 761, 1531, 3067,	\
305 		6143, 12281, 24571, 49139, 98299, 196597, 393209,	\
306 		786431, 1572853, 3145721, 6291449, 12582893, 25165813,	\
307 		50331599, 100663291, 201326557, 0}
308 
309 /*
310  * wrapper structure to ensure that conn and what follows it (tcp_t, etc)
311  * are aligned on cache lines.
312  */
313 typedef union itc_s {
314 	conn_t	itc_conn;
315 	char	itcu_filler[CACHE_ALIGN(conn_s)];
316 } itc_t;
317 
318 struct kmem_cache  *tcp_conn_cache;
319 struct kmem_cache  *ip_conn_cache;
320 extern struct kmem_cache  *sctp_conn_cache;
321 struct kmem_cache  *udp_conn_cache;
322 struct kmem_cache  *rawip_conn_cache;
323 struct kmem_cache  *rts_conn_cache;
324 
325 extern void	tcp_timermp_free(tcp_t *);
326 extern mblk_t	*tcp_timermp_alloc(int);
327 
328 static int	ip_conn_constructor(void *, void *, int);
329 static void	ip_conn_destructor(void *, void *);
330 
331 static int	tcp_conn_constructor(void *, void *, int);
332 static void	tcp_conn_destructor(void *, void *);
333 
334 static int	udp_conn_constructor(void *, void *, int);
335 static void	udp_conn_destructor(void *, void *);
336 
337 static int	rawip_conn_constructor(void *, void *, int);
338 static void	rawip_conn_destructor(void *, void *);
339 
340 static int	rts_conn_constructor(void *, void *, int);
341 static void	rts_conn_destructor(void *, void *);
342 
343 /*
344  * Global (for all stack instances) init routine
345  */
346 void
ipcl_g_init(void)347 ipcl_g_init(void)
348 {
349 	ip_conn_cache = kmem_cache_create("ip_conn_cache",
350 	    sizeof (conn_t), CACHE_ALIGN_SIZE,
351 	    ip_conn_constructor, ip_conn_destructor,
352 	    NULL, NULL, NULL, 0);
353 
354 	tcp_conn_cache = kmem_cache_create("tcp_conn_cache",
355 	    sizeof (itc_t) + sizeof (tcp_t), CACHE_ALIGN_SIZE,
356 	    tcp_conn_constructor, tcp_conn_destructor,
357 	    tcp_conn_reclaim, NULL, NULL, 0);
358 
359 	udp_conn_cache = kmem_cache_create("udp_conn_cache",
360 	    sizeof (itc_t) + sizeof (udp_t), CACHE_ALIGN_SIZE,
361 	    udp_conn_constructor, udp_conn_destructor,
362 	    NULL, NULL, NULL, 0);
363 
364 	rawip_conn_cache = kmem_cache_create("rawip_conn_cache",
365 	    sizeof (itc_t) + sizeof (icmp_t), CACHE_ALIGN_SIZE,
366 	    rawip_conn_constructor, rawip_conn_destructor,
367 	    NULL, NULL, NULL, 0);
368 
369 	rts_conn_cache = kmem_cache_create("rts_conn_cache",
370 	    sizeof (itc_t) + sizeof (rts_t), CACHE_ALIGN_SIZE,
371 	    rts_conn_constructor, rts_conn_destructor,
372 	    NULL, NULL, NULL, 0);
373 }
374 
375 /*
376  * ipclassifier intialization routine, sets up hash tables.
377  */
378 void
ipcl_init(ip_stack_t * ipst)379 ipcl_init(ip_stack_t *ipst)
380 {
381 	int i;
382 	int sizes[] = P2Ps();
383 
384 	/*
385 	 * Calculate size of conn fanout table from /etc/system settings
386 	 */
387 	if (ipcl_conn_hash_size != 0) {
388 		ipst->ips_ipcl_conn_fanout_size = ipcl_conn_hash_size;
389 	} else if (tcp_conn_hash_size != 0) {
390 		ipst->ips_ipcl_conn_fanout_size = tcp_conn_hash_size;
391 	} else {
392 		extern pgcnt_t freemem;
393 
394 		ipst->ips_ipcl_conn_fanout_size =
395 		    (freemem * PAGESIZE) / ipcl_conn_hash_memfactor;
396 
397 		if (ipst->ips_ipcl_conn_fanout_size > ipcl_conn_hash_maxsize) {
398 			ipst->ips_ipcl_conn_fanout_size =
399 			    ipcl_conn_hash_maxsize;
400 		}
401 	}
402 
403 	for (i = 9; i < sizeof (sizes) / sizeof (*sizes) - 1; i++) {
404 		if (sizes[i] >= ipst->ips_ipcl_conn_fanout_size) {
405 			break;
406 		}
407 	}
408 	if ((ipst->ips_ipcl_conn_fanout_size = sizes[i]) == 0) {
409 		/* Out of range, use the 2^16 value */
410 		ipst->ips_ipcl_conn_fanout_size = sizes[16];
411 	}
412 
413 	/* Take values from /etc/system */
414 	ipst->ips_ipcl_bind_fanout_size = ipcl_bind_fanout_size;
415 	ipst->ips_ipcl_udp_fanout_size = ipcl_udp_fanout_size;
416 	ipst->ips_ipcl_raw_fanout_size = ipcl_raw_fanout_size;
417 	ipst->ips_ipcl_iptun_fanout_size = ipcl_iptun_fanout_size;
418 
419 	ASSERT(ipst->ips_ipcl_conn_fanout == NULL);
420 
421 	ipst->ips_ipcl_conn_fanout = kmem_zalloc(
422 	    ipst->ips_ipcl_conn_fanout_size * sizeof (connf_t), KM_SLEEP);
423 
424 	for (i = 0; i < ipst->ips_ipcl_conn_fanout_size; i++) {
425 		mutex_init(&ipst->ips_ipcl_conn_fanout[i].connf_lock, NULL,
426 		    MUTEX_DEFAULT, NULL);
427 	}
428 
429 	ipst->ips_ipcl_bind_fanout = kmem_zalloc(
430 	    ipst->ips_ipcl_bind_fanout_size * sizeof (connf_t), KM_SLEEP);
431 
432 	for (i = 0; i < ipst->ips_ipcl_bind_fanout_size; i++) {
433 		mutex_init(&ipst->ips_ipcl_bind_fanout[i].connf_lock, NULL,
434 		    MUTEX_DEFAULT, NULL);
435 	}
436 
437 	ipst->ips_ipcl_proto_fanout_v4 = kmem_zalloc(IPPROTO_MAX *
438 	    sizeof (connf_t), KM_SLEEP);
439 	for (i = 0; i < IPPROTO_MAX; i++) {
440 		mutex_init(&ipst->ips_ipcl_proto_fanout_v4[i].connf_lock, NULL,
441 		    MUTEX_DEFAULT, NULL);
442 	}
443 
444 	ipst->ips_ipcl_proto_fanout_v6 = kmem_zalloc(IPPROTO_MAX *
445 	    sizeof (connf_t), KM_SLEEP);
446 	for (i = 0; i < IPPROTO_MAX; i++) {
447 		mutex_init(&ipst->ips_ipcl_proto_fanout_v6[i].connf_lock, NULL,
448 		    MUTEX_DEFAULT, NULL);
449 	}
450 
451 	ipst->ips_rts_clients = kmem_zalloc(sizeof (connf_t), KM_SLEEP);
452 	mutex_init(&ipst->ips_rts_clients->connf_lock,
453 	    NULL, MUTEX_DEFAULT, NULL);
454 
455 	ipst->ips_ipcl_udp_fanout = kmem_zalloc(
456 	    ipst->ips_ipcl_udp_fanout_size * sizeof (connf_t), KM_SLEEP);
457 	for (i = 0; i < ipst->ips_ipcl_udp_fanout_size; i++) {
458 		mutex_init(&ipst->ips_ipcl_udp_fanout[i].connf_lock, NULL,
459 		    MUTEX_DEFAULT, NULL);
460 	}
461 
462 	ipst->ips_ipcl_iptun_fanout = kmem_zalloc(
463 	    ipst->ips_ipcl_iptun_fanout_size * sizeof (connf_t), KM_SLEEP);
464 	for (i = 0; i < ipst->ips_ipcl_iptun_fanout_size; i++) {
465 		mutex_init(&ipst->ips_ipcl_iptun_fanout[i].connf_lock, NULL,
466 		    MUTEX_DEFAULT, NULL);
467 	}
468 
469 	ipst->ips_ipcl_raw_fanout = kmem_zalloc(
470 	    ipst->ips_ipcl_raw_fanout_size * sizeof (connf_t), KM_SLEEP);
471 	for (i = 0; i < ipst->ips_ipcl_raw_fanout_size; i++) {
472 		mutex_init(&ipst->ips_ipcl_raw_fanout[i].connf_lock, NULL,
473 		    MUTEX_DEFAULT, NULL);
474 	}
475 
476 	ipst->ips_ipcl_globalhash_fanout = kmem_zalloc(
477 	    sizeof (connf_t) * CONN_G_HASH_SIZE, KM_SLEEP);
478 	for (i = 0; i < CONN_G_HASH_SIZE; i++) {
479 		mutex_init(&ipst->ips_ipcl_globalhash_fanout[i].connf_lock,
480 		    NULL, MUTEX_DEFAULT, NULL);
481 	}
482 }
483 
484 void
ipcl_g_destroy(void)485 ipcl_g_destroy(void)
486 {
487 	kmem_cache_destroy(ip_conn_cache);
488 	kmem_cache_destroy(tcp_conn_cache);
489 	kmem_cache_destroy(udp_conn_cache);
490 	kmem_cache_destroy(rawip_conn_cache);
491 	kmem_cache_destroy(rts_conn_cache);
492 }
493 
494 /*
495  * All user-level and kernel use of the stack must be gone
496  * by now.
497  */
498 void
ipcl_destroy(ip_stack_t * ipst)499 ipcl_destroy(ip_stack_t *ipst)
500 {
501 	int i;
502 
503 	for (i = 0; i < ipst->ips_ipcl_conn_fanout_size; i++) {
504 		ASSERT(ipst->ips_ipcl_conn_fanout[i].connf_head == NULL);
505 		mutex_destroy(&ipst->ips_ipcl_conn_fanout[i].connf_lock);
506 	}
507 	kmem_free(ipst->ips_ipcl_conn_fanout, ipst->ips_ipcl_conn_fanout_size *
508 	    sizeof (connf_t));
509 	ipst->ips_ipcl_conn_fanout = NULL;
510 
511 	for (i = 0; i < ipst->ips_ipcl_bind_fanout_size; i++) {
512 		ASSERT(ipst->ips_ipcl_bind_fanout[i].connf_head == NULL);
513 		mutex_destroy(&ipst->ips_ipcl_bind_fanout[i].connf_lock);
514 	}
515 	kmem_free(ipst->ips_ipcl_bind_fanout, ipst->ips_ipcl_bind_fanout_size *
516 	    sizeof (connf_t));
517 	ipst->ips_ipcl_bind_fanout = NULL;
518 
519 	for (i = 0; i < IPPROTO_MAX; i++) {
520 		ASSERT(ipst->ips_ipcl_proto_fanout_v4[i].connf_head == NULL);
521 		mutex_destroy(&ipst->ips_ipcl_proto_fanout_v4[i].connf_lock);
522 	}
523 	kmem_free(ipst->ips_ipcl_proto_fanout_v4,
524 	    IPPROTO_MAX * sizeof (connf_t));
525 	ipst->ips_ipcl_proto_fanout_v4 = NULL;
526 
527 	for (i = 0; i < IPPROTO_MAX; i++) {
528 		ASSERT(ipst->ips_ipcl_proto_fanout_v6[i].connf_head == NULL);
529 		mutex_destroy(&ipst->ips_ipcl_proto_fanout_v6[i].connf_lock);
530 	}
531 	kmem_free(ipst->ips_ipcl_proto_fanout_v6,
532 	    IPPROTO_MAX * sizeof (connf_t));
533 	ipst->ips_ipcl_proto_fanout_v6 = NULL;
534 
535 	for (i = 0; i < ipst->ips_ipcl_udp_fanout_size; i++) {
536 		ASSERT(ipst->ips_ipcl_udp_fanout[i].connf_head == NULL);
537 		mutex_destroy(&ipst->ips_ipcl_udp_fanout[i].connf_lock);
538 	}
539 	kmem_free(ipst->ips_ipcl_udp_fanout, ipst->ips_ipcl_udp_fanout_size *
540 	    sizeof (connf_t));
541 	ipst->ips_ipcl_udp_fanout = NULL;
542 
543 	for (i = 0; i < ipst->ips_ipcl_iptun_fanout_size; i++) {
544 		ASSERT(ipst->ips_ipcl_iptun_fanout[i].connf_head == NULL);
545 		mutex_destroy(&ipst->ips_ipcl_iptun_fanout[i].connf_lock);
546 	}
547 	kmem_free(ipst->ips_ipcl_iptun_fanout,
548 	    ipst->ips_ipcl_iptun_fanout_size * sizeof (connf_t));
549 	ipst->ips_ipcl_iptun_fanout = NULL;
550 
551 	for (i = 0; i < ipst->ips_ipcl_raw_fanout_size; i++) {
552 		ASSERT(ipst->ips_ipcl_raw_fanout[i].connf_head == NULL);
553 		mutex_destroy(&ipst->ips_ipcl_raw_fanout[i].connf_lock);
554 	}
555 	kmem_free(ipst->ips_ipcl_raw_fanout, ipst->ips_ipcl_raw_fanout_size *
556 	    sizeof (connf_t));
557 	ipst->ips_ipcl_raw_fanout = NULL;
558 
559 	for (i = 0; i < CONN_G_HASH_SIZE; i++) {
560 		ASSERT(ipst->ips_ipcl_globalhash_fanout[i].connf_head == NULL);
561 		mutex_destroy(&ipst->ips_ipcl_globalhash_fanout[i].connf_lock);
562 	}
563 	kmem_free(ipst->ips_ipcl_globalhash_fanout,
564 	    sizeof (connf_t) * CONN_G_HASH_SIZE);
565 	ipst->ips_ipcl_globalhash_fanout = NULL;
566 
567 	ASSERT(ipst->ips_rts_clients->connf_head == NULL);
568 	mutex_destroy(&ipst->ips_rts_clients->connf_lock);
569 	kmem_free(ipst->ips_rts_clients, sizeof (connf_t));
570 	ipst->ips_rts_clients = NULL;
571 }
572 
573 /*
574  * conn creation routine. initialize the conn, sets the reference
575  * and inserts it in the global hash table.
576  */
577 conn_t *
ipcl_conn_create(uint32_t type,int sleep,netstack_t * ns)578 ipcl_conn_create(uint32_t type, int sleep, netstack_t *ns)
579 {
580 	conn_t	*connp;
581 	struct kmem_cache *conn_cache;
582 
583 	switch (type) {
584 	case IPCL_SCTPCONN:
585 		if ((connp = kmem_cache_alloc(sctp_conn_cache, sleep)) == NULL)
586 			return (NULL);
587 		sctp_conn_init(connp);
588 		netstack_hold(ns);
589 		connp->conn_netstack = ns;
590 		connp->conn_ixa->ixa_ipst = ns->netstack_ip;
591 		connp->conn_ixa->ixa_conn_id = (long)connp;
592 		ipcl_globalhash_insert(connp);
593 		return (connp);
594 
595 	case IPCL_TCPCONN:
596 		conn_cache = tcp_conn_cache;
597 		break;
598 
599 	case IPCL_UDPCONN:
600 		conn_cache = udp_conn_cache;
601 		break;
602 
603 	case IPCL_RAWIPCONN:
604 		conn_cache = rawip_conn_cache;
605 		break;
606 
607 	case IPCL_RTSCONN:
608 		conn_cache = rts_conn_cache;
609 		break;
610 
611 	case IPCL_IPCCONN:
612 		conn_cache = ip_conn_cache;
613 		break;
614 
615 	default:
616 		conn_cache = NULL;
617 		connp = NULL;
618 		ASSERT(0);
619 	}
620 
621 	if ((connp = kmem_cache_alloc(conn_cache, sleep)) == NULL)
622 		return (NULL);
623 
624 	connp->conn_ref = 1;
625 	netstack_hold(ns);
626 	connp->conn_netstack = ns;
627 	connp->conn_ixa->ixa_ipst = ns->netstack_ip;
628 	connp->conn_ixa->ixa_conn_id = (long)connp;
629 	ipcl_globalhash_insert(connp);
630 	return (connp);
631 }
632 
633 void
ipcl_conn_destroy(conn_t * connp)634 ipcl_conn_destroy(conn_t *connp)
635 {
636 	mblk_t	*mp;
637 	netstack_t	*ns = connp->conn_netstack;
638 
639 	ASSERT(!MUTEX_HELD(&connp->conn_lock));
640 	ASSERT(connp->conn_ref == 0);
641 	ASSERT(connp->conn_ioctlref == 0);
642 
643 	DTRACE_PROBE1(conn__destroy, conn_t *, connp);
644 
645 	if (connp->conn_cred != NULL) {
646 		crfree(connp->conn_cred);
647 		connp->conn_cred = NULL;
648 		/* ixa_cred done in ipcl_conn_cleanup below */
649 	}
650 
651 	if (connp->conn_ht_iphc != NULL) {
652 		kmem_free(connp->conn_ht_iphc, connp->conn_ht_iphc_allocated);
653 		connp->conn_ht_iphc = NULL;
654 		connp->conn_ht_iphc_allocated = 0;
655 		connp->conn_ht_iphc_len = 0;
656 		connp->conn_ht_ulp = NULL;
657 		connp->conn_ht_ulp_len = 0;
658 	}
659 	ip_pkt_free(&connp->conn_xmit_ipp);
660 
661 	ipcl_globalhash_remove(connp);
662 
663 	if (connp->conn_latch != NULL) {
664 		IPLATCH_REFRELE(connp->conn_latch);
665 		connp->conn_latch = NULL;
666 	}
667 	if (connp->conn_latch_in_policy != NULL) {
668 		IPPOL_REFRELE(connp->conn_latch_in_policy);
669 		connp->conn_latch_in_policy = NULL;
670 	}
671 	if (connp->conn_latch_in_action != NULL) {
672 		IPACT_REFRELE(connp->conn_latch_in_action);
673 		connp->conn_latch_in_action = NULL;
674 	}
675 	if (connp->conn_policy != NULL) {
676 		IPPH_REFRELE(connp->conn_policy, ns);
677 		connp->conn_policy = NULL;
678 	}
679 
680 	if (connp->conn_ipsec_opt_mp != NULL) {
681 		freemsg(connp->conn_ipsec_opt_mp);
682 		connp->conn_ipsec_opt_mp = NULL;
683 	}
684 
685 	if (connp->conn_flags & IPCL_TCPCONN) {
686 		tcp_t *tcp = connp->conn_tcp;
687 
688 		tcp_free(tcp);
689 		mp = tcp->tcp_timercache;
690 
691 		tcp->tcp_tcps = NULL;
692 
693 		/*
694 		 * tcp_rsrv_mp can be NULL if tcp_get_conn() fails to allocate
695 		 * the mblk.
696 		 */
697 		if (tcp->tcp_rsrv_mp != NULL) {
698 			freeb(tcp->tcp_rsrv_mp);
699 			tcp->tcp_rsrv_mp = NULL;
700 			mutex_destroy(&tcp->tcp_rsrv_mp_lock);
701 		}
702 
703 		ipcl_conn_cleanup(connp);
704 		connp->conn_flags = IPCL_TCPCONN;
705 		if (ns != NULL) {
706 			ASSERT(tcp->tcp_tcps == NULL);
707 			connp->conn_netstack = NULL;
708 			connp->conn_ixa->ixa_ipst = NULL;
709 			netstack_rele(ns);
710 		}
711 
712 		bzero(tcp, sizeof (tcp_t));
713 
714 		tcp->tcp_timercache = mp;
715 		tcp->tcp_connp = connp;
716 		kmem_cache_free(tcp_conn_cache, connp);
717 		return;
718 	}
719 
720 	if (connp->conn_flags & IPCL_SCTPCONN) {
721 		ASSERT(ns != NULL);
722 		sctp_free(connp);
723 		return;
724 	}
725 
726 	ipcl_conn_cleanup(connp);
727 	if (ns != NULL) {
728 		connp->conn_netstack = NULL;
729 		connp->conn_ixa->ixa_ipst = NULL;
730 		netstack_rele(ns);
731 	}
732 
733 	/* leave conn_priv aka conn_udp, conn_icmp, etc in place. */
734 	if (connp->conn_flags & IPCL_UDPCONN) {
735 		connp->conn_flags = IPCL_UDPCONN;
736 		kmem_cache_free(udp_conn_cache, connp);
737 	} else if (connp->conn_flags & IPCL_RAWIPCONN) {
738 		connp->conn_flags = IPCL_RAWIPCONN;
739 		connp->conn_proto = IPPROTO_ICMP;
740 		connp->conn_ixa->ixa_protocol = connp->conn_proto;
741 		kmem_cache_free(rawip_conn_cache, connp);
742 	} else if (connp->conn_flags & IPCL_RTSCONN) {
743 		connp->conn_flags = IPCL_RTSCONN;
744 		kmem_cache_free(rts_conn_cache, connp);
745 	} else {
746 		connp->conn_flags = IPCL_IPCCONN;
747 		ASSERT(connp->conn_flags & IPCL_IPCCONN);
748 		ASSERT(connp->conn_priv == NULL);
749 		kmem_cache_free(ip_conn_cache, connp);
750 	}
751 }
752 
753 /*
754  * Running in cluster mode - deregister listener information
755  */
756 static void
ipcl_conn_unlisten(conn_t * connp)757 ipcl_conn_unlisten(conn_t *connp)
758 {
759 	ASSERT((connp->conn_flags & IPCL_CL_LISTENER) != 0);
760 	ASSERT(connp->conn_lport != 0);
761 
762 	if (cl_inet_unlisten != NULL) {
763 		sa_family_t	addr_family;
764 		uint8_t		*laddrp;
765 
766 		if (connp->conn_ipversion == IPV6_VERSION) {
767 			addr_family = AF_INET6;
768 			laddrp = (uint8_t *)&connp->conn_bound_addr_v6;
769 		} else {
770 			addr_family = AF_INET;
771 			laddrp = (uint8_t *)&connp->conn_bound_addr_v4;
772 		}
773 		(*cl_inet_unlisten)(connp->conn_netstack->netstack_stackid,
774 		    IPPROTO_TCP, addr_family, laddrp, connp->conn_lport, NULL);
775 	}
776 	connp->conn_flags &= ~IPCL_CL_LISTENER;
777 }
778 
779 /*
780  * We set the IPCL_REMOVED flag (instead of clearing the flag indicating
781  * which table the conn belonged to). So for debugging we can see which hash
782  * table this connection was in.
783  */
784 #define	IPCL_HASH_REMOVE(connp)	{					\
785 	connf_t	*connfp = (connp)->conn_fanout;				\
786 	ASSERT(!MUTEX_HELD(&((connp)->conn_lock)));			\
787 	if (connfp != NULL) {						\
788 		mutex_enter(&connfp->connf_lock);			\
789 		if ((connp)->conn_next != NULL)				\
790 			(connp)->conn_next->conn_prev =			\
791 			    (connp)->conn_prev;				\
792 		if ((connp)->conn_prev != NULL)				\
793 			(connp)->conn_prev->conn_next =			\
794 			    (connp)->conn_next;				\
795 		else							\
796 			connfp->connf_head = (connp)->conn_next;	\
797 		(connp)->conn_fanout = NULL;				\
798 		(connp)->conn_next = NULL;				\
799 		(connp)->conn_prev = NULL;				\
800 		(connp)->conn_flags |= IPCL_REMOVED;			\
801 		if (((connp)->conn_flags & IPCL_CL_LISTENER) != 0)	\
802 			ipcl_conn_unlisten((connp));			\
803 		CONN_DEC_REF((connp));					\
804 		mutex_exit(&connfp->connf_lock);			\
805 	}								\
806 }
807 
808 void
ipcl_hash_remove(conn_t * connp)809 ipcl_hash_remove(conn_t *connp)
810 {
811 	uint8_t		protocol = connp->conn_proto;
812 
813 	IPCL_HASH_REMOVE(connp);
814 	if (protocol == IPPROTO_RSVP)
815 		ill_set_inputfn_all(connp->conn_netstack->netstack_ip);
816 }
817 
818 /*
819  * The whole purpose of this function is allow removal of
820  * a conn_t from the connected hash for timewait reclaim.
821  * This is essentially a TW reclaim fastpath where timewait
822  * collector checks under fanout lock (so no one else can
823  * get access to the conn_t) that refcnt is 2 i.e. one for
824  * TCP and one for the classifier hash list. If ref count
825  * is indeed 2, we can just remove the conn under lock and
826  * avoid cleaning up the conn under squeue. This gives us
827  * improved performance.
828  */
829 void
ipcl_hash_remove_locked(conn_t * connp,connf_t * connfp)830 ipcl_hash_remove_locked(conn_t *connp, connf_t	*connfp)
831 {
832 	ASSERT(MUTEX_HELD(&connfp->connf_lock));
833 	ASSERT(MUTEX_HELD(&connp->conn_lock));
834 	ASSERT((connp->conn_flags & IPCL_CL_LISTENER) == 0);
835 
836 	if ((connp)->conn_next != NULL) {
837 		(connp)->conn_next->conn_prev = (connp)->conn_prev;
838 	}
839 	if ((connp)->conn_prev != NULL) {
840 		(connp)->conn_prev->conn_next = (connp)->conn_next;
841 	} else {
842 		connfp->connf_head = (connp)->conn_next;
843 	}
844 	(connp)->conn_fanout = NULL;
845 	(connp)->conn_next = NULL;
846 	(connp)->conn_prev = NULL;
847 	(connp)->conn_flags |= IPCL_REMOVED;
848 	ASSERT((connp)->conn_ref == 2);
849 	(connp)->conn_ref--;
850 }
851 
852 #define	IPCL_HASH_INSERT_CONNECTED_LOCKED(connfp, connp) {		\
853 	ASSERT((connp)->conn_fanout == NULL);				\
854 	ASSERT((connp)->conn_next == NULL);				\
855 	ASSERT((connp)->conn_prev == NULL);				\
856 	if ((connfp)->connf_head != NULL) {				\
857 		(connfp)->connf_head->conn_prev = (connp);		\
858 		(connp)->conn_next = (connfp)->connf_head;		\
859 	}								\
860 	(connp)->conn_fanout = (connfp);				\
861 	(connfp)->connf_head = (connp);					\
862 	(connp)->conn_flags = ((connp)->conn_flags & ~IPCL_REMOVED) |	\
863 	    IPCL_CONNECTED;						\
864 	CONN_INC_REF(connp);						\
865 }
866 
867 #define	IPCL_HASH_INSERT_CONNECTED(connfp, connp) {			\
868 	IPCL_HASH_REMOVE((connp));					\
869 	mutex_enter(&(connfp)->connf_lock);				\
870 	IPCL_HASH_INSERT_CONNECTED_LOCKED(connfp, connp);		\
871 	mutex_exit(&(connfp)->connf_lock);				\
872 }
873 
874 #define	IPCL_HASH_INSERT_BOUND(connfp, connp) {				\
875 	conn_t *pconnp = NULL, *nconnp;					\
876 	IPCL_HASH_REMOVE((connp));					\
877 	mutex_enter(&(connfp)->connf_lock);				\
878 	nconnp = (connfp)->connf_head;					\
879 	while (nconnp != NULL &&					\
880 	    !_IPCL_V4_MATCH_ANY(nconnp->conn_laddr_v6)) {		\
881 		pconnp = nconnp;					\
882 		nconnp = nconnp->conn_next;				\
883 	}								\
884 	if (pconnp != NULL) {						\
885 		pconnp->conn_next = (connp);				\
886 		(connp)->conn_prev = pconnp;				\
887 	} else {							\
888 		(connfp)->connf_head = (connp);				\
889 	}								\
890 	if (nconnp != NULL) {						\
891 		(connp)->conn_next = nconnp;				\
892 		nconnp->conn_prev = (connp);				\
893 	}								\
894 	(connp)->conn_fanout = (connfp);				\
895 	(connp)->conn_flags = ((connp)->conn_flags & ~IPCL_REMOVED) |	\
896 	    IPCL_BOUND;							\
897 	CONN_INC_REF(connp);						\
898 	mutex_exit(&(connfp)->connf_lock);				\
899 }
900 
901 #define	IPCL_HASH_INSERT_WILDCARD(connfp, connp) {			\
902 	conn_t **list, *prev, *next;					\
903 	boolean_t isv4mapped =						\
904 	    IN6_IS_ADDR_V4MAPPED(&(connp)->conn_laddr_v6);		\
905 	IPCL_HASH_REMOVE((connp));					\
906 	mutex_enter(&(connfp)->connf_lock);				\
907 	list = &(connfp)->connf_head;					\
908 	prev = NULL;							\
909 	while ((next = *list) != NULL) {				\
910 		if (isv4mapped &&					\
911 		    IN6_IS_ADDR_UNSPECIFIED(&next->conn_laddr_v6) &&	\
912 		    connp->conn_zoneid == next->conn_zoneid) {		\
913 			(connp)->conn_next = next;			\
914 			if (prev != NULL)				\
915 				prev = next->conn_prev;			\
916 			next->conn_prev = (connp);			\
917 			break;						\
918 		}							\
919 		list = &next->conn_next;				\
920 		prev = next;						\
921 	}								\
922 	(connp)->conn_prev = prev;					\
923 	*list = (connp);						\
924 	(connp)->conn_fanout = (connfp);				\
925 	(connp)->conn_flags = ((connp)->conn_flags & ~IPCL_REMOVED) |	\
926 	    IPCL_BOUND;							\
927 	CONN_INC_REF((connp));						\
928 	mutex_exit(&(connfp)->connf_lock);				\
929 }
930 
931 void
ipcl_hash_insert_wildcard(connf_t * connfp,conn_t * connp)932 ipcl_hash_insert_wildcard(connf_t *connfp, conn_t *connp)
933 {
934 	IPCL_HASH_INSERT_WILDCARD(connfp, connp);
935 }
936 
937 /*
938  * Because the classifier is used to classify inbound packets, the destination
939  * address is meant to be our local tunnel address (tunnel source), and the
940  * source the remote tunnel address (tunnel destination).
941  *
942  * Note that conn_proto can't be used for fanout since the upper protocol
943  * can be both 41 and 4 when IPv6 and IPv4 are over the same tunnel.
944  */
945 conn_t *
ipcl_iptun_classify_v4(ipaddr_t * src,ipaddr_t * dst,ip_stack_t * ipst)946 ipcl_iptun_classify_v4(ipaddr_t *src, ipaddr_t *dst, ip_stack_t *ipst)
947 {
948 	connf_t	*connfp;
949 	conn_t	*connp;
950 
951 	/* first look for IPv4 tunnel links */
952 	connfp = &ipst->ips_ipcl_iptun_fanout[IPCL_IPTUN_HASH(*dst, *src)];
953 	mutex_enter(&connfp->connf_lock);
954 	for (connp = connfp->connf_head; connp != NULL;
955 	    connp = connp->conn_next) {
956 		if (IPCL_IPTUN_MATCH(connp, *dst, *src))
957 			break;
958 	}
959 	if (connp != NULL)
960 		goto done;
961 
962 	mutex_exit(&connfp->connf_lock);
963 
964 	/* We didn't find an IPv4 tunnel, try a 6to4 tunnel */
965 	connfp = &ipst->ips_ipcl_iptun_fanout[IPCL_IPTUN_HASH(*dst,
966 	    INADDR_ANY)];
967 	mutex_enter(&connfp->connf_lock);
968 	for (connp = connfp->connf_head; connp != NULL;
969 	    connp = connp->conn_next) {
970 		if (IPCL_IPTUN_MATCH(connp, *dst, INADDR_ANY))
971 			break;
972 	}
973 done:
974 	if (connp != NULL)
975 		CONN_INC_REF(connp);
976 	mutex_exit(&connfp->connf_lock);
977 	return (connp);
978 }
979 
980 conn_t *
ipcl_iptun_classify_v6(in6_addr_t * src,in6_addr_t * dst,ip_stack_t * ipst)981 ipcl_iptun_classify_v6(in6_addr_t *src, in6_addr_t *dst, ip_stack_t *ipst)
982 {
983 	connf_t	*connfp;
984 	conn_t	*connp;
985 
986 	/* Look for an IPv6 tunnel link */
987 	connfp = &ipst->ips_ipcl_iptun_fanout[IPCL_IPTUN_HASH_V6(dst, src)];
988 	mutex_enter(&connfp->connf_lock);
989 	for (connp = connfp->connf_head; connp != NULL;
990 	    connp = connp->conn_next) {
991 		if (IPCL_IPTUN_MATCH_V6(connp, dst, src)) {
992 			CONN_INC_REF(connp);
993 			break;
994 		}
995 	}
996 	mutex_exit(&connfp->connf_lock);
997 	return (connp);
998 }
999 
1000 /*
1001  * This function is used only for inserting SCTP raw socket now.
1002  * This may change later.
1003  *
1004  * Note that only one raw socket can be bound to a port.  The param
1005  * lport is in network byte order.
1006  */
1007 static int
ipcl_sctp_hash_insert(conn_t * connp,in_port_t lport)1008 ipcl_sctp_hash_insert(conn_t *connp, in_port_t lport)
1009 {
1010 	connf_t	*connfp;
1011 	conn_t	*oconnp;
1012 	ip_stack_t	*ipst = connp->conn_netstack->netstack_ip;
1013 
1014 	connfp = &ipst->ips_ipcl_raw_fanout[IPCL_RAW_HASH(ntohs(lport), ipst)];
1015 
1016 	/* Check for existing raw socket already bound to the port. */
1017 	mutex_enter(&connfp->connf_lock);
1018 	for (oconnp = connfp->connf_head; oconnp != NULL;
1019 	    oconnp = oconnp->conn_next) {
1020 		if (oconnp->conn_lport == lport &&
1021 		    oconnp->conn_zoneid == connp->conn_zoneid &&
1022 		    oconnp->conn_family == connp->conn_family &&
1023 		    ((IN6_IS_ADDR_UNSPECIFIED(&connp->conn_laddr_v6) ||
1024 		    IN6_IS_ADDR_UNSPECIFIED(&oconnp->conn_laddr_v6) ||
1025 		    IN6_IS_ADDR_V4MAPPED_ANY(&connp->conn_laddr_v6) ||
1026 		    IN6_IS_ADDR_V4MAPPED_ANY(&oconnp->conn_laddr_v6)) ||
1027 		    IN6_ARE_ADDR_EQUAL(&oconnp->conn_laddr_v6,
1028 		    &connp->conn_laddr_v6))) {
1029 			break;
1030 		}
1031 	}
1032 	mutex_exit(&connfp->connf_lock);
1033 	if (oconnp != NULL)
1034 		return (EADDRNOTAVAIL);
1035 
1036 	if (IN6_IS_ADDR_UNSPECIFIED(&connp->conn_faddr_v6) ||
1037 	    IN6_IS_ADDR_V4MAPPED_ANY(&connp->conn_faddr_v6)) {
1038 		if (IN6_IS_ADDR_UNSPECIFIED(&connp->conn_laddr_v6) ||
1039 		    IN6_IS_ADDR_V4MAPPED_ANY(&connp->conn_laddr_v6)) {
1040 			IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1041 		} else {
1042 			IPCL_HASH_INSERT_BOUND(connfp, connp);
1043 		}
1044 	} else {
1045 		IPCL_HASH_INSERT_CONNECTED(connfp, connp);
1046 	}
1047 	return (0);
1048 }
1049 
1050 static int
ipcl_iptun_hash_insert(conn_t * connp,ip_stack_t * ipst)1051 ipcl_iptun_hash_insert(conn_t *connp, ip_stack_t *ipst)
1052 {
1053 	connf_t	*connfp;
1054 	conn_t	*tconnp;
1055 	ipaddr_t laddr = connp->conn_laddr_v4;
1056 	ipaddr_t faddr = connp->conn_faddr_v4;
1057 
1058 	connfp = &ipst->ips_ipcl_iptun_fanout[IPCL_IPTUN_HASH(laddr, faddr)];
1059 	mutex_enter(&connfp->connf_lock);
1060 	for (tconnp = connfp->connf_head; tconnp != NULL;
1061 	    tconnp = tconnp->conn_next) {
1062 		if (IPCL_IPTUN_MATCH(tconnp, laddr, faddr)) {
1063 			/* A tunnel is already bound to these addresses. */
1064 			mutex_exit(&connfp->connf_lock);
1065 			return (EADDRINUSE);
1066 		}
1067 	}
1068 	IPCL_HASH_INSERT_CONNECTED_LOCKED(connfp, connp);
1069 	mutex_exit(&connfp->connf_lock);
1070 	return (0);
1071 }
1072 
1073 static int
ipcl_iptun_hash_insert_v6(conn_t * connp,ip_stack_t * ipst)1074 ipcl_iptun_hash_insert_v6(conn_t *connp, ip_stack_t *ipst)
1075 {
1076 	connf_t	*connfp;
1077 	conn_t	*tconnp;
1078 	in6_addr_t *laddr = &connp->conn_laddr_v6;
1079 	in6_addr_t *faddr = &connp->conn_faddr_v6;
1080 
1081 	connfp = &ipst->ips_ipcl_iptun_fanout[IPCL_IPTUN_HASH_V6(laddr, faddr)];
1082 	mutex_enter(&connfp->connf_lock);
1083 	for (tconnp = connfp->connf_head; tconnp != NULL;
1084 	    tconnp = tconnp->conn_next) {
1085 		if (IPCL_IPTUN_MATCH_V6(tconnp, laddr, faddr)) {
1086 			/* A tunnel is already bound to these addresses. */
1087 			mutex_exit(&connfp->connf_lock);
1088 			return (EADDRINUSE);
1089 		}
1090 	}
1091 	IPCL_HASH_INSERT_CONNECTED_LOCKED(connfp, connp);
1092 	mutex_exit(&connfp->connf_lock);
1093 	return (0);
1094 }
1095 
1096 /*
1097  * Check for a MAC exemption conflict on a labeled system.  Note that for
1098  * protocols that use port numbers (UDP, TCP, SCTP), we do this check up in the
1099  * transport layer.  This check is for binding all other protocols.
1100  *
1101  * Returns true if there's a conflict.
1102  */
1103 static boolean_t
check_exempt_conflict_v4(conn_t * connp,ip_stack_t * ipst)1104 check_exempt_conflict_v4(conn_t *connp, ip_stack_t *ipst)
1105 {
1106 	connf_t	*connfp;
1107 	conn_t *tconn;
1108 
1109 	connfp = &ipst->ips_ipcl_proto_fanout_v4[connp->conn_proto];
1110 	mutex_enter(&connfp->connf_lock);
1111 	for (tconn = connfp->connf_head; tconn != NULL;
1112 	    tconn = tconn->conn_next) {
1113 		/* We don't allow v4 fallback for v6 raw socket */
1114 		if (connp->conn_family != tconn->conn_family)
1115 			continue;
1116 		/* If neither is exempt, then there's no conflict */
1117 		if ((connp->conn_mac_mode == CONN_MAC_DEFAULT) &&
1118 		    (tconn->conn_mac_mode == CONN_MAC_DEFAULT))
1119 			continue;
1120 		/* We are only concerned about sockets for a different zone */
1121 		if (connp->conn_zoneid == tconn->conn_zoneid)
1122 			continue;
1123 		/* If both are bound to different specific addrs, ok */
1124 		if (connp->conn_laddr_v4 != INADDR_ANY &&
1125 		    tconn->conn_laddr_v4 != INADDR_ANY &&
1126 		    connp->conn_laddr_v4 != tconn->conn_laddr_v4)
1127 			continue;
1128 		/* These two conflict; fail */
1129 		break;
1130 	}
1131 	mutex_exit(&connfp->connf_lock);
1132 	return (tconn != NULL);
1133 }
1134 
1135 static boolean_t
check_exempt_conflict_v6(conn_t * connp,ip_stack_t * ipst)1136 check_exempt_conflict_v6(conn_t *connp, ip_stack_t *ipst)
1137 {
1138 	connf_t	*connfp;
1139 	conn_t *tconn;
1140 
1141 	connfp = &ipst->ips_ipcl_proto_fanout_v6[connp->conn_proto];
1142 	mutex_enter(&connfp->connf_lock);
1143 	for (tconn = connfp->connf_head; tconn != NULL;
1144 	    tconn = tconn->conn_next) {
1145 		/* We don't allow v4 fallback for v6 raw socket */
1146 		if (connp->conn_family != tconn->conn_family)
1147 			continue;
1148 		/* If neither is exempt, then there's no conflict */
1149 		if ((connp->conn_mac_mode == CONN_MAC_DEFAULT) &&
1150 		    (tconn->conn_mac_mode == CONN_MAC_DEFAULT))
1151 			continue;
1152 		/* We are only concerned about sockets for a different zone */
1153 		if (connp->conn_zoneid == tconn->conn_zoneid)
1154 			continue;
1155 		/* If both are bound to different addrs, ok */
1156 		if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_laddr_v6) &&
1157 		    !IN6_IS_ADDR_UNSPECIFIED(&tconn->conn_laddr_v6) &&
1158 		    !IN6_ARE_ADDR_EQUAL(&connp->conn_laddr_v6,
1159 		    &tconn->conn_laddr_v6))
1160 			continue;
1161 		/* These two conflict; fail */
1162 		break;
1163 	}
1164 	mutex_exit(&connfp->connf_lock);
1165 	return (tconn != NULL);
1166 }
1167 
1168 /*
1169  * (v4, v6) bind hash insertion routines
1170  * The caller has already setup the conn (conn_proto, conn_laddr_v6, conn_lport)
1171  */
1172 
1173 int
ipcl_bind_insert(conn_t * connp)1174 ipcl_bind_insert(conn_t *connp)
1175 {
1176 	if (connp->conn_ipversion == IPV6_VERSION)
1177 		return (ipcl_bind_insert_v6(connp));
1178 	else
1179 		return (ipcl_bind_insert_v4(connp));
1180 }
1181 
1182 int
ipcl_bind_insert_v4(conn_t * connp)1183 ipcl_bind_insert_v4(conn_t *connp)
1184 {
1185 	connf_t	*connfp;
1186 	int	ret = 0;
1187 	ip_stack_t	*ipst = connp->conn_netstack->netstack_ip;
1188 	uint16_t	lport = connp->conn_lport;
1189 	uint8_t		protocol = connp->conn_proto;
1190 
1191 	if (IPCL_IS_IPTUN(connp))
1192 		return (ipcl_iptun_hash_insert(connp, ipst));
1193 
1194 	switch (protocol) {
1195 	default:
1196 		if (is_system_labeled() &&
1197 		    check_exempt_conflict_v4(connp, ipst))
1198 			return (EADDRINUSE);
1199 		/* FALLTHROUGH */
1200 	case IPPROTO_UDP:
1201 		if (protocol == IPPROTO_UDP) {
1202 			connfp = &ipst->ips_ipcl_udp_fanout[
1203 			    IPCL_UDP_HASH(lport, ipst)];
1204 		} else {
1205 			connfp = &ipst->ips_ipcl_proto_fanout_v4[protocol];
1206 		}
1207 
1208 		if (connp->conn_faddr_v4 != INADDR_ANY) {
1209 			IPCL_HASH_INSERT_CONNECTED(connfp, connp);
1210 		} else if (connp->conn_laddr_v4 != INADDR_ANY) {
1211 			IPCL_HASH_INSERT_BOUND(connfp, connp);
1212 		} else {
1213 			IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1214 		}
1215 		if (protocol == IPPROTO_RSVP)
1216 			ill_set_inputfn_all(ipst);
1217 		break;
1218 
1219 	case IPPROTO_TCP:
1220 		/* Insert it in the Bind Hash */
1221 		ASSERT(connp->conn_zoneid != ALL_ZONES);
1222 		connfp = &ipst->ips_ipcl_bind_fanout[
1223 		    IPCL_BIND_HASH(lport, ipst)];
1224 		if (connp->conn_laddr_v4 != INADDR_ANY) {
1225 			IPCL_HASH_INSERT_BOUND(connfp, connp);
1226 		} else {
1227 			IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1228 		}
1229 		if (cl_inet_listen != NULL) {
1230 			ASSERT(connp->conn_ipversion == IPV4_VERSION);
1231 			connp->conn_flags |= IPCL_CL_LISTENER;
1232 			(*cl_inet_listen)(
1233 			    connp->conn_netstack->netstack_stackid,
1234 			    IPPROTO_TCP, AF_INET,
1235 			    (uint8_t *)&connp->conn_bound_addr_v4, lport, NULL);
1236 		}
1237 		break;
1238 
1239 	case IPPROTO_SCTP:
1240 		ret = ipcl_sctp_hash_insert(connp, lport);
1241 		break;
1242 	}
1243 
1244 	return (ret);
1245 }
1246 
1247 int
ipcl_bind_insert_v6(conn_t * connp)1248 ipcl_bind_insert_v6(conn_t *connp)
1249 {
1250 	connf_t		*connfp;
1251 	int		ret = 0;
1252 	ip_stack_t	*ipst = connp->conn_netstack->netstack_ip;
1253 	uint16_t	lport = connp->conn_lport;
1254 	uint8_t		protocol = connp->conn_proto;
1255 
1256 	if (IPCL_IS_IPTUN(connp)) {
1257 		return (ipcl_iptun_hash_insert_v6(connp, ipst));
1258 	}
1259 
1260 	switch (protocol) {
1261 	default:
1262 		if (is_system_labeled() &&
1263 		    check_exempt_conflict_v6(connp, ipst))
1264 			return (EADDRINUSE);
1265 		/* FALLTHROUGH */
1266 	case IPPROTO_UDP:
1267 		if (protocol == IPPROTO_UDP) {
1268 			connfp = &ipst->ips_ipcl_udp_fanout[
1269 			    IPCL_UDP_HASH(lport, ipst)];
1270 		} else {
1271 			connfp = &ipst->ips_ipcl_proto_fanout_v6[protocol];
1272 		}
1273 
1274 		if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_faddr_v6)) {
1275 			IPCL_HASH_INSERT_CONNECTED(connfp, connp);
1276 		} else if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_laddr_v6)) {
1277 			IPCL_HASH_INSERT_BOUND(connfp, connp);
1278 		} else {
1279 			IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1280 		}
1281 		break;
1282 
1283 	case IPPROTO_TCP:
1284 		/* Insert it in the Bind Hash */
1285 		ASSERT(connp->conn_zoneid != ALL_ZONES);
1286 		connfp = &ipst->ips_ipcl_bind_fanout[
1287 		    IPCL_BIND_HASH(lport, ipst)];
1288 		if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_laddr_v6)) {
1289 			IPCL_HASH_INSERT_BOUND(connfp, connp);
1290 		} else {
1291 			IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1292 		}
1293 		if (cl_inet_listen != NULL) {
1294 			sa_family_t	addr_family;
1295 			uint8_t		*laddrp;
1296 
1297 			if (connp->conn_ipversion == IPV6_VERSION) {
1298 				addr_family = AF_INET6;
1299 				laddrp =
1300 				    (uint8_t *)&connp->conn_bound_addr_v6;
1301 			} else {
1302 				addr_family = AF_INET;
1303 				laddrp = (uint8_t *)&connp->conn_bound_addr_v4;
1304 			}
1305 			connp->conn_flags |= IPCL_CL_LISTENER;
1306 			(*cl_inet_listen)(
1307 			    connp->conn_netstack->netstack_stackid,
1308 			    IPPROTO_TCP, addr_family, laddrp, lport, NULL);
1309 		}
1310 		break;
1311 
1312 	case IPPROTO_SCTP:
1313 		ret = ipcl_sctp_hash_insert(connp, lport);
1314 		break;
1315 	}
1316 
1317 	return (ret);
1318 }
1319 
1320 /*
1321  * ipcl_conn_hash insertion routines.
1322  * The caller has already set conn_proto and the addresses/ports in the conn_t.
1323  */
1324 
1325 int
ipcl_conn_insert(conn_t * connp)1326 ipcl_conn_insert(conn_t *connp)
1327 {
1328 	if (connp->conn_ipversion == IPV6_VERSION)
1329 		return (ipcl_conn_insert_v6(connp));
1330 	else
1331 		return (ipcl_conn_insert_v4(connp));
1332 }
1333 
1334 int
ipcl_conn_insert_v4(conn_t * connp)1335 ipcl_conn_insert_v4(conn_t *connp)
1336 {
1337 	connf_t		*connfp;
1338 	conn_t		*tconnp;
1339 	int		ret = 0;
1340 	ip_stack_t	*ipst = connp->conn_netstack->netstack_ip;
1341 	uint16_t	lport = connp->conn_lport;
1342 	uint8_t		protocol = connp->conn_proto;
1343 
1344 	if (IPCL_IS_IPTUN(connp))
1345 		return (ipcl_iptun_hash_insert(connp, ipst));
1346 
1347 	switch (protocol) {
1348 	case IPPROTO_TCP:
1349 		/*
1350 		 * For TCP, we check whether the connection tuple already
1351 		 * exists before allowing the connection to proceed.  We
1352 		 * also allow indexing on the zoneid. This is to allow
1353 		 * multiple shared stack zones to have the same tcp
1354 		 * connection tuple. In practice this only happens for
1355 		 * INADDR_LOOPBACK as it's the only local address which
1356 		 * doesn't have to be unique.
1357 		 */
1358 		connfp = &ipst->ips_ipcl_conn_fanout[
1359 		    IPCL_CONN_HASH(connp->conn_faddr_v4,
1360 		    connp->conn_ports, ipst)];
1361 		mutex_enter(&connfp->connf_lock);
1362 		for (tconnp = connfp->connf_head; tconnp != NULL;
1363 		    tconnp = tconnp->conn_next) {
1364 			if (IPCL_CONN_MATCH(tconnp, connp->conn_proto,
1365 			    connp->conn_faddr_v4, connp->conn_laddr_v4,
1366 			    connp->conn_ports) &&
1367 			    IPCL_ZONE_MATCH(tconnp, connp->conn_zoneid)) {
1368 				/* Already have a conn. bail out */
1369 				mutex_exit(&connfp->connf_lock);
1370 				return (EADDRINUSE);
1371 			}
1372 		}
1373 		if (connp->conn_fanout != NULL) {
1374 			/*
1375 			 * Probably a XTI/TLI application trying to do a
1376 			 * rebind. Let it happen.
1377 			 */
1378 			mutex_exit(&connfp->connf_lock);
1379 			IPCL_HASH_REMOVE(connp);
1380 			mutex_enter(&connfp->connf_lock);
1381 		}
1382 
1383 		ASSERT(connp->conn_recv != NULL);
1384 		ASSERT(connp->conn_recvicmp != NULL);
1385 
1386 		IPCL_HASH_INSERT_CONNECTED_LOCKED(connfp, connp);
1387 		mutex_exit(&connfp->connf_lock);
1388 		break;
1389 
1390 	case IPPROTO_SCTP:
1391 		/*
1392 		 * The raw socket may have already been bound, remove it
1393 		 * from the hash first.
1394 		 */
1395 		IPCL_HASH_REMOVE(connp);
1396 		ret = ipcl_sctp_hash_insert(connp, lport);
1397 		break;
1398 
1399 	default:
1400 		/*
1401 		 * Check for conflicts among MAC exempt bindings.  For
1402 		 * transports with port numbers, this is done by the upper
1403 		 * level per-transport binding logic.  For all others, it's
1404 		 * done here.
1405 		 */
1406 		if (is_system_labeled() &&
1407 		    check_exempt_conflict_v4(connp, ipst))
1408 			return (EADDRINUSE);
1409 		/* FALLTHROUGH */
1410 
1411 	case IPPROTO_UDP:
1412 		if (protocol == IPPROTO_UDP) {
1413 			connfp = &ipst->ips_ipcl_udp_fanout[
1414 			    IPCL_UDP_HASH(lport, ipst)];
1415 		} else {
1416 			connfp = &ipst->ips_ipcl_proto_fanout_v4[protocol];
1417 		}
1418 
1419 		if (connp->conn_faddr_v4 != INADDR_ANY) {
1420 			IPCL_HASH_INSERT_CONNECTED(connfp, connp);
1421 		} else if (connp->conn_laddr_v4 != INADDR_ANY) {
1422 			IPCL_HASH_INSERT_BOUND(connfp, connp);
1423 		} else {
1424 			IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1425 		}
1426 		break;
1427 	}
1428 
1429 	return (ret);
1430 }
1431 
1432 int
ipcl_conn_insert_v6(conn_t * connp)1433 ipcl_conn_insert_v6(conn_t *connp)
1434 {
1435 	connf_t		*connfp;
1436 	conn_t		*tconnp;
1437 	int		ret = 0;
1438 	ip_stack_t	*ipst = connp->conn_netstack->netstack_ip;
1439 	uint16_t	lport = connp->conn_lport;
1440 	uint8_t		protocol = connp->conn_proto;
1441 	uint_t		ifindex = connp->conn_bound_if;
1442 
1443 	if (IPCL_IS_IPTUN(connp))
1444 		return (ipcl_iptun_hash_insert_v6(connp, ipst));
1445 
1446 	switch (protocol) {
1447 	case IPPROTO_TCP:
1448 
1449 		/*
1450 		 * For tcp, we check whether the connection tuple already
1451 		 * exists before allowing the connection to proceed.  We
1452 		 * also allow indexing on the zoneid. This is to allow
1453 		 * multiple shared stack zones to have the same tcp
1454 		 * connection tuple. In practice this only happens for
1455 		 * ipv6_loopback as it's the only local address which
1456 		 * doesn't have to be unique.
1457 		 */
1458 		connfp = &ipst->ips_ipcl_conn_fanout[
1459 		    IPCL_CONN_HASH_V6(connp->conn_faddr_v6, connp->conn_ports,
1460 		    ipst)];
1461 		mutex_enter(&connfp->connf_lock);
1462 		for (tconnp = connfp->connf_head; tconnp != NULL;
1463 		    tconnp = tconnp->conn_next) {
1464 			/* NOTE: need to match zoneid. Bug in onnv-gate */
1465 			if (IPCL_CONN_MATCH_V6(tconnp, connp->conn_proto,
1466 			    connp->conn_faddr_v6, connp->conn_laddr_v6,
1467 			    connp->conn_ports) &&
1468 			    (tconnp->conn_bound_if == 0 ||
1469 			    tconnp->conn_bound_if == ifindex) &&
1470 			    IPCL_ZONE_MATCH(tconnp, connp->conn_zoneid)) {
1471 				/* Already have a conn. bail out */
1472 				mutex_exit(&connfp->connf_lock);
1473 				return (EADDRINUSE);
1474 			}
1475 		}
1476 		if (connp->conn_fanout != NULL) {
1477 			/*
1478 			 * Probably a XTI/TLI application trying to do a
1479 			 * rebind. Let it happen.
1480 			 */
1481 			mutex_exit(&connfp->connf_lock);
1482 			IPCL_HASH_REMOVE(connp);
1483 			mutex_enter(&connfp->connf_lock);
1484 		}
1485 		IPCL_HASH_INSERT_CONNECTED_LOCKED(connfp, connp);
1486 		mutex_exit(&connfp->connf_lock);
1487 		break;
1488 
1489 	case IPPROTO_SCTP:
1490 		IPCL_HASH_REMOVE(connp);
1491 		ret = ipcl_sctp_hash_insert(connp, lport);
1492 		break;
1493 
1494 	default:
1495 		if (is_system_labeled() &&
1496 		    check_exempt_conflict_v6(connp, ipst))
1497 			return (EADDRINUSE);
1498 		/* FALLTHROUGH */
1499 	case IPPROTO_UDP:
1500 		if (protocol == IPPROTO_UDP) {
1501 			connfp = &ipst->ips_ipcl_udp_fanout[
1502 			    IPCL_UDP_HASH(lport, ipst)];
1503 		} else {
1504 			connfp = &ipst->ips_ipcl_proto_fanout_v6[protocol];
1505 		}
1506 
1507 		if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_faddr_v6)) {
1508 			IPCL_HASH_INSERT_CONNECTED(connfp, connp);
1509 		} else if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_laddr_v6)) {
1510 			IPCL_HASH_INSERT_BOUND(connfp, connp);
1511 		} else {
1512 			IPCL_HASH_INSERT_WILDCARD(connfp, connp);
1513 		}
1514 		break;
1515 	}
1516 
1517 	return (ret);
1518 }
1519 
1520 /*
1521  * v4 packet classifying function. looks up the fanout table to
1522  * find the conn, the packet belongs to. returns the conn with
1523  * the reference held, null otherwise.
1524  *
1525  * If zoneid is ALL_ZONES, then the search rules described in the "Connection
1526  * Lookup" comment block are applied.  Labels are also checked as described
1527  * above.  If the packet is from the inside (looped back), and is from the same
1528  * zone, then label checks are omitted.
1529  */
1530 conn_t *
ipcl_classify_v4(mblk_t * mp,uint8_t protocol,uint_t hdr_len,ip_recv_attr_t * ira,ip_stack_t * ipst)1531 ipcl_classify_v4(mblk_t *mp, uint8_t protocol, uint_t hdr_len,
1532     ip_recv_attr_t *ira, ip_stack_t *ipst)
1533 {
1534 	ipha_t	*ipha;
1535 	connf_t	*connfp, *bind_connfp;
1536 	uint16_t lport;
1537 	uint16_t fport;
1538 	uint32_t ports;
1539 	conn_t	*connp;
1540 	uint16_t  *up;
1541 	zoneid_t	zoneid = ira->ira_zoneid;
1542 
1543 	ipha = (ipha_t *)mp->b_rptr;
1544 	up = (uint16_t *)((uchar_t *)ipha + hdr_len + TCP_PORTS_OFFSET);
1545 
1546 	switch (protocol) {
1547 	case IPPROTO_TCP:
1548 		ports = *(uint32_t *)up;
1549 		connfp =
1550 		    &ipst->ips_ipcl_conn_fanout[IPCL_CONN_HASH(ipha->ipha_src,
1551 		    ports, ipst)];
1552 		mutex_enter(&connfp->connf_lock);
1553 		for (connp = connfp->connf_head; connp != NULL;
1554 		    connp = connp->conn_next) {
1555 			if (IPCL_CONN_MATCH(connp, protocol,
1556 			    ipha->ipha_src, ipha->ipha_dst, ports) &&
1557 			    (connp->conn_zoneid == zoneid ||
1558 			    connp->conn_allzones ||
1559 			    ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1560 			    (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE) &&
1561 			    (ira->ira_flags & IRAF_TX_SHARED_ADDR))))
1562 				break;
1563 		}
1564 
1565 		if (connp != NULL) {
1566 			/*
1567 			 * We have a fully-bound TCP connection.
1568 			 *
1569 			 * For labeled systems, there's no need to check the
1570 			 * label here.  It's known to be good as we checked
1571 			 * before allowing the connection to become bound.
1572 			 */
1573 			CONN_INC_REF(connp);
1574 			mutex_exit(&connfp->connf_lock);
1575 			return (connp);
1576 		}
1577 
1578 		mutex_exit(&connfp->connf_lock);
1579 		lport = up[1];
1580 		bind_connfp =
1581 		    &ipst->ips_ipcl_bind_fanout[IPCL_BIND_HASH(lport, ipst)];
1582 		mutex_enter(&bind_connfp->connf_lock);
1583 		for (connp = bind_connfp->connf_head; connp != NULL;
1584 		    connp = connp->conn_next) {
1585 			if (IPCL_BIND_MATCH(connp, protocol, ipha->ipha_dst,
1586 			    lport) &&
1587 			    (connp->conn_zoneid == zoneid ||
1588 			    connp->conn_allzones ||
1589 			    ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1590 			    (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE) &&
1591 			    (ira->ira_flags & IRAF_TX_SHARED_ADDR))))
1592 				break;
1593 		}
1594 
1595 		/*
1596 		 * If the matching connection is SLP on a private address, then
1597 		 * the label on the packet must match the local zone's label.
1598 		 * Otherwise, it must be in the label range defined by tnrh.
1599 		 * This is ensured by tsol_receive_local.
1600 		 *
1601 		 * Note that we don't check tsol_receive_local for
1602 		 * the connected case.
1603 		 */
1604 		if (connp != NULL && (ira->ira_flags & IRAF_SYSTEM_LABELED) &&
1605 		    !tsol_receive_local(mp, &ipha->ipha_dst, IPV4_VERSION,
1606 		    ira, connp)) {
1607 			DTRACE_PROBE3(tx__ip__log__info__classify__tcp,
1608 			    char *, "connp(1) could not receive mp(2)",
1609 			    conn_t *, connp, mblk_t *, mp);
1610 			connp = NULL;
1611 		}
1612 
1613 		if (connp != NULL) {
1614 			/* Have a listener at least */
1615 			CONN_INC_REF(connp);
1616 			mutex_exit(&bind_connfp->connf_lock);
1617 			return (connp);
1618 		}
1619 
1620 		mutex_exit(&bind_connfp->connf_lock);
1621 		break;
1622 
1623 	case IPPROTO_UDP:
1624 		lport = up[1];
1625 		fport = up[0];
1626 		connfp = &ipst->ips_ipcl_udp_fanout[IPCL_UDP_HASH(lport, ipst)];
1627 		mutex_enter(&connfp->connf_lock);
1628 		for (connp = connfp->connf_head; connp != NULL;
1629 		    connp = connp->conn_next) {
1630 			if (IPCL_UDP_MATCH(connp, lport, ipha->ipha_dst,
1631 			    fport, ipha->ipha_src) &&
1632 			    (connp->conn_zoneid == zoneid ||
1633 			    connp->conn_allzones ||
1634 			    ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1635 			    (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE))))
1636 				break;
1637 		}
1638 
1639 		if (connp != NULL && (ira->ira_flags & IRAF_SYSTEM_LABELED) &&
1640 		    !tsol_receive_local(mp, &ipha->ipha_dst, IPV4_VERSION,
1641 		    ira, connp)) {
1642 			DTRACE_PROBE3(tx__ip__log__info__classify__udp,
1643 			    char *, "connp(1) could not receive mp(2)",
1644 			    conn_t *, connp, mblk_t *, mp);
1645 			connp = NULL;
1646 		}
1647 
1648 		if (connp != NULL) {
1649 			CONN_INC_REF(connp);
1650 			mutex_exit(&connfp->connf_lock);
1651 			return (connp);
1652 		}
1653 
1654 		/*
1655 		 * We shouldn't come here for multicast/broadcast packets
1656 		 */
1657 		mutex_exit(&connfp->connf_lock);
1658 
1659 		break;
1660 
1661 	case IPPROTO_ENCAP:
1662 	case IPPROTO_IPV6:
1663 		return (ipcl_iptun_classify_v4(&ipha->ipha_src,
1664 		    &ipha->ipha_dst, ipst));
1665 	}
1666 
1667 	return (NULL);
1668 }
1669 
1670 conn_t *
ipcl_classify_v6(mblk_t * mp,uint8_t protocol,uint_t hdr_len,ip_recv_attr_t * ira,ip_stack_t * ipst)1671 ipcl_classify_v6(mblk_t *mp, uint8_t protocol, uint_t hdr_len,
1672     ip_recv_attr_t *ira, ip_stack_t *ipst)
1673 {
1674 	ip6_t		*ip6h;
1675 	connf_t		*connfp, *bind_connfp;
1676 	uint16_t	lport;
1677 	uint16_t	fport;
1678 	tcpha_t		*tcpha;
1679 	uint32_t	ports;
1680 	conn_t		*connp;
1681 	uint16_t	*up;
1682 	zoneid_t	zoneid = ira->ira_zoneid;
1683 
1684 	ip6h = (ip6_t *)mp->b_rptr;
1685 
1686 	switch (protocol) {
1687 	case IPPROTO_TCP:
1688 		tcpha = (tcpha_t *)&mp->b_rptr[hdr_len];
1689 		up = &tcpha->tha_lport;
1690 		ports = *(uint32_t *)up;
1691 
1692 		connfp =
1693 		    &ipst->ips_ipcl_conn_fanout[IPCL_CONN_HASH_V6(ip6h->ip6_src,
1694 		    ports, ipst)];
1695 		mutex_enter(&connfp->connf_lock);
1696 		for (connp = connfp->connf_head; connp != NULL;
1697 		    connp = connp->conn_next) {
1698 			if (IPCL_CONN_MATCH_V6(connp, protocol,
1699 			    ip6h->ip6_src, ip6h->ip6_dst, ports) &&
1700 			    (connp->conn_zoneid == zoneid ||
1701 			    connp->conn_allzones ||
1702 			    ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1703 			    (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE) &&
1704 			    (ira->ira_flags & IRAF_TX_SHARED_ADDR))))
1705 				break;
1706 		}
1707 
1708 		if (connp != NULL) {
1709 			/*
1710 			 * We have a fully-bound TCP connection.
1711 			 *
1712 			 * For labeled systems, there's no need to check the
1713 			 * label here.  It's known to be good as we checked
1714 			 * before allowing the connection to become bound.
1715 			 */
1716 			CONN_INC_REF(connp);
1717 			mutex_exit(&connfp->connf_lock);
1718 			return (connp);
1719 		}
1720 
1721 		mutex_exit(&connfp->connf_lock);
1722 
1723 		lport = up[1];
1724 		bind_connfp =
1725 		    &ipst->ips_ipcl_bind_fanout[IPCL_BIND_HASH(lport, ipst)];
1726 		mutex_enter(&bind_connfp->connf_lock);
1727 		for (connp = bind_connfp->connf_head; connp != NULL;
1728 		    connp = connp->conn_next) {
1729 			if (IPCL_BIND_MATCH_V6(connp, protocol,
1730 			    ip6h->ip6_dst, lport) &&
1731 			    (connp->conn_zoneid == zoneid ||
1732 			    connp->conn_allzones ||
1733 			    ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1734 			    (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE) &&
1735 			    (ira->ira_flags & IRAF_TX_SHARED_ADDR))))
1736 				break;
1737 		}
1738 
1739 		if (connp != NULL && (ira->ira_flags & IRAF_SYSTEM_LABELED) &&
1740 		    !tsol_receive_local(mp, &ip6h->ip6_dst, IPV6_VERSION,
1741 		    ira, connp)) {
1742 			DTRACE_PROBE3(tx__ip__log__info__classify__tcp6,
1743 			    char *, "connp(1) could not receive mp(2)",
1744 			    conn_t *, connp, mblk_t *, mp);
1745 			connp = NULL;
1746 		}
1747 
1748 		if (connp != NULL) {
1749 			/* Have a listner at least */
1750 			CONN_INC_REF(connp);
1751 			mutex_exit(&bind_connfp->connf_lock);
1752 			return (connp);
1753 		}
1754 
1755 		mutex_exit(&bind_connfp->connf_lock);
1756 		break;
1757 
1758 	case IPPROTO_UDP:
1759 		up = (uint16_t *)&mp->b_rptr[hdr_len];
1760 		lport = up[1];
1761 		fport = up[0];
1762 		connfp = &ipst->ips_ipcl_udp_fanout[IPCL_UDP_HASH(lport, ipst)];
1763 		mutex_enter(&connfp->connf_lock);
1764 		for (connp = connfp->connf_head; connp != NULL;
1765 		    connp = connp->conn_next) {
1766 			if (IPCL_UDP_MATCH_V6(connp, lport, ip6h->ip6_dst,
1767 			    fport, ip6h->ip6_src) &&
1768 			    (connp->conn_zoneid == zoneid ||
1769 			    connp->conn_allzones ||
1770 			    ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1771 			    (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE) &&
1772 			    (ira->ira_flags & IRAF_TX_SHARED_ADDR))))
1773 				break;
1774 		}
1775 
1776 		if (connp != NULL && (ira->ira_flags & IRAF_SYSTEM_LABELED) &&
1777 		    !tsol_receive_local(mp, &ip6h->ip6_dst, IPV6_VERSION,
1778 		    ira, connp)) {
1779 			DTRACE_PROBE3(tx__ip__log__info__classify__udp6,
1780 			    char *, "connp(1) could not receive mp(2)",
1781 			    conn_t *, connp, mblk_t *, mp);
1782 			connp = NULL;
1783 		}
1784 
1785 		if (connp != NULL) {
1786 			CONN_INC_REF(connp);
1787 			mutex_exit(&connfp->connf_lock);
1788 			return (connp);
1789 		}
1790 
1791 		/*
1792 		 * We shouldn't come here for multicast/broadcast packets
1793 		 */
1794 		mutex_exit(&connfp->connf_lock);
1795 		break;
1796 	case IPPROTO_ENCAP:
1797 	case IPPROTO_IPV6:
1798 		return (ipcl_iptun_classify_v6(&ip6h->ip6_src,
1799 		    &ip6h->ip6_dst, ipst));
1800 	}
1801 
1802 	return (NULL);
1803 }
1804 
1805 /*
1806  * wrapper around ipcl_classify_(v4,v6) routines.
1807  */
1808 conn_t *
ipcl_classify(mblk_t * mp,ip_recv_attr_t * ira,ip_stack_t * ipst)1809 ipcl_classify(mblk_t *mp, ip_recv_attr_t *ira, ip_stack_t *ipst)
1810 {
1811 	if (ira->ira_flags & IRAF_IS_IPV4) {
1812 		return (ipcl_classify_v4(mp, ira->ira_protocol,
1813 		    ira->ira_ip_hdr_length, ira, ipst));
1814 	} else {
1815 		return (ipcl_classify_v6(mp, ira->ira_protocol,
1816 		    ira->ira_ip_hdr_length, ira, ipst));
1817 	}
1818 }
1819 
1820 /*
1821  * Only used to classify SCTP RAW sockets
1822  */
1823 conn_t *
ipcl_classify_raw(mblk_t * mp,uint8_t protocol,uint32_t ports,ipha_t * ipha,ip6_t * ip6h,ip_recv_attr_t * ira,ip_stack_t * ipst)1824 ipcl_classify_raw(mblk_t *mp, uint8_t protocol, uint32_t ports,
1825     ipha_t *ipha, ip6_t *ip6h, ip_recv_attr_t *ira, ip_stack_t *ipst)
1826 {
1827 	connf_t		*connfp;
1828 	conn_t		*connp;
1829 	in_port_t	lport;
1830 	int		ipversion;
1831 	const void	*dst;
1832 	zoneid_t	zoneid = ira->ira_zoneid;
1833 
1834 	lport = ((uint16_t *)&ports)[1];
1835 	if (ira->ira_flags & IRAF_IS_IPV4) {
1836 		dst = (const void *)&ipha->ipha_dst;
1837 		ipversion = IPV4_VERSION;
1838 	} else {
1839 		dst = (const void *)&ip6h->ip6_dst;
1840 		ipversion = IPV6_VERSION;
1841 	}
1842 
1843 	connfp = &ipst->ips_ipcl_raw_fanout[IPCL_RAW_HASH(ntohs(lport), ipst)];
1844 	mutex_enter(&connfp->connf_lock);
1845 	for (connp = connfp->connf_head; connp != NULL;
1846 	    connp = connp->conn_next) {
1847 		/* We don't allow v4 fallback for v6 raw socket. */
1848 		if (ipversion != connp->conn_ipversion)
1849 			continue;
1850 		if (!IN6_IS_ADDR_UNSPECIFIED(&connp->conn_faddr_v6) &&
1851 		    !IN6_IS_ADDR_V4MAPPED_ANY(&connp->conn_faddr_v6)) {
1852 			if (ipversion == IPV4_VERSION) {
1853 				if (!IPCL_CONN_MATCH(connp, protocol,
1854 				    ipha->ipha_src, ipha->ipha_dst, ports))
1855 					continue;
1856 			} else {
1857 				if (!IPCL_CONN_MATCH_V6(connp, protocol,
1858 				    ip6h->ip6_src, ip6h->ip6_dst, ports))
1859 					continue;
1860 			}
1861 		} else {
1862 			if (ipversion == IPV4_VERSION) {
1863 				if (!IPCL_BIND_MATCH(connp, protocol,
1864 				    ipha->ipha_dst, lport))
1865 					continue;
1866 			} else {
1867 				if (!IPCL_BIND_MATCH_V6(connp, protocol,
1868 				    ip6h->ip6_dst, lport))
1869 					continue;
1870 			}
1871 		}
1872 
1873 		if (connp->conn_zoneid == zoneid ||
1874 		    connp->conn_allzones ||
1875 		    ((connp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1876 		    (ira->ira_flags & IRAF_TX_MAC_EXEMPTABLE) &&
1877 		    (ira->ira_flags & IRAF_TX_SHARED_ADDR)))
1878 			break;
1879 	}
1880 
1881 	if (connp != NULL && (ira->ira_flags & IRAF_SYSTEM_LABELED) &&
1882 	    !tsol_receive_local(mp, dst, ipversion, ira, connp)) {
1883 		DTRACE_PROBE3(tx__ip__log__info__classify__rawip,
1884 		    char *, "connp(1) could not receive mp(2)",
1885 		    conn_t *, connp, mblk_t *, mp);
1886 		connp = NULL;
1887 	}
1888 
1889 	if (connp != NULL)
1890 		goto found;
1891 	mutex_exit(&connfp->connf_lock);
1892 
1893 	/* Try to look for a wildcard SCTP RAW socket match. */
1894 	connfp = &ipst->ips_ipcl_raw_fanout[IPCL_RAW_HASH(0, ipst)];
1895 	mutex_enter(&connfp->connf_lock);
1896 	for (connp = connfp->connf_head; connp != NULL;
1897 	    connp = connp->conn_next) {
1898 		/* We don't allow v4 fallback for v6 raw socket. */
1899 		if (ipversion != connp->conn_ipversion)
1900 			continue;
1901 		if (!IPCL_ZONE_MATCH(connp, zoneid))
1902 			continue;
1903 
1904 		if (ipversion == IPV4_VERSION) {
1905 			if (IPCL_RAW_MATCH(connp, protocol, ipha->ipha_dst))
1906 				break;
1907 		} else {
1908 			if (IPCL_RAW_MATCH_V6(connp, protocol, ip6h->ip6_dst)) {
1909 				break;
1910 			}
1911 		}
1912 	}
1913 
1914 	if (connp != NULL)
1915 		goto found;
1916 
1917 	mutex_exit(&connfp->connf_lock);
1918 	return (NULL);
1919 
1920 found:
1921 	ASSERT(connp != NULL);
1922 	CONN_INC_REF(connp);
1923 	mutex_exit(&connfp->connf_lock);
1924 	return (connp);
1925 }
1926 
1927 /* ARGSUSED */
1928 static int
tcp_conn_constructor(void * buf,void * cdrarg,int kmflags)1929 tcp_conn_constructor(void *buf, void *cdrarg, int kmflags)
1930 {
1931 	itc_t	*itc = (itc_t *)buf;
1932 	conn_t	*connp = &itc->itc_conn;
1933 	tcp_t	*tcp = (tcp_t *)&itc[1];
1934 
1935 	bzero(connp, sizeof (conn_t));
1936 	bzero(tcp, sizeof (tcp_t));
1937 
1938 	mutex_init(&connp->conn_lock, NULL, MUTEX_DEFAULT, NULL);
1939 	cv_init(&connp->conn_cv, NULL, CV_DEFAULT, NULL);
1940 	cv_init(&connp->conn_sq_cv, NULL, CV_DEFAULT, NULL);
1941 	tcp->tcp_timercache = tcp_timermp_alloc(kmflags);
1942 	if (tcp->tcp_timercache == NULL)
1943 		return (ENOMEM);
1944 	connp->conn_tcp = tcp;
1945 	connp->conn_flags = IPCL_TCPCONN;
1946 	connp->conn_proto = IPPROTO_TCP;
1947 	tcp->tcp_connp = connp;
1948 	rw_init(&connp->conn_ilg_lock, NULL, RW_DEFAULT, NULL);
1949 
1950 	connp->conn_ixa = kmem_zalloc(sizeof (ip_xmit_attr_t), kmflags);
1951 	if (connp->conn_ixa == NULL) {
1952 		tcp_timermp_free(tcp);
1953 		return (ENOMEM);
1954 	}
1955 	connp->conn_ixa->ixa_refcnt = 1;
1956 	connp->conn_ixa->ixa_protocol = connp->conn_proto;
1957 	connp->conn_ixa->ixa_xmit_hint = CONN_TO_XMIT_HINT(connp);
1958 	return (0);
1959 }
1960 
1961 /* ARGSUSED */
1962 static void
tcp_conn_destructor(void * buf,void * cdrarg)1963 tcp_conn_destructor(void *buf, void *cdrarg)
1964 {
1965 	itc_t	*itc = (itc_t *)buf;
1966 	conn_t	*connp = &itc->itc_conn;
1967 	tcp_t	*tcp = (tcp_t *)&itc[1];
1968 
1969 	ASSERT(connp->conn_flags & IPCL_TCPCONN);
1970 	ASSERT(tcp->tcp_connp == connp);
1971 	ASSERT(connp->conn_tcp == tcp);
1972 	tcp_timermp_free(tcp);
1973 	mutex_destroy(&connp->conn_lock);
1974 	cv_destroy(&connp->conn_cv);
1975 	cv_destroy(&connp->conn_sq_cv);
1976 	rw_destroy(&connp->conn_ilg_lock);
1977 
1978 	/* Can be NULL if constructor failed */
1979 	if (connp->conn_ixa != NULL) {
1980 		ASSERT(connp->conn_ixa->ixa_refcnt == 1);
1981 		ASSERT(connp->conn_ixa->ixa_ire == NULL);
1982 		ASSERT(connp->conn_ixa->ixa_nce == NULL);
1983 		ixa_refrele(connp->conn_ixa);
1984 	}
1985 }
1986 
1987 /* ARGSUSED */
1988 static int
ip_conn_constructor(void * buf,void * cdrarg,int kmflags)1989 ip_conn_constructor(void *buf, void *cdrarg, int kmflags)
1990 {
1991 	itc_t	*itc = (itc_t *)buf;
1992 	conn_t	*connp = &itc->itc_conn;
1993 
1994 	bzero(connp, sizeof (conn_t));
1995 	mutex_init(&connp->conn_lock, NULL, MUTEX_DEFAULT, NULL);
1996 	cv_init(&connp->conn_cv, NULL, CV_DEFAULT, NULL);
1997 	connp->conn_flags = IPCL_IPCCONN;
1998 	rw_init(&connp->conn_ilg_lock, NULL, RW_DEFAULT, NULL);
1999 
2000 	connp->conn_ixa = kmem_zalloc(sizeof (ip_xmit_attr_t), kmflags);
2001 	if (connp->conn_ixa == NULL)
2002 		return (ENOMEM);
2003 	connp->conn_ixa->ixa_refcnt = 1;
2004 	connp->conn_ixa->ixa_xmit_hint = CONN_TO_XMIT_HINT(connp);
2005 	return (0);
2006 }
2007 
2008 /* ARGSUSED */
2009 static void
ip_conn_destructor(void * buf,void * cdrarg)2010 ip_conn_destructor(void *buf, void *cdrarg)
2011 {
2012 	itc_t	*itc = (itc_t *)buf;
2013 	conn_t	*connp = &itc->itc_conn;
2014 
2015 	ASSERT(connp->conn_flags & IPCL_IPCCONN);
2016 	ASSERT(connp->conn_priv == NULL);
2017 	mutex_destroy(&connp->conn_lock);
2018 	cv_destroy(&connp->conn_cv);
2019 	rw_destroy(&connp->conn_ilg_lock);
2020 
2021 	/* Can be NULL if constructor failed */
2022 	if (connp->conn_ixa != NULL) {
2023 		ASSERT(connp->conn_ixa->ixa_refcnt == 1);
2024 		ASSERT(connp->conn_ixa->ixa_ire == NULL);
2025 		ASSERT(connp->conn_ixa->ixa_nce == NULL);
2026 		ixa_refrele(connp->conn_ixa);
2027 	}
2028 }
2029 
2030 /* ARGSUSED */
2031 static int
udp_conn_constructor(void * buf,void * cdrarg,int kmflags)2032 udp_conn_constructor(void *buf, void *cdrarg, int kmflags)
2033 {
2034 	itc_t	*itc = (itc_t *)buf;
2035 	conn_t	*connp = &itc->itc_conn;
2036 	udp_t	*udp = (udp_t *)&itc[1];
2037 
2038 	bzero(connp, sizeof (conn_t));
2039 	bzero(udp, sizeof (udp_t));
2040 
2041 	mutex_init(&connp->conn_lock, NULL, MUTEX_DEFAULT, NULL);
2042 	cv_init(&connp->conn_cv, NULL, CV_DEFAULT, NULL);
2043 	connp->conn_udp = udp;
2044 	connp->conn_flags = IPCL_UDPCONN;
2045 	connp->conn_proto = IPPROTO_UDP;
2046 	udp->udp_connp = connp;
2047 	rw_init(&connp->conn_ilg_lock, NULL, RW_DEFAULT, NULL);
2048 	connp->conn_ixa = kmem_zalloc(sizeof (ip_xmit_attr_t), kmflags);
2049 	if (connp->conn_ixa == NULL)
2050 		return (ENOMEM);
2051 	connp->conn_ixa->ixa_refcnt = 1;
2052 	connp->conn_ixa->ixa_protocol = connp->conn_proto;
2053 	connp->conn_ixa->ixa_xmit_hint = CONN_TO_XMIT_HINT(connp);
2054 	return (0);
2055 }
2056 
2057 /* ARGSUSED */
2058 static void
udp_conn_destructor(void * buf,void * cdrarg)2059 udp_conn_destructor(void *buf, void *cdrarg)
2060 {
2061 	itc_t	*itc = (itc_t *)buf;
2062 	conn_t	*connp = &itc->itc_conn;
2063 	udp_t	*udp = (udp_t *)&itc[1];
2064 
2065 	ASSERT(connp->conn_flags & IPCL_UDPCONN);
2066 	ASSERT(udp->udp_connp == connp);
2067 	ASSERT(connp->conn_udp == udp);
2068 	mutex_destroy(&connp->conn_lock);
2069 	cv_destroy(&connp->conn_cv);
2070 	rw_destroy(&connp->conn_ilg_lock);
2071 
2072 	/* Can be NULL if constructor failed */
2073 	if (connp->conn_ixa != NULL) {
2074 		ASSERT(connp->conn_ixa->ixa_refcnt == 1);
2075 		ASSERT(connp->conn_ixa->ixa_ire == NULL);
2076 		ASSERT(connp->conn_ixa->ixa_nce == NULL);
2077 		ixa_refrele(connp->conn_ixa);
2078 	}
2079 }
2080 
2081 /* ARGSUSED */
2082 static int
rawip_conn_constructor(void * buf,void * cdrarg,int kmflags)2083 rawip_conn_constructor(void *buf, void *cdrarg, int kmflags)
2084 {
2085 	itc_t	*itc = (itc_t *)buf;
2086 	conn_t	*connp = &itc->itc_conn;
2087 	icmp_t	*icmp = (icmp_t *)&itc[1];
2088 
2089 	bzero(connp, sizeof (conn_t));
2090 	bzero(icmp, sizeof (icmp_t));
2091 
2092 	mutex_init(&connp->conn_lock, NULL, MUTEX_DEFAULT, NULL);
2093 	cv_init(&connp->conn_cv, NULL, CV_DEFAULT, NULL);
2094 	connp->conn_icmp = icmp;
2095 	connp->conn_flags = IPCL_RAWIPCONN;
2096 	connp->conn_proto = IPPROTO_ICMP;
2097 	icmp->icmp_connp = connp;
2098 	rw_init(&connp->conn_ilg_lock, NULL, RW_DEFAULT, NULL);
2099 	connp->conn_ixa = kmem_zalloc(sizeof (ip_xmit_attr_t), kmflags);
2100 	if (connp->conn_ixa == NULL)
2101 		return (ENOMEM);
2102 	connp->conn_ixa->ixa_refcnt = 1;
2103 	connp->conn_ixa->ixa_protocol = connp->conn_proto;
2104 	connp->conn_ixa->ixa_xmit_hint = CONN_TO_XMIT_HINT(connp);
2105 	return (0);
2106 }
2107 
2108 /* ARGSUSED */
2109 static void
rawip_conn_destructor(void * buf,void * cdrarg)2110 rawip_conn_destructor(void *buf, void *cdrarg)
2111 {
2112 	itc_t	*itc = (itc_t *)buf;
2113 	conn_t	*connp = &itc->itc_conn;
2114 	icmp_t	*icmp = (icmp_t *)&itc[1];
2115 
2116 	ASSERT(connp->conn_flags & IPCL_RAWIPCONN);
2117 	ASSERT(icmp->icmp_connp == connp);
2118 	ASSERT(connp->conn_icmp == icmp);
2119 	mutex_destroy(&connp->conn_lock);
2120 	cv_destroy(&connp->conn_cv);
2121 	rw_destroy(&connp->conn_ilg_lock);
2122 
2123 	/* Can be NULL if constructor failed */
2124 	if (connp->conn_ixa != NULL) {
2125 		ASSERT(connp->conn_ixa->ixa_refcnt == 1);
2126 		ASSERT(connp->conn_ixa->ixa_ire == NULL);
2127 		ASSERT(connp->conn_ixa->ixa_nce == NULL);
2128 		ixa_refrele(connp->conn_ixa);
2129 	}
2130 }
2131 
2132 /* ARGSUSED */
2133 static int
rts_conn_constructor(void * buf,void * cdrarg,int kmflags)2134 rts_conn_constructor(void *buf, void *cdrarg, int kmflags)
2135 {
2136 	itc_t	*itc = (itc_t *)buf;
2137 	conn_t	*connp = &itc->itc_conn;
2138 	rts_t	*rts = (rts_t *)&itc[1];
2139 
2140 	bzero(connp, sizeof (conn_t));
2141 	bzero(rts, sizeof (rts_t));
2142 
2143 	mutex_init(&connp->conn_lock, NULL, MUTEX_DEFAULT, NULL);
2144 	cv_init(&connp->conn_cv, NULL, CV_DEFAULT, NULL);
2145 	connp->conn_rts = rts;
2146 	connp->conn_flags = IPCL_RTSCONN;
2147 	rts->rts_connp = connp;
2148 	rw_init(&connp->conn_ilg_lock, NULL, RW_DEFAULT, NULL);
2149 	connp->conn_ixa = kmem_zalloc(sizeof (ip_xmit_attr_t), kmflags);
2150 	if (connp->conn_ixa == NULL)
2151 		return (ENOMEM);
2152 	connp->conn_ixa->ixa_refcnt = 1;
2153 	connp->conn_ixa->ixa_xmit_hint = CONN_TO_XMIT_HINT(connp);
2154 	return (0);
2155 }
2156 
2157 /* ARGSUSED */
2158 static void
rts_conn_destructor(void * buf,void * cdrarg)2159 rts_conn_destructor(void *buf, void *cdrarg)
2160 {
2161 	itc_t	*itc = (itc_t *)buf;
2162 	conn_t	*connp = &itc->itc_conn;
2163 	rts_t	*rts = (rts_t *)&itc[1];
2164 
2165 	ASSERT(connp->conn_flags & IPCL_RTSCONN);
2166 	ASSERT(rts->rts_connp == connp);
2167 	ASSERT(connp->conn_rts == rts);
2168 	mutex_destroy(&connp->conn_lock);
2169 	cv_destroy(&connp->conn_cv);
2170 	rw_destroy(&connp->conn_ilg_lock);
2171 
2172 	/* Can be NULL if constructor failed */
2173 	if (connp->conn_ixa != NULL) {
2174 		ASSERT(connp->conn_ixa->ixa_refcnt == 1);
2175 		ASSERT(connp->conn_ixa->ixa_ire == NULL);
2176 		ASSERT(connp->conn_ixa->ixa_nce == NULL);
2177 		ixa_refrele(connp->conn_ixa);
2178 	}
2179 }
2180 
2181 /*
2182  * Called as part of ipcl_conn_destroy to assert and clear any pointers
2183  * in the conn_t.
2184  *
2185  * Below we list all the pointers in the conn_t as a documentation aid.
2186  * The ones that we can not ASSERT to be NULL are #ifdef'ed out.
2187  * If you add any pointers to the conn_t please add an ASSERT here
2188  * and #ifdef it out if it can't be actually asserted to be NULL.
2189  * In any case, we bzero most of the conn_t at the end of the function.
2190  */
2191 void
ipcl_conn_cleanup(conn_t * connp)2192 ipcl_conn_cleanup(conn_t *connp)
2193 {
2194 	ip_xmit_attr_t	*ixa;
2195 
2196 	ASSERT(connp->conn_latch == NULL);
2197 	ASSERT(connp->conn_latch_in_policy == NULL);
2198 	ASSERT(connp->conn_latch_in_action == NULL);
2199 #ifdef notdef
2200 	ASSERT(connp->conn_rq == NULL);
2201 	ASSERT(connp->conn_wq == NULL);
2202 #endif
2203 	ASSERT(connp->conn_cred == NULL);
2204 	ASSERT(connp->conn_g_fanout == NULL);
2205 	ASSERT(connp->conn_g_next == NULL);
2206 	ASSERT(connp->conn_g_prev == NULL);
2207 	ASSERT(connp->conn_policy == NULL);
2208 	ASSERT(connp->conn_fanout == NULL);
2209 	ASSERT(connp->conn_next == NULL);
2210 	ASSERT(connp->conn_prev == NULL);
2211 	ASSERT(connp->conn_oper_pending_ill == NULL);
2212 	ASSERT(connp->conn_ilg == NULL);
2213 	ASSERT(connp->conn_drain_next == NULL);
2214 	ASSERT(connp->conn_drain_prev == NULL);
2215 #ifdef notdef
2216 	/* conn_idl is not cleared when removed from idl list */
2217 	ASSERT(connp->conn_idl == NULL);
2218 #endif
2219 	ASSERT(connp->conn_ipsec_opt_mp == NULL);
2220 #ifdef notdef
2221 	/* conn_netstack is cleared by the caller; needed by ixa_cleanup */
2222 	ASSERT(connp->conn_netstack == NULL);
2223 #endif
2224 
2225 	ASSERT(connp->conn_helper_info == NULL);
2226 	ASSERT(connp->conn_ixa != NULL);
2227 	ixa = connp->conn_ixa;
2228 	ASSERT(ixa->ixa_refcnt == 1);
2229 	/* Need to preserve ixa_protocol */
2230 	ixa_cleanup(ixa);
2231 	ixa->ixa_flags = 0;
2232 
2233 	/* Clear out the conn_t fields that are not preserved */
2234 	bzero(&connp->conn_start_clr,
2235 	    sizeof (conn_t) -
2236 	    ((uchar_t *)&connp->conn_start_clr - (uchar_t *)connp));
2237 }
2238 
2239 /*
2240  * All conns are inserted in a global multi-list for the benefit of
2241  * walkers. The walk is guaranteed to walk all open conns at the time
2242  * of the start of the walk exactly once. This property is needed to
2243  * achieve some cleanups during unplumb of interfaces. This is achieved
2244  * as follows.
2245  *
2246  * ipcl_conn_create and ipcl_conn_destroy are the only functions that
2247  * call the insert and delete functions below at creation and deletion
2248  * time respectively. The conn never moves or changes its position in this
2249  * multi-list during its lifetime. CONN_CONDEMNED ensures that the refcnt
2250  * won't increase due to walkers, once the conn deletion has started. Note
2251  * that we can't remove the conn from the global list and then wait for
2252  * the refcnt to drop to zero, since walkers would then see a truncated
2253  * list. CONN_INCIPIENT ensures that walkers don't start looking at
2254  * conns until ip_open is ready to make them globally visible.
2255  * The global round robin multi-list locks are held only to get the
2256  * next member/insertion/deletion and contention should be negligible
2257  * if the multi-list is much greater than the number of cpus.
2258  */
2259 void
ipcl_globalhash_insert(conn_t * connp)2260 ipcl_globalhash_insert(conn_t *connp)
2261 {
2262 	int	index;
2263 	struct connf_s	*connfp;
2264 	ip_stack_t	*ipst = connp->conn_netstack->netstack_ip;
2265 
2266 	/*
2267 	 * No need for atomic here. Approximate even distribution
2268 	 * in the global lists is sufficient.
2269 	 */
2270 	ipst->ips_conn_g_index++;
2271 	index = ipst->ips_conn_g_index & (CONN_G_HASH_SIZE - 1);
2272 
2273 	connp->conn_g_prev = NULL;
2274 	/*
2275 	 * Mark as INCIPIENT, so that walkers will ignore this
2276 	 * for now, till ip_open is ready to make it visible globally.
2277 	 */
2278 	connp->conn_state_flags |= CONN_INCIPIENT;
2279 
2280 	connfp = &ipst->ips_ipcl_globalhash_fanout[index];
2281 	/* Insert at the head of the list */
2282 	mutex_enter(&connfp->connf_lock);
2283 	connp->conn_g_next = connfp->connf_head;
2284 	if (connp->conn_g_next != NULL)
2285 		connp->conn_g_next->conn_g_prev = connp;
2286 	connfp->connf_head = connp;
2287 
2288 	/* The fanout bucket this conn points to */
2289 	connp->conn_g_fanout = connfp;
2290 
2291 	mutex_exit(&connfp->connf_lock);
2292 }
2293 
2294 void
ipcl_globalhash_remove(conn_t * connp)2295 ipcl_globalhash_remove(conn_t *connp)
2296 {
2297 	struct connf_s	*connfp;
2298 
2299 	/*
2300 	 * We were never inserted in the global multi list.
2301 	 * IPCL_NONE variety is never inserted in the global multilist
2302 	 * since it is presumed to not need any cleanup and is transient.
2303 	 */
2304 	if (connp->conn_g_fanout == NULL)
2305 		return;
2306 
2307 	connfp = connp->conn_g_fanout;
2308 	mutex_enter(&connfp->connf_lock);
2309 	if (connp->conn_g_prev != NULL)
2310 		connp->conn_g_prev->conn_g_next = connp->conn_g_next;
2311 	else
2312 		connfp->connf_head = connp->conn_g_next;
2313 	if (connp->conn_g_next != NULL)
2314 		connp->conn_g_next->conn_g_prev = connp->conn_g_prev;
2315 	mutex_exit(&connfp->connf_lock);
2316 
2317 	/* Better to stumble on a null pointer than to corrupt memory */
2318 	connp->conn_g_next = NULL;
2319 	connp->conn_g_prev = NULL;
2320 	connp->conn_g_fanout = NULL;
2321 }
2322 
2323 /*
2324  * Walk the list of all conn_t's in the system, calling the function provided
2325  * With the specified argument for each.
2326  * Applies to both IPv4 and IPv6.
2327  *
2328  * CONNs may hold pointers to ills (conn_dhcpinit_ill and
2329  * conn_oper_pending_ill). To guard against stale pointers
2330  * ipcl_walk() is called to cleanup the conn_t's, typically when an interface is
2331  * unplumbed or removed. New conn_t's that are created while we are walking
2332  * may be missed by this walk, because they are not necessarily inserted
2333  * at the tail of the list. They are new conn_t's and thus don't have any
2334  * stale pointers. The CONN_CLOSING flag ensures that no new reference
2335  * is created to the struct that is going away.
2336  */
2337 void
ipcl_walk(pfv_t func,void * arg,ip_stack_t * ipst)2338 ipcl_walk(pfv_t func, void *arg, ip_stack_t *ipst)
2339 {
2340 	int	i;
2341 	conn_t	*connp;
2342 	conn_t	*prev_connp;
2343 
2344 	for (i = 0; i < CONN_G_HASH_SIZE; i++) {
2345 		mutex_enter(&ipst->ips_ipcl_globalhash_fanout[i].connf_lock);
2346 		prev_connp = NULL;
2347 		connp = ipst->ips_ipcl_globalhash_fanout[i].connf_head;
2348 		while (connp != NULL) {
2349 			mutex_enter(&connp->conn_lock);
2350 			if (connp->conn_state_flags &
2351 			    (CONN_CONDEMNED | CONN_INCIPIENT)) {
2352 				mutex_exit(&connp->conn_lock);
2353 				connp = connp->conn_g_next;
2354 				continue;
2355 			}
2356 			CONN_INC_REF_LOCKED(connp);
2357 			mutex_exit(&connp->conn_lock);
2358 			mutex_exit(
2359 			    &ipst->ips_ipcl_globalhash_fanout[i].connf_lock);
2360 			(*func)(connp, arg);
2361 			if (prev_connp != NULL)
2362 				CONN_DEC_REF(prev_connp);
2363 			mutex_enter(
2364 			    &ipst->ips_ipcl_globalhash_fanout[i].connf_lock);
2365 			prev_connp = connp;
2366 			connp = connp->conn_g_next;
2367 		}
2368 		mutex_exit(&ipst->ips_ipcl_globalhash_fanout[i].connf_lock);
2369 		if (prev_connp != NULL)
2370 			CONN_DEC_REF(prev_connp);
2371 	}
2372 }
2373 
2374 /*
2375  * Search for a peer TCP/IPv4 loopback conn by doing a reverse lookup on
2376  * the {src, dst, lport, fport} quadruplet.  Returns with conn reference
2377  * held; caller must call CONN_DEC_REF.  Only checks for connected entries
2378  * (peer tcp in ESTABLISHED state).
2379  */
2380 conn_t *
ipcl_conn_tcp_lookup_reversed_ipv4(conn_t * connp,ipha_t * ipha,tcpha_t * tcpha,ip_stack_t * ipst)2381 ipcl_conn_tcp_lookup_reversed_ipv4(conn_t *connp, ipha_t *ipha, tcpha_t *tcpha,
2382     ip_stack_t *ipst)
2383 {
2384 	uint32_t ports;
2385 	uint16_t *pports = (uint16_t *)&ports;
2386 	connf_t	*connfp;
2387 	conn_t	*tconnp;
2388 	boolean_t zone_chk;
2389 
2390 	/*
2391 	 * If either the source of destination address is loopback, then
2392 	 * both endpoints must be in the same Zone.  Otherwise, both of
2393 	 * the addresses are system-wide unique (tcp is in ESTABLISHED
2394 	 * state) and the endpoints may reside in different Zones.
2395 	 */
2396 	zone_chk = (ipha->ipha_src == htonl(INADDR_LOOPBACK) ||
2397 	    ipha->ipha_dst == htonl(INADDR_LOOPBACK));
2398 
2399 	pports[0] = tcpha->tha_fport;
2400 	pports[1] = tcpha->tha_lport;
2401 
2402 	connfp = &ipst->ips_ipcl_conn_fanout[IPCL_CONN_HASH(ipha->ipha_dst,
2403 	    ports, ipst)];
2404 
2405 	mutex_enter(&connfp->connf_lock);
2406 	for (tconnp = connfp->connf_head; tconnp != NULL;
2407 	    tconnp = tconnp->conn_next) {
2408 
2409 		if (IPCL_CONN_MATCH(tconnp, IPPROTO_TCP,
2410 		    ipha->ipha_dst, ipha->ipha_src, ports) &&
2411 		    tconnp->conn_tcp->tcp_state == TCPS_ESTABLISHED &&
2412 		    (!zone_chk || tconnp->conn_zoneid == connp->conn_zoneid)) {
2413 
2414 			ASSERT(tconnp != connp);
2415 			CONN_INC_REF(tconnp);
2416 			mutex_exit(&connfp->connf_lock);
2417 			return (tconnp);
2418 		}
2419 	}
2420 	mutex_exit(&connfp->connf_lock);
2421 	return (NULL);
2422 }
2423 
2424 /*
2425  * Search for a peer TCP/IPv6 loopback conn by doing a reverse lookup on
2426  * the {src, dst, lport, fport} quadruplet.  Returns with conn reference
2427  * held; caller must call CONN_DEC_REF.  Only checks for connected entries
2428  * (peer tcp in ESTABLISHED state).
2429  */
2430 conn_t *
ipcl_conn_tcp_lookup_reversed_ipv6(conn_t * connp,ip6_t * ip6h,tcpha_t * tcpha,ip_stack_t * ipst)2431 ipcl_conn_tcp_lookup_reversed_ipv6(conn_t *connp, ip6_t *ip6h, tcpha_t *tcpha,
2432     ip_stack_t *ipst)
2433 {
2434 	uint32_t ports;
2435 	uint16_t *pports = (uint16_t *)&ports;
2436 	connf_t	*connfp;
2437 	conn_t	*tconnp;
2438 	boolean_t zone_chk;
2439 
2440 	/*
2441 	 * If either the source of destination address is loopback, then
2442 	 * both endpoints must be in the same Zone.  Otherwise, both of
2443 	 * the addresses are system-wide unique (tcp is in ESTABLISHED
2444 	 * state) and the endpoints may reside in different Zones.  We
2445 	 * don't do Zone check for link local address(es) because the
2446 	 * current Zone implementation treats each link local address as
2447 	 * being unique per system node, i.e. they belong to global Zone.
2448 	 */
2449 	zone_chk = (IN6_IS_ADDR_LOOPBACK(&ip6h->ip6_src) ||
2450 	    IN6_IS_ADDR_LOOPBACK(&ip6h->ip6_dst));
2451 
2452 	pports[0] = tcpha->tha_fport;
2453 	pports[1] = tcpha->tha_lport;
2454 
2455 	connfp = &ipst->ips_ipcl_conn_fanout[IPCL_CONN_HASH_V6(ip6h->ip6_dst,
2456 	    ports, ipst)];
2457 
2458 	mutex_enter(&connfp->connf_lock);
2459 	for (tconnp = connfp->connf_head; tconnp != NULL;
2460 	    tconnp = tconnp->conn_next) {
2461 
2462 		/* We skip conn_bound_if check here as this is loopback tcp */
2463 		if (IPCL_CONN_MATCH_V6(tconnp, IPPROTO_TCP,
2464 		    ip6h->ip6_dst, ip6h->ip6_src, ports) &&
2465 		    tconnp->conn_tcp->tcp_state == TCPS_ESTABLISHED &&
2466 		    (!zone_chk || tconnp->conn_zoneid == connp->conn_zoneid)) {
2467 
2468 			ASSERT(tconnp != connp);
2469 			CONN_INC_REF(tconnp);
2470 			mutex_exit(&connfp->connf_lock);
2471 			return (tconnp);
2472 		}
2473 	}
2474 	mutex_exit(&connfp->connf_lock);
2475 	return (NULL);
2476 }
2477 
2478 /*
2479  * Find an exact {src, dst, lport, fport} match for a bounced datagram.
2480  * Returns with conn reference held. Caller must call CONN_DEC_REF.
2481  * Only checks for connected entries i.e. no INADDR_ANY checks.
2482  */
2483 conn_t *
ipcl_tcp_lookup_reversed_ipv4(ipha_t * ipha,tcpha_t * tcpha,int min_state,ip_stack_t * ipst)2484 ipcl_tcp_lookup_reversed_ipv4(ipha_t *ipha, tcpha_t *tcpha, int min_state,
2485     ip_stack_t *ipst)
2486 {
2487 	uint32_t ports;
2488 	uint16_t *pports;
2489 	connf_t	*connfp;
2490 	conn_t	*tconnp;
2491 
2492 	pports = (uint16_t *)&ports;
2493 	pports[0] = tcpha->tha_fport;
2494 	pports[1] = tcpha->tha_lport;
2495 
2496 	connfp = &ipst->ips_ipcl_conn_fanout[IPCL_CONN_HASH(ipha->ipha_dst,
2497 	    ports, ipst)];
2498 
2499 	mutex_enter(&connfp->connf_lock);
2500 	for (tconnp = connfp->connf_head; tconnp != NULL;
2501 	    tconnp = tconnp->conn_next) {
2502 
2503 		if (IPCL_CONN_MATCH(tconnp, IPPROTO_TCP,
2504 		    ipha->ipha_dst, ipha->ipha_src, ports) &&
2505 		    tconnp->conn_tcp->tcp_state >= min_state) {
2506 
2507 			CONN_INC_REF(tconnp);
2508 			mutex_exit(&connfp->connf_lock);
2509 			return (tconnp);
2510 		}
2511 	}
2512 	mutex_exit(&connfp->connf_lock);
2513 	return (NULL);
2514 }
2515 
2516 /*
2517  * Find an exact {src, dst, lport, fport} match for a bounced datagram.
2518  * Returns with conn reference held. Caller must call CONN_DEC_REF.
2519  * Only checks for connected entries i.e. no INADDR_ANY checks.
2520  * Match on ifindex in addition to addresses.
2521  */
2522 conn_t *
ipcl_tcp_lookup_reversed_ipv6(ip6_t * ip6h,tcpha_t * tcpha,int min_state,uint_t ifindex,ip_stack_t * ipst)2523 ipcl_tcp_lookup_reversed_ipv6(ip6_t *ip6h, tcpha_t *tcpha, int min_state,
2524     uint_t ifindex, ip_stack_t *ipst)
2525 {
2526 	tcp_t	*tcp;
2527 	uint32_t ports;
2528 	uint16_t *pports;
2529 	connf_t	*connfp;
2530 	conn_t	*tconnp;
2531 
2532 	pports = (uint16_t *)&ports;
2533 	pports[0] = tcpha->tha_fport;
2534 	pports[1] = tcpha->tha_lport;
2535 
2536 	connfp = &ipst->ips_ipcl_conn_fanout[IPCL_CONN_HASH_V6(ip6h->ip6_dst,
2537 	    ports, ipst)];
2538 
2539 	mutex_enter(&connfp->connf_lock);
2540 	for (tconnp = connfp->connf_head; tconnp != NULL;
2541 	    tconnp = tconnp->conn_next) {
2542 
2543 		tcp = tconnp->conn_tcp;
2544 		if (IPCL_CONN_MATCH_V6(tconnp, IPPROTO_TCP,
2545 		    ip6h->ip6_dst, ip6h->ip6_src, ports) &&
2546 		    tcp->tcp_state >= min_state &&
2547 		    (tconnp->conn_bound_if == 0 ||
2548 		    tconnp->conn_bound_if == ifindex)) {
2549 
2550 			CONN_INC_REF(tconnp);
2551 			mutex_exit(&connfp->connf_lock);
2552 			return (tconnp);
2553 		}
2554 	}
2555 	mutex_exit(&connfp->connf_lock);
2556 	return (NULL);
2557 }
2558 
2559 /*
2560  * Finds a TCP/IPv4 listening connection; called by tcp_disconnect to locate
2561  * a listener when changing state.
2562  */
2563 conn_t *
ipcl_lookup_listener_v4(uint16_t lport,ipaddr_t laddr,zoneid_t zoneid,ip_stack_t * ipst)2564 ipcl_lookup_listener_v4(uint16_t lport, ipaddr_t laddr, zoneid_t zoneid,
2565     ip_stack_t *ipst)
2566 {
2567 	connf_t		*bind_connfp;
2568 	conn_t		*connp;
2569 	tcp_t		*tcp;
2570 
2571 	/*
2572 	 * Avoid false matches for packets sent to an IP destination of
2573 	 * all zeros.
2574 	 */
2575 	if (laddr == 0)
2576 		return (NULL);
2577 
2578 	ASSERT(zoneid != ALL_ZONES);
2579 
2580 	bind_connfp = &ipst->ips_ipcl_bind_fanout[IPCL_BIND_HASH(lport, ipst)];
2581 	mutex_enter(&bind_connfp->connf_lock);
2582 	for (connp = bind_connfp->connf_head; connp != NULL;
2583 	    connp = connp->conn_next) {
2584 		tcp = connp->conn_tcp;
2585 		if (IPCL_BIND_MATCH(connp, IPPROTO_TCP, laddr, lport) &&
2586 		    IPCL_ZONE_MATCH(connp, zoneid) &&
2587 		    (tcp->tcp_listener == NULL)) {
2588 			CONN_INC_REF(connp);
2589 			mutex_exit(&bind_connfp->connf_lock);
2590 			return (connp);
2591 		}
2592 	}
2593 	mutex_exit(&bind_connfp->connf_lock);
2594 	return (NULL);
2595 }
2596 
2597 /*
2598  * Finds a TCP/IPv6 listening connection; called by tcp_disconnect to locate
2599  * a listener when changing state.
2600  */
2601 conn_t *
ipcl_lookup_listener_v6(uint16_t lport,in6_addr_t * laddr,uint_t ifindex,zoneid_t zoneid,ip_stack_t * ipst)2602 ipcl_lookup_listener_v6(uint16_t lport, in6_addr_t *laddr, uint_t ifindex,
2603     zoneid_t zoneid, ip_stack_t *ipst)
2604 {
2605 	connf_t		*bind_connfp;
2606 	conn_t		*connp = NULL;
2607 	tcp_t		*tcp;
2608 
2609 	/*
2610 	 * Avoid false matches for packets sent to an IP destination of
2611 	 * all zeros.
2612 	 */
2613 	if (IN6_IS_ADDR_UNSPECIFIED(laddr))
2614 		return (NULL);
2615 
2616 	ASSERT(zoneid != ALL_ZONES);
2617 
2618 	bind_connfp = &ipst->ips_ipcl_bind_fanout[IPCL_BIND_HASH(lport, ipst)];
2619 	mutex_enter(&bind_connfp->connf_lock);
2620 	for (connp = bind_connfp->connf_head; connp != NULL;
2621 	    connp = connp->conn_next) {
2622 		tcp = connp->conn_tcp;
2623 		if (IPCL_BIND_MATCH_V6(connp, IPPROTO_TCP, *laddr, lport) &&
2624 		    IPCL_ZONE_MATCH(connp, zoneid) &&
2625 		    (connp->conn_bound_if == 0 ||
2626 		    connp->conn_bound_if == ifindex) &&
2627 		    tcp->tcp_listener == NULL) {
2628 			CONN_INC_REF(connp);
2629 			mutex_exit(&bind_connfp->connf_lock);
2630 			return (connp);
2631 		}
2632 	}
2633 	mutex_exit(&bind_connfp->connf_lock);
2634 	return (NULL);
2635 }
2636 
2637 /*
2638  * ipcl_get_next_conn
2639  *	get the next entry in the conn global list
2640  *	and put a reference on the next_conn.
2641  *	decrement the reference on the current conn.
2642  *
2643  * This is an iterator based walker function that also provides for
2644  * some selection by the caller. It walks through the conn_hash bucket
2645  * searching for the next valid connp in the list, and selects connections
2646  * that are neither closed nor condemned. It also REFHOLDS the conn
2647  * thus ensuring that the conn exists when the caller uses the conn.
2648  */
2649 conn_t *
ipcl_get_next_conn(connf_t * connfp,conn_t * connp,uint32_t conn_flags)2650 ipcl_get_next_conn(connf_t *connfp, conn_t *connp, uint32_t conn_flags)
2651 {
2652 	conn_t	*next_connp;
2653 
2654 	if (connfp == NULL)
2655 		return (NULL);
2656 
2657 	mutex_enter(&connfp->connf_lock);
2658 
2659 	next_connp = (connp == NULL) ?
2660 	    connfp->connf_head : connp->conn_g_next;
2661 
2662 	while (next_connp != NULL) {
2663 		mutex_enter(&next_connp->conn_lock);
2664 		if (!(next_connp->conn_flags & conn_flags) ||
2665 		    (next_connp->conn_state_flags &
2666 		    (CONN_CONDEMNED | CONN_INCIPIENT))) {
2667 			/*
2668 			 * This conn has been condemned or
2669 			 * is closing, or the flags don't match
2670 			 */
2671 			mutex_exit(&next_connp->conn_lock);
2672 			next_connp = next_connp->conn_g_next;
2673 			continue;
2674 		}
2675 		CONN_INC_REF_LOCKED(next_connp);
2676 		mutex_exit(&next_connp->conn_lock);
2677 		break;
2678 	}
2679 
2680 	mutex_exit(&connfp->connf_lock);
2681 
2682 	if (connp != NULL)
2683 		CONN_DEC_REF(connp);
2684 
2685 	return (next_connp);
2686 }
2687 
2688 #ifdef CONN_DEBUG
2689 /*
2690  * Trace of the last NBUF refhold/refrele
2691  */
2692 int
conn_trace_ref(conn_t * connp)2693 conn_trace_ref(conn_t *connp)
2694 {
2695 	int	last;
2696 	conn_trace_t	*ctb;
2697 
2698 	ASSERT(MUTEX_HELD(&connp->conn_lock));
2699 	last = connp->conn_trace_last;
2700 	last++;
2701 	if (last == CONN_TRACE_MAX)
2702 		last = 0;
2703 
2704 	ctb = &connp->conn_trace_buf[last];
2705 	ctb->ctb_depth = getpcstack(ctb->ctb_stack, CONN_STACK_DEPTH);
2706 	connp->conn_trace_last = last;
2707 	return (1);
2708 }
2709 
2710 int
conn_untrace_ref(conn_t * connp)2711 conn_untrace_ref(conn_t *connp)
2712 {
2713 	int	last;
2714 	conn_trace_t	*ctb;
2715 
2716 	ASSERT(MUTEX_HELD(&connp->conn_lock));
2717 	last = connp->conn_trace_last;
2718 	last++;
2719 	if (last == CONN_TRACE_MAX)
2720 		last = 0;
2721 
2722 	ctb = &connp->conn_trace_buf[last];
2723 	ctb->ctb_depth = getpcstack(ctb->ctb_stack, CONN_STACK_DEPTH);
2724 	connp->conn_trace_last = last;
2725 	return (1);
2726 }
2727 #endif
2728 
2729 mib2_socketInfoEntry_t *
conn_get_socket_info(conn_t * connp,mib2_socketInfoEntry_t * sie)2730 conn_get_socket_info(conn_t *connp, mib2_socketInfoEntry_t *sie)
2731 {
2732 	vnode_t *vn = NULL;
2733 	vattr_t attr;
2734 	uint64_t flags = 0;
2735 	sock_upcalls_t *upcalls;
2736 	sock_upper_handle_t upper_handle;
2737 
2738 	/*
2739 	 * If the connection is closing, it is not safe to make an upcall or
2740 	 * access the stream associated with the connection.
2741 	 * The callers of this function have a reference on connp itself
2742 	 * so, as long as it is not closing, it's safe to continue.
2743 	 */
2744 	mutex_enter(&connp->conn_lock);
2745 
2746 	if ((connp->conn_state_flags & CONN_CLOSING)) {
2747 		mutex_exit(&connp->conn_lock);
2748 		return (NULL);
2749 	}
2750 
2751 	/*
2752 	 * Continue to hold conn_lock because we don't want to race with an
2753 	 * in-progress close, which will have set-to-NULL (and destroyed
2754 	 * upper_handle, aka sonode (and vnode)) BEFORE setting CONN_CLOSING.
2755 	 *
2756 	 * There is still a race with an in-progress OPEN, however, where
2757 	 * conn_upper_handle and conn_upcalls are being assigned (in multiple
2758 	 * codepaths) WITHOUT conn_lock being held.  We address that race
2759 	 * HERE, however, given that both are going from NULL to non-NULL,
2760 	 * if we lose the race, we don't get any data for the in-progress-OPEN
2761 	 * socket.
2762 	 */
2763 
2764 	upcalls = connp->conn_upcalls;
2765 	upper_handle = connp->conn_upper_handle;
2766 	/* Check BOTH for non-NULL before attempting an upcall. */
2767 	if (upper_handle != NULL && upcalls != NULL) {
2768 		/* su_get_vnode() returns one with VN_HOLD() already done. */
2769 		vn = upcalls->su_get_vnode(upper_handle);
2770 	} else if (!IPCL_IS_NONSTR(connp) && connp->conn_rq != NULL) {
2771 		vn = STREAM(connp->conn_rq)->sd_pvnode;
2772 		if (vn != NULL)
2773 			VN_HOLD(vn);
2774 		flags |= MIB2_SOCKINFO_STREAM;
2775 	}
2776 
2777 	mutex_exit(&connp->conn_lock);
2778 
2779 	if (vn == NULL || VOP_GETATTR(vn, &attr, 0, CRED(), NULL) != 0) {
2780 		if (vn != NULL)
2781 			VN_RELE(vn);
2782 		return (NULL);
2783 	}
2784 
2785 	VN_RELE(vn);
2786 
2787 	bzero(sie, sizeof (*sie));
2788 
2789 	sie->sie_flags = flags;
2790 	sie->sie_inode = attr.va_nodeid;
2791 	sie->sie_dev = attr.va_rdev;
2792 
2793 	return (sie);
2794 }
2795