17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5ee4701baSericheng * Common Development and Distribution License (the "License"). 6ee4701baSericheng * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 223344d750Smeem * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 2678a2e113SAndy Fiddaman /* 27221e47fbSAndy Fiddaman * Copyright 2020 OmniOS Community Edition (OmniOSce) Association. 2878a2e113SAndy Fiddaman */ 2978a2e113SAndy Fiddaman 307c478bd9Sstevel@tonic-gate #ifndef _INET_IPCLASSIFIER_H 317c478bd9Sstevel@tonic-gate #define _INET_IPCLASSIFIER_H 327c478bd9Sstevel@tonic-gate 337c478bd9Sstevel@tonic-gate #ifdef __cplusplus 347c478bd9Sstevel@tonic-gate extern "C" { 357c478bd9Sstevel@tonic-gate #endif 367c478bd9Sstevel@tonic-gate 377c478bd9Sstevel@tonic-gate #include <inet/common.h> 387c478bd9Sstevel@tonic-gate #include <inet/ip.h> 397c478bd9Sstevel@tonic-gate #include <inet/mi.h> 407c478bd9Sstevel@tonic-gate #include <inet/tcp.h> 417c478bd9Sstevel@tonic-gate #include <inet/ip6.h> 427c478bd9Sstevel@tonic-gate #include <netinet/in.h> /* for IPPROTO_* constants */ 437c478bd9Sstevel@tonic-gate #include <sys/sdt.h> 440f1702c5SYu Xiangning #include <sys/socket_proto.h> 450f1702c5SYu Xiangning #include <sys/sunddi.h> 460f1702c5SYu Xiangning #include <sys/sunldi.h> 477c478bd9Sstevel@tonic-gate 48bd670b35SErik Nordmark typedef void (*edesc_rpf)(void *, mblk_t *, void *, ip_recv_attr_t *); 49bd670b35SErik Nordmark struct icmph_s; 50bd670b35SErik Nordmark struct icmp6_hdr; 51bd670b35SErik Nordmark typedef boolean_t (*edesc_vpf)(conn_t *, void *, struct icmph_s *, 52bd670b35SErik Nordmark struct icmp6_hdr *, ip_recv_attr_t *); 537c478bd9Sstevel@tonic-gate 547c478bd9Sstevel@tonic-gate /* 557c478bd9Sstevel@tonic-gate * ============================== 567c478bd9Sstevel@tonic-gate * = The CONNECTION = 577c478bd9Sstevel@tonic-gate * ============================== 587c478bd9Sstevel@tonic-gate */ 597c478bd9Sstevel@tonic-gate 607c478bd9Sstevel@tonic-gate /* 617c478bd9Sstevel@tonic-gate * The connection structure contains the common information/flags/ref needed. 627c478bd9Sstevel@tonic-gate * Implementation will keep the connection struct, the layers (with their 63bd670b35SErik Nordmark * respective data for event i.e. tcp_t if event was tcp_input_data) all in one 647c478bd9Sstevel@tonic-gate * contiguous memory location. 657c478bd9Sstevel@tonic-gate */ 667c478bd9Sstevel@tonic-gate 677c478bd9Sstevel@tonic-gate /* Conn Flags */ 68fc80c0dfSnordmark /* Unused 0x00020000 */ 69fc80c0dfSnordmark /* Unused 0x00040000 */ 707c478bd9Sstevel@tonic-gate #define IPCL_FULLY_BOUND 0x00080000 /* Bound to correct squeue */ 71bd670b35SErik Nordmark /* Unused 0x00100000 */ 7278a2e113SAndy Fiddaman /* Unused 0x00200000 */ 73bd670b35SErik Nordmark /* Unused 0x00400000 */ 74ff550d0eSmasputra #define IPCL_CL_LISTENER 0x00800000 /* Cluster listener */ 75bd670b35SErik Nordmark /* Unused 0x01000000 */ 76fc80c0dfSnordmark /* Unused 0x02000000 */ 77bd670b35SErik Nordmark /* Unused 0x04000000 */ 78bd670b35SErik Nordmark /* Unused 0x08000000 */ 79fc80c0dfSnordmark /* Unused 0x10000000 */ 80fc80c0dfSnordmark /* Unused 0x20000000 */ 81ff550d0eSmasputra #define IPCL_CONNECTED 0x40000000 /* Conn in connected table */ 82ff550d0eSmasputra #define IPCL_BOUND 0x80000000 /* Conn in bind table */ 837c478bd9Sstevel@tonic-gate 847c478bd9Sstevel@tonic-gate /* Flags identifying the type of conn */ 85fc80c0dfSnordmark #define IPCL_TCPCONN 0x00000001 /* From tcp_conn_cache */ 86fc80c0dfSnordmark #define IPCL_SCTPCONN 0x00000002 /* From sctp_conn_cache */ 87fc80c0dfSnordmark #define IPCL_IPCCONN 0x00000004 /* From ip_conn_cache */ 88fc80c0dfSnordmark #define IPCL_UDPCONN 0x00000008 /* From udp_conn_cache */ 89fc80c0dfSnordmark #define IPCL_RAWIPCONN 0x00000010 /* From rawip_conn_cache */ 90fc80c0dfSnordmark #define IPCL_RTSCONN 0x00000020 /* From rts_conn_cache */ 912b24ab6bSSebastien Roy /* Unused 0x00000040 */ 922b24ab6bSSebastien Roy #define IPCL_IPTUN 0x00000080 /* iptun module above us */ 93bd670b35SErik Nordmark 940f1702c5SYu Xiangning #define IPCL_NONSTR 0x00001000 /* A non-STREAMS socket */ 95bd670b35SErik Nordmark /* Unused 0x10000000 */ 967c478bd9Sstevel@tonic-gate 97fc80c0dfSnordmark #define IPCL_REMOVED 0x00000100 98fc80c0dfSnordmark #define IPCL_REUSED 0x00000200 997c478bd9Sstevel@tonic-gate 1007c478bd9Sstevel@tonic-gate #define IPCL_IS_CONNECTED(connp) \ 1017c478bd9Sstevel@tonic-gate ((connp)->conn_flags & IPCL_CONNECTED) 1027c478bd9Sstevel@tonic-gate 1037c478bd9Sstevel@tonic-gate #define IPCL_IS_BOUND(connp) \ 1047c478bd9Sstevel@tonic-gate ((connp)->conn_flags & IPCL_BOUND) 1057c478bd9Sstevel@tonic-gate 106ff550d0eSmasputra /* 107bd670b35SErik Nordmark * Can't use conn_proto since we need to tell difference 108fc80c0dfSnordmark * between a real TCP socket and a SOCK_RAW, IPPROTO_TCP. 109ff550d0eSmasputra */ 110fc80c0dfSnordmark #define IPCL_IS_TCP(connp) \ 111fc80c0dfSnordmark ((connp)->conn_flags & IPCL_TCPCONN) 112fc80c0dfSnordmark 113fc80c0dfSnordmark #define IPCL_IS_SCTP(connp) \ 114fc80c0dfSnordmark ((connp)->conn_flags & IPCL_SCTPCONN) 115fc80c0dfSnordmark 116ff550d0eSmasputra #define IPCL_IS_UDP(connp) \ 117fc80c0dfSnordmark ((connp)->conn_flags & IPCL_UDPCONN) 118fc80c0dfSnordmark 119fc80c0dfSnordmark #define IPCL_IS_RAWIP(connp) \ 120fc80c0dfSnordmark ((connp)->conn_flags & IPCL_RAWIPCONN) 121ff550d0eSmasputra 122fc80c0dfSnordmark #define IPCL_IS_RTS(connp) \ 123fc80c0dfSnordmark ((connp)->conn_flags & IPCL_RTSCONN) 124fc80c0dfSnordmark 1257c478bd9Sstevel@tonic-gate #define IPCL_IS_IPTUN(connp) \ 1262b24ab6bSSebastien Roy ((connp)->conn_flags & IPCL_IPTUN) 1277c478bd9Sstevel@tonic-gate 1280f1702c5SYu Xiangning #define IPCL_IS_NONSTR(connp) ((connp)->conn_flags & IPCL_NONSTR) 1290f1702c5SYu Xiangning 1307c478bd9Sstevel@tonic-gate typedef struct connf_s connf_t; 131f4b3ec61Sdh 1327c478bd9Sstevel@tonic-gate typedef struct 1337c478bd9Sstevel@tonic-gate { 1347c478bd9Sstevel@tonic-gate int ctb_depth; 1356a8288c7Scarlsonj #define CONN_STACK_DEPTH 15 1366a8288c7Scarlsonj pc_t ctb_stack[CONN_STACK_DEPTH]; 1377c478bd9Sstevel@tonic-gate } conn_trace_t; 1387c478bd9Sstevel@tonic-gate 1390f1702c5SYu Xiangning typedef struct ip_helper_minor_info_s { 1400f1702c5SYu Xiangning dev_t ip_minfo_dev; /* Device */ 1410f1702c5SYu Xiangning vmem_t *ip_minfo_arena; /* Arena */ 1420f1702c5SYu Xiangning } ip_helper_minfo_t; 1430f1702c5SYu Xiangning 1440f1702c5SYu Xiangning /* 1450f1702c5SYu Xiangning * ip helper stream info 1460f1702c5SYu Xiangning */ 1470f1702c5SYu Xiangning typedef struct ip_helper_stream_info_s { 14819a8a986SRao Shoaib ldi_handle_t iphs_handle; 14978a2e113SAndy Fiddaman queue_t *iphs_rq; 15078a2e113SAndy Fiddaman queue_t *iphs_wq; 15119a8a986SRao Shoaib ip_helper_minfo_t *iphs_minfo; 1520f1702c5SYu Xiangning } ip_helper_stream_info_t; 1530f1702c5SYu Xiangning 1545d3b8cb7SBill Sommerfeld /* 1555d3b8cb7SBill Sommerfeld * Mandatory Access Control mode, in conn_t's conn_mac_mode field. 15678a2e113SAndy Fiddaman * CONN_MAC_DEFAULT: strict enforcement of MAC. 15778a2e113SAndy Fiddaman * CONN_MAC_AWARE: allows communications between unlabeled systems 1585d3b8cb7SBill Sommerfeld * and privileged daemons 1595d3b8cb7SBill Sommerfeld * CONN_MAC_IMPLICIT: allows communications without explicit labels 1605d3b8cb7SBill Sommerfeld * on the wire with privileged daemons. 1615d3b8cb7SBill Sommerfeld * 1625d3b8cb7SBill Sommerfeld * CONN_MAC_IMPLICIT is intended specifically for labeled IPsec key management 1635d3b8cb7SBill Sommerfeld * in networks which don't pass CIPSO-labeled packets. 1645d3b8cb7SBill Sommerfeld */ 1655d3b8cb7SBill Sommerfeld #define CONN_MAC_DEFAULT 0 1665d3b8cb7SBill Sommerfeld #define CONN_MAC_AWARE 1 1675d3b8cb7SBill Sommerfeld #define CONN_MAC_IMPLICIT 2 1685d3b8cb7SBill Sommerfeld 169bd670b35SErik Nordmark /* 170bd670b35SErik Nordmark * conn receive ancillary definition. 171bd670b35SErik Nordmark * 172bd670b35SErik Nordmark * These are the set of socket options that make the receive side 173bd670b35SErik Nordmark * potentially pass up ancillary data items. 174bd670b35SErik Nordmark * We have a union with an integer so that we can quickly check whether 175bd670b35SErik Nordmark * any ancillary data items need to be added. 176bd670b35SErik Nordmark */ 177bd670b35SErik Nordmark typedef struct crb_s { 178bd670b35SErik Nordmark union { 179bd670b35SErik Nordmark uint32_t crbu_all; 180bd670b35SErik Nordmark struct { 181bd670b35SErik Nordmark uint32_t 182bd670b35SErik Nordmark crbb_recvdstaddr : 1, /* IP_RECVDSTADDR option */ 183bd670b35SErik Nordmark crbb_recvopts : 1, /* IP_RECVOPTS option */ 184bd670b35SErik Nordmark crbb_recvif : 1, /* IP_RECVIF option */ 185bd670b35SErik Nordmark crbb_recvslla : 1, /* IP_RECVSLLA option */ 186bd670b35SErik Nordmark 187bd670b35SErik Nordmark crbb_recvttl : 1, /* IP_RECVTTL option */ 188221e47fbSAndy Fiddaman crbb_recvtos : 1, /* IP_RECVTOS option */ 189bd670b35SErik Nordmark crbb_ip_recvpktinfo : 1, /* IP*_RECVPKTINFO option */ 190bd670b35SErik Nordmark crbb_ipv6_recvhoplimit : 1, /* IPV6_RECVHOPLIMIT option */ 191bd670b35SErik Nordmark crbb_ipv6_recvhopopts : 1, /* IPV6_RECVHOPOPTS option */ 192bd670b35SErik Nordmark 193bd670b35SErik Nordmark crbb_ipv6_recvdstopts : 1, /* IPV6_RECVDSTOPTS option */ 194bd670b35SErik Nordmark crbb_ipv6_recvrthdr : 1, /* IPV6_RECVRTHDR option */ 195bd670b35SErik Nordmark crbb_old_ipv6_recvdstopts : 1, /* old form of IPV6_DSTOPTS */ 196bd670b35SErik Nordmark crbb_ipv6_recvrthdrdstopts : 1, /* IPV6_RECVRTHDRDSTOPTS */ 197bd670b35SErik Nordmark 198bd670b35SErik Nordmark crbb_ipv6_recvtclass : 1, /* IPV6_RECVTCLASS */ 199bd670b35SErik Nordmark crbb_recvucred : 1, /* IP_RECVUCRED option */ 200bd670b35SErik Nordmark crbb_timestamp : 1; /* SO_TIMESTAMP "socket" option */ 201bd670b35SErik Nordmark 202bd670b35SErik Nordmark } crbb; 203bd670b35SErik Nordmark } crbu; 204bd670b35SErik Nordmark } crb_t; 205bd670b35SErik Nordmark 206bd670b35SErik Nordmark #define crb_all crbu.crbu_all 207bd670b35SErik Nordmark #define crb_recvdstaddr crbu.crbb.crbb_recvdstaddr 208bd670b35SErik Nordmark #define crb_recvopts crbu.crbb.crbb_recvopts 209bd670b35SErik Nordmark #define crb_recvif crbu.crbb.crbb_recvif 210bd670b35SErik Nordmark #define crb_recvslla crbu.crbb.crbb_recvslla 211bd670b35SErik Nordmark #define crb_recvttl crbu.crbb.crbb_recvttl 212221e47fbSAndy Fiddaman #define crb_recvtos crbu.crbb.crbb_recvtos 213bd670b35SErik Nordmark #define crb_ip_recvpktinfo crbu.crbb.crbb_ip_recvpktinfo 214bd670b35SErik Nordmark #define crb_ipv6_recvhoplimit crbu.crbb.crbb_ipv6_recvhoplimit 215bd670b35SErik Nordmark #define crb_ipv6_recvhopopts crbu.crbb.crbb_ipv6_recvhopopts 216bd670b35SErik Nordmark #define crb_ipv6_recvdstopts crbu.crbb.crbb_ipv6_recvdstopts 217bd670b35SErik Nordmark #define crb_ipv6_recvrthdr crbu.crbb.crbb_ipv6_recvrthdr 218bd670b35SErik Nordmark #define crb_old_ipv6_recvdstopts crbu.crbb.crbb_old_ipv6_recvdstopts 219bd670b35SErik Nordmark #define crb_ipv6_recvrthdrdstopts crbu.crbb.crbb_ipv6_recvrthdrdstopts 220bd670b35SErik Nordmark #define crb_ipv6_recvtclass crbu.crbb.crbb_ipv6_recvtclass 221bd670b35SErik Nordmark #define crb_recvucred crbu.crbb.crbb_recvucred 222bd670b35SErik Nordmark #define crb_timestamp crbu.crbb.crbb_timestamp 223bd670b35SErik Nordmark 224fc80c0dfSnordmark /* 225fc80c0dfSnordmark * The initial fields in the conn_t are setup by the kmem_cache constructor, 226fc80c0dfSnordmark * and are preserved when it is freed. Fields after that are bzero'ed when 227fc80c0dfSnordmark * the conn_t is freed. 228bd670b35SErik Nordmark * 229bd670b35SErik Nordmark * Much of the conn_t is protected by conn_lock. 230bd670b35SErik Nordmark * 231bd670b35SErik Nordmark * conn_lock is also used by some ULPs (like UDP and RAWIP) to protect 232bd670b35SErik Nordmark * their state. 233fc80c0dfSnordmark */ 2347c478bd9Sstevel@tonic-gate struct conn_s { 2357c478bd9Sstevel@tonic-gate kmutex_t conn_lock; 2367c478bd9Sstevel@tonic-gate uint32_t conn_ref; /* Reference counter */ 237fc80c0dfSnordmark uint32_t conn_flags; /* Conn Flags */ 238fc80c0dfSnordmark 239fc80c0dfSnordmark union { 240fc80c0dfSnordmark tcp_t *cp_tcp; /* Pointer to the tcp struct */ 241fc80c0dfSnordmark struct udp_s *cp_udp; /* Pointer to the udp struct */ 242fc80c0dfSnordmark struct icmp_s *cp_icmp; /* Pointer to rawip struct */ 243fc80c0dfSnordmark struct rts_s *cp_rts; /* Pointer to rts struct */ 2442b24ab6bSSebastien Roy struct iptun_s *cp_iptun; /* Pointer to iptun_t */ 245bd670b35SErik Nordmark struct sctp_s *cp_sctp; /* For IPCL_SCTPCONN */ 246fc80c0dfSnordmark void *cp_priv; 247fc80c0dfSnordmark } conn_proto_priv; 248fc80c0dfSnordmark #define conn_tcp conn_proto_priv.cp_tcp 249fc80c0dfSnordmark #define conn_udp conn_proto_priv.cp_udp 250fc80c0dfSnordmark #define conn_icmp conn_proto_priv.cp_icmp 251fc80c0dfSnordmark #define conn_rts conn_proto_priv.cp_rts 2522b24ab6bSSebastien Roy #define conn_iptun conn_proto_priv.cp_iptun 253bd670b35SErik Nordmark #define conn_sctp conn_proto_priv.cp_sctp 254fc80c0dfSnordmark #define conn_priv conn_proto_priv.cp_priv 255fc80c0dfSnordmark 256fc80c0dfSnordmark kcondvar_t conn_cv; 257bd670b35SErik Nordmark uint8_t conn_proto; /* protocol type */ 258fc80c0dfSnordmark 259fc80c0dfSnordmark edesc_rpf conn_recv; /* Pointer to recv routine */ 260bd670b35SErik Nordmark edesc_rpf conn_recvicmp; /* For ICMP error */ 261bd670b35SErik Nordmark edesc_vpf conn_verifyicmp; /* Verify ICMP error */ 262bd670b35SErik Nordmark 263bd670b35SErik Nordmark ip_xmit_attr_t *conn_ixa; /* Options if no ancil data */ 264fc80c0dfSnordmark 265fc80c0dfSnordmark /* Fields after this are bzero'ed when the conn_t is freed. */ 266bd670b35SErik Nordmark #define conn_start_clr conn_recv_ancillary 267bd670b35SErik Nordmark 268bd670b35SErik Nordmark /* Options for receive-side ancillary data */ 269bd670b35SErik Nordmark crb_t conn_recv_ancillary; 270fc80c0dfSnordmark 271fc80c0dfSnordmark squeue_t *conn_sqp; /* Squeue for processing */ 2727c478bd9Sstevel@tonic-gate uint_t conn_state_flags; /* IP state flags */ 273fc80c0dfSnordmark 274bd670b35SErik Nordmark int conn_lingertime; /* linger time (in seconds) */ 275bd670b35SErik Nordmark 2767c478bd9Sstevel@tonic-gate unsigned int 2777c478bd9Sstevel@tonic-gate conn_on_sqp : 1, /* Conn is being processed */ 278bd670b35SErik Nordmark conn_linger : 1, /* SO_LINGER state */ 279bd670b35SErik Nordmark conn_useloopback : 1, /* SO_USELOOPBACK state */ 2807c478bd9Sstevel@tonic-gate conn_broadcast : 1, /* SO_BROADCAST state */ 2817c478bd9Sstevel@tonic-gate 28245916cd2Sjpk conn_reuseaddr : 1, /* SO_REUSEADDR state */ 283bd670b35SErik Nordmark conn_keepalive : 1, /* SO_KEEPALIVE state */ 2847c478bd9Sstevel@tonic-gate conn_multi_router : 1, /* Wants all multicast pkts */ 2857c478bd9Sstevel@tonic-gate conn_unspec_src : 1, /* IP_UNSPEC_SRC */ 2863344d750Smeem 2877c478bd9Sstevel@tonic-gate conn_policy_cached : 1, /* Is policy cached/latched ? */ 2887c478bd9Sstevel@tonic-gate conn_in_enforce_policy : 1, /* Enforce Policy on inbound */ 28945916cd2Sjpk conn_out_enforce_policy : 1, /* Enforce Policy on outbound */ 290bd670b35SErik Nordmark conn_debug : 1, /* SO_DEBUG */ 2913344d750Smeem 2927c478bd9Sstevel@tonic-gate conn_ipv6_v6only : 1, /* IPV6_V6ONLY */ 29378a2e113SAndy Fiddaman conn_oobinline : 1, /* SO_OOBINLINE state */ 294bd670b35SErik Nordmark conn_dgram_errind : 1, /* SO_DGRAM_ERRIND state */ 295bd670b35SErik Nordmark conn_exclbind : 1, /* SO_EXCLBIND state */ 2963344d750Smeem 297bd670b35SErik Nordmark conn_mdt_ok : 1, /* MDT is permitted */ 298bd670b35SErik Nordmark conn_allzones : 1, /* SO_ALLZONES */ 2997c478bd9Sstevel@tonic-gate conn_ipv6_recvpathmtu : 1, /* IPV6_RECVPATHMTU */ 300bd670b35SErik Nordmark conn_mcbc_bind : 1, /* Bound to multi/broadcast */ 30145916cd2Sjpk 3023344d750Smeem conn_pad_to_bit_31 : 12; 3038347601bSyl 3043344d750Smeem boolean_t conn_blocked; /* conn is flow-controlled */ 3057c478bd9Sstevel@tonic-gate 306da14cebeSEric Cheng squeue_t *conn_initial_sqp; /* Squeue at open time */ 307da14cebeSEric Cheng squeue_t *conn_final_sqp; /* Squeue after connect */ 308e704a8f2Smeem ill_t *conn_dhcpinit_ill; /* IP_DHCPINIT_IF */ 309bd670b35SErik Nordmark ipsec_latch_t *conn_latch; /* latched IDS */ 310bd670b35SErik Nordmark struct ipsec_policy_s *conn_latch_in_policy; /* latched policy (in) */ 311bd670b35SErik Nordmark struct ipsec_action_s *conn_latch_in_action; /* latched action (in) */ 312bd670b35SErik Nordmark uint_t conn_bound_if; /* IP*_BOUND_IF */ 3137c478bd9Sstevel@tonic-gate queue_t *conn_rq; /* Read queue */ 3147c478bd9Sstevel@tonic-gate queue_t *conn_wq; /* Write queue */ 3157c478bd9Sstevel@tonic-gate dev_t conn_dev; /* Minor number */ 316aa92d85bSgt vmem_t *conn_minor_arena; /* Minor arena */ 3170f1702c5SYu Xiangning ip_helper_stream_info_t *conn_helper_info; 3187c478bd9Sstevel@tonic-gate 3197c478bd9Sstevel@tonic-gate cred_t *conn_cred; /* Credentials */ 320bd670b35SErik Nordmark pid_t conn_cpid; /* pid from open/connect */ 321bd670b35SErik Nordmark uint64_t conn_open_time; /* time when this was opened */ 322bd670b35SErik Nordmark 3237c478bd9Sstevel@tonic-gate connf_t *conn_g_fanout; /* Global Hash bucket head */ 3247c478bd9Sstevel@tonic-gate struct conn_s *conn_g_next; /* Global Hash chain next */ 3257c478bd9Sstevel@tonic-gate struct conn_s *conn_g_prev; /* Global Hash chain prev */ 3267c478bd9Sstevel@tonic-gate struct ipsec_policy_head_s *conn_policy; /* Configured policy */ 327bd670b35SErik Nordmark in6_addr_t conn_bound_addr_v6; /* Address in bind() */ 328bd670b35SErik Nordmark #define conn_bound_addr_v4 V4_PART_OF_V6(conn_bound_addr_v6) 3297c478bd9Sstevel@tonic-gate connf_t *conn_fanout; /* Hash bucket we're part of */ 3307c478bd9Sstevel@tonic-gate struct conn_s *conn_next; /* Hash chain next */ 3317c478bd9Sstevel@tonic-gate struct conn_s *conn_prev; /* Hash chain prev */ 332bd670b35SErik Nordmark 3337c478bd9Sstevel@tonic-gate struct { 334bd670b35SErik Nordmark in6_addr_t connua_laddr; /* Local address - match */ 3357c478bd9Sstevel@tonic-gate in6_addr_t connua_faddr; /* Remote address */ 3367c478bd9Sstevel@tonic-gate } connua_v6addr; 337bd670b35SErik Nordmark #define conn_laddr_v4 V4_PART_OF_V6(connua_v6addr.connua_laddr) 338bd670b35SErik Nordmark #define conn_faddr_v4 V4_PART_OF_V6(connua_v6addr.connua_faddr) 339bd670b35SErik Nordmark #define conn_laddr_v6 connua_v6addr.connua_laddr 340bd670b35SErik Nordmark #define conn_faddr_v6 connua_v6addr.connua_faddr 341bd670b35SErik Nordmark in6_addr_t conn_saddr_v6; /* Local address - source */ 342bd670b35SErik Nordmark #define conn_saddr_v4 V4_PART_OF_V6(conn_saddr_v6) 343bd670b35SErik Nordmark 3447c478bd9Sstevel@tonic-gate union { 3457c478bd9Sstevel@tonic-gate /* Used for classifier match performance */ 346bd670b35SErik Nordmark uint32_t connu_ports2; 3477c478bd9Sstevel@tonic-gate struct { 348bd670b35SErik Nordmark in_port_t connu_fport; /* Remote port */ 349bd670b35SErik Nordmark in_port_t connu_lport; /* Local port */ 350bd670b35SErik Nordmark } connu_ports; 3517c478bd9Sstevel@tonic-gate } u_port; 352bd670b35SErik Nordmark #define conn_fport u_port.connu_ports.connu_fport 353bd670b35SErik Nordmark #define conn_lport u_port.connu_ports.connu_lport 354bd670b35SErik Nordmark #define conn_ports u_port.connu_ports2 355bd670b35SErik Nordmark 356bd670b35SErik Nordmark uint_t conn_incoming_ifindex; /* IP{,V6}_BOUND_IF, scopeid */ 3577c478bd9Sstevel@tonic-gate ill_t *conn_oper_pending_ill; /* pending shared ioctl */ 3587c478bd9Sstevel@tonic-gate 359bd670b35SErik Nordmark krwlock_t conn_ilg_lock; /* Protects conn_ilg_* */ 360bd670b35SErik Nordmark ilg_t *conn_ilg; /* Group memberships */ 361bd670b35SErik Nordmark 362bd670b35SErik Nordmark kcondvar_t conn_refcv; /* For conn_oper_pending_ill */ 363bd670b35SErik Nordmark 36478a2e113SAndy Fiddaman struct conn_s *conn_drain_next; /* Next conn in drain list */ 365bd670b35SErik Nordmark struct conn_s *conn_drain_prev; /* Prev conn in drain list */ 3667c478bd9Sstevel@tonic-gate idl_t *conn_idl; /* Ptr to the drain list head */ 3677c478bd9Sstevel@tonic-gate mblk_t *conn_ipsec_opt_mp; /* ipsec option mblk */ 3687c478bd9Sstevel@tonic-gate zoneid_t conn_zoneid; /* zone connection is in */ 36978a2e113SAndy Fiddaman int conn_rtaware; /* RT_AWARE sockopt value */ 3700f1702c5SYu Xiangning kcondvar_t conn_sq_cv; /* For non-STREAMS socket IO */ 3710f1702c5SYu Xiangning sock_upcalls_t *conn_upcalls; /* Upcalls to sockfs */ 3720f1702c5SYu Xiangning sock_upper_handle_t conn_upper_handle; /* Upper handle: sonode * */ 3730f1702c5SYu Xiangning 37445916cd2Sjpk unsigned int 37545916cd2Sjpk conn_mlp_type : 2, /* mlp_type_t; tsol/tndb.h */ 37645916cd2Sjpk conn_anon_mlp : 1, /* user wants anon MLP */ 37745916cd2Sjpk conn_anon_port : 1, /* user bound anonymously */ 378bd670b35SErik Nordmark 3795d3b8cb7SBill Sommerfeld conn_mac_mode : 2, /* normal/loose/implicit MAC */ 380bd670b35SErik Nordmark conn_anon_priv_bind : 1, /* *_ANON_PRIV_BIND state */ 381bd670b35SErik Nordmark conn_zone_is_global : 1, /* GLOBAL_ZONEID */ 3821cb875aeSCathy Zhou conn_isvrrp : 1, /* VRRP control socket */ 3831cb875aeSCathy Zhou conn_spare : 23; 3840f1702c5SYu Xiangning 3850f1702c5SYu Xiangning boolean_t conn_flow_cntrld; 386f4b3ec61Sdh netstack_t *conn_netstack; /* Corresponds to a netstack_hold */ 387bd670b35SErik Nordmark 388bd670b35SErik Nordmark /* 389bd670b35SErik Nordmark * IP format that packets received for this struct should use. 390bd670b35SErik Nordmark * Value can be IP4_VERSION or IPV6_VERSION. 391bd670b35SErik Nordmark * The sending version is encoded using IXAF_IS_IPV4. 392bd670b35SErik Nordmark */ 393bd670b35SErik Nordmark ushort_t conn_ipversion; 394bd670b35SErik Nordmark 395bd670b35SErik Nordmark /* Written to only once at the time of opening the endpoint */ 396bd670b35SErik Nordmark sa_family_t conn_family; /* Family from socket() call */ 397bd670b35SErik Nordmark uint_t conn_so_type; /* Type from socket() call */ 398bd670b35SErik Nordmark 399bd670b35SErik Nordmark uint_t conn_sndbuf; /* SO_SNDBUF state */ 400bd670b35SErik Nordmark uint_t conn_rcvbuf; /* SO_RCVBUF state */ 401bd670b35SErik Nordmark uint_t conn_wroff; /* Current write offset */ 402bd670b35SErik Nordmark 403bd670b35SErik Nordmark uint_t conn_sndlowat; /* Send buffer low water mark */ 404bd670b35SErik Nordmark uint_t conn_rcvlowat; /* Recv buffer low water mark */ 405bd670b35SErik Nordmark 406bd670b35SErik Nordmark uint8_t conn_default_ttl; /* Default TTL/hoplimit */ 407*e8249070SRobert Mustacchi uint8_t conn_min_ttl; /* IP_MINTTL+IPV6_MINHOPLIMIT */ 408bd670b35SErik Nordmark 409bd670b35SErik Nordmark uint32_t conn_flowinfo; /* Connected flow id and tclass */ 410bd670b35SErik Nordmark 411bd670b35SErik Nordmark /* 412bd670b35SErik Nordmark * The most recent address for sendto. Initially set to zero 413bd670b35SErik Nordmark * which is always different than then the destination address 414bd670b35SErik Nordmark * since the send interprets zero as the loopback address. 415bd670b35SErik Nordmark */ 416bd670b35SErik Nordmark in6_addr_t conn_v6lastdst; 417bd670b35SErik Nordmark #define conn_v4lastdst V4_PART_OF_V6(conn_v6lastdst) 418bd670b35SErik Nordmark ushort_t conn_lastipversion; 419bd670b35SErik Nordmark in_port_t conn_lastdstport; 420bd670b35SErik Nordmark uint32_t conn_lastflowinfo; /* IPv6-only */ 421bd670b35SErik Nordmark uint_t conn_lastscopeid; /* IPv6-only */ 422bd670b35SErik Nordmark uint_t conn_lastsrcid; /* Only for AF_INET6 */ 423bd670b35SErik Nordmark /* 424bd670b35SErik Nordmark * When we are not connected conn_saddr might be unspecified. 425bd670b35SErik Nordmark * We track the source that was used with conn_v6lastdst here. 426bd670b35SErik Nordmark */ 427bd670b35SErik Nordmark in6_addr_t conn_v6lastsrc; 428bd670b35SErik Nordmark #define conn_v4lastsrc V4_PART_OF_V6(conn_v6lastsrc) 429bd670b35SErik Nordmark 430bd670b35SErik Nordmark /* Templates for transmitting packets */ 431bd670b35SErik Nordmark ip_pkt_t conn_xmit_ipp; /* Options if no ancil data */ 432bd670b35SErik Nordmark 433bd670b35SErik Nordmark /* 434bd670b35SErik Nordmark * Header template - conn_ht_ulp is a pointer into conn_ht_iphc. 435bd670b35SErik Nordmark * Note that ixa_ip_hdr_length indicates the offset of ht_ulp in 436bd670b35SErik Nordmark * ht_iphc 437bd670b35SErik Nordmark * 438bd670b35SErik Nordmark * The header template is maintained for connected endpoints (and 439bd670b35SErik Nordmark * updated when sticky options are changed) and also for the lastdst. 440bd670b35SErik Nordmark * There is no conflict between those usages since SOCK_DGRAM and 441bd670b35SErik Nordmark * SOCK_RAW can not be used to specify a destination address (with 442bd670b35SErik Nordmark * sendto/sendmsg) if the socket has been connected. 443bd670b35SErik Nordmark */ 444bd670b35SErik Nordmark uint8_t *conn_ht_iphc; /* Start of IP header */ 445bd670b35SErik Nordmark uint_t conn_ht_iphc_allocated; /* Allocated buffer size */ 446bd670b35SErik Nordmark uint_t conn_ht_iphc_len; /* IP+ULP size */ 447bd670b35SErik Nordmark uint8_t *conn_ht_ulp; /* Upper-layer header */ 448bd670b35SErik Nordmark uint_t conn_ht_ulp_len; /* ULP header len */ 449bd670b35SErik Nordmark 450bd670b35SErik Nordmark /* Checksum to compensate for source routed packets. Host byte order */ 451bd670b35SErik Nordmark uint32_t conn_sum; 452bd670b35SErik Nordmark 453838a4ffaSBrian Ruthven uint32_t conn_ioctlref; /* ioctl ref count */ 4547c478bd9Sstevel@tonic-gate #ifdef CONN_DEBUG 4557c478bd9Sstevel@tonic-gate #define CONN_TRACE_MAX 10 4567c478bd9Sstevel@tonic-gate int conn_trace_last; /* ndx of last used tracebuf */ 4577c478bd9Sstevel@tonic-gate conn_trace_t conn_trace_buf[CONN_TRACE_MAX]; 4587c478bd9Sstevel@tonic-gate #endif 4597c478bd9Sstevel@tonic-gate }; 4607c478bd9Sstevel@tonic-gate 4617c478bd9Sstevel@tonic-gate /* 4627c478bd9Sstevel@tonic-gate * connf_t - connection fanout data. 4637c478bd9Sstevel@tonic-gate * 4647c478bd9Sstevel@tonic-gate * The hash tables and their linkage (conn_t.{hashnextp, hashprevp} are 4657c478bd9Sstevel@tonic-gate * protected by the per-bucket lock. Each conn_t inserted in the list 4667c478bd9Sstevel@tonic-gate * points back at the connf_t that heads the bucket. 4677c478bd9Sstevel@tonic-gate */ 4687c478bd9Sstevel@tonic-gate struct connf_s { 4697c478bd9Sstevel@tonic-gate struct conn_s *connf_head; 4707c478bd9Sstevel@tonic-gate kmutex_t connf_lock; 4717c478bd9Sstevel@tonic-gate }; 4727c478bd9Sstevel@tonic-gate 4737c478bd9Sstevel@tonic-gate #define CONN_INC_REF(connp) { \ 4747c478bd9Sstevel@tonic-gate mutex_enter(&(connp)->conn_lock); \ 475866ba9ddSjprakash DTRACE_PROBE1(conn__inc__ref, conn_t *, connp); \ 4767c478bd9Sstevel@tonic-gate ASSERT(conn_trace_ref(connp)); \ 4777c478bd9Sstevel@tonic-gate (connp)->conn_ref++; \ 4787c478bd9Sstevel@tonic-gate ASSERT((connp)->conn_ref != 0); \ 4797c478bd9Sstevel@tonic-gate mutex_exit(&(connp)->conn_lock); \ 4807c478bd9Sstevel@tonic-gate } 4817c478bd9Sstevel@tonic-gate 4827c478bd9Sstevel@tonic-gate #define CONN_INC_REF_LOCKED(connp) { \ 4837c478bd9Sstevel@tonic-gate DTRACE_PROBE1(conn__inc__ref, conn_t *, connp); \ 48478a2e113SAndy Fiddaman ASSERT(MUTEX_HELD(&(connp)->conn_lock)); \ 4857c478bd9Sstevel@tonic-gate ASSERT(conn_trace_ref(connp)); \ 4867c478bd9Sstevel@tonic-gate (connp)->conn_ref++; \ 4877c478bd9Sstevel@tonic-gate ASSERT((connp)->conn_ref != 0); \ 4887c478bd9Sstevel@tonic-gate } 4897c478bd9Sstevel@tonic-gate 4907c478bd9Sstevel@tonic-gate #define CONN_DEC_REF(connp) { \ 4917c478bd9Sstevel@tonic-gate mutex_enter(&(connp)->conn_lock); \ 492866ba9ddSjprakash DTRACE_PROBE1(conn__dec__ref, conn_t *, connp); \ 493866ba9ddSjprakash /* \ 494866ba9ddSjprakash * The squeue framework always does a CONN_DEC_REF after return \ 495866ba9ddSjprakash * from TCP. Hence the refcnt must be at least 2 if conn_on_sqp \ 496866ba9ddSjprakash * is B_TRUE and conn_ref is being decremented. This is to \ 497866ba9ddSjprakash * account for the mblk being currently processed. \ 498866ba9ddSjprakash */ \ 4992b24ab6bSSebastien Roy if ((connp)->conn_ref == 0 || \ 500866ba9ddSjprakash ((connp)->conn_ref == 1 && (connp)->conn_on_sqp)) \ 5017c478bd9Sstevel@tonic-gate cmn_err(CE_PANIC, "CONN_DEC_REF: connp(%p) has ref " \ 5027c478bd9Sstevel@tonic-gate "= %d\n", (void *)(connp), (connp)->conn_ref); \ 5037c478bd9Sstevel@tonic-gate ASSERT(conn_untrace_ref(connp)); \ 5047c478bd9Sstevel@tonic-gate (connp)->conn_ref--; \ 5057c478bd9Sstevel@tonic-gate if ((connp)->conn_ref == 0) { \ 5067c478bd9Sstevel@tonic-gate /* Refcnt can't increase again, safe to drop lock */ \ 5077c478bd9Sstevel@tonic-gate mutex_exit(&(connp)->conn_lock); \ 5087c478bd9Sstevel@tonic-gate ipcl_conn_destroy(connp); \ 5097c478bd9Sstevel@tonic-gate } else { \ 5107c478bd9Sstevel@tonic-gate cv_broadcast(&(connp)->conn_cv); \ 5117c478bd9Sstevel@tonic-gate mutex_exit(&(connp)->conn_lock); \ 5127c478bd9Sstevel@tonic-gate } \ 5137c478bd9Sstevel@tonic-gate } 5147c478bd9Sstevel@tonic-gate 5155d0bc3edSsommerfe /* 5165d0bc3edSsommerfe * For use with subsystems within ip which use ALL_ZONES as a wildcard 5175d0bc3edSsommerfe */ 5185d0bc3edSsommerfe #define IPCL_ZONEID(connp) \ 5195d0bc3edSsommerfe ((connp)->conn_allzones ? ALL_ZONES : (connp)->conn_zoneid) 5205d0bc3edSsommerfe 5215d0bc3edSsommerfe /* 5225d0bc3edSsommerfe * For matching between a conn_t and a zoneid. 5235d0bc3edSsommerfe */ 52478a2e113SAndy Fiddaman #define IPCL_ZONE_MATCH(connp, zoneid) \ 5255d0bc3edSsommerfe (((connp)->conn_allzones) || \ 5265d0bc3edSsommerfe ((zoneid) == ALL_ZONES) || \ 5275d0bc3edSsommerfe (connp)->conn_zoneid == (zoneid)) 5285d0bc3edSsommerfe 5295d3b8cb7SBill Sommerfeld /* 5305d3b8cb7SBill Sommerfeld * On a labeled system, we must treat bindings to ports 5315d3b8cb7SBill Sommerfeld * on shared IP addresses by sockets with MAC exemption 5325d3b8cb7SBill Sommerfeld * privilege as being in all zones, as there's 5335d3b8cb7SBill Sommerfeld * otherwise no way to identify the right receiver. 5345d3b8cb7SBill Sommerfeld */ 5355d3b8cb7SBill Sommerfeld 5365d3b8cb7SBill Sommerfeld #define IPCL_CONNS_MAC(conn1, conn2) \ 5375d3b8cb7SBill Sommerfeld (((conn1)->conn_mac_mode != CONN_MAC_DEFAULT) || \ 5385d3b8cb7SBill Sommerfeld ((conn2)->conn_mac_mode != CONN_MAC_DEFAULT)) 5395d3b8cb7SBill Sommerfeld 5405d3b8cb7SBill Sommerfeld #define IPCL_BIND_ZONE_MATCH(conn1, conn2) \ 5415d3b8cb7SBill Sommerfeld (IPCL_CONNS_MAC(conn1, conn2) || \ 5425d3b8cb7SBill Sommerfeld IPCL_ZONE_MATCH(conn1, conn2->conn_zoneid) || \ 5435d3b8cb7SBill Sommerfeld IPCL_ZONE_MATCH(conn2, conn1->conn_zoneid)) 5445d3b8cb7SBill Sommerfeld 5455d0bc3edSsommerfe 5467c478bd9Sstevel@tonic-gate #define _IPCL_V4_MATCH(v6addr, v4addr) \ 5477c478bd9Sstevel@tonic-gate (V4_PART_OF_V6((v6addr)) == (v4addr) && IN6_IS_ADDR_V4MAPPED(&(v6addr))) 5487c478bd9Sstevel@tonic-gate 5497c478bd9Sstevel@tonic-gate #define _IPCL_V4_MATCH_ANY(addr) \ 5507c478bd9Sstevel@tonic-gate (IN6_IS_ADDR_V4MAPPED_ANY(&(addr)) || IN6_IS_ADDR_UNSPECIFIED(&(addr))) 5517c478bd9Sstevel@tonic-gate 5525d0bc3edSsommerfe 5537c478bd9Sstevel@tonic-gate /* 554bd670b35SErik Nordmark * IPCL_PROTO_MATCH() and IPCL_PROTO_MATCH_V6() only matches conns with 555bd670b35SErik Nordmark * the specified ira_zoneid or conn_allzones by calling conn_wantpacket. 5567c478bd9Sstevel@tonic-gate */ 557bd670b35SErik Nordmark #define IPCL_PROTO_MATCH(connp, ira, ipha) \ 558bd670b35SErik Nordmark ((((connp)->conn_laddr_v4 == INADDR_ANY) || \ 559bd670b35SErik Nordmark (((connp)->conn_laddr_v4 == ((ipha)->ipha_dst)) && \ 560bd670b35SErik Nordmark (((connp)->conn_faddr_v4 == INADDR_ANY) || \ 561bd670b35SErik Nordmark ((connp)->conn_faddr_v4 == ((ipha)->ipha_src))))) && \ 562bd670b35SErik Nordmark conn_wantpacket((connp), (ira), (ipha))) 563bd670b35SErik Nordmark 564bd670b35SErik Nordmark #define IPCL_PROTO_MATCH_V6(connp, ira, ip6h) \ 565bd670b35SErik Nordmark ((IN6_IS_ADDR_UNSPECIFIED(&(connp)->conn_laddr_v6) || \ 566bd670b35SErik Nordmark (IN6_ARE_ADDR_EQUAL(&(connp)->conn_laddr_v6, &((ip6h)->ip6_dst)) && \ 567bd670b35SErik Nordmark (IN6_IS_ADDR_UNSPECIFIED(&(connp)->conn_faddr_v6) || \ 568bd670b35SErik Nordmark IN6_ARE_ADDR_EQUAL(&(connp)->conn_faddr_v6, &((ip6h)->ip6_src))))) && \ 569bd670b35SErik Nordmark (conn_wantpacket_v6((connp), (ira), (ip6h)))) 5707c478bd9Sstevel@tonic-gate 571f4b3ec61Sdh #define IPCL_CONN_HASH(src, ports, ipst) \ 5727c478bd9Sstevel@tonic-gate ((unsigned)(ntohl((src)) ^ ((ports) >> 24) ^ ((ports) >> 16) ^ \ 573f4b3ec61Sdh ((ports) >> 8) ^ (ports)) % (ipst)->ips_ipcl_conn_fanout_size) 5747c478bd9Sstevel@tonic-gate 575f4b3ec61Sdh #define IPCL_CONN_HASH_V6(src, ports, ipst) \ 576f4b3ec61Sdh IPCL_CONN_HASH(V4_PART_OF_V6((src)), (ports), (ipst)) 5777c478bd9Sstevel@tonic-gate 5787c478bd9Sstevel@tonic-gate #define IPCL_CONN_MATCH(connp, proto, src, dst, ports) \ 579bd670b35SErik Nordmark ((connp)->conn_proto == (proto) && \ 58078a2e113SAndy Fiddaman (connp)->conn_ports == (ports) && \ 581bd670b35SErik Nordmark _IPCL_V4_MATCH((connp)->conn_faddr_v6, (src)) && \ 582bd670b35SErik Nordmark _IPCL_V4_MATCH((connp)->conn_laddr_v6, (dst)) && \ 5837c478bd9Sstevel@tonic-gate !(connp)->conn_ipv6_v6only) 5847c478bd9Sstevel@tonic-gate 5857c478bd9Sstevel@tonic-gate #define IPCL_CONN_MATCH_V6(connp, proto, src, dst, ports) \ 586bd670b35SErik Nordmark ((connp)->conn_proto == (proto) && \ 58778a2e113SAndy Fiddaman (connp)->conn_ports == (ports) && \ 588bd670b35SErik Nordmark IN6_ARE_ADDR_EQUAL(&(connp)->conn_faddr_v6, &(src)) && \ 589bd670b35SErik Nordmark IN6_ARE_ADDR_EQUAL(&(connp)->conn_laddr_v6, &(dst))) 5907c478bd9Sstevel@tonic-gate 591ee4701baSericheng #define IPCL_PORT_HASH(port, size) \ 592ee4701baSericheng ((((port) >> 8) ^ (port)) & ((size) - 1)) 593ee4701baSericheng 594f4b3ec61Sdh #define IPCL_BIND_HASH(lport, ipst) \ 595f4b3ec61Sdh ((unsigned)(((lport) >> 8) ^ (lport)) % \ 596f4b3ec61Sdh (ipst)->ips_ipcl_bind_fanout_size) 5977c478bd9Sstevel@tonic-gate 5987c478bd9Sstevel@tonic-gate #define IPCL_BIND_MATCH(connp, proto, laddr, lport) \ 599bd670b35SErik Nordmark ((connp)->conn_proto == (proto) && \ 6007c478bd9Sstevel@tonic-gate (connp)->conn_lport == (lport) && \ 601bd670b35SErik Nordmark (_IPCL_V4_MATCH_ANY((connp)->conn_laddr_v6) || \ 602bd670b35SErik Nordmark _IPCL_V4_MATCH((connp)->conn_laddr_v6, (laddr))) && \ 6037c478bd9Sstevel@tonic-gate !(connp)->conn_ipv6_v6only) 6047c478bd9Sstevel@tonic-gate 6057c478bd9Sstevel@tonic-gate #define IPCL_BIND_MATCH_V6(connp, proto, laddr, lport) \ 606bd670b35SErik Nordmark ((connp)->conn_proto == (proto) && \ 6077c478bd9Sstevel@tonic-gate (connp)->conn_lport == (lport) && \ 608bd670b35SErik Nordmark (IN6_ARE_ADDR_EQUAL(&(connp)->conn_laddr_v6, &(laddr)) || \ 609bd670b35SErik Nordmark IN6_IS_ADDR_UNSPECIFIED(&(connp)->conn_laddr_v6))) 6107c478bd9Sstevel@tonic-gate 611bd670b35SErik Nordmark /* 612bd670b35SErik Nordmark * We compare conn_laddr since it captures both connected and a bind to 613bd670b35SErik Nordmark * a multicast or broadcast address. 614bd670b35SErik Nordmark * The caller needs to match the zoneid and also call conn_wantpacket 615bd670b35SErik Nordmark * for multicast, broadcast, or when conn_incoming_ifindex is set. 616bd670b35SErik Nordmark */ 6177c478bd9Sstevel@tonic-gate #define IPCL_UDP_MATCH(connp, lport, laddr, fport, faddr) \ 6187c478bd9Sstevel@tonic-gate (((connp)->conn_lport == (lport)) && \ 619bd670b35SErik Nordmark ((_IPCL_V4_MATCH_ANY((connp)->conn_laddr_v6) || \ 620bd670b35SErik Nordmark (_IPCL_V4_MATCH((connp)->conn_laddr_v6, (laddr)) && \ 621bd670b35SErik Nordmark (_IPCL_V4_MATCH_ANY((connp)->conn_faddr_v6) || \ 622bd670b35SErik Nordmark (_IPCL_V4_MATCH((connp)->conn_faddr_v6, (faddr)) && \ 6237c478bd9Sstevel@tonic-gate (connp)->conn_fport == (fport)))))) && \ 6247c478bd9Sstevel@tonic-gate !(connp)->conn_ipv6_v6only) 6257c478bd9Sstevel@tonic-gate 626bd670b35SErik Nordmark /* 627bd670b35SErik Nordmark * We compare conn_laddr since it captures both connected and a bind to 628bd670b35SErik Nordmark * a multicast or broadcast address. 629bd670b35SErik Nordmark * The caller needs to match the zoneid and also call conn_wantpacket_v6 630bd670b35SErik Nordmark * for multicast or when conn_incoming_ifindex is set. 631bd670b35SErik Nordmark */ 6327c478bd9Sstevel@tonic-gate #define IPCL_UDP_MATCH_V6(connp, lport, laddr, fport, faddr) \ 6337c478bd9Sstevel@tonic-gate (((connp)->conn_lport == (lport)) && \ 634bd670b35SErik Nordmark (IN6_IS_ADDR_UNSPECIFIED(&(connp)->conn_laddr_v6) || \ 635bd670b35SErik Nordmark (IN6_ARE_ADDR_EQUAL(&(connp)->conn_laddr_v6, &(laddr)) && \ 636bd670b35SErik Nordmark (IN6_IS_ADDR_UNSPECIFIED(&(connp)->conn_faddr_v6) || \ 637bd670b35SErik Nordmark (IN6_ARE_ADDR_EQUAL(&(connp)->conn_faddr_v6, &(faddr)) && \ 6387c478bd9Sstevel@tonic-gate (connp)->conn_fport == (fport)))))) 6397c478bd9Sstevel@tonic-gate 6402b24ab6bSSebastien Roy #define IPCL_IPTUN_HASH(laddr, faddr) \ 6412b24ab6bSSebastien Roy ((ntohl(laddr) ^ ((ntohl(faddr) << 24) | (ntohl(faddr) >> 8))) % \ 6422b24ab6bSSebastien Roy ipcl_iptun_fanout_size) 6432b24ab6bSSebastien Roy 6442b24ab6bSSebastien Roy #define IPCL_IPTUN_HASH_V6(laddr, faddr) \ 6452b24ab6bSSebastien Roy IPCL_IPTUN_HASH((laddr)->s6_addr32[0] ^ (laddr)->s6_addr32[1] ^ \ 6462b24ab6bSSebastien Roy (faddr)->s6_addr32[2] ^ (faddr)->s6_addr32[3], \ 6472b24ab6bSSebastien Roy (faddr)->s6_addr32[0] ^ (faddr)->s6_addr32[1] ^ \ 6482b24ab6bSSebastien Roy (laddr)->s6_addr32[2] ^ (laddr)->s6_addr32[3]) 6492b24ab6bSSebastien Roy 6502b24ab6bSSebastien Roy #define IPCL_IPTUN_MATCH(connp, laddr, faddr) \ 651bd670b35SErik Nordmark (_IPCL_V4_MATCH((connp)->conn_laddr_v6, (laddr)) && \ 652bd670b35SErik Nordmark _IPCL_V4_MATCH((connp)->conn_faddr_v6, (faddr))) 6532b24ab6bSSebastien Roy 6542b24ab6bSSebastien Roy #define IPCL_IPTUN_MATCH_V6(connp, laddr, faddr) \ 655bd670b35SErik Nordmark (IN6_ARE_ADDR_EQUAL(&(connp)->conn_laddr_v6, (laddr)) && \ 656bd670b35SErik Nordmark IN6_ARE_ADDR_EQUAL(&(connp)->conn_faddr_v6, (faddr))) 6577c478bd9Sstevel@tonic-gate 658f4b3ec61Sdh #define IPCL_UDP_HASH(lport, ipst) \ 659f4b3ec61Sdh IPCL_PORT_HASH(lport, (ipst)->ips_ipcl_udp_fanout_size) 6607c478bd9Sstevel@tonic-gate 6617c478bd9Sstevel@tonic-gate #define CONN_G_HASH_SIZE 1024 6627c478bd9Sstevel@tonic-gate 6637c478bd9Sstevel@tonic-gate /* Raw socket hash function. */ 664f4b3ec61Sdh #define IPCL_RAW_HASH(lport, ipst) \ 665f4b3ec61Sdh IPCL_PORT_HASH(lport, (ipst)->ips_ipcl_raw_fanout_size) 6667c478bd9Sstevel@tonic-gate 6677c0c0508Skcpoon /* 6687c0c0508Skcpoon * This is similar to IPCL_BIND_MATCH except that the local port check 6697c0c0508Skcpoon * is changed to a wildcard port check. 670bd670b35SErik Nordmark * We compare conn_laddr since it captures both connected and a bind to 671bd670b35SErik Nordmark * a multicast or broadcast address. 6727c0c0508Skcpoon */ 6737c0c0508Skcpoon #define IPCL_RAW_MATCH(connp, proto, laddr) \ 674bd670b35SErik Nordmark ((connp)->conn_proto == (proto) && \ 6757c0c0508Skcpoon (connp)->conn_lport == 0 && \ 676bd670b35SErik Nordmark (_IPCL_V4_MATCH_ANY((connp)->conn_laddr_v6) || \ 677bd670b35SErik Nordmark _IPCL_V4_MATCH((connp)->conn_laddr_v6, (laddr)))) 6787c0c0508Skcpoon 6797c0c0508Skcpoon #define IPCL_RAW_MATCH_V6(connp, proto, laddr) \ 680bd670b35SErik Nordmark ((connp)->conn_proto == (proto) && \ 6817c0c0508Skcpoon (connp)->conn_lport == 0 && \ 682bd670b35SErik Nordmark (IN6_IS_ADDR_UNSPECIFIED(&(connp)->conn_laddr_v6) || \ 683bd670b35SErik Nordmark IN6_ARE_ADDR_EQUAL(&(connp)->conn_laddr_v6, &(laddr)))) 6847c0c0508Skcpoon 6857c478bd9Sstevel@tonic-gate /* Function prototypes */ 686f4b3ec61Sdh extern void ipcl_g_init(void); 687f4b3ec61Sdh extern void ipcl_init(ip_stack_t *); 688f4b3ec61Sdh extern void ipcl_g_destroy(void); 689f4b3ec61Sdh extern void ipcl_destroy(ip_stack_t *); 690f4b3ec61Sdh extern conn_t *ipcl_conn_create(uint32_t, int, netstack_t *); 6917c478bd9Sstevel@tonic-gate extern void ipcl_conn_destroy(conn_t *); 6927c478bd9Sstevel@tonic-gate 6937c478bd9Sstevel@tonic-gate void ipcl_hash_insert_wildcard(connf_t *, conn_t *); 6947c478bd9Sstevel@tonic-gate void ipcl_hash_remove(conn_t *); 6957c478bd9Sstevel@tonic-gate void ipcl_hash_remove_locked(conn_t *connp, connf_t *connfp); 6967c478bd9Sstevel@tonic-gate 697bd670b35SErik Nordmark extern int ipcl_bind_insert(conn_t *); 698bd670b35SErik Nordmark extern int ipcl_bind_insert_v4(conn_t *); 699bd670b35SErik Nordmark extern int ipcl_bind_insert_v6(conn_t *); 700bd670b35SErik Nordmark extern int ipcl_conn_insert(conn_t *); 701bd670b35SErik Nordmark extern int ipcl_conn_insert_v4(conn_t *); 702bd670b35SErik Nordmark extern int ipcl_conn_insert_v6(conn_t *); 703ff550d0eSmasputra extern conn_t *ipcl_get_next_conn(connf_t *, conn_t *, uint32_t); 7047c478bd9Sstevel@tonic-gate 705bd670b35SErik Nordmark conn_t *ipcl_classify_v4(mblk_t *, uint8_t, uint_t, ip_recv_attr_t *, 706bd670b35SErik Nordmark ip_stack_t *); 707bd670b35SErik Nordmark conn_t *ipcl_classify_v6(mblk_t *, uint8_t, uint_t, ip_recv_attr_t *, 708f4b3ec61Sdh ip_stack_t *); 709bd670b35SErik Nordmark conn_t *ipcl_classify(mblk_t *, ip_recv_attr_t *, ip_stack_t *); 710bd670b35SErik Nordmark conn_t *ipcl_classify_raw(mblk_t *, uint8_t, uint32_t, ipha_t *, 711bd670b35SErik Nordmark ip6_t *, ip_recv_attr_t *, ip_stack_t *); 7122b24ab6bSSebastien Roy conn_t *ipcl_iptun_classify_v4(ipaddr_t *, ipaddr_t *, ip_stack_t *); 7132b24ab6bSSebastien Roy conn_t *ipcl_iptun_classify_v6(in6_addr_t *, in6_addr_t *, ip_stack_t *); 7147c478bd9Sstevel@tonic-gate void ipcl_globalhash_insert(conn_t *); 7157c478bd9Sstevel@tonic-gate void ipcl_globalhash_remove(conn_t *); 716f4b3ec61Sdh void ipcl_walk(pfv_t, void *, ip_stack_t *); 717bd670b35SErik Nordmark conn_t *ipcl_tcp_lookup_reversed_ipv4(ipha_t *, tcpha_t *, int, ip_stack_t *); 718f4b3ec61Sdh conn_t *ipcl_tcp_lookup_reversed_ipv6(ip6_t *, tcpha_t *, int, uint_t, 719f4b3ec61Sdh ip_stack_t *); 720f4b3ec61Sdh conn_t *ipcl_lookup_listener_v4(uint16_t, ipaddr_t, zoneid_t, ip_stack_t *); 721f4b3ec61Sdh conn_t *ipcl_lookup_listener_v6(uint16_t, in6_addr_t *, uint_t, zoneid_t, 722f4b3ec61Sdh ip_stack_t *); 7237c478bd9Sstevel@tonic-gate int conn_trace_ref(conn_t *); 7247c478bd9Sstevel@tonic-gate int conn_untrace_ref(conn_t *); 725fc80c0dfSnordmark void ipcl_conn_cleanup(conn_t *); 726bd670b35SErik Nordmark extern uint_t conn_recvancillary_size(conn_t *, crb_t, ip_recv_attr_t *, 727bd670b35SErik Nordmark mblk_t *, ip_pkt_t *); 728bd670b35SErik Nordmark extern void conn_recvancillary_add(conn_t *, crb_t, ip_recv_attr_t *, 729bd670b35SErik Nordmark ip_pkt_t *, uchar_t *, uint_t); 730bd670b35SErik Nordmark conn_t *ipcl_conn_tcp_lookup_reversed_ipv4(conn_t *, ipha_t *, tcpha_t *, 731f4b3ec61Sdh ip_stack_t *); 732bd670b35SErik Nordmark conn_t *ipcl_conn_tcp_lookup_reversed_ipv6(conn_t *, ip6_t *, tcpha_t *, 733f4b3ec61Sdh ip_stack_t *); 7340f1702c5SYu Xiangning 735bd670b35SErik Nordmark extern int ip_create_helper_stream(conn_t *, ldi_ident_t); 736bd670b35SErik Nordmark extern void ip_free_helper_stream(conn_t *); 737bd670b35SErik Nordmark extern int ip_helper_stream_setup(queue_t *, dev_t *, int, int, 738bd670b35SErik Nordmark cred_t *, boolean_t); 73978a2e113SAndy Fiddaman extern mib2_socketInfoEntry_t *conn_get_socket_info(conn_t *, 74078a2e113SAndy Fiddaman mib2_socketInfoEntry_t *); 7410f1702c5SYu Xiangning 7427c478bd9Sstevel@tonic-gate #ifdef __cplusplus 7437c478bd9Sstevel@tonic-gate } 7447c478bd9Sstevel@tonic-gate #endif 7457c478bd9Sstevel@tonic-gate 7467c478bd9Sstevel@tonic-gate #endif /* _INET_IPCLASSIFIER_H */ 747