inet/ipf/ip_fil_solaris.c

2393Syz155240/*
2393Syz155240 * Copyright (C) 1993-2001, 2003 by Darren Reed.
2393Syz155240 *
2393Syz155240 * See the IPFILTER.LICENCE file for details on licencing.
2393Syz155240 *
*12358SAlexandr.Nedvedicky@Sun.COM * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
2393Syz155240 */
2393Syz155240
2393Syz155240#if !defined(lint)
2535Ssangeetastatic const char sccsid[] = "@(#)ip_fil_solaris.c	1.7 07/22/06 (C) 1993-2000 Darren Reed";
2393Syz155240static const char rcsid[] = "@(#)$Id: ip_fil_solaris.c,v 2.62.2.19 2005/07/13 21:40:46 darrenr Exp $";
2393Syz155240#endif
2393Syz155240
2393Syz155240#include <sys/types.h>
2393Syz155240#include <sys/errno.h>
2393Syz155240#include <sys/param.h>
2393Syz155240#include <sys/cpuvar.h>
2393Syz155240#include <sys/open.h>
2393Syz155240#include <sys/ioctl.h>
2393Syz155240#include <sys/filio.h>
2393Syz155240#include <sys/systm.h>
2393Syz155240#include <sys/strsubr.h>
2393Syz155240#include <sys/cred.h>
2393Syz155240#include <sys/ddi.h>
2393Syz155240#include <sys/sunddi.h>
2393Syz155240#include <sys/ksynch.h>
2393Syz155240#include <sys/kmem.h>
2393Syz155240#include <sys/mkdev.h>
2393Syz155240#include <sys/protosw.h>
2393Syz155240#include <sys/socket.h>
2393Syz155240#include <sys/dditypes.h>
2393Syz155240#include <sys/cmn_err.h>
3448Sdh155122#include <sys/zone.h>
2393Syz155240#include <net/if.h>
2393Syz155240#include <net/af.h>
2393Syz155240#include <net/route.h>
2393Syz155240#include <netinet/in.h>
2393Syz155240#include <netinet/in_systm.h>
2393Syz155240#include <netinet/ip.h>
2393Syz155240#include <netinet/ip_var.h>
2393Syz155240#include <netinet/tcp.h>
2393Syz155240#include <netinet/udp.h>
2393Syz155240#include <netinet/tcpip.h>
2393Syz155240#include <netinet/ip_icmp.h>
2393Syz155240#include "netinet/ip_compat.h"
2393Syz155240#ifdef	USE_INET6
2393Syz155240# include <netinet/icmp6.h>
2393Syz155240#endif
2393Syz155240#include "netinet/ip_fil.h"
2393Syz155240#include "netinet/ip_nat.h"
2393Syz155240#include "netinet/ip_frag.h"
2393Syz155240#include "netinet/ip_state.h"
2393Syz155240#include "netinet/ip_auth.h"
2393Syz155240#include "netinet/ip_proxy.h"
3448Sdh155122#include "netinet/ipf_stack.h"
2393Syz155240#ifdef	IPFILTER_LOOKUP
2393Syz155240# include "netinet/ip_lookup.h"
2393Syz155240#endif
2393Syz155240#include <inet/ip_ire.h>
2393Syz155240
2393Syz155240#include <sys/md5.h>
2958Sdr146992#include <sys/neti.h>
2393Syz155240
3448Sdh155122static	int	frzerostats __P((caddr_t, ipf_stack_t *));
3448Sdh155122static	int	fr_setipfloopback __P((int, ipf_stack_t *));
7513SDarren.Reed@Sun.COMstatic	int	fr_enableipf __P((ipf_stack_t *, int));
2393Syz155240static	int	fr_send_ip __P((fr_info_t *fin, mblk_t *m, mblk_t **mp));
7513SDarren.Reed@Sun.COMstatic	int	ipf_nic_event_v4 __P((hook_event_token_t, hook_data_t, void *));
7513SDarren.Reed@Sun.COMstatic	int	ipf_nic_event_v6 __P((hook_event_token_t, hook_data_t, void *));
7513SDarren.Reed@Sun.COMstatic	int	ipf_hook __P((hook_data_t, int, int, void *));
7513SDarren.Reed@Sun.COMstatic	int	ipf_hook4_in __P((hook_event_token_t, hook_data_t, void *));
7513SDarren.Reed@Sun.COMstatic	int	ipf_hook4_out __P((hook_event_token_t, hook_data_t, void *));
7131Sdr146992static	int	ipf_hook4_loop_out __P((hook_event_token_t, hook_data_t,
7513SDarren.Reed@Sun.COM    void *));
7513SDarren.Reed@Sun.COMstatic	int	ipf_hook4_loop_in __P((hook_event_token_t, hook_data_t, void *));
7513SDarren.Reed@Sun.COMstatic	int	ipf_hook4 __P((hook_data_t, int, int, void *));
7513SDarren.Reed@Sun.COMstatic	int	ipf_hook6_out __P((hook_event_token_t, hook_data_t, void *));
7513SDarren.Reed@Sun.COMstatic	int	ipf_hook6_in __P((hook_event_token_t, hook_data_t, void *));
7131Sdr146992static	int	ipf_hook6_loop_out __P((hook_event_token_t, hook_data_t,
7513SDarren.Reed@Sun.COM    void *));
7131Sdr146992static	int	ipf_hook6_loop_in __P((hook_event_token_t, hook_data_t,
7513SDarren.Reed@Sun.COM    void *));
7513SDarren.Reed@Sun.COMstatic	int     ipf_hook6 __P((hook_data_t, int, int, void *));
3448Sdh155122extern	int	ipf_geniter __P((ipftoken_t *, ipfgeniter_t *, ipf_stack_t *));
3448Sdh155122extern	int	ipf_frruleiter __P((void *, int, void *, ipf_stack_t *));
2958Sdr146992
2393Syz155240#if SOLARIS2 < 10
2393Syz155240#if SOLARIS2 >= 7
2393Syz155240u_int		*ip_ttl_ptr = NULL;
2393Syz155240u_int		*ip_mtudisc = NULL;
2393Syz155240# if SOLARIS2 >= 8
2393Syz155240int		*ip_forwarding = NULL;
2393Syz155240u_int		*ip6_forwarding = NULL;
2393Syz155240# else
2393Syz155240u_int		*ip_forwarding = NULL;
2393Syz155240# endif
2393Syz155240#else
2393Syz155240u_long		*ip_ttl_ptr = NULL;
2393Syz155240u_long		*ip_mtudisc = NULL;
2393Syz155240u_long		*ip_forwarding = NULL;
2393Syz155240#endif
2393Syz155240#endif
2393Syz155240
2393Syz155240
2393Syz155240/* ------------------------------------------------------------------------ */
2393Syz155240/* Function:    ipldetach                                                   */
2393Syz155240/* Returns:     int - 0 == success, else error.                             */
2393Syz155240/* Parameters:  Nil                                                         */
2393Syz155240/*                                                                          */
2393Syz155240/* This function is responsible for undoing anything that might have been   */
2393Syz155240/* done in a call to iplattach().  It must be able to clean up from a call  */
2393Syz155240/* to iplattach() that did not succeed.  Why might that happen?  Someone    */
2393Syz155240/* configures a table to be so large that we cannot allocate enough memory  */
2393Syz155240/* for it.                                                                  */
2393Syz155240/* ------------------------------------------------------------------------ */
3448Sdh155122int ipldetach(ifs)
3448Sdh155122ipf_stack_t *ifs;
2393Syz155240{
2393Syz155240
3448Sdh155122	ASSERT(rw_read_locked(&ifs->ifs_ipf_global.ipf_lk) == 0);
2393Syz155240
2393Syz155240#if SOLARIS2 < 10
2393Syz155240
3448Sdh155122	if (ifs->ifs_fr_control_forwarding & 2) {
2393Syz155240		if (ip_forwarding != NULL)
2393Syz155240			*ip_forwarding = 0;
2393Syz155240#if SOLARIS2 >= 8
2393Syz155240		if (ip6_forwarding != NULL)
2393Syz155240			*ip6_forwarding = 0;
2393Syz155240#endif
2393Syz155240	}
2393Syz155240#endif
2393Syz155240
2958Sdr146992	/*
7513SDarren.Reed@Sun.COM	 * This lock needs to be dropped around the net_hook_unregister calls
2958Sdr146992	 * because we can deadlock here with:
2958Sdr146992	 * W(ipf_global)->R(hook_family)->W(hei_lock) (this code path) vs
2958Sdr146992	 * R(hook_family)->R(hei_lock)->R(ipf_global) (active hook running)
2958Sdr146992	 */
3448Sdh155122	RWLOCK_EXIT(&ifs->ifs_ipf_global);
2958Sdr146992
7513SDarren.Reed@Sun.COM#define	UNDO_HOOK(_f, _b, _e, _h)					\
7513SDarren.Reed@Sun.COM	do {								\
7513SDarren.Reed@Sun.COM		if (ifs->_f != NULL) {					\
7513SDarren.Reed@Sun.COM			if (ifs->_b) {					\
7513SDarren.Reed@Sun.COM				ifs->_b = (net_hook_unregister(ifs->_f,	\
7513SDarren.Reed@Sun.COM					   _e, ifs->_h) != 0);		\
7513SDarren.Reed@Sun.COM				if (!ifs->_b) {				\
7513SDarren.Reed@Sun.COM					hook_free(ifs->_h);		\
7513SDarren.Reed@Sun.COM					ifs->_h = NULL;			\
7513SDarren.Reed@Sun.COM				}					\
7513SDarren.Reed@Sun.COM			} else if (ifs->_h != NULL) {			\
7513SDarren.Reed@Sun.COM				hook_free(ifs->_h);			\
7513SDarren.Reed@Sun.COM				ifs->_h = NULL;				\
7513SDarren.Reed@Sun.COM			}						\
7513SDarren.Reed@Sun.COM		}							\
7513SDarren.Reed@Sun.COM		_NOTE(CONSTCOND)					\
7513SDarren.Reed@Sun.COM	} while (0)
7513SDarren.Reed@Sun.COM
2958Sdr146992	/*
2958Sdr146992	 * Remove IPv6 Hooks
2958Sdr146992	 */
3448Sdh155122	if (ifs->ifs_ipf_ipv6 != NULL) {
7513SDarren.Reed@Sun.COM		UNDO_HOOK(ifs_ipf_ipv6, ifs_hook6_physical_in,
7513SDarren.Reed@Sun.COM			  NH_PHYSICAL_IN, ifs_ipfhook6_in);
7513SDarren.Reed@Sun.COM		UNDO_HOOK(ifs_ipf_ipv6, ifs_hook6_physical_out,
7513SDarren.Reed@Sun.COM			  NH_PHYSICAL_OUT, ifs_ipfhook6_out);
7513SDarren.Reed@Sun.COM		UNDO_HOOK(ifs_ipf_ipv6, ifs_hook6_nic_events,
7513SDarren.Reed@Sun.COM			  NH_NIC_EVENTS, ifs_ipfhook6_nicevents);
7513SDarren.Reed@Sun.COM		UNDO_HOOK(ifs_ipf_ipv6, ifs_hook6_loopback_in,
7513SDarren.Reed@Sun.COM			  NH_LOOPBACK_IN, ifs_ipfhook6_loop_in);
7513SDarren.Reed@Sun.COM		UNDO_HOOK(ifs_ipf_ipv6, ifs_hook6_loopback_out,
7513SDarren.Reed@Sun.COM			  NH_LOOPBACK_OUT, ifs_ipfhook6_loop_out);
2958Sdr146992
7513SDarren.Reed@Sun.COM		if (net_protocol_release(ifs->ifs_ipf_ipv6) != 0)
2958Sdr146992			goto detach_failed;
3448Sdh155122		ifs->ifs_ipf_ipv6 = NULL;
2958Sdr146992        }
2958Sdr146992
2958Sdr146992	/*
2958Sdr146992	 * Remove IPv4 Hooks
2958Sdr146992	 */
3448Sdh155122	if (ifs->ifs_ipf_ipv4 != NULL) {
7513SDarren.Reed@Sun.COM		UNDO_HOOK(ifs_ipf_ipv4, ifs_hook4_physical_in,
7513SDarren.Reed@Sun.COM			  NH_PHYSICAL_IN, ifs_ipfhook4_in);
7513SDarren.Reed@Sun.COM		UNDO_HOOK(ifs_ipf_ipv4, ifs_hook4_physical_out,
7513SDarren.Reed@Sun.COM			  NH_PHYSICAL_OUT, ifs_ipfhook4_out);
7513SDarren.Reed@Sun.COM		UNDO_HOOK(ifs_ipf_ipv4, ifs_hook4_nic_events,
7513SDarren.Reed@Sun.COM			  NH_NIC_EVENTS, ifs_ipfhook4_nicevents);
7513SDarren.Reed@Sun.COM		UNDO_HOOK(ifs_ipf_ipv4, ifs_hook4_loopback_in,
7513SDarren.Reed@Sun.COM			  NH_LOOPBACK_IN, ifs_ipfhook4_loop_in);
7513SDarren.Reed@Sun.COM		UNDO_HOOK(ifs_ipf_ipv4, ifs_hook4_loopback_out,
7513SDarren.Reed@Sun.COM			  NH_LOOPBACK_OUT, ifs_ipfhook4_loop_out);
2958Sdr146992
7513SDarren.Reed@Sun.COM		if (net_protocol_release(ifs->ifs_ipf_ipv4) != 0)
2958Sdr146992			goto detach_failed;
3448Sdh155122		ifs->ifs_ipf_ipv4 = NULL;
2958Sdr146992	}
2958Sdr146992
7513SDarren.Reed@Sun.COM#undef UNDO_HOOK
7513SDarren.Reed@Sun.COM
2393Syz155240#ifdef	IPFDEBUG
2393Syz155240	cmn_err(CE_CONT, "ipldetach()\n");
2393Syz155240#endif
2393Syz155240
3448Sdh155122	WRITE_ENTER(&ifs->ifs_ipf_global);
3448Sdh155122	fr_deinitialise(ifs);
2393Syz155240
3448Sdh155122	(void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE|FR_INACTIVE, ifs);
3448Sdh155122	(void) frflush(IPL_LOGIPF, 0, FR_INQUE|FR_OUTQUE, ifs);
2393Syz155240
3448Sdh155122	if (ifs->ifs_ipf_locks_done == 1) {
3448Sdh155122		MUTEX_DESTROY(&ifs->ifs_ipf_timeoutlock);
3448Sdh155122		MUTEX_DESTROY(&ifs->ifs_ipf_rw);
3448Sdh155122		RW_DESTROY(&ifs->ifs_ipf_tokens);
3448Sdh155122		RW_DESTROY(&ifs->ifs_ipf_ipidfrag);
3448Sdh155122		ifs->ifs_ipf_locks_done = 0;
2393Syz155240	}
2958Sdr146992
7513SDarren.Reed@Sun.COM	if (ifs->ifs_hook4_physical_in || ifs->ifs_hook4_physical_out ||
7513SDarren.Reed@Sun.COM	    ifs->ifs_hook4_nic_events || ifs->ifs_hook4_loopback_in ||
7513SDarren.Reed@Sun.COM	    ifs->ifs_hook4_loopback_out || ifs->ifs_hook6_nic_events ||
7513SDarren.Reed@Sun.COM	    ifs->ifs_hook6_physical_in || ifs->ifs_hook6_physical_out ||
7513SDarren.Reed@Sun.COM	    ifs->ifs_hook6_loopback_in || ifs->ifs_hook6_loopback_out)
2958Sdr146992		return -1;
2958Sdr146992
2393Syz155240	return 0;
2958Sdr146992
2958Sdr146992detach_failed:
3448Sdh155122	WRITE_ENTER(&ifs->ifs_ipf_global);
2958Sdr146992	return -1;
2393Syz155240}
2393Syz155240
7513SDarren.Reed@Sun.COMint iplattach(ifs)
3448Sdh155122ipf_stack_t *ifs;
2393Syz155240{
2393Syz155240#if SOLARIS2 < 10
2393Syz155240	int i;
2393Syz155240#endif
7513SDarren.Reed@Sun.COM	netid_t id = ifs->ifs_netid;
2393Syz155240
2393Syz155240#ifdef	IPFDEBUG
2393Syz155240	cmn_err(CE_CONT, "iplattach()\n");
2393Syz155240#endif
2393Syz155240
3448Sdh155122	ASSERT(rw_read_locked(&ifs->ifs_ipf_global.ipf_lk) == 0);
3448Sdh155122	ifs->ifs_fr_flags = IPF_LOGGING;
3448Sdh155122#ifdef _KERNEL
3448Sdh155122	ifs->ifs_fr_update_ipid = 0;
3448Sdh155122#else
3448Sdh155122	ifs->ifs_fr_update_ipid = 1;
3448Sdh155122#endif
3448Sdh155122	ifs->ifs_fr_minttl = 4;
3448Sdh155122	ifs->ifs_fr_icmpminfragmtu = 68;
3448Sdh155122#if defined(IPFILTER_DEFAULT_BLOCK)
3448Sdh155122	ifs->ifs_fr_pass = FR_BLOCK|FR_NOMATCH;
3448Sdh155122#else
3448Sdh155122	ifs->ifs_fr_pass = (IPF_DEFAULT_PASS)|FR_NOMATCH;
3448Sdh155122#endif
2393Syz155240
10587SAlexandr.Nedvedicky@Sun.COM	bzero((char *)ifs->ifs_frcache, sizeof(ifs->ifs_frcache));
3448Sdh155122	MUTEX_INIT(&ifs->ifs_ipf_rw, "ipf rw mutex");
3448Sdh155122	MUTEX_INIT(&ifs->ifs_ipf_timeoutlock, "ipf timeout lock mutex");
3448Sdh155122	RWLOCK_INIT(&ifs->ifs_ipf_ipidfrag, "ipf IP NAT-Frag rwlock");
3448Sdh155122	RWLOCK_INIT(&ifs->ifs_ipf_tokens, "ipf token rwlock");
3448Sdh155122	ifs->ifs_ipf_locks_done = 1;
2393Syz155240
3448Sdh155122	if (fr_initialise(ifs) < 0)
2393Syz155240		return -1;
2393Syz155240
7513SDarren.Reed@Sun.COM	HOOK_INIT(ifs->ifs_ipfhook4_nicevents, ipf_nic_event_v4,
7513SDarren.Reed@Sun.COM		  "ipfilter_hook4_nicevents", ifs);
7513SDarren.Reed@Sun.COM	HOOK_INIT(ifs->ifs_ipfhook4_in, ipf_hook4_in,
7513SDarren.Reed@Sun.COM		  "ipfilter_hook4_in", ifs);
7513SDarren.Reed@Sun.COM	HOOK_INIT(ifs->ifs_ipfhook4_out, ipf_hook4_out,
7513SDarren.Reed@Sun.COM		  "ipfilter_hook4_out", ifs);
7704SAlexandr.Nedvedicky@Sun.COM	HOOK_INIT(ifs->ifs_ipfhook4_loop_in, ipf_hook4_loop_in,
7513SDarren.Reed@Sun.COM		  "ipfilter_hook4_loop_in", ifs);
7704SAlexandr.Nedvedicky@Sun.COM	HOOK_INIT(ifs->ifs_ipfhook4_loop_out, ipf_hook4_loop_out,
7513SDarren.Reed@Sun.COM		  "ipfilter_hook4_loop_out", ifs);
2958Sdr146992
2958Sdr146992	/*
7513SDarren.Reed@Sun.COM	 * If we hold this lock over all of the net_hook_register calls, we
2958Sdr146992	 * can cause a deadlock to occur with the following lock ordering:
2958Sdr146992	 * W(ipf_global)->R(hook_family)->W(hei_lock) (this code path) vs
2958Sdr146992	 * R(hook_family)->R(hei_lock)->R(ipf_global) (packet path)
2958Sdr146992	 */
3448Sdh155122	RWLOCK_EXIT(&ifs->ifs_ipf_global);
2958Sdr146992
2958Sdr146992	/*
2958Sdr146992	 * Add IPv4 hooks
2958Sdr146992	 */
7513SDarren.Reed@Sun.COM	ifs->ifs_ipf_ipv4 = net_protocol_lookup(id, NHF_INET);
3448Sdh155122	if (ifs->ifs_ipf_ipv4 == NULL)
2958Sdr146992		goto hookup_failed;
2958Sdr146992
7513SDarren.Reed@Sun.COM	ifs->ifs_hook4_nic_events = (net_hook_register(ifs->ifs_ipf_ipv4,
7513SDarren.Reed@Sun.COM	    NH_NIC_EVENTS, ifs->ifs_ipfhook4_nicevents) == 0);
3448Sdh155122	if (!ifs->ifs_hook4_nic_events)
2958Sdr146992		goto hookup_failed;
2958Sdr146992
7513SDarren.Reed@Sun.COM	ifs->ifs_hook4_physical_in = (net_hook_register(ifs->ifs_ipf_ipv4,
7513SDarren.Reed@Sun.COM	    NH_PHYSICAL_IN, ifs->ifs_ipfhook4_in) == 0);
3448Sdh155122	if (!ifs->ifs_hook4_physical_in)
2958Sdr146992		goto hookup_failed;
2958Sdr146992
7513SDarren.Reed@Sun.COM	ifs->ifs_hook4_physical_out = (net_hook_register(ifs->ifs_ipf_ipv4,
7513SDarren.Reed@Sun.COM	    NH_PHYSICAL_OUT, ifs->ifs_ipfhook4_out) == 0);
3448Sdh155122	if (!ifs->ifs_hook4_physical_out)
2958Sdr146992		goto hookup_failed;
2958Sdr146992
3448Sdh155122	if (ifs->ifs_ipf_loopback) {
7513SDarren.Reed@Sun.COM		ifs->ifs_hook4_loopback_in = (net_hook_register(
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipf_ipv4, NH_LOOPBACK_IN,
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipfhook4_loop_in) == 0);
3448Sdh155122		if (!ifs->ifs_hook4_loopback_in)
2958Sdr146992			goto hookup_failed;
2958Sdr146992
7513SDarren.Reed@Sun.COM		ifs->ifs_hook4_loopback_out = (net_hook_register(
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipf_ipv4, NH_LOOPBACK_OUT,
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipfhook4_loop_out) == 0);
3448Sdh155122		if (!ifs->ifs_hook4_loopback_out)
2958Sdr146992			goto hookup_failed;
2958Sdr146992	}
2958Sdr146992	/*
2958Sdr146992	 * Add IPv6 hooks
2958Sdr146992	 */
7513SDarren.Reed@Sun.COM	ifs->ifs_ipf_ipv6 = net_protocol_lookup(id, NHF_INET6);
3448Sdh155122	if (ifs->ifs_ipf_ipv6 == NULL)
2958Sdr146992		goto hookup_failed;
2958Sdr146992
7513SDarren.Reed@Sun.COM	HOOK_INIT(ifs->ifs_ipfhook6_nicevents, ipf_nic_event_v6,
7513SDarren.Reed@Sun.COM		  "ipfilter_hook6_nicevents", ifs);
7513SDarren.Reed@Sun.COM	HOOK_INIT(ifs->ifs_ipfhook6_in, ipf_hook6_in,
7513SDarren.Reed@Sun.COM		  "ipfilter_hook6_in", ifs);
7513SDarren.Reed@Sun.COM	HOOK_INIT(ifs->ifs_ipfhook6_out, ipf_hook6_out,
7513SDarren.Reed@Sun.COM		  "ipfilter_hook6_out", ifs);
7704SAlexandr.Nedvedicky@Sun.COM	HOOK_INIT(ifs->ifs_ipfhook6_loop_in, ipf_hook6_loop_in,
7513SDarren.Reed@Sun.COM		  "ipfilter_hook6_loop_in", ifs);
7704SAlexandr.Nedvedicky@Sun.COM	HOOK_INIT(ifs->ifs_ipfhook6_loop_out, ipf_hook6_loop_out,
7513SDarren.Reed@Sun.COM		  "ipfilter_hook6_loop_out", ifs);
7131Sdr146992
7513SDarren.Reed@Sun.COM	ifs->ifs_hook6_nic_events = (net_hook_register(ifs->ifs_ipf_ipv6,
7513SDarren.Reed@Sun.COM	    NH_NIC_EVENTS, ifs->ifs_ipfhook6_nicevents) == 0);
3448Sdh155122	if (!ifs->ifs_hook6_nic_events)
3448Sdh155122		goto hookup_failed;
3448Sdh155122
7513SDarren.Reed@Sun.COM	ifs->ifs_hook6_physical_in = (net_hook_register(ifs->ifs_ipf_ipv6,
7513SDarren.Reed@Sun.COM	    NH_PHYSICAL_IN, ifs->ifs_ipfhook6_in) == 0);
3448Sdh155122	if (!ifs->ifs_hook6_physical_in)
2958Sdr146992		goto hookup_failed;
2958Sdr146992
7513SDarren.Reed@Sun.COM	ifs->ifs_hook6_physical_out = (net_hook_register(ifs->ifs_ipf_ipv6,
7513SDarren.Reed@Sun.COM	    NH_PHYSICAL_OUT, ifs->ifs_ipfhook6_out) == 0);
3448Sdh155122	if (!ifs->ifs_hook6_physical_out)
2958Sdr146992		goto hookup_failed;
2958Sdr146992
3448Sdh155122	if (ifs->ifs_ipf_loopback) {
7513SDarren.Reed@Sun.COM		ifs->ifs_hook6_loopback_in = (net_hook_register(
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipf_ipv6, NH_LOOPBACK_IN,
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipfhook6_loop_in) == 0);
3448Sdh155122		if (!ifs->ifs_hook6_loopback_in)
2958Sdr146992			goto hookup_failed;
2958Sdr146992
7513SDarren.Reed@Sun.COM		ifs->ifs_hook6_loopback_out = (net_hook_register(
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipf_ipv6, NH_LOOPBACK_OUT,
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipfhook6_loop_out) == 0);
3448Sdh155122		if (!ifs->ifs_hook6_loopback_out)
2958Sdr146992			goto hookup_failed;
2958Sdr146992	}
2958Sdr146992
2958Sdr146992	/*
2958Sdr146992	 * Reacquire ipf_global, now it is safe.
2958Sdr146992	 */
3448Sdh155122	WRITE_ENTER(&ifs->ifs_ipf_global);
2958Sdr146992
2393Syz155240/* Do not use private interface ip_params_arr[] in Solaris 10 */
2393Syz155240#if SOLARIS2 < 10
2393Syz155240
2393Syz155240#if SOLARIS2 >= 8
2393Syz155240	ip_forwarding = &ip_g_forward;
2393Syz155240#endif
2393Syz155240	/*
2393Syz155240	 * XXX - There is no terminator for this array, so it is not possible
2393Syz155240	 * to tell if what we are looking for is missing and go off the end
2393Syz155240	 * of the array.
2393Syz155240	 */
2393Syz155240
2393Syz155240#if SOLARIS2 <= 8
2393Syz155240	for (i = 0; ; i++) {
2393Syz155240		if (!strcmp(ip_param_arr[i].ip_param_name, "ip_def_ttl")) {
2393Syz155240			ip_ttl_ptr = &ip_param_arr[i].ip_param_value;
2393Syz155240		} else if (!strcmp(ip_param_arr[i].ip_param_name,
2393Syz155240			    "ip_path_mtu_discovery")) {
2393Syz155240			ip_mtudisc = &ip_param_arr[i].ip_param_value;
2393Syz155240		}
2393Syz155240#if SOLARIS2 < 8
2393Syz155240		else if (!strcmp(ip_param_arr[i].ip_param_name,
2393Syz155240			    "ip_forwarding")) {
2393Syz155240			ip_forwarding = &ip_param_arr[i].ip_param_value;
2393Syz155240		}
2393Syz155240#else
2393Syz155240		else if (!strcmp(ip_param_arr[i].ip_param_name,
2393Syz155240			    "ip6_forwarding")) {
2393Syz155240			ip6_forwarding = &ip_param_arr[i].ip_param_value;
2393Syz155240		}
2393Syz155240#endif
2393Syz155240
2393Syz155240		if (ip_mtudisc != NULL && ip_ttl_ptr != NULL &&
2393Syz155240#if SOLARIS2 >= 8
2393Syz155240		    ip6_forwarding != NULL &&
2393Syz155240#endif
2393Syz155240		    ip_forwarding != NULL)
2393Syz155240			break;
2393Syz155240	}
2393Syz155240#endif
2393Syz155240
3448Sdh155122	if (ifs->ifs_fr_control_forwarding & 1) {
2393Syz155240		if (ip_forwarding != NULL)
2393Syz155240			*ip_forwarding = 1;
2393Syz155240#if SOLARIS2 >= 8
2393Syz155240		if (ip6_forwarding != NULL)
2393Syz155240			*ip6_forwarding = 1;
2393Syz155240#endif
2393Syz155240	}
2393Syz155240
2393Syz155240#endif
2393Syz155240
2393Syz155240	return 0;
2958Sdr146992hookup_failed:
3448Sdh155122	WRITE_ENTER(&ifs->ifs_ipf_global);
2958Sdr146992	return -1;
2958Sdr146992}
2958Sdr146992
3448Sdh155122static	int	fr_setipfloopback(set, ifs)
2958Sdr146992int set;
3448Sdh155122ipf_stack_t *ifs;
2958Sdr146992{
3448Sdh155122	if (ifs->ifs_ipf_ipv4 == NULL || ifs->ifs_ipf_ipv6 == NULL)
2958Sdr146992		return EFAULT;
2958Sdr146992
3448Sdh155122	if (set && !ifs->ifs_ipf_loopback) {
3448Sdh155122		ifs->ifs_ipf_loopback = 1;
2958Sdr146992
7513SDarren.Reed@Sun.COM		ifs->ifs_hook4_loopback_in = (net_hook_register(
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipf_ipv4, NH_LOOPBACK_IN,
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipfhook4_loop_in) == 0);
3448Sdh155122		if (!ifs->ifs_hook4_loopback_in)
2958Sdr146992			return EINVAL;
2958Sdr146992
7513SDarren.Reed@Sun.COM		ifs->ifs_hook4_loopback_out = (net_hook_register(
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipf_ipv4, NH_LOOPBACK_OUT,
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipfhook4_loop_out) == 0);
3448Sdh155122		if (!ifs->ifs_hook4_loopback_out)
2958Sdr146992			return EINVAL;
2958Sdr146992
7513SDarren.Reed@Sun.COM		ifs->ifs_hook6_loopback_in = (net_hook_register(
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipf_ipv6, NH_LOOPBACK_IN,
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipfhook6_loop_in) == 0);
3448Sdh155122		if (!ifs->ifs_hook6_loopback_in)
2958Sdr146992			return EINVAL;
2958Sdr146992
7513SDarren.Reed@Sun.COM		ifs->ifs_hook6_loopback_out = (net_hook_register(
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipf_ipv6, NH_LOOPBACK_OUT,
7513SDarren.Reed@Sun.COM		    ifs->ifs_ipfhook6_loop_out) == 0);
3448Sdh155122		if (!ifs->ifs_hook6_loopback_out)
2958Sdr146992			return EINVAL;
2958Sdr146992
3448Sdh155122	} else if (!set && ifs->ifs_ipf_loopback) {
3448Sdh155122		ifs->ifs_ipf_loopback = 0;
2958Sdr146992
3448Sdh155122		ifs->ifs_hook4_loopback_in =
7513SDarren.Reed@Sun.COM		    (net_hook_unregister(ifs->ifs_ipf_ipv4,
7513SDarren.Reed@Sun.COM		    NH_LOOPBACK_IN, ifs->ifs_ipfhook4_loop_in) != 0);
3448Sdh155122		if (ifs->ifs_hook4_loopback_in)
2958Sdr146992			return EBUSY;
2958Sdr146992
3448Sdh155122		ifs->ifs_hook4_loopback_out =
7513SDarren.Reed@Sun.COM		    (net_hook_unregister(ifs->ifs_ipf_ipv4,
7513SDarren.Reed@Sun.COM		    NH_LOOPBACK_OUT, ifs->ifs_ipfhook4_loop_out) != 0);
3448Sdh155122		if (ifs->ifs_hook4_loopback_out)
2958Sdr146992			return EBUSY;
2958Sdr146992
3448Sdh155122		ifs->ifs_hook6_loopback_in =
7513SDarren.Reed@Sun.COM		    (net_hook_unregister(ifs->ifs_ipf_ipv6,
7513SDarren.Reed@Sun.COM		    NH_LOOPBACK_IN, ifs->ifs_ipfhook4_loop_in) != 0);
3448Sdh155122		if (ifs->ifs_hook6_loopback_in)
2958Sdr146992			return EBUSY;
2958Sdr146992
3448Sdh155122		ifs->ifs_hook6_loopback_out =
7513SDarren.Reed@Sun.COM		    (net_hook_unregister(ifs->ifs_ipf_ipv6,
7513SDarren.Reed@Sun.COM		    NH_LOOPBACK_OUT, ifs->ifs_ipfhook6_loop_out) != 0);
3448Sdh155122		if (ifs->ifs_hook6_loopback_out)
2958Sdr146992			return EBUSY;
2958Sdr146992	}
2958Sdr146992	return 0;
2393Syz155240}
2393Syz155240
2393Syz155240
2393Syz155240/*
2393Syz155240 * Filter ioctl interface.
2393Syz155240 */
2393Syz155240/*ARGSUSED*/
2393Syz155240int iplioctl(dev, cmd, data, mode, cp, rp)
2393Syz155240dev_t dev;
2393Syz155240int cmd;
2393Syz155240#if SOLARIS2 >= 7
2393Syz155240intptr_t data;
2393Syz155240#else
2393Syz155240int *data;
2393Syz155240#endif
2393Syz155240int mode;
2393Syz155240cred_t *cp;
2393Syz155240int *rp;
2393Syz155240{
2393Syz155240	int error = 0, tmp;
2393Syz155240	friostat_t fio;
2393Syz155240	minor_t unit;
2393Syz155240	u_int enable;
3448Sdh155122	ipf_stack_t *ifs;
2393Syz155240
2393Syz155240#ifdef	IPFDEBUG
2393Syz155240	cmn_err(CE_CONT, "iplioctl(%x,%x,%x,%d,%x,%d)\n",
2393Syz155240		dev, cmd, data, mode, cp, rp);
2393Syz155240#endif
2393Syz155240	unit = getminor(dev);
2393Syz155240	if (IPL_LOGMAX < unit)
2393Syz155240		return ENXIO;
2393Syz155240
7513SDarren.Reed@Sun.COM        /*
7513SDarren.Reed@Sun.COM	 * As we're calling ipf_find_stack in user space, from a given zone
7513SDarren.Reed@Sun.COM	 * to find the stack pointer for this zone, there is no need to have
7513SDarren.Reed@Sun.COM	 * a hold/refence count here.
7513SDarren.Reed@Sun.COM	 */
7513SDarren.Reed@Sun.COM	ifs = ipf_find_stack(crgetzoneid(cp));
3448Sdh155122	ASSERT(ifs != NULL);
3448Sdh155122
3448Sdh155122	if (ifs->ifs_fr_running <= 0) {
3448Sdh155122		if (unit != IPL_LOGIPF) {
2393Syz155240			return EIO;
3448Sdh155122		}
2393Syz155240		if (cmd != SIOCIPFGETNEXT && cmd != SIOCIPFGET &&
2393Syz155240		    cmd != SIOCIPFSET && cmd != SIOCFRENB &&
3448Sdh155122		    cmd != SIOCGETFS && cmd != SIOCGETFF) {
2393Syz155240			return EIO;
3448Sdh155122		}
2393Syz155240	}
2393Syz155240
3448Sdh155122	READ_ENTER(&ifs->ifs_ipf_global);
9876SDarren.Reed@Sun.COM	if (ifs->ifs_fr_enable_active != 0) {
9876SDarren.Reed@Sun.COM		RWLOCK_EXIT(&ifs->ifs_ipf_global);
9876SDarren.Reed@Sun.COM		return EBUSY;
9876SDarren.Reed@Sun.COM	}
2393Syz155240
11134SCasper.Dik@Sun.COM	error = fr_ioctlswitch(unit, (caddr_t)data, cmd, mode, crgetuid(cp),
7513SDarren.Reed@Sun.COM			       curproc, ifs);
2393Syz155240	if (error != -1) {
3448Sdh155122		RWLOCK_EXIT(&ifs->ifs_ipf_global);
2393Syz155240		return error;
2393Syz155240	}
2393Syz155240	error = 0;
2393Syz155240
2393Syz155240	switch (cmd)
2393Syz155240	{
2393Syz155240	case SIOCFRENB :
2393Syz155240		if (!(mode & FWRITE))
2393Syz155240			error = EPERM;
2393Syz155240		else {
2393Syz155240			error = COPYIN((caddr_t)data, (caddr_t)&enable,
2393Syz155240				       sizeof(enable));
2393Syz155240			if (error != 0) {
2393Syz155240				error = EFAULT;
2393Syz155240				break;
2393Syz155240			}
2393Syz155240
3448Sdh155122			RWLOCK_EXIT(&ifs->ifs_ipf_global);
3448Sdh155122			WRITE_ENTER(&ifs->ifs_ipf_global);
11105SAlexandr.Nedvedicky@Sun.COM
11105SAlexandr.Nedvedicky@Sun.COM			/*
11105SAlexandr.Nedvedicky@Sun.COM			 * We must recheck fr_enable_active here, since we've
11105SAlexandr.Nedvedicky@Sun.COM			 * dropped ifs_ipf_global from R in order to get it
11105SAlexandr.Nedvedicky@Sun.COM			 * exclusively.
11105SAlexandr.Nedvedicky@Sun.COM			 */
11105SAlexandr.Nedvedicky@Sun.COM			if (ifs->ifs_fr_enable_active == 0) {
11105SAlexandr.Nedvedicky@Sun.COM				ifs->ifs_fr_enable_active = 1;
11105SAlexandr.Nedvedicky@Sun.COM				error = fr_enableipf(ifs, enable);
11105SAlexandr.Nedvedicky@Sun.COM				ifs->ifs_fr_enable_active = 0;
11105SAlexandr.Nedvedicky@Sun.COM			}
2393Syz155240		}
2393Syz155240		break;
2393Syz155240	case SIOCIPFSET :
2393Syz155240		if (!(mode & FWRITE)) {
2393Syz155240			error = EPERM;
2393Syz155240			break;
2393Syz155240		}
2393Syz155240		/* FALLTHRU */
2393Syz155240	case SIOCIPFGETNEXT :
2393Syz155240	case SIOCIPFGET :
3448Sdh155122		error = fr_ipftune(cmd, (void *)data, ifs);
2393Syz155240		break;
2393Syz155240	case SIOCSETFF :
2393Syz155240		if (!(mode & FWRITE))
2393Syz155240			error = EPERM;
2393Syz155240		else {
7513SDarren.Reed@Sun.COM			error = COPYIN((caddr_t)data,
7513SDarren.Reed@Sun.COM				       (caddr_t)&ifs->ifs_fr_flags,
7513SDarren.Reed@Sun.COM				       sizeof(ifs->ifs_fr_flags));
2393Syz155240			if (error != 0)
2393Syz155240				error = EFAULT;
2393Syz155240		}
2393Syz155240		break;
2958Sdr146992	case SIOCIPFLP :
2958Sdr146992		error = COPYIN((caddr_t)data, (caddr_t)&tmp,
2958Sdr146992			       sizeof(tmp));
2958Sdr146992		if (error != 0)
2958Sdr146992			error = EFAULT;
2958Sdr146992		else
3448Sdh155122			error = fr_setipfloopback(tmp, ifs);
2958Sdr146992		break;
2393Syz155240	case SIOCGETFF :
3448Sdh155122		error = COPYOUT((caddr_t)&ifs->ifs_fr_flags, (caddr_t)data,
7513SDarren.Reed@Sun.COM				sizeof(ifs->ifs_fr_flags));
2393Syz155240		if (error != 0)
2393Syz155240			error = EFAULT;
2393Syz155240		break;
2393Syz155240	case SIOCFUNCL :
2393Syz155240		error = fr_resolvefunc((void *)data);
2393Syz155240		break;
2393Syz155240	case SIOCINAFR :
2393Syz155240	case SIOCRMAFR :
2393Syz155240	case SIOCADAFR :
2393Syz155240	case SIOCZRLST :
2393Syz155240		if (!(mode & FWRITE))
2393Syz155240			error = EPERM;
2393Syz155240		else
2393Syz155240			error = frrequest(unit, cmd, (caddr_t)data,
3448Sdh155122					  ifs->ifs_fr_active, 1, ifs);
2393Syz155240		break;
2393Syz155240	case SIOCINIFR :
2393Syz155240	case SIOCRMIFR :
2393Syz155240	case SIOCADIFR :
2393Syz155240		if (!(mode & FWRITE))
2393Syz155240			error = EPERM;
2393Syz155240		else
2393Syz155240			error = frrequest(unit, cmd, (caddr_t)data,
3448Sdh155122					  1 - ifs->ifs_fr_active, 1, ifs);
2393Syz155240		break;
2393Syz155240	case SIOCSWAPA :
2393Syz155240		if (!(mode & FWRITE))
2393Syz155240			error = EPERM;
2393Syz155240		else {
3448Sdh155122			WRITE_ENTER(&ifs->ifs_ipf_mutex);
10587SAlexandr.Nedvedicky@Sun.COM			bzero((char *)ifs->ifs_frcache,
10587SAlexandr.Nedvedicky@Sun.COM			    sizeof (ifs->ifs_frcache));
3448Sdh155122			error = COPYOUT((caddr_t)&ifs->ifs_fr_active,
3448Sdh155122					(caddr_t)data,
3448Sdh155122					sizeof(ifs->ifs_fr_active));
2393Syz155240			if (error != 0)
2393Syz155240				error = EFAULT;
2393Syz155240			else
3448Sdh155122				ifs->ifs_fr_active = 1 - ifs->ifs_fr_active;
3448Sdh155122			RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
2393Syz155240		}
2393Syz155240		break;
2393Syz155240	case SIOCGETFS :
3448Sdh155122		fr_getstat(&fio, ifs);
2393Syz155240		error = fr_outobj((void *)data, &fio, IPFOBJ_IPFSTAT);
2393Syz155240		break;
2393Syz155240	case SIOCFRZST :
2393Syz155240		if (!(mode & FWRITE))
2393Syz155240			error = EPERM;
2393Syz155240		else
3448Sdh155122			error = fr_zerostats((caddr_t)data, ifs);
2393Syz155240		break;
2393Syz155240	case	SIOCIPFFL :
2393Syz155240		if (!(mode & FWRITE))
2393Syz155240			error = EPERM;
2393Syz155240		else {
2393Syz155240			error = COPYIN((caddr_t)data, (caddr_t)&tmp,
2393Syz155240				       sizeof(tmp));
2393Syz155240			if (!error) {
3448Sdh155122				tmp = frflush(unit, 4, tmp, ifs);
2393Syz155240				error = COPYOUT((caddr_t)&tmp, (caddr_t)data,
7513SDarren.Reed@Sun.COM						sizeof(tmp));
2393Syz155240				if (error != 0)
2393Syz155240					error = EFAULT;
2393Syz155240			} else
2393Syz155240				error = EFAULT;
2393Syz155240		}
2393Syz155240		break;
2393Syz155240#ifdef USE_INET6
2393Syz155240	case	SIOCIPFL6 :
2393Syz155240		if (!(mode & FWRITE))
2393Syz155240			error = EPERM;
2393Syz155240		else {
2393Syz155240			error = COPYIN((caddr_t)data, (caddr_t)&tmp,
2393Syz155240				       sizeof(tmp));
2393Syz155240			if (!error) {
3448Sdh155122				tmp = frflush(unit, 6, tmp, ifs);
2393Syz155240				error = COPYOUT((caddr_t)&tmp, (caddr_t)data,
7513SDarren.Reed@Sun.COM						sizeof(tmp));
2393Syz155240				if (error != 0)
2393Syz155240					error = EFAULT;
2393Syz155240			} else
2393Syz155240				error = EFAULT;
2393Syz155240		}
2393Syz155240		break;
2393Syz155240#endif
2393Syz155240	case SIOCSTLCK :
2393Syz155240		error = COPYIN((caddr_t)data, (caddr_t)&tmp, sizeof(tmp));
2393Syz155240		if (error == 0) {
3448Sdh155122			ifs->ifs_fr_state_lock = tmp;
3448Sdh155122			ifs->ifs_fr_nat_lock = tmp;
3448Sdh155122			ifs->ifs_fr_frag_lock = tmp;
3448Sdh155122			ifs->ifs_fr_auth_lock = tmp;
2393Syz155240		} else
2393Syz155240			error = EFAULT;
2393Syz155240	break;
2393Syz155240#ifdef	IPFILTER_LOG
2393Syz155240	case	SIOCIPFFB :
2393Syz155240		if (!(mode & FWRITE))
2393Syz155240			error = EPERM;
2393Syz155240		else {
3448Sdh155122			tmp = ipflog_clear(unit, ifs);
2393Syz155240			error = COPYOUT((caddr_t)&tmp, (caddr_t)data,
2393Syz155240				       sizeof(tmp));
2393Syz155240			if (error)
2393Syz155240				error = EFAULT;
2393Syz155240		}
2393Syz155240		break;
2393Syz155240#endif /* IPFILTER_LOG */
2393Syz155240	case SIOCFRSYN :
2393Syz155240		if (!(mode & FWRITE))
2393Syz155240			error = EPERM;
2393Syz155240		else {
3448Sdh155122			RWLOCK_EXIT(&ifs->ifs_ipf_global);
3448Sdh155122			WRITE_ENTER(&ifs->ifs_ipf_global);
2958Sdr146992
3448Sdh155122			frsync(IPFSYNC_RESYNC, 0, NULL, NULL, ifs);
7176Syx160601			fr_natifpsync(IPFSYNC_RESYNC, 0, NULL, NULL, ifs);
7176Syx160601			fr_nataddrsync(0, NULL, NULL, ifs);
3448Sdh155122			fr_statesync(IPFSYNC_RESYNC, 0, NULL, NULL, ifs);
2958Sdr146992			error = 0;
2393Syz155240		}
2393Syz155240		break;
2393Syz155240	case SIOCGFRST :
3448Sdh155122		error = fr_outobj((void *)data, fr_fragstats(ifs),
2393Syz155240				  IPFOBJ_FRAGSTAT);
2393Syz155240		break;
2393Syz155240	case FIONREAD :
2393Syz155240#ifdef	IPFILTER_LOG
3448Sdh155122		tmp = (int)ifs->ifs_iplused[IPL_LOGIPF];
2393Syz155240
2393Syz155240		error = COPYOUT((caddr_t)&tmp, (caddr_t)data, sizeof(tmp));
2393Syz155240		if (error != 0)
2393Syz155240			error = EFAULT;
2393Syz155240#endif
2393Syz155240		break;
3448Sdh155122	case SIOCIPFITER :
11134SCasper.Dik@Sun.COM		error = ipf_frruleiter((caddr_t)data, crgetuid(cp),
7513SDarren.Reed@Sun.COM				       curproc, ifs);
3448Sdh155122		break;
3448Sdh155122
3448Sdh155122	case SIOCGENITER :
11134SCasper.Dik@Sun.COM		error = ipf_genericiter((caddr_t)data, crgetuid(cp),
7513SDarren.Reed@Sun.COM					curproc, ifs);
3448Sdh155122		break;
3448Sdh155122
3448Sdh155122	case SIOCIPFDELTOK :
7433SJohn.Ojemann@Sun.COM		error = BCOPYIN((caddr_t)data, (caddr_t)&tmp, sizeof(tmp));
7433SJohn.Ojemann@Sun.COM		if (error != 0) {
7433SJohn.Ojemann@Sun.COM			error = EFAULT;
7433SJohn.Ojemann@Sun.COM		} else {
11134SCasper.Dik@Sun.COM			error = ipf_deltoken(tmp, crgetuid(cp), curproc, ifs);
7433SJohn.Ojemann@Sun.COM		}
3448Sdh155122		break;
3448Sdh155122
2393Syz155240	default :
8624SDarren.Reed@Sun.COM#ifdef	IPFDEBUG
7513SDarren.Reed@Sun.COM		cmn_err(CE_NOTE, "Unknown: cmd 0x%x data %p",
7513SDarren.Reed@Sun.COM			cmd, (void *)data);
8624SDarren.Reed@Sun.COM#endif
2393Syz155240		error = EINVAL;
2393Syz155240		break;
2393Syz155240	}
3448Sdh155122	RWLOCK_EXIT(&ifs->ifs_ipf_global);
2393Syz155240	return error;
2393Syz155240}
2393Syz155240
2393Syz155240
7513SDarren.Reed@Sun.COMstatic int fr_enableipf(ifs, enable)
4477Sdr146992ipf_stack_t *ifs;
4477Sdr146992int enable;
4477Sdr146992{
4477Sdr146992	int error;
4477Sdr146992
6274Sjojemann	if (!enable) {
4477Sdr146992		error = ipldetach(ifs);
4477Sdr146992		if (error == 0)
4477Sdr146992			ifs->ifs_fr_running = -1;
7513SDarren.Reed@Sun.COM		return error;
4477Sdr146992	}
4477Sdr146992
6274Sjojemann	if (ifs->ifs_fr_running > 0)
7513SDarren.Reed@Sun.COM		return 0;
6274Sjojemann
7513SDarren.Reed@Sun.COM	error = iplattach(ifs);
6274Sjojemann	if (error == 0) {
6274Sjojemann		if (ifs->ifs_fr_timer_id == NULL) {
6274Sjojemann			int hz = drv_usectohz(500000);
6274Sjojemann
6274Sjojemann			ifs->ifs_fr_timer_id = timeout(fr_slowtimer,
7513SDarren.Reed@Sun.COM						       (void *)ifs,
7513SDarren.Reed@Sun.COM						       hz);
6274Sjojemann		}
6274Sjojemann		ifs->ifs_fr_running = 1;
6274Sjojemann	} else {
6274Sjojemann		(void) ipldetach(ifs);
6274Sjojemann	}
7513SDarren.Reed@Sun.COM	return error;
4477Sdr146992}
4477Sdr146992
4477Sdr146992
3448Sdh155122phy_if_t get_unit(name, v, ifs)
3448Sdh155122char *name;
3448Sdh155122int v;
3448Sdh155122ipf_stack_t *ifs;
2393Syz155240{
7513SDarren.Reed@Sun.COM	net_handle_t nif;
2958Sdr146992
2958Sdr146992  	if (v == 4)
3448Sdh155122 		nif = ifs->ifs_ipf_ipv4;
2958Sdr146992  	else if (v == 6)
3448Sdh155122 		nif = ifs->ifs_ipf_ipv6;
2958Sdr146992  	else
2958Sdr146992 		return 0;
2393Syz155240
3448Sdh155122 	return (net_phylookup(nif, name));
2393Syz155240}
2393Syz155240
2393Syz155240/*
2393Syz155240 * routines below for saving IP headers to buffer
2393Syz155240 */
2393Syz155240/*ARGSUSED*/
2393Syz155240int iplopen(devp, flags, otype, cred)
2393Syz155240dev_t *devp;
2393Syz155240int flags, otype;
2393Syz155240cred_t *cred;
2393Syz155240{
2393Syz155240	minor_t min = getminor(*devp);
2393Syz155240
2393Syz155240#ifdef	IPFDEBUG
2393Syz155240	cmn_err(CE_CONT, "iplopen(%x,%x,%x,%x)\n", devp, flags, otype, cred);
2393Syz155240#endif
2393Syz155240	if (!(otype & OTYP_CHR))
2393Syz155240		return ENXIO;
2393Syz155240
2393Syz155240	min = (IPL_LOGMAX < min) ? ENXIO : 0;
2393Syz155240	return min;
2393Syz155240}
2393Syz155240
2393Syz155240
2393Syz155240/*ARGSUSED*/
2393Syz155240int iplclose(dev, flags, otype, cred)
2393Syz155240dev_t dev;
2393Syz155240int flags, otype;
2393Syz155240cred_t *cred;
2393Syz155240{
2393Syz155240	minor_t	min = getminor(dev);
2393Syz155240
2393Syz155240#ifdef	IPFDEBUG
2393Syz155240	cmn_err(CE_CONT, "iplclose(%x,%x,%x,%x)\n", dev, flags, otype, cred);
2393Syz155240#endif
2393Syz155240
2393Syz155240	min = (IPL_LOGMAX < min) ? ENXIO : 0;
2393Syz155240	return min;
2393Syz155240}
2393Syz155240
2393Syz155240#ifdef	IPFILTER_LOG
2393Syz155240/*
2393Syz155240 * iplread/ipllog
2393Syz155240 * both of these must operate with at least splnet() lest they be
2393Syz155240 * called during packet processing and cause an inconsistancy to appear in
2393Syz155240 * the filter lists.
2393Syz155240 */
2393Syz155240/*ARGSUSED*/
2393Syz155240int iplread(dev, uio, cp)
2393Syz155240dev_t dev;
2393Syz155240register struct uio *uio;
2393Syz155240cred_t *cp;
2393Syz155240{
3448Sdh155122	ipf_stack_t *ifs;
3448Sdh155122	int ret;
3448Sdh155122
7513SDarren.Reed@Sun.COM        /*
7513SDarren.Reed@Sun.COM	 * As we're calling ipf_find_stack in user space, from a given zone
7513SDarren.Reed@Sun.COM	 * to find the stack pointer for this zone, there is no need to have
7513SDarren.Reed@Sun.COM	 * a hold/refence count here.
7513SDarren.Reed@Sun.COM	 */
7513SDarren.Reed@Sun.COM	ifs = ipf_find_stack(crgetzoneid(cp));
3448Sdh155122	ASSERT(ifs != NULL);
3448Sdh155122
2393Syz155240# ifdef	IPFDEBUG
2393Syz155240	cmn_err(CE_CONT, "iplread(%x,%x,%x)\n", dev, uio, cp);
2393Syz155240# endif
3007Sdr146992
3448Sdh155122	if (ifs->ifs_fr_running < 1) {
3007Sdr146992		return EIO;
3448Sdh155122	}
3007Sdr146992
2393Syz155240# ifdef	IPFILTER_SYNC
3448Sdh155122	if (getminor(dev) == IPL_LOGSYNC) {
2393Syz155240		return ipfsync_read(uio);
3448Sdh155122	}
2393Syz155240# endif
2393Syz155240
3448Sdh155122	ret = ipflog_read(getminor(dev), uio, ifs);
3448Sdh155122	return ret;
2393Syz155240}
2393Syz155240#endif /* IPFILTER_LOG */
2393Syz155240
2393Syz155240
2393Syz155240/*
2393Syz155240 * iplread/ipllog
2393Syz155240 * both of these must operate with at least splnet() lest they be
2393Syz155240 * called during packet processing and cause an inconsistancy to appear in
2393Syz155240 * the filter lists.
2393Syz155240 */
2393Syz155240int iplwrite(dev, uio, cp)
2393Syz155240dev_t dev;
2393Syz155240register struct uio *uio;
2393Syz155240cred_t *cp;
2393Syz155240{
3448Sdh155122	ipf_stack_t *ifs;
3448Sdh155122
7513SDarren.Reed@Sun.COM        /*
7513SDarren.Reed@Sun.COM	 * As we're calling ipf_find_stack in user space, from a given zone
7513SDarren.Reed@Sun.COM	 * to find the stack pointer for this zone, there is no need to have
7513SDarren.Reed@Sun.COM	 * a hold/refence count here.
7513SDarren.Reed@Sun.COM	 */
7513SDarren.Reed@Sun.COM	ifs = ipf_find_stack(crgetzoneid(cp));
3448Sdh155122	ASSERT(ifs != NULL);
3448Sdh155122
2393Syz155240#ifdef	IPFDEBUG
2393Syz155240	cmn_err(CE_CONT, "iplwrite(%x,%x,%x)\n", dev, uio, cp);
2393Syz155240#endif
3007Sdr146992
3448Sdh155122	if (ifs->ifs_fr_running < 1) {
3007Sdr146992		return EIO;
3448Sdh155122	}
3007Sdr146992
2393Syz155240#ifdef	IPFILTER_SYNC
2393Syz155240	if (getminor(dev) == IPL_LOGSYNC)
2393Syz155240		return ipfsync_write(uio);
2393Syz155240#endif /* IPFILTER_SYNC */
2393Syz155240	dev = dev;	/* LINT */
2393Syz155240	uio = uio;	/* LINT */
2393Syz155240	cp = cp;	/* LINT */
2393Syz155240	return ENXIO;
2393Syz155240}
2393Syz155240
2393Syz155240
2393Syz155240/*
2393Syz155240 * fr_send_reset - this could conceivably be a call to tcp_respond(), but that
2393Syz155240 * requires a large amount of setting up and isn't any more efficient.
2393Syz155240 */
2393Syz155240int fr_send_reset(fin)
2393Syz155240fr_info_t *fin;
2393Syz155240{
2393Syz155240	tcphdr_t *tcp, *tcp2;
2393Syz155240	int tlen, hlen;
2393Syz155240	mblk_t *m;
2393Syz155240#ifdef	USE_INET6
2393Syz155240	ip6_t *ip6;
2393Syz155240#endif
2393Syz155240	ip_t *ip;
2393Syz155240
2393Syz155240	tcp = fin->fin_dp;
2393Syz155240	if (tcp->th_flags & TH_RST)
2393Syz155240		return -1;
2393Syz155240
2393Syz155240#ifndef	IPFILTER_CKSUM
2393Syz155240	if (fr_checkl4sum(fin) == -1)
2393Syz155240		return -1;
2393Syz155240#endif
2393Syz155240
2393Syz155240	tlen = (tcp->th_flags & (TH_SYN|TH_FIN)) ? 1 : 0;
2393Syz155240#ifdef	USE_INET6
2393Syz155240	if (fin->fin_v == 6)
2393Syz155240		hlen = sizeof(ip6_t);
2393Syz155240	else
2393Syz155240#endif
2393Syz155240		hlen = sizeof(ip_t);
2393Syz155240	hlen += sizeof(*tcp2);
2393Syz155240	if ((m = (mblk_t *)allocb(hlen + 64, BPRI_HI)) == NULL)
2393Syz155240		return -1;
2393Syz155240
2393Syz155240	m->b_rptr += 64;
2393Syz155240	MTYPE(m) = M_DATA;
2393Syz155240	m->b_wptr = m->b_rptr + hlen;
2393Syz155240	ip = (ip_t *)m->b_rptr;
2393Syz155240	bzero((char *)ip, hlen);
2393Syz155240	tcp2 = (struct tcphdr *)(m->b_rptr + hlen - sizeof(*tcp2));
2393Syz155240	tcp2->th_dport = tcp->th_sport;
2393Syz155240	tcp2->th_sport = tcp->th_dport;
2393Syz155240	if (tcp->th_flags & TH_ACK) {
2393Syz155240		tcp2->th_seq = tcp->th_ack;
2393Syz155240		tcp2->th_flags = TH_RST;
2393Syz155240	} else {
2393Syz155240		tcp2->th_ack = ntohl(tcp->th_seq);
2393Syz155240		tcp2->th_ack += tlen;
2393Syz155240		tcp2->th_ack = htonl(tcp2->th_ack);
2393Syz155240		tcp2->th_flags = TH_RST|TH_ACK;
2393Syz155240	}
2393Syz155240	tcp2->th_off = sizeof(struct tcphdr) >> 2;
2393Syz155240
2393Syz155240	ip->ip_v = fin->fin_v;
2393Syz155240#ifdef	USE_INET6
2393Syz155240	if (fin->fin_v == 6) {
2393Syz155240		ip6 = (ip6_t *)m->b_rptr;
2393Syz155240		ip6->ip6_flow = ((ip6_t *)fin->fin_ip)->ip6_flow;
7176Syx160601		ip6->ip6_src = fin->fin_dst6.in6;
7176Syx160601		ip6->ip6_dst = fin->fin_src6.in6;
2393Syz155240		ip6->ip6_plen = htons(sizeof(*tcp));
2393Syz155240		ip6->ip6_nxt = IPPROTO_TCP;
2393Syz155240		tcp2->th_sum = fr_cksum(m, (ip_t *)ip6, IPPROTO_TCP, tcp2);
2393Syz155240	} else
2393Syz155240#endif
2393Syz155240	{
2393Syz155240		ip->ip_src.s_addr = fin->fin_daddr;
2393Syz155240		ip->ip_dst.s_addr = fin->fin_saddr;
2393Syz155240		ip->ip_id = fr_nextipid(fin);
2393Syz155240		ip->ip_hl = sizeof(*ip) >> 2;
2393Syz155240		ip->ip_p = IPPROTO_TCP;
2393Syz155240		ip->ip_len = sizeof(*ip) + sizeof(*tcp);
2393Syz155240		ip->ip_tos = fin->fin_ip->ip_tos;
2393Syz155240		tcp2->th_sum = fr_cksum(m, ip, IPPROTO_TCP, tcp2);
2393Syz155240	}
2393Syz155240	return fr_send_ip(fin, m, &m);
2393Syz155240}
2393Syz155240
2393Syz155240/*
2393Syz155240 * Function:	fr_send_ip
2393Syz155240 * Returns:	 0: success
2393Syz155240 *		-1: failed
2393Syz155240 * Parameters:
2393Syz155240 *	fin: packet information
2393Syz155240 *	m: the message block where ip head starts
2393Syz155240 *
2393Syz155240 * Send a new packet through the IP stack.
2393Syz155240 *
2393Syz155240 * For IPv4 packets, ip_len must be in host byte order, and ip_v,
2393Syz155240 * ip_ttl, ip_off, and ip_sum are ignored (filled in by this
2393Syz155240 * function).
2393Syz155240 *
2393Syz155240 * For IPv6 packets, ip6_flow, ip6_vfc, and ip6_hlim are filled
2393Syz155240 * in by this function.
2393Syz155240 *
2393Syz155240 * All other portions of the packet must be in on-the-wire format.
2393Syz155240 */
2393Syz155240/*ARGSUSED*/
2393Syz155240static int fr_send_ip(fin, m, mpp)
2393Syz155240fr_info_t *fin;
2393Syz155240mblk_t *m, **mpp;
2393Syz155240{
2393Syz155240	qpktinfo_t qpi, *qpip;
2393Syz155240	fr_info_t fnew;
2393Syz155240	ip_t *ip;
2393Syz155240	int i, hlen;
3448Sdh155122	ipf_stack_t *ifs = fin->fin_ifs;
2393Syz155240
2393Syz155240	ip = (ip_t *)m->b_rptr;
2393Syz155240	bzero((char *)&fnew, sizeof(fnew));
2393Syz155240
2393Syz155240#ifdef	USE_INET6
2393Syz155240	if (fin->fin_v == 6) {
2393Syz155240		ip6_t *ip6;
2393Syz155240
2393Syz155240		ip6 = (ip6_t *)ip;
2393Syz155240		ip6->ip6_vfc = 0x60;
2393Syz155240		ip6->ip6_hlim = 127;
2393Syz155240		fnew.fin_v = 6;
2393Syz155240		hlen = sizeof(*ip6);
2596Szf203873		fnew.fin_plen = ntohs(ip6->ip6_plen) + hlen;
2393Syz155240	} else
2393Syz155240#endif
2393Syz155240	{
2393Syz155240		fnew.fin_v = 4;
2393Syz155240#if SOLARIS2 >= 10
2393Syz155240		ip->ip_ttl = 255;
3448Sdh155122		if (net_getpmtuenabled(ifs->ifs_ipf_ipv4) == 1)
2958Sdr146992			ip->ip_off = htons(IP_DF);
2393Syz155240#else
2393Syz155240		if (ip_ttl_ptr != NULL)
2393Syz155240			ip->ip_ttl = (u_char)(*ip_ttl_ptr);
2393Syz155240		else
2393Syz155240			ip->ip_ttl = 63;
2393Syz155240		if (ip_mtudisc != NULL)
2393Syz155240			ip->ip_off = htons(*ip_mtudisc ? IP_DF : 0);
2393Syz155240		else
2393Syz155240			ip->ip_off = htons(IP_DF);
2393Syz155240#endif
2393Syz155240		/*
2393Syz155240		 * The dance with byte order and ip_len/ip_off is because in
2393Syz155240		 * fr_fastroute, it expects them to be in host byte order but
2393Syz155240		 * ipf_cksum expects them to be in network byte order.
2393Syz155240		 */
2393Syz155240		ip->ip_len = htons(ip->ip_len);
2393Syz155240		ip->ip_sum = ipf_cksum((u_short *)ip, sizeof(*ip));
2393Syz155240		ip->ip_len = ntohs(ip->ip_len);
2393Syz155240		ip->ip_off = ntohs(ip->ip_off);
2393Syz155240		hlen = sizeof(*ip);
2596Szf203873		fnew.fin_plen = ip->ip_len;
2393Syz155240	}
2393Syz155240
2393Syz155240	qpip = fin->fin_qpi;
2393Syz155240	qpi.qpi_off = 0;
2958Sdr146992	qpi.qpi_ill = qpip->qpi_ill;
2393Syz155240	qpi.qpi_m = m;
2393Syz155240	qpi.qpi_data = ip;
2393Syz155240	fnew.fin_qpi = &qpi;
2393Syz155240	fnew.fin_ifp = fin->fin_ifp;
2393Syz155240	fnew.fin_flx = FI_NOCKSUM;
2393Syz155240	fnew.fin_m = m;
7333SJohn.Ojemann@Sun.COM	fnew.fin_qfm = m;
2393Syz155240	fnew.fin_ip = ip;
2393Syz155240	fnew.fin_mp = mpp;
2393Syz155240	fnew.fin_hlen = hlen;
2393Syz155240	fnew.fin_dp = (char *)ip + hlen;
3448Sdh155122	fnew.fin_ifs = fin->fin_ifs;
2393Syz155240	(void) fr_makefrip(hlen, ip, &fnew);
2393Syz155240
2393Syz155240	i = fr_fastroute(m, mpp, &fnew, NULL);
2393Syz155240	return i;
2393Syz155240}
2393Syz155240
2393Syz155240
2393Syz155240int fr_send_icmp_err(type, fin, dst)
2393Syz155240int type;
2393Syz155240fr_info_t *fin;
2393Syz155240int dst;
2393Syz155240{
2393Syz155240	struct in_addr dst4;
2393Syz155240	struct icmp *icmp;
2393Syz155240	qpktinfo_t *qpi;
2393Syz155240	int hlen, code;
2958Sdr146992	phy_if_t phy;
2393Syz155240	u_short sz;
2393Syz155240#ifdef	USE_INET6
2393Syz155240	mblk_t *mb;
2393Syz155240#endif
2393Syz155240	mblk_t *m;
2393Syz155240#ifdef	USE_INET6
2393Syz155240	ip6_t *ip6;
2393Syz155240#endif
2393Syz155240	ip_t *ip;
3448Sdh155122	ipf_stack_t *ifs = fin->fin_ifs;
2393Syz155240
2393Syz155240	if ((type < 0) || (type > ICMP_MAXTYPE))
2393Syz155240		return -1;
2393Syz155240
2393Syz155240	code = fin->fin_icode;
2393Syz155240#ifdef USE_INET6
8624SDarren.Reed@Sun.COM	if ((code < 0) || (code >= ICMP_MAX_UNREACH))
2393Syz155240		return -1;
2393Syz155240#endif
2393Syz155240
2393Syz155240#ifndef	IPFILTER_CKSUM
2393Syz155240	if (fr_checkl4sum(fin) == -1)
2393Syz155240		return -1;
2393Syz155240#endif
2393Syz155240
2393Syz155240	qpi = fin->fin_qpi;
2393Syz155240
2393Syz155240#ifdef	USE_INET6
2393Syz155240	mb = fin->fin_qfm;
2393Syz155240
2393Syz155240	if (fin->fin_v == 6) {
2393Syz155240		sz = sizeof(ip6_t);
2393Syz155240		sz += MIN(mb->b_wptr - mb->b_rptr, 512);
2393Syz155240		hlen = sizeof(ip6_t);
2393Syz155240		type = icmptoicmp6types[type];
2393Syz155240		if (type == ICMP6_DST_UNREACH)
2393Syz155240			code = icmptoicmp6unreach[code];
2393Syz155240	} else
2393Syz155240#endif
2393Syz155240	{
2393Syz155240		if ((fin->fin_p == IPPROTO_ICMP) &&
2393Syz155240		    !(fin->fin_flx & FI_SHORT))
2393Syz155240			switch (ntohs(fin->fin_data[0]) >> 8)
2393Syz155240			{
2393Syz155240			case ICMP_ECHO :
2393Syz155240			case ICMP_TSTAMP :
2393Syz155240			case ICMP_IREQ :
2393Syz155240			case ICMP_MASKREQ :
2393Syz155240				break;
2393Syz155240			default :
2393Syz155240				return 0;
2393Syz155240			}
2393Syz155240
2393Syz155240		sz = sizeof(ip_t) * 2;
2393Syz155240		sz += 8;		/* 64 bits of data */
2393Syz155240		hlen = sizeof(ip_t);
2393Syz155240	}
2393Syz155240
2393Syz155240	sz += offsetof(struct icmp, icmp_ip);
2393Syz155240	if ((m = (mblk_t *)allocb((size_t)sz + 64, BPRI_HI)) == NULL)
2393Syz155240		return -1;
2393Syz155240	MTYPE(m) = M_DATA;
2393Syz155240	m->b_rptr += 64;
2393Syz155240	m->b_wptr = m->b_rptr + sz;
2393Syz155240	bzero((char *)m->b_rptr, (size_t)sz);
2393Syz155240	ip = (ip_t *)m->b_rptr;
2393Syz155240	ip->ip_v = fin->fin_v;
2393Syz155240	icmp = (struct icmp *)(m->b_rptr + hlen);
2393Syz155240	icmp->icmp_type = type & 0xff;
2393Syz155240	icmp->icmp_code = code & 0xff;
2958Sdr146992	phy = (phy_if_t)qpi->qpi_ill;
2958Sdr146992	if (type == ICMP_UNREACH && (phy != 0) &&
2393Syz155240	    fin->fin_icode == ICMP_UNREACH_NEEDFRAG)
3448Sdh155122		icmp->icmp_nextmtu = net_getmtu(ifs->ifs_ipf_ipv4, phy,0 );
2393Syz155240
2393Syz155240#ifdef	USE_INET6
2393Syz155240	if (fin->fin_v == 6) {
2393Syz155240		struct in6_addr dst6;
2393Syz155240		int csz;
2393Syz155240
2393Syz155240		if (dst == 0) {
3448Sdh155122			ipf_stack_t *ifs = fin->fin_ifs;
3448Sdh155122
2958Sdr146992			if (fr_ifpaddr(6, FRI_NORMAL, (void *)phy,
3448Sdh155122				       (void *)&dst6, NULL, ifs) == -1) {
2393Syz155240				FREE_MB_T(m);
2393Syz155240				return -1;
2393Syz155240			}
2393Syz155240		} else
7176Syx160601			dst6 = fin->fin_dst6.in6;
2393Syz155240
2393Syz155240		csz = sz;
2393Syz155240		sz -= sizeof(ip6_t);
2393Syz155240		ip6 = (ip6_t *)m->b_rptr;
2393Syz155240		ip6->ip6_flow = ((ip6_t *)fin->fin_ip)->ip6_flow;
2393Syz155240		ip6->ip6_plen = htons((u_short)sz);
2393Syz155240		ip6->ip6_nxt = IPPROTO_ICMPV6;
2393Syz155240		ip6->ip6_src = dst6;
7176Syx160601		ip6->ip6_dst = fin->fin_src6.in6;
2393Syz155240		sz -= offsetof(struct icmp, icmp_ip);
2393Syz155240		bcopy((char *)mb->b_rptr, (char *)&icmp->icmp_ip, sz);
2393Syz155240		icmp->icmp_cksum = csz - sizeof(ip6_t);
2393Syz155240	} else
2393Syz155240#endif
2393Syz155240	{
2393Syz155240		ip->ip_hl = sizeof(*ip) >> 2;
2393Syz155240		ip->ip_p = IPPROTO_ICMP;
2393Syz155240		ip->ip_id = fin->fin_ip->ip_id;
2393Syz155240		ip->ip_tos = fin->fin_ip->ip_tos;
2393Syz155240		ip->ip_len = (u_short)sz;
2393Syz155240		if (dst == 0) {
3448Sdh155122			ipf_stack_t *ifs = fin->fin_ifs;
3448Sdh155122
2958Sdr146992			if (fr_ifpaddr(4, FRI_NORMAL, (void *)phy,
3448Sdh155122				       (void *)&dst4, NULL, ifs) == -1) {
2393Syz155240				FREE_MB_T(m);
2393Syz155240				return -1;
2393Syz155240			}
2958Sdr146992		} else {
2393Syz155240			dst4 = fin->fin_dst;
2958Sdr146992		}
2393Syz155240		ip->ip_src = dst4;
2393Syz155240		ip->ip_dst = fin->fin_src;
2393Syz155240		bcopy((char *)fin->fin_ip, (char *)&icmp->icmp_ip,
2393Syz155240		      sizeof(*fin->fin_ip));
2393Syz155240		bcopy((char *)fin->fin_ip + fin->fin_hlen,
2393Syz155240		      (char *)&icmp->icmp_ip + sizeof(*fin->fin_ip), 8);
2393Syz155240		icmp->icmp_ip.ip_len = htons(icmp->icmp_ip.ip_len);
2393Syz155240		icmp->icmp_ip.ip_off = htons(icmp->icmp_ip.ip_off);
2393Syz155240		icmp->icmp_cksum = ipf_cksum((u_short *)icmp,
2393Syz155240					     sz - sizeof(ip_t));
2393Syz155240	}
2393Syz155240
2393Syz155240	/*
2393Syz155240	 * Need to exit out of these so we don't recursively call rw_enter
2393Syz155240	 * from fr_qout.
2393Syz155240	 */
2393Syz155240	return fr_send_ip(fin, m, &m);
2393Syz155240}
2393Syz155240
2393Syz155240#include <sys/time.h>
2393Syz155240#include <sys/varargs.h>
2393Syz155240
2393Syz155240#ifndef _KERNEL
2393Syz155240#include <stdio.h>
2393Syz155240#endif
2393Syz155240
2393Syz155240#define	NULLADDR_RATE_LIMIT 10	/* 10 seconds */
2393Syz155240
2393Syz155240
2393Syz155240/*
2393Syz155240 * Print out warning message at rate-limited speed.
2393Syz155240 */
3448Sdh155122static void rate_limit_message(ipf_stack_t *ifs,
3448Sdh155122			       int rate, const char *message, ...)
2393Syz155240{
2393Syz155240	static time_t last_time = 0;
2393Syz155240	time_t now;
2393Syz155240	va_list args;
2393Syz155240	char msg_buf[256];
2393Syz155240	int  need_printed = 0;
2393Syz155240
2393Syz155240	now = ddi_get_time();
2393Syz155240
2393Syz155240	/* make sure, no multiple entries */
3448Sdh155122	ASSERT(MUTEX_NOT_HELD(&(ifs->ifs_ipf_rw.ipf_lk)));
3448Sdh155122	MUTEX_ENTER(&ifs->ifs_ipf_rw);
2393Syz155240	if (now - last_time >= rate) {
2393Syz155240		need_printed = 1;
2393Syz155240		last_time = now;
2393Syz155240	}
3448Sdh155122	MUTEX_EXIT(&ifs->ifs_ipf_rw);
2393Syz155240
2393Syz155240	if (need_printed) {
2393Syz155240		va_start(args, message);
2393Syz155240		(void)vsnprintf(msg_buf, 255, message, args);
2393Syz155240		va_end(args);
2393Syz155240#ifdef _KERNEL
2393Syz155240		cmn_err(CE_WARN, msg_buf);
2393Syz155240#else
2393Syz155240		fprintf(std_err, msg_buf);
2393Syz155240#endif
2393Syz155240	}
2393Syz155240}
2393Syz155240
2393Syz155240/*
9876SDarren.Reed@Sun.COM * Return the first IP Address associated with an interface
9876SDarren.Reed@Sun.COM * For IPv6, we walk through the list of logical interfaces and return
9876SDarren.Reed@Sun.COM * the address of the first one that isn't a link-local interface.
9876SDarren.Reed@Sun.COM * We can't assume that it is :1 because another link-local address
9876SDarren.Reed@Sun.COM * may have been assigned there.
2393Syz155240 */
2393Syz155240/*ARGSUSED*/
3448Sdh155122int fr_ifpaddr(v, atype, ifptr, inp, inpmask, ifs)
2393Syz155240int v, atype;
2958Sdr146992void *ifptr;
2958Sdr146992struct in_addr  *inp, *inpmask;
3448Sdh155122ipf_stack_t *ifs;
2393Syz155240{
2958Sdr146992	struct sockaddr_in6 v6addr[2];
2958Sdr146992	struct sockaddr_in v4addr[2];
2958Sdr146992	net_ifaddr_t type[2];
7513SDarren.Reed@Sun.COM	net_handle_t net_data;
2958Sdr146992	phy_if_t phyif;
2958Sdr146992	void *array;
2393Syz155240
2958Sdr146992	switch (v)
2958Sdr146992	{
2958Sdr146992	case 4:
3448Sdh155122		net_data = ifs->ifs_ipf_ipv4;
2958Sdr146992		array = v4addr;
2958Sdr146992		break;
2958Sdr146992	case 6:
3448Sdh155122		net_data = ifs->ifs_ipf_ipv6;
2958Sdr146992		array = v6addr;
2958Sdr146992		break;
2958Sdr146992	default:
2958Sdr146992		net_data = NULL;
2958Sdr146992		break;
2958Sdr146992	}
2958Sdr146992
2958Sdr146992	if (net_data == NULL)
2393Syz155240		return -1;
2393Syz155240
2958Sdr146992	phyif = (phy_if_t)ifptr;
2393Syz155240
2393Syz155240	switch (atype)
2393Syz155240	{
2958Sdr146992	case FRI_PEERADDR :
2958Sdr146992		type[0] = NA_PEER;
2393Syz155240		break;
2958Sdr146992
2958Sdr146992	case FRI_BROADCAST :
2958Sdr146992		type[0] = NA_BROADCAST;
2393Syz155240		break;
2958Sdr146992
2393Syz155240	default :
2958Sdr146992		type[0] = NA_ADDRESS;
2393Syz155240		break;
2393Syz155240	}
2958Sdr146992
2958Sdr146992	type[1] = NA_NETMASK;
2393Syz155240
9876SDarren.Reed@Sun.COM	if (v == 6) {
9876SDarren.Reed@Sun.COM		lif_if_t idx = 0;
9876SDarren.Reed@Sun.COM
9876SDarren.Reed@Sun.COM		do {
9876SDarren.Reed@Sun.COM			idx = net_lifgetnext(net_data, phyif, idx);
9876SDarren.Reed@Sun.COM			if (net_getlifaddr(net_data, phyif, idx, 2, type,
9876SDarren.Reed@Sun.COM					   array) < 0)
9876SDarren.Reed@Sun.COM				return -1;
9876SDarren.Reed@Sun.COM			if (!IN6_IS_ADDR_LINKLOCAL(&v6addr[0].sin6_addr) &&
9876SDarren.Reed@Sun.COM			    !IN6_IS_ADDR_MULTICAST(&v6addr[0].sin6_addr))
9876SDarren.Reed@Sun.COM				break;
9876SDarren.Reed@Sun.COM		} while (idx != 0);
9876SDarren.Reed@Sun.COM
9876SDarren.Reed@Sun.COM		if (idx == 0)
9876SDarren.Reed@Sun.COM			return -1;
9876SDarren.Reed@Sun.COM
9876SDarren.Reed@Sun.COM		return fr_ifpfillv6addr(atype, &v6addr[0], &v6addr[1],
9876SDarren.Reed@Sun.COM					inp, inpmask);
9876SDarren.Reed@Sun.COM	}
9876SDarren.Reed@Sun.COM
2958Sdr146992	if (net_getlifaddr(net_data, phyif, 0, 2, type, array) < 0)
2393Syz155240		return -1;
2958Sdr146992
2958Sdr146992	return fr_ifpfillv4addr(atype, &v4addr[0], &v4addr[1], inp, inpmask);
2393Syz155240}
2393Syz155240
2393Syz155240
2393Syz155240u_32_t fr_newisn(fin)
2393Syz155240fr_info_t *fin;
2393Syz155240{
2393Syz155240	static int iss_seq_off = 0;
2393Syz155240	u_char hash[16];
2393Syz155240	u_32_t newiss;
2393Syz155240	MD5_CTX ctx;
3448Sdh155122	ipf_stack_t *ifs = fin->fin_ifs;
2393Syz155240
2393Syz155240	/*
2393Syz155240	 * Compute the base value of the ISS.  It is a hash
2393Syz155240	 * of (saddr, sport, daddr, dport, secret).
2393Syz155240	 */
2393Syz155240	MD5Init(&ctx);
2393Syz155240
2393Syz155240	MD5Update(&ctx, (u_char *) &fin->fin_fi.fi_src,
2393Syz155240		  sizeof(fin->fin_fi.fi_src));
2393Syz155240	MD5Update(&ctx, (u_char *) &fin->fin_fi.fi_dst,
2393Syz155240		  sizeof(fin->fin_fi.fi_dst));
2393Syz155240	MD5Update(&ctx, (u_char *) &fin->fin_dat, sizeof(fin->fin_dat));
2393Syz155240
3448Sdh155122	MD5Update(&ctx, ifs->ifs_ipf_iss_secret, sizeof(ifs->ifs_ipf_iss_secret));
2393Syz155240
2393Syz155240	MD5Final(hash, &ctx);
2393Syz155240
2393Syz155240	bcopy(hash, &newiss, sizeof(newiss));
2393Syz155240
2393Syz155240	/*
2393Syz155240	 * Now increment our "timer", and add it in to
2393Syz155240	 * the computed value.
2393Syz155240	 *
2393Syz155240	 * XXX Use `addin'?
2393Syz155240	 * XXX TCP_ISSINCR too large to use?
2393Syz155240	 */
2393Syz155240	iss_seq_off += 0x00010000;
2393Syz155240	newiss += iss_seq_off;
2393Syz155240	return newiss;
2393Syz155240}
2393Syz155240
2393Syz155240
2393Syz155240/* ------------------------------------------------------------------------ */
2393Syz155240/* Function:    fr_nextipid                                                 */
2393Syz155240/* Returns:     int - 0 == success, -1 == error (packet should be droppped) */
2393Syz155240/* Parameters:  fin(I) - pointer to packet information                      */
2393Syz155240/*                                                                          */
2393Syz155240/* Returns the next IPv4 ID to use for this packet.                         */
2393Syz155240/* ------------------------------------------------------------------------ */
2393Syz155240u_short fr_nextipid(fin)
2393Syz155240fr_info_t *fin;
2393Syz155240{
2393Syz155240	static u_short ipid = 0;
2393Syz155240	u_short id;
3448Sdh155122	ipf_stack_t *ifs = fin->fin_ifs;
2393Syz155240
3448Sdh155122	MUTEX_ENTER(&ifs->ifs_ipf_rw);
8624SDarren.Reed@Sun.COM	if (fin->fin_pktnum != 0) {
8624SDarren.Reed@Sun.COM		id = fin->fin_pktnum & 0xffff;
8624SDarren.Reed@Sun.COM	} else {
2393Syz155240		id = ipid++;
8624SDarren.Reed@Sun.COM	}
3448Sdh155122	MUTEX_EXIT(&ifs->ifs_ipf_rw);
2393Syz155240
2393Syz155240	return id;
2393Syz155240}
2393Syz155240
2393Syz155240
2393Syz155240#ifndef IPFILTER_CKSUM
2393Syz155240/* ARGSUSED */
2393Syz155240#endif
2393Syz155240INLINE void fr_checkv4sum(fin)
2393Syz155240fr_info_t *fin;
2393Syz155240{
2393Syz155240#ifdef IPFILTER_CKSUM
2393Syz155240	if (fr_checkl4sum(fin) == -1)
2393Syz155240		fin->fin_flx |= FI_BAD;
2393Syz155240#endif
2393Syz155240}
2393Syz155240
2393Syz155240
2393Syz155240#ifdef USE_INET6
2393Syz155240# ifndef IPFILTER_CKSUM
2393Syz155240/* ARGSUSED */
2393Syz155240# endif
2393Syz155240INLINE void fr_checkv6sum(fin)
2393Syz155240fr_info_t *fin;
2393Syz155240{
2393Syz155240# ifdef IPFILTER_CKSUM
2393Syz155240	if (fr_checkl4sum(fin) == -1)
2393Syz155240		fin->fin_flx |= FI_BAD;
2393Syz155240# endif
2393Syz155240}
2393Syz155240#endif /* USE_INET6 */
2393Syz155240
2393Syz155240
2393Syz155240#if (SOLARIS2 < 7)
2393Syz155240void fr_slowtimer()
2393Syz155240#else
2393Syz155240/*ARGSUSED*/
3448Sdh155122void fr_slowtimer __P((void *arg))
2393Syz155240#endif
2393Syz155240{
3448Sdh155122	ipf_stack_t *ifs = arg;
2393Syz155240
6274Sjojemann	READ_ENTER(&ifs->ifs_ipf_global);
6274Sjojemann	if (ifs->ifs_fr_running != 1) {
6274Sjojemann		ifs->ifs_fr_timer_id = NULL;
3448Sdh155122		RWLOCK_EXIT(&ifs->ifs_ipf_global);
2393Syz155240		return;
2393Syz155240	}
5941Szf203873	ipf_expiretokens(ifs);
3448Sdh155122	fr_fragexpire(ifs);
3448Sdh155122	fr_timeoutstate(ifs);
3448Sdh155122	fr_natexpire(ifs);
3448Sdh155122	fr_authexpire(ifs);
3448Sdh155122	ifs->ifs_fr_ticks++;
6274Sjojemann	if (ifs->ifs_fr_running == 1)
3448Sdh155122		ifs->ifs_fr_timer_id = timeout(fr_slowtimer, arg,
3448Sdh155122		    drv_usectohz(500000));
2393Syz155240	else
3448Sdh155122		ifs->ifs_fr_timer_id = NULL;
3448Sdh155122	RWLOCK_EXIT(&ifs->ifs_ipf_global);
2393Syz155240}
2393Syz155240
2393Syz155240
2393Syz155240/* ------------------------------------------------------------------------ */
2393Syz155240/* Function:    fr_pullup                                                   */
2393Syz155240/* Returns:     NULL == pullup failed, else pointer to protocol header      */
2393Syz155240/* Parameters:  m(I)   - pointer to buffer where data packet starts         */
2393Syz155240/*              fin(I) - pointer to packet information                      */
2393Syz155240/*              len(I) - number of bytes to pullup                          */
2393Syz155240/*                                                                          */
2393Syz155240/* Attempt to move at least len bytes (from the start of the buffer) into a */
2393Syz155240/* single buffer for ease of access.  Operating system native functions are */
2393Syz155240/* used to manage buffers - if necessary.  If the entire packet ends up in  */
2393Syz155240/* a single buffer, set the FI_COALESCE flag even though fr_coalesce() has  */
2393Syz155240/* not been called.  Both fin_ip and fin_dp are updated before exiting _IF_ */
2393Syz155240/* and ONLY if the pullup succeeds.                                         */
2393Syz155240/*                                                                          */
2393Syz155240/* We assume that 'min' is a pointer to a buffer that is part of the chain  */
2393Syz155240/* of buffers that starts at *fin->fin_mp.                                  */
2393Syz155240/* ------------------------------------------------------------------------ */
2393Syz155240void *fr_pullup(min, fin, len)
2393Syz155240mb_t *min;
2393Syz155240fr_info_t *fin;
2393Syz155240int len;
2393Syz155240{
2393Syz155240	qpktinfo_t *qpi = fin->fin_qpi;
2393Syz155240	int out = fin->fin_out, dpoff, ipoff;
2958Sdr146992	mb_t *m = min, *m1, *m2;
2393Syz155240	char *ip;
3007Sdr146992	uint32_t start, stuff, end, value, flags;
3448Sdh155122	ipf_stack_t *ifs = fin->fin_ifs;
2393Syz155240
2393Syz155240	if (m == NULL)
2393Syz155240		return NULL;
2393Syz155240
2393Syz155240	ip = (char *)fin->fin_ip;
2393Syz155240	if ((fin->fin_flx & FI_COALESCE) != 0)
2393Syz155240		return ip;
2393Syz155240
2393Syz155240	ipoff = fin->fin_ipoff;
2393Syz155240	if (fin->fin_dp != NULL)
2393Syz155240		dpoff = (char *)fin->fin_dp - (char *)ip;
2393Syz155240	else
2393Syz155240		dpoff = 0;
2393Syz155240
7704SAlexandr.Nedvedicky@Sun.COM	if (M_LEN(m) < len + ipoff) {
2393Syz155240
2393Syz155240		/*
2393Syz155240		 * pfil_precheck ensures the IP header is on a 32bit
2393Syz155240		 * aligned address so simply fail if that isn't currently
2393Syz155240		 * the case (should never happen).
2393Syz155240		 */
2393Syz155240		int inc = 0;
2393Syz155240
2393Syz155240		if (ipoff > 0) {
2393Syz155240			if ((ipoff & 3) != 0) {
2393Syz155240				inc = 4 - (ipoff & 3);
2393Syz155240				if (m->b_rptr - inc >= m->b_datap->db_base)
2393Syz155240					m->b_rptr -= inc;
2393Syz155240				else
2393Syz155240					inc = 0;
2393Syz155240			}
2393Syz155240		}
2958Sdr146992
2958Sdr146992		/*
2958Sdr146992		 * XXX This is here as a work around for a bug with DEBUG
2958Sdr146992		 * XXX Solaris kernels.  The problem is b_prev is used by IP
2958Sdr146992		 * XXX code as a way to stash the phyint_index for a packet,
2958Sdr146992		 * XXX this doesn't get reset by IP but freeb does an ASSERT()
2958Sdr146992		 * XXX for both of these to be NULL.  See 6442390.
2958Sdr146992		 */
2958Sdr146992		m1 = m;
2958Sdr146992		m2 = m->b_prev;
2958Sdr146992
2958Sdr146992		do {
2958Sdr146992			m1->b_next = NULL;
2958Sdr146992			m1->b_prev = NULL;
2958Sdr146992			m1 = m1->b_cont;
2958Sdr146992		} while (m1);
3007Sdr146992
3007Sdr146992		/*
3007Sdr146992		 * Need to preserve checksum information by copying them
3007Sdr146992		 * to newmp which heads the pulluped message.
3007Sdr146992		 */
3007Sdr146992		hcksum_retrieve(m, NULL, NULL, &start, &stuff, &end,
3007Sdr146992		    &value, &flags);
3007Sdr146992
2393Syz155240		if (pullupmsg(m, len + ipoff + inc) == 0) {
3448Sdh155122			ATOMIC_INCL(ifs->ifs_frstats[out].fr_pull[1]);
2393Syz155240			FREE_MB_T(*fin->fin_mp);
2393Syz155240			*fin->fin_mp = NULL;
2393Syz155240			fin->fin_m = NULL;
2393Syz155240			fin->fin_ip = NULL;
2393Syz155240			fin->fin_dp = NULL;
2393Syz155240			qpi->qpi_data = NULL;
2393Syz155240			return NULL;
2393Syz155240		}
3007Sdr146992
3007Sdr146992		(void) hcksum_assoc(m, NULL, NULL, start, stuff, end,
3007Sdr146992		    value, flags, 0);
3007Sdr146992
2958Sdr146992		m->b_prev = m2;
2393Syz155240		m->b_rptr += inc;
2393Syz155240		fin->fin_m = m;
2393Syz155240		ip = MTOD(m, char *) + ipoff;
2393Syz155240		qpi->qpi_data = ip;
2393Syz155240	}
2393Syz155240
3448Sdh155122	ATOMIC_INCL(ifs->ifs_frstats[out].fr_pull[0]);
2393Syz155240	fin->fin_ip = (ip_t *)ip;
2393Syz155240	if (fin->fin_dp != NULL)
2393Syz155240		fin->fin_dp = (char *)fin->fin_ip + dpoff;
2393Syz155240
2393Syz155240	if (len == fin->fin_plen)
2393Syz155240		fin->fin_flx |= FI_COALESCE;
2393Syz155240	return ip;
2393Syz155240}
2958Sdr146992
2958Sdr146992
2958Sdr146992/*
2958Sdr146992 * Function:	fr_verifysrc
2958Sdr146992 * Returns:	int (really boolean)
2958Sdr146992 * Parameters:	fin - packet information
2958Sdr146992 *
2958Sdr146992 * Check whether the packet has a valid source address for the interface on
2958Sdr146992 * which the packet arrived, implementing the "fr_chksrc" feature.
2958Sdr146992 * Returns true iff the packet's source address is valid.
2958Sdr146992 */
2958Sdr146992int fr_verifysrc(fin)
2958Sdr146992fr_info_t *fin;
2958Sdr146992{
7513SDarren.Reed@Sun.COM	net_handle_t net_data_p;
2958Sdr146992	phy_if_t phy_ifdata_routeto;
2958Sdr146992	struct sockaddr	sin;
3448Sdh155122	ipf_stack_t *ifs = fin->fin_ifs;
2958Sdr146992
2958Sdr146992	if (fin->fin_v == 4) {
3448Sdh155122		net_data_p = ifs->ifs_ipf_ipv4;
2958Sdr146992	} else if (fin->fin_v == 6) {
3448Sdh155122		net_data_p = ifs->ifs_ipf_ipv6;
2958Sdr146992	} else {
2958Sdr146992		return (0);
2958Sdr146992	}
2958Sdr146992
2958Sdr146992	/* Get the index corresponding to the if name */
2958Sdr146992	sin.sa_family = (fin->fin_v == 4) ? AF_INET : AF_INET6;
2958Sdr146992	bcopy(&fin->fin_saddr, &sin.sa_data, sizeof (struct in_addr));
7513SDarren.Reed@Sun.COM	phy_ifdata_routeto = net_routeto(net_data_p, &sin, NULL);
2958Sdr146992
2958Sdr146992	return (((phy_if_t)fin->fin_ifp == phy_ifdata_routeto) ? 1 : 0);
2958Sdr146992}
2958Sdr146992
2958Sdr146992
2958Sdr146992/*
2958Sdr146992 * Function:	fr_fastroute
2958Sdr146992 * Returns:	 0: success;
2958Sdr146992 *		-1: failed
2958Sdr146992 * Parameters:
2958Sdr146992 *	mb: the message block where ip head starts
2958Sdr146992 *	mpp: the pointer to the pointer of the orignal
2958Sdr146992 *		packet message
2958Sdr146992 *	fin: packet information
2958Sdr146992 *	fdp: destination interface information
2958Sdr146992 *	if it is NULL, no interface information provided.
2958Sdr146992 *
2958Sdr146992 * This function is for fastroute/to/dup-to rules. It calls
2958Sdr146992 * pfil_make_lay2_packet to search route, make lay-2 header
2958Sdr146992 * ,and identify output queue for the IP packet.
2958Sdr146992 * The destination address depends on the following conditions:
2958Sdr146992 * 1: for fastroute rule, fdp is passed in as NULL, so the
2958Sdr146992 *	destination address is the IP Packet's destination address
2958Sdr146992 * 2: for to/dup-to rule, if an ip address is specified after
2958Sdr146992 *	the interface name, this address is the as destination
2958Sdr146992 *	address. Otherwise IP Packet's destination address is used
2958Sdr146992 */
2958Sdr146992int fr_fastroute(mb, mpp, fin, fdp)
2958Sdr146992mblk_t *mb, **mpp;
2958Sdr146992fr_info_t *fin;
2958Sdr146992frdest_t *fdp;
2958Sdr146992{
7513SDarren.Reed@Sun.COM        net_handle_t net_data_p;
7513SDarren.Reed@Sun.COM	net_inject_t *inj;
2958Sdr146992	mblk_t *mp = NULL;
2958Sdr146992	frentry_t *fr = fin->fin_fr;
2958Sdr146992	qpktinfo_t *qpi;
2958Sdr146992	ip_t *ip;
2958Sdr146992
2958Sdr146992	struct sockaddr_in *sin;
2958Sdr146992	struct sockaddr_in6 *sin6;
2958Sdr146992	struct sockaddr *sinp;
3448Sdh155122	ipf_stack_t *ifs = fin->fin_ifs;
2958Sdr146992#ifndef	sparc
2958Sdr146992	u_short __iplen, __ipoff;
2958Sdr146992#endif
2958Sdr146992
2958Sdr146992	if (fin->fin_v == 4) {
3448Sdh155122		net_data_p = ifs->ifs_ipf_ipv4;
2958Sdr146992	} else if (fin->fin_v == 6) {
3448Sdh155122		net_data_p = ifs->ifs_ipf_ipv6;
2958Sdr146992	} else {
2958Sdr146992		return (-1);
2958Sdr146992	}
2958Sdr146992
7513SDarren.Reed@Sun.COM	inj = net_inject_alloc(NETINFO_VERSION);
7513SDarren.Reed@Sun.COM	if (inj == NULL)
7513SDarren.Reed@Sun.COM		return -1;
7513SDarren.Reed@Sun.COM
2958Sdr146992	ip = fin->fin_ip;
2958Sdr146992	qpi = fin->fin_qpi;
2958Sdr146992
2958Sdr146992	/*
2958Sdr146992	 * If this is a duplicate mblk then we want ip to point at that
2958Sdr146992	 * data, not the original, if and only if it is already pointing at
2958Sdr146992	 * the current mblk data.
2958Sdr146992	 *
2958Sdr146992	 * Otherwise, if it's not a duplicate, and we're not already pointing
2958Sdr146992	 * at the current mblk data, then we want to ensure that the data
2958Sdr146992	 * points at ip.
2958Sdr146992	 */
2958Sdr146992
2958Sdr146992	if ((ip == (ip_t *)qpi->qpi_m->b_rptr) && (qpi->qpi_m != mb)) {
2958Sdr146992		ip = (ip_t *)mb->b_rptr;
2958Sdr146992	} else if ((qpi->qpi_m == mb) && (ip != (ip_t *)qpi->qpi_m->b_rptr)) {
2958Sdr146992		qpi->qpi_m->b_rptr = (uchar_t *)ip;
2958Sdr146992		qpi->qpi_off = 0;
2958Sdr146992	}
2958Sdr146992
2958Sdr146992	/*
2958Sdr146992	 * If there is another M_PROTO, we don't want it
2958Sdr146992	 */
2958Sdr146992	if (*mpp != mb) {
2958Sdr146992		mp = unlinkb(*mpp);
2958Sdr146992		freeb(*mpp);
2958Sdr146992		*mpp = mp;
2958Sdr146992	}
2958Sdr146992
7513SDarren.Reed@Sun.COM	sinp = (struct sockaddr *)&inj->ni_addr;
2958Sdr146992	sin = (struct sockaddr_in *)sinp;
2958Sdr146992	sin6 = (struct sockaddr_in6 *)sinp;
7513SDarren.Reed@Sun.COM	bzero((char *)&inj->ni_addr, sizeof (inj->ni_addr));
7513SDarren.Reed@Sun.COM	inj->ni_addr.ss_family = (fin->fin_v == 4) ? AF_INET : AF_INET6;
7513SDarren.Reed@Sun.COM	inj->ni_packet = mb;
2958Sdr146992
2958Sdr146992	/*
2958Sdr146992	 * In case we're here due to "to <if>" being used with
2958Sdr146992	 * "keep state", check that we're going in the correct
2958Sdr146992	 * direction.
2958Sdr146992	 */
2958Sdr146992	if (fdp != NULL) {
2958Sdr146992		if ((fr != NULL) && (fdp->fd_ifp != NULL) &&
2958Sdr146992			(fin->fin_rev != 0) && (fdp == &fr->fr_tif))
2958Sdr146992			goto bad_fastroute;
7513SDarren.Reed@Sun.COM		inj->ni_physical = (phy_if_t)fdp->fd_ifp;
2958Sdr146992		if (fin->fin_v == 4) {
2958Sdr146992			sin->sin_addr = fdp->fd_ip;
2958Sdr146992		} else {
2958Sdr146992			sin6->sin6_addr = fdp->fd_ip6.in6;
2958Sdr146992		}
2958Sdr146992	} else {
2958Sdr146992		if (fin->fin_v == 4) {
2958Sdr146992			sin->sin_addr = ip->ip_dst;
2958Sdr146992		} else {
2958Sdr146992			sin6->sin6_addr = ((ip6_t *)ip)->ip6_dst;
2958Sdr146992		}
7513SDarren.Reed@Sun.COM		inj->ni_physical = net_routeto(net_data_p, sinp, NULL);
2958Sdr146992	}
2958Sdr146992
4482Sdr146992	/*
4482Sdr146992	 * Clear the hardware checksum flags from packets that we are doing
4482Sdr146992	 * input processing on as leaving them set will cause the outgoing
4482Sdr146992	 * NIC (if it supports hardware checksum) to calculate them anew,
4482Sdr146992	 * using the old (correct) checksums as the pseudo value to start
4482Sdr146992	 * from.
4482Sdr146992	 */
4482Sdr146992	if (fin->fin_out == 0) {
4482Sdr146992		DB_CKSUMFLAGS(mb) = 0;
4482Sdr146992	}
2958Sdr146992
2958Sdr146992	*mpp = mb;
2958Sdr146992
2958Sdr146992	if (fin->fin_out == 0) {
2958Sdr146992		void *saveifp;
2958Sdr146992		u_32_t pass;
2958Sdr146992
2958Sdr146992		saveifp = fin->fin_ifp;
7513SDarren.Reed@Sun.COM		fin->fin_ifp = (void *)inj->ni_physical;
3894Sjojemann		fin->fin_flx &= ~FI_STATE;
2958Sdr146992		fin->fin_out = 1;
2958Sdr146992		(void) fr_acctpkt(fin, &pass);
2958Sdr146992		fin->fin_fr = NULL;
2958Sdr146992		if (!fr || !(fr->fr_flags & FR_RETMASK))
2958Sdr146992			(void) fr_checkstate(fin, &pass);
3894Sjojemann		if (fr_checknatout(fin, NULL) == -1)
2958Sdr146992			goto bad_fastroute;
2958Sdr146992		fin->fin_out = 0;
2958Sdr146992		fin->fin_ifp = saveifp;
2958Sdr146992	}
2958Sdr146992#ifndef	sparc
2958Sdr146992	if (fin->fin_v == 4) {
2958Sdr146992		__iplen = (u_short)ip->ip_len,
2958Sdr146992		__ipoff = (u_short)ip->ip_off;
2958Sdr146992
2958Sdr146992		ip->ip_len = htons(__iplen);
2958Sdr146992		ip->ip_off = htons(__ipoff);
2958Sdr146992	}
2958Sdr146992#endif
2958Sdr146992
2958Sdr146992	if (net_data_p) {
7513SDarren.Reed@Sun.COM		if (net_inject(net_data_p, NI_DIRECT_OUT, inj) < 0) {
7513SDarren.Reed@Sun.COM			net_inject_free(inj);
2958Sdr146992			return (-1);
2958Sdr146992		}
2958Sdr146992	}
2958Sdr146992
3448Sdh155122	ifs->ifs_fr_frouteok[0]++;
7513SDarren.Reed@Sun.COM	net_inject_free(inj);
2958Sdr146992	return 0;
2958Sdr146992bad_fastroute:
7513SDarren.Reed@Sun.COM	net_inject_free(inj);
2958Sdr146992	freemsg(mb);
3448Sdh155122	ifs->ifs_fr_frouteok[1]++;
2958Sdr146992	return -1;
2958Sdr146992}
2958Sdr146992
2958Sdr146992
2958Sdr146992/* ------------------------------------------------------------------------ */
7513SDarren.Reed@Sun.COM/* Function:    ipf_hook4_out                                               */
2958Sdr146992/* Returns:     int - 0 == packet ok, else problem, free packet if not done */
2958Sdr146992/* Parameters:  event(I)     - pointer to event                             */
2958Sdr146992/*              info(I)      - pointer to hook information for firewalling  */
2958Sdr146992/*                                                                          */
2958Sdr146992/* Calling ipf_hook.                                                        */
2958Sdr146992/* ------------------------------------------------------------------------ */
2958Sdr146992/*ARGSUSED*/
7513SDarren.Reed@Sun.COMint ipf_hook4_out(hook_event_token_t token, hook_data_t info, void *arg)
2958Sdr146992{
7513SDarren.Reed@Sun.COM	return ipf_hook(info, 1, 0, arg);
7131Sdr146992}
7131Sdr146992/*ARGSUSED*/
7513SDarren.Reed@Sun.COMint ipf_hook6_out(hook_event_token_t token, hook_data_t info, void *arg)
7131Sdr146992{
7513SDarren.Reed@Sun.COM	return ipf_hook6(info, 1, 0, arg);
2958Sdr146992}
2958Sdr146992
2958Sdr146992/* ------------------------------------------------------------------------ */
7513SDarren.Reed@Sun.COM/* Function:    ipf_hook4_in                                                */
2958Sdr146992/* Returns:     int - 0 == packet ok, else problem, free packet if not done */
2958Sdr146992/* Parameters:  event(I)     - pointer to event                             */
2958Sdr146992/*              info(I)      - pointer to hook information for firewalling  */
2958Sdr146992/*                                                                          */
2958Sdr146992/* Calling ipf_hook.                                                        */
2958Sdr146992/* ------------------------------------------------------------------------ */
2958Sdr146992/*ARGSUSED*/
7513SDarren.Reed@Sun.COMint ipf_hook4_in(hook_event_token_t token, hook_data_t info, void *arg)
2958Sdr146992{
7513SDarren.Reed@Sun.COM	return ipf_hook(info, 0, 0, arg);
7131Sdr146992}
7131Sdr146992/*ARGSUSED*/
7513SDarren.Reed@Sun.COMint ipf_hook6_in(hook_event_token_t token, hook_data_t info, void *arg)
7131Sdr146992{
7513SDarren.Reed@Sun.COM	return ipf_hook6(info, 0, 0, arg);
2958Sdr146992}
2958Sdr146992
2958Sdr146992
2958Sdr146992/* ------------------------------------------------------------------------ */
7513SDarren.Reed@Sun.COM/* Function:    ipf_hook4_loop_out                                          */
2958Sdr146992/* Returns:     int - 0 == packet ok, else problem, free packet if not done */
2958Sdr146992/* Parameters:  event(I)     - pointer to event                             */
2958Sdr146992/*              info(I)      - pointer to hook information for firewalling  */
2958Sdr146992/*                                                                          */
2958Sdr146992/* Calling ipf_hook.                                                        */
2958Sdr146992/* ------------------------------------------------------------------------ */
2958Sdr146992/*ARGSUSED*/
7513SDarren.Reed@Sun.COMint ipf_hook4_loop_out(hook_event_token_t token, hook_data_t info, void *arg)
2958Sdr146992{
7513SDarren.Reed@Sun.COM	return ipf_hook(info, 1, FI_NOCKSUM, arg);
7131Sdr146992}
7131Sdr146992/*ARGSUSED*/
7513SDarren.Reed@Sun.COMint ipf_hook6_loop_out(hook_event_token_t token, hook_data_t info, void *arg)
7131Sdr146992{
7513SDarren.Reed@Sun.COM	return ipf_hook6(info, 1, FI_NOCKSUM, arg);
2958Sdr146992}
2958Sdr146992
2958Sdr146992/* ------------------------------------------------------------------------ */
7704SAlexandr.Nedvedicky@Sun.COM/* Function:    ipf_hook4_loop_in                                           */
2958Sdr146992/* Returns:     int - 0 == packet ok, else problem, free packet if not done */
2958Sdr146992/* Parameters:  event(I)     - pointer to event                             */
2958Sdr146992/*              info(I)      - pointer to hook information for firewalling  */
2958Sdr146992/*                                                                          */
2958Sdr146992/* Calling ipf_hook.                                                        */
2958Sdr146992/* ------------------------------------------------------------------------ */
2958Sdr146992/*ARGSUSED*/
7704SAlexandr.Nedvedicky@Sun.COMint ipf_hook4_loop_in(hook_event_token_t token, hook_data_t info, void *arg)
2958Sdr146992{
7513SDarren.Reed@Sun.COM	return ipf_hook(info, 0, FI_NOCKSUM, arg);
7131Sdr146992}
7131Sdr146992/*ARGSUSED*/
7513SDarren.Reed@Sun.COMint ipf_hook6_loop_in(hook_event_token_t token, hook_data_t info, void *arg)
7131Sdr146992{
7513SDarren.Reed@Sun.COM	return ipf_hook6(info, 0, FI_NOCKSUM, arg);
2958Sdr146992}
2958Sdr146992
2958Sdr146992/* ------------------------------------------------------------------------ */
2958Sdr146992/* Function:    ipf_hook                                                    */
2958Sdr146992/* Returns:     int - 0 == packet ok, else problem, free packet if not done */
2958Sdr146992/* Parameters:  info(I)      - pointer to hook information for firewalling  */
2958Sdr146992/*              out(I)       - whether packet is going in or out            */
2958Sdr146992/*              loopback(I)  - whether packet is a loopback packet or not   */
2958Sdr146992/*                                                                          */
2958Sdr146992/* Stepping stone function between the IP mainline and IPFilter.  Extracts  */
2958Sdr146992/* parameters out of the info structure and forms them up to be useful for  */
2958Sdr146992/* calling ipfilter.                                                        */
2958Sdr146992/* ------------------------------------------------------------------------ */
7513SDarren.Reed@Sun.COMint ipf_hook(hook_data_t info, int out, int loopback, void *arg)
2958Sdr146992{
2958Sdr146992	hook_pkt_event_t *fw;
7513SDarren.Reed@Sun.COM	ipf_stack_t *ifs;
7513SDarren.Reed@Sun.COM	qpktinfo_t qpi;
7131Sdr146992	int rval, hlen;
2958Sdr146992	u_short swap;
2958Sdr146992	phy_if_t phy;
2958Sdr146992	ip_t *ip;
2958Sdr146992
7513SDarren.Reed@Sun.COM	ifs = arg;
2958Sdr146992	fw = (hook_pkt_event_t *)info;
2958Sdr146992
2958Sdr146992	ASSERT(fw != NULL);
2958Sdr146992	phy = (out == 0) ? fw->hpe_ifp : fw->hpe_ofp;
2958Sdr146992
2958Sdr146992	ip = fw->hpe_hdr;
7131Sdr146992	swap = ntohs(ip->ip_len);
7131Sdr146992	ip->ip_len = swap;
7131Sdr146992	swap = ntohs(ip->ip_off);
7131Sdr146992	ip->ip_off = swap;
7131Sdr146992	hlen = IPH_HDR_LENGTH(ip);
2958Sdr146992
2958Sdr146992	qpi.qpi_m = fw->hpe_mb;
2958Sdr146992	qpi.qpi_data = fw->hpe_hdr;
2958Sdr146992	qpi.qpi_off = (char *)qpi.qpi_data - (char *)fw->hpe_mb->b_rptr;
2958Sdr146992	qpi.qpi_ill = (void *)phy;
7131Sdr146992	qpi.qpi_flags = fw->hpe_flags & (HPE_MULTICAST|HPE_BROADCAST);
7131Sdr146992	if (qpi.qpi_flags)
7131Sdr146992		qpi.qpi_flags |= FI_MBCAST;
7131Sdr146992	qpi.qpi_flags |= loopback;
2958Sdr146992
3448Sdh155122	rval = fr_check(fw->hpe_hdr, hlen, qpi.qpi_ill, out,
7513SDarren.Reed@Sun.COM	    &qpi, fw->hpe_mp, ifs);
2958Sdr146992
2958Sdr146992	/* For fastroute cases, fr_check returns 0 with mp set to NULL */
2958Sdr146992	if (rval == 0 && *(fw->hpe_mp) == NULL)
2958Sdr146992		rval = 1;
2958Sdr146992
7131Sdr146992	/* Notify IP the packet mblk_t and IP header pointers. */
2958Sdr146992	fw->hpe_mb = qpi.qpi_m;
2958Sdr146992	fw->hpe_hdr = qpi.qpi_data;
7131Sdr146992	if (rval == 0) {
2958Sdr146992		ip = qpi.qpi_data;
2958Sdr146992		swap = ntohs(ip->ip_len);
2958Sdr146992		ip->ip_len = swap;
2958Sdr146992		swap = ntohs(ip->ip_off);
2958Sdr146992		ip->ip_off = swap;
2958Sdr146992	}
2958Sdr146992	return rval;
2958Sdr146992
2958Sdr146992}
7513SDarren.Reed@Sun.COMint ipf_hook6(hook_data_t info, int out, int loopback, void *arg)
7131Sdr146992{
7131Sdr146992	hook_pkt_event_t *fw;
7131Sdr146992	int rval, hlen;
7131Sdr146992	qpktinfo_t qpi;
7131Sdr146992	phy_if_t phy;
7131Sdr146992
7131Sdr146992	fw = (hook_pkt_event_t *)info;
7131Sdr146992
7131Sdr146992	ASSERT(fw != NULL);
7131Sdr146992	phy = (out == 0) ? fw->hpe_ifp : fw->hpe_ofp;
7131Sdr146992
7131Sdr146992	hlen = sizeof (ip6_t);
7131Sdr146992
7131Sdr146992	qpi.qpi_m = fw->hpe_mb;
7131Sdr146992	qpi.qpi_data = fw->hpe_hdr;
7131Sdr146992	qpi.qpi_off = (char *)qpi.qpi_data - (char *)fw->hpe_mb->b_rptr;
7131Sdr146992	qpi.qpi_ill = (void *)phy;
7131Sdr146992	qpi.qpi_flags = fw->hpe_flags & (HPE_MULTICAST|HPE_BROADCAST);
7131Sdr146992	if (qpi.qpi_flags)
7131Sdr146992		qpi.qpi_flags |= FI_MBCAST;
7131Sdr146992	qpi.qpi_flags |= loopback;
7131Sdr146992
7131Sdr146992	rval = fr_check(fw->hpe_hdr, hlen, qpi.qpi_ill, out,
7513SDarren.Reed@Sun.COM	    &qpi, fw->hpe_mp, arg);
7131Sdr146992
7131Sdr146992	/* For fastroute cases, fr_check returns 0 with mp set to NULL */
7131Sdr146992	if (rval == 0 && *(fw->hpe_mp) == NULL)
7131Sdr146992		rval = 1;
7131Sdr146992
7131Sdr146992	/* Notify IP the packet mblk_t and IP header pointers. */
7131Sdr146992	fw->hpe_mb = qpi.qpi_m;
7131Sdr146992	fw->hpe_hdr = qpi.qpi_data;
7131Sdr146992	return rval;
7131Sdr146992
7131Sdr146992}
2958Sdr146992
2958Sdr146992
2958Sdr146992/* ------------------------------------------------------------------------ */
2958Sdr146992/* Function:    ipf_nic_event_v4                                            */
2958Sdr146992/* Returns:     int - 0 == no problems encountered                          */
2958Sdr146992/* Parameters:  event(I)     - pointer to event                             */
2958Sdr146992/*              info(I)      - pointer to information about a NIC event     */
2958Sdr146992/*                                                                          */
2958Sdr146992/* Function to receive asynchronous NIC events from IP                      */
2958Sdr146992/* ------------------------------------------------------------------------ */
2958Sdr146992/*ARGSUSED*/
7513SDarren.Reed@Sun.COMint ipf_nic_event_v4(hook_event_token_t event, hook_data_t info, void *arg)
2958Sdr146992{
2958Sdr146992	struct sockaddr_in *sin;
2958Sdr146992	hook_nic_event_t *hn;
7513SDarren.Reed@Sun.COM	ipf_stack_t *ifs = arg;
11105SAlexandr.Nedvedicky@Sun.COM	void *new_ifp = NULL;
11105SAlexandr.Nedvedicky@Sun.COM
11105SAlexandr.Nedvedicky@Sun.COM	if (ifs->ifs_fr_running <= 0)
11105SAlexandr.Nedvedicky@Sun.COM		return (0);
2958Sdr146992
2958Sdr146992	hn = (hook_nic_event_t *)info;
2958Sdr146992
2958Sdr146992	switch (hn->hne_event)
2958Sdr146992	{
2958Sdr146992	case NE_PLUMB :
4118Sdr146992		frsync(IPFSYNC_NEWIFP, 4, (void *)hn->hne_nic, hn->hne_data,
7176Syx160601		       ifs);
7176Syx160601		fr_natifpsync(IPFSYNC_NEWIFP, 4, (void *)hn->hne_nic,
3448Sdh155122			      hn->hne_data, ifs);
2958Sdr146992		fr_statesync(IPFSYNC_NEWIFP, 4, (void *)hn->hne_nic,
3448Sdh155122			     hn->hne_data, ifs);
2958Sdr146992		break;
2958Sdr146992
2958Sdr146992	case NE_UNPLUMB :
3448Sdh155122		frsync(IPFSYNC_OLDIFP, 4, (void *)hn->hne_nic, NULL, ifs);
7176Syx160601		fr_natifpsync(IPFSYNC_OLDIFP, 4, (void *)hn->hne_nic, NULL,
7176Syx160601			      ifs);
3448Sdh155122		fr_statesync(IPFSYNC_OLDIFP, 4, (void *)hn->hne_nic, NULL, ifs);
2958Sdr146992		break;
2958Sdr146992
2958Sdr146992	case NE_ADDRESS_CHANGE :
4118Sdr146992		/*
4118Sdr146992		 * We only respond to events for logical interface 0 because
4118Sdr146992		 * IPFilter only uses the first address given to a network
4118Sdr146992		 * interface.  We check for hne_lif==1 because the netinfo
4118Sdr146992		 * code maps adds 1 to the lif number so that it can return
4118Sdr146992		 * 0 to indicate "no more lifs" when walking them.
4118Sdr146992		 */
4118Sdr146992		if (hn->hne_lif == 1) {
4118Sdr146992			frsync(IPFSYNC_RESYNC, 4, (void *)hn->hne_nic, NULL,
4118Sdr146992			    ifs);
4118Sdr146992			sin = hn->hne_data;
7176Syx160601			fr_nataddrsync(4, (void *)hn->hne_nic, &sin->sin_addr,
4118Sdr146992			    ifs);
4118Sdr146992		}
2958Sdr146992		break;
2958Sdr146992
11105SAlexandr.Nedvedicky@Sun.COM#if SOLARIS2 >= 10
11105SAlexandr.Nedvedicky@Sun.COM	case NE_IFINDEX_CHANGE :
11105SAlexandr.Nedvedicky@Sun.COM		WRITE_ENTER(&ifs->ifs_ipf_mutex);
11105SAlexandr.Nedvedicky@Sun.COM
11105SAlexandr.Nedvedicky@Sun.COM		if (hn->hne_data != NULL) {
11105SAlexandr.Nedvedicky@Sun.COM			/*
11105SAlexandr.Nedvedicky@Sun.COM			 * The netinfo passes interface index as int (hne_data should be
11105SAlexandr.Nedvedicky@Sun.COM			 * handled as a pointer to int), which is always 32bit. We need to
11105SAlexandr.Nedvedicky@Sun.COM			 * convert it to void pointer here, since interfaces are
11105SAlexandr.Nedvedicky@Sun.COM			 * represented as pointers to void in IPF. The pointers are 64 bits
11105SAlexandr.Nedvedicky@Sun.COM			 * long on 64bit platforms. Doing something like
11105SAlexandr.Nedvedicky@Sun.COM			 *	(void *)((int) x)
11105SAlexandr.Nedvedicky@Sun.COM			 * will throw warning:
11105SAlexandr.Nedvedicky@Sun.COM			 *   "cast to pointer from integer of different size"
11105SAlexandr.Nedvedicky@Sun.COM			 * during 64bit compilation.
11105SAlexandr.Nedvedicky@Sun.COM			 *
11105SAlexandr.Nedvedicky@Sun.COM			 * The line below uses (size_t) to typecast int to
11105SAlexandr.Nedvedicky@Sun.COM			 * size_t, which might be 64bit/32bit (depending
11105SAlexandr.Nedvedicky@Sun.COM			 * on architecture). Once we have proper 64bit/32bit
11105SAlexandr.Nedvedicky@Sun.COM			 * type (size_t), we can safely convert it to void pointer.
11105SAlexandr.Nedvedicky@Sun.COM			 */
11105SAlexandr.Nedvedicky@Sun.COM			new_ifp = (void *)(size_t)*((int *)hn->hne_data);
11105SAlexandr.Nedvedicky@Sun.COM			fr_ifindexsync((void *)hn->hne_nic, new_ifp, ifs);
11105SAlexandr.Nedvedicky@Sun.COM			fr_natifindexsync((void *)hn->hne_nic, new_ifp, ifs);
11105SAlexandr.Nedvedicky@Sun.COM			fr_stateifindexsync((void *)hn->hne_nic, new_ifp, ifs);
11105SAlexandr.Nedvedicky@Sun.COM		}
11105SAlexandr.Nedvedicky@Sun.COM		RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
11105SAlexandr.Nedvedicky@Sun.COM		break;
11105SAlexandr.Nedvedicky@Sun.COM#endif
11105SAlexandr.Nedvedicky@Sun.COM
2958Sdr146992	default :
2958Sdr146992		break;
2958Sdr146992	}
2958Sdr146992
2958Sdr146992	return 0;
2958Sdr146992}
2958Sdr146992
2958Sdr146992
2958Sdr146992/* ------------------------------------------------------------------------ */
2958Sdr146992/* Function:    ipf_nic_event_v6                                            */
2958Sdr146992/* Returns:     int - 0 == no problems encountered                          */
2958Sdr146992/* Parameters:  event(I)     - pointer to event                             */
2958Sdr146992/*              info(I)      - pointer to information about a NIC event     */
2958Sdr146992/*                                                                          */
2958Sdr146992/* Function to receive asynchronous NIC events from IP                      */
2958Sdr146992/* ------------------------------------------------------------------------ */
2958Sdr146992/*ARGSUSED*/
7513SDarren.Reed@Sun.COMint ipf_nic_event_v6(hook_event_token_t event, hook_data_t info, void *arg)
2958Sdr146992{
7176Syx160601	struct sockaddr_in6 *sin6;
2958Sdr146992	hook_nic_event_t *hn;
7513SDarren.Reed@Sun.COM	ipf_stack_t *ifs = arg;
11105SAlexandr.Nedvedicky@Sun.COM	void *new_ifp = NULL;
11105SAlexandr.Nedvedicky@Sun.COM
11105SAlexandr.Nedvedicky@Sun.COM	if (ifs->ifs_fr_running <= 0)
11105SAlexandr.Nedvedicky@Sun.COM		return (0);
2958Sdr146992
2958Sdr146992	hn = (hook_nic_event_t *)info;
2958Sdr146992
2958Sdr146992	switch (hn->hne_event)
2958Sdr146992	{
2958Sdr146992	case NE_PLUMB :
7176Syx160601		frsync(IPFSYNC_NEWIFP, 6, (void *)hn->hne_nic,
7176Syx160601		       hn->hne_data, ifs);
7176Syx160601		fr_natifpsync(IPFSYNC_NEWIFP, 6, (void *)hn->hne_nic,
7176Syx160601			      hn->hne_data, ifs);
2958Sdr146992		fr_statesync(IPFSYNC_NEWIFP, 6, (void *)hn->hne_nic,
3448Sdh155122			     hn->hne_data, ifs);
2958Sdr146992		break;
2958Sdr146992
2958Sdr146992	case NE_UNPLUMB :
3448Sdh155122		frsync(IPFSYNC_OLDIFP, 6, (void *)hn->hne_nic, NULL, ifs);
7176Syx160601		fr_natifpsync(IPFSYNC_OLDIFP, 6, (void *)hn->hne_nic, NULL,
7176Syx160601			      ifs);
3448Sdh155122		fr_statesync(IPFSYNC_OLDIFP, 6, (void *)hn->hne_nic, NULL, ifs);
2958Sdr146992		break;
2958Sdr146992
2958Sdr146992	case NE_ADDRESS_CHANGE :
7176Syx160601		if (hn->hne_lif == 1) {
7176Syx160601			sin6 = hn->hne_data;
7176Syx160601			fr_nataddrsync(6, (void *)hn->hne_nic, &sin6->sin6_addr,
7176Syx160601				       ifs);
7176Syx160601		}
2958Sdr146992		break;
11105SAlexandr.Nedvedicky@Sun.COM
11105SAlexandr.Nedvedicky@Sun.COM#if SOLARIS2 >= 10
11105SAlexandr.Nedvedicky@Sun.COM	case NE_IFINDEX_CHANGE :
11105SAlexandr.Nedvedicky@Sun.COM		WRITE_ENTER(&ifs->ifs_ipf_mutex);
11105SAlexandr.Nedvedicky@Sun.COM		if (hn->hne_data != NULL) {
11105SAlexandr.Nedvedicky@Sun.COM			/*
11105SAlexandr.Nedvedicky@Sun.COM			 * The netinfo passes interface index as int (hne_data should be
11105SAlexandr.Nedvedicky@Sun.COM			 * handled as a pointer to int), which is always 32bit. We need to
11105SAlexandr.Nedvedicky@Sun.COM			 * convert it to void pointer here, since interfaces are
11105SAlexandr.Nedvedicky@Sun.COM			 * represented as pointers to void in IPF. The pointers are 64 bits
11105SAlexandr.Nedvedicky@Sun.COM			 * long on 64bit platforms. Doing something like
11105SAlexandr.Nedvedicky@Sun.COM			 *	(void *)((int) x)
11105SAlexandr.Nedvedicky@Sun.COM			 * will throw warning:
11105SAlexandr.Nedvedicky@Sun.COM			 *   "cast to pointer from integer of different size"
11105SAlexandr.Nedvedicky@Sun.COM			 * during 64bit compilation.
11105SAlexandr.Nedvedicky@Sun.COM			 *
11105SAlexandr.Nedvedicky@Sun.COM			 * The line below uses (size_t) to typecast int to
11105SAlexandr.Nedvedicky@Sun.COM			 * size_t, which might be 64bit/32bit (depending
11105SAlexandr.Nedvedicky@Sun.COM			 * on architecture). Once we have proper 64bit/32bit
11105SAlexandr.Nedvedicky@Sun.COM			 * type (size_t), we can safely convert it to void pointer.
11105SAlexandr.Nedvedicky@Sun.COM			 */
11105SAlexandr.Nedvedicky@Sun.COM			new_ifp = (void *)(size_t)*((int *)hn->hne_data);
11105SAlexandr.Nedvedicky@Sun.COM			fr_ifindexsync((void *)hn->hne_nic, new_ifp, ifs);
11105SAlexandr.Nedvedicky@Sun.COM			fr_natifindexsync((void *)hn->hne_nic, new_ifp, ifs);
11105SAlexandr.Nedvedicky@Sun.COM			fr_stateifindexsync((void *)hn->hne_nic, new_ifp, ifs);
11105SAlexandr.Nedvedicky@Sun.COM		}
11105SAlexandr.Nedvedicky@Sun.COM		RWLOCK_EXIT(&ifs->ifs_ipf_mutex);
11105SAlexandr.Nedvedicky@Sun.COM		break;
11105SAlexandr.Nedvedicky@Sun.COM#endif
11105SAlexandr.Nedvedicky@Sun.COM
2958Sdr146992	default :
2958Sdr146992		break;
2958Sdr146992	}
2958Sdr146992
2958Sdr146992	return 0;
2958Sdr146992}
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM/*
9695SAlexandr.Nedvedicky@Sun.COM * Functions fr_make_rst(), fr_make_icmp_v4(), fr_make_icmp_v6()
9695SAlexandr.Nedvedicky@Sun.COM * are needed in Solaris kernel only. We don't need them in
9695SAlexandr.Nedvedicky@Sun.COM * ipftest to pretend the ICMP/RST packet was sent as a response.
9695SAlexandr.Nedvedicky@Sun.COM */
9695SAlexandr.Nedvedicky@Sun.COM#if defined(_KERNEL) && (SOLARIS2 >= 10)
9695SAlexandr.Nedvedicky@Sun.COM/* ------------------------------------------------------------------------ */
9695SAlexandr.Nedvedicky@Sun.COM/* Function:    fr_make_rst                                                 */
9695SAlexandr.Nedvedicky@Sun.COM/* Returns:     int - 0 on success, -1 on failure			    */
9695SAlexandr.Nedvedicky@Sun.COM/* Parameters:  fin(I) - pointer to packet information                      */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/* We must alter the original mblks passed to IPF from IP stack via	    */
9695SAlexandr.Nedvedicky@Sun.COM/* FW_HOOKS. FW_HOOKS interface is powerfull, but it has some limitations.  */
9695SAlexandr.Nedvedicky@Sun.COM/* IPF can basicaly do only these things with mblk representing the packet: */
9695SAlexandr.Nedvedicky@Sun.COM/*	leave it as it is (pass the packet)				    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/*	discard it (block the packet)					    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/*	alter it (i.e. NAT)						    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/* As you can see IPF can not simply discard the mblk and supply a new one  */
9695SAlexandr.Nedvedicky@Sun.COM/* instead to IP stack via FW_HOOKS.					    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/* The return-rst action for packets coming via NIC is handled as follows:  */
9695SAlexandr.Nedvedicky@Sun.COM/*	mblk with packet is discarded					    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/*	new mblk with RST response is constructed and injected to network   */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/* IPF can't inject packets to loopback interface, this is just another	    */
9695SAlexandr.Nedvedicky@Sun.COM/* limitation we have to deal with here. The only option to send RST	    */
9695SAlexandr.Nedvedicky@Sun.COM/* response to offending TCP packet coming via loopback is to alter it.	    */
9695SAlexandr.Nedvedicky@Sun.COM/*									    */
9695SAlexandr.Nedvedicky@Sun.COM/* The fr_make_rst() function alters TCP SYN/FIN packet intercepted on	    */
9695SAlexandr.Nedvedicky@Sun.COM/* loopback interface into TCP RST packet. fin->fin_mp is pointer to	    */
9695SAlexandr.Nedvedicky@Sun.COM/* mblk L3 (IP) and L4 (TCP/UDP) packet headers.			    */
9695SAlexandr.Nedvedicky@Sun.COM/* ------------------------------------------------------------------------ */
9695SAlexandr.Nedvedicky@Sun.COMint fr_make_rst(fin)
9695SAlexandr.Nedvedicky@Sun.COMfr_info_t *fin;
9695SAlexandr.Nedvedicky@Sun.COM{
9695SAlexandr.Nedvedicky@Sun.COM	uint16_t tmp_port;
9695SAlexandr.Nedvedicky@Sun.COM	int rv = -1;
9695SAlexandr.Nedvedicky@Sun.COM	uint32_t old_ack;
9695SAlexandr.Nedvedicky@Sun.COM	tcphdr_t *tcp = NULL;
9695SAlexandr.Nedvedicky@Sun.COM	struct in_addr tmp_src;
9695SAlexandr.Nedvedicky@Sun.COM#ifdef USE_INET6
9695SAlexandr.Nedvedicky@Sun.COM	struct in6_addr	tmp_src6;
9695SAlexandr.Nedvedicky@Sun.COM#endif
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	ASSERT(fin->fin_p == IPPROTO_TCP);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * We do not need to adjust chksum, since it is not being checked by
9695SAlexandr.Nedvedicky@Sun.COM	 * Solaris IP stack for loopback clients.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	if ((fin->fin_v == 4) && (fin->fin_p == IPPROTO_TCP) &&
9695SAlexandr.Nedvedicky@Sun.COM	    ((tcp = (tcphdr_t *) fin->fin_dp) != NULL)) {
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM		if (tcp->th_flags & (TH_SYN | TH_FIN)) {
9695SAlexandr.Nedvedicky@Sun.COM			/* Swap IPv4 addresses. */
9695SAlexandr.Nedvedicky@Sun.COM			tmp_src = fin->fin_ip->ip_src;
9695SAlexandr.Nedvedicky@Sun.COM			fin->fin_ip->ip_src = fin->fin_ip->ip_dst;
9695SAlexandr.Nedvedicky@Sun.COM			fin->fin_ip->ip_dst = tmp_src;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM			rv = 0;
9695SAlexandr.Nedvedicky@Sun.COM		}
9695SAlexandr.Nedvedicky@Sun.COM		else
9695SAlexandr.Nedvedicky@Sun.COM			tcp = NULL;
9695SAlexandr.Nedvedicky@Sun.COM	}
9695SAlexandr.Nedvedicky@Sun.COM#ifdef USE_INET6
9695SAlexandr.Nedvedicky@Sun.COM	else if ((fin->fin_v == 6) && (fin->fin_p == IPPROTO_TCP) &&
9695SAlexandr.Nedvedicky@Sun.COM	    ((tcp = (tcphdr_t *) fin->fin_dp) != NULL)) {
9695SAlexandr.Nedvedicky@Sun.COM		/*
9695SAlexandr.Nedvedicky@Sun.COM		 * We are relying on fact the next header is TCP, which is true
9695SAlexandr.Nedvedicky@Sun.COM		 * for regular TCP packets coming in over loopback.
9695SAlexandr.Nedvedicky@Sun.COM		 */
9695SAlexandr.Nedvedicky@Sun.COM		if (tcp->th_flags & (TH_SYN | TH_FIN)) {
9695SAlexandr.Nedvedicky@Sun.COM			/* Swap IPv6 addresses. */
9695SAlexandr.Nedvedicky@Sun.COM			tmp_src6 = fin->fin_ip6->ip6_src;
9695SAlexandr.Nedvedicky@Sun.COM			fin->fin_ip6->ip6_src = fin->fin_ip6->ip6_dst;
9695SAlexandr.Nedvedicky@Sun.COM			fin->fin_ip6->ip6_dst = tmp_src6;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM			rv = 0;
9695SAlexandr.Nedvedicky@Sun.COM		}
9695SAlexandr.Nedvedicky@Sun.COM		else
9695SAlexandr.Nedvedicky@Sun.COM			tcp = NULL;
9695SAlexandr.Nedvedicky@Sun.COM	}
9695SAlexandr.Nedvedicky@Sun.COM#endif
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	if (tcp != NULL) {
9695SAlexandr.Nedvedicky@Sun.COM		/*
9695SAlexandr.Nedvedicky@Sun.COM		 * Adjust TCP header:
9695SAlexandr.Nedvedicky@Sun.COM		 *	swap ports,
9695SAlexandr.Nedvedicky@Sun.COM		 *	set flags,
9695SAlexandr.Nedvedicky@Sun.COM		 *	set correct ACK number
9695SAlexandr.Nedvedicky@Sun.COM		 */
9695SAlexandr.Nedvedicky@Sun.COM		tmp_port = tcp->th_sport;
9695SAlexandr.Nedvedicky@Sun.COM		tcp->th_sport = tcp->th_dport;
9695SAlexandr.Nedvedicky@Sun.COM		tcp->th_dport = tmp_port;
9695SAlexandr.Nedvedicky@Sun.COM		old_ack = tcp->th_ack;
9695SAlexandr.Nedvedicky@Sun.COM		tcp->th_ack = htonl(ntohl(tcp->th_seq) + 1);
9695SAlexandr.Nedvedicky@Sun.COM		tcp->th_seq = old_ack;
9695SAlexandr.Nedvedicky@Sun.COM		tcp->th_flags = TH_RST | TH_ACK;
9695SAlexandr.Nedvedicky@Sun.COM	}
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	return (rv);
9695SAlexandr.Nedvedicky@Sun.COM}
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM/* ------------------------------------------------------------------------ */
9695SAlexandr.Nedvedicky@Sun.COM/* Function:    fr_make_icmp_v4                                             */
9695SAlexandr.Nedvedicky@Sun.COM/* Returns:     int - 0 on success, -1 on failure			    */
9695SAlexandr.Nedvedicky@Sun.COM/* Parameters:  fin(I) - pointer to packet information                      */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/* Please read comment at fr_make_icmp() wrapper function to get an idea    */
9695SAlexandr.Nedvedicky@Sun.COM/* what is going to happen here and why. Once you read the comment there,   */
9695SAlexandr.Nedvedicky@Sun.COM/* continue here with next paragraph.					    */
9695SAlexandr.Nedvedicky@Sun.COM/*									    */
9695SAlexandr.Nedvedicky@Sun.COM/* To turn IPv4 packet into ICMPv4 response packet, these things must	    */
9695SAlexandr.Nedvedicky@Sun.COM/* happen here:								    */
9695SAlexandr.Nedvedicky@Sun.COM/*	(1) Original mblk is copied (duplicated).			    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/*	(2) ICMP header is created.					    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/*	(3) Link ICMP header with copy of original mblk, we have ICMPv4	    */
9695SAlexandr.Nedvedicky@Sun.COM/*	    data ready then.						    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/*      (4) Swap IP addresses in original mblk and adjust IP header data.   */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/*	(5) The mblk containing original packet is trimmed to contain IP    */
9695SAlexandr.Nedvedicky@Sun.COM/*	    header only and ICMP chksum is computed.			    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/*	(6) The ICMP header we have from (3) is linked to original mblk,    */
9695SAlexandr.Nedvedicky@Sun.COM/*	    which now contains new IP header. If original packet was spread */
9695SAlexandr.Nedvedicky@Sun.COM/*	    over several mblks, only the first mblk is kept.		    */
9695SAlexandr.Nedvedicky@Sun.COM/* ------------------------------------------------------------------------ */
9695SAlexandr.Nedvedicky@Sun.COMstatic int fr_make_icmp_v4(fin)
9695SAlexandr.Nedvedicky@Sun.COMfr_info_t *fin;
9695SAlexandr.Nedvedicky@Sun.COM{
9695SAlexandr.Nedvedicky@Sun.COM	struct in_addr tmp_src;
9888SAlexandr.Nedvedicky@Sun.COM	tcphdr_t *tcp;
9695SAlexandr.Nedvedicky@Sun.COM	struct icmp *icmp;
9695SAlexandr.Nedvedicky@Sun.COM	mblk_t *mblk_icmp;
9695SAlexandr.Nedvedicky@Sun.COM	mblk_t *mblk_ip;
9695SAlexandr.Nedvedicky@Sun.COM	size_t icmp_pld_len;	/* octets to append to ICMP header */
9695SAlexandr.Nedvedicky@Sun.COM	size_t orig_iphdr_len;	/* length of IP header only */
9695SAlexandr.Nedvedicky@Sun.COM	uint32_t sum;
9695SAlexandr.Nedvedicky@Sun.COM	uint16_t *buf;
9695SAlexandr.Nedvedicky@Sun.COM	int len;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	if (fin->fin_v != 4)
9695SAlexandr.Nedvedicky@Sun.COM		return (-1);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * If we are dealing with TCP, then packet must be SYN/FIN to be routed
9695SAlexandr.Nedvedicky@Sun.COM	 * by IP stack. If it is not SYN/FIN, then we must drop it silently.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9888SAlexandr.Nedvedicky@Sun.COM	tcp = (tcphdr_t *) fin->fin_dp;
9888SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	if ((fin->fin_p == IPPROTO_TCP) &&
9888SAlexandr.Nedvedicky@Sun.COM	    ((tcp == NULL) || ((tcp->th_flags & (TH_SYN | TH_FIN)) == 0)))
9695SAlexandr.Nedvedicky@Sun.COM		return (-1);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Step (1)
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * Make copy of original mblk.
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * We want to copy as much data as necessary, not less, not more.  The
9695SAlexandr.Nedvedicky@Sun.COM	 * ICMPv4 payload length for unreachable messages is:
9695SAlexandr.Nedvedicky@Sun.COM	 *	original IP header + 8 bytes of L4 (if there are any).
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * We determine if there are at least 8 bytes of L4 data following IP
9695SAlexandr.Nedvedicky@Sun.COM	 * header first.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	icmp_pld_len = (fin->fin_dlen > ICMPERR_ICMPHLEN) ?
9695SAlexandr.Nedvedicky@Sun.COM		ICMPERR_ICMPHLEN : fin->fin_dlen;
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Since we don't want to copy more data than necessary, we must trim
9695SAlexandr.Nedvedicky@Sun.COM	 * the original mblk here.  The right way (STREAMish) would be to use
9695SAlexandr.Nedvedicky@Sun.COM	 * adjmsg() to trim it.  However we would have to calculate the length
9695SAlexandr.Nedvedicky@Sun.COM	 * argument for adjmsg() from pointers we already have here.
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * Since we have pointers and offsets, it's faster and easier for
9695SAlexandr.Nedvedicky@Sun.COM	 * us to just adjust pointers by hand instead of using adjmsg().
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_m->b_wptr = (unsigned char *) fin->fin_dp;
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_m->b_wptr += icmp_pld_len;
9695SAlexandr.Nedvedicky@Sun.COM	icmp_pld_len = fin->fin_m->b_wptr - (unsigned char *) fin->fin_ip;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Also we don't want to copy any L2 stuff, which might precede IP
9695SAlexandr.Nedvedicky@Sun.COM	 * header, so we have have to set b_rptr to point to the start of IP
9695SAlexandr.Nedvedicky@Sun.COM	 * header.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_m->b_rptr += fin->fin_ipoff;
9695SAlexandr.Nedvedicky@Sun.COM	if ((mblk_ip = copyb(fin->fin_m)) == NULL)
9695SAlexandr.Nedvedicky@Sun.COM		return (-1);
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_m->b_rptr -= fin->fin_ipoff;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Step (2)
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * Create an ICMP header, which will be appened to original mblk later.
9695SAlexandr.Nedvedicky@Sun.COM	 * ICMP header is just another mblk.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	mblk_icmp = (mblk_t *) allocb(ICMPERR_ICMPHLEN, BPRI_HI);
9695SAlexandr.Nedvedicky@Sun.COM	if (mblk_icmp == NULL) {
9695SAlexandr.Nedvedicky@Sun.COM		FREE_MB_T(mblk_ip);
9695SAlexandr.Nedvedicky@Sun.COM		return (-1);
9695SAlexandr.Nedvedicky@Sun.COM	}
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	MTYPE(mblk_icmp) = M_DATA;
9695SAlexandr.Nedvedicky@Sun.COM	icmp = (struct icmp *) mblk_icmp->b_wptr;
9695SAlexandr.Nedvedicky@Sun.COM	icmp->icmp_type = ICMP_UNREACH;
9695SAlexandr.Nedvedicky@Sun.COM	icmp->icmp_code = fin->fin_icode & 0xFF;
9695SAlexandr.Nedvedicky@Sun.COM	icmp->icmp_void = 0;
9695SAlexandr.Nedvedicky@Sun.COM	icmp->icmp_cksum = 0;
9695SAlexandr.Nedvedicky@Sun.COM	mblk_icmp->b_wptr += ICMPERR_ICMPHLEN;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Step (3)
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * Complete ICMP packet - link ICMP header with L4 data from original
9695SAlexandr.Nedvedicky@Sun.COM	 * IP packet.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	linkb(mblk_icmp, mblk_ip);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Step (4)
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * Swap IP addresses and change IP header fields accordingly in
9695SAlexandr.Nedvedicky@Sun.COM	 * original IP packet.
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * There is a rule option return-icmp as a dest for physical
9695SAlexandr.Nedvedicky@Sun.COM	 * interfaces. This option becomes useless for loopback, since IPF box
9695SAlexandr.Nedvedicky@Sun.COM	 * uses same address as a loopback destination. We ignore the option
9695SAlexandr.Nedvedicky@Sun.COM	 * here, the ICMP packet will always look like as it would have been
9695SAlexandr.Nedvedicky@Sun.COM	 * sent from the original destination host.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	tmp_src = fin->fin_ip->ip_src;
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_ip->ip_src = fin->fin_ip->ip_dst;
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_ip->ip_dst = tmp_src;
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_ip->ip_p = IPPROTO_ICMP;
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_ip->ip_sum = 0;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Step (5)
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * We trim the orignal mblk to hold IP header only.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_m->b_wptr = fin->fin_dp;
9695SAlexandr.Nedvedicky@Sun.COM	orig_iphdr_len = fin->fin_m->b_wptr -
9695SAlexandr.Nedvedicky@Sun.COM			    (fin->fin_m->b_rptr + fin->fin_ipoff);
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_ip->ip_len = htons(icmp_pld_len + ICMPERR_ICMPHLEN +
9695SAlexandr.Nedvedicky@Sun.COM			    orig_iphdr_len);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * ICMP chksum calculation. The data we are calculating chksum for are
9695SAlexandr.Nedvedicky@Sun.COM	 * spread over two mblks, therefore we have to use two for loops.
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * First for loop computes chksum part for ICMP header.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	buf = (uint16_t *) icmp;
9695SAlexandr.Nedvedicky@Sun.COM	len = ICMPERR_ICMPHLEN;
9695SAlexandr.Nedvedicky@Sun.COM	for (sum = 0; len > 1; len -= 2)
9695SAlexandr.Nedvedicky@Sun.COM		sum += *buf++;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Here we add chksum part for ICMP payload.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	len = icmp_pld_len;
9695SAlexandr.Nedvedicky@Sun.COM	buf = (uint16_t *) mblk_ip->b_rptr;
9695SAlexandr.Nedvedicky@Sun.COM	for (; len > 1; len -= 2)
9695SAlexandr.Nedvedicky@Sun.COM		sum += *buf++;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Chksum is done.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	sum = (sum >> 16) + (sum & 0xffff);
9695SAlexandr.Nedvedicky@Sun.COM	sum += (sum >> 16);
9695SAlexandr.Nedvedicky@Sun.COM	icmp->icmp_cksum = ~sum;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Step (6)
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * Release all packet mblks, except the first one.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	if (fin->fin_m->b_cont != NULL) {
9695SAlexandr.Nedvedicky@Sun.COM		FREE_MB_T(fin->fin_m->b_cont);
9695SAlexandr.Nedvedicky@Sun.COM	}
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Append ICMP payload to first mblk, which already contains new IP
9695SAlexandr.Nedvedicky@Sun.COM	 * header.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	linkb(fin->fin_m, mblk_icmp);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	return (0);
9695SAlexandr.Nedvedicky@Sun.COM}
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM#ifdef USE_INET6
9695SAlexandr.Nedvedicky@Sun.COM/* ------------------------------------------------------------------------ */
9695SAlexandr.Nedvedicky@Sun.COM/* Function:    fr_make_icmp_v6                                             */
9695SAlexandr.Nedvedicky@Sun.COM/* Returns:     int - 0 on success, -1 on failure			    */
9695SAlexandr.Nedvedicky@Sun.COM/* Parameters:  fin(I) - pointer to packet information                      */
9695SAlexandr.Nedvedicky@Sun.COM/*									    */
9695SAlexandr.Nedvedicky@Sun.COM/* Please read comment at fr_make_icmp() wrapper function to get an idea    */
9695SAlexandr.Nedvedicky@Sun.COM/* what and why is going to happen here. Once you read the comment there,   */
9695SAlexandr.Nedvedicky@Sun.COM/* continue here with next paragraph.					    */
9695SAlexandr.Nedvedicky@Sun.COM/*									    */
9695SAlexandr.Nedvedicky@Sun.COM/* This function turns IPv6 packet (UDP, TCP, ...) into ICMPv6 response.    */
9695SAlexandr.Nedvedicky@Sun.COM/* The algorithm is fairly simple:					    */
9695SAlexandr.Nedvedicky@Sun.COM/*	1) We need to get copy of complete mblk.			    */
9695SAlexandr.Nedvedicky@Sun.COM/*									    */
9695SAlexandr.Nedvedicky@Sun.COM/*	2) New ICMPv6 header is created.				    */
9695SAlexandr.Nedvedicky@Sun.COM/*									    */
9695SAlexandr.Nedvedicky@Sun.COM/*	3) The copy of original mblk with packet is linked to ICMPv6	    */
9695SAlexandr.Nedvedicky@Sun.COM/*	   header.							    */
9695SAlexandr.Nedvedicky@Sun.COM/*									    */
9695SAlexandr.Nedvedicky@Sun.COM/*	4) The checksum must be adjusted.				    */
9695SAlexandr.Nedvedicky@Sun.COM/*									    */
9695SAlexandr.Nedvedicky@Sun.COM/*	5) IP addresses in original mblk are swapped and IP header data	    */
9695SAlexandr.Nedvedicky@Sun.COM/*	   are adjusted (protocol number).				    */
9695SAlexandr.Nedvedicky@Sun.COM/*									    */
9695SAlexandr.Nedvedicky@Sun.COM/*	6) Original mblk is trimmed to hold IPv6 header only, then it is    */
9695SAlexandr.Nedvedicky@Sun.COM/*	   linked with the ICMPv6 data we got from (3).			    */
9695SAlexandr.Nedvedicky@Sun.COM/* ------------------------------------------------------------------------ */
9695SAlexandr.Nedvedicky@Sun.COMstatic int fr_make_icmp_v6(fin)
9695SAlexandr.Nedvedicky@Sun.COMfr_info_t *fin;
9695SAlexandr.Nedvedicky@Sun.COM{
9695SAlexandr.Nedvedicky@Sun.COM	struct icmp6_hdr *icmp6;
9888SAlexandr.Nedvedicky@Sun.COM	tcphdr_t *tcp;
9695SAlexandr.Nedvedicky@Sun.COM	struct in6_addr	tmp_src6;
9695SAlexandr.Nedvedicky@Sun.COM	size_t icmp_pld_len;
9695SAlexandr.Nedvedicky@Sun.COM	mblk_t *mblk_ip, *mblk_icmp;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	if (fin->fin_v != 6)
9695SAlexandr.Nedvedicky@Sun.COM		return (-1);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * If we are dealing with TCP, then packet must SYN/FIN to be routed by
9695SAlexandr.Nedvedicky@Sun.COM	 * IP stack. If it is not SYN/FIN, then we must drop it silently.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9888SAlexandr.Nedvedicky@Sun.COM	tcp = (tcphdr_t *) fin->fin_dp;
9888SAlexandr.Nedvedicky@Sun.COM
9888SAlexandr.Nedvedicky@Sun.COM	if ((fin->fin_p == IPPROTO_TCP) &&
9888SAlexandr.Nedvedicky@Sun.COM	    ((tcp == NULL) || ((tcp->th_flags & (TH_SYN | TH_FIN)) == 0)))
9695SAlexandr.Nedvedicky@Sun.COM		return (-1);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Step (1)
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * We need to copy complete packet in case of IPv6, no trimming is
9695SAlexandr.Nedvedicky@Sun.COM	 * needed (except the L2 headers).
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	icmp_pld_len = M_LEN(fin->fin_m);
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_m->b_rptr += fin->fin_ipoff;
9695SAlexandr.Nedvedicky@Sun.COM	if ((mblk_ip = copyb(fin->fin_m)) == NULL)
9695SAlexandr.Nedvedicky@Sun.COM		return (-1);
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_m->b_rptr -= fin->fin_ipoff;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Step (2)
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * Allocate and create ICMP header.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	mblk_icmp = (mblk_t *) allocb(sizeof (struct icmp6_hdr),
9695SAlexandr.Nedvedicky@Sun.COM			BPRI_HI);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	if (mblk_icmp == NULL)
9695SAlexandr.Nedvedicky@Sun.COM		return (-1);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	MTYPE(mblk_icmp) = M_DATA;
9695SAlexandr.Nedvedicky@Sun.COM	icmp6 =  (struct icmp6_hdr *) mblk_icmp->b_wptr;
9695SAlexandr.Nedvedicky@Sun.COM	icmp6->icmp6_type = ICMP6_DST_UNREACH;
9695SAlexandr.Nedvedicky@Sun.COM	icmp6->icmp6_code = fin->fin_icode & 0xFF;
9695SAlexandr.Nedvedicky@Sun.COM	icmp6->icmp6_data32[0] = 0;
9695SAlexandr.Nedvedicky@Sun.COM	mblk_icmp->b_wptr += sizeof (struct icmp6_hdr);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Step (3)
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * Link the copy of IP packet to ICMP header.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	linkb(mblk_icmp, mblk_ip);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Step (4)
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * Calculate chksum - this is much more easier task than in case of
9695SAlexandr.Nedvedicky@Sun.COM	 * IPv4  - ICMPv6 chksum only covers IP addresses, and payload length.
9695SAlexandr.Nedvedicky@Sun.COM	 * We are making compensation just for change of packet length.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	icmp6->icmp6_cksum = icmp_pld_len + sizeof (struct icmp6_hdr);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Step (5)
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * Swap IP addresses.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	tmp_src6 = fin->fin_ip6->ip6_src;
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_ip6->ip6_src = fin->fin_ip6->ip6_dst;
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_ip6->ip6_dst = tmp_src6;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * and adjust IP header data.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_ip6->ip6_nxt = IPPROTO_ICMPV6;
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_ip6->ip6_plen = htons(icmp_pld_len + sizeof (struct icmp6_hdr));
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Step (6)
9695SAlexandr.Nedvedicky@Sun.COM	 *
9695SAlexandr.Nedvedicky@Sun.COM	 * We must release all linked mblks from original packet and keep only
9695SAlexandr.Nedvedicky@Sun.COM	 * the first mblk with IP header to link ICMP data.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	fin->fin_m->b_wptr = (unsigned char *) fin->fin_ip6 + sizeof (ip6_t);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	if (fin->fin_m->b_cont != NULL) {
9695SAlexandr.Nedvedicky@Sun.COM		FREE_MB_T(fin->fin_m->b_cont);
9695SAlexandr.Nedvedicky@Sun.COM	}
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	/*
9695SAlexandr.Nedvedicky@Sun.COM	 * Append ICMP payload to IP header.
9695SAlexandr.Nedvedicky@Sun.COM	 */
9695SAlexandr.Nedvedicky@Sun.COM	linkb(fin->fin_m, mblk_icmp);
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	return (0);
9695SAlexandr.Nedvedicky@Sun.COM}
9695SAlexandr.Nedvedicky@Sun.COM#endif	/* USE_INET6 */
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM/* ------------------------------------------------------------------------ */
9695SAlexandr.Nedvedicky@Sun.COM/* Function:    fr_make_icmp                                                */
9695SAlexandr.Nedvedicky@Sun.COM/* Returns:     int - 0 on success, -1 on failure			    */
9695SAlexandr.Nedvedicky@Sun.COM/* Parameters:  fin(I) - pointer to packet information                      */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/* We must alter the original mblks passed to IPF from IP stack via	    */
9695SAlexandr.Nedvedicky@Sun.COM/* FW_HOOKS. The reasons why we must alter packet are discussed within	    */
9695SAlexandr.Nedvedicky@Sun.COM/* comment at fr_make_rst() function.					    */
9695SAlexandr.Nedvedicky@Sun.COM/*									    */
9695SAlexandr.Nedvedicky@Sun.COM/* The fr_make_icmp() function acts as a wrapper, which passes the code	    */
9695SAlexandr.Nedvedicky@Sun.COM/* execution to	fr_make_icmp_v4() or fr_make_icmp_v6() depending on	    */
9695SAlexandr.Nedvedicky@Sun.COM/* protocol version. However there are some details, which are common to    */
9695SAlexandr.Nedvedicky@Sun.COM/* both IP versions. The details are going to be explained here.	    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/* The packet looks as follows:						    */
9695SAlexandr.Nedvedicky@Sun.COM/*    xxx | IP hdr | IP payload    ...	| 				    */
9695SAlexandr.Nedvedicky@Sun.COM/*    ^   ^        ^            	^				    */
9695SAlexandr.Nedvedicky@Sun.COM/*    |   |        |            	|				    */
9695SAlexandr.Nedvedicky@Sun.COM/*    |   |        |		fin_m->b_wptr = fin->fin_dp + fin->fin_dlen */
9695SAlexandr.Nedvedicky@Sun.COM/*    |   |        |							    */
9695SAlexandr.Nedvedicky@Sun.COM/*    |   |        `- fin_m->fin_dp (in case of IPv4 points to L4 header)   */
9695SAlexandr.Nedvedicky@Sun.COM/*    |   |								    */
9695SAlexandr.Nedvedicky@Sun.COM/*    |   `- fin_m->b_rptr + fin_ipoff (fin_ipoff is most likely 0 in case  */
9695SAlexandr.Nedvedicky@Sun.COM/*    |      of loopback)						    */
9695SAlexandr.Nedvedicky@Sun.COM/*    |   								    */
9695SAlexandr.Nedvedicky@Sun.COM/*    `- fin_m->b_rptr -  points to L2 header in case of physical NIC	    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/* All relevant IP headers are pulled up into the first mblk. It happened   */
9695SAlexandr.Nedvedicky@Sun.COM/* well in advance before the matching rule was found (the rule, which took */
9695SAlexandr.Nedvedicky@Sun.COM/* us here, to fr_make_icmp() function).				    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
9695SAlexandr.Nedvedicky@Sun.COM/* Both functions will turn packet passed in fin->fin_m mblk into a new	    */
9695SAlexandr.Nedvedicky@Sun.COM/* packet. New packet will be represented as chain of mblks.		    */
9695SAlexandr.Nedvedicky@Sun.COM/* orig mblk |- b_cont ---.						    */
9695SAlexandr.Nedvedicky@Sun.COM/*    ^                    `-> ICMP hdr |- b_cont--.			    */
9695SAlexandr.Nedvedicky@Sun.COM/*    |	                          ^	            `-> duped orig mblk	    */
9695SAlexandr.Nedvedicky@Sun.COM/*    |                           |				^	    */
9695SAlexandr.Nedvedicky@Sun.COM/*    `- The original mblk        |				|	    */
9695SAlexandr.Nedvedicky@Sun.COM/*       will be trimmed to       |				|	    */
9695SAlexandr.Nedvedicky@Sun.COM/*       to contain IP header     |				|	    */
9695SAlexandr.Nedvedicky@Sun.COM/*       only                     |				|	    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                |				|	    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                `- This is newly		|           */
9695SAlexandr.Nedvedicky@Sun.COM/*                                   allocated mblk to		|	    */
9695SAlexandr.Nedvedicky@Sun.COM/*                                   hold ICMPv6 data.		|	    */
9695SAlexandr.Nedvedicky@Sun.COM/*								|	    */
9695SAlexandr.Nedvedicky@Sun.COM/*								|	    */
9695SAlexandr.Nedvedicky@Sun.COM/*								|	    */
9695SAlexandr.Nedvedicky@Sun.COM/*	    This is the copy of original mblk, it will contain -'	    */
9695SAlexandr.Nedvedicky@Sun.COM/*	    orignal IP  packet in case of ICMPv6. In case of		    */
9695SAlexandr.Nedvedicky@Sun.COM/*	    ICMPv4 it will contain up to 8 bytes of IP payload		    */
9695SAlexandr.Nedvedicky@Sun.COM/*	    (TCP/UDP/L4) data from original packet.			    */
9695SAlexandr.Nedvedicky@Sun.COM/* ------------------------------------------------------------------------ */
9695SAlexandr.Nedvedicky@Sun.COMint fr_make_icmp(fin)
9695SAlexandr.Nedvedicky@Sun.COMfr_info_t *fin;
9695SAlexandr.Nedvedicky@Sun.COM{
9695SAlexandr.Nedvedicky@Sun.COM	int rv;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	if (fin->fin_v == 4)
9695SAlexandr.Nedvedicky@Sun.COM		rv = fr_make_icmp_v4(fin);
9695SAlexandr.Nedvedicky@Sun.COM#ifdef USE_INET6
9695SAlexandr.Nedvedicky@Sun.COM	else if (fin->fin_v == 6)
9695SAlexandr.Nedvedicky@Sun.COM		rv = fr_make_icmp_v6(fin);
9695SAlexandr.Nedvedicky@Sun.COM#endif
9695SAlexandr.Nedvedicky@Sun.COM	else
9695SAlexandr.Nedvedicky@Sun.COM		rv = -1;
9695SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM	return (rv);
9695SAlexandr.Nedvedicky@Sun.COM}
*12358SAlexandr.Nedvedicky@Sun.COM
*12358SAlexandr.Nedvedicky@Sun.COM/* ------------------------------------------------------------------------ */
*12358SAlexandr.Nedvedicky@Sun.COM/* Function:    fr_buf_sum						    */
*12358SAlexandr.Nedvedicky@Sun.COM/* Returns:     unsigned int - sum of buffer buf			    */
*12358SAlexandr.Nedvedicky@Sun.COM/* Parameters:  buf - pointer to buf we want to sum up			    */
*12358SAlexandr.Nedvedicky@Sun.COM/*              len - length of buffer buf				    */
*12358SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
*12358SAlexandr.Nedvedicky@Sun.COM/* Sums buffer buf. The result is used for chksum calculation. The buf	    */
*12358SAlexandr.Nedvedicky@Sun.COM/* argument must be aligned.						    */
*12358SAlexandr.Nedvedicky@Sun.COM/* ------------------------------------------------------------------------ */
*12358SAlexandr.Nedvedicky@Sun.COMstatic uint32_t fr_buf_sum(buf, len)
*12358SAlexandr.Nedvedicky@Sun.COMconst void *buf;
*12358SAlexandr.Nedvedicky@Sun.COMunsigned int len;
*12358SAlexandr.Nedvedicky@Sun.COM{
*12358SAlexandr.Nedvedicky@Sun.COM	uint32_t	sum = 0;
*12358SAlexandr.Nedvedicky@Sun.COM	uint16_t	*b = (uint16_t *)buf;
*12358SAlexandr.Nedvedicky@Sun.COM
*12358SAlexandr.Nedvedicky@Sun.COM	while (len > 1) {
*12358SAlexandr.Nedvedicky@Sun.COM		sum += *b++;
*12358SAlexandr.Nedvedicky@Sun.COM		len -= 2;
*12358SAlexandr.Nedvedicky@Sun.COM	}
*12358SAlexandr.Nedvedicky@Sun.COM
*12358SAlexandr.Nedvedicky@Sun.COM	if (len == 1)
*12358SAlexandr.Nedvedicky@Sun.COM		sum += htons((*(unsigned char *)b) << 8);
*12358SAlexandr.Nedvedicky@Sun.COM
*12358SAlexandr.Nedvedicky@Sun.COM	return (sum);
*12358SAlexandr.Nedvedicky@Sun.COM}
*12358SAlexandr.Nedvedicky@Sun.COM
*12358SAlexandr.Nedvedicky@Sun.COM/* ------------------------------------------------------------------------ */
*12358SAlexandr.Nedvedicky@Sun.COM/* Function:    fr_calc_chksum						    */
*12358SAlexandr.Nedvedicky@Sun.COM/* Returns:     void							    */
*12358SAlexandr.Nedvedicky@Sun.COM/* Parameters:  fin - pointer to fr_info_t instance with packet data	    */
*12358SAlexandr.Nedvedicky@Sun.COM/*              pkt - pointer to duplicated packet			    */
*12358SAlexandr.Nedvedicky@Sun.COM/*                                                                          */
*12358SAlexandr.Nedvedicky@Sun.COM/* Calculates all chksums (L3, L4) for packet pkt. Works for both IP	    */
*12358SAlexandr.Nedvedicky@Sun.COM/* versions.								    */
*12358SAlexandr.Nedvedicky@Sun.COM/* ------------------------------------------------------------------------ */
*12358SAlexandr.Nedvedicky@Sun.COMvoid fr_calc_chksum(fin, pkt)
*12358SAlexandr.Nedvedicky@Sun.COMfr_info_t *fin;
*12358SAlexandr.Nedvedicky@Sun.COMmb_t *pkt;
*12358SAlexandr.Nedvedicky@Sun.COM{
*12358SAlexandr.Nedvedicky@Sun.COM	struct pseudo_hdr {
*12358SAlexandr.Nedvedicky@Sun.COM		union {
*12358SAlexandr.Nedvedicky@Sun.COM			struct in_addr	in4;
*12358SAlexandr.Nedvedicky@Sun.COM#ifdef USE_INET6
*12358SAlexandr.Nedvedicky@Sun.COM			struct in6_addr	in6;
*12358SAlexandr.Nedvedicky@Sun.COM#endif
*12358SAlexandr.Nedvedicky@Sun.COM		} src_addr;
*12358SAlexandr.Nedvedicky@Sun.COM		union {
*12358SAlexandr.Nedvedicky@Sun.COM			struct in_addr	in4;
*12358SAlexandr.Nedvedicky@Sun.COM#ifdef USE_INET6
*12358SAlexandr.Nedvedicky@Sun.COM			struct in6_addr	in6;
*12358SAlexandr.Nedvedicky@Sun.COM#endif
*12358SAlexandr.Nedvedicky@Sun.COM		} dst_addr;
*12358SAlexandr.Nedvedicky@Sun.COM		char		zero;
*12358SAlexandr.Nedvedicky@Sun.COM		char		proto;
*12358SAlexandr.Nedvedicky@Sun.COM		uint16_t	len;
*12358SAlexandr.Nedvedicky@Sun.COM	}	phdr;
*12358SAlexandr.Nedvedicky@Sun.COM	uint32_t	sum, ip_sum;
*12358SAlexandr.Nedvedicky@Sun.COM	void	*buf;
*12358SAlexandr.Nedvedicky@Sun.COM	uint16_t	*l4_csum_p;
*12358SAlexandr.Nedvedicky@Sun.COM	tcphdr_t	*tcp;
*12358SAlexandr.Nedvedicky@Sun.COM	udphdr_t	*udp;
*12358SAlexandr.Nedvedicky@Sun.COM	icmphdr_t	*icmp;
*12358SAlexandr.Nedvedicky@Sun.COM#ifdef USE_INET6
*12358SAlexandr.Nedvedicky@Sun.COM	struct icmp6_hdr	*icmp6;
*12358SAlexandr.Nedvedicky@Sun.COM#endif
*12358SAlexandr.Nedvedicky@Sun.COM	ip_t		*ip;
*12358SAlexandr.Nedvedicky@Sun.COM	unsigned int	len;
*12358SAlexandr.Nedvedicky@Sun.COM	int		pld_len;
*12358SAlexandr.Nedvedicky@Sun.COM
*12358SAlexandr.Nedvedicky@Sun.COM	/*
*12358SAlexandr.Nedvedicky@Sun.COM	 * We need to pullup the packet to the single continuous buffer to avoid
*12358SAlexandr.Nedvedicky@Sun.COM	 * potential misaligment of b_rptr member in mblk chain.
*12358SAlexandr.Nedvedicky@Sun.COM	 */
*12358SAlexandr.Nedvedicky@Sun.COM	if (pullupmsg(pkt, -1) == 0) {
*12358SAlexandr.Nedvedicky@Sun.COM		cmn_err(CE_WARN, "Failed to pullup loopback pkt -> chksum"
*12358SAlexandr.Nedvedicky@Sun.COM		    " will not be computed by IPF");
*12358SAlexandr.Nedvedicky@Sun.COM		return;
*12358SAlexandr.Nedvedicky@Sun.COM	}
*12358SAlexandr.Nedvedicky@Sun.COM
*12358SAlexandr.Nedvedicky@Sun.COM	/*
*12358SAlexandr.Nedvedicky@Sun.COM	 * It is guaranteed IP header starts right at b_rptr, because we are
*12358SAlexandr.Nedvedicky@Sun.COM	 * working with a copy of the original packet.
*12358SAlexandr.Nedvedicky@Sun.COM	 *
*12358SAlexandr.Nedvedicky@Sun.COM	 * Compute pseudo header chksum for TCP and UDP.
*12358SAlexandr.Nedvedicky@Sun.COM	 */
*12358SAlexandr.Nedvedicky@Sun.COM	if ((fin->fin_p == IPPROTO_UDP) ||
*12358SAlexandr.Nedvedicky@Sun.COM	    (fin->fin_p == IPPROTO_TCP)) {
*12358SAlexandr.Nedvedicky@Sun.COM		bzero(&phdr, sizeof (phdr));
*12358SAlexandr.Nedvedicky@Sun.COM#ifdef USE_INET6
*12358SAlexandr.Nedvedicky@Sun.COM		if (fin->fin_v == 6) {
*12358SAlexandr.Nedvedicky@Sun.COM			phdr.src_addr.in6 = fin->fin_srcip6;
*12358SAlexandr.Nedvedicky@Sun.COM			phdr.dst_addr.in6 = fin->fin_dstip6;
*12358SAlexandr.Nedvedicky@Sun.COM		} else {
*12358SAlexandr.Nedvedicky@Sun.COM			phdr.src_addr.in4 = fin->fin_src;
*12358SAlexandr.Nedvedicky@Sun.COM			phdr.dst_addr.in4 = fin->fin_dst;
*12358SAlexandr.Nedvedicky@Sun.COM		}
*12358SAlexandr.Nedvedicky@Sun.COM#else
*12358SAlexandr.Nedvedicky@Sun.COM		phdr.src_addr.in4 = fin->fin_src;
*12358SAlexandr.Nedvedicky@Sun.COM		phdr.dst_addr.in4 = fin->fin_dst;
*12358SAlexandr.Nedvedicky@Sun.COM#endif
*12358SAlexandr.Nedvedicky@Sun.COM		phdr.zero = (char) 0;
*12358SAlexandr.Nedvedicky@Sun.COM		phdr.proto = fin->fin_p;
*12358SAlexandr.Nedvedicky@Sun.COM		phdr.len = htons((uint16_t)fin->fin_dlen);
*12358SAlexandr.Nedvedicky@Sun.COM		sum = fr_buf_sum(&phdr, (unsigned int)sizeof (phdr));
*12358SAlexandr.Nedvedicky@Sun.COM	} else {
*12358SAlexandr.Nedvedicky@Sun.COM		sum = 0;
*12358SAlexandr.Nedvedicky@Sun.COM	}
*12358SAlexandr.Nedvedicky@Sun.COM
*12358SAlexandr.Nedvedicky@Sun.COM	/*
*12358SAlexandr.Nedvedicky@Sun.COM	 * Set pointer to the L4 chksum field in the packet, set buf pointer to
*12358SAlexandr.Nedvedicky@Sun.COM	 * the L4 header start.
*12358SAlexandr.Nedvedicky@Sun.COM	 */
*12358SAlexandr.Nedvedicky@Sun.COM	switch (fin->fin_p) {
*12358SAlexandr.Nedvedicky@Sun.COM		case IPPROTO_UDP:
*12358SAlexandr.Nedvedicky@Sun.COM			udp = (udphdr_t *)(pkt->b_rptr + fin->fin_hlen);
*12358SAlexandr.Nedvedicky@Sun.COM			l4_csum_p = &udp->uh_sum;
*12358SAlexandr.Nedvedicky@Sun.COM			buf = udp;
*12358SAlexandr.Nedvedicky@Sun.COM			break;
*12358SAlexandr.Nedvedicky@Sun.COM		case IPPROTO_TCP:
*12358SAlexandr.Nedvedicky@Sun.COM			tcp = (tcphdr_t *)(pkt->b_rptr + fin->fin_hlen);
*12358SAlexandr.Nedvedicky@Sun.COM			l4_csum_p = &tcp->th_sum;
*12358SAlexandr.Nedvedicky@Sun.COM			buf = tcp;
*12358SAlexandr.Nedvedicky@Sun.COM			break;
*12358SAlexandr.Nedvedicky@Sun.COM		case IPPROTO_ICMP:
*12358SAlexandr.Nedvedicky@Sun.COM			icmp = (icmphdr_t *)(pkt->b_rptr + fin->fin_hlen);
*12358SAlexandr.Nedvedicky@Sun.COM			l4_csum_p = &icmp->icmp_cksum;
*12358SAlexandr.Nedvedicky@Sun.COM			buf = icmp;
*12358SAlexandr.Nedvedicky@Sun.COM			break;
*12358SAlexandr.Nedvedicky@Sun.COM#ifdef USE_INET6
*12358SAlexandr.Nedvedicky@Sun.COM		case IPPROTO_ICMPV6:
*12358SAlexandr.Nedvedicky@Sun.COM			icmp6 = (struct icmp6_hdr *)(pkt->b_rptr + fin->fin_hlen);
*12358SAlexandr.Nedvedicky@Sun.COM			l4_csum_p = &icmp6->icmp6_cksum;
*12358SAlexandr.Nedvedicky@Sun.COM			buf = icmp6;
*12358SAlexandr.Nedvedicky@Sun.COM			break;
*12358SAlexandr.Nedvedicky@Sun.COM#endif
*12358SAlexandr.Nedvedicky@Sun.COM		default:
*12358SAlexandr.Nedvedicky@Sun.COM			l4_csum_p = NULL;
*12358SAlexandr.Nedvedicky@Sun.COM	}
*12358SAlexandr.Nedvedicky@Sun.COM
*12358SAlexandr.Nedvedicky@Sun.COM	/*
*12358SAlexandr.Nedvedicky@Sun.COM	 * Compute L4 chksum if needed.
*12358SAlexandr.Nedvedicky@Sun.COM	 */
*12358SAlexandr.Nedvedicky@Sun.COM	if (l4_csum_p != NULL) {
*12358SAlexandr.Nedvedicky@Sun.COM		*l4_csum_p = (uint16_t)0;
*12358SAlexandr.Nedvedicky@Sun.COM		pld_len = fin->fin_dlen;
*12358SAlexandr.Nedvedicky@Sun.COM		len = pkt->b_wptr - (unsigned char *)buf;
*12358SAlexandr.Nedvedicky@Sun.COM		ASSERT(len == pld_len);
*12358SAlexandr.Nedvedicky@Sun.COM		/*
*12358SAlexandr.Nedvedicky@Sun.COM		 * Add payload sum to pseudoheader sum.
*12358SAlexandr.Nedvedicky@Sun.COM		 */
*12358SAlexandr.Nedvedicky@Sun.COM		sum += fr_buf_sum(buf, len);
*12358SAlexandr.Nedvedicky@Sun.COM		while (sum >> 16)
*12358SAlexandr.Nedvedicky@Sun.COM			sum = (sum & 0xFFFF) + (sum >> 16);
*12358SAlexandr.Nedvedicky@Sun.COM
*12358SAlexandr.Nedvedicky@Sun.COM		*l4_csum_p = ~((uint16_t)sum);
*12358SAlexandr.Nedvedicky@Sun.COM		DTRACE_PROBE1(l4_sum, uint16_t, *l4_csum_p);
*12358SAlexandr.Nedvedicky@Sun.COM	}
*12358SAlexandr.Nedvedicky@Sun.COM
*12358SAlexandr.Nedvedicky@Sun.COM	/*
*12358SAlexandr.Nedvedicky@Sun.COM	 * The IP header chksum is needed just for IPv4.
*12358SAlexandr.Nedvedicky@Sun.COM	 */
*12358SAlexandr.Nedvedicky@Sun.COM	if (fin->fin_v == 4) {
*12358SAlexandr.Nedvedicky@Sun.COM		/*
*12358SAlexandr.Nedvedicky@Sun.COM		 * Compute IPv4 header chksum.
*12358SAlexandr.Nedvedicky@Sun.COM		 */
*12358SAlexandr.Nedvedicky@Sun.COM		ip = (ip_t *)pkt->b_rptr;
*12358SAlexandr.Nedvedicky@Sun.COM		ip->ip_sum = (uint16_t)0;
*12358SAlexandr.Nedvedicky@Sun.COM		ip_sum = fr_buf_sum(ip, (unsigned int)fin->fin_hlen);
*12358SAlexandr.Nedvedicky@Sun.COM		while (ip_sum >> 16)
*12358SAlexandr.Nedvedicky@Sun.COM			ip_sum = (ip_sum & 0xFFFF) + (ip_sum >> 16);
*12358SAlexandr.Nedvedicky@Sun.COM
*12358SAlexandr.Nedvedicky@Sun.COM		ip->ip_sum = ~((uint16_t)ip_sum);
*12358SAlexandr.Nedvedicky@Sun.COM		DTRACE_PROBE1(l3_sum, uint16_t, ip->ip_sum);
*12358SAlexandr.Nedvedicky@Sun.COM	}
*12358SAlexandr.Nedvedicky@Sun.COM
*12358SAlexandr.Nedvedicky@Sun.COM	return;
*12358SAlexandr.Nedvedicky@Sun.COM}
*12358SAlexandr.Nedvedicky@Sun.COM
9695SAlexandr.Nedvedicky@Sun.COM#endif	/* _KERNEL && SOLARIS2 >= 10 */