Mercurial > illumos > illumos-gate

changeset 9743:792abd8168ea

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
PSARC/2009/304 IP PROMISC Flag 1163956 ifconfig does not report promiscuous state of underlying link
author Girish Moodalbail <Girish.Moodalbail@Sun.COM>
date Thu, 28 May 2009 11:49:43 -0400
parents d7e23dfb1af9
children 6853ac320613
files usr/src/uts/common/inet/ip.h usr/src/uts/common/inet/ip/ip.c usr/src/uts/common/inet/ip/ip6_if.c usr/src/uts/common/inet/ip/ip_if.c
diffstat 4 files changed, 23 insertions(+), 51 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/uts/common/inet/ip.h	Thu May 28 04:36:53 2009 -0700
+++ b/usr/src/uts/common/inet/ip.h	Thu May 28 11:49:43 2009 -0400
@@ -1980,14 +1980,13 @@
 		ill_logical_down : 1,
 		ill_is_6to4tun : 1,	/* Interface is a 6to4 tunnel */
 
-		ill_promisc_on_phys : 1, /* phys interface in promisc mode */
 		ill_dl_up : 1,
 		ill_up_ipifs : 1,
 		ill_note_link : 1,	/* supports link-up notification */
 		ill_capab_reneg : 1, /* capability renegotiation to be done */
 		ill_dld_capab_inprog : 1, /* direct dld capab call in prog */
 		ill_need_recover_multicast : 1,
-		ill_pad_to_bit_31 : 17;
+		ill_pad_to_bit_31 : 18;
 
 	/* Following bit fields protected by ill_lock */
 	uint_t
--- a/usr/src/uts/common/inet/ip/ip.c	Thu May 28 04:36:53 2009 -0700
+++ b/usr/src/uts/common/inet/ip/ip.c	Thu May 28 11:49:43 2009 -0400
@@ -16303,20 +16303,26 @@
 			}
 			break;
 		}
-		case DL_NOTE_PROMISC_ON_PHYS:
+		case DL_NOTE_PROMISC_ON_PHYS: {
+			phyint_t *phyint = ill->ill_phyint;
+
 			IPSECHW_DEBUG(IPSECHW_PKT, ("ip_rput_dlpi_writer: "
 			    "got a DL_NOTE_PROMISC_ON_PHYS\n"));
-			mutex_enter(&ill->ill_lock);
-			ill->ill_promisc_on_phys = B_TRUE;
-			mutex_exit(&ill->ill_lock);
-			break;
-		case DL_NOTE_PROMISC_OFF_PHYS:
+			mutex_enter(&phyint->phyint_lock);
+			phyint->phyint_flags |= PHYI_PROMISC;
+			mutex_exit(&phyint->phyint_lock);
+			break;
+		}
+		case DL_NOTE_PROMISC_OFF_PHYS: {
+			phyint_t *phyint = ill->ill_phyint;
+
 			IPSECHW_DEBUG(IPSECHW_PKT, ("ip_rput_dlpi_writer: "
 			    "got a DL_NOTE_PROMISC_OFF_PHYS\n"));
-			mutex_enter(&ill->ill_lock);
-			ill->ill_promisc_on_phys = B_FALSE;
-			mutex_exit(&ill->ill_lock);
-			break;
+			mutex_enter(&phyint->phyint_lock);
+			phyint->phyint_flags &= ~PHYI_PROMISC;
+			mutex_exit(&phyint->phyint_lock);
+			break;
+		}
 		case DL_NOTE_CAPAB_RENEG:
 			/*
 			 * Something changed on the driver side.
@@ -26418,6 +26424,7 @@
 	mblk_t *data_mp;
 	uint_t plen, overhead;
 	ip_stack_t	*ipst;
+	phyint_t	*phyint;
 
 	if ((sa->ipsa_flags & IPSA_F_HW) == 0)
 		return;
@@ -26425,6 +26432,8 @@
 	if (ill == NULL)
 		return;
 	ipst = ill->ill_ipst;
+	phyint = ill->ill_phyint;
+
 	/*
 	 * Destination address is a broadcast or multicast.  Punt.
 	 */
@@ -26468,7 +26477,7 @@
 	 * accelerate the packet since it will bounce back up to the
 	 * listeners in the clear.
 	 */
-	if (ill->ill_promisc_on_phys) {
+	if (phyint->phyint_flags & PHYI_PROMISC) {
 		IPSECHW_DEBUG(IPSECHW_PKT, ("ipsec_out_check_is_accelerated: "
 		    "ill in promiscous mode, don't accelerate packet\n"));
 		return;
--- a/usr/src/uts/common/inet/ip/ip6_if.c	Thu May 28 04:36:53 2009 -0700
+++ b/usr/src/uts/common/inet/ip/ip6_if.c	Thu May 28 11:49:43 2009 -0400
@@ -2851,6 +2851,7 @@
 	((dl_notify_req_t *)notify_mp->b_rptr)->dl_notifications =
 	    (DL_NOTE_PHYS_ADDR | DL_NOTE_SDU_SIZE | DL_NOTE_FASTPATH_FLUSH |
 	    DL_NOTE_LINK_UP | DL_NOTE_LINK_DOWN | DL_NOTE_CAPAB_RENEG |
+	    DL_NOTE_PROMISC_ON_PHYS | DL_NOTE_PROMISC_OFF_PHYS |
 	    DL_NOTE_REPLUMB);
 
 	phys_mp = ip_dlpi_alloc(sizeof (dl_phys_addr_req_t) +
--- a/usr/src/uts/common/inet/ip/ip_if.c	Thu May 28 04:36:53 2009 -0700
+++ b/usr/src/uts/common/inet/ip/ip_if.c	Thu May 28 11:49:43 2009 -0400
@@ -2070,37 +2070,10 @@
 }
 
 /*
- * Send a DL_NOTIFY_REQ to the specified ill to enable
- * DL_NOTE_PROMISC_ON/OFF_PHYS notifications.
- * Invoked by ill_capability_ipsec_ack() before enabling IPsec hardware
- * acceleration.
- * Returns B_TRUE on success, B_FALSE if the message could not be sent.
- */
-static boolean_t
-ill_enable_promisc_notify(ill_t *ill)
-{
-	mblk_t *mp;
-	dl_notify_req_t *req;
-
-	IPSECHW_DEBUG(IPSECHW_PKT, ("ill_enable_promisc_notify:\n"));
-
-	mp = ip_dlpi_alloc(sizeof (dl_notify_req_t), DL_NOTIFY_REQ);
-	if (mp == NULL)
-		return (B_FALSE);
-
-	req = (dl_notify_req_t *)mp->b_rptr;
-	req->dl_notifications = DL_NOTE_PROMISC_ON_PHYS |
-	    DL_NOTE_PROMISC_OFF_PHYS;
-
-	ill_dlpi_send(ill, mp);
-
-	return (B_TRUE);
-}
-
-/*
  * Allocate an IPsec capability request which will be filled by our
  * caller to turn on support for one or more algorithms.
  */
+/* ARGSUSED */
 static mblk_t *
 ill_alloc_ipsec_cap_req(ill_t *ill, dl_capability_sub_t *isub)
 {
@@ -2112,16 +2085,6 @@
 	icip = (dl_capab_ipsec_t *)(isub + 1);
 
 	/*
-	 * The first time around, we send a DL_NOTIFY_REQ to enable
-	 * PROMISC_ON/OFF notification from the provider. We need to
-	 * do this before enabling the algorithms to avoid leakage of
-	 * cleartext packets.
-	 */
-
-	if (!ill_enable_promisc_notify(ill))
-		return (NULL);
-
-	/*
 	 * Allocate new mblk which will contain a new capability
 	 * request to enable the capabilities.
 	 */