diff options
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/uts/common/inet/ip.h | 3 | ||||
| -rw-r--r-- | usr/src/uts/common/inet/ip/ip.c | 27 | ||||
| -rw-r--r-- | usr/src/uts/common/inet/ip/ip6_if.c | 1 | ||||
| -rw-r--r-- | usr/src/uts/common/inet/ip/ip_if.c | 39 |
4 files changed, 21 insertions, 49 deletions
diff --git a/usr/src/uts/common/inet/ip.h b/usr/src/uts/common/inet/ip.h index cd6abc69b2..02cf08b649 100644 --- a/usr/src/uts/common/inet/ip.h +++ b/usr/src/uts/common/inet/ip.h @@ -1980,14 +1980,13 @@ typedef struct ill_s { ill_logical_down : 1, ill_is_6to4tun : 1, /* Interface is a 6to4 tunnel */ - ill_promisc_on_phys : 1, /* phys interface in promisc mode */ ill_dl_up : 1, ill_up_ipifs : 1, ill_note_link : 1, /* supports link-up notification */ ill_capab_reneg : 1, /* capability renegotiation to be done */ ill_dld_capab_inprog : 1, /* direct dld capab call in prog */ ill_need_recover_multicast : 1, - ill_pad_to_bit_31 : 17; + ill_pad_to_bit_31 : 18; /* Following bit fields protected by ill_lock */ uint_t diff --git a/usr/src/uts/common/inet/ip/ip.c b/usr/src/uts/common/inet/ip/ip.c index c6f52e33d8..09f512a602 100644 --- a/usr/src/uts/common/inet/ip/ip.c +++ b/usr/src/uts/common/inet/ip/ip.c @@ -16303,20 +16303,26 @@ ip_rput_dlpi_writer(ipsq_t *ipsq, queue_t *q, mblk_t *mp, void *dummy_arg) } break; } - case DL_NOTE_PROMISC_ON_PHYS: + case DL_NOTE_PROMISC_ON_PHYS: { + phyint_t *phyint = ill->ill_phyint; + IPSECHW_DEBUG(IPSECHW_PKT, ("ip_rput_dlpi_writer: " "got a DL_NOTE_PROMISC_ON_PHYS\n")); - mutex_enter(&ill->ill_lock); - ill->ill_promisc_on_phys = B_TRUE; - mutex_exit(&ill->ill_lock); + mutex_enter(&phyint->phyint_lock); + phyint->phyint_flags |= PHYI_PROMISC; + mutex_exit(&phyint->phyint_lock); break; - case DL_NOTE_PROMISC_OFF_PHYS: + } + case DL_NOTE_PROMISC_OFF_PHYS: { + phyint_t *phyint = ill->ill_phyint; + IPSECHW_DEBUG(IPSECHW_PKT, ("ip_rput_dlpi_writer: " "got a DL_NOTE_PROMISC_OFF_PHYS\n")); - mutex_enter(&ill->ill_lock); - ill->ill_promisc_on_phys = B_FALSE; - mutex_exit(&ill->ill_lock); + mutex_enter(&phyint->phyint_lock); + phyint->phyint_flags &= ~PHYI_PROMISC; + mutex_exit(&phyint->phyint_lock); break; + } case DL_NOTE_CAPAB_RENEG: /* * Something changed on the driver side. @@ -26418,6 +26424,7 @@ ipsec_out_is_accelerated(mblk_t *ipsec_mp, ipsa_t *sa, ill_t *ill, ire_t *ire) mblk_t *data_mp; uint_t plen, overhead; ip_stack_t *ipst; + phyint_t *phyint; if ((sa->ipsa_flags & IPSA_F_HW) == 0) return; @@ -26425,6 +26432,8 @@ ipsec_out_is_accelerated(mblk_t *ipsec_mp, ipsa_t *sa, ill_t *ill, ire_t *ire) if (ill == NULL) return; ipst = ill->ill_ipst; + phyint = ill->ill_phyint; + /* * Destination address is a broadcast or multicast. Punt. */ @@ -26468,7 +26477,7 @@ ipsec_out_is_accelerated(mblk_t *ipsec_mp, ipsa_t *sa, ill_t *ill, ire_t *ire) * accelerate the packet since it will bounce back up to the * listeners in the clear. */ - if (ill->ill_promisc_on_phys) { + if (phyint->phyint_flags & PHYI_PROMISC) { IPSECHW_DEBUG(IPSECHW_PKT, ("ipsec_out_check_is_accelerated: " "ill in promiscous mode, don't accelerate packet\n")); return; diff --git a/usr/src/uts/common/inet/ip/ip6_if.c b/usr/src/uts/common/inet/ip/ip6_if.c index e43ec55519..5c305de999 100644 --- a/usr/src/uts/common/inet/ip/ip6_if.c +++ b/usr/src/uts/common/inet/ip/ip6_if.c @@ -2851,6 +2851,7 @@ ill_dl_phys(ill_t *ill, ipif_t *ipif, mblk_t *mp, queue_t *q) ((dl_notify_req_t *)notify_mp->b_rptr)->dl_notifications = (DL_NOTE_PHYS_ADDR | DL_NOTE_SDU_SIZE | DL_NOTE_FASTPATH_FLUSH | DL_NOTE_LINK_UP | DL_NOTE_LINK_DOWN | DL_NOTE_CAPAB_RENEG | + DL_NOTE_PROMISC_ON_PHYS | DL_NOTE_PROMISC_OFF_PHYS | DL_NOTE_REPLUMB); phys_mp = ip_dlpi_alloc(sizeof (dl_phys_addr_req_t) + diff --git a/usr/src/uts/common/inet/ip/ip_if.c b/usr/src/uts/common/inet/ip/ip_if.c index 3f4adec52d..149f97e1d5 100644 --- a/usr/src/uts/common/inet/ip/ip_if.c +++ b/usr/src/uts/common/inet/ip/ip_if.c @@ -2070,37 +2070,10 @@ ill_capability_dld_reset_fill(ill_t *ill, mblk_t *mp) } /* - * Send a DL_NOTIFY_REQ to the specified ill to enable - * DL_NOTE_PROMISC_ON/OFF_PHYS notifications. - * Invoked by ill_capability_ipsec_ack() before enabling IPsec hardware - * acceleration. - * Returns B_TRUE on success, B_FALSE if the message could not be sent. - */ -static boolean_t -ill_enable_promisc_notify(ill_t *ill) -{ - mblk_t *mp; - dl_notify_req_t *req; - - IPSECHW_DEBUG(IPSECHW_PKT, ("ill_enable_promisc_notify:\n")); - - mp = ip_dlpi_alloc(sizeof (dl_notify_req_t), DL_NOTIFY_REQ); - if (mp == NULL) - return (B_FALSE); - - req = (dl_notify_req_t *)mp->b_rptr; - req->dl_notifications = DL_NOTE_PROMISC_ON_PHYS | - DL_NOTE_PROMISC_OFF_PHYS; - - ill_dlpi_send(ill, mp); - - return (B_TRUE); -} - -/* * Allocate an IPsec capability request which will be filled by our * caller to turn on support for one or more algorithms. */ +/* ARGSUSED */ static mblk_t * ill_alloc_ipsec_cap_req(ill_t *ill, dl_capability_sub_t *isub) { @@ -2112,16 +2085,6 @@ ill_alloc_ipsec_cap_req(ill_t *ill, dl_capability_sub_t *isub) icip = (dl_capab_ipsec_t *)(isub + 1); /* - * The first time around, we send a DL_NOTIFY_REQ to enable - * PROMISC_ON/OFF notification from the provider. We need to - * do this before enabling the algorithms to avoid leakage of - * cleartext packets. - */ - - if (!ill_enable_promisc_notify(ill)) - return (NULL); - - /* * Allocate new mblk which will contain a new capability * request to enable the capabilities. */ |