| blob | 481bc621d4d662fd79d093de5ab267b92bdc0bc0 |
1 /*
2 * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
3 * Copyright 2012, Daniil Lunev. All rights reserved.
4 * Copyright 2014, OmniTI Computer Consulting, Inc. All rights reserved.
5 */
6 /*
7 * Copyright (c) 1983 Regents of the University of California.
8 * All rights reserved. The Berkeley software License Agreement
9 * specifies the terms and conditions for redistribution.
10 */
15 #include <compat.h>
16 #include <libdlpi.h>
17 #include <libdllink.h>
18 #include <libdliptun.h>
19 #include <libdllink.h>
20 #include <inet/ip.h>
21 #include <inet/ipsec_impl.h>
22 #include <libipadm.h>
23 #include <ifaddrs.h>
24 #include <libsocket_priv.h>
29 #define LIFC_DEFAULT (LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES |\
30 LIFC_UNDER_IPMP)
80 };
85 uint_t ia_tries;
92 };
95 boolean_t dlh_opened;
97 /* current interface name a particular function is accessing */
99 /* foreach interface saved name */
108 /*
109 * Make sure the algorithm variables hold more than the sizeof an algorithm
110 * in PF_KEY. (For now, more than a uint8_t.) The NO_***_?ALG indicates that
111 * there was no algorithm requested, and in the ipsec_req that service should
112 * be disabled. (E.g. if ah_aalg remains NO_AH_AALG, then AH will be
113 * disabled on that tunnel.)
114 */
115 #define NO_AH_AALG 256
116 #define NO_ESP_AALG 256
117 #define NO_ESP_EALG 256
126 /*
127 * Function prototypes for command functions.
128 */
171 /*
172 * Address family specific function prototypes.
173 */
181 /*
182 * Misc support functions
183 */
191 boolean_t addr_set);
212 datalink_id_t *);
217 #define max(a, b) ((a) < (b) ? (b) : (a))
219 /*
220 * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there
221 * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep
222 * on going rather than exit with an error.
223 */
225 #define DHCP_EXIT_IF_FAILURE -1
229 #define AF_ANY (-1)
231 /* Refer to the comments in ifconfig() on the netmask "hack" */
242 /* for the current interface */
309 /*
310 * NOTE: any additions to this table must also be applied to ifparse
311 * (usr/src/cmd/cmd-inet/sbin/ifparse/ifparse.c)
312 */
317 };
326 /*
327 * NOTE: print_config_flags() processes this table in order, so we put "up"
328 * last so that we can be sure "-failover" will take effect first. Otherwise,
329 * IPMP test addresses will erroneously migrate to the IPMP interface.
330 */
346 };
356 /* End defines and structure definitions for ifconfig -a plumb */
358 /* Known address families */
369 };
371 #define SOCKET_AF(af) (((af) == AF_UNSPEC) ? AF_INET : (af))
375 int
377 {
380 ipadm_status_t istatus;
392 }
394 }
405 }
415 }
416 }
420 }
421 }
428 /*
429 * Open the global libipadm handle. The flag IPH_LEGACY has to
430 * be specified to indicate that logical interface names will
431 * be used during interface creation and address creation.
432 */
436 /*
437 * Special interface names is any combination of these flags.
438 * Note that due to the ifconfig syntax they have to be combined
439 * as a single '-' option.
440 * -a All interfaces
441 * -u "up" interfaces
442 * -d "down" interfaces
443 * -D Interfaces not controlled by DHCP
444 * -4 IPv4 interfaces
445 * -6 IPv6 interfaces
446 * -X Turn on debug (not documented)
447 * -v Turn on verbose
448 * -Z Only interfaces in caller's zone
449 */
452 /* One or more options */
479 /*
480 * -4 is not a compatable flag, therefore
481 * we assume they want v4compat turned off
482 */
487 /*
488 * If they want IPv6, well then we'll assume
489 * they don't want IPv4 compat
490 */
501 }
502 }
507 }
509 lifc_flags);
512 }
515 }
517 /*
518 * For each interface, call ifconfig(argc, argv, af, ifa).
519 * Only call function if onflags and offflags are set or clear, respectively,
520 * in the interfaces flags field.
521 */
522 static void
525 {
528 ipadm_status_t istatus;
530 /*
531 * Special case:
532 * ifconfig -a plumb should find all network interfaces in the current
533 * zone.
534 */
538 }
539 /* Get all addresses in kernel including addresses that are zero. */
541 lifc_flags);
545 /*
546 * For each logical interface, call ifconfig() with the
547 * given arguments.
548 */
558 }
563 }
565 }
567 /*
568 * Used for `ifconfig -a plumb'. Finds all datalinks and plumbs the interface.
569 */
570 static void
573 {
583 }
591 /*
592 * Reset global state
593 * setaddr: Used by parser to tear apart source and dest
594 * name and origname contain the name of the 'current'
595 * interface.
596 */
601 }
602 }
604 /*
605 * Parses the interface name and the command in argv[]. Calls the
606 * appropriate callback function for the given command from `cmds[]'
607 * table.
608 * If there is no command specified, it prints all addresses.
609 */
610 static void
612 {
615 ipadm_status_t istatus;
621 }
624 /*
625 * Some errors are ignored in the case where more than one
626 * interface is being operated on.
627 */
634 }
636 }
638 /*
639 * The following is a "hack" to get around the existing interface
640 * setting mechanism. Currently, each interface attribute,
641 * such as address, netmask, broadcast, ... is set separately. But
642 * sometimes two or more attributes must be set together. For
643 * example, setting an address without a netmask does not make sense.
644 * Yet they can be set separately for IPv4 address using the current
645 * ifconfig(1M) syntax. The kernel then "infers" the correct netmask
646 * using the deprecated "IP address classes." This is simply not
647 * correct.
648 *
649 * The "hack" below is to go thru the whole command list looking for
650 * the netmask command first. Then use this netmask to set the
651 * address. This does not provide an extensible way to accommodate
652 * future need for setting more than one attributes together.
653 *
654 * Note that if the "netmask" command argument is a "+", we need
655 * to save this info and do the query after we know the address to
656 * be set. The reason is that if "addif" is used, the working
657 * interface name will be changed later when the logical interface
658 * is created. In in_getmask(), if an address is not provided,
659 * it will use the working interface's address to do the query.
660 * It will be wrong now as we don't know the logical interface's name.
661 *
662 * ifconfig(1M) is too overloaded and the code is so convoluted
663 * that it is "safer" not to re-architect the code to fix the above
664 * issue, hence this "hack." We may be better off to have a new
665 * command with better syntax for configuring network interface
666 * parameters...
667 */
672 /* Only go thru the command list once to find the netmask. */
675 /*
676 * Currently, if multiple netmask commands are specified, the
677 * last one will be used as the final netmask. So we need
678 * to scan the whole list to preserve this behavior.
679 */
684 largv++;
691 }
692 /* Continue the scan. */
693 }
694 }
695 }
699 boolean_t found_cmd;
708 /*
709 * indicate that the command was
710 * found and check to see if
711 * the address family is valid
712 */
717 }
722 }
723 }
724 /*
725 * If we found the keyword, but the address family
726 * did not match spit out an error
727 */
732 }
733 /*
734 * else (no keyword found), we assume it's an address
735 * of some sort
736 */
738 /*
739 * We must have already filled in a source address in
740 * `ipaddr' and we now got a destination address.
741 * Fill it in `ipaddr' and call libipadm to create
742 * the static address.
743 */
750 }
751 /*
752 * finished processing dstaddr, so reset setaddr
753 */
755 }
756 /*
757 * Both source and destination address are in `ipaddr'.
758 * Add the address by calling libipadm.
759 */
761 IPADM_OPT_ACTIVE);
768 /* move parser along */
771 }
772 }
774 /*
775 * catch odd commands like
776 * "ifconfig <intf> addr1 addr2 addr3 addr4 up"
777 */
779 "ifconfig: cannot configure more than two "
782 }
786 }
795 }
796 }
797 /*
798 * Call the function if:
799 *
800 * there's no address family
801 * restriction
802 * OR
803 * we don't know the address yet
804 * (because we were called from
805 * main)
806 * OR
807 * there is a restriction AND
808 * the address families match
809 */
814 /*
815 * If c_func failed and we should
816 * abort processing for this
817 * interface on failure, return
818 * now rather than going on to
819 * process other commands for
820 * the same interface.
821 */
824 }
825 }
827 }
830 /*
831 * Only the source address was provided, which was already
832 * set in `ipaddr'. Add the address by calling libipadm.
833 */
840 }
842 /* Check to see if there's a security hole in the tunnel setup. */
846 }
849 createfailed:
852 /* Remove the newly created logical interface. */
857 }
859 }
861 /* ARGSUSED */
862 static int
864 {
865 debug++;
867 }
869 /* ARGSUSED */
870 static int
872 {
873 verbose++;
875 }
877 /*
878 * This function fills in the given lifreq's lifr_addr field based on
879 * g_netmask_set.
880 */
881 static void
884 {
894 /*
895 * "+" is used as the argument to "netmask" command. Query
896 * the database on the correct netmask based on the address to
897 * be set.
898 */
907 }
914 }
915 }
917 /*
918 * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n>
919 * syntax for setting the address, the address plus netmask, and just
920 * the netmask respectively.
921 */
922 /* ARGSUSED */
923 static int
925 {
926 ipadm_status_t istatus;
945 /* Nothing there - ok */
949 addr);
958 prefixlen);
960 }
967 prefixlen);
969 }
970 }
971 /*
972 * Just in case of funny setting of both prefix and netmask,
973 * prefix should override the netmask command.
974 */
977 }
979 /*
980 * Check and see if any "netmask" command is used and perform the
981 * necessary operation.
982 */
985 /* This check is temporary until libipadm supports IPMP interfaces. */
997 }
1003 /*
1004 * lifr.lifr_addr, which is updated by set_mask_lifreq()
1005 * will contain the right mask to use.
1006 */
1014 /*
1015 * let parser know we got a source.
1016 * Next address, if given, should be dest
1017 */
1018 setaddr++;
1020 /*
1021 * address will be set by the parser after nextarg has
1022 * been scanned
1023 */
1025 }
1027 /* Tell parser that an address was set */
1028 setaddr++;
1029 /* save copy of netmask to restore in case of error */
1035 /*
1036 * If setting the address and not the mask, clear any existing mask
1037 * and the kernel will then assign the default (netmask has been set
1038 * to 0 in this case). If setting both (either by using a prefix or
1039 * using the netmask command), set the mask first, so the address will
1040 * be interpreted correctly.
1041 */
1043 /* lifr.lifr_addr already contains netmask from set_mask_lifreq() */
1056 }
1060 /*
1061 * Restore the netmask
1062 */
1070 }
1073 }
1075 /*
1076 * The following functions are stolen from the ipseckey(1m) program.
1077 * Perhaps they should be somewhere common, but for now, we just maintain
1078 * two versions. We do this because of the different semantics for which
1079 * algorithms we select ("requested" for ifconfig vs. "actual" for key).
1080 */
1082 static ulong_t
1084 {
1085 ulong_t rc;
1092 }
1095 }
1097 /*
1098 * Parse and reverse parse possible algorithm values, include numbers.
1099 * Mostly stolen from ipseckey.c. See the comments above parsenum() for why
1100 * this isn't common to ipseckey.c.
1101 *
1102 * NOTE: Static buffer in this function for the return value. Since ifconfig
1103 * isn't multithreaded, this isn't a huge problem.
1104 */
1110 {
1114 /*
1115 * Special cases for "any" and "none"
1116 * The kernel needs to be able to distinguish between "any"
1117 * and "none" and the APIs are underdefined in this area for auth.
1118 */
1124 }
1132 }
1135 }
1137 static uint_t
1139 {
1141 ulong_t invalue;
1147 }
1149 /*
1150 * Special-case "none" and "any".
1151 * Use strcasecmp because its length is bounded.
1152 */
1156 }
1165 }
1167 /*
1168 * Since algorithms can be loaded during kernel run-time, check for
1169 * numeric algorithm values too.
1170 */
1179 /* NOTREACHED */
1180 }
1182 /*
1183 * Actual ifconfig functions to set tunnel security properties.
1184 */
1188 static int
1190 {
1192 iptun_params_t params;
1193 dladm_status_t status;
1206 /*
1207 * If I'm just starting off this ifconfig, I want a clean slate,
1208 * otherwise, I've captured the current tunnel security settings.
1209 * In the case of continuation, I merely add to the settings.
1210 */
1214 /* We're only modifying the IPsec information */
1224 /* Let the user specify NULL encryption implicitly. */
1228 }
1234 }
1248 /* Let the user specify NULL encryption implicitly. */
1252 }
1262 }
1264 /* Will never hit DEFAULT */
1265 }
1269 done:
1279 }
1281 }
1283 /* ARGSUSED */
1284 static int
1286 {
1289 }
1291 /* ARGSUSED */
1292 static int
1294 {
1297 }
1299 /* ARGSUSED */
1300 static int
1302 {
1305 }
1307 /* ARGSUSED */
1308 static int
1310 {
1316 name);
1318 }
1325 }
1327 }
1329 /* ARGSUSED */
1330 static int
1332 {
1343 /* NOTREACHED */
1350 }
1359 }
1361 /* ARGSUSED */
1362 static int
1364 {
1376 }
1382 }
1384 /*
1385 * Parse '/<n>' as a netmask.
1386 */
1387 /* ARGSUSED */
1388 static int
1390 {
1400 }
1411 prefixlen);
1413 }
1422 prefixlen);
1424 }
1429 }
1434 }
1436 /* ARGSUSED */
1437 static int
1439 {
1445 /*
1446 * This doesn't set the broadcast address at all. Rather, it
1447 * gets, then sets the interface's address, relying on the fact
1448 * that resetting the address will reset the broadcast address.
1449 */
1456 }
1461 }
1469 }
1471 /*
1472 * set interface destination address
1473 */
1474 /* ARGSUSED */
1475 static int
1477 {
1483 }
1485 /* ARGSUSED */
1486 static int
1488 {
1500 /*
1501 * The kernel does not allow administratively up test
1502 * addresses to be converted to data addresses. Bring
1503 * the address down first, then bring it up after it's
1504 * been converted to a data address.
1505 */
1509 }
1514 /*
1515 * If the user is trying to mark an interface with a
1516 * duplicate address as "down," or convert a duplicate
1517 * test address to a data address, then fetch the
1518 * address and set it. This will cause IP to clear
1519 * the IFF_DUPLICATE flag and stop the automatic
1520 * recovery timer.
1521 */
1526 }
1529 }
1531 /*
1532 * If we're about to bring up an underlying physical IPv6 interface in
1533 * an IPMP group, ensure the IPv6 IPMP interface is also up. This is
1534 * for backward compatibility with legacy configurations in which
1535 * there are no explicit hostname files for IPMP interfaces. (For
1536 * IPv4, this is automatically handled by the kernel when migrating
1537 * the underlying interface's data address to the IPMP interface.)
1538 */
1545 lifgroupinfo_t lifgr;
1548 LIFGRNAMSIZ);
1559 }
1560 }
1570 }
1573 }
1575 /* ARGSUSED */
1576 static int
1578 {
1584 }
1586 /* ARGSUSED */
1587 static int
1589 {
1595 }
1597 /* ARGSUSED */
1598 static int
1600 {
1606 }
1608 /* ARGSUSED */
1609 static void
1611 {
1612 }
1614 /* ARGSUSED */
1615 static int
1617 {
1622 dlpi_handle_t dh;
1623 dlpi_notifyid_t id;
1629 }
1631 /*
1632 * if the IP interface in the arguments is a logical
1633 * interface, exit with an error now.
1634 */
1639 }
1645 else
1648 }
1657 /*
1658 * This link does not support DL_NOTE_PHYS_ADDR: bring down
1659 * all of the addresses to flush the old hardware address
1660 * information out of IP.
1661 *
1662 * NOTE: Skipping this when DL_NOTE_PHYS_ADDR is supported is
1663 * more than an optimization: in.mpathd will set IFF_OFFLINE
1664 * if it's notified and the new address is a duplicate of
1665 * another in the group -- but the flags manipulation in
1666 * ifaddr_{down,up}() cannot be atomic and thus might clobber
1667 * IFF_OFFLINE, confusing in.mpathd.
1668 */
1677 }
1678 }
1679 }
1681 /*
1682 * Change the hardware address.
1683 */
1688 }
1691 /*
1692 * If any addresses were brought down before changing the hardware
1693 * address, bring them up again.
1694 */
1698 }
1702 }
1704 /*
1705 * Print an interface's Ethernet address, if it has one.
1706 */
1707 static void
1709 {
1716 /*
1717 * It's possible the interface is only configured for
1718 * IPv6; check again with AF_INET6.
1719 */
1725 }
1726 }
1729 /* VNI and IPMP interfaces don't have MAC addresses */
1733 /* IP tunnels also don't have Ethernet-like MAC addresses */
1735 DLADM_STATUS_OK)
1739 }
1741 /*
1742 * static int find_all_interfaces(struct lifconf *lifcp, char **buf,
1743 * int64_t lifc_flags)
1744 *
1745 * It finds all active data links.
1746 *
1747 * It takes in input a pointer to struct lifconf to receive interfaces
1748 * informations, a **char to hold allocated buffer, and a lifc_flags.
1749 *
1750 * Return values:
1751 * 0 = everything OK
1752 * -1 = problem
1753 */
1754 static int
1756 {
1761 dladm_status_t status;
1767 }
1771 /* Now, translate the linked list into a struct lifreq buffer */
1778 }
1795 }
1797 }
1799 /*
1800 * Create the next unused logical interface using the original name
1801 * and assign the address (and mask if '/<n>' is part of the address).
1802 * Use the new logical interface for subsequent subcommands by updating
1803 * the name variable.
1804 *
1805 * This allows syntax like:
1806 * ifconfig le0 addif 109.106.86.130 netmask + up \
1807 * addif 109.106.86.131 netmask + up
1808 */
1809 /* ARGSUSED */
1810 static int
1812 {
1818 ipadm_status_t istatus;
1827 name);
1829 }
1831 /*
1832 * clear so parser will interpret next address as source followed
1833 * by possible dest
1834 */
1843 /* Nothing there - ok */
1858 prefixlen);
1860 }
1867 prefixlen);
1869 }
1870 }
1873 }
1875 /*
1876 * This is a "hack" to get around the problem of SIOCLIFADDIF. The
1877 * problem is that this ioctl does not include the netmask when
1878 * adding a logical interface. This is the same problem described
1879 * in the ifconfig() comments. To get around this problem, we first
1880 * add the logical interface with a 0 address. After that, we set
1881 * the netmask if provided. Finally we set the interface address.
1882 */
1886 /* Note: no need to do DAD here since the interface isn't up yet. */
1895 /*
1896 * Check and see if any "netmask" command is used and perform the
1897 * necessary operation.
1898 */
1901 /* This check is temporary until libipadm supports IPMP interfaces. */
1903 /*
1904 * We added the logical interface above before calling
1905 * ipadm_create_addr(), because, with IPH_LEGACY, we need
1906 * to do an addif for `ifconfig ce0 addif <addr>' but not for
1907 * `ifconfig ce0 <addr>'. libipadm does not have a flag to
1908 * to differentiate between these two cases. To keep it simple,
1909 * we always create the logical interface and pass it to
1910 * libipadm instead of requiring libipadm to addif for some
1911 * cases and not do addif for other cases.
1912 */
1926 }
1927 /*
1928 * lifr.lifr_addr, which is updated by set_mask_lifreq()
1929 * will contain the right mask to use.
1930 */
1940 setaddr++;
1941 /*
1942 * address will be set by the parser after nextarg
1943 * has been scanned
1944 */
1946 }
1948 /*
1949 * Only set the netmask if "netmask" command is used or a prefix is
1950 * provided.
1951 */
1953 /*
1954 * lifr.lifr_addr already contains netmask from
1955 * set_mask_lifreq().
1956 */
1959 }
1961 /* Finally, we set the interface address. */
1966 /*
1967 * let parser know we got a source.
1968 * Next address, if given, should be dest
1969 */
1970 setaddr++;
1972 }
1974 /*
1975 * Remove a logical interface based on its IP address. Unlike addif
1976 * there is no '/<n>' here.
1977 * Verifies that the interface is down before it is removed.
1978 */
1979 /* ARGSUSED */
1980 static int
1982 {
1984 ipadm_status_t istatus;
1990 name);
1992 }
1996 /*
1997 * Following check is temporary until libipadm supports
1998 * IPMP interfaces.
1999 */
2003 /*
2004 * Get all addresses and search this address among the active
2005 * addresses. If an address object was found, delete using
2006 * ipadm_delete_addr().
2007 */
2021 name);
2023 }
2026 IPADM_OPT_ACTIVE);
2030 }
2033 }
2034 }
2038 /*
2039 * An address object for this address was not found in ipadm.
2040 * Delete with SIOCLIFREMOVEIF.
2041 */
2046 /* This can only happen if ipif_id = 0 */
2049 name);
2051 }
2053 }
2055 }
2057 /*
2058 * Set the address token for IPv6.
2059 */
2060 /* ARGSUSED */
2061 static int
2063 {
2073 /* NOTREACHED */
2080 }
2086 }
2088 }
2090 /* ARGSUSED */
2091 static int
2093 {
2094 lifgroupinfo_t lifgr;
2103 }
2111 /*
2112 * The group doesn't yet exist; create it and repeat.
2113 */
2121 }
2125 /*
2126 * The interface is already in another group; must
2127 * remove existing membership first.
2128 */
2134 }
2136 LIFGRNAMSIZ);
2140 /*
2141 * The group exists, but it's not configured with the
2142 * address families the interface needs. Since only
2143 * two address families are currently supported, just
2144 * configure the "other" address family. Note that we
2145 * may race with group deletion or creation by another
2146 * process (ENOENT or EEXIST); in such cases we repeat
2147 * our original SIOCSLIFGROUPNAME.
2148 */
2156 }
2166 }
2170 /*
2171 * Some addresses are in-use (or under control of DAD).
2172 * Bring them down and retry the group join operation.
2173 * We will bring them back up after the interface has
2174 * been placed in the group.
2175 */
2180 }
2187 }
2191 }
2196 /*
2197 * Some data addresses are under application control.
2198 * For some of these (e.g., ADDRCONF), the application
2199 * should remove the address, in which case we retry a
2200 * few times (since the application's action is not
2201 * atomic with respect to us) before bailing out and
2202 * informing the user.
2203 */
2209 again:
2213 "cannot get data addresses managed "
2217 }
2228 }
2231 "IPMP group: %s has data addresses managed "
2233 nappaddr++;
2234 }
2238 }
2242 }
2243 }
2245 /*
2246 * If the interface being moved is under the control of `ipmgmtd(1M)'
2247 * dameon then we should inform the daemon about this move, so that
2248 * the daemon can delete the state associated with this interface.
2249 *
2250 * This workaround is needed until the IPMP support in ipadm(1M).
2251 */
2254 /*
2255 * If there were addresses that we had to bring down, it's time to
2256 * bring them up again. As part of bringing them up, the kernel will
2257 * automatically move them to the new IPMP interface.
2258 */
2263 }
2264 }
2267 fail:
2268 /*
2269 * Attempt to bring back up any interfaces that we downed.
2270 */
2275 }
2276 }
2280 /*
2281 * We'd return -1, but foreachinterface() doesn't propagate the error
2282 * into the exit status, so we're forced to explicitly exit().
2283 */
2285 /* NOTREACHED */
2286 }
2288 static boolean_t
2290 {
2296 }
2302 }
2307 }
2309 }
2311 /*
2312 * To list all the modules above a given network interface.
2313 */
2314 /* ARGSUSED */
2315 static int
2317 {
2327 /*
2328 * We'd return -1, but foreachinterface() doesn't propagate the error
2329 * into the exit status, so we're forced to explicitly exit().
2330 */
2337 }
2344 }
2348 num_mods);
2358 }
2359 }
2361 }
2362 }
2364 orig_arpid));
2365 }
2370 /*
2371 * To insert a module to the stream of the interface. It is just a
2372 * wrapper. The real function is modop().
2373 */
2374 /* ARGSUSED */
2375 static int
2377 {
2379 }
2381 /*
2382 * To remove a module from the stream of the interface. It is just a
2383 * wrapper. The real function is modop().
2384 */
2385 /* ARGSUSED */
2386 static int
2388 {
2390 }
2392 /*
2393 * Helper function for mod*() functions. It gets a fd to the lower IP
2394 * stream and I_PUNLINK's the lower stream. It also initializes the
2395 * global variable lifr.
2396 *
2397 * Param:
2398 * int *muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2399 * int *muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2400 * int *ipfd_lowstr: fd to the lower IP stream.
2401 * int *arpfd_lowstr: fd to the lower ARP stream.
2402 *
2403 * Return:
2404 * -1 if operation fails, 0 otherwise.
2405 *
2406 * Please see the big block comment above ifplumb() for the logic of the
2407 * PLINK/PUNLINK
2408 */
2409 static int
2412 {
2420 }
2428 }
2433 }
2437 }
2441 }
2443 /*
2444 * Use /dev/udp{,6} as the mux to avoid linkcycles.
2445 */
2454 /*
2455 * Some plumbing utilities set the muxid to
2456 * -1 or some invalid value to signify that
2457 * there is no arp stream. Set the muxid to 0
2458 * before trying to unplumb the IP stream.
2459 * IP does not allow the IP stream to be
2460 * unplumbed if it sees a non-null arp muxid,
2461 * for consistency of IP-ARP streams.
2462 */
2471 }
2476 }
2479 }
2484 /* Undo any changes we made */
2488 }
2490 }
2493 /* Undo any changes we made */
2497 }
2499 }
2501 }
2503 /*
2504 * Helper function for mod*() functions. It I_PLINK's back the upper and
2505 * lower IP streams. Note that this function must be called after
2506 * ip_domux2fd(). In ip_domux2fd(), the global variable lifr is initialized
2507 * and ip_plink() needs information in lifr. So ip_domux2fd() and ip_plink()
2508 * must be called in pairs.
2509 *
2510 * Param:
2511 * int muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2512 * int muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2513 * int ipfd_lowstr: fd to the lower IP stream.
2514 * int arpfd_lowstr: fd to the lower ARP stream.
2515 *
2516 * Return:
2517 * -1 if operation fails, 0 otherwise.
2518 *
2519 * Please see the big block comment above ifplumb() for the logic of the
2520 * PLINK/PUNLINK
2521 */
2522 static int
2525 {
2532 }
2534 /*
2535 * If there is an arp stream, plink it. If there is no
2536 * arp stream, then it is possible that the plumbing
2537 * utility could have stored any value in the arp_muxid.
2538 * If so, restore it from orig_arpid.
2539 */
2544 }
2546 /* Undo the changes we did in ip_domux2fd */
2550 }
2555 }
2557 /*
2558 * The real function to perform module insertion/removal.
2559 *
2560 * Param:
2561 * char *arg: the argument string module_name@position
2562 * char op: operation, either MODINSERT_OP or MODREMOVE_OP.
2563 *
2564 * Return:
2565 * Before doing ip_domux2fd(), this function calls exit(1) in case of
2566 * error. After ip_domux2fd() is done, it returns -1 for error, 0
2567 * otherwise.
2568 */
2569 static int
2571 {
2582 /*
2583 * We'd return -1, but foreachinterface() doesn't propagate the error
2584 * into the exit status, so we're forced to explicitly exit().
2585 */
2589 /* Need to save the original string for -a option. */
2593 }
2600 }
2606 }
2608 /*
2609 * Need to make sure that the core TCP/IP stack modules are not
2610 * removed. Otherwise, "bad" things can happen. If a module
2611 * is removed and inserted back, it loses its old state. But
2612 * the modules above it still have the old state. E.g. IP assumes
2613 * fast data path while tunnel after re-inserted assumes that it can
2614 * receive M_DATA only in fast data path for which it does not have
2615 * any state. This is a general caveat of _I_REMOVE/_I_INSERT.
2616 */
2623 }
2628 }
2635 }
2641 }
2644 }
2650 }
2653 }
2656 /* Should never get to here. */
2659 }
2662 orig_arpid));
2663 }
2665 static int
2667 {
2668 dladm_status_t status;
2676 }
2678 /*
2679 * Set tunnel source address
2680 */
2681 /* ARGSUSED */
2682 static int
2684 {
2685 iptun_params_t params;
2691 }
2693 /*
2694 * Set tunnel destination address
2695 */
2696 /* ARGSUSED */
2697 static int
2699 {
2700 iptun_params_t params;
2706 }
2708 static int
2710 {
2711 dladm_status_t status;
2712 datalink_id_t linkid;
2717 DLADM_OPT_ACTIVE);
2718 }
2722 }
2724 /* Set tunnel encapsulation limit. */
2725 /* ARGSUSED */
2726 static int
2728 {
2730 }
2732 /* Disable encapsulation limit. */
2733 /* ARGSUSED */
2734 static int
2736 {
2738 }
2740 /* Set tunnel hop limit. */
2741 /* ARGSUSED */
2742 static int
2744 {
2746 }
2748 /* Set zone ID */
2749 static int
2751 {
2755 /* zone must be active */
2760 }
2761 }
2767 }
2769 /* Put interface into all zones */
2770 /* ARGSUSED */
2771 static int
2773 {
2779 }
2781 /* Set source address to use */
2782 /* ARGSUSED */
2783 static int
2785 {
2791 /*
2792 * Argument can be either an interface name or "none". The latter means
2793 * that any previous selection is cleared.
2794 */
2800 }
2807 }
2813 }
2822 else
2824 }
2827 }
2829 /*
2830 * Print the interface status line associated with `ifname'
2831 */
2832 static void
2834 {
2845 }
2848 /*
2849 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or
2850 * interfaces with IFF_IPV6 set.
2851 */
2856 }
2867 }
2871 /* don't print index or zone when in compatibility mode */
2875 /*
2876 * Stack instances use GLOBAL_ZONEID for IP data structures
2877 * even in the non-global zone.
2878 */
2891 }
2892 }
2893 }
2898 /*
2899 * Find the number of interfaces that use this interfaces'
2900 * address as a source address
2901 */
2905 /* The first pass will give the bufsize we need */
2911 }
2914 }
2917 /* Use kernel's size + a small margin to avoid loops */
2920 /* For the first pass, realloc acts like malloc */
2926 }
2929 }
2931 }
2940 }
2941 }
2945 }
2947 /* Find the interface whose source address this interface uses */
2956 }
2957 }
2958 }
2961 }
2963 /*
2964 * Print the status of the interface. If an address family was
2965 * specified, show it and it only; otherwise, show them all.
2966 */
2967 static void
2969 {
2972 datalink_id_t linkid;
2977 }
2981 /*
2982 * Only print the interface status if the address family matches
2983 * the interface family flag.
2984 */
2989 }
2991 /*
2992 * In V4 compatibility mode, don't print IFF_IPV6 interfaces.
2993 */
3000 DLADM_STATUS_OK)
3007 /* set global af for use in p->af_status */
3010 }
3012 /*
3013 * Historically, 'ether' has been an address family,
3014 * so print it here.
3015 */
3017 }
3018 }
3020 /*
3021 * Print the status of the interface in a format that can be used to
3022 * reconfigure the interface later. Code stolen from status() above.
3023 */
3024 /* ARGSUSED */
3025 static int
3027 {
3038 }
3044 }
3046 /*
3047 * Build the interface name to print (we cannot directly use `name'
3048 * because one cannot "plumb" ":0" interfaces).
3049 */
3054 /*
3055 * if the interface is IPv4
3056 * if we have a IPv6 address family restriction return
3057 * so it won't print
3058 * if we are in IPv4 compatibility mode, clear out IFF_IPV4
3059 * so we don't print it.
3060 */
3069 /*
3070 * else if the interface is IPv6
3071 * if we have a IPv4 address family restriction return
3072 * or we are in IPv4 compatibiltiy mode, return.
3073 */
3080 }
3088 }
3093 /* Index only applies to the zeroth interface */
3097 }
3104 }
3105 }
3106 }
3114 /* set global af for use in p->af_configinfo */
3118 }
3120 }
3121 }
3125 }
3127 static void
3129 {
3140 }
3146 }
3147 }
3149 }
3151 static void
3153 {
3154 iptun_params_t params;
3162 /* If dladm_iptun_getparams() fails, assume we are not a tunnel. */
3165 DLADM_STATUS_OK)
3179 }
3181 /*
3182 * There is always a source address. If it hasn't been explicitly
3183 * set, the API will pass back a buffer containing the unspecified
3184 * address.
3185 */
3190 else
3201 }
3210 }
3214 else
3216 }
3220 }
3222 static void
3224 {
3231 /* only print status for IPv4 interfaces */
3246 }
3252 }
3264 }
3265 }
3271 }
3274 }
3290 else
3292 }
3295 }
3303 else
3305 }
3310 }
3311 }
3312 /* If there is a groupname, print it for only the physical interface */
3317 }
3318 }
3320 }
3322 static void
3324 {
3345 }
3354 }
3365 }
3373 }
3376 }
3383 else
3385 }
3390 }
3399 else
3407 }
3411 }
3419 }
3420 }
3421 /* If there is a groupname, print it for only the physical interface */
3426 }
3427 }
3429 }
3431 static void
3433 {
3440 /* only configinfo info for IPv4 interfaces */
3455 }
3459 }
3471 }
3472 }
3479 }
3494 else
3496 }
3499 }
3507 else
3509 }
3514 }
3515 }
3517 /* If there is a groupname, print it for only the zeroth interface */
3522 }
3523 }
3525 /* Print flags to configure */
3527 }
3529 static void
3531 {
3537 flags);
3553 }
3559 }
3570 }
3578 }
3586 else
3588 }
3593 }
3600 else
3608 }
3610 /* If there is a groupname, print it for only the zeroth interface */
3615 }
3616 }
3618 /* Print flags to configure */
3620 }
3622 /*
3623 * If this is a physical interface then remove it.
3624 * If it is a logical interface name use SIOCLIFREMOVEIF to
3625 * remove it. In both cases fail if it doesn't exist.
3626 */
3627 /* ARGSUSED */
3628 static int
3630 {
3631 ipadm_status_t istatus;
3638 }
3641 }
3643 /*
3644 * Create the interface in `name', using ipadm_create_if(). If `name' is a
3645 * logical interface or loopback interface, ipadm_create_if() uses
3646 * SIOCLIFADDIF to create it.
3647 */
3648 /* ARGSUSED */
3649 static int
3651 {
3652 ipadm_status_t istatus;
3660 }
3662 }
3664 /* ARGSUSED */
3665 static int
3667 {
3670 /*
3671 * Treat e.g. "ifconfig ipmp0:2 ipmp" as "ifconfig ipmp0:2 plumb".
3672 * Otherwise, try to create the requested IPMP interface.
3673 */
3676 else
3679 /*
3680 * We'd return -1, but foreachinterface() doesn't propagate the error
3681 * into the exit status, so we're forced to explicitly exit().
3682 */
3686 }
3688 /*
3689 * Create an IPMP group `grname' with address family `af'. If `ifname' is
3690 * non-NULL, it specifies the interface name to use. Otherwise, use the name
3691 * ipmpN, where N corresponds to the lowest available integer. If `implicit'
3692 * is set, then the group is being created as a side-effect of placing an
3693 * underlying interface in a group. Also start in.mpathd if necessary.
3694 */
3695 static int
3697 {
3700 ipadm_status_t istatus;
3705 }
3707 /*
3708 * ipadm_create_if() creates the IPMP interface and fills in the
3709 * ppa in lifr.lifr_name, if `ifname'="ipmp".
3710 */
3720 }
3722 /*
3723 * To preserve backward-compatibility, always bring up the link-local
3724 * address for implicitly-created IPv6 IPMP interfaces.
3725 */
3730 }
3731 }
3733 /*
3734 * If the caller requested a different group name, issue a
3735 * SIOCSLIFGROUPNAME on the new IPMP interface.
3736 */
3742 }
3743 }
3745 /*
3746 * If we haven't done so yet, ensure in.mpathd is started.
3747 */
3752 }
3754 /*
3755 * Start in.mpathd if it's not already running.
3756 */
3757 static void
3759 {
3761 ipmp_handle_t ipmp_handle;
3763 /*
3764 * Ping in.mpathd to see if it's running already.
3765 */
3770 }
3784 }
3786 /*
3787 * Start in.mpathd. Note that in.mpathd will handle multiple
3788 * incarnations (ipmp_ping_daemon() is just an optimization) so we
3789 * don't need to worry about racing with another ifconfig process.
3790 */
3794 /* NOTREACHED */
3798 /* NOTREACHED */
3801 }
3802 }
3804 /*
3805 * Bring the address named by `ifaddrp' up or down. Doesn't trust any mutable
3806 * values in ia_flags since they may be stale.
3807 */
3808 static boolean_t
3810 {
3821 else
3827 /*
3828 * If we're trying to bring the address down, ensure that DAD activity
3829 * (observable by IFF_DUPLICATE) has also been stopped.
3830 */
3836 }
3837 }
3839 }
3841 static boolean_t
3843 {
3845 }
3847 static boolean_t
3849 {
3851 }
3853 /*
3854 * Open the global libdladm handle "dlh" if it isn't already opened. The
3855 * caller may optionally supply a link name to obtain its linkid. If a link
3856 * of a specific class or classes is required, reqclass specifies the class
3857 * mask.
3858 */
3859 static dladm_status_t
3862 {
3870 }
3876 }
3877 }
3879 }
3881 /*
3882 * This function checks if we can use libipadm API's. We will only
3883 * call libipadm functions for non-IPMP interfaces. This check is
3884 * temporary until libipadm supports IPMP interfaces.
3885 */
3886 static boolean_t
3888 {
3896 }
3899 }
3901 static void
3903 {
3907 }
3909 static void
3911 {
3917 }
3919 void
3921 {
3923 }
3925 void
3927 {
3930 }
3932 void
3934 {
3959 }
3960 }
3962 /*
3963 * Print out error message (Perror2()) and exit
3964 */
3965 void
3967 {
3970 /* NOTREACHED */
3971 }
3973 void
3975 {
3978 }
3980 /*
3981 * Print out error message (Perrdlpi()) and exit
3982 */
3983 void
3985 {
3988 }
3990 /*
3991 * If the last argument is non-NULL allow a <addr>/<n> syntax and
3992 * pass out <n> in *plenp.
3993 * If <n> doesn't parse return BAD_ADDR as *plenp.
3994 * If no /<n> is present return NO_PREFIX as *plenp.
3995 */
3996 static void
3998 {
3999 /* LINTED: alignment */
4008 /*
4009 * Look for '/'<n> is plenp
4010 */
4023 }
4027 /*
4028 * Try to catch attempts to set the broadcast address to all 1's.
4029 */
4035 }
4043 }
4049 }
4055 }
4057 }
4059 /*
4060 * If the last argument is non-NULL allow a <addr>/<n> syntax and
4061 * pass out <n> in *plenp.
4062 * If <n> doesn't parse return BAD_ADDR as *plenp.
4063 * If no /<n> is present return NO_PREFIX as *plenp.
4064 */
4065 static void
4067 {
4068 /* LINTED: alignment */
4076 /*
4077 * Look for '/'<n> is plenp
4078 */
4091 }
4101 }
4107 }
4109 }
4111 /*
4112 * If "slash" is zero this parses the whole string as
4113 * an integer. With "slash" non zero it parses the tail part as an integer.
4114 *
4115 * If it is not a valid integer this returns BAD_ADDR.
4116 * If there is /<n> present this returns NO_PREFIX.
4117 */
4118 static int
4120 {
4128 str++;
4140 }
4142 /*
4143 * Convert a prefix length to a mask.
4144 * Returns 1 if ok. 0 otherwise.
4145 * Assumes the mask array is zero'ed by the caller.
4146 */
4147 static boolean_t
4149 {
4158 }
4160 prefixlen--;
4161 }
4163 }
4165 static void
4167 {
4179 /*
4180 * It has to be here and not with the
4181 * printf below because for the last one,
4182 * we don't want a comma before the ">".
4183 */
4185 }
4187 }
4188 }
4191 }
4193 static void
4195 {
4202 }
4203 }
4204 }
4206 /*
4207 * Use the configured directory lookup mechanism (e.g. files/NIS/...)
4208 * to find the network mask. Returns true if we found one to set.
4209 *
4210 * The parameter addr_set controls whether we should get the address of
4211 * the working interface for the netmask query. If addr_set is true,
4212 * we will use the address provided. Otherwise, we will find the working
4213 * interface's address and use it instead.
4214 */
4215 static boolean_t
4217 {
4220 /*
4221 * Read the address from the interface if it is not passed in.
4222 */
4229 }
4231 }
4235 }
4239 }
4241 }
4243 static int
4245 {
4250 else
4252 }
4254 static void
4256 {
4264 name);
4266 }
4267 }
4271 name);
4280 num_ni++;
4281 }
4283 static boolean_t
4285 {
4286 dlpi_handle_t dh;
4300 }
4302 /*
4303 * dhcp-related routines
4304 */
4306 static int
4308 {
4322 }
4328 }
4329 argv++;
4334 }
4339 }
4344 }
4346 }
4352 }
4353 }
4355 /*
4356 * Only try to start agent on start or inform; in all other cases it
4357 * has to already be running for anything to make sense.
4358 */
4364 }
4366 }
4378 }
4383 /*
4384 * Re-map connect error to not under control if we didn't try a
4385 * start operation, as this has to be true and results in a
4386 * clearer message, not to mention preserving compatibility
4387 * with the days when we always started dhcpagent for every
4388 * request.
4389 */
4395 }
4410 else
4412 }
4417 }
4422 }
4424 static void
4426 {
4479 }